diff --git a/.gitattributes b/.gitattributes
new file mode 100644
index 00000000..7dc1509d
--- /dev/null
+++ b/.gitattributes
@@ -0,0 +1,4 @@
+deploy/data/windows/x64/tap/windows_7/OemVista.inf eol=crlf
+deploy/data/windows/x64/tap/windows_10/OemVista.inf eol=crlf
+deploy/data/windows/x32/tap/windows_7/OemVista.inf eol=crlf
+deploy/data/windows/x32/tap/windows_10/OemVista.inf eol=crlf
diff --git a/.gitignore b/.gitignore
index ab38a962..26ce16e4 100644
--- a/.gitignore
+++ b/.gitignore
@@ -24,7 +24,12 @@ ui_*.h
 Makefile*
 *build-*
 
+# fastlane
+client/fastlane/report.xml
+client/fastlane/build/*
+
 # Qt-es
+client/Release-iphoneos/
 client/Debug-iphoneos/
 client/.xcode/
 client/.qmake.cache
@@ -39,6 +44,7 @@ client/qrc_*.cpp
 client/ui_*.h
 client/ui_*.cpp
 client/Makefile*
+client/fastlane/build/
 client/*build-*
 client/AmneziaVPN.xcodeproj
 client/Debug-iphonesimulator/
@@ -48,7 +54,7 @@ client/qmlcache_loader.cpp
 client/rep_ipc_interface_replica.h
 client/resources_qmlcache.qrc
 client/3rd/OpenVPNAdpter/build/
-
+client/3rd/ShadowSocks/build/
 # QtCreator
 
 *.autosave
diff --git a/.gitmodules b/.gitmodules
index f772ffb3..008ebf89 100644
--- a/.gitmodules
+++ b/.gitmodules
@@ -10,6 +10,18 @@
 [submodule "client/3rd/OpenVPNAdapter"]
 	path = client/3rd/OpenVPNAdapter
 	url = https://github.com/ss-abramchuk/OpenVPNAdapter.git
+[submodule "client/3rd/ShadowPath"]
+	path = client/3rd/ShadowPath
+	url = https://github.com/qman9501/ShadowPath
+[submodule "client/3rd/outline-go-tun2socks"]
+	path = client/3rd/outline-go-tun2socks
+	url = https://github.com/Jigsaw-Code/outline-go-tun2socks.git
 [submodule "client/3rd/qzxing"]
 	path = client/3rd/qzxing
 	url = https://github.com/ftylitak/qzxing.git
+[submodule "client/3rd/CocoaAsyncSocket"]
+	path = client/3rd/CocoaAsyncSocket
+	url = https://github.com/robbiehanson/CocoaAsyncSocket.git
+[submodule "client/3rd/CocoaLumberjack"]
+	path = client/3rd/CocoaLumberjack
+	url = https://github.com/CocoaLumberjack/CocoaLumberjack.git
diff --git a/README.md b/README.md
index 2ef6e098..dea7d5af 100644
--- a/README.md
+++ b/README.md
@@ -25,6 +25,14 @@ AmneziaVPN uses a number of open source projects to work:
 - [QtSsh](https://github.com/jaredtao/QtSsh) - forked form Qt Creator
 - and more...
 
+## Checking out the source code
+
+Make sure to pull all submodules after checking out the repo.
+
+```bash
+git submodule update --init
+```
+
 ## Development
 
 Want to contribute? Welcome!
@@ -34,6 +42,58 @@ Easiest way to build your own executables - is to fork project and configure [Tr
 Or you can build sources manually using Qt Creator. Qt >= 14.2 supported.  
 Look to the `build_macos.sh` and `build_windows.bat` scripts in `deploy` folder for details.
 
+### How to build iOS app from source code on MacOS
+
+1. First, make sure you have [XCode](https://developer.apple.com/xcode/) installed, 
+at least version 12 or higher.
+
+2. We use `qmake` to generate the XCode project and then we "patch" it to add
+extra components such as the wireguard, the browser bridge and so on. We patch
+the XCode project using [xcodeproj](https://github.com/CocoaPods/Xcodeproj). To
+install it:
+```bash
+gem install xcodeproj # probably you want to run this command with `sudo`
+```
+3. You also need to install go >= v1.16. If you don't have it done already,
+download go from the [official website](https://golang.org/dl/) or use Homebrew. 
+Latest version is recommended.
+
+4. Navigate inside client folder and generate the XCode project using our script:
+```bash
+cd client
+./scripts/apple_compile.sh ios
+```
+
+If you have more than one version of Qt installed, you'll most likely get
+a "`qmake` cannot be found in your `$PATH`" error. In this case run this script 
+using QT\IOS\_BIN env to set the path for the Qt5 macos build bin folder.
+For example, the path could look like this:
+```bash
+QT_IOS_BIN="/Users/username/Qt/5.15.2/ios/bin" ./scripts/apple_compile.sh ios
+```
+
+If you get `gomobile: command not found` make sure to set PATH to the location 
+of the bin folder where gomobile was installed. Usually, it's in `GOPATH`.
+```bash
+export PATH=$(PATH):/path/to/GOPATH/bin
+```
+
+5. Xcode should automatically open. You can then run/test/archive/ship the app.
+
+If build fails with the following error
+```
+make: *** 
+[$(PROJECTDIR)/client/build/AmneziaVPN.build/Debug-iphoneos/wireguard-go-bridge/goroot/.prepared] 
+Error 1
+```
+Add a user defined variable to both AmneziaVPN and WireGuardNetworkExtension targets' build settings with
+key `PATH` and value `${PATH}/path/to/bin/folder/with/go/executable`, e.g. `${PATH}:/usr/local/go/bin`.
+
+Build might fail with "source files not found" error the first time you try it, because modern XCode build system compiles
+dependencies in parallel, and some dependencies end up being built after the ones that
+require them. In this case simply restart the build.
+
+
 ## License
 GPL v.3
 
diff --git a/client/3rd/CocoaAsyncSocket b/client/3rd/CocoaAsyncSocket
new file mode 160000
index 00000000..5ddba5e7
--- /dev/null
+++ b/client/3rd/CocoaAsyncSocket
@@ -0,0 +1 @@
+Subproject commit 5ddba5e72f38e56010dbfac08b44478ee5000c0c
diff --git a/client/3rd/CocoaLumberjack b/client/3rd/CocoaLumberjack
new file mode 160000
index 00000000..70f04b1d
--- /dev/null
+++ b/client/3rd/CocoaLumberjack
@@ -0,0 +1 @@
+Subproject commit 70f04b1dc56dfc4fa954a39ca269382825f2a6e3
diff --git a/client/3rd/PacketProcessor/PacketProcessor.xcodeproj/project.pbxproj b/client/3rd/PacketProcessor/PacketProcessor.xcodeproj/project.pbxproj
new file mode 100644
index 00000000..04cc4654
--- /dev/null
+++ b/client/3rd/PacketProcessor/PacketProcessor.xcodeproj/project.pbxproj
@@ -0,0 +1,1640 @@
+// !$*UTF8*$!
+{
+	archiveVersion = 1;
+	classes = {
+	};
+	objectVersion = 55;
+	objects = {
+
+/* Begin PBXBuildFile section */
+		19D0CCED277092B50010B299 /* PacketProcessor.h in Headers */ = {isa = PBXBuildFile; fileRef = 19D0CCEC277092B50010B299 /* PacketProcessor.h */; settings = {ATTRIBUTES = (Public, ); }; };
+		19D0D6092770982F0010B299 /* BSocksClient.c in Sources */ = {isa = PBXBuildFile; fileRef = 19D0D44F2770982C0010B299 /* BSocksClient.c */; };
+		19D0D64B277098300010B299 /* sys.c in Sources */ = {isa = PBXBuildFile; fileRef = 19D0D4942770982D0010B299 /* sys.c */; };
+		19D0D64F277098300010B299 /* memp.c in Sources */ = {isa = PBXBuildFile; fileRef = 19D0D49B2770982D0010B299 /* memp.c */; };
+		19D0D650277098300010B299 /* inet_chksum.c in Sources */ = {isa = PBXBuildFile; fileRef = 19D0D49C2770982D0010B299 /* inet_chksum.c */; };
+		19D0D651277098300010B299 /* tcp_out.c in Sources */ = {isa = PBXBuildFile; fileRef = 19D0D49D2770982D0010B299 /* tcp_out.c */; };
+		19D0D652277098300010B299 /* init.c in Sources */ = {isa = PBXBuildFile; fileRef = 19D0D49E2770982D0010B299 /* init.c */; };
+		19D0D653277098300010B299 /* mem.c in Sources */ = {isa = PBXBuildFile; fileRef = 19D0D49F2770982D0010B299 /* mem.c */; };
+		19D0D654277098300010B299 /* def.c in Sources */ = {isa = PBXBuildFile; fileRef = 19D0D4A02770982D0010B299 /* def.c */; };
+		19D0D655277098300010B299 /* udp.c in Sources */ = {isa = PBXBuildFile; fileRef = 19D0D4A12770982D0010B299 /* udp.c */; };
+		19D0D656277098300010B299 /* stats.c in Sources */ = {isa = PBXBuildFile; fileRef = 19D0D4A22770982D0010B299 /* stats.c */; };
+		19D0D657277098300010B299 /* tcp_in.c in Sources */ = {isa = PBXBuildFile; fileRef = 19D0D4A32770982D0010B299 /* tcp_in.c */; };
+		19D0D658277098300010B299 /* ip_frag.c in Sources */ = {isa = PBXBuildFile; fileRef = 19D0D4A52770982D0010B299 /* ip_frag.c */; };
+		19D0D659277098300010B299 /* icmp.c in Sources */ = {isa = PBXBuildFile; fileRef = 19D0D4A62770982D0010B299 /* icmp.c */; };
+		19D0D65A277098300010B299 /* ip4.c in Sources */ = {isa = PBXBuildFile; fileRef = 19D0D4A72770982D0010B299 /* ip4.c */; };
+		19D0D65B277098300010B299 /* ip4_addr.c in Sources */ = {isa = PBXBuildFile; fileRef = 19D0D4A82770982D0010B299 /* ip4_addr.c */; };
+		19D0D65C277098300010B299 /* netif.c in Sources */ = {isa = PBXBuildFile; fileRef = 19D0D4A92770982D0010B299 /* netif.c */; };
+		19D0D65D277098300010B299 /* tcp.c in Sources */ = {isa = PBXBuildFile; fileRef = 19D0D4AA2770982D0010B299 /* tcp.c */; };
+		19D0D65E277098300010B299 /* timers.c in Sources */ = {isa = PBXBuildFile; fileRef = 19D0D4AB2770982D0010B299 /* timers.c */; };
+		19D0D65F277098300010B299 /* pbuf.c in Sources */ = {isa = PBXBuildFile; fileRef = 19D0D4AC2770982D0010B299 /* pbuf.c */; };
+		19D0D660277098300010B299 /* ip6.c in Sources */ = {isa = PBXBuildFile; fileRef = 19D0D4AE2770982D0010B299 /* ip6.c */; };
+		19D0D661277098300010B299 /* icmp6.c in Sources */ = {isa = PBXBuildFile; fileRef = 19D0D4AF2770982D0010B299 /* icmp6.c */; };
+		19D0D662277098300010B299 /* nd6.c in Sources */ = {isa = PBXBuildFile; fileRef = 19D0D4B02770982D0010B299 /* nd6.c */; };
+		19D0D663277098300010B299 /* ip6_addr.c in Sources */ = {isa = PBXBuildFile; fileRef = 19D0D4B12770982D0010B299 /* ip6_addr.c */; };
+		19D0D664277098300010B299 /* ip6_frag.c in Sources */ = {isa = PBXBuildFile; fileRef = 19D0D4B22770982D0010B299 /* ip6_frag.c */; };
+		19D0D69D277098310010B299 /* BTap.m in Sources */ = {isa = PBXBuildFile; fileRef = 19D0D4F52770982D0010B299 /* BTap.m */; };
+		19D0D6A0277098310010B299 /* udpgw.c in Sources */ = {isa = PBXBuildFile; fileRef = 19D0D4F92770982D0010B299 /* udpgw.c */; };
+		19D0D6A9277098310010B299 /* addr.bproto in Resources */ = {isa = PBXBuildFile; fileRef = 19D0D5032770982D0010B299 /* addr.bproto */; };
+		19D0D6AB277098310010B299 /* msgproto.bproto in Resources */ = {isa = PBXBuildFile; fileRef = 19D0D5052770982D0010B299 /* msgproto.bproto */; };
+		19D0D6AE277098310010B299 /* BNetwork.c in Sources */ = {isa = PBXBuildFile; fileRef = 19D0D5092770982D0010B299 /* BNetwork.c */; };
+		19D0D6B0277098310010B299 /* BConnection_common.c in Sources */ = {isa = PBXBuildFile; fileRef = 19D0D50B2770982D0010B299 /* BConnection_common.c */; };
+		19D0D6B5277098310010B299 /* BTime.c in Sources */ = {isa = PBXBuildFile; fileRef = 19D0D5102770982D0010B299 /* BTime.c */; };
+		19D0D6B6277098310010B299 /* BSignal.c in Sources */ = {isa = PBXBuildFile; fileRef = 19D0D5112770982D0010B299 /* BSignal.c */; };
+		19D0D6B8277098310010B299 /* BDatagram_unix.c in Sources */ = {isa = PBXBuildFile; fileRef = 19D0D5132770982D0010B299 /* BDatagram_unix.c */; };
+		19D0D6BA277098310010B299 /* BUnixSignal.c in Sources */ = {isa = PBXBuildFile; fileRef = 19D0D5152770982D0010B299 /* BUnixSignal.c */; };
+		19D0D6BC277098310010B299 /* BReactor_badvpn.c in Sources */ = {isa = PBXBuildFile; fileRef = 19D0D5172770982D0010B299 /* BReactor_badvpn.c */; };
+		19D0D6BF277098310010B299 /* BConnection_unix.c in Sources */ = {isa = PBXBuildFile; fileRef = 19D0D51A2770982D0010B299 /* BConnection_unix.c */; };
+		19D0D6C0277098310010B299 /* tun2socks.c in Sources */ = {isa = PBXBuildFile; fileRef = 19D0D51C2770982D0010B299 /* tun2socks.c */; };
+		19D0D6C3277098310010B299 /* SocksUdpGwClient.c in Sources */ = {isa = PBXBuildFile; fileRef = 19D0D51F2770982D0010B299 /* SocksUdpGwClient.c */; };
+		19D0D6E6277098310010B299 /* PacketPassInactivityMonitor.c in Sources */ = {isa = PBXBuildFile; fileRef = 19D0D5442770982D0010B299 /* PacketPassInactivityMonitor.c */; };
+		19D0D6E7277098310010B299 /* BLog.m in Sources */ = {isa = PBXBuildFile; fileRef = 19D0D5462770982D0010B299 /* BLog.m */; };
+		19D0D6E8277098310010B299 /* BLog_syslog.c in Sources */ = {isa = PBXBuildFile; fileRef = 19D0D5472770982E0010B299 /* BLog_syslog.c */; };
+		19D0D6EA277098310010B299 /* DebugObject.c in Sources */ = {isa = PBXBuildFile; fileRef = 19D0D5492770982E0010B299 /* DebugObject.c */; };
+		19D0D6EF277098310010B299 /* BPending.c in Sources */ = {isa = PBXBuildFile; fileRef = 19D0D54E2770982E0010B299 /* BPending.c */; };
+		19D0D6F1277098310010B299 /* UdpGwClient.c in Sources */ = {isa = PBXBuildFile; fileRef = 19D0D5512770982E0010B299 /* UdpGwClient.c */; };
+		19D0D6F3277098310010B299 /* PacketBuffer.c in Sources */ = {isa = PBXBuildFile; fileRef = 19D0D5542770982E0010B299 /* PacketBuffer.c */; };
+		19D0D6F5277098310010B299 /* BufferWriter.c in Sources */ = {isa = PBXBuildFile; fileRef = 19D0D5562770982E0010B299 /* BufferWriter.c */; };
+		19D0D6F6277098310010B299 /* PacketRecvInterface.c in Sources */ = {isa = PBXBuildFile; fileRef = 19D0D5572770982E0010B299 /* PacketRecvInterface.c */; };
+		19D0D6FA277098320010B299 /* StreamRecvInterface.c in Sources */ = {isa = PBXBuildFile; fileRef = 19D0D55B2770982E0010B299 /* StreamRecvInterface.c */; };
+		19D0D6FB277098320010B299 /* PacketProtoEncoder.c in Sources */ = {isa = PBXBuildFile; fileRef = 19D0D55C2770982E0010B299 /* PacketProtoEncoder.c */; };
+		19D0D6FC277098320010B299 /* StreamPassInterface.c in Sources */ = {isa = PBXBuildFile; fileRef = 19D0D55D2770982E0010B299 /* StreamPassInterface.c */; };
+		19D0D6FD277098320010B299 /* PacketPassConnector.c in Sources */ = {isa = PBXBuildFile; fileRef = 19D0D55E2770982E0010B299 /* PacketPassConnector.c */; };
+		19D0D6FF277098320010B299 /* PacketProtoFlow.c in Sources */ = {isa = PBXBuildFile; fileRef = 19D0D5602770982E0010B299 /* PacketProtoFlow.c */; };
+		19D0D700277098320010B299 /* PacketPassInterface.c in Sources */ = {isa = PBXBuildFile; fileRef = 19D0D5612770982E0010B299 /* PacketPassInterface.c */; };
+		19D0D704277098320010B299 /* PacketStreamSender.c in Sources */ = {isa = PBXBuildFile; fileRef = 19D0D5652770982E0010B299 /* PacketStreamSender.c */; };
+		19D0D706277098320010B299 /* PacketProtoDecoder.c in Sources */ = {isa = PBXBuildFile; fileRef = 19D0D5672770982E0010B299 /* PacketProtoDecoder.c */; };
+		19D0D707277098320010B299 /* SinglePacketBuffer.c in Sources */ = {isa = PBXBuildFile; fileRef = 19D0D5682770982E0010B299 /* SinglePacketBuffer.c */; };
+		19D0D708277098320010B299 /* PacketPassFairQueue.c in Sources */ = {isa = PBXBuildFile; fileRef = 19D0D5692770982E0010B299 /* PacketPassFairQueue.c */; };
+		19D0D70F277098320010B299 /* TunnelInterface.m in Sources */ = {isa = PBXBuildFile; fileRef = 19D0D5702770982E0010B299 /* TunnelInterface.m */; };
+		19D0D710277098610010B299 /* TunnelInterface.h in Headers */ = {isa = PBXBuildFile; fileRef = 19D0D56F2770982E0010B299 /* TunnelInterface.h */; settings = {ATTRIBUTES = (Public, ); }; };
+		19D0D718277099960010B299 /* CocoaAsyncSocket.framework in Frameworks */ = {isa = PBXBuildFile; fileRef = 19D0D7162770998F0010B299 /* CocoaAsyncSocket.framework */; };
+		19D0D719277099970010B299 /* CocoaAsyncSocket.framework in Embed Frameworks */ = {isa = PBXBuildFile; fileRef = 19D0D7162770998F0010B299 /* CocoaAsyncSocket.framework */; settings = {ATTRIBUTES = (CodeSignOnCopy, RemoveHeadersOnCopy, ); }; };
+		19D0D71C2770A3AD0010B299 /* libresolv.tbd in Frameworks */ = {isa = PBXBuildFile; fileRef = 19D0D71B2770A3AD0010B299 /* libresolv.tbd */; };
+/* End PBXBuildFile section */
+
+/* Begin PBXCopyFilesBuildPhase section */
+		19D0CCF9277096980010B299 /* Embed Frameworks */ = {
+			isa = PBXCopyFilesBuildPhase;
+			buildActionMask = 2147483647;
+			dstPath = "";
+			dstSubfolderSpec = 10;
+			files = (
+				19D0D719277099970010B299 /* CocoaAsyncSocket.framework in Embed Frameworks */,
+			);
+			name = "Embed Frameworks";
+			runOnlyForDeploymentPostprocessing = 0;
+		};
+/* End PBXCopyFilesBuildPhase section */
+
+/* Begin PBXFileReference section */
+		19D0CCE9277092B50010B299 /* PacketProcessor.framework */ = {isa = PBXFileReference; explicitFileType = wrapper.framework; includeInIndex = 0; path = PacketProcessor.framework; sourceTree = BUILT_PRODUCTS_DIR; };
+		19D0CCEC277092B50010B299 /* PacketProcessor.h */ = {isa = PBXFileReference; lastKnownFileType = sourcecode.c.h; path = PacketProcessor.h; sourceTree = "<group>"; };
+		19D0D3B62770982C0010B299 /* blog_channel_SocksUdpGwClient.h */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.h; path = blog_channel_SocksUdpGwClient.h; sourceTree = "<group>"; };
+		19D0D3B72770982C0010B299 /* blog_channel_ncd_file_open.h */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.h; path = blog_channel_ncd_file_open.h; sourceTree = "<group>"; };
+		19D0D3B82770982C0010B299 /* blog_channel_BReactor.h */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.h; path = blog_channel_BReactor.h; sourceTree = "<group>"; };
+		19D0D3B92770982C0010B299 /* blog_channel_BSSLConnection.h */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.h; path = blog_channel_BSSLConnection.h; sourceTree = "<group>"; };
+		19D0D3BA2770982C0010B299 /* blog_channel_BConnection.h */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.h; path = blog_channel_BConnection.h; sourceTree = "<group>"; };
+		19D0D3BB2770982C0010B299 /* blog_channel_ncd_net_ipv4_route.h */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.h; path = blog_channel_ncd_net_ipv4_route.h; sourceTree = "<group>"; };
+		19D0D3BC2770982C0010B299 /* blog_channel_ncd_sys_request_server.h */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.h; path = blog_channel_ncd_sys_request_server.h; sourceTree = "<group>"; };
+		19D0D3BD2770982C0010B299 /* blog_channel_ncd_sys_watch_usb.h */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.h; path = blog_channel_ncd_sys_watch_usb.h; sourceTree = "<group>"; };
+		19D0D3BE2770982C0010B299 /* blog_channel_ncd_run.h */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.h; path = blog_channel_ncd_run.h; sourceTree = "<group>"; };
+		19D0D3BF2770982C0010B299 /* blog_channels_list.h */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.h; path = blog_channels_list.h; sourceTree = "<group>"; };
+		19D0D3C02770982C0010B299 /* blog_channel_NCDValGenerator.h */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.h; path = blog_channel_NCDValGenerator.h; sourceTree = "<group>"; };
+		19D0D3C12770982C0010B299 /* blog_channel_FrameDecider.h */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.h; path = blog_channel_FrameDecider.h; sourceTree = "<group>"; };
+		19D0D3C22770982C0010B299 /* blog_channel_ncd_dynamic_depend.h */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.h; path = blog_channel_ncd_dynamic_depend.h; sourceTree = "<group>"; };
+		19D0D3C32770982C0010B299 /* blog_channel_ncd_net_ipv6_wait_dynamic_addr.h */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.h; path = blog_channel_ncd_net_ipv6_wait_dynamic_addr.h; sourceTree = "<group>"; };
+		19D0D3C42770982C0010B299 /* blog_channel_udpgw.h */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.h; path = blog_channel_udpgw.h; sourceTree = "<group>"; };
+		19D0D3C52770982C0010B299 /* blog_channel_BUnixSignal.h */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.h; path = blog_channel_BUnixSignal.h; sourceTree = "<group>"; };
+		19D0D3C62770982C0010B299 /* blog_channel_ncd_parse.h */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.h; path = blog_channel_ncd_parse.h; sourceTree = "<group>"; };
+		19D0D3C72770982C0010B299 /* blog_channel_ncd_ref.h */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.h; path = blog_channel_ncd_ref.h; sourceTree = "<group>"; };
+		19D0D3C82770982C0010B299 /* blog_channel_NCDConfigTokenizer.h */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.h; path = blog_channel_NCDConfigTokenizer.h; sourceTree = "<group>"; };
+		19D0D3C92770982C0010B299 /* blog_channel_BDHCPClient.h */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.h; path = blog_channel_BDHCPClient.h; sourceTree = "<group>"; };
+		19D0D3CA2770982C0010B299 /* blog_channel_ncd_spawn.h */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.h; path = blog_channel_ncd_spawn.h; sourceTree = "<group>"; };
+		19D0D3CB2770982C0010B299 /* blog_channel_NCDModuleIndex.h */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.h; path = blog_channel_NCDModuleIndex.h; sourceTree = "<group>"; };
+		19D0D3CC2770982C0010B299 /* blog_channel_ncd_logical.h */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.h; path = blog_channel_ncd_logical.h; sourceTree = "<group>"; };
+		19D0D3CD2770982C0010B299 /* bproto_msgproto.h */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.h; path = bproto_msgproto.h; sourceTree = "<group>"; };
+		19D0D3CE2770982C0010B299 /* blog_channel_ncd_process_manager.h */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.h; path = blog_channel_ncd_process_manager.h; sourceTree = "<group>"; };
+		19D0D3CF2770982C0010B299 /* blog_channel_ncd_net_backend_wpa_supplicant.h */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.h; path = blog_channel_ncd_net_backend_wpa_supplicant.h; sourceTree = "<group>"; };
+		19D0D3D02770982C0010B299 /* blog_channel_BThreadWork.h */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.h; path = blog_channel_BThreadWork.h; sourceTree = "<group>"; };
+		19D0D3D12770982C0010B299 /* blog_channel_ncd_try.h */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.h; path = blog_channel_ncd_try.h; sourceTree = "<group>"; };
+		19D0D3D22770982C0010B299 /* blog_channel_BDatagram.h */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.h; path = blog_channel_BDatagram.h; sourceTree = "<group>"; };
+		19D0D3D32770982C0010B299 /* blog_channel_ncd_sys_watch_input.h */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.h; path = blog_channel_ncd_sys_watch_input.h; sourceTree = "<group>"; };
+		19D0D3D42770982C0010B299 /* blog_channel_ncd.h */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.h; path = blog_channel_ncd.h; sourceTree = "<group>"; };
+		19D0D3D52770982C0010B299 /* blog_channel_ncd_implode.h */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.h; path = blog_channel_ncd_implode.h; sourceTree = "<group>"; };
+		19D0D3D62770982C0010B299 /* blog_channel_NCDBuildProgram.h */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.h; path = blog_channel_NCDBuildProgram.h; sourceTree = "<group>"; };
+		19D0D3D72770982C0010B299 /* blog_channel_ncd_file.h */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.h; path = blog_channel_ncd_file.h; sourceTree = "<group>"; };
+		19D0D3D82770982C0010B299 /* blog_channel_ncd_strcmp.h */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.h; path = blog_channel_ncd_strcmp.h; sourceTree = "<group>"; };
+		19D0D3D92770982C0010B299 /* blog_channel_ncd_value.h */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.h; path = blog_channel_ncd_value.h; sourceTree = "<group>"; };
+		19D0D3DA2770982C0010B299 /* blog_channel_NCDValParser.h */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.h; path = blog_channel_NCDValParser.h; sourceTree = "<group>"; };
+		19D0D3DB2770982C0010B299 /* blog_channel_BPredicate.h */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.h; path = blog_channel_BPredicate.h; sourceTree = "<group>"; };
+		19D0D3DC2770982C0010B299 /* blog_channel_dostest_attacker.h */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.h; path = blog_channel_dostest_attacker.h; sourceTree = "<group>"; };
+		19D0D3DD2770982C0010B299 /* blog_channel_client.h */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.h; path = blog_channel_client.h; sourceTree = "<group>"; };
+		19D0D3DE2770982C0010B299 /* blog_channel_ncd_daemon.h */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.h; path = blog_channel_ncd_daemon.h; sourceTree = "<group>"; };
+		19D0D3DF2770982C0010B299 /* blog_channel_NCDUdevManager.h */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.h; path = blog_channel_NCDUdevManager.h; sourceTree = "<group>"; };
+		19D0D3E02770982C0010B299 /* blog_channel_PRStreamSource.h */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.h; path = blog_channel_PRStreamSource.h; sourceTree = "<group>"; };
+		19D0D3E12770982C0010B299 /* blog_channel_BSignal.h */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.h; path = blog_channel_BSignal.h; sourceTree = "<group>"; };
+		19D0D3E22770982C0010B299 /* blog_channel_ncd_foreach.h */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.h; path = blog_channel_ncd_foreach.h; sourceTree = "<group>"; };
+		19D0D3E32770982C0010B299 /* blog_channel_ncd_netmask.h */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.h; path = blog_channel_ncd_netmask.h; sourceTree = "<group>"; };
+		19D0D3E42770982C0010B299 /* blog_channel_NCDVal.h */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.h; path = blog_channel_NCDVal.h; sourceTree = "<group>"; };
+		19D0D3E52770982C0010B299 /* blog_channel_ncd_imperative.h */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.h; path = blog_channel_ncd_imperative.h; sourceTree = "<group>"; };
+		19D0D3E62770982C0010B299 /* blog_channel_NCDUdevCache.h */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.h; path = blog_channel_NCDUdevCache.h; sourceTree = "<group>"; };
+		19D0D3E72770982C0010B299 /* blog_channel_ncd_index.h */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.h; path = blog_channel_ncd_index.h; sourceTree = "<group>"; };
+		19D0D3E82770982C0010B299 /* blog_channel_ncd_if.h */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.h; path = blog_channel_ncd_if.h; sourceTree = "<group>"; };
+		19D0D3E92770982C0010B299 /* blog_channel_NCDInterfaceMonitor.h */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.h; path = blog_channel_NCDInterfaceMonitor.h; sourceTree = "<group>"; };
+		19D0D3EA2770982C0010B299 /* blog_channel_PacketProtoDecoder.h */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.h; path = blog_channel_PacketProtoDecoder.h; sourceTree = "<group>"; };
+		19D0D3EB2770982C0010B299 /* blog_channel_ncd_net_ipv4_addr.h */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.h; path = blog_channel_ncd_net_ipv4_addr.h; sourceTree = "<group>"; };
+		19D0D3EC2770982C0010B299 /* blog_channel_ncd_explode.h */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.h; path = blog_channel_ncd_explode.h; sourceTree = "<group>"; };
+		19D0D3ED2770982C0010B299 /* blog_channels_defines.h */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.h; path = blog_channels_defines.h; sourceTree = "<group>"; };
+		19D0D3EE2770982C0010B299 /* blog_channel_ncd_log_msg.h */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.h; path = blog_channel_ncd_log_msg.h; sourceTree = "<group>"; };
+		19D0D3EF2770982C0010B299 /* blog_channel_BArpProbe.h */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.h; path = blog_channel_BArpProbe.h; sourceTree = "<group>"; };
+		19D0D3F02770982C0010B299 /* blog_channel_ncd_sleep.h */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.h; path = blog_channel_ncd_sleep.h; sourceTree = "<group>"; };
+		19D0D3F12770982C0010B299 /* blog_channel_ncd_sys_start_process.h */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.h; path = blog_channel_ncd_sys_start_process.h; sourceTree = "<group>"; };
+		19D0D3F22770982C0010B299 /* blog_channel_ncd_substr.h */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.h; path = blog_channel_ncd_substr.h; sourceTree = "<group>"; };
+		19D0D3F32770982C0010B299 /* blog_channel_ncd_log.h */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.h; path = blog_channel_ncd_log.h; sourceTree = "<group>"; };
+		19D0D3F42770982C0010B299 /* blog_channel_ncd_request.h */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.h; path = blog_channel_ncd_request.h; sourceTree = "<group>"; };
+		19D0D3F52770982C0010B299 /* blog_channel_ncd_net_backend_rfkill.h */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.h; path = blog_channel_ncd_net_backend_rfkill.h; sourceTree = "<group>"; };
+		19D0D3F62770982C0010B299 /* blog_channel_ncd_objref.h */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.h; path = blog_channel_ncd_objref.h; sourceTree = "<group>"; };
+		19D0D3F72770982C0010B299 /* blog_channel_ncd_net_watch_interfaces.h */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.h; path = blog_channel_ncd_net_watch_interfaces.h; sourceTree = "<group>"; };
+		19D0D3F82770982C0010B299 /* blog_channel_ncd_from_string.h */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.h; path = blog_channel_ncd_from_string.h; sourceTree = "<group>"; };
+		19D0D3F92770982C0010B299 /* blog_channel_BThreadSignal.h */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.h; path = blog_channel_BThreadSignal.h; sourceTree = "<group>"; };
+		19D0D3FA2770982C0010B299 /* blog_channel_BEncryption.h */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.h; path = blog_channel_BEncryption.h; sourceTree = "<group>"; };
+		19D0D3FB2770982C0010B299 /* blog_channel_ncd_sys_watch_directory.h */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.h; path = blog_channel_ncd_sys_watch_directory.h; sourceTree = "<group>"; };
+		19D0D3FC2770982C0010B299 /* blog_channel_ncd_net_ipv4_dhcp.h */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.h; path = blog_channel_ncd_net_ipv4_dhcp.h; sourceTree = "<group>"; };
+		19D0D3FD2770982C0010B299 /* blog_channel_ncd_net_ipv6_route.h */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.h; path = blog_channel_ncd_net_ipv6_route.h; sourceTree = "<group>"; };
+		19D0D3FE2770982C0010B299 /* blog_channel_ncd_arithmetic.h */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.h; path = blog_channel_ncd_arithmetic.h; sourceTree = "<group>"; };
+		19D0D3FF2770982C0010B299 /* blog_channel_ncd_alias.h */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.h; path = blog_channel_ncd_alias.h; sourceTree = "<group>"; };
+		19D0D4002770982C0010B299 /* blog_channel_ncd_concat.h */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.h; path = blog_channel_ncd_concat.h; sourceTree = "<group>"; };
+		19D0D4012770982C0010B299 /* blog_channel_DataProto.h */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.h; path = blog_channel_DataProto.h; sourceTree = "<group>"; };
+		19D0D4022770982C0010B299 /* blog_channel_ncd_net_ipv4_arp_probe.h */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.h; path = blog_channel_ncd_net_ipv4_arp_probe.h; sourceTree = "<group>"; };
+		19D0D4032770982C0010B299 /* blog_channel_ncd_net_ipv6_addr.h */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.h; path = blog_channel_ncd_net_ipv6_addr.h; sourceTree = "<group>"; };
+		19D0D4042770982C0010B299 /* blog_channel_NCDIfConfig.h */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.h; path = blog_channel_NCDIfConfig.h; sourceTree = "<group>"; };
+		19D0D4052770982C0010B299 /* blog_channel_Listener.h */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.h; path = blog_channel_Listener.h; sourceTree = "<group>"; };
+		19D0D4062770982C0010B299 /* blog_channel_tun2socks.h */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.h; path = blog_channel_tun2socks.h; sourceTree = "<group>"; };
+		19D0D4072770982C0010B299 /* blog_channel_ncd_call2.h */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.h; path = blog_channel_ncd_call2.h; sourceTree = "<group>"; };
+		19D0D4082770982C0010B299 /* blog_channel_ncd_buffer.h */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.h; path = blog_channel_ncd_buffer.h; sourceTree = "<group>"; };
+		19D0D4092770982C0010B299 /* blog_channel_NCDModuleProcess.h */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.h; path = blog_channel_NCDModuleProcess.h; sourceTree = "<group>"; };
+		19D0D40A2770982C0010B299 /* blog_channel_ncd_load_module.h */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.h; path = blog_channel_ncd_load_module.h; sourceTree = "<group>"; };
+		19D0D40B2770982C0010B299 /* blog_channel_ncd_depend_scope.h */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.h; path = blog_channel_ncd_depend_scope.h; sourceTree = "<group>"; };
+		19D0D40C2770982C0010B299 /* blog_channel_ncd_var.h */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.h; path = blog_channel_ncd_var.h; sourceTree = "<group>"; };
+		19D0D40D2770982C0010B299 /* blog_channel_NCDConfigParser.h */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.h; path = blog_channel_NCDConfigParser.h; sourceTree = "<group>"; };
+		19D0D40E2770982C0010B299 /* blog_channel_lwip.h */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.h; path = blog_channel_lwip.h; sourceTree = "<group>"; };
+		19D0D40F2770982C0010B299 /* blog_channel_NCDRequestClient.h */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.h; path = blog_channel_NCDRequestClient.h; sourceTree = "<group>"; };
+		19D0D4102770982C0010B299 /* blog_channel_DPRelay.h */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.h; path = blog_channel_DPRelay.h; sourceTree = "<group>"; };
+		19D0D4112770982C0010B299 /* blog_channel_BInputProcess.h */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.h; path = blog_channel_BInputProcess.h; sourceTree = "<group>"; };
+		19D0D4122770982C0010B299 /* blog_channel_ncd_net_ipv4_addr_in_network.h */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.h; path = blog_channel_ncd_net_ipv4_addr_in_network.h; sourceTree = "<group>"; };
+		19D0D4132770982C0010B299 /* blog_channel_ncd_sys_evdev.h */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.h; path = blog_channel_ncd_sys_evdev.h; sourceTree = "<group>"; };
+		19D0D4142770982C0010B299 /* blog_channel_ncd_exit.h */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.h; path = blog_channel_ncd_exit.h; sourceTree = "<group>"; };
+		19D0D4152770982C0010B299 /* blog_channel_SPProtoDecoder.h */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.h; path = blog_channel_SPProtoDecoder.h; sourceTree = "<group>"; };
+		19D0D4162770982C0010B299 /* blog_channel_addr.h */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.h; path = blog_channel_addr.h; sourceTree = "<group>"; };
+		19D0D4172770982C0010B299 /* blog_channel_ncd_backtrack.h */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.h; path = blog_channel_ncd_backtrack.h; sourceTree = "<group>"; };
+		19D0D4182770982C0010B299 /* blog_channel_PasswordListener.h */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.h; path = blog_channel_PasswordListener.h; sourceTree = "<group>"; };
+		19D0D4192770982C0010B299 /* blog_channel_ncd_to_string.h */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.h; path = blog_channel_ncd_to_string.h; sourceTree = "<group>"; };
+		19D0D41A2770982C0010B299 /* blog_channel_ncd_net_backend_waitlink.h */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.h; path = blog_channel_ncd_net_backend_waitlink.h; sourceTree = "<group>"; };
+		19D0D41B2770982C0010B299 /* blog_channel_nsskey.h */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.h; path = blog_channel_nsskey.h; sourceTree = "<group>"; };
+		19D0D41C2770982C0010B299 /* blog_channel_DatagramPeerIO.h */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.h; path = blog_channel_DatagramPeerIO.h; sourceTree = "<group>"; };
+		19D0D41D2770982C0010B299 /* blog_channel_ncd_regex_match.h */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.h; path = blog_channel_ncd_regex_match.h; sourceTree = "<group>"; };
+		19D0D41E2770982C0010B299 /* blog_channel_DPReceive.h */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.h; path = blog_channel_DPReceive.h; sourceTree = "<group>"; };
+		19D0D41F2770982C0010B299 /* blog_channel_ncd_valuemetic.h */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.h; path = blog_channel_ncd_valuemetic.h; sourceTree = "<group>"; };
+		19D0D4202770982C0010B299 /* blog_channel_BTime.h */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.h; path = blog_channel_BTime.h; sourceTree = "<group>"; };
+		19D0D4212770982C0010B299 /* blog_channel_ncd_timer.h */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.h; path = blog_channel_ncd_timer.h; sourceTree = "<group>"; };
+		19D0D4222770982C0010B299 /* bproto_bproto_test.h */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.h; path = bproto_bproto_test.h; sourceTree = "<group>"; };
+		19D0D4232770982C0010B299 /* blog_channel_ncd_multidepend.h */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.h; path = blog_channel_ncd_multidepend.h; sourceTree = "<group>"; };
+		19D0D4242770982C0010B299 /* blog_channel_server.h */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.h; path = blog_channel_server.h; sourceTree = "<group>"; };
+		19D0D4252770982C0010B299 /* blog_channel_ncd_runonce.h */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.h; path = blog_channel_ncd_runonce.h; sourceTree = "<group>"; };
+		19D0D4262770982C0010B299 /* blog_channel_dostest_server.h */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.h; path = blog_channel_dostest_server.h; sourceTree = "<group>"; };
+		19D0D4272770982C0010B299 /* blog_channel_ncd_net_up.h */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.h; path = blog_channel_ncd_net_up.h; sourceTree = "<group>"; };
+		19D0D4282770982C0010B299 /* blog_channel_BTap.h */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.h; path = blog_channel_BTap.h; sourceTree = "<group>"; };
+		19D0D4292770982C0010B299 /* blog_channel_ncd_net_ipv6_addr_in_network.h */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.h; path = blog_channel_ncd_net_ipv6_addr_in_network.h; sourceTree = "<group>"; };
+		19D0D42A2770982C0010B299 /* blog_channel_BProcess.h */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.h; path = blog_channel_BProcess.h; sourceTree = "<group>"; };
+		19D0D42B2770982C0010B299 /* blog_channel_StreamPeerIO.h */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.h; path = blog_channel_StreamPeerIO.h; sourceTree = "<group>"; };
+		19D0D42C2770982C0010B299 /* blog_channel_NCDRequest.h */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.h; path = blog_channel_NCDRequest.h; sourceTree = "<group>"; };
+		19D0D42D2770982C0010B299 /* blog_channel_NCDRfkillMonitor.h */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.h; path = blog_channel_NCDRfkillMonitor.h; sourceTree = "<group>"; };
+		19D0D42E2770982C0010B299 /* blog_channel_NCDUdevMonitorParser.h */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.h; path = blog_channel_NCDUdevMonitorParser.h; sourceTree = "<group>"; };
+		19D0D42F2770982C0010B299 /* blog_channel_ServerConnection.h */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.h; path = blog_channel_ServerConnection.h; sourceTree = "<group>"; };
+		19D0D4302770982C0010B299 /* blog_channel_ncd_getargs.h */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.h; path = blog_channel_ncd_getargs.h; sourceTree = "<group>"; };
+		19D0D4312770982C0010B299 /* blog_channel_BDHCPClientCore.h */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.h; path = blog_channel_BDHCPClientCore.h; sourceTree = "<group>"; };
+		19D0D4322770982C0010B299 /* blog_channel_PRStreamSink.h */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.h; path = blog_channel_PRStreamSink.h; sourceTree = "<group>"; };
+		19D0D4332770982C0010B299 /* blog_channel_ncd_getenv.h */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.h; path = blog_channel_ncd_getenv.h; sourceTree = "<group>"; };
+		19D0D4342770982C0010B299 /* bproto_addr.h */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.h; path = bproto_addr.h; sourceTree = "<group>"; };
+		19D0D4352770982C0010B299 /* blog_channel_ncd_blocker.h */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.h; path = blog_channel_ncd_blocker.h; sourceTree = "<group>"; };
+		19D0D4362770982C0010B299 /* blog_channel_ncd_reboot.h */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.h; path = blog_channel_ncd_reboot.h; sourceTree = "<group>"; };
+		19D0D4372770982C0010B299 /* blog_channel_ncd_choose.h */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.h; path = blog_channel_ncd_choose.h; sourceTree = "<group>"; };
+		19D0D4382770982C0010B299 /* blog_channel_LineBuffer.h */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.h; path = blog_channel_LineBuffer.h; sourceTree = "<group>"; };
+		19D0D4392770982C0010B299 /* blog_channel_FragmentProtoAssembler.h */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.h; path = blog_channel_FragmentProtoAssembler.h; sourceTree = "<group>"; };
+		19D0D43A2770982C0010B299 /* blog_channel_ncd_socket.h */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.h; path = blog_channel_ncd_socket.h; sourceTree = "<group>"; };
+		19D0D43B2770982C0010B299 /* blog_channel_UdpGwClient.h */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.h; path = blog_channel_UdpGwClient.h; sourceTree = "<group>"; };
+		19D0D43C2770982C0010B299 /* blog_channel_flooder.h */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.h; path = blog_channel_flooder.h; sourceTree = "<group>"; };
+		19D0D43D2770982C0010B299 /* blog_channel_ncd_assert.h */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.h; path = blog_channel_ncd_assert.h; sourceTree = "<group>"; };
+		19D0D43E2770982C0010B299 /* blog_channel_ncd_net_backend_waitdevice.h */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.h; path = blog_channel_ncd_net_backend_waitdevice.h; sourceTree = "<group>"; };
+		19D0D43F2770982C0010B299 /* blog_channel_ncd_basic_functions.h */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.h; path = blog_channel_ncd_basic_functions.h; sourceTree = "<group>"; };
+		19D0D4402770982C0010B299 /* blog_channel_NCDPlaceholderDb.h */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.h; path = blog_channel_NCDPlaceholderDb.h; sourceTree = "<group>"; };
+		19D0D4412770982C0010B299 /* blog_channel_ncd_list.h */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.h; path = blog_channel_ncd_list.h; sourceTree = "<group>"; };
+		19D0D4422770982C0010B299 /* blog_channel_PeerChat.h */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.h; path = blog_channel_PeerChat.h; sourceTree = "<group>"; };
+		19D0D4432770982C0010B299 /* blog_channel_ncd_net_backend_badvpn.h */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.h; path = blog_channel_ncd_net_backend_badvpn.h; sourceTree = "<group>"; };
+		19D0D4442770982C0010B299 /* blog_channel_ncd_print.h */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.h; path = blog_channel_ncd_print.h; sourceTree = "<group>"; };
+		19D0D4452770982C0010B299 /* blog_channel_BNetwork.h */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.h; path = blog_channel_BNetwork.h; sourceTree = "<group>"; };
+		19D0D4462770982C0010B299 /* blog_channel_BLockReactor.h */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.h; path = blog_channel_BLockReactor.h; sourceTree = "<group>"; };
+		19D0D4472770982C0010B299 /* blog_channel_ncd_ondemand.h */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.h; path = blog_channel_ncd_ondemand.h; sourceTree = "<group>"; };
+		19D0D4482770982C0010B299 /* blog_channel_ncd_net_iptables.h */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.h; path = blog_channel_ncd_net_iptables.h; sourceTree = "<group>"; };
+		19D0D4492770982C0010B299 /* blog_channel_ncd_depend.h */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.h; path = blog_channel_ncd_depend.h; sourceTree = "<group>"; };
+		19D0D44A2770982C0010B299 /* blog_channel_ncd_sys_request_client.h */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.h; path = blog_channel_ncd_sys_request_client.h; sourceTree = "<group>"; };
+		19D0D44B2770982C0010B299 /* blog_channel_ncd_net_dns.h */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.h; path = blog_channel_ncd_net_dns.h; sourceTree = "<group>"; };
+		19D0D44C2770982C0010B299 /* blog_channel_NCDUdevMonitor.h */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.h; path = blog_channel_NCDUdevMonitor.h; sourceTree = "<group>"; };
+		19D0D44D2770982C0010B299 /* blog_channel_BSocksClient.h */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.h; path = blog_channel_BSocksClient.h; sourceTree = "<group>"; };
+		19D0D44F2770982C0010B299 /* BSocksClient.c */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.c; path = BSocksClient.c; sourceTree = "<group>"; };
+		19D0D4502770982C0010B299 /* BSocksClient.h */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.h; path = BSocksClient.h; sourceTree = "<group>"; };
+		19D0D4522770982C0010B299 /* packed.h */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.h; path = packed.h; sourceTree = "<group>"; };
+		19D0D4532770982C0010B299 /* concat_strings.h */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.h; path = concat_strings.h; sourceTree = "<group>"; };
+		19D0D4542770982C0010B299 /* Utf8Decoder.h */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.h; path = Utf8Decoder.h; sourceTree = "<group>"; };
+		19D0D4552770982C0010B299 /* parse_number.h */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.h; path = parse_number.h; sourceTree = "<group>"; };
+		19D0D4562770982C0010B299 /* udp_proto.h */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.h; path = udp_proto.h; sourceTree = "<group>"; };
+		19D0D4572770982C0010B299 /* find_program.h */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.h; path = find_program.h; sourceTree = "<group>"; };
+		19D0D4582770982C0010B299 /* minmax.h */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.h; path = minmax.h; sourceTree = "<group>"; };
+		19D0D4592770982C0010B299 /* socks_proto.h */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.h; path = socks_proto.h; sourceTree = "<group>"; };
+		19D0D45A2770982C0010B299 /* string_begins_with.h */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.h; path = string_begins_with.h; sourceTree = "<group>"; };
+		19D0D45B2770982C0010B299 /* dead.h */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.h; path = dead.h; sourceTree = "<group>"; };
+		19D0D45C2770982C0010B299 /* strdup.h */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.h; path = strdup.h; sourceTree = "<group>"; };
+		19D0D45D2770982C0010B299 /* debug.h */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.h; path = debug.h; sourceTree = "<group>"; };
+		19D0D45E2770982C0010B299 /* array_length.h */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.h; path = array_length.h; sourceTree = "<group>"; };
+		19D0D45F2770982C0010B299 /* version.h */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.h; path = version.h; sourceTree = "<group>"; };
+		19D0D4602770982C0010B299 /* bsort.h */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.h; path = bsort.h; sourceTree = "<group>"; };
+		19D0D4612770982C0010B299 /* debugcounter.h */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.h; path = debugcounter.h; sourceTree = "<group>"; };
+		19D0D4622770982C0010B299 /* byteorder.h */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.h; path = byteorder.h; sourceTree = "<group>"; };
+		19D0D4632770982C0010B299 /* unicode_funcs.h */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.h; path = unicode_funcs.h; sourceTree = "<group>"; };
+		19D0D4642770982C0010B299 /* Utf16Decoder.h */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.h; path = Utf16Decoder.h; sourceTree = "<group>"; };
+		19D0D4652770982C0010B299 /* bstring.h */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.h; path = bstring.h; sourceTree = "<group>"; };
+		19D0D4662770982C0010B299 /* maxalign.h */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.h; path = maxalign.h; sourceTree = "<group>"; };
+		19D0D4672770982C0010B299 /* offset.h */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.h; path = offset.h; sourceTree = "<group>"; };
+		19D0D4682770982C0010B299 /* cmdline.h */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.h; path = cmdline.h; sourceTree = "<group>"; };
+		19D0D4692770982C0010B299 /* expstring.h */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.h; path = expstring.h; sourceTree = "<group>"; };
+		19D0D46A2770982C0010B299 /* merge.h */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.h; path = merge.h; sourceTree = "<group>"; };
+		19D0D46B2770982C0010B299 /* ipaddr.h */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.h; path = ipaddr.h; sourceTree = "<group>"; };
+		19D0D46C2770982D0010B299 /* write_file.h */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.h; path = write_file.h; sourceTree = "<group>"; };
+		19D0D46D2770982D0010B299 /* print_macros.h */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.h; path = print_macros.h; sourceTree = "<group>"; };
+		19D0D46E2770982D0010B299 /* substring.h */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.h; path = substring.h; sourceTree = "<group>"; };
+		19D0D46F2770982D0010B299 /* balign.h */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.h; path = balign.h; sourceTree = "<group>"; };
+		19D0D4702770982D0010B299 /* debugerror.h */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.h; path = debugerror.h; sourceTree = "<group>"; };
+		19D0D4712770982D0010B299 /* memref.h */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.h; path = memref.h; sourceTree = "<group>"; };
+		19D0D4722770982D0010B299 /* hashfun.h */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.h; path = hashfun.h; sourceTree = "<group>"; };
+		19D0D4732770982D0010B299 /* igmp_proto.h */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.h; path = igmp_proto.h; sourceTree = "<group>"; };
+		19D0D4742770982D0010B299 /* mswsock.h */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.h; path = mswsock.h; sourceTree = "<group>"; };
+		19D0D4752770982D0010B299 /* get_iface_info.h */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.h; path = get_iface_info.h; sourceTree = "<group>"; };
+		19D0D4762770982D0010B299 /* sslsocket.h */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.h; path = sslsocket.h; sourceTree = "<group>"; };
+		19D0D4772770982D0010B299 /* blimits.h */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.h; path = blimits.h; sourceTree = "<group>"; };
+		19D0D4782770982D0010B299 /* balloc.h */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.h; path = balloc.h; sourceTree = "<group>"; };
+		19D0D4792770982D0010B299 /* ipaddr6.h */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.h; path = ipaddr6.h; sourceTree = "<group>"; };
+		19D0D47A2770982D0010B299 /* compare.h */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.h; path = compare.h; sourceTree = "<group>"; };
+		19D0D47B2770982D0010B299 /* nonblocking.h */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.h; path = nonblocking.h; sourceTree = "<group>"; };
+		19D0D47C2770982D0010B299 /* loglevel.h */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.h; path = loglevel.h; sourceTree = "<group>"; };
+		19D0D47D2770982D0010B299 /* modadd.h */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.h; path = modadd.h; sourceTree = "<group>"; };
+		19D0D47E2770982D0010B299 /* nsskey.h */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.h; path = nsskey.h; sourceTree = "<group>"; };
+		19D0D47F2770982D0010B299 /* ethernet_proto.h */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.h; path = ethernet_proto.h; sourceTree = "<group>"; };
+		19D0D4802770982D0010B299 /* find_char.h */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.h; path = find_char.h; sourceTree = "<group>"; };
+		19D0D4812770982D0010B299 /* read_write_int.h */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.h; path = read_write_int.h; sourceTree = "<group>"; };
+		19D0D4822770982D0010B299 /* ipv6_proto.h */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.h; path = ipv6_proto.h; sourceTree = "<group>"; };
+		19D0D4832770982D0010B299 /* loggers_string.h */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.h; path = loggers_string.h; sourceTree = "<group>"; };
+		19D0D4842770982D0010B299 /* overflow.h */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.h; path = overflow.h; sourceTree = "<group>"; };
+		19D0D4852770982D0010B299 /* open_standard_streams.h */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.h; path = open_standard_streams.h; sourceTree = "<group>"; };
+		19D0D4862770982D0010B299 /* Utf16Encoder.h */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.h; path = Utf16Encoder.h; sourceTree = "<group>"; };
+		19D0D4872770982D0010B299 /* read_file.h */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.h; path = read_file.h; sourceTree = "<group>"; };
+		19D0D4882770982D0010B299 /* dhcp_proto.h */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.h; path = dhcp_proto.h; sourceTree = "<group>"; };
+		19D0D4892770982D0010B299 /* exparray.h */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.h; path = exparray.h; sourceTree = "<group>"; };
+		19D0D48A2770982D0010B299 /* BRefTarget.h */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.h; path = BRefTarget.h; sourceTree = "<group>"; };
+		19D0D48B2770982D0010B299 /* ipv4_proto.h */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.h; path = ipv4_proto.h; sourceTree = "<group>"; };
+		19D0D48C2770982D0010B299 /* grow_array.h */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.h; path = grow_array.h; sourceTree = "<group>"; };
+		19D0D48D2770982D0010B299 /* stdbuf_cmdline.h */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.h; path = stdbuf_cmdline.h; sourceTree = "<group>"; };
+		19D0D48E2770982D0010B299 /* arp_proto.h */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.h; path = arp_proto.h; sourceTree = "<group>"; };
+		19D0D48F2770982D0010B299 /* ascii_utils.h */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.h; path = ascii_utils.h; sourceTree = "<group>"; };
+		19D0D4902770982D0010B299 /* bsize.h */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.h; path = bsize.h; sourceTree = "<group>"; };
+		19D0D4912770982D0010B299 /* Utf8Encoder.h */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.h; path = Utf8Encoder.h; sourceTree = "<group>"; };
+		19D0D4942770982D0010B299 /* sys.c */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.c; path = sys.c; sourceTree = "<group>"; };
+		19D0D4962770982D0010B299 /* cc.h */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.h; path = cc.h; sourceTree = "<group>"; };
+		19D0D4972770982D0010B299 /* perf.h */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.h; path = perf.h; sourceTree = "<group>"; };
+		19D0D4982770982D0010B299 /* lwipopts.h */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.h; path = lwipopts.h; sourceTree = "<group>"; };
+		19D0D49B2770982D0010B299 /* memp.c */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.c; path = memp.c; sourceTree = "<group>"; };
+		19D0D49C2770982D0010B299 /* inet_chksum.c */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.c; path = inet_chksum.c; sourceTree = "<group>"; };
+		19D0D49D2770982D0010B299 /* tcp_out.c */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.c; path = tcp_out.c; sourceTree = "<group>"; };
+		19D0D49E2770982D0010B299 /* init.c */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.c; path = init.c; sourceTree = "<group>"; };
+		19D0D49F2770982D0010B299 /* mem.c */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.c; path = mem.c; sourceTree = "<group>"; };
+		19D0D4A02770982D0010B299 /* def.c */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.c; path = def.c; sourceTree = "<group>"; };
+		19D0D4A12770982D0010B299 /* udp.c */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.c; path = udp.c; sourceTree = "<group>"; };
+		19D0D4A22770982D0010B299 /* stats.c */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.c; path = stats.c; sourceTree = "<group>"; };
+		19D0D4A32770982D0010B299 /* tcp_in.c */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.c; path = tcp_in.c; sourceTree = "<group>"; };
+		19D0D4A52770982D0010B299 /* ip_frag.c */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.c; path = ip_frag.c; sourceTree = "<group>"; };
+		19D0D4A62770982D0010B299 /* icmp.c */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.c; path = icmp.c; sourceTree = "<group>"; };
+		19D0D4A72770982D0010B299 /* ip4.c */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.c; path = ip4.c; sourceTree = "<group>"; };
+		19D0D4A82770982D0010B299 /* ip4_addr.c */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.c; path = ip4_addr.c; sourceTree = "<group>"; };
+		19D0D4A92770982D0010B299 /* netif.c */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.c; path = netif.c; sourceTree = "<group>"; };
+		19D0D4AA2770982D0010B299 /* tcp.c */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.c; path = tcp.c; sourceTree = "<group>"; };
+		19D0D4AB2770982D0010B299 /* timers.c */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.c; path = timers.c; sourceTree = "<group>"; };
+		19D0D4AC2770982D0010B299 /* pbuf.c */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.c; path = pbuf.c; sourceTree = "<group>"; };
+		19D0D4AE2770982D0010B299 /* ip6.c */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.c; path = ip6.c; sourceTree = "<group>"; };
+		19D0D4AF2770982D0010B299 /* icmp6.c */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.c; path = icmp6.c; sourceTree = "<group>"; };
+		19D0D4B02770982D0010B299 /* nd6.c */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.c; path = nd6.c; sourceTree = "<group>"; };
+		19D0D4B12770982D0010B299 /* ip6_addr.c */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.c; path = ip6_addr.c; sourceTree = "<group>"; };
+		19D0D4B22770982D0010B299 /* ip6_frag.c */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.c; path = ip6_frag.c; sourceTree = "<group>"; };
+		19D0D4B62770982D0010B299 /* socket.h */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.h; path = socket.h; sourceTree = "<group>"; };
+		19D0D4B72770982D0010B299 /* netdb.h */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.h; path = netdb.h; sourceTree = "<group>"; };
+		19D0D4B92770982D0010B299 /* timers.h */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.h; path = timers.h; sourceTree = "<group>"; };
+		19D0D4BA2770982D0010B299 /* pbuf.h */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.h; path = pbuf.h; sourceTree = "<group>"; };
+		19D0D4BB2770982D0010B299 /* tcp_impl.h */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.h; path = tcp_impl.h; sourceTree = "<group>"; };
+		19D0D4BC2770982D0010B299 /* tcp.h */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.h; path = tcp.h; sourceTree = "<group>"; };
+		19D0D4BD2770982D0010B299 /* err.h */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.h; path = err.h; sourceTree = "<group>"; };
+		19D0D4BE2770982D0010B299 /* snmp_asn1.h */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.h; path = snmp_asn1.h; sourceTree = "<group>"; };
+		19D0D4BF2770982D0010B299 /* netif.h */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.h; path = netif.h; sourceTree = "<group>"; };
+		19D0D4C02770982D0010B299 /* sio.h */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.h; path = sio.h; sourceTree = "<group>"; };
+		19D0D4C12770982D0010B299 /* debug.h */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.h; path = debug.h; sourceTree = "<group>"; };
+		19D0D4C22770982D0010B299 /* tcpip.h */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.h; path = tcpip.h; sourceTree = "<group>"; };
+		19D0D4C32770982D0010B299 /* snmp.h */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.h; path = snmp.h; sourceTree = "<group>"; };
+		19D0D4C42770982D0010B299 /* snmp_structs.h */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.h; path = snmp_structs.h; sourceTree = "<group>"; };
+		19D0D4C52770982D0010B299 /* api_msg.h */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.h; path = api_msg.h; sourceTree = "<group>"; };
+		19D0D4C62770982D0010B299 /* netifapi.h */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.h; path = netifapi.h; sourceTree = "<group>"; };
+		19D0D4C72770982D0010B299 /* netbuf.h */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.h; path = netbuf.h; sourceTree = "<group>"; };
+		19D0D4C82770982D0010B299 /* api.h */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.h; path = api.h; sourceTree = "<group>"; };
+		19D0D4C92770982D0010B299 /* dhcp.h */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.h; path = dhcp.h; sourceTree = "<group>"; };
+		19D0D4CA2770982D0010B299 /* memp.h */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.h; path = memp.h; sourceTree = "<group>"; };
+		19D0D4CB2770982D0010B299 /* sockets.h */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.h; path = sockets.h; sourceTree = "<group>"; };
+		19D0D4CC2770982D0010B299 /* ip_addr.h */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.h; path = ip_addr.h; sourceTree = "<group>"; };
+		19D0D4CD2770982D0010B299 /* opt.h */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.h; path = opt.h; sourceTree = "<group>"; };
+		19D0D4CE2770982D0010B299 /* inet_chksum.h */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.h; path = inet_chksum.h; sourceTree = "<group>"; };
+		19D0D4CF2770982D0010B299 /* raw.h */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.h; path = raw.h; sourceTree = "<group>"; };
+		19D0D4D02770982D0010B299 /* sys.h */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.h; path = sys.h; sourceTree = "<group>"; };
+		19D0D4D12770982D0010B299 /* netdb.h */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.h; path = netdb.h; sourceTree = "<group>"; };
+		19D0D4D22770982D0010B299 /* def.h */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.h; path = def.h; sourceTree = "<group>"; };
+		19D0D4D32770982D0010B299 /* mem.h */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.h; path = mem.h; sourceTree = "<group>"; };
+		19D0D4D42770982D0010B299 /* dns.h */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.h; path = dns.h; sourceTree = "<group>"; };
+		19D0D4D52770982D0010B299 /* ip.h */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.h; path = ip.h; sourceTree = "<group>"; };
+		19D0D4D62770982D0010B299 /* init.h */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.h; path = init.h; sourceTree = "<group>"; };
+		19D0D4D72770982D0010B299 /* snmp_msg.h */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.h; path = snmp_msg.h; sourceTree = "<group>"; };
+		19D0D4D82770982D0010B299 /* stats.h */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.h; path = stats.h; sourceTree = "<group>"; };
+		19D0D4D92770982D0010B299 /* memp_std.h */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.h; path = memp_std.h; sourceTree = "<group>"; };
+		19D0D4DA2770982D0010B299 /* udp.h */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.h; path = udp.h; sourceTree = "<group>"; };
+		19D0D4DB2770982D0010B299 /* arch.h */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.h; path = arch.h; sourceTree = "<group>"; };
+		19D0D4DD2770982D0010B299 /* etharp.h */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.h; path = etharp.h; sourceTree = "<group>"; };
+		19D0D4DE2770982D0010B299 /* ppp_oe.h */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.h; path = ppp_oe.h; sourceTree = "<group>"; };
+		19D0D4DF2770982D0010B299 /* slipif.h */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.h; path = slipif.h; sourceTree = "<group>"; };
+		19D0D4E22770982D0010B299 /* igmp.h */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.h; path = igmp.h; sourceTree = "<group>"; };
+		19D0D4E32770982D0010B299 /* ip4.h */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.h; path = ip4.h; sourceTree = "<group>"; };
+		19D0D4E42770982D0010B299 /* icmp.h */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.h; path = icmp.h; sourceTree = "<group>"; };
+		19D0D4E52770982D0010B299 /* inet.h */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.h; path = inet.h; sourceTree = "<group>"; };
+		19D0D4E62770982D0010B299 /* ip4_addr.h */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.h; path = ip4_addr.h; sourceTree = "<group>"; };
+		19D0D4E72770982D0010B299 /* autoip.h */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.h; path = autoip.h; sourceTree = "<group>"; };
+		19D0D4E82770982D0010B299 /* ip_frag.h */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.h; path = ip_frag.h; sourceTree = "<group>"; };
+		19D0D4EB2770982D0010B299 /* nd6.h */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.h; path = nd6.h; sourceTree = "<group>"; };
+		19D0D4EC2770982D0010B299 /* ethip6.h */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.h; path = ethip6.h; sourceTree = "<group>"; };
+		19D0D4ED2770982D0010B299 /* inet6.h */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.h; path = inet6.h; sourceTree = "<group>"; };
+		19D0D4EE2770982D0010B299 /* ip6_addr.h */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.h; path = ip6_addr.h; sourceTree = "<group>"; };
+		19D0D4EF2770982D0010B299 /* ip6_frag.h */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.h; path = ip6_frag.h; sourceTree = "<group>"; };
+		19D0D4F02770982D0010B299 /* ip6.h */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.h; path = ip6.h; sourceTree = "<group>"; };
+		19D0D4F12770982D0010B299 /* icmp6.h */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.h; path = icmp6.h; sourceTree = "<group>"; };
+		19D0D4F22770982D0010B299 /* dhcp6.h */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.h; path = dhcp6.h; sourceTree = "<group>"; };
+		19D0D4F32770982D0010B299 /* mld6.h */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.h; path = mld6.h; sourceTree = "<group>"; };
+		19D0D4F52770982D0010B299 /* BTap.m */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.objc; path = BTap.m; sourceTree = "<group>"; };
+		19D0D4F62770982D0010B299 /* BTap.h */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.h; path = BTap.h; sourceTree = "<group>"; };
+		19D0D4F82770982D0010B299 /* udpgw.h */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.h; path = udpgw.h; sourceTree = "<group>"; };
+		19D0D4F92770982D0010B299 /* udpgw.c */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.c; path = udpgw.c; sourceTree = "<group>"; };
+		19D0D4FB2770982D0010B299 /* udpgw_proto.h */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.h; path = udpgw_proto.h; sourceTree = "<group>"; };
+		19D0D4FC2770982D0010B299 /* requestproto.h */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.h; path = requestproto.h; sourceTree = "<group>"; };
+		19D0D4FD2770982D0010B299 /* msgproto.h */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.h; path = msgproto.h; sourceTree = "<group>"; };
+		19D0D4FE2770982D0010B299 /* spproto.h */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.h; path = spproto.h; sourceTree = "<group>"; };
+		19D0D4FF2770982D0010B299 /* packetproto.h */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.h; path = packetproto.h; sourceTree = "<group>"; };
+		19D0D5002770982D0010B299 /* dataproto.h */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.h; path = dataproto.h; sourceTree = "<group>"; };
+		19D0D5012770982D0010B299 /* addr.h */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.h; path = addr.h; sourceTree = "<group>"; };
+		19D0D5022770982D0010B299 /* scproto.h */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.h; path = scproto.h; sourceTree = "<group>"; };
+		19D0D5032770982D0010B299 /* addr.bproto */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = text; path = addr.bproto; sourceTree = "<group>"; };
+		19D0D5042770982D0010B299 /* fragmentproto.h */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.h; path = fragmentproto.h; sourceTree = "<group>"; };
+		19D0D5052770982D0010B299 /* msgproto.bproto */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = text; path = msgproto.bproto; sourceTree = "<group>"; };
+		19D0D5072770982D0010B299 /* BDatagram_unix.h */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.h; path = BDatagram_unix.h; sourceTree = "<group>"; };
+		19D0D5082770982D0010B299 /* BUnixSignal.h */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.h; path = BUnixSignal.h; sourceTree = "<group>"; };
+		19D0D5092770982D0010B299 /* BNetwork.c */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.c; path = BNetwork.c; sourceTree = "<group>"; };
+		19D0D50A2770982D0010B299 /* BConnection.h */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.h; path = BConnection.h; sourceTree = "<group>"; };
+		19D0D50B2770982D0010B299 /* BConnection_common.c */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.c; path = BConnection_common.c; sourceTree = "<group>"; };
+		19D0D50C2770982D0010B299 /* BReactor_badvpn.h */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.h; path = BReactor_badvpn.h; sourceTree = "<group>"; };
+		19D0D50D2770982D0010B299 /* BAddr.h */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.h; path = BAddr.h; sourceTree = "<group>"; };
+		19D0D50E2770982D0010B299 /* BReactor.h */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.h; path = BReactor.h; sourceTree = "<group>"; };
+		19D0D50F2770982D0010B299 /* BConnection_unix.h */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.h; path = BConnection_unix.h; sourceTree = "<group>"; };
+		19D0D5102770982D0010B299 /* BTime.c */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.c; path = BTime.c; sourceTree = "<group>"; };
+		19D0D5112770982D0010B299 /* BSignal.c */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.c; path = BSignal.c; sourceTree = "<group>"; };
+		19D0D5122770982D0010B299 /* BReactor_badvpn_timerstree.h */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.h; path = BReactor_badvpn_timerstree.h; sourceTree = "<group>"; };
+		19D0D5132770982D0010B299 /* BDatagram_unix.c */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.c; path = BDatagram_unix.c; sourceTree = "<group>"; };
+		19D0D5142770982D0010B299 /* BNetwork.h */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.h; path = BNetwork.h; sourceTree = "<group>"; };
+		19D0D5152770982D0010B299 /* BUnixSignal.c */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.c; path = BUnixSignal.c; sourceTree = "<group>"; };
+		19D0D5162770982D0010B299 /* BDatagram.h */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.h; path = BDatagram.h; sourceTree = "<group>"; };
+		19D0D5172770982D0010B299 /* BReactor_badvpn.c */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.c; path = BReactor_badvpn.c; sourceTree = "<group>"; };
+		19D0D5182770982D0010B299 /* BSignal.h */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.h; path = BSignal.h; sourceTree = "<group>"; };
+		19D0D5192770982D0010B299 /* BTime.h */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.h; path = BTime.h; sourceTree = "<group>"; };
+		19D0D51A2770982D0010B299 /* BConnection_unix.c */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.c; path = BConnection_unix.c; sourceTree = "<group>"; };
+		19D0D51C2770982D0010B299 /* tun2socks.c */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.c; path = tun2socks.c; sourceTree = "<group>"; };
+		19D0D51D2770982D0010B299 /* SocksUdpGwClient.h */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.h; path = SocksUdpGwClient.h; sourceTree = "<group>"; };
+		19D0D51E2770982D0010B299 /* tun2socks.h */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.h; path = tun2socks.h; sourceTree = "<group>"; };
+		19D0D51F2770982D0010B299 /* SocksUdpGwClient.c */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.c; path = SocksUdpGwClient.c; sourceTree = "<group>"; };
+		19D0D5212770982D0010B299 /* SAvl.h */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.h; path = SAvl.h; sourceTree = "<group>"; };
+		19D0D5222770982D0010B299 /* Vector_footer.h */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.h; path = Vector_footer.h; sourceTree = "<group>"; };
+		19D0D5232770982D0010B299 /* ChunkBuffer2.h */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.h; path = ChunkBuffer2.h; sourceTree = "<group>"; };
+		19D0D5242770982D0010B299 /* IndexedList_tree.h */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.h; path = IndexedList_tree.h; sourceTree = "<group>"; };
+		19D0D5252770982D0010B299 /* LinkedList1.h */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.h; path = LinkedList1.h; sourceTree = "<group>"; };
+		19D0D5262770982D0010B299 /* Vector_header.h */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.h; path = Vector_header.h; sourceTree = "<group>"; };
+		19D0D5272770982D0010B299 /* CAvl_header.h */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.h; path = CAvl_header.h; sourceTree = "<group>"; };
+		19D0D5282770982D0010B299 /* Vector_decl.h */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.h; path = Vector_decl.h; sourceTree = "<group>"; };
+		19D0D5292770982D0010B299 /* CHash_decl.h */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.h; path = CHash_decl.h; sourceTree = "<group>"; };
+		19D0D52A2770982D0010B299 /* CAvl_footer.h */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.h; path = CAvl_footer.h; sourceTree = "<group>"; };
+		19D0D52B2770982D0010B299 /* SLinkedList_decl.h */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.h; path = SLinkedList_decl.h; sourceTree = "<group>"; };
+		19D0D52C2770982D0010B299 /* CAvl_impl.h */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.h; path = CAvl_impl.h; sourceTree = "<group>"; };
+		19D0D52D2770982D0010B299 /* SAvl_decl.h */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.h; path = SAvl_decl.h; sourceTree = "<group>"; };
+		19D0D52E2770982D0010B299 /* CHash.h */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.h; path = CHash.h; sourceTree = "<group>"; };
+		19D0D52F2770982D0010B299 /* SAvl_footer.h */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.h; path = SAvl_footer.h; sourceTree = "<group>"; };
+		19D0D5302770982D0010B299 /* SAvl_tree.h */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.h; path = SAvl_tree.h; sourceTree = "<group>"; };
+		19D0D5312770982D0010B299 /* IndexedList.h */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.h; path = IndexedList.h; sourceTree = "<group>"; };
+		19D0D5322770982D0010B299 /* SAvl_header.h */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.h; path = SAvl_header.h; sourceTree = "<group>"; };
+		19D0D5332770982D0010B299 /* LinkedList3.h */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.h; path = LinkedList3.h; sourceTree = "<group>"; };
+		19D0D5342770982D0010B299 /* BAVL.h */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.h; path = BAVL.h; sourceTree = "<group>"; };
+		19D0D5352770982D0010B299 /* SLinkedList_impl.h */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.h; path = SLinkedList_impl.h; sourceTree = "<group>"; };
+		19D0D5362770982D0010B299 /* CAvl_decl.h */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.h; path = CAvl_decl.h; sourceTree = "<group>"; };
+		19D0D5372770982D0010B299 /* CAvl.h */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.h; path = CAvl.h; sourceTree = "<group>"; };
+		19D0D5382770982D0010B299 /* Vector_impl.h */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.h; path = Vector_impl.h; sourceTree = "<group>"; };
+		19D0D5392770982D0010B299 /* SLinkedList.h */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.h; path = SLinkedList.h; sourceTree = "<group>"; };
+		19D0D53A2770982D0010B299 /* CHash_impl.h */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.h; path = CHash_impl.h; sourceTree = "<group>"; };
+		19D0D53B2770982D0010B299 /* CHash_footer.h */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.h; path = CHash_footer.h; sourceTree = "<group>"; };
+		19D0D53C2770982D0010B299 /* LinkedList0.h */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.h; path = LinkedList0.h; sourceTree = "<group>"; };
+		19D0D53D2770982D0010B299 /* CHash_header.h */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.h; path = CHash_header.h; sourceTree = "<group>"; };
+		19D0D53E2770982D0010B299 /* SAvl_impl.h */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.h; path = SAvl_impl.h; sourceTree = "<group>"; };
+		19D0D53F2770982D0010B299 /* Vector.h */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.h; path = Vector.h; sourceTree = "<group>"; };
+		19D0D5402770982D0010B299 /* SLinkedList_footer.h */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.h; path = SLinkedList_footer.h; sourceTree = "<group>"; };
+		19D0D5412770982D0010B299 /* SLinkedList_header.h */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.h; path = SLinkedList_header.h; sourceTree = "<group>"; };
+		19D0D5432770982D0010B299 /* PacketPassInactivityMonitor.h */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.h; path = PacketPassInactivityMonitor.h; sourceTree = "<group>"; };
+		19D0D5442770982D0010B299 /* PacketPassInactivityMonitor.c */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.c; path = PacketPassInactivityMonitor.c; sourceTree = "<group>"; };
+		19D0D5462770982D0010B299 /* BLog.m */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.objc; path = BLog.m; sourceTree = "<group>"; };
+		19D0D5472770982E0010B299 /* BLog_syslog.c */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.c; path = BLog_syslog.c; sourceTree = "<group>"; };
+		19D0D5482770982E0010B299 /* BPending_list.h */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.h; path = BPending_list.h; sourceTree = "<group>"; };
+		19D0D5492770982E0010B299 /* DebugObject.c */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.c; path = DebugObject.c; sourceTree = "<group>"; };
+		19D0D54A2770982E0010B299 /* BPending.h */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.h; path = BPending.h; sourceTree = "<group>"; };
+		19D0D54B2770982E0010B299 /* BLog_syslog.h */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.h; path = BLog_syslog.h; sourceTree = "<group>"; };
+		19D0D54C2770982E0010B299 /* BLog.h */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.h; path = BLog.h; sourceTree = "<group>"; };
+		19D0D54D2770982E0010B299 /* BMutex.h */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.h; path = BMutex.h; sourceTree = "<group>"; };
+		19D0D54E2770982E0010B299 /* BPending.c */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.c; path = BPending.c; sourceTree = "<group>"; };
+		19D0D54F2770982E0010B299 /* DebugObject.h */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.h; path = DebugObject.h; sourceTree = "<group>"; };
+		19D0D5512770982E0010B299 /* UdpGwClient.c */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.c; path = UdpGwClient.c; sourceTree = "<group>"; };
+		19D0D5522770982E0010B299 /* UdpGwClient.h */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.h; path = UdpGwClient.h; sourceTree = "<group>"; };
+		19D0D5542770982E0010B299 /* PacketBuffer.c */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.c; path = PacketBuffer.c; sourceTree = "<group>"; };
+		19D0D5552770982E0010B299 /* PacketStreamSender.h */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.h; path = PacketStreamSender.h; sourceTree = "<group>"; };
+		19D0D5562770982E0010B299 /* BufferWriter.c */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.c; path = BufferWriter.c; sourceTree = "<group>"; };
+		19D0D5572770982E0010B299 /* PacketRecvInterface.c */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.c; path = PacketRecvInterface.c; sourceTree = "<group>"; };
+		19D0D5582770982E0010B299 /* PacketPassFairQueue_tree.h */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.h; path = PacketPassFairQueue_tree.h; sourceTree = "<group>"; };
+		19D0D5592770982E0010B299 /* SinglePacketBuffer.h */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.h; path = SinglePacketBuffer.h; sourceTree = "<group>"; };
+		19D0D55A2770982E0010B299 /* PacketProtoDecoder.h */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.h; path = PacketProtoDecoder.h; sourceTree = "<group>"; };
+		19D0D55B2770982E0010B299 /* StreamRecvInterface.c */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.c; path = StreamRecvInterface.c; sourceTree = "<group>"; };
+		19D0D55C2770982E0010B299 /* PacketProtoEncoder.c */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.c; path = PacketProtoEncoder.c; sourceTree = "<group>"; };
+		19D0D55D2770982E0010B299 /* StreamPassInterface.c */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.c; path = StreamPassInterface.c; sourceTree = "<group>"; };
+		19D0D55E2770982E0010B299 /* PacketPassConnector.c */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.c; path = PacketPassConnector.c; sourceTree = "<group>"; };
+		19D0D55F2770982E0010B299 /* PacketPassFairQueue.h */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.h; path = PacketPassFairQueue.h; sourceTree = "<group>"; };
+		19D0D5602770982E0010B299 /* PacketProtoFlow.c */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.c; path = PacketProtoFlow.c; sourceTree = "<group>"; };
+		19D0D5612770982E0010B299 /* PacketPassInterface.c */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.c; path = PacketPassInterface.c; sourceTree = "<group>"; };
+		19D0D5622770982E0010B299 /* BufferWriter.h */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.h; path = BufferWriter.h; sourceTree = "<group>"; };
+		19D0D5632770982E0010B299 /* PacketRecvInterface.h */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.h; path = PacketRecvInterface.h; sourceTree = "<group>"; };
+		19D0D5642770982E0010B299 /* PacketBuffer.h */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.h; path = PacketBuffer.h; sourceTree = "<group>"; };
+		19D0D5652770982E0010B299 /* PacketStreamSender.c */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.c; path = PacketStreamSender.c; sourceTree = "<group>"; };
+		19D0D5662770982E0010B299 /* StreamRecvInterface.h */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.h; path = StreamRecvInterface.h; sourceTree = "<group>"; };
+		19D0D5672770982E0010B299 /* PacketProtoDecoder.c */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.c; path = PacketProtoDecoder.c; sourceTree = "<group>"; };
+		19D0D5682770982E0010B299 /* SinglePacketBuffer.c */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.c; path = SinglePacketBuffer.c; sourceTree = "<group>"; };
+		19D0D5692770982E0010B299 /* PacketPassFairQueue.c */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.c; path = PacketPassFairQueue.c; sourceTree = "<group>"; };
+		19D0D56A2770982E0010B299 /* PacketPassConnector.h */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.h; path = PacketPassConnector.h; sourceTree = "<group>"; };
+		19D0D56B2770982E0010B299 /* StreamPassInterface.h */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.h; path = StreamPassInterface.h; sourceTree = "<group>"; };
+		19D0D56C2770982E0010B299 /* PacketProtoEncoder.h */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.h; path = PacketProtoEncoder.h; sourceTree = "<group>"; };
+		19D0D56D2770982E0010B299 /* PacketPassInterface.h */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.h; path = PacketPassInterface.h; sourceTree = "<group>"; };
+		19D0D56E2770982E0010B299 /* PacketProtoFlow.h */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.h; path = PacketProtoFlow.h; sourceTree = "<group>"; };
+		19D0D56F2770982E0010B299 /* TunnelInterface.h */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.h; path = TunnelInterface.h; sourceTree = "<group>"; };
+		19D0D5702770982E0010B299 /* TunnelInterface.m */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.objc; path = TunnelInterface.m; sourceTree = "<group>"; };
+		19D0D7162770998F0010B299 /* CocoaAsyncSocket.framework */ = {isa = PBXFileReference; lastKnownFileType = wrapper.framework; name = CocoaAsyncSocket.framework; path = PacketProcessor/CocoaAsyncSocket/CocoaAsyncSocket.framework; sourceTree = "<group>"; };
+		19D0D71A27709B4F0010B299 /* Info.plist */ = {isa = PBXFileReference; lastKnownFileType = text.plist; path = Info.plist; sourceTree = "<group>"; };
+		19D0D71B2770A3AD0010B299 /* libresolv.tbd */ = {isa = PBXFileReference; lastKnownFileType = "sourcecode.text-based-dylib-definition"; name = libresolv.tbd; path = Platforms/MacOSX.platform/Developer/SDKs/MacOSX12.1.sdk/usr/lib/libresolv.tbd; sourceTree = DEVELOPER_DIR; };
+/* End PBXFileReference section */
+
+/* Begin PBXFrameworksBuildPhase section */
+		19D0CCE6277092B50010B299 /* Frameworks */ = {
+			isa = PBXFrameworksBuildPhase;
+			buildActionMask = 2147483647;
+			files = (
+				19D0D71C2770A3AD0010B299 /* libresolv.tbd in Frameworks */,
+				19D0D718277099960010B299 /* CocoaAsyncSocket.framework in Frameworks */,
+			);
+			runOnlyForDeploymentPostprocessing = 0;
+		};
+/* End PBXFrameworksBuildPhase section */
+
+/* Begin PBXGroup section */
+		19D0CCDF277092B50010B299 = {
+			isa = PBXGroup;
+			children = (
+				19D0CCEB277092B50010B299 /* PacketProcessor */,
+				19D0CCEA277092B50010B299 /* Products */,
+				19D0CCF4277096720010B299 /* Frameworks */,
+			);
+			sourceTree = "<group>";
+		};
+		19D0CCEA277092B50010B299 /* Products */ = {
+			isa = PBXGroup;
+			children = (
+				19D0CCE9277092B50010B299 /* PacketProcessor.framework */,
+			);
+			name = Products;
+			sourceTree = "<group>";
+		};
+		19D0CCEB277092B50010B299 /* PacketProcessor */ = {
+			isa = PBXGroup;
+			children = (
+				19D0D3B42770982C0010B299 /* tun2socks-iOS */,
+				19D0D56F2770982E0010B299 /* TunnelInterface.h */,
+				19D0D5702770982E0010B299 /* TunnelInterface.m */,
+				19D0CCEC277092B50010B299 /* PacketProcessor.h */,
+				19D0D71A27709B4F0010B299 /* Info.plist */,
+			);
+			path = PacketProcessor;
+			sourceTree = "<group>";
+		};
+		19D0CCF4277096720010B299 /* Frameworks */ = {
+			isa = PBXGroup;
+			children = (
+				19D0D71B2770A3AD0010B299 /* libresolv.tbd */,
+				19D0D7162770998F0010B299 /* CocoaAsyncSocket.framework */,
+			);
+			name = Frameworks;
+			sourceTree = "<group>";
+		};
+		19D0D3B42770982C0010B299 /* tun2socks-iOS */ = {
+			isa = PBXGroup;
+			children = (
+				19D0D3B52770982C0010B299 /* generated */,
+				19D0D44E2770982C0010B299 /* socksclient */,
+				19D0D4512770982C0010B299 /* misc */,
+				19D0D4922770982D0010B299 /* lwip */,
+				19D0D4F42770982D0010B299 /* tuntap */,
+				19D0D4F72770982D0010B299 /* udpgw */,
+				19D0D4FA2770982D0010B299 /* protocol */,
+				19D0D5062770982D0010B299 /* system */,
+				19D0D51B2770982D0010B299 /* tun2socks */,
+				19D0D5202770982D0010B299 /* structure */,
+				19D0D5422770982D0010B299 /* flowextra */,
+				19D0D5452770982D0010B299 /* base */,
+				19D0D5502770982E0010B299 /* udpgw_client */,
+				19D0D5532770982E0010B299 /* flow */,
+			);
+			path = "tun2socks-iOS";
+			sourceTree = "<group>";
+		};
+		19D0D3B52770982C0010B299 /* generated */ = {
+			isa = PBXGroup;
+			children = (
+				19D0D3B62770982C0010B299 /* blog_channel_SocksUdpGwClient.h */,
+				19D0D3B72770982C0010B299 /* blog_channel_ncd_file_open.h */,
+				19D0D3B82770982C0010B299 /* blog_channel_BReactor.h */,
+				19D0D3B92770982C0010B299 /* blog_channel_BSSLConnection.h */,
+				19D0D3BA2770982C0010B299 /* blog_channel_BConnection.h */,
+				19D0D3BB2770982C0010B299 /* blog_channel_ncd_net_ipv4_route.h */,
+				19D0D3BC2770982C0010B299 /* blog_channel_ncd_sys_request_server.h */,
+				19D0D3BD2770982C0010B299 /* blog_channel_ncd_sys_watch_usb.h */,
+				19D0D3BE2770982C0010B299 /* blog_channel_ncd_run.h */,
+				19D0D3BF2770982C0010B299 /* blog_channels_list.h */,
+				19D0D3C02770982C0010B299 /* blog_channel_NCDValGenerator.h */,
+				19D0D3C12770982C0010B299 /* blog_channel_FrameDecider.h */,
+				19D0D3C22770982C0010B299 /* blog_channel_ncd_dynamic_depend.h */,
+				19D0D3C32770982C0010B299 /* blog_channel_ncd_net_ipv6_wait_dynamic_addr.h */,
+				19D0D3C42770982C0010B299 /* blog_channel_udpgw.h */,
+				19D0D3C52770982C0010B299 /* blog_channel_BUnixSignal.h */,
+				19D0D3C62770982C0010B299 /* blog_channel_ncd_parse.h */,
+				19D0D3C72770982C0010B299 /* blog_channel_ncd_ref.h */,
+				19D0D3C82770982C0010B299 /* blog_channel_NCDConfigTokenizer.h */,
+				19D0D3C92770982C0010B299 /* blog_channel_BDHCPClient.h */,
+				19D0D3CA2770982C0010B299 /* blog_channel_ncd_spawn.h */,
+				19D0D3CB2770982C0010B299 /* blog_channel_NCDModuleIndex.h */,
+				19D0D3CC2770982C0010B299 /* blog_channel_ncd_logical.h */,
+				19D0D3CD2770982C0010B299 /* bproto_msgproto.h */,
+				19D0D3CE2770982C0010B299 /* blog_channel_ncd_process_manager.h */,
+				19D0D3CF2770982C0010B299 /* blog_channel_ncd_net_backend_wpa_supplicant.h */,
+				19D0D3D02770982C0010B299 /* blog_channel_BThreadWork.h */,
+				19D0D3D12770982C0010B299 /* blog_channel_ncd_try.h */,
+				19D0D3D22770982C0010B299 /* blog_channel_BDatagram.h */,
+				19D0D3D32770982C0010B299 /* blog_channel_ncd_sys_watch_input.h */,
+				19D0D3D42770982C0010B299 /* blog_channel_ncd.h */,
+				19D0D3D52770982C0010B299 /* blog_channel_ncd_implode.h */,
+				19D0D3D62770982C0010B299 /* blog_channel_NCDBuildProgram.h */,
+				19D0D3D72770982C0010B299 /* blog_channel_ncd_file.h */,
+				19D0D3D82770982C0010B299 /* blog_channel_ncd_strcmp.h */,
+				19D0D3D92770982C0010B299 /* blog_channel_ncd_value.h */,
+				19D0D3DA2770982C0010B299 /* blog_channel_NCDValParser.h */,
+				19D0D3DB2770982C0010B299 /* blog_channel_BPredicate.h */,
+				19D0D3DC2770982C0010B299 /* blog_channel_dostest_attacker.h */,
+				19D0D3DD2770982C0010B299 /* blog_channel_client.h */,
+				19D0D3DE2770982C0010B299 /* blog_channel_ncd_daemon.h */,
+				19D0D3DF2770982C0010B299 /* blog_channel_NCDUdevManager.h */,
+				19D0D3E02770982C0010B299 /* blog_channel_PRStreamSource.h */,
+				19D0D3E12770982C0010B299 /* blog_channel_BSignal.h */,
+				19D0D3E22770982C0010B299 /* blog_channel_ncd_foreach.h */,
+				19D0D3E32770982C0010B299 /* blog_channel_ncd_netmask.h */,
+				19D0D3E42770982C0010B299 /* blog_channel_NCDVal.h */,
+				19D0D3E52770982C0010B299 /* blog_channel_ncd_imperative.h */,
+				19D0D3E62770982C0010B299 /* blog_channel_NCDUdevCache.h */,
+				19D0D3E72770982C0010B299 /* blog_channel_ncd_index.h */,
+				19D0D3E82770982C0010B299 /* blog_channel_ncd_if.h */,
+				19D0D3E92770982C0010B299 /* blog_channel_NCDInterfaceMonitor.h */,
+				19D0D3EA2770982C0010B299 /* blog_channel_PacketProtoDecoder.h */,
+				19D0D3EB2770982C0010B299 /* blog_channel_ncd_net_ipv4_addr.h */,
+				19D0D3EC2770982C0010B299 /* blog_channel_ncd_explode.h */,
+				19D0D3ED2770982C0010B299 /* blog_channels_defines.h */,
+				19D0D3EE2770982C0010B299 /* blog_channel_ncd_log_msg.h */,
+				19D0D3EF2770982C0010B299 /* blog_channel_BArpProbe.h */,
+				19D0D3F02770982C0010B299 /* blog_channel_ncd_sleep.h */,
+				19D0D3F12770982C0010B299 /* blog_channel_ncd_sys_start_process.h */,
+				19D0D3F22770982C0010B299 /* blog_channel_ncd_substr.h */,
+				19D0D3F32770982C0010B299 /* blog_channel_ncd_log.h */,
+				19D0D3F42770982C0010B299 /* blog_channel_ncd_request.h */,
+				19D0D3F52770982C0010B299 /* blog_channel_ncd_net_backend_rfkill.h */,
+				19D0D3F62770982C0010B299 /* blog_channel_ncd_objref.h */,
+				19D0D3F72770982C0010B299 /* blog_channel_ncd_net_watch_interfaces.h */,
+				19D0D3F82770982C0010B299 /* blog_channel_ncd_from_string.h */,
+				19D0D3F92770982C0010B299 /* blog_channel_BThreadSignal.h */,
+				19D0D3FA2770982C0010B299 /* blog_channel_BEncryption.h */,
+				19D0D3FB2770982C0010B299 /* blog_channel_ncd_sys_watch_directory.h */,
+				19D0D3FC2770982C0010B299 /* blog_channel_ncd_net_ipv4_dhcp.h */,
+				19D0D3FD2770982C0010B299 /* blog_channel_ncd_net_ipv6_route.h */,
+				19D0D3FE2770982C0010B299 /* blog_channel_ncd_arithmetic.h */,
+				19D0D3FF2770982C0010B299 /* blog_channel_ncd_alias.h */,
+				19D0D4002770982C0010B299 /* blog_channel_ncd_concat.h */,
+				19D0D4012770982C0010B299 /* blog_channel_DataProto.h */,
+				19D0D4022770982C0010B299 /* blog_channel_ncd_net_ipv4_arp_probe.h */,
+				19D0D4032770982C0010B299 /* blog_channel_ncd_net_ipv6_addr.h */,
+				19D0D4042770982C0010B299 /* blog_channel_NCDIfConfig.h */,
+				19D0D4052770982C0010B299 /* blog_channel_Listener.h */,
+				19D0D4062770982C0010B299 /* blog_channel_tun2socks.h */,
+				19D0D4072770982C0010B299 /* blog_channel_ncd_call2.h */,
+				19D0D4082770982C0010B299 /* blog_channel_ncd_buffer.h */,
+				19D0D4092770982C0010B299 /* blog_channel_NCDModuleProcess.h */,
+				19D0D40A2770982C0010B299 /* blog_channel_ncd_load_module.h */,
+				19D0D40B2770982C0010B299 /* blog_channel_ncd_depend_scope.h */,
+				19D0D40C2770982C0010B299 /* blog_channel_ncd_var.h */,
+				19D0D40D2770982C0010B299 /* blog_channel_NCDConfigParser.h */,
+				19D0D40E2770982C0010B299 /* blog_channel_lwip.h */,
+				19D0D40F2770982C0010B299 /* blog_channel_NCDRequestClient.h */,
+				19D0D4102770982C0010B299 /* blog_channel_DPRelay.h */,
+				19D0D4112770982C0010B299 /* blog_channel_BInputProcess.h */,
+				19D0D4122770982C0010B299 /* blog_channel_ncd_net_ipv4_addr_in_network.h */,
+				19D0D4132770982C0010B299 /* blog_channel_ncd_sys_evdev.h */,
+				19D0D4142770982C0010B299 /* blog_channel_ncd_exit.h */,
+				19D0D4152770982C0010B299 /* blog_channel_SPProtoDecoder.h */,
+				19D0D4162770982C0010B299 /* blog_channel_addr.h */,
+				19D0D4172770982C0010B299 /* blog_channel_ncd_backtrack.h */,
+				19D0D4182770982C0010B299 /* blog_channel_PasswordListener.h */,
+				19D0D4192770982C0010B299 /* blog_channel_ncd_to_string.h */,
+				19D0D41A2770982C0010B299 /* blog_channel_ncd_net_backend_waitlink.h */,
+				19D0D41B2770982C0010B299 /* blog_channel_nsskey.h */,
+				19D0D41C2770982C0010B299 /* blog_channel_DatagramPeerIO.h */,
+				19D0D41D2770982C0010B299 /* blog_channel_ncd_regex_match.h */,
+				19D0D41E2770982C0010B299 /* blog_channel_DPReceive.h */,
+				19D0D41F2770982C0010B299 /* blog_channel_ncd_valuemetic.h */,
+				19D0D4202770982C0010B299 /* blog_channel_BTime.h */,
+				19D0D4212770982C0010B299 /* blog_channel_ncd_timer.h */,
+				19D0D4222770982C0010B299 /* bproto_bproto_test.h */,
+				19D0D4232770982C0010B299 /* blog_channel_ncd_multidepend.h */,
+				19D0D4242770982C0010B299 /* blog_channel_server.h */,
+				19D0D4252770982C0010B299 /* blog_channel_ncd_runonce.h */,
+				19D0D4262770982C0010B299 /* blog_channel_dostest_server.h */,
+				19D0D4272770982C0010B299 /* blog_channel_ncd_net_up.h */,
+				19D0D4282770982C0010B299 /* blog_channel_BTap.h */,
+				19D0D4292770982C0010B299 /* blog_channel_ncd_net_ipv6_addr_in_network.h */,
+				19D0D42A2770982C0010B299 /* blog_channel_BProcess.h */,
+				19D0D42B2770982C0010B299 /* blog_channel_StreamPeerIO.h */,
+				19D0D42C2770982C0010B299 /* blog_channel_NCDRequest.h */,
+				19D0D42D2770982C0010B299 /* blog_channel_NCDRfkillMonitor.h */,
+				19D0D42E2770982C0010B299 /* blog_channel_NCDUdevMonitorParser.h */,
+				19D0D42F2770982C0010B299 /* blog_channel_ServerConnection.h */,
+				19D0D4302770982C0010B299 /* blog_channel_ncd_getargs.h */,
+				19D0D4312770982C0010B299 /* blog_channel_BDHCPClientCore.h */,
+				19D0D4322770982C0010B299 /* blog_channel_PRStreamSink.h */,
+				19D0D4332770982C0010B299 /* blog_channel_ncd_getenv.h */,
+				19D0D4342770982C0010B299 /* bproto_addr.h */,
+				19D0D4352770982C0010B299 /* blog_channel_ncd_blocker.h */,
+				19D0D4362770982C0010B299 /* blog_channel_ncd_reboot.h */,
+				19D0D4372770982C0010B299 /* blog_channel_ncd_choose.h */,
+				19D0D4382770982C0010B299 /* blog_channel_LineBuffer.h */,
+				19D0D4392770982C0010B299 /* blog_channel_FragmentProtoAssembler.h */,
+				19D0D43A2770982C0010B299 /* blog_channel_ncd_socket.h */,
+				19D0D43B2770982C0010B299 /* blog_channel_UdpGwClient.h */,
+				19D0D43C2770982C0010B299 /* blog_channel_flooder.h */,
+				19D0D43D2770982C0010B299 /* blog_channel_ncd_assert.h */,
+				19D0D43E2770982C0010B299 /* blog_channel_ncd_net_backend_waitdevice.h */,
+				19D0D43F2770982C0010B299 /* blog_channel_ncd_basic_functions.h */,
+				19D0D4402770982C0010B299 /* blog_channel_NCDPlaceholderDb.h */,
+				19D0D4412770982C0010B299 /* blog_channel_ncd_list.h */,
+				19D0D4422770982C0010B299 /* blog_channel_PeerChat.h */,
+				19D0D4432770982C0010B299 /* blog_channel_ncd_net_backend_badvpn.h */,
+				19D0D4442770982C0010B299 /* blog_channel_ncd_print.h */,
+				19D0D4452770982C0010B299 /* blog_channel_BNetwork.h */,
+				19D0D4462770982C0010B299 /* blog_channel_BLockReactor.h */,
+				19D0D4472770982C0010B299 /* blog_channel_ncd_ondemand.h */,
+				19D0D4482770982C0010B299 /* blog_channel_ncd_net_iptables.h */,
+				19D0D4492770982C0010B299 /* blog_channel_ncd_depend.h */,
+				19D0D44A2770982C0010B299 /* blog_channel_ncd_sys_request_client.h */,
+				19D0D44B2770982C0010B299 /* blog_channel_ncd_net_dns.h */,
+				19D0D44C2770982C0010B299 /* blog_channel_NCDUdevMonitor.h */,
+				19D0D44D2770982C0010B299 /* blog_channel_BSocksClient.h */,
+			);
+			path = generated;
+			sourceTree = "<group>";
+		};
+		19D0D44E2770982C0010B299 /* socksclient */ = {
+			isa = PBXGroup;
+			children = (
+				19D0D44F2770982C0010B299 /* BSocksClient.c */,
+				19D0D4502770982C0010B299 /* BSocksClient.h */,
+			);
+			path = socksclient;
+			sourceTree = "<group>";
+		};
+		19D0D4512770982C0010B299 /* misc */ = {
+			isa = PBXGroup;
+			children = (
+				19D0D4522770982C0010B299 /* packed.h */,
+				19D0D4532770982C0010B299 /* concat_strings.h */,
+				19D0D4542770982C0010B299 /* Utf8Decoder.h */,
+				19D0D4552770982C0010B299 /* parse_number.h */,
+				19D0D4562770982C0010B299 /* udp_proto.h */,
+				19D0D4572770982C0010B299 /* find_program.h */,
+				19D0D4582770982C0010B299 /* minmax.h */,
+				19D0D4592770982C0010B299 /* socks_proto.h */,
+				19D0D45A2770982C0010B299 /* string_begins_with.h */,
+				19D0D45B2770982C0010B299 /* dead.h */,
+				19D0D45C2770982C0010B299 /* strdup.h */,
+				19D0D45D2770982C0010B299 /* debug.h */,
+				19D0D45E2770982C0010B299 /* array_length.h */,
+				19D0D45F2770982C0010B299 /* version.h */,
+				19D0D4602770982C0010B299 /* bsort.h */,
+				19D0D4612770982C0010B299 /* debugcounter.h */,
+				19D0D4622770982C0010B299 /* byteorder.h */,
+				19D0D4632770982C0010B299 /* unicode_funcs.h */,
+				19D0D4642770982C0010B299 /* Utf16Decoder.h */,
+				19D0D4652770982C0010B299 /* bstring.h */,
+				19D0D4662770982C0010B299 /* maxalign.h */,
+				19D0D4672770982C0010B299 /* offset.h */,
+				19D0D4682770982C0010B299 /* cmdline.h */,
+				19D0D4692770982C0010B299 /* expstring.h */,
+				19D0D46A2770982C0010B299 /* merge.h */,
+				19D0D46B2770982C0010B299 /* ipaddr.h */,
+				19D0D46C2770982D0010B299 /* write_file.h */,
+				19D0D46D2770982D0010B299 /* print_macros.h */,
+				19D0D46E2770982D0010B299 /* substring.h */,
+				19D0D46F2770982D0010B299 /* balign.h */,
+				19D0D4702770982D0010B299 /* debugerror.h */,
+				19D0D4712770982D0010B299 /* memref.h */,
+				19D0D4722770982D0010B299 /* hashfun.h */,
+				19D0D4732770982D0010B299 /* igmp_proto.h */,
+				19D0D4742770982D0010B299 /* mswsock.h */,
+				19D0D4752770982D0010B299 /* get_iface_info.h */,
+				19D0D4762770982D0010B299 /* sslsocket.h */,
+				19D0D4772770982D0010B299 /* blimits.h */,
+				19D0D4782770982D0010B299 /* balloc.h */,
+				19D0D4792770982D0010B299 /* ipaddr6.h */,
+				19D0D47A2770982D0010B299 /* compare.h */,
+				19D0D47B2770982D0010B299 /* nonblocking.h */,
+				19D0D47C2770982D0010B299 /* loglevel.h */,
+				19D0D47D2770982D0010B299 /* modadd.h */,
+				19D0D47E2770982D0010B299 /* nsskey.h */,
+				19D0D47F2770982D0010B299 /* ethernet_proto.h */,
+				19D0D4802770982D0010B299 /* find_char.h */,
+				19D0D4812770982D0010B299 /* read_write_int.h */,
+				19D0D4822770982D0010B299 /* ipv6_proto.h */,
+				19D0D4832770982D0010B299 /* loggers_string.h */,
+				19D0D4842770982D0010B299 /* overflow.h */,
+				19D0D4852770982D0010B299 /* open_standard_streams.h */,
+				19D0D4862770982D0010B299 /* Utf16Encoder.h */,
+				19D0D4872770982D0010B299 /* read_file.h */,
+				19D0D4882770982D0010B299 /* dhcp_proto.h */,
+				19D0D4892770982D0010B299 /* exparray.h */,
+				19D0D48A2770982D0010B299 /* BRefTarget.h */,
+				19D0D48B2770982D0010B299 /* ipv4_proto.h */,
+				19D0D48C2770982D0010B299 /* grow_array.h */,
+				19D0D48D2770982D0010B299 /* stdbuf_cmdline.h */,
+				19D0D48E2770982D0010B299 /* arp_proto.h */,
+				19D0D48F2770982D0010B299 /* ascii_utils.h */,
+				19D0D4902770982D0010B299 /* bsize.h */,
+				19D0D4912770982D0010B299 /* Utf8Encoder.h */,
+			);
+			path = misc;
+			sourceTree = "<group>";
+		};
+		19D0D4922770982D0010B299 /* lwip */ = {
+			isa = PBXGroup;
+			children = (
+				19D0D4932770982D0010B299 /* custom */,
+				19D0D4992770982D0010B299 /* src */,
+			);
+			path = lwip;
+			sourceTree = "<group>";
+		};
+		19D0D4932770982D0010B299 /* custom */ = {
+			isa = PBXGroup;
+			children = (
+				19D0D4942770982D0010B299 /* sys.c */,
+				19D0D4952770982D0010B299 /* arch */,
+				19D0D4982770982D0010B299 /* lwipopts.h */,
+			);
+			path = custom;
+			sourceTree = "<group>";
+		};
+		19D0D4952770982D0010B299 /* arch */ = {
+			isa = PBXGroup;
+			children = (
+				19D0D4962770982D0010B299 /* cc.h */,
+				19D0D4972770982D0010B299 /* perf.h */,
+			);
+			path = arch;
+			sourceTree = "<group>";
+		};
+		19D0D4992770982D0010B299 /* src */ = {
+			isa = PBXGroup;
+			children = (
+				19D0D49A2770982D0010B299 /* core */,
+				19D0D4B32770982D0010B299 /* include */,
+			);
+			path = src;
+			sourceTree = "<group>";
+		};
+		19D0D49A2770982D0010B299 /* core */ = {
+			isa = PBXGroup;
+			children = (
+				19D0D49B2770982D0010B299 /* memp.c */,
+				19D0D49C2770982D0010B299 /* inet_chksum.c */,
+				19D0D49D2770982D0010B299 /* tcp_out.c */,
+				19D0D49E2770982D0010B299 /* init.c */,
+				19D0D49F2770982D0010B299 /* mem.c */,
+				19D0D4A02770982D0010B299 /* def.c */,
+				19D0D4A12770982D0010B299 /* udp.c */,
+				19D0D4A22770982D0010B299 /* stats.c */,
+				19D0D4A32770982D0010B299 /* tcp_in.c */,
+				19D0D4A42770982D0010B299 /* ipv4 */,
+				19D0D4A92770982D0010B299 /* netif.c */,
+				19D0D4AA2770982D0010B299 /* tcp.c */,
+				19D0D4AB2770982D0010B299 /* timers.c */,
+				19D0D4AC2770982D0010B299 /* pbuf.c */,
+				19D0D4AD2770982D0010B299 /* ipv6 */,
+			);
+			path = core;
+			sourceTree = "<group>";
+		};
+		19D0D4A42770982D0010B299 /* ipv4 */ = {
+			isa = PBXGroup;
+			children = (
+				19D0D4A52770982D0010B299 /* ip_frag.c */,
+				19D0D4A62770982D0010B299 /* icmp.c */,
+				19D0D4A72770982D0010B299 /* ip4.c */,
+				19D0D4A82770982D0010B299 /* ip4_addr.c */,
+			);
+			path = ipv4;
+			sourceTree = "<group>";
+		};
+		19D0D4AD2770982D0010B299 /* ipv6 */ = {
+			isa = PBXGroup;
+			children = (
+				19D0D4AE2770982D0010B299 /* ip6.c */,
+				19D0D4AF2770982D0010B299 /* icmp6.c */,
+				19D0D4B02770982D0010B299 /* nd6.c */,
+				19D0D4B12770982D0010B299 /* ip6_addr.c */,
+				19D0D4B22770982D0010B299 /* ip6_frag.c */,
+			);
+			path = ipv6;
+			sourceTree = "<group>";
+		};
+		19D0D4B32770982D0010B299 /* include */ = {
+			isa = PBXGroup;
+			children = (
+				19D0D4B42770982D0010B299 /* posix */,
+				19D0D4B82770982D0010B299 /* lwip */,
+				19D0D4DC2770982D0010B299 /* netif */,
+				19D0D4E02770982D0010B299 /* ipv4 */,
+				19D0D4E92770982D0010B299 /* ipv6 */,
+			);
+			path = include;
+			sourceTree = "<group>";
+		};
+		19D0D4B42770982D0010B299 /* posix */ = {
+			isa = PBXGroup;
+			children = (
+				19D0D4B52770982D0010B299 /* sys */,
+				19D0D4B72770982D0010B299 /* netdb.h */,
+			);
+			path = posix;
+			sourceTree = "<group>";
+		};
+		19D0D4B52770982D0010B299 /* sys */ = {
+			isa = PBXGroup;
+			children = (
+				19D0D4B62770982D0010B299 /* socket.h */,
+			);
+			path = sys;
+			sourceTree = "<group>";
+		};
+		19D0D4B82770982D0010B299 /* lwip */ = {
+			isa = PBXGroup;
+			children = (
+				19D0D4B92770982D0010B299 /* timers.h */,
+				19D0D4BA2770982D0010B299 /* pbuf.h */,
+				19D0D4BB2770982D0010B299 /* tcp_impl.h */,
+				19D0D4BC2770982D0010B299 /* tcp.h */,
+				19D0D4BD2770982D0010B299 /* err.h */,
+				19D0D4BE2770982D0010B299 /* snmp_asn1.h */,
+				19D0D4BF2770982D0010B299 /* netif.h */,
+				19D0D4C02770982D0010B299 /* sio.h */,
+				19D0D4C12770982D0010B299 /* debug.h */,
+				19D0D4C22770982D0010B299 /* tcpip.h */,
+				19D0D4C32770982D0010B299 /* snmp.h */,
+				19D0D4C42770982D0010B299 /* snmp_structs.h */,
+				19D0D4C52770982D0010B299 /* api_msg.h */,
+				19D0D4C62770982D0010B299 /* netifapi.h */,
+				19D0D4C72770982D0010B299 /* netbuf.h */,
+				19D0D4C82770982D0010B299 /* api.h */,
+				19D0D4C92770982D0010B299 /* dhcp.h */,
+				19D0D4CA2770982D0010B299 /* memp.h */,
+				19D0D4CB2770982D0010B299 /* sockets.h */,
+				19D0D4CC2770982D0010B299 /* ip_addr.h */,
+				19D0D4CD2770982D0010B299 /* opt.h */,
+				19D0D4CE2770982D0010B299 /* inet_chksum.h */,
+				19D0D4CF2770982D0010B299 /* raw.h */,
+				19D0D4D02770982D0010B299 /* sys.h */,
+				19D0D4D12770982D0010B299 /* netdb.h */,
+				19D0D4D22770982D0010B299 /* def.h */,
+				19D0D4D32770982D0010B299 /* mem.h */,
+				19D0D4D42770982D0010B299 /* dns.h */,
+				19D0D4D52770982D0010B299 /* ip.h */,
+				19D0D4D62770982D0010B299 /* init.h */,
+				19D0D4D72770982D0010B299 /* snmp_msg.h */,
+				19D0D4D82770982D0010B299 /* stats.h */,
+				19D0D4D92770982D0010B299 /* memp_std.h */,
+				19D0D4DA2770982D0010B299 /* udp.h */,
+				19D0D4DB2770982D0010B299 /* arch.h */,
+			);
+			path = lwip;
+			sourceTree = "<group>";
+		};
+		19D0D4DC2770982D0010B299 /* netif */ = {
+			isa = PBXGroup;
+			children = (
+				19D0D4DD2770982D0010B299 /* etharp.h */,
+				19D0D4DE2770982D0010B299 /* ppp_oe.h */,
+				19D0D4DF2770982D0010B299 /* slipif.h */,
+			);
+			path = netif;
+			sourceTree = "<group>";
+		};
+		19D0D4E02770982D0010B299 /* ipv4 */ = {
+			isa = PBXGroup;
+			children = (
+				19D0D4E12770982D0010B299 /* lwip */,
+			);
+			path = ipv4;
+			sourceTree = "<group>";
+		};
+		19D0D4E12770982D0010B299 /* lwip */ = {
+			isa = PBXGroup;
+			children = (
+				19D0D4E22770982D0010B299 /* igmp.h */,
+				19D0D4E32770982D0010B299 /* ip4.h */,
+				19D0D4E42770982D0010B299 /* icmp.h */,
+				19D0D4E52770982D0010B299 /* inet.h */,
+				19D0D4E62770982D0010B299 /* ip4_addr.h */,
+				19D0D4E72770982D0010B299 /* autoip.h */,
+				19D0D4E82770982D0010B299 /* ip_frag.h */,
+			);
+			path = lwip;
+			sourceTree = "<group>";
+		};
+		19D0D4E92770982D0010B299 /* ipv6 */ = {
+			isa = PBXGroup;
+			children = (
+				19D0D4EA2770982D0010B299 /* lwip */,
+			);
+			path = ipv6;
+			sourceTree = "<group>";
+		};
+		19D0D4EA2770982D0010B299 /* lwip */ = {
+			isa = PBXGroup;
+			children = (
+				19D0D4EB2770982D0010B299 /* nd6.h */,
+				19D0D4EC2770982D0010B299 /* ethip6.h */,
+				19D0D4ED2770982D0010B299 /* inet6.h */,
+				19D0D4EE2770982D0010B299 /* ip6_addr.h */,
+				19D0D4EF2770982D0010B299 /* ip6_frag.h */,
+				19D0D4F02770982D0010B299 /* ip6.h */,
+				19D0D4F12770982D0010B299 /* icmp6.h */,
+				19D0D4F22770982D0010B299 /* dhcp6.h */,
+				19D0D4F32770982D0010B299 /* mld6.h */,
+			);
+			path = lwip;
+			sourceTree = "<group>";
+		};
+		19D0D4F42770982D0010B299 /* tuntap */ = {
+			isa = PBXGroup;
+			children = (
+				19D0D4F52770982D0010B299 /* BTap.m */,
+				19D0D4F62770982D0010B299 /* BTap.h */,
+			);
+			path = tuntap;
+			sourceTree = "<group>";
+		};
+		19D0D4F72770982D0010B299 /* udpgw */ = {
+			isa = PBXGroup;
+			children = (
+				19D0D4F82770982D0010B299 /* udpgw.h */,
+				19D0D4F92770982D0010B299 /* udpgw.c */,
+			);
+			path = udpgw;
+			sourceTree = "<group>";
+		};
+		19D0D4FA2770982D0010B299 /* protocol */ = {
+			isa = PBXGroup;
+			children = (
+				19D0D4FB2770982D0010B299 /* udpgw_proto.h */,
+				19D0D4FC2770982D0010B299 /* requestproto.h */,
+				19D0D4FD2770982D0010B299 /* msgproto.h */,
+				19D0D4FE2770982D0010B299 /* spproto.h */,
+				19D0D4FF2770982D0010B299 /* packetproto.h */,
+				19D0D5002770982D0010B299 /* dataproto.h */,
+				19D0D5012770982D0010B299 /* addr.h */,
+				19D0D5022770982D0010B299 /* scproto.h */,
+				19D0D5032770982D0010B299 /* addr.bproto */,
+				19D0D5042770982D0010B299 /* fragmentproto.h */,
+				19D0D5052770982D0010B299 /* msgproto.bproto */,
+			);
+			path = protocol;
+			sourceTree = "<group>";
+		};
+		19D0D5062770982D0010B299 /* system */ = {
+			isa = PBXGroup;
+			children = (
+				19D0D5072770982D0010B299 /* BDatagram_unix.h */,
+				19D0D5082770982D0010B299 /* BUnixSignal.h */,
+				19D0D5092770982D0010B299 /* BNetwork.c */,
+				19D0D50A2770982D0010B299 /* BConnection.h */,
+				19D0D50B2770982D0010B299 /* BConnection_common.c */,
+				19D0D50C2770982D0010B299 /* BReactor_badvpn.h */,
+				19D0D50D2770982D0010B299 /* BAddr.h */,
+				19D0D50E2770982D0010B299 /* BReactor.h */,
+				19D0D50F2770982D0010B299 /* BConnection_unix.h */,
+				19D0D5102770982D0010B299 /* BTime.c */,
+				19D0D5112770982D0010B299 /* BSignal.c */,
+				19D0D5122770982D0010B299 /* BReactor_badvpn_timerstree.h */,
+				19D0D5132770982D0010B299 /* BDatagram_unix.c */,
+				19D0D5142770982D0010B299 /* BNetwork.h */,
+				19D0D5152770982D0010B299 /* BUnixSignal.c */,
+				19D0D5162770982D0010B299 /* BDatagram.h */,
+				19D0D5172770982D0010B299 /* BReactor_badvpn.c */,
+				19D0D5182770982D0010B299 /* BSignal.h */,
+				19D0D5192770982D0010B299 /* BTime.h */,
+				19D0D51A2770982D0010B299 /* BConnection_unix.c */,
+			);
+			path = system;
+			sourceTree = "<group>";
+		};
+		19D0D51B2770982D0010B299 /* tun2socks */ = {
+			isa = PBXGroup;
+			children = (
+				19D0D51C2770982D0010B299 /* tun2socks.c */,
+				19D0D51D2770982D0010B299 /* SocksUdpGwClient.h */,
+				19D0D51E2770982D0010B299 /* tun2socks.h */,
+				19D0D51F2770982D0010B299 /* SocksUdpGwClient.c */,
+			);
+			path = tun2socks;
+			sourceTree = "<group>";
+		};
+		19D0D5202770982D0010B299 /* structure */ = {
+			isa = PBXGroup;
+			children = (
+				19D0D5212770982D0010B299 /* SAvl.h */,
+				19D0D5222770982D0010B299 /* Vector_footer.h */,
+				19D0D5232770982D0010B299 /* ChunkBuffer2.h */,
+				19D0D5242770982D0010B299 /* IndexedList_tree.h */,
+				19D0D5252770982D0010B299 /* LinkedList1.h */,
+				19D0D5262770982D0010B299 /* Vector_header.h */,
+				19D0D5272770982D0010B299 /* CAvl_header.h */,
+				19D0D5282770982D0010B299 /* Vector_decl.h */,
+				19D0D5292770982D0010B299 /* CHash_decl.h */,
+				19D0D52A2770982D0010B299 /* CAvl_footer.h */,
+				19D0D52B2770982D0010B299 /* SLinkedList_decl.h */,
+				19D0D52C2770982D0010B299 /* CAvl_impl.h */,
+				19D0D52D2770982D0010B299 /* SAvl_decl.h */,
+				19D0D52E2770982D0010B299 /* CHash.h */,
+				19D0D52F2770982D0010B299 /* SAvl_footer.h */,
+				19D0D5302770982D0010B299 /* SAvl_tree.h */,
+				19D0D5312770982D0010B299 /* IndexedList.h */,
+				19D0D5322770982D0010B299 /* SAvl_header.h */,
+				19D0D5332770982D0010B299 /* LinkedList3.h */,
+				19D0D5342770982D0010B299 /* BAVL.h */,
+				19D0D5352770982D0010B299 /* SLinkedList_impl.h */,
+				19D0D5362770982D0010B299 /* CAvl_decl.h */,
+				19D0D5372770982D0010B299 /* CAvl.h */,
+				19D0D5382770982D0010B299 /* Vector_impl.h */,
+				19D0D5392770982D0010B299 /* SLinkedList.h */,
+				19D0D53A2770982D0010B299 /* CHash_impl.h */,
+				19D0D53B2770982D0010B299 /* CHash_footer.h */,
+				19D0D53C2770982D0010B299 /* LinkedList0.h */,
+				19D0D53D2770982D0010B299 /* CHash_header.h */,
+				19D0D53E2770982D0010B299 /* SAvl_impl.h */,
+				19D0D53F2770982D0010B299 /* Vector.h */,
+				19D0D5402770982D0010B299 /* SLinkedList_footer.h */,
+				19D0D5412770982D0010B299 /* SLinkedList_header.h */,
+			);
+			path = structure;
+			sourceTree = "<group>";
+		};
+		19D0D5422770982D0010B299 /* flowextra */ = {
+			isa = PBXGroup;
+			children = (
+				19D0D5432770982D0010B299 /* PacketPassInactivityMonitor.h */,
+				19D0D5442770982D0010B299 /* PacketPassInactivityMonitor.c */,
+			);
+			path = flowextra;
+			sourceTree = "<group>";
+		};
+		19D0D5452770982D0010B299 /* base */ = {
+			isa = PBXGroup;
+			children = (
+				19D0D5462770982D0010B299 /* BLog.m */,
+				19D0D5472770982E0010B299 /* BLog_syslog.c */,
+				19D0D5482770982E0010B299 /* BPending_list.h */,
+				19D0D5492770982E0010B299 /* DebugObject.c */,
+				19D0D54A2770982E0010B299 /* BPending.h */,
+				19D0D54B2770982E0010B299 /* BLog_syslog.h */,
+				19D0D54C2770982E0010B299 /* BLog.h */,
+				19D0D54D2770982E0010B299 /* BMutex.h */,
+				19D0D54E2770982E0010B299 /* BPending.c */,
+				19D0D54F2770982E0010B299 /* DebugObject.h */,
+			);
+			path = base;
+			sourceTree = "<group>";
+		};
+		19D0D5502770982E0010B299 /* udpgw_client */ = {
+			isa = PBXGroup;
+			children = (
+				19D0D5512770982E0010B299 /* UdpGwClient.c */,
+				19D0D5522770982E0010B299 /* UdpGwClient.h */,
+			);
+			path = udpgw_client;
+			sourceTree = "<group>";
+		};
+		19D0D5532770982E0010B299 /* flow */ = {
+			isa = PBXGroup;
+			children = (
+				19D0D5542770982E0010B299 /* PacketBuffer.c */,
+				19D0D5552770982E0010B299 /* PacketStreamSender.h */,
+				19D0D5562770982E0010B299 /* BufferWriter.c */,
+				19D0D5572770982E0010B299 /* PacketRecvInterface.c */,
+				19D0D5582770982E0010B299 /* PacketPassFairQueue_tree.h */,
+				19D0D5592770982E0010B299 /* SinglePacketBuffer.h */,
+				19D0D55A2770982E0010B299 /* PacketProtoDecoder.h */,
+				19D0D55B2770982E0010B299 /* StreamRecvInterface.c */,
+				19D0D55C2770982E0010B299 /* PacketProtoEncoder.c */,
+				19D0D55D2770982E0010B299 /* StreamPassInterface.c */,
+				19D0D55E2770982E0010B299 /* PacketPassConnector.c */,
+				19D0D55F2770982E0010B299 /* PacketPassFairQueue.h */,
+				19D0D5602770982E0010B299 /* PacketProtoFlow.c */,
+				19D0D5612770982E0010B299 /* PacketPassInterface.c */,
+				19D0D5622770982E0010B299 /* BufferWriter.h */,
+				19D0D5632770982E0010B299 /* PacketRecvInterface.h */,
+				19D0D5642770982E0010B299 /* PacketBuffer.h */,
+				19D0D5652770982E0010B299 /* PacketStreamSender.c */,
+				19D0D5662770982E0010B299 /* StreamRecvInterface.h */,
+				19D0D5672770982E0010B299 /* PacketProtoDecoder.c */,
+				19D0D5682770982E0010B299 /* SinglePacketBuffer.c */,
+				19D0D5692770982E0010B299 /* PacketPassFairQueue.c */,
+				19D0D56A2770982E0010B299 /* PacketPassConnector.h */,
+				19D0D56B2770982E0010B299 /* StreamPassInterface.h */,
+				19D0D56C2770982E0010B299 /* PacketProtoEncoder.h */,
+				19D0D56D2770982E0010B299 /* PacketPassInterface.h */,
+				19D0D56E2770982E0010B299 /* PacketProtoFlow.h */,
+			);
+			path = flow;
+			sourceTree = "<group>";
+		};
+/* End PBXGroup section */
+
+/* Begin PBXHeadersBuildPhase section */
+		19D0CCE4277092B50010B299 /* Headers */ = {
+			isa = PBXHeadersBuildPhase;
+			buildActionMask = 2147483647;
+			files = (
+				19D0CCED277092B50010B299 /* PacketProcessor.h in Headers */,
+				19D0D710277098610010B299 /* TunnelInterface.h in Headers */,
+			);
+			runOnlyForDeploymentPostprocessing = 0;
+		};
+/* End PBXHeadersBuildPhase section */
+
+/* Begin PBXNativeTarget section */
+		19D0CCE8277092B50010B299 /* PacketProcessor */ = {
+			isa = PBXNativeTarget;
+			buildConfigurationList = 19D0CCF0277092B50010B299 /* Build configuration list for PBXNativeTarget "PacketProcessor" */;
+			buildPhases = (
+				19D0CCE4277092B50010B299 /* Headers */,
+				19D0CCE5277092B50010B299 /* Sources */,
+				19D0CCE6277092B50010B299 /* Frameworks */,
+				19D0CCE7277092B50010B299 /* Resources */,
+				19D0CCF9277096980010B299 /* Embed Frameworks */,
+			);
+			buildRules = (
+			);
+			dependencies = (
+			);
+			name = PacketProcessor;
+			productName = PacketProcessor;
+			productReference = 19D0CCE9277092B50010B299 /* PacketProcessor.framework */;
+			productType = "com.apple.product-type.framework";
+		};
+/* End PBXNativeTarget section */
+
+/* Begin PBXProject section */
+		19D0CCE0277092B50010B299 /* Project object */ = {
+			isa = PBXProject;
+			attributes = {
+				BuildIndependentTargetsInParallel = 1;
+				LastUpgradeCheck = 1320;
+				TargetAttributes = {
+					19D0CCE8277092B50010B299 = {
+						CreatedOnToolsVersion = 13.2.1;
+					};
+				};
+			};
+			buildConfigurationList = 19D0CCE3277092B50010B299 /* Build configuration list for PBXProject "PacketProcessor" */;
+			compatibilityVersion = "Xcode 13.0";
+			developmentRegion = en;
+			hasScannedForEncodings = 0;
+			knownRegions = (
+				en,
+				Base,
+			);
+			mainGroup = 19D0CCDF277092B50010B299;
+			productRefGroup = 19D0CCEA277092B50010B299 /* Products */;
+			projectDirPath = "";
+			projectRoot = "";
+			targets = (
+				19D0CCE8277092B50010B299 /* PacketProcessor */,
+			);
+		};
+/* End PBXProject section */
+
+/* Begin PBXResourcesBuildPhase section */
+		19D0CCE7277092B50010B299 /* Resources */ = {
+			isa = PBXResourcesBuildPhase;
+			buildActionMask = 2147483647;
+			files = (
+				19D0D6AB277098310010B299 /* msgproto.bproto in Resources */,
+				19D0D6A9277098310010B299 /* addr.bproto in Resources */,
+			);
+			runOnlyForDeploymentPostprocessing = 0;
+		};
+/* End PBXResourcesBuildPhase section */
+
+/* Begin PBXSourcesBuildPhase section */
+		19D0CCE5277092B50010B299 /* Sources */ = {
+			isa = PBXSourcesBuildPhase;
+			buildActionMask = 2147483647;
+			files = (
+				19D0D700277098320010B299 /* PacketPassInterface.c in Sources */,
+				19D0D662277098300010B299 /* nd6.c in Sources */,
+				19D0D664277098300010B299 /* ip6_frag.c in Sources */,
+				19D0D6BA277098310010B299 /* BUnixSignal.c in Sources */,
+				19D0D708277098320010B299 /* PacketPassFairQueue.c in Sources */,
+				19D0D706277098320010B299 /* PacketProtoDecoder.c in Sources */,
+				19D0D6E6277098310010B299 /* PacketPassInactivityMonitor.c in Sources */,
+				19D0D659277098300010B299 /* icmp.c in Sources */,
+				19D0D65E277098300010B299 /* timers.c in Sources */,
+				19D0D651277098300010B299 /* tcp_out.c in Sources */,
+				19D0D650277098300010B299 /* inet_chksum.c in Sources */,
+				19D0D70F277098320010B299 /* TunnelInterface.m in Sources */,
+				19D0D6FF277098320010B299 /* PacketProtoFlow.c in Sources */,
+				19D0D658277098300010B299 /* ip_frag.c in Sources */,
+				19D0D653277098300010B299 /* mem.c in Sources */,
+				19D0D65F277098300010B299 /* pbuf.c in Sources */,
+				19D0D6A0277098310010B299 /* udpgw.c in Sources */,
+				19D0D663277098300010B299 /* ip6_addr.c in Sources */,
+				19D0D6F3277098310010B299 /* PacketBuffer.c in Sources */,
+				19D0D6B5277098310010B299 /* BTime.c in Sources */,
+				19D0D6F6277098310010B299 /* PacketRecvInterface.c in Sources */,
+				19D0D6B0277098310010B299 /* BConnection_common.c in Sources */,
+				19D0D6B8277098310010B299 /* BDatagram_unix.c in Sources */,
+				19D0D65B277098300010B299 /* ip4_addr.c in Sources */,
+				19D0D6C3277098310010B299 /* SocksUdpGwClient.c in Sources */,
+				19D0D704277098320010B299 /* PacketStreamSender.c in Sources */,
+				19D0D6C0277098310010B299 /* tun2socks.c in Sources */,
+				19D0D655277098300010B299 /* udp.c in Sources */,
+				19D0D6EA277098310010B299 /* DebugObject.c in Sources */,
+				19D0D6F5277098310010B299 /* BufferWriter.c in Sources */,
+				19D0D661277098300010B299 /* icmp6.c in Sources */,
+				19D0D6EF277098310010B299 /* BPending.c in Sources */,
+				19D0D6FC277098320010B299 /* StreamPassInterface.c in Sources */,
+				19D0D6BF277098310010B299 /* BConnection_unix.c in Sources */,
+				19D0D6FB277098320010B299 /* PacketProtoEncoder.c in Sources */,
+				19D0D6B6277098310010B299 /* BSignal.c in Sources */,
+				19D0D660277098300010B299 /* ip6.c in Sources */,
+				19D0D64F277098300010B299 /* memp.c in Sources */,
+				19D0D6E8277098310010B299 /* BLog_syslog.c in Sources */,
+				19D0D6F1277098310010B299 /* UdpGwClient.c in Sources */,
+				19D0D6AE277098310010B299 /* BNetwork.c in Sources */,
+				19D0D6BC277098310010B299 /* BReactor_badvpn.c in Sources */,
+				19D0D69D277098310010B299 /* BTap.m in Sources */,
+				19D0D657277098300010B299 /* tcp_in.c in Sources */,
+				19D0D652277098300010B299 /* init.c in Sources */,
+				19D0D654277098300010B299 /* def.c in Sources */,
+				19D0D6E7277098310010B299 /* BLog.m in Sources */,
+				19D0D6FA277098320010B299 /* StreamRecvInterface.c in Sources */,
+				19D0D656277098300010B299 /* stats.c in Sources */,
+				19D0D6092770982F0010B299 /* BSocksClient.c in Sources */,
+				19D0D6FD277098320010B299 /* PacketPassConnector.c in Sources */,
+				19D0D707277098320010B299 /* SinglePacketBuffer.c in Sources */,
+				19D0D64B277098300010B299 /* sys.c in Sources */,
+				19D0D65D277098300010B299 /* tcp.c in Sources */,
+				19D0D65C277098300010B299 /* netif.c in Sources */,
+				19D0D65A277098300010B299 /* ip4.c in Sources */,
+			);
+			runOnlyForDeploymentPostprocessing = 0;
+		};
+/* End PBXSourcesBuildPhase section */
+
+/* Begin XCBuildConfiguration section */
+		19D0CCEE277092B50010B299 /* Debug */ = {
+			isa = XCBuildConfiguration;
+			buildSettings = {
+				ALWAYS_SEARCH_USER_PATHS = NO;
+				CLANG_ANALYZER_NONNULL = YES;
+				CLANG_ANALYZER_NUMBER_OBJECT_CONVERSION = YES_AGGRESSIVE;
+				CLANG_CXX_LANGUAGE_STANDARD = "gnu++17";
+				CLANG_CXX_LIBRARY = "libc++";
+				CLANG_ENABLE_MODULES = YES;
+				CLANG_ENABLE_OBJC_ARC = YES;
+				CLANG_ENABLE_OBJC_WEAK = YES;
+				CLANG_WARN_BLOCK_CAPTURE_AUTORELEASING = YES;
+				CLANG_WARN_BOOL_CONVERSION = YES;
+				CLANG_WARN_COMMA = YES;
+				CLANG_WARN_CONSTANT_CONVERSION = YES;
+				CLANG_WARN_DEPRECATED_OBJC_IMPLEMENTATIONS = YES;
+				CLANG_WARN_DIRECT_OBJC_ISA_USAGE = YES_ERROR;
+				CLANG_WARN_DOCUMENTATION_COMMENTS = YES;
+				CLANG_WARN_EMPTY_BODY = YES;
+				CLANG_WARN_ENUM_CONVERSION = YES;
+				CLANG_WARN_INFINITE_RECURSION = YES;
+				CLANG_WARN_INT_CONVERSION = YES;
+				CLANG_WARN_NON_LITERAL_NULL_CONVERSION = YES;
+				CLANG_WARN_OBJC_IMPLICIT_RETAIN_SELF = YES;
+				CLANG_WARN_OBJC_LITERAL_CONVERSION = YES;
+				CLANG_WARN_OBJC_ROOT_CLASS = YES_ERROR;
+				CLANG_WARN_QUOTED_INCLUDE_IN_FRAMEWORK_HEADER = YES;
+				CLANG_WARN_RANGE_LOOP_ANALYSIS = YES;
+				CLANG_WARN_STRICT_PROTOTYPES = YES;
+				CLANG_WARN_SUSPICIOUS_MOVE = YES;
+				CLANG_WARN_UNGUARDED_AVAILABILITY = YES_AGGRESSIVE;
+				CLANG_WARN_UNREACHABLE_CODE = YES;
+				CLANG_WARN__DUPLICATE_METHOD_MATCH = YES;
+				COPY_PHASE_STRIP = NO;
+				CURRENT_PROJECT_VERSION = 1;
+				DEBUG_INFORMATION_FORMAT = dwarf;
+				ENABLE_STRICT_OBJC_MSGSEND = YES;
+				ENABLE_TESTABILITY = YES;
+				GCC_C_LANGUAGE_STANDARD = gnu11;
+				GCC_DYNAMIC_NO_PIC = NO;
+				GCC_NO_COMMON_BLOCKS = YES;
+				GCC_OPTIMIZATION_LEVEL = 0;
+				GCC_PREPROCESSOR_DEFINITIONS = (
+					"DEBUG=1",
+					"$(inherited)",
+				);
+				GCC_WARN_64_TO_32_BIT_CONVERSION = YES;
+				GCC_WARN_ABOUT_RETURN_TYPE = YES_ERROR;
+				GCC_WARN_UNDECLARED_SELECTOR = YES;
+				GCC_WARN_UNINITIALIZED_AUTOS = YES_AGGRESSIVE;
+				GCC_WARN_UNUSED_FUNCTION = YES;
+				GCC_WARN_UNUSED_VARIABLE = YES;
+				IPHONEOS_DEPLOYMENT_TARGET = 15.2;
+				MTL_ENABLE_DEBUG_INFO = INCLUDE_SOURCE;
+				MTL_FAST_MATH = YES;
+				ONLY_ACTIVE_ARCH = YES;
+				SDKROOT = iphoneos;
+				VERSIONING_SYSTEM = "apple-generic";
+				VERSION_INFO_PREFIX = "";
+			};
+			name = Debug;
+		};
+		19D0CCEF277092B50010B299 /* Release */ = {
+			isa = XCBuildConfiguration;
+			buildSettings = {
+				ALWAYS_SEARCH_USER_PATHS = NO;
+				CLANG_ANALYZER_NONNULL = YES;
+				CLANG_ANALYZER_NUMBER_OBJECT_CONVERSION = YES_AGGRESSIVE;
+				CLANG_CXX_LANGUAGE_STANDARD = "gnu++17";
+				CLANG_CXX_LIBRARY = "libc++";
+				CLANG_ENABLE_MODULES = YES;
+				CLANG_ENABLE_OBJC_ARC = YES;
+				CLANG_ENABLE_OBJC_WEAK = YES;
+				CLANG_WARN_BLOCK_CAPTURE_AUTORELEASING = YES;
+				CLANG_WARN_BOOL_CONVERSION = YES;
+				CLANG_WARN_COMMA = YES;
+				CLANG_WARN_CONSTANT_CONVERSION = YES;
+				CLANG_WARN_DEPRECATED_OBJC_IMPLEMENTATIONS = YES;
+				CLANG_WARN_DIRECT_OBJC_ISA_USAGE = YES_ERROR;
+				CLANG_WARN_DOCUMENTATION_COMMENTS = YES;
+				CLANG_WARN_EMPTY_BODY = YES;
+				CLANG_WARN_ENUM_CONVERSION = YES;
+				CLANG_WARN_INFINITE_RECURSION = YES;
+				CLANG_WARN_INT_CONVERSION = YES;
+				CLANG_WARN_NON_LITERAL_NULL_CONVERSION = YES;
+				CLANG_WARN_OBJC_IMPLICIT_RETAIN_SELF = YES;
+				CLANG_WARN_OBJC_LITERAL_CONVERSION = YES;
+				CLANG_WARN_OBJC_ROOT_CLASS = YES_ERROR;
+				CLANG_WARN_QUOTED_INCLUDE_IN_FRAMEWORK_HEADER = YES;
+				CLANG_WARN_RANGE_LOOP_ANALYSIS = YES;
+				CLANG_WARN_STRICT_PROTOTYPES = YES;
+				CLANG_WARN_SUSPICIOUS_MOVE = YES;
+				CLANG_WARN_UNGUARDED_AVAILABILITY = YES_AGGRESSIVE;
+				CLANG_WARN_UNREACHABLE_CODE = YES;
+				CLANG_WARN__DUPLICATE_METHOD_MATCH = YES;
+				COPY_PHASE_STRIP = NO;
+				CURRENT_PROJECT_VERSION = 1;
+				DEBUG_INFORMATION_FORMAT = "dwarf-with-dsym";
+				ENABLE_NS_ASSERTIONS = NO;
+				ENABLE_STRICT_OBJC_MSGSEND = YES;
+				GCC_C_LANGUAGE_STANDARD = gnu11;
+				GCC_NO_COMMON_BLOCKS = YES;
+				GCC_WARN_64_TO_32_BIT_CONVERSION = YES;
+				GCC_WARN_ABOUT_RETURN_TYPE = YES_ERROR;
+				GCC_WARN_UNDECLARED_SELECTOR = YES;
+				GCC_WARN_UNINITIALIZED_AUTOS = YES_AGGRESSIVE;
+				GCC_WARN_UNUSED_FUNCTION = YES;
+				GCC_WARN_UNUSED_VARIABLE = YES;
+				IPHONEOS_DEPLOYMENT_TARGET = 15.2;
+				MTL_ENABLE_DEBUG_INFO = NO;
+				MTL_FAST_MATH = YES;
+				SDKROOT = iphoneos;
+				VALIDATE_PRODUCT = YES;
+				VERSIONING_SYSTEM = "apple-generic";
+				VERSION_INFO_PREFIX = "";
+			};
+			name = Release;
+		};
+		19D0CCF1277092B50010B299 /* Debug */ = {
+			isa = XCBuildConfiguration;
+			buildSettings = {
+				CLANG_CXX_LANGUAGE_STANDARD = "gnu++0x";
+				CODE_SIGN_IDENTITY = "Apple Development";
+				CODE_SIGN_STYLE = Automatic;
+				CURRENT_PROJECT_VERSION = 1;
+				DEFINES_MODULE = YES;
+				DEVELOPMENT_TEAM = 7VAGZXD78P;
+				DYLIB_COMPATIBILITY_VERSION = 1;
+				DYLIB_CURRENT_VERSION = 1;
+				DYLIB_INSTALL_NAME_BASE = "@rpath";
+				ENABLE_BITCODE = NO;
+				FRAMEWORK_SEARCH_PATHS = (
+					"$(inherited)",
+					"$(PROJECT_DIR)/PacketProcessor/CocoaAsyncSocket",
+				);
+				GCC_C_LANGUAGE_STANDARD = gnu99;
+				GCC_PREPROCESSOR_DEFINITIONS = (
+					"$(inherited)",
+					BADVPN_BREACTOR_BADVPN,
+					BADVPN_FREEBSD,
+					BADVPN_THREADWORK_USE_PTHREAD,
+					"BADVPN_THREAD_SAFE=1",
+					BADVPN_USE_KEVENT,
+					BADVPN_USE_SYSLOG,
+					BADVPN_BIG_ENDIAN,
+					BADVPN_LIBTSOCKS,
+				);
+				GENERATE_INFOPLIST_FILE = YES;
+				HEADER_SEARCH_PATHS = (
+					"${inherited}",
+					"\"${PROJECT_DIR}/CocoaAsyncSocket/CocoaAsyncSocket.framework/Headers\"",
+				);
+				INFOPLIST_FILE = PacketProcessor/Info.plist;
+				INFOPLIST_KEY_NSPrincipalClass = "";
+				INSTALL_PATH = "$(LOCAL_LIBRARY_DIR)/Frameworks";
+				IPHONEOS_DEPLOYMENT_TARGET = 9.0;
+				LD_RUNPATH_SEARCH_PATHS = (
+					"$(inherited)",
+					"@executable_path/Frameworks",
+					"@loader_path/Frameworks",
+				);
+				MARKETING_VERSION = 1.0;
+				OTHER_LDFLAGS = (
+					"$(inherited)",
+					"-framework",
+					"\"CFNetwork\"",
+					"-framework",
+					"\"CocoaAsyncSocket\"",
+					"-framework",
+					"\"Security\"",
+				);
+				PRODUCT_BUNDLE_IDENTIFIER = org.amnezia.Amnezia.PacketProcessor;
+				PRODUCT_NAME = "$(TARGET_NAME:c99extidentifier)";
+				SKIP_INSTALL = YES;
+				SWIFT_EMIT_LOC_STRINGS = YES;
+				TARGETED_DEVICE_FAMILY = "1,2";
+				USER_HEADER_SEARCH_PATHS = (
+					"${inherited}",
+					"${SRCROOT}/${TARGET_NAME}/tun2socks-iOS",
+					"${SRCROOT}/${TARGET_NAME}/tun2socks-iOS/lwip/src/include",
+					"${SRCROOT}/${TARGET_NAME}/tun2socks-iOS/lwip/custom",
+					"${SRCROOT}/${TARGET_NAME}/tun2socks-iOS/lwip/src/include/ipv4",
+					"${SRCROOT}/${TARGET_NAME}/tun2socks-iOS/lwip/src/include/ipv6",
+				);
+			};
+			name = Debug;
+		};
+		19D0CCF2277092B50010B299 /* Release */ = {
+			isa = XCBuildConfiguration;
+			buildSettings = {
+				CLANG_CXX_LANGUAGE_STANDARD = "gnu++0x";
+				CODE_SIGN_IDENTITY = "Apple Development";
+				CODE_SIGN_STYLE = Automatic;
+				CURRENT_PROJECT_VERSION = 1;
+				DEFINES_MODULE = YES;
+				DEVELOPMENT_TEAM = 7VAGZXD78P;
+				DYLIB_COMPATIBILITY_VERSION = 1;
+				DYLIB_CURRENT_VERSION = 1;
+				DYLIB_INSTALL_NAME_BASE = "@rpath";
+				ENABLE_BITCODE = NO;
+				FRAMEWORK_SEARCH_PATHS = (
+					"$(inherited)",
+					"$(PROJECT_DIR)/PacketProcessor/CocoaAsyncSocket",
+				);
+				GCC_C_LANGUAGE_STANDARD = gnu99;
+				GCC_PREPROCESSOR_DEFINITIONS = (
+					"$(inherited)",
+					BADVPN_BREACTOR_BADVPN,
+					BADVPN_FREEBSD,
+					BADVPN_THREADWORK_USE_PTHREAD,
+					"BADVPN_THREAD_SAFE=1",
+					BADVPN_USE_KEVENT,
+					BADVPN_USE_SYSLOG,
+					BADVPN_BIG_ENDIAN,
+					BADVPN_LIBTSOCKS,
+				);
+				GENERATE_INFOPLIST_FILE = YES;
+				HEADER_SEARCH_PATHS = (
+					"${inherited}",
+					"\"${PROJECT_DIR}/CocoaAsyncSocket/CocoaAsyncSocket.framework/Headers\"",
+				);
+				INFOPLIST_FILE = PacketProcessor/Info.plist;
+				INFOPLIST_KEY_NSPrincipalClass = "";
+				INSTALL_PATH = "$(LOCAL_LIBRARY_DIR)/Frameworks";
+				IPHONEOS_DEPLOYMENT_TARGET = 9.0;
+				LD_RUNPATH_SEARCH_PATHS = (
+					"$(inherited)",
+					"@executable_path/Frameworks",
+					"@loader_path/Frameworks",
+				);
+				MARKETING_VERSION = 1.0;
+				OTHER_LDFLAGS = (
+					"$(inherited)",
+					"-framework",
+					"\"CFNetwork\"",
+					"-framework",
+					"\"CocoaAsyncSocket\"",
+					"-framework",
+					"\"Security\"",
+				);
+				PRODUCT_BUNDLE_IDENTIFIER = org.amnezia.Amnezia.PacketProcessor;
+				PRODUCT_NAME = "$(TARGET_NAME:c99extidentifier)";
+				SKIP_INSTALL = YES;
+				SWIFT_EMIT_LOC_STRINGS = YES;
+				TARGETED_DEVICE_FAMILY = "1,2";
+				USER_HEADER_SEARCH_PATHS = (
+					"${inherited}",
+					"${SRCROOT}/${TARGET_NAME}/tun2socks-iOS",
+					"${SRCROOT}/${TARGET_NAME}/tun2socks-iOS/lwip/src/include",
+					"${SRCROOT}/${TARGET_NAME}/tun2socks-iOS/lwip/custom",
+					"${SRCROOT}/${TARGET_NAME}/tun2socks-iOS/lwip/src/include/ipv4",
+					"${SRCROOT}/${TARGET_NAME}/tun2socks-iOS/lwip/src/include/ipv6",
+				);
+			};
+			name = Release;
+		};
+/* End XCBuildConfiguration section */
+
+/* Begin XCConfigurationList section */
+		19D0CCE3277092B50010B299 /* Build configuration list for PBXProject "PacketProcessor" */ = {
+			isa = XCConfigurationList;
+			buildConfigurations = (
+				19D0CCEE277092B50010B299 /* Debug */,
+				19D0CCEF277092B50010B299 /* Release */,
+			);
+			defaultConfigurationIsVisible = 0;
+			defaultConfigurationName = Release;
+		};
+		19D0CCF0277092B50010B299 /* Build configuration list for PBXNativeTarget "PacketProcessor" */ = {
+			isa = XCConfigurationList;
+			buildConfigurations = (
+				19D0CCF1277092B50010B299 /* Debug */,
+				19D0CCF2277092B50010B299 /* Release */,
+			);
+			defaultConfigurationIsVisible = 0;
+			defaultConfigurationName = Release;
+		};
+/* End XCConfigurationList section */
+	};
+	rootObject = 19D0CCE0277092B50010B299 /* Project object */;
+}
diff --git a/client/3rd/PacketProcessor/PacketProcessor.xcodeproj/project.xcworkspace/contents.xcworkspacedata b/client/3rd/PacketProcessor/PacketProcessor.xcodeproj/project.xcworkspace/contents.xcworkspacedata
new file mode 100644
index 00000000..919434a6
--- /dev/null
+++ b/client/3rd/PacketProcessor/PacketProcessor.xcodeproj/project.xcworkspace/contents.xcworkspacedata
@@ -0,0 +1,7 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<Workspace
+   version = "1.0">
+   <FileRef
+      location = "self:">
+   </FileRef>
+</Workspace>
diff --git a/client/3rd/PacketProcessor/PacketProcessor.xcodeproj/project.xcworkspace/xcshareddata/IDEWorkspaceChecks.plist b/client/3rd/PacketProcessor/PacketProcessor.xcodeproj/project.xcworkspace/xcshareddata/IDEWorkspaceChecks.plist
new file mode 100644
index 00000000..18d98100
--- /dev/null
+++ b/client/3rd/PacketProcessor/PacketProcessor.xcodeproj/project.xcworkspace/xcshareddata/IDEWorkspaceChecks.plist
@@ -0,0 +1,8 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!DOCTYPE plist PUBLIC "-//Apple//DTD PLIST 1.0//EN" "http://www.apple.com/DTDs/PropertyList-1.0.dtd">
+<plist version="1.0">
+<dict>
+	<key>IDEDidComputeMac32BitWarning</key>
+	<true/>
+</dict>
+</plist>
diff --git a/client/3rd/PacketProcessor/PacketProcessor.xcodeproj/project.xcworkspace/xcuserdata/sanchez.xcuserdatad/UserInterfaceState.xcuserstate b/client/3rd/PacketProcessor/PacketProcessor.xcodeproj/project.xcworkspace/xcuserdata/sanchez.xcuserdatad/UserInterfaceState.xcuserstate
new file mode 100644
index 00000000..cdaab9f2
Binary files /dev/null and b/client/3rd/PacketProcessor/PacketProcessor.xcodeproj/project.xcworkspace/xcuserdata/sanchez.xcuserdatad/UserInterfaceState.xcuserstate differ
diff --git a/client/3rd/PacketProcessor/PacketProcessor.xcodeproj/xcuserdata/sanchez.xcuserdatad/xcschemes/xcschememanagement.plist b/client/3rd/PacketProcessor/PacketProcessor.xcodeproj/xcuserdata/sanchez.xcuserdatad/xcschemes/xcschememanagement.plist
new file mode 100644
index 00000000..64a14287
--- /dev/null
+++ b/client/3rd/PacketProcessor/PacketProcessor.xcodeproj/xcuserdata/sanchez.xcuserdatad/xcschemes/xcschememanagement.plist
@@ -0,0 +1,14 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!DOCTYPE plist PUBLIC "-//Apple//DTD PLIST 1.0//EN" "http://www.apple.com/DTDs/PropertyList-1.0.dtd">
+<plist version="1.0">
+<dict>
+	<key>SchemeUserState</key>
+	<dict>
+		<key>PacketProcessor.xcscheme_^#shared#^_</key>
+		<dict>
+			<key>orderHint</key>
+			<integer>0</integer>
+		</dict>
+	</dict>
+</dict>
+</plist>
diff --git a/client/3rd/PacketProcessor/PacketProcessor/CocoaAsyncSocket/CocoaAsyncSocket.framework/CocoaAsyncSocket b/client/3rd/PacketProcessor/PacketProcessor/CocoaAsyncSocket/CocoaAsyncSocket.framework/CocoaAsyncSocket
new file mode 100755
index 00000000..1ed5a5d0
Binary files /dev/null and b/client/3rd/PacketProcessor/PacketProcessor/CocoaAsyncSocket/CocoaAsyncSocket.framework/CocoaAsyncSocket differ
diff --git a/client/3rd/PacketProcessor/PacketProcessor/CocoaAsyncSocket/CocoaAsyncSocket.framework/Headers/CocoaAsyncSocket.h b/client/3rd/PacketProcessor/PacketProcessor/CocoaAsyncSocket/CocoaAsyncSocket.framework/Headers/CocoaAsyncSocket.h
new file mode 100644
index 00000000..c4e5ee8f
--- /dev/null
+++ b/client/3rd/PacketProcessor/PacketProcessor/CocoaAsyncSocket/CocoaAsyncSocket.framework/Headers/CocoaAsyncSocket.h
@@ -0,0 +1,18 @@
+//
+//  CocoaAsyncSocket.h
+//  CocoaAsyncSocket
+//
+//  Created by Derek Clarkson on 10/08/2015.
+//  CocoaAsyncSocket project is in the public domain.
+//
+
+#import <Foundation/Foundation.h>
+
+//! Project version number for CocoaAsyncSocket.
+FOUNDATION_EXPORT double cocoaAsyncSocketVersionNumber;
+
+//! Project version string for CocoaAsyncSocket.
+FOUNDATION_EXPORT const unsigned char cocoaAsyncSocketVersionString[];
+
+#import <CocoaAsyncSocket/GCDAsyncSocket.h>
+#import <CocoaAsyncSocket/GCDAsyncUdpSocket.h>
diff --git a/client/3rd/PacketProcessor/PacketProcessor/CocoaAsyncSocket/CocoaAsyncSocket.framework/Headers/GCDAsyncSocket.h b/client/3rd/PacketProcessor/PacketProcessor/CocoaAsyncSocket/CocoaAsyncSocket.framework/Headers/GCDAsyncSocket.h
new file mode 100644
index 00000000..c339f8ab
--- /dev/null
+++ b/client/3rd/PacketProcessor/PacketProcessor/CocoaAsyncSocket/CocoaAsyncSocket.framework/Headers/GCDAsyncSocket.h
@@ -0,0 +1,1226 @@
+//  
+//  GCDAsyncSocket.h
+//  
+//  This class is in the public domain.
+//  Originally created by Robbie Hanson in Q3 2010.
+//  Updated and maintained by Deusty LLC and the Apple development community.
+//  
+//  https://github.com/robbiehanson/CocoaAsyncSocket
+//
+
+#import <Foundation/Foundation.h>
+#import <Security/Security.h>
+#import <Security/SecureTransport.h>
+#import <dispatch/dispatch.h>
+#import <Availability.h>
+
+#include <sys/socket.h> // AF_INET, AF_INET6
+
+@class GCDAsyncReadPacket;
+@class GCDAsyncWritePacket;
+@class GCDAsyncSocketPreBuffer;
+@protocol GCDAsyncSocketDelegate;
+
+NS_ASSUME_NONNULL_BEGIN
+
+extern NSString *const GCDAsyncSocketException;
+extern NSString *const GCDAsyncSocketErrorDomain;
+
+extern NSString *const GCDAsyncSocketQueueName;
+extern NSString *const GCDAsyncSocketThreadName;
+
+extern NSString *const GCDAsyncSocketManuallyEvaluateTrust;
+#if TARGET_OS_IPHONE
+extern NSString *const GCDAsyncSocketUseCFStreamForTLS;
+#endif
+#define GCDAsyncSocketSSLPeerName     (NSString *)kCFStreamSSLPeerName
+#define GCDAsyncSocketSSLCertificates (NSString *)kCFStreamSSLCertificates
+#define GCDAsyncSocketSSLIsServer     (NSString *)kCFStreamSSLIsServer
+extern NSString *const GCDAsyncSocketSSLPeerID;
+extern NSString *const GCDAsyncSocketSSLProtocolVersionMin;
+extern NSString *const GCDAsyncSocketSSLProtocolVersionMax;
+extern NSString *const GCDAsyncSocketSSLSessionOptionFalseStart;
+extern NSString *const GCDAsyncSocketSSLSessionOptionSendOneByteRecord;
+extern NSString *const GCDAsyncSocketSSLCipherSuites;
+extern NSString *const GCDAsyncSocketSSLALPN;
+#if !TARGET_OS_IPHONE
+extern NSString *const GCDAsyncSocketSSLDiffieHellmanParameters;
+#endif
+
+#define GCDAsyncSocketLoggingContext 65535
+
+
+typedef NS_ERROR_ENUM(GCDAsyncSocketErrorDomain, GCDAsyncSocketError) {
+	GCDAsyncSocketNoError = 0,           // Never used
+	GCDAsyncSocketBadConfigError,        // Invalid configuration
+	GCDAsyncSocketBadParamError,         // Invalid parameter was passed
+	GCDAsyncSocketConnectTimeoutError,   // A connect operation timed out
+	GCDAsyncSocketReadTimeoutError,      // A read operation timed out
+	GCDAsyncSocketWriteTimeoutError,     // A write operation timed out
+	GCDAsyncSocketReadMaxedOutError,     // Reached set maxLength without completing
+	GCDAsyncSocketClosedError,           // The remote peer closed the connection
+	GCDAsyncSocketOtherError,            // Description provided in userInfo
+};
+
+////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////
+#pragma mark -
+////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////
+
+
+@interface GCDAsyncSocket : NSObject
+
+/**
+ * GCDAsyncSocket uses the standard delegate paradigm,
+ * but executes all delegate callbacks on a given delegate dispatch queue.
+ * This allows for maximum concurrency, while at the same time providing easy thread safety.
+ * 
+ * You MUST set a delegate AND delegate dispatch queue before attempting to
+ * use the socket, or you will get an error.
+ * 
+ * The socket queue is optional.
+ * If you pass NULL, GCDAsyncSocket will automatically create it's own socket queue.
+ * If you choose to provide a socket queue, the socket queue must not be a concurrent queue.
+ * If you choose to provide a socket queue, and the socket queue has a configured target queue,
+ * then please see the discussion for the method markSocketQueueTargetQueue.
+ * 
+ * The delegate queue and socket queue can optionally be the same.
+**/
+- (instancetype)init;
+- (instancetype)initWithSocketQueue:(nullable dispatch_queue_t)sq;
+- (instancetype)initWithDelegate:(nullable id<GCDAsyncSocketDelegate>)aDelegate delegateQueue:(nullable dispatch_queue_t)dq;
+- (instancetype)initWithDelegate:(nullable id<GCDAsyncSocketDelegate>)aDelegate delegateQueue:(nullable dispatch_queue_t)dq socketQueue:(nullable dispatch_queue_t)sq NS_DESIGNATED_INITIALIZER;
+
+/**
+ * Create GCDAsyncSocket from already connect BSD socket file descriptor
+**/
++ (nullable instancetype)socketFromConnectedSocketFD:(int)socketFD socketQueue:(nullable dispatch_queue_t)sq error:(NSError**)error;
+
++ (nullable instancetype)socketFromConnectedSocketFD:(int)socketFD delegate:(nullable id<GCDAsyncSocketDelegate>)aDelegate delegateQueue:(nullable dispatch_queue_t)dq error:(NSError**)error;
+
++ (nullable instancetype)socketFromConnectedSocketFD:(int)socketFD delegate:(nullable id<GCDAsyncSocketDelegate>)aDelegate delegateQueue:(nullable dispatch_queue_t)dq socketQueue:(nullable dispatch_queue_t)sq error:(NSError **)error;
+
+#pragma mark Configuration
+
+@property (atomic, weak, readwrite, nullable) id<GCDAsyncSocketDelegate> delegate;
+#if OS_OBJECT_USE_OBJC
+@property (atomic, strong, readwrite, nullable) dispatch_queue_t delegateQueue;
+#else
+@property (atomic, assign, readwrite, nullable) dispatch_queue_t delegateQueue;
+#endif
+
+- (void)getDelegate:(id<GCDAsyncSocketDelegate> __nullable * __nullable)delegatePtr delegateQueue:(dispatch_queue_t __nullable * __nullable)delegateQueuePtr;
+- (void)setDelegate:(nullable id<GCDAsyncSocketDelegate>)delegate delegateQueue:(nullable dispatch_queue_t)delegateQueue;
+
+/**
+ * If you are setting the delegate to nil within the delegate's dealloc method,
+ * you may need to use the synchronous versions below.
+**/
+- (void)synchronouslySetDelegate:(nullable id<GCDAsyncSocketDelegate>)delegate;
+- (void)synchronouslySetDelegateQueue:(nullable dispatch_queue_t)delegateQueue;
+- (void)synchronouslySetDelegate:(nullable id<GCDAsyncSocketDelegate>)delegate delegateQueue:(nullable dispatch_queue_t)delegateQueue;
+
+/**
+ * By default, both IPv4 and IPv6 are enabled.
+ * 
+ * For accepting incoming connections, this means GCDAsyncSocket automatically supports both protocols,
+ * and can simulataneously accept incoming connections on either protocol.
+ * 
+ * For outgoing connections, this means GCDAsyncSocket can connect to remote hosts running either protocol.
+ * If a DNS lookup returns only IPv4 results, GCDAsyncSocket will automatically use IPv4.
+ * If a DNS lookup returns only IPv6 results, GCDAsyncSocket will automatically use IPv6.
+ * If a DNS lookup returns both IPv4 and IPv6 results, the preferred protocol will be chosen.
+ * By default, the preferred protocol is IPv4, but may be configured as desired.
+**/
+
+@property (atomic, assign, readwrite, getter=isIPv4Enabled) BOOL IPv4Enabled;
+@property (atomic, assign, readwrite, getter=isIPv6Enabled) BOOL IPv6Enabled;
+
+@property (atomic, assign, readwrite, getter=isIPv4PreferredOverIPv6) BOOL IPv4PreferredOverIPv6;
+
+/** 
+ * When connecting to both IPv4 and IPv6 using Happy Eyeballs (RFC 6555) https://tools.ietf.org/html/rfc6555
+ * this is the delay between connecting to the preferred protocol and the fallback protocol.
+ *
+ * Defaults to 300ms.
+**/
+@property (atomic, assign, readwrite) NSTimeInterval alternateAddressDelay;
+
+/**
+ * User data allows you to associate arbitrary information with the socket.
+ * This data is not used internally by socket in any way.
+**/
+@property (atomic, strong, readwrite, nullable) id userData;
+
+#pragma mark Accepting
+
+/**
+ * Tells the socket to begin listening and accepting connections on the given port.
+ * When a connection is accepted, a new instance of GCDAsyncSocket will be spawned to handle it,
+ * and the socket:didAcceptNewSocket: delegate method will be invoked.
+ * 
+ * The socket will listen on all available interfaces (e.g. wifi, ethernet, etc)
+**/
+- (BOOL)acceptOnPort:(uint16_t)port error:(NSError **)errPtr;
+
+/**
+ * This method is the same as acceptOnPort:error: with the
+ * additional option of specifying which interface to listen on.
+ * 
+ * For example, you could specify that the socket should only accept connections over ethernet,
+ * and not other interfaces such as wifi.
+ * 
+ * The interface may be specified by name (e.g. "en1" or "lo0") or by IP address (e.g. "192.168.4.34").
+ * You may also use the special strings "localhost" or "loopback" to specify that
+ * the socket only accept connections from the local machine.
+ * 
+ * You can see the list of interfaces via the command line utility "ifconfig",
+ * or programmatically via the getifaddrs() function.
+ * 
+ * To accept connections on any interface pass nil, or simply use the acceptOnPort:error: method.
+**/
+- (BOOL)acceptOnInterface:(nullable NSString *)interface port:(uint16_t)port error:(NSError **)errPtr;
+
+/**
+ * Tells the socket to begin listening and accepting connections on the unix domain at the given url.
+ * When a connection is accepted, a new instance of GCDAsyncSocket will be spawned to handle it,
+ * and the socket:didAcceptNewSocket: delegate method will be invoked.
+ *
+ * The socket will listen on all available interfaces (e.g. wifi, ethernet, etc)
+ **/
+- (BOOL)acceptOnUrl:(NSURL *)url error:(NSError **)errPtr;
+
+#pragma mark Connecting
+
+/**
+ * Connects to the given host and port.
+ * 
+ * This method invokes connectToHost:onPort:viaInterface:withTimeout:error:
+ * and uses the default interface, and no timeout.
+**/
+- (BOOL)connectToHost:(NSString *)host onPort:(uint16_t)port error:(NSError **)errPtr;
+
+/**
+ * Connects to the given host and port with an optional timeout.
+ * 
+ * This method invokes connectToHost:onPort:viaInterface:withTimeout:error: and uses the default interface.
+**/
+- (BOOL)connectToHost:(NSString *)host
+               onPort:(uint16_t)port
+          withTimeout:(NSTimeInterval)timeout
+                error:(NSError **)errPtr;
+
+/**
+ * Connects to the given host & port, via the optional interface, with an optional timeout.
+ * 
+ * The host may be a domain name (e.g. "deusty.com") or an IP address string (e.g. "192.168.0.2").
+ * The host may also be the special strings "localhost" or "loopback" to specify connecting
+ * to a service on the local machine.
+ * 
+ * The interface may be a name (e.g. "en1" or "lo0") or the corresponding IP address (e.g. "192.168.4.35").
+ * The interface may also be used to specify the local port (see below).
+ * 
+ * To not time out use a negative time interval.
+ * 
+ * This method will return NO if an error is detected, and set the error pointer (if one was given).
+ * Possible errors would be a nil host, invalid interface, or socket is already connected.
+ * 
+ * If no errors are detected, this method will start a background connect operation and immediately return YES.
+ * The delegate callbacks are used to notify you when the socket connects, or if the host was unreachable.
+ * 
+ * Since this class supports queued reads and writes, you can immediately start reading and/or writing.
+ * All read/write operations will be queued, and upon socket connection,
+ * the operations will be dequeued and processed in order.
+ * 
+ * The interface may optionally contain a port number at the end of the string, separated by a colon.
+ * This allows you to specify the local port that should be used for the outgoing connection. (read paragraph to end)
+ * To specify both interface and local port: "en1:8082" or "192.168.4.35:2424".
+ * To specify only local port: ":8082".
+ * Please note this is an advanced feature, and is somewhat hidden on purpose.
+ * You should understand that 99.999% of the time you should NOT specify the local port for an outgoing connection.
+ * If you think you need to, there is a very good chance you have a fundamental misunderstanding somewhere.
+ * Local ports do NOT need to match remote ports. In fact, they almost never do.
+ * This feature is here for networking professionals using very advanced techniques.
+**/
+- (BOOL)connectToHost:(NSString *)host
+               onPort:(uint16_t)port
+         viaInterface:(nullable NSString *)interface
+          withTimeout:(NSTimeInterval)timeout
+                error:(NSError **)errPtr;
+
+/**
+ * Connects to the given address, specified as a sockaddr structure wrapped in a NSData object.
+ * For example, a NSData object returned from NSNetService's addresses method.
+ * 
+ * If you have an existing struct sockaddr you can convert it to a NSData object like so:
+ * struct sockaddr sa  -> NSData *dsa = [NSData dataWithBytes:&remoteAddr length:remoteAddr.sa_len];
+ * struct sockaddr *sa -> NSData *dsa = [NSData dataWithBytes:remoteAddr length:remoteAddr->sa_len];
+ * 
+ * This method invokes connectToAddress:remoteAddr viaInterface:nil withTimeout:-1 error:errPtr.
+**/
+- (BOOL)connectToAddress:(NSData *)remoteAddr error:(NSError **)errPtr;
+
+/**
+ * This method is the same as connectToAddress:error: with an additional timeout option.
+ * To not time out use a negative time interval, or simply use the connectToAddress:error: method.
+**/
+- (BOOL)connectToAddress:(NSData *)remoteAddr withTimeout:(NSTimeInterval)timeout error:(NSError **)errPtr;
+
+/**
+ * Connects to the given address, using the specified interface and timeout.
+ * 
+ * The address is specified as a sockaddr structure wrapped in a NSData object.
+ * For example, a NSData object returned from NSNetService's addresses method.
+ * 
+ * If you have an existing struct sockaddr you can convert it to a NSData object like so:
+ * struct sockaddr sa  -> NSData *dsa = [NSData dataWithBytes:&remoteAddr length:remoteAddr.sa_len];
+ * struct sockaddr *sa -> NSData *dsa = [NSData dataWithBytes:remoteAddr length:remoteAddr->sa_len];
+ * 
+ * The interface may be a name (e.g. "en1" or "lo0") or the corresponding IP address (e.g. "192.168.4.35").
+ * The interface may also be used to specify the local port (see below).
+ * 
+ * The timeout is optional. To not time out use a negative time interval.
+ * 
+ * This method will return NO if an error is detected, and set the error pointer (if one was given).
+ * Possible errors would be a nil host, invalid interface, or socket is already connected.
+ * 
+ * If no errors are detected, this method will start a background connect operation and immediately return YES.
+ * The delegate callbacks are used to notify you when the socket connects, or if the host was unreachable.
+ * 
+ * Since this class supports queued reads and writes, you can immediately start reading and/or writing.
+ * All read/write operations will be queued, and upon socket connection,
+ * the operations will be dequeued and processed in order.
+ * 
+ * The interface may optionally contain a port number at the end of the string, separated by a colon.
+ * This allows you to specify the local port that should be used for the outgoing connection. (read paragraph to end)
+ * To specify both interface and local port: "en1:8082" or "192.168.4.35:2424".
+ * To specify only local port: ":8082".
+ * Please note this is an advanced feature, and is somewhat hidden on purpose.
+ * You should understand that 99.999% of the time you should NOT specify the local port for an outgoing connection.
+ * If you think you need to, there is a very good chance you have a fundamental misunderstanding somewhere.
+ * Local ports do NOT need to match remote ports. In fact, they almost never do.
+ * This feature is here for networking professionals using very advanced techniques.
+**/
+- (BOOL)connectToAddress:(NSData *)remoteAddr
+            viaInterface:(nullable NSString *)interface
+             withTimeout:(NSTimeInterval)timeout
+                   error:(NSError **)errPtr;
+/**
+ * Connects to the unix domain socket at the given url, using the specified timeout.
+ */
+- (BOOL)connectToUrl:(NSURL *)url withTimeout:(NSTimeInterval)timeout error:(NSError **)errPtr;
+
+/**
+ * Iterates over the given NetService's addresses in order, and invokes connectToAddress:error:. Stops at the
+ * first invocation that succeeds and returns YES; otherwise returns NO.
+ */
+- (BOOL)connectToNetService:(NSNetService *)netService error:(NSError **)errPtr;
+
+#pragma mark Disconnecting
+
+/**
+ * Disconnects immediately (synchronously). Any pending reads or writes are dropped.
+ * 
+ * If the socket is not already disconnected, an invocation to the socketDidDisconnect:withError: delegate method
+ * will be queued onto the delegateQueue asynchronously (behind any previously queued delegate methods).
+ * In other words, the disconnected delegate method will be invoked sometime shortly after this method returns.
+ * 
+ * Please note the recommended way of releasing a GCDAsyncSocket instance (e.g. in a dealloc method)
+ * [asyncSocket setDelegate:nil];
+ * [asyncSocket disconnect];
+ * [asyncSocket release];
+ * 
+ * If you plan on disconnecting the socket, and then immediately asking it to connect again,
+ * you'll likely want to do so like this:
+ * [asyncSocket setDelegate:nil];
+ * [asyncSocket disconnect];
+ * [asyncSocket setDelegate:self];
+ * [asyncSocket connect...];
+**/
+- (void)disconnect;
+
+/**
+ * Disconnects after all pending reads have completed.
+ * After calling this, the read and write methods will do nothing.
+ * The socket will disconnect even if there are still pending writes.
+**/
+- (void)disconnectAfterReading;
+
+/**
+ * Disconnects after all pending writes have completed.
+ * After calling this, the read and write methods will do nothing.
+ * The socket will disconnect even if there are still pending reads.
+**/
+- (void)disconnectAfterWriting;
+
+/**
+ * Disconnects after all pending reads and writes have completed.
+ * After calling this, the read and write methods will do nothing.
+**/
+- (void)disconnectAfterReadingAndWriting;
+
+#pragma mark Diagnostics
+
+/**
+ * Returns whether the socket is disconnected or connected.
+ * 
+ * A disconnected socket may be recycled.
+ * That is, it can be used again for connecting or listening.
+ * 
+ * If a socket is in the process of connecting, it may be neither disconnected nor connected.
+**/
+@property (atomic, readonly) BOOL isDisconnected;
+@property (atomic, readonly) BOOL isConnected;
+
+/**
+ * Returns the local or remote host and port to which this socket is connected, or nil and 0 if not connected.
+ * The host will be an IP address.
+**/
+@property (atomic, readonly, nullable) NSString *connectedHost;
+@property (atomic, readonly) uint16_t  connectedPort;
+@property (atomic, readonly, nullable) NSURL    *connectedUrl;
+
+@property (atomic, readonly, nullable) NSString *localHost;
+@property (atomic, readonly) uint16_t  localPort;
+
+/**
+ * Returns the local or remote address to which this socket is connected,
+ * specified as a sockaddr structure wrapped in a NSData object.
+ * 
+ * @seealso connectedHost
+ * @seealso connectedPort
+ * @seealso localHost
+ * @seealso localPort
+**/
+@property (atomic, readonly, nullable) NSData *connectedAddress;
+@property (atomic, readonly, nullable) NSData *localAddress;
+
+/**
+ * Returns whether the socket is IPv4 or IPv6.
+ * An accepting socket may be both.
+**/
+@property (atomic, readonly) BOOL isIPv4;
+@property (atomic, readonly) BOOL isIPv6;
+
+/**
+ * Returns whether or not the socket has been secured via SSL/TLS.
+ * 
+ * See also the startTLS method.
+**/
+@property (atomic, readonly) BOOL isSecure;
+
+#pragma mark Reading
+
+// The readData and writeData methods won't block (they are asynchronous).
+// 
+// When a read is complete the socket:didReadData:withTag: delegate method is dispatched on the delegateQueue.
+// When a write is complete the socket:didWriteDataWithTag: delegate method is dispatched on the delegateQueue.
+// 
+// You may optionally set a timeout for any read/write operation. (To not timeout, use a negative time interval.)
+// If a read/write opertion times out, the corresponding "socket:shouldTimeout..." delegate method
+// is called to optionally allow you to extend the timeout.
+// Upon a timeout, the "socket:didDisconnectWithError:" method is called
+// 
+// The tag is for your convenience.
+// You can use it as an array index, step number, state id, pointer, etc.
+
+/**
+ * Reads the first available bytes that become available on the socket.
+ * 
+ * If the timeout value is negative, the read operation will not use a timeout.
+**/
+- (void)readDataWithTimeout:(NSTimeInterval)timeout tag:(long)tag;
+
+/**
+ * Reads the first available bytes that become available on the socket.
+ * The bytes will be appended to the given byte buffer starting at the given offset.
+ * The given buffer will automatically be increased in size if needed.
+ * 
+ * If the timeout value is negative, the read operation will not use a timeout.
+ * If the buffer is nil, the socket will create a buffer for you.
+ * 
+ * If the bufferOffset is greater than the length of the given buffer,
+ * the method will do nothing, and the delegate will not be called.
+ * 
+ * If you pass a buffer, you must not alter it in any way while the socket is using it.
+ * After completion, the data returned in socket:didReadData:withTag: will be a subset of the given buffer.
+ * That is, it will reference the bytes that were appended to the given buffer via
+ * the method [NSData dataWithBytesNoCopy:length:freeWhenDone:NO].
+**/
+- (void)readDataWithTimeout:(NSTimeInterval)timeout
+					 buffer:(nullable NSMutableData *)buffer
+			   bufferOffset:(NSUInteger)offset
+						tag:(long)tag;
+
+/**
+ * Reads the first available bytes that become available on the socket.
+ * The bytes will be appended to the given byte buffer starting at the given offset.
+ * The given buffer will automatically be increased in size if needed.
+ * A maximum of length bytes will be read.
+ * 
+ * If the timeout value is negative, the read operation will not use a timeout.
+ * If the buffer is nil, a buffer will automatically be created for you.
+ * If maxLength is zero, no length restriction is enforced.
+ * 
+ * If the bufferOffset is greater than the length of the given buffer,
+ * the method will do nothing, and the delegate will not be called.
+ * 
+ * If you pass a buffer, you must not alter it in any way while the socket is using it.
+ * After completion, the data returned in socket:didReadData:withTag: will be a subset of the given buffer.
+ * That is, it will reference the bytes that were appended to the given buffer  via
+ * the method [NSData dataWithBytesNoCopy:length:freeWhenDone:NO].
+**/
+- (void)readDataWithTimeout:(NSTimeInterval)timeout
+                     buffer:(nullable NSMutableData *)buffer
+               bufferOffset:(NSUInteger)offset
+                  maxLength:(NSUInteger)length
+                        tag:(long)tag;
+
+/**
+ * Reads the given number of bytes.
+ * 
+ * If the timeout value is negative, the read operation will not use a timeout.
+ * 
+ * If the length is 0, this method does nothing and the delegate is not called.
+**/
+- (void)readDataToLength:(NSUInteger)length withTimeout:(NSTimeInterval)timeout tag:(long)tag;
+
+/**
+ * Reads the given number of bytes.
+ * The bytes will be appended to the given byte buffer starting at the given offset.
+ * The given buffer will automatically be increased in size if needed.
+ * 
+ * If the timeout value is negative, the read operation will not use a timeout.
+ * If the buffer is nil, a buffer will automatically be created for you.
+ * 
+ * If the length is 0, this method does nothing and the delegate is not called.
+ * If the bufferOffset is greater than the length of the given buffer,
+ * the method will do nothing, and the delegate will not be called.
+ * 
+ * If you pass a buffer, you must not alter it in any way while AsyncSocket is using it.
+ * After completion, the data returned in socket:didReadData:withTag: will be a subset of the given buffer.
+ * That is, it will reference the bytes that were appended to the given buffer via
+ * the method [NSData dataWithBytesNoCopy:length:freeWhenDone:NO].
+**/
+- (void)readDataToLength:(NSUInteger)length
+             withTimeout:(NSTimeInterval)timeout
+                  buffer:(nullable NSMutableData *)buffer
+            bufferOffset:(NSUInteger)offset
+                     tag:(long)tag;
+
+/**
+ * Reads bytes until (and including) the passed "data" parameter, which acts as a separator.
+ * 
+ * If the timeout value is negative, the read operation will not use a timeout.
+ * 
+ * If you pass nil or zero-length data as the "data" parameter,
+ * the method will do nothing (except maybe print a warning), and the delegate will not be called.
+ * 
+ * To read a line from the socket, use the line separator (e.g. CRLF for HTTP, see below) as the "data" parameter.
+ * If you're developing your own custom protocol, be sure your separator can not occur naturally as
+ * part of the data between separators.
+ * For example, imagine you want to send several small documents over a socket.
+ * Using CRLF as a separator is likely unwise, as a CRLF could easily exist within the documents.
+ * In this particular example, it would be better to use a protocol similar to HTTP with
+ * a header that includes the length of the document.
+ * Also be careful that your separator cannot occur naturally as part of the encoding for a character.
+ * 
+ * The given data (separator) parameter should be immutable.
+ * For performance reasons, the socket will retain it, not copy it.
+ * So if it is immutable, don't modify it while the socket is using it.
+**/
+- (void)readDataToData:(nullable NSData *)data withTimeout:(NSTimeInterval)timeout tag:(long)tag;
+
+/**
+ * Reads bytes until (and including) the passed "data" parameter, which acts as a separator.
+ * The bytes will be appended to the given byte buffer starting at the given offset.
+ * The given buffer will automatically be increased in size if needed.
+ * 
+ * If the timeout value is negative, the read operation will not use a timeout.
+ * If the buffer is nil, a buffer will automatically be created for you.
+ * 
+ * If the bufferOffset is greater than the length of the given buffer,
+ * the method will do nothing (except maybe print a warning), and the delegate will not be called.
+ * 
+ * If you pass a buffer, you must not alter it in any way while the socket is using it.
+ * After completion, the data returned in socket:didReadData:withTag: will be a subset of the given buffer.
+ * That is, it will reference the bytes that were appended to the given buffer via
+ * the method [NSData dataWithBytesNoCopy:length:freeWhenDone:NO].
+ * 
+ * To read a line from the socket, use the line separator (e.g. CRLF for HTTP, see below) as the "data" parameter.
+ * If you're developing your own custom protocol, be sure your separator can not occur naturally as
+ * part of the data between separators.
+ * For example, imagine you want to send several small documents over a socket.
+ * Using CRLF as a separator is likely unwise, as a CRLF could easily exist within the documents.
+ * In this particular example, it would be better to use a protocol similar to HTTP with
+ * a header that includes the length of the document.
+ * Also be careful that your separator cannot occur naturally as part of the encoding for a character.
+ * 
+ * The given data (separator) parameter should be immutable.
+ * For performance reasons, the socket will retain it, not copy it.
+ * So if it is immutable, don't modify it while the socket is using it.
+**/
+- (void)readDataToData:(NSData *)data
+           withTimeout:(NSTimeInterval)timeout
+                buffer:(nullable NSMutableData *)buffer
+          bufferOffset:(NSUInteger)offset
+                   tag:(long)tag;
+
+/**
+ * Reads bytes until (and including) the passed "data" parameter, which acts as a separator.
+ * 
+ * If the timeout value is negative, the read operation will not use a timeout.
+ * 
+ * If maxLength is zero, no length restriction is enforced.
+ * Otherwise if maxLength bytes are read without completing the read,
+ * it is treated similarly to a timeout - the socket is closed with a GCDAsyncSocketReadMaxedOutError.
+ * The read will complete successfully if exactly maxLength bytes are read and the given data is found at the end.
+ * 
+ * If you pass nil or zero-length data as the "data" parameter,
+ * the method will do nothing (except maybe print a warning), and the delegate will not be called.
+ * If you pass a maxLength parameter that is less than the length of the data parameter,
+ * the method will do nothing (except maybe print a warning), and the delegate will not be called.
+ * 
+ * To read a line from the socket, use the line separator (e.g. CRLF for HTTP, see below) as the "data" parameter.
+ * If you're developing your own custom protocol, be sure your separator can not occur naturally as
+ * part of the data between separators.
+ * For example, imagine you want to send several small documents over a socket.
+ * Using CRLF as a separator is likely unwise, as a CRLF could easily exist within the documents.
+ * In this particular example, it would be better to use a protocol similar to HTTP with
+ * a header that includes the length of the document.
+ * Also be careful that your separator cannot occur naturally as part of the encoding for a character.
+ * 
+ * The given data (separator) parameter should be immutable.
+ * For performance reasons, the socket will retain it, not copy it.
+ * So if it is immutable, don't modify it while the socket is using it.
+**/
+- (void)readDataToData:(NSData *)data withTimeout:(NSTimeInterval)timeout maxLength:(NSUInteger)length tag:(long)tag;
+
+/**
+ * Reads bytes until (and including) the passed "data" parameter, which acts as a separator.
+ * The bytes will be appended to the given byte buffer starting at the given offset.
+ * The given buffer will automatically be increased in size if needed.
+ * 
+ * If the timeout value is negative, the read operation will not use a timeout.
+ * If the buffer is nil, a buffer will automatically be created for you.
+ * 
+ * If maxLength is zero, no length restriction is enforced.
+ * Otherwise if maxLength bytes are read without completing the read,
+ * it is treated similarly to a timeout - the socket is closed with a GCDAsyncSocketReadMaxedOutError.
+ * The read will complete successfully if exactly maxLength bytes are read and the given data is found at the end.
+ * 
+ * If you pass a maxLength parameter that is less than the length of the data (separator) parameter,
+ * the method will do nothing (except maybe print a warning), and the delegate will not be called.
+ * If the bufferOffset is greater than the length of the given buffer,
+ * the method will do nothing (except maybe print a warning), and the delegate will not be called.
+ * 
+ * If you pass a buffer, you must not alter it in any way while the socket is using it.
+ * After completion, the data returned in socket:didReadData:withTag: will be a subset of the given buffer.
+ * That is, it will reference the bytes that were appended to the given buffer via
+ * the method [NSData dataWithBytesNoCopy:length:freeWhenDone:NO].
+ * 
+ * To read a line from the socket, use the line separator (e.g. CRLF for HTTP, see below) as the "data" parameter.
+ * If you're developing your own custom protocol, be sure your separator can not occur naturally as
+ * part of the data between separators.
+ * For example, imagine you want to send several small documents over a socket.
+ * Using CRLF as a separator is likely unwise, as a CRLF could easily exist within the documents.
+ * In this particular example, it would be better to use a protocol similar to HTTP with
+ * a header that includes the length of the document.
+ * Also be careful that your separator cannot occur naturally as part of the encoding for a character.
+ * 
+ * The given data (separator) parameter should be immutable.
+ * For performance reasons, the socket will retain it, not copy it.
+ * So if it is immutable, don't modify it while the socket is using it.
+**/
+- (void)readDataToData:(NSData *)data
+           withTimeout:(NSTimeInterval)timeout
+                buffer:(nullable NSMutableData *)buffer
+          bufferOffset:(NSUInteger)offset
+             maxLength:(NSUInteger)length
+                   tag:(long)tag;
+
+/**
+ * Returns progress of the current read, from 0.0 to 1.0, or NaN if no current read (use isnan() to check).
+ * The parameters "tag", "done" and "total" will be filled in if they aren't NULL.
+**/
+- (float)progressOfReadReturningTag:(nullable long *)tagPtr bytesDone:(nullable NSUInteger *)donePtr total:(nullable NSUInteger *)totalPtr;
+
+#pragma mark Writing
+
+/**
+ * Writes data to the socket, and calls the delegate when finished.
+ * 
+ * If you pass in nil or zero-length data, this method does nothing and the delegate will not be called.
+ * If the timeout value is negative, the write operation will not use a timeout.
+ * 
+ * Thread-Safety Note:
+ * If the given data parameter is mutable (NSMutableData) then you MUST NOT alter the data while
+ * the socket is writing it. In other words, it's not safe to alter the data until after the delegate method
+ * socket:didWriteDataWithTag: is invoked signifying that this particular write operation has completed.
+ * This is due to the fact that GCDAsyncSocket does NOT copy the data. It simply retains it.
+ * This is for performance reasons. Often times, if NSMutableData is passed, it is because
+ * a request/response was built up in memory. Copying this data adds an unwanted/unneeded overhead.
+ * If you need to write data from an immutable buffer, and you need to alter the buffer before the socket
+ * completes writing the bytes (which is NOT immediately after this method returns, but rather at a later time
+ * when the delegate method notifies you), then you should first copy the bytes, and pass the copy to this method.
+**/
+- (void)writeData:(nullable NSData *)data withTimeout:(NSTimeInterval)timeout tag:(long)tag;
+
+/**
+ * Returns progress of the current write, from 0.0 to 1.0, or NaN if no current write (use isnan() to check).
+ * The parameters "tag", "done" and "total" will be filled in if they aren't NULL.
+**/
+- (float)progressOfWriteReturningTag:(nullable long *)tagPtr bytesDone:(nullable NSUInteger *)donePtr total:(nullable NSUInteger *)totalPtr;
+
+#pragma mark Security
+
+/**
+ * Secures the connection using SSL/TLS.
+ * 
+ * This method may be called at any time, and the TLS handshake will occur after all pending reads and writes
+ * are finished. This allows one the option of sending a protocol dependent StartTLS message, and queuing
+ * the upgrade to TLS at the same time, without having to wait for the write to finish.
+ * Any reads or writes scheduled after this method is called will occur over the secured connection.
+ *
+ * ==== The available TOP-LEVEL KEYS are:
+ * 
+ * - GCDAsyncSocketManuallyEvaluateTrust
+ *     The value must be of type NSNumber, encapsulating a BOOL value.
+ *     If you set this to YES, then the underlying SecureTransport system will not evaluate the SecTrustRef of the peer.
+ *     Instead it will pause at the moment evaulation would typically occur,
+ *     and allow us to handle the security evaluation however we see fit.
+ *     So GCDAsyncSocket will invoke the delegate method socket:shouldTrustPeer: passing the SecTrustRef.
+ *
+ *     Note that if you set this option, then all other configuration keys are ignored.
+ *     Evaluation will be completely up to you during the socket:didReceiveTrust:completionHandler: delegate method.
+ *
+ *     For more information on trust evaluation see:
+ *     Apple's Technical Note TN2232 - HTTPS Server Trust Evaluation
+ *     https://developer.apple.com/library/ios/technotes/tn2232/_index.html
+ *     
+ *     If unspecified, the default value is NO.
+ *
+ * - GCDAsyncSocketUseCFStreamForTLS (iOS only)
+ *     The value must be of type NSNumber, encapsulating a BOOL value.
+ *     By default GCDAsyncSocket will use the SecureTransport layer to perform encryption.
+ *     This gives us more control over the security protocol (many more configuration options),
+ *     plus it allows us to optimize things like sys calls and buffer allocation.
+ *     
+ *     However, if you absolutely must, you can instruct GCDAsyncSocket to use the old-fashioned encryption
+ *     technique by going through the CFStream instead. So instead of using SecureTransport, GCDAsyncSocket
+ *     will instead setup a CFRead/CFWriteStream. And then set the kCFStreamPropertySSLSettings property
+ *     (via CFReadStreamSetProperty / CFWriteStreamSetProperty) and will pass the given options to this method.
+ *     
+ *     Thus all the other keys in the given dictionary will be ignored by GCDAsyncSocket,
+ *     and will passed directly CFReadStreamSetProperty / CFWriteStreamSetProperty.
+ *     For more infomation on these keys, please see the documentation for kCFStreamPropertySSLSettings.
+ *
+ *     If unspecified, the default value is NO.
+ *
+ * ==== The available CONFIGURATION KEYS are:
+ *
+ * - kCFStreamSSLPeerName
+ *     The value must be of type NSString.
+ *     It should match the name in the X.509 certificate given by the remote party.
+ *     See Apple's documentation for SSLSetPeerDomainName.
+ *
+ * - kCFStreamSSLCertificates
+ *     The value must be of type NSArray.
+ *     See Apple's documentation for SSLSetCertificate.
+ *
+ * - kCFStreamSSLIsServer
+ *     The value must be of type NSNumber, encapsulationg a BOOL value.
+ *     See Apple's documentation for SSLCreateContext for iOS.
+ *     This is optional for iOS. If not supplied, a NO value is the default.
+ *     This is not needed for Mac OS X, and the value is ignored.
+ *
+ * - GCDAsyncSocketSSLPeerID
+ *     The value must be of type NSData.
+ *     You must set this value if you want to use TLS session resumption.
+ *     See Apple's documentation for SSLSetPeerID.
+ *
+ * - GCDAsyncSocketSSLProtocolVersionMin
+ * - GCDAsyncSocketSSLProtocolVersionMax
+ *     The value(s) must be of type NSNumber, encapsulting a SSLProtocol value.
+ *     See Apple's documentation for SSLSetProtocolVersionMin & SSLSetProtocolVersionMax.
+ *     See also the SSLProtocol typedef.
+ * 
+ * - GCDAsyncSocketSSLSessionOptionFalseStart
+ *     The value must be of type NSNumber, encapsulating a BOOL value.
+ *     See Apple's documentation for kSSLSessionOptionFalseStart.
+ * 
+ * - GCDAsyncSocketSSLSessionOptionSendOneByteRecord
+ *     The value must be of type NSNumber, encapsulating a BOOL value.
+ *     See Apple's documentation for kSSLSessionOptionSendOneByteRecord.
+ * 
+ * - GCDAsyncSocketSSLCipherSuites
+ *     The values must be of type NSArray.
+ *     Each item within the array must be a NSNumber, encapsulating an SSLCipherSuite.
+ *     See Apple's documentation for SSLSetEnabledCiphers.
+ *     See also the SSLCipherSuite typedef.
+ *
+ * - GCDAsyncSocketSSLDiffieHellmanParameters (Mac OS X only)
+ *     The value must be of type NSData.
+ *     See Apple's documentation for SSLSetDiffieHellmanParams.
+ * 
+ * ==== The following UNAVAILABLE KEYS are: (with throw an exception)
+ * 
+ * - kCFStreamSSLAllowsAnyRoot (UNAVAILABLE)
+ *     You MUST use manual trust evaluation instead (see GCDAsyncSocketManuallyEvaluateTrust).
+ *     Corresponding deprecated method: SSLSetAllowsAnyRoot
+ * 
+ * - kCFStreamSSLAllowsExpiredRoots (UNAVAILABLE)
+ *     You MUST use manual trust evaluation instead (see GCDAsyncSocketManuallyEvaluateTrust).
+ *     Corresponding deprecated method: SSLSetAllowsExpiredRoots
+ *
+ * - kCFStreamSSLAllowsExpiredCertificates (UNAVAILABLE)
+ *     You MUST use manual trust evaluation instead (see GCDAsyncSocketManuallyEvaluateTrust).
+ *     Corresponding deprecated method: SSLSetAllowsExpiredCerts
+ *
+ * - kCFStreamSSLValidatesCertificateChain (UNAVAILABLE)
+ *     You MUST use manual trust evaluation instead (see GCDAsyncSocketManuallyEvaluateTrust).
+ *     Corresponding deprecated method: SSLSetEnableCertVerify
+ *
+ * - kCFStreamSSLLevel (UNAVAILABLE)
+ *     You MUST use GCDAsyncSocketSSLProtocolVersionMin & GCDAsyncSocketSSLProtocolVersionMin instead.
+ *     Corresponding deprecated method: SSLSetProtocolVersionEnabled
+ *
+ * 
+ * Please refer to Apple's documentation for corresponding SSLFunctions.
+ *
+ * If you pass in nil or an empty dictionary, the default settings will be used.
+ * 
+ * IMPORTANT SECURITY NOTE:
+ * The default settings will check to make sure the remote party's certificate is signed by a
+ * trusted 3rd party certificate agency (e.g. verisign) and that the certificate is not expired.
+ * However it will not verify the name on the certificate unless you
+ * give it a name to verify against via the kCFStreamSSLPeerName key.
+ * The security implications of this are important to understand.
+ * Imagine you are attempting to create a secure connection to MySecureServer.com,
+ * but your socket gets directed to MaliciousServer.com because of a hacked DNS server.
+ * If you simply use the default settings, and MaliciousServer.com has a valid certificate,
+ * the default settings will not detect any problems since the certificate is valid.
+ * To properly secure your connection in this particular scenario you
+ * should set the kCFStreamSSLPeerName property to "MySecureServer.com".
+ * 
+ * You can also perform additional validation in socketDidSecure.
+**/
+- (void)startTLS:(nullable NSDictionary <NSString*,NSObject*>*)tlsSettings;
+
+#pragma mark Advanced
+
+/**
+ * Traditionally sockets are not closed until the conversation is over.
+ * However, it is technically possible for the remote enpoint to close its write stream.
+ * Our socket would then be notified that there is no more data to be read,
+ * but our socket would still be writeable and the remote endpoint could continue to receive our data.
+ * 
+ * The argument for this confusing functionality stems from the idea that a client could shut down its
+ * write stream after sending a request to the server, thus notifying the server there are to be no further requests.
+ * In practice, however, this technique did little to help server developers.
+ * 
+ * To make matters worse, from a TCP perspective there is no way to tell the difference from a read stream close
+ * and a full socket close. They both result in the TCP stack receiving a FIN packet. The only way to tell
+ * is by continuing to write to the socket. If it was only a read stream close, then writes will continue to work.
+ * Otherwise an error will be occur shortly (when the remote end sends us a RST packet).
+ * 
+ * In addition to the technical challenges and confusion, many high level socket/stream API's provide
+ * no support for dealing with the problem. If the read stream is closed, the API immediately declares the
+ * socket to be closed, and shuts down the write stream as well. In fact, this is what Apple's CFStream API does.
+ * It might sound like poor design at first, but in fact it simplifies development.
+ * 
+ * The vast majority of the time if the read stream is closed it's because the remote endpoint closed its socket.
+ * Thus it actually makes sense to close the socket at this point.
+ * And in fact this is what most networking developers want and expect to happen.
+ * However, if you are writing a server that interacts with a plethora of clients,
+ * you might encounter a client that uses the discouraged technique of shutting down its write stream.
+ * If this is the case, you can set this property to NO,
+ * and make use of the socketDidCloseReadStream delegate method.
+ * 
+ * The default value is YES.
+**/
+@property (atomic, assign, readwrite) BOOL autoDisconnectOnClosedReadStream;
+
+/**
+ * GCDAsyncSocket maintains thread safety by using an internal serial dispatch_queue.
+ * In most cases, the instance creates this queue itself.
+ * However, to allow for maximum flexibility, the internal queue may be passed in the init method.
+ * This allows for some advanced options such as controlling socket priority via target queues.
+ * However, when one begins to use target queues like this, they open the door to some specific deadlock issues.
+ * 
+ * For example, imagine there are 2 queues:
+ * dispatch_queue_t socketQueue;
+ * dispatch_queue_t socketTargetQueue;
+ * 
+ * If you do this (pseudo-code):
+ * socketQueue.targetQueue = socketTargetQueue;
+ * 
+ * Then all socketQueue operations will actually get run on the given socketTargetQueue.
+ * This is fine and works great in most situations.
+ * But if you run code directly from within the socketTargetQueue that accesses the socket,
+ * you could potentially get deadlock. Imagine the following code:
+ * 
+ * - (BOOL)socketHasSomething
+ * {
+ *     __block BOOL result = NO;
+ *     dispatch_block_t block = ^{
+ *         result = [self someInternalMethodToBeRunOnlyOnSocketQueue];
+ *     }
+ *     if (is_executing_on_queue(socketQueue))
+ *         block();
+ *     else
+ *         dispatch_sync(socketQueue, block);
+ *     
+ *     return result;
+ * }
+ * 
+ * What happens if you call this method from the socketTargetQueue? The result is deadlock.
+ * This is because the GCD API offers no mechanism to discover a queue's targetQueue.
+ * Thus we have no idea if our socketQueue is configured with a targetQueue.
+ * If we had this information, we could easily avoid deadlock.
+ * But, since these API's are missing or unfeasible, you'll have to explicitly set it.
+ * 
+ * IF you pass a socketQueue via the init method,
+ * AND you've configured the passed socketQueue with a targetQueue,
+ * THEN you should pass the end queue in the target hierarchy.
+ * 
+ * For example, consider the following queue hierarchy:
+ * socketQueue -> ipQueue -> moduleQueue
+ *
+ * This example demonstrates priority shaping within some server.
+ * All incoming client connections from the same IP address are executed on the same target queue.
+ * And all connections for a particular module are executed on the same target queue.
+ * Thus, the priority of all networking for the entire module can be changed on the fly.
+ * Additionally, networking traffic from a single IP cannot monopolize the module.
+ * 
+ * Here's how you would accomplish something like that:
+ * - (dispatch_queue_t)newSocketQueueForConnectionFromAddress:(NSData *)address onSocket:(GCDAsyncSocket *)sock
+ * {
+ *     dispatch_queue_t socketQueue = dispatch_queue_create("", NULL);
+ *     dispatch_queue_t ipQueue = [self ipQueueForAddress:address];
+ *     
+ *     dispatch_set_target_queue(socketQueue, ipQueue);
+ *     dispatch_set_target_queue(iqQueue, moduleQueue);
+ *     
+ *     return socketQueue;
+ * }
+ * - (void)socket:(GCDAsyncSocket *)sock didAcceptNewSocket:(GCDAsyncSocket *)newSocket
+ * {
+ *     [clientConnections addObject:newSocket];
+ *     [newSocket markSocketQueueTargetQueue:moduleQueue];
+ * }
+ * 
+ * Note: This workaround is ONLY needed if you intend to execute code directly on the ipQueue or moduleQueue.
+ * This is often NOT the case, as such queues are used solely for execution shaping.
+**/
+- (void)markSocketQueueTargetQueue:(dispatch_queue_t)socketQueuesPreConfiguredTargetQueue;
+- (void)unmarkSocketQueueTargetQueue:(dispatch_queue_t)socketQueuesPreviouslyConfiguredTargetQueue;
+
+/**
+ * It's not thread-safe to access certain variables from outside the socket's internal queue.
+ * 
+ * For example, the socket file descriptor.
+ * File descriptors are simply integers which reference an index in the per-process file table.
+ * However, when one requests a new file descriptor (by opening a file or socket),
+ * the file descriptor returned is guaranteed to be the lowest numbered unused descriptor.
+ * So if we're not careful, the following could be possible:
+ * 
+ * - Thread A invokes a method which returns the socket's file descriptor.
+ * - The socket is closed via the socket's internal queue on thread B.
+ * - Thread C opens a file, and subsequently receives the file descriptor that was previously the socket's FD.
+ * - Thread A is now accessing/altering the file instead of the socket.
+ * 
+ * In addition to this, other variables are not actually objects,
+ * and thus cannot be retained/released or even autoreleased.
+ * An example is the sslContext, of type SSLContextRef, which is actually a malloc'd struct.
+ * 
+ * Although there are internal variables that make it difficult to maintain thread-safety,
+ * it is important to provide access to these variables
+ * to ensure this class can be used in a wide array of environments.
+ * This method helps to accomplish this by invoking the current block on the socket's internal queue.
+ * The methods below can be invoked from within the block to access
+ * those generally thread-unsafe internal variables in a thread-safe manner.
+ * The given block will be invoked synchronously on the socket's internal queue.
+ * 
+ * If you save references to any protected variables and use them outside the block, you do so at your own peril.
+**/
+- (void)performBlock:(dispatch_block_t)block;
+
+/**
+ * These methods are only available from within the context of a performBlock: invocation.
+ * See the documentation for the performBlock: method above.
+ * 
+ * Provides access to the socket's file descriptor(s).
+ * If the socket is a server socket (is accepting incoming connections),
+ * it might actually have multiple internal socket file descriptors - one for IPv4 and one for IPv6.
+**/
+- (int)socketFD;
+- (int)socket4FD;
+- (int)socket6FD;
+
+#if TARGET_OS_IPHONE
+
+/**
+ * These methods are only available from within the context of a performBlock: invocation.
+ * See the documentation for the performBlock: method above.
+ * 
+ * Provides access to the socket's internal CFReadStream/CFWriteStream.
+ * 
+ * These streams are only used as workarounds for specific iOS shortcomings:
+ * 
+ * - Apple has decided to keep the SecureTransport framework private is iOS.
+ *   This means the only supplied way to do SSL/TLS is via CFStream or some other API layered on top of it.
+ *   Thus, in order to provide SSL/TLS support on iOS we are forced to rely on CFStream,
+ *   instead of the preferred and faster and more powerful SecureTransport.
+ * 
+ * - If a socket doesn't have backgrounding enabled, and that socket is closed while the app is backgrounded,
+ *   Apple only bothers to notify us via the CFStream API.
+ *   The faster and more powerful GCD API isn't notified properly in this case.
+ * 
+ * See also: (BOOL)enableBackgroundingOnSocket
+**/
+- (nullable CFReadStreamRef)readStream;
+- (nullable CFWriteStreamRef)writeStream;
+
+/**
+ * This method is only available from within the context of a performBlock: invocation.
+ * See the documentation for the performBlock: method above.
+ * 
+ * Configures the socket to allow it to operate when the iOS application has been backgrounded.
+ * In other words, this method creates a read & write stream, and invokes:
+ * 
+ * CFReadStreamSetProperty(readStream, kCFStreamNetworkServiceType, kCFStreamNetworkServiceTypeVoIP);
+ * CFWriteStreamSetProperty(writeStream, kCFStreamNetworkServiceType, kCFStreamNetworkServiceTypeVoIP);
+ * 
+ * Returns YES if successful, NO otherwise.
+ * 
+ * Note: Apple does not officially support backgrounding server sockets.
+ * That is, if your socket is accepting incoming connections, Apple does not officially support
+ * allowing iOS applications to accept incoming connections while an app is backgrounded.
+ * 
+ * Example usage:
+ * 
+ * - (void)socket:(GCDAsyncSocket *)sock didConnectToHost:(NSString *)host port:(uint16_t)port
+ * {
+ *     [asyncSocket performBlock:^{
+ *         [asyncSocket enableBackgroundingOnSocket];
+ *     }];
+ * }
+**/
+- (BOOL)enableBackgroundingOnSocket;
+
+#endif
+
+/**
+ * This method is only available from within the context of a performBlock: invocation.
+ * See the documentation for the performBlock: method above.
+ * 
+ * Provides access to the socket's SSLContext, if SSL/TLS has been started on the socket.
+**/
+- (nullable SSLContextRef)sslContext;
+
+#pragma mark Utilities
+
+/**
+ * The address lookup utility used by the class.
+ * This method is synchronous, so it's recommended you use it on a background thread/queue.
+ * 
+ * The special strings "localhost" and "loopback" return the loopback address for IPv4 and IPv6.
+ * 
+ * @returns
+ *   A mutable array with all IPv4 and IPv6 addresses returned by getaddrinfo.
+ *   The addresses are specifically for TCP connections.
+ *   You can filter the addresses, if needed, using the other utility methods provided by the class.
+**/
++ (nullable NSMutableArray *)lookupHost:(NSString *)host port:(uint16_t)port error:(NSError **)errPtr;
+
+/**
+ * Extracting host and port information from raw address data.
+**/
+
++ (nullable NSString *)hostFromAddress:(NSData *)address;
++ (uint16_t)portFromAddress:(NSData *)address;
+
++ (BOOL)isIPv4Address:(NSData *)address;
++ (BOOL)isIPv6Address:(NSData *)address;
+
++ (BOOL)getHost:( NSString * __nullable * __nullable)hostPtr port:(nullable uint16_t *)portPtr fromAddress:(NSData *)address;
+
++ (BOOL)getHost:(NSString * __nullable * __nullable)hostPtr port:(nullable uint16_t *)portPtr family:(nullable sa_family_t *)afPtr fromAddress:(NSData *)address;
+
+/**
+ * A few common line separators, for use with the readDataToData:... methods.
+**/
++ (NSData *)CRLFData;   // 0x0D0A
++ (NSData *)CRData;     // 0x0D
++ (NSData *)LFData;     // 0x0A
++ (NSData *)ZeroData;   // 0x00
+
+@end
+
+////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////
+#pragma mark -
+////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////
+
+@protocol GCDAsyncSocketDelegate <NSObject>
+@optional
+
+/**
+ * This method is called immediately prior to socket:didAcceptNewSocket:.
+ * It optionally allows a listening socket to specify the socketQueue for a new accepted socket.
+ * If this method is not implemented, or returns NULL, the new accepted socket will create its own default queue.
+ * 
+ * Since you cannot autorelease a dispatch_queue,
+ * this method uses the "new" prefix in its name to specify that the returned queue has been retained.
+ * 
+ * Thus you could do something like this in the implementation:
+ * return dispatch_queue_create("MyQueue", NULL);
+ * 
+ * If you are placing multiple sockets on the same queue,
+ * then care should be taken to increment the retain count each time this method is invoked.
+ * 
+ * For example, your implementation might look something like this:
+ * dispatch_retain(myExistingQueue);
+ * return myExistingQueue;
+**/
+- (nullable dispatch_queue_t)newSocketQueueForConnectionFromAddress:(NSData *)address onSocket:(GCDAsyncSocket *)sock;
+
+/**
+ * Called when a socket accepts a connection.
+ * Another socket is automatically spawned to handle it.
+ * 
+ * You must retain the newSocket if you wish to handle the connection.
+ * Otherwise the newSocket instance will be released and the spawned connection will be closed.
+ * 
+ * By default the new socket will have the same delegate and delegateQueue.
+ * You may, of course, change this at any time.
+**/
+- (void)socket:(GCDAsyncSocket *)sock didAcceptNewSocket:(GCDAsyncSocket *)newSocket;
+
+/**
+ * Called when a socket connects and is ready for reading and writing.
+ * The host parameter will be an IP address, not a DNS name.
+**/
+- (void)socket:(GCDAsyncSocket *)sock didConnectToHost:(NSString *)host port:(uint16_t)port;
+
+/**
+ * Called when a socket connects and is ready for reading and writing.
+ * The host parameter will be an IP address, not a DNS name.
+ **/
+- (void)socket:(GCDAsyncSocket *)sock didConnectToUrl:(NSURL *)url;
+
+/**
+ * Called when a socket has completed reading the requested data into memory.
+ * Not called if there is an error.
+**/
+- (void)socket:(GCDAsyncSocket *)sock didReadData:(NSData *)data withTag:(long)tag;
+
+/**
+ * Called when a socket has read in data, but has not yet completed the read.
+ * This would occur if using readToData: or readToLength: methods.
+ * It may be used for things such as updating progress bars.
+**/
+- (void)socket:(GCDAsyncSocket *)sock didReadPartialDataOfLength:(NSUInteger)partialLength tag:(long)tag;
+
+/**
+ * Called when a socket has completed writing the requested data. Not called if there is an error.
+**/
+- (void)socket:(GCDAsyncSocket *)sock didWriteDataWithTag:(long)tag;
+
+/**
+ * Called when a socket has written some data, but has not yet completed the entire write.
+ * It may be used for things such as updating progress bars.
+**/
+- (void)socket:(GCDAsyncSocket *)sock didWritePartialDataOfLength:(NSUInteger)partialLength tag:(long)tag;
+
+/**
+ * Called if a read operation has reached its timeout without completing.
+ * This method allows you to optionally extend the timeout.
+ * If you return a positive time interval (> 0) the read's timeout will be extended by the given amount.
+ * If you don't implement this method, or return a non-positive time interval (<= 0) the read will timeout as usual.
+ * 
+ * The elapsed parameter is the sum of the original timeout, plus any additions previously added via this method.
+ * The length parameter is the number of bytes that have been read so far for the read operation.
+ * 
+ * Note that this method may be called multiple times for a single read if you return positive numbers.
+**/
+- (NSTimeInterval)socket:(GCDAsyncSocket *)sock shouldTimeoutReadWithTag:(long)tag
+                                                                 elapsed:(NSTimeInterval)elapsed
+                                                               bytesDone:(NSUInteger)length;
+
+/**
+ * Called if a write operation has reached its timeout without completing.
+ * This method allows you to optionally extend the timeout.
+ * If you return a positive time interval (> 0) the write's timeout will be extended by the given amount.
+ * If you don't implement this method, or return a non-positive time interval (<= 0) the write will timeout as usual.
+ * 
+ * The elapsed parameter is the sum of the original timeout, plus any additions previously added via this method.
+ * The length parameter is the number of bytes that have been written so far for the write operation.
+ * 
+ * Note that this method may be called multiple times for a single write if you return positive numbers.
+**/
+- (NSTimeInterval)socket:(GCDAsyncSocket *)sock shouldTimeoutWriteWithTag:(long)tag
+                                                                  elapsed:(NSTimeInterval)elapsed
+                                                                bytesDone:(NSUInteger)length;
+
+/**
+ * Conditionally called if the read stream closes, but the write stream may still be writeable.
+ * 
+ * This delegate method is only called if autoDisconnectOnClosedReadStream has been set to NO.
+ * See the discussion on the autoDisconnectOnClosedReadStream method for more information.
+**/
+- (void)socketDidCloseReadStream:(GCDAsyncSocket *)sock;
+
+/**
+ * Called when a socket disconnects with or without error.
+ * 
+ * If you call the disconnect method, and the socket wasn't already disconnected,
+ * then an invocation of this delegate method will be enqueued on the delegateQueue
+ * before the disconnect method returns.
+ * 
+ * Note: If the GCDAsyncSocket instance is deallocated while it is still connected,
+ * and the delegate is not also deallocated, then this method will be invoked,
+ * but the sock parameter will be nil. (It must necessarily be nil since it is no longer available.)
+ * This is a generally rare, but is possible if one writes code like this:
+ * 
+ * asyncSocket = nil; // I'm implicitly disconnecting the socket
+ * 
+ * In this case it may preferrable to nil the delegate beforehand, like this:
+ * 
+ * asyncSocket.delegate = nil; // Don't invoke my delegate method
+ * asyncSocket = nil; // I'm implicitly disconnecting the socket
+ * 
+ * Of course, this depends on how your state machine is configured.
+**/
+- (void)socketDidDisconnect:(GCDAsyncSocket *)sock withError:(nullable NSError *)err;
+
+/**
+ * Called after the socket has successfully completed SSL/TLS negotiation.
+ * This method is not called unless you use the provided startTLS method.
+ * 
+ * If a SSL/TLS negotiation fails (invalid certificate, etc) then the socket will immediately close,
+ * and the socketDidDisconnect:withError: delegate method will be called with the specific SSL error code.
+**/
+- (void)socketDidSecure:(GCDAsyncSocket *)sock;
+
+/**
+ * Allows a socket delegate to hook into the TLS handshake and manually validate the peer it's connecting to.
+ *
+ * This is only called if startTLS is invoked with options that include:
+ * - GCDAsyncSocketManuallyEvaluateTrust == YES
+ *
+ * Typically the delegate will use SecTrustEvaluate (and related functions) to properly validate the peer.
+ * 
+ * Note from Apple's documentation:
+ *   Because [SecTrustEvaluate] might look on the network for certificates in the certificate chain,
+ *   [it] might block while attempting network access. You should never call it from your main thread;
+ *   call it only from within a function running on a dispatch queue or on a separate thread.
+ * 
+ * Thus this method uses a completionHandler block rather than a normal return value.
+ * The completionHandler block is thread-safe, and may be invoked from a background queue/thread.
+ * It is safe to invoke the completionHandler block even if the socket has been closed.
+**/
+- (void)socket:(GCDAsyncSocket *)sock didReceiveTrust:(SecTrustRef)trust
+                                    completionHandler:(void (^)(BOOL shouldTrustPeer))completionHandler;
+
+@end
+NS_ASSUME_NONNULL_END
diff --git a/client/3rd/PacketProcessor/PacketProcessor/CocoaAsyncSocket/CocoaAsyncSocket.framework/Headers/GCDAsyncUdpSocket.h b/client/3rd/PacketProcessor/PacketProcessor/CocoaAsyncSocket/CocoaAsyncSocket.framework/Headers/GCDAsyncUdpSocket.h
new file mode 100644
index 00000000..af327e08
--- /dev/null
+++ b/client/3rd/PacketProcessor/PacketProcessor/CocoaAsyncSocket/CocoaAsyncSocket.framework/Headers/GCDAsyncUdpSocket.h
@@ -0,0 +1,1036 @@
+//  
+//  GCDAsyncUdpSocket
+//  
+//  This class is in the public domain.
+//  Originally created by Robbie Hanson of Deusty LLC.
+//  Updated and maintained by Deusty LLC and the Apple development community.
+//  
+//  https://github.com/robbiehanson/CocoaAsyncSocket
+//
+
+#import <Foundation/Foundation.h>
+#import <dispatch/dispatch.h>
+#import <TargetConditionals.h>
+#import <Availability.h>
+
+NS_ASSUME_NONNULL_BEGIN
+extern NSString *const GCDAsyncUdpSocketException;
+extern NSString *const GCDAsyncUdpSocketErrorDomain;
+
+extern NSString *const GCDAsyncUdpSocketQueueName;
+extern NSString *const GCDAsyncUdpSocketThreadName;
+
+typedef NS_ERROR_ENUM(GCDAsyncUdpSocketErrorDomain, GCDAsyncUdpSocketError) {
+	GCDAsyncUdpSocketNoError = 0,          // Never used
+	GCDAsyncUdpSocketBadConfigError,       // Invalid configuration
+	GCDAsyncUdpSocketBadParamError,        // Invalid parameter was passed
+	GCDAsyncUdpSocketSendTimeoutError,     // A send operation timed out
+	GCDAsyncUdpSocketClosedError,          // The socket was closed
+	GCDAsyncUdpSocketOtherError,           // Description provided in userInfo
+};
+
+////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////
+#pragma mark -
+////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////
+
+@class GCDAsyncUdpSocket;
+
+@protocol GCDAsyncUdpSocketDelegate <NSObject>
+@optional
+
+/**
+ * By design, UDP is a connectionless protocol, and connecting is not needed.
+ * However, you may optionally choose to connect to a particular host for reasons
+ * outlined in the documentation for the various connect methods listed above.
+ * 
+ * This method is called if one of the connect methods are invoked, and the connection is successful.
+**/
+- (void)udpSocket:(GCDAsyncUdpSocket *)sock didConnectToAddress:(NSData *)address;
+
+/**
+ * By design, UDP is a connectionless protocol, and connecting is not needed.
+ * However, you may optionally choose to connect to a particular host for reasons
+ * outlined in the documentation for the various connect methods listed above.
+ * 
+ * This method is called if one of the connect methods are invoked, and the connection fails.
+ * This may happen, for example, if a domain name is given for the host and the domain name is unable to be resolved.
+**/
+- (void)udpSocket:(GCDAsyncUdpSocket *)sock didNotConnect:(NSError * _Nullable)error;
+
+/**
+ * Called when the datagram with the given tag has been sent.
+**/
+- (void)udpSocket:(GCDAsyncUdpSocket *)sock didSendDataWithTag:(long)tag;
+
+/**
+ * Called if an error occurs while trying to send a datagram.
+ * This could be due to a timeout, or something more serious such as the data being too large to fit in a sigle packet.
+**/
+- (void)udpSocket:(GCDAsyncUdpSocket *)sock didNotSendDataWithTag:(long)tag dueToError:(NSError * _Nullable)error;
+
+/**
+ * Called when the socket has received the requested datagram.
+**/
+- (void)udpSocket:(GCDAsyncUdpSocket *)sock didReceiveData:(NSData *)data
+                                             fromAddress:(NSData *)address
+                                       withFilterContext:(nullable id)filterContext;
+
+/**
+ * Called when the socket is closed.
+**/
+- (void)udpSocketDidClose:(GCDAsyncUdpSocket *)sock withError:(NSError  * _Nullable)error;
+
+@end
+
+/**
+ * You may optionally set a receive filter for the socket.
+ * A filter can provide several useful features:
+ *    
+ * 1. Many times udp packets need to be parsed.
+ *    Since the filter can run in its own independent queue, you can parallelize this parsing quite easily.
+ *    The end result is a parallel socket io, datagram parsing, and packet processing.
+ * 
+ * 2. Many times udp packets are discarded because they are duplicate/unneeded/unsolicited.
+ *    The filter can prevent such packets from arriving at the delegate.
+ *    And because the filter can run in its own independent queue, this doesn't slow down the delegate.
+ * 
+ *    - Since the udp protocol does not guarantee delivery, udp packets may be lost.
+ *      Many protocols built atop udp thus provide various resend/re-request algorithms.
+ *      This sometimes results in duplicate packets arriving.
+ *      A filter may allow you to architect the duplicate detection code to run in parallel to normal processing.
+ *    
+ *    - Since the udp socket may be connectionless, its possible for unsolicited packets to arrive.
+ *      Such packets need to be ignored.
+ * 
+ * 3. Sometimes traffic shapers are needed to simulate real world environments.
+ *    A filter allows you to write custom code to simulate such environments.
+ *    The ability to code this yourself is especially helpful when your simulated environment
+ *    is more complicated than simple traffic shaping (e.g. simulating a cone port restricted router),
+ *    or the system tools to handle this aren't available (e.g. on a mobile device).
+ * 
+ * @param data    - The packet that was received.
+ * @param address - The address the data was received from.
+ *                  See utilities section for methods to extract info from address.
+ * @param context - Out parameter you may optionally set, which will then be passed to the delegate method.
+ *                  For example, filter block can parse the data and then,
+ *                  pass the parsed data to the delegate.
+ * 
+ * @returns - YES if the received packet should be passed onto the delegate.
+ *            NO if the received packet should be discarded, and not reported to the delegete.
+ * 
+ * Example:
+ * 
+ * GCDAsyncUdpSocketReceiveFilterBlock filter = ^BOOL (NSData *data, NSData *address, id *context) {
+ * 
+ *     MyProtocolMessage *msg = [MyProtocol parseMessage:data];
+ *     
+ *     *context = response;
+ *     return (response != nil);
+ * };
+ * [udpSocket setReceiveFilter:filter withQueue:myParsingQueue];
+ * 
+**/
+typedef BOOL (^GCDAsyncUdpSocketReceiveFilterBlock)(NSData *data, NSData *address, id __nullable * __nonnull context);
+
+/**
+ * You may optionally set a send filter for the socket.
+ * A filter can provide several interesting possibilities:
+ * 
+ * 1. Optional caching of resolved addresses for domain names.
+ *    The cache could later be consulted, resulting in fewer system calls to getaddrinfo.
+ * 
+ * 2. Reusable modules of code for bandwidth monitoring.
+ * 
+ * 3. Sometimes traffic shapers are needed to simulate real world environments.
+ *    A filter allows you to write custom code to simulate such environments.
+ *    The ability to code this yourself is especially helpful when your simulated environment
+ *    is more complicated than simple traffic shaping (e.g. simulating a cone port restricted router),
+ *    or the system tools to handle this aren't available (e.g. on a mobile device).
+ * 
+ * @param data    - The packet that was received.
+ * @param address - The address the data was received from.
+ *                  See utilities section for methods to extract info from address.
+ * @param tag     - The tag that was passed in the send method.
+ * 
+ * @returns - YES if the packet should actually be sent over the socket.
+ *            NO if the packet should be silently dropped (not sent over the socket).
+ * 
+ * Regardless of the return value, the delegate will be informed that the packet was successfully sent.
+ *
+**/
+typedef BOOL (^GCDAsyncUdpSocketSendFilterBlock)(NSData *data, NSData *address, long tag);
+
+
+@interface GCDAsyncUdpSocket : NSObject
+
+/**
+ * GCDAsyncUdpSocket uses the standard delegate paradigm,
+ * but executes all delegate callbacks on a given delegate dispatch queue.
+ * This allows for maximum concurrency, while at the same time providing easy thread safety.
+ * 
+ * You MUST set a delegate AND delegate dispatch queue before attempting to
+ * use the socket, or you will get an error.
+ * 
+ * The socket queue is optional.
+ * If you pass NULL, GCDAsyncSocket will automatically create its own socket queue.
+ * If you choose to provide a socket queue, the socket queue must not be a concurrent queue,
+ * then please see the discussion for the method markSocketQueueTargetQueue.
+ *
+ * The delegate queue and socket queue can optionally be the same.
+**/
+- (instancetype)init;
+- (instancetype)initWithSocketQueue:(nullable dispatch_queue_t)sq;
+- (instancetype)initWithDelegate:(nullable id<GCDAsyncUdpSocketDelegate>)aDelegate delegateQueue:(nullable dispatch_queue_t)dq;
+- (instancetype)initWithDelegate:(nullable id<GCDAsyncUdpSocketDelegate>)aDelegate delegateQueue:(nullable dispatch_queue_t)dq socketQueue:(nullable dispatch_queue_t)sq NS_DESIGNATED_INITIALIZER;
+
+#pragma mark Configuration
+
+- (nullable id<GCDAsyncUdpSocketDelegate>)delegate;
+- (void)setDelegate:(nullable id<GCDAsyncUdpSocketDelegate>)delegate;
+- (void)synchronouslySetDelegate:(nullable id<GCDAsyncUdpSocketDelegate>)delegate;
+
+- (nullable dispatch_queue_t)delegateQueue;
+- (void)setDelegateQueue:(nullable dispatch_queue_t)delegateQueue;
+- (void)synchronouslySetDelegateQueue:(nullable dispatch_queue_t)delegateQueue;
+
+- (void)getDelegate:(id<GCDAsyncUdpSocketDelegate> __nullable * __nullable)delegatePtr delegateQueue:(dispatch_queue_t __nullable * __nullable)delegateQueuePtr;
+- (void)setDelegate:(nullable id<GCDAsyncUdpSocketDelegate>)delegate delegateQueue:(nullable dispatch_queue_t)delegateQueue;
+- (void)synchronouslySetDelegate:(nullable id<GCDAsyncUdpSocketDelegate>)delegate delegateQueue:(nullable dispatch_queue_t)delegateQueue;
+
+/**
+ * By default, both IPv4 and IPv6 are enabled.
+ * 
+ * This means GCDAsyncUdpSocket automatically supports both protocols,
+ * and can send to IPv4 or IPv6 addresses,
+ * as well as receive over IPv4 and IPv6.
+ * 
+ * For operations that require DNS resolution, GCDAsyncUdpSocket supports both IPv4 and IPv6.
+ * If a DNS lookup returns only IPv4 results, GCDAsyncUdpSocket will automatically use IPv4.
+ * If a DNS lookup returns only IPv6 results, GCDAsyncUdpSocket will automatically use IPv6.
+ * If a DNS lookup returns both IPv4 and IPv6 results, then the protocol used depends on the configured preference.
+ * If IPv4 is preferred, then IPv4 is used.
+ * If IPv6 is preferred, then IPv6 is used.
+ * If neutral, then the first IP version in the resolved array will be used.
+ * 
+ * Starting with Mac OS X 10.7 Lion and iOS 5, the default IP preference is neutral.
+ * On prior systems the default IP preference is IPv4.
+ **/
+- (BOOL)isIPv4Enabled;
+- (void)setIPv4Enabled:(BOOL)flag;
+
+- (BOOL)isIPv6Enabled;
+- (void)setIPv6Enabled:(BOOL)flag;
+
+- (BOOL)isIPv4Preferred;
+- (BOOL)isIPv6Preferred;
+- (BOOL)isIPVersionNeutral;
+
+- (void)setPreferIPv4;
+- (void)setPreferIPv6;
+- (void)setIPVersionNeutral;
+
+/**
+ * Gets/Sets the maximum size of the buffer that will be allocated for receive operations.
+ * The default maximum size is 65535 bytes.
+ * 
+ * The theoretical maximum size of any IPv4 UDP packet is UINT16_MAX = 65535.
+ * The theoretical maximum size of any IPv6 UDP packet is UINT32_MAX = 4294967295.
+ * 
+ * Since the OS/GCD notifies us of the size of each received UDP packet,
+ * the actual allocated buffer size for each packet is exact.
+ * And in practice the size of UDP packets is generally much smaller than the max.
+ * Indeed most protocols will send and receive packets of only a few bytes,
+ * or will set a limit on the size of packets to prevent fragmentation in the IP layer.
+ * 
+ * If you set the buffer size too small, the sockets API in the OS will silently discard
+ * any extra data, and you will not be notified of the error.
+**/
+- (uint16_t)maxReceiveIPv4BufferSize;
+- (void)setMaxReceiveIPv4BufferSize:(uint16_t)max;
+
+- (uint32_t)maxReceiveIPv6BufferSize;
+- (void)setMaxReceiveIPv6BufferSize:(uint32_t)max;
+
+/**
+ * Gets/Sets the maximum size of the buffer that will be allocated for send operations.
+ * The default maximum size is 65535 bytes.
+ * 
+ * Given that a typical link MTU is 1500 bytes, a large UDP datagram will have to be 
+ * fragmented, and that’s both expensive and risky (if one fragment goes missing, the
+ * entire datagram is lost).  You are much better off sending a large number of smaller
+ * UDP datagrams, preferably using a path MTU algorithm to avoid fragmentation.
+ *
+ * You must set it before the sockt is created otherwise it won't work.
+ *
+ **/
+- (uint16_t)maxSendBufferSize;
+- (void)setMaxSendBufferSize:(uint16_t)max;
+
+/**
+ * User data allows you to associate arbitrary information with the socket.
+ * This data is not used internally in any way.
+**/
+- (nullable id)userData;
+- (void)setUserData:(nullable id)arbitraryUserData;
+
+#pragma mark Diagnostics
+
+/**
+ * Returns the local address info for the socket.
+ * 
+ * The localAddress method returns a sockaddr structure wrapped in a NSData object.
+ * The localHost method returns the human readable IP address as a string.
+ * 
+ * Note: Address info may not be available until after the socket has been binded, connected
+ * or until after data has been sent.
+**/
+- (nullable NSData *)localAddress;
+- (nullable NSString *)localHost;
+- (uint16_t)localPort;
+
+- (nullable NSData *)localAddress_IPv4;
+- (nullable NSString *)localHost_IPv4;
+- (uint16_t)localPort_IPv4;
+
+- (nullable NSData *)localAddress_IPv6;
+- (nullable NSString *)localHost_IPv6;
+- (uint16_t)localPort_IPv6;
+
+/**
+ * Returns the remote address info for the socket.
+ * 
+ * The connectedAddress method returns a sockaddr structure wrapped in a NSData object.
+ * The connectedHost method returns the human readable IP address as a string.
+ * 
+ * Note: Since UDP is connectionless by design, connected address info
+ * will not be available unless the socket is explicitly connected to a remote host/port.
+ * If the socket is not connected, these methods will return nil / 0.
+**/
+- (nullable NSData *)connectedAddress;
+- (nullable NSString *)connectedHost;
+- (uint16_t)connectedPort;
+
+/**
+ * Returns whether or not this socket has been connected to a single host.
+ * By design, UDP is a connectionless protocol, and connecting is not needed.
+ * If connected, the socket will only be able to send/receive data to/from the connected host.
+**/
+- (BOOL)isConnected;
+
+/**
+ * Returns whether or not this socket has been closed.
+ * The only way a socket can be closed is if you explicitly call one of the close methods.
+**/
+- (BOOL)isClosed;
+
+/**
+ * Returns whether or not this socket is IPv4.
+ * 
+ * By default this will be true, unless:
+ * - IPv4 is disabled (via setIPv4Enabled:)
+ * - The socket is explicitly bound to an IPv6 address
+ * - The socket is connected to an IPv6 address
+**/
+- (BOOL)isIPv4;
+
+/**
+ * Returns whether or not this socket is IPv6.
+ * 
+ * By default this will be true, unless:
+ * - IPv6 is disabled (via setIPv6Enabled:)
+ * - The socket is explicitly bound to an IPv4 address
+ * _ The socket is connected to an IPv4 address
+ * 
+ * This method will also return false on platforms that do not support IPv6.
+ * Note: The iPhone does not currently support IPv6.
+**/
+- (BOOL)isIPv6;
+
+#pragma mark Binding
+
+/**
+ * Binds the UDP socket to the given port.
+ * Binding should be done for server sockets that receive data prior to sending it.
+ * Client sockets can skip binding,
+ * as the OS will automatically assign the socket an available port when it starts sending data.
+ * 
+ * You may optionally pass a port number of zero to immediately bind the socket,
+ * yet still allow the OS to automatically assign an available port.
+ * 
+ * You cannot bind a socket after its been connected.
+ * You can only bind a socket once.
+ * You can still connect a socket (if desired) after binding.
+ * 
+ * On success, returns YES.
+ * Otherwise returns NO, and sets errPtr. If you don't care about the error, you can pass NULL for errPtr.
+**/
+- (BOOL)bindToPort:(uint16_t)port error:(NSError **)errPtr;
+
+/**
+ * Binds the UDP socket to the given port and optional interface.
+ * Binding should be done for server sockets that receive data prior to sending it.
+ * Client sockets can skip binding,
+ * as the OS will automatically assign the socket an available port when it starts sending data.
+ * 
+ * You may optionally pass a port number of zero to immediately bind the socket,
+ * yet still allow the OS to automatically assign an available port.
+ * 
+ * The interface may be a name (e.g. "en1" or "lo0") or the corresponding IP address (e.g. "192.168.4.35").
+ * You may also use the special strings "localhost" or "loopback" to specify that
+ * the socket only accept packets from the local machine.
+ * 
+ * You cannot bind a socket after its been connected.
+ * You can only bind a socket once.
+ * You can still connect a socket (if desired) after binding.
+ * 
+ * On success, returns YES.
+ * Otherwise returns NO, and sets errPtr. If you don't care about the error, you can pass NULL for errPtr.
+**/
+- (BOOL)bindToPort:(uint16_t)port interface:(nullable NSString *)interface error:(NSError **)errPtr;
+
+/**
+ * Binds the UDP socket to the given address, specified as a sockaddr structure wrapped in a NSData object.
+ * 
+ * If you have an existing struct sockaddr you can convert it to a NSData object like so:
+ * struct sockaddr sa  -> NSData *dsa = [NSData dataWithBytes:&remoteAddr length:remoteAddr.sa_len];
+ * struct sockaddr *sa -> NSData *dsa = [NSData dataWithBytes:remoteAddr length:remoteAddr->sa_len];
+ * 
+ * Binding should be done for server sockets that receive data prior to sending it.
+ * Client sockets can skip binding,
+ * as the OS will automatically assign the socket an available port when it starts sending data.
+ * 
+ * You cannot bind a socket after its been connected.
+ * You can only bind a socket once.
+ * You can still connect a socket (if desired) after binding.
+ * 
+ * On success, returns YES.
+ * Otherwise returns NO, and sets errPtr. If you don't care about the error, you can pass NULL for errPtr.
+**/
+- (BOOL)bindToAddress:(NSData *)localAddr error:(NSError **)errPtr;
+
+#pragma mark Connecting
+
+/**
+ * Connects the UDP socket to the given host and port.
+ * By design, UDP is a connectionless protocol, and connecting is not needed.
+ * 
+ * Choosing to connect to a specific host/port has the following effect:
+ * - You will only be able to send data to the connected host/port.
+ * - You will only be able to receive data from the connected host/port.
+ * - You will receive ICMP messages that come from the connected host/port, such as "connection refused".
+ * 
+ * The actual process of connecting a UDP socket does not result in any communication on the socket.
+ * It simply changes the internal state of the socket.
+ * 
+ * You cannot bind a socket after it has been connected.
+ * You can only connect a socket once.
+ * 
+ * The host may be a domain name (e.g. "deusty.com") or an IP address string (e.g. "192.168.0.2").
+ * 
+ * This method is asynchronous as it requires a DNS lookup to resolve the given host name.
+ * If an obvious error is detected, this method immediately returns NO and sets errPtr.
+ * If you don't care about the error, you can pass nil for errPtr.
+ * Otherwise, this method returns YES and begins the asynchronous connection process.
+ * The result of the asynchronous connection process will be reported via the delegate methods.
+ **/
+- (BOOL)connectToHost:(NSString *)host onPort:(uint16_t)port error:(NSError **)errPtr;
+
+/**
+ * Connects the UDP socket to the given address, specified as a sockaddr structure wrapped in a NSData object.
+ * 
+ * If you have an existing struct sockaddr you can convert it to a NSData object like so:
+ * struct sockaddr sa  -> NSData *dsa = [NSData dataWithBytes:&remoteAddr length:remoteAddr.sa_len];
+ * struct sockaddr *sa -> NSData *dsa = [NSData dataWithBytes:remoteAddr length:remoteAddr->sa_len];
+ * 
+ * By design, UDP is a connectionless protocol, and connecting is not needed.
+ * 
+ * Choosing to connect to a specific address has the following effect:
+ * - You will only be able to send data to the connected address.
+ * - You will only be able to receive data from the connected address.
+ * - You will receive ICMP messages that come from the connected address, such as "connection refused".
+ * 
+ * Connecting a UDP socket does not result in any communication on the socket.
+ * It simply changes the internal state of the socket.
+ * 
+ * You cannot bind a socket after its been connected.
+ * You can only connect a socket once.
+ * 
+ * On success, returns YES.
+ * Otherwise returns NO, and sets errPtr. If you don't care about the error, you can pass nil for errPtr.
+ * 
+ * Note: Unlike the connectToHost:onPort:error: method, this method does not require a DNS lookup.
+ * Thus when this method returns, the connection has either failed or fully completed.
+ * In other words, this method is synchronous, unlike the asynchronous connectToHost::: method.
+ * However, for compatibility and simplification of delegate code, if this method returns YES
+ * then the corresponding delegate method (udpSocket:didConnectToHost:port:) is still invoked.
+**/
+- (BOOL)connectToAddress:(NSData *)remoteAddr error:(NSError **)errPtr;
+
+#pragma mark Multicast
+
+/**
+ * Join multicast group.
+ * Group should be an IP address (eg @"225.228.0.1").
+ * 
+ * On success, returns YES.
+ * Otherwise returns NO, and sets errPtr. If you don't care about the error, you can pass nil for errPtr.
+**/
+- (BOOL)joinMulticastGroup:(NSString *)group error:(NSError **)errPtr;
+
+/**
+ * Join multicast group.
+ * Group should be an IP address (eg @"225.228.0.1").
+ * The interface may be a name (e.g. "en1" or "lo0") or the corresponding IP address (e.g. "192.168.4.35").
+ * 
+ * On success, returns YES.
+ * Otherwise returns NO, and sets errPtr. If you don't care about the error, you can pass nil for errPtr.
+**/
+- (BOOL)joinMulticastGroup:(NSString *)group onInterface:(nullable NSString *)interface error:(NSError **)errPtr;
+
+- (BOOL)leaveMulticastGroup:(NSString *)group error:(NSError **)errPtr;
+- (BOOL)leaveMulticastGroup:(NSString *)group onInterface:(nullable NSString *)interface error:(NSError **)errPtr;
+
+/**
+ * Send multicast on a specified interface.
+ * For IPv4, interface should be the the IP address of the interface (eg @"192.168.10.1").
+ * For IPv6, interface should be the a network interface name (eg @"en0").
+ *
+ * On success, returns YES.
+ * Otherwise returns NO, and sets errPtr. If you don't care about the error, you can pass nil for errPtr.
+**/
+
+- (BOOL)sendIPv4MulticastOnInterface:(NSString*)interface error:(NSError **)errPtr;
+- (BOOL)sendIPv6MulticastOnInterface:(NSString*)interface error:(NSError **)errPtr;
+
+#pragma mark Reuse Port
+
+/**
+ * By default, only one socket can be bound to a given IP address + port at a time.
+ * To enable multiple processes to simultaneously bind to the same address+port, 
+ * you need to enable this functionality in the socket.  All processes that wish to
+ * use the address+port simultaneously must all enable reuse port on the socket
+ * bound to that port.
+ **/
+- (BOOL)enableReusePort:(BOOL)flag error:(NSError **)errPtr;
+
+#pragma mark Broadcast
+
+/**
+ * By default, the underlying socket in the OS will not allow you to send broadcast messages.
+ * In order to send broadcast messages, you need to enable this functionality in the socket.
+ * 
+ * A broadcast is a UDP message to addresses like "192.168.255.255" or "255.255.255.255" that is
+ * delivered to every host on the network.
+ * The reason this is generally disabled by default (by the OS) is to prevent
+ * accidental broadcast messages from flooding the network.
+**/
+- (BOOL)enableBroadcast:(BOOL)flag error:(NSError **)errPtr;
+
+#pragma mark Sending
+
+/**
+ * Asynchronously sends the given data, with the given timeout and tag.
+ * 
+ * This method may only be used with a connected socket.
+ * Recall that connecting is optional for a UDP socket.
+ * For connected sockets, data can only be sent to the connected address.
+ * For non-connected sockets, the remote destination is specified for each packet.
+ * For more information about optionally connecting udp sockets, see the documentation for the connect methods above.
+ * 
+ * @param data
+ *     The data to send.
+ *     If data is nil or zero-length, this method does nothing.
+ *     If passing NSMutableData, please read the thread-safety notice below.
+ * 
+ * @param timeout
+ *    The timeout for the send opeartion.
+ *    If the timeout value is negative, the send operation will not use a timeout.
+ * 
+ * @param tag
+ *    The tag is for your convenience.
+ *    It is not sent or received over the socket in any manner what-so-ever.
+ *    It is reported back as a parameter in the udpSocket:didSendDataWithTag:
+ *    or udpSocket:didNotSendDataWithTag:dueToError: methods.
+ *    You can use it as an array index, state id, type constant, etc.
+ * 
+ * 
+ * Thread-Safety Note:
+ * If the given data parameter is mutable (NSMutableData) then you MUST NOT alter the data while
+ * the socket is sending it. In other words, it's not safe to alter the data until after the delegate method
+ * udpSocket:didSendDataWithTag: or udpSocket:didNotSendDataWithTag:dueToError: is invoked signifying
+ * that this particular send operation has completed.
+ * This is due to the fact that GCDAsyncUdpSocket does NOT copy the data.
+ * It simply retains it for performance reasons.
+ * Often times, if NSMutableData is passed, it is because a request/response was built up in memory.
+ * Copying this data adds an unwanted/unneeded overhead.
+ * If you need to write data from an immutable buffer, and you need to alter the buffer before the socket
+ * completes sending the bytes (which is NOT immediately after this method returns, but rather at a later time
+ * when the delegate method notifies you), then you should first copy the bytes, and pass the copy to this method.
+**/
+- (void)sendData:(NSData *)data withTimeout:(NSTimeInterval)timeout tag:(long)tag;
+
+/**
+ * Asynchronously sends the given data, with the given timeout and tag, to the given host and port.
+ * 
+ * This method cannot be used with a connected socket.
+ * Recall that connecting is optional for a UDP socket.
+ * For connected sockets, data can only be sent to the connected address.
+ * For non-connected sockets, the remote destination is specified for each packet.
+ * For more information about optionally connecting udp sockets, see the documentation for the connect methods above.
+ * 
+ * @param data
+ *     The data to send.
+ *     If data is nil or zero-length, this method does nothing.
+ *     If passing NSMutableData, please read the thread-safety notice below.
+ * 
+ * @param host
+ *     The destination to send the udp packet to.
+ *     May be specified as a domain name (e.g. "deusty.com") or an IP address string (e.g. "192.168.0.2").
+ *     You may also use the convenience strings of "loopback" or "localhost".
+ * 
+ * @param port
+ *    The port of the host to send to.
+ * 
+ * @param timeout
+ *    The timeout for the send opeartion.
+ *    If the timeout value is negative, the send operation will not use a timeout.
+ * 
+ * @param tag
+ *    The tag is for your convenience.
+ *    It is not sent or received over the socket in any manner what-so-ever.
+ *    It is reported back as a parameter in the udpSocket:didSendDataWithTag:
+ *    or udpSocket:didNotSendDataWithTag:dueToError: methods.
+ *    You can use it as an array index, state id, type constant, etc.
+ * 
+ * 
+ * Thread-Safety Note:
+ * If the given data parameter is mutable (NSMutableData) then you MUST NOT alter the data while
+ * the socket is sending it. In other words, it's not safe to alter the data until after the delegate method
+ * udpSocket:didSendDataWithTag: or udpSocket:didNotSendDataWithTag:dueToError: is invoked signifying
+ * that this particular send operation has completed.
+ * This is due to the fact that GCDAsyncUdpSocket does NOT copy the data.
+ * It simply retains it for performance reasons.
+ * Often times, if NSMutableData is passed, it is because a request/response was built up in memory.
+ * Copying this data adds an unwanted/unneeded overhead.
+ * If you need to write data from an immutable buffer, and you need to alter the buffer before the socket
+ * completes sending the bytes (which is NOT immediately after this method returns, but rather at a later time
+ * when the delegate method notifies you), then you should first copy the bytes, and pass the copy to this method.
+**/
+- (void)sendData:(NSData *)data
+          toHost:(NSString *)host
+            port:(uint16_t)port
+     withTimeout:(NSTimeInterval)timeout
+             tag:(long)tag;
+
+/**
+ * Asynchronously sends the given data, with the given timeout and tag, to the given address.
+ * 
+ * This method cannot be used with a connected socket.
+ * Recall that connecting is optional for a UDP socket.
+ * For connected sockets, data can only be sent to the connected address.
+ * For non-connected sockets, the remote destination is specified for each packet.
+ * For more information about optionally connecting udp sockets, see the documentation for the connect methods above.
+ * 
+ * @param data
+ *     The data to send.
+ *     If data is nil or zero-length, this method does nothing.
+ *     If passing NSMutableData, please read the thread-safety notice below.
+ * 
+ * @param remoteAddr
+ *     The address to send the data to (specified as a sockaddr structure wrapped in a NSData object).
+ * 
+ * @param timeout
+ *    The timeout for the send opeartion.
+ *    If the timeout value is negative, the send operation will not use a timeout.
+ * 
+ * @param tag
+ *    The tag is for your convenience.
+ *    It is not sent or received over the socket in any manner what-so-ever.
+ *    It is reported back as a parameter in the udpSocket:didSendDataWithTag:
+ *    or udpSocket:didNotSendDataWithTag:dueToError: methods.
+ *    You can use it as an array index, state id, type constant, etc.
+ * 
+ * 
+ * Thread-Safety Note:
+ * If the given data parameter is mutable (NSMutableData) then you MUST NOT alter the data while
+ * the socket is sending it. In other words, it's not safe to alter the data until after the delegate method
+ * udpSocket:didSendDataWithTag: or udpSocket:didNotSendDataWithTag:dueToError: is invoked signifying
+ * that this particular send operation has completed.
+ * This is due to the fact that GCDAsyncUdpSocket does NOT copy the data.
+ * It simply retains it for performance reasons.
+ * Often times, if NSMutableData is passed, it is because a request/response was built up in memory.
+ * Copying this data adds an unwanted/unneeded overhead.
+ * If you need to write data from an immutable buffer, and you need to alter the buffer before the socket
+ * completes sending the bytes (which is NOT immediately after this method returns, but rather at a later time
+ * when the delegate method notifies you), then you should first copy the bytes, and pass the copy to this method.
+**/
+- (void)sendData:(NSData *)data toAddress:(NSData *)remoteAddr withTimeout:(NSTimeInterval)timeout tag:(long)tag;
+
+/**
+ * You may optionally set a send filter for the socket.
+ * A filter can provide several interesting possibilities:
+ * 
+ * 1. Optional caching of resolved addresses for domain names.
+ *    The cache could later be consulted, resulting in fewer system calls to getaddrinfo.
+ * 
+ * 2. Reusable modules of code for bandwidth monitoring.
+ * 
+ * 3. Sometimes traffic shapers are needed to simulate real world environments.
+ *    A filter allows you to write custom code to simulate such environments.
+ *    The ability to code this yourself is especially helpful when your simulated environment
+ *    is more complicated than simple traffic shaping (e.g. simulating a cone port restricted router),
+ *    or the system tools to handle this aren't available (e.g. on a mobile device).
+ * 
+ * For more information about GCDAsyncUdpSocketSendFilterBlock, see the documentation for its typedef.
+ * To remove a previously set filter, invoke this method and pass a nil filterBlock and NULL filterQueue.
+ * 
+ * Note: This method invokes setSendFilter:withQueue:isAsynchronous: (documented below),
+ *       passing YES for the isAsynchronous parameter.
+**/
+- (void)setSendFilter:(nullable GCDAsyncUdpSocketSendFilterBlock)filterBlock withQueue:(nullable dispatch_queue_t)filterQueue;
+
+/**
+ * The receive filter can be run via dispatch_async or dispatch_sync.
+ * Most typical situations call for asynchronous operation.
+ * 
+ * However, there are a few situations in which synchronous operation is preferred.
+ * Such is the case when the filter is extremely minimal and fast.
+ * This is because dispatch_sync is faster than dispatch_async.
+ * 
+ * If you choose synchronous operation, be aware of possible deadlock conditions.
+ * Since the socket queue is executing your block via dispatch_sync,
+ * then you cannot perform any tasks which may invoke dispatch_sync on the socket queue.
+ * For example, you can't query properties on the socket.
+**/
+- (void)setSendFilter:(nullable GCDAsyncUdpSocketSendFilterBlock)filterBlock
+            withQueue:(nullable dispatch_queue_t)filterQueue
+       isAsynchronous:(BOOL)isAsynchronous;
+
+#pragma mark Receiving
+
+/**
+ * There are two modes of operation for receiving packets: one-at-a-time & continuous.
+ * 
+ * In one-at-a-time mode, you call receiveOnce everytime your delegate is ready to process an incoming udp packet.
+ * Receiving packets one-at-a-time may be better suited for implementing certain state machine code,
+ * where your state machine may not always be ready to process incoming packets.
+ * 
+ * In continuous mode, the delegate is invoked immediately everytime incoming udp packets are received.
+ * Receiving packets continuously is better suited to real-time streaming applications.
+ * 
+ * You may switch back and forth between one-at-a-time mode and continuous mode.
+ * If the socket is currently in continuous mode, calling this method will switch it to one-at-a-time mode.
+ * 
+ * When a packet is received (and not filtered by the optional receive filter),
+ * the delegate method (udpSocket:didReceiveData:fromAddress:withFilterContext:) is invoked.
+ * 
+ * If the socket is able to begin receiving packets, this method returns YES.
+ * Otherwise it returns NO, and sets the errPtr with appropriate error information.
+ * 
+ * An example error:
+ * You created a udp socket to act as a server, and immediately called receive.
+ * You forgot to first bind the socket to a port number, and received a error with a message like:
+ * "Must bind socket before you can receive data."
+**/
+- (BOOL)receiveOnce:(NSError **)errPtr;
+
+/**
+ * There are two modes of operation for receiving packets: one-at-a-time & continuous.
+ * 
+ * In one-at-a-time mode, you call receiveOnce everytime your delegate is ready to process an incoming udp packet.
+ * Receiving packets one-at-a-time may be better suited for implementing certain state machine code,
+ * where your state machine may not always be ready to process incoming packets.
+ * 
+ * In continuous mode, the delegate is invoked immediately everytime incoming udp packets are received.
+ * Receiving packets continuously is better suited to real-time streaming applications.
+ * 
+ * You may switch back and forth between one-at-a-time mode and continuous mode.
+ * If the socket is currently in one-at-a-time mode, calling this method will switch it to continuous mode.
+ * 
+ * For every received packet (not filtered by the optional receive filter),
+ * the delegate method (udpSocket:didReceiveData:fromAddress:withFilterContext:) is invoked.
+ * 
+ * If the socket is able to begin receiving packets, this method returns YES.
+ * Otherwise it returns NO, and sets the errPtr with appropriate error information.
+ * 
+ * An example error:
+ * You created a udp socket to act as a server, and immediately called receive.
+ * You forgot to first bind the socket to a port number, and received a error with a message like:
+ * "Must bind socket before you can receive data."
+**/
+- (BOOL)beginReceiving:(NSError **)errPtr;
+
+/**
+ * If the socket is currently receiving (beginReceiving has been called), this method pauses the receiving.
+ * That is, it won't read any more packets from the underlying OS socket until beginReceiving is called again.
+ * 
+ * Important Note:
+ * GCDAsyncUdpSocket may be running in parallel with your code.
+ * That is, your delegate is likely running on a separate thread/dispatch_queue.
+ * When you invoke this method, GCDAsyncUdpSocket may have already dispatched delegate methods to be invoked.
+ * Thus, if those delegate methods have already been dispatch_async'd,
+ * your didReceive delegate method may still be invoked after this method has been called.
+ * You should be aware of this, and program defensively.
+**/
+- (void)pauseReceiving;
+
+/**
+ * You may optionally set a receive filter for the socket.
+ * This receive filter may be set to run in its own queue (independent of delegate queue).
+ * 
+ * A filter can provide several useful features.
+ * 
+ * 1. Many times udp packets need to be parsed.
+ *    Since the filter can run in its own independent queue, you can parallelize this parsing quite easily.
+ *    The end result is a parallel socket io, datagram parsing, and packet processing.
+ * 
+ * 2. Many times udp packets are discarded because they are duplicate/unneeded/unsolicited.
+ *    The filter can prevent such packets from arriving at the delegate.
+ *    And because the filter can run in its own independent queue, this doesn't slow down the delegate.
+ * 
+ *    - Since the udp protocol does not guarantee delivery, udp packets may be lost.
+ *      Many protocols built atop udp thus provide various resend/re-request algorithms.
+ *      This sometimes results in duplicate packets arriving.
+ *      A filter may allow you to architect the duplicate detection code to run in parallel to normal processing.
+ *    
+ *    - Since the udp socket may be connectionless, its possible for unsolicited packets to arrive.
+ *      Such packets need to be ignored.
+ * 
+ * 3. Sometimes traffic shapers are needed to simulate real world environments.
+ *    A filter allows you to write custom code to simulate such environments.
+ *    The ability to code this yourself is especially helpful when your simulated environment
+ *    is more complicated than simple traffic shaping (e.g. simulating a cone port restricted router),
+ *    or the system tools to handle this aren't available (e.g. on a mobile device).
+ * 
+ * Example:
+ * 
+ * GCDAsyncUdpSocketReceiveFilterBlock filter = ^BOOL (NSData *data, NSData *address, id *context) {
+ * 
+ *     MyProtocolMessage *msg = [MyProtocol parseMessage:data];
+ *     
+ *     *context = response;
+ *     return (response != nil);
+ * };
+ * [udpSocket setReceiveFilter:filter withQueue:myParsingQueue];
+ * 
+ * For more information about GCDAsyncUdpSocketReceiveFilterBlock, see the documentation for its typedef.
+ * To remove a previously set filter, invoke this method and pass a nil filterBlock and NULL filterQueue.
+ * 
+ * Note: This method invokes setReceiveFilter:withQueue:isAsynchronous: (documented below),
+ *       passing YES for the isAsynchronous parameter.
+**/
+- (void)setReceiveFilter:(nullable GCDAsyncUdpSocketReceiveFilterBlock)filterBlock withQueue:(nullable dispatch_queue_t)filterQueue;
+
+/**
+ * The receive filter can be run via dispatch_async or dispatch_sync.
+ * Most typical situations call for asynchronous operation.
+ * 
+ * However, there are a few situations in which synchronous operation is preferred.
+ * Such is the case when the filter is extremely minimal and fast.
+ * This is because dispatch_sync is faster than dispatch_async.
+ * 
+ * If you choose synchronous operation, be aware of possible deadlock conditions.
+ * Since the socket queue is executing your block via dispatch_sync,
+ * then you cannot perform any tasks which may invoke dispatch_sync on the socket queue.
+ * For example, you can't query properties on the socket.
+**/
+- (void)setReceiveFilter:(nullable GCDAsyncUdpSocketReceiveFilterBlock)filterBlock
+               withQueue:(nullable dispatch_queue_t)filterQueue
+          isAsynchronous:(BOOL)isAsynchronous;
+
+#pragma mark Closing
+
+/**
+ * Immediately closes the underlying socket.
+ * Any pending send operations are discarded.
+ * 
+ * The GCDAsyncUdpSocket instance may optionally be used again.
+ *   (it will setup/configure/use another unnderlying BSD socket).
+**/
+- (void)close;
+
+/**
+ * Closes the underlying socket after all pending send operations have been sent.
+ * 
+ * The GCDAsyncUdpSocket instance may optionally be used again.
+ *   (it will setup/configure/use another unnderlying BSD socket).
+**/
+- (void)closeAfterSending;
+
+#pragma mark Advanced
+/**
+ * GCDAsyncSocket maintains thread safety by using an internal serial dispatch_queue.
+ * In most cases, the instance creates this queue itself.
+ * However, to allow for maximum flexibility, the internal queue may be passed in the init method.
+ * This allows for some advanced options such as controlling socket priority via target queues.
+ * However, when one begins to use target queues like this, they open the door to some specific deadlock issues.
+ *
+ * For example, imagine there are 2 queues:
+ * dispatch_queue_t socketQueue;
+ * dispatch_queue_t socketTargetQueue;
+ *
+ * If you do this (pseudo-code):
+ * socketQueue.targetQueue = socketTargetQueue;
+ *
+ * Then all socketQueue operations will actually get run on the given socketTargetQueue.
+ * This is fine and works great in most situations.
+ * But if you run code directly from within the socketTargetQueue that accesses the socket,
+ * you could potentially get deadlock. Imagine the following code:
+ *
+ * - (BOOL)socketHasSomething
+ * {
+ *     __block BOOL result = NO;
+ *     dispatch_block_t block = ^{
+ *         result = [self someInternalMethodToBeRunOnlyOnSocketQueue];
+ *     }
+ *     if (is_executing_on_queue(socketQueue))
+ *         block();
+ *     else
+ *         dispatch_sync(socketQueue, block);
+ *
+ *     return result;
+ * }
+ *
+ * What happens if you call this method from the socketTargetQueue? The result is deadlock.
+ * This is because the GCD API offers no mechanism to discover a queue's targetQueue.
+ * Thus we have no idea if our socketQueue is configured with a targetQueue.
+ * If we had this information, we could easily avoid deadlock.
+ * But, since these API's are missing or unfeasible, you'll have to explicitly set it.
+ *
+ * IF you pass a socketQueue via the init method,
+ * AND you've configured the passed socketQueue with a targetQueue,
+ * THEN you should pass the end queue in the target hierarchy.
+ *
+ * For example, consider the following queue hierarchy:
+ * socketQueue -> ipQueue -> moduleQueue
+ *
+ * This example demonstrates priority shaping within some server.
+ * All incoming client connections from the same IP address are executed on the same target queue.
+ * And all connections for a particular module are executed on the same target queue.
+ * Thus, the priority of all networking for the entire module can be changed on the fly.
+ * Additionally, networking traffic from a single IP cannot monopolize the module.
+ *
+ * Here's how you would accomplish something like that:
+ * - (dispatch_queue_t)newSocketQueueForConnectionFromAddress:(NSData *)address onSocket:(GCDAsyncSocket *)sock
+ * {
+ *     dispatch_queue_t socketQueue = dispatch_queue_create("", NULL);
+ *     dispatch_queue_t ipQueue = [self ipQueueForAddress:address];
+ *
+ *     dispatch_set_target_queue(socketQueue, ipQueue);
+ *     dispatch_set_target_queue(iqQueue, moduleQueue);
+ *
+ *     return socketQueue;
+ * }
+ * - (void)socket:(GCDAsyncSocket *)sock didAcceptNewSocket:(GCDAsyncSocket *)newSocket
+ * {
+ *     [clientConnections addObject:newSocket];
+ *     [newSocket markSocketQueueTargetQueue:moduleQueue];
+ * }
+ *
+ * Note: This workaround is ONLY needed if you intend to execute code directly on the ipQueue or moduleQueue.
+ * This is often NOT the case, as such queues are used solely for execution shaping.
+ **/
+- (void)markSocketQueueTargetQueue:(dispatch_queue_t)socketQueuesPreConfiguredTargetQueue;
+- (void)unmarkSocketQueueTargetQueue:(dispatch_queue_t)socketQueuesPreviouslyConfiguredTargetQueue;
+
+/**
+ * It's not thread-safe to access certain variables from outside the socket's internal queue.
+ * 
+ * For example, the socket file descriptor.
+ * File descriptors are simply integers which reference an index in the per-process file table.
+ * However, when one requests a new file descriptor (by opening a file or socket),
+ * the file descriptor returned is guaranteed to be the lowest numbered unused descriptor.
+ * So if we're not careful, the following could be possible:
+ * 
+ * - Thread A invokes a method which returns the socket's file descriptor.
+ * - The socket is closed via the socket's internal queue on thread B.
+ * - Thread C opens a file, and subsequently receives the file descriptor that was previously the socket's FD.
+ * - Thread A is now accessing/altering the file instead of the socket.
+ * 
+ * In addition to this, other variables are not actually objects,
+ * and thus cannot be retained/released or even autoreleased.
+ * An example is the sslContext, of type SSLContextRef, which is actually a malloc'd struct.
+ * 
+ * Although there are internal variables that make it difficult to maintain thread-safety,
+ * it is important to provide access to these variables
+ * to ensure this class can be used in a wide array of environments.
+ * This method helps to accomplish this by invoking the current block on the socket's internal queue.
+ * The methods below can be invoked from within the block to access
+ * those generally thread-unsafe internal variables in a thread-safe manner.
+ * The given block will be invoked synchronously on the socket's internal queue.
+ * 
+ * If you save references to any protected variables and use them outside the block, you do so at your own peril.
+**/
+- (void)performBlock:(dispatch_block_t)block;
+
+/**
+ * These methods are only available from within the context of a performBlock: invocation.
+ * See the documentation for the performBlock: method above.
+ * 
+ * Provides access to the socket's file descriptor(s).
+ * If the socket isn't connected, or explicity bound to a particular interface,
+ * it might actually have multiple internal socket file descriptors - one for IPv4 and one for IPv6.
+**/
+- (int)socketFD;
+- (int)socket4FD;
+- (int)socket6FD;
+
+#if TARGET_OS_IPHONE
+
+/**
+ * These methods are only available from within the context of a performBlock: invocation.
+ * See the documentation for the performBlock: method above.
+ * 
+ * Returns (creating if necessary) a CFReadStream/CFWriteStream for the internal socket.
+ * 
+ * Generally GCDAsyncUdpSocket doesn't use CFStream. (It uses the faster GCD API's.)
+ * However, if you need one for any reason,
+ * these methods are a convenient way to get access to a safe instance of one.
+**/
+- (nullable CFReadStreamRef)readStream;
+- (nullable CFWriteStreamRef)writeStream;
+
+/**
+ * This method is only available from within the context of a performBlock: invocation.
+ * See the documentation for the performBlock: method above.
+ * 
+ * Configures the socket to allow it to operate when the iOS application has been backgrounded.
+ * In other words, this method creates a read & write stream, and invokes:
+ * 
+ * CFReadStreamSetProperty(readStream, kCFStreamNetworkServiceType, kCFStreamNetworkServiceTypeVoIP);
+ * CFWriteStreamSetProperty(writeStream, kCFStreamNetworkServiceType, kCFStreamNetworkServiceTypeVoIP);
+ * 
+ * Returns YES if successful, NO otherwise.
+ * 
+ * Example usage:
+ * 
+ * [asyncUdpSocket performBlock:^{
+ *     [asyncUdpSocket enableBackgroundingOnSocket];
+ * }];
+ * 
+ * 
+ * NOTE : Apple doesn't currently support backgrounding UDP sockets. (Only TCP for now).
+**/
+//- (BOOL)enableBackgroundingOnSockets;
+
+#endif
+
+#pragma mark Utilities
+
+/**
+ * Extracting host/port/family information from raw address data.
+**/
+
++ (nullable NSString *)hostFromAddress:(NSData *)address;
++ (uint16_t)portFromAddress:(NSData *)address;
++ (int)familyFromAddress:(NSData *)address;
+
++ (BOOL)isIPv4Address:(NSData *)address;
++ (BOOL)isIPv6Address:(NSData *)address;
+
++ (BOOL)getHost:(NSString * __nullable * __nullable)hostPtr port:(uint16_t * __nullable)portPtr fromAddress:(NSData *)address;
++ (BOOL)getHost:(NSString * __nullable * __nullable)hostPtr port:(uint16_t * __nullable)portPtr family:(int * __nullable)afPtr fromAddress:(NSData *)address;
+
+@end
+
+NS_ASSUME_NONNULL_END
diff --git a/client/3rd/PacketProcessor/PacketProcessor/CocoaAsyncSocket/CocoaAsyncSocket.framework/Info.plist b/client/3rd/PacketProcessor/PacketProcessor/CocoaAsyncSocket/CocoaAsyncSocket.framework/Info.plist
new file mode 100644
index 00000000..ff682d01
Binary files /dev/null and b/client/3rd/PacketProcessor/PacketProcessor/CocoaAsyncSocket/CocoaAsyncSocket.framework/Info.plist differ
diff --git a/client/3rd/PacketProcessor/PacketProcessor/CocoaAsyncSocket/CocoaAsyncSocket.framework/Modules/module.modulemap b/client/3rd/PacketProcessor/PacketProcessor/CocoaAsyncSocket/CocoaAsyncSocket.framework/Modules/module.modulemap
new file mode 100644
index 00000000..6c90f597
--- /dev/null
+++ b/client/3rd/PacketProcessor/PacketProcessor/CocoaAsyncSocket/CocoaAsyncSocket.framework/Modules/module.modulemap
@@ -0,0 +1,6 @@
+framework module CocoaAsyncSocket {
+  umbrella header "CocoaAsyncSocket.h"
+
+  export *
+  module * { export * }
+}
diff --git a/client/3rd/PacketProcessor/PacketProcessor/CocoaAsyncSocket/CocoaAsyncSocket.framework/_CodeSignature/CodeResources b/client/3rd/PacketProcessor/PacketProcessor/CocoaAsyncSocket/CocoaAsyncSocket.framework/_CodeSignature/CodeResources
new file mode 100644
index 00000000..f9371095
--- /dev/null
+++ b/client/3rd/PacketProcessor/PacketProcessor/CocoaAsyncSocket/CocoaAsyncSocket.framework/_CodeSignature/CodeResources
@@ -0,0 +1,162 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!DOCTYPE plist PUBLIC "-//Apple//DTD PLIST 1.0//EN" "http://www.apple.com/DTDs/PropertyList-1.0.dtd">
+<plist version="1.0">
+<dict>
+	<key>files</key>
+	<dict>
+		<key>Headers/CocoaAsyncSocket.h</key>
+		<data>
+		19xueMkhcDCf6A2ihyiTCDjWjd4=
+		</data>
+		<key>Headers/GCDAsyncSocket.h</key>
+		<data>
+		JwDJxahaKup9fnB5MJuoxDHbdDs=
+		</data>
+		<key>Headers/GCDAsyncUdpSocket.h</key>
+		<data>
+		9hL7D86xSUKQ1TBRDa+fDNkDlqI=
+		</data>
+		<key>Info.plist</key>
+		<data>
+		eCKEB+C8HfC7DIu6eNc6P3wxyLo=
+		</data>
+		<key>Modules/module.modulemap</key>
+		<data>
+		+n94rYTWDjekX3imyh+PSyA9vgA=
+		</data>
+	</dict>
+	<key>files2</key>
+	<dict>
+		<key>Headers/CocoaAsyncSocket.h</key>
+		<dict>
+			<key>hash</key>
+			<data>
+			19xueMkhcDCf6A2ihyiTCDjWjd4=
+			</data>
+			<key>hash2</key>
+			<data>
+			VpE7gL1U1p/0urO77FEjPNjY06qrttQJnalOd+6VYDQ=
+			</data>
+		</dict>
+		<key>Headers/GCDAsyncSocket.h</key>
+		<dict>
+			<key>hash</key>
+			<data>
+			JwDJxahaKup9fnB5MJuoxDHbdDs=
+			</data>
+			<key>hash2</key>
+			<data>
+			JL0b2lWPgVphz/ekZLsGMKrShDXTK2YY53aKtusc9hk=
+			</data>
+		</dict>
+		<key>Headers/GCDAsyncUdpSocket.h</key>
+		<dict>
+			<key>hash</key>
+			<data>
+			9hL7D86xSUKQ1TBRDa+fDNkDlqI=
+			</data>
+			<key>hash2</key>
+			<data>
+			uNVm5yZ0jBhGDXZuAynPXvem1qcBvAVdWXAewQdJbh8=
+			</data>
+		</dict>
+		<key>Modules/module.modulemap</key>
+		<dict>
+			<key>hash</key>
+			<data>
+			+n94rYTWDjekX3imyh+PSyA9vgA=
+			</data>
+			<key>hash2</key>
+			<data>
+			RoVn8xMeEnU3Izg0DtYjYL/krI8V7qw0sa7Ggf+08Rs=
+			</data>
+		</dict>
+	</dict>
+	<key>rules</key>
+	<dict>
+		<key>^.*</key>
+		<true/>
+		<key>^.*\.lproj/</key>
+		<dict>
+			<key>optional</key>
+			<true/>
+			<key>weight</key>
+			<real>1000</real>
+		</dict>
+		<key>^.*\.lproj/locversion.plist$</key>
+		<dict>
+			<key>omit</key>
+			<true/>
+			<key>weight</key>
+			<real>1100</real>
+		</dict>
+		<key>^Base\.lproj/</key>
+		<dict>
+			<key>weight</key>
+			<real>1010</real>
+		</dict>
+		<key>^version.plist$</key>
+		<true/>
+	</dict>
+	<key>rules2</key>
+	<dict>
+		<key>.*\.dSYM($|/)</key>
+		<dict>
+			<key>weight</key>
+			<real>11</real>
+		</dict>
+		<key>^(.*/)?\.DS_Store$</key>
+		<dict>
+			<key>omit</key>
+			<true/>
+			<key>weight</key>
+			<real>2000</real>
+		</dict>
+		<key>^.*</key>
+		<true/>
+		<key>^.*\.lproj/</key>
+		<dict>
+			<key>optional</key>
+			<true/>
+			<key>weight</key>
+			<real>1000</real>
+		</dict>
+		<key>^.*\.lproj/locversion.plist$</key>
+		<dict>
+			<key>omit</key>
+			<true/>
+			<key>weight</key>
+			<real>1100</real>
+		</dict>
+		<key>^Base\.lproj/</key>
+		<dict>
+			<key>weight</key>
+			<real>1010</real>
+		</dict>
+		<key>^Info\.plist$</key>
+		<dict>
+			<key>omit</key>
+			<true/>
+			<key>weight</key>
+			<real>20</real>
+		</dict>
+		<key>^PkgInfo$</key>
+		<dict>
+			<key>omit</key>
+			<true/>
+			<key>weight</key>
+			<real>20</real>
+		</dict>
+		<key>^embedded\.provisionprofile$</key>
+		<dict>
+			<key>weight</key>
+			<real>20</real>
+		</dict>
+		<key>^version\.plist$</key>
+		<dict>
+			<key>weight</key>
+			<real>20</real>
+		</dict>
+	</dict>
+</dict>
+</plist>
diff --git a/client/3rd/PacketProcessor/PacketProcessor/Info.plist b/client/3rd/PacketProcessor/PacketProcessor/Info.plist
new file mode 100644
index 00000000..5f5e9abf
--- /dev/null
+++ b/client/3rd/PacketProcessor/PacketProcessor/Info.plist
@@ -0,0 +1,8 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!DOCTYPE plist PUBLIC "-//Apple//DTD PLIST 1.0//EN" "http://www.apple.com/DTDs/PropertyList-1.0.dtd">
+<plist version="1.0">
+<dict>
+	<key>CFBundleSignature</key>
+	<string>????</string>
+</dict>
+</plist>
diff --git a/client/3rd/PacketProcessor/PacketProcessor/PacketProcessor.h b/client/3rd/PacketProcessor/PacketProcessor/PacketProcessor.h
new file mode 100644
index 00000000..861c4c10
--- /dev/null
+++ b/client/3rd/PacketProcessor/PacketProcessor/PacketProcessor.h
@@ -0,0 +1,19 @@
+//
+//  PacketProcessor.h
+//  PacketProcessor
+//
+//  Created by sanchez on 20.12.2021.
+//
+
+#import <Foundation/Foundation.h>
+
+//! Project version number for PacketProcessor.
+FOUNDATION_EXPORT double PacketProcessorVersionNumber;
+
+//! Project version string for PacketProcessor.
+FOUNDATION_EXPORT const unsigned char PacketProcessorVersionString[];
+
+// In this header, you should import all the public headers of your framework using statements like #import <PacketProcessor/PublicHeader.h>
+
+
+#import "TunnelInterface.h"
\ No newline at end of file
diff --git a/client/3rd/PacketProcessor/PacketProcessor/TunnelInterface.h b/client/3rd/PacketProcessor/PacketProcessor/TunnelInterface.h
new file mode 100644
index 00000000..5de27d9f
--- /dev/null
+++ b/client/3rd/PacketProcessor/PacketProcessor/TunnelInterface.h
@@ -0,0 +1,23 @@
+//
+//  TunnelInterface.h
+//  Potatso
+//
+//  Created by LEI on 12/23/15.
+//  Copyright © 2015 TouchingApp. All rights reserved.
+//
+
+#import <Foundation/Foundation.h>
+
+@import NetworkExtension;
+
+#define TunnelMTU 1600
+#define kTun2SocksStoppedNotification @"kTun2SocksStoppedNotification"
+
+@interface TunnelInterface : NSObject
++ (TunnelInterface *)sharedInterface;
++ (NSError *)setupWithPacketTunnelFlow:(NEPacketTunnelFlow *)packetFlow;
++ (void)processPackets;
++ (void)writePacket: (NSData *)packet;
++ (void)startTun2Socks: (int)socksServerPort;
++ (void)stop;
+@end
diff --git a/client/3rd/PacketProcessor/PacketProcessor/TunnelInterface.m b/client/3rd/PacketProcessor/PacketProcessor/TunnelInterface.m
new file mode 100644
index 00000000..4a875ed1
--- /dev/null
+++ b/client/3rd/PacketProcessor/PacketProcessor/TunnelInterface.m
@@ -0,0 +1,239 @@
+//
+//  TunnelInterface.m
+//  Potatso
+//
+//  Created by LEI on 12/23/15.
+//  Copyright © 2015 TouchingApp. All rights reserved.
+//
+
+#import "TunnelInterface.h"
+#import <netinet/ip.h>
+#import "ipv4/lwip/ip4.h"
+#import "lwip/udp.h"
+#import "lwip/ip.h"
+#import <arpa/inet.h>
+#import "inet_chksum.h"
+#import "tun2socks/tun2socks.h"
+@import CocoaAsyncSocket;
+
+#define kTunnelInterfaceErrorDomain [NSString stringWithFormat:@"%@.TunnelInterface", [[NSBundle mainBundle] bundleIdentifier]]
+
+@interface TunnelInterface () <GCDAsyncUdpSocketDelegate>
+@property (nonatomic) NEPacketTunnelFlow *tunnelPacketFlow;
+@property (nonatomic) NSMutableDictionary *udpSession;
+@property (nonatomic) GCDAsyncUdpSocket *udpSocket;
+@property (nonatomic) int readFd;
+@property (nonatomic) int writeFd;
+@end
+
+@implementation TunnelInterface
+
++ (TunnelInterface *)sharedInterface {
+    static dispatch_once_t onceToken;
+    static TunnelInterface *interface;
+    dispatch_once(&onceToken, ^{
+        interface = [TunnelInterface new];
+    });
+    return interface;
+}
+
+- (instancetype)init {
+    self = [super init];
+    if (self) {
+        _udpSession = [NSMutableDictionary dictionaryWithCapacity:5];
+        _udpSocket = [[GCDAsyncUdpSocket alloc] initWithDelegate:self delegateQueue:dispatch_queue_create("udp", NULL)];
+    }
+    return self;
+}
+
++ (NSError *)setupWithPacketTunnelFlow:(NEPacketTunnelFlow *)packetFlow {
+    if (packetFlow == nil) {
+        return [NSError errorWithDomain:kTunnelInterfaceErrorDomain code:1 userInfo:@{NSLocalizedDescriptionKey: @"PacketTunnelFlow can't be nil."}];
+    }
+    [TunnelInterface sharedInterface].tunnelPacketFlow = packetFlow;
+    
+    NSError *error;
+    GCDAsyncUdpSocket *udpSocket = [TunnelInterface sharedInterface].udpSocket;
+    [udpSocket bindToPort:0 error:&error];
+    if (error) {
+        return [NSError errorWithDomain:kTunnelInterfaceErrorDomain code:1 userInfo:@{NSLocalizedDescriptionKey: [NSString stringWithFormat:@"UDP bind fail(%@).", [error localizedDescription]]}];
+    }
+    [udpSocket beginReceiving:&error];
+    if (error) {
+        return [NSError errorWithDomain:kTunnelInterfaceErrorDomain code:1 userInfo:@{NSLocalizedDescriptionKey: [NSString stringWithFormat:@"UDP bind fail(%@).", [error localizedDescription]]}];
+    }
+    
+    int fds[2];
+    if (pipe(fds) < 0) {
+        return [NSError errorWithDomain:kTunnelInterfaceErrorDomain code:-1 userInfo:@{NSLocalizedDescriptionKey: @"Unable to pipe."}];
+    }
+    [TunnelInterface sharedInterface].readFd = fds[0];
+    [TunnelInterface sharedInterface].writeFd = fds[1];
+    return nil;
+}
+
++ (void)startTun2Socks: (int)socksServerPort {
+    [NSThread detachNewThreadSelector:@selector(_startTun2Socks:) toTarget:[TunnelInterface sharedInterface] withObject:@(socksServerPort)];
+}
+
++ (void)stop {
+    stop_tun2socks();
+}
+
++ (void)writePacket:(NSData *)packet {
+    dispatch_async(dispatch_get_main_queue(), ^{
+        [[TunnelInterface sharedInterface].tunnelPacketFlow writePackets:@[packet] withProtocols:@[@(AF_INET)]];
+    });
+}
+
++ (void)processPackets {
+    __weak typeof(self) weakSelf = self;
+    [[TunnelInterface sharedInterface].tunnelPacketFlow readPacketsWithCompletionHandler:^(NSArray<NSData *> * _Nonnull packets, NSArray<NSNumber *> * _Nonnull protocols) {
+        for (NSData *packet in packets) {
+            uint8_t *data = (uint8_t *)packet.bytes;
+            struct ip_hdr *iphdr = (struct ip_hdr *)data;
+            uint8_t proto = IPH_PROTO(iphdr);
+            if (proto == IP_PROTO_UDP) {
+                [[TunnelInterface sharedInterface] handleUDPPacket:packet];
+            }else if (proto == IP_PROTO_TCP) {
+                [[TunnelInterface sharedInterface] handleTCPPPacket:packet];
+            }
+        }
+        [weakSelf processPackets];
+    }];
+
+}
+
+- (void)_startTun2Socks: (NSNumber *)socksServerPort {
+    char socks_server[50];
+    sprintf(socks_server, "127.0.0.1:%d", (int)([socksServerPort integerValue]));
+#if TCP_DATA_LOG_ENABLE
+    char *log_lvel = "debug";
+#else
+    char *log_lvel = "none";
+#endif
+    char *argv[] = {
+        "tun2socks",
+        "--netif-ipaddr",
+        "192.0.2.4",
+        "--netif-netmask",
+        "255.255.255.0",
+        "--loglevel",
+        log_lvel,
+        "--socks-server-addr",
+        socks_server
+    };
+    tun2socks_main(sizeof(argv)/sizeof(argv[0]), argv, self.readFd, TunnelMTU);
+    close(self.readFd);
+    close(self.writeFd);
+    [[NSNotificationCenter defaultCenter] postNotificationName:kTun2SocksStoppedNotification object:nil];
+}
+
+- (void)handleTCPPPacket: (NSData *)packet {
+    uint8_t message[TunnelMTU+2];
+    memcpy(message + 2, packet.bytes, packet.length);
+    message[0] = packet.length / 256;
+    message[1] = packet.length % 256;
+    write(self.writeFd , message , packet.length + 2);
+}
+
+- (void)handleUDPPacket: (NSData *)packet {
+    uint8_t *data = (uint8_t *)packet.bytes;
+    int data_len = (int)packet.length;
+    struct ip_hdr *iphdr = (struct ip_hdr *)data;
+    uint8_t version = IPH_V(iphdr);
+
+    switch (version) {
+        case 4: {
+            uint16_t iphdr_hlen = IPH_HL(iphdr) * 4;
+            data = data + iphdr_hlen;
+            data_len -= iphdr_hlen;
+            struct udp_hdr *udphdr = (struct udp_hdr *)data;
+            
+            data = data + sizeof(struct udp_hdr *);
+            data_len -= sizeof(struct udp_hdr *);
+            
+            NSData *outData = [[NSData alloc] initWithBytes:data length:data_len];
+            struct in_addr dest = { iphdr->dest.addr };
+            NSString *destHost = [NSString stringWithUTF8String:inet_ntoa(dest)];
+            NSString *key = [self strForHost:iphdr->dest.addr port:udphdr->dest];
+            NSString *value = [self strForHost:iphdr->src.addr port:udphdr->src];;
+            self.udpSession[key] = value;
+            [self.udpSocket sendData:outData toHost:destHost port:ntohs(udphdr->dest) withTimeout:30 tag:0];
+        } break;
+        case 6: {
+            
+        } break;
+    }
+}
+
+- (void)udpSocket:(GCDAsyncUdpSocket *)sock didReceiveData:(NSData *)data fromAddress:(NSData *)address withFilterContext:(id)filterContext {
+    const struct sockaddr_in *addr = (const struct sockaddr_in *)[address bytes];
+    ip_addr_p_t dest ={ addr->sin_addr.s_addr };
+    in_port_t dest_port = addr->sin_port;
+    NSString *strHostPort = self.udpSession[[self strForHost:dest.addr port:dest_port]];
+    NSArray *hostPortArray = [strHostPort componentsSeparatedByString:@":"];
+    int src_ip = [hostPortArray[0] intValue];
+    int src_port = [hostPortArray[1] intValue];
+    uint8_t *bytes = (uint8_t *)[data bytes];
+    int bytes_len = (int)data.length;
+    int udp_length = sizeof(struct udp_hdr) + bytes_len;
+    int total_len = IP_HLEN + udp_length;
+    
+    ip_addr_p_t src = {src_ip};
+    struct ip_hdr *iphdr = generateNewIPHeader(IP_PROTO_UDP, dest, src, total_len);
+    
+    struct udp_hdr udphdr;
+    udphdr.src = dest_port;
+    udphdr.dest = src_port;
+    udphdr.len = hton16(udp_length);
+    udphdr.chksum = hton16(0);
+    
+    uint8_t *udpdata = malloc(sizeof(uint8_t) * udp_length);
+    memcpy(udpdata, &udphdr, sizeof(struct udp_hdr));
+    memcpy(udpdata + sizeof(struct udp_hdr), bytes, bytes_len);
+    
+    ip_addr_t odest = { dest.addr };
+    ip_addr_t osrc = { src_ip };
+    
+    struct pbuf *p_udp = pbuf_alloc(PBUF_TRANSPORT, udp_length, PBUF_RAM);
+    pbuf_take(p_udp, udpdata, udp_length);
+    
+    struct udp_hdr *new_udphdr = (struct udp_hdr *) p_udp->payload;
+    new_udphdr->chksum = inet_chksum_pseudo(p_udp, IP_PROTO_UDP, p_udp->len, &odest, &osrc);
+    
+    uint8_t *ipdata = malloc(sizeof(uint8_t) * total_len);
+    memcpy(ipdata, iphdr, IP_HLEN);
+    memcpy(ipdata + sizeof(struct ip_hdr), p_udp->payload, udp_length);
+    
+    NSData *outData = [[NSData alloc] initWithBytes:ipdata length:total_len];
+    free(ipdata);
+    free(iphdr);
+    free(udpdata);
+    pbuf_free(p_udp);
+    [TunnelInterface writePacket:outData];
+}
+
+struct ip_hdr *generateNewIPHeader(u8_t proto, ip_addr_p_t src, ip_addr_p_t dest, uint16_t total_len) {
+    struct ip_hdr *iphdr = malloc(sizeof(struct ip_hdr));
+    IPH_VHL_SET(iphdr, 4, IP_HLEN / 4);
+    IPH_TOS_SET(iphdr, 0);
+    IPH_LEN_SET(iphdr, htons(total_len));
+    IPH_ID_SET(iphdr, 0);
+    IPH_OFFSET_SET(iphdr, 0);
+    IPH_TTL_SET(iphdr, 64);
+    IPH_PROTO_SET(iphdr, IP_PROTO_UDP);
+    iphdr->src = src;
+    iphdr->dest = dest;
+    IPH_CHKSUM_SET(iphdr, 0);
+    IPH_CHKSUM_SET(iphdr, inet_chksum(iphdr, IP_HLEN));
+    return iphdr;
+}
+
+- (NSString *)strForHost: (int)host port: (int)port {
+    return [NSString stringWithFormat:@"%d:%d",host, port];
+}
+
+
+
+@end
diff --git a/client/3rd/PacketProcessor/PacketProcessor/tun2socks-iOS/base/BLog.h b/client/3rd/PacketProcessor/PacketProcessor/tun2socks-iOS/base/BLog.h
new file mode 100644
index 00000000..b1881a5e
--- /dev/null
+++ b/client/3rd/PacketProcessor/PacketProcessor/tun2socks-iOS/base/BLog.h
@@ -0,0 +1,400 @@
+/**
+ * @file BLog.h
+ * @author Ambroz Bizjak <ambrop7@gmail.com>
+ * 
+ * @section LICENSE
+ * 
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions are met:
+ * 1. Redistributions of source code must retain the above copyright
+ *    notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in the
+ *    documentation and/or other materials provided with the distribution.
+ * 3. Neither the name of the author nor the
+ *    names of its contributors may be used to endorse or promote products
+ *    derived from this software without specific prior written permission.
+ * 
+ * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS" AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED
+ * WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE
+ * DISCLAIMED. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY
+ * DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES
+ * (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
+ * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND
+ * ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
+ * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS
+ * SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
+ * 
+ * @section DESCRIPTION
+ * 
+ * A global object for logging.
+ */
+
+#ifndef BADVPN_BLOG_H
+#define BADVPN_BLOG_H
+
+#include <stdarg.h>
+#include <string.h>
+
+#include "misc/debug.h"
+#include "misc/memref.h"
+#include "base/BMutex.h"
+
+// auto-generated channel numbers and number of channels
+#include "generated/blog_channels_defines.h"
+
+// keep in sync with level names in BLog.c!
+#define BLOG_ERROR 1
+#define BLOG_WARNING 2
+#define BLOG_NOTICE 3
+#define BLOG_INFO 4
+#define BLOG_DEBUG 5
+
+#define BLog(...) BLog_LogToChannel(BLOG_CURRENT_CHANNEL, __VA_ARGS__)
+#define BContextLog(context, ...) BLog_ContextLog((context), BLOG_CURRENT_CHANNEL, __VA_ARGS__)
+#define BLOG_CCCC(context) BLog_MakeChannelContext((context), BLOG_CURRENT_CHANNEL)
+
+typedef void (*_BLog_log_func) (int channel, int level, const char *msg);
+typedef void (*_BLog_free_func) (void);
+
+struct _BLog_channel {
+    const char *name;
+    int loglevel;
+};
+
+struct _BLog_global {
+    #ifndef NDEBUG
+    int initialized; // initialized statically
+    #endif
+    struct _BLog_channel channels[BLOG_NUM_CHANNELS];
+    _BLog_log_func log_func;
+    _BLog_free_func free_func;
+    BMutex mutex;
+#ifndef NDEBUG
+    int logging;
+#endif
+    char logbuf[2048];
+    int logbuf_pos;
+};
+
+extern struct _BLog_channel blog_channel_list[];
+extern struct _BLog_global blog_global;
+
+typedef void (*BLog_logfunc) (void *);
+
+typedef struct {
+    BLog_logfunc logfunc;
+    void *logfunc_user;
+} BLogContext;
+
+typedef struct {
+    BLogContext context;
+    int channel;
+} BLogChannelContext;
+
+static int BLogGlobal_GetChannelByName (const char *channel_name);
+
+static void BLog_Init (_BLog_log_func log_func, _BLog_free_func free_func);
+static void BLog_Free (void);
+static void BLog_SetChannelLoglevel (int channel, int loglevel);
+static int BLog_WouldLog (int channel, int level);
+static void BLog_Begin (void);
+static void BLog_AppendVarArg (const char *fmt, va_list vl);
+static void BLog_Append (const char *fmt, ...);
+static void BLog_AppendBytes (MemRef data);
+static void BLog_Finish (int channel, int level);
+static void BLog_LogToChannelVarArg (int channel, int level, const char *fmt, va_list vl);
+static void BLog_LogToChannel (int channel, int level, const char *fmt, ...);
+static void BLog_LogViaFuncVarArg (BLog_logfunc func, void *arg, int channel, int level, const char *fmt, va_list vl);
+static void BLog_LogViaFunc (BLog_logfunc func, void *arg, int channel, int level, const char *fmt, ...);
+static BLogContext BLog_RootContext (void);
+static BLogContext BLog_MakeContext (BLog_logfunc logfunc, void *logfunc_user);
+static void BLog_ContextLogVarArg (BLogContext context, int channel, int level, const char *fmt, va_list vl);
+static void BLog_ContextLog (BLogContext context, int channel, int level, const char *fmt, ...);
+static BLogChannelContext BLog_MakeChannelContext (BLogContext context, int channel);
+static void BLog_ChannelContextLogVarArg (BLogChannelContext ccontext, int level, const char *fmt, va_list vl);
+static void BLog_ChannelContextLog (BLogChannelContext ccontext, int level, const char *fmt, ...);
+
+void BLog_InitStdout (void);
+void BLog_InitStderr (void);
+
+int BLogGlobal_GetChannelByName (const char *channel_name)
+{
+    int i;
+    for (i = 0; i < BLOG_NUM_CHANNELS; i++) {
+        if (!strcmp(blog_channel_list[i].name, channel_name)) {
+            return i;
+        }
+    }
+    
+    return -1;
+}
+
+void BLog_Init (_BLog_log_func log_func, _BLog_free_func free_func)
+{
+    ASSERT(!blog_global.initialized)
+    
+    #ifndef NDEBUG
+    blog_global.initialized = 1;
+    #endif
+    
+    // initialize channels
+    memcpy(blog_global.channels, blog_channel_list, BLOG_NUM_CHANNELS * sizeof(struct _BLog_channel));
+    
+    blog_global.log_func = log_func;
+    blog_global.free_func = free_func;
+#ifndef NDEBUG
+    blog_global.logging = 0;
+#endif
+    blog_global.logbuf_pos = 0;
+    blog_global.logbuf[0] = '\0';
+    
+    ASSERT_FORCE(BMutex_Init(&blog_global.mutex))
+}
+
+void BLog_Free (void)
+{
+    ASSERT(blog_global.initialized)
+#ifndef NDEBUG
+    ASSERT(!blog_global.logging)
+#endif
+    
+    BMutex_Free(&blog_global.mutex);
+    
+    #ifndef NDEBUG
+    blog_global.initialized = 0;
+    #endif
+    
+    blog_global.free_func();
+}
+
+void BLog_SetChannelLoglevel (int channel, int loglevel)
+{
+    ASSERT(blog_global.initialized)
+    ASSERT(channel >= 0 && channel < BLOG_NUM_CHANNELS)
+    ASSERT(loglevel >= 0 && loglevel <= BLOG_DEBUG)
+    
+    blog_global.channels[channel].loglevel = loglevel;
+}
+
+int BLog_WouldLog (int channel, int level)
+{
+    ASSERT(blog_global.initialized)
+    ASSERT(channel >= 0 && channel < BLOG_NUM_CHANNELS)
+    ASSERT(level >= BLOG_ERROR && level <= BLOG_DEBUG)
+    
+    return (level <= blog_global.channels[channel].loglevel);
+}
+
+void BLog_Begin (void)
+{
+    ASSERT(blog_global.initialized)
+    
+    BMutex_Lock(&blog_global.mutex);
+    
+#ifndef NDEBUG
+    ASSERT(!blog_global.logging)
+    blog_global.logging = 1;
+#endif
+}
+
+void BLog_AppendVarArg (const char *fmt, va_list vl)
+{
+    ASSERT(blog_global.initialized)
+#ifndef NDEBUG
+    ASSERT(blog_global.logging)
+#endif
+    ASSERT(blog_global.logbuf_pos >= 0)
+    ASSERT(blog_global.logbuf_pos < sizeof(blog_global.logbuf))
+    
+    int w = vsnprintf(blog_global.logbuf + blog_global.logbuf_pos, sizeof(blog_global.logbuf) - blog_global.logbuf_pos, fmt, vl);
+    
+    if (w >= sizeof(blog_global.logbuf) - blog_global.logbuf_pos) {
+        blog_global.logbuf_pos = sizeof(blog_global.logbuf) - 1;
+    } else {
+        blog_global.logbuf_pos += w;
+    }
+}
+
+void BLog_Append (const char *fmt, ...)
+{
+    ASSERT(blog_global.initialized)
+#ifndef NDEBUG
+    ASSERT(blog_global.logging)
+#endif
+    
+    va_list vl;
+    va_start(vl, fmt);
+    BLog_AppendVarArg(fmt, vl);
+    va_end(vl);
+}
+
+void BLog_AppendBytes (MemRef data)
+{
+    ASSERT(blog_global.initialized)
+#ifndef NDEBUG
+    ASSERT(blog_global.logging)
+#endif
+    ASSERT(blog_global.logbuf_pos >= 0)
+    ASSERT(blog_global.logbuf_pos < sizeof(blog_global.logbuf))
+    
+    size_t avail = (sizeof(blog_global.logbuf) - 1) - blog_global.logbuf_pos;
+    data.len = (data.len > avail ? avail : data.len);
+    
+    memcpy(blog_global.logbuf + blog_global.logbuf_pos, data.ptr, data.len);
+    blog_global.logbuf_pos += data.len;
+    blog_global.logbuf[blog_global.logbuf_pos] = '\0';
+}
+
+void BLog_Finish (int channel, int level)
+{
+    ASSERT(blog_global.initialized)
+#ifndef NDEBUG
+    ASSERT(blog_global.logging)
+#endif
+    ASSERT(channel >= 0 && channel < BLOG_NUM_CHANNELS)
+    ASSERT(level >= BLOG_ERROR && level <= BLOG_DEBUG)
+    ASSERT(BLog_WouldLog(channel, level))
+    
+    ASSERT(blog_global.logbuf_pos >= 0)
+    ASSERT(blog_global.logbuf_pos < sizeof(blog_global.logbuf))
+    ASSERT(blog_global.logbuf[blog_global.logbuf_pos] == '\0')
+    
+    blog_global.log_func(channel, level, blog_global.logbuf);
+    
+#ifndef NDEBUG
+    blog_global.logging = 0;
+#endif
+    blog_global.logbuf_pos = 0;
+    blog_global.logbuf[0] = '\0';
+    
+    BMutex_Unlock(&blog_global.mutex);
+}
+
+void BLog_LogToChannelVarArg (int channel, int level, const char *fmt, va_list vl)
+{
+    ASSERT(blog_global.initialized)
+    ASSERT(channel >= 0 && channel < BLOG_NUM_CHANNELS)
+    ASSERT(level >= BLOG_ERROR && level <= BLOG_DEBUG)
+    
+    if (!BLog_WouldLog(channel, level)) {
+        return;
+    }
+    
+    BLog_Begin();
+    BLog_AppendVarArg(fmt, vl);
+    BLog_Finish(channel, level);
+}
+
+void BLog_LogToChannel (int channel, int level, const char *fmt, ...)
+{
+    ASSERT(blog_global.initialized)
+    ASSERT(channel >= 0 && channel < BLOG_NUM_CHANNELS)
+    ASSERT(level >= BLOG_ERROR && level <= BLOG_DEBUG)
+    
+    if (!BLog_WouldLog(channel, level)) {
+        return;
+    }
+    
+    va_list vl;
+    va_start(vl, fmt);
+    
+    BLog_Begin();
+    BLog_AppendVarArg(fmt, vl);
+    BLog_Finish(channel, level);
+    
+    va_end(vl);
+}
+
+void BLog_LogViaFuncVarArg (BLog_logfunc func, void *arg, int channel, int level, const char *fmt, va_list vl)
+{
+    ASSERT(blog_global.initialized)
+    ASSERT(channel >= 0 && channel < BLOG_NUM_CHANNELS)
+    ASSERT(level >= BLOG_ERROR && level <= BLOG_DEBUG)
+    
+    if (!BLog_WouldLog(channel, level)) {
+        return;
+    }
+    
+    BLog_Begin();
+    func(arg);
+    BLog_AppendVarArg(fmt, vl);
+    BLog_Finish(channel, level);
+}
+
+void BLog_LogViaFunc (BLog_logfunc func, void *arg, int channel, int level, const char *fmt, ...)
+{
+    ASSERT(blog_global.initialized)
+    ASSERT(channel >= 0 && channel < BLOG_NUM_CHANNELS)
+    ASSERT(level >= BLOG_ERROR && level <= BLOG_DEBUG)
+    
+    if (!BLog_WouldLog(channel, level)) {
+        return;
+    }
+    
+    va_list vl;
+    va_start(vl, fmt);
+    
+    BLog_Begin();
+    func(arg);
+    BLog_AppendVarArg(fmt, vl);
+    BLog_Finish(channel, level);
+    
+    va_end(vl);
+}
+
+static void BLog__root_logfunc (void *unused)
+{
+}
+
+static BLogContext BLog_RootContext (void)
+{
+    return BLog_MakeContext(BLog__root_logfunc, NULL);
+}
+
+static BLogContext BLog_MakeContext (BLog_logfunc logfunc, void *logfunc_user)
+{
+    ASSERT(logfunc)
+    
+    BLogContext context;
+    context.logfunc = logfunc;
+    context.logfunc_user = logfunc_user;
+    return context;
+}
+
+static void BLog_ContextLogVarArg (BLogContext context, int channel, int level, const char *fmt, va_list vl)
+{
+    BLog_LogViaFuncVarArg(context.logfunc, context.logfunc_user, channel, level, fmt, vl);
+}
+
+static void BLog_ContextLog (BLogContext context, int channel, int level, const char *fmt, ...)
+{
+    va_list vl;
+    va_start(vl, fmt);
+    BLog_ContextLogVarArg(context, channel, level, fmt, vl);
+    va_end(vl);
+}
+
+static BLogChannelContext BLog_MakeChannelContext (BLogContext context, int channel)
+{
+    BLogChannelContext ccontext;
+    ccontext.context = context;
+    ccontext.channel = channel;
+    return ccontext;
+}
+
+static void BLog_ChannelContextLogVarArg (BLogChannelContext ccontext, int level, const char *fmt, va_list vl)
+{
+    BLog_ContextLogVarArg(ccontext.context, ccontext.channel, level, fmt, vl);
+}
+
+static void BLog_ChannelContextLog (BLogChannelContext ccontext, int level, const char *fmt, ...)
+{
+    va_list vl;
+    va_start(vl, fmt);
+    BLog_ChannelContextLogVarArg(ccontext, level, fmt, vl);
+    va_end(vl);
+}
+
+#endif
diff --git a/client/3rd/PacketProcessor/PacketProcessor/tun2socks-iOS/base/BLog.m b/client/3rd/PacketProcessor/PacketProcessor/tun2socks-iOS/base/BLog.m
new file mode 100644
index 00000000..18c79c24
--- /dev/null
+++ b/client/3rd/PacketProcessor/PacketProcessor/tun2socks-iOS/base/BLog.m
@@ -0,0 +1,75 @@
+/**
+ * @file BLog.c
+ * @author Ambroz Bizjak <ambrop7@gmail.com>
+ * 
+ * @section LICENSE
+ * 
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions are met:
+ * 1. Redistributions of source code must retain the above copyright
+ *    notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in the
+ *    documentation and/or other materials provided with the distribution.
+ * 3. Neither the name of the author nor the
+ *    names of its contributors may be used to endorse or promote products
+ *    derived from this software without specific prior written permission.
+ * 
+ * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS" AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED
+ * WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE
+ * DISCLAIMED. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY
+ * DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES
+ * (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
+ * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND
+ * ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
+ * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS
+ * SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
+ */
+
+#include <stdio.h>
+#include <stddef.h>
+#include <Foundation/Foundation.h>
+
+#include "BLog.h"
+
+#ifndef BADVPN_PLUGIN
+
+struct _BLog_channel blog_channel_list[] = {
+#include "generated/blog_channels_list.h"
+};
+
+struct _BLog_global blog_global = {
+    #ifndef NDEBUG
+    0
+    #endif
+};
+
+#endif
+
+// keep in sync with level numbers in BLog.h!
+static char *level_names[] = { NULL, "ERROR", "WARNING", "NOTICE", "INFO", "DEBUG" };
+
+static void stdout_log (int channel, int level, const char *msg)
+{
+    NSLog(@"%s(%s): %s\n", level_names[level], blog_global.channels[channel].name, msg);
+}
+
+static void stderr_log (int channel, int level, const char *msg)
+{
+    NSLog(@"%s(%s): %s\n", level_names[level], blog_global.channels[channel].name, msg);
+}
+
+static void stdout_stderr_free (void)
+{
+}
+
+void BLog_InitStdout (void)
+{
+    BLog_Init(stdout_log, stdout_stderr_free);
+}
+
+void BLog_InitStderr (void)
+{
+    BLog_Init(stderr_log, stdout_stderr_free);
+}
diff --git a/client/3rd/PacketProcessor/PacketProcessor/tun2socks-iOS/base/BLog_syslog.c b/client/3rd/PacketProcessor/PacketProcessor/tun2socks-iOS/base/BLog_syslog.c
new file mode 100644
index 00000000..b32bbd44
--- /dev/null
+++ b/client/3rd/PacketProcessor/PacketProcessor/tun2socks-iOS/base/BLog_syslog.c
@@ -0,0 +1,150 @@
+/**
+ * @file BLog_syslog.c
+ * @author Ambroz Bizjak <ambrop7@gmail.com>
+ * 
+ * @section LICENSE
+ * 
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions are met:
+ * 1. Redistributions of source code must retain the above copyright
+ *    notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in the
+ *    documentation and/or other materials provided with the distribution.
+ * 3. Neither the name of the author nor the
+ *    names of its contributors may be used to endorse or promote products
+ *    derived from this software without specific prior written permission.
+ * 
+ * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS" AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED
+ * WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE
+ * DISCLAIMED. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY
+ * DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES
+ * (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
+ * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND
+ * ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
+ * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS
+ * SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
+ */
+
+#include <string.h>
+#include <stdio.h>
+#include <syslog.h>
+
+#include "misc/debug.h"
+
+#include "BLog_syslog.h"
+
+static int resolve_facility (char *str, int *out)
+{
+    if (!strcmp(str, "authpriv")) {
+        *out = LOG_AUTHPRIV;
+    }
+    else if (!strcmp(str, "cron")) {
+        *out = LOG_CRON;
+    }
+    else if (!strcmp(str, "daemon")) {
+        *out = LOG_DAEMON;
+    }
+    else if (!strcmp(str, "ftp")) {
+        *out = LOG_FTP;
+    }
+    else if (!strcmp(str, "local0")) {
+        *out = LOG_LOCAL0;
+    }
+    else if (!strcmp(str, "local1")) {
+        *out = LOG_LOCAL1;
+    }
+    else if (!strcmp(str, "local2")) {
+        *out = LOG_LOCAL2;
+    }
+    else if (!strcmp(str, "local3")) {
+        *out = LOG_LOCAL3;
+    }
+    else if (!strcmp(str, "local4")) {
+        *out = LOG_LOCAL4;
+    }
+    else if (!strcmp(str, "local5")) {
+        *out = LOG_LOCAL5;
+    }
+    else if (!strcmp(str, "local6")) {
+        *out = LOG_LOCAL6;
+    }
+    else if (!strcmp(str, "local7")) {
+        *out = LOG_LOCAL7;
+    }
+    else if (!strcmp(str, "lpr")) {
+        *out = LOG_LPR;
+    }
+    else if (!strcmp(str, "mail")) {
+        *out = LOG_MAIL;
+    }
+    else if (!strcmp(str, "news")) {
+        *out = LOG_NEWS;
+    }
+    else if (!strcmp(str, "syslog")) {
+        *out = LOG_SYSLOG;
+    }
+    else if (!strcmp(str, "user")) {
+        *out = LOG_USER;
+    }
+    else if (!strcmp(str, "uucp")) {
+        *out = LOG_UUCP;
+    }
+    else {
+        return 0;
+    }
+    
+    return 1;
+}
+
+static int convert_level (int level)
+{
+    ASSERT(level >= BLOG_ERROR && level <= BLOG_DEBUG)
+    
+    switch (level) {
+        case BLOG_ERROR:
+            return LOG_ERR;
+        case BLOG_WARNING:
+            return LOG_WARNING;
+        case BLOG_NOTICE:
+            return LOG_NOTICE;
+        case BLOG_INFO:
+            return LOG_INFO;
+        case BLOG_DEBUG:
+            return LOG_DEBUG;
+        default:
+            ASSERT(0)
+            return 0;
+    }
+}
+
+static struct {
+    char ident[200];
+} syslog_global;
+
+static void syslog_log (int channel, int level, const char *msg)
+{
+    syslog(convert_level(level), "%s: %s", blog_global.channels[channel].name, msg);
+}
+
+static void syslog_free (void)
+{
+    closelog();
+}
+
+int BLog_InitSyslog (char *ident, char *facility_str)
+{
+    int facility;
+    if (!resolve_facility(facility_str, &facility)) {
+        return 0;
+    }
+    
+    snprintf(syslog_global.ident, sizeof(syslog_global.ident), "%s", ident);
+    
+    openlog(syslog_global.ident, 0, facility);
+    
+    BLog_Init(syslog_log, syslog_free);
+    
+    return 1;
+}
diff --git a/client/3rd/PacketProcessor/PacketProcessor/tun2socks-iOS/base/BLog_syslog.h b/client/3rd/PacketProcessor/PacketProcessor/tun2socks-iOS/base/BLog_syslog.h
new file mode 100644
index 00000000..234af902
--- /dev/null
+++ b/client/3rd/PacketProcessor/PacketProcessor/tun2socks-iOS/base/BLog_syslog.h
@@ -0,0 +1,42 @@
+/**
+ * @file BLog_syslog.h
+ * @author Ambroz Bizjak <ambrop7@gmail.com>
+ * 
+ * @section LICENSE
+ * 
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions are met:
+ * 1. Redistributions of source code must retain the above copyright
+ *    notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in the
+ *    documentation and/or other materials provided with the distribution.
+ * 3. Neither the name of the author nor the
+ *    names of its contributors may be used to endorse or promote products
+ *    derived from this software without specific prior written permission.
+ * 
+ * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS" AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED
+ * WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE
+ * DISCLAIMED. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY
+ * DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES
+ * (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
+ * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND
+ * ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
+ * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS
+ * SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
+ * 
+ * @section DESCRIPTION
+ * 
+ * BLog syslog backend.
+ */
+
+#ifndef BADVPN_BLOG_SYSLOG_H
+#define BADVPN_BLOG_SYSLOG_H
+
+#include "misc/debug.h"
+#include "base/BLog.h"
+
+int BLog_InitSyslog (char *ident, char *facility) WARN_UNUSED;
+
+#endif
diff --git a/client/3rd/PacketProcessor/PacketProcessor/tun2socks-iOS/base/BMutex.h b/client/3rd/PacketProcessor/PacketProcessor/tun2socks-iOS/base/BMutex.h
new file mode 100644
index 00000000..2990c674
--- /dev/null
+++ b/client/3rd/PacketProcessor/PacketProcessor/tun2socks-iOS/base/BMutex.h
@@ -0,0 +1,101 @@
+/**
+ * @file BMutex.h
+ * @author Ambroz Bizjak <ambrop7@gmail.com>
+ * 
+ * @section LICENSE
+ * 
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions are met:
+ * 1. Redistributions of source code must retain the above copyright
+ *    notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in the
+ *    documentation and/or other materials provided with the distribution.
+ * 3. Neither the name of the author nor the
+ *    names of its contributors may be used to endorse or promote products
+ *    derived from this software without specific prior written permission.
+ * 
+ * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS" AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED
+ * WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE
+ * DISCLAIMED. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY
+ * DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES
+ * (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
+ * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND
+ * ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
+ * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS
+ * SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
+ */
+
+#ifndef BADVPN_BMUTEX_H
+#define BADVPN_BMUTEX_H
+
+#if !defined(BADVPN_THREAD_SAFE) || (BADVPN_THREAD_SAFE != 0 && BADVPN_THREAD_SAFE != 1)
+#error BADVPN_THREAD_SAFE is not defined or incorrect
+#endif
+
+#if BADVPN_THREAD_SAFE
+#include <pthread.h>
+#endif
+
+#include "misc/debug.h"
+#include "base/DebugObject.h"
+
+typedef struct {
+#if BADVPN_THREAD_SAFE
+    pthread_mutex_t pthread_mutex;
+#endif
+    DebugObject d_obj;
+} BMutex;
+
+static int BMutex_Init (BMutex *o) WARN_UNUSED;
+static void BMutex_Free (BMutex *o);
+static void BMutex_Lock (BMutex *o);
+static void BMutex_Unlock (BMutex *o);
+
+static int BMutex_Init (BMutex *o)
+{
+#if BADVPN_THREAD_SAFE
+    if (pthread_mutex_init(&o->pthread_mutex, NULL) != 0) {
+        return 0;
+    }
+#endif
+    
+    DebugObject_Init(&o->d_obj);
+    return 1;
+}
+
+static void BMutex_Free (BMutex *o)
+{
+    DebugObject_Free(&o->d_obj);
+    
+#if BADVPN_THREAD_SAFE
+    int res = pthread_mutex_destroy(&o->pthread_mutex);
+    B_USE(res)
+    ASSERT(res == 0)
+#endif
+}
+
+static void BMutex_Lock (BMutex *o)
+{
+    DebugObject_Access(&o->d_obj);
+    
+#if BADVPN_THREAD_SAFE
+    int res = pthread_mutex_lock(&o->pthread_mutex);
+    B_USE(res)
+    ASSERT(res == 0)
+#endif
+}
+
+static void BMutex_Unlock (BMutex *o)
+{
+    DebugObject_Access(&o->d_obj);
+    
+#if BADVPN_THREAD_SAFE
+    int res = pthread_mutex_unlock(&o->pthread_mutex);
+    B_USE(res)
+    ASSERT(res == 0)
+#endif
+}
+
+#endif
diff --git a/client/3rd/PacketProcessor/PacketProcessor/tun2socks-iOS/base/BPending.c b/client/3rd/PacketProcessor/PacketProcessor/tun2socks-iOS/base/BPending.c
new file mode 100644
index 00000000..474e974e
--- /dev/null
+++ b/client/3rd/PacketProcessor/PacketProcessor/tun2socks-iOS/base/BPending.c
@@ -0,0 +1,205 @@
+/**
+ * @file BPending.c
+ * @author Ambroz Bizjak <ambrop7@gmail.com>
+ * 
+ * @section LICENSE
+ * 
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions are met:
+ * 1. Redistributions of source code must retain the above copyright
+ *    notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in the
+ *    documentation and/or other materials provided with the distribution.
+ * 3. Neither the name of the author nor the
+ *    names of its contributors may be used to endorse or promote products
+ *    derived from this software without specific prior written permission.
+ * 
+ * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS" AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED
+ * WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE
+ * DISCLAIMED. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY
+ * DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES
+ * (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
+ * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND
+ * ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
+ * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS
+ * SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
+ */
+
+#include <stddef.h>
+
+#include "misc/debug.h"
+#include "misc/offset.h"
+
+#include "BPending.h"
+
+#include "BPending_list.h"
+#include "structure/SLinkedList_impl.h"
+
+void BPendingGroup_Init (BPendingGroup *g)
+{
+    // init jobs list
+    BPending__List_Init(&g->jobs);
+    
+    // init pending counter
+    DebugCounter_Init(&g->pending_ctr);
+    
+    // init debug object
+    DebugObject_Init(&g->d_obj);
+}
+
+void BPendingGroup_Free (BPendingGroup *g)
+{
+    DebugCounter_Free(&g->pending_ctr);
+    ASSERT(BPending__List_IsEmpty(&g->jobs))
+    DebugObject_Free(&g->d_obj);
+}
+
+int BPendingGroup_HasJobs (BPendingGroup *g)
+{
+    DebugObject_Access(&g->d_obj);
+    
+    return !BPending__List_IsEmpty(&g->jobs);
+}
+
+void BPendingGroup_ExecuteJob (BPendingGroup *g)
+{
+    ASSERT(!BPending__List_IsEmpty(&g->jobs))
+    DebugObject_Access(&g->d_obj);
+    
+    // get a job
+    BSmallPending *p = BPending__List_First(&g->jobs);
+    ASSERT(!BPending__ListIsRemoved(p))
+    ASSERT(p->pending)
+    
+    // remove from jobs list
+    BPending__List_RemoveFirst(&g->jobs);
+    
+    // set not pending
+    BPending__ListMarkRemoved(p);
+#ifndef NDEBUG
+    p->pending = 0;
+#endif
+    
+    // execute job
+    p->handler(p->user);
+    return;
+}
+
+BSmallPending * BPendingGroup_PeekJob (BPendingGroup *g)
+{
+    DebugObject_Access(&g->d_obj);
+    
+    return BPending__List_First(&g->jobs);
+}
+
+void BSmallPending_Init (BSmallPending *o, BPendingGroup *g, BSmallPending_handler handler, void *user)
+{
+    // init arguments
+    o->handler = handler;
+    o->user = user;
+    
+    // set not pending
+    BPending__ListMarkRemoved(o);
+#ifndef NDEBUG
+    o->pending = 0;
+#endif
+    
+    // increment pending counter
+    DebugCounter_Increment(&g->pending_ctr);
+    
+    // init debug object
+    DebugObject_Init(&o->d_obj);
+}
+
+void BSmallPending_Free (BSmallPending *o, BPendingGroup *g)
+{
+    DebugCounter_Decrement(&g->pending_ctr);
+    DebugObject_Free(&o->d_obj);
+    ASSERT(o->pending == !BPending__ListIsRemoved(o))
+    
+    // remove from jobs list
+    if (!BPending__ListIsRemoved(o)) {
+        BPending__List_Remove(&g->jobs, o);
+    }
+}
+
+void BSmallPending_SetHandler (BSmallPending *o, BSmallPending_handler handler, void *user)
+{
+    DebugObject_Access(&o->d_obj);
+    
+    // set handler
+    o->handler = handler;
+    o->user = user;
+}
+
+void BSmallPending_Set (BSmallPending *o, BPendingGroup *g)
+{
+    DebugObject_Access(&o->d_obj);
+    ASSERT(o->pending == !BPending__ListIsRemoved(o))
+    
+    // remove from jobs list
+    if (!BPending__ListIsRemoved(o)) {
+        BPending__List_Remove(&g->jobs, o);
+    }
+    
+    // insert to jobs list
+    BPending__List_Prepend(&g->jobs, o);
+    
+    // set pending
+#ifndef NDEBUG
+    o->pending = 1;
+#endif
+}
+
+void BSmallPending_Unset (BSmallPending *o, BPendingGroup *g)
+{
+    DebugObject_Access(&o->d_obj);
+    ASSERT(o->pending == !BPending__ListIsRemoved(o))
+    
+    if (!BPending__ListIsRemoved(o)) {
+        // remove from jobs list
+        BPending__List_Remove(&g->jobs, o);
+        
+        // set not pending
+        BPending__ListMarkRemoved(o);
+#ifndef NDEBUG
+        o->pending = 0;
+#endif
+    }
+}
+
+int BSmallPending_IsSet (BSmallPending *o)
+{
+    DebugObject_Access(&o->d_obj);
+    ASSERT(o->pending == !BPending__ListIsRemoved(o))
+    
+    return !BPending__ListIsRemoved(o);
+}
+
+void BPending_Init (BPending *o, BPendingGroup *g, BPending_handler handler, void *user)
+{
+    BSmallPending_Init(&o->base, g, handler, user);
+    o->g = g;
+}
+
+void BPending_Free (BPending *o)
+{
+    BSmallPending_Free(&o->base, o->g);
+}
+
+void BPending_Set (BPending *o)
+{
+    BSmallPending_Set(&o->base, o->g);
+}
+
+void BPending_Unset (BPending *o)
+{
+    BSmallPending_Unset(&o->base, o->g);
+}
+
+int BPending_IsSet (BPending *o)
+{
+    return BSmallPending_IsSet(&o->base);
+}
diff --git a/client/3rd/PacketProcessor/PacketProcessor/tun2socks-iOS/base/BPending.h b/client/3rd/PacketProcessor/PacketProcessor/tun2socks-iOS/base/BPending.h
new file mode 100644
index 00000000..76044d14
--- /dev/null
+++ b/client/3rd/PacketProcessor/PacketProcessor/tun2socks-iOS/base/BPending.h
@@ -0,0 +1,250 @@
+/**
+ * @file BPending.h
+ * @author Ambroz Bizjak <ambrop7@gmail.com>
+ * 
+ * @section LICENSE
+ * 
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions are met:
+ * 1. Redistributions of source code must retain the above copyright
+ *    notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in the
+ *    documentation and/or other materials provided with the distribution.
+ * 3. Neither the name of the author nor the
+ *    names of its contributors may be used to endorse or promote products
+ *    derived from this software without specific prior written permission.
+ * 
+ * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS" AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED
+ * WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE
+ * DISCLAIMED. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY
+ * DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES
+ * (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
+ * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND
+ * ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
+ * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS
+ * SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
+ * 
+ * @section DESCRIPTION
+ * 
+ * Module for managing a queue of jobs pending execution.
+ */
+
+#ifndef BADVPN_BPENDING_H
+#define BADVPN_BPENDING_H
+
+#include <stdint.h>
+
+#include "misc/debugcounter.h"
+#include "structure/SLinkedList.h"
+#include "base/DebugObject.h"
+
+struct BSmallPending_s;
+
+#include "BPending_list.h"
+#include "structure/SLinkedList_decl.h"
+
+/**
+ * Job execution handler.
+ * It is guaranteed that the associated {@link BSmallPending} object was
+ * in set state.
+ * The {@link BSmallPending} object enters not set state before the handler
+ * is called.
+ * 
+ * @param user as in {@link BSmallPending_Init}
+ */
+typedef void (*BSmallPending_handler) (void *user);
+
+/**
+ * Job execution handler.
+ * It is guaranteed that the associated {@link BPending} object was
+ * in set state.
+ * The {@link BPending} object enters not set state before the handler
+ * is called.
+ * 
+ * @param user as in {@link BPending_Init}
+ */
+typedef void (*BPending_handler) (void *user);
+
+/**
+ * Object that contains a list of jobs pending execution.
+ */
+typedef struct {
+    BPending__List jobs;
+    DebugCounter pending_ctr;
+    DebugObject d_obj;
+} BPendingGroup;
+
+/**
+ * Object for queuing a job for execution.
+ */
+typedef struct BSmallPending_s {
+    BPending_handler handler;
+    void *user;
+    BPending__ListNode pending_node; // optimization: if not pending, .next is this
+#ifndef NDEBUG
+    uint8_t pending;
+#endif
+    DebugObject d_obj;
+} BSmallPending;
+
+/**
+ * Object for queuing a job for execution. This is a convenience wrapper
+ * around {@link BSmallPending} with an extra field to remember the
+ * {@link BPendingGroup} being used.
+ */
+typedef struct {
+    BSmallPending base;
+    BPendingGroup *g;
+} BPending;
+
+/**
+ * Initializes the object.
+ * 
+ * @param g the object
+ */
+void BPendingGroup_Init (BPendingGroup *g);
+
+/**
+ * Frees the object.
+ * There must be no {@link BPending} or {@link BSmallPending} objects using
+ * this group.
+ * 
+ * @param g the object
+ */
+void BPendingGroup_Free (BPendingGroup *g);
+
+/**
+ * Checks if there is at least one job in the queue.
+ * 
+ * @param g the object
+ * @return 1 if there is at least one job, 0 if not
+ */
+int BPendingGroup_HasJobs (BPendingGroup *g);
+
+/**
+ * Executes the top job on the job list.
+ * The job is removed from the list and enters
+ * not set state before being executed.
+ * There must be at least one job in job list.
+ * 
+ * @param g the object
+ */
+void BPendingGroup_ExecuteJob (BPendingGroup *g);
+
+/**
+ * Returns the top job on the job list, or NULL if there are none.
+ * 
+ * @param g the object
+ * @return the top job if there is at least one job, NULL if not
+ */
+BSmallPending * BPendingGroup_PeekJob (BPendingGroup *g);
+
+/**
+ * Initializes the object.
+ * The object is initialized in not set state.
+ * 
+ * @param o the object
+ * @param g pending group to use
+ * @param handler job execution handler
+ * @param user value to pass to handler
+ */
+void BSmallPending_Init (BSmallPending *o, BPendingGroup *g, BSmallPending_handler handler, void *user);
+
+/**
+ * Frees the object.
+ * The execution handler will not be called after the object
+ * is freed.
+ * 
+ * @param o the object
+ * @param g pending group. Must be the same as was used in {@link BSmallPending_Init}.
+ */
+void BSmallPending_Free (BSmallPending *o, BPendingGroup *g);
+
+/**
+ * Changes the job execution handler.
+ * 
+ * @param o the object
+ * @param handler job execution handler
+ * @param user value to pass to handler
+ */
+void BSmallPending_SetHandler (BSmallPending *o, BSmallPending_handler handler, void *user);
+
+/**
+ * Enables the job, pushing it to the top of the job list.
+ * If the object was already in set state, the job is removed from its
+ * current position in the list before being pushed.
+ * The object enters set state.
+ * 
+ * @param o the object
+ * @param g pending group. Must be the same as was used in {@link BSmallPending_Init}.
+ */
+void BSmallPending_Set (BSmallPending *o, BPendingGroup *g);
+
+/**
+ * Disables the job, removing it from the job list.
+ * If the object was not in set state, nothing is done.
+ * The object enters not set state.
+ * 
+ * @param o the object
+ * @param g pending group. Must be the same as was used in {@link BSmallPending_Init}.
+ */
+void BSmallPending_Unset (BSmallPending *o, BPendingGroup *g);
+
+/**
+ * Checks if the job is in set state.
+ * 
+ * @param o the object
+ * @return 1 if in set state, 0 if not
+ */
+int BSmallPending_IsSet (BSmallPending *o);
+
+/**
+ * Initializes the object.
+ * The object is initialized in not set state.
+ * 
+ * @param o the object
+ * @param g pending group to use
+ * @param handler job execution handler
+ * @param user value to pass to handler
+ */
+void BPending_Init (BPending *o, BPendingGroup *g, BPending_handler handler, void *user);
+
+/**
+ * Frees the object.
+ * The execution handler will not be called after the object
+ * is freed.
+ * 
+ * @param o the object
+ */
+void BPending_Free (BPending *o);
+
+/**
+ * Enables the job, pushing it to the top of the job list.
+ * If the object was already in set state, the job is removed from its
+ * current position in the list before being pushed.
+ * The object enters set state.
+ * 
+ * @param o the object
+ */
+void BPending_Set (BPending *o);
+
+/**
+ * Disables the job, removing it from the job list.
+ * If the object was not in set state, nothing is done.
+ * The object enters not set state.
+ * 
+ * @param o the object
+ */
+void BPending_Unset (BPending *o);
+
+/**
+ * Checks if the job is in set state.
+ * 
+ * @param o the object
+ * @return 1 if in set state, 0 if not
+ */
+int BPending_IsSet (BPending *o);
+
+#endif
diff --git a/client/3rd/PacketProcessor/PacketProcessor/tun2socks-iOS/base/BPending_list.h b/client/3rd/PacketProcessor/PacketProcessor/tun2socks-iOS/base/BPending_list.h
new file mode 100644
index 00000000..eadac61a
--- /dev/null
+++ b/client/3rd/PacketProcessor/PacketProcessor/tun2socks-iOS/base/BPending_list.h
@@ -0,0 +1,4 @@
+#define SLINKEDLIST_PARAM_NAME BPending__List
+#define SLINKEDLIST_PARAM_FEATURE_LAST 0
+#define SLINKEDLIST_PARAM_TYPE_ENTRY struct BSmallPending_s
+#define SLINKEDLIST_PARAM_MEMBER_NODE pending_node
diff --git a/client/3rd/PacketProcessor/PacketProcessor/tun2socks-iOS/base/DebugObject.c b/client/3rd/PacketProcessor/PacketProcessor/tun2socks-iOS/base/DebugObject.c
new file mode 100644
index 00000000..e6946177
--- /dev/null
+++ b/client/3rd/PacketProcessor/PacketProcessor/tun2socks-iOS/base/DebugObject.c
@@ -0,0 +1,39 @@
+/**
+ * @file DebugObject.c
+ * @author Ambroz Bizjak <ambrop7@gmail.com>
+ * 
+ * @section LICENSE
+ * 
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions are met:
+ * 1. Redistributions of source code must retain the above copyright
+ *    notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in the
+ *    documentation and/or other materials provided with the distribution.
+ * 3. Neither the name of the author nor the
+ *    names of its contributors may be used to endorse or promote products
+ *    derived from this software without specific prior written permission.
+ * 
+ * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS" AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED
+ * WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE
+ * DISCLAIMED. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY
+ * DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES
+ * (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
+ * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND
+ * ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
+ * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS
+ * SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
+ */
+
+#include "DebugObject.h"
+
+#ifndef BADVPN_PLUGIN
+#ifndef NDEBUG
+DebugCounter debugobject_counter = DEBUGCOUNTER_STATIC;
+#if BADVPN_THREAD_SAFE
+pthread_mutex_t debugobject_mutex = PTHREAD_MUTEX_INITIALIZER;
+#endif
+#endif
+#endif
diff --git a/client/3rd/PacketProcessor/PacketProcessor/tun2socks-iOS/base/DebugObject.h b/client/3rd/PacketProcessor/PacketProcessor/tun2socks-iOS/base/DebugObject.h
new file mode 100644
index 00000000..aeb9974d
--- /dev/null
+++ b/client/3rd/PacketProcessor/PacketProcessor/tun2socks-iOS/base/DebugObject.h
@@ -0,0 +1,147 @@
+/**
+ * @file DebugObject.h
+ * @author Ambroz Bizjak <ambrop7@gmail.com>
+ * 
+ * @section LICENSE
+ * 
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions are met:
+ * 1. Redistributions of source code must retain the above copyright
+ *    notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in the
+ *    documentation and/or other materials provided with the distribution.
+ * 3. Neither the name of the author nor the
+ *    names of its contributors may be used to endorse or promote products
+ *    derived from this software without specific prior written permission.
+ * 
+ * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS" AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED
+ * WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE
+ * DISCLAIMED. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY
+ * DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES
+ * (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
+ * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND
+ * ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
+ * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS
+ * SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
+ * 
+ * @section DESCRIPTION
+ * 
+ * Object used for detecting leaks.
+ */
+
+#ifndef BADVPN_DEBUGOBJECT_H
+#define BADVPN_DEBUGOBJECT_H
+
+#include <stdint.h>
+
+#if !defined(BADVPN_THREAD_SAFE) || (BADVPN_THREAD_SAFE != 0 && BADVPN_THREAD_SAFE != 1)
+#error BADVPN_THREAD_SAFE is not defined or incorrect
+#endif
+
+#if BADVPN_THREAD_SAFE
+#include <pthread.h>
+#endif
+
+#include "misc/debug.h"
+#include "misc/debugcounter.h"
+
+#define DEBUGOBJECT_VALID UINT32_C(0x31415926)
+
+/**
+ * Object used for detecting leaks.
+ */
+typedef struct {
+    #ifndef NDEBUG
+    uint32_t c;
+    #endif
+} DebugObject;
+
+/**
+ * Initializes the object.
+ * 
+ * @param obj the object
+ */
+static void DebugObject_Init (DebugObject *obj);
+
+/**
+ * Frees the object.
+ * 
+ * @param obj the object
+ */
+static void DebugObject_Free (DebugObject *obj);
+
+/**
+ * Does nothing.
+ * 
+ * @param obj the object
+ */
+static void DebugObject_Access (const DebugObject *obj);
+
+/**
+ * Does nothing.
+ * There must be no {@link DebugObject}'s initialized.
+ */
+static void DebugObjectGlobal_Finish (void);
+
+#ifndef NDEBUG
+extern DebugCounter debugobject_counter;
+#if BADVPN_THREAD_SAFE
+extern pthread_mutex_t debugobject_mutex;
+#endif
+#endif
+
+void DebugObject_Init (DebugObject *obj)
+{
+    #ifndef NDEBUG
+    
+    obj->c = DEBUGOBJECT_VALID;
+    
+    #if BADVPN_THREAD_SAFE
+    ASSERT_FORCE(pthread_mutex_lock(&debugobject_mutex) == 0)
+    #endif
+    
+    DebugCounter_Increment(&debugobject_counter);
+    
+    #if BADVPN_THREAD_SAFE
+    ASSERT_FORCE(pthread_mutex_unlock(&debugobject_mutex) == 0)
+    #endif
+    
+    #endif
+}
+
+void DebugObject_Free (DebugObject *obj)
+{
+    ASSERT(obj->c == DEBUGOBJECT_VALID)
+    
+    #ifndef NDEBUG
+    
+    obj->c = 0;
+    
+    #if BADVPN_THREAD_SAFE
+    ASSERT_FORCE(pthread_mutex_lock(&debugobject_mutex) == 0)
+    #endif
+    
+    DebugCounter_Decrement(&debugobject_counter);
+    
+    #if BADVPN_THREAD_SAFE
+    ASSERT_FORCE(pthread_mutex_unlock(&debugobject_mutex) == 0)
+    #endif
+    
+    #endif
+}
+
+void DebugObject_Access (const DebugObject *obj)
+{
+    ASSERT(obj->c == DEBUGOBJECT_VALID)
+}
+
+void DebugObjectGlobal_Finish (void)
+{
+    #ifndef NDEBUG
+    DebugCounter_Free(&debugobject_counter);
+    #endif
+}
+
+#endif
diff --git a/client/3rd/PacketProcessor/PacketProcessor/tun2socks-iOS/flow/BufferWriter.c b/client/3rd/PacketProcessor/PacketProcessor/tun2socks-iOS/flow/BufferWriter.c
new file mode 100644
index 00000000..5a1d141f
--- /dev/null
+++ b/client/3rd/PacketProcessor/PacketProcessor/tun2socks-iOS/flow/BufferWriter.c
@@ -0,0 +1,112 @@
+/**
+ * @file BufferWriter.c
+ * @author Ambroz Bizjak <ambrop7@gmail.com>
+ * 
+ * @section LICENSE
+ * 
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions are met:
+ * 1. Redistributions of source code must retain the above copyright
+ *    notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in the
+ *    documentation and/or other materials provided with the distribution.
+ * 3. Neither the name of the author nor the
+ *    names of its contributors may be used to endorse or promote products
+ *    derived from this software without specific prior written permission.
+ * 
+ * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS" AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED
+ * WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE
+ * DISCLAIMED. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY
+ * DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES
+ * (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
+ * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND
+ * ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
+ * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS
+ * SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
+ */
+
+#include "misc/debug.h"
+
+#include "flow/BufferWriter.h"
+
+static void output_handler_recv (BufferWriter *o, uint8_t *data)
+{
+    ASSERT(!o->out_have)
+    
+    // set output packet
+    o->out_have = 1;
+    o->out = data;
+}
+
+void BufferWriter_Init (BufferWriter *o, int mtu, BPendingGroup *pg)
+{
+    ASSERT(mtu >= 0)
+    
+    // init output
+    PacketRecvInterface_Init(&o->recv_interface, mtu, (PacketRecvInterface_handler_recv)output_handler_recv, o, pg);
+    
+    // set no output packet
+    o->out_have = 0;
+    
+    DebugObject_Init(&o->d_obj);
+    #ifndef NDEBUG
+    o->d_mtu = mtu;
+    o->d_writing = 0;
+    #endif
+}
+
+void BufferWriter_Free (BufferWriter *o)
+{
+    DebugObject_Free(&o->d_obj);
+    
+    // free output
+    PacketRecvInterface_Free(&o->recv_interface);
+}
+
+PacketRecvInterface * BufferWriter_GetOutput (BufferWriter *o)
+{
+    DebugObject_Access(&o->d_obj);
+    
+    return &o->recv_interface;
+}
+
+int BufferWriter_StartPacket (BufferWriter *o, uint8_t **buf)
+{
+    ASSERT(!o->d_writing)
+    DebugObject_Access(&o->d_obj);
+    
+    if (!o->out_have) {
+        return 0;
+    }
+    
+    if (buf) {
+        *buf = o->out;
+    }
+    
+    #ifndef NDEBUG
+    o->d_writing = 1;
+    #endif
+    
+    return 1;
+}
+
+void BufferWriter_EndPacket (BufferWriter *o, int len)
+{
+    ASSERT(len >= 0)
+    ASSERT(len <= o->d_mtu)
+    ASSERT(o->out_have)
+    ASSERT(o->d_writing)
+    DebugObject_Access(&o->d_obj);
+    
+    // set no output packet
+    o->out_have = 0;
+    
+    // finish packet
+    PacketRecvInterface_Done(&o->recv_interface, len);
+    
+    #ifndef NDEBUG
+    o->d_writing = 0;
+    #endif
+}
diff --git a/client/3rd/PacketProcessor/PacketProcessor/tun2socks-iOS/flow/BufferWriter.h b/client/3rd/PacketProcessor/PacketProcessor/tun2socks-iOS/flow/BufferWriter.h
new file mode 100644
index 00000000..e7848cfa
--- /dev/null
+++ b/client/3rd/PacketProcessor/PacketProcessor/tun2socks-iOS/flow/BufferWriter.h
@@ -0,0 +1,107 @@
+/**
+ * @file BufferWriter.h
+ * @author Ambroz Bizjak <ambrop7@gmail.com>
+ * 
+ * @section LICENSE
+ * 
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions are met:
+ * 1. Redistributions of source code must retain the above copyright
+ *    notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in the
+ *    documentation and/or other materials provided with the distribution.
+ * 3. Neither the name of the author nor the
+ *    names of its contributors may be used to endorse or promote products
+ *    derived from this software without specific prior written permission.
+ * 
+ * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS" AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED
+ * WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE
+ * DISCLAIMED. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY
+ * DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES
+ * (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
+ * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND
+ * ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
+ * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS
+ * SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
+ * 
+ * @section DESCRIPTION
+ * 
+ * Object for writing packets to a {@link PacketRecvInterface} client
+ * in a best-effort fashion.
+ */
+
+#ifndef BADVPN_FLOW_BUFFERWRITER_H
+#define BADVPN_FLOW_BUFFERWRITER_H
+
+#include <stdint.h>
+
+#include "misc/debug.h"
+#include "base/DebugObject.h"
+#include "flow/PacketRecvInterface.h"
+
+/**
+ * Object for writing packets to a {@link PacketRecvInterface} client
+ * in a best-effort fashion.
+ */
+typedef struct {
+    PacketRecvInterface recv_interface;
+    int out_have;
+    uint8_t *out;
+    DebugObject d_obj;
+    #ifndef NDEBUG
+    int d_mtu;
+    int d_writing;
+    #endif
+} BufferWriter;
+
+/**
+ * Initializes the object.
+ * The object is initialized in not writing state.
+ *
+ * @param o the object
+ * @param mtu maximum input packet length
+ * @param pg pending group
+ */
+void BufferWriter_Init (BufferWriter *o, int mtu, BPendingGroup *pg);
+
+/**
+ * Frees the object.
+ *
+ * @param o the object
+ */
+void BufferWriter_Free (BufferWriter *o);
+
+/**
+ * Returns the output interface.
+ *
+ * @param o the object
+ * @return output interface
+ */
+PacketRecvInterface * BufferWriter_GetOutput (BufferWriter *o);
+
+/**
+ * Attempts to provide a memory location for writing a packet.
+ * The object must be in not writing state.
+ * On success, the object enters writing state.
+ * 
+ * @param o the object
+ * @param buf if not NULL, on success, the memory location will be stored here.
+ *            It will have space for MTU bytes.
+ * @return 1 on success, 0 on failure
+ */
+int BufferWriter_StartPacket (BufferWriter *o, uint8_t **buf) WARN_UNUSED;
+
+/**
+ * Submits a packet written to the buffer.
+ * The object must be in writing state.
+ * Yhe object enters not writing state.
+ * 
+ * @param o the object
+ * @param len length of the packet that was written. Must be >=0 and
+ *            <=MTU.
+ */
+void BufferWriter_EndPacket (BufferWriter *o, int len);
+
+#endif
diff --git a/client/3rd/PacketProcessor/PacketProcessor/tun2socks-iOS/flow/PacketBuffer.c b/client/3rd/PacketProcessor/PacketProcessor/tun2socks-iOS/flow/PacketBuffer.c
new file mode 100644
index 00000000..2367a390
--- /dev/null
+++ b/client/3rd/PacketProcessor/PacketProcessor/tun2socks-iOS/flow/PacketBuffer.c
@@ -0,0 +1,131 @@
+/**
+ * @file PacketBuffer.c
+ * @author Ambroz Bizjak <ambrop7@gmail.com>
+ * 
+ * @section LICENSE
+ * 
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions are met:
+ * 1. Redistributions of source code must retain the above copyright
+ *    notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in the
+ *    documentation and/or other materials provided with the distribution.
+ * 3. Neither the name of the author nor the
+ *    names of its contributors may be used to endorse or promote products
+ *    derived from this software without specific prior written permission.
+ * 
+ * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS" AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED
+ * WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE
+ * DISCLAIMED. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY
+ * DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES
+ * (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
+ * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND
+ * ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
+ * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS
+ * SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
+ */
+
+#include <stdlib.h>
+
+#include "misc/debug.h"
+#include "misc/balloc.h"
+
+#include "flow/PacketBuffer.h"
+
+static void input_handler_done (PacketBuffer *buf, int in_len);
+static void output_handler_done (PacketBuffer *buf);
+
+void input_handler_done (PacketBuffer *buf, int in_len)
+{
+    ASSERT(in_len >= 0)
+    ASSERT(in_len <= buf->input_mtu)
+    DebugObject_Access(&buf->d_obj);
+    
+    // remember if buffer is empty
+    int was_empty = (buf->buf.output_avail < 0);
+    
+    // submit packet to buffer
+    ChunkBuffer2_SubmitPacket(&buf->buf, in_len);
+    
+    // if there is space, schedule receive
+    if (buf->buf.input_avail >= buf->input_mtu) {
+        PacketRecvInterface_Receiver_Recv(buf->input, buf->buf.input_dest);
+    }
+    
+    // if buffer was empty, schedule send
+    if (was_empty) {
+        PacketPassInterface_Sender_Send(buf->output, buf->buf.output_dest, buf->buf.output_avail);
+    }
+}
+
+void output_handler_done (PacketBuffer *buf)
+{
+    DebugObject_Access(&buf->d_obj);
+    
+    // remember if buffer is full
+    int was_full = (buf->buf.input_avail < buf->input_mtu);
+    
+    // remove packet from buffer
+    ChunkBuffer2_ConsumePacket(&buf->buf);
+    
+    // if buffer was full and there is space, schedule receive
+    if (was_full && buf->buf.input_avail >= buf->input_mtu) {
+        PacketRecvInterface_Receiver_Recv(buf->input, buf->buf.input_dest);
+    }
+    
+    // if there is more data, schedule send
+    if (buf->buf.output_avail >= 0) {
+        PacketPassInterface_Sender_Send(buf->output, buf->buf.output_dest, buf->buf.output_avail);
+    }
+}
+
+int PacketBuffer_Init (PacketBuffer *buf, PacketRecvInterface *input, PacketPassInterface *output, int num_packets, BPendingGroup *pg)
+{
+    ASSERT(PacketPassInterface_GetMTU(output) >= PacketRecvInterface_GetMTU(input))
+    ASSERT(num_packets > 0)
+    
+    // init arguments
+    buf->input = input;
+    buf->output = output;
+    
+    // init input
+    PacketRecvInterface_Receiver_Init(buf->input, (PacketRecvInterface_handler_done)input_handler_done, buf);
+    
+    // set input MTU
+    buf->input_mtu = PacketRecvInterface_GetMTU(buf->input);
+    
+    // init output
+    PacketPassInterface_Sender_Init(buf->output, (PacketPassInterface_handler_done)output_handler_done, buf);
+    
+    // allocate buffer
+    int num_blocks = ChunkBuffer2_calc_blocks(buf->input_mtu, num_packets);
+    if (num_blocks < 0) {
+        goto fail0;
+    }
+    if (!(buf->buf_data = (struct ChunkBuffer2_block *)BAllocArray(num_blocks, sizeof(buf->buf_data[0])))) {
+        goto fail0;
+    }
+    
+    // init buffer
+    ChunkBuffer2_Init(&buf->buf, buf->buf_data, num_blocks, buf->input_mtu);
+    
+    // schedule receive
+    PacketRecvInterface_Receiver_Recv(buf->input, buf->buf.input_dest);
+    
+    DebugObject_Init(&buf->d_obj);
+    
+    return 1;
+    
+fail0:
+    return 0;
+}
+
+void PacketBuffer_Free (PacketBuffer *buf)
+{
+    DebugObject_Free(&buf->d_obj);
+    
+    // free buffer
+    BFree(buf->buf_data);
+}
diff --git a/client/3rd/PacketProcessor/PacketProcessor/tun2socks-iOS/flow/PacketBuffer.h b/client/3rd/PacketProcessor/PacketProcessor/tun2socks-iOS/flow/PacketBuffer.h
new file mode 100644
index 00000000..1cfa9afe
--- /dev/null
+++ b/client/3rd/PacketProcessor/PacketProcessor/tun2socks-iOS/flow/PacketBuffer.h
@@ -0,0 +1,77 @@
+/**
+ * @file PacketBuffer.h
+ * @author Ambroz Bizjak <ambrop7@gmail.com>
+ * 
+ * @section LICENSE
+ * 
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions are met:
+ * 1. Redistributions of source code must retain the above copyright
+ *    notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in the
+ *    documentation and/or other materials provided with the distribution.
+ * 3. Neither the name of the author nor the
+ *    names of its contributors may be used to endorse or promote products
+ *    derived from this software without specific prior written permission.
+ * 
+ * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS" AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED
+ * WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE
+ * DISCLAIMED. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY
+ * DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES
+ * (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
+ * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND
+ * ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
+ * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS
+ * SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
+ * 
+ * @section DESCRIPTION
+ * 
+ * Packet buffer with {@link PacketRecvInterface} input and {@link PacketPassInterface} output.
+ */
+
+#ifndef BADVPN_FLOW_PACKETBUFFER_H
+#define BADVPN_FLOW_PACKETBUFFER_H
+
+#include <stdint.h>
+
+#include "misc/debug.h"
+#include "base/DebugObject.h"
+#include "structure/ChunkBuffer2.h"
+#include "flow/PacketRecvInterface.h"
+#include "flow/PacketPassInterface.h"
+
+/**
+ * Packet buffer with {@link PacketRecvInterface} input and {@link PacketPassInterface} output.
+ */
+typedef struct {
+    DebugObject d_obj;
+    PacketRecvInterface *input;
+    int input_mtu;
+    PacketPassInterface *output;
+    struct ChunkBuffer2_block *buf_data;
+    ChunkBuffer2 buf;
+} PacketBuffer;
+
+/**
+ * Initializes the buffer.
+ * Output MTU must be >= input MTU.
+ *
+ * @param buf the object
+ * @param input input interface
+ * @param output output interface
+ * @param num_packets minimum number of packets the buffer must hold. Must be >0.
+ * @param pg pending group
+ * @return 1 on success, 0 on failure
+ */
+int PacketBuffer_Init (PacketBuffer *buf, PacketRecvInterface *input, PacketPassInterface *output, int num_packets, BPendingGroup *pg) WARN_UNUSED;
+
+/**
+ * Frees the buffer.
+ *
+ * @param buf the object
+ */
+void PacketBuffer_Free (PacketBuffer *buf);
+
+#endif
diff --git a/client/3rd/PacketProcessor/PacketProcessor/tun2socks-iOS/flow/PacketPassConnector.c b/client/3rd/PacketProcessor/PacketProcessor/tun2socks-iOS/flow/PacketPassConnector.c
new file mode 100644
index 00000000..3ccd4fec
--- /dev/null
+++ b/client/3rd/PacketProcessor/PacketProcessor/tun2socks-iOS/flow/PacketPassConnector.c
@@ -0,0 +1,125 @@
+/**
+ * @file PacketPassConnector.c
+ * @author Ambroz Bizjak <ambrop7@gmail.com>
+ * 
+ * @section LICENSE
+ * 
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions are met:
+ * 1. Redistributions of source code must retain the above copyright
+ *    notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in the
+ *    documentation and/or other materials provided with the distribution.
+ * 3. Neither the name of the author nor the
+ *    names of its contributors may be used to endorse or promote products
+ *    derived from this software without specific prior written permission.
+ * 
+ * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS" AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED
+ * WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE
+ * DISCLAIMED. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY
+ * DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES
+ * (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
+ * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND
+ * ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
+ * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS
+ * SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
+ */
+
+#include <stddef.h>
+
+#include "misc/debug.h"
+
+#include "flow/PacketPassConnector.h"
+
+static void input_handler_send (PacketPassConnector *o, uint8_t *data, int data_len)
+{
+    ASSERT(data_len >= 0)
+    ASSERT(data_len <= o->input_mtu)
+    ASSERT(o->in_len == -1)
+    DebugObject_Access(&o->d_obj);
+    
+    // remember input packet
+    o->in_len = data_len;
+    o->in = data;
+    
+    if (o->output) {
+        // schedule send
+        PacketPassInterface_Sender_Send(o->output, o->in, o->in_len);
+    }
+}
+
+static void output_handler_done (PacketPassConnector *o)
+{
+    ASSERT(o->in_len >= 0)
+    ASSERT(o->output)
+    DebugObject_Access(&o->d_obj);
+    
+    // have no input packet
+    o->in_len = -1;
+    
+    // allow input to send more packets
+    PacketPassInterface_Done(&o->input);
+}
+
+void PacketPassConnector_Init (PacketPassConnector *o, int mtu, BPendingGroup *pg)
+{
+    ASSERT(mtu >= 0)
+    
+    // init arguments
+    o->input_mtu = mtu;
+    
+    // init input
+    PacketPassInterface_Init(&o->input, o->input_mtu, (PacketPassInterface_handler_send)input_handler_send, o, pg);
+    
+    // have no input packet
+    o->in_len = -1;
+    
+    // have no output
+    o->output = NULL;
+    
+    DebugObject_Init(&o->d_obj);
+}
+
+void PacketPassConnector_Free (PacketPassConnector *o)
+{
+    DebugObject_Free(&o->d_obj);
+    
+    // free input
+    PacketPassInterface_Free(&o->input);
+}
+
+PacketPassInterface * PacketPassConnector_GetInput (PacketPassConnector *o)
+{
+    DebugObject_Access(&o->d_obj);
+    
+    return &o->input;
+}
+
+void PacketPassConnector_ConnectOutput (PacketPassConnector *o, PacketPassInterface *output)
+{
+    ASSERT(!o->output)
+    ASSERT(PacketPassInterface_GetMTU(output) >= o->input_mtu)
+    DebugObject_Access(&o->d_obj);
+    
+    // set output
+    o->output = output;
+    
+    // init output
+    PacketPassInterface_Sender_Init(o->output, (PacketPassInterface_handler_done)output_handler_done, o);
+    
+    // if we have an input packet, schedule send
+    if (o->in_len >= 0) {
+        PacketPassInterface_Sender_Send(o->output, o->in, o->in_len);
+    }
+}
+
+void PacketPassConnector_DisconnectOutput (PacketPassConnector *o)
+{
+    ASSERT(o->output)
+    DebugObject_Access(&o->d_obj);
+    
+    // set no output
+    o->output = NULL;
+}
diff --git a/client/3rd/PacketProcessor/PacketProcessor/tun2socks-iOS/flow/PacketPassConnector.h b/client/3rd/PacketProcessor/PacketProcessor/tun2socks-iOS/flow/PacketPassConnector.h
new file mode 100644
index 00000000..e960761c
--- /dev/null
+++ b/client/3rd/PacketProcessor/PacketProcessor/tun2socks-iOS/flow/PacketPassConnector.h
@@ -0,0 +1,102 @@
+/**
+ * @file PacketPassConnector.h
+ * @author Ambroz Bizjak <ambrop7@gmail.com>
+ * 
+ * @section LICENSE
+ * 
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions are met:
+ * 1. Redistributions of source code must retain the above copyright
+ *    notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in the
+ *    documentation and/or other materials provided with the distribution.
+ * 3. Neither the name of the author nor the
+ *    names of its contributors may be used to endorse or promote products
+ *    derived from this software without specific prior written permission.
+ * 
+ * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS" AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED
+ * WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE
+ * DISCLAIMED. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY
+ * DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES
+ * (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
+ * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND
+ * ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
+ * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS
+ * SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
+ * 
+ * @section DESCRIPTION
+ * 
+ * A {@link PacketPassInterface} layer which allows the output to be
+ * connected and disconnected on the fly.
+ */
+
+#ifndef BADVPN_FLOW_PACKETPASSCONNECTOR_H
+#define BADVPN_FLOW_PACKETPASSCONNECTOR_H
+
+#include <stdint.h>
+
+#include "base/DebugObject.h"
+#include "flow/PacketPassInterface.h"
+
+/**
+ * A {@link PacketPassInterface} layer which allows the output to be
+ * connected and disconnected on the fly.
+ */
+typedef struct {
+    PacketPassInterface input;
+    int input_mtu;
+    int in_len;
+    uint8_t *in;
+    PacketPassInterface *output;
+    DebugObject d_obj;
+} PacketPassConnector;
+
+/**
+ * Initializes the object.
+ * The object is initialized in not connected state.
+ *
+ * @param o the object
+ * @param mtu maximum input packet size. Must be >=0.
+ * @param pg pending group
+ */
+void PacketPassConnector_Init (PacketPassConnector *o, int mtu, BPendingGroup *pg);
+
+/**
+ * Frees the object.
+ *
+ * @param o the object
+ */
+void PacketPassConnector_Free (PacketPassConnector *o);
+
+/**
+ * Returns the input interface.
+ * The MTU of the interface will be as in {@link PacketPassConnector_Init}.
+ *
+ * @param o the object
+ * @return input interface
+ */
+PacketPassInterface * PacketPassConnector_GetInput (PacketPassConnector *o);
+
+/**
+ * Connects output.
+ * The object must be in not connected state.
+ * The object enters connected state.
+ *
+ * @param o the object
+ * @param output output to connect. Its MTU must be >= MTU specified in
+ *               {@link PacketPassConnector_Init}.
+ */
+void PacketPassConnector_ConnectOutput (PacketPassConnector *o, PacketPassInterface *output);
+
+/**
+ * Disconnects output.
+ * The object must be in connected state.
+ * The object enters not connected state.
+ *
+ * @param o the object
+ */
+void PacketPassConnector_DisconnectOutput (PacketPassConnector *o);
+
+#endif
diff --git a/client/3rd/PacketProcessor/PacketProcessor/tun2socks-iOS/flow/PacketPassFairQueue.c b/client/3rd/PacketProcessor/PacketProcessor/tun2socks-iOS/flow/PacketPassFairQueue.c
new file mode 100644
index 00000000..1037b8f8
--- /dev/null
+++ b/client/3rd/PacketProcessor/PacketProcessor/tun2socks-iOS/flow/PacketPassFairQueue.c
@@ -0,0 +1,405 @@
+/**
+ * @file PacketPassFairQueue.c
+ * @author Ambroz Bizjak <ambrop7@gmail.com>
+ * 
+ * @section LICENSE
+ * 
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions are met:
+ * 1. Redistributions of source code must retain the above copyright
+ *    notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in the
+ *    documentation and/or other materials provided with the distribution.
+ * 3. Neither the name of the author nor the
+ *    names of its contributors may be used to endorse or promote products
+ *    derived from this software without specific prior written permission.
+ * 
+ * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS" AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED
+ * WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE
+ * DISCLAIMED. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY
+ * DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES
+ * (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
+ * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND
+ * ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
+ * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS
+ * SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
+ */
+
+#include <stdlib.h>
+
+#include "misc/debug.h"
+#include "misc/offset.h"
+#include "misc/minmax.h"
+#include "misc/compare.h"
+
+#include "flow/PacketPassFairQueue.h"
+
+static int compare_flows (PacketPassFairQueueFlow *f1, PacketPassFairQueueFlow *f2)
+{
+    int cmp = B_COMPARE(f1->time, f2->time);
+    if (cmp) {
+        return cmp;
+    }
+    
+    return B_COMPARE((uintptr_t)f1, (uintptr_t)f2);
+}
+
+#include "PacketPassFairQueue_tree.h"
+#include "structure/SAvl_impl.h"
+
+static uint64_t get_current_time (PacketPassFairQueue *m)
+{
+    if (m->sending_flow) {
+        return m->sending_flow->time;
+    }
+    
+    uint64_t time = 0; // to remove warning
+    int have = 0;
+    
+    PacketPassFairQueueFlow *first_flow = PacketPassFairQueue__Tree_GetFirst(&m->queued_tree, 0);
+    if (first_flow) {
+        ASSERT(first_flow->is_queued)
+        
+        time = first_flow->time;
+        have = 1;
+    }
+    
+    if (m->previous_flow) {
+        if (!have || m->previous_flow->time < time) {
+            time = m->previous_flow->time;
+            have = 1;
+        }
+    }
+    
+    return (have ? time : 0);
+}
+
+static void increment_sent_flow (PacketPassFairQueueFlow *flow, uint64_t amount)
+{
+    PacketPassFairQueue *m = flow->m;
+    
+    ASSERT(amount <= FAIRQUEUE_MAX_TIME)
+    ASSERT(!flow->is_queued)
+    ASSERT(!m->sending_flow)
+    
+    // does time overflow?
+    if (amount > FAIRQUEUE_MAX_TIME - flow->time) {
+        // get time to subtract
+        uint64_t subtract;
+        PacketPassFairQueueFlow *first_flow = PacketPassFairQueue__Tree_GetFirst(&m->queued_tree, 0);
+        if (!first_flow) {
+            subtract = flow->time;
+        } else {
+            ASSERT(first_flow->is_queued)
+            subtract = first_flow->time;
+        }
+        
+        // subtract time from all flows
+        for (LinkedList1Node *list_node = LinkedList1_GetFirst(&m->flows_list); list_node; list_node = LinkedList1Node_Next(list_node)) {
+            PacketPassFairQueueFlow *someflow = UPPER_OBJECT(list_node, PacketPassFairQueueFlow, list_node);
+            
+            // don't subtract more time than there is, except for the just finished flow,
+            // where we allow time to underflow and then overflow to the correct value after adding to it
+            if (subtract > someflow->time && someflow != flow) {
+                ASSERT(!someflow->is_queued)
+                someflow->time = 0;
+            } else {
+                someflow->time -= subtract;
+            }
+        }
+    }
+    
+    // add time to flow
+    flow->time += amount;
+}
+
+static void schedule (PacketPassFairQueue *m)
+{
+    ASSERT(!m->sending_flow)
+    ASSERT(!m->previous_flow)
+    ASSERT(!m->freeing)
+    ASSERT(!PacketPassFairQueue__Tree_IsEmpty(&m->queued_tree))
+    
+    // get first queued flow
+    PacketPassFairQueueFlow *qflow = PacketPassFairQueue__Tree_GetFirst(&m->queued_tree, 0);
+    ASSERT(qflow->is_queued)
+    
+    // remove flow from queue
+    PacketPassFairQueue__Tree_Remove(&m->queued_tree, 0, qflow);
+    qflow->is_queued = 0;
+    
+    // schedule send
+    PacketPassInterface_Sender_Send(m->output, qflow->queued.data, qflow->queued.data_len);
+    m->sending_flow = qflow;
+    m->sending_len = qflow->queued.data_len;
+}
+
+static void schedule_job_handler (PacketPassFairQueue *m)
+{
+    ASSERT(!m->sending_flow)
+    ASSERT(!m->freeing)
+    DebugObject_Access(&m->d_obj);
+    
+    // remove previous flow
+    m->previous_flow = NULL;
+    
+    if (!PacketPassFairQueue__Tree_IsEmpty(&m->queued_tree)) {
+        schedule(m);
+    }
+}
+
+static void input_handler_send (PacketPassFairQueueFlow *flow, uint8_t *data, int data_len)
+{
+    PacketPassFairQueue *m = flow->m;
+    
+    ASSERT(flow != m->sending_flow)
+    ASSERT(!flow->is_queued)
+    ASSERT(!m->freeing)
+    DebugObject_Access(&flow->d_obj);
+    
+    if (flow == m->previous_flow) {
+        // remove from previous flow
+        m->previous_flow = NULL;
+    } else {
+        // raise time
+        flow->time = bmax_uint64(flow->time, get_current_time(m));
+    }
+    
+    // queue flow
+    flow->queued.data = data;
+    flow->queued.data_len = data_len;
+    int res = PacketPassFairQueue__Tree_Insert(&m->queued_tree, 0, flow, NULL);
+    ASSERT_EXECUTE(res)
+    flow->is_queued = 1;
+    
+    if (!m->sending_flow && !BPending_IsSet(&m->schedule_job)) {
+        schedule(m);
+    }
+}
+
+static void output_handler_done (PacketPassFairQueue *m)
+{
+    ASSERT(m->sending_flow)
+    ASSERT(!m->previous_flow)
+    ASSERT(!BPending_IsSet(&m->schedule_job))
+    ASSERT(!m->freeing)
+    ASSERT(!m->sending_flow->is_queued)
+    
+    PacketPassFairQueueFlow *flow = m->sending_flow;
+    
+    // sending finished
+    m->sending_flow = NULL;
+    
+    // remember this flow so the schedule job can remove its time if it didn's send
+    m->previous_flow = flow;
+    
+    // update flow time by packet size
+    increment_sent_flow(flow, (uint64_t)m->packet_weight + m->sending_len);
+    
+    // schedule schedule
+    BPending_Set(&m->schedule_job);
+    
+    // finish flow packet
+    PacketPassInterface_Done(&flow->input);
+    
+    // call busy handler if set
+    if (flow->handler_busy) {
+        // handler is one-shot, unset it before calling
+        PacketPassFairQueue_handler_busy handler = flow->handler_busy;
+        flow->handler_busy = NULL;
+        
+        // call handler
+        handler(flow->user);
+        return;
+    }
+}
+
+int PacketPassFairQueue_Init (PacketPassFairQueue *m, PacketPassInterface *output, BPendingGroup *pg, int use_cancel, int packet_weight)
+{
+    ASSERT(packet_weight > 0)
+    ASSERT(use_cancel == 0 || use_cancel == 1)
+    ASSERT(!use_cancel || PacketPassInterface_HasCancel(output))
+    
+    // init arguments
+    m->output = output;
+    m->pg = pg;
+    m->use_cancel = use_cancel;
+    m->packet_weight = packet_weight;
+    
+    // make sure that (output MTU + packet_weight <= FAIRQUEUE_MAX_TIME)
+    if (!(
+        (PacketPassInterface_GetMTU(output) <= FAIRQUEUE_MAX_TIME) &&
+        (packet_weight <= FAIRQUEUE_MAX_TIME - PacketPassInterface_GetMTU(output))
+    )) {
+        goto fail0;
+    }
+    
+    // init output
+    PacketPassInterface_Sender_Init(m->output, (PacketPassInterface_handler_done)output_handler_done, m);
+    
+    // not sending
+    m->sending_flow = NULL;
+    
+    // no previous flow
+    m->previous_flow = NULL;
+    
+    // init queued tree
+    PacketPassFairQueue__Tree_Init(&m->queued_tree);
+    
+    // init flows list
+    LinkedList1_Init(&m->flows_list);
+    
+    // not freeing
+    m->freeing = 0;
+    
+    // init schedule job
+    BPending_Init(&m->schedule_job, m->pg, (BPending_handler)schedule_job_handler, m);
+    
+    DebugObject_Init(&m->d_obj);
+    DebugCounter_Init(&m->d_ctr);
+    return 1;
+    
+fail0:
+    return 0;
+}
+
+void PacketPassFairQueue_Free (PacketPassFairQueue *m)
+{
+    ASSERT(LinkedList1_IsEmpty(&m->flows_list))
+    ASSERT(PacketPassFairQueue__Tree_IsEmpty(&m->queued_tree))
+    ASSERT(!m->previous_flow)
+    ASSERT(!m->sending_flow)
+    DebugCounter_Free(&m->d_ctr);
+    DebugObject_Free(&m->d_obj);
+    
+    // free schedule job
+    BPending_Free(&m->schedule_job);
+}
+
+void PacketPassFairQueue_PrepareFree (PacketPassFairQueue *m)
+{
+    DebugObject_Access(&m->d_obj);
+    
+    // set freeing
+    m->freeing = 1;
+}
+
+int PacketPassFairQueue_GetMTU (PacketPassFairQueue *m)
+{
+    DebugObject_Access(&m->d_obj);
+    
+    return PacketPassInterface_GetMTU(m->output);
+}
+
+void PacketPassFairQueueFlow_Init (PacketPassFairQueueFlow *flow, PacketPassFairQueue *m)
+{
+    ASSERT(!m->freeing)
+    DebugObject_Access(&m->d_obj);
+    
+    // init arguments
+    flow->m = m;
+    
+    // have no canfree handler
+    flow->handler_busy = NULL;
+    
+    // init input
+    PacketPassInterface_Init(&flow->input, PacketPassInterface_GetMTU(flow->m->output), (PacketPassInterface_handler_send)input_handler_send, flow, m->pg);
+    
+    // set time
+    flow->time = 0;
+    
+    // add to flows list
+    LinkedList1_Append(&m->flows_list, &flow->list_node);
+    
+    // is not queued
+    flow->is_queued = 0;
+    
+    DebugObject_Init(&flow->d_obj);
+    DebugCounter_Increment(&m->d_ctr);
+}
+
+void PacketPassFairQueueFlow_Free (PacketPassFairQueueFlow *flow)
+{
+    PacketPassFairQueue *m = flow->m;
+    
+    ASSERT(m->freeing || flow != m->sending_flow)
+    DebugCounter_Decrement(&m->d_ctr);
+    DebugObject_Free(&flow->d_obj);
+    
+    // remove from current flow
+    if (flow == m->sending_flow) {
+        m->sending_flow = NULL;
+    }
+    
+    // remove from previous flow
+    if (flow == m->previous_flow) {
+        m->previous_flow = NULL;
+    }
+    
+    // remove from queue
+    if (flow->is_queued) {
+        PacketPassFairQueue__Tree_Remove(&m->queued_tree, 0, flow);
+    }
+    
+    // remove from flows list
+    LinkedList1_Remove(&m->flows_list, &flow->list_node);
+    
+    // free input
+    PacketPassInterface_Free(&flow->input);
+}
+
+void PacketPassFairQueueFlow_AssertFree (PacketPassFairQueueFlow *flow)
+{
+    PacketPassFairQueue *m = flow->m;
+    B_USE(m)
+    
+    ASSERT(m->freeing || flow != m->sending_flow)
+    DebugObject_Access(&flow->d_obj);
+}
+
+int PacketPassFairQueueFlow_IsBusy (PacketPassFairQueueFlow *flow)
+{
+    PacketPassFairQueue *m = flow->m;
+    
+    ASSERT(!m->freeing)
+    DebugObject_Access(&flow->d_obj);
+    
+    return (flow == m->sending_flow);
+}
+
+void PacketPassFairQueueFlow_RequestCancel (PacketPassFairQueueFlow *flow)
+{
+    PacketPassFairQueue *m = flow->m;
+    
+    ASSERT(flow == m->sending_flow)
+    ASSERT(m->use_cancel)
+    ASSERT(!m->freeing)
+    ASSERT(!BPending_IsSet(&m->schedule_job))
+    DebugObject_Access(&flow->d_obj);
+    
+    // request cancel
+    PacketPassInterface_Sender_RequestCancel(m->output);
+}
+
+void PacketPassFairQueueFlow_SetBusyHandler (PacketPassFairQueueFlow *flow, PacketPassFairQueue_handler_busy handler, void *user)
+{
+    PacketPassFairQueue *m = flow->m;
+    B_USE(m)
+    
+    ASSERT(flow == m->sending_flow)
+    ASSERT(!m->freeing)
+    DebugObject_Access(&flow->d_obj);
+    
+    // set handler
+    flow->handler_busy = handler;
+    flow->user = user;
+}
+
+PacketPassInterface * PacketPassFairQueueFlow_GetInput (PacketPassFairQueueFlow *flow)
+{
+    DebugObject_Access(&flow->d_obj);
+    
+    return &flow->input;
+}
diff --git a/client/3rd/PacketProcessor/PacketProcessor/tun2socks-iOS/flow/PacketPassFairQueue.h b/client/3rd/PacketProcessor/PacketProcessor/tun2socks-iOS/flow/PacketPassFairQueue.h
new file mode 100644
index 00000000..47bf5161
--- /dev/null
+++ b/client/3rd/PacketProcessor/PacketProcessor/tun2socks-iOS/flow/PacketPassFairQueue.h
@@ -0,0 +1,204 @@
+/**
+ * @file PacketPassFairQueue.h
+ * @author Ambroz Bizjak <ambrop7@gmail.com>
+ * 
+ * @section LICENSE
+ * 
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions are met:
+ * 1. Redistributions of source code must retain the above copyright
+ *    notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in the
+ *    documentation and/or other materials provided with the distribution.
+ * 3. Neither the name of the author nor the
+ *    names of its contributors may be used to endorse or promote products
+ *    derived from this software without specific prior written permission.
+ * 
+ * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS" AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED
+ * WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE
+ * DISCLAIMED. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY
+ * DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES
+ * (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
+ * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND
+ * ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
+ * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS
+ * SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
+ * 
+ * @section DESCRIPTION
+ * 
+ * Fair queue using {@link PacketPassInterface}.
+ */
+
+#ifndef BADVPN_FLOW_PACKETPASSFAIRQUEUE_H
+#define BADVPN_FLOW_PACKETPASSFAIRQUEUE_H
+
+#include <stdint.h>
+
+#include "misc/debug.h"
+#include "misc/debugcounter.h"
+#include "structure/SAvl.h"
+#include "structure/LinkedList1.h"
+#include "base/DebugObject.h"
+#include "base/BPending.h"
+#include "flow/PacketPassInterface.h"
+
+// reduce this to test time overflow handling
+#define FAIRQUEUE_MAX_TIME UINT64_MAX
+
+typedef void (*PacketPassFairQueue_handler_busy) (void *user);
+
+struct PacketPassFairQueueFlow_s;
+
+#include "PacketPassFairQueue_tree.h"
+#include "structure/SAvl_decl.h"
+
+typedef struct PacketPassFairQueueFlow_s {
+    struct PacketPassFairQueue_s *m;
+    PacketPassFairQueue_handler_busy handler_busy;
+    void *user;
+    PacketPassInterface input;
+    uint64_t time;
+    LinkedList1Node list_node;
+    int is_queued;
+    struct {
+        PacketPassFairQueue__TreeNode tree_node;
+        uint8_t *data;
+        int data_len;
+    } queued;
+    DebugObject d_obj;
+} PacketPassFairQueueFlow;
+
+/**
+ * Fair queue using {@link PacketPassInterface}.
+ */
+typedef struct PacketPassFairQueue_s {
+    PacketPassInterface *output;
+    BPendingGroup *pg;
+    int use_cancel;
+    int packet_weight;
+    struct PacketPassFairQueueFlow_s *sending_flow;
+    int sending_len;
+    struct PacketPassFairQueueFlow_s *previous_flow;
+    PacketPassFairQueue__Tree queued_tree;
+    LinkedList1 flows_list;
+    int freeing;
+    BPending schedule_job;
+    DebugObject d_obj;
+    DebugCounter d_ctr;
+} PacketPassFairQueue;
+
+/**
+ * Initializes the queue.
+ *
+ * @param m the object
+ * @param output output interface
+ * @param pg pending group
+ * @param use_cancel whether cancel functionality is required. Must be 0 or 1.
+ *                   If 1, output must support cancel functionality.
+ * @param packet_weight additional weight a packet bears. Must be >0, to keep
+ *                      the queue fair for zero size packets.
+ * @return 1 on success, 0 on failure (because output MTU is too large)
+ */
+int PacketPassFairQueue_Init (PacketPassFairQueue *m, PacketPassInterface *output, BPendingGroup *pg, int use_cancel, int packet_weight) WARN_UNUSED;
+
+/**
+ * Frees the queue.
+ * All flows must have been freed.
+ *
+ * @param m the object
+ */
+void PacketPassFairQueue_Free (PacketPassFairQueue *m);
+
+/**
+ * Prepares for freeing the entire queue. Must be called to allow freeing
+ * the flows in the process of freeing the entire queue.
+ * After this function is called, flows and the queue must be freed
+ * before any further I/O.
+ * May be called multiple times.
+ * The queue enters freeing state.
+ *
+ * @param m the object
+ */
+void PacketPassFairQueue_PrepareFree (PacketPassFairQueue *m);
+
+/**
+ * Returns the MTU of the queue.
+ *
+ * @param m the object
+ */
+int PacketPassFairQueue_GetMTU (PacketPassFairQueue *m);
+
+/**
+ * Initializes a queue flow.
+ * Queue must not be in freeing state.
+ * Must not be called from queue calls to output.
+ *
+ * @param flow the object
+ * @param m queue to attach to
+ */
+void PacketPassFairQueueFlow_Init (PacketPassFairQueueFlow *flow, PacketPassFairQueue *m);
+
+/**
+ * Frees a queue flow.
+ * Unless the queue is in freeing state:
+ * - The flow must not be busy as indicated by {@link PacketPassFairQueueFlow_IsBusy}.
+ * - Must not be called from queue calls to output.
+ *
+ * @param flow the object
+ */
+void PacketPassFairQueueFlow_Free (PacketPassFairQueueFlow *flow);
+
+/**
+ * Does nothing.
+ * It must be possible to free the flow (see {@link PacketPassFairQueueFlow_Free}).
+ * 
+ * @param flow the object
+ */
+void PacketPassFairQueueFlow_AssertFree (PacketPassFairQueueFlow *flow);
+
+/**
+ * Determines if the flow is busy. If the flow is considered busy, it must not
+ * be freed. At any given time, at most one flow will be indicated as busy.
+ * Queue must not be in freeing state.
+ * Must not be called from queue calls to output.
+ *
+ * @param flow the object
+ * @return 0 if not busy, 1 is busy
+ */
+int PacketPassFairQueueFlow_IsBusy (PacketPassFairQueueFlow *flow);
+
+/**
+ * Requests the output to stop processing the current packet as soon as possible.
+ * Cancel functionality must be enabled for the queue.
+ * The flow must be busy as indicated by {@link PacketPassFairQueueFlow_IsBusy}.
+ * Queue must not be in freeing state.
+ * 
+ * @param flow the object
+ */
+void PacketPassFairQueueFlow_RequestCancel (PacketPassFairQueueFlow *flow);
+
+/**
+ * Sets up a callback to be called when the flow is no longer busy.
+ * The handler will be called as soon as the flow is no longer busy, i.e. it is not
+ * possible that this flow is no longer busy before the handler is called.
+ * The flow must be busy as indicated by {@link PacketPassFairQueueFlow_IsBusy}.
+ * Queue must not be in freeing state.
+ * Must not be called from queue calls to output.
+ *
+ * @param flow the object
+ * @param handler callback function. NULL to disable.
+ * @param user value passed to callback function. Ignored if handler is NULL.
+ */
+void PacketPassFairQueueFlow_SetBusyHandler (PacketPassFairQueueFlow *flow, PacketPassFairQueue_handler_busy handler, void *user);
+
+/**
+ * Returns the input interface of the flow.
+ *
+ * @param flow the object
+ * @return input interface
+ */
+PacketPassInterface * PacketPassFairQueueFlow_GetInput (PacketPassFairQueueFlow *flow);
+
+#endif
diff --git a/client/3rd/PacketProcessor/PacketProcessor/tun2socks-iOS/flow/PacketPassFairQueue_tree.h b/client/3rd/PacketProcessor/PacketProcessor/tun2socks-iOS/flow/PacketPassFairQueue_tree.h
new file mode 100644
index 00000000..5dd0a7d4
--- /dev/null
+++ b/client/3rd/PacketProcessor/PacketProcessor/tun2socks-iOS/flow/PacketPassFairQueue_tree.h
@@ -0,0 +1,7 @@
+#define SAVL_PARAM_NAME PacketPassFairQueue__Tree
+#define SAVL_PARAM_FEATURE_COUNTS 0
+#define SAVL_PARAM_FEATURE_NOKEYS 1
+#define SAVL_PARAM_TYPE_ENTRY struct PacketPassFairQueueFlow_s
+#define SAVL_PARAM_TYPE_ARG int
+#define SAVL_PARAM_FUN_COMPARE_ENTRIES(arg, entry1, entry2) compare_flows((entry1), (entry2))
+#define SAVL_PARAM_MEMBER_NODE queued.tree_node
diff --git a/client/3rd/PacketProcessor/PacketProcessor/tun2socks-iOS/flow/PacketPassInterface.c b/client/3rd/PacketProcessor/PacketProcessor/tun2socks-iOS/flow/PacketPassInterface.c
new file mode 100644
index 00000000..9c53003b
--- /dev/null
+++ b/client/3rd/PacketProcessor/PacketProcessor/tun2socks-iOS/flow/PacketPassInterface.c
@@ -0,0 +1,68 @@
+/**
+ * @file PacketPassInterface.c
+ * @author Ambroz Bizjak <ambrop7@gmail.com>
+ * 
+ * @section LICENSE
+ * 
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions are met:
+ * 1. Redistributions of source code must retain the above copyright
+ *    notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in the
+ *    documentation and/or other materials provided with the distribution.
+ * 3. Neither the name of the author nor the
+ *    names of its contributors may be used to endorse or promote products
+ *    derived from this software without specific prior written permission.
+ * 
+ * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS" AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED
+ * WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE
+ * DISCLAIMED. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY
+ * DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES
+ * (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
+ * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND
+ * ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
+ * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS
+ * SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
+ */
+
+#include "flow/PacketPassInterface.h"
+
+void _PacketPassInterface_job_operation (PacketPassInterface *i)
+{
+    ASSERT(i->state == PPI_STATE_OPERATION_PENDING)
+    DebugObject_Access(&i->d_obj);
+    
+    // set state
+    i->state = PPI_STATE_BUSY;
+    
+    // call handler
+    i->handler_operation(i->user_provider, i->job_operation_data, i->job_operation_len);
+    return;
+}
+
+void _PacketPassInterface_job_requestcancel (PacketPassInterface *i)
+{
+    ASSERT(i->state == PPI_STATE_BUSY)
+    ASSERT(i->cancel_requested)
+    ASSERT(i->handler_requestcancel)
+    DebugObject_Access(&i->d_obj);
+    
+    // call handler
+    i->handler_requestcancel(i->user_provider);
+    return;
+}
+
+void _PacketPassInterface_job_done (PacketPassInterface *i)
+{
+    ASSERT(i->state == PPI_STATE_DONE_PENDING)
+    DebugObject_Access(&i->d_obj);
+    
+    // set state
+    i->state = PPI_STATE_NONE;
+    
+    // call handler
+    i->handler_done(i->user_user);
+    return;
+}
diff --git a/client/3rd/PacketProcessor/PacketProcessor/tun2socks-iOS/flow/PacketPassInterface.h b/client/3rd/PacketProcessor/PacketProcessor/tun2socks-iOS/flow/PacketPassInterface.h
new file mode 100644
index 00000000..bcd5c619
--- /dev/null
+++ b/client/3rd/PacketProcessor/PacketProcessor/tun2socks-iOS/flow/PacketPassInterface.h
@@ -0,0 +1,236 @@
+/**
+ * @file PacketPassInterface.h
+ * @author Ambroz Bizjak <ambrop7@gmail.com>
+ * 
+ * @section LICENSE
+ * 
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions are met:
+ * 1. Redistributions of source code must retain the above copyright
+ *    notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in the
+ *    documentation and/or other materials provided with the distribution.
+ * 3. Neither the name of the author nor the
+ *    names of its contributors may be used to endorse or promote products
+ *    derived from this software without specific prior written permission.
+ * 
+ * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS" AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED
+ * WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE
+ * DISCLAIMED. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY
+ * DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES
+ * (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
+ * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND
+ * ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
+ * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS
+ * SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
+ * 
+ * @section DESCRIPTION
+ * 
+ * Interface allowing a packet sender to pass data packets to a packet receiver.
+ */
+
+#ifndef BADVPN_FLOW_PACKETPASSINTERFACE_H
+#define BADVPN_FLOW_PACKETPASSINTERFACE_H
+
+#include <stdint.h>
+#include <stddef.h>
+
+#include "misc/debug.h"
+#include "base/DebugObject.h"
+#include "base/BPending.h"
+
+#define PPI_STATE_NONE 1
+#define PPI_STATE_OPERATION_PENDING 2
+#define PPI_STATE_BUSY 3
+#define PPI_STATE_DONE_PENDING 4
+
+typedef void (*PacketPassInterface_handler_send) (void *user, uint8_t *data, int data_len);
+
+typedef void (*PacketPassInterface_handler_requestcancel) (void *user);
+
+typedef void (*PacketPassInterface_handler_done) (void *user);
+
+typedef struct {
+    // provider data
+    int mtu;
+    PacketPassInterface_handler_send handler_operation;
+    PacketPassInterface_handler_requestcancel handler_requestcancel;
+    void *user_provider;
+    
+    // user data
+    PacketPassInterface_handler_done handler_done;
+    void *user_user;
+    
+    // operation job
+    BPending job_operation;
+    uint8_t *job_operation_data;
+    int job_operation_len;
+    
+    // requestcancel job
+    BPending job_requestcancel;
+    
+    // done job
+    BPending job_done;
+    
+    // state
+    int state;
+    int cancel_requested;
+    
+    DebugObject d_obj;
+} PacketPassInterface;
+
+static void PacketPassInterface_Init (PacketPassInterface *i, int mtu, PacketPassInterface_handler_send handler_operation, void *user, BPendingGroup *pg);
+
+static void PacketPassInterface_Free (PacketPassInterface *i);
+
+static void PacketPassInterface_EnableCancel (PacketPassInterface *i, PacketPassInterface_handler_requestcancel handler_requestcancel);
+
+static void PacketPassInterface_Done (PacketPassInterface *i);
+
+static int PacketPassInterface_GetMTU (PacketPassInterface *i);
+
+static void PacketPassInterface_Sender_Init (PacketPassInterface *i, PacketPassInterface_handler_done handler_done, void *user);
+
+static void PacketPassInterface_Sender_Send (PacketPassInterface *i, uint8_t *data, int data_len);
+
+static void PacketPassInterface_Sender_RequestCancel (PacketPassInterface *i);
+
+static int PacketPassInterface_HasCancel (PacketPassInterface *i);
+
+void _PacketPassInterface_job_operation (PacketPassInterface *i);
+void _PacketPassInterface_job_requestcancel (PacketPassInterface *i);
+void _PacketPassInterface_job_done (PacketPassInterface *i);
+
+void PacketPassInterface_Init (PacketPassInterface *i, int mtu, PacketPassInterface_handler_send handler_operation, void *user, BPendingGroup *pg)
+{
+    ASSERT(mtu >= 0)
+    
+    // init arguments
+    i->mtu = mtu;
+    i->handler_operation = handler_operation;
+    i->handler_requestcancel = NULL;
+    i->user_provider = user;
+    
+    // set no user
+    i->handler_done = NULL;
+    
+    // init jobs
+    BPending_Init(&i->job_operation, pg, (BPending_handler)_PacketPassInterface_job_operation, i);
+    BPending_Init(&i->job_requestcancel, pg, (BPending_handler)_PacketPassInterface_job_requestcancel, i);
+    BPending_Init(&i->job_done, pg, (BPending_handler)_PacketPassInterface_job_done, i);
+    
+    // set state
+    i->state = PPI_STATE_NONE;
+    
+    DebugObject_Init(&i->d_obj);
+}
+
+void PacketPassInterface_Free (PacketPassInterface *i)
+{
+    DebugObject_Free(&i->d_obj);
+    
+    // free jobs
+    BPending_Free(&i->job_done);
+    BPending_Free(&i->job_requestcancel);
+    BPending_Free(&i->job_operation);
+}
+
+void PacketPassInterface_EnableCancel (PacketPassInterface *i, PacketPassInterface_handler_requestcancel handler_requestcancel)
+{
+    ASSERT(!i->handler_requestcancel)
+    ASSERT(!i->handler_done)
+    ASSERT(handler_requestcancel)
+    
+    i->handler_requestcancel = handler_requestcancel;
+}
+
+void PacketPassInterface_Done (PacketPassInterface *i)
+{
+    ASSERT(i->state == PPI_STATE_BUSY)
+    DebugObject_Access(&i->d_obj);
+    
+    // unset requestcancel job
+    BPending_Unset(&i->job_requestcancel);
+    
+    // schedule done
+    BPending_Set(&i->job_done);
+    
+    // set state
+    i->state = PPI_STATE_DONE_PENDING;
+}
+
+int PacketPassInterface_GetMTU (PacketPassInterface *i)
+{
+    DebugObject_Access(&i->d_obj);
+    
+    return i->mtu;
+}
+
+void PacketPassInterface_Sender_Init (PacketPassInterface *i, PacketPassInterface_handler_done handler_done, void *user)
+{
+    ASSERT(handler_done)
+    ASSERT(!i->handler_done)
+    DebugObject_Access(&i->d_obj);
+    
+    i->handler_done = handler_done;
+    i->user_user = user;
+}
+
+void PacketPassInterface_Sender_Send (PacketPassInterface *i, uint8_t *data, int data_len)
+{
+    ASSERT(data_len >= 0)
+    ASSERT(data_len <= i->mtu)
+    ASSERT(!(data_len > 0) || data)
+    ASSERT(i->state == PPI_STATE_NONE)
+    ASSERT(i->handler_done)
+    DebugObject_Access(&i->d_obj);
+    
+    // schedule operation
+    i->job_operation_data = data;
+    i->job_operation_len = data_len;
+    BPending_Set(&i->job_operation);
+    
+    // set state
+    i->state = PPI_STATE_OPERATION_PENDING;
+    i->cancel_requested = 0;
+}
+
+void PacketPassInterface_Sender_RequestCancel (PacketPassInterface *i)
+{
+    ASSERT(i->state == PPI_STATE_OPERATION_PENDING || i->state == PPI_STATE_BUSY || i->state == PPI_STATE_DONE_PENDING)
+    ASSERT(i->handler_requestcancel)
+    DebugObject_Access(&i->d_obj);
+    
+    // ignore multiple cancel requests
+    if (i->cancel_requested) {
+        return;
+    }
+    
+    // remember we requested cancel
+    i->cancel_requested = 1;
+    
+    if (i->state == PPI_STATE_OPERATION_PENDING) {
+        // unset operation job
+        BPending_Unset(&i->job_operation);
+        
+        // set done job
+        BPending_Set(&i->job_done);
+        
+        // set state
+        i->state = PPI_STATE_DONE_PENDING;
+    } else if (i->state == PPI_STATE_BUSY) {
+        // set requestcancel job
+        BPending_Set(&i->job_requestcancel);
+    }
+}
+
+int PacketPassInterface_HasCancel (PacketPassInterface *i)
+{
+    DebugObject_Access(&i->d_obj);
+    
+    return !!i->handler_requestcancel;
+}
+
+#endif
diff --git a/client/3rd/PacketProcessor/PacketProcessor/tun2socks-iOS/flow/PacketProtoDecoder.c b/client/3rd/PacketProcessor/PacketProcessor/tun2socks-iOS/flow/PacketProtoDecoder.c
new file mode 100644
index 00000000..a2cc2b63
--- /dev/null
+++ b/client/3rd/PacketProcessor/PacketProcessor/tun2socks-iOS/flow/PacketProtoDecoder.c
@@ -0,0 +1,182 @@
+/**
+ * @file PacketProtoDecoder.c
+ * @author Ambroz Bizjak <ambrop7@gmail.com>
+ * 
+ * @section LICENSE
+ * 
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions are met:
+ * 1. Redistributions of source code must retain the above copyright
+ *    notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in the
+ *    documentation and/or other materials provided with the distribution.
+ * 3. Neither the name of the author nor the
+ *    names of its contributors may be used to endorse or promote products
+ *    derived from this software without specific prior written permission.
+ * 
+ * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS" AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED
+ * WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE
+ * DISCLAIMED. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY
+ * DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES
+ * (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
+ * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND
+ * ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
+ * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS
+ * SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
+ */
+
+#include <stdlib.h>
+#include <string.h>
+
+#include "misc/debug.h"
+#include "misc/byteorder.h"
+#include "misc/minmax.h"
+#include "base/BLog.h"
+
+#include "flow/PacketProtoDecoder.h"
+
+#include "generated/blog_channel_PacketProtoDecoder.h"
+
+static void process_data (PacketProtoDecoder *enc);
+static void input_handler_done (PacketProtoDecoder *enc, int data_len);
+static void output_handler_done (PacketProtoDecoder *enc);
+
+void process_data (PacketProtoDecoder *enc)
+{
+    int was_error = 0;
+    
+    do {
+        uint8_t *data = enc->buf + enc->buf_start;
+        int left = enc->buf_used;
+        
+        // check if header was received
+        if (left < sizeof(struct packetproto_header)) {
+            break;
+        }
+        struct packetproto_header header;
+        memcpy(&header, data, sizeof(header));
+        data += sizeof(struct packetproto_header);
+        left -= sizeof(struct packetproto_header);
+        int data_len = ltoh16(header.len);
+        
+        // check data length
+        if (data_len > enc->output_mtu) {
+            BLog(BLOG_NOTICE, "error: packet too large");
+            was_error = 1;
+            break;
+        }
+        
+        // check if whole packet was received
+        if (left < data_len) {
+            break;
+        }
+        
+        // update buffer
+        enc->buf_start += sizeof(struct packetproto_header) + data_len;
+        enc->buf_used -= sizeof(struct packetproto_header) + data_len;
+        
+        // submit packet
+        PacketPassInterface_Sender_Send(enc->output, data, data_len);
+        return;
+    } while (0);
+    
+    if (was_error) {
+        // reset buffer
+        enc->buf_start = 0;
+        enc->buf_used = 0;
+    } else {
+        // if we reached the end of the buffer, wrap around to allow more data to be received
+        if (enc->buf_start + enc->buf_used == enc->buf_size) {
+            memmove(enc->buf, enc->buf + enc->buf_start, enc->buf_used);
+            enc->buf_start = 0;
+        }
+    }
+    
+    // receive data
+    StreamRecvInterface_Receiver_Recv(enc->input, enc->buf + (enc->buf_start + enc->buf_used), enc->buf_size - (enc->buf_start + enc->buf_used));
+    
+    // if we had error, report it
+    if (was_error) {
+        enc->handler_error(enc->user);
+        return;
+    }
+}
+
+static void input_handler_done (PacketProtoDecoder *enc, int data_len)
+{
+    ASSERT(data_len > 0)
+    ASSERT(data_len <= enc->buf_size - (enc->buf_start + enc->buf_used))
+    DebugObject_Access(&enc->d_obj);
+    
+    // update buffer
+    enc->buf_used += data_len;
+    
+    // process data
+    process_data(enc);
+    return;
+}
+
+void output_handler_done (PacketProtoDecoder *enc)
+{
+    DebugObject_Access(&enc->d_obj);
+    
+    // process data
+    process_data(enc);
+    return;
+}
+
+int PacketProtoDecoder_Init (PacketProtoDecoder *enc, StreamRecvInterface *input, PacketPassInterface *output, BPendingGroup *pg, void *user, PacketProtoDecoder_handler_error handler_error)
+{
+    // init arguments
+    enc->input = input;
+    enc->output = output;
+    enc->user = user;
+    enc->handler_error = handler_error;
+    
+    // init input
+    StreamRecvInterface_Receiver_Init(enc->input, (StreamRecvInterface_handler_done)input_handler_done, enc);
+    
+    // init output
+    PacketPassInterface_Sender_Init(enc->output, (PacketPassInterface_handler_done)output_handler_done, enc);
+    
+    // set output MTU, limit by maximum payload size
+    enc->output_mtu = bmin_int(PacketPassInterface_GetMTU(enc->output), PACKETPROTO_MAXPAYLOAD);
+    
+    // init buffer state
+    enc->buf_size = PACKETPROTO_ENCLEN(enc->output_mtu);
+    enc->buf_start = 0;
+    enc->buf_used = 0;
+    
+    // allocate buffer
+    if (!(enc->buf = (uint8_t *)malloc(enc->buf_size))) {
+        goto fail0;
+    }
+    
+    // start receiving
+    StreamRecvInterface_Receiver_Recv(enc->input, enc->buf, enc->buf_size);
+    
+    DebugObject_Init(&enc->d_obj);
+    
+    return 1;
+    
+fail0:
+    return 0;
+}
+
+void PacketProtoDecoder_Free (PacketProtoDecoder *enc)
+{
+    DebugObject_Free(&enc->d_obj);
+    
+    // free buffer
+    free(enc->buf);
+}
+
+void PacketProtoDecoder_Reset (PacketProtoDecoder *enc)
+{
+    DebugObject_Access(&enc->d_obj);
+    
+    enc->buf_start += enc->buf_used;
+    enc->buf_used = 0;
+}
diff --git a/client/3rd/PacketProcessor/PacketProcessor/tun2socks-iOS/flow/PacketProtoDecoder.h b/client/3rd/PacketProcessor/PacketProcessor/tun2socks-iOS/flow/PacketProtoDecoder.h
new file mode 100644
index 00000000..8cece5ba
--- /dev/null
+++ b/client/3rd/PacketProcessor/PacketProcessor/tun2socks-iOS/flow/PacketProtoDecoder.h
@@ -0,0 +1,96 @@
+/**
+ * @file PacketProtoDecoder.h
+ * @author Ambroz Bizjak <ambrop7@gmail.com>
+ * 
+ * @section LICENSE
+ * 
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions are met:
+ * 1. Redistributions of source code must retain the above copyright
+ *    notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in the
+ *    documentation and/or other materials provided with the distribution.
+ * 3. Neither the name of the author nor the
+ *    names of its contributors may be used to endorse or promote products
+ *    derived from this software without specific prior written permission.
+ * 
+ * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS" AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED
+ * WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE
+ * DISCLAIMED. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY
+ * DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES
+ * (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
+ * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND
+ * ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
+ * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS
+ * SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
+ * 
+ * @section DESCRIPTION
+ * 
+ * Object which decodes a stream according to PacketProto.
+ */
+
+#ifndef BADVPN_FLOW_PACKETPROTODECODER_H
+#define BADVPN_FLOW_PACKETPROTODECODER_H
+
+#include <stdint.h>
+
+#include "protocol/packetproto.h"
+#include "misc/debug.h"
+#include "base/DebugObject.h"
+#include "flow/StreamRecvInterface.h"
+#include "flow/PacketPassInterface.h"
+
+/**
+ * Handler called when a protocol error occurs.
+ * When an error occurs, the decoder is reset to the initial state.
+ * 
+ * @param user as in {@link PacketProtoDecoder_Init}
+ */
+typedef void (*PacketProtoDecoder_handler_error) (void *user);
+
+typedef struct {
+    StreamRecvInterface *input;
+    PacketPassInterface *output;
+    void *user;
+    PacketProtoDecoder_handler_error handler_error;
+    int output_mtu;
+    int buf_size;
+    int buf_start;
+    int buf_used;
+    uint8_t *buf;
+    DebugObject d_obj;
+} PacketProtoDecoder;
+
+/**
+ * Initializes the object.
+ *
+ * @param enc the object
+ * @param input input interface. The decoder will accept packets with payload size up to its MTU
+ *              (but the payload can never be more than PACKETPROTO_MAXPAYLOAD).
+ * @param output output interface
+ * @param pg pending group
+ * @param user argument to handlers
+ * @param handler_error error handler
+ * @return 1 on success, 0 on failure
+ */
+int PacketProtoDecoder_Init (PacketProtoDecoder *enc, StreamRecvInterface *input, PacketPassInterface *output, BPendingGroup *pg, void *user, PacketProtoDecoder_handler_error handler_error) WARN_UNUSED;
+
+/**
+ * Frees the object.
+ *
+ * @param enc the object
+ */
+void PacketProtoDecoder_Free (PacketProtoDecoder *enc);
+
+/**
+ * Clears the internal buffer.
+ * The next data received from the input will be treated as a new
+ * PacketProto stream.
+ *
+ * @param enc the object
+ */
+void PacketProtoDecoder_Reset (PacketProtoDecoder *enc);
+
+#endif
diff --git a/client/3rd/PacketProcessor/PacketProcessor/tun2socks-iOS/flow/PacketProtoEncoder.c b/client/3rd/PacketProcessor/PacketProcessor/tun2socks-iOS/flow/PacketProtoEncoder.c
new file mode 100644
index 00000000..64c542df
--- /dev/null
+++ b/client/3rd/PacketProcessor/PacketProcessor/tun2socks-iOS/flow/PacketProtoEncoder.c
@@ -0,0 +1,101 @@
+/**
+ * @file PacketProtoEncoder.c
+ * @author Ambroz Bizjak <ambrop7@gmail.com>
+ * 
+ * @section LICENSE
+ * 
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions are met:
+ * 1. Redistributions of source code must retain the above copyright
+ *    notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in the
+ *    documentation and/or other materials provided with the distribution.
+ * 3. Neither the name of the author nor the
+ *    names of its contributors may be used to endorse or promote products
+ *    derived from this software without specific prior written permission.
+ * 
+ * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS" AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED
+ * WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE
+ * DISCLAIMED. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY
+ * DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES
+ * (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
+ * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND
+ * ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
+ * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS
+ * SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
+ */
+
+#include <stddef.h>
+#include <string.h>
+
+#include "protocol/packetproto.h"
+#include "misc/balign.h"
+#include "misc/debug.h"
+#include "misc/byteorder.h"
+
+#include "flow/PacketProtoEncoder.h"
+
+static void output_handler_recv (PacketProtoEncoder *enc, uint8_t *data)
+{
+    ASSERT(!enc->output_packet)
+    ASSERT(data)
+    DebugObject_Access(&enc->d_obj);
+    
+    // schedule receive
+    enc->output_packet = data;
+    PacketRecvInterface_Receiver_Recv(enc->input, enc->output_packet + sizeof(struct packetproto_header));
+}
+
+static void input_handler_done (PacketProtoEncoder *enc, int in_len)
+{
+    ASSERT(enc->output_packet)
+    DebugObject_Access(&enc->d_obj);
+    
+    // write length
+    struct packetproto_header pp;
+    pp.len = htol16(in_len);
+    memcpy(enc->output_packet, &pp, sizeof(pp));
+    
+    // finish output packet
+    enc->output_packet = NULL;
+    PacketRecvInterface_Done(&enc->output, PACKETPROTO_ENCLEN(in_len));
+}
+
+void PacketProtoEncoder_Init (PacketProtoEncoder *enc, PacketRecvInterface *input, BPendingGroup *pg)
+{
+    ASSERT(PacketRecvInterface_GetMTU(input) <= PACKETPROTO_MAXPAYLOAD)
+    
+    // init arguments
+    enc->input = input;
+    
+    // init input
+    PacketRecvInterface_Receiver_Init(enc->input, (PacketRecvInterface_handler_done)input_handler_done, enc);
+    
+    // init output
+    PacketRecvInterface_Init(
+        &enc->output, PACKETPROTO_ENCLEN(PacketRecvInterface_GetMTU(enc->input)),
+        (PacketRecvInterface_handler_recv)output_handler_recv, enc, pg
+    );
+    
+    // set no output packet
+    enc->output_packet = NULL;
+    
+    DebugObject_Init(&enc->d_obj);
+}
+
+void PacketProtoEncoder_Free (PacketProtoEncoder *enc)
+{
+    DebugObject_Free(&enc->d_obj);
+
+    // free input
+    PacketRecvInterface_Free(&enc->output);
+}
+
+PacketRecvInterface * PacketProtoEncoder_GetOutput (PacketProtoEncoder *enc)
+{
+    DebugObject_Access(&enc->d_obj);
+    
+    return &enc->output;
+}
diff --git a/client/3rd/PacketProcessor/PacketProcessor/tun2socks-iOS/flow/PacketProtoEncoder.h b/client/3rd/PacketProcessor/PacketProcessor/tun2socks-iOS/flow/PacketProtoEncoder.h
new file mode 100644
index 00000000..c0bf9a2c
--- /dev/null
+++ b/client/3rd/PacketProcessor/PacketProcessor/tun2socks-iOS/flow/PacketProtoEncoder.h
@@ -0,0 +1,80 @@
+/**
+ * @file PacketProtoEncoder.h
+ * @author Ambroz Bizjak <ambrop7@gmail.com>
+ * 
+ * @section LICENSE
+ * 
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions are met:
+ * 1. Redistributions of source code must retain the above copyright
+ *    notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in the
+ *    documentation and/or other materials provided with the distribution.
+ * 3. Neither the name of the author nor the
+ *    names of its contributors may be used to endorse or promote products
+ *    derived from this software without specific prior written permission.
+ * 
+ * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS" AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED
+ * WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE
+ * DISCLAIMED. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY
+ * DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES
+ * (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
+ * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND
+ * ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
+ * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS
+ * SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
+ * 
+ * @section DESCRIPTION
+ * 
+ * Object which encodes packets according to PacketProto.
+ */
+
+#ifndef BADVPN_FLOW_PACKETPROTOENCODER_H
+#define BADVPN_FLOW_PACKETPROTOENCODER_H
+
+#include <stdint.h>
+
+#include "base/DebugObject.h"
+#include "flow/PacketRecvInterface.h"
+
+/**
+ * Object which encodes packets according to PacketProto.
+ *
+ * Input is with {@link PacketRecvInterface}.
+ * Output is with {@link PacketRecvInterface}.
+ */
+typedef struct {
+    PacketRecvInterface *input;
+    PacketRecvInterface output;
+    uint8_t *output_packet;
+    DebugObject d_obj;
+} PacketProtoEncoder;
+
+/**
+ * Initializes the object.
+ *
+ * @param enc the object
+ * @param input input interface. Its MTU must be <=PACKETPROTO_MAXPAYLOAD.
+ * @param pg pending group
+ */
+void PacketProtoEncoder_Init (PacketProtoEncoder *enc, PacketRecvInterface *input, BPendingGroup *pg);
+
+/**
+ * Frees the object.
+ *
+ * @param enc the object
+ */
+void PacketProtoEncoder_Free (PacketProtoEncoder *enc);
+
+/**
+ * Returns the output interface.
+ * The MTU of the output interface is PACKETPROTO_ENCLEN(MTU of input interface).
+ *
+ * @param enc the object
+ * @return output interface
+ */
+PacketRecvInterface * PacketProtoEncoder_GetOutput (PacketProtoEncoder *enc);
+
+#endif
diff --git a/client/3rd/PacketProcessor/PacketProcessor/tun2socks-iOS/flow/PacketProtoFlow.c b/client/3rd/PacketProcessor/PacketProcessor/tun2socks-iOS/flow/PacketProtoFlow.c
new file mode 100644
index 00000000..bb63eb52
--- /dev/null
+++ b/client/3rd/PacketProcessor/PacketProcessor/tun2socks-iOS/flow/PacketProtoFlow.c
@@ -0,0 +1,82 @@
+/**
+ * @file PacketProtoFlow.c
+ * @author Ambroz Bizjak <ambrop7@gmail.com>
+ * 
+ * @section LICENSE
+ * 
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions are met:
+ * 1. Redistributions of source code must retain the above copyright
+ *    notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in the
+ *    documentation and/or other materials provided with the distribution.
+ * 3. Neither the name of the author nor the
+ *    names of its contributors may be used to endorse or promote products
+ *    derived from this software without specific prior written permission.
+ * 
+ * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS" AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED
+ * WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE
+ * DISCLAIMED. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY
+ * DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES
+ * (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
+ * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND
+ * ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
+ * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS
+ * SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
+ */
+
+#include "protocol/packetproto.h"
+#include "misc/debug.h"
+
+#include "flow/PacketProtoFlow.h"
+
+int PacketProtoFlow_Init (PacketProtoFlow *o, int input_mtu, int num_packets, PacketPassInterface *output, BPendingGroup *pg)
+{
+    ASSERT(input_mtu >= 0)
+    ASSERT(input_mtu <= PACKETPROTO_MAXPAYLOAD)
+    ASSERT(num_packets > 0)
+    ASSERT(PacketPassInterface_GetMTU(output) >= PACKETPROTO_ENCLEN(input_mtu))
+    
+    // init async input
+    BufferWriter_Init(&o->ainput, input_mtu, pg);
+    
+    // init encoder
+    PacketProtoEncoder_Init(&o->encoder, BufferWriter_GetOutput(&o->ainput), pg);
+    
+    // init buffer
+    if (!PacketBuffer_Init(&o->buffer, PacketProtoEncoder_GetOutput(&o->encoder), output, num_packets, pg)) {
+        goto fail0;
+    }
+    
+    DebugObject_Init(&o->d_obj);
+    
+    return 1;
+    
+fail0:
+    PacketProtoEncoder_Free(&o->encoder);
+    BufferWriter_Free(&o->ainput);
+    return 0;
+}
+
+void PacketProtoFlow_Free (PacketProtoFlow *o)
+{
+    DebugObject_Free(&o->d_obj);
+    
+    // free buffer
+    PacketBuffer_Free(&o->buffer);
+    
+    // free encoder
+    PacketProtoEncoder_Free(&o->encoder);
+    
+    // free async input
+    BufferWriter_Free(&o->ainput);
+}
+
+BufferWriter * PacketProtoFlow_GetInput (PacketProtoFlow *o)
+{
+    DebugObject_Access(&o->d_obj);
+    
+    return &o->ainput;
+}
diff --git a/client/3rd/PacketProcessor/PacketProcessor/tun2socks-iOS/flow/PacketProtoFlow.h b/client/3rd/PacketProcessor/PacketProcessor/tun2socks-iOS/flow/PacketProtoFlow.h
new file mode 100644
index 00000000..da9b8ec4
--- /dev/null
+++ b/client/3rd/PacketProcessor/PacketProcessor/tun2socks-iOS/flow/PacketProtoFlow.h
@@ -0,0 +1,83 @@
+/**
+ * @file PacketProtoFlow.h
+ * @author Ambroz Bizjak <ambrop7@gmail.com>
+ * 
+ * @section LICENSE
+ * 
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions are met:
+ * 1. Redistributions of source code must retain the above copyright
+ *    notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in the
+ *    documentation and/or other materials provided with the distribution.
+ * 3. Neither the name of the author nor the
+ *    names of its contributors may be used to endorse or promote products
+ *    derived from this software without specific prior written permission.
+ * 
+ * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS" AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED
+ * WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE
+ * DISCLAIMED. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY
+ * DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES
+ * (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
+ * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND
+ * ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
+ * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS
+ * SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
+ * 
+ * @section DESCRIPTION
+ * 
+ * Buffer which encodes packets with PacketProto, with {@link BufferWriter}
+ * input and {@link PacketPassInterface} output.
+ */
+
+#ifndef BADVPN_FLOW_PACKETPROTOFLOW_H
+#define BADVPN_FLOW_PACKETPROTOFLOW_H
+
+#include "misc/debug.h"
+
+#include "base/DebugObject.h"
+#include "flow/BufferWriter.h"
+#include "flow/PacketProtoEncoder.h"
+#include "flow/PacketBuffer.h"
+
+/**
+ * Buffer which encodes packets with PacketProto, with {@link BufferWriter}
+ * input and {@link PacketPassInterface} output.
+ */
+typedef struct {
+    BufferWriter ainput;
+    PacketProtoEncoder encoder;
+    PacketBuffer buffer;
+    DebugObject d_obj;
+} PacketProtoFlow;
+
+/**
+ * Initializes the object.
+ * 
+ * @param o the object
+ * @param input_mtu maximum input packet size. Must be >=0 and <=PACKETPROTO_MAXPAYLOAD.
+ * @param num_packets minimum number of packets the buffer should hold. Must be >0.
+ * @param output output interface. Its MTU must be >=PACKETPROTO_ENCLEN(input_mtu).
+ * @param pg pending group
+ * @return 1 on success, 0 on failure
+ */
+int PacketProtoFlow_Init (PacketProtoFlow *o, int input_mtu, int num_packets, PacketPassInterface *output, BPendingGroup *pg) WARN_UNUSED;
+
+/**
+ * Frees the object.
+ * 
+ * @param o the object
+ */
+void PacketProtoFlow_Free (PacketProtoFlow *o);
+
+/**
+ * Returns the input interface.
+ * 
+ * @param o the object
+ * @return input interface
+ */
+BufferWriter * PacketProtoFlow_GetInput (PacketProtoFlow *o);
+
+#endif
diff --git a/client/3rd/PacketProcessor/PacketProcessor/tun2socks-iOS/flow/PacketRecvInterface.c b/client/3rd/PacketProcessor/PacketProcessor/tun2socks-iOS/flow/PacketRecvInterface.c
new file mode 100644
index 00000000..244fbbfd
--- /dev/null
+++ b/client/3rd/PacketProcessor/PacketProcessor/tun2socks-iOS/flow/PacketRecvInterface.c
@@ -0,0 +1,56 @@
+/**
+ * @file PacketRecvInterface.c
+ * @author Ambroz Bizjak <ambrop7@gmail.com>
+ * 
+ * @section LICENSE
+ * 
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions are met:
+ * 1. Redistributions of source code must retain the above copyright
+ *    notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in the
+ *    documentation and/or other materials provided with the distribution.
+ * 3. Neither the name of the author nor the
+ *    names of its contributors may be used to endorse or promote products
+ *    derived from this software without specific prior written permission.
+ * 
+ * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS" AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED
+ * WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE
+ * DISCLAIMED. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY
+ * DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES
+ * (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
+ * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND
+ * ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
+ * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS
+ * SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
+ */
+
+#include "flow/PacketRecvInterface.h"
+
+void _PacketRecvInterface_job_operation (PacketRecvInterface *i)
+{
+    ASSERT(i->state == PRI_STATE_OPERATION_PENDING)
+    DebugObject_Access(&i->d_obj);
+    
+    // set state
+    i->state = PRI_STATE_BUSY;
+    
+    // call handler
+    i->handler_operation(i->user_provider, i->job_operation_data);
+    return;
+}
+
+void _PacketRecvInterface_job_done (PacketRecvInterface *i)
+{
+    ASSERT(i->state == PRI_STATE_DONE_PENDING)
+    DebugObject_Access(&i->d_obj);
+    
+    // set state
+    i->state = PRI_STATE_NONE;
+    
+    // call handler
+    i->handler_done(i->user_user, i->job_done_len);
+    return;
+}
diff --git a/client/3rd/PacketProcessor/PacketProcessor/tun2socks-iOS/flow/PacketRecvInterface.h b/client/3rd/PacketProcessor/PacketProcessor/tun2socks-iOS/flow/PacketRecvInterface.h
new file mode 100644
index 00000000..9dcc34eb
--- /dev/null
+++ b/client/3rd/PacketProcessor/PacketProcessor/tun2socks-iOS/flow/PacketRecvInterface.h
@@ -0,0 +1,170 @@
+/**
+ * @file PacketRecvInterface.h
+ * @author Ambroz Bizjak <ambrop7@gmail.com>
+ * 
+ * @section LICENSE
+ * 
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions are met:
+ * 1. Redistributions of source code must retain the above copyright
+ *    notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in the
+ *    documentation and/or other materials provided with the distribution.
+ * 3. Neither the name of the author nor the
+ *    names of its contributors may be used to endorse or promote products
+ *    derived from this software without specific prior written permission.
+ * 
+ * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS" AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED
+ * WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE
+ * DISCLAIMED. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY
+ * DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES
+ * (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
+ * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND
+ * ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
+ * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS
+ * SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
+ * 
+ * @section DESCRIPTION
+ * 
+ * Interface allowing a packet receiver to receive data packets from a packet sender.
+ */
+
+#ifndef BADVPN_FLOW_PACKETRECVINTERFACE_H
+#define BADVPN_FLOW_PACKETRECVINTERFACE_H
+
+#include <stdint.h>
+#include <stddef.h>
+
+#include "misc/debug.h"
+#include "base/DebugObject.h"
+#include "base/BPending.h"
+
+#define PRI_STATE_NONE 1
+#define PRI_STATE_OPERATION_PENDING 2
+#define PRI_STATE_BUSY 3
+#define PRI_STATE_DONE_PENDING 4
+
+typedef void (*PacketRecvInterface_handler_recv) (void *user, uint8_t *data);
+
+typedef void (*PacketRecvInterface_handler_done) (void *user, int data_len);
+
+typedef struct {
+    // provider data
+    int mtu;
+    PacketRecvInterface_handler_recv handler_operation;
+    void *user_provider;
+
+    // user data
+    PacketRecvInterface_handler_done handler_done;
+    void *user_user;
+    
+    // operation job
+    BPending job_operation;
+    uint8_t *job_operation_data;
+    
+    // done job
+    BPending job_done;
+    int job_done_len;
+    
+    // state
+    int state;
+    
+    DebugObject d_obj;
+} PacketRecvInterface;
+
+static void PacketRecvInterface_Init (PacketRecvInterface *i, int mtu, PacketRecvInterface_handler_recv handler_operation, void *user, BPendingGroup *pg);
+
+static void PacketRecvInterface_Free (PacketRecvInterface *i);
+
+static void PacketRecvInterface_Done (PacketRecvInterface *i, int data_len);
+
+static int PacketRecvInterface_GetMTU (PacketRecvInterface *i);
+
+static void PacketRecvInterface_Receiver_Init (PacketRecvInterface *i, PacketRecvInterface_handler_done handler_done, void *user);
+
+static void PacketRecvInterface_Receiver_Recv (PacketRecvInterface *i, uint8_t *data);
+
+void _PacketRecvInterface_job_operation (PacketRecvInterface *i);
+void _PacketRecvInterface_job_done (PacketRecvInterface *i);
+
+void PacketRecvInterface_Init (PacketRecvInterface *i, int mtu, PacketRecvInterface_handler_recv handler_operation, void *user, BPendingGroup *pg)
+{
+    ASSERT(mtu >= 0)
+    
+    // init arguments
+    i->mtu = mtu;
+    i->handler_operation = handler_operation;
+    i->user_provider = user;
+    
+    // set no user
+    i->handler_done = NULL;
+    
+    // init jobs
+    BPending_Init(&i->job_operation, pg, (BPending_handler)_PacketRecvInterface_job_operation, i);
+    BPending_Init(&i->job_done, pg, (BPending_handler)_PacketRecvInterface_job_done, i);
+    
+    // set state
+    i->state = PRI_STATE_NONE;
+    
+    DebugObject_Init(&i->d_obj);
+}
+
+void PacketRecvInterface_Free (PacketRecvInterface *i)
+{
+    DebugObject_Free(&i->d_obj);
+    
+    // free jobs
+    BPending_Free(&i->job_done);
+    BPending_Free(&i->job_operation);
+}
+
+void PacketRecvInterface_Done (PacketRecvInterface *i, int data_len)
+{
+    ASSERT(data_len >= 0)
+    ASSERT(data_len <= i->mtu)
+    ASSERT(i->state == PRI_STATE_BUSY)
+    DebugObject_Access(&i->d_obj);
+    
+    // schedule done
+    i->job_done_len = data_len;
+    BPending_Set(&i->job_done);
+    
+    // set state
+    i->state = PRI_STATE_DONE_PENDING;
+}
+
+int PacketRecvInterface_GetMTU (PacketRecvInterface *i)
+{
+    DebugObject_Access(&i->d_obj);
+    
+    return i->mtu;
+}
+
+void PacketRecvInterface_Receiver_Init (PacketRecvInterface *i, PacketRecvInterface_handler_done handler_done, void *user)
+{
+    ASSERT(handler_done)
+    ASSERT(!i->handler_done)
+    DebugObject_Access(&i->d_obj);
+    
+    i->handler_done = handler_done;
+    i->user_user = user;
+}
+
+void PacketRecvInterface_Receiver_Recv (PacketRecvInterface *i, uint8_t *data)
+{
+    ASSERT(!(i->mtu > 0) || data)
+    ASSERT(i->state == PRI_STATE_NONE)
+    ASSERT(i->handler_done)
+    DebugObject_Access(&i->d_obj);
+    
+    // schedule operation
+    i->job_operation_data = data;
+    BPending_Set(&i->job_operation);
+    
+    // set state
+    i->state = PRI_STATE_OPERATION_PENDING;
+}
+
+#endif
diff --git a/client/3rd/PacketProcessor/PacketProcessor/tun2socks-iOS/flow/PacketStreamSender.c b/client/3rd/PacketProcessor/PacketProcessor/tun2socks-iOS/flow/PacketStreamSender.c
new file mode 100644
index 00000000..6a5eebdd
--- /dev/null
+++ b/client/3rd/PacketProcessor/PacketProcessor/tun2socks-iOS/flow/PacketStreamSender.c
@@ -0,0 +1,111 @@
+/**
+ * @file PacketStreamSender.c
+ * @author Ambroz Bizjak <ambrop7@gmail.com>
+ * 
+ * @section LICENSE
+ * 
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions are met:
+ * 1. Redistributions of source code must retain the above copyright
+ *    notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in the
+ *    documentation and/or other materials provided with the distribution.
+ * 3. Neither the name of the author nor the
+ *    names of its contributors may be used to endorse or promote products
+ *    derived from this software without specific prior written permission.
+ * 
+ * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS" AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED
+ * WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE
+ * DISCLAIMED. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY
+ * DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES
+ * (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
+ * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND
+ * ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
+ * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS
+ * SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
+ */
+
+#include <stdlib.h>
+
+#include "misc/debug.h"
+
+#include "flow/PacketStreamSender.h"
+
+static void send_data (PacketStreamSender *s)
+{
+    ASSERT(s->in_len >= 0)
+    
+    if (s->in_used < s->in_len) {
+        // send more data
+        StreamPassInterface_Sender_Send(s->output, s->in + s->in_used, s->in_len - s->in_used);
+    } else {
+        // finish input packet
+        s->in_len = -1;
+        PacketPassInterface_Done(&s->input);
+    }
+}
+
+static void input_handler_send (PacketStreamSender *s, uint8_t *data, int data_len)
+{
+    ASSERT(s->in_len == -1)
+    ASSERT(data_len >= 0)
+    DebugObject_Access(&s->d_obj);
+    
+    // set input packet
+    s->in_len = data_len;
+    s->in = data;
+    s->in_used = 0;
+    
+    // send
+    send_data(s);
+}
+
+static void output_handler_done (PacketStreamSender *s, int data_len)
+{
+    ASSERT(s->in_len >= 0)
+    ASSERT(data_len > 0)
+    ASSERT(data_len <= s->in_len - s->in_used)
+    DebugObject_Access(&s->d_obj);
+    
+    // update number of bytes sent
+    s->in_used += data_len;
+    
+    // send
+    send_data(s);
+}
+
+void PacketStreamSender_Init (PacketStreamSender *s, StreamPassInterface *output, int mtu, BPendingGroup *pg)
+{
+    ASSERT(mtu >= 0)
+    
+    // init arguments
+    s->output = output;
+    
+    // init input
+    PacketPassInterface_Init(&s->input, mtu, (PacketPassInterface_handler_send)input_handler_send, s, pg);
+    
+    // init output
+    StreamPassInterface_Sender_Init(s->output, (StreamPassInterface_handler_done)output_handler_done, s);
+    
+    // have no input packet
+    s->in_len = -1;
+    
+    DebugObject_Init(&s->d_obj);
+}
+
+void PacketStreamSender_Free (PacketStreamSender *s)
+{
+    DebugObject_Free(&s->d_obj);
+    
+    // free input
+    PacketPassInterface_Free(&s->input);
+}
+
+PacketPassInterface * PacketStreamSender_GetInput (PacketStreamSender *s)
+{
+    DebugObject_Access(&s->d_obj);
+    
+    return &s->input;
+}
diff --git a/client/3rd/PacketProcessor/PacketProcessor/tun2socks-iOS/flow/PacketStreamSender.h b/client/3rd/PacketProcessor/PacketProcessor/tun2socks-iOS/flow/PacketStreamSender.h
new file mode 100644
index 00000000..53bdb2cb
--- /dev/null
+++ b/client/3rd/PacketProcessor/PacketProcessor/tun2socks-iOS/flow/PacketStreamSender.h
@@ -0,0 +1,83 @@
+/**
+ * @file PacketStreamSender.h
+ * @author Ambroz Bizjak <ambrop7@gmail.com>
+ * 
+ * @section LICENSE
+ * 
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions are met:
+ * 1. Redistributions of source code must retain the above copyright
+ *    notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in the
+ *    documentation and/or other materials provided with the distribution.
+ * 3. Neither the name of the author nor the
+ *    names of its contributors may be used to endorse or promote products
+ *    derived from this software without specific prior written permission.
+ * 
+ * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS" AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED
+ * WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE
+ * DISCLAIMED. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY
+ * DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES
+ * (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
+ * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND
+ * ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
+ * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS
+ * SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
+ * 
+ * @section DESCRIPTION
+ * 
+ * Object which forwards packets obtained with {@link PacketPassInterface}
+ * as a stream with {@link StreamPassInterface} (i.e. it concatenates them).
+ */
+
+#ifndef BADVPN_FLOW_PACKETSTREAMSENDER_H
+#define BADVPN_FLOW_PACKETSTREAMSENDER_H
+
+#include <stdint.h>
+
+#include "base/DebugObject.h"
+#include "flow/PacketPassInterface.h"
+#include "flow/StreamPassInterface.h"
+
+/**
+ * Object which forwards packets obtained with {@link PacketPassInterface}
+ * as a stream with {@link StreamPassInterface} (i.e. it concatenates them).
+ */
+typedef struct {
+    DebugObject d_obj;
+    PacketPassInterface input;
+    StreamPassInterface *output;
+    int in_len;
+    uint8_t *in;
+    int in_used;
+} PacketStreamSender;
+
+/**
+ * Initializes the object.
+ *
+ * @param s the object
+ * @param output output interface
+ * @param mtu input MTU. Must be >=0.
+ * @param pg pending group
+ */
+void PacketStreamSender_Init (PacketStreamSender *s, StreamPassInterface *output, int mtu, BPendingGroup *pg);
+
+/**
+ * Frees the object.
+ *
+ * @param s the object
+ */
+void PacketStreamSender_Free (PacketStreamSender *s);
+
+/**
+ * Returns the input interface.
+ * Its MTU will be as in {@link PacketStreamSender_Init}.
+ *
+ * @param s the object
+ * @return input interface
+ */
+PacketPassInterface * PacketStreamSender_GetInput (PacketStreamSender *s);
+
+#endif
diff --git a/client/3rd/PacketProcessor/PacketProcessor/tun2socks-iOS/flow/SinglePacketBuffer.c b/client/3rd/PacketProcessor/PacketProcessor/tun2socks-iOS/flow/SinglePacketBuffer.c
new file mode 100644
index 00000000..3e5d886c
--- /dev/null
+++ b/client/3rd/PacketProcessor/PacketProcessor/tun2socks-iOS/flow/SinglePacketBuffer.c
@@ -0,0 +1,87 @@
+/**
+ * @file SinglePacketBuffer.c
+ * @author Ambroz Bizjak <ambrop7@gmail.com>
+ * 
+ * @section LICENSE
+ * 
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions are met:
+ * 1. Redistributions of source code must retain the above copyright
+ *    notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in the
+ *    documentation and/or other materials provided with the distribution.
+ * 3. Neither the name of the author nor the
+ *    names of its contributors may be used to endorse or promote products
+ *    derived from this software without specific prior written permission.
+ * 
+ * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS" AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED
+ * WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE
+ * DISCLAIMED. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY
+ * DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES
+ * (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
+ * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND
+ * ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
+ * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS
+ * SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
+ */
+
+#include <stdlib.h>
+
+#include "misc/debug.h"
+#include "misc/balloc.h"
+
+#include "flow/SinglePacketBuffer.h"
+
+static void input_handler_done (SinglePacketBuffer *o, int in_len)
+{
+    DebugObject_Access(&o->d_obj);
+    
+    PacketPassInterface_Sender_Send(o->output, o->buf, in_len);
+}
+
+static void output_handler_done (SinglePacketBuffer *o)
+{
+    DebugObject_Access(&o->d_obj);
+    
+    PacketRecvInterface_Receiver_Recv(o->input, o->buf);
+}
+
+int SinglePacketBuffer_Init (SinglePacketBuffer *o, PacketRecvInterface *input, PacketPassInterface *output, BPendingGroup *pg) 
+{
+    ASSERT(PacketPassInterface_GetMTU(output) >= PacketRecvInterface_GetMTU(input))
+    
+    // init arguments
+    o->input = input;
+    o->output = output;
+    
+    // init input
+    PacketRecvInterface_Receiver_Init(o->input, (PacketRecvInterface_handler_done)input_handler_done, o);
+    
+    // init output
+    PacketPassInterface_Sender_Init(o->output, (PacketPassInterface_handler_done)output_handler_done, o);
+    
+    // init buffer
+    if (!(o->buf = (uint8_t *)BAlloc(PacketRecvInterface_GetMTU(o->input)))) {
+        goto fail1;
+    }
+    
+    // schedule receive
+    PacketRecvInterface_Receiver_Recv(o->input, o->buf);
+    
+    DebugObject_Init(&o->d_obj);
+    
+    return 1;
+    
+fail1:
+    return 0;
+}
+
+void SinglePacketBuffer_Free (SinglePacketBuffer *o)
+{
+    DebugObject_Free(&o->d_obj);
+    
+    // free buffer
+    BFree(o->buf);
+}
diff --git a/client/3rd/PacketProcessor/PacketProcessor/tun2socks-iOS/flow/SinglePacketBuffer.h b/client/3rd/PacketProcessor/PacketProcessor/tun2socks-iOS/flow/SinglePacketBuffer.h
new file mode 100644
index 00000000..bbbd6794
--- /dev/null
+++ b/client/3rd/PacketProcessor/PacketProcessor/tun2socks-iOS/flow/SinglePacketBuffer.h
@@ -0,0 +1,75 @@
+/**
+ * @file SinglePacketBuffer.h
+ * @author Ambroz Bizjak <ambrop7@gmail.com>
+ * 
+ * @section LICENSE
+ * 
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions are met:
+ * 1. Redistributions of source code must retain the above copyright
+ *    notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in the
+ *    documentation and/or other materials provided with the distribution.
+ * 3. Neither the name of the author nor the
+ *    names of its contributors may be used to endorse or promote products
+ *    derived from this software without specific prior written permission.
+ * 
+ * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS" AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED
+ * WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE
+ * DISCLAIMED. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY
+ * DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES
+ * (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
+ * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND
+ * ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
+ * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS
+ * SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
+ * 
+ * @section DESCRIPTION
+ * 
+ * Packet buffer with {@link PacketRecvInterface} input and {@link PacketPassInterface} output
+ * than can store only a single packet.
+ */
+
+#ifndef BADVPN_FLOW_SINGLEPACKETBUFFER_H
+#define BADVPN_FLOW_SINGLEPACKETBUFFER_H
+
+#include <stdint.h>
+
+#include "misc/debug.h"
+#include "base/DebugObject.h"
+#include "flow/PacketRecvInterface.h"
+#include "flow/PacketPassInterface.h"
+
+/**
+ * Packet buffer with {@link PacketRecvInterface} input and {@link PacketPassInterface} output
+ * than can store only a single packet.
+ */
+typedef struct {
+    DebugObject d_obj;
+    PacketRecvInterface *input;
+    PacketPassInterface *output;
+    uint8_t *buf;
+} SinglePacketBuffer;
+
+/**
+ * Initializes the object.
+ * Output MTU must be >= input MTU.
+ *
+ * @param o the object
+ * @param input input interface
+ * @param output output interface
+ * @param pg pending group
+ * @return 1 on success, 0 on failure
+ */
+int SinglePacketBuffer_Init (SinglePacketBuffer *o, PacketRecvInterface *input, PacketPassInterface *output, BPendingGroup *pg) WARN_UNUSED;
+
+/**
+ * Frees the object
+ *
+ * @param o the object
+ */
+void SinglePacketBuffer_Free (SinglePacketBuffer *o);
+
+#endif
diff --git a/client/3rd/PacketProcessor/PacketProcessor/tun2socks-iOS/flow/StreamPassInterface.c b/client/3rd/PacketProcessor/PacketProcessor/tun2socks-iOS/flow/StreamPassInterface.c
new file mode 100644
index 00000000..1c57f565
--- /dev/null
+++ b/client/3rd/PacketProcessor/PacketProcessor/tun2socks-iOS/flow/StreamPassInterface.c
@@ -0,0 +1,56 @@
+/**
+ * @file StreamPassInterface.c
+ * @author Ambroz Bizjak <ambrop7@gmail.com>
+ * 
+ * @section LICENSE
+ * 
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions are met:
+ * 1. Redistributions of source code must retain the above copyright
+ *    notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in the
+ *    documentation and/or other materials provided with the distribution.
+ * 3. Neither the name of the author nor the
+ *    names of its contributors may be used to endorse or promote products
+ *    derived from this software without specific prior written permission.
+ * 
+ * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS" AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED
+ * WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE
+ * DISCLAIMED. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY
+ * DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES
+ * (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
+ * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND
+ * ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
+ * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS
+ * SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
+ */
+
+#include "flow/StreamPassInterface.h"
+
+void _StreamPassInterface_job_operation (StreamPassInterface *i)
+{
+    ASSERT(i->state == SPI_STATE_OPERATION_PENDING)
+    DebugObject_Access(&i->d_obj);
+    
+    // set state
+    i->state = SPI_STATE_BUSY;
+    
+    // call handler
+    i->handler_operation(i->user_provider, i->job_operation_data, i->job_operation_len);
+    return;
+}
+
+void _StreamPassInterface_job_done (StreamPassInterface *i)
+{
+    ASSERT(i->state == SPI_STATE_DONE_PENDING)
+    DebugObject_Access(&i->d_obj);
+    
+    // set state
+    i->state = SPI_STATE_NONE;
+    
+    // call handler
+    i->handler_done(i->user_user, i->job_done_len);
+    return;
+}
diff --git a/client/3rd/PacketProcessor/PacketProcessor/tun2socks-iOS/flow/StreamPassInterface.h b/client/3rd/PacketProcessor/PacketProcessor/tun2socks-iOS/flow/StreamPassInterface.h
new file mode 100644
index 00000000..69e1064e
--- /dev/null
+++ b/client/3rd/PacketProcessor/PacketProcessor/tun2socks-iOS/flow/StreamPassInterface.h
@@ -0,0 +1,165 @@
+/**
+ * @file StreamPassInterface.h
+ * @author Ambroz Bizjak <ambrop7@gmail.com>
+ * 
+ * @section LICENSE
+ * 
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions are met:
+ * 1. Redistributions of source code must retain the above copyright
+ *    notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in the
+ *    documentation and/or other materials provided with the distribution.
+ * 3. Neither the name of the author nor the
+ *    names of its contributors may be used to endorse or promote products
+ *    derived from this software without specific prior written permission.
+ * 
+ * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS" AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED
+ * WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE
+ * DISCLAIMED. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY
+ * DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES
+ * (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
+ * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND
+ * ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
+ * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS
+ * SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
+ * 
+ * @section DESCRIPTION
+ * 
+ * Interface allowing a stream sender to pass stream data to a stream receiver.
+ * 
+ * Note that this interface behaves exactly the same and has the same code as
+ * {@link StreamRecvInterface} if names and its external semantics are disregarded.
+ * If you modify this file, you should probably modify {@link StreamRecvInterface}
+ * too.
+ */
+
+#ifndef BADVPN_FLOW_STREAMPASSINTERFACE_H
+#define BADVPN_FLOW_STREAMPASSINTERFACE_H
+
+#include <stdint.h>
+#include <stddef.h>
+
+#include "misc/debug.h"
+#include "base/DebugObject.h"
+#include "base/BPending.h"
+
+#define SPI_STATE_NONE 1
+#define SPI_STATE_OPERATION_PENDING 2
+#define SPI_STATE_BUSY 3
+#define SPI_STATE_DONE_PENDING 4
+
+typedef void (*StreamPassInterface_handler_send) (void *user, uint8_t *data, int data_len);
+
+typedef void (*StreamPassInterface_handler_done) (void *user, int data_len);
+
+typedef struct {
+    // provider data
+    StreamPassInterface_handler_send handler_operation;
+    void *user_provider;
+    
+    // user data
+    StreamPassInterface_handler_done handler_done;
+    void *user_user;
+    
+    // operation job
+    BPending job_operation;
+    uint8_t *job_operation_data;
+    int job_operation_len;
+    
+    // done job
+    BPending job_done;
+    int job_done_len;
+    
+    // state
+    int state;
+    
+    DebugObject d_obj;
+} StreamPassInterface;
+
+static void StreamPassInterface_Init (StreamPassInterface *i, StreamPassInterface_handler_send handler_operation, void *user, BPendingGroup *pg);
+
+static void StreamPassInterface_Free (StreamPassInterface *i);
+
+static void StreamPassInterface_Done (StreamPassInterface *i, int data_len);
+
+static void StreamPassInterface_Sender_Init (StreamPassInterface *i, StreamPassInterface_handler_done handler_done, void *user);
+
+static void StreamPassInterface_Sender_Send (StreamPassInterface *i, uint8_t *data, int data_len);
+
+void _StreamPassInterface_job_operation (StreamPassInterface *i);
+void _StreamPassInterface_job_done (StreamPassInterface *i);
+
+void StreamPassInterface_Init (StreamPassInterface *i, StreamPassInterface_handler_send handler_operation, void *user, BPendingGroup *pg)
+{
+    // init arguments
+    i->handler_operation = handler_operation;
+    i->user_provider = user;
+    
+    // set no user
+    i->handler_done = NULL;
+    
+    // init jobs
+    BPending_Init(&i->job_operation, pg, (BPending_handler)_StreamPassInterface_job_operation, i);
+    BPending_Init(&i->job_done, pg, (BPending_handler)_StreamPassInterface_job_done, i);
+    
+    // set state
+    i->state = SPI_STATE_NONE;
+    
+    DebugObject_Init(&i->d_obj);
+}
+
+void StreamPassInterface_Free (StreamPassInterface *i)
+{
+    DebugObject_Free(&i->d_obj);
+    
+    // free jobs
+    BPending_Free(&i->job_done);
+    BPending_Free(&i->job_operation);
+}
+
+void StreamPassInterface_Done (StreamPassInterface *i, int data_len)
+{
+    ASSERT(i->state == SPI_STATE_BUSY)
+    ASSERT(data_len > 0)
+    ASSERT(data_len <= i->job_operation_len)
+    DebugObject_Access(&i->d_obj);
+    
+    // schedule done
+    i->job_done_len = data_len;
+    BPending_Set(&i->job_done);
+    
+    // set state
+    i->state = SPI_STATE_DONE_PENDING;
+}
+
+void StreamPassInterface_Sender_Init (StreamPassInterface *i, StreamPassInterface_handler_done handler_done, void *user)
+{
+    ASSERT(handler_done)
+    ASSERT(!i->handler_done)
+    DebugObject_Access(&i->d_obj);
+    
+    i->handler_done = handler_done;
+    i->user_user = user;
+}
+
+void StreamPassInterface_Sender_Send (StreamPassInterface *i, uint8_t *data, int data_len)
+{
+    ASSERT(data_len > 0)
+    ASSERT(data)
+    ASSERT(i->state == SPI_STATE_NONE)
+    ASSERT(i->handler_done)
+    DebugObject_Access(&i->d_obj);
+    
+    // schedule operation
+    i->job_operation_data = data;
+    i->job_operation_len = data_len;
+    BPending_Set(&i->job_operation);
+    
+    // set state
+    i->state = SPI_STATE_OPERATION_PENDING;
+}
+
+#endif
diff --git a/client/3rd/PacketProcessor/PacketProcessor/tun2socks-iOS/flow/StreamRecvInterface.c b/client/3rd/PacketProcessor/PacketProcessor/tun2socks-iOS/flow/StreamRecvInterface.c
new file mode 100644
index 00000000..0b7820dc
--- /dev/null
+++ b/client/3rd/PacketProcessor/PacketProcessor/tun2socks-iOS/flow/StreamRecvInterface.c
@@ -0,0 +1,56 @@
+/**
+ * @file StreamRecvInterface.c
+ * @author Ambroz Bizjak <ambrop7@gmail.com>
+ * 
+ * @section LICENSE
+ * 
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions are met:
+ * 1. Redistributions of source code must retain the above copyright
+ *    notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in the
+ *    documentation and/or other materials provided with the distribution.
+ * 3. Neither the name of the author nor the
+ *    names of its contributors may be used to endorse or promote products
+ *    derived from this software without specific prior written permission.
+ * 
+ * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS" AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED
+ * WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE
+ * DISCLAIMED. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY
+ * DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES
+ * (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
+ * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND
+ * ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
+ * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS
+ * SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
+ */
+
+#include "flow/StreamRecvInterface.h"
+
+void _StreamRecvInterface_job_operation (StreamRecvInterface *i)
+{
+    ASSERT(i->state == SRI_STATE_OPERATION_PENDING)
+    DebugObject_Access(&i->d_obj);
+    
+    // set state
+    i->state = SRI_STATE_BUSY;
+    
+    // call handler
+    i->handler_operation(i->user_provider, i->job_operation_data, i->job_operation_len);
+    return;
+}
+
+void _StreamRecvInterface_job_done (StreamRecvInterface *i)
+{
+    ASSERT(i->state == SRI_STATE_DONE_PENDING)
+    DebugObject_Access(&i->d_obj);
+    
+    // set state
+    i->state = SRI_STATE_NONE;
+    
+    // call handler
+    i->handler_done(i->user_user, i->job_done_len);
+    return;
+}
diff --git a/client/3rd/PacketProcessor/PacketProcessor/tun2socks-iOS/flow/StreamRecvInterface.h b/client/3rd/PacketProcessor/PacketProcessor/tun2socks-iOS/flow/StreamRecvInterface.h
new file mode 100644
index 00000000..b50f5a39
--- /dev/null
+++ b/client/3rd/PacketProcessor/PacketProcessor/tun2socks-iOS/flow/StreamRecvInterface.h
@@ -0,0 +1,165 @@
+/**
+ * @file StreamRecvInterface.h
+ * @author Ambroz Bizjak <ambrop7@gmail.com>
+ * 
+ * @section LICENSE
+ * 
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions are met:
+ * 1. Redistributions of source code must retain the above copyright
+ *    notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in the
+ *    documentation and/or other materials provided with the distribution.
+ * 3. Neither the name of the author nor the
+ *    names of its contributors may be used to endorse or promote products
+ *    derived from this software without specific prior written permission.
+ * 
+ * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS" AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED
+ * WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE
+ * DISCLAIMED. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY
+ * DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES
+ * (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
+ * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND
+ * ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
+ * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS
+ * SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
+ * 
+ * @section DESCRIPTION
+ * 
+ * Interface allowing a stream receiver to receive stream data from a stream sender.
+ * 
+ * Note that this interface behaves exactly the same and has the same code as
+ * {@link StreamPassInterface} if names and its external semantics are disregarded.
+ * If you modify this file, you should probably modify {@link StreamPassInterface}
+ * too.
+ */
+
+#ifndef BADVPN_FLOW_STREAMRECVINTERFACE_H
+#define BADVPN_FLOW_STREAMRECVINTERFACE_H
+
+#include <stdint.h>
+#include <stddef.h>
+
+#include "misc/debug.h"
+#include "base/DebugObject.h"
+#include "base/BPending.h"
+
+#define SRI_STATE_NONE 1
+#define SRI_STATE_OPERATION_PENDING 2
+#define SRI_STATE_BUSY 3
+#define SRI_STATE_DONE_PENDING 4
+
+typedef void (*StreamRecvInterface_handler_recv) (void *user, uint8_t *data, int data_len);
+
+typedef void (*StreamRecvInterface_handler_done) (void *user, int data_len);
+
+typedef struct {
+    // provider data
+    StreamRecvInterface_handler_recv handler_operation;
+    void *user_provider;
+    
+    // user data
+    StreamRecvInterface_handler_done handler_done;
+    void *user_user;
+    
+    // operation job
+    BPending job_operation;
+    uint8_t *job_operation_data;
+    int job_operation_len;
+    
+    // done job
+    BPending job_done;
+    int job_done_len;
+    
+    // state
+    int state;
+    
+    DebugObject d_obj;
+} StreamRecvInterface;
+
+static void StreamRecvInterface_Init (StreamRecvInterface *i, StreamRecvInterface_handler_recv handler_operation, void *user, BPendingGroup *pg);
+
+static void StreamRecvInterface_Free (StreamRecvInterface *i);
+
+static void StreamRecvInterface_Done (StreamRecvInterface *i, int data_len);
+
+static void StreamRecvInterface_Receiver_Init (StreamRecvInterface *i, StreamRecvInterface_handler_done handler_done, void *user);
+
+static void StreamRecvInterface_Receiver_Recv (StreamRecvInterface *i, uint8_t *data, int data_len);
+
+void _StreamRecvInterface_job_operation (StreamRecvInterface *i);
+void _StreamRecvInterface_job_done (StreamRecvInterface *i);
+
+void StreamRecvInterface_Init (StreamRecvInterface *i, StreamRecvInterface_handler_recv handler_operation, void *user, BPendingGroup *pg)
+{
+    // init arguments
+    i->handler_operation = handler_operation;
+    i->user_provider = user;
+    
+    // set no user
+    i->handler_done = NULL;
+    
+    // init jobs
+    BPending_Init(&i->job_operation, pg, (BPending_handler)_StreamRecvInterface_job_operation, i);
+    BPending_Init(&i->job_done, pg, (BPending_handler)_StreamRecvInterface_job_done, i);
+    
+    // set state
+    i->state = SRI_STATE_NONE;
+    
+    DebugObject_Init(&i->d_obj);
+}
+
+void StreamRecvInterface_Free (StreamRecvInterface *i)
+{
+    DebugObject_Free(&i->d_obj);
+    
+    // free jobs
+    BPending_Free(&i->job_done);
+    BPending_Free(&i->job_operation);
+}
+
+void StreamRecvInterface_Done (StreamRecvInterface *i, int data_len)
+{
+    ASSERT(i->state == SRI_STATE_BUSY)
+    ASSERT(data_len > 0)
+    ASSERT(data_len <= i->job_operation_len)
+    DebugObject_Access(&i->d_obj);
+    
+    // schedule done
+    i->job_done_len = data_len;
+    BPending_Set(&i->job_done);
+    
+    // set state
+    i->state = SRI_STATE_DONE_PENDING;
+}
+
+void StreamRecvInterface_Receiver_Init (StreamRecvInterface *i, StreamRecvInterface_handler_done handler_done, void *user)
+{
+    ASSERT(handler_done)
+    ASSERT(!i->handler_done)
+    DebugObject_Access(&i->d_obj);
+    
+    i->handler_done = handler_done;
+    i->user_user = user;
+}
+
+void StreamRecvInterface_Receiver_Recv (StreamRecvInterface *i, uint8_t *data, int data_len)
+{
+    ASSERT(data_len > 0)
+    ASSERT(data)
+    ASSERT(i->state == SRI_STATE_NONE)
+    ASSERT(i->handler_done)
+    DebugObject_Access(&i->d_obj);
+    
+    // schedule operation
+    i->job_operation_data = data;
+    i->job_operation_len = data_len;
+    BPending_Set(&i->job_operation);
+    
+    // set state
+    i->state = SRI_STATE_OPERATION_PENDING;
+}
+
+#endif
diff --git a/client/3rd/PacketProcessor/PacketProcessor/tun2socks-iOS/flowextra/PacketPassInactivityMonitor.c b/client/3rd/PacketProcessor/PacketProcessor/tun2socks-iOS/flowextra/PacketPassInactivityMonitor.c
new file mode 100644
index 00000000..6531fe01
--- /dev/null
+++ b/client/3rd/PacketProcessor/PacketProcessor/tun2socks-iOS/flowextra/PacketPassInactivityMonitor.c
@@ -0,0 +1,131 @@
+/**
+ * @file PacketPassInactivityMonitor.c
+ * @author Ambroz Bizjak <ambrop7@gmail.com>
+ * 
+ * @section LICENSE
+ * 
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions are met:
+ * 1. Redistributions of source code must retain the above copyright
+ *    notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in the
+ *    documentation and/or other materials provided with the distribution.
+ * 3. Neither the name of the author nor the
+ *    names of its contributors may be used to endorse or promote products
+ *    derived from this software without specific prior written permission.
+ * 
+ * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS" AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED
+ * WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE
+ * DISCLAIMED. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY
+ * DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES
+ * (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
+ * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND
+ * ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
+ * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS
+ * SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
+ */
+
+#include "PacketPassInactivityMonitor.h"
+
+static void input_handler_send (PacketPassInactivityMonitor *o, uint8_t *data, int data_len)
+{
+    DebugObject_Access(&o->d_obj);
+    
+    // schedule send
+    PacketPassInterface_Sender_Send(o->output, data, data_len);
+    
+    // stop timer
+    BReactor_RemoveTimer(o->reactor, &o->timer);
+}
+
+static void input_handler_requestcancel (PacketPassInactivityMonitor *o)
+{
+    DebugObject_Access(&o->d_obj);
+    
+    // request cancel
+    PacketPassInterface_Sender_RequestCancel(o->output);
+}
+
+static void output_handler_done (PacketPassInactivityMonitor *o)
+{
+    DebugObject_Access(&o->d_obj);
+    
+    // output no longer busy, restart timer
+    BReactor_SetTimer(o->reactor, &o->timer);
+    
+    // call done
+    PacketPassInterface_Done(&o->input);
+}
+
+static void timer_handler (PacketPassInactivityMonitor *o)
+{
+    DebugObject_Access(&o->d_obj);
+    
+    // restart timer
+    BReactor_SetTimer(o->reactor, &o->timer);
+    
+    // call handler
+    if (o->handler) {
+        o->handler(o->user);
+        return;
+    }
+}
+
+void PacketPassInactivityMonitor_Init (PacketPassInactivityMonitor *o, PacketPassInterface *output, BReactor *reactor, btime_t interval, PacketPassInactivityMonitor_handler handler, void *user)
+{
+    // init arguments
+    o->output = output;
+    o->reactor = reactor;
+    o->handler = handler;
+    o->user = user;
+    
+    // init input
+    PacketPassInterface_Init(&o->input, PacketPassInterface_GetMTU(o->output), (PacketPassInterface_handler_send)input_handler_send, o, BReactor_PendingGroup(o->reactor));
+    if (PacketPassInterface_HasCancel(o->output)) {
+        PacketPassInterface_EnableCancel(&o->input, (PacketPassInterface_handler_requestcancel)input_handler_requestcancel);
+    }
+    
+    // init output
+    PacketPassInterface_Sender_Init(o->output, (PacketPassInterface_handler_done)output_handler_done, o);
+    
+    // init timer
+    BTimer_Init(&o->timer, interval, (BTimer_handler)timer_handler, o);
+    BReactor_SetTimer(o->reactor, &o->timer);
+    
+    DebugObject_Init(&o->d_obj);
+}
+
+void PacketPassInactivityMonitor_Free (PacketPassInactivityMonitor *o)
+{
+    DebugObject_Free(&o->d_obj);
+
+    // free timer
+    BReactor_RemoveTimer(o->reactor, &o->timer);
+    
+    // free input
+    PacketPassInterface_Free(&o->input);
+}
+
+PacketPassInterface * PacketPassInactivityMonitor_GetInput (PacketPassInactivityMonitor *o)
+{
+    DebugObject_Access(&o->d_obj);
+    
+    return &o->input;
+}
+
+void PacketPassInactivityMonitor_SetHandler (PacketPassInactivityMonitor *o, PacketPassInactivityMonitor_handler handler, void *user)
+{
+    DebugObject_Access(&o->d_obj);
+    
+    o->handler = handler;
+    o->user = user;
+}
+
+void PacketPassInactivityMonitor_Force (PacketPassInactivityMonitor *o)
+{
+    DebugObject_Access(&o->d_obj);
+    
+    BReactor_SetTimerAfter(o->reactor, &o->timer, 0);
+}
diff --git a/client/3rd/PacketProcessor/PacketProcessor/tun2socks-iOS/flowextra/PacketPassInactivityMonitor.h b/client/3rd/PacketProcessor/PacketProcessor/tun2socks-iOS/flowextra/PacketPassInactivityMonitor.h
new file mode 100644
index 00000000..7805d483
--- /dev/null
+++ b/client/3rd/PacketProcessor/PacketProcessor/tun2socks-iOS/flowextra/PacketPassInactivityMonitor.h
@@ -0,0 +1,124 @@
+/**
+ * @file PacketPassInactivityMonitor.h
+ * @author Ambroz Bizjak <ambrop7@gmail.com>
+ * 
+ * @section LICENSE
+ * 
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions are met:
+ * 1. Redistributions of source code must retain the above copyright
+ *    notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in the
+ *    documentation and/or other materials provided with the distribution.
+ * 3. Neither the name of the author nor the
+ *    names of its contributors may be used to endorse or promote products
+ *    derived from this software without specific prior written permission.
+ * 
+ * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS" AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED
+ * WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE
+ * DISCLAIMED. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY
+ * DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES
+ * (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
+ * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND
+ * ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
+ * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS
+ * SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
+ * 
+ * @section DESCRIPTION
+ * 
+ * A {@link PacketPassInterface} layer for detecting inactivity.
+ */
+
+#ifndef BADVPN_PACKETPASSINACTIVITYMONITOR_H
+#define BADVPN_PACKETPASSINACTIVITYMONITOR_H
+
+#include "base/DebugObject.h"
+#include "system/BReactor.h"
+#include "flow/PacketPassInterface.h"
+
+/**
+ * Handler function invoked when inactivity is detected.
+ * It is guaranteed that the interfaces are in not sending state.
+ *
+ * @param user value given to {@link PacketPassInactivityMonitor_Init}
+ */
+typedef void (*PacketPassInactivityMonitor_handler) (void *user);
+
+/**
+ * A {@link PacketPassInterface} layer for detecting inactivity.
+ * It reports inactivity to a user provided handler function.
+ *
+ * The object behaves like that:
+ * ("timer set" means started with the given timeout whether if was running or not,
+ * "timer unset" means stopped if it was running)
+ *     - There is a timer.
+ *     - The timer is set when the object is initialized.
+ *     - When the input calls Send, the call is passed on to the output.
+ *       If the output accepted the packet, the timer is set. If the output
+ *       blocked the packet, the timer is unset.
+ *     - When the output calls Done, the timer is set, and the call is
+ *       passed on to the input.
+ *     - When the input calls Cancel, the timer is set, and the call is
+ *       passed on to the output.
+ *     - When the timer expires, the timer is set, ant the user's handler
+ *       function is invoked.
+ */
+typedef struct {
+    DebugObject d_obj;
+    PacketPassInterface *output;
+    BReactor *reactor;
+    PacketPassInactivityMonitor_handler handler;
+    void *user;
+    PacketPassInterface input;
+    BTimer timer;
+} PacketPassInactivityMonitor;
+
+/**
+ * Initializes the object.
+ * See {@link PacketPassInactivityMonitor} for details.
+ *
+ * @param o the object
+ * @param output output interface
+ * @param reactor reactor we live in
+ * @param interval timer value in milliseconds
+ * @param handler handler function for reporting inactivity, or NULL to disable
+ * @param user value passed to handler functions
+ */
+void PacketPassInactivityMonitor_Init (PacketPassInactivityMonitor *o, PacketPassInterface *output, BReactor *reactor, btime_t interval, PacketPassInactivityMonitor_handler handler, void *user);
+
+/**
+ * Frees the object.
+ *
+ * @param o the object
+ */
+void PacketPassInactivityMonitor_Free (PacketPassInactivityMonitor *o);
+
+/**
+ * Returns the input interface.
+ * The MTU of the interface will be the same as of the output interface.
+ * The interface supports cancel functionality if the output interface supports it.
+ *
+ * @param o the object
+ * @return input interface
+ */
+PacketPassInterface * PacketPassInactivityMonitor_GetInput (PacketPassInactivityMonitor *o);
+
+/**
+ * Sets or removes the inactivity handler.
+ *
+ * @param o the object
+ * @param handler handler function for reporting inactivity, or NULL to disable
+ * @param user value passed to handler functions
+ */
+void PacketPassInactivityMonitor_SetHandler (PacketPassInactivityMonitor *o, PacketPassInactivityMonitor_handler handler, void *user);
+
+/**
+ * Sets the timer to expire immediately in order to force an inactivity report.
+ * 
+ * @param o the object
+ */
+void PacketPassInactivityMonitor_Force (PacketPassInactivityMonitor *o);
+
+#endif
diff --git a/client/3rd/PacketProcessor/PacketProcessor/tun2socks-iOS/generated/blog_channel_BArpProbe.h b/client/3rd/PacketProcessor/PacketProcessor/tun2socks-iOS/generated/blog_channel_BArpProbe.h
new file mode 100644
index 00000000..f168e638
--- /dev/null
+++ b/client/3rd/PacketProcessor/PacketProcessor/tun2socks-iOS/generated/blog_channel_BArpProbe.h
@@ -0,0 +1,4 @@
+#ifdef BLOG_CURRENT_CHANNEL
+#undef BLOG_CURRENT_CHANNEL
+#endif
+#define BLOG_CURRENT_CHANNEL BLOG_CHANNEL_BArpProbe
diff --git a/client/3rd/PacketProcessor/PacketProcessor/tun2socks-iOS/generated/blog_channel_BConnection.h b/client/3rd/PacketProcessor/PacketProcessor/tun2socks-iOS/generated/blog_channel_BConnection.h
new file mode 100644
index 00000000..8447db02
--- /dev/null
+++ b/client/3rd/PacketProcessor/PacketProcessor/tun2socks-iOS/generated/blog_channel_BConnection.h
@@ -0,0 +1,4 @@
+#ifdef BLOG_CURRENT_CHANNEL
+#undef BLOG_CURRENT_CHANNEL
+#endif
+#define BLOG_CURRENT_CHANNEL BLOG_CHANNEL_BConnection
diff --git a/client/3rd/PacketProcessor/PacketProcessor/tun2socks-iOS/generated/blog_channel_BDHCPClient.h b/client/3rd/PacketProcessor/PacketProcessor/tun2socks-iOS/generated/blog_channel_BDHCPClient.h
new file mode 100644
index 00000000..aacf34db
--- /dev/null
+++ b/client/3rd/PacketProcessor/PacketProcessor/tun2socks-iOS/generated/blog_channel_BDHCPClient.h
@@ -0,0 +1,4 @@
+#ifdef BLOG_CURRENT_CHANNEL
+#undef BLOG_CURRENT_CHANNEL
+#endif
+#define BLOG_CURRENT_CHANNEL BLOG_CHANNEL_BDHCPClient
diff --git a/client/3rd/PacketProcessor/PacketProcessor/tun2socks-iOS/generated/blog_channel_BDHCPClientCore.h b/client/3rd/PacketProcessor/PacketProcessor/tun2socks-iOS/generated/blog_channel_BDHCPClientCore.h
new file mode 100644
index 00000000..64fc74d3
--- /dev/null
+++ b/client/3rd/PacketProcessor/PacketProcessor/tun2socks-iOS/generated/blog_channel_BDHCPClientCore.h
@@ -0,0 +1,4 @@
+#ifdef BLOG_CURRENT_CHANNEL
+#undef BLOG_CURRENT_CHANNEL
+#endif
+#define BLOG_CURRENT_CHANNEL BLOG_CHANNEL_BDHCPClientCore
diff --git a/client/3rd/PacketProcessor/PacketProcessor/tun2socks-iOS/generated/blog_channel_BDatagram.h b/client/3rd/PacketProcessor/PacketProcessor/tun2socks-iOS/generated/blog_channel_BDatagram.h
new file mode 100644
index 00000000..d95cf245
--- /dev/null
+++ b/client/3rd/PacketProcessor/PacketProcessor/tun2socks-iOS/generated/blog_channel_BDatagram.h
@@ -0,0 +1,4 @@
+#ifdef BLOG_CURRENT_CHANNEL
+#undef BLOG_CURRENT_CHANNEL
+#endif
+#define BLOG_CURRENT_CHANNEL BLOG_CHANNEL_BDatagram
diff --git a/client/3rd/PacketProcessor/PacketProcessor/tun2socks-iOS/generated/blog_channel_BEncryption.h b/client/3rd/PacketProcessor/PacketProcessor/tun2socks-iOS/generated/blog_channel_BEncryption.h
new file mode 100644
index 00000000..6991f370
--- /dev/null
+++ b/client/3rd/PacketProcessor/PacketProcessor/tun2socks-iOS/generated/blog_channel_BEncryption.h
@@ -0,0 +1,4 @@
+#ifdef BLOG_CURRENT_CHANNEL
+#undef BLOG_CURRENT_CHANNEL
+#endif
+#define BLOG_CURRENT_CHANNEL BLOG_CHANNEL_BEncryption
diff --git a/client/3rd/PacketProcessor/PacketProcessor/tun2socks-iOS/generated/blog_channel_BInputProcess.h b/client/3rd/PacketProcessor/PacketProcessor/tun2socks-iOS/generated/blog_channel_BInputProcess.h
new file mode 100644
index 00000000..f65f715a
--- /dev/null
+++ b/client/3rd/PacketProcessor/PacketProcessor/tun2socks-iOS/generated/blog_channel_BInputProcess.h
@@ -0,0 +1,4 @@
+#ifdef BLOG_CURRENT_CHANNEL
+#undef BLOG_CURRENT_CHANNEL
+#endif
+#define BLOG_CURRENT_CHANNEL BLOG_CHANNEL_BInputProcess
diff --git a/client/3rd/PacketProcessor/PacketProcessor/tun2socks-iOS/generated/blog_channel_BLockReactor.h b/client/3rd/PacketProcessor/PacketProcessor/tun2socks-iOS/generated/blog_channel_BLockReactor.h
new file mode 100644
index 00000000..5aab6d41
--- /dev/null
+++ b/client/3rd/PacketProcessor/PacketProcessor/tun2socks-iOS/generated/blog_channel_BLockReactor.h
@@ -0,0 +1,4 @@
+#ifdef BLOG_CURRENT_CHANNEL
+#undef BLOG_CURRENT_CHANNEL
+#endif
+#define BLOG_CURRENT_CHANNEL BLOG_CHANNEL_BLockReactor
diff --git a/client/3rd/PacketProcessor/PacketProcessor/tun2socks-iOS/generated/blog_channel_BNetwork.h b/client/3rd/PacketProcessor/PacketProcessor/tun2socks-iOS/generated/blog_channel_BNetwork.h
new file mode 100644
index 00000000..c5e3bc1e
--- /dev/null
+++ b/client/3rd/PacketProcessor/PacketProcessor/tun2socks-iOS/generated/blog_channel_BNetwork.h
@@ -0,0 +1,4 @@
+#ifdef BLOG_CURRENT_CHANNEL
+#undef BLOG_CURRENT_CHANNEL
+#endif
+#define BLOG_CURRENT_CHANNEL BLOG_CHANNEL_BNetwork
diff --git a/client/3rd/PacketProcessor/PacketProcessor/tun2socks-iOS/generated/blog_channel_BPredicate.h b/client/3rd/PacketProcessor/PacketProcessor/tun2socks-iOS/generated/blog_channel_BPredicate.h
new file mode 100644
index 00000000..1a683f13
--- /dev/null
+++ b/client/3rd/PacketProcessor/PacketProcessor/tun2socks-iOS/generated/blog_channel_BPredicate.h
@@ -0,0 +1,4 @@
+#ifdef BLOG_CURRENT_CHANNEL
+#undef BLOG_CURRENT_CHANNEL
+#endif
+#define BLOG_CURRENT_CHANNEL BLOG_CHANNEL_BPredicate
diff --git a/client/3rd/PacketProcessor/PacketProcessor/tun2socks-iOS/generated/blog_channel_BProcess.h b/client/3rd/PacketProcessor/PacketProcessor/tun2socks-iOS/generated/blog_channel_BProcess.h
new file mode 100644
index 00000000..e11e5a62
--- /dev/null
+++ b/client/3rd/PacketProcessor/PacketProcessor/tun2socks-iOS/generated/blog_channel_BProcess.h
@@ -0,0 +1,4 @@
+#ifdef BLOG_CURRENT_CHANNEL
+#undef BLOG_CURRENT_CHANNEL
+#endif
+#define BLOG_CURRENT_CHANNEL BLOG_CHANNEL_BProcess
diff --git a/client/3rd/PacketProcessor/PacketProcessor/tun2socks-iOS/generated/blog_channel_BReactor.h b/client/3rd/PacketProcessor/PacketProcessor/tun2socks-iOS/generated/blog_channel_BReactor.h
new file mode 100644
index 00000000..d111dc79
--- /dev/null
+++ b/client/3rd/PacketProcessor/PacketProcessor/tun2socks-iOS/generated/blog_channel_BReactor.h
@@ -0,0 +1,4 @@
+#ifdef BLOG_CURRENT_CHANNEL
+#undef BLOG_CURRENT_CHANNEL
+#endif
+#define BLOG_CURRENT_CHANNEL BLOG_CHANNEL_BReactor
diff --git a/client/3rd/PacketProcessor/PacketProcessor/tun2socks-iOS/generated/blog_channel_BSSLConnection.h b/client/3rd/PacketProcessor/PacketProcessor/tun2socks-iOS/generated/blog_channel_BSSLConnection.h
new file mode 100644
index 00000000..bd55826b
--- /dev/null
+++ b/client/3rd/PacketProcessor/PacketProcessor/tun2socks-iOS/generated/blog_channel_BSSLConnection.h
@@ -0,0 +1,4 @@
+#ifdef BLOG_CURRENT_CHANNEL
+#undef BLOG_CURRENT_CHANNEL
+#endif
+#define BLOG_CURRENT_CHANNEL BLOG_CHANNEL_BSSLConnection
diff --git a/client/3rd/PacketProcessor/PacketProcessor/tun2socks-iOS/generated/blog_channel_BSignal.h b/client/3rd/PacketProcessor/PacketProcessor/tun2socks-iOS/generated/blog_channel_BSignal.h
new file mode 100644
index 00000000..2820ebce
--- /dev/null
+++ b/client/3rd/PacketProcessor/PacketProcessor/tun2socks-iOS/generated/blog_channel_BSignal.h
@@ -0,0 +1,4 @@
+#ifdef BLOG_CURRENT_CHANNEL
+#undef BLOG_CURRENT_CHANNEL
+#endif
+#define BLOG_CURRENT_CHANNEL BLOG_CHANNEL_BSignal
diff --git a/client/3rd/PacketProcessor/PacketProcessor/tun2socks-iOS/generated/blog_channel_BSocksClient.h b/client/3rd/PacketProcessor/PacketProcessor/tun2socks-iOS/generated/blog_channel_BSocksClient.h
new file mode 100644
index 00000000..72086fab
--- /dev/null
+++ b/client/3rd/PacketProcessor/PacketProcessor/tun2socks-iOS/generated/blog_channel_BSocksClient.h
@@ -0,0 +1,4 @@
+#ifdef BLOG_CURRENT_CHANNEL
+#undef BLOG_CURRENT_CHANNEL
+#endif
+#define BLOG_CURRENT_CHANNEL BLOG_CHANNEL_BSocksClient
diff --git a/client/3rd/PacketProcessor/PacketProcessor/tun2socks-iOS/generated/blog_channel_BTap.h b/client/3rd/PacketProcessor/PacketProcessor/tun2socks-iOS/generated/blog_channel_BTap.h
new file mode 100644
index 00000000..ab3e951e
--- /dev/null
+++ b/client/3rd/PacketProcessor/PacketProcessor/tun2socks-iOS/generated/blog_channel_BTap.h
@@ -0,0 +1,4 @@
+#ifdef BLOG_CURRENT_CHANNEL
+#undef BLOG_CURRENT_CHANNEL
+#endif
+#define BLOG_CURRENT_CHANNEL BLOG_CHANNEL_BTap
diff --git a/client/3rd/PacketProcessor/PacketProcessor/tun2socks-iOS/generated/blog_channel_BThreadSignal.h b/client/3rd/PacketProcessor/PacketProcessor/tun2socks-iOS/generated/blog_channel_BThreadSignal.h
new file mode 100644
index 00000000..f39fc368
--- /dev/null
+++ b/client/3rd/PacketProcessor/PacketProcessor/tun2socks-iOS/generated/blog_channel_BThreadSignal.h
@@ -0,0 +1,4 @@
+#ifdef BLOG_CURRENT_CHANNEL
+#undef BLOG_CURRENT_CHANNEL
+#endif
+#define BLOG_CURRENT_CHANNEL BLOG_CHANNEL_BThreadSignal
diff --git a/client/3rd/PacketProcessor/PacketProcessor/tun2socks-iOS/generated/blog_channel_BThreadWork.h b/client/3rd/PacketProcessor/PacketProcessor/tun2socks-iOS/generated/blog_channel_BThreadWork.h
new file mode 100644
index 00000000..f68383c2
--- /dev/null
+++ b/client/3rd/PacketProcessor/PacketProcessor/tun2socks-iOS/generated/blog_channel_BThreadWork.h
@@ -0,0 +1,4 @@
+#ifdef BLOG_CURRENT_CHANNEL
+#undef BLOG_CURRENT_CHANNEL
+#endif
+#define BLOG_CURRENT_CHANNEL BLOG_CHANNEL_BThreadWork
diff --git a/client/3rd/PacketProcessor/PacketProcessor/tun2socks-iOS/generated/blog_channel_BTime.h b/client/3rd/PacketProcessor/PacketProcessor/tun2socks-iOS/generated/blog_channel_BTime.h
new file mode 100644
index 00000000..b323ee76
--- /dev/null
+++ b/client/3rd/PacketProcessor/PacketProcessor/tun2socks-iOS/generated/blog_channel_BTime.h
@@ -0,0 +1,4 @@
+#ifdef BLOG_CURRENT_CHANNEL
+#undef BLOG_CURRENT_CHANNEL
+#endif
+#define BLOG_CURRENT_CHANNEL BLOG_CHANNEL_BTime
diff --git a/client/3rd/PacketProcessor/PacketProcessor/tun2socks-iOS/generated/blog_channel_BUnixSignal.h b/client/3rd/PacketProcessor/PacketProcessor/tun2socks-iOS/generated/blog_channel_BUnixSignal.h
new file mode 100644
index 00000000..914b21b8
--- /dev/null
+++ b/client/3rd/PacketProcessor/PacketProcessor/tun2socks-iOS/generated/blog_channel_BUnixSignal.h
@@ -0,0 +1,4 @@
+#ifdef BLOG_CURRENT_CHANNEL
+#undef BLOG_CURRENT_CHANNEL
+#endif
+#define BLOG_CURRENT_CHANNEL BLOG_CHANNEL_BUnixSignal
diff --git a/client/3rd/PacketProcessor/PacketProcessor/tun2socks-iOS/generated/blog_channel_DPReceive.h b/client/3rd/PacketProcessor/PacketProcessor/tun2socks-iOS/generated/blog_channel_DPReceive.h
new file mode 100644
index 00000000..99889b56
--- /dev/null
+++ b/client/3rd/PacketProcessor/PacketProcessor/tun2socks-iOS/generated/blog_channel_DPReceive.h
@@ -0,0 +1,4 @@
+#ifdef BLOG_CURRENT_CHANNEL
+#undef BLOG_CURRENT_CHANNEL
+#endif
+#define BLOG_CURRENT_CHANNEL BLOG_CHANNEL_DPReceive
diff --git a/client/3rd/PacketProcessor/PacketProcessor/tun2socks-iOS/generated/blog_channel_DPRelay.h b/client/3rd/PacketProcessor/PacketProcessor/tun2socks-iOS/generated/blog_channel_DPRelay.h
new file mode 100644
index 00000000..bc0153be
--- /dev/null
+++ b/client/3rd/PacketProcessor/PacketProcessor/tun2socks-iOS/generated/blog_channel_DPRelay.h
@@ -0,0 +1,4 @@
+#ifdef BLOG_CURRENT_CHANNEL
+#undef BLOG_CURRENT_CHANNEL
+#endif
+#define BLOG_CURRENT_CHANNEL BLOG_CHANNEL_DPRelay
diff --git a/client/3rd/PacketProcessor/PacketProcessor/tun2socks-iOS/generated/blog_channel_DataProto.h b/client/3rd/PacketProcessor/PacketProcessor/tun2socks-iOS/generated/blog_channel_DataProto.h
new file mode 100644
index 00000000..a6f900a3
--- /dev/null
+++ b/client/3rd/PacketProcessor/PacketProcessor/tun2socks-iOS/generated/blog_channel_DataProto.h
@@ -0,0 +1,4 @@
+#ifdef BLOG_CURRENT_CHANNEL
+#undef BLOG_CURRENT_CHANNEL
+#endif
+#define BLOG_CURRENT_CHANNEL BLOG_CHANNEL_DataProto
diff --git a/client/3rd/PacketProcessor/PacketProcessor/tun2socks-iOS/generated/blog_channel_DatagramPeerIO.h b/client/3rd/PacketProcessor/PacketProcessor/tun2socks-iOS/generated/blog_channel_DatagramPeerIO.h
new file mode 100644
index 00000000..16e37b5b
--- /dev/null
+++ b/client/3rd/PacketProcessor/PacketProcessor/tun2socks-iOS/generated/blog_channel_DatagramPeerIO.h
@@ -0,0 +1,4 @@
+#ifdef BLOG_CURRENT_CHANNEL
+#undef BLOG_CURRENT_CHANNEL
+#endif
+#define BLOG_CURRENT_CHANNEL BLOG_CHANNEL_DatagramPeerIO
diff --git a/client/3rd/PacketProcessor/PacketProcessor/tun2socks-iOS/generated/blog_channel_FragmentProtoAssembler.h b/client/3rd/PacketProcessor/PacketProcessor/tun2socks-iOS/generated/blog_channel_FragmentProtoAssembler.h
new file mode 100644
index 00000000..25289efb
--- /dev/null
+++ b/client/3rd/PacketProcessor/PacketProcessor/tun2socks-iOS/generated/blog_channel_FragmentProtoAssembler.h
@@ -0,0 +1,4 @@
+#ifdef BLOG_CURRENT_CHANNEL
+#undef BLOG_CURRENT_CHANNEL
+#endif
+#define BLOG_CURRENT_CHANNEL BLOG_CHANNEL_FragmentProtoAssembler
diff --git a/client/3rd/PacketProcessor/PacketProcessor/tun2socks-iOS/generated/blog_channel_FrameDecider.h b/client/3rd/PacketProcessor/PacketProcessor/tun2socks-iOS/generated/blog_channel_FrameDecider.h
new file mode 100644
index 00000000..5dbf3c46
--- /dev/null
+++ b/client/3rd/PacketProcessor/PacketProcessor/tun2socks-iOS/generated/blog_channel_FrameDecider.h
@@ -0,0 +1,4 @@
+#ifdef BLOG_CURRENT_CHANNEL
+#undef BLOG_CURRENT_CHANNEL
+#endif
+#define BLOG_CURRENT_CHANNEL BLOG_CHANNEL_FrameDecider
diff --git a/client/3rd/PacketProcessor/PacketProcessor/tun2socks-iOS/generated/blog_channel_LineBuffer.h b/client/3rd/PacketProcessor/PacketProcessor/tun2socks-iOS/generated/blog_channel_LineBuffer.h
new file mode 100644
index 00000000..4286a742
--- /dev/null
+++ b/client/3rd/PacketProcessor/PacketProcessor/tun2socks-iOS/generated/blog_channel_LineBuffer.h
@@ -0,0 +1,4 @@
+#ifdef BLOG_CURRENT_CHANNEL
+#undef BLOG_CURRENT_CHANNEL
+#endif
+#define BLOG_CURRENT_CHANNEL BLOG_CHANNEL_LineBuffer
diff --git a/client/3rd/PacketProcessor/PacketProcessor/tun2socks-iOS/generated/blog_channel_Listener.h b/client/3rd/PacketProcessor/PacketProcessor/tun2socks-iOS/generated/blog_channel_Listener.h
new file mode 100644
index 00000000..f61bfb3d
--- /dev/null
+++ b/client/3rd/PacketProcessor/PacketProcessor/tun2socks-iOS/generated/blog_channel_Listener.h
@@ -0,0 +1,4 @@
+#ifdef BLOG_CURRENT_CHANNEL
+#undef BLOG_CURRENT_CHANNEL
+#endif
+#define BLOG_CURRENT_CHANNEL BLOG_CHANNEL_Listener
diff --git a/client/3rd/PacketProcessor/PacketProcessor/tun2socks-iOS/generated/blog_channel_NCDBuildProgram.h b/client/3rd/PacketProcessor/PacketProcessor/tun2socks-iOS/generated/blog_channel_NCDBuildProgram.h
new file mode 100644
index 00000000..1a6cdf91
--- /dev/null
+++ b/client/3rd/PacketProcessor/PacketProcessor/tun2socks-iOS/generated/blog_channel_NCDBuildProgram.h
@@ -0,0 +1,4 @@
+#ifdef BLOG_CURRENT_CHANNEL
+#undef BLOG_CURRENT_CHANNEL
+#endif
+#define BLOG_CURRENT_CHANNEL BLOG_CHANNEL_NCDBuildProgram
diff --git a/client/3rd/PacketProcessor/PacketProcessor/tun2socks-iOS/generated/blog_channel_NCDConfigParser.h b/client/3rd/PacketProcessor/PacketProcessor/tun2socks-iOS/generated/blog_channel_NCDConfigParser.h
new file mode 100644
index 00000000..92d98d06
--- /dev/null
+++ b/client/3rd/PacketProcessor/PacketProcessor/tun2socks-iOS/generated/blog_channel_NCDConfigParser.h
@@ -0,0 +1,4 @@
+#ifdef BLOG_CURRENT_CHANNEL
+#undef BLOG_CURRENT_CHANNEL
+#endif
+#define BLOG_CURRENT_CHANNEL BLOG_CHANNEL_NCDConfigParser
diff --git a/client/3rd/PacketProcessor/PacketProcessor/tun2socks-iOS/generated/blog_channel_NCDConfigTokenizer.h b/client/3rd/PacketProcessor/PacketProcessor/tun2socks-iOS/generated/blog_channel_NCDConfigTokenizer.h
new file mode 100644
index 00000000..0b3b6892
--- /dev/null
+++ b/client/3rd/PacketProcessor/PacketProcessor/tun2socks-iOS/generated/blog_channel_NCDConfigTokenizer.h
@@ -0,0 +1,4 @@
+#ifdef BLOG_CURRENT_CHANNEL
+#undef BLOG_CURRENT_CHANNEL
+#endif
+#define BLOG_CURRENT_CHANNEL BLOG_CHANNEL_NCDConfigTokenizer
diff --git a/client/3rd/PacketProcessor/PacketProcessor/tun2socks-iOS/generated/blog_channel_NCDIfConfig.h b/client/3rd/PacketProcessor/PacketProcessor/tun2socks-iOS/generated/blog_channel_NCDIfConfig.h
new file mode 100644
index 00000000..91bdbda5
--- /dev/null
+++ b/client/3rd/PacketProcessor/PacketProcessor/tun2socks-iOS/generated/blog_channel_NCDIfConfig.h
@@ -0,0 +1,4 @@
+#ifdef BLOG_CURRENT_CHANNEL
+#undef BLOG_CURRENT_CHANNEL
+#endif
+#define BLOG_CURRENT_CHANNEL BLOG_CHANNEL_NCDIfConfig
diff --git a/client/3rd/PacketProcessor/PacketProcessor/tun2socks-iOS/generated/blog_channel_NCDInterfaceMonitor.h b/client/3rd/PacketProcessor/PacketProcessor/tun2socks-iOS/generated/blog_channel_NCDInterfaceMonitor.h
new file mode 100644
index 00000000..22c0f8d6
--- /dev/null
+++ b/client/3rd/PacketProcessor/PacketProcessor/tun2socks-iOS/generated/blog_channel_NCDInterfaceMonitor.h
@@ -0,0 +1,4 @@
+#ifdef BLOG_CURRENT_CHANNEL
+#undef BLOG_CURRENT_CHANNEL
+#endif
+#define BLOG_CURRENT_CHANNEL BLOG_CHANNEL_NCDInterfaceMonitor
diff --git a/client/3rd/PacketProcessor/PacketProcessor/tun2socks-iOS/generated/blog_channel_NCDModuleIndex.h b/client/3rd/PacketProcessor/PacketProcessor/tun2socks-iOS/generated/blog_channel_NCDModuleIndex.h
new file mode 100644
index 00000000..34876642
--- /dev/null
+++ b/client/3rd/PacketProcessor/PacketProcessor/tun2socks-iOS/generated/blog_channel_NCDModuleIndex.h
@@ -0,0 +1,4 @@
+#ifdef BLOG_CURRENT_CHANNEL
+#undef BLOG_CURRENT_CHANNEL
+#endif
+#define BLOG_CURRENT_CHANNEL BLOG_CHANNEL_NCDModuleIndex
diff --git a/client/3rd/PacketProcessor/PacketProcessor/tun2socks-iOS/generated/blog_channel_NCDModuleProcess.h b/client/3rd/PacketProcessor/PacketProcessor/tun2socks-iOS/generated/blog_channel_NCDModuleProcess.h
new file mode 100644
index 00000000..db34dcc0
--- /dev/null
+++ b/client/3rd/PacketProcessor/PacketProcessor/tun2socks-iOS/generated/blog_channel_NCDModuleProcess.h
@@ -0,0 +1,4 @@
+#ifdef BLOG_CURRENT_CHANNEL
+#undef BLOG_CURRENT_CHANNEL
+#endif
+#define BLOG_CURRENT_CHANNEL BLOG_CHANNEL_NCDModuleProcess
diff --git a/client/3rd/PacketProcessor/PacketProcessor/tun2socks-iOS/generated/blog_channel_NCDPlaceholderDb.h b/client/3rd/PacketProcessor/PacketProcessor/tun2socks-iOS/generated/blog_channel_NCDPlaceholderDb.h
new file mode 100644
index 00000000..f1f1db2c
--- /dev/null
+++ b/client/3rd/PacketProcessor/PacketProcessor/tun2socks-iOS/generated/blog_channel_NCDPlaceholderDb.h
@@ -0,0 +1,4 @@
+#ifdef BLOG_CURRENT_CHANNEL
+#undef BLOG_CURRENT_CHANNEL
+#endif
+#define BLOG_CURRENT_CHANNEL BLOG_CHANNEL_NCDPlaceholderDb
diff --git a/client/3rd/PacketProcessor/PacketProcessor/tun2socks-iOS/generated/blog_channel_NCDRequest.h b/client/3rd/PacketProcessor/PacketProcessor/tun2socks-iOS/generated/blog_channel_NCDRequest.h
new file mode 100644
index 00000000..5edc18a2
--- /dev/null
+++ b/client/3rd/PacketProcessor/PacketProcessor/tun2socks-iOS/generated/blog_channel_NCDRequest.h
@@ -0,0 +1,4 @@
+#ifdef BLOG_CURRENT_CHANNEL
+#undef BLOG_CURRENT_CHANNEL
+#endif
+#define BLOG_CURRENT_CHANNEL BLOG_CHANNEL_NCDRequest
diff --git a/client/3rd/PacketProcessor/PacketProcessor/tun2socks-iOS/generated/blog_channel_NCDRequestClient.h b/client/3rd/PacketProcessor/PacketProcessor/tun2socks-iOS/generated/blog_channel_NCDRequestClient.h
new file mode 100644
index 00000000..1e696d8c
--- /dev/null
+++ b/client/3rd/PacketProcessor/PacketProcessor/tun2socks-iOS/generated/blog_channel_NCDRequestClient.h
@@ -0,0 +1,4 @@
+#ifdef BLOG_CURRENT_CHANNEL
+#undef BLOG_CURRENT_CHANNEL
+#endif
+#define BLOG_CURRENT_CHANNEL BLOG_CHANNEL_NCDRequestClient
diff --git a/client/3rd/PacketProcessor/PacketProcessor/tun2socks-iOS/generated/blog_channel_NCDRfkillMonitor.h b/client/3rd/PacketProcessor/PacketProcessor/tun2socks-iOS/generated/blog_channel_NCDRfkillMonitor.h
new file mode 100644
index 00000000..56eba888
--- /dev/null
+++ b/client/3rd/PacketProcessor/PacketProcessor/tun2socks-iOS/generated/blog_channel_NCDRfkillMonitor.h
@@ -0,0 +1,4 @@
+#ifdef BLOG_CURRENT_CHANNEL
+#undef BLOG_CURRENT_CHANNEL
+#endif
+#define BLOG_CURRENT_CHANNEL BLOG_CHANNEL_NCDRfkillMonitor
diff --git a/client/3rd/PacketProcessor/PacketProcessor/tun2socks-iOS/generated/blog_channel_NCDUdevCache.h b/client/3rd/PacketProcessor/PacketProcessor/tun2socks-iOS/generated/blog_channel_NCDUdevCache.h
new file mode 100644
index 00000000..088fc9b3
--- /dev/null
+++ b/client/3rd/PacketProcessor/PacketProcessor/tun2socks-iOS/generated/blog_channel_NCDUdevCache.h
@@ -0,0 +1,4 @@
+#ifdef BLOG_CURRENT_CHANNEL
+#undef BLOG_CURRENT_CHANNEL
+#endif
+#define BLOG_CURRENT_CHANNEL BLOG_CHANNEL_NCDUdevCache
diff --git a/client/3rd/PacketProcessor/PacketProcessor/tun2socks-iOS/generated/blog_channel_NCDUdevManager.h b/client/3rd/PacketProcessor/PacketProcessor/tun2socks-iOS/generated/blog_channel_NCDUdevManager.h
new file mode 100644
index 00000000..e9d63758
--- /dev/null
+++ b/client/3rd/PacketProcessor/PacketProcessor/tun2socks-iOS/generated/blog_channel_NCDUdevManager.h
@@ -0,0 +1,4 @@
+#ifdef BLOG_CURRENT_CHANNEL
+#undef BLOG_CURRENT_CHANNEL
+#endif
+#define BLOG_CURRENT_CHANNEL BLOG_CHANNEL_NCDUdevManager
diff --git a/client/3rd/PacketProcessor/PacketProcessor/tun2socks-iOS/generated/blog_channel_NCDUdevMonitor.h b/client/3rd/PacketProcessor/PacketProcessor/tun2socks-iOS/generated/blog_channel_NCDUdevMonitor.h
new file mode 100644
index 00000000..bd93249a
--- /dev/null
+++ b/client/3rd/PacketProcessor/PacketProcessor/tun2socks-iOS/generated/blog_channel_NCDUdevMonitor.h
@@ -0,0 +1,4 @@
+#ifdef BLOG_CURRENT_CHANNEL
+#undef BLOG_CURRENT_CHANNEL
+#endif
+#define BLOG_CURRENT_CHANNEL BLOG_CHANNEL_NCDUdevMonitor
diff --git a/client/3rd/PacketProcessor/PacketProcessor/tun2socks-iOS/generated/blog_channel_NCDUdevMonitorParser.h b/client/3rd/PacketProcessor/PacketProcessor/tun2socks-iOS/generated/blog_channel_NCDUdevMonitorParser.h
new file mode 100644
index 00000000..a7d560f4
--- /dev/null
+++ b/client/3rd/PacketProcessor/PacketProcessor/tun2socks-iOS/generated/blog_channel_NCDUdevMonitorParser.h
@@ -0,0 +1,4 @@
+#ifdef BLOG_CURRENT_CHANNEL
+#undef BLOG_CURRENT_CHANNEL
+#endif
+#define BLOG_CURRENT_CHANNEL BLOG_CHANNEL_NCDUdevMonitorParser
diff --git a/client/3rd/PacketProcessor/PacketProcessor/tun2socks-iOS/generated/blog_channel_NCDVal.h b/client/3rd/PacketProcessor/PacketProcessor/tun2socks-iOS/generated/blog_channel_NCDVal.h
new file mode 100644
index 00000000..f2b67c28
--- /dev/null
+++ b/client/3rd/PacketProcessor/PacketProcessor/tun2socks-iOS/generated/blog_channel_NCDVal.h
@@ -0,0 +1,4 @@
+#ifdef BLOG_CURRENT_CHANNEL
+#undef BLOG_CURRENT_CHANNEL
+#endif
+#define BLOG_CURRENT_CHANNEL BLOG_CHANNEL_NCDVal
diff --git a/client/3rd/PacketProcessor/PacketProcessor/tun2socks-iOS/generated/blog_channel_NCDValGenerator.h b/client/3rd/PacketProcessor/PacketProcessor/tun2socks-iOS/generated/blog_channel_NCDValGenerator.h
new file mode 100644
index 00000000..193826bb
--- /dev/null
+++ b/client/3rd/PacketProcessor/PacketProcessor/tun2socks-iOS/generated/blog_channel_NCDValGenerator.h
@@ -0,0 +1,4 @@
+#ifdef BLOG_CURRENT_CHANNEL
+#undef BLOG_CURRENT_CHANNEL
+#endif
+#define BLOG_CURRENT_CHANNEL BLOG_CHANNEL_NCDValGenerator
diff --git a/client/3rd/PacketProcessor/PacketProcessor/tun2socks-iOS/generated/blog_channel_NCDValParser.h b/client/3rd/PacketProcessor/PacketProcessor/tun2socks-iOS/generated/blog_channel_NCDValParser.h
new file mode 100644
index 00000000..1d44acb7
--- /dev/null
+++ b/client/3rd/PacketProcessor/PacketProcessor/tun2socks-iOS/generated/blog_channel_NCDValParser.h
@@ -0,0 +1,4 @@
+#ifdef BLOG_CURRENT_CHANNEL
+#undef BLOG_CURRENT_CHANNEL
+#endif
+#define BLOG_CURRENT_CHANNEL BLOG_CHANNEL_NCDValParser
diff --git a/client/3rd/PacketProcessor/PacketProcessor/tun2socks-iOS/generated/blog_channel_PRStreamSink.h b/client/3rd/PacketProcessor/PacketProcessor/tun2socks-iOS/generated/blog_channel_PRStreamSink.h
new file mode 100644
index 00000000..b70b61cd
--- /dev/null
+++ b/client/3rd/PacketProcessor/PacketProcessor/tun2socks-iOS/generated/blog_channel_PRStreamSink.h
@@ -0,0 +1,4 @@
+#ifdef BLOG_CURRENT_CHANNEL
+#undef BLOG_CURRENT_CHANNEL
+#endif
+#define BLOG_CURRENT_CHANNEL BLOG_CHANNEL_PRStreamSink
diff --git a/client/3rd/PacketProcessor/PacketProcessor/tun2socks-iOS/generated/blog_channel_PRStreamSource.h b/client/3rd/PacketProcessor/PacketProcessor/tun2socks-iOS/generated/blog_channel_PRStreamSource.h
new file mode 100644
index 00000000..e16d93db
--- /dev/null
+++ b/client/3rd/PacketProcessor/PacketProcessor/tun2socks-iOS/generated/blog_channel_PRStreamSource.h
@@ -0,0 +1,4 @@
+#ifdef BLOG_CURRENT_CHANNEL
+#undef BLOG_CURRENT_CHANNEL
+#endif
+#define BLOG_CURRENT_CHANNEL BLOG_CHANNEL_PRStreamSource
diff --git a/client/3rd/PacketProcessor/PacketProcessor/tun2socks-iOS/generated/blog_channel_PacketProtoDecoder.h b/client/3rd/PacketProcessor/PacketProcessor/tun2socks-iOS/generated/blog_channel_PacketProtoDecoder.h
new file mode 100644
index 00000000..fbfa5d81
--- /dev/null
+++ b/client/3rd/PacketProcessor/PacketProcessor/tun2socks-iOS/generated/blog_channel_PacketProtoDecoder.h
@@ -0,0 +1,4 @@
+#ifdef BLOG_CURRENT_CHANNEL
+#undef BLOG_CURRENT_CHANNEL
+#endif
+#define BLOG_CURRENT_CHANNEL BLOG_CHANNEL_PacketProtoDecoder
diff --git a/client/3rd/PacketProcessor/PacketProcessor/tun2socks-iOS/generated/blog_channel_PasswordListener.h b/client/3rd/PacketProcessor/PacketProcessor/tun2socks-iOS/generated/blog_channel_PasswordListener.h
new file mode 100644
index 00000000..6ff0bb58
--- /dev/null
+++ b/client/3rd/PacketProcessor/PacketProcessor/tun2socks-iOS/generated/blog_channel_PasswordListener.h
@@ -0,0 +1,4 @@
+#ifdef BLOG_CURRENT_CHANNEL
+#undef BLOG_CURRENT_CHANNEL
+#endif
+#define BLOG_CURRENT_CHANNEL BLOG_CHANNEL_PasswordListener
diff --git a/client/3rd/PacketProcessor/PacketProcessor/tun2socks-iOS/generated/blog_channel_PeerChat.h b/client/3rd/PacketProcessor/PacketProcessor/tun2socks-iOS/generated/blog_channel_PeerChat.h
new file mode 100644
index 00000000..cadf2308
--- /dev/null
+++ b/client/3rd/PacketProcessor/PacketProcessor/tun2socks-iOS/generated/blog_channel_PeerChat.h
@@ -0,0 +1,4 @@
+#ifdef BLOG_CURRENT_CHANNEL
+#undef BLOG_CURRENT_CHANNEL
+#endif
+#define BLOG_CURRENT_CHANNEL BLOG_CHANNEL_PeerChat
diff --git a/client/3rd/PacketProcessor/PacketProcessor/tun2socks-iOS/generated/blog_channel_SPProtoDecoder.h b/client/3rd/PacketProcessor/PacketProcessor/tun2socks-iOS/generated/blog_channel_SPProtoDecoder.h
new file mode 100644
index 00000000..09bf2599
--- /dev/null
+++ b/client/3rd/PacketProcessor/PacketProcessor/tun2socks-iOS/generated/blog_channel_SPProtoDecoder.h
@@ -0,0 +1,4 @@
+#ifdef BLOG_CURRENT_CHANNEL
+#undef BLOG_CURRENT_CHANNEL
+#endif
+#define BLOG_CURRENT_CHANNEL BLOG_CHANNEL_SPProtoDecoder
diff --git a/client/3rd/PacketProcessor/PacketProcessor/tun2socks-iOS/generated/blog_channel_ServerConnection.h b/client/3rd/PacketProcessor/PacketProcessor/tun2socks-iOS/generated/blog_channel_ServerConnection.h
new file mode 100644
index 00000000..faea1ddd
--- /dev/null
+++ b/client/3rd/PacketProcessor/PacketProcessor/tun2socks-iOS/generated/blog_channel_ServerConnection.h
@@ -0,0 +1,4 @@
+#ifdef BLOG_CURRENT_CHANNEL
+#undef BLOG_CURRENT_CHANNEL
+#endif
+#define BLOG_CURRENT_CHANNEL BLOG_CHANNEL_ServerConnection
diff --git a/client/3rd/PacketProcessor/PacketProcessor/tun2socks-iOS/generated/blog_channel_SocksUdpGwClient.h b/client/3rd/PacketProcessor/PacketProcessor/tun2socks-iOS/generated/blog_channel_SocksUdpGwClient.h
new file mode 100644
index 00000000..6ba39aed
--- /dev/null
+++ b/client/3rd/PacketProcessor/PacketProcessor/tun2socks-iOS/generated/blog_channel_SocksUdpGwClient.h
@@ -0,0 +1,4 @@
+#ifdef BLOG_CURRENT_CHANNEL
+#undef BLOG_CURRENT_CHANNEL
+#endif
+#define BLOG_CURRENT_CHANNEL BLOG_CHANNEL_SocksUdpGwClient
diff --git a/client/3rd/PacketProcessor/PacketProcessor/tun2socks-iOS/generated/blog_channel_StreamPeerIO.h b/client/3rd/PacketProcessor/PacketProcessor/tun2socks-iOS/generated/blog_channel_StreamPeerIO.h
new file mode 100644
index 00000000..0359736e
--- /dev/null
+++ b/client/3rd/PacketProcessor/PacketProcessor/tun2socks-iOS/generated/blog_channel_StreamPeerIO.h
@@ -0,0 +1,4 @@
+#ifdef BLOG_CURRENT_CHANNEL
+#undef BLOG_CURRENT_CHANNEL
+#endif
+#define BLOG_CURRENT_CHANNEL BLOG_CHANNEL_StreamPeerIO
diff --git a/client/3rd/PacketProcessor/PacketProcessor/tun2socks-iOS/generated/blog_channel_UdpGwClient.h b/client/3rd/PacketProcessor/PacketProcessor/tun2socks-iOS/generated/blog_channel_UdpGwClient.h
new file mode 100644
index 00000000..85303768
--- /dev/null
+++ b/client/3rd/PacketProcessor/PacketProcessor/tun2socks-iOS/generated/blog_channel_UdpGwClient.h
@@ -0,0 +1,4 @@
+#ifdef BLOG_CURRENT_CHANNEL
+#undef BLOG_CURRENT_CHANNEL
+#endif
+#define BLOG_CURRENT_CHANNEL BLOG_CHANNEL_UdpGwClient
diff --git a/client/3rd/PacketProcessor/PacketProcessor/tun2socks-iOS/generated/blog_channel_addr.h b/client/3rd/PacketProcessor/PacketProcessor/tun2socks-iOS/generated/blog_channel_addr.h
new file mode 100644
index 00000000..512db286
--- /dev/null
+++ b/client/3rd/PacketProcessor/PacketProcessor/tun2socks-iOS/generated/blog_channel_addr.h
@@ -0,0 +1,4 @@
+#ifdef BLOG_CURRENT_CHANNEL
+#undef BLOG_CURRENT_CHANNEL
+#endif
+#define BLOG_CURRENT_CHANNEL BLOG_CHANNEL_addr
diff --git a/client/3rd/PacketProcessor/PacketProcessor/tun2socks-iOS/generated/blog_channel_client.h b/client/3rd/PacketProcessor/PacketProcessor/tun2socks-iOS/generated/blog_channel_client.h
new file mode 100644
index 00000000..c851b77b
--- /dev/null
+++ b/client/3rd/PacketProcessor/PacketProcessor/tun2socks-iOS/generated/blog_channel_client.h
@@ -0,0 +1,4 @@
+#ifdef BLOG_CURRENT_CHANNEL
+#undef BLOG_CURRENT_CHANNEL
+#endif
+#define BLOG_CURRENT_CHANNEL BLOG_CHANNEL_client
diff --git a/client/3rd/PacketProcessor/PacketProcessor/tun2socks-iOS/generated/blog_channel_dostest_attacker.h b/client/3rd/PacketProcessor/PacketProcessor/tun2socks-iOS/generated/blog_channel_dostest_attacker.h
new file mode 100644
index 00000000..b267c8f4
--- /dev/null
+++ b/client/3rd/PacketProcessor/PacketProcessor/tun2socks-iOS/generated/blog_channel_dostest_attacker.h
@@ -0,0 +1,4 @@
+#ifdef BLOG_CURRENT_CHANNEL
+#undef BLOG_CURRENT_CHANNEL
+#endif
+#define BLOG_CURRENT_CHANNEL BLOG_CHANNEL_dostest_attacker
diff --git a/client/3rd/PacketProcessor/PacketProcessor/tun2socks-iOS/generated/blog_channel_dostest_server.h b/client/3rd/PacketProcessor/PacketProcessor/tun2socks-iOS/generated/blog_channel_dostest_server.h
new file mode 100644
index 00000000..8d3988e0
--- /dev/null
+++ b/client/3rd/PacketProcessor/PacketProcessor/tun2socks-iOS/generated/blog_channel_dostest_server.h
@@ -0,0 +1,4 @@
+#ifdef BLOG_CURRENT_CHANNEL
+#undef BLOG_CURRENT_CHANNEL
+#endif
+#define BLOG_CURRENT_CHANNEL BLOG_CHANNEL_dostest_server
diff --git a/client/3rd/PacketProcessor/PacketProcessor/tun2socks-iOS/generated/blog_channel_flooder.h b/client/3rd/PacketProcessor/PacketProcessor/tun2socks-iOS/generated/blog_channel_flooder.h
new file mode 100644
index 00000000..94f595eb
--- /dev/null
+++ b/client/3rd/PacketProcessor/PacketProcessor/tun2socks-iOS/generated/blog_channel_flooder.h
@@ -0,0 +1,4 @@
+#ifdef BLOG_CURRENT_CHANNEL
+#undef BLOG_CURRENT_CHANNEL
+#endif
+#define BLOG_CURRENT_CHANNEL BLOG_CHANNEL_flooder
diff --git a/client/3rd/PacketProcessor/PacketProcessor/tun2socks-iOS/generated/blog_channel_lwip.h b/client/3rd/PacketProcessor/PacketProcessor/tun2socks-iOS/generated/blog_channel_lwip.h
new file mode 100644
index 00000000..fb5687df
--- /dev/null
+++ b/client/3rd/PacketProcessor/PacketProcessor/tun2socks-iOS/generated/blog_channel_lwip.h
@@ -0,0 +1,4 @@
+#ifdef BLOG_CURRENT_CHANNEL
+#undef BLOG_CURRENT_CHANNEL
+#endif
+#define BLOG_CURRENT_CHANNEL BLOG_CHANNEL_lwip
diff --git a/client/3rd/PacketProcessor/PacketProcessor/tun2socks-iOS/generated/blog_channel_ncd.h b/client/3rd/PacketProcessor/PacketProcessor/tun2socks-iOS/generated/blog_channel_ncd.h
new file mode 100644
index 00000000..9bf29567
--- /dev/null
+++ b/client/3rd/PacketProcessor/PacketProcessor/tun2socks-iOS/generated/blog_channel_ncd.h
@@ -0,0 +1,4 @@
+#ifdef BLOG_CURRENT_CHANNEL
+#undef BLOG_CURRENT_CHANNEL
+#endif
+#define BLOG_CURRENT_CHANNEL BLOG_CHANNEL_ncd
diff --git a/client/3rd/PacketProcessor/PacketProcessor/tun2socks-iOS/generated/blog_channel_ncd_alias.h b/client/3rd/PacketProcessor/PacketProcessor/tun2socks-iOS/generated/blog_channel_ncd_alias.h
new file mode 100644
index 00000000..5b52bf26
--- /dev/null
+++ b/client/3rd/PacketProcessor/PacketProcessor/tun2socks-iOS/generated/blog_channel_ncd_alias.h
@@ -0,0 +1,4 @@
+#ifdef BLOG_CURRENT_CHANNEL
+#undef BLOG_CURRENT_CHANNEL
+#endif
+#define BLOG_CURRENT_CHANNEL BLOG_CHANNEL_ncd_alias
diff --git a/client/3rd/PacketProcessor/PacketProcessor/tun2socks-iOS/generated/blog_channel_ncd_arithmetic.h b/client/3rd/PacketProcessor/PacketProcessor/tun2socks-iOS/generated/blog_channel_ncd_arithmetic.h
new file mode 100644
index 00000000..66c08a8e
--- /dev/null
+++ b/client/3rd/PacketProcessor/PacketProcessor/tun2socks-iOS/generated/blog_channel_ncd_arithmetic.h
@@ -0,0 +1,4 @@
+#ifdef BLOG_CURRENT_CHANNEL
+#undef BLOG_CURRENT_CHANNEL
+#endif
+#define BLOG_CURRENT_CHANNEL BLOG_CHANNEL_ncd_arithmetic
diff --git a/client/3rd/PacketProcessor/PacketProcessor/tun2socks-iOS/generated/blog_channel_ncd_assert.h b/client/3rd/PacketProcessor/PacketProcessor/tun2socks-iOS/generated/blog_channel_ncd_assert.h
new file mode 100644
index 00000000..21e4d419
--- /dev/null
+++ b/client/3rd/PacketProcessor/PacketProcessor/tun2socks-iOS/generated/blog_channel_ncd_assert.h
@@ -0,0 +1,4 @@
+#ifdef BLOG_CURRENT_CHANNEL
+#undef BLOG_CURRENT_CHANNEL
+#endif
+#define BLOG_CURRENT_CHANNEL BLOG_CHANNEL_ncd_assert
diff --git a/client/3rd/PacketProcessor/PacketProcessor/tun2socks-iOS/generated/blog_channel_ncd_backtrack.h b/client/3rd/PacketProcessor/PacketProcessor/tun2socks-iOS/generated/blog_channel_ncd_backtrack.h
new file mode 100644
index 00000000..ea669f79
--- /dev/null
+++ b/client/3rd/PacketProcessor/PacketProcessor/tun2socks-iOS/generated/blog_channel_ncd_backtrack.h
@@ -0,0 +1,4 @@
+#ifdef BLOG_CURRENT_CHANNEL
+#undef BLOG_CURRENT_CHANNEL
+#endif
+#define BLOG_CURRENT_CHANNEL BLOG_CHANNEL_ncd_backtrack
diff --git a/client/3rd/PacketProcessor/PacketProcessor/tun2socks-iOS/generated/blog_channel_ncd_basic_functions.h b/client/3rd/PacketProcessor/PacketProcessor/tun2socks-iOS/generated/blog_channel_ncd_basic_functions.h
new file mode 100644
index 00000000..9f0bfdd4
--- /dev/null
+++ b/client/3rd/PacketProcessor/PacketProcessor/tun2socks-iOS/generated/blog_channel_ncd_basic_functions.h
@@ -0,0 +1,4 @@
+#ifdef BLOG_CURRENT_CHANNEL
+#undef BLOG_CURRENT_CHANNEL
+#endif
+#define BLOG_CURRENT_CHANNEL BLOG_CHANNEL_ncd_basic_functions
diff --git a/client/3rd/PacketProcessor/PacketProcessor/tun2socks-iOS/generated/blog_channel_ncd_blocker.h b/client/3rd/PacketProcessor/PacketProcessor/tun2socks-iOS/generated/blog_channel_ncd_blocker.h
new file mode 100644
index 00000000..a897b9f5
--- /dev/null
+++ b/client/3rd/PacketProcessor/PacketProcessor/tun2socks-iOS/generated/blog_channel_ncd_blocker.h
@@ -0,0 +1,4 @@
+#ifdef BLOG_CURRENT_CHANNEL
+#undef BLOG_CURRENT_CHANNEL
+#endif
+#define BLOG_CURRENT_CHANNEL BLOG_CHANNEL_ncd_blocker
diff --git a/client/3rd/PacketProcessor/PacketProcessor/tun2socks-iOS/generated/blog_channel_ncd_buffer.h b/client/3rd/PacketProcessor/PacketProcessor/tun2socks-iOS/generated/blog_channel_ncd_buffer.h
new file mode 100644
index 00000000..64e44333
--- /dev/null
+++ b/client/3rd/PacketProcessor/PacketProcessor/tun2socks-iOS/generated/blog_channel_ncd_buffer.h
@@ -0,0 +1,4 @@
+#ifdef BLOG_CURRENT_CHANNEL
+#undef BLOG_CURRENT_CHANNEL
+#endif
+#define BLOG_CURRENT_CHANNEL BLOG_CHANNEL_ncd_buffer
diff --git a/client/3rd/PacketProcessor/PacketProcessor/tun2socks-iOS/generated/blog_channel_ncd_call2.h b/client/3rd/PacketProcessor/PacketProcessor/tun2socks-iOS/generated/blog_channel_ncd_call2.h
new file mode 100644
index 00000000..4b64608d
--- /dev/null
+++ b/client/3rd/PacketProcessor/PacketProcessor/tun2socks-iOS/generated/blog_channel_ncd_call2.h
@@ -0,0 +1,4 @@
+#ifdef BLOG_CURRENT_CHANNEL
+#undef BLOG_CURRENT_CHANNEL
+#endif
+#define BLOG_CURRENT_CHANNEL BLOG_CHANNEL_ncd_call2
diff --git a/client/3rd/PacketProcessor/PacketProcessor/tun2socks-iOS/generated/blog_channel_ncd_choose.h b/client/3rd/PacketProcessor/PacketProcessor/tun2socks-iOS/generated/blog_channel_ncd_choose.h
new file mode 100644
index 00000000..a915036f
--- /dev/null
+++ b/client/3rd/PacketProcessor/PacketProcessor/tun2socks-iOS/generated/blog_channel_ncd_choose.h
@@ -0,0 +1,4 @@
+#ifdef BLOG_CURRENT_CHANNEL
+#undef BLOG_CURRENT_CHANNEL
+#endif
+#define BLOG_CURRENT_CHANNEL BLOG_CHANNEL_ncd_choose
diff --git a/client/3rd/PacketProcessor/PacketProcessor/tun2socks-iOS/generated/blog_channel_ncd_concat.h b/client/3rd/PacketProcessor/PacketProcessor/tun2socks-iOS/generated/blog_channel_ncd_concat.h
new file mode 100644
index 00000000..8c54ccbb
--- /dev/null
+++ b/client/3rd/PacketProcessor/PacketProcessor/tun2socks-iOS/generated/blog_channel_ncd_concat.h
@@ -0,0 +1,4 @@
+#ifdef BLOG_CURRENT_CHANNEL
+#undef BLOG_CURRENT_CHANNEL
+#endif
+#define BLOG_CURRENT_CHANNEL BLOG_CHANNEL_ncd_concat
diff --git a/client/3rd/PacketProcessor/PacketProcessor/tun2socks-iOS/generated/blog_channel_ncd_daemon.h b/client/3rd/PacketProcessor/PacketProcessor/tun2socks-iOS/generated/blog_channel_ncd_daemon.h
new file mode 100644
index 00000000..0a3ae3fa
--- /dev/null
+++ b/client/3rd/PacketProcessor/PacketProcessor/tun2socks-iOS/generated/blog_channel_ncd_daemon.h
@@ -0,0 +1,4 @@
+#ifdef BLOG_CURRENT_CHANNEL
+#undef BLOG_CURRENT_CHANNEL
+#endif
+#define BLOG_CURRENT_CHANNEL BLOG_CHANNEL_ncd_daemon
diff --git a/client/3rd/PacketProcessor/PacketProcessor/tun2socks-iOS/generated/blog_channel_ncd_depend.h b/client/3rd/PacketProcessor/PacketProcessor/tun2socks-iOS/generated/blog_channel_ncd_depend.h
new file mode 100644
index 00000000..ae1ff8e9
--- /dev/null
+++ b/client/3rd/PacketProcessor/PacketProcessor/tun2socks-iOS/generated/blog_channel_ncd_depend.h
@@ -0,0 +1,4 @@
+#ifdef BLOG_CURRENT_CHANNEL
+#undef BLOG_CURRENT_CHANNEL
+#endif
+#define BLOG_CURRENT_CHANNEL BLOG_CHANNEL_ncd_depend
diff --git a/client/3rd/PacketProcessor/PacketProcessor/tun2socks-iOS/generated/blog_channel_ncd_depend_scope.h b/client/3rd/PacketProcessor/PacketProcessor/tun2socks-iOS/generated/blog_channel_ncd_depend_scope.h
new file mode 100644
index 00000000..1168714d
--- /dev/null
+++ b/client/3rd/PacketProcessor/PacketProcessor/tun2socks-iOS/generated/blog_channel_ncd_depend_scope.h
@@ -0,0 +1,4 @@
+#ifdef BLOG_CURRENT_CHANNEL
+#undef BLOG_CURRENT_CHANNEL
+#endif
+#define BLOG_CURRENT_CHANNEL BLOG_CHANNEL_ncd_depend_scope
diff --git a/client/3rd/PacketProcessor/PacketProcessor/tun2socks-iOS/generated/blog_channel_ncd_dynamic_depend.h b/client/3rd/PacketProcessor/PacketProcessor/tun2socks-iOS/generated/blog_channel_ncd_dynamic_depend.h
new file mode 100644
index 00000000..7ff305ea
--- /dev/null
+++ b/client/3rd/PacketProcessor/PacketProcessor/tun2socks-iOS/generated/blog_channel_ncd_dynamic_depend.h
@@ -0,0 +1,4 @@
+#ifdef BLOG_CURRENT_CHANNEL
+#undef BLOG_CURRENT_CHANNEL
+#endif
+#define BLOG_CURRENT_CHANNEL BLOG_CHANNEL_ncd_dynamic_depend
diff --git a/client/3rd/PacketProcessor/PacketProcessor/tun2socks-iOS/generated/blog_channel_ncd_exit.h b/client/3rd/PacketProcessor/PacketProcessor/tun2socks-iOS/generated/blog_channel_ncd_exit.h
new file mode 100644
index 00000000..2d2e3af1
--- /dev/null
+++ b/client/3rd/PacketProcessor/PacketProcessor/tun2socks-iOS/generated/blog_channel_ncd_exit.h
@@ -0,0 +1,4 @@
+#ifdef BLOG_CURRENT_CHANNEL
+#undef BLOG_CURRENT_CHANNEL
+#endif
+#define BLOG_CURRENT_CHANNEL BLOG_CHANNEL_ncd_exit
diff --git a/client/3rd/PacketProcessor/PacketProcessor/tun2socks-iOS/generated/blog_channel_ncd_explode.h b/client/3rd/PacketProcessor/PacketProcessor/tun2socks-iOS/generated/blog_channel_ncd_explode.h
new file mode 100644
index 00000000..b7dc820e
--- /dev/null
+++ b/client/3rd/PacketProcessor/PacketProcessor/tun2socks-iOS/generated/blog_channel_ncd_explode.h
@@ -0,0 +1,4 @@
+#ifdef BLOG_CURRENT_CHANNEL
+#undef BLOG_CURRENT_CHANNEL
+#endif
+#define BLOG_CURRENT_CHANNEL BLOG_CHANNEL_ncd_explode
diff --git a/client/3rd/PacketProcessor/PacketProcessor/tun2socks-iOS/generated/blog_channel_ncd_file.h b/client/3rd/PacketProcessor/PacketProcessor/tun2socks-iOS/generated/blog_channel_ncd_file.h
new file mode 100644
index 00000000..6cfa5a55
--- /dev/null
+++ b/client/3rd/PacketProcessor/PacketProcessor/tun2socks-iOS/generated/blog_channel_ncd_file.h
@@ -0,0 +1,4 @@
+#ifdef BLOG_CURRENT_CHANNEL
+#undef BLOG_CURRENT_CHANNEL
+#endif
+#define BLOG_CURRENT_CHANNEL BLOG_CHANNEL_ncd_file
diff --git a/client/3rd/PacketProcessor/PacketProcessor/tun2socks-iOS/generated/blog_channel_ncd_file_open.h b/client/3rd/PacketProcessor/PacketProcessor/tun2socks-iOS/generated/blog_channel_ncd_file_open.h
new file mode 100644
index 00000000..dd4ecb5f
--- /dev/null
+++ b/client/3rd/PacketProcessor/PacketProcessor/tun2socks-iOS/generated/blog_channel_ncd_file_open.h
@@ -0,0 +1,4 @@
+#ifdef BLOG_CURRENT_CHANNEL
+#undef BLOG_CURRENT_CHANNEL
+#endif
+#define BLOG_CURRENT_CHANNEL BLOG_CHANNEL_ncd_file_open
diff --git a/client/3rd/PacketProcessor/PacketProcessor/tun2socks-iOS/generated/blog_channel_ncd_foreach.h b/client/3rd/PacketProcessor/PacketProcessor/tun2socks-iOS/generated/blog_channel_ncd_foreach.h
new file mode 100644
index 00000000..430b2294
--- /dev/null
+++ b/client/3rd/PacketProcessor/PacketProcessor/tun2socks-iOS/generated/blog_channel_ncd_foreach.h
@@ -0,0 +1,4 @@
+#ifdef BLOG_CURRENT_CHANNEL
+#undef BLOG_CURRENT_CHANNEL
+#endif
+#define BLOG_CURRENT_CHANNEL BLOG_CHANNEL_ncd_foreach
diff --git a/client/3rd/PacketProcessor/PacketProcessor/tun2socks-iOS/generated/blog_channel_ncd_from_string.h b/client/3rd/PacketProcessor/PacketProcessor/tun2socks-iOS/generated/blog_channel_ncd_from_string.h
new file mode 100644
index 00000000..e409fffa
--- /dev/null
+++ b/client/3rd/PacketProcessor/PacketProcessor/tun2socks-iOS/generated/blog_channel_ncd_from_string.h
@@ -0,0 +1,4 @@
+#ifdef BLOG_CURRENT_CHANNEL
+#undef BLOG_CURRENT_CHANNEL
+#endif
+#define BLOG_CURRENT_CHANNEL BLOG_CHANNEL_ncd_from_string
diff --git a/client/3rd/PacketProcessor/PacketProcessor/tun2socks-iOS/generated/blog_channel_ncd_getargs.h b/client/3rd/PacketProcessor/PacketProcessor/tun2socks-iOS/generated/blog_channel_ncd_getargs.h
new file mode 100644
index 00000000..da7631d4
--- /dev/null
+++ b/client/3rd/PacketProcessor/PacketProcessor/tun2socks-iOS/generated/blog_channel_ncd_getargs.h
@@ -0,0 +1,4 @@
+#ifdef BLOG_CURRENT_CHANNEL
+#undef BLOG_CURRENT_CHANNEL
+#endif
+#define BLOG_CURRENT_CHANNEL BLOG_CHANNEL_ncd_getargs
diff --git a/client/3rd/PacketProcessor/PacketProcessor/tun2socks-iOS/generated/blog_channel_ncd_getenv.h b/client/3rd/PacketProcessor/PacketProcessor/tun2socks-iOS/generated/blog_channel_ncd_getenv.h
new file mode 100644
index 00000000..4f290216
--- /dev/null
+++ b/client/3rd/PacketProcessor/PacketProcessor/tun2socks-iOS/generated/blog_channel_ncd_getenv.h
@@ -0,0 +1,4 @@
+#ifdef BLOG_CURRENT_CHANNEL
+#undef BLOG_CURRENT_CHANNEL
+#endif
+#define BLOG_CURRENT_CHANNEL BLOG_CHANNEL_ncd_getenv
diff --git a/client/3rd/PacketProcessor/PacketProcessor/tun2socks-iOS/generated/blog_channel_ncd_if.h b/client/3rd/PacketProcessor/PacketProcessor/tun2socks-iOS/generated/blog_channel_ncd_if.h
new file mode 100644
index 00000000..11a09a2a
--- /dev/null
+++ b/client/3rd/PacketProcessor/PacketProcessor/tun2socks-iOS/generated/blog_channel_ncd_if.h
@@ -0,0 +1,4 @@
+#ifdef BLOG_CURRENT_CHANNEL
+#undef BLOG_CURRENT_CHANNEL
+#endif
+#define BLOG_CURRENT_CHANNEL BLOG_CHANNEL_ncd_if
diff --git a/client/3rd/PacketProcessor/PacketProcessor/tun2socks-iOS/generated/blog_channel_ncd_imperative.h b/client/3rd/PacketProcessor/PacketProcessor/tun2socks-iOS/generated/blog_channel_ncd_imperative.h
new file mode 100644
index 00000000..362df87a
--- /dev/null
+++ b/client/3rd/PacketProcessor/PacketProcessor/tun2socks-iOS/generated/blog_channel_ncd_imperative.h
@@ -0,0 +1,4 @@
+#ifdef BLOG_CURRENT_CHANNEL
+#undef BLOG_CURRENT_CHANNEL
+#endif
+#define BLOG_CURRENT_CHANNEL BLOG_CHANNEL_ncd_imperative
diff --git a/client/3rd/PacketProcessor/PacketProcessor/tun2socks-iOS/generated/blog_channel_ncd_implode.h b/client/3rd/PacketProcessor/PacketProcessor/tun2socks-iOS/generated/blog_channel_ncd_implode.h
new file mode 100644
index 00000000..5bb66d5b
--- /dev/null
+++ b/client/3rd/PacketProcessor/PacketProcessor/tun2socks-iOS/generated/blog_channel_ncd_implode.h
@@ -0,0 +1,4 @@
+#ifdef BLOG_CURRENT_CHANNEL
+#undef BLOG_CURRENT_CHANNEL
+#endif
+#define BLOG_CURRENT_CHANNEL BLOG_CHANNEL_ncd_implode
diff --git a/client/3rd/PacketProcessor/PacketProcessor/tun2socks-iOS/generated/blog_channel_ncd_index.h b/client/3rd/PacketProcessor/PacketProcessor/tun2socks-iOS/generated/blog_channel_ncd_index.h
new file mode 100644
index 00000000..666bbe9b
--- /dev/null
+++ b/client/3rd/PacketProcessor/PacketProcessor/tun2socks-iOS/generated/blog_channel_ncd_index.h
@@ -0,0 +1,4 @@
+#ifdef BLOG_CURRENT_CHANNEL
+#undef BLOG_CURRENT_CHANNEL
+#endif
+#define BLOG_CURRENT_CHANNEL BLOG_CHANNEL_ncd_index
diff --git a/client/3rd/PacketProcessor/PacketProcessor/tun2socks-iOS/generated/blog_channel_ncd_list.h b/client/3rd/PacketProcessor/PacketProcessor/tun2socks-iOS/generated/blog_channel_ncd_list.h
new file mode 100644
index 00000000..f153be78
--- /dev/null
+++ b/client/3rd/PacketProcessor/PacketProcessor/tun2socks-iOS/generated/blog_channel_ncd_list.h
@@ -0,0 +1,4 @@
+#ifdef BLOG_CURRENT_CHANNEL
+#undef BLOG_CURRENT_CHANNEL
+#endif
+#define BLOG_CURRENT_CHANNEL BLOG_CHANNEL_ncd_list
diff --git a/client/3rd/PacketProcessor/PacketProcessor/tun2socks-iOS/generated/blog_channel_ncd_load_module.h b/client/3rd/PacketProcessor/PacketProcessor/tun2socks-iOS/generated/blog_channel_ncd_load_module.h
new file mode 100644
index 00000000..c27dddb8
--- /dev/null
+++ b/client/3rd/PacketProcessor/PacketProcessor/tun2socks-iOS/generated/blog_channel_ncd_load_module.h
@@ -0,0 +1,4 @@
+#ifdef BLOG_CURRENT_CHANNEL
+#undef BLOG_CURRENT_CHANNEL
+#endif
+#define BLOG_CURRENT_CHANNEL BLOG_CHANNEL_ncd_load_module
diff --git a/client/3rd/PacketProcessor/PacketProcessor/tun2socks-iOS/generated/blog_channel_ncd_log.h b/client/3rd/PacketProcessor/PacketProcessor/tun2socks-iOS/generated/blog_channel_ncd_log.h
new file mode 100644
index 00000000..9ae2dc95
--- /dev/null
+++ b/client/3rd/PacketProcessor/PacketProcessor/tun2socks-iOS/generated/blog_channel_ncd_log.h
@@ -0,0 +1,4 @@
+#ifdef BLOG_CURRENT_CHANNEL
+#undef BLOG_CURRENT_CHANNEL
+#endif
+#define BLOG_CURRENT_CHANNEL BLOG_CHANNEL_ncd_log
diff --git a/client/3rd/PacketProcessor/PacketProcessor/tun2socks-iOS/generated/blog_channel_ncd_log_msg.h b/client/3rd/PacketProcessor/PacketProcessor/tun2socks-iOS/generated/blog_channel_ncd_log_msg.h
new file mode 100644
index 00000000..9e51b7eb
--- /dev/null
+++ b/client/3rd/PacketProcessor/PacketProcessor/tun2socks-iOS/generated/blog_channel_ncd_log_msg.h
@@ -0,0 +1,4 @@
+#ifdef BLOG_CURRENT_CHANNEL
+#undef BLOG_CURRENT_CHANNEL
+#endif
+#define BLOG_CURRENT_CHANNEL BLOG_CHANNEL_ncd_log_msg
diff --git a/client/3rd/PacketProcessor/PacketProcessor/tun2socks-iOS/generated/blog_channel_ncd_logical.h b/client/3rd/PacketProcessor/PacketProcessor/tun2socks-iOS/generated/blog_channel_ncd_logical.h
new file mode 100644
index 00000000..688453d8
--- /dev/null
+++ b/client/3rd/PacketProcessor/PacketProcessor/tun2socks-iOS/generated/blog_channel_ncd_logical.h
@@ -0,0 +1,4 @@
+#ifdef BLOG_CURRENT_CHANNEL
+#undef BLOG_CURRENT_CHANNEL
+#endif
+#define BLOG_CURRENT_CHANNEL BLOG_CHANNEL_ncd_logical
diff --git a/client/3rd/PacketProcessor/PacketProcessor/tun2socks-iOS/generated/blog_channel_ncd_multidepend.h b/client/3rd/PacketProcessor/PacketProcessor/tun2socks-iOS/generated/blog_channel_ncd_multidepend.h
new file mode 100644
index 00000000..a82953df
--- /dev/null
+++ b/client/3rd/PacketProcessor/PacketProcessor/tun2socks-iOS/generated/blog_channel_ncd_multidepend.h
@@ -0,0 +1,4 @@
+#ifdef BLOG_CURRENT_CHANNEL
+#undef BLOG_CURRENT_CHANNEL
+#endif
+#define BLOG_CURRENT_CHANNEL BLOG_CHANNEL_ncd_multidepend
diff --git a/client/3rd/PacketProcessor/PacketProcessor/tun2socks-iOS/generated/blog_channel_ncd_net_backend_badvpn.h b/client/3rd/PacketProcessor/PacketProcessor/tun2socks-iOS/generated/blog_channel_ncd_net_backend_badvpn.h
new file mode 100644
index 00000000..c9964c16
--- /dev/null
+++ b/client/3rd/PacketProcessor/PacketProcessor/tun2socks-iOS/generated/blog_channel_ncd_net_backend_badvpn.h
@@ -0,0 +1,4 @@
+#ifdef BLOG_CURRENT_CHANNEL
+#undef BLOG_CURRENT_CHANNEL
+#endif
+#define BLOG_CURRENT_CHANNEL BLOG_CHANNEL_ncd_net_backend_badvpn
diff --git a/client/3rd/PacketProcessor/PacketProcessor/tun2socks-iOS/generated/blog_channel_ncd_net_backend_rfkill.h b/client/3rd/PacketProcessor/PacketProcessor/tun2socks-iOS/generated/blog_channel_ncd_net_backend_rfkill.h
new file mode 100644
index 00000000..e69896f9
--- /dev/null
+++ b/client/3rd/PacketProcessor/PacketProcessor/tun2socks-iOS/generated/blog_channel_ncd_net_backend_rfkill.h
@@ -0,0 +1,4 @@
+#ifdef BLOG_CURRENT_CHANNEL
+#undef BLOG_CURRENT_CHANNEL
+#endif
+#define BLOG_CURRENT_CHANNEL BLOG_CHANNEL_ncd_net_backend_rfkill
diff --git a/client/3rd/PacketProcessor/PacketProcessor/tun2socks-iOS/generated/blog_channel_ncd_net_backend_waitdevice.h b/client/3rd/PacketProcessor/PacketProcessor/tun2socks-iOS/generated/blog_channel_ncd_net_backend_waitdevice.h
new file mode 100644
index 00000000..63c4f242
--- /dev/null
+++ b/client/3rd/PacketProcessor/PacketProcessor/tun2socks-iOS/generated/blog_channel_ncd_net_backend_waitdevice.h
@@ -0,0 +1,4 @@
+#ifdef BLOG_CURRENT_CHANNEL
+#undef BLOG_CURRENT_CHANNEL
+#endif
+#define BLOG_CURRENT_CHANNEL BLOG_CHANNEL_ncd_net_backend_waitdevice
diff --git a/client/3rd/PacketProcessor/PacketProcessor/tun2socks-iOS/generated/blog_channel_ncd_net_backend_waitlink.h b/client/3rd/PacketProcessor/PacketProcessor/tun2socks-iOS/generated/blog_channel_ncd_net_backend_waitlink.h
new file mode 100644
index 00000000..96244c0a
--- /dev/null
+++ b/client/3rd/PacketProcessor/PacketProcessor/tun2socks-iOS/generated/blog_channel_ncd_net_backend_waitlink.h
@@ -0,0 +1,4 @@
+#ifdef BLOG_CURRENT_CHANNEL
+#undef BLOG_CURRENT_CHANNEL
+#endif
+#define BLOG_CURRENT_CHANNEL BLOG_CHANNEL_ncd_net_backend_waitlink
diff --git a/client/3rd/PacketProcessor/PacketProcessor/tun2socks-iOS/generated/blog_channel_ncd_net_backend_wpa_supplicant.h b/client/3rd/PacketProcessor/PacketProcessor/tun2socks-iOS/generated/blog_channel_ncd_net_backend_wpa_supplicant.h
new file mode 100644
index 00000000..22572d36
--- /dev/null
+++ b/client/3rd/PacketProcessor/PacketProcessor/tun2socks-iOS/generated/blog_channel_ncd_net_backend_wpa_supplicant.h
@@ -0,0 +1,4 @@
+#ifdef BLOG_CURRENT_CHANNEL
+#undef BLOG_CURRENT_CHANNEL
+#endif
+#define BLOG_CURRENT_CHANNEL BLOG_CHANNEL_ncd_net_backend_wpa_supplicant
diff --git a/client/3rd/PacketProcessor/PacketProcessor/tun2socks-iOS/generated/blog_channel_ncd_net_dns.h b/client/3rd/PacketProcessor/PacketProcessor/tun2socks-iOS/generated/blog_channel_ncd_net_dns.h
new file mode 100644
index 00000000..01c37448
--- /dev/null
+++ b/client/3rd/PacketProcessor/PacketProcessor/tun2socks-iOS/generated/blog_channel_ncd_net_dns.h
@@ -0,0 +1,4 @@
+#ifdef BLOG_CURRENT_CHANNEL
+#undef BLOG_CURRENT_CHANNEL
+#endif
+#define BLOG_CURRENT_CHANNEL BLOG_CHANNEL_ncd_net_dns
diff --git a/client/3rd/PacketProcessor/PacketProcessor/tun2socks-iOS/generated/blog_channel_ncd_net_iptables.h b/client/3rd/PacketProcessor/PacketProcessor/tun2socks-iOS/generated/blog_channel_ncd_net_iptables.h
new file mode 100644
index 00000000..42e23827
--- /dev/null
+++ b/client/3rd/PacketProcessor/PacketProcessor/tun2socks-iOS/generated/blog_channel_ncd_net_iptables.h
@@ -0,0 +1,4 @@
+#ifdef BLOG_CURRENT_CHANNEL
+#undef BLOG_CURRENT_CHANNEL
+#endif
+#define BLOG_CURRENT_CHANNEL BLOG_CHANNEL_ncd_net_iptables
diff --git a/client/3rd/PacketProcessor/PacketProcessor/tun2socks-iOS/generated/blog_channel_ncd_net_ipv4_addr.h b/client/3rd/PacketProcessor/PacketProcessor/tun2socks-iOS/generated/blog_channel_ncd_net_ipv4_addr.h
new file mode 100644
index 00000000..75bcb24d
--- /dev/null
+++ b/client/3rd/PacketProcessor/PacketProcessor/tun2socks-iOS/generated/blog_channel_ncd_net_ipv4_addr.h
@@ -0,0 +1,4 @@
+#ifdef BLOG_CURRENT_CHANNEL
+#undef BLOG_CURRENT_CHANNEL
+#endif
+#define BLOG_CURRENT_CHANNEL BLOG_CHANNEL_ncd_net_ipv4_addr
diff --git a/client/3rd/PacketProcessor/PacketProcessor/tun2socks-iOS/generated/blog_channel_ncd_net_ipv4_addr_in_network.h b/client/3rd/PacketProcessor/PacketProcessor/tun2socks-iOS/generated/blog_channel_ncd_net_ipv4_addr_in_network.h
new file mode 100644
index 00000000..41f2df2e
--- /dev/null
+++ b/client/3rd/PacketProcessor/PacketProcessor/tun2socks-iOS/generated/blog_channel_ncd_net_ipv4_addr_in_network.h
@@ -0,0 +1,4 @@
+#ifdef BLOG_CURRENT_CHANNEL
+#undef BLOG_CURRENT_CHANNEL
+#endif
+#define BLOG_CURRENT_CHANNEL BLOG_CHANNEL_ncd_net_ipv4_addr_in_network
diff --git a/client/3rd/PacketProcessor/PacketProcessor/tun2socks-iOS/generated/blog_channel_ncd_net_ipv4_arp_probe.h b/client/3rd/PacketProcessor/PacketProcessor/tun2socks-iOS/generated/blog_channel_ncd_net_ipv4_arp_probe.h
new file mode 100644
index 00000000..18f7c783
--- /dev/null
+++ b/client/3rd/PacketProcessor/PacketProcessor/tun2socks-iOS/generated/blog_channel_ncd_net_ipv4_arp_probe.h
@@ -0,0 +1,4 @@
+#ifdef BLOG_CURRENT_CHANNEL
+#undef BLOG_CURRENT_CHANNEL
+#endif
+#define BLOG_CURRENT_CHANNEL BLOG_CHANNEL_ncd_net_ipv4_arp_probe
diff --git a/client/3rd/PacketProcessor/PacketProcessor/tun2socks-iOS/generated/blog_channel_ncd_net_ipv4_dhcp.h b/client/3rd/PacketProcessor/PacketProcessor/tun2socks-iOS/generated/blog_channel_ncd_net_ipv4_dhcp.h
new file mode 100644
index 00000000..51fa61fb
--- /dev/null
+++ b/client/3rd/PacketProcessor/PacketProcessor/tun2socks-iOS/generated/blog_channel_ncd_net_ipv4_dhcp.h
@@ -0,0 +1,4 @@
+#ifdef BLOG_CURRENT_CHANNEL
+#undef BLOG_CURRENT_CHANNEL
+#endif
+#define BLOG_CURRENT_CHANNEL BLOG_CHANNEL_ncd_net_ipv4_dhcp
diff --git a/client/3rd/PacketProcessor/PacketProcessor/tun2socks-iOS/generated/blog_channel_ncd_net_ipv4_route.h b/client/3rd/PacketProcessor/PacketProcessor/tun2socks-iOS/generated/blog_channel_ncd_net_ipv4_route.h
new file mode 100644
index 00000000..e181a90b
--- /dev/null
+++ b/client/3rd/PacketProcessor/PacketProcessor/tun2socks-iOS/generated/blog_channel_ncd_net_ipv4_route.h
@@ -0,0 +1,4 @@
+#ifdef BLOG_CURRENT_CHANNEL
+#undef BLOG_CURRENT_CHANNEL
+#endif
+#define BLOG_CURRENT_CHANNEL BLOG_CHANNEL_ncd_net_ipv4_route
diff --git a/client/3rd/PacketProcessor/PacketProcessor/tun2socks-iOS/generated/blog_channel_ncd_net_ipv6_addr.h b/client/3rd/PacketProcessor/PacketProcessor/tun2socks-iOS/generated/blog_channel_ncd_net_ipv6_addr.h
new file mode 100644
index 00000000..bd6bd10a
--- /dev/null
+++ b/client/3rd/PacketProcessor/PacketProcessor/tun2socks-iOS/generated/blog_channel_ncd_net_ipv6_addr.h
@@ -0,0 +1,4 @@
+#ifdef BLOG_CURRENT_CHANNEL
+#undef BLOG_CURRENT_CHANNEL
+#endif
+#define BLOG_CURRENT_CHANNEL BLOG_CHANNEL_ncd_net_ipv6_addr
diff --git a/client/3rd/PacketProcessor/PacketProcessor/tun2socks-iOS/generated/blog_channel_ncd_net_ipv6_addr_in_network.h b/client/3rd/PacketProcessor/PacketProcessor/tun2socks-iOS/generated/blog_channel_ncd_net_ipv6_addr_in_network.h
new file mode 100644
index 00000000..ba33921f
--- /dev/null
+++ b/client/3rd/PacketProcessor/PacketProcessor/tun2socks-iOS/generated/blog_channel_ncd_net_ipv6_addr_in_network.h
@@ -0,0 +1,4 @@
+#ifdef BLOG_CURRENT_CHANNEL
+#undef BLOG_CURRENT_CHANNEL
+#endif
+#define BLOG_CURRENT_CHANNEL BLOG_CHANNEL_ncd_net_ipv6_addr_in_network
diff --git a/client/3rd/PacketProcessor/PacketProcessor/tun2socks-iOS/generated/blog_channel_ncd_net_ipv6_route.h b/client/3rd/PacketProcessor/PacketProcessor/tun2socks-iOS/generated/blog_channel_ncd_net_ipv6_route.h
new file mode 100644
index 00000000..b72e4d38
--- /dev/null
+++ b/client/3rd/PacketProcessor/PacketProcessor/tun2socks-iOS/generated/blog_channel_ncd_net_ipv6_route.h
@@ -0,0 +1,4 @@
+#ifdef BLOG_CURRENT_CHANNEL
+#undef BLOG_CURRENT_CHANNEL
+#endif
+#define BLOG_CURRENT_CHANNEL BLOG_CHANNEL_ncd_net_ipv6_route
diff --git a/client/3rd/PacketProcessor/PacketProcessor/tun2socks-iOS/generated/blog_channel_ncd_net_ipv6_wait_dynamic_addr.h b/client/3rd/PacketProcessor/PacketProcessor/tun2socks-iOS/generated/blog_channel_ncd_net_ipv6_wait_dynamic_addr.h
new file mode 100644
index 00000000..ff7d6e1e
--- /dev/null
+++ b/client/3rd/PacketProcessor/PacketProcessor/tun2socks-iOS/generated/blog_channel_ncd_net_ipv6_wait_dynamic_addr.h
@@ -0,0 +1,4 @@
+#ifdef BLOG_CURRENT_CHANNEL
+#undef BLOG_CURRENT_CHANNEL
+#endif
+#define BLOG_CURRENT_CHANNEL BLOG_CHANNEL_ncd_net_ipv6_wait_dynamic_addr
diff --git a/client/3rd/PacketProcessor/PacketProcessor/tun2socks-iOS/generated/blog_channel_ncd_net_up.h b/client/3rd/PacketProcessor/PacketProcessor/tun2socks-iOS/generated/blog_channel_ncd_net_up.h
new file mode 100644
index 00000000..7acdedef
--- /dev/null
+++ b/client/3rd/PacketProcessor/PacketProcessor/tun2socks-iOS/generated/blog_channel_ncd_net_up.h
@@ -0,0 +1,4 @@
+#ifdef BLOG_CURRENT_CHANNEL
+#undef BLOG_CURRENT_CHANNEL
+#endif
+#define BLOG_CURRENT_CHANNEL BLOG_CHANNEL_ncd_net_up
diff --git a/client/3rd/PacketProcessor/PacketProcessor/tun2socks-iOS/generated/blog_channel_ncd_net_watch_interfaces.h b/client/3rd/PacketProcessor/PacketProcessor/tun2socks-iOS/generated/blog_channel_ncd_net_watch_interfaces.h
new file mode 100644
index 00000000..7fc078f7
--- /dev/null
+++ b/client/3rd/PacketProcessor/PacketProcessor/tun2socks-iOS/generated/blog_channel_ncd_net_watch_interfaces.h
@@ -0,0 +1,4 @@
+#ifdef BLOG_CURRENT_CHANNEL
+#undef BLOG_CURRENT_CHANNEL
+#endif
+#define BLOG_CURRENT_CHANNEL BLOG_CHANNEL_ncd_net_watch_interfaces
diff --git a/client/3rd/PacketProcessor/PacketProcessor/tun2socks-iOS/generated/blog_channel_ncd_netmask.h b/client/3rd/PacketProcessor/PacketProcessor/tun2socks-iOS/generated/blog_channel_ncd_netmask.h
new file mode 100644
index 00000000..10993f00
--- /dev/null
+++ b/client/3rd/PacketProcessor/PacketProcessor/tun2socks-iOS/generated/blog_channel_ncd_netmask.h
@@ -0,0 +1,4 @@
+#ifdef BLOG_CURRENT_CHANNEL
+#undef BLOG_CURRENT_CHANNEL
+#endif
+#define BLOG_CURRENT_CHANNEL BLOG_CHANNEL_ncd_netmask
diff --git a/client/3rd/PacketProcessor/PacketProcessor/tun2socks-iOS/generated/blog_channel_ncd_objref.h b/client/3rd/PacketProcessor/PacketProcessor/tun2socks-iOS/generated/blog_channel_ncd_objref.h
new file mode 100644
index 00000000..783ee6e5
--- /dev/null
+++ b/client/3rd/PacketProcessor/PacketProcessor/tun2socks-iOS/generated/blog_channel_ncd_objref.h
@@ -0,0 +1,4 @@
+#ifdef BLOG_CURRENT_CHANNEL
+#undef BLOG_CURRENT_CHANNEL
+#endif
+#define BLOG_CURRENT_CHANNEL BLOG_CHANNEL_ncd_objref
diff --git a/client/3rd/PacketProcessor/PacketProcessor/tun2socks-iOS/generated/blog_channel_ncd_ondemand.h b/client/3rd/PacketProcessor/PacketProcessor/tun2socks-iOS/generated/blog_channel_ncd_ondemand.h
new file mode 100644
index 00000000..c7a0578c
--- /dev/null
+++ b/client/3rd/PacketProcessor/PacketProcessor/tun2socks-iOS/generated/blog_channel_ncd_ondemand.h
@@ -0,0 +1,4 @@
+#ifdef BLOG_CURRENT_CHANNEL
+#undef BLOG_CURRENT_CHANNEL
+#endif
+#define BLOG_CURRENT_CHANNEL BLOG_CHANNEL_ncd_ondemand
diff --git a/client/3rd/PacketProcessor/PacketProcessor/tun2socks-iOS/generated/blog_channel_ncd_parse.h b/client/3rd/PacketProcessor/PacketProcessor/tun2socks-iOS/generated/blog_channel_ncd_parse.h
new file mode 100644
index 00000000..672155be
--- /dev/null
+++ b/client/3rd/PacketProcessor/PacketProcessor/tun2socks-iOS/generated/blog_channel_ncd_parse.h
@@ -0,0 +1,4 @@
+#ifdef BLOG_CURRENT_CHANNEL
+#undef BLOG_CURRENT_CHANNEL
+#endif
+#define BLOG_CURRENT_CHANNEL BLOG_CHANNEL_ncd_parse
diff --git a/client/3rd/PacketProcessor/PacketProcessor/tun2socks-iOS/generated/blog_channel_ncd_print.h b/client/3rd/PacketProcessor/PacketProcessor/tun2socks-iOS/generated/blog_channel_ncd_print.h
new file mode 100644
index 00000000..22638f3b
--- /dev/null
+++ b/client/3rd/PacketProcessor/PacketProcessor/tun2socks-iOS/generated/blog_channel_ncd_print.h
@@ -0,0 +1,4 @@
+#ifdef BLOG_CURRENT_CHANNEL
+#undef BLOG_CURRENT_CHANNEL
+#endif
+#define BLOG_CURRENT_CHANNEL BLOG_CHANNEL_ncd_print
diff --git a/client/3rd/PacketProcessor/PacketProcessor/tun2socks-iOS/generated/blog_channel_ncd_process_manager.h b/client/3rd/PacketProcessor/PacketProcessor/tun2socks-iOS/generated/blog_channel_ncd_process_manager.h
new file mode 100644
index 00000000..627ba0e5
--- /dev/null
+++ b/client/3rd/PacketProcessor/PacketProcessor/tun2socks-iOS/generated/blog_channel_ncd_process_manager.h
@@ -0,0 +1,4 @@
+#ifdef BLOG_CURRENT_CHANNEL
+#undef BLOG_CURRENT_CHANNEL
+#endif
+#define BLOG_CURRENT_CHANNEL BLOG_CHANNEL_ncd_process_manager
diff --git a/client/3rd/PacketProcessor/PacketProcessor/tun2socks-iOS/generated/blog_channel_ncd_reboot.h b/client/3rd/PacketProcessor/PacketProcessor/tun2socks-iOS/generated/blog_channel_ncd_reboot.h
new file mode 100644
index 00000000..0e31d555
--- /dev/null
+++ b/client/3rd/PacketProcessor/PacketProcessor/tun2socks-iOS/generated/blog_channel_ncd_reboot.h
@@ -0,0 +1,4 @@
+#ifdef BLOG_CURRENT_CHANNEL
+#undef BLOG_CURRENT_CHANNEL
+#endif
+#define BLOG_CURRENT_CHANNEL BLOG_CHANNEL_ncd_reboot
diff --git a/client/3rd/PacketProcessor/PacketProcessor/tun2socks-iOS/generated/blog_channel_ncd_ref.h b/client/3rd/PacketProcessor/PacketProcessor/tun2socks-iOS/generated/blog_channel_ncd_ref.h
new file mode 100644
index 00000000..4f9f24ae
--- /dev/null
+++ b/client/3rd/PacketProcessor/PacketProcessor/tun2socks-iOS/generated/blog_channel_ncd_ref.h
@@ -0,0 +1,4 @@
+#ifdef BLOG_CURRENT_CHANNEL
+#undef BLOG_CURRENT_CHANNEL
+#endif
+#define BLOG_CURRENT_CHANNEL BLOG_CHANNEL_ncd_ref
diff --git a/client/3rd/PacketProcessor/PacketProcessor/tun2socks-iOS/generated/blog_channel_ncd_regex_match.h b/client/3rd/PacketProcessor/PacketProcessor/tun2socks-iOS/generated/blog_channel_ncd_regex_match.h
new file mode 100644
index 00000000..30813479
--- /dev/null
+++ b/client/3rd/PacketProcessor/PacketProcessor/tun2socks-iOS/generated/blog_channel_ncd_regex_match.h
@@ -0,0 +1,4 @@
+#ifdef BLOG_CURRENT_CHANNEL
+#undef BLOG_CURRENT_CHANNEL
+#endif
+#define BLOG_CURRENT_CHANNEL BLOG_CHANNEL_ncd_regex_match
diff --git a/client/3rd/PacketProcessor/PacketProcessor/tun2socks-iOS/generated/blog_channel_ncd_request.h b/client/3rd/PacketProcessor/PacketProcessor/tun2socks-iOS/generated/blog_channel_ncd_request.h
new file mode 100644
index 00000000..00103ea8
--- /dev/null
+++ b/client/3rd/PacketProcessor/PacketProcessor/tun2socks-iOS/generated/blog_channel_ncd_request.h
@@ -0,0 +1,4 @@
+#ifdef BLOG_CURRENT_CHANNEL
+#undef BLOG_CURRENT_CHANNEL
+#endif
+#define BLOG_CURRENT_CHANNEL BLOG_CHANNEL_ncd_request
diff --git a/client/3rd/PacketProcessor/PacketProcessor/tun2socks-iOS/generated/blog_channel_ncd_run.h b/client/3rd/PacketProcessor/PacketProcessor/tun2socks-iOS/generated/blog_channel_ncd_run.h
new file mode 100644
index 00000000..036a93e3
--- /dev/null
+++ b/client/3rd/PacketProcessor/PacketProcessor/tun2socks-iOS/generated/blog_channel_ncd_run.h
@@ -0,0 +1,4 @@
+#ifdef BLOG_CURRENT_CHANNEL
+#undef BLOG_CURRENT_CHANNEL
+#endif
+#define BLOG_CURRENT_CHANNEL BLOG_CHANNEL_ncd_run
diff --git a/client/3rd/PacketProcessor/PacketProcessor/tun2socks-iOS/generated/blog_channel_ncd_runonce.h b/client/3rd/PacketProcessor/PacketProcessor/tun2socks-iOS/generated/blog_channel_ncd_runonce.h
new file mode 100644
index 00000000..2e544520
--- /dev/null
+++ b/client/3rd/PacketProcessor/PacketProcessor/tun2socks-iOS/generated/blog_channel_ncd_runonce.h
@@ -0,0 +1,4 @@
+#ifdef BLOG_CURRENT_CHANNEL
+#undef BLOG_CURRENT_CHANNEL
+#endif
+#define BLOG_CURRENT_CHANNEL BLOG_CHANNEL_ncd_runonce
diff --git a/client/3rd/PacketProcessor/PacketProcessor/tun2socks-iOS/generated/blog_channel_ncd_sleep.h b/client/3rd/PacketProcessor/PacketProcessor/tun2socks-iOS/generated/blog_channel_ncd_sleep.h
new file mode 100644
index 00000000..fb6c7fe3
--- /dev/null
+++ b/client/3rd/PacketProcessor/PacketProcessor/tun2socks-iOS/generated/blog_channel_ncd_sleep.h
@@ -0,0 +1,4 @@
+#ifdef BLOG_CURRENT_CHANNEL
+#undef BLOG_CURRENT_CHANNEL
+#endif
+#define BLOG_CURRENT_CHANNEL BLOG_CHANNEL_ncd_sleep
diff --git a/client/3rd/PacketProcessor/PacketProcessor/tun2socks-iOS/generated/blog_channel_ncd_socket.h b/client/3rd/PacketProcessor/PacketProcessor/tun2socks-iOS/generated/blog_channel_ncd_socket.h
new file mode 100644
index 00000000..3c1f0c42
--- /dev/null
+++ b/client/3rd/PacketProcessor/PacketProcessor/tun2socks-iOS/generated/blog_channel_ncd_socket.h
@@ -0,0 +1,4 @@
+#ifdef BLOG_CURRENT_CHANNEL
+#undef BLOG_CURRENT_CHANNEL
+#endif
+#define BLOG_CURRENT_CHANNEL BLOG_CHANNEL_ncd_socket
diff --git a/client/3rd/PacketProcessor/PacketProcessor/tun2socks-iOS/generated/blog_channel_ncd_spawn.h b/client/3rd/PacketProcessor/PacketProcessor/tun2socks-iOS/generated/blog_channel_ncd_spawn.h
new file mode 100644
index 00000000..b9b3b24f
--- /dev/null
+++ b/client/3rd/PacketProcessor/PacketProcessor/tun2socks-iOS/generated/blog_channel_ncd_spawn.h
@@ -0,0 +1,4 @@
+#ifdef BLOG_CURRENT_CHANNEL
+#undef BLOG_CURRENT_CHANNEL
+#endif
+#define BLOG_CURRENT_CHANNEL BLOG_CHANNEL_ncd_spawn
diff --git a/client/3rd/PacketProcessor/PacketProcessor/tun2socks-iOS/generated/blog_channel_ncd_strcmp.h b/client/3rd/PacketProcessor/PacketProcessor/tun2socks-iOS/generated/blog_channel_ncd_strcmp.h
new file mode 100644
index 00000000..6ef09adc
--- /dev/null
+++ b/client/3rd/PacketProcessor/PacketProcessor/tun2socks-iOS/generated/blog_channel_ncd_strcmp.h
@@ -0,0 +1,4 @@
+#ifdef BLOG_CURRENT_CHANNEL
+#undef BLOG_CURRENT_CHANNEL
+#endif
+#define BLOG_CURRENT_CHANNEL BLOG_CHANNEL_ncd_strcmp
diff --git a/client/3rd/PacketProcessor/PacketProcessor/tun2socks-iOS/generated/blog_channel_ncd_substr.h b/client/3rd/PacketProcessor/PacketProcessor/tun2socks-iOS/generated/blog_channel_ncd_substr.h
new file mode 100644
index 00000000..691ad0e2
--- /dev/null
+++ b/client/3rd/PacketProcessor/PacketProcessor/tun2socks-iOS/generated/blog_channel_ncd_substr.h
@@ -0,0 +1,4 @@
+#ifdef BLOG_CURRENT_CHANNEL
+#undef BLOG_CURRENT_CHANNEL
+#endif
+#define BLOG_CURRENT_CHANNEL BLOG_CHANNEL_ncd_substr
diff --git a/client/3rd/PacketProcessor/PacketProcessor/tun2socks-iOS/generated/blog_channel_ncd_sys_evdev.h b/client/3rd/PacketProcessor/PacketProcessor/tun2socks-iOS/generated/blog_channel_ncd_sys_evdev.h
new file mode 100644
index 00000000..4a7244e5
--- /dev/null
+++ b/client/3rd/PacketProcessor/PacketProcessor/tun2socks-iOS/generated/blog_channel_ncd_sys_evdev.h
@@ -0,0 +1,4 @@
+#ifdef BLOG_CURRENT_CHANNEL
+#undef BLOG_CURRENT_CHANNEL
+#endif
+#define BLOG_CURRENT_CHANNEL BLOG_CHANNEL_ncd_sys_evdev
diff --git a/client/3rd/PacketProcessor/PacketProcessor/tun2socks-iOS/generated/blog_channel_ncd_sys_request_client.h b/client/3rd/PacketProcessor/PacketProcessor/tun2socks-iOS/generated/blog_channel_ncd_sys_request_client.h
new file mode 100644
index 00000000..ce0f9e4c
--- /dev/null
+++ b/client/3rd/PacketProcessor/PacketProcessor/tun2socks-iOS/generated/blog_channel_ncd_sys_request_client.h
@@ -0,0 +1,4 @@
+#ifdef BLOG_CURRENT_CHANNEL
+#undef BLOG_CURRENT_CHANNEL
+#endif
+#define BLOG_CURRENT_CHANNEL BLOG_CHANNEL_ncd_sys_request_client
diff --git a/client/3rd/PacketProcessor/PacketProcessor/tun2socks-iOS/generated/blog_channel_ncd_sys_request_server.h b/client/3rd/PacketProcessor/PacketProcessor/tun2socks-iOS/generated/blog_channel_ncd_sys_request_server.h
new file mode 100644
index 00000000..11979588
--- /dev/null
+++ b/client/3rd/PacketProcessor/PacketProcessor/tun2socks-iOS/generated/blog_channel_ncd_sys_request_server.h
@@ -0,0 +1,4 @@
+#ifdef BLOG_CURRENT_CHANNEL
+#undef BLOG_CURRENT_CHANNEL
+#endif
+#define BLOG_CURRENT_CHANNEL BLOG_CHANNEL_ncd_sys_request_server
diff --git a/client/3rd/PacketProcessor/PacketProcessor/tun2socks-iOS/generated/blog_channel_ncd_sys_start_process.h b/client/3rd/PacketProcessor/PacketProcessor/tun2socks-iOS/generated/blog_channel_ncd_sys_start_process.h
new file mode 100644
index 00000000..45c2edc0
--- /dev/null
+++ b/client/3rd/PacketProcessor/PacketProcessor/tun2socks-iOS/generated/blog_channel_ncd_sys_start_process.h
@@ -0,0 +1,4 @@
+#ifdef BLOG_CURRENT_CHANNEL
+#undef BLOG_CURRENT_CHANNEL
+#endif
+#define BLOG_CURRENT_CHANNEL BLOG_CHANNEL_ncd_sys_start_process
diff --git a/client/3rd/PacketProcessor/PacketProcessor/tun2socks-iOS/generated/blog_channel_ncd_sys_watch_directory.h b/client/3rd/PacketProcessor/PacketProcessor/tun2socks-iOS/generated/blog_channel_ncd_sys_watch_directory.h
new file mode 100644
index 00000000..e190da51
--- /dev/null
+++ b/client/3rd/PacketProcessor/PacketProcessor/tun2socks-iOS/generated/blog_channel_ncd_sys_watch_directory.h
@@ -0,0 +1,4 @@
+#ifdef BLOG_CURRENT_CHANNEL
+#undef BLOG_CURRENT_CHANNEL
+#endif
+#define BLOG_CURRENT_CHANNEL BLOG_CHANNEL_ncd_sys_watch_directory
diff --git a/client/3rd/PacketProcessor/PacketProcessor/tun2socks-iOS/generated/blog_channel_ncd_sys_watch_input.h b/client/3rd/PacketProcessor/PacketProcessor/tun2socks-iOS/generated/blog_channel_ncd_sys_watch_input.h
new file mode 100644
index 00000000..b8995556
--- /dev/null
+++ b/client/3rd/PacketProcessor/PacketProcessor/tun2socks-iOS/generated/blog_channel_ncd_sys_watch_input.h
@@ -0,0 +1,4 @@
+#ifdef BLOG_CURRENT_CHANNEL
+#undef BLOG_CURRENT_CHANNEL
+#endif
+#define BLOG_CURRENT_CHANNEL BLOG_CHANNEL_ncd_sys_watch_input
diff --git a/client/3rd/PacketProcessor/PacketProcessor/tun2socks-iOS/generated/blog_channel_ncd_sys_watch_usb.h b/client/3rd/PacketProcessor/PacketProcessor/tun2socks-iOS/generated/blog_channel_ncd_sys_watch_usb.h
new file mode 100644
index 00000000..bc5102a0
--- /dev/null
+++ b/client/3rd/PacketProcessor/PacketProcessor/tun2socks-iOS/generated/blog_channel_ncd_sys_watch_usb.h
@@ -0,0 +1,4 @@
+#ifdef BLOG_CURRENT_CHANNEL
+#undef BLOG_CURRENT_CHANNEL
+#endif
+#define BLOG_CURRENT_CHANNEL BLOG_CHANNEL_ncd_sys_watch_usb
diff --git a/client/3rd/PacketProcessor/PacketProcessor/tun2socks-iOS/generated/blog_channel_ncd_timer.h b/client/3rd/PacketProcessor/PacketProcessor/tun2socks-iOS/generated/blog_channel_ncd_timer.h
new file mode 100644
index 00000000..beaa73db
--- /dev/null
+++ b/client/3rd/PacketProcessor/PacketProcessor/tun2socks-iOS/generated/blog_channel_ncd_timer.h
@@ -0,0 +1,4 @@
+#ifdef BLOG_CURRENT_CHANNEL
+#undef BLOG_CURRENT_CHANNEL
+#endif
+#define BLOG_CURRENT_CHANNEL BLOG_CHANNEL_ncd_timer
diff --git a/client/3rd/PacketProcessor/PacketProcessor/tun2socks-iOS/generated/blog_channel_ncd_to_string.h b/client/3rd/PacketProcessor/PacketProcessor/tun2socks-iOS/generated/blog_channel_ncd_to_string.h
new file mode 100644
index 00000000..41cd8b98
--- /dev/null
+++ b/client/3rd/PacketProcessor/PacketProcessor/tun2socks-iOS/generated/blog_channel_ncd_to_string.h
@@ -0,0 +1,4 @@
+#ifdef BLOG_CURRENT_CHANNEL
+#undef BLOG_CURRENT_CHANNEL
+#endif
+#define BLOG_CURRENT_CHANNEL BLOG_CHANNEL_ncd_to_string
diff --git a/client/3rd/PacketProcessor/PacketProcessor/tun2socks-iOS/generated/blog_channel_ncd_try.h b/client/3rd/PacketProcessor/PacketProcessor/tun2socks-iOS/generated/blog_channel_ncd_try.h
new file mode 100644
index 00000000..bb76c685
--- /dev/null
+++ b/client/3rd/PacketProcessor/PacketProcessor/tun2socks-iOS/generated/blog_channel_ncd_try.h
@@ -0,0 +1,4 @@
+#ifdef BLOG_CURRENT_CHANNEL
+#undef BLOG_CURRENT_CHANNEL
+#endif
+#define BLOG_CURRENT_CHANNEL BLOG_CHANNEL_ncd_try
diff --git a/client/3rd/PacketProcessor/PacketProcessor/tun2socks-iOS/generated/blog_channel_ncd_value.h b/client/3rd/PacketProcessor/PacketProcessor/tun2socks-iOS/generated/blog_channel_ncd_value.h
new file mode 100644
index 00000000..fa624e8f
--- /dev/null
+++ b/client/3rd/PacketProcessor/PacketProcessor/tun2socks-iOS/generated/blog_channel_ncd_value.h
@@ -0,0 +1,4 @@
+#ifdef BLOG_CURRENT_CHANNEL
+#undef BLOG_CURRENT_CHANNEL
+#endif
+#define BLOG_CURRENT_CHANNEL BLOG_CHANNEL_ncd_value
diff --git a/client/3rd/PacketProcessor/PacketProcessor/tun2socks-iOS/generated/blog_channel_ncd_valuemetic.h b/client/3rd/PacketProcessor/PacketProcessor/tun2socks-iOS/generated/blog_channel_ncd_valuemetic.h
new file mode 100644
index 00000000..385d2bb1
--- /dev/null
+++ b/client/3rd/PacketProcessor/PacketProcessor/tun2socks-iOS/generated/blog_channel_ncd_valuemetic.h
@@ -0,0 +1,4 @@
+#ifdef BLOG_CURRENT_CHANNEL
+#undef BLOG_CURRENT_CHANNEL
+#endif
+#define BLOG_CURRENT_CHANNEL BLOG_CHANNEL_ncd_valuemetic
diff --git a/client/3rd/PacketProcessor/PacketProcessor/tun2socks-iOS/generated/blog_channel_ncd_var.h b/client/3rd/PacketProcessor/PacketProcessor/tun2socks-iOS/generated/blog_channel_ncd_var.h
new file mode 100644
index 00000000..fa5c0c43
--- /dev/null
+++ b/client/3rd/PacketProcessor/PacketProcessor/tun2socks-iOS/generated/blog_channel_ncd_var.h
@@ -0,0 +1,4 @@
+#ifdef BLOG_CURRENT_CHANNEL
+#undef BLOG_CURRENT_CHANNEL
+#endif
+#define BLOG_CURRENT_CHANNEL BLOG_CHANNEL_ncd_var
diff --git a/client/3rd/PacketProcessor/PacketProcessor/tun2socks-iOS/generated/blog_channel_nsskey.h b/client/3rd/PacketProcessor/PacketProcessor/tun2socks-iOS/generated/blog_channel_nsskey.h
new file mode 100644
index 00000000..66e6a72d
--- /dev/null
+++ b/client/3rd/PacketProcessor/PacketProcessor/tun2socks-iOS/generated/blog_channel_nsskey.h
@@ -0,0 +1,4 @@
+#ifdef BLOG_CURRENT_CHANNEL
+#undef BLOG_CURRENT_CHANNEL
+#endif
+#define BLOG_CURRENT_CHANNEL BLOG_CHANNEL_nsskey
diff --git a/client/3rd/PacketProcessor/PacketProcessor/tun2socks-iOS/generated/blog_channel_server.h b/client/3rd/PacketProcessor/PacketProcessor/tun2socks-iOS/generated/blog_channel_server.h
new file mode 100644
index 00000000..acb3ed0d
--- /dev/null
+++ b/client/3rd/PacketProcessor/PacketProcessor/tun2socks-iOS/generated/blog_channel_server.h
@@ -0,0 +1,4 @@
+#ifdef BLOG_CURRENT_CHANNEL
+#undef BLOG_CURRENT_CHANNEL
+#endif
+#define BLOG_CURRENT_CHANNEL BLOG_CHANNEL_server
diff --git a/client/3rd/PacketProcessor/PacketProcessor/tun2socks-iOS/generated/blog_channel_tun2socks.h b/client/3rd/PacketProcessor/PacketProcessor/tun2socks-iOS/generated/blog_channel_tun2socks.h
new file mode 100644
index 00000000..21c1ce2d
--- /dev/null
+++ b/client/3rd/PacketProcessor/PacketProcessor/tun2socks-iOS/generated/blog_channel_tun2socks.h
@@ -0,0 +1,4 @@
+#ifdef BLOG_CURRENT_CHANNEL
+#undef BLOG_CURRENT_CHANNEL
+#endif
+#define BLOG_CURRENT_CHANNEL BLOG_CHANNEL_tun2socks
diff --git a/client/3rd/PacketProcessor/PacketProcessor/tun2socks-iOS/generated/blog_channel_udpgw.h b/client/3rd/PacketProcessor/PacketProcessor/tun2socks-iOS/generated/blog_channel_udpgw.h
new file mode 100644
index 00000000..504a3522
--- /dev/null
+++ b/client/3rd/PacketProcessor/PacketProcessor/tun2socks-iOS/generated/blog_channel_udpgw.h
@@ -0,0 +1,4 @@
+#ifdef BLOG_CURRENT_CHANNEL
+#undef BLOG_CURRENT_CHANNEL
+#endif
+#define BLOG_CURRENT_CHANNEL BLOG_CHANNEL_udpgw
diff --git a/client/3rd/PacketProcessor/PacketProcessor/tun2socks-iOS/generated/blog_channels_defines.h b/client/3rd/PacketProcessor/PacketProcessor/tun2socks-iOS/generated/blog_channels_defines.h
new file mode 100644
index 00000000..4f554e40
--- /dev/null
+++ b/client/3rd/PacketProcessor/PacketProcessor/tun2socks-iOS/generated/blog_channels_defines.h
@@ -0,0 +1,148 @@
+#define BLOG_CHANNEL_server 0
+#define BLOG_CHANNEL_client 1
+#define BLOG_CHANNEL_flooder 2
+#define BLOG_CHANNEL_tun2socks 3
+#define BLOG_CHANNEL_ncd 4
+#define BLOG_CHANNEL_ncd_var 5
+#define BLOG_CHANNEL_ncd_list 6
+#define BLOG_CHANNEL_ncd_depend 7
+#define BLOG_CHANNEL_ncd_multidepend 8
+#define BLOG_CHANNEL_ncd_dynamic_depend 9
+#define BLOG_CHANNEL_ncd_concat 10
+#define BLOG_CHANNEL_ncd_if 11
+#define BLOG_CHANNEL_ncd_strcmp 12
+#define BLOG_CHANNEL_ncd_regex_match 13
+#define BLOG_CHANNEL_ncd_logical 14
+#define BLOG_CHANNEL_ncd_sleep 15
+#define BLOG_CHANNEL_ncd_print 16
+#define BLOG_CHANNEL_ncd_blocker 17
+#define BLOG_CHANNEL_ncd_run 18
+#define BLOG_CHANNEL_ncd_runonce 19
+#define BLOG_CHANNEL_ncd_daemon 20
+#define BLOG_CHANNEL_ncd_spawn 21
+#define BLOG_CHANNEL_ncd_imperative 22
+#define BLOG_CHANNEL_ncd_ref 23
+#define BLOG_CHANNEL_ncd_index 24
+#define BLOG_CHANNEL_ncd_alias 25
+#define BLOG_CHANNEL_ncd_process_manager 26
+#define BLOG_CHANNEL_ncd_ondemand 27
+#define BLOG_CHANNEL_ncd_foreach 28
+#define BLOG_CHANNEL_ncd_choose 29
+#define BLOG_CHANNEL_ncd_net_backend_waitdevice 30
+#define BLOG_CHANNEL_ncd_net_backend_waitlink 31
+#define BLOG_CHANNEL_ncd_net_backend_badvpn 32
+#define BLOG_CHANNEL_ncd_net_backend_wpa_supplicant 33
+#define BLOG_CHANNEL_ncd_net_backend_rfkill 34
+#define BLOG_CHANNEL_ncd_net_up 35
+#define BLOG_CHANNEL_ncd_net_dns 36
+#define BLOG_CHANNEL_ncd_net_iptables 37
+#define BLOG_CHANNEL_ncd_net_ipv4_addr 38
+#define BLOG_CHANNEL_ncd_net_ipv4_route 39
+#define BLOG_CHANNEL_ncd_net_ipv4_dhcp 40
+#define BLOG_CHANNEL_ncd_net_ipv4_arp_probe 41
+#define BLOG_CHANNEL_ncd_net_watch_interfaces 42
+#define BLOG_CHANNEL_ncd_sys_watch_input 43
+#define BLOG_CHANNEL_ncd_sys_watch_usb 44
+#define BLOG_CHANNEL_ncd_sys_evdev 45
+#define BLOG_CHANNEL_ncd_sys_watch_directory 46
+#define BLOG_CHANNEL_StreamPeerIO 47
+#define BLOG_CHANNEL_DatagramPeerIO 48
+#define BLOG_CHANNEL_BReactor 49
+#define BLOG_CHANNEL_BSignal 50
+#define BLOG_CHANNEL_FragmentProtoAssembler 51
+#define BLOG_CHANNEL_BPredicate 52
+#define BLOG_CHANNEL_ServerConnection 53
+#define BLOG_CHANNEL_Listener 54
+#define BLOG_CHANNEL_DataProto 55
+#define BLOG_CHANNEL_FrameDecider 56
+#define BLOG_CHANNEL_BSocksClient 57
+#define BLOG_CHANNEL_BDHCPClientCore 58
+#define BLOG_CHANNEL_BDHCPClient 59
+#define BLOG_CHANNEL_NCDIfConfig 60
+#define BLOG_CHANNEL_BUnixSignal 61
+#define BLOG_CHANNEL_BProcess 62
+#define BLOG_CHANNEL_PRStreamSink 63
+#define BLOG_CHANNEL_PRStreamSource 64
+#define BLOG_CHANNEL_PacketProtoDecoder 65
+#define BLOG_CHANNEL_DPRelay 66
+#define BLOG_CHANNEL_BThreadWork 67
+#define BLOG_CHANNEL_DPReceive 68
+#define BLOG_CHANNEL_BInputProcess 69
+#define BLOG_CHANNEL_NCDUdevMonitorParser 70
+#define BLOG_CHANNEL_NCDUdevMonitor 71
+#define BLOG_CHANNEL_NCDUdevCache 72
+#define BLOG_CHANNEL_NCDUdevManager 73
+#define BLOG_CHANNEL_BTime 74
+#define BLOG_CHANNEL_BEncryption 75
+#define BLOG_CHANNEL_SPProtoDecoder 76
+#define BLOG_CHANNEL_LineBuffer 77
+#define BLOG_CHANNEL_BTap 78
+#define BLOG_CHANNEL_lwip 79
+#define BLOG_CHANNEL_NCDConfigTokenizer 80
+#define BLOG_CHANNEL_NCDConfigParser 81
+#define BLOG_CHANNEL_NCDValParser 82
+#define BLOG_CHANNEL_nsskey 83
+#define BLOG_CHANNEL_addr 84
+#define BLOG_CHANNEL_PasswordListener 85
+#define BLOG_CHANNEL_NCDInterfaceMonitor 86
+#define BLOG_CHANNEL_NCDRfkillMonitor 87
+#define BLOG_CHANNEL_udpgw 88
+#define BLOG_CHANNEL_UdpGwClient 89
+#define BLOG_CHANNEL_SocksUdpGwClient 90
+#define BLOG_CHANNEL_BNetwork 91
+#define BLOG_CHANNEL_BConnection 92
+#define BLOG_CHANNEL_BSSLConnection 93
+#define BLOG_CHANNEL_BDatagram 94
+#define BLOG_CHANNEL_PeerChat 95
+#define BLOG_CHANNEL_BArpProbe 96
+#define BLOG_CHANNEL_NCDModuleIndex 97
+#define BLOG_CHANNEL_NCDModuleProcess 98
+#define BLOG_CHANNEL_NCDValGenerator 99
+#define BLOG_CHANNEL_ncd_from_string 100
+#define BLOG_CHANNEL_ncd_to_string 101
+#define BLOG_CHANNEL_ncd_value 102
+#define BLOG_CHANNEL_ncd_try 103
+#define BLOG_CHANNEL_ncd_sys_request_server 104
+#define BLOG_CHANNEL_NCDRequest 105
+#define BLOG_CHANNEL_ncd_net_ipv6_wait_dynamic_addr 106
+#define BLOG_CHANNEL_NCDRequestClient 107
+#define BLOG_CHANNEL_ncd_request 108
+#define BLOG_CHANNEL_ncd_sys_request_client 109
+#define BLOG_CHANNEL_ncd_exit 110
+#define BLOG_CHANNEL_ncd_getargs 111
+#define BLOG_CHANNEL_ncd_arithmetic 112
+#define BLOG_CHANNEL_ncd_parse 113
+#define BLOG_CHANNEL_ncd_valuemetic 114
+#define BLOG_CHANNEL_ncd_file 115
+#define BLOG_CHANNEL_ncd_netmask 116
+#define BLOG_CHANNEL_ncd_implode 117
+#define BLOG_CHANNEL_ncd_call2 118
+#define BLOG_CHANNEL_ncd_assert 119
+#define BLOG_CHANNEL_ncd_reboot 120
+#define BLOG_CHANNEL_ncd_explode 121
+#define BLOG_CHANNEL_NCDPlaceholderDb 122
+#define BLOG_CHANNEL_NCDVal 123
+#define BLOG_CHANNEL_ncd_net_ipv6_addr 124
+#define BLOG_CHANNEL_ncd_net_ipv6_route 125
+#define BLOG_CHANNEL_ncd_net_ipv4_addr_in_network 126
+#define BLOG_CHANNEL_ncd_net_ipv6_addr_in_network 127
+#define BLOG_CHANNEL_dostest_server 128
+#define BLOG_CHANNEL_dostest_attacker 129
+#define BLOG_CHANNEL_ncd_timer 130
+#define BLOG_CHANNEL_ncd_file_open 131
+#define BLOG_CHANNEL_ncd_backtrack 132
+#define BLOG_CHANNEL_ncd_socket 133
+#define BLOG_CHANNEL_ncd_depend_scope 134
+#define BLOG_CHANNEL_ncd_substr 135
+#define BLOG_CHANNEL_ncd_sys_start_process 136
+#define BLOG_CHANNEL_NCDBuildProgram 137
+#define BLOG_CHANNEL_ncd_log 138
+#define BLOG_CHANNEL_ncd_log_msg 139
+#define BLOG_CHANNEL_ncd_buffer 140
+#define BLOG_CHANNEL_ncd_getenv 141
+#define BLOG_CHANNEL_BThreadSignal 142
+#define BLOG_CHANNEL_BLockReactor 143
+#define BLOG_CHANNEL_ncd_load_module 144
+#define BLOG_CHANNEL_ncd_basic_functions 145
+#define BLOG_CHANNEL_ncd_objref 146
+#define BLOG_NUM_CHANNELS 147
diff --git a/client/3rd/PacketProcessor/PacketProcessor/tun2socks-iOS/generated/blog_channels_list.h b/client/3rd/PacketProcessor/PacketProcessor/tun2socks-iOS/generated/blog_channels_list.h
new file mode 100644
index 00000000..d099b2ba
--- /dev/null
+++ b/client/3rd/PacketProcessor/PacketProcessor/tun2socks-iOS/generated/blog_channels_list.h
@@ -0,0 +1,147 @@
+{"server", 4},
+{"client", 4},
+{"flooder", 4},
+{"tun2socks", 4},
+{"ncd", 4},
+{"ncd_var", 4},
+{"ncd_list", 4},
+{"ncd_depend", 4},
+{"ncd_multidepend", 4},
+{"ncd_dynamic_depend", 4},
+{"ncd_concat", 4},
+{"ncd_if", 4},
+{"ncd_strcmp", 4},
+{"ncd_regex_match", 4},
+{"ncd_logical", 4},
+{"ncd_sleep", 4},
+{"ncd_print", 4},
+{"ncd_blocker", 4},
+{"ncd_run", 4},
+{"ncd_runonce", 4},
+{"ncd_daemon", 4},
+{"ncd_spawn", 4},
+{"ncd_imperative", 4},
+{"ncd_ref", 4},
+{"ncd_index", 4},
+{"ncd_alias", 4},
+{"ncd_process_manager", 4},
+{"ncd_ondemand", 4},
+{"ncd_foreach", 4},
+{"ncd_choose", 4},
+{"ncd_net_backend_waitdevice", 4},
+{"ncd_net_backend_waitlink", 4},
+{"ncd_net_backend_badvpn", 4},
+{"ncd_net_backend_wpa_supplicant", 4},
+{"ncd_net_backend_rfkill", 4},
+{"ncd_net_up", 4},
+{"ncd_net_dns", 4},
+{"ncd_net_iptables", 4},
+{"ncd_net_ipv4_addr", 4},
+{"ncd_net_ipv4_route", 4},
+{"ncd_net_ipv4_dhcp", 4},
+{"ncd_net_ipv4_arp_probe", 4},
+{"ncd_net_watch_interfaces", 4},
+{"ncd_sys_watch_input", 4},
+{"ncd_sys_watch_usb", 4},
+{"ncd_sys_evdev", 4},
+{"ncd_sys_watch_directory", 4},
+{"StreamPeerIO", 4},
+{"DatagramPeerIO", 4},
+{"BReactor", 3},
+{"BSignal", 3},
+{"FragmentProtoAssembler", 4},
+{"BPredicate", 3},
+{"ServerConnection", 4},
+{"Listener", 4},
+{"DataProto", 4},
+{"FrameDecider", 4},
+{"BSocksClient", 4},
+{"BDHCPClientCore", 4},
+{"BDHCPClient", 4},
+{"NCDIfConfig", 4},
+{"BUnixSignal", 4},
+{"BProcess", 4},
+{"PRStreamSink", 4},
+{"PRStreamSource", 4},
+{"PacketProtoDecoder", 4},
+{"DPRelay", 4},
+{"BThreadWork", 4},
+{"DPReceive", 4},
+{"BInputProcess", 4},
+{"NCDUdevMonitorParser", 4},
+{"NCDUdevMonitor", 4},
+{"NCDUdevCache", 4},
+{"NCDUdevManager", 4},
+{"BTime", 4},
+{"BEncryption", 4},
+{"SPProtoDecoder", 4},
+{"LineBuffer", 4},
+{"BTap", 4},
+{"lwip", 4},
+{"NCDConfigTokenizer", 4},
+{"NCDConfigParser", 4},
+{"NCDValParser", 4},
+{"nsskey", 4},
+{"addr", 4},
+{"PasswordListener", 4},
+{"NCDInterfaceMonitor", 4},
+{"NCDRfkillMonitor", 4},
+{"udpgw", 4},
+{"UdpGwClient", 4},
+{"SocksUdpGwClient", 4},
+{"BNetwork", 4},
+{"BConnection", 4},
+{"BSSLConnection", 4},
+{"BDatagram", 4},
+{"PeerChat", 4},
+{"BArpProbe", 4},
+{"NCDModuleIndex", 4},
+{"NCDModuleProcess", 4},
+{"NCDValGenerator", 4},
+{"ncd_from_string", 4},
+{"ncd_to_string", 4},
+{"ncd_value", 4},
+{"ncd_try", 4},
+{"ncd_sys_request_server", 4},
+{"NCDRequest", 4},
+{"ncd_net_ipv6_wait_dynamic_addr", 4},
+{"NCDRequestClient", 4},
+{"ncd_request", 4},
+{"ncd_sys_request_client", 4},
+{"ncd_exit", 4},
+{"ncd_getargs", 4},
+{"ncd_arithmetic", 4},
+{"ncd_parse", 4},
+{"ncd_valuemetic", 4},
+{"ncd_file", 4},
+{"ncd_netmask", 4},
+{"ncd_implode", 4},
+{"ncd_call2", 4},
+{"ncd_assert", 4},
+{"ncd_reboot", 4},
+{"ncd_explode", 4},
+{"NCDPlaceholderDb", 4},
+{"NCDVal", 4},
+{"ncd_net_ipv6_addr", 4},
+{"ncd_net_ipv6_route", 4},
+{"ncd_net_ipv4_addr_in_network", 4},
+{"ncd_net_ipv6_addr_in_network", 4},
+{"dostest_server", 4},
+{"dostest_attacker", 4},
+{"ncd_timer", 4},
+{"ncd_file_open", 4},
+{"ncd_backtrack", 4},
+{"ncd_socket", 4},
+{"ncd_depend_scope", 4},
+{"ncd_substr", 4},
+{"ncd_sys_start_process", 4},
+{"NCDBuildProgram", 4},
+{"ncd_log", 4},
+{"ncd_log_msg", 4},
+{"ncd_buffer", 4},
+{"ncd_getenv", 4},
+{"BThreadSignal", 4},
+{"BLockReactor", 4},
+{"ncd_load_module", 4},
+{"ncd_basic_functions", 4},
+{"ncd_objref", 4},
diff --git a/client/3rd/PacketProcessor/PacketProcessor/tun2socks-iOS/generated/bproto_addr.h b/client/3rd/PacketProcessor/PacketProcessor/tun2socks-iOS/generated/bproto_addr.h
new file mode 100644
index 00000000..fbd96a80
--- /dev/null
+++ b/client/3rd/PacketProcessor/PacketProcessor/tun2socks-iOS/generated/bproto_addr.h
@@ -0,0 +1,675 @@
+/*
+    DO NOT EDIT THIS FILE!
+    This file was automatically generated by the bproto generator.
+*/
+
+#include <stdint.h>
+#include <string.h>
+
+#include <misc/debug.h>
+#include <misc/byteorder.h>
+#include <bproto/BProto.h>
+
+
+#define addr_SIZEtype (sizeof(struct BProto_header_s) + sizeof(struct BProto_uint8_s))
+#define addr_SIZEip_port (sizeof(struct BProto_header_s) + sizeof(struct BProto_data_header_s) + (2))
+#define addr_SIZEipv4_addr (sizeof(struct BProto_header_s) + sizeof(struct BProto_data_header_s) + (4))
+#define addr_SIZEipv6_addr (sizeof(struct BProto_header_s) + sizeof(struct BProto_data_header_s) + (16))
+
+typedef struct {
+    uint8_t *out;
+    int used;
+    int type_count;
+    int ip_port_count;
+    int ipv4_addr_count;
+    int ipv6_addr_count;
+} addrWriter;
+
+static void addrWriter_Init (addrWriter *o, uint8_t *out);
+static int addrWriter_Finish (addrWriter *o);
+static void addrWriter_Addtype (addrWriter *o, uint8_t v);
+static uint8_t * addrWriter_Addip_port (addrWriter *o);
+static uint8_t * addrWriter_Addipv4_addr (addrWriter *o);
+static uint8_t * addrWriter_Addipv6_addr (addrWriter *o);
+
+typedef struct {
+    uint8_t *buf;
+    int buf_len;
+    int type_start;
+    int type_span;
+    int type_pos;
+    int ip_port_start;
+    int ip_port_span;
+    int ip_port_pos;
+    int ipv4_addr_start;
+    int ipv4_addr_span;
+    int ipv4_addr_pos;
+    int ipv6_addr_start;
+    int ipv6_addr_span;
+    int ipv6_addr_pos;
+} addrParser;
+
+static int addrParser_Init (addrParser *o, uint8_t *buf, int buf_len);
+static int addrParser_GotEverything (addrParser *o);
+static int addrParser_Gettype (addrParser *o, uint8_t *v);
+static void addrParser_Resettype (addrParser *o);
+static void addrParser_Forwardtype (addrParser *o);
+static int addrParser_Getip_port (addrParser *o, uint8_t **data);
+static void addrParser_Resetip_port (addrParser *o);
+static void addrParser_Forwardip_port (addrParser *o);
+static int addrParser_Getipv4_addr (addrParser *o, uint8_t **data);
+static void addrParser_Resetipv4_addr (addrParser *o);
+static void addrParser_Forwardipv4_addr (addrParser *o);
+static int addrParser_Getipv6_addr (addrParser *o, uint8_t **data);
+static void addrParser_Resetipv6_addr (addrParser *o);
+static void addrParser_Forwardipv6_addr (addrParser *o);
+
+void addrWriter_Init (addrWriter *o, uint8_t *out)
+{
+    o->out = out;
+    o->used = 0;
+    o->type_count = 0;
+    o->ip_port_count = 0;
+    o->ipv4_addr_count = 0;
+    o->ipv6_addr_count = 0;
+}
+
+int addrWriter_Finish (addrWriter *o)
+{
+    ASSERT(o->used >= 0)
+    ASSERT(o->type_count == 1)
+    ASSERT(o->ip_port_count >= 0 && o->ip_port_count <= 1)
+    ASSERT(o->ipv4_addr_count >= 0 && o->ipv4_addr_count <= 1)
+    ASSERT(o->ipv6_addr_count >= 0 && o->ipv6_addr_count <= 1)
+
+    return o->used;
+}
+
+void addrWriter_Addtype (addrWriter *o, uint8_t v)
+{
+    ASSERT(o->used >= 0)
+    ASSERT(o->type_count == 0)
+    
+
+    struct BProto_header_s header;
+    header.id = htol16(1);
+    header.type = htol16(BPROTO_TYPE_UINT8);
+    memcpy(o->out + o->used, &header, sizeof(header));
+    o->used += sizeof(struct BProto_header_s);
+
+    struct BProto_uint8_s data;
+    data.v = htol8(v);
+    memcpy(o->out + o->used, &data, sizeof(data));
+    o->used += sizeof(struct BProto_uint8_s);
+
+    o->type_count++;
+}
+
+uint8_t * addrWriter_Addip_port (addrWriter *o)
+{
+    ASSERT(o->used >= 0)
+    ASSERT(o->ip_port_count == 0)
+    
+
+    struct BProto_header_s header;
+    header.id = htol16(2);
+    header.type = htol16(BPROTO_TYPE_CONSTDATA);
+    memcpy(o->out + o->used, &header, sizeof(header));
+    o->used += sizeof(struct BProto_header_s);
+
+    struct BProto_data_header_s data;
+    data.len = htol32(2);
+    memcpy(o->out + o->used, &data, sizeof(data));
+    o->used += sizeof(struct BProto_data_header_s);
+
+    uint8_t *dest = (o->out + o->used);
+    o->used += (2);
+
+    o->ip_port_count++;
+
+    return dest;
+}
+
+uint8_t * addrWriter_Addipv4_addr (addrWriter *o)
+{
+    ASSERT(o->used >= 0)
+    ASSERT(o->ipv4_addr_count == 0)
+    
+
+    struct BProto_header_s header;
+    header.id = htol16(3);
+    header.type = htol16(BPROTO_TYPE_CONSTDATA);
+    memcpy(o->out + o->used, &header, sizeof(header));
+    o->used += sizeof(struct BProto_header_s);
+
+    struct BProto_data_header_s data;
+    data.len = htol32(4);
+    memcpy(o->out + o->used, &data, sizeof(data));
+    o->used += sizeof(struct BProto_data_header_s);
+
+    uint8_t *dest = (o->out + o->used);
+    o->used += (4);
+
+    o->ipv4_addr_count++;
+
+    return dest;
+}
+
+uint8_t * addrWriter_Addipv6_addr (addrWriter *o)
+{
+    ASSERT(o->used >= 0)
+    ASSERT(o->ipv6_addr_count == 0)
+    
+
+    struct BProto_header_s header;
+    header.id = htol16(4);
+    header.type = htol16(BPROTO_TYPE_CONSTDATA);
+    memcpy(o->out + o->used, &header, sizeof(header));
+    o->used += sizeof(struct BProto_header_s);
+
+    struct BProto_data_header_s data;
+    data.len = htol32(16);
+    memcpy(o->out + o->used, &data, sizeof(data));
+    o->used += sizeof(struct BProto_data_header_s);
+
+    uint8_t *dest = (o->out + o->used);
+    o->used += (16);
+
+    o->ipv6_addr_count++;
+
+    return dest;
+}
+
+int addrParser_Init (addrParser *o, uint8_t *buf, int buf_len)
+{
+    ASSERT(buf_len >= 0)
+
+    o->buf = buf;
+    o->buf_len = buf_len;
+    o->type_start = o->buf_len;
+    o->type_span = 0;
+    o->type_pos = 0;
+    o->ip_port_start = o->buf_len;
+    o->ip_port_span = 0;
+    o->ip_port_pos = 0;
+    o->ipv4_addr_start = o->buf_len;
+    o->ipv4_addr_span = 0;
+    o->ipv4_addr_pos = 0;
+    o->ipv6_addr_start = o->buf_len;
+    o->ipv6_addr_span = 0;
+    o->ipv6_addr_pos = 0;
+
+    int type_count = 0;
+    int ip_port_count = 0;
+    int ipv4_addr_count = 0;
+    int ipv6_addr_count = 0;
+
+    int pos = 0;
+    int left = o->buf_len;
+
+    while (left > 0) {
+        int entry_pos = pos;
+
+        if (!(left >= sizeof(struct BProto_header_s))) {
+            return 0;
+        }
+        struct BProto_header_s header;
+        memcpy(&header, o->buf + pos, sizeof(header));
+        pos += sizeof(struct BProto_header_s);
+        left -= sizeof(struct BProto_header_s);
+        uint16_t type = ltoh16(header.type);
+        uint16_t id = ltoh16(header.id);
+
+        switch (type) {
+            case BPROTO_TYPE_UINT8: {
+                if (!(left >= sizeof(struct BProto_uint8_s))) {
+                    return 0;
+                }
+                pos += sizeof(struct BProto_uint8_s);
+                left -= sizeof(struct BProto_uint8_s);
+
+                switch (id) {
+                    case 1:
+                        if (o->type_start == o->buf_len) {
+                            o->type_start = entry_pos;
+                        }
+                        o->type_span = pos - o->type_start;
+                        type_count++;
+                        break;
+                    default:
+                        return 0;
+                }
+            } break;
+            case BPROTO_TYPE_UINT16: {
+                if (!(left >= sizeof(struct BProto_uint16_s))) {
+                    return 0;
+                }
+                pos += sizeof(struct BProto_uint16_s);
+                left -= sizeof(struct BProto_uint16_s);
+
+                switch (id) {
+                    default:
+                        return 0;
+                }
+            } break;
+            case BPROTO_TYPE_UINT32: {
+                if (!(left >= sizeof(struct BProto_uint32_s))) {
+                    return 0;
+                }
+                pos += sizeof(struct BProto_uint32_s);
+                left -= sizeof(struct BProto_uint32_s);
+
+                switch (id) {
+                    default:
+                        return 0;
+                }
+            } break;
+            case BPROTO_TYPE_UINT64: {
+                if (!(left >= sizeof(struct BProto_uint64_s))) {
+                    return 0;
+                }
+                pos += sizeof(struct BProto_uint64_s);
+                left -= sizeof(struct BProto_uint64_s);
+
+                switch (id) {
+                    default:
+                        return 0;
+                }
+            } break;
+            case BPROTO_TYPE_DATA:
+            case BPROTO_TYPE_CONSTDATA:
+            {
+                if (!(left >= sizeof(struct BProto_data_header_s))) {
+                    return 0;
+                }
+                struct BProto_data_header_s val;
+                memcpy(&val, o->buf + pos, sizeof(val));
+                pos += sizeof(struct BProto_data_header_s);
+                left -= sizeof(struct BProto_data_header_s);
+
+                uint32_t payload_len = ltoh32(val.len);
+                if (!(left >= payload_len)) {
+                    return 0;
+                }
+                pos += payload_len;
+                left -= payload_len;
+
+                switch (id) {
+                    case 2:
+                        if (!(type == BPROTO_TYPE_CONSTDATA)) {
+                            return 0;
+                        }
+                        if (!(payload_len == (2))) {
+                            return 0;
+                        }
+                        if (o->ip_port_start == o->buf_len) {
+                            o->ip_port_start = entry_pos;
+                        }
+                        o->ip_port_span = pos - o->ip_port_start;
+                        ip_port_count++;
+                        break;
+                    case 3:
+                        if (!(type == BPROTO_TYPE_CONSTDATA)) {
+                            return 0;
+                        }
+                        if (!(payload_len == (4))) {
+                            return 0;
+                        }
+                        if (o->ipv4_addr_start == o->buf_len) {
+                            o->ipv4_addr_start = entry_pos;
+                        }
+                        o->ipv4_addr_span = pos - o->ipv4_addr_start;
+                        ipv4_addr_count++;
+                        break;
+                    case 4:
+                        if (!(type == BPROTO_TYPE_CONSTDATA)) {
+                            return 0;
+                        }
+                        if (!(payload_len == (16))) {
+                            return 0;
+                        }
+                        if (o->ipv6_addr_start == o->buf_len) {
+                            o->ipv6_addr_start = entry_pos;
+                        }
+                        o->ipv6_addr_span = pos - o->ipv6_addr_start;
+                        ipv6_addr_count++;
+                        break;
+                    default:
+                        return 0;
+                }
+            } break;
+            default:
+                return 0;
+        }
+    }
+
+    if (!(type_count == 1)) {
+        return 0;
+    }
+    if (!(ip_port_count <= 1)) {
+        return 0;
+    }
+    if (!(ipv4_addr_count <= 1)) {
+        return 0;
+    }
+    if (!(ipv6_addr_count <= 1)) {
+        return 0;
+    }
+
+    return 1;
+}
+
+int addrParser_GotEverything (addrParser *o)
+{
+    return (
+        o->type_pos == o->type_span
+        &&
+        o->ip_port_pos == o->ip_port_span
+        &&
+        o->ipv4_addr_pos == o->ipv4_addr_span
+        &&
+        o->ipv6_addr_pos == o->ipv6_addr_span
+    );
+}
+
+int addrParser_Gettype (addrParser *o, uint8_t *v)
+{
+    ASSERT(o->type_pos >= 0)
+    ASSERT(o->type_pos <= o->type_span)
+
+    int left = o->type_span - o->type_pos;
+
+    while (left > 0) {
+        ASSERT(left >= sizeof(struct BProto_header_s))
+        struct BProto_header_s header;
+        memcpy(&header, o->buf + o->type_start + o->type_pos, sizeof(header));
+        o->type_pos += sizeof(struct BProto_header_s);
+        left -= sizeof(struct BProto_header_s);
+        uint16_t type = ltoh16(header.type);
+        uint16_t id = ltoh16(header.id);
+
+        switch (type) {
+            case BPROTO_TYPE_UINT8: {
+                ASSERT(left >= sizeof(struct BProto_uint8_s))
+                struct BProto_uint8_s val;
+                memcpy(&val, o->buf + o->type_start + o->type_pos, sizeof(val));
+                o->type_pos += sizeof(struct BProto_uint8_s);
+                left -= sizeof(struct BProto_uint8_s);
+
+                if (id == 1) {
+                    *v = ltoh8(val.v);
+                    return 1;
+                }
+            } break;
+            case BPROTO_TYPE_UINT16: {
+                ASSERT(left >= sizeof(struct BProto_uint16_s))
+                o->type_pos += sizeof(struct BProto_uint16_s);
+                left -= sizeof(struct BProto_uint16_s);
+            } break;
+            case BPROTO_TYPE_UINT32: {
+                ASSERT(left >= sizeof(struct BProto_uint32_s))
+                o->type_pos += sizeof(struct BProto_uint32_s);
+                left -= sizeof(struct BProto_uint32_s);
+            } break;
+            case BPROTO_TYPE_UINT64: {
+                ASSERT(left >= sizeof(struct BProto_uint64_s))
+                o->type_pos += sizeof(struct BProto_uint64_s);
+                left -= sizeof(struct BProto_uint64_s);
+            } break;
+            case BPROTO_TYPE_DATA:
+            case BPROTO_TYPE_CONSTDATA:
+            {
+                ASSERT(left >= sizeof(struct BProto_data_header_s))
+                struct BProto_data_header_s val;
+                memcpy(&val, o->buf + o->type_start + o->type_pos, sizeof(val));
+                o->type_pos += sizeof(struct BProto_data_header_s);
+                left -= sizeof(struct BProto_data_header_s);
+
+                uint32_t payload_len = ltoh32(val.len);
+                ASSERT(left >= payload_len)
+                o->type_pos += payload_len;
+                left -= payload_len;
+            } break;
+            default:
+                ASSERT(0);
+        }
+    }
+
+    return 0;
+}
+
+void addrParser_Resettype (addrParser *o)
+{
+    o->type_pos = 0;
+}
+
+void addrParser_Forwardtype (addrParser *o)
+{
+    o->type_pos = o->type_span;
+}
+
+int addrParser_Getip_port (addrParser *o, uint8_t **data)
+{
+    ASSERT(o->ip_port_pos >= 0)
+    ASSERT(o->ip_port_pos <= o->ip_port_span)
+
+    int left = o->ip_port_span - o->ip_port_pos;
+
+    while (left > 0) {
+        ASSERT(left >= sizeof(struct BProto_header_s))
+        struct BProto_header_s header;
+        memcpy(&header, o->buf + o->ip_port_start + o->ip_port_pos, sizeof(header));
+        o->ip_port_pos += sizeof(struct BProto_header_s);
+        left -= sizeof(struct BProto_header_s);
+        uint16_t type = ltoh16(header.type);
+        uint16_t id = ltoh16(header.id);
+
+        switch (type) {
+            case BPROTO_TYPE_UINT8: {
+                ASSERT(left >= sizeof(struct BProto_uint8_s))
+                o->ip_port_pos += sizeof(struct BProto_uint8_s);
+                left -= sizeof(struct BProto_uint8_s);
+            } break;
+            case BPROTO_TYPE_UINT16: {
+                ASSERT(left >= sizeof(struct BProto_uint16_s))
+                o->ip_port_pos += sizeof(struct BProto_uint16_s);
+                left -= sizeof(struct BProto_uint16_s);
+            } break;
+            case BPROTO_TYPE_UINT32: {
+                ASSERT(left >= sizeof(struct BProto_uint32_s))
+                o->ip_port_pos += sizeof(struct BProto_uint32_s);
+                left -= sizeof(struct BProto_uint32_s);
+            } break;
+            case BPROTO_TYPE_UINT64: {
+                ASSERT(left >= sizeof(struct BProto_uint64_s))
+                o->ip_port_pos += sizeof(struct BProto_uint64_s);
+                left -= sizeof(struct BProto_uint64_s);
+            } break;
+            case BPROTO_TYPE_DATA:
+            case BPROTO_TYPE_CONSTDATA:
+            {
+                ASSERT(left >= sizeof(struct BProto_data_header_s))
+                struct BProto_data_header_s val;
+                memcpy(&val, o->buf + o->ip_port_start + o->ip_port_pos, sizeof(val));
+                o->ip_port_pos += sizeof(struct BProto_data_header_s);
+                left -= sizeof(struct BProto_data_header_s);
+
+                uint32_t payload_len = ltoh32(val.len);
+                ASSERT(left >= payload_len)
+                uint8_t *payload = o->buf + o->ip_port_start + o->ip_port_pos;
+                o->ip_port_pos += payload_len;
+                left -= payload_len;
+
+                if (type == BPROTO_TYPE_CONSTDATA && id == 2) {
+                    *data = payload;
+                    return 1;
+                }
+            } break;
+            default:
+                ASSERT(0);
+        }
+    }
+
+    return 0;
+}
+
+void addrParser_Resetip_port (addrParser *o)
+{
+    o->ip_port_pos = 0;
+}
+
+void addrParser_Forwardip_port (addrParser *o)
+{
+    o->ip_port_pos = o->ip_port_span;
+}
+
+int addrParser_Getipv4_addr (addrParser *o, uint8_t **data)
+{
+    ASSERT(o->ipv4_addr_pos >= 0)
+    ASSERT(o->ipv4_addr_pos <= o->ipv4_addr_span)
+
+    int left = o->ipv4_addr_span - o->ipv4_addr_pos;
+
+    while (left > 0) {
+        ASSERT(left >= sizeof(struct BProto_header_s))
+        struct BProto_header_s header;
+        memcpy(&header, o->buf + o->ipv4_addr_start + o->ipv4_addr_pos, sizeof(header));
+        o->ipv4_addr_pos += sizeof(struct BProto_header_s);
+        left -= sizeof(struct BProto_header_s);
+        uint16_t type = ltoh16(header.type);
+        uint16_t id = ltoh16(header.id);
+
+        switch (type) {
+            case BPROTO_TYPE_UINT8: {
+                ASSERT(left >= sizeof(struct BProto_uint8_s))
+                o->ipv4_addr_pos += sizeof(struct BProto_uint8_s);
+                left -= sizeof(struct BProto_uint8_s);
+            } break;
+            case BPROTO_TYPE_UINT16: {
+                ASSERT(left >= sizeof(struct BProto_uint16_s))
+                o->ipv4_addr_pos += sizeof(struct BProto_uint16_s);
+                left -= sizeof(struct BProto_uint16_s);
+            } break;
+            case BPROTO_TYPE_UINT32: {
+                ASSERT(left >= sizeof(struct BProto_uint32_s))
+                o->ipv4_addr_pos += sizeof(struct BProto_uint32_s);
+                left -= sizeof(struct BProto_uint32_s);
+            } break;
+            case BPROTO_TYPE_UINT64: {
+                ASSERT(left >= sizeof(struct BProto_uint64_s))
+                o->ipv4_addr_pos += sizeof(struct BProto_uint64_s);
+                left -= sizeof(struct BProto_uint64_s);
+            } break;
+            case BPROTO_TYPE_DATA:
+            case BPROTO_TYPE_CONSTDATA:
+            {
+                ASSERT(left >= sizeof(struct BProto_data_header_s))
+                struct BProto_data_header_s val;
+                memcpy(&val, o->buf + o->ipv4_addr_start + o->ipv4_addr_pos, sizeof(val));
+                o->ipv4_addr_pos += sizeof(struct BProto_data_header_s);
+                left -= sizeof(struct BProto_data_header_s);
+
+                uint32_t payload_len = ltoh32(val.len);
+                ASSERT(left >= payload_len)
+                uint8_t *payload = o->buf + o->ipv4_addr_start + o->ipv4_addr_pos;
+                o->ipv4_addr_pos += payload_len;
+                left -= payload_len;
+
+                if (type == BPROTO_TYPE_CONSTDATA && id == 3) {
+                    *data = payload;
+                    return 1;
+                }
+            } break;
+            default:
+                ASSERT(0);
+        }
+    }
+
+    return 0;
+}
+
+void addrParser_Resetipv4_addr (addrParser *o)
+{
+    o->ipv4_addr_pos = 0;
+}
+
+void addrParser_Forwardipv4_addr (addrParser *o)
+{
+    o->ipv4_addr_pos = o->ipv4_addr_span;
+}
+
+int addrParser_Getipv6_addr (addrParser *o, uint8_t **data)
+{
+    ASSERT(o->ipv6_addr_pos >= 0)
+    ASSERT(o->ipv6_addr_pos <= o->ipv6_addr_span)
+
+    int left = o->ipv6_addr_span - o->ipv6_addr_pos;
+
+    while (left > 0) {
+        ASSERT(left >= sizeof(struct BProto_header_s))
+        struct BProto_header_s header;
+        memcpy(&header, o->buf + o->ipv6_addr_start + o->ipv6_addr_pos, sizeof(header));
+        o->ipv6_addr_pos += sizeof(struct BProto_header_s);
+        left -= sizeof(struct BProto_header_s);
+        uint16_t type = ltoh16(header.type);
+        uint16_t id = ltoh16(header.id);
+
+        switch (type) {
+            case BPROTO_TYPE_UINT8: {
+                ASSERT(left >= sizeof(struct BProto_uint8_s))
+                o->ipv6_addr_pos += sizeof(struct BProto_uint8_s);
+                left -= sizeof(struct BProto_uint8_s);
+            } break;
+            case BPROTO_TYPE_UINT16: {
+                ASSERT(left >= sizeof(struct BProto_uint16_s))
+                o->ipv6_addr_pos += sizeof(struct BProto_uint16_s);
+                left -= sizeof(struct BProto_uint16_s);
+            } break;
+            case BPROTO_TYPE_UINT32: {
+                ASSERT(left >= sizeof(struct BProto_uint32_s))
+                o->ipv6_addr_pos += sizeof(struct BProto_uint32_s);
+                left -= sizeof(struct BProto_uint32_s);
+            } break;
+            case BPROTO_TYPE_UINT64: {
+                ASSERT(left >= sizeof(struct BProto_uint64_s))
+                o->ipv6_addr_pos += sizeof(struct BProto_uint64_s);
+                left -= sizeof(struct BProto_uint64_s);
+            } break;
+            case BPROTO_TYPE_DATA:
+            case BPROTO_TYPE_CONSTDATA:
+            {
+                ASSERT(left >= sizeof(struct BProto_data_header_s))
+                struct BProto_data_header_s val;
+                memcpy(&val, o->buf + o->ipv6_addr_start + o->ipv6_addr_pos, sizeof(val));
+                o->ipv6_addr_pos += sizeof(struct BProto_data_header_s);
+                left -= sizeof(struct BProto_data_header_s);
+
+                uint32_t payload_len = ltoh32(val.len);
+                ASSERT(left >= payload_len)
+                uint8_t *payload = o->buf + o->ipv6_addr_start + o->ipv6_addr_pos;
+                o->ipv6_addr_pos += payload_len;
+                left -= payload_len;
+
+                if (type == BPROTO_TYPE_CONSTDATA && id == 4) {
+                    *data = payload;
+                    return 1;
+                }
+            } break;
+            default:
+                ASSERT(0);
+        }
+    }
+
+    return 0;
+}
+
+void addrParser_Resetipv6_addr (addrParser *o)
+{
+    o->ipv6_addr_pos = 0;
+}
+
+void addrParser_Forwardipv6_addr (addrParser *o)
+{
+    o->ipv6_addr_pos = o->ipv6_addr_span;
+}
+
diff --git a/client/3rd/PacketProcessor/PacketProcessor/tun2socks-iOS/generated/bproto_bproto_test.h b/client/3rd/PacketProcessor/PacketProcessor/tun2socks-iOS/generated/bproto_bproto_test.h
new file mode 100644
index 00000000..dc4ad804
--- /dev/null
+++ b/client/3rd/PacketProcessor/PacketProcessor/tun2socks-iOS/generated/bproto_bproto_test.h
@@ -0,0 +1,1029 @@
+/*
+    DO NOT EDIT THIS FILE!
+    This file was automatically generated by the bproto generator.
+*/
+
+#include <stdint.h>
+#include <string.h>
+
+#include <misc/debug.h>
+#include <misc/byteorder.h>
+#include <bproto/BProto.h>
+
+
+#define msg1_SIZEa (sizeof(struct BProto_header_s) + sizeof(struct BProto_uint16_s))
+#define msg1_SIZEb (sizeof(struct BProto_header_s) + sizeof(struct BProto_uint32_s))
+#define msg1_SIZEc (sizeof(struct BProto_header_s) + sizeof(struct BProto_uint64_s))
+#define msg1_SIZEd (sizeof(struct BProto_header_s) + sizeof(struct BProto_uint16_s))
+#define msg1_SIZEe (sizeof(struct BProto_header_s) + sizeof(struct BProto_uint8_s))
+#define msg1_SIZEf(_len) (sizeof(struct BProto_header_s) + sizeof(struct BProto_data_header_s) + (_len))
+#define msg1_SIZEg (sizeof(struct BProto_header_s) + sizeof(struct BProto_data_header_s) + (4))
+
+typedef struct {
+    uint8_t *out;
+    int used;
+    int a_count;
+    int b_count;
+    int c_count;
+    int d_count;
+    int e_count;
+    int f_count;
+    int g_count;
+} msg1Writer;
+
+static void msg1Writer_Init (msg1Writer *o, uint8_t *out);
+static int msg1Writer_Finish (msg1Writer *o);
+static void msg1Writer_Adda (msg1Writer *o, uint16_t v);
+static void msg1Writer_Addb (msg1Writer *o, uint32_t v);
+static void msg1Writer_Addc (msg1Writer *o, uint64_t v);
+static void msg1Writer_Addd (msg1Writer *o, uint16_t v);
+static void msg1Writer_Adde (msg1Writer *o, uint8_t v);
+static uint8_t * msg1Writer_Addf (msg1Writer *o, int len);
+static uint8_t * msg1Writer_Addg (msg1Writer *o);
+
+typedef struct {
+    uint8_t *buf;
+    int buf_len;
+    int a_start;
+    int a_span;
+    int a_pos;
+    int b_start;
+    int b_span;
+    int b_pos;
+    int c_start;
+    int c_span;
+    int c_pos;
+    int d_start;
+    int d_span;
+    int d_pos;
+    int e_start;
+    int e_span;
+    int e_pos;
+    int f_start;
+    int f_span;
+    int f_pos;
+    int g_start;
+    int g_span;
+    int g_pos;
+} msg1Parser;
+
+static int msg1Parser_Init (msg1Parser *o, uint8_t *buf, int buf_len);
+static int msg1Parser_GotEverything (msg1Parser *o);
+static int msg1Parser_Geta (msg1Parser *o, uint16_t *v);
+static void msg1Parser_Reseta (msg1Parser *o);
+static void msg1Parser_Forwarda (msg1Parser *o);
+static int msg1Parser_Getb (msg1Parser *o, uint32_t *v);
+static void msg1Parser_Resetb (msg1Parser *o);
+static void msg1Parser_Forwardb (msg1Parser *o);
+static int msg1Parser_Getc (msg1Parser *o, uint64_t *v);
+static void msg1Parser_Resetc (msg1Parser *o);
+static void msg1Parser_Forwardc (msg1Parser *o);
+static int msg1Parser_Getd (msg1Parser *o, uint16_t *v);
+static void msg1Parser_Resetd (msg1Parser *o);
+static void msg1Parser_Forwardd (msg1Parser *o);
+static int msg1Parser_Gete (msg1Parser *o, uint8_t *v);
+static void msg1Parser_Resete (msg1Parser *o);
+static void msg1Parser_Forwarde (msg1Parser *o);
+static int msg1Parser_Getf (msg1Parser *o, uint8_t **data, int *data_len);
+static void msg1Parser_Resetf (msg1Parser *o);
+static void msg1Parser_Forwardf (msg1Parser *o);
+static int msg1Parser_Getg (msg1Parser *o, uint8_t **data);
+static void msg1Parser_Resetg (msg1Parser *o);
+static void msg1Parser_Forwardg (msg1Parser *o);
+
+void msg1Writer_Init (msg1Writer *o, uint8_t *out)
+{
+    o->out = out;
+    o->used = 0;
+    o->a_count = 0;
+    o->b_count = 0;
+    o->c_count = 0;
+    o->d_count = 0;
+    o->e_count = 0;
+    o->f_count = 0;
+    o->g_count = 0;
+}
+
+int msg1Writer_Finish (msg1Writer *o)
+{
+    ASSERT(o->used >= 0)
+    ASSERT(o->a_count == 1)
+    ASSERT(o->b_count >= 0 && o->b_count <= 1)
+    ASSERT(o->c_count >= 1)
+    ASSERT(o->d_count >= 0)
+    ASSERT(o->e_count == 1)
+    ASSERT(o->f_count == 1)
+    ASSERT(o->g_count == 1)
+
+    return o->used;
+}
+
+void msg1Writer_Adda (msg1Writer *o, uint16_t v)
+{
+    ASSERT(o->used >= 0)
+    ASSERT(o->a_count == 0)
+    
+
+    struct BProto_header_s header;
+    header.id = htol16(5);
+    header.type = htol16(BPROTO_TYPE_UINT16);
+    memcpy(o->out + o->used, &header, sizeof(header));
+    o->used += sizeof(struct BProto_header_s);
+
+    struct BProto_uint16_s data;
+    data.v = htol16(v);
+    memcpy(o->out + o->used, &data, sizeof(data));
+    o->used += sizeof(struct BProto_uint16_s);
+
+    o->a_count++;
+}
+
+void msg1Writer_Addb (msg1Writer *o, uint32_t v)
+{
+    ASSERT(o->used >= 0)
+    ASSERT(o->b_count == 0)
+    
+
+    struct BProto_header_s header;
+    header.id = htol16(6);
+    header.type = htol16(BPROTO_TYPE_UINT32);
+    memcpy(o->out + o->used, &header, sizeof(header));
+    o->used += sizeof(struct BProto_header_s);
+
+    struct BProto_uint32_s data;
+    data.v = htol32(v);
+    memcpy(o->out + o->used, &data, sizeof(data));
+    o->used += sizeof(struct BProto_uint32_s);
+
+    o->b_count++;
+}
+
+void msg1Writer_Addc (msg1Writer *o, uint64_t v)
+{
+    ASSERT(o->used >= 0)
+    
+    
+
+    struct BProto_header_s header;
+    header.id = htol16(7);
+    header.type = htol16(BPROTO_TYPE_UINT64);
+    memcpy(o->out + o->used, &header, sizeof(header));
+    o->used += sizeof(struct BProto_header_s);
+
+    struct BProto_uint64_s data;
+    data.v = htol64(v);
+    memcpy(o->out + o->used, &data, sizeof(data));
+    o->used += sizeof(struct BProto_uint64_s);
+
+    o->c_count++;
+}
+
+void msg1Writer_Addd (msg1Writer *o, uint16_t v)
+{
+    ASSERT(o->used >= 0)
+    
+    
+
+    struct BProto_header_s header;
+    header.id = htol16(8);
+    header.type = htol16(BPROTO_TYPE_UINT16);
+    memcpy(o->out + o->used, &header, sizeof(header));
+    o->used += sizeof(struct BProto_header_s);
+
+    struct BProto_uint16_s data;
+    data.v = htol16(v);
+    memcpy(o->out + o->used, &data, sizeof(data));
+    o->used += sizeof(struct BProto_uint16_s);
+
+    o->d_count++;
+}
+
+void msg1Writer_Adde (msg1Writer *o, uint8_t v)
+{
+    ASSERT(o->used >= 0)
+    ASSERT(o->e_count == 0)
+    
+
+    struct BProto_header_s header;
+    header.id = htol16(9);
+    header.type = htol16(BPROTO_TYPE_UINT8);
+    memcpy(o->out + o->used, &header, sizeof(header));
+    o->used += sizeof(struct BProto_header_s);
+
+    struct BProto_uint8_s data;
+    data.v = htol8(v);
+    memcpy(o->out + o->used, &data, sizeof(data));
+    o->used += sizeof(struct BProto_uint8_s);
+
+    o->e_count++;
+}
+
+uint8_t * msg1Writer_Addf (msg1Writer *o, int len)
+{
+    ASSERT(o->used >= 0)
+    ASSERT(o->f_count == 0)
+    ASSERT(len >= 0 && len <= UINT32_MAX)
+
+    struct BProto_header_s header;
+    header.id = htol16(10);
+    header.type = htol16(BPROTO_TYPE_DATA);
+    memcpy(o->out + o->used, &header, sizeof(header));
+    o->used += sizeof(struct BProto_header_s);
+
+    struct BProto_data_header_s data;
+    data.len = htol32(len);
+    memcpy(o->out + o->used, &data, sizeof(data));
+    o->used += sizeof(struct BProto_data_header_s);
+
+    uint8_t *dest = (o->out + o->used);
+    o->used += len;
+
+    o->f_count++;
+
+    return dest;
+}
+
+uint8_t * msg1Writer_Addg (msg1Writer *o)
+{
+    ASSERT(o->used >= 0)
+    ASSERT(o->g_count == 0)
+    
+
+    struct BProto_header_s header;
+    header.id = htol16(11);
+    header.type = htol16(BPROTO_TYPE_CONSTDATA);
+    memcpy(o->out + o->used, &header, sizeof(header));
+    o->used += sizeof(struct BProto_header_s);
+
+    struct BProto_data_header_s data;
+    data.len = htol32(4);
+    memcpy(o->out + o->used, &data, sizeof(data));
+    o->used += sizeof(struct BProto_data_header_s);
+
+    uint8_t *dest = (o->out + o->used);
+    o->used += (4);
+
+    o->g_count++;
+
+    return dest;
+}
+
+int msg1Parser_Init (msg1Parser *o, uint8_t *buf, int buf_len)
+{
+    ASSERT(buf_len >= 0)
+
+    o->buf = buf;
+    o->buf_len = buf_len;
+    o->a_start = o->buf_len;
+    o->a_span = 0;
+    o->a_pos = 0;
+    o->b_start = o->buf_len;
+    o->b_span = 0;
+    o->b_pos = 0;
+    o->c_start = o->buf_len;
+    o->c_span = 0;
+    o->c_pos = 0;
+    o->d_start = o->buf_len;
+    o->d_span = 0;
+    o->d_pos = 0;
+    o->e_start = o->buf_len;
+    o->e_span = 0;
+    o->e_pos = 0;
+    o->f_start = o->buf_len;
+    o->f_span = 0;
+    o->f_pos = 0;
+    o->g_start = o->buf_len;
+    o->g_span = 0;
+    o->g_pos = 0;
+
+    int a_count = 0;
+    int b_count = 0;
+    int c_count = 0;
+    int d_count = 0;
+    int e_count = 0;
+    int f_count = 0;
+    int g_count = 0;
+
+    int pos = 0;
+    int left = o->buf_len;
+
+    while (left > 0) {
+        int entry_pos = pos;
+
+        if (!(left >= sizeof(struct BProto_header_s))) {
+            return 0;
+        }
+        struct BProto_header_s header;
+        memcpy(&header, o->buf + pos, sizeof(header));
+        pos += sizeof(struct BProto_header_s);
+        left -= sizeof(struct BProto_header_s);
+        uint16_t type = ltoh16(header.type);
+        uint16_t id = ltoh16(header.id);
+
+        switch (type) {
+            case BPROTO_TYPE_UINT8: {
+                if (!(left >= sizeof(struct BProto_uint8_s))) {
+                    return 0;
+                }
+                pos += sizeof(struct BProto_uint8_s);
+                left -= sizeof(struct BProto_uint8_s);
+
+                switch (id) {
+                    case 9:
+                        if (o->e_start == o->buf_len) {
+                            o->e_start = entry_pos;
+                        }
+                        o->e_span = pos - o->e_start;
+                        e_count++;
+                        break;
+                    default:
+                        return 0;
+                }
+            } break;
+            case BPROTO_TYPE_UINT16: {
+                if (!(left >= sizeof(struct BProto_uint16_s))) {
+                    return 0;
+                }
+                pos += sizeof(struct BProto_uint16_s);
+                left -= sizeof(struct BProto_uint16_s);
+
+                switch (id) {
+                    case 5:
+                        if (o->a_start == o->buf_len) {
+                            o->a_start = entry_pos;
+                        }
+                        o->a_span = pos - o->a_start;
+                        a_count++;
+                        break;
+                    case 8:
+                        if (o->d_start == o->buf_len) {
+                            o->d_start = entry_pos;
+                        }
+                        o->d_span = pos - o->d_start;
+                        d_count++;
+                        break;
+                    default:
+                        return 0;
+                }
+            } break;
+            case BPROTO_TYPE_UINT32: {
+                if (!(left >= sizeof(struct BProto_uint32_s))) {
+                    return 0;
+                }
+                pos += sizeof(struct BProto_uint32_s);
+                left -= sizeof(struct BProto_uint32_s);
+
+                switch (id) {
+                    case 6:
+                        if (o->b_start == o->buf_len) {
+                            o->b_start = entry_pos;
+                        }
+                        o->b_span = pos - o->b_start;
+                        b_count++;
+                        break;
+                    default:
+                        return 0;
+                }
+            } break;
+            case BPROTO_TYPE_UINT64: {
+                if (!(left >= sizeof(struct BProto_uint64_s))) {
+                    return 0;
+                }
+                pos += sizeof(struct BProto_uint64_s);
+                left -= sizeof(struct BProto_uint64_s);
+
+                switch (id) {
+                    case 7:
+                        if (o->c_start == o->buf_len) {
+                            o->c_start = entry_pos;
+                        }
+                        o->c_span = pos - o->c_start;
+                        c_count++;
+                        break;
+                    default:
+                        return 0;
+                }
+            } break;
+            case BPROTO_TYPE_DATA:
+            case BPROTO_TYPE_CONSTDATA:
+            {
+                if (!(left >= sizeof(struct BProto_data_header_s))) {
+                    return 0;
+                }
+                struct BProto_data_header_s val;
+                memcpy(&val, o->buf + pos, sizeof(val));
+                pos += sizeof(struct BProto_data_header_s);
+                left -= sizeof(struct BProto_data_header_s);
+
+                uint32_t payload_len = ltoh32(val.len);
+                if (!(left >= payload_len)) {
+                    return 0;
+                }
+                pos += payload_len;
+                left -= payload_len;
+
+                switch (id) {
+                    case 10:
+                        if (!(type == BPROTO_TYPE_DATA)) {
+                            return 0;
+                        }
+                        if (o->f_start == o->buf_len) {
+                            o->f_start = entry_pos;
+                        }
+                        o->f_span = pos - o->f_start;
+                        f_count++;
+                        break;
+                    case 11:
+                        if (!(type == BPROTO_TYPE_CONSTDATA)) {
+                            return 0;
+                        }
+                        if (!(payload_len == (4))) {
+                            return 0;
+                        }
+                        if (o->g_start == o->buf_len) {
+                            o->g_start = entry_pos;
+                        }
+                        o->g_span = pos - o->g_start;
+                        g_count++;
+                        break;
+                    default:
+                        return 0;
+                }
+            } break;
+            default:
+                return 0;
+        }
+    }
+
+    if (!(a_count == 1)) {
+        return 0;
+    }
+    if (!(b_count <= 1)) {
+        return 0;
+    }
+    if (!(c_count >= 1)) {
+        return 0;
+    }
+    if (!(e_count == 1)) {
+        return 0;
+    }
+    if (!(f_count == 1)) {
+        return 0;
+    }
+    if (!(g_count == 1)) {
+        return 0;
+    }
+
+    return 1;
+}
+
+int msg1Parser_GotEverything (msg1Parser *o)
+{
+    return (
+        o->a_pos == o->a_span
+        &&
+        o->b_pos == o->b_span
+        &&
+        o->c_pos == o->c_span
+        &&
+        o->d_pos == o->d_span
+        &&
+        o->e_pos == o->e_span
+        &&
+        o->f_pos == o->f_span
+        &&
+        o->g_pos == o->g_span
+    );
+}
+
+int msg1Parser_Geta (msg1Parser *o, uint16_t *v)
+{
+    ASSERT(o->a_pos >= 0)
+    ASSERT(o->a_pos <= o->a_span)
+
+    int left = o->a_span - o->a_pos;
+
+    while (left > 0) {
+        ASSERT(left >= sizeof(struct BProto_header_s))
+        struct BProto_header_s header;
+        memcpy(&header, o->buf + o->a_start + o->a_pos, sizeof(header));
+        o->a_pos += sizeof(struct BProto_header_s);
+        left -= sizeof(struct BProto_header_s);
+        uint16_t type = ltoh16(header.type);
+        uint16_t id = ltoh16(header.id);
+
+        switch (type) {
+            case BPROTO_TYPE_UINT8: {
+                ASSERT(left >= sizeof(struct BProto_uint8_s))
+                o->a_pos += sizeof(struct BProto_uint8_s);
+                left -= sizeof(struct BProto_uint8_s);
+            } break;
+            case BPROTO_TYPE_UINT16: {
+                ASSERT(left >= sizeof(struct BProto_uint16_s))
+                struct BProto_uint16_s val;
+                memcpy(&val, o->buf + o->a_start + o->a_pos, sizeof(val));
+                o->a_pos += sizeof(struct BProto_uint16_s);
+                left -= sizeof(struct BProto_uint16_s);
+
+                if (id == 5) {
+                    *v = ltoh16(val.v);
+                    return 1;
+                }
+            } break;
+            case BPROTO_TYPE_UINT32: {
+                ASSERT(left >= sizeof(struct BProto_uint32_s))
+                o->a_pos += sizeof(struct BProto_uint32_s);
+                left -= sizeof(struct BProto_uint32_s);
+            } break;
+            case BPROTO_TYPE_UINT64: {
+                ASSERT(left >= sizeof(struct BProto_uint64_s))
+                o->a_pos += sizeof(struct BProto_uint64_s);
+                left -= sizeof(struct BProto_uint64_s);
+            } break;
+            case BPROTO_TYPE_DATA:
+            case BPROTO_TYPE_CONSTDATA:
+            {
+                ASSERT(left >= sizeof(struct BProto_data_header_s))
+                struct BProto_data_header_s val;
+                memcpy(&val, o->buf + o->a_start + o->a_pos, sizeof(val));
+                o->a_pos += sizeof(struct BProto_data_header_s);
+                left -= sizeof(struct BProto_data_header_s);
+
+                uint32_t payload_len = ltoh32(val.len);
+                ASSERT(left >= payload_len)
+                o->a_pos += payload_len;
+                left -= payload_len;
+            } break;
+            default:
+                ASSERT(0);
+        }
+    }
+
+    return 0;
+}
+
+void msg1Parser_Reseta (msg1Parser *o)
+{
+    o->a_pos = 0;
+}
+
+void msg1Parser_Forwarda (msg1Parser *o)
+{
+    o->a_pos = o->a_span;
+}
+
+int msg1Parser_Getb (msg1Parser *o, uint32_t *v)
+{
+    ASSERT(o->b_pos >= 0)
+    ASSERT(o->b_pos <= o->b_span)
+
+    int left = o->b_span - o->b_pos;
+
+    while (left > 0) {
+        ASSERT(left >= sizeof(struct BProto_header_s))
+        struct BProto_header_s header;
+        memcpy(&header, o->buf + o->b_start + o->b_pos, sizeof(header));
+        o->b_pos += sizeof(struct BProto_header_s);
+        left -= sizeof(struct BProto_header_s);
+        uint16_t type = ltoh16(header.type);
+        uint16_t id = ltoh16(header.id);
+
+        switch (type) {
+            case BPROTO_TYPE_UINT8: {
+                ASSERT(left >= sizeof(struct BProto_uint8_s))
+                o->b_pos += sizeof(struct BProto_uint8_s);
+                left -= sizeof(struct BProto_uint8_s);
+            } break;
+            case BPROTO_TYPE_UINT16: {
+                ASSERT(left >= sizeof(struct BProto_uint16_s))
+                o->b_pos += sizeof(struct BProto_uint16_s);
+                left -= sizeof(struct BProto_uint16_s);
+            } break;
+            case BPROTO_TYPE_UINT32: {
+                ASSERT(left >= sizeof(struct BProto_uint32_s))
+                struct BProto_uint32_s val;
+                memcpy(&val, o->buf + o->b_start + o->b_pos, sizeof(val));
+                o->b_pos += sizeof(struct BProto_uint32_s);
+                left -= sizeof(struct BProto_uint32_s);
+
+                if (id == 6) {
+                    *v = ltoh32(val.v);
+                    return 1;
+                }
+            } break;
+            case BPROTO_TYPE_UINT64: {
+                ASSERT(left >= sizeof(struct BProto_uint64_s))
+                o->b_pos += sizeof(struct BProto_uint64_s);
+                left -= sizeof(struct BProto_uint64_s);
+            } break;
+            case BPROTO_TYPE_DATA:
+            case BPROTO_TYPE_CONSTDATA:
+            {
+                ASSERT(left >= sizeof(struct BProto_data_header_s))
+                struct BProto_data_header_s val;
+                memcpy(&val, o->buf + o->b_start + o->b_pos, sizeof(val));
+                o->b_pos += sizeof(struct BProto_data_header_s);
+                left -= sizeof(struct BProto_data_header_s);
+
+                uint32_t payload_len = ltoh32(val.len);
+                ASSERT(left >= payload_len)
+                o->b_pos += payload_len;
+                left -= payload_len;
+            } break;
+            default:
+                ASSERT(0);
+        }
+    }
+
+    return 0;
+}
+
+void msg1Parser_Resetb (msg1Parser *o)
+{
+    o->b_pos = 0;
+}
+
+void msg1Parser_Forwardb (msg1Parser *o)
+{
+    o->b_pos = o->b_span;
+}
+
+int msg1Parser_Getc (msg1Parser *o, uint64_t *v)
+{
+    ASSERT(o->c_pos >= 0)
+    ASSERT(o->c_pos <= o->c_span)
+
+    int left = o->c_span - o->c_pos;
+
+    while (left > 0) {
+        ASSERT(left >= sizeof(struct BProto_header_s))
+        struct BProto_header_s header;
+        memcpy(&header, o->buf + o->c_start + o->c_pos, sizeof(header));
+        o->c_pos += sizeof(struct BProto_header_s);
+        left -= sizeof(struct BProto_header_s);
+        uint16_t type = ltoh16(header.type);
+        uint16_t id = ltoh16(header.id);
+
+        switch (type) {
+            case BPROTO_TYPE_UINT8: {
+                ASSERT(left >= sizeof(struct BProto_uint8_s))
+                o->c_pos += sizeof(struct BProto_uint8_s);
+                left -= sizeof(struct BProto_uint8_s);
+            } break;
+            case BPROTO_TYPE_UINT16: {
+                ASSERT(left >= sizeof(struct BProto_uint16_s))
+                o->c_pos += sizeof(struct BProto_uint16_s);
+                left -= sizeof(struct BProto_uint16_s);
+            } break;
+            case BPROTO_TYPE_UINT32: {
+                ASSERT(left >= sizeof(struct BProto_uint32_s))
+                o->c_pos += sizeof(struct BProto_uint32_s);
+                left -= sizeof(struct BProto_uint32_s);
+            } break;
+            case BPROTO_TYPE_UINT64: {
+                ASSERT(left >= sizeof(struct BProto_uint64_s))
+                struct BProto_uint64_s val;
+                memcpy(&val, o->buf + o->c_start + o->c_pos, sizeof(val));
+                o->c_pos += sizeof(struct BProto_uint64_s);
+                left -= sizeof(struct BProto_uint64_s);
+
+                if (id == 7) {
+                    *v = ltoh64(val.v);
+                    return 1;
+                }
+            } break;
+            case BPROTO_TYPE_DATA:
+            case BPROTO_TYPE_CONSTDATA:
+            {
+                ASSERT(left >= sizeof(struct BProto_data_header_s))
+                struct BProto_data_header_s val;
+                memcpy(&val, o->buf + o->c_start + o->c_pos, sizeof(val));
+                o->c_pos += sizeof(struct BProto_data_header_s);
+                left -= sizeof(struct BProto_data_header_s);
+
+                uint32_t payload_len = ltoh32(val.len);
+                ASSERT(left >= payload_len)
+                o->c_pos += payload_len;
+                left -= payload_len;
+            } break;
+            default:
+                ASSERT(0);
+        }
+    }
+
+    return 0;
+}
+
+void msg1Parser_Resetc (msg1Parser *o)
+{
+    o->c_pos = 0;
+}
+
+void msg1Parser_Forwardc (msg1Parser *o)
+{
+    o->c_pos = o->c_span;
+}
+
+int msg1Parser_Getd (msg1Parser *o, uint16_t *v)
+{
+    ASSERT(o->d_pos >= 0)
+    ASSERT(o->d_pos <= o->d_span)
+
+    int left = o->d_span - o->d_pos;
+
+    while (left > 0) {
+        ASSERT(left >= sizeof(struct BProto_header_s))
+        struct BProto_header_s header;
+        memcpy(&header, o->buf + o->d_start + o->d_pos, sizeof(header));
+        o->d_pos += sizeof(struct BProto_header_s);
+        left -= sizeof(struct BProto_header_s);
+        uint16_t type = ltoh16(header.type);
+        uint16_t id = ltoh16(header.id);
+
+        switch (type) {
+            case BPROTO_TYPE_UINT8: {
+                ASSERT(left >= sizeof(struct BProto_uint8_s))
+                o->d_pos += sizeof(struct BProto_uint8_s);
+                left -= sizeof(struct BProto_uint8_s);
+            } break;
+            case BPROTO_TYPE_UINT16: {
+                ASSERT(left >= sizeof(struct BProto_uint16_s))
+                struct BProto_uint16_s val;
+                memcpy(&val, o->buf + o->d_start + o->d_pos, sizeof(val));
+                o->d_pos += sizeof(struct BProto_uint16_s);
+                left -= sizeof(struct BProto_uint16_s);
+
+                if (id == 8) {
+                    *v = ltoh16(val.v);
+                    return 1;
+                }
+            } break;
+            case BPROTO_TYPE_UINT32: {
+                ASSERT(left >= sizeof(struct BProto_uint32_s))
+                o->d_pos += sizeof(struct BProto_uint32_s);
+                left -= sizeof(struct BProto_uint32_s);
+            } break;
+            case BPROTO_TYPE_UINT64: {
+                ASSERT(left >= sizeof(struct BProto_uint64_s))
+                o->d_pos += sizeof(struct BProto_uint64_s);
+                left -= sizeof(struct BProto_uint64_s);
+            } break;
+            case BPROTO_TYPE_DATA:
+            case BPROTO_TYPE_CONSTDATA:
+            {
+                ASSERT(left >= sizeof(struct BProto_data_header_s))
+                struct BProto_data_header_s val;
+                memcpy(&val, o->buf + o->d_start + o->d_pos, sizeof(val));
+                o->d_pos += sizeof(struct BProto_data_header_s);
+                left -= sizeof(struct BProto_data_header_s);
+
+                uint32_t payload_len = ltoh32(val.len);
+                ASSERT(left >= payload_len)
+                o->d_pos += payload_len;
+                left -= payload_len;
+            } break;
+            default:
+                ASSERT(0);
+        }
+    }
+
+    return 0;
+}
+
+void msg1Parser_Resetd (msg1Parser *o)
+{
+    o->d_pos = 0;
+}
+
+void msg1Parser_Forwardd (msg1Parser *o)
+{
+    o->d_pos = o->d_span;
+}
+
+int msg1Parser_Gete (msg1Parser *o, uint8_t *v)
+{
+    ASSERT(o->e_pos >= 0)
+    ASSERT(o->e_pos <= o->e_span)
+
+    int left = o->e_span - o->e_pos;
+
+    while (left > 0) {
+        ASSERT(left >= sizeof(struct BProto_header_s))
+        struct BProto_header_s header;
+        memcpy(&header, o->buf + o->e_start + o->e_pos, sizeof(header));
+        o->e_pos += sizeof(struct BProto_header_s);
+        left -= sizeof(struct BProto_header_s);
+        uint16_t type = ltoh16(header.type);
+        uint16_t id = ltoh16(header.id);
+
+        switch (type) {
+            case BPROTO_TYPE_UINT8: {
+                ASSERT(left >= sizeof(struct BProto_uint8_s))
+                struct BProto_uint8_s val;
+                memcpy(&val, o->buf + o->e_start + o->e_pos, sizeof(val));
+                o->e_pos += sizeof(struct BProto_uint8_s);
+                left -= sizeof(struct BProto_uint8_s);
+
+                if (id == 9) {
+                    *v = ltoh8(val.v);
+                    return 1;
+                }
+            } break;
+            case BPROTO_TYPE_UINT16: {
+                ASSERT(left >= sizeof(struct BProto_uint16_s))
+                o->e_pos += sizeof(struct BProto_uint16_s);
+                left -= sizeof(struct BProto_uint16_s);
+            } break;
+            case BPROTO_TYPE_UINT32: {
+                ASSERT(left >= sizeof(struct BProto_uint32_s))
+                o->e_pos += sizeof(struct BProto_uint32_s);
+                left -= sizeof(struct BProto_uint32_s);
+            } break;
+            case BPROTO_TYPE_UINT64: {
+                ASSERT(left >= sizeof(struct BProto_uint64_s))
+                o->e_pos += sizeof(struct BProto_uint64_s);
+                left -= sizeof(struct BProto_uint64_s);
+            } break;
+            case BPROTO_TYPE_DATA:
+            case BPROTO_TYPE_CONSTDATA:
+            {
+                ASSERT(left >= sizeof(struct BProto_data_header_s))
+                struct BProto_data_header_s val;
+                memcpy(&val, o->buf + o->e_start + o->e_pos, sizeof(val));
+                o->e_pos += sizeof(struct BProto_data_header_s);
+                left -= sizeof(struct BProto_data_header_s);
+
+                uint32_t payload_len = ltoh32(val.len);
+                ASSERT(left >= payload_len)
+                o->e_pos += payload_len;
+                left -= payload_len;
+            } break;
+            default:
+                ASSERT(0);
+        }
+    }
+
+    return 0;
+}
+
+void msg1Parser_Resete (msg1Parser *o)
+{
+    o->e_pos = 0;
+}
+
+void msg1Parser_Forwarde (msg1Parser *o)
+{
+    o->e_pos = o->e_span;
+}
+
+int msg1Parser_Getf (msg1Parser *o, uint8_t **data, int *data_len)
+{
+    ASSERT(o->f_pos >= 0)
+    ASSERT(o->f_pos <= o->f_span)
+
+    int left = o->f_span - o->f_pos;
+
+    while (left > 0) {
+        ASSERT(left >= sizeof(struct BProto_header_s))
+        struct BProto_header_s header;
+        memcpy(&header, o->buf + o->f_start + o->f_pos, sizeof(header));
+        o->f_pos += sizeof(struct BProto_header_s);
+        left -= sizeof(struct BProto_header_s);
+        uint16_t type = ltoh16(header.type);
+        uint16_t id = ltoh16(header.id);
+
+        switch (type) {
+            case BPROTO_TYPE_UINT8: {
+                ASSERT(left >= sizeof(struct BProto_uint8_s))
+                o->f_pos += sizeof(struct BProto_uint8_s);
+                left -= sizeof(struct BProto_uint8_s);
+            } break;
+            case BPROTO_TYPE_UINT16: {
+                ASSERT(left >= sizeof(struct BProto_uint16_s))
+                o->f_pos += sizeof(struct BProto_uint16_s);
+                left -= sizeof(struct BProto_uint16_s);
+            } break;
+            case BPROTO_TYPE_UINT32: {
+                ASSERT(left >= sizeof(struct BProto_uint32_s))
+                o->f_pos += sizeof(struct BProto_uint32_s);
+                left -= sizeof(struct BProto_uint32_s);
+            } break;
+            case BPROTO_TYPE_UINT64: {
+                ASSERT(left >= sizeof(struct BProto_uint64_s))
+                o->f_pos += sizeof(struct BProto_uint64_s);
+                left -= sizeof(struct BProto_uint64_s);
+            } break;
+            case BPROTO_TYPE_DATA:
+            case BPROTO_TYPE_CONSTDATA:
+            {
+                ASSERT(left >= sizeof(struct BProto_data_header_s))
+                struct BProto_data_header_s val;
+                memcpy(&val, o->buf + o->f_start + o->f_pos, sizeof(val));
+                o->f_pos += sizeof(struct BProto_data_header_s);
+                left -= sizeof(struct BProto_data_header_s);
+
+                uint32_t payload_len = ltoh32(val.len);
+                ASSERT(left >= payload_len)
+                uint8_t *payload = o->buf + o->f_start + o->f_pos;
+                o->f_pos += payload_len;
+                left -= payload_len;
+
+                if (type == BPROTO_TYPE_DATA && id == 10) {
+                    *data = payload;
+                    *data_len = payload_len;
+                    return 1;
+                }
+            } break;
+            default:
+                ASSERT(0);
+        }
+    }
+
+    return 0;
+}
+
+void msg1Parser_Resetf (msg1Parser *o)
+{
+    o->f_pos = 0;
+}
+
+void msg1Parser_Forwardf (msg1Parser *o)
+{
+    o->f_pos = o->f_span;
+}
+
+int msg1Parser_Getg (msg1Parser *o, uint8_t **data)
+{
+    ASSERT(o->g_pos >= 0)
+    ASSERT(o->g_pos <= o->g_span)
+
+    int left = o->g_span - o->g_pos;
+
+    while (left > 0) {
+        ASSERT(left >= sizeof(struct BProto_header_s))
+        struct BProto_header_s header;
+        memcpy(&header, o->buf + o->g_start + o->g_pos, sizeof(header));
+        o->g_pos += sizeof(struct BProto_header_s);
+        left -= sizeof(struct BProto_header_s);
+        uint16_t type = ltoh16(header.type);
+        uint16_t id = ltoh16(header.id);
+
+        switch (type) {
+            case BPROTO_TYPE_UINT8: {
+                ASSERT(left >= sizeof(struct BProto_uint8_s))
+                o->g_pos += sizeof(struct BProto_uint8_s);
+                left -= sizeof(struct BProto_uint8_s);
+            } break;
+            case BPROTO_TYPE_UINT16: {
+                ASSERT(left >= sizeof(struct BProto_uint16_s))
+                o->g_pos += sizeof(struct BProto_uint16_s);
+                left -= sizeof(struct BProto_uint16_s);
+            } break;
+            case BPROTO_TYPE_UINT32: {
+                ASSERT(left >= sizeof(struct BProto_uint32_s))
+                o->g_pos += sizeof(struct BProto_uint32_s);
+                left -= sizeof(struct BProto_uint32_s);
+            } break;
+            case BPROTO_TYPE_UINT64: {
+                ASSERT(left >= sizeof(struct BProto_uint64_s))
+                o->g_pos += sizeof(struct BProto_uint64_s);
+                left -= sizeof(struct BProto_uint64_s);
+            } break;
+            case BPROTO_TYPE_DATA:
+            case BPROTO_TYPE_CONSTDATA:
+            {
+                ASSERT(left >= sizeof(struct BProto_data_header_s))
+                struct BProto_data_header_s val;
+                memcpy(&val, o->buf + o->g_start + o->g_pos, sizeof(val));
+                o->g_pos += sizeof(struct BProto_data_header_s);
+                left -= sizeof(struct BProto_data_header_s);
+
+                uint32_t payload_len = ltoh32(val.len);
+                ASSERT(left >= payload_len)
+                uint8_t *payload = o->buf + o->g_start + o->g_pos;
+                o->g_pos += payload_len;
+                left -= payload_len;
+
+                if (type == BPROTO_TYPE_CONSTDATA && id == 11) {
+                    *data = payload;
+                    return 1;
+                }
+            } break;
+            default:
+                ASSERT(0);
+        }
+    }
+
+    return 0;
+}
+
+void msg1Parser_Resetg (msg1Parser *o)
+{
+    o->g_pos = 0;
+}
+
+void msg1Parser_Forwardg (msg1Parser *o)
+{
+    o->g_pos = o->g_span;
+}
+
diff --git a/client/3rd/PacketProcessor/PacketProcessor/tun2socks-iOS/generated/bproto_msgproto.h b/client/3rd/PacketProcessor/PacketProcessor/tun2socks-iOS/generated/bproto_msgproto.h
new file mode 100644
index 00000000..e429223d
--- /dev/null
+++ b/client/3rd/PacketProcessor/PacketProcessor/tun2socks-iOS/generated/bproto_msgproto.h
@@ -0,0 +1,2122 @@
+/*
+    DO NOT EDIT THIS FILE!
+    This file was automatically generated by the bproto generator.
+*/
+
+#include <stdint.h>
+#include <string.h>
+
+#include <misc/debug.h>
+#include <misc/byteorder.h>
+#include <bproto/BProto.h>
+
+
+#define msg_SIZEtype (sizeof(struct BProto_header_s) + sizeof(struct BProto_uint16_s))
+#define msg_SIZEpayload(_len) (sizeof(struct BProto_header_s) + sizeof(struct BProto_data_header_s) + (_len))
+
+typedef struct {
+    uint8_t *out;
+    int used;
+    int type_count;
+    int payload_count;
+} msgWriter;
+
+static void msgWriter_Init (msgWriter *o, uint8_t *out);
+static int msgWriter_Finish (msgWriter *o);
+static void msgWriter_Addtype (msgWriter *o, uint16_t v);
+static uint8_t * msgWriter_Addpayload (msgWriter *o, int len);
+
+typedef struct {
+    uint8_t *buf;
+    int buf_len;
+    int type_start;
+    int type_span;
+    int type_pos;
+    int payload_start;
+    int payload_span;
+    int payload_pos;
+} msgParser;
+
+static int msgParser_Init (msgParser *o, uint8_t *buf, int buf_len);
+static int msgParser_GotEverything (msgParser *o);
+static int msgParser_Gettype (msgParser *o, uint16_t *v);
+static void msgParser_Resettype (msgParser *o);
+static void msgParser_Forwardtype (msgParser *o);
+static int msgParser_Getpayload (msgParser *o, uint8_t **data, int *data_len);
+static void msgParser_Resetpayload (msgParser *o);
+static void msgParser_Forwardpayload (msgParser *o);
+
+void msgWriter_Init (msgWriter *o, uint8_t *out)
+{
+    o->out = out;
+    o->used = 0;
+    o->type_count = 0;
+    o->payload_count = 0;
+}
+
+int msgWriter_Finish (msgWriter *o)
+{
+    ASSERT(o->used >= 0)
+    ASSERT(o->type_count == 1)
+    ASSERT(o->payload_count == 1)
+
+    return o->used;
+}
+
+void msgWriter_Addtype (msgWriter *o, uint16_t v)
+{
+    ASSERT(o->used >= 0)
+    ASSERT(o->type_count == 0)
+    
+
+    struct BProto_header_s header;
+    header.id = htol16(1);
+    header.type = htol16(BPROTO_TYPE_UINT16);
+    memcpy(o->out + o->used, &header, sizeof(header));
+    o->used += sizeof(struct BProto_header_s);
+
+    struct BProto_uint16_s data;
+    data.v = htol16(v);
+    memcpy(o->out + o->used, &data, sizeof(data));
+    o->used += sizeof(struct BProto_uint16_s);
+
+    o->type_count++;
+}
+
+uint8_t * msgWriter_Addpayload (msgWriter *o, int len)
+{
+    ASSERT(o->used >= 0)
+    ASSERT(o->payload_count == 0)
+    ASSERT(len >= 0 && len <= UINT32_MAX)
+
+    struct BProto_header_s header;
+    header.id = htol16(2);
+    header.type = htol16(BPROTO_TYPE_DATA);
+    memcpy(o->out + o->used, &header, sizeof(header));
+    o->used += sizeof(struct BProto_header_s);
+
+    struct BProto_data_header_s data;
+    data.len = htol32(len);
+    memcpy(o->out + o->used, &data, sizeof(data));
+    o->used += sizeof(struct BProto_data_header_s);
+
+    uint8_t *dest = (o->out + o->used);
+    o->used += len;
+
+    o->payload_count++;
+
+    return dest;
+}
+
+int msgParser_Init (msgParser *o, uint8_t *buf, int buf_len)
+{
+    ASSERT(buf_len >= 0)
+
+    o->buf = buf;
+    o->buf_len = buf_len;
+    o->type_start = o->buf_len;
+    o->type_span = 0;
+    o->type_pos = 0;
+    o->payload_start = o->buf_len;
+    o->payload_span = 0;
+    o->payload_pos = 0;
+
+    int type_count = 0;
+    int payload_count = 0;
+
+    int pos = 0;
+    int left = o->buf_len;
+
+    while (left > 0) {
+        int entry_pos = pos;
+
+        if (!(left >= sizeof(struct BProto_header_s))) {
+            return 0;
+        }
+        struct BProto_header_s header;
+        memcpy(&header, o->buf + pos, sizeof(header));
+        pos += sizeof(struct BProto_header_s);
+        left -= sizeof(struct BProto_header_s);
+        uint16_t type = ltoh16(header.type);
+        uint16_t id = ltoh16(header.id);
+
+        switch (type) {
+            case BPROTO_TYPE_UINT8: {
+                if (!(left >= sizeof(struct BProto_uint8_s))) {
+                    return 0;
+                }
+                pos += sizeof(struct BProto_uint8_s);
+                left -= sizeof(struct BProto_uint8_s);
+
+                switch (id) {
+                    default:
+                        return 0;
+                }
+            } break;
+            case BPROTO_TYPE_UINT16: {
+                if (!(left >= sizeof(struct BProto_uint16_s))) {
+                    return 0;
+                }
+                pos += sizeof(struct BProto_uint16_s);
+                left -= sizeof(struct BProto_uint16_s);
+
+                switch (id) {
+                    case 1:
+                        if (o->type_start == o->buf_len) {
+                            o->type_start = entry_pos;
+                        }
+                        o->type_span = pos - o->type_start;
+                        type_count++;
+                        break;
+                    default:
+                        return 0;
+                }
+            } break;
+            case BPROTO_TYPE_UINT32: {
+                if (!(left >= sizeof(struct BProto_uint32_s))) {
+                    return 0;
+                }
+                pos += sizeof(struct BProto_uint32_s);
+                left -= sizeof(struct BProto_uint32_s);
+
+                switch (id) {
+                    default:
+                        return 0;
+                }
+            } break;
+            case BPROTO_TYPE_UINT64: {
+                if (!(left >= sizeof(struct BProto_uint64_s))) {
+                    return 0;
+                }
+                pos += sizeof(struct BProto_uint64_s);
+                left -= sizeof(struct BProto_uint64_s);
+
+                switch (id) {
+                    default:
+                        return 0;
+                }
+            } break;
+            case BPROTO_TYPE_DATA:
+            case BPROTO_TYPE_CONSTDATA:
+            {
+                if (!(left >= sizeof(struct BProto_data_header_s))) {
+                    return 0;
+                }
+                struct BProto_data_header_s val;
+                memcpy(&val, o->buf + pos, sizeof(val));
+                pos += sizeof(struct BProto_data_header_s);
+                left -= sizeof(struct BProto_data_header_s);
+
+                uint32_t payload_len = ltoh32(val.len);
+                if (!(left >= payload_len)) {
+                    return 0;
+                }
+                pos += payload_len;
+                left -= payload_len;
+
+                switch (id) {
+                    case 2:
+                        if (!(type == BPROTO_TYPE_DATA)) {
+                            return 0;
+                        }
+                        if (o->payload_start == o->buf_len) {
+                            o->payload_start = entry_pos;
+                        }
+                        o->payload_span = pos - o->payload_start;
+                        payload_count++;
+                        break;
+                    default:
+                        return 0;
+                }
+            } break;
+            default:
+                return 0;
+        }
+    }
+
+    if (!(type_count == 1)) {
+        return 0;
+    }
+    if (!(payload_count == 1)) {
+        return 0;
+    }
+
+    return 1;
+}
+
+int msgParser_GotEverything (msgParser *o)
+{
+    return (
+        o->type_pos == o->type_span
+        &&
+        o->payload_pos == o->payload_span
+    );
+}
+
+int msgParser_Gettype (msgParser *o, uint16_t *v)
+{
+    ASSERT(o->type_pos >= 0)
+    ASSERT(o->type_pos <= o->type_span)
+
+    int left = o->type_span - o->type_pos;
+
+    while (left > 0) {
+        ASSERT(left >= sizeof(struct BProto_header_s))
+        struct BProto_header_s header;
+        memcpy(&header, o->buf + o->type_start + o->type_pos, sizeof(header));
+        o->type_pos += sizeof(struct BProto_header_s);
+        left -= sizeof(struct BProto_header_s);
+        uint16_t type = ltoh16(header.type);
+        uint16_t id = ltoh16(header.id);
+
+        switch (type) {
+            case BPROTO_TYPE_UINT8: {
+                ASSERT(left >= sizeof(struct BProto_uint8_s))
+                o->type_pos += sizeof(struct BProto_uint8_s);
+                left -= sizeof(struct BProto_uint8_s);
+            } break;
+            case BPROTO_TYPE_UINT16: {
+                ASSERT(left >= sizeof(struct BProto_uint16_s))
+                struct BProto_uint16_s val;
+                memcpy(&val, o->buf + o->type_start + o->type_pos, sizeof(val));
+                o->type_pos += sizeof(struct BProto_uint16_s);
+                left -= sizeof(struct BProto_uint16_s);
+
+                if (id == 1) {
+                    *v = ltoh16(val.v);
+                    return 1;
+                }
+            } break;
+            case BPROTO_TYPE_UINT32: {
+                ASSERT(left >= sizeof(struct BProto_uint32_s))
+                o->type_pos += sizeof(struct BProto_uint32_s);
+                left -= sizeof(struct BProto_uint32_s);
+            } break;
+            case BPROTO_TYPE_UINT64: {
+                ASSERT(left >= sizeof(struct BProto_uint64_s))
+                o->type_pos += sizeof(struct BProto_uint64_s);
+                left -= sizeof(struct BProto_uint64_s);
+            } break;
+            case BPROTO_TYPE_DATA:
+            case BPROTO_TYPE_CONSTDATA:
+            {
+                ASSERT(left >= sizeof(struct BProto_data_header_s))
+                struct BProto_data_header_s val;
+                memcpy(&val, o->buf + o->type_start + o->type_pos, sizeof(val));
+                o->type_pos += sizeof(struct BProto_data_header_s);
+                left -= sizeof(struct BProto_data_header_s);
+
+                uint32_t payload_len = ltoh32(val.len);
+                ASSERT(left >= payload_len)
+                o->type_pos += payload_len;
+                left -= payload_len;
+            } break;
+            default:
+                ASSERT(0);
+        }
+    }
+
+    return 0;
+}
+
+void msgParser_Resettype (msgParser *o)
+{
+    o->type_pos = 0;
+}
+
+void msgParser_Forwardtype (msgParser *o)
+{
+    o->type_pos = o->type_span;
+}
+
+int msgParser_Getpayload (msgParser *o, uint8_t **data, int *data_len)
+{
+    ASSERT(o->payload_pos >= 0)
+    ASSERT(o->payload_pos <= o->payload_span)
+
+    int left = o->payload_span - o->payload_pos;
+
+    while (left > 0) {
+        ASSERT(left >= sizeof(struct BProto_header_s))
+        struct BProto_header_s header;
+        memcpy(&header, o->buf + o->payload_start + o->payload_pos, sizeof(header));
+        o->payload_pos += sizeof(struct BProto_header_s);
+        left -= sizeof(struct BProto_header_s);
+        uint16_t type = ltoh16(header.type);
+        uint16_t id = ltoh16(header.id);
+
+        switch (type) {
+            case BPROTO_TYPE_UINT8: {
+                ASSERT(left >= sizeof(struct BProto_uint8_s))
+                o->payload_pos += sizeof(struct BProto_uint8_s);
+                left -= sizeof(struct BProto_uint8_s);
+            } break;
+            case BPROTO_TYPE_UINT16: {
+                ASSERT(left >= sizeof(struct BProto_uint16_s))
+                o->payload_pos += sizeof(struct BProto_uint16_s);
+                left -= sizeof(struct BProto_uint16_s);
+            } break;
+            case BPROTO_TYPE_UINT32: {
+                ASSERT(left >= sizeof(struct BProto_uint32_s))
+                o->payload_pos += sizeof(struct BProto_uint32_s);
+                left -= sizeof(struct BProto_uint32_s);
+            } break;
+            case BPROTO_TYPE_UINT64: {
+                ASSERT(left >= sizeof(struct BProto_uint64_s))
+                o->payload_pos += sizeof(struct BProto_uint64_s);
+                left -= sizeof(struct BProto_uint64_s);
+            } break;
+            case BPROTO_TYPE_DATA:
+            case BPROTO_TYPE_CONSTDATA:
+            {
+                ASSERT(left >= sizeof(struct BProto_data_header_s))
+                struct BProto_data_header_s val;
+                memcpy(&val, o->buf + o->payload_start + o->payload_pos, sizeof(val));
+                o->payload_pos += sizeof(struct BProto_data_header_s);
+                left -= sizeof(struct BProto_data_header_s);
+
+                uint32_t payload_len = ltoh32(val.len);
+                ASSERT(left >= payload_len)
+                uint8_t *payload = o->buf + o->payload_start + o->payload_pos;
+                o->payload_pos += payload_len;
+                left -= payload_len;
+
+                if (type == BPROTO_TYPE_DATA && id == 2) {
+                    *data = payload;
+                    *data_len = payload_len;
+                    return 1;
+                }
+            } break;
+            default:
+                ASSERT(0);
+        }
+    }
+
+    return 0;
+}
+
+void msgParser_Resetpayload (msgParser *o)
+{
+    o->payload_pos = 0;
+}
+
+void msgParser_Forwardpayload (msgParser *o)
+{
+    o->payload_pos = o->payload_span;
+}
+
+#define msg_youconnect_SIZEaddr(_len) (sizeof(struct BProto_header_s) + sizeof(struct BProto_data_header_s) + (_len))
+#define msg_youconnect_SIZEkey(_len) (sizeof(struct BProto_header_s) + sizeof(struct BProto_data_header_s) + (_len))
+#define msg_youconnect_SIZEpassword (sizeof(struct BProto_header_s) + sizeof(struct BProto_uint64_s))
+
+typedef struct {
+    uint8_t *out;
+    int used;
+    int addr_count;
+    int key_count;
+    int password_count;
+} msg_youconnectWriter;
+
+static void msg_youconnectWriter_Init (msg_youconnectWriter *o, uint8_t *out);
+static int msg_youconnectWriter_Finish (msg_youconnectWriter *o);
+static uint8_t * msg_youconnectWriter_Addaddr (msg_youconnectWriter *o, int len);
+static uint8_t * msg_youconnectWriter_Addkey (msg_youconnectWriter *o, int len);
+static void msg_youconnectWriter_Addpassword (msg_youconnectWriter *o, uint64_t v);
+
+typedef struct {
+    uint8_t *buf;
+    int buf_len;
+    int addr_start;
+    int addr_span;
+    int addr_pos;
+    int key_start;
+    int key_span;
+    int key_pos;
+    int password_start;
+    int password_span;
+    int password_pos;
+} msg_youconnectParser;
+
+static int msg_youconnectParser_Init (msg_youconnectParser *o, uint8_t *buf, int buf_len);
+static int msg_youconnectParser_GotEverything (msg_youconnectParser *o);
+static int msg_youconnectParser_Getaddr (msg_youconnectParser *o, uint8_t **data, int *data_len);
+static void msg_youconnectParser_Resetaddr (msg_youconnectParser *o);
+static void msg_youconnectParser_Forwardaddr (msg_youconnectParser *o);
+static int msg_youconnectParser_Getkey (msg_youconnectParser *o, uint8_t **data, int *data_len);
+static void msg_youconnectParser_Resetkey (msg_youconnectParser *o);
+static void msg_youconnectParser_Forwardkey (msg_youconnectParser *o);
+static int msg_youconnectParser_Getpassword (msg_youconnectParser *o, uint64_t *v);
+static void msg_youconnectParser_Resetpassword (msg_youconnectParser *o);
+static void msg_youconnectParser_Forwardpassword (msg_youconnectParser *o);
+
+void msg_youconnectWriter_Init (msg_youconnectWriter *o, uint8_t *out)
+{
+    o->out = out;
+    o->used = 0;
+    o->addr_count = 0;
+    o->key_count = 0;
+    o->password_count = 0;
+}
+
+int msg_youconnectWriter_Finish (msg_youconnectWriter *o)
+{
+    ASSERT(o->used >= 0)
+    ASSERT(o->addr_count >= 1)
+    ASSERT(o->key_count >= 0 && o->key_count <= 1)
+    ASSERT(o->password_count >= 0 && o->password_count <= 1)
+
+    return o->used;
+}
+
+uint8_t * msg_youconnectWriter_Addaddr (msg_youconnectWriter *o, int len)
+{
+    ASSERT(o->used >= 0)
+    
+    ASSERT(len >= 0 && len <= UINT32_MAX)
+
+    struct BProto_header_s header;
+    header.id = htol16(1);
+    header.type = htol16(BPROTO_TYPE_DATA);
+    memcpy(o->out + o->used, &header, sizeof(header));
+    o->used += sizeof(struct BProto_header_s);
+
+    struct BProto_data_header_s data;
+    data.len = htol32(len);
+    memcpy(o->out + o->used, &data, sizeof(data));
+    o->used += sizeof(struct BProto_data_header_s);
+
+    uint8_t *dest = (o->out + o->used);
+    o->used += len;
+
+    o->addr_count++;
+
+    return dest;
+}
+
+uint8_t * msg_youconnectWriter_Addkey (msg_youconnectWriter *o, int len)
+{
+    ASSERT(o->used >= 0)
+    ASSERT(o->key_count == 0)
+    ASSERT(len >= 0 && len <= UINT32_MAX)
+
+    struct BProto_header_s header;
+    header.id = htol16(2);
+    header.type = htol16(BPROTO_TYPE_DATA);
+    memcpy(o->out + o->used, &header, sizeof(header));
+    o->used += sizeof(struct BProto_header_s);
+
+    struct BProto_data_header_s data;
+    data.len = htol32(len);
+    memcpy(o->out + o->used, &data, sizeof(data));
+    o->used += sizeof(struct BProto_data_header_s);
+
+    uint8_t *dest = (o->out + o->used);
+    o->used += len;
+
+    o->key_count++;
+
+    return dest;
+}
+
+void msg_youconnectWriter_Addpassword (msg_youconnectWriter *o, uint64_t v)
+{
+    ASSERT(o->used >= 0)
+    ASSERT(o->password_count == 0)
+    
+
+    struct BProto_header_s header;
+    header.id = htol16(3);
+    header.type = htol16(BPROTO_TYPE_UINT64);
+    memcpy(o->out + o->used, &header, sizeof(header));
+    o->used += sizeof(struct BProto_header_s);
+
+    struct BProto_uint64_s data;
+    data.v = htol64(v);
+    memcpy(o->out + o->used, &data, sizeof(data));
+    o->used += sizeof(struct BProto_uint64_s);
+
+    o->password_count++;
+}
+
+int msg_youconnectParser_Init (msg_youconnectParser *o, uint8_t *buf, int buf_len)
+{
+    ASSERT(buf_len >= 0)
+
+    o->buf = buf;
+    o->buf_len = buf_len;
+    o->addr_start = o->buf_len;
+    o->addr_span = 0;
+    o->addr_pos = 0;
+    o->key_start = o->buf_len;
+    o->key_span = 0;
+    o->key_pos = 0;
+    o->password_start = o->buf_len;
+    o->password_span = 0;
+    o->password_pos = 0;
+
+    int addr_count = 0;
+    int key_count = 0;
+    int password_count = 0;
+
+    int pos = 0;
+    int left = o->buf_len;
+
+    while (left > 0) {
+        int entry_pos = pos;
+
+        if (!(left >= sizeof(struct BProto_header_s))) {
+            return 0;
+        }
+        struct BProto_header_s header;
+        memcpy(&header, o->buf + pos, sizeof(header));
+        pos += sizeof(struct BProto_header_s);
+        left -= sizeof(struct BProto_header_s);
+        uint16_t type = ltoh16(header.type);
+        uint16_t id = ltoh16(header.id);
+
+        switch (type) {
+            case BPROTO_TYPE_UINT8: {
+                if (!(left >= sizeof(struct BProto_uint8_s))) {
+                    return 0;
+                }
+                pos += sizeof(struct BProto_uint8_s);
+                left -= sizeof(struct BProto_uint8_s);
+
+                switch (id) {
+                    default:
+                        return 0;
+                }
+            } break;
+            case BPROTO_TYPE_UINT16: {
+                if (!(left >= sizeof(struct BProto_uint16_s))) {
+                    return 0;
+                }
+                pos += sizeof(struct BProto_uint16_s);
+                left -= sizeof(struct BProto_uint16_s);
+
+                switch (id) {
+                    default:
+                        return 0;
+                }
+            } break;
+            case BPROTO_TYPE_UINT32: {
+                if (!(left >= sizeof(struct BProto_uint32_s))) {
+                    return 0;
+                }
+                pos += sizeof(struct BProto_uint32_s);
+                left -= sizeof(struct BProto_uint32_s);
+
+                switch (id) {
+                    default:
+                        return 0;
+                }
+            } break;
+            case BPROTO_TYPE_UINT64: {
+                if (!(left >= sizeof(struct BProto_uint64_s))) {
+                    return 0;
+                }
+                pos += sizeof(struct BProto_uint64_s);
+                left -= sizeof(struct BProto_uint64_s);
+
+                switch (id) {
+                    case 3:
+                        if (o->password_start == o->buf_len) {
+                            o->password_start = entry_pos;
+                        }
+                        o->password_span = pos - o->password_start;
+                        password_count++;
+                        break;
+                    default:
+                        return 0;
+                }
+            } break;
+            case BPROTO_TYPE_DATA:
+            case BPROTO_TYPE_CONSTDATA:
+            {
+                if (!(left >= sizeof(struct BProto_data_header_s))) {
+                    return 0;
+                }
+                struct BProto_data_header_s val;
+                memcpy(&val, o->buf + pos, sizeof(val));
+                pos += sizeof(struct BProto_data_header_s);
+                left -= sizeof(struct BProto_data_header_s);
+
+                uint32_t payload_len = ltoh32(val.len);
+                if (!(left >= payload_len)) {
+                    return 0;
+                }
+                pos += payload_len;
+                left -= payload_len;
+
+                switch (id) {
+                    case 1:
+                        if (!(type == BPROTO_TYPE_DATA)) {
+                            return 0;
+                        }
+                        if (o->addr_start == o->buf_len) {
+                            o->addr_start = entry_pos;
+                        }
+                        o->addr_span = pos - o->addr_start;
+                        addr_count++;
+                        break;
+                    case 2:
+                        if (!(type == BPROTO_TYPE_DATA)) {
+                            return 0;
+                        }
+                        if (o->key_start == o->buf_len) {
+                            o->key_start = entry_pos;
+                        }
+                        o->key_span = pos - o->key_start;
+                        key_count++;
+                        break;
+                    default:
+                        return 0;
+                }
+            } break;
+            default:
+                return 0;
+        }
+    }
+
+    if (!(addr_count >= 1)) {
+        return 0;
+    }
+    if (!(key_count <= 1)) {
+        return 0;
+    }
+    if (!(password_count <= 1)) {
+        return 0;
+    }
+
+    return 1;
+}
+
+int msg_youconnectParser_GotEverything (msg_youconnectParser *o)
+{
+    return (
+        o->addr_pos == o->addr_span
+        &&
+        o->key_pos == o->key_span
+        &&
+        o->password_pos == o->password_span
+    );
+}
+
+int msg_youconnectParser_Getaddr (msg_youconnectParser *o, uint8_t **data, int *data_len)
+{
+    ASSERT(o->addr_pos >= 0)
+    ASSERT(o->addr_pos <= o->addr_span)
+
+    int left = o->addr_span - o->addr_pos;
+
+    while (left > 0) {
+        ASSERT(left >= sizeof(struct BProto_header_s))
+        struct BProto_header_s header;
+        memcpy(&header, o->buf + o->addr_start + o->addr_pos, sizeof(header));
+        o->addr_pos += sizeof(struct BProto_header_s);
+        left -= sizeof(struct BProto_header_s);
+        uint16_t type = ltoh16(header.type);
+        uint16_t id = ltoh16(header.id);
+
+        switch (type) {
+            case BPROTO_TYPE_UINT8: {
+                ASSERT(left >= sizeof(struct BProto_uint8_s))
+                o->addr_pos += sizeof(struct BProto_uint8_s);
+                left -= sizeof(struct BProto_uint8_s);
+            } break;
+            case BPROTO_TYPE_UINT16: {
+                ASSERT(left >= sizeof(struct BProto_uint16_s))
+                o->addr_pos += sizeof(struct BProto_uint16_s);
+                left -= sizeof(struct BProto_uint16_s);
+            } break;
+            case BPROTO_TYPE_UINT32: {
+                ASSERT(left >= sizeof(struct BProto_uint32_s))
+                o->addr_pos += sizeof(struct BProto_uint32_s);
+                left -= sizeof(struct BProto_uint32_s);
+            } break;
+            case BPROTO_TYPE_UINT64: {
+                ASSERT(left >= sizeof(struct BProto_uint64_s))
+                o->addr_pos += sizeof(struct BProto_uint64_s);
+                left -= sizeof(struct BProto_uint64_s);
+            } break;
+            case BPROTO_TYPE_DATA:
+            case BPROTO_TYPE_CONSTDATA:
+            {
+                ASSERT(left >= sizeof(struct BProto_data_header_s))
+                struct BProto_data_header_s val;
+                memcpy(&val, o->buf + o->addr_start + o->addr_pos, sizeof(val));
+                o->addr_pos += sizeof(struct BProto_data_header_s);
+                left -= sizeof(struct BProto_data_header_s);
+
+                uint32_t payload_len = ltoh32(val.len);
+                ASSERT(left >= payload_len)
+                uint8_t *payload = o->buf + o->addr_start + o->addr_pos;
+                o->addr_pos += payload_len;
+                left -= payload_len;
+
+                if (type == BPROTO_TYPE_DATA && id == 1) {
+                    *data = payload;
+                    *data_len = payload_len;
+                    return 1;
+                }
+            } break;
+            default:
+                ASSERT(0);
+        }
+    }
+
+    return 0;
+}
+
+void msg_youconnectParser_Resetaddr (msg_youconnectParser *o)
+{
+    o->addr_pos = 0;
+}
+
+void msg_youconnectParser_Forwardaddr (msg_youconnectParser *o)
+{
+    o->addr_pos = o->addr_span;
+}
+
+int msg_youconnectParser_Getkey (msg_youconnectParser *o, uint8_t **data, int *data_len)
+{
+    ASSERT(o->key_pos >= 0)
+    ASSERT(o->key_pos <= o->key_span)
+
+    int left = o->key_span - o->key_pos;
+
+    while (left > 0) {
+        ASSERT(left >= sizeof(struct BProto_header_s))
+        struct BProto_header_s header;
+        memcpy(&header, o->buf + o->key_start + o->key_pos, sizeof(header));
+        o->key_pos += sizeof(struct BProto_header_s);
+        left -= sizeof(struct BProto_header_s);
+        uint16_t type = ltoh16(header.type);
+        uint16_t id = ltoh16(header.id);
+
+        switch (type) {
+            case BPROTO_TYPE_UINT8: {
+                ASSERT(left >= sizeof(struct BProto_uint8_s))
+                o->key_pos += sizeof(struct BProto_uint8_s);
+                left -= sizeof(struct BProto_uint8_s);
+            } break;
+            case BPROTO_TYPE_UINT16: {
+                ASSERT(left >= sizeof(struct BProto_uint16_s))
+                o->key_pos += sizeof(struct BProto_uint16_s);
+                left -= sizeof(struct BProto_uint16_s);
+            } break;
+            case BPROTO_TYPE_UINT32: {
+                ASSERT(left >= sizeof(struct BProto_uint32_s))
+                o->key_pos += sizeof(struct BProto_uint32_s);
+                left -= sizeof(struct BProto_uint32_s);
+            } break;
+            case BPROTO_TYPE_UINT64: {
+                ASSERT(left >= sizeof(struct BProto_uint64_s))
+                o->key_pos += sizeof(struct BProto_uint64_s);
+                left -= sizeof(struct BProto_uint64_s);
+            } break;
+            case BPROTO_TYPE_DATA:
+            case BPROTO_TYPE_CONSTDATA:
+            {
+                ASSERT(left >= sizeof(struct BProto_data_header_s))
+                struct BProto_data_header_s val;
+                memcpy(&val, o->buf + o->key_start + o->key_pos, sizeof(val));
+                o->key_pos += sizeof(struct BProto_data_header_s);
+                left -= sizeof(struct BProto_data_header_s);
+
+                uint32_t payload_len = ltoh32(val.len);
+                ASSERT(left >= payload_len)
+                uint8_t *payload = o->buf + o->key_start + o->key_pos;
+                o->key_pos += payload_len;
+                left -= payload_len;
+
+                if (type == BPROTO_TYPE_DATA && id == 2) {
+                    *data = payload;
+                    *data_len = payload_len;
+                    return 1;
+                }
+            } break;
+            default:
+                ASSERT(0);
+        }
+    }
+
+    return 0;
+}
+
+void msg_youconnectParser_Resetkey (msg_youconnectParser *o)
+{
+    o->key_pos = 0;
+}
+
+void msg_youconnectParser_Forwardkey (msg_youconnectParser *o)
+{
+    o->key_pos = o->key_span;
+}
+
+int msg_youconnectParser_Getpassword (msg_youconnectParser *o, uint64_t *v)
+{
+    ASSERT(o->password_pos >= 0)
+    ASSERT(o->password_pos <= o->password_span)
+
+    int left = o->password_span - o->password_pos;
+
+    while (left > 0) {
+        ASSERT(left >= sizeof(struct BProto_header_s))
+        struct BProto_header_s header;
+        memcpy(&header, o->buf + o->password_start + o->password_pos, sizeof(header));
+        o->password_pos += sizeof(struct BProto_header_s);
+        left -= sizeof(struct BProto_header_s);
+        uint16_t type = ltoh16(header.type);
+        uint16_t id = ltoh16(header.id);
+
+        switch (type) {
+            case BPROTO_TYPE_UINT8: {
+                ASSERT(left >= sizeof(struct BProto_uint8_s))
+                o->password_pos += sizeof(struct BProto_uint8_s);
+                left -= sizeof(struct BProto_uint8_s);
+            } break;
+            case BPROTO_TYPE_UINT16: {
+                ASSERT(left >= sizeof(struct BProto_uint16_s))
+                o->password_pos += sizeof(struct BProto_uint16_s);
+                left -= sizeof(struct BProto_uint16_s);
+            } break;
+            case BPROTO_TYPE_UINT32: {
+                ASSERT(left >= sizeof(struct BProto_uint32_s))
+                o->password_pos += sizeof(struct BProto_uint32_s);
+                left -= sizeof(struct BProto_uint32_s);
+            } break;
+            case BPROTO_TYPE_UINT64: {
+                ASSERT(left >= sizeof(struct BProto_uint64_s))
+                struct BProto_uint64_s val;
+                memcpy(&val, o->buf + o->password_start + o->password_pos, sizeof(val));
+                o->password_pos += sizeof(struct BProto_uint64_s);
+                left -= sizeof(struct BProto_uint64_s);
+
+                if (id == 3) {
+                    *v = ltoh64(val.v);
+                    return 1;
+                }
+            } break;
+            case BPROTO_TYPE_DATA:
+            case BPROTO_TYPE_CONSTDATA:
+            {
+                ASSERT(left >= sizeof(struct BProto_data_header_s))
+                struct BProto_data_header_s val;
+                memcpy(&val, o->buf + o->password_start + o->password_pos, sizeof(val));
+                o->password_pos += sizeof(struct BProto_data_header_s);
+                left -= sizeof(struct BProto_data_header_s);
+
+                uint32_t payload_len = ltoh32(val.len);
+                ASSERT(left >= payload_len)
+                o->password_pos += payload_len;
+                left -= payload_len;
+            } break;
+            default:
+                ASSERT(0);
+        }
+    }
+
+    return 0;
+}
+
+void msg_youconnectParser_Resetpassword (msg_youconnectParser *o)
+{
+    o->password_pos = 0;
+}
+
+void msg_youconnectParser_Forwardpassword (msg_youconnectParser *o)
+{
+    o->password_pos = o->password_span;
+}
+
+#define msg_youconnect_addr_SIZEname(_len) (sizeof(struct BProto_header_s) + sizeof(struct BProto_data_header_s) + (_len))
+#define msg_youconnect_addr_SIZEaddr(_len) (sizeof(struct BProto_header_s) + sizeof(struct BProto_data_header_s) + (_len))
+
+typedef struct {
+    uint8_t *out;
+    int used;
+    int name_count;
+    int addr_count;
+} msg_youconnect_addrWriter;
+
+static void msg_youconnect_addrWriter_Init (msg_youconnect_addrWriter *o, uint8_t *out);
+static int msg_youconnect_addrWriter_Finish (msg_youconnect_addrWriter *o);
+static uint8_t * msg_youconnect_addrWriter_Addname (msg_youconnect_addrWriter *o, int len);
+static uint8_t * msg_youconnect_addrWriter_Addaddr (msg_youconnect_addrWriter *o, int len);
+
+typedef struct {
+    uint8_t *buf;
+    int buf_len;
+    int name_start;
+    int name_span;
+    int name_pos;
+    int addr_start;
+    int addr_span;
+    int addr_pos;
+} msg_youconnect_addrParser;
+
+static int msg_youconnect_addrParser_Init (msg_youconnect_addrParser *o, uint8_t *buf, int buf_len);
+static int msg_youconnect_addrParser_GotEverything (msg_youconnect_addrParser *o);
+static int msg_youconnect_addrParser_Getname (msg_youconnect_addrParser *o, uint8_t **data, int *data_len);
+static void msg_youconnect_addrParser_Resetname (msg_youconnect_addrParser *o);
+static void msg_youconnect_addrParser_Forwardname (msg_youconnect_addrParser *o);
+static int msg_youconnect_addrParser_Getaddr (msg_youconnect_addrParser *o, uint8_t **data, int *data_len);
+static void msg_youconnect_addrParser_Resetaddr (msg_youconnect_addrParser *o);
+static void msg_youconnect_addrParser_Forwardaddr (msg_youconnect_addrParser *o);
+
+void msg_youconnect_addrWriter_Init (msg_youconnect_addrWriter *o, uint8_t *out)
+{
+    o->out = out;
+    o->used = 0;
+    o->name_count = 0;
+    o->addr_count = 0;
+}
+
+int msg_youconnect_addrWriter_Finish (msg_youconnect_addrWriter *o)
+{
+    ASSERT(o->used >= 0)
+    ASSERT(o->name_count == 1)
+    ASSERT(o->addr_count == 1)
+
+    return o->used;
+}
+
+uint8_t * msg_youconnect_addrWriter_Addname (msg_youconnect_addrWriter *o, int len)
+{
+    ASSERT(o->used >= 0)
+    ASSERT(o->name_count == 0)
+    ASSERT(len >= 0 && len <= UINT32_MAX)
+
+    struct BProto_header_s header;
+    header.id = htol16(1);
+    header.type = htol16(BPROTO_TYPE_DATA);
+    memcpy(o->out + o->used, &header, sizeof(header));
+    o->used += sizeof(struct BProto_header_s);
+
+    struct BProto_data_header_s data;
+    data.len = htol32(len);
+    memcpy(o->out + o->used, &data, sizeof(data));
+    o->used += sizeof(struct BProto_data_header_s);
+
+    uint8_t *dest = (o->out + o->used);
+    o->used += len;
+
+    o->name_count++;
+
+    return dest;
+}
+
+uint8_t * msg_youconnect_addrWriter_Addaddr (msg_youconnect_addrWriter *o, int len)
+{
+    ASSERT(o->used >= 0)
+    ASSERT(o->addr_count == 0)
+    ASSERT(len >= 0 && len <= UINT32_MAX)
+
+    struct BProto_header_s header;
+    header.id = htol16(2);
+    header.type = htol16(BPROTO_TYPE_DATA);
+    memcpy(o->out + o->used, &header, sizeof(header));
+    o->used += sizeof(struct BProto_header_s);
+
+    struct BProto_data_header_s data;
+    data.len = htol32(len);
+    memcpy(o->out + o->used, &data, sizeof(data));
+    o->used += sizeof(struct BProto_data_header_s);
+
+    uint8_t *dest = (o->out + o->used);
+    o->used += len;
+
+    o->addr_count++;
+
+    return dest;
+}
+
+int msg_youconnect_addrParser_Init (msg_youconnect_addrParser *o, uint8_t *buf, int buf_len)
+{
+    ASSERT(buf_len >= 0)
+
+    o->buf = buf;
+    o->buf_len = buf_len;
+    o->name_start = o->buf_len;
+    o->name_span = 0;
+    o->name_pos = 0;
+    o->addr_start = o->buf_len;
+    o->addr_span = 0;
+    o->addr_pos = 0;
+
+    int name_count = 0;
+    int addr_count = 0;
+
+    int pos = 0;
+    int left = o->buf_len;
+
+    while (left > 0) {
+        int entry_pos = pos;
+
+        if (!(left >= sizeof(struct BProto_header_s))) {
+            return 0;
+        }
+        struct BProto_header_s header;
+        memcpy(&header, o->buf + pos, sizeof(header));
+        pos += sizeof(struct BProto_header_s);
+        left -= sizeof(struct BProto_header_s);
+        uint16_t type = ltoh16(header.type);
+        uint16_t id = ltoh16(header.id);
+
+        switch (type) {
+            case BPROTO_TYPE_UINT8: {
+                if (!(left >= sizeof(struct BProto_uint8_s))) {
+                    return 0;
+                }
+                pos += sizeof(struct BProto_uint8_s);
+                left -= sizeof(struct BProto_uint8_s);
+
+                switch (id) {
+                    default:
+                        return 0;
+                }
+            } break;
+            case BPROTO_TYPE_UINT16: {
+                if (!(left >= sizeof(struct BProto_uint16_s))) {
+                    return 0;
+                }
+                pos += sizeof(struct BProto_uint16_s);
+                left -= sizeof(struct BProto_uint16_s);
+
+                switch (id) {
+                    default:
+                        return 0;
+                }
+            } break;
+            case BPROTO_TYPE_UINT32: {
+                if (!(left >= sizeof(struct BProto_uint32_s))) {
+                    return 0;
+                }
+                pos += sizeof(struct BProto_uint32_s);
+                left -= sizeof(struct BProto_uint32_s);
+
+                switch (id) {
+                    default:
+                        return 0;
+                }
+            } break;
+            case BPROTO_TYPE_UINT64: {
+                if (!(left >= sizeof(struct BProto_uint64_s))) {
+                    return 0;
+                }
+                pos += sizeof(struct BProto_uint64_s);
+                left -= sizeof(struct BProto_uint64_s);
+
+                switch (id) {
+                    default:
+                        return 0;
+                }
+            } break;
+            case BPROTO_TYPE_DATA:
+            case BPROTO_TYPE_CONSTDATA:
+            {
+                if (!(left >= sizeof(struct BProto_data_header_s))) {
+                    return 0;
+                }
+                struct BProto_data_header_s val;
+                memcpy(&val, o->buf + pos, sizeof(val));
+                pos += sizeof(struct BProto_data_header_s);
+                left -= sizeof(struct BProto_data_header_s);
+
+                uint32_t payload_len = ltoh32(val.len);
+                if (!(left >= payload_len)) {
+                    return 0;
+                }
+                pos += payload_len;
+                left -= payload_len;
+
+                switch (id) {
+                    case 1:
+                        if (!(type == BPROTO_TYPE_DATA)) {
+                            return 0;
+                        }
+                        if (o->name_start == o->buf_len) {
+                            o->name_start = entry_pos;
+                        }
+                        o->name_span = pos - o->name_start;
+                        name_count++;
+                        break;
+                    case 2:
+                        if (!(type == BPROTO_TYPE_DATA)) {
+                            return 0;
+                        }
+                        if (o->addr_start == o->buf_len) {
+                            o->addr_start = entry_pos;
+                        }
+                        o->addr_span = pos - o->addr_start;
+                        addr_count++;
+                        break;
+                    default:
+                        return 0;
+                }
+            } break;
+            default:
+                return 0;
+        }
+    }
+
+    if (!(name_count == 1)) {
+        return 0;
+    }
+    if (!(addr_count == 1)) {
+        return 0;
+    }
+
+    return 1;
+}
+
+int msg_youconnect_addrParser_GotEverything (msg_youconnect_addrParser *o)
+{
+    return (
+        o->name_pos == o->name_span
+        &&
+        o->addr_pos == o->addr_span
+    );
+}
+
+int msg_youconnect_addrParser_Getname (msg_youconnect_addrParser *o, uint8_t **data, int *data_len)
+{
+    ASSERT(o->name_pos >= 0)
+    ASSERT(o->name_pos <= o->name_span)
+
+    int left = o->name_span - o->name_pos;
+
+    while (left > 0) {
+        ASSERT(left >= sizeof(struct BProto_header_s))
+        struct BProto_header_s header;
+        memcpy(&header, o->buf + o->name_start + o->name_pos, sizeof(header));
+        o->name_pos += sizeof(struct BProto_header_s);
+        left -= sizeof(struct BProto_header_s);
+        uint16_t type = ltoh16(header.type);
+        uint16_t id = ltoh16(header.id);
+
+        switch (type) {
+            case BPROTO_TYPE_UINT8: {
+                ASSERT(left >= sizeof(struct BProto_uint8_s))
+                o->name_pos += sizeof(struct BProto_uint8_s);
+                left -= sizeof(struct BProto_uint8_s);
+            } break;
+            case BPROTO_TYPE_UINT16: {
+                ASSERT(left >= sizeof(struct BProto_uint16_s))
+                o->name_pos += sizeof(struct BProto_uint16_s);
+                left -= sizeof(struct BProto_uint16_s);
+            } break;
+            case BPROTO_TYPE_UINT32: {
+                ASSERT(left >= sizeof(struct BProto_uint32_s))
+                o->name_pos += sizeof(struct BProto_uint32_s);
+                left -= sizeof(struct BProto_uint32_s);
+            } break;
+            case BPROTO_TYPE_UINT64: {
+                ASSERT(left >= sizeof(struct BProto_uint64_s))
+                o->name_pos += sizeof(struct BProto_uint64_s);
+                left -= sizeof(struct BProto_uint64_s);
+            } break;
+            case BPROTO_TYPE_DATA:
+            case BPROTO_TYPE_CONSTDATA:
+            {
+                ASSERT(left >= sizeof(struct BProto_data_header_s))
+                struct BProto_data_header_s val;
+                memcpy(&val, o->buf + o->name_start + o->name_pos, sizeof(val));
+                o->name_pos += sizeof(struct BProto_data_header_s);
+                left -= sizeof(struct BProto_data_header_s);
+
+                uint32_t payload_len = ltoh32(val.len);
+                ASSERT(left >= payload_len)
+                uint8_t *payload = o->buf + o->name_start + o->name_pos;
+                o->name_pos += payload_len;
+                left -= payload_len;
+
+                if (type == BPROTO_TYPE_DATA && id == 1) {
+                    *data = payload;
+                    *data_len = payload_len;
+                    return 1;
+                }
+            } break;
+            default:
+                ASSERT(0);
+        }
+    }
+
+    return 0;
+}
+
+void msg_youconnect_addrParser_Resetname (msg_youconnect_addrParser *o)
+{
+    o->name_pos = 0;
+}
+
+void msg_youconnect_addrParser_Forwardname (msg_youconnect_addrParser *o)
+{
+    o->name_pos = o->name_span;
+}
+
+int msg_youconnect_addrParser_Getaddr (msg_youconnect_addrParser *o, uint8_t **data, int *data_len)
+{
+    ASSERT(o->addr_pos >= 0)
+    ASSERT(o->addr_pos <= o->addr_span)
+
+    int left = o->addr_span - o->addr_pos;
+
+    while (left > 0) {
+        ASSERT(left >= sizeof(struct BProto_header_s))
+        struct BProto_header_s header;
+        memcpy(&header, o->buf + o->addr_start + o->addr_pos, sizeof(header));
+        o->addr_pos += sizeof(struct BProto_header_s);
+        left -= sizeof(struct BProto_header_s);
+        uint16_t type = ltoh16(header.type);
+        uint16_t id = ltoh16(header.id);
+
+        switch (type) {
+            case BPROTO_TYPE_UINT8: {
+                ASSERT(left >= sizeof(struct BProto_uint8_s))
+                o->addr_pos += sizeof(struct BProto_uint8_s);
+                left -= sizeof(struct BProto_uint8_s);
+            } break;
+            case BPROTO_TYPE_UINT16: {
+                ASSERT(left >= sizeof(struct BProto_uint16_s))
+                o->addr_pos += sizeof(struct BProto_uint16_s);
+                left -= sizeof(struct BProto_uint16_s);
+            } break;
+            case BPROTO_TYPE_UINT32: {
+                ASSERT(left >= sizeof(struct BProto_uint32_s))
+                o->addr_pos += sizeof(struct BProto_uint32_s);
+                left -= sizeof(struct BProto_uint32_s);
+            } break;
+            case BPROTO_TYPE_UINT64: {
+                ASSERT(left >= sizeof(struct BProto_uint64_s))
+                o->addr_pos += sizeof(struct BProto_uint64_s);
+                left -= sizeof(struct BProto_uint64_s);
+            } break;
+            case BPROTO_TYPE_DATA:
+            case BPROTO_TYPE_CONSTDATA:
+            {
+                ASSERT(left >= sizeof(struct BProto_data_header_s))
+                struct BProto_data_header_s val;
+                memcpy(&val, o->buf + o->addr_start + o->addr_pos, sizeof(val));
+                o->addr_pos += sizeof(struct BProto_data_header_s);
+                left -= sizeof(struct BProto_data_header_s);
+
+                uint32_t payload_len = ltoh32(val.len);
+                ASSERT(left >= payload_len)
+                uint8_t *payload = o->buf + o->addr_start + o->addr_pos;
+                o->addr_pos += payload_len;
+                left -= payload_len;
+
+                if (type == BPROTO_TYPE_DATA && id == 2) {
+                    *data = payload;
+                    *data_len = payload_len;
+                    return 1;
+                }
+            } break;
+            default:
+                ASSERT(0);
+        }
+    }
+
+    return 0;
+}
+
+void msg_youconnect_addrParser_Resetaddr (msg_youconnect_addrParser *o)
+{
+    o->addr_pos = 0;
+}
+
+void msg_youconnect_addrParser_Forwardaddr (msg_youconnect_addrParser *o)
+{
+    o->addr_pos = o->addr_span;
+}
+
+#define msg_seed_SIZEseed_id (sizeof(struct BProto_header_s) + sizeof(struct BProto_uint16_s))
+#define msg_seed_SIZEkey(_len) (sizeof(struct BProto_header_s) + sizeof(struct BProto_data_header_s) + (_len))
+#define msg_seed_SIZEiv(_len) (sizeof(struct BProto_header_s) + sizeof(struct BProto_data_header_s) + (_len))
+
+typedef struct {
+    uint8_t *out;
+    int used;
+    int seed_id_count;
+    int key_count;
+    int iv_count;
+} msg_seedWriter;
+
+static void msg_seedWriter_Init (msg_seedWriter *o, uint8_t *out);
+static int msg_seedWriter_Finish (msg_seedWriter *o);
+static void msg_seedWriter_Addseed_id (msg_seedWriter *o, uint16_t v);
+static uint8_t * msg_seedWriter_Addkey (msg_seedWriter *o, int len);
+static uint8_t * msg_seedWriter_Addiv (msg_seedWriter *o, int len);
+
+typedef struct {
+    uint8_t *buf;
+    int buf_len;
+    int seed_id_start;
+    int seed_id_span;
+    int seed_id_pos;
+    int key_start;
+    int key_span;
+    int key_pos;
+    int iv_start;
+    int iv_span;
+    int iv_pos;
+} msg_seedParser;
+
+static int msg_seedParser_Init (msg_seedParser *o, uint8_t *buf, int buf_len);
+static int msg_seedParser_GotEverything (msg_seedParser *o);
+static int msg_seedParser_Getseed_id (msg_seedParser *o, uint16_t *v);
+static void msg_seedParser_Resetseed_id (msg_seedParser *o);
+static void msg_seedParser_Forwardseed_id (msg_seedParser *o);
+static int msg_seedParser_Getkey (msg_seedParser *o, uint8_t **data, int *data_len);
+static void msg_seedParser_Resetkey (msg_seedParser *o);
+static void msg_seedParser_Forwardkey (msg_seedParser *o);
+static int msg_seedParser_Getiv (msg_seedParser *o, uint8_t **data, int *data_len);
+static void msg_seedParser_Resetiv (msg_seedParser *o);
+static void msg_seedParser_Forwardiv (msg_seedParser *o);
+
+void msg_seedWriter_Init (msg_seedWriter *o, uint8_t *out)
+{
+    o->out = out;
+    o->used = 0;
+    o->seed_id_count = 0;
+    o->key_count = 0;
+    o->iv_count = 0;
+}
+
+int msg_seedWriter_Finish (msg_seedWriter *o)
+{
+    ASSERT(o->used >= 0)
+    ASSERT(o->seed_id_count == 1)
+    ASSERT(o->key_count == 1)
+    ASSERT(o->iv_count == 1)
+
+    return o->used;
+}
+
+void msg_seedWriter_Addseed_id (msg_seedWriter *o, uint16_t v)
+{
+    ASSERT(o->used >= 0)
+    ASSERT(o->seed_id_count == 0)
+    
+
+    struct BProto_header_s header;
+    header.id = htol16(1);
+    header.type = htol16(BPROTO_TYPE_UINT16);
+    memcpy(o->out + o->used, &header, sizeof(header));
+    o->used += sizeof(struct BProto_header_s);
+
+    struct BProto_uint16_s data;
+    data.v = htol16(v);
+    memcpy(o->out + o->used, &data, sizeof(data));
+    o->used += sizeof(struct BProto_uint16_s);
+
+    o->seed_id_count++;
+}
+
+uint8_t * msg_seedWriter_Addkey (msg_seedWriter *o, int len)
+{
+    ASSERT(o->used >= 0)
+    ASSERT(o->key_count == 0)
+    ASSERT(len >= 0 && len <= UINT32_MAX)
+
+    struct BProto_header_s header;
+    header.id = htol16(2);
+    header.type = htol16(BPROTO_TYPE_DATA);
+    memcpy(o->out + o->used, &header, sizeof(header));
+    o->used += sizeof(struct BProto_header_s);
+
+    struct BProto_data_header_s data;
+    data.len = htol32(len);
+    memcpy(o->out + o->used, &data, sizeof(data));
+    o->used += sizeof(struct BProto_data_header_s);
+
+    uint8_t *dest = (o->out + o->used);
+    o->used += len;
+
+    o->key_count++;
+
+    return dest;
+}
+
+uint8_t * msg_seedWriter_Addiv (msg_seedWriter *o, int len)
+{
+    ASSERT(o->used >= 0)
+    ASSERT(o->iv_count == 0)
+    ASSERT(len >= 0 && len <= UINT32_MAX)
+
+    struct BProto_header_s header;
+    header.id = htol16(3);
+    header.type = htol16(BPROTO_TYPE_DATA);
+    memcpy(o->out + o->used, &header, sizeof(header));
+    o->used += sizeof(struct BProto_header_s);
+
+    struct BProto_data_header_s data;
+    data.len = htol32(len);
+    memcpy(o->out + o->used, &data, sizeof(data));
+    o->used += sizeof(struct BProto_data_header_s);
+
+    uint8_t *dest = (o->out + o->used);
+    o->used += len;
+
+    o->iv_count++;
+
+    return dest;
+}
+
+int msg_seedParser_Init (msg_seedParser *o, uint8_t *buf, int buf_len)
+{
+    ASSERT(buf_len >= 0)
+
+    o->buf = buf;
+    o->buf_len = buf_len;
+    o->seed_id_start = o->buf_len;
+    o->seed_id_span = 0;
+    o->seed_id_pos = 0;
+    o->key_start = o->buf_len;
+    o->key_span = 0;
+    o->key_pos = 0;
+    o->iv_start = o->buf_len;
+    o->iv_span = 0;
+    o->iv_pos = 0;
+
+    int seed_id_count = 0;
+    int key_count = 0;
+    int iv_count = 0;
+
+    int pos = 0;
+    int left = o->buf_len;
+
+    while (left > 0) {
+        int entry_pos = pos;
+
+        if (!(left >= sizeof(struct BProto_header_s))) {
+            return 0;
+        }
+        struct BProto_header_s header;
+        memcpy(&header, o->buf + pos, sizeof(header));
+        pos += sizeof(struct BProto_header_s);
+        left -= sizeof(struct BProto_header_s);
+        uint16_t type = ltoh16(header.type);
+        uint16_t id = ltoh16(header.id);
+
+        switch (type) {
+            case BPROTO_TYPE_UINT8: {
+                if (!(left >= sizeof(struct BProto_uint8_s))) {
+                    return 0;
+                }
+                pos += sizeof(struct BProto_uint8_s);
+                left -= sizeof(struct BProto_uint8_s);
+
+                switch (id) {
+                    default:
+                        return 0;
+                }
+            } break;
+            case BPROTO_TYPE_UINT16: {
+                if (!(left >= sizeof(struct BProto_uint16_s))) {
+                    return 0;
+                }
+                pos += sizeof(struct BProto_uint16_s);
+                left -= sizeof(struct BProto_uint16_s);
+
+                switch (id) {
+                    case 1:
+                        if (o->seed_id_start == o->buf_len) {
+                            o->seed_id_start = entry_pos;
+                        }
+                        o->seed_id_span = pos - o->seed_id_start;
+                        seed_id_count++;
+                        break;
+                    default:
+                        return 0;
+                }
+            } break;
+            case BPROTO_TYPE_UINT32: {
+                if (!(left >= sizeof(struct BProto_uint32_s))) {
+                    return 0;
+                }
+                pos += sizeof(struct BProto_uint32_s);
+                left -= sizeof(struct BProto_uint32_s);
+
+                switch (id) {
+                    default:
+                        return 0;
+                }
+            } break;
+            case BPROTO_TYPE_UINT64: {
+                if (!(left >= sizeof(struct BProto_uint64_s))) {
+                    return 0;
+                }
+                pos += sizeof(struct BProto_uint64_s);
+                left -= sizeof(struct BProto_uint64_s);
+
+                switch (id) {
+                    default:
+                        return 0;
+                }
+            } break;
+            case BPROTO_TYPE_DATA:
+            case BPROTO_TYPE_CONSTDATA:
+            {
+                if (!(left >= sizeof(struct BProto_data_header_s))) {
+                    return 0;
+                }
+                struct BProto_data_header_s val;
+                memcpy(&val, o->buf + pos, sizeof(val));
+                pos += sizeof(struct BProto_data_header_s);
+                left -= sizeof(struct BProto_data_header_s);
+
+                uint32_t payload_len = ltoh32(val.len);
+                if (!(left >= payload_len)) {
+                    return 0;
+                }
+                pos += payload_len;
+                left -= payload_len;
+
+                switch (id) {
+                    case 2:
+                        if (!(type == BPROTO_TYPE_DATA)) {
+                            return 0;
+                        }
+                        if (o->key_start == o->buf_len) {
+                            o->key_start = entry_pos;
+                        }
+                        o->key_span = pos - o->key_start;
+                        key_count++;
+                        break;
+                    case 3:
+                        if (!(type == BPROTO_TYPE_DATA)) {
+                            return 0;
+                        }
+                        if (o->iv_start == o->buf_len) {
+                            o->iv_start = entry_pos;
+                        }
+                        o->iv_span = pos - o->iv_start;
+                        iv_count++;
+                        break;
+                    default:
+                        return 0;
+                }
+            } break;
+            default:
+                return 0;
+        }
+    }
+
+    if (!(seed_id_count == 1)) {
+        return 0;
+    }
+    if (!(key_count == 1)) {
+        return 0;
+    }
+    if (!(iv_count == 1)) {
+        return 0;
+    }
+
+    return 1;
+}
+
+int msg_seedParser_GotEverything (msg_seedParser *o)
+{
+    return (
+        o->seed_id_pos == o->seed_id_span
+        &&
+        o->key_pos == o->key_span
+        &&
+        o->iv_pos == o->iv_span
+    );
+}
+
+int msg_seedParser_Getseed_id (msg_seedParser *o, uint16_t *v)
+{
+    ASSERT(o->seed_id_pos >= 0)
+    ASSERT(o->seed_id_pos <= o->seed_id_span)
+
+    int left = o->seed_id_span - o->seed_id_pos;
+
+    while (left > 0) {
+        ASSERT(left >= sizeof(struct BProto_header_s))
+        struct BProto_header_s header;
+        memcpy(&header, o->buf + o->seed_id_start + o->seed_id_pos, sizeof(header));
+        o->seed_id_pos += sizeof(struct BProto_header_s);
+        left -= sizeof(struct BProto_header_s);
+        uint16_t type = ltoh16(header.type);
+        uint16_t id = ltoh16(header.id);
+
+        switch (type) {
+            case BPROTO_TYPE_UINT8: {
+                ASSERT(left >= sizeof(struct BProto_uint8_s))
+                o->seed_id_pos += sizeof(struct BProto_uint8_s);
+                left -= sizeof(struct BProto_uint8_s);
+            } break;
+            case BPROTO_TYPE_UINT16: {
+                ASSERT(left >= sizeof(struct BProto_uint16_s))
+                struct BProto_uint16_s val;
+                memcpy(&val, o->buf + o->seed_id_start + o->seed_id_pos, sizeof(val));
+                o->seed_id_pos += sizeof(struct BProto_uint16_s);
+                left -= sizeof(struct BProto_uint16_s);
+
+                if (id == 1) {
+                    *v = ltoh16(val.v);
+                    return 1;
+                }
+            } break;
+            case BPROTO_TYPE_UINT32: {
+                ASSERT(left >= sizeof(struct BProto_uint32_s))
+                o->seed_id_pos += sizeof(struct BProto_uint32_s);
+                left -= sizeof(struct BProto_uint32_s);
+            } break;
+            case BPROTO_TYPE_UINT64: {
+                ASSERT(left >= sizeof(struct BProto_uint64_s))
+                o->seed_id_pos += sizeof(struct BProto_uint64_s);
+                left -= sizeof(struct BProto_uint64_s);
+            } break;
+            case BPROTO_TYPE_DATA:
+            case BPROTO_TYPE_CONSTDATA:
+            {
+                ASSERT(left >= sizeof(struct BProto_data_header_s))
+                struct BProto_data_header_s val;
+                memcpy(&val, o->buf + o->seed_id_start + o->seed_id_pos, sizeof(val));
+                o->seed_id_pos += sizeof(struct BProto_data_header_s);
+                left -= sizeof(struct BProto_data_header_s);
+
+                uint32_t payload_len = ltoh32(val.len);
+                ASSERT(left >= payload_len)
+                o->seed_id_pos += payload_len;
+                left -= payload_len;
+            } break;
+            default:
+                ASSERT(0);
+        }
+    }
+
+    return 0;
+}
+
+void msg_seedParser_Resetseed_id (msg_seedParser *o)
+{
+    o->seed_id_pos = 0;
+}
+
+void msg_seedParser_Forwardseed_id (msg_seedParser *o)
+{
+    o->seed_id_pos = o->seed_id_span;
+}
+
+int msg_seedParser_Getkey (msg_seedParser *o, uint8_t **data, int *data_len)
+{
+    ASSERT(o->key_pos >= 0)
+    ASSERT(o->key_pos <= o->key_span)
+
+    int left = o->key_span - o->key_pos;
+
+    while (left > 0) {
+        ASSERT(left >= sizeof(struct BProto_header_s))
+        struct BProto_header_s header;
+        memcpy(&header, o->buf + o->key_start + o->key_pos, sizeof(header));
+        o->key_pos += sizeof(struct BProto_header_s);
+        left -= sizeof(struct BProto_header_s);
+        uint16_t type = ltoh16(header.type);
+        uint16_t id = ltoh16(header.id);
+
+        switch (type) {
+            case BPROTO_TYPE_UINT8: {
+                ASSERT(left >= sizeof(struct BProto_uint8_s))
+                o->key_pos += sizeof(struct BProto_uint8_s);
+                left -= sizeof(struct BProto_uint8_s);
+            } break;
+            case BPROTO_TYPE_UINT16: {
+                ASSERT(left >= sizeof(struct BProto_uint16_s))
+                o->key_pos += sizeof(struct BProto_uint16_s);
+                left -= sizeof(struct BProto_uint16_s);
+            } break;
+            case BPROTO_TYPE_UINT32: {
+                ASSERT(left >= sizeof(struct BProto_uint32_s))
+                o->key_pos += sizeof(struct BProto_uint32_s);
+                left -= sizeof(struct BProto_uint32_s);
+            } break;
+            case BPROTO_TYPE_UINT64: {
+                ASSERT(left >= sizeof(struct BProto_uint64_s))
+                o->key_pos += sizeof(struct BProto_uint64_s);
+                left -= sizeof(struct BProto_uint64_s);
+            } break;
+            case BPROTO_TYPE_DATA:
+            case BPROTO_TYPE_CONSTDATA:
+            {
+                ASSERT(left >= sizeof(struct BProto_data_header_s))
+                struct BProto_data_header_s val;
+                memcpy(&val, o->buf + o->key_start + o->key_pos, sizeof(val));
+                o->key_pos += sizeof(struct BProto_data_header_s);
+                left -= sizeof(struct BProto_data_header_s);
+
+                uint32_t payload_len = ltoh32(val.len);
+                ASSERT(left >= payload_len)
+                uint8_t *payload = o->buf + o->key_start + o->key_pos;
+                o->key_pos += payload_len;
+                left -= payload_len;
+
+                if (type == BPROTO_TYPE_DATA && id == 2) {
+                    *data = payload;
+                    *data_len = payload_len;
+                    return 1;
+                }
+            } break;
+            default:
+                ASSERT(0);
+        }
+    }
+
+    return 0;
+}
+
+void msg_seedParser_Resetkey (msg_seedParser *o)
+{
+    o->key_pos = 0;
+}
+
+void msg_seedParser_Forwardkey (msg_seedParser *o)
+{
+    o->key_pos = o->key_span;
+}
+
+int msg_seedParser_Getiv (msg_seedParser *o, uint8_t **data, int *data_len)
+{
+    ASSERT(o->iv_pos >= 0)
+    ASSERT(o->iv_pos <= o->iv_span)
+
+    int left = o->iv_span - o->iv_pos;
+
+    while (left > 0) {
+        ASSERT(left >= sizeof(struct BProto_header_s))
+        struct BProto_header_s header;
+        memcpy(&header, o->buf + o->iv_start + o->iv_pos, sizeof(header));
+        o->iv_pos += sizeof(struct BProto_header_s);
+        left -= sizeof(struct BProto_header_s);
+        uint16_t type = ltoh16(header.type);
+        uint16_t id = ltoh16(header.id);
+
+        switch (type) {
+            case BPROTO_TYPE_UINT8: {
+                ASSERT(left >= sizeof(struct BProto_uint8_s))
+                o->iv_pos += sizeof(struct BProto_uint8_s);
+                left -= sizeof(struct BProto_uint8_s);
+            } break;
+            case BPROTO_TYPE_UINT16: {
+                ASSERT(left >= sizeof(struct BProto_uint16_s))
+                o->iv_pos += sizeof(struct BProto_uint16_s);
+                left -= sizeof(struct BProto_uint16_s);
+            } break;
+            case BPROTO_TYPE_UINT32: {
+                ASSERT(left >= sizeof(struct BProto_uint32_s))
+                o->iv_pos += sizeof(struct BProto_uint32_s);
+                left -= sizeof(struct BProto_uint32_s);
+            } break;
+            case BPROTO_TYPE_UINT64: {
+                ASSERT(left >= sizeof(struct BProto_uint64_s))
+                o->iv_pos += sizeof(struct BProto_uint64_s);
+                left -= sizeof(struct BProto_uint64_s);
+            } break;
+            case BPROTO_TYPE_DATA:
+            case BPROTO_TYPE_CONSTDATA:
+            {
+                ASSERT(left >= sizeof(struct BProto_data_header_s))
+                struct BProto_data_header_s val;
+                memcpy(&val, o->buf + o->iv_start + o->iv_pos, sizeof(val));
+                o->iv_pos += sizeof(struct BProto_data_header_s);
+                left -= sizeof(struct BProto_data_header_s);
+
+                uint32_t payload_len = ltoh32(val.len);
+                ASSERT(left >= payload_len)
+                uint8_t *payload = o->buf + o->iv_start + o->iv_pos;
+                o->iv_pos += payload_len;
+                left -= payload_len;
+
+                if (type == BPROTO_TYPE_DATA && id == 3) {
+                    *data = payload;
+                    *data_len = payload_len;
+                    return 1;
+                }
+            } break;
+            default:
+                ASSERT(0);
+        }
+    }
+
+    return 0;
+}
+
+void msg_seedParser_Resetiv (msg_seedParser *o)
+{
+    o->iv_pos = 0;
+}
+
+void msg_seedParser_Forwardiv (msg_seedParser *o)
+{
+    o->iv_pos = o->iv_span;
+}
+
+#define msg_confirmseed_SIZEseed_id (sizeof(struct BProto_header_s) + sizeof(struct BProto_uint16_s))
+
+typedef struct {
+    uint8_t *out;
+    int used;
+    int seed_id_count;
+} msg_confirmseedWriter;
+
+static void msg_confirmseedWriter_Init (msg_confirmseedWriter *o, uint8_t *out);
+static int msg_confirmseedWriter_Finish (msg_confirmseedWriter *o);
+static void msg_confirmseedWriter_Addseed_id (msg_confirmseedWriter *o, uint16_t v);
+
+typedef struct {
+    uint8_t *buf;
+    int buf_len;
+    int seed_id_start;
+    int seed_id_span;
+    int seed_id_pos;
+} msg_confirmseedParser;
+
+static int msg_confirmseedParser_Init (msg_confirmseedParser *o, uint8_t *buf, int buf_len);
+static int msg_confirmseedParser_GotEverything (msg_confirmseedParser *o);
+static int msg_confirmseedParser_Getseed_id (msg_confirmseedParser *o, uint16_t *v);
+static void msg_confirmseedParser_Resetseed_id (msg_confirmseedParser *o);
+static void msg_confirmseedParser_Forwardseed_id (msg_confirmseedParser *o);
+
+void msg_confirmseedWriter_Init (msg_confirmseedWriter *o, uint8_t *out)
+{
+    o->out = out;
+    o->used = 0;
+    o->seed_id_count = 0;
+}
+
+int msg_confirmseedWriter_Finish (msg_confirmseedWriter *o)
+{
+    ASSERT(o->used >= 0)
+    ASSERT(o->seed_id_count == 1)
+
+    return o->used;
+}
+
+void msg_confirmseedWriter_Addseed_id (msg_confirmseedWriter *o, uint16_t v)
+{
+    ASSERT(o->used >= 0)
+    ASSERT(o->seed_id_count == 0)
+    
+
+    struct BProto_header_s header;
+    header.id = htol16(1);
+    header.type = htol16(BPROTO_TYPE_UINT16);
+    memcpy(o->out + o->used, &header, sizeof(header));
+    o->used += sizeof(struct BProto_header_s);
+
+    struct BProto_uint16_s data;
+    data.v = htol16(v);
+    memcpy(o->out + o->used, &data, sizeof(data));
+    o->used += sizeof(struct BProto_uint16_s);
+
+    o->seed_id_count++;
+}
+
+int msg_confirmseedParser_Init (msg_confirmseedParser *o, uint8_t *buf, int buf_len)
+{
+    ASSERT(buf_len >= 0)
+
+    o->buf = buf;
+    o->buf_len = buf_len;
+    o->seed_id_start = o->buf_len;
+    o->seed_id_span = 0;
+    o->seed_id_pos = 0;
+
+    int seed_id_count = 0;
+
+    int pos = 0;
+    int left = o->buf_len;
+
+    while (left > 0) {
+        int entry_pos = pos;
+
+        if (!(left >= sizeof(struct BProto_header_s))) {
+            return 0;
+        }
+        struct BProto_header_s header;
+        memcpy(&header, o->buf + pos, sizeof(header));
+        pos += sizeof(struct BProto_header_s);
+        left -= sizeof(struct BProto_header_s);
+        uint16_t type = ltoh16(header.type);
+        uint16_t id = ltoh16(header.id);
+
+        switch (type) {
+            case BPROTO_TYPE_UINT8: {
+                if (!(left >= sizeof(struct BProto_uint8_s))) {
+                    return 0;
+                }
+                pos += sizeof(struct BProto_uint8_s);
+                left -= sizeof(struct BProto_uint8_s);
+
+                switch (id) {
+                    default:
+                        return 0;
+                }
+            } break;
+            case BPROTO_TYPE_UINT16: {
+                if (!(left >= sizeof(struct BProto_uint16_s))) {
+                    return 0;
+                }
+                pos += sizeof(struct BProto_uint16_s);
+                left -= sizeof(struct BProto_uint16_s);
+
+                switch (id) {
+                    case 1:
+                        if (o->seed_id_start == o->buf_len) {
+                            o->seed_id_start = entry_pos;
+                        }
+                        o->seed_id_span = pos - o->seed_id_start;
+                        seed_id_count++;
+                        break;
+                    default:
+                        return 0;
+                }
+            } break;
+            case BPROTO_TYPE_UINT32: {
+                if (!(left >= sizeof(struct BProto_uint32_s))) {
+                    return 0;
+                }
+                pos += sizeof(struct BProto_uint32_s);
+                left -= sizeof(struct BProto_uint32_s);
+
+                switch (id) {
+                    default:
+                        return 0;
+                }
+            } break;
+            case BPROTO_TYPE_UINT64: {
+                if (!(left >= sizeof(struct BProto_uint64_s))) {
+                    return 0;
+                }
+                pos += sizeof(struct BProto_uint64_s);
+                left -= sizeof(struct BProto_uint64_s);
+
+                switch (id) {
+                    default:
+                        return 0;
+                }
+            } break;
+            case BPROTO_TYPE_DATA:
+            case BPROTO_TYPE_CONSTDATA:
+            {
+                if (!(left >= sizeof(struct BProto_data_header_s))) {
+                    return 0;
+                }
+                struct BProto_data_header_s val;
+                memcpy(&val, o->buf + pos, sizeof(val));
+                pos += sizeof(struct BProto_data_header_s);
+                left -= sizeof(struct BProto_data_header_s);
+
+                uint32_t payload_len = ltoh32(val.len);
+                if (!(left >= payload_len)) {
+                    return 0;
+                }
+                pos += payload_len;
+                left -= payload_len;
+
+                switch (id) {
+                    default:
+                        return 0;
+                }
+            } break;
+            default:
+                return 0;
+        }
+    }
+
+    if (!(seed_id_count == 1)) {
+        return 0;
+    }
+
+    return 1;
+}
+
+int msg_confirmseedParser_GotEverything (msg_confirmseedParser *o)
+{
+    return (
+        o->seed_id_pos == o->seed_id_span
+    );
+}
+
+int msg_confirmseedParser_Getseed_id (msg_confirmseedParser *o, uint16_t *v)
+{
+    ASSERT(o->seed_id_pos >= 0)
+    ASSERT(o->seed_id_pos <= o->seed_id_span)
+
+    int left = o->seed_id_span - o->seed_id_pos;
+
+    while (left > 0) {
+        ASSERT(left >= sizeof(struct BProto_header_s))
+        struct BProto_header_s header;
+        memcpy(&header, o->buf + o->seed_id_start + o->seed_id_pos, sizeof(header));
+        o->seed_id_pos += sizeof(struct BProto_header_s);
+        left -= sizeof(struct BProto_header_s);
+        uint16_t type = ltoh16(header.type);
+        uint16_t id = ltoh16(header.id);
+
+        switch (type) {
+            case BPROTO_TYPE_UINT8: {
+                ASSERT(left >= sizeof(struct BProto_uint8_s))
+                o->seed_id_pos += sizeof(struct BProto_uint8_s);
+                left -= sizeof(struct BProto_uint8_s);
+            } break;
+            case BPROTO_TYPE_UINT16: {
+                ASSERT(left >= sizeof(struct BProto_uint16_s))
+                struct BProto_uint16_s val;
+                memcpy(&val, o->buf + o->seed_id_start + o->seed_id_pos, sizeof(val));
+                o->seed_id_pos += sizeof(struct BProto_uint16_s);
+                left -= sizeof(struct BProto_uint16_s);
+
+                if (id == 1) {
+                    *v = ltoh16(val.v);
+                    return 1;
+                }
+            } break;
+            case BPROTO_TYPE_UINT32: {
+                ASSERT(left >= sizeof(struct BProto_uint32_s))
+                o->seed_id_pos += sizeof(struct BProto_uint32_s);
+                left -= sizeof(struct BProto_uint32_s);
+            } break;
+            case BPROTO_TYPE_UINT64: {
+                ASSERT(left >= sizeof(struct BProto_uint64_s))
+                o->seed_id_pos += sizeof(struct BProto_uint64_s);
+                left -= sizeof(struct BProto_uint64_s);
+            } break;
+            case BPROTO_TYPE_DATA:
+            case BPROTO_TYPE_CONSTDATA:
+            {
+                ASSERT(left >= sizeof(struct BProto_data_header_s))
+                struct BProto_data_header_s val;
+                memcpy(&val, o->buf + o->seed_id_start + o->seed_id_pos, sizeof(val));
+                o->seed_id_pos += sizeof(struct BProto_data_header_s);
+                left -= sizeof(struct BProto_data_header_s);
+
+                uint32_t payload_len = ltoh32(val.len);
+                ASSERT(left >= payload_len)
+                o->seed_id_pos += payload_len;
+                left -= payload_len;
+            } break;
+            default:
+                ASSERT(0);
+        }
+    }
+
+    return 0;
+}
+
+void msg_confirmseedParser_Resetseed_id (msg_confirmseedParser *o)
+{
+    o->seed_id_pos = 0;
+}
+
+void msg_confirmseedParser_Forwardseed_id (msg_confirmseedParser *o)
+{
+    o->seed_id_pos = o->seed_id_span;
+}
+
diff --git a/client/3rd/PacketProcessor/PacketProcessor/tun2socks-iOS/lwip/custom/arch/cc.h b/client/3rd/PacketProcessor/PacketProcessor/tun2socks-iOS/lwip/custom/arch/cc.h
new file mode 100644
index 00000000..a917779a
--- /dev/null
+++ b/client/3rd/PacketProcessor/PacketProcessor/tun2socks-iOS/lwip/custom/arch/cc.h
@@ -0,0 +1,92 @@
+/**
+ * @file cc.h
+ * @author Ambroz Bizjak <ambrop7@gmail.com>
+ * 
+ * @section LICENSE
+ * 
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions are met:
+ * 1. Redistributions of source code must retain the above copyright
+ *    notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in the
+ *    documentation and/or other materials provided with the distribution.
+ * 3. Neither the name of the author nor the
+ *    names of its contributors may be used to endorse or promote products
+ *    derived from this software without specific prior written permission.
+ * 
+ * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS" AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED
+ * WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE
+ * DISCLAIMED. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY
+ * DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES
+ * (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
+ * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND
+ * ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
+ * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS
+ * SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
+ */
+
+#ifndef LWIP_CUSTOM_CC_H
+#define LWIP_CUSTOM_CC_H
+
+#include <stdlib.h>
+#include <stdio.h>
+#include <errno.h>
+#include <stdint.h>
+
+#include "misc/debug.h"
+#include "misc/byteorder.h"
+#include "misc/packed.h"
+#include "misc/print_macros.h"
+#include "misc/byteorder.h"
+#include "base/BLog.h"
+
+#define u8_t uint8_t
+#define s8_t int8_t
+#define u16_t uint16_t
+#define s16_t int16_t
+#define u32_t uint32_t
+#define s32_t int32_t
+#define mem_ptr_t uintptr_t
+
+#define PACK_STRUCT_BEGIN B_START_PACKED
+#define PACK_STRUCT_END B_END_PACKED
+#define PACK_STRUCT_STRUCT B_PACKED
+
+#define LWIP_PLATFORM_DIAG(x) { if (BLog_WouldLog(BLOG_CHANNEL_lwip, BLOG_INFO)) { BLog_Begin(); BLog_Append x; BLog_Finish(BLOG_CHANNEL_lwip, BLOG_INFO); } }
+#define LWIP_PLATFORM_ASSERT(x) { fprintf(stderr, "%s: lwip assertion failure: %s\n", __FUNCTION__, (x)); abort(); }
+
+#define U16_F PRIu16
+#define S16_F PRId16
+#define X16_F PRIx16
+#define U32_F PRIu32
+#define S32_F PRId32
+#define X32_F PRIx32
+#define SZT_F "zu"
+
+#define LWIP_PLATFORM_BYTESWAP 1
+#define LWIP_PLATFORM_HTONS(x) hton16(x)
+#define LWIP_PLATFORM_HTONL(x) hton32(x)
+
+#define LWIP_RAND() ( \
+    (((uint32_t)(rand() & 0xFF)) << 24) | \
+    (((uint32_t)(rand() & 0xFF)) << 16) | \
+    (((uint32_t)(rand() & 0xFF)) << 8) | \
+    (((uint32_t)(rand() & 0xFF)) << 0) \
+)
+
+// for BYTE_ORDER
+#if defined(BADVPN_FREEBSD)
+    #include <machine/endian.h>
+#else
+    #define LITTLE_ENDIAN 1234
+    #define BIG_ENDIAN 4321
+    #if defined(BADVPN_LITTLE_ENDIAN)
+        #define BYTE_ORDER LITTLE_ENDIAN
+    #else
+        #define BYTE_ORDER BIG_ENDIAN
+    #endif
+#endif
+
+#endif
diff --git a/client/3rd/PacketProcessor/PacketProcessor/tun2socks-iOS/lwip/custom/arch/perf.h b/client/3rd/PacketProcessor/PacketProcessor/tun2socks-iOS/lwip/custom/arch/perf.h
new file mode 100644
index 00000000..09c9d47d
--- /dev/null
+++ b/client/3rd/PacketProcessor/PacketProcessor/tun2socks-iOS/lwip/custom/arch/perf.h
@@ -0,0 +1,36 @@
+/**
+ * @file perf.h
+ * @author Ambroz Bizjak <ambrop7@gmail.com>
+ * 
+ * @section LICENSE
+ * 
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions are met:
+ * 1. Redistributions of source code must retain the above copyright
+ *    notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in the
+ *    documentation and/or other materials provided with the distribution.
+ * 3. Neither the name of the author nor the
+ *    names of its contributors may be used to endorse or promote products
+ *    derived from this software without specific prior written permission.
+ * 
+ * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS" AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED
+ * WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE
+ * DISCLAIMED. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY
+ * DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES
+ * (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
+ * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND
+ * ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
+ * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS
+ * SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
+ */
+
+#ifndef LWIP_CUSTOM_PERF_H
+#define LWIP_CUSTOM_PERF_H
+
+#define PERF_START
+#define PERF_STOP(x)
+
+#endif
diff --git a/client/3rd/PacketProcessor/PacketProcessor/tun2socks-iOS/lwip/custom/lwipopts.h b/client/3rd/PacketProcessor/PacketProcessor/tun2socks-iOS/lwip/custom/lwipopts.h
new file mode 100644
index 00000000..69c27fb2
--- /dev/null
+++ b/client/3rd/PacketProcessor/PacketProcessor/tun2socks-iOS/lwip/custom/lwipopts.h
@@ -0,0 +1,98 @@
+/**
+ * @file lwipopts.h
+ * @author Ambroz Bizjak <ambrop7@gmail.com>
+ * 
+ * @section LICENSE
+ * 
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions are met:
+ * 1. Redistributions of source code must retain the above copyright
+ *    notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in the
+ *    documentation and/or other materials provided with the distribution.
+ * 3. Neither the name of the author nor the
+ *    names of its contributors may be used to endorse or promote products
+ *    derived from this software without specific prior written permission.
+ * 
+ * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS" AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED
+ * WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE
+ * DISCLAIMED. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY
+ * DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES
+ * (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
+ * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND
+ * ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
+ * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS
+ * SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
+ */
+
+#ifndef LWIP_CUSTOM_LWIPOPTS_H
+#define LWIP_CUSTOM_LWIPOPTS_H
+
+#define NO_SYS 1
+#define MEM_ALIGNMENT 4
+
+#define LWIP_ARP 0
+#define ARP_QUEUEING 0
+#define IP_FORWARD 0
+#define LWIP_ICMP 1
+#define LWIP_RAW 0
+#define LWIP_DHCP 0
+#define LWIP_AUTOIP 0
+#define LWIP_SNMP 0
+#define LWIP_IGMP 0
+#define LWIP_DNS 0
+#define LWIP_UDP 1
+#define LWIP_UDPLITE 0
+#define LWIP_TCP 1
+#define LWIP_CALLBACK_API 1
+#define LWIP_NETIF_API 0
+#define LWIP_NETIF_LOOPBACK 0
+#define LWIP_HAVE_LOOPIF 0
+#define LWIP_HAVE_SLIPIF 0
+#define LWIP_NETCONN 0
+#define LWIP_SOCKET 0
+#define PPP_SUPPORT 0
+#define LWIP_IPV6 0
+#define LWIP_IPV6_MLD 0
+#define LWIP_IPV6_AUTOCONFIG 0
+
+#define LWIP_CHECKSUM_ON_COPY 1
+
+// MEM
+#define MEM_SIZE                        (1024 * 1024 * 2) /* 1MiB */
+#define MEMP_NUM_PBUF 256
+#define MEMP_NUM_TCP_PCB 256
+#define MEMP_NUM_TCP_PCB_LISTEN 256
+#define MEMP_NUM_TCP_SEG 256
+#define MEMP_NUM_REASSDATA 256
+#define MEMP_NUM_FRAG_PBUF 256
+#define PBUF_POOL_SIZE 256
+
+//#define MEMP_NUM_TCP_PCB_LISTEN 16
+//#define MEMP_NUM_TCP_PCB 1024
+//#define TCP_SND_BUF 32469
+//#define TCP_SND_QUEUELEN (4 * (TCP_SND_BUF)/(TCP_MSS))
+
+#define MEM_LIBC_MALLOC 1
+#define MEMP_MEM_MALLOC 1
+
+//#define TCP_MSS 8117
+
+#define TCP_MSS                         2048
+#define TCP_WND                         (2*TCP_MSS)
+#define TCP_SND_BUF                     2 * TCP_WND
+#define TCP_OVERSIZE                    TCP_MSS
+#define TCP_SND_QUEUELEN                TCP_SNDQUEUELEN_OVERFLOW
+
+
+//#define LWIP_DEBUG
+#define TCP_DEBUG                LWIP_DBG_ON
+#define IP_DEBUG                LWIP_DBG_ON
+#define TCP_INPUT_DEBUG         LWIP_DBG_ON
+#define TCP_WND_DEBUG           LWIP_DBG_ON
+#define TCP_OUTPUT_DEBUG        LWIP_DBG_ON
+#define TCP_RST_DEBUG       LWIP_DBG_ON
+#define TCP_QLEN_DEBUG      LWIP_DBG_ON
+#endif
diff --git a/client/3rd/PacketProcessor/PacketProcessor/tun2socks-iOS/lwip/custom/sys.c b/client/3rd/PacketProcessor/PacketProcessor/tun2socks-iOS/lwip/custom/sys.c
new file mode 100644
index 00000000..6f5ce627
--- /dev/null
+++ b/client/3rd/PacketProcessor/PacketProcessor/tun2socks-iOS/lwip/custom/sys.c
@@ -0,0 +1,37 @@
+/**
+ * @file sys.c
+ * @author Ambroz Bizjak <ambrop7@gmail.com>
+ * 
+ * @section LICENSE
+ * 
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions are met:
+ * 1. Redistributions of source code must retain the above copyright
+ *    notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in the
+ *    documentation and/or other materials provided with the distribution.
+ * 3. Neither the name of the author nor the
+ *    names of its contributors may be used to endorse or promote products
+ *    derived from this software without specific prior written permission.
+ * 
+ * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS" AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED
+ * WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE
+ * DISCLAIMED. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY
+ * DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES
+ * (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
+ * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND
+ * ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
+ * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS
+ * SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
+ */
+
+#include "system/BTime.h"
+
+#include "lwip/sys.h"
+
+u32_t sys_now (void)
+{
+    return btime_gettime();
+}
diff --git a/client/3rd/PacketProcessor/PacketProcessor/tun2socks-iOS/lwip/src/core/def.c b/client/3rd/PacketProcessor/PacketProcessor/tun2socks-iOS/lwip/src/core/def.c
new file mode 100644
index 00000000..352b5524
--- /dev/null
+++ b/client/3rd/PacketProcessor/PacketProcessor/tun2socks-iOS/lwip/src/core/def.c
@@ -0,0 +1,108 @@
+/**
+ * @file
+ * Common functions used throughout the stack.
+ *
+ */
+
+/*
+ * Copyright (c) 2001-2004 Swedish Institute of Computer Science.
+ * All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without modification,
+ * are permitted provided that the following conditions are met:
+ *
+ * 1. Redistributions of source code must retain the above copyright notice,
+ *    this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright notice,
+ *    this list of conditions and the following disclaimer in the documentation
+ *    and/or other materials provided with the distribution.
+ * 3. The name of the author may not be used to endorse or promote products
+ *    derived from this software without specific prior written permission.
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE AUTHOR ``AS IS'' AND ANY EXPRESS OR IMPLIED
+ * WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF
+ * MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT
+ * SHALL THE AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL,
+ * EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT
+ * OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS
+ * INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN
+ * CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING
+ * IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY
+ * OF SUCH DAMAGE.
+ *
+ * This file is part of the lwIP TCP/IP stack.
+ *
+ * Author: Simon Goldschmidt
+ *
+ */
+
+#include "lwip/opt.h"
+#include "lwip/def.h"
+
+/**
+ * These are reference implementations of the byte swapping functions.
+ * Again with the aim of being simple, correct and fully portable.
+ * Byte swapping is the second thing you would want to optimize. You will
+ * need to port it to your architecture and in your cc.h:
+ * 
+ * #define LWIP_PLATFORM_BYTESWAP 1
+ * #define LWIP_PLATFORM_HTONS(x) <your_htons>
+ * #define LWIP_PLATFORM_HTONL(x) <your_htonl>
+ *
+ * Note ntohs() and ntohl() are merely references to the htonx counterparts.
+ */
+
+#if (LWIP_PLATFORM_BYTESWAP == 0) && (BYTE_ORDER == LITTLE_ENDIAN)
+
+/**
+ * Convert an u16_t from host- to network byte order.
+ *
+ * @param n u16_t in host byte order
+ * @return n in network byte order
+ */
+u16_t
+lwip_htons(u16_t n)
+{
+  return ((n & 0xff) << 8) | ((n & 0xff00) >> 8);
+}
+
+/**
+ * Convert an u16_t from network- to host byte order.
+ *
+ * @param n u16_t in network byte order
+ * @return n in host byte order
+ */
+u16_t
+lwip_ntohs(u16_t n)
+{
+  return lwip_htons(n);
+}
+
+/**
+ * Convert an u32_t from host- to network byte order.
+ *
+ * @param n u32_t in host byte order
+ * @return n in network byte order
+ */
+u32_t
+lwip_htonl(u32_t n)
+{
+  return ((n & 0xff) << 24) |
+    ((n & 0xff00) << 8) |
+    ((n & 0xff0000UL) >> 8) |
+    ((n & 0xff000000UL) >> 24);
+}
+
+/**
+ * Convert an u32_t from network- to host byte order.
+ *
+ * @param n u32_t in network byte order
+ * @return n in host byte order
+ */
+u32_t
+lwip_ntohl(u32_t n)
+{
+  return lwip_htonl(n);
+}
+
+#endif /* (LWIP_PLATFORM_BYTESWAP == 0) && (BYTE_ORDER == LITTLE_ENDIAN) */
diff --git a/client/3rd/PacketProcessor/PacketProcessor/tun2socks-iOS/lwip/src/core/inet_chksum.c b/client/3rd/PacketProcessor/PacketProcessor/tun2socks-iOS/lwip/src/core/inet_chksum.c
new file mode 100644
index 00000000..8bc42c14
--- /dev/null
+++ b/client/3rd/PacketProcessor/PacketProcessor/tun2socks-iOS/lwip/src/core/inet_chksum.c
@@ -0,0 +1,545 @@
+/**
+ * @file
+ * Incluse internet checksum functions.
+ *
+ */
+
+/*
+ * Copyright (c) 2001-2004 Swedish Institute of Computer Science.
+ * All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without modification,
+ * are permitted provided that the following conditions are met:
+ *
+ * 1. Redistributions of source code must retain the above copyright notice,
+ *    this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright notice,
+ *    this list of conditions and the following disclaimer in the documentation
+ *    and/or other materials provided with the distribution.
+ * 3. The name of the author may not be used to endorse or promote products
+ *    derived from this software without specific prior written permission.
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE AUTHOR ``AS IS'' AND ANY EXPRESS OR IMPLIED
+ * WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF
+ * MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT
+ * SHALL THE AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL,
+ * EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT
+ * OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS
+ * INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN
+ * CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING
+ * IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY
+ * OF SUCH DAMAGE.
+ *
+ * This file is part of the lwIP TCP/IP stack.
+ *
+ * Author: Adam Dunkels <adam@sics.se>
+ *
+ */
+
+#include "lwip/opt.h"
+
+#include "lwip/inet_chksum.h"
+#include "lwip/def.h"
+
+#include <stddef.h>
+#include <string.h>
+
+/* These are some reference implementations of the checksum algorithm, with the
+ * aim of being simple, correct and fully portable. Checksumming is the
+ * first thing you would want to optimize for your platform. If you create
+ * your own version, link it in and in your cc.h put:
+ * 
+ * #define LWIP_CHKSUM <your_checksum_routine> 
+ *
+ * Or you can select from the implementations below by defining
+ * LWIP_CHKSUM_ALGORITHM to 1, 2 or 3.
+ */
+
+#ifndef LWIP_CHKSUM
+# define LWIP_CHKSUM lwip_standard_chksum
+# ifndef LWIP_CHKSUM_ALGORITHM
+#  define LWIP_CHKSUM_ALGORITHM 2
+# endif
+u16_t lwip_standard_chksum(void *dataptr, int len);
+#endif
+/* If none set: */
+#ifndef LWIP_CHKSUM_ALGORITHM
+# define LWIP_CHKSUM_ALGORITHM 0
+#endif
+
+#if (LWIP_CHKSUM_ALGORITHM == 1) /* Version #1 */
+/**
+ * lwip checksum
+ *
+ * @param dataptr points to start of data to be summed at any boundary
+ * @param len length of data to be summed
+ * @return host order (!) lwip checksum (non-inverted Internet sum) 
+ *
+ * @note accumulator size limits summable length to 64k
+ * @note host endianess is irrelevant (p3 RFC1071)
+ */
+u16_t
+lwip_standard_chksum(void *dataptr, u16_t len)
+{
+  u32_t acc;
+  u16_t src;
+  u8_t *octetptr;
+
+  acc = 0;
+  /* dataptr may be at odd or even addresses */
+  octetptr = (u8_t*)dataptr;
+  while (len > 1) {
+    /* declare first octet as most significant
+       thus assume network order, ignoring host order */
+    src = (*octetptr) << 8;
+    octetptr++;
+    /* declare second octet as least significant */
+    src |= (*octetptr);
+    octetptr++;
+    acc += src;
+    len -= 2;
+  }
+  if (len > 0) {
+    /* accumulate remaining octet */
+    src = (*octetptr) << 8;
+    acc += src;
+  }
+  /* add deferred carry bits */
+  acc = (acc >> 16) + (acc & 0x0000ffffUL);
+  if ((acc & 0xffff0000UL) != 0) {
+    acc = (acc >> 16) + (acc & 0x0000ffffUL);
+  }
+  /* This maybe a little confusing: reorder sum using htons()
+     instead of ntohs() since it has a little less call overhead.
+     The caller must invert bits for Internet sum ! */
+  return htons((u16_t)acc);
+}
+#endif
+
+#if (LWIP_CHKSUM_ALGORITHM == 2) /* Alternative version #2 */
+/*
+ * Curt McDowell
+ * Broadcom Corp.
+ * csm@broadcom.com
+ *
+ * IP checksum two bytes at a time with support for
+ * unaligned buffer.
+ * Works for len up to and including 0x20000.
+ * by Curt McDowell, Broadcom Corp. 12/08/2005
+ *
+ * @param dataptr points to start of data to be summed at any boundary
+ * @param len length of data to be summed
+ * @return host order (!) lwip checksum (non-inverted Internet sum) 
+ */
+
+u16_t
+lwip_standard_chksum(void *dataptr, int len)
+{
+  u8_t *pb = (u8_t *)dataptr;
+  u16_t *ps, t = 0;
+  u32_t sum = 0;
+  int odd = ((mem_ptr_t)pb & 1);
+
+  /* Get aligned to u16_t */
+  if (odd && len > 0) {
+    ((u8_t *)&t)[1] = *pb++;
+    len--;
+  }
+
+  /* Add the bulk of the data */
+  ps = (u16_t *)(void *)pb;
+  while (len > 1) {
+    sum += *ps++;
+    len -= 2;
+  }
+
+  /* Consume left-over byte, if any */
+  if (len > 0) {
+    ((u8_t *)&t)[0] = *(u8_t *)ps;
+  }
+
+  /* Add end bytes */
+  sum += t;
+
+  /* Fold 32-bit sum to 16 bits
+     calling this twice is propably faster than if statements... */
+  sum = FOLD_U32T(sum);
+  sum = FOLD_U32T(sum);
+
+  /* Swap if alignment was odd */
+  if (odd) {
+    sum = SWAP_BYTES_IN_WORD(sum);
+  }
+
+  return (u16_t)sum;
+}
+#endif
+
+#if (LWIP_CHKSUM_ALGORITHM == 3) /* Alternative version #3 */
+/**
+ * An optimized checksum routine. Basically, it uses loop-unrolling on
+ * the checksum loop, treating the head and tail bytes specially, whereas
+ * the inner loop acts on 8 bytes at a time. 
+ *
+ * @arg start of buffer to be checksummed. May be an odd byte address.
+ * @len number of bytes in the buffer to be checksummed.
+ * @return host order (!) lwip checksum (non-inverted Internet sum) 
+ * 
+ * by Curt McDowell, Broadcom Corp. December 8th, 2005
+ */
+
+u16_t
+lwip_standard_chksum(void *dataptr, int len)
+{
+  u8_t *pb = (u8_t *)dataptr;
+  u16_t *ps, t = 0;
+  u32_t *pl;
+  u32_t sum = 0, tmp;
+  /* starts at odd byte address? */
+  int odd = ((mem_ptr_t)pb & 1);
+
+  if (odd && len > 0) {
+    ((u8_t *)&t)[1] = *pb++;
+    len--;
+  }
+
+  ps = (u16_t *)pb;
+
+  if (((mem_ptr_t)ps & 3) && len > 1) {
+    sum += *ps++;
+    len -= 2;
+  }
+
+  pl = (u32_t *)ps;
+
+  while (len > 7)  {
+    tmp = sum + *pl++;          /* ping */
+    if (tmp < sum) {
+      tmp++;                    /* add back carry */
+    }
+
+    sum = tmp + *pl++;          /* pong */
+    if (sum < tmp) {
+      sum++;                    /* add back carry */
+    }
+
+    len -= 8;
+  }
+
+  /* make room in upper bits */
+  sum = FOLD_U32T(sum);
+
+  ps = (u16_t *)pl;
+
+  /* 16-bit aligned word remaining? */
+  while (len > 1) {
+    sum += *ps++;
+    len -= 2;
+  }
+
+  /* dangling tail byte remaining? */
+  if (len > 0) {                /* include odd byte */
+    ((u8_t *)&t)[0] = *(u8_t *)ps;
+  }
+
+  sum += t;                     /* add end bytes */
+
+  /* Fold 32-bit sum to 16 bits
+     calling this twice is propably faster than if statements... */
+  sum = FOLD_U32T(sum);
+  sum = FOLD_U32T(sum);
+
+  if (odd) {
+    sum = SWAP_BYTES_IN_WORD(sum);
+  }
+
+  return (u16_t)sum;
+}
+#endif
+
+/** Parts of the pseudo checksum which are common to IPv4 and IPv6 */
+static u16_t
+inet_cksum_pseudo_base(struct pbuf *p, u8_t proto, u16_t proto_len, u32_t acc)
+{
+  struct pbuf *q;
+  u8_t swapped = 0;
+
+  /* iterate through all pbuf in chain */
+  for(q = p; q != NULL; q = q->next) {
+    LWIP_DEBUGF(INET_DEBUG, ("inet_chksum_pseudo(): checksumming pbuf %p (has next %p) \n",
+      (void *)q, (void *)q->next));
+    acc += LWIP_CHKSUM(q->payload, q->len);
+    /*LWIP_DEBUGF(INET_DEBUG, ("inet_chksum_pseudo(): unwrapped lwip_chksum()=%"X32_F" \n", acc));*/
+    /* just executing this next line is probably faster that the if statement needed
+       to check whether we really need to execute it, and does no harm */
+    acc = FOLD_U32T(acc);
+    if (q->len % 2 != 0) {
+      swapped = 1 - swapped;
+      acc = SWAP_BYTES_IN_WORD(acc);
+    }
+    /*LWIP_DEBUGF(INET_DEBUG, ("inet_chksum_pseudo(): wrapped lwip_chksum()=%"X32_F" \n", acc));*/
+  }
+
+  if (swapped) {
+    acc = SWAP_BYTES_IN_WORD(acc);
+  }
+
+  acc += (u32_t)htons((u16_t)proto);
+  acc += (u32_t)htons(proto_len);
+
+  /* Fold 32-bit sum to 16 bits
+     calling this twice is propably faster than if statements... */
+  acc = FOLD_U32T(acc);
+  acc = FOLD_U32T(acc);
+  LWIP_DEBUGF(INET_DEBUG, ("inet_chksum_pseudo(): pbuf chain lwip_chksum()=%"X32_F"\n", acc));
+  return (u16_t)~(acc & 0xffffUL);
+}
+
+/* inet_chksum_pseudo:
+ *
+ * Calculates the pseudo Internet checksum used by TCP and UDP for a pbuf chain.
+ * IP addresses are expected to be in network byte order.
+ *
+ * @param p chain of pbufs over that a checksum should be calculated (ip data part)
+ * @param src source ip address (used for checksum of pseudo header)
+ * @param dst destination ip address (used for checksum of pseudo header)
+ * @param proto ip protocol (used for checksum of pseudo header)
+ * @param proto_len length of the ip data part (used for checksum of pseudo header)
+ * @return checksum (as u16_t) to be saved directly in the protocol header
+ */
+u16_t
+inet_chksum_pseudo(struct pbuf *p, u8_t proto, u16_t proto_len,
+       ip_addr_t *src, ip_addr_t *dest)
+{
+  u32_t acc;
+  u32_t addr;
+
+  addr = ip4_addr_get_u32(src);
+  acc = (addr & 0xffffUL);
+  acc += ((addr >> 16) & 0xffffUL);
+  addr = ip4_addr_get_u32(dest);
+  acc += (addr & 0xffffUL);
+  acc += ((addr >> 16) & 0xffffUL);
+  /* fold down to 16 bits */
+  acc = FOLD_U32T(acc);
+  acc = FOLD_U32T(acc);
+
+  return inet_cksum_pseudo_base(p, proto, proto_len, acc);
+}
+#if LWIP_IPV6
+/**
+ * Calculates the checksum with IPv6 pseudo header used by TCP and UDP for a pbuf chain.
+ * IPv6 addresses are expected to be in network byte order.
+ *
+ * @param p chain of pbufs over that a checksum should be calculated (ip data part)
+ * @param src source ipv6 address (used for checksum of pseudo header)
+ * @param dst destination ipv6 address (used for checksum of pseudo header)
+ * @param proto ipv6 protocol/next header (used for checksum of pseudo header)
+ * @param proto_len length of the ipv6 payload (used for checksum of pseudo header)
+ * @return checksum (as u16_t) to be saved directly in the protocol header
+ */
+u16_t
+ip6_chksum_pseudo(struct pbuf *p, u8_t proto, u16_t proto_len,
+       ip6_addr_t *src, ip6_addr_t *dest)
+{
+  u32_t acc = 0;
+  u32_t addr;
+  u8_t addr_part;
+
+  for (addr_part = 0; addr_part < 4; addr_part++) {
+    addr = src->addr[addr_part];
+    acc += (addr & 0xffffUL);
+    acc += ((addr >> 16) & 0xffffUL);
+    addr = dest->addr[addr_part];
+    acc += (addr & 0xffffUL);
+    acc += ((addr >> 16) & 0xffffUL);
+  }
+  /* fold down to 16 bits */
+  acc = FOLD_U32T(acc);
+  acc = FOLD_U32T(acc);
+
+  return inet_cksum_pseudo_base(p, proto, proto_len, acc);
+}
+#endif /* LWIP_IPV6 */
+
+/** Parts of the pseudo checksum which are common to IPv4 and IPv6 */
+static u16_t
+inet_cksum_pseudo_partial_base(struct pbuf *p, u8_t proto, u16_t proto_len,
+       u16_t chksum_len, u32_t acc)
+{
+  struct pbuf *q;
+  u8_t swapped = 0;
+  u16_t chklen;
+
+  /* iterate through all pbuf in chain */
+  for(q = p; (q != NULL) && (chksum_len > 0); q = q->next) {
+    LWIP_DEBUGF(INET_DEBUG, ("inet_chksum_pseudo(): checksumming pbuf %p (has next %p) \n",
+      (void *)q, (void *)q->next));
+    chklen = q->len;
+    if (chklen > chksum_len) {
+      chklen = chksum_len;
+    }
+    acc += LWIP_CHKSUM(q->payload, chklen);
+    chksum_len -= chklen;
+    LWIP_ASSERT("delete me", chksum_len < 0x7fff);
+    /*LWIP_DEBUGF(INET_DEBUG, ("inet_chksum_pseudo(): unwrapped lwip_chksum()=%"X32_F" \n", acc));*/
+    /* fold the upper bit down */
+    acc = FOLD_U32T(acc);
+    if (q->len % 2 != 0) {
+      swapped = 1 - swapped;
+      acc = SWAP_BYTES_IN_WORD(acc);
+    }
+    /*LWIP_DEBUGF(INET_DEBUG, ("inet_chksum_pseudo(): wrapped lwip_chksum()=%"X32_F" \n", acc));*/
+  }
+
+  if (swapped) {
+    acc = SWAP_BYTES_IN_WORD(acc);
+  }
+
+  acc += (u32_t)htons((u16_t)proto);
+  acc += (u32_t)htons(proto_len);
+
+  /* Fold 32-bit sum to 16 bits
+     calling this twice is propably faster than if statements... */
+  acc = FOLD_U32T(acc);
+  acc = FOLD_U32T(acc);
+  LWIP_DEBUGF(INET_DEBUG, ("inet_chksum_pseudo(): pbuf chain lwip_chksum()=%"X32_F"\n", acc));
+  return (u16_t)~(acc & 0xffffUL);
+}
+
+/* inet_chksum_pseudo_partial:
+ *
+ * Calculates the pseudo Internet checksum used by TCP and UDP for a pbuf chain.
+ * IP addresses are expected to be in network byte order.
+ *
+ * @param p chain of pbufs over that a checksum should be calculated (ip data part)
+ * @param src source ip address (used for checksum of pseudo header)
+ * @param dst destination ip address (used for checksum of pseudo header)
+ * @param proto ip protocol (used for checksum of pseudo header)
+ * @param proto_len length of the ip data part (used for checksum of pseudo header)
+ * @return checksum (as u16_t) to be saved directly in the protocol header
+ */
+u16_t
+inet_chksum_pseudo_partial(struct pbuf *p, u8_t proto, u16_t proto_len,
+       u16_t chksum_len, ip_addr_t *src, ip_addr_t *dest)
+{
+  u32_t acc;
+  u32_t addr;
+
+  addr = ip4_addr_get_u32(src);
+  acc = (addr & 0xffffUL);
+  acc += ((addr >> 16) & 0xffffUL);
+  addr = ip4_addr_get_u32(dest);
+  acc += (addr & 0xffffUL);
+  acc += ((addr >> 16) & 0xffffUL);
+  /* fold down to 16 bits */
+  acc = FOLD_U32T(acc);
+  acc = FOLD_U32T(acc);
+
+  return inet_cksum_pseudo_partial_base(p, proto, proto_len, chksum_len, acc);
+}
+
+#if LWIP_IPV6
+/**
+ * Calculates the checksum with IPv6 pseudo header used by TCP and UDP for a pbuf chain.
+ * IPv6 addresses are expected to be in network byte order. Will only compute for a
+ * portion of the payload.
+ *
+ * @param p chain of pbufs over that a checksum should be calculated (ip data part)
+ * @param src source ipv6 address (used for checksum of pseudo header)
+ * @param dst destination ipv6 address (used for checksum of pseudo header)
+ * @param proto ipv6 protocol/next header (used for checksum of pseudo header)
+ * @param proto_len length of the ipv6 payload (used for checksum of pseudo header)
+ * @param chksum_len number of payload bytes used to compute chksum
+ * @return checksum (as u16_t) to be saved directly in the protocol header
+ */
+u16_t
+ip6_chksum_pseudo_partial(struct pbuf *p, u8_t proto, u16_t proto_len,
+       u16_t chksum_len, ip6_addr_t *src, ip6_addr_t *dest)
+{
+  u32_t acc = 0;
+  u32_t addr;
+  u8_t addr_part;
+
+  for (addr_part = 0; addr_part < 4; addr_part++) {
+    addr = src->addr[addr_part];
+    acc += (addr & 0xffffUL);
+    acc += ((addr >> 16) & 0xffffUL);
+    addr = dest->addr[addr_part];
+    acc += (addr & 0xffffUL);
+    acc += ((addr >> 16) & 0xffffUL);
+  }
+  /* fold down to 16 bits */
+  acc = FOLD_U32T(acc);
+  acc = FOLD_U32T(acc);
+
+  return inet_cksum_pseudo_partial_base(p, proto, proto_len, chksum_len, acc);
+}
+#endif /* LWIP_IPV6 */
+
+/* inet_chksum:
+ *
+ * Calculates the Internet checksum over a portion of memory. Used primarily for IP
+ * and ICMP.
+ *
+ * @param dataptr start of the buffer to calculate the checksum (no alignment needed)
+ * @param len length of the buffer to calculate the checksum
+ * @return checksum (as u16_t) to be saved directly in the protocol header
+ */
+
+u16_t
+inet_chksum(void *dataptr, u16_t len)
+{
+  return ~LWIP_CHKSUM(dataptr, len);
+}
+
+/**
+ * Calculate a checksum over a chain of pbufs (without pseudo-header, much like
+ * inet_chksum only pbufs are used).
+ *
+ * @param p pbuf chain over that the checksum should be calculated
+ * @return checksum (as u16_t) to be saved directly in the protocol header
+ */
+u16_t
+inet_chksum_pbuf(struct pbuf *p)
+{
+  u32_t acc;
+  struct pbuf *q;
+  u8_t swapped;
+
+  acc = 0;
+  swapped = 0;
+  for(q = p; q != NULL; q = q->next) {
+    acc += LWIP_CHKSUM(q->payload, q->len);
+    acc = FOLD_U32T(acc);
+    if (q->len % 2 != 0) {
+      swapped = 1 - swapped;
+      acc = SWAP_BYTES_IN_WORD(acc);
+    }
+  }
+
+  if (swapped) {
+    acc = SWAP_BYTES_IN_WORD(acc);
+  }
+  return (u16_t)~(acc & 0xffffUL);
+}
+
+/* These are some implementations for LWIP_CHKSUM_COPY, which copies data
+ * like MEMCPY but generates a checksum at the same time. Since this is a
+ * performance-sensitive function, you might want to create your own version
+ * in assembly targeted at your hardware by defining it in lwipopts.h:
+ *   #define LWIP_CHKSUM_COPY(dst, src, len) your_chksum_copy(dst, src, len)
+ */
+
+#if (LWIP_CHKSUM_COPY_ALGORITHM == 1) /* Version #1 */
+/** Safe but slow: first call MEMCPY, then call LWIP_CHKSUM.
+ * For architectures with big caches, data might still be in cache when
+ * generating the checksum after copying.
+ */
+u16_t
+lwip_chksum_copy(void *dst, const void *src, u16_t len)
+{
+  MEMCPY(dst, src, len);
+  return LWIP_CHKSUM(dst, len);
+}
+#endif /* (LWIP_CHKSUM_COPY_ALGORITHM == 1) */
diff --git a/client/3rd/PacketProcessor/PacketProcessor/tun2socks-iOS/lwip/src/core/init.c b/client/3rd/PacketProcessor/PacketProcessor/tun2socks-iOS/lwip/src/core/init.c
new file mode 100644
index 00000000..c24c0274
--- /dev/null
+++ b/client/3rd/PacketProcessor/PacketProcessor/tun2socks-iOS/lwip/src/core/init.c
@@ -0,0 +1,345 @@
+/**
+ * @file
+ * Modules initialization
+ *
+ */
+
+/*
+ * Copyright (c) 2001-2004 Swedish Institute of Computer Science.
+ * All rights reserved. 
+ * 
+ * Redistribution and use in source and binary forms, with or without modification, 
+ * are permitted provided that the following conditions are met:
+ *
+ * 1. Redistributions of source code must retain the above copyright notice,
+ *    this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright notice,
+ *    this list of conditions and the following disclaimer in the documentation
+ *    and/or other materials provided with the distribution.
+ * 3. The name of the author may not be used to endorse or promote products
+ *    derived from this software without specific prior written permission. 
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE AUTHOR ``AS IS'' AND ANY EXPRESS OR IMPLIED 
+ * WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF 
+ * MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT 
+ * SHALL THE AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, 
+ * EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT 
+ * OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS 
+ * INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN 
+ * CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING 
+ * IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY 
+ * OF SUCH DAMAGE.
+ *
+ * This file is part of the lwIP TCP/IP stack.
+ * 
+ * Author: Adam Dunkels <adam@sics.se>
+ *
+ */
+
+#include "lwip/opt.h"
+
+#include "lwip/init.h"
+#include "lwip/stats.h"
+#include "lwip/sys.h"
+#include "lwip/mem.h"
+#include "lwip/memp.h"
+#include "lwip/pbuf.h"
+#include "lwip/netif.h"
+#include "lwip/sockets.h"
+#include "lwip/ip.h"
+#include "lwip/raw.h"
+#include "lwip/udp.h"
+#include "lwip/tcp_impl.h"
+#include "lwip/snmp_msg.h"
+#include "lwip/autoip.h"
+#include "lwip/igmp.h"
+#include "lwip/dns.h"
+#include "lwip/timers.h"
+#include "netif/etharp.h"
+#include "lwip/ip6.h"
+#include "lwip/nd6.h"
+#include "lwip/mld6.h"
+#include "lwip/api.h"
+
+/* Compile-time sanity checks for configuration errors.
+ * These can be done independently of LWIP_DEBUG, without penalty.
+ */
+#ifndef BYTE_ORDER
+  #error "BYTE_ORDER is not defined, you have to define it in your cc.h"
+#endif
+#if (!IP_SOF_BROADCAST && IP_SOF_BROADCAST_RECV)
+  #error "If you want to use broadcast filter per pcb on recv operations, you have to define IP_SOF_BROADCAST=1 in your lwipopts.h"
+#endif
+#if (!LWIP_UDP && LWIP_UDPLITE)
+  #error "If you want to use UDP Lite, you have to define LWIP_UDP=1 in your lwipopts.h"
+#endif
+#if (!LWIP_UDP && LWIP_SNMP)
+  #error "If you want to use SNMP, you have to define LWIP_UDP=1 in your lwipopts.h"
+#endif
+#if (!LWIP_UDP && LWIP_DHCP)
+  #error "If you want to use DHCP, you have to define LWIP_UDP=1 in your lwipopts.h"
+#endif
+#if (!LWIP_UDP && LWIP_IGMP)
+  #error "If you want to use IGMP, you have to define LWIP_UDP=1 in your lwipopts.h"
+#endif
+#if (!LWIP_UDP && LWIP_SNMP)
+  #error "If you want to use SNMP, you have to define LWIP_UDP=1 in your lwipopts.h"
+#endif
+#if (!LWIP_UDP && LWIP_DNS)
+  #error "If you want to use DNS, you have to define LWIP_UDP=1 in your lwipopts.h"
+#endif
+#if !MEMP_MEM_MALLOC /* MEMP_NUM_* checks are disabled when not using the pool allocator */
+#if (LWIP_ARP && ARP_QUEUEING && (MEMP_NUM_ARP_QUEUE<=0))
+  #error "If you want to use ARP Queueing, you have to define MEMP_NUM_ARP_QUEUE>=1 in your lwipopts.h"
+#endif
+#if (LWIP_RAW && (MEMP_NUM_RAW_PCB<=0))
+  #error "If you want to use RAW, you have to define MEMP_NUM_RAW_PCB>=1 in your lwipopts.h"
+#endif
+#if (LWIP_UDP && (MEMP_NUM_UDP_PCB<=0))
+  #error "If you want to use UDP, you have to define MEMP_NUM_UDP_PCB>=1 in your lwipopts.h"
+#endif
+#if (LWIP_TCP && (MEMP_NUM_TCP_PCB<=0))
+  #error "If you want to use TCP, you have to define MEMP_NUM_TCP_PCB>=1 in your lwipopts.h"
+#endif
+#if (LWIP_IGMP && (MEMP_NUM_IGMP_GROUP<=1))
+  #error "If you want to use IGMP, you have to define MEMP_NUM_IGMP_GROUP>1 in your lwipopts.h"
+#endif
+#if ((LWIP_NETCONN || LWIP_SOCKET) && (MEMP_NUM_TCPIP_MSG_API<=0))
+  #error "If you want to use Sequential API, you have to define MEMP_NUM_TCPIP_MSG_API>=1 in your lwipopts.h"
+#endif
+/* There must be sufficient timeouts, taking into account requirements of the subsystems. */
+#if LWIP_TIMERS && (MEMP_NUM_SYS_TIMEOUT < (LWIP_TCP + IP_REASSEMBLY + LWIP_ARP + (2*LWIP_DHCP) + LWIP_AUTOIP + LWIP_IGMP + LWIP_DNS + PPP_SUPPORT + (LWIP_IPV6 ? (1 + LWIP_IPV6_REASS + LWIP_IPV6_MLD) : 0)))
+  #error "MEMP_NUM_SYS_TIMEOUT is too low to accomodate all required timeouts"
+#endif
+#if (IP_REASSEMBLY && (MEMP_NUM_REASSDATA > IP_REASS_MAX_PBUFS))
+  #error "MEMP_NUM_REASSDATA > IP_REASS_MAX_PBUFS doesn't make sense since each struct ip_reassdata must hold 2 pbufs at least!"
+#endif
+#endif /* !MEMP_MEM_MALLOC */
+#if (LWIP_TCP && (TCP_WND > 0xffff))
+  #error "If you want to use TCP, TCP_WND must fit in an u16_t, so, you have to reduce it in your lwipopts.h"
+#endif
+#if (LWIP_TCP && (TCP_SND_QUEUELEN > 0xffff))
+  #error "If you want to use TCP, TCP_SND_QUEUELEN must fit in an u16_t, so, you have to reduce it in your lwipopts.h"
+#endif
+#if (LWIP_TCP && (TCP_SND_QUEUELEN < 2))
+  #error "TCP_SND_QUEUELEN must be at least 2 for no-copy TCP writes to work"
+#endif
+#if (LWIP_TCP && ((TCP_MAXRTX > 12) || (TCP_SYNMAXRTX > 12)))
+  #error "If you want to use TCP, TCP_MAXRTX and TCP_SYNMAXRTX must less or equal to 12 (due to tcp_backoff table), so, you have to reduce them in your lwipopts.h"
+#endif
+#if (LWIP_TCP && TCP_LISTEN_BACKLOG && (TCP_DEFAULT_LISTEN_BACKLOG < 0) || (TCP_DEFAULT_LISTEN_BACKLOG > 0xff))
+  #error "If you want to use TCP backlog, TCP_DEFAULT_LISTEN_BACKLOG must fit into an u8_t"
+#endif
+#if (LWIP_NETIF_API && (NO_SYS==1))
+  #error "If you want to use NETIF API, you have to define NO_SYS=0 in your lwipopts.h"
+#endif
+#if ((LWIP_SOCKET || LWIP_NETCONN) && (NO_SYS==1))
+  #error "If you want to use Sequential API, you have to define NO_SYS=0 in your lwipopts.h"
+#endif
+#if (!LWIP_NETCONN && LWIP_SOCKET)
+  #error "If you want to use Socket API, you have to define LWIP_NETCONN=1 in your lwipopts.h"
+#endif
+#if (((!LWIP_DHCP) || (!LWIP_AUTOIP)) && LWIP_DHCP_AUTOIP_COOP)
+  #error "If you want to use DHCP/AUTOIP cooperation mode, you have to define LWIP_DHCP=1 and LWIP_AUTOIP=1 in your lwipopts.h"
+#endif
+#if (((!LWIP_DHCP) || (!LWIP_ARP)) && DHCP_DOES_ARP_CHECK)
+  #error "If you want to use DHCP ARP checking, you have to define LWIP_DHCP=1 and LWIP_ARP=1 in your lwipopts.h"
+#endif
+#if (!LWIP_ARP && LWIP_AUTOIP)
+  #error "If you want to use AUTOIP, you have to define LWIP_ARP=1 in your lwipopts.h"
+#endif
+#if (LWIP_SNMP && (SNMP_CONCURRENT_REQUESTS<=0))
+  #error "If you want to use SNMP, you have to define SNMP_CONCURRENT_REQUESTS>=1 in your lwipopts.h"
+#endif
+#if (LWIP_SNMP && (SNMP_TRAP_DESTINATIONS<=0))
+  #error "If you want to use SNMP, you have to define SNMP_TRAP_DESTINATIONS>=1 in your lwipopts.h"
+#endif
+#if (LWIP_TCP && ((LWIP_EVENT_API && LWIP_CALLBACK_API) || (!LWIP_EVENT_API && !LWIP_CALLBACK_API)))
+  #error "One and exactly one of LWIP_EVENT_API and LWIP_CALLBACK_API has to be enabled in your lwipopts.h"
+#endif
+#if (MEM_LIBC_MALLOC && MEM_USE_POOLS)
+  #error "MEM_LIBC_MALLOC and MEM_USE_POOLS may not both be simultaneously enabled in your lwipopts.h"
+#endif
+#if (MEM_USE_POOLS && !MEMP_USE_CUSTOM_POOLS)
+  #error "MEM_USE_POOLS requires custom pools (MEMP_USE_CUSTOM_POOLS) to be enabled in your lwipopts.h"
+#endif
+#if (PBUF_POOL_BUFSIZE <= MEM_ALIGNMENT)
+  #error "PBUF_POOL_BUFSIZE must be greater than MEM_ALIGNMENT or the offset may take the full first pbuf"
+#endif
+#if (DNS_LOCAL_HOSTLIST && !DNS_LOCAL_HOSTLIST_IS_DYNAMIC && !(defined(DNS_LOCAL_HOSTLIST_INIT)))
+  #error "you have to define define DNS_LOCAL_HOSTLIST_INIT {{'host1', 0x123}, {'host2', 0x234}} to initialize DNS_LOCAL_HOSTLIST"
+#endif
+#if PPP_SUPPORT && !PPPOS_SUPPORT & !PPPOE_SUPPORT
+  #error "PPP_SUPPORT needs either PPPOS_SUPPORT or PPPOE_SUPPORT turned on"
+#endif
+#if !LWIP_ETHERNET && (LWIP_ARP || PPPOE_SUPPORT)
+  #error "LWIP_ETHERNET needs to be turned on for LWIP_ARP or PPPOE_SUPPORT"
+#endif
+#if (LWIP_IGMP || LWIP_IPV6) && !defined(LWIP_RAND)
+  #error "When using IGMP or IPv6, LWIP_RAND() needs to be defined to a random-function returning an u32_t random value"
+#endif
+#if LWIP_TCPIP_CORE_LOCKING_INPUT && !LWIP_TCPIP_CORE_LOCKING
+  #error "When using LWIP_TCPIP_CORE_LOCKING_INPUT, LWIP_TCPIP_CORE_LOCKING must be enabled, too"
+#endif
+#if LWIP_TCP && LWIP_NETIF_TX_SINGLE_PBUF && !TCP_OVERSIZE
+  #error "LWIP_NETIF_TX_SINGLE_PBUF needs TCP_OVERSIZE enabled to create single-pbuf TCP packets"
+#endif
+#if IP_FRAG && IP_FRAG_USES_STATIC_BUF && LWIP_NETIF_TX_SINGLE_PBUF
+  #error "LWIP_NETIF_TX_SINGLE_PBUF does not work with IP_FRAG_USES_STATIC_BUF==1 as that creates pbuf queues"
+#endif
+#if LWIP_NETCONN && LWIP_TCP
+#if NETCONN_COPY != TCP_WRITE_FLAG_COPY
+  #error "NETCONN_COPY != TCP_WRITE_FLAG_COPY"
+#endif
+#if NETCONN_MORE != TCP_WRITE_FLAG_MORE
+  #error "NETCONN_MORE != TCP_WRITE_FLAG_MORE"
+#endif
+#endif /* LWIP_NETCONN && LWIP_TCP */ 
+#if LWIP_SOCKET
+/* Check that the SO_* socket options and SOF_* lwIP-internal flags match */
+#if SO_ACCEPTCONN != SOF_ACCEPTCONN
+  #error "SO_ACCEPTCONN != SOF_ACCEPTCONN"
+#endif
+#if SO_REUSEADDR != SOF_REUSEADDR
+  #error "WARNING: SO_REUSEADDR != SOF_REUSEADDR"
+#endif
+#if SO_KEEPALIVE != SOF_KEEPALIVE
+  #error "WARNING: SO_KEEPALIVE != SOF_KEEPALIVE"
+#endif
+#if SO_BROADCAST != SOF_BROADCAST
+  #error "WARNING: SO_BROADCAST != SOF_BROADCAST"
+#endif
+#if SO_LINGER != SOF_LINGER
+  #error "WARNING: SO_LINGER != SOF_LINGER"
+#endif
+#endif /* LWIP_SOCKET */
+
+
+/* Compile-time checks for deprecated options.
+ */
+#ifdef MEMP_NUM_TCPIP_MSG
+  #error "MEMP_NUM_TCPIP_MSG option is deprecated. Remove it from your lwipopts.h."
+#endif
+#ifdef MEMP_NUM_API_MSG
+  #error "MEMP_NUM_API_MSG option is deprecated. Remove it from your lwipopts.h."
+#endif
+#ifdef TCP_REXMIT_DEBUG
+  #error "TCP_REXMIT_DEBUG option is deprecated. Remove it from your lwipopts.h."
+#endif
+#ifdef RAW_STATS
+  #error "RAW_STATS option is deprecated. Remove it from your lwipopts.h."
+#endif
+#ifdef ETHARP_QUEUE_FIRST
+  #error "ETHARP_QUEUE_FIRST option is deprecated. Remove it from your lwipopts.h."
+#endif
+#ifdef ETHARP_ALWAYS_INSERT
+  #error "ETHARP_ALWAYS_INSERT option is deprecated. Remove it from your lwipopts.h."
+#endif
+
+#ifndef LWIP_DISABLE_TCP_SANITY_CHECKS
+#define LWIP_DISABLE_TCP_SANITY_CHECKS  0
+#endif
+#ifndef LWIP_DISABLE_MEMP_SANITY_CHECKS
+#define LWIP_DISABLE_MEMP_SANITY_CHECKS 0
+#endif
+
+/* MEMP sanity checks */
+#if !LWIP_DISABLE_MEMP_SANITY_CHECKS
+#if LWIP_NETCONN
+#if MEMP_MEM_MALLOC
+#if !MEMP_NUM_NETCONN && LWIP_SOCKET
+#error "lwip_sanity_check: WARNING: MEMP_NUM_NETCONN cannot be 0 when using sockets!"
+#endif
+#else /* MEMP_MEM_MALLOC */
+#if MEMP_NUM_NETCONN > (MEMP_NUM_TCP_PCB+MEMP_NUM_TCP_PCB_LISTEN+MEMP_NUM_UDP_PCB+MEMP_NUM_RAW_PCB)
+#error "lwip_sanity_check: WARNING: MEMP_NUM_NETCONN should be less than the sum of MEMP_NUM_{TCP,RAW,UDP}_PCB+MEMP_NUM_TCP_PCB_LISTEN. If you know what you are doing, define LWIP_DISABLE_MEMP_SANITY_CHECKS to 1 to disable this error."
+#endif
+#endif /* MEMP_MEM_MALLOC */
+#endif /* LWIP_NETCONN */
+#endif /* !LWIP_DISABLE_MEMP_SANITY_CHECKS */
+
+/* TCP sanity checks */
+#if !LWIP_DISABLE_TCP_SANITY_CHECKS
+#if LWIP_TCP
+#if !MEMP_MEM_MALLOC && (MEMP_NUM_TCP_SEG < TCP_SND_QUEUELEN)
+  #error "lwip_sanity_check: WARNING: MEMP_NUM_TCP_SEG should be at least as big as TCP_SND_QUEUELEN. If you know what you are doing, define LWIP_DISABLE_TCP_SANITY_CHECKS to 1 to disable this error."
+#endif
+#if TCP_SND_BUF < (2 * TCP_MSS)
+  #error "lwip_sanity_check: WARNING: TCP_SND_BUF must be at least as much as (2 * TCP_MSS) for things to work smoothly. If you know what you are doing, define LWIP_DISABLE_TCP_SANITY_CHECKS to 1 to disable this error."
+#endif
+#if TCP_SND_QUEUELEN < (2 * (TCP_SND_BUF / TCP_MSS))
+  #error "lwip_sanity_check: WARNING: TCP_SND_QUEUELEN must be at least as much as (2 * TCP_SND_BUF/TCP_MSS) for things to work. If you know what you are doing, define LWIP_DISABLE_TCP_SANITY_CHECKS to 1 to disable this error."
+#endif
+#if TCP_SNDLOWAT >= TCP_SND_BUF
+  #error "lwip_sanity_check: WARNING: TCP_SNDLOWAT must be less than TCP_SND_BUF. If you know what you are doing, define LWIP_DISABLE_TCP_SANITY_CHECKS to 1 to disable this error."
+#endif
+#if TCP_SNDQUEUELOWAT >= TCP_SND_QUEUELEN
+  #error "lwip_sanity_check: WARNING: TCP_SNDQUEUELOWAT must be less than TCP_SND_QUEUELEN. If you know what you are doing, define LWIP_DISABLE_TCP_SANITY_CHECKS to 1 to disable this error."
+#endif
+#if !MEMP_MEM_MALLOC && (PBUF_POOL_BUFSIZE <= (PBUF_LINK_HLEN + PBUF_IP_HLEN + PBUF_TRANSPORT_HLEN))
+  #error "lwip_sanity_check: WARNING: PBUF_POOL_BUFSIZE does not provide enough space for protocol headers. If you know what you are doing, define LWIP_DISABLE_TCP_SANITY_CHECKS to 1 to disable this error."
+#endif
+#if !MEMP_MEM_MALLOC && (TCP_WND > (PBUF_POOL_SIZE * (PBUF_POOL_BUFSIZE - (PBUF_LINK_HLEN + PBUF_IP_HLEN + PBUF_TRANSPORT_HLEN))))
+  #error "lwip_sanity_check: WARNING: TCP_WND is larger than space provided by PBUF_POOL_SIZE * (PBUF_POOL_BUFSIZE - protocol headers). If you know what you are doing, define LWIP_DISABLE_TCP_SANITY_CHECKS to 1 to disable this error."
+#endif
+#if TCP_WND < TCP_MSS
+  #error "lwip_sanity_check: WARNING: TCP_WND is smaller than MSS. If you know what you are doing, define LWIP_DISABLE_TCP_SANITY_CHECKS to 1 to disable this error."
+#endif
+#endif /* LWIP_TCP */
+#endif /* !LWIP_DISABLE_TCP_SANITY_CHECKS */
+
+/**
+ * Perform Sanity check of user-configurable values, and initialize all modules.
+ */
+void
+lwip_init(void)
+{
+  /* Modules initialization */
+  stats_init();
+#if !NO_SYS
+  sys_init();
+#endif /* !NO_SYS */
+  mem_init();
+  memp_init();
+  pbuf_init();
+  netif_init();
+#if LWIP_SOCKET
+  lwip_socket_init();
+#endif /* LWIP_SOCKET */
+  ip_init();
+#if LWIP_ARP
+  etharp_init();
+#endif /* LWIP_ARP */
+#if LWIP_RAW
+  raw_init();
+#endif /* LWIP_RAW */
+#if LWIP_UDP
+  udp_init();
+#endif /* LWIP_UDP */
+#if LWIP_TCP
+  tcp_init();
+#endif /* LWIP_TCP */
+#if LWIP_SNMP
+  snmp_init();
+#endif /* LWIP_SNMP */
+#if LWIP_AUTOIP
+  autoip_init();
+#endif /* LWIP_AUTOIP */
+#if LWIP_IGMP
+  igmp_init();
+#endif /* LWIP_IGMP */
+#if LWIP_DNS
+  dns_init();
+#endif /* LWIP_DNS */
+#if LWIP_IPV6
+  ip6_init();
+  nd6_init();
+#if LWIP_IPV6_MLD
+  mld6_init();
+#endif /* LWIP_IPV6_MLD */
+#endif /* LWIP_IPV6 */
+
+#if LWIP_TIMERS
+  sys_timeouts_init();
+#endif /* LWIP_TIMERS */
+}
diff --git a/client/3rd/PacketProcessor/PacketProcessor/tun2socks-iOS/lwip/src/core/ipv4/icmp.c b/client/3rd/PacketProcessor/PacketProcessor/tun2socks-iOS/lwip/src/core/ipv4/icmp.c
new file mode 100644
index 00000000..af471533
--- /dev/null
+++ b/client/3rd/PacketProcessor/PacketProcessor/tun2socks-iOS/lwip/src/core/ipv4/icmp.c
@@ -0,0 +1,338 @@
+/**
+ * @file
+ * ICMP - Internet Control Message Protocol
+ *
+ */
+
+/*
+ * Copyright (c) 2001-2004 Swedish Institute of Computer Science.
+ * All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without modification,
+ * are permitted provided that the following conditions are met:
+ *
+ * 1. Redistributions of source code must retain the above copyright notice,
+ *    this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright notice,
+ *    this list of conditions and the following disclaimer in the documentation
+ *    and/or other materials provided with the distribution.
+ * 3. The name of the author may not be used to endorse or promote products
+ *    derived from this software without specific prior written permission.
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE AUTHOR ``AS IS'' AND ANY EXPRESS OR IMPLIED
+ * WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF
+ * MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT
+ * SHALL THE AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL,
+ * EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT
+ * OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS
+ * INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN
+ * CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING
+ * IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY
+ * OF SUCH DAMAGE.
+ *
+ * This file is part of the lwIP TCP/IP stack.
+ *
+ * Author: Adam Dunkels <adam@sics.se>
+ *
+ */
+
+/* Some ICMP messages should be passed to the transport protocols. This
+   is not implemented. */
+
+#include "lwip/opt.h"
+
+#if LWIP_ICMP /* don't build if not configured for use in lwipopts.h */
+
+#include "lwip/icmp.h"
+#include "lwip/inet_chksum.h"
+#include "lwip/ip.h"
+#include "lwip/def.h"
+#include "lwip/stats.h"
+#include "lwip/snmp.h"
+
+#include <string.h>
+
+/** Small optimization: set to 0 if incoming PBUF_POOL pbuf always can be
+ * used to modify and send a response packet (and to 1 if this is not the case,
+ * e.g. when link header is stripped of when receiving) */
+#ifndef LWIP_ICMP_ECHO_CHECK_INPUT_PBUF_LEN
+#define LWIP_ICMP_ECHO_CHECK_INPUT_PBUF_LEN 1
+#endif /* LWIP_ICMP_ECHO_CHECK_INPUT_PBUF_LEN */
+
+/* The amount of data from the original packet to return in a dest-unreachable */
+#define ICMP_DEST_UNREACH_DATASIZE 8
+
+static void icmp_send_response(struct pbuf *p, u8_t type, u8_t code);
+
+/**
+ * Processes ICMP input packets, called from ip_input().
+ *
+ * Currently only processes icmp echo requests and sends
+ * out the echo response.
+ *
+ * @param p the icmp echo request packet, p->payload pointing to the icmp header
+ * @param inp the netif on which this packet was received
+ */
+void
+icmp_input(struct pbuf *p, struct netif *inp)
+{
+  u8_t type;
+#ifdef LWIP_DEBUG
+  u8_t code;
+#endif /* LWIP_DEBUG */
+  struct icmp_echo_hdr *iecho;
+  struct ip_hdr *iphdr;
+  s16_t hlen;
+
+  ICMP_STATS_INC(icmp.recv);
+  snmp_inc_icmpinmsgs();
+
+  iphdr = (struct ip_hdr *)ip_current_header();
+  hlen = IPH_HL(iphdr) * 4;
+  if (p->len < sizeof(u16_t)*2) {
+    LWIP_DEBUGF(ICMP_DEBUG, ("icmp_input: short ICMP (%"U16_F" bytes) received\n", p->tot_len));
+    goto lenerr;
+  }
+
+  type = *((u8_t *)p->payload);
+#ifdef LWIP_DEBUG
+  code = *(((u8_t *)p->payload)+1);
+#endif /* LWIP_DEBUG */
+  switch (type) {
+  case ICMP_ER:
+    /* This is OK, echo reply might have been parsed by a raw PCB
+       (as obviously, an echo request has been sent, too). */
+    break; 
+  case ICMP_ECHO:
+#if !LWIP_MULTICAST_PING || !LWIP_BROADCAST_PING
+    {
+      int accepted = 1;
+#if !LWIP_MULTICAST_PING
+      /* multicast destination address? */
+      if (ip_addr_ismulticast(ip_current_dest_addr())) {
+        accepted = 0;
+      }
+#endif /* LWIP_MULTICAST_PING */
+#if !LWIP_BROADCAST_PING
+      /* broadcast destination address? */
+      if (ip_addr_isbroadcast(ip_current_dest_addr(), inp)) {
+        accepted = 0;
+      }
+#endif /* LWIP_BROADCAST_PING */
+      /* broadcast or multicast destination address not acceptd? */
+      if (!accepted) {
+        LWIP_DEBUGF(ICMP_DEBUG, ("icmp_input: Not echoing to multicast or broadcast pings\n"));
+        ICMP_STATS_INC(icmp.err);
+        pbuf_free(p);
+        return;
+      }
+    }
+#endif /* !LWIP_MULTICAST_PING || !LWIP_BROADCAST_PING */
+    LWIP_DEBUGF(ICMP_DEBUG, ("icmp_input: ping\n"));
+    if (p->tot_len < sizeof(struct icmp_echo_hdr)) {
+      LWIP_DEBUGF(ICMP_DEBUG, ("icmp_input: bad ICMP echo received\n"));
+      goto lenerr;
+    }
+    if (inet_chksum_pbuf(p) != 0) {
+      LWIP_DEBUGF(ICMP_DEBUG, ("icmp_input: checksum failed for received ICMP echo\n"));
+      pbuf_free(p);
+      ICMP_STATS_INC(icmp.chkerr);
+      snmp_inc_icmpinerrors();
+      return;
+    }
+#if LWIP_ICMP_ECHO_CHECK_INPUT_PBUF_LEN
+    if (pbuf_header(p, (PBUF_IP_HLEN + PBUF_LINK_HLEN))) {
+      /* p is not big enough to contain link headers
+       * allocate a new one and copy p into it
+       */
+      struct pbuf *r;
+      /* switch p->payload to ip header */
+      if (pbuf_header(p, hlen)) {
+        LWIP_ASSERT("icmp_input: moving p->payload to ip header failed\n", 0);
+        goto memerr;
+      }
+      /* allocate new packet buffer with space for link headers */
+      r = pbuf_alloc(PBUF_LINK, p->tot_len, PBUF_RAM);
+      if (r == NULL) {
+        LWIP_DEBUGF(ICMP_DEBUG, ("icmp_input: allocating new pbuf failed\n"));
+        goto memerr;
+      }
+      LWIP_ASSERT("check that first pbuf can hold struct the ICMP header",
+                  (r->len >= hlen + sizeof(struct icmp_echo_hdr)));
+      /* copy the whole packet including ip header */
+      if (pbuf_copy(r, p) != ERR_OK) {
+        LWIP_ASSERT("icmp_input: copying to new pbuf failed\n", 0);
+        goto memerr;
+      }
+      iphdr = (struct ip_hdr *)r->payload;
+      /* switch r->payload back to icmp header */
+      if (pbuf_header(r, -hlen)) {
+        LWIP_ASSERT("icmp_input: restoring original p->payload failed\n", 0);
+        goto memerr;
+      }
+      /* free the original p */
+      pbuf_free(p);
+      /* we now have an identical copy of p that has room for link headers */
+      p = r;
+    } else {
+      /* restore p->payload to point to icmp header */
+      if (pbuf_header(p, -(s16_t)(PBUF_IP_HLEN + PBUF_LINK_HLEN))) {
+        LWIP_ASSERT("icmp_input: restoring original p->payload failed\n", 0);
+        goto memerr;
+      }
+    }
+#endif /* LWIP_ICMP_ECHO_CHECK_INPUT_PBUF_LEN */
+    /* At this point, all checks are OK. */
+    /* We generate an answer by switching the dest and src ip addresses,
+     * setting the icmp type to ECHO_RESPONSE and updating the checksum. */
+    iecho = (struct icmp_echo_hdr *)p->payload;
+    ip_addr_copy(iphdr->src, *ip_current_dest_addr());
+    ip_addr_copy(iphdr->dest, *ip_current_src_addr());
+    ICMPH_TYPE_SET(iecho, ICMP_ER);
+#if CHECKSUM_GEN_ICMP
+    /* adjust the checksum */
+    if (iecho->chksum >= PP_HTONS(0xffffU - (ICMP_ECHO << 8))) {
+      iecho->chksum += PP_HTONS(ICMP_ECHO << 8) + 1;
+    } else {
+      iecho->chksum += PP_HTONS(ICMP_ECHO << 8);
+    }
+#else /* CHECKSUM_GEN_ICMP */
+    iecho->chksum = 0;
+#endif /* CHECKSUM_GEN_ICMP */
+
+    /* Set the correct TTL and recalculate the header checksum. */
+    IPH_TTL_SET(iphdr, ICMP_TTL);
+    IPH_CHKSUM_SET(iphdr, 0);
+#if CHECKSUM_GEN_IP
+    IPH_CHKSUM_SET(iphdr, inet_chksum(iphdr, IP_HLEN));
+#endif /* CHECKSUM_GEN_IP */
+
+    ICMP_STATS_INC(icmp.xmit);
+    /* increase number of messages attempted to send */
+    snmp_inc_icmpoutmsgs();
+    /* increase number of echo replies attempted to send */
+    snmp_inc_icmpoutechoreps();
+
+    if(pbuf_header(p, hlen)) {
+      LWIP_ASSERT("Can't move over header in packet", 0);
+    } else {
+      err_t ret;
+      /* send an ICMP packet, src addr is the dest addr of the curren packet */
+      ret = ip_output_if(p, ip_current_dest_addr(), IP_HDRINCL,
+                   ICMP_TTL, 0, IP_PROTO_ICMP, inp);
+      if (ret != ERR_OK) {
+        LWIP_DEBUGF(ICMP_DEBUG, ("icmp_input: ip_output_if returned an error: %c.\n", ret));
+      }
+    }
+    break;
+  default:
+    LWIP_DEBUGF(ICMP_DEBUG, ("icmp_input: ICMP type %"S16_F" code %"S16_F" not supported.\n", 
+                (s16_t)type, (s16_t)code));
+    ICMP_STATS_INC(icmp.proterr);
+    ICMP_STATS_INC(icmp.drop);
+  }
+  pbuf_free(p);
+  return;
+lenerr:
+  pbuf_free(p);
+  ICMP_STATS_INC(icmp.lenerr);
+  snmp_inc_icmpinerrors();
+  return;
+#if LWIP_ICMP_ECHO_CHECK_INPUT_PBUF_LEN
+memerr:
+  pbuf_free(p);
+  ICMP_STATS_INC(icmp.err);
+  snmp_inc_icmpinerrors();
+  return;
+#endif /* LWIP_ICMP_ECHO_CHECK_INPUT_PBUF_LEN */
+}
+
+/**
+ * Send an icmp 'destination unreachable' packet, called from ip_input() if
+ * the transport layer protocol is unknown and from udp_input() if the local
+ * port is not bound.
+ *
+ * @param p the input packet for which the 'unreachable' should be sent,
+ *          p->payload pointing to the IP header
+ * @param t type of the 'unreachable' packet
+ */
+void
+icmp_dest_unreach(struct pbuf *p, enum icmp_dur_type t)
+{
+  icmp_send_response(p, ICMP_DUR, t);
+}
+
+#if IP_FORWARD || IP_REASSEMBLY
+/**
+ * Send a 'time exceeded' packet, called from ip_forward() if TTL is 0.
+ *
+ * @param p the input packet for which the 'time exceeded' should be sent,
+ *          p->payload pointing to the IP header
+ * @param t type of the 'time exceeded' packet
+ */
+void
+icmp_time_exceeded(struct pbuf *p, enum icmp_te_type t)
+{
+  icmp_send_response(p, ICMP_TE, t);
+}
+
+#endif /* IP_FORWARD || IP_REASSEMBLY */
+
+/**
+ * Send an icmp packet in response to an incoming packet.
+ *
+ * @param p the input packet for which the 'unreachable' should be sent,
+ *          p->payload pointing to the IP header
+ * @param type Type of the ICMP header
+ * @param code Code of the ICMP header
+ */
+static void
+icmp_send_response(struct pbuf *p, u8_t type, u8_t code)
+{
+  struct pbuf *q;
+  struct ip_hdr *iphdr;
+  /* we can use the echo header here */
+  struct icmp_echo_hdr *icmphdr;
+  ip_addr_t iphdr_src;
+
+  /* ICMP header + IP header + 8 bytes of data */
+  q = pbuf_alloc(PBUF_IP, sizeof(struct icmp_echo_hdr) + IP_HLEN + ICMP_DEST_UNREACH_DATASIZE,
+                 PBUF_RAM);
+  if (q == NULL) {
+    LWIP_DEBUGF(ICMP_DEBUG, ("icmp_time_exceeded: failed to allocate pbuf for ICMP packet.\n"));
+    return;
+  }
+  LWIP_ASSERT("check that first pbuf can hold icmp message",
+             (q->len >= (sizeof(struct icmp_echo_hdr) + IP_HLEN + ICMP_DEST_UNREACH_DATASIZE)));
+
+  iphdr = (struct ip_hdr *)p->payload;
+  LWIP_DEBUGF(ICMP_DEBUG, ("icmp_time_exceeded from "));
+  ip_addr_debug_print(ICMP_DEBUG, &(iphdr->src));
+  LWIP_DEBUGF(ICMP_DEBUG, (" to "));
+  ip_addr_debug_print(ICMP_DEBUG, &(iphdr->dest));
+  LWIP_DEBUGF(ICMP_DEBUG, ("\n"));
+
+  icmphdr = (struct icmp_echo_hdr *)q->payload;
+  icmphdr->type = type;
+  icmphdr->code = code;
+  icmphdr->id = 0;
+  icmphdr->seqno = 0;
+
+  /* copy fields from original packet */
+  SMEMCPY((u8_t *)q->payload + sizeof(struct icmp_echo_hdr), (u8_t *)p->payload,
+          IP_HLEN + ICMP_DEST_UNREACH_DATASIZE);
+
+  /* calculate checksum */
+  icmphdr->chksum = 0;
+  icmphdr->chksum = inet_chksum(icmphdr, q->len);
+  ICMP_STATS_INC(icmp.xmit);
+  /* increase number of messages attempted to send */
+  snmp_inc_icmpoutmsgs();
+  /* increase number of destination unreachable messages attempted to send */
+  snmp_inc_icmpouttimeexcds();
+  ip_addr_copy(iphdr_src, iphdr->src);
+  ip_output(q, NULL, &iphdr_src, ICMP_TTL, 0, IP_PROTO_ICMP);
+  pbuf_free(q);
+}
+
+#endif /* LWIP_ICMP */
diff --git a/client/3rd/PacketProcessor/PacketProcessor/tun2socks-iOS/lwip/src/core/ipv4/ip4.c b/client/3rd/PacketProcessor/PacketProcessor/tun2socks-iOS/lwip/src/core/ipv4/ip4.c
new file mode 100644
index 00000000..2f76bdb5
--- /dev/null
+++ b/client/3rd/PacketProcessor/PacketProcessor/tun2socks-iOS/lwip/src/core/ipv4/ip4.c
@@ -0,0 +1,924 @@
+/**
+ * @file
+ * This is the IPv4 layer implementation for incoming and outgoing IP traffic.
+ * 
+ * @see ip_frag.c
+ *
+ */
+
+/*
+ * Copyright (c) 2001-2004 Swedish Institute of Computer Science.
+ * All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without modification,
+ * are permitted provided that the following conditions are met:
+ *
+ * 1. Redistributions of source code must retain the above copyright notice,
+ *    this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright notice,
+ *    this list of conditions and the following disclaimer in the documentation
+ *    and/or other materials provided with the distribution.
+ * 3. The name of the author may not be used to endorse or promote products
+ *    derived from this software without specific prior written permission.
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE AUTHOR ``AS IS'' AND ANY EXPRESS OR IMPLIED
+ * WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF
+ * MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT
+ * SHALL THE AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL,
+ * EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT
+ * OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS
+ * INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN
+ * CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING
+ * IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY
+ * OF SUCH DAMAGE.
+ *
+ * This file is part of the lwIP TCP/IP stack.
+ *
+ * Author: Adam Dunkels <adam@sics.se>
+ *
+ */
+
+#include "lwip/opt.h"
+#include "lwip/ip.h"
+#include "lwip/def.h"
+#include "lwip/mem.h"
+#include "lwip/ip_frag.h"
+#include "lwip/inet_chksum.h"
+#include "lwip/netif.h"
+#include "lwip/icmp.h"
+#include "lwip/igmp.h"
+#include "lwip/raw.h"
+#include "lwip/udp.h"
+#include "lwip/tcp_impl.h"
+#include "lwip/snmp.h"
+#include "lwip/dhcp.h"
+#include "lwip/autoip.h"
+#include "lwip/stats.h"
+#include "arch/perf.h"
+
+#include <string.h>
+
+/** Set this to 0 in the rare case of wanting to call an extra function to
+ * generate the IP checksum (in contrast to calculating it on-the-fly). */
+#ifndef LWIP_INLINE_IP_CHKSUM
+#define LWIP_INLINE_IP_CHKSUM   1
+#endif
+#if LWIP_INLINE_IP_CHKSUM && CHECKSUM_GEN_IP
+#define CHECKSUM_GEN_IP_INLINE  1
+#else
+#define CHECKSUM_GEN_IP_INLINE  0
+#endif
+
+#if LWIP_DHCP || defined(LWIP_IP_ACCEPT_UDP_PORT)
+#define IP_ACCEPT_LINK_LAYER_ADDRESSING 1
+
+/** Some defines for DHCP to let link-layer-addressed packets through while the
+ * netif is down.
+ * To use this in your own application/protocol, define LWIP_IP_ACCEPT_UDP_PORT
+ * to return 1 if the port is accepted and 0 if the port is not accepted.
+ */
+#if LWIP_DHCP && defined(LWIP_IP_ACCEPT_UDP_PORT)
+/* accept DHCP client port and custom port */
+#define IP_ACCEPT_LINK_LAYER_ADDRESSED_PORT(port) (((port) == PP_NTOHS(DHCP_CLIENT_PORT)) \
+         || (LWIP_IP_ACCEPT_UDP_PORT(port)))
+#elif defined(LWIP_IP_ACCEPT_UDP_PORT) /* LWIP_DHCP && defined(LWIP_IP_ACCEPT_UDP_PORT) */
+/* accept custom port only */
+#define IP_ACCEPT_LINK_LAYER_ADDRESSED_PORT(port) (LWIP_IP_ACCEPT_UDP_PORT(port))
+#else /* LWIP_DHCP && defined(LWIP_IP_ACCEPT_UDP_PORT) */
+/* accept DHCP client port only */
+#define IP_ACCEPT_LINK_LAYER_ADDRESSED_PORT(port) ((port) == PP_NTOHS(DHCP_CLIENT_PORT))
+#endif /* LWIP_DHCP && defined(LWIP_IP_ACCEPT_UDP_PORT) */
+
+#else /* LWIP_DHCP */
+#define IP_ACCEPT_LINK_LAYER_ADDRESSING 0
+#endif /* LWIP_DHCP */
+
+/** Global data for both IPv4 and IPv6 */
+struct ip_globals ip_data;
+
+/** The IP header ID of the next outgoing IP packet */
+static u16_t ip_id;
+
+/**
+ * Finds the appropriate network interface for a given IP address. It
+ * searches the list of network interfaces linearly. A match is found
+ * if the masked IP address of the network interface equals the masked
+ * IP address given to the function.
+ *
+ * @param dest the destination IP address for which to find the route
+ * @return the netif on which to send to reach dest
+ */
+struct netif *
+ip_route(ip_addr_t *dest)
+{
+  struct netif *netif;
+
+#ifdef LWIP_HOOK_IP4_ROUTE
+  netif = LWIP_HOOK_IP4_ROUTE(dest);
+  if (netif != NULL) {
+    return netif;
+  }
+#endif
+
+  /* iterate through netifs */
+  for (netif = netif_list; netif != NULL; netif = netif->next) {
+    /* network mask matches? */
+    if (netif_is_up(netif)) {
+      if (ip_addr_netcmp(dest, &(netif->ip_addr), &(netif->netmask))) {
+        /* return netif on which to forward IP packet */
+        return netif;
+      }
+    }
+  }
+  if ((netif_default == NULL) || (!netif_is_up(netif_default))) {
+    LWIP_DEBUGF(IP_DEBUG | LWIP_DBG_LEVEL_SERIOUS, ("ip_route: No route to %"U16_F".%"U16_F".%"U16_F".%"U16_F"\n",
+      ip4_addr1_16(dest), ip4_addr2_16(dest), ip4_addr3_16(dest), ip4_addr4_16(dest)));
+    IP_STATS_INC(ip.rterr);
+    snmp_inc_ipoutnoroutes();
+    return NULL;
+  }
+  /* no matching netif found, use default netif */
+  return netif_default;
+}
+
+#if IP_FORWARD
+/**
+ * Determine whether an IP address is in a reserved set of addresses
+ * that may not be forwarded, or whether datagrams to that destination
+ * may be forwarded.
+ * @param p the packet to forward
+ * @param dest the destination IP address
+ * @return 1: can forward 0: discard
+ */
+static int
+ip_canforward(struct pbuf *p)
+{
+  u32_t addr = htonl(ip4_addr_get_u32(ip_current_dest_addr()));
+
+  if (p->flags & PBUF_FLAG_LLBCAST) {
+    /* don't route link-layer broadcasts */
+    return 0;
+  }
+  if ((p->flags & PBUF_FLAG_LLMCAST) && !IP_MULTICAST(addr)) {
+    /* don't route link-layer multicasts unless the destination address is an IP
+       multicast address */
+    return 0;
+  }
+  if (IP_EXPERIMENTAL(addr)) {
+    return 0;
+  }
+  if (IP_CLASSA(addr)) {
+    u32_t net = addr & IP_CLASSA_NET;
+    if ((net == 0) || (net == ((u32_t)IP_LOOPBACKNET << IP_CLASSA_NSHIFT))) {
+      /* don't route loopback packets */
+      return 0;
+    }
+  }
+  return 1;
+}
+
+/**
+ * Forwards an IP packet. It finds an appropriate route for the
+ * packet, decrements the TTL value of the packet, adjusts the
+ * checksum and outputs the packet on the appropriate interface.
+ *
+ * @param p the packet to forward (p->payload points to IP header)
+ * @param iphdr the IP header of the input packet
+ * @param inp the netif on which this packet was received
+ */
+static void
+ip_forward(struct pbuf *p, struct ip_hdr *iphdr, struct netif *inp)
+{
+  struct netif *netif;
+
+  PERF_START;
+
+  if (!ip_canforward(p)) {
+    goto return_noroute;
+  }
+
+  /* RFC3927 2.7: do not forward link-local addresses */
+  if (ip_addr_islinklocal(ip_current_dest_addr())) {
+    LWIP_DEBUGF(IP_DEBUG, ("ip_forward: not forwarding LLA %"U16_F".%"U16_F".%"U16_F".%"U16_F"\n",
+      ip4_addr1_16(ip_current_dest_addr()), ip4_addr2_16(ip_current_dest_addr()),
+      ip4_addr3_16(ip_current_dest_addr()), ip4_addr4_16(ip_current_dest_addr())));
+    goto return_noroute;
+  }
+
+  /* Find network interface where to forward this IP packet to. */
+  netif = ip_route(ip_current_dest_addr());
+  if (netif == NULL) {
+    LWIP_DEBUGF(IP_DEBUG, ("ip_forward: no forwarding route for %"U16_F".%"U16_F".%"U16_F".%"U16_F" found\n",
+      ip4_addr1_16(ip_current_dest_addr()), ip4_addr2_16(ip_current_dest_addr()),
+      ip4_addr3_16(ip_current_dest_addr()), ip4_addr4_16(ip_current_dest_addr())));
+    /* @todo: send ICMP_DUR_NET? */
+    goto return_noroute;
+  }
+#if !IP_FORWARD_ALLOW_TX_ON_RX_NETIF
+  /* Do not forward packets onto the same network interface on which
+   * they arrived. */
+  if (netif == inp) {
+    LWIP_DEBUGF(IP_DEBUG, ("ip_forward: not bouncing packets back on incoming interface.\n"));
+    goto return_noroute;
+  }
+#endif /* IP_FORWARD_ALLOW_TX_ON_RX_NETIF */
+
+  /* decrement TTL */
+  IPH_TTL_SET(iphdr, IPH_TTL(iphdr) - 1);
+  /* send ICMP if TTL == 0 */
+  if (IPH_TTL(iphdr) == 0) {
+    snmp_inc_ipinhdrerrors();
+#if LWIP_ICMP
+    /* Don't send ICMP messages in response to ICMP messages */
+    if (IPH_PROTO(iphdr) != IP_PROTO_ICMP) {
+      icmp_time_exceeded(p, ICMP_TE_TTL);
+    }
+#endif /* LWIP_ICMP */
+    return;
+  }
+
+  /* Incrementally update the IP checksum. */
+  if (IPH_CHKSUM(iphdr) >= PP_HTONS(0xffffU - 0x100)) {
+    IPH_CHKSUM_SET(iphdr, IPH_CHKSUM(iphdr) + PP_HTONS(0x100) + 1);
+  } else {
+    IPH_CHKSUM_SET(iphdr, IPH_CHKSUM(iphdr) + PP_HTONS(0x100));
+  }
+
+  LWIP_DEBUGF(IP_DEBUG, ("ip_forward: forwarding packet to %"U16_F".%"U16_F".%"U16_F".%"U16_F"\n",
+    ip4_addr1_16(ip_current_dest_addr()), ip4_addr2_16(ip_current_dest_addr()),
+    ip4_addr3_16(ip_current_dest_addr()), ip4_addr4_16(ip_current_dest_addr())));
+
+  IP_STATS_INC(ip.fw);
+  IP_STATS_INC(ip.xmit);
+  snmp_inc_ipforwdatagrams();
+
+  PERF_STOP("ip_forward");
+  /* don't fragment if interface has mtu set to 0 [loopif] */
+  if (netif->mtu && (p->tot_len > netif->mtu)) {
+    if ((IPH_OFFSET(iphdr) & PP_NTOHS(IP_DF)) == 0) {
+#if IP_FRAG
+      ip_frag(p, netif, ip_current_dest_addr());
+#else /* IP_FRAG */
+      /* @todo: send ICMP Destination Unreacheable code 13 "Communication administratively prohibited"? */
+#endif /* IP_FRAG */
+    } else {
+      /* send ICMP Destination Unreacheable code 4: "Fragmentation Needed and DF Set" */
+      icmp_dest_unreach(p, ICMP_DUR_FRAG);
+    }
+    return;
+  }
+  /* transmit pbuf on chosen interface */
+  netif->output(netif, p, ip_current_dest_addr());
+  return;
+return_noroute:
+  snmp_inc_ipoutnoroutes();
+}
+#endif /* IP_FORWARD */
+
+/**
+ * This function is called by the network interface device driver when
+ * an IP packet is received. The function does the basic checks of the
+ * IP header such as packet size being at least larger than the header
+ * size etc. If the packet was not destined for us, the packet is
+ * forwarded (using ip_forward). The IP checksum is always checked.
+ *
+ * Finally, the packet is sent to the upper layer protocol input function.
+ * 
+ * @param p the received IP packet (p->payload points to IP header)
+ * @param inp the netif on which this packet was received
+ * @return ERR_OK if the packet was processed (could return ERR_* if it wasn't
+ *         processed, but currently always returns ERR_OK)
+ */
+err_t
+ip_input(struct pbuf *p, struct netif *inp)
+{
+  struct ip_hdr *iphdr;
+  struct netif *netif;
+  u16_t iphdr_hlen;
+  u16_t iphdr_len;
+#if IP_ACCEPT_LINK_LAYER_ADDRESSING
+  int check_ip_src=1;
+#endif /* IP_ACCEPT_LINK_LAYER_ADDRESSING */
+
+  IP_STATS_INC(ip.recv);
+  snmp_inc_ipinreceives();
+
+  /* identify the IP header */
+  iphdr = (struct ip_hdr *)p->payload;
+  if (IPH_V(iphdr) != 4) {
+    LWIP_DEBUGF(IP_DEBUG | LWIP_DBG_LEVEL_WARNING, ("IP packet dropped due to bad version number %"U16_F"\n", IPH_V(iphdr)));
+    ip_debug_print(p);
+    pbuf_free(p);
+    IP_STATS_INC(ip.err);
+    IP_STATS_INC(ip.drop);
+    snmp_inc_ipinhdrerrors();
+    return ERR_OK;
+  }
+
+#ifdef LWIP_HOOK_IP4_INPUT
+  if (LWIP_HOOK_IP4_INPUT(p, inp)) {
+    /* the packet has been eaten */
+    return ERR_OK;
+  }
+#endif
+
+  /* obtain IP header length in number of 32-bit words */
+  iphdr_hlen = IPH_HL(iphdr);
+  /* calculate IP header length in bytes */
+  iphdr_hlen *= 4;
+  /* obtain ip length in bytes */
+  iphdr_len = ntohs(IPH_LEN(iphdr));
+
+  /* header length exceeds first pbuf length, or ip length exceeds total pbuf length? */
+  if ((iphdr_hlen > p->len) || (iphdr_len > p->tot_len)) {
+    if (iphdr_hlen > p->len) {
+      LWIP_DEBUGF(IP_DEBUG | LWIP_DBG_LEVEL_SERIOUS,
+        ("IP header (len %"U16_F") does not fit in first pbuf (len %"U16_F"), IP packet dropped.\n",
+        iphdr_hlen, p->len));
+    }
+    if (iphdr_len > p->tot_len) {
+      LWIP_DEBUGF(IP_DEBUG | LWIP_DBG_LEVEL_SERIOUS,
+        ("IP (len %"U16_F") is longer than pbuf (len %"U16_F"), IP packet dropped.\n",
+        iphdr_len, p->tot_len));
+    }
+    /* free (drop) packet pbufs */
+    pbuf_free(p);
+    IP_STATS_INC(ip.lenerr);
+    IP_STATS_INC(ip.drop);
+    snmp_inc_ipindiscards();
+    return ERR_OK;
+  }
+
+  /* verify checksum */
+#if CHECKSUM_CHECK_IP
+  if (inet_chksum(iphdr, iphdr_hlen) != 0) {
+
+    LWIP_DEBUGF(IP_DEBUG | LWIP_DBG_LEVEL_SERIOUS,
+      ("Checksum (0x%"X16_F") failed, IP packet dropped.\n", inet_chksum(iphdr, iphdr_hlen)));
+    ip_debug_print(p);
+    pbuf_free(p);
+    IP_STATS_INC(ip.chkerr);
+    IP_STATS_INC(ip.drop);
+    snmp_inc_ipinhdrerrors();
+    return ERR_OK;
+  }
+#endif
+
+  /* Trim pbuf. This should have been done at the netif layer,
+   * but we'll do it anyway just to be sure that its done. */
+  pbuf_realloc(p, iphdr_len);
+
+  /* copy IP addresses to aligned ip_addr_t */
+  ip_addr_copy(*ipX_2_ip(&ip_data.current_iphdr_dest), iphdr->dest);
+  ip_addr_copy(*ipX_2_ip(&ip_data.current_iphdr_src), iphdr->src);
+
+  /* match packet against an interface, i.e. is this packet for us? */
+#if LWIP_IGMP
+  if (ip_addr_ismulticast(ip_current_dest_addr())) {
+    if ((inp->flags & NETIF_FLAG_IGMP) && (igmp_lookfor_group(inp, ip_current_dest_addr()))) {
+      netif = inp;
+    } else {
+      netif = NULL;
+    }
+  } else
+#endif /* LWIP_IGMP */
+  {
+    /* start trying with inp. if that's not acceptable, start walking the
+       list of configured netifs.
+       'first' is used as a boolean to mark whether we started walking the list */
+    int first = 1;
+    netif = inp;
+    do {
+      LWIP_DEBUGF(IP_DEBUG, ("ip_input: iphdr->dest 0x%"X32_F" netif->ip_addr 0x%"X32_F" (0x%"X32_F", 0x%"X32_F", 0x%"X32_F")\n",
+          ip4_addr_get_u32(&iphdr->dest), ip4_addr_get_u32(&netif->ip_addr),
+          ip4_addr_get_u32(&iphdr->dest) & ip4_addr_get_u32(&netif->netmask),
+          ip4_addr_get_u32(&netif->ip_addr) & ip4_addr_get_u32(&netif->netmask),
+          ip4_addr_get_u32(&iphdr->dest) & ~ip4_addr_get_u32(&netif->netmask)));
+
+      /* interface is up and configured? */
+      if ((netif_is_up(netif)) && (!ip_addr_isany(&(netif->ip_addr)))) {
+        /* unicast to this interface address? */
+        if (ip_addr_cmp(ip_current_dest_addr(), &(netif->ip_addr)) ||
+            /* or broadcast on this interface network address? */
+            ip_addr_isbroadcast(ip_current_dest_addr(), netif)) {
+          LWIP_DEBUGF(IP_DEBUG, ("ip_input: packet accepted on interface %c%c\n",
+              netif->name[0], netif->name[1]));
+          /* break out of for loop */
+          break;
+        }
+#if LWIP_AUTOIP
+        /* connections to link-local addresses must persist after changing
+           the netif's address (RFC3927 ch. 1.9) */
+        if ((netif->autoip != NULL) &&
+            ip_addr_cmp(ip_current_dest_addr(), &(netif->autoip->llipaddr))) {
+          LWIP_DEBUGF(IP_DEBUG, ("ip_input: LLA packet accepted on interface %c%c\n",
+              netif->name[0], netif->name[1]));
+          /* break out of for loop */
+          break;
+        }
+#endif /* LWIP_AUTOIP */
+      }
+      if (first) {
+        first = 0;
+        netif = netif_list;
+      } else {
+        netif = netif->next;
+      }
+      if (netif == inp) {
+        netif = netif->next;
+      }
+    } while(netif != NULL);
+  }
+
+#if IP_ACCEPT_LINK_LAYER_ADDRESSING
+  /* Pass DHCP messages regardless of destination address. DHCP traffic is addressed
+   * using link layer addressing (such as Ethernet MAC) so we must not filter on IP.
+   * According to RFC 1542 section 3.1.1, referred by RFC 2131).
+   *
+   * If you want to accept private broadcast communication while a netif is down,
+   * define LWIP_IP_ACCEPT_UDP_PORT(dst_port), e.g.:
+   *
+   * #define LWIP_IP_ACCEPT_UDP_PORT(dst_port) ((dst_port) == PP_NTOHS(12345))
+   */
+  if (netif == NULL) {
+    /* remote port is DHCP server? */
+    if (IPH_PROTO(iphdr) == IP_PROTO_UDP) {
+      struct udp_hdr *udphdr = (struct udp_hdr *)((u8_t *)iphdr + iphdr_hlen);
+      LWIP_DEBUGF(IP_DEBUG | LWIP_DBG_TRACE, ("ip_input: UDP packet to DHCP client port %"U16_F"\n",
+        ntohs(udphdr->dest)));
+      if (IP_ACCEPT_LINK_LAYER_ADDRESSED_PORT(udphdr->dest)) {
+        LWIP_DEBUGF(IP_DEBUG | LWIP_DBG_TRACE, ("ip_input: DHCP packet accepted.\n"));
+        netif = inp;
+        check_ip_src = 0;
+      }
+    }
+  }
+#endif /* IP_ACCEPT_LINK_LAYER_ADDRESSING */
+
+  /* broadcast or multicast packet source address? Compliant with RFC 1122: 3.2.1.3 */
+#if IP_ACCEPT_LINK_LAYER_ADDRESSING
+  /* DHCP servers need 0.0.0.0 to be allowed as source address (RFC 1.1.2.2: 3.2.1.3/a) */
+  if (check_ip_src && !ip_addr_isany(ip_current_src_addr()))
+#endif /* IP_ACCEPT_LINK_LAYER_ADDRESSING */
+  {  if ((ip_addr_isbroadcast(ip_current_src_addr(), inp)) ||
+         (ip_addr_ismulticast(ip_current_src_addr()))) {
+      /* packet source is not valid */
+      LWIP_DEBUGF(IP_DEBUG | LWIP_DBG_TRACE | LWIP_DBG_LEVEL_WARNING, ("ip_input: packet source is not valid.\n"));
+      /* free (drop) packet pbufs */
+      pbuf_free(p);
+      IP_STATS_INC(ip.drop);
+      snmp_inc_ipinaddrerrors();
+      snmp_inc_ipindiscards();
+      return ERR_OK;
+    }
+  }
+
+  /* if we're pretending we are everyone for TCP, assume the packet is for source interface if it
+     isn't for a local address */
+  if (netif == NULL && (inp->flags & NETIF_FLAG_PRETEND_TCP) && IPH_PROTO(iphdr) == IP_PROTO_TCP) {
+      netif = inp;
+  }
+
+  /* packet not for us? */
+  if (netif == NULL) {
+    /* packet not for us, route or discard */
+    LWIP_DEBUGF(IP_DEBUG | LWIP_DBG_TRACE, ("ip_input: packet not for us.\n"));
+#if IP_FORWARD
+    /* non-broadcast packet? */
+    if (!ip_addr_isbroadcast(ip_current_dest_addr(), inp)) {
+      /* try to forward IP packet on (other) interfaces */
+      ip_forward(p, iphdr, inp);
+    } else
+#endif /* IP_FORWARD */
+    {
+      snmp_inc_ipinaddrerrors();
+      snmp_inc_ipindiscards();
+    }
+    pbuf_free(p);
+    return ERR_OK;
+  }
+  /* packet consists of multiple fragments? */
+  if ((IPH_OFFSET(iphdr) & PP_HTONS(IP_OFFMASK | IP_MF)) != 0) {
+#if IP_REASSEMBLY /* packet fragment reassembly code present? */
+    LWIP_DEBUGF(IP_DEBUG, ("IP packet is a fragment (id=0x%04"X16_F" tot_len=%"U16_F" len=%"U16_F" MF=%"U16_F" offset=%"U16_F"), calling ip_reass()\n",
+      ntohs(IPH_ID(iphdr)), p->tot_len, ntohs(IPH_LEN(iphdr)), !!(IPH_OFFSET(iphdr) & PP_HTONS(IP_MF)), (ntohs(IPH_OFFSET(iphdr)) & IP_OFFMASK)*8));
+    /* reassemble the packet*/
+    p = ip_reass(p);
+    /* packet not fully reassembled yet? */
+    if (p == NULL) {
+      return ERR_OK;
+    }
+    iphdr = (struct ip_hdr *)p->payload;
+#else /* IP_REASSEMBLY == 0, no packet fragment reassembly code present */
+    pbuf_free(p);
+    LWIP_DEBUGF(IP_DEBUG | LWIP_DBG_LEVEL_SERIOUS, ("IP packet dropped since it was fragmented (0x%"X16_F") (while IP_REASSEMBLY == 0).\n",
+      ntohs(IPH_OFFSET(iphdr))));
+    IP_STATS_INC(ip.opterr);
+    IP_STATS_INC(ip.drop);
+    /* unsupported protocol feature */
+    snmp_inc_ipinunknownprotos();
+    return ERR_OK;
+#endif /* IP_REASSEMBLY */
+  }
+
+#if IP_OPTIONS_ALLOWED == 0 /* no support for IP options in the IP header? */
+
+#if LWIP_IGMP
+  /* there is an extra "router alert" option in IGMP messages which we allow for but do not police */
+  if((iphdr_hlen > IP_HLEN) &&  (IPH_PROTO(iphdr) != IP_PROTO_IGMP)) {
+#else
+  if (iphdr_hlen > IP_HLEN) {
+#endif /* LWIP_IGMP */
+    LWIP_DEBUGF(IP_DEBUG | LWIP_DBG_LEVEL_SERIOUS, ("IP packet dropped since there were IP options (while IP_OPTIONS_ALLOWED == 0).\n"));
+    pbuf_free(p);
+    IP_STATS_INC(ip.opterr);
+    IP_STATS_INC(ip.drop);
+    /* unsupported protocol feature */
+    snmp_inc_ipinunknownprotos();
+    return ERR_OK;
+  }
+#endif /* IP_OPTIONS_ALLOWED == 0 */
+
+  /* send to upper layers */
+  LWIP_DEBUGF(IP_DEBUG, ("ip_input: \n"));
+  ip_debug_print(p);
+  LWIP_DEBUGF(IP_DEBUG, ("ip_input: p->len %"U16_F" p->tot_len %"U16_F"\n", p->len, p->tot_len));
+
+  ip_data.current_netif = inp;
+  ip_data.current_ip4_header = iphdr;
+  ip_data.current_ip_header_tot_len = IPH_HL(iphdr) * 4;
+
+#if LWIP_RAW
+  /* raw input did not eat the packet? */
+  if (raw_input(p, inp) == 0)
+#endif /* LWIP_RAW */
+  {
+    pbuf_header(p, -iphdr_hlen); /* Move to payload, no check necessary. */
+
+    switch (IPH_PROTO(iphdr)) {
+#if LWIP_UDP
+    case IP_PROTO_UDP:
+#if LWIP_UDPLITE
+    case IP_PROTO_UDPLITE:
+#endif /* LWIP_UDPLITE */
+      snmp_inc_ipindelivers();
+      udp_input(p, inp);
+      break;
+#endif /* LWIP_UDP */
+#if LWIP_TCP
+    case IP_PROTO_TCP:
+      snmp_inc_ipindelivers();
+      tcp_input(p, inp);
+      break;
+#endif /* LWIP_TCP */
+#if LWIP_ICMP
+    case IP_PROTO_ICMP:
+      snmp_inc_ipindelivers();
+      icmp_input(p, inp);
+      break;
+#endif /* LWIP_ICMP */
+#if LWIP_IGMP
+    case IP_PROTO_IGMP:
+      igmp_input(p, inp, ip_current_dest_addr());
+      break;
+#endif /* LWIP_IGMP */
+    default:
+#if LWIP_ICMP
+      /* send ICMP destination protocol unreachable unless is was a broadcast */
+      if (!ip_addr_isbroadcast(ip_current_dest_addr(), inp) &&
+          !ip_addr_ismulticast(ip_current_dest_addr())) {
+        pbuf_header(p, iphdr_hlen); /* Move to ip header, no check necessary. */
+        p->payload = iphdr;
+        icmp_dest_unreach(p, ICMP_DUR_PROTO);
+      }
+#endif /* LWIP_ICMP */
+      pbuf_free(p);
+
+      LWIP_DEBUGF(IP_DEBUG | LWIP_DBG_LEVEL_SERIOUS, ("Unsupported transport protocol %"U16_F"\n", IPH_PROTO(iphdr)));
+
+      IP_STATS_INC(ip.proterr);
+      IP_STATS_INC(ip.drop);
+      snmp_inc_ipinunknownprotos();
+    }
+  }
+
+  /* @todo: this is not really necessary... */
+  ip_data.current_netif = NULL;
+  ip_data.current_ip4_header = NULL;
+  ip_data.current_ip_header_tot_len = 0;
+  ip_addr_set_any(ip_current_src_addr());
+  ip_addr_set_any(ip_current_dest_addr());
+
+  return ERR_OK;
+}
+
+/**
+ * Sends an IP packet on a network interface. This function constructs
+ * the IP header and calculates the IP header checksum. If the source
+ * IP address is NULL, the IP address of the outgoing network
+ * interface is filled in as source address.
+ * If the destination IP address is IP_HDRINCL, p is assumed to already
+ * include an IP header and p->payload points to it instead of the data.
+ *
+ * @param p the packet to send (p->payload points to the data, e.g. next
+            protocol header; if dest == IP_HDRINCL, p already includes an IP
+            header and p->payload points to that IP header)
+ * @param src the source IP address to send from (if src == IP_ADDR_ANY, the
+ *         IP  address of the netif used to send is used as source address)
+ * @param dest the destination IP address to send the packet to
+ * @param ttl the TTL value to be set in the IP header
+ * @param tos the TOS value to be set in the IP header
+ * @param proto the PROTOCOL to be set in the IP header
+ * @param netif the netif on which to send this packet
+ * @return ERR_OK if the packet was sent OK
+ *         ERR_BUF if p doesn't have enough space for IP/LINK headers
+ *         returns errors returned by netif->output
+ *
+ * @note ip_id: RFC791 "some host may be able to simply use
+ *  unique identifiers independent of destination"
+ */
+err_t
+ip_output_if(struct pbuf *p, ip_addr_t *src, ip_addr_t *dest,
+             u8_t ttl, u8_t tos,
+             u8_t proto, struct netif *netif)
+{
+#if IP_OPTIONS_SEND
+  return ip_output_if_opt(p, src, dest, ttl, tos, proto, netif, NULL, 0);
+}
+
+/**
+ * Same as ip_output_if() but with the possibility to include IP options:
+ *
+ * @ param ip_options pointer to the IP options, copied into the IP header
+ * @ param optlen length of ip_options
+ */
+err_t ip_output_if_opt(struct pbuf *p, ip_addr_t *src, ip_addr_t *dest,
+       u8_t ttl, u8_t tos, u8_t proto, struct netif *netif, void *ip_options,
+       u16_t optlen)
+{
+#endif /* IP_OPTIONS_SEND */
+  struct ip_hdr *iphdr;
+  ip_addr_t dest_addr;
+#if CHECKSUM_GEN_IP_INLINE
+  u32_t chk_sum = 0;
+#endif /* CHECKSUM_GEN_IP_INLINE */
+
+  /* pbufs passed to IP must have a ref-count of 1 as their payload pointer
+     gets altered as the packet is passed down the stack */
+  LWIP_ASSERT("p->ref == 1", p->ref == 1);
+
+  snmp_inc_ipoutrequests();
+
+  /* Should the IP header be generated or is it already included in p? */
+  if (dest != IP_HDRINCL) {
+    u16_t ip_hlen = IP_HLEN;
+#if IP_OPTIONS_SEND
+    u16_t optlen_aligned = 0;
+    if (optlen != 0) {
+#if CHECKSUM_GEN_IP_INLINE
+      int i;
+#endif /* CHECKSUM_GEN_IP_INLINE */
+      /* round up to a multiple of 4 */
+      optlen_aligned = ((optlen + 3) & ~3);
+      ip_hlen += optlen_aligned;
+      /* First write in the IP options */
+      if (pbuf_header(p, optlen_aligned)) {
+        LWIP_DEBUGF(IP_DEBUG | LWIP_DBG_LEVEL_SERIOUS, ("ip_output_if_opt: not enough room for IP options in pbuf\n"));
+        IP_STATS_INC(ip.err);
+        snmp_inc_ipoutdiscards();
+        return ERR_BUF;
+      }
+      MEMCPY(p->payload, ip_options, optlen);
+      if (optlen < optlen_aligned) {
+        /* zero the remaining bytes */
+        memset(((char*)p->payload) + optlen, 0, optlen_aligned - optlen);
+      }
+#if CHECKSUM_GEN_IP_INLINE
+      for (i = 0; i < optlen_aligned/2; i++) {
+        chk_sum += ((u16_t*)p->payload)[i];
+      }
+#endif /* CHECKSUM_GEN_IP_INLINE */
+    }
+#endif /* IP_OPTIONS_SEND */
+    /* generate IP header */
+    if (pbuf_header(p, IP_HLEN)) {
+      LWIP_DEBUGF(IP_DEBUG | LWIP_DBG_LEVEL_SERIOUS, ("ip_output: not enough room for IP header in pbuf\n"));
+
+      IP_STATS_INC(ip.err);
+      snmp_inc_ipoutdiscards();
+      return ERR_BUF;
+    }
+
+    iphdr = (struct ip_hdr *)p->payload;
+    LWIP_ASSERT("check that first pbuf can hold struct ip_hdr",
+               (p->len >= sizeof(struct ip_hdr)));
+
+    IPH_TTL_SET(iphdr, ttl);
+    IPH_PROTO_SET(iphdr, proto);
+#if CHECKSUM_GEN_IP_INLINE
+    chk_sum += LWIP_MAKE_U16(proto, ttl);
+#endif /* CHECKSUM_GEN_IP_INLINE */
+
+    /* dest cannot be NULL here */
+    ip_addr_copy(iphdr->dest, *dest);
+#if CHECKSUM_GEN_IP_INLINE
+    chk_sum += ip4_addr_get_u32(&iphdr->dest) & 0xFFFF;
+    chk_sum += ip4_addr_get_u32(&iphdr->dest) >> 16;
+#endif /* CHECKSUM_GEN_IP_INLINE */
+
+    IPH_VHL_SET(iphdr, 4, ip_hlen / 4);
+    IPH_TOS_SET(iphdr, tos);
+#if CHECKSUM_GEN_IP_INLINE
+    chk_sum += LWIP_MAKE_U16(tos, iphdr->_v_hl);
+#endif /* CHECKSUM_GEN_IP_INLINE */
+    IPH_LEN_SET(iphdr, htons(p->tot_len));
+#if CHECKSUM_GEN_IP_INLINE
+    chk_sum += iphdr->_len;
+#endif /* CHECKSUM_GEN_IP_INLINE */
+    IPH_OFFSET_SET(iphdr, (u16_t)(0 | (IP_DF << 4)));
+    IPH_ID_SET(iphdr, htons(ip_id));
+#if CHECKSUM_GEN_IP_INLINE
+    chk_sum += iphdr->_id;
+#endif /* CHECKSUM_GEN_IP_INLINE */
+    ++ip_id;
+
+    if (ip_addr_isany(src)) {
+      ip_addr_copy(iphdr->src, netif->ip_addr);
+    } else {
+      /* src cannot be NULL here */
+      ip_addr_copy(iphdr->src, *src);
+    }
+
+#if CHECKSUM_GEN_IP_INLINE
+    chk_sum += ip4_addr_get_u32(&iphdr->src) & 0xFFFF;
+    chk_sum += ip4_addr_get_u32(&iphdr->src) >> 16;
+    chk_sum = (chk_sum >> 16) + (chk_sum & 0xFFFF);
+    chk_sum = (chk_sum >> 16) + chk_sum;
+    chk_sum = ~chk_sum;
+    iphdr->_chksum = chk_sum; /* network order */
+#else /* CHECKSUM_GEN_IP_INLINE */
+    IPH_CHKSUM_SET(iphdr, 0);
+#if CHECKSUM_GEN_IP
+    IPH_CHKSUM_SET(iphdr, inet_chksum(iphdr, ip_hlen));
+#endif
+#endif /* CHECKSUM_GEN_IP_INLINE */
+  } else {
+    /* IP header already included in p */
+    iphdr = (struct ip_hdr *)p->payload;
+    ip_addr_copy(dest_addr, iphdr->dest);
+    dest = &dest_addr;
+  }
+
+  IP_STATS_INC(ip.xmit);
+
+  LWIP_DEBUGF(IP_DEBUG, ("ip_output_if: %c%c%"U16_F"\n", netif->name[0], netif->name[1], netif->num));
+  ip_debug_print(p);
+
+#if ENABLE_LOOPBACK
+  if (ip_addr_cmp(dest, &netif->ip_addr)) {
+    /* Packet to self, enqueue it for loopback */
+    LWIP_DEBUGF(IP_DEBUG, ("netif_loop_output()"));
+    return netif_loop_output(netif, p, dest);
+  }
+#if LWIP_IGMP
+  if ((p->flags & PBUF_FLAG_MCASTLOOP) != 0) {
+    netif_loop_output(netif, p, dest);
+  }
+#endif /* LWIP_IGMP */
+#endif /* ENABLE_LOOPBACK */
+#if IP_FRAG
+  /* don't fragment if interface has mtu set to 0 [loopif] */
+  if (netif->mtu && (p->tot_len > netif->mtu)) {
+    return ip_frag(p, netif, dest);
+  }
+#endif /* IP_FRAG */
+
+  LWIP_DEBUGF(IP_DEBUG, ("netif->output()"));
+  return netif->output(netif, p, dest);
+}
+
+/**
+ * Simple interface to ip_output_if. It finds the outgoing network
+ * interface and calls upon ip_output_if to do the actual work.
+ *
+ * @param p the packet to send (p->payload points to the data, e.g. next
+            protocol header; if dest == IP_HDRINCL, p already includes an IP
+            header and p->payload points to that IP header)
+ * @param src the source IP address to send from (if src == IP_ADDR_ANY, the
+ *         IP  address of the netif used to send is used as source address)
+ * @param dest the destination IP address to send the packet to
+ * @param ttl the TTL value to be set in the IP header
+ * @param tos the TOS value to be set in the IP header
+ * @param proto the PROTOCOL to be set in the IP header
+ *
+ * @return ERR_RTE if no route is found
+ *         see ip_output_if() for more return values
+ */
+err_t
+ip_output(struct pbuf *p, ip_addr_t *src, ip_addr_t *dest,
+          u8_t ttl, u8_t tos, u8_t proto)
+{
+  struct netif *netif;
+
+  /* pbufs passed to IP must have a ref-count of 1 as their payload pointer
+     gets altered as the packet is passed down the stack */
+  LWIP_ASSERT("p->ref == 1", p->ref == 1);
+
+  if ((netif = ip_route(dest)) == NULL) {
+    LWIP_DEBUGF(IP_DEBUG, ("ip_output: No route to %"U16_F".%"U16_F".%"U16_F".%"U16_F"\n",
+      ip4_addr1_16(dest), ip4_addr2_16(dest), ip4_addr3_16(dest), ip4_addr4_16(dest)));
+    IP_STATS_INC(ip.rterr);
+    return ERR_RTE;
+  }
+
+  return ip_output_if(p, src, dest, ttl, tos, proto, netif);
+}
+
+#if LWIP_NETIF_HWADDRHINT
+/** Like ip_output, but takes and addr_hint pointer that is passed on to netif->addr_hint
+ *  before calling ip_output_if.
+ *
+ * @param p the packet to send (p->payload points to the data, e.g. next
+            protocol header; if dest == IP_HDRINCL, p already includes an IP
+            header and p->payload points to that IP header)
+ * @param src the source IP address to send from (if src == IP_ADDR_ANY, the
+ *         IP  address of the netif used to send is used as source address)
+ * @param dest the destination IP address to send the packet to
+ * @param ttl the TTL value to be set in the IP header
+ * @param tos the TOS value to be set in the IP header
+ * @param proto the PROTOCOL to be set in the IP header
+ * @param addr_hint address hint pointer set to netif->addr_hint before
+ *        calling ip_output_if()
+ *
+ * @return ERR_RTE if no route is found
+ *         see ip_output_if() for more return values
+ */
+err_t
+ip_output_hinted(struct pbuf *p, ip_addr_t *src, ip_addr_t *dest,
+          u8_t ttl, u8_t tos, u8_t proto, u8_t *addr_hint)
+{
+  struct netif *netif;
+  err_t err;
+
+  /* pbufs passed to IP must have a ref-count of 1 as their payload pointer
+     gets altered as the packet is passed down the stack */
+  LWIP_ASSERT("p->ref == 1", p->ref == 1);
+
+  if ((netif = ip_route(dest)) == NULL) {
+    LWIP_DEBUGF(IP_DEBUG, ("ip_output: No route to %"U16_F".%"U16_F".%"U16_F".%"U16_F"\n",
+      ip4_addr1_16(dest), ip4_addr2_16(dest), ip4_addr3_16(dest), ip4_addr4_16(dest)));
+    IP_STATS_INC(ip.rterr);
+    return ERR_RTE;
+  }
+
+  NETIF_SET_HWADDRHINT(netif, addr_hint);
+  err = ip_output_if(p, src, dest, ttl, tos, proto, netif);
+  NETIF_SET_HWADDRHINT(netif, NULL);
+
+  return err;
+}
+#endif /* LWIP_NETIF_HWADDRHINT*/
+
+#if IP_DEBUG
+/* Print an IP header by using LWIP_DEBUGF
+ * @param p an IP packet, p->payload pointing to the IP header
+ */
+void
+ip_debug_print(struct pbuf *p)
+{
+  struct ip_hdr *iphdr = (struct ip_hdr *)p->payload;
+
+  LWIP_DEBUGF(IP_DEBUG, ("IP header:\n"));
+  LWIP_DEBUGF(IP_DEBUG, ("+-------------------------------+\n"));
+  LWIP_DEBUGF(IP_DEBUG, ("|%2"S16_F" |%2"S16_F" |  0x%02"X16_F" |     %5"U16_F"     | (v, hl, tos, len)\n",
+                    IPH_V(iphdr),
+                    IPH_HL(iphdr),
+                    IPH_TOS(iphdr),
+                    ntohs(IPH_LEN(iphdr))));
+  LWIP_DEBUGF(IP_DEBUG, ("+-------------------------------+\n"));
+  LWIP_DEBUGF(IP_DEBUG, ("|    %5"U16_F"      |%"U16_F"%"U16_F"%"U16_F"|    %4"U16_F"   | (id, flags, offset)\n",
+                    ntohs(IPH_ID(iphdr)),
+                    ntohs(IPH_OFFSET(iphdr)) >> 15 & 1,
+                    ntohs(IPH_OFFSET(iphdr)) >> 14 & 1,
+                    ntohs(IPH_OFFSET(iphdr)) >> 13 & 1,
+                    ntohs(IPH_OFFSET(iphdr)) & IP_OFFMASK));
+  LWIP_DEBUGF(IP_DEBUG, ("+-------------------------------+\n"));
+  LWIP_DEBUGF(IP_DEBUG, ("|  %3"U16_F"  |  %3"U16_F"  |    0x%04"X16_F"     | (ttl, proto, chksum)\n",
+                    IPH_TTL(iphdr),
+                    IPH_PROTO(iphdr),
+                    ntohs(IPH_CHKSUM(iphdr))));
+  LWIP_DEBUGF(IP_DEBUG, ("+-------------------------------+\n"));
+  LWIP_DEBUGF(IP_DEBUG, ("|  %3"U16_F"  |  %3"U16_F"  |  %3"U16_F"  |  %3"U16_F"  | (src)\n",
+                    ip4_addr1_16(&iphdr->src),
+                    ip4_addr2_16(&iphdr->src),
+                    ip4_addr3_16(&iphdr->src),
+                    ip4_addr4_16(&iphdr->src)));
+  LWIP_DEBUGF(IP_DEBUG, ("+-------------------------------+\n"));
+  LWIP_DEBUGF(IP_DEBUG, ("|  %3"U16_F"  |  %3"U16_F"  |  %3"U16_F"  |  %3"U16_F"  | (dest)\n",
+                    ip4_addr1_16(&iphdr->dest),
+                    ip4_addr2_16(&iphdr->dest),
+                    ip4_addr3_16(&iphdr->dest),
+                    ip4_addr4_16(&iphdr->dest)));
+  LWIP_DEBUGF(IP_DEBUG, ("+-------------------------------+\n"));
+}
+#endif /* IP_DEBUG */
diff --git a/client/3rd/PacketProcessor/PacketProcessor/tun2socks-iOS/lwip/src/core/ipv4/ip4_addr.c b/client/3rd/PacketProcessor/PacketProcessor/tun2socks-iOS/lwip/src/core/ipv4/ip4_addr.c
new file mode 100644
index 00000000..8f633ff2
--- /dev/null
+++ b/client/3rd/PacketProcessor/PacketProcessor/tun2socks-iOS/lwip/src/core/ipv4/ip4_addr.c
@@ -0,0 +1,312 @@
+/**
+ * @file
+ * This is the IPv4 address tools implementation.
+ *
+ */
+
+/*
+ * Copyright (c) 2001-2004 Swedish Institute of Computer Science.
+ * All rights reserved. 
+ * 
+ * Redistribution and use in source and binary forms, with or without modification, 
+ * are permitted provided that the following conditions are met:
+ *
+ * 1. Redistributions of source code must retain the above copyright notice,
+ *    this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright notice,
+ *    this list of conditions and the following disclaimer in the documentation
+ *    and/or other materials provided with the distribution.
+ * 3. The name of the author may not be used to endorse or promote products
+ *    derived from this software without specific prior written permission. 
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE AUTHOR ``AS IS'' AND ANY EXPRESS OR IMPLIED 
+ * WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF 
+ * MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT 
+ * SHALL THE AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, 
+ * EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT 
+ * OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS 
+ * INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN 
+ * CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING 
+ * IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY 
+ * OF SUCH DAMAGE.
+ *
+ * This file is part of the lwIP TCP/IP stack.
+ * 
+ * Author: Adam Dunkels <adam@sics.se>
+ *
+ */
+
+#include "lwip/opt.h"
+#include "lwip/ip_addr.h"
+#include "lwip/netif.h"
+
+/* used by IP_ADDR_ANY and IP_ADDR_BROADCAST in ip_addr.h */
+const ip_addr_t ip_addr_any = { IPADDR_ANY };
+const ip_addr_t ip_addr_broadcast = { IPADDR_BROADCAST };
+
+/**
+ * Determine if an address is a broadcast address on a network interface 
+ * 
+ * @param addr address to be checked
+ * @param netif the network interface against which the address is checked
+ * @return returns non-zero if the address is a broadcast address
+ */
+u8_t
+ip4_addr_isbroadcast(u32_t addr, const struct netif *netif)
+{
+  ip_addr_t ipaddr;
+  ip4_addr_set_u32(&ipaddr, addr);
+
+  /* all ones (broadcast) or all zeroes (old skool broadcast) */
+  if ((~addr == IPADDR_ANY) ||
+      (addr == IPADDR_ANY)) {
+    return 1;
+  /* no broadcast support on this network interface? */
+  } else if ((netif->flags & NETIF_FLAG_BROADCAST) == 0) {
+    /* the given address cannot be a broadcast address
+     * nor can we check against any broadcast addresses */
+    return 0;
+  /* address matches network interface address exactly? => no broadcast */
+  } else if (addr == ip4_addr_get_u32(&netif->ip_addr)) {
+    return 0;
+  /*  on the same (sub) network... */
+  } else if (ip_addr_netcmp(&ipaddr, &(netif->ip_addr), &(netif->netmask))
+         /* ...and host identifier bits are all ones? =>... */
+          && ((addr & ~ip4_addr_get_u32(&netif->netmask)) ==
+           (IPADDR_BROADCAST & ~ip4_addr_get_u32(&netif->netmask)))) {
+    /* => network broadcast address */
+    return 1;
+  } else {
+    return 0;
+  }
+}
+
+/** Checks if a netmask is valid (starting with ones, then only zeros)
+ *
+ * @param netmask the IPv4 netmask to check (in network byte order!)
+ * @return 1 if the netmask is valid, 0 if it is not
+ */
+u8_t
+ip4_addr_netmask_valid(u32_t netmask)
+{
+  u32_t mask;
+  u32_t nm_hostorder = lwip_htonl(netmask);
+
+  /* first, check for the first zero */
+  for (mask = 1UL << 31 ; mask != 0; mask >>= 1) {
+    if ((nm_hostorder & mask) == 0) {
+      break;
+    }
+  }
+  /* then check that there is no one */
+  for (; mask != 0; mask >>= 1) {
+    if ((nm_hostorder & mask) != 0) {
+      /* there is a one after the first zero -> invalid */
+      return 0;
+    }
+  }
+  /* no one after the first zero -> valid */
+  return 1;
+}
+
+/* Here for now until needed in other places in lwIP */
+#ifndef isprint
+#define in_range(c, lo, up)  ((u8_t)c >= lo && (u8_t)c <= up)
+#define isprint(c)           in_range(c, 0x20, 0x7f)
+#define isdigit(c)           in_range(c, '0', '9')
+#define isxdigit(c)          (isdigit(c) || in_range(c, 'a', 'f') || in_range(c, 'A', 'F'))
+#define islower(c)           in_range(c, 'a', 'z')
+#define isspace(c)           (c == ' ' || c == '\f' || c == '\n' || c == '\r' || c == '\t' || c == '\v')
+#endif
+
+/**
+ * Ascii internet address interpretation routine.
+ * The value returned is in network order.
+ *
+ * @param cp IP address in ascii represenation (e.g. "127.0.0.1")
+ * @return ip address in network order
+ */
+u32_t
+ipaddr_addr(const char *cp)
+{
+  ip_addr_t val;
+
+  if (ipaddr_aton(cp, &val)) {
+    return ip4_addr_get_u32(&val);
+  }
+  return (IPADDR_NONE);
+}
+
+/**
+ * Check whether "cp" is a valid ascii representation
+ * of an Internet address and convert to a binary address.
+ * Returns 1 if the address is valid, 0 if not.
+ * This replaces inet_addr, the return value from which
+ * cannot distinguish between failure and a local broadcast address.
+ *
+ * @param cp IP address in ascii represenation (e.g. "127.0.0.1")
+ * @param addr pointer to which to save the ip address in network order
+ * @return 1 if cp could be converted to addr, 0 on failure
+ */
+int
+ipaddr_aton(const char *cp, ip_addr_t *addr)
+{
+  u32_t val;
+  u8_t base;
+  char c;
+  u32_t parts[4];
+  u32_t *pp = parts;
+
+  c = *cp;
+  for (;;) {
+    /*
+     * Collect number up to ``.''.
+     * Values are specified as for C:
+     * 0x=hex, 0=octal, 1-9=decimal.
+     */
+    if (!isdigit(c))
+      return (0);
+    val = 0;
+    base = 10;
+    if (c == '0') {
+      c = *++cp;
+      if (c == 'x' || c == 'X') {
+        base = 16;
+        c = *++cp;
+      } else
+        base = 8;
+    }
+    for (;;) {
+      if (isdigit(c)) {
+        val = (val * base) + (int)(c - '0');
+        c = *++cp;
+      } else if (base == 16 && isxdigit(c)) {
+        val = (val << 4) | (int)(c + 10 - (islower(c) ? 'a' : 'A'));
+        c = *++cp;
+      } else
+        break;
+    }
+    if (c == '.') {
+      /*
+       * Internet format:
+       *  a.b.c.d
+       *  a.b.c   (with c treated as 16 bits)
+       *  a.b (with b treated as 24 bits)
+       */
+      if (pp >= parts + 3) {
+        return (0);
+      }
+      *pp++ = val;
+      c = *++cp;
+    } else
+      break;
+  }
+  /*
+   * Check for trailing characters.
+   */
+  if (c != '\0' && !isspace(c)) {
+    return (0);
+  }
+  /*
+   * Concoct the address according to
+   * the number of parts specified.
+   */
+  switch (pp - parts + 1) {
+
+  case 0:
+    return (0);       /* initial nondigit */
+
+  case 1:             /* a -- 32 bits */
+    break;
+
+  case 2:             /* a.b -- 8.24 bits */
+    if (val > 0xffffffUL) {
+      return (0);
+    }
+    val |= parts[0] << 24;
+    break;
+
+  case 3:             /* a.b.c -- 8.8.16 bits */
+    if (val > 0xffff) {
+      return (0);
+    }
+    val |= (parts[0] << 24) | (parts[1] << 16);
+    break;
+
+  case 4:             /* a.b.c.d -- 8.8.8.8 bits */
+    if (val > 0xff) {
+      return (0);
+    }
+    val |= (parts[0] << 24) | (parts[1] << 16) | (parts[2] << 8);
+    break;
+  default:
+    LWIP_ASSERT("unhandled", 0);
+    break;
+  }
+  if (addr) {
+    ip4_addr_set_u32(addr, htonl(val));
+  }
+  return (1);
+}
+
+/**
+ * Convert numeric IP address into decimal dotted ASCII representation.
+ * returns ptr to static buffer; not reentrant!
+ *
+ * @param addr ip address in network order to convert
+ * @return pointer to a global static (!) buffer that holds the ASCII
+ *         represenation of addr
+ */
+char *
+ipaddr_ntoa(const ip_addr_t *addr)
+{
+  static char str[16];
+  return ipaddr_ntoa_r(addr, str, 16);
+}
+
+/**
+ * Same as ipaddr_ntoa, but reentrant since a user-supplied buffer is used.
+ *
+ * @param addr ip address in network order to convert
+ * @param buf target buffer where the string is stored
+ * @param buflen length of buf
+ * @return either pointer to buf which now holds the ASCII
+ *         representation of addr or NULL if buf was too small
+ */
+char *ipaddr_ntoa_r(const ip_addr_t *addr, char *buf, int buflen)
+{
+  u32_t s_addr;
+  char inv[3];
+  char *rp;
+  u8_t *ap;
+  u8_t rem;
+  u8_t n;
+  u8_t i;
+  int len = 0;
+
+  s_addr = ip4_addr_get_u32(addr);
+
+  rp = buf;
+  ap = (u8_t *)&s_addr;
+  for(n = 0; n < 4; n++) {
+    i = 0;
+    do {
+      rem = *ap % (u8_t)10;
+      *ap /= (u8_t)10;
+      inv[i++] = '0' + rem;
+    } while(*ap);
+    while(i--) {
+      if (len++ >= buflen) {
+        return NULL;
+      }
+      *rp++ = inv[i];
+    }
+    if (len++ >= buflen) {
+      return NULL;
+    }
+    *rp++ = '.';
+    ap++;
+  }
+  *--rp = 0;
+  return buf;
+}
diff --git a/client/3rd/PacketProcessor/PacketProcessor/tun2socks-iOS/lwip/src/core/ipv4/ip_frag.c b/client/3rd/PacketProcessor/PacketProcessor/tun2socks-iOS/lwip/src/core/ipv4/ip_frag.c
new file mode 100644
index 00000000..8d184345
--- /dev/null
+++ b/client/3rd/PacketProcessor/PacketProcessor/tun2socks-iOS/lwip/src/core/ipv4/ip_frag.c
@@ -0,0 +1,863 @@
+/**
+ * @file
+ * This is the IPv4 packet segmentation and reassembly implementation.
+ *
+ */
+
+/*
+ * Copyright (c) 2001-2004 Swedish Institute of Computer Science.
+ * All rights reserved. 
+ * 
+ * Redistribution and use in source and binary forms, with or without modification, 
+ * are permitted provided that the following conditions are met:
+ *
+ * 1. Redistributions of source code must retain the above copyright notice,
+ *    this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright notice,
+ *    this list of conditions and the following disclaimer in the documentation
+ *    and/or other materials provided with the distribution.
+ * 3. The name of the author may not be used to endorse or promote products
+ *    derived from this software without specific prior written permission. 
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE AUTHOR ``AS IS'' AND ANY EXPRESS OR IMPLIED 
+ * WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF 
+ * MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT 
+ * SHALL THE AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, 
+ * EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT 
+ * OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS 
+ * INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN 
+ * CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING 
+ * IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY 
+ * OF SUCH DAMAGE.
+ *
+ * This file is part of the lwIP TCP/IP stack.
+ * 
+ * Author: Jani Monoses <jani@iv.ro> 
+ *         Simon Goldschmidt
+ * original reassembly code by Adam Dunkels <adam@sics.se>
+ * 
+ */
+
+#include "lwip/opt.h"
+#include "lwip/ip_frag.h"
+#include "lwip/def.h"
+#include "lwip/inet_chksum.h"
+#include "lwip/netif.h"
+#include "lwip/snmp.h"
+#include "lwip/stats.h"
+#include "lwip/icmp.h"
+
+#include <string.h>
+
+#if IP_REASSEMBLY
+/**
+ * The IP reassembly code currently has the following limitations:
+ * - IP header options are not supported
+ * - fragments must not overlap (e.g. due to different routes),
+ *   currently, overlapping or duplicate fragments are thrown away
+ *   if IP_REASS_CHECK_OVERLAP=1 (the default)!
+ *
+ * @todo: work with IP header options
+ */
+
+/** Setting this to 0, you can turn off checking the fragments for overlapping
+ * regions. The code gets a little smaller. Only use this if you know that
+ * overlapping won't occur on your network! */
+#ifndef IP_REASS_CHECK_OVERLAP
+#define IP_REASS_CHECK_OVERLAP 1
+#endif /* IP_REASS_CHECK_OVERLAP */
+
+/** Set to 0 to prevent freeing the oldest datagram when the reassembly buffer is
+ * full (IP_REASS_MAX_PBUFS pbufs are enqueued). The code gets a little smaller.
+ * Datagrams will be freed by timeout only. Especially useful when MEMP_NUM_REASSDATA
+ * is set to 1, so one datagram can be reassembled at a time, only. */
+#ifndef IP_REASS_FREE_OLDEST
+#define IP_REASS_FREE_OLDEST 1
+#endif /* IP_REASS_FREE_OLDEST */
+
+#define IP_REASS_FLAG_LASTFRAG 0x01
+
+/** This is a helper struct which holds the starting
+ * offset and the ending offset of this fragment to
+ * easily chain the fragments.
+ * It has the same packing requirements as the IP header, since it replaces
+ * the IP header in memory in incoming fragments (after copying it) to keep
+ * track of the various fragments. (-> If the IP header doesn't need packing,
+ * this struct doesn't need packing, too.)
+ */
+#ifdef PACK_STRUCT_USE_INCLUDES
+#  include "arch/bpstruct.h"
+#endif
+PACK_STRUCT_BEGIN
+struct ip_reass_helper {
+  PACK_STRUCT_FIELD(struct pbuf *next_pbuf);
+  PACK_STRUCT_FIELD(u16_t start);
+  PACK_STRUCT_FIELD(u16_t end);
+} PACK_STRUCT_STRUCT;
+PACK_STRUCT_END
+#ifdef PACK_STRUCT_USE_INCLUDES
+#  include "arch/epstruct.h"
+#endif
+
+#define IP_ADDRESSES_AND_ID_MATCH(iphdrA, iphdrB)  \
+  (ip_addr_cmp(&(iphdrA)->src, &(iphdrB)->src) && \
+   ip_addr_cmp(&(iphdrA)->dest, &(iphdrB)->dest) && \
+   IPH_ID(iphdrA) == IPH_ID(iphdrB)) ? 1 : 0
+
+/* global variables */
+static struct ip_reassdata *reassdatagrams;
+static u16_t ip_reass_pbufcount;
+
+/* function prototypes */
+static void ip_reass_dequeue_datagram(struct ip_reassdata *ipr, struct ip_reassdata *prev);
+static int ip_reass_free_complete_datagram(struct ip_reassdata *ipr, struct ip_reassdata *prev);
+
+/**
+ * Reassembly timer base function
+ * for both NO_SYS == 0 and 1 (!).
+ *
+ * Should be called every 1000 msec (defined by IP_TMR_INTERVAL).
+ */
+void
+ip_reass_tmr(void)
+{
+  struct ip_reassdata *r, *prev = NULL;
+
+  r = reassdatagrams;
+  while (r != NULL) {
+    /* Decrement the timer. Once it reaches 0,
+     * clean up the incomplete fragment assembly */
+    if (r->timer > 0) {
+      r->timer--;
+      LWIP_DEBUGF(IP_REASS_DEBUG, ("ip_reass_tmr: timer dec %"U16_F"\n",(u16_t)r->timer));
+      prev = r;
+      r = r->next;
+    } else {
+      /* reassembly timed out */
+      struct ip_reassdata *tmp;
+      LWIP_DEBUGF(IP_REASS_DEBUG, ("ip_reass_tmr: timer timed out\n"));
+      tmp = r;
+      /* get the next pointer before freeing */
+      r = r->next;
+      /* free the helper struct and all enqueued pbufs */
+      ip_reass_free_complete_datagram(tmp, prev);
+     }
+   }
+}
+
+/**
+ * Free a datagram (struct ip_reassdata) and all its pbufs.
+ * Updates the total count of enqueued pbufs (ip_reass_pbufcount),
+ * SNMP counters and sends an ICMP time exceeded packet.
+ *
+ * @param ipr datagram to free
+ * @param prev the previous datagram in the linked list
+ * @return the number of pbufs freed
+ */
+static int
+ip_reass_free_complete_datagram(struct ip_reassdata *ipr, struct ip_reassdata *prev)
+{
+  u16_t pbufs_freed = 0;
+  u8_t clen;
+  struct pbuf *p;
+  struct ip_reass_helper *iprh;
+
+  LWIP_ASSERT("prev != ipr", prev != ipr);
+  if (prev != NULL) {
+    LWIP_ASSERT("prev->next == ipr", prev->next == ipr);
+  }
+
+  snmp_inc_ipreasmfails();
+#if LWIP_ICMP
+  iprh = (struct ip_reass_helper *)ipr->p->payload;
+  if (iprh->start == 0) {
+    /* The first fragment was received, send ICMP time exceeded. */
+    /* First, de-queue the first pbuf from r->p. */
+    p = ipr->p;
+    ipr->p = iprh->next_pbuf;
+    /* Then, copy the original header into it. */
+    SMEMCPY(p->payload, &ipr->iphdr, IP_HLEN);
+    icmp_time_exceeded(p, ICMP_TE_FRAG);
+    clen = pbuf_clen(p);
+    LWIP_ASSERT("pbufs_freed + clen <= 0xffff", pbufs_freed + clen <= 0xffff);
+    pbufs_freed += clen;
+    pbuf_free(p);
+  }
+#endif /* LWIP_ICMP */
+
+  /* First, free all received pbufs.  The individual pbufs need to be released 
+     separately as they have not yet been chained */
+  p = ipr->p;
+  while (p != NULL) {
+    struct pbuf *pcur;
+    iprh = (struct ip_reass_helper *)p->payload;
+    pcur = p;
+    /* get the next pointer before freeing */
+    p = iprh->next_pbuf;
+    clen = pbuf_clen(pcur);
+    LWIP_ASSERT("pbufs_freed + clen <= 0xffff", pbufs_freed + clen <= 0xffff);
+    pbufs_freed += clen;
+    pbuf_free(pcur);
+  }
+  /* Then, unchain the struct ip_reassdata from the list and free it. */
+  ip_reass_dequeue_datagram(ipr, prev);
+  LWIP_ASSERT("ip_reass_pbufcount >= clen", ip_reass_pbufcount >= pbufs_freed);
+  ip_reass_pbufcount -= pbufs_freed;
+
+  return pbufs_freed;
+}
+
+#if IP_REASS_FREE_OLDEST
+/**
+ * Free the oldest datagram to make room for enqueueing new fragments.
+ * The datagram 'fraghdr' belongs to is not freed!
+ *
+ * @param fraghdr IP header of the current fragment
+ * @param pbufs_needed number of pbufs needed to enqueue
+ *        (used for freeing other datagrams if not enough space)
+ * @return the number of pbufs freed
+ */
+static int
+ip_reass_remove_oldest_datagram(struct ip_hdr *fraghdr, int pbufs_needed)
+{
+  /* @todo Can't we simply remove the last datagram in the
+   *       linked list behind reassdatagrams?
+   */
+  struct ip_reassdata *r, *oldest, *prev;
+  int pbufs_freed = 0, pbufs_freed_current;
+  int other_datagrams;
+
+  /* Free datagrams until being allowed to enqueue 'pbufs_needed' pbufs,
+   * but don't free the datagram that 'fraghdr' belongs to! */
+  do {
+    oldest = NULL;
+    prev = NULL;
+    other_datagrams = 0;
+    r = reassdatagrams;
+    while (r != NULL) {
+      if (!IP_ADDRESSES_AND_ID_MATCH(&r->iphdr, fraghdr)) {
+        /* Not the same datagram as fraghdr */
+        other_datagrams++;
+        if (oldest == NULL) {
+          oldest = r;
+        } else if (r->timer <= oldest->timer) {
+          /* older than the previous oldest */
+          oldest = r;
+        }
+      }
+      if (r->next != NULL) {
+        prev = r;
+      }
+      r = r->next;
+    }
+    if (oldest != NULL) {
+      pbufs_freed_current = ip_reass_free_complete_datagram(oldest, prev);
+      pbufs_freed += pbufs_freed_current;
+    }
+  } while ((pbufs_freed < pbufs_needed) && (other_datagrams > 1));
+  return pbufs_freed;
+}
+#endif /* IP_REASS_FREE_OLDEST */
+
+/**
+ * Enqueues a new fragment into the fragment queue
+ * @param fraghdr points to the new fragments IP hdr
+ * @param clen number of pbufs needed to enqueue (used for freeing other datagrams if not enough space)
+ * @return A pointer to the queue location into which the fragment was enqueued
+ */
+static struct ip_reassdata*
+ip_reass_enqueue_new_datagram(struct ip_hdr *fraghdr, int clen)
+{
+  struct ip_reassdata* ipr;
+  /* No matching previous fragment found, allocate a new reassdata struct */
+  ipr = (struct ip_reassdata *)memp_malloc(MEMP_REASSDATA);
+  if (ipr == NULL) {
+#if IP_REASS_FREE_OLDEST
+    if (ip_reass_remove_oldest_datagram(fraghdr, clen) >= clen) {
+      ipr = (struct ip_reassdata *)memp_malloc(MEMP_REASSDATA);
+    }
+    if (ipr == NULL)
+#endif /* IP_REASS_FREE_OLDEST */
+    {
+      IPFRAG_STATS_INC(ip_frag.memerr);
+      LWIP_DEBUGF(IP_REASS_DEBUG,("Failed to alloc reassdata struct\n"));
+      return NULL;
+    }
+  }
+  memset(ipr, 0, sizeof(struct ip_reassdata));
+  ipr->timer = IP_REASS_MAXAGE;
+
+  /* enqueue the new structure to the front of the list */
+  ipr->next = reassdatagrams;
+  reassdatagrams = ipr;
+  /* copy the ip header for later tests and input */
+  /* @todo: no ip options supported? */
+  SMEMCPY(&(ipr->iphdr), fraghdr, IP_HLEN);
+  return ipr;
+}
+
+/**
+ * Dequeues a datagram from the datagram queue. Doesn't deallocate the pbufs.
+ * @param ipr points to the queue entry to dequeue
+ */
+static void
+ip_reass_dequeue_datagram(struct ip_reassdata *ipr, struct ip_reassdata *prev)
+{
+  
+  /* dequeue the reass struct  */
+  if (reassdatagrams == ipr) {
+    /* it was the first in the list */
+    reassdatagrams = ipr->next;
+  } else {
+    /* it wasn't the first, so it must have a valid 'prev' */
+    LWIP_ASSERT("sanity check linked list", prev != NULL);
+    prev->next = ipr->next;
+  }
+
+  /* now we can free the ip_reass struct */
+  memp_free(MEMP_REASSDATA, ipr);
+}
+
+/**
+ * Chain a new pbuf into the pbuf list that composes the datagram.  The pbuf list
+ * will grow over time as  new pbufs are rx.
+ * Also checks that the datagram passes basic continuity checks (if the last
+ * fragment was received at least once).
+ * @param root_p points to the 'root' pbuf for the current datagram being assembled.
+ * @param new_p points to the pbuf for the current fragment
+ * @return 0 if invalid, >0 otherwise
+ */
+static int
+ip_reass_chain_frag_into_datagram_and_validate(struct ip_reassdata *ipr, struct pbuf *new_p)
+{
+  struct ip_reass_helper *iprh, *iprh_tmp, *iprh_prev=NULL;
+  struct pbuf *q;
+  u16_t offset,len;
+  struct ip_hdr *fraghdr;
+  int valid = 1;
+
+  /* Extract length and fragment offset from current fragment */
+  fraghdr = (struct ip_hdr*)new_p->payload; 
+  len = ntohs(IPH_LEN(fraghdr)) - IPH_HL(fraghdr) * 4;
+  offset = (ntohs(IPH_OFFSET(fraghdr)) & IP_OFFMASK) * 8;
+
+  /* overwrite the fragment's ip header from the pbuf with our helper struct,
+   * and setup the embedded helper structure. */
+  /* make sure the struct ip_reass_helper fits into the IP header */
+  LWIP_ASSERT("sizeof(struct ip_reass_helper) <= IP_HLEN",
+              sizeof(struct ip_reass_helper) <= IP_HLEN);
+  iprh = (struct ip_reass_helper*)new_p->payload;
+  iprh->next_pbuf = NULL;
+  iprh->start = offset;
+  iprh->end = offset + len;
+
+  /* Iterate through until we either get to the end of the list (append),
+   * or we find on with a larger offset (insert). */
+  for (q = ipr->p; q != NULL;) {
+    iprh_tmp = (struct ip_reass_helper*)q->payload;
+    if (iprh->start < iprh_tmp->start) {
+      /* the new pbuf should be inserted before this */
+      iprh->next_pbuf = q;
+      if (iprh_prev != NULL) {
+        /* not the fragment with the lowest offset */
+#if IP_REASS_CHECK_OVERLAP
+        if ((iprh->start < iprh_prev->end) || (iprh->end > iprh_tmp->start)) {
+          /* fragment overlaps with previous or following, throw away */
+          goto freepbuf;
+        }
+#endif /* IP_REASS_CHECK_OVERLAP */
+        iprh_prev->next_pbuf = new_p;
+      } else {
+        /* fragment with the lowest offset */
+        ipr->p = new_p;
+      }
+      break;
+    } else if(iprh->start == iprh_tmp->start) {
+      /* received the same datagram twice: no need to keep the datagram */
+      goto freepbuf;
+#if IP_REASS_CHECK_OVERLAP
+    } else if(iprh->start < iprh_tmp->end) {
+      /* overlap: no need to keep the new datagram */
+      goto freepbuf;
+#endif /* IP_REASS_CHECK_OVERLAP */
+    } else {
+      /* Check if the fragments received so far have no wholes. */
+      if (iprh_prev != NULL) {
+        if (iprh_prev->end != iprh_tmp->start) {
+          /* There is a fragment missing between the current
+           * and the previous fragment */
+          valid = 0;
+        }
+      }
+    }
+    q = iprh_tmp->next_pbuf;
+    iprh_prev = iprh_tmp;
+  }
+
+  /* If q is NULL, then we made it to the end of the list. Determine what to do now */
+  if (q == NULL) {
+    if (iprh_prev != NULL) {
+      /* this is (for now), the fragment with the highest offset:
+       * chain it to the last fragment */
+#if IP_REASS_CHECK_OVERLAP
+      LWIP_ASSERT("check fragments don't overlap", iprh_prev->end <= iprh->start);
+#endif /* IP_REASS_CHECK_OVERLAP */
+      iprh_prev->next_pbuf = new_p;
+      if (iprh_prev->end != iprh->start) {
+        valid = 0;
+      }
+    } else {
+#if IP_REASS_CHECK_OVERLAP
+      LWIP_ASSERT("no previous fragment, this must be the first fragment!",
+        ipr->p == NULL);
+#endif /* IP_REASS_CHECK_OVERLAP */
+      /* this is the first fragment we ever received for this ip datagram */
+      ipr->p = new_p;
+    }
+  }
+
+  /* At this point, the validation part begins: */
+  /* If we already received the last fragment */
+  if ((ipr->flags & IP_REASS_FLAG_LASTFRAG) != 0) {
+    /* and had no wholes so far */
+    if (valid) {
+      /* then check if the rest of the fragments is here */
+      /* Check if the queue starts with the first datagram */
+      if (((struct ip_reass_helper*)ipr->p->payload)->start != 0) {
+        valid = 0;
+      } else {
+        /* and check that there are no wholes after this datagram */
+        iprh_prev = iprh;
+        q = iprh->next_pbuf;
+        while (q != NULL) {
+          iprh = (struct ip_reass_helper*)q->payload;
+          if (iprh_prev->end != iprh->start) {
+            valid = 0;
+            break;
+          }
+          iprh_prev = iprh;
+          q = iprh->next_pbuf;
+        }
+        /* if still valid, all fragments are received
+         * (because to the MF==0 already arrived */
+        if (valid) {
+          LWIP_ASSERT("sanity check", ipr->p != NULL);
+          LWIP_ASSERT("sanity check",
+            ((struct ip_reass_helper*)ipr->p->payload) != iprh);
+          LWIP_ASSERT("validate_datagram:next_pbuf!=NULL",
+            iprh->next_pbuf == NULL);
+          LWIP_ASSERT("validate_datagram:datagram end!=datagram len",
+            iprh->end == ipr->datagram_len);
+        }
+      }
+    }
+    /* If valid is 0 here, there are some fragments missing in the middle
+     * (since MF == 0 has already arrived). Such datagrams simply time out if
+     * no more fragments are received... */
+    return valid;
+  }
+  /* If we come here, not all fragments were received, yet! */
+  return 0; /* not yet valid! */
+#if IP_REASS_CHECK_OVERLAP
+freepbuf:
+  ip_reass_pbufcount -= pbuf_clen(new_p);
+  pbuf_free(new_p);
+  return 0;
+#endif /* IP_REASS_CHECK_OVERLAP */
+}
+
+/**
+ * Reassembles incoming IP fragments into an IP datagram.
+ *
+ * @param p points to a pbuf chain of the fragment
+ * @return NULL if reassembly is incomplete, ? otherwise
+ */
+struct pbuf *
+ip_reass(struct pbuf *p)
+{
+  struct pbuf *r;
+  struct ip_hdr *fraghdr;
+  struct ip_reassdata *ipr;
+  struct ip_reass_helper *iprh;
+  u16_t offset, len;
+  u8_t clen;
+  struct ip_reassdata *ipr_prev = NULL;
+
+  IPFRAG_STATS_INC(ip_frag.recv);
+  snmp_inc_ipreasmreqds();
+
+  fraghdr = (struct ip_hdr*)p->payload;
+
+  if ((IPH_HL(fraghdr) * 4) != IP_HLEN) {
+    LWIP_DEBUGF(IP_REASS_DEBUG,("ip_reass: IP options currently not supported!\n"));
+    IPFRAG_STATS_INC(ip_frag.err);
+    goto nullreturn;
+  }
+
+  offset = (ntohs(IPH_OFFSET(fraghdr)) & IP_OFFMASK) * 8;
+  len = ntohs(IPH_LEN(fraghdr)) - IPH_HL(fraghdr) * 4;
+
+  /* Check if we are allowed to enqueue more datagrams. */
+  clen = pbuf_clen(p);
+  if ((ip_reass_pbufcount + clen) > IP_REASS_MAX_PBUFS) {
+#if IP_REASS_FREE_OLDEST
+    if (!ip_reass_remove_oldest_datagram(fraghdr, clen) ||
+        ((ip_reass_pbufcount + clen) > IP_REASS_MAX_PBUFS))
+#endif /* IP_REASS_FREE_OLDEST */
+    {
+      /* No datagram could be freed and still too many pbufs enqueued */
+      LWIP_DEBUGF(IP_REASS_DEBUG,("ip_reass: Overflow condition: pbufct=%d, clen=%d, MAX=%d\n",
+        ip_reass_pbufcount, clen, IP_REASS_MAX_PBUFS));
+      IPFRAG_STATS_INC(ip_frag.memerr);
+      /* @todo: send ICMP time exceeded here? */
+      /* drop this pbuf */
+      goto nullreturn;
+    }
+  }
+
+  /* Look for the datagram the fragment belongs to in the current datagram queue,
+   * remembering the previous in the queue for later dequeueing. */
+  for (ipr = reassdatagrams; ipr != NULL; ipr = ipr->next) {
+    /* Check if the incoming fragment matches the one currently present
+       in the reassembly buffer. If so, we proceed with copying the
+       fragment into the buffer. */
+    if (IP_ADDRESSES_AND_ID_MATCH(&ipr->iphdr, fraghdr)) {
+      LWIP_DEBUGF(IP_REASS_DEBUG, ("ip_reass: matching previous fragment ID=%"X16_F"\n",
+        ntohs(IPH_ID(fraghdr))));
+      IPFRAG_STATS_INC(ip_frag.cachehit);
+      break;
+    }
+    ipr_prev = ipr;
+  }
+
+  if (ipr == NULL) {
+  /* Enqueue a new datagram into the datagram queue */
+    ipr = ip_reass_enqueue_new_datagram(fraghdr, clen);
+    /* Bail if unable to enqueue */
+    if(ipr == NULL) {
+      goto nullreturn;
+    }
+  } else {
+    if (((ntohs(IPH_OFFSET(fraghdr)) & IP_OFFMASK) == 0) && 
+      ((ntohs(IPH_OFFSET(&ipr->iphdr)) & IP_OFFMASK) != 0)) {
+      /* ipr->iphdr is not the header from the first fragment, but fraghdr is
+       * -> copy fraghdr into ipr->iphdr since we want to have the header
+       * of the first fragment (for ICMP time exceeded and later, for copying
+       * all options, if supported)*/
+      SMEMCPY(&ipr->iphdr, fraghdr, IP_HLEN);
+    }
+  }
+  /* Track the current number of pbufs current 'in-flight', in order to limit 
+  the number of fragments that may be enqueued at any one time */
+  ip_reass_pbufcount += clen;
+
+  /* At this point, we have either created a new entry or pointing 
+   * to an existing one */
+
+  /* check for 'no more fragments', and update queue entry*/
+  if ((IPH_OFFSET(fraghdr) & PP_NTOHS(IP_MF)) == 0) {
+    ipr->flags |= IP_REASS_FLAG_LASTFRAG;
+    ipr->datagram_len = offset + len;
+    LWIP_DEBUGF(IP_REASS_DEBUG,
+     ("ip_reass: last fragment seen, total len %"S16_F"\n",
+      ipr->datagram_len));
+  }
+  /* find the right place to insert this pbuf */
+  /* @todo: trim pbufs if fragments are overlapping */
+  if (ip_reass_chain_frag_into_datagram_and_validate(ipr, p)) {
+    /* the totally last fragment (flag more fragments = 0) was received at least
+     * once AND all fragments are received */
+    ipr->datagram_len += IP_HLEN;
+
+    /* save the second pbuf before copying the header over the pointer */
+    r = ((struct ip_reass_helper*)ipr->p->payload)->next_pbuf;
+
+    /* copy the original ip header back to the first pbuf */
+    fraghdr = (struct ip_hdr*)(ipr->p->payload);
+    SMEMCPY(fraghdr, &ipr->iphdr, IP_HLEN);
+    IPH_LEN_SET(fraghdr, htons(ipr->datagram_len));
+    IPH_OFFSET_SET(fraghdr, 0);
+    IPH_CHKSUM_SET(fraghdr, 0);
+    /* @todo: do we need to set calculate the correct checksum? */
+    IPH_CHKSUM_SET(fraghdr, inet_chksum(fraghdr, IP_HLEN));
+
+    p = ipr->p;
+
+    /* chain together the pbufs contained within the reass_data list. */
+    while(r != NULL) {
+      iprh = (struct ip_reass_helper*)r->payload;
+
+      /* hide the ip header for every succeding fragment */
+      pbuf_header(r, -IP_HLEN);
+      pbuf_cat(p, r);
+      r = iprh->next_pbuf;
+    }
+    /* release the sources allocate for the fragment queue entry */
+    ip_reass_dequeue_datagram(ipr, ipr_prev);
+
+    /* and adjust the number of pbufs currently queued for reassembly. */
+    ip_reass_pbufcount -= pbuf_clen(p);
+
+    /* Return the pbuf chain */
+    return p;
+  }
+  /* the datagram is not (yet?) reassembled completely */
+  LWIP_DEBUGF(IP_REASS_DEBUG,("ip_reass_pbufcount: %d out\n", ip_reass_pbufcount));
+  return NULL;
+
+nullreturn:
+  LWIP_DEBUGF(IP_REASS_DEBUG,("ip_reass: nullreturn\n"));
+  IPFRAG_STATS_INC(ip_frag.drop);
+  pbuf_free(p);
+  return NULL;
+}
+#endif /* IP_REASSEMBLY */
+
+#if IP_FRAG
+#if IP_FRAG_USES_STATIC_BUF
+static u8_t buf[LWIP_MEM_ALIGN_SIZE(IP_FRAG_MAX_MTU + MEM_ALIGNMENT - 1)];
+#else /* IP_FRAG_USES_STATIC_BUF */
+
+#if !LWIP_NETIF_TX_SINGLE_PBUF
+/** Allocate a new struct pbuf_custom_ref */
+static struct pbuf_custom_ref*
+ip_frag_alloc_pbuf_custom_ref(void)
+{
+  return (struct pbuf_custom_ref*)memp_malloc(MEMP_FRAG_PBUF);
+}
+
+/** Free a struct pbuf_custom_ref */
+static void
+ip_frag_free_pbuf_custom_ref(struct pbuf_custom_ref* p)
+{
+  LWIP_ASSERT("p != NULL", p != NULL);
+  memp_free(MEMP_FRAG_PBUF, p);
+}
+
+/** Free-callback function to free a 'struct pbuf_custom_ref', called by
+ * pbuf_free. */
+static void
+ipfrag_free_pbuf_custom(struct pbuf *p)
+{
+  struct pbuf_custom_ref *pcr = (struct pbuf_custom_ref*)p;
+  LWIP_ASSERT("pcr != NULL", pcr != NULL);
+  LWIP_ASSERT("pcr == p", (void*)pcr == (void*)p);
+  if (pcr->original != NULL) {
+    pbuf_free(pcr->original);
+  }
+  ip_frag_free_pbuf_custom_ref(pcr);
+}
+#endif /* !LWIP_NETIF_TX_SINGLE_PBUF */
+#endif /* IP_FRAG_USES_STATIC_BUF */
+
+/**
+ * Fragment an IP datagram if too large for the netif.
+ *
+ * Chop the datagram in MTU sized chunks and send them in order
+ * by using a fixed size static memory buffer (PBUF_REF) or
+ * point PBUF_REFs into p (depending on IP_FRAG_USES_STATIC_BUF).
+ *
+ * @param p ip packet to send
+ * @param netif the netif on which to send
+ * @param dest destination ip address to which to send
+ *
+ * @return ERR_OK if sent successfully, err_t otherwise
+ */
+err_t 
+ip_frag(struct pbuf *p, struct netif *netif, ip_addr_t *dest)
+{
+  struct pbuf *rambuf;
+#if IP_FRAG_USES_STATIC_BUF
+  struct pbuf *header;
+#else
+#if !LWIP_NETIF_TX_SINGLE_PBUF
+  struct pbuf *newpbuf;
+#endif
+  struct ip_hdr *original_iphdr;
+#endif
+  struct ip_hdr *iphdr;
+  u16_t nfb;
+  u16_t left, cop;
+  u16_t mtu = netif->mtu;
+  u16_t ofo, omf;
+  u16_t last;
+  u16_t poff = IP_HLEN;
+  u16_t tmp;
+#if !IP_FRAG_USES_STATIC_BUF && !LWIP_NETIF_TX_SINGLE_PBUF
+  u16_t newpbuflen = 0;
+  u16_t left_to_copy;
+#endif
+
+  /* Get a RAM based MTU sized pbuf */
+#if IP_FRAG_USES_STATIC_BUF
+  /* When using a static buffer, we use a PBUF_REF, which we will
+   * use to reference the packet (without link header).
+   * Layer and length is irrelevant.
+   */
+  rambuf = pbuf_alloc(PBUF_LINK, 0, PBUF_REF);
+  if (rambuf == NULL) {
+    LWIP_DEBUGF(IP_REASS_DEBUG, ("ip_frag: pbuf_alloc(PBUF_LINK, 0, PBUF_REF) failed\n"));
+    return ERR_MEM;
+  }
+  rambuf->tot_len = rambuf->len = mtu;
+  rambuf->payload = LWIP_MEM_ALIGN((void *)buf);
+
+  /* Copy the IP header in it */
+  iphdr = (struct ip_hdr *)rambuf->payload;
+  SMEMCPY(iphdr, p->payload, IP_HLEN);
+#else /* IP_FRAG_USES_STATIC_BUF */
+  original_iphdr = (struct ip_hdr *)p->payload;
+  iphdr = original_iphdr;
+#endif /* IP_FRAG_USES_STATIC_BUF */
+
+  /* Save original offset */
+  tmp = ntohs(IPH_OFFSET(iphdr));
+  ofo = tmp & IP_OFFMASK;
+  omf = tmp & IP_MF;
+
+  left = p->tot_len - IP_HLEN;
+
+  nfb = (mtu - IP_HLEN) / 8;
+
+  while (left) {
+    last = (left <= mtu - IP_HLEN);
+
+    /* Set new offset and MF flag */
+    tmp = omf | (IP_OFFMASK & (ofo));
+    if (!last) {
+      tmp = tmp | IP_MF;
+    }
+
+    /* Fill this fragment */
+    cop = last ? left : nfb * 8;
+
+#if IP_FRAG_USES_STATIC_BUF
+    poff += pbuf_copy_partial(p, (u8_t*)iphdr + IP_HLEN, cop, poff);
+#else /* IP_FRAG_USES_STATIC_BUF */
+#if LWIP_NETIF_TX_SINGLE_PBUF
+    rambuf = pbuf_alloc(PBUF_IP, cop, PBUF_RAM);
+    if (rambuf == NULL) {
+      return ERR_MEM;
+    }
+    LWIP_ASSERT("this needs a pbuf in one piece!",
+      (rambuf->len == rambuf->tot_len) && (rambuf->next == NULL));
+    poff += pbuf_copy_partial(p, rambuf->payload, cop, poff);
+    /* make room for the IP header */
+    if(pbuf_header(rambuf, IP_HLEN)) {
+      pbuf_free(rambuf);
+      return ERR_MEM;
+    }
+    /* fill in the IP header */
+    SMEMCPY(rambuf->payload, original_iphdr, IP_HLEN);
+    iphdr = rambuf->payload;
+#else /* LWIP_NETIF_TX_SINGLE_PBUF */
+    /* When not using a static buffer, create a chain of pbufs.
+     * The first will be a PBUF_RAM holding the link and IP header.
+     * The rest will be PBUF_REFs mirroring the pbuf chain to be fragged,
+     * but limited to the size of an mtu.
+     */
+    rambuf = pbuf_alloc(PBUF_LINK, IP_HLEN, PBUF_RAM);
+    if (rambuf == NULL) {
+      return ERR_MEM;
+    }
+    LWIP_ASSERT("this needs a pbuf in one piece!",
+                (p->len >= (IP_HLEN)));
+    SMEMCPY(rambuf->payload, original_iphdr, IP_HLEN);
+    iphdr = (struct ip_hdr *)rambuf->payload;
+
+    /* Can just adjust p directly for needed offset. */
+    p->payload = (u8_t *)p->payload + poff;
+    p->len -= poff;
+
+    left_to_copy = cop;
+    while (left_to_copy) {
+      struct pbuf_custom_ref *pcr;
+      newpbuflen = (left_to_copy < p->len) ? left_to_copy : p->len;
+      /* Is this pbuf already empty? */
+      if (!newpbuflen) {
+        p = p->next;
+        continue;
+      }
+      pcr = ip_frag_alloc_pbuf_custom_ref();
+      if (pcr == NULL) {
+        pbuf_free(rambuf);
+        return ERR_MEM;
+      }
+      /* Mirror this pbuf, although we might not need all of it. */
+      newpbuf = pbuf_alloced_custom(PBUF_RAW, newpbuflen, PBUF_REF, &pcr->pc, p->payload, newpbuflen);
+      if (newpbuf == NULL) {
+        ip_frag_free_pbuf_custom_ref(pcr);
+        pbuf_free(rambuf);
+        return ERR_MEM;
+      }
+      pbuf_ref(p);
+      pcr->original = p;
+      pcr->pc.custom_free_function = ipfrag_free_pbuf_custom;
+
+      /* Add it to end of rambuf's chain, but using pbuf_cat, not pbuf_chain
+       * so that it is removed when pbuf_dechain is later called on rambuf.
+       */
+      pbuf_cat(rambuf, newpbuf);
+      left_to_copy -= newpbuflen;
+      if (left_to_copy) {
+        p = p->next;
+      }
+    }
+    poff = newpbuflen;
+#endif /* LWIP_NETIF_TX_SINGLE_PBUF */
+#endif /* IP_FRAG_USES_STATIC_BUF */
+
+    /* Correct header */
+    IPH_OFFSET_SET(iphdr, htons(tmp));
+    IPH_LEN_SET(iphdr, htons(cop + IP_HLEN));
+    IPH_CHKSUM_SET(iphdr, 0);
+    IPH_CHKSUM_SET(iphdr, inet_chksum(iphdr, IP_HLEN));
+
+#if IP_FRAG_USES_STATIC_BUF
+    if (last) {
+      pbuf_realloc(rambuf, left + IP_HLEN);
+    }
+
+    /* This part is ugly: we alloc a RAM based pbuf for 
+     * the link level header for each chunk and then 
+     * free it.A PBUF_ROM style pbuf for which pbuf_header
+     * worked would make things simpler.
+     */
+    header = pbuf_alloc(PBUF_LINK, 0, PBUF_RAM);
+    if (header != NULL) {
+      pbuf_chain(header, rambuf);
+      netif->output(netif, header, dest);
+      IPFRAG_STATS_INC(ip_frag.xmit);
+      snmp_inc_ipfragcreates();
+      pbuf_free(header);
+    } else {
+      LWIP_DEBUGF(IP_REASS_DEBUG, ("ip_frag: pbuf_alloc() for header failed\n"));
+      pbuf_free(rambuf);
+      return ERR_MEM;
+    }
+#else /* IP_FRAG_USES_STATIC_BUF */
+    /* No need for separate header pbuf - we allowed room for it in rambuf
+     * when allocated.
+     */
+    netif->output(netif, rambuf, dest);
+    IPFRAG_STATS_INC(ip_frag.xmit);
+
+    /* Unfortunately we can't reuse rambuf - the hardware may still be
+     * using the buffer. Instead we free it (and the ensuing chain) and
+     * recreate it next time round the loop. If we're lucky the hardware
+     * will have already sent the packet, the free will really free, and
+     * there will be zero memory penalty.
+     */
+    
+    pbuf_free(rambuf);
+#endif /* IP_FRAG_USES_STATIC_BUF */
+    left -= cop;
+    ofo += nfb;
+  }
+#if IP_FRAG_USES_STATIC_BUF
+  pbuf_free(rambuf);
+#endif /* IP_FRAG_USES_STATIC_BUF */
+  snmp_inc_ipfragoks();
+  return ERR_OK;
+}
+#endif /* IP_FRAG */
diff --git a/client/3rd/PacketProcessor/PacketProcessor/tun2socks-iOS/lwip/src/core/ipv6/icmp6.c b/client/3rd/PacketProcessor/PacketProcessor/tun2socks-iOS/lwip/src/core/ipv6/icmp6.c
new file mode 100644
index 00000000..fd17f393
--- /dev/null
+++ b/client/3rd/PacketProcessor/PacketProcessor/tun2socks-iOS/lwip/src/core/ipv6/icmp6.c
@@ -0,0 +1,337 @@
+/**
+ * @file
+ *
+ * IPv6 version of ICMP, as per RFC 4443.
+ */
+
+/*
+ * Copyright (c) 2010 Inico Technologies Ltd.
+ * All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without modification,
+ * are permitted provided that the following conditions are met:
+ *
+ * 1. Redistributions of source code must retain the above copyright notice,
+ *    this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright notice,
+ *    this list of conditions and the following disclaimer in the documentation
+ *    and/or other materials provided with the distribution.
+ * 3. The name of the author may not be used to endorse or promote products
+ *    derived from this software without specific prior written permission.
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE AUTHOR ``AS IS'' AND ANY EXPRESS OR IMPLIED
+ * WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF
+ * MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT
+ * SHALL THE AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL,
+ * EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT
+ * OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS
+ * INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN
+ * CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING
+ * IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY
+ * OF SUCH DAMAGE.
+ *
+ * This file is part of the lwIP TCP/IP stack.
+ *
+ * Author: Ivan Delamer <delamer@inicotech.com>
+ *
+ *
+ * Please coordinate changes and requests with Ivan Delamer
+ * <delamer@inicotech.com>
+ */
+
+#include "lwip/opt.h"
+
+#if LWIP_ICMP6 && LWIP_IPV6 /* don't build if not configured for use in lwipopts.h */
+
+#include "lwip/icmp6.h"
+#include "lwip/ip6.h"
+#include "lwip/ip6_addr.h"
+#include "lwip/inet_chksum.h"
+#include "lwip/pbuf.h"
+#include "lwip/netif.h"
+#include "lwip/nd6.h"
+#include "lwip/mld6.h"
+#include "lwip/stats.h"
+
+#include <string.h>
+
+#ifndef LWIP_ICMP6_DATASIZE
+#define LWIP_ICMP6_DATASIZE   8
+#endif
+#if LWIP_ICMP6_DATASIZE == 0
+#define LWIP_ICMP6_DATASIZE   8
+#endif
+
+/* Forward declarations */
+static void icmp6_send_response(struct pbuf *p, u8_t code, u32_t data, u8_t type);
+
+
+/**
+ * Process an input ICMPv6 message. Called by ip6_input.
+ *
+ * Will generate a reply for echo requests. Other messages are forwarded
+ * to nd6_input, or mld6_input.
+ *
+ * @param p the mld packet, p->payload pointing to the icmpv6 header
+ * @param inp the netif on which this packet was received
+ */
+void
+icmp6_input(struct pbuf *p, struct netif *inp)
+{
+  struct pp_icmp6_hdr *icmp6hdr;
+  struct pbuf * r;
+  ip6_addr_t * reply_src;
+
+  ICMP6_STATS_INC(icmp6.recv);
+
+  /* Check that ICMPv6 header fits in payload */
+  if (p->len < sizeof(struct pp_icmp6_hdr)) {
+    /* drop short packets */
+    pbuf_free(p);
+    ICMP6_STATS_INC(icmp6.lenerr);
+    ICMP6_STATS_INC(icmp6.drop);
+    return;
+  }
+
+  icmp6hdr = (struct pp_icmp6_hdr *)p->payload;
+
+#if LWIP_ICMP6_CHECKSUM_CHECK
+  if (ip6_chksum_pseudo(p, IP6_NEXTH_ICMP6, p->tot_len, ip6_current_src_addr(),
+                        ip6_current_dest_addr()) != 0) {
+    /* Checksum failed */
+    pbuf_free(p);
+    ICMP6_STATS_INC(icmp6.chkerr);
+    ICMP6_STATS_INC(icmp6.drop);
+    return;
+  }
+#endif /* LWIP_ICMP6_CHECKSUM_CHECK */
+
+  switch (icmp6hdr->type) {
+  case ICMP6_TYPE_NA: /* Neighbor advertisement */
+  case ICMP6_TYPE_NS: /* Neighbor solicitation */
+  case ICMP6_TYPE_RA: /* Router advertisement */
+  case ICMP6_TYPE_RD: /* Redirect */
+  case ICMP6_TYPE_PTB: /* Packet too big */
+    nd6_input(p, inp);
+    return;
+    break;
+  case ICMP6_TYPE_RS:
+#if LWIP_IPV6_FORWARD
+    /* TODO implement router functionality */
+#endif
+    break;
+#if LWIP_IPV6_MLD
+  case ICMP6_TYPE_MLQ:
+  case ICMP6_TYPE_MLR:
+  case ICMP6_TYPE_MLD:
+    mld6_input(p, inp);
+    return;
+    break;
+#endif
+  case ICMP6_TYPE_EREQ:
+#if !LWIP_MULTICAST_PING
+    /* multicast destination address? */
+    if (ip6_addr_ismulticast(ip6_current_dest_addr())) {
+      /* drop */
+      pbuf_free(p);
+      ICMP6_STATS_INC(icmp6.drop);
+      return;
+    }
+#endif /* LWIP_MULTICAST_PING */
+
+    /* Allocate reply. */
+    r = pbuf_alloc(PBUF_IP, p->tot_len, PBUF_RAM);
+    if (r == NULL) {
+      /* drop */
+      pbuf_free(p);
+      ICMP6_STATS_INC(icmp6.memerr);
+      return;
+    }
+
+    /* Copy echo request. */
+    if (pbuf_copy(r, p) != ERR_OK) {
+      /* drop */
+      pbuf_free(p);
+      pbuf_free(r);
+      ICMP6_STATS_INC(icmp6.err);
+      return;
+    }
+
+    /* Determine reply source IPv6 address. */
+#if LWIP_MULTICAST_PING
+    if (ip6_addr_ismulticast(ip6_current_dest_addr())) {
+      reply_src = ip6_select_source_address(inp, ip6_current_src_addr());
+      if (reply_src == NULL) {
+        /* drop */
+        pbuf_free(p);
+        pbuf_free(r);
+        ICMP6_STATS_INC(icmp6.rterr);
+        return;
+      }
+    }
+    else
+#endif /* LWIP_MULTICAST_PING */
+    {
+      reply_src = ip6_current_dest_addr();
+    }
+
+    /* Set fields in reply. */
+    ((struct icmp6_echo_hdr *)(r->payload))->type = ICMP6_TYPE_EREP;
+    ((struct icmp6_echo_hdr *)(r->payload))->chksum = 0;
+    ((struct icmp6_echo_hdr *)(r->payload))->chksum = ip6_chksum_pseudo(r,
+        IP6_NEXTH_ICMP6, r->tot_len, reply_src, ip6_current_src_addr());
+
+    /* Send reply. */
+    ICMP6_STATS_INC(icmp6.xmit);
+    ip6_output_if(r, reply_src, ip6_current_src_addr(),
+        LWIP_ICMP6_HL, 0, IP6_NEXTH_ICMP6, inp);
+    pbuf_free(r);
+
+    break;
+  default:
+    ICMP6_STATS_INC(icmp6.proterr);
+    ICMP6_STATS_INC(icmp6.drop);
+    break;
+  }
+
+  pbuf_free(p);
+}
+
+
+/**
+ * Send an icmpv6 'destination unreachable' packet.
+ *
+ * @param p the input packet for which the 'unreachable' should be sent,
+ *          p->payload pointing to the IPv6 header
+ * @param c ICMPv6 code for the unreachable type
+ */
+void
+icmp6_dest_unreach(struct pbuf *p, enum icmp6_dur_code c)
+{
+  icmp6_send_response(p, c, 0, ICMP6_TYPE_DUR);
+}
+
+/**
+ * Send an icmpv6 'packet too big' packet.
+ *
+ * @param p the input packet for which the 'packet too big' should be sent,
+ *          p->payload pointing to the IPv6 header
+ * @param mtu the maximum mtu that we can accept
+ */
+void
+icmp6_packet_too_big(struct pbuf *p, u32_t mtu)
+{
+  icmp6_send_response(p, 0, mtu, ICMP6_TYPE_PTB);
+}
+
+/**
+ * Send an icmpv6 'time exceeded' packet.
+ *
+ * @param p the input packet for which the 'unreachable' should be sent,
+ *          p->payload pointing to the IPv6 header
+ * @param c ICMPv6 code for the time exceeded type
+ */
+void
+icmp6_time_exceeded(struct pbuf *p, enum icmp6_te_code c)
+{
+  icmp6_send_response(p, c, 0, ICMP6_TYPE_TE);
+}
+
+/**
+ * Send an icmpv6 'parameter problem' packet.
+ *
+ * @param p the input packet for which the 'param problem' should be sent,
+ *          p->payload pointing to the IP header
+ * @param c ICMPv6 code for the param problem type
+ * @param pointer the pointer to the byte where the parameter is found
+ */
+void
+icmp6_param_problem(struct pbuf *p, enum icmp6_pp_code c, u32_t pointer)
+{
+  icmp6_send_response(p, c, pointer, ICMP6_TYPE_PP);
+}
+
+/**
+ * Send an ICMPv6 packet in response to an incoming packet.
+ *
+ * @param p the input packet for which the response should be sent,
+ *          p->payload pointing to the IPv6 header
+ * @param code Code of the ICMPv6 header
+ * @param data Additional 32-bit parameter in the ICMPv6 header
+ * @param type Type of the ICMPv6 header
+ */
+static void
+icmp6_send_response(struct pbuf *p, u8_t code, u32_t data, u8_t type)
+{
+  struct pbuf *q;
+  struct pp_icmp6_hdr *icmp6hdr;
+  ip6_addr_t *reply_src, *reply_dest;
+  ip6_addr_t reply_src_local, reply_dest_local;
+  struct ip6_hdr *ip6hdr;
+  struct netif *netif;
+
+  /* ICMPv6 header + IPv6 header + data */
+  q = pbuf_alloc(PBUF_IP, sizeof(struct pp_icmp6_hdr) + IP6_HLEN + LWIP_ICMP6_DATASIZE,
+                 PBUF_RAM);
+  if (q == NULL) {
+    LWIP_DEBUGF(ICMP_DEBUG, ("icmp_time_exceeded: failed to allocate pbuf for ICMPv6 packet.\n"));
+    ICMP6_STATS_INC(icmp6.memerr);
+    return;
+  }
+  LWIP_ASSERT("check that first pbuf can hold icmp 6message",
+             (q->len >= (sizeof(struct pp_icmp6_hdr) + IP6_HLEN + LWIP_ICMP6_DATASIZE)));
+
+  icmp6hdr = (struct pp_icmp6_hdr *)q->payload;
+  icmp6hdr->type = type;
+  icmp6hdr->code = code;
+  icmp6hdr->data = data;
+
+  /* copy fields from original packet */
+  SMEMCPY((u8_t *)q->payload + sizeof(struct pp_icmp6_hdr), (u8_t *)p->payload,
+          IP6_HLEN + LWIP_ICMP6_DATASIZE);
+
+  /* Get the destination address and netif for this ICMP message. */
+  if ((ip_current_netif() == NULL) ||
+      ((code == ICMP6_TE_FRAG) && (type == ICMP6_TYPE_TE))) {
+    /* Special case, as ip6_current_xxx is either NULL, or points
+     * to a different packet than the one that expired.
+     * We must use the addresses that are stored in the expired packet. */
+    ip6hdr = (struct ip6_hdr *)p->payload;
+    /* copy from packed address to aligned address */
+    ip6_addr_copy(reply_dest_local, ip6hdr->src);
+    ip6_addr_copy(reply_src_local, ip6hdr->dest);
+    reply_dest = &reply_dest_local;
+    reply_src = &reply_src_local;
+    netif = ip6_route(reply_src, reply_dest);
+    if (netif == NULL) {
+      /* drop */
+      pbuf_free(q);
+      ICMP6_STATS_INC(icmp6.rterr);
+      return;
+    }
+  }
+  else {
+    netif = ip_current_netif();
+    reply_dest = ip6_current_src_addr();
+
+    /* Select an address to use as source. */
+    reply_src = ip6_select_source_address(netif, reply_dest);
+    if (reply_src == NULL) {
+      /* drop */
+      pbuf_free(q);
+      ICMP6_STATS_INC(icmp6.rterr);
+      return;
+    }
+  }
+
+  /* calculate checksum */
+  icmp6hdr->chksum = 0;
+  icmp6hdr->chksum = ip6_chksum_pseudo(q, IP6_NEXTH_ICMP6, q->tot_len,
+    reply_src, reply_dest);
+
+  ICMP6_STATS_INC(icmp6.xmit);
+  ip6_output_if(q, reply_src, reply_dest, LWIP_ICMP6_HL, 0, IP6_NEXTH_ICMP6, netif);
+  pbuf_free(q);
+}
+
+#endif /* LWIP_ICMP6 && LWIP_IPV6 */
diff --git a/client/3rd/PacketProcessor/PacketProcessor/tun2socks-iOS/lwip/src/core/ipv6/ip6.c b/client/3rd/PacketProcessor/PacketProcessor/tun2socks-iOS/lwip/src/core/ipv6/ip6.c
new file mode 100644
index 00000000..1eb91f96
--- /dev/null
+++ b/client/3rd/PacketProcessor/PacketProcessor/tun2socks-iOS/lwip/src/core/ipv6/ip6.c
@@ -0,0 +1,1034 @@
+/**
+ * @file
+ *
+ * IPv6 layer.
+ */
+
+/*
+ * Copyright (c) 2010 Inico Technologies Ltd.
+ * All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without modification,
+ * are permitted provided that the following conditions are met:
+ *
+ * 1. Redistributions of source code must retain the above copyright notice,
+ *    this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright notice,
+ *    this list of conditions and the following disclaimer in the documentation
+ *    and/or other materials provided with the distribution.
+ * 3. The name of the author may not be used to endorse or promote products
+ *    derived from this software without specific prior written permission.
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE AUTHOR ``AS IS'' AND ANY EXPRESS OR IMPLIED
+ * WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF
+ * MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT
+ * SHALL THE AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL,
+ * EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT
+ * OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS
+ * INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN
+ * CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING
+ * IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY
+ * OF SUCH DAMAGE.
+ *
+ * This file is part of the lwIP TCP/IP stack.
+ *
+ * Author: Ivan Delamer <delamer@inicotech.com>
+ *
+ *
+ * Please coordinate changes and requests with Ivan Delamer
+ * <delamer@inicotech.com>
+ */
+
+
+#include "lwip/opt.h"
+
+#if LWIP_IPV6  /* don't build if not configured for use in lwipopts.h */
+
+#include "lwip/def.h"
+#include "lwip/mem.h"
+#include "lwip/netif.h"
+#include "lwip/ip6.h"
+#include "lwip/ip6_addr.h"
+#include "lwip/ip6_frag.h"
+#include "lwip/icmp6.h"
+#include "lwip/raw.h"
+#include "lwip/udp.h"
+#include "lwip/tcp_impl.h"
+#include "lwip/dhcp6.h"
+#include "lwip/nd6.h"
+#include "lwip/mld6.h"
+#include "lwip/debug.h"
+#include "lwip/stats.h"
+
+
+/**
+ * Finds the appropriate network interface for a given IPv6 address. It tries to select
+ * a netif following a sequence of heuristics:
+ * 1) if there is only 1 netif, return it
+ * 2) if the destination is a link-local address, try to match the src address to a netif.
+ *    this is a tricky case because with multiple netifs, link-local addresses only have
+ *    meaning within a particular subnet/link.
+ * 3) tries to match the destination subnet to a configured address
+ * 4) tries to find a router
+ * 5) tries to match the source address to the netif
+ * 6) returns the default netif, if configured
+ *
+ * @param src the source IPv6 address, if known
+ * @param dest the destination IPv6 address for which to find the route
+ * @return the netif on which to send to reach dest
+ */
+struct netif *
+ip6_route(struct ip6_addr *src, struct ip6_addr *dest)
+{
+  struct netif *netif;
+  s8_t i;
+
+  /* If single netif configuration, fast return. */
+  if ((netif_list != NULL) && (netif_list->next == NULL)) {
+    return netif_list;
+  }
+
+  /* Special processing for link-local addresses. */
+  if (ip6_addr_islinklocal(dest)) {
+    if (ip6_addr_isany(src)) {
+      /* Use default netif. */
+      return netif_default;
+    }
+
+    /* Try to find the netif for the source address. */
+    for(netif = netif_list; netif != NULL; netif = netif->next) {
+      for (i = 0; i < LWIP_IPV6_NUM_ADDRESSES; i++) {
+        if (ip6_addr_isvalid(netif_ip6_addr_state(netif, i)) &&
+            ip6_addr_cmp(src, netif_ip6_addr(netif, i))) {
+          return netif;
+        }
+      }
+    }
+
+    /* netif not found, use default netif */
+    return netif_default;
+  }
+
+  /* See if the destination subnet matches a configured address. */
+  for(netif = netif_list; netif != NULL; netif = netif->next) {
+    for (i = 0; i < LWIP_IPV6_NUM_ADDRESSES; i++) {
+      if (ip6_addr_isvalid(netif_ip6_addr_state(netif, i)) &&
+          ip6_addr_netcmp(dest, netif_ip6_addr(netif, i))) {
+        return netif;
+      }
+    }
+  }
+
+  /* Get the netif for a suitable router. */
+  i = nd6_select_router(dest, NULL);
+  if (i >= 0) {
+    if (default_router_list[i].neighbor_entry != NULL) {
+      if (default_router_list[i].neighbor_entry->netif != NULL) {
+        return default_router_list[i].neighbor_entry->netif;
+      }
+    }
+  }
+
+  /* try with the netif that matches the source address. */
+  if (!ip6_addr_isany(src)) {
+    for(netif = netif_list; netif != NULL; netif = netif->next) {
+      for (i = 0; i < LWIP_IPV6_NUM_ADDRESSES; i++) {
+        if (ip6_addr_isvalid(netif_ip6_addr_state(netif, i)) &&
+            ip6_addr_cmp(src, netif_ip6_addr(netif, i))) {
+          return netif;
+        }
+      }
+    }
+  }
+
+  /* no matching netif found, use default netif */
+  return netif_default;
+}
+
+/**
+ * Select the best IPv6 source address for a given destination
+ * IPv6 address. Loosely follows RFC 3484. "Strong host" behavior
+ * is assumed.
+ *
+ * @param netif the netif on which to send a packet
+ * @param dest the destination we are trying to reach
+ * @return the most suitable source address to use, or NULL if no suitable
+ *         source address is found
+ */
+ip6_addr_t *
+ip6_select_source_address(struct netif *netif, ip6_addr_t * dest)
+{
+  ip6_addr_t * src = NULL;
+  u8_t i;
+
+  /* If dest is link-local, choose a link-local source. */
+  if (ip6_addr_islinklocal(dest) || ip6_addr_ismulticast_linklocal(dest) || ip6_addr_ismulticast_iflocal(dest)) {
+    for (i = 0; i < LWIP_IPV6_NUM_ADDRESSES; i++) {
+      if (ip6_addr_isvalid(netif_ip6_addr_state(netif, i)) &&
+          ip6_addr_islinklocal(netif_ip6_addr(netif, i))) {
+        return netif_ip6_addr(netif, i);
+      }
+    }
+  }
+
+  /* Choose a site-local with matching prefix. */
+  if (ip6_addr_issitelocal(dest) || ip6_addr_ismulticast_sitelocal(dest)) {
+    for (i = 0; i < LWIP_IPV6_NUM_ADDRESSES; i++) {
+      if (ip6_addr_isvalid(netif_ip6_addr_state(netif, i)) &&
+          ip6_addr_issitelocal(netif_ip6_addr(netif, i)) &&
+          ip6_addr_netcmp(dest, netif_ip6_addr(netif, i))) {
+        return netif_ip6_addr(netif, i);
+      }
+    }
+  }
+
+  /* Choose a unique-local with matching prefix. */
+  if (ip6_addr_isuniquelocal(dest) || ip6_addr_ismulticast_orglocal(dest)) {
+    for (i = 0; i < LWIP_IPV6_NUM_ADDRESSES; i++) {
+      if (ip6_addr_isvalid(netif_ip6_addr_state(netif, i)) &&
+          ip6_addr_isuniquelocal(netif_ip6_addr(netif, i)) &&
+          ip6_addr_netcmp(dest, netif_ip6_addr(netif, i))) {
+        return netif_ip6_addr(netif, i);
+      }
+    }
+  }
+
+  /* Choose a global with best matching prefix. */
+  if (ip6_addr_isglobal(dest) || ip6_addr_ismulticast_global(dest)) {
+    for (i = 0; i < LWIP_IPV6_NUM_ADDRESSES; i++) {
+      if (ip6_addr_isvalid(netif_ip6_addr_state(netif, i)) &&
+          ip6_addr_isglobal(netif_ip6_addr(netif, i))) {
+        if (src == NULL) {
+          src = netif_ip6_addr(netif, i);
+        }
+        else {
+          /* Replace src only if we find a prefix match. */
+          /* TODO find longest matching prefix. */
+          if ((!(ip6_addr_netcmp(src, dest))) &&
+              ip6_addr_netcmp(netif_ip6_addr(netif, i), dest)) {
+            src = netif_ip6_addr(netif, i);
+          }
+        }
+      }
+    }
+    if (src != NULL) {
+      return src;
+    }
+  }
+
+  /* Last resort: see if arbitrary prefix matches. */
+  for (i = 0; i < LWIP_IPV6_NUM_ADDRESSES; i++) {
+    if (ip6_addr_isvalid(netif_ip6_addr_state(netif, i)) &&
+        ip6_addr_netcmp(dest, netif_ip6_addr(netif, i))) {
+      return netif_ip6_addr(netif, i);
+    }
+  }
+
+  return NULL;
+}
+
+#if LWIP_IPV6_FORWARD
+/**
+ * Forwards an IPv6 packet. It finds an appropriate route for the
+ * packet, decrements the HL value of the packet, and outputs
+ * the packet on the appropriate interface.
+ *
+ * @param p the packet to forward (p->payload points to IP header)
+ * @param iphdr the IPv6 header of the input packet
+ * @param inp the netif on which this packet was received
+ */
+static void
+ip6_forward(struct pbuf *p, struct ip6_hdr *iphdr, struct netif *inp)
+{
+  struct netif *netif;
+
+  /* do not forward link-local addresses */
+  if (ip6_addr_islinklocal(ip6_current_dest_addr())) {
+    LWIP_DEBUGF(IP6_DEBUG, ("ip6_forward: not forwarding link-local address.\n"));
+    IP6_STATS_INC(ip6.rterr);
+    IP6_STATS_INC(ip6.drop);
+    return;
+  }
+
+  /* Find network interface where to forward this IP packet to. */
+  netif = ip6_route(IP6_ADDR_ANY, ip6_current_dest_addr());
+  if (netif == NULL) {
+    LWIP_DEBUGF(IP6_DEBUG, ("ip6_forward: no route for %"X16_F":%"X16_F":%"X16_F":%"X16_F":%"X16_F":%"X16_F":%"X16_F":%"X16_F"\n",
+        IP6_ADDR_BLOCK1(ip6_current_dest_addr()),
+        IP6_ADDR_BLOCK2(ip6_current_dest_addr()),
+        IP6_ADDR_BLOCK3(ip6_current_dest_addr()),
+        IP6_ADDR_BLOCK4(ip6_current_dest_addr()),
+        IP6_ADDR_BLOCK5(ip6_current_dest_addr()),
+        IP6_ADDR_BLOCK6(ip6_current_dest_addr()),
+        IP6_ADDR_BLOCK7(ip6_current_dest_addr()),
+        IP6_ADDR_BLOCK8(ip6_current_dest_addr())));
+#if LWIP_ICMP6
+    /* Don't send ICMP messages in response to ICMP messages */
+    if (IP6H_NEXTH(iphdr) != IP6_NEXTH_ICMP6) {
+      icmp6_dest_unreach(p, ICMP6_DUR_NO_ROUTE);
+    }
+#endif /* LWIP_ICMP6 */
+    IP6_STATS_INC(ip6.rterr);
+    IP6_STATS_INC(ip6.drop);
+    return;
+  }
+  /* Do not forward packets onto the same network interface on which
+   * they arrived. */
+  if (netif == inp) {
+    LWIP_DEBUGF(IP6_DEBUG, ("ip6_forward: not bouncing packets back on incoming interface.\n"));
+    IP6_STATS_INC(ip6.rterr);
+    IP6_STATS_INC(ip6.drop);
+    return;
+  }
+
+  /* decrement HL */
+  IP6H_HOPLIM_SET(iphdr, IP6H_HOPLIM(iphdr) - 1);
+  /* send ICMP6 if HL == 0 */
+  if (IP6H_HOPLIM(iphdr) == 0) {
+#if LWIP_ICMP6
+    /* Don't send ICMP messages in response to ICMP messages */
+    if (IP6H_NEXTH(iphdr) != IP6_NEXTH_ICMP6) {
+      icmp6_time_exceeded(p, ICMP6_TE_HL);
+    }
+#endif /* LWIP_ICMP6 */
+    IP6_STATS_INC(ip6.drop);
+    return;
+  }
+
+  if (netif->mtu && (p->tot_len > netif->mtu)) {
+#if LWIP_ICMP6
+    /* Don't send ICMP messages in response to ICMP messages */
+    if (IP6H_NEXTH(iphdr) != IP6_NEXTH_ICMP6) {
+      icmp6_packet_too_big(p, netif->mtu);
+    }
+#endif /* LWIP_ICMP6 */
+    IP6_STATS_INC(ip6.drop);
+    return;
+  }
+
+  LWIP_DEBUGF(IP6_DEBUG, ("ip6_forward: forwarding packet to %"X16_F":%"X16_F":%"X16_F":%"X16_F":%"X16_F":%"X16_F":%"X16_F":%"X16_F"\n",
+      IP6_ADDR_BLOCK1(ip6_current_dest_addr()),
+      IP6_ADDR_BLOCK2(ip6_current_dest_addr()),
+      IP6_ADDR_BLOCK3(ip6_current_dest_addr()),
+      IP6_ADDR_BLOCK4(ip6_current_dest_addr()),
+      IP6_ADDR_BLOCK5(ip6_current_dest_addr()),
+      IP6_ADDR_BLOCK6(ip6_current_dest_addr()),
+      IP6_ADDR_BLOCK7(ip6_current_dest_addr()),
+      IP6_ADDR_BLOCK8(ip6_current_dest_addr())));
+
+  /* transmit pbuf on chosen interface */
+  netif->output_ip6(netif, p, ip6_current_dest_addr());
+  IP6_STATS_INC(ip6.fw);
+  IP6_STATS_INC(ip6.xmit);
+  return;
+}
+#endif /* LWIP_IPV6_FORWARD */
+
+
+/**
+ * This function is called by the network interface device driver when
+ * an IPv6 packet is received. The function does the basic checks of the
+ * IP header such as packet size being at least larger than the header
+ * size etc. If the packet was not destined for us, the packet is
+ * forwarded (using ip6_forward).
+ *
+ * Finally, the packet is sent to the upper layer protocol input function.
+ *
+ * @param p the received IPv6 packet (p->payload points to IPv6 header)
+ * @param inp the netif on which this packet was received
+ * @return ERR_OK if the packet was processed (could return ERR_* if it wasn't
+ *         processed, but currently always returns ERR_OK)
+ */
+err_t
+ip6_input(struct pbuf *p, struct netif *inp)
+{
+  struct ip6_hdr *ip6hdr;
+  struct netif *netif;
+  u8_t nexth;
+  u16_t hlen; /* the current header length */
+  u8_t i;
+#if 0 /*IP_ACCEPT_LINK_LAYER_ADDRESSING*/
+  @todo
+  int check_ip_src=1;
+#endif /* IP_ACCEPT_LINK_LAYER_ADDRESSING */
+
+  IP6_STATS_INC(ip6.recv);
+
+  /* identify the IP header */
+  ip6hdr = (struct ip6_hdr *)p->payload;
+  if (IP6H_V(ip6hdr) != 6) {
+    LWIP_DEBUGF(IP6_DEBUG | LWIP_DBG_LEVEL_WARNING, ("IPv6 packet dropped due to bad version number %"U32_F"\n",
+        IP6H_V(ip6hdr)));
+    pbuf_free(p);
+    IP6_STATS_INC(ip6.err);
+    IP6_STATS_INC(ip6.drop);
+    return ERR_OK;
+  }
+
+  /* header length exceeds first pbuf length, or ip length exceeds total pbuf length? */
+  if ((IP6_HLEN > p->len) || ((IP6H_PLEN(ip6hdr) + IP6_HLEN) > p->tot_len)) {
+    if (IP6_HLEN > p->len) {
+      LWIP_DEBUGF(IP6_DEBUG | LWIP_DBG_LEVEL_SERIOUS,
+        ("IPv6 header (len %"U16_F") does not fit in first pbuf (len %"U16_F"), IP packet dropped.\n",
+            IP6_HLEN, p->len));
+    }
+    if ((IP6H_PLEN(ip6hdr) + IP6_HLEN) > p->tot_len) {
+      LWIP_DEBUGF(IP6_DEBUG | LWIP_DBG_LEVEL_SERIOUS,
+        ("IPv6 (plen %"U16_F") is longer than pbuf (len %"U16_F"), IP packet dropped.\n",
+            IP6H_PLEN(ip6hdr) + IP6_HLEN, p->tot_len));
+    }
+    /* free (drop) packet pbufs */
+    pbuf_free(p);
+    IP6_STATS_INC(ip6.lenerr);
+    IP6_STATS_INC(ip6.drop);
+    return ERR_OK;
+  }
+
+  /* Trim pbuf. This should have been done at the netif layer,
+   * but we'll do it anyway just to be sure that its done. */
+  pbuf_realloc(p, IP6_HLEN + IP6H_PLEN(ip6hdr));
+
+  /* copy IP addresses to aligned ip6_addr_t */
+  ip6_addr_copy(ip_data.current_iphdr_dest.ip6, ip6hdr->dest);
+  ip6_addr_copy(ip_data.current_iphdr_src.ip6, ip6hdr->src);
+
+  /* current header pointer. */
+  ip_data.current_ip6_header = ip6hdr;
+
+  /* In netif, used in case we need to send ICMPv6 packets back. */
+  ip_data.current_netif = inp;
+
+  /* match packet against an interface, i.e. is this packet for us? */
+  if (ip6_addr_ismulticast(ip6_current_dest_addr())) {
+    /* Always joined to multicast if-local and link-local all-nodes group. */
+    if (ip6_addr_isallnodes_iflocal(ip6_current_dest_addr()) ||
+        ip6_addr_isallnodes_linklocal(ip6_current_dest_addr())) {
+      netif = inp;
+    }
+#if LWIP_IPV6_MLD
+    else if (mld6_lookfor_group(inp, ip6_current_dest_addr())) {
+      netif = inp;
+    }
+#else /* LWIP_IPV6_MLD */
+    else if (ip6_addr_issolicitednode(ip6_current_dest_addr())) {
+      /* Filter solicited node packets when MLD is not enabled
+       * (for Neighbor discovery). */
+      netif = NULL;
+      for (i = 0; i < LWIP_IPV6_NUM_ADDRESSES; i++) {
+        if (ip6_addr_isvalid(netif_ip6_addr_state(inp, i)) &&
+            ip6_addr_cmp_solicitednode(ip6_current_dest_addr(), netif_ip6_addr(inp, i))) {
+          netif = inp;
+          LWIP_DEBUGF(IP6_DEBUG, ("ip6_input: solicited node packet accepted on interface %c%c\n",
+              netif->name[0], netif->name[1]));
+          break;
+        }
+      }
+    }
+#endif /* LWIP_IPV6_MLD */
+    else {
+      netif = NULL;
+    }
+  }
+  else {
+    /* start trying with inp. if that's not acceptable, start walking the
+       list of configured netifs.
+       'first' is used as a boolean to mark whether we started walking the list */
+    int first = 1;
+    netif = inp;
+    do {
+      /* interface is up? */
+      if (netif_is_up(netif)) {
+        /* unicast to this interface address? address configured? */
+        for (i = 0; i < LWIP_IPV6_NUM_ADDRESSES; i++) {
+          if (ip6_addr_isvalid(netif_ip6_addr_state(netif, i)) &&
+              ip6_addr_cmp(ip6_current_dest_addr(), netif_ip6_addr(netif, i))) {
+            /* exit outer loop */
+            goto netif_found;
+          }
+        }
+      }
+      if (ip6_addr_islinklocal(ip6_current_dest_addr())) {
+        /* Do not match link-local addresses to other netifs. */
+        netif = NULL;
+        break;
+      }
+      if (first) {
+        first = 0;
+        netif = netif_list;
+      } else {
+        netif = netif->next;
+      }
+      if (netif == inp) {
+        netif = netif->next;
+      }
+    } while(netif != NULL);
+netif_found:
+    LWIP_DEBUGF(IP6_DEBUG, ("ip6_input: packet accepted on interface %c%c\n",
+        netif ? netif->name[0] : 'X', netif? netif->name[1] : 'X'));
+  }
+
+  /* "::" packet source address? (used in duplicate address detection) */
+  if (ip6_addr_isany(ip6_current_src_addr()) &&
+      (!ip6_addr_issolicitednode(ip6_current_dest_addr()))) {
+    /* packet source is not valid */
+    /* free (drop) packet pbufs */
+    LWIP_DEBUGF(IP6_DEBUG, ("ip6_input: packet with src ANY_ADDRESS dropped\n"));
+    pbuf_free(p);
+    IP6_STATS_INC(ip6.drop);
+    goto ip6_input_cleanup;
+  }
+  
+  /* if we're pretending we are everyone for TCP, assume the packet is for source interface if it
+     isn't for a local address */
+  if (netif == NULL && (inp->flags & NETIF_FLAG_PRETEND_TCP) && IP6H_NEXTH(ip6hdr) == IP6_NEXTH_TCP) {
+      netif = inp;
+  }
+
+  /* packet not for us? */
+  if (netif == NULL) {
+    /* packet not for us, route or discard */
+    LWIP_DEBUGF(IP6_DEBUG | LWIP_DBG_TRACE, ("ip6_input: packet not for us.\n"));
+#if LWIP_IPV6_FORWARD
+    /* non-multicast packet? */
+    if (!ip6_addr_ismulticast(ip6_current_dest_addr())) {
+      /* try to forward IP packet on (other) interfaces */
+      ip6_forward(p, ip6hdr, inp);
+    }
+#endif /* LWIP_IPV6_FORWARD */
+    pbuf_free(p);
+    goto ip6_input_cleanup;
+  }
+
+  /* current netif pointer. */
+  ip_data.current_netif = netif;
+
+  /* Save next header type. */
+  nexth = IP6H_NEXTH(ip6hdr);
+
+  /* Init header length. */
+  hlen = ip_data.current_ip_header_tot_len = IP6_HLEN;
+
+  /* Move to payload. */
+  pbuf_header(p, -IP6_HLEN);
+
+  /* Process known option extension headers, if present. */
+  while (nexth != IP6_NEXTH_NONE)
+  {
+    switch (nexth) {
+    case IP6_NEXTH_HOPBYHOP:
+      LWIP_DEBUGF(IP6_DEBUG, ("ip6_input: packet with Hop-by-Hop options header\n"));
+      /* Get next header type. */
+      nexth = *((u8_t *)p->payload);
+
+      /* Get the header length. */
+      hlen = 8 * (1 + *((u8_t *)p->payload + 1));
+      ip_data.current_ip_header_tot_len += hlen;
+
+      /* Skip over this header. */
+      if (hlen > p->len) {
+        LWIP_DEBUGF(IP6_DEBUG | LWIP_DBG_LEVEL_SERIOUS,
+          ("IPv6 options header (hlen %"U16_F") does not fit in first pbuf (len %"U16_F"), IPv6 packet dropped.\n",
+              hlen, p->len));
+        /* free (drop) packet pbufs */
+        pbuf_free(p);
+        IP6_STATS_INC(ip6.lenerr);
+        IP6_STATS_INC(ip6.drop);
+        goto ip6_input_cleanup;
+      }
+
+      pbuf_header(p, -hlen);
+      break;
+    case IP6_NEXTH_DESTOPTS:
+      LWIP_DEBUGF(IP6_DEBUG, ("ip6_input: packet with Destination options header\n"));
+      /* Get next header type. */
+      nexth = *((u8_t *)p->payload);
+
+      /* Get the header length. */
+      hlen = 8 * (1 + *((u8_t *)p->payload + 1));
+      ip_data.current_ip_header_tot_len += hlen;
+
+      /* Skip over this header. */
+      if (hlen > p->len) {
+        LWIP_DEBUGF(IP6_DEBUG | LWIP_DBG_LEVEL_SERIOUS,
+          ("IPv6 options header (hlen %"U16_F") does not fit in first pbuf (len %"U16_F"), IPv6 packet dropped.\n",
+              hlen, p->len));
+        /* free (drop) packet pbufs */
+        pbuf_free(p);
+        IP6_STATS_INC(ip6.lenerr);
+        IP6_STATS_INC(ip6.drop);
+        goto ip6_input_cleanup;
+      }
+
+      pbuf_header(p, -hlen);
+      break;
+    case IP6_NEXTH_ROUTING:
+      LWIP_DEBUGF(IP6_DEBUG, ("ip6_input: packet with Routing header\n"));
+      /* Get next header type. */
+      nexth = *((u8_t *)p->payload);
+
+      /* Get the header length. */
+      hlen = 8 * (1 + *((u8_t *)p->payload + 1));
+      ip_data.current_ip_header_tot_len += hlen;
+
+      /* Skip over this header. */
+      if (hlen > p->len) {
+        LWIP_DEBUGF(IP6_DEBUG | LWIP_DBG_LEVEL_SERIOUS,
+          ("IPv6 options header (hlen %"U16_F") does not fit in first pbuf (len %"U16_F"), IPv6 packet dropped.\n",
+              hlen, p->len));
+        /* free (drop) packet pbufs */
+        pbuf_free(p);
+        IP6_STATS_INC(ip6.lenerr);
+        IP6_STATS_INC(ip6.drop);
+        goto ip6_input_cleanup;
+      }
+
+      pbuf_header(p, -hlen);
+      break;
+
+    case IP6_NEXTH_FRAGMENT:
+    {
+      struct ip6_frag_hdr * frag_hdr;
+      LWIP_DEBUGF(IP6_DEBUG, ("ip6_input: packet with Fragment header\n"));
+
+      frag_hdr = (struct ip6_frag_hdr *)p->payload;
+
+      /* Get next header type. */
+      nexth = frag_hdr->_nexth;
+
+      /* Fragment Header length. */
+      hlen = 8;
+      ip_data.current_ip_header_tot_len += hlen;
+
+      /* Make sure this header fits in current pbuf. */
+      if (hlen > p->len) {
+        LWIP_DEBUGF(IP6_DEBUG | LWIP_DBG_LEVEL_SERIOUS,
+          ("IPv6 options header (hlen %"U16_F") does not fit in first pbuf (len %"U16_F"), IPv6 packet dropped.\n",
+              hlen, p->len));
+        /* free (drop) packet pbufs */
+        pbuf_free(p);
+        IP6_FRAG_STATS_INC(ip6_frag.lenerr);
+        IP6_FRAG_STATS_INC(ip6_frag.drop);
+        goto ip6_input_cleanup;
+      }
+
+      /* Offset == 0 and more_fragments == 0? */
+      if (((frag_hdr->_fragment_offset & IP6_FRAG_OFFSET_MASK) == 0) &&
+          ((frag_hdr->_fragment_offset & IP6_FRAG_MORE_FLAG) == 0)) {
+
+        /* This is a 1-fragment packet, usually a packet that we have
+         * already reassembled. Skip this header anc continue. */
+        pbuf_header(p, -hlen);
+      }
+      else {
+#if LWIP_IPV6_REASS
+
+        /* reassemble the packet */
+        p = ip6_reass(p);
+        /* packet not fully reassembled yet? */
+        if (p == NULL) {
+          goto ip6_input_cleanup;
+        }
+
+        /* Returned p point to IPv6 header.
+         * Update all our variables and pointers and continue. */
+        ip6hdr = (struct ip6_hdr *)p->payload;
+        nexth = IP6H_NEXTH(ip6hdr);
+        hlen = ip_data.current_ip_header_tot_len = IP6_HLEN;
+        pbuf_header(p, -IP6_HLEN);
+
+#else /* LWIP_IPV6_REASS */
+        /* free (drop) packet pbufs */
+        LWIP_DEBUGF(IP6_DEBUG, ("ip6_input: packet with Fragment header dropped (with LWIP_IPV6_REASS==0)\n"));
+        pbuf_free(p);
+        IP6_STATS_INC(ip6.opterr);
+        IP6_STATS_INC(ip6.drop);
+        goto ip6_input_cleanup;
+#endif /* LWIP_IPV6_REASS */
+      }
+      break;
+    }
+    default:
+      goto options_done;
+      break;
+    }
+  }
+options_done:
+
+  /* p points to IPv6 header again. */
+  pbuf_header(p, ip_data.current_ip_header_tot_len);
+
+  /* send to upper layers */
+  LWIP_DEBUGF(IP6_DEBUG, ("ip6_input: \n"));
+  ip6_debug_print(p);
+  LWIP_DEBUGF(IP6_DEBUG, ("ip6_input: p->len %"U16_F" p->tot_len %"U16_F"\n", p->len, p->tot_len));
+
+#if LWIP_RAW
+  /* raw input did not eat the packet? */
+  if (raw_input(p, inp) == 0)
+#endif /* LWIP_RAW */
+  {
+    switch (nexth) {
+    case IP6_NEXTH_NONE:
+      pbuf_free(p);
+      break;
+#if LWIP_UDP
+    case IP6_NEXTH_UDP:
+#if LWIP_UDPLITE
+    case IP6_NEXTH_UDPLITE:
+#endif /* LWIP_UDPLITE */
+      /* Point to payload. */
+      pbuf_header(p, -ip_data.current_ip_header_tot_len);
+      udp_input(p, inp);
+      break;
+#endif /* LWIP_UDP */
+#if LWIP_TCP
+    case IP6_NEXTH_TCP:
+      /* Point to payload. */
+      pbuf_header(p, -ip_data.current_ip_header_tot_len);
+      tcp_input(p, inp);
+      break;
+#endif /* LWIP_TCP */
+#if LWIP_ICMP6
+    case IP6_NEXTH_ICMP6:
+      /* Point to payload. */
+      pbuf_header(p, -ip_data.current_ip_header_tot_len);
+      icmp6_input(p, inp);
+      break;
+#endif /* LWIP_ICMP */
+    default:
+#if LWIP_ICMP6
+      /* send ICMP parameter problem unless it was a multicast or ICMPv6 */
+      if ((!ip6_addr_ismulticast(ip6_current_dest_addr())) &&
+          (IP6H_NEXTH(ip6hdr) != IP6_NEXTH_ICMP6)) {
+        icmp6_param_problem(p, ICMP6_PP_HEADER, ip_data.current_ip_header_tot_len - hlen);
+      }
+#endif /* LWIP_ICMP */
+      LWIP_DEBUGF(IP6_DEBUG | LWIP_DBG_LEVEL_SERIOUS, ("ip6_input: Unsupported transport protocol %"U16_F"\n", IP6H_NEXTH(ip6hdr)));
+      pbuf_free(p);
+      IP6_STATS_INC(ip6.proterr);
+      IP6_STATS_INC(ip6.drop);
+      break;
+    }
+  }
+
+ip6_input_cleanup:
+  ip_data.current_netif = NULL;
+  ip_data.current_ip6_header = NULL;
+  ip_data.current_ip_header_tot_len = 0;
+  ip6_addr_set_any(&ip_data.current_iphdr_src.ip6);
+  ip6_addr_set_any(&ip_data.current_iphdr_dest.ip6);
+
+  return ERR_OK;
+}
+
+
+/**
+ * Sends an IPv6 packet on a network interface. This function constructs
+ * the IPv6 header. If the source IPv6 address is NULL, the IPv6 "ANY" address is
+ * used as source (usually during network startup). If the source IPv6 address it
+ * IP6_ADDR_ANY, the most appropriate IPv6 address of the outgoing network
+ * interface is filled in as source address. If the destination IPv6 address is
+ * IP_HDRINCL, p is assumed to already include an IPv6 header and p->payload points
+ * to it instead of the data.
+ *
+ * @param p the packet to send (p->payload points to the data, e.g. next
+            protocol header; if dest == IP_HDRINCL, p already includes an
+            IPv6 header and p->payload points to that IPv6 header)
+ * @param src the source IPv6 address to send from (if src == IP6_ADDR_ANY, an
+ *         IP address of the netif is selected and used as source address.
+ *         if src == NULL, IP6_ADDR_ANY is used as source)
+ * @param dest the destination IPv6 address to send the packet to
+ * @param hl the Hop Limit value to be set in the IPv6 header
+ * @param tc the Traffic Class value to be set in the IPv6 header
+ * @param nexth the Next Header to be set in the IPv6 header
+ * @param netif the netif on which to send this packet
+ * @return ERR_OK if the packet was sent OK
+ *         ERR_BUF if p doesn't have enough space for IPv6/LINK headers
+ *         returns errors returned by netif->output
+ */
+err_t
+ip6_output_if(struct pbuf *p, ip6_addr_t *src, ip6_addr_t *dest,
+             u8_t hl, u8_t tc,
+             u8_t nexth, struct netif *netif)
+{
+  struct ip6_hdr *ip6hdr;
+  ip6_addr_t dest_addr;
+
+  /* pbufs passed to IP must have a ref-count of 1 as their payload pointer
+     gets altered as the packet is passed down the stack */
+  LWIP_ASSERT("p->ref == 1", p->ref == 1);
+
+  /* Should the IPv6 header be generated or is it already included in p? */
+  if (dest != IP_HDRINCL) {
+    /* generate IPv6 header */
+    if (pbuf_header(p, IP6_HLEN)) {
+      LWIP_DEBUGF(IP6_DEBUG | LWIP_DBG_LEVEL_SERIOUS, ("ip6_output: not enough room for IPv6 header in pbuf\n"));
+      IP6_STATS_INC(ip6.err);
+      return ERR_BUF;
+    }
+
+    ip6hdr = (struct ip6_hdr *)p->payload;
+    LWIP_ASSERT("check that first pbuf can hold struct ip6_hdr",
+               (p->len >= sizeof(struct ip6_hdr)));
+
+    IP6H_HOPLIM_SET(ip6hdr, hl);
+    IP6H_NEXTH_SET(ip6hdr, nexth);
+
+    /* dest cannot be NULL here */
+    ip6_addr_copy(ip6hdr->dest, *dest);
+
+    IP6H_VTCFL_SET(ip6hdr, 6, tc, 0);
+    IP6H_PLEN_SET(ip6hdr, p->tot_len - IP6_HLEN);
+
+    if (src == NULL) {
+      src = IP6_ADDR_ANY;
+    }
+    else if (ip6_addr_isany(src)) {
+      src = ip6_select_source_address(netif, dest);
+      if ((src == NULL) || ip6_addr_isany(src)) {
+        /* No appropriate source address was found for this packet. */
+        LWIP_DEBUGF(IP6_DEBUG | LWIP_DBG_LEVEL_SERIOUS, ("ip6_output: No suitable source address for packet.\n"));
+        IP6_STATS_INC(ip6.rterr);
+        return ERR_RTE;
+      }
+    }
+    /* src cannot be NULL here */
+    ip6_addr_copy(ip6hdr->src, *src);
+
+  } else {
+    /* IP header already included in p */
+    ip6hdr = (struct ip6_hdr *)p->payload;
+    ip6_addr_copy(dest_addr, ip6hdr->dest);
+    dest = &dest_addr;
+  }
+
+  IP6_STATS_INC(ip6.xmit);
+
+  LWIP_DEBUGF(IP6_DEBUG, ("ip6_output_if: %c%c%"U16_F"\n", netif->name[0], netif->name[1], netif->num));
+  ip6_debug_print(p);
+
+#if ENABLE_LOOPBACK
+  /* TODO implement loopback for v6
+  if (ip6_addr_cmp(dest, netif_ip6_addr(0))) {
+    return netif_loop_output(netif, p, dest);
+  }*/
+#endif /* ENABLE_LOOPBACK */
+#if LWIP_IPV6_FRAG
+  /* don't fragment if interface has mtu set to 0 [loopif] */
+  if (netif->mtu && (p->tot_len > nd6_get_destination_mtu(dest, netif))) {
+    return ip6_frag(p, netif, dest);
+  }
+#endif /* LWIP_IPV6_FRAG */
+
+  LWIP_DEBUGF(IP6_DEBUG, ("netif->output_ip6()"));
+  return netif->output_ip6(netif, p, dest);
+}
+
+/**
+ * Simple interface to ip6_output_if. It finds the outgoing network
+ * interface and calls upon ip6_output_if to do the actual work.
+ *
+ * @param p the packet to send (p->payload points to the data, e.g. next
+            protocol header; if dest == IP_HDRINCL, p already includes an
+            IPv6 header and p->payload points to that IPv6 header)
+ * @param src the source IPv6 address to send from (if src == IP6_ADDR_ANY, an
+ *         IP address of the netif is selected and used as source address.
+ *         if src == NULL, IP6_ADDR_ANY is used as source)
+ * @param dest the destination IPv6 address to send the packet to
+ * @param hl the Hop Limit value to be set in the IPv6 header
+ * @param tc the Traffic Class value to be set in the IPv6 header
+ * @param nexth the Next Header to be set in the IPv6 header
+ *
+ * @return ERR_RTE if no route is found
+ *         see ip_output_if() for more return values
+ */
+err_t
+ip6_output(struct pbuf *p, ip6_addr_t *src, ip6_addr_t *dest,
+          u8_t hl, u8_t tc, u8_t nexth)
+{
+  struct netif *netif;
+  struct ip6_hdr *ip6hdr;
+  ip6_addr_t src_addr, dest_addr;
+
+  /* pbufs passed to IPv6 must have a ref-count of 1 as their payload pointer
+     gets altered as the packet is passed down the stack */
+  LWIP_ASSERT("p->ref == 1", p->ref == 1);
+
+  if (dest != IP_HDRINCL) {
+    netif = ip6_route(src, dest);
+  } else {
+    /* IP header included in p, read addresses. */
+    ip6hdr = (struct ip6_hdr *)p->payload;
+    ip6_addr_copy(src_addr, ip6hdr->src);
+    ip6_addr_copy(dest_addr, ip6hdr->dest);
+    netif = ip6_route(&src_addr, &dest_addr);
+  }
+
+  if (netif == NULL) {
+    LWIP_DEBUGF(IP6_DEBUG, ("ip6_output: no route for %"X16_F":%"X16_F":%"X16_F":%"X16_F":%"X16_F":%"X16_F":%"X16_F":%"X16_F"\n",
+        IP6_ADDR_BLOCK1(dest),
+        IP6_ADDR_BLOCK2(dest),
+        IP6_ADDR_BLOCK3(dest),
+        IP6_ADDR_BLOCK4(dest),
+        IP6_ADDR_BLOCK5(dest),
+        IP6_ADDR_BLOCK6(dest),
+        IP6_ADDR_BLOCK7(dest),
+        IP6_ADDR_BLOCK8(dest)));
+    IP6_STATS_INC(ip6.rterr);
+    return ERR_RTE;
+  }
+
+  return ip6_output_if(p, src, dest, hl, tc, nexth, netif);
+}
+
+
+#if LWIP_NETIF_HWADDRHINT
+/** Like ip6_output, but takes and addr_hint pointer that is passed on to netif->addr_hint
+ *  before calling ip6_output_if.
+ *
+ * @param p the packet to send (p->payload points to the data, e.g. next
+            protocol header; if dest == IP_HDRINCL, p already includes an
+            IPv6 header and p->payload points to that IPv6 header)
+ * @param src the source IPv6 address to send from (if src == IP6_ADDR_ANY, an
+ *         IP address of the netif is selected and used as source address.
+ *         if src == NULL, IP6_ADDR_ANY is used as source)
+ * @param dest the destination IPv6 address to send the packet to
+ * @param hl the Hop Limit value to be set in the IPv6 header
+ * @param tc the Traffic Class value to be set in the IPv6 header
+ * @param nexth the Next Header to be set in the IPv6 header
+ * @param addr_hint address hint pointer set to netif->addr_hint before
+ *        calling ip_output_if()
+ *
+ * @return ERR_RTE if no route is found
+ *         see ip_output_if() for more return values
+ */
+err_t
+ip6_output_hinted(struct pbuf *p, ip6_addr_t *src, ip6_addr_t *dest,
+          u8_t hl, u8_t tc, u8_t nexth, u8_t *addr_hint)
+{
+  struct netif *netif;
+  struct ip6_hdr *ip6hdr;
+  ip6_addr_t src_addr, dest_addr;
+  err_t err;
+
+  /* pbufs passed to IP must have a ref-count of 1 as their payload pointer
+     gets altered as the packet is passed down the stack */
+  LWIP_ASSERT("p->ref == 1", p->ref == 1);
+
+  if (dest != IP_HDRINCL) {
+    netif = ip6_route(src, dest);
+  } else {
+    /* IP header included in p, read addresses. */
+    ip6hdr = (struct ip6_hdr *)p->payload;
+    ip6_addr_copy(src_addr, ip6hdr->src);
+    ip6_addr_copy(dest_addr, ip6hdr->dest);
+    netif = ip6_route(&src_addr, &dest_addr);
+  }
+
+  if (netif == NULL) {
+    LWIP_DEBUGF(IP6_DEBUG, ("ip6_output: no route for %"X16_F":%"X16_F":%"X16_F":%"X16_F":%"X16_F":%"X16_F":%"X16_F":%"X16_F"\n",
+        IP6_ADDR_BLOCK1(dest),
+        IP6_ADDR_BLOCK2(dest),
+        IP6_ADDR_BLOCK3(dest),
+        IP6_ADDR_BLOCK4(dest),
+        IP6_ADDR_BLOCK5(dest),
+        IP6_ADDR_BLOCK6(dest),
+        IP6_ADDR_BLOCK7(dest),
+        IP6_ADDR_BLOCK8(dest)));
+    IP6_STATS_INC(ip6.rterr);
+    return ERR_RTE;
+  }
+
+  NETIF_SET_HWADDRHINT(netif, addr_hint);
+  err = ip6_output_if(p, src, dest, hl, tc, nexth, netif);
+  NETIF_SET_HWADDRHINT(netif, NULL);
+
+  return err;
+}
+#endif /* LWIP_NETIF_HWADDRHINT*/
+
+#if LWIP_IPV6_MLD
+/**
+ * Add a hop-by-hop options header with a router alert option and padding.
+ *
+ * Used by MLD when sending a Multicast listener report/done message.
+ *
+ * @param p the packet to which we will prepend the options header
+ * @param nexth the next header protocol number (e.g. IP6_NEXTH_ICMP6)
+ * @param value the value of the router alert option data (e.g. IP6_ROUTER_ALERT_VALUE_MLD)
+ * @return ERR_OK if hop-by-hop header was added, ERR_* otherwise
+ */
+err_t
+ip6_options_add_hbh_ra(struct pbuf * p, u8_t nexth, u8_t value)
+{
+  struct ip6_hbh_hdr * hbh_hdr;
+
+  /* Move pointer to make room for hop-by-hop options header. */
+  if (pbuf_header(p, sizeof(struct ip6_hbh_hdr))) {
+    LWIP_DEBUGF(IP6_DEBUG, ("ip6_options: no space for options header\n"));
+    IP6_STATS_INC(ip6.err);
+    return ERR_BUF;
+  }
+
+  hbh_hdr = (struct ip6_hbh_hdr *)p->payload;
+
+  /* Set fields. */
+  hbh_hdr->_nexth = nexth;
+  hbh_hdr->_hlen = 0;
+  hbh_hdr->_ra_opt_type = IP6_ROUTER_ALERT_OPTION;
+  hbh_hdr->_ra_opt_dlen = 2;
+  hbh_hdr->_ra_opt_data = value;
+  hbh_hdr->_padn_opt_type = IP6_PADN_ALERT_OPTION;
+  hbh_hdr->_padn_opt_dlen = 0;
+
+  return ERR_OK;
+}
+#endif /* LWIP_IPV6_MLD */
+
+#if IP6_DEBUG
+/* Print an IPv6 header by using LWIP_DEBUGF
+ * @param p an IPv6 packet, p->payload pointing to the IPv6 header
+ */
+void
+ip6_debug_print(struct pbuf *p)
+{
+  struct ip6_hdr *ip6hdr = (struct ip6_hdr *)p->payload;
+
+  LWIP_DEBUGF(IP6_DEBUG, ("IPv6 header:\n"));
+  LWIP_DEBUGF(IP6_DEBUG, ("+-------------------------------+\n"));
+  LWIP_DEBUGF(IP6_DEBUG, ("| %2"U16_F" |  %3"U16_F"  |      %7"U32_F"     | (ver, class, flow)\n",
+                    IP6H_V(ip6hdr),
+                    IP6H_TC(ip6hdr),
+                    IP6H_FL(ip6hdr)));
+  LWIP_DEBUGF(IP6_DEBUG, ("+-------------------------------+\n"));
+  LWIP_DEBUGF(IP6_DEBUG, ("|     %5"U16_F"     |  %3"U16_F"  |  %3"U16_F"  | (plen, nexth, hopl)\n",
+                    IP6H_PLEN(ip6hdr),
+                    IP6H_NEXTH(ip6hdr),
+                    IP6H_HOPLIM(ip6hdr)));
+  LWIP_DEBUGF(IP6_DEBUG, ("+-------------------------------+\n"));
+  LWIP_DEBUGF(IP6_DEBUG, ("|  %4"X32_F" |  %4"X32_F" |  %4"X32_F" |  %4"X32_F" | (src)\n",
+                    IP6_ADDR_BLOCK1(&(ip6hdr->src)),
+                    IP6_ADDR_BLOCK2(&(ip6hdr->src)),
+                    IP6_ADDR_BLOCK3(&(ip6hdr->src)),
+                    IP6_ADDR_BLOCK4(&(ip6hdr->src))));
+  LWIP_DEBUGF(IP6_DEBUG, ("|  %4"X32_F" |  %4"X32_F" |  %4"X32_F" |  %4"X32_F" |\n",
+                    IP6_ADDR_BLOCK5(&(ip6hdr->src)),
+                    IP6_ADDR_BLOCK6(&(ip6hdr->src)),
+                    IP6_ADDR_BLOCK7(&(ip6hdr->src)),
+                    IP6_ADDR_BLOCK8(&(ip6hdr->src))));
+  LWIP_DEBUGF(IP6_DEBUG, ("+-------------------------------+\n"));
+  LWIP_DEBUGF(IP6_DEBUG, ("|  %4"X32_F" |  %4"X32_F" |  %4"X32_F" |  %4"X32_F" | (dest)\n",
+                    IP6_ADDR_BLOCK1(&(ip6hdr->dest)),
+                    IP6_ADDR_BLOCK2(&(ip6hdr->dest)),
+                    IP6_ADDR_BLOCK3(&(ip6hdr->dest)),
+                    IP6_ADDR_BLOCK4(&(ip6hdr->dest))));
+  LWIP_DEBUGF(IP6_DEBUG, ("|  %4"X32_F" |  %4"X32_F" |  %4"X32_F" |  %4"X32_F" |\n",
+                    IP6_ADDR_BLOCK5(&(ip6hdr->dest)),
+                    IP6_ADDR_BLOCK6(&(ip6hdr->dest)),
+                    IP6_ADDR_BLOCK7(&(ip6hdr->dest)),
+                    IP6_ADDR_BLOCK8(&(ip6hdr->dest))));
+  LWIP_DEBUGF(IP6_DEBUG, ("+-------------------------------+\n"));
+}
+#endif /* IP6_DEBUG */
+
+#endif /* LWIP_IPV6 */
diff --git a/client/3rd/PacketProcessor/PacketProcessor/tun2socks-iOS/lwip/src/core/ipv6/ip6_addr.c b/client/3rd/PacketProcessor/PacketProcessor/tun2socks-iOS/lwip/src/core/ipv6/ip6_addr.c
new file mode 100644
index 00000000..65d27980
--- /dev/null
+++ b/client/3rd/PacketProcessor/PacketProcessor/tun2socks-iOS/lwip/src/core/ipv6/ip6_addr.c
@@ -0,0 +1,251 @@
+/**
+ * @file
+ *
+ * IPv6 addresses.
+ */
+
+/*
+ * Copyright (c) 2010 Inico Technologies Ltd.
+ * All rights reserved. 
+ * 
+ * Redistribution and use in source and binary forms, with or without modification, 
+ * are permitted provided that the following conditions are met:
+ *
+ * 1. Redistributions of source code must retain the above copyright notice,
+ *    this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright notice,
+ *    this list of conditions and the following disclaimer in the documentation
+ *    and/or other materials provided with the distribution.
+ * 3. The name of the author may not be used to endorse or promote products
+ *    derived from this software without specific prior written permission. 
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE AUTHOR ``AS IS'' AND ANY EXPRESS OR IMPLIED 
+ * WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF 
+ * MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT 
+ * SHALL THE AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, 
+ * EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT 
+ * OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS 
+ * INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN 
+ * CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING 
+ * IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY 
+ * OF SUCH DAMAGE.
+ *
+ * This file is part of the lwIP TCP/IP stack.
+ * 
+ * Author: Ivan Delamer <delamer@inicotech.com>
+ *
+ * Functions for handling IPv6 addresses.
+ *
+ * Please coordinate changes and requests with Ivan Delamer
+ * <delamer@inicotech.com>
+ */
+
+#include "lwip/opt.h"
+
+#if LWIP_IPV6  /* don't build if not configured for use in lwipopts.h */
+
+#include "lwip/ip6_addr.h"
+#include "lwip/def.h"
+
+/* used by IP6_ADDR_ANY in ip6_addr.h */
+const ip6_addr_t ip6_addr_any = { { 0ul, 0ul, 0ul, 0ul } };
+
+#ifndef isprint
+#define in_range(c, lo, up)  ((u8_t)c >= lo && (u8_t)c <= up)
+#define isprint(c)           in_range(c, 0x20, 0x7f)
+#define isdigit(c)           in_range(c, '0', '9')
+#define isxdigit(c)          (isdigit(c) || in_range(c, 'a', 'f') || in_range(c, 'A', 'F'))
+#define islower(c)           in_range(c, 'a', 'z')
+#define isspace(c)           (c == ' ' || c == '\f' || c == '\n' || c == '\r' || c == '\t' || c == '\v')
+#define xchar(i)             ((i) < 10 ? '0' + (i) : 'A' + (i) - 10)
+#endif
+
+/**
+ * Check whether "cp" is a valid ascii representation
+ * of an IPv6 address and convert to a binary address.
+ * Returns 1 if the address is valid, 0 if not.
+ *
+ * @param cp IPv6 address in ascii represenation (e.g. "FF01::1")
+ * @param addr pointer to which to save the ip address in network order
+ * @return 1 if cp could be converted to addr, 0 on failure
+ */
+int
+ip6addr_aton(const char *cp, ip6_addr_t *addr)
+{
+  u32_t addr_index, zero_blocks, current_block_index, current_block_value;
+  const char * s;
+
+  /* Count the number of colons, to count the number of blocks in a "::" sequence
+     zero_blocks may be 1 even if there are no :: sequences */
+  zero_blocks = 8;
+  for (s = cp; *s != 0; s++) {
+    if (*s == ':')
+      zero_blocks--;
+    else if (!isxdigit(*s))
+      break;
+  }
+
+  /* parse each block */
+  addr_index = 0;
+  current_block_index = 0;
+  current_block_value = 0;
+  for (s = cp; *s != 0; s++) {
+    if (*s == ':') {
+      if (addr) {
+        if (current_block_index & 0x1) {
+          addr->addr[addr_index++] |= current_block_value;
+        }
+        else {
+          addr->addr[addr_index] = current_block_value << 16;
+        }
+      }
+      current_block_index++;
+      current_block_value = 0;
+      if (current_block_index > 7) {
+        /* address too long! */
+        return 0;
+      } if (s[1] == ':') {
+        s++;
+        /* "::" found, set zeros */
+        while (zero_blocks-- > 0) {
+          if (current_block_index & 0x1) {
+            addr_index++;
+          }
+          else {
+            if (addr) {
+              addr->addr[addr_index] = 0;
+            }
+          }
+          current_block_index++;
+        }
+      }
+    } else if (isxdigit(*s)) {
+      /* add current digit */
+      current_block_value = (current_block_value << 4) +
+          (isdigit(*s) ? *s - '0' :
+          10 + (islower(*s) ? *s - 'a' : *s - 'A'));
+    } else {
+      /* unexpected digit, space? CRLF? */
+      break;
+    }
+  }
+
+  if (addr) {
+    if (current_block_index & 0x1) {
+      addr->addr[addr_index++] |= current_block_value;
+    }
+    else {
+      addr->addr[addr_index] = current_block_value << 16;
+    }
+  }
+
+  /* convert to network byte order. */
+  if (addr) {
+    for (addr_index = 0; addr_index < 4; addr_index++) {
+      addr->addr[addr_index] = htonl(addr->addr[addr_index]);
+    }
+  }
+
+  if (current_block_index != 7) {
+    return 0;
+  }
+
+  return 1;
+}
+
+/**
+ * Convert numeric IPv6 address into ASCII representation.
+ * returns ptr to static buffer; not reentrant!
+ *
+ * @param addr ip6 address in network order to convert
+ * @return pointer to a global static (!) buffer that holds the ASCII
+ *         represenation of addr
+ */
+char *
+ip6addr_ntoa(const ip6_addr_t *addr)
+{
+  static char str[40];
+  return ip6addr_ntoa_r(addr, str, 40);
+}
+
+/**
+ * Same as ipaddr_ntoa, but reentrant since a user-supplied buffer is used.
+ *
+ * @param addr ip6 address in network order to convert
+ * @param buf target buffer where the string is stored
+ * @param buflen length of buf
+ * @return either pointer to buf which now holds the ASCII
+ *         representation of addr or NULL if buf was too small
+ */
+char *
+ip6addr_ntoa_r(const ip6_addr_t *addr, char *buf, int buflen)
+{
+  u32_t current_block_index, current_block_value;
+  s32_t zero_flag, i;
+
+  i = 0;
+  zero_flag = 0; /* used to indicate a zero chain for "::' */
+
+  for (current_block_index = 0; current_block_index < 8; current_block_index++) {
+    /* get the current 16-bit block */
+    current_block_value = htonl(addr->addr[current_block_index >> 1]);
+    if ((current_block_index & 0x1) == 0) {
+      current_block_value = current_block_value >> 16;
+    }
+    current_block_value &= 0xffff;
+
+    if (current_block_value == 0) {
+      /* generate empty block "::" */
+      if (!zero_flag) {
+        if (current_block_index > 0) {
+          zero_flag = 1;
+          buf[i++] = ':';
+          if (i >= buflen) return NULL;
+        }
+      }
+    }
+    else {
+      if (current_block_index > 0) {
+        buf[i++] = ':';
+        if (i >= buflen) return NULL;
+      }
+
+      if ((current_block_value & 0xf000) == 0) {
+        zero_flag = 1;
+      }
+      else {
+        buf[i++] = xchar(((current_block_value & 0xf000) >> 12));
+        zero_flag = 0;
+        if (i >= buflen) return NULL;
+      }
+
+      if (((current_block_value & 0xf00) == 0) && (zero_flag)) {
+        /* do nothing */
+      }
+      else {
+        buf[i++] = xchar(((current_block_value & 0xf00) >> 8));
+        zero_flag = 0;
+        if (i >= buflen) return NULL;
+      }
+
+      if (((current_block_value & 0xf0) == 0) && (zero_flag)) {
+        /* do nothing */
+      }
+      else {
+        buf[i++] = xchar(((current_block_value & 0xf0) >> 4));
+        zero_flag = 0;
+        if (i >= buflen) return NULL;
+      }
+
+      buf[i++] = xchar((current_block_value & 0xf));
+      if (i >= buflen) return NULL;
+
+      zero_flag = 0;
+    }
+  }
+
+  buf[i] = 0;
+
+  return buf;
+}
+#endif /* LWIP_IPV6 */
diff --git a/client/3rd/PacketProcessor/PacketProcessor/tun2socks-iOS/lwip/src/core/ipv6/ip6_frag.c b/client/3rd/PacketProcessor/PacketProcessor/tun2socks-iOS/lwip/src/core/ipv6/ip6_frag.c
new file mode 100644
index 00000000..a43fd614
--- /dev/null
+++ b/client/3rd/PacketProcessor/PacketProcessor/tun2socks-iOS/lwip/src/core/ipv6/ip6_frag.c
@@ -0,0 +1,697 @@
+/**
+ * @file
+ *
+ * IPv6 fragmentation and reassembly.
+ */
+
+/*
+ * Copyright (c) 2010 Inico Technologies Ltd.
+ * All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without modification,
+ * are permitted provided that the following conditions are met:
+ *
+ * 1. Redistributions of source code must retain the above copyright notice,
+ *    this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright notice,
+ *    this list of conditions and the following disclaimer in the documentation
+ *    and/or other materials provided with the distribution.
+ * 3. The name of the author may not be used to endorse or promote products
+ *    derived from this software without specific prior written permission.
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE AUTHOR ``AS IS'' AND ANY EXPRESS OR IMPLIED
+ * WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF
+ * MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT
+ * SHALL THE AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL,
+ * EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT
+ * OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS
+ * INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN
+ * CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING
+ * IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY
+ * OF SUCH DAMAGE.
+ *
+ * This file is part of the lwIP TCP/IP stack.
+ *
+ * Author: Ivan Delamer <delamer@inicotech.com>
+ *
+ *
+ * Please coordinate changes and requests with Ivan Delamer
+ * <delamer@inicotech.com>
+ */
+
+#include "lwip/opt.h"
+#include "lwip/ip6_frag.h"
+#include "lwip/ip6.h"
+#include "lwip/icmp6.h"
+#include "lwip/nd6.h"
+
+#include "lwip/pbuf.h"
+#include "lwip/memp.h"
+#include "lwip/stats.h"
+
+#include <string.h>
+
+#if LWIP_IPV6 && LWIP_IPV6_REASS  /* don't build if not configured for use in lwipopts.h */
+
+
+/** Setting this to 0, you can turn off checking the fragments for overlapping
+ * regions. The code gets a little smaller. Only use this if you know that
+ * overlapping won't occur on your network! */
+#ifndef IP_REASS_CHECK_OVERLAP
+#define IP_REASS_CHECK_OVERLAP 1
+#endif /* IP_REASS_CHECK_OVERLAP */
+
+/** Set to 0 to prevent freeing the oldest datagram when the reassembly buffer is
+ * full (IP_REASS_MAX_PBUFS pbufs are enqueued). The code gets a little smaller.
+ * Datagrams will be freed by timeout only. Especially useful when MEMP_NUM_REASSDATA
+ * is set to 1, so one datagram can be reassembled at a time, only. */
+#ifndef IP_REASS_FREE_OLDEST
+#define IP_REASS_FREE_OLDEST 1
+#endif /* IP_REASS_FREE_OLDEST */
+
+#define IP_REASS_FLAG_LASTFRAG 0x01
+
+/** This is a helper struct which holds the starting
+ * offset and the ending offset of this fragment to
+ * easily chain the fragments.
+ * It has the same packing requirements as the IPv6 header, since it replaces
+ * the Fragment Header in memory in incoming fragments to keep
+ * track of the various fragments.
+ */
+#ifdef PACK_STRUCT_USE_INCLUDES
+#  include "arch/bpstruct.h"
+#endif
+PACK_STRUCT_BEGIN
+struct ip6_reass_helper {
+  PACK_STRUCT_FIELD(struct pbuf *next_pbuf);
+  PACK_STRUCT_FIELD(u16_t start);
+  PACK_STRUCT_FIELD(u16_t end);
+} PACK_STRUCT_STRUCT;
+PACK_STRUCT_END
+#ifdef PACK_STRUCT_USE_INCLUDES
+#  include "arch/epstruct.h"
+#endif
+
+/* static variables */
+static struct ip6_reassdata *reassdatagrams;
+static u16_t ip6_reass_pbufcount;
+
+/* Forward declarations. */
+static void ip6_reass_free_complete_datagram(struct ip6_reassdata *ipr);
+#if IP_REASS_FREE_OLDEST
+static void ip6_reass_remove_oldest_datagram(struct ip6_reassdata *ipr, int pbufs_needed);
+#endif /* IP_REASS_FREE_OLDEST */
+
+void
+ip6_reass_tmr(void)
+{
+  struct ip6_reassdata *r, *tmp;
+
+  r = reassdatagrams;
+  while (r != NULL) {
+    /* Decrement the timer. Once it reaches 0,
+     * clean up the incomplete fragment assembly */
+    if (r->timer > 0) {
+      r->timer--;
+      r = r->next;
+    } else {
+      /* reassembly timed out */
+      tmp = r;
+      /* get the next pointer before freeing */
+      r = r->next;
+      /* free the helper struct and all enqueued pbufs */
+      ip6_reass_free_complete_datagram(tmp);
+     }
+   }
+}
+
+/**
+ * Free a datagram (struct ip6_reassdata) and all its pbufs.
+ * Updates the total count of enqueued pbufs (ip6_reass_pbufcount),
+ * sends an ICMP time exceeded packet.
+ *
+ * @param ipr datagram to free
+ */
+static void
+ip6_reass_free_complete_datagram(struct ip6_reassdata *ipr)
+{
+  struct ip6_reassdata *prev;
+  u16_t pbufs_freed = 0;
+  u8_t clen;
+  struct pbuf *p;
+  struct ip6_reass_helper *iprh;
+
+#if LWIP_ICMP6
+  iprh = (struct ip6_reass_helper *)ipr->p->payload;
+  if (iprh->start == 0) {
+    /* The first fragment was received, send ICMP time exceeded. */
+    /* First, de-queue the first pbuf from r->p. */
+    p = ipr->p;
+    ipr->p = iprh->next_pbuf;
+    /* Then, move back to the original header (we are now pointing to Fragment header). */
+    if (pbuf_header(p, (u8_t*)p->payload - (u8_t*)ipr->iphdr)) {
+      LWIP_ASSERT("ip6_reass_free: moving p->payload to ip6 header failed\n", 0);
+    }
+    else {
+      icmp6_time_exceeded(p, ICMP6_TE_FRAG);
+    }
+    clen = pbuf_clen(p);
+    LWIP_ASSERT("pbufs_freed + clen <= 0xffff", pbufs_freed + clen <= 0xffff);
+    pbufs_freed += clen;
+    pbuf_free(p);
+  }
+#endif /* LWIP_ICMP6 */
+
+  /* First, free all received pbufs.  The individual pbufs need to be released
+     separately as they have not yet been chained */
+  p = ipr->p;
+  while (p != NULL) {
+    struct pbuf *pcur;
+    iprh = (struct ip6_reass_helper *)p->payload;
+    pcur = p;
+    /* get the next pointer before freeing */
+    p = iprh->next_pbuf;
+    clen = pbuf_clen(pcur);
+    LWIP_ASSERT("pbufs_freed + clen <= 0xffff", pbufs_freed + clen <= 0xffff);
+    pbufs_freed += clen;
+    pbuf_free(pcur);
+  }
+
+  /* Then, unchain the struct ip6_reassdata from the list and free it. */
+  if (ipr == reassdatagrams) {
+    reassdatagrams = ipr->next;
+  } else {
+    prev = reassdatagrams;
+    while (prev != NULL) {
+      if (prev->next == ipr) {
+        break;
+      }
+      prev = prev->next;
+    }
+    if (prev != NULL) {
+      prev->next = ipr->next;
+    }
+  }
+  memp_free(MEMP_IP6_REASSDATA, ipr);
+
+  /* Finally, update number of pbufs in reassembly queue */
+  LWIP_ASSERT("ip_reass_pbufcount >= clen", ip6_reass_pbufcount >= pbufs_freed);
+  ip6_reass_pbufcount -= pbufs_freed;
+}
+
+#if IP_REASS_FREE_OLDEST
+/**
+ * Free the oldest datagram to make room for enqueueing new fragments.
+ * The datagram ipr is not freed!
+ *
+ * @param ipr ip6_reassdata for the current fragment
+ * @param pbufs_needed number of pbufs needed to enqueue
+ *        (used for freeing other datagrams if not enough space)
+ */
+static void
+ip6_reass_remove_oldest_datagram(struct ip6_reassdata *ipr, int pbufs_needed)
+{
+  struct ip6_reassdata *r, *oldest;
+
+  /* Free datagrams until being allowed to enqueue 'pbufs_needed' pbufs,
+   * but don't free the current datagram! */
+  do {
+    r = oldest = reassdatagrams;
+    while (r != NULL) {
+      if (r != ipr) {
+        if (r->timer <= oldest->timer) {
+          /* older than the previous oldest */
+          oldest = r;
+        }
+      }
+      r = r->next;
+    }
+    if (oldest != NULL) {
+      ip6_reass_free_complete_datagram(oldest);
+    }
+  } while (((ip6_reass_pbufcount + pbufs_needed) > IP_REASS_MAX_PBUFS) && (reassdatagrams != NULL));
+}
+#endif /* IP_REASS_FREE_OLDEST */
+
+/**
+ * Reassembles incoming IPv6 fragments into an IPv6 datagram.
+ *
+ * @param p points to the IPv6 Fragment Header
+ * @param len the length of the payload (after Fragment Header)
+ * @return NULL if reassembly is incomplete, pbuf pointing to
+ *         IPv6 Header if reassembly is complete
+ */
+struct pbuf *
+ip6_reass(struct pbuf *p)
+{
+  struct ip6_reassdata *ipr, *ipr_prev;
+  struct ip6_reass_helper *iprh, *iprh_tmp, *iprh_prev=NULL;
+  struct ip6_frag_hdr * frag_hdr;
+  u16_t offset, len;
+  u8_t clen, valid = 1;
+  struct pbuf *q;
+
+  IP6_FRAG_STATS_INC(ip6_frag.recv);
+
+  frag_hdr = (struct ip6_frag_hdr *) p->payload;
+
+  clen = pbuf_clen(p);
+
+  offset = ntohs(frag_hdr->_fragment_offset);
+
+  /* Calculate fragment length from IPv6 payload length.
+   * Adjust for headers before Fragment Header.
+   * And finally adjust by Fragment Header length. */
+  len = ntohs(ip6_current_header()->_plen);
+  len -= ((u8_t*)p->payload - (u8_t*)ip6_current_header()) - IP6_HLEN;
+  len -= IP6_FRAG_HLEN;
+
+  /* Look for the datagram the fragment belongs to in the current datagram queue,
+   * remembering the previous in the queue for later dequeueing. */
+  for (ipr = reassdatagrams, ipr_prev = NULL; ipr != NULL; ipr = ipr->next) {
+    /* Check if the incoming fragment matches the one currently present
+       in the reassembly buffer. If so, we proceed with copying the
+       fragment into the buffer. */
+    if ((frag_hdr->_identification == ipr->identification) &&
+        ip6_addr_cmp(ip6_current_src_addr(), &(ipr->iphdr->src)) &&
+        ip6_addr_cmp(ip6_current_dest_addr(), &(ipr->iphdr->dest))) {
+      IP6_FRAG_STATS_INC(ip6_frag.cachehit);
+      break;
+    }
+    ipr_prev = ipr;
+  }
+
+  if (ipr == NULL) {
+  /* Enqueue a new datagram into the datagram queue */
+    ipr = (struct ip6_reassdata *)memp_malloc(MEMP_IP6_REASSDATA);
+    if (ipr == NULL) {
+#if IP_REASS_FREE_OLDEST
+      /* Make room and try again. */
+      ip6_reass_remove_oldest_datagram(ipr, clen);
+      ipr = (struct ip6_reassdata *)memp_malloc(MEMP_IP6_REASSDATA);
+      if (ipr == NULL)
+#endif /* IP_REASS_FREE_OLDEST */
+      {
+        IP6_FRAG_STATS_INC(ip6_frag.memerr);
+        IP6_FRAG_STATS_INC(ip6_frag.drop);
+        goto nullreturn;
+      }
+    }
+
+    memset(ipr, 0, sizeof(struct ip6_reassdata));
+    ipr->timer = IP_REASS_MAXAGE;
+
+    /* enqueue the new structure to the front of the list */
+    ipr->next = reassdatagrams;
+    reassdatagrams = ipr;
+
+    /* Use the current IPv6 header for src/dest address reference.
+     * Eventually, we will replace it when we get the first fragment
+     * (it might be this one, in any case, it is done later). */
+    ipr->iphdr = (struct ip6_hdr *)ip6_current_header();
+
+    /* copy the fragmented packet id. */
+    ipr->identification = frag_hdr->_identification;
+
+    /* copy the nexth field */
+    ipr->nexth = frag_hdr->_nexth;
+  }
+
+  /* Check if we are allowed to enqueue more datagrams. */
+  if ((ip6_reass_pbufcount + clen) > IP_REASS_MAX_PBUFS) {
+#if IP_REASS_FREE_OLDEST
+    ip6_reass_remove_oldest_datagram(ipr, clen);
+    if ((ip6_reass_pbufcount + clen) > IP_REASS_MAX_PBUFS)
+#endif /* IP_REASS_FREE_OLDEST */
+    {
+      /* @todo: send ICMPv6 time exceeded here? */
+      /* drop this pbuf */
+      IP6_FRAG_STATS_INC(ip6_frag.memerr);
+      IP6_FRAG_STATS_INC(ip6_frag.drop);
+      goto nullreturn;
+    }
+  }
+
+  /* Overwrite Fragment Header with our own helper struct. */
+  iprh = (struct ip6_reass_helper *)p->payload;
+  iprh->next_pbuf = NULL;
+  iprh->start = (offset & IP6_FRAG_OFFSET_MASK);
+  iprh->end = (offset & IP6_FRAG_OFFSET_MASK) + len;
+
+  /* find the right place to insert this pbuf */
+  /* Iterate through until we either get to the end of the list (append),
+   * or we find on with a larger offset (insert). */
+  for (q = ipr->p; q != NULL;) {
+    iprh_tmp = (struct ip6_reass_helper*)q->payload;
+    if (iprh->start < iprh_tmp->start) {
+#if IP_REASS_CHECK_OVERLAP
+      if (iprh->end > iprh_tmp->start) {
+        /* fragment overlaps with following, throw away */
+        IP6_FRAG_STATS_INC(ip6_frag.proterr);
+        IP6_FRAG_STATS_INC(ip6_frag.drop);
+        goto nullreturn;
+      }
+      if (iprh_prev != NULL) {
+        if (iprh->start < iprh_prev->end) {
+          /* fragment overlaps with previous, throw away */
+          IP6_FRAG_STATS_INC(ip6_frag.proterr);
+          IP6_FRAG_STATS_INC(ip6_frag.drop);
+          goto nullreturn;
+        }
+      }
+#endif /* IP_REASS_CHECK_OVERLAP */
+      /* the new pbuf should be inserted before this */
+      iprh->next_pbuf = q;
+      if (iprh_prev != NULL) {
+        /* not the fragment with the lowest offset */
+        iprh_prev->next_pbuf = p;
+      } else {
+        /* fragment with the lowest offset */
+        ipr->p = p;
+      }
+      break;
+    } else if(iprh->start == iprh_tmp->start) {
+      /* received the same datagram twice: no need to keep the datagram */
+      IP6_FRAG_STATS_INC(ip6_frag.drop);
+      goto nullreturn;
+#if IP_REASS_CHECK_OVERLAP
+    } else if(iprh->start < iprh_tmp->end) {
+      /* overlap: no need to keep the new datagram */
+      IP6_FRAG_STATS_INC(ip6_frag.proterr);
+      IP6_FRAG_STATS_INC(ip6_frag.drop);
+      goto nullreturn;
+#endif /* IP_REASS_CHECK_OVERLAP */
+    } else {
+      /* Check if the fragments received so far have no gaps. */
+      if (iprh_prev != NULL) {
+        if (iprh_prev->end != iprh_tmp->start) {
+          /* There is a fragment missing between the current
+           * and the previous fragment */
+          valid = 0;
+        }
+      }
+    }
+    q = iprh_tmp->next_pbuf;
+    iprh_prev = iprh_tmp;
+  }
+
+  /* If q is NULL, then we made it to the end of the list. Determine what to do now */
+  if (q == NULL) {
+    if (iprh_prev != NULL) {
+      /* this is (for now), the fragment with the highest offset:
+       * chain it to the last fragment */
+#if IP_REASS_CHECK_OVERLAP
+      LWIP_ASSERT("check fragments don't overlap", iprh_prev->end <= iprh->start);
+#endif /* IP_REASS_CHECK_OVERLAP */
+      iprh_prev->next_pbuf = p;
+      if (iprh_prev->end != iprh->start) {
+        valid = 0;
+      }
+    } else {
+#if IP_REASS_CHECK_OVERLAP
+      LWIP_ASSERT("no previous fragment, this must be the first fragment!",
+        ipr->p == NULL);
+#endif /* IP_REASS_CHECK_OVERLAP */
+      /* this is the first fragment we ever received for this ip datagram */
+      ipr->p = p;
+    }
+  }
+
+  /* Track the current number of pbufs current 'in-flight', in order to limit
+  the number of fragments that may be enqueued at any one time */
+  ip6_reass_pbufcount += clen;
+
+  /* Remember IPv6 header if this is the first fragment. */
+  if (iprh->start == 0) {
+    ipr->iphdr = (struct ip6_hdr *)ip6_current_header();
+  }
+
+  /* If this is the last fragment, calculate total packet length. */
+  if ((offset & IP6_FRAG_MORE_FLAG) == 0) {
+    ipr->datagram_len = iprh->end;
+  }
+
+  /* Additional validity tests: we have received first and last fragment. */
+  iprh_tmp = (struct ip6_reass_helper*)ipr->p->payload;
+  if (iprh_tmp->start != 0) {
+    valid = 0;
+  }
+  if (ipr->datagram_len == 0) {
+    valid = 0;
+  }
+
+  /* Final validity test: no gaps between current and last fragment. */
+  iprh_prev = iprh;
+  q = iprh->next_pbuf;
+  while ((q != NULL) && valid) {
+    iprh = (struct ip6_reass_helper*)q->payload;
+    if (iprh_prev->end != iprh->start) {
+      valid = 0;
+      break;
+    }
+    iprh_prev = iprh;
+    q = iprh->next_pbuf;
+  }
+
+  if (valid) {
+    /* All fragments have been received */
+
+    /* chain together the pbufs contained within the ip6_reassdata list. */
+    iprh = (struct ip6_reass_helper*) ipr->p->payload;
+    while(iprh != NULL) {
+
+      if (iprh->next_pbuf != NULL) {
+        /* Save next helper struct (will be hidden in next step). */
+        iprh_tmp = (struct ip6_reass_helper*) iprh->next_pbuf->payload;
+
+        /* hide the fragment header for every succeding fragment */
+        pbuf_header(iprh->next_pbuf, -IP6_FRAG_HLEN);
+        pbuf_cat(ipr->p, iprh->next_pbuf);
+      }
+      else {
+        iprh_tmp = NULL;
+      }
+
+      iprh = iprh_tmp;
+    }
+
+    /* Adjust datagram length by adding header lengths. */
+    ipr->datagram_len += ((u8_t*)ipr->p->payload - (u8_t*)ipr->iphdr)
+                         + IP6_FRAG_HLEN
+                         - IP6_HLEN ;
+
+    /* Set payload length in ip header. */
+    ipr->iphdr->_plen = htons(ipr->datagram_len);
+
+    /* Get the furst pbuf. */
+    p = ipr->p;
+
+    /* Restore Fragment Header in first pbuf. Mark as "single fragment"
+     * packet. Restore nexth. */
+    frag_hdr = (struct ip6_frag_hdr *) p->payload;
+    frag_hdr->_nexth = ipr->nexth;
+    frag_hdr->reserved = 0;
+    frag_hdr->_fragment_offset = 0;
+    frag_hdr->_identification = 0;
+
+    /* release the sources allocate for the fragment queue entry */
+    if (reassdatagrams == ipr) {
+      /* it was the first in the list */
+      reassdatagrams = ipr->next;
+    } else {
+      /* it wasn't the first, so it must have a valid 'prev' */
+      LWIP_ASSERT("sanity check linked list", ipr_prev != NULL);
+      ipr_prev->next = ipr->next;
+    }
+    memp_free(MEMP_IP6_REASSDATA, ipr);
+
+    /* adjust the number of pbufs currently queued for reassembly. */
+    ip6_reass_pbufcount -= pbuf_clen(p);
+
+    /* Move pbuf back to IPv6 header. */
+    if (pbuf_header(p, (u8_t*)p->payload - (u8_t*)ipr->iphdr)) {
+      LWIP_ASSERT("ip6_reass: moving p->payload to ip6 header failed\n", 0);
+      pbuf_free(p);
+      return NULL;
+    }
+
+    /* Return the pbuf chain */
+    return p;
+  }
+  /* the datagram is not (yet?) reassembled completely */
+  return NULL;
+
+nullreturn:
+  pbuf_free(p);
+  return NULL;
+}
+
+#endif /* LWIP_IPV6 ^^ LWIP_IPV6_REASS */
+
+#if LWIP_IPV6 && LWIP_IPV6_FRAG
+
+/** Allocate a new struct pbuf_custom_ref */
+static struct pbuf_custom_ref*
+ip6_frag_alloc_pbuf_custom_ref(void)
+{
+  return (struct pbuf_custom_ref*)memp_malloc(MEMP_FRAG_PBUF);
+}
+
+/** Free a struct pbuf_custom_ref */
+static void
+ip6_frag_free_pbuf_custom_ref(struct pbuf_custom_ref* p)
+{
+  LWIP_ASSERT("p != NULL", p != NULL);
+  memp_free(MEMP_FRAG_PBUF, p);
+}
+
+/** Free-callback function to free a 'struct pbuf_custom_ref', called by
+ * pbuf_free. */
+static void
+ip6_frag_free_pbuf_custom(struct pbuf *p)
+{
+  struct pbuf_custom_ref *pcr = (struct pbuf_custom_ref*)p;
+  LWIP_ASSERT("pcr != NULL", pcr != NULL);
+  LWIP_ASSERT("pcr == p", (void*)pcr == (void*)p);
+  if (pcr->original != NULL) {
+    pbuf_free(pcr->original);
+  }
+  ip6_frag_free_pbuf_custom_ref(pcr);
+}
+
+/**
+ * Fragment an IPv6 datagram if too large for the netif or path MTU.
+ *
+ * Chop the datagram in MTU sized chunks and send them in order
+ * by pointing PBUF_REFs into p
+ *
+ * @param p ipv6 packet to send
+ * @param netif the netif on which to send
+ * @param dest destination ipv6 address to which to send
+ *
+ * @return ERR_OK if sent successfully, err_t otherwise
+ */
+err_t
+ip6_frag(struct pbuf *p, struct netif *netif, ip6_addr_t *dest)
+{
+  struct ip6_hdr *original_ip6hdr;
+  struct ip6_hdr *ip6hdr;
+  struct ip6_frag_hdr * frag_hdr;
+  struct pbuf *rambuf;
+  struct pbuf *newpbuf;
+  static u32_t identification;
+  u16_t nfb;
+  u16_t left, cop;
+  u16_t mtu;
+  u16_t fragment_offset = 0;
+  u16_t last;
+  u16_t poff = IP6_HLEN;
+  u16_t newpbuflen = 0;
+  u16_t left_to_copy;
+
+  identification++;
+
+  original_ip6hdr = (struct ip6_hdr *)p->payload;
+
+  mtu = nd6_get_destination_mtu(dest, netif);
+
+  /* TODO we assume there are no options in the unfragmentable part (IPv6 header). */
+  left = p->tot_len - IP6_HLEN;
+
+  nfb = (mtu - (IP6_HLEN + IP6_FRAG_HLEN)) & IP6_FRAG_OFFSET_MASK;
+
+  while (left) {
+    last = (left <= nfb);
+
+    /* Fill this fragment */
+    cop = last ? left : nfb;
+
+    /* When not using a static buffer, create a chain of pbufs.
+     * The first will be a PBUF_RAM holding the link, IPv6, and Fragment header.
+     * The rest will be PBUF_REFs mirroring the pbuf chain to be fragged,
+     * but limited to the size of an mtu.
+     */
+    rambuf = pbuf_alloc(PBUF_LINK, IP6_HLEN + IP6_FRAG_HLEN, PBUF_RAM);
+    if (rambuf == NULL) {
+      IP6_FRAG_STATS_INC(ip6_frag.memerr);
+      return ERR_MEM;
+    }
+    LWIP_ASSERT("this needs a pbuf in one piece!",
+                (p->len >= (IP6_HLEN + IP6_FRAG_HLEN)));
+    SMEMCPY(rambuf->payload, original_ip6hdr, IP6_HLEN);
+    ip6hdr = (struct ip6_hdr *)rambuf->payload;
+    frag_hdr = (struct ip6_frag_hdr *)((u8_t*)rambuf->payload + IP6_HLEN);
+
+    /* Can just adjust p directly for needed offset. */
+    p->payload = (u8_t *)p->payload + poff;
+    p->len -= poff;
+    p->tot_len -= poff;
+
+    left_to_copy = cop;
+    while (left_to_copy) {
+      struct pbuf_custom_ref *pcr;
+      newpbuflen = (left_to_copy < p->len) ? left_to_copy : p->len;
+      /* Is this pbuf already empty? */
+      if (!newpbuflen) {
+        p = p->next;
+        continue;
+      }
+      pcr = ip6_frag_alloc_pbuf_custom_ref();
+      if (pcr == NULL) {
+        pbuf_free(rambuf);
+        IP6_FRAG_STATS_INC(ip6_frag.memerr);
+        return ERR_MEM;
+      }
+      /* Mirror this pbuf, although we might not need all of it. */
+      newpbuf = pbuf_alloced_custom(PBUF_RAW, newpbuflen, PBUF_REF, &pcr->pc, p->payload, newpbuflen);
+      if (newpbuf == NULL) {
+        ip6_frag_free_pbuf_custom_ref(pcr);
+        pbuf_free(rambuf);
+        IP6_FRAG_STATS_INC(ip6_frag.memerr);
+        return ERR_MEM;
+      }
+      pbuf_ref(p);
+      pcr->original = p;
+      pcr->pc.custom_free_function = ip6_frag_free_pbuf_custom;
+
+      /* Add it to end of rambuf's chain, but using pbuf_cat, not pbuf_chain
+       * so that it is removed when pbuf_dechain is later called on rambuf.
+       */
+      pbuf_cat(rambuf, newpbuf);
+      left_to_copy -= newpbuflen;
+      if (left_to_copy) {
+        p = p->next;
+      }
+    }
+    poff = newpbuflen;
+
+    /* Set headers */
+    frag_hdr->_nexth = original_ip6hdr->_nexth;
+    frag_hdr->reserved = 0;
+    frag_hdr->_fragment_offset = htons((fragment_offset & IP6_FRAG_OFFSET_MASK) | (last ? 0 : IP6_FRAG_MORE_FLAG));
+    frag_hdr->_identification = htonl(identification);
+
+    IP6H_NEXTH_SET(ip6hdr, IP6_NEXTH_FRAGMENT);
+    IP6H_PLEN_SET(ip6hdr, cop + IP6_FRAG_HLEN);
+
+    /* No need for separate header pbuf - we allowed room for it in rambuf
+     * when allocated.
+     */
+    IP6_FRAG_STATS_INC(ip6_frag.xmit);
+    netif->output_ip6(netif, rambuf, dest);
+
+    /* Unfortunately we can't reuse rambuf - the hardware may still be
+     * using the buffer. Instead we free it (and the ensuing chain) and
+     * recreate it next time round the loop. If we're lucky the hardware
+     * will have already sent the packet, the free will really free, and
+     * there will be zero memory penalty.
+     */
+
+    pbuf_free(rambuf);
+    left -= cop;
+    fragment_offset += cop;
+  }
+  return ERR_OK;
+}
+
+#endif /* LWIP_IPV6 && LWIP_IPV6_FRAG */
diff --git a/client/3rd/PacketProcessor/PacketProcessor/tun2socks-iOS/lwip/src/core/ipv6/nd6.c b/client/3rd/PacketProcessor/PacketProcessor/tun2socks-iOS/lwip/src/core/ipv6/nd6.c
new file mode 100644
index 00000000..43eb5318
--- /dev/null
+++ b/client/3rd/PacketProcessor/PacketProcessor/tun2socks-iOS/lwip/src/core/ipv6/nd6.c
@@ -0,0 +1,1790 @@
+/**
+ * @file
+ *
+ * Neighbor discovery and stateless address autoconfiguration for IPv6.
+ * Aims to be compliant with RFC 4861 (Neighbor discovery) and RFC 4862
+ * (Address autoconfiguration).
+ */
+
+/*
+ * Copyright (c) 2010 Inico Technologies Ltd.
+ * All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without modification,
+ * are permitted provided that the following conditions are met:
+ *
+ * 1. Redistributions of source code must retain the above copyright notice,
+ *    this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright notice,
+ *    this list of conditions and the following disclaimer in the documentation
+ *    and/or other materials provided with the distribution.
+ * 3. The name of the author may not be used to endorse or promote products
+ *    derived from this software without specific prior written permission.
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE AUTHOR ``AS IS'' AND ANY EXPRESS OR IMPLIED
+ * WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF
+ * MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT
+ * SHALL THE AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL,
+ * EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT
+ * OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS
+ * INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN
+ * CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING
+ * IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY
+ * OF SUCH DAMAGE.
+ *
+ * This file is part of the lwIP TCP/IP stack.
+ *
+ * Author: Ivan Delamer <delamer@inicotech.com>
+ *
+ *
+ * Please coordinate changes and requests with Ivan Delamer
+ * <delamer@inicotech.com>
+ */
+
+#include "lwip/opt.h"
+
+#if LWIP_IPV6  /* don't build if not configured for use in lwipopts.h */
+
+#include "lwip/nd6.h"
+#include "lwip/pbuf.h"
+#include "lwip/mem.h"
+#include "lwip/memp.h"
+#include "lwip/ip6.h"
+#include "lwip/ip6_addr.h"
+#include "lwip/inet_chksum.h"
+#include "lwip/netif.h"
+#include "lwip/icmp6.h"
+#include "lwip/mld6.h"
+#include "lwip/stats.h"
+
+#include <string.h>
+
+
+/* Router tables. */
+struct nd6_neighbor_cache_entry neighbor_cache[LWIP_ND6_NUM_NEIGHBORS];
+struct nd6_destination_cache_entry destination_cache[LWIP_ND6_NUM_DESTINATIONS];
+struct nd6_prefix_list_entry prefix_list[LWIP_ND6_NUM_PREFIXES];
+struct nd6_router_list_entry default_router_list[LWIP_ND6_NUM_ROUTERS];
+
+/* Default values, can be updated by a RA message. */
+u32_t reachable_time = LWIP_ND6_REACHABLE_TIME;
+u32_t retrans_timer = LWIP_ND6_RETRANS_TIMER; /* TODO implement this value in timer */
+
+/* Index for cache entries. */
+static u8_t nd6_cached_neighbor_index;
+static u8_t nd6_cached_destination_index;
+
+/* Multicast address holder. */
+static ip6_addr_t multicast_address;
+
+/* Static buffer to parse RA packet options (size of a prefix option, biggest option) */
+static u8_t nd6_ra_buffer[sizeof(struct prefix_option)];
+
+/* Forward declarations. */
+static s8_t nd6_find_neighbor_cache_entry(ip6_addr_t * ip6addr);
+static s8_t nd6_new_neighbor_cache_entry(void);
+static void nd6_free_neighbor_cache_entry(s8_t i);
+static s8_t nd6_find_destination_cache_entry(ip6_addr_t * ip6addr);
+static s8_t nd6_new_destination_cache_entry(void);
+static s8_t nd6_is_prefix_in_netif(ip6_addr_t * ip6addr, struct netif * netif);
+static s8_t nd6_get_router(ip6_addr_t * router_addr, struct netif * netif);
+static s8_t nd6_new_router(ip6_addr_t * router_addr, struct netif * netif);
+static s8_t nd6_get_onlink_prefix(ip6_addr_t * prefix, struct netif * netif);
+static s8_t nd6_new_onlink_prefix(ip6_addr_t * prefix, struct netif * netif);
+
+#define ND6_SEND_FLAG_MULTICAST_DEST 0x01
+#define ND6_SEND_FLAG_ALLNODES_DEST 0x02
+static void nd6_send_ns(struct netif * netif, ip6_addr_t * target_addr, u8_t flags);
+static void nd6_send_na(struct netif * netif, ip6_addr_t * target_addr, u8_t flags);
+#if LWIP_IPV6_SEND_ROUTER_SOLICIT
+static void nd6_send_rs(struct netif * netif);
+#endif /* LWIP_IPV6_SEND_ROUTER_SOLICIT */
+
+#if LWIP_ND6_QUEUEING
+static void nd6_free_q(struct nd6_q_entry *q);
+#else /* LWIP_ND6_QUEUEING */
+#define nd6_free_q(q) pbuf_free(q)
+#endif /* LWIP_ND6_QUEUEING */
+static void nd6_send_q(s8_t i);
+
+
+/**
+ * Process an incoming neighbor discovery message
+ *
+ * @param p the nd packet, p->payload pointing to the icmpv6 header
+ * @param inp the netif on which this packet was received
+ */
+void
+nd6_input(struct pbuf *p, struct netif *inp)
+{
+  u8_t msg_type;
+  s8_t i;
+
+  ND6_STATS_INC(nd6.recv);
+
+  msg_type = *((u8_t *)p->payload);
+  switch (msg_type) {
+  case ICMP6_TYPE_NA: /* Neighbor Advertisement. */
+  {
+    struct na_header * na_hdr;
+    struct lladdr_option * lladdr_opt;
+
+    /* Check that na header fits in packet. */
+    if (p->len < (sizeof(struct na_header))) {
+      /* TODO debug message */
+      pbuf_free(p);
+      ND6_STATS_INC(nd6.lenerr);
+      ND6_STATS_INC(nd6.drop);
+      return;
+    }
+
+    na_hdr = (struct na_header *)p->payload;
+
+    /* Unsolicited NA?*/
+    if (ip6_addr_ismulticast(ip6_current_dest_addr())) {
+      /* This is an unsolicited NA.
+       * link-layer changed?
+       * part of DAD mechanism? */
+
+      /* Check that link-layer address option also fits in packet. */
+      if (p->len < (sizeof(struct na_header) + sizeof(struct lladdr_option))) {
+        /* TODO debug message */
+        pbuf_free(p);
+        ND6_STATS_INC(nd6.lenerr);
+        ND6_STATS_INC(nd6.drop);
+        return;
+      }
+
+      lladdr_opt = (struct lladdr_option *)((u8_t*)p->payload + sizeof(struct na_header));
+
+      /* Override ip6_current_dest_addr() so that we have an aligned copy. */
+      ip6_addr_set(ip6_current_dest_addr(), &(na_hdr->target_address));
+
+#if LWIP_IPV6_DUP_DETECT_ATTEMPTS
+      /* If the target address matches this netif, it is a DAD response. */
+      for (i = 0; i < LWIP_IPV6_NUM_ADDRESSES; i++) {
+        if (ip6_addr_cmp(ip6_current_dest_addr(), netif_ip6_addr(inp, i))) {
+          /* We are using a duplicate address. */
+          netif_ip6_addr_set_state(inp, i, IP6_ADDR_INVALID);
+
+#if LWIP_IPV6_MLD
+          /* Leave solicited node multicast group. */
+          ip6_addr_set_solicitednode(&multicast_address, netif_ip6_addr(inp, i)->addr[3]);
+          mld6_leavegroup(netif_ip6_addr(inp, i), &multicast_address);
+#endif /* LWIP_IPV6_MLD */
+
+
+
+
+#if LWIP_IPV6_AUTOCONFIG
+          /* Check to see if this address was autoconfigured. */
+          if (!ip6_addr_islinklocal(ip6_current_dest_addr())) {
+            i = nd6_get_onlink_prefix(ip6_current_dest_addr(), inp);
+            if (i >= 0) {
+              /* Mark this prefix as duplicate, so that we don't use it
+               * to generate this address again. */
+              prefix_list[i].flags |= ND6_PREFIX_AUTOCONFIG_ADDRESS_DUPLICATE;
+            }
+          }
+#endif /* LWIP_IPV6_AUTOCONFIG */
+
+          pbuf_free(p);
+          return;
+        }
+      }
+#endif /* LWIP_IPV6_DUP_DETECT_ATTEMPTS */
+
+      /* This is an unsolicited NA, most likely there was a LLADDR change. */
+      i = nd6_find_neighbor_cache_entry(ip6_current_dest_addr());
+      if (i >= 0) {
+        if (na_hdr->flags & ND6_FLAG_OVERRIDE) {
+          MEMCPY(neighbor_cache[i].lladdr, lladdr_opt->addr, inp->hwaddr_len);
+        }
+      }
+    }
+    else {
+      /* This is a solicited NA.
+       * neighbor address resolution response?
+       * neighbor unreachability detection response? */
+
+      /* Override ip6_current_dest_addr() so that we have an aligned copy. */
+      ip6_addr_set(ip6_current_dest_addr(), &(na_hdr->target_address));
+
+      /* Find the cache entry corresponding to this na. */
+      i = nd6_find_neighbor_cache_entry(ip6_current_dest_addr());
+      if (i < 0) {
+        /* We no longer care about this target address. drop it. */
+        pbuf_free(p);
+        return;
+      }
+
+      /* Update cache entry. */
+      neighbor_cache[i].netif = inp;
+      neighbor_cache[i].counter.reachable_time = reachable_time;
+      if ((na_hdr->flags & ND6_FLAG_OVERRIDE) ||
+          (neighbor_cache[i].state == ND6_INCOMPLETE)) {
+        /* Check that link-layer address option also fits in packet. */
+        if (p->len < (sizeof(struct na_header) + sizeof(struct lladdr_option))) {
+          /* TODO debug message */
+          pbuf_free(p);
+          ND6_STATS_INC(nd6.lenerr);
+          ND6_STATS_INC(nd6.drop);
+          return;
+        }
+
+        lladdr_opt = (struct lladdr_option *)((u8_t*)p->payload + sizeof(struct na_header));
+
+        MEMCPY(neighbor_cache[i].lladdr, lladdr_opt->addr, inp->hwaddr_len);
+      }
+      neighbor_cache[i].state = ND6_REACHABLE;
+
+      /* Send queued packets, if any. */
+      if (neighbor_cache[i].q != NULL) {
+        nd6_send_q(i);
+      }
+    }
+
+    break; /* ICMP6_TYPE_NA */
+  }
+  case ICMP6_TYPE_NS: /* Neighbor solicitation. */
+  {
+    struct ns_header * ns_hdr;
+    struct lladdr_option * lladdr_opt;
+    u8_t accepted;
+
+    /* Check that ns header fits in packet. */
+    if (p->len < sizeof(struct ns_header)) {
+      /* TODO debug message */
+      pbuf_free(p);
+      ND6_STATS_INC(nd6.lenerr);
+      ND6_STATS_INC(nd6.drop);
+      return;
+    }
+
+    ns_hdr = (struct ns_header *)p->payload;
+
+    /* Check if there is a link-layer address provided. Only point to it if in this buffer. */
+    lladdr_opt = NULL;
+    if (p->len >= (sizeof(struct ns_header) + sizeof(struct lladdr_option))) {
+      lladdr_opt = (struct lladdr_option *)((u8_t*)p->payload + sizeof(struct ns_header));
+    }
+
+    /* Check if the target address is configured on the receiving netif. */
+    accepted = 0;
+    for (i = 0; i < LWIP_IPV6_NUM_ADDRESSES; ++i) {
+      if ((ip6_addr_isvalid(netif_ip6_addr_state(inp, i)) ||
+           (ip6_addr_istentative(netif_ip6_addr_state(inp, i)) &&
+            ip6_addr_isany(ip6_current_src_addr()))) &&
+          ip6_addr_cmp(&(ns_hdr->target_address), netif_ip6_addr(inp, i))) {
+        accepted = 1;
+        break;
+      }
+    }
+
+    /* NS not for us? */
+    if (!accepted) {
+      pbuf_free(p);
+      return;
+    }
+
+    /* Check for ANY address in src (DAD algorithm). */
+    if (ip6_addr_isany(ip6_current_src_addr())) {
+      /* Sender is validating this address. */
+      for (i = 0; i < LWIP_IPV6_NUM_ADDRESSES; ++i) {
+        if (ip6_addr_cmp(&(ns_hdr->target_address), netif_ip6_addr(inp, i))) {
+          /* Send a NA back so that the sender does not use this address. */
+          nd6_send_na(inp, netif_ip6_addr(inp, i), ND6_FLAG_OVERRIDE | ND6_SEND_FLAG_ALLNODES_DEST);
+          if (ip6_addr_istentative(netif_ip6_addr_state(inp, i))) {
+            /* We shouldn't use this address either. */
+            netif_ip6_addr_set_state(inp, i, IP6_ADDR_INVALID);
+          }
+        }
+      }
+    }
+    else {
+      /* Sender is trying to resolve our address. */
+      /* Verify that they included their own link-layer address. */
+      if (lladdr_opt == NULL) {
+        /* Not a valid message. */
+        pbuf_free(p);
+        ND6_STATS_INC(nd6.proterr);
+        ND6_STATS_INC(nd6.drop);
+        return;
+      }
+
+      i = nd6_find_neighbor_cache_entry(ip6_current_src_addr());
+      if ( i>= 0) {
+        /* We already have a record for the solicitor. */
+        if (neighbor_cache[i].state == ND6_INCOMPLETE) {
+          neighbor_cache[i].netif = inp;
+          MEMCPY(neighbor_cache[i].lladdr, lladdr_opt->addr, inp->hwaddr_len);
+
+          /* Delay probe in case we get confirmation of reachability from upper layer (TCP). */
+          neighbor_cache[i].state = ND6_DELAY;
+          neighbor_cache[i].counter.delay_time = LWIP_ND6_DELAY_FIRST_PROBE_TIME;
+        }
+      }
+      else
+      {
+        /* Add their IPv6 address and link-layer address to neighbor cache.
+         * We will need it at least to send a unicast NA message, but most
+         * likely we will also be communicating with this node soon. */
+        i = nd6_new_neighbor_cache_entry();
+        if (i < 0) {
+          /* We couldn't assign a cache entry for this neighbor.
+           * we won't be able to reply. drop it. */
+          pbuf_free(p);
+          ND6_STATS_INC(nd6.memerr);
+          return;
+        }
+        neighbor_cache[i].netif = inp;
+        MEMCPY(neighbor_cache[i].lladdr, lladdr_opt->addr, inp->hwaddr_len);
+        ip6_addr_set(&(neighbor_cache[i].next_hop_address), ip6_current_src_addr());
+
+        /* Receiving a message does not prove reachability: only in one direction.
+         * Delay probe in case we get confirmation of reachability from upper layer (TCP). */
+        neighbor_cache[i].state = ND6_DELAY;
+        neighbor_cache[i].counter.delay_time = LWIP_ND6_DELAY_FIRST_PROBE_TIME;
+      }
+
+      /* Override ip6_current_dest_addr() so that we have an aligned copy. */
+      ip6_addr_set(ip6_current_dest_addr(), &(ns_hdr->target_address));
+
+      /* Send back a NA for us. Allocate the reply pbuf. */
+      nd6_send_na(inp, ip6_current_dest_addr(), ND6_FLAG_SOLICITED | ND6_FLAG_OVERRIDE);
+    }
+
+    break; /* ICMP6_TYPE_NS */
+  }
+  case ICMP6_TYPE_RA: /* Router Advertisement. */
+  {
+    struct ra_header * ra_hdr;
+    u8_t * buffer; /* Used to copy options. */
+    u16_t offset;
+
+    /* Check that RA header fits in packet. */
+    if (p->len < sizeof(struct ra_header)) {
+      /* TODO debug message */
+      pbuf_free(p);
+      ND6_STATS_INC(nd6.lenerr);
+      ND6_STATS_INC(nd6.drop);
+      return;
+    }
+
+    ra_hdr = (struct ra_header *)p->payload;
+
+    /* If we are sending RS messages, stop. */
+#if LWIP_IPV6_SEND_ROUTER_SOLICIT
+    inp->rs_count = 0;
+#endif /* LWIP_IPV6_SEND_ROUTER_SOLICIT */
+
+    /* Get the matching default router entry. */
+    i = nd6_get_router(ip6_current_src_addr(), inp);
+    if (i < 0) {
+      /* Create a new router entry. */
+      i = nd6_new_router(ip6_current_src_addr(), inp);
+    }
+
+    if (i < 0) {
+      /* Could not create a new router entry. */
+      pbuf_free(p);
+      ND6_STATS_INC(nd6.memerr);
+      return;
+    }
+
+    /* Re-set invalidation timer. */
+    default_router_list[i].invalidation_timer = ra_hdr->router_lifetime;
+
+    /* Re-set default timer values. */
+#if LWIP_ND6_ALLOW_RA_UPDATES
+    if (ra_hdr->retrans_timer > 0) {
+      retrans_timer = ra_hdr->retrans_timer;
+    }
+    if (ra_hdr->reachable_time > 0) {
+      reachable_time = ra_hdr->reachable_time;
+    }
+#endif /* LWIP_ND6_ALLOW_RA_UPDATES */
+
+    /* TODO set default hop limit... */
+    /* ra_hdr->current_hop_limit;*/
+
+    /* Update flags in local entry (incl. preference). */
+    default_router_list[i].flags = ra_hdr->flags;
+
+    /* Offset to options. */
+    offset = sizeof(struct ra_header);
+
+    /* Process each option. */
+    while ((p->tot_len - offset) > 0) {
+      if (p->len == p->tot_len) {
+        /* no need to copy from contiguous pbuf */
+        buffer = &((u8_t*)p->payload)[offset];
+      } else {
+        buffer = nd6_ra_buffer;
+        pbuf_copy_partial(p, buffer, sizeof(struct prefix_option), offset);
+      }
+      switch (buffer[0]) {
+      case ND6_OPTION_TYPE_SOURCE_LLADDR:
+      {
+        struct lladdr_option * lladdr_opt;
+        lladdr_opt = (struct lladdr_option *)buffer;
+        if ((default_router_list[i].neighbor_entry != NULL) &&
+            (default_router_list[i].neighbor_entry->state == ND6_INCOMPLETE)) {
+          SMEMCPY(default_router_list[i].neighbor_entry->lladdr, lladdr_opt->addr, inp->hwaddr_len);
+          default_router_list[i].neighbor_entry->state = ND6_REACHABLE;
+          default_router_list[i].neighbor_entry->counter.reachable_time = reachable_time;
+        }
+        break;
+      }
+      case ND6_OPTION_TYPE_MTU:
+      {
+        struct mtu_option * mtu_opt;
+        mtu_opt = (struct mtu_option *)buffer;
+        if (mtu_opt->mtu >= 1280) {
+#if LWIP_ND6_ALLOW_RA_UPDATES
+          inp->mtu = mtu_opt->mtu;
+#endif /* LWIP_ND6_ALLOW_RA_UPDATES */
+        }
+        break;
+      }
+      case ND6_OPTION_TYPE_PREFIX_INFO:
+      {
+        struct prefix_option * prefix_opt;
+        prefix_opt = (struct prefix_option *)buffer;
+
+        if (prefix_opt->flags & ND6_PREFIX_FLAG_ON_LINK) {
+          /* Add to on-link prefix list. */
+
+          /* Get a memory-aligned copy of the prefix. */
+          ip6_addr_set(ip6_current_dest_addr(), &(prefix_opt->prefix));
+
+          /* find cache entry for this prefix. */
+          i = nd6_get_onlink_prefix(ip6_current_dest_addr(), inp);
+          if (i < 0) {
+            /* Create a new cache entry. */
+            i = nd6_new_onlink_prefix(ip6_current_dest_addr(), inp);
+          }
+          if (i >= 0) {
+            prefix_list[i].invalidation_timer = prefix_opt->valid_lifetime;
+
+#if LWIP_IPV6_AUTOCONFIG
+            if (prefix_opt->flags & ND6_PREFIX_FLAG_AUTONOMOUS) {
+              /* Mark prefix as autonomous, so that address autoconfiguration can take place.
+               * Only OR flag, so that we don't over-write other flags (such as ADDRESS_DUPLICATE)*/
+              prefix_list[i].flags |= ND6_PREFIX_AUTOCONFIG_AUTONOMOUS;
+            }
+#endif /* LWIP_IPV6_AUTOCONFIG */
+          }
+        }
+
+        break;
+      }
+      case ND6_OPTION_TYPE_ROUTE_INFO:
+      {
+        /* TODO implement preferred routes.
+        struct route_option * route_opt;
+        route_opt = (struct route_option *)buffer;*/
+
+        break;
+      }
+      default:
+        /* Unrecognized option, abort. */
+        ND6_STATS_INC(nd6.proterr);
+        break;
+      }
+      offset += 8 * ((u16_t)buffer[1]);
+    }
+
+    break; /* ICMP6_TYPE_RA */
+  }
+  case ICMP6_TYPE_RD: /* Redirect */
+  {
+    struct redirect_header * redir_hdr;
+    struct lladdr_option * lladdr_opt;
+
+    /* Check that Redir header fits in packet. */
+    if (p->len < sizeof(struct redirect_header)) {
+      /* TODO debug message */
+      pbuf_free(p);
+      ND6_STATS_INC(nd6.lenerr);
+      ND6_STATS_INC(nd6.drop);
+      return;
+    }
+
+    redir_hdr = (struct redirect_header *)p->payload;
+
+    lladdr_opt = NULL;
+    if (p->len >= (sizeof(struct redirect_header) + sizeof(struct lladdr_option))) {
+      lladdr_opt = (struct lladdr_option *)((u8_t*)p->payload + sizeof(struct redirect_header));
+    }
+
+    /* Copy original destination address to current source address, to have an aligned copy. */
+    ip6_addr_set(ip6_current_src_addr(), &(redir_hdr->destination_address));
+
+    /* Find dest address in cache */
+    i = nd6_find_destination_cache_entry(ip6_current_src_addr());
+    if (i < 0) {
+      /* Destination not in cache, drop packet. */
+      pbuf_free(p);
+      return;
+    }
+
+    /* Set the new target address. */
+    ip6_addr_set(&(destination_cache[i].next_hop_addr), &(redir_hdr->target_address));
+
+    /* If Link-layer address of other router is given, try to add to neighbor cache. */
+    if (lladdr_opt != NULL) {
+      if (lladdr_opt->type == ND6_OPTION_TYPE_TARGET_LLADDR) {
+        /* Copy target address to current source address, to have an aligned copy. */
+        ip6_addr_set(ip6_current_src_addr(), &(redir_hdr->target_address));
+
+        i = nd6_find_neighbor_cache_entry(ip6_current_src_addr());
+        if (i < 0) {
+          i = nd6_new_neighbor_cache_entry();
+          if (i >= 0) {
+            neighbor_cache[i].netif = inp;
+            MEMCPY(neighbor_cache[i].lladdr, lladdr_opt->addr, inp->hwaddr_len);
+            ip6_addr_set(&(neighbor_cache[i].next_hop_address), ip6_current_src_addr());
+
+            /* Receiving a message does not prove reachability: only in one direction.
+             * Delay probe in case we get confirmation of reachability from upper layer (TCP). */
+            neighbor_cache[i].state = ND6_DELAY;
+            neighbor_cache[i].counter.delay_time = LWIP_ND6_DELAY_FIRST_PROBE_TIME;
+          }
+        }
+        if (i >= 0) {
+          if (neighbor_cache[i].state == ND6_INCOMPLETE) {
+            MEMCPY(neighbor_cache[i].lladdr, lladdr_opt->addr, inp->hwaddr_len);
+            /* Receiving a message does not prove reachability: only in one direction.
+             * Delay probe in case we get confirmation of reachability from upper layer (TCP). */
+            neighbor_cache[i].state = ND6_DELAY;
+            neighbor_cache[i].counter.delay_time = LWIP_ND6_DELAY_FIRST_PROBE_TIME;
+          }
+        }
+      }
+    }
+    break; /* ICMP6_TYPE_RD */
+  }
+  case ICMP6_TYPE_PTB: /* Packet too big */
+  {
+    struct pp_icmp6_hdr *icmp6hdr; /* Packet too big message */
+    struct ip6_hdr * ip6hdr; /* IPv6 header of the packet which caused the error */
+
+    /* Check that ICMPv6 header + IPv6 header fit in payload */
+    if (p->len < (sizeof(struct pp_icmp6_hdr) + IP6_HLEN)) {
+      /* drop short packets */
+      pbuf_free(p);
+      ND6_STATS_INC(nd6.lenerr);
+      ND6_STATS_INC(nd6.drop);
+      return;
+    }
+
+    icmp6hdr = (struct pp_icmp6_hdr *)p->payload;
+    ip6hdr = (struct ip6_hdr *)((u8_t*)p->payload + sizeof(struct icmp6_hdr));
+
+    /* Copy original destination address to current source address, to have an aligned copy. */
+    ip6_addr_set(ip6_current_src_addr(), &(ip6hdr->dest));
+
+    /* Look for entry in destination cache. */
+    i = nd6_find_destination_cache_entry(ip6_current_src_addr());
+    if (i < 0) {
+      /* Destination not in cache, drop packet. */
+      pbuf_free(p);
+      return;
+    }
+
+    /* Change the Path MTU. */
+    destination_cache[i].pmtu = icmp6hdr->data;
+
+    break; /* ICMP6_TYPE_PTB */
+  }
+
+  default:
+    ND6_STATS_INC(nd6.proterr);
+    ND6_STATS_INC(nd6.drop);
+    break; /* default */
+  }
+
+  pbuf_free(p);
+}
+
+
+/**
+ * Periodic timer for Neighbor discovery functions:
+ *
+ * - Update neighbor reachability states
+ * - Update destination cache entries age
+ * - Update invalidation timers of default routers and on-link prefixes
+ * - Perform duplicate address detection (DAD) for our addresses
+ * - Send router solicitations
+ */
+void
+nd6_tmr(void)
+{
+  s8_t i;
+#if LWIP_IPV6_AUTOCONFIG
+  s8_t j;
+#endif
+  struct netif * netif;
+
+  /* Process neighbor entries. */
+  for (i = 0; i < LWIP_ND6_NUM_NEIGHBORS; i++) {
+    switch (neighbor_cache[i].state) {
+    case ND6_INCOMPLETE:
+      if (neighbor_cache[i].counter.probes_sent >= LWIP_ND6_MAX_MULTICAST_SOLICIT) {
+        /* Retries exceeded. */
+        nd6_free_neighbor_cache_entry(i);
+      }
+      else {
+        /* Send a NS for this entry. */
+        neighbor_cache[i].counter.probes_sent++;
+        nd6_send_ns(neighbor_cache[i].netif, &(neighbor_cache[i].next_hop_address), ND6_SEND_FLAG_MULTICAST_DEST);
+      }
+      break;
+    case ND6_REACHABLE:
+      /* Send queued packets, if any are left. Should have been sent already. */
+      if (neighbor_cache[i].q != NULL) {
+        nd6_send_q(i);
+      }
+      if (neighbor_cache[i].counter.reachable_time <= ND6_TMR_INTERVAL) {
+        /* Change to stale state. */
+        neighbor_cache[i].state = ND6_STALE;
+        neighbor_cache[i].counter.stale_time = 0;
+      }
+      else {
+        neighbor_cache[i].counter.reachable_time -= ND6_TMR_INTERVAL;
+      }
+      break;
+    case ND6_STALE:
+      neighbor_cache[i].counter.stale_time += ND6_TMR_INTERVAL;
+      break;
+    case ND6_DELAY:
+      if (neighbor_cache[i].counter.delay_time <= ND6_TMR_INTERVAL) {
+        /* Change to PROBE state. */
+        neighbor_cache[i].state = ND6_PROBE;
+        neighbor_cache[i].counter.probes_sent = 0;
+      }
+      else {
+        neighbor_cache[i].counter.delay_time -= ND6_TMR_INTERVAL;
+      }
+      break;
+    case ND6_PROBE:
+      if (neighbor_cache[i].counter.probes_sent >= LWIP_ND6_MAX_MULTICAST_SOLICIT) {
+        /* Retries exceeded. */
+        nd6_free_neighbor_cache_entry(i);
+      }
+      else {
+        /* Send a NS for this entry. */
+        neighbor_cache[i].counter.probes_sent++;
+        nd6_send_ns(neighbor_cache[i].netif, &(neighbor_cache[i].next_hop_address), 0);
+      }
+      break;
+    case ND6_NO_ENTRY:
+    default:
+      /* Do nothing. */
+      break;
+    }
+  }
+
+  /* Process destination entries. */
+  for (i = 0; i < LWIP_ND6_NUM_DESTINATIONS; i++) {
+    destination_cache[i].age++;
+  }
+
+  /* Process router entries. */
+  for (i = 0; i < LWIP_ND6_NUM_ROUTERS; i++) {
+    if (default_router_list[i].neighbor_entry != NULL) {
+      /* Active entry. */
+      if (default_router_list[i].invalidation_timer > 0) {
+        default_router_list[i].invalidation_timer -= ND6_TMR_INTERVAL / 1000;
+      }
+      if (default_router_list[i].invalidation_timer < ND6_TMR_INTERVAL / 1000) {
+        /* Less than 1 second remainig. Clear this entry. */
+        default_router_list[i].neighbor_entry->isrouter = 0;
+        default_router_list[i].neighbor_entry = NULL;
+        default_router_list[i].invalidation_timer = 0;
+        default_router_list[i].flags = 0;
+      }
+    }
+  }
+
+  /* Process prefix entries. */
+  for (i = 0; i < LWIP_ND6_NUM_PREFIXES; i++) {
+    if (prefix_list[i].invalidation_timer < ND6_TMR_INTERVAL / 1000) {
+      prefix_list[i].invalidation_timer = 0;
+    }
+    if ((prefix_list[i].invalidation_timer > 0) &&
+        (prefix_list[i].netif != NULL)) {
+      prefix_list[i].invalidation_timer -= ND6_TMR_INTERVAL / 1000;
+
+#if LWIP_IPV6_AUTOCONFIG
+      /* Initiate address autoconfiguration for this prefix, if conditions are met. */
+      if (prefix_list[i].netif->ip6_autoconfig_enabled &&
+          (prefix_list[i].flags & ND6_PREFIX_AUTOCONFIG_AUTONOMOUS) &&
+          !(prefix_list[i].flags & ND6_PREFIX_AUTOCONFIG_ADDRESS_GENERATED)) {
+        /* Try to get an address on this netif that is invalid.
+         * Skip 0 index (link-local address) */
+        for (j = 1; j < LWIP_IPV6_NUM_ADDRESSES; j++) {
+          if (netif_ip6_addr_state(prefix_list[i].netif, j) == IP6_ADDRESS_STATE_INVALID) {
+            /* Generate an address using this prefix and interface ID from link-local address. */
+            prefix_list[i].netif->ip6_addr[j].addr[0] = prefix_list[i].prefix.addr[0];
+            prefix_list[i].netif->ip6_addr[j].addr[1] = prefix_list[i].prefix.addr[1];
+            prefix_list[i].netif->ip6_addr[j].addr[2] = prefix_list[i].netif->ip6_addr[0].addr[2];
+            prefix_list[i].netif->ip6_addr[j].addr[3] = prefix_list[i].netif->ip6_addr[0].addr[3];
+
+            /* Mark it as tentative (DAD will be performed if configured). */
+            netif_ip6_addr_set_state(prefix_list[i].netif, j, IP6_ADDR_TENTATIVE);
+
+            /* Mark this prefix with ADDRESS_GENERATED, so that we don't try again. */
+            prefix_list[i].flags |= ND6_PREFIX_AUTOCONFIG_ADDRESS_GENERATED;
+
+            /* Exit loop. */
+            break;
+          }
+        }
+      }
+#endif /* LWIP_IPV6_AUTOCONFIG */
+    }
+  }
+
+
+  /* Process our own addresses, if DAD configured. */
+  for (netif = netif_list; netif != NULL; netif = netif->next) {
+    for (i = 0; i < LWIP_IPV6_NUM_ADDRESSES; ++i) {
+      if (ip6_addr_istentative(netif->ip6_addr_state[i])) {
+        if ((netif->ip6_addr_state[i] & 0x07) >= LWIP_IPV6_DUP_DETECT_ATTEMPTS) {
+          /* No NA received in response. Mark address as valid. */
+          netif->ip6_addr_state[i] = IP6_ADDR_PREFERRED;
+          /* TODO implement preferred and valid lifetimes. */
+        }
+        else if (netif->flags & NETIF_FLAG_UP) {
+#if LWIP_IPV6_MLD
+          if ((netif->ip6_addr_state[i] & 0x07) == 0) {
+            /* Join solicited node multicast group. */
+            ip6_addr_set_solicitednode(&multicast_address, netif_ip6_addr(netif, i)->addr[3]);
+            mld6_joingroup(netif_ip6_addr(netif, i), &multicast_address);
+          }
+#endif /* LWIP_IPV6_MLD */
+          /* Send a NS for this address. */
+          nd6_send_ns(netif, netif_ip6_addr(netif, i), ND6_SEND_FLAG_MULTICAST_DEST);
+          (netif->ip6_addr_state[i])++;
+          /* TODO send max 1 NS per tmr call? enable return*/
+          /*return;*/
+        }
+      }
+    }
+  }
+
+#if LWIP_IPV6_SEND_ROUTER_SOLICIT
+  /* Send router solicitation messages, if necessary. */
+  for (netif = netif_list; netif != NULL; netif = netif->next) {
+    if ((netif->rs_count > 0) && (netif->flags & NETIF_FLAG_UP)) {
+      nd6_send_rs(netif);
+      netif->rs_count--;
+    }
+  }
+#endif /* LWIP_IPV6_SEND_ROUTER_SOLICIT */
+
+}
+
+/**
+ * Send a neighbor solicitation message
+ *
+ * @param netif the netif on which to send the message
+ * @param target_addr the IPv6 target address for the ND message
+ * @param flags one of ND6_SEND_FLAG_*
+ */
+static void
+nd6_send_ns(struct netif * netif, ip6_addr_t * target_addr, u8_t flags)
+{
+  struct ns_header * ns_hdr;
+  struct lladdr_option * lladdr_opt;
+  struct pbuf * p;
+  ip6_addr_t * src_addr;
+
+  if (ip6_addr_isvalid(netif_ip6_addr_state(netif,0))) {
+    /* Use link-local address as source address. */
+    src_addr = netif_ip6_addr(netif, 0);
+  } else {
+    src_addr = IP6_ADDR_ANY;
+  }
+
+  /* Allocate a packet. */
+  p = pbuf_alloc(PBUF_IP, sizeof(struct ns_header) + sizeof(struct lladdr_option), PBUF_RAM);
+  if ((p == NULL) || (p->len < (sizeof(struct ns_header) + sizeof(struct lladdr_option)))) {
+    /* We couldn't allocate a suitable pbuf for the ns. drop it. */
+    if (p != NULL) {
+      pbuf_free(p);
+    }
+    ND6_STATS_INC(nd6.memerr);
+    return;
+  }
+
+  /* Set fields. */
+  ns_hdr = (struct ns_header *)p->payload;
+  lladdr_opt = (struct lladdr_option *)((u8_t*)p->payload + sizeof(struct ns_header));
+
+  ns_hdr->type = ICMP6_TYPE_NS;
+  ns_hdr->code = 0;
+  ns_hdr->chksum = 0;
+  ns_hdr->reserved = 0;
+  ip6_addr_set(&(ns_hdr->target_address), target_addr);
+
+  lladdr_opt->type = ND6_OPTION_TYPE_SOURCE_LLADDR;
+  lladdr_opt->length = ((netif->hwaddr_len + 2) >> 3) + (((netif->hwaddr_len + 2) & 0x07) ? 1 : 0);
+  SMEMCPY(lladdr_opt->addr, netif->hwaddr, netif->hwaddr_len);
+
+  /* Generate the solicited node address for the target address. */
+  if (flags & ND6_SEND_FLAG_MULTICAST_DEST) {
+    ip6_addr_set_solicitednode(&multicast_address, target_addr->addr[3]);
+    target_addr = &multicast_address;
+  }
+
+  ns_hdr->chksum = ip6_chksum_pseudo(p, IP6_NEXTH_ICMP6, p->len, src_addr,
+    target_addr);
+
+  /* Send the packet out. */
+  ND6_STATS_INC(nd6.xmit);
+  ip6_output_if(p, (src_addr == IP6_ADDR_ANY) ? NULL : src_addr, target_addr,
+      LWIP_ICMP6_HL, 0, IP6_NEXTH_ICMP6, netif);
+  pbuf_free(p);
+}
+
+/**
+ * Send a neighbor advertisement message
+ *
+ * @param netif the netif on which to send the message
+ * @param target_addr the IPv6 target address for the ND message
+ * @param flags one of ND6_SEND_FLAG_*
+ */
+static void
+nd6_send_na(struct netif * netif, ip6_addr_t * target_addr, u8_t flags)
+{
+  struct na_header * na_hdr;
+  struct lladdr_option * lladdr_opt;
+  struct pbuf * p;
+  ip6_addr_t * src_addr;
+  ip6_addr_t * dest_addr;
+
+  /* Use link-local address as source address. */
+  /* src_addr = &(netif->ip6_addr[0]); */
+  /* Use target address as source address. */
+  src_addr = target_addr;
+
+  /* Allocate a packet. */
+  p = pbuf_alloc(PBUF_IP, sizeof(struct na_header) + sizeof(struct lladdr_option), PBUF_RAM);
+  if ((p == NULL) || (p->len < (sizeof(struct na_header) + sizeof(struct lladdr_option)))) {
+    /* We couldn't allocate a suitable pbuf for the ns. drop it. */
+    if (p != NULL) {
+      pbuf_free(p);
+    }
+    ND6_STATS_INC(nd6.memerr);
+    return;
+  }
+
+  /* Set fields. */
+  na_hdr = (struct na_header *)p->payload;
+  lladdr_opt = (struct lladdr_option *)((u8_t*)p->payload + sizeof(struct na_header));
+
+  na_hdr->type = ICMP6_TYPE_NA;
+  na_hdr->code = 0;
+  na_hdr->chksum = 0;
+  na_hdr->flags = flags & 0xf0;
+  na_hdr->reserved[0] = 0;
+  na_hdr->reserved[1] = 0;
+  na_hdr->reserved[2] = 0;
+  ip6_addr_set(&(na_hdr->target_address), target_addr);
+
+  lladdr_opt->type = ND6_OPTION_TYPE_TARGET_LLADDR;
+  lladdr_opt->length = ((netif->hwaddr_len + 2) >> 3) + (((netif->hwaddr_len + 2) & 0x07) ? 1 : 0);
+  SMEMCPY(lladdr_opt->addr, netif->hwaddr, netif->hwaddr_len);
+
+  /* Generate the solicited node address for the target address. */
+  if (flags & ND6_SEND_FLAG_MULTICAST_DEST) {
+    ip6_addr_set_solicitednode(&multicast_address, target_addr->addr[3]);
+    dest_addr = &multicast_address;
+  }
+  else if (flags & ND6_SEND_FLAG_ALLNODES_DEST) {
+    ip6_addr_set_allnodes_linklocal(&multicast_address);
+    dest_addr = &multicast_address;
+  }
+  else {
+    dest_addr = ip6_current_src_addr();
+  }
+
+  na_hdr->chksum = ip6_chksum_pseudo(p, IP6_NEXTH_ICMP6, p->len, src_addr,
+    dest_addr);
+
+  /* Send the packet out. */
+  ND6_STATS_INC(nd6.xmit);
+  ip6_output_if(p, src_addr, dest_addr,
+      LWIP_ICMP6_HL, 0, IP6_NEXTH_ICMP6, netif);
+  pbuf_free(p);
+}
+
+#if LWIP_IPV6_SEND_ROUTER_SOLICIT
+/**
+ * Send a router solicitation message
+ *
+ * @param netif the netif on which to send the message
+ */
+static void
+nd6_send_rs(struct netif * netif)
+{
+  struct rs_header * rs_hdr;
+  struct lladdr_option * lladdr_opt;
+  struct pbuf * p;
+  ip6_addr_t * src_addr;
+  u16_t packet_len;
+
+  /* Link-local source address, or unspecified address? */
+  if (ip6_addr_isvalid(netif_ip6_addr_state(netif, 0))) {
+    src_addr = netif_ip6_addr(netif, 0);
+  }
+  else {
+    src_addr = IP6_ADDR_ANY;
+  }
+
+  /* Generate the all routers target address. */
+  ip6_addr_set_allrouters_linklocal(&multicast_address);
+
+  /* Allocate a packet. */
+  packet_len = sizeof(struct rs_header);
+  if (src_addr != IP6_ADDR_ANY) {
+    packet_len += sizeof(struct lladdr_option);
+  }
+  p = pbuf_alloc(PBUF_IP, packet_len, PBUF_RAM);
+  if ((p == NULL) || (p->len < packet_len)) {
+    /* We couldn't allocate a suitable pbuf for the ns. drop it. */
+    if (p != NULL) {
+      pbuf_free(p);
+    }
+    ND6_STATS_INC(nd6.memerr);
+    return;
+  }
+
+  /* Set fields. */
+  rs_hdr = (struct rs_header *)p->payload;
+
+  rs_hdr->type = ICMP6_TYPE_RS;
+  rs_hdr->code = 0;
+  rs_hdr->chksum = 0;
+  rs_hdr->reserved = 0;
+
+  if (src_addr != IP6_ADDR_ANY) {
+    /* Include our hw address. */
+    lladdr_opt = (struct lladdr_option *)((u8_t*)p->payload + sizeof(struct rs_header));
+    lladdr_opt->type = ND6_OPTION_TYPE_SOURCE_LLADDR;
+    lladdr_opt->length = ((netif->hwaddr_len + 2) >> 3) + (((netif->hwaddr_len + 2) & 0x07) ? 1 : 0);
+    SMEMCPY(lladdr_opt->addr, netif->hwaddr, netif->hwaddr_len);
+  }
+
+  rs_hdr->chksum = ip6_chksum_pseudo(p, IP6_NEXTH_ICMP6, p->len, src_addr,
+    &multicast_address);
+
+  /* Send the packet out. */
+  ND6_STATS_INC(nd6.xmit);
+  ip6_output_if(p, src_addr, &multicast_address,
+      LWIP_ICMP6_HL, 0, IP6_NEXTH_ICMP6, netif);
+  pbuf_free(p);
+}
+#endif /* LWIP_IPV6_SEND_ROUTER_SOLICIT */
+
+/**
+ * Search for a neighbor cache entry
+ *
+ * @param ip6addr the IPv6 address of the neighbor
+ * @return The neighbor cache entry index that matched, -1 if no
+ * entry is found
+ */
+static s8_t
+nd6_find_neighbor_cache_entry(ip6_addr_t * ip6addr)
+{
+  s8_t i;
+  for (i = 0; i < LWIP_ND6_NUM_NEIGHBORS; i++) {
+    if (ip6_addr_cmp(ip6addr, &(neighbor_cache[i].next_hop_address))) {
+      return i;
+    }
+  }
+  return -1;
+}
+
+/**
+ * Create a new neighbor cache entry.
+ *
+ * If no unused entry is found, will try to recycle an old entry
+ * according to ad-hoc "age" heuristic.
+ *
+ * @return The neighbor cache entry index that was created, -1 if no
+ * entry could be created
+ */
+static s8_t
+nd6_new_neighbor_cache_entry(void)
+{
+  s8_t i;
+  s8_t j;
+  u32_t time;
+
+
+  /* First, try to find an empty entry. */
+  for (i = 0; i < LWIP_ND6_NUM_NEIGHBORS; i++) {
+    if (neighbor_cache[i].state == ND6_NO_ENTRY) {
+      return i;
+    }
+  }
+
+  /* We need to recycle an entry. in general, do not recycle if it is a router. */
+
+  /* Next, try to find a Stale entry. */
+  for (i = 0; i < LWIP_ND6_NUM_NEIGHBORS; i++) {
+    if ((neighbor_cache[i].state == ND6_STALE) &&
+        (!neighbor_cache[i].isrouter)) {
+      nd6_free_neighbor_cache_entry(i);
+      return i;
+    }
+  }
+
+  /* Next, try to find a Probe entry. */
+  for (i = 0; i < LWIP_ND6_NUM_NEIGHBORS; i++) {
+    if ((neighbor_cache[i].state == ND6_PROBE) &&
+        (!neighbor_cache[i].isrouter)) {
+      nd6_free_neighbor_cache_entry(i);
+      return i;
+    }
+  }
+
+  /* Next, try to find a Delayed entry. */
+  for (i = 0; i < LWIP_ND6_NUM_NEIGHBORS; i++) {
+    if ((neighbor_cache[i].state == ND6_DELAY) &&
+        (!neighbor_cache[i].isrouter)) {
+      nd6_free_neighbor_cache_entry(i);
+      return i;
+    }
+  }
+
+  /* Next, try to find the oldest reachable entry. */
+  time = 0xfffffffful;
+  j = -1;
+  for (i = 0; i < LWIP_ND6_NUM_NEIGHBORS; i++) {
+    if ((neighbor_cache[i].state == ND6_REACHABLE) &&
+        (!neighbor_cache[i].isrouter)) {
+      if (neighbor_cache[i].counter.reachable_time < time) {
+        j = i;
+        time = neighbor_cache[i].counter.reachable_time;
+      }
+    }
+  }
+  if (j >= 0) {
+    nd6_free_neighbor_cache_entry(j);
+    return j;
+  }
+
+  /* Next, find oldest incomplete entry without queued packets. */
+  time = 0;
+  j = -1;
+  for (i = 0; i < LWIP_ND6_NUM_NEIGHBORS; i++) {
+    if (
+        (neighbor_cache[i].q == NULL) &&
+        (neighbor_cache[i].state == ND6_INCOMPLETE) &&
+        (!neighbor_cache[i].isrouter)) {
+      if (neighbor_cache[i].counter.probes_sent >= time) {
+        j = i;
+        time = neighbor_cache[i].counter.probes_sent;
+      }
+    }
+  }
+  if (j >= 0) {
+    nd6_free_neighbor_cache_entry(j);
+    return j;
+  }
+
+  /* Next, find oldest incomplete entry with queued packets. */
+  time = 0;
+  j = -1;
+  for (i = 0; i < LWIP_ND6_NUM_NEIGHBORS; i++) {
+    if ((neighbor_cache[i].state == ND6_INCOMPLETE) &&
+        (!neighbor_cache[i].isrouter)) {
+      if (neighbor_cache[i].counter.probes_sent >= time) {
+        j = i;
+        time = neighbor_cache[i].counter.probes_sent;
+      }
+    }
+  }
+  if (j >= 0) {
+    nd6_free_neighbor_cache_entry(j);
+    return j;
+  }
+
+  /* No more entries to try. */
+  return -1;
+}
+
+/**
+ * Will free any resources associated with a neighbor cache
+ * entry, and will mark it as unused.
+ *
+ * @param i the neighbor cache entry index to free
+ */
+static void
+nd6_free_neighbor_cache_entry(s8_t i)
+{
+  if ((i < 0) || (i >= LWIP_ND6_NUM_NEIGHBORS)) {
+    return;
+  }
+
+  /* Free any queued packets. */
+  if (neighbor_cache[i].q != NULL) {
+    nd6_free_q(neighbor_cache[i].q);
+    neighbor_cache[i].q = NULL;
+  }
+
+  neighbor_cache[i].state = ND6_NO_ENTRY;
+  neighbor_cache[i].isrouter = 0;
+  neighbor_cache[i].netif = NULL;
+  neighbor_cache[i].counter.reachable_time = 0;
+  ip6_addr_set_zero(&(neighbor_cache[i].next_hop_address));
+}
+
+/**
+ * Search for a destination cache entry
+ *
+ * @param ip6addr the IPv6 address of the destination
+ * @return The destination cache entry index that matched, -1 if no
+ * entry is found
+ */
+static s8_t
+nd6_find_destination_cache_entry(ip6_addr_t * ip6addr)
+{
+  s8_t i;
+  for (i = 0; i < LWIP_ND6_NUM_DESTINATIONS; i++) {
+    if (ip6_addr_cmp(ip6addr, &(destination_cache[i].destination_addr))) {
+      return i;
+    }
+  }
+  return -1;
+}
+
+/**
+ * Create a new destination cache entry. If no unused entry is found,
+ * will recycle oldest entry.
+ *
+ * @return The destination cache entry index that was created, -1 if no
+ * entry was created
+ */
+static s8_t
+nd6_new_destination_cache_entry(void)
+{
+  s8_t i, j;
+  u32_t age;
+
+  /* Find an empty entry. */
+  for (i = 0; i < LWIP_ND6_NUM_DESTINATIONS; i++) {
+    if (ip6_addr_isany(&(destination_cache[i].destination_addr))) {
+      return i;
+    }
+  }
+
+  /* Find oldest entry. */
+  age = 0;
+  j = LWIP_ND6_NUM_DESTINATIONS - 1;
+  for (i = 0; i < LWIP_ND6_NUM_DESTINATIONS; i++) {
+    if (destination_cache[i].age > age) {
+      j = i;
+    }
+  }
+
+  return j;
+}
+
+/**
+ * Determine whether an address matches an on-link prefix.
+ *
+ * @param ip6addr the IPv6 address to match
+ * @return 1 if the address is on-link, 0 otherwise
+ */
+static s8_t
+nd6_is_prefix_in_netif(ip6_addr_t * ip6addr, struct netif * netif)
+{
+  s8_t i;
+  for (i = 0; i < LWIP_ND6_NUM_PREFIXES; i++) {
+    if ((prefix_list[i].netif == netif) &&
+        (prefix_list[i].invalidation_timer > 0) &&
+        ip6_addr_netcmp(ip6addr, &(prefix_list[i].prefix))) {
+      return 1;
+    }
+  }
+  /* Check to see if address prefix matches a (manually?) configured address. */
+  for (i = 0; i < LWIP_IPV6_NUM_ADDRESSES; i++) {
+    if (ip6_addr_isvalid(netif_ip6_addr_state(netif, i)) &&
+        ip6_addr_netcmp(ip6addr, netif_ip6_addr(netif, i))) {
+      return 1;
+    }
+  }
+  return 0;
+}
+
+/**
+ * Select a default router for a destination.
+ *
+ * @param ip6addr the destination address
+ * @param netif the netif for the outgoing packet, if known
+ * @return the default router entry index, or -1 if no suitable
+ *         router is found
+ */
+s8_t
+nd6_select_router(ip6_addr_t * ip6addr, struct netif * netif)
+{
+  s8_t i;
+  /* last_router is used for round-robin router selection (as recommended
+   * in RFC). This is more robust in case one router is not reachable,
+   * we are not stuck trying to resolve it. */
+  static s8_t last_router;
+  (void)ip6addr; /* TODO match preferred routes!! (must implement ND6_OPTION_TYPE_ROUTE_INFO) */
+
+  /* TODO: implement default router preference */
+
+  /* Look for reachable routers. */
+  for (i = 0; i < LWIP_ND6_NUM_ROUTERS; i++) {
+    if (++last_router >= LWIP_ND6_NUM_ROUTERS) {
+      last_router = 0;
+    }
+    if ((default_router_list[i].neighbor_entry != NULL) &&
+        (netif != NULL ? netif == default_router_list[i].neighbor_entry->netif : 1) &&
+        (default_router_list[i].invalidation_timer > 0) &&
+        (default_router_list[i].neighbor_entry->state == ND6_REACHABLE)) {
+      return i;
+    }
+  }
+
+  /* Look for router in other reachability states, but still valid according to timer. */
+  for (i = 0; i < LWIP_ND6_NUM_ROUTERS; i++) {
+    if (++last_router >= LWIP_ND6_NUM_ROUTERS) {
+      last_router = 0;
+    }
+    if ((default_router_list[i].neighbor_entry != NULL) &&
+        (netif != NULL ? netif == default_router_list[i].neighbor_entry->netif : 1) &&
+        (default_router_list[i].invalidation_timer > 0)) {
+      return i;
+    }
+  }
+
+  /* Look for any router for which we have any information at all. */
+  for (i = 0; i < LWIP_ND6_NUM_ROUTERS; i++) {
+    if (++last_router >= LWIP_ND6_NUM_ROUTERS) {
+      last_router = 0;
+    }
+    if (default_router_list[i].neighbor_entry != NULL &&
+        (netif != NULL ? netif == default_router_list[i].neighbor_entry->netif : 1)) {
+      return i;
+    }
+  }
+
+  /* no suitable router found. */
+  return -1;
+}
+
+/**
+ * Find an entry for a default router.
+ *
+ * @param router_addr the IPv6 address of the router
+ * @param netif the netif on which the router is found, if known
+ * @return the index of the router entry, or -1 if not found
+ */
+static s8_t
+nd6_get_router(ip6_addr_t * router_addr, struct netif * netif)
+{
+  s8_t i;
+
+  /* Look for router. */
+  for (i = 0; i < LWIP_ND6_NUM_ROUTERS; i++) {
+    if ((default_router_list[i].neighbor_entry != NULL) &&
+        ((netif != NULL) ? netif == default_router_list[i].neighbor_entry->netif : 1) &&
+        ip6_addr_cmp(router_addr, &(default_router_list[i].neighbor_entry->next_hop_address))) {
+      return i;
+    }
+  }
+
+  /* router not found. */
+  return -1;
+}
+
+/**
+ * Create a new entry for a default router.
+ *
+ * @param router_addr the IPv6 address of the router
+ * @param netif the netif on which the router is connected, if known
+ * @return the index on the router table, or -1 if could not be created
+ */
+static s8_t
+nd6_new_router(ip6_addr_t * router_addr, struct netif * netif)
+{
+  s8_t router_index;
+  s8_t neighbor_index;
+
+  /* Do we have a neighbor entry for this router? */
+  neighbor_index = nd6_find_neighbor_cache_entry(router_addr);
+  if (neighbor_index < 0) {
+    /* Create a neighbor entry for this router. */
+    neighbor_index = nd6_new_neighbor_cache_entry();
+    if (neighbor_index < 0) {
+      /* Could not create neighbor entry for this router. */
+      return -1;
+    }
+    ip6_addr_set(&(neighbor_cache[neighbor_index].next_hop_address), router_addr);
+    neighbor_cache[neighbor_index].netif = netif;
+    neighbor_cache[neighbor_index].q = NULL;
+    neighbor_cache[neighbor_index].state = ND6_INCOMPLETE;
+    neighbor_cache[neighbor_index].counter.probes_sent = 0;
+  }
+
+  /* Mark neighbor as router. */
+  neighbor_cache[neighbor_index].isrouter = 1;
+
+  /* Look for empty entry. */
+  for (router_index = 0; router_index < LWIP_ND6_NUM_ROUTERS; router_index++) {
+    if (default_router_list[router_index].neighbor_entry == NULL) {
+      default_router_list[router_index].neighbor_entry = &(neighbor_cache[neighbor_index]);
+      return router_index;
+    }
+  }
+
+  /* Could not create a router entry. */
+
+  /* Mark neighbor entry as not-router. Entry might be useful as neighbor still. */
+  neighbor_cache[neighbor_index].isrouter = 0;
+
+  /* router not found. */
+  return -1;
+}
+
+/**
+ * Find the cached entry for an on-link prefix.
+ *
+ * @param prefix the IPv6 prefix that is on-link
+ * @param netif the netif on which the prefix is on-link
+ * @return the index on the prefix table, or -1 if not found
+ */
+static s8_t
+nd6_get_onlink_prefix(ip6_addr_t * prefix, struct netif * netif)
+{
+  s8_t i;
+
+  /* Look for prefix in list. */
+  for (i = 0; i < LWIP_ND6_NUM_PREFIXES; ++i) {
+    if ((ip6_addr_netcmp(&(prefix_list[i].prefix), prefix)) &&
+        (prefix_list[i].netif == netif)) {
+      return i;
+    }
+  }
+
+  /* Entry not available. */
+  return -1;
+}
+
+/**
+ * Creates a new entry for an on-link prefix.
+ *
+ * @param prefix the IPv6 prefix that is on-link
+ * @param netif the netif on which the prefix is on-link
+ * @return the index on the prefix table, or -1 if not created
+ */
+static s8_t
+nd6_new_onlink_prefix(ip6_addr_t * prefix, struct netif * netif)
+{
+  s8_t i;
+
+  /* Create new entry. */
+  for (i = 0; i < LWIP_ND6_NUM_PREFIXES; ++i) {
+    if ((prefix_list[i].netif == NULL) ||
+        (prefix_list[i].invalidation_timer == 0)) {
+      /* Found empty prefix entry. */
+      prefix_list[i].netif = netif;
+      ip6_addr_set(&(prefix_list[i].prefix), prefix);
+#if LWIP_IPV6_AUTOCONFIG
+      prefix_list[i].flags = 0;
+#endif
+      return i;
+    }
+  }
+
+  /* Entry not available. */
+  return -1;
+}
+
+/**
+ * Determine the next hop for a destination. Will determine if the
+ * destination is on-link, else a suitable on-link router is selected.
+ *
+ * The last entry index is cached for fast entry search.
+ *
+ * @param ip6addr the destination address
+ * @param netif the netif on which the packet will be sent
+ * @return the neighbor cache entry for the next hop, ERR_RTE if no
+ *         suitable next hop was found, ERR_MEM if no cache entry
+ *         could be created
+ */
+s8_t
+nd6_get_next_hop_entry(ip6_addr_t * ip6addr, struct netif * netif)
+{
+  s8_t i;
+
+#if LWIP_NETIF_HWADDRHINT
+  if (netif->addr_hint != NULL) {
+    /* per-pcb cached entry was given */
+    u8_t addr_hint = *(netif->addr_hint);
+    if (addr_hint < LWIP_ND6_NUM_DESTINATIONS) {
+      nd6_cached_destination_index = addr_hint;
+    }
+  }
+#endif /* LWIP_NETIF_HWADDRHINT */
+
+  /* Look for ip6addr in destination cache. */
+  if (ip6_addr_cmp(ip6addr, &(destination_cache[nd6_cached_destination_index].destination_addr))) {
+    /* the cached entry index is the right one! */
+    /* do nothing. */
+    ND6_STATS_INC(nd6.cachehit);
+  } else {
+    /* Search destination cache. */
+    i = nd6_find_destination_cache_entry(ip6addr);
+    if (i >= 0) {
+      /* found destination entry. make it our new cached index. */
+      nd6_cached_destination_index = i;
+    }
+    else {
+      /* Not found. Create a new destination entry. */
+      i = nd6_new_destination_cache_entry();
+      if (i >= 0) {
+        /* got new destination entry. make it our new cached index. */
+        nd6_cached_destination_index = i;
+      } else {
+        /* Could not create a destination cache entry. */
+        return ERR_MEM;
+      }
+
+      /* Copy dest address to destination cache. */
+      ip6_addr_set(&(destination_cache[nd6_cached_destination_index].destination_addr), ip6addr);
+
+      /* Now find the next hop. is it a neighbor? */
+      if (ip6_addr_islinklocal(ip6addr) ||
+          nd6_is_prefix_in_netif(ip6addr, netif)) {
+        /* Destination in local link. */
+        destination_cache[nd6_cached_destination_index].pmtu = netif->mtu;
+        ip6_addr_copy(destination_cache[nd6_cached_destination_index].next_hop_addr, destination_cache[nd6_cached_destination_index].destination_addr);
+      }
+      else {
+        /* We need to select a router. */
+        i = nd6_select_router(ip6addr, netif);
+        if (i < 0) {
+          /* No router found. */
+          ip6_addr_set_any(&(destination_cache[nd6_cached_destination_index].destination_addr));
+          return ERR_RTE;
+        }
+        destination_cache[nd6_cached_destination_index].pmtu = netif->mtu; /* Start with netif mtu, correct through ICMPv6 if necessary */
+        ip6_addr_copy(destination_cache[nd6_cached_destination_index].next_hop_addr, default_router_list[i].neighbor_entry->next_hop_address);
+      }
+    }
+  }
+
+#if LWIP_NETIF_HWADDRHINT
+  if (netif->addr_hint != NULL) {
+    /* per-pcb cached entry was given */
+    *(netif->addr_hint) = nd6_cached_destination_index;
+  }
+#endif /* LWIP_NETIF_HWADDRHINT */
+
+  /* Look in neighbor cache for the next-hop address. */
+  if (ip6_addr_cmp(&(destination_cache[nd6_cached_destination_index].next_hop_addr),
+                   &(neighbor_cache[nd6_cached_neighbor_index].next_hop_address))) {
+    /* Cache hit. */
+    /* Do nothing. */
+    ND6_STATS_INC(nd6.cachehit);
+  } else {
+    i = nd6_find_neighbor_cache_entry(&(destination_cache[nd6_cached_destination_index].next_hop_addr));
+    if (i >= 0) {
+      /* Found a matching record, make it new cached entry. */
+      nd6_cached_neighbor_index = i;
+    }
+    else {
+      /* Neighbor not in cache. Make a new entry. */
+      i = nd6_new_neighbor_cache_entry();
+      if (i >= 0) {
+        /* got new neighbor entry. make it our new cached index. */
+        nd6_cached_neighbor_index = i;
+      } else {
+        /* Could not create a neighbor cache entry. */
+        return ERR_MEM;
+      }
+
+      /* Initialize fields. */
+      ip6_addr_copy(neighbor_cache[i].next_hop_address,
+                   destination_cache[nd6_cached_destination_index].next_hop_addr);
+      neighbor_cache[i].isrouter = 0;
+      neighbor_cache[i].netif = netif;
+      neighbor_cache[i].state = ND6_INCOMPLETE;
+      neighbor_cache[i].counter.probes_sent = 0;
+    }
+  }
+
+  /* Reset this destination's age. */
+  destination_cache[nd6_cached_destination_index].age = 0;
+
+  return nd6_cached_neighbor_index;
+}
+
+/**
+ * Queue a packet for a neighbor.
+ *
+ * @param neighbor_index the index in the neighbor cache table
+ * @param q packet to be queued
+ * @return ERR_OK if succeeded, ERR_MEM if out of memory
+ */
+err_t
+nd6_queue_packet(s8_t neighbor_index, struct pbuf * q)
+{
+  err_t result = ERR_MEM;
+  struct pbuf *p;
+  int copy_needed = 0;
+#if LWIP_ND6_QUEUEING
+  struct nd6_q_entry *new_entry, *r;
+#endif /* LWIP_ND6_QUEUEING */
+
+  if ((neighbor_index < 0) || (neighbor_index >= LWIP_ND6_NUM_NEIGHBORS)) {
+    return ERR_ARG;
+  }
+
+  /* IF q includes a PBUF_REF, PBUF_POOL or PBUF_RAM, we have no choice but
+   * to copy the whole queue into a new PBUF_RAM (see bug #11400)
+   * PBUF_ROMs can be left as they are, since ROM must not get changed. */
+  p = q;
+  while (p) {
+    if(p->type != PBUF_ROM) {
+      copy_needed = 1;
+      break;
+    }
+    p = p->next;
+  }
+  if(copy_needed) {
+    /* copy the whole packet into new pbufs */
+    p = pbuf_alloc(PBUF_LINK, q->tot_len, PBUF_RAM);
+    while ((p == NULL) && (neighbor_cache[neighbor_index].q != NULL)) {
+      /* Free oldest packet (as per RFC recommendation) */
+#if LWIP_ND6_QUEUEING
+      r = neighbor_cache[neighbor_index].q;
+      neighbor_cache[neighbor_index].q = r->next;
+      r->next = NULL;
+      nd6_free_q(r);
+#else /* LWIP_ND6_QUEUEING */
+      pbuf_free(neighbor_cache[neighbor_index].q);
+      neighbor_cache[neighbor_index].q = NULL;
+#endif /* LWIP_ND6_QUEUEING */
+      p = pbuf_alloc(PBUF_LINK, q->tot_len, PBUF_RAM);
+    }
+    if(p != NULL) {
+      if (pbuf_copy(p, q) != ERR_OK) {
+        pbuf_free(p);
+        p = NULL;
+      }
+    }
+  } else {
+    /* referencing the old pbuf is enough */
+    p = q;
+    pbuf_ref(p);
+  }
+  /* packet was copied/ref'd? */
+  if (p != NULL) {
+    /* queue packet ... */
+#if LWIP_ND6_QUEUEING
+    /* allocate a new nd6 queue entry */
+    new_entry = (struct nd6_q_entry *)memp_malloc(MEMP_ND6_QUEUE);
+    if ((new_entry == NULL) && (neighbor_cache[neighbor_index].q != NULL)) {
+      /* Free oldest packet (as per RFC recommendation) */
+      r = neighbor_cache[neighbor_index].q;
+      neighbor_cache[neighbor_index].q = r->next;
+      r->next = NULL;
+      nd6_free_q(r);
+      new_entry = (struct nd6_q_entry *)memp_malloc(MEMP_ND6_QUEUE);
+    }
+    if (new_entry != NULL) {
+      new_entry->next = NULL;
+      new_entry->p = p;
+      if(neighbor_cache[neighbor_index].q != NULL) {
+        /* queue was already existent, append the new entry to the end */
+        r = neighbor_cache[neighbor_index].q;
+        while (r->next != NULL) {
+          r = r->next;
+        }
+        r->next = new_entry;
+      } else {
+        /* queue did not exist, first item in queue */
+        neighbor_cache[neighbor_index].q = new_entry;
+      }
+      LWIP_DEBUGF(LWIP_DBG_TRACE, ("ipv6: queued packet %p on neighbor entry %"S16_F"\n", (void *)p, (s16_t)neighbor_index));
+      result = ERR_OK;
+    } else {
+      /* the pool MEMP_ND6_QUEUE is empty */
+      pbuf_free(p);
+      LWIP_DEBUGF(LWIP_DBG_TRACE, ("ipv6: could not queue a copy of packet %p (out of memory)\n", (void *)p));
+      /* { result == ERR_MEM } through initialization */
+    }
+#else /* LWIP_ND6_QUEUEING */
+    /* Queue a single packet. If an older packet is already queued, free it as per RFC. */
+    if (neighbor_cache[neighbor_index].q != NULL) {
+      pbuf_free(neighbor_cache[neighbor_index].q);
+    }
+    neighbor_cache[neighbor_index].q = p;
+    LWIP_DEBUGF(LWIP_DBG_TRACE, ("ipv6: queued packet %p on neighbor entry %"S16_F"\n", (void *)p, (s16_t)neighbor_index));
+    result = ERR_OK;
+#endif /* LWIP_ND6_QUEUEING */
+  } else {
+    LWIP_DEBUGF(LWIP_DBG_TRACE, ("ipv6: could not queue a copy of packet %p (out of memory)\n", (void *)q));
+    /* { result == ERR_MEM } through initialization */
+  }
+
+  return result;
+}
+
+#if LWIP_ND6_QUEUEING
+/**
+ * Free a complete queue of nd6 q entries
+ *
+ * @param q a queue of nd6_q_entry to free
+ */
+static void
+nd6_free_q(struct nd6_q_entry *q)
+{
+  struct nd6_q_entry *r;
+  LWIP_ASSERT("q != NULL", q != NULL);
+  LWIP_ASSERT("q->p != NULL", q->p != NULL);
+  while (q) {
+    r = q;
+    q = q->next;
+    LWIP_ASSERT("r->p != NULL", (r->p != NULL));
+    pbuf_free(r->p);
+    memp_free(MEMP_ND6_QUEUE, r);
+  }
+}
+#endif /* LWIP_ND6_QUEUEING */
+
+/**
+ * Send queued packets for a neighbor
+ *
+ * @param i the neighbor to send packets to
+ */
+static void
+nd6_send_q(s8_t i)
+{
+  struct ip6_hdr *ip6hdr;
+#if LWIP_ND6_QUEUEING
+  struct nd6_q_entry *q;
+#endif /* LWIP_ND6_QUEUEING */
+
+  if ((i < 0) || (i >= LWIP_ND6_NUM_NEIGHBORS)) {
+    return;
+  }
+
+#if LWIP_ND6_QUEUEING
+  while (neighbor_cache[i].q != NULL) {
+    /* remember first in queue */
+    q = neighbor_cache[i].q;
+    /* pop first item off the queue */
+    neighbor_cache[i].q = q->next;
+    /* Get ipv6 header. */
+    ip6hdr = (struct ip6_hdr *)(q->p->payload);
+    /* Override ip6_current_dest_addr() so that we have an aligned copy. */
+    ip6_addr_set(ip6_current_dest_addr(), &(ip6hdr->dest));
+    /* send the queued IPv6 packet */
+    (neighbor_cache[i].netif)->output_ip6(neighbor_cache[i].netif, q->p, ip6_current_dest_addr());
+    /* free the queued IP packet */
+    pbuf_free(q->p);
+    /* now queue entry can be freed */
+    memp_free(MEMP_ND6_QUEUE, q);
+  }
+#else /* LWIP_ND6_QUEUEING */
+  if (neighbor_cache[i].q != NULL) {
+    /* Get ipv6 header. */
+    ip6hdr = (struct ip6_hdr *)(neighbor_cache[i].q->payload);
+    /* Override ip6_current_dest_addr() so that we have an aligned copy. */
+    ip6_addr_set(ip6_current_dest_addr(), &(ip6hdr->dest));
+    /* send the queued IPv6 packet */
+    (neighbor_cache[i].netif)->output_ip6(neighbor_cache[i].netif, neighbor_cache[i].q, ip6_current_dest_addr());
+    /* free the queued IP packet */
+    pbuf_free(neighbor_cache[i].q);
+    neighbor_cache[i].q = NULL;
+  }
+#endif /* LWIP_ND6_QUEUEING */
+}
+
+
+/**
+ * Get the Path MTU for a destination.
+ *
+ * @param ip6addr the destination address
+ * @param netif the netif on which the packet will be sent
+ * @return the Path MTU, if known, or the netif default MTU
+ */
+u16_t
+nd6_get_destination_mtu(ip6_addr_t * ip6addr, struct netif * netif)
+{
+  s8_t i;
+
+  i = nd6_find_destination_cache_entry(ip6addr);
+  if (i >= 0) {
+    if (destination_cache[i].pmtu > 0) {
+      return destination_cache[i].pmtu;
+    }
+  }
+
+  if (netif != NULL) {
+    return netif->mtu;
+  }
+
+  return 1280; /* Minimum MTU */
+}
+
+
+#if LWIP_ND6_TCP_REACHABILITY_HINTS
+/**
+ * Provide the Neighbor discovery process with a hint that a
+ * destination is reachable. Called by tcp_receive when ACKs are
+ * received or sent (as per RFC). This is useful to avoid sending
+ * NS messages every 30 seconds.
+ *
+ * @param ip6addr the destination address which is know to be reachable
+ *                by an upper layer protocol (TCP)
+ */
+void
+nd6_reachability_hint(ip6_addr_t * ip6addr)
+{
+  s8_t i;
+
+  /* Find destination in cache. */
+  if (ip6_addr_cmp(ip6addr, &(destination_cache[nd6_cached_destination_index].destination_addr))) {
+    i = nd6_cached_destination_index;
+    ND6_STATS_INC(nd6.cachehit);
+  }
+  else {
+    i = nd6_find_destination_cache_entry(ip6addr);
+  }
+  if (i < 0) {
+    return;
+  }
+
+  /* Find next hop neighbor in cache. */
+  if (ip6_addr_cmp(&(destination_cache[i].next_hop_addr), &(neighbor_cache[nd6_cached_neighbor_index].next_hop_address))) {
+    i = nd6_cached_neighbor_index;
+    ND6_STATS_INC(nd6.cachehit);
+  }
+  else {
+    i = nd6_find_neighbor_cache_entry(&(destination_cache[i].next_hop_addr));
+  }
+  if (i < 0) {
+    return;
+  }
+
+  /* Set reachability state. */
+  neighbor_cache[i].state = ND6_REACHABLE;
+  neighbor_cache[i].counter.reachable_time = reachable_time;
+}
+#endif /* LWIP_ND6_TCP_REACHABILITY_HINTS */
+
+#endif /* LWIP_IPV6 */
diff --git a/client/3rd/PacketProcessor/PacketProcessor/tun2socks-iOS/lwip/src/core/mem.c b/client/3rd/PacketProcessor/PacketProcessor/tun2socks-iOS/lwip/src/core/mem.c
new file mode 100644
index 00000000..1659a2c7
--- /dev/null
+++ b/client/3rd/PacketProcessor/PacketProcessor/tun2socks-iOS/lwip/src/core/mem.c
@@ -0,0 +1,659 @@
+/**
+ * @file
+ * Dynamic memory manager
+ *
+ * This is a lightweight replacement for the standard C library malloc().
+ *
+ * If you want to use the standard C library malloc() instead, define
+ * MEM_LIBC_MALLOC to 1 in your lwipopts.h
+ *
+ * To let mem_malloc() use pools (prevents fragmentation and is much faster than
+ * a heap but might waste some memory), define MEM_USE_POOLS to 1, define
+ * MEM_USE_CUSTOM_POOLS to 1 and create a file "lwippools.h" that includes a list
+ * of pools like this (more pools can be added between _START and _END):
+ *
+ * Define three pools with sizes 256, 512, and 1512 bytes
+ * LWIP_MALLOC_MEMPOOL_START
+ * LWIP_MALLOC_MEMPOOL(20, 256)
+ * LWIP_MALLOC_MEMPOOL(10, 512)
+ * LWIP_MALLOC_MEMPOOL(5, 1512)
+ * LWIP_MALLOC_MEMPOOL_END
+ */
+
+/*
+ * Copyright (c) 2001-2004 Swedish Institute of Computer Science.
+ * All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without modification,
+ * are permitted provided that the following conditions are met:
+ *
+ * 1. Redistributions of source code must retain the above copyright notice,
+ *    this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright notice,
+ *    this list of conditions and the following disclaimer in the documentation
+ *    and/or other materials provided with the distribution.
+ * 3. The name of the author may not be used to endorse or promote products
+ *    derived from this software without specific prior written permission.
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE AUTHOR ``AS IS'' AND ANY EXPRESS OR IMPLIED
+ * WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF
+ * MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT
+ * SHALL THE AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL,
+ * EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT
+ * OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS
+ * INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN
+ * CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING
+ * IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY
+ * OF SUCH DAMAGE.
+ *
+ * This file is part of the lwIP TCP/IP stack.
+ *
+ * Author: Adam Dunkels <adam@sics.se>
+ *         Simon Goldschmidt
+ *
+ */
+
+#include "lwip/opt.h"
+
+#if !MEM_LIBC_MALLOC /* don't build if not configured for use in lwipopts.h */
+
+#include "lwip/def.h"
+#include "lwip/mem.h"
+#include "lwip/sys.h"
+#include "lwip/stats.h"
+#include "lwip/err.h"
+
+#include <string.h>
+
+#if MEM_USE_POOLS
+/* lwIP head implemented with different sized pools */
+
+/**
+ * Allocate memory: determine the smallest pool that is big enough
+ * to contain an element of 'size' and get an element from that pool.
+ *
+ * @param size the size in bytes of the memory needed
+ * @return a pointer to the allocated memory or NULL if the pool is empty
+ */
+void *
+mem_malloc(mem_size_t size)
+{
+  void *ret;
+  struct memp_malloc_helper *element;
+  memp_t poolnr;
+  mem_size_t required_size = size + LWIP_MEM_ALIGN_SIZE(sizeof(struct memp_malloc_helper));
+
+  for (poolnr = MEMP_POOL_FIRST; poolnr <= MEMP_POOL_LAST; poolnr = (memp_t)(poolnr + 1)) {
+#if MEM_USE_POOLS_TRY_BIGGER_POOL
+again:
+#endif /* MEM_USE_POOLS_TRY_BIGGER_POOL */
+    /* is this pool big enough to hold an element of the required size
+       plus a struct memp_malloc_helper that saves the pool this element came from? */
+    if (required_size <= memp_sizes[poolnr]) {
+      break;
+    }
+  }
+  if (poolnr > MEMP_POOL_LAST) {
+    LWIP_ASSERT("mem_malloc(): no pool is that big!", 0);
+    return NULL;
+  }
+  element = (struct memp_malloc_helper*)memp_malloc(poolnr);
+  if (element == NULL) {
+    /* No need to DEBUGF or ASSERT: This error is already
+       taken care of in memp.c */
+#if MEM_USE_POOLS_TRY_BIGGER_POOL
+    /** Try a bigger pool if this one is empty! */
+    if (poolnr < MEMP_POOL_LAST) {
+      poolnr++;
+      goto again;
+    }
+#endif /* MEM_USE_POOLS_TRY_BIGGER_POOL */
+    return NULL;
+  }
+
+  /* save the pool number this element came from */
+  element->poolnr = poolnr;
+  /* and return a pointer to the memory directly after the struct memp_malloc_helper */
+  ret = (u8_t*)element + LWIP_MEM_ALIGN_SIZE(sizeof(struct memp_malloc_helper));
+
+  return ret;
+}
+
+/**
+ * Free memory previously allocated by mem_malloc. Loads the pool number
+ * and calls memp_free with that pool number to put the element back into
+ * its pool
+ *
+ * @param rmem the memory element to free
+ */
+void
+mem_free(void *rmem)
+{
+  struct memp_malloc_helper *hmem;
+
+  LWIP_ASSERT("rmem != NULL", (rmem != NULL));
+  LWIP_ASSERT("rmem == MEM_ALIGN(rmem)", (rmem == LWIP_MEM_ALIGN(rmem)));
+
+  /* get the original struct memp_malloc_helper */
+  hmem = (struct memp_malloc_helper*)(void*)((u8_t*)rmem - LWIP_MEM_ALIGN_SIZE(sizeof(struct memp_malloc_helper)));
+
+  LWIP_ASSERT("hmem != NULL", (hmem != NULL));
+  LWIP_ASSERT("hmem == MEM_ALIGN(hmem)", (hmem == LWIP_MEM_ALIGN(hmem)));
+  LWIP_ASSERT("hmem->poolnr < MEMP_MAX", (hmem->poolnr < MEMP_MAX));
+
+  /* and put it in the pool we saved earlier */
+  memp_free(hmem->poolnr, hmem);
+}
+
+#else /* MEM_USE_POOLS */
+/* lwIP replacement for your libc malloc() */
+
+/**
+ * The heap is made up as a list of structs of this type.
+ * This does not have to be aligned since for getting its size,
+ * we only use the macro SIZEOF_STRUCT_MEM, which automatically alignes.
+ */
+struct mem {
+  /** index (-> ram[next]) of the next struct */
+  mem_size_t next;
+  /** index (-> ram[prev]) of the previous struct */
+  mem_size_t prev;
+  /** 1: this area is used; 0: this area is unused */
+  u8_t used;
+};
+
+/** All allocated blocks will be MIN_SIZE bytes big, at least!
+ * MIN_SIZE can be overridden to suit your needs. Smaller values save space,
+ * larger values could prevent too small blocks to fragment the RAM too much. */
+#ifndef MIN_SIZE
+#define MIN_SIZE             12
+#endif /* MIN_SIZE */
+/* some alignment macros: we define them here for better source code layout */
+#define MIN_SIZE_ALIGNED     LWIP_MEM_ALIGN_SIZE(MIN_SIZE)
+#define SIZEOF_STRUCT_MEM    LWIP_MEM_ALIGN_SIZE(sizeof(struct mem))
+#define MEM_SIZE_ALIGNED     LWIP_MEM_ALIGN_SIZE(MEM_SIZE)
+
+/** If you want to relocate the heap to external memory, simply define
+ * LWIP_RAM_HEAP_POINTER as a void-pointer to that location.
+ * If so, make sure the memory at that location is big enough (see below on
+ * how that space is calculated). */
+#ifndef LWIP_RAM_HEAP_POINTER
+/** the heap. we need one struct mem at the end and some room for alignment */
+u8_t ram_heap[MEM_SIZE_ALIGNED + (2*SIZEOF_STRUCT_MEM) + MEM_ALIGNMENT];
+#define LWIP_RAM_HEAP_POINTER ram_heap
+#endif /* LWIP_RAM_HEAP_POINTER */
+
+/** pointer to the heap (ram_heap): for alignment, ram is now a pointer instead of an array */
+static u8_t *ram;
+/** the last entry, always unused! */
+static struct mem *ram_end;
+/** pointer to the lowest free block, this is used for faster search */
+static struct mem *lfree;
+
+/** concurrent access protection */
+#if !NO_SYS
+static sys_mutex_t mem_mutex;
+#endif
+
+#if LWIP_ALLOW_MEM_FREE_FROM_OTHER_CONTEXT
+
+static volatile u8_t mem_free_count;
+
+/* Allow mem_free from other (e.g. interrupt) context */
+#define LWIP_MEM_FREE_DECL_PROTECT()  SYS_ARCH_DECL_PROTECT(lev_free)
+#define LWIP_MEM_FREE_PROTECT()       SYS_ARCH_PROTECT(lev_free)
+#define LWIP_MEM_FREE_UNPROTECT()     SYS_ARCH_UNPROTECT(lev_free)
+#define LWIP_MEM_ALLOC_DECL_PROTECT() SYS_ARCH_DECL_PROTECT(lev_alloc)
+#define LWIP_MEM_ALLOC_PROTECT()      SYS_ARCH_PROTECT(lev_alloc)
+#define LWIP_MEM_ALLOC_UNPROTECT()    SYS_ARCH_UNPROTECT(lev_alloc)
+
+#else /* LWIP_ALLOW_MEM_FREE_FROM_OTHER_CONTEXT */
+
+/* Protect the heap only by using a semaphore */
+#define LWIP_MEM_FREE_DECL_PROTECT()
+#define LWIP_MEM_FREE_PROTECT()    sys_mutex_lock(&mem_mutex)
+#define LWIP_MEM_FREE_UNPROTECT()  sys_mutex_unlock(&mem_mutex)
+/* mem_malloc is protected using semaphore AND LWIP_MEM_ALLOC_PROTECT */
+#define LWIP_MEM_ALLOC_DECL_PROTECT()
+#define LWIP_MEM_ALLOC_PROTECT()
+#define LWIP_MEM_ALLOC_UNPROTECT()
+
+#endif /* LWIP_ALLOW_MEM_FREE_FROM_OTHER_CONTEXT */
+
+
+/**
+ * "Plug holes" by combining adjacent empty struct mems.
+ * After this function is through, there should not exist
+ * one empty struct mem pointing to another empty struct mem.
+ *
+ * @param mem this points to a struct mem which just has been freed
+ * @internal this function is only called by mem_free() and mem_trim()
+ *
+ * This assumes access to the heap is protected by the calling function
+ * already.
+ */
+static void
+plug_holes(struct mem *mem)
+{
+  struct mem *nmem;
+  struct mem *pmem;
+
+  LWIP_ASSERT("plug_holes: mem >= ram", (u8_t *)mem >= ram);
+  LWIP_ASSERT("plug_holes: mem < ram_end", (u8_t *)mem < (u8_t *)ram_end);
+  LWIP_ASSERT("plug_holes: mem->used == 0", mem->used == 0);
+
+  /* plug hole forward */
+  LWIP_ASSERT("plug_holes: mem->next <= MEM_SIZE_ALIGNED", mem->next <= MEM_SIZE_ALIGNED);
+
+  nmem = (struct mem *)(void *)&ram[mem->next];
+  if (mem != nmem && nmem->used == 0 && (u8_t *)nmem != (u8_t *)ram_end) {
+    /* if mem->next is unused and not end of ram, combine mem and mem->next */
+    if (lfree == nmem) {
+      lfree = mem;
+    }
+    mem->next = nmem->next;
+    ((struct mem *)(void *)&ram[nmem->next])->prev = (mem_size_t)((u8_t *)mem - ram);
+  }
+
+  /* plug hole backward */
+  pmem = (struct mem *)(void *)&ram[mem->prev];
+  if (pmem != mem && pmem->used == 0) {
+    /* if mem->prev is unused, combine mem and mem->prev */
+    if (lfree == mem) {
+      lfree = pmem;
+    }
+    pmem->next = mem->next;
+    ((struct mem *)(void *)&ram[mem->next])->prev = (mem_size_t)((u8_t *)pmem - ram);
+  }
+}
+
+/**
+ * Zero the heap and initialize start, end and lowest-free
+ */
+void
+mem_init(void)
+{
+  struct mem *mem;
+
+  LWIP_ASSERT("Sanity check alignment",
+    (SIZEOF_STRUCT_MEM & (MEM_ALIGNMENT-1)) == 0);
+
+  /* align the heap */
+  ram = (u8_t *)LWIP_MEM_ALIGN(LWIP_RAM_HEAP_POINTER);
+  /* initialize the start of the heap */
+  mem = (struct mem *)(void *)ram;
+  mem->next = MEM_SIZE_ALIGNED;
+  mem->prev = 0;
+  mem->used = 0;
+  /* initialize the end of the heap */
+  ram_end = (struct mem *)(void *)&ram[MEM_SIZE_ALIGNED];
+  ram_end->used = 1;
+  ram_end->next = MEM_SIZE_ALIGNED;
+  ram_end->prev = MEM_SIZE_ALIGNED;
+
+  /* initialize the lowest-free pointer to the start of the heap */
+  lfree = (struct mem *)(void *)ram;
+
+  MEM_STATS_AVAIL(avail, MEM_SIZE_ALIGNED);
+
+  if(sys_mutex_new(&mem_mutex) != ERR_OK) {
+    LWIP_ASSERT("failed to create mem_mutex", 0);
+  }
+}
+
+/**
+ * Put a struct mem back on the heap
+ *
+ * @param rmem is the data portion of a struct mem as returned by a previous
+ *             call to mem_malloc()
+ */
+void
+mem_free(void *rmem)
+{
+  struct mem *mem;
+  LWIP_MEM_FREE_DECL_PROTECT();
+
+  if (rmem == NULL) {
+    LWIP_DEBUGF(MEM_DEBUG | LWIP_DBG_TRACE | LWIP_DBG_LEVEL_SERIOUS, ("mem_free(p == NULL) was called.\n"));
+    return;
+  }
+  LWIP_ASSERT("mem_free: sanity check alignment", (((mem_ptr_t)rmem) & (MEM_ALIGNMENT-1)) == 0);
+
+  LWIP_ASSERT("mem_free: legal memory", (u8_t *)rmem >= (u8_t *)ram &&
+    (u8_t *)rmem < (u8_t *)ram_end);
+
+  if ((u8_t *)rmem < (u8_t *)ram || (u8_t *)rmem >= (u8_t *)ram_end) {
+    SYS_ARCH_DECL_PROTECT(lev);
+    LWIP_DEBUGF(MEM_DEBUG | LWIP_DBG_LEVEL_SEVERE, ("mem_free: illegal memory\n"));
+    /* protect mem stats from concurrent access */
+    SYS_ARCH_PROTECT(lev);
+    MEM_STATS_INC(illegal);
+    SYS_ARCH_UNPROTECT(lev);
+    return;
+  }
+  /* protect the heap from concurrent access */
+  LWIP_MEM_FREE_PROTECT();
+  /* Get the corresponding struct mem ... */
+  mem = (struct mem *)(void *)((u8_t *)rmem - SIZEOF_STRUCT_MEM);
+  /* ... which has to be in a used state ... */
+  LWIP_ASSERT("mem_free: mem->used", mem->used);
+  /* ... and is now unused. */
+  mem->used = 0;
+
+  if (mem < lfree) {
+    /* the newly freed struct is now the lowest */
+    lfree = mem;
+  }
+
+  MEM_STATS_DEC_USED(used, mem->next - (mem_size_t)(((u8_t *)mem - ram)));
+
+  /* finally, see if prev or next are free also */
+  plug_holes(mem);
+#if LWIP_ALLOW_MEM_FREE_FROM_OTHER_CONTEXT
+  mem_free_count = 1;
+#endif /* LWIP_ALLOW_MEM_FREE_FROM_OTHER_CONTEXT */
+  LWIP_MEM_FREE_UNPROTECT();
+}
+
+/**
+ * Shrink memory returned by mem_malloc().
+ *
+ * @param rmem pointer to memory allocated by mem_malloc the is to be shrinked
+ * @param newsize required size after shrinking (needs to be smaller than or
+ *                equal to the previous size)
+ * @return for compatibility reasons: is always == rmem, at the moment
+ *         or NULL if newsize is > old size, in which case rmem is NOT touched
+ *         or freed!
+ */
+void *
+mem_trim(void *rmem, mem_size_t newsize)
+{
+  mem_size_t size;
+  mem_size_t ptr, ptr2;
+  struct mem *mem, *mem2;
+  /* use the FREE_PROTECT here: it protects with sem OR SYS_ARCH_PROTECT */
+  LWIP_MEM_FREE_DECL_PROTECT();
+
+  /* Expand the size of the allocated memory region so that we can
+     adjust for alignment. */
+  newsize = LWIP_MEM_ALIGN_SIZE(newsize);
+
+  if(newsize < MIN_SIZE_ALIGNED) {
+    /* every data block must be at least MIN_SIZE_ALIGNED long */
+    newsize = MIN_SIZE_ALIGNED;
+  }
+
+  if (newsize > MEM_SIZE_ALIGNED) {
+    return NULL;
+  }
+
+  LWIP_ASSERT("mem_trim: legal memory", (u8_t *)rmem >= (u8_t *)ram &&
+   (u8_t *)rmem < (u8_t *)ram_end);
+
+  if ((u8_t *)rmem < (u8_t *)ram || (u8_t *)rmem >= (u8_t *)ram_end) {
+    SYS_ARCH_DECL_PROTECT(lev);
+    LWIP_DEBUGF(MEM_DEBUG | LWIP_DBG_LEVEL_SEVERE, ("mem_trim: illegal memory\n"));
+    /* protect mem stats from concurrent access */
+    SYS_ARCH_PROTECT(lev);
+    MEM_STATS_INC(illegal);
+    SYS_ARCH_UNPROTECT(lev);
+    return rmem;
+  }
+  /* Get the corresponding struct mem ... */
+  mem = (struct mem *)(void *)((u8_t *)rmem - SIZEOF_STRUCT_MEM);
+  /* ... and its offset pointer */
+  ptr = (mem_size_t)((u8_t *)mem - ram);
+
+  size = mem->next - ptr - SIZEOF_STRUCT_MEM;
+  LWIP_ASSERT("mem_trim can only shrink memory", newsize <= size);
+  if (newsize > size) {
+    /* not supported */
+    return NULL;
+  }
+  if (newsize == size) {
+    /* No change in size, simply return */
+    return rmem;
+  }
+
+  /* protect the heap from concurrent access */
+  LWIP_MEM_FREE_PROTECT();
+
+  mem2 = (struct mem *)(void *)&ram[mem->next];
+  if(mem2->used == 0) {
+    /* The next struct is unused, we can simply move it at little */
+    mem_size_t next;
+    /* remember the old next pointer */
+    next = mem2->next;
+    /* create new struct mem which is moved directly after the shrinked mem */
+    ptr2 = ptr + SIZEOF_STRUCT_MEM + newsize;
+    if (lfree == mem2) {
+      lfree = (struct mem *)(void *)&ram[ptr2];
+    }
+    mem2 = (struct mem *)(void *)&ram[ptr2];
+    mem2->used = 0;
+    /* restore the next pointer */
+    mem2->next = next;
+    /* link it back to mem */
+    mem2->prev = ptr;
+    /* link mem to it */
+    mem->next = ptr2;
+    /* last thing to restore linked list: as we have moved mem2,
+     * let 'mem2->next->prev' point to mem2 again. but only if mem2->next is not
+     * the end of the heap */
+    if (mem2->next != MEM_SIZE_ALIGNED) {
+      ((struct mem *)(void *)&ram[mem2->next])->prev = ptr2;
+    }
+    MEM_STATS_DEC_USED(used, (size - newsize));
+    /* no need to plug holes, we've already done that */
+  } else if (newsize + SIZEOF_STRUCT_MEM + MIN_SIZE_ALIGNED <= size) {
+    /* Next struct is used but there's room for another struct mem with
+     * at least MIN_SIZE_ALIGNED of data.
+     * Old size ('size') must be big enough to contain at least 'newsize' plus a struct mem
+     * ('SIZEOF_STRUCT_MEM') with some data ('MIN_SIZE_ALIGNED').
+     * @todo we could leave out MIN_SIZE_ALIGNED. We would create an empty
+     *       region that couldn't hold data, but when mem->next gets freed,
+     *       the 2 regions would be combined, resulting in more free memory */
+    ptr2 = ptr + SIZEOF_STRUCT_MEM + newsize;
+    mem2 = (struct mem *)(void *)&ram[ptr2];
+    if (mem2 < lfree) {
+      lfree = mem2;
+    }
+    mem2->used = 0;
+    mem2->next = mem->next;
+    mem2->prev = ptr;
+    mem->next = ptr2;
+    if (mem2->next != MEM_SIZE_ALIGNED) {
+      ((struct mem *)(void *)&ram[mem2->next])->prev = ptr2;
+    }
+    MEM_STATS_DEC_USED(used, (size - newsize));
+    /* the original mem->next is used, so no need to plug holes! */
+  }
+  /* else {
+    next struct mem is used but size between mem and mem2 is not big enough
+    to create another struct mem
+    -> don't do anyhting. 
+    -> the remaining space stays unused since it is too small
+  } */
+#if LWIP_ALLOW_MEM_FREE_FROM_OTHER_CONTEXT
+  mem_free_count = 1;
+#endif /* LWIP_ALLOW_MEM_FREE_FROM_OTHER_CONTEXT */
+  LWIP_MEM_FREE_UNPROTECT();
+  return rmem;
+}
+
+/**
+ * Adam's mem_malloc() plus solution for bug #17922
+ * Allocate a block of memory with a minimum of 'size' bytes.
+ *
+ * @param size is the minimum size of the requested block in bytes.
+ * @return pointer to allocated memory or NULL if no free memory was found.
+ *
+ * Note that the returned value will always be aligned (as defined by MEM_ALIGNMENT).
+ */
+void *
+mem_malloc(mem_size_t size)
+{
+  mem_size_t ptr, ptr2;
+  struct mem *mem, *mem2;
+#if LWIP_ALLOW_MEM_FREE_FROM_OTHER_CONTEXT
+  u8_t local_mem_free_count = 0;
+#endif /* LWIP_ALLOW_MEM_FREE_FROM_OTHER_CONTEXT */
+  LWIP_MEM_ALLOC_DECL_PROTECT();
+
+  if (size == 0) {
+    return NULL;
+  }
+
+  /* Expand the size of the allocated memory region so that we can
+     adjust for alignment. */
+  size = LWIP_MEM_ALIGN_SIZE(size);
+
+  if(size < MIN_SIZE_ALIGNED) {
+    /* every data block must be at least MIN_SIZE_ALIGNED long */
+    size = MIN_SIZE_ALIGNED;
+  }
+
+  if (size > MEM_SIZE_ALIGNED) {
+    return NULL;
+  }
+
+  /* protect the heap from concurrent access */
+  sys_mutex_lock(&mem_mutex);
+  LWIP_MEM_ALLOC_PROTECT();
+#if LWIP_ALLOW_MEM_FREE_FROM_OTHER_CONTEXT
+  /* run as long as a mem_free disturbed mem_malloc or mem_trim */
+  do {
+    local_mem_free_count = 0;
+#endif /* LWIP_ALLOW_MEM_FREE_FROM_OTHER_CONTEXT */
+
+    /* Scan through the heap searching for a free block that is big enough,
+     * beginning with the lowest free block.
+     */
+    for (ptr = (mem_size_t)((u8_t *)lfree - ram); ptr < MEM_SIZE_ALIGNED - size;
+         ptr = ((struct mem *)(void *)&ram[ptr])->next) {
+      mem = (struct mem *)(void *)&ram[ptr];
+#if LWIP_ALLOW_MEM_FREE_FROM_OTHER_CONTEXT
+      mem_free_count = 0;
+      LWIP_MEM_ALLOC_UNPROTECT();
+      /* allow mem_free or mem_trim to run */
+      LWIP_MEM_ALLOC_PROTECT();
+      if (mem_free_count != 0) {
+        /* If mem_free or mem_trim have run, we have to restart since they
+           could have altered our current struct mem. */
+        local_mem_free_count = 1;
+        break;
+      }
+#endif /* LWIP_ALLOW_MEM_FREE_FROM_OTHER_CONTEXT */
+
+      if ((!mem->used) &&
+          (mem->next - (ptr + SIZEOF_STRUCT_MEM)) >= size) {
+        /* mem is not used and at least perfect fit is possible:
+         * mem->next - (ptr + SIZEOF_STRUCT_MEM) gives us the 'user data size' of mem */
+
+        if (mem->next - (ptr + SIZEOF_STRUCT_MEM) >= (size + SIZEOF_STRUCT_MEM + MIN_SIZE_ALIGNED)) {
+          /* (in addition to the above, we test if another struct mem (SIZEOF_STRUCT_MEM) containing
+           * at least MIN_SIZE_ALIGNED of data also fits in the 'user data space' of 'mem')
+           * -> split large block, create empty remainder,
+           * remainder must be large enough to contain MIN_SIZE_ALIGNED data: if
+           * mem->next - (ptr + (2*SIZEOF_STRUCT_MEM)) == size,
+           * struct mem would fit in but no data between mem2 and mem2->next
+           * @todo we could leave out MIN_SIZE_ALIGNED. We would create an empty
+           *       region that couldn't hold data, but when mem->next gets freed,
+           *       the 2 regions would be combined, resulting in more free memory
+           */
+          ptr2 = ptr + SIZEOF_STRUCT_MEM + size;
+          /* create mem2 struct */
+          mem2 = (struct mem *)(void *)&ram[ptr2];
+          mem2->used = 0;
+          mem2->next = mem->next;
+          mem2->prev = ptr;
+          /* and insert it between mem and mem->next */
+          mem->next = ptr2;
+          mem->used = 1;
+
+          if (mem2->next != MEM_SIZE_ALIGNED) {
+            ((struct mem *)(void *)&ram[mem2->next])->prev = ptr2;
+          }
+          MEM_STATS_INC_USED(used, (size + SIZEOF_STRUCT_MEM));
+        } else {
+          /* (a mem2 struct does no fit into the user data space of mem and mem->next will always
+           * be used at this point: if not we have 2 unused structs in a row, plug_holes should have
+           * take care of this).
+           * -> near fit or excact fit: do not split, no mem2 creation
+           * also can't move mem->next directly behind mem, since mem->next
+           * will always be used at this point!
+           */
+          mem->used = 1;
+          MEM_STATS_INC_USED(used, mem->next - (mem_size_t)((u8_t *)mem - ram));
+        }
+#if LWIP_ALLOW_MEM_FREE_FROM_OTHER_CONTEXT
+mem_malloc_adjust_lfree:
+#endif /* LWIP_ALLOW_MEM_FREE_FROM_OTHER_CONTEXT */
+        if (mem == lfree) {
+          struct mem *cur = lfree;
+          /* Find next free block after mem and update lowest free pointer */
+          while (cur->used && cur != ram_end) {
+#if LWIP_ALLOW_MEM_FREE_FROM_OTHER_CONTEXT
+            mem_free_count = 0;
+            LWIP_MEM_ALLOC_UNPROTECT();
+            /* prevent high interrupt latency... */
+            LWIP_MEM_ALLOC_PROTECT();
+            if (mem_free_count != 0) {
+              /* If mem_free or mem_trim have run, we have to restart since they
+                 could have altered our current struct mem or lfree. */
+              goto mem_malloc_adjust_lfree;
+            }
+#endif /* LWIP_ALLOW_MEM_FREE_FROM_OTHER_CONTEXT */
+            cur = (struct mem *)(void *)&ram[cur->next];
+          }
+          lfree = cur;
+          LWIP_ASSERT("mem_malloc: !lfree->used", ((lfree == ram_end) || (!lfree->used)));
+        }
+        LWIP_MEM_ALLOC_UNPROTECT();
+        sys_mutex_unlock(&mem_mutex);
+        LWIP_ASSERT("mem_malloc: allocated memory not above ram_end.",
+         (mem_ptr_t)mem + SIZEOF_STRUCT_MEM + size <= (mem_ptr_t)ram_end);
+        LWIP_ASSERT("mem_malloc: allocated memory properly aligned.",
+         ((mem_ptr_t)mem + SIZEOF_STRUCT_MEM) % MEM_ALIGNMENT == 0);
+        LWIP_ASSERT("mem_malloc: sanity check alignment",
+          (((mem_ptr_t)mem) & (MEM_ALIGNMENT-1)) == 0);
+
+        return (u8_t *)mem + SIZEOF_STRUCT_MEM;
+      }
+    }
+#if LWIP_ALLOW_MEM_FREE_FROM_OTHER_CONTEXT
+    /* if we got interrupted by a mem_free, try again */
+  } while(local_mem_free_count != 0);
+#endif /* LWIP_ALLOW_MEM_FREE_FROM_OTHER_CONTEXT */
+  LWIP_DEBUGF(MEM_DEBUG | LWIP_DBG_LEVEL_SERIOUS, ("mem_malloc: could not allocate %"S16_F" bytes\n", (s16_t)size));
+  MEM_STATS_INC(err);
+  LWIP_MEM_ALLOC_UNPROTECT();
+  sys_mutex_unlock(&mem_mutex);
+  return NULL;
+}
+
+#endif /* MEM_USE_POOLS */
+/**
+ * Contiguously allocates enough space for count objects that are size bytes
+ * of memory each and returns a pointer to the allocated memory.
+ *
+ * The allocated memory is filled with bytes of value zero.
+ *
+ * @param count number of objects to allocate
+ * @param size size of the objects to allocate
+ * @return pointer to allocated memory / NULL pointer if there is an error
+ */
+void *mem_calloc(mem_size_t count, mem_size_t size)
+{
+  void *p;
+
+  /* allocate 'count' objects of size 'size' */
+  p = mem_malloc(count * size);
+  if (p) {
+    /* zero the memory */
+    memset(p, 0, count * size);
+  }
+  return p;
+}
+
+#endif /* !MEM_LIBC_MALLOC */
diff --git a/client/3rd/PacketProcessor/PacketProcessor/tun2socks-iOS/lwip/src/core/memp.c b/client/3rd/PacketProcessor/PacketProcessor/tun2socks-iOS/lwip/src/core/memp.c
new file mode 100644
index 00000000..1323463e
--- /dev/null
+++ b/client/3rd/PacketProcessor/PacketProcessor/tun2socks-iOS/lwip/src/core/memp.c
@@ -0,0 +1,485 @@
+/**
+ * @file
+ * Dynamic pool memory manager
+ *
+ * lwIP has dedicated pools for many structures (netconn, protocol control blocks,
+ * packet buffers, ...). All these pools are managed here.
+ */
+
+/*
+ * Copyright (c) 2001-2004 Swedish Institute of Computer Science.
+ * All rights reserved. 
+ * 
+ * Redistribution and use in source and binary forms, with or without modification, 
+ * are permitted provided that the following conditions are met:
+ *
+ * 1. Redistributions of source code must retain the above copyright notice,
+ *    this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright notice,
+ *    this list of conditions and the following disclaimer in the documentation
+ *    and/or other materials provided with the distribution.
+ * 3. The name of the author may not be used to endorse or promote products
+ *    derived from this software without specific prior written permission. 
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE AUTHOR ``AS IS'' AND ANY EXPRESS OR IMPLIED 
+ * WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF 
+ * MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT 
+ * SHALL THE AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, 
+ * EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT 
+ * OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS 
+ * INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN 
+ * CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING 
+ * IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY 
+ * OF SUCH DAMAGE.
+ *
+ * This file is part of the lwIP TCP/IP stack.
+ * 
+ * Author: Adam Dunkels <adam@sics.se>
+ *
+ */
+
+#include "lwip/opt.h"
+
+#include "lwip/memp.h"
+#include "lwip/pbuf.h"
+#include "lwip/udp.h"
+#include "lwip/raw.h"
+#include "lwip/tcp_impl.h"
+#include "lwip/igmp.h"
+#include "lwip/api.h"
+#include "lwip/api_msg.h"
+#include "lwip/tcpip.h"
+#include "lwip/sys.h"
+#include "lwip/timers.h"
+#include "lwip/stats.h"
+#include "netif/etharp.h"
+#include "lwip/ip_frag.h"
+#include "lwip/snmp_structs.h"
+#include "lwip/snmp_msg.h"
+#include "lwip/dns.h"
+#include "netif/ppp_oe.h"
+#include "lwip/nd6.h"
+#include "lwip/ip6_frag.h"
+#include "lwip/mld6.h"
+
+#include <string.h>
+
+#if !MEMP_MEM_MALLOC /* don't build if not configured for use in lwipopts.h */
+
+struct memp {
+  struct memp *next;
+#if MEMP_OVERFLOW_CHECK
+  const char *file;
+  int line;
+#endif /* MEMP_OVERFLOW_CHECK */
+};
+
+#if MEMP_OVERFLOW_CHECK
+/* if MEMP_OVERFLOW_CHECK is turned on, we reserve some bytes at the beginning
+ * and at the end of each element, initialize them as 0xcd and check
+ * them later. */
+/* If MEMP_OVERFLOW_CHECK is >= 2, on every call to memp_malloc or memp_free,
+ * every single element in each pool is checked!
+ * This is VERY SLOW but also very helpful. */
+/* MEMP_SANITY_REGION_BEFORE and MEMP_SANITY_REGION_AFTER can be overridden in
+ * lwipopts.h to change the amount reserved for checking. */
+#ifndef MEMP_SANITY_REGION_BEFORE
+#define MEMP_SANITY_REGION_BEFORE  16
+#endif /* MEMP_SANITY_REGION_BEFORE*/
+#if MEMP_SANITY_REGION_BEFORE > 0
+#define MEMP_SANITY_REGION_BEFORE_ALIGNED    LWIP_MEM_ALIGN_SIZE(MEMP_SANITY_REGION_BEFORE)
+#else
+#define MEMP_SANITY_REGION_BEFORE_ALIGNED    0
+#endif /* MEMP_SANITY_REGION_BEFORE*/
+#ifndef MEMP_SANITY_REGION_AFTER
+#define MEMP_SANITY_REGION_AFTER   16
+#endif /* MEMP_SANITY_REGION_AFTER*/
+#if MEMP_SANITY_REGION_AFTER > 0
+#define MEMP_SANITY_REGION_AFTER_ALIGNED     LWIP_MEM_ALIGN_SIZE(MEMP_SANITY_REGION_AFTER)
+#else
+#define MEMP_SANITY_REGION_AFTER_ALIGNED     0
+#endif /* MEMP_SANITY_REGION_AFTER*/
+
+/* MEMP_SIZE: save space for struct memp and for sanity check */
+#define MEMP_SIZE          (LWIP_MEM_ALIGN_SIZE(sizeof(struct memp)) + MEMP_SANITY_REGION_BEFORE_ALIGNED)
+#define MEMP_ALIGN_SIZE(x) (LWIP_MEM_ALIGN_SIZE(x) + MEMP_SANITY_REGION_AFTER_ALIGNED)
+
+#else /* MEMP_OVERFLOW_CHECK */
+
+/* No sanity checks
+ * We don't need to preserve the struct memp while not allocated, so we
+ * can save a little space and set MEMP_SIZE to 0.
+ */
+#define MEMP_SIZE           0
+#define MEMP_ALIGN_SIZE(x) (LWIP_MEM_ALIGN_SIZE(x))
+
+#endif /* MEMP_OVERFLOW_CHECK */
+
+/** This array holds the first free element of each pool.
+ *  Elements form a linked list. */
+static struct memp *memp_tab[MEMP_MAX];
+
+#else /* MEMP_MEM_MALLOC */
+
+#define MEMP_ALIGN_SIZE(x) (LWIP_MEM_ALIGN_SIZE(x))
+
+#endif /* MEMP_MEM_MALLOC */
+
+/** This array holds the element sizes of each pool. */
+#if !MEM_USE_POOLS && !MEMP_MEM_MALLOC
+static
+#endif
+const u16_t memp_sizes[MEMP_MAX] = {
+#define LWIP_MEMPOOL(name,num,size,desc)  LWIP_MEM_ALIGN_SIZE(size),
+#include "lwip/memp_std.h"
+};
+
+#if !MEMP_MEM_MALLOC /* don't build if not configured for use in lwipopts.h */
+
+/** This array holds the number of elements in each pool. */
+static const u16_t memp_num[MEMP_MAX] = {
+#define LWIP_MEMPOOL(name,num,size,desc)  (num),
+#include "lwip/memp_std.h"
+};
+
+/** This array holds a textual description of each pool. */
+#ifdef LWIP_DEBUG
+static const char *memp_desc[MEMP_MAX] = {
+#define LWIP_MEMPOOL(name,num,size,desc)  (desc),
+#include "lwip/memp_std.h"
+};
+#endif /* LWIP_DEBUG */
+
+#if MEMP_SEPARATE_POOLS
+
+/** This creates each memory pool. These are named memp_memory_XXX_base (where
+ * XXX is the name of the pool defined in memp_std.h).
+ * To relocate a pool, declare it as extern in cc.h. Example for GCC:
+ *   extern u8_t __attribute__((section(".onchip_mem"))) memp_memory_UDP_PCB_base[];
+ */
+#define LWIP_MEMPOOL(name,num,size,desc) u8_t memp_memory_ ## name ## _base \
+  [((num) * (MEMP_SIZE + MEMP_ALIGN_SIZE(size)))];   
+#include "lwip/memp_std.h"
+
+/** This array holds the base of each memory pool. */
+static u8_t *const memp_bases[] = { 
+#define LWIP_MEMPOOL(name,num,size,desc) memp_memory_ ## name ## _base,   
+#include "lwip/memp_std.h"
+};
+
+#else /* MEMP_SEPARATE_POOLS */
+
+/** This is the actual memory used by the pools (all pools in one big block). */
+static u8_t memp_memory[MEM_ALIGNMENT - 1 
+#define LWIP_MEMPOOL(name,num,size,desc) + ( (num) * (MEMP_SIZE + MEMP_ALIGN_SIZE(size) ) )
+#include "lwip/memp_std.h"
+];
+
+#endif /* MEMP_SEPARATE_POOLS */
+
+#if MEMP_SANITY_CHECK
+/**
+ * Check that memp-lists don't form a circle, using "Floyd's cycle-finding algorithm".
+ */
+static int
+memp_sanity(void)
+{
+  s16_t i;
+  struct memp *t, *h;
+
+  for (i = 0; i < MEMP_MAX; i++) {
+    t = memp_tab[i];
+    if(t != NULL) {
+      for (h = t->next; (t != NULL) && (h != NULL); t = t->next,
+        h = (((h->next != NULL) && (h->next->next != NULL)) ? h->next->next : NULL)) {
+        if (t == h) {
+          return 0;
+        }
+      }
+    }
+  }
+  return 1;
+}
+#endif /* MEMP_SANITY_CHECK*/
+#if MEMP_OVERFLOW_CHECK
+#if defined(LWIP_DEBUG) && MEMP_STATS
+static const char * memp_overflow_names[] = {
+#define LWIP_MEMPOOL(name,num,size,desc) "/"desc,
+#include "lwip/memp_std.h"
+  };
+#endif
+
+/**
+ * Check if a memp element was victim of an overflow
+ * (e.g. the restricted area after it has been altered)
+ *
+ * @param p the memp element to check
+ * @param memp_type the pool p comes from
+ */
+static void
+memp_overflow_check_element_overflow(struct memp *p, u16_t memp_type)
+{
+  u16_t k;
+  u8_t *m;
+#if MEMP_SANITY_REGION_AFTER_ALIGNED > 0
+  m = (u8_t*)p + MEMP_SIZE + memp_sizes[memp_type];
+  for (k = 0; k < MEMP_SANITY_REGION_AFTER_ALIGNED; k++) {
+    if (m[k] != 0xcd) {
+      char errstr[128] = "detected memp overflow in pool ";
+      char digit[] = "0";
+      if(memp_type >= 10) {
+        digit[0] = '0' + (memp_type/10);
+        strcat(errstr, digit);
+      }
+      digit[0] = '0' + (memp_type%10);
+      strcat(errstr, digit);
+#if defined(LWIP_DEBUG) && MEMP_STATS
+      strcat(errstr, memp_overflow_names[memp_type]);
+#endif
+      LWIP_ASSERT(errstr, 0);
+    }
+  }
+#endif
+}
+
+/**
+ * Check if a memp element was victim of an underflow
+ * (e.g. the restricted area before it has been altered)
+ *
+ * @param p the memp element to check
+ * @param memp_type the pool p comes from
+ */
+static void
+memp_overflow_check_element_underflow(struct memp *p, u16_t memp_type)
+{
+  u16_t k;
+  u8_t *m;
+#if MEMP_SANITY_REGION_BEFORE_ALIGNED > 0
+  m = (u8_t*)p + MEMP_SIZE - MEMP_SANITY_REGION_BEFORE_ALIGNED;
+  for (k = 0; k < MEMP_SANITY_REGION_BEFORE_ALIGNED; k++) {
+    if (m[k] != 0xcd) {
+      char errstr[128] = "detected memp underflow in pool ";
+      char digit[] = "0";
+      if(memp_type >= 10) {
+        digit[0] = '0' + (memp_type/10);
+        strcat(errstr, digit);
+      }
+      digit[0] = '0' + (memp_type%10);
+      strcat(errstr, digit);
+#if defined(LWIP_DEBUG) && MEMP_STATS
+      strcat(errstr, memp_overflow_names[memp_type]);
+#endif
+      LWIP_ASSERT(errstr, 0);
+    }
+  }
+#endif
+}
+
+/**
+ * Do an overflow check for all elements in every pool.
+ *
+ * @see memp_overflow_check_element for a description of the check
+ */
+static void
+memp_overflow_check_all(void)
+{
+  u16_t i, j;
+  struct memp *p;
+
+#if !MEMP_SEPARATE_POOLS
+  p = (struct memp *)LWIP_MEM_ALIGN(memp_memory);
+#endif /* !MEMP_SEPARATE_POOLS */
+  for (i = 0; i < MEMP_MAX; ++i) {
+#if MEMP_SEPARATE_POOLS
+    p = (struct memp *)(memp_bases[i]);
+#endif /* MEMP_SEPARATE_POOLS */
+    for (j = 0; j < memp_num[i]; ++j) {
+      memp_overflow_check_element_overflow(p, i);
+      p = (struct memp*)((u8_t*)p + MEMP_SIZE + memp_sizes[i] + MEMP_SANITY_REGION_AFTER_ALIGNED);
+    }
+  }
+#if !MEMP_SEPARATE_POOLS
+  p = (struct memp *)LWIP_MEM_ALIGN(memp_memory);
+#endif /* !MEMP_SEPARATE_POOLS */
+  for (i = 0; i < MEMP_MAX; ++i) {
+#if MEMP_SEPARATE_POOLS
+    p = (struct memp *)(memp_bases[i]);
+#endif /* MEMP_SEPARATE_POOLS */
+    for (j = 0; j < memp_num[i]; ++j) {
+      memp_overflow_check_element_underflow(p, i);
+      p = (struct memp*)((u8_t*)p + MEMP_SIZE + memp_sizes[i] + MEMP_SANITY_REGION_AFTER_ALIGNED);
+    }
+  }
+}
+
+/**
+ * Initialize the restricted areas of all memp elements in every pool.
+ */
+static void
+memp_overflow_init(void)
+{
+  u16_t i, j;
+  struct memp *p;
+  u8_t *m;
+
+#if !MEMP_SEPARATE_POOLS
+  p = (struct memp *)LWIP_MEM_ALIGN(memp_memory);
+#endif /* !MEMP_SEPARATE_POOLS */
+  for (i = 0; i < MEMP_MAX; ++i) {
+#if MEMP_SEPARATE_POOLS
+    p = (struct memp *)(memp_bases[i]);
+#endif /* MEMP_SEPARATE_POOLS */
+    for (j = 0; j < memp_num[i]; ++j) {
+#if MEMP_SANITY_REGION_BEFORE_ALIGNED > 0
+      m = (u8_t*)p + MEMP_SIZE - MEMP_SANITY_REGION_BEFORE_ALIGNED;
+      memset(m, 0xcd, MEMP_SANITY_REGION_BEFORE_ALIGNED);
+#endif
+#if MEMP_SANITY_REGION_AFTER_ALIGNED > 0
+      m = (u8_t*)p + MEMP_SIZE + memp_sizes[i];
+      memset(m, 0xcd, MEMP_SANITY_REGION_AFTER_ALIGNED);
+#endif
+      p = (struct memp*)((u8_t*)p + MEMP_SIZE + memp_sizes[i] + MEMP_SANITY_REGION_AFTER_ALIGNED);
+    }
+  }
+}
+#endif /* MEMP_OVERFLOW_CHECK */
+
+/**
+ * Initialize this module.
+ * 
+ * Carves out memp_memory into linked lists for each pool-type.
+ */
+void
+memp_init(void)
+{
+  struct memp *memp;
+  u16_t i, j;
+
+  for (i = 0; i < MEMP_MAX; ++i) {
+    MEMP_STATS_AVAIL(used, i, 0);
+    MEMP_STATS_AVAIL(max, i, 0);
+    MEMP_STATS_AVAIL(err, i, 0);
+    MEMP_STATS_AVAIL(avail, i, memp_num[i]);
+  }
+
+#if !MEMP_SEPARATE_POOLS
+  memp = (struct memp *)LWIP_MEM_ALIGN(memp_memory);
+#endif /* !MEMP_SEPARATE_POOLS */
+  /* for every pool: */
+  for (i = 0; i < MEMP_MAX; ++i) {
+    memp_tab[i] = NULL;
+#if MEMP_SEPARATE_POOLS
+    memp = (struct memp*)memp_bases[i];
+#endif /* MEMP_SEPARATE_POOLS */
+    /* create a linked list of memp elements */
+    for (j = 0; j < memp_num[i]; ++j) {
+      memp->next = memp_tab[i];
+      memp_tab[i] = memp;
+      memp = (struct memp *)(void *)((u8_t *)memp + MEMP_SIZE + memp_sizes[i]
+#if MEMP_OVERFLOW_CHECK
+        + MEMP_SANITY_REGION_AFTER_ALIGNED
+#endif
+      );
+    }
+  }
+#if MEMP_OVERFLOW_CHECK
+  memp_overflow_init();
+  /* check everything a first time to see if it worked */
+  memp_overflow_check_all();
+#endif /* MEMP_OVERFLOW_CHECK */
+}
+
+/**
+ * Get an element from a specific pool.
+ *
+ * @param type the pool to get an element from
+ *
+ * the debug version has two more parameters:
+ * @param file file name calling this function
+ * @param line number of line where this function is called
+ *
+ * @return a pointer to the allocated memory or a NULL pointer on error
+ */
+void *
+#if !MEMP_OVERFLOW_CHECK
+memp_malloc(memp_t type)
+#else
+memp_malloc_fn(memp_t type, const char* file, const int line)
+#endif
+{
+  struct memp *memp;
+  SYS_ARCH_DECL_PROTECT(old_level);
+ 
+  LWIP_ERROR("memp_malloc: type < MEMP_MAX", (type < MEMP_MAX), return NULL;);
+
+  SYS_ARCH_PROTECT(old_level);
+#if MEMP_OVERFLOW_CHECK >= 2
+  memp_overflow_check_all();
+#endif /* MEMP_OVERFLOW_CHECK >= 2 */
+
+  memp = memp_tab[type];
+  
+  if (memp != NULL) {
+    memp_tab[type] = memp->next;
+#if MEMP_OVERFLOW_CHECK
+    memp->next = NULL;
+    memp->file = file;
+    memp->line = line;
+#endif /* MEMP_OVERFLOW_CHECK */
+    MEMP_STATS_INC_USED(used, type);
+    LWIP_ASSERT("memp_malloc: memp properly aligned",
+                ((mem_ptr_t)memp % MEM_ALIGNMENT) == 0);
+    memp = (struct memp*)(void *)((u8_t*)memp + MEMP_SIZE);
+  } else {
+    LWIP_DEBUGF(MEMP_DEBUG | LWIP_DBG_LEVEL_SERIOUS, ("memp_malloc: out of memory in pool %s\n", memp_desc[type]));
+    MEMP_STATS_INC(err, type);
+  }
+
+  SYS_ARCH_UNPROTECT(old_level);
+
+  return memp;
+}
+
+/**
+ * Put an element back into its pool.
+ *
+ * @param type the pool where to put mem
+ * @param mem the memp element to free
+ */
+void
+memp_free(memp_t type, void *mem)
+{
+  struct memp *memp;
+  SYS_ARCH_DECL_PROTECT(old_level);
+
+  if (mem == NULL) {
+    return;
+  }
+  LWIP_ASSERT("memp_free: mem properly aligned",
+                ((mem_ptr_t)mem % MEM_ALIGNMENT) == 0);
+
+  memp = (struct memp *)(void *)((u8_t*)mem - MEMP_SIZE);
+
+  SYS_ARCH_PROTECT(old_level);
+#if MEMP_OVERFLOW_CHECK
+#if MEMP_OVERFLOW_CHECK >= 2
+  memp_overflow_check_all();
+#else
+  memp_overflow_check_element_overflow(memp, type);
+  memp_overflow_check_element_underflow(memp, type);
+#endif /* MEMP_OVERFLOW_CHECK >= 2 */
+#endif /* MEMP_OVERFLOW_CHECK */
+
+  MEMP_STATS_DEC(used, type); 
+  
+  memp->next = memp_tab[type]; 
+  memp_tab[type] = memp;
+
+#if MEMP_SANITY_CHECK
+  LWIP_ASSERT("memp sanity", memp_sanity());
+#endif /* MEMP_SANITY_CHECK */
+
+  SYS_ARCH_UNPROTECT(old_level);
+}
+
+#endif /* MEMP_MEM_MALLOC */
diff --git a/client/3rd/PacketProcessor/PacketProcessor/tun2socks-iOS/lwip/src/core/netif.c b/client/3rd/PacketProcessor/PacketProcessor/tun2socks-iOS/lwip/src/core/netif.c
new file mode 100644
index 00000000..dcc87580
--- /dev/null
+++ b/client/3rd/PacketProcessor/PacketProcessor/tun2socks-iOS/lwip/src/core/netif.c
@@ -0,0 +1,913 @@
+/**
+ * @file
+ * lwIP network interface abstraction
+ *
+ */
+
+/*
+ * Copyright (c) 2001-2004 Swedish Institute of Computer Science.
+ * All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without modification,
+ * are permitted provided that the following conditions are met:
+ *
+ * 1. Redistributions of source code must retain the above copyright notice,
+ *    this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright notice,
+ *    this list of conditions and the following disclaimer in the documentation
+ *    and/or other materials provided with the distribution.
+ * 3. The name of the author may not be used to endorse or promote products
+ *    derived from this software without specific prior written permission.
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE AUTHOR ``AS IS'' AND ANY EXPRESS OR IMPLIED
+ * WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF
+ * MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT
+ * SHALL THE AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL,
+ * EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT
+ * OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS
+ * INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN
+ * CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING
+ * IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY
+ * OF SUCH DAMAGE.
+ *
+ * This file is part of the lwIP TCP/IP stack.
+ *
+ * Author: Adam Dunkels <adam@sics.se>
+ *
+ */
+
+#include "lwip/opt.h"
+
+#include "lwip/def.h"
+#include "lwip/ip_addr.h"
+#include "lwip/ip6_addr.h"
+#include "lwip/netif.h"
+#include "lwip/tcp_impl.h"
+#include "lwip/snmp.h"
+#include "lwip/igmp.h"
+#include "netif/etharp.h"
+#include "lwip/stats.h"
+#if ENABLE_LOOPBACK
+#include "lwip/sys.h"
+#if LWIP_NETIF_LOOPBACK_MULTITHREADING
+#include "lwip/tcpip.h"
+#endif /* LWIP_NETIF_LOOPBACK_MULTITHREADING */
+#endif /* ENABLE_LOOPBACK */
+
+#if LWIP_AUTOIP
+#include "lwip/autoip.h"
+#endif /* LWIP_AUTOIP */
+#if LWIP_DHCP
+#include "lwip/dhcp.h"
+#endif /* LWIP_DHCP */
+#if LWIP_IPV6_DHCP6
+#include "lwip/dhcp6.h"
+#endif /* LWIP_IPV6_DHCP6 */
+#if LWIP_IPV6_MLD
+#include "lwip/mld6.h"
+#endif /* LWIP_IPV6_MLD */
+
+#if LWIP_NETIF_STATUS_CALLBACK
+#define NETIF_STATUS_CALLBACK(n) do{ if (n->status_callback) { (n->status_callback)(n); }}while(0)
+#else
+#define NETIF_STATUS_CALLBACK(n)
+#endif /* LWIP_NETIF_STATUS_CALLBACK */ 
+
+#if LWIP_NETIF_LINK_CALLBACK
+#define NETIF_LINK_CALLBACK(n) do{ if (n->link_callback) { (n->link_callback)(n); }}while(0)
+#else
+#define NETIF_LINK_CALLBACK(n)
+#endif /* LWIP_NETIF_LINK_CALLBACK */ 
+
+struct netif *netif_list;
+struct netif *netif_default;
+
+static u8_t netif_num;
+
+#if LWIP_IPV6
+static err_t netif_null_output_ip6(struct netif *netif, struct pbuf *p, ip6_addr_t *ipaddr);
+#endif /* LWIP_IPV6 */
+
+#if LWIP_HAVE_LOOPIF
+static struct netif loop_netif;
+
+/**
+ * Initialize a lwip network interface structure for a loopback interface
+ *
+ * @param netif the lwip network interface structure for this loopif
+ * @return ERR_OK if the loopif is initialized
+ *         ERR_MEM if private data couldn't be allocated
+ */
+static err_t
+netif_loopif_init(struct netif *netif)
+{
+  /* initialize the snmp variables and counters inside the struct netif
+   * ifSpeed: no assumption can be made!
+   */
+  NETIF_INIT_SNMP(netif, snmp_ifType_softwareLoopback, 0);
+
+  netif->name[0] = 'l';
+  netif->name[1] = 'o';
+  netif->output = netif_loop_output;
+  return ERR_OK;
+}
+#endif /* LWIP_HAVE_LOOPIF */
+
+void
+netif_init(void)
+{
+#if LWIP_HAVE_LOOPIF
+  ip_addr_t loop_ipaddr, loop_netmask, loop_gw;
+  IP4_ADDR(&loop_gw, 127,0,0,1);
+  IP4_ADDR(&loop_ipaddr, 127,0,0,1);
+  IP4_ADDR(&loop_netmask, 255,0,0,0);
+
+#if NO_SYS
+  netif_add(&loop_netif, &loop_ipaddr, &loop_netmask, &loop_gw, NULL, netif_loopif_init, ip_input);
+#else  /* NO_SYS */
+  netif_add(&loop_netif, &loop_ipaddr, &loop_netmask, &loop_gw, NULL, netif_loopif_init, tcpip_input);
+#endif /* NO_SYS */
+  netif_set_up(&loop_netif);
+
+#endif /* LWIP_HAVE_LOOPIF */
+}
+
+/**
+ * Add a network interface to the list of lwIP netifs.
+ *
+ * @param netif a pre-allocated netif structure
+ * @param ipaddr IP address for the new netif
+ * @param netmask network mask for the new netif
+ * @param gw default gateway IP address for the new netif
+ * @param state opaque data passed to the new netif
+ * @param init callback function that initializes the interface
+ * @param input callback function that is called to pass
+ * ingress packets up in the protocol layer stack.
+ *
+ * @return netif, or NULL if failed.
+ */
+struct netif *
+netif_add(struct netif *netif, ip_addr_t *ipaddr, ip_addr_t *netmask,
+  ip_addr_t *gw, void *state, netif_init_fn init, netif_input_fn input)
+{
+#if LWIP_IPV6
+  u32_t i;
+#endif
+
+  LWIP_ASSERT("No init function given", init != NULL);
+
+  /* reset new interface configuration state */
+  ip_addr_set_zero(&netif->ip_addr);
+  ip_addr_set_zero(&netif->netmask);
+  ip_addr_set_zero(&netif->gw);
+#if LWIP_IPV6
+  for (i = 0; i < LWIP_IPV6_NUM_ADDRESSES; i++) {
+    ip6_addr_set_zero(&netif->ip6_addr[i]);
+    netif_ip6_addr_set_state(netif, i, IP6_ADDR_INVALID);
+  }
+  netif->output_ip6 = netif_null_output_ip6;
+#endif /* LWIP_IPV6 */
+  netif->flags = 0;
+#if LWIP_DHCP
+  /* netif not under DHCP control by default */
+  netif->dhcp = NULL;
+#endif /* LWIP_DHCP */
+#if LWIP_AUTOIP
+  /* netif not under AutoIP control by default */
+  netif->autoip = NULL;
+#endif /* LWIP_AUTOIP */
+#if LWIP_IPV6_AUTOCONFIG
+  /* IPv6 address autoconfiguration not enabled by default */
+  netif->ip6_autoconfig_enabled = 0;
+#endif /* LWIP_IPV6_AUTOCONFIG */
+#if LWIP_IPV6_SEND_ROUTER_SOLICIT
+  netif->rs_count = LWIP_ND6_MAX_MULTICAST_SOLICIT;
+#endif /* LWIP_IPV6_SEND_ROUTER_SOLICIT */
+#if LWIP_IPV6_DHCP6
+  /* netif not under DHCPv6 control by default */
+  netif->dhcp6 = NULL;
+#endif /* LWIP_IPV6_DHCP6 */
+#if LWIP_NETIF_STATUS_CALLBACK
+  netif->status_callback = NULL;
+#endif /* LWIP_NETIF_STATUS_CALLBACK */
+#if LWIP_NETIF_LINK_CALLBACK
+  netif->link_callback = NULL;
+#endif /* LWIP_NETIF_LINK_CALLBACK */
+#if LWIP_IGMP
+  netif->igmp_mac_filter = NULL;
+#endif /* LWIP_IGMP */
+#if LWIP_IPV6 && LWIP_IPV6_MLD
+  netif->mld_mac_filter = NULL;
+#endif /* LWIP_IPV6 && LWIP_IPV6_MLD */
+#if ENABLE_LOOPBACK
+  netif->loop_first = NULL;
+  netif->loop_last = NULL;
+#endif /* ENABLE_LOOPBACK */
+
+  /* remember netif specific state information data */
+  netif->state = state;
+  netif->num = netif_num++;
+  netif->input = input;
+  NETIF_SET_HWADDRHINT(netif, NULL);
+#if ENABLE_LOOPBACK && LWIP_LOOPBACK_MAX_PBUFS
+  netif->loop_cnt_current = 0;
+#endif /* ENABLE_LOOPBACK && LWIP_LOOPBACK_MAX_PBUFS */
+
+  netif_set_addr(netif, ipaddr, netmask, gw);
+
+  /* call user specified initialization function for netif */
+  if (init(netif) != ERR_OK) {
+    return NULL;
+  }
+
+  /* add this netif to the list */
+  netif->next = netif_list;
+  netif_list = netif;
+  snmp_inc_iflist();
+
+#if LWIP_IGMP
+  /* start IGMP processing */
+  if (netif->flags & NETIF_FLAG_IGMP) {
+    igmp_start(netif);
+  }
+#endif /* LWIP_IGMP */
+
+  LWIP_DEBUGF(NETIF_DEBUG, ("netif: added interface %c%c IP addr ",
+    netif->name[0], netif->name[1]));
+  ip_addr_debug_print(NETIF_DEBUG, ipaddr);
+  LWIP_DEBUGF(NETIF_DEBUG, (" netmask "));
+  ip_addr_debug_print(NETIF_DEBUG, netmask);
+  LWIP_DEBUGF(NETIF_DEBUG, (" gw "));
+  ip_addr_debug_print(NETIF_DEBUG, gw);
+  LWIP_DEBUGF(NETIF_DEBUG, ("\n"));
+  return netif;
+}
+
+/**
+ * Change IP address configuration for a network interface (including netmask
+ * and default gateway).
+ *
+ * @param netif the network interface to change
+ * @param ipaddr the new IP address
+ * @param netmask the new netmask
+ * @param gw the new default gateway
+ */
+void
+netif_set_addr(struct netif *netif, ip_addr_t *ipaddr, ip_addr_t *netmask,
+    ip_addr_t *gw)
+{
+  netif_set_ipaddr(netif, ipaddr);
+  netif_set_netmask(netif, netmask);
+  netif_set_gw(netif, gw);
+}
+
+/**
+ * Remove a network interface from the list of lwIP netifs.
+ *
+ * @param netif the network interface to remove
+ */
+void
+netif_remove(struct netif *netif)
+{
+  if (netif == NULL) {
+    return;
+  }
+
+#if LWIP_IGMP
+  /* stop IGMP processing */
+  if (netif->flags & NETIF_FLAG_IGMP) {
+    igmp_stop(netif);
+  }
+#endif /* LWIP_IGMP */
+#if LWIP_IPV6 && LWIP_IPV6_MLD
+  /* stop MLD processing */
+  mld6_stop(netif);
+#endif /* LWIP_IPV6 && LWIP_IPV6_MLD */
+  if (netif_is_up(netif)) {
+    /* set netif down before removing (call callback function) */
+    netif_set_down(netif);
+  }
+
+  snmp_delete_ipaddridx_tree(netif);
+
+  /*  is it the first netif? */
+  if (netif_list == netif) {
+    netif_list = netif->next;
+  } else {
+    /*  look for netif further down the list */
+    struct netif * tmpNetif;
+    for (tmpNetif = netif_list; tmpNetif != NULL; tmpNetif = tmpNetif->next) {
+      if (tmpNetif->next == netif) {
+        tmpNetif->next = netif->next;
+        break;
+      }
+    }
+    if (tmpNetif == NULL)
+      return; /*  we didn't find any netif today */
+  }
+  snmp_dec_iflist();
+  /* this netif is default? */
+  if (netif_default == netif) {
+    /* reset default netif */
+    netif_set_default(NULL);
+  }
+#if LWIP_NETIF_REMOVE_CALLBACK
+  if (netif->remove_callback) {
+    netif->remove_callback(netif);
+  }
+#endif /* LWIP_NETIF_REMOVE_CALLBACK */
+  LWIP_DEBUGF( NETIF_DEBUG, ("netif_remove: removed netif\n") );
+}
+
+/**
+ * Find a network interface by searching for its name
+ *
+ * @param name the name of the netif (like netif->name) plus concatenated number
+ * in ascii representation (e.g. 'en0')
+ */
+struct netif *
+netif_find(char *name)
+{
+  struct netif *netif;
+  u8_t num;
+
+  if (name == NULL) {
+    return NULL;
+  }
+
+  num = name[2] - '0';
+
+  for(netif = netif_list; netif != NULL; netif = netif->next) {
+    if (num == netif->num &&
+       name[0] == netif->name[0] &&
+       name[1] == netif->name[1]) {
+      LWIP_DEBUGF(NETIF_DEBUG, ("netif_find: found %c%c\n", name[0], name[1]));
+      return netif;
+    }
+  }
+  LWIP_DEBUGF(NETIF_DEBUG, ("netif_find: didn't find %c%c\n", name[0], name[1]));
+  return NULL;
+}
+
+int netif_is_named (struct netif *netif, const char name[3])
+{
+    u8_t num = name[2] - '0';
+    
+    return (!memcmp(netif->name, name, 2) && netif->num == num);
+}
+
+/**
+ * Change the IP address of a network interface
+ *
+ * @param netif the network interface to change
+ * @param ipaddr the new IP address
+ *
+ * @note call netif_set_addr() if you also want to change netmask and
+ * default gateway
+ */
+void
+netif_set_ipaddr(struct netif *netif, ip_addr_t *ipaddr)
+{
+  /* TODO: Handling of obsolete pcbs */
+  /* See:  http://mail.gnu.org/archive/html/lwip-users/2003-03/msg00118.html */
+#if LWIP_TCP
+  struct tcp_pcb *pcb;
+  struct tcp_pcb_listen *lpcb;
+
+  /* address is actually being changed? */
+  if (ipaddr && (ip_addr_cmp(ipaddr, &(netif->ip_addr))) == 0) {
+    /* extern struct tcp_pcb *tcp_active_pcbs; defined by tcp.h */
+    LWIP_DEBUGF(NETIF_DEBUG | LWIP_DBG_STATE, ("netif_set_ipaddr: netif address being changed\n"));
+    pcb = tcp_active_pcbs;
+    while (pcb != NULL) {
+      /* PCB bound to current local interface address? */
+      if (ip_addr_cmp(ipX_2_ip(&pcb->local_ip), &(netif->ip_addr))
+#if LWIP_AUTOIP
+        /* connections to link-local addresses must persist (RFC3927 ch. 1.9) */
+        && !ip_addr_islinklocal(ipX_2_ip(&pcb->local_ip))
+#endif /* LWIP_AUTOIP */
+        ) {
+        /* this connection must be aborted */
+        struct tcp_pcb *next = pcb->next;
+        LWIP_DEBUGF(NETIF_DEBUG | LWIP_DBG_STATE, ("netif_set_ipaddr: aborting TCP pcb %p\n", (void *)pcb));
+        tcp_abort(pcb);
+        pcb = next;
+      } else {
+        pcb = pcb->next;
+      }
+    }
+    for (lpcb = tcp_listen_pcbs.listen_pcbs; lpcb != NULL; lpcb = lpcb->next) {
+      /* PCB bound to current local interface address? */
+      if ((!(ip_addr_isany(ipX_2_ip(&lpcb->local_ip)))) &&
+          (ip_addr_cmp(ipX_2_ip(&lpcb->local_ip), &(netif->ip_addr)))) {
+        /* The PCB is listening to the old ipaddr and
+         * is set to listen to the new one instead */
+        ip_addr_set(ipX_2_ip(&lpcb->local_ip), ipaddr);
+      }
+    }
+  }
+#endif
+  snmp_delete_ipaddridx_tree(netif);
+  snmp_delete_iprteidx_tree(0,netif);
+  /* set new IP address to netif */
+  ip_addr_set(&(netif->ip_addr), ipaddr);
+  snmp_insert_ipaddridx_tree(netif);
+  snmp_insert_iprteidx_tree(0,netif);
+
+  LWIP_DEBUGF(NETIF_DEBUG | LWIP_DBG_TRACE | LWIP_DBG_STATE, ("netif: IP address of interface %c%c set to %"U16_F".%"U16_F".%"U16_F".%"U16_F"\n",
+    netif->name[0], netif->name[1],
+    ip4_addr1_16(&netif->ip_addr),
+    ip4_addr2_16(&netif->ip_addr),
+    ip4_addr3_16(&netif->ip_addr),
+    ip4_addr4_16(&netif->ip_addr)));
+}
+
+/**
+ * Change the default gateway for a network interface
+ *
+ * @param netif the network interface to change
+ * @param gw the new default gateway
+ *
+ * @note call netif_set_addr() if you also want to change ip address and netmask
+ */
+void
+netif_set_gw(struct netif *netif, ip_addr_t *gw)
+{
+  ip_addr_set(&(netif->gw), gw);
+  LWIP_DEBUGF(NETIF_DEBUG | LWIP_DBG_TRACE | LWIP_DBG_STATE, ("netif: GW address of interface %c%c set to %"U16_F".%"U16_F".%"U16_F".%"U16_F"\n",
+    netif->name[0], netif->name[1],
+    ip4_addr1_16(&netif->gw),
+    ip4_addr2_16(&netif->gw),
+    ip4_addr3_16(&netif->gw),
+    ip4_addr4_16(&netif->gw)));
+}
+
+void netif_set_pretend_tcp (struct netif *netif, u8_t pretend)
+{
+    if (pretend) {
+        netif->flags |= NETIF_FLAG_PRETEND_TCP;
+    } else {
+        netif->flags &= ~NETIF_FLAG_PRETEND_TCP;
+    }
+}
+
+/**
+ * Change the netmask of a network interface
+ *
+ * @param netif the network interface to change
+ * @param netmask the new netmask
+ *
+ * @note call netif_set_addr() if you also want to change ip address and
+ * default gateway
+ */
+void
+netif_set_netmask(struct netif *netif, ip_addr_t *netmask)
+{
+  snmp_delete_iprteidx_tree(0, netif);
+  /* set new netmask to netif */
+  ip_addr_set(&(netif->netmask), netmask);
+  snmp_insert_iprteidx_tree(0, netif);
+  LWIP_DEBUGF(NETIF_DEBUG | LWIP_DBG_TRACE | LWIP_DBG_STATE, ("netif: netmask of interface %c%c set to %"U16_F".%"U16_F".%"U16_F".%"U16_F"\n",
+    netif->name[0], netif->name[1],
+    ip4_addr1_16(&netif->netmask),
+    ip4_addr2_16(&netif->netmask),
+    ip4_addr3_16(&netif->netmask),
+    ip4_addr4_16(&netif->netmask)));
+}
+
+/**
+ * Set a network interface as the default network interface
+ * (used to output all packets for which no specific route is found)
+ *
+ * @param netif the default network interface
+ */
+void
+netif_set_default(struct netif *netif)
+{
+  if (netif == NULL) {
+    /* remove default route */
+    snmp_delete_iprteidx_tree(1, netif);
+  } else {
+    /* install default route */
+    snmp_insert_iprteidx_tree(1, netif);
+  }
+  netif_default = netif;
+  LWIP_DEBUGF(NETIF_DEBUG, ("netif: setting default interface %c%c\n",
+           netif ? netif->name[0] : '\'', netif ? netif->name[1] : '\''));
+}
+
+/**
+ * Bring an interface up, available for processing
+ * traffic.
+ * 
+ * @note: Enabling DHCP on a down interface will make it come
+ * up once configured.
+ * 
+ * @see dhcp_start()
+ */ 
+void netif_set_up(struct netif *netif)
+{
+  if (!(netif->flags & NETIF_FLAG_UP)) {
+    netif->flags |= NETIF_FLAG_UP;
+    
+#if LWIP_SNMP
+    snmp_get_sysuptime(&netif->ts);
+#endif /* LWIP_SNMP */
+
+    NETIF_STATUS_CALLBACK(netif);
+
+    if (netif->flags & NETIF_FLAG_LINK_UP) {
+#if LWIP_ARP
+      /* For Ethernet network interfaces, we would like to send a "gratuitous ARP" */ 
+      if (netif->flags & (NETIF_FLAG_ETHARP)) {
+        etharp_gratuitous(netif);
+      }
+#endif /* LWIP_ARP */
+
+#if LWIP_IGMP
+      /* resend IGMP memberships */
+      if (netif->flags & NETIF_FLAG_IGMP) {
+        igmp_report_groups( netif);
+      }
+#endif /* LWIP_IGMP */
+#if LWIP_IPV6 && LWIP_IPV6_MLD
+      /* send mld memberships */
+      mld6_report_groups( netif);
+#endif /* LWIP_IPV6 && LWIP_IPV6_MLD */
+
+#if LWIP_IPV6_SEND_ROUTER_SOLICIT
+      /* Send Router Solicitation messages. */
+      netif->rs_count = LWIP_ND6_MAX_MULTICAST_SOLICIT;
+#endif /* LWIP_IPV6_SEND_ROUTER_SOLICIT */
+
+    }
+  }
+}
+
+/**
+ * Bring an interface down, disabling any traffic processing.
+ *
+ * @note: Enabling DHCP on a down interface will make it come
+ * up once configured.
+ * 
+ * @see dhcp_start()
+ */ 
+void netif_set_down(struct netif *netif)
+{
+  if (netif->flags & NETIF_FLAG_UP) {
+    netif->flags &= ~NETIF_FLAG_UP;
+#if LWIP_SNMP
+    snmp_get_sysuptime(&netif->ts);
+#endif
+
+#if LWIP_ARP
+    if (netif->flags & NETIF_FLAG_ETHARP) {
+      etharp_cleanup_netif(netif);
+    }
+#endif /* LWIP_ARP */
+    NETIF_STATUS_CALLBACK(netif);
+  }
+}
+
+#if LWIP_NETIF_STATUS_CALLBACK
+/**
+ * Set callback to be called when interface is brought up/down
+ */
+void netif_set_status_callback(struct netif *netif, netif_status_callback_fn status_callback)
+{
+  if (netif) {
+    netif->status_callback = status_callback;
+  }
+}
+#endif /* LWIP_NETIF_STATUS_CALLBACK */
+
+#if LWIP_NETIF_REMOVE_CALLBACK
+/**
+ * Set callback to be called when the interface has been removed
+ */
+void
+netif_set_remove_callback(struct netif *netif, netif_status_callback_fn remove_callback)
+{
+  if (netif) {
+    netif->remove_callback = remove_callback;
+  }
+}
+#endif /* LWIP_NETIF_REMOVE_CALLBACK */
+
+/**
+ * Called by a driver when its link goes up
+ */
+void netif_set_link_up(struct netif *netif )
+{
+  if (!(netif->flags & NETIF_FLAG_LINK_UP)) {
+    netif->flags |= NETIF_FLAG_LINK_UP;
+
+#if LWIP_DHCP
+    if (netif->dhcp) {
+      dhcp_network_changed(netif);
+    }
+#endif /* LWIP_DHCP */
+
+#if LWIP_AUTOIP
+    if (netif->autoip) {
+      autoip_network_changed(netif);
+    }
+#endif /* LWIP_AUTOIP */
+
+    if (netif->flags & NETIF_FLAG_UP) {
+#if LWIP_ARP
+      /* For Ethernet network interfaces, we would like to send a "gratuitous ARP" */ 
+      if (netif->flags & NETIF_FLAG_ETHARP) {
+        etharp_gratuitous(netif);
+      }
+#endif /* LWIP_ARP */
+
+#if LWIP_IGMP
+      /* resend IGMP memberships */
+      if (netif->flags & NETIF_FLAG_IGMP) {
+        igmp_report_groups( netif);
+      }
+#endif /* LWIP_IGMP */
+#if LWIP_IPV6 && LWIP_IPV6_MLD
+      /* send mld memberships */
+      mld6_report_groups( netif);
+#endif /* LWIP_IPV6 && LWIP_IPV6_MLD */
+    }
+    NETIF_LINK_CALLBACK(netif);
+  }
+}
+
+/**
+ * Called by a driver when its link goes down
+ */
+void netif_set_link_down(struct netif *netif )
+{
+  if (netif->flags & NETIF_FLAG_LINK_UP) {
+    netif->flags &= ~NETIF_FLAG_LINK_UP;
+    NETIF_LINK_CALLBACK(netif);
+  }
+}
+
+#if LWIP_NETIF_LINK_CALLBACK
+/**
+ * Set callback to be called when link is brought up/down
+ */
+void netif_set_link_callback(struct netif *netif, netif_status_callback_fn link_callback)
+{
+  if (netif) {
+    netif->link_callback = link_callback;
+  }
+}
+#endif /* LWIP_NETIF_LINK_CALLBACK */
+
+#if ENABLE_LOOPBACK
+/**
+ * Send an IP packet to be received on the same netif (loopif-like).
+ * The pbuf is simply copied and handed back to netif->input.
+ * In multithreaded mode, this is done directly since netif->input must put
+ * the packet on a queue.
+ * In callback mode, the packet is put on an internal queue and is fed to
+ * netif->input by netif_poll().
+ *
+ * @param netif the lwip network interface structure
+ * @param p the (IP) packet to 'send'
+ * @param ipaddr the ip address to send the packet to (not used)
+ * @return ERR_OK if the packet has been sent
+ *         ERR_MEM if the pbuf used to copy the packet couldn't be allocated
+ */
+err_t
+netif_loop_output(struct netif *netif, struct pbuf *p,
+       ip_addr_t *ipaddr)
+{
+  struct pbuf *r;
+  err_t err;
+  struct pbuf *last;
+#if LWIP_LOOPBACK_MAX_PBUFS
+  u8_t clen = 0;
+#endif /* LWIP_LOOPBACK_MAX_PBUFS */
+  /* If we have a loopif, SNMP counters are adjusted for it,
+   * if not they are adjusted for 'netif'. */
+#if LWIP_SNMP
+#if LWIP_HAVE_LOOPIF
+  struct netif *stats_if = &loop_netif;
+#else /* LWIP_HAVE_LOOPIF */
+  struct netif *stats_if = netif;
+#endif /* LWIP_HAVE_LOOPIF */
+#endif /* LWIP_SNMP */
+  SYS_ARCH_DECL_PROTECT(lev);
+  LWIP_UNUSED_ARG(ipaddr);
+
+  /* Allocate a new pbuf */
+  r = pbuf_alloc(PBUF_LINK, p->tot_len, PBUF_RAM);
+  if (r == NULL) {
+    LINK_STATS_INC(link.memerr);
+    LINK_STATS_INC(link.drop);
+    snmp_inc_ifoutdiscards(stats_if);
+    return ERR_MEM;
+  }
+#if LWIP_LOOPBACK_MAX_PBUFS
+  clen = pbuf_clen(r);
+  /* check for overflow or too many pbuf on queue */
+  if(((netif->loop_cnt_current + clen) < netif->loop_cnt_current) ||
+     ((netif->loop_cnt_current + clen) > LWIP_LOOPBACK_MAX_PBUFS)) {
+    pbuf_free(r);
+    LINK_STATS_INC(link.memerr);
+    LINK_STATS_INC(link.drop);
+    snmp_inc_ifoutdiscards(stats_if);
+    return ERR_MEM;
+  }
+  netif->loop_cnt_current += clen;
+#endif /* LWIP_LOOPBACK_MAX_PBUFS */
+
+  /* Copy the whole pbuf queue p into the single pbuf r */
+  if ((err = pbuf_copy(r, p)) != ERR_OK) {
+    pbuf_free(r);
+    LINK_STATS_INC(link.memerr);
+    LINK_STATS_INC(link.drop);
+    snmp_inc_ifoutdiscards(stats_if);
+    return err;
+  }
+
+  /* Put the packet on a linked list which gets emptied through calling
+     netif_poll(). */
+
+  /* let last point to the last pbuf in chain r */
+  for (last = r; last->next != NULL; last = last->next);
+
+  SYS_ARCH_PROTECT(lev);
+  if(netif->loop_first != NULL) {
+    LWIP_ASSERT("if first != NULL, last must also be != NULL", netif->loop_last != NULL);
+    netif->loop_last->next = r;
+    netif->loop_last = last;
+  } else {
+    netif->loop_first = r;
+    netif->loop_last = last;
+  }
+  SYS_ARCH_UNPROTECT(lev);
+
+  LINK_STATS_INC(link.xmit);
+  snmp_add_ifoutoctets(stats_if, p->tot_len);
+  snmp_inc_ifoutucastpkts(stats_if);
+
+#if LWIP_NETIF_LOOPBACK_MULTITHREADING
+  /* For multithreading environment, schedule a call to netif_poll */
+  tcpip_callback((tcpip_callback_fn)netif_poll, netif);
+#endif /* LWIP_NETIF_LOOPBACK_MULTITHREADING */
+
+  return ERR_OK;
+}
+
+/**
+ * Call netif_poll() in the main loop of your application. This is to prevent
+ * reentering non-reentrant functions like tcp_input(). Packets passed to
+ * netif_loop_output() are put on a list that is passed to netif->input() by
+ * netif_poll().
+ */
+void
+netif_poll(struct netif *netif)
+{
+  struct pbuf *in;
+  /* If we have a loopif, SNMP counters are adjusted for it,
+   * if not they are adjusted for 'netif'. */
+#if LWIP_SNMP
+#if LWIP_HAVE_LOOPIF
+  struct netif *stats_if = &loop_netif;
+#else /* LWIP_HAVE_LOOPIF */
+  struct netif *stats_if = netif;
+#endif /* LWIP_HAVE_LOOPIF */
+#endif /* LWIP_SNMP */
+  SYS_ARCH_DECL_PROTECT(lev);
+
+  do {
+    /* Get a packet from the list. With SYS_LIGHTWEIGHT_PROT=1, this is protected */
+    SYS_ARCH_PROTECT(lev);
+    in = netif->loop_first;
+    if (in != NULL) {
+      struct pbuf *in_end = in;
+#if LWIP_LOOPBACK_MAX_PBUFS
+      u8_t clen = pbuf_clen(in);
+      /* adjust the number of pbufs on queue */
+      LWIP_ASSERT("netif->loop_cnt_current underflow",
+        ((netif->loop_cnt_current - clen) < netif->loop_cnt_current));
+      netif->loop_cnt_current -= clen;
+#endif /* LWIP_LOOPBACK_MAX_PBUFS */
+      while (in_end->len != in_end->tot_len) {
+        LWIP_ASSERT("bogus pbuf: len != tot_len but next == NULL!", in_end->next != NULL);
+        in_end = in_end->next;
+      }
+      /* 'in_end' now points to the last pbuf from 'in' */
+      if (in_end == netif->loop_last) {
+        /* this was the last pbuf in the list */
+        netif->loop_first = netif->loop_last = NULL;
+      } else {
+        /* pop the pbuf off the list */
+        netif->loop_first = in_end->next;
+        LWIP_ASSERT("should not be null since first != last!", netif->loop_first != NULL);
+      }
+      /* De-queue the pbuf from its successors on the 'loop_' list. */
+      in_end->next = NULL;
+    }
+    SYS_ARCH_UNPROTECT(lev);
+
+    if (in != NULL) {
+      LINK_STATS_INC(link.recv);
+      snmp_add_ifinoctets(stats_if, in->tot_len);
+      snmp_inc_ifinucastpkts(stats_if);
+      /* loopback packets are always IP packets! */
+      if (ip_input(in, netif) != ERR_OK) {
+        pbuf_free(in);
+      }
+      /* Don't reference the packet any more! */
+      in = NULL;
+    }
+  /* go on while there is a packet on the list */
+  } while (netif->loop_first != NULL);
+}
+
+#if !LWIP_NETIF_LOOPBACK_MULTITHREADING
+/**
+ * Calls netif_poll() for every netif on the netif_list.
+ */
+void
+netif_poll_all(void)
+{
+  struct netif *netif = netif_list;
+  /* loop through netifs */
+  while (netif != NULL) {
+    netif_poll(netif);
+    /* proceed to next network interface */
+    netif = netif->next;
+  }
+}
+#endif /* !LWIP_NETIF_LOOPBACK_MULTITHREADING */
+#endif /* ENABLE_LOOPBACK */
+
+#if LWIP_IPV6
+s8_t
+netif_matches_ip6_addr(struct netif * netif, ip6_addr_t * ip6addr)
+{
+  s8_t i;
+  for (i = 0; i < LWIP_IPV6_NUM_ADDRESSES; i++) {
+    if (ip6_addr_cmp(netif_ip6_addr(netif, i), ip6addr)) {
+      return i;
+    }
+  }
+  return -1;
+}
+
+void
+netif_create_ip6_linklocal_address(struct netif * netif, u8_t from_mac_48bit)
+{
+  u8_t i, addr_index, min_len;
+
+  /* Link-local prefix. */
+  netif->ip6_addr[0].addr[0] = PP_HTONL(0xfe800000ul);
+  netif->ip6_addr[0].addr[1] = 0;
+
+  /* Generate interface ID. */
+  if (from_mac_48bit) {
+    /* Assume hwaddr is a 48-bit IEEE 802 MAC. Convert to EUI-64 address. Complement Group bit. */
+    netif->ip6_addr[0].addr[2] = htonl((((u32_t)(netif->hwaddr[0] ^ 0x02)) << 24) |
+        ((u32_t)(netif->hwaddr[1]) << 16) |
+        ((u32_t)(netif->hwaddr[2]) << 8) |
+        (0xff));
+    netif->ip6_addr[0].addr[3] = htonl((0xfeul << 24) |
+        ((u32_t)(netif->hwaddr[3]) << 16) |
+        ((u32_t)(netif->hwaddr[4]) << 8) |
+        (netif->hwaddr[5]));
+  }
+  else {
+    /* Use hwaddr directly as interface ID. */
+    netif->ip6_addr[0].addr[2] = 0;
+    netif->ip6_addr[0].addr[3] = 0;
+
+    min_len = netif->hwaddr_len < 8 ? netif->hwaddr_len : 8;
+    addr_index = 3;
+    for (i = 0; i < min_len; i++) {
+      if (i == 4) {
+        addr_index--;
+      }
+      netif->ip6_addr[0].addr[addr_index] |= ((u32_t)(netif->hwaddr[netif->hwaddr_len - i - 1])) << (8 * (i & 0x03));
+    }
+  }
+
+  /* Set address state. */
+#if LWIP_IPV6_DUP_DETECT_ATTEMPTS
+  /* Will perform duplicate address detection (DAD). */
+  netif->ip6_addr_state[0] = IP6_ADDR_TENTATIVE;
+#else
+  /* Consider address valid. */
+  netif->ip6_addr_state[0] = IP6_ADDR_PREFERRED;
+#endif /* LWIP_IPV6_AUTOCONFIG */
+}
+
+static err_t
+netif_null_output_ip6(struct netif *netif, struct pbuf *p, ip6_addr_t *ipaddr)
+{
+    (void)netif;
+    (void)p;
+    (void)ipaddr;
+
+    return ERR_IF;
+}
+#endif /* LWIP_IPV6 */
diff --git a/client/3rd/PacketProcessor/PacketProcessor/tun2socks-iOS/lwip/src/core/pbuf.c b/client/3rd/PacketProcessor/PacketProcessor/tun2socks-iOS/lwip/src/core/pbuf.c
new file mode 100644
index 00000000..1e5e53b1
--- /dev/null
+++ b/client/3rd/PacketProcessor/PacketProcessor/tun2socks-iOS/lwip/src/core/pbuf.c
@@ -0,0 +1,1179 @@
+/**
+ * @file
+ * Packet buffer management
+ *
+ * Packets are built from the pbuf data structure. It supports dynamic
+ * memory allocation for packet contents or can reference externally
+ * managed packet contents both in RAM and ROM. Quick allocation for
+ * incoming packets is provided through pools with fixed sized pbufs.
+ *
+ * A packet may span over multiple pbufs, chained as a singly linked
+ * list. This is called a "pbuf chain".
+ *
+ * Multiple packets may be queued, also using this singly linked list.
+ * This is called a "packet queue".
+ * 
+ * So, a packet queue consists of one or more pbuf chains, each of
+ * which consist of one or more pbufs. CURRENTLY, PACKET QUEUES ARE
+ * NOT SUPPORTED!!! Use helper structs to queue multiple packets.
+ * 
+ * The differences between a pbuf chain and a packet queue are very
+ * precise but subtle. 
+ *
+ * The last pbuf of a packet has a ->tot_len field that equals the
+ * ->len field. It can be found by traversing the list. If the last
+ * pbuf of a packet has a ->next field other than NULL, more packets
+ * are on the queue.
+ *
+ * Therefore, looping through a pbuf of a single packet, has an
+ * loop end condition (tot_len == p->len), NOT (next == NULL).
+ */
+
+/*
+ * Copyright (c) 2001-2004 Swedish Institute of Computer Science.
+ * All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without modification,
+ * are permitted provided that the following conditions are met:
+ *
+ * 1. Redistributions of source code must retain the above copyright notice,
+ *    this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright notice,
+ *    this list of conditions and the following disclaimer in the documentation
+ *    and/or other materials provided with the distribution.
+ * 3. The name of the author may not be used to endorse or promote products
+ *    derived from this software without specific prior written permission.
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE AUTHOR ``AS IS'' AND ANY EXPRESS OR IMPLIED
+ * WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF
+ * MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT
+ * SHALL THE AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL,
+ * EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT
+ * OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS
+ * INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN
+ * CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING
+ * IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY
+ * OF SUCH DAMAGE.
+ *
+ * This file is part of the lwIP TCP/IP stack.
+ *
+ * Author: Adam Dunkels <adam@sics.se>
+ *
+ */
+
+#include "lwip/opt.h"
+
+#include "lwip/stats.h"
+#include "lwip/def.h"
+#include "lwip/mem.h"
+#include "lwip/memp.h"
+#include "lwip/pbuf.h"
+#include "lwip/sys.h"
+#include "arch/perf.h"
+#if LWIP_TCP && TCP_QUEUE_OOSEQ
+#include "lwip/tcp_impl.h"
+#endif
+#if LWIP_CHECKSUM_ON_COPY
+#include "lwip/inet_chksum.h"
+#endif
+
+#include <string.h>
+
+#define SIZEOF_STRUCT_PBUF        LWIP_MEM_ALIGN_SIZE(sizeof(struct pbuf))
+/* Since the pool is created in memp, PBUF_POOL_BUFSIZE will be automatically
+   aligned there. Therefore, PBUF_POOL_BUFSIZE_ALIGNED can be used here. */
+#define PBUF_POOL_BUFSIZE_ALIGNED LWIP_MEM_ALIGN_SIZE(PBUF_POOL_BUFSIZE)
+
+#if !LWIP_TCP || !TCP_QUEUE_OOSEQ || !PBUF_POOL_FREE_OOSEQ
+#define PBUF_POOL_IS_EMPTY()
+#else /* !LWIP_TCP || !TCP_QUEUE_OOSEQ || !PBUF_POOL_FREE_OOSEQ */
+
+#if !NO_SYS
+#ifndef PBUF_POOL_FREE_OOSEQ_QUEUE_CALL
+#include "lwip/tcpip.h"
+#define PBUF_POOL_FREE_OOSEQ_QUEUE_CALL()  do { \
+  if(tcpip_callback_with_block(pbuf_free_ooseq_callback, NULL, 0) != ERR_OK) { \
+      SYS_ARCH_PROTECT(old_level); \
+      pbuf_free_ooseq_pending = 0; \
+      SYS_ARCH_UNPROTECT(old_level); \
+  } } while(0)
+#endif /* PBUF_POOL_FREE_OOSEQ_QUEUE_CALL */
+#endif /* !NO_SYS */
+
+volatile u8_t pbuf_free_ooseq_pending;
+#define PBUF_POOL_IS_EMPTY() pbuf_pool_is_empty()
+
+/**
+ * Attempt to reclaim some memory from queued out-of-sequence TCP segments
+ * if we run out of pool pbufs. It's better to give priority to new packets
+ * if we're running out.
+ *
+ * This must be done in the correct thread context therefore this function
+ * can only be used with NO_SYS=0 and through tcpip_callback.
+ */
+#if !NO_SYS
+static
+#endif /* !NO_SYS */
+void
+pbuf_free_ooseq(void)
+{
+  struct tcp_pcb* pcb;
+  SYS_ARCH_DECL_PROTECT(old_level);
+
+  SYS_ARCH_PROTECT(old_level);
+  pbuf_free_ooseq_pending = 0;
+  SYS_ARCH_UNPROTECT(old_level);
+
+  for (pcb = tcp_active_pcbs; NULL != pcb; pcb = pcb->next) {
+    if (NULL != pcb->ooseq) {
+      /** Free the ooseq pbufs of one PCB only */
+      LWIP_DEBUGF(PBUF_DEBUG | LWIP_DBG_TRACE, ("pbuf_free_ooseq: freeing out-of-sequence pbufs\n"));
+      tcp_segs_free(pcb->ooseq);
+      pcb->ooseq = NULL;
+      return;
+    }
+  }
+}
+
+#if !NO_SYS
+/**
+ * Just a callback function for tcpip_timeout() that calls pbuf_free_ooseq().
+ */
+static void
+pbuf_free_ooseq_callback(void *arg)
+{
+  LWIP_UNUSED_ARG(arg);
+  pbuf_free_ooseq();
+}
+#endif /* !NO_SYS */
+
+/** Queue a call to pbuf_free_ooseq if not already queued. */
+static void
+pbuf_pool_is_empty(void)
+{
+#ifndef PBUF_POOL_FREE_OOSEQ_QUEUE_CALL
+  SYS_ARCH_DECL_PROTECT(old_level);
+  SYS_ARCH_PROTECT(old_level);
+  pbuf_free_ooseq_pending = 1;
+  SYS_ARCH_UNPROTECT(old_level);
+#else /* PBUF_POOL_FREE_OOSEQ_QUEUE_CALL */
+  u8_t queued;
+  SYS_ARCH_DECL_PROTECT(old_level);
+  SYS_ARCH_PROTECT(old_level);
+  queued = pbuf_free_ooseq_pending;
+  pbuf_free_ooseq_pending = 1;
+  SYS_ARCH_UNPROTECT(old_level);
+
+  if(!queued) {
+    /* queue a call to pbuf_free_ooseq if not already queued */
+    PBUF_POOL_FREE_OOSEQ_QUEUE_CALL();
+  }
+#endif /* PBUF_POOL_FREE_OOSEQ_QUEUE_CALL */
+}
+#endif /* !LWIP_TCP || !TCP_QUEUE_OOSEQ || !PBUF_POOL_FREE_OOSEQ */
+
+/**
+ * Allocates a pbuf of the given type (possibly a chain for PBUF_POOL type).
+ *
+ * The actual memory allocated for the pbuf is determined by the
+ * layer at which the pbuf is allocated and the requested size
+ * (from the size parameter).
+ *
+ * @param layer flag to define header size
+ * @param length size of the pbuf's payload
+ * @param type this parameter decides how and where the pbuf
+ * should be allocated as follows:
+ *
+ * - PBUF_RAM: buffer memory for pbuf is allocated as one large
+ *             chunk. This includes protocol headers as well.
+ * - PBUF_ROM: no buffer memory is allocated for the pbuf, even for
+ *             protocol headers. Additional headers must be prepended
+ *             by allocating another pbuf and chain in to the front of
+ *             the ROM pbuf. It is assumed that the memory used is really
+ *             similar to ROM in that it is immutable and will not be
+ *             changed. Memory which is dynamic should generally not
+ *             be attached to PBUF_ROM pbufs. Use PBUF_REF instead.
+ * - PBUF_REF: no buffer memory is allocated for the pbuf, even for
+ *             protocol headers. It is assumed that the pbuf is only
+ *             being used in a single thread. If the pbuf gets queued,
+ *             then pbuf_take should be called to copy the buffer.
+ * - PBUF_POOL: the pbuf is allocated as a pbuf chain, with pbufs from
+ *              the pbuf pool that is allocated during pbuf_init().
+ *
+ * @return the allocated pbuf. If multiple pbufs where allocated, this
+ * is the first pbuf of a pbuf chain.
+ */
+struct pbuf *
+pbuf_alloc(pbuf_layer layer, u16_t length, pbuf_type type)
+{
+  struct pbuf *p, *q, *r;
+  u16_t offset;
+  s32_t rem_len; /* remaining length */
+  LWIP_DEBUGF(PBUF_DEBUG | LWIP_DBG_TRACE, ("pbuf_alloc(length=%"U16_F")\n", length));
+
+  /* determine header offset */
+  switch (layer) {
+  case PBUF_TRANSPORT:
+    /* add room for transport (often TCP) layer header */
+    offset = PBUF_LINK_HLEN + PBUF_IP_HLEN + PBUF_TRANSPORT_HLEN;
+    break;
+  case PBUF_IP:
+    /* add room for IP layer header */
+    offset = PBUF_LINK_HLEN + PBUF_IP_HLEN;
+    break;
+  case PBUF_LINK:
+    /* add room for link layer header */
+    offset = PBUF_LINK_HLEN;
+    break;
+  case PBUF_RAW:
+    offset = 0;
+    break;
+  default:
+    LWIP_ASSERT("pbuf_alloc: bad pbuf layer", 0);
+    return NULL;
+  }
+
+  switch (type) {
+  case PBUF_POOL:
+    /* allocate head of pbuf chain into p */
+    p = (struct pbuf *)memp_malloc(MEMP_PBUF_POOL);
+    LWIP_DEBUGF(PBUF_DEBUG | LWIP_DBG_TRACE, ("pbuf_alloc: allocated pbuf %p\n", (void *)p));
+    if (p == NULL) {
+      PBUF_POOL_IS_EMPTY();
+      return NULL;
+    }
+    p->type = type;
+    p->next = NULL;
+
+    /* make the payload pointer point 'offset' bytes into pbuf data memory */
+    p->payload = LWIP_MEM_ALIGN((void *)((u8_t *)p + (SIZEOF_STRUCT_PBUF + offset)));
+    LWIP_ASSERT("pbuf_alloc: pbuf p->payload properly aligned",
+            ((mem_ptr_t)p->payload % MEM_ALIGNMENT) == 0);
+    /* the total length of the pbuf chain is the requested size */
+    p->tot_len = length;
+    /* set the length of the first pbuf in the chain */
+    p->len = LWIP_MIN(length, PBUF_POOL_BUFSIZE_ALIGNED - LWIP_MEM_ALIGN_SIZE(offset));
+    LWIP_ASSERT("check p->payload + p->len does not overflow pbuf",
+                ((u8_t*)p->payload + p->len <=
+                 (u8_t*)p + SIZEOF_STRUCT_PBUF + PBUF_POOL_BUFSIZE_ALIGNED));
+    LWIP_ASSERT("PBUF_POOL_BUFSIZE must be bigger than MEM_ALIGNMENT",
+      (PBUF_POOL_BUFSIZE_ALIGNED - LWIP_MEM_ALIGN_SIZE(offset)) > 0 );
+    /* set reference count (needed here in case we fail) */
+    p->ref = 1;
+
+    /* now allocate the tail of the pbuf chain */
+
+    /* remember first pbuf for linkage in next iteration */
+    r = p;
+    /* remaining length to be allocated */
+    rem_len = length - p->len;
+    /* any remaining pbufs to be allocated? */
+    while (rem_len > 0) {
+      q = (struct pbuf *)memp_malloc(MEMP_PBUF_POOL);
+      if (q == NULL) {
+        PBUF_POOL_IS_EMPTY();
+        /* free chain so far allocated */
+        pbuf_free(p);
+        /* bail out unsuccesfully */
+        return NULL;
+      }
+      q->type = type;
+      q->flags = 0;
+      q->next = NULL;
+      /* make previous pbuf point to this pbuf */
+      r->next = q;
+      /* set total length of this pbuf and next in chain */
+      LWIP_ASSERT("rem_len < max_u16_t", rem_len < 0xffff);
+      q->tot_len = (u16_t)rem_len;
+      /* this pbuf length is pool size, unless smaller sized tail */
+      q->len = LWIP_MIN((u16_t)rem_len, PBUF_POOL_BUFSIZE_ALIGNED);
+      q->payload = (void *)((u8_t *)q + SIZEOF_STRUCT_PBUF);
+      LWIP_ASSERT("pbuf_alloc: pbuf q->payload properly aligned",
+              ((mem_ptr_t)q->payload % MEM_ALIGNMENT) == 0);
+      LWIP_ASSERT("check p->payload + p->len does not overflow pbuf",
+                  ((u8_t*)p->payload + p->len <=
+                   (u8_t*)p + SIZEOF_STRUCT_PBUF + PBUF_POOL_BUFSIZE_ALIGNED));
+      q->ref = 1;
+      /* calculate remaining length to be allocated */
+      rem_len -= q->len;
+      /* remember this pbuf for linkage in next iteration */
+      r = q;
+    }
+    /* end of chain */
+    /*r->next = NULL;*/
+
+    break;
+  case PBUF_RAM:
+    /* If pbuf is to be allocated in RAM, allocate memory for it. */
+    p = (struct pbuf*)mem_malloc(LWIP_MEM_ALIGN_SIZE(SIZEOF_STRUCT_PBUF + offset) + LWIP_MEM_ALIGN_SIZE(length));
+    if (p == NULL) {
+      return NULL;
+    }
+    /* Set up internal structure of the pbuf. */
+    p->payload = LWIP_MEM_ALIGN((void *)((u8_t *)p + SIZEOF_STRUCT_PBUF + offset));
+    p->len = p->tot_len = length;
+    p->next = NULL;
+    p->type = type;
+
+    LWIP_ASSERT("pbuf_alloc: pbuf->payload properly aligned",
+           ((mem_ptr_t)p->payload % MEM_ALIGNMENT) == 0);
+    break;
+  /* pbuf references existing (non-volatile static constant) ROM payload? */
+  case PBUF_ROM:
+  /* pbuf references existing (externally allocated) RAM payload? */
+  case PBUF_REF:
+    /* only allocate memory for the pbuf structure */
+    p = (struct pbuf *)memp_malloc(MEMP_PBUF);
+    if (p == NULL) {
+      LWIP_DEBUGF(PBUF_DEBUG | LWIP_DBG_LEVEL_SERIOUS,
+                  ("pbuf_alloc: Could not allocate MEMP_PBUF for PBUF_%s.\n",
+                  (type == PBUF_ROM) ? "ROM" : "REF"));
+      return NULL;
+    }
+    /* caller must set this field properly, afterwards */
+    p->payload = NULL;
+    p->len = p->tot_len = length;
+    p->next = NULL;
+    p->type = type;
+    break;
+  default:
+    LWIP_ASSERT("pbuf_alloc: erroneous type", 0);
+    return NULL;
+  }
+  /* set reference count */
+  p->ref = 1;
+  /* set flags */
+  p->flags = 0;
+  LWIP_DEBUGF(PBUF_DEBUG | LWIP_DBG_TRACE, ("pbuf_alloc(length=%"U16_F") == %p\n", length, (void *)p));
+  return p;
+}
+
+#if LWIP_SUPPORT_CUSTOM_PBUF
+/** Initialize a custom pbuf (already allocated).
+ *
+ * @param layer flag to define header size
+ * @param length size of the pbuf's payload
+ * @param type type of the pbuf (only used to treat the pbuf accordingly, as
+ *        this function allocates no memory)
+ * @param p pointer to the custom pbuf to initialize (already allocated)
+ * @param payload_mem pointer to the buffer that is used for payload and headers,
+ *        must be at least big enough to hold 'length' plus the header size,
+ *        may be NULL if set later.
+ *        ATTENTION: The caller is responsible for correct alignment of this buffer!!
+ * @param payload_mem_len the size of the 'payload_mem' buffer, must be at least
+ *        big enough to hold 'length' plus the header size
+ */
+struct pbuf*
+pbuf_alloced_custom(pbuf_layer l, u16_t length, pbuf_type type, struct pbuf_custom *p,
+                    void *payload_mem, u16_t payload_mem_len)
+{
+  u16_t offset;
+  LWIP_DEBUGF(PBUF_DEBUG | LWIP_DBG_TRACE, ("pbuf_alloced_custom(length=%"U16_F")\n", length));
+
+  /* determine header offset */
+  switch (l) {
+  case PBUF_TRANSPORT:
+    /* add room for transport (often TCP) layer header */
+    offset = PBUF_LINK_HLEN + PBUF_IP_HLEN + PBUF_TRANSPORT_HLEN;
+    break;
+  case PBUF_IP:
+    /* add room for IP layer header */
+    offset = PBUF_LINK_HLEN + PBUF_IP_HLEN;
+    break;
+  case PBUF_LINK:
+    /* add room for link layer header */
+    offset = PBUF_LINK_HLEN;
+    break;
+  case PBUF_RAW:
+    offset = 0;
+    break;
+  default:
+    LWIP_ASSERT("pbuf_alloced_custom: bad pbuf layer", 0);
+    return NULL;
+  }
+
+  if (LWIP_MEM_ALIGN_SIZE(offset) + length > payload_mem_len) {
+    LWIP_DEBUGF(PBUF_DEBUG | LWIP_DBG_LEVEL_WARNING, ("pbuf_alloced_custom(length=%"U16_F") buffer too short\n", length));
+    return NULL;
+  }
+
+  p->pbuf.next = NULL;
+  if (payload_mem != NULL) {
+    p->pbuf.payload = (u8_t *)payload_mem + LWIP_MEM_ALIGN_SIZE(offset);
+  } else {
+    p->pbuf.payload = NULL;
+  }
+  p->pbuf.flags = PBUF_FLAG_IS_CUSTOM;
+  p->pbuf.len = p->pbuf.tot_len = length;
+  p->pbuf.type = type;
+  p->pbuf.ref = 1;
+  return &p->pbuf;
+}
+#endif /* LWIP_SUPPORT_CUSTOM_PBUF */
+
+/**
+ * Shrink a pbuf chain to a desired length.
+ *
+ * @param p pbuf to shrink.
+ * @param new_len desired new length of pbuf chain
+ *
+ * Depending on the desired length, the first few pbufs in a chain might
+ * be skipped and left unchanged. The new last pbuf in the chain will be
+ * resized, and any remaining pbufs will be freed.
+ *
+ * @note If the pbuf is ROM/REF, only the ->tot_len and ->len fields are adjusted.
+ * @note May not be called on a packet queue.
+ *
+ * @note Despite its name, pbuf_realloc cannot grow the size of a pbuf (chain).
+ */
+void
+pbuf_realloc(struct pbuf *p, u16_t new_len)
+{
+  struct pbuf *q;
+  u16_t rem_len; /* remaining length */
+  s32_t grow;
+
+  LWIP_ASSERT("pbuf_realloc: p != NULL", p != NULL);
+  LWIP_ASSERT("pbuf_realloc: sane p->type", p->type == PBUF_POOL ||
+              p->type == PBUF_ROM ||
+              p->type == PBUF_RAM ||
+              p->type == PBUF_REF);
+
+  /* desired length larger than current length? */
+  if (new_len >= p->tot_len) {
+    /* enlarging not yet supported */
+    return;
+  }
+
+  /* the pbuf chain grows by (new_len - p->tot_len) bytes
+   * (which may be negative in case of shrinking) */
+  grow = new_len - p->tot_len;
+
+  /* first, step over any pbufs that should remain in the chain */
+  rem_len = new_len;
+  q = p;
+  /* should this pbuf be kept? */
+  while (rem_len > q->len) {
+    /* decrease remaining length by pbuf length */
+    rem_len -= q->len;
+    /* decrease total length indicator */
+    LWIP_ASSERT("grow < max_u16_t", grow < 0xffff);
+    q->tot_len += (u16_t)grow;
+    /* proceed to next pbuf in chain */
+    q = q->next;
+    LWIP_ASSERT("pbuf_realloc: q != NULL", q != NULL);
+  }
+  /* we have now reached the new last pbuf (in q) */
+  /* rem_len == desired length for pbuf q */
+
+  /* shrink allocated memory for PBUF_RAM */
+  /* (other types merely adjust their length fields */
+  if ((q->type == PBUF_RAM) && (rem_len != q->len)) {
+    /* reallocate and adjust the length of the pbuf that will be split */
+    q = (struct pbuf *)mem_trim(q, (u16_t)((u8_t *)q->payload - (u8_t *)q) + rem_len);
+    LWIP_ASSERT("mem_trim returned q == NULL", q != NULL);
+  }
+  /* adjust length fields for new last pbuf */
+  q->len = rem_len;
+  q->tot_len = q->len;
+
+  /* any remaining pbufs in chain? */
+  if (q->next != NULL) {
+    /* free remaining pbufs in chain */
+    pbuf_free(q->next);
+  }
+  /* q is last packet in chain */
+  q->next = NULL;
+
+}
+
+/**
+ * Adjusts the payload pointer to hide or reveal headers in the payload.
+ *
+ * Adjusts the ->payload pointer so that space for a header
+ * (dis)appears in the pbuf payload.
+ *
+ * The ->payload, ->tot_len and ->len fields are adjusted.
+ *
+ * @param p pbuf to change the header size.
+ * @param header_size_increment Number of bytes to increment header size which
+ * increases the size of the pbuf. New space is on the front.
+ * (Using a negative value decreases the header size.)
+ * If hdr_size_inc is 0, this function does nothing and returns succesful.
+ *
+ * PBUF_ROM and PBUF_REF type buffers cannot have their sizes increased, so
+ * the call will fail. A check is made that the increase in header size does
+ * not move the payload pointer in front of the start of the buffer.
+ * @return non-zero on failure, zero on success.
+ *
+ */
+u8_t
+pbuf_header(struct pbuf *p, s16_t header_size_increment)
+{
+  u16_t type;
+  void *payload;
+  u16_t increment_magnitude;
+
+  LWIP_ASSERT("p != NULL", p != NULL);
+  if ((header_size_increment == 0) || (p == NULL)) {
+    return 0;
+  }
+ 
+  if (header_size_increment < 0){
+    increment_magnitude = -header_size_increment;
+    /* Check that we aren't going to move off the end of the pbuf */
+    LWIP_ERROR("increment_magnitude <= p->len", (increment_magnitude <= p->len), return 1;);
+  } else {
+    increment_magnitude = header_size_increment;
+#if 0
+    /* Can't assert these as some callers speculatively call
+         pbuf_header() to see if it's OK.  Will return 1 below instead. */
+    /* Check that we've got the correct type of pbuf to work with */
+    LWIP_ASSERT("p->type == PBUF_RAM || p->type == PBUF_POOL", 
+                p->type == PBUF_RAM || p->type == PBUF_POOL);
+    /* Check that we aren't going to move off the beginning of the pbuf */
+    LWIP_ASSERT("p->payload - increment_magnitude >= p + SIZEOF_STRUCT_PBUF",
+                (u8_t *)p->payload - increment_magnitude >= (u8_t *)p + SIZEOF_STRUCT_PBUF);
+#endif
+  }
+
+  type = p->type;
+  /* remember current payload pointer */
+  payload = p->payload;
+
+  /* pbuf types containing payloads? */
+  if (type == PBUF_RAM || type == PBUF_POOL) {
+    /* set new payload pointer */
+    p->payload = (u8_t *)p->payload - header_size_increment;
+    /* boundary check fails? */
+    if ((u8_t *)p->payload < (u8_t *)p + SIZEOF_STRUCT_PBUF) {
+      LWIP_DEBUGF( PBUF_DEBUG | LWIP_DBG_LEVEL_SERIOUS,
+        ("pbuf_header: failed as %p < %p (not enough space for new header size)\n",
+        (void *)p->payload, (void *)(p + 1)));
+      /* restore old payload pointer */
+      p->payload = payload;
+      /* bail out unsuccesfully */
+      return 1;
+    }
+  /* pbuf types refering to external payloads? */
+  } else if (type == PBUF_REF || type == PBUF_ROM) {
+    /* hide a header in the payload? */
+    if ((header_size_increment < 0) && (increment_magnitude <= p->len)) {
+      /* increase payload pointer */
+      p->payload = (u8_t *)p->payload - header_size_increment;
+    } else {
+      /* cannot expand payload to front (yet!)
+       * bail out unsuccesfully */
+      return 1;
+    }
+  } else {
+    /* Unknown type */
+    LWIP_ASSERT("bad pbuf type", 0);
+    return 1;
+  }
+  /* modify pbuf length fields */
+  p->len += header_size_increment;
+  p->tot_len += header_size_increment;
+
+  LWIP_DEBUGF(PBUF_DEBUG | LWIP_DBG_TRACE, ("pbuf_header: old %p new %p (%"S16_F")\n",
+    (void *)payload, (void *)p->payload, header_size_increment));
+
+  return 0;
+}
+
+/**
+ * Dereference a pbuf chain or queue and deallocate any no-longer-used
+ * pbufs at the head of this chain or queue.
+ *
+ * Decrements the pbuf reference count. If it reaches zero, the pbuf is
+ * deallocated.
+ *
+ * For a pbuf chain, this is repeated for each pbuf in the chain,
+ * up to the first pbuf which has a non-zero reference count after
+ * decrementing. So, when all reference counts are one, the whole
+ * chain is free'd.
+ *
+ * @param p The pbuf (chain) to be dereferenced.
+ *
+ * @return the number of pbufs that were de-allocated
+ * from the head of the chain.
+ *
+ * @note MUST NOT be called on a packet queue (Not verified to work yet).
+ * @note the reference counter of a pbuf equals the number of pointers
+ * that refer to the pbuf (or into the pbuf).
+ *
+ * @internal examples:
+ *
+ * Assuming existing chains a->b->c with the following reference
+ * counts, calling pbuf_free(a) results in:
+ * 
+ * 1->2->3 becomes ...1->3
+ * 3->3->3 becomes 2->3->3
+ * 1->1->2 becomes ......1
+ * 2->1->1 becomes 1->1->1
+ * 1->1->1 becomes .......
+ *
+ */
+u8_t
+pbuf_free(struct pbuf *p)
+{
+  u16_t type;
+  struct pbuf *q;
+  u8_t count;
+
+  if (p == NULL) {
+    LWIP_ASSERT("p != NULL", p != NULL);
+    /* if assertions are disabled, proceed with debug output */
+    LWIP_DEBUGF(PBUF_DEBUG | LWIP_DBG_LEVEL_SERIOUS,
+      ("pbuf_free(p == NULL) was called.\n"));
+    return 0;
+  }
+  LWIP_DEBUGF(PBUF_DEBUG | LWIP_DBG_TRACE, ("pbuf_free(%p)\n", (void *)p));
+
+  PERF_START;
+
+  LWIP_ASSERT("pbuf_free: sane type",
+    p->type == PBUF_RAM || p->type == PBUF_ROM ||
+    p->type == PBUF_REF || p->type == PBUF_POOL);
+
+  count = 0;
+  /* de-allocate all consecutive pbufs from the head of the chain that
+   * obtain a zero reference count after decrementing*/
+  while (p != NULL) {
+    u16_t ref;
+    SYS_ARCH_DECL_PROTECT(old_level);
+    /* Since decrementing ref cannot be guaranteed to be a single machine operation
+     * we must protect it. We put the new ref into a local variable to prevent
+     * further protection. */
+    SYS_ARCH_PROTECT(old_level);
+    /* all pbufs in a chain are referenced at least once */
+    LWIP_ASSERT("pbuf_free: p->ref > 0", p->ref > 0);
+    /* decrease reference count (number of pointers to pbuf) */
+    ref = --(p->ref);
+    SYS_ARCH_UNPROTECT(old_level);
+    /* this pbuf is no longer referenced to? */
+    if (ref == 0) {
+      /* remember next pbuf in chain for next iteration */
+      q = p->next;
+      LWIP_DEBUGF( PBUF_DEBUG | LWIP_DBG_TRACE, ("pbuf_free: deallocating %p\n", (void *)p));
+      type = p->type;
+#if LWIP_SUPPORT_CUSTOM_PBUF
+      /* is this a custom pbuf? */
+      if ((p->flags & PBUF_FLAG_IS_CUSTOM) != 0) {
+        struct pbuf_custom *pc = (struct pbuf_custom*)p;
+        LWIP_ASSERT("pc->custom_free_function != NULL", pc->custom_free_function != NULL);
+        pc->custom_free_function(p);
+      } else
+#endif /* LWIP_SUPPORT_CUSTOM_PBUF */
+      {
+        /* is this a pbuf from the pool? */
+        if (type == PBUF_POOL) {
+          memp_free(MEMP_PBUF_POOL, p);
+        /* is this a ROM or RAM referencing pbuf? */
+        } else if (type == PBUF_ROM || type == PBUF_REF) {
+          memp_free(MEMP_PBUF, p);
+        /* type == PBUF_RAM */
+        } else {
+          mem_free(p);
+        }
+      }
+      count++;
+      /* proceed to next pbuf */
+      p = q;
+    /* p->ref > 0, this pbuf is still referenced to */
+    /* (and so the remaining pbufs in chain as well) */
+    } else {
+      LWIP_DEBUGF( PBUF_DEBUG | LWIP_DBG_TRACE, ("pbuf_free: %p has ref %"U16_F", ending here.\n", (void *)p, ref));
+      /* stop walking through the chain */
+      p = NULL;
+    }
+  }
+  PERF_STOP("pbuf_free");
+  /* return number of de-allocated pbufs */
+  return count;
+}
+
+/**
+ * Count number of pbufs in a chain
+ *
+ * @param p first pbuf of chain
+ * @return the number of pbufs in a chain
+ */
+
+u8_t
+pbuf_clen(struct pbuf *p)
+{
+  u8_t len;
+
+  len = 0;
+  while (p != NULL) {
+    ++len;
+    p = p->next;
+  }
+  return len;
+}
+
+/**
+ * Increment the reference count of the pbuf.
+ *
+ * @param p pbuf to increase reference counter of
+ *
+ */
+void
+pbuf_ref(struct pbuf *p)
+{
+  SYS_ARCH_DECL_PROTECT(old_level);
+  /* pbuf given? */
+  if (p != NULL) {
+    SYS_ARCH_PROTECT(old_level);
+    ++(p->ref);
+    SYS_ARCH_UNPROTECT(old_level);
+  }
+}
+
+/**
+ * Concatenate two pbufs (each may be a pbuf chain) and take over
+ * the caller's reference of the tail pbuf.
+ * 
+ * @note The caller MAY NOT reference the tail pbuf afterwards.
+ * Use pbuf_chain() for that purpose.
+ * 
+ * @see pbuf_chain()
+ */
+
+void
+pbuf_cat(struct pbuf *h, struct pbuf *t)
+{
+  struct pbuf *p;
+
+  LWIP_ERROR("(h != NULL) && (t != NULL) (programmer violates API)",
+             ((h != NULL) && (t != NULL)), return;);
+
+  /* proceed to last pbuf of chain */
+  for (p = h; p->next != NULL; p = p->next) {
+    /* add total length of second chain to all totals of first chain */
+    p->tot_len += t->tot_len;
+  }
+  /* { p is last pbuf of first h chain, p->next == NULL } */
+  LWIP_ASSERT("p->tot_len == p->len (of last pbuf in chain)", p->tot_len == p->len);
+  LWIP_ASSERT("p->next == NULL", p->next == NULL);
+  /* add total length of second chain to last pbuf total of first chain */
+  p->tot_len += t->tot_len;
+  /* chain last pbuf of head (p) with first of tail (t) */
+  p->next = t;
+  /* p->next now references t, but the caller will drop its reference to t,
+   * so netto there is no change to the reference count of t.
+   */
+}
+
+/**
+ * Chain two pbufs (or pbuf chains) together.
+ * 
+ * The caller MUST call pbuf_free(t) once it has stopped
+ * using it. Use pbuf_cat() instead if you no longer use t.
+ * 
+ * @param h head pbuf (chain)
+ * @param t tail pbuf (chain)
+ * @note The pbufs MUST belong to the same packet.
+ * @note MAY NOT be called on a packet queue.
+ *
+ * The ->tot_len fields of all pbufs of the head chain are adjusted.
+ * The ->next field of the last pbuf of the head chain is adjusted.
+ * The ->ref field of the first pbuf of the tail chain is adjusted.
+ *
+ */
+void
+pbuf_chain(struct pbuf *h, struct pbuf *t)
+{
+  pbuf_cat(h, t);
+  /* t is now referenced by h */
+  pbuf_ref(t);
+  LWIP_DEBUGF(PBUF_DEBUG | LWIP_DBG_TRACE, ("pbuf_chain: %p references %p\n", (void *)h, (void *)t));
+}
+
+/**
+ * Dechains the first pbuf from its succeeding pbufs in the chain.
+ *
+ * Makes p->tot_len field equal to p->len.
+ * @param p pbuf to dechain
+ * @return remainder of the pbuf chain, or NULL if it was de-allocated.
+ * @note May not be called on a packet queue.
+ */
+struct pbuf *
+pbuf_dechain(struct pbuf *p)
+{
+  struct pbuf *q;
+  u8_t tail_gone = 1;
+  /* tail */
+  q = p->next;
+  /* pbuf has successor in chain? */
+  if (q != NULL) {
+    /* assert tot_len invariant: (p->tot_len == p->len + (p->next? p->next->tot_len: 0) */
+    LWIP_ASSERT("p->tot_len == p->len + q->tot_len", q->tot_len == p->tot_len - p->len);
+    /* enforce invariant if assertion is disabled */
+    q->tot_len = p->tot_len - p->len;
+    /* decouple pbuf from remainder */
+    p->next = NULL;
+    /* total length of pbuf p is its own length only */
+    p->tot_len = p->len;
+    /* q is no longer referenced by p, free it */
+    LWIP_DEBUGF(PBUF_DEBUG | LWIP_DBG_TRACE, ("pbuf_dechain: unreferencing %p\n", (void *)q));
+    tail_gone = pbuf_free(q);
+    if (tail_gone > 0) {
+      LWIP_DEBUGF(PBUF_DEBUG | LWIP_DBG_TRACE,
+                  ("pbuf_dechain: deallocated %p (as it is no longer referenced)\n", (void *)q));
+    }
+    /* return remaining tail or NULL if deallocated */
+  }
+  /* assert tot_len invariant: (p->tot_len == p->len + (p->next? p->next->tot_len: 0) */
+  LWIP_ASSERT("p->tot_len == p->len", p->tot_len == p->len);
+  return ((tail_gone > 0) ? NULL : q);
+}
+
+/**
+ *
+ * Create PBUF_RAM copies of pbufs.
+ *
+ * Used to queue packets on behalf of the lwIP stack, such as
+ * ARP based queueing.
+ *
+ * @note You MUST explicitly use p = pbuf_take(p);
+ *
+ * @note Only one packet is copied, no packet queue!
+ *
+ * @param p_to pbuf destination of the copy
+ * @param p_from pbuf source of the copy
+ *
+ * @return ERR_OK if pbuf was copied
+ *         ERR_ARG if one of the pbufs is NULL or p_to is not big
+ *                 enough to hold p_from
+ */
+err_t
+pbuf_copy(struct pbuf *p_to, struct pbuf *p_from)
+{
+  u16_t offset_to=0, offset_from=0, len;
+
+  LWIP_DEBUGF(PBUF_DEBUG | LWIP_DBG_TRACE, ("pbuf_copy(%p, %p)\n",
+    (void*)p_to, (void*)p_from));
+
+  /* is the target big enough to hold the source? */
+  LWIP_ERROR("pbuf_copy: target not big enough to hold source", ((p_to != NULL) &&
+             (p_from != NULL) && (p_to->tot_len >= p_from->tot_len)), return ERR_ARG;);
+
+  /* iterate through pbuf chain */
+  do
+  {
+    /* copy one part of the original chain */
+    if ((p_to->len - offset_to) >= (p_from->len - offset_from)) {
+      /* complete current p_from fits into current p_to */
+      len = p_from->len - offset_from;
+    } else {
+      /* current p_from does not fit into current p_to */
+      len = p_to->len - offset_to;
+    }
+    MEMCPY((u8_t*)p_to->payload + offset_to, (u8_t*)p_from->payload + offset_from, len);
+    offset_to += len;
+    offset_from += len;
+    LWIP_ASSERT("offset_to <= p_to->len", offset_to <= p_to->len);
+    LWIP_ASSERT("offset_from <= p_from->len", offset_from <= p_from->len);
+    if (offset_from >= p_from->len) {
+      /* on to next p_from (if any) */
+      offset_from = 0;
+      p_from = p_from->next;
+    }
+    if (offset_to == p_to->len) {
+      /* on to next p_to (if any) */
+      offset_to = 0;
+      p_to = p_to->next;
+      LWIP_ERROR("p_to != NULL", (p_to != NULL) || (p_from == NULL) , return ERR_ARG;);
+    }
+
+    if((p_from != NULL) && (p_from->len == p_from->tot_len)) {
+      /* don't copy more than one packet! */
+      LWIP_ERROR("pbuf_copy() does not allow packet queues!\n",
+                 (p_from->next == NULL), return ERR_VAL;);
+    }
+    if((p_to != NULL) && (p_to->len == p_to->tot_len)) {
+      /* don't copy more than one packet! */
+      LWIP_ERROR("pbuf_copy() does not allow packet queues!\n",
+                  (p_to->next == NULL), return ERR_VAL;);
+    }
+  } while (p_from);
+  LWIP_DEBUGF(PBUF_DEBUG | LWIP_DBG_TRACE, ("pbuf_copy: end of chain reached.\n"));
+  return ERR_OK;
+}
+
+/**
+ * Copy (part of) the contents of a packet buffer
+ * to an application supplied buffer.
+ *
+ * @param buf the pbuf from which to copy data
+ * @param dataptr the application supplied buffer
+ * @param len length of data to copy (dataptr must be big enough). No more 
+ * than buf->tot_len will be copied, irrespective of len
+ * @param offset offset into the packet buffer from where to begin copying len bytes
+ * @return the number of bytes copied, or 0 on failure
+ */
+u16_t
+pbuf_copy_partial(struct pbuf *buf, void *dataptr, u16_t len, u16_t offset)
+{
+  struct pbuf *p;
+  u16_t left;
+  u16_t buf_copy_len;
+  u16_t copied_total = 0;
+
+  LWIP_ERROR("pbuf_copy_partial: invalid buf", (buf != NULL), return 0;);
+  LWIP_ERROR("pbuf_copy_partial: invalid dataptr", (dataptr != NULL), return 0;);
+
+  left = 0;
+
+  if((buf == NULL) || (dataptr == NULL)) {
+    return 0;
+  }
+
+  /* Note some systems use byte copy if dataptr or one of the pbuf payload pointers are unaligned. */
+  for(p = buf; len != 0 && p != NULL; p = p->next) {
+    if ((offset != 0) && (offset >= p->len)) {
+      /* don't copy from this buffer -> on to the next */
+      offset -= p->len;
+    } else {
+      /* copy from this buffer. maybe only partially. */
+      buf_copy_len = p->len - offset;
+      if (buf_copy_len > len)
+          buf_copy_len = len;
+      /* copy the necessary parts of the buffer */
+      MEMCPY(&((char*)dataptr)[left], &((char*)p->payload)[offset], buf_copy_len);
+      copied_total += buf_copy_len;
+      left += buf_copy_len;
+      len -= buf_copy_len;
+      offset = 0;
+    }
+  }
+  return copied_total;
+}
+
+/**
+ * Copy application supplied data into a pbuf.
+ * This function can only be used to copy the equivalent of buf->tot_len data.
+ *
+ * @param buf pbuf to fill with data
+ * @param dataptr application supplied data buffer
+ * @param len length of the application supplied data buffer
+ *
+ * @return ERR_OK if successful, ERR_MEM if the pbuf is not big enough
+ */
+err_t
+pbuf_take(struct pbuf *buf, const void *dataptr, u16_t len)
+{
+  struct pbuf *p;
+  u16_t buf_copy_len;
+  u16_t total_copy_len = len;
+  u16_t copied_total = 0;
+
+  LWIP_ERROR("pbuf_take: invalid buf", (buf != NULL), return 0;);
+  LWIP_ERROR("pbuf_take: invalid dataptr", (dataptr != NULL), return 0;);
+
+  if ((buf == NULL) || (dataptr == NULL) || (buf->tot_len < len)) {
+    return ERR_ARG;
+  }
+
+  /* Note some systems use byte copy if dataptr or one of the pbuf payload pointers are unaligned. */
+  for(p = buf; total_copy_len != 0; p = p->next) {
+    LWIP_ASSERT("pbuf_take: invalid pbuf", p != NULL);
+    buf_copy_len = total_copy_len;
+    if (buf_copy_len > p->len) {
+      /* this pbuf cannot hold all remaining data */
+      buf_copy_len = p->len;
+    }
+    /* copy the necessary parts of the buffer */
+    MEMCPY(p->payload, &((char*)dataptr)[copied_total], buf_copy_len);
+    total_copy_len -= buf_copy_len;
+    copied_total += buf_copy_len;
+  }
+  LWIP_ASSERT("did not copy all data", total_copy_len == 0 && copied_total == len);
+  return ERR_OK;
+}
+
+/**
+ * Creates a single pbuf out of a queue of pbufs.
+ *
+ * @remark: Either the source pbuf 'p' is freed by this function or the original
+ *          pbuf 'p' is returned, therefore the caller has to check the result!
+ *
+ * @param p the source pbuf
+ * @param layer pbuf_layer of the new pbuf
+ *
+ * @return a new, single pbuf (p->next is NULL)
+ *         or the old pbuf if allocation fails
+ */
+struct pbuf*
+pbuf_coalesce(struct pbuf *p, pbuf_layer layer)
+{
+  struct pbuf *q;
+  err_t err;
+  if (p->next == NULL) {
+    return p;
+  }
+  q = pbuf_alloc(layer, p->tot_len, PBUF_RAM);
+  if (q == NULL) {
+    /* @todo: what do we do now? */
+    return p;
+  }
+  err = pbuf_copy(q, p);
+  LWIP_ASSERT("pbuf_copy failed", err == ERR_OK);
+  pbuf_free(p);
+  return q;
+}
+
+#if LWIP_CHECKSUM_ON_COPY
+/**
+ * Copies data into a single pbuf (*not* into a pbuf queue!) and updates
+ * the checksum while copying
+ *
+ * @param p the pbuf to copy data into
+ * @param start_offset offset of p->payload where to copy the data to
+ * @param dataptr data to copy into the pbuf
+ * @param len length of data to copy into the pbuf
+ * @param chksum pointer to the checksum which is updated
+ * @return ERR_OK if successful, another error if the data does not fit
+ *         within the (first) pbuf (no pbuf queues!)
+ */
+err_t
+pbuf_fill_chksum(struct pbuf *p, u16_t start_offset, const void *dataptr,
+                 u16_t len, u16_t *chksum)
+{
+  u32_t acc;
+  u16_t copy_chksum;
+  char *dst_ptr;
+  LWIP_ASSERT("p != NULL", p != NULL);
+  LWIP_ASSERT("dataptr != NULL", dataptr != NULL);
+  LWIP_ASSERT("chksum != NULL", chksum != NULL);
+  LWIP_ASSERT("len != 0", len != 0);
+
+  if ((start_offset >= p->len) || (start_offset + len > p->len)) {
+    return ERR_ARG;
+  }
+
+  dst_ptr = ((char*)p->payload) + start_offset;
+  copy_chksum = LWIP_CHKSUM_COPY(dst_ptr, dataptr, len);
+  if ((start_offset & 1) != 0) {
+    copy_chksum = SWAP_BYTES_IN_WORD(copy_chksum);
+  }
+  acc = *chksum;
+  acc += copy_chksum;
+  *chksum = FOLD_U32T(acc);
+  return ERR_OK;
+}
+#endif /* LWIP_CHECKSUM_ON_COPY */
+
+ /** Get one byte from the specified position in a pbuf
+ * WARNING: returns zero for offset >= p->tot_len
+ *
+ * @param p pbuf to parse
+ * @param offset offset into p of the byte to return
+ * @return byte at an offset into p OR ZERO IF 'offset' >= p->tot_len
+ */
+u8_t
+pbuf_get_at(struct pbuf* p, u16_t offset)
+{
+  u16_t copy_from = offset;
+  struct pbuf* q = p;
+
+  /* get the correct pbuf */
+  while ((q != NULL) && (q->len <= copy_from)) {
+    copy_from -= q->len;
+    q = q->next;
+  }
+  /* return requested data if pbuf is OK */
+  if ((q != NULL) && (q->len > copy_from)) {
+    return ((u8_t*)q->payload)[copy_from];
+  }
+  return 0;
+}
+
+/** Compare pbuf contents at specified offset with memory s2, both of length n
+ *
+ * @param p pbuf to compare
+ * @param offset offset into p at wich to start comparing
+ * @param s2 buffer to compare
+ * @param n length of buffer to compare
+ * @return zero if equal, nonzero otherwise
+ *         (0xffff if p is too short, diffoffset+1 otherwise)
+ */
+u16_t
+pbuf_memcmp(struct pbuf* p, u16_t offset, const void* s2, u16_t n)
+{
+  u16_t start = offset;
+  struct pbuf* q = p;
+
+  /* get the correct pbuf */
+  while ((q != NULL) && (q->len <= start)) {
+    start -= q->len;
+    q = q->next;
+  }
+  /* return requested data if pbuf is OK */
+  if ((q != NULL) && (q->len > start)) {
+    u16_t i;
+    for(i = 0; i < n; i++) {
+      u8_t a = pbuf_get_at(q, start + i);
+      u8_t b = ((u8_t*)s2)[i];
+      if (a != b) {
+        return i+1;
+      }
+    }
+    return 0;
+  }
+  return 0xffff;
+}
+
+/** Find occurrence of mem (with length mem_len) in pbuf p, starting at offset
+ * start_offset.
+ *
+ * @param p pbuf to search, maximum length is 0xFFFE since 0xFFFF is used as
+ *        return value 'not found'
+ * @param mem search for the contents of this buffer
+ * @param mem_len length of 'mem'
+ * @param start_offset offset into p at which to start searching
+ * @return 0xFFFF if substr was not found in p or the index where it was found
+ */
+u16_t
+pbuf_memfind(struct pbuf* p, const void* mem, u16_t mem_len, u16_t start_offset)
+{
+  u16_t i;
+  u16_t max = p->tot_len - mem_len;
+  if (p->tot_len >= mem_len + start_offset) {
+    for(i = start_offset; i <= max; ) {
+      u16_t plus = pbuf_memcmp(p, i, mem, mem_len);
+      if (plus == 0) {
+        return i;
+      } else {
+        i += plus;
+      }
+    }
+  }
+  return 0xFFFF;
+}
+
+/** Find occurrence of substr with length substr_len in pbuf p, start at offset
+ * start_offset
+ * WARNING: in contrast to strstr(), this one does not stop at the first \0 in
+ * the pbuf/source string!
+ *
+ * @param p pbuf to search, maximum length is 0xFFFE since 0xFFFF is used as
+ *        return value 'not found'
+ * @param substr string to search for in p, maximum length is 0xFFFE
+ * @return 0xFFFF if substr was not found in p or the index where it was found
+ */
+u16_t
+pbuf_strstr(struct pbuf* p, const char* substr)
+{
+  size_t substr_len;
+  if ((substr == NULL) || (substr[0] == 0) || (p->tot_len == 0xFFFF)) {
+    return 0xFFFF;
+  }
+  substr_len = strlen(substr);
+  if (substr_len >= 0xFFFF) {
+    return 0xFFFF;
+  }
+  return pbuf_memfind(p, substr, (u16_t)substr_len, 0);
+}
diff --git a/client/3rd/PacketProcessor/PacketProcessor/tun2socks-iOS/lwip/src/core/stats.c b/client/3rd/PacketProcessor/PacketProcessor/tun2socks-iOS/lwip/src/core/stats.c
new file mode 100644
index 00000000..06fbe0f2
--- /dev/null
+++ b/client/3rd/PacketProcessor/PacketProcessor/tun2socks-iOS/lwip/src/core/stats.c
@@ -0,0 +1,181 @@
+/**
+ * @file
+ * Statistics module
+ *
+ */
+
+/*
+ * Copyright (c) 2001-2004 Swedish Institute of Computer Science.
+ * All rights reserved. 
+ * 
+ * Redistribution and use in source and binary forms, with or without modification, 
+ * are permitted provided that the following conditions are met:
+ *
+ * 1. Redistributions of source code must retain the above copyright notice,
+ *    this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright notice,
+ *    this list of conditions and the following disclaimer in the documentation
+ *    and/or other materials provided with the distribution.
+ * 3. The name of the author may not be used to endorse or promote products
+ *    derived from this software without specific prior written permission. 
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE AUTHOR ``AS IS'' AND ANY EXPRESS OR IMPLIED 
+ * WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF 
+ * MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT 
+ * SHALL THE AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, 
+ * EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT 
+ * OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS 
+ * INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN 
+ * CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING 
+ * IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY 
+ * OF SUCH DAMAGE.
+ *
+ * This file is part of the lwIP TCP/IP stack.
+ * 
+ * Author: Adam Dunkels <adam@sics.se>
+ *
+ */
+
+#include "lwip/opt.h"
+
+#if LWIP_STATS /* don't build if not configured for use in lwipopts.h */
+
+#include "lwip/def.h"
+#include "lwip/stats.h"
+#include "lwip/mem.h"
+
+#include <string.h>
+
+struct stats_ lwip_stats;
+
+void stats_init(void)
+{
+#ifdef LWIP_DEBUG
+#if MEMP_STATS
+  const char * memp_names[] = {
+#define LWIP_MEMPOOL(name,num,size,desc) desc,
+#include "lwip/memp_std.h"
+  };
+  int i;
+  for (i = 0; i < MEMP_MAX; i++) {
+    lwip_stats.memp[i].name = memp_names[i];
+  }
+#endif /* MEMP_STATS */
+#if MEM_STATS
+  lwip_stats.mem.name = "MEM";
+#endif /* MEM_STATS */
+#endif /* LWIP_DEBUG */
+}
+
+#if LWIP_STATS_DISPLAY
+void
+stats_display_proto(struct stats_proto *proto, const char *name)
+{
+  LWIP_PLATFORM_DIAG(("\n%s\n\t", name));
+  LWIP_PLATFORM_DIAG(("xmit: %"STAT_COUNTER_F"\n\t", proto->xmit)); 
+  LWIP_PLATFORM_DIAG(("recv: %"STAT_COUNTER_F"\n\t", proto->recv)); 
+  LWIP_PLATFORM_DIAG(("fw: %"STAT_COUNTER_F"\n\t", proto->fw)); 
+  LWIP_PLATFORM_DIAG(("drop: %"STAT_COUNTER_F"\n\t", proto->drop)); 
+  LWIP_PLATFORM_DIAG(("chkerr: %"STAT_COUNTER_F"\n\t", proto->chkerr)); 
+  LWIP_PLATFORM_DIAG(("lenerr: %"STAT_COUNTER_F"\n\t", proto->lenerr)); 
+  LWIP_PLATFORM_DIAG(("memerr: %"STAT_COUNTER_F"\n\t", proto->memerr)); 
+  LWIP_PLATFORM_DIAG(("rterr: %"STAT_COUNTER_F"\n\t", proto->rterr)); 
+  LWIP_PLATFORM_DIAG(("proterr: %"STAT_COUNTER_F"\n\t", proto->proterr)); 
+  LWIP_PLATFORM_DIAG(("opterr: %"STAT_COUNTER_F"\n\t", proto->opterr)); 
+  LWIP_PLATFORM_DIAG(("err: %"STAT_COUNTER_F"\n\t", proto->err)); 
+  LWIP_PLATFORM_DIAG(("cachehit: %"STAT_COUNTER_F"\n", proto->cachehit)); 
+}
+
+#if IGMP_STATS
+void
+stats_display_igmp(struct stats_igmp *igmp, const char *name)
+{
+  LWIP_PLATFORM_DIAG(("\n%s\n\t", name));
+  LWIP_PLATFORM_DIAG(("xmit: %"STAT_COUNTER_F"\n\t", igmp->xmit)); 
+  LWIP_PLATFORM_DIAG(("recv: %"STAT_COUNTER_F"\n\t", igmp->recv)); 
+  LWIP_PLATFORM_DIAG(("drop: %"STAT_COUNTER_F"\n\t", igmp->drop)); 
+  LWIP_PLATFORM_DIAG(("chkerr: %"STAT_COUNTER_F"\n\t", igmp->chkerr)); 
+  LWIP_PLATFORM_DIAG(("lenerr: %"STAT_COUNTER_F"\n\t", igmp->lenerr)); 
+  LWIP_PLATFORM_DIAG(("memerr: %"STAT_COUNTER_F"\n\t", igmp->memerr)); 
+  LWIP_PLATFORM_DIAG(("proterr: %"STAT_COUNTER_F"\n\t", igmp->proterr)); 
+  LWIP_PLATFORM_DIAG(("rx_v1: %"STAT_COUNTER_F"\n\t", igmp->rx_v1)); 
+  LWIP_PLATFORM_DIAG(("rx_group: %"STAT_COUNTER_F"\n\t", igmp->rx_group));
+  LWIP_PLATFORM_DIAG(("rx_general: %"STAT_COUNTER_F"\n\t", igmp->rx_general));
+  LWIP_PLATFORM_DIAG(("rx_report: %"STAT_COUNTER_F"\n\t", igmp->rx_report)); 
+  LWIP_PLATFORM_DIAG(("tx_join: %"STAT_COUNTER_F"\n\t", igmp->tx_join)); 
+  LWIP_PLATFORM_DIAG(("tx_leave: %"STAT_COUNTER_F"\n\t", igmp->tx_leave)); 
+  LWIP_PLATFORM_DIAG(("tx_report: %"STAT_COUNTER_F"\n\t", igmp->tx_report)); 
+}
+#endif /* IGMP_STATS */
+
+#if MEM_STATS || MEMP_STATS
+void
+stats_display_mem(struct stats_mem *mem, const char *name)
+{
+  LWIP_PLATFORM_DIAG(("\nMEM %s\n\t", name));
+  LWIP_PLATFORM_DIAG(("avail: %"U32_F"\n\t", (u32_t)mem->avail)); 
+  LWIP_PLATFORM_DIAG(("used: %"U32_F"\n\t", (u32_t)mem->used)); 
+  LWIP_PLATFORM_DIAG(("max: %"U32_F"\n\t", (u32_t)mem->max)); 
+  LWIP_PLATFORM_DIAG(("err: %"U32_F"\n", (u32_t)mem->err));
+}
+
+#if MEMP_STATS
+void
+stats_display_memp(struct stats_mem *mem, int index)
+{
+  char * memp_names[] = {
+#define LWIP_MEMPOOL(name,num,size,desc) desc,
+#include "lwip/memp_std.h"
+  };
+  if(index < MEMP_MAX) {
+    stats_display_mem(mem, memp_names[index]);
+  }
+}
+#endif /* MEMP_STATS */
+#endif /* MEM_STATS || MEMP_STATS */
+
+#if SYS_STATS
+void
+stats_display_sys(struct stats_sys *sys)
+{
+  LWIP_PLATFORM_DIAG(("\nSYS\n\t"));
+  LWIP_PLATFORM_DIAG(("sem.used:  %"U32_F"\n\t", (u32_t)sys->sem.used)); 
+  LWIP_PLATFORM_DIAG(("sem.max:   %"U32_F"\n\t", (u32_t)sys->sem.max)); 
+  LWIP_PLATFORM_DIAG(("sem.err:   %"U32_F"\n\t", (u32_t)sys->sem.err)); 
+  LWIP_PLATFORM_DIAG(("mutex.used: %"U32_F"\n\t", (u32_t)sys->mutex.used)); 
+  LWIP_PLATFORM_DIAG(("mutex.max:  %"U32_F"\n\t", (u32_t)sys->mutex.max)); 
+  LWIP_PLATFORM_DIAG(("mutex.err:  %"U32_F"\n\t", (u32_t)sys->mutex.err)); 
+  LWIP_PLATFORM_DIAG(("mbox.used:  %"U32_F"\n\t", (u32_t)sys->mbox.used)); 
+  LWIP_PLATFORM_DIAG(("mbox.max:   %"U32_F"\n\t", (u32_t)sys->mbox.max)); 
+  LWIP_PLATFORM_DIAG(("mbox.err:   %"U32_F"\n\t", (u32_t)sys->mbox.err)); 
+}
+#endif /* SYS_STATS */
+
+void
+stats_display(void)
+{
+  s16_t i;
+
+  LINK_STATS_DISPLAY();
+  ETHARP_STATS_DISPLAY();
+  IPFRAG_STATS_DISPLAY();
+  IP6_FRAG_STATS_DISPLAY();
+  IP_STATS_DISPLAY();
+  ND6_STATS_DISPLAY();
+  IP6_STATS_DISPLAY();
+  IGMP_STATS_DISPLAY();
+  MLD6_STATS_DISPLAY();
+  ICMP_STATS_DISPLAY();
+  ICMP6_STATS_DISPLAY();
+  UDP_STATS_DISPLAY();
+  TCP_STATS_DISPLAY();
+  MEM_STATS_DISPLAY();
+  for (i = 0; i < MEMP_MAX; i++) {
+    MEMP_STATS_DISPLAY(i);
+  }
+  SYS_STATS_DISPLAY();
+}
+#endif /* LWIP_STATS_DISPLAY */
+
+#endif /* LWIP_STATS */
+
diff --git a/client/3rd/PacketProcessor/PacketProcessor/tun2socks-iOS/lwip/src/core/tcp.c b/client/3rd/PacketProcessor/PacketProcessor/tun2socks-iOS/lwip/src/core/tcp.c
new file mode 100644
index 00000000..55496d05
--- /dev/null
+++ b/client/3rd/PacketProcessor/PacketProcessor/tun2socks-iOS/lwip/src/core/tcp.c
@@ -0,0 +1,1852 @@
+/**
+ * @file
+ * Transmission Control Protocol for IP
+ *
+ * This file contains common functions for the TCP implementation, such as functinos
+ * for manipulating the data structures and the TCP timer functions. TCP functions
+ * related to input and output is found in tcp_in.c and tcp_out.c respectively.
+ *
+ */
+
+/*
+ * Copyright (c) 2001-2004 Swedish Institute of Computer Science.
+ * All rights reserved. 
+ * 
+ * Redistribution and use in source and binary forms, with or without modification, 
+ * are permitted provided that the following conditions are met:
+ *
+ * 1. Redistributions of source code must retain the above copyright notice,
+ *    this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright notice,
+ *    this list of conditions and the following disclaimer in the documentation
+ *    and/or other materials provided with the distribution.
+ * 3. The name of the author may not be used to endorse or promote products
+ *    derived from this software without specific prior written permission. 
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE AUTHOR ``AS IS'' AND ANY EXPRESS OR IMPLIED 
+ * WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF 
+ * MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT 
+ * SHALL THE AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, 
+ * EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT 
+ * OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS 
+ * INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN 
+ * CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING 
+ * IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY 
+ * OF SUCH DAMAGE.
+ *
+ * This file is part of the lwIP TCP/IP stack.
+ * 
+ * Author: Adam Dunkels <adam@sics.se>
+ *
+ */
+
+#include "lwip/opt.h"
+
+#if LWIP_TCP /* don't build if not configured for use in lwipopts.h */
+
+#include "lwip/def.h"
+#include "lwip/mem.h"
+#include "lwip/memp.h"
+#include "lwip/snmp.h"
+#include "lwip/tcp.h"
+#include "lwip/tcp_impl.h"
+#include "lwip/debug.h"
+#include "lwip/stats.h"
+#include "lwip/ip6.h"
+#include "lwip/ip6_addr.h"
+#include "lwip/nd6.h"
+
+#include <string.h>
+
+#ifndef TCP_LOCAL_PORT_RANGE_START
+/* From http://www.iana.org/assignments/port-numbers:
+   "The Dynamic and/or Private Ports are those from 49152 through 65535" */
+#define TCP_LOCAL_PORT_RANGE_START        0xc000
+#define TCP_LOCAL_PORT_RANGE_END          0xffff
+#define TCP_ENSURE_LOCAL_PORT_RANGE(port) (((port) & ~TCP_LOCAL_PORT_RANGE_START) + TCP_LOCAL_PORT_RANGE_START)
+#endif
+
+#if LWIP_TCP_KEEPALIVE
+#define TCP_KEEP_DUR(pcb)   ((pcb)->keep_cnt * (pcb)->keep_intvl)
+#define TCP_KEEP_INTVL(pcb) ((pcb)->keep_intvl)
+#else /* LWIP_TCP_KEEPALIVE */
+#define TCP_KEEP_DUR(pcb)   TCP_MAXIDLE
+#define TCP_KEEP_INTVL(pcb) TCP_KEEPINTVL_DEFAULT
+#endif /* LWIP_TCP_KEEPALIVE */
+
+const char * const tcp_state_str[] = {
+  "CLOSED",      
+  "LISTEN",      
+  "SYN_SENT",    
+  "SYN_RCVD",    
+  "ESTABLISHED", 
+  "FIN_WAIT_1",  
+  "FIN_WAIT_2",  
+  "CLOSE_WAIT",  
+  "CLOSING",     
+  "LAST_ACK",    
+  "TIME_WAIT"   
+};
+
+/* last local TCP port */
+static u16_t tcp_port = TCP_LOCAL_PORT_RANGE_START;
+
+/* Incremented every coarse grained timer shot (typically every 500 ms). */
+u32_t tcp_ticks;
+const u8_t tcp_backoff[13] =
+    { 1, 2, 3, 4, 5, 6, 7, 7, 7, 7, 7, 7, 7};
+ /* Times per slowtmr hits */
+const u8_t tcp_persist_backoff[7] = { 3, 6, 12, 24, 48, 96, 120 };
+
+/* The TCP PCB lists. */
+
+/** List of all TCP PCBs bound but not yet (connected || listening) */
+struct tcp_pcb *tcp_bound_pcbs;
+/** List of all TCP PCBs in LISTEN state */
+union tcp_listen_pcbs_t tcp_listen_pcbs;
+/** List of all TCP PCBs that are in a state in which
+ * they accept or send data. */
+struct tcp_pcb *tcp_active_pcbs;
+/** List of all TCP PCBs in TIME-WAIT state */
+struct tcp_pcb *tcp_tw_pcbs;
+
+#define NUM_TCP_PCB_LISTS               4
+#define NUM_TCP_PCB_LISTS_NO_TIME_WAIT  3
+/** An array with all (non-temporary) PCB lists, mainly used for smaller code size */
+struct tcp_pcb ** const tcp_pcb_lists[] = {&tcp_listen_pcbs.pcbs, &tcp_bound_pcbs,
+  &tcp_active_pcbs, &tcp_tw_pcbs};
+
+/** Only used for temporary storage. */
+struct tcp_pcb *tcp_tmp_pcb;
+
+u8_t tcp_active_pcbs_changed;
+
+/** Timer counter to handle calling slow-timer from tcp_tmr() */ 
+static u8_t tcp_timer;
+static u8_t tcp_timer_ctr;
+static u16_t tcp_new_port(void);
+
+/**
+ * Initialize this module.
+ */
+void
+tcp_init(void)
+{
+#if LWIP_RANDOMIZE_INITIAL_LOCAL_PORTS && defined(LWIP_RAND)
+  tcp_port = TCP_ENSURE_LOCAL_PORT_RANGE(LWIP_RAND());
+#endif /* LWIP_RANDOMIZE_INITIAL_LOCAL_PORTS && defined(LWIP_RAND) */
+}
+
+/**
+ * Called periodically to dispatch TCP timers.
+ */
+void
+tcp_tmr(void)
+{
+  /* Call tcp_fasttmr() every 250 ms */
+  tcp_fasttmr();
+
+  if (++tcp_timer & 1) {
+    /* Call tcp_tmr() every 500 ms, i.e., every other timer
+       tcp_tmr() is called. */
+    tcp_slowtmr();
+  }
+}
+
+/**
+ * Closes the TX side of a connection held by the PCB.
+ * For tcp_close(), a RST is sent if the application didn't receive all data
+ * (tcp_recved() not called for all data passed to recv callback).
+ *
+ * Listening pcbs are freed and may not be referenced any more.
+ * Connection pcbs are freed if not yet connected and may not be referenced
+ * any more. If a connection is established (at least SYN received or in
+ * a closing state), the connection is closed, and put in a closing state.
+ * The pcb is then automatically freed in tcp_slowtmr(). It is therefore
+ * unsafe to reference it.
+ *
+ * @param pcb the tcp_pcb to close
+ * @return ERR_OK if connection has been closed
+ *         another err_t if closing failed and pcb is not freed
+ */
+static err_t
+tcp_close_shutdown(struct tcp_pcb *pcb, u8_t rst_on_unacked_data)
+{
+  err_t err;
+
+  if (rst_on_unacked_data && ((pcb->state == ESTABLISHED) || (pcb->state == CLOSE_WAIT))) {
+    if ((pcb->refused_data != NULL) || (pcb->rcv_wnd != TCP_WND)) {
+      /* Not all data received by application, send RST to tell the remote
+         side about this. */
+      LWIP_ASSERT("pcb->flags & TF_RXCLOSED", pcb->flags & TF_RXCLOSED);
+
+      /* don't call tcp_abort here: we must not deallocate the pcb since
+         that might not be expected when calling tcp_close */
+      tcp_rst(pcb->snd_nxt, pcb->rcv_nxt, &pcb->local_ip, &pcb->remote_ip,
+               pcb->local_port, pcb->remote_port, PCB_ISIPV6(pcb));
+
+      tcp_pcb_purge(pcb);
+      TCP_RMV_ACTIVE(pcb);
+      if (pcb->state == ESTABLISHED) {
+        /* move to TIME_WAIT since we close actively */
+        pcb->state = TIME_WAIT;
+        TCP_REG(&tcp_tw_pcbs, pcb);
+      } else {
+        /* CLOSE_WAIT: deallocate the pcb since we already sent a RST for it */
+        memp_free(MEMP_TCP_PCB, pcb);
+      }
+      return ERR_OK;
+    }
+  }
+
+  switch (pcb->state) {
+  case CLOSED:
+    /* Closing a pcb in the CLOSED state might seem erroneous,
+     * however, it is in this state once allocated and as yet unused
+     * and the user needs some way to free it should the need arise.
+     * Calling tcp_close() with a pcb that has already been closed, (i.e. twice)
+     * or for a pcb that has been used and then entered the CLOSED state 
+     * is erroneous, but this should never happen as the pcb has in those cases
+     * been freed, and so any remaining handles are bogus. */
+    err = ERR_OK;
+    if (pcb->local_port != 0 || pcb->bound_to_netif) {
+      TCP_RMV(&tcp_bound_pcbs, pcb);
+    }
+    memp_free(MEMP_TCP_PCB, pcb);
+    pcb = NULL;
+    break;
+  case LISTEN:
+    err = ERR_OK;
+    tcp_pcb_remove(&tcp_listen_pcbs.pcbs, pcb);
+    memp_free(MEMP_TCP_PCB_LISTEN, pcb);
+    pcb = NULL;
+    break;
+  case SYN_SENT:
+    err = ERR_OK;
+    TCP_PCB_REMOVE_ACTIVE(pcb);
+    memp_free(MEMP_TCP_PCB, pcb);
+    pcb = NULL;
+    snmp_inc_tcpattemptfails();
+    break;
+  case SYN_RCVD:
+    err = tcp_send_fin(pcb);
+    if (err == ERR_OK) {
+      snmp_inc_tcpattemptfails();
+      pcb->state = FIN_WAIT_1;
+    }
+    break;
+  case ESTABLISHED:
+    err = tcp_send_fin(pcb);
+    if (err == ERR_OK) {
+      snmp_inc_tcpestabresets();
+      pcb->state = FIN_WAIT_1;
+    }
+    break;
+  case CLOSE_WAIT:
+    err = tcp_send_fin(pcb);
+    if (err == ERR_OK) {
+      snmp_inc_tcpestabresets();
+      pcb->state = LAST_ACK;
+    }
+    break;
+  default:
+    /* Has already been closed, do nothing. */
+    err = ERR_OK;
+    pcb = NULL;
+    break;
+  }
+
+  if (pcb != NULL && err == ERR_OK) {
+    /* To ensure all data has been sent when tcp_close returns, we have
+       to make sure tcp_output doesn't fail.
+       Since we don't really have to ensure all data has been sent when tcp_close
+       returns (unsent data is sent from tcp timer functions, also), we don't care
+       for the return value of tcp_output for now. */
+    /* @todo: When implementing SO_LINGER, this must be changed somehow:
+       If SOF_LINGER is set, the data should be sent and acked before close returns.
+       This can only be valid for sequential APIs, not for the raw API. */
+    tcp_output(pcb);
+  }
+  return err;
+}
+
+/**
+ * Closes the connection held by the PCB.
+ *
+ * Listening pcbs are freed and may not be referenced any more.
+ * Connection pcbs are freed if not yet connected and may not be referenced
+ * any more. If a connection is established (at least SYN received or in
+ * a closing state), the connection is closed, and put in a closing state.
+ * The pcb is then automatically freed in tcp_slowtmr(). It is therefore
+ * unsafe to reference it (unless an error is returned).
+ *
+ * @param pcb the tcp_pcb to close
+ * @return ERR_OK if connection has been closed
+ *         another err_t if closing failed and pcb is not freed
+ */
+err_t
+tcp_close(struct tcp_pcb *pcb)
+{
+#if TCP_DEBUG
+  LWIP_DEBUGF(TCP_DEBUG, ("tcp_close: closing in "));
+  tcp_debug_print_state(pcb->state);
+#endif /* TCP_DEBUG */
+
+  if (pcb->state != LISTEN) {
+    /* Set a flag not to receive any more data... */
+    pcb->flags |= TF_RXCLOSED;
+  }
+  /* ... and close */
+  return tcp_close_shutdown(pcb, 1);
+}
+
+/**
+ * Causes all or part of a full-duplex connection of this PCB to be shut down.
+ * This doesn't deallocate the PCB unless shutting down both sides!
+ * Shutting down both sides is the same as calling tcp_close, so if it succeds,
+ * the PCB should not be referenced any more.
+ *
+ * @param pcb PCB to shutdown
+ * @param shut_rx shut down receive side if this is != 0
+ * @param shut_tx shut down send side if this is != 0
+ * @return ERR_OK if shutdown succeeded (or the PCB has already been shut down)
+ *         another err_t on error.
+ */
+err_t
+tcp_shutdown(struct tcp_pcb *pcb, int shut_rx, int shut_tx)
+{
+  if (pcb->state == LISTEN) {
+    return ERR_CONN;
+  }
+  if (shut_rx) {
+    /* shut down the receive side: set a flag not to receive any more data... */
+    pcb->flags |= TF_RXCLOSED;
+    if (shut_tx) {
+      /* shutting down the tx AND rx side is the same as closing for the raw API */
+      return tcp_close_shutdown(pcb, 1);
+    }
+    /* ... and free buffered data */
+    if (pcb->refused_data != NULL) {
+      pbuf_free(pcb->refused_data);
+      pcb->refused_data = NULL;
+    }
+  }
+  if (shut_tx) {
+    /* This can't happen twice since if it succeeds, the pcb's state is changed.
+       Only close in these states as the others directly deallocate the PCB */
+    switch (pcb->state) {
+    case SYN_RCVD:
+    case ESTABLISHED:
+    case CLOSE_WAIT:
+      return tcp_close_shutdown(pcb, shut_rx);
+    default:
+      /* Not (yet?) connected, cannot shutdown the TX side as that would bring us
+        into CLOSED state, where the PCB is deallocated. */
+      return ERR_CONN;
+    }
+  }
+  return ERR_OK;
+}
+
+/**
+ * Abandons a connection and optionally sends a RST to the remote
+ * host.  Deletes the local protocol control block. This is done when
+ * a connection is killed because of shortage of memory.
+ *
+ * @param pcb the tcp_pcb to abort
+ * @param reset boolean to indicate whether a reset should be sent
+ */
+void
+tcp_abandon(struct tcp_pcb *pcb, int reset)
+{
+  u32_t seqno, ackno;
+#if LWIP_CALLBACK_API  
+  tcp_err_fn errf;
+#endif /* LWIP_CALLBACK_API */
+  void *errf_arg;
+
+  /* pcb->state LISTEN not allowed here */
+  LWIP_ASSERT("don't call tcp_abort/tcp_abandon for listen-pcbs",
+    pcb->state != LISTEN);
+  /* Figure out on which TCP PCB list we are, and remove us. If we
+     are in an active state, call the receive function associated with
+     the PCB with a NULL argument, and send an RST to the remote end. */
+  if (pcb->state == TIME_WAIT) {
+    tcp_pcb_remove(&tcp_tw_pcbs, pcb);
+    memp_free(MEMP_TCP_PCB, pcb);
+  } else {
+    int send_rst = reset && (pcb->state != CLOSED);
+    seqno = pcb->snd_nxt;
+    ackno = pcb->rcv_nxt;
+#if LWIP_CALLBACK_API
+    errf = pcb->errf;
+#endif /* LWIP_CALLBACK_API */
+    errf_arg = pcb->callback_arg;
+    TCP_PCB_REMOVE_ACTIVE(pcb);
+    if (pcb->unacked != NULL) {
+      tcp_segs_free(pcb->unacked);
+    }
+    if (pcb->unsent != NULL) {
+      tcp_segs_free(pcb->unsent);
+    }
+#if TCP_QUEUE_OOSEQ    
+    if (pcb->ooseq != NULL) {
+      tcp_segs_free(pcb->ooseq);
+    }
+#endif /* TCP_QUEUE_OOSEQ */
+    if (send_rst) {
+      LWIP_DEBUGF(TCP_RST_DEBUG, ("tcp_abandon: sending RST\n"));
+      tcp_rst(seqno, ackno, &pcb->local_ip, &pcb->remote_ip, pcb->local_port, pcb->remote_port, PCB_ISIPV6(pcb));
+    }
+    memp_free(MEMP_TCP_PCB, pcb);
+    TCP_EVENT_ERR(errf, errf_arg, ERR_ABRT);
+  }
+}
+
+/**
+ * Aborts the connection by sending a RST (reset) segment to the remote
+ * host. The pcb is deallocated. This function never fails.
+ *
+ * ATTENTION: When calling this from one of the TCP callbacks, make
+ * sure you always return ERR_ABRT (and never return ERR_ABRT otherwise
+ * or you will risk accessing deallocated memory or memory leaks!
+ *
+ * @param pcb the tcp pcb to abort
+ */
+void
+tcp_abort(struct tcp_pcb *pcb)
+{
+  tcp_abandon(pcb, 1);
+}
+
+/**
+ * Binds the connection to a local portnumber and IP address. If the
+ * IP address is not given (i.e., ipaddr == NULL), the IP address of
+ * the outgoing network interface is used instead.
+ *
+ * @param pcb the tcp_pcb to bind (no check is done whether this pcb is
+ *        already bound!)
+ * @param ipaddr the local ip address to bind to (use IP_ADDR_ANY to bind
+ *        to any local address
+ * @param port the local port to bind to
+ * @return ERR_USE if the port is already in use
+ *         ERR_VAL if bind failed because the PCB is not in a valid state
+ *         ERR_OK if bound
+ */
+err_t
+tcp_bind(struct tcp_pcb *pcb, ip_addr_t *ipaddr, u16_t port)
+{
+  int i;
+  int max_pcb_list = NUM_TCP_PCB_LISTS;
+  struct tcp_pcb *cpcb;
+
+  LWIP_ERROR("tcp_bind: can only bind in state CLOSED", pcb->state == CLOSED, return ERR_VAL);
+
+#if SO_REUSE
+  /* Unless the REUSEADDR flag is set,
+     we have to check the pcbs in TIME-WAIT state, also.
+     We do not dump TIME_WAIT pcb's; they can still be matched by incoming
+     packets using both local and remote IP addresses and ports to distinguish.
+   */
+  if (ip_get_option(pcb, SOF_REUSEADDR)) {
+    max_pcb_list = NUM_TCP_PCB_LISTS_NO_TIME_WAIT;
+  }
+#endif /* SO_REUSE */
+
+  if (port == 0) {
+    port = tcp_new_port();
+    if (port == 0) {
+      return ERR_BUF;
+    }
+  }
+
+  /* Check if the address already is in use (on all lists) */
+  for (i = 0; i < max_pcb_list; i++) {
+    for(cpcb = *tcp_pcb_lists[i]; cpcb != NULL; cpcb = cpcb->next) {
+      if (cpcb->local_port == port) {
+#if SO_REUSE
+        /* Omit checking for the same port if both pcbs have REUSEADDR set.
+           For SO_REUSEADDR, the duplicate-check for a 5-tuple is done in
+           tcp_connect. */
+        if (!ip_get_option(pcb, SOF_REUSEADDR) ||
+            !ip_get_option(cpcb, SOF_REUSEADDR))
+#endif /* SO_REUSE */
+        {
+          /* @todo: check accept_any_ip_version */
+          if (IP_PCB_IPVER_EQ(pcb, cpcb) &&
+              (ipX_addr_isany(PCB_ISIPV6(pcb), &cpcb->local_ip) ||
+              ipX_addr_isany(PCB_ISIPV6(pcb), ip_2_ipX(ipaddr)) ||
+              ipX_addr_cmp(PCB_ISIPV6(pcb), &cpcb->local_ip, ip_2_ipX(ipaddr)))) {
+            return ERR_USE;
+          }
+        }
+      }
+    }
+  }
+
+  pcb->bound_to_netif = 0;
+  if (!ipX_addr_isany(PCB_ISIPV6(pcb), ip_2_ipX(ipaddr))) {
+    ipX_addr_set(PCB_ISIPV6(pcb), &pcb->local_ip, ip_2_ipX(ipaddr));
+  }
+  pcb->local_port = port;
+  TCP_REG(&tcp_bound_pcbs, pcb);
+  LWIP_DEBUGF(TCP_DEBUG, ("tcp_bind: bind to port %"U16_F"\n", port));
+  return ERR_OK;
+}
+
+err_t
+tcp_bind_to_netif(struct tcp_pcb *pcb, const char ifname[3])
+{
+  LWIP_ERROR("tcp_bind_if: can only bind in state CLOSED", pcb->state == CLOSED, return ERR_ISCONN);
+  
+  /* Check if the interface is already in use */
+  for (int i = 0; i < NUM_TCP_PCB_LISTS; i++) {
+    for(struct tcp_pcb *cpcb = *tcp_pcb_lists[i]; cpcb != NULL; cpcb = cpcb->next) {
+      if (IP_PCB_IPVER_EQ(pcb, cpcb) &&
+          cpcb->bound_to_netif &&
+          !memcmp(cpcb->local_netif, ifname, sizeof(cpcb->local_netif))) {
+        return ERR_USE;
+      }
+    }
+  }
+
+  pcb->bound_to_netif = 1;
+  ipX_addr_set_any(PCB_ISIPV6(pcb), &pcb->local_ip);
+  pcb->local_port = 0;
+  memcpy(pcb->local_netif, ifname, sizeof(pcb->local_netif));
+  TCP_REG(&tcp_bound_pcbs, pcb);
+  LWIP_DEBUGF(TCP_DEBUG, ("tcp_bind_to_netif: bind to interface %c%c%c\n", ifname[0], ifname[1], ifname[2]));
+  return ERR_OK;
+}
+
+#if LWIP_CALLBACK_API
+/**
+ * Default accept callback if no accept callback is specified by the user.
+ */
+static err_t
+tcp_accept_null(void *arg, struct tcp_pcb *pcb, err_t err)
+{
+  LWIP_UNUSED_ARG(arg);
+  LWIP_UNUSED_ARG(pcb);
+  LWIP_UNUSED_ARG(err);
+
+  return ERR_ABRT;
+}
+#endif /* LWIP_CALLBACK_API */
+
+/**
+ * Set the state of the connection to be LISTEN, which means that it
+ * is able to accept incoming connections. The protocol control block
+ * is reallocated in order to consume less memory. Setting the
+ * connection to LISTEN is an irreversible process.
+ *
+ * @param pcb the original tcp_pcb
+ * @param backlog the incoming connections queue limit
+ * @return tcp_pcb used for listening, consumes less memory.
+ *
+ * @note The original tcp_pcb is freed. This function therefore has to be
+ *       called like this:
+ *             tpcb = tcp_listen(tpcb);
+ */
+struct tcp_pcb *
+tcp_listen_with_backlog(struct tcp_pcb *pcb, u8_t backlog)
+{
+  struct tcp_pcb_listen *lpcb;
+
+  LWIP_UNUSED_ARG(backlog);
+  LWIP_ERROR("tcp_listen: pcb already connected", pcb->state == CLOSED, return NULL);
+
+  /* already listening? */
+  if (pcb->state == LISTEN) {
+    return pcb;
+  }
+#if SO_REUSE
+  if (ip_get_option(pcb, SOF_REUSEADDR) && !pcb->have_local_netif) {
+    /* Since SOF_REUSEADDR allows reusing a local address before the pcb's usage
+       is declared (listen-/connection-pcb), we have to make sure now that
+       this port is only used once for every local IP. */
+    for(lpcb = tcp_listen_pcbs.listen_pcbs; lpcb != NULL; lpcb = lpcb->next) {
+      if ((lpcb->local_port == pcb->local_port) &&
+          IP_PCB_IPVER_EQ(pcb, lpcb)) {
+        if (ipX_addr_cmp(PCB_ISIPV6(pcb), &lpcb->local_ip, &pcb->local_ip)) {
+          /* this address/port is already used */
+          return NULL;
+        }
+      }
+    }
+  }
+#endif /* SO_REUSE */
+  lpcb = (struct tcp_pcb_listen *)memp_malloc(MEMP_TCP_PCB_LISTEN);
+  if (lpcb == NULL) {
+    return NULL;
+  }
+  lpcb->callback_arg = pcb->callback_arg;
+  lpcb->bound_to_netif = pcb->bound_to_netif;
+  lpcb->local_port = pcb->local_port;
+  memcpy(lpcb->local_netif, pcb->local_netif, sizeof(pcb->local_netif));
+  lpcb->state = LISTEN;
+  lpcb->prio = pcb->prio;
+  lpcb->so_options = pcb->so_options;
+  ip_set_option(lpcb, SOF_ACCEPTCONN);
+  lpcb->ttl = pcb->ttl;
+  lpcb->tos = pcb->tos;
+#if LWIP_IPV6
+  PCB_ISIPV6(lpcb) = PCB_ISIPV6(pcb);
+  lpcb->accept_any_ip_version = 0;
+#endif /* LWIP_IPV6 */
+  ipX_addr_copy(PCB_ISIPV6(pcb), lpcb->local_ip, pcb->local_ip);
+  if (pcb->local_port != 0 || pcb->bound_to_netif) {
+    TCP_RMV(&tcp_bound_pcbs, pcb);
+  }
+  memp_free(MEMP_TCP_PCB, pcb);
+#if LWIP_CALLBACK_API
+  lpcb->accept = tcp_accept_null;
+#endif /* LWIP_CALLBACK_API */
+#if TCP_LISTEN_BACKLOG
+  lpcb->accepts_pending = 0;
+  lpcb->backlog = (backlog ? backlog : 1);
+#endif /* TCP_LISTEN_BACKLOG */
+  TCP_REG(&tcp_listen_pcbs.pcbs, (struct tcp_pcb *)lpcb);
+  return (struct tcp_pcb *)lpcb;
+}
+
+#if LWIP_IPV6
+/**
+ * Same as tcp_listen_with_backlog, but allows to accept IPv4 and IPv6
+ * connections, if the pcb's local address is set to ANY.
+ */
+struct tcp_pcb *
+tcp_listen_dual_with_backlog(struct tcp_pcb *pcb, u8_t backlog)
+{
+  struct tcp_pcb *lpcb;
+
+  lpcb = tcp_listen_with_backlog(pcb, backlog);
+  if ((lpcb != NULL) &&
+      ipX_addr_isany(PCB_ISIPV6(pcb), &pcb->local_ip)) {
+    /* The default behavior is to accept connections on either
+     * IPv4 or IPv6, if not bound. */
+    /* @see NETCONN_FLAG_IPV6_V6ONLY for changing this behavior */
+    ((struct tcp_pcb_listen*)lpcb)->accept_any_ip_version = 1;
+  }
+  return lpcb;
+}
+#endif /* LWIP_IPV6 */
+
+/**
+ * Update the state that tracks the available window space to advertise.
+ *
+ * Returns how much extra window would be advertised if we sent an
+ * update now.
+ */
+u32_t tcp_update_rcv_ann_wnd(struct tcp_pcb *pcb)
+{
+  u32_t new_right_edge = pcb->rcv_nxt + pcb->rcv_wnd;
+
+  if (TCP_SEQ_GEQ(new_right_edge, pcb->rcv_ann_right_edge + LWIP_MIN((TCP_WND / 2), pcb->mss))) {
+    /* we can advertise more window */
+    pcb->rcv_ann_wnd = pcb->rcv_wnd;
+    return new_right_edge - pcb->rcv_ann_right_edge;
+  } else {
+    if (TCP_SEQ_GT(pcb->rcv_nxt, pcb->rcv_ann_right_edge)) {
+      /* Can happen due to other end sending out of advertised window,
+       * but within actual available (but not yet advertised) window */
+      pcb->rcv_ann_wnd = 0;
+    } else {
+      /* keep the right edge of window constant */
+      u32_t new_rcv_ann_wnd = pcb->rcv_ann_right_edge - pcb->rcv_nxt;
+      LWIP_ASSERT("new_rcv_ann_wnd <= 0xffff", new_rcv_ann_wnd <= 0xffff);
+      pcb->rcv_ann_wnd = (u16_t)new_rcv_ann_wnd;
+    }
+    return 0;
+  }
+}
+
+/**
+ * This function should be called by the application when it has
+ * processed the data. The purpose is to advertise a larger window
+ * when the data has been processed.
+ *
+ * @param pcb the tcp_pcb for which data is read
+ * @param len the amount of bytes that have been read by the application
+ */
+void
+tcp_recved(struct tcp_pcb *pcb, u16_t len)
+{
+  int wnd_inflation;
+
+  /* pcb->state LISTEN not allowed here */
+  LWIP_ASSERT("don't call tcp_recved for listen-pcbs",
+    pcb->state != LISTEN);
+  LWIP_ASSERT("tcp_recved: len would wrap rcv_wnd\n",
+              len <= 0xffff - pcb->rcv_wnd );
+
+  pcb->rcv_wnd += len;
+  if (pcb->rcv_wnd > TCP_WND) {
+    pcb->rcv_wnd = TCP_WND;
+  }
+
+  wnd_inflation = tcp_update_rcv_ann_wnd(pcb);
+
+  /* If the change in the right edge of window is significant (default
+   * watermark is TCP_WND/4), then send an explicit update now.
+   * Otherwise wait for a packet to be sent in the normal course of
+   * events (or more window to be available later) */
+  if (wnd_inflation >= TCP_WND_UPDATE_THRESHOLD) {
+    tcp_ack_now(pcb);
+    tcp_output(pcb);
+  }
+
+  LWIP_DEBUGF(TCP_DEBUG, ("tcp_recved: recveived %"U16_F" bytes, wnd %"U16_F" (%"U16_F").\n",
+         len, pcb->rcv_wnd, TCP_WND - pcb->rcv_wnd));
+}
+
+/**
+ * Allocate a new local TCP port.
+ *
+ * @return a new (free) local TCP port number
+ */
+static u16_t
+tcp_new_port(void)
+{
+  u8_t i;
+  u16_t n = 0;
+  struct tcp_pcb *pcb;
+  
+again:
+  if (tcp_port++ == TCP_LOCAL_PORT_RANGE_END) {
+    tcp_port = TCP_LOCAL_PORT_RANGE_START;
+  }
+  /* Check all PCB lists. */
+  for (i = 0; i < NUM_TCP_PCB_LISTS; i++) {
+    for(pcb = *tcp_pcb_lists[i]; pcb != NULL; pcb = pcb->next) {
+      if (pcb->local_port == tcp_port) {
+        if (++n > (TCP_LOCAL_PORT_RANGE_END - TCP_LOCAL_PORT_RANGE_START)) {
+          return 0;
+        }
+        goto again;
+      }
+    }
+  }
+  return tcp_port;
+}
+
+/**
+ * Connects to another host. The function given as the "connected"
+ * argument will be called when the connection has been established.
+ *
+ * @param pcb the tcp_pcb used to establish the connection
+ * @param ipaddr the remote ip address to connect to
+ * @param port the remote tcp port to connect to
+ * @param connected callback function to call when connected (or on error)
+ * @return ERR_VAL if invalid arguments are given
+ *         ERR_OK if connect request has been sent
+ *         other err_t values if connect request couldn't be sent
+ */
+err_t
+tcp_connect(struct tcp_pcb *pcb, ip_addr_t *ipaddr, u16_t port,
+      tcp_connected_fn connected)
+{
+  err_t ret;
+  u32_t iss;
+  u16_t old_local_port;
+
+  LWIP_ERROR("tcp_connect: can only connect from state CLOSED", pcb->state == CLOSED, return ERR_ISCONN);
+  LWIP_ERROR("tcp_connect: cannot connect pcb bound to netif", !pcb->bound_to_netif, return ERR_VAL);
+
+  LWIP_DEBUGF(TCP_DEBUG, ("tcp_connect to port %"U16_F"\n", port));
+  if (ipaddr != NULL) {
+    ipX_addr_set(PCB_ISIPV6(pcb), &pcb->remote_ip, ip_2_ipX(ipaddr));
+  } else {
+    return ERR_VAL;
+  }
+  pcb->remote_port = port;
+
+  /* check if we have a route to the remote host */
+  if (ipX_addr_isany(PCB_ISIPV6(pcb), &pcb->local_ip)) {
+    /* no local IP address set, yet. */
+    struct netif *netif;
+    ipX_addr_t *local_ip;
+    ipX_route_get_local_ipX(PCB_ISIPV6(pcb), &pcb->local_ip, &pcb->remote_ip, netif, local_ip);
+    if ((netif == NULL) || (local_ip == NULL)) {
+      /* Don't even try to send a SYN packet if we have no route
+         since that will fail. */
+      return ERR_RTE;
+    }
+    /* Use the address as local address of the pcb. */
+    ipX_addr_copy(PCB_ISIPV6(pcb), pcb->local_ip, *local_ip);
+  }
+
+  old_local_port = pcb->local_port;
+  if (pcb->local_port == 0) {
+    pcb->local_port = tcp_new_port();
+    if (pcb->local_port == 0) {
+      return ERR_BUF;
+    }
+  }
+#if SO_REUSE
+  if (ip_get_option(pcb, SOF_REUSEADDR)) {
+    /* Since SOF_REUSEADDR allows reusing a local address, we have to make sure
+       now that the 5-tuple is unique. */
+    struct tcp_pcb *cpcb;
+    int i;
+    /* Don't check listen- and bound-PCBs, check active- and TIME-WAIT PCBs. */
+    for (i = 2; i < NUM_TCP_PCB_LISTS; i++) {
+      for(cpcb = *tcp_pcb_lists[i]; cpcb != NULL; cpcb = cpcb->next) {
+        if ((cpcb->local_port == pcb->local_port) &&
+            (cpcb->remote_port == port) &&
+            IP_PCB_IPVER_EQ(cpcb, pcb) &&
+            ipX_addr_cmp(PCB_ISIPV6(pcb), &cpcb->local_ip, &pcb->local_ip) &&
+            ipX_addr_cmp(PCB_ISIPV6(pcb), &cpcb->remote_ip, ip_2_ipX(ipaddr))) {
+          /* linux returns EISCONN here, but ERR_USE should be OK for us */
+          return ERR_USE;
+        }
+      }
+    }
+  }
+#endif /* SO_REUSE */
+  iss = tcp_next_iss();
+  pcb->rcv_nxt = 0;
+  pcb->snd_nxt = iss;
+  pcb->lastack = iss - 1;
+  pcb->snd_lbb = iss - 1;
+  pcb->rcv_wnd = TCP_WND;
+  pcb->rcv_ann_wnd = TCP_WND;
+  pcb->rcv_ann_right_edge = pcb->rcv_nxt;
+  pcb->snd_wnd = TCP_WND;
+  /* As initial send MSS, we use TCP_MSS but limit it to 536.
+     The send MSS is updated when an MSS option is received. */
+  pcb->mss = (TCP_MSS > 536) ? 536 : TCP_MSS;
+#if TCP_CALCULATE_EFF_SEND_MSS
+  pcb->mss = tcp_eff_send_mss(pcb->mss, &pcb->local_ip, &pcb->remote_ip, PCB_ISIPV6(pcb));
+#endif /* TCP_CALCULATE_EFF_SEND_MSS */
+  pcb->cwnd = 1;
+  pcb->ssthresh = pcb->mss * 10;
+#if LWIP_CALLBACK_API
+  pcb->connected = connected;
+#else /* LWIP_CALLBACK_API */
+  LWIP_UNUSED_ARG(connected);
+#endif /* LWIP_CALLBACK_API */
+
+  /* Send a SYN together with the MSS option. */
+  ret = tcp_enqueue_flags(pcb, TCP_SYN);
+  if (ret == ERR_OK) {
+    /* SYN segment was enqueued, changed the pcbs state now */
+    pcb->state = SYN_SENT;
+    if (old_local_port != 0) {
+      TCP_RMV(&tcp_bound_pcbs, pcb);
+    }
+    TCP_REG_ACTIVE(pcb);
+    snmp_inc_tcpactiveopens();
+
+    tcp_output(pcb);
+  }
+  return ret;
+}
+
+/**
+ * Called every 500 ms and implements the retransmission timer and the timer that
+ * removes PCBs that have been in TIME-WAIT for enough time. It also increments
+ * various timers such as the inactivity timer in each PCB.
+ *
+ * Automatically called from tcp_tmr().
+ */
+void
+tcp_slowtmr(void)
+{
+  struct tcp_pcb *pcb, *prev;
+  u16_t eff_wnd;
+  u8_t pcb_remove;      /* flag if a PCB should be removed */
+  u8_t pcb_reset;       /* flag if a RST should be sent when removing */
+  err_t err;
+
+  err = ERR_OK;
+
+  ++tcp_ticks;
+  ++tcp_timer_ctr;
+
+tcp_slowtmr_start:
+  /* Steps through all of the active PCBs. */
+  prev = NULL;
+  pcb = tcp_active_pcbs;
+  if (pcb == NULL) {
+    LWIP_DEBUGF(TCP_DEBUG, ("tcp_slowtmr: no active pcbs\n"));
+  }
+  while (pcb != NULL) {
+    LWIP_DEBUGF(TCP_DEBUG, ("tcp_slowtmr: processing active pcb\n"));
+    LWIP_ASSERT("tcp_slowtmr: active pcb->state != CLOSED\n", pcb->state != CLOSED);
+    LWIP_ASSERT("tcp_slowtmr: active pcb->state != LISTEN\n", pcb->state != LISTEN);
+    LWIP_ASSERT("tcp_slowtmr: active pcb->state != TIME-WAIT\n", pcb->state != TIME_WAIT);
+    if (pcb->last_timer == tcp_timer_ctr) {
+      /* skip this pcb, we have already processed it */
+      pcb = pcb->next;
+      continue;
+    }
+    pcb->last_timer = tcp_timer_ctr;
+
+    pcb_remove = 0;
+    pcb_reset = 0;
+
+    if (pcb->state == SYN_SENT && pcb->nrtx == TCP_SYNMAXRTX) {
+      ++pcb_remove;
+      LWIP_DEBUGF(TCP_DEBUG, ("tcp_slowtmr: max SYN retries reached\n"));
+    }
+    else if (pcb->nrtx == TCP_MAXRTX) {
+      ++pcb_remove;
+      LWIP_DEBUGF(TCP_DEBUG, ("tcp_slowtmr: max DATA retries reached\n"));
+    } else {
+      if (pcb->persist_backoff > 0) {
+        /* If snd_wnd is zero, use persist timer to send 1 byte probes
+         * instead of using the standard retransmission mechanism. */
+        pcb->persist_cnt++;
+        if (pcb->persist_cnt >= tcp_persist_backoff[pcb->persist_backoff-1]) {
+          pcb->persist_cnt = 0;
+          if (pcb->persist_backoff < sizeof(tcp_persist_backoff)) {
+            pcb->persist_backoff++;
+          }
+          tcp_zero_window_probe(pcb);
+        }
+      } else {
+        /* Increase the retransmission timer if it is running */
+        if(pcb->rtime >= 0) {
+          ++pcb->rtime;
+        }
+
+        if (pcb->unacked != NULL && pcb->rtime >= pcb->rto) {
+          /* Time for a retransmission. */
+          LWIP_DEBUGF(TCP_RTO_DEBUG, ("tcp_slowtmr: rtime %"S16_F
+                                      " pcb->rto %"S16_F"\n",
+                                      pcb->rtime, pcb->rto));
+
+          /* Double retransmission time-out unless we are trying to
+           * connect to somebody (i.e., we are in SYN_SENT). */
+          if (pcb->state != SYN_SENT) {
+            pcb->rto = ((pcb->sa >> 3) + pcb->sv) << tcp_backoff[pcb->nrtx];
+          }
+
+          /* Reset the retransmission timer. */
+          pcb->rtime = 0;
+
+          /* Reduce congestion window and ssthresh. */
+          eff_wnd = LWIP_MIN(pcb->cwnd, pcb->snd_wnd);
+          pcb->ssthresh = eff_wnd >> 1;
+          if (pcb->ssthresh < (pcb->mss << 1)) {
+            pcb->ssthresh = (pcb->mss << 1);
+          }
+          pcb->cwnd = pcb->mss;
+          LWIP_DEBUGF(TCP_CWND_DEBUG, ("tcp_slowtmr: cwnd %"U16_F
+                                       " ssthresh %"U16_F"\n",
+                                       pcb->cwnd, pcb->ssthresh));
+ 
+          /* The following needs to be called AFTER cwnd is set to one
+             mss - STJ */
+          tcp_rexmit_rto(pcb);
+        }
+      }
+    }
+    /* Check if this PCB has stayed too long in FIN-WAIT-2 */
+    if (pcb->state == FIN_WAIT_2) {
+      /* If this PCB is in FIN_WAIT_2 because of SHUT_WR don't let it time out. */
+      if (pcb->flags & TF_RXCLOSED) {
+        /* PCB was fully closed (either through close() or SHUT_RDWR):
+           normal FIN-WAIT timeout handling. */
+        if ((u32_t)(tcp_ticks - pcb->tmr) >
+            TCP_FIN_WAIT_TIMEOUT / TCP_SLOW_INTERVAL) {
+          ++pcb_remove;
+          LWIP_DEBUGF(TCP_DEBUG, ("tcp_slowtmr: removing pcb stuck in FIN-WAIT-2\n"));
+        }
+      }
+    }
+
+    /* Check if KEEPALIVE should be sent */
+    if(ip_get_option(pcb, SOF_KEEPALIVE) &&
+       ((pcb->state == ESTABLISHED) ||
+        (pcb->state == CLOSE_WAIT))) {
+      if((u32_t)(tcp_ticks - pcb->tmr) >
+         (pcb->keep_idle + TCP_KEEP_DUR(pcb)) / TCP_SLOW_INTERVAL)
+      {
+        LWIP_DEBUGF(TCP_DEBUG, ("tcp_slowtmr: KEEPALIVE timeout. Aborting connection to "));
+        ipX_addr_debug_print(PCB_ISIPV6(pcb), TCP_DEBUG, &pcb->remote_ip);
+        LWIP_DEBUGF(TCP_DEBUG, ("\n"));
+        
+        ++pcb_remove;
+        ++pcb_reset;
+      }
+      else if((u32_t)(tcp_ticks - pcb->tmr) > 
+              (pcb->keep_idle + pcb->keep_cnt_sent * TCP_KEEP_INTVL(pcb))
+              / TCP_SLOW_INTERVAL)
+      {
+        tcp_keepalive(pcb);
+        pcb->keep_cnt_sent++;
+      }
+    }
+
+    /* If this PCB has queued out of sequence data, but has been
+       inactive for too long, will drop the data (it will eventually
+       be retransmitted). */
+#if TCP_QUEUE_OOSEQ
+    if (pcb->ooseq != NULL &&
+        (u32_t)tcp_ticks - pcb->tmr >= pcb->rto * TCP_OOSEQ_TIMEOUT) {
+      tcp_segs_free(pcb->ooseq);
+      pcb->ooseq = NULL;
+      LWIP_DEBUGF(TCP_CWND_DEBUG, ("tcp_slowtmr: dropping OOSEQ queued data\n"));
+    }
+#endif /* TCP_QUEUE_OOSEQ */
+
+    /* Check if this PCB has stayed too long in SYN-RCVD */
+    if (pcb->state == SYN_RCVD) {
+      if ((u32_t)(tcp_ticks - pcb->tmr) >
+          TCP_SYN_RCVD_TIMEOUT / TCP_SLOW_INTERVAL) {
+        ++pcb_remove;
+        LWIP_DEBUGF(TCP_DEBUG, ("tcp_slowtmr: removing pcb stuck in SYN-RCVD\n"));
+      }
+    }
+
+    /* Check if this PCB has stayed too long in LAST-ACK */
+    if (pcb->state == LAST_ACK) {
+      if ((u32_t)(tcp_ticks - pcb->tmr) > 2 * TCP_MSL / TCP_SLOW_INTERVAL) {
+        ++pcb_remove;
+        LWIP_DEBUGF(TCP_DEBUG, ("tcp_slowtmr: removing pcb stuck in LAST-ACK\n"));
+      }
+    }
+
+    /* If the PCB should be removed, do it. */
+    if (pcb_remove) {
+      struct tcp_pcb *pcb2;
+      tcp_err_fn err_fn;
+      void *err_arg;
+      tcp_pcb_purge(pcb);
+      /* Remove PCB from tcp_active_pcbs list. */
+      if (prev != NULL) {
+        LWIP_ASSERT("tcp_slowtmr: middle tcp != tcp_active_pcbs", pcb != tcp_active_pcbs);
+        prev->next = pcb->next;
+      } else {
+        /* This PCB was the first. */
+        LWIP_ASSERT("tcp_slowtmr: first pcb == tcp_active_pcbs", tcp_active_pcbs == pcb);
+        tcp_active_pcbs = pcb->next;
+      }
+
+      if (pcb_reset) {
+        tcp_rst(pcb->snd_nxt, pcb->rcv_nxt, &pcb->local_ip, &pcb->remote_ip,
+                 pcb->local_port, pcb->remote_port, PCB_ISIPV6(pcb));
+      }
+
+      err_fn = pcb->errf;
+      err_arg = pcb->callback_arg;
+      pcb2 = pcb;
+      pcb = pcb->next;
+      memp_free(MEMP_TCP_PCB, pcb2);
+
+      tcp_active_pcbs_changed = 0;
+      TCP_EVENT_ERR(err_fn, err_arg, ERR_ABRT);
+      if (tcp_active_pcbs_changed) {
+        goto tcp_slowtmr_start;
+      }
+    } else {
+      /* get the 'next' element now and work with 'prev' below (in case of abort) */
+      prev = pcb;
+      pcb = pcb->next;
+
+      /* We check if we should poll the connection. */
+      ++prev->polltmr;
+      if (prev->polltmr >= prev->pollinterval) {
+        prev->polltmr = 0;
+        LWIP_DEBUGF(TCP_DEBUG, ("tcp_slowtmr: polling application\n"));
+        tcp_active_pcbs_changed = 0;
+        TCP_EVENT_POLL(prev, err);
+        if (tcp_active_pcbs_changed) {
+          goto tcp_slowtmr_start;
+        }
+        /* if err == ERR_ABRT, 'prev' is already deallocated */
+        if (err == ERR_OK) {
+          tcp_output(prev);
+        }
+      }
+    }
+  }
+
+  
+  /* Steps through all of the TIME-WAIT PCBs. */
+  prev = NULL;
+  pcb = tcp_tw_pcbs;
+  while (pcb != NULL) {
+    LWIP_ASSERT("tcp_slowtmr: TIME-WAIT pcb->state == TIME-WAIT", pcb->state == TIME_WAIT);
+    pcb_remove = 0;
+
+    /* Check if this PCB has stayed long enough in TIME-WAIT */
+    if ((u32_t)(tcp_ticks - pcb->tmr) > 2 * TCP_MSL / TCP_SLOW_INTERVAL) {
+      ++pcb_remove;
+    }
+    
+
+
+    /* If the PCB should be removed, do it. */
+    if (pcb_remove) {
+      struct tcp_pcb *pcb2;
+      tcp_pcb_purge(pcb);
+      /* Remove PCB from tcp_tw_pcbs list. */
+      if (prev != NULL) {
+        LWIP_ASSERT("tcp_slowtmr: middle tcp != tcp_tw_pcbs", pcb != tcp_tw_pcbs);
+        prev->next = pcb->next;
+      } else {
+        /* This PCB was the first. */
+        LWIP_ASSERT("tcp_slowtmr: first pcb == tcp_tw_pcbs", tcp_tw_pcbs == pcb);
+        tcp_tw_pcbs = pcb->next;
+      }
+      pcb2 = pcb;
+      pcb = pcb->next;
+      memp_free(MEMP_TCP_PCB, pcb2);
+    } else {
+      prev = pcb;
+      pcb = pcb->next;
+    }
+  }
+}
+
+/**
+ * Is called every TCP_FAST_INTERVAL (250 ms) and process data previously
+ * "refused" by upper layer (application) and sends delayed ACKs.
+ *
+ * Automatically called from tcp_tmr().
+ */
+void
+tcp_fasttmr(void)
+{
+  struct tcp_pcb *pcb;
+
+  ++tcp_timer_ctr;
+
+tcp_fasttmr_start:
+  pcb = tcp_active_pcbs;
+
+  while(pcb != NULL) {
+    if (pcb->last_timer != tcp_timer_ctr) {
+      struct tcp_pcb *next;
+      pcb->last_timer = tcp_timer_ctr;
+      /* send delayed ACKs */
+      if (pcb->flags & TF_ACK_DELAY) {
+        LWIP_DEBUGF(TCP_DEBUG, ("tcp_fasttmr: delayed ACK\n"));
+        tcp_ack_now(pcb);
+        tcp_output(pcb);
+        pcb->flags &= ~(TF_ACK_DELAY | TF_ACK_NOW);
+      }
+
+      next = pcb->next;
+
+      /* If there is data which was previously "refused" by upper layer */
+      if (pcb->refused_data != NULL) {
+        tcp_active_pcbs_changed = 0;
+        tcp_process_refused_data(pcb);
+        if (tcp_active_pcbs_changed) {
+          /* application callback has changed the pcb list: restart the loop */
+          goto tcp_fasttmr_start;
+        }
+      }
+      pcb = next;
+    }
+  }
+}
+
+/** Pass pcb->refused_data to the recv callback */
+err_t
+tcp_process_refused_data(struct tcp_pcb *pcb)
+{
+  err_t err;
+  u8_t refused_flags = pcb->refused_data->flags;
+  /* set pcb->refused_data to NULL in case the callback frees it and then
+     closes the pcb */
+  struct pbuf *refused_data = pcb->refused_data;
+  pcb->refused_data = NULL;
+  /* Notify again application with data previously received. */
+  LWIP_DEBUGF(TCP_INPUT_DEBUG, ("tcp_input: notify kept packet\n"));
+  TCP_EVENT_RECV(pcb, refused_data, ERR_OK, err);
+  if (err == ERR_OK) {
+    /* did refused_data include a FIN? */
+    if (refused_flags & PBUF_FLAG_TCP_FIN) {
+      /* correct rcv_wnd as the application won't call tcp_recved()
+         for the FIN's seqno */
+      if (pcb->rcv_wnd != TCP_WND) {
+        pcb->rcv_wnd++;
+      }
+      TCP_EVENT_CLOSED(pcb, err);
+      if (err == ERR_ABRT) {
+        return ERR_ABRT;
+      }
+    }
+  } else if (err == ERR_ABRT) {
+    /* if err == ERR_ABRT, 'pcb' is already deallocated */
+    /* Drop incoming packets because pcb is "full" (only if the incoming
+       segment contains data). */
+    LWIP_DEBUGF(TCP_INPUT_DEBUG, ("tcp_input: drop incoming packets, because pcb is \"full\"\n"));
+    return ERR_ABRT;
+  } else {
+    /* data is still refused, pbuf is still valid (go on for ACK-only packets) */
+    pcb->refused_data = refused_data;
+  }
+  return ERR_OK;
+}
+
+/**
+ * Deallocates a list of TCP segments (tcp_seg structures).
+ *
+ * @param seg tcp_seg list of TCP segments to free
+ */
+void
+tcp_segs_free(struct tcp_seg *seg)
+{
+  while (seg != NULL) {
+    struct tcp_seg *next = seg->next;
+    tcp_seg_free(seg);
+    seg = next;
+  }
+}
+
+/**
+ * Frees a TCP segment (tcp_seg structure).
+ *
+ * @param seg single tcp_seg to free
+ */
+void
+tcp_seg_free(struct tcp_seg *seg)
+{
+  if (seg != NULL) {
+    if (seg->p != NULL) {
+      pbuf_free(seg->p);
+#if TCP_DEBUG
+      seg->p = NULL;
+#endif /* TCP_DEBUG */
+    }
+    memp_free(MEMP_TCP_SEG, seg);
+  }
+}
+
+/**
+ * Sets the priority of a connection.
+ *
+ * @param pcb the tcp_pcb to manipulate
+ * @param prio new priority
+ */
+void
+tcp_setprio(struct tcp_pcb *pcb, u8_t prio)
+{
+  pcb->prio = prio;
+}
+
+#if TCP_QUEUE_OOSEQ
+/**
+ * Returns a copy of the given TCP segment.
+ * The pbuf and data are not copied, only the pointers
+ *
+ * @param seg the old tcp_seg
+ * @return a copy of seg
+ */ 
+struct tcp_seg *
+tcp_seg_copy(struct tcp_seg *seg)
+{
+  struct tcp_seg *cseg;
+
+  cseg = (struct tcp_seg *)memp_malloc(MEMP_TCP_SEG);
+  if (cseg == NULL) {
+    return NULL;
+  }
+  SMEMCPY((u8_t *)cseg, (const u8_t *)seg, sizeof(struct tcp_seg)); 
+  pbuf_ref(cseg->p);
+  return cseg;
+}
+#endif /* TCP_QUEUE_OOSEQ */
+
+#if LWIP_CALLBACK_API
+/**
+ * Default receive callback that is called if the user didn't register
+ * a recv callback for the pcb.
+ */
+err_t
+tcp_recv_null(void *arg, struct tcp_pcb *pcb, struct pbuf *p, err_t err)
+{
+  LWIP_UNUSED_ARG(arg);
+  if (p != NULL) {
+    tcp_recved(pcb, p->tot_len);
+    pbuf_free(p);
+  } else if (err == ERR_OK) {
+    return tcp_close(pcb);
+  }
+  return ERR_OK;
+}
+#endif /* LWIP_CALLBACK_API */
+
+/**
+ * Kills the oldest active connection that has the same or lower priority than
+ * 'prio'.
+ *
+ * @param prio minimum priority
+ */
+static void
+tcp_kill_prio(u8_t prio)
+{
+  struct tcp_pcb *pcb, *inactive;
+  u32_t inactivity;
+  u8_t mprio;
+
+
+  mprio = TCP_PRIO_MAX;
+  
+  /* We kill the oldest active connection that has lower priority than prio. */
+  inactivity = 0;
+  inactive = NULL;
+  for(pcb = tcp_active_pcbs; pcb != NULL; pcb = pcb->next) {
+    if (pcb->prio <= prio &&
+       pcb->prio <= mprio &&
+       (u32_t)(tcp_ticks - pcb->tmr) >= inactivity) {
+      inactivity = tcp_ticks - pcb->tmr;
+      inactive = pcb;
+      mprio = pcb->prio;
+    }
+  }
+  if (inactive != NULL) {
+    LWIP_DEBUGF(TCP_DEBUG, ("tcp_kill_prio: killing oldest PCB %p (%"S32_F")\n",
+           (void *)inactive, inactivity));
+    tcp_abort(inactive);
+  }
+}
+
+/**
+ * Kills the oldest connection that is in TIME_WAIT state.
+ * Called from tcp_alloc() if no more connections are available.
+ */
+static void
+tcp_kill_timewait(void)
+{
+  struct tcp_pcb *pcb, *inactive;
+  u32_t inactivity;
+
+  inactivity = 0;
+  inactive = NULL;
+  /* Go through the list of TIME_WAIT pcbs and get the oldest pcb. */
+  for(pcb = tcp_tw_pcbs; pcb != NULL; pcb = pcb->next) {
+    if ((u32_t)(tcp_ticks - pcb->tmr) >= inactivity) {
+      inactivity = tcp_ticks - pcb->tmr;
+      inactive = pcb;
+    }
+  }
+  if (inactive != NULL) {
+    LWIP_DEBUGF(TCP_DEBUG, ("tcp_kill_timewait: killing oldest TIME-WAIT PCB %p (%"S32_F")\n",
+           (void *)inactive, inactivity));
+    tcp_abort(inactive);
+  }
+}
+
+/**
+ * Allocate a new tcp_pcb structure.
+ *
+ * @param prio priority for the new pcb
+ * @return a new tcp_pcb that initially is in state CLOSED
+ */
+struct tcp_pcb *
+tcp_alloc(u8_t prio)
+{
+  struct tcp_pcb *pcb;
+  u32_t iss;
+  
+  pcb = (struct tcp_pcb *)memp_malloc(MEMP_TCP_PCB);
+  if (pcb == NULL) {
+    /* Try killing oldest connection in TIME-WAIT. */
+    LWIP_DEBUGF(TCP_DEBUG, ("tcp_alloc: killing off oldest TIME-WAIT connection\n"));
+    tcp_kill_timewait();
+    /* Try to allocate a tcp_pcb again. */
+    pcb = (struct tcp_pcb *)memp_malloc(MEMP_TCP_PCB);
+    if (pcb == NULL) {
+      /* Try killing active connections with lower priority than the new one. */
+      LWIP_DEBUGF(TCP_DEBUG, ("tcp_alloc: killing connection with prio lower than %d\n", prio));
+      tcp_kill_prio(prio);
+      /* Try to allocate a tcp_pcb again. */
+      pcb = (struct tcp_pcb *)memp_malloc(MEMP_TCP_PCB);
+      if (pcb != NULL) {
+        /* adjust err stats: memp_malloc failed twice before */
+        MEMP_STATS_DEC(err, MEMP_TCP_PCB);
+      }
+    }
+    if (pcb != NULL) {
+      /* adjust err stats: timewait PCB was freed above */
+      MEMP_STATS_DEC(err, MEMP_TCP_PCB);
+    }
+  }
+  if (pcb != NULL) {
+    memset(pcb, 0, sizeof(struct tcp_pcb));
+    pcb->prio = prio;
+    pcb->snd_buf = TCP_SND_BUF;
+    pcb->snd_queuelen = 0;
+    pcb->rcv_wnd = TCP_WND;
+    pcb->rcv_ann_wnd = TCP_WND;
+    pcb->tos = 0;
+    pcb->ttl = TCP_TTL;
+    /* As initial send MSS, we use TCP_MSS but limit it to 536.
+       The send MSS is updated when an MSS option is received. */
+    pcb->mss = (TCP_MSS > 536) ? 536 : TCP_MSS;
+    pcb->rto = 3000 / TCP_SLOW_INTERVAL;
+    pcb->sa = 0;
+    pcb->sv = 3000 / TCP_SLOW_INTERVAL;
+    pcb->rtime = -1;
+    pcb->cwnd = 1;
+    iss = tcp_next_iss();
+    pcb->snd_wl2 = iss;
+    pcb->snd_nxt = iss;
+    pcb->lastack = iss;
+    pcb->snd_lbb = iss;   
+    pcb->tmr = tcp_ticks;
+    pcb->last_timer = tcp_timer_ctr;
+
+    pcb->polltmr = 0;
+
+#if LWIP_CALLBACK_API
+    pcb->recv = tcp_recv_null;
+#endif /* LWIP_CALLBACK_API */  
+    
+    /* Init KEEPALIVE timer */
+    pcb->keep_idle  = TCP_KEEPIDLE_DEFAULT;
+    
+#if LWIP_TCP_KEEPALIVE
+    pcb->keep_intvl = TCP_KEEPINTVL_DEFAULT;
+    pcb->keep_cnt   = TCP_KEEPCNT_DEFAULT;
+#endif /* LWIP_TCP_KEEPALIVE */
+
+    pcb->keep_cnt_sent = 0;
+  }
+  return pcb;
+}
+
+/**
+ * Creates a new TCP protocol control block but doesn't place it on
+ * any of the TCP PCB lists.
+ * The pcb is not put on any list until binding using tcp_bind().
+ *
+ * @internal: Maybe there should be a idle TCP PCB list where these
+ * PCBs are put on. Port reservation using tcp_bind() is implemented but
+ * allocated pcbs that are not bound can't be killed automatically if wanting
+ * to allocate a pcb with higher prio (@see tcp_kill_prio())
+ *
+ * @return a new tcp_pcb that initially is in state CLOSED
+ */
+struct tcp_pcb *
+tcp_new(void)
+{
+  return tcp_alloc(TCP_PRIO_NORMAL);
+}
+
+#if LWIP_IPV6
+/**
+ * Creates a new TCP-over-IPv6 protocol control block but doesn't
+ * place it on any of the TCP PCB lists.
+ * The pcb is not put on any list until binding using tcp_bind().
+ *
+ * @return a new tcp_pcb that initially is in state CLOSED
+ */
+struct tcp_pcb *
+tcp_new_ip6(void)
+{
+  struct tcp_pcb * pcb;
+  pcb = tcp_alloc(TCP_PRIO_NORMAL);
+  ip_set_v6(pcb, 1);
+  return pcb;
+}
+#endif /* LWIP_IPV6 */
+
+/**
+ * Used to specify the argument that should be passed callback
+ * functions.
+ *
+ * @param pcb tcp_pcb to set the callback argument
+ * @param arg void pointer argument to pass to callback functions
+ */ 
+void
+tcp_arg(struct tcp_pcb *pcb, void *arg)
+{
+  /* This function is allowed to be called for both listen pcbs and
+     connection pcbs. */
+  pcb->callback_arg = arg;
+}
+#if LWIP_CALLBACK_API
+
+/**
+ * Used to specify the function that should be called when a TCP
+ * connection receives data.
+ *
+ * @param pcb tcp_pcb to set the recv callback
+ * @param recv callback function to call for this pcb when data is received
+ */ 
+void
+tcp_recv(struct tcp_pcb *pcb, tcp_recv_fn recv)
+{
+  LWIP_ASSERT("invalid socket state for recv callback", pcb->state != LISTEN);
+  pcb->recv = recv;
+}
+
+/**
+ * Used to specify the function that should be called when TCP data
+ * has been successfully delivered to the remote host.
+ *
+ * @param pcb tcp_pcb to set the sent callback
+ * @param sent callback function to call for this pcb when data is successfully sent
+ */ 
+void
+tcp_sent(struct tcp_pcb *pcb, tcp_sent_fn sent)
+{
+  LWIP_ASSERT("invalid socket state for sent callback", pcb->state != LISTEN);
+  pcb->sent = sent;
+}
+
+/**
+ * Used to specify the function that should be called when a fatal error
+ * has occured on the connection.
+ *
+ * @param pcb tcp_pcb to set the err callback
+ * @param err callback function to call for this pcb when a fatal error
+ *        has occured on the connection
+ */ 
+void
+tcp_err(struct tcp_pcb *pcb, tcp_err_fn err)
+{
+  LWIP_ASSERT("invalid socket state for err callback", pcb->state != LISTEN);
+  pcb->errf = err;
+}
+
+/**
+ * Used for specifying the function that should be called when a
+ * LISTENing connection has been connected to another host.
+ *
+ * @param pcb tcp_pcb to set the accept callback
+ * @param accept callback function to call for this pcb when LISTENing
+ *        connection has been connected to another host
+ */ 
+void
+tcp_accept(struct tcp_pcb *pcb, tcp_accept_fn accept)
+{
+  /* This function is allowed to be called for both listen pcbs and
+     connection pcbs. */
+  pcb->accept = accept;
+}
+#endif /* LWIP_CALLBACK_API */
+
+
+/**
+ * Used to specify the function that should be called periodically
+ * from TCP. The interval is specified in terms of the TCP coarse
+ * timer interval, which is called twice a second.
+ *
+ */ 
+void
+tcp_poll(struct tcp_pcb *pcb, tcp_poll_fn poll, u8_t interval)
+{
+  LWIP_ASSERT("invalid socket state for poll", pcb->state != LISTEN);
+#if LWIP_CALLBACK_API
+  pcb->poll = poll;
+#else /* LWIP_CALLBACK_API */  
+  LWIP_UNUSED_ARG(poll);
+#endif /* LWIP_CALLBACK_API */  
+  pcb->pollinterval = interval;
+}
+
+/**
+ * Purges a TCP PCB. Removes any buffered data and frees the buffer memory
+ * (pcb->ooseq, pcb->unsent and pcb->unacked are freed).
+ *
+ * @param pcb tcp_pcb to purge. The pcb itself is not deallocated!
+ */
+void
+tcp_pcb_purge(struct tcp_pcb *pcb)
+{
+  if (pcb->state != CLOSED &&
+     pcb->state != TIME_WAIT &&
+     pcb->state != LISTEN) {
+
+    LWIP_DEBUGF(TCP_DEBUG, ("tcp_pcb_purge\n"));
+
+#if TCP_LISTEN_BACKLOG
+    if (pcb->state == SYN_RCVD) {
+      /* Need to find the corresponding listen_pcb and decrease its accepts_pending */
+      struct tcp_pcb_listen *lpcb;
+      LWIP_ASSERT("tcp_pcb_purge: pcb->state == SYN_RCVD but tcp_listen_pcbs is NULL",
+        tcp_listen_pcbs.listen_pcbs != NULL);
+      for (lpcb = tcp_listen_pcbs.listen_pcbs; lpcb != NULL; lpcb = lpcb->next) {
+        if ((!lpcb->bound_to_netif && !pcb->bound_to_netif &&
+             (lpcb->local_port == pcb->local_port) &&
+             IP_PCB_IPVER_EQ(pcb, lpcb) &&
+             (ipX_addr_isany(PCB_ISIPV6(lpcb), &lpcb->local_ip) ||
+             ipX_addr_cmp(PCB_ISIPV6(lpcb), &pcb->local_ip, &lpcb->local_ip))) ||
+            (lpcb->bound_to_netif && pcb->bound_to_netif &&
+             !memcmp(lpcb->local_netif, pcb->local_netif, sizeof(pcb->local_netif)))) {
+            /* port and address of the listen pcb match the timed-out pcb */
+            LWIP_ASSERT("tcp_pcb_purge: listen pcb does not have accepts pending",
+              lpcb->accepts_pending > 0);
+            lpcb->accepts_pending--;
+            break;
+        }
+      }
+    }
+#endif /* TCP_LISTEN_BACKLOG */
+
+
+    if (pcb->refused_data != NULL) {
+      LWIP_DEBUGF(TCP_DEBUG, ("tcp_pcb_purge: data left on ->refused_data\n"));
+      pbuf_free(pcb->refused_data);
+      pcb->refused_data = NULL;
+    }
+    if (pcb->unsent != NULL) {
+      LWIP_DEBUGF(TCP_DEBUG, ("tcp_pcb_purge: not all data sent\n"));
+    }
+    if (pcb->unacked != NULL) {
+      LWIP_DEBUGF(TCP_DEBUG, ("tcp_pcb_purge: data left on ->unacked\n"));
+    }
+#if TCP_QUEUE_OOSEQ
+    if (pcb->ooseq != NULL) {
+      LWIP_DEBUGF(TCP_DEBUG, ("tcp_pcb_purge: data left on ->ooseq\n"));
+    }
+    tcp_segs_free(pcb->ooseq);
+    pcb->ooseq = NULL;
+#endif /* TCP_QUEUE_OOSEQ */
+
+    /* Stop the retransmission timer as it will expect data on unacked
+       queue if it fires */
+    pcb->rtime = -1;
+
+    tcp_segs_free(pcb->unsent);
+    tcp_segs_free(pcb->unacked);
+    pcb->unacked = pcb->unsent = NULL;
+#if TCP_OVERSIZE
+    pcb->unsent_oversize = 0;
+#endif /* TCP_OVERSIZE */
+  }
+}
+
+/**
+ * Purges the PCB and removes it from a PCB list. Any delayed ACKs are sent first.
+ *
+ * @param pcblist PCB list to purge.
+ * @param pcb tcp_pcb to purge. The pcb itself is NOT deallocated!
+ */
+void
+tcp_pcb_remove(struct tcp_pcb **pcblist, struct tcp_pcb *pcb)
+{
+  TCP_RMV(pcblist, pcb);
+
+  tcp_pcb_purge(pcb);
+  
+  /* if there is an outstanding delayed ACKs, send it */
+  if (pcb->state != TIME_WAIT &&
+     pcb->state != LISTEN &&
+     pcb->flags & TF_ACK_DELAY) {
+    pcb->flags |= TF_ACK_NOW;
+    tcp_output(pcb);
+  }
+
+  if (pcb->state != LISTEN) {
+    LWIP_ASSERT("unsent segments leaking", pcb->unsent == NULL);
+    LWIP_ASSERT("unacked segments leaking", pcb->unacked == NULL);
+#if TCP_QUEUE_OOSEQ
+    LWIP_ASSERT("ooseq segments leaking", pcb->ooseq == NULL);
+#endif /* TCP_QUEUE_OOSEQ */
+  }
+
+  pcb->state = CLOSED;
+
+  LWIP_ASSERT("tcp_pcb_remove: tcp_pcbs_sane()", tcp_pcbs_sane());
+}
+
+/**
+ * Calculates a new initial sequence number for new connections.
+ *
+ * @return u32_t pseudo random sequence number
+ */
+u32_t
+tcp_next_iss(void)
+{
+  static u32_t iss = 6510;
+  
+  iss += tcp_ticks;       /* XXX */
+  return iss;
+}
+
+#if TCP_CALCULATE_EFF_SEND_MSS
+/**
+ * Calcluates the effective send mss that can be used for a specific IP address
+ * by using ip_route to determin the netif used to send to the address and
+ * calculating the minimum of TCP_MSS and that netif's mtu (if set).
+ */
+u16_t
+tcp_eff_send_mss_impl(u16_t sendmss, ipX_addr_t *dest
+#if LWIP_IPV6
+                     , ipX_addr_t *src, u8_t isipv6
+#endif /* LWIP_IPV6 */
+                     )
+{
+  u16_t mss_s;
+  struct netif *outif;
+  s16_t mtu;
+
+  outif = ipX_route(isipv6, src, dest);
+#if LWIP_IPV6
+  if (isipv6) {
+    /* First look in destination cache, to see if there is a Path MTU. */
+    mtu = nd6_get_destination_mtu(ipX_2_ip6(dest), outif);
+  } else
+#endif /* LWIP_IPV6 */
+  {
+    if (outif == NULL) {
+      return sendmss;
+    }
+    mtu = outif->mtu;
+  }
+
+  if (mtu != 0) {
+    mss_s = mtu - IP_HLEN - TCP_HLEN;
+#if LWIP_IPV6
+    /* for IPv6, substract the difference in header size */
+    mss_s -= (IP6_HLEN - IP_HLEN);
+#endif /* LWIP_IPV6 */
+    /* RFC 1122, chap 4.2.2.6:
+     * Eff.snd.MSS = min(SendMSS+20, MMS_S) - TCPhdrsize - IPoptionsize
+     * We correct for TCP options in tcp_write(), and don't support IP options.
+     */
+    sendmss = LWIP_MIN(sendmss, mss_s);
+  }
+  return sendmss;
+}
+#endif /* TCP_CALCULATE_EFF_SEND_MSS */
+
+const char*
+tcp_debug_state_str(enum tcp_state s)
+{
+  return tcp_state_str[s];
+}
+
+#if TCP_DEBUG || TCP_INPUT_DEBUG || TCP_OUTPUT_DEBUG
+/**
+ * Print a tcp header for debugging purposes.
+ *
+ * @param tcphdr pointer to a struct tcp_hdr
+ */
+void
+tcp_debug_print(struct tcp_hdr *tcphdr)
+{
+  LWIP_DEBUGF(TCP_DEBUG, ("TCP header:\n"));
+  LWIP_DEBUGF(TCP_DEBUG, ("+-------------------------------+\n"));
+  LWIP_DEBUGF(TCP_DEBUG, ("|    %5"U16_F"      |    %5"U16_F"      | (src port, dest port)\n",
+         ntohs(tcphdr->src), ntohs(tcphdr->dest)));
+  LWIP_DEBUGF(TCP_DEBUG, ("+-------------------------------+\n"));
+  LWIP_DEBUGF(TCP_DEBUG, ("|           %010"U32_F"          | (seq no)\n",
+          ntohl(tcphdr->seqno)));
+  LWIP_DEBUGF(TCP_DEBUG, ("+-------------------------------+\n"));
+  LWIP_DEBUGF(TCP_DEBUG, ("|           %010"U32_F"          | (ack no)\n",
+         ntohl(tcphdr->ackno)));
+  LWIP_DEBUGF(TCP_DEBUG, ("+-------------------------------+\n"));
+  LWIP_DEBUGF(TCP_DEBUG, ("| %2"U16_F" |   |%"U16_F"%"U16_F"%"U16_F"%"U16_F"%"U16_F"%"U16_F"|     %5"U16_F"     | (hdrlen, flags (",
+       TCPH_HDRLEN(tcphdr),
+         TCPH_FLAGS(tcphdr) >> 5 & 1,
+         TCPH_FLAGS(tcphdr) >> 4 & 1,
+         TCPH_FLAGS(tcphdr) >> 3 & 1,
+         TCPH_FLAGS(tcphdr) >> 2 & 1,
+         TCPH_FLAGS(tcphdr) >> 1 & 1,
+         TCPH_FLAGS(tcphdr) & 1,
+         ntohs(tcphdr->wnd)));
+  tcp_debug_print_flags(TCPH_FLAGS(tcphdr));
+  LWIP_DEBUGF(TCP_DEBUG, ("), win)\n"));
+  LWIP_DEBUGF(TCP_DEBUG, ("+-------------------------------+\n"));
+  LWIP_DEBUGF(TCP_DEBUG, ("|    0x%04"X16_F"     |     %5"U16_F"     | (chksum, urgp)\n",
+         ntohs(tcphdr->chksum), ntohs(tcphdr->urgp)));
+  LWIP_DEBUGF(TCP_DEBUG, ("+-------------------------------+\n"));
+}
+
+/**
+ * Print a tcp state for debugging purposes.
+ *
+ * @param s enum tcp_state to print
+ */
+void
+tcp_debug_print_state(enum tcp_state s)
+{
+  LWIP_DEBUGF(TCP_DEBUG, ("State: %s\n", tcp_state_str[s]));
+}
+
+/**
+ * Print tcp flags for debugging purposes.
+ *
+ * @param flags tcp flags, all active flags are printed
+ */
+void
+tcp_debug_print_flags(u8_t flags)
+{
+  if (flags & TCP_FIN) {
+    LWIP_DEBUGF(TCP_DEBUG, ("FIN "));
+  }
+  if (flags & TCP_SYN) {
+    LWIP_DEBUGF(TCP_DEBUG, ("SYN "));
+  }
+  if (flags & TCP_RST) {
+    LWIP_DEBUGF(TCP_DEBUG, ("RST "));
+  }
+  if (flags & TCP_PSH) {
+    LWIP_DEBUGF(TCP_DEBUG, ("PSH "));
+  }
+  if (flags & TCP_ACK) {
+    LWIP_DEBUGF(TCP_DEBUG, ("ACK "));
+  }
+  if (flags & TCP_URG) {
+    LWIP_DEBUGF(TCP_DEBUG, ("URG "));
+  }
+  if (flags & TCP_ECE) {
+    LWIP_DEBUGF(TCP_DEBUG, ("ECE "));
+  }
+  if (flags & TCP_CWR) {
+    LWIP_DEBUGF(TCP_DEBUG, ("CWR "));
+  }
+  LWIP_DEBUGF(TCP_DEBUG, ("\n"));
+}
+
+/**
+ * Print all tcp_pcbs in every list for debugging purposes.
+ */
+void
+tcp_debug_print_pcbs(void)
+{
+  struct tcp_pcb *pcb;
+  LWIP_DEBUGF(TCP_DEBUG, ("Active PCB states:\n"));
+  for(pcb = tcp_active_pcbs; pcb != NULL; pcb = pcb->next) {
+    LWIP_DEBUGF(TCP_DEBUG, ("Local port %"U16_F", foreign port %"U16_F" snd_nxt %"U32_F" rcv_nxt %"U32_F" ",
+                       pcb->local_port, pcb->remote_port,
+                       pcb->snd_nxt, pcb->rcv_nxt));
+    tcp_debug_print_state(pcb->state);
+  }    
+  LWIP_DEBUGF(TCP_DEBUG, ("Listen PCB states:\n"));
+  for(pcb = (struct tcp_pcb *)tcp_listen_pcbs.pcbs; pcb != NULL; pcb = pcb->next) {
+    LWIP_DEBUGF(TCP_DEBUG, ("Local port %"U16_F", foreign port %"U16_F" snd_nxt %"U32_F" rcv_nxt %"U32_F" ",
+                       pcb->local_port, pcb->remote_port,
+                       pcb->snd_nxt, pcb->rcv_nxt));
+    tcp_debug_print_state(pcb->state);
+  }    
+  LWIP_DEBUGF(TCP_DEBUG, ("TIME-WAIT PCB states:\n"));
+  for(pcb = tcp_tw_pcbs; pcb != NULL; pcb = pcb->next) {
+    LWIP_DEBUGF(TCP_DEBUG, ("Local port %"U16_F", foreign port %"U16_F" snd_nxt %"U32_F" rcv_nxt %"U32_F" ",
+                       pcb->local_port, pcb->remote_port,
+                       pcb->snd_nxt, pcb->rcv_nxt));
+    tcp_debug_print_state(pcb->state);
+  }    
+}
+
+/**
+ * Check state consistency of the tcp_pcb lists.
+ */
+s16_t
+tcp_pcbs_sane(void)
+{
+  struct tcp_pcb *pcb;
+  for(pcb = tcp_active_pcbs; pcb != NULL; pcb = pcb->next) {
+    LWIP_ASSERT("tcp_pcbs_sane: active pcb->state != CLOSED", pcb->state != CLOSED);
+    LWIP_ASSERT("tcp_pcbs_sane: active pcb->state != LISTEN", pcb->state != LISTEN);
+    LWIP_ASSERT("tcp_pcbs_sane: active pcb->state != TIME-WAIT", pcb->state != TIME_WAIT);
+  }
+  for(pcb = tcp_tw_pcbs; pcb != NULL; pcb = pcb->next) {
+    LWIP_ASSERT("tcp_pcbs_sane: tw pcb->state == TIME-WAIT", pcb->state == TIME_WAIT);
+  }
+  return 1;
+}
+#endif /* TCP_DEBUG */
+
+#endif /* LWIP_TCP */
diff --git a/client/3rd/PacketProcessor/PacketProcessor/tun2socks-iOS/lwip/src/core/tcp_in.c b/client/3rd/PacketProcessor/PacketProcessor/tun2socks-iOS/lwip/src/core/tcp_in.c
new file mode 100644
index 00000000..6c382d06
--- /dev/null
+++ b/client/3rd/PacketProcessor/PacketProcessor/tun2socks-iOS/lwip/src/core/tcp_in.c
@@ -0,0 +1,1666 @@
+/**
+ * @file
+ * Transmission Control Protocol, incoming traffic
+ *
+ * The input processing functions of the TCP layer.
+ *
+ * These functions are generally called in the order (ip_input() ->)
+ * tcp_input() -> * tcp_process() -> tcp_receive() (-> application).
+ * 
+ */
+
+/*
+ * Copyright (c) 2001-2004 Swedish Institute of Computer Science.
+ * All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without modification,
+ * are permitted provided that the following conditions are met:
+ *
+ * 1. Redistributions of source code must retain the above copyright notice,
+ *    this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright notice,
+ *    this list of conditions and the following disclaimer in the documentation
+ *    and/or other materials provided with the distribution.
+ * 3. The name of the author may not be used to endorse or promote products
+ *    derived from this software without specific prior written permission.
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE AUTHOR ``AS IS'' AND ANY EXPRESS OR IMPLIED
+ * WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF
+ * MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT
+ * SHALL THE AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL,
+ * EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT
+ * OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS
+ * INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN
+ * CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING
+ * IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY
+ * OF SUCH DAMAGE.
+ *
+ * This file is part of the lwIP TCP/IP stack.
+ *
+ * Author: Adam Dunkels <adam@sics.se>
+ *
+ */
+
+#include "lwip/opt.h"
+
+#if LWIP_TCP /* don't build if not configured for use in lwipopts.h */
+
+#include "lwip/tcp_impl.h"
+#include "lwip/def.h"
+#include "lwip/ip_addr.h"
+#include "lwip/netif.h"
+#include "lwip/mem.h"
+#include "lwip/memp.h"
+#include "lwip/inet_chksum.h"
+#include "lwip/stats.h"
+#include "lwip/snmp.h"
+#include "arch/perf.h"
+#include "lwip/ip6.h"
+#include "lwip/ip6_addr.h"
+#include "lwip/inet_chksum.h"
+#if LWIP_ND6_TCP_REACHABILITY_HINTS
+#include "lwip/nd6.h"
+#endif /* LWIP_ND6_TCP_REACHABILITY_HINTS */
+
+/* These variables are global to all functions involved in the input
+   processing of TCP segments. They are set by the tcp_input()
+   function. */
+static struct tcp_seg inseg;
+static struct tcp_hdr *tcphdr;
+static u32_t seqno, ackno;
+static u8_t flags;
+static u16_t tcplen;
+
+static u8_t recv_flags;
+static struct pbuf *recv_data;
+
+struct tcp_pcb *tcp_input_pcb;
+
+/* Forward declarations. */
+static err_t tcp_process(struct tcp_pcb *pcb);
+static void tcp_receive(struct tcp_pcb *pcb);
+static void tcp_parseopt(struct tcp_pcb *pcb);
+
+static err_t tcp_listen_input(struct tcp_pcb_listen *pcb);
+static err_t tcp_timewait_input(struct tcp_pcb *pcb);
+
+/**
+ * The initial input processing of TCP. It verifies the TCP header, demultiplexes
+ * the segment between the PCBs and passes it on to tcp_process(), which implements
+ * the TCP finite state machine. This function is called by the IP layer (in
+ * ip_input()).
+ *
+ * @param p received TCP segment to process (p->payload pointing to the TCP header)
+ * @param inp network interface on which this segment was received
+ */
+void
+tcp_input(struct pbuf *p, struct netif *inp)
+{
+  struct tcp_pcb *pcb, *prev;
+  struct tcp_pcb_listen *lpcb;
+#if SO_REUSE
+  struct tcp_pcb *lpcb_prev = NULL;
+  struct tcp_pcb_listen *lpcb_any = NULL;
+#endif /* SO_REUSE */
+  u8_t hdrlen;
+  err_t err;
+#if CHECKSUM_CHECK_TCP
+  u16_t chksum;
+#endif /* CHECKSUM_CHECK_TCP */
+
+  PERF_START;
+
+  TCP_STATS_INC(tcp.recv);
+  snmp_inc_tcpinsegs();
+
+  tcphdr = (struct tcp_hdr *)p->payload;
+
+#if TCP_INPUT_DEBUG
+  tcp_debug_print(tcphdr);
+#endif
+
+  /* Check that TCP header fits in payload */
+  if (p->len < sizeof(struct tcp_hdr)) {
+    /* drop short packets */
+    LWIP_DEBUGF(TCP_INPUT_DEBUG, ("tcp_input: short packet (%"U16_F" bytes) discarded\n", p->tot_len));
+    TCP_STATS_INC(tcp.lenerr);
+    goto dropped;
+  }
+
+  /* Don't even process incoming broadcasts/multicasts. */
+  if ((!ip_current_is_v6() && ip_addr_isbroadcast(ip_current_dest_addr(), inp)) ||
+       ipX_addr_ismulticast(ip_current_is_v6(), ipX_current_dest_addr())) {
+    TCP_STATS_INC(tcp.proterr);
+    goto dropped;
+  }
+
+#if CHECKSUM_CHECK_TCP
+  /* Verify TCP checksum. */
+  chksum = ipX_chksum_pseudo(ip_current_is_v6(), p, IP_PROTO_TCP, p->tot_len,
+                             ipX_current_src_addr(), ipX_current_dest_addr());
+  if (chksum != 0) {
+      LWIP_DEBUGF(TCP_INPUT_DEBUG, ("tcp_input: packet discarded due to failing checksum 0x%04"X16_F"\n",
+        chksum));
+    tcp_debug_print(tcphdr);
+    TCP_STATS_INC(tcp.chkerr);
+    goto dropped;
+  }
+#endif /* CHECKSUM_CHECK_TCP */
+
+  /* Move the payload pointer in the pbuf so that it points to the
+     TCP data instead of the TCP header. */
+  hdrlen = TCPH_HDRLEN(tcphdr);
+  if(pbuf_header(p, -(hdrlen * 4))){
+    /* drop short packets */
+    LWIP_DEBUGF(TCP_INPUT_DEBUG, ("tcp_input: short packet\n"));
+    TCP_STATS_INC(tcp.lenerr);
+    goto dropped;
+  }
+
+  /* Convert fields in TCP header to host byte order. */
+  tcphdr->src = ntohs(tcphdr->src);
+  tcphdr->dest = ntohs(tcphdr->dest);
+  seqno = tcphdr->seqno = ntohl(tcphdr->seqno);
+  ackno = tcphdr->ackno = ntohl(tcphdr->ackno);
+  tcphdr->wnd = ntohs(tcphdr->wnd);
+
+  flags = TCPH_FLAGS(tcphdr);
+  tcplen = p->tot_len + ((flags & (TCP_FIN | TCP_SYN)) ? 1 : 0);
+
+  /* Demultiplex an incoming segment. First, we check if it is destined
+     for an active connection. */
+  prev = NULL;
+
+  
+  for(pcb = tcp_active_pcbs; pcb != NULL; pcb = pcb->next) {
+    LWIP_ASSERT("tcp_input: active pcb->state != CLOSED", pcb->state != CLOSED);
+    LWIP_ASSERT("tcp_input: active pcb->state != TIME-WAIT", pcb->state != TIME_WAIT);
+    LWIP_ASSERT("tcp_input: active pcb->state != LISTEN", pcb->state != LISTEN);
+    if (pcb->remote_port == tcphdr->src &&
+        pcb->local_port == tcphdr->dest &&
+        IP_PCB_IPVER_INPUT_MATCH(pcb) &&
+        ipX_addr_cmp(ip_current_is_v6(), &pcb->remote_ip, ipX_current_src_addr()) &&
+        ipX_addr_cmp(ip_current_is_v6(),&pcb->local_ip, ipX_current_dest_addr())) {
+      /* Move this PCB to the front of the list so that subsequent
+         lookups will be faster (we exploit locality in TCP segment
+         arrivals). */
+      LWIP_ASSERT("tcp_input: pcb->next != pcb (before cache)", pcb->next != pcb);
+      if (prev != NULL) {
+        prev->next = pcb->next;
+        pcb->next = tcp_active_pcbs;
+        tcp_active_pcbs = pcb;
+      }
+      LWIP_ASSERT("tcp_input: pcb->next != pcb (after cache)", pcb->next != pcb);
+      break;
+    }
+    prev = pcb;
+  }
+
+  if (pcb == NULL) {
+    /* If it did not go to an active connection, we check the connections
+       in the TIME-WAIT state. */
+    for(pcb = tcp_tw_pcbs; pcb != NULL; pcb = pcb->next) {
+      LWIP_ASSERT("tcp_input: TIME-WAIT pcb->state == TIME-WAIT", pcb->state == TIME_WAIT);
+      if (pcb->remote_port == tcphdr->src &&
+          pcb->local_port == tcphdr->dest &&
+          IP_PCB_IPVER_INPUT_MATCH(pcb) &&
+          ipX_addr_cmp(ip_current_is_v6(), &pcb->remote_ip, ipX_current_src_addr()) &&
+          ipX_addr_cmp(ip_current_is_v6(),&pcb->local_ip, ipX_current_dest_addr())) {
+        /* We don't really care enough to move this PCB to the front
+           of the list since we are not very likely to receive that
+           many segments for connections in TIME-WAIT. */
+        LWIP_DEBUGF(TCP_INPUT_DEBUG, ("tcp_input: packed for TIME_WAITing connection.\n"));
+        tcp_timewait_input(pcb);
+        pbuf_free(p);
+        return;
+      }
+    }
+
+    /* Finally, if we still did not get a match, we check all PCBs that
+       are LISTENing for incoming connections. */
+    prev = NULL;
+    struct tcp_pcb_listen *netif_pcb = NULL;
+    struct tcp_pcb *netif_pcb_prev = NULL;
+    for(lpcb = tcp_listen_pcbs.listen_pcbs; lpcb != NULL; lpcb = lpcb->next) {
+      if (lpcb->bound_to_netif) {
+        if (IP_PCB_IPVER_INPUT_MATCH(lpcb) && netif_is_named(inp, lpcb->local_netif)) {
+          netif_pcb = lpcb;
+          netif_pcb_prev = prev;
+        }
+      }
+      else if (lpcb->local_port == tcphdr->dest) {
+#if LWIP_IPV6
+        if (lpcb->accept_any_ip_version) {
+          /* found an ANY-match */
+#if SO_REUSE
+          lpcb_any = lpcb;
+          lpcb_prev = prev;
+#else /* SO_REUSE */
+          break;
+#endif /* SO_REUSE */
+        } else
+#endif /* LWIP_IPV6 */
+        if (IP_PCB_IPVER_INPUT_MATCH(lpcb)) {
+          if (ipX_addr_cmp(ip_current_is_v6(), &lpcb->local_ip, ipX_current_dest_addr())) {
+            /* found an exact match */
+            break;
+          } else if (ipX_addr_isany(ip_current_is_v6(), &lpcb->local_ip)) {
+            /* found an ANY-match */
+#if SO_REUSE
+            lpcb_any = lpcb;
+            lpcb_prev = prev;
+#else /* SO_REUSE */
+            break;
+ #endif /* SO_REUSE */
+          }
+        }
+      }
+      prev = (struct tcp_pcb *)lpcb;
+    }
+#if SO_REUSE
+    /* first try specific local IP */
+    if (lpcb == NULL) {
+      /* only pass to ANY if no specific local IP has been found */
+      lpcb = lpcb_any;
+      prev = lpcb_prev;
+    }
+#endif /* SO_REUSE */
+    if (lpcb == NULL && netif_pcb) {
+        lpcb = netif_pcb;
+        prev = netif_pcb_prev;
+    }
+    if (lpcb != NULL) {
+      /* Move this PCB to the front of the list so that subsequent
+         lookups will be faster (we exploit locality in TCP segment
+         arrivals). */
+      if (prev != NULL) {
+        ((struct tcp_pcb_listen *)prev)->next = lpcb->next;
+              /* our successor is the remainder of the listening list */
+        lpcb->next = tcp_listen_pcbs.listen_pcbs;
+              /* put this listening pcb at the head of the listening list */
+        tcp_listen_pcbs.listen_pcbs = lpcb;
+      }
+    
+      LWIP_DEBUGF(TCP_INPUT_DEBUG, ("tcp_input: packed for LISTENing connection.\n"));
+      tcp_listen_input(lpcb);
+      pbuf_free(p);
+      return;
+    }
+  }
+
+#if TCP_INPUT_DEBUG
+  LWIP_DEBUGF(TCP_INPUT_DEBUG, ("+-+-+-+-+-+-+-+-+-+-+-+-+-+- tcp_input: flags "));
+  tcp_debug_print_flags(TCPH_FLAGS(tcphdr));
+  LWIP_DEBUGF(TCP_INPUT_DEBUG, ("-+-+-+-+-+-+-+-+-+-+-+-+-+-+\n"));
+#endif /* TCP_INPUT_DEBUG */
+
+
+  if (pcb != NULL) {
+    /* The incoming segment belongs to a connection. */
+#if TCP_INPUT_DEBUG
+#if TCP_DEBUG
+    tcp_debug_print_state(pcb->state);
+#endif /* TCP_DEBUG */
+#endif /* TCP_INPUT_DEBUG */
+
+    /* Set up a tcp_seg structure. */
+    inseg.next = NULL;
+    inseg.len = p->tot_len;
+    inseg.p = p;
+    inseg.tcphdr = tcphdr;
+
+    recv_data = NULL;
+    recv_flags = 0;
+
+    if (flags & TCP_PSH) {
+      p->flags |= PBUF_FLAG_PUSH;
+    }
+
+    /* If there is data which was previously "refused" by upper layer */
+    if (pcb->refused_data != NULL) {
+      if ((tcp_process_refused_data(pcb) == ERR_ABRT) ||
+        ((pcb->refused_data != NULL) && (tcplen > 0))) {
+        /* pcb has been aborted or refused data is still refused and the new
+           segment contains data */
+        TCP_STATS_INC(tcp.drop);
+        snmp_inc_tcpinerrs();
+        goto aborted;
+      }
+    }
+    tcp_input_pcb = pcb;
+    err = tcp_process(pcb);
+    /* A return value of ERR_ABRT means that tcp_abort() was called
+       and that the pcb has been freed. If so, we don't do anything. */
+    if (err != ERR_ABRT) {
+      if (recv_flags & TF_RESET) {
+        /* TF_RESET means that the connection was reset by the other
+           end. We then call the error callback to inform the
+           application that the connection is dead before we
+           deallocate the PCB. */
+        TCP_EVENT_ERR(pcb->errf, pcb->callback_arg, ERR_RST);
+        tcp_pcb_remove(&tcp_active_pcbs, pcb);
+        memp_free(MEMP_TCP_PCB, pcb);
+      } else if (recv_flags & TF_CLOSED) {
+        /* The connection has been closed and we will deallocate the
+           PCB. */
+        if (!(pcb->flags & TF_RXCLOSED)) {
+          /* Connection closed although the application has only shut down the
+             tx side: call the PCB's err callback and indicate the closure to
+             ensure the application doesn't continue using the PCB. */
+          TCP_EVENT_ERR(pcb->errf, pcb->callback_arg, ERR_CLSD);
+        }
+        tcp_pcb_remove(&tcp_active_pcbs, pcb);
+        memp_free(MEMP_TCP_PCB, pcb);
+      } else {
+        err = ERR_OK;
+        /* If the application has registered a "sent" function to be
+           called when new send buffer space is available, we call it
+           now. */
+        if (pcb->acked > 0) {
+          TCP_EVENT_SENT(pcb, pcb->acked, err);
+          if (err == ERR_ABRT) {
+            goto aborted;
+          }
+        }
+
+        if (recv_data != NULL) {
+          LWIP_ASSERT("pcb->refused_data == NULL", pcb->refused_data == NULL);
+          if (pcb->flags & TF_RXCLOSED) {
+            /* received data although already closed -> abort (send RST) to
+               notify the remote host that not all data has been processed */
+            pbuf_free(recv_data);
+            tcp_abort(pcb);
+            goto aborted;
+          }
+
+          /* Notify application that data has been received. */
+          TCP_EVENT_RECV(pcb, recv_data, ERR_OK, err);
+          if (err == ERR_ABRT) {
+            goto aborted;
+          }
+
+          /* If the upper layer can't receive this data, store it */
+          if (err != ERR_OK) {
+            pcb->refused_data = recv_data;
+            LWIP_DEBUGF(TCP_INPUT_DEBUG, ("tcp_input: keep incoming packet, because pcb is \"full\"\n"));
+          }
+        }
+
+        /* If a FIN segment was received, we call the callback
+           function with a NULL buffer to indicate EOF. */
+        if (recv_flags & TF_GOT_FIN) {
+          if (pcb->refused_data != NULL) {
+            /* Delay this if we have refused data. */
+            pcb->refused_data->flags |= PBUF_FLAG_TCP_FIN;
+          } else {
+            /* correct rcv_wnd as the application won't call tcp_recved()
+               for the FIN's seqno */
+            if (pcb->rcv_wnd != TCP_WND) {
+              pcb->rcv_wnd++;
+            }
+            TCP_EVENT_CLOSED(pcb, err);
+            if (err == ERR_ABRT) {
+              goto aborted;
+            }
+          }
+        }
+
+        tcp_input_pcb = NULL;
+        /* Try to send something out. */
+        tcp_output(pcb);
+#if TCP_INPUT_DEBUG
+#if TCP_DEBUG
+        tcp_debug_print_state(pcb->state);
+#endif /* TCP_DEBUG */
+#endif /* TCP_INPUT_DEBUG */
+      }
+    }
+    /* Jump target if pcb has been aborted in a callback (by calling tcp_abort()).
+       Below this line, 'pcb' may not be dereferenced! */
+aborted:
+    tcp_input_pcb = NULL;
+    recv_data = NULL;
+
+    /* give up our reference to inseg.p */
+    if (inseg.p != NULL)
+    {
+      pbuf_free(inseg.p);
+      inseg.p = NULL;
+    }
+  } else {
+
+    /* If no matching PCB was found, send a TCP RST (reset) to the
+       sender. */
+    LWIP_DEBUGF(TCP_RST_DEBUG, ("tcp_input: no PCB match found, resetting.\n"));
+    if (!(TCPH_FLAGS(tcphdr) & TCP_RST)) {
+      TCP_STATS_INC(tcp.proterr);
+      TCP_STATS_INC(tcp.drop);
+      tcp_rst(ackno, seqno + tcplen, ipX_current_dest_addr(),
+        ipX_current_src_addr(), tcphdr->dest, tcphdr->src, ip_current_is_v6());
+    }
+    pbuf_free(p);
+  }
+
+  LWIP_ASSERT("tcp_input: tcp_pcbs_sane()", tcp_pcbs_sane());
+  PERF_STOP("tcp_input");
+  return;
+dropped:
+  TCP_STATS_INC(tcp.drop);
+  snmp_inc_tcpinerrs();
+  pbuf_free(p);
+}
+
+/**
+ * Called by tcp_input() when a segment arrives for a listening
+ * connection (from tcp_input()).
+ *
+ * @param pcb the tcp_pcb_listen for which a segment arrived
+ * @return ERR_OK if the segment was processed
+ *         another err_t on error
+ *
+ * @note the return value is not (yet?) used in tcp_input()
+ * @note the segment which arrived is saved in global variables, therefore only the pcb
+ *       involved is passed as a parameter to this function
+ */
+static err_t
+tcp_listen_input(struct tcp_pcb_listen *pcb)
+{
+  struct tcp_pcb *npcb;
+  err_t rc;
+
+  if (flags & TCP_RST) {
+    /* An incoming RST should be ignored. Return. */
+    return ERR_OK;
+  }
+
+  /* In the LISTEN state, we check for incoming SYN segments,
+     creates a new PCB, and responds with a SYN|ACK. */
+  if (flags & TCP_ACK) {
+    /* For incoming segments with the ACK flag set, respond with a
+       RST. */
+    LWIP_DEBUGF(TCP_RST_DEBUG, ("tcp_listen_input: ACK in LISTEN, sending reset\n"));
+    tcp_rst(ackno, seqno + tcplen, ipX_current_dest_addr(),
+      ipX_current_src_addr(), tcphdr->dest, tcphdr->src, ip_current_is_v6());
+  } else if (flags & TCP_SYN) {
+    LWIP_DEBUGF(TCP_DEBUG, ("TCP connection request %"U16_F" -> %"U16_F".\n", tcphdr->src, tcphdr->dest));
+#if TCP_LISTEN_BACKLOG
+    if (pcb->accepts_pending >= pcb->backlog) {
+      LWIP_DEBUGF(TCP_DEBUG, ("tcp_listen_input: listen backlog exceeded for port %"U16_F"\n", tcphdr->dest));
+      return ERR_ABRT;
+    }
+#endif /* TCP_LISTEN_BACKLOG */
+    npcb = tcp_alloc(pcb->prio);
+    /* If a new PCB could not be created (probably due to lack of memory),
+       we don't do anything, but rely on the sender will retransmit the
+       SYN at a time when we have more memory available. */
+    if (npcb == NULL) {
+      LWIP_DEBUGF(TCP_DEBUG, ("tcp_listen_input: could not allocate PCB\n"));
+      TCP_STATS_INC(tcp.memerr);
+      return ERR_MEM;
+    }
+#if TCP_LISTEN_BACKLOG
+    pcb->accepts_pending++;
+#endif /* TCP_LISTEN_BACKLOG */
+    /* Set up the new PCB. */
+#if LWIP_IPV6
+    PCB_ISIPV6(npcb) = ip_current_is_v6();
+#endif /* LWIP_IPV6 */
+    ipX_addr_copy(ip_current_is_v6(), npcb->local_ip, *ipX_current_dest_addr());
+    ipX_addr_copy(ip_current_is_v6(), npcb->remote_ip, *ipX_current_src_addr());
+    npcb->bound_to_netif = pcb->bound_to_netif;
+    npcb->local_port = tcphdr->dest;
+    memcpy(npcb->local_netif, pcb->local_netif, sizeof(pcb->local_netif));
+    npcb->remote_port = tcphdr->src;
+    npcb->state = SYN_RCVD;
+    npcb->rcv_nxt = seqno + 1;
+    npcb->rcv_ann_right_edge = npcb->rcv_nxt;
+    npcb->snd_wnd = tcphdr->wnd;
+    npcb->snd_wnd_max = tcphdr->wnd;
+    npcb->ssthresh = npcb->snd_wnd;
+    npcb->snd_wl1 = seqno - 1;/* initialise to seqno-1 to force window update */
+    npcb->callback_arg = pcb->callback_arg;
+#if LWIP_CALLBACK_API
+    npcb->accept = pcb->accept;
+#endif /* LWIP_CALLBACK_API */
+    /* inherit socket options */
+    npcb->so_options = pcb->so_options & SOF_INHERITED;
+    /* Register the new PCB so that we can begin receiving segments
+       for it. */
+    TCP_REG_ACTIVE(npcb);
+
+    /* Parse any options in the SYN. */
+    tcp_parseopt(npcb);
+#if TCP_CALCULATE_EFF_SEND_MSS
+    npcb->mss = tcp_eff_send_mss(npcb->mss, &npcb->local_ip,
+      &npcb->remote_ip, PCB_ISIPV6(npcb));
+#endif /* TCP_CALCULATE_EFF_SEND_MSS */
+
+    snmp_inc_tcppassiveopens();
+
+    /* Send a SYN|ACK together with the MSS option. */
+    rc = tcp_enqueue_flags(npcb, TCP_SYN | TCP_ACK);
+    if (rc != ERR_OK) {
+      tcp_abandon(npcb, 0);
+      return rc;
+    }
+    return tcp_output(npcb);
+  }
+  return ERR_OK;
+}
+
+/**
+ * Called by tcp_input() when a segment arrives for a connection in
+ * TIME_WAIT.
+ *
+ * @param pcb the tcp_pcb for which a segment arrived
+ *
+ * @note the segment which arrived is saved in global variables, therefore only the pcb
+ *       involved is passed as a parameter to this function
+ */
+static err_t
+tcp_timewait_input(struct tcp_pcb *pcb)
+{
+  /* RFC 1337: in TIME_WAIT, ignore RST and ACK FINs + any 'acceptable' segments */
+  /* RFC 793 3.9 Event Processing - Segment Arrives:
+   * - first check sequence number - we skip that one in TIME_WAIT (always
+   *   acceptable since we only send ACKs)
+   * - second check the RST bit (... return) */
+  if (flags & TCP_RST)  {
+    return ERR_OK;
+  }
+  /* - fourth, check the SYN bit, */
+  if (flags & TCP_SYN) {
+    /* If an incoming segment is not acceptable, an acknowledgment
+       should be sent in reply */
+    if (TCP_SEQ_BETWEEN(seqno, pcb->rcv_nxt, pcb->rcv_nxt+pcb->rcv_wnd)) {
+      /* If the SYN is in the window it is an error, send a reset */
+      tcp_rst(ackno, seqno + tcplen, ipX_current_dest_addr(),
+        ipX_current_src_addr(), tcphdr->dest, tcphdr->src, ip_current_is_v6());
+      return ERR_OK;
+    }
+  } else if (flags & TCP_FIN) {
+    /* - eighth, check the FIN bit: Remain in the TIME-WAIT state.
+         Restart the 2 MSL time-wait timeout.*/
+    pcb->tmr = tcp_ticks;
+  }
+
+  if ((tcplen > 0))  {
+    /* Acknowledge data, FIN or out-of-window SYN */
+    pcb->flags |= TF_ACK_NOW;
+    return tcp_output(pcb);
+  }
+  return ERR_OK;
+}
+
+/**
+ * Implements the TCP state machine. Called by tcp_input. In some
+ * states tcp_receive() is called to receive data. The tcp_seg
+ * argument will be freed by the caller (tcp_input()) unless the
+ * recv_data pointer in the pcb is set.
+ *
+ * @param pcb the tcp_pcb for which a segment arrived
+ *
+ * @note the segment which arrived is saved in global variables, therefore only the pcb
+ *       involved is passed as a parameter to this function
+ */
+static err_t
+tcp_process(struct tcp_pcb *pcb)
+{
+  struct tcp_seg *rseg;
+  u8_t acceptable = 0;
+  err_t err;
+
+  err = ERR_OK;
+
+  /* Process incoming RST segments. */
+  if (flags & TCP_RST) {
+    /* First, determine if the reset is acceptable. */
+    if (pcb->state == SYN_SENT) {
+      if (ackno == pcb->snd_nxt) {
+        acceptable = 1;
+      }
+    } else {
+      if (TCP_SEQ_BETWEEN(seqno, pcb->rcv_nxt, 
+                          pcb->rcv_nxt+pcb->rcv_wnd)) {
+        acceptable = 1;
+      }
+    }
+
+    if (acceptable) {
+      LWIP_DEBUGF(TCP_INPUT_DEBUG, ("tcp_process: Connection RESET\n"));
+      LWIP_ASSERT("tcp_input: pcb->state != CLOSED", pcb->state != CLOSED);
+      recv_flags |= TF_RESET;
+      pcb->flags &= ~TF_ACK_DELAY;
+      return ERR_RST;
+    } else {
+      LWIP_DEBUGF(TCP_INPUT_DEBUG, ("tcp_process: unacceptable reset seqno %"U32_F" rcv_nxt %"U32_F"\n",
+       seqno, pcb->rcv_nxt));
+      LWIP_DEBUGF(TCP_DEBUG, ("tcp_process: unacceptable reset seqno %"U32_F" rcv_nxt %"U32_F"\n",
+       seqno, pcb->rcv_nxt));
+      return ERR_OK;
+    }
+  }
+
+  if ((flags & TCP_SYN) && (pcb->state != SYN_SENT && pcb->state != SYN_RCVD)) { 
+    /* Cope with new connection attempt after remote end crashed */
+    tcp_ack_now(pcb);
+    return ERR_OK;
+  }
+  
+  if ((pcb->flags & TF_RXCLOSED) == 0) {
+    /* Update the PCB (in)activity timer unless rx is closed (see tcp_shutdown) */
+    pcb->tmr = tcp_ticks;
+  }
+  pcb->keep_cnt_sent = 0;
+
+  tcp_parseopt(pcb);
+
+  /* Do different things depending on the TCP state. */
+  switch (pcb->state) {
+  case SYN_SENT:
+    LWIP_DEBUGF(TCP_INPUT_DEBUG, ("SYN-SENT: ackno %"U32_F" pcb->snd_nxt %"U32_F" unacked %"U32_F"\n", ackno,
+     pcb->snd_nxt, ntohl(pcb->unacked->tcphdr->seqno)));
+    /* received SYN ACK with expected sequence number? */
+    if ((flags & TCP_ACK) && (flags & TCP_SYN)
+        && ackno == ntohl(pcb->unacked->tcphdr->seqno) + 1) {
+      pcb->snd_buf++;
+      pcb->rcv_nxt = seqno + 1;
+      pcb->rcv_ann_right_edge = pcb->rcv_nxt;
+      pcb->lastack = ackno;
+      pcb->snd_wnd = tcphdr->wnd;
+      pcb->snd_wnd_max = tcphdr->wnd;
+      pcb->snd_wl1 = seqno - 1; /* initialise to seqno - 1 to force window update */
+      pcb->state = ESTABLISHED;
+
+#if TCP_CALCULATE_EFF_SEND_MSS
+      pcb->mss = tcp_eff_send_mss(pcb->mss, &pcb->local_ip, &pcb->remote_ip,
+        PCB_ISIPV6(pcb));
+#endif /* TCP_CALCULATE_EFF_SEND_MSS */
+
+      /* Set ssthresh again after changing pcb->mss (already set in tcp_connect
+       * but for the default value of pcb->mss) */
+      pcb->ssthresh = pcb->mss * 10;
+
+      pcb->cwnd = ((pcb->cwnd == 1) ? (pcb->mss * 2) : pcb->mss);
+      LWIP_ASSERT("pcb->snd_queuelen > 0", (pcb->snd_queuelen > 0));
+      --pcb->snd_queuelen;
+      LWIP_DEBUGF(TCP_QLEN_DEBUG, ("tcp_process: SYN-SENT --queuelen %"U16_F"\n", (u16_t)pcb->snd_queuelen));
+      rseg = pcb->unacked;
+      pcb->unacked = rseg->next;
+      tcp_seg_free(rseg);
+
+      /* If there's nothing left to acknowledge, stop the retransmit
+         timer, otherwise reset it to start again */
+      if(pcb->unacked == NULL)
+        pcb->rtime = -1;
+      else {
+        pcb->rtime = 0;
+        pcb->nrtx = 0;
+      }
+
+      /* Call the user specified function to call when sucessfully
+       * connected. */
+      TCP_EVENT_CONNECTED(pcb, ERR_OK, err);
+      if (err == ERR_ABRT) {
+        return ERR_ABRT;
+      }
+      tcp_ack_now(pcb);
+    }
+    /* received ACK? possibly a half-open connection */
+    else if (flags & TCP_ACK) {
+      /* send a RST to bring the other side in a non-synchronized state. */
+      tcp_rst(ackno, seqno + tcplen, ipX_current_dest_addr(),
+        ipX_current_src_addr(), tcphdr->dest, tcphdr->src, ip_current_is_v6());
+    }
+    break;
+  case SYN_RCVD:
+    if (flags & TCP_ACK) {
+      /* expected ACK number? */
+      if (TCP_SEQ_BETWEEN(ackno, pcb->lastack+1, pcb->snd_nxt)) {
+        u16_t old_cwnd;
+        pcb->state = ESTABLISHED;
+        LWIP_DEBUGF(TCP_DEBUG, ("TCP connection established %"U16_F" -> %"U16_F".\n", inseg.tcphdr->src, inseg.tcphdr->dest));
+#if LWIP_CALLBACK_API
+        LWIP_ASSERT("pcb->accept != NULL", pcb->accept != NULL);
+#endif
+        /* Call the accept function. */
+        TCP_EVENT_ACCEPT(pcb, ERR_OK, err);
+        if (err != ERR_OK) {
+          /* If the accept function returns with an error, we abort
+           * the connection. */
+          /* Already aborted? */
+          if (err != ERR_ABRT) {
+            tcp_abort(pcb);
+          }
+          return ERR_ABRT;
+        }
+        old_cwnd = pcb->cwnd;
+        /* If there was any data contained within this ACK,
+         * we'd better pass it on to the application as well. */
+        tcp_receive(pcb);
+
+        /* Prevent ACK for SYN to generate a sent event */
+        if (pcb->acked != 0) {
+          pcb->acked--;
+        }
+
+        pcb->cwnd = ((old_cwnd == 1) ? (pcb->mss * 2) : pcb->mss);
+
+        if (recv_flags & TF_GOT_FIN) {
+          tcp_ack_now(pcb);
+          pcb->state = CLOSE_WAIT;
+        }
+      } else {
+        /* incorrect ACK number, send RST */
+        tcp_rst(ackno, seqno + tcplen, ipX_current_dest_addr(),
+          ipX_current_src_addr(), tcphdr->dest, tcphdr->src, ip_current_is_v6());
+      }
+    } else if ((flags & TCP_SYN) && (seqno == pcb->rcv_nxt - 1)) {
+      /* Looks like another copy of the SYN - retransmit our SYN-ACK */
+      tcp_rexmit(pcb);
+    }
+    break;
+  case CLOSE_WAIT:
+    /* FALLTHROUGH */
+  case ESTABLISHED:
+    tcp_receive(pcb);
+    if (recv_flags & TF_GOT_FIN) { /* passive close */
+      tcp_ack_now(pcb);
+      pcb->state = CLOSE_WAIT;
+    }
+    break;
+  case FIN_WAIT_1:
+    tcp_receive(pcb);
+    if (recv_flags & TF_GOT_FIN) {
+      if ((flags & TCP_ACK) && (ackno == pcb->snd_nxt)) {
+        LWIP_DEBUGF(TCP_DEBUG,
+          ("TCP connection closed: FIN_WAIT_1 %"U16_F" -> %"U16_F".\n", inseg.tcphdr->src, inseg.tcphdr->dest));
+        tcp_ack_now(pcb);
+        tcp_pcb_purge(pcb);
+        TCP_RMV_ACTIVE(pcb);
+        pcb->state = TIME_WAIT;
+        TCP_REG(&tcp_tw_pcbs, pcb);
+      } else {
+        tcp_ack_now(pcb);
+        pcb->state = CLOSING;
+      }
+    } else if ((flags & TCP_ACK) && (ackno == pcb->snd_nxt)) {
+      pcb->state = FIN_WAIT_2;
+    }
+    break;
+  case FIN_WAIT_2:
+    tcp_receive(pcb);
+    if (recv_flags & TF_GOT_FIN) {
+      LWIP_DEBUGF(TCP_DEBUG, ("TCP connection closed: FIN_WAIT_2 %"U16_F" -> %"U16_F".\n", inseg.tcphdr->src, inseg.tcphdr->dest));
+      tcp_ack_now(pcb);
+      tcp_pcb_purge(pcb);
+      TCP_RMV_ACTIVE(pcb);
+      pcb->state = TIME_WAIT;
+      TCP_REG(&tcp_tw_pcbs, pcb);
+    }
+    break;
+  case CLOSING:
+    tcp_receive(pcb);
+    if (flags & TCP_ACK && ackno == pcb->snd_nxt) {
+      LWIP_DEBUGF(TCP_DEBUG, ("TCP connection closed: CLOSING %"U16_F" -> %"U16_F".\n", inseg.tcphdr->src, inseg.tcphdr->dest));
+      tcp_pcb_purge(pcb);
+      TCP_RMV_ACTIVE(pcb);
+      pcb->state = TIME_WAIT;
+      TCP_REG(&tcp_tw_pcbs, pcb);
+    }
+    break;
+  case LAST_ACK:
+    tcp_receive(pcb);
+    if (flags & TCP_ACK && ackno == pcb->snd_nxt) {
+      LWIP_DEBUGF(TCP_DEBUG, ("TCP connection closed: LAST_ACK %"U16_F" -> %"U16_F".\n", inseg.tcphdr->src, inseg.tcphdr->dest));
+      /* bugfix #21699: don't set pcb->state to CLOSED here or we risk leaking segments */
+      recv_flags |= TF_CLOSED;
+    }
+    break;
+  default:
+    break;
+  }
+  return ERR_OK;
+}
+
+#if TCP_QUEUE_OOSEQ
+/**
+ * Insert segment into the list (segments covered with new one will be deleted)
+ *
+ * Called from tcp_receive()
+ */
+static void
+tcp_oos_insert_segment(struct tcp_seg *cseg, struct tcp_seg *next)
+{
+  struct tcp_seg *old_seg;
+
+  if (TCPH_FLAGS(cseg->tcphdr) & TCP_FIN) {
+    /* received segment overlaps all following segments */
+    tcp_segs_free(next);
+    next = NULL;
+  }
+  else {
+    /* delete some following segments
+       oos queue may have segments with FIN flag */
+    while (next &&
+           TCP_SEQ_GEQ((seqno + cseg->len),
+                      (next->tcphdr->seqno + next->len))) {
+      /* cseg with FIN already processed */
+      if (TCPH_FLAGS(next->tcphdr) & TCP_FIN) {
+        TCPH_SET_FLAG(cseg->tcphdr, TCP_FIN);
+      }
+      old_seg = next;
+      next = next->next;
+      tcp_seg_free(old_seg);
+    }
+    if (next &&
+        TCP_SEQ_GT(seqno + cseg->len, next->tcphdr->seqno)) {
+      /* We need to trim the incoming segment. */
+      cseg->len = (u16_t)(next->tcphdr->seqno - seqno);
+      pbuf_realloc(cseg->p, cseg->len);
+    }
+  }
+  cseg->next = next;
+}
+#endif /* TCP_QUEUE_OOSEQ */
+
+/**
+ * Called by tcp_process. Checks if the given segment is an ACK for outstanding
+ * data, and if so frees the memory of the buffered data. Next, is places the
+ * segment on any of the receive queues (pcb->recved or pcb->ooseq). If the segment
+ * is buffered, the pbuf is referenced by pbuf_ref so that it will not be freed until
+ * it has been removed from the buffer.
+ *
+ * If the incoming segment constitutes an ACK for a segment that was used for RTT
+ * estimation, the RTT is estimated here as well.
+ *
+ * Called from tcp_process().
+ */
+static void
+tcp_receive(struct tcp_pcb *pcb)
+{
+  struct tcp_seg *next;
+#if TCP_QUEUE_OOSEQ
+  struct tcp_seg *prev, *cseg;
+#endif /* TCP_QUEUE_OOSEQ */
+  struct pbuf *p;
+  s32_t off;
+  s16_t m;
+  u32_t right_wnd_edge;
+  u16_t new_tot_len;
+  int found_dupack = 0;
+#if TCP_OOSEQ_MAX_BYTES || TCP_OOSEQ_MAX_PBUFS
+  u32_t ooseq_blen;
+  u16_t ooseq_qlen;
+#endif /* TCP_OOSEQ_MAX_BYTES || TCP_OOSEQ_MAX_PBUFS */
+
+  LWIP_ASSERT("tcp_receive: wrong state", pcb->state >= ESTABLISHED);
+
+  if (flags & TCP_ACK) {
+    right_wnd_edge = pcb->snd_wnd + pcb->snd_wl2;
+
+    /* Update window. */
+    if (TCP_SEQ_LT(pcb->snd_wl1, seqno) ||
+       (pcb->snd_wl1 == seqno && TCP_SEQ_LT(pcb->snd_wl2, ackno)) ||
+       (pcb->snd_wl2 == ackno && tcphdr->wnd > pcb->snd_wnd)) {
+      pcb->snd_wnd = tcphdr->wnd;
+      /* keep track of the biggest window announced by the remote host to calculate
+         the maximum segment size */
+      if (pcb->snd_wnd_max < tcphdr->wnd) {
+        pcb->snd_wnd_max = tcphdr->wnd;
+      }
+      pcb->snd_wl1 = seqno;
+      pcb->snd_wl2 = ackno;
+      if (pcb->snd_wnd == 0) {
+        if (pcb->persist_backoff == 0) {
+          /* start persist timer */
+          pcb->persist_cnt = 0;
+          pcb->persist_backoff = 1;
+        }
+      } else if (pcb->persist_backoff > 0) {
+        /* stop persist timer */
+          pcb->persist_backoff = 0;
+      }
+      LWIP_DEBUGF(TCP_WND_DEBUG, ("tcp_receive: window update %"U16_F"\n", pcb->snd_wnd));
+#if TCP_WND_DEBUG
+    } else {
+      if (pcb->snd_wnd != tcphdr->wnd) {
+        LWIP_DEBUGF(TCP_WND_DEBUG, 
+                    ("tcp_receive: no window update lastack %"U32_F" ackno %"
+                     U32_F" wl1 %"U32_F" seqno %"U32_F" wl2 %"U32_F"\n",
+                     pcb->lastack, ackno, pcb->snd_wl1, seqno, pcb->snd_wl2));
+      }
+#endif /* TCP_WND_DEBUG */
+    }
+
+    /* (From Stevens TCP/IP Illustrated Vol II, p970.) Its only a
+     * duplicate ack if:
+     * 1) It doesn't ACK new data 
+     * 2) length of received packet is zero (i.e. no payload) 
+     * 3) the advertised window hasn't changed 
+     * 4) There is outstanding unacknowledged data (retransmission timer running)
+     * 5) The ACK is == biggest ACK sequence number so far seen (snd_una)
+     * 
+     * If it passes all five, should process as a dupack: 
+     * a) dupacks < 3: do nothing 
+     * b) dupacks == 3: fast retransmit 
+     * c) dupacks > 3: increase cwnd 
+     * 
+     * If it only passes 1-3, should reset dupack counter (and add to
+     * stats, which we don't do in lwIP)
+     *
+     * If it only passes 1, should reset dupack counter
+     *
+     */
+
+    /* Clause 1 */
+    if (TCP_SEQ_LEQ(ackno, pcb->lastack)) {
+      pcb->acked = 0;
+      /* Clause 2 */
+      if (tcplen == 0) {
+        /* Clause 3 */
+        if (pcb->snd_wl2 + pcb->snd_wnd == right_wnd_edge){
+          /* Clause 4 */
+          if (pcb->rtime >= 0) {
+            /* Clause 5 */
+            if (pcb->lastack == ackno) {
+              found_dupack = 1;
+              if ((u8_t)(pcb->dupacks + 1) > pcb->dupacks) {
+                ++pcb->dupacks;
+              }
+              if (pcb->dupacks > 3) {
+                /* Inflate the congestion window, but not if it means that
+                   the value overflows. */
+                if ((u16_t)(pcb->cwnd + pcb->mss) > pcb->cwnd) {
+                  pcb->cwnd += pcb->mss;
+                }
+              } else if (pcb->dupacks == 3) {
+                /* Do fast retransmit */
+                tcp_rexmit_fast(pcb);
+              }
+            }
+          }
+        }
+      }
+      /* If Clause (1) or more is true, but not a duplicate ack, reset
+       * count of consecutive duplicate acks */
+      if (!found_dupack) {
+        pcb->dupacks = 0;
+      }
+    } else if (TCP_SEQ_BETWEEN(ackno, pcb->lastack+1, pcb->snd_nxt)){
+      /* We come here when the ACK acknowledges new data. */
+
+      /* Reset the "IN Fast Retransmit" flag, since we are no longer
+         in fast retransmit. Also reset the congestion window to the
+         slow start threshold. */
+      if (pcb->flags & TF_INFR) {
+        pcb->flags &= ~TF_INFR;
+        pcb->cwnd = pcb->ssthresh;
+      }
+
+      /* Reset the number of retransmissions. */
+      pcb->nrtx = 0;
+
+      /* Reset the retransmission time-out. */
+      pcb->rto = (pcb->sa >> 3) + pcb->sv;
+
+      /* Update the send buffer space. Diff between the two can never exceed 64K? */
+      pcb->acked = (u16_t)(ackno - pcb->lastack);
+
+      pcb->snd_buf += pcb->acked;
+
+      /* Reset the fast retransmit variables. */
+      pcb->dupacks = 0;
+      pcb->lastack = ackno;
+
+      /* Update the congestion control variables (cwnd and
+         ssthresh). */
+      if (pcb->state >= ESTABLISHED) {
+        if (pcb->cwnd < pcb->ssthresh) {
+          if ((u16_t)(pcb->cwnd + pcb->mss) > pcb->cwnd) {
+            pcb->cwnd += pcb->mss;
+          }
+          LWIP_DEBUGF(TCP_CWND_DEBUG, ("tcp_receive: slow start cwnd %"U16_F"\n", pcb->cwnd));
+        } else {
+          u16_t new_cwnd = (pcb->cwnd + pcb->mss * pcb->mss / pcb->cwnd);
+          if (new_cwnd > pcb->cwnd) {
+            pcb->cwnd = new_cwnd;
+          }
+          LWIP_DEBUGF(TCP_CWND_DEBUG, ("tcp_receive: congestion avoidance cwnd %"U16_F"\n", pcb->cwnd));
+        }
+      }
+      LWIP_DEBUGF(TCP_INPUT_DEBUG, ("tcp_receive: ACK for %"U32_F", unacked->seqno %"U32_F":%"U32_F"\n",
+                                    ackno,
+                                    pcb->unacked != NULL?
+                                    ntohl(pcb->unacked->tcphdr->seqno): 0,
+                                    pcb->unacked != NULL?
+                                    ntohl(pcb->unacked->tcphdr->seqno) + TCP_TCPLEN(pcb->unacked): 0));
+
+      /* Remove segment from the unacknowledged list if the incoming
+         ACK acknowlegdes them. */
+      while (pcb->unacked != NULL &&
+             TCP_SEQ_LEQ(ntohl(pcb->unacked->tcphdr->seqno) +
+                         TCP_TCPLEN(pcb->unacked), ackno)) {
+        LWIP_DEBUGF(TCP_INPUT_DEBUG, ("tcp_receive: removing %"U32_F":%"U32_F" from pcb->unacked\n",
+                                      ntohl(pcb->unacked->tcphdr->seqno),
+                                      ntohl(pcb->unacked->tcphdr->seqno) +
+                                      TCP_TCPLEN(pcb->unacked)));
+
+        next = pcb->unacked;
+        pcb->unacked = pcb->unacked->next;
+
+        LWIP_DEBUGF(TCP_QLEN_DEBUG, ("tcp_receive: queuelen %"U16_F" ... ", (u16_t)pcb->snd_queuelen));
+        LWIP_ASSERT("pcb->snd_queuelen >= pbuf_clen(next->p)", (pcb->snd_queuelen >= pbuf_clen(next->p)));
+        /* Prevent ACK for FIN to generate a sent event */
+        if ((pcb->acked != 0) && ((TCPH_FLAGS(next->tcphdr) & TCP_FIN) != 0)) {
+          pcb->acked--;
+        }
+
+        pcb->snd_queuelen -= pbuf_clen(next->p);
+        tcp_seg_free(next);
+
+        LWIP_DEBUGF(TCP_QLEN_DEBUG, ("%"U16_F" (after freeing unacked)\n", (u16_t)pcb->snd_queuelen));
+        if (pcb->snd_queuelen != 0) {
+          LWIP_ASSERT("tcp_receive: valid queue length", pcb->unacked != NULL ||
+                      pcb->unsent != NULL);
+        }
+      }
+
+      /* If there's nothing left to acknowledge, stop the retransmit
+         timer, otherwise reset it to start again */
+      if(pcb->unacked == NULL)
+        pcb->rtime = -1;
+      else
+        pcb->rtime = 0;
+
+      pcb->polltmr = 0;
+
+#if LWIP_IPV6 && LWIP_ND6_TCP_REACHABILITY_HINTS
+      if (PCB_ISIPV6(pcb)) {
+        /* Inform neighbor reachability of forward progress. */
+        nd6_reachability_hint(ip6_current_src_addr());
+      }
+#endif /* LWIP_IPV6 && LWIP_ND6_TCP_REACHABILITY_HINTS*/
+    } else {
+      /* Fix bug bug #21582: out of sequence ACK, didn't really ack anything */
+      pcb->acked = 0;
+    }
+
+    /* We go through the ->unsent list to see if any of the segments
+       on the list are acknowledged by the ACK. This may seem
+       strange since an "unsent" segment shouldn't be acked. The
+       rationale is that lwIP puts all outstanding segments on the
+       ->unsent list after a retransmission, so these segments may
+       in fact have been sent once. */
+    while (pcb->unsent != NULL &&
+           TCP_SEQ_BETWEEN(ackno, ntohl(pcb->unsent->tcphdr->seqno) + 
+                           TCP_TCPLEN(pcb->unsent), pcb->snd_nxt)) {
+      LWIP_DEBUGF(TCP_INPUT_DEBUG, ("tcp_receive: removing %"U32_F":%"U32_F" from pcb->unsent\n",
+                                    ntohl(pcb->unsent->tcphdr->seqno), ntohl(pcb->unsent->tcphdr->seqno) +
+                                    TCP_TCPLEN(pcb->unsent)));
+
+      next = pcb->unsent;
+      pcb->unsent = pcb->unsent->next;
+#if TCP_OVERSIZE
+      if (pcb->unsent == NULL) {
+        pcb->unsent_oversize = 0;
+      }
+#endif /* TCP_OVERSIZE */ 
+      LWIP_DEBUGF(TCP_QLEN_DEBUG, ("tcp_receive: queuelen %"U16_F" ... ", (u16_t)pcb->snd_queuelen));
+      LWIP_ASSERT("pcb->snd_queuelen >= pbuf_clen(next->p)", (pcb->snd_queuelen >= pbuf_clen(next->p)));
+      /* Prevent ACK for FIN to generate a sent event */
+      if ((pcb->acked != 0) && ((TCPH_FLAGS(next->tcphdr) & TCP_FIN) != 0)) {
+        pcb->acked--;
+      }
+      pcb->snd_queuelen -= pbuf_clen(next->p);
+      tcp_seg_free(next);
+      LWIP_DEBUGF(TCP_QLEN_DEBUG, ("%"U16_F" (after freeing unsent)\n", (u16_t)pcb->snd_queuelen));
+      if (pcb->snd_queuelen != 0) {
+        LWIP_ASSERT("tcp_receive: valid queue length",
+          pcb->unacked != NULL || pcb->unsent != NULL);
+      }
+    }
+    /* End of ACK for new data processing. */
+
+    LWIP_DEBUGF(TCP_RTO_DEBUG, ("tcp_receive: pcb->rttest %"U32_F" rtseq %"U32_F" ackno %"U32_F"\n",
+                                pcb->rttest, pcb->rtseq, ackno));
+
+    /* RTT estimation calculations. This is done by checking if the
+       incoming segment acknowledges the segment we use to take a
+       round-trip time measurement. */
+    if (pcb->rttest && TCP_SEQ_LT(pcb->rtseq, ackno)) {
+      /* diff between this shouldn't exceed 32K since this are tcp timer ticks
+         and a round-trip shouldn't be that long... */
+      m = (s16_t)(tcp_ticks - pcb->rttest);
+
+      LWIP_DEBUGF(TCP_RTO_DEBUG, ("tcp_receive: experienced rtt %"U16_F" ticks (%"U16_F" msec).\n",
+                                  m, m * TCP_SLOW_INTERVAL));
+
+      /* This is taken directly from VJs original code in his paper */
+      m = m - (pcb->sa >> 3);
+      pcb->sa += m;
+      if (m < 0) {
+        m = -m;
+      }
+      m = m - (pcb->sv >> 2);
+      pcb->sv += m;
+      pcb->rto = (pcb->sa >> 3) + pcb->sv;
+
+      LWIP_DEBUGF(TCP_RTO_DEBUG, ("tcp_receive: RTO %"U16_F" (%"U16_F" milliseconds)\n",
+                                  pcb->rto, pcb->rto * TCP_SLOW_INTERVAL));
+
+      pcb->rttest = 0;
+    }
+  }
+
+  /* If the incoming segment contains data, we must process it
+     further unless the pcb already received a FIN.
+     (RFC 793, chapeter 3.9, "SEGMENT ARRIVES" in states CLOSE-WAIT, CLOSING,
+     LAST-ACK and TIME-WAIT: "Ignore the segment text.") */
+  if ((tcplen > 0) && (pcb->state < CLOSE_WAIT)) {
+    /* This code basically does three things:
+
+    +) If the incoming segment contains data that is the next
+    in-sequence data, this data is passed to the application. This
+    might involve trimming the first edge of the data. The rcv_nxt
+    variable and the advertised window are adjusted.
+
+    +) If the incoming segment has data that is above the next
+    sequence number expected (->rcv_nxt), the segment is placed on
+    the ->ooseq queue. This is done by finding the appropriate
+    place in the ->ooseq queue (which is ordered by sequence
+    number) and trim the segment in both ends if needed. An
+    immediate ACK is sent to indicate that we received an
+    out-of-sequence segment.
+
+    +) Finally, we check if the first segment on the ->ooseq queue
+    now is in sequence (i.e., if rcv_nxt >= ooseq->seqno). If
+    rcv_nxt > ooseq->seqno, we must trim the first edge of the
+    segment on ->ooseq before we adjust rcv_nxt. The data in the
+    segments that are now on sequence are chained onto the
+    incoming segment so that we only need to call the application
+    once.
+    */
+
+    /* First, we check if we must trim the first edge. We have to do
+       this if the sequence number of the incoming segment is less
+       than rcv_nxt, and the sequence number plus the length of the
+       segment is larger than rcv_nxt. */
+    /*    if (TCP_SEQ_LT(seqno, pcb->rcv_nxt)){
+          if (TCP_SEQ_LT(pcb->rcv_nxt, seqno + tcplen)) {*/
+    if (TCP_SEQ_BETWEEN(pcb->rcv_nxt, seqno + 1, seqno + tcplen - 1)){
+      /* Trimming the first edge is done by pushing the payload
+         pointer in the pbuf downwards. This is somewhat tricky since
+         we do not want to discard the full contents of the pbuf up to
+         the new starting point of the data since we have to keep the
+         TCP header which is present in the first pbuf in the chain.
+
+         What is done is really quite a nasty hack: the first pbuf in
+         the pbuf chain is pointed to by inseg.p. Since we need to be
+         able to deallocate the whole pbuf, we cannot change this
+         inseg.p pointer to point to any of the later pbufs in the
+         chain. Instead, we point the ->payload pointer in the first
+         pbuf to data in one of the later pbufs. We also set the
+         inseg.data pointer to point to the right place. This way, the
+         ->p pointer will still point to the first pbuf, but the
+         ->p->payload pointer will point to data in another pbuf.
+
+         After we are done with adjusting the pbuf pointers we must
+         adjust the ->data pointer in the seg and the segment
+         length.*/
+
+      off = pcb->rcv_nxt - seqno;
+      p = inseg.p;
+      LWIP_ASSERT("inseg.p != NULL", inseg.p);
+      LWIP_ASSERT("insane offset!", (off < 0x7fff));
+      if (inseg.p->len < off) {
+        LWIP_ASSERT("pbuf too short!", (((s32_t)inseg.p->tot_len) >= off));
+        new_tot_len = (u16_t)(inseg.p->tot_len - off);
+        while (p->len < off) {
+          off -= p->len;
+          /* KJM following line changed (with addition of new_tot_len var)
+             to fix bug #9076
+             inseg.p->tot_len -= p->len; */
+          p->tot_len = new_tot_len;
+          p->len = 0;
+          p = p->next;
+        }
+        if(pbuf_header(p, (s16_t)-off)) {
+          /* Do we need to cope with this failing?  Assert for now */
+          LWIP_ASSERT("pbuf_header failed", 0);
+        }
+      } else {
+        if(pbuf_header(inseg.p, (s16_t)-off)) {
+          /* Do we need to cope with this failing?  Assert for now */
+          LWIP_ASSERT("pbuf_header failed", 0);
+        }
+      }
+      inseg.len -= (u16_t)(pcb->rcv_nxt - seqno);
+      inseg.tcphdr->seqno = seqno = pcb->rcv_nxt;
+    }
+    else {
+      if (TCP_SEQ_LT(seqno, pcb->rcv_nxt)){
+        /* the whole segment is < rcv_nxt */
+        /* must be a duplicate of a packet that has already been correctly handled */
+
+        LWIP_DEBUGF(TCP_INPUT_DEBUG, ("tcp_receive: duplicate seqno %"U32_F"\n", seqno));
+        tcp_ack_now(pcb);
+      }
+    }
+
+    /* The sequence number must be within the window (above rcv_nxt
+       and below rcv_nxt + rcv_wnd) in order to be further
+       processed. */
+    if (TCP_SEQ_BETWEEN(seqno, pcb->rcv_nxt, 
+                        pcb->rcv_nxt + pcb->rcv_wnd - 1)){
+      if (pcb->rcv_nxt == seqno) {
+        /* The incoming segment is the next in sequence. We check if
+           we have to trim the end of the segment and update rcv_nxt
+           and pass the data to the application. */
+        tcplen = TCP_TCPLEN(&inseg);
+
+        if (tcplen > pcb->rcv_wnd) {
+          LWIP_DEBUGF(TCP_INPUT_DEBUG, 
+                      ("tcp_receive: other end overran receive window"
+                       "seqno %"U32_F" len %"U16_F" right edge %"U32_F"\n",
+                       seqno, tcplen, pcb->rcv_nxt + pcb->rcv_wnd));
+          if (TCPH_FLAGS(inseg.tcphdr) & TCP_FIN) {
+            /* Must remove the FIN from the header as we're trimming 
+             * that byte of sequence-space from the packet */
+            TCPH_FLAGS_SET(inseg.tcphdr, TCPH_FLAGS(inseg.tcphdr) &~ TCP_FIN);
+          }
+          /* Adjust length of segment to fit in the window. */
+          inseg.len = pcb->rcv_wnd;
+          if (TCPH_FLAGS(inseg.tcphdr) & TCP_SYN) {
+            inseg.len -= 1;
+          }
+          pbuf_realloc(inseg.p, inseg.len);
+          tcplen = TCP_TCPLEN(&inseg);
+          LWIP_ASSERT("tcp_receive: segment not trimmed correctly to rcv_wnd\n",
+                      (seqno + tcplen) == (pcb->rcv_nxt + pcb->rcv_wnd));
+        }
+#if TCP_QUEUE_OOSEQ
+        /* Received in-sequence data, adjust ooseq data if:
+           - FIN has been received or
+           - inseq overlaps with ooseq */
+        if (pcb->ooseq != NULL) {
+          if (TCPH_FLAGS(inseg.tcphdr) & TCP_FIN) {
+            LWIP_DEBUGF(TCP_INPUT_DEBUG, 
+                        ("tcp_receive: received in-order FIN, binning ooseq queue\n"));
+            /* Received in-order FIN means anything that was received
+             * out of order must now have been received in-order, so
+             * bin the ooseq queue */
+            while (pcb->ooseq != NULL) {
+              struct tcp_seg *old_ooseq = pcb->ooseq;
+              pcb->ooseq = pcb->ooseq->next;
+              tcp_seg_free(old_ooseq);
+            }
+          } else {
+            next = pcb->ooseq;
+            /* Remove all segments on ooseq that are covered by inseg already.
+             * FIN is copied from ooseq to inseg if present. */
+            while (next &&
+                   TCP_SEQ_GEQ(seqno + tcplen,
+                               next->tcphdr->seqno + next->len)) {
+              /* inseg cannot have FIN here (already processed above) */
+              if (TCPH_FLAGS(next->tcphdr) & TCP_FIN &&
+                  (TCPH_FLAGS(inseg.tcphdr) & TCP_SYN) == 0) {
+                TCPH_SET_FLAG(inseg.tcphdr, TCP_FIN);
+                tcplen = TCP_TCPLEN(&inseg);
+              }
+              prev = next;
+              next = next->next;
+              tcp_seg_free(prev);
+            }
+            /* Now trim right side of inseg if it overlaps with the first
+             * segment on ooseq */
+            if (next &&
+                TCP_SEQ_GT(seqno + tcplen,
+                           next->tcphdr->seqno)) {
+              /* inseg cannot have FIN here (already processed above) */
+              inseg.len = (u16_t)(next->tcphdr->seqno - seqno);
+              if (TCPH_FLAGS(inseg.tcphdr) & TCP_SYN) {
+                inseg.len -= 1;
+              }
+              pbuf_realloc(inseg.p, inseg.len);
+              tcplen = TCP_TCPLEN(&inseg);
+              LWIP_ASSERT("tcp_receive: segment not trimmed correctly to ooseq queue\n",
+                          (seqno + tcplen) == next->tcphdr->seqno);
+            }
+            pcb->ooseq = next;
+          }
+        }
+#endif /* TCP_QUEUE_OOSEQ */
+
+        pcb->rcv_nxt = seqno + tcplen;
+
+        /* Update the receiver's (our) window. */
+        LWIP_ASSERT("tcp_receive: tcplen > rcv_wnd\n", pcb->rcv_wnd >= tcplen);
+        pcb->rcv_wnd -= tcplen;
+
+        tcp_update_rcv_ann_wnd(pcb);
+
+        /* If there is data in the segment, we make preparations to
+           pass this up to the application. The ->recv_data variable
+           is used for holding the pbuf that goes to the
+           application. The code for reassembling out-of-sequence data
+           chains its data on this pbuf as well.
+
+           If the segment was a FIN, we set the TF_GOT_FIN flag that will
+           be used to indicate to the application that the remote side has
+           closed its end of the connection. */
+        if (inseg.p->tot_len > 0) {
+          recv_data = inseg.p;
+          /* Since this pbuf now is the responsibility of the
+             application, we delete our reference to it so that we won't
+             (mistakingly) deallocate it. */
+          inseg.p = NULL;
+        }
+        if (TCPH_FLAGS(inseg.tcphdr) & TCP_FIN) {
+          LWIP_DEBUGF(TCP_INPUT_DEBUG, ("tcp_receive: received FIN.\n"));
+          recv_flags |= TF_GOT_FIN;
+        }
+
+#if TCP_QUEUE_OOSEQ
+        /* We now check if we have segments on the ->ooseq queue that
+           are now in sequence. */
+        while (pcb->ooseq != NULL &&
+               pcb->ooseq->tcphdr->seqno == pcb->rcv_nxt) {
+
+          cseg = pcb->ooseq;
+          seqno = pcb->ooseq->tcphdr->seqno;
+
+          pcb->rcv_nxt += TCP_TCPLEN(cseg);
+          LWIP_ASSERT("tcp_receive: ooseq tcplen > rcv_wnd\n",
+                      pcb->rcv_wnd >= TCP_TCPLEN(cseg));
+          pcb->rcv_wnd -= TCP_TCPLEN(cseg);
+
+          tcp_update_rcv_ann_wnd(pcb);
+
+          if (cseg->p->tot_len > 0) {
+            /* Chain this pbuf onto the pbuf that we will pass to
+               the application. */
+            if (recv_data) {
+              pbuf_cat(recv_data, cseg->p);
+            } else {
+              recv_data = cseg->p;
+            }
+            cseg->p = NULL;
+          }
+          if (TCPH_FLAGS(cseg->tcphdr) & TCP_FIN) {
+            LWIP_DEBUGF(TCP_INPUT_DEBUG, ("tcp_receive: dequeued FIN.\n"));
+            recv_flags |= TF_GOT_FIN;
+            if (pcb->state == ESTABLISHED) { /* force passive close or we can move to active close */
+              pcb->state = CLOSE_WAIT;
+            } 
+          }
+
+          pcb->ooseq = cseg->next;
+          tcp_seg_free(cseg);
+        }
+#endif /* TCP_QUEUE_OOSEQ */
+
+
+        /* Acknowledge the segment(s). */
+        tcp_ack(pcb);
+
+#if LWIP_IPV6 && LWIP_ND6_TCP_REACHABILITY_HINTS
+        if (PCB_ISIPV6(pcb)) {
+          /* Inform neighbor reachability of forward progress. */
+          nd6_reachability_hint(ip6_current_src_addr());
+        }
+#endif /* LWIP_IPV6 && LWIP_ND6_TCP_REACHABILITY_HINTS*/
+
+      } else {
+        /* We get here if the incoming segment is out-of-sequence. */
+        tcp_send_empty_ack(pcb);
+#if TCP_QUEUE_OOSEQ
+        /* We queue the segment on the ->ooseq queue. */
+        if (pcb->ooseq == NULL) {
+          pcb->ooseq = tcp_seg_copy(&inseg);
+        } else {
+          /* If the queue is not empty, we walk through the queue and
+             try to find a place where the sequence number of the
+             incoming segment is between the sequence numbers of the
+             previous and the next segment on the ->ooseq queue. That is
+             the place where we put the incoming segment. If needed, we
+             trim the second edges of the previous and the incoming
+             segment so that it will fit into the sequence.
+
+             If the incoming segment has the same sequence number as a
+             segment on the ->ooseq queue, we discard the segment that
+             contains less data. */
+
+          prev = NULL;
+          for(next = pcb->ooseq; next != NULL; next = next->next) {
+            if (seqno == next->tcphdr->seqno) {
+              /* The sequence number of the incoming segment is the
+                 same as the sequence number of the segment on
+                 ->ooseq. We check the lengths to see which one to
+                 discard. */
+              if (inseg.len > next->len) {
+                /* The incoming segment is larger than the old
+                   segment. We replace some segments with the new
+                   one. */
+                cseg = tcp_seg_copy(&inseg);
+                if (cseg != NULL) {
+                  if (prev != NULL) {
+                    prev->next = cseg;
+                  } else {
+                    pcb->ooseq = cseg;
+                  }
+                  tcp_oos_insert_segment(cseg, next);
+                }
+                break;
+              } else {
+                /* Either the lenghts are the same or the incoming
+                   segment was smaller than the old one; in either
+                   case, we ditch the incoming segment. */
+                break;
+              }
+            } else {
+              if (prev == NULL) {
+                if (TCP_SEQ_LT(seqno, next->tcphdr->seqno)) {
+                  /* The sequence number of the incoming segment is lower
+                     than the sequence number of the first segment on the
+                     queue. We put the incoming segment first on the
+                     queue. */
+                  cseg = tcp_seg_copy(&inseg);
+                  if (cseg != NULL) {
+                    pcb->ooseq = cseg;
+                    tcp_oos_insert_segment(cseg, next);
+                  }
+                  break;
+                }
+              } else {
+                /*if (TCP_SEQ_LT(prev->tcphdr->seqno, seqno) &&
+                  TCP_SEQ_LT(seqno, next->tcphdr->seqno)) {*/
+                if (TCP_SEQ_BETWEEN(seqno, prev->tcphdr->seqno+1, next->tcphdr->seqno-1)) {
+                  /* The sequence number of the incoming segment is in
+                     between the sequence numbers of the previous and
+                     the next segment on ->ooseq. We trim trim the previous
+                     segment, delete next segments that included in received segment
+                     and trim received, if needed. */
+                  cseg = tcp_seg_copy(&inseg);
+                  if (cseg != NULL) {
+                    if (TCP_SEQ_GT(prev->tcphdr->seqno + prev->len, seqno)) {
+                      /* We need to trim the prev segment. */
+                      prev->len = (u16_t)(seqno - prev->tcphdr->seqno);
+                      pbuf_realloc(prev->p, prev->len);
+                    }
+                    prev->next = cseg;
+                    tcp_oos_insert_segment(cseg, next);
+                  }
+                  break;
+                }
+              }
+              /* If the "next" segment is the last segment on the
+                 ooseq queue, we add the incoming segment to the end
+                 of the list. */
+              if (next->next == NULL &&
+                  TCP_SEQ_GT(seqno, next->tcphdr->seqno)) {
+                if (TCPH_FLAGS(next->tcphdr) & TCP_FIN) {
+                  /* segment "next" already contains all data */
+                  break;
+                }
+                next->next = tcp_seg_copy(&inseg);
+                if (next->next != NULL) {
+                  if (TCP_SEQ_GT(next->tcphdr->seqno + next->len, seqno)) {
+                    /* We need to trim the last segment. */
+                    next->len = (u16_t)(seqno - next->tcphdr->seqno);
+                    pbuf_realloc(next->p, next->len);
+                  }
+                  /* check if the remote side overruns our receive window */
+                  if ((u32_t)tcplen + seqno > pcb->rcv_nxt + (u32_t)pcb->rcv_wnd) {
+                    LWIP_DEBUGF(TCP_INPUT_DEBUG, 
+                                ("tcp_receive: other end overran receive window"
+                                 "seqno %"U32_F" len %"U16_F" right edge %"U32_F"\n",
+                                 seqno, tcplen, pcb->rcv_nxt + pcb->rcv_wnd));
+                    if (TCPH_FLAGS(next->next->tcphdr) & TCP_FIN) {
+                      /* Must remove the FIN from the header as we're trimming 
+                       * that byte of sequence-space from the packet */
+                      TCPH_FLAGS_SET(next->next->tcphdr, TCPH_FLAGS(next->next->tcphdr) &~ TCP_FIN);
+                    }
+                    /* Adjust length of segment to fit in the window. */
+                    next->next->len = pcb->rcv_nxt + pcb->rcv_wnd - seqno;
+                    pbuf_realloc(next->next->p, next->next->len);
+                    tcplen = TCP_TCPLEN(next->next);
+                    LWIP_ASSERT("tcp_receive: segment not trimmed correctly to rcv_wnd\n",
+                                (seqno + tcplen) == (pcb->rcv_nxt + pcb->rcv_wnd));
+                  }
+                }
+                break;
+              }
+            }
+            prev = next;
+          }
+        }
+#if TCP_OOSEQ_MAX_BYTES || TCP_OOSEQ_MAX_PBUFS
+        /* Check that the data on ooseq doesn't exceed one of the limits
+           and throw away everything above that limit. */
+        ooseq_blen = 0;
+        ooseq_qlen = 0;
+        prev = NULL;
+        for(next = pcb->ooseq; next != NULL; prev = next, next = next->next) {
+          struct pbuf *p = next->p;
+          ooseq_blen += p->tot_len;
+          ooseq_qlen += pbuf_clen(p);
+          if ((ooseq_blen > TCP_OOSEQ_MAX_BYTES) ||
+              (ooseq_qlen > TCP_OOSEQ_MAX_PBUFS)) {
+             /* too much ooseq data, dump this and everything after it */
+             tcp_segs_free(next);
+             if (prev == NULL) {
+               /* first ooseq segment is too much, dump the whole queue */
+               pcb->ooseq = NULL;
+             } else {
+               /* just dump 'next' and everything after it */
+               prev->next = NULL;
+             }
+             break;
+          }
+        }
+#endif /* TCP_OOSEQ_MAX_BYTES || TCP_OOSEQ_MAX_PBUFS */
+#endif /* TCP_QUEUE_OOSEQ */
+      }
+    } else {
+      /* The incoming segment is not withing the window. */
+      tcp_send_empty_ack(pcb);
+    }
+  } else {
+    /* Segments with length 0 is taken care of here. Segments that
+       fall out of the window are ACKed. */
+    /*if (TCP_SEQ_GT(pcb->rcv_nxt, seqno) ||
+      TCP_SEQ_GEQ(seqno, pcb->rcv_nxt + pcb->rcv_wnd)) {*/
+    if(!TCP_SEQ_BETWEEN(seqno, pcb->rcv_nxt, pcb->rcv_nxt + pcb->rcv_wnd-1)){
+      tcp_ack_now(pcb);
+    }
+  }
+}
+
+/**
+ * Parses the options contained in the incoming segment. 
+ *
+ * Called from tcp_listen_input() and tcp_process().
+ * Currently, only the MSS option is supported!
+ *
+ * @param pcb the tcp_pcb for which a segment arrived
+ */
+static void
+tcp_parseopt(struct tcp_pcb *pcb)
+{
+  u16_t c, max_c;
+  u16_t mss;
+  u8_t *opts, opt;
+#if LWIP_TCP_TIMESTAMPS
+  u32_t tsval;
+#endif
+
+  opts = (u8_t *)tcphdr + TCP_HLEN;
+
+  /* Parse the TCP MSS option, if present. */
+  if(TCPH_HDRLEN(tcphdr) > 0x5) {
+    max_c = (TCPH_HDRLEN(tcphdr) - 5) << 2;
+    for (c = 0; c < max_c; ) {
+      opt = opts[c];
+      switch (opt) {
+      case 0x00:
+        /* End of options. */
+        LWIP_DEBUGF(TCP_INPUT_DEBUG, ("tcp_parseopt: EOL\n"));
+        return;
+      case 0x01:
+        /* NOP option. */
+        ++c;
+        LWIP_DEBUGF(TCP_INPUT_DEBUG, ("tcp_parseopt: NOP\n"));
+        break;
+      case 0x02:
+        LWIP_DEBUGF(TCP_INPUT_DEBUG, ("tcp_parseopt: MSS\n"));
+        if (opts[c + 1] != 0x04 || c + 0x04 > max_c) {
+          /* Bad length */
+          LWIP_DEBUGF(TCP_INPUT_DEBUG, ("tcp_parseopt: bad length\n"));
+          return;
+        }
+        /* An MSS option with the right option length. */
+        mss = (opts[c + 2] << 8) | opts[c + 3];
+        /* Limit the mss to the configured TCP_MSS and prevent division by zero */
+        pcb->mss = ((mss > TCP_MSS) || (mss == 0)) ? TCP_MSS : mss;
+        /* Advance to next option */
+        c += 0x04;
+        break;
+#if LWIP_TCP_TIMESTAMPS
+      case 0x08:
+        LWIP_DEBUGF(TCP_INPUT_DEBUG, ("tcp_parseopt: TS\n"));
+        if (opts[c + 1] != 0x0A || c + 0x0A > max_c) {
+          /* Bad length */
+          LWIP_DEBUGF(TCP_INPUT_DEBUG, ("tcp_parseopt: bad length\n"));
+          return;
+        }
+        /* TCP timestamp option with valid length */
+        tsval = (opts[c+2]) | (opts[c+3] << 8) | 
+          (opts[c+4] << 16) | (opts[c+5] << 24);
+        if (flags & TCP_SYN) {
+          pcb->ts_recent = ntohl(tsval);
+          pcb->flags |= TF_TIMESTAMP;
+        } else if (TCP_SEQ_BETWEEN(pcb->ts_lastacksent, seqno, seqno+tcplen)) {
+          pcb->ts_recent = ntohl(tsval);
+        }
+        /* Advance to next option */
+        c += 0x0A;
+        break;
+#endif
+      default:
+        LWIP_DEBUGF(TCP_INPUT_DEBUG, ("tcp_parseopt: other\n"));
+        if (opts[c + 1] == 0) {
+          LWIP_DEBUGF(TCP_INPUT_DEBUG, ("tcp_parseopt: bad length\n"));
+          /* If the length field is zero, the options are malformed
+             and we don't process them further. */
+          return;
+        }
+        /* All other options have a length field, so that we easily
+           can skip past them. */
+        c += opts[c + 1];
+      }
+    }
+  }
+}
+
+#endif /* LWIP_TCP */
diff --git a/client/3rd/PacketProcessor/PacketProcessor/tun2socks-iOS/lwip/src/core/tcp_out.c b/client/3rd/PacketProcessor/PacketProcessor/tun2socks-iOS/lwip/src/core/tcp_out.c
new file mode 100644
index 00000000..d6622178
--- /dev/null
+++ b/client/3rd/PacketProcessor/PacketProcessor/tun2socks-iOS/lwip/src/core/tcp_out.c
@@ -0,0 +1,1499 @@
+/**
+ * @file
+ * Transmission Control Protocol, outgoing traffic
+ *
+ * The output functions of TCP.
+ *
+ */
+
+/*
+ * Copyright (c) 2001-2004 Swedish Institute of Computer Science.
+ * All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without modification,
+ * are permitted provided that the following conditions are met:
+ *
+ * 1. Redistributions of source code must retain the above copyright notice,
+ *    this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright notice,
+ *    this list of conditions and the following disclaimer in the documentation
+ *    and/or other materials provided with the distribution.
+ * 3. The name of the author may not be used to endorse or promote products
+ *    derived from this software without specific prior written permission.
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE AUTHOR ``AS IS'' AND ANY EXPRESS OR IMPLIED
+ * WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF
+ * MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT
+ * SHALL THE AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL,
+ * EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT
+ * OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS
+ * INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN
+ * CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING
+ * IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY
+ * OF SUCH DAMAGE.
+ *
+ * This file is part of the lwIP TCP/IP stack.
+ *
+ * Author: Adam Dunkels <adam@sics.se>
+ *
+ */
+
+#include "lwip/opt.h"
+
+#if LWIP_TCP /* don't build if not configured for use in lwipopts.h */
+
+#include "lwip/tcp_impl.h"
+#include "lwip/def.h"
+#include "lwip/mem.h"
+#include "lwip/memp.h"
+#include "lwip/ip_addr.h"
+#include "lwip/netif.h"
+#include "lwip/inet_chksum.h"
+#include "lwip/stats.h"
+#include "lwip/snmp.h"
+#include "lwip/ip6.h"
+#include "lwip/ip6_addr.h"
+#include "lwip/inet_chksum.h"
+#if LWIP_TCP_TIMESTAMPS
+#include "lwip/sys.h"
+#endif
+
+#include <string.h>
+
+/* Define some copy-macros for checksum-on-copy so that the code looks
+   nicer by preventing too many ifdef's. */
+#if TCP_CHECKSUM_ON_COPY
+#define TCP_DATA_COPY(dst, src, len, seg) do { \
+  tcp_seg_add_chksum(LWIP_CHKSUM_COPY(dst, src, len), \
+                     len, &seg->chksum, &seg->chksum_swapped); \
+  seg->flags |= TF_SEG_DATA_CHECKSUMMED; } while(0)
+#define TCP_DATA_COPY2(dst, src, len, chksum, chksum_swapped)  \
+  tcp_seg_add_chksum(LWIP_CHKSUM_COPY(dst, src, len), len, chksum, chksum_swapped);
+#else /* TCP_CHECKSUM_ON_COPY*/
+#define TCP_DATA_COPY(dst, src, len, seg)                     MEMCPY(dst, src, len)
+#define TCP_DATA_COPY2(dst, src, len, chksum, chksum_swapped) MEMCPY(dst, src, len)
+#endif /* TCP_CHECKSUM_ON_COPY*/
+
+/** Define this to 1 for an extra check that the output checksum is valid
+ * (usefule when the checksum is generated by the application, not the stack) */
+#ifndef TCP_CHECKSUM_ON_COPY_SANITY_CHECK
+#define TCP_CHECKSUM_ON_COPY_SANITY_CHECK   0
+#endif
+
+/* Forward declarations.*/
+static void tcp_output_segment(struct tcp_seg *seg, struct tcp_pcb *pcb);
+
+/** Allocate a pbuf and create a tcphdr at p->payload, used for output
+ * functions other than the default tcp_output -> tcp_output_segment
+ * (e.g. tcp_send_empty_ack, etc.)
+ *
+ * @param pcb tcp pcb for which to send a packet (used to initialize tcp_hdr)
+ * @param optlen length of header-options
+ * @param datalen length of tcp data to reserve in pbuf
+ * @param seqno_be seqno in network byte order (big-endian)
+ * @return pbuf with p->payload being the tcp_hdr
+ */
+static struct pbuf *
+tcp_output_alloc_header(struct tcp_pcb *pcb, u16_t optlen, u16_t datalen,
+                      u32_t seqno_be /* already in network byte order */)
+{
+  struct tcp_hdr *tcphdr;
+  struct pbuf *p = pbuf_alloc(PBUF_IP, TCP_HLEN + optlen + datalen, PBUF_RAM);
+  if (p != NULL) {
+    LWIP_ASSERT("check that first pbuf can hold struct tcp_hdr",
+                 (p->len >= TCP_HLEN + optlen));
+    tcphdr = (struct tcp_hdr *)p->payload;
+    tcphdr->src = htons(pcb->local_port);
+    tcphdr->dest = htons(pcb->remote_port);
+    tcphdr->seqno = seqno_be;
+    tcphdr->ackno = htonl(pcb->rcv_nxt);
+    TCPH_HDRLEN_FLAGS_SET(tcphdr, (5 + optlen / 4), TCP_ACK);
+    tcphdr->wnd = htons(pcb->rcv_ann_wnd);
+    tcphdr->chksum = 0;
+    tcphdr->urgp = 0;
+
+    /* If we're sending a packet, update the announced right window edge */
+    pcb->rcv_ann_right_edge = pcb->rcv_nxt + pcb->rcv_ann_wnd;
+  }
+  return p;
+}
+
+/**
+ * Called by tcp_close() to send a segment including FIN flag but not data.
+ *
+ * @param pcb the tcp_pcb over which to send a segment
+ * @return ERR_OK if sent, another err_t otherwise
+ */
+err_t
+tcp_send_fin(struct tcp_pcb *pcb)
+{
+  /* first, try to add the fin to the last unsent segment */
+  if (pcb->unsent != NULL) {
+    struct tcp_seg *last_unsent;
+    for (last_unsent = pcb->unsent; last_unsent->next != NULL;
+         last_unsent = last_unsent->next);
+
+    if ((TCPH_FLAGS(last_unsent->tcphdr) & (TCP_SYN | TCP_FIN | TCP_RST)) == 0) {
+      /* no SYN/FIN/RST flag in the header, we can add the FIN flag */
+      TCPH_SET_FLAG(last_unsent->tcphdr, TCP_FIN);
+      pcb->flags |= TF_FIN;
+      return ERR_OK;
+    }
+  }
+  /* no data, no length, flags, copy=1, no optdata */
+  return tcp_enqueue_flags(pcb, TCP_FIN);
+}
+
+/**
+ * Create a TCP segment with prefilled header.
+ *
+ * Called by tcp_write and tcp_enqueue_flags.
+ *
+ * @param pcb Protocol control block for the TCP connection.
+ * @param p pbuf that is used to hold the TCP header.
+ * @param flags TCP flags for header.
+ * @param seqno TCP sequence number of this packet
+ * @param optflags options to include in TCP header
+ * @return a new tcp_seg pointing to p, or NULL.
+ * The TCP header is filled in except ackno and wnd.
+ * p is freed on failure.
+ */
+static struct tcp_seg *
+tcp_create_segment(struct tcp_pcb *pcb, struct pbuf *p, u8_t flags, u32_t seqno, u8_t optflags)
+{
+  struct tcp_seg *seg;
+  u8_t optlen = LWIP_TCP_OPT_LENGTH(optflags);
+
+  if ((seg = (struct tcp_seg *)memp_malloc(MEMP_TCP_SEG)) == NULL) {
+    LWIP_DEBUGF(TCP_OUTPUT_DEBUG | 2, ("tcp_create_segment: no memory.\n"));
+    pbuf_free(p);
+    return NULL;
+  }
+  seg->flags = optflags;
+  seg->next = NULL;
+  seg->p = p;
+  seg->len = p->tot_len - optlen;
+#if TCP_OVERSIZE_DBGCHECK
+  seg->oversize_left = 0;
+#endif /* TCP_OVERSIZE_DBGCHECK */
+#if TCP_CHECKSUM_ON_COPY
+  seg->chksum = 0;
+  seg->chksum_swapped = 0;
+  /* check optflags */
+  LWIP_ASSERT("invalid optflags passed: TF_SEG_DATA_CHECKSUMMED",
+              (optflags & TF_SEG_DATA_CHECKSUMMED) == 0);
+#endif /* TCP_CHECKSUM_ON_COPY */
+
+  /* build TCP header */
+  if (pbuf_header(p, TCP_HLEN)) {
+    LWIP_DEBUGF(TCP_OUTPUT_DEBUG | 2, ("tcp_create_segment: no room for TCP header in pbuf.\n"));
+    TCP_STATS_INC(tcp.err);
+    tcp_seg_free(seg);
+    return NULL;
+  }
+  seg->tcphdr = (struct tcp_hdr *)seg->p->payload;
+  seg->tcphdr->src = htons(pcb->local_port);
+  seg->tcphdr->dest = htons(pcb->remote_port);
+  seg->tcphdr->seqno = htonl(seqno);
+  /* ackno is set in tcp_output */
+  TCPH_HDRLEN_FLAGS_SET(seg->tcphdr, (5 + optlen / 4), flags);
+  /* wnd and chksum are set in tcp_output */
+  seg->tcphdr->urgp = 0;
+  return seg;
+} 
+
+/**
+ * Allocate a PBUF_RAM pbuf, perhaps with extra space at the end.
+ *
+ * This function is like pbuf_alloc(layer, length, PBUF_RAM) except
+ * there may be extra bytes available at the end.
+ *
+ * @param layer flag to define header size.
+ * @param length size of the pbuf's payload.
+ * @param max_length maximum usable size of payload+oversize.
+ * @param oversize pointer to a u16_t that will receive the number of usable tail bytes.
+ * @param pcb The TCP connection that willo enqueue the pbuf.
+ * @param apiflags API flags given to tcp_write.
+ * @param first_seg true when this pbuf will be used in the first enqueued segment.
+ * @param 
+ */
+#if TCP_OVERSIZE
+static struct pbuf *
+tcp_pbuf_prealloc(pbuf_layer layer, u16_t length, u16_t max_length,
+                  u16_t *oversize, struct tcp_pcb *pcb, u8_t apiflags,
+                  u8_t first_seg)
+{
+  struct pbuf *p;
+  u16_t alloc = length;
+
+#if LWIP_NETIF_TX_SINGLE_PBUF
+  LWIP_UNUSED_ARG(max_length);
+  LWIP_UNUSED_ARG(pcb);
+  LWIP_UNUSED_ARG(apiflags);
+  LWIP_UNUSED_ARG(first_seg);
+  /* always create MSS-sized pbufs */
+  alloc = max_length;
+#else /* LWIP_NETIF_TX_SINGLE_PBUF */
+  if (length < max_length) {
+    /* Should we allocate an oversized pbuf, or just the minimum
+     * length required? If tcp_write is going to be called again
+     * before this segment is transmitted, we want the oversized
+     * buffer. If the segment will be transmitted immediately, we can
+     * save memory by allocating only length. We use a simple
+     * heuristic based on the following information:
+     *
+     * Did the user set TCP_WRITE_FLAG_MORE?
+     *
+     * Will the Nagle algorithm defer transmission of this segment?
+     */
+    if ((apiflags & TCP_WRITE_FLAG_MORE) ||
+        (!(pcb->flags & TF_NODELAY) &&
+         (!first_seg ||
+          pcb->unsent != NULL ||
+          pcb->unacked != NULL))) {
+      alloc = LWIP_MIN(max_length, LWIP_MEM_ALIGN_SIZE(length + TCP_OVERSIZE));
+    }
+  }
+#endif /* LWIP_NETIF_TX_SINGLE_PBUF */
+  p = pbuf_alloc(layer, alloc, PBUF_RAM);
+  if (p == NULL) {
+    return NULL;
+  }
+  LWIP_ASSERT("need unchained pbuf", p->next == NULL);
+  *oversize = p->len - length;
+  /* trim p->len to the currently used size */
+  p->len = p->tot_len = length;
+  return p;
+}
+#else /* TCP_OVERSIZE */
+#define tcp_pbuf_prealloc(layer, length, mx, os, pcb, api, fst) pbuf_alloc((layer), (length), PBUF_RAM)
+#endif /* TCP_OVERSIZE */
+
+#if TCP_CHECKSUM_ON_COPY
+/** Add a checksum of newly added data to the segment */
+static void
+tcp_seg_add_chksum(u16_t chksum, u16_t len, u16_t *seg_chksum,
+                   u8_t *seg_chksum_swapped)
+{
+  u32_t helper;
+  /* add chksum to old chksum and fold to u16_t */
+  helper = chksum + *seg_chksum;
+  chksum = FOLD_U32T(helper);
+  if ((len & 1) != 0) {
+    *seg_chksum_swapped = 1 - *seg_chksum_swapped;
+    chksum = SWAP_BYTES_IN_WORD(chksum);
+  }
+  *seg_chksum = chksum;
+}
+#endif /* TCP_CHECKSUM_ON_COPY */
+
+/** Checks if tcp_write is allowed or not (checks state, snd_buf and snd_queuelen).
+ *
+ * @param pcb the tcp pcb to check for
+ * @param len length of data to send (checked agains snd_buf)
+ * @return ERR_OK if tcp_write is allowed to proceed, another err_t otherwise
+ */
+static err_t
+tcp_write_checks(struct tcp_pcb *pcb, u16_t len)
+{
+  /* connection is in invalid state for data transmission? */
+  if ((pcb->state != ESTABLISHED) &&
+      (pcb->state != CLOSE_WAIT) &&
+      (pcb->state != SYN_SENT) &&
+      (pcb->state != SYN_RCVD)) {
+    LWIP_DEBUGF(TCP_OUTPUT_DEBUG | LWIP_DBG_STATE | LWIP_DBG_LEVEL_SEVERE, ("tcp_write() called in invalid state\n"));
+    return ERR_CONN;
+  } else if (len == 0) {
+    return ERR_OK;
+  }
+
+  /* fail on too much data */
+  if (len > pcb->snd_buf) {
+    LWIP_DEBUGF(TCP_OUTPUT_DEBUG | 3, ("tcp_write: too much data (len=%"U16_F" > snd_buf=%"U16_F")\n",
+      len, pcb->snd_buf));
+    pcb->flags |= TF_NAGLEMEMERR;
+    return ERR_MEM;
+  }
+
+  LWIP_DEBUGF(TCP_QLEN_DEBUG, ("tcp_write: queuelen: %"U16_F"\n", (u16_t)pcb->snd_queuelen));
+
+  /* If total number of pbufs on the unsent/unacked queues exceeds the
+   * configured maximum, return an error */
+  /* check for configured max queuelen and possible overflow */
+  if ((pcb->snd_queuelen >= TCP_SND_QUEUELEN) || (pcb->snd_queuelen > TCP_SNDQUEUELEN_OVERFLOW)) {
+    LWIP_DEBUGF(TCP_OUTPUT_DEBUG | 3, ("tcp_write: too long queue %"U16_F" (max %"U16_F")\n",
+      pcb->snd_queuelen, TCP_SND_QUEUELEN));
+    TCP_STATS_INC(tcp.memerr);
+    pcb->flags |= TF_NAGLEMEMERR;
+    return ERR_MEM;
+  }
+  if (pcb->snd_queuelen != 0) {
+    LWIP_ASSERT("tcp_write: pbufs on queue => at least one queue non-empty",
+      pcb->unacked != NULL || pcb->unsent != NULL);
+  } else {
+    LWIP_ASSERT("tcp_write: no pbufs on queue => both queues empty",
+      pcb->unacked == NULL && pcb->unsent == NULL);
+  }
+  return ERR_OK;
+}
+
+/**
+ * Write data for sending (but does not send it immediately).
+ *
+ * It waits in the expectation of more data being sent soon (as
+ * it can send them more efficiently by combining them together).
+ * To prompt the system to send data now, call tcp_output() after
+ * calling tcp_write().
+ *
+ * @param pcb Protocol control block for the TCP connection to enqueue data for.
+ * @param arg Pointer to the data to be enqueued for sending.
+ * @param len Data length in bytes
+ * @param apiflags combination of following flags :
+ * - TCP_WRITE_FLAG_COPY (0x01) data will be copied into memory belonging to the stack
+ * - TCP_WRITE_FLAG_MORE (0x02) for TCP connection, PSH flag will be set on last segment sent,
+ * @return ERR_OK if enqueued, another err_t on error
+ */
+err_t
+tcp_write(struct tcp_pcb *pcb, const void *arg, u16_t len, u8_t apiflags)
+{
+  struct pbuf *concat_p = NULL;
+  struct tcp_seg *last_unsent = NULL, *seg = NULL, *prev_seg = NULL, *queue = NULL;
+  u16_t pos = 0; /* position in 'arg' data */
+  u16_t queuelen;
+  u8_t optlen = 0;
+  u8_t optflags = 0;
+#if TCP_OVERSIZE
+  u16_t oversize = 0;
+  u16_t oversize_used = 0;
+#endif /* TCP_OVERSIZE */
+#if TCP_CHECKSUM_ON_COPY
+  u16_t concat_chksum = 0;
+  u8_t concat_chksum_swapped = 0;
+  u16_t concat_chksummed = 0;
+#endif /* TCP_CHECKSUM_ON_COPY */
+  err_t err;
+  /* don't allocate segments bigger than half the maximum window we ever received */
+  u16_t mss_local = LWIP_MIN(pcb->mss, pcb->snd_wnd_max/2);
+
+#if LWIP_NETIF_TX_SINGLE_PBUF
+  /* Always copy to try to create single pbufs for TX */
+  apiflags |= TCP_WRITE_FLAG_COPY;
+#endif /* LWIP_NETIF_TX_SINGLE_PBUF */
+
+  LWIP_DEBUGF(TCP_OUTPUT_DEBUG, ("tcp_write(pcb=%p, data=%p, len=%"U16_F", apiflags=%"U16_F")\n",
+    (void *)pcb, arg, len, (u16_t)apiflags));
+  LWIP_ERROR("tcp_write: arg == NULL (programmer violates API)", 
+             arg != NULL, return ERR_ARG;);
+
+  err = tcp_write_checks(pcb, len);
+  if (err != ERR_OK) {
+    return err;
+  }
+  queuelen = pcb->snd_queuelen;
+
+#if LWIP_TCP_TIMESTAMPS
+  if ((pcb->flags & TF_TIMESTAMP)) {
+    optflags = TF_SEG_OPTS_TS;
+    optlen = LWIP_TCP_OPT_LENGTH(TF_SEG_OPTS_TS);
+  }
+#endif /* LWIP_TCP_TIMESTAMPS */
+
+
+  /*
+   * TCP segmentation is done in three phases with increasing complexity:
+   *
+   * 1. Copy data directly into an oversized pbuf.
+   * 2. Chain a new pbuf to the end of pcb->unsent.
+   * 3. Create new segments.
+   *
+   * We may run out of memory at any point. In that case we must
+   * return ERR_MEM and not change anything in pcb. Therefore, all
+   * changes are recorded in local variables and committed at the end
+   * of the function. Some pcb fields are maintained in local copies:
+   *
+   * queuelen = pcb->snd_queuelen
+   * oversize = pcb->unsent_oversize
+   *
+   * These variables are set consistently by the phases:
+   *
+   * seg points to the last segment tampered with.
+   *
+   * pos records progress as data is segmented.
+   */
+
+  /* Find the tail of the unsent queue. */
+  if (pcb->unsent != NULL) {
+    u16_t space;
+    u16_t unsent_optlen;
+
+    /* @todo: this could be sped up by keeping last_unsent in the pcb */
+    for (last_unsent = pcb->unsent; last_unsent->next != NULL;
+         last_unsent = last_unsent->next);
+
+    /* Usable space at the end of the last unsent segment */
+    unsent_optlen = LWIP_TCP_OPT_LENGTH(last_unsent->flags);
+    space = mss_local - (last_unsent->len + unsent_optlen);
+
+    /*
+     * Phase 1: Copy data directly into an oversized pbuf.
+     *
+     * The number of bytes copied is recorded in the oversize_used
+     * variable. The actual copying is done at the bottom of the
+     * function.
+     */
+#if TCP_OVERSIZE
+#if TCP_OVERSIZE_DBGCHECK
+    /* check that pcb->unsent_oversize matches last_unsent->unsent_oversize */
+    LWIP_ASSERT("unsent_oversize mismatch (pcb vs. last_unsent)",
+                pcb->unsent_oversize == last_unsent->oversize_left);
+#endif /* TCP_OVERSIZE_DBGCHECK */
+    oversize = pcb->unsent_oversize;
+    if (oversize > 0) {
+      LWIP_ASSERT("inconsistent oversize vs. space", oversize_used <= space);
+      seg = last_unsent;
+      oversize_used = oversize < len ? oversize : len;
+      pos += oversize_used;
+      oversize -= oversize_used;
+      space -= oversize_used;
+    }
+    /* now we are either finished or oversize is zero */
+    LWIP_ASSERT("inconsistend oversize vs. len", (oversize == 0) || (pos == len));
+#endif /* TCP_OVERSIZE */
+
+    /*
+     * Phase 2: Chain a new pbuf to the end of pcb->unsent.
+     *
+     * We don't extend segments containing SYN/FIN flags or options
+     * (len==0). The new pbuf is kept in concat_p and pbuf_cat'ed at
+     * the end.
+     */
+    if ((pos < len) && (space > 0) && (last_unsent->len > 0)) {
+      u16_t seglen = space < len - pos ? space : len - pos;
+      seg = last_unsent;
+
+      /* Create a pbuf with a copy or reference to seglen bytes. We
+       * can use PBUF_RAW here since the data appears in the middle of
+       * a segment. A header will never be prepended. */
+      if (apiflags & TCP_WRITE_FLAG_COPY) {
+        /* Data is copied */
+        if ((concat_p = tcp_pbuf_prealloc(PBUF_RAW, seglen, space, &oversize, pcb, apiflags, 1)) == NULL) {
+          LWIP_DEBUGF(TCP_OUTPUT_DEBUG | 2,
+                      ("tcp_write : could not allocate memory for pbuf copy size %"U16_F"\n",
+                       seglen));
+          goto memerr;
+        }
+#if TCP_OVERSIZE_DBGCHECK
+        last_unsent->oversize_left += oversize;
+#endif /* TCP_OVERSIZE_DBGCHECK */
+        TCP_DATA_COPY2(concat_p->payload, (u8_t*)arg + pos, seglen, &concat_chksum, &concat_chksum_swapped);
+#if TCP_CHECKSUM_ON_COPY
+        concat_chksummed += seglen;
+#endif /* TCP_CHECKSUM_ON_COPY */
+      } else {
+        /* Data is not copied */
+        if ((concat_p = pbuf_alloc(PBUF_RAW, seglen, PBUF_ROM)) == NULL) {
+          LWIP_DEBUGF(TCP_OUTPUT_DEBUG | 2,
+                      ("tcp_write: could not allocate memory for zero-copy pbuf\n"));
+          goto memerr;
+        }
+#if TCP_CHECKSUM_ON_COPY
+        /* calculate the checksum of nocopy-data */
+        tcp_seg_add_chksum(~inet_chksum((u8_t*)arg + pos, seglen), seglen,
+          &concat_chksum, &concat_chksum_swapped);
+        concat_chksummed += seglen;
+#endif /* TCP_CHECKSUM_ON_COPY */
+        /* reference the non-volatile payload data */
+        concat_p->payload = (u8_t*)arg + pos;
+      }
+
+      pos += seglen;
+      queuelen += pbuf_clen(concat_p);
+    }
+  } else {
+#if TCP_OVERSIZE
+    LWIP_ASSERT("unsent_oversize mismatch (pcb->unsent is NULL)",
+                pcb->unsent_oversize == 0);
+#endif /* TCP_OVERSIZE */
+  }
+
+  /*
+   * Phase 3: Create new segments.
+   *
+   * The new segments are chained together in the local 'queue'
+   * variable, ready to be appended to pcb->unsent.
+   */
+  while (pos < len) {
+    struct pbuf *p;
+    u16_t left = len - pos;
+    u16_t max_len = mss_local - optlen;
+    u16_t seglen = left > max_len ? max_len : left;
+#if TCP_CHECKSUM_ON_COPY
+    u16_t chksum = 0;
+    u8_t chksum_swapped = 0;
+#endif /* TCP_CHECKSUM_ON_COPY */
+
+    if (apiflags & TCP_WRITE_FLAG_COPY) {
+      /* If copy is set, memory should be allocated and data copied
+       * into pbuf */
+      if ((p = tcp_pbuf_prealloc(PBUF_TRANSPORT, seglen + optlen, mss_local, &oversize, pcb, apiflags, queue == NULL)) == NULL) {
+        LWIP_DEBUGF(TCP_OUTPUT_DEBUG | 2, ("tcp_write : could not allocate memory for pbuf copy size %"U16_F"\n", seglen));
+        goto memerr;
+      }
+      LWIP_ASSERT("tcp_write: check that first pbuf can hold the complete seglen",
+                  (p->len >= seglen));
+      TCP_DATA_COPY2((char *)p->payload + optlen, (u8_t*)arg + pos, seglen, &chksum, &chksum_swapped);
+    } else {
+      /* Copy is not set: First allocate a pbuf for holding the data.
+       * Since the referenced data is available at least until it is
+       * sent out on the link (as it has to be ACKed by the remote
+       * party) we can safely use PBUF_ROM instead of PBUF_REF here.
+       */
+      struct pbuf *p2;
+#if TCP_OVERSIZE
+      LWIP_ASSERT("oversize == 0", oversize == 0);
+#endif /* TCP_OVERSIZE */
+      if ((p2 = pbuf_alloc(PBUF_TRANSPORT, seglen, PBUF_ROM)) == NULL) {
+        LWIP_DEBUGF(TCP_OUTPUT_DEBUG | 2, ("tcp_write: could not allocate memory for zero-copy pbuf\n"));
+        goto memerr;
+      }
+#if TCP_CHECKSUM_ON_COPY
+      /* calculate the checksum of nocopy-data */
+      chksum = ~inet_chksum((u8_t*)arg + pos, seglen);
+#endif /* TCP_CHECKSUM_ON_COPY */
+      /* reference the non-volatile payload data */
+      p2->payload = (u8_t*)arg + pos;
+
+      /* Second, allocate a pbuf for the headers. */
+      if ((p = pbuf_alloc(PBUF_TRANSPORT, optlen, PBUF_RAM)) == NULL) {
+        /* If allocation fails, we have to deallocate the data pbuf as
+         * well. */
+        pbuf_free(p2);
+        LWIP_DEBUGF(TCP_OUTPUT_DEBUG | 2, ("tcp_write: could not allocate memory for header pbuf\n"));
+        goto memerr;
+      }
+      /* Concatenate the headers and data pbufs together. */
+      pbuf_cat(p/*header*/, p2/*data*/);
+    }
+
+    queuelen += pbuf_clen(p);
+
+    /* Now that there are more segments queued, we check again if the
+     * length of the queue exceeds the configured maximum or
+     * overflows. */
+    if ((queuelen > TCP_SND_QUEUELEN) || (queuelen > TCP_SNDQUEUELEN_OVERFLOW)) {
+      LWIP_DEBUGF(TCP_OUTPUT_DEBUG | 2, ("tcp_write: queue too long %"U16_F" (%"U16_F")\n", queuelen, TCP_SND_QUEUELEN));
+      pbuf_free(p);
+      goto memerr;
+    }
+
+    if ((seg = tcp_create_segment(pcb, p, 0, pcb->snd_lbb + pos, optflags)) == NULL) {
+      goto memerr;
+    }
+#if TCP_OVERSIZE_DBGCHECK
+    seg->oversize_left = oversize;
+#endif /* TCP_OVERSIZE_DBGCHECK */
+#if TCP_CHECKSUM_ON_COPY
+    seg->chksum = chksum;
+    seg->chksum_swapped = chksum_swapped;
+    seg->flags |= TF_SEG_DATA_CHECKSUMMED;
+#endif /* TCP_CHECKSUM_ON_COPY */
+
+    /* first segment of to-be-queued data? */
+    if (queue == NULL) {
+      queue = seg;
+    } else {
+      /* Attach the segment to the end of the queued segments */
+      LWIP_ASSERT("prev_seg != NULL", prev_seg != NULL);
+      prev_seg->next = seg;
+    }
+    /* remember last segment of to-be-queued data for next iteration */
+    prev_seg = seg;
+
+    LWIP_DEBUGF(TCP_OUTPUT_DEBUG | LWIP_DBG_TRACE, ("tcp_write: queueing %"U32_F":%"U32_F"\n",
+      ntohl(seg->tcphdr->seqno),
+      ntohl(seg->tcphdr->seqno) + TCP_TCPLEN(seg)));
+
+    pos += seglen;
+  }
+
+  /*
+   * All three segmentation phases were successful. We can commit the
+   * transaction.
+   */
+
+  /*
+   * Phase 1: If data has been added to the preallocated tail of
+   * last_unsent, we update the length fields of the pbuf chain.
+   */
+#if TCP_OVERSIZE
+  if (oversize_used > 0) {
+    struct pbuf *p;
+    /* Bump tot_len of whole chain, len of tail */
+    for (p = last_unsent->p; p; p = p->next) {
+      p->tot_len += oversize_used;
+      if (p->next == NULL) {
+        TCP_DATA_COPY((char *)p->payload + p->len, arg, oversize_used, last_unsent);
+        p->len += oversize_used;
+      }
+    }
+    last_unsent->len += oversize_used;
+#if TCP_OVERSIZE_DBGCHECK
+    LWIP_ASSERT("last_unsent->oversize_left >= oversize_used",
+                last_unsent->oversize_left >= oversize_used);
+    last_unsent->oversize_left -= oversize_used;
+#endif /* TCP_OVERSIZE_DBGCHECK */
+  }
+  pcb->unsent_oversize = oversize;
+#endif /* TCP_OVERSIZE */
+
+  /*
+   * Phase 2: concat_p can be concatenated onto last_unsent->p
+   */
+  if (concat_p != NULL) {
+    LWIP_ASSERT("tcp_write: cannot concatenate when pcb->unsent is empty",
+      (last_unsent != NULL));
+    pbuf_cat(last_unsent->p, concat_p);
+    last_unsent->len += concat_p->tot_len;
+#if TCP_CHECKSUM_ON_COPY
+    if (concat_chksummed) {
+      tcp_seg_add_chksum(concat_chksum, concat_chksummed, &last_unsent->chksum,
+        &last_unsent->chksum_swapped);
+      last_unsent->flags |= TF_SEG_DATA_CHECKSUMMED;
+    }
+#endif /* TCP_CHECKSUM_ON_COPY */
+  }
+
+  /*
+   * Phase 3: Append queue to pcb->unsent. Queue may be NULL, but that
+   * is harmless
+   */
+  if (last_unsent == NULL) {
+    pcb->unsent = queue;
+  } else {
+    last_unsent->next = queue;
+  }
+
+  /*
+   * Finally update the pcb state.
+   */
+  pcb->snd_lbb += len;
+  pcb->snd_buf -= len;
+  pcb->snd_queuelen = queuelen;
+
+  LWIP_DEBUGF(TCP_QLEN_DEBUG, ("tcp_write: %"S16_F" (after enqueued)\n",
+    pcb->snd_queuelen));
+  if (pcb->snd_queuelen != 0) {
+    LWIP_ASSERT("tcp_write: valid queue length",
+                pcb->unacked != NULL || pcb->unsent != NULL);
+  }
+
+  /* Set the PSH flag in the last segment that we enqueued. */
+  if (seg != NULL && seg->tcphdr != NULL && ((apiflags & TCP_WRITE_FLAG_MORE)==0)) {
+    TCPH_SET_FLAG(seg->tcphdr, TCP_PSH);
+  }
+
+  return ERR_OK;
+memerr:
+  pcb->flags |= TF_NAGLEMEMERR;
+  TCP_STATS_INC(tcp.memerr);
+
+  if (concat_p != NULL) {
+    pbuf_free(concat_p);
+  }
+  if (queue != NULL) {
+    tcp_segs_free(queue);
+  }
+  if (pcb->snd_queuelen != 0) {
+    LWIP_ASSERT("tcp_write: valid queue length", pcb->unacked != NULL ||
+      pcb->unsent != NULL);
+  }
+  LWIP_DEBUGF(TCP_QLEN_DEBUG | LWIP_DBG_STATE, ("tcp_write: %"S16_F" (with mem err)\n", pcb->snd_queuelen));
+  return ERR_MEM;
+}
+
+/**
+ * Enqueue TCP options for transmission.
+ *
+ * Called by tcp_connect(), tcp_listen_input(), and tcp_send_ctrl().
+ *
+ * @param pcb Protocol control block for the TCP connection.
+ * @param flags TCP header flags to set in the outgoing segment.
+ * @param optdata pointer to TCP options, or NULL.
+ * @param optlen length of TCP options in bytes.
+ */
+err_t
+tcp_enqueue_flags(struct tcp_pcb *pcb, u8_t flags)
+{
+  struct pbuf *p;
+  struct tcp_seg *seg;
+  u8_t optflags = 0;
+  u8_t optlen = 0;
+
+  LWIP_DEBUGF(TCP_QLEN_DEBUG, ("tcp_enqueue_flags: queuelen: %"U16_F"\n", (u16_t)pcb->snd_queuelen));
+
+  LWIP_ASSERT("tcp_enqueue_flags: need either TCP_SYN or TCP_FIN in flags (programmer violates API)",
+              (flags & (TCP_SYN | TCP_FIN)) != 0);
+
+  /* check for configured max queuelen and possible overflow */
+  if ((pcb->snd_queuelen >= TCP_SND_QUEUELEN) || (pcb->snd_queuelen > TCP_SNDQUEUELEN_OVERFLOW)) {
+    LWIP_DEBUGF(TCP_OUTPUT_DEBUG | 3, ("tcp_enqueue_flags: too long queue %"U16_F" (max %"U16_F")\n",
+                                       pcb->snd_queuelen, TCP_SND_QUEUELEN));
+    TCP_STATS_INC(tcp.memerr);
+    pcb->flags |= TF_NAGLEMEMERR;
+    return ERR_MEM;
+  }
+
+  if (flags & TCP_SYN) {
+    optflags = TF_SEG_OPTS_MSS;
+  }
+#if LWIP_TCP_TIMESTAMPS
+  if ((pcb->flags & TF_TIMESTAMP)) {
+    optflags |= TF_SEG_OPTS_TS;
+  }
+#endif /* LWIP_TCP_TIMESTAMPS */
+  optlen = LWIP_TCP_OPT_LENGTH(optflags);
+
+  /* tcp_enqueue_flags is always called with either SYN or FIN in flags.
+   * We need one available snd_buf byte to do that.
+   * This means we can't send FIN while snd_buf==0. A better fix would be to
+   * not include SYN and FIN sequence numbers in the snd_buf count. */
+  if (pcb->snd_buf == 0) {
+    LWIP_DEBUGF(TCP_OUTPUT_DEBUG | 3, ("tcp_enqueue_flags: no send buffer available\n"));
+    TCP_STATS_INC(tcp.memerr);
+    return ERR_MEM;
+  }
+
+  /* Allocate pbuf with room for TCP header + options */
+  if ((p = pbuf_alloc(PBUF_TRANSPORT, optlen, PBUF_RAM)) == NULL) {
+    pcb->flags |= TF_NAGLEMEMERR;
+    TCP_STATS_INC(tcp.memerr);
+    return ERR_MEM;
+  }
+  LWIP_ASSERT("tcp_enqueue_flags: check that first pbuf can hold optlen",
+              (p->len >= optlen));
+
+  /* Allocate memory for tcp_seg, and fill in fields. */
+  if ((seg = tcp_create_segment(pcb, p, flags, pcb->snd_lbb, optflags)) == NULL) {
+    pcb->flags |= TF_NAGLEMEMERR;
+    TCP_STATS_INC(tcp.memerr);
+    return ERR_MEM;
+  }
+  LWIP_ASSERT("seg->tcphdr not aligned", ((mem_ptr_t)seg->tcphdr % MEM_ALIGNMENT) == 0);
+  LWIP_ASSERT("tcp_enqueue_flags: invalid segment length", seg->len == 0);
+
+  LWIP_DEBUGF(TCP_OUTPUT_DEBUG | LWIP_DBG_TRACE,
+              ("tcp_enqueue_flags: queueing %"U32_F":%"U32_F" (0x%"X16_F")\n",
+               ntohl(seg->tcphdr->seqno),
+               ntohl(seg->tcphdr->seqno) + TCP_TCPLEN(seg),
+               (u16_t)flags));
+
+  /* Now append seg to pcb->unsent queue */
+  if (pcb->unsent == NULL) {
+    pcb->unsent = seg;
+  } else {
+    struct tcp_seg *useg;
+    for (useg = pcb->unsent; useg->next != NULL; useg = useg->next);
+    useg->next = seg;
+  }
+#if TCP_OVERSIZE
+  /* The new unsent tail has no space */
+  pcb->unsent_oversize = 0;
+#endif /* TCP_OVERSIZE */
+
+  /* SYN and FIN bump the sequence number */
+  if ((flags & TCP_SYN) || (flags & TCP_FIN)) {
+    pcb->snd_lbb++;
+    /* optlen does not influence snd_buf */
+    pcb->snd_buf--;
+  }
+  if (flags & TCP_FIN) {
+    pcb->flags |= TF_FIN;
+  }
+
+  /* update number of segments on the queues */
+  pcb->snd_queuelen += pbuf_clen(seg->p);
+  LWIP_DEBUGF(TCP_QLEN_DEBUG, ("tcp_enqueue_flags: %"S16_F" (after enqueued)\n", pcb->snd_queuelen));
+  if (pcb->snd_queuelen != 0) {
+    LWIP_ASSERT("tcp_enqueue_flags: invalid queue length",
+      pcb->unacked != NULL || pcb->unsent != NULL);
+  }
+
+  return ERR_OK;
+}
+
+#if LWIP_TCP_TIMESTAMPS
+/* Build a timestamp option (12 bytes long) at the specified options pointer)
+ *
+ * @param pcb tcp_pcb
+ * @param opts option pointer where to store the timestamp option
+ */
+static void
+tcp_build_timestamp_option(struct tcp_pcb *pcb, u32_t *opts)
+{
+  /* Pad with two NOP options to make everything nicely aligned */
+  opts[0] = PP_HTONL(0x0101080A);
+  opts[1] = htonl(sys_now());
+  opts[2] = htonl(pcb->ts_recent);
+}
+#endif
+
+/** Send an ACK without data.
+ *
+ * @param pcb Protocol control block for the TCP connection to send the ACK
+ */
+err_t
+tcp_send_empty_ack(struct tcp_pcb *pcb)
+{
+  struct pbuf *p;
+  u8_t optlen = 0;
+#if LWIP_TCP_TIMESTAMPS || CHECKSUM_GEN_TCP
+  struct tcp_hdr *tcphdr;
+#endif /* LWIP_TCP_TIMESTAMPS || CHECKSUM_GEN_TCP */
+
+#if LWIP_TCP_TIMESTAMPS
+  if (pcb->flags & TF_TIMESTAMP) {
+    optlen = LWIP_TCP_OPT_LENGTH(TF_SEG_OPTS_TS);
+  }
+#endif
+
+  p = tcp_output_alloc_header(pcb, optlen, 0, htonl(pcb->snd_nxt));
+  if (p == NULL) {
+    LWIP_DEBUGF(TCP_OUTPUT_DEBUG, ("tcp_output: (ACK) could not allocate pbuf\n"));
+    return ERR_BUF;
+  }
+#if LWIP_TCP_TIMESTAMPS || CHECKSUM_GEN_TCP
+  tcphdr = (struct tcp_hdr *)p->payload;
+#endif /* LWIP_TCP_TIMESTAMPS || CHECKSUM_GEN_TCP */
+  LWIP_DEBUGF(TCP_OUTPUT_DEBUG, 
+              ("tcp_output: sending ACK for %"U32_F"\n", pcb->rcv_nxt));
+  /* remove ACK flags from the PCB, as we send an empty ACK now */
+  pcb->flags &= ~(TF_ACK_DELAY | TF_ACK_NOW);
+
+  /* NB. MSS option is only sent on SYNs, so ignore it here */
+#if LWIP_TCP_TIMESTAMPS
+  pcb->ts_lastacksent = pcb->rcv_nxt;
+
+  if (pcb->flags & TF_TIMESTAMP) {
+    tcp_build_timestamp_option(pcb, (u32_t *)(tcphdr + 1));
+  }
+#endif 
+
+#if CHECKSUM_GEN_TCP
+  tcphdr->chksum = ipX_chksum_pseudo(PCB_ISIPV6(pcb), p, IP_PROTO_TCP, p->tot_len,
+    &pcb->local_ip, &pcb->remote_ip);
+#endif
+#if LWIP_NETIF_HWADDRHINT
+  ipX_output_hinted(PCB_ISIPV6(pcb), p, &pcb->local_ip, &pcb->remote_ip, pcb->ttl, pcb->tos,
+      IP_PROTO_TCP, &pcb->addr_hint);
+#else /* LWIP_NETIF_HWADDRHINT*/
+  ipX_output(PCB_ISIPV6(pcb), p, &pcb->local_ip, &pcb->remote_ip, pcb->ttl, pcb->tos,
+      IP_PROTO_TCP);
+#endif /* LWIP_NETIF_HWADDRHINT*/
+  pbuf_free(p);
+
+  return ERR_OK;
+}
+
+/**
+ * Find out what we can send and send it
+ *
+ * @param pcb Protocol control block for the TCP connection to send data
+ * @return ERR_OK if data has been sent or nothing to send
+ *         another err_t on error
+ */
+err_t
+tcp_output(struct tcp_pcb *pcb)
+{
+  struct tcp_seg *seg, *useg;
+  u32_t wnd, snd_nxt;
+#if TCP_CWND_DEBUG
+  s16_t i = 0;
+#endif /* TCP_CWND_DEBUG */
+
+  /* pcb->state LISTEN not allowed here */
+  LWIP_ASSERT("don't call tcp_output for listen-pcbs",
+    pcb->state != LISTEN);
+
+  /* First, check if we are invoked by the TCP input processing
+     code. If so, we do not output anything. Instead, we rely on the
+     input processing code to call us when input processing is done
+     with. */
+  if (tcp_input_pcb == pcb) {
+    return ERR_OK;
+  }
+
+  wnd = LWIP_MIN(pcb->snd_wnd, pcb->cwnd);
+
+  seg = pcb->unsent;
+
+  /* If the TF_ACK_NOW flag is set and no data will be sent (either
+   * because the ->unsent queue is empty or because the window does
+   * not allow it), construct an empty ACK segment and send it.
+   *
+   * If data is to be sent, we will just piggyback the ACK (see below).
+   */
+  if (pcb->flags & TF_ACK_NOW &&
+     (seg == NULL ||
+      ntohl(seg->tcphdr->seqno) - pcb->lastack + seg->len > wnd)) {
+     return tcp_send_empty_ack(pcb);
+  }
+
+  /* useg should point to last segment on unacked queue */
+  useg = pcb->unacked;
+  if (useg != NULL) {
+    for (; useg->next != NULL; useg = useg->next);
+  }
+
+#if TCP_OUTPUT_DEBUG
+  if (seg == NULL) {
+    LWIP_DEBUGF(TCP_OUTPUT_DEBUG, ("tcp_output: nothing to send (%p)\n",
+                                   (void*)pcb->unsent));
+  }
+#endif /* TCP_OUTPUT_DEBUG */
+#if TCP_CWND_DEBUG
+  if (seg == NULL) {
+    LWIP_DEBUGF(TCP_CWND_DEBUG, ("tcp_output: snd_wnd %"U16_F
+                                 ", cwnd %"U16_F", wnd %"U32_F
+                                 ", seg == NULL, ack %"U32_F"\n",
+                                 pcb->snd_wnd, pcb->cwnd, wnd, pcb->lastack));
+  } else {
+    LWIP_DEBUGF(TCP_CWND_DEBUG, 
+                ("tcp_output: snd_wnd %"U16_F", cwnd %"U16_F", wnd %"U32_F
+                 ", effwnd %"U32_F", seq %"U32_F", ack %"U32_F"\n",
+                 pcb->snd_wnd, pcb->cwnd, wnd,
+                 ntohl(seg->tcphdr->seqno) - pcb->lastack + seg->len,
+                 ntohl(seg->tcphdr->seqno), pcb->lastack));
+  }
+#endif /* TCP_CWND_DEBUG */
+  /* data available and window allows it to be sent? */
+  while (seg != NULL &&
+         ntohl(seg->tcphdr->seqno) - pcb->lastack + seg->len <= wnd) {
+    LWIP_ASSERT("RST not expected here!", 
+                (TCPH_FLAGS(seg->tcphdr) & TCP_RST) == 0);
+    /* Stop sending if the nagle algorithm would prevent it
+     * Don't stop:
+     * - if tcp_write had a memory error before (prevent delayed ACK timeout) or
+     * - if FIN was already enqueued for this PCB (SYN is always alone in a segment -
+     *   either seg->next != NULL or pcb->unacked == NULL;
+     *   RST is no sent using tcp_write/tcp_output.
+     */
+    if((tcp_do_output_nagle(pcb) == 0) &&
+      ((pcb->flags & (TF_NAGLEMEMERR | TF_FIN)) == 0)){
+      break;
+    }
+#if TCP_CWND_DEBUG
+    LWIP_DEBUGF(TCP_CWND_DEBUG, ("tcp_output: snd_wnd %"U16_F", cwnd %"U16_F", wnd %"U32_F", effwnd %"U32_F", seq %"U32_F", ack %"U32_F", i %"S16_F"\n",
+                            pcb->snd_wnd, pcb->cwnd, wnd,
+                            ntohl(seg->tcphdr->seqno) + seg->len -
+                            pcb->lastack,
+                            ntohl(seg->tcphdr->seqno), pcb->lastack, i));
+    ++i;
+#endif /* TCP_CWND_DEBUG */
+
+    pcb->unsent = seg->next;
+
+    if (pcb->state != SYN_SENT) {
+      TCPH_SET_FLAG(seg->tcphdr, TCP_ACK);
+      pcb->flags &= ~(TF_ACK_DELAY | TF_ACK_NOW);
+    }
+
+#if TCP_OVERSIZE_DBGCHECK
+    seg->oversize_left = 0;
+#endif /* TCP_OVERSIZE_DBGCHECK */
+    tcp_output_segment(seg, pcb);
+    snd_nxt = ntohl(seg->tcphdr->seqno) + TCP_TCPLEN(seg);
+    if (TCP_SEQ_LT(pcb->snd_nxt, snd_nxt)) {
+      pcb->snd_nxt = snd_nxt;
+    }
+    /* put segment on unacknowledged list if length > 0 */
+    if (TCP_TCPLEN(seg) > 0) {
+      seg->next = NULL;
+      /* unacked list is empty? */
+      if (pcb->unacked == NULL) {
+        pcb->unacked = seg;
+        useg = seg;
+      /* unacked list is not empty? */
+      } else {
+        /* In the case of fast retransmit, the packet should not go to the tail
+         * of the unacked queue, but rather somewhere before it. We need to check for
+         * this case. -STJ Jul 27, 2004 */
+        if (TCP_SEQ_LT(ntohl(seg->tcphdr->seqno), ntohl(useg->tcphdr->seqno))) {
+          /* add segment to before tail of unacked list, keeping the list sorted */
+          struct tcp_seg **cur_seg = &(pcb->unacked);
+          while (*cur_seg &&
+            TCP_SEQ_LT(ntohl((*cur_seg)->tcphdr->seqno), ntohl(seg->tcphdr->seqno))) {
+              cur_seg = &((*cur_seg)->next );
+          }
+          seg->next = (*cur_seg);
+          (*cur_seg) = seg;
+        } else {
+          /* add segment to tail of unacked list */
+          useg->next = seg;
+          useg = useg->next;
+        }
+      }
+    /* do not queue empty segments on the unacked list */
+    } else {
+      tcp_seg_free(seg);
+    }
+    seg = pcb->unsent;
+  }
+#if TCP_OVERSIZE
+  if (pcb->unsent == NULL) {
+    /* last unsent has been removed, reset unsent_oversize */
+    pcb->unsent_oversize = 0;
+  }
+#endif /* TCP_OVERSIZE */
+
+  pcb->flags &= ~TF_NAGLEMEMERR;
+  return ERR_OK;
+}
+
+/**
+ * Called by tcp_output() to actually send a TCP segment over IP.
+ *
+ * @param seg the tcp_seg to send
+ * @param pcb the tcp_pcb for the TCP connection used to send the segment
+ */
+static void
+tcp_output_segment(struct tcp_seg *seg, struct tcp_pcb *pcb)
+{
+  u16_t len;
+  u32_t *opts;
+
+  /** @bug Exclude retransmitted segments from this count. */
+  snmp_inc_tcpoutsegs();
+
+  /* The TCP header has already been constructed, but the ackno and
+   wnd fields remain. */
+  seg->tcphdr->ackno = htonl(pcb->rcv_nxt);
+
+  /* advertise our receive window size in this TCP segment */
+  seg->tcphdr->wnd = htons(pcb->rcv_ann_wnd);
+
+  pcb->rcv_ann_right_edge = pcb->rcv_nxt + pcb->rcv_ann_wnd;
+
+  /* Add any requested options.  NB MSS option is only set on SYN
+     packets, so ignore it here */
+  opts = (u32_t *)(void *)(seg->tcphdr + 1);
+  if (seg->flags & TF_SEG_OPTS_MSS) {
+    u16_t mss;
+#if TCP_CALCULATE_EFF_SEND_MSS
+    mss = tcp_eff_send_mss(TCP_MSS, &pcb->local_ip, &pcb->remote_ip, PCB_ISIPV6(pcb));
+#else /* TCP_CALCULATE_EFF_SEND_MSS */
+    mss = TCP_MSS;
+#endif /* TCP_CALCULATE_EFF_SEND_MSS */
+    *opts = TCP_BUILD_MSS_OPTION(mss);
+    opts += 1;
+  }
+#if LWIP_TCP_TIMESTAMPS
+  pcb->ts_lastacksent = pcb->rcv_nxt;
+
+  if (seg->flags & TF_SEG_OPTS_TS) {
+    tcp_build_timestamp_option(pcb, opts);
+    opts += 3;
+  }
+#endif
+
+  /* Set retransmission timer running if it is not currently enabled 
+     This must be set before checking the route. */
+  if (pcb->rtime == -1) {
+    pcb->rtime = 0;
+  }
+
+  /* If we don't have a local IP address, we get one by
+     calling ip_route(). */
+  if (ipX_addr_isany(PCB_ISIPV6(pcb), &pcb->local_ip)) {
+    struct netif *netif;
+    ipX_addr_t *local_ip;
+    ipX_route_get_local_ipX(PCB_ISIPV6(pcb), &pcb->local_ip, &pcb->remote_ip, netif, local_ip);
+    if ((netif == NULL) || (local_ip == NULL)) {
+      return;
+    }
+    ipX_addr_copy(PCB_ISIPV6(pcb), pcb->local_ip, *local_ip);
+  }
+
+  if (pcb->rttest == 0) {
+    pcb->rttest = tcp_ticks;
+    pcb->rtseq = ntohl(seg->tcphdr->seqno);
+
+    LWIP_DEBUGF(TCP_RTO_DEBUG, ("tcp_output_segment: rtseq %"U32_F"\n", pcb->rtseq));
+  }
+  LWIP_DEBUGF(TCP_OUTPUT_DEBUG, ("tcp_output_segment: %"U32_F":%"U32_F"\n",
+          htonl(seg->tcphdr->seqno), htonl(seg->tcphdr->seqno) +
+          seg->len));
+
+  len = (u16_t)((u8_t *)seg->tcphdr - (u8_t *)seg->p->payload);
+
+  seg->p->len -= len;
+  seg->p->tot_len -= len;
+
+  seg->p->payload = seg->tcphdr;
+
+  seg->tcphdr->chksum = 0;
+#if TCP_CHECKSUM_ON_COPY
+  {
+    u32_t acc;
+#if TCP_CHECKSUM_ON_COPY_SANITY_CHECK
+    u16_t chksum_slow = ipX_chksum_pseudo(PCB_ISIPV6(pcb), seg->p, IP_PROTO_TCP,
+      seg->p->tot_len, &pcb->local_ip, &pcb->remote_ip);
+#endif /* TCP_CHECKSUM_ON_COPY_SANITY_CHECK */
+    if ((seg->flags & TF_SEG_DATA_CHECKSUMMED) == 0) {
+      LWIP_ASSERT("data included but not checksummed",
+        seg->p->tot_len == (TCPH_HDRLEN(seg->tcphdr) * 4));
+    }
+
+    /* rebuild TCP header checksum (TCP header changes for retransmissions!) */
+    acc = ipX_chksum_pseudo_partial(PCB_ISIPV6(pcb), seg->p, IP_PROTO_TCP,
+      seg->p->tot_len, TCPH_HDRLEN(seg->tcphdr) * 4, &pcb->local_ip, &pcb->remote_ip);
+    /* add payload checksum */
+    if (seg->chksum_swapped) {
+      seg->chksum = SWAP_BYTES_IN_WORD(seg->chksum);
+      seg->chksum_swapped = 0;
+    }
+    acc += (u16_t)~(seg->chksum);
+    seg->tcphdr->chksum = FOLD_U32T(acc);
+#if TCP_CHECKSUM_ON_COPY_SANITY_CHECK
+    if (chksum_slow != seg->tcphdr->chksum) {
+      LWIP_DEBUGF(TCP_DEBUG | LWIP_DBG_LEVEL_WARNING,
+                  ("tcp_output_segment: calculated checksum is %"X16_F" instead of %"X16_F"\n",
+                  seg->tcphdr->chksum, chksum_slow));
+      seg->tcphdr->chksum = chksum_slow;
+    }
+#endif /* TCP_CHECKSUM_ON_COPY_SANITY_CHECK */
+  }
+#else /* TCP_CHECKSUM_ON_COPY */
+#if CHECKSUM_GEN_TCP
+  seg->tcphdr->chksum = ipX_chksum_pseudo(PCB_ISIPV6(pcb), seg->p, IP_PROTO_TCP,
+    seg->p->tot_len, &pcb->local_ip, &pcb->remote_ip);
+#endif /* CHECKSUM_GEN_TCP */
+#endif /* TCP_CHECKSUM_ON_COPY */
+  TCP_STATS_INC(tcp.xmit);
+
+#if LWIP_NETIF_HWADDRHINT
+  ipX_output_hinted(PCB_ISIPV6(pcb), seg->p, &pcb->local_ip, &pcb->remote_ip,
+    pcb->ttl, pcb->tos, IP_PROTO_TCP, &pcb->addr_hint);
+#else /* LWIP_NETIF_HWADDRHINT*/
+  ipX_output(PCB_ISIPV6(pcb), seg->p, &pcb->local_ip, &pcb->remote_ip, pcb->ttl,
+    pcb->tos, IP_PROTO_TCP);
+#endif /* LWIP_NETIF_HWADDRHINT*/
+}
+
+/**
+ * Send a TCP RESET packet (empty segment with RST flag set) either to
+ * abort a connection or to show that there is no matching local connection
+ * for a received segment.
+ *
+ * Called by tcp_abort() (to abort a local connection), tcp_input() (if no
+ * matching local pcb was found), tcp_listen_input() (if incoming segment
+ * has ACK flag set) and tcp_process() (received segment in the wrong state)
+ *
+ * Since a RST segment is in most cases not sent for an active connection,
+ * tcp_rst() has a number of arguments that are taken from a tcp_pcb for
+ * most other segment output functions.
+ *
+ * @param seqno the sequence number to use for the outgoing segment
+ * @param ackno the acknowledge number to use for the outgoing segment
+ * @param local_ip the local IP address to send the segment from
+ * @param remote_ip the remote IP address to send the segment to
+ * @param local_port the local TCP port to send the segment from
+ * @param remote_port the remote TCP port to send the segment to
+ */
+void
+tcp_rst_impl(u32_t seqno, u32_t ackno,
+  ipX_addr_t *local_ip, ipX_addr_t *remote_ip,
+  u16_t local_port, u16_t remote_port
+#if LWIP_IPV6
+  , u8_t isipv6
+#endif /* LWIP_IPV6 */
+  )
+{
+  struct pbuf *p;
+  struct tcp_hdr *tcphdr;
+  p = pbuf_alloc(PBUF_IP, TCP_HLEN, PBUF_RAM);
+  if (p == NULL) {
+      LWIP_DEBUGF(TCP_DEBUG, ("tcp_rst: could not allocate memory for pbuf\n"));
+      return;
+  }
+  LWIP_ASSERT("check that first pbuf can hold struct tcp_hdr",
+              (p->len >= sizeof(struct tcp_hdr)));
+
+  tcphdr = (struct tcp_hdr *)p->payload;
+  tcphdr->src = htons(local_port);
+  tcphdr->dest = htons(remote_port);
+  tcphdr->seqno = htonl(seqno);
+  tcphdr->ackno = htonl(ackno);
+  TCPH_HDRLEN_FLAGS_SET(tcphdr, TCP_HLEN/4, TCP_RST | TCP_ACK);
+  tcphdr->wnd = PP_HTONS(TCP_WND);
+  tcphdr->chksum = 0;
+  tcphdr->urgp = 0;
+
+  TCP_STATS_INC(tcp.xmit);
+  snmp_inc_tcpoutrsts();
+
+#if CHECKSUM_GEN_TCP
+  tcphdr->chksum = ipX_chksum_pseudo(isipv6, p, IP_PROTO_TCP, p->tot_len,
+                                     local_ip, remote_ip);
+#endif
+  /* Send output with hardcoded TTL/HL since we have no access to the pcb */
+  ipX_output(isipv6, p, local_ip, remote_ip, TCP_TTL, 0, IP_PROTO_TCP);
+  pbuf_free(p);
+  LWIP_DEBUGF(TCP_RST_DEBUG, ("tcp_rst: seqno %"U32_F" ackno %"U32_F".\n", seqno, ackno));
+}
+
+/**
+ * Requeue all unacked segments for retransmission
+ *
+ * Called by tcp_slowtmr() for slow retransmission.
+ *
+ * @param pcb the tcp_pcb for which to re-enqueue all unacked segments
+ */
+void
+tcp_rexmit_rto(struct tcp_pcb *pcb)
+{
+  struct tcp_seg *seg;
+
+  if (pcb->unacked == NULL) {
+    return;
+  }
+
+  /* Move all unacked segments to the head of the unsent queue */
+  for (seg = pcb->unacked; seg->next != NULL; seg = seg->next);
+  /* concatenate unsent queue after unacked queue */
+  seg->next = pcb->unsent;
+  /* unsent queue is the concatenated queue (of unacked, unsent) */
+  pcb->unsent = pcb->unacked;
+  /* unacked queue is now empty */
+  pcb->unacked = NULL;
+  /* last unsent hasn't changed, no need to reset unsent_oversize */
+
+  /* increment number of retransmissions */
+  ++pcb->nrtx;
+
+  /* Don't take any RTT measurements after retransmitting. */
+  pcb->rttest = 0;
+
+  /* Do the actual retransmission */
+  tcp_output(pcb);
+}
+
+/**
+ * Requeue the first unacked segment for retransmission
+ *
+ * Called by tcp_receive() for fast retramsmit.
+ *
+ * @param pcb the tcp_pcb for which to retransmit the first unacked segment
+ */
+void
+tcp_rexmit(struct tcp_pcb *pcb)
+{
+  struct tcp_seg *seg;
+  struct tcp_seg **cur_seg;
+
+  if (pcb->unacked == NULL) {
+    return;
+  }
+
+  /* Move the first unacked segment to the unsent queue */
+  /* Keep the unsent queue sorted. */
+  seg = pcb->unacked;
+  pcb->unacked = seg->next;
+
+  cur_seg = &(pcb->unsent);
+  while (*cur_seg &&
+    TCP_SEQ_LT(ntohl((*cur_seg)->tcphdr->seqno), ntohl(seg->tcphdr->seqno))) {
+      cur_seg = &((*cur_seg)->next );
+  }
+  seg->next = *cur_seg;
+  *cur_seg = seg;
+#if TCP_OVERSIZE
+  if (seg->next == NULL) {
+    /* the retransmitted segment is last in unsent, so reset unsent_oversize */
+    pcb->unsent_oversize = 0;
+  }
+#endif /* TCP_OVERSIZE */
+
+  ++pcb->nrtx;
+
+  /* Don't take any rtt measurements after retransmitting. */
+  pcb->rttest = 0;
+
+  /* Do the actual retransmission. */
+  snmp_inc_tcpretranssegs();
+  /* No need to call tcp_output: we are always called from tcp_input()
+     and thus tcp_output directly returns. */
+}
+
+
+/**
+ * Handle retransmission after three dupacks received
+ *
+ * @param pcb the tcp_pcb for which to retransmit the first unacked segment
+ */
+void 
+tcp_rexmit_fast(struct tcp_pcb *pcb)
+{
+  if (pcb->unacked != NULL && !(pcb->flags & TF_INFR)) {
+    /* This is fast retransmit. Retransmit the first unacked segment. */
+    LWIP_DEBUGF(TCP_FR_DEBUG, 
+                ("tcp_receive: dupacks %"U16_F" (%"U32_F
+                 "), fast retransmit %"U32_F"\n",
+                 (u16_t)pcb->dupacks, pcb->lastack,
+                 ntohl(pcb->unacked->tcphdr->seqno)));
+    tcp_rexmit(pcb);
+
+    /* Set ssthresh to half of the minimum of the current
+     * cwnd and the advertised window */
+    if (pcb->cwnd > pcb->snd_wnd) {
+      pcb->ssthresh = pcb->snd_wnd / 2;
+    } else {
+      pcb->ssthresh = pcb->cwnd / 2;
+    }
+    
+    /* The minimum value for ssthresh should be 2 MSS */
+    if (pcb->ssthresh < 2*pcb->mss) {
+      LWIP_DEBUGF(TCP_FR_DEBUG, 
+                  ("tcp_receive: The minimum value for ssthresh %"U16_F
+                   " should be min 2 mss %"U16_F"...\n",
+                   pcb->ssthresh, 2*pcb->mss));
+      pcb->ssthresh = 2*pcb->mss;
+    }
+    
+    pcb->cwnd = pcb->ssthresh + 3 * pcb->mss;
+    pcb->flags |= TF_INFR;
+  } 
+}
+
+
+/**
+ * Send keepalive packets to keep a connection active although
+ * no data is sent over it.
+ *
+ * Called by tcp_slowtmr()
+ *
+ * @param pcb the tcp_pcb for which to send a keepalive packet
+ */
+void
+tcp_keepalive(struct tcp_pcb *pcb)
+{
+  struct pbuf *p;
+#if CHECKSUM_GEN_TCP
+  struct tcp_hdr *tcphdr;
+#endif /* CHECKSUM_GEN_TCP */
+
+  LWIP_DEBUGF(TCP_DEBUG, ("tcp_keepalive: sending KEEPALIVE probe to "));
+  ipX_addr_debug_print(PCB_ISIPV6(pcb), TCP_DEBUG, &pcb->remote_ip);
+  LWIP_DEBUGF(TCP_DEBUG, ("\n"));
+
+  LWIP_DEBUGF(TCP_DEBUG, ("tcp_keepalive: tcp_ticks %"U32_F"   pcb->tmr %"U32_F" pcb->keep_cnt_sent %"U16_F"\n", 
+                          tcp_ticks, pcb->tmr, pcb->keep_cnt_sent));
+   
+  p = tcp_output_alloc_header(pcb, 0, 0, htonl(pcb->snd_nxt - 1));
+  if(p == NULL) {
+    LWIP_DEBUGF(TCP_DEBUG, 
+                ("tcp_keepalive: could not allocate memory for pbuf\n"));
+    return;
+  }
+#if CHECKSUM_GEN_TCP
+  tcphdr = (struct tcp_hdr *)p->payload;
+
+  tcphdr->chksum = ipX_chksum_pseudo(PCB_ISIPV6(pcb), p, IP_PROTO_TCP, p->tot_len,
+      &pcb->local_ip, &pcb->remote_ip);
+#endif /* CHECKSUM_GEN_TCP */
+  TCP_STATS_INC(tcp.xmit);
+
+  /* Send output to IP */
+#if LWIP_NETIF_HWADDRHINT
+  ipX_output_hinted(PCB_ISIPV6(pcb), p, &pcb->local_ip, &pcb->remote_ip,
+    pcb->ttl, 0, IP_PROTO_TCP, &pcb->addr_hint);
+#else /* LWIP_NETIF_HWADDRHINT*/
+  ipX_output(PCB_ISIPV6(pcb), p, &pcb->local_ip, &pcb->remote_ip, pcb->ttl,
+    0, IP_PROTO_TCP);
+#endif /* LWIP_NETIF_HWADDRHINT*/
+
+  pbuf_free(p);
+
+  LWIP_DEBUGF(TCP_DEBUG, ("tcp_keepalive: seqno %"U32_F" ackno %"U32_F".\n",
+                          pcb->snd_nxt - 1, pcb->rcv_nxt));
+}
+
+
+/**
+ * Send persist timer zero-window probes to keep a connection active
+ * when a window update is lost.
+ *
+ * Called by tcp_slowtmr()
+ *
+ * @param pcb the tcp_pcb for which to send a zero-window probe packet
+ */
+void
+tcp_zero_window_probe(struct tcp_pcb *pcb)
+{
+  struct pbuf *p;
+  struct tcp_hdr *tcphdr;
+  struct tcp_seg *seg;
+  u16_t len;
+  u8_t is_fin;
+
+  LWIP_DEBUGF(TCP_DEBUG, ("tcp_zero_window_probe: sending ZERO WINDOW probe to "));
+  ipX_addr_debug_print(PCB_ISIPV6(pcb), TCP_DEBUG, &pcb->remote_ip);
+  LWIP_DEBUGF(TCP_DEBUG, ("\n"));
+
+  LWIP_DEBUGF(TCP_DEBUG, 
+              ("tcp_zero_window_probe: tcp_ticks %"U32_F
+               "   pcb->tmr %"U32_F" pcb->keep_cnt_sent %"U16_F"\n", 
+               tcp_ticks, pcb->tmr, pcb->keep_cnt_sent));
+
+  seg = pcb->unacked;
+
+  if(seg == NULL) {
+    seg = pcb->unsent;
+  }
+  if(seg == NULL) {
+    return;
+  }
+
+  is_fin = ((TCPH_FLAGS(seg->tcphdr) & TCP_FIN) != 0) && (seg->len == 0);
+  /* we want to send one seqno: either FIN or data (no options) */
+  len = is_fin ? 0 : 1;
+
+  p = tcp_output_alloc_header(pcb, 0, len, seg->tcphdr->seqno);
+  if(p == NULL) {
+    LWIP_DEBUGF(TCP_DEBUG, ("tcp_zero_window_probe: no memory for pbuf\n"));
+    return;
+  }
+  tcphdr = (struct tcp_hdr *)p->payload;
+
+  if (is_fin) {
+    /* FIN segment, no data */
+    TCPH_FLAGS_SET(tcphdr, TCP_ACK | TCP_FIN);
+  } else {
+    /* Data segment, copy in one byte from the head of the unacked queue */
+    char *d = ((char *)p->payload + TCP_HLEN);
+    /* Depending on whether the segment has already been sent (unacked) or not
+       (unsent), seg->p->payload points to the IP header or TCP header.
+       Ensure we copy the first TCP data byte: */
+    pbuf_copy_partial(seg->p, d, 1, seg->p->tot_len - seg->len);
+  }
+
+#if CHECKSUM_GEN_TCP
+  tcphdr->chksum = ipX_chksum_pseudo(PCB_ISIPV6(pcb), p, IP_PROTO_TCP, p->tot_len,
+      &pcb->local_ip, &pcb->remote_ip);
+#endif
+  TCP_STATS_INC(tcp.xmit);
+
+  /* Send output to IP */
+#if LWIP_NETIF_HWADDRHINT
+  ipX_output_hinted(PCB_ISIPV6(pcb), p, &pcb->local_ip, &pcb->remote_ip, pcb->ttl,
+    0, IP_PROTO_TCP, &pcb->addr_hint);
+#else /* LWIP_NETIF_HWADDRHINT*/
+  ipX_output(PCB_ISIPV6(pcb), p, &pcb->local_ip, &pcb->remote_ip, pcb->ttl, 0, IP_PROTO_TCP);
+#endif /* LWIP_NETIF_HWADDRHINT*/
+
+  pbuf_free(p);
+
+  LWIP_DEBUGF(TCP_DEBUG, ("tcp_zero_window_probe: seqno %"U32_F
+                          " ackno %"U32_F".\n",
+                          pcb->snd_nxt - 1, pcb->rcv_nxt));
+}
+#endif /* LWIP_TCP */
diff --git a/client/3rd/PacketProcessor/PacketProcessor/tun2socks-iOS/lwip/src/core/timers.c b/client/3rd/PacketProcessor/PacketProcessor/tun2socks-iOS/lwip/src/core/timers.c
new file mode 100644
index 00000000..167f2351
--- /dev/null
+++ b/client/3rd/PacketProcessor/PacketProcessor/tun2socks-iOS/lwip/src/core/timers.c
@@ -0,0 +1,545 @@
+/**
+ * @file
+ * Stack-internal timers implementation.
+ * This file includes timer callbacks for stack-internal timers as well as
+ * functions to set up or stop timers and check for expired timers.
+ *
+ */
+
+/*
+ * Copyright (c) 2001-2004 Swedish Institute of Computer Science.
+ * All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without modification,
+ * are permitted provided that the following conditions are met:
+ *
+ * 1. Redistributions of source code must retain the above copyright notice,
+ *    this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright notice,
+ *    this list of conditions and the following disclaimer in the documentation
+ *    and/or other materials provided with the distribution.
+ * 3. The name of the author may not be used to endorse or promote products
+ *    derived from this software without specific prior written permission.
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE AUTHOR ``AS IS'' AND ANY EXPRESS OR IMPLIED
+ * WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF
+ * MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT
+ * SHALL THE AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL,
+ * EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT
+ * OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS
+ * INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN
+ * CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING
+ * IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY
+ * OF SUCH DAMAGE.
+ *
+ * This file is part of the lwIP TCP/IP stack.
+ *
+ * Author: Adam Dunkels <adam@sics.se>
+ *         Simon Goldschmidt
+ *
+ */
+
+#include "lwip/opt.h"
+
+#include "lwip/timers.h"
+#include "lwip/tcp_impl.h"
+
+#if LWIP_TIMERS
+
+#include "lwip/def.h"
+#include "lwip/memp.h"
+#include "lwip/tcpip.h"
+
+#include "lwip/ip_frag.h"
+#include "netif/etharp.h"
+#include "lwip/dhcp.h"
+#include "lwip/autoip.h"
+#include "lwip/igmp.h"
+#include "lwip/dns.h"
+#include "lwip/nd6.h"
+#include "lwip/ip6_frag.h"
+#include "lwip/mld6.h"
+#include "lwip/sys.h"
+#include "lwip/pbuf.h"
+
+/** The one and only timeout list */
+static struct sys_timeo *next_timeout;
+#if NO_SYS
+static u32_t timeouts_last_time;
+#endif /* NO_SYS */
+
+#if LWIP_TCP
+/** global variable that shows if the tcp timer is currently scheduled or not */
+static int tcpip_tcp_timer_active;
+
+/**
+ * Timer callback function that calls tcp_tmr() and reschedules itself.
+ *
+ * @param arg unused argument
+ */
+static void
+tcpip_tcp_timer(void *arg)
+{
+  LWIP_UNUSED_ARG(arg);
+
+  /* call TCP timer handler */
+  tcp_tmr();
+  /* timer still needed? */
+  if (tcp_active_pcbs || tcp_tw_pcbs) {
+    /* restart timer */
+    sys_timeout(TCP_TMR_INTERVAL, tcpip_tcp_timer, NULL);
+  } else {
+    /* disable timer */
+    tcpip_tcp_timer_active = 0;
+  }
+}
+
+/**
+ * Called from TCP_REG when registering a new PCB:
+ * the reason is to have the TCP timer only running when
+ * there are active (or time-wait) PCBs.
+ */
+void
+tcp_timer_needed(void)
+{
+  /* timer is off but needed again? */
+  if (!tcpip_tcp_timer_active && (tcp_active_pcbs || tcp_tw_pcbs)) {
+    /* enable and start timer */
+    tcpip_tcp_timer_active = 1;
+    sys_timeout(TCP_TMR_INTERVAL, tcpip_tcp_timer, NULL);
+  }
+}
+#endif /* LWIP_TCP */
+
+#if IP_REASSEMBLY
+/**
+ * Timer callback function that calls ip_reass_tmr() and reschedules itself.
+ *
+ * @param arg unused argument
+ */
+static void
+ip_reass_timer(void *arg)
+{
+  LWIP_UNUSED_ARG(arg);
+  LWIP_DEBUGF(TIMERS_DEBUG, ("tcpip: ip_reass_tmr()\n"));
+  ip_reass_tmr();
+  sys_timeout(IP_TMR_INTERVAL, ip_reass_timer, NULL);
+}
+#endif /* IP_REASSEMBLY */
+
+#if LWIP_ARP
+/**
+ * Timer callback function that calls etharp_tmr() and reschedules itself.
+ *
+ * @param arg unused argument
+ */
+static void
+arp_timer(void *arg)
+{
+  LWIP_UNUSED_ARG(arg);
+  LWIP_DEBUGF(TIMERS_DEBUG, ("tcpip: etharp_tmr()\n"));
+  etharp_tmr();
+  sys_timeout(ARP_TMR_INTERVAL, arp_timer, NULL);
+}
+#endif /* LWIP_ARP */
+
+#if LWIP_DHCP
+/**
+ * Timer callback function that calls dhcp_coarse_tmr() and reschedules itself.
+ *
+ * @param arg unused argument
+ */
+static void
+dhcp_timer_coarse(void *arg)
+{
+  LWIP_UNUSED_ARG(arg);
+  LWIP_DEBUGF(TIMERS_DEBUG, ("tcpip: dhcp_coarse_tmr()\n"));
+  dhcp_coarse_tmr();
+  sys_timeout(DHCP_COARSE_TIMER_MSECS, dhcp_timer_coarse, NULL);
+}
+
+/**
+ * Timer callback function that calls dhcp_fine_tmr() and reschedules itself.
+ *
+ * @param arg unused argument
+ */
+static void
+dhcp_timer_fine(void *arg)
+{
+  LWIP_UNUSED_ARG(arg);
+  LWIP_DEBUGF(TIMERS_DEBUG, ("tcpip: dhcp_fine_tmr()\n"));
+  dhcp_fine_tmr();
+  sys_timeout(DHCP_FINE_TIMER_MSECS, dhcp_timer_fine, NULL);
+}
+#endif /* LWIP_DHCP */
+
+#if LWIP_AUTOIP
+/**
+ * Timer callback function that calls autoip_tmr() and reschedules itself.
+ *
+ * @param arg unused argument
+ */
+static void
+autoip_timer(void *arg)
+{
+  LWIP_UNUSED_ARG(arg);
+  LWIP_DEBUGF(TIMERS_DEBUG, ("tcpip: autoip_tmr()\n"));
+  autoip_tmr();
+  sys_timeout(AUTOIP_TMR_INTERVAL, autoip_timer, NULL);
+}
+#endif /* LWIP_AUTOIP */
+
+#if LWIP_IGMP
+/**
+ * Timer callback function that calls igmp_tmr() and reschedules itself.
+ *
+ * @param arg unused argument
+ */
+static void
+igmp_timer(void *arg)
+{
+  LWIP_UNUSED_ARG(arg);
+  LWIP_DEBUGF(TIMERS_DEBUG, ("tcpip: igmp_tmr()\n"));
+  igmp_tmr();
+  sys_timeout(IGMP_TMR_INTERVAL, igmp_timer, NULL);
+}
+#endif /* LWIP_IGMP */
+
+#if LWIP_DNS
+/**
+ * Timer callback function that calls dns_tmr() and reschedules itself.
+ *
+ * @param arg unused argument
+ */
+static void
+dns_timer(void *arg)
+{
+  LWIP_UNUSED_ARG(arg);
+  LWIP_DEBUGF(TIMERS_DEBUG, ("tcpip: dns_tmr()\n"));
+  dns_tmr();
+  sys_timeout(DNS_TMR_INTERVAL, dns_timer, NULL);
+}
+#endif /* LWIP_DNS */
+
+#if LWIP_IPV6
+/**
+ * Timer callback function that calls nd6_tmr() and reschedules itself.
+ *
+ * @param arg unused argument
+ */
+static void
+nd6_timer(void *arg)
+{
+  LWIP_UNUSED_ARG(arg);
+  LWIP_DEBUGF(TIMERS_DEBUG, ("tcpip: nd6_tmr()\n"));
+  nd6_tmr();
+  sys_timeout(ND6_TMR_INTERVAL, nd6_timer, NULL);
+}
+
+#if LWIP_IPV6_REASS
+/**
+ * Timer callback function that calls ip6_reass_tmr() and reschedules itself.
+ *
+ * @param arg unused argument
+ */
+static void
+ip6_reass_timer(void *arg)
+{
+  LWIP_UNUSED_ARG(arg);
+  LWIP_DEBUGF(TIMERS_DEBUG, ("tcpip: ip6_reass_tmr()\n"));
+  ip6_reass_tmr();
+  sys_timeout(IP6_REASS_TMR_INTERVAL, ip6_reass_timer, NULL);
+}
+#endif /* LWIP_IPV6_REASS */
+
+#if LWIP_IPV6_MLD
+/**
+ * Timer callback function that calls mld6_tmr() and reschedules itself.
+ *
+ * @param arg unused argument
+ */
+static void
+mld6_timer(void *arg)
+{
+  LWIP_UNUSED_ARG(arg);
+  LWIP_DEBUGF(TIMERS_DEBUG, ("tcpip: mld6_tmr()\n"));
+  mld6_tmr();
+  sys_timeout(MLD6_TMR_INTERVAL, mld6_timer, NULL);
+}
+#endif /* LWIP_IPV6_MLD */
+#endif /* LWIP_IPV6 */
+
+/** Initialize this module */
+void sys_timeouts_init(void)
+{
+#if IP_REASSEMBLY
+  sys_timeout(IP_TMR_INTERVAL, ip_reass_timer, NULL);
+#endif /* IP_REASSEMBLY */
+#if LWIP_ARP
+  sys_timeout(ARP_TMR_INTERVAL, arp_timer, NULL);
+#endif /* LWIP_ARP */
+#if LWIP_DHCP
+  sys_timeout(DHCP_COARSE_TIMER_MSECS, dhcp_timer_coarse, NULL);
+  sys_timeout(DHCP_FINE_TIMER_MSECS, dhcp_timer_fine, NULL);
+#endif /* LWIP_DHCP */
+#if LWIP_AUTOIP
+  sys_timeout(AUTOIP_TMR_INTERVAL, autoip_timer, NULL);
+#endif /* LWIP_AUTOIP */
+#if LWIP_IGMP
+  sys_timeout(IGMP_TMR_INTERVAL, igmp_timer, NULL);
+#endif /* LWIP_IGMP */
+#if LWIP_DNS
+  sys_timeout(DNS_TMR_INTERVAL, dns_timer, NULL);
+#endif /* LWIP_DNS */
+#if LWIP_IPV6
+  sys_timeout(ND6_TMR_INTERVAL, nd6_timer, NULL);
+#if LWIP_IPV6_REASS
+  sys_timeout(IP6_REASS_TMR_INTERVAL, ip6_reass_timer, NULL);
+#endif /* LWIP_IPV6_REASS */
+#if LWIP_IPV6_MLD
+  sys_timeout(MLD6_TMR_INTERVAL, mld6_timer, NULL);
+#endif /* LWIP_IPV6_MLD */
+#endif /* LWIP_IPV6 */
+
+#if NO_SYS
+  /* Initialise timestamp for sys_check_timeouts */
+  timeouts_last_time = sys_now();
+#endif
+}
+
+/**
+ * Create a one-shot timer (aka timeout). Timeouts are processed in the
+ * following cases:
+ * - while waiting for a message using sys_timeouts_mbox_fetch()
+ * - by calling sys_check_timeouts() (NO_SYS==1 only)
+ *
+ * @param msecs time in milliseconds after that the timer should expire
+ * @param handler callback function to call when msecs have elapsed
+ * @param arg argument to pass to the callback function
+ */
+#if LWIP_DEBUG_TIMERNAMES
+void
+sys_timeout_debug(u32_t msecs, sys_timeout_handler handler, void *arg, const char* handler_name)
+#else /* LWIP_DEBUG_TIMERNAMES */
+void
+sys_timeout(u32_t msecs, sys_timeout_handler handler, void *arg)
+#endif /* LWIP_DEBUG_TIMERNAMES */
+{
+  struct sys_timeo *timeout, *t;
+  timeout = (struct sys_timeo *)memp_malloc(MEMP_SYS_TIMEOUT);
+  if (timeout == NULL) {
+    LWIP_ASSERT("sys_timeout: timeout != NULL, pool MEMP_SYS_TIMEOUT is empty", timeout != NULL);
+    return;
+  }
+  timeout->next = NULL;
+  timeout->h = handler;
+  timeout->arg = arg;
+  timeout->time = msecs;
+#if LWIP_DEBUG_TIMERNAMES
+  timeout->handler_name = handler_name;
+  LWIP_DEBUGF(TIMERS_DEBUG, ("sys_timeout: %p msecs=%"U32_F" handler=%s arg=%p\n",
+    (void *)timeout, msecs, handler_name, (void *)arg));
+#endif /* LWIP_DEBUG_TIMERNAMES */
+
+  if (next_timeout == NULL) {
+    next_timeout = timeout;
+    return;
+  }
+
+  if (next_timeout->time > msecs) {
+    next_timeout->time -= msecs;
+    timeout->next = next_timeout;
+    next_timeout = timeout;
+  } else {
+    for(t = next_timeout; t != NULL; t = t->next) {
+      timeout->time -= t->time;
+      if (t->next == NULL || t->next->time > timeout->time) {
+        if (t->next != NULL) {
+          t->next->time -= timeout->time;
+        }
+        timeout->next = t->next;
+        t->next = timeout;
+        break;
+      }
+    }
+  }
+}
+
+/**
+ * Go through timeout list (for this task only) and remove the first matching
+ * entry, even though the timeout has not triggered yet.
+ *
+ * @note This function only works as expected if there is only one timeout
+ * calling 'handler' in the list of timeouts.
+ *
+ * @param handler callback function that would be called by the timeout
+ * @param arg callback argument that would be passed to handler
+*/
+void
+sys_untimeout(sys_timeout_handler handler, void *arg)
+{
+  struct sys_timeo *prev_t, *t;
+
+  if (next_timeout == NULL) {
+    return;
+  }
+
+  for (t = next_timeout, prev_t = NULL; t != NULL; prev_t = t, t = t->next) {
+    if ((t->h == handler) && (t->arg == arg)) {
+      /* We have a match */
+      /* Unlink from previous in list */
+      if (prev_t == NULL) {
+        next_timeout = t->next;
+      } else {
+        prev_t->next = t->next;
+      }
+      /* If not the last one, add time of this one back to next */
+      if (t->next != NULL) {
+        t->next->time += t->time;
+      }
+      memp_free(MEMP_SYS_TIMEOUT, t);
+      return;
+    }
+  }
+  return;
+}
+
+#if NO_SYS
+
+/** Handle timeouts for NO_SYS==1 (i.e. without using
+ * tcpip_thread/sys_timeouts_mbox_fetch(). Uses sys_now() to call timeout
+ * handler functions when timeouts expire.
+ *
+ * Must be called periodically from your main loop.
+ */
+void
+sys_check_timeouts(void)
+{
+  if (next_timeout) {
+    struct sys_timeo *tmptimeout;
+    u32_t diff;
+    sys_timeout_handler handler;
+    void *arg;
+    u8_t had_one;
+    u32_t now;
+
+    now = sys_now();
+    /* this cares for wraparounds */
+    diff = now - timeouts_last_time;
+    do
+    {
+#if PBUF_POOL_FREE_OOSEQ
+      PBUF_CHECK_FREE_OOSEQ();
+#endif /* PBUF_POOL_FREE_OOSEQ */
+      had_one = 0;
+      tmptimeout = next_timeout;
+      if (tmptimeout && (tmptimeout->time <= diff)) {
+        /* timeout has expired */
+        had_one = 1;
+        timeouts_last_time = now;
+        diff -= tmptimeout->time;
+        next_timeout = tmptimeout->next;
+        handler = tmptimeout->h;
+        arg = tmptimeout->arg;
+#if LWIP_DEBUG_TIMERNAMES
+        if (handler != NULL) {
+          LWIP_DEBUGF(TIMERS_DEBUG, ("sct calling h=%s arg=%p\n",
+            tmptimeout->handler_name, arg));
+        }
+#endif /* LWIP_DEBUG_TIMERNAMES */
+        memp_free(MEMP_SYS_TIMEOUT, tmptimeout);
+        if (handler != NULL) {
+          handler(arg);
+        }
+      }
+    /* repeat until all expired timers have been called */
+    }while(had_one);
+  }
+}
+
+/** Set back the timestamp of the last call to sys_check_timeouts()
+ * This is necessary if sys_check_timeouts() hasn't been called for a long
+ * time (e.g. while saving energy) to prevent all timer functions of that
+ * period being called.
+ */
+void
+sys_restart_timeouts(void)
+{
+  timeouts_last_time = sys_now();
+}
+
+#else /* NO_SYS */
+
+/**
+ * Wait (forever) for a message to arrive in an mbox.
+ * While waiting, timeouts are processed.
+ *
+ * @param mbox the mbox to fetch the message from
+ * @param msg the place to store the message
+ */
+void
+sys_timeouts_mbox_fetch(sys_mbox_t *mbox, void **msg)
+{
+  u32_t time_needed;
+  struct sys_timeo *tmptimeout;
+  sys_timeout_handler handler;
+  void *arg;
+
+ again:
+  if (!next_timeout) {
+    time_needed = sys_arch_mbox_fetch(mbox, msg, 0);
+  } else {
+    if (next_timeout->time > 0) {
+      time_needed = sys_arch_mbox_fetch(mbox, msg, next_timeout->time);
+    } else {
+      time_needed = SYS_ARCH_TIMEOUT;
+    }
+
+    if (time_needed == SYS_ARCH_TIMEOUT) {
+      /* If time == SYS_ARCH_TIMEOUT, a timeout occured before a message
+         could be fetched. We should now call the timeout handler and
+         deallocate the memory allocated for the timeout. */
+      tmptimeout = next_timeout;
+      next_timeout = tmptimeout->next;
+      handler = tmptimeout->h;
+      arg = tmptimeout->arg;
+#if LWIP_DEBUG_TIMERNAMES
+      if (handler != NULL) {
+        LWIP_DEBUGF(TIMERS_DEBUG, ("stmf calling h=%s arg=%p\n",
+          tmptimeout->handler_name, arg));
+      }
+#endif /* LWIP_DEBUG_TIMERNAMES */
+      memp_free(MEMP_SYS_TIMEOUT, tmptimeout);
+      if (handler != NULL) {
+        /* For LWIP_TCPIP_CORE_LOCKING, lock the core before calling the
+           timeout handler function. */
+        LOCK_TCPIP_CORE();
+        handler(arg);
+        UNLOCK_TCPIP_CORE();
+      }
+      LWIP_TCPIP_THREAD_ALIVE();
+
+      /* We try again to fetch a message from the mbox. */
+      goto again;
+    } else {
+      /* If time != SYS_ARCH_TIMEOUT, a message was received before the timeout
+         occured. The time variable is set to the number of
+         milliseconds we waited for the message. */
+      if (time_needed < next_timeout->time) {
+        next_timeout->time -= time_needed;
+      } else {
+        next_timeout->time = 0;
+      }
+    }
+  }
+}
+
+#endif /* NO_SYS */
+
+#else /* LWIP_TIMERS */
+/* Satisfy the TCP code which calls this function */
+void
+tcp_timer_needed(void)
+{
+}
+#endif /* LWIP_TIMERS */
diff --git a/client/3rd/PacketProcessor/PacketProcessor/tun2socks-iOS/lwip/src/core/udp.c b/client/3rd/PacketProcessor/PacketProcessor/tun2socks-iOS/lwip/src/core/udp.c
new file mode 100644
index 00000000..ac0e56d1
--- /dev/null
+++ b/client/3rd/PacketProcessor/PacketProcessor/tun2socks-iOS/lwip/src/core/udp.c
@@ -0,0 +1,1151 @@
+/**
+ * @file
+ * User Datagram Protocol module
+ *
+ */
+
+/*
+ * Copyright (c) 2001-2004 Swedish Institute of Computer Science.
+ * All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without modification,
+ * are permitted provided that the following conditions are met:
+ *
+ * 1. Redistributions of source code must retain the above copyright notice,
+ *    this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright notice,
+ *    this list of conditions and the following disclaimer in the documentation
+ *    and/or other materials provided with the distribution.
+ * 3. The name of the author may not be used to endorse or promote products
+ *    derived from this software without specific prior written permission.
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE AUTHOR ``AS IS'' AND ANY EXPRESS OR IMPLIED
+ * WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF
+ * MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT
+ * SHALL THE AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL,
+ * EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT
+ * OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS
+ * INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN
+ * CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING
+ * IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY
+ * OF SUCH DAMAGE.
+ *
+ * This file is part of the lwIP TCP/IP stack.
+ *
+ * Author: Adam Dunkels <adam@sics.se>
+ *
+ */
+
+
+/* udp.c
+ *
+ * The code for the User Datagram Protocol UDP & UDPLite (RFC 3828).
+ *
+ */
+
+/* @todo Check the use of '(struct udp_pcb).chksum_len_rx'!
+ */
+
+#include "lwip/opt.h"
+
+#if LWIP_UDP /* don't build if not configured for use in lwipopts.h */
+
+#include "lwip/udp.h"
+#include "lwip/def.h"
+#include "lwip/memp.h"
+#include "lwip/inet_chksum.h"
+#include "lwip/ip_addr.h"
+#include "lwip/ip6.h"
+#include "lwip/ip6_addr.h"
+#include "lwip/inet_chksum.h"
+#include "lwip/netif.h"
+#include "lwip/icmp.h"
+#include "lwip/icmp6.h"
+#include "lwip/stats.h"
+#include "lwip/snmp.h"
+#include "arch/perf.h"
+#include "lwip/dhcp.h"
+
+#include <string.h>
+
+#ifndef UDP_LOCAL_PORT_RANGE_START
+/* From http://www.iana.org/assignments/port-numbers:
+   "The Dynamic and/or Private Ports are those from 49152 through 65535" */
+#define UDP_LOCAL_PORT_RANGE_START  0xc000
+#define UDP_LOCAL_PORT_RANGE_END    0xffff
+#define UDP_ENSURE_LOCAL_PORT_RANGE(port) (((port) & ~UDP_LOCAL_PORT_RANGE_START) + UDP_LOCAL_PORT_RANGE_START)
+#endif
+
+/* last local UDP port */
+static u16_t udp_port = UDP_LOCAL_PORT_RANGE_START;
+
+/* The list of UDP PCBs */
+/* exported in udp.h (was static) */
+struct udp_pcb *udp_pcbs;
+
+/**
+ * Initialize this module.
+ */
+void
+udp_init(void)
+{
+#if LWIP_RANDOMIZE_INITIAL_LOCAL_PORTS && defined(LWIP_RAND)
+  udp_port = UDP_ENSURE_LOCAL_PORT_RANGE(LWIP_RAND());
+#endif /* LWIP_RANDOMIZE_INITIAL_LOCAL_PORTS && defined(LWIP_RAND) */
+}
+
+/**
+ * Allocate a new local UDP port.
+ *
+ * @return a new (free) local UDP port number
+ */
+static u16_t
+udp_new_port(void)
+{
+  u16_t n = 0;
+  struct udp_pcb *pcb;
+  
+again:
+  if (udp_port++ == UDP_LOCAL_PORT_RANGE_END) {
+    udp_port = UDP_LOCAL_PORT_RANGE_START;
+  }
+  /* Check all PCBs. */
+  for(pcb = udp_pcbs; pcb != NULL; pcb = pcb->next) {
+    if (pcb->local_port == udp_port) {
+      if (++n > (UDP_LOCAL_PORT_RANGE_END - UDP_LOCAL_PORT_RANGE_START)) {
+        return 0;
+      }
+      goto again;
+    }
+  }
+  return udp_port;
+#if 0
+  struct udp_pcb *ipcb = udp_pcbs;
+  while ((ipcb != NULL) && (udp_port != UDP_LOCAL_PORT_RANGE_END)) {
+    if (ipcb->local_port == udp_port) {
+      /* port is already used by another udp_pcb */
+      udp_port++;
+      /* restart scanning all udp pcbs */
+      ipcb = udp_pcbs;
+    } else {
+      /* go on with next udp pcb */
+      ipcb = ipcb->next;
+    }
+  }
+  if (ipcb != NULL) {
+    return 0;
+  }
+  return udp_port;
+#endif
+}
+
+/**
+ * Process an incoming UDP datagram.
+ *
+ * Given an incoming UDP datagram (as a chain of pbufs) this function
+ * finds a corresponding UDP PCB and hands over the pbuf to the pcbs
+ * recv function. If no pcb is found or the datagram is incorrect, the
+ * pbuf is freed.
+ *
+ * @param p pbuf to be demultiplexed to a UDP PCB (p->payload pointing to the UDP header)
+ * @param inp network interface on which the datagram was received.
+ *
+ */
+void
+udp_input(struct pbuf *p, struct netif *inp)
+{
+  struct udp_hdr *udphdr;
+  struct udp_pcb *pcb, *prev;
+  struct udp_pcb *uncon_pcb;
+  u16_t src, dest;
+  u8_t local_match;
+  u8_t broadcast;
+  u8_t for_us;
+
+  PERF_START;
+
+  UDP_STATS_INC(udp.recv);
+
+  /* Check minimum length (UDP header) */
+  if (p->len < UDP_HLEN) {
+    /* drop short packets */
+    LWIP_DEBUGF(UDP_DEBUG,
+                ("udp_input: short UDP datagram (%"U16_F" bytes) discarded\n", p->tot_len));
+    UDP_STATS_INC(udp.lenerr);
+    UDP_STATS_INC(udp.drop);
+    snmp_inc_udpinerrors();
+    pbuf_free(p);
+    goto end;
+  }
+
+  udphdr = (struct udp_hdr *)p->payload;
+
+  /* is broadcast packet ? */
+#if LWIP_IPV6
+  broadcast = !ip_current_is_v6() && ip_addr_isbroadcast(ip_current_dest_addr(), inp);
+#else /* LWIP_IPV6 */
+  broadcast = ip_addr_isbroadcast(ip_current_dest_addr(), inp);
+#endif /* LWIP_IPV6 */
+
+  LWIP_DEBUGF(UDP_DEBUG, ("udp_input: received datagram of length %"U16_F"\n", p->tot_len));
+
+  /* convert src and dest ports to host byte order */
+  src = ntohs(udphdr->src);
+  dest = ntohs(udphdr->dest);
+
+  udp_debug_print(udphdr);
+
+  /* print the UDP source and destination */
+  LWIP_DEBUGF(UDP_DEBUG, ("udp ("));
+  ipX_addr_debug_print(ip_current_is_v6(), UDP_DEBUG, ipX_current_dest_addr());
+  LWIP_DEBUGF(UDP_DEBUG, (", %"U16_F") <-- (", ntohs(udphdr->dest)));
+  ipX_addr_debug_print(ip_current_is_v6(), UDP_DEBUG, ipX_current_src_addr());
+  LWIP_DEBUGF(UDP_DEBUG, (", %"U16_F")\n", ntohs(udphdr->src)));
+
+#if LWIP_DHCP
+  pcb = NULL;
+  /* when LWIP_DHCP is active, packets to DHCP_CLIENT_PORT may only be processed by
+     the dhcp module, no other UDP pcb may use the local UDP port DHCP_CLIENT_PORT */
+  if (dest == DHCP_CLIENT_PORT) {
+    /* all packets for DHCP_CLIENT_PORT not coming from DHCP_SERVER_PORT are dropped! */
+    if (src == DHCP_SERVER_PORT) {
+      if ((inp->dhcp != NULL) && (inp->dhcp->pcb != NULL)) {
+        /* accept the packe if 
+           (- broadcast or directed to us) -> DHCP is link-layer-addressed, local ip is always ANY!
+           - inp->dhcp->pcb->remote == ANY or iphdr->src
+           (no need to check for IPv6 since the dhcp struct always uses IPv4) */
+        if (ipX_addr_isany(0, &inp->dhcp->pcb->remote_ip) ||
+            ip_addr_cmp(ipX_2_ip(&(inp->dhcp->pcb->remote_ip)), ip_current_src_addr())) {
+          pcb = inp->dhcp->pcb;
+        }
+      }
+    }
+  } else
+#endif /* LWIP_DHCP */
+  {
+    prev = NULL;
+    local_match = 0;
+    uncon_pcb = NULL;
+    /* Iterate through the UDP pcb list for a matching pcb.
+     * 'Perfect match' pcbs (connected to the remote port & ip address) are
+     * preferred. If no perfect match is found, the first unconnected pcb that
+     * matches the local port and ip address gets the datagram. */
+    for (pcb = udp_pcbs; pcb != NULL; pcb = pcb->next) {
+      local_match = 0;
+      /* print the PCB local and remote address */
+      LWIP_DEBUGF(UDP_DEBUG, ("pcb ("));
+      ipX_addr_debug_print(PCB_ISIPV6(pcb), UDP_DEBUG, &pcb->local_ip);
+      LWIP_DEBUGF(UDP_DEBUG, (", %"U16_F") <-- (", pcb->local_port));
+      ipX_addr_debug_print(PCB_ISIPV6(pcb), UDP_DEBUG, &pcb->remote_ip);
+      LWIP_DEBUGF(UDP_DEBUG, (", %"U16_F")\n", pcb->remote_port));
+
+      /* compare PCB local addr+port to UDP destination addr+port */
+      if (pcb->local_port == dest) {
+        if (
+#if LWIP_IPV6
+          ((PCB_ISIPV6(pcb) && (ip_current_is_v6()) &&
+            (ip6_addr_isany(ipX_2_ip6(&pcb->local_ip)) ||
+#if LWIP_IPV6_MLD
+            ip6_addr_ismulticast(ip6_current_dest_addr()) ||
+#endif /* LWIP_IPV6_MLD */
+            ip6_addr_cmp(ipX_2_ip6(&pcb->local_ip), ip6_current_dest_addr()))) ||
+           (!PCB_ISIPV6(pcb) &&
+            (ip_current_header() != NULL) &&
+#else /* LWIP_IPV6 */
+           ((
+#endif /* LWIP_IPV6 */
+            ((!broadcast && ipX_addr_isany(0, &pcb->local_ip)) ||
+            ip_addr_cmp(ipX_2_ip(&pcb->local_ip), ip_current_dest_addr()) ||
+#if LWIP_IGMP
+            ip_addr_ismulticast(ip_current_dest_addr()) ||
+#endif /* LWIP_IGMP */
+#if IP_SOF_BROADCAST_RECV
+            (broadcast && ip_get_option(pcb, SOF_BROADCAST) &&
+             (ipX_addr_isany(0, &pcb->local_ip) ||
+              ip_addr_netcmp(ipX_2_ip(&pcb->local_ip), ip_current_dest_addr(), &inp->netmask))))))) {
+#else /* IP_SOF_BROADCAST_RECV */
+            (broadcast &&
+             (ipX_addr_isany(0, &pcb->local_ip) ||
+              ip_addr_netcmp(ipX_2_ip(&pcb->local_ip), ip_current_dest_addr(), &inp->netmask))))))) {
+#endif /* IP_SOF_BROADCAST_RECV */ 
+          local_match = 1;
+          if ((uncon_pcb == NULL) && 
+              ((pcb->flags & UDP_FLAGS_CONNECTED) == 0)) {
+            /* the first unconnected matching PCB */
+            uncon_pcb = pcb;
+          }
+        }
+      }
+      /* compare PCB remote addr+port to UDP source addr+port */
+      if ((local_match != 0) &&
+          (pcb->remote_port == src) && IP_PCB_IPVER_INPUT_MATCH(pcb) &&
+            (ipX_addr_isany(PCB_ISIPV6(pcb), &pcb->remote_ip) ||
+              ipX_addr_cmp(PCB_ISIPV6(pcb), &pcb->remote_ip, ipX_current_src_addr()))) {
+        /* the first fully matching PCB */
+        if (prev != NULL) {
+          /* move the pcb to the front of udp_pcbs so that is
+             found faster next time */
+          prev->next = pcb->next;
+          pcb->next = udp_pcbs;
+          udp_pcbs = pcb;
+        } else {
+          UDP_STATS_INC(udp.cachehit);
+        }
+        break;
+      }
+      prev = pcb;
+    }
+    /* no fully matching pcb found? then look for an unconnected pcb */
+    if (pcb == NULL) {
+      pcb = uncon_pcb;
+    }
+  }
+
+  /* Check checksum if this is a match or if it was directed at us. */
+  if (pcb != NULL) {
+    for_us = 1;
+  } else {
+#if LWIP_IPV6
+    if (ip_current_is_v6()) {
+      for_us = netif_matches_ip6_addr(inp, ip6_current_dest_addr());
+    } else
+#endif /* LWIP_IPV6 */
+    {
+      for_us = ip_addr_cmp(&inp->ip_addr, ip_current_dest_addr());
+    }
+  }
+  if (for_us) {
+    LWIP_DEBUGF(UDP_DEBUG | LWIP_DBG_TRACE, ("udp_input: calculating checksum\n"));
+#if CHECKSUM_CHECK_UDP
+#if LWIP_UDPLITE
+    if (ip_current_header_proto() == IP_PROTO_UDPLITE) {
+      /* Do the UDP Lite checksum */
+      u16_t chklen = ntohs(udphdr->len);
+      if (chklen < sizeof(struct udp_hdr)) {
+        if (chklen == 0) {
+          /* For UDP-Lite, checksum length of 0 means checksum
+             over the complete packet (See RFC 3828 chap. 3.1) */
+          chklen = p->tot_len;
+        } else {
+          /* At least the UDP-Lite header must be covered by the
+             checksum! (Again, see RFC 3828 chap. 3.1) */
+          goto chkerr;
+        }
+      }
+      if (ipX_chksum_pseudo_partial(ip_current_is_v6(), p, IP_PROTO_UDPLITE,
+                   p->tot_len, chklen,
+                   ipX_current_src_addr(), ipX_current_dest_addr()) != 0) {
+        goto chkerr;
+      }
+    } else
+#endif /* LWIP_UDPLITE */
+    {
+      if (udphdr->chksum != 0) {
+        if (ipX_chksum_pseudo(ip_current_is_v6(), p, IP_PROTO_UDP, p->tot_len,
+                              ipX_current_src_addr(),
+                              ipX_current_dest_addr()) != 0) {
+          goto chkerr;
+        }
+      }
+    }
+#endif /* CHECKSUM_CHECK_UDP */
+    if(pbuf_header(p, -UDP_HLEN)) {
+      /* Can we cope with this failing? Just assert for now */
+      LWIP_ASSERT("pbuf_header failed\n", 0);
+      UDP_STATS_INC(udp.drop);
+      snmp_inc_udpinerrors();
+      pbuf_free(p);
+      goto end;
+    }
+    if (pcb != NULL) {
+      snmp_inc_udpindatagrams();
+#if SO_REUSE && SO_REUSE_RXTOALL
+      if ((broadcast ||
+#if LWIP_IPV6
+          ip6_addr_ismulticast(ip6_current_dest_addr()) ||
+#endif /* LWIP_IPV6 */
+           ip_addr_ismulticast(ip_current_dest_addr())) &&
+          ip_get_option(pcb, SOF_REUSEADDR)) {
+        /* pass broadcast- or multicast packets to all multicast pcbs
+           if SOF_REUSEADDR is set on the first match */
+        struct udp_pcb *mpcb;
+        u8_t p_header_changed = 0;
+        s16_t hdrs_len = (s16_t)(ip_current_header_tot_len() + UDP_HLEN);
+        for (mpcb = udp_pcbs; mpcb != NULL; mpcb = mpcb->next) {
+          if (mpcb != pcb) {
+            /* compare PCB local addr+port to UDP destination addr+port */
+            if ((mpcb->local_port == dest) &&
+#if LWIP_IPV6
+                ((PCB_ISIPV6(mpcb) &&
+                  (ip6_addr_ismulticast(ip6_current_dest_addr()) ||
+                   ip6_addr_cmp(ipX_2_ip6(&mpcb->local_ip), ip6_current_dest_addr()))) ||
+                 (!PCB_ISIPV6(mpcb) &&
+#else /* LWIP_IPV6 */
+                ((
+#endif /* LWIP_IPV6 */
+                  ((!broadcast && ipX_addr_isany(0, &mpcb->local_ip)) ||
+                   ip_addr_cmp(ipX_2_ip(&mpcb->local_ip), ip_current_dest_addr()) ||
+#if LWIP_IGMP
+                   ip_addr_ismulticast(ip_current_dest_addr()) ||
+#endif /* LWIP_IGMP */
+#if IP_SOF_BROADCAST_RECV
+                   (broadcast && ip_get_option(mpcb, SOF_BROADCAST)))))) {
+#else  /* IP_SOF_BROADCAST_RECV */
+                   (broadcast))))) {
+#endif /* IP_SOF_BROADCAST_RECV */
+              /* pass a copy of the packet to all local matches */
+              if (mpcb->recv.ip4 != NULL) {
+                struct pbuf *q;
+                /* for that, move payload to IP header again */
+                if (p_header_changed == 0) {
+                  pbuf_header(p, hdrs_len);
+                  p_header_changed = 1;
+                }
+                q = pbuf_alloc(PBUF_RAW, p->tot_len, PBUF_RAM);
+                if (q != NULL) {
+                  err_t err = pbuf_copy(q, p);
+                  if (err == ERR_OK) {
+                    /* move payload to UDP data */
+                    pbuf_header(q, -hdrs_len);
+#if LWIP_IPV6
+                    if (PCB_ISIPV6(mpcb)) {
+                      mpcb->recv.ip6(mpcb->recv_arg, mpcb, q, ip6_current_src_addr(), src);
+                    }
+                    else
+#endif /* LWIP_IPV6 */
+                    {
+                      mpcb->recv.ip4(mpcb->recv_arg, mpcb, q, ip_current_src_addr(), src);
+                    }
+                  }
+                }
+              }
+            }
+          }
+        }
+        if (p_header_changed) {
+          /* and move payload to UDP data again */
+          pbuf_header(p, -hdrs_len);
+        }
+      }
+#endif /* SO_REUSE && SO_REUSE_RXTOALL */
+      /* callback */
+      if (pcb->recv.ip4 != NULL) {
+        /* now the recv function is responsible for freeing p */
+#if LWIP_IPV6
+        if (PCB_ISIPV6(pcb)) {
+          pcb->recv.ip6(pcb->recv_arg, pcb, p, ip6_current_src_addr(), src);
+        }
+        else
+#endif /* LWIP_IPV6 */
+        {
+          pcb->recv.ip4(pcb->recv_arg, pcb, p, ip_current_src_addr(), src);
+        }
+      } else {
+        /* no recv function registered? then we have to free the pbuf! */
+        pbuf_free(p);
+        goto end;
+      }
+    } else {
+      LWIP_DEBUGF(UDP_DEBUG | LWIP_DBG_TRACE, ("udp_input: not for us.\n"));
+
+#if LWIP_ICMP || LWIP_ICMP6
+      /* No match was found, send ICMP destination port unreachable unless
+         destination address was broadcast/multicast. */
+      if (!broadcast &&
+#if LWIP_IPV6
+          !ip6_addr_ismulticast(ip6_current_dest_addr()) &&
+#endif /* LWIP_IPV6 */
+          !ip_addr_ismulticast(ip_current_dest_addr())) {
+        /* move payload pointer back to ip header */
+        pbuf_header(p, ip_current_header_tot_len() + UDP_HLEN);
+        icmp_port_unreach(ip_current_is_v6(), p);
+      }
+#endif /* LWIP_ICMP || LWIP_ICMP6 */
+      UDP_STATS_INC(udp.proterr);
+      UDP_STATS_INC(udp.drop);
+      snmp_inc_udpnoports();
+      pbuf_free(p);
+    }
+  } else {
+    pbuf_free(p);
+  }
+end:
+  PERF_STOP("udp_input");
+  return;
+#if CHECKSUM_CHECK_UDP
+chkerr:
+  LWIP_DEBUGF(UDP_DEBUG | LWIP_DBG_LEVEL_SERIOUS,
+              ("udp_input: UDP (or UDP Lite) datagram discarded due to failing checksum\n"));
+  UDP_STATS_INC(udp.chkerr);
+  UDP_STATS_INC(udp.drop);
+  snmp_inc_udpinerrors();
+  pbuf_free(p);
+  PERF_STOP("udp_input");
+#endif /* CHECKSUM_CHECK_UDP */
+}
+
+/**
+ * Send data using UDP.
+ *
+ * @param pcb UDP PCB used to send the data.
+ * @param p chain of pbuf's to be sent.
+ *
+ * The datagram will be sent to the current remote_ip & remote_port
+ * stored in pcb. If the pcb is not bound to a port, it will
+ * automatically be bound to a random port.
+ *
+ * @return lwIP error code.
+ * - ERR_OK. Successful. No error occured.
+ * - ERR_MEM. Out of memory.
+ * - ERR_RTE. Could not find route to destination address.
+ * - More errors could be returned by lower protocol layers.
+ *
+ * @see udp_disconnect() udp_sendto()
+ */
+err_t
+udp_send(struct udp_pcb *pcb, struct pbuf *p)
+{
+  /* send to the packet using remote ip and port stored in the pcb */
+  return udp_sendto(pcb, p, ipX_2_ip(&pcb->remote_ip), pcb->remote_port);
+}
+
+#if LWIP_CHECKSUM_ON_COPY && CHECKSUM_GEN_UDP
+/** Same as udp_send() but with checksum
+ */
+err_t
+udp_send_chksum(struct udp_pcb *pcb, struct pbuf *p,
+                u8_t have_chksum, u16_t chksum)
+{
+  /* send to the packet using remote ip and port stored in the pcb */
+  return udp_sendto_chksum(pcb, p, ipX_2_ip(&pcb->remote_ip), pcb->remote_port,
+    have_chksum, chksum);
+}
+#endif /* LWIP_CHECKSUM_ON_COPY && CHECKSUM_GEN_UDP */
+
+/**
+ * Send data to a specified address using UDP.
+ *
+ * @param pcb UDP PCB used to send the data.
+ * @param p chain of pbuf's to be sent.
+ * @param dst_ip Destination IP address.
+ * @param dst_port Destination UDP port.
+ *
+ * dst_ip & dst_port are expected to be in the same byte order as in the pcb.
+ *
+ * If the PCB already has a remote address association, it will
+ * be restored after the data is sent.
+ * 
+ * @return lwIP error code (@see udp_send for possible error codes)
+ *
+ * @see udp_disconnect() udp_send()
+ */
+err_t
+udp_sendto(struct udp_pcb *pcb, struct pbuf *p,
+  ip_addr_t *dst_ip, u16_t dst_port)
+{
+#if LWIP_CHECKSUM_ON_COPY && CHECKSUM_GEN_UDP
+  return udp_sendto_chksum(pcb, p, dst_ip, dst_port, 0, 0);
+}
+
+/** Same as udp_sendto(), but with checksum */
+err_t
+udp_sendto_chksum(struct udp_pcb *pcb, struct pbuf *p, ip_addr_t *dst_ip,
+                  u16_t dst_port, u8_t have_chksum, u16_t chksum)
+{
+#endif /* LWIP_CHECKSUM_ON_COPY && CHECKSUM_GEN_UDP */
+  struct netif *netif;
+  ipX_addr_t *dst_ip_route = ip_2_ipX(dst_ip);
+
+  LWIP_DEBUGF(UDP_DEBUG | LWIP_DBG_TRACE, ("udp_send\n"));
+
+#if LWIP_IPV6 || LWIP_IGMP
+  if (ipX_addr_ismulticast(PCB_ISIPV6(pcb), dst_ip_route)) {
+    /* For multicast, find a netif based on source address. */
+#if LWIP_IPV6
+    if (PCB_ISIPV6(pcb)) {
+      dst_ip_route = &pcb->local_ip;
+    } else
+#endif /* LWIP_IPV6 */
+    {
+#if LWIP_IGMP
+      dst_ip_route = ip_2_ipX(&pcb->multicast_ip);
+#endif /* LWIP_IGMP */
+    }
+  }
+#endif /* LWIP_IPV6 || LWIP_IGMP */
+
+  /* find the outgoing network interface for this packet */
+  netif = ipX_route(PCB_ISIPV6(pcb), &pcb->local_ip, dst_ip_route);
+
+  /* no outgoing network interface could be found? */
+  if (netif == NULL) {
+    LWIP_DEBUGF(UDP_DEBUG | LWIP_DBG_LEVEL_SERIOUS, ("udp_send: No route to "));
+    ipX_addr_debug_print(PCB_ISIPV6(pcb), UDP_DEBUG | LWIP_DBG_LEVEL_SERIOUS, ip_2_ipX(dst_ip));
+    LWIP_DEBUGF(UDP_DEBUG, ("\n"));
+    UDP_STATS_INC(udp.rterr);
+    return ERR_RTE;
+  }
+#if LWIP_CHECKSUM_ON_COPY && CHECKSUM_GEN_UDP
+  return udp_sendto_if_chksum(pcb, p, dst_ip, dst_port, netif, have_chksum, chksum);
+#else /* LWIP_CHECKSUM_ON_COPY && CHECKSUM_GEN_UDP */
+  return udp_sendto_if(pcb, p, dst_ip, dst_port, netif);
+#endif /* LWIP_CHECKSUM_ON_COPY && CHECKSUM_GEN_UDP */
+}
+
+/**
+ * Send data to a specified address using UDP.
+ * The netif used for sending can be specified.
+ *
+ * This function exists mainly for DHCP, to be able to send UDP packets
+ * on a netif that is still down.
+ *
+ * @param pcb UDP PCB used to send the data.
+ * @param p chain of pbuf's to be sent.
+ * @param dst_ip Destination IP address.
+ * @param dst_port Destination UDP port.
+ * @param netif the netif used for sending.
+ *
+ * dst_ip & dst_port are expected to be in the same byte order as in the pcb.
+ *
+ * @return lwIP error code (@see udp_send for possible error codes)
+ *
+ * @see udp_disconnect() udp_send()
+ */
+err_t
+udp_sendto_if(struct udp_pcb *pcb, struct pbuf *p,
+  ip_addr_t *dst_ip, u16_t dst_port, struct netif *netif)
+{
+#if LWIP_CHECKSUM_ON_COPY && CHECKSUM_GEN_UDP
+  return udp_sendto_if_chksum(pcb, p, dst_ip, dst_port, netif, 0, 0);
+}
+
+/** Same as udp_sendto_if(), but with checksum */
+err_t
+udp_sendto_if_chksum(struct udp_pcb *pcb, struct pbuf *p, ip_addr_t *dst_ip,
+                     u16_t dst_port, struct netif *netif, u8_t have_chksum,
+                     u16_t chksum)
+{
+#endif /* LWIP_CHECKSUM_ON_COPY && CHECKSUM_GEN_UDP */
+  struct udp_hdr *udphdr;
+  ip_addr_t *src_ip;
+  err_t err;
+  struct pbuf *q; /* q will be sent down the stack */
+  u8_t ip_proto;
+
+#if IP_SOF_BROADCAST
+  /* broadcast filter? */
+  if (!ip_get_option(pcb, SOF_BROADCAST) &&
+#if LWIP_IPV6
+      !PCB_ISIPV6(pcb) &&
+#endif /* LWIP_IPV6 */
+      ip_addr_isbroadcast(dst_ip, netif) ) {
+    LWIP_DEBUGF(UDP_DEBUG | LWIP_DBG_LEVEL_SERIOUS,
+      ("udp_sendto_if: SOF_BROADCAST not enabled on pcb %p\n", (void *)pcb));
+    return ERR_VAL;
+  }
+#endif /* IP_SOF_BROADCAST */
+
+  /* if the PCB is not yet bound to a port, bind it here */
+  if (pcb->local_port == 0) {
+    LWIP_DEBUGF(UDP_DEBUG | LWIP_DBG_TRACE, ("udp_send: not yet bound to a port, binding now\n"));
+    err = udp_bind(pcb, ipX_2_ip(&pcb->local_ip), pcb->local_port);
+    if (err != ERR_OK) {
+      LWIP_DEBUGF(UDP_DEBUG | LWIP_DBG_TRACE | LWIP_DBG_LEVEL_SERIOUS, ("udp_send: forced port bind failed\n"));
+      return err;
+    }
+  }
+
+  /* not enough space to add an UDP header to first pbuf in given p chain? */
+  if (pbuf_header(p, UDP_HLEN)) {
+    /* allocate header in a separate new pbuf */
+    q = pbuf_alloc(PBUF_IP, UDP_HLEN, PBUF_RAM);
+    /* new header pbuf could not be allocated? */
+    if (q == NULL) {
+      LWIP_DEBUGF(UDP_DEBUG | LWIP_DBG_TRACE | LWIP_DBG_LEVEL_SERIOUS, ("udp_send: could not allocate header\n"));
+      return ERR_MEM;
+    }
+    if (p->tot_len != 0) {
+      /* chain header q in front of given pbuf p (only if p contains data) */
+      pbuf_chain(q, p);
+    }
+    /* first pbuf q points to header pbuf */
+    LWIP_DEBUGF(UDP_DEBUG,
+                ("udp_send: added header pbuf %p before given pbuf %p\n", (void *)q, (void *)p));
+  } else {
+    /* adding space for header within p succeeded */
+    /* first pbuf q equals given pbuf */
+    q = p;
+    LWIP_DEBUGF(UDP_DEBUG, ("udp_send: added header in given pbuf %p\n", (void *)p));
+  }
+  LWIP_ASSERT("check that first pbuf can hold struct udp_hdr",
+              (q->len >= sizeof(struct udp_hdr)));
+  /* q now represents the packet to be sent */
+  udphdr = (struct udp_hdr *)q->payload;
+  udphdr->src = htons(pcb->local_port);
+  udphdr->dest = htons(dst_port);
+  /* in UDP, 0 checksum means 'no checksum' */
+  udphdr->chksum = 0x0000; 
+
+  /* Multicast Loop? */
+#if LWIP_IGMP
+  if (((pcb->flags & UDP_FLAGS_MULTICAST_LOOP) != 0) &&
+#if LWIP_IPV6
+      (
+#if LWIP_IPV6_MLD
+       (PCB_ISIPV6(pcb) &&
+        ip6_addr_ismulticast(ip_2_ip6(dst_ip))) ||
+#endif /* LWIP_IPV6_MLD */
+       (!PCB_ISIPV6(pcb) &&
+#else /* LWIP_IPV6 */
+      ((
+#endif /* LWIP_IPV6 */
+        ip_addr_ismulticast(dst_ip)))) {
+    q->flags |= PBUF_FLAG_MCASTLOOP;
+  }
+#endif /* LWIP_IGMP */
+
+
+  /* PCB local address is IP_ANY_ADDR? */
+#if LWIP_IPV6
+  if (PCB_ISIPV6(pcb)) {
+    if (ip6_addr_isany(ipX_2_ip6(&pcb->local_ip))) {
+      src_ip = ip6_2_ip(ip6_select_source_address(netif, ip_2_ip6(dst_ip)));
+      if (src_ip == NULL) {
+        /* No suitable source address was found. */
+        if (q != p) {
+          /* free the header pbuf */
+          pbuf_free(q);
+          /* p is still referenced by the caller, and will live on */
+        }
+        return ERR_RTE;
+      }
+    } else {
+      /* use UDP PCB local IPv6 address as source address, if still valid. */
+      if (netif_matches_ip6_addr(netif, ipX_2_ip6(&pcb->local_ip)) < 0) {
+        /* Address isn't valid anymore. */
+        if (q != p) {
+          /* free the header pbuf */
+          pbuf_free(q);
+          /* p is still referenced by the caller, and will live on */
+        }
+        return ERR_RTE;
+      }
+      src_ip = ipX_2_ip(&pcb->local_ip);
+    }
+  }
+  else
+#endif /* LWIP_IPV6 */
+  if (ip_addr_isany(ipX_2_ip(&pcb->local_ip))) {
+    /* use outgoing network interface IP address as source address */
+    src_ip = &(netif->ip_addr);
+  } else {
+    /* check if UDP PCB local IP address is correct
+     * this could be an old address if netif->ip_addr has changed */
+    if (!ip_addr_cmp(ipX_2_ip(&(pcb->local_ip)), &(netif->ip_addr))) {
+      /* local_ip doesn't match, drop the packet */
+      if (q != p) {
+        /* free the header pbuf */
+        pbuf_free(q);
+        q = NULL;
+        /* p is still referenced by the caller, and will live on */
+      }
+      return ERR_VAL;
+    }
+    /* use UDP PCB local IP address as source address */
+    src_ip = ipX_2_ip(&(pcb->local_ip));
+  }
+
+  LWIP_DEBUGF(UDP_DEBUG, ("udp_send: sending datagram of length %"U16_F"\n", q->tot_len));
+
+#if LWIP_UDPLITE
+  /* UDP Lite protocol? */
+  if (pcb->flags & UDP_FLAGS_UDPLITE) {
+    u16_t chklen, chklen_hdr;
+    LWIP_DEBUGF(UDP_DEBUG, ("udp_send: UDP LITE packet length %"U16_F"\n", q->tot_len));
+    /* set UDP message length in UDP header */
+    chklen_hdr = chklen = pcb->chksum_len_tx;
+    if ((chklen < sizeof(struct udp_hdr)) || (chklen > q->tot_len)) {
+      if (chklen != 0) {
+        LWIP_DEBUGF(UDP_DEBUG, ("udp_send: UDP LITE pcb->chksum_len is illegal: %"U16_F"\n", chklen));
+      }
+      /* For UDP-Lite, checksum length of 0 means checksum
+         over the complete packet. (See RFC 3828 chap. 3.1)
+         At least the UDP-Lite header must be covered by the
+         checksum, therefore, if chksum_len has an illegal
+         value, we generate the checksum over the complete
+         packet to be safe. */
+      chklen_hdr = 0;
+      chklen = q->tot_len;
+    }
+    udphdr->len = htons(chklen_hdr);
+    /* calculate checksum */
+#if CHECKSUM_GEN_UDP
+#if LWIP_CHECKSUM_ON_COPY
+    if (have_chksum) {
+      chklen = UDP_HLEN;
+    }
+#endif /* LWIP_CHECKSUM_ON_COPY */
+    udphdr->chksum = ipX_chksum_pseudo_partial(PCB_ISIPV6(pcb), q, IP_PROTO_UDPLITE,
+      q->tot_len, chklen, ip_2_ipX(src_ip), ip_2_ipX(dst_ip));
+#if LWIP_CHECKSUM_ON_COPY
+    if (have_chksum) {
+      u32_t acc;
+      acc = udphdr->chksum + (u16_t)~(chksum);
+      udphdr->chksum = FOLD_U32T(acc);
+    }
+#endif /* LWIP_CHECKSUM_ON_COPY */
+
+    /* chksum zero must become 0xffff, as zero means 'no checksum' */
+    if (udphdr->chksum == 0x0000) {
+      udphdr->chksum = 0xffff;
+    }
+#endif /* CHECKSUM_GEN_UDP */
+
+    ip_proto = IP_PROTO_UDPLITE;
+  } else
+#endif /* LWIP_UDPLITE */
+  {      /* UDP */
+    LWIP_DEBUGF(UDP_DEBUG, ("udp_send: UDP packet length %"U16_F"\n", q->tot_len));
+    udphdr->len = htons(q->tot_len);
+    /* calculate checksum */
+#if CHECKSUM_GEN_UDP
+    /* Checksum is mandatory over IPv6. */
+    if (PCB_ISIPV6(pcb) || (pcb->flags & UDP_FLAGS_NOCHKSUM) == 0) {
+      u16_t udpchksum;
+#if LWIP_CHECKSUM_ON_COPY
+      if (have_chksum) {
+        u32_t acc;
+        udpchksum = ipX_chksum_pseudo_partial(PCB_ISIPV6(pcb), q, IP_PROTO_UDP,
+          q->tot_len, UDP_HLEN, ip_2_ipX(src_ip), ip_2_ipX(dst_ip));
+        acc = udpchksum + (u16_t)~(chksum);
+        udpchksum = FOLD_U32T(acc);
+      } else
+#endif /* LWIP_CHECKSUM_ON_COPY */
+      {
+        udpchksum = ipX_chksum_pseudo(PCB_ISIPV6(pcb), q, IP_PROTO_UDP, q->tot_len,
+          ip_2_ipX(src_ip), ip_2_ipX(dst_ip));
+      }
+
+      /* chksum zero must become 0xffff, as zero means 'no checksum' */
+      if (udpchksum == 0x0000) {
+        udpchksum = 0xffff;
+      }
+      udphdr->chksum = udpchksum;
+    }
+#endif /* CHECKSUM_GEN_UDP */
+    ip_proto = IP_PROTO_UDP;
+  }
+
+  LWIP_DEBUGF(UDP_DEBUG, ("udp_send: UDP checksum 0x%04"X16_F"\n", udphdr->chksum));
+  LWIP_DEBUGF(UDP_DEBUG, ("udp_send: ip_output_if (,,,,0x%02"X16_F",)\n", (u16_t)ip_proto));
+  /* output to IP */
+  NETIF_SET_HWADDRHINT(netif, &(pcb->addr_hint));
+  err = ipX_output_if(PCB_ISIPV6(pcb), q, src_ip, dst_ip, pcb->ttl, pcb->tos, ip_proto, netif);
+  NETIF_SET_HWADDRHINT(netif, NULL);
+
+  /* TODO: must this be increased even if error occured? */
+  snmp_inc_udpoutdatagrams();
+
+  /* did we chain a separate header pbuf earlier? */
+  if (q != p) {
+    /* free the header pbuf */
+    pbuf_free(q);
+    q = NULL;
+    /* p is still referenced by the caller, and will live on */
+  }
+
+  UDP_STATS_INC(udp.xmit);
+  return err;
+}
+
+/**
+ * Bind an UDP PCB.
+ *
+ * @param pcb UDP PCB to be bound with a local address ipaddr and port.
+ * @param ipaddr local IP address to bind with. Use IP_ADDR_ANY to
+ * bind to all local interfaces.
+ * @param port local UDP port to bind with. Use 0 to automatically bind
+ * to a random port between UDP_LOCAL_PORT_RANGE_START and
+ * UDP_LOCAL_PORT_RANGE_END.
+ *
+ * ipaddr & port are expected to be in the same byte order as in the pcb.
+ *
+ * @return lwIP error code.
+ * - ERR_OK. Successful. No error occured.
+ * - ERR_USE. The specified ipaddr and port are already bound to by
+ * another UDP PCB.
+ *
+ * @see udp_disconnect()
+ */
+err_t
+udp_bind(struct udp_pcb *pcb, ip_addr_t *ipaddr, u16_t port)
+{
+  struct udp_pcb *ipcb;
+  u8_t rebind;
+
+  LWIP_DEBUGF(UDP_DEBUG | LWIP_DBG_TRACE, ("udp_bind(ipaddr = "));
+  ipX_addr_debug_print(PCB_ISIPV6(pcb), UDP_DEBUG | LWIP_DBG_TRACE, ip_2_ipX(ipaddr));
+  LWIP_DEBUGF(UDP_DEBUG | LWIP_DBG_TRACE, (", port = %"U16_F")\n", port));
+
+  rebind = 0;
+  /* Check for double bind and rebind of the same pcb */
+  for (ipcb = udp_pcbs; ipcb != NULL; ipcb = ipcb->next) {
+    /* is this UDP PCB already on active list? */
+    if (pcb == ipcb) {
+      /* pcb may occur at most once in active list */
+      LWIP_ASSERT("rebind == 0", rebind == 0);
+      /* pcb already in list, just rebind */
+      rebind = 1;
+    }
+
+    /* By default, we don't allow to bind to a port that any other udp
+       PCB is alread bound to, unless *all* PCBs with that port have tha
+       REUSEADDR flag set. */
+#if SO_REUSE
+    else if (!ip_get_option(pcb, SOF_REUSEADDR) &&
+             !ip_get_option(ipcb, SOF_REUSEADDR)) {
+#else /* SO_REUSE */
+    /* port matches that of PCB in list and REUSEADDR not set -> reject */
+    else {
+#endif /* SO_REUSE */
+      if ((ipcb->local_port == port) && IP_PCB_IPVER_EQ(pcb, ipcb) &&
+          /* IP address matches, or one is IP_ADDR_ANY? */
+            (ipX_addr_isany(PCB_ISIPV6(ipcb), &(ipcb->local_ip)) ||
+             ipX_addr_isany(PCB_ISIPV6(ipcb), ip_2_ipX(ipaddr)) ||
+             ipX_addr_cmp(PCB_ISIPV6(ipcb), &(ipcb->local_ip), ip_2_ipX(ipaddr)))) {
+        /* other PCB already binds to this local IP and port */
+        LWIP_DEBUGF(UDP_DEBUG,
+                    ("udp_bind: local port %"U16_F" already bound by another pcb\n", port));
+        return ERR_USE;
+      }
+    }
+  }
+
+  ipX_addr_set_ipaddr(PCB_ISIPV6(pcb), &pcb->local_ip, ipaddr);
+
+  /* no port specified? */
+  if (port == 0) {
+    port = udp_new_port();
+    if (port == 0) {
+      /* no more ports available in local range */
+      LWIP_DEBUGF(UDP_DEBUG, ("udp_bind: out of free UDP ports\n"));
+      return ERR_USE;
+    }
+  }
+  pcb->local_port = port;
+  snmp_insert_udpidx_tree(pcb);
+  /* pcb not active yet? */
+  if (rebind == 0) {
+    /* place the PCB on the active list if not already there */
+    pcb->next = udp_pcbs;
+    udp_pcbs = pcb;
+  }
+  LWIP_DEBUGF(UDP_DEBUG | LWIP_DBG_TRACE | LWIP_DBG_STATE, ("udp_bind: bound to "));
+  ipX_addr_debug_print(PCB_ISIPV6(pcb), UDP_DEBUG | LWIP_DBG_TRACE | LWIP_DBG_STATE, &pcb->local_ip);
+  LWIP_DEBUGF(UDP_DEBUG | LWIP_DBG_TRACE | LWIP_DBG_STATE, (", port %"U16_F")\n", pcb->local_port));
+  return ERR_OK;
+}
+
+/**
+ * Connect an UDP PCB.
+ *
+ * This will associate the UDP PCB with the remote address.
+ *
+ * @param pcb UDP PCB to be connected with remote address ipaddr and port.
+ * @param ipaddr remote IP address to connect with.
+ * @param port remote UDP port to connect with.
+ *
+ * @return lwIP error code
+ *
+ * ipaddr & port are expected to be in the same byte order as in the pcb.
+ *
+ * The udp pcb is bound to a random local port if not already bound.
+ *
+ * @see udp_disconnect()
+ */
+err_t
+udp_connect(struct udp_pcb *pcb, ip_addr_t *ipaddr, u16_t port)
+{
+  struct udp_pcb *ipcb;
+
+  if (pcb->local_port == 0) {
+    err_t err = udp_bind(pcb, ipX_2_ip(&pcb->local_ip), pcb->local_port);
+    if (err != ERR_OK) {
+      return err;
+    }
+  }
+
+  ipX_addr_set_ipaddr(PCB_ISIPV6(pcb), &pcb->remote_ip, ipaddr);
+  pcb->remote_port = port;
+  pcb->flags |= UDP_FLAGS_CONNECTED;
+/** TODO: this functionality belongs in upper layers */
+#ifdef LWIP_UDP_TODO
+#if LWIP_IPV6
+  if (!PCB_ISIPV6(pcb))
+#endif /* LWIP_IPV6 */
+  {
+    /* Nail down local IP for netconn_addr()/getsockname() */
+    if (ip_addr_isany(ipX_2_ip(&pcb->local_ip)) && !ip_addr_isany(ipX_2_ip(&pcb->remote_ip))) {
+      struct netif *netif;
+
+      if ((netif = ip_route(ipX_2_ip(&pcb->remote_ip))) == NULL) {
+        LWIP_DEBUGF(UDP_DEBUG, ("udp_connect: No route to 0x%lx\n",
+                    ip4_addr_get_u32(ipX_2_ip(&pcb->remote_ip))));
+        UDP_STATS_INC(udp.rterr);
+        return ERR_RTE;
+      }
+      /** TODO: this will bind the udp pcb locally, to the interface which
+          is used to route output packets to the remote address. However, we
+          might want to accept incoming packets on any interface! */
+      ipX_addr_copy(0, pcb->local_ip, netif->ip_addr);
+    } else if (ip_addr_isany(ipX_2_ip(&pcb->remote_ip))) {
+      ipX_addr_set_any(0, &pcb->local_ip);
+    }
+  }
+#endif
+  LWIP_DEBUGF(UDP_DEBUG | LWIP_DBG_TRACE | LWIP_DBG_STATE, ("udp_connect: connected to "));
+  ipX_addr_debug_print(PCB_ISIPV6(pcb), UDP_DEBUG | LWIP_DBG_TRACE | LWIP_DBG_STATE,
+                       &pcb->remote_ip);
+  LWIP_DEBUGF(UDP_DEBUG | LWIP_DBG_TRACE | LWIP_DBG_STATE, (", port %"U16_F")\n", pcb->remote_port));
+
+  /* Insert UDP PCB into the list of active UDP PCBs. */
+  for (ipcb = udp_pcbs; ipcb != NULL; ipcb = ipcb->next) {
+    if (pcb == ipcb) {
+      /* already on the list, just return */
+      return ERR_OK;
+    }
+  }
+  /* PCB not yet on the list, add PCB now */
+  pcb->next = udp_pcbs;
+  udp_pcbs = pcb;
+  return ERR_OK;
+}
+
+/**
+ * Disconnect a UDP PCB
+ *
+ * @param pcb the udp pcb to disconnect.
+ */
+void
+udp_disconnect(struct udp_pcb *pcb)
+{
+  /* reset remote address association */
+  ipX_addr_set_any(PCB_ISIPV6(pcb), &pcb->remote_ip);
+  pcb->remote_port = 0;
+  /* mark PCB as unconnected */
+  pcb->flags &= ~UDP_FLAGS_CONNECTED;
+}
+
+/**
+ * Set a receive callback for a UDP PCB
+ *
+ * This callback will be called when receiving a datagram for the pcb.
+ *
+ * @param pcb the pcb for wich to set the recv callback
+ * @param recv function pointer of the callback function
+ * @param recv_arg additional argument to pass to the callback function
+ */
+void
+udp_recv(struct udp_pcb *pcb, udp_recv_fn recv, void *recv_arg)
+{
+  /* remember recv() callback and user data */
+  pcb->recv.ip4 = recv;
+  pcb->recv_arg = recv_arg;
+}
+
+/**
+ * Remove an UDP PCB.
+ *
+ * @param pcb UDP PCB to be removed. The PCB is removed from the list of
+ * UDP PCB's and the data structure is freed from memory.
+ *
+ * @see udp_new()
+ */
+void
+udp_remove(struct udp_pcb *pcb)
+{
+  struct udp_pcb *pcb2;
+
+  snmp_delete_udpidx_tree(pcb);
+  /* pcb to be removed is first in list? */
+  if (udp_pcbs == pcb) {
+    /* make list start at 2nd pcb */
+    udp_pcbs = udp_pcbs->next;
+    /* pcb not 1st in list */
+  } else {
+    for (pcb2 = udp_pcbs; pcb2 != NULL; pcb2 = pcb2->next) {
+      /* find pcb in udp_pcbs list */
+      if (pcb2->next != NULL && pcb2->next == pcb) {
+        /* remove pcb from list */
+        pcb2->next = pcb->next;
+      }
+    }
+  }
+  memp_free(MEMP_UDP_PCB, pcb);
+}
+
+/**
+ * Create a UDP PCB.
+ *
+ * @return The UDP PCB which was created. NULL if the PCB data structure
+ * could not be allocated.
+ *
+ * @see udp_remove()
+ */
+struct udp_pcb *
+udp_new(void)
+{
+  struct udp_pcb *pcb;
+  pcb = (struct udp_pcb *)memp_malloc(MEMP_UDP_PCB);
+  /* could allocate UDP PCB? */
+  if (pcb != NULL) {
+    /* UDP Lite: by initializing to all zeroes, chksum_len is set to 0
+     * which means checksum is generated over the whole datagram per default
+     * (recommended as default by RFC 3828). */
+    /* initialize PCB to all zeroes */
+    memset(pcb, 0, sizeof(struct udp_pcb));
+    pcb->ttl = UDP_TTL;
+  }
+  return pcb;
+}
+
+#if LWIP_IPV6
+/**
+ * Create a UDP PCB for IPv6.
+ *
+ * @return The UDP PCB which was created. NULL if the PCB data structure
+ * could not be allocated.
+ *
+ * @see udp_remove()
+ */
+struct udp_pcb *
+udp_new_ip6(void)
+{
+  struct udp_pcb *pcb;
+  pcb = udp_new();
+  ip_set_v6(pcb, 1);
+  return pcb;
+}
+#endif /* LWIP_IPV6 */
+
+#if UDP_DEBUG
+/**
+ * Print UDP header information for debug purposes.
+ *
+ * @param udphdr pointer to the udp header in memory.
+ */
+void
+udp_debug_print(struct udp_hdr *udphdr)
+{
+  LWIP_DEBUGF(UDP_DEBUG, ("UDP header:\n"));
+  LWIP_DEBUGF(UDP_DEBUG, ("+-------------------------------+\n"));
+  LWIP_DEBUGF(UDP_DEBUG, ("|     %5"U16_F"     |     %5"U16_F"     | (src port, dest port)\n",
+                          ntohs(udphdr->src), ntohs(udphdr->dest)));
+  LWIP_DEBUGF(UDP_DEBUG, ("+-------------------------------+\n"));
+  LWIP_DEBUGF(UDP_DEBUG, ("|     %5"U16_F"     |     0x%04"X16_F"    | (len, chksum)\n",
+                          ntohs(udphdr->len), ntohs(udphdr->chksum)));
+  LWIP_DEBUGF(UDP_DEBUG, ("+-------------------------------+\n"));
+}
+#endif /* UDP_DEBUG */
+
+#endif /* LWIP_UDP */
diff --git a/client/3rd/PacketProcessor/PacketProcessor/tun2socks-iOS/lwip/src/include/ipv4/lwip/autoip.h b/client/3rd/PacketProcessor/PacketProcessor/tun2socks-iOS/lwip/src/include/ipv4/lwip/autoip.h
new file mode 100644
index 00000000..e62b72e8
--- /dev/null
+++ b/client/3rd/PacketProcessor/PacketProcessor/tun2socks-iOS/lwip/src/include/ipv4/lwip/autoip.h
@@ -0,0 +1,118 @@
+/**
+ * @file
+ *
+ * AutoIP Automatic LinkLocal IP Configuration
+ */
+
+/*
+ *
+ * Copyright (c) 2007 Dominik Spies <kontakt@dspies.de>
+ * All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without modification,
+ * are permitted provided that the following conditions are met:
+ *
+ * 1. Redistributions of source code must retain the above copyright notice,
+ *    this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright notice,
+ *    this list of conditions and the following disclaimer in the documentation
+ *    and/or other materials provided with the distribution.
+ * 3. The name of the author may not be used to endorse or promote products
+ *    derived from this software without specific prior written permission.
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE AUTHOR ``AS IS'' AND ANY EXPRESS OR IMPLIED
+ * WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF
+ * MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT
+ * SHALL THE AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL,
+ * EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT
+ * OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS
+ * INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN
+ * CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING
+ * IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY
+ * OF SUCH DAMAGE.
+ *
+ * Author: Dominik Spies <kontakt@dspies.de>
+ *
+ * This is a AutoIP implementation for the lwIP TCP/IP stack. It aims to conform
+ * with RFC 3927.
+ *
+ *
+ * Please coordinate changes and requests with Dominik Spies
+ * <kontakt@dspies.de>
+ */
+ 
+#ifndef __LWIP_AUTOIP_H__
+#define __LWIP_AUTOIP_H__
+
+#include "lwip/opt.h"
+
+#if LWIP_AUTOIP /* don't build if not configured for use in lwipopts.h */
+
+#include "lwip/netif.h"
+#include "lwip/udp.h"
+#include "netif/etharp.h"
+
+#ifdef __cplusplus
+extern "C" {
+#endif
+
+/* AutoIP Timing */
+#define AUTOIP_TMR_INTERVAL      100
+#define AUTOIP_TICKS_PER_SECOND (1000 / AUTOIP_TMR_INTERVAL)
+
+/* RFC 3927 Constants */
+#define PROBE_WAIT               1   /* second   (initial random delay)                 */
+#define PROBE_MIN                1   /* second   (minimum delay till repeated probe)    */
+#define PROBE_MAX                2   /* seconds  (maximum delay till repeated probe)    */
+#define PROBE_NUM                3   /*          (number of probe packets)              */
+#define ANNOUNCE_NUM             2   /*          (number of announcement packets)       */
+#define ANNOUNCE_INTERVAL        2   /* seconds  (time between announcement packets)    */
+#define ANNOUNCE_WAIT            2   /* seconds  (delay before announcing)              */
+#define MAX_CONFLICTS            10  /*          (max conflicts before rate limiting)   */
+#define RATE_LIMIT_INTERVAL      60  /* seconds  (delay between successive attempts)    */
+#define DEFEND_INTERVAL          10  /* seconds  (min. wait between defensive ARPs)     */
+
+/* AutoIP client states */
+#define AUTOIP_STATE_OFF         0
+#define AUTOIP_STATE_PROBING     1
+#define AUTOIP_STATE_ANNOUNCING  2
+#define AUTOIP_STATE_BOUND       3
+
+struct autoip
+{
+  ip_addr_t llipaddr;       /* the currently selected, probed, announced or used LL IP-Address */
+  u8_t state;               /* current AutoIP state machine state */
+  u8_t sent_num;            /* sent number of probes or announces, dependent on state */
+  u16_t ttw;                /* ticks to wait, tick is AUTOIP_TMR_INTERVAL long */
+  u8_t lastconflict;        /* ticks until a conflict can be solved by defending */
+  u8_t tried_llipaddr;      /* total number of probed/used Link Local IP-Addresses */
+};
+
+
+#define autoip_init() /* Compatibility define, no init needed. */
+
+/** Set a struct autoip allocated by the application to work with */
+void autoip_set_struct(struct netif *netif, struct autoip *autoip);
+
+/** Start AutoIP client */
+err_t autoip_start(struct netif *netif);
+
+/** Stop AutoIP client */
+err_t autoip_stop(struct netif *netif);
+
+/** Handles every incoming ARP Packet, called by etharp_arp_input */
+void autoip_arp_reply(struct netif *netif, struct etharp_hdr *hdr);
+
+/** Has to be called in loop every AUTOIP_TMR_INTERVAL milliseconds */
+void autoip_tmr(void);
+
+/** Handle a possible change in the network configuration */
+void autoip_network_changed(struct netif *netif);
+
+#ifdef __cplusplus
+}
+#endif
+
+#endif /* LWIP_AUTOIP */
+
+#endif /* __LWIP_AUTOIP_H__ */
diff --git a/client/3rd/PacketProcessor/PacketProcessor/tun2socks-iOS/lwip/src/include/ipv4/lwip/icmp.h b/client/3rd/PacketProcessor/PacketProcessor/tun2socks-iOS/lwip/src/include/ipv4/lwip/icmp.h
new file mode 100644
index 00000000..fa893b6b
--- /dev/null
+++ b/client/3rd/PacketProcessor/PacketProcessor/tun2socks-iOS/lwip/src/include/ipv4/lwip/icmp.h
@@ -0,0 +1,125 @@
+/*
+ * Copyright (c) 2001-2004 Swedish Institute of Computer Science.
+ * All rights reserved. 
+ * 
+ * Redistribution and use in source and binary forms, with or without modification, 
+ * are permitted provided that the following conditions are met:
+ *
+ * 1. Redistributions of source code must retain the above copyright notice,
+ *    this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright notice,
+ *    this list of conditions and the following disclaimer in the documentation
+ *    and/or other materials provided with the distribution.
+ * 3. The name of the author may not be used to endorse or promote products
+ *    derived from this software without specific prior written permission. 
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE AUTHOR ``AS IS'' AND ANY EXPRESS OR IMPLIED 
+ * WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF 
+ * MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT 
+ * SHALL THE AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, 
+ * EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT 
+ * OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS 
+ * INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN 
+ * CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING 
+ * IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY 
+ * OF SUCH DAMAGE.
+ *
+ * This file is part of the lwIP TCP/IP stack.
+ * 
+ * Author: Adam Dunkels <adam@sics.se>
+ *
+ */
+#ifndef __LWIP_ICMP_H__
+#define __LWIP_ICMP_H__
+
+#include "lwip/opt.h"
+#include "lwip/pbuf.h"
+#include "lwip/ip_addr.h"
+#include "lwip/netif.h"
+
+#if LWIP_IPV6 && LWIP_ICMP6
+#include "lwip/icmp6.h"
+#endif
+
+#ifdef __cplusplus
+extern "C" {
+#endif
+
+#define ICMP_ER   0    /* echo reply */
+#define ICMP_DUR  3    /* destination unreachable */
+#define ICMP_SQ   4    /* source quench */
+#define ICMP_RD   5    /* redirect */
+#define ICMP_ECHO 8    /* echo */
+#define ICMP_TE  11    /* time exceeded */
+#define ICMP_PP  12    /* parameter problem */
+#define ICMP_TS  13    /* timestamp */
+#define ICMP_TSR 14    /* timestamp reply */
+#define ICMP_IRQ 15    /* information request */
+#define ICMP_IR  16    /* information reply */
+
+enum icmp_dur_type {
+  ICMP_DUR_NET   = 0,  /* net unreachable */
+  ICMP_DUR_HOST  = 1,  /* host unreachable */
+  ICMP_DUR_PROTO = 2,  /* protocol unreachable */
+  ICMP_DUR_PORT  = 3,  /* port unreachable */
+  ICMP_DUR_FRAG  = 4,  /* fragmentation needed and DF set */
+  ICMP_DUR_SR    = 5   /* source route failed */
+};
+
+enum icmp_te_type {
+  ICMP_TE_TTL  = 0,    /* time to live exceeded in transit */
+  ICMP_TE_FRAG = 1     /* fragment reassembly time exceeded */
+};
+
+#ifdef PACK_STRUCT_USE_INCLUDES
+#  include "arch/bpstruct.h"
+#endif
+/** This is the standard ICMP header only that the u32_t data
+ *  is splitted to two u16_t like ICMP echo needs it.
+ *  This header is also used for other ICMP types that do not
+ *  use the data part.
+ */
+PACK_STRUCT_BEGIN
+struct icmp_echo_hdr {
+  PACK_STRUCT_FIELD(u8_t type);
+  PACK_STRUCT_FIELD(u8_t code);
+  PACK_STRUCT_FIELD(u16_t chksum);
+  PACK_STRUCT_FIELD(u16_t id);
+  PACK_STRUCT_FIELD(u16_t seqno);
+} PACK_STRUCT_STRUCT;
+PACK_STRUCT_END
+#ifdef PACK_STRUCT_USE_INCLUDES
+#  include "arch/epstruct.h"
+#endif
+
+#define ICMPH_TYPE(hdr) ((hdr)->type)
+#define ICMPH_CODE(hdr) ((hdr)->code)
+
+/** Combines type and code to an u16_t */
+#define ICMPH_TYPE_SET(hdr, t) ((hdr)->type = (t))
+#define ICMPH_CODE_SET(hdr, c) ((hdr)->code = (c))
+
+
+#if LWIP_ICMP /* don't build if not configured for use in lwipopts.h */
+
+void icmp_input(struct pbuf *p, struct netif *inp);
+void icmp_dest_unreach(struct pbuf *p, enum icmp_dur_type t);
+void icmp_time_exceeded(struct pbuf *p, enum icmp_te_type t);
+
+#endif /* LWIP_ICMP */
+
+#if (LWIP_IPV6 && LWIP_ICMP6)
+#define icmp_port_unreach(isipv6, pbuf) ((isipv6) ? \
+                                         icmp6_dest_unreach(pbuf, ICMP6_DUR_PORT) : \
+                                         icmp_dest_unreach(pbuf, ICMP_DUR_PORT))
+#elif LWIP_ICMP
+#define icmp_port_unreach(isipv6, pbuf) icmp_dest_unreach(pbuf, ICMP_DUR_PORT)
+#else /* (LWIP_IPV6 && LWIP_ICMP6) || LWIP_ICMP*/
+#define icmp_port_unreach(isipv6, pbuf)
+#endif /* (LWIP_IPV6 && LWIP_ICMP6) || LWIP_ICMP*/
+
+#ifdef __cplusplus
+}
+#endif
+
+#endif /* __LWIP_ICMP_H__ */
diff --git a/client/3rd/PacketProcessor/PacketProcessor/tun2socks-iOS/lwip/src/include/ipv4/lwip/igmp.h b/client/3rd/PacketProcessor/PacketProcessor/tun2socks-iOS/lwip/src/include/ipv4/lwip/igmp.h
new file mode 100644
index 00000000..8aabac24
--- /dev/null
+++ b/client/3rd/PacketProcessor/PacketProcessor/tun2socks-iOS/lwip/src/include/ipv4/lwip/igmp.h
@@ -0,0 +1,106 @@
+/*
+ * Copyright (c) 2002 CITEL Technologies Ltd.
+ * All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without 
+ * modification, are permitted provided that the following conditions 
+ * are met: 
+ * 1. Redistributions of source code must retain the above copyright 
+ *    notice, this list of conditions and the following disclaimer. 
+ * 2. Redistributions in binary form must reproduce the above copyright 
+ *    notice, this list of conditions and the following disclaimer in the 
+ *    documentation and/or other materials provided with the distribution. 
+ * 3. Neither the name of CITEL Technologies Ltd nor the names of its contributors 
+ *    may be used to endorse or promote products derived from this software 
+ *    without specific prior written permission. 
+ *
+ * THIS SOFTWARE IS PROVIDED BY CITEL TECHNOLOGIES AND CONTRIBUTORS ``AS IS''
+ * AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE 
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE 
+ * ARE DISCLAIMED.  IN NO EVENT SHALL CITEL TECHNOLOGIES OR CONTRIBUTORS BE LIABLE 
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL 
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS 
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) 
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT 
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY 
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF 
+ * SUCH DAMAGE. 
+ *
+ * This file is a contribution to the lwIP TCP/IP stack.
+ * The Swedish Institute of Computer Science and Adam Dunkels
+ * are specifically granted permission to redistribute this
+ * source code.
+*/
+
+#ifndef __LWIP_IGMP_H__
+#define __LWIP_IGMP_H__
+
+#include "lwip/opt.h"
+#include "lwip/ip_addr.h"
+#include "lwip/netif.h"
+#include "lwip/pbuf.h"
+
+#if LWIP_IGMP /* don't build if not configured for use in lwipopts.h */
+
+#ifdef __cplusplus
+extern "C" {
+#endif
+
+
+/* IGMP timer */
+#define IGMP_TMR_INTERVAL              100 /* Milliseconds */
+#define IGMP_V1_DELAYING_MEMBER_TMR   (1000/IGMP_TMR_INTERVAL)
+#define IGMP_JOIN_DELAYING_MEMBER_TMR (500 /IGMP_TMR_INTERVAL)
+
+/* MAC Filter Actions, these are passed to a netif's
+ * igmp_mac_filter callback function. */
+#define IGMP_DEL_MAC_FILTER            0
+#define IGMP_ADD_MAC_FILTER            1
+
+
+/**
+ * igmp group structure - there is
+ * a list of groups for each interface
+ * these should really be linked from the interface, but
+ * if we keep them separate we will not affect the lwip original code
+ * too much
+ * 
+ * There will be a group for the all systems group address but this 
+ * will not run the state machine as it is used to kick off reports
+ * from all the other groups
+ */
+struct igmp_group {
+  /** next link */
+  struct igmp_group *next;
+  /** interface on which the group is active */
+  struct netif      *netif;
+  /** multicast address */
+  ip_addr_t          group_address;
+  /** signifies we were the last person to report */
+  u8_t               last_reporter_flag;
+  /** current state of the group */
+  u8_t               group_state;
+  /** timer for reporting, negative is OFF */
+  u16_t              timer;
+  /** counter of simultaneous uses */
+  u8_t               use;
+};
+
+/*  Prototypes */
+void   igmp_init(void);
+err_t  igmp_start(struct netif *netif);
+err_t  igmp_stop(struct netif *netif);
+void   igmp_report_groups(struct netif *netif);
+struct igmp_group *igmp_lookfor_group(struct netif *ifp, ip_addr_t *addr);
+void   igmp_input(struct pbuf *p, struct netif *inp, ip_addr_t *dest);
+err_t  igmp_joingroup(ip_addr_t *ifaddr, ip_addr_t *groupaddr);
+err_t  igmp_leavegroup(ip_addr_t *ifaddr, ip_addr_t *groupaddr);
+void   igmp_tmr(void);
+
+#ifdef __cplusplus
+}
+#endif
+
+#endif /* LWIP_IGMP */
+
+#endif /* __LWIP_IGMP_H__ */
diff --git a/client/3rd/PacketProcessor/PacketProcessor/tun2socks-iOS/lwip/src/include/ipv4/lwip/inet.h b/client/3rd/PacketProcessor/PacketProcessor/tun2socks-iOS/lwip/src/include/ipv4/lwip/inet.h
new file mode 100644
index 00000000..7bff49b5
--- /dev/null
+++ b/client/3rd/PacketProcessor/PacketProcessor/tun2socks-iOS/lwip/src/include/ipv4/lwip/inet.h
@@ -0,0 +1,107 @@
+/*
+ * Copyright (c) 2001-2004 Swedish Institute of Computer Science.
+ * All rights reserved. 
+ * 
+ * Redistribution and use in source and binary forms, with or without modification, 
+ * are permitted provided that the following conditions are met:
+ *
+ * 1. Redistributions of source code must retain the above copyright notice,
+ *    this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright notice,
+ *    this list of conditions and the following disclaimer in the documentation
+ *    and/or other materials provided with the distribution.
+ * 3. The name of the author may not be used to endorse or promote products
+ *    derived from this software without specific prior written permission. 
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE AUTHOR ``AS IS'' AND ANY EXPRESS OR IMPLIED 
+ * WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF 
+ * MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT 
+ * SHALL THE AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, 
+ * EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT 
+ * OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS 
+ * INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN 
+ * CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING 
+ * IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY 
+ * OF SUCH DAMAGE.
+ *
+ * This file is part of the lwIP TCP/IP stack.
+ * 
+ * Author: Adam Dunkels <adam@sics.se>
+ *
+ */
+#ifndef __LWIP_INET_H__
+#define __LWIP_INET_H__
+
+#include "lwip/opt.h"
+#include "lwip/def.h"
+#include "lwip/ip_addr.h"
+
+#ifdef __cplusplus
+extern "C" {
+#endif
+
+/** For compatibility with BSD code */
+struct in_addr {
+  u32_t s_addr;
+};
+
+/** 255.255.255.255 */
+#define INADDR_NONE         IPADDR_NONE
+/** 127.0.0.1 */
+#define INADDR_LOOPBACK     IPADDR_LOOPBACK
+/** 0.0.0.0 */
+#define INADDR_ANY          IPADDR_ANY
+/** 255.255.255.255 */
+#define INADDR_BROADCAST    IPADDR_BROADCAST
+
+/* Definitions of the bits in an Internet address integer.
+
+   On subnets, host and network parts are found according to
+   the subnet mask, not these masks.  */
+#define IN_CLASSA(a)        IP_CLASSA(a)
+#define IN_CLASSA_NET       IP_CLASSA_NET
+#define IN_CLASSA_NSHIFT    IP_CLASSA_NSHIFT
+#define IN_CLASSA_HOST      IP_CLASSA_HOST
+#define IN_CLASSA_MAX       IP_CLASSA_MAX
+
+#define IN_CLASSB(b)        IP_CLASSB(b)
+#define IN_CLASSB_NET       IP_CLASSB_NET
+#define IN_CLASSB_NSHIFT    IP_CLASSB_NSHIFT
+#define IN_CLASSB_HOST      IP_CLASSB_HOST
+#define IN_CLASSB_MAX       IP_CLASSB_MAX
+
+#define IN_CLASSC(c)        IP_CLASSC(c)
+#define IN_CLASSC_NET       IP_CLASSC_NET
+#define IN_CLASSC_NSHIFT    IP_CLASSC_NSHIFT
+#define IN_CLASSC_HOST      IP_CLASSC_HOST
+#define IN_CLASSC_MAX       IP_CLASSC_MAX
+
+#define IN_CLASSD(d)        IP_CLASSD(d)
+#define IN_CLASSD_NET       IP_CLASSD_NET     /* These ones aren't really */
+#define IN_CLASSD_NSHIFT    IP_CLASSD_NSHIFT  /*   net and host fields, but */
+#define IN_CLASSD_HOST      IP_CLASSD_HOST    /*   routing needn't know. */
+#define IN_CLASSD_MAX       IP_CLASSD_MAX
+
+#define IN_MULTICAST(a)     IP_MULTICAST(a)
+
+#define IN_EXPERIMENTAL(a)  IP_EXPERIMENTAL(a)
+#define IN_BADCLASS(a)      IP_BADCLASS(a)
+
+#define IN_LOOPBACKNET      IP_LOOPBACKNET
+
+#define inet_addr_from_ipaddr(target_inaddr, source_ipaddr) ((target_inaddr)->s_addr = ip4_addr_get_u32(source_ipaddr))
+#define inet_addr_to_ipaddr(target_ipaddr, source_inaddr)   (ip4_addr_set_u32(target_ipaddr, (source_inaddr)->s_addr))
+/* ATTENTION: the next define only works because both s_addr and ip_addr_t are an u32_t effectively! */
+#define inet_addr_to_ipaddr_p(target_ipaddr_p, source_inaddr)   ((target_ipaddr_p) = (ip_addr_t*)&((source_inaddr)->s_addr))
+
+/* directly map this to the lwip internal functions */
+#define inet_addr(cp)         ipaddr_addr(cp)
+#define inet_aton(cp, addr)   ipaddr_aton(cp, (ip_addr_t*)addr)
+#define inet_ntoa(addr)       ipaddr_ntoa((ip_addr_t*)&(addr))
+#define inet_ntoa_r(addr, buf, buflen) ipaddr_ntoa_r((ip_addr_t*)&(addr), buf, buflen)
+
+#ifdef __cplusplus
+}
+#endif
+
+#endif /* __LWIP_INET_H__ */
diff --git a/client/3rd/PacketProcessor/PacketProcessor/tun2socks-iOS/lwip/src/include/ipv4/lwip/ip4.h b/client/3rd/PacketProcessor/PacketProcessor/tun2socks-iOS/lwip/src/include/ipv4/lwip/ip4.h
new file mode 100644
index 00000000..04b5b8a6
--- /dev/null
+++ b/client/3rd/PacketProcessor/PacketProcessor/tun2socks-iOS/lwip/src/include/ipv4/lwip/ip4.h
@@ -0,0 +1,146 @@
+/*
+ * Copyright (c) 2001-2004 Swedish Institute of Computer Science.
+ * All rights reserved. 
+ * 
+ * Redistribution and use in source and binary forms, with or without modification, 
+ * are permitted provided that the following conditions are met:
+ *
+ * 1. Redistributions of source code must retain the above copyright notice,
+ *    this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright notice,
+ *    this list of conditions and the following disclaimer in the documentation
+ *    and/or other materials provided with the distribution.
+ * 3. The name of the author may not be used to endorse or promote products
+ *    derived from this software without specific prior written permission. 
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE AUTHOR ``AS IS'' AND ANY EXPRESS OR IMPLIED 
+ * WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF 
+ * MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT 
+ * SHALL THE AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, 
+ * EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT 
+ * OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS 
+ * INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN 
+ * CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING 
+ * IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY 
+ * OF SUCH DAMAGE.
+ *
+ * This file is part of the lwIP TCP/IP stack.
+ * 
+ * Author: Adam Dunkels <adam@sics.se>
+ *
+ */
+#ifndef __LWIP_IP4_H__
+#define __LWIP_IP4_H__
+
+#include "lwip/opt.h"
+
+#include "lwip/def.h"
+#include "lwip/pbuf.h"
+#include "lwip/ip_addr.h"
+#include "lwip/ip6_addr.h"
+#include "lwip/err.h"
+#include "lwip/netif.h"
+
+#ifdef __cplusplus
+extern "C" {
+#endif
+
+/** Currently, the function ip_output_if_opt() is only used with IGMP */
+#define IP_OPTIONS_SEND   LWIP_IGMP
+
+#define IP_HLEN 20
+
+#define IP_PROTO_ICMP    1
+#define IP_PROTO_IGMP    2
+#define IP_PROTO_UDP     17
+#define IP_PROTO_UDPLITE 136
+#define IP_PROTO_TCP     6
+
+
+#ifdef PACK_STRUCT_USE_INCLUDES
+#  include "arch/bpstruct.h"
+#endif
+PACK_STRUCT_BEGIN
+struct ip_hdr {
+  /* version / header length */
+  PACK_STRUCT_FIELD(u8_t _v_hl);
+  /* type of service */
+  PACK_STRUCT_FIELD(u8_t _tos);
+  /* total length */
+  PACK_STRUCT_FIELD(u16_t _len);
+  /* identification */
+  PACK_STRUCT_FIELD(u16_t _id);
+  /* fragment offset field */
+  PACK_STRUCT_FIELD(u16_t _offset);
+#define IP_RF 0x8000U        /* reserved fragment flag */
+#define IP_DF 0x4000U        /* dont fragment flag */
+#define IP_MF 0x2000U        /* more fragments flag */
+#define IP_OFFMASK 0x1fffU   /* mask for fragmenting bits */
+  /* time to live */
+  PACK_STRUCT_FIELD(u8_t _ttl);
+  /* protocol*/
+  PACK_STRUCT_FIELD(u8_t _proto);
+  /* checksum */
+  PACK_STRUCT_FIELD(u16_t _chksum);
+  /* source and destination IP addresses */
+  PACK_STRUCT_FIELD(ip_addr_p_t src);
+  PACK_STRUCT_FIELD(ip_addr_p_t dest); 
+} PACK_STRUCT_STRUCT;
+PACK_STRUCT_END
+#ifdef PACK_STRUCT_USE_INCLUDES
+#  include "arch/epstruct.h"
+#endif
+
+#define IPH_V(hdr)  ((hdr)->_v_hl >> 4)
+#define IPH_HL(hdr) ((hdr)->_v_hl & 0x0f)
+#define IPH_TOS(hdr) ((hdr)->_tos)
+#define IPH_LEN(hdr) ((hdr)->_len)
+#define IPH_ID(hdr) ((hdr)->_id)
+#define IPH_OFFSET(hdr) ((hdr)->_offset)
+#define IPH_TTL(hdr) ((hdr)->_ttl)
+#define IPH_PROTO(hdr) ((hdr)->_proto)
+#define IPH_CHKSUM(hdr) ((hdr)->_chksum)
+
+#define IPH_VHL_SET(hdr, v, hl) (hdr)->_v_hl = (((v) << 4) | (hl))
+#define IPH_TOS_SET(hdr, tos) (hdr)->_tos = (tos)
+#define IPH_LEN_SET(hdr, len) (hdr)->_len = (len)
+#define IPH_ID_SET(hdr, id) (hdr)->_id = (id)
+#define IPH_OFFSET_SET(hdr, off) (hdr)->_offset = (off)
+#define IPH_TTL_SET(hdr, ttl) (hdr)->_ttl = (u8_t)(ttl)
+#define IPH_PROTO_SET(hdr, proto) (hdr)->_proto = (u8_t)(proto)
+#define IPH_CHKSUM_SET(hdr, chksum) (hdr)->_chksum = (chksum)
+
+
+#define ip_init() /* Compatibility define, no init needed. */
+struct netif *ip_route(ip_addr_t *dest);
+err_t ip_input(struct pbuf *p, struct netif *inp);
+err_t ip_output(struct pbuf *p, ip_addr_t *src, ip_addr_t *dest,
+       u8_t ttl, u8_t tos, u8_t proto);
+err_t ip_output_if(struct pbuf *p, ip_addr_t *src, ip_addr_t *dest,
+       u8_t ttl, u8_t tos, u8_t proto,
+       struct netif *netif);
+#if LWIP_NETIF_HWADDRHINT
+err_t ip_output_hinted(struct pbuf *p, ip_addr_t *src, ip_addr_t *dest,
+       u8_t ttl, u8_t tos, u8_t proto, u8_t *addr_hint);
+#endif /* LWIP_NETIF_HWADDRHINT */
+#if IP_OPTIONS_SEND
+err_t ip_output_if_opt(struct pbuf *p, ip_addr_t *src, ip_addr_t *dest,
+       u8_t ttl, u8_t tos, u8_t proto, struct netif *netif, void *ip_options,
+       u16_t optlen);
+#endif /* IP_OPTIONS_SEND */
+
+#define ip_netif_get_local_ipX(netif) (((netif) != NULL) ? ip_2_ipX(&((netif)->ip_addr)) : NULL)
+
+#if IP_DEBUG
+void ip_debug_print(struct pbuf *p);
+#else
+#define ip_debug_print(p)
+#endif /* IP_DEBUG */
+
+#ifdef __cplusplus
+}
+#endif
+
+#endif /* __LWIP_IP_H__ */
+
+
diff --git a/client/3rd/PacketProcessor/PacketProcessor/tun2socks-iOS/lwip/src/include/ipv4/lwip/ip4_addr.h b/client/3rd/PacketProcessor/PacketProcessor/tun2socks-iOS/lwip/src/include/ipv4/lwip/ip4_addr.h
new file mode 100644
index 00000000..b05ae537
--- /dev/null
+++ b/client/3rd/PacketProcessor/PacketProcessor/tun2socks-iOS/lwip/src/include/ipv4/lwip/ip4_addr.h
@@ -0,0 +1,244 @@
+/*
+ * Copyright (c) 2001-2004 Swedish Institute of Computer Science.
+ * All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without modification,
+ * are permitted provided that the following conditions are met:
+ *
+ * 1. Redistributions of source code must retain the above copyright notice,
+ *    this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright notice,
+ *    this list of conditions and the following disclaimer in the documentation
+ *    and/or other materials provided with the distribution.
+ * 3. The name of the author may not be used to endorse or promote products
+ *    derived from this software without specific prior written permission.
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE AUTHOR ``AS IS'' AND ANY EXPRESS OR IMPLIED
+ * WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF
+ * MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT
+ * SHALL THE AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL,
+ * EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT
+ * OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS
+ * INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN
+ * CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING
+ * IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY
+ * OF SUCH DAMAGE.
+ *
+ * This file is part of the lwIP TCP/IP stack.
+ *
+ * Author: Adam Dunkels <adam@sics.se>
+ *
+ */
+#ifndef __LWIP_IP4_ADDR_H__
+#define __LWIP_IP4_ADDR_H__
+
+#include "lwip/opt.h"
+#include "lwip/def.h"
+
+#ifdef __cplusplus
+extern "C" {
+#endif
+
+/* This is the aligned version of ip_addr_t,
+   used as local variable, on the stack, etc. */
+struct ip_addr {
+  u32_t addr;
+};
+
+/* This is the packed version of ip_addr_t,
+   used in network headers that are itself packed */
+#ifdef PACK_STRUCT_USE_INCLUDES
+#  include "arch/bpstruct.h"
+#endif
+PACK_STRUCT_BEGIN
+struct ip_addr_packed {
+  PACK_STRUCT_FIELD(u32_t addr);
+} PACK_STRUCT_STRUCT;
+PACK_STRUCT_END
+#ifdef PACK_STRUCT_USE_INCLUDES
+#  include "arch/epstruct.h"
+#endif
+
+/** ip_addr_t uses a struct for convenience only, so that the same defines can
+ * operate both on ip_addr_t as well as on ip_addr_p_t. */
+typedef struct ip_addr ip_addr_t;
+typedef struct ip_addr_packed ip_addr_p_t;
+
+/*
+ * struct ipaddr2 is used in the definition of the ARP packet format in
+ * order to support compilers that don't have structure packing.
+ */
+#ifdef PACK_STRUCT_USE_INCLUDES
+#  include "arch/bpstruct.h"
+#endif
+PACK_STRUCT_BEGIN
+struct ip_addr2 {
+  PACK_STRUCT_FIELD(u16_t addrw[2]);
+} PACK_STRUCT_STRUCT;
+PACK_STRUCT_END
+#ifdef PACK_STRUCT_USE_INCLUDES
+#  include "arch/epstruct.h"
+#endif
+
+/* Forward declaration to not include netif.h */
+struct netif;
+
+extern const ip_addr_t ip_addr_any;
+extern const ip_addr_t ip_addr_broadcast;
+
+/** IP_ADDR_ can be used as a fixed IP address
+ *  for the wildcard and the broadcast address
+ */
+#define IP_ADDR_ANY         ((ip_addr_t *)&ip_addr_any)
+#define IP_ADDR_BROADCAST   ((ip_addr_t *)&ip_addr_broadcast)
+
+/** 255.255.255.255 */
+#define IPADDR_NONE         ((u32_t)0xffffffffUL)
+/** 127.0.0.1 */
+#define IPADDR_LOOPBACK     ((u32_t)0x7f000001UL)
+/** 0.0.0.0 */
+#define IPADDR_ANY          ((u32_t)0x00000000UL)
+/** 255.255.255.255 */
+#define IPADDR_BROADCAST    ((u32_t)0xffffffffUL)
+
+/* Definitions of the bits in an Internet address integer.
+
+   On subnets, host and network parts are found according to
+   the subnet mask, not these masks.  */
+#define IP_CLASSA(a)        ((((u32_t)(a)) & 0x80000000UL) == 0)
+#define IP_CLASSA_NET       0xff000000
+#define IP_CLASSA_NSHIFT    24
+#define IP_CLASSA_HOST      (0xffffffff & ~IP_CLASSA_NET)
+#define IP_CLASSA_MAX       128
+
+#define IP_CLASSB(a)        ((((u32_t)(a)) & 0xc0000000UL) == 0x80000000UL)
+#define IP_CLASSB_NET       0xffff0000
+#define IP_CLASSB_NSHIFT    16
+#define IP_CLASSB_HOST      (0xffffffff & ~IP_CLASSB_NET)
+#define IP_CLASSB_MAX       65536
+
+#define IP_CLASSC(a)        ((((u32_t)(a)) & 0xe0000000UL) == 0xc0000000UL)
+#define IP_CLASSC_NET       0xffffff00
+#define IP_CLASSC_NSHIFT    8
+#define IP_CLASSC_HOST      (0xffffffff & ~IP_CLASSC_NET)
+
+#define IP_CLASSD(a)        (((u32_t)(a) & 0xf0000000UL) == 0xe0000000UL)
+#define IP_CLASSD_NET       0xf0000000          /* These ones aren't really */
+#define IP_CLASSD_NSHIFT    28                  /*   net and host fields, but */
+#define IP_CLASSD_HOST      0x0fffffff          /*   routing needn't know. */
+#define IP_MULTICAST(a)     IP_CLASSD(a)
+
+#define IP_EXPERIMENTAL(a)  (((u32_t)(a) & 0xf0000000UL) == 0xf0000000UL)
+#define IP_BADCLASS(a)      (((u32_t)(a) & 0xf0000000UL) == 0xf0000000UL)
+
+#define IP_LOOPBACKNET      127                 /* official! */
+
+
+#if BYTE_ORDER == BIG_ENDIAN
+/** Set an IP address given by the four byte-parts */
+#define IP4_ADDR(ipaddr, a,b,c,d) \
+        (ipaddr)->addr = ((u32_t)((a) & 0xff) << 24) | \
+                         ((u32_t)((b) & 0xff) << 16) | \
+                         ((u32_t)((c) & 0xff) << 8)  | \
+                          (u32_t)((d) & 0xff)
+#else
+/** Set an IP address given by the four byte-parts.
+    Little-endian version that prevents the use of htonl. */
+#define IP4_ADDR(ipaddr, a,b,c,d) \
+        (ipaddr)->addr = ((u32_t)((d) & 0xff) << 24) | \
+                         ((u32_t)((c) & 0xff) << 16) | \
+                         ((u32_t)((b) & 0xff) << 8)  | \
+                          (u32_t)((a) & 0xff)
+#endif
+
+/** MEMCPY-like copying of IP addresses where addresses are known to be
+ * 16-bit-aligned if the port is correctly configured (so a port could define
+ * this to copying 2 u16_t's) - no NULL-pointer-checking needed. */
+#ifndef IPADDR2_COPY
+#define IPADDR2_COPY(dest, src) SMEMCPY(dest, src, sizeof(ip_addr_t))
+#endif
+
+/** Copy IP address - faster than ip_addr_set: no NULL check */
+#define ip_addr_copy(dest, src) ((dest).addr = (src).addr)
+/** Safely copy one IP address to another (src may be NULL) */
+#define ip_addr_set(dest, src) ((dest)->addr = \
+                                    ((src) == NULL ? 0 : \
+                                    (src)->addr))
+/** Set complete address to zero */
+#define ip_addr_set_zero(ipaddr)      ((ipaddr)->addr = 0)
+/** Set address to IPADDR_ANY (no need for htonl()) */
+#define ip_addr_set_any(ipaddr)       ((ipaddr)->addr = IPADDR_ANY)
+/** Set address to loopback address */
+#define ip_addr_set_loopback(ipaddr)  ((ipaddr)->addr = PP_HTONL(IPADDR_LOOPBACK))
+/** Safely copy one IP address to another and change byte order
+ * from host- to network-order. */
+#define ip_addr_set_hton(dest, src) ((dest)->addr = \
+                               ((src) == NULL ? 0:\
+                               htonl((src)->addr)))
+/** IPv4 only: set the IP address given as an u32_t */
+#define ip4_addr_set_u32(dest_ipaddr, src_u32) ((dest_ipaddr)->addr = (src_u32))
+/** IPv4 only: get the IP address as an u32_t */
+#define ip4_addr_get_u32(src_ipaddr) ((src_ipaddr)->addr)
+
+/** Get the network address by combining host address with netmask */
+#define ip_addr_get_network(target, host, netmask) ((target)->addr = ((host)->addr) & ((netmask)->addr))
+
+/**
+ * Determine if two address are on the same network.
+ *
+ * @arg addr1 IP address 1
+ * @arg addr2 IP address 2
+ * @arg mask network identifier mask
+ * @return !0 if the network identifiers of both address match
+ */
+#define ip_addr_netcmp(addr1, addr2, mask) (((addr1)->addr & \
+                                              (mask)->addr) == \
+                                             ((addr2)->addr & \
+                                              (mask)->addr))
+#define ip_addr_cmp(addr1, addr2) ((addr1)->addr == (addr2)->addr)
+
+#define ip_addr_isany(addr1) ((addr1) == NULL || (addr1)->addr == IPADDR_ANY)
+
+#define ip_addr_isbroadcast(ipaddr, netif) ip4_addr_isbroadcast((ipaddr)->addr, (netif))
+u8_t ip4_addr_isbroadcast(u32_t addr, const struct netif *netif);
+
+#define ip_addr_netmask_valid(netmask) ip4_addr_netmask_valid((netmask)->addr)
+u8_t ip4_addr_netmask_valid(u32_t netmask);
+
+#define ip_addr_ismulticast(addr1) (((addr1)->addr & PP_HTONL(0xf0000000UL)) == PP_HTONL(0xe0000000UL))
+
+#define ip_addr_islinklocal(addr1) (((addr1)->addr & PP_HTONL(0xffff0000UL)) == PP_HTONL(0xa9fe0000UL))
+
+#define ip_addr_debug_print(debug, ipaddr) \
+  LWIP_DEBUGF(debug, ("%"U16_F".%"U16_F".%"U16_F".%"U16_F,             \
+                      ipaddr != NULL ? ip4_addr1_16(ipaddr) : 0,       \
+                      ipaddr != NULL ? ip4_addr2_16(ipaddr) : 0,       \
+                      ipaddr != NULL ? ip4_addr3_16(ipaddr) : 0,       \
+                      ipaddr != NULL ? ip4_addr4_16(ipaddr) : 0))
+
+/* Get one byte from the 4-byte address */
+#define ip4_addr1(ipaddr) (((u8_t*)(ipaddr))[0])
+#define ip4_addr2(ipaddr) (((u8_t*)(ipaddr))[1])
+#define ip4_addr3(ipaddr) (((u8_t*)(ipaddr))[2])
+#define ip4_addr4(ipaddr) (((u8_t*)(ipaddr))[3])
+/* These are cast to u16_t, with the intent that they are often arguments
+ * to printf using the U16_F format from cc.h. */
+#define ip4_addr1_16(ipaddr) ((u16_t)ip4_addr1(ipaddr))
+#define ip4_addr2_16(ipaddr) ((u16_t)ip4_addr2(ipaddr))
+#define ip4_addr3_16(ipaddr) ((u16_t)ip4_addr3(ipaddr))
+#define ip4_addr4_16(ipaddr) ((u16_t)ip4_addr4(ipaddr))
+
+/** For backwards compatibility */
+#define ip_ntoa(ipaddr)  ipaddr_ntoa(ipaddr)
+
+u32_t ipaddr_addr(const char *cp);
+int ipaddr_aton(const char *cp, ip_addr_t *addr);
+/** returns ptr to static buffer; not reentrant! */
+char *ipaddr_ntoa(const ip_addr_t *addr);
+char *ipaddr_ntoa_r(const ip_addr_t *addr, char *buf, int buflen);
+
+#ifdef __cplusplus
+}
+#endif
+
+#endif /* __LWIP_IP_ADDR_H__ */
diff --git a/client/3rd/PacketProcessor/PacketProcessor/tun2socks-iOS/lwip/src/include/ipv4/lwip/ip_frag.h b/client/3rd/PacketProcessor/PacketProcessor/tun2socks-iOS/lwip/src/include/ipv4/lwip/ip_frag.h
new file mode 100644
index 00000000..47eca9f4
--- /dev/null
+++ b/client/3rd/PacketProcessor/PacketProcessor/tun2socks-iOS/lwip/src/include/ipv4/lwip/ip_frag.h
@@ -0,0 +1,91 @@
+/*
+ * Copyright (c) 2001-2004 Swedish Institute of Computer Science.
+ * All rights reserved. 
+ * 
+ * Redistribution and use in source and binary forms, with or without modification, 
+ * are permitted provided that the following conditions are met:
+ *
+ * 1. Redistributions of source code must retain the above copyright notice,
+ *    this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright notice,
+ *    this list of conditions and the following disclaimer in the documentation
+ *    and/or other materials provided with the distribution.
+ * 3. The name of the author may not be used to endorse or promote products
+ *    derived from this software without specific prior written permission. 
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE AUTHOR ``AS IS'' AND ANY EXPRESS OR IMPLIED 
+ * WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF 
+ * MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT 
+ * SHALL THE AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, 
+ * EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT 
+ * OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS 
+ * INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN 
+ * CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING 
+ * IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY 
+ * OF SUCH DAMAGE.
+ *
+ * This file is part of the lwIP TCP/IP stack.
+ * 
+ * Author: Jani Monoses <jani@iv.ro>
+ *
+ */
+
+#ifndef __LWIP_IP_FRAG_H__
+#define __LWIP_IP_FRAG_H__
+
+#include "lwip/opt.h"
+#include "lwip/err.h"
+#include "lwip/pbuf.h"
+#include "lwip/netif.h"
+#include "lwip/ip_addr.h"
+#include "lwip/ip.h"
+
+#ifdef __cplusplus
+extern "C" {
+#endif
+
+#if IP_REASSEMBLY
+/* The IP reassembly timer interval in milliseconds. */
+#define IP_TMR_INTERVAL 1000
+
+/* IP reassembly helper struct.
+ * This is exported because memp needs to know the size.
+ */
+struct ip_reassdata {
+  struct ip_reassdata *next;
+  struct pbuf *p;
+  struct ip_hdr iphdr;
+  u16_t datagram_len;
+  u8_t flags;
+  u8_t timer;
+};
+
+void ip_reass_init(void);
+void ip_reass_tmr(void);
+struct pbuf * ip_reass(struct pbuf *p);
+#endif /* IP_REASSEMBLY */
+
+#if IP_FRAG
+#if !IP_FRAG_USES_STATIC_BUF && !LWIP_NETIF_TX_SINGLE_PBUF
+/** A custom pbuf that holds a reference to another pbuf, which is freed
+ * when this custom pbuf is freed. This is used to create a custom PBUF_REF
+ * that points into the original pbuf. */
+#ifndef __LWIP_PBUF_CUSTOM_REF__
+#define __LWIP_PBUF_CUSTOM_REF__
+struct pbuf_custom_ref {
+  /** 'base class' */
+  struct pbuf_custom pc;
+  /** pointer to the original pbuf that is referenced */
+  struct pbuf *original;
+};
+#endif /* __LWIP_PBUF_CUSTOM_REF__ */
+#endif /* !IP_FRAG_USES_STATIC_BUF && !LWIP_NETIF_TX_SINGLE_PBUF */
+
+err_t ip_frag(struct pbuf *p, struct netif *netif, ip_addr_t *dest);
+#endif /* IP_FRAG */
+
+#ifdef __cplusplus
+}
+#endif
+
+#endif /* __LWIP_IP_FRAG_H__ */
diff --git a/client/3rd/PacketProcessor/PacketProcessor/tun2socks-iOS/lwip/src/include/ipv6/lwip/dhcp6.h b/client/3rd/PacketProcessor/PacketProcessor/tun2socks-iOS/lwip/src/include/ipv6/lwip/dhcp6.h
new file mode 100644
index 00000000..4b905c54
--- /dev/null
+++ b/client/3rd/PacketProcessor/PacketProcessor/tun2socks-iOS/lwip/src/include/ipv6/lwip/dhcp6.h
@@ -0,0 +1,58 @@
+/**
+ * @file
+ *
+ * IPv6 address autoconfiguration as per RFC 4862.
+ */
+
+/*
+ * Copyright (c) 2010 Inico Technologies Ltd.
+ * All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without modification,
+ * are permitted provided that the following conditions are met:
+ *
+ * 1. Redistributions of source code must retain the above copyright notice,
+ *    this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright notice,
+ *    this list of conditions and the following disclaimer in the documentation
+ *    and/or other materials provided with the distribution.
+ * 3. The name of the author may not be used to endorse or promote products
+ *    derived from this software without specific prior written permission.
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE AUTHOR ``AS IS'' AND ANY EXPRESS OR IMPLIED
+ * WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF
+ * MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT
+ * SHALL THE AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL,
+ * EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT
+ * OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS
+ * INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN
+ * CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING
+ * IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY
+ * OF SUCH DAMAGE.
+ *
+ * This file is part of the lwIP TCP/IP stack.
+ *
+ * Author: Ivan Delamer <delamer@inicotech.com>
+ *
+ * IPv6 address autoconfiguration as per RFC 4862.
+ *
+ * Please coordinate changes and requests with Ivan Delamer
+ * <delamer@inicotech.com>
+ */
+
+#ifndef __LWIP_IP6_DHCP6_H__
+#define __LWIP_IP6_DHCP6_H__
+
+#include "lwip/opt.h"
+
+#if LWIP_IPV6_DHCP6  /* don't build if not configured for use in lwipopts.h */
+
+
+struct dhcp6
+{
+  /*TODO: implement DHCP6*/
+};
+
+#endif /* LWIP_IPV6_DHCP6 */
+
+#endif /* __LWIP_IP6_DHCP6_H__ */
diff --git a/client/3rd/PacketProcessor/PacketProcessor/tun2socks-iOS/lwip/src/include/ipv6/lwip/ethip6.h b/client/3rd/PacketProcessor/PacketProcessor/tun2socks-iOS/lwip/src/include/ipv6/lwip/ethip6.h
new file mode 100644
index 00000000..e7f412b4
--- /dev/null
+++ b/client/3rd/PacketProcessor/PacketProcessor/tun2socks-iOS/lwip/src/include/ipv6/lwip/ethip6.h
@@ -0,0 +1,68 @@
+/**
+ * @file
+ *
+ * Ethernet output for IPv6. Uses ND tables for link-layer addressing.
+ */
+
+/*
+ * Copyright (c) 2010 Inico Technologies Ltd.
+ * All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without modification,
+ * are permitted provided that the following conditions are met:
+ *
+ * 1. Redistributions of source code must retain the above copyright notice,
+ *    this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright notice,
+ *    this list of conditions and the following disclaimer in the documentation
+ *    and/or other materials provided with the distribution.
+ * 3. The name of the author may not be used to endorse or promote products
+ *    derived from this software without specific prior written permission.
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE AUTHOR ``AS IS'' AND ANY EXPRESS OR IMPLIED
+ * WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF
+ * MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT
+ * SHALL THE AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL,
+ * EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT
+ * OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS
+ * INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN
+ * CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING
+ * IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY
+ * OF SUCH DAMAGE.
+ *
+ * This file is part of the lwIP TCP/IP stack.
+ *
+ * Author: Ivan Delamer <delamer@inicotech.com>
+ *
+ *
+ * Please coordinate changes and requests with Ivan Delamer
+ * <delamer@inicotech.com>
+ */
+
+#ifndef __LWIP_ETHIP6_H__
+#define __LWIP_ETHIP6_H__
+
+#include "lwip/opt.h"
+
+#if LWIP_IPV6 && LWIP_ETHERNET /* don't build if not configured for use in lwipopts.h */
+
+#include "lwip/pbuf.h"
+#include "lwip/ip6.h"
+#include "lwip/ip6_addr.h"
+#include "lwip/netif.h"
+
+
+#ifdef __cplusplus
+extern "C" {
+#endif
+
+
+err_t ethip6_output(struct netif *netif, struct pbuf *q, ip6_addr_t *ip6addr);
+
+#ifdef __cplusplus
+}
+#endif
+
+#endif /* LWIP_IPV6 && LWIP_ETHERNET */
+
+#endif /* __LWIP_ETHIP6_H__ */
diff --git a/client/3rd/PacketProcessor/PacketProcessor/tun2socks-iOS/lwip/src/include/ipv6/lwip/icmp6.h b/client/3rd/PacketProcessor/PacketProcessor/tun2socks-iOS/lwip/src/include/ipv6/lwip/icmp6.h
new file mode 100644
index 00000000..428f1a4d
--- /dev/null
+++ b/client/3rd/PacketProcessor/PacketProcessor/tun2socks-iOS/lwip/src/include/ipv6/lwip/icmp6.h
@@ -0,0 +1,152 @@
+/**
+ * @file
+ *
+ * IPv6 version of ICMP, as per RFC 4443.
+ */
+
+/*
+ * Copyright (c) 2010 Inico Technologies Ltd.
+ * All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without modification,
+ * are permitted provided that the following conditions are met:
+ *
+ * 1. Redistributions of source code must retain the above copyright notice,
+ *    this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright notice,
+ *    this list of conditions and the following disclaimer in the documentation
+ *    and/or other materials provided with the distribution.
+ * 3. The name of the author may not be used to endorse or promote products
+ *    derived from this software without specific prior written permission.
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE AUTHOR ``AS IS'' AND ANY EXPRESS OR IMPLIED
+ * WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF
+ * MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT
+ * SHALL THE AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL,
+ * EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT
+ * OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS
+ * INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN
+ * CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING
+ * IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY
+ * OF SUCH DAMAGE.
+ *
+ * This file is part of the lwIP TCP/IP stack.
+ *
+ * Author: Ivan Delamer <delamer@inicotech.com>
+ *
+ *
+ * Please coordinate changes and requests with Ivan Delamer
+ * <delamer@inicotech.com>
+ */
+#ifndef __LWIP_ICMP6_H__
+#define __LWIP_ICMP6_H__
+
+#include "lwip/opt.h"
+#include "lwip/pbuf.h"
+#include "lwip/ip6_addr.h"
+#include "lwip/netif.h"
+
+
+#ifdef __cplusplus
+extern "C" {
+#endif
+
+enum icmp6_type {
+  ICMP6_TYPE_DUR = 1,  /* Destination unreachable */
+  ICMP6_TYPE_PTB = 2,  /* Packet too big */
+  ICMP6_TYPE_TE = 3,   /* Time exceeded */
+  ICMP6_TYPE_PP = 4,   /* Parameter problem */
+  ICMP6_TYPE_PE1 = 100,  /* Private experimentation */
+  ICMP6_TYPE_PE2 = 101,  /* Private experimentation */
+  ICMP6_TYPE_RSV_ERR = 127,  /* Reserved for expansion of error messages */
+
+  ICMP6_TYPE_EREQ = 128,  /* Echo request */
+  ICMP6_TYPE_EREP = 129,  /* Echo reply */
+  ICMP6_TYPE_MLQ = 130,  /* Multicast listener query */
+  ICMP6_TYPE_MLR = 131,  /* Multicast listener report */
+  ICMP6_TYPE_MLD = 132,  /* Multicast listener done */
+  ICMP6_TYPE_RS = 133,  /* Router solicitation */
+  ICMP6_TYPE_RA = 134,  /* Router advertisement */
+  ICMP6_TYPE_NS = 135,  /* Neighbor solicitation */
+  ICMP6_TYPE_NA = 136,  /* Neighbor advertisement */
+  ICMP6_TYPE_RD = 137,  /* Redirect */
+  ICMP6_TYPE_MRA = 151,  /* Multicast router advertisement */
+  ICMP6_TYPE_MRS = 152,  /* Multicast router solicitation */
+  ICMP6_TYPE_MRT = 153,  /* Multicast router termination */
+  ICMP6_TYPE_PE3 = 200,  /* Private experimentation */
+  ICMP6_TYPE_PE4 = 201,  /* Private experimentation */
+  ICMP6_TYPE_RSV_INF = 255  /* Reserved for expansion of informational messages */
+};
+
+enum icmp6_dur_code {
+  ICMP6_DUR_NO_ROUTE = 0,     /* No route to destination */
+  ICMP6_DUR_PROHIBITED = 1,   /* Communication with destination administratively prohibited */
+  ICMP6_DUR_SCOPE = 2,        /* Beyond scope of source address */
+  ICMP6_DUR_ADDRESS = 3,      /* Address unreachable */
+  ICMP6_DUR_PORT = 4,         /* Port unreachable */
+  ICMP6_DUR_POLICY = 5,       /* Source address failed ingress/egress policy */
+  ICMP6_DUR_REJECT_ROUTE = 6  /* Reject route to destination */
+};
+
+enum icmp6_te_code {
+  ICMP6_TE_HL = 0,   /* Hop limit exceeded in transit */
+  ICMP6_TE_FRAG = 1  /* Fragment reassembly time exceeded */
+};
+
+enum icmp6_pp_code {
+  ICMP6_PP_FIELD = 0,   /* Erroneous header field encountered */
+  ICMP6_PP_HEADER = 1,  /* Unrecognized next header type encountered */
+  ICMP6_PP_OPTION = 2   /* Unrecognized IPv6 option encountered */
+};
+
+/** This is the standard ICMP6 header. */
+#ifdef PACK_STRUCT_USE_INCLUDES
+#  include "arch/bpstruct.h"
+#endif
+PACK_STRUCT_BEGIN
+struct pp_icmp6_hdr {
+  PACK_STRUCT_FIELD(u8_t type);
+  PACK_STRUCT_FIELD(u8_t code);
+  PACK_STRUCT_FIELD(u16_t chksum);
+  PACK_STRUCT_FIELD(u32_t data);
+} PACK_STRUCT_STRUCT;
+PACK_STRUCT_END
+#ifdef PACK_STRUCT_USE_INCLUDES
+#  include "arch/epstruct.h"
+#endif
+
+/** This is the ICMP6 header adapted for echo req/resp. */
+#ifdef PACK_STRUCT_USE_INCLUDES
+#  include "arch/bpstruct.h"
+#endif
+PACK_STRUCT_BEGIN
+struct icmp6_echo_hdr {
+  PACK_STRUCT_FIELD(u8_t type);
+  PACK_STRUCT_FIELD(u8_t code);
+  PACK_STRUCT_FIELD(u16_t chksum);
+  PACK_STRUCT_FIELD(u16_t id);
+  PACK_STRUCT_FIELD(u16_t seqno);
+} PACK_STRUCT_STRUCT;
+PACK_STRUCT_END
+#ifdef PACK_STRUCT_USE_INCLUDES
+#  include "arch/epstruct.h"
+#endif
+
+
+#if LWIP_ICMP6 && LWIP_IPV6 /* don't build if not configured for use in lwipopts.h */
+
+void icmp6_input(struct pbuf *p, struct netif *inp);
+void icmp6_dest_unreach(struct pbuf *p, enum icmp6_dur_code c);
+void icmp6_packet_too_big(struct pbuf *p, u32_t mtu);
+void icmp6_time_exceeded(struct pbuf *p, enum icmp6_te_code c);
+void icmp6_param_problem(struct pbuf *p, enum icmp6_pp_code c, u32_t pointer);
+
+#endif /* LWIP_ICMP6 && LWIP_IPV6 */
+
+
+#ifdef __cplusplus
+}
+#endif
+
+
+#endif /* __LWIP_ICMP6_H__ */
diff --git a/client/3rd/PacketProcessor/PacketProcessor/tun2socks-iOS/lwip/src/include/ipv6/lwip/inet6.h b/client/3rd/PacketProcessor/PacketProcessor/tun2socks-iOS/lwip/src/include/ipv6/lwip/inet6.h
new file mode 100644
index 00000000..dbf98df0
--- /dev/null
+++ b/client/3rd/PacketProcessor/PacketProcessor/tun2socks-iOS/lwip/src/include/ipv6/lwip/inet6.h
@@ -0,0 +1,92 @@
+/**
+ * @file
+ *
+ * INET v6 addresses.
+ */
+
+/*
+ * Copyright (c) 2010 Inico Technologies Ltd.
+ * All rights reserved. 
+ * 
+ * Redistribution and use in source and binary forms, with or without modification, 
+ * are permitted provided that the following conditions are met:
+ *
+ * 1. Redistributions of source code must retain the above copyright notice,
+ *    this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright notice,
+ *    this list of conditions and the following disclaimer in the documentation
+ *    and/or other materials provided with the distribution.
+ * 3. The name of the author may not be used to endorse or promote products
+ *    derived from this software without specific prior written permission. 
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE AUTHOR ``AS IS'' AND ANY EXPRESS OR IMPLIED 
+ * WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF 
+ * MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT 
+ * SHALL THE AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, 
+ * EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT 
+ * OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS 
+ * INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN 
+ * CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING 
+ * IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY 
+ * OF SUCH DAMAGE.
+ *
+ * This file is part of the lwIP TCP/IP stack.
+ * 
+ * Author: Ivan Delamer <delamer@inicotech.com>
+ *
+ *
+ * Please coordinate changes and requests with Ivan Delamer
+ * <delamer@inicotech.com>
+ */
+#ifndef __LWIP_INET6_H__
+#define __LWIP_INET6_H__
+
+#include "lwip/opt.h"
+
+#if LWIP_IPV6 && LWIP_SOCKET /* don't build if not configured for use in lwipopts.h */
+
+#include "lwip/ip6_addr.h"
+#include "lwip/def.h"
+
+#ifdef __cplusplus
+extern "C" {
+#endif
+
+/** For compatibility with BSD code */
+struct in6_addr {
+  union {
+    u8_t  u8_addr[16];
+    u32_t u32_addr[4];
+  } un;
+#define s6_addr  un.u32_addr
+};
+
+#define IN6ADDR_ANY_INIT {0,0,0,0}
+#define IN6ADDR_LOOPBACK_INIT {0,0,0,PP_HTONL(1)}
+
+
+#define inet6_addr_from_ip6addr(target_in6addr, source_ip6addr) {(target_in6addr)->un.u32_addr[0] = (source_ip6addr)->addr[0]; \
+                                                                 (target_in6addr)->un.u32_addr[1] = (source_ip6addr)->addr[1]; \
+                                                                 (target_in6addr)->un.u32_addr[2] = (source_ip6addr)->addr[2]; \
+                                                                 (target_in6addr)->un.u32_addr[3] = (source_ip6addr)->addr[3];}
+#define inet6_addr_to_ip6addr(target_ip6addr, source_in6addr)   {(target_ip6addr)->addr[0] = (source_in6addr)->un.u32_addr[0]; \
+                                                                 (target_ip6addr)->addr[1] = (source_in6addr)->un.u32_addr[1]; \
+                                                                 (target_ip6addr)->addr[2] = (source_in6addr)->un.u32_addr[2]; \
+                                                                 (target_ip6addr)->addr[3] = (source_in6addr)->un.u32_addr[3];}
+/* ATTENTION: the next define only works because both in6_addr and ip6_addr_t are an u32_t[4] effectively! */
+#define inet6_addr_to_ip6addr_p(target_ip6addr_p, source_in6addr)   ((target_ip6addr_p) = (ip6_addr_t*)(source_in6addr))
+
+/* directly map this to the lwip internal functions */
+#define inet6_aton(cp, addr)   ip6addr_aton(cp, (ip6_addr_t*)addr)
+#define inet6_ntoa(addr)       ip6addr_ntoa((ip6_addr_t*)&(addr))
+#define inet6_ntoa_r(addr, buf, buflen) ip6addr_ntoa_r((ip6_addr_t*)&(addr), buf, buflen)
+
+
+#ifdef __cplusplus
+}
+#endif
+
+#endif /* LWIP_IPV6 */
+
+#endif /* __LWIP_INET6_H__ */
+
diff --git a/client/3rd/PacketProcessor/PacketProcessor/tun2socks-iOS/lwip/src/include/ipv6/lwip/ip6.h b/client/3rd/PacketProcessor/PacketProcessor/tun2socks-iOS/lwip/src/include/ipv6/lwip/ip6.h
new file mode 100644
index 00000000..b199c95a
--- /dev/null
+++ b/client/3rd/PacketProcessor/PacketProcessor/tun2socks-iOS/lwip/src/include/ipv6/lwip/ip6.h
@@ -0,0 +1,197 @@
+/**
+ * @file
+ *
+ * IPv6 layer.
+ */
+
+/*
+ * Copyright (c) 2010 Inico Technologies Ltd.
+ * All rights reserved. 
+ * 
+ * Redistribution and use in source and binary forms, with or without modification, 
+ * are permitted provided that the following conditions are met:
+ *
+ * 1. Redistributions of source code must retain the above copyright notice,
+ *    this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright notice,
+ *    this list of conditions and the following disclaimer in the documentation
+ *    and/or other materials provided with the distribution.
+ * 3. The name of the author may not be used to endorse or promote products
+ *    derived from this software without specific prior written permission. 
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE AUTHOR ``AS IS'' AND ANY EXPRESS OR IMPLIED 
+ * WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF 
+ * MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT 
+ * SHALL THE AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, 
+ * EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT 
+ * OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS 
+ * INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN 
+ * CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING 
+ * IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY 
+ * OF SUCH DAMAGE.
+ *
+ * This file is part of the lwIP TCP/IP stack.
+ * 
+ * Author: Ivan Delamer <delamer@inicotech.com>
+ *
+ *
+ * Please coordinate changes and requests with Ivan Delamer
+ * <delamer@inicotech.com>
+ */
+#ifndef __LWIP_IP6_H__
+#define __LWIP_IP6_H__
+
+#include "lwip/opt.h"
+
+#if LWIP_IPV6  /* don't build if not configured for use in lwipopts.h */
+
+#include "lwip/ip.h"
+#include "lwip/ip6_addr.h"
+#include "lwip/def.h"
+#include "lwip/pbuf.h"
+#include "lwip/netif.h"
+
+#include "lwip/err.h"
+
+#ifdef __cplusplus
+extern "C" {
+#endif
+
+#define IP6_HLEN 40
+
+#define IP6_NEXTH_HOPBYHOP  0
+#define IP6_NEXTH_TCP       6
+#define IP6_NEXTH_UDP       17
+#define IP6_NEXTH_ENCAPS    41
+#define IP6_NEXTH_ROUTING   43
+#define IP6_NEXTH_FRAGMENT  44
+#define IP6_NEXTH_ICMP6     58
+#define IP6_NEXTH_NONE      59
+#define IP6_NEXTH_DESTOPTS  60
+#define IP6_NEXTH_UDPLITE   136
+
+
+/* The IPv6 header. */
+#ifdef PACK_STRUCT_USE_INCLUDES
+#  include "arch/bpstruct.h"
+#endif
+PACK_STRUCT_BEGIN
+struct ip6_hdr {
+  /* version / traffic class / flow label */
+  PACK_STRUCT_FIELD(u32_t _v_tc_fl);
+  /* payload length */
+  PACK_STRUCT_FIELD(u16_t _plen);
+  /* next header */
+  PACK_STRUCT_FIELD(u8_t _nexth);
+  /* hop limit */
+  PACK_STRUCT_FIELD(u8_t _hoplim);
+  /* source and destination IP addresses */
+  PACK_STRUCT_FIELD(ip6_addr_p_t src);
+  PACK_STRUCT_FIELD(ip6_addr_p_t dest);
+} PACK_STRUCT_STRUCT;
+PACK_STRUCT_END
+#ifdef PACK_STRUCT_USE_INCLUDES
+#  include "arch/epstruct.h"
+#endif
+
+/* Hop-by-hop router alert option. */
+#define IP6_HBH_HLEN    8
+#define IP6_PAD1_OPTION         0
+#define IP6_PADN_ALERT_OPTION   1
+#define IP6_ROUTER_ALERT_OPTION 5
+#define IP6_ROUTER_ALERT_VALUE_MLD 0
+#ifdef PACK_STRUCT_USE_INCLUDES
+#  include "arch/bpstruct.h"
+#endif
+PACK_STRUCT_BEGIN
+struct ip6_hbh_hdr {
+  /* next header */
+  PACK_STRUCT_FIELD(u8_t _nexth);
+  /* header length */
+  PACK_STRUCT_FIELD(u8_t _hlen);
+  /* router alert option type */
+  PACK_STRUCT_FIELD(u8_t _ra_opt_type);
+  /* router alert option data len */
+  PACK_STRUCT_FIELD(u8_t _ra_opt_dlen);
+  /* router alert option data */
+  PACK_STRUCT_FIELD(u16_t _ra_opt_data);
+  /* PadN option type */
+  PACK_STRUCT_FIELD(u8_t _padn_opt_type);
+  /* PadN option data len */
+  PACK_STRUCT_FIELD(u8_t _padn_opt_dlen);
+} PACK_STRUCT_STRUCT;
+PACK_STRUCT_END
+#ifdef PACK_STRUCT_USE_INCLUDES
+#  include "arch/epstruct.h"
+#endif
+
+/* Fragment header. */
+#define IP6_FRAG_HLEN    8
+#define IP6_FRAG_OFFSET_MASK    0xfff8
+#define IP6_FRAG_MORE_FLAG      0x0001
+#ifdef PACK_STRUCT_USE_INCLUDES
+#  include "arch/bpstruct.h"
+#endif
+PACK_STRUCT_BEGIN
+struct ip6_frag_hdr {
+  /* next header */
+  PACK_STRUCT_FIELD(u8_t _nexth);
+  /* reserved */
+  PACK_STRUCT_FIELD(u8_t reserved);
+  /* fragment offset */
+  PACK_STRUCT_FIELD(u16_t _fragment_offset);
+  /* fragmented packet identification */
+  PACK_STRUCT_FIELD(u32_t _identification);
+} PACK_STRUCT_STRUCT;
+PACK_STRUCT_END
+#ifdef PACK_STRUCT_USE_INCLUDES
+#  include "arch/epstruct.h"
+#endif
+
+#define IP6H_V(hdr)  ((ntohl((hdr)->_v_tc_fl) >> 28) & 0x0f)
+#define IP6H_TC(hdr) ((ntohl((hdr)->_v_tc_fl) >> 20) & 0xff)
+#define IP6H_FL(hdr) (ntohl((hdr)->_v_tc_fl) & 0x000fffff)
+#define IP6H_PLEN(hdr) (ntohs((hdr)->_plen))
+#define IP6H_NEXTH(hdr) ((hdr)->_nexth)
+#define IP6H_NEXTH_P(hdr) ((u8_t *)(hdr) + 6)
+#define IP6H_HOPLIM(hdr) ((hdr)->_hoplim)
+
+#define IP6H_VTCFL_SET(hdr, v, tc, fl) (hdr)->_v_tc_fl = (htonl(((v) << 28) | ((tc) << 20) | (fl)))
+#define IP6H_PLEN_SET(hdr, plen) (hdr)->_plen = htons(plen)
+#define IP6H_NEXTH_SET(hdr, nexth) (hdr)->_nexth = (nexth)
+#define IP6H_HOPLIM_SET(hdr, hl) (hdr)->_hoplim = (u8_t)(hl)
+
+
+#define ip6_init() /* TODO should we init current addresses and header pointer? */
+struct netif *ip6_route(struct ip6_addr *src, struct ip6_addr *dest);
+ip6_addr_t   *ip6_select_source_address(struct netif *netif, ip6_addr_t * dest);
+err_t         ip6_input(struct pbuf *p, struct netif *inp);
+err_t         ip6_output(struct pbuf *p, struct ip6_addr *src, struct ip6_addr *dest,
+                         u8_t hl, u8_t tc, u8_t nexth);
+err_t         ip6_output_if(struct pbuf *p, struct ip6_addr *src, struct ip6_addr *dest,
+                            u8_t hl, u8_t tc, u8_t nexth, struct netif *netif);
+#if LWIP_NETIF_HWADDRHINT
+err_t         ip6_output_hinted(struct pbuf *p, ip6_addr_t *src, ip6_addr_t *dest,
+                                u8_t hl, u8_t tc, u8_t nexth, u8_t *addr_hint);
+#endif /* LWIP_NETIF_HWADDRHINT */
+#if LWIP_IPV6_MLD
+err_t         ip6_options_add_hbh_ra(struct pbuf * p, u8_t nexth, u8_t value);
+#endif /* LWIP_IPV6_MLD */
+
+#define ip6_netif_get_local_ipX(netif, dest) (((netif) != NULL) ? \
+  ip6_2_ipX(ip6_select_source_address(netif, dest)) : NULL)
+
+#if IP6_DEBUG
+void ip6_debug_print(struct pbuf *p);
+#else
+#define ip6_debug_print(p)
+#endif /* IP6_DEBUG */
+
+
+#ifdef __cplusplus
+}
+#endif
+
+#endif /* LWIP_IPV6 */
+
+#endif /* __LWIP_IP6_H__ */
diff --git a/client/3rd/PacketProcessor/PacketProcessor/tun2socks-iOS/lwip/src/include/ipv6/lwip/ip6_addr.h b/client/3rd/PacketProcessor/PacketProcessor/tun2socks-iOS/lwip/src/include/ipv6/lwip/ip6_addr.h
new file mode 100644
index 00000000..89b5b811
--- /dev/null
+++ b/client/3rd/PacketProcessor/PacketProcessor/tun2socks-iOS/lwip/src/include/ipv6/lwip/ip6_addr.h
@@ -0,0 +1,286 @@
+/**
+ * @file
+ *
+ * IPv6 addresses.
+ */
+
+/*
+ * Copyright (c) 2010 Inico Technologies Ltd.
+ * All rights reserved. 
+ * 
+ * Redistribution and use in source and binary forms, with or without modification, 
+ * are permitted provided that the following conditions are met:
+ *
+ * 1. Redistributions of source code must retain the above copyright notice,
+ *    this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright notice,
+ *    this list of conditions and the following disclaimer in the documentation
+ *    and/or other materials provided with the distribution.
+ * 3. The name of the author may not be used to endorse or promote products
+ *    derived from this software without specific prior written permission. 
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE AUTHOR ``AS IS'' AND ANY EXPRESS OR IMPLIED 
+ * WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF 
+ * MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT 
+ * SHALL THE AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, 
+ * EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT 
+ * OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS 
+ * INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN 
+ * CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING 
+ * IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY 
+ * OF SUCH DAMAGE.
+ *
+ * This file is part of the lwIP TCP/IP stack.
+ * 
+ * Author: Ivan Delamer <delamer@inicotech.com>
+ *
+ * Structs and macros for handling IPv6 addresses.
+ *
+ * Please coordinate changes and requests with Ivan Delamer
+ * <delamer@inicotech.com>
+ */
+#ifndef __LWIP_IP6_ADDR_H__
+#define __LWIP_IP6_ADDR_H__
+
+#include "lwip/opt.h"
+
+#if LWIP_IPV6  /* don't build if not configured for use in lwipopts.h */
+
+
+#ifdef __cplusplus
+extern "C" {
+#endif
+
+
+/* This is the aligned version of ip6_addr_t,
+   used as local variable, on the stack, etc. */
+struct ip6_addr {
+  u32_t addr[4];
+};
+
+/* This is the packed version of ip6_addr_t,
+   used in network headers that are itself packed */
+#ifdef PACK_STRUCT_USE_INCLUDES
+#  include "arch/bpstruct.h"
+#endif
+PACK_STRUCT_BEGIN
+struct ip6_addr_packed {
+  PACK_STRUCT_FIELD(u32_t addr[4]);
+} PACK_STRUCT_STRUCT;
+PACK_STRUCT_END
+#ifdef PACK_STRUCT_USE_INCLUDES
+#  include "arch/epstruct.h"
+#endif
+
+/** ip6_addr_t uses a struct for convenience only, so that the same defines can
+ * operate both on ip6_addr_t as well as on ip6_addr_p_t. */
+typedef struct ip6_addr ip6_addr_t;
+typedef struct ip6_addr_packed ip6_addr_p_t;
+
+
+/** IP6_ADDR_ANY can be used as a fixed IPv6 address
+ *  for the wildcard
+ */
+extern const ip6_addr_t ip6_addr_any;
+#define IP6_ADDR_ANY         ((ip6_addr_t *)&ip6_addr_any)
+
+
+
+
+#if BYTE_ORDER == BIG_ENDIAN
+/** Set an IPv6 partial address given by byte-parts. */
+#define IP6_ADDR(ip6addr, index, a,b,c,d) \
+  (ip6addr)->addr[index] = ((u32_t)((a) & 0xff) << 24) | \
+                           ((u32_t)((b) & 0xff) << 16) | \
+                           ((u32_t)((c) & 0xff) << 8)  | \
+                            (u32_t)((d) & 0xff)
+#else
+/** Set an IPv6 partial address given by byte-parts.
+Little-endian version, stored in network order (no htonl). */
+#define IP6_ADDR(ip6addr, index, a,b,c,d) \
+  (ip6addr)->addr[index] = ((u32_t)((d) & 0xff) << 24) | \
+                           ((u32_t)((c) & 0xff) << 16) | \
+                           ((u32_t)((b) & 0xff) << 8)  | \
+                            (u32_t)((a) & 0xff)
+#endif
+
+/** Access address in 16-bit block */
+#define IP6_ADDR_BLOCK1(ip6addr) ((u16_t)(htonl((ip6addr)->addr[0]) >> 16) & 0xffff)
+#define IP6_ADDR_BLOCK2(ip6addr) ((u16_t)(htonl((ip6addr)->addr[0])) & 0xffff)
+#define IP6_ADDR_BLOCK3(ip6addr) ((u16_t)(htonl((ip6addr)->addr[1]) >> 16) & 0xffff)
+#define IP6_ADDR_BLOCK4(ip6addr) ((u16_t)(htonl((ip6addr)->addr[1])) & 0xffff)
+#define IP6_ADDR_BLOCK5(ip6addr) ((u16_t)(htonl((ip6addr)->addr[2]) >> 16) & 0xffff)
+#define IP6_ADDR_BLOCK6(ip6addr) ((u16_t)(htonl((ip6addr)->addr[2])) & 0xffff)
+#define IP6_ADDR_BLOCK7(ip6addr) ((u16_t)(htonl((ip6addr)->addr[3]) >> 16) & 0xffff)
+#define IP6_ADDR_BLOCK8(ip6addr) ((u16_t)(htonl((ip6addr)->addr[3])) & 0xffff)
+
+/** Copy IPv6 address - faster than ip6_addr_set: no NULL check */
+#define ip6_addr_copy(dest, src) do{(dest).addr[0] = (src).addr[0]; \
+                                    (dest).addr[1] = (src).addr[1]; \
+                                    (dest).addr[2] = (src).addr[2]; \
+                                    (dest).addr[3] = (src).addr[3];}while(0)
+/** Safely copy one IPv6 address to another (src may be NULL) */
+#define ip6_addr_set(dest, src) do{(dest)->addr[0] = (src) == NULL ? 0 : (src)->addr[0]; \
+                                   (dest)->addr[1] = (src) == NULL ? 0 : (src)->addr[1]; \
+                                   (dest)->addr[2] = (src) == NULL ? 0 : (src)->addr[2]; \
+                                   (dest)->addr[3] = (src) == NULL ? 0 : (src)->addr[3];}while(0)
+
+/** Set complete address to zero */
+#define ip6_addr_set_zero(ip6addr)    do{(ip6addr)->addr[0] = 0; \
+                                         (ip6addr)->addr[1] = 0; \
+                                         (ip6addr)->addr[2] = 0; \
+                                         (ip6addr)->addr[3] = 0;}while(0)
+
+/** Set address to ipv6 'any' (no need for htonl()) */
+#define ip6_addr_set_any(ip6addr)       ip6_addr_set_zero(ip6addr)
+/** Set address to ipv6 loopback address */
+#define ip6_addr_set_loopback(ip6addr) do{(ip6addr)->addr[0] = 0; \
+                                          (ip6addr)->addr[1] = 0; \
+                                          (ip6addr)->addr[2] = 0; \
+                                          (ip6addr)->addr[3] = PP_HTONL(0x00000001UL);}while(0)
+/** Safely copy one IPv6 address to another and change byte order
+ * from host- to network-order. */
+#define ip6_addr_set_hton(dest, src) do{(dest)->addr[0] = (src) == NULL ? 0 : htonl((src)->addr[0]); \
+                                        (dest)->addr[1] = (src) == NULL ? 0 : htonl((src)->addr[1]); \
+                                        (dest)->addr[2] = (src) == NULL ? 0 : htonl((src)->addr[2]); \
+                                        (dest)->addr[3] = (src) == NULL ? 0 : htonl((src)->addr[3]);}while(0)
+
+
+
+/**
+ * Determine if two IPv6 address are on the same network.
+ *
+ * @arg addr1 IPv6 address 1
+ * @arg addr2 IPv6 address 2
+ * @return !0 if the network identifiers of both address match
+ */
+#define ip6_addr_netcmp(addr1, addr2) (((addr1)->addr[0] == (addr2)->addr[0]) && \
+                                       ((addr1)->addr[1] == (addr2)->addr[1]))
+
+#define ip6_addr_cmp(addr1, addr2) (((addr1)->addr[0] == (addr2)->addr[0]) && \
+                                    ((addr1)->addr[1] == (addr2)->addr[1]) && \
+                                    ((addr1)->addr[2] == (addr2)->addr[2]) && \
+                                    ((addr1)->addr[3] == (addr2)->addr[3]))
+
+#define ip6_get_subnet_id(ip6addr)   (htonl((ip6addr)->addr[2]) & 0x0000ffffUL)
+
+#define ip6_addr_isany(ip6addr) (((ip6addr) == NULL) || \
+                             (((ip6addr)->addr[0] == 0) && \
+                             ((ip6addr)->addr[1] == 0) && \
+                             ((ip6addr)->addr[2] == 0) && \
+                             ((ip6addr)->addr[3] == 0)))
+
+
+#define ip6_addr_isglobal(ip6addr) (((ip6addr)->addr[0] & PP_HTONL(0xe0000000UL)) == PP_HTONL(0x20000000UL))
+
+#define ip6_addr_islinklocal(ip6addr) (((ip6addr)->addr[0] & PP_HTONL(0xffc00000UL)) == PP_HTONL(0xfe800000UL))
+
+#define ip6_addr_issitelocal(ip6addr) (((ip6addr)->addr[0] & PP_HTONL(0xffc00000UL)) == PP_HTONL(0xfec00000UL))
+
+#define ip6_addr_isuniquelocal(ip6addr) (((ip6addr)->addr[0] & PP_HTONL(0xfe000000UL)) == PP_HTONL(0xfc000000UL))
+
+#define ip6_addr_ismulticast(ip6addr) (((ip6addr)->addr[0] & PP_HTONL(0xff000000UL)) == PP_HTONL(0xff000000UL))
+#define ip6_addr_multicast_transient_flag(ip6addr)  ((ip6addr)->addr[0] & PP_HTONL(0x00100000UL))
+#define ip6_addr_multicast_prefix_flag(ip6addr)     ((ip6addr)->addr[0] & PP_HTONL(0x00200000UL))
+#define ip6_addr_multicast_rendezvous_flag(ip6addr) ((ip6addr)->addr[0] & PP_HTONL(0x00400000UL))
+#define ip6_addr_multicast_scope(ip6addr) ((htonl((ip6addr)->addr[0]) >> 16) & 0xf)
+#define IP6_MULTICAST_SCOPE_RESERVED            0x0
+#define IP6_MULTICAST_SCOPE_RESERVED0           0x0
+#define IP6_MULTICAST_SCOPE_INTERFACE_LOCAL     0x1
+#define IP6_MULTICAST_SCOPE_LINK_LOCAL          0x2
+#define IP6_MULTICAST_SCOPE_RESERVED3           0x3
+#define IP6_MULTICAST_SCOPE_ADMIN_LOCAL         0x4
+#define IP6_MULTICAST_SCOPE_SITE_LOCAL          0x5
+#define IP6_MULTICAST_SCOPE_ORGANIZATION_LOCAL  0x8
+#define IP6_MULTICAST_SCOPE_GLOBAL              0xe
+#define IP6_MULTICAST_SCOPE_RESERVEDF           0xf
+#define ip6_addr_ismulticast_iflocal(ip6addr) (((ip6addr)->addr[0] & PP_HTONL(0xffff0000UL)) == PP_HTONL(0xff010000UL))
+#define ip6_addr_ismulticast_linklocal(ip6addr) (((ip6addr)->addr[0] & PP_HTONL(0xffff0000UL)) == PP_HTONL(0xff020000UL))
+#define ip6_addr_ismulticast_adminlocal(ip6addr) (((ip6addr)->addr[0] & PP_HTONL(0xffff0000UL)) == PP_HTONL(0xff040000UL))
+#define ip6_addr_ismulticast_sitelocal(ip6addr) (((ip6addr)->addr[0] & PP_HTONL(0xffff0000UL)) == PP_HTONL(0xff050000UL))
+#define ip6_addr_ismulticast_orglocal(ip6addr) (((ip6addr)->addr[0] & PP_HTONL(0xffff0000UL)) == PP_HTONL(0xff080000UL))
+#define ip6_addr_ismulticast_global(ip6addr) (((ip6addr)->addr[0] & PP_HTONL(0xffff0000UL)) == PP_HTONL(0xff0e0000UL))
+
+/* TODO define get/set for well-know multicast addresses, e.g. ff02::1 */
+#define ip6_addr_isallnodes_iflocal(ip6addr) (((ip6addr)->addr[0] == PP_HTONL(0xff010000UL)) && \
+    ((ip6addr)->addr[1] == 0UL) && \
+    ((ip6addr)->addr[2] == 0UL) && \
+    ((ip6addr)->addr[3] == PP_HTONL(0x00000001UL)))
+
+#define ip6_addr_isallnodes_linklocal(ip6addr) (((ip6addr)->addr[0] == PP_HTONL(0xff020000UL)) && \
+    ((ip6addr)->addr[1] == 0UL) && \
+    ((ip6addr)->addr[2] == 0UL) && \
+    ((ip6addr)->addr[3] == PP_HTONL(0x00000001UL)))
+#define ip6_addr_set_allnodes_linklocal(ip6addr) do{(ip6addr)->addr[0] = PP_HTONL(0xff020000UL); \
+                (ip6addr)->addr[1] = 0; \
+                (ip6addr)->addr[2] = 0; \
+                (ip6addr)->addr[3] = PP_HTONL(0x00000001UL);}while(0)
+
+#define ip6_addr_isallrouters_linklocal(ip6addr) (((ip6addr)->addr[0] == PP_HTONL(0xff020000UL)) && \
+    ((ip6addr)->addr[1] == 0UL) && \
+    ((ip6addr)->addr[2] == 0UL) && \
+    ((ip6addr)->addr[3] == PP_HTONL(0x00000002UL)))
+#define ip6_addr_set_allrouters_linklocal(ip6addr) do{(ip6addr)->addr[0] = PP_HTONL(0xff020000UL); \
+                (ip6addr)->addr[1] = 0; \
+                (ip6addr)->addr[2] = 0; \
+                (ip6addr)->addr[3] = PP_HTONL(0x00000002UL);}while(0)
+
+#define ip6_addr_issolicitednode(ip6addr) ( ((ip6addr)->addr[0] == PP_HTONL(0xff020000UL)) && \
+        ((ip6addr)->addr[2] == PP_HTONL(0x00000001UL)) && \
+        (((ip6addr)->addr[3] & PP_HTONL(0xff000000UL)) == PP_HTONL(0xff000000UL)) )
+
+#define ip6_addr_set_solicitednode(ip6addr, if_id) do{(ip6addr)->addr[0] = PP_HTONL(0xff020000UL); \
+                (ip6addr)->addr[1] = 0; \
+                (ip6addr)->addr[2] = PP_HTONL(0x00000001UL); \
+                (ip6addr)->addr[3] = htonl(0xff000000UL | (htonl(if_id) & 0x00ffffffUL));}while(0)
+
+#define ip6_addr_cmp_solicitednode(ip6addr, sn_addr) (((ip6addr)->addr[0] == PP_HTONL(0xff020000UL)) && \
+                                    ((ip6addr)->addr[1] == 0) && \
+                                    ((ip6addr)->addr[2] == PP_HTONL(0x00000001UL)) && \
+                                    ((ip6addr)->addr[3] == htonl(0xff000000UL | (htonl((sn_addr)->addr[3]) & 0x00ffffffUL))))
+
+/* IPv6 address states. */
+#define IP6_ADDR_INVALID      0x00
+#define IP6_ADDR_TENTATIVE    0x08
+#define IP6_ADDR_TENTATIVE_1  0x09 /* 1 probe sent */
+#define IP6_ADDR_TENTATIVE_2  0x0a /* 2 probes sent */
+#define IP6_ADDR_TENTATIVE_3  0x0b /* 3 probes sent */
+#define IP6_ADDR_TENTATIVE_4  0x0c /* 4 probes sent */
+#define IP6_ADDR_TENTATIVE_5  0x0d /* 5 probes sent */
+#define IP6_ADDR_TENTATIVE_6  0x0e /* 6 probes sent */
+#define IP6_ADDR_TENTATIVE_7  0x0f /* 7 probes sent */
+#define IP6_ADDR_VALID        0x10
+#define IP6_ADDR_PREFERRED    0x30
+#define IP6_ADDR_DEPRECATED   0x50
+
+#define ip6_addr_isinvalid(addr_state) (addr_state == IP6_ADDR_INVALID)
+#define ip6_addr_istentative(addr_state) (addr_state & IP6_ADDR_TENTATIVE)
+#define ip6_addr_isvalid(addr_state) (addr_state & IP6_ADDR_VALID) /* Include valid, preferred, and deprecated. */
+#define ip6_addr_ispreferred(addr_state) (addr_state == IP6_ADDR_PREFERRED)
+#define ip6_addr_isdeprecated(addr_state) (addr_state == IP6_ADDR_DEPRECATED)
+
+#define ip6_addr_debug_print(debug, ipaddr) \
+  LWIP_DEBUGF(debug, ("%"X16_F":%"X16_F":%"X16_F":%"X16_F":%"X16_F":%"X16_F":%"X16_F":%"X16_F, \
+                      ipaddr != NULL ? IP6_ADDR_BLOCK1(ipaddr) : 0,    \
+                      ipaddr != NULL ? IP6_ADDR_BLOCK2(ipaddr) : 0,    \
+                      ipaddr != NULL ? IP6_ADDR_BLOCK3(ipaddr) : 0,    \
+                      ipaddr != NULL ? IP6_ADDR_BLOCK4(ipaddr) : 0,    \
+                      ipaddr != NULL ? IP6_ADDR_BLOCK5(ipaddr) : 0,    \
+                      ipaddr != NULL ? IP6_ADDR_BLOCK6(ipaddr) : 0,    \
+                      ipaddr != NULL ? IP6_ADDR_BLOCK7(ipaddr) : 0,    \
+                      ipaddr != NULL ? IP6_ADDR_BLOCK8(ipaddr) : 0))
+
+int ip6addr_aton(const char *cp, ip6_addr_t *addr);
+/** returns ptr to static buffer; not reentrant! */
+char *ip6addr_ntoa(const ip6_addr_t *addr);
+char *ip6addr_ntoa_r(const ip6_addr_t *addr, char *buf, int buflen);
+
+
+
+#ifdef __cplusplus
+}
+#endif
+
+#endif /* LWIP_IPV6 */
+
+#endif /* __LWIP_IP6_ADDR_H__ */
diff --git a/client/3rd/PacketProcessor/PacketProcessor/tun2socks-iOS/lwip/src/include/ipv6/lwip/ip6_frag.h b/client/3rd/PacketProcessor/PacketProcessor/tun2socks-iOS/lwip/src/include/ipv6/lwip/ip6_frag.h
new file mode 100644
index 00000000..75898b8f
--- /dev/null
+++ b/client/3rd/PacketProcessor/PacketProcessor/tun2socks-iOS/lwip/src/include/ipv6/lwip/ip6_frag.h
@@ -0,0 +1,102 @@
+/**
+ * @file
+ *
+ * IPv6 fragmentation and reassembly.
+ */
+
+/*
+ * Copyright (c) 2010 Inico Technologies Ltd.
+ * All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without modification,
+ * are permitted provided that the following conditions are met:
+ *
+ * 1. Redistributions of source code must retain the above copyright notice,
+ *    this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright notice,
+ *    this list of conditions and the following disclaimer in the documentation
+ *    and/or other materials provided with the distribution.
+ * 3. The name of the author may not be used to endorse or promote products
+ *    derived from this software without specific prior written permission.
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE AUTHOR ``AS IS'' AND ANY EXPRESS OR IMPLIED
+ * WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF
+ * MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT
+ * SHALL THE AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL,
+ * EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT
+ * OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS
+ * INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN
+ * CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING
+ * IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY
+ * OF SUCH DAMAGE.
+ *
+ * This file is part of the lwIP TCP/IP stack.
+ *
+ * Author: Ivan Delamer <delamer@inicotech.com>
+ *
+ *
+ * Please coordinate changes and requests with Ivan Delamer
+ * <delamer@inicotech.com>
+ */
+#ifndef __LWIP_IP6_FRAG_H__
+#define __LWIP_IP6_FRAG_H__
+
+#include "lwip/opt.h"
+#include "lwip/pbuf.h"
+#include "lwip/ip6_addr.h"
+#include "lwip/netif.h"
+
+#ifdef __cplusplus
+extern "C" {
+#endif
+
+
+#if LWIP_IPV6 && LWIP_IPV6_REASS  /* don't build if not configured for use in lwipopts.h */
+
+/* The IPv6 reassembly timer interval in milliseconds. */
+#define IP6_REASS_TMR_INTERVAL 1000
+
+/* IPv6 reassembly helper struct.
+ * This is exported because memp needs to know the size.
+ */
+struct ip6_reassdata {
+  struct ip6_reassdata *next;
+  struct pbuf *p;
+  struct ip6_hdr * iphdr;
+  u32_t identification;
+  u16_t datagram_len;
+  u8_t nexth;
+  u8_t timer;
+};
+
+#define ip6_reass_init() /* Compatibility define */
+void ip6_reass_tmr(void);
+struct pbuf * ip6_reass(struct pbuf *p);
+
+#endif /* LWIP_IPV6 && LWIP_IPV6_REASS */
+
+#if LWIP_IPV6 && LWIP_IPV6_FRAG  /* don't build if not configured for use in lwipopts.h */
+
+/** A custom pbuf that holds a reference to another pbuf, which is freed
+ * when this custom pbuf is freed. This is used to create a custom PBUF_REF
+ * that points into the original pbuf. */
+#ifndef __LWIP_PBUF_CUSTOM_REF__
+#define __LWIP_PBUF_CUSTOM_REF__
+struct pbuf_custom_ref {
+  /** 'base class' */
+  struct pbuf_custom pc;
+  /** pointer to the original pbuf that is referenced */
+  struct pbuf *original;
+};
+#endif /* __LWIP_PBUF_CUSTOM_REF__ */
+
+err_t ip6_frag(struct pbuf *p, struct netif *netif, ip6_addr_t *dest);
+
+#endif /* LWIP_IPV6 && LWIP_IPV6_FRAG */
+
+
+#ifdef __cplusplus
+}
+#endif
+
+#endif /* __LWIP_IP6_FRAG_H__ */
diff --git a/client/3rd/PacketProcessor/PacketProcessor/tun2socks-iOS/lwip/src/include/ipv6/lwip/mld6.h b/client/3rd/PacketProcessor/PacketProcessor/tun2socks-iOS/lwip/src/include/ipv6/lwip/mld6.h
new file mode 100644
index 00000000..abd86e55
--- /dev/null
+++ b/client/3rd/PacketProcessor/PacketProcessor/tun2socks-iOS/lwip/src/include/ipv6/lwip/mld6.h
@@ -0,0 +1,118 @@
+/**
+ * @file
+ *
+ * Multicast listener discovery for IPv6. Aims to be compliant with RFC 2710.
+ * No support for MLDv2.
+ */
+
+/*
+ * Copyright (c) 2010 Inico Technologies Ltd.
+ * All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without modification,
+ * are permitted provided that the following conditions are met:
+ *
+ * 1. Redistributions of source code must retain the above copyright notice,
+ *    this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright notice,
+ *    this list of conditions and the following disclaimer in the documentation
+ *    and/or other materials provided with the distribution.
+ * 3. The name of the author may not be used to endorse or promote products
+ *    derived from this software without specific prior written permission.
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE AUTHOR ``AS IS'' AND ANY EXPRESS OR IMPLIED
+ * WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF
+ * MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT
+ * SHALL THE AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL,
+ * EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT
+ * OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS
+ * INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN
+ * CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING
+ * IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY
+ * OF SUCH DAMAGE.
+ *
+ * This file is part of the lwIP TCP/IP stack.
+ *
+ * Author: Ivan Delamer <delamer@inicotech.com>
+ *
+ *
+ * Please coordinate changes and requests with Ivan Delamer
+ * <delamer@inicotech.com>
+ */
+
+#ifndef __LWIP_MLD6_H__
+#define __LWIP_MLD6_H__
+
+#include "lwip/opt.h"
+
+#if LWIP_IPV6_MLD && LWIP_IPV6  /* don't build if not configured for use in lwipopts.h */
+
+#include "lwip/pbuf.h"
+#include "lwip/netif.h"
+
+
+#ifdef __cplusplus
+extern "C" {
+#endif
+
+struct mld_group {
+  /** next link */
+  struct mld_group *next;
+  /** interface on which the group is active */
+  struct netif      *netif;
+  /** multicast address */
+  ip6_addr_t         group_address;
+  /** signifies we were the last person to report */
+  u8_t               last_reporter_flag;
+  /** current state of the group */
+  u8_t               group_state;
+  /** timer for reporting */
+  u16_t              timer;
+  /** counter of simultaneous uses */
+  u8_t               use;
+};
+
+/** Multicast listener report/query/done message header. */
+#ifdef PACK_STRUCT_USE_INCLUDES
+#  include "arch/bpstruct.h"
+#endif
+PACK_STRUCT_BEGIN
+struct mld_header {
+  PACK_STRUCT_FIELD(u8_t type);
+  PACK_STRUCT_FIELD(u8_t code);
+  PACK_STRUCT_FIELD(u16_t chksum);
+  PACK_STRUCT_FIELD(u16_t max_resp_delay);
+  PACK_STRUCT_FIELD(u16_t reserved);
+  PACK_STRUCT_FIELD(ip6_addr_p_t multicast_address);
+  /* Options follow. */
+} PACK_STRUCT_STRUCT;
+PACK_STRUCT_END
+#ifdef PACK_STRUCT_USE_INCLUDES
+#  include "arch/epstruct.h"
+#endif
+
+#define MLD6_TMR_INTERVAL              100 /* Milliseconds */
+
+/* MAC Filter Actions, these are passed to a netif's
+ * mld_mac_filter callback function. */
+#define MLD6_DEL_MAC_FILTER            0
+#define MLD6_ADD_MAC_FILTER            1
+
+
+#define mld6_init() /* TODO should we init tables? */
+err_t  mld6_stop(struct netif *netif);
+void   mld6_report_groups(struct netif *netif);
+void   mld6_tmr(void);
+struct mld_group *mld6_lookfor_group(struct netif *ifp, ip6_addr_t *addr);
+void   mld6_input(struct pbuf *p, struct netif *inp);
+err_t  mld6_joingroup(ip6_addr_t *srcaddr, ip6_addr_t *groupaddr);
+err_t  mld6_leavegroup(ip6_addr_t *srcaddr, ip6_addr_t *groupaddr);
+
+
+#ifdef __cplusplus
+}
+#endif
+
+#endif /* LWIP_IPV6_MLD && LWIP_IPV6 */
+
+#endif /* __LWIP_MLD6_H__ */
diff --git a/client/3rd/PacketProcessor/PacketProcessor/tun2socks-iOS/lwip/src/include/ipv6/lwip/nd6.h b/client/3rd/PacketProcessor/PacketProcessor/tun2socks-iOS/lwip/src/include/ipv6/lwip/nd6.h
new file mode 100644
index 00000000..28636e89
--- /dev/null
+++ b/client/3rd/PacketProcessor/PacketProcessor/tun2socks-iOS/lwip/src/include/ipv6/lwip/nd6.h
@@ -0,0 +1,369 @@
+/**
+ * @file
+ *
+ * Neighbor discovery and stateless address autoconfiguration for IPv6.
+ * Aims to be compliant with RFC 4861 (Neighbor discovery) and RFC 4862
+ * (Address autoconfiguration).
+ */
+
+/*
+ * Copyright (c) 2010 Inico Technologies Ltd.
+ * All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without modification,
+ * are permitted provided that the following conditions are met:
+ *
+ * 1. Redistributions of source code must retain the above copyright notice,
+ *    this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright notice,
+ *    this list of conditions and the following disclaimer in the documentation
+ *    and/or other materials provided with the distribution.
+ * 3. The name of the author may not be used to endorse or promote products
+ *    derived from this software without specific prior written permission.
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE AUTHOR ``AS IS'' AND ANY EXPRESS OR IMPLIED
+ * WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF
+ * MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT
+ * SHALL THE AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL,
+ * EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT
+ * OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS
+ * INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN
+ * CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING
+ * IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY
+ * OF SUCH DAMAGE.
+ *
+ * This file is part of the lwIP TCP/IP stack.
+ *
+ * Author: Ivan Delamer <delamer@inicotech.com>
+ *
+ *
+ * Please coordinate changes and requests with Ivan Delamer
+ * <delamer@inicotech.com>
+ */
+
+#ifndef __LWIP_ND6_H__
+#define __LWIP_ND6_H__
+
+#include "lwip/opt.h"
+
+#if LWIP_IPV6  /* don't build if not configured for use in lwipopts.h */
+
+#include "lwip/pbuf.h"
+#include "lwip/ip6.h"
+#include "lwip/ip6_addr.h"
+#include "lwip/netif.h"
+
+
+#ifdef __cplusplus
+extern "C" {
+#endif
+
+/* Struct for tables. */
+struct nd6_neighbor_cache_entry {
+  ip6_addr_t next_hop_address;
+  struct netif * netif;
+  u8_t lladdr[NETIF_MAX_HWADDR_LEN];
+  /*u32_t pmtu;*/
+#if LWIP_ND6_QUEUEING
+  /** Pointer to queue of pending outgoing packets on this entry. */
+  struct nd6_q_entry *q;
+#else /* LWIP_ND6_QUEUEING */
+  /** Pointer to a single pending outgoing packet on this entry. */
+  struct pbuf *q;
+#endif /* LWIP_ND6_QUEUEING */
+  u8_t state;
+  u8_t isrouter;
+  union {
+    u32_t reachable_time;
+    u32_t delay_time;
+    u32_t probes_sent;
+    u32_t stale_time;
+  } counter;
+};
+
+struct nd6_destination_cache_entry {
+  ip6_addr_t destination_addr;
+  ip6_addr_t next_hop_addr;
+  u32_t pmtu;
+  u32_t age;
+};
+
+struct nd6_prefix_list_entry {
+  ip6_addr_t prefix;
+  struct netif * netif;
+  u32_t invalidation_timer;
+#if LWIP_IPV6_AUTOCONFIG
+  u8_t flags;
+#define ND6_PREFIX_AUTOCONFIG_AUTONOMOUS 0x01
+#define ND6_PREFIX_AUTOCONFIG_ADDRESS_GENERATED 0x02
+#define ND6_PREFIX_AUTOCONFIG_ADDRESS_DUPLICATE 0x04
+#endif /* LWIP_IPV6_AUTOCONFIG */
+};
+
+struct nd6_router_list_entry {
+  struct nd6_neighbor_cache_entry * neighbor_entry;
+  u32_t invalidation_timer;
+  u8_t flags;
+};
+
+
+enum nd6_neighbor_cache_entry_state {
+  ND6_NO_ENTRY = 0,
+  ND6_INCOMPLETE,
+  ND6_REACHABLE,
+  ND6_STALE,
+  ND6_DELAY,
+  ND6_PROBE
+};
+
+#if LWIP_ND6_QUEUEING
+/** struct for queueing outgoing packets for unknown address
+  * defined here to be accessed by memp.h
+  */
+struct nd6_q_entry {
+  struct nd6_q_entry *next;
+  struct pbuf *p;
+};
+#endif /* LWIP_ND6_QUEUEING */
+
+/** Neighbor solicitation message header. */
+#ifdef PACK_STRUCT_USE_INCLUDES
+#  include "arch/bpstruct.h"
+#endif
+PACK_STRUCT_BEGIN
+struct ns_header {
+  PACK_STRUCT_FIELD(u8_t type);
+  PACK_STRUCT_FIELD(u8_t code);
+  PACK_STRUCT_FIELD(u16_t chksum);
+  PACK_STRUCT_FIELD(u32_t reserved);
+  PACK_STRUCT_FIELD(ip6_addr_p_t target_address);
+  /* Options follow. */
+} PACK_STRUCT_STRUCT;
+PACK_STRUCT_END
+#ifdef PACK_STRUCT_USE_INCLUDES
+#  include "arch/epstruct.h"
+#endif
+
+/** Neighbor advertisement message header. */
+#ifdef PACK_STRUCT_USE_INCLUDES
+#  include "arch/bpstruct.h"
+#endif
+PACK_STRUCT_BEGIN
+struct na_header {
+  PACK_STRUCT_FIELD(u8_t type);
+  PACK_STRUCT_FIELD(u8_t code);
+  PACK_STRUCT_FIELD(u16_t chksum);
+  PACK_STRUCT_FIELD(u8_t flags);
+  PACK_STRUCT_FIELD(u8_t reserved[3]);
+  PACK_STRUCT_FIELD(ip6_addr_p_t target_address);
+  /* Options follow. */
+} PACK_STRUCT_STRUCT;
+PACK_STRUCT_END
+#ifdef PACK_STRUCT_USE_INCLUDES
+#  include "arch/epstruct.h"
+#endif
+#define ND6_FLAG_ROUTER      (0x80)
+#define ND6_FLAG_SOLICITED   (0x40)
+#define ND6_FLAG_OVERRIDE    (0x20)
+
+/** Router solicitation message header. */
+#ifdef PACK_STRUCT_USE_INCLUDES
+#  include "arch/bpstruct.h"
+#endif
+PACK_STRUCT_BEGIN
+struct rs_header {
+  PACK_STRUCT_FIELD(u8_t type);
+  PACK_STRUCT_FIELD(u8_t code);
+  PACK_STRUCT_FIELD(u16_t chksum);
+  PACK_STRUCT_FIELD(u32_t reserved);
+  /* Options follow. */
+} PACK_STRUCT_STRUCT;
+PACK_STRUCT_END
+#ifdef PACK_STRUCT_USE_INCLUDES
+#  include "arch/epstruct.h"
+#endif
+
+/** Router advertisement message header. */
+#define ND6_RA_FLAG_MANAGED_ADDR_CONFIG (0x80)
+#define ND6_RA_FLAG_OTHER_STATEFUL_CONFIG (0x40)
+#define ND6_RA_FLAG_HOME_AGENT (0x20)
+#define ND6_RA_PREFERENCE_MASK (0x18)
+#define ND6_RA_PREFERENCE_HIGH (0x08)
+#define ND6_RA_PREFERENCE_MEDIUM (0x00)
+#define ND6_RA_PREFERENCE_LOW (0x18)
+#define ND6_RA_PREFERENCE_DISABLED (0x10)
+#ifdef PACK_STRUCT_USE_INCLUDES
+#  include "arch/bpstruct.h"
+#endif
+PACK_STRUCT_BEGIN
+struct ra_header {
+  PACK_STRUCT_FIELD(u8_t type);
+  PACK_STRUCT_FIELD(u8_t code);
+  PACK_STRUCT_FIELD(u16_t chksum);
+  PACK_STRUCT_FIELD(u8_t current_hop_limit);
+  PACK_STRUCT_FIELD(u8_t flags);
+  PACK_STRUCT_FIELD(u16_t router_lifetime);
+  PACK_STRUCT_FIELD(u32_t reachable_time);
+  PACK_STRUCT_FIELD(u32_t retrans_timer);
+  /* Options follow. */
+} PACK_STRUCT_STRUCT;
+PACK_STRUCT_END
+#ifdef PACK_STRUCT_USE_INCLUDES
+#  include "arch/epstruct.h"
+#endif
+
+/** Redirect message header. */
+#ifdef PACK_STRUCT_USE_INCLUDES
+#  include "arch/bpstruct.h"
+#endif
+PACK_STRUCT_BEGIN
+struct redirect_header {
+  PACK_STRUCT_FIELD(u8_t type);
+  PACK_STRUCT_FIELD(u8_t code);
+  PACK_STRUCT_FIELD(u16_t chksum);
+  PACK_STRUCT_FIELD(u32_t reserved);
+  PACK_STRUCT_FIELD(ip6_addr_p_t target_address);
+  PACK_STRUCT_FIELD(ip6_addr_p_t destination_address);
+  /* Options follow. */
+} PACK_STRUCT_STRUCT;
+PACK_STRUCT_END
+#ifdef PACK_STRUCT_USE_INCLUDES
+#  include "arch/epstruct.h"
+#endif
+
+/** Link-layer address option. */
+#define ND6_OPTION_TYPE_SOURCE_LLADDR (0x01)
+#define ND6_OPTION_TYPE_TARGET_LLADDR (0x02)
+#ifdef PACK_STRUCT_USE_INCLUDES
+#  include "arch/bpstruct.h"
+#endif
+PACK_STRUCT_BEGIN
+struct lladdr_option {
+  PACK_STRUCT_FIELD(u8_t type);
+  PACK_STRUCT_FIELD(u8_t length);
+  PACK_STRUCT_FIELD(u8_t addr[NETIF_MAX_HWADDR_LEN]);
+} PACK_STRUCT_STRUCT;
+PACK_STRUCT_END
+#ifdef PACK_STRUCT_USE_INCLUDES
+#  include "arch/epstruct.h"
+#endif
+
+/** Prefix information option. */
+#define ND6_OPTION_TYPE_PREFIX_INFO (0x03)
+#define ND6_PREFIX_FLAG_ON_LINK (0x80)
+#define ND6_PREFIX_FLAG_AUTONOMOUS (0x40)
+#define ND6_PREFIX_FLAG_ROUTER_ADDRESS (0x20)
+#define ND6_PREFIX_FLAG_SITE_PREFIX (0x10)
+#ifdef PACK_STRUCT_USE_INCLUDES
+#  include "arch/bpstruct.h"
+#endif
+PACK_STRUCT_BEGIN
+struct prefix_option {
+  PACK_STRUCT_FIELD(u8_t type);
+  PACK_STRUCT_FIELD(u8_t length);
+  PACK_STRUCT_FIELD(u8_t prefix_length);
+  PACK_STRUCT_FIELD(u8_t flags);
+  PACK_STRUCT_FIELD(u32_t valid_lifetime);
+  PACK_STRUCT_FIELD(u32_t preferred_lifetime);
+  PACK_STRUCT_FIELD(u8_t reserved2[3]);
+  PACK_STRUCT_FIELD(u8_t site_prefix_length);
+  PACK_STRUCT_FIELD(ip6_addr_p_t prefix);
+} PACK_STRUCT_STRUCT;
+PACK_STRUCT_END
+#ifdef PACK_STRUCT_USE_INCLUDES
+#  include "arch/epstruct.h"
+#endif
+
+/** Redirected header option. */
+#define ND6_OPTION_TYPE_REDIR_HDR (0x04)
+#ifdef PACK_STRUCT_USE_INCLUDES
+#  include "arch/bpstruct.h"
+#endif
+PACK_STRUCT_BEGIN
+struct redirected_header_option {
+  PACK_STRUCT_FIELD(u8_t type);
+  PACK_STRUCT_FIELD(u8_t length);
+  PACK_STRUCT_FIELD(u8_t reserved[6]);
+  /* Portion of redirected packet follows. */
+  /* PACK_STRUCT_FIELD(u8_t redirected[8]); */
+} PACK_STRUCT_STRUCT;
+PACK_STRUCT_END
+#ifdef PACK_STRUCT_USE_INCLUDES
+#  include "arch/epstruct.h"
+#endif
+
+/** MTU option. */
+#define ND6_OPTION_TYPE_MTU (0x05)
+#ifdef PACK_STRUCT_USE_INCLUDES
+#  include "arch/bpstruct.h"
+#endif
+PACK_STRUCT_BEGIN
+struct mtu_option {
+  PACK_STRUCT_FIELD(u8_t type);
+  PACK_STRUCT_FIELD(u8_t length);
+  PACK_STRUCT_FIELD(u16_t reserved);
+  PACK_STRUCT_FIELD(u32_t mtu);
+} PACK_STRUCT_STRUCT;
+PACK_STRUCT_END
+#ifdef PACK_STRUCT_USE_INCLUDES
+#  include "arch/epstruct.h"
+#endif
+
+/** Route information option. */
+#define ND6_OPTION_TYPE_ROUTE_INFO (24)
+#ifdef PACK_STRUCT_USE_INCLUDES
+#  include "arch/bpstruct.h"
+#endif
+PACK_STRUCT_BEGIN
+struct route_option {
+  PACK_STRUCT_FIELD(u8_t type);
+  PACK_STRUCT_FIELD(u8_t length);
+  PACK_STRUCT_FIELD(u8_t prefix_length);
+  PACK_STRUCT_FIELD(u8_t preference);
+  PACK_STRUCT_FIELD(u32_t route_lifetime);
+  PACK_STRUCT_FIELD(ip6_addr_p_t prefix);
+} PACK_STRUCT_STRUCT;
+PACK_STRUCT_END
+#ifdef PACK_STRUCT_USE_INCLUDES
+#  include "arch/epstruct.h"
+#endif
+
+/* the possible states of an IP address */
+#define IP6_ADDRESS_STATE_INVALID     (0)
+#define IP6_ADDRESS_STATE_VALID       (0x4)
+#define IP6_ADDRESS_STATE_PREFERRED   (0x5) /* includes valid */
+#define IP6_ADDRESS_STATE_DEPRECATED  (0x6) /* includes valid */
+#define IP6_ADDRESS_STATE_TENTATIV    (0x8)
+
+/** 1 second period */
+#define ND6_TMR_INTERVAL 1000
+
+/* Router tables. */
+/* TODO make these static? and entries accessible through API? */
+extern struct nd6_neighbor_cache_entry neighbor_cache[];
+extern struct nd6_destination_cache_entry destination_cache[];
+extern struct nd6_prefix_list_entry prefix_list[];
+extern struct nd6_router_list_entry default_router_list[];
+
+/* Default values, can be updated by a RA message. */
+extern u32_t reachable_time;
+extern u32_t retrans_timer;
+
+#define nd6_init() /* TODO should we init tables? */
+void nd6_tmr(void);
+void nd6_input(struct pbuf *p, struct netif *inp);
+s8_t nd6_get_next_hop_entry(ip6_addr_t * ip6addr, struct netif * netif);
+s8_t nd6_select_router(ip6_addr_t * ip6addr, struct netif * netif);
+u16_t nd6_get_destination_mtu(ip6_addr_t * ip6addr, struct netif * netif);
+err_t nd6_queue_packet(s8_t neighbor_index, struct pbuf * p);
+#if LWIP_ND6_TCP_REACHABILITY_HINTS
+void nd6_reachability_hint(ip6_addr_t * ip6addr);
+#endif /* LWIP_ND6_TCP_REACHABILITY_HINTS */
+
+#ifdef __cplusplus
+}
+#endif
+
+#endif /* LWIP_IPV6 */
+
+#endif /* __LWIP_ND6_H__ */
diff --git a/client/3rd/PacketProcessor/PacketProcessor/tun2socks-iOS/lwip/src/include/lwip/api.h b/client/3rd/PacketProcessor/PacketProcessor/tun2socks-iOS/lwip/src/include/lwip/api.h
new file mode 100644
index 00000000..ac58eebb
--- /dev/null
+++ b/client/3rd/PacketProcessor/PacketProcessor/tun2socks-iOS/lwip/src/include/lwip/api.h
@@ -0,0 +1,338 @@
+/*
+ * Copyright (c) 2001-2004 Swedish Institute of Computer Science.
+ * All rights reserved. 
+ * 
+ * Redistribution and use in source and binary forms, with or without modification, 
+ * are permitted provided that the following conditions are met:
+ *
+ * 1. Redistributions of source code must retain the above copyright notice,
+ *    this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright notice,
+ *    this list of conditions and the following disclaimer in the documentation
+ *    and/or other materials provided with the distribution.
+ * 3. The name of the author may not be used to endorse or promote products
+ *    derived from this software without specific prior written permission. 
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE AUTHOR ``AS IS'' AND ANY EXPRESS OR IMPLIED 
+ * WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF 
+ * MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT 
+ * SHALL THE AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, 
+ * EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT 
+ * OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS 
+ * INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN 
+ * CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING 
+ * IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY 
+ * OF SUCH DAMAGE.
+ *
+ * This file is part of the lwIP TCP/IP stack.
+ * 
+ * Author: Adam Dunkels <adam@sics.se>
+ *
+ */
+#ifndef __LWIP_API_H__
+#define __LWIP_API_H__
+
+#include "lwip/opt.h"
+
+#if LWIP_NETCONN /* don't build if not configured for use in lwipopts.h */
+
+#include <stddef.h> /* for size_t */
+
+#include "lwip/netbuf.h"
+#include "lwip/sys.h"
+#include "lwip/ip_addr.h"
+#include "lwip/err.h"
+
+#ifdef __cplusplus
+extern "C" {
+#endif
+
+/* Throughout this file, IP addresses and port numbers are expected to be in
+ * the same byte order as in the corresponding pcb.
+ */
+
+/* Flags for netconn_write (u8_t) */
+#define NETCONN_NOFLAG    0x00
+#define NETCONN_NOCOPY    0x00 /* Only for source code compatibility */
+#define NETCONN_COPY      0x01
+#define NETCONN_MORE      0x02
+#define NETCONN_DONTBLOCK 0x04
+
+/* Flags for struct netconn.flags (u8_t) */
+/** TCP: when data passed to netconn_write doesn't fit into the send buffer,
+    this temporarily stores whether to wake up the original application task
+    if data couldn't be sent in the first try. */
+#define NETCONN_FLAG_WRITE_DELAYED            0x01
+/** Should this netconn avoid blocking? */
+#define NETCONN_FLAG_NON_BLOCKING             0x02
+/** Was the last connect action a non-blocking one? */
+#define NETCONN_FLAG_IN_NONBLOCKING_CONNECT   0x04
+/** If this is set, a TCP netconn must call netconn_recved() to update
+    the TCP receive window (done automatically if not set). */
+#define NETCONN_FLAG_NO_AUTO_RECVED           0x08
+/** If a nonblocking write has been rejected before, poll_tcp needs to
+    check if the netconn is writable again */
+#define NETCONN_FLAG_CHECK_WRITESPACE         0x10
+#if LWIP_IPV6
+/** If this flag is set then only IPv6 communication is allowed on the
+    netconn. As per RFC#3493 this features defaults to OFF allowing
+    dual-stack usage by default. */
+#define NETCONN_FLAG_IPV6_V6ONLY              0x20
+#endif /* LWIP_IPV6 */
+
+
+/* Helpers to process several netconn_types by the same code */
+#define NETCONNTYPE_GROUP(t)         ((t)&0xF0)
+#define NETCONNTYPE_DATAGRAM(t)      ((t)&0xE0)
+#if LWIP_IPV6
+#define NETCONN_TYPE_IPV6            0x08
+#define NETCONNTYPE_ISIPV6(t)        ((t)&0x08)
+#define NETCONNTYPE_ISUDPLITE(t)     (((t)&0xF7) == NETCONN_UDPLITE)
+#define NETCONNTYPE_ISUDPNOCHKSUM(t) (((t)&0xF7) == NETCONN_UDPNOCHKSUM)
+#else /* LWIP_IPV6 */
+#define NETCONNTYPE_ISUDPLITE(t)     ((t) == NETCONN_UDPLITE)
+#define NETCONNTYPE_ISUDPNOCHKSUM(t) ((t) == NETCONN_UDPNOCHKSUM)
+#endif /* LWIP_IPV6 */
+
+/** Protocol family and type of the netconn */
+enum netconn_type {
+  NETCONN_INVALID     = 0,
+  /* NETCONN_TCP Group */
+  NETCONN_TCP         = 0x10,
+#if LWIP_IPV6
+  NETCONN_TCP_IPV6    = NETCONN_TCP | NETCONN_TYPE_IPV6 /* 0x18 */,
+#endif /* LWIP_IPV6 */
+  /* NETCONN_UDP Group */
+  NETCONN_UDP         = 0x20,
+  NETCONN_UDPLITE     = 0x21,
+  NETCONN_UDPNOCHKSUM = 0x22,
+#if LWIP_IPV6
+  NETCONN_UDP_IPV6         = NETCONN_UDP | NETCONN_TYPE_IPV6 /* 0x28 */,
+  NETCONN_UDPLITE_IPV6     = NETCONN_UDPLITE | NETCONN_TYPE_IPV6 /* 0x29 */,
+  NETCONN_UDPNOCHKSUM_IPV6 = NETCONN_UDPNOCHKSUM | NETCONN_TYPE_IPV6 /* 0x2a */,
+#endif /* LWIP_IPV6 */
+  /* NETCONN_RAW Group */
+  NETCONN_RAW         = 0x40
+#if LWIP_IPV6
+  ,
+  NETCONN_RAW_IPV6    = NETCONN_RAW | NETCONN_TYPE_IPV6 /* 0x48 */
+#endif /* LWIP_IPV6 */
+};
+
+/** Current state of the netconn. Non-TCP netconns are always
+ * in state NETCONN_NONE! */
+enum netconn_state {
+  NETCONN_NONE,
+  NETCONN_WRITE,
+  NETCONN_LISTEN,
+  NETCONN_CONNECT,
+  NETCONN_CLOSE
+};
+
+/** Use to inform the callback function about changes */
+enum netconn_evt {
+  NETCONN_EVT_RCVPLUS,
+  NETCONN_EVT_RCVMINUS,
+  NETCONN_EVT_SENDPLUS,
+  NETCONN_EVT_SENDMINUS,
+  NETCONN_EVT_ERROR
+};
+
+#if LWIP_IGMP || (LWIP_IPV6 && LWIP_IPV6_MLD)
+/** Used for netconn_join_leave_group() */
+enum netconn_igmp {
+  NETCONN_JOIN,
+  NETCONN_LEAVE
+};
+#endif /* LWIP_IGMP || (LWIP_IPV6 && LWIP_IPV6_MLD) */
+
+/* forward-declare some structs to avoid to include their headers */
+struct ip_pcb;
+struct tcp_pcb;
+struct udp_pcb;
+struct raw_pcb;
+struct netconn;
+struct api_msg_msg;
+
+/** A callback prototype to inform about events for a netconn */
+typedef void (* netconn_callback)(struct netconn *, enum netconn_evt, u16_t len);
+
+/** A netconn descriptor */
+struct netconn {
+  /** type of the netconn (TCP, UDP or RAW) */
+  enum netconn_type type;
+  /** current state of the netconn */
+  enum netconn_state state;
+  /** the lwIP internal protocol control block */
+  union {
+    struct ip_pcb  *ip;
+    struct tcp_pcb *tcp;
+    struct udp_pcb *udp;
+    struct raw_pcb *raw;
+  } pcb;
+  /** the last error this netconn had */
+  err_t last_err;
+  /** sem that is used to synchroneously execute functions in the core context */
+  sys_sem_t op_completed;
+  /** mbox where received packets are stored until they are fetched
+      by the netconn application thread (can grow quite big) */
+  sys_mbox_t recvmbox;
+#if LWIP_TCP
+  /** mbox where new connections are stored until processed
+      by the application thread */
+  sys_mbox_t acceptmbox;
+#endif /* LWIP_TCP */
+  /** only used for socket layer */
+#if LWIP_SOCKET
+  int socket;
+#endif /* LWIP_SOCKET */
+#if LWIP_SO_SNDTIMEO
+  /** timeout to wait for sending data (which means enqueueing data for sending
+      in internal buffers) */
+  s32_t send_timeout;
+#endif /* LWIP_SO_RCVTIMEO */
+#if LWIP_SO_RCVTIMEO
+  /** timeout to wait for new data to be received
+      (or connections to arrive for listening netconns) */
+  int recv_timeout;
+#endif /* LWIP_SO_RCVTIMEO */
+#if LWIP_SO_RCVBUF
+  /** maximum amount of bytes queued in recvmbox
+      not used for TCP: adjust TCP_WND instead! */
+  int recv_bufsize;
+  /** number of bytes currently in recvmbox to be received,
+      tested against recv_bufsize to limit bytes on recvmbox
+      for UDP and RAW, used for FIONREAD */
+  s16_t recv_avail;
+#endif /* LWIP_SO_RCVBUF */
+  /** flags holding more netconn-internal state, see NETCONN_FLAG_* defines */
+  u8_t flags;
+#if LWIP_TCP
+  /** TCP: when data passed to netconn_write doesn't fit into the send buffer,
+      this temporarily stores how much is already sent. */
+  size_t write_offset;
+  /** TCP: when data passed to netconn_write doesn't fit into the send buffer,
+      this temporarily stores the message.
+      Also used during connect and close. */
+  struct api_msg_msg *current_msg;
+#endif /* LWIP_TCP */
+  /** A callback function that is informed about events for this netconn */
+  netconn_callback callback;
+};
+
+/** Register an Network connection event */
+#define API_EVENT(c,e,l) if (c->callback) {         \
+                           (*c->callback)(c, e, l); \
+                         }
+
+/** Set conn->last_err to err but don't overwrite fatal errors */
+#define NETCONN_SET_SAFE_ERR(conn, err) do { \
+  SYS_ARCH_DECL_PROTECT(lev); \
+  SYS_ARCH_PROTECT(lev); \
+  if (!ERR_IS_FATAL((conn)->last_err)) { \
+    (conn)->last_err = err; \
+  } \
+  SYS_ARCH_UNPROTECT(lev); \
+} while(0);
+
+/* Network connection functions: */
+#define netconn_new(t)                  netconn_new_with_proto_and_callback(t, 0, NULL)
+#define netconn_new_with_callback(t, c) netconn_new_with_proto_and_callback(t, 0, c)
+struct
+netconn *netconn_new_with_proto_and_callback(enum netconn_type t, u8_t proto,
+                                             netconn_callback callback);
+err_t   netconn_delete(struct netconn *conn);
+/** Get the type of a netconn (as enum netconn_type). */
+#define netconn_type(conn) (conn->type)
+
+err_t   netconn_getaddr(struct netconn *conn, ip_addr_t *addr,
+                        u16_t *port, u8_t local);
+#define netconn_peer(c,i,p) netconn_getaddr(c,i,p,0)
+#define netconn_addr(c,i,p) netconn_getaddr(c,i,p,1)
+
+err_t   netconn_bind(struct netconn *conn, ip_addr_t *addr, u16_t port);
+err_t   netconn_connect(struct netconn *conn, ip_addr_t *addr, u16_t port);
+err_t   netconn_disconnect (struct netconn *conn);
+err_t   netconn_listen_with_backlog(struct netconn *conn, u8_t backlog);
+#define netconn_listen(conn) netconn_listen_with_backlog(conn, TCP_DEFAULT_LISTEN_BACKLOG)
+err_t   netconn_accept(struct netconn *conn, struct netconn **new_conn);
+err_t   netconn_recv(struct netconn *conn, struct netbuf **new_buf);
+err_t   netconn_recv_tcp_pbuf(struct netconn *conn, struct pbuf **new_buf);
+void    netconn_recved(struct netconn *conn, u32_t length);
+err_t   netconn_sendto(struct netconn *conn, struct netbuf *buf,
+                       ip_addr_t *addr, u16_t port);
+err_t   netconn_send(struct netconn *conn, struct netbuf *buf);
+err_t   netconn_write_partly(struct netconn *conn, const void *dataptr, size_t size,
+                             u8_t apiflags, size_t *bytes_written);
+#define netconn_write(conn, dataptr, size, apiflags) \
+          netconn_write_partly(conn, dataptr, size, apiflags, NULL)
+err_t   netconn_close(struct netconn *conn);
+err_t   netconn_shutdown(struct netconn *conn, u8_t shut_rx, u8_t shut_tx);
+
+#if LWIP_IGMP || (LWIP_IPV6 && LWIP_IPV6_MLD)
+err_t   netconn_join_leave_group(struct netconn *conn, ip_addr_t *multiaddr,
+                                 ip_addr_t *netif_addr, enum netconn_igmp join_or_leave);
+#endif /* LWIP_IGMP || (LWIP_IPV6 && LWIP_IPV6_MLD) */
+#if LWIP_DNS
+err_t   netconn_gethostbyname(const char *name, ip_addr_t *addr);
+#endif /* LWIP_DNS */
+#if LWIP_IPV6
+
+#define netconn_bind_ip6(conn, ip6addr, port) (NETCONNTYPE_ISIPV6((conn)->type) ? \
+        netconn_bind(conn, ip6_2_ip(ip6addr), port) : ERR_VAL)
+#define netconn_connect_ip6(conn, ip6addr, port) (NETCONNTYPE_ISIPV6((conn)->type) ? \
+        netconn_connect(conn, ip6_2_ip(ip6addr), port) : ERR_VAL)
+#define netconn_sendto_ip6(conn, buf, ip6addr, port) (NETCONNTYPE_ISIPV6((conn)->type) ? \
+        netconn_sendto(conn, buf, ip6_2_ip(ip6addr), port) : ERR_VAL)
+#if LWIP_IPV6_MLD
+#define netconn_join_leave_group_ip6(conn, multiaddr, srcaddr, join_or_leave) (NETCONNTYPE_ISIPV6((conn)->type) ? \
+        netconn_join_leave_group(conn, ip6_2_ip(multiaddr), ip6_2_ip(srcaddr), join_or_leave) :\
+        ERR_VAL)
+#endif /* LWIP_IPV6_MLD*/
+#endif /* LWIP_IPV6 */
+
+#define netconn_err(conn)               ((conn)->last_err)
+#define netconn_recv_bufsize(conn)      ((conn)->recv_bufsize)
+
+/** Set the blocking status of netconn calls (@todo: write/send is missing) */
+#define netconn_set_nonblocking(conn, val)  do { if(val) { \
+  (conn)->flags |= NETCONN_FLAG_NON_BLOCKING; \
+} else { \
+  (conn)->flags &= ~ NETCONN_FLAG_NON_BLOCKING; }} while(0)
+/** Get the blocking status of netconn calls (@todo: write/send is missing) */
+#define netconn_is_nonblocking(conn)        (((conn)->flags & NETCONN_FLAG_NON_BLOCKING) != 0)
+
+/** TCP: Set the no-auto-recved status of netconn calls (see NETCONN_FLAG_NO_AUTO_RECVED) */
+#define netconn_set_noautorecved(conn, val)  do { if(val) { \
+  (conn)->flags |= NETCONN_FLAG_NO_AUTO_RECVED; \
+} else { \
+  (conn)->flags &= ~ NETCONN_FLAG_NO_AUTO_RECVED; }} while(0)
+/** TCP: Get the no-auto-recved status of netconn calls (see NETCONN_FLAG_NO_AUTO_RECVED) */
+#define netconn_get_noautorecved(conn)        (((conn)->flags & NETCONN_FLAG_NO_AUTO_RECVED) != 0)
+
+#if LWIP_SO_SNDTIMEO
+/** Set the send timeout in milliseconds */
+#define netconn_set_sendtimeout(conn, timeout)      ((conn)->send_timeout = (timeout))
+/** Get the send timeout in milliseconds */
+#define netconn_get_sendtimeout(conn)               ((conn)->send_timeout)
+#endif /* LWIP_SO_SNDTIMEO */
+#if LWIP_SO_RCVTIMEO
+/** Set the receive timeout in milliseconds */
+#define netconn_set_recvtimeout(conn, timeout)      ((conn)->recv_timeout = (timeout))
+/** Get the receive timeout in milliseconds */
+#define netconn_get_recvtimeout(conn)               ((conn)->recv_timeout)
+#endif /* LWIP_SO_RCVTIMEO */
+#if LWIP_SO_RCVBUF
+/** Set the receive buffer in bytes */
+#define netconn_set_recvbufsize(conn, recvbufsize)  ((conn)->recv_bufsize = (recvbufsize))
+/** Get the receive buffer in bytes */
+#define netconn_get_recvbufsize(conn)               ((conn)->recv_bufsize)
+#endif /* LWIP_SO_RCVBUF*/
+
+#ifdef __cplusplus
+}
+#endif
+
+#endif /* LWIP_NETCONN */
+
+#endif /* __LWIP_API_H__ */
diff --git a/client/3rd/PacketProcessor/PacketProcessor/tun2socks-iOS/lwip/src/include/lwip/api_msg.h b/client/3rd/PacketProcessor/PacketProcessor/tun2socks-iOS/lwip/src/include/lwip/api_msg.h
new file mode 100644
index 00000000..8268036a
--- /dev/null
+++ b/client/3rd/PacketProcessor/PacketProcessor/tun2socks-iOS/lwip/src/include/lwip/api_msg.h
@@ -0,0 +1,177 @@
+/*
+ * Copyright (c) 2001-2004 Swedish Institute of Computer Science.
+ * All rights reserved. 
+ * 
+ * Redistribution and use in source and binary forms, with or without modification, 
+ * are permitted provided that the following conditions are met:
+ *
+ * 1. Redistributions of source code must retain the above copyright notice,
+ *    this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright notice,
+ *    this list of conditions and the following disclaimer in the documentation
+ *    and/or other materials provided with the distribution.
+ * 3. The name of the author may not be used to endorse or promote products
+ *    derived from this software without specific prior written permission. 
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE AUTHOR ``AS IS'' AND ANY EXPRESS OR IMPLIED 
+ * WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF 
+ * MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT 
+ * SHALL THE AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, 
+ * EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT 
+ * OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS 
+ * INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN 
+ * CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING 
+ * IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY 
+ * OF SUCH DAMAGE.
+ *
+ * This file is part of the lwIP TCP/IP stack.
+ * 
+ * Author: Adam Dunkels <adam@sics.se>
+ *
+ */
+#ifndef __LWIP_API_MSG_H__
+#define __LWIP_API_MSG_H__
+
+#include "lwip/opt.h"
+
+#if LWIP_NETCONN /* don't build if not configured for use in lwipopts.h */
+
+#include <stddef.h> /* for size_t */
+
+#include "lwip/ip_addr.h"
+#include "lwip/err.h"
+#include "lwip/sys.h"
+#include "lwip/igmp.h"
+#include "lwip/api.h"
+
+#ifdef __cplusplus
+extern "C" {
+#endif
+
+/* For the netconn API, these values are use as a bitmask! */
+#define NETCONN_SHUT_RD   1
+#define NETCONN_SHUT_WR   2
+#define NETCONN_SHUT_RDWR (NETCONN_SHUT_RD | NETCONN_SHUT_WR)
+
+/* IP addresses and port numbers are expected to be in
+ * the same byte order as in the corresponding pcb.
+ */
+/** This struct includes everything that is necessary to execute a function
+    for a netconn in another thread context (mainly used to process netconns
+    in the tcpip_thread context to be thread safe). */
+struct api_msg_msg {
+  /** The netconn which to process - always needed: it includes the semaphore
+      which is used to block the application thread until the function finished. */
+  struct netconn *conn;
+  /** The return value of the function executed in tcpip_thread. */
+  err_t err;
+  /** Depending on the executed function, one of these union members is used */
+  union {
+    /** used for lwip_netconn_do_send */
+    struct netbuf *b;
+    /** used for lwip_netconn_do_newconn */
+    struct {
+      u8_t proto;
+    } n;
+    /** used for lwip_netconn_do_bind and lwip_netconn_do_connect */
+    struct {
+      ip_addr_t *ipaddr;
+      u16_t port;
+    } bc;
+    /** used for lwip_netconn_do_getaddr */
+    struct {
+      ipX_addr_t *ipaddr;
+      u16_t *port;
+      u8_t local;
+    } ad;
+    /** used for lwip_netconn_do_write */
+    struct {
+      const void *dataptr;
+      size_t len;
+      u8_t apiflags;
+#if LWIP_SO_SNDTIMEO
+      u32_t time_started;
+#endif /* LWIP_SO_SNDTIMEO */
+    } w;
+    /** used for lwip_netconn_do_recv */
+    struct {
+      u32_t len;
+    } r;
+    /** used for lwip_netconn_do_close (/shutdown) */
+    struct {
+      u8_t shut;
+    } sd;
+#if LWIP_IGMP || (LWIP_IPV6 && LWIP_IPV6_MLD)
+    /** used for lwip_netconn_do_join_leave_group */
+    struct {
+      ipX_addr_t *multiaddr;
+      ipX_addr_t *netif_addr;
+      enum netconn_igmp join_or_leave;
+    } jl;
+#endif /* LWIP_IGMP || (LWIP_IPV6 && LWIP_IPV6_MLD) */
+#if TCP_LISTEN_BACKLOG
+    struct {
+      u8_t backlog;
+    } lb;
+#endif /* TCP_LISTEN_BACKLOG */
+  } msg;
+};
+
+/** This struct contains a function to execute in another thread context and
+    a struct api_msg_msg that serves as an argument for this function.
+    This is passed to tcpip_apimsg to execute functions in tcpip_thread context. */
+struct api_msg {
+  /** function to execute in tcpip_thread context */
+  void (* function)(struct api_msg_msg *msg);
+  /** arguments for this function */
+  struct api_msg_msg msg;
+};
+
+#if LWIP_DNS
+/** As lwip_netconn_do_gethostbyname requires more arguments but doesn't require a netconn,
+    it has its own struct (to avoid struct api_msg getting bigger than necessary).
+    lwip_netconn_do_gethostbyname must be called using tcpip_callback instead of tcpip_apimsg
+    (see netconn_gethostbyname). */
+struct dns_api_msg {
+  /** Hostname to query or dotted IP address string */
+  const char *name;
+  /** Rhe resolved address is stored here */
+  ip_addr_t *addr;
+  /** This semaphore is posted when the name is resolved, the application thread
+      should wait on it. */
+  sys_sem_t *sem;
+  /** Errors are given back here */
+  err_t *err;
+};
+#endif /* LWIP_DNS */
+
+void lwip_netconn_do_newconn         ( struct api_msg_msg *msg);
+void lwip_netconn_do_delconn         ( struct api_msg_msg *msg);
+void lwip_netconn_do_bind            ( struct api_msg_msg *msg);
+void lwip_netconn_do_connect         ( struct api_msg_msg *msg);
+void lwip_netconn_do_disconnect      ( struct api_msg_msg *msg);
+void lwip_netconn_do_listen          ( struct api_msg_msg *msg);
+void lwip_netconn_do_send            ( struct api_msg_msg *msg);
+void lwip_netconn_do_recv            ( struct api_msg_msg *msg);
+void lwip_netconn_do_write           ( struct api_msg_msg *msg);
+void lwip_netconn_do_getaddr         ( struct api_msg_msg *msg);
+void lwip_netconn_do_close           ( struct api_msg_msg *msg);
+void lwip_netconn_do_shutdown        ( struct api_msg_msg *msg);
+#if LWIP_IGMP || (LWIP_IPV6 && LWIP_IPV6_MLD)
+void lwip_netconn_do_join_leave_group( struct api_msg_msg *msg);
+#endif /* LWIP_IGMP || (LWIP_IPV6 && LWIP_IPV6_MLD) */
+
+#if LWIP_DNS
+void lwip_netconn_do_gethostbyname(void *arg);
+#endif /* LWIP_DNS */
+
+struct netconn* netconn_alloc(enum netconn_type t, netconn_callback callback);
+void netconn_free(struct netconn *conn);
+
+#ifdef __cplusplus
+}
+#endif
+
+#endif /* LWIP_NETCONN */
+
+#endif /* __LWIP_API_MSG_H__ */
diff --git a/client/3rd/PacketProcessor/PacketProcessor/tun2socks-iOS/lwip/src/include/lwip/arch.h b/client/3rd/PacketProcessor/PacketProcessor/tun2socks-iOS/lwip/src/include/lwip/arch.h
new file mode 100644
index 00000000..5adae9ef
--- /dev/null
+++ b/client/3rd/PacketProcessor/PacketProcessor/tun2socks-iOS/lwip/src/include/lwip/arch.h
@@ -0,0 +1,209 @@
+/*
+ * Copyright (c) 2001-2004 Swedish Institute of Computer Science.
+ * All rights reserved. 
+ * 
+ * Redistribution and use in source and binary forms, with or without modification, 
+ * are permitted provided that the following conditions are met:
+ *
+ * 1. Redistributions of source code must retain the above copyright notice,
+ *    this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright notice,
+ *    this list of conditions and the following disclaimer in the documentation
+ *    and/or other materials provided with the distribution.
+ * 3. The name of the author may not be used to endorse or promote products
+ *    derived from this software without specific prior written permission. 
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE AUTHOR ``AS IS'' AND ANY EXPRESS OR IMPLIED 
+ * WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF 
+ * MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT 
+ * SHALL THE AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, 
+ * EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT 
+ * OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS 
+ * INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN 
+ * CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING 
+ * IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY 
+ * OF SUCH DAMAGE.
+ *
+ * This file is part of the lwIP TCP/IP stack.
+ * 
+ * Author: Adam Dunkels <adam@sics.se>
+ *
+ */
+#ifndef __LWIP_ARCH_H__
+#define __LWIP_ARCH_H__
+
+#include "arch/cc.h"
+
+/** Temporary: define format string for size_t if not defined in cc.h */
+#ifndef SZT_F
+#define SZT_F U32_F
+#endif /* SZT_F */
+/** Temporary upgrade helper: define format string for u8_t as hex if not
+    defined in cc.h */
+#ifndef X8_F
+#define X8_F  "02x"
+#endif /* X8_F */
+
+#ifdef __cplusplus
+extern "C" {
+#endif
+
+#ifndef PACK_STRUCT_BEGIN
+#define PACK_STRUCT_BEGIN
+#endif /* PACK_STRUCT_BEGIN */
+
+#ifndef PACK_STRUCT_END
+#define PACK_STRUCT_END
+#endif /* PACK_STRUCT_END */
+
+#ifndef PACK_STRUCT_FIELD
+#define PACK_STRUCT_FIELD(x) x
+#endif /* PACK_STRUCT_FIELD */
+
+
+#ifndef LWIP_UNUSED_ARG
+#define LWIP_UNUSED_ARG(x) (void)x
+#endif /* LWIP_UNUSED_ARG */ 
+
+
+#ifdef LWIP_PROVIDE_ERRNO
+
+#define  EPERM         1  /* Operation not permitted */
+#define  ENOENT        2  /* No such file or directory */
+#define  ESRCH         3  /* No such process */
+#define  EINTR         4  /* Interrupted system call */
+#define  EIO           5  /* I/O error */
+#define  ENXIO         6  /* No such device or address */
+#define  E2BIG         7  /* Arg list too long */
+#define  ENOEXEC       8  /* Exec format error */
+#define  EBADF         9  /* Bad file number */
+#define  ECHILD       10  /* No child processes */
+#define  EAGAIN       11  /* Try again */
+#define  ENOMEM       12  /* Out of memory */
+#define  EACCES       13  /* Permission denied */
+#define  EFAULT       14  /* Bad address */
+#define  ENOTBLK      15  /* Block device required */
+#define  EBUSY        16  /* Device or resource busy */
+#define  EEXIST       17  /* File exists */
+#define  EXDEV        18  /* Cross-device link */
+#define  ENODEV       19  /* No such device */
+#define  ENOTDIR      20  /* Not a directory */
+#define  EISDIR       21  /* Is a directory */
+#define  EINVAL       22  /* Invalid argument */
+#define  ENFILE       23  /* File table overflow */
+#define  EMFILE       24  /* Too many open files */
+#define  ENOTTY       25  /* Not a typewriter */
+#define  ETXTBSY      26  /* Text file busy */
+#define  EFBIG        27  /* File too large */
+#define  ENOSPC       28  /* No space left on device */
+#define  ESPIPE       29  /* Illegal seek */
+#define  EROFS        30  /* Read-only file system */
+#define  EMLINK       31  /* Too many links */
+#define  EPIPE        32  /* Broken pipe */
+#define  EDOM         33  /* Math argument out of domain of func */
+#define  ERANGE       34  /* Math result not representable */
+#define  EDEADLK      35  /* Resource deadlock would occur */
+#define  ENAMETOOLONG 36  /* File name too long */
+#define  ENOLCK       37  /* No record locks available */
+#define  ENOSYS       38  /* Function not implemented */
+#define  ENOTEMPTY    39  /* Directory not empty */
+#define  ELOOP        40  /* Too many symbolic links encountered */
+#define  EWOULDBLOCK  EAGAIN  /* Operation would block */
+#define  ENOMSG       42  /* No message of desired type */
+#define  EIDRM        43  /* Identifier removed */
+#define  ECHRNG       44  /* Channel number out of range */
+#define  EL2NSYNC     45  /* Level 2 not synchronized */
+#define  EL3HLT       46  /* Level 3 halted */
+#define  EL3RST       47  /* Level 3 reset */
+#define  ELNRNG       48  /* Link number out of range */
+#define  EUNATCH      49  /* Protocol driver not attached */
+#define  ENOCSI       50  /* No CSI structure available */
+#define  EL2HLT       51  /* Level 2 halted */
+#define  EBADE        52  /* Invalid exchange */
+#define  EBADR        53  /* Invalid request descriptor */
+#define  EXFULL       54  /* Exchange full */
+#define  ENOANO       55  /* No anode */
+#define  EBADRQC      56  /* Invalid request code */
+#define  EBADSLT      57  /* Invalid slot */
+
+#define  EDEADLOCK    EDEADLK
+
+#define  EBFONT       59  /* Bad font file format */
+#define  ENOSTR       60  /* Device not a stream */
+#define  ENODATA      61  /* No data available */
+#define  ETIME        62  /* Timer expired */
+#define  ENOSR        63  /* Out of streams resources */
+#define  ENONET       64  /* Machine is not on the network */
+#define  ENOPKG       65  /* Package not installed */
+#define  EREMOTE      66  /* Object is remote */
+#define  ENOLINK      67  /* Link has been severed */
+#define  EADV         68  /* Advertise error */
+#define  ESRMNT       69  /* Srmount error */
+#define  ECOMM        70  /* Communication error on send */
+#define  EPROTO       71  /* Protocol error */
+#define  EMULTIHOP    72  /* Multihop attempted */
+#define  EDOTDOT      73  /* RFS specific error */
+#define  EBADMSG      74  /* Not a data message */
+#define  EOVERFLOW    75  /* Value too large for defined data type */
+#define  ENOTUNIQ     76  /* Name not unique on network */
+#define  EBADFD       77  /* File descriptor in bad state */
+#define  EREMCHG      78  /* Remote address changed */
+#define  ELIBACC      79  /* Can not access a needed shared library */
+#define  ELIBBAD      80  /* Accessing a corrupted shared library */
+#define  ELIBSCN      81  /* .lib section in a.out corrupted */
+#define  ELIBMAX      82  /* Attempting to link in too many shared libraries */
+#define  ELIBEXEC     83  /* Cannot exec a shared library directly */
+#define  EILSEQ       84  /* Illegal byte sequence */
+#define  ERESTART     85  /* Interrupted system call should be restarted */
+#define  ESTRPIPE     86  /* Streams pipe error */
+#define  EUSERS       87  /* Too many users */
+#define  ENOTSOCK     88  /* Socket operation on non-socket */
+#define  EDESTADDRREQ 89  /* Destination address required */
+#define  EMSGSIZE     90  /* Message too long */
+#define  EPROTOTYPE   91  /* Protocol wrong type for socket */
+#define  ENOPROTOOPT  92  /* Protocol not available */
+#define  EPROTONOSUPPORT 93  /* Protocol not supported */
+#define  ESOCKTNOSUPPORT 94  /* Socket type not supported */
+#define  EOPNOTSUPP      95  /* Operation not supported on transport endpoint */
+#define  EPFNOSUPPORT    96  /* Protocol family not supported */
+#define  EAFNOSUPPORT    97  /* Address family not supported by protocol */
+#define  EADDRINUSE      98  /* Address already in use */
+#define  EADDRNOTAVAIL   99  /* Cannot assign requested address */
+#define  ENETDOWN       100  /* Network is down */
+#define  ENETUNREACH    101  /* Network is unreachable */
+#define  ENETRESET      102  /* Network dropped connection because of reset */
+#define  ECONNABORTED   103  /* Software caused connection abort */
+#define  ECONNRESET     104  /* Connection reset by peer */
+#define  ENOBUFS        105  /* No buffer space available */
+#define  EISCONN        106  /* Transport endpoint is already connected */
+#define  ENOTCONN       107  /* Transport endpoint is not connected */
+#define  ESHUTDOWN      108  /* Cannot send after transport endpoint shutdown */
+#define  ETOOMANYREFS   109  /* Too many references: cannot splice */
+#define  ETIMEDOUT      110  /* Connection timed out */
+#define  ECONNREFUSED   111  /* Connection refused */
+#define  EHOSTDOWN      112  /* Host is down */
+#define  EHOSTUNREACH   113  /* No route to host */
+#define  EALREADY       114  /* Operation already in progress */
+#define  EINPROGRESS    115  /* Operation now in progress */
+#define  ESTALE         116  /* Stale NFS file handle */
+#define  EUCLEAN        117  /* Structure needs cleaning */
+#define  ENOTNAM        118  /* Not a XENIX named type file */
+#define  ENAVAIL        119  /* No XENIX semaphores available */
+#define  EISNAM         120  /* Is a named type file */
+#define  EREMOTEIO      121  /* Remote I/O error */
+#define  EDQUOT         122  /* Quota exceeded */
+
+#define  ENOMEDIUM      123  /* No medium found */
+#define  EMEDIUMTYPE    124  /* Wrong medium type */
+
+#ifndef errno
+extern int errno;
+#endif
+
+#endif /* LWIP_PROVIDE_ERRNO */
+
+#ifdef __cplusplus
+}
+#endif
+
+#endif /* __LWIP_ARCH_H__ */
diff --git a/client/3rd/PacketProcessor/PacketProcessor/tun2socks-iOS/lwip/src/include/lwip/debug.h b/client/3rd/PacketProcessor/PacketProcessor/tun2socks-iOS/lwip/src/include/lwip/debug.h
new file mode 100644
index 00000000..0fe04139
--- /dev/null
+++ b/client/3rd/PacketProcessor/PacketProcessor/tun2socks-iOS/lwip/src/include/lwip/debug.h
@@ -0,0 +1,99 @@
+/*
+ * Copyright (c) 2001-2004 Swedish Institute of Computer Science.
+ * All rights reserved. 
+ * 
+ * Redistribution and use in source and binary forms, with or without modification, 
+ * are permitted provided that the following conditions are met:
+ *
+ * 1. Redistributions of source code must retain the above copyright notice,
+ *    this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright notice,
+ *    this list of conditions and the following disclaimer in the documentation
+ *    and/or other materials provided with the distribution.
+ * 3. The name of the author may not be used to endorse or promote products
+ *    derived from this software without specific prior written permission. 
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE AUTHOR ``AS IS'' AND ANY EXPRESS OR IMPLIED 
+ * WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF 
+ * MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT 
+ * SHALL THE AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, 
+ * EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT 
+ * OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS 
+ * INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN 
+ * CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING 
+ * IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY 
+ * OF SUCH DAMAGE.
+ *
+ * This file is part of the lwIP TCP/IP stack.
+ * 
+ * Author: Adam Dunkels <adam@sics.se>
+ *
+ */
+#ifndef __LWIP_DEBUG_H__
+#define __LWIP_DEBUG_H__
+
+#include "lwip/arch.h"
+#include "lwip/opt.h"
+
+/** lower two bits indicate debug level
+ * - 0 all
+ * - 1 warning
+ * - 2 serious
+ * - 3 severe
+ */
+#define LWIP_DBG_LEVEL_ALL     0x00
+#define LWIP_DBG_LEVEL_OFF     LWIP_DBG_LEVEL_ALL /* compatibility define only */
+#define LWIP_DBG_LEVEL_WARNING 0x01 /* bad checksums, dropped packets, ... */
+#define LWIP_DBG_LEVEL_SERIOUS 0x02 /* memory allocation failures, ... */
+#define LWIP_DBG_LEVEL_SEVERE  0x03
+#define LWIP_DBG_MASK_LEVEL    0x03
+
+/** flag for LWIP_DEBUGF to enable that debug message */
+#define LWIP_DBG_ON            0x80U
+/** flag for LWIP_DEBUGF to disable that debug message */
+#define LWIP_DBG_OFF           0x00U
+
+/** flag for LWIP_DEBUGF indicating a tracing message (to follow program flow) */
+#define LWIP_DBG_TRACE         0x40U
+/** flag for LWIP_DEBUGF indicating a state debug message (to follow module states) */
+#define LWIP_DBG_STATE         0x20U
+/** flag for LWIP_DEBUGF indicating newly added code, not thoroughly tested yet */
+#define LWIP_DBG_FRESH         0x10U
+/** flag for LWIP_DEBUGF to halt after printing this debug message */
+#define LWIP_DBG_HALT          0x08U
+
+#ifndef LWIP_NOASSERT
+#define LWIP_ASSERT(message, assertion) do { if(!(assertion)) \
+  LWIP_PLATFORM_ASSERT(message); } while(0)
+#else  /* LWIP_NOASSERT */
+#define LWIP_ASSERT(message, assertion) 
+#endif /* LWIP_NOASSERT */
+
+/** if "expression" isn't true, then print "message" and execute "handler" expression */
+#ifndef LWIP_ERROR
+#define LWIP_ERROR(message, expression, handler) do { if (!(expression)) { \
+  LWIP_PLATFORM_ASSERT(message); handler;}} while(0)
+#endif /* LWIP_ERROR */
+
+#ifdef LWIP_DEBUG
+/** print debug message only if debug message type is enabled...
+ *  AND is of correct type AND is at least LWIP_DBG_LEVEL
+ */
+#define LWIP_DEBUGF(debug, message) do { \
+                               if ( \
+                                   ((debug) & LWIP_DBG_ON) && \
+                                   ((debug) & LWIP_DBG_TYPES_ON) && \
+                                   ((s16_t)((debug) & LWIP_DBG_MASK_LEVEL) >= LWIP_DBG_MIN_LEVEL)) { \
+                                 LWIP_PLATFORM_DIAG(message); \
+                                 if ((debug) & LWIP_DBG_HALT) { \
+                                   while(1); \
+                                 } \
+                               } \
+                             } while(0)
+
+#else  /* LWIP_DEBUG */
+#define LWIP_DEBUGF(debug, message) 
+#endif /* LWIP_DEBUG */
+
+#endif /* __LWIP_DEBUG_H__ */
+
diff --git a/client/3rd/PacketProcessor/PacketProcessor/tun2socks-iOS/lwip/src/include/lwip/def.h b/client/3rd/PacketProcessor/PacketProcessor/tun2socks-iOS/lwip/src/include/lwip/def.h
new file mode 100644
index 00000000..73a1b560
--- /dev/null
+++ b/client/3rd/PacketProcessor/PacketProcessor/tun2socks-iOS/lwip/src/include/lwip/def.h
@@ -0,0 +1,123 @@
+/*
+ * Copyright (c) 2001-2004 Swedish Institute of Computer Science.
+ * All rights reserved. 
+ * 
+ * Redistribution and use in source and binary forms, with or without modification, 
+ * are permitted provided that the following conditions are met:
+ *
+ * 1. Redistributions of source code must retain the above copyright notice,
+ *    this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright notice,
+ *    this list of conditions and the following disclaimer in the documentation
+ *    and/or other materials provided with the distribution.
+ * 3. The name of the author may not be used to endorse or promote products
+ *    derived from this software without specific prior written permission. 
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE AUTHOR ``AS IS'' AND ANY EXPRESS OR IMPLIED 
+ * WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF 
+ * MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT 
+ * SHALL THE AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, 
+ * EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT 
+ * OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS 
+ * INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN 
+ * CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING 
+ * IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY 
+ * OF SUCH DAMAGE.
+ *
+ * This file is part of the lwIP TCP/IP stack.
+ * 
+ * Author: Adam Dunkels <adam@sics.se>
+ *
+ */
+#ifndef __LWIP_DEF_H__
+#define __LWIP_DEF_H__
+
+/* arch.h might define NULL already */
+#include "lwip/arch.h"
+#include "lwip/opt.h"
+
+#ifdef __cplusplus
+extern "C" {
+#endif
+
+#define LWIP_MAX(x , y)  (((x) > (y)) ? (x) : (y))
+#define LWIP_MIN(x , y)  (((x) < (y)) ? (x) : (y))
+
+#ifndef NULL
+#define NULL ((void *)0)
+#endif
+
+/* Endianess-optimized shifting of two u8_t to create one u16_t */
+#if BYTE_ORDER == LITTLE_ENDIAN
+#define LWIP_MAKE_U16(a, b) ((a << 8) | b)
+#else
+#define LWIP_MAKE_U16(a, b) ((b << 8) | a)
+#endif 
+
+#ifndef LWIP_PLATFORM_BYTESWAP
+#define LWIP_PLATFORM_BYTESWAP 0
+#endif
+
+#ifndef LWIP_PREFIX_BYTEORDER_FUNCS
+/* workaround for naming collisions on some platforms */
+
+#ifdef htons
+#undef htons
+#endif /* htons */
+#ifdef htonl
+#undef htonl
+#endif /* htonl */
+#ifdef ntohs
+#undef ntohs
+#endif /* ntohs */
+#ifdef ntohl
+#undef ntohl
+#endif /* ntohl */
+
+#define htons(x) lwip_htons(x)
+#define ntohs(x) lwip_ntohs(x)
+#define htonl(x) lwip_htonl(x)
+#define ntohl(x) lwip_ntohl(x)
+#endif /* LWIP_PREFIX_BYTEORDER_FUNCS */
+
+#if BYTE_ORDER == BIG_ENDIAN
+#define lwip_htons(x) (x)
+#define lwip_ntohs(x) (x)
+#define lwip_htonl(x) (x)
+#define lwip_ntohl(x) (x)
+#define PP_HTONS(x) (x)
+#define PP_NTOHS(x) (x)
+#define PP_HTONL(x) (x)
+#define PP_NTOHL(x) (x)
+#else /* BYTE_ORDER != BIG_ENDIAN */
+#if LWIP_PLATFORM_BYTESWAP
+#define lwip_htons(x) LWIP_PLATFORM_HTONS(x)
+#define lwip_ntohs(x) LWIP_PLATFORM_HTONS(x)
+#define lwip_htonl(x) LWIP_PLATFORM_HTONL(x)
+#define lwip_ntohl(x) LWIP_PLATFORM_HTONL(x)
+#else /* LWIP_PLATFORM_BYTESWAP */
+u16_t lwip_htons(u16_t x);
+u16_t lwip_ntohs(u16_t x);
+u32_t lwip_htonl(u32_t x);
+u32_t lwip_ntohl(u32_t x);
+#endif /* LWIP_PLATFORM_BYTESWAP */
+
+/* These macros should be calculated by the preprocessor and are used
+   with compile-time constants only (so that there is no little-endian
+   overhead at runtime). */
+#define PP_HTONS(x) ((((x) & 0xff) << 8) | (((x) & 0xff00) >> 8))
+#define PP_NTOHS(x) PP_HTONS(x)
+#define PP_HTONL(x) ((((x) & 0xff) << 24) | \
+                     (((x) & 0xff00) << 8) | \
+                     (((x) & 0xff0000UL) >> 8) | \
+                     (((x) & 0xff000000UL) >> 24))
+#define PP_NTOHL(x) PP_HTONL(x)
+
+#endif /* BYTE_ORDER == BIG_ENDIAN */
+
+#ifdef __cplusplus
+}
+#endif
+
+#endif /* __LWIP_DEF_H__ */
+
diff --git a/client/3rd/PacketProcessor/PacketProcessor/tun2socks-iOS/lwip/src/include/lwip/dhcp.h b/client/3rd/PacketProcessor/PacketProcessor/tun2socks-iOS/lwip/src/include/lwip/dhcp.h
new file mode 100644
index 00000000..32d93381
--- /dev/null
+++ b/client/3rd/PacketProcessor/PacketProcessor/tun2socks-iOS/lwip/src/include/lwip/dhcp.h
@@ -0,0 +1,242 @@
+/** @file
+ */
+
+#ifndef __LWIP_DHCP_H__
+#define __LWIP_DHCP_H__
+
+#include "lwip/opt.h"
+
+#if LWIP_DHCP /* don't build if not configured for use in lwipopts.h */
+
+#include "lwip/netif.h"
+#include "lwip/udp.h"
+
+#ifdef __cplusplus
+extern "C" {
+#endif
+
+/** period (in seconds) of the application calling dhcp_coarse_tmr() */
+#define DHCP_COARSE_TIMER_SECS 60 
+/** period (in milliseconds) of the application calling dhcp_coarse_tmr() */
+#define DHCP_COARSE_TIMER_MSECS (DHCP_COARSE_TIMER_SECS * 1000UL)
+/** period (in milliseconds) of the application calling dhcp_fine_tmr() */
+#define DHCP_FINE_TIMER_MSECS 500 
+
+#define DHCP_CHADDR_LEN 16U
+#define DHCP_SNAME_LEN  64U
+#define DHCP_FILE_LEN   128U
+
+struct dhcp
+{
+  /** transaction identifier of last sent request */ 
+  u32_t xid;
+  /** our connection to the DHCP server */ 
+  struct udp_pcb *pcb;
+  /** incoming msg */
+  struct dhcp_msg *msg_in;
+  /** current DHCP state machine state */
+  u8_t state;
+  /** retries of current request */
+  u8_t tries;
+#if LWIP_DHCP_AUTOIP_COOP
+  u8_t autoip_coop_state;
+#endif
+  u8_t subnet_mask_given;
+
+  struct pbuf *p_out; /* pbuf of outcoming msg */
+  struct dhcp_msg *msg_out; /* outgoing msg */
+  u16_t options_out_len; /* outgoing msg options length */
+  u16_t request_timeout; /* #ticks with period DHCP_FINE_TIMER_SECS for request timeout */
+  u16_t t1_timeout;  /* #ticks with period DHCP_COARSE_TIMER_SECS for renewal time */
+  u16_t t2_timeout;  /* #ticks with period DHCP_COARSE_TIMER_SECS for rebind time */
+  ip_addr_t server_ip_addr; /* dhcp server address that offered this lease */
+  ip_addr_t offered_ip_addr;
+  ip_addr_t offered_sn_mask;
+  ip_addr_t offered_gw_addr;
+ 
+  u32_t offered_t0_lease; /* lease period (in seconds) */
+  u32_t offered_t1_renew; /* recommended renew time (usually 50% of lease period) */
+  u32_t offered_t2_rebind; /* recommended rebind time (usually 66% of lease period)  */
+  /* @todo: LWIP_DHCP_BOOTP_FILE configuration option?
+     integrate with possible TFTP-client for booting? */
+#if LWIP_DHCP_BOOTP_FILE
+  ip_addr_t offered_si_addr;
+  char boot_file_name[DHCP_FILE_LEN];
+#endif /* LWIP_DHCP_BOOTPFILE */
+};
+
+/* MUST be compiled with "pack structs" or equivalent! */
+#ifdef PACK_STRUCT_USE_INCLUDES
+#  include "arch/bpstruct.h"
+#endif
+PACK_STRUCT_BEGIN
+/** minimum set of fields of any DHCP message */
+struct dhcp_msg
+{
+  PACK_STRUCT_FIELD(u8_t op);
+  PACK_STRUCT_FIELD(u8_t htype);
+  PACK_STRUCT_FIELD(u8_t hlen);
+  PACK_STRUCT_FIELD(u8_t hops);
+  PACK_STRUCT_FIELD(u32_t xid);
+  PACK_STRUCT_FIELD(u16_t secs);
+  PACK_STRUCT_FIELD(u16_t flags);
+  PACK_STRUCT_FIELD(ip_addr_p_t ciaddr);
+  PACK_STRUCT_FIELD(ip_addr_p_t yiaddr);
+  PACK_STRUCT_FIELD(ip_addr_p_t siaddr);
+  PACK_STRUCT_FIELD(ip_addr_p_t giaddr);
+  PACK_STRUCT_FIELD(u8_t chaddr[DHCP_CHADDR_LEN]);
+  PACK_STRUCT_FIELD(u8_t sname[DHCP_SNAME_LEN]);
+  PACK_STRUCT_FIELD(u8_t file[DHCP_FILE_LEN]);
+  PACK_STRUCT_FIELD(u32_t cookie);
+#define DHCP_MIN_OPTIONS_LEN 68U
+/** make sure user does not configure this too small */
+#if ((defined(DHCP_OPTIONS_LEN)) && (DHCP_OPTIONS_LEN < DHCP_MIN_OPTIONS_LEN))
+#  undef DHCP_OPTIONS_LEN
+#endif
+/** allow this to be configured in lwipopts.h, but not too small */
+#if (!defined(DHCP_OPTIONS_LEN))
+/** set this to be sufficient for your options in outgoing DHCP msgs */
+#  define DHCP_OPTIONS_LEN DHCP_MIN_OPTIONS_LEN
+#endif
+  PACK_STRUCT_FIELD(u8_t options[DHCP_OPTIONS_LEN]);
+} PACK_STRUCT_STRUCT;
+PACK_STRUCT_END
+#ifdef PACK_STRUCT_USE_INCLUDES
+#  include "arch/epstruct.h"
+#endif
+
+void dhcp_set_struct(struct netif *netif, struct dhcp *dhcp);
+/** Remove a struct dhcp previously set to the netif using dhcp_set_struct() */
+#define dhcp_remove_struct(netif) do { (netif)->dhcp = NULL; } while(0)
+void dhcp_cleanup(struct netif *netif);
+/** start DHCP configuration */
+err_t dhcp_start(struct netif *netif);
+/** enforce early lease renewal (not needed normally)*/
+err_t dhcp_renew(struct netif *netif);
+/** release the DHCP lease, usually called before dhcp_stop()*/
+err_t dhcp_release(struct netif *netif);
+/** stop DHCP configuration */
+void dhcp_stop(struct netif *netif);
+/** inform server of our manual IP address */
+void dhcp_inform(struct netif *netif);
+/** Handle a possible change in the network configuration */
+void dhcp_network_changed(struct netif *netif);
+
+/** if enabled, check whether the offered IP address is not in use, using ARP */
+#if DHCP_DOES_ARP_CHECK
+void dhcp_arp_reply(struct netif *netif, ip_addr_t *addr);
+#endif
+
+/** to be called every minute */
+void dhcp_coarse_tmr(void);
+/** to be called every half second */
+void dhcp_fine_tmr(void);
+ 
+/** DHCP message item offsets and length */
+#define DHCP_OP_OFS       0
+#define DHCP_HTYPE_OFS    1
+#define DHCP_HLEN_OFS     2
+#define DHCP_HOPS_OFS     3
+#define DHCP_XID_OFS      4
+#define DHCP_SECS_OFS     8
+#define DHCP_FLAGS_OFS    10
+#define DHCP_CIADDR_OFS   12
+#define DHCP_YIADDR_OFS   16
+#define DHCP_SIADDR_OFS   20
+#define DHCP_GIADDR_OFS   24
+#define DHCP_CHADDR_OFS   28
+#define DHCP_SNAME_OFS    44
+#define DHCP_FILE_OFS     108
+#define DHCP_MSG_LEN      236
+
+#define DHCP_COOKIE_OFS   DHCP_MSG_LEN
+#define DHCP_OPTIONS_OFS  (DHCP_MSG_LEN + 4)
+
+#define DHCP_CLIENT_PORT  68  
+#define DHCP_SERVER_PORT  67
+
+/** DHCP client states */
+#define DHCP_OFF          0
+#define DHCP_REQUESTING   1
+#define DHCP_INIT         2
+#define DHCP_REBOOTING    3
+#define DHCP_REBINDING    4
+#define DHCP_RENEWING     5
+#define DHCP_SELECTING    6
+#define DHCP_INFORMING    7
+#define DHCP_CHECKING     8
+#define DHCP_PERMANENT    9
+#define DHCP_BOUND        10
+/** not yet implemented #define DHCP_RELEASING 11 */
+#define DHCP_BACKING_OFF  12
+
+/** AUTOIP cooperatation flags */
+#define DHCP_AUTOIP_COOP_STATE_OFF  0
+#define DHCP_AUTOIP_COOP_STATE_ON   1
+ 
+#define DHCP_BOOTREQUEST  1
+#define DHCP_BOOTREPLY    2
+
+/** DHCP message types */
+#define DHCP_DISCOVER 1
+#define DHCP_OFFER    2
+#define DHCP_REQUEST  3
+#define DHCP_DECLINE  4
+#define DHCP_ACK      5
+#define DHCP_NAK      6
+#define DHCP_RELEASE  7
+#define DHCP_INFORM   8
+
+/** DHCP hardware type, currently only ethernet is supported */
+#define DHCP_HTYPE_ETH 1
+
+#define DHCP_MAGIC_COOKIE 0x63825363UL
+
+/* This is a list of options for BOOTP and DHCP, see RFC 2132 for descriptions */
+
+/** BootP options */
+#define DHCP_OPTION_PAD 0
+#define DHCP_OPTION_SUBNET_MASK 1 /* RFC 2132 3.3 */
+#define DHCP_OPTION_ROUTER 3
+#define DHCP_OPTION_DNS_SERVER 6 
+#define DHCP_OPTION_HOSTNAME 12
+#define DHCP_OPTION_IP_TTL 23
+#define DHCP_OPTION_MTU 26
+#define DHCP_OPTION_BROADCAST 28
+#define DHCP_OPTION_TCP_TTL 37
+#define DHCP_OPTION_END 255
+
+/** DHCP options */
+#define DHCP_OPTION_REQUESTED_IP 50 /* RFC 2132 9.1, requested IP address */
+#define DHCP_OPTION_LEASE_TIME 51 /* RFC 2132 9.2, time in seconds, in 4 bytes */
+#define DHCP_OPTION_OVERLOAD 52 /* RFC2132 9.3, use file and/or sname field for options */
+
+#define DHCP_OPTION_MESSAGE_TYPE 53 /* RFC 2132 9.6, important for DHCP */
+#define DHCP_OPTION_MESSAGE_TYPE_LEN 1
+
+#define DHCP_OPTION_SERVER_ID 54 /* RFC 2132 9.7, server IP address */
+#define DHCP_OPTION_PARAMETER_REQUEST_LIST 55 /* RFC 2132 9.8, requested option types */
+
+#define DHCP_OPTION_MAX_MSG_SIZE 57 /* RFC 2132 9.10, message size accepted >= 576 */
+#define DHCP_OPTION_MAX_MSG_SIZE_LEN 2
+
+#define DHCP_OPTION_T1 58 /* T1 renewal time */
+#define DHCP_OPTION_T2 59 /* T2 rebinding time */
+#define DHCP_OPTION_US 60
+#define DHCP_OPTION_CLIENT_ID 61
+#define DHCP_OPTION_TFTP_SERVERNAME 66
+#define DHCP_OPTION_BOOTFILE 67
+
+/** possible combinations of overloading the file and sname fields with options */
+#define DHCP_OVERLOAD_NONE 0
+#define DHCP_OVERLOAD_FILE 1
+#define DHCP_OVERLOAD_SNAME  2
+#define DHCP_OVERLOAD_SNAME_FILE 3
+
+#ifdef __cplusplus
+}
+#endif
+
+#endif /* LWIP_DHCP */
+
+#endif /*__LWIP_DHCP_H__*/
diff --git a/client/3rd/PacketProcessor/PacketProcessor/tun2socks-iOS/lwip/src/include/lwip/dns.h b/client/3rd/PacketProcessor/PacketProcessor/tun2socks-iOS/lwip/src/include/lwip/dns.h
new file mode 100644
index 00000000..6c7d9b07
--- /dev/null
+++ b/client/3rd/PacketProcessor/PacketProcessor/tun2socks-iOS/lwip/src/include/lwip/dns.h
@@ -0,0 +1,124 @@
+/**
+ * lwip DNS resolver header file.
+
+ * Author: Jim Pettinato 
+ *   April 2007
+
+ * ported from uIP resolv.c Copyright (c) 2002-2003, Adam Dunkels.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the above copyright
+ *    notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in the
+ *    documentation and/or other materials provided with the distribution.
+ * 3. The name of the author may not be used to endorse or promote
+ *    products derived from this software without specific prior
+ *    written permission.
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE AUTHOR ``AS IS'' AND ANY EXPRESS
+ * OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED
+ * WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY
+ * DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE
+ * GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS
+ * INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY,
+ * WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING
+ * NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS
+ * SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
+ */
+
+#ifndef __LWIP_DNS_H__
+#define __LWIP_DNS_H__
+
+#include "lwip/opt.h"
+
+#if LWIP_DNS /* don't build if not configured for use in lwipopts.h */
+
+#ifdef __cplusplus
+extern "C" {
+#endif
+
+/** DNS timer period */
+#define DNS_TMR_INTERVAL          1000
+
+/** DNS field TYPE used for "Resource Records" */
+#define DNS_RRTYPE_A              1     /* a host address */
+#define DNS_RRTYPE_NS             2     /* an authoritative name server */
+#define DNS_RRTYPE_MD             3     /* a mail destination (Obsolete - use MX) */
+#define DNS_RRTYPE_MF             4     /* a mail forwarder (Obsolete - use MX) */
+#define DNS_RRTYPE_CNAME          5     /* the canonical name for an alias */
+#define DNS_RRTYPE_SOA            6     /* marks the start of a zone of authority */
+#define DNS_RRTYPE_MB             7     /* a mailbox domain name (EXPERIMENTAL) */
+#define DNS_RRTYPE_MG             8     /* a mail group member (EXPERIMENTAL) */
+#define DNS_RRTYPE_MR             9     /* a mail rename domain name (EXPERIMENTAL) */
+#define DNS_RRTYPE_NULL           10    /* a null RR (EXPERIMENTAL) */
+#define DNS_RRTYPE_WKS            11    /* a well known service description */
+#define DNS_RRTYPE_PTR            12    /* a domain name pointer */
+#define DNS_RRTYPE_HINFO          13    /* host information */
+#define DNS_RRTYPE_MINFO          14    /* mailbox or mail list information */
+#define DNS_RRTYPE_MX             15    /* mail exchange */
+#define DNS_RRTYPE_TXT            16    /* text strings */
+
+/** DNS field CLASS used for "Resource Records" */
+#define DNS_RRCLASS_IN            1     /* the Internet */
+#define DNS_RRCLASS_CS            2     /* the CSNET class (Obsolete - used only for examples in some obsolete RFCs) */
+#define DNS_RRCLASS_CH            3     /* the CHAOS class */
+#define DNS_RRCLASS_HS            4     /* Hesiod [Dyer 87] */
+#define DNS_RRCLASS_FLUSH         0x800 /* Flush bit */
+
+/* The size used for the next line is rather a hack, but it prevents including socket.h in all files
+   that include memp.h, and that would possibly break portability (since socket.h defines some types
+   and constants possibly already define by the OS).
+   Calculation rule:
+   sizeof(struct addrinfo) + sizeof(struct sockaddr_in) + DNS_MAX_NAME_LENGTH + 1 byte zero-termination */
+#define NETDB_ELEM_SIZE           (32 + 16 + DNS_MAX_NAME_LENGTH + 1)
+
+#if DNS_LOCAL_HOSTLIST
+/** struct used for local host-list */
+struct local_hostlist_entry {
+  /** static hostname */
+  const char *name;
+  /** static host address in network byteorder */
+  ip_addr_t addr;
+  struct local_hostlist_entry *next;
+};
+#if DNS_LOCAL_HOSTLIST_IS_DYNAMIC
+#ifndef DNS_LOCAL_HOSTLIST_MAX_NAMELEN
+#define DNS_LOCAL_HOSTLIST_MAX_NAMELEN  DNS_MAX_NAME_LENGTH
+#endif
+#define LOCALHOSTLIST_ELEM_SIZE ((sizeof(struct local_hostlist_entry) + DNS_LOCAL_HOSTLIST_MAX_NAMELEN + 1))
+#endif /* DNS_LOCAL_HOSTLIST_IS_DYNAMIC */
+#endif /* DNS_LOCAL_HOSTLIST */
+
+/** Callback which is invoked when a hostname is found.
+ * A function of this type must be implemented by the application using the DNS resolver.
+ * @param name pointer to the name that was looked up.
+ * @param ipaddr pointer to an ip_addr_t containing the IP address of the hostname,
+ *        or NULL if the name could not be found (or on any other error).
+ * @param callback_arg a user-specified callback argument passed to dns_gethostbyname
+*/
+typedef void (*dns_found_callback)(const char *name, ip_addr_t *ipaddr, void *callback_arg);
+
+void           dns_init(void);
+void           dns_tmr(void);
+void           dns_setserver(u8_t numdns, ip_addr_t *dnsserver);
+ip_addr_t      dns_getserver(u8_t numdns);
+err_t          dns_gethostbyname(const char *hostname, ip_addr_t *addr,
+                                 dns_found_callback found, void *callback_arg);
+
+#if DNS_LOCAL_HOSTLIST && DNS_LOCAL_HOSTLIST_IS_DYNAMIC
+int            dns_local_removehost(const char *hostname, const ip_addr_t *addr);
+err_t          dns_local_addhost(const char *hostname, const ip_addr_t *addr);
+#endif /* DNS_LOCAL_HOSTLIST && DNS_LOCAL_HOSTLIST_IS_DYNAMIC */
+
+#ifdef __cplusplus
+}
+#endif
+
+#endif /* LWIP_DNS */
+
+#endif /* __LWIP_DNS_H__ */
diff --git a/client/3rd/PacketProcessor/PacketProcessor/tun2socks-iOS/lwip/src/include/lwip/err.h b/client/3rd/PacketProcessor/PacketProcessor/tun2socks-iOS/lwip/src/include/lwip/err.h
new file mode 100644
index 00000000..ac907729
--- /dev/null
+++ b/client/3rd/PacketProcessor/PacketProcessor/tun2socks-iOS/lwip/src/include/lwip/err.h
@@ -0,0 +1,85 @@
+/*
+ * Copyright (c) 2001-2004 Swedish Institute of Computer Science.
+ * All rights reserved. 
+ * 
+ * Redistribution and use in source and binary forms, with or without modification, 
+ * are permitted provided that the following conditions are met:
+ *
+ * 1. Redistributions of source code must retain the above copyright notice,
+ *    this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright notice,
+ *    this list of conditions and the following disclaimer in the documentation
+ *    and/or other materials provided with the distribution.
+ * 3. The name of the author may not be used to endorse or promote products
+ *    derived from this software without specific prior written permission. 
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE AUTHOR ``AS IS'' AND ANY EXPRESS OR IMPLIED 
+ * WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF 
+ * MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT 
+ * SHALL THE AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, 
+ * EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT 
+ * OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS 
+ * INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN 
+ * CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING 
+ * IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY 
+ * OF SUCH DAMAGE.
+ *
+ * This file is part of the lwIP TCP/IP stack.
+ * 
+ * Author: Adam Dunkels <adam@sics.se>
+ *
+ */
+#ifndef __LWIP_ERR_H__
+#define __LWIP_ERR_H__
+
+#include "lwip/opt.h"
+#include "lwip/arch.h"
+
+#ifdef __cplusplus
+extern "C" {
+#endif
+
+/** Define LWIP_ERR_T in cc.h if you want to use
+ *  a different type for your platform (must be signed). */
+#ifdef LWIP_ERR_T
+typedef LWIP_ERR_T err_t;
+#else /* LWIP_ERR_T */
+typedef s8_t err_t;
+#endif /* LWIP_ERR_T*/
+
+/* Definitions for error constants. */
+
+#define ERR_OK          0    /* No error, everything OK. */
+#define ERR_MEM        -1    /* Out of memory error.     */
+#define ERR_BUF        -2    /* Buffer error.            */
+#define ERR_TIMEOUT    -3    /* Timeout.                 */
+#define ERR_RTE        -4    /* Routing problem.         */
+#define ERR_INPROGRESS -5    /* Operation in progress    */
+#define ERR_VAL        -6    /* Illegal value.           */
+#define ERR_WOULDBLOCK -7    /* Operation would block.   */
+#define ERR_USE        -8    /* Address in use.          */
+#define ERR_ISCONN     -9    /* Already connected.       */
+
+#define ERR_IS_FATAL(e) ((e) < ERR_ISCONN)
+
+#define ERR_ABRT       -10   /* Connection aborted.      */
+#define ERR_RST        -11   /* Connection reset.        */
+#define ERR_CLSD       -12   /* Connection closed.       */
+#define ERR_CONN       -13   /* Not connected.           */
+
+#define ERR_ARG        -14   /* Illegal argument.        */
+
+#define ERR_IF         -15   /* Low-level netif error    */
+
+
+#ifdef LWIP_DEBUG
+extern const char *lwip_strerr(err_t err);
+#else
+#define lwip_strerr(x) ""
+#endif /* LWIP_DEBUG */
+
+#ifdef __cplusplus
+}
+#endif
+
+#endif /* __LWIP_ERR_H__ */
diff --git a/client/3rd/PacketProcessor/PacketProcessor/tun2socks-iOS/lwip/src/include/lwip/inet_chksum.h b/client/3rd/PacketProcessor/PacketProcessor/tun2socks-iOS/lwip/src/include/lwip/inet_chksum.h
new file mode 100644
index 00000000..e1687888
--- /dev/null
+++ b/client/3rd/PacketProcessor/PacketProcessor/tun2socks-iOS/lwip/src/include/lwip/inet_chksum.h
@@ -0,0 +1,112 @@
+/*
+ * Copyright (c) 2001-2004 Swedish Institute of Computer Science.
+ * All rights reserved. 
+ * 
+ * Redistribution and use in source and binary forms, with or without modification, 
+ * are permitted provided that the following conditions are met:
+ *
+ * 1. Redistributions of source code must retain the above copyright notice,
+ *    this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright notice,
+ *    this list of conditions and the following disclaimer in the documentation
+ *    and/or other materials provided with the distribution.
+ * 3. The name of the author may not be used to endorse or promote products
+ *    derived from this software without specific prior written permission. 
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE AUTHOR ``AS IS'' AND ANY EXPRESS OR IMPLIED 
+ * WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF 
+ * MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT 
+ * SHALL THE AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, 
+ * EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT 
+ * OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS 
+ * INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN 
+ * CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING 
+ * IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY 
+ * OF SUCH DAMAGE.
+ *
+ * This file is part of the lwIP TCP/IP stack.
+ * 
+ * Author: Adam Dunkels <adam@sics.se>
+ *
+ */
+#ifndef __LWIP_INET_CHKSUM_H__
+#define __LWIP_INET_CHKSUM_H__
+
+#include "lwip/opt.h"
+
+#include "lwip/pbuf.h"
+#include "lwip/ip_addr.h"
+
+/** Swap the bytes in an u16_t: much like htons() for little-endian */
+#ifndef SWAP_BYTES_IN_WORD
+#if LWIP_PLATFORM_BYTESWAP && (BYTE_ORDER == LITTLE_ENDIAN)
+/* little endian and PLATFORM_BYTESWAP defined */
+#define SWAP_BYTES_IN_WORD(w) LWIP_PLATFORM_HTONS(w)
+#else /* LWIP_PLATFORM_BYTESWAP && (BYTE_ORDER == LITTLE_ENDIAN) */
+/* can't use htons on big endian (or PLATFORM_BYTESWAP not defined)... */
+#define SWAP_BYTES_IN_WORD(w) (((w) & 0xff) << 8) | (((w) & 0xff00) >> 8)
+#endif /* LWIP_PLATFORM_BYTESWAP && (BYTE_ORDER == LITTLE_ENDIAN)*/
+#endif /* SWAP_BYTES_IN_WORD */
+
+/** Split an u32_t in two u16_ts and add them up */
+#ifndef FOLD_U32T
+#define FOLD_U32T(u)          (((u) >> 16) + ((u) & 0x0000ffffUL))
+#endif
+
+#if LWIP_CHECKSUM_ON_COPY
+/** Function-like macro: same as MEMCPY but returns the checksum of copied data
+    as u16_t */
+#ifndef LWIP_CHKSUM_COPY
+#define LWIP_CHKSUM_COPY(dst, src, len) lwip_chksum_copy(dst, src, len)
+#ifndef LWIP_CHKSUM_COPY_ALGORITHM
+#define LWIP_CHKSUM_COPY_ALGORITHM 1
+#endif /* LWIP_CHKSUM_COPY_ALGORITHM */
+#endif /* LWIP_CHKSUM_COPY */
+#else /* LWIP_CHECKSUM_ON_COPY */
+#define LWIP_CHKSUM_COPY_ALGORITHM 0
+#endif /* LWIP_CHECKSUM_ON_COPY */
+
+#ifdef __cplusplus
+extern "C" {
+#endif
+
+u16_t inet_chksum(void *dataptr, u16_t len);
+u16_t inet_chksum_pbuf(struct pbuf *p);
+u16_t inet_chksum_pseudo(struct pbuf *p, u8_t proto, u16_t proto_len,
+       ip_addr_t *src, ip_addr_t *dest);
+u16_t inet_chksum_pseudo_partial(struct pbuf *p, u8_t proto,
+       u16_t proto_len, u16_t chksum_len, ip_addr_t *src, ip_addr_t *dest);
+#if LWIP_CHKSUM_COPY_ALGORITHM
+u16_t lwip_chksum_copy(void *dst, const void *src, u16_t len);
+#endif /* LWIP_CHKSUM_COPY_ALGORITHM */
+
+#if LWIP_IPV6
+u16_t ip6_chksum_pseudo(struct pbuf *p, u8_t proto, u16_t proto_len,
+       ip6_addr_t *src, ip6_addr_t *dest);
+u16_t ip6_chksum_pseudo_partial(struct pbuf *p, u8_t proto, u16_t proto_len,
+       u16_t chksum_len, ip6_addr_t *src, ip6_addr_t *dest);
+
+#define ipX_chksum_pseudo(isipv6, p, proto, proto_len, src, dest) \
+  ((isipv6) ? \
+  ip6_chksum_pseudo(p, proto, proto_len, ipX_2_ip6(src), ipX_2_ip6(dest)) :\
+  inet_chksum_pseudo(p, proto, proto_len, ipX_2_ip(src), ipX_2_ip(dest)))
+#define ipX_chksum_pseudo_partial(isipv6, p, proto, proto_len, chksum_len, src, dest) \
+  ((isipv6) ? \
+  ip6_chksum_pseudo_partial(p, proto, proto_len, chksum_len, ipX_2_ip6(src), ipX_2_ip6(dest)) :\
+  inet_chksum_pseudo_partial(p, proto, proto_len, chksum_len, ipX_2_ip(src), ipX_2_ip(dest)))
+
+#else /* LWIP_IPV6 */
+
+#define ipX_chksum_pseudo(isipv6, p, proto, proto_len, src, dest) \
+  inet_chksum_pseudo(p, proto, proto_len, src, dest)
+#define ipX_chksum_pseudo_partial(isipv6, p, proto, proto_len, chksum_len, src, dest) \
+  inet_chksum_pseudo_partial(p, proto, proto_len, chksum_len, src, dest)
+
+#endif /* LWIP_IPV6 */
+
+#ifdef __cplusplus
+}
+#endif
+
+#endif /* __LWIP_INET_H__ */
+
diff --git a/client/3rd/PacketProcessor/PacketProcessor/tun2socks-iOS/lwip/src/include/lwip/init.h b/client/3rd/PacketProcessor/PacketProcessor/tun2socks-iOS/lwip/src/include/lwip/init.h
new file mode 100644
index 00000000..4e2e2856
--- /dev/null
+++ b/client/3rd/PacketProcessor/PacketProcessor/tun2socks-iOS/lwip/src/include/lwip/init.h
@@ -0,0 +1,72 @@
+/*
+ * Copyright (c) 2001-2004 Swedish Institute of Computer Science.
+ * All rights reserved. 
+ * 
+ * Redistribution and use in source and binary forms, with or without modification, 
+ * are permitted provided that the following conditions are met:
+ *
+ * 1. Redistributions of source code must retain the above copyright notice,
+ *    this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright notice,
+ *    this list of conditions and the following disclaimer in the documentation
+ *    and/or other materials provided with the distribution.
+ * 3. The name of the author may not be used to endorse or promote products
+ *    derived from this software without specific prior written permission. 
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE AUTHOR ``AS IS'' AND ANY EXPRESS OR IMPLIED 
+ * WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF 
+ * MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT 
+ * SHALL THE AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, 
+ * EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT 
+ * OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS 
+ * INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN 
+ * CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING 
+ * IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY 
+ * OF SUCH DAMAGE.
+ *
+ * This file is part of the lwIP TCP/IP stack.
+ * 
+ * Author: Adam Dunkels <adam@sics.se>
+ *
+ */
+#ifndef __LWIP_INIT_H__
+#define __LWIP_INIT_H__
+
+#include "lwip/opt.h"
+
+#ifdef __cplusplus
+extern "C" {
+#endif
+
+/** X.x.x: Major version of the stack */
+#define LWIP_VERSION_MAJOR      1U
+/** x.X.x: Minor version of the stack */
+#define LWIP_VERSION_MINOR      4U
+/** x.x.X: Revision of the stack */
+#define LWIP_VERSION_REVISION   1U
+/** For release candidates, this is set to 1..254
+  * For official releases, this is set to 255 (LWIP_RC_RELEASE)
+  * For development versions (CVS), this is set to 0 (LWIP_RC_DEVELOPMENT) */
+#define LWIP_VERSION_RC         0U
+
+/** LWIP_VERSION_RC is set to LWIP_RC_RELEASE for official releases */
+#define LWIP_RC_RELEASE         255U
+/** LWIP_VERSION_RC is set to LWIP_RC_DEVELOPMENT for CVS versions */
+#define LWIP_RC_DEVELOPMENT     0U
+
+#define LWIP_VERSION_IS_RELEASE     (LWIP_VERSION_RC == LWIP_RC_RELEASE)
+#define LWIP_VERSION_IS_DEVELOPMENT (LWIP_VERSION_RC == LWIP_RC_DEVELOPMENT)
+#define LWIP_VERSION_IS_RC          ((LWIP_VERSION_RC != LWIP_RC_RELEASE) && (LWIP_VERSION_RC != LWIP_RC_DEVELOPMENT))
+
+/** Provides the version of the stack */
+#define LWIP_VERSION   (LWIP_VERSION_MAJOR << 24   | LWIP_VERSION_MINOR << 16 | \
+                        LWIP_VERSION_REVISION << 8 | LWIP_VERSION_RC)
+
+/* Modules initialization */
+void lwip_init(void);
+
+#ifdef __cplusplus
+}
+#endif
+
+#endif /* __LWIP_INIT_H__ */
diff --git a/client/3rd/PacketProcessor/PacketProcessor/tun2socks-iOS/lwip/src/include/lwip/ip.h b/client/3rd/PacketProcessor/PacketProcessor/tun2socks-iOS/lwip/src/include/lwip/ip.h
new file mode 100644
index 00000000..a0cd1d4d
--- /dev/null
+++ b/client/3rd/PacketProcessor/PacketProcessor/tun2socks-iOS/lwip/src/include/lwip/ip.h
@@ -0,0 +1,254 @@
+/*
+ * Copyright (c) 2001-2004 Swedish Institute of Computer Science.
+ * All rights reserved. 
+ * 
+ * Redistribution and use in source and binary forms, with or without modification, 
+ * are permitted provided that the following conditions are met:
+ *
+ * 1. Redistributions of source code must retain the above copyright notice,
+ *    this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright notice,
+ *    this list of conditions and the following disclaimer in the documentation
+ *    and/or other materials provided with the distribution.
+ * 3. The name of the author may not be used to endorse or promote products
+ *    derived from this software without specific prior written permission. 
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE AUTHOR ``AS IS'' AND ANY EXPRESS OR IMPLIED 
+ * WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF 
+ * MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT 
+ * SHALL THE AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, 
+ * EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT 
+ * OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS 
+ * INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN 
+ * CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING 
+ * IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY 
+ * OF SUCH DAMAGE.
+ *
+ * This file is part of the lwIP TCP/IP stack.
+ * 
+ * Author: Adam Dunkels <adam@sics.se>
+ *
+ */
+#ifndef __LWIP_IP_H__
+#define __LWIP_IP_H__
+
+#include "lwip/opt.h"
+
+#include "lwip/def.h"
+#include "lwip/pbuf.h"
+#include "lwip/ip_addr.h"
+#include "lwip/err.h"
+#include "lwip/netif.h"
+#include "lwip/ip4.h"
+#include "lwip/ip6.h"
+
+#ifdef __cplusplus
+extern "C" {
+#endif
+
+/* This is passed as the destination address to ip_output_if (not
+   to ip_output), meaning that an IP header already is constructed
+   in the pbuf. This is used when TCP retransmits. */
+#ifdef IP_HDRINCL
+#undef IP_HDRINCL
+#endif /* IP_HDRINCL */
+#define IP_HDRINCL  NULL
+
+#if LWIP_NETIF_HWADDRHINT
+#define IP_PCB_ADDRHINT ;u8_t addr_hint
+#else
+#define IP_PCB_ADDRHINT
+#endif /* LWIP_NETIF_HWADDRHINT */
+
+#if LWIP_IPV6
+#define IP_PCB_ISIPV6_MEMBER  u8_t isipv6;
+#define IP_PCB_IPVER_EQ(pcb1, pcb2)   ((pcb1)->isipv6 == (pcb2)->isipv6)
+#define IP_PCB_IPVER_INPUT_MATCH(pcb) (ip_current_is_v6() ? \
+                                       ((pcb)->isipv6 != 0) : \
+                                       ((pcb)->isipv6 == 0))
+#define PCB_ISIPV6(pcb) ((pcb)->isipv6)
+#else
+#define IP_PCB_ISIPV6_MEMBER
+#define IP_PCB_IPVER_EQ(pcb1, pcb2)   1
+#define IP_PCB_IPVER_INPUT_MATCH(pcb) 1
+#define PCB_ISIPV6(pcb)            0
+#endif /* LWIP_IPV6 */
+
+/* This is the common part of all PCB types. It needs to be at the
+   beginning of a PCB type definition. It is located here so that
+   changes to this common part are made in one location instead of
+   having to change all PCB structs. */
+#define IP_PCB \
+  IP_PCB_ISIPV6_MEMBER \
+  /* ip addresses in network byte order */ \
+  ipX_addr_t local_ip; \
+  ipX_addr_t remote_ip; \
+   /* Socket options */  \
+  u8_t so_options;      \
+   /* Type Of Service */ \
+  u8_t tos;              \
+  /* Time To Live */     \
+  u8_t ttl               \
+  /* link layer address resolution hint */ \
+  IP_PCB_ADDRHINT
+
+struct ip_pcb {
+/* Common members of all PCB types */
+  IP_PCB;
+};
+
+/*
+ * Option flags per-socket. These are the same like SO_XXX.
+ */
+/*#define SOF_DEBUG       0x01U     Unimplemented: turn on debugging info recording */
+#define SOF_ACCEPTCONN    0x02U  /* socket has had listen() */
+#define SOF_REUSEADDR     0x04U  /* allow local address reuse */
+#define SOF_KEEPALIVE     0x08U  /* keep connections alive */
+/*#define SOF_DONTROUTE   0x10U     Unimplemented: just use interface addresses */
+#define SOF_BROADCAST     0x20U  /* permit to send and to receive broadcast messages (see IP_SOF_BROADCAST option) */
+/*#define SOF_USELOOPBACK 0x40U     Unimplemented: bypass hardware when possible */
+#define SOF_LINGER        0x80U  /* linger on close if data present */
+/*#define SOF_OOBINLINE   0x0100U     Unimplemented: leave received OOB data in line */
+/*#define SOF_REUSEPORT   0x0200U     Unimplemented: allow local address & port reuse */
+
+/* These flags are inherited (e.g. from a listen-pcb to a connection-pcb): */
+#define SOF_INHERITED   (SOF_REUSEADDR|SOF_KEEPALIVE|SOF_LINGER/*|SOF_DEBUG|SOF_DONTROUTE|SOF_OOBINLINE*/)
+
+/* Global variables of this module, kept in a struct for efficient access using base+index. */
+struct ip_globals
+{
+  /** The interface that provided the packet for the current callback invocation. */
+  struct netif *current_netif;
+  /** Header of the input packet currently being processed. */
+  const struct ip_hdr *current_ip4_header;
+#if LWIP_IPV6
+  /** Header of the input IPv6 packet currently being processed. */
+  const struct ip6_hdr *current_ip6_header;
+#endif /* LWIP_IPV6 */
+  /** Total header length of current_ip4/6_header (i.e. after this, the UDP/TCP header starts) */
+  u16_t current_ip_header_tot_len;
+  /** Source IP address of current_header */
+  ipX_addr_t current_iphdr_src;
+  /** Destination IP address of current_header */
+  ipX_addr_t current_iphdr_dest;
+};
+extern struct ip_globals ip_data;
+
+
+/** Get the interface that received the current packet.
+ * This function must only be called from a receive callback (udp_recv,
+ * raw_recv, tcp_accept). It will return NULL otherwise. */
+#define ip_current_netif()      (ip_data.current_netif)
+/** Get the IP header of the current packet.
+ * This function must only be called from a receive callback (udp_recv,
+ * raw_recv, tcp_accept). It will return NULL otherwise. */
+#define ip_current_header()     (ip_data.current_ip4_header)
+/** Total header length of ip(6)_current_header() (i.e. after this, the UDP/TCP header starts) */
+#define ip_current_header_tot_len() (ip_data.current_ip_header_tot_len)
+/** Source IP address of current_header */
+#define ipX_current_src_addr()   (&ip_data.current_iphdr_src)
+/** Destination IP address of current_header */
+#define ipX_current_dest_addr()  (&ip_data.current_iphdr_dest)
+
+#if LWIP_IPV6
+/** Get the IPv6 header of the current packet.
+ * This function must only be called from a receive callback (udp_recv,
+ * raw_recv, tcp_accept). It will return NULL otherwise. */
+#define ip6_current_header()      (ip_data.current_ip6_header)
+/** Returns TRUE if the current IP input packet is IPv6, FALSE if it is IPv4 */
+#define ip_current_is_v6()        (ip6_current_header() != NULL)
+/** Source IPv6 address of current_header */
+#define ip6_current_src_addr()    (ipX_2_ip6(&ip_data.current_iphdr_src))
+/** Destination IPv6 address of current_header */
+#define ip6_current_dest_addr()   (ipX_2_ip6(&ip_data.current_iphdr_dest))
+/** Get the transport layer protocol */
+#define ip_current_header_proto() (ip_current_is_v6() ? \
+                                   IP6H_NEXTH(ip6_current_header()) :\
+                                   IPH_PROTO(ip_current_header()))
+/** Get the transport layer header */
+#define ipX_next_header_ptr()     ((void*)((ip_current_is_v6() ? \
+  (u8_t*)ip6_current_header() : (u8_t*)ip_current_header())  + ip_current_header_tot_len()))
+
+/** Set an IP_PCB to IPv6 (IPv4 is the default) */
+#define ip_set_v6(pcb, val)       do{if(pcb != NULL) { pcb->isipv6 = val; }}while(0)
+
+/** Source IP4 address of current_header */
+#define ip_current_src_addr()     (ipX_2_ip(&ip_data.current_iphdr_src))
+/** Destination IP4 address of current_header */
+#define ip_current_dest_addr()    (ipX_2_ip(&ip_data.current_iphdr_dest))
+
+#else /* LWIP_IPV6 */
+
+/** Always returns FALSE when only supporting IPv4 */
+#define ip_current_is_v6()        0
+/** Get the transport layer protocol */
+#define ip_current_header_proto() IPH_PROTO(ip_current_header())
+/** Get the transport layer header */
+#define ipX_next_header_ptr()     ((void*)((u8_t*)ip_current_header() + ip_current_header_tot_len()))
+/** Source IP4 address of current_header */
+#define ip_current_src_addr()     (&ip_data.current_iphdr_src)
+/** Destination IP4 address of current_header */
+#define ip_current_dest_addr()    (&ip_data.current_iphdr_dest)
+
+#endif /* LWIP_IPV6 */
+
+/** Union source address of current_header */
+#define ipX_current_src_addr()    (&ip_data.current_iphdr_src)
+/** Union destination address of current_header */
+#define ipX_current_dest_addr()   (&ip_data.current_iphdr_dest)
+
+/** Gets an IP pcb option (SOF_* flags) */
+#define ip_get_option(pcb, opt)   ((pcb)->so_options & (opt))
+/** Sets an IP pcb option (SOF_* flags) */
+#define ip_set_option(pcb, opt)   ((pcb)->so_options |= (opt))
+/** Resets an IP pcb option (SOF_* flags) */
+#define ip_reset_option(pcb, opt) ((pcb)->so_options &= ~(opt))
+
+#if LWIP_IPV6
+#define ipX_output(isipv6, p, src, dest, ttl, tos, proto) \
+        ((isipv6) ? \
+        ip6_output(p, ipX_2_ip6(src), ipX_2_ip6(dest), ttl, tos, proto) : \
+        ip_output(p, ipX_2_ip(src), ipX_2_ip(dest), ttl, tos, proto))
+#define ipX_output_if(isipv6, p, src, dest, ttl, tos, proto, netif) \
+        ((isipv6) ? \
+        ip6_output_if(p, ip_2_ip6(src), ip_2_ip6(dest), ttl, tos, proto, netif) : \
+        ip_output_if(p, (src), (dest), ttl, tos, proto, netif))
+#define ipX_output_hinted(isipv6, p, src, dest, ttl, tos, proto, addr_hint) \
+        ((isipv6) ? \
+        ip6_output_hinted(p, ipX_2_ip6(src), ipX_2_ip6(dest), ttl, tos, proto, addr_hint) : \
+        ip_output_hinted(p, ipX_2_ip(src), ipX_2_ip(dest), ttl, tos, proto, addr_hint))
+#define ipX_route(isipv6, src, dest) \
+        ((isipv6) ? \
+        ip6_route(ipX_2_ip6(src), ipX_2_ip6(dest)) : \
+        ip_route(ipX_2_ip(dest)))
+#define ipX_netif_get_local_ipX(isipv6, netif, dest) \
+        ((isipv6) ? \
+        ip6_netif_get_local_ipX(netif, ipX_2_ip6(dest)) : \
+        ip_netif_get_local_ipX(netif))
+#define ipX_debug_print(is_ipv6, p) ((is_ipv6) ? ip6_debug_print(p) : ip_debug_print(p))
+#else /* LWIP_IPV6 */
+#define ipX_output(isipv6, p, src, dest, ttl, tos, proto) \
+        ip_output(p, src, dest, ttl, tos, proto)
+#define ipX_output_if(isipv6, p, src, dest, ttl, tos, proto, netif) \
+        ip_output_if(p, src, dest, ttl, tos, proto, netif)
+#define ipX_output_hinted(isipv6, p, src, dest, ttl, tos, proto, addr_hint) \
+        ip_output_hinted(p, src, dest, ttl, tos, proto, addr_hint)
+#define ipX_route(isipv6, src, dest) \
+        ip_route(ipX_2_ip(dest))
+#define ipX_netif_get_local_ipX(isipv6, netif, dest) \
+        ip_netif_get_local_ipX(netif)
+#define ipX_debug_print(is_ipv6, p) ip_debug_print(p)
+#endif /* LWIP_IPV6 */
+
+#define ipX_route_get_local_ipX(isipv6, src, dest, netif, ipXaddr) do { \
+  (netif) = ipX_route(isipv6, src, dest); \
+  (ipXaddr) = ipX_netif_get_local_ipX(isipv6, netif, dest); \
+}while(0)
+
+#ifdef __cplusplus
+}
+#endif
+
+#endif /* __LWIP_IP_H__ */
+
+
diff --git a/client/3rd/PacketProcessor/PacketProcessor/tun2socks-iOS/lwip/src/include/lwip/ip_addr.h b/client/3rd/PacketProcessor/PacketProcessor/tun2socks-iOS/lwip/src/include/lwip/ip_addr.h
new file mode 100644
index 00000000..7bd03cbd
--- /dev/null
+++ b/client/3rd/PacketProcessor/PacketProcessor/tun2socks-iOS/lwip/src/include/lwip/ip_addr.h
@@ -0,0 +1,130 @@
+/*
+ * Copyright (c) 2001-2004 Swedish Institute of Computer Science.
+ * All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without modification,
+ * are permitted provided that the following conditions are met:
+ *
+ * 1. Redistributions of source code must retain the above copyright notice,
+ *    this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright notice,
+ *    this list of conditions and the following disclaimer in the documentation
+ *    and/or other materials provided with the distribution.
+ * 3. The name of the author may not be used to endorse or promote products
+ *    derived from this software without specific prior written permission.
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE AUTHOR ``AS IS'' AND ANY EXPRESS OR IMPLIED
+ * WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF
+ * MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT
+ * SHALL THE AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL,
+ * EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT
+ * OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS
+ * INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN
+ * CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING
+ * IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY
+ * OF SUCH DAMAGE.
+ *
+ * This file is part of the lwIP TCP/IP stack.
+ *
+ * Author: Adam Dunkels <adam@sics.se>
+ *
+ */
+#ifndef __LWIP_IP_ADDR_H__
+#define __LWIP_IP_ADDR_H__
+
+#include "lwip/opt.h"
+#include "lwip/def.h"
+
+#include "lwip/ip4_addr.h"
+#include "lwip/ip6_addr.h"
+
+#ifdef __cplusplus
+extern "C" {
+#endif
+
+#if LWIP_IPV6
+/* A union struct for both IP version's addresses. */
+typedef union {
+  ip_addr_t ip4;
+  ip6_addr_t ip6;
+} ipX_addr_t;
+
+/** These functions only exist for type-safe conversion from ip_addr_t to
+    ip6_addr_t and back */
+#ifdef LWIP_ALLOW_STATIC_FN_IN_HEADER
+static ip6_addr_t* ip_2_ip6(ip_addr_t *ipaddr)
+{ return (ip6_addr_t*)ipaddr;}
+static ip_addr_t* ip6_2_ip(ip6_addr_t *ip6addr)
+{ return (ip_addr_t*)ip6addr; }
+static ipX_addr_t* ip_2_ipX(ip_addr_t *ipaddr)
+{ return (ipX_addr_t*)ipaddr; }
+static ipX_addr_t* ip6_2_ipX(ip6_addr_t *ip6addr)
+{ return (ipX_addr_t*)ip6addr; }
+#else /* LWIP_ALLOW_STATIC_FN_IN_HEADER */
+#define ip_2_ip6(ipaddr)   ((ip6_addr_t*)(ipaddr))
+#define ip6_2_ip(ip6addr)  ((ip_addr_t*)(ip6addr))
+#define ip_2_ipX(ipaddr)   ((ipX_addr_t*)ipaddr)
+#define ip6_2_ipX(ip6addr) ((ipX_addr_t*)ip6addr)
+#endif /* LWIP_ALLOW_STATIC_FN_IN_HEADER*/
+#define ipX_2_ip6(ip6addr) (&((ip6addr)->ip6))
+#define ipX_2_ip(ipaddr)   (&((ipaddr)->ip4))
+
+#define ipX_addr_copy(is_ipv6, dest, src)      do{if(is_ipv6){ \
+  ip6_addr_copy((dest).ip6, (src).ip6); }else{ \
+  ip_addr_copy((dest).ip4, (src).ip4); }}while(0)
+#define ipX_addr_set(is_ipv6, dest, src) do{if(is_ipv6){ \
+  ip6_addr_set(ipX_2_ip6(dest), ipX_2_ip6(src)); }else{ \
+  ip_addr_set(ipX_2_ip(dest), ipX_2_ip(src)); }}while(0)
+#define ipX_addr_set_ipaddr(is_ipv6, dest, src) do{if(is_ipv6){ \
+  ip6_addr_set(ipX_2_ip6(dest), ip_2_ip6(src)); }else{ \
+  ip_addr_set(ipX_2_ip(dest), src); }}while(0)
+#define ipX_addr_set_zero(is_ipv6, ipaddr)     do{if(is_ipv6){ \
+  ip6_addr_set_zero(ipX_2_ip6(ipaddr)); }else{ \
+  ip_addr_set_zero(ipX_2_ip(ipaddr)); }}while(0)
+#define ipX_addr_set_any(is_ipv6, ipaddr)      do{if(is_ipv6){ \
+  ip6_addr_set_any(ipX_2_ip6(ipaddr)); }else{ \
+  ip_addr_set_any(ipX_2_ip(ipaddr)); }}while(0)
+#define ipX_addr_set_loopback(is_ipv6, ipaddr) do{if(is_ipv6){ \
+  ip6_addr_set_loopback(ipX_2_ip6(ipaddr)); }else{ \
+  ip_addr_set_loopback(ipX_2_ip(ipaddr)); }}while(0)
+#define ipX_addr_set_hton(is_ipv6, dest, src)  do{if(is_ipv6){ \
+  ip6_addr_set_hton(ipX_2_ip6(ipaddr), (src)) ;}else{ \
+  ip_addr_set_hton(ipX_2_ip(ipaddr), (src));}}while(0)
+#define ipX_addr_cmp(is_ipv6, addr1, addr2)    ((is_ipv6) ? \
+  ip6_addr_cmp(ipX_2_ip6(addr1), ipX_2_ip6(addr2)) : \
+  ip_addr_cmp(ipX_2_ip(addr1), ipX_2_ip(addr2)))
+#define ipX_addr_isany(is_ipv6, ipaddr)        ((is_ipv6) ? \
+  ip6_addr_isany(ipX_2_ip6(ipaddr)) : \
+  ip_addr_isany(ipX_2_ip(ipaddr)))
+#define ipX_addr_ismulticast(is_ipv6, ipaddr)  ((is_ipv6) ? \
+  ip6_addr_ismulticast(ipX_2_ip6(ipaddr)) : \
+  ip_addr_ismulticast(ipX_2_ip(ipaddr)))
+#define ipX_addr_debug_print(is_ipv6, debug, ipaddr) do { if(is_ipv6) { \
+  ip6_addr_debug_print(debug, ipX_2_ip6(ipaddr)); } else { \
+  ip_addr_debug_print(debug, ipX_2_ip(ipaddr)); }}while(0)
+
+#else /* LWIP_IPV6 */
+
+typedef ip_addr_t ipX_addr_t;
+#define ipX_2_ip(ipaddr) (ipaddr)
+#define ip_2_ipX(ipaddr) (ipaddr)
+
+#define ipX_addr_copy(is_ipv6, dest, src)       ip_addr_copy(dest, src)
+#define ipX_addr_set(is_ipv6, dest, src)        ip_addr_set(dest, src)
+#define ipX_addr_set_ipaddr(is_ipv6, dest, src) ip_addr_set(dest, src)
+#define ipX_addr_set_zero(is_ipv6, ipaddr)      ip_addr_set_zero(ipaddr)
+#define ipX_addr_set_any(is_ipv6, ipaddr)       ip_addr_set_any(ipaddr)
+#define ipX_addr_set_loopback(is_ipv6, ipaddr)  ip_addr_set_loopback(ipaddr)
+#define ipX_addr_set_hton(is_ipv6, dest, src)   ip_addr_set_hton(dest, src)
+#define ipX_addr_cmp(is_ipv6, addr1, addr2)     ip_addr_cmp(addr1, addr2)
+#define ipX_addr_isany(is_ipv6, ipaddr)         ip_addr_isany(ipaddr)
+#define ipX_addr_ismulticast(is_ipv6, ipaddr)   ip_addr_ismulticast(ipaddr)
+#define ipX_addr_debug_print(is_ipv6, debug, ipaddr) ip_addr_debug_print(debug, ipaddr)
+
+#endif /* LWIP_IPV6 */
+
+#ifdef __cplusplus
+}
+#endif
+
+#endif /* __LWIP_IP_ADDR_H__ */
diff --git a/client/3rd/PacketProcessor/PacketProcessor/tun2socks-iOS/lwip/src/include/lwip/mem.h b/client/3rd/PacketProcessor/PacketProcessor/tun2socks-iOS/lwip/src/include/lwip/mem.h
new file mode 100644
index 00000000..0ad9db65
--- /dev/null
+++ b/client/3rd/PacketProcessor/PacketProcessor/tun2socks-iOS/lwip/src/include/lwip/mem.h
@@ -0,0 +1,123 @@
+/*
+ * Copyright (c) 2001-2004 Swedish Institute of Computer Science.
+ * All rights reserved. 
+ * 
+ * Redistribution and use in source and binary forms, with or without modification, 
+ * are permitted provided that the following conditions are met:
+ *
+ * 1. Redistributions of source code must retain the above copyright notice,
+ *    this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright notice,
+ *    this list of conditions and the following disclaimer in the documentation
+ *    and/or other materials provided with the distribution.
+ * 3. The name of the author may not be used to endorse or promote products
+ *    derived from this software without specific prior written permission. 
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE AUTHOR ``AS IS'' AND ANY EXPRESS OR IMPLIED 
+ * WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF 
+ * MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT 
+ * SHALL THE AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, 
+ * EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT 
+ * OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS 
+ * INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN 
+ * CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING 
+ * IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY 
+ * OF SUCH DAMAGE.
+ *
+ * This file is part of the lwIP TCP/IP stack.
+ * 
+ * Author: Adam Dunkels <adam@sics.se>
+ *
+ */
+#ifndef __LWIP_MEM_H__
+#define __LWIP_MEM_H__
+
+#include "lwip/opt.h"
+
+#ifdef __cplusplus
+extern "C" {
+#endif
+
+#if MEM_LIBC_MALLOC
+
+#include <stddef.h> /* for size_t */
+
+typedef size_t mem_size_t;
+#define MEM_SIZE_F SZT_F
+
+/* aliases for C library malloc() */
+#define mem_init()
+/* in case C library malloc() needs extra protection,
+ * allow these defines to be overridden.
+ */
+#ifndef mem_free
+#define mem_free(mem) do {free(mem); (mem)=NULL;} while (0);
+#endif
+#ifndef mem_malloc
+#define mem_malloc malloc
+#endif
+#ifndef mem_calloc
+#define mem_calloc calloc
+#endif
+/* Since there is no C library allocation function to shrink memory without
+   moving it, define this to nothing. */
+#ifndef mem_trim
+#define mem_trim(mem, size) (mem)
+#endif
+#else /* MEM_LIBC_MALLOC */
+
+/* MEM_SIZE would have to be aligned, but using 64000 here instead of
+ * 65535 leaves some room for alignment...
+ */
+#if MEM_SIZE > 64000L
+typedef u32_t mem_size_t;
+#define MEM_SIZE_F U32_F
+#else
+typedef u16_t mem_size_t;
+#define MEM_SIZE_F U16_F
+#endif /* MEM_SIZE > 64000 */
+
+#if MEM_USE_POOLS
+/** mem_init is not used when using pools instead of a heap */
+#define mem_init()
+/** mem_trim is not used when using pools instead of a heap:
+    we can't free part of a pool element and don't want to copy the rest */
+#define mem_trim(mem, size) (mem)
+#else /* MEM_USE_POOLS */
+/* lwIP alternative malloc */
+void  mem_init(void);
+void *mem_trim(void *mem, mem_size_t size);
+#endif /* MEM_USE_POOLS */
+void *mem_malloc(mem_size_t size);
+void *mem_calloc(mem_size_t count, mem_size_t size);
+void  mem_free(void *mem);
+#endif /* MEM_LIBC_MALLOC */
+
+/** Calculate memory size for an aligned buffer - returns the next highest
+ * multiple of MEM_ALIGNMENT (e.g. LWIP_MEM_ALIGN_SIZE(3) and
+ * LWIP_MEM_ALIGN_SIZE(4) will both yield 4 for MEM_ALIGNMENT == 4).
+ */
+#ifndef LWIP_MEM_ALIGN_SIZE
+#define LWIP_MEM_ALIGN_SIZE(size) (((size) + MEM_ALIGNMENT - 1) & ~(MEM_ALIGNMENT-1))
+#endif
+
+/** Calculate safe memory size for an aligned buffer when using an unaligned
+ * type as storage. This includes a safety-margin on (MEM_ALIGNMENT - 1) at the
+ * start (e.g. if buffer is u8_t[] and actual data will be u32_t*)
+ */
+#ifndef LWIP_MEM_ALIGN_BUFFER
+#define LWIP_MEM_ALIGN_BUFFER(size) (((size) + MEM_ALIGNMENT - 1))
+#endif
+
+/** Align a memory pointer to the alignment defined by MEM_ALIGNMENT
+ * so that ADDR % MEM_ALIGNMENT == 0
+ */
+#ifndef LWIP_MEM_ALIGN
+#define LWIP_MEM_ALIGN(addr) ((void *)(((mem_ptr_t)(addr) + MEM_ALIGNMENT - 1) & ~(mem_ptr_t)(MEM_ALIGNMENT-1)))
+#endif
+
+#ifdef __cplusplus
+}
+#endif
+
+#endif /* __LWIP_MEM_H__ */
diff --git a/client/3rd/PacketProcessor/PacketProcessor/tun2socks-iOS/lwip/src/include/lwip/memp.h b/client/3rd/PacketProcessor/PacketProcessor/tun2socks-iOS/lwip/src/include/lwip/memp.h
new file mode 100644
index 00000000..f0d07399
--- /dev/null
+++ b/client/3rd/PacketProcessor/PacketProcessor/tun2socks-iOS/lwip/src/include/lwip/memp.h
@@ -0,0 +1,116 @@
+/*
+ * Copyright (c) 2001-2004 Swedish Institute of Computer Science.
+ * All rights reserved. 
+ * 
+ * Redistribution and use in source and binary forms, with or without modification, 
+ * are permitted provided that the following conditions are met:
+ *
+ * 1. Redistributions of source code must retain the above copyright notice,
+ *    this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright notice,
+ *    this list of conditions and the following disclaimer in the documentation
+ *    and/or other materials provided with the distribution.
+ * 3. The name of the author may not be used to endorse or promote products
+ *    derived from this software without specific prior written permission. 
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE AUTHOR ``AS IS'' AND ANY EXPRESS OR IMPLIED 
+ * WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF 
+ * MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT 
+ * SHALL THE AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, 
+ * EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT 
+ * OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS 
+ * INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN 
+ * CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING 
+ * IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY 
+ * OF SUCH DAMAGE.
+ *
+ * This file is part of the lwIP TCP/IP stack.
+ * 
+ * Author: Adam Dunkels <adam@sics.se>
+ *
+ */
+
+#ifndef __LWIP_MEMP_H__
+#define __LWIP_MEMP_H__
+
+#include "lwip/opt.h"
+
+#ifdef __cplusplus
+extern "C" {
+#endif
+
+/* Create the list of all memory pools managed by memp. MEMP_MAX represents a NULL pool at the end */
+typedef enum {
+#define LWIP_MEMPOOL(name,num,size,desc)  MEMP_##name,
+#include "lwip/memp_std.h"
+  MEMP_MAX
+} memp_t;
+
+#if MEM_USE_POOLS
+/* Use a helper type to get the start and end of the user "memory pools" for mem_malloc */
+typedef enum {
+    /* Get the first (via:
+       MEMP_POOL_HELPER_START = ((u8_t) 1*MEMP_POOL_A + 0*MEMP_POOL_B + 0*MEMP_POOL_C + 0)*/
+    MEMP_POOL_HELPER_FIRST = ((u8_t)
+#define LWIP_MEMPOOL(name,num,size,desc)
+#define LWIP_MALLOC_MEMPOOL_START 1
+#define LWIP_MALLOC_MEMPOOL(num, size) * MEMP_POOL_##size + 0
+#define LWIP_MALLOC_MEMPOOL_END
+#include "lwip/memp_std.h"
+    ) ,
+    /* Get the last (via:
+       MEMP_POOL_HELPER_END = ((u8_t) 0 + MEMP_POOL_A*0 + MEMP_POOL_B*0 + MEMP_POOL_C*1) */
+    MEMP_POOL_HELPER_LAST = ((u8_t)
+#define LWIP_MEMPOOL(name,num,size,desc)
+#define LWIP_MALLOC_MEMPOOL_START
+#define LWIP_MALLOC_MEMPOOL(num, size) 0 + MEMP_POOL_##size *
+#define LWIP_MALLOC_MEMPOOL_END 1
+#include "lwip/memp_std.h"
+    )
+} memp_pool_helper_t;
+
+/* The actual start and stop values are here (cast them over)
+   We use this helper type and these defines so we can avoid using const memp_t values */
+#define MEMP_POOL_FIRST ((memp_t) MEMP_POOL_HELPER_FIRST)
+#define MEMP_POOL_LAST   ((memp_t) MEMP_POOL_HELPER_LAST)
+#endif /* MEM_USE_POOLS */
+
+#if MEMP_MEM_MALLOC || MEM_USE_POOLS
+extern const u16_t memp_sizes[MEMP_MAX];
+#endif /* MEMP_MEM_MALLOC || MEM_USE_POOLS */
+
+#if MEMP_MEM_MALLOC
+
+#include "mem.h"
+
+#define memp_init()
+#define memp_malloc(type)     mem_malloc(memp_sizes[type])
+#define memp_free(type, mem)  mem_free(mem)
+
+#else /* MEMP_MEM_MALLOC */
+
+#if MEM_USE_POOLS
+/** This structure is used to save the pool one element came from. */
+struct memp_malloc_helper
+{
+   memp_t poolnr;
+};
+#endif /* MEM_USE_POOLS */
+
+void  memp_init(void);
+
+#if MEMP_OVERFLOW_CHECK
+void *memp_malloc_fn(memp_t type, const char* file, const int line);
+#define memp_malloc(t) memp_malloc_fn((t), __FILE__, __LINE__)
+#else
+void *memp_malloc(memp_t type);
+#endif
+void  memp_free(memp_t type, void *mem);
+
+#endif /* MEMP_MEM_MALLOC */
+
+#ifdef __cplusplus
+}
+#endif
+
+#endif /* __LWIP_MEMP_H__ */
diff --git a/client/3rd/PacketProcessor/PacketProcessor/tun2socks-iOS/lwip/src/include/lwip/memp_std.h b/client/3rd/PacketProcessor/PacketProcessor/tun2socks-iOS/lwip/src/include/lwip/memp_std.h
new file mode 100644
index 00000000..592a2824
--- /dev/null
+++ b/client/3rd/PacketProcessor/PacketProcessor/tun2socks-iOS/lwip/src/include/lwip/memp_std.h
@@ -0,0 +1,135 @@
+/*
+ * SETUP: Make sure we define everything we will need.
+ *
+ * We have create three types of pools:
+ *   1) MEMPOOL - standard pools
+ *   2) MALLOC_MEMPOOL - to be used by mem_malloc in mem.c
+ *   3) PBUF_MEMPOOL - a mempool of pbuf's, so include space for the pbuf struct
+ *
+ * If the include'r doesn't require any special treatment of each of the types
+ * above, then will declare #2 & #3 to be just standard mempools.
+ */
+#ifndef LWIP_MALLOC_MEMPOOL
+/* This treats "malloc pools" just like any other pool.
+   The pools are a little bigger to provide 'size' as the amount of user data. */
+#define LWIP_MALLOC_MEMPOOL(num, size) LWIP_MEMPOOL(POOL_##size, num, (size + sizeof(struct memp_malloc_helper)), "MALLOC_"#size)
+#define LWIP_MALLOC_MEMPOOL_START
+#define LWIP_MALLOC_MEMPOOL_END
+#endif /* LWIP_MALLOC_MEMPOOL */ 
+
+#ifndef LWIP_PBUF_MEMPOOL
+/* This treats "pbuf pools" just like any other pool.
+ * Allocates buffers for a pbuf struct AND a payload size */
+#define LWIP_PBUF_MEMPOOL(name, num, payload, desc) LWIP_MEMPOOL(name, num, (MEMP_ALIGN_SIZE(sizeof(struct pbuf)) + MEMP_ALIGN_SIZE(payload)), desc)
+#endif /* LWIP_PBUF_MEMPOOL */
+
+
+/*
+ * A list of internal pools used by LWIP.
+ *
+ * LWIP_MEMPOOL(pool_name, number_elements, element_size, pool_description)
+ *     creates a pool name MEMP_pool_name. description is used in stats.c
+ */
+#if LWIP_RAW
+LWIP_MEMPOOL(RAW_PCB,        MEMP_NUM_RAW_PCB,         sizeof(struct raw_pcb),        "RAW_PCB")
+#endif /* LWIP_RAW */
+
+#if LWIP_UDP
+LWIP_MEMPOOL(UDP_PCB,        MEMP_NUM_UDP_PCB,         sizeof(struct udp_pcb),        "UDP_PCB")
+#endif /* LWIP_UDP */
+
+#if LWIP_TCP
+LWIP_MEMPOOL(TCP_PCB,        MEMP_NUM_TCP_PCB,         sizeof(struct tcp_pcb),        "TCP_PCB")
+LWIP_MEMPOOL(TCP_PCB_LISTEN, MEMP_NUM_TCP_PCB_LISTEN,  sizeof(struct tcp_pcb_listen), "TCP_PCB_LISTEN")
+LWIP_MEMPOOL(TCP_SEG,        MEMP_NUM_TCP_SEG,         sizeof(struct tcp_seg),        "TCP_SEG")
+#endif /* LWIP_TCP */
+
+#if IP_REASSEMBLY
+LWIP_MEMPOOL(REASSDATA,      MEMP_NUM_REASSDATA,       sizeof(struct ip_reassdata),   "REASSDATA")
+#endif /* IP_REASSEMBLY */
+#if (IP_FRAG && !IP_FRAG_USES_STATIC_BUF && !LWIP_NETIF_TX_SINGLE_PBUF) || LWIP_IPV6_FRAG
+LWIP_MEMPOOL(FRAG_PBUF,      MEMP_NUM_FRAG_PBUF,       sizeof(struct pbuf_custom_ref),"FRAG_PBUF")
+#endif /* IP_FRAG && !IP_FRAG_USES_STATIC_BUF && !LWIP_NETIF_TX_SINGLE_PBUF */
+
+#if LWIP_NETCONN
+LWIP_MEMPOOL(NETBUF,         MEMP_NUM_NETBUF,          sizeof(struct netbuf),         "NETBUF")
+LWIP_MEMPOOL(NETCONN,        MEMP_NUM_NETCONN,         sizeof(struct netconn),        "NETCONN")
+#endif /* LWIP_NETCONN */
+
+#if NO_SYS==0
+LWIP_MEMPOOL(TCPIP_MSG_API,  MEMP_NUM_TCPIP_MSG_API,   sizeof(struct tcpip_msg),      "TCPIP_MSG_API")
+#if !LWIP_TCPIP_CORE_LOCKING_INPUT
+LWIP_MEMPOOL(TCPIP_MSG_INPKT,MEMP_NUM_TCPIP_MSG_INPKT, sizeof(struct tcpip_msg),      "TCPIP_MSG_INPKT")
+#endif /* !LWIP_TCPIP_CORE_LOCKING_INPUT */
+#endif /* NO_SYS==0 */
+
+#if LWIP_ARP && ARP_QUEUEING
+LWIP_MEMPOOL(ARP_QUEUE,      MEMP_NUM_ARP_QUEUE,       sizeof(struct etharp_q_entry), "ARP_QUEUE")
+#endif /* LWIP_ARP && ARP_QUEUEING */
+
+#if LWIP_IGMP
+LWIP_MEMPOOL(IGMP_GROUP,     MEMP_NUM_IGMP_GROUP,      sizeof(struct igmp_group),     "IGMP_GROUP")
+#endif /* LWIP_IGMP */
+
+#if (!NO_SYS || (NO_SYS && !NO_SYS_NO_TIMERS)) /* LWIP_TIMERS */
+LWIP_MEMPOOL(SYS_TIMEOUT,    MEMP_NUM_SYS_TIMEOUT,     sizeof(struct sys_timeo),      "SYS_TIMEOUT")
+#endif /* LWIP_TIMERS */
+
+#if LWIP_SNMP
+LWIP_MEMPOOL(SNMP_ROOTNODE,  MEMP_NUM_SNMP_ROOTNODE,   sizeof(struct mib_list_rootnode), "SNMP_ROOTNODE")
+LWIP_MEMPOOL(SNMP_NODE,      MEMP_NUM_SNMP_NODE,       sizeof(struct mib_list_node),     "SNMP_NODE")
+LWIP_MEMPOOL(SNMP_VARBIND,   MEMP_NUM_SNMP_VARBIND,    sizeof(struct snmp_varbind),      "SNMP_VARBIND")
+LWIP_MEMPOOL(SNMP_VALUE,     MEMP_NUM_SNMP_VALUE,      SNMP_MAX_VALUE_SIZE,              "SNMP_VALUE")
+#endif /* LWIP_SNMP */
+#if LWIP_DNS && LWIP_SOCKET
+LWIP_MEMPOOL(NETDB,          MEMP_NUM_NETDB,           NETDB_ELEM_SIZE,               "NETDB")
+#endif /* LWIP_DNS && LWIP_SOCKET */
+#if LWIP_DNS && DNS_LOCAL_HOSTLIST && DNS_LOCAL_HOSTLIST_IS_DYNAMIC
+LWIP_MEMPOOL(LOCALHOSTLIST,  MEMP_NUM_LOCALHOSTLIST,   LOCALHOSTLIST_ELEM_SIZE,       "LOCALHOSTLIST")
+#endif /* LWIP_DNS && DNS_LOCAL_HOSTLIST && DNS_LOCAL_HOSTLIST_IS_DYNAMIC */
+#if PPP_SUPPORT && PPPOE_SUPPORT
+LWIP_MEMPOOL(PPPOE_IF,      MEMP_NUM_PPPOE_INTERFACES, sizeof(struct pppoe_softc),    "PPPOE_IF")
+#endif /* PPP_SUPPORT && PPPOE_SUPPORT */
+
+#if LWIP_IPV6 && LWIP_ND6_QUEUEING
+LWIP_MEMPOOL(ND6_QUEUE,      MEMP_NUM_ND6_QUEUE,       sizeof(struct nd6_q_entry), "ND6_QUEUE")
+#endif /* LWIP_IPV6 && LWIP_ND6_QUEUEING */
+
+#if LWIP_IPV6 && LWIP_IPV6_REASS
+LWIP_MEMPOOL(IP6_REASSDATA,      MEMP_NUM_REASSDATA,       sizeof(struct ip6_reassdata),   "IP6_REASSDATA")
+#endif /* LWIP_IPV6 && LWIP_IPV6_REASS */
+
+#if LWIP_IPV6 && LWIP_IPV6_MLD
+LWIP_MEMPOOL(MLD6_GROUP,     MEMP_NUM_MLD6_GROUP,      sizeof(struct mld_group),     "MLD6_GROUP")
+#endif /* LWIP_IPV6 && LWIP_IPV6_MLD */
+
+
+/*
+ * A list of pools of pbuf's used by LWIP.
+ *
+ * LWIP_PBUF_MEMPOOL(pool_name, number_elements, pbuf_payload_size, pool_description)
+ *     creates a pool name MEMP_pool_name. description is used in stats.c
+ *     This allocates enough space for the pbuf struct and a payload.
+ *     (Example: pbuf_payload_size=0 allocates only size for the struct)
+ */
+LWIP_PBUF_MEMPOOL(PBUF,      MEMP_NUM_PBUF,            0,                             "PBUF_REF/ROM")
+LWIP_PBUF_MEMPOOL(PBUF_POOL, PBUF_POOL_SIZE,           PBUF_POOL_BUFSIZE,             "PBUF_POOL")
+
+
+/*
+ * Allow for user-defined pools; this must be explicitly set in lwipopts.h
+ * since the default is to NOT look for lwippools.h
+ */
+#if MEMP_USE_CUSTOM_POOLS
+#include "lwippools.h"
+#endif /* MEMP_USE_CUSTOM_POOLS */
+
+/*
+ * REQUIRED CLEANUP: Clear up so we don't get "multiply defined" error later
+ * (#undef is ignored for something that is not defined)
+ */
+#undef LWIP_MEMPOOL
+#undef LWIP_MALLOC_MEMPOOL
+#undef LWIP_MALLOC_MEMPOOL_START
+#undef LWIP_MALLOC_MEMPOOL_END
+#undef LWIP_PBUF_MEMPOOL
diff --git a/client/3rd/PacketProcessor/PacketProcessor/tun2socks-iOS/lwip/src/include/lwip/netbuf.h b/client/3rd/PacketProcessor/PacketProcessor/tun2socks-iOS/lwip/src/include/lwip/netbuf.h
new file mode 100644
index 00000000..d12fe270
--- /dev/null
+++ b/client/3rd/PacketProcessor/PacketProcessor/tun2socks-iOS/lwip/src/include/lwip/netbuf.h
@@ -0,0 +1,112 @@
+/*
+ * Copyright (c) 2001-2004 Swedish Institute of Computer Science.
+ * All rights reserved. 
+ * 
+ * Redistribution and use in source and binary forms, with or without modification, 
+ * are permitted provided that the following conditions are met:
+ *
+ * 1. Redistributions of source code must retain the above copyright notice,
+ *    this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright notice,
+ *    this list of conditions and the following disclaimer in the documentation
+ *    and/or other materials provided with the distribution.
+ * 3. The name of the author may not be used to endorse or promote products
+ *    derived from this software without specific prior written permission. 
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE AUTHOR ``AS IS'' AND ANY EXPRESS OR IMPLIED 
+ * WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF 
+ * MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT 
+ * SHALL THE AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, 
+ * EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT 
+ * OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS 
+ * INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN 
+ * CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING 
+ * IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY 
+ * OF SUCH DAMAGE.
+ *
+ * This file is part of the lwIP TCP/IP stack.
+ * 
+ * Author: Adam Dunkels <adam@sics.se>
+ *
+ */
+#ifndef __LWIP_NETBUF_H__
+#define __LWIP_NETBUF_H__
+
+#include "lwip/opt.h"
+#include "lwip/pbuf.h"
+#include "lwip/ip_addr.h"
+#include "lwip/ip6_addr.h"
+
+#ifdef __cplusplus
+extern "C" {
+#endif
+
+/** This netbuf has dest-addr/port set */
+#define NETBUF_FLAG_DESTADDR    0x01
+/** This netbuf includes a checksum */
+#define NETBUF_FLAG_CHKSUM      0x02
+
+struct netbuf {
+  struct pbuf *p, *ptr;
+  ipX_addr_t addr;
+  u16_t port;
+#if LWIP_NETBUF_RECVINFO || LWIP_CHECKSUM_ON_COPY
+#if LWIP_CHECKSUM_ON_COPY
+  u8_t flags;
+#endif /* LWIP_CHECKSUM_ON_COPY */
+  u16_t toport_chksum;
+#if LWIP_NETBUF_RECVINFO
+  ipX_addr_t toaddr;
+#endif /* LWIP_NETBUF_RECVINFO */
+#endif /* LWIP_NETBUF_RECVINFO || LWIP_CHECKSUM_ON_COPY */
+};
+
+/* Network buffer functions: */
+struct netbuf *   netbuf_new      (void);
+void              netbuf_delete   (struct netbuf *buf);
+void *            netbuf_alloc    (struct netbuf *buf, u16_t size);
+void              netbuf_free     (struct netbuf *buf);
+err_t             netbuf_ref      (struct netbuf *buf,
+                                   const void *dataptr, u16_t size);
+void              netbuf_chain    (struct netbuf *head,
+           struct netbuf *tail);
+
+err_t             netbuf_data     (struct netbuf *buf,
+                                   void **dataptr, u16_t *len);
+s8_t              netbuf_next     (struct netbuf *buf);
+void              netbuf_first    (struct netbuf *buf);
+
+
+#define netbuf_copy_partial(buf, dataptr, len, offset) \
+  pbuf_copy_partial((buf)->p, (dataptr), (len), (offset))
+#define netbuf_copy(buf,dataptr,len) netbuf_copy_partial(buf, dataptr, len, 0)
+#define netbuf_take(buf, dataptr, len) pbuf_take((buf)->p, dataptr, len)
+#define netbuf_len(buf)              ((buf)->p->tot_len)
+#define netbuf_fromaddr(buf)         (ipX_2_ip(&((buf)->addr)))
+#define netbuf_set_fromaddr(buf, fromaddr) ip_addr_set(ipX_2_ip(&((buf)->addr)), fromaddr)
+#define netbuf_fromport(buf)         ((buf)->port)
+#if LWIP_NETBUF_RECVINFO
+#define netbuf_destaddr(buf)         (ipX_2_ip(&((buf)->toaddr)))
+#define netbuf_set_destaddr(buf, destaddr) ip_addr_set(ipX_2_ip(&((buf)->toaddr)), destaddr)
+#define netbuf_destport(buf)         (((buf)->flags & NETBUF_FLAG_DESTADDR) ? (buf)->toport_chksum : 0)
+#endif /* LWIP_NETBUF_RECVINFO */
+#if LWIP_CHECKSUM_ON_COPY
+#define netbuf_set_chksum(buf, chksum) do { (buf)->flags = NETBUF_FLAG_CHKSUM; \
+                                            (buf)->toport_chksum = chksum; } while(0)
+#endif /* LWIP_CHECKSUM_ON_COPY */
+
+#if LWIP_IPV6
+#define netbuf_fromaddr_ip6(buf)         (ipX_2_ip6(&((buf)->addr)))
+#define netbuf_set_fromaddr_ip6(buf, fromaddr) ip6_addr_set(ipX_2_ip6(&((buf)->addr)), fromaddr)
+#define netbuf_destaddr_ip6(buf)         (ipX_2_ip6(&((buf)->toaddr)))
+#define netbuf_set_destaddr_ip6(buf, destaddr) ip6_addr_set(ipX_2_ip6(&((buf)->toaddr)), destaddr)
+#endif /* LWIP_IPV6 */
+
+#define netbuf_fromaddr_ipX(buf)         (&((buf)->addr))
+#define netbuf_destaddr_ipX(buf)         (&((buf)->toaddr))
+
+#ifdef __cplusplus
+}
+#endif
+
+#endif /* __LWIP_NETBUF_H__ */
diff --git a/client/3rd/PacketProcessor/PacketProcessor/tun2socks-iOS/lwip/src/include/lwip/netdb.h b/client/3rd/PacketProcessor/PacketProcessor/tun2socks-iOS/lwip/src/include/lwip/netdb.h
new file mode 100644
index 00000000..7587e2f2
--- /dev/null
+++ b/client/3rd/PacketProcessor/PacketProcessor/tun2socks-iOS/lwip/src/include/lwip/netdb.h
@@ -0,0 +1,124 @@
+/*
+ * Redistribution and use in source and binary forms, with or without modification, 
+ * are permitted provided that the following conditions are met:
+ *
+ * 1. Redistributions of source code must retain the above copyright notice,
+ *    this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright notice,
+ *    this list of conditions and the following disclaimer in the documentation
+ *    and/or other materials provided with the distribution.
+ * 3. The name of the author may not be used to endorse or promote products
+ *    derived from this software without specific prior written permission. 
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE AUTHOR ``AS IS'' AND ANY EXPRESS OR IMPLIED 
+ * WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF 
+ * MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT 
+ * SHALL THE AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, 
+ * EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT 
+ * OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS 
+ * INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN 
+ * CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING 
+ * IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY 
+ * OF SUCH DAMAGE.
+ *
+ * This file is part of the lwIP TCP/IP stack.
+ * 
+ * Author: Simon Goldschmidt
+ *
+ */
+#ifndef __LWIP_NETDB_H__
+#define __LWIP_NETDB_H__
+
+#include "lwip/opt.h"
+
+#if LWIP_DNS && LWIP_SOCKET
+
+#include <stddef.h> /* for size_t */
+
+#include "lwip/inet.h"
+#include "lwip/sockets.h"
+
+#ifdef __cplusplus
+extern "C" {
+#endif
+
+/* some rarely used options */
+#ifndef LWIP_DNS_API_DECLARE_H_ERRNO
+#define LWIP_DNS_API_DECLARE_H_ERRNO 1
+#endif
+
+#ifndef LWIP_DNS_API_DEFINE_ERRORS
+#define LWIP_DNS_API_DEFINE_ERRORS 1
+#endif
+
+#ifndef LWIP_DNS_API_DECLARE_STRUCTS
+#define LWIP_DNS_API_DECLARE_STRUCTS 1
+#endif
+
+#if LWIP_DNS_API_DEFINE_ERRORS
+/** Errors used by the DNS API functions, h_errno can be one of them */
+#define EAI_NONAME      200
+#define EAI_SERVICE     201
+#define EAI_FAIL        202
+#define EAI_MEMORY      203
+
+#define HOST_NOT_FOUND  210
+#define NO_DATA         211
+#define NO_RECOVERY     212
+#define TRY_AGAIN       213
+#endif /* LWIP_DNS_API_DEFINE_ERRORS */
+
+#if LWIP_DNS_API_DECLARE_STRUCTS
+struct hostent {
+    char  *h_name;      /* Official name of the host. */
+    char **h_aliases;   /* A pointer to an array of pointers to alternative host names,
+                           terminated by a null pointer. */
+    int    h_addrtype;  /* Address type. */
+    int    h_length;    /* The length, in bytes, of the address. */
+    char **h_addr_list; /* A pointer to an array of pointers to network addresses (in
+                           network byte order) for the host, terminated by a null pointer. */
+#define h_addr h_addr_list[0] /* for backward compatibility */
+};
+
+struct addrinfo {
+    int               ai_flags;      /* Input flags. */
+    int               ai_family;     /* Address family of socket. */
+    int               ai_socktype;   /* Socket type. */
+    int               ai_protocol;   /* Protocol of socket. */
+    socklen_t         ai_addrlen;    /* Length of socket address. */
+    struct sockaddr  *ai_addr;       /* Socket address of socket. */
+    char             *ai_canonname;  /* Canonical name of service location. */
+    struct addrinfo  *ai_next;       /* Pointer to next in list. */
+};
+#endif /* LWIP_DNS_API_DECLARE_STRUCTS */
+
+#if LWIP_DNS_API_DECLARE_H_ERRNO
+/* application accessable error code set by the DNS API functions */
+extern int h_errno;
+#endif /* LWIP_DNS_API_DECLARE_H_ERRNO*/
+
+struct hostent *lwip_gethostbyname(const char *name);
+int lwip_gethostbyname_r(const char *name, struct hostent *ret, char *buf,
+                size_t buflen, struct hostent **result, int *h_errnop);
+void lwip_freeaddrinfo(struct addrinfo *ai);
+int lwip_getaddrinfo(const char *nodename,
+       const char *servname,
+       const struct addrinfo *hints,
+       struct addrinfo **res);
+
+#if LWIP_COMPAT_SOCKETS
+#define gethostbyname(name) lwip_gethostbyname(name)
+#define gethostbyname_r(name, ret, buf, buflen, result, h_errnop) \
+       lwip_gethostbyname_r(name, ret, buf, buflen, result, h_errnop)
+#define freeaddrinfo(addrinfo) lwip_freeaddrinfo(addrinfo)
+#define getaddrinfo(nodname, servname, hints, res) \
+       lwip_getaddrinfo(nodname, servname, hints, res)
+#endif /* LWIP_COMPAT_SOCKETS */
+
+#ifdef __cplusplus
+}
+#endif
+
+#endif /* LWIP_DNS && LWIP_SOCKET */
+
+#endif /* __LWIP_NETDB_H__ */
diff --git a/client/3rd/PacketProcessor/PacketProcessor/tun2socks-iOS/lwip/src/include/lwip/netif.h b/client/3rd/PacketProcessor/PacketProcessor/tun2socks-iOS/lwip/src/include/lwip/netif.h
new file mode 100644
index 00000000..f9770324
--- /dev/null
+++ b/client/3rd/PacketProcessor/PacketProcessor/tun2socks-iOS/lwip/src/include/lwip/netif.h
@@ -0,0 +1,393 @@
+/*
+ * Copyright (c) 2001-2004 Swedish Institute of Computer Science.
+ * All rights reserved. 
+ * 
+ * Redistribution and use in source and binary forms, with or without modification, 
+ * are permitted provided that the following conditions are met:
+ *
+ * 1. Redistributions of source code must retain the above copyright notice,
+ *    this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright notice,
+ *    this list of conditions and the following disclaimer in the documentation
+ *    and/or other materials provided with the distribution.
+ * 3. The name of the author may not be used to endorse or promote products
+ *    derived from this software without specific prior written permission. 
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE AUTHOR ``AS IS'' AND ANY EXPRESS OR IMPLIED 
+ * WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF 
+ * MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT 
+ * SHALL THE AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, 
+ * EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT 
+ * OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS 
+ * INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN 
+ * CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING 
+ * IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY 
+ * OF SUCH DAMAGE.
+ *
+ * This file is part of the lwIP TCP/IP stack.
+ * 
+ * Author: Adam Dunkels <adam@sics.se>
+ *
+ */
+#ifndef __LWIP_NETIF_H__
+#define __LWIP_NETIF_H__
+
+#include "lwip/opt.h"
+
+#define ENABLE_LOOPBACK (LWIP_NETIF_LOOPBACK || LWIP_HAVE_LOOPIF)
+
+#include "lwip/err.h"
+
+#include "lwip/ip_addr.h"
+#include "lwip/ip6_addr.h"
+
+#include "lwip/def.h"
+#include "lwip/pbuf.h"
+#if LWIP_DHCP
+struct dhcp;
+#endif
+#if LWIP_AUTOIP
+struct autoip;
+#endif
+#if LWIP_IPV6_DHCP6
+#include "lwip/dhcp6.h"
+#endif /* LWIP_IPV6_DHCP6 */
+
+#ifdef __cplusplus
+extern "C" {
+#endif
+
+/* Throughout this file, IP addresses are expected to be in
+ * the same byte order as in IP_PCB. */
+
+/** must be the maximum of all used hardware address lengths
+    across all types of interfaces in use */
+#define NETIF_MAX_HWADDR_LEN 6U
+
+/** Whether the network interface is 'up'. This is
+ * a software flag used to control whether this network
+ * interface is enabled and processes traffic.
+ * It is set by the startup code (for static IP configuration) or
+ * by dhcp/autoip when an address has been assigned.
+ */
+#define NETIF_FLAG_UP           0x01U
+/** If set, the netif has broadcast capability.
+ * Set by the netif driver in its init function. */
+#define NETIF_FLAG_BROADCAST    0x02U
+/** If set, the netif is one end of a point-to-point connection.
+ * Set by the netif driver in its init function. */
+#define NETIF_FLAG_POINTTOPOINT 0x04U
+/** If set, the interface is configured using DHCP.
+ * Set by the DHCP code when starting or stopping DHCP. */
+#define NETIF_FLAG_DHCP         0x08U
+/** If set, the interface has an active link
+ *  (set by the network interface driver).
+ * Either set by the netif driver in its init function (if the link
+ * is up at that time) or at a later point once the link comes up
+ * (if link detection is supported by the hardware). */
+#define NETIF_FLAG_LINK_UP      0x10U
+/** If set, the netif is an ethernet device using ARP.
+ * Set by the netif driver in its init function.
+ * Used to check input packet types and use of DHCP. */
+#define NETIF_FLAG_ETHARP       0x20U
+/** If set, the netif is an ethernet device. It might not use
+ * ARP or TCP/IP if it is used for PPPoE only.
+ */
+#define NETIF_FLAG_ETHERNET     0x40U
+/** If set, the netif has IGMP capability.
+ * Set by the netif driver in its init function. */
+#define NETIF_FLAG_IGMP         0x80U
+/** Whether to pretend that we are every host for TCP packets.
+ * Set by netif_set_pretend_tcp. */
+#define NETIF_FLAG_PRETEND_TCP  0x100U
+
+/** Function prototype for netif init functions. Set up flags and output/linkoutput
+ * callback functions in this function.
+ *
+ * @param netif The netif to initialize
+ */
+typedef err_t (*netif_init_fn)(struct netif *netif);
+/** Function prototype for netif->input functions. This function is saved as 'input'
+ * callback function in the netif struct. Call it when a packet has been received.
+ *
+ * @param p The received packet, copied into a pbuf
+ * @param inp The netif which received the packet
+ */
+typedef err_t (*netif_input_fn)(struct pbuf *p, struct netif *inp);
+/** Function prototype for netif->output functions. Called by lwIP when a packet
+ * shall be sent. For ethernet netif, set this to 'etharp_output' and set
+ * 'linkoutput'.
+ *
+ * @param netif The netif which shall send a packet
+ * @param p The packet to send (p->payload points to IP header)
+ * @param ipaddr The IP address to which the packet shall be sent
+ */
+typedef err_t (*netif_output_fn)(struct netif *netif, struct pbuf *p,
+       ip_addr_t *ipaddr);
+#if LWIP_IPV6
+/** Function prototype for netif->output_ip6 functions. Called by lwIP when a packet
+ * shall be sent. For ethernet netif, set this to 'nd_output' and set
+ * 'linkoutput'.
+ *
+ * @param netif The netif which shall send a packet
+ * @param p The packet to send (p->payload points to IP header)
+ * @param ipaddr The IPv6 address to which the packet shall be sent
+ */
+typedef err_t (*netif_output_ip6_fn)(struct netif *netif, struct pbuf *p,
+       ip6_addr_t *ipaddr);
+#endif /* LWIP_IPV6 */
+/** Function prototype for netif->linkoutput functions. Only used for ethernet
+ * netifs. This function is called by ARP when a packet shall be sent.
+ *
+ * @param netif The netif which shall send a packet
+ * @param p The packet to send (raw ethernet packet)
+ */
+typedef err_t (*netif_linkoutput_fn)(struct netif *netif, struct pbuf *p);
+/** Function prototype for netif status- or link-callback functions. */
+typedef void (*netif_status_callback_fn)(struct netif *netif);
+/** Function prototype for netif igmp_mac_filter functions */
+typedef err_t (*netif_igmp_mac_filter_fn)(struct netif *netif,
+       ip_addr_t *group, u8_t action);
+#if LWIP_IPV6 && LWIP_IPV6_MLD
+/** Function prototype for netif mld_mac_filter functions */
+typedef err_t (*netif_mld_mac_filter_fn)(struct netif *netif,
+       ip6_addr_t *group, u8_t action);
+#endif /* LWIP_IPV6 && LWIP_IPV6_MLD */
+
+/** Generic data structure used for all lwIP network interfaces.
+ *  The following fields should be filled in by the initialization
+ *  function for the device driver: hwaddr_len, hwaddr[], mtu, flags */
+struct netif {
+  /** pointer to next in linked list */
+  struct netif *next;
+
+  /** IP address configuration in network byte order */
+  ip_addr_t ip_addr;
+  ip_addr_t netmask;
+  ip_addr_t gw;
+
+#if LWIP_IPV6
+  /** Array of IPv6 addresses for this netif. */
+  ip6_addr_t ip6_addr[LWIP_IPV6_NUM_ADDRESSES];
+  /** The state of each IPv6 address (Tentative, Preferred, etc).
+   * @see ip6_addr.h */
+  u8_t ip6_addr_state[LWIP_IPV6_NUM_ADDRESSES];
+#endif /* LWIP_IPV6 */
+  /** This function is called by the network device driver
+   *  to pass a packet up the TCP/IP stack. */
+  netif_input_fn input;
+  /** This function is called by the IP module when it wants
+   *  to send a packet on the interface. This function typically
+   *  first resolves the hardware address, then sends the packet. */
+  netif_output_fn output;
+  /** This function is called by the ARP module when it wants
+   *  to send a packet on the interface. This function outputs
+   *  the pbuf as-is on the link medium. */
+  netif_linkoutput_fn linkoutput;
+#if LWIP_IPV6
+  /** This function is called by the IPv6 module when it wants
+   *  to send a packet on the interface. This function typically
+   *  first resolves the hardware address, then sends the packet. */
+  netif_output_ip6_fn output_ip6;
+#endif /* LWIP_IPV6 */
+#if LWIP_NETIF_STATUS_CALLBACK
+  /** This function is called when the netif state is set to up or down
+   */
+  netif_status_callback_fn status_callback;
+#endif /* LWIP_NETIF_STATUS_CALLBACK */
+#if LWIP_NETIF_LINK_CALLBACK
+  /** This function is called when the netif link is set to up or down
+   */
+  netif_status_callback_fn link_callback;
+#endif /* LWIP_NETIF_LINK_CALLBACK */
+#if LWIP_NETIF_REMOVE_CALLBACK
+  /** This function is called when the netif has been removed */
+  netif_status_callback_fn remove_callback;
+#endif /* LWIP_NETIF_REMOVE_CALLBACK */
+  /** This field can be set by the device driver and could point
+   *  to state information for the device. */
+  void *state;
+#if LWIP_DHCP
+  /** the DHCP client state information for this netif */
+  struct dhcp *dhcp;
+#endif /* LWIP_DHCP */
+#if LWIP_AUTOIP
+  /** the AutoIP client state information for this netif */
+  struct autoip *autoip;
+#endif
+#if LWIP_IPV6_AUTOCONFIG
+  /** is this netif enabled for IPv6 autoconfiguration */
+  u8_t ip6_autoconfig_enabled;
+#endif /* LWIP_IPV6_AUTOCONFIG */
+#if LWIP_IPV6_SEND_ROUTER_SOLICIT
+  /** Number of Router Solicitation messages that remain to be sent. */
+  u8_t rs_count;
+#endif /* LWIP_IPV6_SEND_ROUTER_SOLICIT */
+#if LWIP_IPV6_DHCP6
+  /** the DHCPv6 client state information for this netif */
+  struct dhcp6 *dhcp6;
+#endif /* LWIP_IPV6_DHCP6 */
+#if LWIP_NETIF_HOSTNAME
+  /* the hostname for this netif, NULL is a valid value */
+  char*  hostname;
+#endif /* LWIP_NETIF_HOSTNAME */
+  /** maximum transfer unit (in bytes) */
+  u16_t mtu;
+  /** number of bytes used in hwaddr */
+  u8_t hwaddr_len;
+  /** link level hardware address of this interface */
+  u8_t hwaddr[NETIF_MAX_HWADDR_LEN];
+  /** flags (see NETIF_FLAG_ above) */
+  u16_t flags;
+  /** descriptive abbreviation */
+  char name[2];
+  /** number of this interface */
+  u8_t num;
+#if LWIP_SNMP
+  /** link type (from "snmp_ifType" enum from snmp.h) */
+  u8_t link_type;
+  /** (estimate) link speed */
+  u32_t link_speed;
+  /** timestamp at last change made (up/down) */
+  u32_t ts;
+  /** counters */
+  u32_t ifinoctets;
+  u32_t ifinucastpkts;
+  u32_t ifinnucastpkts;
+  u32_t ifindiscards;
+  u32_t ifoutoctets;
+  u32_t ifoutucastpkts;
+  u32_t ifoutnucastpkts;
+  u32_t ifoutdiscards;
+#endif /* LWIP_SNMP */
+#if LWIP_IGMP
+  /** This function could be called to add or delete an entry in the multicast
+      filter table of the ethernet MAC.*/
+  netif_igmp_mac_filter_fn igmp_mac_filter;
+#endif /* LWIP_IGMP */
+#if LWIP_IPV6 && LWIP_IPV6_MLD
+  /** This function could be called to add or delete an entry in the IPv6 multicast
+      filter table of the ethernet MAC. */
+  netif_mld_mac_filter_fn mld_mac_filter;
+#endif /* LWIP_IPV6 && LWIP_IPV6_MLD */
+#if LWIP_NETIF_HWADDRHINT
+  u8_t *addr_hint;
+#endif /* LWIP_NETIF_HWADDRHINT */
+#if ENABLE_LOOPBACK
+  /* List of packets to be queued for ourselves. */
+  struct pbuf *loop_first;
+  struct pbuf *loop_last;
+#if LWIP_LOOPBACK_MAX_PBUFS
+  u16_t loop_cnt_current;
+#endif /* LWIP_LOOPBACK_MAX_PBUFS */
+#endif /* ENABLE_LOOPBACK */
+};
+
+#if LWIP_SNMP
+#define NETIF_INIT_SNMP(netif, type, speed) \
+  /* use "snmp_ifType" enum from snmp.h for "type", snmp_ifType_ethernet_csmacd by example */ \
+  (netif)->link_type = (type);    \
+  /* your link speed here (units: bits per second) */  \
+  (netif)->link_speed = (speed);  \
+  (netif)->ts = 0;              \
+  (netif)->ifinoctets = 0;      \
+  (netif)->ifinucastpkts = 0;   \
+  (netif)->ifinnucastpkts = 0;  \
+  (netif)->ifindiscards = 0;    \
+  (netif)->ifoutoctets = 0;     \
+  (netif)->ifoutucastpkts = 0;  \
+  (netif)->ifoutnucastpkts = 0; \
+  (netif)->ifoutdiscards = 0
+#else /* LWIP_SNMP */
+#define NETIF_INIT_SNMP(netif, type, speed)
+#endif /* LWIP_SNMP */
+
+
+/** The list of network interfaces. */
+extern struct netif *netif_list;
+/** The default network interface. */
+extern struct netif *netif_default;
+
+void netif_init(void);
+
+struct netif *netif_add(struct netif *netif, ip_addr_t *ipaddr, ip_addr_t *netmask,
+      ip_addr_t *gw, void *state, netif_init_fn init, netif_input_fn input);
+
+void
+netif_set_addr(struct netif *netif, ip_addr_t *ipaddr, ip_addr_t *netmask,
+      ip_addr_t *gw);
+void netif_remove(struct netif * netif);
+
+/* Returns a network interface given its name. The name is of the form
+   "et0", where the first two letters are the "name" field in the
+   netif structure, and the digit is in the num field in the same
+   structure. */
+struct netif *netif_find(char *name);
+
+int netif_is_named (struct netif *netif, const char name[3]);
+
+void netif_set_default(struct netif *netif);
+
+void netif_set_ipaddr(struct netif *netif, ip_addr_t *ipaddr);
+void netif_set_netmask(struct netif *netif, ip_addr_t *netmask);
+void netif_set_gw(struct netif *netif, ip_addr_t *gw);
+void netif_set_pretend_tcp(struct netif *netif, u8_t pretend);
+
+void netif_set_up(struct netif *netif);
+void netif_set_down(struct netif *netif);
+/** Ask if an interface is up */
+#define netif_is_up(netif) (((netif)->flags & NETIF_FLAG_UP) ? (u8_t)1 : (u8_t)0)
+
+#if LWIP_NETIF_STATUS_CALLBACK
+void netif_set_status_callback(struct netif *netif, netif_status_callback_fn status_callback);
+#endif /* LWIP_NETIF_STATUS_CALLBACK */
+#if LWIP_NETIF_REMOVE_CALLBACK
+void netif_set_remove_callback(struct netif *netif, netif_status_callback_fn remove_callback);
+#endif /* LWIP_NETIF_REMOVE_CALLBACK */
+
+void netif_set_link_up(struct netif *netif);
+void netif_set_link_down(struct netif *netif);
+/** Ask if a link is up */ 
+#define netif_is_link_up(netif) (((netif)->flags & NETIF_FLAG_LINK_UP) ? (u8_t)1 : (u8_t)0)
+
+#if LWIP_NETIF_LINK_CALLBACK
+void netif_set_link_callback(struct netif *netif, netif_status_callback_fn link_callback);
+#endif /* LWIP_NETIF_LINK_CALLBACK */
+
+#if LWIP_NETIF_HOSTNAME
+#define netif_set_hostname(netif, name) do { if((netif) != NULL) { (netif)->hostname = name; }}while(0)
+#define netif_get_hostname(netif) (((netif) != NULL) ? ((netif)->hostname) : NULL)
+#endif /* LWIP_NETIF_HOSTNAME */
+
+#if LWIP_IGMP
+#define netif_set_igmp_mac_filter(netif, function) do { if((netif) != NULL) { (netif)->igmp_mac_filter = function; }}while(0)
+#define netif_get_igmp_mac_filter(netif) (((netif) != NULL) ? ((netif)->igmp_mac_filter) : NULL)
+#endif /* LWIP_IGMP */
+
+#if ENABLE_LOOPBACK
+err_t netif_loop_output(struct netif *netif, struct pbuf *p, ip_addr_t *dest_ip);
+void netif_poll(struct netif *netif);
+#if !LWIP_NETIF_LOOPBACK_MULTITHREADING
+void netif_poll_all(void);
+#endif /* !LWIP_NETIF_LOOPBACK_MULTITHREADING */
+#endif /* ENABLE_LOOPBACK */
+
+#if LWIP_IPV6
+#define netif_ip6_addr(netif, i)  (&((netif)->ip6_addr[(i)]))
+#define netif_ip6_addr_state(netif, i)  ((netif)->ip6_addr_state[(i)])
+#define netif_ip6_addr_set_state(netif, i, state)  ((netif)->ip6_addr_state[(i)] = (state))
+s8_t netif_matches_ip6_addr(struct netif * netif, ip6_addr_t * ip6addr);
+void netif_create_ip6_linklocal_address(struct netif * netif, u8_t from_mac_48bit);
+#endif /* LWIP_IPV6 */
+
+#if LWIP_NETIF_HWADDRHINT
+#define NETIF_SET_HWADDRHINT(netif, hint) ((netif)->addr_hint = (hint))
+#else /* LWIP_NETIF_HWADDRHINT */
+#define NETIF_SET_HWADDRHINT(netif, hint)
+#endif /* LWIP_NETIF_HWADDRHINT */
+
+#ifdef __cplusplus
+}
+#endif
+
+#endif /* __LWIP_NETIF_H__ */
diff --git a/client/3rd/PacketProcessor/PacketProcessor/tun2socks-iOS/lwip/src/include/lwip/netifapi.h b/client/3rd/PacketProcessor/PacketProcessor/tun2socks-iOS/lwip/src/include/lwip/netifapi.h
new file mode 100644
index 00000000..33318efa
--- /dev/null
+++ b/client/3rd/PacketProcessor/PacketProcessor/tun2socks-iOS/lwip/src/include/lwip/netifapi.h
@@ -0,0 +1,108 @@
+/*
+ * Redistribution and use in source and binary forms, with or without modification, 
+ * are permitted provided that the following conditions are met:
+ *
+ * 1. Redistributions of source code must retain the above copyright notice,
+ *    this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright notice,
+ *    this list of conditions and the following disclaimer in the documentation
+ *    and/or other materials provided with the distribution.
+ * 3. The name of the author may not be used to endorse or promote products
+ *    derived from this software without specific prior written permission. 
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE AUTHOR ``AS IS'' AND ANY EXPRESS OR IMPLIED 
+ * WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF 
+ * MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT 
+ * SHALL THE AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, 
+ * EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT 
+ * OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS 
+ * INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN 
+ * CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING 
+ * IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY 
+ * OF SUCH DAMAGE.
+ *
+ * This file is part of the lwIP TCP/IP stack.
+ * 
+ */
+ 
+#ifndef __LWIP_NETIFAPI_H__
+#define __LWIP_NETIFAPI_H__
+
+#include "lwip/opt.h"
+
+#if LWIP_NETIF_API /* don't build if not configured for use in lwipopts.h */
+
+#include "lwip/sys.h"
+#include "lwip/netif.h"
+#include "lwip/dhcp.h"
+#include "lwip/autoip.h"
+
+#ifdef __cplusplus
+extern "C" {
+#endif
+
+typedef void (*netifapi_void_fn)(struct netif *netif);
+typedef err_t (*netifapi_errt_fn)(struct netif *netif);
+
+struct netifapi_msg_msg {
+#if !LWIP_TCPIP_CORE_LOCKING
+  sys_sem_t sem;
+#endif /* !LWIP_TCPIP_CORE_LOCKING */
+  err_t err;
+  struct netif *netif;
+  union {
+    struct {
+      ip_addr_t *ipaddr;
+      ip_addr_t *netmask;
+      ip_addr_t *gw;
+      void *state;
+      netif_init_fn init;
+      netif_input_fn input;
+    } add;
+    struct {
+      netifapi_void_fn voidfunc;
+      netifapi_errt_fn errtfunc;
+    } common;
+  } msg;
+};
+
+struct netifapi_msg {
+  void (* function)(struct netifapi_msg_msg *msg);
+  struct netifapi_msg_msg msg;
+};
+
+
+/* API for application */
+err_t netifapi_netif_add       ( struct netif *netif,
+                                 ip_addr_t *ipaddr,
+                                 ip_addr_t *netmask,
+                                 ip_addr_t *gw,
+                                 void *state,
+                                 netif_init_fn init,
+                                 netif_input_fn input);
+
+err_t netifapi_netif_set_addr  ( struct netif *netif,
+                                 ip_addr_t *ipaddr,
+                                 ip_addr_t *netmask,
+                                 ip_addr_t *gw );
+
+err_t netifapi_netif_common    ( struct netif *netif,
+                                 netifapi_void_fn voidfunc,
+                                 netifapi_errt_fn errtfunc);
+
+#define netifapi_netif_remove(n)      netifapi_netif_common(n, netif_remove, NULL)
+#define netifapi_netif_set_up(n)      netifapi_netif_common(n, netif_set_up, NULL)
+#define netifapi_netif_set_down(n)    netifapi_netif_common(n, netif_set_down, NULL)
+#define netifapi_netif_set_default(n) netifapi_netif_common(n, netif_set_default, NULL)
+#define netifapi_dhcp_start(n)        netifapi_netif_common(n, NULL, dhcp_start)
+#define netifapi_dhcp_stop(n)         netifapi_netif_common(n, dhcp_stop, NULL)
+#define netifapi_autoip_start(n)      netifapi_netif_common(n, NULL, autoip_start)
+#define netifapi_autoip_stop(n)       netifapi_netif_common(n, NULL, autoip_stop)
+
+#ifdef __cplusplus
+}
+#endif
+
+#endif /* LWIP_NETIF_API */
+
+#endif /* __LWIP_NETIFAPI_H__ */
diff --git a/client/3rd/PacketProcessor/PacketProcessor/tun2socks-iOS/lwip/src/include/lwip/opt.h b/client/3rd/PacketProcessor/PacketProcessor/tun2socks-iOS/lwip/src/include/lwip/opt.h
new file mode 100644
index 00000000..e51f8e55
--- /dev/null
+++ b/client/3rd/PacketProcessor/PacketProcessor/tun2socks-iOS/lwip/src/include/lwip/opt.h
@@ -0,0 +1,2417 @@
+/**
+ * @file
+ *
+ * lwIP Options Configuration
+ */
+
+/*
+ * Copyright (c) 2001-2004 Swedish Institute of Computer Science.
+ * All rights reserved. 
+ * 
+ * Redistribution and use in source and binary forms, with or without modification, 
+ * are permitted provided that the following conditions are met:
+ *
+ * 1. Redistributions of source code must retain the above copyright notice,
+ *    this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright notice,
+ *    this list of conditions and the following disclaimer in the documentation
+ *    and/or other materials provided with the distribution.
+ * 3. The name of the author may not be used to endorse or promote products
+ *    derived from this software without specific prior written permission. 
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE AUTHOR ``AS IS'' AND ANY EXPRESS OR IMPLIED 
+ * WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF 
+ * MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT 
+ * SHALL THE AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, 
+ * EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT 
+ * OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS 
+ * INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN 
+ * CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING 
+ * IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY 
+ * OF SUCH DAMAGE.
+ *
+ * This file is part of the lwIP TCP/IP stack.
+ * 
+ * Author: Adam Dunkels <adam@sics.se>
+ *
+ */
+#ifndef __LWIP_OPT_H__
+#define __LWIP_OPT_H__
+
+/*
+ * Include user defined options first. Anything not defined in these files
+ * will be set to standard values. Override anything you dont like!
+ */
+#include "lwipopts.h"
+#include "lwip/debug.h"
+
+/*
+   -----------------------------------------------
+   ---------- Platform specific locking ----------
+   -----------------------------------------------
+*/
+
+/**
+ * SYS_LIGHTWEIGHT_PROT==1: if you want inter-task protection for certain
+ * critical regions during buffer allocation, deallocation and memory
+ * allocation and deallocation.
+ */
+#ifndef SYS_LIGHTWEIGHT_PROT
+#define SYS_LIGHTWEIGHT_PROT            0
+#endif
+
+/** 
+ * NO_SYS==1: Provides VERY minimal functionality. Otherwise,
+ * use lwIP facilities.
+ */
+#ifndef NO_SYS
+#define NO_SYS                          0
+#endif
+
+/**
+ * NO_SYS_NO_TIMERS==1: Drop support for sys_timeout when NO_SYS==1
+ * Mainly for compatibility to old versions.
+ */
+#ifndef NO_SYS_NO_TIMERS
+#define NO_SYS_NO_TIMERS                0
+#endif
+
+/**
+ * MEMCPY: override this if you have a faster implementation at hand than the
+ * one included in your C library
+ */
+#ifndef MEMCPY
+#define MEMCPY(dst,src,len)             memcpy(dst,src,len)
+#endif
+
+/**
+ * SMEMCPY: override this with care! Some compilers (e.g. gcc) can inline a
+ * call to memcpy() if the length is known at compile time and is small.
+ */
+#ifndef SMEMCPY
+#define SMEMCPY(dst,src,len)            memcpy(dst,src,len)
+#endif
+
+/*
+   ------------------------------------
+   ---------- Memory options ----------
+   ------------------------------------
+*/
+/**
+ * MEM_LIBC_MALLOC==1: Use malloc/free/realloc provided by your C-library
+ * instead of the lwip internal allocator. Can save code size if you
+ * already use it.
+ */
+#ifndef MEM_LIBC_MALLOC
+#define MEM_LIBC_MALLOC                 0
+#endif
+
+/**
+* MEMP_MEM_MALLOC==1: Use mem_malloc/mem_free instead of the lwip pool allocator.
+* Especially useful with MEM_LIBC_MALLOC but handle with care regarding execution
+* speed and usage from interrupts!
+*/
+#ifndef MEMP_MEM_MALLOC
+#define MEMP_MEM_MALLOC                 0
+#endif
+
+/**
+ * MEM_ALIGNMENT: should be set to the alignment of the CPU
+ *    4 byte alignment -> #define MEM_ALIGNMENT 4
+ *    2 byte alignment -> #define MEM_ALIGNMENT 2
+ */
+#ifndef MEM_ALIGNMENT
+#define MEM_ALIGNMENT                   1
+#endif
+
+/**
+ * MEM_SIZE: the size of the heap memory. If the application will send
+ * a lot of data that needs to be copied, this should be set high.
+ */
+#ifndef MEM_SIZE
+#define MEM_SIZE                        1600
+#endif
+
+/**
+ * MEMP_SEPARATE_POOLS: if defined to 1, each pool is placed in its own array.
+ * This can be used to individually change the location of each pool.
+ * Default is one big array for all pools
+ */
+#ifndef MEMP_SEPARATE_POOLS
+#define MEMP_SEPARATE_POOLS             0
+#endif
+
+/**
+ * MEMP_OVERFLOW_CHECK: memp overflow protection reserves a configurable
+ * amount of bytes before and after each memp element in every pool and fills
+ * it with a prominent default value.
+ *    MEMP_OVERFLOW_CHECK == 0 no checking
+ *    MEMP_OVERFLOW_CHECK == 1 checks each element when it is freed
+ *    MEMP_OVERFLOW_CHECK >= 2 checks each element in every pool every time
+ *      memp_malloc() or memp_free() is called (useful but slow!)
+ */
+#ifndef MEMP_OVERFLOW_CHECK
+#define MEMP_OVERFLOW_CHECK             0
+#endif
+
+/**
+ * MEMP_SANITY_CHECK==1: run a sanity check after each memp_free() to make
+ * sure that there are no cycles in the linked lists.
+ */
+#ifndef MEMP_SANITY_CHECK
+#define MEMP_SANITY_CHECK               0
+#endif
+
+/**
+ * MEM_USE_POOLS==1: Use an alternative to malloc() by allocating from a set
+ * of memory pools of various sizes. When mem_malloc is called, an element of
+ * the smallest pool that can provide the length needed is returned.
+ * To use this, MEMP_USE_CUSTOM_POOLS also has to be enabled.
+ */
+#ifndef MEM_USE_POOLS
+#define MEM_USE_POOLS                   0
+#endif
+
+/**
+ * MEM_USE_POOLS_TRY_BIGGER_POOL==1: if one malloc-pool is empty, try the next
+ * bigger pool - WARNING: THIS MIGHT WASTE MEMORY but it can make a system more
+ * reliable. */
+#ifndef MEM_USE_POOLS_TRY_BIGGER_POOL
+#define MEM_USE_POOLS_TRY_BIGGER_POOL   0
+#endif
+
+/**
+ * MEMP_USE_CUSTOM_POOLS==1: whether to include a user file lwippools.h
+ * that defines additional pools beyond the "standard" ones required
+ * by lwIP. If you set this to 1, you must have lwippools.h in your 
+ * inlude path somewhere. 
+ */
+#ifndef MEMP_USE_CUSTOM_POOLS
+#define MEMP_USE_CUSTOM_POOLS           0
+#endif
+
+/**
+ * Set this to 1 if you want to free PBUF_RAM pbufs (or call mem_free()) from
+ * interrupt context (or another context that doesn't allow waiting for a
+ * semaphore).
+ * If set to 1, mem_malloc will be protected by a semaphore and SYS_ARCH_PROTECT,
+ * while mem_free will only use SYS_ARCH_PROTECT. mem_malloc SYS_ARCH_UNPROTECTs
+ * with each loop so that mem_free can run.
+ *
+ * ATTENTION: As you can see from the above description, this leads to dis-/
+ * enabling interrupts often, which can be slow! Also, on low memory, mem_malloc
+ * can need longer.
+ *
+ * If you don't want that, at least for NO_SYS=0, you can still use the following
+ * functions to enqueue a deallocation call which then runs in the tcpip_thread
+ * context:
+ * - pbuf_free_callback(p);
+ * - mem_free_callback(m);
+ */
+#ifndef LWIP_ALLOW_MEM_FREE_FROM_OTHER_CONTEXT
+#define LWIP_ALLOW_MEM_FREE_FROM_OTHER_CONTEXT 0
+#endif
+
+/*
+   ------------------------------------------------
+   ---------- Internal Memory Pool Sizes ----------
+   ------------------------------------------------
+*/
+/**
+ * MEMP_NUM_PBUF: the number of memp struct pbufs (used for PBUF_ROM and PBUF_REF).
+ * If the application sends a lot of data out of ROM (or other static memory),
+ * this should be set high.
+ */
+#ifndef MEMP_NUM_PBUF
+#define MEMP_NUM_PBUF                   16
+#endif
+
+/**
+ * MEMP_NUM_RAW_PCB: Number of raw connection PCBs
+ * (requires the LWIP_RAW option)
+ */
+#ifndef MEMP_NUM_RAW_PCB
+#define MEMP_NUM_RAW_PCB                4
+#endif
+
+/**
+ * MEMP_NUM_UDP_PCB: the number of UDP protocol control blocks. One
+ * per active UDP "connection".
+ * (requires the LWIP_UDP option)
+ */
+#ifndef MEMP_NUM_UDP_PCB
+#define MEMP_NUM_UDP_PCB                4
+#endif
+
+/**
+ * MEMP_NUM_TCP_PCB: the number of simulatenously active TCP connections.
+ * (requires the LWIP_TCP option)
+ */
+#ifndef MEMP_NUM_TCP_PCB
+#define MEMP_NUM_TCP_PCB                5
+#endif
+
+/**
+ * MEMP_NUM_TCP_PCB_LISTEN: the number of listening TCP connections.
+ * (requires the LWIP_TCP option)
+ */
+#ifndef MEMP_NUM_TCP_PCB_LISTEN
+#define MEMP_NUM_TCP_PCB_LISTEN         8
+#endif
+
+/**
+ * MEMP_NUM_TCP_SEG: the number of simultaneously queued TCP segments.
+ * (requires the LWIP_TCP option)
+ */
+#ifndef MEMP_NUM_TCP_SEG
+#define MEMP_NUM_TCP_SEG                16
+#endif
+
+/**
+ * MEMP_NUM_REASSDATA: the number of IP packets simultaneously queued for
+ * reassembly (whole packets, not fragments!)
+ */
+#ifndef MEMP_NUM_REASSDATA
+#define MEMP_NUM_REASSDATA              5
+#endif
+
+/**
+ * MEMP_NUM_FRAG_PBUF: the number of IP fragments simultaneously sent
+ * (fragments, not whole packets!).
+ * This is only used with IP_FRAG_USES_STATIC_BUF==0 and
+ * LWIP_NETIF_TX_SINGLE_PBUF==0 and only has to be > 1 with DMA-enabled MACs
+ * where the packet is not yet sent when netif->output returns.
+ */
+#ifndef MEMP_NUM_FRAG_PBUF
+#define MEMP_NUM_FRAG_PBUF              15
+#endif
+
+/**
+ * MEMP_NUM_ARP_QUEUE: the number of simulateously queued outgoing
+ * packets (pbufs) that are waiting for an ARP request (to resolve
+ * their destination address) to finish.
+ * (requires the ARP_QUEUEING option)
+ */
+#ifndef MEMP_NUM_ARP_QUEUE
+#define MEMP_NUM_ARP_QUEUE              30
+#endif
+
+/**
+ * MEMP_NUM_IGMP_GROUP: The number of multicast groups whose network interfaces
+ * can be members et the same time (one per netif - allsystems group -, plus one
+ * per netif membership).
+ * (requires the LWIP_IGMP option)
+ */
+#ifndef MEMP_NUM_IGMP_GROUP
+#define MEMP_NUM_IGMP_GROUP             8
+#endif
+
+/**
+ * MEMP_NUM_SYS_TIMEOUT: the number of simulateously active timeouts.
+ * (requires NO_SYS==0)
+ * The default number of timeouts is calculated here for all enabled modules.
+ * The formula expects settings to be either '0' or '1'.
+ */
+#ifndef MEMP_NUM_SYS_TIMEOUT
+#define MEMP_NUM_SYS_TIMEOUT            (LWIP_TCP + IP_REASSEMBLY + LWIP_ARP + (2*LWIP_DHCP) + LWIP_AUTOIP + LWIP_IGMP + LWIP_DNS + PPP_SUPPORT + (LWIP_IPV6 ? (1 + LWIP_IPV6_REASS + LWIP_IPV6_MLD) : 0))
+#endif
+
+/**
+ * MEMP_NUM_NETBUF: the number of struct netbufs.
+ * (only needed if you use the sequential API, like api_lib.c)
+ */
+#ifndef MEMP_NUM_NETBUF
+#define MEMP_NUM_NETBUF                 2
+#endif
+
+/**
+ * MEMP_NUM_NETCONN: the number of struct netconns.
+ * (only needed if you use the sequential API, like api_lib.c)
+ */
+#ifndef MEMP_NUM_NETCONN
+#define MEMP_NUM_NETCONN                4
+#endif
+
+/**
+ * MEMP_NUM_TCPIP_MSG_API: the number of struct tcpip_msg, which are used
+ * for callback/timeout API communication. 
+ * (only needed if you use tcpip.c)
+ */
+#ifndef MEMP_NUM_TCPIP_MSG_API
+#define MEMP_NUM_TCPIP_MSG_API          8
+#endif
+
+/**
+ * MEMP_NUM_TCPIP_MSG_INPKT: the number of struct tcpip_msg, which are used
+ * for incoming packets. 
+ * (only needed if you use tcpip.c)
+ */
+#ifndef MEMP_NUM_TCPIP_MSG_INPKT
+#define MEMP_NUM_TCPIP_MSG_INPKT        8
+#endif
+
+/**
+ * MEMP_NUM_SNMP_NODE: the number of leafs in the SNMP tree.
+ */
+#ifndef MEMP_NUM_SNMP_NODE
+#define MEMP_NUM_SNMP_NODE              50
+#endif
+
+/**
+ * MEMP_NUM_SNMP_ROOTNODE: the number of branches in the SNMP tree.
+ * Every branch has one leaf (MEMP_NUM_SNMP_NODE) at least!
+ */
+#ifndef MEMP_NUM_SNMP_ROOTNODE
+#define MEMP_NUM_SNMP_ROOTNODE          30
+#endif
+
+/**
+ * MEMP_NUM_SNMP_VARBIND: the number of concurrent requests (does not have to
+ * be changed normally) - 2 of these are used per request (1 for input,
+ * 1 for output)
+ */
+#ifndef MEMP_NUM_SNMP_VARBIND
+#define MEMP_NUM_SNMP_VARBIND           2
+#endif
+
+/**
+ * MEMP_NUM_SNMP_VALUE: the number of OID or values concurrently used
+ * (does not have to be changed normally) - 3 of these are used per request
+ * (1 for the value read and 2 for OIDs - input and output)
+ */
+#ifndef MEMP_NUM_SNMP_VALUE
+#define MEMP_NUM_SNMP_VALUE             3
+#endif
+
+/**
+ * MEMP_NUM_NETDB: the number of concurrently running lwip_addrinfo() calls
+ * (before freeing the corresponding memory using lwip_freeaddrinfo()).
+ */
+#ifndef MEMP_NUM_NETDB
+#define MEMP_NUM_NETDB                  1
+#endif
+
+/**
+ * MEMP_NUM_LOCALHOSTLIST: the number of host entries in the local host list
+ * if DNS_LOCAL_HOSTLIST_IS_DYNAMIC==1.
+ */
+#ifndef MEMP_NUM_LOCALHOSTLIST
+#define MEMP_NUM_LOCALHOSTLIST          1
+#endif
+
+/**
+ * MEMP_NUM_PPPOE_INTERFACES: the number of concurrently active PPPoE
+ * interfaces (only used with PPPOE_SUPPORT==1)
+ */
+#ifndef MEMP_NUM_PPPOE_INTERFACES
+#define MEMP_NUM_PPPOE_INTERFACES       1
+#endif
+
+/**
+ * PBUF_POOL_SIZE: the number of buffers in the pbuf pool. 
+ */
+#ifndef PBUF_POOL_SIZE
+#define PBUF_POOL_SIZE                  16
+#endif
+
+/*
+   ---------------------------------
+   ---------- ARP options ----------
+   ---------------------------------
+*/
+/**
+ * LWIP_ARP==1: Enable ARP functionality.
+ */
+#ifndef LWIP_ARP
+#define LWIP_ARP                        1
+#endif
+
+/**
+ * ARP_TABLE_SIZE: Number of active MAC-IP address pairs cached.
+ */
+#ifndef ARP_TABLE_SIZE
+#define ARP_TABLE_SIZE                  10
+#endif
+
+/**
+ * ARP_QUEUEING==1: Multiple outgoing packets are queued during hardware address
+ * resolution. By default, only the most recent packet is queued per IP address.
+ * This is sufficient for most protocols and mainly reduces TCP connection
+ * startup time. Set this to 1 if you know your application sends more than one
+ * packet in a row to an IP address that is not in the ARP cache.
+ */
+#ifndef ARP_QUEUEING
+#define ARP_QUEUEING                    0
+#endif
+
+/**
+ * ETHARP_TRUST_IP_MAC==1: Incoming IP packets cause the ARP table to be
+ * updated with the source MAC and IP addresses supplied in the packet.
+ * You may want to disable this if you do not trust LAN peers to have the
+ * correct addresses, or as a limited approach to attempt to handle
+ * spoofing. If disabled, lwIP will need to make a new ARP request if
+ * the peer is not already in the ARP table, adding a little latency.
+ * The peer *is* in the ARP table if it requested our address before.
+ * Also notice that this slows down input processing of every IP packet!
+ */
+#ifndef ETHARP_TRUST_IP_MAC
+#define ETHARP_TRUST_IP_MAC             0
+#endif
+
+/**
+ * ETHARP_SUPPORT_VLAN==1: support receiving ethernet packets with VLAN header.
+ * Additionally, you can define ETHARP_VLAN_CHECK to an u16_t VLAN ID to check.
+ * If ETHARP_VLAN_CHECK is defined, only VLAN-traffic for this VLAN is accepted.
+ * If ETHARP_VLAN_CHECK is not defined, all traffic is accepted.
+ * Alternatively, define a function/define ETHARP_VLAN_CHECK_FN(eth_hdr, vlan)
+ * that returns 1 to accept a packet or 0 to drop a packet.
+ */
+#ifndef ETHARP_SUPPORT_VLAN
+#define ETHARP_SUPPORT_VLAN             0
+#endif
+
+/** LWIP_ETHERNET==1: enable ethernet support for PPPoE even though ARP
+ * might be disabled
+ */
+#ifndef LWIP_ETHERNET
+#define LWIP_ETHERNET                   (LWIP_ARP || PPPOE_SUPPORT)
+#endif
+
+/** ETH_PAD_SIZE: number of bytes added before the ethernet header to ensure
+ * alignment of payload after that header. Since the header is 14 bytes long,
+ * without this padding e.g. addresses in the IP header will not be aligned
+ * on a 32-bit boundary, so setting this to 2 can speed up 32-bit-platforms.
+ */
+#ifndef ETH_PAD_SIZE
+#define ETH_PAD_SIZE                    0
+#endif
+
+/** ETHARP_SUPPORT_STATIC_ENTRIES==1: enable code to support static ARP table
+ * entries (using etharp_add_static_entry/etharp_remove_static_entry).
+ */
+#ifndef ETHARP_SUPPORT_STATIC_ENTRIES
+#define ETHARP_SUPPORT_STATIC_ENTRIES   0
+#endif
+
+
+/*
+   --------------------------------
+   ---------- IP options ----------
+   --------------------------------
+*/
+/**
+ * IP_FORWARD==1: Enables the ability to forward IP packets across network
+ * interfaces. If you are going to run lwIP on a device with only one network
+ * interface, define this to 0.
+ */
+#ifndef IP_FORWARD
+#define IP_FORWARD                      0
+#endif
+
+/**
+ * IP_OPTIONS_ALLOWED: Defines the behavior for IP options.
+ *      IP_OPTIONS_ALLOWED==0: All packets with IP options are dropped.
+ *      IP_OPTIONS_ALLOWED==1: IP options are allowed (but not parsed).
+ */
+#ifndef IP_OPTIONS_ALLOWED
+#define IP_OPTIONS_ALLOWED              1
+#endif
+
+/**
+ * IP_REASSEMBLY==1: Reassemble incoming fragmented IP packets. Note that
+ * this option does not affect outgoing packet sizes, which can be controlled
+ * via IP_FRAG.
+ */
+#ifndef IP_REASSEMBLY
+#define IP_REASSEMBLY                   1
+#endif
+
+/**
+ * IP_FRAG==1: Fragment outgoing IP packets if their size exceeds MTU. Note
+ * that this option does not affect incoming packet sizes, which can be
+ * controlled via IP_REASSEMBLY.
+ */
+#ifndef IP_FRAG
+#define IP_FRAG                         1
+#endif
+
+/**
+ * IP_REASS_MAXAGE: Maximum time (in multiples of IP_TMR_INTERVAL - so seconds, normally)
+ * a fragmented IP packet waits for all fragments to arrive. If not all fragments arrived
+ * in this time, the whole packet is discarded.
+ */
+#ifndef IP_REASS_MAXAGE
+#define IP_REASS_MAXAGE                 3
+#endif
+
+/**
+ * IP_REASS_MAX_PBUFS: Total maximum amount of pbufs waiting to be reassembled.
+ * Since the received pbufs are enqueued, be sure to configure
+ * PBUF_POOL_SIZE > IP_REASS_MAX_PBUFS so that the stack is still able to receive
+ * packets even if the maximum amount of fragments is enqueued for reassembly!
+ */
+#ifndef IP_REASS_MAX_PBUFS
+#define IP_REASS_MAX_PBUFS              10
+#endif
+
+/**
+ * IP_FRAG_USES_STATIC_BUF==1: Use a static MTU-sized buffer for IP
+ * fragmentation. Otherwise pbufs are allocated and reference the original
+ * packet data to be fragmented (or with LWIP_NETIF_TX_SINGLE_PBUF==1,
+ * new PBUF_RAM pbufs are used for fragments).
+ * ATTENTION: IP_FRAG_USES_STATIC_BUF==1 may not be used for DMA-enabled MACs!
+ */
+#ifndef IP_FRAG_USES_STATIC_BUF
+#define IP_FRAG_USES_STATIC_BUF         0
+#endif
+
+/**
+ * IP_FRAG_MAX_MTU: Assumed max MTU on any interface for IP frag buffer
+ * (requires IP_FRAG_USES_STATIC_BUF==1)
+ */
+#if IP_FRAG_USES_STATIC_BUF && !defined(IP_FRAG_MAX_MTU)
+#define IP_FRAG_MAX_MTU                 1500
+#endif
+
+/**
+ * IP_DEFAULT_TTL: Default value for Time-To-Live used by transport layers.
+ */
+#ifndef IP_DEFAULT_TTL
+#define IP_DEFAULT_TTL                  255
+#endif
+
+/**
+ * IP_SOF_BROADCAST=1: Use the SOF_BROADCAST field to enable broadcast
+ * filter per pcb on udp and raw send operations. To enable broadcast filter
+ * on recv operations, you also have to set IP_SOF_BROADCAST_RECV=1.
+ */
+#ifndef IP_SOF_BROADCAST
+#define IP_SOF_BROADCAST                0
+#endif
+
+/**
+ * IP_SOF_BROADCAST_RECV (requires IP_SOF_BROADCAST=1) enable the broadcast
+ * filter on recv operations.
+ */
+#ifndef IP_SOF_BROADCAST_RECV
+#define IP_SOF_BROADCAST_RECV           0
+#endif
+
+/**
+ * IP_FORWARD_ALLOW_TX_ON_RX_NETIF==1: allow ip_forward() to send packets back
+ * out on the netif where it was received. This should only be used for
+ * wireless networks.
+ * ATTENTION: When this is 1, make sure your netif driver correctly marks incoming
+ * link-layer-broadcast/multicast packets as such using the corresponding pbuf flags!
+ */
+#ifndef IP_FORWARD_ALLOW_TX_ON_RX_NETIF
+#define IP_FORWARD_ALLOW_TX_ON_RX_NETIF 0
+#endif
+
+/**
+ * LWIP_RANDOMIZE_INITIAL_LOCAL_PORTS==1: randomize the local port for the first
+ * local TCP/UDP pcb (default==0). This can prevent creating predictable port
+ * numbers after booting a device.
+ */
+#ifndef LWIP_RANDOMIZE_INITIAL_LOCAL_PORTS
+#define LWIP_RANDOMIZE_INITIAL_LOCAL_PORTS 0
+#endif
+
+/*
+   ----------------------------------
+   ---------- ICMP options ----------
+   ----------------------------------
+*/
+/**
+ * LWIP_ICMP==1: Enable ICMP module inside the IP stack.
+ * Be careful, disable that make your product non-compliant to RFC1122
+ */
+#ifndef LWIP_ICMP
+#define LWIP_ICMP                       1
+#endif
+
+/**
+ * ICMP_TTL: Default value for Time-To-Live used by ICMP packets.
+ */
+#ifndef ICMP_TTL
+#define ICMP_TTL                       (IP_DEFAULT_TTL)
+#endif
+
+/**
+ * LWIP_BROADCAST_PING==1: respond to broadcast pings (default is unicast only)
+ */
+#ifndef LWIP_BROADCAST_PING
+#define LWIP_BROADCAST_PING             0
+#endif
+
+/**
+ * LWIP_MULTICAST_PING==1: respond to multicast pings (default is unicast only)
+ */
+#ifndef LWIP_MULTICAST_PING
+#define LWIP_MULTICAST_PING             0
+#endif
+
+/*
+   ---------------------------------
+   ---------- RAW options ----------
+   ---------------------------------
+*/
+/**
+ * LWIP_RAW==1: Enable application layer to hook into the IP layer itself.
+ */
+#ifndef LWIP_RAW
+#define LWIP_RAW                        1
+#endif
+
+/**
+ * LWIP_RAW==1: Enable application layer to hook into the IP layer itself.
+ */
+#ifndef RAW_TTL
+#define RAW_TTL                        (IP_DEFAULT_TTL)
+#endif
+
+/*
+   ----------------------------------
+   ---------- DHCP options ----------
+   ----------------------------------
+*/
+/**
+ * LWIP_DHCP==1: Enable DHCP module.
+ */
+#ifndef LWIP_DHCP
+#define LWIP_DHCP                       0
+#endif
+
+/**
+ * DHCP_DOES_ARP_CHECK==1: Do an ARP check on the offered address.
+ */
+#ifndef DHCP_DOES_ARP_CHECK
+#define DHCP_DOES_ARP_CHECK             ((LWIP_DHCP) && (LWIP_ARP))
+#endif
+
+/*
+   ------------------------------------
+   ---------- AUTOIP options ----------
+   ------------------------------------
+*/
+/**
+ * LWIP_AUTOIP==1: Enable AUTOIP module.
+ */
+#ifndef LWIP_AUTOIP
+#define LWIP_AUTOIP                     0
+#endif
+
+/**
+ * LWIP_DHCP_AUTOIP_COOP==1: Allow DHCP and AUTOIP to be both enabled on
+ * the same interface at the same time.
+ */
+#ifndef LWIP_DHCP_AUTOIP_COOP
+#define LWIP_DHCP_AUTOIP_COOP           0
+#endif
+
+/**
+ * LWIP_DHCP_AUTOIP_COOP_TRIES: Set to the number of DHCP DISCOVER probes
+ * that should be sent before falling back on AUTOIP. This can be set
+ * as low as 1 to get an AutoIP address very quickly, but you should
+ * be prepared to handle a changing IP address when DHCP overrides
+ * AutoIP.
+ */
+#ifndef LWIP_DHCP_AUTOIP_COOP_TRIES
+#define LWIP_DHCP_AUTOIP_COOP_TRIES     9
+#endif
+
+/*
+   ----------------------------------
+   ---------- SNMP options ----------
+   ----------------------------------
+*/
+/**
+ * LWIP_SNMP==1: Turn on SNMP module. UDP must be available for SNMP
+ * transport.
+ */
+#ifndef LWIP_SNMP
+#define LWIP_SNMP                       0
+#endif
+
+/**
+ * SNMP_CONCURRENT_REQUESTS: Number of concurrent requests the module will
+ * allow. At least one request buffer is required.
+ * Does not have to be changed unless external MIBs answer request asynchronously
+ */
+#ifndef SNMP_CONCURRENT_REQUESTS
+#define SNMP_CONCURRENT_REQUESTS        1
+#endif
+
+/**
+ * SNMP_TRAP_DESTINATIONS: Number of trap destinations. At least one trap
+ * destination is required
+ */
+#ifndef SNMP_TRAP_DESTINATIONS
+#define SNMP_TRAP_DESTINATIONS          1
+#endif
+
+/**
+ * SNMP_PRIVATE_MIB: 
+ * When using a private MIB, you have to create a file 'private_mib.h' that contains
+ * a 'struct mib_array_node mib_private' which contains your MIB.
+ */
+#ifndef SNMP_PRIVATE_MIB
+#define SNMP_PRIVATE_MIB                0
+#endif
+
+/**
+ * Only allow SNMP write actions that are 'safe' (e.g. disabeling netifs is not
+ * a safe action and disabled when SNMP_SAFE_REQUESTS = 1).
+ * Unsafe requests are disabled by default!
+ */
+#ifndef SNMP_SAFE_REQUESTS
+#define SNMP_SAFE_REQUESTS              1
+#endif
+
+/**
+ * The maximum length of strings used. This affects the size of
+ * MEMP_SNMP_VALUE elements.
+ */
+#ifndef SNMP_MAX_OCTET_STRING_LEN
+#define SNMP_MAX_OCTET_STRING_LEN       127
+#endif
+
+/**
+ * The maximum depth of the SNMP tree.
+ * With private MIBs enabled, this depends on your MIB!
+ * This affects the size of MEMP_SNMP_VALUE elements.
+ */
+#ifndef SNMP_MAX_TREE_DEPTH
+#define SNMP_MAX_TREE_DEPTH             15
+#endif
+
+/**
+ * The size of the MEMP_SNMP_VALUE elements, normally calculated from
+ * SNMP_MAX_OCTET_STRING_LEN and SNMP_MAX_TREE_DEPTH.
+ */
+#ifndef SNMP_MAX_VALUE_SIZE
+#define SNMP_MAX_VALUE_SIZE             LWIP_MAX((SNMP_MAX_OCTET_STRING_LEN)+1, sizeof(s32_t)*(SNMP_MAX_TREE_DEPTH))
+#endif
+
+/*
+   ----------------------------------
+   ---------- IGMP options ----------
+   ----------------------------------
+*/
+/**
+ * LWIP_IGMP==1: Turn on IGMP module. 
+ */
+#ifndef LWIP_IGMP
+#define LWIP_IGMP                       0
+#endif
+
+/*
+   ----------------------------------
+   ---------- DNS options -----------
+   ----------------------------------
+*/
+/**
+ * LWIP_DNS==1: Turn on DNS module. UDP must be available for DNS
+ * transport.
+ */
+#ifndef LWIP_DNS
+#define LWIP_DNS                        0
+#endif
+
+/** DNS maximum number of entries to maintain locally. */
+#ifndef DNS_TABLE_SIZE
+#define DNS_TABLE_SIZE                  4
+#endif
+
+/** DNS maximum host name length supported in the name table. */
+#ifndef DNS_MAX_NAME_LENGTH
+#define DNS_MAX_NAME_LENGTH             256
+#endif
+
+/** The maximum of DNS servers */
+#ifndef DNS_MAX_SERVERS
+#define DNS_MAX_SERVERS                 2
+#endif
+
+/** DNS do a name checking between the query and the response. */
+#ifndef DNS_DOES_NAME_CHECK
+#define DNS_DOES_NAME_CHECK             1
+#endif
+
+/** DNS message max. size. Default value is RFC compliant. */
+#ifndef DNS_MSG_SIZE
+#define DNS_MSG_SIZE                    512
+#endif
+
+/** DNS_LOCAL_HOSTLIST: Implements a local host-to-address list. If enabled,
+ *  you have to define
+ *    #define DNS_LOCAL_HOSTLIST_INIT {{"host1", 0x123}, {"host2", 0x234}}
+ *  (an array of structs name/address, where address is an u32_t in network
+ *  byte order).
+ *
+ *  Instead, you can also use an external function:
+ *  #define DNS_LOOKUP_LOCAL_EXTERN(x) extern u32_t my_lookup_function(const char *name)
+ *  that returns the IP address or INADDR_NONE if not found.
+ */
+#ifndef DNS_LOCAL_HOSTLIST
+#define DNS_LOCAL_HOSTLIST              0
+#endif /* DNS_LOCAL_HOSTLIST */
+
+/** If this is turned on, the local host-list can be dynamically changed
+ *  at runtime. */
+#ifndef DNS_LOCAL_HOSTLIST_IS_DYNAMIC
+#define DNS_LOCAL_HOSTLIST_IS_DYNAMIC   0
+#endif /* DNS_LOCAL_HOSTLIST_IS_DYNAMIC */
+
+/*
+   ---------------------------------
+   ---------- UDP options ----------
+   ---------------------------------
+*/
+/**
+ * LWIP_UDP==1: Turn on UDP.
+ */
+#ifndef LWIP_UDP
+#define LWIP_UDP                        1
+#endif
+
+/**
+ * LWIP_UDPLITE==1: Turn on UDP-Lite. (Requires LWIP_UDP)
+ */
+#ifndef LWIP_UDPLITE
+#define LWIP_UDPLITE                    0
+#endif
+
+/**
+ * UDP_TTL: Default Time-To-Live value.
+ */
+#ifndef UDP_TTL
+#define UDP_TTL                         (IP_DEFAULT_TTL)
+#endif
+
+/**
+ * LWIP_NETBUF_RECVINFO==1: append destination addr and port to every netbuf.
+ */
+#ifndef LWIP_NETBUF_RECVINFO
+#define LWIP_NETBUF_RECVINFO            0
+#endif
+
+/*
+   ---------------------------------
+   ---------- TCP options ----------
+   ---------------------------------
+*/
+/**
+ * LWIP_TCP==1: Turn on TCP.
+ */
+#ifndef LWIP_TCP
+#define LWIP_TCP                        1
+#endif
+
+/**
+ * TCP_TTL: Default Time-To-Live value.
+ */
+#ifndef TCP_TTL
+#define TCP_TTL                         (IP_DEFAULT_TTL)
+#endif
+
+/**
+ * TCP_WND: The size of a TCP window.  This must be at least 
+ * (2 * TCP_MSS) for things to work well
+ */
+#ifndef TCP_WND
+#define TCP_WND                         (4 * TCP_MSS)
+#endif 
+
+/**
+ * TCP_MAXRTX: Maximum number of retransmissions of data segments.
+ */
+#ifndef TCP_MAXRTX
+#define TCP_MAXRTX                      12
+#endif
+
+/**
+ * TCP_SYNMAXRTX: Maximum number of retransmissions of SYN segments.
+ */
+#ifndef TCP_SYNMAXRTX
+#define TCP_SYNMAXRTX                   6
+#endif
+
+/**
+ * TCP_QUEUE_OOSEQ==1: TCP will queue segments that arrive out of order.
+ * Define to 0 if your device is low on memory.
+ */
+#ifndef TCP_QUEUE_OOSEQ
+#define TCP_QUEUE_OOSEQ                 (LWIP_TCP)
+#endif
+
+/**
+ * TCP_MSS: TCP Maximum segment size. (default is 536, a conservative default,
+ * you might want to increase this.)
+ * For the receive side, this MSS is advertised to the remote side
+ * when opening a connection. For the transmit size, this MSS sets
+ * an upper limit on the MSS advertised by the remote host.
+ */
+#ifndef TCP_MSS
+#define TCP_MSS                         536
+#endif
+
+/**
+ * TCP_CALCULATE_EFF_SEND_MSS: "The maximum size of a segment that TCP really
+ * sends, the 'effective send MSS,' MUST be the smaller of the send MSS (which
+ * reflects the available reassembly buffer size at the remote host) and the
+ * largest size permitted by the IP layer" (RFC 1122)
+ * Setting this to 1 enables code that checks TCP_MSS against the MTU of the
+ * netif used for a connection and limits the MSS if it would be too big otherwise.
+ */
+#ifndef TCP_CALCULATE_EFF_SEND_MSS
+#define TCP_CALCULATE_EFF_SEND_MSS      1
+#endif
+
+
+/**
+ * TCP_SND_BUF: TCP sender buffer space (bytes).
+ * To achieve good performance, this should be at least 2 * TCP_MSS.
+ */
+#ifndef TCP_SND_BUF
+#define TCP_SND_BUF                     (2 * TCP_MSS)
+#endif
+
+/**
+ * TCP_SND_QUEUELEN: TCP sender buffer space (pbufs). This must be at least
+ * as much as (2 * TCP_SND_BUF/TCP_MSS) for things to work.
+ */
+#ifndef TCP_SND_QUEUELEN
+#define TCP_SND_QUEUELEN                ((4 * (TCP_SND_BUF) + (TCP_MSS - 1))/(TCP_MSS))
+#endif
+
+/**
+ * TCP_SNDLOWAT: TCP writable space (bytes). This must be less than
+ * TCP_SND_BUF. It is the amount of space which must be available in the
+ * TCP snd_buf for select to return writable (combined with TCP_SNDQUEUELOWAT).
+ */
+#ifndef TCP_SNDLOWAT
+#define TCP_SNDLOWAT                    LWIP_MIN(LWIP_MAX(((TCP_SND_BUF)/2), (2 * TCP_MSS) + 1), (TCP_SND_BUF) - 1)
+#endif
+
+/**
+ * TCP_SNDQUEUELOWAT: TCP writable bufs (pbuf count). This must be less
+ * than TCP_SND_QUEUELEN. If the number of pbufs queued on a pcb drops below
+ * this number, select returns writable (combined with TCP_SNDLOWAT).
+ */
+#ifndef TCP_SNDQUEUELOWAT
+#define TCP_SNDQUEUELOWAT               LWIP_MAX(((TCP_SND_QUEUELEN)/2), 5)
+#endif
+
+/**
+ * TCP_OOSEQ_MAX_BYTES: The maximum number of bytes queued on ooseq per pcb.
+ * Default is 0 (no limit). Only valid for TCP_QUEUE_OOSEQ==0.
+ */
+#ifndef TCP_OOSEQ_MAX_BYTES
+#define TCP_OOSEQ_MAX_BYTES             0
+#endif
+
+/**
+ * TCP_OOSEQ_MAX_PBUFS: The maximum number of pbufs queued on ooseq per pcb.
+ * Default is 0 (no limit). Only valid for TCP_QUEUE_OOSEQ==0.
+ */
+#ifndef TCP_OOSEQ_MAX_PBUFS
+#define TCP_OOSEQ_MAX_PBUFS             0
+#endif
+
+/**
+ * TCP_LISTEN_BACKLOG: Enable the backlog option for tcp listen pcb.
+ */
+#ifndef TCP_LISTEN_BACKLOG
+#define TCP_LISTEN_BACKLOG              0
+#endif
+
+/**
+ * The maximum allowed backlog for TCP listen netconns.
+ * This backlog is used unless another is explicitly specified.
+ * 0xff is the maximum (u8_t).
+ */
+#ifndef TCP_DEFAULT_LISTEN_BACKLOG
+#define TCP_DEFAULT_LISTEN_BACKLOG      0xff
+#endif
+
+/**
+ * TCP_OVERSIZE: The maximum number of bytes that tcp_write may
+ * allocate ahead of time in an attempt to create shorter pbuf chains
+ * for transmission. The meaningful range is 0 to TCP_MSS. Some
+ * suggested values are:
+ *
+ * 0:         Disable oversized allocation. Each tcp_write() allocates a new
+              pbuf (old behaviour).
+ * 1:         Allocate size-aligned pbufs with minimal excess. Use this if your
+ *            scatter-gather DMA requires aligned fragments.
+ * 128:       Limit the pbuf/memory overhead to 20%.
+ * TCP_MSS:   Try to create unfragmented TCP packets.
+ * TCP_MSS/4: Try to create 4 fragments or less per TCP packet.
+ */
+#ifndef TCP_OVERSIZE
+#define TCP_OVERSIZE                    TCP_MSS
+#endif
+
+/**
+ * LWIP_TCP_TIMESTAMPS==1: support the TCP timestamp option.
+ */
+#ifndef LWIP_TCP_TIMESTAMPS
+#define LWIP_TCP_TIMESTAMPS             0
+#endif
+
+/**
+ * TCP_WND_UPDATE_THRESHOLD: difference in window to trigger an
+ * explicit window update
+ */
+#ifndef TCP_WND_UPDATE_THRESHOLD
+#define TCP_WND_UPDATE_THRESHOLD   (TCP_WND / 4)
+#endif
+
+/**
+ * LWIP_EVENT_API and LWIP_CALLBACK_API: Only one of these should be set to 1.
+ *     LWIP_EVENT_API==1: The user defines lwip_tcp_event() to receive all
+ *         events (accept, sent, etc) that happen in the system.
+ *     LWIP_CALLBACK_API==1: The PCB callback function is called directly
+ *         for the event. This is the default.
+ */
+#if !defined(LWIP_EVENT_API) && !defined(LWIP_CALLBACK_API)
+#define LWIP_EVENT_API                  0
+#define LWIP_CALLBACK_API               1
+#endif
+
+
+/*
+   ----------------------------------
+   ---------- Pbuf options ----------
+   ----------------------------------
+*/
+/**
+ * PBUF_LINK_HLEN: the number of bytes that should be allocated for a
+ * link level header. The default is 14, the standard value for
+ * Ethernet.
+ */
+#ifndef PBUF_LINK_HLEN
+#define PBUF_LINK_HLEN                  (14 + ETH_PAD_SIZE)
+#endif
+
+/**
+ * PBUF_POOL_BUFSIZE: the size of each pbuf in the pbuf pool. The default is
+ * designed to accomodate single full size TCP frame in one pbuf, including
+ * TCP_MSS, IP header, and link header.
+ */
+#ifndef PBUF_POOL_BUFSIZE
+#define PBUF_POOL_BUFSIZE               LWIP_MEM_ALIGN_SIZE(TCP_MSS+40+PBUF_LINK_HLEN)
+#endif
+
+/*
+   ------------------------------------------------
+   ---------- Network Interfaces options ----------
+   ------------------------------------------------
+*/
+/**
+ * LWIP_NETIF_HOSTNAME==1: use DHCP_OPTION_HOSTNAME with netif's hostname
+ * field.
+ */
+#ifndef LWIP_NETIF_HOSTNAME
+#define LWIP_NETIF_HOSTNAME             0
+#endif
+
+/**
+ * LWIP_NETIF_API==1: Support netif api (in netifapi.c)
+ */
+#ifndef LWIP_NETIF_API
+#define LWIP_NETIF_API                  0
+#endif
+
+/**
+ * LWIP_NETIF_STATUS_CALLBACK==1: Support a callback function whenever an interface
+ * changes its up/down status (i.e., due to DHCP IP acquistion)
+ */
+#ifndef LWIP_NETIF_STATUS_CALLBACK
+#define LWIP_NETIF_STATUS_CALLBACK      0
+#endif
+
+/**
+ * LWIP_NETIF_LINK_CALLBACK==1: Support a callback function from an interface
+ * whenever the link changes (i.e., link down)
+ */
+#ifndef LWIP_NETIF_LINK_CALLBACK
+#define LWIP_NETIF_LINK_CALLBACK        0
+#endif
+
+/**
+ * LWIP_NETIF_REMOVE_CALLBACK==1: Support a callback function that is called
+ * when a netif has been removed
+ */
+#ifndef LWIP_NETIF_REMOVE_CALLBACK
+#define LWIP_NETIF_REMOVE_CALLBACK      0
+#endif
+
+/**
+ * LWIP_NETIF_HWADDRHINT==1: Cache link-layer-address hints (e.g. table
+ * indices) in struct netif. TCP and UDP can make use of this to prevent
+ * scanning the ARP table for every sent packet. While this is faster for big
+ * ARP tables or many concurrent connections, it might be counterproductive
+ * if you have a tiny ARP table or if there never are concurrent connections.
+ */
+#ifndef LWIP_NETIF_HWADDRHINT
+#define LWIP_NETIF_HWADDRHINT           0
+#endif
+
+/**
+ * LWIP_NETIF_LOOPBACK==1: Support sending packets with a destination IP
+ * address equal to the netif IP address, looping them back up the stack.
+ */
+#ifndef LWIP_NETIF_LOOPBACK
+#define LWIP_NETIF_LOOPBACK             0
+#endif
+
+/**
+ * LWIP_LOOPBACK_MAX_PBUFS: Maximum number of pbufs on queue for loopback
+ * sending for each netif (0 = disabled)
+ */
+#ifndef LWIP_LOOPBACK_MAX_PBUFS
+#define LWIP_LOOPBACK_MAX_PBUFS         0
+#endif
+
+/**
+ * LWIP_NETIF_LOOPBACK_MULTITHREADING: Indicates whether threading is enabled in
+ * the system, as netifs must change how they behave depending on this setting
+ * for the LWIP_NETIF_LOOPBACK option to work.
+ * Setting this is needed to avoid reentering non-reentrant functions like
+ * tcp_input().
+ *    LWIP_NETIF_LOOPBACK_MULTITHREADING==1: Indicates that the user is using a
+ *       multithreaded environment like tcpip.c. In this case, netif->input()
+ *       is called directly.
+ *    LWIP_NETIF_LOOPBACK_MULTITHREADING==0: Indicates a polling (or NO_SYS) setup.
+ *       The packets are put on a list and netif_poll() must be called in
+ *       the main application loop.
+ */
+#ifndef LWIP_NETIF_LOOPBACK_MULTITHREADING
+#define LWIP_NETIF_LOOPBACK_MULTITHREADING    (!NO_SYS)
+#endif
+
+/**
+ * LWIP_NETIF_TX_SINGLE_PBUF: if this is set to 1, lwIP tries to put all data
+ * to be sent into one single pbuf. This is for compatibility with DMA-enabled
+ * MACs that do not support scatter-gather.
+ * Beware that this might involve CPU-memcpy before transmitting that would not
+ * be needed without this flag! Use this only if you need to!
+ *
+ * @todo: TCP and IP-frag do not work with this, yet:
+ */
+#ifndef LWIP_NETIF_TX_SINGLE_PBUF
+#define LWIP_NETIF_TX_SINGLE_PBUF             0
+#endif /* LWIP_NETIF_TX_SINGLE_PBUF */
+
+/*
+   ------------------------------------
+   ---------- LOOPIF options ----------
+   ------------------------------------
+*/
+/**
+ * LWIP_HAVE_LOOPIF==1: Support loop interface (127.0.0.1) and loopif.c
+ */
+#ifndef LWIP_HAVE_LOOPIF
+#define LWIP_HAVE_LOOPIF                0
+#endif
+
+/*
+   ------------------------------------
+   ---------- SLIPIF options ----------
+   ------------------------------------
+*/
+/**
+ * LWIP_HAVE_SLIPIF==1: Support slip interface and slipif.c
+ */
+#ifndef LWIP_HAVE_SLIPIF
+#define LWIP_HAVE_SLIPIF                0
+#endif
+
+/*
+   ------------------------------------
+   ---------- Thread options ----------
+   ------------------------------------
+*/
+/**
+ * TCPIP_THREAD_NAME: The name assigned to the main tcpip thread.
+ */
+#ifndef TCPIP_THREAD_NAME
+#define TCPIP_THREAD_NAME              "tcpip_thread"
+#endif
+
+/**
+ * TCPIP_THREAD_STACKSIZE: The stack size used by the main tcpip thread.
+ * The stack size value itself is platform-dependent, but is passed to
+ * sys_thread_new() when the thread is created.
+ */
+#ifndef TCPIP_THREAD_STACKSIZE
+#define TCPIP_THREAD_STACKSIZE          0
+#endif
+
+/**
+ * TCPIP_THREAD_PRIO: The priority assigned to the main tcpip thread.
+ * The priority value itself is platform-dependent, but is passed to
+ * sys_thread_new() when the thread is created.
+ */
+#ifndef TCPIP_THREAD_PRIO
+#define TCPIP_THREAD_PRIO               1
+#endif
+
+/**
+ * TCPIP_MBOX_SIZE: The mailbox size for the tcpip thread messages
+ * The queue size value itself is platform-dependent, but is passed to
+ * sys_mbox_new() when tcpip_init is called.
+ */
+#ifndef TCPIP_MBOX_SIZE
+#define TCPIP_MBOX_SIZE                 0
+#endif
+
+/**
+ * SLIPIF_THREAD_NAME: The name assigned to the slipif_loop thread.
+ */
+#ifndef SLIPIF_THREAD_NAME
+#define SLIPIF_THREAD_NAME             "slipif_loop"
+#endif
+
+/**
+ * SLIP_THREAD_STACKSIZE: The stack size used by the slipif_loop thread.
+ * The stack size value itself is platform-dependent, but is passed to
+ * sys_thread_new() when the thread is created.
+ */
+#ifndef SLIPIF_THREAD_STACKSIZE
+#define SLIPIF_THREAD_STACKSIZE         0
+#endif
+
+/**
+ * SLIPIF_THREAD_PRIO: The priority assigned to the slipif_loop thread.
+ * The priority value itself is platform-dependent, but is passed to
+ * sys_thread_new() when the thread is created.
+ */
+#ifndef SLIPIF_THREAD_PRIO
+#define SLIPIF_THREAD_PRIO              1
+#endif
+
+/**
+ * PPP_THREAD_NAME: The name assigned to the pppInputThread.
+ */
+#ifndef PPP_THREAD_NAME
+#define PPP_THREAD_NAME                "pppInputThread"
+#endif
+
+/**
+ * PPP_THREAD_STACKSIZE: The stack size used by the pppInputThread.
+ * The stack size value itself is platform-dependent, but is passed to
+ * sys_thread_new() when the thread is created.
+ */
+#ifndef PPP_THREAD_STACKSIZE
+#define PPP_THREAD_STACKSIZE            0
+#endif
+
+/**
+ * PPP_THREAD_PRIO: The priority assigned to the pppInputThread.
+ * The priority value itself is platform-dependent, but is passed to
+ * sys_thread_new() when the thread is created.
+ */
+#ifndef PPP_THREAD_PRIO
+#define PPP_THREAD_PRIO                 1
+#endif
+
+/**
+ * DEFAULT_THREAD_NAME: The name assigned to any other lwIP thread.
+ */
+#ifndef DEFAULT_THREAD_NAME
+#define DEFAULT_THREAD_NAME            "lwIP"
+#endif
+
+/**
+ * DEFAULT_THREAD_STACKSIZE: The stack size used by any other lwIP thread.
+ * The stack size value itself is platform-dependent, but is passed to
+ * sys_thread_new() when the thread is created.
+ */
+#ifndef DEFAULT_THREAD_STACKSIZE
+#define DEFAULT_THREAD_STACKSIZE        0
+#endif
+
+/**
+ * DEFAULT_THREAD_PRIO: The priority assigned to any other lwIP thread.
+ * The priority value itself is platform-dependent, but is passed to
+ * sys_thread_new() when the thread is created.
+ */
+#ifndef DEFAULT_THREAD_PRIO
+#define DEFAULT_THREAD_PRIO             1
+#endif
+
+/**
+ * DEFAULT_RAW_RECVMBOX_SIZE: The mailbox size for the incoming packets on a
+ * NETCONN_RAW. The queue size value itself is platform-dependent, but is passed
+ * to sys_mbox_new() when the recvmbox is created.
+ */
+#ifndef DEFAULT_RAW_RECVMBOX_SIZE
+#define DEFAULT_RAW_RECVMBOX_SIZE       0
+#endif
+
+/**
+ * DEFAULT_UDP_RECVMBOX_SIZE: The mailbox size for the incoming packets on a
+ * NETCONN_UDP. The queue size value itself is platform-dependent, but is passed
+ * to sys_mbox_new() when the recvmbox is created.
+ */
+#ifndef DEFAULT_UDP_RECVMBOX_SIZE
+#define DEFAULT_UDP_RECVMBOX_SIZE       0
+#endif
+
+/**
+ * DEFAULT_TCP_RECVMBOX_SIZE: The mailbox size for the incoming packets on a
+ * NETCONN_TCP. The queue size value itself is platform-dependent, but is passed
+ * to sys_mbox_new() when the recvmbox is created.
+ */
+#ifndef DEFAULT_TCP_RECVMBOX_SIZE
+#define DEFAULT_TCP_RECVMBOX_SIZE       0
+#endif
+
+/**
+ * DEFAULT_ACCEPTMBOX_SIZE: The mailbox size for the incoming connections.
+ * The queue size value itself is platform-dependent, but is passed to
+ * sys_mbox_new() when the acceptmbox is created.
+ */
+#ifndef DEFAULT_ACCEPTMBOX_SIZE
+#define DEFAULT_ACCEPTMBOX_SIZE         0
+#endif
+
+/*
+   ----------------------------------------------
+   ---------- Sequential layer options ----------
+   ----------------------------------------------
+*/
+/**
+ * LWIP_TCPIP_CORE_LOCKING: (EXPERIMENTAL!)
+ * Don't use it if you're not an active lwIP project member
+ */
+#ifndef LWIP_TCPIP_CORE_LOCKING
+#define LWIP_TCPIP_CORE_LOCKING         0
+#endif
+
+/**
+ * LWIP_TCPIP_CORE_LOCKING_INPUT: (EXPERIMENTAL!)
+ * Don't use it if you're not an active lwIP project member
+ */
+#ifndef LWIP_TCPIP_CORE_LOCKING_INPUT
+#define LWIP_TCPIP_CORE_LOCKING_INPUT   0
+#endif
+
+/**
+ * LWIP_NETCONN==1: Enable Netconn API (require to use api_lib.c)
+ */
+#ifndef LWIP_NETCONN
+#define LWIP_NETCONN                    1
+#endif
+
+/** LWIP_TCPIP_TIMEOUT==1: Enable tcpip_timeout/tcpip_untimeout tod create
+ * timers running in tcpip_thread from another thread.
+ */
+#ifndef LWIP_TCPIP_TIMEOUT
+#define LWIP_TCPIP_TIMEOUT              1
+#endif
+
+/*
+   ------------------------------------
+   ---------- Socket options ----------
+   ------------------------------------
+*/
+/**
+ * LWIP_SOCKET==1: Enable Socket API (require to use sockets.c)
+ */
+#ifndef LWIP_SOCKET
+#define LWIP_SOCKET                     1
+#endif
+
+/**
+ * LWIP_COMPAT_SOCKETS==1: Enable BSD-style sockets functions names.
+ * (only used if you use sockets.c)
+ */
+#ifndef LWIP_COMPAT_SOCKETS
+#define LWIP_COMPAT_SOCKETS             1
+#endif
+
+/**
+ * LWIP_POSIX_SOCKETS_IO_NAMES==1: Enable POSIX-style sockets functions names.
+ * Disable this option if you use a POSIX operating system that uses the same
+ * names (read, write & close). (only used if you use sockets.c)
+ */
+#ifndef LWIP_POSIX_SOCKETS_IO_NAMES
+#define LWIP_POSIX_SOCKETS_IO_NAMES     1
+#endif
+
+/**
+ * LWIP_TCP_KEEPALIVE==1: Enable TCP_KEEPIDLE, TCP_KEEPINTVL and TCP_KEEPCNT
+ * options processing. Note that TCP_KEEPIDLE and TCP_KEEPINTVL have to be set
+ * in seconds. (does not require sockets.c, and will affect tcp.c)
+ */
+#ifndef LWIP_TCP_KEEPALIVE
+#define LWIP_TCP_KEEPALIVE              0
+#endif
+
+/**
+ * LWIP_SO_SNDTIMEO==1: Enable send timeout for sockets/netconns and
+ * SO_SNDTIMEO processing.
+ */
+#ifndef LWIP_SO_SNDTIMEO
+#define LWIP_SO_SNDTIMEO                0
+#endif
+
+/**
+ * LWIP_SO_RCVTIMEO==1: Enable receive timeout for sockets/netconns and
+ * SO_RCVTIMEO processing.
+ */
+#ifndef LWIP_SO_RCVTIMEO
+#define LWIP_SO_RCVTIMEO                0
+#endif
+
+/**
+ * LWIP_SO_RCVBUF==1: Enable SO_RCVBUF processing.
+ */
+#ifndef LWIP_SO_RCVBUF
+#define LWIP_SO_RCVBUF                  0
+#endif
+
+/**
+ * If LWIP_SO_RCVBUF is used, this is the default value for recv_bufsize.
+ */
+#ifndef RECV_BUFSIZE_DEFAULT
+#define RECV_BUFSIZE_DEFAULT            INT_MAX
+#endif
+
+/**
+ * SO_REUSE==1: Enable SO_REUSEADDR option.
+ */
+#ifndef SO_REUSE
+#define SO_REUSE                        0
+#endif
+
+/**
+ * SO_REUSE_RXTOALL==1: Pass a copy of incoming broadcast/multicast packets
+ * to all local matches if SO_REUSEADDR is turned on.
+ * WARNING: Adds a memcpy for every packet if passing to more than one pcb!
+ */
+#ifndef SO_REUSE_RXTOALL
+#define SO_REUSE_RXTOALL                0
+#endif
+
+/**
+ * LWIP_FIONREAD_LINUXMODE==0 (default): ioctl/FIONREAD returns the amount of
+ * pending data in the network buffer. This is the way windows does it. It's
+ * the default for lwIP since it is smaller.
+ * LWIP_FIONREAD_LINUXMODE==1: ioctl/FIONREAD returns the size of the next
+ * pending datagram in bytes. This is the way linux does it. This code is only
+ * here for compatibility.
+ */
+#ifndef LWIP_FIONREAD_LINUXMODE
+#define LWIP_FIONREAD_LINUXMODE         0
+#endif
+
+/*
+   ----------------------------------------
+   ---------- Statistics options ----------
+   ----------------------------------------
+*/
+/**
+ * LWIP_STATS==1: Enable statistics collection in lwip_stats.
+ */
+#ifndef LWIP_STATS
+#define LWIP_STATS                      1
+#endif
+
+#if LWIP_STATS
+
+/**
+ * LWIP_STATS_DISPLAY==1: Compile in the statistics output functions.
+ */
+#ifndef LWIP_STATS_DISPLAY
+#define LWIP_STATS_DISPLAY              0
+#endif
+
+/**
+ * LINK_STATS==1: Enable link stats.
+ */
+#ifndef LINK_STATS
+#define LINK_STATS                      1
+#endif
+
+/**
+ * ETHARP_STATS==1: Enable etharp stats.
+ */
+#ifndef ETHARP_STATS
+#define ETHARP_STATS                    (LWIP_ARP)
+#endif
+
+/**
+ * IP_STATS==1: Enable IP stats.
+ */
+#ifndef IP_STATS
+#define IP_STATS                        1
+#endif
+
+/**
+ * IPFRAG_STATS==1: Enable IP fragmentation stats. Default is
+ * on if using either frag or reass.
+ */
+#ifndef IPFRAG_STATS
+#define IPFRAG_STATS                    (IP_REASSEMBLY || IP_FRAG)
+#endif
+
+/**
+ * ICMP_STATS==1: Enable ICMP stats.
+ */
+#ifndef ICMP_STATS
+#define ICMP_STATS                      1
+#endif
+
+/**
+ * IGMP_STATS==1: Enable IGMP stats.
+ */
+#ifndef IGMP_STATS
+#define IGMP_STATS                      (LWIP_IGMP)
+#endif
+
+/**
+ * UDP_STATS==1: Enable UDP stats. Default is on if
+ * UDP enabled, otherwise off.
+ */
+#ifndef UDP_STATS
+#define UDP_STATS                       (LWIP_UDP)
+#endif
+
+/**
+ * TCP_STATS==1: Enable TCP stats. Default is on if TCP
+ * enabled, otherwise off.
+ */
+#ifndef TCP_STATS
+#define TCP_STATS                       (LWIP_TCP)
+#endif
+
+/**
+ * MEM_STATS==1: Enable mem.c stats.
+ */
+#ifndef MEM_STATS
+#define MEM_STATS                       ((MEM_LIBC_MALLOC == 0) && (MEM_USE_POOLS == 0))
+#endif
+
+/**
+ * MEMP_STATS==1: Enable memp.c pool stats.
+ */
+#ifndef MEMP_STATS
+#define MEMP_STATS                      (MEMP_MEM_MALLOC == 0)
+#endif
+
+/**
+ * SYS_STATS==1: Enable system stats (sem and mbox counts, etc).
+ */
+#ifndef SYS_STATS
+#define SYS_STATS                       (NO_SYS == 0)
+#endif
+
+/**
+ * IP6_STATS==1: Enable IPv6 stats.
+ */
+#ifndef IP6_STATS
+#define IP6_STATS                       (LWIP_IPV6)
+#endif
+
+/**
+ * ICMP6_STATS==1: Enable ICMP for IPv6 stats.
+ */
+#ifndef ICMP6_STATS
+#define ICMP6_STATS                     (LWIP_IPV6 && LWIP_ICMP6)
+#endif
+
+/**
+ * IP6_FRAG_STATS==1: Enable IPv6 fragmentation stats.
+ */
+#ifndef IP6_FRAG_STATS
+#define IP6_FRAG_STATS                  (LWIP_IPV6 && (LWIP_IPV6_FRAG || LWIP_IPV6_REASS))
+#endif
+
+/**
+ * MLD6_STATS==1: Enable MLD for IPv6 stats.
+ */
+#ifndef MLD6_STATS
+#define MLD6_STATS                      (LWIP_IPV6 && LWIP_IPV6_MLD)
+#endif
+
+/**
+ * ND6_STATS==1: Enable Neighbor discovery for IPv6 stats.
+ */
+#ifndef ND6_STATS
+#define ND6_STATS                       (LWIP_IPV6)
+#endif
+
+#else
+
+#define LINK_STATS                      0
+#define IP_STATS                        0
+#define IPFRAG_STATS                    0
+#define ICMP_STATS                      0
+#define IGMP_STATS                      0
+#define UDP_STATS                       0
+#define TCP_STATS                       0
+#define MEM_STATS                       0
+#define MEMP_STATS                      0
+#define SYS_STATS                       0
+#define LWIP_STATS_DISPLAY              0
+#define IP6_STATS                       0
+#define ICMP6_STATS                     0
+#define IP6_FRAG_STATS                  0
+#define MLD6_STATS                      0
+#define ND6_STATS                       0
+
+#endif /* LWIP_STATS */
+
+/*
+   ---------------------------------
+   ---------- PPP options ----------
+   ---------------------------------
+*/
+/**
+ * PPP_SUPPORT==1: Enable PPP.
+ */
+#ifndef PPP_SUPPORT
+#define PPP_SUPPORT                     0
+#endif
+
+/**
+ * PPPOE_SUPPORT==1: Enable PPP Over Ethernet
+ */
+#ifndef PPPOE_SUPPORT
+#define PPPOE_SUPPORT                   0
+#endif
+
+/**
+ * PPPOS_SUPPORT==1: Enable PPP Over Serial
+ */
+#ifndef PPPOS_SUPPORT
+#define PPPOS_SUPPORT                   PPP_SUPPORT
+#endif
+
+#if PPP_SUPPORT
+
+/**
+ * NUM_PPP: Max PPP sessions.
+ */
+#ifndef NUM_PPP
+#define NUM_PPP                         1
+#endif
+
+/**
+ * PAP_SUPPORT==1: Support PAP.
+ */
+#ifndef PAP_SUPPORT
+#define PAP_SUPPORT                     0
+#endif
+
+/**
+ * CHAP_SUPPORT==1: Support CHAP.
+ */
+#ifndef CHAP_SUPPORT
+#define CHAP_SUPPORT                    0
+#endif
+
+/**
+ * MSCHAP_SUPPORT==1: Support MSCHAP. CURRENTLY NOT SUPPORTED! DO NOT SET!
+ */
+#ifndef MSCHAP_SUPPORT
+#define MSCHAP_SUPPORT                  0
+#endif
+
+/**
+ * CBCP_SUPPORT==1: Support CBCP. CURRENTLY NOT SUPPORTED! DO NOT SET!
+ */
+#ifndef CBCP_SUPPORT
+#define CBCP_SUPPORT                    0
+#endif
+
+/**
+ * CCP_SUPPORT==1: Support CCP. CURRENTLY NOT SUPPORTED! DO NOT SET!
+ */
+#ifndef CCP_SUPPORT
+#define CCP_SUPPORT                     0
+#endif
+
+/**
+ * VJ_SUPPORT==1: Support VJ header compression.
+ */
+#ifndef VJ_SUPPORT
+#define VJ_SUPPORT                      0
+#endif
+
+/**
+ * MD5_SUPPORT==1: Support MD5 (see also CHAP).
+ */
+#ifndef MD5_SUPPORT
+#define MD5_SUPPORT                     0
+#endif
+
+/*
+ * Timeouts
+ */
+#ifndef FSM_DEFTIMEOUT
+#define FSM_DEFTIMEOUT                  6       /* Timeout time in seconds */
+#endif
+
+#ifndef FSM_DEFMAXTERMREQS
+#define FSM_DEFMAXTERMREQS              2       /* Maximum Terminate-Request transmissions */
+#endif
+
+#ifndef FSM_DEFMAXCONFREQS
+#define FSM_DEFMAXCONFREQS              10      /* Maximum Configure-Request transmissions */
+#endif
+
+#ifndef FSM_DEFMAXNAKLOOPS
+#define FSM_DEFMAXNAKLOOPS              5       /* Maximum number of nak loops */
+#endif
+
+#ifndef UPAP_DEFTIMEOUT
+#define UPAP_DEFTIMEOUT                 6       /* Timeout (seconds) for retransmitting req */
+#endif
+
+#ifndef UPAP_DEFREQTIME
+#define UPAP_DEFREQTIME                 30      /* Time to wait for auth-req from peer */
+#endif
+
+#ifndef CHAP_DEFTIMEOUT
+#define CHAP_DEFTIMEOUT                 6       /* Timeout time in seconds */
+#endif
+
+#ifndef CHAP_DEFTRANSMITS
+#define CHAP_DEFTRANSMITS               10      /* max # times to send challenge */
+#endif
+
+/* Interval in seconds between keepalive echo requests, 0 to disable. */
+#ifndef LCP_ECHOINTERVAL
+#define LCP_ECHOINTERVAL                0
+#endif
+
+/* Number of unanswered echo requests before failure. */
+#ifndef LCP_MAXECHOFAILS
+#define LCP_MAXECHOFAILS                3
+#endif
+
+/* Max Xmit idle time (in jiffies) before resend flag char. */
+#ifndef PPP_MAXIDLEFLAG
+#define PPP_MAXIDLEFLAG                 100
+#endif
+
+/*
+ * Packet sizes
+ *
+ * Note - lcp shouldn't be allowed to negotiate stuff outside these
+ *    limits.  See lcp.h in the pppd directory.
+ * (XXX - these constants should simply be shared by lcp.c instead
+ *    of living in lcp.h)
+ */
+#define PPP_MTU                         1500     /* Default MTU (size of Info field) */
+#ifndef PPP_MAXMTU
+/* #define PPP_MAXMTU  65535 - (PPP_HDRLEN + PPP_FCSLEN) */
+#define PPP_MAXMTU                      1500 /* Largest MTU we allow */
+#endif
+#define PPP_MINMTU                      64
+#define PPP_MRU                         1500     /* default MRU = max length of info field */
+#define PPP_MAXMRU                      1500     /* Largest MRU we allow */
+#ifndef PPP_DEFMRU
+#define PPP_DEFMRU                      296             /* Try for this */
+#endif
+#define PPP_MINMRU                      128             /* No MRUs below this */
+
+#ifndef MAXNAMELEN
+#define MAXNAMELEN                      256     /* max length of hostname or name for auth */
+#endif
+#ifndef MAXSECRETLEN
+#define MAXSECRETLEN                    256     /* max length of password or secret */
+#endif
+
+#endif /* PPP_SUPPORT */
+
+/*
+   --------------------------------------
+   ---------- Checksum options ----------
+   --------------------------------------
+*/
+/**
+ * CHECKSUM_GEN_IP==1: Generate checksums in software for outgoing IP packets.
+ */
+#ifndef CHECKSUM_GEN_IP
+#define CHECKSUM_GEN_IP                 1
+#endif
+ 
+/**
+ * CHECKSUM_GEN_UDP==1: Generate checksums in software for outgoing UDP packets.
+ */
+#ifndef CHECKSUM_GEN_UDP
+#define CHECKSUM_GEN_UDP                1
+#endif
+ 
+/**
+ * CHECKSUM_GEN_TCP==1: Generate checksums in software for outgoing TCP packets.
+ */
+#ifndef CHECKSUM_GEN_TCP
+#define CHECKSUM_GEN_TCP                1
+#endif
+
+/**
+ * CHECKSUM_GEN_ICMP==1: Generate checksums in software for outgoing ICMP packets.
+ */
+#ifndef CHECKSUM_GEN_ICMP
+#define CHECKSUM_GEN_ICMP               1
+#endif
+ 
+/**
+ * CHECKSUM_CHECK_IP==1: Check checksums in software for incoming IP packets.
+ */
+#ifndef CHECKSUM_CHECK_IP
+#define CHECKSUM_CHECK_IP               1
+#endif
+ 
+/**
+ * CHECKSUM_CHECK_UDP==1: Check checksums in software for incoming UDP packets.
+ */
+#ifndef CHECKSUM_CHECK_UDP
+#define CHECKSUM_CHECK_UDP              1
+#endif
+
+/**
+ * CHECKSUM_CHECK_TCP==1: Check checksums in software for incoming TCP packets.
+ */
+#ifndef CHECKSUM_CHECK_TCP
+#define CHECKSUM_CHECK_TCP              1
+#endif
+
+/**
+ * LWIP_CHECKSUM_ON_COPY==1: Calculate checksum when copying data from
+ * application buffers to pbufs.
+ */
+#ifndef LWIP_CHECKSUM_ON_COPY
+#define LWIP_CHECKSUM_ON_COPY           0
+#endif
+
+/*
+   ---------------------------------------
+   ---------- IPv6 options ---------------
+   ---------------------------------------
+*/
+/**
+ * LWIP_IPV6==1: Enable IPv6
+ */
+#ifndef LWIP_IPV6
+#define LWIP_IPV6                       0
+#endif
+
+/**
+ * LWIP_IPV6_NUM_ADDRESSES: Number of IPv6 addresses per netif.
+ */
+#ifndef LWIP_IPV6_NUM_ADDRESSES
+#define LWIP_IPV6_NUM_ADDRESSES         3
+#endif
+
+/**
+ * LWIP_IPV6_FORWARD==1: Forward IPv6 packets across netifs
+ */
+#ifndef LWIP_IPV6_FORWARD
+#define LWIP_IPV6_FORWARD               0
+#endif
+
+/**
+ * LWIP_ICMP6==1: Enable ICMPv6 (mandatory per RFC)
+ */
+#ifndef LWIP_ICMP6
+#define LWIP_ICMP6                      (LWIP_IPV6)
+#endif
+
+/**
+ * LWIP_ICMP6_DATASIZE: bytes from original packet to send back in
+ * ICMPv6 error messages.
+ */
+#ifndef LWIP_ICMP6_DATASIZE
+#define LWIP_ICMP6_DATASIZE             8
+#endif
+
+/**
+ * LWIP_ICMP6_HL: default hop limit for ICMPv6 messages
+ */
+#ifndef LWIP_ICMP6_HL
+#define LWIP_ICMP6_HL                   255
+#endif
+
+/**
+ * LWIP_ICMP6_CHECKSUM_CHECK==1: verify checksum on ICMPv6 packets
+ */
+#ifndef LWIP_ICMP6_CHECKSUM_CHECK
+#define LWIP_ICMP6_CHECKSUM_CHECK       1
+#endif
+
+/**
+ * LWIP_IPV6_MLD==1: Enable multicast listener discovery protocol.
+ */
+#ifndef LWIP_IPV6_MLD
+#define LWIP_IPV6_MLD                   (LWIP_IPV6)
+#endif
+
+/**
+ * MEMP_NUM_MLD6_GROUP: Max number of IPv6 multicast that can be joined.
+ */
+#ifndef MEMP_NUM_MLD6_GROUP
+#define MEMP_NUM_MLD6_GROUP             4
+#endif
+
+/**
+ * LWIP_IPV6_FRAG==1: Fragment outgoing IPv6 packets that are too big.
+ */
+#ifndef LWIP_IPV6_FRAG
+#define LWIP_IPV6_FRAG                  0
+#endif
+
+/**
+ * LWIP_IPV6_REASS==1: reassemble incoming IPv6 packets that fragmented
+ */
+#ifndef LWIP_IPV6_REASS
+#define LWIP_IPV6_REASS                 (LWIP_IPV6)
+#endif
+
+/**
+ * LWIP_ND6_QUEUEING==1: queue outgoing IPv6 packets while MAC address
+ * is being resolved.
+ */
+#ifndef LWIP_ND6_QUEUEING
+#define LWIP_ND6_QUEUEING               (LWIP_IPV6)
+#endif
+
+/**
+ * MEMP_NUM_ND6_QUEUE: Max number of IPv6 packets to queue during MAC resolution.
+ */
+#ifndef MEMP_NUM_ND6_QUEUE
+#define MEMP_NUM_ND6_QUEUE              20
+#endif
+
+/**
+ * LWIP_ND6_NUM_NEIGHBORS: Number of entries in IPv6 neighbor cache
+ */
+#ifndef LWIP_ND6_NUM_NEIGHBORS
+#define LWIP_ND6_NUM_NEIGHBORS          10
+#endif
+
+/**
+ * LWIP_ND6_NUM_DESTINATIONS: number of entries in IPv6 destination cache
+ */
+#ifndef LWIP_ND6_NUM_DESTINATIONS
+#define LWIP_ND6_NUM_DESTINATIONS       10
+#endif
+
+/**
+ * LWIP_ND6_NUM_PREFIXES: number of entries in IPv6 on-link prefixes cache
+ */
+#ifndef LWIP_ND6_NUM_PREFIXES
+#define LWIP_ND6_NUM_PREFIXES           5
+#endif
+
+/**
+ * LWIP_ND6_NUM_ROUTERS: number of entries in IPv6 default router cache
+ */
+#ifndef LWIP_ND6_NUM_ROUTERS
+#define LWIP_ND6_NUM_ROUTERS            3
+#endif
+
+/**
+ * LWIP_ND6_MAX_MULTICAST_SOLICIT: max number of multicast solicit messages to send
+ * (neighbor solicit and router solicit)
+ */
+#ifndef LWIP_ND6_MAX_MULTICAST_SOLICIT
+#define LWIP_ND6_MAX_MULTICAST_SOLICIT  3
+#endif
+
+/**
+ * LWIP_ND6_MAX_UNICAST_SOLICIT: max number of unicast neighbor solicitation messages
+ * to send during neighbor reachability detection.
+ */
+#ifndef LWIP_ND6_MAX_UNICAST_SOLICIT
+#define LWIP_ND6_MAX_UNICAST_SOLICIT    3
+#endif
+
+/**
+ * Unused: See ND RFC (time in milliseconds).
+ */
+#ifndef LWIP_ND6_MAX_ANYCAST_DELAY_TIME
+#define LWIP_ND6_MAX_ANYCAST_DELAY_TIME 1000
+#endif
+
+/**
+ * Unused: See ND RFC
+ */
+#ifndef LWIP_ND6_MAX_NEIGHBOR_ADVERTISEMENT
+#define LWIP_ND6_MAX_NEIGHBOR_ADVERTISEMENT  3
+#endif
+
+/**
+ * LWIP_ND6_REACHABLE_TIME: default neighbor reachable time (in milliseconds).
+ * May be updated by router advertisement messages.
+ */
+#ifndef LWIP_ND6_REACHABLE_TIME
+#define LWIP_ND6_REACHABLE_TIME         30000
+#endif
+
+/**
+ * LWIP_ND6_RETRANS_TIMER: default retransmission timer for solicitation messages
+ */
+#ifndef LWIP_ND6_RETRANS_TIMER
+#define LWIP_ND6_RETRANS_TIMER          1000
+#endif
+
+/**
+ * LWIP_ND6_DELAY_FIRST_PROBE_TIME: Delay before first unicast neighbor solicitation
+ * message is sent, during neighbor reachability detection.
+ */
+#ifndef LWIP_ND6_DELAY_FIRST_PROBE_TIME
+#define LWIP_ND6_DELAY_FIRST_PROBE_TIME 5000
+#endif
+
+/**
+ * LWIP_ND6_ALLOW_RA_UPDATES==1: Allow Router Advertisement messages to update
+ * Reachable time and retransmission timers, and netif MTU.
+ */
+#ifndef LWIP_ND6_ALLOW_RA_UPDATES
+#define LWIP_ND6_ALLOW_RA_UPDATES       1
+#endif
+
+/**
+ * LWIP_IPV6_SEND_ROUTER_SOLICIT==1: Send router solicitation messages during
+ * network startup.
+ */
+#ifndef LWIP_IPV6_SEND_ROUTER_SOLICIT
+#define LWIP_IPV6_SEND_ROUTER_SOLICIT   1
+#endif
+
+/**
+ * LWIP_ND6_TCP_REACHABILITY_HINTS==1: Allow TCP to provide Neighbor Discovery
+ * with reachability hints for connected destinations. This helps avoid sending
+ * unicast neighbor solicitation messages.
+ */
+#ifndef LWIP_ND6_TCP_REACHABILITY_HINTS
+#define LWIP_ND6_TCP_REACHABILITY_HINTS 1
+#endif
+
+/**
+ * LWIP_IPV6_AUTOCONFIG==1: Enable stateless address autoconfiguration as per RFC 4862.
+ */
+#ifndef LWIP_IPV6_AUTOCONFIG
+#define LWIP_IPV6_AUTOCONFIG            (LWIP_IPV6)
+#endif
+
+/**
+ * LWIP_IPV6_DUP_DETECT_ATTEMPTS: Number of duplicate address detection attempts.
+ */
+#ifndef LWIP_IPV6_DUP_DETECT_ATTEMPTS
+#define LWIP_IPV6_DUP_DETECT_ATTEMPTS   1
+#endif
+
+/**
+ * LWIP_IPV6_DHCP6==1: enable DHCPv6 stateful address autoconfiguration.
+ */
+#ifndef LWIP_IPV6_DHCP6
+#define LWIP_IPV6_DHCP6                 0
+#endif
+
+/*
+   ---------------------------------------
+   ---------- Hook options ---------------
+   ---------------------------------------
+*/
+
+/* Hooks are undefined by default, define them to a function if you need them. */
+
+/**
+ * LWIP_HOOK_IP4_INPUT(pbuf, input_netif):
+ * - called from ip_input() (IPv4)
+ * - pbuf: received struct pbuf passed to ip_input()
+ * - input_netif: struct netif on which the packet has been received
+ * Return values:
+ * - 0: Hook has not consumed the packet, packet is processed as normal
+ * - != 0: Hook has consumed the packet.
+ * If the hook consumed the packet, 'pbuf' is in the responsibility of the hook
+ * (i.e. free it when done).
+ */
+
+/**
+ * LWIP_HOOK_IP4_ROUTE(dest):
+ * - called from ip_route() (IPv4)
+ * - dest: destination IPv4 address
+ * Returns the destination netif or NULL if no destination netif is found. In
+ * that case, ip_route() continues as normal.
+ */
+
+/*
+   ---------------------------------------
+   ---------- Debugging options ----------
+   ---------------------------------------
+*/
+/**
+ * LWIP_DBG_MIN_LEVEL: After masking, the value of the debug is
+ * compared against this value. If it is smaller, then debugging
+ * messages are written.
+ */
+#ifndef LWIP_DBG_MIN_LEVEL
+#define LWIP_DBG_MIN_LEVEL              LWIP_DBG_LEVEL_ALL
+#endif
+
+/**
+ * LWIP_DBG_TYPES_ON: A mask that can be used to globally enable/disable
+ * debug messages of certain types.
+ */
+#ifndef LWIP_DBG_TYPES_ON
+#define LWIP_DBG_TYPES_ON               LWIP_DBG_ON
+#endif
+
+/**
+ * ETHARP_DEBUG: Enable debugging in etharp.c.
+ */
+#ifndef ETHARP_DEBUG
+#define ETHARP_DEBUG                    LWIP_DBG_OFF
+#endif
+
+/**
+ * NETIF_DEBUG: Enable debugging in netif.c.
+ */
+#ifndef NETIF_DEBUG
+#define NETIF_DEBUG                     LWIP_DBG_OFF
+#endif
+
+/**
+ * PBUF_DEBUG: Enable debugging in pbuf.c.
+ */
+#ifndef PBUF_DEBUG
+#define PBUF_DEBUG                      LWIP_DBG_OFF
+#endif
+
+/**
+ * API_LIB_DEBUG: Enable debugging in api_lib.c.
+ */
+#ifndef API_LIB_DEBUG
+#define API_LIB_DEBUG                   LWIP_DBG_OFF
+#endif
+
+/**
+ * API_MSG_DEBUG: Enable debugging in api_msg.c.
+ */
+#ifndef API_MSG_DEBUG
+#define API_MSG_DEBUG                   LWIP_DBG_OFF
+#endif
+
+/**
+ * SOCKETS_DEBUG: Enable debugging in sockets.c.
+ */
+#ifndef SOCKETS_DEBUG
+#define SOCKETS_DEBUG                   LWIP_DBG_OFF
+#endif
+
+/**
+ * ICMP_DEBUG: Enable debugging in icmp.c.
+ */
+#ifndef ICMP_DEBUG
+#define ICMP_DEBUG                      LWIP_DBG_OFF
+#endif
+
+/**
+ * IGMP_DEBUG: Enable debugging in igmp.c.
+ */
+#ifndef IGMP_DEBUG
+#define IGMP_DEBUG                      LWIP_DBG_OFF
+#endif
+
+/**
+ * INET_DEBUG: Enable debugging in inet.c.
+ */
+#ifndef INET_DEBUG
+#define INET_DEBUG                      LWIP_DBG_OFF
+#endif
+
+/**
+ * IP_DEBUG: Enable debugging for IP.
+ */
+#ifndef IP_DEBUG
+#define IP_DEBUG                        LWIP_DBG_OFF
+#endif
+
+/**
+ * IP_REASS_DEBUG: Enable debugging in ip_frag.c for both frag & reass.
+ */
+#ifndef IP_REASS_DEBUG
+#define IP_REASS_DEBUG                  LWIP_DBG_OFF
+#endif
+
+/**
+ * RAW_DEBUG: Enable debugging in raw.c.
+ */
+#ifndef RAW_DEBUG
+#define RAW_DEBUG                       LWIP_DBG_OFF
+#endif
+
+/**
+ * MEM_DEBUG: Enable debugging in mem.c.
+ */
+#ifndef MEM_DEBUG
+#define MEM_DEBUG                       LWIP_DBG_OFF
+#endif
+
+/**
+ * MEMP_DEBUG: Enable debugging in memp.c.
+ */
+#ifndef MEMP_DEBUG
+#define MEMP_DEBUG                      LWIP_DBG_OFF
+#endif
+
+/**
+ * SYS_DEBUG: Enable debugging in sys.c.
+ */
+#ifndef SYS_DEBUG
+#define SYS_DEBUG                       LWIP_DBG_OFF
+#endif
+
+/**
+ * TIMERS_DEBUG: Enable debugging in timers.c.
+ */
+#ifndef TIMERS_DEBUG
+#define TIMERS_DEBUG                    LWIP_DBG_OFF
+#endif
+
+/**
+ * TCP_DEBUG: Enable debugging for TCP.
+ */
+#ifndef TCP_DEBUG
+#define TCP_DEBUG                       LWIP_DBG_OFF
+#endif
+
+/**
+ * TCP_INPUT_DEBUG: Enable debugging in tcp_in.c for incoming debug.
+ */
+#ifndef TCP_INPUT_DEBUG
+#define TCP_INPUT_DEBUG                 LWIP_DBG_OFF
+#endif
+
+/**
+ * TCP_FR_DEBUG: Enable debugging in tcp_in.c for fast retransmit.
+ */
+#ifndef TCP_FR_DEBUG
+#define TCP_FR_DEBUG                    LWIP_DBG_OFF
+#endif
+
+/**
+ * TCP_RTO_DEBUG: Enable debugging in TCP for retransmit
+ * timeout.
+ */
+#ifndef TCP_RTO_DEBUG
+#define TCP_RTO_DEBUG                   LWIP_DBG_OFF
+#endif
+
+/**
+ * TCP_CWND_DEBUG: Enable debugging for TCP congestion window.
+ */
+#ifndef TCP_CWND_DEBUG
+#define TCP_CWND_DEBUG                  LWIP_DBG_OFF
+#endif
+
+/**
+ * TCP_WND_DEBUG: Enable debugging in tcp_in.c for window updating.
+ */
+#ifndef TCP_WND_DEBUG
+#define TCP_WND_DEBUG                   LWIP_DBG_OFF
+#endif
+
+/**
+ * TCP_OUTPUT_DEBUG: Enable debugging in tcp_out.c output functions.
+ */
+#ifndef TCP_OUTPUT_DEBUG
+#define TCP_OUTPUT_DEBUG                LWIP_DBG_OFF
+#endif
+
+/**
+ * TCP_RST_DEBUG: Enable debugging for TCP with the RST message.
+ */
+#ifndef TCP_RST_DEBUG
+#define TCP_RST_DEBUG                   LWIP_DBG_OFF
+#endif
+
+/**
+ * TCP_QLEN_DEBUG: Enable debugging for TCP queue lengths.
+ */
+#ifndef TCP_QLEN_DEBUG
+#define TCP_QLEN_DEBUG                  LWIP_DBG_OFF
+#endif
+
+/**
+ * UDP_DEBUG: Enable debugging in UDP.
+ */
+#ifndef UDP_DEBUG
+#define UDP_DEBUG                       LWIP_DBG_OFF
+#endif
+
+/**
+ * TCPIP_DEBUG: Enable debugging in tcpip.c.
+ */
+#ifndef TCPIP_DEBUG
+#define TCPIP_DEBUG                     LWIP_DBG_OFF
+#endif
+
+/**
+ * PPP_DEBUG: Enable debugging for PPP.
+ */
+#ifndef PPP_DEBUG
+#define PPP_DEBUG                       LWIP_DBG_OFF
+#endif
+
+/**
+ * SLIP_DEBUG: Enable debugging in slipif.c.
+ */
+#ifndef SLIP_DEBUG
+#define SLIP_DEBUG                      LWIP_DBG_OFF
+#endif
+
+/**
+ * DHCP_DEBUG: Enable debugging in dhcp.c.
+ */
+#ifndef DHCP_DEBUG
+#define DHCP_DEBUG                      LWIP_DBG_OFF
+#endif
+
+/**
+ * AUTOIP_DEBUG: Enable debugging in autoip.c.
+ */
+#ifndef AUTOIP_DEBUG
+#define AUTOIP_DEBUG                    LWIP_DBG_OFF
+#endif
+
+/**
+ * SNMP_MSG_DEBUG: Enable debugging for SNMP messages.
+ */
+#ifndef SNMP_MSG_DEBUG
+#define SNMP_MSG_DEBUG                  LWIP_DBG_OFF
+#endif
+
+/**
+ * SNMP_MIB_DEBUG: Enable debugging for SNMP MIBs.
+ */
+#ifndef SNMP_MIB_DEBUG
+#define SNMP_MIB_DEBUG                  LWIP_DBG_OFF
+#endif
+
+/**
+ * DNS_DEBUG: Enable debugging for DNS.
+ */
+#ifndef DNS_DEBUG
+#define DNS_DEBUG                       LWIP_DBG_OFF
+#endif
+
+/**
+ * IP6_DEBUG: Enable debugging for IPv6.
+ */
+#ifndef IP6_DEBUG
+#define IP6_DEBUG                       LWIP_DBG_OFF
+#endif
+
+#endif /* __LWIP_OPT_H__ */
diff --git a/client/3rd/PacketProcessor/PacketProcessor/tun2socks-iOS/lwip/src/include/lwip/pbuf.h b/client/3rd/PacketProcessor/PacketProcessor/tun2socks-iOS/lwip/src/include/lwip/pbuf.h
new file mode 100644
index 00000000..4f8dca8a
--- /dev/null
+++ b/client/3rd/PacketProcessor/PacketProcessor/tun2socks-iOS/lwip/src/include/lwip/pbuf.h
@@ -0,0 +1,185 @@
+/*
+ * Copyright (c) 2001-2004 Swedish Institute of Computer Science.
+ * All rights reserved. 
+ * 
+ * Redistribution and use in source and binary forms, with or without modification, 
+ * are permitted provided that the following conditions are met:
+ *
+ * 1. Redistributions of source code must retain the above copyright notice,
+ *    this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright notice,
+ *    this list of conditions and the following disclaimer in the documentation
+ *    and/or other materials provided with the distribution.
+ * 3. The name of the author may not be used to endorse or promote products
+ *    derived from this software without specific prior written permission. 
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE AUTHOR ``AS IS'' AND ANY EXPRESS OR IMPLIED 
+ * WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF 
+ * MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT 
+ * SHALL THE AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, 
+ * EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT 
+ * OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS 
+ * INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN 
+ * CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING 
+ * IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY 
+ * OF SUCH DAMAGE.
+ *
+ * This file is part of the lwIP TCP/IP stack.
+ * 
+ * Author: Adam Dunkels <adam@sics.se>
+ *
+ */
+
+#ifndef __LWIP_PBUF_H__
+#define __LWIP_PBUF_H__
+
+#include "lwip/opt.h"
+#include "lwip/err.h"
+
+#ifdef __cplusplus
+extern "C" {
+#endif
+
+/** Currently, the pbuf_custom code is only needed for one specific configuration
+ * of IP_FRAG */
+#define LWIP_SUPPORT_CUSTOM_PBUF (IP_FRAG && !IP_FRAG_USES_STATIC_BUF && !LWIP_NETIF_TX_SINGLE_PBUF)
+
+/* @todo: We need a mechanism to prevent wasting memory in every pbuf
+   (TCP vs. UDP, IPv4 vs. IPv6: UDP/IPv4 packets may waste up to 28 bytes) */
+
+#define PBUF_TRANSPORT_HLEN 20
+#if LWIP_IPV6
+#define PBUF_IP_HLEN        40
+#else
+#define PBUF_IP_HLEN        20
+#endif
+
+typedef enum {
+  PBUF_TRANSPORT,
+  PBUF_IP,
+  PBUF_LINK,
+  PBUF_RAW
+} pbuf_layer;
+
+typedef enum {
+  PBUF_RAM, /* pbuf data is stored in RAM */
+  PBUF_ROM, /* pbuf data is stored in ROM */
+  PBUF_REF, /* pbuf comes from the pbuf pool */
+  PBUF_POOL /* pbuf payload refers to RAM */
+} pbuf_type;
+
+
+/** indicates this packet's data should be immediately passed to the application */
+#define PBUF_FLAG_PUSH      0x01U
+/** indicates this is a custom pbuf: pbuf_free and pbuf_header handle such a
+    a pbuf differently */
+#define PBUF_FLAG_IS_CUSTOM 0x02U
+/** indicates this pbuf is UDP multicast to be looped back */
+#define PBUF_FLAG_MCASTLOOP 0x04U
+/** indicates this pbuf was received as link-level broadcast */
+#define PBUF_FLAG_LLBCAST   0x08U
+/** indicates this pbuf was received as link-level multicast */
+#define PBUF_FLAG_LLMCAST   0x10U
+/** indicates this pbuf includes a TCP FIN flag */
+#define PBUF_FLAG_TCP_FIN   0x20U
+
+struct pbuf {
+  /** next pbuf in singly linked pbuf chain */
+  struct pbuf *next;
+
+  /** pointer to the actual data in the buffer */
+  void *payload;
+
+  /**
+   * total length of this buffer and all next buffers in chain
+   * belonging to the same packet.
+   *
+   * For non-queue packet chains this is the invariant:
+   * p->tot_len == p->len + (p->next? p->next->tot_len: 0)
+   */
+  u16_t tot_len;
+
+  /** length of this buffer */
+  u16_t len;
+
+  /** pbuf_type as u8_t instead of enum to save space */
+  u8_t /*pbuf_type*/ type;
+
+  /** misc flags */
+  u8_t flags;
+
+  /**
+   * the reference count always equals the number of pointers
+   * that refer to this pbuf. This can be pointers from an application,
+   * the stack itself, or pbuf->next pointers from a chain.
+   */
+  u16_t ref;
+};
+
+#if LWIP_SUPPORT_CUSTOM_PBUF
+/** Prototype for a function to free a custom pbuf */
+typedef void (*pbuf_free_custom_fn)(struct pbuf *p);
+
+/** A custom pbuf: like a pbuf, but following a function pointer to free it. */
+struct pbuf_custom {
+  /** The actual pbuf */
+  struct pbuf pbuf;
+  /** This function is called when pbuf_free deallocates this pbuf(_custom) */
+  pbuf_free_custom_fn custom_free_function;
+};
+#endif /* LWIP_SUPPORT_CUSTOM_PBUF */
+
+#if LWIP_TCP && TCP_QUEUE_OOSEQ
+/** Define this to 0 to prevent freeing ooseq pbufs when the PBUF_POOL is empty */
+#ifndef PBUF_POOL_FREE_OOSEQ
+#define PBUF_POOL_FREE_OOSEQ 1
+#endif /* PBUF_POOL_FREE_OOSEQ */
+#if NO_SYS && PBUF_POOL_FREE_OOSEQ
+extern volatile u8_t pbuf_free_ooseq_pending;
+void pbuf_free_ooseq(void);
+/** When not using sys_check_timeouts(), call PBUF_CHECK_FREE_OOSEQ()
+    at regular intervals from main level to check if ooseq pbufs need to be
+    freed! */
+#define PBUF_CHECK_FREE_OOSEQ() do { if(pbuf_free_ooseq_pending) { \
+  /* pbuf_alloc() reported PBUF_POOL to be empty -> try to free some \
+     ooseq queued pbufs now */ \
+  pbuf_free_ooseq(); }}while(0)
+#endif /* NO_SYS && PBUF_POOL_FREE_OOSEQ*/
+#endif /* LWIP_TCP && TCP_QUEUE_OOSEQ */
+
+/* Initializes the pbuf module. This call is empty for now, but may not be in future. */
+#define pbuf_init()
+
+struct pbuf *pbuf_alloc(pbuf_layer l, u16_t length, pbuf_type type);
+#if LWIP_SUPPORT_CUSTOM_PBUF
+struct pbuf *pbuf_alloced_custom(pbuf_layer l, u16_t length, pbuf_type type,
+                                 struct pbuf_custom *p, void *payload_mem,
+                                 u16_t payload_mem_len);
+#endif /* LWIP_SUPPORT_CUSTOM_PBUF */
+void pbuf_realloc(struct pbuf *p, u16_t size); 
+u8_t pbuf_header(struct pbuf *p, s16_t header_size);
+void pbuf_ref(struct pbuf *p);
+u8_t pbuf_free(struct pbuf *p);
+u8_t pbuf_clen(struct pbuf *p);  
+void pbuf_cat(struct pbuf *head, struct pbuf *tail);
+void pbuf_chain(struct pbuf *head, struct pbuf *tail);
+struct pbuf *pbuf_dechain(struct pbuf *p);
+err_t pbuf_copy(struct pbuf *p_to, struct pbuf *p_from);
+u16_t pbuf_copy_partial(struct pbuf *p, void *dataptr, u16_t len, u16_t offset);
+err_t pbuf_take(struct pbuf *buf, const void *dataptr, u16_t len);
+struct pbuf *pbuf_coalesce(struct pbuf *p, pbuf_layer layer);
+#if LWIP_CHECKSUM_ON_COPY
+err_t pbuf_fill_chksum(struct pbuf *p, u16_t start_offset, const void *dataptr,
+                       u16_t len, u16_t *chksum);
+#endif /* LWIP_CHECKSUM_ON_COPY */
+
+u8_t pbuf_get_at(struct pbuf* p, u16_t offset);
+u16_t pbuf_memcmp(struct pbuf* p, u16_t offset, const void* s2, u16_t n);
+u16_t pbuf_memfind(struct pbuf* p, const void* mem, u16_t mem_len, u16_t start_offset);
+u16_t pbuf_strstr(struct pbuf* p, const char* substr);
+
+#ifdef __cplusplus
+}
+#endif
+
+#endif /* __LWIP_PBUF_H__ */
diff --git a/client/3rd/PacketProcessor/PacketProcessor/tun2socks-iOS/lwip/src/include/lwip/raw.h b/client/3rd/PacketProcessor/PacketProcessor/tun2socks-iOS/lwip/src/include/lwip/raw.h
new file mode 100644
index 00000000..f0c8ed47
--- /dev/null
+++ b/client/3rd/PacketProcessor/PacketProcessor/tun2socks-iOS/lwip/src/include/lwip/raw.h
@@ -0,0 +1,131 @@
+/*
+ * Copyright (c) 2001-2004 Swedish Institute of Computer Science.
+ * All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without modification,
+ * are permitted provided that the following conditions are met:
+ *
+ * 1. Redistributions of source code must retain the above copyright notice,
+ *    this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright notice,
+ *    this list of conditions and the following disclaimer in the documentation
+ *    and/or other materials provided with the distribution.
+ * 3. The name of the author may not be used to endorse or promote products
+ *    derived from this software without specific prior written permission.
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE AUTHOR ``AS IS'' AND ANY EXPRESS OR IMPLIED
+ * WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF
+ * MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT
+ * SHALL THE AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL,
+ * EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT
+ * OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS
+ * INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN
+ * CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING
+ * IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY
+ * OF SUCH DAMAGE.
+ *
+ * This file is part of the lwIP TCP/IP stack.
+ *
+ * Author: Adam Dunkels <adam@sics.se>
+ *
+ */
+#ifndef __LWIP_RAW_H__
+#define __LWIP_RAW_H__
+
+#include "lwip/opt.h"
+
+#if LWIP_RAW /* don't build if not configured for use in lwipopts.h */
+
+#include "lwip/pbuf.h"
+#include "lwip/def.h"
+#include "lwip/ip.h"
+#include "lwip/ip_addr.h"
+#include "lwip/ip6_addr.h"
+
+#ifdef __cplusplus
+extern "C" {
+#endif
+
+struct raw_pcb;
+
+/** Function prototype for raw pcb receive callback functions.
+ * @param arg user supplied argument (raw_pcb.recv_arg)
+ * @param pcb the raw_pcb which received data
+ * @param p the packet buffer that was received
+ * @param addr the remote IP address from which the packet was received
+ * @return 1 if the packet was 'eaten' (aka. deleted),
+ *         0 if the packet lives on
+ * If returning 1, the callback is responsible for freeing the pbuf
+ * if it's not used any more.
+ */
+typedef u8_t (*raw_recv_fn)(void *arg, struct raw_pcb *pcb, struct pbuf *p,
+    ip_addr_t *addr);
+
+#if LWIP_IPV6
+/** Function prototype for raw pcb IPv6 receive callback functions.
+ * @param arg user supplied argument (raw_pcb.recv_arg)
+ * @param pcb the raw_pcb which received data
+ * @param p the packet buffer that was received
+ * @param addr the remote IPv6 address from which the packet was received
+ * @return 1 if the packet was 'eaten' (aka. deleted),
+ *         0 if the packet lives on
+ * If returning 1, the callback is responsible for freeing the pbuf
+ * if it's not used any more.
+ */
+typedef u8_t (*raw_recv_ip6_fn)(void *arg, struct raw_pcb *pcb, struct pbuf *p,
+    ip6_addr_t *addr);
+#endif /* LWIP_IPV6 */
+
+#if LWIP_IPV6
+#define RAW_PCB_RECV_IP6  raw_recv_ip6_fn ip6;
+#else
+#define RAW_PCB_RECV_IP6
+#endif /* LWIP_IPV6 */
+
+struct raw_pcb {
+  /* Common members of all PCB types */
+  IP_PCB;
+
+  struct raw_pcb *next;
+
+  u8_t protocol;
+
+  /** receive callback function */
+  union {
+    raw_recv_fn ip4;
+    RAW_PCB_RECV_IP6
+  } recv;
+  /* user-supplied argument for the recv callback */
+  void *recv_arg;
+};
+
+/* The following functions is the application layer interface to the
+   RAW code. */
+struct raw_pcb * raw_new        (u8_t proto);
+void             raw_remove     (struct raw_pcb *pcb);
+err_t            raw_bind       (struct raw_pcb *pcb, ip_addr_t *ipaddr);
+err_t            raw_connect    (struct raw_pcb *pcb, ip_addr_t *ipaddr);
+
+void             raw_recv       (struct raw_pcb *pcb, raw_recv_fn recv, void *recv_arg);
+err_t            raw_sendto     (struct raw_pcb *pcb, struct pbuf *p, ip_addr_t *ipaddr);
+err_t            raw_send       (struct raw_pcb *pcb, struct pbuf *p);
+
+#if LWIP_IPV6
+struct raw_pcb * raw_new_ip6   (u8_t proto);
+#define          raw_bind_ip6(pcb, ip6addr) raw_bind(pcb, ip6_2_ip(ip6addr))
+#define          raw_connect_ip6(pcb, ip6addr) raw_connect(pcb, ip6_2_ip(ip6addr))
+#define          raw_recv_ip6(pcb, recv_ip6_fn, recv_arg) raw_recv(pcb, (raw_recv_fn)recv_ip6_fn, recv_arg)
+#define          raw_sendto_ip6(pcb, pbuf, ip6addr) raw_sendto(pcb, pbuf, ip6_2_ip(ip6addr))
+#endif /* LWIP_IPV6 */
+
+/* The following functions are the lower layer interface to RAW. */
+u8_t             raw_input      (struct pbuf *p, struct netif *inp);
+#define raw_init() /* Compatibility define, not init needed. */
+
+#ifdef __cplusplus
+}
+#endif
+
+#endif /* LWIP_RAW */
+
+#endif /* __LWIP_RAW_H__ */
diff --git a/client/3rd/PacketProcessor/PacketProcessor/tun2socks-iOS/lwip/src/include/lwip/sio.h b/client/3rd/PacketProcessor/PacketProcessor/tun2socks-iOS/lwip/src/include/lwip/sio.h
new file mode 100644
index 00000000..28ae2f22
--- /dev/null
+++ b/client/3rd/PacketProcessor/PacketProcessor/tun2socks-iOS/lwip/src/include/lwip/sio.h
@@ -0,0 +1,141 @@
+/*
+ * Copyright (c) 2001-2004 Swedish Institute of Computer Science.
+ * All rights reserved. 
+ * 
+ * Redistribution and use in source and binary forms, with or without modification, 
+ * are permitted provided that the following conditions are met:
+ *
+ * 1. Redistributions of source code must retain the above copyright notice,
+ *    this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright notice,
+ *    this list of conditions and the following disclaimer in the documentation
+ *    and/or other materials provided with the distribution.
+ * 3. The name of the author may not be used to endorse or promote products
+ *    derived from this software without specific prior written permission. 
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE AUTHOR ``AS IS'' AND ANY EXPRESS OR IMPLIED 
+ * WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF 
+ * MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT 
+ * SHALL THE AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, 
+ * EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT 
+ * OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS 
+ * INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN 
+ * CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING 
+ * IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY 
+ * OF SUCH DAMAGE.
+ *
+ * This file is part of the lwIP TCP/IP stack.
+ */
+
+/*
+ * This is the interface to the platform specific serial IO module
+ * It needs to be implemented by those platforms which need SLIP or PPP
+ */
+
+#ifndef __SIO_H__
+#define __SIO_H__
+
+#include "lwip/arch.h"
+
+#ifdef __cplusplus
+extern "C" {
+#endif
+
+/* If you want to define sio_fd_t elsewhere or differently,
+   define this in your cc.h file. */
+#ifndef __sio_fd_t_defined
+typedef void * sio_fd_t;
+#endif
+
+/* The following functions can be defined to something else in your cc.h file
+   or be implemented in your custom sio.c file. */
+
+#ifndef sio_open
+/**
+ * Opens a serial device for communication.
+ * 
+ * @param devnum device number
+ * @return handle to serial device if successful, NULL otherwise
+ */
+sio_fd_t sio_open(u8_t devnum);
+#endif
+
+#ifndef sio_send
+/**
+ * Sends a single character to the serial device.
+ * 
+ * @param c character to send
+ * @param fd serial device handle
+ * 
+ * @note This function will block until the character can be sent.
+ */
+void sio_send(u8_t c, sio_fd_t fd);
+#endif
+
+#ifndef sio_recv
+/**
+ * Receives a single character from the serial device.
+ * 
+ * @param fd serial device handle
+ * 
+ * @note This function will block until a character is received.
+ */
+u8_t sio_recv(sio_fd_t fd);
+#endif
+
+#ifndef sio_read
+/**
+ * Reads from the serial device.
+ * 
+ * @param fd serial device handle
+ * @param data pointer to data buffer for receiving
+ * @param len maximum length (in bytes) of data to receive
+ * @return number of bytes actually received - may be 0 if aborted by sio_read_abort
+ * 
+ * @note This function will block until data can be received. The blocking
+ * can be cancelled by calling sio_read_abort().
+ */
+u32_t sio_read(sio_fd_t fd, u8_t *data, u32_t len);
+#endif
+
+#ifndef sio_tryread
+/**
+ * Tries to read from the serial device. Same as sio_read but returns
+ * immediately if no data is available and never blocks.
+ * 
+ * @param fd serial device handle
+ * @param data pointer to data buffer for receiving
+ * @param len maximum length (in bytes) of data to receive
+ * @return number of bytes actually received
+ */
+u32_t sio_tryread(sio_fd_t fd, u8_t *data, u32_t len);
+#endif
+
+#ifndef sio_write
+/**
+ * Writes to the serial device.
+ * 
+ * @param fd serial device handle
+ * @param data pointer to data to send
+ * @param len length (in bytes) of data to send
+ * @return number of bytes actually sent
+ * 
+ * @note This function will block until all data can be sent.
+ */
+u32_t sio_write(sio_fd_t fd, u8_t *data, u32_t len);
+#endif
+
+#ifndef sio_read_abort
+/**
+ * Aborts a blocking sio_read() call.
+ * 
+ * @param fd serial device handle
+ */
+void sio_read_abort(sio_fd_t fd);
+#endif
+
+#ifdef __cplusplus
+}
+#endif
+
+#endif /* __SIO_H__ */
diff --git a/client/3rd/PacketProcessor/PacketProcessor/tun2socks-iOS/lwip/src/include/lwip/snmp.h b/client/3rd/PacketProcessor/PacketProcessor/tun2socks-iOS/lwip/src/include/lwip/snmp.h
new file mode 100644
index 00000000..2ed043dd
--- /dev/null
+++ b/client/3rd/PacketProcessor/PacketProcessor/tun2socks-iOS/lwip/src/include/lwip/snmp.h
@@ -0,0 +1,367 @@
+/*
+ * Copyright (c) 2001, 2002 Leon Woestenberg <leon.woestenberg@axon.tv>
+ * Copyright (c) 2001, 2002 Axon Digital Design B.V., The Netherlands.
+ * All rights reserved.
+ * 
+ * Redistribution and use in source and binary forms, with or without modification, 
+ * are permitted provided that the following conditions are met:
+ *
+ * 1. Redistributions of source code must retain the above copyright notice,
+ *    this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright notice,
+ *    this list of conditions and the following disclaimer in the documentation
+ *    and/or other materials provided with the distribution.
+ * 3. The name of the author may not be used to endorse or promote products
+ *    derived from this software without specific prior written permission. 
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE AUTHOR ``AS IS'' AND ANY EXPRESS OR IMPLIED 
+ * WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF 
+ * MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT 
+ * SHALL THE AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, 
+ * EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT 
+ * OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS 
+ * INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN 
+ * CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING 
+ * IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY 
+ * OF SUCH DAMAGE.
+ *
+ * This file is part of the lwIP TCP/IP stack.
+ * 
+ * Author: Leon Woestenberg <leon.woestenberg@axon.tv>
+ *
+ */
+#ifndef __LWIP_SNMP_H__
+#define __LWIP_SNMP_H__
+
+#include "lwip/opt.h"
+
+#ifdef __cplusplus
+extern "C" {
+#endif
+
+#include "lwip/ip_addr.h"
+
+struct udp_pcb;
+struct netif;
+
+/**
+ * @see RFC1213, "MIB-II, 6. Definitions"
+ */
+enum snmp_ifType {
+  snmp_ifType_other=1,                /* none of the following */
+  snmp_ifType_regular1822,
+  snmp_ifType_hdh1822,
+  snmp_ifType_ddn_x25,
+  snmp_ifType_rfc877_x25,
+  snmp_ifType_ethernet_csmacd,
+  snmp_ifType_iso88023_csmacd,
+  snmp_ifType_iso88024_tokenBus,
+  snmp_ifType_iso88025_tokenRing,
+  snmp_ifType_iso88026_man,
+  snmp_ifType_starLan,
+  snmp_ifType_proteon_10Mbit,
+  snmp_ifType_proteon_80Mbit,
+  snmp_ifType_hyperchannel,
+  snmp_ifType_fddi,
+  snmp_ifType_lapb,
+  snmp_ifType_sdlc,
+  snmp_ifType_ds1,                    /* T-1 */
+  snmp_ifType_e1,                     /* european equiv. of T-1 */
+  snmp_ifType_basicISDN,
+  snmp_ifType_primaryISDN,            /* proprietary serial */
+  snmp_ifType_propPointToPointSerial,
+  snmp_ifType_ppp,
+  snmp_ifType_softwareLoopback,
+  snmp_ifType_eon,                    /* CLNP over IP [11] */
+  snmp_ifType_ethernet_3Mbit,
+  snmp_ifType_nsip,                   /* XNS over IP */
+  snmp_ifType_slip,                   /* generic SLIP */
+  snmp_ifType_ultra,                  /* ULTRA technologies */
+  snmp_ifType_ds3,                    /* T-3 */
+  snmp_ifType_sip,                    /* SMDS */
+  snmp_ifType_frame_relay
+};
+
+#if LWIP_SNMP /* don't build if not configured for use in lwipopts.h */
+
+/** SNMP "sysuptime" Interval */
+#define SNMP_SYSUPTIME_INTERVAL 10
+
+/** fixed maximum length for object identifier type */
+#define LWIP_SNMP_OBJ_ID_LEN 32
+
+/** internal object identifier representation */
+struct snmp_obj_id
+{
+  u8_t len;
+  s32_t id[LWIP_SNMP_OBJ_ID_LEN];
+};
+
+/* system */
+void snmp_set_sysdesr(u8_t* str, u8_t* len);
+void snmp_set_sysobjid(struct snmp_obj_id *oid);
+void snmp_get_sysobjid_ptr(struct snmp_obj_id **oid);
+void snmp_inc_sysuptime(void);
+void snmp_add_sysuptime(u32_t value);
+void snmp_get_sysuptime(u32_t *value);
+void snmp_set_syscontact(u8_t *ocstr, u8_t *ocstrlen);
+void snmp_set_sysname(u8_t *ocstr, u8_t *ocstrlen);
+void snmp_set_syslocation(u8_t *ocstr, u8_t *ocstrlen);
+
+/* network interface */
+void snmp_add_ifinoctets(struct netif *ni, u32_t value); 
+void snmp_inc_ifinucastpkts(struct netif *ni);
+void snmp_inc_ifinnucastpkts(struct netif *ni);
+void snmp_inc_ifindiscards(struct netif *ni);
+void snmp_add_ifoutoctets(struct netif *ni, u32_t value);
+void snmp_inc_ifoutucastpkts(struct netif *ni);
+void snmp_inc_ifoutnucastpkts(struct netif *ni);
+void snmp_inc_ifoutdiscards(struct netif *ni);
+void snmp_inc_iflist(void);
+void snmp_dec_iflist(void);
+
+/* ARP (for atTable and ipNetToMediaTable) */
+void snmp_insert_arpidx_tree(struct netif *ni, ip_addr_t *ip);
+void snmp_delete_arpidx_tree(struct netif *ni, ip_addr_t *ip);
+
+/* IP */
+void snmp_inc_ipinreceives(void);
+void snmp_inc_ipinhdrerrors(void);
+void snmp_inc_ipinaddrerrors(void);
+void snmp_inc_ipforwdatagrams(void);
+void snmp_inc_ipinunknownprotos(void);
+void snmp_inc_ipindiscards(void);
+void snmp_inc_ipindelivers(void);
+void snmp_inc_ipoutrequests(void);
+void snmp_inc_ipoutdiscards(void);
+void snmp_inc_ipoutnoroutes(void);
+void snmp_inc_ipreasmreqds(void);
+void snmp_inc_ipreasmoks(void);
+void snmp_inc_ipreasmfails(void);
+void snmp_inc_ipfragoks(void);
+void snmp_inc_ipfragfails(void);
+void snmp_inc_ipfragcreates(void);
+void snmp_inc_iproutingdiscards(void);
+void snmp_insert_ipaddridx_tree(struct netif *ni);
+void snmp_delete_ipaddridx_tree(struct netif *ni);
+void snmp_insert_iprteidx_tree(u8_t dflt, struct netif *ni);
+void snmp_delete_iprteidx_tree(u8_t dflt, struct netif *ni);
+
+/* ICMP */
+void snmp_inc_icmpinmsgs(void);
+void snmp_inc_icmpinerrors(void);
+void snmp_inc_icmpindestunreachs(void);
+void snmp_inc_icmpintimeexcds(void);
+void snmp_inc_icmpinparmprobs(void);
+void snmp_inc_icmpinsrcquenchs(void);
+void snmp_inc_icmpinredirects(void);
+void snmp_inc_icmpinechos(void);
+void snmp_inc_icmpinechoreps(void);
+void snmp_inc_icmpintimestamps(void);
+void snmp_inc_icmpintimestampreps(void);
+void snmp_inc_icmpinaddrmasks(void);
+void snmp_inc_icmpinaddrmaskreps(void);
+void snmp_inc_icmpoutmsgs(void);
+void snmp_inc_icmpouterrors(void);
+void snmp_inc_icmpoutdestunreachs(void);
+void snmp_inc_icmpouttimeexcds(void);
+void snmp_inc_icmpoutparmprobs(void);
+void snmp_inc_icmpoutsrcquenchs(void);
+void snmp_inc_icmpoutredirects(void); 
+void snmp_inc_icmpoutechos(void);
+void snmp_inc_icmpoutechoreps(void);
+void snmp_inc_icmpouttimestamps(void);
+void snmp_inc_icmpouttimestampreps(void);
+void snmp_inc_icmpoutaddrmasks(void);
+void snmp_inc_icmpoutaddrmaskreps(void);
+
+/* TCP */
+void snmp_inc_tcpactiveopens(void);
+void snmp_inc_tcppassiveopens(void);
+void snmp_inc_tcpattemptfails(void);
+void snmp_inc_tcpestabresets(void);
+void snmp_inc_tcpinsegs(void);
+void snmp_inc_tcpoutsegs(void);
+void snmp_inc_tcpretranssegs(void);
+void snmp_inc_tcpinerrs(void);
+void snmp_inc_tcpoutrsts(void);
+
+/* UDP */
+void snmp_inc_udpindatagrams(void);
+void snmp_inc_udpnoports(void);
+void snmp_inc_udpinerrors(void);
+void snmp_inc_udpoutdatagrams(void);
+void snmp_insert_udpidx_tree(struct udp_pcb *pcb);
+void snmp_delete_udpidx_tree(struct udp_pcb *pcb);
+
+/* SNMP */
+void snmp_inc_snmpinpkts(void);
+void snmp_inc_snmpoutpkts(void);
+void snmp_inc_snmpinbadversions(void);
+void snmp_inc_snmpinbadcommunitynames(void);
+void snmp_inc_snmpinbadcommunityuses(void);
+void snmp_inc_snmpinasnparseerrs(void);
+void snmp_inc_snmpintoobigs(void);
+void snmp_inc_snmpinnosuchnames(void);
+void snmp_inc_snmpinbadvalues(void);
+void snmp_inc_snmpinreadonlys(void);
+void snmp_inc_snmpingenerrs(void);
+void snmp_add_snmpintotalreqvars(u8_t value);
+void snmp_add_snmpintotalsetvars(u8_t value);
+void snmp_inc_snmpingetrequests(void);
+void snmp_inc_snmpingetnexts(void);
+void snmp_inc_snmpinsetrequests(void);
+void snmp_inc_snmpingetresponses(void);
+void snmp_inc_snmpintraps(void);
+void snmp_inc_snmpouttoobigs(void);
+void snmp_inc_snmpoutnosuchnames(void);
+void snmp_inc_snmpoutbadvalues(void);
+void snmp_inc_snmpoutgenerrs(void);
+void snmp_inc_snmpoutgetrequests(void);
+void snmp_inc_snmpoutgetnexts(void);
+void snmp_inc_snmpoutsetrequests(void);
+void snmp_inc_snmpoutgetresponses(void);
+void snmp_inc_snmpouttraps(void);
+void snmp_get_snmpgrpid_ptr(struct snmp_obj_id **oid);
+void snmp_set_snmpenableauthentraps(u8_t *value);
+void snmp_get_snmpenableauthentraps(u8_t *value);
+
+/* LWIP_SNMP support not available */
+/* define everything to be empty */
+#else
+
+/* system */
+#define snmp_set_sysdesr(str, len)
+#define snmp_set_sysobjid(oid);
+#define snmp_get_sysobjid_ptr(oid)
+#define snmp_inc_sysuptime()
+#define snmp_add_sysuptime(value)
+#define snmp_get_sysuptime(value)
+#define snmp_set_syscontact(ocstr, ocstrlen);
+#define snmp_set_sysname(ocstr, ocstrlen);
+#define snmp_set_syslocation(ocstr, ocstrlen);
+
+/* network interface */
+#define snmp_add_ifinoctets(ni,value) 
+#define snmp_inc_ifinucastpkts(ni)
+#define snmp_inc_ifinnucastpkts(ni)
+#define snmp_inc_ifindiscards(ni)
+#define snmp_add_ifoutoctets(ni,value)
+#define snmp_inc_ifoutucastpkts(ni)
+#define snmp_inc_ifoutnucastpkts(ni)
+#define snmp_inc_ifoutdiscards(ni)
+#define snmp_inc_iflist()
+#define snmp_dec_iflist()
+
+/* ARP */
+#define snmp_insert_arpidx_tree(ni,ip)
+#define snmp_delete_arpidx_tree(ni,ip)
+
+/* IP */
+#define snmp_inc_ipinreceives()
+#define snmp_inc_ipinhdrerrors()
+#define snmp_inc_ipinaddrerrors()
+#define snmp_inc_ipforwdatagrams()
+#define snmp_inc_ipinunknownprotos()
+#define snmp_inc_ipindiscards()
+#define snmp_inc_ipindelivers()
+#define snmp_inc_ipoutrequests()
+#define snmp_inc_ipoutdiscards()
+#define snmp_inc_ipoutnoroutes()
+#define snmp_inc_ipreasmreqds()
+#define snmp_inc_ipreasmoks()
+#define snmp_inc_ipreasmfails()
+#define snmp_inc_ipfragoks()
+#define snmp_inc_ipfragfails()
+#define snmp_inc_ipfragcreates()
+#define snmp_inc_iproutingdiscards()
+#define snmp_insert_ipaddridx_tree(ni)
+#define snmp_delete_ipaddridx_tree(ni)
+#define snmp_insert_iprteidx_tree(dflt, ni)
+#define snmp_delete_iprteidx_tree(dflt, ni)
+
+/* ICMP */
+#define snmp_inc_icmpinmsgs()
+#define snmp_inc_icmpinerrors() 
+#define snmp_inc_icmpindestunreachs() 
+#define snmp_inc_icmpintimeexcds()
+#define snmp_inc_icmpinparmprobs() 
+#define snmp_inc_icmpinsrcquenchs() 
+#define snmp_inc_icmpinredirects() 
+#define snmp_inc_icmpinechos() 
+#define snmp_inc_icmpinechoreps()
+#define snmp_inc_icmpintimestamps() 
+#define snmp_inc_icmpintimestampreps()
+#define snmp_inc_icmpinaddrmasks()
+#define snmp_inc_icmpinaddrmaskreps()
+#define snmp_inc_icmpoutmsgs()
+#define snmp_inc_icmpouterrors()
+#define snmp_inc_icmpoutdestunreachs() 
+#define snmp_inc_icmpouttimeexcds() 
+#define snmp_inc_icmpoutparmprobs()
+#define snmp_inc_icmpoutsrcquenchs()
+#define snmp_inc_icmpoutredirects() 
+#define snmp_inc_icmpoutechos() 
+#define snmp_inc_icmpoutechoreps()
+#define snmp_inc_icmpouttimestamps()
+#define snmp_inc_icmpouttimestampreps()
+#define snmp_inc_icmpoutaddrmasks()
+#define snmp_inc_icmpoutaddrmaskreps()
+/* TCP */
+#define snmp_inc_tcpactiveopens()
+#define snmp_inc_tcppassiveopens()
+#define snmp_inc_tcpattemptfails()
+#define snmp_inc_tcpestabresets()
+#define snmp_inc_tcpinsegs()
+#define snmp_inc_tcpoutsegs()
+#define snmp_inc_tcpretranssegs()
+#define snmp_inc_tcpinerrs()
+#define snmp_inc_tcpoutrsts()
+
+/* UDP */
+#define snmp_inc_udpindatagrams()
+#define snmp_inc_udpnoports()
+#define snmp_inc_udpinerrors()
+#define snmp_inc_udpoutdatagrams()
+#define snmp_insert_udpidx_tree(pcb)
+#define snmp_delete_udpidx_tree(pcb)
+
+/* SNMP */
+#define snmp_inc_snmpinpkts()
+#define snmp_inc_snmpoutpkts()
+#define snmp_inc_snmpinbadversions()
+#define snmp_inc_snmpinbadcommunitynames()
+#define snmp_inc_snmpinbadcommunityuses()
+#define snmp_inc_snmpinasnparseerrs()
+#define snmp_inc_snmpintoobigs()
+#define snmp_inc_snmpinnosuchnames()
+#define snmp_inc_snmpinbadvalues()
+#define snmp_inc_snmpinreadonlys()
+#define snmp_inc_snmpingenerrs()
+#define snmp_add_snmpintotalreqvars(value)
+#define snmp_add_snmpintotalsetvars(value)
+#define snmp_inc_snmpingetrequests()
+#define snmp_inc_snmpingetnexts()
+#define snmp_inc_snmpinsetrequests()
+#define snmp_inc_snmpingetresponses()
+#define snmp_inc_snmpintraps()
+#define snmp_inc_snmpouttoobigs()
+#define snmp_inc_snmpoutnosuchnames()
+#define snmp_inc_snmpoutbadvalues()
+#define snmp_inc_snmpoutgenerrs()
+#define snmp_inc_snmpoutgetrequests()
+#define snmp_inc_snmpoutgetnexts()
+#define snmp_inc_snmpoutsetrequests()
+#define snmp_inc_snmpoutgetresponses()
+#define snmp_inc_snmpouttraps()
+#define snmp_get_snmpgrpid_ptr(oid)
+#define snmp_set_snmpenableauthentraps(value)
+#define snmp_get_snmpenableauthentraps(value)
+
+#endif /* LWIP_SNMP */
+
+#ifdef __cplusplus
+}
+#endif
+
+#endif /* __LWIP_SNMP_H__ */
diff --git a/client/3rd/PacketProcessor/PacketProcessor/tun2socks-iOS/lwip/src/include/lwip/snmp_asn1.h b/client/3rd/PacketProcessor/PacketProcessor/tun2socks-iOS/lwip/src/include/lwip/snmp_asn1.h
new file mode 100644
index 00000000..605fa3f1
--- /dev/null
+++ b/client/3rd/PacketProcessor/PacketProcessor/tun2socks-iOS/lwip/src/include/lwip/snmp_asn1.h
@@ -0,0 +1,101 @@
+/**
+ * @file
+ * Abstract Syntax Notation One (ISO 8824, 8825) codec.
+ */
+ 
+/*
+ * Copyright (c) 2006 Axon Digital Design B.V., The Netherlands.
+ * All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without modification,
+ * are permitted provided that the following conditions are met:
+ *
+ * 1. Redistributions of source code must retain the above copyright notice,
+ *    this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright notice,
+ *    this list of conditions and the following disclaimer in the documentation
+ *    and/or other materials provided with the distribution.
+ * 3. The name of the author may not be used to endorse or promote products
+ *    derived from this software without specific prior written permission.
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE AUTHOR ``AS IS'' AND ANY EXPRESS OR IMPLIED
+ * WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF
+ * MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT
+ * SHALL THE AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL,
+ * EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT
+ * OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS
+ * INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN
+ * CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING
+ * IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY
+ * OF SUCH DAMAGE.
+ *
+ * Author: Christiaan Simons <christiaan.simons@axon.tv>
+ */
+
+#ifndef __LWIP_SNMP_ASN1_H__
+#define __LWIP_SNMP_ASN1_H__
+
+#include "lwip/opt.h"
+#include "lwip/err.h"
+#include "lwip/pbuf.h"
+#include "lwip/snmp.h"
+
+#if LWIP_SNMP
+
+#ifdef __cplusplus
+extern "C" {
+#endif
+
+#define SNMP_ASN1_UNIV   (0)    /* (!0x80 | !0x40) */
+#define SNMP_ASN1_APPLIC (0x40) /* (!0x80 |  0x40) */
+#define SNMP_ASN1_CONTXT (0x80) /* ( 0x80 | !0x40) */
+
+#define SNMP_ASN1_CONSTR (0x20) /* ( 0x20) */
+#define SNMP_ASN1_PRIMIT (0)    /* (!0x20) */
+
+/* universal tags */
+#define SNMP_ASN1_INTEG  2
+#define SNMP_ASN1_OC_STR 4
+#define SNMP_ASN1_NUL    5
+#define SNMP_ASN1_OBJ_ID 6
+#define SNMP_ASN1_SEQ    16
+
+/* application specific (SNMP) tags */
+#define SNMP_ASN1_IPADDR 0    /* octet string size(4) */
+#define SNMP_ASN1_COUNTER 1   /* u32_t */
+#define SNMP_ASN1_GAUGE 2     /* u32_t */
+#define SNMP_ASN1_TIMETICKS 3 /* u32_t */
+#define SNMP_ASN1_OPAQUE 4    /* octet string */
+
+/* context specific (SNMP) tags */
+#define SNMP_ASN1_PDU_GET_REQ 0
+#define SNMP_ASN1_PDU_GET_NEXT_REQ 1
+#define SNMP_ASN1_PDU_GET_RESP 2
+#define SNMP_ASN1_PDU_SET_REQ 3
+#define SNMP_ASN1_PDU_TRAP 4
+
+err_t snmp_asn1_dec_type(struct pbuf *p, u16_t ofs, u8_t *type);
+err_t snmp_asn1_dec_length(struct pbuf *p, u16_t ofs, u8_t *octets_used, u16_t *length);
+err_t snmp_asn1_dec_u32t(struct pbuf *p, u16_t ofs, u16_t len, u32_t *value);
+err_t snmp_asn1_dec_s32t(struct pbuf *p, u16_t ofs, u16_t len, s32_t *value);
+err_t snmp_asn1_dec_oid(struct pbuf *p, u16_t ofs, u16_t len, struct snmp_obj_id *oid);
+err_t snmp_asn1_dec_raw(struct pbuf *p, u16_t ofs, u16_t len, u16_t raw_len, u8_t *raw);
+
+void snmp_asn1_enc_length_cnt(u16_t length, u8_t *octets_needed);
+void snmp_asn1_enc_u32t_cnt(u32_t value, u16_t *octets_needed);
+void snmp_asn1_enc_s32t_cnt(s32_t value, u16_t *octets_needed);
+void snmp_asn1_enc_oid_cnt(u8_t ident_len, s32_t *ident, u16_t *octets_needed);
+err_t snmp_asn1_enc_type(struct pbuf *p, u16_t ofs, u8_t type);
+err_t snmp_asn1_enc_length(struct pbuf *p, u16_t ofs, u16_t length);
+err_t snmp_asn1_enc_u32t(struct pbuf *p, u16_t ofs, u16_t octets_needed, u32_t value);
+err_t snmp_asn1_enc_s32t(struct pbuf *p, u16_t ofs, u16_t octets_needed, s32_t value);
+err_t snmp_asn1_enc_oid(struct pbuf *p, u16_t ofs, u8_t ident_len, s32_t *ident);
+err_t snmp_asn1_enc_raw(struct pbuf *p, u16_t ofs, u16_t raw_len, u8_t *raw);
+
+#ifdef __cplusplus
+}
+#endif
+
+#endif /* LWIP_SNMP */
+
+#endif /* __LWIP_SNMP_ASN1_H__ */
diff --git a/client/3rd/PacketProcessor/PacketProcessor/tun2socks-iOS/lwip/src/include/lwip/snmp_msg.h b/client/3rd/PacketProcessor/PacketProcessor/tun2socks-iOS/lwip/src/include/lwip/snmp_msg.h
new file mode 100644
index 00000000..1183e3a9
--- /dev/null
+++ b/client/3rd/PacketProcessor/PacketProcessor/tun2socks-iOS/lwip/src/include/lwip/snmp_msg.h
@@ -0,0 +1,315 @@
+/**
+ * @file
+ * SNMP Agent message handling structures.
+ */
+
+/*
+ * Copyright (c) 2006 Axon Digital Design B.V., The Netherlands.
+ * All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without modification,
+ * are permitted provided that the following conditions are met:
+ *
+ * 1. Redistributions of source code must retain the above copyright notice,
+ *    this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright notice,
+ *    this list of conditions and the following disclaimer in the documentation
+ *    and/or other materials provided with the distribution.
+ * 3. The name of the author may not be used to endorse or promote products
+ *    derived from this software without specific prior written permission.
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE AUTHOR ``AS IS'' AND ANY EXPRESS OR IMPLIED
+ * WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF
+ * MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT
+ * SHALL THE AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL,
+ * EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT
+ * OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS
+ * INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN
+ * CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING
+ * IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY
+ * OF SUCH DAMAGE.
+ *
+ * Author: Christiaan Simons <christiaan.simons@axon.tv>
+ */
+
+#ifndef __LWIP_SNMP_MSG_H__
+#define __LWIP_SNMP_MSG_H__
+
+#include "lwip/opt.h"
+#include "lwip/snmp.h"
+#include "lwip/snmp_structs.h"
+#include "lwip/ip_addr.h"
+#include "lwip/err.h"
+
+#if LWIP_SNMP
+
+#if SNMP_PRIVATE_MIB
+/* When using a private MIB, you have to create a file 'private_mib.h' that contains
+ * a 'struct mib_array_node mib_private' which contains your MIB. */
+#include "private_mib.h"
+#endif
+
+#ifdef __cplusplus
+extern "C" {
+#endif
+
+/* The listen port of the SNMP agent. Clients have to make their requests to
+   this port. Most standard clients won't work if you change this! */
+#ifndef SNMP_IN_PORT
+#define SNMP_IN_PORT 161
+#endif
+/* The remote port the SNMP agent sends traps to. Most standard trap sinks won't
+   work if you change this! */
+#ifndef SNMP_TRAP_PORT
+#define SNMP_TRAP_PORT 162
+#endif
+
+#define SNMP_ES_NOERROR 0
+#define SNMP_ES_TOOBIG 1
+#define SNMP_ES_NOSUCHNAME 2
+#define SNMP_ES_BADVALUE 3
+#define SNMP_ES_READONLY 4
+#define SNMP_ES_GENERROR 5
+
+#define SNMP_GENTRAP_COLDSTART 0
+#define SNMP_GENTRAP_WARMSTART 1
+#define SNMP_GENTRAP_AUTHFAIL 4
+#define SNMP_GENTRAP_ENTERPRISESPC 6
+
+struct snmp_varbind
+{
+  /* next pointer, NULL for last in list */
+  struct snmp_varbind *next;
+  /* previous pointer, NULL for first in list */
+  struct snmp_varbind *prev;
+
+  /* object identifier length (in s32_t) */
+  u8_t ident_len;
+  /* object identifier array */
+  s32_t *ident;
+
+  /* object value ASN1 type */
+  u8_t value_type;
+  /* object value length (in u8_t) */
+  u8_t value_len;
+  /* object value */
+  void *value;
+
+  /* encoding varbind seq length length */
+  u8_t seqlenlen;
+  /* encoding object identifier length length */
+  u8_t olenlen;
+  /* encoding object value length length */
+  u8_t vlenlen;
+  /* encoding varbind seq length */
+  u16_t seqlen;
+  /* encoding object identifier length */
+  u16_t olen;
+  /* encoding object value length */
+  u16_t vlen;
+};
+
+struct snmp_varbind_root
+{
+  struct snmp_varbind *head;
+  struct snmp_varbind *tail;
+  /* number of variable bindings in list */
+  u8_t count;
+  /* encoding varbind-list seq length length */
+  u8_t seqlenlen;
+  /* encoding varbind-list seq length */
+  u16_t seqlen;
+};
+
+/** output response message header length fields */
+struct snmp_resp_header_lengths
+{
+  /* encoding error-index length length */
+  u8_t erridxlenlen;
+  /* encoding error-status length length */
+  u8_t errstatlenlen;
+  /* encoding request id length length */
+  u8_t ridlenlen;
+  /* encoding pdu length length */
+  u8_t pdulenlen;
+  /* encoding community length length */
+  u8_t comlenlen;
+  /* encoding version length length */
+  u8_t verlenlen;
+  /* encoding sequence length length */
+  u8_t seqlenlen;
+
+  /* encoding error-index length */
+  u16_t erridxlen;
+  /* encoding error-status length */
+  u16_t errstatlen;
+  /* encoding request id length */
+  u16_t ridlen;
+  /* encoding pdu length */
+  u16_t pdulen;
+  /* encoding community length */
+  u16_t comlen;
+  /* encoding version length */
+  u16_t verlen;
+  /* encoding sequence length */
+  u16_t seqlen;
+};
+
+/** output response message header length fields */
+struct snmp_trap_header_lengths
+{
+  /* encoding timestamp length length */
+  u8_t tslenlen;
+  /* encoding specific-trap length length */
+  u8_t strplenlen;
+  /* encoding generic-trap length length */
+  u8_t gtrplenlen;
+  /* encoding agent-addr length length */
+  u8_t aaddrlenlen;
+  /* encoding enterprise-id length length */
+  u8_t eidlenlen;
+  /* encoding pdu length length */
+  u8_t pdulenlen;
+  /* encoding community length length */
+  u8_t comlenlen;
+  /* encoding version length length */
+  u8_t verlenlen;
+  /* encoding sequence length length */
+  u8_t seqlenlen;
+
+  /* encoding timestamp length */
+  u16_t tslen;
+  /* encoding specific-trap length */
+  u16_t strplen;
+  /* encoding generic-trap length */
+  u16_t gtrplen;
+  /* encoding agent-addr length */
+  u16_t aaddrlen;
+  /* encoding enterprise-id length */
+  u16_t eidlen;
+  /* encoding pdu length */
+  u16_t pdulen;
+  /* encoding community length */
+  u16_t comlen;
+  /* encoding version length */
+  u16_t verlen;
+  /* encoding sequence length */
+  u16_t seqlen;
+};
+
+/* Accepting new SNMP messages. */
+#define SNMP_MSG_EMPTY                 0
+/* Search for matching object for variable binding. */
+#define SNMP_MSG_SEARCH_OBJ            1
+/* Perform SNMP operation on in-memory object.
+   Pass-through states, for symmetry only. */
+#define SNMP_MSG_INTERNAL_GET_OBJDEF   2
+#define SNMP_MSG_INTERNAL_GET_VALUE    3
+#define SNMP_MSG_INTERNAL_SET_TEST     4
+#define SNMP_MSG_INTERNAL_GET_OBJDEF_S 5
+#define SNMP_MSG_INTERNAL_SET_VALUE    6
+/* Perform SNMP operation on object located externally.
+   In theory this could be used for building a proxy agent.
+   Practical use is for an enterprise spc. app. gateway. */
+#define SNMP_MSG_EXTERNAL_GET_OBJDEF   7
+#define SNMP_MSG_EXTERNAL_GET_VALUE    8
+#define SNMP_MSG_EXTERNAL_SET_TEST     9
+#define SNMP_MSG_EXTERNAL_GET_OBJDEF_S 10
+#define SNMP_MSG_EXTERNAL_SET_VALUE    11
+
+#define SNMP_COMMUNITY_STR_LEN 64
+struct snmp_msg_pstat
+{
+  /* lwIP local port (161) binding */
+  struct udp_pcb *pcb;
+  /* source IP address */
+  ip_addr_t sip;
+  /* source UDP port */
+  u16_t sp;
+  /* request type */
+  u8_t rt;
+  /* request ID */
+  s32_t rid;
+  /* error status */
+  s32_t error_status;
+  /* error index */
+  s32_t error_index;
+  /* community name (zero terminated) */
+  u8_t community[SNMP_COMMUNITY_STR_LEN + 1];
+  /* community string length (exclusive zero term) */
+  u8_t com_strlen;
+  /* one out of MSG_EMPTY, MSG_DEMUX, MSG_INTERNAL, MSG_EXTERNAL_x */
+  u8_t state;
+  /* saved arguments for MSG_EXTERNAL_x */
+  struct mib_external_node *ext_mib_node;
+  struct snmp_name_ptr ext_name_ptr;
+  struct obj_def ext_object_def;
+  struct snmp_obj_id ext_oid;
+  /* index into input variable binding list */
+  u8_t vb_idx;
+  /* ptr into input variable binding list */
+  struct snmp_varbind *vb_ptr;
+  /* list of variable bindings from input */
+  struct snmp_varbind_root invb;
+  /* list of variable bindings to output */
+  struct snmp_varbind_root outvb;
+  /* output response lengths used in ASN encoding */
+  struct snmp_resp_header_lengths rhl;
+};
+
+struct snmp_msg_trap
+{
+  /* lwIP local port (161) binding */
+  struct udp_pcb *pcb;
+  /* destination IP address in network order */
+  ip_addr_t dip;
+
+  /* source enterprise ID (sysObjectID) */
+  struct snmp_obj_id *enterprise;
+  /* source IP address, raw network order format */
+  u8_t sip_raw[4];
+  /* generic trap code */
+  u32_t gen_trap;
+  /* specific trap code */
+  u32_t spc_trap;
+  /* timestamp */
+  u32_t ts;
+  /* list of variable bindings to output */
+  struct snmp_varbind_root outvb;
+  /* output trap lengths used in ASN encoding */
+  struct snmp_trap_header_lengths thl;
+};
+
+/** Agent Version constant, 0 = v1 oddity */
+extern const s32_t snmp_version;
+/** Agent default "public" community string */
+extern const char snmp_publiccommunity[7];
+
+extern struct snmp_msg_trap trap_msg;
+
+/** Agent setup, start listening to port 161. */
+void snmp_init(void);
+void snmp_trap_dst_enable(u8_t dst_idx, u8_t enable);
+void snmp_trap_dst_ip_set(u8_t dst_idx, ip_addr_t *dst);
+
+/** Varbind-list functions. */
+struct snmp_varbind* snmp_varbind_alloc(struct snmp_obj_id *oid, u8_t type, u8_t len);
+void snmp_varbind_free(struct snmp_varbind *vb);
+void snmp_varbind_list_free(struct snmp_varbind_root *root);
+void snmp_varbind_tail_add(struct snmp_varbind_root *root, struct snmp_varbind *vb);
+struct snmp_varbind* snmp_varbind_tail_remove(struct snmp_varbind_root *root);
+
+/** Handle an internal (recv) or external (private response) event. */
+void snmp_msg_event(u8_t request_id);
+err_t snmp_send_response(struct snmp_msg_pstat *m_stat);
+err_t snmp_send_trap(s8_t generic_trap, struct snmp_obj_id *eoid, s32_t specific_trap);
+void snmp_coldstart_trap(void);
+void snmp_authfail_trap(void);
+
+#ifdef __cplusplus
+}
+#endif
+
+#endif /* LWIP_SNMP */
+
+#endif /* __LWIP_SNMP_MSG_H__ */
diff --git a/client/3rd/PacketProcessor/PacketProcessor/tun2socks-iOS/lwip/src/include/lwip/snmp_structs.h b/client/3rd/PacketProcessor/PacketProcessor/tun2socks-iOS/lwip/src/include/lwip/snmp_structs.h
new file mode 100644
index 00000000..0d3b46a9
--- /dev/null
+++ b/client/3rd/PacketProcessor/PacketProcessor/tun2socks-iOS/lwip/src/include/lwip/snmp_structs.h
@@ -0,0 +1,268 @@
+/**
+ * @file
+ * Generic MIB tree structures.
+ *
+ * @todo namespace prefixes
+ */
+
+/*
+ * Copyright (c) 2006 Axon Digital Design B.V., The Netherlands.
+ * All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without modification,
+ * are permitted provided that the following conditions are met:
+ *
+ * 1. Redistributions of source code must retain the above copyright notice,
+ *    this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright notice,
+ *    this list of conditions and the following disclaimer in the documentation
+ *    and/or other materials provided with the distribution.
+ * 3. The name of the author may not be used to endorse or promote products
+ *    derived from this software without specific prior written permission.
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE AUTHOR ``AS IS'' AND ANY EXPRESS OR IMPLIED
+ * WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF
+ * MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT
+ * SHALL THE AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL,
+ * EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT
+ * OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS
+ * INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN
+ * CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING
+ * IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY
+ * OF SUCH DAMAGE.
+ *
+ * Author: Christiaan Simons <christiaan.simons@axon.tv>
+ */
+
+#ifndef __LWIP_SNMP_STRUCTS_H__
+#define __LWIP_SNMP_STRUCTS_H__
+
+#include "lwip/opt.h"
+
+#if LWIP_SNMP /* don't build if not configured for use in lwipopts.h */
+
+#include "lwip/snmp.h"
+
+#if SNMP_PRIVATE_MIB
+/* When using a private MIB, you have to create a file 'private_mib.h' that contains
+ * a 'struct mib_array_node mib_private' which contains your MIB. */
+#include "private_mib.h"
+#endif
+
+#ifdef __cplusplus
+extern "C" {
+#endif
+
+/* MIB object instance */
+#define MIB_OBJECT_NONE 0 
+#define MIB_OBJECT_SCALAR 1
+#define MIB_OBJECT_TAB 2
+
+/* MIB access types */
+#define MIB_ACCESS_READ   1
+#define MIB_ACCESS_WRITE  2
+
+/* MIB object access */
+#define MIB_OBJECT_READ_ONLY      MIB_ACCESS_READ
+#define MIB_OBJECT_READ_WRITE     (MIB_ACCESS_READ | MIB_ACCESS_WRITE)
+#define MIB_OBJECT_WRITE_ONLY     MIB_ACCESS_WRITE
+#define MIB_OBJECT_NOT_ACCESSIBLE 0
+
+/** object definition returned by (get_object_def)() */
+struct obj_def
+{
+  /* MIB_OBJECT_NONE (0), MIB_OBJECT_SCALAR (1), MIB_OBJECT_TAB (2) */
+  u8_t instance;
+  /* 0 read-only, 1 read-write, 2 write-only, 3 not-accessible */
+  u8_t access;
+  /* ASN type for this object */
+  u8_t asn_type;
+  /* value length (host length) */
+  u16_t v_len;
+  /* length of instance part of supplied object identifier */
+  u8_t  id_inst_len;
+  /* instance part of supplied object identifier */
+  s32_t *id_inst_ptr;
+};
+
+struct snmp_name_ptr
+{
+  u8_t ident_len;
+  s32_t *ident;
+};
+
+/** MIB const scalar (.0) node */
+#define MIB_NODE_SC 0x01
+/** MIB const array node */
+#define MIB_NODE_AR 0x02
+/** MIB array node (mem_malloced from RAM) */
+#define MIB_NODE_RA 0x03
+/** MIB list root node (mem_malloced from RAM) */
+#define MIB_NODE_LR 0x04
+/** MIB node for external objects */
+#define MIB_NODE_EX 0x05
+
+/** node "base class" layout, the mandatory fields for a node  */
+struct mib_node
+{
+  /** returns struct obj_def for the given object identifier */
+  void (*get_object_def)(u8_t ident_len, s32_t *ident, struct obj_def *od);
+  /** returns object value for the given object identifier,
+     @note the caller must allocate at least len bytes for the value */
+  void (*get_value)(struct obj_def *od, u16_t len, void *value);
+  /** tests length and/or range BEFORE setting */
+  u8_t (*set_test)(struct obj_def *od, u16_t len, void *value);
+  /** sets object value, only to be called when set_test()  */
+  void (*set_value)(struct obj_def *od, u16_t len, void *value);  
+  /** One out of MIB_NODE_AR, MIB_NODE_LR or MIB_NODE_EX */
+  u8_t node_type;
+  /* array or max list length */
+  u16_t maxlength;
+};
+
+/** derived node for scalars .0 index */
+typedef struct mib_node mib_scalar_node;
+
+/** derived node, points to a fixed size const array
+    of sub-identifiers plus a 'child' pointer */
+struct mib_array_node
+{
+  /* inherited "base class" members */
+  void (*get_object_def)(u8_t ident_len, s32_t *ident, struct obj_def *od);
+  void (*get_value)(struct obj_def *od, u16_t len, void *value);
+  u8_t (*set_test)(struct obj_def *od, u16_t len, void *value);
+  void (*set_value)(struct obj_def *od, u16_t len, void *value);
+
+  u8_t node_type;
+  u16_t maxlength;
+
+  /* additional struct members */
+  const s32_t *objid;
+  struct mib_node* const *nptr;
+};
+
+/** derived node, points to a fixed size mem_malloced array
+    of sub-identifiers plus a 'child' pointer */
+struct mib_ram_array_node
+{
+  /* inherited "base class" members */
+  void (*get_object_def)(u8_t ident_len, s32_t *ident, struct obj_def *od);
+  void (*get_value)(struct obj_def *od, u16_t len, void *value);
+  u8_t (*set_test)(struct obj_def *od, u16_t len, void *value);
+  void (*set_value)(struct obj_def *od, u16_t len, void *value);
+
+  u8_t node_type;
+  u16_t maxlength;
+
+  /* aditional struct members */
+  s32_t *objid;
+  struct mib_node **nptr;
+};
+
+struct mib_list_node
+{
+  struct mib_list_node *prev;  
+  struct mib_list_node *next;
+  s32_t objid;
+  struct mib_node *nptr;
+};
+
+/** derived node, points to a doubly linked list
+    of sub-identifiers plus a 'child' pointer */
+struct mib_list_rootnode
+{
+  /* inherited "base class" members */
+  void (*get_object_def)(u8_t ident_len, s32_t *ident, struct obj_def *od);
+  void (*get_value)(struct obj_def *od, u16_t len, void *value);
+  u8_t (*set_test)(struct obj_def *od, u16_t len, void *value);
+  void (*set_value)(struct obj_def *od, u16_t len, void *value);
+
+  u8_t node_type;
+  u16_t maxlength;
+
+  /* additional struct members */
+  struct mib_list_node *head;
+  struct mib_list_node *tail;
+  /* counts list nodes in list  */
+  u16_t count;
+};
+
+/** derived node, has access functions for mib object in external memory or device
+    using 'tree_level' and 'idx', with a range 0 .. (level_length() - 1) */
+struct mib_external_node
+{
+  /* inherited "base class" members */
+  void (*get_object_def)(u8_t ident_len, s32_t *ident, struct obj_def *od);
+  void (*get_value)(struct obj_def *od, u16_t len, void *value);
+  u8_t (*set_test)(struct obj_def *od, u16_t len, void *value);
+  void (*set_value)(struct obj_def *od, u16_t len, void *value);
+
+  u8_t node_type;
+  u16_t maxlength;
+
+  /* additional struct members */
+  /** points to an external (in memory) record of some sort of addressing
+      information, passed to and interpreted by the funtions below */
+  void* addr_inf;
+  /** tree levels under this node */
+  u8_t tree_levels;
+  /** number of objects at this level */
+  u16_t (*level_length)(void* addr_inf, u8_t level);
+  /** compares object sub identifier with external id
+      return zero when equal, nonzero when unequal */
+  s32_t (*ident_cmp)(void* addr_inf, u8_t level, u16_t idx, s32_t sub_id);
+  void (*get_objid)(void* addr_inf, u8_t level, u16_t idx, s32_t *sub_id);
+
+  /** async Questions */
+  void (*get_object_def_q)(void* addr_inf, u8_t rid, u8_t ident_len, s32_t *ident);
+  void (*get_value_q)(u8_t rid, struct obj_def *od);
+  void (*set_test_q)(u8_t rid, struct obj_def *od);
+  void (*set_value_q)(u8_t rid, struct obj_def *od, u16_t len, void *value);
+  /** async Answers */
+  void (*get_object_def_a)(u8_t rid, u8_t ident_len, s32_t *ident, struct obj_def *od);
+  void (*get_value_a)(u8_t rid, struct obj_def *od, u16_t len, void *value);
+  u8_t (*set_test_a)(u8_t rid, struct obj_def *od, u16_t len, void *value);
+  void (*set_value_a)(u8_t rid, struct obj_def *od, u16_t len, void *value);
+  /** async Panic Close (agent returns error reply, 
+      e.g. used for external transaction cleanup) */
+  void (*get_object_def_pc)(u8_t rid, u8_t ident_len, s32_t *ident);
+  void (*get_value_pc)(u8_t rid, struct obj_def *od);
+  void (*set_test_pc)(u8_t rid, struct obj_def *od);
+  void (*set_value_pc)(u8_t rid, struct obj_def *od);
+};
+
+/** export MIB tree from mib2.c */
+extern const struct mib_array_node internet;
+
+/** dummy function pointers for non-leaf MIB nodes from mib2.c */
+void noleafs_get_object_def(u8_t ident_len, s32_t *ident, struct obj_def *od);
+void noleafs_get_value(struct obj_def *od, u16_t len, void *value);
+u8_t noleafs_set_test(struct obj_def *od, u16_t len, void *value);
+void noleafs_set_value(struct obj_def *od, u16_t len, void *value);
+
+void snmp_oidtoip(s32_t *ident, ip_addr_t *ip);
+void snmp_iptooid(ip_addr_t *ip, s32_t *ident);
+void snmp_ifindextonetif(s32_t ifindex, struct netif **netif);
+void snmp_netiftoifindex(struct netif *netif, s32_t *ifidx);
+
+struct mib_list_node* snmp_mib_ln_alloc(s32_t id);
+void snmp_mib_ln_free(struct mib_list_node *ln);
+struct mib_list_rootnode* snmp_mib_lrn_alloc(void);
+void snmp_mib_lrn_free(struct mib_list_rootnode *lrn);
+
+s8_t snmp_mib_node_insert(struct mib_list_rootnode *rn, s32_t objid, struct mib_list_node **insn);
+s8_t snmp_mib_node_find(struct mib_list_rootnode *rn, s32_t objid, struct mib_list_node **fn);
+struct mib_list_rootnode *snmp_mib_node_delete(struct mib_list_rootnode *rn, struct mib_list_node *n);
+
+struct mib_node* snmp_search_tree(struct mib_node *node, u8_t ident_len, s32_t *ident, struct snmp_name_ptr *np);
+struct mib_node* snmp_expand_tree(struct mib_node *node, u8_t ident_len, s32_t *ident, struct snmp_obj_id *oidret);
+u8_t snmp_iso_prefix_tst(u8_t ident_len, s32_t *ident);
+u8_t snmp_iso_prefix_expand(u8_t ident_len, s32_t *ident, struct snmp_obj_id *oidret);
+
+#ifdef __cplusplus
+}
+#endif
+
+#endif /* LWIP_SNMP */
+
+#endif /* __LWIP_SNMP_STRUCTS_H__ */
diff --git a/client/3rd/PacketProcessor/PacketProcessor/tun2socks-iOS/lwip/src/include/lwip/sockets.h b/client/3rd/PacketProcessor/PacketProcessor/tun2socks-iOS/lwip/src/include/lwip/sockets.h
new file mode 100644
index 00000000..73461374
--- /dev/null
+++ b/client/3rd/PacketProcessor/PacketProcessor/tun2socks-iOS/lwip/src/include/lwip/sockets.h
@@ -0,0 +1,411 @@
+/*
+ * Copyright (c) 2001-2004 Swedish Institute of Computer Science.
+ * All rights reserved. 
+ * 
+ * Redistribution and use in source and binary forms, with or without modification, 
+ * are permitted provided that the following conditions are met:
+ *
+ * 1. Redistributions of source code must retain the above copyright notice,
+ *    this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright notice,
+ *    this list of conditions and the following disclaimer in the documentation
+ *    and/or other materials provided with the distribution.
+ * 3. The name of the author may not be used to endorse or promote products
+ *    derived from this software without specific prior written permission. 
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE AUTHOR ``AS IS'' AND ANY EXPRESS OR IMPLIED 
+ * WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF 
+ * MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT 
+ * SHALL THE AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, 
+ * EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT 
+ * OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS 
+ * INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN 
+ * CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING 
+ * IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY 
+ * OF SUCH DAMAGE.
+ *
+ * This file is part of the lwIP TCP/IP stack.
+ * 
+ * Author: Adam Dunkels <adam@sics.se>
+ *
+ */
+
+
+#ifndef __LWIP_SOCKETS_H__
+#define __LWIP_SOCKETS_H__
+
+#include "lwip/opt.h"
+
+#if LWIP_SOCKET /* don't build if not configured for use in lwipopts.h */
+
+#include <stddef.h> /* for size_t */
+
+#include "lwip/ip_addr.h"
+#include "lwip/inet.h"
+#include "lwip/inet6.h"
+
+#ifdef __cplusplus
+extern "C" {
+#endif
+
+/* members are in network byte order */
+struct sockaddr_in {
+  u8_t sin_len;
+  u8_t sin_family;
+  u16_t sin_port;
+  struct in_addr sin_addr;
+#define SIN_ZERO_LEN 8
+  char sin_zero[SIN_ZERO_LEN];
+};
+
+#if LWIP_IPV6
+struct sockaddr_in6 {
+  u8_t sin6_len;             /* length of this structure */
+  u8_t sin6_family;          /* AF_INET6                 */
+  u16_t sin6_port;           /* Transport layer port #   */
+  u32_t sin6_flowinfo;       /* IPv6 flow information    */
+  struct in6_addr sin6_addr; /* IPv6 address             */
+};
+#endif /* LWIP_IPV6 */
+
+struct sockaddr {
+  u8_t sa_len;
+  u8_t sa_family;
+#if LWIP_IPV6
+  u8_t sa_data[22];
+#else /* LWIP_IPV6 */
+  u8_t sa_data[14];
+#endif /* LWIP_IPV6 */
+};
+
+/* If your port already typedef's socklen_t, define SOCKLEN_T_DEFINED
+   to prevent this code from redefining it. */
+#if !defined(socklen_t) && !defined(SOCKLEN_T_DEFINED)
+typedef u32_t socklen_t;
+#endif
+
+/* Socket protocol types (TCP/UDP/RAW) */
+#define SOCK_STREAM     1
+#define SOCK_DGRAM      2
+#define SOCK_RAW        3
+
+/*
+ * Option flags per-socket. These must match the SOF_ flags in ip.h (checked in init.c)
+ */
+#define  SO_DEBUG       0x0001 /* Unimplemented: turn on debugging info recording */
+#define  SO_ACCEPTCONN  0x0002 /* socket has had listen() */
+#define  SO_REUSEADDR   0x0004 /* Allow local address reuse */
+#define  SO_KEEPALIVE   0x0008 /* keep connections alive */
+#define  SO_DONTROUTE   0x0010 /* Unimplemented: just use interface addresses */
+#define  SO_BROADCAST   0x0020 /* permit to send and to receive broadcast messages (see IP_SOF_BROADCAST option) */
+#define  SO_USELOOPBACK 0x0040 /* Unimplemented: bypass hardware when possible */
+#define  SO_LINGER      0x0080 /* linger on close if data present */
+#define  SO_OOBINLINE   0x0100 /* Unimplemented: leave received OOB data in line */
+#define  SO_REUSEPORT   0x0200 /* Unimplemented: allow local address & port reuse */
+
+#define SO_DONTLINGER   ((int)(~SO_LINGER))
+
+/*
+ * Additional options, not kept in so_options.
+ */
+#define SO_SNDBUF    0x1001    /* Unimplemented: send buffer size */
+#define SO_RCVBUF    0x1002    /* receive buffer size */
+#define SO_SNDLOWAT  0x1003    /* Unimplemented: send low-water mark */
+#define SO_RCVLOWAT  0x1004    /* Unimplemented: receive low-water mark */
+#define SO_SNDTIMEO  0x1005    /* Unimplemented: send timeout */
+#define SO_RCVTIMEO  0x1006    /* receive timeout */
+#define SO_ERROR     0x1007    /* get error status and clear */
+#define SO_TYPE      0x1008    /* get socket type */
+#define SO_CONTIMEO  0x1009    /* Unimplemented: connect timeout */
+#define SO_NO_CHECK  0x100a    /* don't create UDP checksum */
+
+
+/*
+ * Structure used for manipulating linger option.
+ */
+struct linger {
+       int l_onoff;                /* option on/off */
+       int l_linger;               /* linger time */
+};
+
+/*
+ * Level number for (get/set)sockopt() to apply to socket itself.
+ */
+#define  SOL_SOCKET  0xfff    /* options for socket level */
+
+
+#define AF_UNSPEC       0
+#define AF_INET         2
+#if LWIP_IPV6
+#define AF_INET6        10
+#else /* LWIP_IPV6 */
+#define AF_INET6        AF_UNSPEC
+#endif /* LWIP_IPV6 */
+#define PF_INET         AF_INET
+#define PF_INET6        AF_INET6
+#define PF_UNSPEC       AF_UNSPEC
+
+#define IPPROTO_IP      0
+#define IPPROTO_TCP     6
+#define IPPROTO_UDP     17
+#if LWIP_IPV6
+#define IPPROTO_IPV6    41
+#endif /* LWIP_IPV6 */
+#define IPPROTO_UDPLITE 136
+
+/* Flags we can use with send and recv. */
+#define MSG_PEEK       0x01    /* Peeks at an incoming message */
+#define MSG_WAITALL    0x02    /* Unimplemented: Requests that the function block until the full amount of data requested can be returned */
+#define MSG_OOB        0x04    /* Unimplemented: Requests out-of-band data. The significance and semantics of out-of-band data are protocol-specific */
+#define MSG_DONTWAIT   0x08    /* Nonblocking i/o for this operation only */
+#define MSG_MORE       0x10    /* Sender will send more */
+
+
+/*
+ * Options for level IPPROTO_IP
+ */
+#define IP_TOS             1
+#define IP_TTL             2
+
+#if LWIP_TCP
+/*
+ * Options for level IPPROTO_TCP
+ */
+#define TCP_NODELAY    0x01    /* don't delay send to coalesce packets */
+#define TCP_KEEPALIVE  0x02    /* send KEEPALIVE probes when idle for pcb->keep_idle milliseconds */
+#define TCP_KEEPIDLE   0x03    /* set pcb->keep_idle  - Same as TCP_KEEPALIVE, but use seconds for get/setsockopt */
+#define TCP_KEEPINTVL  0x04    /* set pcb->keep_intvl - Use seconds for get/setsockopt */
+#define TCP_KEEPCNT    0x05    /* set pcb->keep_cnt   - Use number of probes sent for get/setsockopt */
+#endif /* LWIP_TCP */
+
+#if LWIP_IPV6
+/*
+ * Options for level IPPROTO_IPV6
+ */
+#define IPV6_V6ONLY 27 /* RFC3493: boolean control to restrict AF_INET6 sockets to IPv6 communications only. */
+#endif /* LWIP_IPV6 */
+
+#if LWIP_UDP && LWIP_UDPLITE
+/*
+ * Options for level IPPROTO_UDPLITE
+ */
+#define UDPLITE_SEND_CSCOV 0x01 /* sender checksum coverage */
+#define UDPLITE_RECV_CSCOV 0x02 /* minimal receiver checksum coverage */
+#endif /* LWIP_UDP && LWIP_UDPLITE*/
+
+
+#if LWIP_IGMP
+/*
+ * Options and types for UDP multicast traffic handling
+ */
+#define IP_ADD_MEMBERSHIP  3
+#define IP_DROP_MEMBERSHIP 4
+#define IP_MULTICAST_TTL   5
+#define IP_MULTICAST_IF    6
+#define IP_MULTICAST_LOOP  7
+
+typedef struct ip_mreq {
+    struct in_addr imr_multiaddr; /* IP multicast address of group */
+    struct in_addr imr_interface; /* local IP address of interface */
+} ip_mreq;
+#endif /* LWIP_IGMP */
+
+/*
+ * The Type of Service provides an indication of the abstract
+ * parameters of the quality of service desired.  These parameters are
+ * to be used to guide the selection of the actual service parameters
+ * when transmitting a datagram through a particular network.  Several
+ * networks offer service precedence, which somehow treats high
+ * precedence traffic as more important than other traffic (generally
+ * by accepting only traffic above a certain precedence at time of high
+ * load).  The major choice is a three way tradeoff between low-delay,
+ * high-reliability, and high-throughput.
+ * The use of the Delay, Throughput, and Reliability indications may
+ * increase the cost (in some sense) of the service.  In many networks
+ * better performance for one of these parameters is coupled with worse
+ * performance on another.  Except for very unusual cases at most two
+ * of these three indications should be set.
+ */
+#define IPTOS_TOS_MASK          0x1E
+#define IPTOS_TOS(tos)          ((tos) & IPTOS_TOS_MASK)
+#define IPTOS_LOWDELAY          0x10
+#define IPTOS_THROUGHPUT        0x08
+#define IPTOS_RELIABILITY       0x04
+#define IPTOS_LOWCOST           0x02
+#define IPTOS_MINCOST           IPTOS_LOWCOST
+
+/*
+ * The Network Control precedence designation is intended to be used
+ * within a network only.  The actual use and control of that
+ * designation is up to each network. The Internetwork Control
+ * designation is intended for use by gateway control originators only.
+ * If the actual use of these precedence designations is of concern to
+ * a particular network, it is the responsibility of that network to
+ * control the access to, and use of, those precedence designations.
+ */
+#define IPTOS_PREC_MASK                 0xe0
+#define IPTOS_PREC(tos)                ((tos) & IPTOS_PREC_MASK)
+#define IPTOS_PREC_NETCONTROL           0xe0
+#define IPTOS_PREC_INTERNETCONTROL      0xc0
+#define IPTOS_PREC_CRITIC_ECP           0xa0
+#define IPTOS_PREC_FLASHOVERRIDE        0x80
+#define IPTOS_PREC_FLASH                0x60
+#define IPTOS_PREC_IMMEDIATE            0x40
+#define IPTOS_PREC_PRIORITY             0x20
+#define IPTOS_PREC_ROUTINE              0x00
+
+
+/*
+ * Commands for ioctlsocket(),  taken from the BSD file fcntl.h.
+ * lwip_ioctl only supports FIONREAD and FIONBIO, for now
+ *
+ * Ioctl's have the command encoded in the lower word,
+ * and the size of any in or out parameters in the upper
+ * word.  The high 2 bits of the upper word are used
+ * to encode the in/out status of the parameter; for now
+ * we restrict parameters to at most 128 bytes.
+ */
+#if !defined(FIONREAD) || !defined(FIONBIO)
+#define IOCPARM_MASK    0x7fU           /* parameters must be < 128 bytes */
+#define IOC_VOID        0x20000000UL    /* no parameters */
+#define IOC_OUT         0x40000000UL    /* copy out parameters */
+#define IOC_IN          0x80000000UL    /* copy in parameters */
+#define IOC_INOUT       (IOC_IN|IOC_OUT)
+                                        /* 0x20000000 distinguishes new &
+                                           old ioctl's */
+#define _IO(x,y)        (IOC_VOID|((x)<<8)|(y))
+
+#define _IOR(x,y,t)     (IOC_OUT|(((long)sizeof(t)&IOCPARM_MASK)<<16)|((x)<<8)|(y))
+
+#define _IOW(x,y,t)     (IOC_IN|(((long)sizeof(t)&IOCPARM_MASK)<<16)|((x)<<8)|(y))
+#endif /* !defined(FIONREAD) || !defined(FIONBIO) */
+
+#ifndef FIONREAD
+#define FIONREAD    _IOR('f', 127, unsigned long) /* get # bytes to read */
+#endif
+#ifndef FIONBIO
+#define FIONBIO     _IOW('f', 126, unsigned long) /* set/clear non-blocking i/o */
+#endif
+
+/* Socket I/O Controls: unimplemented */
+#ifndef SIOCSHIWAT
+#define SIOCSHIWAT  _IOW('s',  0, unsigned long)  /* set high watermark */
+#define SIOCGHIWAT  _IOR('s',  1, unsigned long)  /* get high watermark */
+#define SIOCSLOWAT  _IOW('s',  2, unsigned long)  /* set low watermark */
+#define SIOCGLOWAT  _IOR('s',  3, unsigned long)  /* get low watermark */
+#define SIOCATMARK  _IOR('s',  7, unsigned long)  /* at oob mark? */
+#endif
+
+/* commands for fnctl */
+#ifndef F_GETFL
+#define F_GETFL 3
+#endif
+#ifndef F_SETFL
+#define F_SETFL 4
+#endif
+
+/* File status flags and file access modes for fnctl,
+   these are bits in an int. */
+#ifndef O_NONBLOCK
+#define O_NONBLOCK  1 /* nonblocking I/O */
+#endif
+#ifndef O_NDELAY
+#define O_NDELAY    1 /* same as O_NONBLOCK, for compatibility */
+#endif
+
+#ifndef SHUT_RD
+  #define SHUT_RD   0
+  #define SHUT_WR   1
+  #define SHUT_RDWR 2
+#endif
+
+/* FD_SET used for lwip_select */
+#ifndef FD_SET
+  #undef  FD_SETSIZE
+  /* Make FD_SETSIZE match NUM_SOCKETS in socket.c */
+  #define FD_SETSIZE    MEMP_NUM_NETCONN
+  #define FD_SET(n, p)  ((p)->fd_bits[(n)/8] |=  (1 << ((n) & 7)))
+  #define FD_CLR(n, p)  ((p)->fd_bits[(n)/8] &= ~(1 << ((n) & 7)))
+  #define FD_ISSET(n,p) ((p)->fd_bits[(n)/8] &   (1 << ((n) & 7)))
+  #define FD_ZERO(p)    memset((void*)(p),0,sizeof(*(p)))
+
+  typedef struct fd_set {
+          unsigned char fd_bits [(FD_SETSIZE+7)/8];
+        } fd_set;
+
+#endif /* FD_SET */
+
+/** LWIP_TIMEVAL_PRIVATE: if you want to use the struct timeval provided
+ * by your system, set this to 0 and include <sys/time.h> in cc.h */ 
+#ifndef LWIP_TIMEVAL_PRIVATE
+#define LWIP_TIMEVAL_PRIVATE 1
+#endif
+
+#if LWIP_TIMEVAL_PRIVATE
+struct timeval {
+  long    tv_sec;         /* seconds */
+  long    tv_usec;        /* and microseconds */
+};
+#endif /* LWIP_TIMEVAL_PRIVATE */
+
+void lwip_socket_init(void);
+
+int lwip_accept(int s, struct sockaddr *addr, socklen_t *addrlen);
+int lwip_bind(int s, const struct sockaddr *name, socklen_t namelen);
+int lwip_shutdown(int s, int how);
+int lwip_getpeername (int s, struct sockaddr *name, socklen_t *namelen);
+int lwip_getsockname (int s, struct sockaddr *name, socklen_t *namelen);
+int lwip_getsockopt (int s, int level, int optname, void *optval, socklen_t *optlen);
+int lwip_setsockopt (int s, int level, int optname, const void *optval, socklen_t optlen);
+int lwip_close(int s);
+int lwip_connect(int s, const struct sockaddr *name, socklen_t namelen);
+int lwip_listen(int s, int backlog);
+int lwip_recv(int s, void *mem, size_t len, int flags);
+int lwip_read(int s, void *mem, size_t len);
+int lwip_recvfrom(int s, void *mem, size_t len, int flags,
+      struct sockaddr *from, socklen_t *fromlen);
+int lwip_send(int s, const void *dataptr, size_t size, int flags);
+int lwip_sendto(int s, const void *dataptr, size_t size, int flags,
+    const struct sockaddr *to, socklen_t tolen);
+int lwip_socket(int domain, int type, int protocol);
+int lwip_write(int s, const void *dataptr, size_t size);
+int lwip_select(int maxfdp1, fd_set *readset, fd_set *writeset, fd_set *exceptset,
+                struct timeval *timeout);
+int lwip_ioctl(int s, long cmd, void *argp);
+int lwip_fcntl(int s, int cmd, int val);
+
+#if LWIP_COMPAT_SOCKETS
+#define accept(a,b,c)         lwip_accept(a,b,c)
+#define bind(a,b,c)           lwip_bind(a,b,c)
+#define shutdown(a,b)         lwip_shutdown(a,b)
+#define closesocket(s)        lwip_close(s)
+#define connect(a,b,c)        lwip_connect(a,b,c)
+#define getsockname(a,b,c)    lwip_getsockname(a,b,c)
+#define getpeername(a,b,c)    lwip_getpeername(a,b,c)
+#define setsockopt(a,b,c,d,e) lwip_setsockopt(a,b,c,d,e)
+#define getsockopt(a,b,c,d,e) lwip_getsockopt(a,b,c,d,e)
+#define listen(a,b)           lwip_listen(a,b)
+#define recv(a,b,c,d)         lwip_recv(a,b,c,d)
+#define recvfrom(a,b,c,d,e,f) lwip_recvfrom(a,b,c,d,e,f)
+#define send(a,b,c,d)         lwip_send(a,b,c,d)
+#define sendto(a,b,c,d,e,f)   lwip_sendto(a,b,c,d,e,f)
+#define socket(a,b,c)         lwip_socket(a,b,c)
+#define select(a,b,c,d,e)     lwip_select(a,b,c,d,e)
+#define ioctlsocket(a,b,c)    lwip_ioctl(a,b,c)
+
+#if LWIP_POSIX_SOCKETS_IO_NAMES
+#define read(a,b,c)           lwip_read(a,b,c)
+#define write(a,b,c)          lwip_write(a,b,c)
+#define close(s)              lwip_close(s)
+#define fcntl(a,b,c)          lwip_fcntl(a,b,c)
+#endif /* LWIP_POSIX_SOCKETS_IO_NAMES */
+
+#endif /* LWIP_COMPAT_SOCKETS */
+
+#ifdef __cplusplus
+}
+#endif
+
+#endif /* LWIP_SOCKET */
+
+#endif /* __LWIP_SOCKETS_H__ */
diff --git a/client/3rd/PacketProcessor/PacketProcessor/tun2socks-iOS/lwip/src/include/lwip/stats.h b/client/3rd/PacketProcessor/PacketProcessor/tun2socks-iOS/lwip/src/include/lwip/stats.h
new file mode 100644
index 00000000..d9112160
--- /dev/null
+++ b/client/3rd/PacketProcessor/PacketProcessor/tun2socks-iOS/lwip/src/include/lwip/stats.h
@@ -0,0 +1,347 @@
+/*
+ * Copyright (c) 2001-2004 Swedish Institute of Computer Science.
+ * All rights reserved. 
+ * 
+ * Redistribution and use in source and binary forms, with or without modification, 
+ * are permitted provided that the following conditions are met:
+ *
+ * 1. Redistributions of source code must retain the above copyright notice,
+ *    this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright notice,
+ *    this list of conditions and the following disclaimer in the documentation
+ *    and/or other materials provided with the distribution.
+ * 3. The name of the author may not be used to endorse or promote products
+ *    derived from this software without specific prior written permission. 
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE AUTHOR ``AS IS'' AND ANY EXPRESS OR IMPLIED 
+ * WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF 
+ * MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT 
+ * SHALL THE AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, 
+ * EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT 
+ * OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS 
+ * INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN 
+ * CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING 
+ * IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY 
+ * OF SUCH DAMAGE.
+ *
+ * This file is part of the lwIP TCP/IP stack.
+ * 
+ * Author: Adam Dunkels <adam@sics.se>
+ *
+ */
+#ifndef __LWIP_STATS_H__
+#define __LWIP_STATS_H__
+
+#include "lwip/opt.h"
+
+#include "lwip/mem.h"
+#include "lwip/memp.h"
+
+#ifdef __cplusplus
+extern "C" {
+#endif
+
+#if LWIP_STATS
+
+#ifndef LWIP_STATS_LARGE
+#define LWIP_STATS_LARGE 0
+#endif
+
+#if LWIP_STATS_LARGE
+#define STAT_COUNTER     u32_t
+#define STAT_COUNTER_F   U32_F
+#else
+#define STAT_COUNTER     u16_t
+#define STAT_COUNTER_F   U16_F
+#endif 
+
+struct stats_proto {
+  STAT_COUNTER xmit;             /* Transmitted packets. */
+  STAT_COUNTER recv;             /* Received packets. */
+  STAT_COUNTER fw;               /* Forwarded packets. */
+  STAT_COUNTER drop;             /* Dropped packets. */
+  STAT_COUNTER chkerr;           /* Checksum error. */
+  STAT_COUNTER lenerr;           /* Invalid length error. */
+  STAT_COUNTER memerr;           /* Out of memory error. */
+  STAT_COUNTER rterr;            /* Routing error. */
+  STAT_COUNTER proterr;          /* Protocol error. */
+  STAT_COUNTER opterr;           /* Error in options. */
+  STAT_COUNTER err;              /* Misc error. */
+  STAT_COUNTER cachehit;
+};
+
+struct stats_igmp {
+  STAT_COUNTER xmit;             /* Transmitted packets. */
+  STAT_COUNTER recv;             /* Received packets. */
+  STAT_COUNTER drop;             /* Dropped packets. */
+  STAT_COUNTER chkerr;           /* Checksum error. */
+  STAT_COUNTER lenerr;           /* Invalid length error. */
+  STAT_COUNTER memerr;           /* Out of memory error. */
+  STAT_COUNTER proterr;          /* Protocol error. */
+  STAT_COUNTER rx_v1;            /* Received v1 frames. */
+  STAT_COUNTER rx_group;         /* Received group-specific queries. */
+  STAT_COUNTER rx_general;       /* Received general queries. */
+  STAT_COUNTER rx_report;        /* Received reports. */
+  STAT_COUNTER tx_join;          /* Sent joins. */
+  STAT_COUNTER tx_leave;         /* Sent leaves. */
+  STAT_COUNTER tx_report;        /* Sent reports. */
+};
+
+struct stats_mem {
+#ifdef LWIP_DEBUG
+  const char *name;
+#endif /* LWIP_DEBUG */
+  mem_size_t avail;
+  mem_size_t used;
+  mem_size_t max;
+  STAT_COUNTER err;
+  STAT_COUNTER illegal;
+};
+
+struct stats_syselem {
+  STAT_COUNTER used;
+  STAT_COUNTER max;
+  STAT_COUNTER err;
+};
+
+struct stats_sys {
+  struct stats_syselem sem;
+  struct stats_syselem mutex;
+  struct stats_syselem mbox;
+};
+
+struct stats_ {
+#if LINK_STATS
+  struct stats_proto link;
+#endif
+#if ETHARP_STATS
+  struct stats_proto etharp;
+#endif
+#if IPFRAG_STATS
+  struct stats_proto ip_frag;
+#endif
+#if IP_STATS
+  struct stats_proto ip;
+#endif
+#if ICMP_STATS
+  struct stats_proto icmp;
+#endif
+#if IGMP_STATS
+  struct stats_igmp igmp;
+#endif
+#if UDP_STATS
+  struct stats_proto udp;
+#endif
+#if TCP_STATS
+  struct stats_proto tcp;
+#endif
+#if MEM_STATS
+  struct stats_mem mem;
+#endif
+#if MEMP_STATS
+  struct stats_mem memp[MEMP_MAX];
+#endif
+#if SYS_STATS
+  struct stats_sys sys;
+#endif
+#if IP6_STATS
+  struct stats_proto ip6;
+#endif
+#if ICMP6_STATS
+  struct stats_proto icmp6;
+#endif
+#if IP6_FRAG_STATS
+  struct stats_proto ip6_frag;
+#endif
+#if MLD6_STATS
+  struct stats_igmp mld6;
+#endif
+#if ND6_STATS
+  struct stats_proto nd6;
+#endif
+};
+
+extern struct stats_ lwip_stats;
+
+void stats_init(void);
+
+#define STATS_INC(x) ++lwip_stats.x
+#define STATS_DEC(x) --lwip_stats.x
+#define STATS_INC_USED(x, y) do { lwip_stats.x.used += y; \
+                                if (lwip_stats.x.max < lwip_stats.x.used) { \
+                                    lwip_stats.x.max = lwip_stats.x.used; \
+                                } \
+                             } while(0)
+#else /* LWIP_STATS */
+#define stats_init()
+#define STATS_INC(x)
+#define STATS_DEC(x)
+#define STATS_INC_USED(x)
+#endif /* LWIP_STATS */
+
+#if TCP_STATS
+#define TCP_STATS_INC(x) STATS_INC(x)
+#define TCP_STATS_DISPLAY() stats_display_proto(&lwip_stats.tcp, "TCP")
+#else
+#define TCP_STATS_INC(x)
+#define TCP_STATS_DISPLAY()
+#endif
+
+#if UDP_STATS
+#define UDP_STATS_INC(x) STATS_INC(x)
+#define UDP_STATS_DISPLAY() stats_display_proto(&lwip_stats.udp, "UDP")
+#else
+#define UDP_STATS_INC(x)
+#define UDP_STATS_DISPLAY()
+#endif
+
+#if ICMP_STATS
+#define ICMP_STATS_INC(x) STATS_INC(x)
+#define ICMP_STATS_DISPLAY() stats_display_proto(&lwip_stats.icmp, "ICMP")
+#else
+#define ICMP_STATS_INC(x)
+#define ICMP_STATS_DISPLAY()
+#endif
+
+#if IGMP_STATS
+#define IGMP_STATS_INC(x) STATS_INC(x)
+#define IGMP_STATS_DISPLAY() stats_display_igmp(&lwip_stats.igmp, "IGMP")
+#else
+#define IGMP_STATS_INC(x)
+#define IGMP_STATS_DISPLAY()
+#endif
+
+#if IP_STATS
+#define IP_STATS_INC(x) STATS_INC(x)
+#define IP_STATS_DISPLAY() stats_display_proto(&lwip_stats.ip, "IP")
+#else
+#define IP_STATS_INC(x)
+#define IP_STATS_DISPLAY()
+#endif
+
+#if IPFRAG_STATS
+#define IPFRAG_STATS_INC(x) STATS_INC(x)
+#define IPFRAG_STATS_DISPLAY() stats_display_proto(&lwip_stats.ip_frag, "IP_FRAG")
+#else
+#define IPFRAG_STATS_INC(x)
+#define IPFRAG_STATS_DISPLAY()
+#endif
+
+#if ETHARP_STATS
+#define ETHARP_STATS_INC(x) STATS_INC(x)
+#define ETHARP_STATS_DISPLAY() stats_display_proto(&lwip_stats.etharp, "ETHARP")
+#else
+#define ETHARP_STATS_INC(x)
+#define ETHARP_STATS_DISPLAY()
+#endif
+
+#if LINK_STATS
+#define LINK_STATS_INC(x) STATS_INC(x)
+#define LINK_STATS_DISPLAY() stats_display_proto(&lwip_stats.link, "LINK")
+#else
+#define LINK_STATS_INC(x)
+#define LINK_STATS_DISPLAY()
+#endif
+
+#if MEM_STATS
+#define MEM_STATS_AVAIL(x, y) lwip_stats.mem.x = y
+#define MEM_STATS_INC(x) STATS_INC(mem.x)
+#define MEM_STATS_INC_USED(x, y) STATS_INC_USED(mem, y)
+#define MEM_STATS_DEC_USED(x, y) lwip_stats.mem.x -= y
+#define MEM_STATS_DISPLAY() stats_display_mem(&lwip_stats.mem, "HEAP")
+#else
+#define MEM_STATS_AVAIL(x, y)
+#define MEM_STATS_INC(x)
+#define MEM_STATS_INC_USED(x, y)
+#define MEM_STATS_DEC_USED(x, y)
+#define MEM_STATS_DISPLAY()
+#endif
+
+#if MEMP_STATS
+#define MEMP_STATS_AVAIL(x, i, y) lwip_stats.memp[i].x = y
+#define MEMP_STATS_INC(x, i) STATS_INC(memp[i].x)
+#define MEMP_STATS_DEC(x, i) STATS_DEC(memp[i].x)
+#define MEMP_STATS_INC_USED(x, i) STATS_INC_USED(memp[i], 1)
+#define MEMP_STATS_DISPLAY(i) stats_display_memp(&lwip_stats.memp[i], i)
+#else
+#define MEMP_STATS_AVAIL(x, i, y)
+#define MEMP_STATS_INC(x, i)
+#define MEMP_STATS_DEC(x, i)
+#define MEMP_STATS_INC_USED(x, i)
+#define MEMP_STATS_DISPLAY(i)
+#endif
+
+#if SYS_STATS
+#define SYS_STATS_INC(x) STATS_INC(sys.x)
+#define SYS_STATS_DEC(x) STATS_DEC(sys.x)
+#define SYS_STATS_INC_USED(x) STATS_INC_USED(sys.x, 1)
+#define SYS_STATS_DISPLAY() stats_display_sys(&lwip_stats.sys)
+#else
+#define SYS_STATS_INC(x)
+#define SYS_STATS_DEC(x)
+#define SYS_STATS_INC_USED(x)
+#define SYS_STATS_DISPLAY()
+#endif
+
+#if IP6_STATS
+#define IP6_STATS_INC(x) STATS_INC(x)
+#define IP6_STATS_DISPLAY() stats_display_proto(&lwip_stats.ip6, "IPv6")
+#else
+#define IP6_STATS_INC(x)
+#define IP6_STATS_DISPLAY()
+#endif
+
+#if ICMP6_STATS
+#define ICMP6_STATS_INC(x) STATS_INC(x)
+#define ICMP6_STATS_DISPLAY() stats_display_proto(&lwip_stats.icmp6, "ICMPv6")
+#else
+#define ICMP6_STATS_INC(x)
+#define ICMP6_STATS_DISPLAY()
+#endif
+
+#if IP6_FRAG_STATS
+#define IP6_FRAG_STATS_INC(x) STATS_INC(x)
+#define IP6_FRAG_STATS_DISPLAY() stats_display_proto(&lwip_stats.ip6_frag, "IPv6 FRAG")
+#else
+#define IP6_FRAG_STATS_INC(x)
+#define IP6_FRAG_STATS_DISPLAY()
+#endif
+
+#if MLD6_STATS
+#define MLD6_STATS_INC(x) STATS_INC(x)
+#define MLD6_STATS_DISPLAY() stats_display_igmp(&lwip_stats.mld6, "MLDv1")
+#else
+#define MLD6_STATS_INC(x)
+#define MLD6_STATS_DISPLAY()
+#endif
+
+#if ND6_STATS
+#define ND6_STATS_INC(x) STATS_INC(x)
+#define ND6_STATS_DISPLAY() stats_display_proto(&lwip_stats.nd6, "ND")
+#else
+#define ND6_STATS_INC(x)
+#define ND6_STATS_DISPLAY()
+#endif
+
+/* Display of statistics */
+#if LWIP_STATS_DISPLAY
+void stats_display(void);
+void stats_display_proto(struct stats_proto *proto, const char *name);
+void stats_display_igmp(struct stats_igmp *igmp, const char *name);
+void stats_display_mem(struct stats_mem *mem, const char *name);
+void stats_display_memp(struct stats_mem *mem, int index);
+void stats_display_sys(struct stats_sys *sys);
+#else /* LWIP_STATS_DISPLAY */
+#define stats_display()
+#define stats_display_proto(proto, name)
+#define stats_display_igmp(igmp, name)
+#define stats_display_mem(mem, name)
+#define stats_display_memp(mem, index)
+#define stats_display_sys(sys)
+#endif /* LWIP_STATS_DISPLAY */
+
+#ifdef __cplusplus
+}
+#endif
+
+#endif /* __LWIP_STATS_H__ */
diff --git a/client/3rd/PacketProcessor/PacketProcessor/tun2socks-iOS/lwip/src/include/lwip/sys.h b/client/3rd/PacketProcessor/PacketProcessor/tun2socks-iOS/lwip/src/include/lwip/sys.h
new file mode 100644
index 00000000..fd45ee8a
--- /dev/null
+++ b/client/3rd/PacketProcessor/PacketProcessor/tun2socks-iOS/lwip/src/include/lwip/sys.h
@@ -0,0 +1,336 @@
+/*
+ * Copyright (c) 2001-2004 Swedish Institute of Computer Science.
+ * All rights reserved. 
+ * 
+ * Redistribution and use in source and binary forms, with or without modification, 
+ * are permitted provided that the following conditions are met:
+ *
+ * 1. Redistributions of source code must retain the above copyright notice,
+ *    this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright notice,
+ *    this list of conditions and the following disclaimer in the documentation
+ *    and/or other materials provided with the distribution.
+ * 3. The name of the author may not be used to endorse or promote products
+ *    derived from this software without specific prior written permission. 
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE AUTHOR ``AS IS'' AND ANY EXPRESS OR IMPLIED 
+ * WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF 
+ * MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT 
+ * SHALL THE AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, 
+ * EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT 
+ * OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS 
+ * INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN 
+ * CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING 
+ * IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY 
+ * OF SUCH DAMAGE.
+ *
+ * This file is part of the lwIP TCP/IP stack.
+ * 
+ * Author: Adam Dunkels <adam@sics.se>
+ *
+ */
+#ifndef __LWIP_SYS_H__
+#define __LWIP_SYS_H__
+
+#include "lwip/opt.h"
+
+#ifdef __cplusplus
+extern "C" {
+#endif
+
+#if NO_SYS
+
+/* For a totally minimal and standalone system, we provide null
+   definitions of the sys_ functions. */
+typedef u8_t sys_sem_t;
+typedef u8_t sys_mutex_t;
+typedef u8_t sys_mbox_t;
+
+#define sys_sem_new(s, c) ERR_OK
+#define sys_sem_signal(s)
+#define sys_sem_wait(s)
+#define sys_arch_sem_wait(s,t)
+#define sys_sem_free(s)
+#define sys_sem_valid(s) 0
+#define sys_sem_set_invalid(s)
+#define sys_mutex_new(mu) ERR_OK
+#define sys_mutex_lock(mu)
+#define sys_mutex_unlock(mu)
+#define sys_mutex_free(mu)
+#define sys_mutex_valid(mu) 0
+#define sys_mutex_set_invalid(mu)
+#define sys_mbox_new(m, s) ERR_OK
+#define sys_mbox_fetch(m,d)
+#define sys_mbox_tryfetch(m,d)
+#define sys_mbox_post(m,d)
+#define sys_mbox_trypost(m,d)
+#define sys_mbox_free(m)
+#define sys_mbox_valid(m)
+#define sys_mbox_set_invalid(m)
+
+#define sys_thread_new(n,t,a,s,p)
+
+#define sys_msleep(t)
+
+#else /* NO_SYS */
+
+/** Return code for timeouts from sys_arch_mbox_fetch and sys_arch_sem_wait */
+#define SYS_ARCH_TIMEOUT 0xffffffffUL
+
+/** sys_mbox_tryfetch() returns SYS_MBOX_EMPTY if appropriate.
+ * For now we use the same magic value, but we allow this to change in future.
+ */
+#define SYS_MBOX_EMPTY SYS_ARCH_TIMEOUT 
+
+#include "lwip/err.h"
+#include "arch/sys_arch.h"
+
+/** Function prototype for thread functions */
+typedef void (*lwip_thread_fn)(void *arg);
+
+/* Function prototypes for functions to be implemented by platform ports
+   (in sys_arch.c) */
+
+/* Mutex functions: */
+
+/** Define LWIP_COMPAT_MUTEX if the port has no mutexes and binary semaphores
+    should be used instead */
+#if LWIP_COMPAT_MUTEX
+/* for old ports that don't have mutexes: define them to binary semaphores */
+#define sys_mutex_t                   sys_sem_t
+#define sys_mutex_new(mutex)          sys_sem_new(mutex, 1)
+#define sys_mutex_lock(mutex)         sys_sem_wait(mutex)
+#define sys_mutex_unlock(mutex)       sys_sem_signal(mutex)
+#define sys_mutex_free(mutex)         sys_sem_free(mutex)
+#define sys_mutex_valid(mutex)        sys_sem_valid(mutex)
+#define sys_mutex_set_invalid(mutex)  sys_sem_set_invalid(mutex)
+
+#else /* LWIP_COMPAT_MUTEX */
+
+/** Create a new mutex
+ * @param mutex pointer to the mutex to create
+ * @return a new mutex */
+err_t sys_mutex_new(sys_mutex_t *mutex);
+/** Lock a mutex
+ * @param mutex the mutex to lock */
+void sys_mutex_lock(sys_mutex_t *mutex);
+/** Unlock a mutex
+ * @param mutex the mutex to unlock */
+void sys_mutex_unlock(sys_mutex_t *mutex);
+/** Delete a semaphore
+ * @param mutex the mutex to delete */
+void sys_mutex_free(sys_mutex_t *mutex); 
+#ifndef sys_mutex_valid
+/** Check if a mutex is valid/allocated: return 1 for valid, 0 for invalid */
+int sys_mutex_valid(sys_mutex_t *mutex);
+#endif
+#ifndef sys_mutex_set_invalid
+/** Set a mutex invalid so that sys_mutex_valid returns 0 */
+void sys_mutex_set_invalid(sys_mutex_t *mutex);
+#endif
+#endif /* LWIP_COMPAT_MUTEX */
+
+/* Semaphore functions: */
+
+/** Create a new semaphore
+ * @param sem pointer to the semaphore to create
+ * @param count initial count of the semaphore
+ * @return ERR_OK if successful, another err_t otherwise */
+err_t sys_sem_new(sys_sem_t *sem, u8_t count);
+/** Signals a semaphore
+ * @param sem the semaphore to signal */
+void sys_sem_signal(sys_sem_t *sem);
+/** Wait for a semaphore for the specified timeout
+ * @param sem the semaphore to wait for
+ * @param timeout timeout in milliseconds to wait (0 = wait forever)
+ * @return time (in milliseconds) waited for the semaphore
+ *         or SYS_ARCH_TIMEOUT on timeout */
+u32_t sys_arch_sem_wait(sys_sem_t *sem, u32_t timeout);
+/** Delete a semaphore
+ * @param sem semaphore to delete */
+void sys_sem_free(sys_sem_t *sem);
+/** Wait for a semaphore - forever/no timeout */
+#define sys_sem_wait(sem)                  sys_arch_sem_wait(sem, 0)
+#ifndef sys_sem_valid
+/** Check if a sempahore is valid/allocated: return 1 for valid, 0 for invalid */
+int sys_sem_valid(sys_sem_t *sem);
+#endif
+#ifndef sys_sem_set_invalid
+/** Set a semaphore invalid so that sys_sem_valid returns 0 */
+void sys_sem_set_invalid(sys_sem_t *sem);
+#endif
+
+/* Time functions. */
+#ifndef sys_msleep
+void sys_msleep(u32_t ms); /* only has a (close to) 1 jiffy resolution. */
+#endif
+
+/* Mailbox functions. */
+
+/** Create a new mbox of specified size
+ * @param mbox pointer to the mbox to create
+ * @param size (miminum) number of messages in this mbox
+ * @return ERR_OK if successful, another err_t otherwise */
+err_t sys_mbox_new(sys_mbox_t *mbox, int size);
+/** Post a message to an mbox - may not fail
+ * -> blocks if full, only used from tasks not from ISR
+ * @param mbox mbox to posts the message
+ * @param msg message to post (ATTENTION: can be NULL) */
+void sys_mbox_post(sys_mbox_t *mbox, void *msg);
+/** Try to post a message to an mbox - may fail if full or ISR
+ * @param mbox mbox to posts the message
+ * @param msg message to post (ATTENTION: can be NULL) */
+err_t sys_mbox_trypost(sys_mbox_t *mbox, void *msg);
+/** Wait for a new message to arrive in the mbox
+ * @param mbox mbox to get a message from
+ * @param msg pointer where the message is stored
+ * @param timeout maximum time (in milliseconds) to wait for a message (0 = wait forever)
+ * @return time (in milliseconds) waited for a message, may be 0 if not waited
+           or SYS_ARCH_TIMEOUT on timeout
+ *         The returned time has to be accurate to prevent timer jitter! */
+u32_t sys_arch_mbox_fetch(sys_mbox_t *mbox, void **msg, u32_t timeout);
+/* Allow port to override with a macro, e.g. special timout for sys_arch_mbox_fetch() */
+#ifndef sys_arch_mbox_tryfetch
+/** Wait for a new message to arrive in the mbox
+ * @param mbox mbox to get a message from
+ * @param msg pointer where the message is stored
+ * @return 0 (milliseconds) if a message has been received
+ *         or SYS_MBOX_EMPTY if the mailbox is empty */
+u32_t sys_arch_mbox_tryfetch(sys_mbox_t *mbox, void **msg);
+#endif
+/** For now, we map straight to sys_arch implementation. */
+#define sys_mbox_tryfetch(mbox, msg) sys_arch_mbox_tryfetch(mbox, msg)
+/** Delete an mbox
+ * @param mbox mbox to delete */
+void sys_mbox_free(sys_mbox_t *mbox);
+#define sys_mbox_fetch(mbox, msg) sys_arch_mbox_fetch(mbox, msg, 0)
+#ifndef sys_mbox_valid
+/** Check if an mbox is valid/allocated: return 1 for valid, 0 for invalid */
+int sys_mbox_valid(sys_mbox_t *mbox);
+#endif
+#ifndef sys_mbox_set_invalid
+/** Set an mbox invalid so that sys_mbox_valid returns 0 */
+void sys_mbox_set_invalid(sys_mbox_t *mbox);
+#endif
+
+/** The only thread function:
+ * Creates a new thread
+ * @param name human-readable name for the thread (used for debugging purposes)
+ * @param thread thread-function
+ * @param arg parameter passed to 'thread'
+ * @param stacksize stack size in bytes for the new thread (may be ignored by ports)
+ * @param prio priority of the new thread (may be ignored by ports) */
+sys_thread_t sys_thread_new(const char *name, lwip_thread_fn thread, void *arg, int stacksize, int prio);
+
+#endif /* NO_SYS */
+
+/* sys_init() must be called before anthing else. */
+void sys_init(void);
+
+#ifndef sys_jiffies
+/** Ticks/jiffies since power up. */
+u32_t sys_jiffies(void);
+#endif
+
+/** Returns the current time in milliseconds,
+ * may be the same as sys_jiffies or at least based on it. */
+u32_t sys_now(void);
+
+/* Critical Region Protection */
+/* These functions must be implemented in the sys_arch.c file.
+   In some implementations they can provide a more light-weight protection
+   mechanism than using semaphores. Otherwise semaphores can be used for
+   implementation */
+#ifndef SYS_ARCH_PROTECT
+/** SYS_LIGHTWEIGHT_PROT
+ * define SYS_LIGHTWEIGHT_PROT in lwipopts.h if you want inter-task protection
+ * for certain critical regions during buffer allocation, deallocation and memory
+ * allocation and deallocation.
+ */
+#if SYS_LIGHTWEIGHT_PROT
+
+/** SYS_ARCH_DECL_PROTECT
+ * declare a protection variable. This macro will default to defining a variable of
+ * type sys_prot_t. If a particular port needs a different implementation, then
+ * this macro may be defined in sys_arch.h.
+ */
+#define SYS_ARCH_DECL_PROTECT(lev) sys_prot_t lev
+/** SYS_ARCH_PROTECT
+ * Perform a "fast" protect. This could be implemented by
+ * disabling interrupts for an embedded system or by using a semaphore or
+ * mutex. The implementation should allow calling SYS_ARCH_PROTECT when
+ * already protected. The old protection level is returned in the variable
+ * "lev". This macro will default to calling the sys_arch_protect() function
+ * which should be implemented in sys_arch.c. If a particular port needs a
+ * different implementation, then this macro may be defined in sys_arch.h
+ */
+#define SYS_ARCH_PROTECT(lev) lev = sys_arch_protect()
+/** SYS_ARCH_UNPROTECT
+ * Perform a "fast" set of the protection level to "lev". This could be
+ * implemented by setting the interrupt level to "lev" within the MACRO or by
+ * using a semaphore or mutex.  This macro will default to calling the
+ * sys_arch_unprotect() function which should be implemented in
+ * sys_arch.c. If a particular port needs a different implementation, then
+ * this macro may be defined in sys_arch.h
+ */
+#define SYS_ARCH_UNPROTECT(lev) sys_arch_unprotect(lev)
+sys_prot_t sys_arch_protect(void);
+void sys_arch_unprotect(sys_prot_t pval);
+
+#else
+
+#define SYS_ARCH_DECL_PROTECT(lev)
+#define SYS_ARCH_PROTECT(lev)
+#define SYS_ARCH_UNPROTECT(lev)
+
+#endif /* SYS_LIGHTWEIGHT_PROT */
+
+#endif /* SYS_ARCH_PROTECT */
+
+/*
+ * Macros to set/get and increase/decrease variables in a thread-safe way.
+ * Use these for accessing variable that are used from more than one thread.
+ */
+
+#ifndef SYS_ARCH_INC
+#define SYS_ARCH_INC(var, val) do { \
+                                SYS_ARCH_DECL_PROTECT(old_level); \
+                                SYS_ARCH_PROTECT(old_level); \
+                                var += val; \
+                                SYS_ARCH_UNPROTECT(old_level); \
+                              } while(0)
+#endif /* SYS_ARCH_INC */
+
+#ifndef SYS_ARCH_DEC
+#define SYS_ARCH_DEC(var, val) do { \
+                                SYS_ARCH_DECL_PROTECT(old_level); \
+                                SYS_ARCH_PROTECT(old_level); \
+                                var -= val; \
+                                SYS_ARCH_UNPROTECT(old_level); \
+                              } while(0)
+#endif /* SYS_ARCH_DEC */
+
+#ifndef SYS_ARCH_GET
+#define SYS_ARCH_GET(var, ret) do { \
+                                SYS_ARCH_DECL_PROTECT(old_level); \
+                                SYS_ARCH_PROTECT(old_level); \
+                                ret = var; \
+                                SYS_ARCH_UNPROTECT(old_level); \
+                              } while(0)
+#endif /* SYS_ARCH_GET */
+
+#ifndef SYS_ARCH_SET
+#define SYS_ARCH_SET(var, val) do { \
+                                SYS_ARCH_DECL_PROTECT(old_level); \
+                                SYS_ARCH_PROTECT(old_level); \
+                                var = val; \
+                                SYS_ARCH_UNPROTECT(old_level); \
+                              } while(0)
+#endif /* SYS_ARCH_SET */
+
+
+#ifdef __cplusplus
+}
+#endif
+
+#endif /* __LWIP_SYS_H__ */
diff --git a/client/3rd/PacketProcessor/PacketProcessor/tun2socks-iOS/lwip/src/include/lwip/tcp.h b/client/3rd/PacketProcessor/PacketProcessor/tun2socks-iOS/lwip/src/include/lwip/tcp.h
new file mode 100644
index 00000000..535b6a38
--- /dev/null
+++ b/client/3rd/PacketProcessor/PacketProcessor/tun2socks-iOS/lwip/src/include/lwip/tcp.h
@@ -0,0 +1,400 @@
+/*
+ * Copyright (c) 2001-2004 Swedish Institute of Computer Science.
+ * All rights reserved. 
+ * 
+ * Redistribution and use in source and binary forms, with or without modification, 
+ * are permitted provided that the following conditions are met:
+ *
+ * 1. Redistributions of source code must retain the above copyright notice,
+ *    this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright notice,
+ *    this list of conditions and the following disclaimer in the documentation
+ *    and/or other materials provided with the distribution.
+ * 3. The name of the author may not be used to endorse or promote products
+ *    derived from this software without specific prior written permission. 
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE AUTHOR ``AS IS'' AND ANY EXPRESS OR IMPLIED 
+ * WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF 
+ * MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT 
+ * SHALL THE AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, 
+ * EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT 
+ * OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS 
+ * INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN 
+ * CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING 
+ * IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY 
+ * OF SUCH DAMAGE.
+ *
+ * This file is part of the lwIP TCP/IP stack.
+ * 
+ * Author: Adam Dunkels <adam@sics.se>
+ *
+ */
+#ifndef __LWIP_TCP_H__
+#define __LWIP_TCP_H__
+
+#include "lwip/opt.h"
+
+#if LWIP_TCP /* don't build if not configured for use in lwipopts.h */
+
+#include "lwip/mem.h"
+#include "lwip/pbuf.h"
+#include "lwip/ip.h"
+#include "lwip/icmp.h"
+#include "lwip/err.h"
+#include "lwip/ip6.h"
+#include "lwip/ip6_addr.h"
+
+#ifdef __cplusplus
+extern "C" {
+#endif
+
+struct tcp_pcb;
+
+/** Function prototype for tcp accept callback functions. Called when a new
+ * connection can be accepted on a listening pcb.
+ *
+ * @param arg Additional argument to pass to the callback function (@see tcp_arg())
+ * @param newpcb The new connection pcb
+ * @param err An error code if there has been an error accepting.
+ *            Only return ERR_ABRT if you have called tcp_abort from within the
+ *            callback function!
+ */
+typedef err_t (*tcp_accept_fn)(void *arg, struct tcp_pcb *newpcb, err_t err);
+
+/** Function prototype for tcp receive callback functions. Called when data has
+ * been received.
+ *
+ * @param arg Additional argument to pass to the callback function (@see tcp_arg())
+ * @param tpcb The connection pcb which received data
+ * @param p The received data (or NULL when the connection has been closed!)
+ * @param err An error code if there has been an error receiving
+ *            Only return ERR_ABRT if you have called tcp_abort from within the
+ *            callback function!
+ */
+typedef err_t (*tcp_recv_fn)(void *arg, struct tcp_pcb *tpcb,
+                             struct pbuf *p, err_t err);
+
+/** Function prototype for tcp sent callback functions. Called when sent data has
+ * been acknowledged by the remote side. Use it to free corresponding resources.
+ * This also means that the pcb has now space available to send new data.
+ *
+ * @param arg Additional argument to pass to the callback function (@see tcp_arg())
+ * @param tpcb The connection pcb for which data has been acknowledged
+ * @param len The amount of bytes acknowledged
+ * @return ERR_OK: try to send some data by calling tcp_output
+ *            Only return ERR_ABRT if you have called tcp_abort from within the
+ *            callback function!
+ */
+typedef err_t (*tcp_sent_fn)(void *arg, struct tcp_pcb *tpcb,
+                              u16_t len);
+
+/** Function prototype for tcp poll callback functions. Called periodically as
+ * specified by @see tcp_poll.
+ *
+ * @param arg Additional argument to pass to the callback function (@see tcp_arg())
+ * @param tpcb tcp pcb
+ * @return ERR_OK: try to send some data by calling tcp_output
+ *            Only return ERR_ABRT if you have called tcp_abort from within the
+ *            callback function!
+ */
+typedef err_t (*tcp_poll_fn)(void *arg, struct tcp_pcb *tpcb);
+
+/** Function prototype for tcp error callback functions. Called when the pcb
+ * receives a RST or is unexpectedly closed for any other reason.
+ *
+ * @note The corresponding pcb is already freed when this callback is called!
+ *
+ * @param arg Additional argument to pass to the callback function (@see tcp_arg())
+ * @param err Error code to indicate why the pcb has been closed
+ *            ERR_ABRT: aborted through tcp_abort or by a TCP timer
+ *            ERR_RST: the connection was reset by the remote host
+ */
+typedef void  (*tcp_err_fn)(void *arg, err_t err);
+
+/** Function prototype for tcp connected callback functions. Called when a pcb
+ * is connected to the remote side after initiating a connection attempt by
+ * calling tcp_connect().
+ *
+ * @param arg Additional argument to pass to the callback function (@see tcp_arg())
+ * @param tpcb The connection pcb which is connected
+ * @param err An unused error code, always ERR_OK currently ;-) TODO!
+ *            Only return ERR_ABRT if you have called tcp_abort from within the
+ *            callback function!
+ *
+ * @note When a connection attempt fails, the error callback is currently called!
+ */
+typedef err_t (*tcp_connected_fn)(void *arg, struct tcp_pcb *tpcb, err_t err);
+
+enum tcp_state {
+  CLOSED      = 0,
+  LISTEN      = 1,
+  SYN_SENT    = 2,
+  SYN_RCVD    = 3,
+  ESTABLISHED = 4,
+  FIN_WAIT_1  = 5,
+  FIN_WAIT_2  = 6,
+  CLOSE_WAIT  = 7,
+  CLOSING     = 8,
+  LAST_ACK    = 9,
+  TIME_WAIT   = 10
+};
+
+#if LWIP_CALLBACK_API
+  /* Function to call when a listener has been connected.
+   * @param arg user-supplied argument (tcp_pcb.callback_arg)
+   * @param pcb a new tcp_pcb that now is connected
+   * @param err an error argument (TODO: that is current always ERR_OK?)
+   * @return ERR_OK: accept the new connection,
+   *                 any other err_t abortsthe new connection
+   */
+#define DEF_ACCEPT_CALLBACK  tcp_accept_fn accept;
+#else /* LWIP_CALLBACK_API */
+#define DEF_ACCEPT_CALLBACK
+#endif /* LWIP_CALLBACK_API */
+
+/**
+ * members common to struct tcp_pcb and struct tcp_listen_pcb
+ */
+#define TCP_PCB_COMMON(type) \
+  type *next; /* for the linked list */ \
+  void *callback_arg; \
+  /* the accept callback for listen- and normal pcbs, if LWIP_CALLBACK_API */ \
+  DEF_ACCEPT_CALLBACK \
+  enum tcp_state state; /* TCP state */ \
+  u8_t prio; \
+  /* ports are in host byte order */ \
+  int bound_to_netif; \
+  u16_t local_port; \
+  char local_netif[3]
+
+
+/* the TCP protocol control block */
+struct tcp_pcb {
+/** common PCB members */
+  IP_PCB;
+/** protocol specific PCB members */
+  TCP_PCB_COMMON(struct tcp_pcb);
+
+  /* ports are in host byte order */
+  u16_t remote_port;
+  
+  u8_t flags;
+#define TF_ACK_DELAY   ((u8_t)0x01U)   /* Delayed ACK. */
+#define TF_ACK_NOW     ((u8_t)0x02U)   /* Immediate ACK. */
+#define TF_INFR        ((u8_t)0x04U)   /* In fast recovery. */
+#define TF_TIMESTAMP   ((u8_t)0x08U)   /* Timestamp option enabled */
+#define TF_RXCLOSED    ((u8_t)0x10U)   /* rx closed by tcp_shutdown */
+#define TF_FIN         ((u8_t)0x20U)   /* Connection was closed locally (FIN segment enqueued). */
+#define TF_NODELAY     ((u8_t)0x40U)   /* Disable Nagle algorithm */
+#define TF_NAGLEMEMERR ((u8_t)0x80U)   /* nagle enabled, memerr, try to output to prevent delayed ACK to happen */
+
+  /* the rest of the fields are in host byte order
+     as we have to do some math with them */
+
+  /* Timers */
+  u8_t polltmr, pollinterval;
+  u8_t last_timer;
+  u32_t tmr;
+
+  /* receiver variables */
+  u32_t rcv_nxt;   /* next seqno expected */
+  u16_t rcv_wnd;   /* receiver window available */
+  u16_t rcv_ann_wnd; /* receiver window to announce */
+  u32_t rcv_ann_right_edge; /* announced right edge of window */
+
+  /* Retransmission timer. */
+  s16_t rtime;
+
+  u16_t mss;   /* maximum segment size */
+
+  /* RTT (round trip time) estimation variables */
+  u32_t rttest; /* RTT estimate in 500ms ticks */
+  u32_t rtseq;  /* sequence number being timed */
+  s16_t sa, sv; /* @todo document this */
+
+  s16_t rto;    /* retransmission time-out */
+  u8_t nrtx;    /* number of retransmissions */
+
+  /* fast retransmit/recovery */
+  u8_t dupacks;
+  u32_t lastack; /* Highest acknowledged seqno. */
+
+  /* congestion avoidance/control variables */
+  u16_t cwnd;
+  u16_t ssthresh;
+
+  /* sender variables */
+  u32_t snd_nxt;   /* next new seqno to be sent */
+  u32_t snd_wl1, snd_wl2; /* Sequence and acknowledgement numbers of last
+                             window update. */
+  u32_t snd_lbb;       /* Sequence number of next byte to be buffered. */
+  u16_t snd_wnd;   /* sender window */
+  u16_t snd_wnd_max; /* the maximum sender window announced by the remote host */
+
+  u16_t acked;
+
+  u16_t snd_buf;   /* Available buffer space for sending (in bytes). */
+#define TCP_SNDQUEUELEN_OVERFLOW (0xffffU-3)
+  u16_t snd_queuelen; /* Available buffer space for sending (in tcp_segs). */
+
+#if TCP_OVERSIZE
+  /* Extra bytes available at the end of the last pbuf in unsent. */
+  u16_t unsent_oversize;
+#endif /* TCP_OVERSIZE */ 
+
+  /* These are ordered by sequence number: */
+  struct tcp_seg *unsent;   /* Unsent (queued) segments. */
+  struct tcp_seg *unacked;  /* Sent but unacknowledged segments. */
+#if TCP_QUEUE_OOSEQ  
+  struct tcp_seg *ooseq;    /* Received out of sequence segments. */
+#endif /* TCP_QUEUE_OOSEQ */
+
+  struct pbuf *refused_data; /* Data previously received but not yet taken by upper layer */
+
+#if LWIP_CALLBACK_API
+  /* Function to be called when more send buffer space is available. */
+  tcp_sent_fn sent;
+  /* Function to be called when (in-sequence) data has arrived. */
+  tcp_recv_fn recv;
+  /* Function to be called when a connection has been set up. */
+  tcp_connected_fn connected;
+  /* Function which is called periodically. */
+  tcp_poll_fn poll;
+  /* Function to be called whenever a fatal error occurs. */
+  tcp_err_fn errf;
+#endif /* LWIP_CALLBACK_API */
+
+#if LWIP_TCP_TIMESTAMPS
+  u32_t ts_lastacksent;
+  u32_t ts_recent;
+#endif /* LWIP_TCP_TIMESTAMPS */
+
+  /* idle time before KEEPALIVE is sent */
+  u32_t keep_idle;
+#if LWIP_TCP_KEEPALIVE
+  u32_t keep_intvl;
+  u32_t keep_cnt;
+#endif /* LWIP_TCP_KEEPALIVE */
+  
+  /* Persist timer counter */
+  u8_t persist_cnt;
+  /* Persist timer back-off */
+  u8_t persist_backoff;
+
+  /* KEEPALIVE counter */
+  u8_t keep_cnt_sent;
+};
+
+struct tcp_pcb_listen {
+/* Common members of all PCB types */
+  IP_PCB;
+/* Protocol specific PCB members */
+  TCP_PCB_COMMON(struct tcp_pcb_listen);
+
+#if TCP_LISTEN_BACKLOG
+  u8_t backlog;
+  u8_t accepts_pending;
+#endif /* TCP_LISTEN_BACKLOG */
+#if LWIP_IPV6
+  u8_t accept_any_ip_version;
+#endif /* LWIP_IPV6 */
+};
+
+#if LWIP_EVENT_API
+
+enum lwip_event {
+  LWIP_EVENT_ACCEPT,
+  LWIP_EVENT_SENT,
+  LWIP_EVENT_RECV,
+  LWIP_EVENT_CONNECTED,
+  LWIP_EVENT_POLL,
+  LWIP_EVENT_ERR
+};
+
+err_t lwip_tcp_event(void *arg, struct tcp_pcb *pcb,
+         enum lwip_event,
+         struct pbuf *p,
+         u16_t size,
+         err_t err);
+
+#endif /* LWIP_EVENT_API */
+
+/* Application program's interface: */
+struct tcp_pcb * tcp_new     (void);
+
+void             tcp_arg     (struct tcp_pcb *pcb, void *arg);
+void             tcp_accept  (struct tcp_pcb *pcb, tcp_accept_fn accept);
+void             tcp_recv    (struct tcp_pcb *pcb, tcp_recv_fn recv);
+void             tcp_sent    (struct tcp_pcb *pcb, tcp_sent_fn sent);
+void             tcp_poll    (struct tcp_pcb *pcb, tcp_poll_fn poll, u8_t interval);
+void             tcp_err     (struct tcp_pcb *pcb, tcp_err_fn err);
+
+#define          tcp_mss(pcb)             (((pcb)->flags & TF_TIMESTAMP) ? ((pcb)->mss - 12)  : (pcb)->mss)
+#define          tcp_sndbuf(pcb)          ((pcb)->snd_buf)
+#define          tcp_sndqueuelen(pcb)     ((pcb)->snd_queuelen)
+#define          tcp_nagle_disable(pcb)   ((pcb)->flags |= TF_NODELAY)
+#define          tcp_nagle_enable(pcb)    ((pcb)->flags &= ~TF_NODELAY)
+#define          tcp_nagle_disabled(pcb)  (((pcb)->flags & TF_NODELAY) != 0)
+
+#if TCP_LISTEN_BACKLOG
+#define          tcp_accepted(pcb) do { \
+  LWIP_ASSERT("pcb->state == LISTEN (called for wrong pcb?)", pcb->state == LISTEN); \
+  (((struct tcp_pcb_listen *)(pcb))->accepts_pending--); } while(0)
+#else  /* TCP_LISTEN_BACKLOG */
+#define          tcp_accepted(pcb) LWIP_ASSERT("pcb->state == LISTEN (called for wrong pcb?)", \
+                                               (pcb)->state == LISTEN)
+#endif /* TCP_LISTEN_BACKLOG */
+
+void             tcp_recved  (struct tcp_pcb *pcb, u16_t len);
+err_t            tcp_bind    (struct tcp_pcb *pcb, ip_addr_t *ipaddr,
+                              u16_t port);
+err_t            tcp_bind_to_netif (struct tcp_pcb *pcb, const char ifname[3]);
+err_t            tcp_connect (struct tcp_pcb *pcb, ip_addr_t *ipaddr,
+                              u16_t port, tcp_connected_fn connected);
+
+struct tcp_pcb * tcp_listen_with_backlog(struct tcp_pcb *pcb, u8_t backlog);
+#define          tcp_listen(pcb) tcp_listen_with_backlog(pcb, TCP_DEFAULT_LISTEN_BACKLOG)
+
+void             tcp_abort (struct tcp_pcb *pcb);
+err_t            tcp_close   (struct tcp_pcb *pcb);
+err_t            tcp_shutdown(struct tcp_pcb *pcb, int shut_rx, int shut_tx);
+
+/* Flags for "apiflags" parameter in tcp_write */
+#define TCP_WRITE_FLAG_COPY 0x01
+#define TCP_WRITE_FLAG_MORE 0x02
+
+err_t            tcp_write   (struct tcp_pcb *pcb, const void *dataptr, u16_t len,
+                              u8_t apiflags);
+
+void             tcp_setprio (struct tcp_pcb *pcb, u8_t prio);
+
+#define TCP_PRIO_MIN    1
+#define TCP_PRIO_NORMAL 64
+#define TCP_PRIO_MAX    127
+
+err_t            tcp_output  (struct tcp_pcb *pcb);
+
+
+const char* tcp_debug_state_str(enum tcp_state s);
+
+#if LWIP_IPV6
+struct tcp_pcb * tcp_new_ip6 (void);
+#define          tcp_bind_ip6(pcb, ip6addr, port) \
+                   tcp_bind(pcb, ip6_2_ip(ip6addr), port)
+#define          tcp_connect_ip6(pcb, ip6addr, port, connected) \
+                   tcp_connect(pcb, ip6_2_ip(ip6addr), port, connected)
+struct tcp_pcb * tcp_listen_dual_with_backlog(struct tcp_pcb *pcb, u8_t backlog);
+#define          tcp_listen_dual(pcb) tcp_listen_dual_with_backlog(pcb, TCP_DEFAULT_LISTEN_BACKLOG)
+#else /* LWIP_IPV6 */
+#define          tcp_listen_dual_with_backlog(pcb, backlog) tcp_listen_with_backlog(pcb, backlog)
+#define          tcp_listen_dual(pcb) tcp_listen(pcb)
+#endif /* LWIP_IPV6 */
+
+
+#ifdef __cplusplus
+}
+#endif
+
+#endif /* LWIP_TCP */
+
+#endif /* __LWIP_TCP_H__ */
diff --git a/client/3rd/PacketProcessor/PacketProcessor/tun2socks-iOS/lwip/src/include/lwip/tcp_impl.h b/client/3rd/PacketProcessor/PacketProcessor/tun2socks-iOS/lwip/src/include/lwip/tcp_impl.h
new file mode 100644
index 00000000..2afc20d3
--- /dev/null
+++ b/client/3rd/PacketProcessor/PacketProcessor/tun2socks-iOS/lwip/src/include/lwip/tcp_impl.h
@@ -0,0 +1,508 @@
+/*
+ * Copyright (c) 2001-2004 Swedish Institute of Computer Science.
+ * All rights reserved. 
+ * 
+ * Redistribution and use in source and binary forms, with or without modification, 
+ * are permitted provided that the following conditions are met:
+ *
+ * 1. Redistributions of source code must retain the above copyright notice,
+ *    this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright notice,
+ *    this list of conditions and the following disclaimer in the documentation
+ *    and/or other materials provided with the distribution.
+ * 3. The name of the author may not be used to endorse or promote products
+ *    derived from this software without specific prior written permission. 
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE AUTHOR ``AS IS'' AND ANY EXPRESS OR IMPLIED 
+ * WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF 
+ * MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT 
+ * SHALL THE AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, 
+ * EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT 
+ * OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS 
+ * INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN 
+ * CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING 
+ * IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY 
+ * OF SUCH DAMAGE.
+ *
+ * This file is part of the lwIP TCP/IP stack.
+ * 
+ * Author: Adam Dunkels <adam@sics.se>
+ *
+ */
+#ifndef __LWIP_TCP_IMPL_H__
+#define __LWIP_TCP_IMPL_H__
+
+#include "lwip/opt.h"
+
+#if LWIP_TCP /* don't build if not configured for use in lwipopts.h */
+
+#include "lwip/tcp.h"
+#include "lwip/mem.h"
+#include "lwip/pbuf.h"
+#include "lwip/ip.h"
+#include "lwip/icmp.h"
+#include "lwip/err.h"
+#include "lwip/ip6.h"
+#include "lwip/ip6_addr.h"
+
+#ifdef __cplusplus
+extern "C" {
+#endif
+
+/* Functions for interfacing with TCP: */
+
+/* Lower layer interface to TCP: */
+void             tcp_init    (void);  /* Initialize this module. */
+void             tcp_tmr     (void);  /* Must be called every
+                                         TCP_TMR_INTERVAL
+                                         ms. (Typically 250 ms). */
+/* It is also possible to call these two functions at the right
+   intervals (instead of calling tcp_tmr()). */
+void             tcp_slowtmr (void);
+void             tcp_fasttmr (void);
+
+
+/* Only used by IP to pass a TCP segment to TCP: */
+void             tcp_input   (struct pbuf *p, struct netif *inp);
+/* Used within the TCP code only: */
+struct tcp_pcb * tcp_alloc   (u8_t prio);
+void             tcp_abandon (struct tcp_pcb *pcb, int reset);
+err_t            tcp_send_empty_ack(struct tcp_pcb *pcb);
+void             tcp_rexmit  (struct tcp_pcb *pcb);
+void             tcp_rexmit_rto  (struct tcp_pcb *pcb);
+void             tcp_rexmit_fast (struct tcp_pcb *pcb);
+u32_t            tcp_update_rcv_ann_wnd(struct tcp_pcb *pcb);
+err_t            tcp_process_refused_data(struct tcp_pcb *pcb);
+
+/**
+ * This is the Nagle algorithm: try to combine user data to send as few TCP
+ * segments as possible. Only send if
+ * - no previously transmitted data on the connection remains unacknowledged or
+ * - the TF_NODELAY flag is set (nagle algorithm turned off for this pcb) or
+ * - the only unsent segment is at least pcb->mss bytes long (or there is more
+ *   than one unsent segment - with lwIP, this can happen although unsent->len < mss)
+ * - or if we are in fast-retransmit (TF_INFR)
+ */
+#define tcp_do_output_nagle(tpcb) ((((tpcb)->unacked == NULL) || \
+                            ((tpcb)->flags & (TF_NODELAY | TF_INFR)) || \
+                            (((tpcb)->unsent != NULL) && (((tpcb)->unsent->next != NULL) || \
+                              ((tpcb)->unsent->len >= (tpcb)->mss))) || \
+                            ((tcp_sndbuf(tpcb) == 0) || (tcp_sndqueuelen(tpcb) >= TCP_SND_QUEUELEN)) \
+                            ) ? 1 : 0)
+#define tcp_output_nagle(tpcb) (tcp_do_output_nagle(tpcb) ? tcp_output(tpcb) : ERR_OK)
+
+
+#define TCP_SEQ_LT(a,b)     ((s32_t)((u32_t)(a) - (u32_t)(b)) < 0)
+#define TCP_SEQ_LEQ(a,b)    ((s32_t)((u32_t)(a) - (u32_t)(b)) <= 0)
+#define TCP_SEQ_GT(a,b)     ((s32_t)((u32_t)(a) - (u32_t)(b)) > 0)
+#define TCP_SEQ_GEQ(a,b)    ((s32_t)((u32_t)(a) - (u32_t)(b)) >= 0)
+/* is b<=a<=c? */
+#if 0 /* see bug #10548 */
+#define TCP_SEQ_BETWEEN(a,b,c) ((c)-(b) >= (a)-(b))
+#endif
+#define TCP_SEQ_BETWEEN(a,b,c) (TCP_SEQ_GEQ(a,b) && TCP_SEQ_LEQ(a,c))
+#define TCP_FIN 0x01U
+#define TCP_SYN 0x02U
+#define TCP_RST 0x04U
+#define TCP_PSH 0x08U
+#define TCP_ACK 0x10U
+#define TCP_URG 0x20U
+#define TCP_ECE 0x40U
+#define TCP_CWR 0x80U
+
+#define TCP_FLAGS 0x3fU
+
+/* Length of the TCP header, excluding options. */
+#define TCP_HLEN 20
+
+#ifndef TCP_TMR_INTERVAL
+#define TCP_TMR_INTERVAL       250  /* The TCP timer interval in milliseconds. */
+#endif /* TCP_TMR_INTERVAL */
+
+#ifndef TCP_FAST_INTERVAL
+#define TCP_FAST_INTERVAL      TCP_TMR_INTERVAL /* the fine grained timeout in milliseconds */
+#endif /* TCP_FAST_INTERVAL */
+
+#ifndef TCP_SLOW_INTERVAL
+#define TCP_SLOW_INTERVAL      (2*TCP_TMR_INTERVAL)  /* the coarse grained timeout in milliseconds */
+#endif /* TCP_SLOW_INTERVAL */
+
+#define TCP_FIN_WAIT_TIMEOUT 20000 /* milliseconds */
+#define TCP_SYN_RCVD_TIMEOUT 20000 /* milliseconds */
+
+#define TCP_OOSEQ_TIMEOUT        6U /* x RTO */
+
+#ifndef TCP_MSL
+#define TCP_MSL 60000UL /* The maximum segment lifetime in milliseconds */
+#endif
+
+/* Keepalive values, compliant with RFC 1122. Don't change this unless you know what you're doing */
+#ifndef  TCP_KEEPIDLE_DEFAULT
+#define  TCP_KEEPIDLE_DEFAULT     7200000UL /* Default KEEPALIVE timer in milliseconds */
+#endif
+
+#ifndef  TCP_KEEPINTVL_DEFAULT
+#define  TCP_KEEPINTVL_DEFAULT    75000UL   /* Default Time between KEEPALIVE probes in milliseconds */
+#endif
+
+#ifndef  TCP_KEEPCNT_DEFAULT
+#define  TCP_KEEPCNT_DEFAULT      9U        /* Default Counter for KEEPALIVE probes */
+#endif
+
+#define  TCP_MAXIDLE              TCP_KEEPCNT_DEFAULT * TCP_KEEPINTVL_DEFAULT  /* Maximum KEEPALIVE probe time */
+
+/* Fields are (of course) in network byte order.
+ * Some fields are converted to host byte order in tcp_input().
+ */
+#ifdef PACK_STRUCT_USE_INCLUDES
+#  include "arch/bpstruct.h"
+#endif
+PACK_STRUCT_BEGIN
+struct tcp_hdr {
+  PACK_STRUCT_FIELD(u16_t src);
+  PACK_STRUCT_FIELD(u16_t dest);
+  PACK_STRUCT_FIELD(u32_t seqno);
+  PACK_STRUCT_FIELD(u32_t ackno);
+  PACK_STRUCT_FIELD(u16_t _hdrlen_rsvd_flags);
+  PACK_STRUCT_FIELD(u16_t wnd);
+  PACK_STRUCT_FIELD(u16_t chksum);
+  PACK_STRUCT_FIELD(u16_t urgp);
+} PACK_STRUCT_STRUCT;
+PACK_STRUCT_END
+#ifdef PACK_STRUCT_USE_INCLUDES
+#  include "arch/epstruct.h"
+#endif
+
+#define TCPH_HDRLEN(phdr) (ntohs((phdr)->_hdrlen_rsvd_flags) >> 12)
+#define TCPH_FLAGS(phdr)  (ntohs((phdr)->_hdrlen_rsvd_flags) & TCP_FLAGS)
+
+#define TCPH_HDRLEN_SET(phdr, len) (phdr)->_hdrlen_rsvd_flags = htons(((len) << 12) | TCPH_FLAGS(phdr))
+#define TCPH_FLAGS_SET(phdr, flags) (phdr)->_hdrlen_rsvd_flags = (((phdr)->_hdrlen_rsvd_flags & PP_HTONS((u16_t)(~(u16_t)(TCP_FLAGS)))) | htons(flags))
+#define TCPH_HDRLEN_FLAGS_SET(phdr, len, flags) (phdr)->_hdrlen_rsvd_flags = htons(((len) << 12) | (flags))
+
+#define TCPH_SET_FLAG(phdr, flags ) (phdr)->_hdrlen_rsvd_flags = ((phdr)->_hdrlen_rsvd_flags | htons(flags))
+#define TCPH_UNSET_FLAG(phdr, flags) (phdr)->_hdrlen_rsvd_flags = htons(ntohs((phdr)->_hdrlen_rsvd_flags) | (TCPH_FLAGS(phdr) & ~(flags)) )
+
+#define TCP_TCPLEN(seg) ((seg)->len + ((TCPH_FLAGS((seg)->tcphdr) & (TCP_FIN | TCP_SYN)) != 0))
+
+/** Flags used on input processing, not on pcb->flags
+*/
+#define TF_RESET     (u8_t)0x08U   /* Connection was reset. */
+#define TF_CLOSED    (u8_t)0x10U   /* Connection was sucessfully closed. */
+#define TF_GOT_FIN   (u8_t)0x20U   /* Connection was closed by the remote end. */
+
+
+#if LWIP_EVENT_API
+
+#define TCP_EVENT_ACCEPT(pcb,err,ret)    ret = lwip_tcp_event((pcb)->callback_arg, (pcb),\
+                LWIP_EVENT_ACCEPT, NULL, 0, err)
+#define TCP_EVENT_SENT(pcb,space,ret) ret = lwip_tcp_event((pcb)->callback_arg, (pcb),\
+                   LWIP_EVENT_SENT, NULL, space, ERR_OK)
+#define TCP_EVENT_RECV(pcb,p,err,ret) ret = lwip_tcp_event((pcb)->callback_arg, (pcb),\
+                LWIP_EVENT_RECV, (p), 0, (err))
+#define TCP_EVENT_CLOSED(pcb,ret) ret = lwip_tcp_event((pcb)->callback_arg, (pcb),\
+                LWIP_EVENT_RECV, NULL, 0, ERR_OK)
+#define TCP_EVENT_CONNECTED(pcb,err,ret) ret = lwip_tcp_event((pcb)->callback_arg, (pcb),\
+                LWIP_EVENT_CONNECTED, NULL, 0, (err))
+#define TCP_EVENT_POLL(pcb,ret)       ret = lwip_tcp_event((pcb)->callback_arg, (pcb),\
+                LWIP_EVENT_POLL, NULL, 0, ERR_OK)
+#define TCP_EVENT_ERR(errf,arg,err)  lwip_tcp_event((arg), NULL, \
+                LWIP_EVENT_ERR, NULL, 0, (err))
+
+#else /* LWIP_EVENT_API */
+
+#define TCP_EVENT_ACCEPT(pcb,err,ret)                          \
+  do {                                                         \
+    if((pcb)->accept != NULL)                                  \
+      (ret) = (pcb)->accept((pcb)->callback_arg,(pcb),(err));  \
+    else (ret) = ERR_ARG;                                      \
+  } while (0)
+
+#define TCP_EVENT_SENT(pcb,space,ret)                          \
+  do {                                                         \
+    if((pcb)->sent != NULL)                                    \
+      (ret) = (pcb)->sent((pcb)->callback_arg,(pcb),(space));  \
+    else (ret) = ERR_OK;                                       \
+  } while (0)
+
+#define TCP_EVENT_RECV(pcb,p,err,ret)                          \
+  do {                                                         \
+    if((pcb)->recv != NULL) {                                  \
+      (ret) = (pcb)->recv((pcb)->callback_arg,(pcb),(p),(err));\
+    } else {                                                   \
+      (ret) = tcp_recv_null(NULL, (pcb), (p), (err));          \
+    }                                                          \
+  } while (0)
+
+#define TCP_EVENT_CLOSED(pcb,ret)                                \
+  do {                                                           \
+    if(((pcb)->recv != NULL)) {                                  \
+      (ret) = (pcb)->recv((pcb)->callback_arg,(pcb),NULL,ERR_OK);\
+    } else {                                                     \
+      (ret) = ERR_OK;                                            \
+    }                                                            \
+  } while (0)
+
+#define TCP_EVENT_CONNECTED(pcb,err,ret)                         \
+  do {                                                           \
+    if((pcb)->connected != NULL)                                 \
+      (ret) = (pcb)->connected((pcb)->callback_arg,(pcb),(err)); \
+    else (ret) = ERR_OK;                                         \
+  } while (0)
+
+#define TCP_EVENT_POLL(pcb,ret)                                \
+  do {                                                         \
+    if((pcb)->poll != NULL)                                    \
+      (ret) = (pcb)->poll((pcb)->callback_arg,(pcb));          \
+    else (ret) = ERR_OK;                                       \
+  } while (0)
+
+#define TCP_EVENT_ERR(errf,arg,err)                            \
+  do {                                                         \
+    if((errf) != NULL)                                         \
+      (errf)((arg),(err));                                     \
+  } while (0)
+
+#endif /* LWIP_EVENT_API */
+
+/** Enabled extra-check for TCP_OVERSIZE if LWIP_DEBUG is enabled */
+#if TCP_OVERSIZE && defined(LWIP_DEBUG)
+#define TCP_OVERSIZE_DBGCHECK 1
+#else
+#define TCP_OVERSIZE_DBGCHECK 0
+#endif
+
+/** Don't generate checksum on copy if CHECKSUM_GEN_TCP is disabled */
+#define TCP_CHECKSUM_ON_COPY  (LWIP_CHECKSUM_ON_COPY && CHECKSUM_GEN_TCP)
+
+/* This structure represents a TCP segment on the unsent, unacked and ooseq queues */
+struct tcp_seg {
+  struct tcp_seg *next;    /* used when putting segements on a queue */
+  struct pbuf *p;          /* buffer containing data + TCP header */
+  u16_t len;               /* the TCP length of this segment */
+#if TCP_OVERSIZE_DBGCHECK
+  u16_t oversize_left;     /* Extra bytes available at the end of the last
+                              pbuf in unsent (used for asserting vs.
+                              tcp_pcb.unsent_oversized only) */
+#endif /* TCP_OVERSIZE_DBGCHECK */ 
+#if TCP_CHECKSUM_ON_COPY
+  u16_t chksum;
+  u8_t  chksum_swapped;
+#endif /* TCP_CHECKSUM_ON_COPY */
+  u8_t  flags;
+#define TF_SEG_OPTS_MSS         (u8_t)0x01U /* Include MSS option. */
+#define TF_SEG_OPTS_TS          (u8_t)0x02U /* Include timestamp option. */
+#define TF_SEG_DATA_CHECKSUMMED (u8_t)0x04U /* ALL data (not the header) is
+                                               checksummed into 'chksum' */
+  struct tcp_hdr *tcphdr;  /* the TCP header */
+};
+
+#define LWIP_TCP_OPT_LENGTH(flags)              \
+  (flags & TF_SEG_OPTS_MSS ? 4  : 0) +          \
+  (flags & TF_SEG_OPTS_TS  ? 12 : 0)
+
+/** This returns a TCP header option for MSS in an u32_t */
+#define TCP_BUILD_MSS_OPTION(mss) htonl(0x02040000 | ((mss) & 0xFFFF))
+
+/* Global variables: */
+extern struct tcp_pcb *tcp_input_pcb;
+extern u32_t tcp_ticks;
+extern u8_t tcp_active_pcbs_changed;
+
+/* The TCP PCB lists. */
+union tcp_listen_pcbs_t { /* List of all TCP PCBs in LISTEN state. */
+  struct tcp_pcb_listen *listen_pcbs; 
+  struct tcp_pcb *pcbs;
+};
+extern struct tcp_pcb *tcp_bound_pcbs;
+extern union tcp_listen_pcbs_t tcp_listen_pcbs;
+extern struct tcp_pcb *tcp_active_pcbs;  /* List of all TCP PCBs that are in a
+              state in which they accept or send
+              data. */
+extern struct tcp_pcb *tcp_tw_pcbs;      /* List of all TCP PCBs in TIME-WAIT. */
+
+extern struct tcp_pcb *tcp_tmp_pcb;      /* Only used for temporary storage. */
+
+/* Axioms about the above lists:   
+   1) Every TCP PCB that is not CLOSED is in one of the lists.
+   2) A PCB is only in one of the lists.
+   3) All PCBs in the tcp_listen_pcbs list is in LISTEN state.
+   4) All PCBs in the tcp_tw_pcbs list is in TIME-WAIT state.
+*/
+/* Define two macros, TCP_REG and TCP_RMV that registers a TCP PCB
+   with a PCB list or removes a PCB from a list, respectively. */
+#ifndef TCP_DEBUG_PCB_LISTS
+#define TCP_DEBUG_PCB_LISTS 0
+#endif
+#if TCP_DEBUG_PCB_LISTS
+#define TCP_REG(pcbs, npcb) do {\
+                            LWIP_DEBUGF(TCP_DEBUG, ("TCP_REG %p local port %d\n", (npcb), (npcb)->local_port)); \
+                            for(tcp_tmp_pcb = *(pcbs); \
+          tcp_tmp_pcb != NULL; \
+        tcp_tmp_pcb = tcp_tmp_pcb->next) { \
+                                LWIP_ASSERT("TCP_REG: already registered\n", tcp_tmp_pcb != (npcb)); \
+                            } \
+                            LWIP_ASSERT("TCP_REG: pcb->state != CLOSED", ((pcbs) == &tcp_bound_pcbs) || ((npcb)->state != CLOSED)); \
+                            (npcb)->next = *(pcbs); \
+                            LWIP_ASSERT("TCP_REG: npcb->next != npcb", (npcb)->next != (npcb)); \
+                            *(pcbs) = (npcb); \
+                            LWIP_ASSERT("TCP_RMV: tcp_pcbs sane", tcp_pcbs_sane()); \
+              tcp_timer_needed(); \
+                            } while(0)
+#define TCP_RMV(pcbs, npcb) do { \
+                            LWIP_ASSERT("TCP_RMV: pcbs != NULL", *(pcbs) != NULL); \
+                            LWIP_DEBUGF(TCP_DEBUG, ("TCP_RMV: removing %p from %p\n", (npcb), *(pcbs))); \
+                            if(*(pcbs) == (npcb)) { \
+                               *(pcbs) = (*pcbs)->next; \
+                            } else for(tcp_tmp_pcb = *(pcbs); tcp_tmp_pcb != NULL; tcp_tmp_pcb = tcp_tmp_pcb->next) { \
+                               if(tcp_tmp_pcb->next == (npcb)) { \
+                                  tcp_tmp_pcb->next = (npcb)->next; \
+                                  break; \
+                               } \
+                            } \
+                            (npcb)->next = NULL; \
+                            LWIP_ASSERT("TCP_RMV: tcp_pcbs sane", tcp_pcbs_sane()); \
+                            LWIP_DEBUGF(TCP_DEBUG, ("TCP_RMV: removed %p from %p\n", (npcb), *(pcbs))); \
+                            } while(0)
+
+#else /* LWIP_DEBUG */
+
+#define TCP_REG(pcbs, npcb)                        \
+  do {                                             \
+    (npcb)->next = *pcbs;                          \
+    *(pcbs) = (npcb);                              \
+    tcp_timer_needed();                            \
+  } while (0)
+
+#define TCP_RMV(pcbs, npcb)                        \
+  do {                                             \
+    if(*(pcbs) == (npcb)) {                        \
+      (*(pcbs)) = (*pcbs)->next;                   \
+    }                                              \
+    else {                                         \
+      for(tcp_tmp_pcb = *pcbs;                     \
+          tcp_tmp_pcb != NULL;                     \
+          tcp_tmp_pcb = tcp_tmp_pcb->next) {       \
+        if(tcp_tmp_pcb->next == (npcb)) {          \
+          tcp_tmp_pcb->next = (npcb)->next;        \
+          break;                                   \
+        }                                          \
+      }                                            \
+    }                                              \
+    (npcb)->next = NULL;                           \
+  } while(0)
+
+#endif /* LWIP_DEBUG */
+
+#define TCP_REG_ACTIVE(npcb)                       \
+  do {                                             \
+    TCP_REG(&tcp_active_pcbs, npcb);               \
+    tcp_active_pcbs_changed = 1;                   \
+  } while (0)
+
+#define TCP_RMV_ACTIVE(npcb)                       \
+  do {                                             \
+    TCP_RMV(&tcp_active_pcbs, npcb);               \
+    tcp_active_pcbs_changed = 1;                   \
+  } while (0)
+
+#define TCP_PCB_REMOVE_ACTIVE(pcb)                 \
+  do {                                             \
+    tcp_pcb_remove(&tcp_active_pcbs, pcb);         \
+    tcp_active_pcbs_changed = 1;                   \
+  } while (0)
+
+
+/* Internal functions: */
+struct tcp_pcb *tcp_pcb_copy(struct tcp_pcb *pcb);
+void tcp_pcb_purge(struct tcp_pcb *pcb);
+void tcp_pcb_remove(struct tcp_pcb **pcblist, struct tcp_pcb *pcb);
+
+void tcp_segs_free(struct tcp_seg *seg);
+void tcp_seg_free(struct tcp_seg *seg);
+struct tcp_seg *tcp_seg_copy(struct tcp_seg *seg);
+
+#define tcp_ack(pcb)                               \
+  do {                                             \
+    if((pcb)->flags & TF_ACK_DELAY) {              \
+      (pcb)->flags &= ~TF_ACK_DELAY;               \
+      (pcb)->flags |= TF_ACK_NOW;                  \
+    }                                              \
+    else {                                         \
+      (pcb)->flags |= TF_ACK_DELAY;                \
+    }                                              \
+  } while (0)
+
+#define tcp_ack_now(pcb)                           \
+  do {                                             \
+    (pcb)->flags |= TF_ACK_NOW;                    \
+  } while (0)
+
+err_t tcp_send_fin(struct tcp_pcb *pcb);
+err_t tcp_enqueue_flags(struct tcp_pcb *pcb, u8_t flags);
+
+void tcp_rexmit_seg(struct tcp_pcb *pcb, struct tcp_seg *seg);
+
+void tcp_rst_impl(u32_t seqno, u32_t ackno,
+       ipX_addr_t *local_ip, ipX_addr_t *remote_ip,
+       u16_t local_port, u16_t remote_port
+#if LWIP_IPV6
+       , u8_t isipv6
+#endif /* LWIP_IPV6 */
+       );
+#if LWIP_IPV6
+#define tcp_rst(seqno, ackno, local_ip, remote_ip, local_port, remote_port, isipv6) \
+  tcp_rst_impl(seqno, ackno, local_ip, remote_ip, local_port, remote_port, isipv6)
+#else /* LWIP_IPV6 */
+#define tcp_rst(seqno, ackno, local_ip, remote_ip, local_port, remote_port, isipv6) \
+  tcp_rst_impl(seqno, ackno, local_ip, remote_ip, local_port, remote_port)
+#endif /* LWIP_IPV6 */
+
+u32_t tcp_next_iss(void);
+
+void tcp_keepalive(struct tcp_pcb *pcb);
+void tcp_zero_window_probe(struct tcp_pcb *pcb);
+
+#if TCP_CALCULATE_EFF_SEND_MSS
+u16_t tcp_eff_send_mss_impl(u16_t sendmss, ipX_addr_t *dest
+#if LWIP_IPV6
+                           , ipX_addr_t *src, u8_t isipv6
+#endif /* LWIP_IPV6 */
+                           );
+#if LWIP_IPV6
+#define tcp_eff_send_mss(sendmss, src, dest, isipv6) tcp_eff_send_mss_impl(sendmss, dest, src, isipv6)
+#else /* LWIP_IPV6 */
+#define tcp_eff_send_mss(sendmss, src, dest, isipv6) tcp_eff_send_mss_impl(sendmss, dest)
+#endif /* LWIP_IPV6 */
+#endif /* TCP_CALCULATE_EFF_SEND_MSS */
+
+#if LWIP_CALLBACK_API
+err_t tcp_recv_null(void *arg, struct tcp_pcb *pcb, struct pbuf *p, err_t err);
+#endif /* LWIP_CALLBACK_API */
+
+#if TCP_DEBUG || TCP_INPUT_DEBUG || TCP_OUTPUT_DEBUG
+void tcp_debug_print(struct tcp_hdr *tcphdr);
+void tcp_debug_print_flags(u8_t flags);
+void tcp_debug_print_state(enum tcp_state s);
+void tcp_debug_print_pcbs(void);
+s16_t tcp_pcbs_sane(void);
+#else
+#  define tcp_debug_print(tcphdr)
+#  define tcp_debug_print_flags(flags)
+#  define tcp_debug_print_state(s)
+#  define tcp_debug_print_pcbs()
+#  define tcp_pcbs_sane() 1
+#endif /* TCP_DEBUG */
+
+/** External function (implemented in timers.c), called when TCP detects
+ * that a timer is needed (i.e. active- or time-wait-pcb found). */
+void tcp_timer_needed(void);
+
+
+#ifdef __cplusplus
+}
+#endif
+
+#endif /* LWIP_TCP */
+
+#endif /* __LWIP_TCP_H__ */
diff --git a/client/3rd/PacketProcessor/PacketProcessor/tun2socks-iOS/lwip/src/include/lwip/tcpip.h b/client/3rd/PacketProcessor/PacketProcessor/tun2socks-iOS/lwip/src/include/lwip/tcpip.h
new file mode 100644
index 00000000..04567f2c
--- /dev/null
+++ b/client/3rd/PacketProcessor/PacketProcessor/tun2socks-iOS/lwip/src/include/lwip/tcpip.h
@@ -0,0 +1,179 @@
+/*
+ * Copyright (c) 2001-2004 Swedish Institute of Computer Science.
+ * All rights reserved. 
+ * 
+ * Redistribution and use in source and binary forms, with or without modification, 
+ * are permitted provided that the following conditions are met:
+ *
+ * 1. Redistributions of source code must retain the above copyright notice,
+ *    this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright notice,
+ *    this list of conditions and the following disclaimer in the documentation
+ *    and/or other materials provided with the distribution.
+ * 3. The name of the author may not be used to endorse or promote products
+ *    derived from this software without specific prior written permission. 
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE AUTHOR ``AS IS'' AND ANY EXPRESS OR IMPLIED 
+ * WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF 
+ * MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT 
+ * SHALL THE AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, 
+ * EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT 
+ * OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS 
+ * INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN 
+ * CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING 
+ * IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY 
+ * OF SUCH DAMAGE.
+ *
+ * This file is part of the lwIP TCP/IP stack.
+ * 
+ * Author: Adam Dunkels <adam@sics.se>
+ *
+ */
+#ifndef __LWIP_TCPIP_H__
+#define __LWIP_TCPIP_H__
+
+#include "lwip/opt.h"
+
+#if !NO_SYS /* don't build if not configured for use in lwipopts.h */
+
+#include "lwip/api_msg.h"
+#include "lwip/netifapi.h"
+#include "lwip/pbuf.h"
+#include "lwip/api.h"
+#include "lwip/sys.h"
+#include "lwip/timers.h"
+#include "lwip/netif.h"
+
+#ifdef __cplusplus
+extern "C" {
+#endif
+
+/** Define this to something that triggers a watchdog. This is called from
+ * tcpip_thread after processing a message. */
+#ifndef LWIP_TCPIP_THREAD_ALIVE
+#define LWIP_TCPIP_THREAD_ALIVE()
+#endif
+
+#if LWIP_TCPIP_CORE_LOCKING
+/** The global semaphore to lock the stack. */
+extern sys_mutex_t lock_tcpip_core;
+#define LOCK_TCPIP_CORE()     sys_mutex_lock(&lock_tcpip_core)
+#define UNLOCK_TCPIP_CORE()   sys_mutex_unlock(&lock_tcpip_core)
+#ifdef LWIP_DEBUG
+#define TCIP_APIMSG_SET_ERR(m, e) (m)->msg.err = e  /* catch functions that don't set err */
+#else
+#define TCIP_APIMSG_SET_ERR(m, e)
+#endif
+#define TCPIP_APIMSG_NOERR(m,f) do { \
+  TCIP_APIMSG_SET_ERR(m, ERR_VAL); \
+  LOCK_TCPIP_CORE(); \
+  f(&((m)->msg)); \
+  UNLOCK_TCPIP_CORE(); \
+} while(0)
+#define TCPIP_APIMSG(m,f,e)   do { \
+  TCPIP_APIMSG_NOERR(m,f); \
+  (e) = (m)->msg.err; \
+} while(0)
+#define TCPIP_APIMSG_ACK(m)
+#define TCPIP_NETIFAPI(m)     tcpip_netifapi_lock(m)
+#define TCPIP_NETIFAPI_ACK(m)
+#else /* LWIP_TCPIP_CORE_LOCKING */
+#define LOCK_TCPIP_CORE()
+#define UNLOCK_TCPIP_CORE()
+#define TCPIP_APIMSG_NOERR(m,f) do { (m)->function = f; tcpip_apimsg(m); } while(0)
+#define TCPIP_APIMSG(m,f,e)   do { (m)->function = f; (e) = tcpip_apimsg(m); } while(0)
+#define TCPIP_APIMSG_ACK(m)   sys_sem_signal(&m->conn->op_completed)
+#define TCPIP_NETIFAPI(m)     tcpip_netifapi(m)
+#define TCPIP_NETIFAPI_ACK(m) sys_sem_signal(&m->sem)
+#endif /* LWIP_TCPIP_CORE_LOCKING */
+
+/** Function prototype for the init_done function passed to tcpip_init */
+typedef void (*tcpip_init_done_fn)(void *arg);
+/** Function prototype for functions passed to tcpip_callback() */
+typedef void (*tcpip_callback_fn)(void *ctx);
+
+/* Forward declarations */
+struct tcpip_callback_msg;
+
+void tcpip_init(tcpip_init_done_fn tcpip_init_done, void *arg);
+
+#if LWIP_NETCONN
+err_t tcpip_apimsg(struct api_msg *apimsg);
+#endif /* LWIP_NETCONN */
+
+err_t tcpip_input(struct pbuf *p, struct netif *inp);
+
+#if LWIP_NETIF_API
+err_t tcpip_netifapi(struct netifapi_msg *netifapimsg);
+#if LWIP_TCPIP_CORE_LOCKING
+err_t tcpip_netifapi_lock(struct netifapi_msg *netifapimsg);
+#endif /* LWIP_TCPIP_CORE_LOCKING */
+#endif /* LWIP_NETIF_API */
+
+err_t tcpip_callback_with_block(tcpip_callback_fn function, void *ctx, u8_t block);
+#define tcpip_callback(f, ctx)              tcpip_callback_with_block(f, ctx, 1)
+
+struct tcpip_callback_msg* tcpip_callbackmsg_new(tcpip_callback_fn function, void *ctx);
+void   tcpip_callbackmsg_delete(struct tcpip_callback_msg* msg);
+err_t  tcpip_trycallback(struct tcpip_callback_msg* msg);
+
+/* free pbufs or heap memory from another context without blocking */
+err_t pbuf_free_callback(struct pbuf *p);
+err_t mem_free_callback(void *m);
+
+#if LWIP_TCPIP_TIMEOUT
+err_t tcpip_timeout(u32_t msecs, sys_timeout_handler h, void *arg);
+err_t tcpip_untimeout(sys_timeout_handler h, void *arg);
+#endif /* LWIP_TCPIP_TIMEOUT */
+
+enum tcpip_msg_type {
+#if LWIP_NETCONN
+  TCPIP_MSG_API,
+#endif /* LWIP_NETCONN */
+  TCPIP_MSG_INPKT,
+#if LWIP_NETIF_API
+  TCPIP_MSG_NETIFAPI,
+#endif /* LWIP_NETIF_API */
+#if LWIP_TCPIP_TIMEOUT
+  TCPIP_MSG_TIMEOUT,
+  TCPIP_MSG_UNTIMEOUT,
+#endif /* LWIP_TCPIP_TIMEOUT */
+  TCPIP_MSG_CALLBACK,
+  TCPIP_MSG_CALLBACK_STATIC
+};
+
+struct tcpip_msg {
+  enum tcpip_msg_type type;
+  sys_sem_t *sem;
+  union {
+#if LWIP_NETCONN
+    struct api_msg *apimsg;
+#endif /* LWIP_NETCONN */
+#if LWIP_NETIF_API
+    struct netifapi_msg *netifapimsg;
+#endif /* LWIP_NETIF_API */
+    struct {
+      struct pbuf *p;
+      struct netif *netif;
+    } inp;
+    struct {
+      tcpip_callback_fn function;
+      void *ctx;
+    } cb;
+#if LWIP_TCPIP_TIMEOUT
+    struct {
+      u32_t msecs;
+      sys_timeout_handler h;
+      void *arg;
+    } tmo;
+#endif /* LWIP_TCPIP_TIMEOUT */
+  } msg;
+};
+
+#ifdef __cplusplus
+}
+#endif
+
+#endif /* !NO_SYS */
+
+#endif /* __LWIP_TCPIP_H__ */
diff --git a/client/3rd/PacketProcessor/PacketProcessor/tun2socks-iOS/lwip/src/include/lwip/timers.h b/client/3rd/PacketProcessor/PacketProcessor/tun2socks-iOS/lwip/src/include/lwip/timers.h
new file mode 100644
index 00000000..04e78e0f
--- /dev/null
+++ b/client/3rd/PacketProcessor/PacketProcessor/tun2socks-iOS/lwip/src/include/lwip/timers.h
@@ -0,0 +1,100 @@
+/*
+ * Copyright (c) 2001-2004 Swedish Institute of Computer Science.
+ * All rights reserved. 
+ * 
+ * Redistribution and use in source and binary forms, with or without modification, 
+ * are permitted provided that the following conditions are met:
+ *
+ * 1. Redistributions of source code must retain the above copyright notice,
+ *    this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright notice,
+ *    this list of conditions and the following disclaimer in the documentation
+ *    and/or other materials provided with the distribution.
+ * 3. The name of the author may not be used to endorse or promote products
+ *    derived from this software without specific prior written permission. 
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE AUTHOR ``AS IS'' AND ANY EXPRESS OR IMPLIED 
+ * WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF 
+ * MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT 
+ * SHALL THE AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, 
+ * EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT 
+ * OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS 
+ * INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN 
+ * CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING 
+ * IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY 
+ * OF SUCH DAMAGE.
+ *
+ * This file is part of the lwIP TCP/IP stack.
+ * 
+ * Author: Adam Dunkels <adam@sics.se>
+ *         Simon Goldschmidt
+ *
+ */
+#ifndef __LWIP_TIMERS_H__
+#define __LWIP_TIMERS_H__
+
+#include "lwip/opt.h"
+
+/* Timers are not supported when NO_SYS==1 and NO_SYS_NO_TIMERS==1 */
+#define LWIP_TIMERS (!NO_SYS || (NO_SYS && !NO_SYS_NO_TIMERS))
+
+#if LWIP_TIMERS
+
+#include "lwip/err.h"
+#if !NO_SYS
+#include "lwip/sys.h"
+#endif
+
+#ifdef __cplusplus
+extern "C" {
+#endif
+
+#ifndef LWIP_DEBUG_TIMERNAMES
+#ifdef LWIP_DEBUG
+#define LWIP_DEBUG_TIMERNAMES SYS_DEBUG
+#else /* LWIP_DEBUG */
+#define LWIP_DEBUG_TIMERNAMES 0
+#endif /* LWIP_DEBUG*/
+#endif
+
+/** Function prototype for a timeout callback function. Register such a function
+ * using sys_timeout().
+ *
+ * @param arg Additional argument to pass to the function - set up by sys_timeout()
+ */
+typedef void (* sys_timeout_handler)(void *arg);
+
+struct sys_timeo {
+  struct sys_timeo *next;
+  u32_t time;
+  sys_timeout_handler h;
+  void *arg;
+#if LWIP_DEBUG_TIMERNAMES
+  const char* handler_name;
+#endif /* LWIP_DEBUG_TIMERNAMES */
+};
+
+void sys_timeouts_init(void);
+
+#if LWIP_DEBUG_TIMERNAMES
+void sys_timeout_debug(u32_t msecs, sys_timeout_handler handler, void *arg, const char* handler_name);
+#define sys_timeout(msecs, handler, arg) sys_timeout_debug(msecs, handler, arg, #handler)
+#else /* LWIP_DEBUG_TIMERNAMES */
+void sys_timeout(u32_t msecs, sys_timeout_handler handler, void *arg);
+#endif /* LWIP_DEBUG_TIMERNAMES */
+
+void sys_untimeout(sys_timeout_handler handler, void *arg);
+#if NO_SYS
+void sys_check_timeouts(void);
+void sys_restart_timeouts(void);
+#else /* NO_SYS */
+void sys_timeouts_mbox_fetch(sys_mbox_t *mbox, void **msg);
+#endif /* NO_SYS */
+
+
+#ifdef __cplusplus
+}
+#endif
+
+#endif /* LWIP_TIMERS */
+#endif /* __LWIP_TIMERS_H__ */
diff --git a/client/3rd/PacketProcessor/PacketProcessor/tun2socks-iOS/lwip/src/include/lwip/udp.h b/client/3rd/PacketProcessor/PacketProcessor/tun2socks-iOS/lwip/src/include/lwip/udp.h
new file mode 100644
index 00000000..14d5c0ae
--- /dev/null
+++ b/client/3rd/PacketProcessor/PacketProcessor/tun2socks-iOS/lwip/src/include/lwip/udp.h
@@ -0,0 +1,215 @@
+/*
+ * Copyright (c) 2001-2004 Swedish Institute of Computer Science.
+ * All rights reserved. 
+ * 
+ * Redistribution and use in source and binary forms, with or without modification, 
+ * are permitted provided that the following conditions are met:
+ *
+ * 1. Redistributions of source code must retain the above copyright notice,
+ *    this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright notice,
+ *    this list of conditions and the following disclaimer in the documentation
+ *    and/or other materials provided with the distribution.
+ * 3. The name of the author may not be used to endorse or promote products
+ *    derived from this software without specific prior written permission. 
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE AUTHOR ``AS IS'' AND ANY EXPRESS OR IMPLIED 
+ * WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF 
+ * MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT 
+ * SHALL THE AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, 
+ * EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT 
+ * OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS 
+ * INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN 
+ * CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING 
+ * IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY 
+ * OF SUCH DAMAGE.
+ *
+ * This file is part of the lwIP TCP/IP stack.
+ * 
+ * Author: Adam Dunkels <adam@sics.se>
+ *
+ */
+#ifndef __LWIP_UDP_H__
+#define __LWIP_UDP_H__
+
+#include "lwip/opt.h"
+
+#if LWIP_UDP /* don't build if not configured for use in lwipopts.h */
+
+#include "lwip/pbuf.h"
+#include "lwip/netif.h"
+#include "lwip/ip_addr.h"
+#include "lwip/ip.h"
+#include "lwip/ip6_addr.h"
+
+#ifdef __cplusplus
+extern "C" {
+#endif
+
+#define UDP_HLEN 8
+
+/* Fields are (of course) in network byte order. */
+#ifdef PACK_STRUCT_USE_INCLUDES
+#  include "arch/bpstruct.h"
+#endif
+PACK_STRUCT_BEGIN
+struct udp_hdr {
+  PACK_STRUCT_FIELD(u16_t src);
+  PACK_STRUCT_FIELD(u16_t dest);  /* src/dest UDP ports */
+  PACK_STRUCT_FIELD(u16_t len);
+  PACK_STRUCT_FIELD(u16_t chksum);
+} PACK_STRUCT_STRUCT;
+PACK_STRUCT_END
+#ifdef PACK_STRUCT_USE_INCLUDES
+#  include "arch/epstruct.h"
+#endif
+
+#define UDP_FLAGS_NOCHKSUM       0x01U
+#define UDP_FLAGS_UDPLITE        0x02U
+#define UDP_FLAGS_CONNECTED      0x04U
+#define UDP_FLAGS_MULTICAST_LOOP 0x08U
+
+struct udp_pcb;
+
+/** Function prototype for udp pcb receive callback functions
+ * addr and port are in same byte order as in the pcb
+ * The callback is responsible for freeing the pbuf
+ * if it's not used any more.
+ *
+ * ATTENTION: Be aware that 'addr' points into the pbuf 'p' so freeing this pbuf
+ *            makes 'addr' invalid, too.
+ *
+ * @param arg user supplied argument (udp_pcb.recv_arg)
+ * @param pcb the udp_pcb which received data
+ * @param p the packet buffer that was received
+ * @param addr the remote IP address from which the packet was received
+ * @param port the remote port from which the packet was received
+ */
+typedef void (*udp_recv_fn)(void *arg, struct udp_pcb *pcb, struct pbuf *p,
+    ip_addr_t *addr, u16_t port);
+
+#if LWIP_IPV6
+/** Function prototype for udp pcb IPv6 receive callback functions
+ * The callback is responsible for freeing the pbuf
+ * if it's not used any more.
+ *
+ * @param arg user supplied argument (udp_pcb.recv_arg)
+ * @param pcb the udp_pcb which received data
+ * @param p the packet buffer that was received
+ * @param addr the remote IPv6 address from which the packet was received
+ * @param port the remote port from which the packet was received
+ */
+typedef void (*udp_recv_ip6_fn)(void *arg, struct udp_pcb *pcb, struct pbuf *p,
+    ip6_addr_t *addr, u16_t port);
+#endif /* LWIP_IPV6 */
+
+#if LWIP_IPV6
+#define UDP_PCB_RECV_IP6  udp_recv_ip6_fn ip6;
+#else
+#define UDP_PCB_RECV_IP6
+#endif /* LWIP_IPV6 */
+
+struct udp_pcb {
+/* Common members of all PCB types */
+  IP_PCB;
+
+/* Protocol specific PCB members */
+
+  struct udp_pcb *next;
+
+  u8_t flags;
+  /** ports are in host byte order */
+  u16_t local_port, remote_port;
+
+#if LWIP_IGMP
+  /** outgoing network interface for multicast packets */
+  ip_addr_t multicast_ip;
+#endif /* LWIP_IGMP */
+
+#if LWIP_UDPLITE
+  /** used for UDP_LITE only */
+  u16_t chksum_len_rx, chksum_len_tx;
+#endif /* LWIP_UDPLITE */
+
+  /** receive callback function */
+  union {
+    udp_recv_fn ip4;
+    UDP_PCB_RECV_IP6
+  }recv;
+  /** user-supplied argument for the recv callback */
+  void *recv_arg;  
+};
+/* udp_pcbs export for exernal reference (e.g. SNMP agent) */
+extern struct udp_pcb *udp_pcbs;
+
+/* The following functions is the application layer interface to the
+   UDP code. */
+struct udp_pcb * udp_new        (void);
+void             udp_remove     (struct udp_pcb *pcb);
+err_t            udp_bind       (struct udp_pcb *pcb, ip_addr_t *ipaddr,
+                                 u16_t port);
+err_t            udp_connect    (struct udp_pcb *pcb, ip_addr_t *ipaddr,
+                                 u16_t port);
+void             udp_disconnect (struct udp_pcb *pcb);
+void             udp_recv       (struct udp_pcb *pcb, udp_recv_fn recv,
+                                 void *recv_arg);
+err_t            udp_sendto_if  (struct udp_pcb *pcb, struct pbuf *p,
+                                 ip_addr_t *dst_ip, u16_t dst_port,
+                                 struct netif *netif);
+err_t            udp_sendto     (struct udp_pcb *pcb, struct pbuf *p,
+                                 ip_addr_t *dst_ip, u16_t dst_port);
+err_t            udp_send       (struct udp_pcb *pcb, struct pbuf *p);
+
+#if LWIP_CHECKSUM_ON_COPY && CHECKSUM_GEN_UDP
+err_t            udp_sendto_if_chksum(struct udp_pcb *pcb, struct pbuf *p,
+                                 ip_addr_t *dst_ip, u16_t dst_port,
+                                 struct netif *netif, u8_t have_chksum,
+                                 u16_t chksum);
+err_t            udp_sendto_chksum(struct udp_pcb *pcb, struct pbuf *p,
+                                 ip_addr_t *dst_ip, u16_t dst_port,
+                                 u8_t have_chksum, u16_t chksum);
+err_t            udp_send_chksum(struct udp_pcb *pcb, struct pbuf *p,
+                                 u8_t have_chksum, u16_t chksum);
+#endif /* LWIP_CHECKSUM_ON_COPY && CHECKSUM_GEN_UDP */
+
+#define          udp_flags(pcb) ((pcb)->flags)
+#define          udp_setflags(pcb, f)  ((pcb)->flags = (f))
+
+/* The following functions are the lower layer interface to UDP. */
+void             udp_input      (struct pbuf *p, struct netif *inp);
+
+void             udp_init       (void);
+
+#if LWIP_IPV6
+struct udp_pcb * udp_new_ip6(void);
+#define          udp_bind_ip6(pcb, ip6addr, port) \
+                   udp_bind(pcb, ip6_2_ip(ip6addr), port)
+#define          udp_connect_ip6(pcb, ip6addr, port) \
+                   udp_connect(pcb, ip6_2_ip(ip6addr), port)
+#define          udp_recv_ip6(pcb, recv_ip6_fn, recv_arg) \
+                   udp_recv(pcb, (udp_recv_fn)recv_ip6_fn, recv_arg)
+#define          udp_sendto_ip6(pcb, pbuf, ip6addr, port) \
+                   udp_sendto(pcb, pbuf, ip6_2_ip(ip6addr), port)
+#define          udp_sendto_if_ip6(pcb, pbuf, ip6addr, port, netif) \
+                   udp_sendto_if(pcb, pbuf, ip6_2_ip(ip6addr), port, netif)
+#if LWIP_CHECKSUM_ON_COPY && CHECKSUM_GEN_UDP
+#define          udp_sendto_chksum_ip6(pcb, pbuf, ip6addr, port, have_chk, chksum) \
+                   udp_sendto_chksum(pcb, pbuf, ip6_2_ip(ip6addr), port, have_chk, chksum)
+#define          udp_sendto_if_chksum_ip6(pcb, pbuf, ip6addr, port, netif, have_chk, chksum) \
+                   udp_sendto_if_chksum(pcb, pbuf, ip6_2_ip(ip6addr), port, netif, have_chk, chksum)
+#endif /*LWIP_CHECKSUM_ON_COPY && CHECKSUM_GEN_UDP */
+#endif /* LWIP_IPV6 */
+
+#if UDP_DEBUG
+void udp_debug_print(struct udp_hdr *udphdr);
+#else
+#define udp_debug_print(udphdr)
+#endif
+
+#ifdef __cplusplus
+}
+#endif
+
+#endif /* LWIP_UDP */
+
+#endif /* __LWIP_UDP_H__ */
diff --git a/client/3rd/PacketProcessor/PacketProcessor/tun2socks-iOS/lwip/src/include/netif/etharp.h b/client/3rd/PacketProcessor/PacketProcessor/tun2socks-iOS/lwip/src/include/netif/etharp.h
new file mode 100644
index 00000000..8275a28f
--- /dev/null
+++ b/client/3rd/PacketProcessor/PacketProcessor/tun2socks-iOS/lwip/src/include/netif/etharp.h
@@ -0,0 +1,223 @@
+/*
+ * Copyright (c) 2001-2003 Swedish Institute of Computer Science.
+ * Copyright (c) 2003-2004 Leon Woestenberg <leon.woestenberg@axon.tv>
+ * Copyright (c) 2003-2004 Axon Digital Design B.V., The Netherlands.
+ * All rights reserved. 
+ * 
+ * Redistribution and use in source and binary forms, with or without modification, 
+ * are permitted provided that the following conditions are met:
+ *
+ * 1. Redistributions of source code must retain the above copyright notice,
+ *    this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright notice,
+ *    this list of conditions and the following disclaimer in the documentation
+ *    and/or other materials provided with the distribution.
+ * 3. The name of the author may not be used to endorse or promote products
+ *    derived from this software without specific prior written permission. 
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE AUTHOR ``AS IS'' AND ANY EXPRESS OR IMPLIED 
+ * WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF 
+ * MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT 
+ * SHALL THE AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, 
+ * EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT 
+ * OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS 
+ * INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN 
+ * CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING 
+ * IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY 
+ * OF SUCH DAMAGE.
+ *
+ * This file is part of the lwIP TCP/IP stack.
+ * 
+ * Author: Adam Dunkels <adam@sics.se>
+ *
+ */
+
+#ifndef __NETIF_ETHARP_H__
+#define __NETIF_ETHARP_H__
+
+#include "lwip/opt.h"
+
+#if LWIP_ARP || LWIP_ETHERNET /* don't build if not configured for use in lwipopts.h */
+
+#include "lwip/pbuf.h"
+#include "lwip/ip_addr.h"
+#include "lwip/netif.h"
+#include "lwip/ip.h"
+
+#ifdef __cplusplus
+extern "C" {
+#endif
+
+#ifndef ETHARP_HWADDR_LEN
+#define ETHARP_HWADDR_LEN     6
+#endif
+
+#ifdef PACK_STRUCT_USE_INCLUDES
+#  include "arch/bpstruct.h"
+#endif
+PACK_STRUCT_BEGIN
+struct eth_addr {
+  PACK_STRUCT_FIELD(u8_t addr[ETHARP_HWADDR_LEN]);
+} PACK_STRUCT_STRUCT;
+PACK_STRUCT_END
+#ifdef PACK_STRUCT_USE_INCLUDES
+#  include "arch/epstruct.h"
+#endif
+
+#ifdef PACK_STRUCT_USE_INCLUDES
+#  include "arch/bpstruct.h"
+#endif
+PACK_STRUCT_BEGIN
+/** Ethernet header */
+struct eth_hdr {
+#if ETH_PAD_SIZE
+  PACK_STRUCT_FIELD(u8_t padding[ETH_PAD_SIZE]);
+#endif
+  PACK_STRUCT_FIELD(struct eth_addr dest);
+  PACK_STRUCT_FIELD(struct eth_addr src);
+  PACK_STRUCT_FIELD(u16_t type);
+} PACK_STRUCT_STRUCT;
+PACK_STRUCT_END
+#ifdef PACK_STRUCT_USE_INCLUDES
+#  include "arch/epstruct.h"
+#endif
+
+#define SIZEOF_ETH_HDR (14 + ETH_PAD_SIZE)
+
+#if ETHARP_SUPPORT_VLAN
+
+#ifdef PACK_STRUCT_USE_INCLUDES
+#  include "arch/bpstruct.h"
+#endif
+PACK_STRUCT_BEGIN
+/** VLAN header inserted between ethernet header and payload
+ * if 'type' in ethernet header is ETHTYPE_VLAN.
+ * See IEEE802.Q */
+struct eth_vlan_hdr {
+  PACK_STRUCT_FIELD(u16_t prio_vid);
+  PACK_STRUCT_FIELD(u16_t tpid);
+} PACK_STRUCT_STRUCT;
+PACK_STRUCT_END
+#ifdef PACK_STRUCT_USE_INCLUDES
+#  include "arch/epstruct.h"
+#endif
+
+#define SIZEOF_VLAN_HDR 4
+#define VLAN_ID(vlan_hdr) (htons((vlan_hdr)->prio_vid) & 0xFFF)
+
+#endif /* ETHARP_SUPPORT_VLAN */
+
+#ifdef PACK_STRUCT_USE_INCLUDES
+#  include "arch/bpstruct.h"
+#endif
+PACK_STRUCT_BEGIN
+/** the ARP message, see RFC 826 ("Packet format") */
+struct etharp_hdr {
+  PACK_STRUCT_FIELD(u16_t hwtype);
+  PACK_STRUCT_FIELD(u16_t proto);
+  PACK_STRUCT_FIELD(u8_t  hwlen);
+  PACK_STRUCT_FIELD(u8_t  protolen);
+  PACK_STRUCT_FIELD(u16_t opcode);
+  PACK_STRUCT_FIELD(struct eth_addr shwaddr);
+  PACK_STRUCT_FIELD(struct ip_addr2 sipaddr);
+  PACK_STRUCT_FIELD(struct eth_addr dhwaddr);
+  PACK_STRUCT_FIELD(struct ip_addr2 dipaddr);
+} PACK_STRUCT_STRUCT;
+PACK_STRUCT_END
+#ifdef PACK_STRUCT_USE_INCLUDES
+#  include "arch/epstruct.h"
+#endif
+
+#define SIZEOF_ETHARP_HDR 28
+#define SIZEOF_ETHARP_PACKET (SIZEOF_ETH_HDR + SIZEOF_ETHARP_HDR)
+
+/** 5 seconds period */
+#define ARP_TMR_INTERVAL 5000
+
+#define ETHTYPE_ARP       0x0806U
+#define ETHTYPE_IP        0x0800U
+#define ETHTYPE_VLAN      0x8100U
+#define ETHTYPE_IPV6      0x86DDU
+#define ETHTYPE_PPPOEDISC 0x8863U  /* PPP Over Ethernet Discovery Stage */
+#define ETHTYPE_PPPOE     0x8864U  /* PPP Over Ethernet Session Stage */
+
+/** MEMCPY-like macro to copy to/from struct eth_addr's that are local variables
+ * or known to be 32-bit aligned within the protocol header. */
+#ifndef ETHADDR32_COPY
+#define ETHADDR32_COPY(src, dst)  SMEMCPY(src, dst, ETHARP_HWADDR_LEN)
+#endif
+
+/** MEMCPY-like macro to copy to/from struct eth_addr's that are no local
+ * variables and known to be 16-bit aligned within the protocol header. */
+#ifndef ETHADDR16_COPY
+#define ETHADDR16_COPY(src, dst)  SMEMCPY(src, dst, ETHARP_HWADDR_LEN)
+#endif
+
+#if LWIP_ARP /* don't build if not configured for use in lwipopts.h */
+
+/** ARP message types (opcodes) */
+#define ARP_REQUEST 1
+#define ARP_REPLY   2
+
+/** Define this to 1 and define LWIP_ARP_FILTER_NETIF_FN(pbuf, netif, type)
+ * to a filter function that returns the correct netif when using multiple
+ * netifs on one hardware interface where the netif's low-level receive
+ * routine cannot decide for the correct netif (e.g. when mapping multiple
+ * IP addresses to one hardware interface).
+ */
+#ifndef LWIP_ARP_FILTER_NETIF
+#define LWIP_ARP_FILTER_NETIF 0
+#endif
+
+#if ARP_QUEUEING
+/** struct for queueing outgoing packets for unknown address
+  * defined here to be accessed by memp.h
+  */
+struct etharp_q_entry {
+  struct etharp_q_entry *next;
+  struct pbuf *p;
+};
+#endif /* ARP_QUEUEING */
+
+#define etharp_init() /* Compatibility define, not init needed. */
+void etharp_tmr(void);
+s8_t etharp_find_addr(struct netif *netif, ip_addr_t *ipaddr,
+         struct eth_addr **eth_ret, ip_addr_t **ip_ret);
+err_t etharp_output(struct netif *netif, struct pbuf *q, ip_addr_t *ipaddr);
+err_t etharp_query(struct netif *netif, ip_addr_t *ipaddr, struct pbuf *q);
+err_t etharp_request(struct netif *netif, ip_addr_t *ipaddr);
+/** For Ethernet network interfaces, we might want to send "gratuitous ARP";
+ *  this is an ARP packet sent by a node in order to spontaneously cause other
+ *  nodes to update an entry in their ARP cache.
+ *  From RFC 3220 "IP Mobility Support for IPv4" section 4.6. */
+#define etharp_gratuitous(netif) etharp_request((netif), &(netif)->ip_addr)
+void etharp_cleanup_netif(struct netif *netif);
+
+#if ETHARP_SUPPORT_STATIC_ENTRIES
+err_t etharp_add_static_entry(ip_addr_t *ipaddr, struct eth_addr *ethaddr);
+err_t etharp_remove_static_entry(ip_addr_t *ipaddr);
+#endif /* ETHARP_SUPPORT_STATIC_ENTRIES */
+
+#if LWIP_AUTOIP
+err_t etharp_raw(struct netif *netif, const struct eth_addr *ethsrc_addr,
+                 const struct eth_addr *ethdst_addr,
+                 const struct eth_addr *hwsrc_addr, const ip_addr_t *ipsrc_addr,
+                 const struct eth_addr *hwdst_addr, const ip_addr_t *ipdst_addr,
+                 const u16_t opcode);
+#endif /* LWIP_AUTOIP */
+
+#endif /* LWIP_ARP */
+
+err_t ethernet_input(struct pbuf *p, struct netif *netif);
+
+#define eth_addr_cmp(addr1, addr2) (memcmp((addr1)->addr, (addr2)->addr, ETHARP_HWADDR_LEN) == 0)
+
+extern const struct eth_addr ethbroadcast, ethzero;
+
+#ifdef __cplusplus
+}
+#endif
+
+#endif /* LWIP_ARP || LWIP_ETHERNET */
+
+#endif /* __NETIF_ARP_H__ */
diff --git a/client/3rd/PacketProcessor/PacketProcessor/tun2socks-iOS/lwip/src/include/netif/ppp_oe.h b/client/3rd/PacketProcessor/PacketProcessor/tun2socks-iOS/lwip/src/include/netif/ppp_oe.h
new file mode 100644
index 00000000..e1cdfa51
--- /dev/null
+++ b/client/3rd/PacketProcessor/PacketProcessor/tun2socks-iOS/lwip/src/include/netif/ppp_oe.h
@@ -0,0 +1,190 @@
+/*****************************************************************************
+* ppp_oe.h - PPP Over Ethernet implementation for lwIP.
+*
+* Copyright (c) 2006 by Marc Boucher, Services Informatiques (MBSI) inc.
+*
+* The authors hereby grant permission to use, copy, modify, distribute,
+* and license this software and its documentation for any purpose, provided
+* that existing copyright notices are retained in all copies and that this
+* notice and the following disclaimer are included verbatim in any 
+* distributions. No written agreement, license, or royalty fee is required
+* for any of the authorized uses.
+*
+* THIS SOFTWARE IS PROVIDED BY THE CONTRIBUTORS *AS IS* AND ANY EXPRESS OR
+* IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES
+* OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. 
+* IN NO EVENT SHALL THE CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT,
+* INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
+* NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,
+* DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY
+* THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
+* (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF
+* THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
+*
+******************************************************************************
+* REVISION HISTORY
+*
+* 06-01-01 Marc Boucher <marc@mbsi.ca>
+*   Ported to lwIP.
+*****************************************************************************/
+
+
+
+/* based on NetBSD: if_pppoe.c,v 1.64 2006/01/31 23:50:15 martin Exp */
+
+/*-
+ * Copyright (c) 2002 The NetBSD Foundation, Inc.
+ * All rights reserved.
+ *
+ * This code is derived from software contributed to The NetBSD Foundation
+ * by Martin Husemann <martin@NetBSD.org>.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the above copyright
+ *    notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in the
+ *    documentation and/or other materials provided with the distribution.
+ * 3. All advertising materials mentioning features or use of this software
+ *    must display the following acknowledgement:
+ *        This product includes software developed by the NetBSD
+ *        Foundation, Inc. and its contributors.
+ * 4. Neither the name of The NetBSD Foundation nor the names of its
+ *    contributors may be used to endorse or promote products derived
+ *    from this software without specific prior written permission.
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE NETBSD FOUNDATION, INC. AND CONTRIBUTORS
+ * ``AS IS'' AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED
+ * TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
+ * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE FOUNDATION OR CONTRIBUTORS
+ * BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR
+ * CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF
+ * SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS
+ * INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN
+ * CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
+ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE
+ * POSSIBILITY OF SUCH DAMAGE.
+ */
+#ifndef PPP_OE_H
+#define PPP_OE_H
+
+#include "lwip/opt.h"
+
+#if PPPOE_SUPPORT > 0
+
+#include "netif/etharp.h"
+
+#ifdef PACK_STRUCT_USE_INCLUDES
+#  include "arch/bpstruct.h"
+#endif
+PACK_STRUCT_BEGIN
+struct pppoehdr {
+  PACK_STRUCT_FIELD(u8_t vertype);
+  PACK_STRUCT_FIELD(u8_t code);
+  PACK_STRUCT_FIELD(u16_t session);
+  PACK_STRUCT_FIELD(u16_t plen);
+} PACK_STRUCT_STRUCT;
+PACK_STRUCT_END
+#ifdef PACK_STRUCT_USE_INCLUDES
+#  include "arch/epstruct.h"
+#endif
+
+#ifdef PACK_STRUCT_USE_INCLUDES
+#  include "arch/bpstruct.h"
+#endif
+PACK_STRUCT_BEGIN
+struct pppoetag {
+  PACK_STRUCT_FIELD(u16_t tag);
+  PACK_STRUCT_FIELD(u16_t len);
+} PACK_STRUCT_STRUCT;
+PACK_STRUCT_END
+#ifdef PACK_STRUCT_USE_INCLUDES
+#  include "arch/epstruct.h"
+#endif
+
+
+#define PPPOE_STATE_INITIAL   0
+#define PPPOE_STATE_PADI_SENT 1
+#define PPPOE_STATE_PADR_SENT 2
+#define PPPOE_STATE_SESSION   3
+#define PPPOE_STATE_CLOSING   4
+/* passive */
+#define PPPOE_STATE_PADO_SENT 1
+
+#define PPPOE_HEADERLEN       sizeof(struct pppoehdr)
+#define PPPOE_VERTYPE         0x11    /* VER=1, TYPE = 1 */
+
+#define PPPOE_TAG_EOL         0x0000  /* end of list */
+#define PPPOE_TAG_SNAME       0x0101  /* service name */
+#define PPPOE_TAG_ACNAME      0x0102  /* access concentrator name */
+#define PPPOE_TAG_HUNIQUE     0x0103  /* host unique */
+#define PPPOE_TAG_ACCOOKIE    0x0104  /* AC cookie */
+#define PPPOE_TAG_VENDOR      0x0105  /* vendor specific */
+#define PPPOE_TAG_RELAYSID    0x0110  /* relay session id */
+#define PPPOE_TAG_SNAME_ERR   0x0201  /* service name error */
+#define PPPOE_TAG_ACSYS_ERR   0x0202  /* AC system error */
+#define PPPOE_TAG_GENERIC_ERR 0x0203  /* gerneric error */
+
+#define PPPOE_CODE_PADI       0x09    /* Active Discovery Initiation */
+#define PPPOE_CODE_PADO       0x07    /* Active Discovery Offer */
+#define PPPOE_CODE_PADR       0x19    /* Active Discovery Request */
+#define PPPOE_CODE_PADS       0x65    /* Active Discovery Session confirmation */
+#define PPPOE_CODE_PADT       0xA7    /* Active Discovery Terminate */
+
+#ifndef ETHERMTU
+#define ETHERMTU 1500
+#endif
+
+/* two byte PPP protocol discriminator, then IP data */
+#define PPPOE_MAXMTU          (ETHERMTU-PPPOE_HEADERLEN-2)
+
+#ifndef PPPOE_MAX_AC_COOKIE_LEN
+#define PPPOE_MAX_AC_COOKIE_LEN   64
+#endif
+
+struct pppoe_softc {
+  struct pppoe_softc *next;
+  struct netif *sc_ethif;      /* ethernet interface we are using */
+  int sc_pd;                   /* ppp unit number */
+  void (*sc_linkStatusCB)(int pd, int up);
+
+  int sc_state;                /* discovery phase or session connected */
+  struct eth_addr sc_dest;     /* hardware address of concentrator */
+  u16_t sc_session;            /* PPPoE session id */
+
+#ifdef PPPOE_TODO
+  char *sc_service_name;       /* if != NULL: requested name of service */
+  char *sc_concentrator_name;  /* if != NULL: requested concentrator id */
+#endif /* PPPOE_TODO */
+  u8_t sc_ac_cookie[PPPOE_MAX_AC_COOKIE_LEN]; /* content of AC cookie we must echo back */
+  size_t sc_ac_cookie_len;     /* length of cookie data */
+#ifdef PPPOE_SERVER
+  u8_t *sc_hunique;            /* content of host unique we must echo back */
+  size_t sc_hunique_len;       /* length of host unique */
+#endif
+  int sc_padi_retried;         /* number of PADI retries already done */
+  int sc_padr_retried;         /* number of PADR retries already done */
+};
+
+
+#define pppoe_init() /* compatibility define, no initialization needed */
+
+err_t pppoe_create(struct netif *ethif, int pd, void (*linkStatusCB)(int pd, int up), struct pppoe_softc **scptr);
+err_t pppoe_destroy(struct netif *ifp);
+
+int pppoe_connect(struct pppoe_softc *sc);
+void pppoe_disconnect(struct pppoe_softc *sc);
+
+void pppoe_disc_input(struct netif *netif, struct pbuf *p);
+void pppoe_data_input(struct netif *netif, struct pbuf *p);
+
+err_t pppoe_xmit(struct pppoe_softc *sc, struct pbuf *pb);
+
+/** used in ppp.c */
+#define PPPOE_HDRLEN (sizeof(struct eth_hdr) + PPPOE_HEADERLEN)
+
+#endif /* PPPOE_SUPPORT */
+
+#endif /* PPP_OE_H */
diff --git a/client/3rd/PacketProcessor/PacketProcessor/tun2socks-iOS/lwip/src/include/netif/slipif.h b/client/3rd/PacketProcessor/PacketProcessor/tun2socks-iOS/lwip/src/include/netif/slipif.h
new file mode 100644
index 00000000..7b6ce5e2
--- /dev/null
+++ b/client/3rd/PacketProcessor/PacketProcessor/tun2socks-iOS/lwip/src/include/netif/slipif.h
@@ -0,0 +1,81 @@
+/*
+ * Copyright (c) 2001, Swedish Institute of Computer Science.
+ * All rights reserved. 
+ *
+ * Redistribution and use in source and binary forms, with or without 
+ * modification, are permitted provided that the following conditions 
+ * are met: 
+ * 1. Redistributions of source code must retain the above copyright 
+ *    notice, this list of conditions and the following disclaimer. 
+ * 2. Redistributions in binary form must reproduce the above copyright 
+ *    notice, this list of conditions and the following disclaimer in the 
+ *    documentation and/or other materials provided with the distribution. 
+ * 3. Neither the name of the Institute nor the names of its contributors 
+ *    may be used to endorse or promote products derived from this software 
+ *    without specific prior written permission. 
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND 
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE 
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE 
+ * ARE DISCLAIMED.  IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE 
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL 
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS 
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) 
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT 
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY 
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF 
+ * SUCH DAMAGE. 
+ *
+ * This file is part of the lwIP TCP/IP stack.
+ * 
+ * Author: Adam Dunkels <adam@sics.se>
+ *
+ */
+#ifndef __NETIF_SLIPIF_H__
+#define __NETIF_SLIPIF_H__
+
+#include "lwip/opt.h"
+#include "lwip/netif.h"
+
+/** Set this to 1 to start a thread that blocks reading on the serial line
+ * (using sio_read()).
+ */
+#ifndef SLIP_USE_RX_THREAD
+#define SLIP_USE_RX_THREAD !NO_SYS
+#endif
+
+/** Set this to 1 to enable functions to pass in RX bytes from ISR context.
+ * If enabled, slipif_received_byte[s]() process incoming bytes and put assembled
+ * packets on a queue, which is fed into lwIP from slipif_poll().
+ * If disabled, slipif_poll() polls the serila line (using sio_tryread()).
+ */
+#ifndef SLIP_RX_FROM_ISR
+#define SLIP_RX_FROM_ISR 0
+#endif
+
+/** Set this to 1 (default for SLIP_RX_FROM_ISR) to queue incoming packets
+ * received by slipif_received_byte[s]() as long as PBUF_POOL pbufs are available.
+ * If disabled, packets will be dropped if more than one packet is received.
+ */
+#ifndef SLIP_RX_QUEUE
+#define SLIP_RX_QUEUE SLIP_RX_FROM_ISR
+#endif
+
+#ifdef __cplusplus
+extern "C" {
+#endif
+
+err_t slipif_init(struct netif * netif);
+void slipif_poll(struct netif *netif);
+#if SLIP_RX_FROM_ISR
+void slipif_process_rxqueue(struct netif *netif);
+void slipif_received_byte(struct netif *netif, u8_t data);
+void slipif_received_bytes(struct netif *netif, u8_t *data, u8_t len);
+#endif /* SLIP_RX_FROM_ISR */
+
+#ifdef __cplusplus
+}
+#endif
+ 
+#endif 
+
diff --git a/client/3rd/PacketProcessor/PacketProcessor/tun2socks-iOS/lwip/src/include/posix/netdb.h b/client/3rd/PacketProcessor/PacketProcessor/tun2socks-iOS/lwip/src/include/posix/netdb.h
new file mode 100644
index 00000000..7134032d
--- /dev/null
+++ b/client/3rd/PacketProcessor/PacketProcessor/tun2socks-iOS/lwip/src/include/posix/netdb.h
@@ -0,0 +1,33 @@
+/**
+ * @file
+ * This file is a posix wrapper for lwip/netdb.h.
+ */
+
+/*
+ * Redistribution and use in source and binary forms, with or without modification, 
+ * are permitted provided that the following conditions are met:
+ *
+ * 1. Redistributions of source code must retain the above copyright notice,
+ *    this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright notice,
+ *    this list of conditions and the following disclaimer in the documentation
+ *    and/or other materials provided with the distribution.
+ * 3. The name of the author may not be used to endorse or promote products
+ *    derived from this software without specific prior written permission. 
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE AUTHOR ``AS IS'' AND ANY EXPRESS OR IMPLIED 
+ * WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF 
+ * MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT 
+ * SHALL THE AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, 
+ * EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT 
+ * OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS 
+ * INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN 
+ * CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING 
+ * IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY 
+ * OF SUCH DAMAGE.
+ *
+ * This file is part of the lwIP TCP/IP stack.
+ *
+ */
+
+#include "lwip/netdb.h"
diff --git a/client/3rd/PacketProcessor/PacketProcessor/tun2socks-iOS/lwip/src/include/posix/sys/socket.h b/client/3rd/PacketProcessor/PacketProcessor/tun2socks-iOS/lwip/src/include/posix/sys/socket.h
new file mode 100644
index 00000000..f7c7066e
--- /dev/null
+++ b/client/3rd/PacketProcessor/PacketProcessor/tun2socks-iOS/lwip/src/include/posix/sys/socket.h
@@ -0,0 +1,33 @@
+/**
+ * @file
+ * This file is a posix wrapper for lwip/sockets.h.
+ */
+
+/*
+ * Redistribution and use in source and binary forms, with or without modification, 
+ * are permitted provided that the following conditions are met:
+ *
+ * 1. Redistributions of source code must retain the above copyright notice,
+ *    this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright notice,
+ *    this list of conditions and the following disclaimer in the documentation
+ *    and/or other materials provided with the distribution.
+ * 3. The name of the author may not be used to endorse or promote products
+ *    derived from this software without specific prior written permission. 
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE AUTHOR ``AS IS'' AND ANY EXPRESS OR IMPLIED 
+ * WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF 
+ * MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT 
+ * SHALL THE AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, 
+ * EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT 
+ * OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS 
+ * INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN 
+ * CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING 
+ * IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY 
+ * OF SUCH DAMAGE.
+ *
+ * This file is part of the lwIP TCP/IP stack.
+ *
+ */
+
+#include "lwip/sockets.h"
diff --git a/client/3rd/PacketProcessor/PacketProcessor/tun2socks-iOS/misc/BRefTarget.h b/client/3rd/PacketProcessor/PacketProcessor/tun2socks-iOS/misc/BRefTarget.h
new file mode 100644
index 00000000..4324605a
--- /dev/null
+++ b/client/3rd/PacketProcessor/PacketProcessor/tun2socks-iOS/misc/BRefTarget.h
@@ -0,0 +1,114 @@
+/**
+ * @file BRefTarget.h
+ * @author Ambroz Bizjak <ambrop7@gmail.com>
+ * 
+ * @section LICENSE
+ * 
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions are met:
+ * 1. Redistributions of source code must retain the above copyright
+ *    notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in the
+ *    documentation and/or other materials provided with the distribution.
+ * 3. Neither the name of the author nor the
+ *    names of its contributors may be used to endorse or promote products
+ *    derived from this software without specific prior written permission.
+ * 
+ * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS" AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED
+ * WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE
+ * DISCLAIMED. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY
+ * DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES
+ * (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
+ * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND
+ * ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
+ * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS
+ * SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
+ */
+
+#ifndef BADVPN_B_REF_TARGET_H
+#define BADVPN_B_REF_TARGET_H
+
+#include <limits.h>
+
+#include <misc/debug.h>
+#include <base/DebugObject.h>
+
+/**
+ * Represents a reference-counted object.
+ */
+typedef struct BRefTarget_s BRefTarget;
+
+/**
+ * Callback function called after the reference count of a {@link BRefTarget}
+ * reaches has reached zero. At this point the BRefTarget object has already
+ * been invalidated, i.e. {@link BRefTarget_Ref} must not be called on this
+ * object after this handler is called.
+ */
+typedef void (*BRefTarget_func_release) (BRefTarget *o);
+
+struct BRefTarget_s {
+    BRefTarget_func_release func_release;
+    int refcnt;
+    DebugObject d_obj;
+};
+
+/**
+ * Initializes a reference target object. The initial reference count of the object
+ * is 1. The \a func_release argument specifies the function to be called from
+ * {@link BRefTarget_Deref} when the reference count reaches zero.
+ */
+static void BRefTarget_Init (BRefTarget *o, BRefTarget_func_release func_release);
+
+/**
+ * Decrements the reference count of a reference target object. If the reference
+ * count has reached zero, the object's {@link BRefTarget_func_release} function
+ * is called, and the object is considered destroyed.
+ */
+static void BRefTarget_Deref (BRefTarget *o);
+
+/**
+ * Increments the reference count of a reference target object.
+ * Returns 1 on success and 0 on failure.
+ */
+static int BRefTarget_Ref (BRefTarget *o) WARN_UNUSED;
+
+static void BRefTarget_Init (BRefTarget *o, BRefTarget_func_release func_release)
+{
+    ASSERT(func_release)
+    
+    o->func_release = func_release;
+    o->refcnt = 1;
+    
+    DebugObject_Init(&o->d_obj);
+}
+
+static void BRefTarget_Deref (BRefTarget *o)
+{
+    DebugObject_Access(&o->d_obj);
+    ASSERT(o->refcnt > 0)
+    
+    o->refcnt--;
+    
+    if (o->refcnt == 0) {
+        DebugObject_Free(&o->d_obj);
+        o->func_release(o);
+    }
+}
+
+static int BRefTarget_Ref (BRefTarget *o)
+{
+    DebugObject_Access(&o->d_obj);
+    ASSERT(o->refcnt > 0)
+    
+    if (o->refcnt == INT_MAX) {
+        return 0;
+    }
+    
+    o->refcnt++;
+    
+    return 1;
+}
+
+#endif
diff --git a/client/3rd/PacketProcessor/PacketProcessor/tun2socks-iOS/misc/Utf16Decoder.h b/client/3rd/PacketProcessor/PacketProcessor/tun2socks-iOS/misc/Utf16Decoder.h
new file mode 100644
index 00000000..819ac94c
--- /dev/null
+++ b/client/3rd/PacketProcessor/PacketProcessor/tun2socks-iOS/misc/Utf16Decoder.h
@@ -0,0 +1,113 @@
+/**
+ * @file Utf16Decoder.h
+ * @author Ambroz Bizjak <ambrop7@gmail.com>
+ * 
+ * @section LICENSE
+ * 
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions are met:
+ * 1. Redistributions of source code must retain the above copyright
+ *    notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in the
+ *    documentation and/or other materials provided with the distribution.
+ * 3. Neither the name of the author nor the
+ *    names of its contributors may be used to endorse or promote products
+ *    derived from this software without specific prior written permission.
+ * 
+ * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS" AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED
+ * WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE
+ * DISCLAIMED. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY
+ * DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES
+ * (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
+ * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND
+ * ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
+ * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS
+ * SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
+ */
+
+#ifndef BADVPN_UTF16DECODER_H
+#define BADVPN_UTF16DECODER_H
+
+#include <stdint.h>
+
+#include <misc/debug.h>
+
+/**
+ * Decodes UTF-16 data into Unicode characters.
+ */
+typedef struct {
+    int cont;
+    uint32_t ch;
+} Utf16Decoder;
+
+/**
+ * Initializes the UTF-16 decoder.
+ * 
+ * @param o the object
+ */
+static void Utf16Decoder_Init (Utf16Decoder *o);
+
+/**
+ * Inputs a 16-bit value to the decoder.
+ * 
+ * @param o the object
+ * @param b 16-bit value to input
+ * @param out_ch will receive a Unicode character if this function returns 1.
+ *               If written, the character will be in the range 0 - 0x10FFFF,
+ *               excluding the surrogate range 0xD800 - 0xDFFF.
+ * @return 1 if a Unicode character has been written to *out_ch, 0 if not
+ */
+static int Utf16Decoder_Input (Utf16Decoder *o, uint16_t b, uint32_t *out_ch);
+
+void Utf16Decoder_Init (Utf16Decoder *o)
+{
+    o->cont = 0;
+}
+
+int Utf16Decoder_Input (Utf16Decoder *o, uint16_t b, uint32_t *out_ch)
+{
+    // high surrogate
+    if (b >= UINT16_C(0xD800) && b <= UINT16_C(0xDBFF)) {
+        // set continuation state
+        o->cont = 1;
+        
+        // add high bits
+        o->ch = (uint32_t)(b - UINT16_C(0xD800)) << 10;
+        
+        return 0;
+    }
+    
+    // low surrogate
+    if (b >= UINT16_C(0xDC00) && b <= UINT16_C(0xDFFF)) {
+        // check continuation
+        if (!o->cont) {
+            return 0;
+        }
+        
+        // add low bits
+        o->ch |= (b - UINT16_C(0xDC00));
+        
+        // reset state
+        o->cont = 0;
+        
+        // don't report surrogates
+        if (o->ch >= UINT32_C(0xD800) && o->ch <= UINT32_C(0xDFFF)) {
+            return 0;
+        }
+        
+        // return character
+        *out_ch = o->ch;
+        return 1;
+    }
+    
+    // reset state
+    o->cont = 0;
+    
+    // return character
+    *out_ch = b;
+    return 1;
+}
+
+#endif
diff --git a/client/3rd/PacketProcessor/PacketProcessor/tun2socks-iOS/misc/Utf16Encoder.h b/client/3rd/PacketProcessor/PacketProcessor/tun2socks-iOS/misc/Utf16Encoder.h
new file mode 100644
index 00000000..4900b426
--- /dev/null
+++ b/client/3rd/PacketProcessor/PacketProcessor/tun2socks-iOS/misc/Utf16Encoder.h
@@ -0,0 +1,67 @@
+/**
+ * @file Utf16Encoder.h
+ * @author Ambroz Bizjak <ambrop7@gmail.com>
+ * 
+ * @section LICENSE
+ * 
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions are met:
+ * 1. Redistributions of source code must retain the above copyright
+ *    notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in the
+ *    documentation and/or other materials provided with the distribution.
+ * 3. Neither the name of the author nor the
+ *    names of its contributors may be used to endorse or promote products
+ *    derived from this software without specific prior written permission.
+ * 
+ * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS" AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED
+ * WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE
+ * DISCLAIMED. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY
+ * DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES
+ * (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
+ * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND
+ * ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
+ * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS
+ * SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
+ */
+
+#ifndef BADVPN_UTF16ENCODER_H
+#define BADVPN_UTF16ENCODER_H
+
+#include <stdint.h>
+
+/**
+ * Encodes a Unicode character into a sequence of 16-bit values according to UTF-16.
+ * 
+ * @param ch Unicode character to encode
+ * @param out will receive the encoded 16-bit values. Must have space for 2 values.
+ * @return number of 16-bit values written, 0-2, with 0 meaning the character cannot
+ *         be encoded
+ */
+static int Utf16Encoder_EncodeCharacter (uint32_t ch, uint16_t *out);
+
+int Utf16Encoder_EncodeCharacter (uint32_t ch, uint16_t *out)
+{
+    if (ch <= UINT32_C(0xFFFF)) {
+        // surrogates
+        if (ch >= UINT32_C(0xD800) && ch <= UINT32_C(0xDFFF)) {
+            return 0;
+        }
+        
+        out[0] = ch;
+        return 1;
+    }
+    
+    if (ch <= UINT32_C(0x10FFFF)) {
+        uint32_t x = ch - UINT32_C(0x10000);
+        out[0] = UINT32_C(0xD800) + (x >> 10);
+        out[1] = UINT32_C(0xDC00) + (x & UINT32_C(0x3FF));
+        return 2;
+    }
+    
+    return 0;
+}
+
+#endif
diff --git a/client/3rd/PacketProcessor/PacketProcessor/tun2socks-iOS/misc/Utf8Decoder.h b/client/3rd/PacketProcessor/PacketProcessor/tun2socks-iOS/misc/Utf8Decoder.h
new file mode 100644
index 00000000..c6412b18
--- /dev/null
+++ b/client/3rd/PacketProcessor/PacketProcessor/tun2socks-iOS/misc/Utf8Decoder.h
@@ -0,0 +1,143 @@
+/**
+ * @file Utf8Decoder.h
+ * @author Ambroz Bizjak <ambrop7@gmail.com>
+ * 
+ * @section LICENSE
+ * 
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions are met:
+ * 1. Redistributions of source code must retain the above copyright
+ *    notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in the
+ *    documentation and/or other materials provided with the distribution.
+ * 3. Neither the name of the author nor the
+ *    names of its contributors may be used to endorse or promote products
+ *    derived from this software without specific prior written permission.
+ * 
+ * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS" AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED
+ * WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE
+ * DISCLAIMED. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY
+ * DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES
+ * (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
+ * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND
+ * ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
+ * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS
+ * SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
+ */
+
+#ifndef BADVPN_UTF8DECODER_H
+#define BADVPN_UTF8DECODER_H
+
+#include <stdint.h>
+
+#include <misc/debug.h>
+
+/**
+ * Decodes UTF-8 data into Unicode characters.
+ */
+typedef struct {
+    int bytes;
+    int pos;
+    uint32_t ch;
+} Utf8Decoder;
+
+/**
+ * Initializes the UTF-8 decoder.
+ * 
+ * @param o the object
+ */
+static void Utf8Decoder_Init (Utf8Decoder *o);
+
+/**
+ * Inputs a byte to the decoder.
+ * 
+ * @param o the object
+ * @param b byte to input
+ * @param out_ch will receive a Unicode character if this function returns 1.
+ *               If written, the character will be in the range 0 - 0x10FFFF,
+ *               excluding the surrogate range 0xD800 - 0xDFFF.
+ * @return 1 if a Unicode character has been written to *out_ch, 0 if not
+ */
+static int Utf8Decoder_Input (Utf8Decoder *o, uint8_t b, uint32_t *out_ch);
+
+void Utf8Decoder_Init (Utf8Decoder *o)
+{
+    o->bytes = 0;
+}
+
+int Utf8Decoder_Input (Utf8Decoder *o, uint8_t b, uint32_t *out_ch)
+{
+    // one-byte character
+    if ((b & 128) == 0) {
+        o->bytes = 0;
+        *out_ch = b;
+        return 1;
+    }
+    
+    // start of two-byte character
+    if ((b & 224) == 192) {
+        o->bytes = 2;
+        o->pos = 1;
+        o->ch = (uint32_t)(b & 31) << 6;
+        return 0;
+    }
+    
+    // start of three-byte character
+    if ((b & 240) == 224) {
+        o->bytes = 3;
+        o->pos = 1;
+        o->ch = (uint32_t)(b & 15) << 12;
+        return 0;
+    }
+    
+    // start of four-byte character
+    if ((b & 248) == 240) {
+        o->bytes = 4;
+        o->pos = 1;
+        o->ch = (uint32_t)(b & 7) << 18;
+        return 0;
+    }
+    
+    // continuation of multi-byte character
+    if ((b & 192) == 128 && o->bytes > 0) {
+        ASSERT(o->bytes <= 4)
+        ASSERT(o->pos > 0)
+        ASSERT(o->pos < o->bytes)
+        
+        // add bits from this byte
+        o->ch |= (uint32_t)(b & 63) << (6 * (o->bytes - o->pos - 1));
+        
+        // end of multi-byte character?
+        if (o->pos == o->bytes - 1) {
+            // reset state
+            o->bytes = 0;
+            
+            // don't report out-of-range characters
+            if (o->ch > UINT32_C(0x10FFFF)) {
+                return 0;
+            }
+            
+            // don't report surrogates
+            if (o->ch >= UINT32_C(0xD800) && o->ch <= UINT32_C(0xDFFF)) {
+                return 0;
+            }
+            
+            *out_ch = o->ch;
+            return 1;
+        }
+        
+        // increment byte index
+        o->pos++;
+        
+        return 0;
+    }
+    
+    // error, reset state
+    o->bytes = 0;
+    
+    return 0;
+}
+
+#endif
diff --git a/client/3rd/PacketProcessor/PacketProcessor/tun2socks-iOS/misc/Utf8Encoder.h b/client/3rd/PacketProcessor/PacketProcessor/tun2socks-iOS/misc/Utf8Encoder.h
new file mode 100644
index 00000000..00eb5e68
--- /dev/null
+++ b/client/3rd/PacketProcessor/PacketProcessor/tun2socks-iOS/misc/Utf8Encoder.h
@@ -0,0 +1,81 @@
+/**
+ * @file Utf8Encoder.h
+ * @author Ambroz Bizjak <ambrop7@gmail.com>
+ * 
+ * @section LICENSE
+ * 
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions are met:
+ * 1. Redistributions of source code must retain the above copyright
+ *    notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in the
+ *    documentation and/or other materials provided with the distribution.
+ * 3. Neither the name of the author nor the
+ *    names of its contributors may be used to endorse or promote products
+ *    derived from this software without specific prior written permission.
+ * 
+ * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS" AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED
+ * WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE
+ * DISCLAIMED. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY
+ * DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES
+ * (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
+ * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND
+ * ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
+ * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS
+ * SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
+ */
+
+#ifndef BADVPN_UTF8ENCODER_H
+#define BADVPN_UTF8ENCODER_H
+
+#include <stdint.h>
+
+/**
+ * Encodes a Unicode character into a sequence of bytes according to UTF-8.
+ * 
+ * @param ch Unicode character to encode
+ * @param out will receive the encoded bytes. Must have space for 4 bytes.
+ * @return number of bytes written, 0-4, with 0 meaning the character cannot
+ *         be encoded
+ */
+static int Utf8Encoder_EncodeCharacter (uint32_t ch, uint8_t *out);
+
+int Utf8Encoder_EncodeCharacter (uint32_t ch, uint8_t *out)
+{
+    if (ch <= UINT32_C(0x007F)) {
+        out[0] = ch;
+        return 1;
+    }
+    
+    if (ch <= UINT32_C(0x07FF)) {
+        out[0] = (0xC0 | (ch >> 6));
+        out[1] = (0x80 | ((ch >> 0) & 0x3F));
+        return 2;
+    }
+    
+    if (ch <= UINT32_C(0xFFFF)) {
+        // surrogates
+        if (ch >= UINT32_C(0xD800) && ch <= UINT32_C(0xDFFF)) {
+            return 0;
+        }
+        
+        out[0] = (0xE0 | (ch >> 12));
+        out[1] = (0x80 | ((ch >> 6) & 0x3F));
+        out[2] = (0x80 | ((ch >> 0) & 0x3F));
+        return 3;
+    }
+    
+    if (ch < UINT32_C(0x10FFFF)) {
+        out[0] = (0xF0 | (ch >> 18));
+        out[1] = (0x80 | ((ch >> 12) & 0x3F));
+        out[2] = (0x80 | ((ch >> 6) & 0x3F));
+        out[3] = (0x80 | ((ch >> 0) & 0x3F));
+        return 4;
+    }
+    
+    return 0;
+}
+
+#endif
diff --git a/client/3rd/PacketProcessor/PacketProcessor/tun2socks-iOS/misc/arp_proto.h b/client/3rd/PacketProcessor/PacketProcessor/tun2socks-iOS/misc/arp_proto.h
new file mode 100644
index 00000000..71a6c98d
--- /dev/null
+++ b/client/3rd/PacketProcessor/PacketProcessor/tun2socks-iOS/misc/arp_proto.h
@@ -0,0 +1,60 @@
+/**
+ * @file arp_proto.h
+ * @author Ambroz Bizjak <ambrop7@gmail.com>
+ * 
+ * @section LICENSE
+ * 
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions are met:
+ * 1. Redistributions of source code must retain the above copyright
+ *    notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in the
+ *    documentation and/or other materials provided with the distribution.
+ * 3. Neither the name of the author nor the
+ *    names of its contributors may be used to endorse or promote products
+ *    derived from this software without specific prior written permission.
+ * 
+ * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS" AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED
+ * WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE
+ * DISCLAIMED. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY
+ * DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES
+ * (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
+ * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND
+ * ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
+ * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS
+ * SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
+ * 
+ * @section DESCRIPTION
+ * 
+ * Definitions for the ARP protocol.
+ */
+
+#ifndef BADVPN_ARP_PROTO_H
+#define BADVPN_ARP_PROTO_H
+
+#include <stdint.h>
+
+#include <misc/packed.h>
+
+#define ARP_HARDWARE_TYPE_ETHERNET 1
+
+#define ARP_OPCODE_REQUEST 1
+#define ARP_OPCODE_REPLY 2
+
+B_START_PACKED
+struct arp_packet {
+    uint16_t hardware_type;
+    uint16_t protocol_type;
+    uint8_t hardware_size;
+    uint8_t protocol_size;
+    uint16_t opcode;
+    uint8_t sender_mac[6];
+    uint32_t sender_ip;
+    uint8_t target_mac[6];
+    uint32_t target_ip;
+} B_PACKED;
+B_END_PACKED
+
+#endif
diff --git a/client/3rd/PacketProcessor/PacketProcessor/tun2socks-iOS/misc/array_length.h b/client/3rd/PacketProcessor/PacketProcessor/tun2socks-iOS/misc/array_length.h
new file mode 100644
index 00000000..15de964c
--- /dev/null
+++ b/client/3rd/PacketProcessor/PacketProcessor/tun2socks-iOS/misc/array_length.h
@@ -0,0 +1,35 @@
+/**
+ * @file array_length.h
+ * @author Ambroz Bizjak <ambrop7@gmail.com>
+ * 
+ * @section LICENSE
+ * 
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions are met:
+ * 1. Redistributions of source code must retain the above copyright
+ *    notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in the
+ *    documentation and/or other materials provided with the distribution.
+ * 3. Neither the name of the author nor the
+ *    names of its contributors may be used to endorse or promote products
+ *    derived from this software without specific prior written permission.
+ * 
+ * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS" AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED
+ * WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE
+ * DISCLAIMED. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY
+ * DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES
+ * (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
+ * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND
+ * ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
+ * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS
+ * SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
+ */
+
+#ifndef BADVPN_ARRAY_LENGTH
+#define BADVPN_ARRAY_LENGTH
+
+#define B_ARRAY_LENGTH(arr) (sizeof((arr)) / sizeof((arr)[0]))
+
+#endif
diff --git a/client/3rd/PacketProcessor/PacketProcessor/tun2socks-iOS/misc/ascii_utils.h b/client/3rd/PacketProcessor/PacketProcessor/tun2socks-iOS/misc/ascii_utils.h
new file mode 100644
index 00000000..2baa9fc2
--- /dev/null
+++ b/client/3rd/PacketProcessor/PacketProcessor/tun2socks-iOS/misc/ascii_utils.h
@@ -0,0 +1,43 @@
+/**
+ * @file ascii_utils.h
+ * @author Ambroz Bizjak <ambrop7@gmail.com>
+ * 
+ * @section LICENSE
+ * 
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions are met:
+ * 1. Redistributions of source code must retain the above copyright
+ *    notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in the
+ *    documentation and/or other materials provided with the distribution.
+ * 3. Neither the name of the author nor the
+ *    names of its contributors may be used to endorse or promote products
+ *    derived from this software without specific prior written permission.
+ * 
+ * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS" AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED
+ * WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE
+ * DISCLAIMED. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY
+ * DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES
+ * (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
+ * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND
+ * ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
+ * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS
+ * SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
+ */
+
+#ifndef BADVPN_ASCII_UTILS_H
+#define BADVPN_ASCII_UTILS_H
+
+static char b_ascii_tolower (char c)
+{
+    return (c >= 'A' && c <= 'Z') ? (c + 32) : c;
+}
+
+static char b_ascii_toupper (char c)
+{
+    return (c >= 'a' && c <= 'z') ? (c - 32) : c;
+}
+
+#endif
diff --git a/client/3rd/PacketProcessor/PacketProcessor/tun2socks-iOS/misc/balign.h b/client/3rd/PacketProcessor/PacketProcessor/tun2socks-iOS/misc/balign.h
new file mode 100644
index 00000000..57152afb
--- /dev/null
+++ b/client/3rd/PacketProcessor/PacketProcessor/tun2socks-iOS/misc/balign.h
@@ -0,0 +1,76 @@
+/**
+ * @file balign.h
+ * @author Ambroz Bizjak <ambrop7@gmail.com>
+ * 
+ * @section LICENSE
+ * 
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions are met:
+ * 1. Redistributions of source code must retain the above copyright
+ *    notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in the
+ *    documentation and/or other materials provided with the distribution.
+ * 3. Neither the name of the author nor the
+ *    names of its contributors may be used to endorse or promote products
+ *    derived from this software without specific prior written permission.
+ * 
+ * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS" AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED
+ * WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE
+ * DISCLAIMED. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY
+ * DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES
+ * (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
+ * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND
+ * ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
+ * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS
+ * SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
+ * 
+ * @section DESCRIPTION
+ * 
+ * Integer alignment macros.
+ */
+
+#ifndef BADVPN_MISC_BALIGN_H
+#define BADVPN_MISC_BALIGN_H
+
+#include <stddef.h>
+#include <stdint.h>
+
+/**
+ * Checks if aligning x up to n would overflow.
+ */
+static int balign_up_overflows (size_t x, size_t n)
+{
+    size_t r = x % n;
+    
+    return (r && x > SIZE_MAX - (n - r));
+}
+
+/**
+ * Aligns x up to n.
+ */
+static size_t balign_up (size_t x, size_t n)
+{
+    size_t r = x % n;
+    return (r ? x + (n - r) : x);
+}
+
+/**
+ * Aligns x down to n.
+ */
+static size_t balign_down (size_t x, size_t n)
+{
+    return (x - (x % n));
+}
+
+/**
+ * Calculates the quotient of a and b, rounded up.
+ */
+static size_t bdivide_up (size_t a, size_t b)
+{
+    size_t r = a % b;
+    return (r > 0 ? a / b + 1 : a / b);
+}
+
+#endif
diff --git a/client/3rd/PacketProcessor/PacketProcessor/tun2socks-iOS/misc/balloc.h b/client/3rd/PacketProcessor/PacketProcessor/tun2socks-iOS/misc/balloc.h
new file mode 100644
index 00000000..ff946b6a
--- /dev/null
+++ b/client/3rd/PacketProcessor/PacketProcessor/tun2socks-iOS/misc/balloc.h
@@ -0,0 +1,248 @@
+/**
+ * @file balloc.h
+ * @author Ambroz Bizjak <ambrop7@gmail.com>
+ * 
+ * @section LICENSE
+ * 
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions are met:
+ * 1. Redistributions of source code must retain the above copyright
+ *    notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in the
+ *    documentation and/or other materials provided with the distribution.
+ * 3. Neither the name of the author nor the
+ *    names of its contributors may be used to endorse or promote products
+ *    derived from this software without specific prior written permission.
+ * 
+ * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS" AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED
+ * WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE
+ * DISCLAIMED. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY
+ * DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES
+ * (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
+ * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND
+ * ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
+ * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS
+ * SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
+ * 
+ * @section DESCRIPTION
+ * 
+ * Memory allocation functions.
+ */
+
+#ifndef BADVPN_MISC_BALLOC_H
+#define BADVPN_MISC_BALLOC_H
+
+#include <stddef.h>
+#include <stdint.h>
+#include <stdlib.h>
+#include <limits.h>
+
+#include "misc/debug.h"
+#include "misc/bsize.h"
+#include "misc/maxalign.h"
+
+/**
+ * Allocates memory.
+ * 
+ * @param bytes number of bytes to allocate.
+ * @return a non-NULL pointer to the memory, or NULL on failure.
+ *         The memory allocated can be freed using {@link BFree}.
+ */
+static void * BAlloc (size_t bytes);
+
+/**
+ * Frees memory.
+ * 
+ * @param m memory to free. Must have been obtained with {@link BAlloc},
+ *          {@link BAllocArray}, or {@link BAllocArray2}. May be NULL;
+ *          in this case, this function does nothing.
+ */
+static void BFree (void *m);
+
+/**
+ * Changes the size of a memory block. On success, the memory block
+ * may be moved to a different address.
+ * 
+ * @param m pointer to a memory block obtained from {@link BAlloc}
+ *          or other functions in this group. If this is NULL, the
+ *          call is equivalent to {@link BAlloc}(bytes).
+ * @param bytes new size of the memory block
+ * @return new pointer to the memory block, or NULL on failure
+ */
+static void * BRealloc (void *m, size_t bytes);
+
+/**
+ * Allocates memory, with size given as a {@link bsize_t}.
+ * 
+ * @param bytes number of bytes to allocate. If the size is overflow,
+ *              this function will return NULL.
+ * @return a non-NULL pointer to the memory, or NULL on failure.
+ *         The memory allocated can be freed using {@link BFree}.
+ */
+static void * BAllocSize (bsize_t bytes);
+
+/**
+ * Allocates memory for an array.
+ * A check is first done to make sure the multiplication doesn't overflow;
+ * otherwise, this is equivalent to {@link BAlloc}(count * bytes).
+ * This may be slightly faster if 'bytes' is constant, because a division
+ * with 'bytes' is performed.
+ * 
+ * @param count number of elements.
+ * @param bytes size of one array element.
+ * @return a non-NULL pointer to the memory, or NULL on failure.
+ *         The memory allocated can be freed using {@link BFree}.
+ */
+static void * BAllocArray (size_t count, size_t bytes);
+
+/**
+ * Reallocates memory that was allocated using one of the allocation
+ * functions in this file. On success, the memory may be moved to a
+ * different address, leaving the old address invalid.
+ * 
+ * @param mem pointer to an existing memory block. May be NULL, in which
+ *            case this is equivalent to {@link BAllocArray}.
+ * @param count number of elements for reallocation
+ * @param bytes size of one array element for reallocation
+ * @return a non-NULL pointer to the address of the reallocated memory
+ *         block, or NULL on failure. On failure, the original memory
+ *         block is left intact.
+ */
+static void * BReallocArray (void *mem, size_t count, size_t bytes);
+
+/**
+ * Allocates memory for a two-dimensional array.
+ * 
+ * Checks are first done to make sure the multiplications don't overflow;
+ * otherwise, this is equivalent to {@link BAlloc}((count2 * (count1 * bytes)).
+ * 
+ * @param count2 number of elements in one dimension.
+ * @param count1 number of elements in the other dimension.
+ * @param bytes size of one array element.
+ * @return a non-NULL pointer to the memory, or NULL on failure.
+ *         The memory allocated can be freed using {@link BFree}.
+ */
+static void * BAllocArray2 (size_t count2, size_t count1, size_t bytes);
+
+/**
+ * Adds to a size_t with overflow detection.
+ * 
+ * @param s pointer to a size_t to add to
+ * @param add number to add
+ * @return 1 on success, 0 on failure
+ */
+static int BSizeAdd (size_t *s, size_t add);
+
+/**
+ * Aligns a size_t upwards with overflow detection.
+ * 
+ * @param s pointer to a size_t to align
+ * @param align alignment value. Must be >0.
+ * @return 1 on success, 0 on failure
+ */
+static int BSizeAlign (size_t *s, size_t align);
+
+void * BAlloc (size_t bytes)
+{
+    if (bytes == 0) {
+        return malloc(1);
+    }
+    
+    return malloc(bytes);
+}
+
+void BFree (void *m)
+{
+    free(m);
+}
+
+void * BRealloc (void *m, size_t bytes)
+{
+    if (bytes == 0) {
+        return realloc(m, 1);
+    }
+    
+    return realloc(m, bytes);
+}
+
+void * BAllocSize (bsize_t bytes)
+{
+    if (bytes.is_overflow) {
+        return NULL;
+    }
+    
+    return BAlloc(bytes.value);
+}
+
+void * BAllocArray (size_t count, size_t bytes)
+{
+    if (count == 0 || bytes == 0) {
+        return malloc(1);
+    }
+    
+    if (count > SIZE_MAX / bytes) {
+        return NULL;
+    }
+    
+    return BAlloc(count * bytes);
+}
+
+void * BReallocArray (void *mem, size_t count, size_t bytes)
+{
+    if (count == 0 || bytes == 0) {
+        return realloc(mem, 1);
+    }
+    
+    if (count > SIZE_MAX / bytes) {
+        return NULL;
+    }
+    
+    return realloc(mem, count * bytes);
+}
+
+void * BAllocArray2 (size_t count2, size_t count1, size_t bytes)
+{
+    if (count2 == 0 || count1 == 0 || bytes == 0) {
+        return malloc(1);
+    }
+    
+    if (count1 > SIZE_MAX / bytes) {
+        return NULL;
+    }
+    
+    if (count2 > SIZE_MAX / (count1 * bytes)) {
+        return NULL;
+    }
+    
+    return BAlloc(count2 * (count1 * bytes));
+}
+
+int BSizeAdd (size_t *s, size_t add)
+{
+    ASSERT(s)
+    
+    if (add > SIZE_MAX - *s) {
+        return 0;
+    }
+    *s += add;
+    return 1;
+}
+
+int BSizeAlign (size_t *s, size_t align)
+{
+    ASSERT(s)
+    ASSERT(align > 0)
+    
+    size_t mod = *s % align;
+    if (mod > 0) {
+        if (align - mod > SIZE_MAX - *s) {
+            return 0;
+        }
+        *s += align - mod;
+    }
+    return 1;
+}
+
+#endif
diff --git a/client/3rd/PacketProcessor/PacketProcessor/tun2socks-iOS/misc/blimits.h b/client/3rd/PacketProcessor/PacketProcessor/tun2socks-iOS/misc/blimits.h
new file mode 100644
index 00000000..8bcdc2a7
--- /dev/null
+++ b/client/3rd/PacketProcessor/PacketProcessor/tun2socks-iOS/misc/blimits.h
@@ -0,0 +1,60 @@
+/**
+ * @file blimits.h
+ * @author Ambroz Bizjak <ambrop7@gmail.com>
+ * 
+ * @section LICENSE
+ * 
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions are met:
+ * 1. Redistributions of source code must retain the above copyright
+ *    notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in the
+ *    documentation and/or other materials provided with the distribution.
+ * 3. Neither the name of the author nor the
+ *    names of its contributors may be used to endorse or promote products
+ *    derived from this software without specific prior written permission.
+ * 
+ * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS" AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED
+ * WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE
+ * DISCLAIMED. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY
+ * DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES
+ * (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
+ * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND
+ * ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
+ * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS
+ * SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
+ */
+
+#ifndef BADVPN_BLIMITS_H
+#define BADVPN_BLIMITS_H
+
+#include <stdint.h>
+
+#define BTYPE_IS_SIGNED(type) ((type)-1 < 0)
+
+#define BSIGNED_TYPE_MIN(type) ( \
+    sizeof(type) == 1 ? INT8_MIN : ( \
+    sizeof(type) == 2 ? INT16_MIN : ( \
+    sizeof(type) == 4 ? INT32_MIN : ( \
+    sizeof(type) == 8 ? INT64_MIN : 0))))
+
+#define BSIGNED_TYPE_MAX(type) ( \
+    sizeof(type) == 1 ? INT8_MAX : ( \
+    sizeof(type) == 2 ? INT16_MAX : ( \
+    sizeof(type) == 4 ? INT32_MAX : ( \
+    sizeof(type) == 8 ? INT64_MAX : 0))))
+
+#define BUNSIGNED_TYPE_MIN(type) ((type)0)
+
+#define BUNSIGNED_TYPE_MAX(type) ( \
+    sizeof(type) == 1 ? UINT8_MAX : ( \
+    sizeof(type) == 2 ? UINT16_MAX : ( \
+    sizeof(type) == 4 ? UINT32_MAX : ( \
+    sizeof(type) == 8 ? UINT64_MAX : 0))))
+
+#define BTYPE_MIN(type) (BTYPE_IS_SIGNED(type) ? BSIGNED_TYPE_MIN(type) : BUNSIGNED_TYPE_MIN(type))
+#define BTYPE_MAX(type) (BTYPE_IS_SIGNED(type) ? BSIGNED_TYPE_MAX(type) : BUNSIGNED_TYPE_MAX(type))
+
+#endif
diff --git a/client/3rd/PacketProcessor/PacketProcessor/tun2socks-iOS/misc/bsize.h b/client/3rd/PacketProcessor/PacketProcessor/tun2socks-iOS/misc/bsize.h
new file mode 100644
index 00000000..c28dbf69
--- /dev/null
+++ b/client/3rd/PacketProcessor/PacketProcessor/tun2socks-iOS/misc/bsize.h
@@ -0,0 +1,117 @@
+/**
+ * @file bsize.h
+ * @author Ambroz Bizjak <ambrop7@gmail.com>
+ * 
+ * @section LICENSE
+ * 
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions are met:
+ * 1. Redistributions of source code must retain the above copyright
+ *    notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in the
+ *    documentation and/or other materials provided with the distribution.
+ * 3. Neither the name of the author nor the
+ *    names of its contributors may be used to endorse or promote products
+ *    derived from this software without specific prior written permission.
+ * 
+ * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS" AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED
+ * WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE
+ * DISCLAIMED. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY
+ * DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES
+ * (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
+ * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND
+ * ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
+ * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS
+ * SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
+ * 
+ * @section DESCRIPTION
+ * 
+ * Arithmetic with overflow detection.
+ */
+
+#ifndef BADVPN_MISC_BSIZE_H
+#define BADVPN_MISC_BSIZE_H
+
+#include <stddef.h>
+#include <limits.h>
+#include <stdint.h>
+
+typedef struct {
+    int is_overflow;
+    size_t value;
+} bsize_t;
+
+static bsize_t bsize_fromsize (size_t v);
+static bsize_t bsize_fromint (int v);
+static bsize_t bsize_overflow (void);
+static int bsize_tosize (bsize_t s, size_t *out);
+static int bsize_toint (bsize_t s, int *out);
+static bsize_t bsize_add (bsize_t s1, bsize_t s2);
+static bsize_t bsize_max (bsize_t s1, bsize_t s2);
+static bsize_t bsize_mul (bsize_t s1, bsize_t s2);
+
+bsize_t bsize_fromsize (size_t v)
+{
+    bsize_t s = {0, v};
+    return s;
+}
+
+bsize_t bsize_fromint (int v)
+{
+    bsize_t s = {(v < 0 || v > SIZE_MAX), v};
+    return s;
+}
+
+static bsize_t bsize_overflow (void)
+{
+    bsize_t s = {1, 0};
+    return s;
+}
+
+int bsize_tosize (bsize_t s, size_t *out)
+{
+    if (s.is_overflow) {
+        return 0;
+    }
+    
+    if (out) {
+        *out = s.value;
+    }
+    
+    return 1;
+}
+
+int bsize_toint (bsize_t s, int *out)
+{
+    if (s.is_overflow || s.value > INT_MAX) {
+        return 0;
+    }
+    
+    if (out) {
+        *out = (int)s.value;
+    }
+    
+    return 1;
+}
+
+bsize_t bsize_add (bsize_t s1, bsize_t s2)
+{
+    bsize_t s = {(s1.is_overflow || s2.is_overflow || s2.value > SIZE_MAX - s1.value), (s1.value + s2.value)};
+    return s;
+}
+
+bsize_t bsize_max (bsize_t s1, bsize_t s2)
+{
+    bsize_t s = {(s1.is_overflow || s2.is_overflow), ((s1.value > s2.value) * s1.value + (s1.value <= s2.value) * s2.value)};
+    return s;
+}
+
+bsize_t bsize_mul (bsize_t s1, bsize_t s2)
+{
+    bsize_t s = {(s1.is_overflow || s2.is_overflow || (s1.value != 0 && s2.value > SIZE_MAX / s1.value)), (s1.value * s2.value)};
+    return s;
+}
+
+#endif
diff --git a/client/3rd/PacketProcessor/PacketProcessor/tun2socks-iOS/misc/bsort.h b/client/3rd/PacketProcessor/PacketProcessor/tun2socks-iOS/misc/bsort.h
new file mode 100644
index 00000000..24d7a66a
--- /dev/null
+++ b/client/3rd/PacketProcessor/PacketProcessor/tun2socks-iOS/misc/bsort.h
@@ -0,0 +1,69 @@
+/**
+ * @file bsort.h
+ * @author Ambroz Bizjak <ambrop7@gmail.com>
+ * 
+ * @section LICENSE
+ * 
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions are met:
+ * 1. Redistributions of source code must retain the above copyright
+ *    notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in the
+ *    documentation and/or other materials provided with the distribution.
+ * 3. Neither the name of the author nor the
+ *    names of its contributors may be used to endorse or promote products
+ *    derived from this software without specific prior written permission.
+ * 
+ * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS" AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED
+ * WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE
+ * DISCLAIMED. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY
+ * DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES
+ * (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
+ * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND
+ * ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
+ * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS
+ * SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
+ * 
+ * @section DESCRIPTION
+ * 
+ * Sorting functions.
+ */
+
+#ifndef BADVPN_MISC_BSORT_H
+#define BADVPN_MISC_BSORT_H
+
+#include <stddef.h>
+#include <stdint.h>
+#include <string.h>
+
+#include <misc/debug.h>
+#include <misc/balloc.h>
+
+typedef int (*BSort_comparator) (const void *e1, const void *e2);
+
+static void BInsertionSort (void *arr, size_t count, size_t esize, BSort_comparator compatator, void *temp);
+
+void BInsertionSort (void *arr, size_t count, size_t esize, BSort_comparator compatator, void *temp)
+{
+    ASSERT(esize > 0)
+    
+    for (size_t i = 0; i < count; i++) {
+        size_t j = i;
+        while (j > 0) {
+            uint8_t *x = (uint8_t *)arr + (j - 1) * esize;
+            uint8_t *y = (uint8_t *)arr + j * esize;
+            int c = compatator(x, y);
+            if (c <= 0) {
+                break;
+            }
+            memcpy(temp, x, esize);
+            memcpy(x, y, esize);
+            memcpy(y, temp, esize);
+            j--;
+        }
+    }
+}
+
+#endif
diff --git a/client/3rd/PacketProcessor/PacketProcessor/tun2socks-iOS/misc/bstring.h b/client/3rd/PacketProcessor/PacketProcessor/tun2socks-iOS/misc/bstring.h
new file mode 100644
index 00000000..caef1062
--- /dev/null
+++ b/client/3rd/PacketProcessor/PacketProcessor/tun2socks-iOS/misc/bstring.h
@@ -0,0 +1,140 @@
+/**
+ * @file bstring.h
+ * @author Ambroz Bizjak <ambrop7@gmail.com>
+ * 
+ * @section LICENSE
+ * 
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions are met:
+ * 1. Redistributions of source code must retain the above copyright
+ *    notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in the
+ *    documentation and/or other materials provided with the distribution.
+ * 3. Neither the name of the author nor the
+ *    names of its contributors may be used to endorse or promote products
+ *    derived from this software without specific prior written permission.
+ * 
+ * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS" AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED
+ * WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE
+ * DISCLAIMED. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY
+ * DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES
+ * (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
+ * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND
+ * ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
+ * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS
+ * SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
+ */
+
+#ifndef BADVPN_BSTRING_H
+#define BADVPN_BSTRING_H
+
+#include <misc/debug.h>
+
+#include <stdlib.h>
+#include <string.h>
+
+#define BSTRING_TYPE_STATIC 5
+#define BSTRING_TYPE_DYNAMIC 7
+#define BSTRING_TYPE_EXTERNAL 11
+
+#define BSTRING_STATIC_SIZE 23
+#define BSTRING_STATIC_MAX (BSTRING_STATIC_SIZE - 1)
+
+typedef struct {
+    union {
+        struct {
+            char type;
+            char static_string[BSTRING_STATIC_SIZE];
+        } us;
+        struct {
+            char type;
+            char *dynamic_string;
+        } ud;
+        struct {
+            char type;
+            const char *external_string;
+        } ue;
+    } u;
+} BString;
+
+static void BString__assert (BString *o)
+{
+    switch (o->u.us.type) {
+        case BSTRING_TYPE_STATIC:
+        case BSTRING_TYPE_DYNAMIC:
+        case BSTRING_TYPE_EXTERNAL:
+            return;
+    }
+    
+    ASSERT(0);
+}
+
+static int BString_Init (BString *o, const char *str)
+{
+    if (strlen(str) <= BSTRING_STATIC_MAX) {
+        strcpy(o->u.us.static_string, str);
+        o->u.us.type = BSTRING_TYPE_STATIC;
+    } else {
+        if (!(o->u.ud.dynamic_string = malloc(strlen(str) + 1))) {
+            return 0;
+        }
+        strcpy(o->u.ud.dynamic_string, str);
+        o->u.ud.type = BSTRING_TYPE_DYNAMIC;
+    }
+    
+    BString__assert(o);
+    return 1;
+}
+
+static void BString_InitStatic (BString *o, const char *str)
+{
+    ASSERT(strlen(str) <= BSTRING_STATIC_MAX)
+    
+    strcpy(o->u.us.static_string, str);
+    o->u.us.type = BSTRING_TYPE_STATIC;
+    
+    BString__assert(o);
+}
+
+static void BString_InitExternal (BString *o, const char *str)
+{
+    o->u.ue.external_string = str;
+    o->u.ue.type = BSTRING_TYPE_EXTERNAL;
+    
+    BString__assert(o);
+}
+
+static void BString_InitAllocated (BString *o, char *str)
+{
+    o->u.ud.dynamic_string = str;
+    o->u.ud.type = BSTRING_TYPE_DYNAMIC;
+    
+    BString__assert(o);
+}
+
+static void BString_Free (BString *o)
+{
+    BString__assert(o);
+    
+    if (o->u.ud.type == BSTRING_TYPE_DYNAMIC) {
+        free(o->u.ud.dynamic_string);
+    }
+}
+
+static const char * BString_Get (BString *o)
+{
+    BString__assert(o);
+    
+    switch (o->u.us.type) {
+        case BSTRING_TYPE_STATIC: return o->u.us.static_string;
+        case BSTRING_TYPE_DYNAMIC: return o->u.ud.dynamic_string;
+        case BSTRING_TYPE_EXTERNAL: return o->u.ue.external_string;
+    }
+    
+    ASSERT(0);
+    return NULL;
+}
+
+#endif
diff --git a/client/3rd/PacketProcessor/PacketProcessor/tun2socks-iOS/misc/byteorder.h b/client/3rd/PacketProcessor/PacketProcessor/tun2socks-iOS/misc/byteorder.h
new file mode 100644
index 00000000..055b0a59
--- /dev/null
+++ b/client/3rd/PacketProcessor/PacketProcessor/tun2socks-iOS/misc/byteorder.h
@@ -0,0 +1,196 @@
+/**
+ * @file byteorder.h
+ * @author Ambroz Bizjak <ambrop7@gmail.com>
+ * 
+ * @section LICENSE
+ * 
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions are met:
+ * 1. Redistributions of source code must retain the above copyright
+ *    notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in the
+ *    documentation and/or other materials provided with the distribution.
+ * 3. Neither the name of the author nor the
+ *    names of its contributors may be used to endorse or promote products
+ *    derived from this software without specific prior written permission.
+ * 
+ * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS" AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED
+ * WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE
+ * DISCLAIMED. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY
+ * DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES
+ * (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
+ * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND
+ * ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
+ * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS
+ * SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
+ * 
+ * @section DESCRIPTION
+ * 
+ * Byte order conversion functions.
+ * 
+ * hton* functions convert from host to big-endian (network) byte order.
+ * htol* functions convert from host to little-endian byte order.
+ * ntoh* functions convert from big-endian (network) to host byte order.
+ * ltoh* functions convert from little-endian to host byte order.
+ */
+
+#ifndef BADVPN_MISC_BYTEORDER_H
+#define BADVPN_MISC_BYTEORDER_H
+
+#if (defined(BADVPN_LITTLE_ENDIAN) + defined(BADVPN_BIG_ENDIAN)) != 1
+#error Unknown byte order or too many byte orders
+#endif
+
+#include <stdint.h>
+
+static uint16_t badvpn_reverse16 (uint16_t x)
+{
+    uint16_t y;
+    *((uint8_t *)&y+0) = *((uint8_t *)&x+1);
+    *((uint8_t *)&y+1) = *((uint8_t *)&x+0);
+    return y;
+}
+
+static uint32_t badvpn_reverse32 (uint32_t x)
+{
+    uint32_t y;
+    *((uint8_t *)&y+0) = *((uint8_t *)&x+3);
+    *((uint8_t *)&y+1) = *((uint8_t *)&x+2);
+    *((uint8_t *)&y+2) = *((uint8_t *)&x+1);
+    *((uint8_t *)&y+3) = *((uint8_t *)&x+0);
+    return y;
+}
+
+static uint64_t badvpn_reverse64 (uint64_t x)
+{
+    uint64_t y;
+    *((uint8_t *)&y+0) = *((uint8_t *)&x+7);
+    *((uint8_t *)&y+1) = *((uint8_t *)&x+6);
+    *((uint8_t *)&y+2) = *((uint8_t *)&x+5);
+    *((uint8_t *)&y+3) = *((uint8_t *)&x+4);
+    *((uint8_t *)&y+4) = *((uint8_t *)&x+3);
+    *((uint8_t *)&y+5) = *((uint8_t *)&x+2);
+    *((uint8_t *)&y+6) = *((uint8_t *)&x+1);
+    *((uint8_t *)&y+7) = *((uint8_t *)&x+0);
+    return y;
+}
+
+static uint8_t hton8 (uint8_t x)
+{
+    return x;
+}
+
+static uint8_t htol8 (uint8_t x)
+{
+    return x;
+}
+
+#if defined(BADVPN_LITTLE_ENDIAN)
+
+static uint16_t hton16 (uint16_t x)
+{
+    return badvpn_reverse16(x);
+}
+
+static uint32_t hton32 (uint32_t x)
+{
+    return badvpn_reverse32(x);
+}
+
+static uint64_t hton64 (uint64_t x)
+{
+    return badvpn_reverse64(x);
+}
+
+static uint16_t htol16 (uint16_t x)
+{
+    return x;
+}
+
+static uint32_t htol32 (uint32_t x)
+{
+    return x;
+}
+
+static uint64_t htol64 (uint64_t x)
+{
+    return x;
+}
+
+#elif defined(BADVPN_BIG_ENDIAN)
+
+static uint16_t hton16 (uint16_t x)
+{
+    return x;
+}
+
+static uint32_t hton32 (uint32_t x)
+{
+    return x;
+}
+
+static uint64_t hton64 (uint64_t x)
+{
+    return x;
+}
+
+static uint16_t htol16 (uint16_t x)
+{
+    return badvpn_reverse16(x);
+}
+
+static uint32_t htol32 (uint32_t x)
+{
+    return badvpn_reverse32(x);
+}
+
+static uint64_t htol64 (uint64_t x)
+{
+    return badvpn_reverse64(x);
+}
+
+#endif
+
+static uint8_t ntoh8 (uint8_t x)
+{
+    return hton8(x);
+}
+
+static uint16_t ntoh16 (uint16_t x)
+{
+    return hton16(x);
+}
+
+static uint32_t ntoh32 (uint32_t x)
+{
+    return hton32(x);
+}
+
+static uint64_t ntoh64 (uint64_t x)
+{
+    return hton64(x);
+}
+
+static uint8_t ltoh8 (uint8_t x)
+{
+    return htol8(x);
+}
+
+static uint16_t ltoh16 (uint16_t x)
+{
+    return htol16(x);
+}
+
+static uint32_t ltoh32 (uint32_t x)
+{
+    return htol32(x);
+}
+
+static uint64_t ltoh64 (uint64_t x)
+{
+    return htol64(x);
+}
+
+#endif
diff --git a/client/3rd/PacketProcessor/PacketProcessor/tun2socks-iOS/misc/cmdline.h b/client/3rd/PacketProcessor/PacketProcessor/tun2socks-iOS/misc/cmdline.h
new file mode 100644
index 00000000..396d7948
--- /dev/null
+++ b/client/3rd/PacketProcessor/PacketProcessor/tun2socks-iOS/misc/cmdline.h
@@ -0,0 +1,168 @@
+/**
+ * @file cmdline.h
+ * @author Ambroz Bizjak <ambrop7@gmail.com>
+ * 
+ * @section LICENSE
+ * 
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions are met:
+ * 1. Redistributions of source code must retain the above copyright
+ *    notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in the
+ *    documentation and/or other materials provided with the distribution.
+ * 3. Neither the name of the author nor the
+ *    names of its contributors may be used to endorse or promote products
+ *    derived from this software without specific prior written permission.
+ * 
+ * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS" AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED
+ * WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE
+ * DISCLAIMED. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY
+ * DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES
+ * (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
+ * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND
+ * ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
+ * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS
+ * SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
+ * 
+ * @section DESCRIPTION
+ * 
+ * Command line construction functions.
+ */
+
+#ifndef BADVPN_MISC_CMDLINE_H
+#define BADVPN_MISC_CMDLINE_H
+
+#include <stddef.h>
+#include <stdarg.h>
+
+#include <misc/debug.h>
+#include <misc/exparray.h>
+#include <misc/strdup.h>
+#include <misc/memref.h>
+
+typedef struct {
+    struct ExpArray arr;
+    size_t n;
+} CmdLine;
+
+static int CmdLine_Init (CmdLine *c);
+static void CmdLine_Free (CmdLine *c);
+static int CmdLine_Append (CmdLine *c, const char *str);
+static int CmdLine_AppendNoNull (CmdLine *c, const char *str, size_t str_len);
+static int CmdLine_AppendNoNullMr (CmdLine *c, MemRef mr);
+static int CmdLine_AppendMulti (CmdLine *c, int num, ...);
+static int CmdLine_Finish (CmdLine *c);
+static char ** CmdLine_Get (CmdLine *c);
+
+static int _CmdLine_finished (CmdLine *c)
+{
+    return (c->n > 0 && ((char **)c->arr.v)[c->n - 1] == NULL);
+}
+
+int CmdLine_Init (CmdLine *c)
+{
+    if (!ExpArray_init(&c->arr, sizeof(char *), 16)) {
+        return 0;
+    }
+    
+    c->n = 0;
+    
+    return 1;
+}
+
+void CmdLine_Free (CmdLine *c)
+{
+    for (size_t i = 0; i < c->n; i++) {
+        free(((char **)c->arr.v)[i]);
+    }
+    
+    free(c->arr.v);
+}
+
+int CmdLine_Append (CmdLine *c, const char *str)
+{
+    ASSERT(str)
+    ASSERT(!_CmdLine_finished(c))
+    
+    if (!ExpArray_resize(&c->arr, c->n + 1)) {
+        return 0;
+    }
+    
+    if (!(((char **)c->arr.v)[c->n] = strdup(str))) {
+        return 0;
+    }
+    
+    c->n++;
+    
+    return 1;
+}
+
+int CmdLine_AppendNoNull (CmdLine *c, const char *str, size_t str_len)
+{
+    ASSERT(str)
+    ASSERT(!memchr(str, '\0', str_len))
+    ASSERT(!_CmdLine_finished(c))
+    
+    if (!ExpArray_resize(&c->arr, c->n + 1)) {
+        return 0;
+    }
+    
+    if (!(((char **)c->arr.v)[c->n] = b_strdup_bin(str, str_len))) {
+        return 0;
+    }
+    
+    c->n++;
+    
+    return 1;
+}
+
+int CmdLine_AppendNoNullMr (CmdLine *c, MemRef mr)
+{
+    return CmdLine_AppendNoNull(c, mr.ptr, mr.len);
+}
+
+int CmdLine_AppendMulti (CmdLine *c, int num, ...)
+{
+    int res = 1;
+    
+    va_list vl;
+    va_start(vl, num);
+    
+    for (int i = 0; i < num; i++) {
+        const char *str = va_arg(vl, const char *);
+        if (!CmdLine_Append(c, str)) {
+            res = 0;
+            break;
+        }
+    }
+    
+    va_end(vl);
+    
+    return res;
+}
+
+int CmdLine_Finish (CmdLine *c)
+{
+    ASSERT(!_CmdLine_finished(c))
+    
+    if (!ExpArray_resize(&c->arr, c->n + 1)) {
+        return 0;
+    }
+    
+    ((char **)c->arr.v)[c->n] = NULL;
+    
+    c->n++;
+    
+    return 1;
+}
+
+char ** CmdLine_Get (CmdLine *c)
+{
+    ASSERT(_CmdLine_finished(c))
+    
+    return (char **)c->arr.v;
+}
+
+#endif
diff --git a/client/3rd/PacketProcessor/PacketProcessor/tun2socks-iOS/misc/compare.h b/client/3rd/PacketProcessor/PacketProcessor/tun2socks-iOS/misc/compare.h
new file mode 100644
index 00000000..8d1a1b99
--- /dev/null
+++ b/client/3rd/PacketProcessor/PacketProcessor/tun2socks-iOS/misc/compare.h
@@ -0,0 +1,37 @@
+/**
+ * @file compare.h
+ * @author Ambroz Bizjak <ambrop7@gmail.com>
+ * 
+ * @section LICENSE
+ * 
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions are met:
+ * 1. Redistributions of source code must retain the above copyright
+ *    notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in the
+ *    documentation and/or other materials provided with the distribution.
+ * 3. Neither the name of the author nor the
+ *    names of its contributors may be used to endorse or promote products
+ *    derived from this software without specific prior written permission.
+ * 
+ * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS" AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED
+ * WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE
+ * DISCLAIMED. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY
+ * DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES
+ * (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
+ * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND
+ * ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
+ * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS
+ * SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
+ */
+
+#ifndef BADVPN_COMPARE_H
+#define BADVPN_COMPARE_H
+
+#define B_COMPARE(a, b) (((a) > (b)) - ((a) < (b)))
+#define B_COMPARE_COMBINE(cmp1, cmp2) ((cmp1) ? (cmp1) : (cmp2))
+#define B_COMPARE2(a, b, c, d) B_COMPARE_COMBINE(B_COMPARE((a), (b)), B_COMPARE((c), (d)))
+
+#endif
diff --git a/client/3rd/PacketProcessor/PacketProcessor/tun2socks-iOS/misc/concat_strings.h b/client/3rd/PacketProcessor/PacketProcessor/tun2socks-iOS/misc/concat_strings.h
new file mode 100644
index 00000000..1166906c
--- /dev/null
+++ b/client/3rd/PacketProcessor/PacketProcessor/tun2socks-iOS/misc/concat_strings.h
@@ -0,0 +1,85 @@
+/**
+ * @file concat_strings.h
+ * @author Ambroz Bizjak <ambrop7@gmail.com>
+ * 
+ * @section LICENSE
+ * 
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions are met:
+ * 1. Redistributions of source code must retain the above copyright
+ *    notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in the
+ *    documentation and/or other materials provided with the distribution.
+ * 3. Neither the name of the author nor the
+ *    names of its contributors may be used to endorse or promote products
+ *    derived from this software without specific prior written permission.
+ * 
+ * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS" AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED
+ * WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE
+ * DISCLAIMED. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY
+ * DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES
+ * (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
+ * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND
+ * ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
+ * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS
+ * SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
+ * 
+ * @section DESCRIPTION
+ * 
+ * Function for concatenating strings.
+ */
+
+#ifndef BADVPN_MISC_CONCAT_STRINGS_H
+#define BADVPN_MISC_CONCAT_STRINGS_H
+
+#include <string.h>
+#include <stdlib.h>
+#include <stdarg.h>
+
+#include "misc/debug.h"
+
+static char * concat_strings (int num, ...)
+{
+    ASSERT(num >= 0)
+    
+    // calculate sum of lengths
+    size_t sum = 0;
+    va_list ap;
+    va_start(ap, num);
+    for (int i = 0; i < num; i++) {
+        const char *str = va_arg(ap, const char *);
+        size_t str_len = strlen(str);
+        if (str_len > SIZE_MAX - 1 - sum) {
+            va_end(ap);
+            return NULL;
+        }
+        sum += str_len;
+    }
+    va_end(ap);
+    
+    // allocate memory
+    char *res_str = (char *)malloc(sum + 1);
+    if (!res_str) {
+        return NULL;
+    }
+    
+    // copy strings
+    sum = 0;
+    va_start(ap, num);
+    for (int i = 0; i < num; i++) {
+        const char *str = va_arg(ap, const char *);
+        size_t str_len = strlen(str);
+        memcpy(res_str + sum, str, str_len);
+        sum += str_len;
+    }
+    va_end(ap);
+    
+    // terminate
+    res_str[sum] = '\0';
+    
+    return res_str;
+}
+
+#endif
diff --git a/client/3rd/PacketProcessor/PacketProcessor/tun2socks-iOS/misc/dead.h b/client/3rd/PacketProcessor/PacketProcessor/tun2socks-iOS/misc/dead.h
new file mode 100644
index 00000000..7f574219
--- /dev/null
+++ b/client/3rd/PacketProcessor/PacketProcessor/tun2socks-iOS/misc/dead.h
@@ -0,0 +1,134 @@
+/**
+ * @file dead.h
+ * @author Ambroz Bizjak <ambrop7@gmail.com>
+ * 
+ * @section LICENSE
+ * 
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions are met:
+ * 1. Redistributions of source code must retain the above copyright
+ *    notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in the
+ *    documentation and/or other materials provided with the distribution.
+ * 3. Neither the name of the author nor the
+ *    names of its contributors may be used to endorse or promote products
+ *    derived from this software without specific prior written permission.
+ * 
+ * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS" AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED
+ * WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE
+ * DISCLAIMED. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY
+ * DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES
+ * (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
+ * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND
+ * ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
+ * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS
+ * SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
+ * 
+ * @section DESCRIPTION
+ * 
+ * Dead mechanism definitions.
+ * 
+ * The dead mechanism is a way for a piece of code to detect whether some
+ * specific event has occured during some operation (usually during calling
+ * a user-provided handler function), without requiring access to memory
+ * that might no longer be available because of the event.
+ * 
+ * It works somehow like that:
+ * 
+ * First a dead variable ({@link dead_t}) is allocated somewhere, and
+ * initialized with {@link DEAD_INIT}, e.g.:
+ *   DEAD_INIT(dead);
+ * 
+ * When the event that needs to be caught occurs, {@link DEAD_KILL} is
+ * called, e.g.:
+ *   DEAD_KILL(dead);
+ * The memory used by the dead variable is no longer needed after
+ * that.
+ * 
+ * If a piece of code needs to know whether the event occured during some
+ * operation (but it must not have occured before!), it puts {@link DEAD_ENTER}}
+ * in front of the operation, and does {@link DEAD_LEAVE} at the end. If
+ * {@link DEAD_LEAVE} returned nonzero, the event occured, otherwise it did
+ * not. Example:
+ *   DEAD_ENTER(dead)
+ *   HandlerFunction();
+ *   if (DEAD_LEAVE(dead)) {
+ *     (event occured)
+ *   }
+ * 
+ * If is is needed to check for the event more than once in a single block,
+ * {@link DEAD_DECLARE} should be put somewhere before, and {@link DEAD_ENTER2}
+ * should be used instead of {@link DEAD_ENTER}.
+ * 
+ * If it is needed to check for multiple events (dead variables) at the same
+ * time, DEAD_*_N macros should be used instead, specifying different
+ * identiers as the first argument for different dead variables.
+ */
+
+#ifndef BADVPN_MISC_DEAD_H
+#define BADVPN_MISC_DEAD_H
+
+#include <stdlib.h>
+
+/**
+ * Dead variable.
+ */
+typedef int *dead_t;
+
+/**
+ * Initializes a dead variable.
+ */
+#define DEAD_INIT(ptr) { ptr = NULL; }
+
+/**
+ * Kills the dead variable,
+ */
+#define DEAD_KILL(ptr) { if (ptr) *(ptr) = 1; }
+
+/**
+ * Kills the dead variable with the given value, or does nothing
+ * if the value is 0. The value will seen by {@link DEAD_KILLED}.
+ */
+#define DEAD_KILL_WITH(ptr, val) { if (ptr) *(ptr) = (val); }
+
+/**
+ * Declares dead catching variables.
+ */
+#define DEAD_DECLARE int badvpn__dead; dead_t badvpn__prev_ptr;
+
+/**
+ * Enters a dead catching using already declared dead catching variables.
+ * The dead variable must have been initialized with {@link DEAD_INIT},
+ * and {@link DEAD_KILL} must not have been called yet.
+ * {@link DEAD_LEAVE2} must be called before the current scope is left.
+ */
+#define DEAD_ENTER2(ptr) { badvpn__dead = 0; badvpn__prev_ptr = ptr; ptr = &badvpn__dead; }
+
+/**
+ * Declares dead catching variables and enters a dead catching.
+ * The dead variable must have been initialized with {@link DEAD_INIT},
+ * and {@link DEAD_KILL} must not have been called yet.
+ * {@link DEAD_LEAVE2} must be called before the current scope is left.
+ */
+#define DEAD_ENTER(ptr) DEAD_DECLARE DEAD_ENTER2(ptr)
+
+/**
+ * Leaves a dead catching.
+ */
+#define DEAD_LEAVE2(ptr) { if (!badvpn__dead) ptr = badvpn__prev_ptr; if (badvpn__prev_ptr) *badvpn__prev_ptr = badvpn__dead; }
+
+/**
+ * Returns 1 if {@link DEAD_KILL} was called for the dead variable, 0 otherwise.
+ * Must be called after entering a dead catching.
+ */
+#define DEAD_KILLED (badvpn__dead)
+
+#define DEAD_DECLARE_N(n) int badvpn__dead##n; dead_t badvpn__prev_ptr##n;
+#define DEAD_ENTER2_N(n, ptr) { badvpn__dead##n = 0; badvpn__prev_ptr##n = ptr; ptr = &badvpn__dead##n;}
+#define DEAD_ENTER_N(n, ptr) DEAD_DECLARE_N(n) DEAD_ENTER2_N(n, ptr)
+#define DEAD_LEAVE2_N(n, ptr) { if (!badvpn__dead##n) ptr = badvpn__prev_ptr##n; if (badvpn__prev_ptr##n) *badvpn__prev_ptr##n = badvpn__dead##n; }
+#define DEAD_KILLED_N(n) (badvpn__dead##n)
+
+#endif
diff --git a/client/3rd/PacketProcessor/PacketProcessor/tun2socks-iOS/misc/debug.h b/client/3rd/PacketProcessor/PacketProcessor/tun2socks-iOS/misc/debug.h
new file mode 100644
index 00000000..8e5b07fb
--- /dev/null
+++ b/client/3rd/PacketProcessor/PacketProcessor/tun2socks-iOS/misc/debug.h
@@ -0,0 +1,141 @@
+/**
+ * @file debug.h
+ * @author Ambroz Bizjak <ambrop7@gmail.com>
+ * 
+ * @section LICENSE
+ * 
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions are met:
+ * 1. Redistributions of source code must retain the above copyright
+ *    notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in the
+ *    documentation and/or other materials provided with the distribution.
+ * 3. Neither the name of the author nor the
+ *    names of its contributors may be used to endorse or promote products
+ *    derived from this software without specific prior written permission.
+ * 
+ * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS" AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED
+ * WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE
+ * DISCLAIMED. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY
+ * DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES
+ * (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
+ * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND
+ * ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
+ * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS
+ * SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
+ * 
+ * @section DESCRIPTION
+ * 
+ * Debugging macros.
+ */
+
+/**
+ * @def DEBUG
+ * 
+ * Macro for printing debugging text. Use the same way as printf,
+ * but without a newline.
+ * Prepends "function_name: " and appends a newline.
+ */
+
+/**
+ * @def ASSERT_FORCE
+ * 
+ * Macro for forced assertions.
+ * Evaluates the argument and terminates the program abnormally
+ * if the result is false.
+ */
+
+/**
+ * @def ASSERT
+ * 
+ * Macro for assertions.
+ * The argument may or may not be evaluated.
+ * If the argument is evaluated, it must not evaluate to false.
+ */
+
+/**
+ * @def ASSERT_EXECUTE
+ * 
+ * Macro for always-evaluated assertions.
+ * The argument is evaluated.
+ * The argument must not evaluate to false.
+ */
+
+/**
+ * @def DEBUG_ZERO_MEMORY
+ * 
+ * If debugging is enabled, zeroes the given memory region.
+ * First argument is pointer to the memory region, second is
+ * number of bytes.
+ */
+
+/**
+ * @def WARN_UNUSED
+ * 
+ * Tells the compiler that the result of a function should not be unused.
+ * Insert at the end of the declaration of a function before the semicolon.
+ */
+
+/**
+ * @def B_USE
+ * 
+ * This can be used to suppress warnings about unused variables. It can
+ * be applied to a variable or any expression. It does not evaluate the
+ * expression.
+ */
+
+#ifndef BADVPN_MISC_DEBUG_H
+#define BADVPN_MISC_DEBUG_H
+
+#include <stdio.h>
+#include <stdlib.h>
+#include <string.h>
+#include <stdint.h>
+#include <assert.h>
+
+#define DEBUG(...) \
+    { \
+        fprintf(stderr, "%s: ", __FUNCTION__); \
+        fprintf(stderr, __VA_ARGS__); \
+        fprintf(stderr, "\n"); \
+    }
+
+#define ASSERT_FORCE(e) \
+    { \
+        if (!(e)) { \
+            fprintf(stderr, "%s:%d Assertion failed\n", __FILE__, __LINE__); \
+        } \
+    }
+
+#ifdef NDEBUG
+    #define DEBUG_ZERO_MEMORY(buf, len) {}
+    #define ASSERT(e) {}
+    #define ASSERT_EXECUTE(e) { (e); }
+#else
+    #define DEBUG_ZERO_MEMORY(buf, len) { memset((buf), 0, (len)); }
+    #ifdef BADVPN_USE_C_ASSERT
+        #define ASSERT(e) { assert(e); }
+        #define ASSERT_EXECUTE(e) \
+            { \
+                int _assert_res = !!(e); \
+                assert(_assert_res); \
+            }
+    #else
+        #define ASSERT(e) ASSERT_FORCE(e)
+        #define ASSERT_EXECUTE(e) ASSERT_FORCE(e)
+    #endif
+#endif
+
+#ifdef __GNUC__
+    #define WARN_UNUSED __attribute__((warn_unused_result))
+#else
+    #define WARN_UNUSED
+#endif
+
+#define B_USE(expr) (void)(sizeof((expr)));
+
+#define B_ASSERT_USE(expr) { ASSERT(expr) B_USE(expr) }
+
+#endif
diff --git a/client/3rd/PacketProcessor/PacketProcessor/tun2socks-iOS/misc/debugcounter.h b/client/3rd/PacketProcessor/PacketProcessor/tun2socks-iOS/misc/debugcounter.h
new file mode 100644
index 00000000..c305dbe5
--- /dev/null
+++ b/client/3rd/PacketProcessor/PacketProcessor/tun2socks-iOS/misc/debugcounter.h
@@ -0,0 +1,118 @@
+/**
+ * @file debugcounter.h
+ * @author Ambroz Bizjak <ambrop7@gmail.com>
+ * 
+ * @section LICENSE
+ * 
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions are met:
+ * 1. Redistributions of source code must retain the above copyright
+ *    notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in the
+ *    documentation and/or other materials provided with the distribution.
+ * 3. Neither the name of the author nor the
+ *    names of its contributors may be used to endorse or promote products
+ *    derived from this software without specific prior written permission.
+ * 
+ * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS" AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED
+ * WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE
+ * DISCLAIMED. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY
+ * DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES
+ * (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
+ * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND
+ * ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
+ * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS
+ * SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
+ * 
+ * @section DESCRIPTION
+ * 
+ * Counter for detecting leaks.
+ */
+
+#ifndef BADVPN_MISC_DEBUGCOUNTER_H
+#define BADVPN_MISC_DEBUGCOUNTER_H
+
+#include <stdint.h>
+
+#include "misc/debug.h"
+
+/**
+ * Counter for detecting leaks.
+ */
+typedef struct {
+#ifndef NDEBUG
+    int32_t c;
+#endif
+} DebugCounter;
+
+#ifndef NDEBUG
+#define DEBUGCOUNTER_STATIC { 0 }
+#else
+#define DEBUGCOUNTER_STATIC {}
+#endif
+
+/**
+ * Initializes the object.
+ * The object is initialized with counter value zero.
+ * 
+ * @param obj the object
+ */
+static void DebugCounter_Init (DebugCounter *obj)
+{
+#ifndef NDEBUG
+    obj->c = 0;
+#endif
+}
+
+/**
+ * Frees the object.
+ * This does not have to be called when the counter is no longer needed.
+ * The counter value must be zero.
+ * 
+ * @param obj the object
+ */
+static void DebugCounter_Free (DebugCounter *obj)
+{
+#ifndef NDEBUG
+    ASSERT(obj->c == 0 || obj->c == INT32_MAX)
+#endif
+}
+
+/**
+ * Increments the counter.
+ * Increments the counter value by one.
+ * 
+ * @param obj the object
+ */
+static void DebugCounter_Increment (DebugCounter *obj)
+{
+#ifndef NDEBUG
+    ASSERT(obj->c >= 0)
+    
+    if (obj->c != INT32_MAX) {
+        obj->c++;
+    }
+#endif
+}
+
+/**
+ * Decrements the counter.
+ * The counter value must be >0.
+ * Decrements the counter value by one.
+ * 
+ * @param obj the object
+ */
+static void DebugCounter_Decrement (DebugCounter *obj)
+{
+#ifndef NDEBUG
+    ASSERT(obj->c > 0)
+    
+    if (obj->c != INT32_MAX) {
+        obj->c--;
+    }
+#endif
+}
+
+#endif
diff --git a/client/3rd/PacketProcessor/PacketProcessor/tun2socks-iOS/misc/debugerror.h b/client/3rd/PacketProcessor/PacketProcessor/tun2socks-iOS/misc/debugerror.h
new file mode 100644
index 00000000..44dc6859
--- /dev/null
+++ b/client/3rd/PacketProcessor/PacketProcessor/tun2socks-iOS/misc/debugerror.h
@@ -0,0 +1,90 @@
+/**
+ * @file debugerror.h
+ * @author Ambroz Bizjak <ambrop7@gmail.com>
+ * 
+ * @section LICENSE
+ * 
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions are met:
+ * 1. Redistributions of source code must retain the above copyright
+ *    notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in the
+ *    documentation and/or other materials provided with the distribution.
+ * 3. Neither the name of the author nor the
+ *    names of its contributors may be used to endorse or promote products
+ *    derived from this software without specific prior written permission.
+ * 
+ * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS" AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED
+ * WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE
+ * DISCLAIMED. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY
+ * DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES
+ * (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
+ * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND
+ * ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
+ * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS
+ * SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
+ * 
+ * @section DESCRIPTION
+ * 
+ * Mechanism for ensuring an object is destroyed from inside an error handler
+ * or its jobs.
+ */
+
+#ifndef BADVPN_MISC_DEBUGERROR_H
+#define BADVPN_MISC_DEBUGERROR_H
+
+#include "misc/debug.h"
+#include "base/BPending.h"
+
+#ifndef NDEBUG
+    #define DEBUGERROR(de, call) \
+        { \
+            ASSERT(!BPending_IsSet(&(de)->job)) \
+            BPending_Set(&(de)->job); \
+            (call); \
+        }
+#else
+    #define DEBUGERROR(de, call) { (call); }
+#endif
+
+typedef struct {
+    #ifndef NDEBUG
+    BPending job;
+    #endif
+} DebugError;
+
+static void DebugError_Init (DebugError *o, BPendingGroup *pg);
+static void DebugError_Free (DebugError *o);
+static void DebugError_AssertNoError (DebugError *o);
+
+#ifndef NDEBUG
+static void _DebugError_job_handler (DebugError *o)
+{
+    ASSERT(0);
+}
+#endif
+
+void DebugError_Init (DebugError *o, BPendingGroup *pg)
+{
+    #ifndef NDEBUG
+    BPending_Init(&o->job, pg, (BPending_handler)_DebugError_job_handler, o);
+    #endif
+}
+
+void DebugError_Free (DebugError *o)
+{
+    #ifndef NDEBUG
+    BPending_Free(&o->job);
+    #endif
+}
+
+void DebugError_AssertNoError (DebugError *o)
+{
+    #ifndef NDEBUG
+    ASSERT(!BPending_IsSet(&o->job))
+    #endif
+}
+
+#endif
diff --git a/client/3rd/PacketProcessor/PacketProcessor/tun2socks-iOS/misc/dhcp_proto.h b/client/3rd/PacketProcessor/PacketProcessor/tun2socks-iOS/misc/dhcp_proto.h
new file mode 100644
index 00000000..ed835445
--- /dev/null
+++ b/client/3rd/PacketProcessor/PacketProcessor/tun2socks-iOS/misc/dhcp_proto.h
@@ -0,0 +1,131 @@
+/**
+ * @file dhcp_proto.h
+ * @author Ambroz Bizjak <ambrop7@gmail.com>
+ * 
+ * @section LICENSE
+ * 
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions are met:
+ * 1. Redistributions of source code must retain the above copyright
+ *    notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in the
+ *    documentation and/or other materials provided with the distribution.
+ * 3. Neither the name of the author nor the
+ *    names of its contributors may be used to endorse or promote products
+ *    derived from this software without specific prior written permission.
+ * 
+ * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS" AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED
+ * WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE
+ * DISCLAIMED. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY
+ * DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES
+ * (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
+ * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND
+ * ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
+ * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS
+ * SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
+ * 
+ * @section DESCRIPTION
+ * 
+ * Definitions for the DHCP protocol.
+ */
+
+#ifndef BADVPN_MISC_DHCP_PROTO_H
+#define BADVPN_MISC_DHCP_PROTO_H
+
+#include <stdint.h>
+
+#include <misc/packed.h>
+
+#define DHCP_OP_BOOTREQUEST 1
+#define DHCP_OP_BOOTREPLY 2
+
+#define DHCP_HARDWARE_ADDRESS_TYPE_ETHERNET 1
+
+#define DHCP_MAGIC 0x63825363
+
+#define DHCP_OPTION_PAD 0
+#define DHCP_OPTION_END 255
+
+#define DHCP_OPTION_SUBNET_MASK 1
+#define DHCP_OPTION_ROUTER 3
+#define DHCP_OPTION_DOMAIN_NAME_SERVER 6
+#define DHCP_OPTION_HOST_NAME 12
+#define DHCP_OPTION_REQUESTED_IP_ADDRESS 50
+#define DHCP_OPTION_IP_ADDRESS_LEASE_TIME 51
+#define DHCP_OPTION_DHCP_MESSAGE_TYPE 53
+#define DHCP_OPTION_DHCP_SERVER_IDENTIFIER 54
+#define DHCP_OPTION_PARAMETER_REQUEST_LIST 55
+#define DHCP_OPTION_MAXIMUM_MESSAGE_SIZE 57
+#define DHCP_OPTION_RENEWAL_TIME_VALUE 58
+#define DHCP_OPTION_REBINDING_TIME_VALUE 59
+#define DHCP_OPTION_VENDOR_CLASS_IDENTIFIER 60
+#define DHCP_OPTION_CLIENT_IDENTIFIER 61
+
+#define DHCP_MESSAGE_TYPE_DISCOVER 1
+#define DHCP_MESSAGE_TYPE_OFFER 2
+#define DHCP_MESSAGE_TYPE_REQUEST 3
+#define DHCP_MESSAGE_TYPE_DECLINE 4
+#define DHCP_MESSAGE_TYPE_ACK 5
+#define DHCP_MESSAGE_TYPE_NAK 6
+#define DHCP_MESSAGE_TYPE_RELEASE 7
+
+B_START_PACKED
+struct dhcp_header {
+    uint8_t op;
+    uint8_t htype;
+    uint8_t hlen;
+    uint8_t hops;
+    uint32_t xid;
+    uint16_t secs;
+    uint16_t flags;
+    uint32_t ciaddr;
+    uint32_t yiaddr;
+    uint32_t siaddr;
+    uint32_t giaddr;
+    uint8_t chaddr[16];
+    uint8_t sname[64];
+    uint8_t file[128];
+    uint32_t magic;
+} B_PACKED;
+B_END_PACKED
+
+B_START_PACKED
+struct dhcp_option_header {
+    uint8_t type;
+    uint8_t len;
+} B_PACKED;
+B_END_PACKED
+
+B_START_PACKED
+struct dhcp_option_dhcp_message_type {
+    uint8_t type;
+} B_PACKED;
+B_END_PACKED
+
+B_START_PACKED
+struct dhcp_option_maximum_message_size {
+    uint16_t size;
+} B_PACKED;
+B_END_PACKED
+
+B_START_PACKED
+struct dhcp_option_dhcp_server_identifier {
+    uint32_t id;
+} B_PACKED;
+B_END_PACKED
+
+B_START_PACKED
+struct dhcp_option_time {
+    uint32_t time;
+} B_PACKED;
+B_END_PACKED
+
+B_START_PACKED
+struct dhcp_option_addr {
+    uint32_t addr;
+} B_PACKED;
+B_END_PACKED
+
+#endif
diff --git a/client/3rd/PacketProcessor/PacketProcessor/tun2socks-iOS/misc/ethernet_proto.h b/client/3rd/PacketProcessor/PacketProcessor/tun2socks-iOS/misc/ethernet_proto.h
new file mode 100644
index 00000000..6e49e02b
--- /dev/null
+++ b/client/3rd/PacketProcessor/PacketProcessor/tun2socks-iOS/misc/ethernet_proto.h
@@ -0,0 +1,52 @@
+/**
+ * @file ethernet_proto.h
+ * @author Ambroz Bizjak <ambrop7@gmail.com>
+ * 
+ * @section LICENSE
+ * 
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions are met:
+ * 1. Redistributions of source code must retain the above copyright
+ *    notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in the
+ *    documentation and/or other materials provided with the distribution.
+ * 3. Neither the name of the author nor the
+ *    names of its contributors may be used to endorse or promote products
+ *    derived from this software without specific prior written permission.
+ * 
+ * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS" AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED
+ * WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE
+ * DISCLAIMED. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY
+ * DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES
+ * (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
+ * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND
+ * ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
+ * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS
+ * SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
+ * 
+ * @section DESCRIPTION
+ * 
+ * Definitions for the Ethernet protocol.
+ */
+
+#ifndef BADVPN_MISC_ETHERNET_PROTO_H
+#define BADVPN_MISC_ETHERNET_PROTO_H
+
+#include <stdint.h>
+
+#include <misc/packed.h>
+
+#define ETHERTYPE_IPV4 0x0800
+#define ETHERTYPE_ARP 0x0806
+
+B_START_PACKED
+struct ethernet_header {
+    uint8_t dest[6];
+    uint8_t source[6];
+    uint16_t type;
+} B_PACKED;
+B_END_PACKED
+
+#endif
diff --git a/client/3rd/PacketProcessor/PacketProcessor/tun2socks-iOS/misc/exparray.h b/client/3rd/PacketProcessor/PacketProcessor/tun2socks-iOS/misc/exparray.h
new file mode 100644
index 00000000..b24149f8
--- /dev/null
+++ b/client/3rd/PacketProcessor/PacketProcessor/tun2socks-iOS/misc/exparray.h
@@ -0,0 +1,101 @@
+/**
+ * @file exparray.h
+ * @author Ambroz Bizjak <ambrop7@gmail.com>
+ * 
+ * @section LICENSE
+ * 
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions are met:
+ * 1. Redistributions of source code must retain the above copyright
+ *    notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in the
+ *    documentation and/or other materials provided with the distribution.
+ * 3. Neither the name of the author nor the
+ *    names of its contributors may be used to endorse or promote products
+ *    derived from this software without specific prior written permission.
+ * 
+ * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS" AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED
+ * WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE
+ * DISCLAIMED. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY
+ * DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES
+ * (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
+ * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND
+ * ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
+ * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS
+ * SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
+ * 
+ * @section DESCRIPTION
+ * 
+ * Dynamic array which grows exponentionally on demand.
+ */
+
+#ifndef BADVPN_MISC_EXPARRAY_H
+#define BADVPN_MISC_EXPARRAY_H
+
+#include <stddef.h>
+#include <stdlib.h>
+#include <limits.h>
+
+#include <misc/debug.h>
+
+struct ExpArray {
+    size_t esize;
+    size_t size;
+    void *v;
+};
+
+static int ExpArray_init (struct ExpArray *o, size_t esize, size_t size)
+{
+    ASSERT(esize > 0)
+    ASSERT(size > 0)
+    
+    o->esize = esize;
+    o->size = size;
+    
+    if (o->size > SIZE_MAX / o->esize) {
+        return 0;
+    }
+    
+    if (!(o->v = malloc(o->size * o->esize))) {
+        return 0;
+    }
+    
+    return 1;
+}
+
+static int ExpArray_resize (struct ExpArray *o, size_t size)
+{
+    ASSERT(size > 0)
+    
+    if (size <= o->size) {
+        return 1;
+    }
+    
+    size_t newsize = o->size;
+    
+    while (newsize < size) {
+        if (2 > SIZE_MAX / newsize) {
+            return 0;
+        }
+        
+        newsize = 2 * newsize;
+    }
+    
+    if (newsize > SIZE_MAX / o->esize) {
+        return 0;
+    }
+    
+    void *newarr = realloc(o->v, newsize * o->esize);
+    if (!newarr) {
+        return 0;
+    }
+    
+    o->size = newsize;
+    o->v = newarr;
+    
+    return 1;
+}
+
+#endif
diff --git a/client/3rd/PacketProcessor/PacketProcessor/tun2socks-iOS/misc/expstring.h b/client/3rd/PacketProcessor/PacketProcessor/tun2socks-iOS/misc/expstring.h
new file mode 100644
index 00000000..8081e2f7
--- /dev/null
+++ b/client/3rd/PacketProcessor/PacketProcessor/tun2socks-iOS/misc/expstring.h
@@ -0,0 +1,174 @@
+/**
+ * @file expstring.h
+ * @author Ambroz Bizjak <ambrop7@gmail.com>
+ * 
+ * @section LICENSE
+ * 
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions are met:
+ * 1. Redistributions of source code must retain the above copyright
+ *    notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in the
+ *    documentation and/or other materials provided with the distribution.
+ * 3. Neither the name of the author nor the
+ *    names of its contributors may be used to endorse or promote products
+ *    derived from this software without specific prior written permission.
+ * 
+ * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS" AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED
+ * WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE
+ * DISCLAIMED. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY
+ * DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES
+ * (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
+ * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND
+ * ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
+ * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS
+ * SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
+ */
+
+#ifndef BADVPN_MISC_EXPSTRING_H
+#define BADVPN_MISC_EXPSTRING_H
+
+#include <stddef.h>
+
+#include <misc/debug.h>
+#include <misc/exparray.h>
+#include <misc/bsize.h>
+#include <misc/memref.h>
+
+typedef struct {
+    struct ExpArray arr;
+    size_t n;
+} ExpString;
+
+static int ExpString_Init (ExpString *c);
+static void ExpString_Free (ExpString *c);
+static int ExpString_Append (ExpString *c, const char *str);
+static int ExpString_AppendChar (ExpString *c, char ch);
+static int ExpString_AppendByte (ExpString *c, uint8_t x);
+static int ExpString_AppendBinary (ExpString *c, const uint8_t *data, size_t len);
+static int ExpString_AppendBinaryMr (ExpString *c, MemRef data);
+static int ExpString_AppendZeros (ExpString *c, size_t len);
+static char * ExpString_Get (ExpString *c);
+static size_t ExpString_Length (ExpString *c);
+static MemRef ExpString_GetMr (ExpString *c);
+
+int ExpString_Init (ExpString *c)
+{
+    if (!ExpArray_init(&c->arr, 1, 16)) {
+        return 0;
+    }
+    
+    c->n = 0;
+    ((char *)c->arr.v)[c->n] = '\0';
+    
+    return 1;
+}
+
+void ExpString_Free (ExpString *c)
+{
+    free(c->arr.v);
+}
+
+int ExpString_Append (ExpString *c, const char *str)
+{
+    ASSERT(str)
+    
+    size_t l = strlen(str);
+    bsize_t newsize = bsize_add(bsize_fromsize(c->n), bsize_add(bsize_fromsize(l), bsize_fromint(1)));
+    
+    if (newsize.is_overflow || !ExpArray_resize(&c->arr, newsize.value)) {
+        return 0;
+    }
+    
+    memcpy((char *)c->arr.v + c->n, str, l);
+    c->n += l;
+    ((char *)c->arr.v)[c->n] = '\0';
+    
+    return 1;
+}
+
+int ExpString_AppendChar (ExpString *c, char ch)
+{
+    ASSERT(ch != '\0')
+    
+    bsize_t newsize = bsize_add(bsize_fromsize(c->n), bsize_fromint(2));
+    
+    if (newsize.is_overflow || !ExpArray_resize(&c->arr, newsize.value)) {
+        return 0;
+    }
+    
+    ((char *)c->arr.v)[c->n] = ch;
+    c->n++;
+    ((char *)c->arr.v)[c->n] = '\0';
+    
+    return 1;
+}
+
+int ExpString_AppendByte (ExpString *c, uint8_t x)
+{
+    bsize_t newsize = bsize_add(bsize_fromsize(c->n), bsize_fromint(2));
+    
+    if (newsize.is_overflow || !ExpArray_resize(&c->arr, newsize.value)) {
+        return 0;
+    }
+    
+    ((uint8_t *)c->arr.v)[c->n] = x;
+    c->n++;
+    ((char *)c->arr.v)[c->n] = '\0';
+    
+    return 1;
+}
+
+int ExpString_AppendBinary (ExpString *c, const uint8_t *data, size_t len)
+{
+    bsize_t newsize = bsize_add(bsize_fromsize(c->n), bsize_add(bsize_fromsize(len), bsize_fromint(1)));
+    
+    if (newsize.is_overflow || !ExpArray_resize(&c->arr, newsize.value)) {
+        return 0;
+    }
+    
+    memcpy((char *)c->arr.v + c->n, data, len);
+    c->n += len;
+    ((char *)c->arr.v)[c->n] = '\0';
+    
+    return 1;
+}
+
+int ExpString_AppendBinaryMr (ExpString *c, MemRef data)
+{
+    return ExpString_AppendBinary(c, (uint8_t const *)data.ptr, data.len);
+}
+
+int ExpString_AppendZeros (ExpString *c, size_t len)
+{
+    bsize_t newsize = bsize_add(bsize_fromsize(c->n), bsize_add(bsize_fromsize(len), bsize_fromint(1)));
+    
+    if (newsize.is_overflow || !ExpArray_resize(&c->arr, newsize.value)) {
+        return 0;
+    }
+    
+    memset((char *)c->arr.v + c->n, 0, len);
+    c->n += len;
+    ((char *)c->arr.v)[c->n] = '\0';
+    
+    return 1;
+}
+
+char * ExpString_Get (ExpString *c)
+{
+    return (char *)c->arr.v;
+}
+
+size_t ExpString_Length (ExpString *c)
+{
+    return c->n;
+}
+
+MemRef ExpString_GetMr (ExpString *c)
+{
+    return MemRef_Make((char const *)c->arr.v, c->n);
+}
+
+#endif
diff --git a/client/3rd/PacketProcessor/PacketProcessor/tun2socks-iOS/misc/find_char.h b/client/3rd/PacketProcessor/PacketProcessor/tun2socks-iOS/misc/find_char.h
new file mode 100644
index 00000000..a3a868e6
--- /dev/null
+++ b/client/3rd/PacketProcessor/PacketProcessor/tun2socks-iOS/misc/find_char.h
@@ -0,0 +1,58 @@
+/**
+ * @file find_char.h
+ * @author Ambroz Bizjak <ambrop7@gmail.com>
+ * 
+ * @section LICENSE
+ * 
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions are met:
+ * 1. Redistributions of source code must retain the above copyright
+ *    notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in the
+ *    documentation and/or other materials provided with the distribution.
+ * 3. Neither the name of the author nor the
+ *    names of its contributors may be used to endorse or promote products
+ *    derived from this software without specific prior written permission.
+ * 
+ * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS" AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED
+ * WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE
+ * DISCLAIMED. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY
+ * DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES
+ * (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
+ * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND
+ * ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
+ * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS
+ * SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
+ */
+
+#ifndef BADVPN_FIND_CHAR_H
+#define BADVPN_FIND_CHAR_H
+
+#include <stddef.h>
+
+#include "misc/debug.h"
+
+/**
+ * Finds the first character 'c' in the string represented by 'str' and 'len'.
+ * If found, returns 1 and writes the position to *out_pos (if out_pos!=NULL).
+ * If not found, returns 0 and does not modify *out_pos.
+ */
+static int b_find_char_bin (const char *str, size_t len, char c, size_t *out_pos)
+{
+    ASSERT(str)
+    
+    for (size_t i = 0; i < len; i++) {
+        if (str[i] == c) {
+            if (out_pos) {
+                *out_pos = i;
+            }
+            return 1;
+        }
+    }
+    
+    return 0;
+}
+
+#endif
diff --git a/client/3rd/PacketProcessor/PacketProcessor/tun2socks-iOS/misc/find_program.h b/client/3rd/PacketProcessor/PacketProcessor/tun2socks-iOS/misc/find_program.h
new file mode 100644
index 00000000..d381e185
--- /dev/null
+++ b/client/3rd/PacketProcessor/PacketProcessor/tun2socks-iOS/misc/find_program.h
@@ -0,0 +1,103 @@
+/**
+ * @file find_program.h
+ * @author Ambroz Bizjak <ambrop7@gmail.com>
+ * 
+ * @section LICENSE
+ * 
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions are met:
+ * 1. Redistributions of source code must retain the above copyright
+ *    notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in the
+ *    documentation and/or other materials provided with the distribution.
+ * 3. Neither the name of the author nor the
+ *    names of its contributors may be used to endorse or promote products
+ *    derived from this software without specific prior written permission.
+ * 
+ * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS" AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED
+ * WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE
+ * DISCLAIMED. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY
+ * DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES
+ * (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
+ * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND
+ * ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
+ * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS
+ * SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
+ * 
+ * @section DESCRIPTION
+ * 
+ * Function that finds the absolute path of a program by checking a predefined
+ * list of directories.
+ */
+
+#ifndef BADVPN_FIND_PROGRAM_H
+#define BADVPN_FIND_PROGRAM_H
+
+#include <stdlib.h>
+#include <unistd.h>
+#include <string.h>
+
+#include <misc/concat_strings.h>
+#include <misc/debug.h>
+#include <misc/balloc.h>
+
+static char * badvpn_find_program (const char *name);
+
+static char * badvpn_find_program (const char *name)
+{
+    ASSERT(name)
+    
+    char *path = getenv("PATH");
+    if (path) {
+        while (1) {
+            size_t i = 0;
+            while (path[i] != ':' && path[i] != '\0') {
+                i++;
+            }
+            char const *src = path;
+            size_t src_len = i;
+            if (src_len == 0) {
+                src = ".";
+                src_len = 1;
+            }
+            size_t name_len = strlen(name);
+            char *entry = BAllocSize(bsize_add(bsize_fromsize(src_len), bsize_add(bsize_fromsize(name_len), bsize_fromsize(2))));
+            if (!entry) {
+                goto fail;
+            }
+            memcpy(entry, src, src_len);
+            entry[src_len] = '/';
+            strcpy(entry + (src_len + 1), name);
+            if (access(entry, X_OK) == 0) {
+                return entry;
+            }
+            free(entry);
+            if (path[i] == '\0') {
+                break;
+            }
+            path += i + 1;
+        }
+    }
+    
+    const char *dirs[] = {"/usr/sbin", "/usr/bin", "/sbin", "/bin", NULL};
+    
+    for (size_t i = 0; dirs[i]; i++) {
+        char *try_path = concat_strings(3, dirs[i], "/", name);
+        if (!try_path) {
+            goto fail;
+        }
+        
+        if (access(try_path, X_OK) == 0) {
+            return try_path;
+        }
+        
+        free(try_path);
+    }
+    
+fail:
+    return NULL;
+}
+
+#endif
diff --git a/client/3rd/PacketProcessor/PacketProcessor/tun2socks-iOS/misc/get_iface_info.h b/client/3rd/PacketProcessor/PacketProcessor/tun2socks-iOS/misc/get_iface_info.h
new file mode 100644
index 00000000..190741b3
--- /dev/null
+++ b/client/3rd/PacketProcessor/PacketProcessor/tun2socks-iOS/misc/get_iface_info.h
@@ -0,0 +1,110 @@
+/**
+ * @file get_iface_info.h
+ * @author Ambroz Bizjak <ambrop7@gmail.com>
+ * 
+ * @section LICENSE
+ * 
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions are met:
+ * 1. Redistributions of source code must retain the above copyright
+ *    notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in the
+ *    documentation and/or other materials provided with the distribution.
+ * 3. Neither the name of the author nor the
+ *    names of its contributors may be used to endorse or promote products
+ *    derived from this software without specific prior written permission.
+ * 
+ * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS" AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED
+ * WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE
+ * DISCLAIMED. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY
+ * DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES
+ * (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
+ * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND
+ * ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
+ * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS
+ * SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
+ */
+
+#ifndef BADVPN_GETIFACEINFO_H
+#define BADVPN_GETIFACEINFO_H
+
+#include <stdio.h>
+#include <string.h>
+#include <stdint.h>
+#include <unistd.h>
+#include <sys/socket.h>
+#include <net/if.h>
+#include <net/if_arp.h>
+#include <sys/ioctl.h>
+
+#include <misc/debug.h>
+
+/**
+ * Returns information about a network interface with the given name.
+ * 
+ * @param ifname name of interface to get information for
+ * @param out_mac the MAC address will be returned here, unless NULL
+ * @param out_mtu the MTU will be returned here, unless NULL
+ * @param out_ifindex the interface index will be returned here, unless NULL
+ * @return 1 on success, 0 on failure
+ */
+static int badvpn_get_iface_info (const char *ifname, uint8_t *out_mac, int *out_mtu, int *out_ifindex) WARN_UNUSED;
+
+
+static int badvpn_get_iface_info (const char *ifname, uint8_t *out_mac, int *out_mtu, int *out_ifindex)
+{
+    ASSERT(ifname)
+    
+    struct ifreq ifr;
+    
+    int s = socket(AF_INET, SOCK_DGRAM, 0);
+    if (s < 0) {
+        goto fail0;
+    }
+    
+    // get MAC
+    if (out_mac) {
+        memset(&ifr, 0, sizeof(ifr));
+        snprintf(ifr.ifr_name, sizeof(ifr.ifr_name), "%s", ifname);
+        if (ioctl(s, SIOCGIFHWADDR, &ifr)) {
+            goto fail1;
+        }
+        if (ifr.ifr_hwaddr.sa_family != ARPHRD_ETHER) {
+            goto fail1;
+        }
+        memcpy(out_mac, ifr.ifr_hwaddr.sa_data, 6);
+    }
+    
+    // get MTU
+    if (out_mtu) {
+        memset(&ifr, 0, sizeof(ifr));
+        snprintf(ifr.ifr_name, sizeof(ifr.ifr_name), "%s", ifname);
+        if (ioctl(s, SIOCGIFMTU, &ifr)) {
+            goto fail1;
+        }
+        *out_mtu = ifr.ifr_mtu;
+    }
+    
+    // get interface index
+    if (out_ifindex) {
+        memset(&ifr, 0, sizeof(ifr));
+        snprintf(ifr.ifr_name, sizeof(ifr.ifr_name), "%s", ifname);
+        if (ioctl(s, SIOCGIFINDEX, &ifr)) {
+            goto fail1;
+        }
+        *out_ifindex = ifr.ifr_ifindex;
+    }
+    
+    close(s);
+    
+    return 1;
+    
+fail1:
+    close(s);
+fail0:
+    return 0;
+}
+
+#endif
diff --git a/client/3rd/PacketProcessor/PacketProcessor/tun2socks-iOS/misc/grow_array.h b/client/3rd/PacketProcessor/PacketProcessor/tun2socks-iOS/misc/grow_array.h
new file mode 100644
index 00000000..9a42d04c
--- /dev/null
+++ b/client/3rd/PacketProcessor/PacketProcessor/tun2socks-iOS/misc/grow_array.h
@@ -0,0 +1,139 @@
+/**
+ * @file grow_array.h
+ * @author Ambroz Bizjak <ambrop7@gmail.com>
+ * 
+ * @section LICENSE
+ * 
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions are met:
+ * 1. Redistributions of source code must retain the above copyright
+ *    notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in the
+ *    documentation and/or other materials provided with the distribution.
+ * 3. Neither the name of the author nor the
+ *    names of its contributors may be used to endorse or promote products
+ *    derived from this software without specific prior written permission.
+ * 
+ * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS" AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED
+ * WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE
+ * DISCLAIMED. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY
+ * DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES
+ * (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
+ * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND
+ * ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
+ * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS
+ * SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
+ */
+
+// Preprocessor inputs:
+// GROWARRAY_NAME - prefix of of functions to define
+// GROWARRAY_OBJECT_TYPE - type of structure where array and capacity sizes are
+// GROWARRAY_ARRAY_MEMBER - array member
+// GROWARRAY_CAPACITY_MEMBER - capacity member
+// GROWARRAY_MAX_CAPACITY - max value of capacity member
+
+#include <limits.h>
+#include <string.h>
+#include <stddef.h>
+
+#include <misc/debug.h>
+#include <misc/balloc.h>
+#include <misc/merge.h>
+
+#define GrowArrayObject GROWARRAY_OBJECT_TYPE
+#define GrowArray_Init MERGE(GROWARRAY_NAME, _Init)
+#define GrowArray_InitEmpty MERGE(GROWARRAY_NAME, _InitEmpty)
+#define GrowArray_Free MERGE(GROWARRAY_NAME, _Free)
+#define GrowArray_DoubleUp MERGE(GROWARRAY_NAME, _DoubleUp)
+#define GrowArray_DoubleUpLimit MERGE(GROWARRAY_NAME, _DoubleUpLimit)
+
+static int GrowArray_Init (GrowArrayObject *o, size_t capacity) WARN_UNUSED;
+static void GrowArray_InitEmpty (GrowArrayObject *o);
+static void GrowArray_Free (GrowArrayObject *o);
+static int GrowArray_DoubleUp (GrowArrayObject *o) WARN_UNUSED;
+static int GrowArray_DoubleUpLimit (GrowArrayObject *o, size_t limit) WARN_UNUSED;
+
+static int GrowArray_Init (GrowArrayObject *o, size_t capacity)
+{
+    if (capacity > GROWARRAY_MAX_CAPACITY) {
+        return 0;
+    }
+    
+    if (capacity == 0) {
+        o->GROWARRAY_ARRAY_MEMBER = NULL;
+    } else {
+        if (!(o->GROWARRAY_ARRAY_MEMBER = BAllocArray(capacity, sizeof(o->GROWARRAY_ARRAY_MEMBER[0])))) {
+            return 0;
+        }
+    }
+    
+    o->GROWARRAY_CAPACITY_MEMBER = capacity;
+    
+    return 1;
+}
+
+static void GrowArray_InitEmpty (GrowArrayObject *o)
+{
+    o->GROWARRAY_ARRAY_MEMBER = NULL;
+    o->GROWARRAY_CAPACITY_MEMBER = 0;
+}
+
+static void GrowArray_Free (GrowArrayObject *o)
+{
+    if (o->GROWARRAY_ARRAY_MEMBER) {
+        BFree(o->GROWARRAY_ARRAY_MEMBER);
+    }
+}
+
+static int GrowArray_DoubleUp (GrowArrayObject *o)
+{
+    return GrowArray_DoubleUpLimit(o, SIZE_MAX);
+}
+
+static int GrowArray_DoubleUpLimit (GrowArrayObject *o, size_t limit)
+{
+    if (o->GROWARRAY_CAPACITY_MEMBER > SIZE_MAX / 2 || o->GROWARRAY_CAPACITY_MEMBER > GROWARRAY_MAX_CAPACITY / 2) {
+        return 0;
+    }
+    
+    size_t newcap = 2 * o->GROWARRAY_CAPACITY_MEMBER;
+    if (newcap == 0) {
+        newcap = 1;
+    }
+    
+    if (newcap > limit) {
+        newcap = limit;
+        if (newcap == o->GROWARRAY_CAPACITY_MEMBER) {
+            return 0;
+        }
+    }
+    
+    void *newarr = BAllocArray(newcap, sizeof(o->GROWARRAY_ARRAY_MEMBER[0]));
+    if (!newarr) {
+        return 0;
+    }
+    
+    memcpy(newarr, o->GROWARRAY_ARRAY_MEMBER, o->GROWARRAY_CAPACITY_MEMBER * sizeof(o->GROWARRAY_ARRAY_MEMBER[0]));
+    
+    BFree(o->GROWARRAY_ARRAY_MEMBER);
+    
+    o->GROWARRAY_ARRAY_MEMBER = newarr;
+    o->GROWARRAY_CAPACITY_MEMBER = newcap;
+    
+    return 1;
+}
+
+#undef GROWARRAY_NAME
+#undef GROWARRAY_OBJECT_TYPE
+#undef GROWARRAY_ARRAY_MEMBER
+#undef GROWARRAY_CAPACITY_MEMBER
+#undef GROWARRAY_MAX_CAPACITY
+
+#undef GrowArrayObject
+#undef GrowArray_Init
+#undef GrowArray_InitEmpty
+#undef GrowArray_Free
+#undef GrowArray_DoubleUp
+#undef GrowArray_DoubleUpLimit
diff --git a/client/3rd/PacketProcessor/PacketProcessor/tun2socks-iOS/misc/hashfun.h b/client/3rd/PacketProcessor/PacketProcessor/tun2socks-iOS/misc/hashfun.h
new file mode 100644
index 00000000..5e8956ab
--- /dev/null
+++ b/client/3rd/PacketProcessor/PacketProcessor/tun2socks-iOS/misc/hashfun.h
@@ -0,0 +1,60 @@
+/**
+ * @file hashfun.h
+ * @author Ambroz Bizjak <ambrop7@gmail.com>
+ * 
+ * @section LICENSE
+ * 
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions are met:
+ * 1. Redistributions of source code must retain the above copyright
+ *    notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in the
+ *    documentation and/or other materials provided with the distribution.
+ * 3. Neither the name of the author nor the
+ *    names of its contributors may be used to endorse or promote products
+ *    derived from this software without specific prior written permission.
+ * 
+ * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS" AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED
+ * WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE
+ * DISCLAIMED. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY
+ * DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES
+ * (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
+ * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND
+ * ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
+ * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS
+ * SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
+ */
+
+#ifndef BADVPN_HASHFUN_H
+#define BADVPN_HASHFUN_H
+
+#include <stdint.h>
+#include <stddef.h>
+
+static size_t badvpn_djb2_hash (const uint8_t *str)
+{
+    size_t hash = 5381;
+    int c;
+    
+    while (c = *str++) {
+        hash = ((hash << 5) + hash) + c;
+    }
+    
+    return hash;
+}
+
+static size_t badvpn_djb2_hash_bin (const uint8_t *str, size_t str_len)
+{
+    size_t hash = 5381;
+    
+    while (str_len-- > 0) {
+        int c = *str++;
+        hash = ((hash << 5) + hash) + c;
+    }
+    
+    return hash;
+}
+
+#endif
diff --git a/client/3rd/PacketProcessor/PacketProcessor/tun2socks-iOS/misc/igmp_proto.h b/client/3rd/PacketProcessor/PacketProcessor/tun2socks-iOS/misc/igmp_proto.h
new file mode 100644
index 00000000..9188ea02
--- /dev/null
+++ b/client/3rd/PacketProcessor/PacketProcessor/tun2socks-iOS/misc/igmp_proto.h
@@ -0,0 +1,97 @@
+/**
+ * @file igmp_proto.h
+ * @author Ambroz Bizjak <ambrop7@gmail.com>
+ * 
+ * @section LICENSE
+ * 
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions are met:
+ * 1. Redistributions of source code must retain the above copyright
+ *    notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in the
+ *    documentation and/or other materials provided with the distribution.
+ * 3. Neither the name of the author nor the
+ *    names of its contributors may be used to endorse or promote products
+ *    derived from this software without specific prior written permission.
+ * 
+ * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS" AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED
+ * WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE
+ * DISCLAIMED. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY
+ * DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES
+ * (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
+ * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND
+ * ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
+ * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS
+ * SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
+ * 
+ * @section DESCRIPTION
+ * 
+ * Definitions for the IGMP protocol.
+ */
+
+#ifndef BADVPN_MISC_IGMP_PROTO_H
+#define BADVPN_MISC_IGMP_PROTO_H
+
+#include <stdint.h>
+
+#include <misc/packed.h>
+
+#define IGMP_TYPE_MEMBERSHIP_QUERY 0x11
+#define IGMP_TYPE_V1_MEMBERSHIP_REPORT 0x12
+#define IGMP_TYPE_V2_MEMBERSHIP_REPORT 0x16
+#define IGMP_TYPE_V3_MEMBERSHIP_REPORT 0x22
+#define IGMP_TYPE_V2_LEAVE_GROUP 0x17
+
+#define IGMP_RECORD_TYPE_MODE_IS_INCLUDE 1
+#define IGMP_RECORD_TYPE_MODE_IS_EXCLUDE 2
+#define IGMP_RECORD_TYPE_CHANGE_TO_INCLUDE_MODE 3
+#define IGMP_RECORD_TYPE_CHANGE_TO_EXCLUDE_MODE 4
+
+B_START_PACKED
+struct igmp_source {
+    uint32_t addr;
+} B_PACKED;
+B_END_PACKED
+
+B_START_PACKED
+struct igmp_base {
+    uint8_t type;
+    uint8_t max_resp_code;
+    uint16_t checksum;
+} B_PACKED;
+B_END_PACKED
+
+B_START_PACKED
+struct igmp_v3_query_extra {
+    uint32_t group;
+    uint8_t reserved4_suppress1_qrv3;
+    uint8_t qqic;
+    uint16_t number_of_sources;
+} B_PACKED;
+B_END_PACKED
+
+B_START_PACKED
+struct igmp_v3_report_extra {
+    uint16_t reserved;
+    uint16_t number_of_group_records;
+} B_PACKED;
+B_END_PACKED
+
+B_START_PACKED
+struct igmp_v3_report_record {
+    uint8_t type;
+    uint8_t aux_data_len;
+    uint16_t number_of_sources;
+    uint32_t group;
+} B_PACKED;
+B_END_PACKED
+
+B_START_PACKED
+struct igmp_v2_extra {
+    uint32_t group;
+} B_PACKED;
+B_END_PACKED
+
+#endif
diff --git a/client/3rd/PacketProcessor/PacketProcessor/tun2socks-iOS/misc/ipaddr.h b/client/3rd/PacketProcessor/PacketProcessor/tun2socks-iOS/misc/ipaddr.h
new file mode 100644
index 00000000..6de58522
--- /dev/null
+++ b/client/3rd/PacketProcessor/PacketProcessor/tun2socks-iOS/misc/ipaddr.h
@@ -0,0 +1,201 @@
+/**
+ * @file ipaddr.h
+ * @author Ambroz Bizjak <ambrop7@gmail.com>
+ * 
+ * @section LICENSE
+ * 
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions are met:
+ * 1. Redistributions of source code must retain the above copyright
+ *    notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in the
+ *    documentation and/or other materials provided with the distribution.
+ * 3. Neither the name of the author nor the
+ *    names of its contributors may be used to endorse or promote products
+ *    derived from this software without specific prior written permission.
+ * 
+ * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS" AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED
+ * WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE
+ * DISCLAIMED. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY
+ * DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES
+ * (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
+ * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND
+ * ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
+ * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS
+ * SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
+ * 
+ * @section DESCRIPTION
+ * 
+ * IP address parsing functions.
+ */
+
+#ifndef BADVPN_MISC_IPADDR_H
+#define BADVPN_MISC_IPADDR_H
+
+#include <string.h>
+#include <stdlib.h>
+
+#include <misc/debug.h>
+#include <misc/byteorder.h>
+#include <misc/parse_number.h>
+#include <misc/find_char.h>
+#include <misc/print_macros.h>
+#include <misc/memref.h>
+
+struct ipv4_ifaddr {
+    uint32_t addr;
+    int prefix;
+};
+
+static int ipaddr_parse_ipv4_addr (MemRef name, uint32_t *out_addr);
+static int ipaddr_parse_ipv4_prefix (MemRef str, int *num);
+static int ipaddr_parse_ipv4_ifaddr (MemRef str, struct ipv4_ifaddr *out);
+static int ipaddr_ipv4_ifaddr_from_addr_mask (uint32_t addr, uint32_t mask, struct ipv4_ifaddr *out);
+static uint32_t ipaddr_ipv4_mask_from_prefix (int prefix);
+static int ipaddr_ipv4_prefix_from_mask (uint32_t mask, int *out_prefix);
+static int ipaddr_ipv4_addrs_in_network (uint32_t addr1, uint32_t addr2, int netprefix);
+
+#define IPADDR_PRINT_MAX 19
+
+static void ipaddr_print_addr (uint32_t addr, char *out);
+static void ipaddr_print_ifaddr (struct ipv4_ifaddr ifaddr, char *out);
+
+int ipaddr_parse_ipv4_addr (MemRef name, uint32_t *out_addr)
+{
+    for (size_t i = 0; ; i++) {
+        size_t j;
+        for (j = 0; j < name.len && name.ptr[j] != '.'; j++);
+        
+        if ((j == name.len && i < 3) || (j < name.len && i == 3)) {
+            return 0;
+        }
+        
+        if (j < 1 || j > 3) {
+            return 0;
+        }
+        
+        uintmax_t d;
+        if (!parse_unsigned_integer(MemRef_SubTo(name, j), &d)) {
+            return 0;
+        }
+        
+        if (d > 255) {
+            return 0;
+        }
+        
+        ((uint8_t *)out_addr)[i] = d;
+        
+        if (i == 3) {
+            return 1;
+        }
+        
+        name.ptr += j + 1;
+        name.len -= j + 1;
+    }
+}
+
+int ipaddr_parse_ipv4_prefix (MemRef str, int *num)
+{
+    uintmax_t d;
+    if (!parse_unsigned_integer(str, &d)) {
+        return 0;
+    }
+    if (d > 32) {
+        return 0;
+    }
+    
+    *num = d;
+    return 1;
+}
+
+int ipaddr_parse_ipv4_ifaddr (MemRef str, struct ipv4_ifaddr *out)
+{
+    size_t slash_pos;
+    if (!MemRef_FindChar(str, '/', &slash_pos)) {
+        return 0;
+    }
+    
+    return (ipaddr_parse_ipv4_addr(MemRef_SubTo(str, slash_pos), &out->addr) &&
+            ipaddr_parse_ipv4_prefix(MemRef_SubFrom(str, slash_pos + 1), &out->prefix));
+}
+
+int ipaddr_ipv4_ifaddr_from_addr_mask (uint32_t addr, uint32_t mask, struct ipv4_ifaddr *out)
+{
+    int prefix;
+    if (!ipaddr_ipv4_prefix_from_mask(mask, &prefix)) {
+        return 0;
+    }
+    
+    out->addr = addr;
+    out->prefix = prefix;
+    return 1;
+}
+
+uint32_t ipaddr_ipv4_mask_from_prefix (int prefix)
+{
+    ASSERT(prefix >= 0)
+    ASSERT(prefix <= 32)
+    
+    uint32_t t = 0;
+    for (int i = 0; i < prefix; i++) {
+        t |= 1 << (32 - i - 1);
+    }
+    
+    return hton32(t);
+}
+
+int ipaddr_ipv4_prefix_from_mask (uint32_t mask, int *out_prefix)
+{
+    uint32_t t = 0;
+    int i;
+    for (i = 0; i <= 32; i++) {
+        if (ntoh32(mask) == t) {
+            break;
+        }
+        if (i < 32) {
+            t |= (1 << (32 - i - 1));
+        }
+    }
+    if (!(i <= 32)) {
+        return 0;
+    }
+    
+    *out_prefix = i;
+    return 1;
+}
+
+int ipaddr_ipv4_addrs_in_network (uint32_t addr1, uint32_t addr2, int netprefix)
+{
+    ASSERT(netprefix >= 0)
+    ASSERT(netprefix <= 32)
+    
+    uint32_t mask = ipaddr_ipv4_mask_from_prefix(netprefix);
+    
+    return !!((addr1 & mask) == (addr2 & mask));
+}
+
+void ipaddr_print_addr (uint32_t addr, char *out)
+{
+    ASSERT(out)
+    
+    uint8_t *b = (uint8_t *)&addr;
+    
+    sprintf(out, "%"PRIu8".%"PRIu8".%"PRIu8".%"PRIu8,
+            b[0], b[1], b[2], b[3]);
+}
+
+void ipaddr_print_ifaddr (struct ipv4_ifaddr ifaddr, char *out)
+{
+    ASSERT(ifaddr.prefix >= 0)
+    ASSERT(ifaddr.prefix <= 32)
+    ASSERT(out)
+    
+    uint8_t *b = (uint8_t *)&ifaddr.addr;
+    
+    sprintf(out, "%"PRIu8".%"PRIu8".%"PRIu8".%"PRIu8"/%d",
+            b[0], b[1], b[2], b[3], ifaddr.prefix);
+}
+
+#endif
diff --git a/client/3rd/PacketProcessor/PacketProcessor/tun2socks-iOS/misc/ipaddr6.h b/client/3rd/PacketProcessor/PacketProcessor/tun2socks-iOS/misc/ipaddr6.h
new file mode 100644
index 00000000..5befd790
--- /dev/null
+++ b/client/3rd/PacketProcessor/PacketProcessor/tun2socks-iOS/misc/ipaddr6.h
@@ -0,0 +1,383 @@
+/**
+ * @file ipaddr6.h
+ * @author Ambroz Bizjak <ambrop7@gmail.com>
+ * 
+ * @section LICENSE
+ * 
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions are met:
+ * 1. Redistributions of source code must retain the above copyright
+ *    notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in the
+ *    documentation and/or other materials provided with the distribution.
+ * 3. Neither the name of the author nor the
+ *    names of its contributors may be used to endorse or promote products
+ *    derived from this software without specific prior written permission.
+ * 
+ * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS" AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED
+ * WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE
+ * DISCLAIMED. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY
+ * DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES
+ * (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
+ * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND
+ * ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
+ * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS
+ * SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
+ * 
+ * @section DESCRIPTION
+ * 
+ * IPv6 address parsing functions.
+ */
+
+#ifndef BADVPN_MISC_IPADDR6_H
+#define BADVPN_MISC_IPADDR6_H
+
+#include <stdio.h>
+#include <string.h>
+#include <stdlib.h>
+#include <limits.h>
+
+#include "misc/debug.h"
+#include "misc/byteorder.h"
+#include "misc/parse_number.h"
+#include "misc/find_char.h"
+#include "misc/print_macros.h"
+#include "misc/memref.h"
+
+struct ipv6_addr {
+    uint8_t bytes[16];
+};
+
+struct ipv6_ifaddr {
+    struct ipv6_addr addr;
+    int prefix;
+};
+
+static int ipaddr6_parse_ipv6_addr (MemRef name, struct ipv6_addr *out_addr);
+static int ipaddr6_parse_ipv6_prefix (MemRef str, int *out_num);
+static int ipaddr6_parse_ipv6_ifaddr (MemRef str, struct ipv6_ifaddr *out);
+static int ipaddr6_ipv6_ifaddr_from_addr_mask (struct ipv6_addr addr, struct ipv6_addr mask, struct ipv6_ifaddr *out);
+static void ipaddr6_ipv6_mask_from_prefix (int prefix, struct ipv6_addr *out_mask);
+static int ipaddr6_ipv6_prefix_from_mask (struct ipv6_addr mask, int *out_prefix);
+static int ipaddr6_ipv6_addrs_in_network (struct ipv6_addr addr1, struct ipv6_addr addr2, int netprefix);
+
+#define IPADDR6_PRINT_MAX 44
+
+static void ipaddr6_print_addr (struct ipv6_addr addr, char *out_buf);
+static void ipaddr6_print_ifaddr (struct ipv6_ifaddr addr, char *out_buf);
+
+int ipaddr6_parse_ipv6_addr (MemRef name, struct ipv6_addr *out_addr)
+{
+    int num_blocks = 0;
+    int compress_pos = -1;
+    uint16_t block = 0;
+    int empty = 1;
+    
+    size_t i = 0;
+    
+    while (i < name.len) {
+        if (name.ptr[i] == '.') {
+            goto ipv4_ending;
+        } else if (name.ptr[i] == ':') {
+            int is_double = (i + 1 < name.len && name.ptr[i + 1] == ':');
+            
+            if (i > 0) {
+                if (empty || num_blocks == 7) {
+                    return 0;
+                }
+                out_addr->bytes[2 * num_blocks + 0] = block >> 8;
+                out_addr->bytes[2 * num_blocks + 1] = block & 0xFF;
+                num_blocks++;
+                block = 0;
+                empty = 1;
+            }
+            else if (!is_double) {
+                return 0;
+            }
+            
+            if (is_double) {
+                if (compress_pos != -1) {
+                    return 0;
+                }
+                compress_pos = num_blocks;
+            }
+            
+            i += 1 + is_double;
+        } else {
+            int digit = decode_hex_digit(name.ptr[i]);
+            if (digit < 0) {
+                return 0;
+            }
+            if (block > UINT16_MAX / 16) {
+                return 0;
+            }
+            block *= 16;
+            if (digit > UINT16_MAX - block) {
+                return 0;
+            }
+            block += digit;
+            empty = 0;
+            i += 1;
+        }
+    }
+    
+    if (!empty) {
+        out_addr->bytes[2 * num_blocks + 0] = block >> 8;
+        out_addr->bytes[2 * num_blocks + 1] = block & 0xFF;
+        num_blocks++;
+    }
+    else if (num_blocks != compress_pos) {
+        return 0;
+    }
+    
+ipv4_done:
+    if (compress_pos == -1) {
+        if (num_blocks != 8) {
+            return 0;
+        }
+        compress_pos = 0;
+    }
+    
+    int num_rear = num_blocks - compress_pos;
+    memmove(out_addr->bytes + 2 * (8 - num_rear), out_addr->bytes + 2 * compress_pos, 2 * num_rear);
+    memset(out_addr->bytes + 2 * compress_pos, 0, 2 * (8 - num_rear - compress_pos));
+    
+    return 1;
+    
+ipv4_ending:
+    if (empty || (num_blocks == 0 && compress_pos == -1)) {
+        return 0;
+    }
+    
+    while (name.ptr[i - 1] != ':') {
+        i--;
+    }
+    
+    uint8_t bytes[4];
+    int cur_byte = 0;
+    uint8_t byte = 0;
+    empty = 1;
+    
+    while (i < name.len) {
+        if (name.ptr[i] == '.') {
+            if (empty || cur_byte == 3) {
+                return 0;
+            }
+            bytes[cur_byte] = byte;
+            cur_byte++;
+            byte = 0;
+            empty = 1;
+        } else {
+            if (!empty && byte == 0) {
+                return 0;
+            }
+            int digit = decode_decimal_digit(name.ptr[i]);
+            if (digit < 0) {
+                return 0;
+            }
+            if (byte > UINT8_MAX / 10) {
+                return 0;
+            }
+            byte *= 10;
+            if (digit > UINT8_MAX - byte) {
+                return 0;
+            }
+            byte += digit;
+            empty = 0;
+        }
+        i++;
+    }
+    
+    if (cur_byte != 3 || empty) {
+        return 0;
+    }
+    bytes[cur_byte] = byte;
+    
+    if (8 - num_blocks < 2) {
+        return 0;
+    }
+    memcpy(out_addr->bytes + 2 * num_blocks, bytes, 4);
+    num_blocks += 2;
+    
+    goto ipv4_done;
+}
+
+int ipaddr6_parse_ipv6_prefix (MemRef str, int *out_num)
+{
+    uintmax_t d;
+    if (!parse_unsigned_integer(str, &d)) {
+        return 0;
+    }
+    if (d > 128) {
+        return 0;
+    }
+    
+    *out_num = d;
+    return 1;
+}
+
+int ipaddr6_parse_ipv6_ifaddr (MemRef str, struct ipv6_ifaddr *out)
+{
+    size_t slash_pos;
+    if (!MemRef_FindChar(str, '/', &slash_pos)) {
+        return 0;
+    }
+    
+    return (ipaddr6_parse_ipv6_addr(MemRef_SubTo(str, slash_pos), &out->addr) &&
+            ipaddr6_parse_ipv6_prefix(MemRef_SubFrom(str, slash_pos + 1), &out->prefix));
+}
+
+int ipaddr6_ipv6_ifaddr_from_addr_mask (struct ipv6_addr addr, struct ipv6_addr mask, struct ipv6_ifaddr *out)
+{
+    int prefix;
+    if (!ipaddr6_ipv6_prefix_from_mask(mask, &prefix)) {
+        return 0;
+    }
+    
+    out->addr = addr;
+    out->prefix = prefix;
+    return 1;
+}
+
+void ipaddr6_ipv6_mask_from_prefix (int prefix, struct ipv6_addr *out_mask)
+{
+    ASSERT(prefix >= 0)
+    ASSERT(prefix <= 128)
+    
+    int quot = prefix / 8;
+    int rem = prefix % 8;
+    
+    if (quot > 0) {
+        memset(out_mask->bytes, UINT8_MAX, quot);
+    }
+    if (16 - quot > 0) {
+        memset(out_mask->bytes + quot, 0, 16 - quot);
+    }
+    
+    for (int i = 0; i < rem; i++) {
+        out_mask->bytes[quot] |= (uint8_t)1 << (8 - i - 1);
+    }
+}
+
+int ipaddr6_ipv6_prefix_from_mask (struct ipv6_addr mask, int *out_prefix)
+{
+    int prefix = 0;
+    int i = 0;
+    
+    while (i < 16 && mask.bytes[i] == UINT8_MAX) {
+        prefix += 8;
+        i++;
+    }
+    
+    if (i < 16) {
+        uint8_t t = 0;
+        int j;
+        for (j = 0; j <= 8; j++) {
+            if (mask.bytes[i] == t) {
+                break;
+            }
+            if (j < 8) {
+                t |= ((uint8_t)1 << (8 - j - 1));
+            }
+        }
+        if (!(j <= 8)) {
+            return 0;
+        }
+        
+        prefix += j;
+        i++;
+        
+        while (i < 16) {
+            if (mask.bytes[i] != 0) {
+                return 0;
+            }
+            i++;
+        }
+    }
+    
+    *out_prefix = prefix;
+    return 1;
+}
+
+int ipaddr6_ipv6_addrs_in_network (struct ipv6_addr addr1, struct ipv6_addr addr2, int netprefix)
+{
+    ASSERT(netprefix >= 0)
+    ASSERT(netprefix <= 128)
+    
+    int quot = netprefix / 8;
+    int rem = netprefix % 8;
+    
+    if (memcmp(addr1.bytes, addr2.bytes, quot)) {
+        return 0;
+    }
+    
+    if (rem == 0) {
+        return 1;
+    }
+    
+    uint8_t t = 0;
+    for (int i = 0; i < rem; i++) {
+        t |= (uint8_t)1 << (8 - i - 1);
+    }
+    
+    return ((addr1.bytes[quot] & t) == (addr2.bytes[quot] & t));
+}
+
+void ipaddr6_print_addr (struct ipv6_addr addr, char *out_buf)
+{
+    int largest_start = 0;
+    int largest_len = 0;
+    int current_start = 0;
+    int current_len = 0;
+    
+    for (int i = 0; i < 8; i++) {
+        if (addr.bytes[2 * i] == 0 && addr.bytes[2 * i + 1] == 0) {
+            current_len++;
+            if (current_len > largest_len) {
+                largest_start = current_start;
+                largest_len = current_len;
+            }
+        } else {
+            current_start = i + 1;
+            current_len = 0;
+        }
+    }
+    
+    if (largest_len > 1) {
+        for (int i = 0; i < largest_start; i++) {
+            uint16_t block = ((uint16_t)addr.bytes[2 * i] << 8) | addr.bytes[2 * i + 1];
+            out_buf += sprintf(out_buf, "%"PRIx16":", block);
+        }
+        if (largest_start == 0) {
+            out_buf += sprintf(out_buf, ":");
+        }
+        
+        for (int i = largest_start + largest_len; i < 8; i++) {
+            uint16_t block = ((uint16_t)addr.bytes[2 * i] << 8) | addr.bytes[2 * i + 1];
+            out_buf += sprintf(out_buf, ":%"PRIx16, block);
+        }
+        if (largest_start + largest_len == 8) {
+            out_buf += sprintf(out_buf, ":");
+        }
+    } else {
+        const char *prefix = "";
+        for (int i = 0; i < 8; i++) {
+            uint16_t block = ((uint16_t)addr.bytes[2 * i] << 8) | addr.bytes[2 * i + 1];
+            out_buf += sprintf(out_buf, "%s%"PRIx16, prefix, block);
+            prefix = ":";
+        }
+    }
+}
+
+void ipaddr6_print_ifaddr (struct ipv6_ifaddr addr, char *out_buf)
+{
+    ASSERT(addr.prefix >= 0)
+    ASSERT(addr.prefix <= 128)
+    
+    ipaddr6_print_addr(addr.addr, out_buf);
+    sprintf(out_buf + strlen(out_buf), "/%d", addr.prefix);
+}
+
+#endif
diff --git a/client/3rd/PacketProcessor/PacketProcessor/tun2socks-iOS/misc/ipv4_proto.h b/client/3rd/PacketProcessor/PacketProcessor/tun2socks-iOS/misc/ipv4_proto.h
new file mode 100644
index 00000000..cb10e110
--- /dev/null
+++ b/client/3rd/PacketProcessor/PacketProcessor/tun2socks-iOS/misc/ipv4_proto.h
@@ -0,0 +1,145 @@
+/**
+ * @file ipv4_proto.h
+ * @author Ambroz Bizjak <ambrop7@gmail.com>
+ * 
+ * @section LICENSE
+ * 
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions are met:
+ * 1. Redistributions of source code must retain the above copyright
+ *    notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in the
+ *    documentation and/or other materials provided with the distribution.
+ * 3. Neither the name of the author nor the
+ *    names of its contributors may be used to endorse or promote products
+ *    derived from this software without specific prior written permission.
+ * 
+ * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS" AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED
+ * WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE
+ * DISCLAIMED. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY
+ * DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES
+ * (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
+ * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND
+ * ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
+ * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS
+ * SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
+ * 
+ * @section DESCRIPTION
+ * 
+ * Definitions for the IPv4 protocol.
+ */
+
+#ifndef BADVPN_MISC_IPV4_PROTO_H
+#define BADVPN_MISC_IPV4_PROTO_H
+
+#include <stdint.h>
+#include <string.h>
+
+#include "misc/debug.h"
+#include "misc/byteorder.h"
+#include "misc/packed.h"
+#include "misc/read_write_int.h"
+
+#define IPV4_PROTOCOL_IGMP 2
+#define IPV4_PROTOCOL_UDP 17
+
+B_START_PACKED
+struct ipv4_header {
+    uint8_t version4_ihl4;
+    uint8_t ds;
+    uint16_t total_length;
+    //
+    uint16_t identification;
+    uint16_t flags3_fragmentoffset13;
+    //
+    uint8_t ttl;
+    uint8_t protocol;
+    uint16_t checksum;
+    //
+    uint32_t source_address;
+    //
+    uint32_t destination_address;
+} B_PACKED;
+B_END_PACKED
+
+#define IPV4_GET_VERSION(_header) (((_header).version4_ihl4&0xF0)>>4)
+#define IPV4_GET_IHL(_header) (((_header).version4_ihl4&0x0F)>>0)
+
+#define IPV4_MAKE_VERSION_IHL(size) (((size)/4) + (4 << 4))
+
+static uint16_t ipv4_checksum (const struct ipv4_header *header, const char *extra, uint16_t extra_len)
+{
+    ASSERT(extra_len % 2 == 0)
+    ASSERT(extra_len == 0 || extra)
+    
+    uint32_t t = 0;
+    
+    for (uint16_t i = 0; i < sizeof(*header) / 2; i++) {
+        t += badvpn_read_be16((const char *)header + 2 * i);
+    }
+    
+    for (uint16_t i = 0; i < extra_len / 2; i++) {
+        t += badvpn_read_be16((const char *)extra + 2 * i);
+    }
+    
+    while (t >> 16) {
+        t = (t & 0xFFFF) + (t >> 16);
+    }
+    
+    return hton16(~t);
+}
+
+static int ipv4_check (uint8_t *data, int data_len, struct ipv4_header *out_header, uint8_t **out_payload, int *out_payload_len)
+{
+    ASSERT(data_len >= 0)
+    ASSERT(out_header)
+    ASSERT(out_payload)
+    ASSERT(out_payload_len)
+    
+    // check base header
+    if (data_len < sizeof(struct ipv4_header)) {
+        return 0;
+    }
+    memcpy(out_header, data, sizeof(*out_header));
+    
+    // check version
+    if (IPV4_GET_VERSION(*out_header) != 4) {
+        return 0;
+    }
+    
+    // check options
+    uint16_t header_len = IPV4_GET_IHL(*out_header) * 4;
+    if (header_len < sizeof(struct ipv4_header)) {
+        return 0;
+    }
+    if (header_len > data_len) {
+        return 0;
+    }
+    
+    // check total length
+    uint16_t total_length = ntoh16(out_header->total_length);
+    if (total_length < header_len) {
+        return 0;
+    }
+    if (total_length > data_len) {
+        return 0;
+    }
+    
+    // check checksum
+    uint16_t checksum_in_packet = out_header->checksum;
+    out_header->checksum = hton16(0);
+    uint16_t checksum_computed = ipv4_checksum(out_header, (char *)data + sizeof(*out_header), header_len - sizeof(*out_header));
+    out_header->checksum = checksum_in_packet;
+    if (checksum_in_packet != checksum_computed) {
+        return 0;
+    }
+    
+    *out_payload = data + header_len;
+    *out_payload_len = total_length - header_len;
+    
+    return 1;
+}
+
+#endif
diff --git a/client/3rd/PacketProcessor/PacketProcessor/tun2socks-iOS/misc/ipv6_proto.h b/client/3rd/PacketProcessor/PacketProcessor/tun2socks-iOS/misc/ipv6_proto.h
new file mode 100644
index 00000000..d681ea4f
--- /dev/null
+++ b/client/3rd/PacketProcessor/PacketProcessor/tun2socks-iOS/misc/ipv6_proto.h
@@ -0,0 +1,86 @@
+/**
+ * @file ipv6_proto.h
+ * @author Ambroz Bizjak <ambrop7@gmail.com>
+ * 
+ * @section LICENSE
+ * 
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions are met:
+ * 1. Redistributions of source code must retain the above copyright
+ *    notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in the
+ *    documentation and/or other materials provided with the distribution.
+ * 3. Neither the name of the author nor the
+ *    names of its contributors may be used to endorse or promote products
+ *    derived from this software without specific prior written permission.
+ * 
+ * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS" AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED
+ * WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE
+ * DISCLAIMED. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY
+ * DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES
+ * (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
+ * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND
+ * ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
+ * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS
+ * SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
+ */
+
+#ifndef BADVPN_IPV6_PROTO_H
+#define BADVPN_IPV6_PROTO_H
+
+#include <stdint.h>
+#include <string.h>
+
+#include "misc/debug.h"
+#include "misc/byteorder.h"
+#include "misc/packed.h"
+
+#define IPV6_NEXT_IGMP 2
+#define IPV6_NEXT_UDP 17
+
+B_START_PACKED
+struct ipv6_header {
+    uint8_t version4_tc4;
+    uint8_t tc4_fl4;
+    uint16_t fl;
+    uint16_t payload_length;
+    uint8_t next_header;
+    uint8_t hop_limit;
+    uint8_t source_address[16];
+    uint8_t destination_address[16];
+} B_PACKED;
+B_END_PACKED
+
+static int ipv6_check (uint8_t *data, int data_len, struct ipv6_header *out_header, uint8_t **out_payload, int *out_payload_len)
+{
+    ASSERT(data_len >= 0)
+    ASSERT(out_header)
+    ASSERT(out_payload)
+    ASSERT(out_payload_len)
+    
+    // check base header
+    if (data_len < sizeof(struct ipv6_header)) {
+        return 0;
+    }
+    memcpy(out_header, data, sizeof(*out_header));
+    
+    // check version
+    if ((ntoh8(out_header->version4_tc4) >> 4) != 6) {
+        return 0;
+    }
+    
+    // check payload length
+    uint16_t payload_length = ntoh16(out_header->payload_length);
+    if (payload_length > data_len - sizeof(struct ipv6_header)) {
+        return 0;
+    }
+    
+    *out_payload = data + sizeof(struct ipv6_header);
+    *out_payload_len = payload_length;
+    
+    return 1;
+}
+
+#endif
diff --git a/client/3rd/PacketProcessor/PacketProcessor/tun2socks-iOS/misc/loggers_string.h b/client/3rd/PacketProcessor/PacketProcessor/tun2socks-iOS/misc/loggers_string.h
new file mode 100644
index 00000000..66986b84
--- /dev/null
+++ b/client/3rd/PacketProcessor/PacketProcessor/tun2socks-iOS/misc/loggers_string.h
@@ -0,0 +1,43 @@
+/**
+ * @file loggers_string.h
+ * @author Ambroz Bizjak <ambrop7@gmail.com>
+ * 
+ * @section LICENSE
+ * 
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions are met:
+ * 1. Redistributions of source code must retain the above copyright
+ *    notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in the
+ *    documentation and/or other materials provided with the distribution.
+ * 3. Neither the name of the author nor the
+ *    names of its contributors may be used to endorse or promote products
+ *    derived from this software without specific prior written permission.
+ * 
+ * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS" AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED
+ * WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE
+ * DISCLAIMED. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY
+ * DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES
+ * (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
+ * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND
+ * ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
+ * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS
+ * SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
+ * 
+ * @section DESCRIPTION
+ * 
+ * List of available loggers.
+ */
+
+#ifndef BADVPN_MISC_LOGGERSSTRING_H
+#define BADVPN_MISC_LOGGERSSTRING_H
+
+#ifdef BADVPN_USE_WINAPI
+#define LOGGERS_STRING "stdout"
+#else
+#define LOGGERS_STRING "stdout/syslog"
+#endif
+
+#endif
diff --git a/client/3rd/PacketProcessor/PacketProcessor/tun2socks-iOS/misc/loglevel.h b/client/3rd/PacketProcessor/PacketProcessor/tun2socks-iOS/misc/loglevel.h
new file mode 100644
index 00000000..afe6a766
--- /dev/null
+++ b/client/3rd/PacketProcessor/PacketProcessor/tun2socks-iOS/misc/loglevel.h
@@ -0,0 +1,80 @@
+/**
+ * @file loglevel.h
+ * @author Ambroz Bizjak <ambrop7@gmail.com>
+ * 
+ * @section LICENSE
+ * 
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions are met:
+ * 1. Redistributions of source code must retain the above copyright
+ *    notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in the
+ *    documentation and/or other materials provided with the distribution.
+ * 3. Neither the name of the author nor the
+ *    names of its contributors may be used to endorse or promote products
+ *    derived from this software without specific prior written permission.
+ * 
+ * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS" AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED
+ * WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE
+ * DISCLAIMED. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY
+ * DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES
+ * (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
+ * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND
+ * ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
+ * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS
+ * SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
+ * 
+ * @section DESCRIPTION
+ * 
+ * Log level specification parsing function.
+ */
+
+#ifndef BADVPN_MISC_LOGLEVEL_H
+#define BADVPN_MISC_LOGLEVEL_H
+
+#include <string.h>
+
+#include "base/BLog.h"
+
+/**
+ * Parses the log level string.
+ * 
+ * @param str log level string. Recognizes none, error, warning, notice,
+ *            info, debug.
+ * @return 0 for none, one of BLOG_* for some log level, -1 for unrecognized
+ */
+static int parse_loglevel (char *str);
+
+int parse_loglevel (char *str)
+{
+    if (!strcmp(str, "none")) {
+        return 0;
+    }
+    if (!strcmp(str, "error")) {
+        return BLOG_ERROR;
+    }
+    if (!strcmp(str, "warning")) {
+        return BLOG_WARNING;
+    }
+    if (!strcmp(str, "notice")) {
+        return BLOG_NOTICE;
+    }
+    if (!strcmp(str, "info")) {
+        return BLOG_INFO;
+    }
+    if (!strcmp(str, "debug")) {
+        return BLOG_DEBUG;
+    }
+    
+    char *endptr;
+    long int res = strtol(str, &endptr, 10);
+    if (*str && !*endptr && res >= 0 && res <= BLOG_DEBUG) {
+        return res;
+    }
+    
+    return -1;
+}
+
+#endif
diff --git a/client/3rd/PacketProcessor/PacketProcessor/tun2socks-iOS/misc/maxalign.h b/client/3rd/PacketProcessor/PacketProcessor/tun2socks-iOS/misc/maxalign.h
new file mode 100644
index 00000000..cb1f4605
--- /dev/null
+++ b/client/3rd/PacketProcessor/PacketProcessor/tun2socks-iOS/misc/maxalign.h
@@ -0,0 +1,53 @@
+/**
+ * @file maxalign.h
+ * @author Ambroz Bizjak <ambrop7@gmail.com>
+ * 
+ * @section LICENSE
+ * 
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions are met:
+ * 1. Redistributions of source code must retain the above copyright
+ *    notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in the
+ *    documentation and/or other materials provided with the distribution.
+ * 3. Neither the name of the author nor the
+ *    names of its contributors may be used to endorse or promote products
+ *    derived from this software without specific prior written permission.
+ * 
+ * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS" AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED
+ * WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE
+ * DISCLAIMED. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY
+ * DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES
+ * (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
+ * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND
+ * ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
+ * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS
+ * SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
+ */
+
+#ifndef BADVPN_MAXALIGN_H
+#define BADVPN_MAXALIGN_H
+
+#include <stddef.h>
+#include <stdint.h>
+
+typedef union {
+    short a;
+    long b;
+    long long c;
+    double d;
+    long double e;
+    void *f;
+    uint8_t g;
+    uint16_t h;
+    uint32_t i;
+    uint64_t j;
+    size_t k;
+    void (*l) (void);
+} bmax_align_t;
+
+#define BMAX_ALIGN (__alignof(bmax_align_t))
+
+#endif
diff --git a/client/3rd/PacketProcessor/PacketProcessor/tun2socks-iOS/misc/memref.h b/client/3rd/PacketProcessor/PacketProcessor/tun2socks-iOS/misc/memref.h
new file mode 100644
index 00000000..1003b3c3
--- /dev/null
+++ b/client/3rd/PacketProcessor/PacketProcessor/tun2socks-iOS/misc/memref.h
@@ -0,0 +1,175 @@
+/**
+ * @file memref.h
+ * @author Ambroz Bizjak <ambrop7@gmail.com>
+ * 
+ * @section LICENSE
+ * 
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions are met:
+ * 1. Redistributions of source code must retain the above copyright
+ *    notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in the
+ *    documentation and/or other materials provided with the distribution.
+ * 3. Neither the name of the author nor the
+ *    names of its contributors may be used to endorse or promote products
+ *    derived from this software without specific prior written permission.
+ * 
+ * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS" AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED
+ * WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE
+ * DISCLAIMED. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY
+ * DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES
+ * (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
+ * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND
+ * ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
+ * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS
+ * SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
+ */
+
+#ifndef BADVPN_MEMREF_H
+#define BADVPN_MEMREF_H
+
+#include <stddef.h>
+#include <string.h>
+#include <limits.h>
+
+#include "misc/debug.h"
+#include "misc/balloc.h"
+#include "misc/strdup.h"
+
+typedef struct {
+    char const *ptr;
+    size_t len;
+} MemRef;
+
+static MemRef MemRef_Make (char const *ptr, size_t len);
+static MemRef MemRef_MakeCstr (char const *ptr);
+static char MemRef_At (MemRef o, size_t pos);
+static void MemRef_AssertRange (MemRef o, size_t offset, size_t length);
+static MemRef MemRef_SubFrom (MemRef o, size_t offset);
+static MemRef MemRef_SubTo (MemRef o, size_t length);
+static MemRef MemRef_Sub (MemRef o, size_t offset, size_t length);
+static char * MemRef_StrDup (MemRef o);
+static void MemRef_CopyOut (MemRef o, char *out);
+static int MemRef_Equal (MemRef o, MemRef other);
+static int MemRef_FindChar (MemRef o, char ch, size_t *out_index);
+
+#define MEMREF_LOOP_CHARS__BODY(char_rel_pos_var, char_var, body) \
+{ \
+    for (size_t char_rel_pos_var = 0; char_rel_pos_var < MemRef__Loop_length; char_rel_pos_var++) { \
+        char char_var = MemRef__Loop_o.ptr[MemRef__Loop_offset + char_rel_pos_var]; \
+        { body } \
+    } \
+}
+
+#define MEMREF_LOOP_CHARS_RANGE(o, offset, length, char_rel_pos_var, char_var, body) \
+{ \
+    MemRef MemRef__Loop_o = (o); \
+    size_t MemRef__Loop_offset = (offset); \
+    size_t MemRef__Loop_length = (length); \
+    MEMREF_LOOP_CHARS__BODY(char_rel_pos_var, char_var, body) \
+}
+
+#define MEMREF_LOOP_CHARS(o, char_rel_pos_var, char_var, body) \
+{ \
+    MemRef MemRef__Loop_o = (o); \
+    size_t MemRef__Loop_offset = 0; \
+    size_t MemRef__Loop_length = MemRef__Loop_o.len; \
+    MEMREF_LOOP_CHARS__BODY(char_rel_pos_var, char_var, body) \
+}
+
+//
+
+static MemRef MemRef_Make (char const *ptr, size_t len)
+{
+    MemRef res;
+    res.ptr = ptr;
+    res.len = len;
+    return res;
+}
+
+static MemRef MemRef_MakeCstr (char const *ptr)
+{
+    ASSERT(ptr)
+    
+    return MemRef_Make(ptr, strlen(ptr));
+}
+
+static char MemRef_At (MemRef o, size_t pos)
+{
+    ASSERT(o.ptr)
+    ASSERT(pos < o.len)
+    
+    return o.ptr[pos];
+}
+
+static void MemRef_AssertRange (MemRef o, size_t offset, size_t length)
+{
+    ASSERT(offset <= o.len)
+    ASSERT(length <= o.len - offset)
+}
+
+static MemRef MemRef_SubFrom (MemRef o, size_t offset)
+{
+    ASSERT(o.ptr)
+    ASSERT(offset <= o.len)
+    
+    return MemRef_Make(o.ptr + offset, o.len - offset);
+}
+
+static MemRef MemRef_SubTo (MemRef o, size_t length)
+{
+    ASSERT(o.ptr)
+    ASSERT(length <= o.len)
+    
+    return MemRef_Make(o.ptr, length);
+}
+
+static MemRef MemRef_Sub (MemRef o, size_t offset, size_t length)
+{
+    ASSERT(o.ptr)
+    MemRef_AssertRange(o, offset, length);
+    
+    return MemRef_Make(o.ptr + offset, length);
+}
+
+static char * MemRef_StrDup (MemRef o)
+{
+    ASSERT(o.ptr)
+    
+    return b_strdup_bin(o.ptr, o.len);
+}
+
+static void MemRef_CopyOut (MemRef o, char *out)
+{
+    ASSERT(o.ptr)
+    ASSERT(out)
+    
+    memcpy(out, o.ptr, o.len);
+}
+
+static int MemRef_Equal (MemRef o, MemRef other)
+{
+    ASSERT(o.ptr)
+    ASSERT(other.ptr)
+    
+    return (o.len == other.len) && !memcmp(o.ptr, other.ptr, o.len);
+}
+
+static int MemRef_FindChar (MemRef o, char ch, size_t *out_index)
+{
+    ASSERT(o.ptr)
+    
+    for (size_t i = 0; i < o.len; i++) {
+        if (o.ptr[i] == ch) {
+            if (out_index) {
+                *out_index = i;
+            }
+            return 1;
+        }
+    }
+    return 0;
+}
+
+#endif
diff --git a/client/3rd/PacketProcessor/PacketProcessor/tun2socks-iOS/misc/merge.h b/client/3rd/PacketProcessor/PacketProcessor/tun2socks-iOS/misc/merge.h
new file mode 100644
index 00000000..53227712
--- /dev/null
+++ b/client/3rd/PacketProcessor/PacketProcessor/tun2socks-iOS/misc/merge.h
@@ -0,0 +1,36 @@
+/**
+ * @file merge.h
+ * @author Ambroz Bizjak <ambrop7@gmail.com>
+ * 
+ * @section LICENSE
+ * 
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions are met:
+ * 1. Redistributions of source code must retain the above copyright
+ *    notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in the
+ *    documentation and/or other materials provided with the distribution.
+ * 3. Neither the name of the author nor the
+ *    names of its contributors may be used to endorse or promote products
+ *    derived from this software without specific prior written permission.
+ * 
+ * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS" AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED
+ * WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE
+ * DISCLAIMED. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY
+ * DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES
+ * (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
+ * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND
+ * ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
+ * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS
+ * SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
+ */
+
+#ifndef BADVPN_MERGE_H
+#define BADVPN_MERGE_H
+
+#define MERGE_HELPER(x, y) x ## y
+#define MERGE(x, y) MERGE_HELPER(x, y)
+
+#endif
diff --git a/client/3rd/PacketProcessor/PacketProcessor/tun2socks-iOS/misc/minmax.h b/client/3rd/PacketProcessor/PacketProcessor/tun2socks-iOS/misc/minmax.h
new file mode 100644
index 00000000..ca82055e
--- /dev/null
+++ b/client/3rd/PacketProcessor/PacketProcessor/tun2socks-iOS/misc/minmax.h
@@ -0,0 +1,56 @@
+/**
+ * @file minmax.h
+ * @author Ambroz Bizjak <ambrop7@gmail.com>
+ * 
+ * @section LICENSE
+ * 
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions are met:
+ * 1. Redistributions of source code must retain the above copyright
+ *    notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in the
+ *    documentation and/or other materials provided with the distribution.
+ * 3. Neither the name of the author nor the
+ *    names of its contributors may be used to endorse or promote products
+ *    derived from this software without specific prior written permission.
+ * 
+ * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS" AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED
+ * WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE
+ * DISCLAIMED. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY
+ * DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES
+ * (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
+ * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND
+ * ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
+ * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS
+ * SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
+ * 
+ * @section DESCRIPTION
+ * 
+ * Minimum and maximum macros.
+ */
+
+#ifndef BADVPN_MISC_MINMAX_H
+#define BADVPN_MISC_MINMAX_H
+
+#include <stddef.h>
+#include <stdint.h>
+
+#define DEFINE_BMINMAX(name, type) \
+static type bmin ## name (type a, type b) { return (a < b ? a : b); } \
+static type bmax ## name (type a, type b) { return (a > b ? a : b); }
+
+DEFINE_BMINMAX(_size, size_t)
+DEFINE_BMINMAX(_int, int)
+DEFINE_BMINMAX(_int8, int8_t)
+DEFINE_BMINMAX(_int16, int16_t)
+DEFINE_BMINMAX(_int32, int32_t)
+DEFINE_BMINMAX(_int64, int64_t)
+DEFINE_BMINMAX(_uint, unsigned int)
+DEFINE_BMINMAX(_uint8, uint8_t)
+DEFINE_BMINMAX(_uint16, uint16_t)
+DEFINE_BMINMAX(_uint32, uint32_t)
+DEFINE_BMINMAX(_uint64, uint64_t)
+
+#endif
diff --git a/client/3rd/PacketProcessor/PacketProcessor/tun2socks-iOS/misc/modadd.h b/client/3rd/PacketProcessor/PacketProcessor/tun2socks-iOS/misc/modadd.h
new file mode 100644
index 00000000..4e4f04ad
--- /dev/null
+++ b/client/3rd/PacketProcessor/PacketProcessor/tun2socks-iOS/misc/modadd.h
@@ -0,0 +1,59 @@
+/**
+ * @file modadd.h
+ * @author Ambroz Bizjak <ambrop7@gmail.com>
+ * 
+ * @section LICENSE
+ * 
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions are met:
+ * 1. Redistributions of source code must retain the above copyright
+ *    notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in the
+ *    documentation and/or other materials provided with the distribution.
+ * 3. Neither the name of the author nor the
+ *    names of its contributors may be used to endorse or promote products
+ *    derived from this software without specific prior written permission.
+ * 
+ * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS" AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED
+ * WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE
+ * DISCLAIMED. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY
+ * DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES
+ * (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
+ * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND
+ * ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
+ * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS
+ * SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
+ * 
+ * @section DESCRIPTION
+ * 
+ * Modular addition macro.
+ * 
+ * Calculates (x + y) mod m, assuming
+ * 0 <= x < m and 0 <= y < m.
+ */
+
+#ifndef BADVPN_MISC_MODADD_H
+#define BADVPN_MISC_MODADD_H
+
+#include <misc/debug.h>
+
+#define DECLARE_BMODADD(type, name) \
+static type bmodadd_##name (type x, type y, type m) \
+{ \
+    ASSERT(x >= 0) \
+    ASSERT(x < m) \
+    ASSERT(y >= 0) \
+    ASSERT(y < m) \
+     \
+    if (y >= m - x) { \
+        return (y - (m - x)); \
+    } else { \
+        return (x + y); \
+    } \
+} \
+
+DECLARE_BMODADD(int, int)
+
+#endif
diff --git a/client/3rd/PacketProcessor/PacketProcessor/tun2socks-iOS/misc/mswsock.h b/client/3rd/PacketProcessor/PacketProcessor/tun2socks-iOS/misc/mswsock.h
new file mode 100644
index 00000000..4f4c38df
--- /dev/null
+++ b/client/3rd/PacketProcessor/PacketProcessor/tun2socks-iOS/misc/mswsock.h
@@ -0,0 +1,229 @@
+/**
+ * This file has no copyright assigned and is placed in the Public Domain.
+ * This file is part of the w64 mingw-runtime package.
+ * No warranty is given; refer to the file DISCLAIMER.PD within this package.
+ */
+
+#include <winsock2.h>
+
+#ifndef _MSWSOCK_
+#define _MSWSOCK_
+
+#ifdef __cplusplus
+extern "C" {
+#endif
+
+#define SO_CONNDATA 0x7000
+#define SO_CONNOPT 0x7001
+#define SO_DISCDATA 0x7002
+#define SO_DISCOPT 0x7003
+#define SO_CONNDATALEN 0x7004
+#define SO_CONNOPTLEN 0x7005
+#define SO_DISCDATALEN 0x7006
+#define SO_DISCOPTLEN 0x7007
+
+#define SO_OPENTYPE 0x7008
+
+#define SO_SYNCHRONOUS_ALERT 0x10
+#define SO_SYNCHRONOUS_NONALERT 0x20
+
+#define SO_MAXDG 0x7009
+#define SO_MAXPATHDG 0x700A
+#define SO_UPDATE_ACCEPT_CONTEXT 0x700B
+#define SO_CONNECT_TIME 0x700C
+#define SO_UPDATE_CONNECT_CONTEXT 0x7010
+
+#define TCP_BSDURGENT 0x7000
+
+#define SIO_UDP_CONNRESET _WSAIOW(IOC_VENDOR,12)
+#if (_WIN32_WINNT < 0x0600) && (_WIN32_WINNT >= 0x0501)
+#define SIO_SOCKET_CLOSE_NOTIFY _WSAIOW(IOC_VENDOR,13)
+#endif /* >= XP && < VISTA */
+#if (_WIN32_WINNT >= 0x0600)
+#define SIO_BSP_HANDLE _WSAIOR(IOC_WS2,27)
+#define SIO_BSP_HANDLE_SELECT _WSAIOR(IOC_WS2,28)
+#define SIO_BSP_HANDLE_POLL _WSAIOR(IOC_WS2,29)
+
+#define SIO_EXT_SELECT _WSAIORW(IOC_WS2,30)
+#define SIO_EXT_POLL _WSAIORW(IOC_WS2,31)
+#define SIO_EXT_SENDMSG _WSAIORW(IOC_WS2,32)
+
+#define SIO_BASE_HANDLE _WSAIOR(IOC_WS2,34)
+#endif /* _WIN32_WINNT >= 0x0600 */
+
+#ifndef __MSWSOCK_WS1_SHARED
+  int WINAPI WSARecvEx(SOCKET s,char *buf,int len,int *flags);
+#endif /* __MSWSOCK_WS1_SHARED */
+
+#define TF_DISCONNECT 0x01
+#define TF_REUSE_SOCKET 0x02
+#define TF_WRITE_BEHIND 0x04
+#define TF_USE_DEFAULT_WORKER 0x00
+#define TF_USE_SYSTEM_THREAD 0x10
+#define TF_USE_KERNEL_APC 0x20
+
+#include <psdk_inc/_xmitfile.h>
+#ifndef __MSWSOCK_WS1_SHARED
+  WINBOOL WINAPI TransmitFile(SOCKET hSocket,HANDLE hFile,DWORD nNumberOfBytesToWrite,DWORD nNumberOfBytesPerSend,LPOVERLAPPED lpOverlapped,LPTRANSMIT_FILE_BUFFERS lpTransmitBuffers,DWORD dwReserved);
+  WINBOOL WINAPI AcceptEx(SOCKET sListenSocket,SOCKET sAcceptSocket,PVOID lpOutputBuffer,DWORD dwReceiveDataLength,DWORD dwLocalAddressLength,DWORD dwRemoteAddressLength,LPDWORD lpdwBytesReceived,LPOVERLAPPED lpOverlapped);
+  VOID WINAPI GetAcceptExSockaddrs(PVOID lpOutputBuffer,DWORD dwReceiveDataLength,DWORD dwLocalAddressLength,DWORD dwRemoteAddressLength,struct sockaddr **LocalSockaddr,LPINT LocalSockaddrLength,struct sockaddr **RemoteSockaddr,LPINT RemoteSockaddrLength);
+#endif /* __MSWSOCK_WS1_SHARED */
+
+  typedef WINBOOL (WINAPI *LPFN_TRANSMITFILE)(SOCKET hSocket,HANDLE hFile,DWORD nNumberOfBytesToWrite,DWORD nNumberOfBytesPerSend,LPOVERLAPPED lpOverlapped,LPTRANSMIT_FILE_BUFFERS lpTransmitBuffers,DWORD dwReserved);
+
+#define WSAID_TRANSMITFILE {0xb5367df0,0xcbac,0x11cf,{0x95,0xca,0x00,0x80,0x5f,0x48,0xa1,0x92}}
+
+  typedef WINBOOL (WINAPI *LPFN_ACCEPTEX)(SOCKET sListenSocket,SOCKET sAcceptSocket,PVOID lpOutputBuffer,DWORD dwReceiveDataLength,DWORD dwLocalAddressLength,DWORD dwRemoteAddressLength,LPDWORD lpdwBytesReceived,LPOVERLAPPED lpOverlapped);
+
+#define WSAID_ACCEPTEX {0xb5367df1,0xcbac,0x11cf,{0x95,0xca,0x00,0x80,0x5f,0x48,0xa1,0x92}}
+
+  typedef VOID (WINAPI *LPFN_GETACCEPTEXSOCKADDRS)(PVOID lpOutputBuffer,DWORD dwReceiveDataLength,DWORD dwLocalAddressLength,DWORD dwRemoteAddressLength,struct sockaddr **LocalSockaddr,LPINT LocalSockaddrLength,struct sockaddr **RemoteSockaddr,LPINT RemoteSockaddrLength);
+
+#define WSAID_GETACCEPTEXSOCKADDRS {0xb5367df2,0xcbac,0x11cf,{0x95,0xca,0x00,0x80,0x5f,0x48,0xa1,0x92}}
+
+  typedef struct _TRANSMIT_PACKETS_ELEMENT {
+    ULONG dwElFlags;
+#define TP_ELEMENT_MEMORY 1
+#define TP_ELEMENT_FILE 2
+#define TP_ELEMENT_EOP 4
+    ULONG cLength;
+    __MINGW_EXTENSION union {
+      __MINGW_EXTENSION struct {
+	LARGE_INTEGER nFileOffset;
+	HANDLE hFile;
+      };
+      PVOID pBuffer;
+    };
+  } TRANSMIT_PACKETS_ELEMENT,*PTRANSMIT_PACKETS_ELEMENT,*LPTRANSMIT_PACKETS_ELEMENT;
+
+#define TP_DISCONNECT TF_DISCONNECT
+#define TP_REUSE_SOCKET TF_REUSE_SOCKET
+#define TP_USE_DEFAULT_WORKER TF_USE_DEFAULT_WORKER
+#define TP_USE_SYSTEM_THREAD TF_USE_SYSTEM_THREAD
+#define TP_USE_KERNEL_APC TF_USE_KERNEL_APC
+
+  typedef WINBOOL (WINAPI *LPFN_TRANSMITPACKETS) (SOCKET hSocket,LPTRANSMIT_PACKETS_ELEMENT lpPacketArray,DWORD nElementCount,DWORD nSendSize,LPOVERLAPPED lpOverlapped,DWORD dwFlags);
+
+#define WSAID_TRANSMITPACKETS {0xd9689da0,0x1f90,0x11d3,{0x99,0x71,0x00,0xc0,0x4f,0x68,0xc8,0x76}}
+
+  typedef WINBOOL (WINAPI *LPFN_CONNECTEX)(SOCKET s,const struct sockaddr *name,int namelen,PVOID lpSendBuffer,DWORD dwSendDataLength,LPDWORD lpdwBytesSent,LPOVERLAPPED lpOverlapped);
+
+#define WSAID_CONNECTEX {0x25a207b9,0xddf3,0x4660,{0x8e,0xe9,0x76,0xe5,0x8c,0x74,0x06,0x3e}}
+
+  typedef WINBOOL (WINAPI *LPFN_DISCONNECTEX)(SOCKET s,LPOVERLAPPED lpOverlapped,DWORD dwFlags,DWORD dwReserved);
+
+#define WSAID_DISCONNECTEX {0x7fda2e11,0x8630,0x436f,{0xa0,0x31,0xf5,0x36,0xa6,0xee,0xc1,0x57}}
+
+#define DE_REUSE_SOCKET TF_REUSE_SOCKET
+
+#define NLA_NAMESPACE_GUID {0x6642243a,0x3ba8,0x4aa6,{0xba,0xa5,0x2e,0xb,0xd7,0x1f,0xdd,0x83}}
+
+#define NLA_SERVICE_CLASS_GUID {0x37e515,0xb5c9,0x4a43,{0xba,0xda,0x8b,0x48,0xa8,0x7a,0xd2,0x39}}
+
+#define NLA_ALLUSERS_NETWORK 0x00000001
+#define NLA_FRIENDLY_NAME 0x00000002
+
+  typedef enum _NLA_BLOB_DATA_TYPE {
+    NLA_RAW_DATA = 0,NLA_INTERFACE = 1,NLA_802_1X_LOCATION = 2,NLA_CONNECTIVITY = 3,NLA_ICS = 4
+  } NLA_BLOB_DATA_TYPE,*PNLA_BLOB_DATA_TYPE;
+
+  typedef enum _NLA_CONNECTIVITY_TYPE {
+    NLA_NETWORK_AD_HOC = 0,NLA_NETWORK_MANAGED = 1,NLA_NETWORK_UNMANAGED = 2,NLA_NETWORK_UNKNOWN = 3
+  } NLA_CONNECTIVITY_TYPE,*PNLA_CONNECTIVITY_TYPE;
+
+  typedef enum _NLA_INTERNET {
+    NLA_INTERNET_UNKNOWN = 0,NLA_INTERNET_NO = 1,NLA_INTERNET_YES = 2
+  } NLA_INTERNET,*PNLA_INTERNET;
+
+  typedef struct _NLA_BLOB {
+    struct {
+      NLA_BLOB_DATA_TYPE type;
+      DWORD dwSize;
+      DWORD nextOffset;
+    } header;
+    union {
+      CHAR rawData[1];
+      struct {
+	DWORD dwType;
+	DWORD dwSpeed;
+	CHAR adapterName[1];
+      } interfaceData;
+      struct {
+	CHAR information[1];
+      } locationData;
+      struct {
+	NLA_CONNECTIVITY_TYPE type;
+	NLA_INTERNET internet;
+      } connectivity;
+      struct {
+	struct {
+	  DWORD speed;
+	  DWORD type;
+	  DWORD state;
+	  WCHAR machineName[256];
+	  WCHAR sharedAdapterName[256];
+	} remote;
+      } ICS;
+    } data;
+  } NLA_BLOB,*PNLA_BLOB,*LPNLA_BLOB;
+
+#ifdef BADVPN_SHIPPED_MSWSOCK_DECLARE_WSAMSG
+  typedef struct _WSAMSG {
+    LPSOCKADDR name;
+    INT namelen;
+    LPWSABUF lpBuffers;
+    DWORD dwBufferCount;
+    WSABUF Control;
+    DWORD dwFlags;
+  } WSAMSG,*PWSAMSG,*LPWSAMSG;
+#endif
+  
+  typedef struct _WSACMSGHDR {
+    SIZE_T cmsg_len;
+    INT cmsg_level;
+    INT cmsg_type;
+  } WSACMSGHDR,*PWSACMSGHDR,*LPWSACMSGHDR;
+
+#define WSA_CMSGHDR_ALIGN(length) (((length) + TYPE_ALIGNMENT(WSACMSGHDR)-1) & (~(TYPE_ALIGNMENT(WSACMSGHDR)-1)))
+#define WSA_CMSGDATA_ALIGN(length) (((length) + MAX_NATURAL_ALIGNMENT-1) & (~(MAX_NATURAL_ALIGNMENT-1)))
+#define WSA_CMSG_FIRSTHDR(msg) (((msg)->Control.len >= sizeof(WSACMSGHDR)) ? (LPWSACMSGHDR)(msg)->Control.buf : (LPWSACMSGHDR)NULL)
+#define WSA_CMSG_NXTHDR(msg,cmsg) ((!(cmsg)) ? WSA_CMSG_FIRSTHDR(msg) : ((((u_char *)(cmsg) + WSA_CMSGHDR_ALIGN((cmsg)->cmsg_len) + sizeof(WSACMSGHDR)) > (u_char *)((msg)->Control.buf) + (msg)->Control.len) ? (LPWSACMSGHDR)NULL : (LPWSACMSGHDR)((u_char *)(cmsg) + WSA_CMSGHDR_ALIGN((cmsg)->cmsg_len))))
+#define WSA_CMSG_DATA(cmsg) ((u_char *)(cmsg) + WSA_CMSGDATA_ALIGN(sizeof(WSACMSGHDR)))
+#define WSA_CMSG_SPACE(length) (WSA_CMSGDATA_ALIGN(sizeof(WSACMSGHDR) + WSA_CMSGHDR_ALIGN(length)))
+#define WSA_CMSG_LEN(length) (WSA_CMSGDATA_ALIGN(sizeof(WSACMSGHDR)) + length)
+
+#define MSG_TRUNC 0x0100
+#define MSG_CTRUNC 0x0200
+#define MSG_BCAST 0x0400
+#define MSG_MCAST 0x0800
+
+  typedef INT (WINAPI *LPFN_WSARECVMSG)(SOCKET s, LPWSAMSG lpMsg,
+					LPDWORD lpdwNumberOfBytesRecvd,
+					LPWSAOVERLAPPED lpOverlapped,
+					LPWSAOVERLAPPED_COMPLETION_ROUTINE lpCompletionRoutine);
+
+#define WSAID_WSARECVMSG {0xf689d7c8,0x6f1f,0x436b,{0x8a,0x53,0xe5,0x4f,0xe3,0x51,0xc3,0x22}}
+
+#if(_WIN32_WINNT >= 0x0600)
+  typedef struct {
+    LPWSAMSG lpMsg;
+    DWORD dwFlags;
+    LPDWORD lpNumberOfBytesSent;
+    LPWSAOVERLAPPED lpOverlapped;
+    LPWSAOVERLAPPED_COMPLETION_ROUTINE lpCompletionRoutine;
+  } WSASENDMSG, *LPWSASENDMSG;
+
+  typedef INT (WSAAPI *LPFN_WSASENDMSG)(SOCKET s, LPWSAMSG lpMsg, DWORD dwFlags,
+					LPDWORD lpNumberOfBytesSent,
+					LPWSAOVERLAPPED lpOverlapped,
+					LPWSAOVERLAPPED_COMPLETION_ROUTINE lpCompletionRoutine);
+
+#define WSAID_WSASENDMSG {0xa441e712,0x754f,0x43ca,{0x84,0xa7,0x0d,0xee,0x44,0xcf,0x60,0x6d}}
+
+#endif /* (_WIN32_WINNT >= 0x0600) */
+
+#ifdef __cplusplus
+}
+#endif
+
+#endif /* _MSWSOCK_ */
diff --git a/client/3rd/PacketProcessor/PacketProcessor/tun2socks-iOS/misc/nonblocking.h b/client/3rd/PacketProcessor/PacketProcessor/tun2socks-iOS/misc/nonblocking.h
new file mode 100644
index 00000000..fe82584a
--- /dev/null
+++ b/client/3rd/PacketProcessor/PacketProcessor/tun2socks-iOS/misc/nonblocking.h
@@ -0,0 +1,51 @@
+/**
+ * @file nonblocking.h
+ * @author Ambroz Bizjak <ambrop7@gmail.com>
+ * 
+ * @section LICENSE
+ * 
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions are met:
+ * 1. Redistributions of source code must retain the above copyright
+ *    notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in the
+ *    documentation and/or other materials provided with the distribution.
+ * 3. Neither the name of the author nor the
+ *    names of its contributors may be used to endorse or promote products
+ *    derived from this software without specific prior written permission.
+ * 
+ * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS" AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED
+ * WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE
+ * DISCLAIMED. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY
+ * DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES
+ * (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
+ * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND
+ * ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
+ * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS
+ * SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
+ * 
+ * @section DESCRIPTION
+ * 
+ * Function for enabling non-blocking mode for a file descriptor.
+ */
+
+#ifndef BADVPN_MISC_NONBLOCKING_H
+#define BADVPN_MISC_NONBLOCKING_H
+
+#include <unistd.h>
+#include <fcntl.h>
+
+static int badvpn_set_nonblocking (int fd);
+
+int badvpn_set_nonblocking (int fd)
+{
+    if (fcntl(fd, F_SETFL, O_NONBLOCK) < 0) {
+        return 0;
+    }
+    
+    return 1;
+}
+
+#endif
diff --git a/client/3rd/PacketProcessor/PacketProcessor/tun2socks-iOS/misc/nsskey.h b/client/3rd/PacketProcessor/PacketProcessor/tun2socks-iOS/misc/nsskey.h
new file mode 100644
index 00000000..8268235f
--- /dev/null
+++ b/client/3rd/PacketProcessor/PacketProcessor/tun2socks-iOS/misc/nsskey.h
@@ -0,0 +1,118 @@
+/**
+ * @file nsskey.h
+ * @author Ambroz Bizjak <ambrop7@gmail.com>
+ * 
+ * @section LICENSE
+ * 
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions are met:
+ * 1. Redistributions of source code must retain the above copyright
+ *    notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in the
+ *    documentation and/or other materials provided with the distribution.
+ * 3. Neither the name of the author nor the
+ *    names of its contributors may be used to endorse or promote products
+ *    derived from this software without specific prior written permission.
+ * 
+ * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS" AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED
+ * WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE
+ * DISCLAIMED. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY
+ * DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES
+ * (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
+ * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND
+ * ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
+ * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS
+ * SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
+ * 
+ * @section DESCRIPTION
+ * 
+ * Function for opening a NSS certificate and its private key.
+ */
+
+#ifndef BADVPN_MISC_NSSKEY_H
+#define BADVPN_MISC_NSSKEY_H
+
+#include <stdlib.h>
+
+#include <prerror.h>
+#include <cert.h>
+#include <keyhi.h>
+#include <pk11func.h>
+
+#include <base/BLog.h>
+
+#include <generated/blog_channel_nsskey.h>
+
+/**
+ * Opens a NSS certificate and its private key.
+ * 
+ * @param name name of the certificate
+ * @param out_cert on success, the certificate will be returned here. Should be
+ *                 released with CERT_DestroyCertificate.
+ * @param out_key on success, the private key will be returned here. Should be
+ *                released with SECKEY_DestroyPrivateKey.
+ * @return 1 on success, 0 on failure
+ */
+static int open_nss_cert_and_key (char *name, CERTCertificate **out_cert, SECKEYPrivateKey **out_key) WARN_UNUSED;
+
+static SECKEYPrivateKey * find_nss_private_key (char *name)
+{
+    SECKEYPrivateKey *key = NULL;
+
+    PK11SlotList *slot_list = PK11_GetAllTokens(CKM_INVALID_MECHANISM, PR_FALSE, PR_FALSE, NULL);
+    if (!slot_list) {
+        return NULL;
+    }
+    
+    PK11SlotListElement *slot_entry;
+    for (slot_entry = slot_list->head; !key && slot_entry; slot_entry = slot_entry->next) {
+        SECKEYPrivateKeyList *key_list = PK11_ListPrivKeysInSlot(slot_entry->slot, name, NULL);
+        if (!key_list) {
+            BLog(BLOG_ERROR, "PK11_ListPrivKeysInSlot failed");
+            continue;
+        }
+        
+        SECKEYPrivateKeyListNode *key_node;
+        for (key_node = PRIVKEY_LIST_HEAD(key_list); !key && !PRIVKEY_LIST_END(key_node, key_list); key_node = PRIVKEY_LIST_NEXT(key_node)) {
+            char *key_name = PK11_GetPrivateKeyNickname(key_node->key);
+            if (!key_name || strcmp(key_name, name)) {
+                PORT_Free((void *)key_name);
+                continue;
+            }
+            PORT_Free((void *)key_name);
+            
+            key = SECKEY_CopyPrivateKey(key_node->key);
+        }
+        
+        SECKEY_DestroyPrivateKeyList(key_list);
+    }
+    
+    PK11_FreeSlotList(slot_list);
+    
+    return key;
+}
+
+int open_nss_cert_and_key (char *name, CERTCertificate **out_cert, SECKEYPrivateKey **out_key)
+{
+    CERTCertificate *cert;
+    cert = CERT_FindCertByNicknameOrEmailAddr(CERT_GetDefaultCertDB(), name);
+    if (!cert) {
+        BLog(BLOG_ERROR, "CERT_FindCertByName failed (%d)", (int)PR_GetError());
+        return 0;
+    }
+    
+    SECKEYPrivateKey *key = find_nss_private_key(name);
+    if (!key) {
+        BLog(BLOG_ERROR, "Failed to find private key");
+        CERT_DestroyCertificate(cert);
+        return 0;
+    }
+    
+    *out_cert = cert;
+    *out_key = key;
+    return 1;
+}
+
+#endif
diff --git a/client/3rd/PacketProcessor/PacketProcessor/tun2socks-iOS/misc/offset.h b/client/3rd/PacketProcessor/PacketProcessor/tun2socks-iOS/misc/offset.h
new file mode 100644
index 00000000..23b7683c
--- /dev/null
+++ b/client/3rd/PacketProcessor/PacketProcessor/tun2socks-iOS/misc/offset.h
@@ -0,0 +1,51 @@
+/**
+ * @file offset.h
+ * @author Ambroz Bizjak <ambrop7@gmail.com>
+ * 
+ * @section LICENSE
+ * 
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions are met:
+ * 1. Redistributions of source code must retain the above copyright
+ *    notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in the
+ *    documentation and/or other materials provided with the distribution.
+ * 3. Neither the name of the author nor the
+ *    names of its contributors may be used to endorse or promote products
+ *    derived from this software without specific prior written permission.
+ * 
+ * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS" AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED
+ * WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE
+ * DISCLAIMED. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY
+ * DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES
+ * (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
+ * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND
+ * ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
+ * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS
+ * SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
+ * 
+ * @section DESCRIPTION
+ * 
+ * Macros for determining offsets of members in structs.
+ */
+
+#ifndef BADVPN_MISC_OFFSET_H
+#define BADVPN_MISC_OFFSET_H
+
+#include <stddef.h>
+#include <stdint.h>
+
+/**
+ * Returns a pointer to a struct, given a pointer to its member.
+ */
+#define UPPER_OBJECT(_ptr, _object_type, _field_name) ((_object_type *)((char *)(_ptr) - offsetof(_object_type, _field_name)))
+
+/**
+ * Returns the offset of one struct member from another.
+ * Expands to an int.
+ */
+#define OFFSET_DIFF(_object_type, _field1, _field2) ((int)offsetof(_object_type, _field1) - (int)offsetof(_object_type, _field2))
+
+#endif
diff --git a/client/3rd/PacketProcessor/PacketProcessor/tun2socks-iOS/misc/open_standard_streams.h b/client/3rd/PacketProcessor/PacketProcessor/tun2socks-iOS/misc/open_standard_streams.h
new file mode 100644
index 00000000..7fd6d414
--- /dev/null
+++ b/client/3rd/PacketProcessor/PacketProcessor/tun2socks-iOS/misc/open_standard_streams.h
@@ -0,0 +1,54 @@
+/**
+ * @file open_standard_streams.h
+ * @author Ambroz Bizjak <ambrop7@gmail.com>
+ * 
+ * @section LICENSE
+ * 
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions are met:
+ * 1. Redistributions of source code must retain the above copyright
+ *    notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in the
+ *    documentation and/or other materials provided with the distribution.
+ * 3. Neither the name of the author nor the
+ *    names of its contributors may be used to endorse or promote products
+ *    derived from this software without specific prior written permission.
+ * 
+ * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS" AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED
+ * WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE
+ * DISCLAIMED. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY
+ * DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES
+ * (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
+ * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND
+ * ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
+ * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS
+ * SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
+ */
+
+#ifndef BADVPN_OPEN_STANDARD_STREAMS_H
+#define BADVPN_OPEN_STANDARD_STREAMS_H
+
+#ifndef BADVPN_USE_WINAPI
+#include <sys/types.h>
+#include <sys/stat.h>
+#include <fcntl.h>
+#include <unistd.h>
+#endif
+
+static void open_standard_streams (void)
+{
+#ifndef BADVPN_USE_WINAPI
+    int fd;
+    
+    do {
+        fd = open("/dev/null", O_RDWR);
+        if (fd > 2) {
+            close(fd);
+        }
+    } while (fd >= 0 && fd <= 2);
+#endif
+}
+
+#endif
diff --git a/client/3rd/PacketProcessor/PacketProcessor/tun2socks-iOS/misc/overflow.h b/client/3rd/PacketProcessor/PacketProcessor/tun2socks-iOS/misc/overflow.h
new file mode 100644
index 00000000..9fde52ad
--- /dev/null
+++ b/client/3rd/PacketProcessor/PacketProcessor/tun2socks-iOS/misc/overflow.h
@@ -0,0 +1,66 @@
+/**
+ * @file overflow.h
+ * @author Ambroz Bizjak <ambrop7@gmail.com>
+ * 
+ * @section LICENSE
+ * 
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions are met:
+ * 1. Redistributions of source code must retain the above copyright
+ *    notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in the
+ *    documentation and/or other materials provided with the distribution.
+ * 3. Neither the name of the author nor the
+ *    names of its contributors may be used to endorse or promote products
+ *    derived from this software without specific prior written permission.
+ * 
+ * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS" AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED
+ * WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE
+ * DISCLAIMED. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY
+ * DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES
+ * (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
+ * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND
+ * ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
+ * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS
+ * SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
+ * 
+ * @section DESCRIPTION
+ * 
+ * Functions for checking for overflow of integer addition.
+ */
+
+#ifndef BADVPN_MISC_OVERFLOW_H
+#define BADVPN_MISC_OVERFLOW_H
+
+#include <limits.h>
+#include <stdint.h>
+
+#define DEFINE_UNSIGNED_OVERFLOW(_name, _type, _max) \
+static int add_ ## _name ## _overflows (_type a, _type b) \
+{\
+    return (b > _max - a); \
+}
+
+#define DEFINE_SIGNED_OVERFLOW(_name, _type, _min, _max) \
+static int add_ ## _name ## _overflows (_type a, _type b) \
+{\
+    if ((a < 0) ^ (b < 0)) return 0; \
+    if (a < 0) return -(a < _min - b); \
+    return (a > _max - b); \
+}
+
+DEFINE_UNSIGNED_OVERFLOW(uint, unsigned int, UINT_MAX)
+DEFINE_UNSIGNED_OVERFLOW(uint8, uint8_t, UINT8_MAX)
+DEFINE_UNSIGNED_OVERFLOW(uint16, uint16_t, UINT16_MAX)
+DEFINE_UNSIGNED_OVERFLOW(uint32, uint32_t, UINT32_MAX)
+DEFINE_UNSIGNED_OVERFLOW(uint64, uint64_t, UINT64_MAX)
+
+DEFINE_SIGNED_OVERFLOW(int, int, INT_MIN, INT_MAX)
+DEFINE_SIGNED_OVERFLOW(int8, int8_t, INT8_MIN, INT8_MAX)
+DEFINE_SIGNED_OVERFLOW(int16, int16_t, INT16_MIN, INT16_MAX)
+DEFINE_SIGNED_OVERFLOW(int32, int32_t, INT32_MIN, INT32_MAX)
+DEFINE_SIGNED_OVERFLOW(int64, int64_t, INT64_MIN, INT64_MAX)
+
+#endif
diff --git a/client/3rd/PacketProcessor/PacketProcessor/tun2socks-iOS/misc/packed.h b/client/3rd/PacketProcessor/PacketProcessor/tun2socks-iOS/misc/packed.h
new file mode 100644
index 00000000..2175536a
--- /dev/null
+++ b/client/3rd/PacketProcessor/PacketProcessor/tun2socks-iOS/misc/packed.h
@@ -0,0 +1,51 @@
+/**
+ * @file packed.h
+ * @author Ambroz Bizjak <ambrop7@gmail.com>
+ * 
+ * @section LICENSE
+ * 
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions are met:
+ * 1. Redistributions of source code must retain the above copyright
+ *    notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in the
+ *    documentation and/or other materials provided with the distribution.
+ * 3. Neither the name of the author nor the
+ *    names of its contributors may be used to endorse or promote products
+ *    derived from this software without specific prior written permission.
+ * 
+ * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS" AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED
+ * WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE
+ * DISCLAIMED. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY
+ * DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES
+ * (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
+ * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND
+ * ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
+ * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS
+ * SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
+ * 
+ * @section DESCRIPTION
+ * 
+ * Structure packing macros.
+ */
+
+#ifndef BADVPN_PACKED_H
+#define BADVPN_PACKED_H
+
+#ifdef _MSC_VER
+
+#define B_START_PACKED __pragma(pack(push, 1))
+#define B_END_PACKED __pragma(pack(pop))
+#define B_PACKED
+
+#else
+
+#define B_START_PACKED
+#define B_END_PACKED
+#define B_PACKED __attribute__((packed))
+
+#endif
+
+#endif
diff --git a/client/3rd/PacketProcessor/PacketProcessor/tun2socks-iOS/misc/parse_number.h b/client/3rd/PacketProcessor/PacketProcessor/tun2socks-iOS/misc/parse_number.h
new file mode 100644
index 00000000..3a3db3a1
--- /dev/null
+++ b/client/3rd/PacketProcessor/PacketProcessor/tun2socks-iOS/misc/parse_number.h
@@ -0,0 +1,234 @@
+/**
+ * @file parse_number.h
+ * @author Ambroz Bizjak <ambrop7@gmail.com>
+ * 
+ * @section LICENSE
+ * 
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions are met:
+ * 1. Redistributions of source code must retain the above copyright
+ *    notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in the
+ *    documentation and/or other materials provided with the distribution.
+ * 3. Neither the name of the author nor the
+ *    names of its contributors may be used to endorse or promote products
+ *    derived from this software without specific prior written permission.
+ * 
+ * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS" AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED
+ * WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE
+ * DISCLAIMED. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY
+ * DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES
+ * (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
+ * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND
+ * ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
+ * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS
+ * SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
+ * 
+ * @section DESCRIPTION
+ * 
+ * Numeric string parsing.
+ */
+
+#ifndef BADVPN_MISC_PARSE_NUMBER_H
+#define BADVPN_MISC_PARSE_NUMBER_H
+
+#include <stdint.h>
+#include <string.h>
+#include <stddef.h>
+#include <limits.h>
+
+#include "misc/memref.h"
+#include "misc/debug.h"
+
+// public parsing functions
+static int decode_decimal_digit (char c);
+static int decode_hex_digit (char c);
+static int parse_unsigned_integer (MemRef str, uintmax_t *out) WARN_UNUSED;
+static int parse_unsigned_hex_integer (MemRef str, uintmax_t *out) WARN_UNUSED;
+static int parse_signmag_integer (MemRef str, int *out_sign, uintmax_t *out_mag) WARN_UNUSED;
+
+// public generation functions
+static int compute_decimal_repr_size (uintmax_t x);
+static void generate_decimal_repr (uintmax_t x, char *out, int repr_size);
+static int generate_decimal_repr_string (uintmax_t x, char *out);
+
+// implementation follows
+
+// decimal representation of UINTMAX_MAX
+static const char parse_number__uintmax_max_str[] = "18446744073709551615";
+
+// make sure UINTMAX_MAX is what we think it is
+static const char parse_number__uintmax_max_str_assert[(UINTMAX_MAX == UINTMAX_C(18446744073709551615)) ? 1 : -1];
+
+static int decode_decimal_digit (char c)
+{
+    switch (c) {
+        case '0': return 0;
+        case '1': return 1;
+        case '2': return 2;
+        case '3': return 3;
+        case '4': return 4;
+        case '5': return 5;
+        case '6': return 6;
+        case '7': return 7;
+        case '8': return 8;
+        case '9': return 9;
+    }
+    
+    return -1;
+}
+
+static int decode_hex_digit (char c)
+{
+    switch (c) {
+        case '0': return 0;
+        case '1': return 1;
+        case '2': return 2;
+        case '3': return 3;
+        case '4': return 4;
+        case '5': return 5;
+        case '6': return 6;
+        case '7': return 7;
+        case '8': return 8;
+        case '9': return 9;
+        case 'A': case 'a': return 10;
+        case 'B': case 'b': return 11;
+        case 'C': case 'c': return 12;
+        case 'D': case 'd': return 13;
+        case 'E': case 'e': return 14;
+        case 'F': case 'f': return 15;
+    }
+    
+    return -1;
+}
+
+static int parse__no_overflow (const char *str, size_t str_len, uintmax_t *out)
+{
+    uintmax_t n = 0;
+    
+    while (str_len > 0) {
+        if (*str < '0' || *str > '9') {
+            return 0;
+        }
+        
+        n = 10 * n + (*str - '0');
+        
+        str++;
+        str_len--;
+    }
+    
+    *out = n;
+    return 1;
+}
+
+int parse_unsigned_integer (MemRef str, uintmax_t *out)
+{
+    // we do not allow empty strings
+    if (str.len == 0) {
+        return 0;
+    }
+    
+    // remove leading zeros
+    while (str.len > 0 && *str.ptr == '0') {
+        str.ptr++;
+        str.len--;
+    }
+    
+    // detect overflow
+    if (str.len > sizeof(parse_number__uintmax_max_str) - 1 ||
+        (str.len == sizeof(parse_number__uintmax_max_str) - 1 && memcmp(str.ptr, parse_number__uintmax_max_str, sizeof(parse_number__uintmax_max_str) - 1) > 0)) {
+        return 0;
+    }
+    
+    // will not overflow (but can still have invalid characters)
+    return parse__no_overflow(str.ptr, str.len, out);
+}
+
+int parse_unsigned_hex_integer (MemRef str, uintmax_t *out)
+{
+    uintmax_t n = 0;
+    
+    if (str.len == 0) {
+        return 0;
+    }
+    
+    while (str.len > 0) {
+        int digit = decode_hex_digit(*str.ptr);
+        if (digit < 0) {
+            return 0;
+        }
+        
+        if (n > UINTMAX_MAX / 16) {
+            return 0;
+        }
+        n *= 16;
+        
+        if (digit > UINTMAX_MAX - n) {
+            return 0;
+        }
+        n += digit;
+        
+        str.ptr++;
+        str.len--;
+    }
+    
+    *out = n;
+    return 1;
+}
+
+int parse_signmag_integer (MemRef str, int *out_sign, uintmax_t *out_mag)
+{
+    int sign = 1;
+    if (str.len > 0 && (str.ptr[0] == '+' || str.ptr[0] == '-')) {
+        sign = 1 - 2 * (str.ptr[0] == '-');
+        str.ptr++;
+        str.len--;
+    }
+    
+    if (!parse_unsigned_integer(str, out_mag)) {
+        return 0;
+    }
+    
+    *out_sign = sign;
+    return 1;
+}
+
+int compute_decimal_repr_size (uintmax_t x)
+{
+    int size = 0;
+    
+    do {
+        size++;
+        x /= 10;
+    } while (x > 0);
+    
+    return size;
+}
+
+void generate_decimal_repr (uintmax_t x, char *out, int repr_size)
+{
+    ASSERT(out)
+    ASSERT(repr_size == compute_decimal_repr_size(x))
+    
+    out += repr_size;
+    
+    do {
+        *(--out) = '0' + (x % 10);
+        x /= 10;
+    } while (x > 0);
+}
+
+int generate_decimal_repr_string (uintmax_t x, char *out)
+{
+    ASSERT(out)
+    
+    int repr_size = compute_decimal_repr_size(x);
+    generate_decimal_repr(x, out, repr_size);
+    out[repr_size] = '\0';
+    
+    return repr_size;
+}
+
+#endif
diff --git a/client/3rd/PacketProcessor/PacketProcessor/tun2socks-iOS/misc/print_macros.h b/client/3rd/PacketProcessor/PacketProcessor/tun2socks-iOS/misc/print_macros.h
new file mode 100644
index 00000000..a07fdbe4
--- /dev/null
+++ b/client/3rd/PacketProcessor/PacketProcessor/tun2socks-iOS/misc/print_macros.h
@@ -0,0 +1,98 @@
+/**
+ * @file print_macros.h
+ * @author Ambroz Bizjak <ambrop7@gmail.com>
+ * 
+ * @section LICENSE
+ * 
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions are met:
+ * 1. Redistributions of source code must retain the above copyright
+ *    notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in the
+ *    documentation and/or other materials provided with the distribution.
+ * 3. Neither the name of the author nor the
+ *    names of its contributors may be used to endorse or promote products
+ *    derived from this software without specific prior written permission.
+ * 
+ * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS" AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED
+ * WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE
+ * DISCLAIMED. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY
+ * DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES
+ * (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
+ * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND
+ * ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
+ * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS
+ * SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
+ * 
+ * @section DESCRIPTION
+ * 
+ * Format macros for printf() for non-standard compilers.
+ */
+
+#ifndef BADVPN_PRINT_MACROS
+#define BADVPN_PRINT_MACROS
+
+#ifdef _MSC_VER
+
+// size_t
+#define PRIsz "Iu"
+
+// signed exact width (intN_t)
+#define PRId8 "d"
+#define PRIi8 "i"
+#define PRId16 "d"
+#define PRIi16 "i"
+#define PRId32 "I32d"
+#define PRIi32 "I32i"
+#define PRId64 "I64d"
+#define PRIi64 "I64i"
+
+// unsigned exact width (uintN_t)
+#define PRIo8 "o"
+#define PRIu8 "u"
+#define PRIx8 "x"
+#define PRIX8 "X"
+#define PRIo16 "o"
+#define PRIu16 "u"
+#define PRIx16 "x"
+#define PRIX16 "X"
+#define PRIo32 "I32o"
+#define PRIu32 "I32u"
+#define PRIx32 "I32x"
+#define PRIX32 "I32X"
+#define PRIo64 "I64o"
+#define PRIu64 "I64u"
+#define PRIx64 "I64x"
+#define PRIX64 "I64X"
+
+// signed maximum width (intmax_t)
+#define PRIdMAX "I64d"
+#define PRIiMAX "I64i"
+
+// unsigned maximum width (uintmax_t)
+#define PRIoMAX "I64o"
+#define PRIuMAX "I64u"
+#define PRIxMAX "I64x"
+#define PRIXMAX "I64X"
+
+// signed pointer (intptr_t)
+#define PRIdPTR "Id"
+#define PRIiPTR "Ii"
+
+// unsigned pointer (uintptr_t)
+#define PRIoPTR "Io"
+#define PRIuPTR "Iu"
+#define PRIxPTR "Ix"
+#define PRIXPTR "IX"
+
+#else
+
+#include <inttypes.h>
+
+#define PRIsz "zu"
+
+#endif
+
+#endif
diff --git a/client/3rd/PacketProcessor/PacketProcessor/tun2socks-iOS/misc/read_file.h b/client/3rd/PacketProcessor/PacketProcessor/tun2socks-iOS/misc/read_file.h
new file mode 100644
index 00000000..e1862e5b
--- /dev/null
+++ b/client/3rd/PacketProcessor/PacketProcessor/tun2socks-iOS/misc/read_file.h
@@ -0,0 +1,98 @@
+/**
+ * @file read_file.h
+ * @author Ambroz Bizjak <ambrop7@gmail.com>
+ * 
+ * @section LICENSE
+ * 
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions are met:
+ * 1. Redistributions of source code must retain the above copyright
+ *    notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in the
+ *    documentation and/or other materials provided with the distribution.
+ * 3. Neither the name of the author nor the
+ *    names of its contributors may be used to endorse or promote products
+ *    derived from this software without specific prior written permission.
+ * 
+ * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS" AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED
+ * WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE
+ * DISCLAIMED. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY
+ * DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES
+ * (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
+ * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND
+ * ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
+ * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS
+ * SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
+ * 
+ * @section DESCRIPTION
+ * 
+ * Function for reading a file into memory using stdio.
+ */
+
+#ifndef BADVPN_MISC_READ_FILE_H
+#define BADVPN_MISC_READ_FILE_H
+
+#include <stddef.h>
+#include <stdint.h>
+#include <stdlib.h>
+#include <stdio.h>
+
+static int read_file (const char *file, uint8_t **out_data, size_t *out_len)
+{
+    FILE *f = fopen(file, "r");
+    if (!f) {
+        goto fail0;
+    }
+    
+    size_t buf_len = 0;
+    size_t buf_size = 128;
+    
+    uint8_t *buf = (uint8_t *)malloc(buf_size);
+    if (!buf) {
+        goto fail1;
+    }
+    
+    while (1) {
+        if (buf_len == buf_size) {
+            if (2 > SIZE_MAX / buf_size) {
+                goto fail;
+            }
+            size_t newsize = 2 * buf_size;
+            
+            uint8_t *newbuf = (uint8_t *)realloc(buf, newsize);
+            if (!newbuf) {
+                goto fail;
+            }
+            
+            buf = newbuf;
+            buf_size = newsize;
+        }
+        
+        size_t bytes = fread(buf + buf_len, 1, buf_size - buf_len, f);
+        if (bytes == 0) {
+            if (feof(f)) {
+                break;
+            }
+            goto fail;
+        }
+        
+        buf_len += bytes;
+    }
+    
+    fclose(f);
+    
+    *out_data = buf;
+    *out_len = buf_len;
+    return 1;
+    
+fail:
+    free(buf);
+fail1:
+    fclose(f);
+fail0:
+    return 0;
+}
+
+#endif
diff --git a/client/3rd/PacketProcessor/PacketProcessor/tun2socks-iOS/misc/read_write_int.h b/client/3rd/PacketProcessor/PacketProcessor/tun2socks-iOS/misc/read_write_int.h
new file mode 100644
index 00000000..bc4ed2c0
--- /dev/null
+++ b/client/3rd/PacketProcessor/PacketProcessor/tun2socks-iOS/misc/read_write_int.h
@@ -0,0 +1,181 @@
+/**
+ * @file read_write_int.h
+ * @author Ambroz Bizjak <ambrop7@gmail.com>
+ * 
+ * @section LICENSE
+ * 
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions are met:
+ * 1. Redistributions of source code must retain the above copyright
+ *    notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in the
+ *    documentation and/or other materials provided with the distribution.
+ * 3. Neither the name of the author nor the
+ *    names of its contributors may be used to endorse or promote products
+ *    derived from this software without specific prior written permission.
+ * 
+ * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS" AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED
+ * WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE
+ * DISCLAIMED. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY
+ * DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES
+ * (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
+ * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND
+ * ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
+ * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS
+ * SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
+ */
+
+#ifndef BADVPN_READ_WRITE_INT_H
+#define BADVPN_READ_WRITE_INT_H
+
+#include <stdint.h>
+
+static uint8_t badvpn_read_le8 (const char *c_ptr);
+static uint16_t badvpn_read_le16 (const char *c_ptr);
+static uint32_t badvpn_read_le32 (const char *c_ptr);
+static uint64_t badvpn_read_le64 (const char *c_ptr);
+
+static uint8_t badvpn_read_be8 (const char *c_ptr);
+static uint16_t badvpn_read_be16 (const char *c_ptr);
+static uint32_t badvpn_read_be32 (const char *c_ptr);
+static uint64_t badvpn_read_be64 (const char *c_ptr);
+
+static void badvpn_write_le8 (uint8_t x, char *c_ptr);
+static void badvpn_write_le16 (uint16_t x, char *c_ptr);
+static void badvpn_write_le32 (uint32_t x, char *c_ptr);
+static void badvpn_write_le64 (uint64_t x, char *c_ptr);
+
+static void badvpn_write_be8 (uint8_t x, char *c_ptr);
+static void badvpn_write_be16 (uint16_t x, char *c_ptr);
+static void badvpn_write_be32 (uint32_t x, char *c_ptr);
+static void badvpn_write_be64 (uint64_t x, char *c_ptr);
+
+static uint8_t badvpn_read_le8 (const char *c_ptr)
+{
+    const uint8_t *ptr = (const uint8_t *)c_ptr;
+    return ((uint8_t)ptr[0] << 0);
+}
+
+static uint16_t badvpn_read_le16 (const char *c_ptr)
+{
+    const uint8_t *ptr = (const uint8_t *)c_ptr;
+    return ((uint16_t)ptr[1] << 8) | ((uint16_t)ptr[0] << 0);
+}
+
+static uint32_t badvpn_read_le32 (const char *c_ptr)
+{
+    const uint8_t *ptr = (const uint8_t *)c_ptr;
+    return ((uint32_t)ptr[3] << 24) | ((uint32_t)ptr[2] << 16) |
+           ((uint32_t)ptr[1] <<  8) | ((uint32_t)ptr[0] <<  0);
+}
+
+static uint64_t badvpn_read_le64 (const char *c_ptr)
+{
+    const uint8_t *ptr = (const uint8_t *)c_ptr;
+    return ((uint64_t)ptr[7] << 56) | ((uint64_t)ptr[6] << 48) |
+           ((uint64_t)ptr[5] << 40) | ((uint64_t)ptr[4] << 32) |
+           ((uint64_t)ptr[3] << 24) | ((uint64_t)ptr[2] << 16) |
+           ((uint64_t)ptr[1] <<  8) | ((uint64_t)ptr[0] <<  0);
+}
+
+static uint8_t badvpn_read_be8 (const char *c_ptr)
+{
+    const uint8_t *ptr = (const uint8_t *)c_ptr;
+    return ((uint8_t)ptr[0] << 0);
+}
+
+static uint16_t badvpn_read_be16 (const char *c_ptr)
+{
+    const uint8_t *ptr = (const uint8_t *)c_ptr;
+    return ((uint16_t)ptr[0] << 8) | ((uint16_t)ptr[1] << 0);
+}
+
+static uint32_t badvpn_read_be32 (const char *c_ptr)
+{
+    const uint8_t *ptr = (const uint8_t *)c_ptr;
+    return ((uint32_t)ptr[0] << 24) | ((uint32_t)ptr[1] << 16) |
+           ((uint32_t)ptr[2] <<  8) | ((uint32_t)ptr[3] <<  0);
+}
+
+static uint64_t badvpn_read_be64 (const char *c_ptr)
+{
+    const uint8_t *ptr = (const uint8_t *)c_ptr;
+    return ((uint64_t)ptr[0] << 56) | ((uint64_t)ptr[1] << 48) |
+           ((uint64_t)ptr[2] << 40) | ((uint64_t)ptr[3] << 32) |
+           ((uint64_t)ptr[4] << 24) | ((uint64_t)ptr[5] << 16) |
+           ((uint64_t)ptr[6] <<  8) | ((uint64_t)ptr[7] <<  0);
+}
+
+static void badvpn_write_le8 (uint8_t x, char *c_ptr)
+{
+    uint8_t *ptr = (uint8_t *)c_ptr;
+    ptr[0] = x >> 0;
+}
+
+static void badvpn_write_le16 (uint16_t x, char *c_ptr)
+{
+    uint8_t *ptr = (uint8_t *)c_ptr;
+    ptr[1] = x >> 8;
+    ptr[0] = x >> 0;
+}
+
+static void badvpn_write_le32 (uint32_t x, char *c_ptr)
+{
+    uint8_t *ptr = (uint8_t *)c_ptr;
+    ptr[3] = x >> 24;
+    ptr[2] = x >> 16;
+    ptr[1] = x >> 8;
+    ptr[0] = x >> 0;
+}
+
+static void badvpn_write_le64 (uint64_t x, char *c_ptr)
+{
+    uint8_t *ptr = (uint8_t *)c_ptr;
+    ptr[7] = x >> 56;
+    ptr[6] = x >> 48;
+    ptr[5] = x >> 40;
+    ptr[4] = x >> 32;
+    ptr[3] = x >> 24;
+    ptr[2] = x >> 16;
+    ptr[1] = x >> 8;
+    ptr[0] = x >> 0;
+}
+
+static void badvpn_write_be8 (uint8_t x, char *c_ptr)
+{
+    uint8_t *ptr = (uint8_t *)c_ptr;
+    ptr[0] = x >> 0;
+}
+
+static void badvpn_write_be16 (uint16_t x, char *c_ptr)
+{
+    uint8_t *ptr = (uint8_t *)c_ptr;
+    ptr[0] = x >> 8;
+    ptr[1] = x >> 0;
+}
+
+static void badvpn_write_be32 (uint32_t x, char *c_ptr)
+{
+    uint8_t *ptr = (uint8_t *)c_ptr;
+    ptr[0] = x >> 24;
+    ptr[1] = x >> 16;
+    ptr[2] = x >> 8;
+    ptr[3] = x >> 0;
+}
+
+static void badvpn_write_be64 (uint64_t x, char *c_ptr)
+{
+    uint8_t *ptr = (uint8_t *)c_ptr;
+    ptr[0] = x >> 56;
+    ptr[1] = x >> 48;
+    ptr[2] = x >> 40;
+    ptr[3] = x >> 32;
+    ptr[4] = x >> 24;
+    ptr[5] = x >> 16;
+    ptr[6] = x >> 8;
+    ptr[7] = x >> 0;
+}
+
+#endif
diff --git a/client/3rd/PacketProcessor/PacketProcessor/tun2socks-iOS/misc/socks_proto.h b/client/3rd/PacketProcessor/PacketProcessor/tun2socks-iOS/misc/socks_proto.h
new file mode 100644
index 00000000..94e4d9a6
--- /dev/null
+++ b/client/3rd/PacketProcessor/PacketProcessor/tun2socks-iOS/misc/socks_proto.h
@@ -0,0 +1,118 @@
+/**
+ * @file socks_proto.h
+ * @author Ambroz Bizjak <ambrop7@gmail.com>
+ * 
+ * @section LICENSE
+ * 
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions are met:
+ * 1. Redistributions of source code must retain the above copyright
+ *    notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in the
+ *    documentation and/or other materials provided with the distribution.
+ * 3. Neither the name of the author nor the
+ *    names of its contributors may be used to endorse or promote products
+ *    derived from this software without specific prior written permission.
+ * 
+ * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS" AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED
+ * WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE
+ * DISCLAIMED. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY
+ * DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES
+ * (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
+ * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND
+ * ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
+ * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS
+ * SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
+ * 
+ * @section DESCRIPTION
+ * 
+ * Definitions for the SOCKS protocol.
+ */
+
+#ifndef BADVPN_MISC_SOCKS_PROTO_H
+#define BADVPN_MISC_SOCKS_PROTO_H
+
+#include <stdint.h>
+
+#include "misc/packed.h"
+
+#define SOCKS_VERSION 0x05
+
+#define SOCKS_METHOD_NO_AUTHENTICATION_REQUIRED 0x00
+#define SOCKS_METHOD_GSSAPI 0x01
+#define SOCKS_METHOD_USERNAME_PASSWORD 0x02
+#define SOCKS_METHOD_NO_ACCEPTABLE_METHODS 0xFF
+
+#define SOCKS_CMD_CONNECT 0x01
+#define SOCKS_CMD_BIND 0x02
+#define SOCKS_CMD_UDP_ASSOCIATE 0x03
+
+#define SOCKS_ATYP_IPV4 0x01
+#define SOCKS_ATYP_DOMAINNAME 0x03
+#define SOCKS_ATYP_IPV6 0x04
+
+#define SOCKS_REP_SUCCEEDED 0x00
+#define SOCKS_REP_GENERAL_FAILURE 0x01
+#define SOCKS_REP_CONNECTION_NOT_ALLOWED 0x02
+#define SOCKS_REP_NETWORK_UNREACHABLE 0x03
+#define SOCKS_REP_HOST_UNREACHABLE 0x04
+#define SOCKS_REP_CONNECTION_REFUSED 0x05
+#define SOCKS_REP_TTL_EXPIRED 0x06
+#define SOCKS_REP_COMMAND_NOT_SUPPORTED 0x07
+#define SOCKS_REP_ADDRESS_TYPE_NOT_SUPPORTED 0x08
+
+B_START_PACKED
+struct socks_client_hello_header {
+    uint8_t ver;
+    uint8_t nmethods;
+} B_PACKED;
+B_END_PACKED
+
+B_START_PACKED
+struct socks_client_hello_method {
+    uint8_t method;
+} B_PACKED;
+B_END_PACKED
+
+B_START_PACKED
+struct socks_server_hello {
+    uint8_t ver;
+    uint8_t method;
+} B_PACKED;
+B_END_PACKED
+
+B_START_PACKED
+struct socks_request_header {
+    uint8_t ver;
+    uint8_t cmd;
+    uint8_t rsv;
+    uint8_t atyp;
+} B_PACKED;
+B_END_PACKED
+
+B_START_PACKED
+struct socks_reply_header {
+    uint8_t ver;
+    uint8_t rep;
+    uint8_t rsv;
+    uint8_t atyp;
+} B_PACKED;
+B_END_PACKED
+
+B_START_PACKED
+struct socks_addr_ipv4 {
+    uint32_t addr;
+    uint16_t port;
+} B_PACKED;
+B_END_PACKED
+
+B_START_PACKED
+struct socks_addr_ipv6 {
+    uint8_t addr[16];
+    uint16_t port;
+} B_PACKED;    
+B_END_PACKED
+
+#endif
diff --git a/client/3rd/PacketProcessor/PacketProcessor/tun2socks-iOS/misc/sslsocket.h b/client/3rd/PacketProcessor/PacketProcessor/tun2socks-iOS/misc/sslsocket.h
new file mode 100644
index 00000000..71e43c20
--- /dev/null
+++ b/client/3rd/PacketProcessor/PacketProcessor/tun2socks-iOS/misc/sslsocket.h
@@ -0,0 +1,48 @@
+/**
+ * @file sslsocket.h
+ * @author Ambroz Bizjak <ambrop7@gmail.com>
+ * 
+ * @section LICENSE
+ * 
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions are met:
+ * 1. Redistributions of source code must retain the above copyright
+ *    notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in the
+ *    documentation and/or other materials provided with the distribution.
+ * 3. Neither the name of the author nor the
+ *    names of its contributors may be used to endorse or promote products
+ *    derived from this software without specific prior written permission.
+ * 
+ * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS" AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED
+ * WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE
+ * DISCLAIMED. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY
+ * DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES
+ * (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
+ * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND
+ * ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
+ * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS
+ * SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
+ * 
+ * @section DESCRIPTION
+ * 
+ * Structure for moving around sockets, possibly together with SSL compoments.
+ */
+
+#ifndef BADVPN_MISC_SSLSOCKET_H
+#define BADVPN_MISC_SSLSOCKET_H
+
+#include <prio.h>
+
+#include <system/BConnection.h>
+#include <nspr_support/BSSLConnection.h>
+
+typedef struct {
+    BConnection con;
+    PRFileDesc bottom_prfd;
+    PRFileDesc *ssl_prfd;
+} sslsocket;
+
+#endif
diff --git a/client/3rd/PacketProcessor/PacketProcessor/tun2socks-iOS/misc/stdbuf_cmdline.h b/client/3rd/PacketProcessor/PacketProcessor/tun2socks-iOS/misc/stdbuf_cmdline.h
new file mode 100644
index 00000000..8459c645
--- /dev/null
+++ b/client/3rd/PacketProcessor/PacketProcessor/tun2socks-iOS/misc/stdbuf_cmdline.h
@@ -0,0 +1,92 @@
+/**
+ * @file stdbuf_cmdline.h
+ * @author Ambroz Bizjak <ambrop7@gmail.com>
+ * 
+ * @section LICENSE
+ * 
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions are met:
+ * 1. Redistributions of source code must retain the above copyright
+ *    notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in the
+ *    documentation and/or other materials provided with the distribution.
+ * 3. Neither the name of the author nor the
+ *    names of its contributors may be used to endorse or promote products
+ *    derived from this software without specific prior written permission.
+ * 
+ * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS" AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED
+ * WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE
+ * DISCLAIMED. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY
+ * DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES
+ * (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
+ * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND
+ * ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
+ * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS
+ * SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
+ * 
+ * @section DESCRIPTION
+ * 
+ * Builds command line for running a program via stdbuf.
+ */
+
+#ifndef BADVPN_STDBUF_CMDLINE_H
+#define BADVPN_STDBUF_CMDLINE_H
+
+#include <string.h>
+
+#include <misc/debug.h>
+#include <misc/cmdline.h>
+#include <misc/balloc.h>
+
+/**
+ * Builds the initial part of command line for calling a program via stdbuf
+ * with standard output buffering set to line-buffered.
+ * 
+ * @param out {@link CmdLine} to append the result to. Note than on failure, only
+ *            some part of the cmdline may have been appended.
+ * @param stdbuf_exec full path to stdbuf executable
+ * @param exec path to the executable. Must not contain nulls. 
+ * @param exec_len number of characters in exec
+ * @return 1 on success, 0 on failure
+ */
+static int build_stdbuf_cmdline (CmdLine *out, const char *stdbuf_exec, const char *exec, size_t exec_len) WARN_UNUSED;
+
+int build_stdbuf_cmdline (CmdLine *out, const char *stdbuf_exec, const char *exec, size_t exec_len)
+{
+    ASSERT(!memchr(exec, '\0', exec_len))
+    
+    if (!CmdLine_AppendMulti(out, 3, stdbuf_exec, "-o", "L")) {
+        goto fail1;
+    }
+    
+    if (exec[0] == '/') {
+        if (!CmdLine_AppendNoNull(out, exec, exec_len)) {
+            goto fail1;
+        }
+    } else {
+        bsize_t size = bsize_add(bsize_fromsize(exec_len), bsize_fromsize(3));
+        char *real_exec = BAllocSize(size);
+        if (!real_exec) {
+            goto fail1;
+        }
+        
+        memcpy(real_exec, "./", 2);
+        memcpy(real_exec + 2, exec, exec_len);
+        real_exec[2 + exec_len] = '\0';
+        
+        int res = CmdLine_Append(out, real_exec);
+        free(real_exec);
+        if (!res) {
+            goto fail1;
+        }
+    }
+    
+    return 1;
+    
+fail1:
+    return 0;
+}
+
+#endif
diff --git a/client/3rd/PacketProcessor/PacketProcessor/tun2socks-iOS/misc/strdup.h b/client/3rd/PacketProcessor/PacketProcessor/tun2socks-iOS/misc/strdup.h
new file mode 100644
index 00000000..7f57af1a
--- /dev/null
+++ b/client/3rd/PacketProcessor/PacketProcessor/tun2socks-iOS/misc/strdup.h
@@ -0,0 +1,86 @@
+/**
+ * @file strdup.h
+ * @author Ambroz Bizjak <ambrop7@gmail.com>
+ * 
+ * @section LICENSE
+ * 
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions are met:
+ * 1. Redistributions of source code must retain the above copyright
+ *    notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in the
+ *    documentation and/or other materials provided with the distribution.
+ * 3. Neither the name of the author nor the
+ *    names of its contributors may be used to endorse or promote products
+ *    derived from this software without specific prior written permission.
+ * 
+ * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS" AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED
+ * WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE
+ * DISCLAIMED. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY
+ * DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES
+ * (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
+ * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND
+ * ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
+ * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS
+ * SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
+ * 
+ * @section DESCRIPTION
+ * 
+ * Allocate memory for a string and copy it there.
+ */
+
+#ifndef BADVPN_STRDUP_H
+#define BADVPN_STRDUP_H
+
+#include <string.h>
+#include <stdlib.h>
+#include <limits.h>
+
+#include "misc/debug.h"
+
+/**
+ * Allocate and copy a null-terminated string.
+ */
+static char * b_strdup (const char *str)
+{
+    ASSERT(str)
+    
+    size_t len = strlen(str);
+    
+    char *s = (char *)malloc(len + 1);
+    if (!s) {
+        return NULL;
+    }
+    
+    memcpy(s, str, len + 1);
+    
+    return s;
+}
+
+/**
+ * Allocate memory for a null-terminated string and use the
+ * given data as its contents. A null terminator is appended
+ * after the specified data.
+ */
+static char * b_strdup_bin (const char *str, size_t len)
+{
+    ASSERT(str)
+    
+    if (len == SIZE_MAX) {
+        return NULL;
+    }
+    
+    char *s = (char *)malloc(len + 1);
+    if (!s) {
+        return NULL;
+    }
+    
+    memcpy(s, str, len);
+    s[len] = '\0';
+    
+    return s;
+}
+
+#endif
diff --git a/client/3rd/PacketProcessor/PacketProcessor/tun2socks-iOS/misc/string_begins_with.h b/client/3rd/PacketProcessor/PacketProcessor/tun2socks-iOS/misc/string_begins_with.h
new file mode 100644
index 00000000..3c9c5e91
--- /dev/null
+++ b/client/3rd/PacketProcessor/PacketProcessor/tun2socks-iOS/misc/string_begins_with.h
@@ -0,0 +1,96 @@
+/**
+ * @file string_begins_with.h
+ * @author Ambroz Bizjak <ambrop7@gmail.com>
+ * 
+ * @section LICENSE
+ * 
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions are met:
+ * 1. Redistributions of source code must retain the above copyright
+ *    notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in the
+ *    documentation and/or other materials provided with the distribution.
+ * 3. Neither the name of the author nor the
+ *    names of its contributors may be used to endorse or promote products
+ *    derived from this software without specific prior written permission.
+ * 
+ * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS" AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED
+ * WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE
+ * DISCLAIMED. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY
+ * DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES
+ * (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
+ * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND
+ * ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
+ * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS
+ * SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
+ * 
+ * @section DESCRIPTION
+ * 
+ * Function for checking if a string begins with a given string.
+ */
+
+#ifndef BADVPN_MISC_STRING_BEGINS_WITH
+#define BADVPN_MISC_STRING_BEGINS_WITH
+
+#include <stddef.h>
+#include <string.h>
+
+#include <misc/debug.h>
+
+static size_t data_begins_with (const char *str, size_t str_len, const char *needle)
+{
+    ASSERT(strlen(needle) > 0)
+    
+    size_t len = 0;
+    
+    while (str_len > 0 && *needle) {
+        if (*str != *needle) {
+            return 0;
+        }
+        str++;
+        str_len--;
+        needle++;
+        len++;
+    }
+    
+    if (*needle) {
+        return 0;
+    }
+    
+    return len;
+}
+
+static size_t string_begins_with (const char *str, const char *needle)
+{
+    ASSERT(strlen(needle) > 0)
+    
+    return data_begins_with(str, strlen(str), needle);
+}
+
+static size_t data_begins_with_bin (const char *str, size_t str_len, const char *needle, size_t needle_len)
+{
+    ASSERT(needle_len > 0)
+    
+    size_t len = 0;
+    
+    while (str_len > 0 && needle_len > 0) {
+        if (*str != *needle) {
+            return 0;
+        }
+        str++;
+        str_len--;
+        needle++;
+        needle_len--;
+        len++;
+    }
+    
+    if (needle_len > 0) {
+        return 0;
+    }
+    
+    return len;
+}
+
+#endif
diff --git a/client/3rd/PacketProcessor/PacketProcessor/tun2socks-iOS/misc/substring.h b/client/3rd/PacketProcessor/PacketProcessor/tun2socks-iOS/misc/substring.h
new file mode 100644
index 00000000..958d5ffc
--- /dev/null
+++ b/client/3rd/PacketProcessor/PacketProcessor/tun2socks-iOS/misc/substring.h
@@ -0,0 +1,82 @@
+#include <stddef.h>
+
+#include <misc/debug.h>
+#include <misc/memref.h>
+
+static void build_substring_backtrack_table (MemRef str, size_t *out_table)
+{
+    ASSERT(str.len > 0)
+    
+    size_t x = 0;
+    
+    for (size_t i = 1; i < str.len; i++) {
+        out_table[i] = x;
+        while (x > 0 && str.ptr[i] != str.ptr[x]) {
+            x = out_table[x];
+        }
+        if (str.ptr[i] == str.ptr[x]) {
+            x++;
+        }
+    }
+}
+
+static int find_substring (MemRef text, MemRef word, const size_t *table, size_t *out_position)
+{
+    ASSERT(word.len > 0)
+    
+    size_t x = 0;
+    
+    for (size_t i = 0; i < text.len; i++) {
+        while (x > 0 && text.ptr[i] != word.ptr[x]) {
+            x = table[x];
+        }
+        if (text.ptr[i] == word.ptr[x]) {
+            if (x + 1 == word.len) {
+                *out_position = i - x;
+                return 1;
+            }
+            x++;
+        }
+    }
+    
+    return 0;
+}
+
+static void build_substring_backtrack_table_reverse (MemRef str, size_t *out_table)
+{
+    ASSERT(str.len > 0)
+    
+    size_t x = 0;
+    
+    for (size_t i = 1; i < str.len; i++) {
+        out_table[i] = x;
+        while (x > 0 && str.ptr[str.len - 1 - i] != str.ptr[str.len - 1 - x]) {
+            x = out_table[x];
+        }
+        if (str.ptr[str.len - 1 - i] == str.ptr[str.len - 1 - x]) {
+            x++;
+        }
+    }
+}
+
+static int find_substring_reverse (MemRef text, MemRef word, const size_t *table, size_t *out_position)
+{
+    ASSERT(word.len > 0)
+    
+    size_t x = 0;
+    
+    for (size_t i = 0; i < text.len; i++) {
+        while (x > 0 && text.ptr[text.len - 1 - i] != word.ptr[word.len - 1 - x]) {
+            x = table[x];
+        }
+        if (text.ptr[text.len - 1 - i] == word.ptr[word.len - 1 - x]) {
+            if (x + 1 == word.len) {
+                *out_position = (text.len - 1 - i);
+                return 1;
+            }
+            x++;
+        }
+    }
+    
+    return 0;
+}
diff --git a/client/3rd/PacketProcessor/PacketProcessor/tun2socks-iOS/misc/udp_proto.h b/client/3rd/PacketProcessor/PacketProcessor/tun2socks-iOS/misc/udp_proto.h
new file mode 100644
index 00000000..fde677ad
--- /dev/null
+++ b/client/3rd/PacketProcessor/PacketProcessor/tun2socks-iOS/misc/udp_proto.h
@@ -0,0 +1,170 @@
+/**
+ * @file udp_proto.h
+ * @author Ambroz Bizjak <ambrop7@gmail.com>
+ * 
+ * @section LICENSE
+ * 
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions are met:
+ * 1. Redistributions of source code must retain the above copyright
+ *    notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in the
+ *    documentation and/or other materials provided with the distribution.
+ * 3. Neither the name of the author nor the
+ *    names of its contributors may be used to endorse or promote products
+ *    derived from this software without specific prior written permission.
+ * 
+ * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS" AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED
+ * WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE
+ * DISCLAIMED. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY
+ * DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES
+ * (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
+ * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND
+ * ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
+ * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS
+ * SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
+ * 
+ * @section DESCRIPTION
+ * 
+ * Definitions for the UDP protocol.
+ */
+
+#ifndef BADVPN_MISC_UDP_PROTO_H
+#define BADVPN_MISC_UDP_PROTO_H
+
+#include <stdint.h>
+
+#include "misc/debug.h"
+#include "misc/byteorder.h"
+#include "misc/ipv4_proto.h"
+#include "misc/ipv6_proto.h"
+#include "misc/read_write_int.h"
+
+B_START_PACKED
+struct udp_header {
+    uint16_t source_port;
+    uint16_t dest_port;
+    uint16_t length;
+    uint16_t checksum;
+} B_PACKED;
+B_END_PACKED
+
+static uint32_t udp_checksum_summer (const char *data, uint16_t len)
+{
+    ASSERT(len % 2 == 0)
+    
+    uint32_t t = 0;
+    
+    for (uint16_t i = 0; i < len / 2; i++) {
+        t += badvpn_read_be16(data + 2 * i);
+    }
+    
+    return t;
+}
+
+static uint16_t udp_checksum (const struct udp_header *header, const uint8_t *payload, uint16_t payload_len, uint32_t source_addr, uint32_t dest_addr)
+{
+    uint32_t t = 0;
+    
+    t += udp_checksum_summer((char *)&source_addr, sizeof(source_addr));
+    t += udp_checksum_summer((char *)&dest_addr, sizeof(dest_addr));
+    
+    uint16_t x;
+    x = hton16(IPV4_PROTOCOL_UDP);
+    t += udp_checksum_summer((char *)&x, sizeof(x));
+    x = hton16(sizeof(*header) + payload_len);
+    t += udp_checksum_summer((char *)&x, sizeof(x));
+    
+    t += udp_checksum_summer((const char *)header, sizeof(*header));
+    
+    if (payload_len % 2 == 0) {
+        t += udp_checksum_summer((const char *)payload, payload_len);
+    } else {
+        t += udp_checksum_summer((const char *)payload, payload_len - 1);
+        
+        x = hton16(((uint16_t)payload[payload_len - 1]) << 8);
+        t += udp_checksum_summer((char *)&x, sizeof(x));
+    }
+    
+    while (t >> 16) {
+        t = (t & 0xFFFF) + (t >> 16);
+    }
+    
+    if (t == 0) {
+        t = UINT16_MAX;
+    }
+    
+    return hton16(~t);
+}
+
+static uint16_t udp_ip6_checksum (const struct udp_header *header, const uint8_t *payload, uint16_t payload_len, const uint8_t *source_addr, const uint8_t *dest_addr)
+{
+    uint32_t t = 0;
+    
+    t += udp_checksum_summer((const char *)source_addr, 16);
+    t += udp_checksum_summer((const char *)dest_addr, 16);
+    
+    uint32_t x;
+    x = hton32(sizeof(*header) + payload_len);
+    t += udp_checksum_summer((char *)&x, sizeof(x));
+    x = hton32(IPV6_NEXT_UDP);
+    t += udp_checksum_summer((char *)&x, sizeof(x));
+    
+    t += udp_checksum_summer((const char *)header, sizeof(*header));
+    
+    if (payload_len % 2 == 0) {
+        t += udp_checksum_summer((const char *)payload, payload_len);
+    } else {
+        t += udp_checksum_summer((const char *)payload, payload_len - 1);
+        
+        uint16_t y;
+        y = hton16(((uint16_t)payload[payload_len - 1]) << 8);
+        t += udp_checksum_summer((char *)&y, sizeof(y));
+    }
+    
+    while (t >> 16) {
+        t = (t & 0xFFFF) + (t >> 16);
+    }
+    
+    if (t == 0) {
+        t = UINT16_MAX;
+    }
+    
+    return hton16(~t);
+}
+
+static int udp_check (const uint8_t *data, int data_len, struct udp_header *out_header, uint8_t **out_payload, int *out_payload_len)
+{
+    ASSERT(data_len >= 0)
+    ASSERT(out_header)
+    ASSERT(out_payload)
+    ASSERT(out_payload_len)
+    
+    // parse UDP header
+    if (data_len < sizeof(struct udp_header)) {
+        return 0;
+    }
+    memcpy(out_header, data, sizeof(*out_header));
+    data += sizeof(*out_header);
+    data_len -= sizeof(*out_header);
+    
+    // verify UDP payload
+    int udp_length = ntoh16(out_header->length);
+    if (udp_length < sizeof(*out_header)) {
+        return 0;
+    }
+    if (udp_length > sizeof(*out_header) + data_len) {
+        return 0;
+    }
+    
+    // ignore stray data
+    data_len = udp_length - sizeof(*out_header);
+    
+    *out_payload = (uint8_t *)data;
+    *out_payload_len = data_len;
+    return 1;
+}
+
+#endif
diff --git a/client/3rd/PacketProcessor/PacketProcessor/tun2socks-iOS/misc/unicode_funcs.h b/client/3rd/PacketProcessor/PacketProcessor/tun2socks-iOS/misc/unicode_funcs.h
new file mode 100644
index 00000000..2442e7fe
--- /dev/null
+++ b/client/3rd/PacketProcessor/PacketProcessor/tun2socks-iOS/misc/unicode_funcs.h
@@ -0,0 +1,232 @@
+/**
+ * @file unicode_funcs.h
+ * @author Ambroz Bizjak <ambrop7@gmail.com>
+ * 
+ * @section LICENSE
+ * 
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions are met:
+ * 1. Redistributions of source code must retain the above copyright
+ *    notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in the
+ *    documentation and/or other materials provided with the distribution.
+ * 3. Neither the name of the author nor the
+ *    names of its contributors may be used to endorse or promote products
+ *    derived from this software without specific prior written permission.
+ * 
+ * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS" AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED
+ * WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE
+ * DISCLAIMED. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY
+ * DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES
+ * (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
+ * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND
+ * ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
+ * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS
+ * SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
+ */
+
+#ifndef BADVPN_UNICODE_FUNCS_H
+#define BADVPN_UNICODE_FUNCS_H
+
+#include <misc/expstring.h>
+#include <misc/bsize.h>
+#include <misc/Utf8Encoder.h>
+#include <misc/Utf8Decoder.h>
+#include <misc/Utf16Encoder.h>
+#include <misc/Utf16Decoder.h>
+
+/**
+ * Decodes UTF-16 data as bytes into an allocated null-terminated UTF-8 string.
+ * 
+ * @param data UTF-16 data, in big endian
+ * @param data_len size of data in bytes
+ * @param out_is_error if not NULL and the function returns a string,
+ *                     *out_is_error will be set to 0 or 1, indicating
+ *                     whether there have been errors decoding the input.
+ *                     A null decoded character is treated as an error.
+ * @return An UTF-8 null-terminated string which can be freed with free(),
+ *         or NULL if out of memory.
+ */
+static char * unicode_decode_utf16_to_utf8 (const uint8_t *data, size_t data_len, int *out_is_error);
+
+/**
+ * Decodes UTF-8 data into UTF-16 data as bytes.
+ * 
+ * @param data UTF-8 data
+ * @param data_len size of data in bytes
+ * @param out output buffer
+ * @param out_avail number of bytes available in output buffer
+ * @param out_len if not NULL, *out_len will contain the number of bytes
+ *                required to store the resulting data (or overflow)
+ * @param out_is_error if not NULL, *out_is_error will contain 0 or 1,
+ *                     indicating whether there have been errors decoding
+ *                     the input
+ */
+static void unicode_decode_utf8_to_utf16 (const uint8_t *data, size_t data_len, uint8_t *out, size_t out_avail, bsize_t *out_len, int *out_is_error);
+
+static char * unicode_decode_utf16_to_utf8 (const uint8_t *data, size_t data_len, int *out_is_error)
+{
+    // will build the resulting UTF-8 string by appending to ExpString
+    ExpString str;
+    if (!ExpString_Init(&str)) {
+        goto fail0;
+    }
+    
+    // init UTF-16 decoder
+    Utf16Decoder decoder;
+    Utf16Decoder_Init(&decoder);
+    
+    // set initial input and input matching positions
+    size_t i_in = 0;
+    size_t i_ch = 0;
+    
+    int error = 0;
+    
+    while (i_in < data_len) {
+        // read two input bytes from the input position
+        uint8_t x = data[i_in++];
+        if (i_in == data_len) {
+            break;
+        }
+        uint8_t y = data[i_in++];
+        
+        // combine them into a 16-bit value
+        uint16_t xy = (((uint16_t)x << 8) | (uint16_t)y);
+        
+        // give the 16-bit value to the UTF-16 decoder and maybe
+        // receive a Unicode character back
+        uint32_t ch;
+        if (!Utf16Decoder_Input(&decoder, xy, &ch)) {
+            continue;
+        }
+        
+        if (!error) {
+            // encode the Unicode character back into UTF-16
+            uint16_t chenc[2];
+            int chenc_n = Utf16Encoder_EncodeCharacter(ch, chenc);
+            ASSERT(chenc_n > 0)
+            
+            // match the result with input
+            for (int chenc_i = 0; chenc_i < chenc_n; chenc_i++) {
+                uint8_t cx = (chenc[chenc_i] >> 8);
+                uint8_t cy = (chenc[chenc_i] & 0xFF);
+                
+                if (i_ch >= data_len || data[i_ch] != cx) {
+                    error = 1;
+                    break;
+                }
+                i_ch++;
+                
+                if (i_ch >= data_len || data[i_ch] != cy) {
+                    error = 1;
+                    break;
+                }
+                i_ch++;
+            }
+        }
+        
+        // we don't like null Unicode characters because we're building a
+        // null-terminated UTF-8 string
+        if (ch == 0) {
+            error = 1;
+            continue;
+        }
+        
+        // encode the Unicode character into UTF-8
+        uint8_t enc[5];
+        int enc_n = Utf8Encoder_EncodeCharacter(ch, enc);
+        ASSERT(enc_n > 0)
+        
+        // append the resulting UTF-8 bytes to the result string
+        enc[enc_n] = 0;
+        if (!ExpString_Append(&str, enc)) {
+            goto fail1;
+        }
+    }
+    
+    // check if we matched the whole input string when encoding back
+    if (i_ch < data_len) {
+        error = 1;
+    }
+    
+    if (out_is_error) {
+        *out_is_error = error;
+    }
+    return ExpString_Get(&str);
+    
+fail1:
+    ExpString_Free(&str);
+fail0:
+    return NULL;
+}
+
+static void unicode_decode_utf8_to_utf16 (const uint8_t *data, size_t data_len, uint8_t *out, size_t out_avail, bsize_t *out_len, int *out_is_error)
+{
+    Utf8Decoder decoder;
+    Utf8Decoder_Init(&decoder);
+    
+    size_t i_in = 0;
+    size_t i_ch = 0;
+    
+    bsize_t len = bsize_fromsize(0);
+    
+    int error = 0;
+    
+    while (i_in < data_len) {
+        uint8_t x = data[i_in++];
+        
+        uint32_t ch;
+        if (!Utf8Decoder_Input(&decoder, x, &ch)) {
+            continue;
+        }
+        
+        if (!error) {
+            uint8_t chenc[4];
+            int chenc_n = Utf8Encoder_EncodeCharacter(ch, chenc);
+            ASSERT(chenc_n > 0)
+            
+            for (int chenc_i = 0; chenc_i < chenc_n; chenc_i++) {
+                if (i_ch >= data_len || data[i_ch] != chenc[chenc_i]) {
+                    error = 1;
+                    break;
+                }
+                i_ch++;
+            }
+        }
+        
+        uint16_t enc[2];
+        int enc_n = Utf16Encoder_EncodeCharacter(ch, enc);
+        ASSERT(enc_n > 0)
+        
+        len = bsize_add(len, bsize_fromsize(2 * enc_n));
+        
+        for (int enc_i = 0; enc_i < enc_n; enc_i++) {
+            if (out_avail == 0) {
+                break;
+            }
+            *(out++) = (enc[enc_i] >> 8);
+            out_avail--;
+            
+            if (out_avail == 0) {
+                break;
+            }
+            *(out++) = (enc[enc_i] & 0xFF);
+            out_avail--;
+        }
+    }
+    
+    if (i_ch < data_len) {
+        error = 1;
+    }
+    
+    if (out_len) {
+        *out_len = len;
+    }
+    if (out_is_error) {
+        *out_is_error = error;
+    }
+}
+
+#endif
diff --git a/client/3rd/PacketProcessor/PacketProcessor/tun2socks-iOS/misc/version.h b/client/3rd/PacketProcessor/PacketProcessor/tun2socks-iOS/misc/version.h
new file mode 100644
index 00000000..1079ab09
--- /dev/null
+++ b/client/3rd/PacketProcessor/PacketProcessor/tun2socks-iOS/misc/version.h
@@ -0,0 +1,41 @@
+/**
+ * @file version.h
+ * @author Ambroz Bizjak <ambrop7@gmail.com>
+ * 
+ * @section LICENSE
+ * 
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions are met:
+ * 1. Redistributions of source code must retain the above copyright
+ *    notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in the
+ *    documentation and/or other materials provided with the distribution.
+ * 3. Neither the name of the author nor the
+ *    names of its contributors may be used to endorse or promote products
+ *    derived from this software without specific prior written permission.
+ * 
+ * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS" AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED
+ * WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE
+ * DISCLAIMED. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY
+ * DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES
+ * (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
+ * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND
+ * ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
+ * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS
+ * SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
+ * 
+ * @section DESCRIPTION
+ * 
+ * Product information definitions.
+ */
+
+#ifndef BADVPN_MISC_VERSION_H
+#define BADVPN_MISC_VERSION_H
+
+#define GLOBAL_PRODUCT_NAME "BadVPN"
+#define GLOBAL_VERSION "1.999.130"
+#define GLOBAL_COPYRIGHT_NOTICE "Copyright (C) 2010 Ambroz Bizjak <ambrop7@gmail.com>"
+
+#endif
diff --git a/client/3rd/PacketProcessor/PacketProcessor/tun2socks-iOS/misc/write_file.h b/client/3rd/PacketProcessor/PacketProcessor/tun2socks-iOS/misc/write_file.h
new file mode 100644
index 00000000..50b323a5
--- /dev/null
+++ b/client/3rd/PacketProcessor/PacketProcessor/tun2socks-iOS/misc/write_file.h
@@ -0,0 +1,70 @@
+/**
+ * @file write_file.h
+ * @author Ambroz Bizjak <ambrop7@gmail.com>
+ * 
+ * @section LICENSE
+ * 
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions are met:
+ * 1. Redistributions of source code must retain the above copyright
+ *    notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in the
+ *    documentation and/or other materials provided with the distribution.
+ * 3. Neither the name of the author nor the
+ *    names of its contributors may be used to endorse or promote products
+ *    derived from this software without specific prior written permission.
+ * 
+ * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS" AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED
+ * WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE
+ * DISCLAIMED. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY
+ * DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES
+ * (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
+ * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND
+ * ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
+ * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS
+ * SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
+ */
+
+#ifndef BADVPN_WRITE_FILE_H
+#define BADVPN_WRITE_FILE_H
+
+#include <stddef.h>
+#include <stdint.h>
+#include <stdio.h>
+
+#include <misc/debug.h>
+#include <misc/memref.h>
+
+static int write_file (const char *file, MemRef data)
+{
+    FILE *f = fopen(file, "w");
+    if (!f) {
+        goto fail0;
+    }
+    
+    while (data.len > 0) {
+        size_t res = fwrite(data.ptr, 1, data.len, f);
+        if (res == 0) {
+            goto fail1;
+        }
+        
+        ASSERT(res <= data.len)
+        
+        data = MemRef_SubFrom(data, res);
+    }
+    
+    if (fclose(f) != 0) {
+        return 0;
+    }
+    
+    return 1;
+    
+fail1:
+    fclose(f);
+fail0:
+    return 0;
+}
+
+#endif
diff --git a/client/3rd/PacketProcessor/PacketProcessor/tun2socks-iOS/protocol/addr.bproto b/client/3rd/PacketProcessor/PacketProcessor/tun2socks-iOS/protocol/addr.bproto
new file mode 100644
index 00000000..f020350d
--- /dev/null
+++ b/client/3rd/PacketProcessor/PacketProcessor/tun2socks-iOS/protocol/addr.bproto
@@ -0,0 +1,11 @@
+// message for an AddrProto address
+message addr {
+    // address type. from addr.h
+    required uint8 type = 1;
+    // for IPv4 and IPv6 addresses, the port (network byte order)
+    optional data("2") ip_port = 2;
+    // for IPv4 addresses, the IP address
+    optional data("4") ipv4_addr = 3;
+    // for IPv6 addresses, the IP address
+    optional data("16") ipv6_addr = 4;
+};
diff --git a/client/3rd/PacketProcessor/PacketProcessor/tun2socks-iOS/protocol/addr.h b/client/3rd/PacketProcessor/PacketProcessor/tun2socks-iOS/protocol/addr.h
new file mode 100644
index 00000000..9d202654
--- /dev/null
+++ b/client/3rd/PacketProcessor/PacketProcessor/tun2socks-iOS/protocol/addr.h
@@ -0,0 +1,207 @@
+/**
+ * @file addr.h
+ * @author Ambroz Bizjak <ambrop7@gmail.com>
+ * 
+ * @section LICENSE
+ * 
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions are met:
+ * 1. Redistributions of source code must retain the above copyright
+ *    notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in the
+ *    documentation and/or other materials provided with the distribution.
+ * 3. Neither the name of the author nor the
+ *    names of its contributors may be used to endorse or promote products
+ *    derived from this software without specific prior written permission.
+ * 
+ * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS" AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED
+ * WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE
+ * DISCLAIMED. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY
+ * DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES
+ * (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
+ * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND
+ * ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
+ * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS
+ * SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
+ * 
+ * @section DESCRIPTION
+ * 
+ * AddrProto, a protocol for encoding network addresses.
+ * 
+ * AddrProto is built with BProto, the protocol and code generator for building
+ * custom message protocols. The BProto specification file is addr.bproto.
+ */
+
+#ifndef BADVPN_PROTOCOL_ADDR_H
+#define BADVPN_PROTOCOL_ADDR_H
+
+#include <stdint.h>
+#include <string.h>
+
+#include <misc/debug.h>
+#include <system/BAddr.h>
+#include <base/BLog.h>
+
+#include <generated/bproto_addr.h>
+
+#include <generated/blog_channel_addr.h>
+
+#define ADDR_TYPE_IPV4 1
+#define ADDR_TYPE_IPV6 2
+
+#define ADDR_SIZE_IPV4 (addr_SIZEtype + addr_SIZEip_port + addr_SIZEipv4_addr)
+#define ADDR_SIZE_IPV6 (addr_SIZEtype + addr_SIZEip_port + addr_SIZEipv6_addr)
+
+/**
+ * Determines if the given address is supported by AddrProto.
+ * Depends only on the type of the address.
+ *
+ * @param addr address to check. Must be recognized according to {@link BAddr_IsRecognized}.
+ * @return 1 if supported, 0 if not
+ */
+static int addr_supported (BAddr addr);
+
+/**
+ * Determines the size of the given address when encoded by AddrProto.
+ * Depends only on the type of the address.
+ *
+ * @param addr address to check. Must be supported according to {@link addr_supported}.
+ * @return encoded size
+ */
+static int addr_size (BAddr addr);
+
+/**
+ * Encodes an address according to AddrProto.
+ *
+ * @param out output buffer. Must have at least addr_size(addr) space.
+ * @param addr address to encode. Must be supported according to {@link addr_supported}.
+ */
+static void addr_write (uint8_t *out, BAddr addr);
+
+/**
+ * Decodes an address according to AddrProto.
+ *
+ * @param data input buffer containing the address to decode
+ * @param data_len size of input. Must be >=0.
+ * @param out_addr the decoded address will be stored here on success
+ * @return 1 on success, 0 on failure
+ */
+static int addr_read (uint8_t *data, int data_len, BAddr *out_addr) WARN_UNUSED;
+
+int addr_supported (BAddr addr)
+{
+    BAddr_Assert(&addr);
+    
+    switch (addr.type) {
+        case BADDR_TYPE_IPV4:
+        case BADDR_TYPE_IPV6:
+            return 1;
+        default:
+            return 0;
+    }
+}
+
+int addr_size (BAddr addr)
+{
+    ASSERT(addr_supported(addr))
+    
+    switch (addr.type) {
+        case BADDR_TYPE_IPV4:
+            return ADDR_SIZE_IPV4;
+        case BADDR_TYPE_IPV6:
+            return ADDR_SIZE_IPV6;
+        default:
+            ASSERT(0)
+            return 0;
+    }
+}
+
+void addr_write (uint8_t *out, BAddr addr)
+{
+    ASSERT(addr_supported(addr))
+    
+    addrWriter writer;
+    addrWriter_Init(&writer, out);
+    
+    switch (addr.type) {
+        case BADDR_TYPE_IPV4: {
+            addrWriter_Addtype(&writer, ADDR_TYPE_IPV4);
+            uint8_t *out_port = addrWriter_Addip_port(&writer);
+            memcpy(out_port, &addr.ipv4.port, sizeof(addr.ipv4.port));
+            uint8_t *out_addr = addrWriter_Addipv4_addr(&writer);
+            memcpy(out_addr, &addr.ipv4.ip, sizeof(addr.ipv4.ip));
+        } break;
+        case BADDR_TYPE_IPV6: {
+            addrWriter_Addtype(&writer, ADDR_TYPE_IPV6);
+            uint8_t *out_port = addrWriter_Addip_port(&writer);
+            memcpy(out_port, &addr.ipv6.port, sizeof(addr.ipv6.port));
+            uint8_t *out_addr = addrWriter_Addipv6_addr(&writer);
+            memcpy(out_addr, addr.ipv6.ip, sizeof(addr.ipv6.ip));
+        } break;
+        default:
+            ASSERT(0);
+    }
+    
+    int len = addrWriter_Finish(&writer);
+    B_USE(len)
+    
+    ASSERT(len == addr_size(addr))
+}
+
+int addr_read (uint8_t *data, int data_len, BAddr *out_addr)
+{
+    ASSERT(data_len >= 0)
+    
+    addrParser parser;
+    if (!addrParser_Init(&parser, data, data_len)) {
+        BLog(BLOG_ERROR, "failed to parse addr");
+        return 0;
+    }
+    
+    uint8_t type = 0; // to remove warning
+    addrParser_Gettype(&parser, &type);
+    
+    switch (type) {
+        case ADDR_TYPE_IPV4: {
+            uint8_t *port_data;
+            if (!addrParser_Getip_port(&parser, &port_data)) {
+                BLog(BLOG_ERROR, "port missing for IPv4 address");
+                return 0;
+            }
+            uint8_t *addr_data;
+            if (!addrParser_Getipv4_addr(&parser, &addr_data)) {
+                BLog(BLOG_ERROR, "address missing for IPv4 address");
+                return 0;
+            }
+            uint16_t port;
+            uint32_t addr;
+            memcpy(&port, port_data, sizeof(port));
+            memcpy(&addr, addr_data, sizeof(addr));
+            BAddr_InitIPv4(out_addr, addr, port);
+        } break;
+        case ADDR_TYPE_IPV6: {
+            uint8_t *port_data;
+            if (!addrParser_Getip_port(&parser, &port_data)) {
+                BLog(BLOG_ERROR, "port missing for IPv6 address");
+                return 0;
+            }
+            uint8_t *addr_data;
+            if (!addrParser_Getipv6_addr(&parser, &addr_data)) {
+                BLog(BLOG_ERROR, "address missing for IPv6 address");
+                return 0;
+            }
+            uint16_t port;
+            memcpy(&port, port_data, sizeof(port));
+            BAddr_InitIPv6(out_addr, addr_data, port);
+        } break;
+        default:
+            BLog(BLOG_ERROR, "unknown address type %d", (int)type);
+            return 0;
+    }
+    
+    return 1;
+}
+
+#endif
diff --git a/client/3rd/PacketProcessor/PacketProcessor/tun2socks-iOS/protocol/dataproto.h b/client/3rd/PacketProcessor/PacketProcessor/tun2socks-iOS/protocol/dataproto.h
new file mode 100644
index 00000000..998d9535
--- /dev/null
+++ b/client/3rd/PacketProcessor/PacketProcessor/tun2socks-iOS/protocol/dataproto.h
@@ -0,0 +1,91 @@
+/**
+ * @file dataproto.h
+ * @author Ambroz Bizjak <ambrop7@gmail.com>
+ * 
+ * @section LICENSE
+ * 
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions are met:
+ * 1. Redistributions of source code must retain the above copyright
+ *    notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in the
+ *    documentation and/or other materials provided with the distribution.
+ * 3. Neither the name of the author nor the
+ *    names of its contributors may be used to endorse or promote products
+ *    derived from this software without specific prior written permission.
+ * 
+ * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS" AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED
+ * WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE
+ * DISCLAIMED. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY
+ * DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES
+ * (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
+ * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND
+ * ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
+ * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS
+ * SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
+ * 
+ * @section DESCRIPTION
+ * 
+ * Definitions for DataProto, the protocol for data transport between VPN peers.
+ * 
+ * All multi-byte integers in structs are little-endian, unless stated otherwise.
+ * 
+ * A DataProto packet consists of:
+ *   - the header (struct {@link dataproto_header})
+ *   - between zero and DATAPROTO_MAX_PEER_IDS destination peer IDs (struct {@link dataproto_peer_id})
+ *   - the payload, e.g. Ethernet frame
+ */
+
+#ifndef BADVPN_PROTOCOL_DATAPROTO_H
+#define BADVPN_PROTOCOL_DATAPROTO_H
+
+#include <stdint.h>
+
+#include <protocol/scproto.h>
+#include <misc/packed.h>
+
+#define DATAPROTO_MAX_PEER_IDS 1
+
+#define DATAPROTO_FLAGS_RECEIVING_KEEPALIVES 1
+
+/**
+ * DataProto header.
+ */
+B_START_PACKED
+struct dataproto_header {
+    /**
+     * Bitwise OR of flags. Possible flags:
+     *   - DATAPROTO_FLAGS_RECEIVING_KEEPALIVES
+     *     Indicates that when the peer sent this packet, it has received at least
+     *     one packet from the other peer in the last keep-alive tolerance time.
+     */
+    uint8_t flags;
+    
+    /**
+     * ID of the peer this frame originates from.
+     */
+    peerid_t from_id;
+    
+    /**
+     * Number of destination peer IDs that follow.
+     * Must be <=DATAPROTO_MAX_PEER_IDS.
+     */
+    peerid_t num_peer_ids;
+} B_PACKED;
+B_END_PACKED
+
+/**
+ * Structure for a destination peer ID in DataProto.
+ * Wraps a single peerid_t in a packed struct for easy access.
+ */
+B_START_PACKED
+struct dataproto_peer_id {
+    peerid_t id;
+} B_PACKED;
+B_END_PACKED
+
+#define DATAPROTO_MAX_OVERHEAD (sizeof(struct dataproto_header) + DATAPROTO_MAX_PEER_IDS * sizeof(struct dataproto_peer_id))
+
+#endif
diff --git a/client/3rd/PacketProcessor/PacketProcessor/tun2socks-iOS/protocol/fragmentproto.h b/client/3rd/PacketProcessor/PacketProcessor/tun2socks-iOS/protocol/fragmentproto.h
new file mode 100644
index 00000000..4d2315e7
--- /dev/null
+++ b/client/3rd/PacketProcessor/PacketProcessor/tun2socks-iOS/protocol/fragmentproto.h
@@ -0,0 +1,100 @@
+/**
+ * @file fragmentproto.h
+ * @author Ambroz Bizjak <ambrop7@gmail.com>
+ * 
+ * @section LICENSE
+ * 
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions are met:
+ * 1. Redistributions of source code must retain the above copyright
+ *    notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in the
+ *    documentation and/or other materials provided with the distribution.
+ * 3. Neither the name of the author nor the
+ *    names of its contributors may be used to endorse or promote products
+ *    derived from this software without specific prior written permission.
+ * 
+ * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS" AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED
+ * WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE
+ * DISCLAIMED. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY
+ * DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES
+ * (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
+ * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND
+ * ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
+ * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS
+ * SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
+ * 
+ * @section DESCRIPTION
+ * 
+ * Definitions for FragmentProto, a protocol that allows sending of arbitrarily sized packets over
+ * a link with a fixed MTU.
+ * 
+ * All multi-byte integers in structs are little-endian, unless stated otherwise.
+ * 
+ * A FragmentProto packet consists of a number of chunks.
+ * Each chunk consists of:
+ *   - the chunk header (struct {@link fragmentproto_chunk_header})
+ *   - the chunk payload, i.e. part of the frame specified in the header
+ */
+
+#ifndef BADVPN_PROTOCOL_FRAGMENTPROTO_H
+#define BADVPN_PROTOCOL_FRAGMENTPROTO_H
+
+#include <stdint.h>
+
+#include <misc/balign.h>
+#include <misc/packed.h>
+
+typedef uint16_t fragmentproto_frameid;
+
+/**
+ * FragmentProto chunk header.
+ */
+B_START_PACKED
+struct fragmentproto_chunk_header {
+    /**
+     * Identifier of the frame this chunk belongs to.
+     * Frames should be given ascending identifiers as they are encoded
+     * into chunks (except when the ID wraps to zero).
+     */
+    fragmentproto_frameid frame_id;
+    
+    /**
+     * Position in the frame where this chunk starts.
+     */
+    uint16_t chunk_start;
+    
+    /**
+     * Length of the chunk's payload.
+     */
+    uint16_t chunk_len;
+    
+    /**
+     * Whether this is the last chunk of the frame, i.e.
+     * the total length of the frame is chunk_start + chunk_len.
+     */
+    uint8_t is_last;
+} B_PACKED;
+B_END_PACKED
+
+/**
+ * Calculates how many chunks are needed at most for encoding one frame of the
+ * given maximum size with FragmentProto onto a carrier with a given MTU.
+ * This includes the case when the first chunk of a frame is not the first chunk
+ * in a FragmentProto packet.
+ * 
+ * @param carrier_mtu MTU of the carrier, i.e. maximum length of FragmentProto packets. Must be >sizeof(struct fragmentproto_chunk_header).
+ * @param frame_mtu maximum frame size. Must be >=0.
+ * @return maximum number of chunks needed. Will be >0.
+ */
+static int fragmentproto_max_chunks_for_frame (int carrier_mtu, int frame_mtu)
+{
+    ASSERT(carrier_mtu > sizeof(struct fragmentproto_chunk_header))
+    ASSERT(frame_mtu >= 0)
+    
+    return (bdivide_up(frame_mtu, (carrier_mtu - sizeof(struct fragmentproto_chunk_header))) + 1);
+}
+
+#endif
diff --git a/client/3rd/PacketProcessor/PacketProcessor/tun2socks-iOS/protocol/msgproto.bproto b/client/3rd/PacketProcessor/PacketProcessor/tun2socks-iOS/protocol/msgproto.bproto
new file mode 100644
index 00000000..202931e2
--- /dev/null
+++ b/client/3rd/PacketProcessor/PacketProcessor/tun2socks-iOS/protocol/msgproto.bproto
@@ -0,0 +1,43 @@
+// message for all MsgProto messages
+message msg {
+    // message type, from msgproto.h
+    required uint16 type = 1;
+    // message payload. Is itself one of the messages below
+    // for "youconnect", "seed" and "confirmseed" messages,
+    // and empty for other messages
+    required data payload = 2;
+};
+
+// "youconnect" message payload
+message msg_youconnect {
+    // external addresses to try; one or more msg_youconnect_addr messages
+    required repeated data addr = 1;
+    // encryption key if using UDP and encryption is enabled
+    optional data key = 2;
+    // password if using TCP
+    optional uint64 password = 3;
+};
+
+// an external address
+message msg_youconnect_addr {
+    // scope name for this address
+    required data name = 1;
+    // address according to AddrProto
+    required data addr = 2;
+};
+
+// "seed" message payload
+message msg_seed {
+    // identifier for the seed being send
+    required uint16 seed_id = 1;
+    // seed encryption key
+    required data key = 2;
+    // seed IV
+    required data iv = 3;
+};
+
+// "confirmseed" message payload
+message msg_confirmseed {
+    // identifier for the seed being confirmed
+    required uint16 seed_id = 1;
+};
diff --git a/client/3rd/PacketProcessor/PacketProcessor/tun2socks-iOS/protocol/msgproto.h b/client/3rd/PacketProcessor/PacketProcessor/tun2socks-iOS/protocol/msgproto.h
new file mode 100644
index 00000000..286abb08
--- /dev/null
+++ b/client/3rd/PacketProcessor/PacketProcessor/tun2socks-iOS/protocol/msgproto.h
@@ -0,0 +1,76 @@
+/**
+ * @file msgproto.h
+ * @author Ambroz Bizjak <ambrop7@gmail.com>
+ * 
+ * @section LICENSE
+ * 
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions are met:
+ * 1. Redistributions of source code must retain the above copyright
+ *    notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in the
+ *    documentation and/or other materials provided with the distribution.
+ * 3. Neither the name of the author nor the
+ *    names of its contributors may be used to endorse or promote products
+ *    derived from this software without specific prior written permission.
+ * 
+ * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS" AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED
+ * WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE
+ * DISCLAIMED. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY
+ * DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES
+ * (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
+ * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND
+ * ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
+ * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS
+ * SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
+ * 
+ * @section DESCRIPTION
+ * 
+ * MsgProto is used by each pair of VPN peers as messages through the server, in order to
+ * establish a direct data connection. MsgProto operates on top of the SCProto message
+ * service, optionally secured with SSL; see {@link scproto.h} for details.
+ * 
+ * MsgProto is built with BProto, the protocol and code generator for building
+ * custom message protocols. The BProto specification file is msgproto.bproto.
+ * 
+ * It goes roughly like that:
+ * 
+ * We name one peer the master and the other the slave. The master is the one with
+ * greater ID.
+ * When the peers get to know about each other, the master starts the binding procedure.
+ * It binds/listens to an address, and sends the slave the "youconnect" message. It
+ * contains a list of external addresses for that bind address and additional parameters.
+ * Each external address includes a string called a scope name. The slave, which receives
+ * the "youconnect" message, finds the first external address whose scope it recognizes,
+ * and attempts to establish connection to that address. If it finds an address, buf fails
+ * at connecting, it sends "youretry", which makes the master restart the binding procedure
+ * after some time. If it however does not recognize any external address, it sends
+ * "cannotconnect" back to the master.
+ * When the master receives the "cannotconnect", it tries the next bind address, as described
+ * above. When the master runs out of bind addresses, it sends "cannotbind" to the slave.
+ * When the slave receives the "cannotbind", it starts its own binding procedure, similarly
+ * to what is described above, with master and slave reversed. First difference is if the
+ * master fails to connect to a recognized address, it doesn't send "youretry", but rather
+ * simply restarts the whole procedure after some time. The other difference is when the
+ * slave runs out of bind addresses, it not only sends "cannotbind" to the master, but
+ * registers relaying to the master. And in this case, when the master receives the "cannotbind",
+ * it doesn't start the binding procedure all all over, but registers relaying to the slave.
+ */
+
+#ifndef BADVPN_PROTOCOL_MSGPROTO_H
+#define BADVPN_PROTOCOL_MSGPROTO_H
+
+#include <generated/bproto_msgproto.h>
+
+#define MSGID_YOUCONNECT 1
+#define MSGID_CANNOTCONNECT 2
+#define MSGID_CANNOTBIND 3
+#define MSGID_YOURETRY 5
+#define MSGID_SEED 6
+#define MSGID_CONFIRMSEED 7
+
+#define MSG_MAX_PAYLOAD (SC_MAX_MSGLEN - msg_SIZEtype - msg_SIZEpayload(0))
+
+#endif
diff --git a/client/3rd/PacketProcessor/PacketProcessor/tun2socks-iOS/protocol/packetproto.h b/client/3rd/PacketProcessor/PacketProcessor/tun2socks-iOS/protocol/packetproto.h
new file mode 100644
index 00000000..fcac3e5d
--- /dev/null
+++ b/client/3rd/PacketProcessor/PacketProcessor/tun2socks-iOS/protocol/packetproto.h
@@ -0,0 +1,68 @@
+/**
+ * @file packetproto.h
+ * @author Ambroz Bizjak <ambrop7@gmail.com>
+ * 
+ * @section LICENSE
+ * 
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions are met:
+ * 1. Redistributions of source code must retain the above copyright
+ *    notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in the
+ *    documentation and/or other materials provided with the distribution.
+ * 3. Neither the name of the author nor the
+ *    names of its contributors may be used to endorse or promote products
+ *    derived from this software without specific prior written permission.
+ * 
+ * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS" AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED
+ * WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE
+ * DISCLAIMED. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY
+ * DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES
+ * (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
+ * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND
+ * ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
+ * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS
+ * SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
+ * 
+ * @section DESCRIPTION
+ * 
+ * Definitions for PacketProto, a protocol that allows sending of packets
+ * over a reliable stream connection.
+ * 
+ * All multi-byte integers in structs are little-endian, unless stated otherwise.
+ * 
+ * Packets are encoded into a stream by representing each packet with:
+ *   - a 16-bit little-endian unsigned integer representing the length
+ *     of the payload
+ *   - that many bytes of payload
+ */
+
+#ifndef BADVPN_PROTOCOL_PACKETPROTO_H
+#define BADVPN_PROTOCOL_PACKETPROTO_H
+
+#include <stdint.h>
+#include <limits.h>
+
+#include "misc/packed.h"
+
+/**
+ * PacketProto packet header.
+ * Wraps a single uint16_t in a packed struct for easy access.
+ */
+B_START_PACKED
+struct packetproto_header
+{
+    /**
+     * Length of the packet payload that follows.
+     */
+    uint16_t len;
+} B_PACKED;
+B_END_PACKED
+
+#define PACKETPROTO_ENCLEN(_len) (sizeof(struct packetproto_header) + (_len))
+
+#define PACKETPROTO_MAXPAYLOAD UINT16_MAX
+
+#endif
diff --git a/client/3rd/PacketProcessor/PacketProcessor/tun2socks-iOS/protocol/requestproto.h b/client/3rd/PacketProcessor/PacketProcessor/tun2socks-iOS/protocol/requestproto.h
new file mode 100644
index 00000000..2ec3d0dc
--- /dev/null
+++ b/client/3rd/PacketProcessor/PacketProcessor/tun2socks-iOS/protocol/requestproto.h
@@ -0,0 +1,50 @@
+/**
+ * @file requestproto.h
+ * @author Ambroz Bizjak <ambrop7@gmail.com>
+ * 
+ * @section LICENSE
+ * 
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions are met:
+ * 1. Redistributions of source code must retain the above copyright
+ *    notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in the
+ *    documentation and/or other materials provided with the distribution.
+ * 3. Neither the name of the author nor the
+ *    names of its contributors may be used to endorse or promote products
+ *    derived from this software without specific prior written permission.
+ * 
+ * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS" AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED
+ * WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE
+ * DISCLAIMED. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY
+ * DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES
+ * (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
+ * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND
+ * ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
+ * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS
+ * SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
+ */
+
+#ifndef BADVPN_REQUESTPROTO_H
+#define BADVPN_REQUESTPROTO_H
+
+#include <stdint.h>
+
+#include <misc/packed.h>
+
+#define REQUESTPROTO_TYPE_CLIENT_REQUEST 1
+#define REQUESTPROTO_TYPE_CLIENT_ABORT 2
+#define REQUESTPROTO_TYPE_SERVER_REPLY 3
+#define REQUESTPROTO_TYPE_SERVER_FINISHED 4
+#define REQUESTPROTO_TYPE_SERVER_ERROR 5
+
+B_START_PACKED
+struct requestproto_header {
+    uint32_t request_id;
+    uint32_t type;
+} B_PACKED;
+B_END_PACKED
+
+#endif
diff --git a/client/3rd/PacketProcessor/PacketProcessor/tun2socks-iOS/protocol/scproto.h b/client/3rd/PacketProcessor/PacketProcessor/tun2socks-iOS/protocol/scproto.h
new file mode 100644
index 00000000..f138e0a5
--- /dev/null
+++ b/client/3rd/PacketProcessor/PacketProcessor/tun2socks-iOS/protocol/scproto.h
@@ -0,0 +1,266 @@
+/**
+ * @file scproto.h
+ * @author Ambroz Bizjak <ambrop7@gmail.com>
+ * 
+ * @section LICENSE
+ * 
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions are met:
+ * 1. Redistributions of source code must retain the above copyright
+ *    notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in the
+ *    documentation and/or other materials provided with the distribution.
+ * 3. Neither the name of the author nor the
+ *    names of its contributors may be used to endorse or promote products
+ *    derived from this software without specific prior written permission.
+ * 
+ * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS" AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED
+ * WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE
+ * DISCLAIMED. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY
+ * DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES
+ * (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
+ * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND
+ * ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
+ * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS
+ * SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
+ * 
+ * @section DESCRIPTION
+ * 
+ * Definitions for SCProto, the protocol that the clients communicate in
+ * with the server.
+ * 
+ * All multi-byte integers in structs are little-endian, unless stated otherwise.
+ * 
+ * A SCProto packet consists of:
+ *   - a header (struct {@link sc_header}) which contains the type of the
+ *     packet
+ *   - the payload
+ * 
+ * It goes roughly like that:
+ * 
+ * When the client connects to the server, it sends a "clienthello" packet
+ * to the server. The packet contains the protocol version the client is using.
+ * When the server receives the "clienthello" packet, it checks the version.
+ * If it doesn't match, it disconnects the client. Otherwise the server sends
+ * the client a "serverhello" packet to the client. That packet contains
+ * the ID of the client and possibly its IPv4 address as the server sees it
+ * (zero if not applicable).
+ * 
+ * The server than proceeds to synchronize the peers' knowledge of each other.
+ * It does that by sending a "newclient" messages to a client to inform it of
+ * another peer, and "endclient" messages to inform it that a peer is gone.
+ * Each client, upon receiving a "newclient" message, MUST sent a corresponding
+ * "acceptpeer" message, before sending any messages to the new peer.
+ * The server forwards messages between synchronized peers to allow them to
+ * communicate. A peer sends a message to another peer by sending the "outmsg"
+ * packet to the server, and the server delivers a message to a peer by sending
+ * it the "inmsg" packet.
+ * 
+ * The message service is reliable; messages from one client to another are
+ * expected to arrive unmodified and in the same order. There is, however,
+ * no flow control. This means that messages can not be used for bulk transfers
+ * between the clients (and they are not). If the server runs out of buffer for
+ * messages from one client to another, it will stop forwarding messages, and
+ * will reset knowledge of the two clients after some delay. Similarly, if one
+ * of the clients runs out of buffer locally, it will send the "resetpeer"
+ * packet to make the server reset knowledge.
+ * 
+ * The messages transport either:
+ * 
+ * - If the relevant "newclient" packets do not contain the
+ *   SCID_NEWCLIENT_FLAG_SSL flag, then plaintext MsgProto messages.
+ * 
+ * - If the relevant "newclient" packets do contain the SCID_NEWCLIENT_FLAG_SSL
+ *   flag, then SSL, broken down into packets, PacketProto inside SSL, and finally
+ *   MsgProto inside PacketProto. The master peer (one with higher ID) acts as an
+ *   SSL server, and the other acts as an SSL client. The peers must identify with
+ *   the same certificate they used when connecting to the server, and each peer
+ *   must byte-compare the other's certificate agains the one provided to it by
+ *   by the server in the relevent "newclient" message.
+ */
+
+#ifndef BADVPN_PROTOCOL_SCPROTO_H
+#define BADVPN_PROTOCOL_SCPROTO_H
+
+#include <stdint.h>
+
+#include <misc/packed.h>
+
+#define SC_VERSION 29
+#define SC_OLDVERSION_NOSSL 27
+#define SC_OLDVERSION_BROKENCERT 26
+
+#define SC_KEEPALIVE_INTERVAL 10000
+
+/**
+ * SCProto packet header.
+ * Follows up to SC_MAX_PAYLOAD bytes of payload.
+ */
+B_START_PACKED
+struct sc_header {
+    /**
+     * Message type.
+     */
+    uint8_t type;
+} B_PACKED;
+B_END_PACKED
+
+#define SC_MAX_PAYLOAD 2000
+#define SC_MAX_ENC (sizeof(struct sc_header) + SC_MAX_PAYLOAD)
+
+typedef uint16_t peerid_t;
+
+#define SCID_KEEPALIVE 0
+#define SCID_CLIENTHELLO 1
+#define SCID_SERVERHELLO 2
+#define SCID_NEWCLIENT 3
+#define SCID_ENDCLIENT 4
+#define SCID_OUTMSG 5
+#define SCID_INMSG 6
+#define SCID_RESETPEER 7
+#define SCID_ACCEPTPEER 8
+
+/**
+ * "clienthello" client packet payload.
+ * Packet type is SCID_CLIENTHELLO.
+ */
+B_START_PACKED
+struct sc_client_hello {
+    /**
+     * Protocol version the client is using.
+     */
+    uint16_t version;
+} B_PACKED;
+B_END_PACKED
+
+/**
+ * "serverhello" server packet payload.
+ * Packet type is SCID_SERVERHELLO.
+ */
+B_START_PACKED
+struct sc_server_hello {
+    /**
+     * Flags. Not used yet.
+     */
+    uint16_t flags;
+    
+    /**
+     * Peer ID of the client.
+     */
+    peerid_t id;
+    
+    /**
+     * IPv4 address of the client as seen by the server
+     * (network byte order). Zero if not applicable.
+     */
+    uint32_t clientAddr;
+} B_PACKED;
+B_END_PACKED
+
+/**
+ * "newclient" server packet payload.
+ * Packet type is SCID_NEWCLIENT.
+ * If the server is using TLS, follows up to SCID_NEWCLIENT_MAX_CERT_LEN
+ * bytes of the new client's certificate (encoded in DER).
+ */
+B_START_PACKED
+struct sc_server_newclient {
+    /**
+     * ID of the new peer.
+     */
+    peerid_t id;
+    
+    /**
+     * Flags. Possible flags:
+     *   - SCID_NEWCLIENT_FLAG_RELAY_SERVER
+     *     You can relay frames to other peers through this peer.
+     *   - SCID_NEWCLIENT_FLAG_RELAY_CLIENT
+     *     You must allow this peer to relay frames to other peers through you.
+     *   - SCID_NEWCLIENT_FLAG_SSL
+     *     SSL must be used to talk to this peer through messages.
+     */
+    uint16_t flags;
+} B_PACKED;
+B_END_PACKED
+
+#define SCID_NEWCLIENT_FLAG_RELAY_SERVER 1
+#define SCID_NEWCLIENT_FLAG_RELAY_CLIENT 2
+#define SCID_NEWCLIENT_FLAG_SSL 4
+
+#define SCID_NEWCLIENT_MAX_CERT_LEN (SC_MAX_PAYLOAD - sizeof(struct sc_server_newclient))
+
+/**
+ * "endclient" server packet payload.
+ * Packet type is SCID_ENDCLIENT.
+ */
+B_START_PACKED
+struct sc_server_endclient {
+    /**
+     * ID of the removed peer.
+     */
+    peerid_t id;
+} B_PACKED;
+B_END_PACKED
+
+/**
+ * "outmsg" client packet header.
+ * Packet type is SCID_OUTMSG.
+ * Follows up to SC_MAX_MSGLEN bytes of message payload.
+ */
+B_START_PACKED
+struct sc_client_outmsg {
+    /**
+     * ID of the destionation peer.
+     */
+    peerid_t clientid;
+} B_PACKED;
+B_END_PACKED
+
+/**
+ * "inmsg" server packet payload.
+ * Packet type is SCID_INMSG.
+ * Follows up to SC_MAX_MSGLEN bytes of message payload.
+ */
+B_START_PACKED
+struct sc_server_inmsg {
+    /**
+     * ID of the source peer.
+     */
+    peerid_t clientid;
+} B_PACKED;
+B_END_PACKED
+
+#define _SC_MAX_OUTMSGLEN (SC_MAX_PAYLOAD - sizeof(struct sc_client_outmsg))
+#define _SC_MAX_INMSGLEN (SC_MAX_PAYLOAD - sizeof(struct sc_server_inmsg))
+
+#define SC_MAX_MSGLEN (_SC_MAX_OUTMSGLEN < _SC_MAX_INMSGLEN ? _SC_MAX_OUTMSGLEN : _SC_MAX_INMSGLEN)
+
+/**
+ * "resetpeer" client packet header.
+ * Packet type is SCID_RESETPEER.
+ */
+B_START_PACKED
+struct sc_client_resetpeer {
+    /**
+     * ID of the peer to reset.
+     */
+    peerid_t clientid;
+} B_PACKED;
+B_END_PACKED
+
+/**
+ * "acceptpeer" client packet payload.
+ * Packet type is SCID_ACCEPTPEER.
+ */
+B_START_PACKED
+struct sc_client_acceptpeer {
+    /**
+     * ID of the peer to accept.
+     */
+    peerid_t clientid;
+} B_PACKED;
+B_END_PACKED
+
+#endif
diff --git a/client/3rd/PacketProcessor/PacketProcessor/tun2socks-iOS/protocol/spproto.h b/client/3rd/PacketProcessor/PacketProcessor/tun2socks-iOS/protocol/spproto.h
new file mode 100644
index 00000000..4b5bf5dc
--- /dev/null
+++ b/client/3rd/PacketProcessor/PacketProcessor/tun2socks-iOS/protocol/spproto.h
@@ -0,0 +1,195 @@
+/**
+ * @file spproto.h
+ * @author Ambroz Bizjak <ambrop7@gmail.com>
+ * 
+ * @section LICENSE
+ * 
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions are met:
+ * 1. Redistributions of source code must retain the above copyright
+ *    notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in the
+ *    documentation and/or other materials provided with the distribution.
+ * 3. Neither the name of the author nor the
+ *    names of its contributors may be used to endorse or promote products
+ *    derived from this software without specific prior written permission.
+ * 
+ * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS" AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED
+ * WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE
+ * DISCLAIMED. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY
+ * DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES
+ * (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
+ * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND
+ * ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
+ * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS
+ * SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
+ * 
+ * @section DESCRIPTION
+ * 
+ * Protocol for securing datagram communication.
+ * 
+ * Security features implemented:
+ *   - Encryption. Encrypts packets with a block cipher.
+ *     Protects against a third party from seeing the data
+ *     being transmitted.
+ *   - Hashes. Adds a hash of the packet into the packet.
+ *     Combined with encryption, protects against tampering
+ *     with packets and crafting new packets.
+ *   - One-time passwords. Adds a password to each packet
+ *     for the receiver to recognize. Protects agains replaying
+ *     packets and crafting new packets.
+ * 
+ * A SPProto plaintext packet contains the following, in order:
+ *   - if OTPs are used, a struct {@link spproto_otpdata} which contains
+ *     the seed ID and the OTP,
+ *   - if hashes are used, the hash,
+ *   - payload data.
+ * 
+ * If encryption is used:
+ *   - the plaintext is padded by appending a 0x01 byte and as many 0x00
+ *     bytes as needed to align to block size,
+ *   - the padded plaintext is encrypted, and
+ *   - the initialization vector (IV) is prepended.
+ */
+
+#ifndef BADVPN_PROTOCOL_SPPROTO_H
+#define BADVPN_PROTOCOL_SPPROTO_H
+
+#include <stdint.h>
+#include <limits.h>
+
+#include <misc/debug.h>
+#include <misc/balign.h>
+#include <misc/packed.h>
+#include <security/BHash.h>
+#include <security/BEncryption.h>
+#include <security/OTPCalculator.h>
+
+#define SPPROTO_HASH_MODE_NONE 0
+#define SPPROTO_ENCRYPTION_MODE_NONE 0
+#define SPPROTO_OTP_MODE_NONE 0
+
+/**
+ * Stores security parameters for SPProto.
+ */
+struct spproto_security_params {
+    /**
+     * Hash mode.
+     * Either SPPROTO_HASH_MODE_NONE for no hashes, or a valid bhash
+     * hash mode.
+     */
+    int hash_mode;
+    
+    /**
+     * Encryption mode.
+     * Either SPPROTO_ENCRYPTION_MODE_NONE for no encryption, or a valid
+     * {@link BEncryption} cipher.
+     */
+    int encryption_mode;
+    
+    /**
+     * One-time password (OTP) mode.
+     * Either SPPROTO_OTP_MODE_NONE for no OTPs, or a valid
+     * {@link BEncryption} cipher.
+     */
+    int otp_mode;
+    
+    /**
+     * If OTPs are used (otp_mode != SPPROTO_OTP_MODE_NONE), number of
+     * OTPs generated from a single seed.
+     */
+    int otp_num;
+};
+
+#define SPPROTO_HAVE_HASH(_params) ((_params).hash_mode != SPPROTO_HASH_MODE_NONE)
+#define SPPROTO_HASH_SIZE(_params) ( \
+    SPPROTO_HAVE_HASH(_params) ? \
+    BHash_size((_params).hash_mode) : \
+    0 \
+)
+
+#define SPPROTO_HAVE_ENCRYPTION(_params) ((_params).encryption_mode != SPPROTO_ENCRYPTION_MODE_NONE)
+
+#define SPPROTO_HAVE_OTP(_params) ((_params).otp_mode != SPPROTO_OTP_MODE_NONE)
+
+B_START_PACKED
+struct spproto_otpdata {
+    uint16_t seed_id;
+    otp_t otp;
+} B_PACKED;
+B_END_PACKED
+
+#define SPPROTO_HEADER_OTPDATA_OFF(_params) 0
+#define SPPROTO_HEADER_OTPDATA_LEN(_params) (SPPROTO_HAVE_OTP(_params) ? sizeof(struct spproto_otpdata) : 0)
+#define SPPROTO_HEADER_HASH_OFF(_params) (SPPROTO_HEADER_OTPDATA_OFF(_params) + SPPROTO_HEADER_OTPDATA_LEN(_params))
+#define SPPROTO_HEADER_HASH_LEN(_params) SPPROTO_HASH_SIZE(_params)
+#define SPPROTO_HEADER_LEN(_params) (SPPROTO_HEADER_HASH_OFF(_params) + SPPROTO_HEADER_HASH_LEN(_params))
+
+/**
+ * Asserts that the given SPProto security parameters are valid.
+ * 
+ * @param params security parameters
+ */
+static void spproto_assert_security_params (struct spproto_security_params params)
+{
+    ASSERT(params.hash_mode == SPPROTO_HASH_MODE_NONE || BHash_type_valid(params.hash_mode))
+    ASSERT(params.encryption_mode == SPPROTO_ENCRYPTION_MODE_NONE || BEncryption_cipher_valid(params.encryption_mode))
+    ASSERT(params.otp_mode == SPPROTO_OTP_MODE_NONE || BEncryption_cipher_valid(params.otp_mode))
+    ASSERT(params.otp_mode == SPPROTO_OTP_MODE_NONE || params.otp_num > 0)
+}
+
+/**
+ * Calculates the maximum payload size for SPProto given the
+ * security parameters and the maximum encoded packet size.
+ * 
+ * @param params security parameters
+ * @param carrier_mtu maximum encoded packet size. Must be >=0.
+ * @return maximum payload size. Negative means is is impossible
+ *         to encode anything.
+ */
+static int spproto_payload_mtu_for_carrier_mtu (struct spproto_security_params params, int carrier_mtu)
+{
+    spproto_assert_security_params(params);
+    ASSERT(carrier_mtu >= 0)
+    
+    if (params.encryption_mode == SPPROTO_ENCRYPTION_MODE_NONE) {
+        return (carrier_mtu - SPPROTO_HEADER_LEN(params));
+    } else {
+        int block_size = BEncryption_cipher_block_size(params.encryption_mode);
+        return (balign_down(carrier_mtu, block_size) - block_size - SPPROTO_HEADER_LEN(params) - 1);
+    }
+}
+
+/**
+ * Calculates the maximum encoded packet size for SPProto given the
+ * security parameters and the maximum payload size.
+ * 
+ * @param params security parameters
+ * @param payload_mtu maximum payload size. Must be >=0.
+ * @return maximum encoded packet size, -1 if payload_mtu is too large
+ */
+static int spproto_carrier_mtu_for_payload_mtu (struct spproto_security_params params, int payload_mtu)
+{
+    spproto_assert_security_params(params);
+    ASSERT(payload_mtu >= 0)
+    
+    if (params.encryption_mode == SPPROTO_ENCRYPTION_MODE_NONE) {
+        if (payload_mtu > INT_MAX - SPPROTO_HEADER_LEN(params)) {
+            return -1;
+        }
+        
+        return (SPPROTO_HEADER_LEN(params) + payload_mtu);
+    } else {
+        int block_size = BEncryption_cipher_block_size(params.encryption_mode);
+        
+        if (payload_mtu > INT_MAX - (block_size + SPPROTO_HEADER_LEN(params) + block_size)) {
+            return -1;
+        }
+        
+        return (block_size + balign_up((SPPROTO_HEADER_LEN(params) + payload_mtu + 1), block_size));
+    }
+}
+
+#endif
diff --git a/client/3rd/PacketProcessor/PacketProcessor/tun2socks-iOS/protocol/udpgw_proto.h b/client/3rd/PacketProcessor/PacketProcessor/tun2socks-iOS/protocol/udpgw_proto.h
new file mode 100644
index 00000000..e781c14b
--- /dev/null
+++ b/client/3rd/PacketProcessor/PacketProcessor/tun2socks-iOS/protocol/udpgw_proto.h
@@ -0,0 +1,98 @@
+/*
+ * Copyright (C) Ambroz Bizjak <ambrop7@gmail.com>
+ * Contributions:
+ * Transparent DNS: Copyright (C) Kerem Hadimli <kerem.hadimli@gmail.com>
+ * 
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions are met:
+ * 1. Redistributions of source code must retain the above copyright
+ *    notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in the
+ *    documentation and/or other materials provided with the distribution.
+ * 3. Neither the name of the author nor the
+ *    names of its contributors may be used to endorse or promote products
+ *    derived from this software without specific prior written permission.
+ * 
+ * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS" AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED
+ * WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE
+ * DISCLAIMED. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY
+ * DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES
+ * (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
+ * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND
+ * ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
+ * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS
+ * SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
+ */
+
+#ifndef BADVPN_PROTOCOL_UDPGW_PROTO_H
+#define BADVPN_PROTOCOL_UDPGW_PROTO_H
+
+#include <stdint.h>
+
+#include "misc/bsize.h"
+#include "misc/packed.h"
+
+#define UDPGW_CLIENT_FLAG_KEEPALIVE (1 << 0)
+#define UDPGW_CLIENT_FLAG_REBIND (1 << 1)
+#define UDPGW_CLIENT_FLAG_DNS (1 << 2)
+#define UDPGW_CLIENT_FLAG_IPV6 (1 << 3)
+
+#ifdef BADVPN_SOCKS_UDP_RELAY
+B_START_PACKED
+struct socks_udp_header {
+    uint16_t rsv;
+    uint8_t frag;
+    uint8_t atyp;
+} B_PACKED;
+B_END_PACKED
+#endif
+
+B_START_PACKED
+struct udpgw_header {
+    uint8_t flags;
+    uint16_t conid;
+} B_PACKED;
+B_END_PACKED
+
+B_START_PACKED
+struct udpgw_addr_ipv4 {
+    uint32_t addr_ip;
+    uint16_t addr_port;
+} B_PACKED;
+B_END_PACKED
+
+B_START_PACKED
+struct udpgw_addr_ipv6 {
+    uint8_t addr_ip[16];
+    uint16_t addr_port;
+} B_PACKED;
+B_END_PACKED
+
+static int udpgw_compute_mtu (int dgram_mtu)
+{
+    bsize_t bs = bsize_add(
+#ifdef BADVPN_SOCKS_UDP_RELAY
+        bsize_fromsize(sizeof(struct socks_udp_header)),
+#else
+        bsize_fromsize(sizeof(struct udpgw_header)),
+#endif
+        bsize_add(
+            bsize_max(
+                bsize_fromsize(sizeof(struct udpgw_addr_ipv4)),
+                bsize_fromsize(sizeof(struct udpgw_addr_ipv6))
+            ), 
+            bsize_fromint(dgram_mtu)
+        )
+    );
+    
+    int s;
+    if (!bsize_toint(bs, &s)) {
+        return -1;
+    }
+    
+    return s;
+}
+
+#endif
diff --git a/client/3rd/PacketProcessor/PacketProcessor/tun2socks-iOS/socksclient/BSocksClient.c b/client/3rd/PacketProcessor/PacketProcessor/tun2socks-iOS/socksclient/BSocksClient.c
new file mode 100644
index 00000000..c20e46e0
--- /dev/null
+++ b/client/3rd/PacketProcessor/PacketProcessor/tun2socks-iOS/socksclient/BSocksClient.c
@@ -0,0 +1,626 @@
+/**
+ * @file BSocksClient.c
+ * @author Ambroz Bizjak <ambrop7@gmail.com>
+ * 
+ * @section LICENSE
+ * 
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions are met:
+ * 1. Redistributions of source code must retain the above copyright
+ *    notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in the
+ *    documentation and/or other materials provided with the distribution.
+ * 3. Neither the name of the author nor the
+ *    names of its contributors may be used to endorse or promote products
+ *    derived from this software without specific prior written permission.
+ * 
+ * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS" AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED
+ * WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE
+ * DISCLAIMED. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY
+ * DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES
+ * (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
+ * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND
+ * ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
+ * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS
+ * SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
+ */
+
+#include <string.h>
+
+#include "misc/byteorder.h"
+#include "misc/balloc.h"
+#include "base/BLog.h"
+
+#include "socksclient/BSocksClient.h"
+
+#include "generated/blog_channel_BSocksClient.h"
+//#include <Foundation/Foundation.h>
+#include <arpa/inet.h>
+
+#define STATE_CONNECTING 1
+#define STATE_SENDING_HELLO 2
+#define STATE_SENT_HELLO 3
+#define STATE_SENDING_PASSWORD 10
+#define STATE_SENT_PASSWORD 11
+#define STATE_SENDING_REQUEST 4
+#define STATE_SENT_REQUEST 5
+#define STATE_RECEIVED_REPLY_HEADER 6
+#define STATE_UP 7
+
+static void report_error (BSocksClient *o, int error);
+static void init_control_io (BSocksClient *o);
+static void free_control_io (BSocksClient *o);
+static void init_up_io (BSocksClient *o);
+static void free_up_io (BSocksClient *o);
+static int reserve_buffer (BSocksClient *o, bsize_t size);
+static void start_receive (BSocksClient *o, uint8_t *dest, int total);
+static void do_receive (BSocksClient *o);
+static void connector_handler (BSocksClient* o, int is_error);
+static void connection_handler (BSocksClient* o, int event);
+static void recv_handler_done (BSocksClient *o, int data_len);
+static void send_handler_done (BSocksClient *o);
+static void auth_finished (BSocksClient *p);
+
+void report_error (BSocksClient *o, int error)
+{
+    DEBUGERROR(&o->d_err, o->handler(o->user, error))
+}
+
+void init_control_io (BSocksClient *o)
+{
+    // init receiving
+    BConnection_RecvAsync_Init(&o->con);
+    o->control.recv_if = BConnection_RecvAsync_GetIf(&o->con);
+    StreamRecvInterface_Receiver_Init(o->control.recv_if, (StreamRecvInterface_handler_done)recv_handler_done, o);
+    
+    // init sending
+    BConnection_SendAsync_Init(&o->con);
+    PacketStreamSender_Init(&o->control.send_sender, BConnection_SendAsync_GetIf(&o->con), INT_MAX, BReactor_PendingGroup(o->reactor));
+    o->control.send_if = PacketStreamSender_GetInput(&o->control.send_sender);
+    PacketPassInterface_Sender_Init(o->control.send_if, (PacketPassInterface_handler_done)send_handler_done, o);
+}
+
+void free_control_io (BSocksClient *o)
+{
+    // free sending
+    PacketStreamSender_Free(&o->control.send_sender);
+    BConnection_SendAsync_Free(&o->con);
+    
+    // free receiving
+    BConnection_RecvAsync_Free(&o->con);
+}
+
+void init_up_io (BSocksClient *o)
+{
+    // init receiving
+    BConnection_RecvAsync_Init(&o->con);
+    
+    // init sending
+    BConnection_SendAsync_Init(&o->con);
+}
+
+void free_up_io (BSocksClient *o)
+{
+    // free sending
+    BConnection_SendAsync_Free(&o->con);
+    
+    // free receiving
+    BConnection_RecvAsync_Free(&o->con);
+}
+
+int reserve_buffer (BSocksClient *o, bsize_t size)
+{
+    if (size.is_overflow) {
+        BLog(BLOG_ERROR, "size overflow");
+        return 0;
+    }
+    
+    char *buffer = (char *)BRealloc(o->buffer, size.value);
+    if (!buffer) {
+        BLog(BLOG_ERROR, "BRealloc failed");
+        return 0;
+    }
+    
+    o->buffer = buffer;
+    
+    return 1;
+}
+
+void start_receive (BSocksClient *o, uint8_t *dest, int total)
+{
+    ASSERT(total > 0)
+    
+    o->control.recv_dest = dest;
+    o->control.recv_len = 0;
+    o->control.recv_total = total;
+    
+    do_receive(o);
+}
+
+void do_receive (BSocksClient *o)
+{
+    ASSERT(o->control.recv_len < o->control.recv_total)
+    
+    StreamRecvInterface_Receiver_Recv(o->control.recv_if, o->control.recv_dest + o->control.recv_len, o->control.recv_total - o->control.recv_len);
+}
+
+void connector_handler (BSocksClient* o, int is_error)
+{
+    DebugObject_Access(&o->d_obj);
+    ASSERT(o->state == STATE_CONNECTING)
+    
+    // check connection result
+    if (is_error) {
+        BLog(BLOG_ERROR, "connection failed");
+        goto fail0;
+    }
+    
+    // init connection
+    if (!BConnection_Init(&o->con, BConnection_source_connector(&o->connector), o->reactor, o, (BConnection_handler)connection_handler)) {
+        BLog(BLOG_ERROR, "BConnection_Init failed");
+        goto fail0;
+    }
+    
+    BLog(BLOG_DEBUG, "connected");
+    
+    // init control I/O
+    init_control_io(o);
+    
+    // check number of methods
+    if (o->num_auth_info == 0 || o->num_auth_info > 255) {
+        BLog(BLOG_ERROR, "invalid number of authentication methods");
+        goto fail1;
+    }
+    
+    // allocate buffer for sending hello
+    bsize_t size = bsize_add(
+        bsize_fromsize(sizeof(struct socks_client_hello_header)), 
+        bsize_mul(
+            bsize_fromsize(o->num_auth_info),
+            bsize_fromsize(sizeof(struct socks_client_hello_method))
+        )
+    );
+    if (!reserve_buffer(o, size)) {
+        goto fail1;
+    }
+    
+    // write hello header
+    struct socks_client_hello_header header;
+    header.ver = hton8(SOCKS_VERSION);
+    header.nmethods = hton8(o->num_auth_info);
+    memcpy(o->buffer, &header, sizeof(header));
+    
+    // write hello methods
+    for (size_t i = 0; i < o->num_auth_info; i++) {
+        struct socks_client_hello_method method;
+        method.method = hton8(o->auth_info[i].auth_type);
+        memcpy(o->buffer + sizeof(header) + i * sizeof(method), &method, sizeof(method));
+    }
+#if SOCKS_DATA_LOG_ENABLE
+    BLog(BLOG_DEBUG, "tun2socks socks send hello data<len: %d>", size.value);
+#endif
+    // send
+    PacketPassInterface_Sender_Send(o->control.send_if, (uint8_t *)o->buffer, size.value);
+    
+    // set state
+    o->state = STATE_SENDING_HELLO;
+    
+    return;
+    
+fail1:
+    free_control_io(o);
+    BConnection_Free(&o->con);
+fail0:
+    report_error(o, BSOCKSCLIENT_EVENT_ERROR);
+    return;
+}
+
+void connection_handler (BSocksClient* o, int event)
+{
+    DebugObject_Access(&o->d_obj);
+    ASSERT(o->state != STATE_CONNECTING)
+    
+    if (o->state == STATE_UP && event == BCONNECTION_EVENT_RECVCLOSED) {
+        report_error(o, BSOCKSCLIENT_EVENT_ERROR_CLOSED);
+        return;
+    }
+    
+    report_error(o, BSOCKSCLIENT_EVENT_ERROR);
+    return;
+}
+
+void recv_handler_done (BSocksClient *o, int data_len)
+{
+    ASSERT(data_len >= 0)
+    ASSERT(data_len <= o->control.recv_total - o->control.recv_len)
+    
+    DebugObject_Access(&o->d_obj);
+    
+    o->control.recv_len += data_len;
+    
+    if (o->control.recv_len < o->control.recv_total) {
+        do_receive(o);
+        return;
+    }
+#if TCP_DATA_LOG_ENABLE
+    struct in_addr a = {o->dest_addr.ipv4.ip};
+    char *ip = inet_ntoa(a);
+    BLog(BLOG_INFO, "socks client<%s:%d> recv_handler_done state: %d, data <len: %d>", ip, o->dest_addr.ipv4.port, o->state, data_len);
+
+#endif
+    
+    switch (o->state) {
+        case STATE_SENT_HELLO: {
+            BLog(BLOG_DEBUG, "received hello");
+            
+            struct socks_server_hello imsg;
+            memcpy(&imsg, o->buffer, sizeof(imsg));
+            
+            if (ntoh8(imsg.ver) != SOCKS_VERSION) {
+                BLog(BLOG_NOTICE, "wrong version");
+                goto fail;
+            }
+            
+            size_t auth_index;
+            for (auth_index = 0; auth_index < o->num_auth_info; auth_index++) {
+                if (o->auth_info[auth_index].auth_type == ntoh8(imsg.method)) {
+                    break;
+                }
+            }
+            
+            if (auth_index == o->num_auth_info) {
+                BLog(BLOG_NOTICE, "server didn't accept any authentication method");
+                goto fail;
+            }
+            
+            const struct BSocksClient_auth_info *ai = &o->auth_info[auth_index];
+            
+            switch (ai->auth_type) {
+                case SOCKS_METHOD_NO_AUTHENTICATION_REQUIRED: {
+                    BLog(BLOG_DEBUG, "no authentication");
+                    
+                    auth_finished(o);
+                } break;
+                
+                case SOCKS_METHOD_USERNAME_PASSWORD: {
+                    BLog(BLOG_DEBUG, "password authentication");
+                    
+                    if (ai->password.username_len == 0 || ai->password.username_len > 255 ||
+                        ai->password.password_len == 0 || ai->password.password_len > 255
+                    ) {
+                        BLog(BLOG_NOTICE, "invalid username/password length");
+                        goto fail;
+                    }
+                    
+                    // allocate password packet
+                    bsize_t size = bsize_fromsize(1 + 1 + ai->password.username_len + 1 + ai->password.password_len);
+                    if (!reserve_buffer(o, size)) {
+                        goto fail;
+                    }
+                    
+                    // write password packet
+                    char *ptr = o->buffer;
+                    *ptr++ = 1;
+                    *ptr++ = ai->password.username_len;
+                    memcpy(ptr, ai->password.username, ai->password.username_len);
+                    ptr += ai->password.username_len;
+                    *ptr++ = ai->password.password_len;
+                    memcpy(ptr, ai->password.password, ai->password.password_len);
+                    ptr += ai->password.password_len;
+                    
+                    // start sending
+                    PacketPassInterface_Sender_Send(o->control.send_if, (uint8_t *)o->buffer, size.value);
+                    
+                    // set state
+                    o->state = STATE_SENDING_PASSWORD;
+                } break;
+                
+                default: ASSERT(0);
+            }
+        } break;
+        
+        case STATE_SENT_REQUEST: {
+            BLog(BLOG_DEBUG, "received reply header");
+            
+            struct socks_reply_header imsg;
+            memcpy(&imsg, o->buffer, sizeof(imsg));
+            
+            if (ntoh8(imsg.ver) != SOCKS_VERSION) {
+                BLog(BLOG_NOTICE, "wrong version");
+                goto fail;
+            }
+            
+            if (ntoh8(imsg.rep) != SOCKS_REP_SUCCEEDED) {
+                BLog(BLOG_NOTICE, "reply not successful");
+                goto fail;
+            }
+            
+            int addr_len;
+            switch (ntoh8(imsg.atyp)) {
+                case SOCKS_ATYP_IPV4:
+                    addr_len = sizeof(struct socks_addr_ipv4);
+                    break;
+                case SOCKS_ATYP_IPV6:
+                    addr_len = sizeof(struct socks_addr_ipv6);
+                    break;
+                default:
+                    BLog(BLOG_NOTICE, "reply has unknown address type");
+                    goto fail;
+            }
+            
+            // receive the rest of the reply
+            start_receive(o, (uint8_t *)o->buffer + sizeof(imsg), addr_len);
+            
+            // set state
+            o->state = STATE_RECEIVED_REPLY_HEADER;
+        } break;
+        
+        case STATE_SENT_PASSWORD: {
+            BLog(BLOG_DEBUG, "received password reply");
+            
+            if (o->buffer[0] != 1) {
+                BLog(BLOG_NOTICE, "password reply has unknown version");
+                goto fail;
+            }
+            
+            if (o->buffer[1] != 0) {
+                BLog(BLOG_NOTICE, "password reply is negative");
+                goto fail;
+            }
+            
+            auth_finished(o);
+        } break;
+        
+        case STATE_RECEIVED_REPLY_HEADER: {
+            BLog(BLOG_DEBUG, "received reply rest");
+            
+            // free buffer
+            BFree(o->buffer);
+            o->buffer = NULL;
+            
+            // free control I/O
+            free_control_io(o);
+            
+            // init up I/O
+            init_up_io(o);
+            
+            // set state
+            o->state = STATE_UP;
+            
+            // call handler
+            o->handler(o->user, BSOCKSCLIENT_EVENT_UP);
+            return;
+        } break;
+        
+        default:
+            ASSERT(0);
+    }
+    
+    return;
+    
+fail:
+    report_error(o, BSOCKSCLIENT_EVENT_ERROR);
+}
+
+void send_handler_done (BSocksClient *o)
+{
+    DebugObject_Access(&o->d_obj);
+    ASSERT(o->buffer)
+#if TCP_DATA_LOG_ENABLE
+    struct in_addr a = {o->dest_addr.ipv4.ip};
+    char *ip = inet_ntoa(a);
+    BLog(BLOG_DEBUG, "socks client<%s:%d> send_handler_done state: %d", ip, o->dest_addr.ipv4.port, o->state);
+#endif
+    
+    switch (o->state) {
+        case STATE_SENDING_HELLO: {
+            BLog(BLOG_DEBUG, "sent hello");
+            
+            // allocate buffer for receiving hello
+            bsize_t size = bsize_fromsize(sizeof(struct socks_server_hello));
+            if (!reserve_buffer(o, size)) {
+                goto fail;
+            }
+            
+            // receive hello
+            start_receive(o, (uint8_t *)o->buffer, size.value);
+            
+            // set state
+            o->state = STATE_SENT_HELLO;
+        } break;
+        
+        case STATE_SENDING_REQUEST: {
+            BLog(BLOG_DEBUG, "sent request");
+            
+            // allocate buffer for receiving reply
+            bsize_t size = bsize_add(
+                bsize_fromsize(sizeof(struct socks_reply_header)),
+                bsize_max(bsize_fromsize(sizeof(struct socks_addr_ipv4)), bsize_fromsize(sizeof(struct socks_addr_ipv6)))
+            );
+            if (!reserve_buffer(o, size)) {
+                goto fail;
+            }
+            
+            // receive reply header
+            start_receive(o, (uint8_t *)o->buffer, sizeof(struct socks_reply_header));
+            
+            // set state
+            o->state = STATE_SENT_REQUEST;
+        } break;
+        
+        case STATE_SENDING_PASSWORD: {
+            BLog(BLOG_DEBUG, "send password");
+            
+            // allocate buffer for receiving reply
+            bsize_t size = bsize_fromsize(2);
+            if (!reserve_buffer(o, size)) {
+                goto fail;
+            }
+            
+            // receive reply header
+            start_receive(o, (uint8_t *)o->buffer, size.value);
+            
+            // set state
+            o->state = STATE_SENT_PASSWORD;
+        } break;
+        
+        default:
+            ASSERT(0);
+    }
+    
+    return;
+    
+fail:
+    report_error(o, BSOCKSCLIENT_EVENT_ERROR);
+}
+
+void auth_finished (BSocksClient *o)
+{
+    // allocate request buffer
+    bsize_t size = bsize_fromsize(sizeof(struct socks_request_header));
+    switch (o->dest_addr.type) {
+        case BADDR_TYPE_IPV4: size = bsize_add(size, bsize_fromsize(sizeof(struct socks_addr_ipv4))); break;
+        case BADDR_TYPE_IPV6: size = bsize_add(size, bsize_fromsize(sizeof(struct socks_addr_ipv6))); break;
+    }
+    if (!reserve_buffer(o, size)) {
+        report_error(o, BSOCKSCLIENT_EVENT_ERROR);
+        return;
+    }
+    
+    // write request
+    struct socks_request_header header;
+    header.ver = hton8(SOCKS_VERSION);
+    header.cmd = hton8(SOCKS_CMD_CONNECT);
+    header.rsv = hton8(0);
+    switch (o->dest_addr.type) {
+        case BADDR_TYPE_IPV4: {
+            header.atyp = hton8(SOCKS_ATYP_IPV4);
+            struct socks_addr_ipv4 addr;
+            addr.addr = o->dest_addr.ipv4.ip;
+            addr.port = o->dest_addr.ipv4.port;
+            memcpy(o->buffer + sizeof(header), &addr, sizeof(addr));
+        } break;
+        case BADDR_TYPE_IPV6: {
+            header.atyp = hton8(SOCKS_ATYP_IPV6);
+            struct socks_addr_ipv6 addr;
+            memcpy(addr.addr, o->dest_addr.ipv6.ip, sizeof(o->dest_addr.ipv6.ip));
+            addr.port = o->dest_addr.ipv6.port;
+            memcpy(o->buffer + sizeof(header), &addr, sizeof(addr));
+        } break;
+        default:
+            ASSERT(0);
+    }
+    memcpy(o->buffer, &header, sizeof(header));
+#if SOCKS_DATA_LOG_ENABLE
+    BLog(BLOG_DEBUG, "tun2socks socks send request data<len: %d>", size.value);
+#endif
+    // send request
+    PacketPassInterface_Sender_Send(o->control.send_if, (uint8_t *)o->buffer, size.value);
+    
+    // set state
+    o->state = STATE_SENDING_REQUEST;
+}
+
+struct BSocksClient_auth_info BSocksClient_auth_none (void)
+{
+    struct BSocksClient_auth_info info;
+    info.auth_type = SOCKS_METHOD_NO_AUTHENTICATION_REQUIRED;
+    return info;
+}
+
+struct BSocksClient_auth_info BSocksClient_auth_password (const char *username, size_t username_len, const char *password, size_t password_len)
+{
+    struct BSocksClient_auth_info info;
+    info.auth_type = SOCKS_METHOD_USERNAME_PASSWORD;
+    info.password.username = username;
+    info.password.username_len = username_len;
+    info.password.password = password;
+    info.password.password_len = password_len;
+    return info;
+}
+
+int BSocksClient_Init (BSocksClient *o,
+                       BAddr server_addr, const struct BSocksClient_auth_info *auth_info, size_t num_auth_info,
+                       BAddr dest_addr, BSocksClient_handler handler, void *user, BReactor *reactor)
+{
+    ASSERT(!BAddr_IsInvalid(&server_addr))
+    ASSERT(dest_addr.type == BADDR_TYPE_IPV4 || dest_addr.type == BADDR_TYPE_IPV6)
+#ifndef NDEBUG
+    for (size_t i = 0; i < num_auth_info; i++) {
+        ASSERT(auth_info[i].auth_type == SOCKS_METHOD_NO_AUTHENTICATION_REQUIRED ||
+               auth_info[i].auth_type == SOCKS_METHOD_USERNAME_PASSWORD)
+    }
+#endif
+    
+    // init arguments
+    o->auth_info = auth_info;
+    o->num_auth_info = num_auth_info;
+    o->dest_addr = dest_addr;
+    o->handler = handler;
+    o->user = user;
+    o->reactor = reactor;
+    
+    // set no buffer
+    o->buffer = NULL;
+    
+    // init connector
+    if (!BConnector_Init(&o->connector, server_addr, o->reactor, o, (BConnector_handler)connector_handler)) {
+        BLog(BLOG_ERROR, "BConnector_Init failed");
+        goto fail0;
+    }
+    
+    // set state
+    o->state = STATE_CONNECTING;
+    
+    DebugError_Init(&o->d_err, BReactor_PendingGroup(o->reactor));
+    DebugObject_Init(&o->d_obj);
+    return 1;
+    
+fail0:
+    return 0;
+}
+
+void BSocksClient_Free (BSocksClient *o)
+{
+    DebugObject_Free(&o->d_obj);
+    DebugError_Free(&o->d_err);
+    
+    if (o->state != STATE_CONNECTING) {
+        if (o->state == STATE_UP) {
+            // free up I/O
+            free_up_io(o);
+        } else {
+            // free control I/O
+            free_control_io(o);
+        }
+        
+        // free connection
+        BConnection_Free(&o->con);
+    }
+    
+    // free connector
+    BConnector_Free(&o->connector);
+    
+    // free buffer
+    if (o->buffer) {
+        BFree(o->buffer);
+    }
+}
+
+StreamPassInterface * BSocksClient_GetSendInterface (BSocksClient *o)
+{
+    ASSERT(o->state == STATE_UP)
+    DebugObject_Access(&o->d_obj);
+    
+    return BConnection_SendAsync_GetIf(&o->con);
+}
+
+StreamRecvInterface * BSocksClient_GetRecvInterface (BSocksClient *o)
+{
+    ASSERT(o->state == STATE_UP)
+    DebugObject_Access(&o->d_obj);
+    
+    return BConnection_RecvAsync_GetIf(&o->con);
+}
diff --git a/client/3rd/PacketProcessor/PacketProcessor/tun2socks-iOS/socksclient/BSocksClient.h b/client/3rd/PacketProcessor/PacketProcessor/tun2socks-iOS/socksclient/BSocksClient.h
new file mode 100644
index 00000000..41c69505
--- /dev/null
+++ b/client/3rd/PacketProcessor/PacketProcessor/tun2socks-iOS/socksclient/BSocksClient.h
@@ -0,0 +1,147 @@
+/**
+ * @file BSocksClient.h
+ * @author Ambroz Bizjak <ambrop7@gmail.com>
+ * 
+ * @section LICENSE
+ * 
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions are met:
+ * 1. Redistributions of source code must retain the above copyright
+ *    notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in the
+ *    documentation and/or other materials provided with the distribution.
+ * 3. Neither the name of the author nor the
+ *    names of its contributors may be used to endorse or promote products
+ *    derived from this software without specific prior written permission.
+ * 
+ * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS" AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED
+ * WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE
+ * DISCLAIMED. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY
+ * DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES
+ * (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
+ * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND
+ * ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
+ * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS
+ * SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
+ * 
+ * @section DESCRIPTION
+ * 
+ * SOCKS5 client. TCP only, no authentication.
+ */
+
+#ifndef BADVPN_SOCKS_BSOCKSCLIENT_H
+#define BADVPN_SOCKS_BSOCKSCLIENT_H
+
+#include <stdint.h>
+
+#include "misc/debug.h"
+#include "misc/debugerror.h"
+#include "misc/socks_proto.h"
+#include "misc/packed.h"
+#include "base/DebugObject.h"
+#include "system/BConnection.h"
+#include "flow/PacketStreamSender.h"
+
+#define BSOCKSCLIENT_EVENT_ERROR 1
+#define BSOCKSCLIENT_EVENT_UP 2
+#define BSOCKSCLIENT_EVENT_ERROR_CLOSED 3
+
+/**
+ * Handler for events generated by the SOCKS client.
+ * 
+ * @param user as in {@link BSocksClient_Init}
+ * @param event event type. One of BSOCKSCLIENT_EVENT_ERROR, BSOCKSCLIENT_EVENT_UP
+ *              and BSOCKSCLIENT_EVENT_ERROR_CLOSED.
+ *              If event is BSOCKSCLIENT_EVENT_UP, the object was previously in down
+ *              state and has transitioned to up state; I/O can be done from this point on.
+ *              If event is BSOCKSCLIENT_EVENT_ERROR or BSOCKSCLIENT_EVENT_ERROR_CLOSED,
+ *              the object must be freed from within the job closure of this handler,
+ *              and no further I/O must be attempted.
+ */
+typedef void (*BSocksClient_handler) (void *user, int event);
+
+struct BSocksClient_auth_info {
+    int auth_type;
+    union {
+        struct {
+            const char *username;
+            size_t username_len;
+            const char *password;
+            size_t password_len;
+        } password;
+    };
+};
+
+typedef struct {
+    const struct BSocksClient_auth_info *auth_info;
+    size_t num_auth_info;
+    BAddr dest_addr;
+    BSocksClient_handler handler;
+    void *user;
+    BReactor *reactor;
+    int state;
+    char *buffer;
+    BConnector connector;
+    BConnection con;
+    union {
+        struct {
+            PacketPassInterface *send_if;
+            PacketStreamSender send_sender;
+            StreamRecvInterface *recv_if;
+            uint8_t *recv_dest;
+            int recv_len;
+            int recv_total;
+        } control;
+    };
+    DebugError d_err;
+    DebugObject d_obj;
+} BSocksClient;
+
+struct BSocksClient_auth_info BSocksClient_auth_none (void);
+struct BSocksClient_auth_info BSocksClient_auth_password (const char *username, size_t username_len, const char *password, size_t password_len);
+
+/**
+ * Initializes the object.
+ * The object is initialized in down state. The object must transition to up
+ * state before the user may begin any I/O.
+ * 
+ * @param o the object
+ * @param server_addr SOCKS5 server address
+ * @param dest_addr remote address
+ * @param handler handler for up and error events
+ * @param user value passed to handler
+ * @param reactor reactor we live in
+ * @return 1 on success, 0 on failure
+ */
+int BSocksClient_Init (BSocksClient *o,
+                       BAddr server_addr, const struct BSocksClient_auth_info *auth_info, size_t num_auth_info,
+                       BAddr dest_addr, BSocksClient_handler handler, void *user, BReactor *reactor) WARN_UNUSED;
+
+/**
+ * Frees the object.
+ * 
+ * @param o the object
+ */
+void BSocksClient_Free (BSocksClient *o);
+
+/**
+ * Returns the send interface.
+ * The object must be in up state.
+ * 
+ * @param o the object
+ * @return send interface
+ */
+StreamPassInterface * BSocksClient_GetSendInterface (BSocksClient *o);
+
+/**
+ * Returns the receive interface.
+ * The object must be in up state.
+ * 
+ * @param o the object
+ * @return receive interface
+ */
+StreamRecvInterface * BSocksClient_GetRecvInterface (BSocksClient *o);
+
+#endif
diff --git a/client/3rd/PacketProcessor/PacketProcessor/tun2socks-iOS/structure/BAVL.h b/client/3rd/PacketProcessor/PacketProcessor/tun2socks-iOS/structure/BAVL.h
new file mode 100644
index 00000000..fc6f540e
--- /dev/null
+++ b/client/3rd/PacketProcessor/PacketProcessor/tun2socks-iOS/structure/BAVL.h
@@ -0,0 +1,797 @@
+/**
+ * @file BAVL.h
+ * @author Ambroz Bizjak <ambrop7@gmail.com>
+ * 
+ * @section LICENSE
+ * 
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions are met:
+ * 1. Redistributions of source code must retain the above copyright
+ *    notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in the
+ *    documentation and/or other materials provided with the distribution.
+ * 3. Neither the name of the author nor the
+ *    names of its contributors may be used to endorse or promote products
+ *    derived from this software without specific prior written permission.
+ * 
+ * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS" AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED
+ * WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE
+ * DISCLAIMED. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY
+ * DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES
+ * (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
+ * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND
+ * ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
+ * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS
+ * SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
+ * 
+ * @section DESCRIPTION
+ * 
+ * AVL tree.
+ */
+
+#ifndef BADVPN_STRUCTURE_BAVL_H
+#define BADVPN_STRUCTURE_BAVL_H
+
+//#define BAVL_DEBUG
+
+#include <stdint.h>
+#include <stddef.h>
+
+#include "misc/debug.h"
+
+/**
+ * Handler function called by tree algorithms to compare two values.
+ * For any two values, the comparator must always return the same result.
+ * The <= relation defined by the comparator must be a total order.
+ * Values are obtained like that:
+ *   - The value of a node in the tree, or a node that is being inserted is:
+ *     (uint8_t *)node + offset.
+ *   - The value being looked up is the same as given to the lookup function.
+ * 
+ * @param user as in {@link BAVL_Init}
+ * @param val1 first value
+ * @param val2 second value
+ * @return -1 if val1 < val2, 0 if val1 = val2, 1 if val1 > val2
+ */
+typedef int (*BAVL_comparator) (void *user, void *val1, void *val2);
+
+struct BAVLNode;
+
+/**
+ * AVL tree.
+ */
+typedef struct {
+    int offset;
+    BAVL_comparator comparator;
+    void *user;
+    struct BAVLNode *root;
+} BAVL;
+
+/**
+ * AVL tree node.
+ */
+typedef struct BAVLNode {
+    struct BAVLNode *parent;
+    struct BAVLNode *link[2];
+    int8_t balance;
+#ifdef BAVL_COUNT
+    uint64_t count;
+#endif
+} BAVLNode;
+
+/**
+ * Initializes the tree.
+ * 
+ * @param o tree to initialize
+ * @param offset offset of a value from its node
+ * @param comparator value comparator handler function
+ * @param user value to pass to comparator
+ */
+static void BAVL_Init (BAVL *o, int offset, BAVL_comparator comparator, void *user);
+
+/**
+ * Inserts a node into the tree.
+ * Must not be called from comparator.
+ * 
+ * @param o the tree
+ * @param node uninitialized node to insert. Must have a valid value (its value
+ *             may be passed to the comparator during insertion).
+ * @param ref if not NULL, will return (regardless if insertion succeeded):
+ *              - the greatest node lesser than the inserted value, or (not in order)
+ *              - the smallest node greater than the inserted value, or
+ *              - NULL meaning there were no nodes in the tree.
+ * @param 1 on success, 0 if an element with an equal value is already in the tree
+ */
+static int BAVL_Insert (BAVL *o, BAVLNode *node, BAVLNode **ref);
+
+/**
+ * Removes a node from the tree.
+ * Must not be called from comparator.
+ * 
+ * @param o the tree
+ * @param node node to remove
+ */
+static void BAVL_Remove (BAVL *o, BAVLNode *node);
+
+/**
+ * Checks if the tree is empty.
+ * Must not be called from comparator.
+ * 
+ * @param o the tree
+ * @return 1 if empty, 0 if not
+ */
+static int BAVL_IsEmpty (const BAVL *o);
+
+/**
+ * Looks for a value in the tree.
+ * Must not be called from comparator.
+ * 
+ * @param o the tree
+ * @param val value to look for
+ * @return If a node is in the thee with an equal value, that node.
+ *         Else if the tree is not empty:
+ *           - the greatest node lesser than the given value, or (not in order)
+ *           - the smallest node greater than the given value.
+ *         NULL if the tree is empty.
+ */
+static BAVLNode * BAVL_Lookup (const BAVL *o, void *val);
+
+/**
+ * Looks for a value in the tree.
+ * Must not be called from comparator.
+ * 
+ * @param o the tree
+ * @param val value to look for
+ * @return If a node is in the thee with an equal value, that node.
+ *         Else NULL.
+ */
+static BAVLNode * BAVL_LookupExact (const BAVL *o, void *val);
+
+/**
+ * Returns the smallest node in the tree, or NULL if the tree is empty.
+ * 
+ * @param o the tree
+ * @return smallest node or NULL
+ */
+static BAVLNode * BAVL_GetFirst (const BAVL *o);
+
+/**
+ * Returns the greatest node in the tree, or NULL if the tree is empty.
+ * 
+ * @param o the tree
+ * @return greatest node or NULL
+ */
+static BAVLNode * BAVL_GetLast (const BAVL *o);
+
+/**
+ * Returns the node that follows the given node, or NULL if it's the
+ * last node.
+ * 
+ * @param o the tree
+ * @param n node
+ * @return next node, or NULL
+ */
+static BAVLNode * BAVL_GetNext (const BAVL *o, BAVLNode *n);
+
+/**
+ * Returns the node that precedes the given node, or NULL if it's the
+ * first node.
+ * 
+ * @param o the tree
+ * @param n node
+ * @return previous node, or NULL
+ */
+static BAVLNode * BAVL_GetPrev (const BAVL *o, BAVLNode *n);
+
+#ifdef BAVL_COUNT
+static uint64_t BAVL_Count (const BAVL *o);
+static uint64_t BAVL_IndexOf (const BAVL *o, BAVLNode *n);
+static BAVLNode * BAVL_GetAt (const BAVL *o, uint64_t index);
+#endif
+
+static void BAVL_Verify (BAVL *o);
+
+#define BAVL_MAX(_a, _b) ((_a) > (_b) ? (_a) : (_b))
+#define BAVL_OPTNEG(_a, _neg) ((_neg) ? -(_a) : (_a))
+
+static void * _BAVL_node_value (const BAVL *o, BAVLNode *n)
+{
+    return ((uint8_t *)n + o->offset);
+}
+
+static int _BAVL_compare_values (const BAVL *o, void *v1, void *v2)
+{
+    int res = o->comparator(o->user, v1, v2);
+    
+    ASSERT(res == -1 || res == 0 || res == 1)
+    
+    return res;
+}
+
+static int _BAVL_compare_nodes (BAVL *o, BAVLNode *n1, BAVLNode *n2)
+{
+    return _BAVL_compare_values(o, _BAVL_node_value(o, n1), _BAVL_node_value(o, n2));
+}
+
+#ifdef BAVL_AUTO_VERIFY
+#define BAVL_ASSERT(_h) BAVL_Verify((_h));
+#else
+#define BAVL_ASSERT(_h)
+#endif
+
+static int _BAVL_assert_recurser (BAVL *o, BAVLNode *n)
+{
+    ASSERT_FORCE(n->balance >= -1)
+    ASSERT_FORCE(n->balance <= 1)
+    
+    int height_left = 0;
+    int height_right = 0;
+#ifdef BAVL_COUNT
+    uint64_t count_left = 0;
+    uint64_t count_right = 0;
+#endif
+    
+    // check left subtree
+    if (n->link[0]) {
+        // check parent link
+        ASSERT_FORCE(n->link[0]->parent == n)
+        // check binary search tree
+        ASSERT_FORCE(_BAVL_compare_nodes(o, n->link[0], n) == -1)
+        // recursively calculate height
+        height_left = _BAVL_assert_recurser(o, n->link[0]);
+#ifdef BAVL_COUNT
+        count_left = n->link[0]->count;
+#endif
+    }
+    
+    // check right subtree
+    if (n->link[1]) {
+        // check parent link
+        ASSERT_FORCE(n->link[1]->parent == n)
+        // check binary search tree
+        ASSERT_FORCE(_BAVL_compare_nodes(o, n->link[1], n) == 1)
+        // recursively calculate height
+        height_right = _BAVL_assert_recurser(o, n->link[1]);
+#ifdef BAVL_COUNT
+        count_right = n->link[1]->count;
+#endif
+    }
+    
+    // check balance factor
+    ASSERT_FORCE(n->balance == height_right - height_left)
+    
+#ifdef BAVL_COUNT
+    // check count
+    ASSERT_FORCE(n->count == 1 + count_left + count_right)
+#endif
+    
+    return (BAVL_MAX(height_left, height_right) + 1);
+}
+
+#ifdef BAVL_COUNT
+static void _BAVL_update_count_from_children (BAVLNode *n)
+{
+    n->count = 1 + (n->link[0] ? n->link[0]->count : 0) + (n->link[1] ? n->link[1]->count : 0);
+}
+#endif
+
+static void _BAVL_rotate (BAVL *tree, BAVLNode *r, uint8_t dir)
+{
+    BAVLNode *nr = r->link[!dir];
+    
+    r->link[!dir] = nr->link[dir];
+    if (r->link[!dir]) {
+        r->link[!dir]->parent = r;
+    }
+    nr->link[dir] = r;
+    nr->parent = r->parent;
+    if (nr->parent) {
+        nr->parent->link[r == r->parent->link[1]] = nr;
+    } else {
+        tree->root = nr;
+    }
+    r->parent = nr;
+    
+#ifdef BAVL_COUNT
+    // update counts
+    _BAVL_update_count_from_children(r); // first r!
+    _BAVL_update_count_from_children(nr);
+#endif
+}
+
+static BAVLNode * _BAVL_subtree_max (BAVLNode *n)
+{
+    ASSERT(n)
+    while (n->link[1]) {
+        n = n->link[1];
+    }
+    return n;
+}
+
+static void _BAVL_replace_subtree (BAVL *tree, BAVLNode *dest, BAVLNode *n)
+{
+    ASSERT(dest)
+    
+    if (dest->parent) {
+        dest->parent->link[dest == dest->parent->link[1]] = n;
+    } else {
+        tree->root = n;
+    }
+    if (n) {
+        n->parent = dest->parent;
+    }
+    
+#ifdef BAVL_COUNT
+    // update counts
+    for (BAVLNode *c = dest->parent; c; c = c->parent) {
+        ASSERT(c->count >= dest->count)
+        c->count -= dest->count;
+        if (n) {
+            ASSERT(n->count <= UINT64_MAX - c->count)
+            c->count += n->count;
+        }
+    }
+#endif
+}
+
+static void _BAVL_swap_nodes (BAVL *tree, BAVLNode *n1, BAVLNode *n2)
+{
+    if (n2->parent == n1 || n1->parent == n2) {
+        // when the nodes are directly connected we need special handling
+        // make sure n1 is above n2
+        if (n1->parent == n2) {
+            BAVLNode *t = n1;
+            n1 = n2;
+            n2 = t;
+        }
+        
+        uint8_t side = (n2 == n1->link[1]);
+        BAVLNode *c = n1->link[!side];
+        
+        if (n1->link[0] = n2->link[0]) {
+            n1->link[0]->parent = n1;
+        }
+        if (n1->link[1] = n2->link[1]) {
+            n1->link[1]->parent = n1;
+        }
+        
+        if (n2->parent = n1->parent) {
+            n2->parent->link[n1 == n1->parent->link[1]] = n2;
+        } else {
+            tree->root = n2;
+        }
+        
+        n2->link[side] = n1;
+        n1->parent = n2;
+        if (n2->link[!side] = c) {
+            c->parent = n2;
+        }
+    } else {
+        BAVLNode *temp;
+        
+        // swap parents
+        temp = n1->parent;
+        if (n1->parent = n2->parent) {
+            n1->parent->link[n2 == n2->parent->link[1]] = n1;
+        } else {
+            tree->root = n1;
+        }
+        if (n2->parent = temp) {
+            n2->parent->link[n1 == temp->link[1]] = n2;
+        } else {
+            tree->root = n2;
+        }
+        
+        // swap left children
+        temp = n1->link[0];
+        if (n1->link[0] = n2->link[0]) {
+            n1->link[0]->parent = n1;
+        }
+        if (n2->link[0] = temp) {
+            n2->link[0]->parent = n2;
+        }
+        
+        // swap right children
+        temp = n1->link[1];
+        if (n1->link[1] = n2->link[1]) {
+            n1->link[1]->parent = n1;
+        }
+        if (n2->link[1] = temp) {
+            n2->link[1]->parent = n2;
+        }
+    }
+    
+    // swap balance factors
+    int8_t b = n1->balance;
+    n1->balance = n2->balance;
+    n2->balance = b;
+    
+#ifdef BAVL_COUNT
+    // swap counts
+    uint64_t c = n1->count;
+    n1->count = n2->count;
+    n2->count = c;
+#endif
+}
+
+static void _BAVL_rebalance (BAVL *o, BAVLNode *node, uint8_t side, int8_t deltac)
+{
+    ASSERT(side == 0 || side == 1)
+    ASSERT(deltac >= -1 && deltac <= 1)
+    ASSERT(node->balance >= -1 && node->balance <= 1)
+    
+    // if no subtree changed its height, no more rebalancing is needed
+    if (deltac == 0) {
+        return;
+    }
+    
+    // calculate how much our height changed
+    int8_t delta = BAVL_MAX(deltac, BAVL_OPTNEG(node->balance, side)) - BAVL_MAX(0, BAVL_OPTNEG(node->balance, side));
+    ASSERT(delta >= -1 && delta <= 1)
+    
+    // update our balance factor
+    node->balance -= BAVL_OPTNEG(deltac, side);
+    
+    BAVLNode *child;
+    BAVLNode *gchild;
+    
+    // perform transformations if the balance factor is wrong
+    if (node->balance == 2 || node->balance == -2) {
+        uint8_t bside;
+        int8_t bsidef;
+        if (node->balance == 2) {
+            bside = 1;
+            bsidef = 1;
+        } else {
+            bside = 0;
+            bsidef = -1;
+        }
+        
+        ASSERT(node->link[bside])
+        child = node->link[bside];
+        switch (child->balance * bsidef) {
+            case 1:
+                _BAVL_rotate(o, node, !bside);
+                node->balance = 0;
+                child->balance = 0;
+                node = child;
+                delta -= 1;
+                break;
+            case 0:
+                _BAVL_rotate(o, node, !bside);
+                node->balance = 1 * bsidef;
+                child->balance = -1 * bsidef;
+                node = child;
+                break;
+            case -1:
+                ASSERT(child->link[!bside])
+                gchild = child->link[!bside];
+                _BAVL_rotate(o, child, bside);
+                _BAVL_rotate(o, node, !bside);
+                node->balance = -BAVL_MAX(0, gchild->balance * bsidef) * bsidef;
+                child->balance = BAVL_MAX(0, -gchild->balance * bsidef) * bsidef;
+                gchild->balance = 0;
+                node = gchild;
+                delta -= 1;
+                break;
+            default:
+                ASSERT(0);
+        }
+    }
+    
+    ASSERT(delta >= -1 && delta <= 1)
+    // Transformations above preserve this. Proof:
+    //     - if a child subtree gained 1 height and rebalancing was needed,
+    //       it was the heavier subtree. Then delta was was originally 1, because
+    //       the heaviest subtree gained one height. If the transformation reduces
+    //       delta by one, it becomes 0.
+    //     - if a child subtree lost 1 height and rebalancing was needed, it
+    //       was the lighter subtree. Then delta was originally 0, because
+    //       the height of the heaviest subtree was unchanged. If the transformation
+    //       reduces delta by one, it becomes -1.
+    
+    if (node->parent) {
+        _BAVL_rebalance(o, node->parent, node == node->parent->link[1], delta);
+    }
+}
+
+void BAVL_Init (BAVL *o, int offset, BAVL_comparator comparator, void *user)
+{
+    o->offset = offset;
+    o->comparator = comparator;
+    o->user = user;
+    o->root = NULL;
+    
+    BAVL_ASSERT(o)
+}
+
+int BAVL_Insert (BAVL *o, BAVLNode *node, BAVLNode **ref)
+{
+    // insert to root?
+    if (!o->root) {
+        o->root = node;
+        node->parent = NULL;
+        node->link[0] = NULL;
+        node->link[1] = NULL;
+        node->balance = 0;
+#ifdef BAVL_COUNT
+        node->count = 1;
+#endif
+        
+        BAVL_ASSERT(o)
+        
+        if (ref) {
+            *ref = NULL;
+        }
+        return 1;
+    }
+    
+    // find node to insert to
+    BAVLNode *c = o->root;
+    int side;
+    while (1) {
+        // compare
+        int comp = _BAVL_compare_nodes(o, node, c);
+        
+        // have we found a node that compares equal?
+        if (comp == 0) {
+            if (ref) {
+                *ref = c;
+            }
+            return 0;
+        }
+        
+        side = (comp == 1);
+        
+        // have we reached a leaf?
+        if (!c->link[side]) {
+            break;
+        }
+        
+        c = c->link[side];
+    }
+    
+    // insert
+    c->link[side] = node;
+    node->parent = c;
+    node->link[0] = NULL;
+    node->link[1] = NULL;
+    node->balance = 0;
+#ifdef BAVL_COUNT
+    node->count = 1;
+#endif
+    
+#ifdef BAVL_COUNT
+    // update counts
+    for (BAVLNode *p = c; p; p = p->parent) {
+        ASSERT(p->count < UINT64_MAX)
+        p->count++;
+    }
+#endif
+    
+    // rebalance
+    _BAVL_rebalance(o, c, side, 1);
+    
+    BAVL_ASSERT(o)
+    
+    if (ref) {
+        *ref = c;
+    }
+    return 1;
+}
+
+void BAVL_Remove (BAVL *o, BAVLNode *node)
+{
+    // if we have both subtrees, swap the node and the largest node
+    // in the left subtree, so we have at most one subtree
+    if (node->link[0] && node->link[1]) {
+        // find the largest node in the left subtree
+        BAVLNode *max = _BAVL_subtree_max(node->link[0]);
+        // swap the nodes
+        _BAVL_swap_nodes(o, node, max);
+    }
+    
+    // have at most one child now
+    ASSERT(!(node->link[0] && node->link[1]))
+    
+    BAVLNode *parent = node->parent;
+    BAVLNode *child = (node->link[0] ? node->link[0] : node->link[1]);
+    
+    if (parent) {
+        // remember on which side node is
+        int side = (node == parent->link[1]);
+        // replace node with child
+        _BAVL_replace_subtree(o, node, child);
+        // rebalance
+        _BAVL_rebalance(o, parent, side, -1);
+    } else {
+        // replace node with child
+        _BAVL_replace_subtree(o, node, child);
+    }
+    
+    BAVL_ASSERT(o)
+}
+
+int BAVL_IsEmpty (const BAVL *o)
+{
+    return (!o->root);
+}
+
+BAVLNode * BAVL_Lookup (const BAVL *o, void *val)
+{
+    if (!o->root) {
+        return NULL;
+    }
+    
+    BAVLNode *c = o->root;
+    while (1) {
+        // compare
+        int comp = _BAVL_compare_values(o, val, _BAVL_node_value(o, c));
+        
+        // have we found a node that compares equal?
+        if (comp == 0) {
+            return c;
+        }
+        
+        int side = (comp == 1);
+        
+        // have we reached a leaf?
+        if (!c->link[side]) {
+            return c;
+        }
+        
+        c = c->link[side];
+    }
+}
+
+BAVLNode * BAVL_LookupExact (const BAVL *o, void *val)
+{
+    if (!o->root) {
+        return NULL;
+    }
+    
+    BAVLNode *c = o->root;
+    while (1) {
+        // compare
+        int comp = _BAVL_compare_values(o, val, _BAVL_node_value(o, c));
+        
+        // have we found a node that compares equal?
+        if (comp == 0) {
+            return c;
+        }
+        
+        int side = (comp == 1);
+        
+        // have we reached a leaf?
+        if (!c->link[side]) {
+            return NULL;
+        }
+        
+        c = c->link[side];
+    }
+}
+
+BAVLNode * BAVL_GetFirst (const BAVL *o)
+{
+    if (!o->root) {
+        return NULL;
+    }
+    
+    BAVLNode *n = o->root;
+    while (n->link[0]) {
+        n = n->link[0];
+    }
+    
+    return n;
+}
+
+BAVLNode * BAVL_GetLast (const BAVL *o)
+{
+    if (!o->root) {
+        return NULL;
+    }
+    
+    BAVLNode *n = o->root;
+    while (n->link[1]) {
+        n = n->link[1];
+    }
+    
+    return n;
+}
+
+BAVLNode * BAVL_GetNext (const BAVL *o, BAVLNode *n)
+{
+    if (n->link[1]) {
+        n = n->link[1];
+        while (n->link[0]) {
+            n = n->link[0];
+        }
+    } else {
+        while (n->parent && n == n->parent->link[1]) {
+            n = n->parent;
+        }
+        n = n->parent;
+    }
+    
+    return n;
+}
+
+BAVLNode * BAVL_GetPrev (const BAVL *o, BAVLNode *n)
+{
+    if (n->link[0]) {
+        n = n->link[0];
+        while (n->link[1]) {
+            n = n->link[1];
+        }
+    } else {
+        while (n->parent && n == n->parent->link[0]) {
+            n = n->parent;
+        }
+        n = n->parent;
+    }
+    
+    return n;
+}
+
+#ifdef BAVL_COUNT
+
+static uint64_t BAVL_Count (const BAVL *o)
+{
+    return (o->root ? o->root->count : 0);
+}
+
+static uint64_t BAVL_IndexOf (const BAVL *o, BAVLNode *n)
+{
+    uint64_t index = (n->link[0] ? n->link[0]->count : 0);
+    
+    for (BAVLNode *c = n; c->parent; c = c->parent) {
+        if (c == c->parent->link[1]) {
+            ASSERT(c->parent->count > c->count)
+            ASSERT(c->parent->count - c->count <= UINT64_MAX - index)
+            index += c->parent->count - c->count;
+        }
+    }
+    
+    return index;
+}
+
+static BAVLNode * BAVL_GetAt (const BAVL *o, uint64_t index)
+{
+    if (index >= BAVL_Count(o)) {
+        return NULL;
+    }
+    
+    BAVLNode *c = o->root;
+    
+    while (1) {
+        ASSERT(c)
+        ASSERT(index < c->count)
+        
+        uint64_t left_count = (c->link[0] ? c->link[0]->count : 0);
+        
+        if (index == left_count) {
+            return c;
+        }
+        
+        if (index < left_count) {
+            c = c->link[0];
+        } else {
+            c = c->link[1];
+            index -= left_count + 1;
+        }
+    }
+}
+
+#endif
+
+static void BAVL_Verify (BAVL *o)
+{
+    if (o->root) {
+        ASSERT(!o->root->parent)
+        _BAVL_assert_recurser(o, o->root);
+    }
+}
+
+#endif
diff --git a/client/3rd/PacketProcessor/PacketProcessor/tun2socks-iOS/structure/CAvl.h b/client/3rd/PacketProcessor/PacketProcessor/tun2socks-iOS/structure/CAvl.h
new file mode 100644
index 00000000..6d98194b
--- /dev/null
+++ b/client/3rd/PacketProcessor/PacketProcessor/tun2socks-iOS/structure/CAvl.h
@@ -0,0 +1,36 @@
+/**
+ * @file CAvl.h
+ * @author Ambroz Bizjak <ambrop7@gmail.com>
+ * 
+ * @section LICENSE
+ * 
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions are met:
+ * 1. Redistributions of source code must retain the above copyright
+ *    notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in the
+ *    documentation and/or other materials provided with the distribution.
+ * 3. Neither the name of the author nor the
+ *    names of its contributors may be used to endorse or promote products
+ *    derived from this software without specific prior written permission.
+ * 
+ * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS" AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED
+ * WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE
+ * DISCLAIMED. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY
+ * DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES
+ * (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
+ * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND
+ * ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
+ * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS
+ * SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
+ */
+
+#ifndef BADVPN_CAVL_H
+#define BADVPN_CAVL_H
+
+#include "misc/debug.h"
+#include "misc/merge.h"
+
+#endif
diff --git a/client/3rd/PacketProcessor/PacketProcessor/tun2socks-iOS/structure/CAvl_decl.h b/client/3rd/PacketProcessor/PacketProcessor/tun2socks-iOS/structure/CAvl_decl.h
new file mode 100644
index 00000000..7d54a815
--- /dev/null
+++ b/client/3rd/PacketProcessor/PacketProcessor/tun2socks-iOS/structure/CAvl_decl.h
@@ -0,0 +1,77 @@
+/**
+ * @file CAvl_decl.h
+ * @author Ambroz Bizjak <ambrop7@gmail.com>
+ * 
+ * @section LICENSE
+ * 
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions are met:
+ * 1. Redistributions of source code must retain the above copyright
+ *    notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in the
+ *    documentation and/or other materials provided with the distribution.
+ * 3. Neither the name of the author nor the
+ *    names of its contributors may be used to endorse or promote products
+ *    derived from this software without specific prior written permission.
+ * 
+ * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS" AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED
+ * WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE
+ * DISCLAIMED. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY
+ * DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES
+ * (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
+ * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND
+ * ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
+ * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS
+ * SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
+ */
+
+#include "CAvl_header.h"
+
+typedef struct {
+    CAvlLink root;
+} CAvl;
+
+typedef struct {
+    CAvlEntry *ptr;
+    CAvlLink link;
+} CAvlRef;
+
+static int CAvlIsNullRef (CAvlRef node);
+static int CAvlIsValidRef (CAvlRef node);
+static CAvlRef CAvlDeref (CAvlArg arg, CAvlLink link);
+
+static void CAvl_Init (CAvl *o);
+#if !CAVL_PARAM_FEATURE_KEYS_ARE_INDICES
+static int CAvl_Insert (CAvl *o, CAvlArg arg, CAvlRef node, CAvlRef *out_ref);
+#else
+static void CAvl_InsertAt (CAvl *o, CAvlArg arg, CAvlRef node, CAvlCount index);
+#endif
+static void CAvl_Remove (CAvl *o, CAvlArg arg, CAvlRef node);
+#if !CAVL_PARAM_FEATURE_KEYS_ARE_INDICES && !CAVL_PARAM_FEATURE_NOKEYS
+static CAvlRef CAvl_Lookup (const CAvl *o, CAvlArg arg, CAvlKey key);
+static CAvlRef CAvl_LookupExact (const CAvl *o, CAvlArg arg, CAvlKey key);
+static CAvlRef CAvl_GetFirstGreater (const CAvl *o, CAvlArg arg, CAvlKey key);
+static CAvlRef CAvl_GetLastLesser (const CAvl *o, CAvlArg arg, CAvlKey key);
+static CAvlRef CAvl_GetFirstGreaterEqual (const CAvl *o, CAvlArg arg, CAvlKey key);
+static CAvlRef CAvl_GetLastLesserEqual (const CAvl *o, CAvlArg arg, CAvlKey key);
+#endif
+static CAvlRef CAvl_GetFirst (const CAvl *o, CAvlArg arg);
+static CAvlRef CAvl_GetLast (const CAvl *o, CAvlArg arg);
+static CAvlRef CAvl_GetNext (const CAvl *o, CAvlArg arg, CAvlRef node);
+static CAvlRef CAvl_GetPrev (const CAvl *o, CAvlArg arg, CAvlRef node);
+static int CAvl_IsEmpty (const CAvl *o);
+static void CAvl_Verify (const CAvl *o, CAvlArg arg);
+#if CAVL_PARAM_FEATURE_COUNTS
+static CAvlCount CAvl_Count (const CAvl *o, CAvlArg arg);
+static CAvlCount CAvl_IndexOf (const CAvl *o, CAvlArg arg, CAvlRef node);
+static CAvlRef CAvl_GetAt (const CAvl *o, CAvlArg arg, CAvlCount index);
+#endif
+#if CAVL_PARAM_FEATURE_ASSOC
+static CAvlAssoc CAvl_AssocSum (const CAvl *o, CAvlArg arg);
+static CAvlAssoc CAvl_ExclusiveAssocPrefixSum (const CAvl *o, CAvlArg arg, CAvlRef node);
+static CAvlRef CAvl_FindLastExclusiveAssocPrefixSumLesserEqual (const CAvl *o, CAvlArg arg, CAvlAssoc sum, int (*sum_less) (void *, CAvlAssoc, CAvlAssoc), void *user);
+#endif
+
+#include "CAvl_footer.h"
diff --git a/client/3rd/PacketProcessor/PacketProcessor/tun2socks-iOS/structure/CAvl_footer.h b/client/3rd/PacketProcessor/PacketProcessor/tun2socks-iOS/structure/CAvl_footer.h
new file mode 100644
index 00000000..43b85c3a
--- /dev/null
+++ b/client/3rd/PacketProcessor/PacketProcessor/tun2socks-iOS/structure/CAvl_footer.h
@@ -0,0 +1,113 @@
+/**
+ * @file CAvl_footer.h
+ * @author Ambroz Bizjak <ambrop7@gmail.com>
+ * 
+ * @section LICENSE
+ * 
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions are met:
+ * 1. Redistributions of source code must retain the above copyright
+ *    notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in the
+ *    documentation and/or other materials provided with the distribution.
+ * 3. Neither the name of the author nor the
+ *    names of its contributors may be used to endorse or promote products
+ *    derived from this software without specific prior written permission.
+ * 
+ * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS" AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED
+ * WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE
+ * DISCLAIMED. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY
+ * DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES
+ * (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
+ * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND
+ * ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
+ * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS
+ * SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
+ */
+
+#undef CAVL_PARAM_NAME
+#undef CAVL_PARAM_FEATURE_COUNTS
+#undef CAVL_PARAM_FEATURE_KEYS_ARE_INDICES
+#undef CAVL_PARAM_FEATURE_NOKEYS
+#undef CAVL_PARAM_FEATURE_ASSOC
+#undef CAVL_PARAM_TYPE_ENTRY
+#undef CAVL_PARAM_TYPE_LINK
+#undef CAVL_PARAM_TYPE_KEY
+#undef CAVL_PARAM_TYPE_ARG
+#undef CAVL_PARAM_TYPE_COUNT
+#undef CAVL_PARAM_TYPE_ASSOC
+#undef CAVL_PARAM_VALUE_COUNT_MAX
+#undef CAVL_PARAM_VALUE_NULL
+#undef CAVL_PARAM_VALUE_ASSOC_ZERO
+#undef CAVL_PARAM_FUN_DEREF
+#undef CAVL_PARAM_FUN_COMPARE_ENTRIES
+#undef CAVL_PARAM_FUN_COMPARE_KEY_ENTRY
+#undef CAVL_PARAM_FUN_ASSOC_VALUE
+#undef CAVL_PARAM_FUN_ASSOC_OPER
+#undef CAVL_PARAM_MEMBER_CHILD
+#undef CAVL_PARAM_MEMBER_BALANCE
+#undef CAVL_PARAM_MEMBER_PARENT
+#undef CAVL_PARAM_MEMBER_COUNT
+#undef CAVL_PARAM_MEMBER_ASSOC
+
+#undef CAvl
+#undef CAvlEntry
+#undef CAvlLink
+#undef CAvlRef
+#undef CAvlArg
+#undef CAvlKey
+#undef CAvlCount
+#undef CAvlAssoc
+
+#undef CAvlIsNullRef
+#undef CAvlIsValidRef
+#undef CAvlDeref
+
+#undef CAvl_Init
+#undef CAvl_Insert
+#undef CAvl_InsertAt
+#undef CAvl_Remove
+#undef CAvl_Lookup
+#undef CAvl_LookupExact
+#undef CAvl_GetFirstGreater
+#undef CAvl_GetLastLesser
+#undef CAvl_GetFirstGreaterEqual
+#undef CAvl_GetLastLesserEqual
+#undef CAvl_GetFirst
+#undef CAvl_GetLast
+#undef CAvl_GetNext
+#undef CAvl_GetPrev
+#undef CAvl_IsEmpty
+#undef CAvl_Verify
+#undef CAvl_Count
+#undef CAvl_IndexOf
+#undef CAvl_GetAt
+#undef CAvl_AssocSum
+#undef CAvl_ExclusiveAssocPrefixSum
+#undef CAvl_FindLastExclusiveAssocPrefixSumLesserEqual
+
+#undef CAvl_link
+#undef CAvl_balance
+#undef CAvl_parent
+#undef CAvl_count
+#undef CAvl_assoc
+#undef CAvl_nulllink
+#undef CAvl_nullref
+#undef CAvl_compare_entries
+#undef CAvl_compare_key_entry
+#undef CAvl_compute_node_assoc
+#undef CAvl_check_parent
+#undef CAvl_verify_recurser
+#undef CAvl_assert_tree
+#undef CAvl_update_count_from_children
+#undef CAvl_rotate
+#undef CAvl_subtree_min
+#undef CAvl_subtree_max
+#undef CAvl_replace_subtree_fix_assoc
+#undef CAvl_swap_for_remove
+#undef CAvl_rebalance
+#undef CAvl_child_count
+#undef CAvl_MAX
+#undef CAvl_OPTNEG
diff --git a/client/3rd/PacketProcessor/PacketProcessor/tun2socks-iOS/structure/CAvl_header.h b/client/3rd/PacketProcessor/PacketProcessor/tun2socks-iOS/structure/CAvl_header.h
new file mode 100644
index 00000000..91ea7df6
--- /dev/null
+++ b/client/3rd/PacketProcessor/PacketProcessor/tun2socks-iOS/structure/CAvl_header.h
@@ -0,0 +1,141 @@
+/**
+ * @file CAvl_header.h
+ * @author Ambroz Bizjak <ambrop7@gmail.com>
+ * 
+ * @section LICENSE
+ * 
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions are met:
+ * 1. Redistributions of source code must retain the above copyright
+ *    notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in the
+ *    documentation and/or other materials provided with the distribution.
+ * 3. Neither the name of the author nor the
+ *    names of its contributors may be used to endorse or promote products
+ *    derived from this software without specific prior written permission.
+ * 
+ * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS" AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED
+ * WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE
+ * DISCLAIMED. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY
+ * DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES
+ * (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
+ * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND
+ * ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
+ * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS
+ * SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
+ */
+
+// Preprocessor inputs:
+// CAVL_PARAM_NAME - name of this data structure
+// CAVL_PARAM_FEATURE_COUNTS - whether to keep count information (0 or 1)
+// CAVL_PARAM_FEATURE_KEYS_ARE_INDICES - (0 or 1) whether to assume the keys are entry indices
+//   (number of entries lesser than given entry). If yes, CAVL_PARAM_TYPE_KEY is unused.
+//   Requires CAVL_PARAM_FEATURE_COUNTS.
+// CAVL_PARAM_FEATURE_NOKEYS - define to 1 if there is no need for a lookup operation
+// CAVL_PARAM_FEATURE_ASSOC - define to 1 for computation of an associative operation on subtrees.
+//   If enabled, the following macros must be defined: CAVL_PARAM_TYPE_ASSOC,
+//   CAVL_PARAM_VALUE_ASSOC_ZERO, CAVL_PARAM_FUN_ASSOC_VALUE,
+//   CAVL_PARAM_FUN_ASSOC_OPER, CAVL_PARAM_MEMBER_ASSOC.
+// CAVL_PARAM_TYPE_ENTRY - type of entry
+// CAVL_PARAM_TYPE_LINK - type of entry link (usually pointer or index)
+// CAVL_PARAM_TYPE_KEY - type of key (only if not CAVL_PARAM_FEATURE_KEYS_ARE_INDICES and
+//   not CAVL_PARAM_FEATURE_NOKEYS)
+// CAVL_PARAM_TYPE_ARG - type of argument pass through to callbacks
+// CAVL_PARAM_TYPE_COUNT - type of count (only if CAVL_PARAM_FEATURE_COUNTS)
+// CAVL_PARAM_TYPE_ASSOC - type of associative operation result
+// CAVL_PARAM_VALUE_COUNT_MAX - maximum value of count (type is CAVL_PARAM_TYPE_COUNT)
+// CAVL_PARAM_VALUE_NULL - value of invalid link (type is CAVL_PARAM_TYPE_LINK)
+// CAVL_PARAM_VALUE_ASSOC_ZERO - zero value for associative operation (type is CAVL_PARAM_TYPE_ASSOC).
+//   This must be both a left- and right-identity for the associative operation.
+// CAVL_PARAM_FUN_DEREF(arg, link) - dereference a non-null link; returns pointer to CAVL_PARAM_TYPE_LINK
+// CAVL_PARAM_FUN_COMPARE_ENTRIES(arg, entry1, entry2) - compare to entries; returns -1/0/1
+// CAVL_PARAM_FUN_COMPARE_KEY_ENTRY(arg, key1, entry2) - compare key and entry; returns -1/0/1
+// CAVL_PARAM_FUN_ASSOC_VALUE(arg, entry) - get value of a node for associative operation.
+//   The result will be cast to CAVL_PARAM_TYPE_ASSOC.
+// CAVL_PARAM_FUN_ASSOC_OPER(arg, value1, value2) - compute the associative operation on two values.
+//   The type of the two values is CAVL_PARAM_TYPE_ASSOC, and the result will be cast to
+//   CAVL_PARAM_TYPE_ASSOC.
+// CAVL_PARAM_MEMBER_CHILD - name of the child member in entry (type is CAVL_PARAM_TYPE_LINK[2])
+// CAVL_PARAM_MEMBER_BALANCE - name of the balance member in entry (type is any signed integer)
+// CAVL_PARAM_MEMBER_PARENT - name of the parent member in entry (type is CAVL_PARAM_TYPE_LINK)
+// CAVL_PARAM_MEMBER_COUNT - name of the count member in entry (type is CAVL_PARAM_TYPE_COUNT)
+//   (only if CAVL_PARAM_FEATURE_COUNTS)
+// CAVL_PARAM_MEMBER_ASSOC - name of assoc member in entry (type is CAVL_PARAM_TYPE_ASSOC)
+
+#ifndef BADVPN_CAVL_H
+#error CAvl.h has not been included
+#endif
+
+#if CAVL_PARAM_FEATURE_KEYS_ARE_INDICES && !CAVL_PARAM_FEATURE_COUNTS
+#error CAVL_PARAM_FEATURE_KEYS_ARE_INDICES requires CAVL_PARAM_FEATURE_COUNTS
+#endif
+
+#if CAVL_PARAM_FEATURE_KEYS_ARE_INDICES && CAVL_PARAM_FEATURE_NOKEYS
+#error CAVL_PARAM_FEATURE_KEYS_ARE_INDICES and CAVL_PARAM_FEATURE_NOKEYS cannot be used together
+#endif
+
+// types
+#define CAvl CAVL_PARAM_NAME
+#define CAvlEntry CAVL_PARAM_TYPE_ENTRY
+#define CAvlLink CAVL_PARAM_TYPE_LINK
+#define CAvlRef MERGE(CAVL_PARAM_NAME, Ref)
+#define CAvlArg CAVL_PARAM_TYPE_ARG
+#define CAvlKey CAVL_PARAM_TYPE_KEY
+#define CAvlCount CAVL_PARAM_TYPE_COUNT
+#define CAvlAssoc CAVL_PARAM_TYPE_ASSOC
+
+// non-object public functions
+#define CAvlIsNullRef MERGE(CAvl, IsNullRef)
+#define CAvlIsValidRef MERGE(CAvl, IsValidRef)
+#define CAvlDeref MERGE(CAvl, Deref)
+
+// public functions
+#define CAvl_Init MERGE(CAvl, _Init)
+#define CAvl_Insert MERGE(CAvl, _Insert)
+#define CAvl_InsertAt MERGE(CAvl, _InsertAt)
+#define CAvl_Remove MERGE(CAvl, _Remove)
+#define CAvl_Lookup MERGE(CAvl, _Lookup)
+#define CAvl_LookupExact MERGE(CAvl, _LookupExact)
+#define CAvl_GetFirstGreater MERGE(CAvl, _GetFirstGreater)
+#define CAvl_GetLastLesser MERGE(CAvl, _GetLastLesser)
+#define CAvl_GetFirstGreaterEqual MERGE(CAvl, _GetFirstGreaterEqual)
+#define CAvl_GetLastLesserEqual MERGE(CAvl, _GetLastLesserEqual)
+#define CAvl_GetFirst MERGE(CAvl, _GetFirst)
+#define CAvl_GetLast MERGE(CAvl, _GetLast)
+#define CAvl_GetNext MERGE(CAvl, _GetNext)
+#define CAvl_GetPrev MERGE(CAvl, _GetPrev)
+#define CAvl_IsEmpty MERGE(CAvl, _IsEmpty)
+#define CAvl_Verify MERGE(CAvl, _Verify)
+#define CAvl_Count MERGE(CAvl, _Count)
+#define CAvl_IndexOf MERGE(CAvl, _IndexOf)
+#define CAvl_GetAt MERGE(CAvl, _GetAt)
+#define CAvl_AssocSum MERGE(CAvl, _AssocSum)
+#define CAvl_ExclusiveAssocPrefixSum MERGE(CAvl, _ExclusiveAssocPrefixSum)
+#define CAvl_FindLastExclusiveAssocPrefixSumLesserEqual MERGE(CAvl, _FindLastExclusiveAssocPrefixSumLesserEqual)
+
+// private stuff
+#define CAvl_link(entry) ((entry).ptr->CAVL_PARAM_MEMBER_CHILD)
+#define CAvl_balance(entry) ((entry).ptr->CAVL_PARAM_MEMBER_BALANCE)
+#define CAvl_parent(entry) ((entry).ptr->CAVL_PARAM_MEMBER_PARENT)
+#define CAvl_count(entry) ((entry).ptr->CAVL_PARAM_MEMBER_COUNT)
+#define CAvl_assoc(entry) ((entry).ptr->CAVL_PARAM_MEMBER_ASSOC)
+#define CAvl_nulllink MERGE(CAvl, __nulllink)
+#define CAvl_nullref MERGE(CAvl, __nullref)
+#define CAvl_compare_entries MERGE(CAVL_PARAM_NAME, _compare_entries)
+#define CAvl_compare_key_entry MERGE(CAVL_PARAM_NAME, _compare_key_entry)
+#define CAvl_compute_node_assoc MERGE(CAVL_PARAM_NAME, _compute_node_assoc)
+#define CAvl_check_parent MERGE(CAVL_PARAM_NAME, _check_parent)
+#define CAvl_verify_recurser MERGE(CAVL_PARAM_NAME, _verify_recurser)
+#define CAvl_assert_tree MERGE(CAVL_PARAM_NAME, _assert_tree)
+#define CAvl_update_count_from_children MERGE(CAVL_PARAM_NAME, _update_count_from_children)
+#define CAvl_rotate MERGE(CAVL_PARAM_NAME, _rotate)
+#define CAvl_subtree_min MERGE(CAVL_PARAM_NAME, _subtree_min)
+#define CAvl_subtree_max MERGE(CAVL_PARAM_NAME, _subtree_max)
+#define CAvl_replace_subtree_fix_assoc MERGE(CAVL_PARAM_NAME, _replace_subtree_fix_counts)
+#define CAvl_swap_for_remove MERGE(CAVL_PARAM_NAME, _swap_entries)
+#define CAvl_rebalance MERGE(CAVL_PARAM_NAME, _rebalance)
+#define CAvl_child_count MERGE(CAvl, __child_count)
+#define CAvl_MAX(_a, _b) ((_a) > (_b) ? (_a) : (_b))
+#define CAvl_OPTNEG(_a, _neg) ((_neg) ? -(_a) : (_a))
diff --git a/client/3rd/PacketProcessor/PacketProcessor/tun2socks-iOS/structure/CAvl_impl.h b/client/3rd/PacketProcessor/PacketProcessor/tun2socks-iOS/structure/CAvl_impl.h
new file mode 100644
index 00000000..984bdea1
--- /dev/null
+++ b/client/3rd/PacketProcessor/PacketProcessor/tun2socks-iOS/structure/CAvl_impl.h
@@ -0,0 +1,949 @@
+/**
+ * @file CAvl_impl.h
+ * @author Ambroz Bizjak <ambrop7@gmail.com>
+ * 
+ * @section LICENSE
+ * 
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions are met:
+ * 1. Redistributions of source code must retain the above copyright
+ *    notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in the
+ *    documentation and/or other materials provided with the distribution.
+ * 3. Neither the name of the author nor the
+ *    names of its contributors may be used to endorse or promote products
+ *    derived from this software without specific prior written permission.
+ * 
+ * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS" AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED
+ * WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE
+ * DISCLAIMED. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY
+ * DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES
+ * (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
+ * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND
+ * ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
+ * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS
+ * SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
+ */
+
+#include "CAvl_header.h"
+
+static CAvlLink CAvl_nulllink (void)
+{
+    return CAVL_PARAM_VALUE_NULL;
+}
+
+static CAvlRef CAvl_nullref (void)
+{
+    CAvlRef n;
+    n.link = CAVL_PARAM_VALUE_NULL;
+    n.ptr = NULL;
+    return n;
+}
+
+#if !CAVL_PARAM_FEATURE_KEYS_ARE_INDICES
+
+static int CAvl_compare_entries (CAvlArg arg, CAvlRef node1, CAvlRef node2)
+{
+    int res = CAVL_PARAM_FUN_COMPARE_ENTRIES(arg, node1, node2);
+    ASSERT(res >= -1)
+    ASSERT(res <= 1)
+    
+    return res;
+}
+
+#if !CAVL_PARAM_FEATURE_NOKEYS
+
+static int CAvl_compare_key_entry (CAvlArg arg, CAvlKey key1, CAvlRef node2)
+{
+    int res = CAVL_PARAM_FUN_COMPARE_KEY_ENTRY(arg, key1, node2);
+    ASSERT(res >= -1)
+    ASSERT(res <= 1)
+    
+    return res;
+}
+
+#endif
+
+#endif
+
+#if CAVL_PARAM_FEATURE_ASSOC
+
+static CAvlAssoc CAvl_compute_node_assoc (CAvlArg arg, CAvlRef node)
+{
+    CAvlAssoc sum = CAVL_PARAM_FUN_ASSOC_VALUE(arg, node);
+    if (CAvl_link(node)[0] != CAvl_nulllink()) {
+        sum = CAVL_PARAM_FUN_ASSOC_OPER(arg, CAvl_assoc(CAvlDeref(arg, CAvl_link(node)[0])), sum);
+    }
+    if (CAvl_link(node)[1] != CAvl_nulllink()) {
+        sum = CAVL_PARAM_FUN_ASSOC_OPER(arg, sum, CAvl_assoc(CAvlDeref(arg, CAvl_link(node)[1])));
+    }
+    return sum;
+}
+
+#endif
+
+static int CAvl_check_parent (CAvlRef p, CAvlRef c)
+{
+    return (p.link == CAvl_parent(c)) && (p.link == CAvl_nulllink() || c.link == CAvl_link(p)[0] || c.link == CAvl_link(p)[1]);
+}
+
+static int CAvl_verify_recurser (CAvlArg arg, CAvlRef n)
+{
+    ASSERT_FORCE(CAvl_balance(n) >= -1)
+    ASSERT_FORCE(CAvl_balance(n) <= 1)
+    
+    int height_left = 0;
+    int height_right = 0;
+#if CAVL_PARAM_FEATURE_COUNTS
+    CAvlCount count_left = 0;
+    CAvlCount count_right = 0;
+#endif
+    
+    // check left subtree
+    if (CAvl_link(n)[0] != CAvl_nulllink()) {
+        // check parent link
+        ASSERT_FORCE(CAvl_parent(CAvlDeref(arg, CAvl_link(n)[0])) == n.link)
+        // check binary search tree
+#if !CAVL_PARAM_FEATURE_KEYS_ARE_INDICES
+        ASSERT_FORCE(CAvl_compare_entries(arg, CAvlDeref(arg, CAvl_link(n)[0]), n) == -1)
+#endif
+        // recursively calculate height
+        height_left = CAvl_verify_recurser(arg, CAvlDeref(arg, CAvl_link(n)[0]));
+#if CAVL_PARAM_FEATURE_COUNTS
+        count_left = CAvl_count(CAvlDeref(arg, CAvl_link(n)[0]));
+#endif
+    }
+    
+    // check right subtree
+    if (CAvl_link(n)[1] != CAvl_nulllink()) {
+        // check parent link
+        ASSERT_FORCE(CAvl_parent(CAvlDeref(arg, CAvl_link(n)[1])) == n.link)
+        // check binary search tree
+#if !CAVL_PARAM_FEATURE_KEYS_ARE_INDICES
+        ASSERT_FORCE(CAvl_compare_entries(arg, CAvlDeref(arg, CAvl_link(n)[1]), n) == 1)
+#endif
+        // recursively calculate height
+        height_right = CAvl_verify_recurser(arg, CAvlDeref(arg, CAvl_link(n)[1]));
+#if CAVL_PARAM_FEATURE_COUNTS
+        count_right = CAvl_count(CAvlDeref(arg, CAvl_link(n)[1]));
+#endif
+    }
+    
+    // check balance factor
+    ASSERT_FORCE(CAvl_balance(n) == height_right - height_left)
+    
+#if CAVL_PARAM_FEATURE_COUNTS
+    // check count
+    ASSERT_FORCE(CAvl_count(n) == 1 + count_left + count_right)
+#endif
+    
+#if CAVL_PARAM_FEATURE_ASSOC
+    // check assoc
+    ASSERT_FORCE(CAvl_assoc(n) == CAvl_compute_node_assoc(arg, n))
+#endif
+    
+    return CAvl_MAX(height_left, height_right) + 1;
+}
+
+static void CAvl_assert_tree (CAvl *o, CAvlArg arg)
+{
+#ifdef CAVL_AUTO_VERIFY
+    CAvl_Verify(o, arg);
+#endif
+}
+
+#if CAVL_PARAM_FEATURE_COUNTS
+static void CAvl_update_count_from_children (CAvlArg arg, CAvlRef n)
+{
+    CAvlCount left_count = CAvl_link(n)[0] != CAvl_nulllink() ? CAvl_count(CAvlDeref(arg, CAvl_link(n)[0])) : 0;
+    CAvlCount right_count = CAvl_link(n)[1] != CAvl_nulllink() ? CAvl_count(CAvlDeref(arg, CAvl_link(n)[1])) : 0;
+    CAvl_count(n) = 1 + left_count + right_count;
+}
+#endif
+
+static void CAvl_rotate (CAvl *o, CAvlArg arg, CAvlRef r, uint8_t dir, CAvlRef r_parent)
+{
+    ASSERT(CAvl_check_parent(r_parent, r))
+    CAvlRef nr = CAvlDeref(arg, CAvl_link(r)[!dir]);
+    
+    CAvl_link(r)[!dir] = CAvl_link(nr)[dir];
+    if (CAvl_link(r)[!dir] != CAvl_nulllink()) {
+        CAvl_parent(CAvlDeref(arg, CAvl_link(r)[!dir])) = r.link;
+    }
+    CAvl_link(nr)[dir] = r.link;
+    CAvl_parent(nr) = r_parent.link;
+    if (r_parent.link != CAvl_nulllink()) {
+        CAvl_link(r_parent)[r.link == CAvl_link(r_parent)[1]] = nr.link;
+    } else {
+        o->root = nr.link;
+    }
+    CAvl_parent(r) = nr.link;
+    
+#if CAVL_PARAM_FEATURE_COUNTS
+    CAvl_update_count_from_children(arg, r);
+    CAvl_update_count_from_children(arg, nr);
+#endif
+    
+#if CAVL_PARAM_FEATURE_ASSOC
+    CAvl_assoc(r) = CAvl_compute_node_assoc(arg, r);
+    CAvl_assoc(nr) = CAvl_compute_node_assoc(arg, nr);
+#endif
+}
+
+static CAvlRef CAvl_subtree_min (CAvlArg arg, CAvlRef n)
+{
+    ASSERT(n.link != CAvl_nulllink())
+    
+    while (CAvl_link(n)[0] != CAvl_nulllink()) {
+        n = CAvlDeref(arg, CAvl_link(n)[0]);
+    }
+    
+    return n;
+}
+
+static CAvlRef CAvl_subtree_max (CAvlArg arg, CAvlRef n)
+{
+    ASSERT(n.link != CAvl_nulllink())
+    
+    while (CAvl_link(n)[1] != CAvl_nulllink()) {
+        n = CAvlDeref(arg, CAvl_link(n)[1]);
+    }
+    
+    return n;
+}
+
+static void CAvl_replace_subtree_fix_assoc (CAvl *o, CAvlArg arg, CAvlRef dest, CAvlRef n, CAvlRef dest_parent)
+{
+    ASSERT(dest.link != CAvl_nulllink())
+    ASSERT(CAvl_check_parent(dest_parent, dest))
+    
+    if (dest_parent.link != CAvl_nulllink()) {
+        CAvl_link(dest_parent)[dest.link == CAvl_link(dest_parent)[1]] = n.link;
+    } else {
+        o->root = n.link;
+    }
+    if (n.link != CAvl_nulllink()) {
+        CAvl_parent(n) = CAvl_parent(dest);
+    }
+    
+#if CAVL_PARAM_FEATURE_COUNTS || CAVL_PARAM_FEATURE_ASSOC
+    for (CAvlRef c = dest_parent; c.link != CAvl_nulllink(); c = CAvlDeref(arg, CAvl_parent(c))) {
+#if CAVL_PARAM_FEATURE_COUNTS
+        ASSERT(CAvl_count(c) >= CAvl_count(dest))
+        CAvl_count(c) -= CAvl_count(dest);
+        if (n.link != CAvl_nulllink()) {
+            ASSERT(CAvl_count(n) <= CAVL_PARAM_VALUE_COUNT_MAX - CAvl_count(c))
+            CAvl_count(c) += CAvl_count(n);
+        }
+#endif
+#if CAVL_PARAM_FEATURE_ASSOC
+        CAvl_assoc(c) = CAvl_compute_node_assoc(arg, c);
+#endif
+    }
+#endif
+}
+
+static void CAvl_swap_for_remove (CAvl *o, CAvlArg arg, CAvlRef node, CAvlRef enode, CAvlRef node_parent, CAvlRef enode_parent)
+{
+    ASSERT(CAvl_check_parent(node_parent, node))
+    ASSERT(CAvl_check_parent(enode_parent, enode))
+    
+    if (enode_parent.link == node.link) {
+        // when the nodes are directly connected we need special handling
+        
+        uint8_t side = (enode.link == CAvl_link(node)[1]);
+        CAvlRef c = CAvlDeref(arg, CAvl_link(node)[!side]);
+        
+        if ((CAvl_link(node)[0] = CAvl_link(enode)[0]) != CAvl_nulllink()) {
+            CAvl_parent(CAvlDeref(arg, CAvl_link(node)[0])) = node.link;
+        }
+        if ((CAvl_link(node)[1] = CAvl_link(enode)[1]) != CAvl_nulllink()) {
+            CAvl_parent(CAvlDeref(arg, CAvl_link(node)[1])) = node.link;
+        }
+        
+        CAvl_parent(enode) = CAvl_parent(node);
+        if (node_parent.link != CAvl_nulllink()) {
+            CAvl_link(node_parent)[node.link == CAvl_link(node_parent)[1]] = enode.link;
+        } else {
+            o->root = enode.link;
+        }
+        
+        CAvl_link(enode)[side] = node.link;
+        CAvl_parent(node) = enode.link;
+        if ((CAvl_link(enode)[!side] = c.link) != CAvl_nulllink()) {
+            CAvl_parent(c) = enode.link;
+        }
+    } else {
+        CAvlRef temp;
+        
+        // swap parents
+        temp = node_parent;
+        CAvl_parent(node) = CAvl_parent(enode);
+        if (enode_parent.link != CAvl_nulllink()) {
+            CAvl_link(enode_parent)[enode.link == CAvl_link(enode_parent)[1]] = node.link;
+        } else {
+            o->root = node.link;
+        }
+        CAvl_parent(enode) = temp.link;
+        if (temp.link != CAvl_nulllink()) {
+            CAvl_link(temp)[node.link == CAvl_link(temp)[1]] = enode.link;
+        } else {
+            o->root = enode.link;
+        }
+        
+        // swap left children
+        temp = CAvlDeref(arg, CAvl_link(node)[0]);
+        if ((CAvl_link(node)[0] = CAvl_link(enode)[0]) != CAvl_nulllink()) {
+            CAvl_parent(CAvlDeref(arg, CAvl_link(node)[0])) = node.link;
+        }
+        if ((CAvl_link(enode)[0] = temp.link) != CAvl_nulllink()) {
+            CAvl_parent(CAvlDeref(arg, CAvl_link(enode)[0])) = enode.link;
+        }
+        
+        // swap right children
+        temp = CAvlDeref(arg, CAvl_link(node)[1]);
+        if ((CAvl_link(node)[1] = CAvl_link(enode)[1]) != CAvl_nulllink()) {
+            CAvl_parent(CAvlDeref(arg, CAvl_link(node)[1])) = node.link;
+        }
+        if ((CAvl_link(enode)[1] = temp.link) != CAvl_nulllink()) {
+            CAvl_parent(CAvlDeref(arg, CAvl_link(enode)[1])) = enode.link;
+        }
+    }
+    
+    // swap balance factors
+    int8_t b = CAvl_balance(node);
+    CAvl_balance(node) = CAvl_balance(enode);
+    CAvl_balance(enode) = b;
+    
+#if CAVL_PARAM_FEATURE_COUNTS
+    // swap counts
+    CAvlCount c = CAvl_count(node);
+    CAvl_count(node) = CAvl_count(enode);
+    CAvl_count(enode) = c;
+#endif
+    
+    // not fixing assoc values here because CAvl_replace_subtree_fix_assoc() will do it
+}
+
+static void CAvl_rebalance (CAvl *o, CAvlArg arg, CAvlRef node, uint8_t side, int8_t deltac)
+{
+    ASSERT(side == 0 || side == 1)
+    ASSERT(deltac >= -1 && deltac <= 1)
+    ASSERT(CAvl_balance(node) >= -1 && CAvl_balance(node) <= 1)
+    
+    // if no subtree changed its height, no more rebalancing is needed
+    if (deltac == 0) {
+        return;
+    }
+    
+    // calculate how much our height changed
+    int8_t delta = CAvl_MAX(deltac, CAvl_OPTNEG(CAvl_balance(node), side)) - CAvl_MAX(0, CAvl_OPTNEG(CAvl_balance(node), side));
+    ASSERT(delta >= -1 && delta <= 1)
+    
+    // update our balance factor
+    CAvl_balance(node) -= CAvl_OPTNEG(deltac, side);
+    
+    CAvlRef child;
+    CAvlRef gchild;
+    
+    // perform transformations if the balance factor is wrong
+    if (CAvl_balance(node) == 2 || CAvl_balance(node) == -2) {
+        uint8_t bside;
+        int8_t bsidef;
+        if (CAvl_balance(node) == 2) {
+            bside = 1;
+            bsidef = 1;
+        } else {
+            bside = 0;
+            bsidef = -1;
+        }
+        
+        ASSERT(CAvl_link(node)[bside] != CAvl_nulllink())
+        child = CAvlDeref(arg, CAvl_link(node)[bside]);
+        
+        switch (CAvl_balance(child) * bsidef) {
+            case 1:
+                CAvl_rotate(o, arg, node, !bside, CAvlDeref(arg, CAvl_parent(node)));
+                CAvl_balance(node) = 0;
+                CAvl_balance(child) = 0;
+                node = child;
+                delta -= 1;
+                break;
+            case 0:
+                CAvl_rotate(o, arg, node, !bside, CAvlDeref(arg, CAvl_parent(node)));
+                CAvl_balance(node) = 1 * bsidef;
+                CAvl_balance(child) = -1 * bsidef;
+                node = child;
+                break;
+            case -1:
+                ASSERT(CAvl_link(child)[!bside] != CAvl_nulllink())
+                gchild = CAvlDeref(arg, CAvl_link(child)[!bside]);
+                CAvl_rotate(o, arg, child, bside, node);
+                CAvl_rotate(o, arg, node, !bside, CAvlDeref(arg, CAvl_parent(node)));
+                CAvl_balance(node) = -CAvl_MAX(0, CAvl_balance(gchild) * bsidef) * bsidef;
+                CAvl_balance(child) = CAvl_MAX(0, -CAvl_balance(gchild) * bsidef) * bsidef;
+                CAvl_balance(gchild) = 0;
+                node = gchild;
+                delta -= 1;
+                break;
+            default:
+                ASSERT(0);
+        }
+    }
+    
+    ASSERT(delta >= -1 && delta <= 1)
+    // Transformations above preserve this. Proof:
+    //     - if a child subtree gained 1 height and rebalancing was needed,
+    //       it was the heavier subtree. Then delta was was originally 1, because
+    //       the heaviest subtree gained one height. If the transformation reduces
+    //       delta by one, it becomes 0.
+    //     - if a child subtree lost 1 height and rebalancing was needed, it
+    //       was the lighter subtree. Then delta was originally 0, because
+    //       the height of the heaviest subtree was unchanged. If the transformation
+    //       reduces delta by one, it becomes -1.
+    
+    if (CAvl_parent(node) != CAvl_nulllink()) {
+        CAvlRef node_parent = CAvlDeref(arg, CAvl_parent(node));
+        CAvl_rebalance(o, arg, node_parent, node.link == CAvl_link(node_parent)[1], delta);
+    }
+}
+
+#if CAVL_PARAM_FEATURE_KEYS_ARE_INDICES
+static CAvlCount CAvl_child_count (CAvlArg arg, CAvlRef n, int dir)
+{
+    return (CAvl_link(n)[dir] != CAvl_nulllink() ? CAvl_count(CAvlDeref(arg, CAvl_link(n)[dir])) : 0);
+}
+#endif
+
+static int CAvlIsNullRef (CAvlRef node)
+{
+    return node.link == CAvl_nulllink();
+}
+
+static int CAvlIsValidRef (CAvlRef node)
+{
+    return node.link != CAvl_nulllink();
+}
+
+static CAvlRef CAvlDeref (CAvlArg arg, CAvlLink link)
+{
+    if (link == CAvl_nulllink()) {
+        return CAvl_nullref();
+    }
+    
+    CAvlRef n;
+    n.ptr = CAVL_PARAM_FUN_DEREF(arg, link);
+    n.link = link;
+    
+    ASSERT(n.ptr)
+    
+    return n;
+}
+
+static void CAvl_Init (CAvl *o)
+{
+    o->root = CAvl_nulllink();
+}
+
+#if !CAVL_PARAM_FEATURE_KEYS_ARE_INDICES
+
+static int CAvl_Insert (CAvl *o, CAvlArg arg, CAvlRef node, CAvlRef *out_ref)
+{
+    ASSERT(node.link != CAvl_nulllink())
+#if CAVL_PARAM_FEATURE_COUNTS
+    ASSERT(CAvl_Count(o, arg) < CAVL_PARAM_VALUE_COUNT_MAX)
+#endif
+    
+    // insert to root?
+    if (o->root == CAvl_nulllink()) {
+        o->root = node.link;
+        CAvl_parent(node) = CAvl_nulllink();
+        CAvl_link(node)[0] = CAvl_nulllink();
+        CAvl_link(node)[1] = CAvl_nulllink();
+        CAvl_balance(node) = 0;
+#if CAVL_PARAM_FEATURE_COUNTS
+        CAvl_count(node) = 1;
+#endif
+#if CAVL_PARAM_FEATURE_ASSOC
+        CAvl_assoc(node) = CAVL_PARAM_FUN_ASSOC_VALUE(arg, node);
+#endif
+        
+        CAvl_assert_tree(o, arg);
+        
+        if (out_ref) {
+            *out_ref = CAvl_nullref();
+        }
+        return 1;
+    }
+    
+    CAvlRef c = CAvlDeref(arg, o->root);
+    int side;
+    while (1) {
+        int comp = CAvl_compare_entries(arg, node, c);
+        
+        if (comp == 0) {
+            if (out_ref) {
+                *out_ref = c;
+            }
+            return 0;
+        }
+        
+        side = (comp == 1);
+        
+        if (CAvl_link(c)[side] == CAvl_nulllink()) {
+            break;
+        }
+        
+        c = CAvlDeref(arg, CAvl_link(c)[side]);
+    }
+    
+    CAvl_link(c)[side] = node.link;
+    CAvl_parent(node) = c.link;
+    CAvl_link(node)[0] = CAvl_nulllink();
+    CAvl_link(node)[1] = CAvl_nulllink();
+    CAvl_balance(node) = 0;
+#if CAVL_PARAM_FEATURE_COUNTS
+    CAvl_count(node) = 1;
+#endif
+#if CAVL_PARAM_FEATURE_ASSOC
+    CAvl_assoc(node) = CAVL_PARAM_FUN_ASSOC_VALUE(arg, node);
+#endif
+    
+#if CAVL_PARAM_FEATURE_COUNTS || CAVL_PARAM_FEATURE_ASSOC
+    for (CAvlRef p = c; p.link != CAvl_nulllink(); p = CAvlDeref(arg, CAvl_parent(p))) {
+#if CAVL_PARAM_FEATURE_COUNTS
+        CAvl_count(p)++;
+#endif
+#if CAVL_PARAM_FEATURE_ASSOC
+        CAvl_assoc(p) = CAvl_compute_node_assoc(arg, p);
+#endif
+    }
+#endif
+    
+    CAvl_rebalance(o, arg, c, side, 1);
+    
+    CAvl_assert_tree(o, arg);
+    
+    if (out_ref) {
+        *out_ref = c;
+    }
+    return 1;
+}
+
+#else
+
+static void CAvl_InsertAt (CAvl *o, CAvlArg arg, CAvlRef node, CAvlCount index)
+{
+    ASSERT(node.link != CAvl_nulllink())
+    ASSERT(index <= CAvl_Count(o, arg))
+    ASSERT(CAvl_Count(o, arg) < CAVL_PARAM_VALUE_COUNT_MAX)
+    
+    // insert to root?
+    if (o->root == CAvl_nulllink()) {
+        o->root = node.link;
+        CAvl_parent(node) = CAvl_nulllink();
+        CAvl_link(node)[0] = CAvl_nulllink();
+        CAvl_link(node)[1] = CAvl_nulllink();
+        CAvl_balance(node) = 0;
+        CAvl_count(node) = 1;
+#if CAVL_PARAM_FEATURE_ASSOC
+        CAvl_assoc(node) = CAVL_PARAM_FUN_ASSOC_VALUE(arg, node);
+#endif
+        
+        CAvl_assert_tree(o, arg);
+        return;
+    }
+    
+    CAvlRef c = CAvlDeref(arg, o->root);
+    CAvlCount c_idx = CAvl_child_count(arg, c, 0);
+    int side;
+    while (1) {
+        side = (index > c_idx);
+        
+        if (CAvl_link(c)[side] == CAvl_nulllink()) {
+            break;
+        }
+        
+        c = CAvlDeref(arg, CAvl_link(c)[side]);
+        
+        if (side == 0) {
+            c_idx -= 1 + CAvl_child_count(arg, c, 1);
+        } else {
+            c_idx += 1 + CAvl_child_count(arg, c, 0);
+        }
+    }
+    
+    CAvl_link(c)[side] = node.link;
+    CAvl_parent(node) = c.link;
+    CAvl_link(node)[0] = CAvl_nulllink();
+    CAvl_link(node)[1] = CAvl_nulllink();
+    CAvl_balance(node) = 0;
+    CAvl_count(node) = 1;
+#if CAVL_PARAM_FEATURE_ASSOC
+    CAvl_assoc(node) = CAVL_PARAM_FUN_ASSOC_VALUE(arg, node);
+#endif
+    
+    for (CAvlRef p = c; p.link != CAvl_nulllink(); p = CAvlDeref(arg, CAvl_parent(p))) {
+        CAvl_count(p)++;
+#if CAVL_PARAM_FEATURE_ASSOC
+        CAvl_assoc(p) = CAvl_compute_node_assoc(arg, p);
+#endif
+    }
+    
+    CAvl_rebalance(o, arg, c, side, 1);
+    
+    CAvl_assert_tree(o, arg);
+    return;
+}
+
+#endif
+
+static void CAvl_Remove (CAvl *o, CAvlArg arg, CAvlRef node)
+{
+    ASSERT(node.link != CAvl_nulllink())
+    ASSERT(o->root != CAvl_nulllink())
+    
+    if (CAvl_link(node)[0] != CAvl_nulllink() && CAvl_link(node)[1] != CAvl_nulllink()) {
+        CAvlRef max = CAvl_subtree_max(arg, CAvlDeref(arg, CAvl_link(node)[0]));
+        CAvl_swap_for_remove(o, arg, node, max, CAvlDeref(arg, CAvl_parent(node)), CAvlDeref(arg, CAvl_parent(max)));
+    }
+    
+    ASSERT(CAvl_link(node)[0] == CAvl_nulllink() || CAvl_link(node)[1] == CAvl_nulllink())
+    
+    CAvlRef paren = CAvlDeref(arg, CAvl_parent(node));
+    CAvlRef child = (CAvl_link(node)[0] != CAvl_nulllink() ? CAvlDeref(arg, CAvl_link(node)[0]) : CAvlDeref(arg, CAvl_link(node)[1]));
+    
+    if (paren.link != CAvl_nulllink()) {
+        int side = (node.link == CAvl_link(paren)[1]);
+        CAvl_replace_subtree_fix_assoc(o, arg, node, child, paren);
+        CAvl_rebalance(o, arg, paren, side, -1);
+    } else {
+        CAvl_replace_subtree_fix_assoc(o, arg, node, child, paren);
+    }
+    
+    CAvl_assert_tree(o, arg);
+}
+
+#if !CAVL_PARAM_FEATURE_KEYS_ARE_INDICES && !CAVL_PARAM_FEATURE_NOKEYS
+
+static CAvlRef CAvl_Lookup (const CAvl *o, CAvlArg arg, CAvlKey key)
+{
+    if (o->root == CAvl_nulllink()) {
+        return CAvl_nullref();
+    }
+    
+    CAvlRef c = CAvlDeref(arg, o->root);
+    while (1) {
+        // compare
+        int comp = CAvl_compare_key_entry(arg, key, c);
+        
+        // have we found a node that compares equal?
+        if (comp == 0) {
+            return c;
+        }
+        
+        int side = (comp == 1);
+        
+        // have we reached a leaf?
+        if (CAvl_link(c)[side] == CAvl_nulllink()) {
+            return c;
+        }
+        
+        c = CAvlDeref(arg, CAvl_link(c)[side]);
+    }
+}
+
+static CAvlRef CAvl_LookupExact (const CAvl *o, CAvlArg arg, CAvlKey key)
+{
+    if (o->root == CAvl_nulllink()) {
+        return CAvl_nullref();
+    }
+    
+    CAvlRef c = CAvlDeref(arg, o->root);
+    while (1) {
+        // compare
+        int comp = CAvl_compare_key_entry(arg, key, c);
+        
+        // have we found a node that compares equal?
+        if (comp == 0) {
+            return c;
+        }
+        
+        int side = (comp == 1);
+        
+        // have we reached a leaf?
+        if (CAvl_link(c)[side] == CAvl_nulllink()) {
+            return CAvl_nullref();
+        }
+        
+        c = CAvlDeref(arg, CAvl_link(c)[side]);
+    }
+}
+
+static CAvlRef CAvl_GetFirstGreater (const CAvl *o, CAvlArg arg, CAvlKey key)
+{
+    CAvlRef c = CAvl_Lookup(o, arg, key);
+    if (CAvlIsNullRef(c)) {
+        return CAvl_nullref();
+    }
+    
+    if (CAvl_compare_key_entry(arg, key, c) >= 0) {
+        c = CAvl_GetNext(o, arg, c);
+        if (CAvlIsNullRef(c)) {
+            return CAvl_nullref();
+        }
+    }
+    
+    ASSERT(CAvl_compare_key_entry(arg, key, c) < 0);
+    
+    return c;
+}
+
+static CAvlRef CAvl_GetLastLesser (const CAvl *o, CAvlArg arg, CAvlKey key)
+{
+    CAvlRef c = CAvl_Lookup(o, arg, key);
+    if (CAvlIsNullRef(c)) {
+        return CAvl_nullref();
+    }
+    
+    if (CAvl_compare_key_entry(arg, key, c) <= 0) {
+        c = CAvl_GetPrev(o, arg, c);
+        if (CAvlIsNullRef(c)) {
+            return CAvl_nullref();
+        }
+    }
+    
+    ASSERT(CAvl_compare_key_entry(arg, key, c) > 0);
+    
+    return c;
+}
+
+static CAvlRef CAvl_GetFirstGreaterEqual (const CAvl *o, CAvlArg arg, CAvlKey key)
+{
+    CAvlRef c = CAvl_Lookup(o, arg, key);
+    if (CAvlIsNullRef(c)) {
+        return CAvl_nullref();
+    }
+    
+    if (CAvl_compare_key_entry(arg, key, c) > 0) {
+        c = CAvl_GetNext(o, arg, c);
+        if (CAvlIsNullRef(c)) {
+            return CAvl_nullref();
+        }
+    }
+    
+    ASSERT(CAvl_compare_key_entry(arg, key, c) <= 0);
+    
+    return c;
+}
+
+static CAvlRef CAvl_GetLastLesserEqual (const CAvl *o, CAvlArg arg, CAvlKey key)
+{
+    CAvlRef c = CAvl_Lookup(o, arg, key);
+    if (CAvlIsNullRef(c)) {
+        return CAvl_nullref();
+    }
+    
+    if (CAvl_compare_key_entry(arg, key, c) < 0) {
+        c = CAvl_GetPrev(o, arg, c);
+        if (CAvlIsNullRef(c)) {
+            return CAvl_nullref();
+        }
+    }
+    
+    ASSERT(CAvl_compare_key_entry(arg, key, c) >= 0);
+    
+    return c;
+}
+
+#endif
+
+static CAvlRef CAvl_GetFirst (const CAvl *o, CAvlArg arg)
+{
+    if (o->root == CAvl_nulllink()) {
+        return CAvl_nullref();
+    }
+    
+    return CAvl_subtree_min(arg, CAvlDeref(arg, o->root));
+}
+
+static CAvlRef CAvl_GetLast (const CAvl *o, CAvlArg arg)
+{
+    if (o->root == CAvl_nulllink()) {
+        return CAvl_nullref();
+    }
+    
+    return CAvl_subtree_max(arg, CAvlDeref(arg, o->root));
+}
+
+static CAvlRef CAvl_GetNext (const CAvl *o, CAvlArg arg, CAvlRef node)
+{
+    ASSERT(node.link != CAvl_nulllink())
+    ASSERT(o->root != CAvl_nulllink())
+    
+    if (CAvl_link(node)[1] != CAvl_nulllink()) {
+        node = CAvlDeref(arg, CAvl_link(node)[1]);
+        while (CAvl_link(node)[0] != CAvl_nulllink()) {
+            node = CAvlDeref(arg, CAvl_link(node)[0]);
+        }
+    } else {
+        while (CAvl_parent(node) != CAvl_nulllink() && node.link == CAvl_link(CAvlDeref(arg, CAvl_parent(node)))[1]) {
+            node = CAvlDeref(arg, CAvl_parent(node));
+        }
+        node = CAvlDeref(arg, CAvl_parent(node));
+    }
+    
+    return node;
+}
+
+static CAvlRef CAvl_GetPrev (const CAvl *o, CAvlArg arg, CAvlRef node)
+{
+    ASSERT(node.link != CAvl_nulllink())
+    ASSERT(o->root != CAvl_nulllink())
+    
+    if (CAvl_link(node)[0] != CAvl_nulllink()) {
+        node = CAvlDeref(arg, CAvl_link(node)[0]);
+        while (CAvl_link(node)[1] != CAvl_nulllink()) {
+            node = CAvlDeref(arg, CAvl_link(node)[1]);
+        }
+    } else {
+        while (CAvl_parent(node) != CAvl_nulllink() && node.link == CAvl_link(CAvlDeref(arg, CAvl_parent(node)))[0]) {
+            node = CAvlDeref(arg, CAvl_parent(node));
+        }
+        node = CAvlDeref(arg, CAvl_parent(node));
+    }
+    
+    return node;
+}
+
+static int CAvl_IsEmpty (const CAvl *o)
+{
+    return o->root == CAvl_nulllink();
+}
+
+static void CAvl_Verify (const CAvl *o, CAvlArg arg)
+{
+    if (o->root != CAvl_nulllink()) {
+        CAvlRef root = CAvlDeref(arg, o->root);
+        ASSERT(CAvl_parent(root) == CAvl_nulllink())
+        CAvl_verify_recurser(arg, root);
+    }
+}
+
+#if CAVL_PARAM_FEATURE_COUNTS
+
+static CAvlCount CAvl_Count (const CAvl *o, CAvlArg arg)
+{
+    return (o->root != CAvl_nulllink() ? CAvl_count(CAvlDeref(arg, o->root)) : 0);
+}
+
+static CAvlCount CAvl_IndexOf (const CAvl *o, CAvlArg arg, CAvlRef node)
+{
+    ASSERT(node.link != CAvl_nulllink())
+    ASSERT(o->root != CAvl_nulllink())
+    
+    CAvlCount index = (CAvl_link(node)[0] != CAvl_nulllink() ? CAvl_count(CAvlDeref(arg, CAvl_link(node)[0])) : 0);
+    
+    CAvlRef paren = CAvlDeref(arg, CAvl_parent(node));
+    
+    for (CAvlRef c = node; paren.link != CAvl_nulllink(); c = paren, paren = CAvlDeref(arg, CAvl_parent(c))) {
+        if (c.link == CAvl_link(paren)[1]) {
+            ASSERT(CAvl_count(paren) > CAvl_count(c))
+            ASSERT(CAvl_count(paren) - CAvl_count(c) <= CAVL_PARAM_VALUE_COUNT_MAX - index)
+            index += CAvl_count(paren) - CAvl_count(c);
+        }
+    }
+    
+    return index;
+}
+
+static CAvlRef CAvl_GetAt (const CAvl *o, CAvlArg arg, CAvlCount index)
+{
+    if (index >= CAvl_Count(o, arg)) {
+        return CAvl_nullref();
+    }
+    
+    CAvlRef c = CAvlDeref(arg, o->root);
+    
+    while (1) {
+        ASSERT(c.link != CAvl_nulllink())
+        ASSERT(index < CAvl_count(c))
+        
+        CAvlCount left_count = (CAvl_link(c)[0] != CAvl_nulllink() ? CAvl_count(CAvlDeref(arg, CAvl_link(c)[0])) : 0);
+        
+        if (index == left_count) {
+            return c;
+        }
+        
+        if (index < left_count) {
+            c = CAvlDeref(arg, CAvl_link(c)[0]);
+        } else {
+            c = CAvlDeref(arg, CAvl_link(c)[1]);
+            index -= left_count + 1;
+        }
+    }
+}
+
+#endif
+
+#if CAVL_PARAM_FEATURE_ASSOC
+
+static CAvlAssoc CAvl_AssocSum (const CAvl *o, CAvlArg arg)
+{
+    if (o->root == CAvl_nulllink()) {
+        return CAVL_PARAM_VALUE_ASSOC_ZERO;
+    }
+    CAvlRef root = CAvlDeref(arg, o->root);
+    return CAvl_assoc(root);
+}
+
+static CAvlAssoc CAvl_ExclusiveAssocPrefixSum (const CAvl *o, CAvlArg arg, CAvlRef node)
+{
+    ASSERT(node.link != CAvl_nulllink())
+    ASSERT(o->root != CAvl_nulllink())
+    
+    CAvlAssoc sum = (CAvl_link(node)[0] != CAvl_nulllink() ? CAvl_assoc(CAvlDeref(arg, CAvl_link(node)[0])) : CAVL_PARAM_VALUE_ASSOC_ZERO);
+    
+    CAvlRef paren = CAvlDeref(arg, CAvl_parent(node));
+    
+    for (CAvlRef c = node; paren.link != CAvl_nulllink(); c = paren, paren = CAvlDeref(arg, CAvl_parent(c))) {
+        if (c.link == CAvl_link(paren)[1]) {
+            CAvlAssoc c_val = CAVL_PARAM_FUN_ASSOC_VALUE(arg, paren);
+            sum = CAVL_PARAM_FUN_ASSOC_OPER(arg, c_val, sum);
+            if (CAvl_link(paren)[0] != CAvl_nulllink()) {
+                sum = CAVL_PARAM_FUN_ASSOC_OPER(arg, CAvl_assoc(CAvlDeref(arg, CAvl_link(paren)[0])), sum);
+            }
+        }
+    }
+    
+    return sum;
+}
+
+static CAvlRef CAvl_FindLastExclusiveAssocPrefixSumLesserEqual (const CAvl *o, CAvlArg arg, CAvlAssoc sum, int (*sum_less) (void *, CAvlAssoc, CAvlAssoc), void *user)
+{
+    CAvlRef result = CAvl_nullref();
+    CAvlRef c = CAvlDeref(arg, o->root);
+    CAvlAssoc sum_offset = CAVL_PARAM_VALUE_ASSOC_ZERO;
+    
+    while (c.link != CAvl_nulllink()) {
+        CAvlAssoc left_sum = (CAvl_link(c)[0] != CAvl_nulllink() ? CAvl_assoc(CAvlDeref(arg, CAvl_link(c)[0])) : CAVL_PARAM_VALUE_ASSOC_ZERO);
+        CAvlAssoc c_prefixsum = CAVL_PARAM_FUN_ASSOC_OPER(arg, sum_offset, left_sum);
+        
+        if (sum_less(user, sum, c_prefixsum)) {
+            c = CAvlDeref(arg, CAvl_link(c)[0]);
+        } else {
+            result = c;
+            CAvlAssoc c_val = CAVL_PARAM_FUN_ASSOC_VALUE(arg, c);
+            sum_offset = CAVL_PARAM_FUN_ASSOC_OPER(arg, c_prefixsum, c_val);
+            c = CAvlDeref(arg, CAvl_link(c)[1]);
+        }
+    }
+    
+    return result;
+}
+
+#endif
+
+#include "CAvl_footer.h"
diff --git a/client/3rd/PacketProcessor/PacketProcessor/tun2socks-iOS/structure/CHash.h b/client/3rd/PacketProcessor/PacketProcessor/tun2socks-iOS/structure/CHash.h
new file mode 100644
index 00000000..45fef7a3
--- /dev/null
+++ b/client/3rd/PacketProcessor/PacketProcessor/tun2socks-iOS/structure/CHash.h
@@ -0,0 +1,39 @@
+/**
+ * @file CHash.h
+ * @author Ambroz Bizjak <ambrop7@gmail.com>
+ * 
+ * @section LICENSE
+ * 
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions are met:
+ * 1. Redistributions of source code must retain the above copyright
+ *    notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in the
+ *    documentation and/or other materials provided with the distribution.
+ * 3. Neither the name of the author nor the
+ *    names of its contributors may be used to endorse or promote products
+ *    derived from this software without specific prior written permission.
+ * 
+ * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS" AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED
+ * WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE
+ * DISCLAIMED. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY
+ * DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES
+ * (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
+ * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND
+ * ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
+ * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS
+ * SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
+ */
+
+#ifndef BADVPN_CHASH_H
+#define BADVPN_CHASH_H
+
+#include <stdlib.h>
+
+#include <misc/debug.h>
+#include <misc/merge.h>
+#include <misc/balloc.h>
+
+#endif
diff --git a/client/3rd/PacketProcessor/PacketProcessor/tun2socks-iOS/structure/CHash_decl.h b/client/3rd/PacketProcessor/PacketProcessor/tun2socks-iOS/structure/CHash_decl.h
new file mode 100644
index 00000000..d47702a1
--- /dev/null
+++ b/client/3rd/PacketProcessor/PacketProcessor/tun2socks-iOS/structure/CHash_decl.h
@@ -0,0 +1,59 @@
+/**
+ * @file CHash_decl.h
+ * @author Ambroz Bizjak <ambrop7@gmail.com>
+ * 
+ * @section LICENSE
+ * 
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions are met:
+ * 1. Redistributions of source code must retain the above copyright
+ *    notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in the
+ *    documentation and/or other materials provided with the distribution.
+ * 3. Neither the name of the author nor the
+ *    names of its contributors may be used to endorse or promote products
+ *    derived from this software without specific prior written permission.
+ * 
+ * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS" AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED
+ * WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE
+ * DISCLAIMED. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY
+ * DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES
+ * (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
+ * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND
+ * ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
+ * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS
+ * SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
+ */
+
+#include "CHash_header.h"
+
+typedef struct {
+    CHashLink *buckets;
+    size_t num_buckets;
+} CHash;
+
+typedef struct {
+    CHashEntry *ptr;
+    CHashLink link;
+} CHashRef;
+
+static CHashLink CHashNullLink (void);
+static CHashRef CHashNullRef (void);
+static int CHashIsNullLink (CHashLink link);
+static int CHashIsNullRef (CHashRef ref);
+static CHashRef CHashDerefMayNull (CHashArg arg, CHashLink link);
+static CHashRef CHashDerefNonNull (CHashArg arg, CHashLink link);
+
+static int CHash_Init (CHash *o, size_t num_buckets);
+static void CHash_Free (CHash *o);
+static int CHash_Insert (CHash *o, CHashArg arg, CHashRef entry, CHashRef *out_existing);
+static void CHash_InsertMulti (CHash *o, CHashArg arg, CHashRef entry);
+static void CHash_Remove (CHash *o, CHashArg arg, CHashRef entry);
+static CHashRef CHash_Lookup (const CHash *o, CHashArg arg, CHashKey key);
+static CHashRef CHash_GetNextEqual (const CHash *o, CHashArg arg, CHashRef entry);
+static int CHash_MultiplyBuckets (CHash *o, CHashArg arg, int exp);
+static void CHash_Verify (const CHash *o, CHashArg arg);
+
+#include "CHash_footer.h"
diff --git a/client/3rd/PacketProcessor/PacketProcessor/tun2socks-iOS/structure/CHash_footer.h b/client/3rd/PacketProcessor/PacketProcessor/tun2socks-iOS/structure/CHash_footer.h
new file mode 100644
index 00000000..cb95dafd
--- /dev/null
+++ b/client/3rd/PacketProcessor/PacketProcessor/tun2socks-iOS/structure/CHash_footer.h
@@ -0,0 +1,74 @@
+/**
+ * @file CHash_footer.h
+ * @author Ambroz Bizjak <ambrop7@gmail.com>
+ * 
+ * @section LICENSE
+ * 
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions are met:
+ * 1. Redistributions of source code must retain the above copyright
+ *    notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in the
+ *    documentation and/or other materials provided with the distribution.
+ * 3. Neither the name of the author nor the
+ *    names of its contributors may be used to endorse or promote products
+ *    derived from this software without specific prior written permission.
+ * 
+ * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS" AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED
+ * WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE
+ * DISCLAIMED. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY
+ * DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES
+ * (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
+ * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND
+ * ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
+ * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS
+ * SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
+ */
+
+// preprocessor inputs
+#undef CHASH_PARAM_NAME
+#undef CHASH_PARAM_ENTRY
+#undef CHASH_PARAM_LINK
+#undef CHASH_PARAM_KEY
+#undef CHASH_PARAM_ARG
+#undef CHASH_PARAM_NULL
+#undef CHASH_PARAM_DEREF
+#undef CHASH_PARAM_ENTRYHASH
+#undef CHASH_PARAM_KEYHASH
+#undef CHASH_PARAM_ENTRYHASH_IS_CHEAP
+#undef CHASH_PARAM_COMPARE_ENTRIES
+#undef CHASH_PARAM_COMPARE_KEY_ENTRY
+#undef CHASH_PARAM_ENTRY_NEXT
+
+// types
+#undef CHash
+#undef CHashEntry
+#undef CHashLink
+#undef CHashRef
+#undef CHashArg
+#undef CHashKey
+
+// non-object public functions
+#undef CHashNullLink
+#undef CHashNullRef
+#undef CHashIsNullLink
+#undef CHashIsNullRef
+#undef CHashDerefMayNull
+#undef CHashDerefNonNull
+
+// public functions
+#undef CHash_Init
+#undef CHash_Free
+#undef CHash_Insert
+#undef CHash_InsertMulti
+#undef CHash_Remove
+#undef CHash_Lookup
+#undef CHash_GetNextEqual
+#undef CHash_MultiplyBuckets
+#undef CHash_Verify
+
+// private things
+#undef CHash_next
+#undef CHash_assert_valid_entry
diff --git a/client/3rd/PacketProcessor/PacketProcessor/tun2socks-iOS/structure/CHash_header.h b/client/3rd/PacketProcessor/PacketProcessor/tun2socks-iOS/structure/CHash_header.h
new file mode 100644
index 00000000..27800aca
--- /dev/null
+++ b/client/3rd/PacketProcessor/PacketProcessor/tun2socks-iOS/structure/CHash_header.h
@@ -0,0 +1,78 @@
+/**
+ * @file CHash_header.h
+ * @author Ambroz Bizjak <ambrop7@gmail.com>
+ * 
+ * @section LICENSE
+ * 
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions are met:
+ * 1. Redistributions of source code must retain the above copyright
+ *    notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in the
+ *    documentation and/or other materials provided with the distribution.
+ * 3. Neither the name of the author nor the
+ *    names of its contributors may be used to endorse or promote products
+ *    derived from this software without specific prior written permission.
+ * 
+ * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS" AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED
+ * WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE
+ * DISCLAIMED. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY
+ * DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES
+ * (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
+ * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND
+ * ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
+ * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS
+ * SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
+ */
+
+// Preprocessor inputs:
+// CHASH_PARAM_NAME - name of this data structure
+// CHASH_PARAM_ENTRY - type of entry
+// CHASH_PARAM_LINK - type of entry link (usually a pointer or index to an array)
+// CHASH_PARAM_KEY - type of key
+// CHASH_PARAM_ARG - type of argument pass through to comparisons
+// CHASH_PARAM_NULL - invalid link
+// CHASH_PARAM_DEREF(arg, link) - dereference a non-null link
+// CHASH_PARAM_ENTRYHASH(arg, entry) - hash function for entries; returns size_t
+// CHASH_PARAM_KEYHASH(arg, key) - hash function for keys; returns size_t
+// CHASH_PARAM_ENTRYHASH_IS_CHEAP - define to 1 if CHASH_PARAM_ENTRYHASH is cheap (e.g. hashes are precomputed)
+// CHASH_PARAM_COMPARE_ENTRIES(arg, entry1, entry2) - compares two entries; returns 1 for equality, 0 otherwise
+// CHASH_PARAM_COMPARE_KEY_ENTRY(arg, key1, entry2) - compares key and entry; returns 1 for equality, 0 otherwise
+// CHASH_PARAM_ENTRY_NEXT - next member in entry
+
+#ifndef BADVPN_CHASH_H
+#error CHash.h has not been included
+#endif
+
+// types
+#define CHash CHASH_PARAM_NAME
+#define CHashEntry CHASH_PARAM_ENTRY
+#define CHashLink CHASH_PARAM_LINK
+#define CHashRef MERGE(CHash, Ref)
+#define CHashArg CHASH_PARAM_ARG
+#define CHashKey CHASH_PARAM_KEY
+
+// non-object public functions
+#define CHashNullLink MERGE(CHash, NullLink)
+#define CHashNullRef MERGE(CHash, NullRef)
+#define CHashIsNullLink MERGE(CHash, IsNullLink)
+#define CHashIsNullRef MERGE(CHash, IsNullRef)
+#define CHashDerefMayNull MERGE(CHash, DerefMayNull)
+#define CHashDerefNonNull MERGE(CHash, DerefNonNull)
+
+// public functions
+#define CHash_Init MERGE(CHash, _Init)
+#define CHash_Free MERGE(CHash, _Free)
+#define CHash_Insert MERGE(CHash, _Insert)
+#define CHash_InsertMulti MERGE(CHash, _InsertMulti)
+#define CHash_Remove MERGE(CHash, _Remove)
+#define CHash_Lookup MERGE(CHash, _Lookup)
+#define CHash_GetNextEqual MERGE(CHash, _GetNextEqual)
+#define CHash_MultiplyBuckets MERGE(CHash, _MultiplyBuckets)
+#define CHash_Verify MERGE(CHash, _Verify)
+
+// private things
+#define CHash_next(entry) ((entry).ptr->CHASH_PARAM_ENTRY_NEXT)
+#define CHash_assert_valid_entry MERGE(CHash, _assert_valid_entry)
diff --git a/client/3rd/PacketProcessor/PacketProcessor/tun2socks-iOS/structure/CHash_impl.h b/client/3rd/PacketProcessor/PacketProcessor/tun2socks-iOS/structure/CHash_impl.h
new file mode 100644
index 00000000..0bded845
--- /dev/null
+++ b/client/3rd/PacketProcessor/PacketProcessor/tun2socks-iOS/structure/CHash_impl.h
@@ -0,0 +1,312 @@
+/**
+ * @file CHash_impl.h
+ * @author Ambroz Bizjak <ambrop7@gmail.com>
+ * 
+ * @section LICENSE
+ * 
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions are met:
+ * 1. Redistributions of source code must retain the above copyright
+ *    notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in the
+ *    documentation and/or other materials provided with the distribution.
+ * 3. Neither the name of the author nor the
+ *    names of its contributors may be used to endorse or promote products
+ *    derived from this software without specific prior written permission.
+ * 
+ * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS" AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED
+ * WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE
+ * DISCLAIMED. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY
+ * DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES
+ * (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
+ * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND
+ * ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
+ * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS
+ * SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
+ */
+
+#include "CHash_header.h"
+
+static void CHash_assert_valid_entry (CHashArg arg, CHashRef entry)
+{
+    ASSERT(entry.link != CHashNullLink())
+    ASSERT(entry.ptr == CHASH_PARAM_DEREF(arg, entry.link))
+}
+
+static CHashLink CHashNullLink (void)
+{
+    return CHASH_PARAM_NULL;
+}
+
+static CHashRef CHashNullRef (void)
+{
+    CHashRef entry = {NULL, CHashNullLink()};
+    return entry;
+}
+
+static int CHashIsNullLink (CHashLink link)
+{
+    return (link == CHashNullLink());
+}
+
+static int CHashIsNullRef (CHashRef ref)
+{
+    return CHashIsNullLink(ref.link);
+}
+
+static CHashRef CHashDerefMayNull (CHashArg arg, CHashLink link)
+{
+    if (link == CHashNullLink()) {
+        return CHashNullRef();
+    }
+    
+    CHashRef entry = {CHASH_PARAM_DEREF(arg, link), link};
+    ASSERT(entry.ptr)
+    
+    return entry;
+}
+
+static CHashRef CHashDerefNonNull (CHashArg arg, CHashLink link)
+{
+    ASSERT(link != CHashNullLink())
+    
+    CHashRef entry = {CHASH_PARAM_DEREF(arg, link), link};
+    ASSERT(entry.ptr)
+    
+    return entry;
+}
+
+static int CHash_Init (CHash *o, size_t num_buckets)
+{
+    if (num_buckets == 0) {
+        num_buckets = 1;
+    }
+    
+    o->num_buckets = num_buckets;
+    
+    o->buckets = (CHashLink *)BAllocArray(o->num_buckets, sizeof(o->buckets[0])); 
+    if (!o->buckets) {
+        return 0;
+    }
+    
+    for (size_t i = 0; i < o->num_buckets; i++) {
+        o->buckets[i] = CHashNullLink();
+    }
+    
+    return 1;
+}
+
+static void CHash_Free (CHash *o)
+{
+    BFree(o->buckets);
+}
+
+static int CHash_Insert (CHash *o, CHashArg arg, CHashRef entry, CHashRef *out_existing)
+{
+    CHash_assert_valid_entry(arg, entry);
+    
+    size_t index = CHASH_PARAM_ENTRYHASH(arg, entry) % o->num_buckets;
+    
+    CHashLink link = o->buckets[index];
+    while (link != CHashNullLink()) {
+        CHashRef cur = CHashDerefNonNull(arg, link);
+        if (CHASH_PARAM_COMPARE_ENTRIES(arg, cur, entry)) {
+            if (out_existing) {
+                *out_existing = cur;
+            }
+            return 0;
+        }
+        link = CHash_next(cur);
+    }
+    
+    CHash_next(entry) = o->buckets[index];
+    o->buckets[index] = entry.link;
+    
+    return 1;
+}
+
+static void CHash_InsertMulti (CHash *o, CHashArg arg, CHashRef entry)
+{
+    CHash_assert_valid_entry(arg, entry);
+    
+    size_t index = CHASH_PARAM_ENTRYHASH(arg, entry) % o->num_buckets;
+    
+    CHashRef prev = CHashNullRef();
+    CHashLink link = o->buckets[index];
+    while (link != CHashNullLink()) {
+        CHashRef cur = CHashDerefNonNull(arg, link);
+        if (CHASH_PARAM_COMPARE_ENTRIES(arg, cur, entry)) {
+            break;
+        }
+        prev = cur;
+        link = CHash_next(cur);
+    }
+    
+    if (link == CHashNullLink() || prev.link == CHashNullLink()) {
+        CHash_next(entry) = o->buckets[index];
+        o->buckets[index] = entry.link;
+    } else {
+        CHash_next(entry) = link;
+        CHash_next(prev) = entry.link;
+    }
+}
+
+static void CHash_Remove (CHash *o, CHashArg arg, CHashRef entry)
+{
+    CHash_assert_valid_entry(arg, entry);
+    
+    size_t index = CHASH_PARAM_ENTRYHASH(arg, entry) % o->num_buckets;
+    
+    CHashRef prev = CHashNullRef();
+    CHashLink link = o->buckets[index];
+    while (link != entry.link) {
+        CHashRef cur = CHashDerefNonNull(arg, link);
+        prev = cur;
+        link = CHash_next(cur);
+        ASSERT(link != CHashNullLink())
+    }
+    
+    if (prev.link == CHashNullLink()) {
+        o->buckets[index] = CHash_next(entry);
+    } else {
+        CHash_next(prev) = CHash_next(entry);
+    }
+}
+
+static CHashRef CHash_Lookup (const CHash *o, CHashArg arg, CHashKey key) 
+{
+    size_t hash = CHASH_PARAM_KEYHASH(arg, key);
+    size_t index = hash % o->num_buckets;
+    
+    CHashLink link = o->buckets[index];
+    while (link != CHashNullLink()) {
+        CHashRef cur = CHashDerefNonNull(arg, link);
+#if CHASH_PARAM_ENTRYHASH_IS_CHEAP
+        if (CHASH_PARAM_ENTRYHASH(arg, cur) == hash && CHASH_PARAM_COMPARE_KEY_ENTRY(arg, key, cur)) {
+#else
+        if (CHASH_PARAM_COMPARE_KEY_ENTRY(arg, key, cur)) {
+#endif
+            return cur;
+        }
+        link = CHash_next(cur);
+    }
+    
+    return CHashNullRef();
+}
+
+static CHashRef CHash_GetNextEqual (const CHash *o, CHashArg arg, CHashRef entry)
+{
+    CHash_assert_valid_entry(arg, entry);
+    
+    CHashLink next = CHash_next(entry);
+    
+    if (next == CHashNullLink()) {
+        return CHashNullRef();
+    }
+    
+    CHashRef next_ref = CHashDerefNonNull(arg, next);
+    if (!CHASH_PARAM_COMPARE_ENTRIES(arg, next_ref, entry)) {
+        return CHashNullRef();
+    }
+    
+    return next_ref;
+}
+
+static int CHash_MultiplyBuckets (CHash *o, CHashArg arg, int exp)
+{
+    ASSERT(exp > 0)
+    
+    size_t new_num_buckets = o->num_buckets;
+    while (exp-- > 0) {
+        if (new_num_buckets > SIZE_MAX / 2) {
+            return 0;
+        }
+        new_num_buckets *= 2;
+    }
+    
+    CHashLink *new_buckets = (CHashLink *)BReallocArray(o->buckets, new_num_buckets, sizeof(new_buckets[0]));
+    if (!new_buckets) {
+        return 0;
+    }
+    o->buckets = new_buckets;
+    
+    for (size_t i = o->num_buckets; i < new_num_buckets; i++) {
+        o->buckets[i] = CHashNullLink();
+    }
+    
+    for (size_t i = 0; i < o->num_buckets; i++) {
+        CHashRef prev = CHashNullRef();
+        CHashLink link = o->buckets[i];
+        
+        while (link != CHashNullLink()) {
+            CHashRef cur = CHashDerefNonNull(arg, link);
+            link = CHash_next(cur);
+            
+            size_t new_index = CHASH_PARAM_ENTRYHASH(arg, cur) % new_num_buckets;
+            if (new_index == i) {
+                prev = cur;
+                continue;
+            }
+            
+            if (CHashIsNullRef(prev)) {
+                o->buckets[i] = CHash_next(cur);
+            } else {
+                CHash_next(prev) = CHash_next(cur);
+            }
+            
+            CHash_next(cur) = o->buckets[new_index];
+            o->buckets[new_index] = cur.link;
+        }
+    }
+    
+    for (size_t i = o->num_buckets; i < new_num_buckets; i++) {
+        CHashLink new_bucket_link = CHashNullLink();
+        
+        CHashLink link = o->buckets[i];
+        while (link != CHashNullLink()) {
+            CHashRef cur = CHashDerefNonNull(arg, link);
+            link = CHash_next(cur);
+            
+            CHash_next(cur) = new_bucket_link;
+            new_bucket_link = cur.link;
+        }
+        
+        o->buckets[i] = new_bucket_link;
+    }
+    
+    o->num_buckets = new_num_buckets;
+    
+    return 1;
+}
+
+static void CHash_Verify (const CHash *o, CHashArg arg)
+{
+    ASSERT_FORCE(o->num_buckets > 0)
+    ASSERT_FORCE(o->buckets)
+    
+    for (size_t i = 0; i < o->num_buckets; i++) {
+        CHashRef cur = CHashDerefMayNull(arg, o->buckets[i]);
+        CHashRef same_first = cur;
+        
+        while (!CHashIsNullRef(cur)) {
+            size_t index = CHASH_PARAM_ENTRYHASH(arg, cur) % o->num_buckets;
+            ASSERT_FORCE(index == i)
+            
+            if (!CHASH_PARAM_COMPARE_ENTRIES(arg, cur, same_first)) {
+                same_first = cur;
+            }
+            
+            CHashRef ccur = CHashDerefNonNull(arg, o->buckets[i]);
+            while (ccur.link != same_first.link) {
+                ASSERT_FORCE(!CHASH_PARAM_COMPARE_ENTRIES(arg, ccur, cur))
+                ccur = CHashDerefMayNull(arg, CHash_next(ccur));
+            }
+            
+            cur = CHashDerefMayNull(arg, CHash_next(cur));
+        }
+    }
+}
+
+#include "CHash_footer.h"
diff --git a/client/3rd/PacketProcessor/PacketProcessor/tun2socks-iOS/structure/ChunkBuffer2.h b/client/3rd/PacketProcessor/PacketProcessor/tun2socks-iOS/structure/ChunkBuffer2.h
new file mode 100644
index 00000000..966fbef2
--- /dev/null
+++ b/client/3rd/PacketProcessor/PacketProcessor/tun2socks-iOS/structure/ChunkBuffer2.h
@@ -0,0 +1,317 @@
+/**
+ * @file ChunkBuffer2.h
+ * @author Ambroz Bizjak <ambrop7@gmail.com>
+ * 
+ * @section LICENSE
+ * 
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions are met:
+ * 1. Redistributions of source code must retain the above copyright
+ *    notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in the
+ *    documentation and/or other materials provided with the distribution.
+ * 3. Neither the name of the author nor the
+ *    names of its contributors may be used to endorse or promote products
+ *    derived from this software without specific prior written permission.
+ * 
+ * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS" AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED
+ * WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE
+ * DISCLAIMED. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY
+ * DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES
+ * (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
+ * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND
+ * ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
+ * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS
+ * SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
+ * 
+ * @section DESCRIPTION
+ * 
+ * Circular packet buffer
+ */
+
+#ifndef BADVPN_STRUCTURE_CHUNKBUFFER2_H
+#define BADVPN_STRUCTURE_CHUNKBUFFER2_H
+
+#include <stdint.h>
+#include <stdlib.h>
+#include <limits.h>
+
+#include "misc/balign.h"
+#include "misc/debug.h"
+
+#ifndef NDEBUG
+#define CHUNKBUFFER2_ASSERT_BUFFER(_buf) _ChunkBuffer2_assert_buffer(_buf);
+#define CHUNKBUFFER2_ASSERT_IO(_buf) _ChunkBuffer2_assert_io(_buf);
+#else
+#define CHUNKBUFFER2_ASSERT_BUFFER(_buf)
+#define CHUNKBUFFER2_ASSERT_IO(_buf)
+#endif
+
+struct ChunkBuffer2_block {
+    int len;
+};
+
+typedef struct {
+    struct ChunkBuffer2_block *buffer;
+    int size;
+    int wrap;
+    int start;
+    int used;
+    int mtu;
+    uint8_t *input_dest;
+    int input_avail;
+    uint8_t *output_dest;
+    int output_avail;
+} ChunkBuffer2;
+
+// calculates a buffer size needed to hold at least 'num' packets long at least 'chunk_len'
+static int ChunkBuffer2_calc_blocks (int chunk_len, int num);
+
+// initialize
+static void ChunkBuffer2_Init (ChunkBuffer2 *buf, struct ChunkBuffer2_block *buffer, int blocks, int mtu);
+
+// submit a packet written to the buffer
+static void ChunkBuffer2_SubmitPacket (ChunkBuffer2 *buf, int len);
+
+// remove the first packet
+static void ChunkBuffer2_ConsumePacket (ChunkBuffer2 *buf);
+
+static int _ChunkBuffer2_end (ChunkBuffer2 *buf)
+{
+    if (buf->used >= buf->wrap - buf->start) {
+        return (buf->used - (buf->wrap - buf->start));
+    } else {
+        return (buf->start + buf->used);
+    }
+}
+
+#ifndef NDEBUG
+
+static void _ChunkBuffer2_assert_buffer (ChunkBuffer2 *buf)
+{
+    ASSERT(buf->size > 0)
+    ASSERT(buf->wrap > 0)
+    ASSERT(buf->wrap <= buf->size)
+    ASSERT(buf->start >= 0)
+    ASSERT(buf->start < buf->wrap)
+    ASSERT(buf->used >= 0)
+    ASSERT(buf->used <= buf->wrap)
+    ASSERT(buf->wrap == buf->size || buf->used >= buf->wrap - buf->start)
+    ASSERT(buf->mtu >= 0)
+}
+
+static void _ChunkBuffer2_assert_io (ChunkBuffer2 *buf)
+{
+    // check input
+    
+    int end = _ChunkBuffer2_end(buf);
+    
+    if (buf->size - end - 1 < buf->mtu) {
+        // it will never be possible to write a MTU long packet here
+        ASSERT(!buf->input_dest)
+        ASSERT(buf->input_avail == -1)
+    } else {
+        // calculate number of free blocks
+        int free;
+        if (buf->used >= buf->wrap - buf->start) {
+            free = buf->start - end;
+        } else {
+            free = buf->size - end;
+        }
+        
+        if (free > 0) {
+            // got space at least for a header. More space will become available as packets are
+            // read from the buffer, up to MTU.
+            ASSERT(buf->input_dest == (uint8_t *)&buf->buffer[end + 1])
+            ASSERT(buf->input_avail == (free - 1) * sizeof(struct ChunkBuffer2_block))
+        } else {
+            // no space
+            ASSERT(!buf->input_dest)
+            ASSERT(buf->input_avail == -1)
+        }
+    }
+    
+    // check output
+    
+    if (buf->used > 0) {
+        int datalen = buf->buffer[buf->start].len;
+        ASSERT(datalen >= 0)
+        int blocklen = bdivide_up(datalen, sizeof(struct ChunkBuffer2_block));
+        ASSERT(blocklen <= buf->used - 1)
+        ASSERT(blocklen <= buf->wrap - buf->start - 1)
+        ASSERT(buf->output_dest == (uint8_t *)&buf->buffer[buf->start + 1])
+        ASSERT(buf->output_avail == datalen)
+    } else {
+        ASSERT(!buf->output_dest)
+        ASSERT(buf->output_avail == -1)
+    }
+}
+
+#endif
+
+static void _ChunkBuffer2_update_input (ChunkBuffer2 *buf)
+{
+    int end = _ChunkBuffer2_end(buf);
+    
+    if (buf->size - end - 1 < buf->mtu) {
+        // it will never be possible to write a MTU long packet here
+        buf->input_dest = NULL;
+        buf->input_avail = -1;
+        return;
+    }
+    
+    // calculate number of free blocks
+    int free;
+    if (buf->used >= buf->wrap - buf->start) {
+        free = buf->start - end;
+    } else {
+        free = buf->size - end;
+    }
+    
+    if (free > 0) {
+        // got space at least for a header. More space will become available as packets are
+        // read from the buffer, up to MTU.
+        buf->input_dest = (uint8_t *)&buf->buffer[end + 1];
+        buf->input_avail = (free - 1) * sizeof(struct ChunkBuffer2_block);
+    } else {
+        // no space
+        buf->input_dest = NULL;
+        buf->input_avail = -1;
+    }
+}
+
+static void _ChunkBuffer2_update_output (ChunkBuffer2 *buf)
+{
+    if (buf->used > 0) {
+        int datalen = buf->buffer[buf->start].len;
+        ASSERT(datalen >= 0)
+#ifndef NDEBUG
+        int blocklen = bdivide_up(datalen, sizeof(struct ChunkBuffer2_block));
+        ASSERT(blocklen <= buf->used - 1)
+        ASSERT(blocklen <= buf->wrap - buf->start - 1)
+#endif
+        buf->output_dest = (uint8_t *)&buf->buffer[buf->start + 1];
+        buf->output_avail = datalen;
+    } else {
+        buf->output_dest = NULL;
+        buf->output_avail = -1;
+    }
+}
+
+int ChunkBuffer2_calc_blocks (int chunk_len, int num)
+{
+    int chunk_data_blocks = bdivide_up(chunk_len, sizeof(struct ChunkBuffer2_block));
+    
+    if (chunk_data_blocks > INT_MAX - 1) {
+        return -1;
+    }
+    int chunk_blocks = 1 + chunk_data_blocks;
+    
+    if (num > INT_MAX - 1) {
+        return -1;
+    }
+    int num_chunks = num + 1;
+    
+    if (chunk_blocks > INT_MAX / num_chunks) {
+        return -1;
+    }
+    int blocks = chunk_blocks * num_chunks;
+    
+    return blocks;
+}
+
+void ChunkBuffer2_Init (ChunkBuffer2 *buf, struct ChunkBuffer2_block *buffer, int blocks, int mtu)
+{
+    ASSERT(blocks > 0)
+    ASSERT(mtu >= 0)
+    
+    buf->buffer = buffer;
+    buf->size = blocks;
+    buf->wrap = blocks;
+    buf->start = 0;
+    buf->used = 0;
+    buf->mtu = bdivide_up(mtu, sizeof(struct ChunkBuffer2_block));
+    
+    CHUNKBUFFER2_ASSERT_BUFFER(buf)
+    
+    _ChunkBuffer2_update_input(buf);
+    _ChunkBuffer2_update_output(buf);
+    
+    CHUNKBUFFER2_ASSERT_IO(buf)
+}
+
+void ChunkBuffer2_SubmitPacket (ChunkBuffer2 *buf, int len)
+{
+    ASSERT(buf->input_dest)
+    ASSERT(len >= 0)
+    ASSERT(len <= buf->input_avail)
+    
+    CHUNKBUFFER2_ASSERT_BUFFER(buf)
+    CHUNKBUFFER2_ASSERT_IO(buf)
+    
+    int end = _ChunkBuffer2_end(buf);
+    int blocklen = bdivide_up(len, sizeof(struct ChunkBuffer2_block));
+    
+    ASSERT(blocklen <= buf->size - end - 1)
+    ASSERT(buf->used < buf->wrap - buf->start || blocklen <= buf->start - end - 1)
+    
+    buf->buffer[end].len = len;
+    buf->used += 1 + blocklen;
+    
+    if (buf->used <= buf->wrap - buf->start && buf->mtu > buf->size - (end + 1 + blocklen) - 1) {
+        buf->wrap = end + 1 + blocklen;
+    }
+    
+    CHUNKBUFFER2_ASSERT_BUFFER(buf)
+    
+    // update input
+    _ChunkBuffer2_update_input(buf);
+    
+    // update output
+    if (buf->used == 1 + blocklen) {
+        _ChunkBuffer2_update_output(buf);
+    }
+    
+    CHUNKBUFFER2_ASSERT_IO(buf)
+}
+
+void ChunkBuffer2_ConsumePacket (ChunkBuffer2 *buf)
+{
+    ASSERT(buf->output_dest)
+    
+    CHUNKBUFFER2_ASSERT_BUFFER(buf)
+    CHUNKBUFFER2_ASSERT_IO(buf)
+    
+    ASSERT(1 <= buf->wrap - buf->start)
+    ASSERT(1 <= buf->used)
+    
+    int blocklen = bdivide_up(buf->buffer[buf->start].len, sizeof(struct ChunkBuffer2_block));
+    
+    ASSERT(blocklen <= buf->wrap - buf->start - 1)
+    ASSERT(blocklen <= buf->used - 1)
+    
+    int data_wrapped = (buf->used >= buf->wrap - buf->start);
+    
+    buf->start += 1 + blocklen;
+    buf->used -= 1 + blocklen;
+    if (buf->start == buf->wrap) {
+        buf->start = 0;
+        buf->wrap = buf->size;
+    }
+    
+    CHUNKBUFFER2_ASSERT_BUFFER(buf)
+    
+    // update input
+    if (data_wrapped) {
+        _ChunkBuffer2_update_input(buf);
+    }
+    
+    // update output
+    _ChunkBuffer2_update_output(buf);
+    
+    CHUNKBUFFER2_ASSERT_IO(buf)
+}
+
+#endif
diff --git a/client/3rd/PacketProcessor/PacketProcessor/tun2socks-iOS/structure/IndexedList.h b/client/3rd/PacketProcessor/PacketProcessor/tun2socks-iOS/structure/IndexedList.h
new file mode 100644
index 00000000..ca611e9b
--- /dev/null
+++ b/client/3rd/PacketProcessor/PacketProcessor/tun2socks-iOS/structure/IndexedList.h
@@ -0,0 +1,225 @@
+/**
+ * @file IndexedList.h
+ * @author Ambroz Bizjak <ambrop7@gmail.com>
+ * 
+ * @section LICENSE
+ * 
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions are met:
+ * 1. Redistributions of source code must retain the above copyright
+ *    notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in the
+ *    documentation and/or other materials provided with the distribution.
+ * 3. Neither the name of the author nor the
+ *    names of its contributors may be used to endorse or promote products
+ *    derived from this software without specific prior written permission.
+ * 
+ * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS" AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED
+ * WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE
+ * DISCLAIMED. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY
+ * DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES
+ * (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
+ * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND
+ * ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
+ * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS
+ * SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
+ * 
+ * @section DESCRIPTION
+ * 
+ * A data structure similar to a list, but with efficient index-based access.
+ */
+
+#ifndef BADVPN_INDEXEDLIST_H
+#define BADVPN_INDEXEDLIST_H
+
+#include <stddef.h>
+#include <stdint.h>
+
+#include <misc/offset.h>
+#include <misc/debug.h>
+#include <structure/CAvl.h>
+
+typedef struct IndexedList_s IndexedList;
+typedef struct IndexedListNode_s IndexedListNode;
+
+typedef IndexedListNode *IndexedList__tree_link;
+
+#include "IndexedList_tree.h"
+#include <structure/CAvl_decl.h>
+
+struct IndexedList_s {
+    IndexedList__Tree tree;
+};
+
+struct IndexedListNode_s {
+    IndexedListNode *tree_child[2];
+    IndexedListNode *tree_parent;
+    int8_t tree_balance;
+    uint64_t tree_count;
+};
+
+/**
+ * Initializes the indexed list.
+ * 
+ * @param o uninitialized list object to initialize
+ */
+static void IndexedList_Init (IndexedList *o);
+
+/**
+ * Inserts a node into the indexed list.
+ * 
+ * @param o indexed list to insert into
+ * @param node uninitialized node to insert
+ * @param index index to insert at (starting with zero). Any existing elements
+ *              at or after this index will be shifted forward, i.e. their
+ *              indices will be incremented by one. Must be <=count.
+ */
+static void IndexedList_InsertAt (IndexedList *o, IndexedListNode *node, uint64_t index);
+
+/**
+ * Removes a nove from the indexed list.
+ * 
+ * @param o indexed list to remove from
+ * @param node node in the list to remove
+ */
+static void IndexedList_Remove (IndexedList *o, IndexedListNode *node);
+
+/**
+ * Returns the number of nodes in the indexed list.
+ * 
+ * @param o indexed list
+ * @return number of nodes
+ */
+static uint64_t IndexedList_Count (IndexedList *o);
+
+/**
+ * Returns the index of a node in the indexed list.
+ * 
+ * @param o indexed list
+ * @param node node in the list to get index of
+ * @return index of the node
+ */
+static uint64_t IndexedList_IndexOf (IndexedList *o, IndexedListNode *node);
+
+/**
+ * Returns the node at the specified index in the indexed list.
+ * 
+ * @param o indexed list
+ * @param index index of the node to return. Must be < count.
+ * @return node at the specified index
+ */
+static IndexedListNode * IndexedList_GetAt (IndexedList *o, uint64_t index);
+
+/**
+ * Returns the first node, or NULL if the list is empty.
+ * 
+ * @param o indexed list
+ * @return first node, or NULL
+ */
+static IndexedListNode * IndexedList_GetFirst (IndexedList *o);
+
+/**
+ * Returns the last node, or NULL if the list is empty.
+ * 
+ * @param o indexed list
+ * @return last node, or NULL
+ */
+static IndexedListNode * IndexedList_GetLast (IndexedList *o);
+
+/**
+ * Returns the next node of a given node, or NULL this is the last node.
+ * 
+ * @param o indexed list
+ * @param node existing node
+ * @return next node, or NULL
+ */
+static IndexedListNode * IndexedList_GetNext (IndexedList *o, IndexedListNode *node);
+
+/**
+ * Returns the previous node of a given node, or NULL this is the first node.
+ * 
+ * @param o indexed list
+ * @param node existing node
+ * @return previous node, or NULL
+ */
+static IndexedListNode * IndexedList_GetPrev (IndexedList *o, IndexedListNode *node);
+
+#include "IndexedList_tree.h"
+#include <structure/CAvl_impl.h>
+
+static IndexedListNode * IndexedList__deref (IndexedList__TreeRef ref)
+{
+    return ref.link;
+}
+
+static void IndexedList_Init (IndexedList *o)
+{
+    IndexedList__Tree_Init(&o->tree);
+}
+
+static void IndexedList_InsertAt (IndexedList *o, IndexedListNode *node, uint64_t index)
+{
+    ASSERT(index <= IndexedList__Tree_Count(&o->tree, 0))
+    ASSERT(IndexedList__Tree_Count(&o->tree, 0) < UINT64_MAX - 1)
+    
+    uint64_t orig_count = IndexedList__Tree_Count(&o->tree, 0);
+    B_USE(orig_count)
+    
+    IndexedList__Tree_InsertAt(&o->tree, 0, IndexedList__TreeDeref(0, node), index);
+    
+    ASSERT(IndexedList__Tree_IndexOf(&o->tree, 0, IndexedList__TreeDeref(0, node)) == index)
+    ASSERT(IndexedList__Tree_Count(&o->tree, 0) == orig_count + 1)
+}
+
+static void IndexedList_Remove (IndexedList *o, IndexedListNode *node)
+{
+    IndexedList__Tree_Remove(&o->tree, 0, IndexedList__TreeDeref(0, node));
+}
+
+static uint64_t IndexedList_Count (IndexedList *o)
+{
+    return IndexedList__Tree_Count(&o->tree, 0);
+}
+
+static uint64_t IndexedList_IndexOf (IndexedList *o, IndexedListNode *node)
+{
+    return IndexedList__Tree_IndexOf(&o->tree, 0, IndexedList__TreeDeref(0, node));
+}
+
+static IndexedListNode * IndexedList_GetAt (IndexedList *o, uint64_t index)
+{
+    ASSERT(index < IndexedList__Tree_Count(&o->tree, 0))
+    
+    IndexedList__TreeRef ref = IndexedList__Tree_GetAt(&o->tree, 0, index);
+    ASSERT(!IndexedList__TreeIsNullRef(ref))
+    
+    return ref.ptr;
+}
+
+static IndexedListNode * IndexedList_GetFirst (IndexedList *o)
+{
+    return IndexedList__deref(IndexedList__Tree_GetFirst(&o->tree, 0));
+}
+
+static IndexedListNode * IndexedList_GetLast (IndexedList *o)
+{
+    return IndexedList__deref(IndexedList__Tree_GetLast(&o->tree, 0));
+}
+
+static IndexedListNode * IndexedList_GetNext (IndexedList *o, IndexedListNode *node)
+{
+    ASSERT(node)
+    
+    return IndexedList__deref(IndexedList__Tree_GetNext(&o->tree, 0, IndexedList__TreeDeref(0, node)));
+}
+
+static IndexedListNode * IndexedList_GetPrev (IndexedList *o, IndexedListNode *node)
+{
+    ASSERT(node)
+    
+    return IndexedList__deref(IndexedList__Tree_GetPrev(&o->tree, 0, IndexedList__TreeDeref(0, node)));
+}
+
+#endif
diff --git a/client/3rd/PacketProcessor/PacketProcessor/tun2socks-iOS/structure/IndexedList_tree.h b/client/3rd/PacketProcessor/PacketProcessor/tun2socks-iOS/structure/IndexedList_tree.h
new file mode 100644
index 00000000..130f00fd
--- /dev/null
+++ b/client/3rd/PacketProcessor/PacketProcessor/tun2socks-iOS/structure/IndexedList_tree.h
@@ -0,0 +1,15 @@
+#define CAVL_PARAM_NAME IndexedList__Tree
+#define CAVL_PARAM_FEATURE_COUNTS 1
+#define CAVL_PARAM_FEATURE_KEYS_ARE_INDICES 1
+#define CAVL_PARAM_FEATURE_NOKEYS 0
+#define CAVL_PARAM_TYPE_ENTRY IndexedListNode
+#define CAVL_PARAM_TYPE_LINK IndexedList__tree_link
+#define CAVL_PARAM_TYPE_ARG int
+#define CAVL_PARAM_TYPE_COUNT uint64_t
+#define CAVL_PARAM_VALUE_COUNT_MAX UINT64_MAX
+#define CAVL_PARAM_VALUE_NULL ((IndexedList__tree_link)NULL)
+#define CAVL_PARAM_FUN_DEREF(arg, link) (link)
+#define CAVL_PARAM_MEMBER_CHILD tree_child
+#define CAVL_PARAM_MEMBER_BALANCE tree_balance
+#define CAVL_PARAM_MEMBER_PARENT tree_parent
+#define CAVL_PARAM_MEMBER_COUNT tree_count
diff --git a/client/3rd/PacketProcessor/PacketProcessor/tun2socks-iOS/structure/LinkedList0.h b/client/3rd/PacketProcessor/PacketProcessor/tun2socks-iOS/structure/LinkedList0.h
new file mode 100644
index 00000000..feef4d7b
--- /dev/null
+++ b/client/3rd/PacketProcessor/PacketProcessor/tun2socks-iOS/structure/LinkedList0.h
@@ -0,0 +1,202 @@
+/**
+ * @file LinkedList0.h
+ * @author Ambroz Bizjak <ambrop7@gmail.com>
+ * 
+ * @section LICENSE
+ * 
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions are met:
+ * 1. Redistributions of source code must retain the above copyright
+ *    notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in the
+ *    documentation and/or other materials provided with the distribution.
+ * 3. Neither the name of the author nor the
+ *    names of its contributors may be used to endorse or promote products
+ *    derived from this software without specific prior written permission.
+ * 
+ * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS" AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED
+ * WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE
+ * DISCLAIMED. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY
+ * DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES
+ * (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
+ * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND
+ * ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
+ * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS
+ * SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
+ * 
+ * @section DESCRIPTION
+ * 
+ * Very simple doubly linked list, with only a 'first' pointer an no 'last'
+ * pointer.
+ */
+
+#ifndef BADVPN_STRUCTURE_LINKEDLIST0_H
+#define BADVPN_STRUCTURE_LINKEDLIST0_H
+
+#include <stddef.h>
+
+#include <misc/debug.h>
+
+/**
+ * Linked list node.
+ */
+typedef struct LinkedList0Node_t
+{
+    struct LinkedList0Node_t *p;
+    struct LinkedList0Node_t *n;
+} LinkedList0Node;
+
+/**
+ * Simple doubly linked list.
+ */
+typedef struct
+{
+    LinkedList0Node *first;
+} LinkedList0;
+
+/**
+ * Initializes the linked list.
+ * 
+ * @param list list to initialize
+ */
+static void LinkedList0_Init (LinkedList0 *list);
+
+/**
+ * Determines if the list is empty.
+ * 
+ * @param list the list
+ * @return 1 if empty, 0 if not
+ */
+static int LinkedList0_IsEmpty (LinkedList0 *list);
+
+/**
+ * Returns the first node of the list.
+ * 
+ * @param list the list
+ * @return first node of the list, or NULL if the list is empty
+ */
+static LinkedList0Node * LinkedList0_GetFirst (LinkedList0 *list);
+
+/**
+ * Inserts a node to the beginning of the list.
+ * 
+ * @param list the list
+ * @param node uninitialized node to insert
+ */
+static void LinkedList0_Prepend (LinkedList0 *list, LinkedList0Node *node);
+
+/**
+ * Inserts a node before a given node.
+ * 
+ * @param list the list
+ * @param node uninitialized node to insert
+ * @param target node in the list to insert before
+ */
+static void LinkedList0_InsertBefore (LinkedList0 *list, LinkedList0Node *node, LinkedList0Node *target);
+
+/**
+ * Inserts a node after a given node.
+ * 
+ * @param list the list
+ * @param node uninitialized node to insert
+ * @param target node in the list to insert after
+ */
+static void LinkedList0_InsertAfter (LinkedList0 *list, LinkedList0Node *node, LinkedList0Node *target);
+
+/**
+ * Removes a node from the list.
+ * 
+ * @param list the list
+ * @param node node to remove
+ */
+static void LinkedList0_Remove (LinkedList0 *list, LinkedList0Node *node);
+
+/**
+ * Returns the next node of a given node.
+ * 
+ * @param node reference node
+ * @return next node, or NULL if none
+ */
+static LinkedList0Node * LinkedList0Node_Next (LinkedList0Node *node);
+
+/**
+ * Returns the previous node of a given node.
+ * 
+ * @param node reference node
+ * @return previous node, or NULL if none
+ */
+static LinkedList0Node * LinkedList0Node_Prev (LinkedList0Node *node);
+
+void LinkedList0_Init (LinkedList0 *list)
+{
+    list->first = NULL;
+}
+
+int LinkedList0_IsEmpty (LinkedList0 *list)
+{
+    return (!list->first);
+}
+
+LinkedList0Node * LinkedList0_GetFirst (LinkedList0 *list)
+{
+    return (list->first);
+}
+
+void LinkedList0_Prepend (LinkedList0 *list, LinkedList0Node *node)
+{
+    node->p = NULL;
+    node->n = list->first;
+    if (list->first) {
+        list->first->p = node;
+    }
+    list->first = node;
+}
+
+void LinkedList0_InsertBefore (LinkedList0 *list, LinkedList0Node *node, LinkedList0Node *target)
+{
+    node->p = target->p;
+    node->n = target;
+    if (target->p) {
+        target->p->n = node;
+    } else {
+        list->first = node;
+    }
+    target->p = node;
+}
+
+void LinkedList0_InsertAfter (LinkedList0 *list, LinkedList0Node *node, LinkedList0Node *target)
+{
+    node->p = target;
+    node->n = target->n;
+    if (target->n) {
+        target->n->p = node;
+    }
+    target->n = node;
+}
+
+void LinkedList0_Remove (LinkedList0 *list, LinkedList0Node *node)
+{
+    // remove from list
+    if (node->p) {
+        node->p->n = node->n;
+    } else {
+        list->first = node->n;
+    }
+    if (node->n) {
+        node->n->p = node->p;
+    }
+}
+
+LinkedList0Node * LinkedList0Node_Next (LinkedList0Node *node)
+{
+    return node->n;
+}
+
+LinkedList0Node * LinkedList0Node_Prev (LinkedList0Node *node)
+{
+    return node->p;
+}
+
+#endif
diff --git a/client/3rd/PacketProcessor/PacketProcessor/tun2socks-iOS/structure/LinkedList1.h b/client/3rd/PacketProcessor/PacketProcessor/tun2socks-iOS/structure/LinkedList1.h
new file mode 100644
index 00000000..15ec2694
--- /dev/null
+++ b/client/3rd/PacketProcessor/PacketProcessor/tun2socks-iOS/structure/LinkedList1.h
@@ -0,0 +1,275 @@
+/**
+ * @file LinkedList1.h
+ * @author Ambroz Bizjak <ambrop7@gmail.com>
+ * 
+ * @section LICENSE
+ * 
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions are met:
+ * 1. Redistributions of source code must retain the above copyright
+ *    notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in the
+ *    documentation and/or other materials provided with the distribution.
+ * 3. Neither the name of the author nor the
+ *    names of its contributors may be used to endorse or promote products
+ *    derived from this software without specific prior written permission.
+ * 
+ * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS" AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED
+ * WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE
+ * DISCLAIMED. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY
+ * DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES
+ * (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
+ * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND
+ * ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
+ * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS
+ * SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
+ * 
+ * @section DESCRIPTION
+ * 
+ * Simple doubly linked list.
+ */
+
+#ifndef BADVPN_STRUCTURE_LINKEDLIST1_H
+#define BADVPN_STRUCTURE_LINKEDLIST1_H
+
+#include <stddef.h>
+
+#include "misc/debug.h"
+
+/**
+ * Linked list node.
+ */
+typedef struct LinkedList1Node_t
+{
+    struct LinkedList1Node_t *p;
+    struct LinkedList1Node_t *n;
+} LinkedList1Node;
+
+/**
+ * Simple doubly linked list.
+ */
+typedef struct
+{
+    LinkedList1Node *first;
+    LinkedList1Node *last;
+} LinkedList1;
+
+/**
+ * Initializes the linked list.
+ * 
+ * @param list list to initialize
+ */
+static void LinkedList1_Init (LinkedList1 *list);
+
+/**
+ * Determines if the list is empty.
+ * 
+ * @param list the list
+ * @return 1 if empty, 0 if not
+ */
+static int LinkedList1_IsEmpty (LinkedList1 *list);
+
+/**
+ * Returns the first node of the list.
+ * 
+ * @param list the list
+ * @return first node of the list, or NULL if the list is empty
+ */
+static LinkedList1Node * LinkedList1_GetFirst (LinkedList1 *list);
+
+/**
+ * Returns the last node of the list.
+ * 
+ * @param list the list
+ * @return last node of the list, or NULL if the list is empty
+ */
+static LinkedList1Node * LinkedList1_GetLast (LinkedList1 *list);
+
+/**
+ * Inserts a node to the beginning of the list.
+ * 
+ * @param list the list
+ * @param node uninitialized node to insert
+ */
+static void LinkedList1_Prepend (LinkedList1 *list, LinkedList1Node *node);
+
+/**
+ * Inserts a node to the end of the list.
+ * 
+ * @param list the list
+ * @param node uninitialized node to insert
+ */
+static void LinkedList1_Append (LinkedList1 *list, LinkedList1Node *node);
+
+/**
+ * Inserts a node before a given node.
+ * 
+ * @param list the list
+ * @param node uninitialized node to insert
+ * @param target node in the list to insert before
+ */
+static void LinkedList1_InsertBefore (LinkedList1 *list, LinkedList1Node *node, LinkedList1Node *target);
+
+/**
+ * Inserts a node after a given node.
+ * 
+ * @param list the list
+ * @param node uninitialized node to insert
+ * @param target node in the list to insert after
+ */
+static void LinkedList1_InsertAfter (LinkedList1 *list, LinkedList1Node *node, LinkedList1Node *target);
+
+/**
+ * Removes a node from the list.
+ * 
+ * @param list the list
+ * @param node node to remove
+ */
+static void LinkedList1_Remove (LinkedList1 *list, LinkedList1Node *node);
+
+/**
+ * Inserts the nodes in the list \a ins_list into this list, after the node \a target.
+ * If \a target is NULL, the nodes are inserted to the beginning.
+ * Note that because the first and last node in \a ins_list are modified
+ * (unless the list is empty), \a ins_list is invalidated and must no longer
+ * be used to access the inserted nodes.
+ */
+static void LinkedList1_InsertListAfter (LinkedList1 *list, LinkedList1 ins_list, LinkedList1Node *target);
+
+/**
+ * Returns the next node of a given node.
+ * 
+ * @param node reference node
+ * @return next node, or NULL if none
+ */
+static LinkedList1Node * LinkedList1Node_Next (LinkedList1Node *node);
+
+/**
+ * Returns the previous node of a given node.
+ * 
+ * @param node reference node
+ * @return previous node, or NULL if none
+ */
+static LinkedList1Node * LinkedList1Node_Prev (LinkedList1Node *node);
+
+void LinkedList1_Init (LinkedList1 *list)
+{
+    list->first = NULL;
+    list->last = NULL;
+}
+
+int LinkedList1_IsEmpty (LinkedList1 *list)
+{
+    return (list->first) == NULL;
+}
+
+LinkedList1Node * LinkedList1_GetFirst (LinkedList1 *list)
+{
+    return (list->first);
+}
+
+LinkedList1Node * LinkedList1_GetLast (LinkedList1 *list)
+{
+    return (list->last);
+}
+
+void LinkedList1_Prepend (LinkedList1 *list, LinkedList1Node *node)
+{
+    node->p = NULL;
+    node->n = list->first;
+    if (list->first) {
+        list->first->p = node;
+    } else {
+        list->last = node;
+    }
+    list->first = node;
+}
+
+void LinkedList1_Append (LinkedList1 *list, LinkedList1Node *node)
+{
+    node->p = list->last;
+    node->n = NULL;
+    if (list->last) {
+        list->last->n = node;
+    } else {
+        list->first = node;
+    }
+    list->last = node;
+}
+
+void LinkedList1_InsertBefore (LinkedList1 *list, LinkedList1Node *node, LinkedList1Node *target)
+{
+    node->p = target->p;
+    node->n = target;
+    if (target->p) {
+        target->p->n = node;
+    } else {
+        list->first = node;
+    }
+    target->p = node;
+}
+
+void LinkedList1_InsertAfter (LinkedList1 *list, LinkedList1Node *node, LinkedList1Node *target)
+{
+    node->p = target;
+    node->n = target->n;
+    if (target->n) {
+        target->n->p = node;
+    } else {
+        list->last = node;
+    }
+    target->n = node;
+}
+
+void LinkedList1_Remove (LinkedList1 *list, LinkedList1Node *node)
+{
+    // remove from list
+    if (node->p) {
+        node->p->n = node->n;
+    } else {
+        list->first = node->n;
+    }
+    if (node->n) {
+        node->n->p = node->p;
+    } else {
+        list->last = node->p;
+    }
+}
+
+void LinkedList1_InsertListAfter (LinkedList1 *list, LinkedList1 ins_list, LinkedList1Node *target)
+{
+    if (!ins_list.first) {
+        return;
+    }
+    
+    LinkedList1Node *t_next = (target ? target->n : list->first);
+    
+    ins_list.first->p = target;
+    ins_list.last->n = t_next;
+    
+    if (target) {
+        target->n = ins_list.first;
+    } else {
+        list->first = ins_list.first;
+    }
+    
+    if (t_next) {
+        t_next->p = ins_list.last;
+    } else {
+        list->last = ins_list.last;
+    }
+}
+
+LinkedList1Node * LinkedList1Node_Next (LinkedList1Node *node)
+{
+    return node->n;
+}
+
+LinkedList1Node * LinkedList1Node_Prev (LinkedList1Node *node)
+{
+    return node->p;
+}
+
+#endif
diff --git a/client/3rd/PacketProcessor/PacketProcessor/tun2socks-iOS/structure/LinkedList3.h b/client/3rd/PacketProcessor/PacketProcessor/tun2socks-iOS/structure/LinkedList3.h
new file mode 100644
index 00000000..8f54cdb5
--- /dev/null
+++ b/client/3rd/PacketProcessor/PacketProcessor/tun2socks-iOS/structure/LinkedList3.h
@@ -0,0 +1,362 @@
+/**
+ * @file LinkedList3.h
+ * @author Ambroz Bizjak <ambrop7@gmail.com>
+ * 
+ * @section LICENSE
+ * 
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions are met:
+ * 1. Redistributions of source code must retain the above copyright
+ *    notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in the
+ *    documentation and/or other materials provided with the distribution.
+ * 3. Neither the name of the author nor the
+ *    names of its contributors may be used to endorse or promote products
+ *    derived from this software without specific prior written permission.
+ * 
+ * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS" AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED
+ * WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE
+ * DISCLAIMED. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY
+ * DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES
+ * (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
+ * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND
+ * ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
+ * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS
+ * SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
+ * 
+ * @section DESCRIPTION
+ * 
+ * Doubly linked list that support multiple iterations and removing
+ * aritrary elements during iteration, without a central object to
+ * represent the list.
+ */
+
+#ifndef BADVPN_STRUCTURE_LINKEDLIST3_H
+#define BADVPN_STRUCTURE_LINKEDLIST3_H
+
+#include <stddef.h>
+#include <stdint.h>
+
+#include <misc/debug.h>
+
+struct _LinkedList3Iterator;
+
+/**
+ * Linked list node.
+ */
+typedef struct _LinkedList3Node {
+    struct _LinkedList3Node *p;
+    struct _LinkedList3Node *n;
+    struct _LinkedList3Iterator *it;
+} LinkedList3Node;
+
+/**
+ * Linked list iterator.
+ */
+typedef struct _LinkedList3Iterator {
+    int8_t dir;
+    struct _LinkedList3Node *e;
+    struct _LinkedList3Iterator *pi;
+    struct _LinkedList3Iterator *ni;
+} LinkedList3Iterator;
+
+/**
+ * Initializes a list node to form a new list consisting of a
+ * single node.
+ * 
+ * @param node list node structure to initialize. The node must remain
+ *        available until it is freed with {@link LinkedList3Node_Free},
+ *        or the list is no longer required.
+ */
+static void LinkedList3Node_InitLonely (LinkedList3Node *node);
+
+/**
+ * Initializes a list node to go after an existing node.
+ * 
+ * @param node list node structure to initialize. The node must remain
+ *        available until it is freed with {@link LinkedList3Node_Free},
+ *        or the list is no longer required.
+ * @param ref existing list node
+ */
+static void LinkedList3Node_InitAfter (LinkedList3Node *node, LinkedList3Node *ref);
+
+/**
+ * Initializes a list node to go before an existing node.
+ * 
+ * @param node list node structure to initialize. The node must remain
+ *        available until it is freed with {@link LinkedList3Node_Free},
+ *        or the list is no longer required.
+ * @param ref existing list node
+ */
+static void LinkedList3Node_InitBefore (LinkedList3Node *node, LinkedList3Node *ref);
+
+/**
+ * Frees a list node, removing it a list (if there were other nodes
+ * in the list).
+ * 
+ * @param node list node to free
+ */
+static void LinkedList3Node_Free (LinkedList3Node *node);
+
+/**
+ * Determines if a list node is a single node in a list.
+ * 
+ * @param node list node
+ * @return 1 if the node ia a single node, 0 if not
+ */
+static int LinkedList3Node_IsLonely (LinkedList3Node *node);
+
+/**
+ * Returnes the node preceding this node (if there is one),
+ * the node following this node (if there is one), or NULL,
+ * respectively.
+ * 
+ * @param node list node
+ * @return neighbour node or NULL if none
+ */
+static LinkedList3Node * LinkedList3Node_PrevOrNext (LinkedList3Node *node);
+
+/**
+ * Returnes the node following this node (if there is one),
+ * the node preceding this node (if there is one), or NULL,
+ * respectively.
+ * 
+ * @param node list node
+ * @return neighbour node or NULL if none
+ */
+static LinkedList3Node * LinkedList3Node_NextOrPrev (LinkedList3Node *node);
+
+/**
+ * Returns the node preceding this node, or NULL if there is none.
+ * 
+ * @param node list node
+ * @return left neighbour, or NULL if none
+ */
+static LinkedList3Node * LinkedList3Node_Prev (LinkedList3Node *node);
+
+/**
+ * Returns the node following this node, or NULL if there is none.
+ * 
+ * @param node list node
+ * @return right neighbour, or NULL if none
+ */
+static LinkedList3Node * LinkedList3Node_Next (LinkedList3Node *node);
+
+/**
+ * Returns the first node in the list which this node is part of.
+ * It is found by iterating the list from this node to the beginning.
+ * 
+ * @param node list node
+ * @return first node in the list
+ */
+static LinkedList3Node * LinkedList3Node_First (LinkedList3Node *node);
+
+/**
+ * Returns the last node in the list which this node is part of.
+ * It is found by iterating the list from this node to the end.
+ * 
+ * @param node list node
+ * @return last node in the list
+ */
+static LinkedList3Node * LinkedList3Node_Last (LinkedList3Node *node);
+
+/**
+ * Initializes a linked list iterator.
+ * The iterator structure must remain available until either of these occurs:
+ *   - the list is no longer needed, or
+ *   - the iterator is freed with {@link LinkedList3Iterator_Free}, or
+ *   - the iterator reaches the end of iteration.
+ * 
+ * @param it uninitialized iterator to initialize
+ * @param e initial position of the iterator. NULL for end of iteration.
+ * @param dir direction of iteration. Must be 1 (forward) or -1 (backward).
+ */
+static void LinkedList3Iterator_Init (LinkedList3Iterator *it, LinkedList3Node *e, int dir);
+
+/**
+ * Frees a linked list iterator.
+ * 
+ * @param it iterator to free
+ */
+static void LinkedList3Iterator_Free (LinkedList3Iterator *it);
+
+/**
+ * Moves the iterator one node forward or backward (depending on its direction), or,
+ * if it's at the last or first node (depending on the direction), it reaches
+ * the end of iteration, or, if it's at the end of iteration, it remains there.
+ * Returns the the previous position.
+ * 
+ * @param it the iterator
+ * @return node on the position of iterator before it was (possibly) moved, or NULL
+ *         if it was at the end of iteration
+ */
+static LinkedList3Node * LinkedList3Iterator_Next (LinkedList3Iterator *it);
+
+void LinkedList3Node_InitLonely (LinkedList3Node *node)
+{
+    node->p = NULL;
+    node->n = NULL;
+    node->it = NULL;
+}
+
+void LinkedList3Node_InitAfter (LinkedList3Node *node, LinkedList3Node *ref)
+{
+    ASSERT(ref)
+    
+    node->p = ref;
+    node->n = ref->n;
+    ref->n = node;
+    if (node->n) {
+        node->n->p = node;
+    }
+    node->it = NULL;
+}
+
+void LinkedList3Node_InitBefore (LinkedList3Node *node, LinkedList3Node *ref)
+{
+    ASSERT(ref)
+    
+    node->n = ref;
+    node->p = ref->p;
+    ref->p = node;
+    if (node->p) {
+        node->p->n = node;
+    }
+    node->it = NULL;
+}
+
+void LinkedList3Node_Free (LinkedList3Node *node)
+{
+    // jump iterators
+    while (node->it) {
+        LinkedList3Iterator_Next(node->it);
+    }
+    
+    if (node->p) {
+        node->p->n = node->n;
+    }
+    if (node->n) {
+        node->n->p = node->p;
+    }
+}
+
+int LinkedList3Node_IsLonely (LinkedList3Node *node)
+{
+    return (!node->p && !node->n);
+}
+
+LinkedList3Node * LinkedList3Node_PrevOrNext (LinkedList3Node *node)
+{
+    if (node->p) {
+        return node->p;
+    }
+    if (node->n) {
+        return node->n;
+    }
+    return NULL;
+}
+
+LinkedList3Node * LinkedList3Node_NextOrPrev (LinkedList3Node *node)
+{
+    if (node->n) {
+        return node->n;
+    }
+    if (node->p) {
+        return node->p;
+    }
+    return NULL;
+}
+
+LinkedList3Node * LinkedList3Node_Prev (LinkedList3Node *node)
+{
+    return node->p;
+}
+
+LinkedList3Node * LinkedList3Node_Next (LinkedList3Node *node)
+{
+    return node->n;
+}
+
+LinkedList3Node * LinkedList3Node_First (LinkedList3Node *node)
+{
+    while (node->p) {
+        node = node->p;
+    }
+    
+    return node;
+}
+
+LinkedList3Node * LinkedList3Node_Last (LinkedList3Node *node)
+{
+    while (node->n) {
+        node = node->n;
+    }
+    
+    return node;
+}
+
+void LinkedList3Iterator_Init (LinkedList3Iterator *it, LinkedList3Node *e, int dir)
+{
+    ASSERT(dir == -1 || dir == 1)
+    
+    it->dir = dir;
+    it->e = e;
+    
+    if (e) {
+        // link into node's iterator list
+        it->pi = NULL;
+        it->ni = e->it;
+        if (e->it) {
+            e->it->pi = it;
+        }
+        e->it = it;
+    }
+}
+
+void LinkedList3Iterator_Free (LinkedList3Iterator *it)
+{
+    if (it->e) {
+        // remove from node's iterator list
+        if (it->ni) {
+            it->ni->pi = it->pi;
+        }
+        if (it->pi) {
+            it->pi->ni = it->ni;
+        } else {
+            it->e->it = it->ni;
+        }
+    }
+}
+
+LinkedList3Node * LinkedList3Iterator_Next (LinkedList3Iterator *it)
+{
+    // remember original entry
+    LinkedList3Node *orig = it->e;
+    
+    // jump to next entry
+    if (it->e) {
+        // get next entry
+        LinkedList3Node *next = NULL; // to remove warning
+        switch (it->dir) {
+            case 1:
+                next = it->e->n;
+                break;
+            case -1:
+                next = it->e->p;
+                break;
+            default:
+                ASSERT(0);
+        }
+        // destroy interator
+        LinkedList3Iterator_Free(it);
+        // re-initialize at next entry
+        LinkedList3Iterator_Init(it, next, it->dir);
+    }
+    
+    // return original entry
+    return orig;
+}
+
+#endif
diff --git a/client/3rd/PacketProcessor/PacketProcessor/tun2socks-iOS/structure/SAvl.h b/client/3rd/PacketProcessor/PacketProcessor/tun2socks-iOS/structure/SAvl.h
new file mode 100644
index 00000000..36aa10ef
--- /dev/null
+++ b/client/3rd/PacketProcessor/PacketProcessor/tun2socks-iOS/structure/SAvl.h
@@ -0,0 +1,40 @@
+/**
+ * @file SAvl.h
+ * @author Ambroz Bizjak <ambrop7@gmail.com>
+ * 
+ * @section LICENSE
+ * 
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions are met:
+ * 1. Redistributions of source code must retain the above copyright
+ *    notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in the
+ *    documentation and/or other materials provided with the distribution.
+ * 3. Neither the name of the author nor the
+ *    names of its contributors may be used to endorse or promote products
+ *    derived from this software without specific prior written permission.
+ * 
+ * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS" AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED
+ * WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE
+ * DISCLAIMED. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY
+ * DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES
+ * (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
+ * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND
+ * ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
+ * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS
+ * SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
+ */
+
+#ifndef BADVPN_SAVL_H
+#define BADVPN_SAVL_H
+
+#include <stddef.h>
+#include <stdint.h>
+
+#include "structure/CAvl.h"
+#include "misc/merge.h"
+#include "misc/debug.h"
+
+#endif
diff --git a/client/3rd/PacketProcessor/PacketProcessor/tun2socks-iOS/structure/SAvl_decl.h b/client/3rd/PacketProcessor/PacketProcessor/tun2socks-iOS/structure/SAvl_decl.h
new file mode 100644
index 00000000..c1d9244d
--- /dev/null
+++ b/client/3rd/PacketProcessor/PacketProcessor/tun2socks-iOS/structure/SAvl_decl.h
@@ -0,0 +1,73 @@
+/**
+ * @file SAvl_decl.h
+ * @author Ambroz Bizjak <ambrop7@gmail.com>
+ * 
+ * @section LICENSE
+ * 
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions are met:
+ * 1. Redistributions of source code must retain the above copyright
+ *    notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in the
+ *    documentation and/or other materials provided with the distribution.
+ * 3. Neither the name of the author nor the
+ *    names of its contributors may be used to endorse or promote products
+ *    derived from this software without specific prior written permission.
+ * 
+ * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS" AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED
+ * WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE
+ * DISCLAIMED. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY
+ * DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES
+ * (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
+ * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND
+ * ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
+ * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS
+ * SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
+ */
+
+#include "SAvl_header.h"
+
+typedef SAvlEntry *SAvl__TreeLink;
+
+#include "SAvl_tree.h"
+#include "structure/CAvl_decl.h"
+
+typedef struct {
+    SAvl__Tree tree;
+} SAvl;
+
+typedef struct {
+    SAvlEntry *child[2];
+    SAvlEntry *parent;
+    int8_t balance;
+#if SAVL_PARAM_FEATURE_COUNTS
+    SAvlCount count;
+#endif
+} SAvlNode;
+
+static void SAvl_Init (SAvl *o);
+static int SAvl_Insert (SAvl *o, SAvlArg arg, SAvlEntry *entry, SAvlEntry **out_existing);
+static void SAvl_Remove (SAvl *o, SAvlArg arg, SAvlEntry *entry);
+#if !SAVL_PARAM_FEATURE_NOKEYS
+static SAvlEntry * SAvl_Lookup (const SAvl *o, SAvlArg arg, SAvlKey key);
+static SAvlEntry * SAvl_LookupExact (const SAvl *o, SAvlArg arg, SAvlKey key);
+static SAvlEntry * SAvl_GetFirstGreater (const SAvl *o, SAvlArg arg, SAvlKey key);
+static SAvlEntry * SAvl_GetLastLesser (const SAvl *o, SAvlArg arg, SAvlKey key);
+static SAvlEntry * SAvl_GetFirstGreaterEqual (const SAvl *o, SAvlArg arg, SAvlKey key);
+static SAvlEntry * SAvl_GetLastLesserEqual (const SAvl *o, SAvlArg arg, SAvlKey key);
+#endif
+static SAvlEntry * SAvl_GetFirst (const SAvl *o, SAvlArg arg);
+static SAvlEntry * SAvl_GetLast (const SAvl *o, SAvlArg arg);
+static SAvlEntry * SAvl_GetNext (const SAvl *o, SAvlArg arg, SAvlEntry *entry);
+static SAvlEntry * SAvl_GetPrev (const SAvl *o, SAvlArg arg, SAvlEntry *entry);
+static int SAvl_IsEmpty (const SAvl *o);
+static void SAvl_Verify (const SAvl *o, SAvlArg arg);
+#if SAVL_PARAM_FEATURE_COUNTS
+static SAvlCount SAvl_Count (const SAvl *o, SAvlArg arg);
+static SAvlCount SAvl_IndexOf (const SAvl *o, SAvlArg arg, SAvlEntry *entry);
+static SAvlEntry * SAvl_GetAt (const SAvl *o, SAvlArg arg, SAvlCount index);
+#endif
+
+#include "SAvl_footer.h"
diff --git a/client/3rd/PacketProcessor/PacketProcessor/tun2socks-iOS/structure/SAvl_footer.h b/client/3rd/PacketProcessor/PacketProcessor/tun2socks-iOS/structure/SAvl_footer.h
new file mode 100644
index 00000000..ad90e404
--- /dev/null
+++ b/client/3rd/PacketProcessor/PacketProcessor/tun2socks-iOS/structure/SAvl_footer.h
@@ -0,0 +1,89 @@
+/**
+ * @file SAvl_footer.h
+ * @author Ambroz Bizjak <ambrop7@gmail.com>
+ * 
+ * @section LICENSE
+ * 
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions are met:
+ * 1. Redistributions of source code must retain the above copyright
+ *    notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in the
+ *    documentation and/or other materials provided with the distribution.
+ * 3. Neither the name of the author nor the
+ *    names of its contributors may be used to endorse or promote products
+ *    derived from this software without specific prior written permission.
+ * 
+ * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS" AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED
+ * WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE
+ * DISCLAIMED. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY
+ * DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES
+ * (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
+ * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND
+ * ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
+ * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS
+ * SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
+ */
+
+#undef SAVL_PARAM_NAME
+#undef SAVL_PARAM_FEATURE_COUNTS
+#undef SAVL_PARAM_FEATURE_NOKEYS
+#undef SAVL_PARAM_TYPE_ENTRY
+#undef SAVL_PARAM_TYPE_KEY
+#undef SAVL_PARAM_TYPE_ARG
+#undef SAVL_PARAM_TYPE_COUNT
+#undef SAVL_PARAM_VALUE_COUNT_MAX
+#undef SAVL_PARAM_FUN_COMPARE_ENTRIES
+#undef SAVL_PARAM_FUN_COMPARE_KEY_ENTRY
+#undef SAVL_PARAM_MEMBER_NODE
+
+#undef SAvl
+#undef SAvlEntry
+#undef SAvlArg
+#undef SAvlKey
+#undef SAvlCount
+#undef SAvlNode
+
+#undef SAvl_Init
+#undef SAvl_Insert
+#undef SAvl_Remove
+#undef SAvl_Lookup
+#undef SAvl_LookupExact
+#undef SAvl_GetFirstGreater
+#undef SAvl_GetLastLesser
+#undef SAvl_GetFirstGreaterEqual
+#undef SAvl_GetLastLesserEqual
+#undef SAvl_GetFirst
+#undef SAvl_GetLast
+#undef SAvl_GetNext
+#undef SAvl_GetPrev
+#undef SAvl_IsEmpty
+#undef SAvl_Verify
+#undef SAvl_Count
+#undef SAvl_IndexOf
+#undef SAvl_GetAt
+
+#undef SAvl__Tree
+#undef SAvl__TreeRef
+#undef SAvl__TreeLink
+#undef SAvl__TreeDeref
+#undef SAvl__Tree_Init
+#undef SAvl__Tree_Insert
+#undef SAvl__Tree_Remove
+#undef SAvl__Tree_Lookup
+#undef SAvl__Tree_LookupExact
+#undef SAvl__Tree_GetFirstGreater
+#undef SAvl__Tree_GetLastLesser
+#undef SAvl__Tree_GetFirstGreaterEqual
+#undef SAvl__Tree_GetLastLesserEqual
+#undef SAvl__Tree_GetFirst
+#undef SAvl__Tree_GetLast
+#undef SAvl__Tree_GetNext
+#undef SAvl__Tree_GetPrev
+#undef SAvl__Tree_IsEmpty
+#undef SAvl__Tree_Verify
+#undef SAvl__Tree_Count
+#undef SAvl__Tree_IndexOf
+#undef SAvl__Tree_GetAt
diff --git a/client/3rd/PacketProcessor/PacketProcessor/tun2socks-iOS/structure/SAvl_header.h b/client/3rd/PacketProcessor/PacketProcessor/tun2socks-iOS/structure/SAvl_header.h
new file mode 100644
index 00000000..5d7d9b15
--- /dev/null
+++ b/client/3rd/PacketProcessor/PacketProcessor/tun2socks-iOS/structure/SAvl_header.h
@@ -0,0 +1,93 @@
+/**
+ * @file SAvl_header.h
+ * @author Ambroz Bizjak <ambrop7@gmail.com>
+ * 
+ * @section LICENSE
+ * 
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions are met:
+ * 1. Redistributions of source code must retain the above copyright
+ *    notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in the
+ *    documentation and/or other materials provided with the distribution.
+ * 3. Neither the name of the author nor the
+ *    names of its contributors may be used to endorse or promote products
+ *    derived from this software without specific prior written permission.
+ * 
+ * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS" AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED
+ * WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE
+ * DISCLAIMED. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY
+ * DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES
+ * (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
+ * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND
+ * ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
+ * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS
+ * SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
+ */
+
+// Preprocessor inputs. All types must be typedef names unless stated otherwise.
+// SAVL_PARAM_NAME - name of this data structure
+// SAVL_PARAM_FEATURE_COUNTS - whether to keep count information (0 or 1)
+// SAVL_PARAM_FEATURE_NOKEYS - define to 1 if there is no need for a lookup operation
+// SAVL_PARAM_TYPE_ENTRY - type of entry. This can also be a struct (e.g.: struct Foo).
+// SAVL_PARAM_TYPE_KEY - type of key (ignored if SAVL_PARAM_FEATURE_NOKEYS)
+// SAVL_PARAM_TYPE_ARG - type of argument pass through to callbacks
+// SAVL_PARAM_TYPE_COUNT - type of count (only if SAVL_PARAM_FEATURE_COUNTS)
+// SAVL_PARAM_VALUE_COUNT_MAX - maximum value of count (of type SAVL_PARAM_TYPE_COUNT) (only if SAVL_PARAM_FEATURE_COUNTS)
+// SAVL_PARAM_FUN_COMPARE_ENTRIES(arg, entry1, entry2) - compare two entries; returns -1/0/1
+// SAVL_PARAM_FUN_COMPARE_KEY_ENTRY(arg, key1, entry2) - compare key and entry; returns -1/0/1 (ignored if SAVL_PARAM_FEATURE_NOKEYS) 
+// SAVL_PARAM_MEMBER_NODE - node member in entry
+
+// types
+#define SAvl SAVL_PARAM_NAME
+#define SAvlEntry SAVL_PARAM_TYPE_ENTRY
+#define SAvlArg SAVL_PARAM_TYPE_ARG
+#define SAvlKey SAVL_PARAM_TYPE_KEY
+#define SAvlCount SAVL_PARAM_TYPE_COUNT
+#define SAvlNode MERGE(SAvl, Node)
+
+// public functions
+#define SAvl_Init MERGE(SAvl, _Init)
+#define SAvl_Insert MERGE(SAvl, _Insert)
+#define SAvl_Remove MERGE(SAvl, _Remove)
+#define SAvl_Lookup MERGE(SAvl, _Lookup)
+#define SAvl_LookupExact MERGE(SAvl, _LookupExact)
+#define SAvl_GetFirstGreater MERGE(SAvl, _GetFirstGreater)
+#define SAvl_GetLastLesser MERGE(SAvl, _GetLastLesser)
+#define SAvl_GetFirstGreaterEqual MERGE(SAvl, _GetFirstGreaterEqual)
+#define SAvl_GetLastLesserEqual MERGE(SAvl, _GetLastLesserEqual)
+#define SAvl_GetFirst MERGE(SAvl, _GetFirst)
+#define SAvl_GetLast MERGE(SAvl, _GetLast)
+#define SAvl_GetNext MERGE(SAvl, _GetNext)
+#define SAvl_GetPrev MERGE(SAvl, _GetPrev)
+#define SAvl_IsEmpty MERGE(SAvl, _IsEmpty)
+#define SAvl_Verify MERGE(SAvl, _Verify)
+#define SAvl_Count MERGE(SAvl, _Count)
+#define SAvl_IndexOf MERGE(SAvl, _IndexOf)
+#define SAvl_GetAt MERGE(SAvl, _GetAt)
+
+// internal stuff
+#define SAvl__Tree MERGE(SAvl, __Tree)
+#define SAvl__TreeRef MERGE(SAvl, __TreeRef)
+#define SAvl__TreeLink MERGE(SAvl, __TreeLink)
+#define SAvl__TreeDeref MERGE(SAvl, __TreeDeref)
+#define SAvl__Tree_Init MERGE(SAvl, __Tree_Init)
+#define SAvl__Tree_Insert MERGE(SAvl, __Tree_Insert)
+#define SAvl__Tree_Remove MERGE(SAvl, __Tree_Remove)
+#define SAvl__Tree_Lookup MERGE(SAvl, __Tree_Lookup)
+#define SAvl__Tree_LookupExact MERGE(SAvl, __Tree_LookupExact)
+#define SAvl__Tree_GetFirstGreater MERGE(SAvl, __Tree_GetFirstGreater)
+#define SAvl__Tree_GetLastLesser MERGE(SAvl, __Tree_GetLastLesser)
+#define SAvl__Tree_GetFirstGreaterEqual MERGE(SAvl, __Tree_GetFirstGreaterEqual)
+#define SAvl__Tree_GetLastLesserEqual MERGE(SAvl, __Tree_GetLastLesserEqual)
+#define SAvl__Tree_GetFirst MERGE(SAvl, __Tree_GetFirst)
+#define SAvl__Tree_GetLast MERGE(SAvl, __Tree_GetLast)
+#define SAvl__Tree_GetNext MERGE(SAvl, __Tree_GetNext)
+#define SAvl__Tree_GetPrev MERGE(SAvl, __Tree_GetPrev)
+#define SAvl__Tree_IsEmpty MERGE(SAvl, __Tree_IsEmpty)
+#define SAvl__Tree_Verify MERGE(SAvl, __Tree_Verify)
+#define SAvl__Tree_Count MERGE(SAvl, __Tree_Count)
+#define SAvl__Tree_IndexOf MERGE(SAvl, __Tree_IndexOf)
+#define SAvl__Tree_GetAt MERGE(SAvl, __Tree_GetAt)
diff --git a/client/3rd/PacketProcessor/PacketProcessor/tun2socks-iOS/structure/SAvl_impl.h b/client/3rd/PacketProcessor/PacketProcessor/tun2socks-iOS/structure/SAvl_impl.h
new file mode 100644
index 00000000..95fd65f2
--- /dev/null
+++ b/client/3rd/PacketProcessor/PacketProcessor/tun2socks-iOS/structure/SAvl_impl.h
@@ -0,0 +1,164 @@
+/**
+ * @file SAvl_impl.h
+ * @author Ambroz Bizjak <ambrop7@gmail.com>
+ * 
+ * @section LICENSE
+ * 
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions are met:
+ * 1. Redistributions of source code must retain the above copyright
+ *    notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in the
+ *    documentation and/or other materials provided with the distribution.
+ * 3. Neither the name of the author nor the
+ *    names of its contributors may be used to endorse or promote products
+ *    derived from this software without specific prior written permission.
+ * 
+ * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS" AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED
+ * WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE
+ * DISCLAIMED. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY
+ * DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES
+ * (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
+ * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND
+ * ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
+ * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS
+ * SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
+ */
+
+#include "SAvl_header.h"
+
+#include "SAvl_tree.h"
+#include "structure/CAvl_impl.h"
+
+static void SAvl_Init (SAvl *o)
+{
+    SAvl__Tree_Init(&o->tree);
+}
+
+static int SAvl_Insert (SAvl *o, SAvlArg arg, SAvlEntry *entry, SAvlEntry **out_existing)
+{
+    ASSERT(entry)
+#if SAVL_PARAM_FEATURE_COUNTS
+    ASSERT(SAvl_Count(o, arg) < SAVL_PARAM_VALUE_COUNT_MAX)
+#endif
+    
+    SAvl__TreeRef out_ref;
+    int res = SAvl__Tree_Insert(&o->tree, arg, SAvl__TreeDeref(arg, entry), &out_ref);
+    
+    if (out_existing) {
+        *out_existing = out_ref.link;
+    }
+    
+    return res;
+}
+
+static void SAvl_Remove (SAvl *o, SAvlArg arg, SAvlEntry *entry)
+{
+    ASSERT(entry)
+    
+    SAvl__Tree_Remove(&o->tree, arg, SAvl__TreeDeref(arg, entry));
+}
+
+#if !SAVL_PARAM_FEATURE_NOKEYS
+
+static SAvlEntry * SAvl_Lookup (const SAvl *o, SAvlArg arg, SAvlKey key)
+{
+    SAvl__TreeRef ref = SAvl__Tree_Lookup(&o->tree, arg, key);
+    return ref.link;
+}
+
+static SAvlEntry * SAvl_LookupExact (const SAvl *o, SAvlArg arg, SAvlKey key)
+{
+    SAvl__TreeRef ref = SAvl__Tree_LookupExact(&o->tree, arg, key);
+    return ref.link;
+}
+
+static SAvlEntry * SAvl_GetFirstGreater (const SAvl *o, SAvlArg arg, SAvlKey key)
+{
+    SAvl__TreeRef ref = SAvl__Tree_GetFirstGreater(&o->tree, arg, key);
+    return ref.link;
+}
+
+static SAvlEntry * SAvl_GetLastLesser (const SAvl *o, SAvlArg arg, SAvlKey key)
+{
+    SAvl__TreeRef ref = SAvl__Tree_GetLastLesser(&o->tree, arg, key);
+    return ref.link;
+}
+
+static SAvlEntry * SAvl_GetFirstGreaterEqual (const SAvl *o, SAvlArg arg, SAvlKey key)
+{
+    SAvl__TreeRef ref = SAvl__Tree_GetFirstGreaterEqual(&o->tree, arg, key);
+    return ref.link;
+}
+
+static SAvlEntry * SAvl_GetLastLesserEqual (const SAvl *o, SAvlArg arg, SAvlKey key)
+{
+    SAvl__TreeRef ref = SAvl__Tree_GetLastLesserEqual(&o->tree, arg, key);
+    return ref.link;
+}
+
+#endif
+
+static SAvlEntry * SAvl_GetFirst (const SAvl *o, SAvlArg arg)
+{
+    SAvl__TreeRef ref = SAvl__Tree_GetFirst(&o->tree, arg);
+    return ref.link;
+}
+
+static SAvlEntry * SAvl_GetLast (const SAvl *o, SAvlArg arg)
+{
+    SAvl__TreeRef ref = SAvl__Tree_GetLast(&o->tree, arg);
+    return ref.link;
+}
+
+static SAvlEntry * SAvl_GetNext (const SAvl *o, SAvlArg arg, SAvlEntry *entry)
+{
+    ASSERT(entry)
+    
+    SAvl__TreeRef ref = SAvl__Tree_GetNext(&o->tree, arg, SAvl__TreeDeref(arg, entry));
+    return ref.link;
+}
+
+static SAvlEntry * SAvl_GetPrev (const SAvl *o, SAvlArg arg, SAvlEntry *entry)
+{
+    ASSERT(entry)
+    
+    SAvl__TreeRef ref = SAvl__Tree_GetPrev(&o->tree, arg, SAvl__TreeDeref(arg, entry));
+    return ref.link;
+}
+
+static int SAvl_IsEmpty (const SAvl *o)
+{
+    return SAvl__Tree_IsEmpty(&o->tree);
+}
+
+static void SAvl_Verify (const SAvl *o, SAvlArg arg)
+{
+    return SAvl__Tree_Verify(&o->tree, arg);
+}
+
+#if SAVL_PARAM_FEATURE_COUNTS
+
+static SAvlCount SAvl_Count (const SAvl *o, SAvlArg arg)
+{
+    return SAvl__Tree_Count(&o->tree, arg);
+}
+
+static SAvlCount SAvl_IndexOf (const SAvl *o, SAvlArg arg, SAvlEntry *entry)
+{
+    ASSERT(entry)
+    
+    return SAvl__Tree_IndexOf(&o->tree, arg, SAvl__TreeDeref(arg, entry));
+}
+
+static SAvlEntry * SAvl_GetAt (const SAvl *o, SAvlArg arg, SAvlCount index)
+{
+    SAvl__TreeRef ref = SAvl__Tree_GetAt(&o->tree, arg, index);
+    return ref.link;
+}
+
+#endif
+
+#include "SAvl_footer.h"
diff --git a/client/3rd/PacketProcessor/PacketProcessor/tun2socks-iOS/structure/SAvl_tree.h b/client/3rd/PacketProcessor/PacketProcessor/tun2socks-iOS/structure/SAvl_tree.h
new file mode 100644
index 00000000..5e5b18bb
--- /dev/null
+++ b/client/3rd/PacketProcessor/PacketProcessor/tun2socks-iOS/structure/SAvl_tree.h
@@ -0,0 +1,18 @@
+#define CAVL_PARAM_NAME SAvl__Tree
+#define CAVL_PARAM_FEATURE_COUNTS SAVL_PARAM_FEATURE_COUNTS
+#define CAVL_PARAM_FEATURE_KEYS_ARE_INDICES 0
+#define CAVL_PARAM_FEATURE_NOKEYS SAVL_PARAM_FEATURE_NOKEYS
+#define CAVL_PARAM_TYPE_ENTRY SAvlEntry
+#define CAVL_PARAM_TYPE_LINK SAvl__TreeLink
+#define CAVL_PARAM_TYPE_KEY SAvlKey
+#define CAVL_PARAM_TYPE_ARG SAvlArg
+#define CAVL_PARAM_TYPE_COUNT SAvlCount
+#define CAVL_PARAM_VALUE_COUNT_MAX SAVL_PARAM_VALUE_COUNT_MAX
+#define CAVL_PARAM_VALUE_NULL ((SAvl__TreeLink)NULL)
+#define CAVL_PARAM_FUN_DEREF(arg, link) (link)
+#define CAVL_PARAM_FUN_COMPARE_ENTRIES(arg, entry1, entry2) SAVL_PARAM_FUN_COMPARE_ENTRIES((arg), (entry1).link, (entry2).link)
+#define CAVL_PARAM_FUN_COMPARE_KEY_ENTRY(arg, key1, entry2) SAVL_PARAM_FUN_COMPARE_KEY_ENTRY((arg), (key1), (entry2).link)
+#define CAVL_PARAM_MEMBER_CHILD SAVL_PARAM_MEMBER_NODE . child
+#define CAVL_PARAM_MEMBER_BALANCE SAVL_PARAM_MEMBER_NODE . balance
+#define CAVL_PARAM_MEMBER_PARENT SAVL_PARAM_MEMBER_NODE . parent
+#define CAVL_PARAM_MEMBER_COUNT SAVL_PARAM_MEMBER_NODE . count
diff --git a/client/3rd/PacketProcessor/PacketProcessor/tun2socks-iOS/structure/SLinkedList.h b/client/3rd/PacketProcessor/PacketProcessor/tun2socks-iOS/structure/SLinkedList.h
new file mode 100644
index 00000000..966a3de8
--- /dev/null
+++ b/client/3rd/PacketProcessor/PacketProcessor/tun2socks-iOS/structure/SLinkedList.h
@@ -0,0 +1,38 @@
+/**
+ * @file SLinkedList.h
+ * @author Ambroz Bizjak <ambrop7@gmail.com>
+ * 
+ * @section LICENSE
+ * 
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions are met:
+ * 1. Redistributions of source code must retain the above copyright
+ *    notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in the
+ *    documentation and/or other materials provided with the distribution.
+ * 3. Neither the name of the author nor the
+ *    names of its contributors may be used to endorse or promote products
+ *    derived from this software without specific prior written permission.
+ * 
+ * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS" AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED
+ * WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE
+ * DISCLAIMED. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY
+ * DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES
+ * (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
+ * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND
+ * ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
+ * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS
+ * SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
+ */
+
+#ifndef BADVPN_SLINKEDLIST_H
+#define BADVPN_SLINKEDLIST_H
+
+#include <stddef.h>
+
+#include "misc/merge.h"
+#include "misc/debug.h"
+
+#endif
diff --git a/client/3rd/PacketProcessor/PacketProcessor/tun2socks-iOS/structure/SLinkedList_decl.h b/client/3rd/PacketProcessor/PacketProcessor/tun2socks-iOS/structure/SLinkedList_decl.h
new file mode 100644
index 00000000..4a0ade48
--- /dev/null
+++ b/client/3rd/PacketProcessor/PacketProcessor/tun2socks-iOS/structure/SLinkedList_decl.h
@@ -0,0 +1,67 @@
+/**
+ * @file SLinkedList_decl.h
+ * @author Ambroz Bizjak <ambrop7@gmail.com>
+ * 
+ * @section LICENSE
+ * 
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions are met:
+ * 1. Redistributions of source code must retain the above copyright
+ *    notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in the
+ *    documentation and/or other materials provided with the distribution.
+ * 3. Neither the name of the author nor the
+ *    names of its contributors may be used to endorse or promote products
+ *    derived from this software without specific prior written permission.
+ * 
+ * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS" AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED
+ * WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE
+ * DISCLAIMED. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY
+ * DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES
+ * (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
+ * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND
+ * ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
+ * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS
+ * SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
+ */
+
+#include "SLinkedList_header.h"
+
+typedef struct {
+    SLinkedListEntry *first;
+#if SLINKEDLIST_PARAM_FEATURE_LAST
+    SLinkedListEntry *last;
+#endif
+} SLinkedList;
+
+typedef struct {
+    SLinkedListEntry *prev;
+    SLinkedListEntry *next;
+} SLinkedListNode;
+
+static void SLinkedListMarkRemoved (SLinkedListEntry *entry);
+static int SLinkedListIsRemoved (SLinkedListEntry *entry);
+
+static void SLinkedList_Init (SLinkedList *o);
+static SLinkedListEntry * SLinkedList_Next (SLinkedList *o, SLinkedListEntry *entry);
+static SLinkedListEntry * SLinkedList_Prev (SLinkedList *o, SLinkedListEntry *entry);
+static void SLinkedList_Prepend (SLinkedList *o, SLinkedListEntry *entry);
+#if SLINKEDLIST_PARAM_FEATURE_LAST
+static void SLinkedList_Append (SLinkedList *o, SLinkedListEntry *entry);
+#endif
+static void SLinkedList_InsertBefore (SLinkedList *o, SLinkedListEntry *entry, SLinkedListEntry *before_entry);
+static void SLinkedList_InsertAfter (SLinkedList *o, SLinkedListEntry *entry, SLinkedListEntry *after_entry);
+static void SLinkedList_Remove (SLinkedList *o, SLinkedListEntry *entry);
+static void SLinkedList_RemoveFirst (SLinkedList *o);
+#if SLINKEDLIST_PARAM_FEATURE_LAST
+static void SLinkedList_RemoveLast (SLinkedList *o);
+#endif
+static SLinkedListEntry * SLinkedList_First (const SLinkedList *o);
+#if SLINKEDLIST_PARAM_FEATURE_LAST
+static SLinkedListEntry * SLinkedList_Last (const SLinkedList *o);
+#endif
+static int SLinkedList_IsEmpty (const SLinkedList *o);
+
+#include "SLinkedList_footer.h"
diff --git a/client/3rd/PacketProcessor/PacketProcessor/tun2socks-iOS/structure/SLinkedList_footer.h b/client/3rd/PacketProcessor/PacketProcessor/tun2socks-iOS/structure/SLinkedList_footer.h
new file mode 100644
index 00000000..10ab1e32
--- /dev/null
+++ b/client/3rd/PacketProcessor/PacketProcessor/tun2socks-iOS/structure/SLinkedList_footer.h
@@ -0,0 +1,57 @@
+/**
+ * @file SLinkedList_footer.h
+ * @author Ambroz Bizjak <ambrop7@gmail.com>
+ * 
+ * @section LICENSE
+ * 
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions are met:
+ * 1. Redistributions of source code must retain the above copyright
+ *    notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in the
+ *    documentation and/or other materials provided with the distribution.
+ * 3. Neither the name of the author nor the
+ *    names of its contributors may be used to endorse or promote products
+ *    derived from this software without specific prior written permission.
+ * 
+ * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS" AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED
+ * WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE
+ * DISCLAIMED. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY
+ * DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES
+ * (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
+ * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND
+ * ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
+ * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS
+ * SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
+ */
+
+#undef SLINKEDLIST_PARAM_NAME
+#undef SLINKEDLIST_PARAM_FEATURE_LAST
+#undef SLINKEDLIST_PARAM_TYPE_ENTRY
+#undef SLINKEDLIST_PARAM_MEMBER_NODE
+
+#undef SLinkedList
+#undef SLinkedListEntry
+#undef SLinkedListNode
+
+#undef SLinkedListMarkRemoved
+#undef SLinkedListIsRemoved
+
+#undef SLinkedList_Init
+#undef SLinkedList_Next
+#undef SLinkedList_Prev
+#undef SLinkedList_Prepend
+#undef SLinkedList_Append
+#undef SLinkedList_InsertBefore
+#undef SLinkedList_InsertAfter
+#undef SLinkedList_Remove
+#undef SLinkedList_RemoveFirst
+#undef SLinkedList_RemoveLast
+#undef SLinkedList_First
+#undef SLinkedList_Last
+#undef SLinkedList_IsEmpty
+
+#undef SLinkedList_prev
+#undef SLinkedList_next
diff --git a/client/3rd/PacketProcessor/PacketProcessor/tun2socks-iOS/structure/SLinkedList_header.h b/client/3rd/PacketProcessor/PacketProcessor/tun2socks-iOS/structure/SLinkedList_header.h
new file mode 100644
index 00000000..4a0fd54a
--- /dev/null
+++ b/client/3rd/PacketProcessor/PacketProcessor/tun2socks-iOS/structure/SLinkedList_header.h
@@ -0,0 +1,62 @@
+/**
+ * @file SLinkedList_header.h
+ * @author Ambroz Bizjak <ambrop7@gmail.com>
+ * 
+ * @section LICENSE
+ * 
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions are met:
+ * 1. Redistributions of source code must retain the above copyright
+ *    notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in the
+ *    documentation and/or other materials provided with the distribution.
+ * 3. Neither the name of the author nor the
+ *    names of its contributors may be used to endorse or promote products
+ *    derived from this software without specific prior written permission.
+ * 
+ * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS" AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED
+ * WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE
+ * DISCLAIMED. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY
+ * DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES
+ * (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
+ * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND
+ * ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
+ * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS
+ * SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
+ */
+
+// Preprocessor inputs:
+// SLINKEDLIST_PARAM_NAME - name of this data structure
+// SLINKEDLIST_PARAM_FEATURE_LAST - whether to keep track of the last entry in the list (0/1)
+// SLINKEDLIST_PARAM_TYPE_ENTRY - type of entry
+// SLINKEDLIST_PARAM_MEMBER_NODE - name of the node member in entry
+
+// types
+#define SLinkedList SLINKEDLIST_PARAM_NAME
+#define SLinkedListEntry SLINKEDLIST_PARAM_TYPE_ENTRY
+#define SLinkedListNode MERGE(SLinkedList, Node)
+
+// non-object public functions
+#define SLinkedListMarkRemoved MERGE(SLinkedList, MarkRemoved)
+#define SLinkedListIsRemoved MERGE(SLinkedList, IsRemoved)
+
+// public functions
+#define SLinkedList_Init MERGE(SLinkedList, _Init)
+#define SLinkedList_Next MERGE(SLinkedList, _Next)
+#define SLinkedList_Prev MERGE(SLinkedList, _Prev)
+#define SLinkedList_Prepend MERGE(SLinkedList, _Prepend)
+#define SLinkedList_Append MERGE(SLinkedList, _Append)
+#define SLinkedList_InsertBefore MERGE(SLinkedList, _InsertBefore)
+#define SLinkedList_InsertAfter MERGE(SLinkedList, _InsertAfter)
+#define SLinkedList_Remove MERGE(SLinkedList, _Remove)
+#define SLinkedList_RemoveFirst MERGE(SLinkedList, _RemoveFirst)
+#define SLinkedList_RemoveLast MERGE(SLinkedList, _RemoveLast)
+#define SLinkedList_First MERGE(SLinkedList, _First)
+#define SLinkedList_Last MERGE(SLinkedList, _Last)
+#define SLinkedList_IsEmpty MERGE(SLinkedList, _IsEmpty)
+
+// private things
+#define SLinkedList_prev(entry) ((entry)->SLINKEDLIST_PARAM_MEMBER_NODE . prev)
+#define SLinkedList_next(entry) ((entry)->SLINKEDLIST_PARAM_MEMBER_NODE . next)
diff --git a/client/3rd/PacketProcessor/PacketProcessor/tun2socks-iOS/structure/SLinkedList_impl.h b/client/3rd/PacketProcessor/PacketProcessor/tun2socks-iOS/structure/SLinkedList_impl.h
new file mode 100644
index 00000000..1bbce9a5
--- /dev/null
+++ b/client/3rd/PacketProcessor/PacketProcessor/tun2socks-iOS/structure/SLinkedList_impl.h
@@ -0,0 +1,182 @@
+/**
+ * @file SLinkedList_impl.h
+ * @author Ambroz Bizjak <ambrop7@gmail.com>
+ * 
+ * @section LICENSE
+ * 
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions are met:
+ * 1. Redistributions of source code must retain the above copyright
+ *    notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in the
+ *    documentation and/or other materials provided with the distribution.
+ * 3. Neither the name of the author nor the
+ *    names of its contributors may be used to endorse or promote products
+ *    derived from this software without specific prior written permission.
+ * 
+ * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS" AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED
+ * WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE
+ * DISCLAIMED. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY
+ * DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES
+ * (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
+ * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND
+ * ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
+ * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS
+ * SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
+ */
+
+#include "SLinkedList_header.h"
+
+static void SLinkedListMarkRemoved (SLinkedListEntry *entry)
+{
+    ASSERT(entry)
+    
+    SLinkedList_next(entry) = entry;
+}
+
+static int SLinkedListIsRemoved (SLinkedListEntry *entry)
+{
+    ASSERT(entry)
+    
+    return (entry == SLinkedList_next(entry));
+}
+
+static void SLinkedList_Init (SLinkedList *o)
+{
+    o->first = NULL;
+}
+
+static SLinkedListEntry * SLinkedList_Next (SLinkedList *o, SLinkedListEntry *entry)
+{
+    ASSERT(entry)
+    
+    return SLinkedList_next(entry);
+}
+
+static SLinkedListEntry * SLinkedList_Prev (SLinkedList *o, SLinkedListEntry *entry)
+{
+    ASSERT(entry)
+    
+    return (entry == o->first) ? NULL : SLinkedList_prev(entry);
+}
+
+static void SLinkedList_Prepend (SLinkedList *o, SLinkedListEntry *entry)
+{
+    ASSERT(entry)
+
+    SLinkedList_next(entry) = o->first;
+    if (o->first) {
+        SLinkedList_prev(o->first) = entry;
+    } else {
+#if SLINKEDLIST_PARAM_FEATURE_LAST
+        o->last = entry;
+#endif
+    }
+    o->first = entry;
+}
+
+#if SLINKEDLIST_PARAM_FEATURE_LAST
+static void SLinkedList_Append (SLinkedList *o, SLinkedListEntry *entry)
+{
+    ASSERT(entry)
+
+    SLinkedList_next(entry) = NULL;
+    if (o->first) {
+        SLinkedList_prev(entry) = o->last;
+        SLinkedList_next(o->last) = entry;
+    } else {
+        o->first = entry;
+    }
+    o->last = entry;
+}
+#endif
+
+static void SLinkedList_InsertBefore (SLinkedList *o, SLinkedListEntry *entry, SLinkedListEntry *before_entry)
+{
+    ASSERT(entry)
+    ASSERT(before_entry)
+    
+    SLinkedList_next(entry) = before_entry;
+    if (before_entry != o->first) {
+        SLinkedList_prev(entry) = SLinkedList_prev(before_entry);
+        SLinkedList_next(SLinkedList_prev(before_entry)) = entry;
+    } else {
+        o->first = entry;
+    }
+    SLinkedList_prev(before_entry) = entry;
+}
+
+static void SLinkedList_InsertAfter (SLinkedList *o, SLinkedListEntry *entry, SLinkedListEntry *after_entry)
+{
+    ASSERT(entry)
+    ASSERT(after_entry)
+    
+    SLinkedList_next(entry) = SLinkedList_next(after_entry);
+    SLinkedList_prev(entry) = after_entry;
+    if (SLinkedList_next(after_entry)) {
+        SLinkedList_prev(SLinkedList_next(after_entry)) = entry;
+    } else {
+#if SLINKEDLIST_PARAM_FEATURE_LAST
+        o->last = entry;
+#endif
+    }
+    SLinkedList_next(after_entry) = entry;
+}
+
+static void SLinkedList_Remove (SLinkedList *o, SLinkedListEntry *entry)
+{
+    if (entry != o->first) {
+        SLinkedList_next(SLinkedList_prev(entry)) = SLinkedList_next(entry);
+        if (SLinkedList_next(entry)) {
+            SLinkedList_prev(SLinkedList_next(entry)) = SLinkedList_prev(entry);
+        } else {
+#if SLINKEDLIST_PARAM_FEATURE_LAST
+            o->last = SLinkedList_prev(entry);
+#endif
+        }
+    } else {
+        o->first = SLinkedList_next(entry);
+    }
+}
+
+static void SLinkedList_RemoveFirst (SLinkedList *o)
+{
+    ASSERT(o->first)
+    
+    o->first = SLinkedList_next(o->first);
+}
+
+#if SLINKEDLIST_PARAM_FEATURE_LAST
+static void SLinkedList_RemoveLast (SLinkedList *o)
+{
+    ASSERT(o->first)
+    
+    if (o->last == o->first) {
+        o->first = NULL;
+    } else {
+        SLinkedList_next(SLinkedList_prev(o->last)) = NULL;
+        o->last = SLinkedList_prev(o->last);
+    }
+}
+#endif
+
+static SLinkedListEntry * SLinkedList_First (const SLinkedList *o)
+{
+    return o->first;
+}
+
+#if SLINKEDLIST_PARAM_FEATURE_LAST
+static SLinkedListEntry * SLinkedList_Last (const SLinkedList *o)
+{
+    return (!o->first ? NULL : o->last);
+}
+#endif
+
+static int SLinkedList_IsEmpty (const SLinkedList *o)
+{
+    return !o->first;
+}
+
+#include "SLinkedList_footer.h"
diff --git a/client/3rd/PacketProcessor/PacketProcessor/tun2socks-iOS/structure/Vector.h b/client/3rd/PacketProcessor/PacketProcessor/tun2socks-iOS/structure/Vector.h
new file mode 100644
index 00000000..f173c28c
--- /dev/null
+++ b/client/3rd/PacketProcessor/PacketProcessor/tun2socks-iOS/structure/Vector.h
@@ -0,0 +1,36 @@
+/**
+ * @file Vector.h
+ * @author Ambroz Bizjak <ambrop7@gmail.com>
+ * 
+ * @section LICENSE
+ * 
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions are met:
+ * 1. Redistributions of source code must retain the above copyright
+ *    notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in the
+ *    documentation and/or other materials provided with the distribution.
+ * 3. Neither the name of the author nor the
+ *    names of its contributors may be used to endorse or promote products
+ *    derived from this software without specific prior written permission.
+ * 
+ * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS" AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED
+ * WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE
+ * DISCLAIMED. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY
+ * DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES
+ * (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
+ * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND
+ * ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
+ * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS
+ * SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
+ */
+
+#include <limits.h>
+#include <string.h>
+#include <stddef.h>
+
+#include <misc/debug.h>
+#include <misc/balloc.h>
+#include <misc/merge.h>
diff --git a/client/3rd/PacketProcessor/PacketProcessor/tun2socks-iOS/structure/Vector_decl.h b/client/3rd/PacketProcessor/PacketProcessor/tun2socks-iOS/structure/Vector_decl.h
new file mode 100644
index 00000000..8e36c9dd
--- /dev/null
+++ b/client/3rd/PacketProcessor/PacketProcessor/tun2socks-iOS/structure/Vector_decl.h
@@ -0,0 +1,46 @@
+/**
+ * @file Vector_decl.h
+ * @author Ambroz Bizjak <ambrop7@gmail.com>
+ * 
+ * @section LICENSE
+ * 
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions are met:
+ * 1. Redistributions of source code must retain the above copyright
+ *    notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in the
+ *    documentation and/or other materials provided with the distribution.
+ * 3. Neither the name of the author nor the
+ *    names of its contributors may be used to endorse or promote products
+ *    derived from this software without specific prior written permission.
+ * 
+ * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS" AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED
+ * WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE
+ * DISCLAIMED. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY
+ * DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES
+ * (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
+ * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND
+ * ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
+ * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS
+ * SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
+ */
+
+#include "Vector_header.h"
+
+typedef struct {
+    VectorElem *elems;
+    size_t capacity;
+    size_t count;
+} Vector;
+
+static int Vector_Init (Vector *o, size_t capacity) WARN_UNUSED;
+static void Vector_Free (Vector *o);
+static size_t Vector_Count (Vector *o);
+static VectorElem * Vector_Get (Vector *o, size_t index);
+static int Vector_Reserve (Vector *o, size_t capacity) WARN_UNUSED;
+static VectorElem * Vector_Push (Vector *o, size_t *out_index) WARN_UNUSED;
+static VectorElem * Vector_Pop (Vector *o, size_t *out_index);
+
+#include "Vector_footer.h"
diff --git a/client/3rd/PacketProcessor/PacketProcessor/tun2socks-iOS/structure/Vector_footer.h b/client/3rd/PacketProcessor/PacketProcessor/tun2socks-iOS/structure/Vector_footer.h
new file mode 100644
index 00000000..3e561d9a
--- /dev/null
+++ b/client/3rd/PacketProcessor/PacketProcessor/tun2socks-iOS/structure/Vector_footer.h
@@ -0,0 +1,41 @@
+/**
+ * @file Vector_footer.h
+ * @author Ambroz Bizjak <ambrop7@gmail.com>
+ * 
+ * @section LICENSE
+ * 
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions are met:
+ * 1. Redistributions of source code must retain the above copyright
+ *    notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in the
+ *    documentation and/or other materials provided with the distribution.
+ * 3. Neither the name of the author nor the
+ *    names of its contributors may be used to endorse or promote products
+ *    derived from this software without specific prior written permission.
+ * 
+ * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS" AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED
+ * WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE
+ * DISCLAIMED. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY
+ * DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES
+ * (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
+ * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND
+ * ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
+ * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS
+ * SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
+ */
+
+#undef VECTOR_NAME
+#undef VECTOR_ELEM_TYPE
+
+#undef Vector
+#undef VectorElem
+#undef Vector_Init
+#undef Vector_Free
+#undef Vector_Count
+#undef Vector_Get
+#undef Vector_Reserve
+#undef Vector_Push
+#undef Vector_Pop
diff --git a/client/3rd/PacketProcessor/PacketProcessor/tun2socks-iOS/structure/Vector_header.h b/client/3rd/PacketProcessor/PacketProcessor/tun2socks-iOS/structure/Vector_header.h
new file mode 100644
index 00000000..61be2294
--- /dev/null
+++ b/client/3rd/PacketProcessor/PacketProcessor/tun2socks-iOS/structure/Vector_header.h
@@ -0,0 +1,42 @@
+/**
+ * @file Vector_header.h
+ * @author Ambroz Bizjak <ambrop7@gmail.com>
+ * 
+ * @section LICENSE
+ * 
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions are met:
+ * 1. Redistributions of source code must retain the above copyright
+ *    notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in the
+ *    documentation and/or other materials provided with the distribution.
+ * 3. Neither the name of the author nor the
+ *    names of its contributors may be used to endorse or promote products
+ *    derived from this software without specific prior written permission.
+ * 
+ * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS" AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED
+ * WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE
+ * DISCLAIMED. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY
+ * DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES
+ * (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
+ * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND
+ * ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
+ * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS
+ * SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
+ */
+
+// Preprocessor inputs:
+// VECTOR_NAME - prefix of functions and types to be defined
+// VECTOR_ELEM_TYPE - type of vector elements
+
+#define Vector VECTOR_NAME
+#define VectorElem VECTOR_ELEM_TYPE
+#define Vector_Init MERGE(VECTOR_NAME, _Init)
+#define Vector_Free MERGE(VECTOR_NAME, _Free)
+#define Vector_Count MERGE(VECTOR_NAME, _Count)
+#define Vector_Get MERGE(VECTOR_NAME, _Get)
+#define Vector_Reserve MERGE(VECTOR_NAME, _Reserve)
+#define Vector_Push MERGE(VECTOR_NAME, _Push)
+#define Vector_Pop MERGE(VECTOR_NAME, _Pop)
diff --git a/client/3rd/PacketProcessor/PacketProcessor/tun2socks-iOS/structure/Vector_impl.h b/client/3rd/PacketProcessor/PacketProcessor/tun2socks-iOS/structure/Vector_impl.h
new file mode 100644
index 00000000..b71d515b
--- /dev/null
+++ b/client/3rd/PacketProcessor/PacketProcessor/tun2socks-iOS/structure/Vector_impl.h
@@ -0,0 +1,117 @@
+/**
+ * @file Vector_impl.h
+ * @author Ambroz Bizjak <ambrop7@gmail.com>
+ * 
+ * @section LICENSE
+ * 
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions are met:
+ * 1. Redistributions of source code must retain the above copyright
+ *    notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in the
+ *    documentation and/or other materials provided with the distribution.
+ * 3. Neither the name of the author nor the
+ *    names of its contributors may be used to endorse or promote products
+ *    derived from this software without specific prior written permission.
+ * 
+ * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS" AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED
+ * WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE
+ * DISCLAIMED. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY
+ * DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES
+ * (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
+ * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND
+ * ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
+ * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS
+ * SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
+ */
+
+#include "Vector_header.h"
+
+static int Vector_Init (Vector *o, size_t capacity)
+{
+    if (capacity == 0) {
+        o->elems = NULL;
+    } else {
+        o->elems = BAllocArray(capacity, sizeof(VectorElem));
+        if (!o->elems) {
+            return 0;
+        }
+    }
+    o->capacity = capacity;
+    o->count = 0;
+    return 1;
+}
+
+static void Vector_Free (Vector *o)
+{
+    BFree(o->elems);
+}
+
+static size_t Vector_Count (Vector *o)
+{
+    return o->count;
+}
+
+static VectorElem * Vector_Get (Vector *o, size_t index)
+{
+    ASSERT(index < o->capacity)
+    
+    return &o->elems[index];
+}
+
+static int Vector_Reserve (Vector *o, size_t capacity)
+{
+    if (capacity > o->capacity) {
+        size_t new_capacity = o->capacity;
+        do {
+            if (new_capacity > SIZE_MAX / 2) {
+                return 0;
+            }
+            new_capacity = (new_capacity == 0) ? 1 : (2 * new_capacity);
+        } while (capacity > new_capacity);
+        
+        VectorElem *new_elems = BAllocArray(new_capacity, sizeof(VectorElem));
+        if (!new_elems) {
+            return 0;
+        }
+        
+        if (o->count > 0) {
+            memcpy(new_elems, o->elems, o->count * sizeof(VectorElem));
+        }
+        
+        BFree(o->elems);
+        
+        o->elems = new_elems;
+        o->capacity = new_capacity;
+    }
+    
+    return 1;
+}
+
+static VectorElem * Vector_Push (Vector *o, size_t *out_index)
+{
+    if (o->count == SIZE_MAX || !Vector_Reserve(o, o->count + 1)) {
+        return NULL;
+    }
+    if (out_index) {
+        *out_index = o->count;
+    }
+    VectorElem *ptr = &o->elems[o->count];
+    o->count++;
+    return ptr;
+}
+
+static VectorElem * Vector_Pop (Vector *o, size_t *out_index)
+{
+    ASSERT(o->count > 0)
+    
+    o->count--;
+    if (out_index) {
+        *out_index = o->count;
+    }
+    return &o->elems[o->count];
+}
+
+#include "Vector_footer.h"
diff --git a/client/3rd/PacketProcessor/PacketProcessor/tun2socks-iOS/system/BAddr.h b/client/3rd/PacketProcessor/PacketProcessor/tun2socks-iOS/system/BAddr.h
new file mode 100644
index 00000000..c43ec3b4
--- /dev/null
+++ b/client/3rd/PacketProcessor/PacketProcessor/tun2socks-iOS/system/BAddr.h
@@ -0,0 +1,808 @@
+/**
+ * @file BAddr.h
+ * @author Ambroz Bizjak <ambrop7@gmail.com>
+ * 
+ * @section LICENSE
+ * 
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions are met:
+ * 1. Redistributions of source code must retain the above copyright
+ *    notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in the
+ *    documentation and/or other materials provided with the distribution.
+ * 3. Neither the name of the author nor the
+ *    names of its contributors may be used to endorse or promote products
+ *    derived from this software without specific prior written permission.
+ * 
+ * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS" AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED
+ * WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE
+ * DISCLAIMED. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY
+ * DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES
+ * (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
+ * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND
+ * ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
+ * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS
+ * SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
+ * 
+ * @section DESCRIPTION
+ * 
+ * Network address abstractions.
+ */
+
+#ifndef BADVPN_SYSTEM_BADDR_H
+#define BADVPN_SYSTEM_BADDR_H
+
+#include <stdint.h>
+#include <limits.h>
+#include <stdlib.h>
+#include <string.h>
+#include <stdio.h>
+
+#ifdef BADVPN_USE_WINAPI
+#include <ws2tcpip.h>
+#else
+#include <sys/types.h>
+#include <sys/socket.h>
+#include <netdb.h>
+#include <netinet/in.h>
+#endif
+
+#include "misc/byteorder.h"
+#include "misc/debug.h"
+#include "misc/print_macros.h"
+#include "misc/read_write_int.h"
+#include "misc/compare.h"
+
+#define BADDR_TYPE_NONE 0
+#define BADDR_TYPE_IPV4 1
+#define BADDR_TYPE_IPV6 2
+#ifdef BADVPN_LINUX
+    #define BADDR_TYPE_PACKET 5
+#endif
+
+#define BADDR_MAX_ADDR_LEN 128
+
+#define BIPADDR_MAX_PRINT_LEN 40
+#define BADDR_MAX_PRINT_LEN 120
+
+#define BADDR_PACKET_HEADER_TYPE_ETHERNET 1
+
+#define BADDR_PACKET_PACKET_TYPE_HOST 1
+#define BADDR_PACKET_PACKET_TYPE_BROADCAST 2
+#define BADDR_PACKET_PACKET_TYPE_MULTICAST 3
+#define BADDR_PACKET_PACKET_TYPE_OTHERHOST 4
+#define BADDR_PACKET_PACKET_TYPE_OUTGOING 5
+
+typedef struct {
+    int type;
+    union {
+        uint32_t ipv4;
+        uint8_t ipv6[16];
+    };
+} BIPAddr;
+
+static void BIPAddr_InitInvalid (BIPAddr *addr);
+
+static void BIPAddr_InitIPv4 (BIPAddr *addr, uint32_t ip);
+
+static void BIPAddr_InitIPv6 (BIPAddr *addr, uint8_t *ip);
+
+static void BIPAddr_Assert (BIPAddr *addr);
+
+static int BIPAddr_IsInvalid (BIPAddr *addr);
+
+static int BIPAddr_Resolve (BIPAddr *addr, char *str, int noresolve) WARN_UNUSED;
+
+static int BIPAddr_Compare (BIPAddr *addr1, BIPAddr *addr2);
+
+/**
+ * Converts an IP address to human readable form.
+ *
+ * @param addr IP address to convert
+ * @param out destination buffer. Must be at least BIPADDR_MAX_PRINT_LEN characters long.
+ */
+static void BIPAddr_Print (BIPAddr *addr, char *out);
+
+/**
+ * Socket address - IP address and transport protocol port number
+ */
+typedef struct {
+    int type;
+    union {
+        struct {
+            uint32_t ip;
+            uint16_t port;
+        } ipv4;
+        struct {
+            uint8_t ip[16];
+            uint16_t port;
+        } ipv6;
+        struct {
+            uint16_t phys_proto;
+            int interface_index;
+            int header_type;
+            int packet_type;
+            uint8_t phys_addr[8];
+        } packet;
+    };
+} BAddr;
+
+/**
+ * Makes an invalid address.
+ */
+static BAddr BAddr_MakeNone (void);
+
+/**
+ * Makes an IPv4 address.
+ *
+ * @param ip IP address in network byte order
+ * @param port port number in network byte order
+ */
+static BAddr BAddr_MakeIPv4 (uint32_t ip, uint16_t port);
+
+/**
+ * Makes an IPv6 address.
+ *
+ * @param ip IP address (16 bytes)
+ * @param port port number in network byte order
+ */
+static BAddr BAddr_MakeIPv6 (const uint8_t *ip, uint16_t port);
+
+/**
+ * Makes an address from a BIPAddr and port number.
+ *
+ * @param ipaddr the BIPAddr
+ * @param port port number in network byte order
+ */
+static BAddr BAddr_MakeFromIpaddrAndPort (BIPAddr ipaddr, uint16_t port);
+
+/**
+ * Deprecated, use BAddr_MakeNone.
+ */
+static void BAddr_InitNone (BAddr *addr);
+
+/**
+ * Deprecated, use BAddr_MakeIPv4.
+ */
+static void BAddr_InitIPv4 (BAddr *addr, uint32_t ip, uint16_t port);
+
+/**
+ * Deprecated, use BAddr_MakeIPv6.
+ */
+static void BAddr_InitIPv6 (BAddr *addr, uint8_t *ip, uint16_t port);
+
+/**
+ * Deprecated, use BAddr_MakeFromIpaddrAndPort.
+ */
+static void BAddr_InitFromIpaddrAndPort (BAddr *addr, BIPAddr ipaddr, uint16_t port);
+
+/**
+ * Initializes a packet socket (data link layer) address.
+ * Only Ethernet addresses are supported.
+ * 
+ * @param addr the object
+ * @param phys_proto identifier for the upper protocol, network byte order (EtherType)
+ * @param interface_index network interface index
+ * @param header_type data link layer header type. Must be BADDR_PACKET_HEADER_TYPE_ETHERNET.
+ * @param packet_type the manner in which packets are sent/received. Must be one of
+ *   BADDR_PACKET_PACKET_TYPE_HOST, BADDR_PACKET_PACKET_TYPE_BROADCAST,
+ *   BADDR_PACKET_PACKET_TYPE_MULTICAST, BADDR_PACKET_PACKET_TYPE_OTHERHOST,
+ *   BADDR_PACKET_PACKET_TYPE_OUTGOING.
+ * @param phys_addr data link layer address (MAC address)
+ */
+static void BAddr_InitPacket (BAddr *addr, uint16_t phys_proto, int interface_index, int header_type, int packet_type, uint8_t *phys_addr);
+
+/**
+ * Does nothing.
+ *
+ * @param addr the object
+ */
+static void BAddr_Assert (BAddr *addr);
+
+/**
+ * Determines whether the address is an invalid address.
+ *
+ * @param addr the object
+ * @return 1 if invalid, 0 if invalid
+ **/
+static int BAddr_IsInvalid (BAddr *addr);
+
+/**
+ * Returns the port number in the address.
+ *
+ * @param addr the object
+ *             Must be an IPv4 or IPv6 address.
+ * @return port number, in network byte order
+ */
+static uint16_t BAddr_GetPort (BAddr *addr);
+
+/**
+ * Returns the IP address in the address.
+ *
+ * @param addr the object
+ * @param ipaddr IP address will be returned here. If \a addr is not
+ *               an IPv4 or IPv6 address, an invalid address will be
+ *               returned.
+ */
+static void BAddr_GetIPAddr (BAddr *addr, BIPAddr *ipaddr);
+
+/**
+ * Sets the port number in the address.
+ *
+ * @param addr the object
+ *             Must be an IPv4 or IPv6 address.
+ * @param port port number, in network byte order
+ */
+static void BAddr_SetPort (BAddr *addr, uint16_t port);
+
+/**
+ * Converts an IP address to human readable form.
+ *
+ * @param addr address to convert
+ * @param out destination buffer. Must be at least BADDR_MAX_PRINT_LEN characters long.
+ */
+static void BAddr_Print (BAddr *addr, char *out);
+
+/**
+ * Resolves an address string.
+ * Format is "addr:port" for IPv4, "[addr]:port" for IPv6.
+ * addr is be a numeric address or a name.
+ * port is a numeric port number.
+ *
+ * @param addr output address
+ * @param name if not NULL, the name portion of the address will be
+ *             stored here
+ * @param name_len if name is not NULL, the size of the name buffer
+ * @param noresolve only accept numeric addresses. Avoids blocking the caller.
+ * @return 1 on success, 0 on parse error
+ */
+static int BAddr_Parse2 (BAddr *addr, char *str, char *name, int name_len, int noresolve) WARN_UNUSED;
+
+/**
+ * Resolves an address string.
+ * IPv4 input format is "a.b.c.d:p", where a.b.c.d is the IP address
+ * and d is the port number.
+ * IPv6 input format is "[addr]:p", where addr is an IPv6 addres in
+ * standard notation and p is the port number.
+ *
+ * @param addr output address
+ * @param name if not NULL, the name portion of the address will be
+ *             stored here
+ * @param name_len if name is not NULL, the size of the name buffer
+ * @return 1 on success, 0 on parse error
+ */
+static int BAddr_Parse (BAddr *addr, char *str, char *name, int name_len) WARN_UNUSED;
+
+static int BAddr_Compare (BAddr *addr1, BAddr *addr2);
+
+static int BAddr_CompareOrder (BAddr *addr1, BAddr *addr2);
+
+void BIPAddr_InitInvalid (BIPAddr *addr)
+{
+    addr->type = BADDR_TYPE_NONE;
+}
+
+void BIPAddr_InitIPv4 (BIPAddr *addr, uint32_t ip)
+{
+    addr->type = BADDR_TYPE_IPV4;
+    addr->ipv4 = ip;
+}
+
+void BIPAddr_InitIPv6 (BIPAddr *addr, uint8_t *ip)
+{
+    addr->type = BADDR_TYPE_IPV6;
+    memcpy(addr->ipv6, ip, 16);
+}
+
+void BIPAddr_Assert (BIPAddr *addr)
+{
+    switch (addr->type) {
+        case BADDR_TYPE_NONE:
+        case BADDR_TYPE_IPV4:
+        case BADDR_TYPE_IPV6:
+            return;
+        default:
+            ASSERT(0);
+    }
+}
+
+int BIPAddr_IsInvalid (BIPAddr *addr)
+{
+    BIPAddr_Assert(addr);
+    
+    return (addr->type == BADDR_TYPE_NONE);
+}
+
+int BIPAddr_Resolve (BIPAddr *addr, char *str, int noresolve)
+{
+    int len = strlen(str);
+    
+    char *addr_start;
+    int addr_len;
+    
+    // determine address type
+    if (len >= 1 && str[0] == '[' && str[len - 1] == ']') {
+        addr->type = BADDR_TYPE_IPV6;
+        addr_start = str + 1;
+        addr_len = len - 2;
+    } else {
+        addr->type = BADDR_TYPE_IPV4;
+        addr_start = str;
+        addr_len = len;
+    }
+    
+    // copy
+    char addr_str[BADDR_MAX_ADDR_LEN + 1];
+    if (addr_len > BADDR_MAX_ADDR_LEN) {
+        return 0;
+    }
+    memcpy(addr_str, addr_start, addr_len);
+    addr_str[addr_len] = '\0';
+    
+    // initialize hints
+    struct addrinfo hints;
+    memset(&hints, 0, sizeof(hints));
+    switch (addr->type) {
+        case BADDR_TYPE_IPV6:
+            hints.ai_family = AF_INET6;
+            break;
+        case BADDR_TYPE_IPV4:
+            hints.ai_family = AF_INET;
+            break;
+    }
+    if (noresolve) {
+        hints.ai_flags |= AI_NUMERICHOST;
+    }
+    
+    // call getaddrinfo
+    struct addrinfo *addrs;
+    int res;
+    if ((res = getaddrinfo(addr_str, NULL, &hints, &addrs)) != 0) {
+        return 0;
+    }
+    
+    // set address
+    switch (addr->type) {
+        case BADDR_TYPE_IPV6:
+            memcpy(addr->ipv6, ((struct sockaddr_in6 *)addrs->ai_addr)->sin6_addr.s6_addr, sizeof(addr->ipv6));
+            break;
+        case BADDR_TYPE_IPV4:
+            addr->ipv4 = ((struct sockaddr_in *)addrs->ai_addr)->sin_addr.s_addr;
+            break;
+    }
+    
+    freeaddrinfo(addrs);
+    
+    return 1;
+}
+
+int BIPAddr_Compare (BIPAddr *addr1, BIPAddr *addr2)
+{
+    BIPAddr_Assert(addr1);
+    BIPAddr_Assert(addr2);
+    
+    if (addr1->type != addr2->type) {
+        return 0;
+    }
+    
+    switch (addr1->type) {
+        case BADDR_TYPE_NONE:
+            return 0;
+        case BADDR_TYPE_IPV4:
+            return (addr1->ipv4 == addr2->ipv4);
+        case BADDR_TYPE_IPV6:
+            return (!memcmp(addr1->ipv6, addr2->ipv6, sizeof(addr1->ipv6)));
+        default:
+            ASSERT(0)
+            return 0;
+    }
+}
+
+uint16_t BAddr_GetPort (BAddr *addr)
+{
+    BAddr_Assert(addr);
+    ASSERT(addr->type == BADDR_TYPE_IPV4 || addr->type == BADDR_TYPE_IPV6)
+    
+    switch (addr->type) {
+        case BADDR_TYPE_IPV4:
+            return addr->ipv4.port;
+        case BADDR_TYPE_IPV6:
+            return addr->ipv6.port;
+        default:
+            ASSERT(0)
+            return 0;
+    }
+}
+
+void BAddr_GetIPAddr (BAddr *addr, BIPAddr *ipaddr)
+{
+    BAddr_Assert(addr);
+    
+    switch (addr->type) {
+        case BADDR_TYPE_IPV4:
+            BIPAddr_InitIPv4(ipaddr, addr->ipv4.ip);
+            return;
+        case BADDR_TYPE_IPV6:
+            BIPAddr_InitIPv6(ipaddr, addr->ipv6.ip);
+            return;
+        default:
+            BIPAddr_InitInvalid(ipaddr);
+    }
+}
+
+void BAddr_SetPort (BAddr *addr, uint16_t port)
+{
+    BAddr_Assert(addr);
+    ASSERT(addr->type == BADDR_TYPE_IPV4 || addr->type == BADDR_TYPE_IPV6)
+    
+    switch (addr->type) {
+        case BADDR_TYPE_IPV4:
+            addr->ipv4.port = port;
+            break;
+        case BADDR_TYPE_IPV6:
+            addr->ipv6.port = port;
+            break;
+        default:
+            ASSERT(0);
+    }
+}
+
+void BIPAddr_Print (BIPAddr *addr, char *out)
+{
+    switch (addr->type) {
+        case BADDR_TYPE_NONE:
+            sprintf(out, "(none)");
+            break;
+        case BADDR_TYPE_IPV4:
+            sprintf(out, "%"PRIu8".%"PRIu8".%"PRIu8".%"PRIu8,
+                *((uint8_t *)&addr->ipv4 + 0),
+                *((uint8_t *)&addr->ipv4 + 1),
+                *((uint8_t *)&addr->ipv4 + 2),
+                *((uint8_t *)&addr->ipv4 + 3)
+            );
+            break;
+        case BADDR_TYPE_IPV6: {
+            const char *ptr = (const char *)addr->ipv6;
+            sprintf(out,
+                "%"PRIx16":%"PRIx16":%"PRIx16":%"PRIx16":"
+                "%"PRIx16":%"PRIx16":%"PRIx16":%"PRIx16,
+                badvpn_read_be16(ptr + 0),
+                badvpn_read_be16(ptr + 2),
+                badvpn_read_be16(ptr + 4),
+                badvpn_read_be16(ptr + 6),
+                badvpn_read_be16(ptr + 8),
+                badvpn_read_be16(ptr + 10),
+                badvpn_read_be16(ptr + 12),
+                badvpn_read_be16(ptr + 14)
+            );
+        } break;
+        default:
+            ASSERT(0);
+    }
+}
+
+BAddr BAddr_MakeNone (void)
+{
+    BAddr addr;
+    addr.type = BADDR_TYPE_NONE;
+    return addr;
+}
+
+BAddr BAddr_MakeIPv4 (uint32_t ip, uint16_t port)
+{
+    BAddr addr;
+    addr.type = BADDR_TYPE_IPV4;
+    addr.ipv4.ip = ip;
+    addr.ipv4.port = port;
+    return addr;
+}
+
+BAddr BAddr_MakeIPv6 (const uint8_t *ip, uint16_t port)
+{
+    BAddr addr;
+    addr.type = BADDR_TYPE_IPV6;
+    memcpy(addr.ipv6.ip, ip, 16);
+    addr.ipv6.port = port;
+    return addr;
+}
+
+BAddr BAddr_MakeFromIpaddrAndPort (BIPAddr ipaddr, uint16_t port)
+{
+    BIPAddr_Assert(&ipaddr);
+    
+    switch (ipaddr.type) {
+        case BADDR_TYPE_NONE:
+            return BAddr_MakeNone();
+        case BADDR_TYPE_IPV4:
+            return BAddr_MakeIPv4(ipaddr.ipv4, port);
+        case BADDR_TYPE_IPV6:
+            return BAddr_MakeIPv6(ipaddr.ipv6, port);
+        default:
+            ASSERT(0);
+            return BAddr_MakeNone();
+    }
+}
+
+void BAddr_InitNone (BAddr *addr)
+{
+    *addr = BAddr_MakeNone();
+}
+
+void BAddr_InitIPv4 (BAddr *addr, uint32_t ip, uint16_t port)
+{
+    *addr = BAddr_MakeIPv4(ip, port);
+}
+
+void BAddr_InitIPv6 (BAddr *addr, uint8_t *ip, uint16_t port)
+{
+    *addr = BAddr_MakeIPv6(ip, port);
+}
+
+void BAddr_InitFromIpaddrAndPort (BAddr *addr, BIPAddr ipaddr, uint16_t port)
+{
+    BIPAddr_Assert(&ipaddr);
+    
+    *addr = BAddr_MakeFromIpaddrAndPort(ipaddr, port);
+}
+
+#ifdef BADVPN_LINUX
+
+void BAddr_InitPacket (BAddr *addr, uint16_t phys_proto, int interface_index, int header_type, int packet_type, uint8_t *phys_addr)
+{
+    ASSERT(header_type == BADDR_PACKET_HEADER_TYPE_ETHERNET)
+    ASSERT(packet_type == BADDR_PACKET_PACKET_TYPE_HOST || packet_type == BADDR_PACKET_PACKET_TYPE_BROADCAST || 
+           packet_type == BADDR_PACKET_PACKET_TYPE_MULTICAST || packet_type == BADDR_PACKET_PACKET_TYPE_OTHERHOST ||
+           packet_type == BADDR_PACKET_PACKET_TYPE_OUTGOING)
+    
+    addr->type = BADDR_TYPE_PACKET;
+    addr->packet.phys_proto = phys_proto;
+    addr->packet.interface_index = interface_index;
+    addr->packet.header_type = header_type;
+    addr->packet.packet_type = packet_type;
+    memcpy(addr->packet.phys_addr, phys_addr, 6);
+}
+
+#endif
+
+void BAddr_Assert (BAddr *addr)
+{
+    switch (addr->type) {
+        case BADDR_TYPE_NONE:
+        case BADDR_TYPE_IPV4:
+        case BADDR_TYPE_IPV6:
+        #ifdef BADVPN_LINUX
+        case BADDR_TYPE_PACKET:
+        #endif
+            return;
+        default:
+            ASSERT(0);
+    }
+}
+
+int BAddr_IsInvalid (BAddr *addr)
+{
+    BAddr_Assert(addr);
+    
+    return (addr->type == BADDR_TYPE_NONE);
+}
+
+void BAddr_Print (BAddr *addr, char *out)
+{
+    BAddr_Assert(addr);
+    
+    BIPAddr ipaddr;
+    
+    switch (addr->type) {
+        case BADDR_TYPE_NONE:
+            sprintf(out, "(none)");
+            break;
+        case BADDR_TYPE_IPV4:
+            BIPAddr_InitIPv4(&ipaddr, addr->ipv4.ip);
+            BIPAddr_Print(&ipaddr, out);
+            sprintf(out + strlen(out), ":%"PRIu16, ntoh16(addr->ipv4.port));
+            break;
+        case BADDR_TYPE_IPV6:
+            BIPAddr_InitIPv6(&ipaddr, addr->ipv6.ip);
+            BIPAddr_Print(&ipaddr, out);
+            sprintf(out + strlen(out), ":%"PRIu16, ntoh16(addr->ipv6.port));
+            break;
+        #ifdef BADVPN_LINUX
+        case BADDR_TYPE_PACKET:
+            ASSERT(addr->packet.header_type == BADDR_PACKET_HEADER_TYPE_ETHERNET)
+            sprintf(out, "proto=%"PRIu16",ifindex=%d,htype=eth,ptype=%d,addr=%02"PRIx8":%02"PRIx8":%02"PRIx8":%02"PRIx8":%02"PRIx8":%02"PRIx8,
+                    addr->packet.phys_proto, (int)addr->packet.interface_index, (int)addr->packet.packet_type,
+                    addr->packet.phys_addr[0], addr->packet.phys_addr[1], addr->packet.phys_addr[2],
+                    addr->packet.phys_addr[3], addr->packet.phys_addr[4], addr->packet.phys_addr[5]);
+            break;
+        #endif
+        default:
+            ASSERT(0);
+    }
+}
+
+int BAddr_Parse2 (BAddr *addr, char *str, char *name, int name_len, int noresolve)
+{
+    int len = strlen(str);
+    if (len < 1 || len > 1000) {
+        return 0;
+    }
+    
+    int addr_start;
+    int addr_len;
+    int port_start;
+    int port_len;
+    
+    // leading '[' indicates an IPv6 address
+    if (str[0] == '[') {
+        addr->type = BADDR_TYPE_IPV6;
+        // find ']'
+        int i=1;
+        while (i < len && str[i] != ']') i++;
+        if (i >= len) {
+            return 0;
+        }
+        addr_start = 1;
+        addr_len = i - addr_start;
+        // follows ':' and port number
+        if (i + 1 >= len || str[i + 1] != ':') {
+            return 0;
+        }
+        port_start = i + 2;
+        port_len = len - port_start;
+    }
+    // otherwise it's an IPv4 address
+    else {
+        addr->type = BADDR_TYPE_IPV4;
+        // find ':'
+        int i=0;
+        while (i < len && str[i] != ':') i++;
+        if (i >= len) {
+            return 0;
+        }
+        addr_start = 0;
+        addr_len = i - addr_start;
+        port_start = i + 1;
+        port_len = len - port_start;
+    }
+    
+    // copy address and port to zero-terminated buffers
+    
+    char addr_str[128];
+    if (addr_len >= sizeof(addr_str)) {
+        return 0;
+    }
+    memcpy(addr_str, str + addr_start, addr_len);
+    addr_str[addr_len] = '\0';
+    
+    char port_str[6];
+    if (port_len >= sizeof(port_str)) {
+        return 0;
+    }
+    memcpy(port_str, str + port_start, port_len);
+    port_str[port_len] = '\0';
+    
+    // parse port
+    char *err;
+    long int conv_res = strtol(port_str, &err, 10);
+    if (port_str[0] == '\0' || *err != '\0') {
+        return 0;
+    }
+    if (conv_res < 0 || conv_res > UINT16_MAX) {
+        return 0;
+    }
+    uint16_t port = conv_res;
+    port = hton16(port);
+    
+    // initialize hints
+    struct addrinfo hints;
+    memset(&hints, 0, sizeof(hints));
+    switch (addr->type) {
+        case BADDR_TYPE_IPV6:
+            hints.ai_family = AF_INET6;
+            break;
+        case BADDR_TYPE_IPV4:
+            hints.ai_family = AF_INET;
+            break;
+    }
+    if (noresolve) {
+        hints.ai_flags |= AI_NUMERICHOST;
+    }
+    
+    // call getaddrinfo
+    struct addrinfo *addrs;
+    int res;
+    if ((res = getaddrinfo(addr_str, NULL, &hints, &addrs)) != 0) {
+        return 0;
+    }
+    
+    // set address
+    switch (addr->type) {
+        case BADDR_TYPE_IPV6:
+            memcpy(addr->ipv6.ip, ((struct sockaddr_in6 *)addrs->ai_addr)->sin6_addr.s6_addr, sizeof(addr->ipv6.ip));
+            addr->ipv6.port = port;
+            break;
+        case BADDR_TYPE_IPV4:
+            addr->ipv4.ip = ((struct sockaddr_in *)addrs->ai_addr)->sin_addr.s_addr;
+            addr->ipv4.port = port;
+            break;
+    }
+    
+    freeaddrinfo(addrs);
+    
+    if (name) {
+        if (strlen(addr_str) >= name_len) {
+            return 0;
+        }
+        strcpy(name, addr_str);
+    }
+    
+    return 1;
+}
+
+int BAddr_Parse (BAddr *addr, char *str, char *name, int name_len)
+{
+    return BAddr_Parse2(addr, str, name, name_len, 0);
+}
+
+int BAddr_Compare (BAddr *addr1, BAddr *addr2)
+{
+    BAddr_Assert(addr1);
+    BAddr_Assert(addr2);
+    
+    if (addr1->type != addr2->type) {
+        return 0;
+    }
+    
+    switch (addr1->type) {
+        case BADDR_TYPE_IPV4:
+            return (addr1->ipv4.ip == addr2->ipv4.ip && addr1->ipv4.port == addr2->ipv4.port);
+        case BADDR_TYPE_IPV6:
+            return (!memcmp(addr1->ipv6.ip, addr2->ipv6.ip, sizeof(addr1->ipv6.ip)) && addr1->ipv6.port == addr2->ipv6.port);
+        default:
+            return 0;
+    }
+}
+
+int BAddr_CompareOrder (BAddr *addr1, BAddr *addr2)
+{
+    BAddr_Assert(addr1);
+    BAddr_Assert(addr2);
+    
+    int cmp = B_COMPARE(addr1->type, addr2->type);
+    if (cmp) {
+        return cmp;
+    }
+    
+    switch (addr1->type) {
+        case BADDR_TYPE_NONE: {
+            return 0;
+        } break;
+        case BADDR_TYPE_IPV4: {
+            uint32_t ip1 = ntoh32(addr1->ipv4.ip);
+            uint32_t ip2 = ntoh32(addr2->ipv4.ip);
+            cmp = B_COMPARE(ip1, ip2);
+            if (cmp) {
+                return cmp;
+            }
+            uint16_t port1 = ntoh16(addr1->ipv4.port);
+            uint16_t port2 = ntoh16(addr2->ipv4.port);
+            return B_COMPARE(port1, port2);
+        } break;
+        case BADDR_TYPE_IPV6: {
+            cmp = memcmp(addr1->ipv6.ip, addr2->ipv6.ip, sizeof(addr1->ipv6.ip));
+            if (cmp) {
+                return B_COMPARE(cmp, 0);
+            }
+            uint16_t port1 = ntoh16(addr1->ipv6.port);
+            uint16_t port2 = ntoh16(addr2->ipv6.port);
+            return B_COMPARE(port1, port2);
+        } break;
+        default: {
+            return 0;
+        } break;
+    }
+}
+
+#endif
diff --git a/client/3rd/PacketProcessor/PacketProcessor/tun2socks-iOS/system/BConnection.h b/client/3rd/PacketProcessor/PacketProcessor/tun2socks-iOS/system/BConnection.h
new file mode 100644
index 00000000..5af0a040
--- /dev/null
+++ b/client/3rd/PacketProcessor/PacketProcessor/tun2socks-iOS/system/BConnection.h
@@ -0,0 +1,424 @@
+/**
+ * @file BConnection.h
+ * @author Ambroz Bizjak <ambrop7@gmail.com>
+ * 
+ * @section LICENSE
+ * 
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions are met:
+ * 1. Redistributions of source code must retain the above copyright
+ *    notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in the
+ *    documentation and/or other materials provided with the distribution.
+ * 3. Neither the name of the author nor the
+ *    names of its contributors may be used to endorse or promote products
+ *    derived from this software without specific prior written permission.
+ * 
+ * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS" AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED
+ * WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE
+ * DISCLAIMED. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY
+ * DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES
+ * (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
+ * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND
+ * ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
+ * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS
+ * SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
+ */
+
+#ifndef BADVPN_SYSTEM_BCONNECTION
+#define BADVPN_SYSTEM_BCONNECTION
+
+#include "misc/debug.h"
+#include "flow/StreamPassInterface.h"
+#include "flow/StreamRecvInterface.h"
+#include "system/BAddr.h"
+#include "system/BReactor.h"
+#include "system/BNetwork.h"
+
+
+
+/**
+ * Checks if the given address is supported by {@link BConnection} and related objects.
+ * 
+ * @param addr address to check. Must be a proper {@link BAddr} object according to
+ *             {@link BIPAddr_Assert}.
+ * @return 1 if supported, 0 if not
+ */
+int BConnection_AddressSupported (BAddr addr);
+
+
+#define BLISCON_FROM_ADDR 1
+#define BLISCON_FROM_UNIX 2
+
+struct BLisCon_from {
+    int type;
+    union {
+        struct {
+            BAddr addr;
+        } from_addr;
+#ifndef BADVPN_USE_WINAPI
+        struct {
+            char const *socket_path;
+        } from_unix;
+#endif
+    } u;
+};
+
+static struct BLisCon_from BLisCon_from_addr (BAddr addr)
+{
+    struct BLisCon_from res;
+    res.type = BLISCON_FROM_ADDR;
+    res.u.from_addr.addr = addr;
+    return res;
+}
+
+#ifndef BADVPN_USE_WINAPI
+static struct BLisCon_from BLisCon_from_unix (char const *socket_path)
+{
+    struct BLisCon_from res;
+    res.type = BLISCON_FROM_UNIX;
+    res.u.from_unix.socket_path = socket_path;
+    return res;
+}
+#endif
+
+
+struct BListener_s;
+
+/**
+ * Object which listens for connections on an address.
+ * When a connection is ready, the {@link BListener_handler} handler is called, from which
+ * the connection can be accepted into a new {@link BConnection} object.
+ */
+typedef struct BListener_s BListener;
+
+/**
+ * Handler called when a new connection is ready.
+ * The connection can be accepted by calling {@link BConnection_Init} with the a
+ * BCONNECTION_SOURCE_LISTENER 'source' argument.
+ * If no attempt is made to accept the connection from the job closure of this handler,
+ * the connection will be discarded.
+ * 
+ * @param user as in {@link BListener_Init}
+ */
+typedef void (*BListener_handler) (void *user);
+
+/**
+ * Common listener initialization function.
+ * 
+ * The other type-specific init functions are wrappers around this one.
+ */
+int BListener_InitFrom (BListener *o, struct BLisCon_from from,
+                        BReactor *reactor, void *user,
+                        BListener_handler handler) WARN_UNUSED;
+
+/**
+ * Initializes the object for listening on an address.
+ * {@link BNetwork_GlobalInit} must have been done.
+ * 
+ * @param o the object
+ * @param addr address to listen on
+ * @param reactor reactor we live in
+ * @param user argument to handler
+ * @param handler handler called when a connection can be accepted
+ * @return 1 on success, 0 on failure
+ */
+int BListener_Init (BListener *o, BAddr addr, BReactor *reactor, void *user,
+                    BListener_handler handler) WARN_UNUSED;
+
+#ifndef BADVPN_USE_WINAPI
+/**
+ * Initializes the object for listening on a Unix socket.
+ * {@link BNetwork_GlobalInit} must have been done.
+ * 
+ * @param o the object
+ * @param socket_path socket path for listening
+ * @param reactor reactor we live in
+ * @param user argument to handler
+ * @param handler handler called when a connection can be accepted
+ * @return 1 on success, 0 on failure
+ */
+int BListener_InitUnix (BListener *o, const char *socket_path, BReactor *reactor, void *user,
+                        BListener_handler handler) WARN_UNUSED;
+#endif
+
+/**
+ * Frees the object.
+ * 
+ * @param o the object
+ */
+void BListener_Free (BListener *o);
+
+
+
+struct BConnector_s;
+
+/**
+ * Object which connects to an address.
+ * When the connection attempt finishes, the {@link BConnector_handler} handler is called, from which,
+ * if successful, the resulting connection can be moved to a new {@link BConnection} object.
+ */
+typedef struct BConnector_s BConnector;
+
+/**
+ * Handler called when the connection attempt finishes.
+ * If the connection attempt succeeded (is_error==0), the new connection can be used by calling
+ * {@link BConnection_Init} with a BCONNECTION_SOURCE_TYPE_CONNECTOR 'source' argument.
+ * This handler will be called at most once. The connector object need not be freed after it
+ * is called. 
+ * 
+ * @param user as in {@link BConnector_Init}
+ * @param is_error whether the connection attempt succeeded (0) or failed (1)
+ */
+typedef void (*BConnector_handler) (void *user, int is_error);
+
+/**
+ * Common connector initialization function.
+ * 
+ * The other type-specific init functions are wrappers around this one.
+ */
+int BConnector_InitFrom (BConnector *o, struct BLisCon_from from, BReactor *reactor, void *user,
+                         BConnector_handler handler) WARN_UNUSED;
+
+/**
+ * Initializes the object for connecting to an address.
+ * {@link BNetwork_GlobalInit} must have been done.
+ * 
+ * @param o the object
+ * @param addr address to connect to
+ * @param reactor reactor we live in
+ * @param user argument to handler
+ * @param handler handler called when the connection attempt finishes
+ * @return 1 on success, 0 on failure
+ */
+int BConnector_Init (BConnector *o, BAddr addr, BReactor *reactor, void *user,
+                     BConnector_handler handler) WARN_UNUSED;
+
+#ifndef BADVPN_USE_WINAPI
+/**
+ * Initializes the object for connecting to a Unix socket.
+ * {@link BNetwork_GlobalInit} must have been done.
+ * 
+ * @param o the object
+ * @param socket_path socket path for connecting
+ * @param reactor reactor we live in
+ * @param user argument to handler
+ * @param handler handler called when the connection attempt finishes
+ * @return 1 on success, 0 on failure
+ */
+int BConnector_InitUnix (BConnector *o, const char *socket_path, BReactor *reactor, void *user,
+                         BConnector_handler handler) WARN_UNUSED;
+#endif
+
+/**
+ * Frees the object.
+ * 
+ * @param o the object
+ */
+void BConnector_Free (BConnector *o);
+
+
+
+#define BCONNECTION_SOURCE_TYPE_LISTENER 1
+#define BCONNECTION_SOURCE_TYPE_CONNECTOR 2
+#define BCONNECTION_SOURCE_TYPE_PIPE 3
+
+struct BConnection_source {
+    int type;
+    union {
+        struct {
+            BListener *listener;
+            BAddr *out_addr;
+        } listener;
+        struct {
+            BConnector *connector;
+        } connector;
+#ifndef BADVPN_USE_WINAPI
+        struct {
+            int pipefd;
+            int close_it;
+        } pipe;
+#endif
+    } u;
+};
+
+static struct BConnection_source BConnection_source_listener (BListener *listener, BAddr *out_addr)
+{
+    struct BConnection_source s;
+    s.type = BCONNECTION_SOURCE_TYPE_LISTENER;
+    s.u.listener.listener = listener;
+    s.u.listener.out_addr = out_addr;
+    return s;
+}
+
+static struct BConnection_source BConnection_source_connector (BConnector *connector)
+{
+    struct BConnection_source s;
+    s.type = BCONNECTION_SOURCE_TYPE_CONNECTOR;
+    s.u.connector.connector = connector;
+    return s;
+}
+
+#ifndef BADVPN_USE_WINAPI
+static struct BConnection_source BConnection_source_pipe (int pipefd, int close_it)
+{
+    struct BConnection_source s;
+    s.type = BCONNECTION_SOURCE_TYPE_PIPE;
+    s.u.pipe.pipefd = pipefd;
+    s.u.pipe.close_it = close_it;
+    return s;
+}
+#endif
+
+struct BConnection_s;
+
+/**
+ * Object which represents a stream connection. This is usually a TCP connection, either client
+ * or server, but may also be used with any file descriptor (e.g. pipe) on Unix-like systems.
+ * Sending and receiving is performed via {@link StreamPassInterface} and {@link StreamRecvInterface},
+ * respectively.
+ */
+typedef struct BConnection_s BConnection;
+
+#define BCONNECTION_EVENT_ERROR 1
+#define BCONNECTION_EVENT_RECVCLOSED 2
+
+/**
+ * Handler called when an error occurs or the receive end of the connection was closed
+ * by the remote peer.
+ * - If event is BCONNECTION_EVENT_ERROR, the connection is no longer usable and must be freed
+ *   from withing the job closure of this handler. No further I/O or interface initialization
+ *   must occur.
+ * - If event is BCONNECTION_EVENT_RECVCLOSED, no further receive I/O or receive interface
+ *   initialization must occur. It is guarantted that the receive interface was initialized.
+ * 
+ * @param user as in {@link BConnection_Init} or {@link BConnection_SetHandlers}
+ * @param event what happened - BCONNECTION_EVENT_ERROR or BCONNECTION_EVENT_RECVCLOSED
+ */
+typedef void (*BConnection_handler) (void *user, int event);
+
+/**
+ * Initializes the object.
+ * {@link BNetwork_GlobalInit} must have been done.
+ * 
+ * @param o the object
+ * @param source specifies what the connection comes from. This argument must be created with one of the
+ *               following macros:
+ *               - BCONNECTION_SOURCE_LISTENER(BListener *, BAddr *)
+ *                 Accepts a connection ready on a {@link BListener} object. Must be called from the job
+ *                 closure of the listener's {@link BListener_handler}, and must be the first attempt
+ *                 for this handler invocation. The address of the client is written if the address
+ *                 argument is not NULL (theoretically an invalid address may be returned).
+ *               - BCONNECTION_SOURCE_CONNECTOR(Bconnector *)
+ *                 Uses a connection establised with {@link BConnector}. Must be called from the job
+ *                 closure of the connector's {@link BConnector_handler}, the handler must be reporting
+ *                 successful connection, and must be the first attempt for this handler invocation.
+ *               - BCONNECTION_SOURCE_PIPE(int pipefd, int close_it)
+ *                 On Unix-like systems, uses the provided file descriptor. The file descriptor number must
+ *                 be >=0. If close_it is true, the connector will take responsibility of closing the
+ *                 pipefd. Note that it will be closed even when this Init fails.
+ * @param reactor reactor we live in
+ * @param user argument to handler
+ * @param handler handler called when an error occurs or the receive end of the connection was closed
+ *                by the remote peer.
+ * @return 1 on success, 0 on failure
+ */
+int BConnection_Init (BConnection *o, struct BConnection_source source, BReactor *reactor, void *user,
+                      BConnection_handler handler) WARN_UNUSED;
+
+/**
+ * Frees the object.
+ * The send and receive interfaces must not be initialized.
+ * If the connection was created with a BCONNECTION_SOURCE_PIPE 'source' argument, the file descriptor
+ * will not be closed.
+ * 
+ * @param o the object
+ */
+void BConnection_Free (BConnection *o);
+
+/**
+ * Updates the handler function.
+ * 
+ * @param o the object
+ * @param user argument to handler
+ * @param handler new handler function, as in {@link BConnection_Init}. Additionally, may be NULL to
+ *                remove the current handler. In this case, a proper handler must be set before anything
+ *                can happen with the connection. This is used when moving the connection ownership from
+ *                one module to another.
+ */
+void BConnection_SetHandlers (BConnection *o, void *user, BConnection_handler handler);
+
+/**
+ * Sets the SO_SNDBUF socket option.
+ * 
+ * @param o the object
+ * @param buf_size value for SO_SNDBUF option
+ * @return 1 on success, 0 on failure
+ */
+int BConnection_SetSendBuffer (BConnection *o, int buf_size);
+
+/**
+ * Initializes the send interface for the connection.
+ * The send interface must not be initialized.
+ * 
+ * @param o the object
+ */
+void BConnection_SendAsync_Init (BConnection *o);
+
+/**
+ * Frees the send interface for the connection.
+ * The send interface must be initialized.
+ * If the send interface was busy when this is called, the connection is no longer usable and must be
+ * freed before any further I/O or interface initialization.
+ * 
+ * @param o the object
+ */
+void BConnection_SendAsync_Free (BConnection *o);
+
+/**
+ * Returns the send interface.
+ * The send interface must be initialized.
+ * 
+ * @param o the object
+ * @return send interface
+ */
+StreamPassInterface * BConnection_SendAsync_GetIf (BConnection *o);
+
+/**
+ * Initializes the receive interface for the connection.
+ * The receive interface must not be initialized.
+ * 
+ * @param o the object
+ */
+void BConnection_RecvAsync_Init (BConnection *o);
+
+/**
+ * Frees the receive interface for the connection.
+ * The receive interface must be initialized.
+ * If the receive interface was busy when this is called, the connection is no longer usable and must be
+ * freed before any further I/O or interface initialization.
+ * 
+ * @param o the object
+ */
+void BConnection_RecvAsync_Free (BConnection *o);
+
+/**
+ * Returns the receive interface.
+ * The receive interface must be initialized.
+ * 
+ * @param o the object
+ * @return receive interface
+ */
+StreamRecvInterface * BConnection_RecvAsync_GetIf (BConnection *o);
+
+
+
+#ifdef BADVPN_USE_WINAPI
+#include "BConnection_win.h"
+#else
+#include "BConnection_unix.h"
+#endif
+
+#endif
diff --git a/client/3rd/PacketProcessor/PacketProcessor/tun2socks-iOS/system/BConnection_common.c b/client/3rd/PacketProcessor/PacketProcessor/tun2socks-iOS/system/BConnection_common.c
new file mode 100644
index 00000000..79950eae
--- /dev/null
+++ b/client/3rd/PacketProcessor/PacketProcessor/tun2socks-iOS/system/BConnection_common.c
@@ -0,0 +1,58 @@
+/**
+ * @file BConnection_common.c
+ * @author Ambroz Bizjak <ambrop7@gmail.com>
+ * 
+ * @section LICENSE
+ * 
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions are met:
+ * 1. Redistributions of source code must retain the above copyright
+ *    notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in the
+ *    documentation and/or other materials provided with the distribution.
+ * 3. Neither the name of the author nor the
+ *    names of its contributors may be used to endorse or promote products
+ *    derived from this software without specific prior written permission.
+ * 
+ * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS" AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED
+ * WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE
+ * DISCLAIMED. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY
+ * DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES
+ * (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
+ * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND
+ * ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
+ * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS
+ * SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
+ */
+
+#include "BConnection.h"
+
+int BListener_Init (BListener *o, BAddr addr, BReactor *reactor, void *user,
+                    BListener_handler handler)
+{
+    return BListener_InitFrom(o, BLisCon_from_addr(addr), reactor, user, handler);
+}
+
+#ifndef BADVPN_USE_WINAPI
+int BListener_InitUnix (BListener *o, const char *socket_path, BReactor *reactor, void *user,
+                        BListener_handler handler)
+{
+    return BListener_InitFrom(o, BLisCon_from_unix(socket_path), reactor, user, handler);
+}
+#endif
+
+int BConnector_Init (BConnector *o, BAddr addr, BReactor *reactor, void *user,
+                     BConnector_handler handler)
+{
+    return BConnector_InitFrom(o, BLisCon_from_addr(addr), reactor, user, handler);
+}
+
+#ifndef BADVPN_USE_WINAPI
+int BConnector_InitUnix (BConnector *o, const char *socket_path, BReactor *reactor, void *user,
+                         BConnector_handler handler)
+{
+    return BConnector_InitFrom(o, BLisCon_from_unix(socket_path), reactor, user, handler);
+}
+#endif
diff --git a/client/3rd/PacketProcessor/PacketProcessor/tun2socks-iOS/system/BConnection_unix.c b/client/3rd/PacketProcessor/PacketProcessor/tun2socks-iOS/system/BConnection_unix.c
new file mode 100644
index 00000000..14dcb2fd
--- /dev/null
+++ b/client/3rd/PacketProcessor/PacketProcessor/tun2socks-iOS/system/BConnection_unix.c
@@ -0,0 +1,968 @@
+/**
+ * @file BConnection_unix.c
+ * @author Ambroz Bizjak <ambrop7@gmail.com>
+ * 
+ * @section LICENSE
+ * 
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions are met:
+ * 1. Redistributions of source code must retain the above copyright
+ *    notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in the
+ *    documentation and/or other materials provided with the distribution.
+ * 3. Neither the name of the author nor the
+ *    names of its contributors may be used to endorse or promote products
+ *    derived from this software without specific prior written permission.
+ * 
+ * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS" AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED
+ * WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE
+ * DISCLAIMED. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY
+ * DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES
+ * (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
+ * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND
+ * ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
+ * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS
+ * SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
+ */
+
+#include <string.h>
+#include <stddef.h>
+#include <unistd.h>
+#include <errno.h>
+#include <sys/types.h>
+#include <sys/socket.h>
+#include <sys/un.h>
+
+#include "misc/nonblocking.h"
+#include "misc/strdup.h"
+#include "base/BLog.h"
+
+#include "BConnection.h"
+
+#include "generated/blog_channel_BConnection.h"
+
+#define MAX_UNIX_SOCKET_PATH 200
+
+#define SEND_STATE_NOT_INITED 0
+#define SEND_STATE_READY 1
+#define SEND_STATE_BUSY 2
+
+#define RECV_STATE_NOT_INITED 0
+#define RECV_STATE_READY 1
+#define RECV_STATE_BUSY 2
+#define RECV_STATE_INITED_CLOSED 3
+#define RECV_STATE_NOT_INITED_CLOSED 4
+
+struct sys_addr {
+    socklen_t len;
+    union {
+        struct sockaddr generic;
+        struct sockaddr_in ipv4;
+        struct sockaddr_in6 ipv6;
+    } addr;
+};
+
+struct unix_addr {
+    socklen_t len;
+    union {
+        struct sockaddr_un addr;
+        uint8_t bytes[offsetof(struct sockaddr_un, sun_path) + MAX_UNIX_SOCKET_PATH + 1];
+    } u;
+};
+
+static int build_unix_address (struct unix_addr *out, const char *socket_path);
+static void addr_socket_to_sys (struct sys_addr *out, BAddr addr);
+static void addr_sys_to_socket (BAddr *out, struct sys_addr addr);
+static void listener_fd_handler (BListener *o, int events);
+static void listener_default_job_handler (BListener *o);
+static void connector_fd_handler (BConnector *o, int events);
+static void connector_job_handler (BConnector *o);
+static void connection_report_error (BConnection *o);
+static void connection_send (BConnection *o);
+static void connection_recv (BConnection *o);
+static void connection_fd_handler (BConnection *o, int events);
+static void connection_send_job_handler (BConnection *o);
+static void connection_recv_job_handler (BConnection *o);
+static void connection_send_if_handler_send (BConnection *o, uint8_t *data, int data_len);
+static void connection_recv_if_handler_recv (BConnection *o, uint8_t *data, int data_len);
+
+static int build_unix_address (struct unix_addr *out, const char *socket_path)
+{
+    ASSERT(socket_path);
+    
+    if (strlen(socket_path) > MAX_UNIX_SOCKET_PATH) {
+        return 0;
+    }
+    
+    out->len = offsetof(struct sockaddr_un, sun_path) + strlen(socket_path) + 1;
+    out->u.addr.sun_family = AF_UNIX;
+    strcpy(out->u.addr.sun_path, socket_path);
+    
+    return 1;
+}
+
+static void addr_socket_to_sys (struct sys_addr *out, BAddr addr)
+{
+    switch (addr.type) {
+        case BADDR_TYPE_IPV4: {
+            out->len = sizeof(out->addr.ipv4);
+            memset(&out->addr.ipv4, 0, sizeof(out->addr.ipv4));
+            out->addr.ipv4.sin_family = AF_INET;
+            out->addr.ipv4.sin_port = addr.ipv4.port;
+            out->addr.ipv4.sin_addr.s_addr = addr.ipv4.ip;
+        } break;
+        
+        case BADDR_TYPE_IPV6: {
+            out->len = sizeof(out->addr.ipv6);
+            memset(&out->addr.ipv6, 0, sizeof(out->addr.ipv6));
+            out->addr.ipv6.sin6_family = AF_INET6;
+            out->addr.ipv6.sin6_port = addr.ipv6.port;
+            out->addr.ipv6.sin6_flowinfo = 0;
+            memcpy(out->addr.ipv6.sin6_addr.s6_addr, addr.ipv6.ip, 16);
+            out->addr.ipv6.sin6_scope_id = 0;
+        } break;
+        
+        default: ASSERT(0);
+    }
+}
+
+static void addr_sys_to_socket (BAddr *out, struct sys_addr addr)
+{
+    switch (addr.addr.generic.sa_family) {
+        case AF_INET: {
+            ASSERT(addr.len == sizeof(struct sockaddr_in))
+            BAddr_InitIPv4(out, addr.addr.ipv4.sin_addr.s_addr, addr.addr.ipv4.sin_port);
+        } break;
+        
+        case AF_INET6: {
+            ASSERT(addr.len == sizeof(struct sockaddr_in6))
+            BAddr_InitIPv6(out, addr.addr.ipv6.sin6_addr.s6_addr, addr.addr.ipv6.sin6_port);
+        } break;
+        
+        default: {
+            BAddr_InitNone(out);
+        } break;
+    }
+}
+
+static void listener_fd_handler (BListener *o, int events)
+{
+    DebugObject_Access(&o->d_obj);
+    
+    // set default job
+    BPending_Set(&o->default_job);
+    
+    // call handler
+    o->handler(o->user);
+    return;
+}
+
+static void listener_default_job_handler (BListener *o)
+{
+    DebugObject_Access(&o->d_obj);
+    
+    BLog(BLOG_ERROR, "discarding connection");
+    
+    // accept
+    int newfd = accept(o->fd, NULL, NULL);
+    if (newfd < 0) {
+        BLog(BLOG_ERROR, "accept failed");
+        return;
+    }
+    
+    // close new fd
+    if (close(newfd) < 0) {
+        BLog(BLOG_ERROR, "close failed");
+    }
+}
+
+static void connector_fd_handler (BConnector *o, int events)
+{
+    DebugObject_Access(&o->d_obj);
+    ASSERT(o->fd >= 0)
+    ASSERT(!o->connected)
+    ASSERT(o->have_bfd)
+    
+    // free BFileDescriptor
+    BReactor_RemoveFileDescriptor(o->reactor, &o->bfd);
+    
+    // set have no BFileDescriptor
+    o->have_bfd = 0;
+    
+    // read connection result
+    int result;
+    socklen_t result_len = sizeof(result);
+    if (getsockopt(o->fd, SOL_SOCKET, SO_ERROR, &result, &result_len) < 0) {
+        BLog(BLOG_ERROR, "getsockopt failed");
+        goto fail0;
+    }
+    ASSERT_FORCE(result_len == sizeof(result))
+    
+    if (result != 0) {
+        BLog(BLOG_ERROR, "connection failed");
+        goto fail0;
+    }
+    
+    // set connected
+    o->connected = 1;
+    
+fail0:
+    // call handler
+    o->handler(o->user, !o->connected);
+    return;
+}
+
+static void connector_job_handler (BConnector *o)
+{
+    DebugObject_Access(&o->d_obj);
+    ASSERT(o->fd >= 0)
+    ASSERT(o->connected)
+    ASSERT(!o->have_bfd)
+    
+    // call handler
+    o->handler(o->user, 0);
+    return;
+}
+
+static void connection_report_error (BConnection *o)
+{
+    DebugError_AssertNoError(&o->d_err);
+    ASSERT(o->handler)
+    
+    // report error
+    DEBUGERROR(&o->d_err, o->handler(o->user, BCONNECTION_EVENT_ERROR));
+    return;
+}
+
+static void connection_send (BConnection *o)
+{
+    DebugError_AssertNoError(&o->d_err);
+    ASSERT(o->send.state == SEND_STATE_BUSY)
+    
+    // limit
+    if (!o->is_hupd) {
+        if (!BReactorLimit_Increment(&o->send.limit)) {
+            // wait for fd
+            o->wait_events |= BREACTOR_WRITE;
+            BReactor_SetFileDescriptorEvents(o->reactor, &o->bfd, o->wait_events);
+            return;
+        }
+    }
+    
+    // send
+    int bytes = write(o->fd, o->send.busy_data, o->send.busy_data_len);
+    if (bytes < 0) {
+        if (!o->is_hupd && (errno == EAGAIN || errno == EWOULDBLOCK)) {
+            // wait for fd
+            o->wait_events |= BREACTOR_WRITE;
+            BReactor_SetFileDescriptorEvents(o->reactor, &o->bfd, o->wait_events);
+            return;
+        }
+        
+        BLog(BLOG_ERROR, "send failed");
+        connection_report_error(o);
+        return;
+    }
+    BLog(BLOG_INFO, "clien try write: %d, written: %d", o->send.busy_data_len, bytes);
+    
+    ASSERT(bytes > 0)
+    ASSERT(bytes <= o->send.busy_data_len)
+    
+    // set ready
+    o->send.state = SEND_STATE_READY;
+    
+    // done
+    StreamPassInterface_Done(&o->send.iface, bytes);
+}
+
+static void connection_recv (BConnection *o)
+{
+    DebugError_AssertNoError(&o->d_err);
+    ASSERT(o->recv.state == RECV_STATE_BUSY)
+    
+    // limit
+    if (!o->is_hupd) {
+        if (!BReactorLimit_Increment(&o->recv.limit)) {
+            // wait for fd
+            o->wait_events |= BREACTOR_READ;
+            BReactor_SetFileDescriptorEvents(o->reactor, &o->bfd, o->wait_events);
+            return;
+        }
+    }
+    BLog(BLOG_INFO, "clien try read: %d", o->recv.busy_data_avail);
+
+    // recv
+    int bytes = recv(o->fd, o->recv.busy_data, o->recv.busy_data_avail, 0);
+    if (bytes < 0) {
+        if (!o->is_hupd && (errno == EAGAIN || errno == EWOULDBLOCK)) {
+            // wait for fd
+            o->wait_events |= BREACTOR_READ;
+            BReactor_SetFileDescriptorEvents(o->reactor, &o->bfd, o->wait_events);
+            return;
+        }
+        BLog(BLOG_ERROR, "recv failed");
+        connection_report_error(o);
+        return;
+    }
+    BLog(BLOG_INFO, "clien try read: %d, received: %d", o->recv.busy_data_avail, bytes);
+    
+    if (bytes == 0) {
+        // set recv inited closed
+        o->recv.state = RECV_STATE_INITED_CLOSED;
+        
+        // report recv closed
+        o->handler(o->user, BCONNECTION_EVENT_RECVCLOSED);
+        return;
+    }
+    
+    ASSERT(bytes > 0)
+    ASSERT(bytes <= o->recv.busy_data_avail)
+
+    // set not busy
+    o->recv.state = RECV_STATE_READY;
+    // done
+    StreamRecvInterface_Done(&o->recv.iface, bytes);
+}
+
+static void connection_fd_handler (BConnection *o, int events)
+{
+    DebugObject_Access(&o->d_obj);
+    DebugError_AssertNoError(&o->d_err);
+    ASSERT(!o->is_hupd)
+    
+    // clear handled events
+    o->wait_events &= ~events;
+    BReactor_SetFileDescriptorEvents(o->reactor, &o->bfd, o->wait_events);
+    
+    int have_send = 0;
+    int have_recv = 0;
+    
+    // if we got a HUP event, stop monitoring the file descriptor
+    if ((events & BREACTOR_HUP)) {
+        BReactor_RemoveFileDescriptor(o->reactor, &o->bfd);
+        o->is_hupd = 1;
+    }
+    
+    if ((events & BREACTOR_WRITE) || ((events & (BREACTOR_ERROR|BREACTOR_HUP)) && o->send.state == SEND_STATE_BUSY)) {
+        ASSERT(o->send.state == SEND_STATE_BUSY)
+        have_send = 1;
+    }
+    
+    if ((events & BREACTOR_READ) || ((events & (BREACTOR_ERROR|BREACTOR_HUP)) && o->recv.state == RECV_STATE_BUSY)) {
+        ASSERT(o->recv.state == RECV_STATE_BUSY)
+        have_recv = 1;
+    }
+    
+    if (have_send) {
+        if (have_recv) {
+            BPending_Set(&o->recv.job);
+        }
+        
+        connection_send(o);
+        return;
+    }
+    
+    if (have_recv) {
+        connection_recv(o);
+        return;
+    }
+    
+    if (!o->is_hupd) {
+        BLog(BLOG_ERROR, "fd error event");
+        connection_report_error(o);
+        return;
+    }
+}
+
+static void connection_send_job_handler (BConnection *o)
+{
+    DebugObject_Access(&o->d_obj);
+    DebugError_AssertNoError(&o->d_err);
+    ASSERT(o->send.state == SEND_STATE_BUSY)
+    
+    connection_send(o);
+    return;
+}
+
+static void connection_recv_job_handler (BConnection *o)
+{
+    DebugObject_Access(&o->d_obj);
+    DebugError_AssertNoError(&o->d_err);
+    ASSERT(o->recv.state == RECV_STATE_BUSY)
+    
+    connection_recv(o);
+    return;
+}
+
+static void connection_send_if_handler_send (BConnection *o, uint8_t *data, int data_len)
+{
+    DebugObject_Access(&o->d_obj);
+    DebugError_AssertNoError(&o->d_err);
+    ASSERT(o->send.state == SEND_STATE_READY)
+    ASSERT(data_len > 0)
+    
+    // remember data
+    o->send.busy_data = data;
+    o->send.busy_data_len = data_len;
+    
+    // set busy
+    o->send.state = SEND_STATE_BUSY;
+    
+    connection_send(o);
+    return;
+}
+
+static void connection_recv_if_handler_recv (BConnection *o, uint8_t *data, int data_avail)
+{
+    DebugObject_Access(&o->d_obj);
+    DebugError_AssertNoError(&o->d_err);
+    ASSERT(o->recv.state == RECV_STATE_READY)
+    ASSERT(data_avail > 0)
+    
+    // remember data
+    o->recv.busy_data = data;
+    o->recv.busy_data_avail = data_avail;
+    
+    // set busy
+    o->recv.state = RECV_STATE_BUSY;
+    
+    connection_recv(o);
+    return;
+}
+
+int BConnection_AddressSupported (BAddr addr)
+{
+    BAddr_Assert(&addr);
+    
+    return (addr.type == BADDR_TYPE_IPV4 || addr.type == BADDR_TYPE_IPV6);
+}
+
+int BListener_InitFrom (BListener *o, struct BLisCon_from from,
+                        BReactor *reactor, void *user,
+                        BListener_handler handler)
+{
+    ASSERT(from.type == BLISCON_FROM_ADDR || from.type == BLISCON_FROM_UNIX)
+    ASSERT(from.type != BLISCON_FROM_UNIX || from.u.from_unix.socket_path)
+    ASSERT(handler)
+    BNetwork_Assert();
+    
+    // init arguments
+    o->reactor = reactor;
+    o->user = user;
+    o->handler = handler;
+    
+    // init socket path
+    o->unix_socket_path = NULL;
+    if (from.type == BLISCON_FROM_UNIX) {
+        o->unix_socket_path = b_strdup(from.u.from_unix.socket_path);
+        if (!o->unix_socket_path) {
+            BLog(BLOG_ERROR, "b_strdup failed");
+            goto fail0;
+        }
+    }
+    
+    struct unix_addr unixaddr;
+    struct sys_addr sysaddr;
+    
+    if (from.type == BLISCON_FROM_UNIX) {
+        // build address
+        if (!build_unix_address(&unixaddr, o->unix_socket_path)) {
+            BLog(BLOG_ERROR, "build_unix_address failed");
+            goto fail1;
+        }
+        
+        // init fd
+        if ((o->fd = socket(AF_UNIX, SOCK_STREAM, 0)) < 0) {
+            BLog(BLOG_ERROR, "socket failed");
+            goto fail1;
+        }
+    } else {
+        // check address
+        if (!BConnection_AddressSupported(from.u.from_addr.addr)) {
+            BLog(BLOG_ERROR, "address not supported");
+            goto fail1;
+        }
+        
+        // convert address
+        addr_socket_to_sys(&sysaddr, from.u.from_addr.addr);
+        
+        // init fd
+        if ((o->fd = socket(sysaddr.addr.generic.sa_family, SOCK_STREAM, 0)) < 0) {
+            BLog(BLOG_ERROR, "socket failed");
+            goto fail1;
+        }
+    }
+    
+    // set non-blocking
+    if (!badvpn_set_nonblocking(o->fd)) {
+        BLog(BLOG_ERROR, "badvpn_set_nonblocking failed");
+        goto fail2;
+    }
+    
+    if (from.type == BLISCON_FROM_UNIX) {
+        // unlink existing socket
+        if (unlink(o->unix_socket_path) < 0 && errno != ENOENT) {
+            BLog(BLOG_ERROR, "unlink existing socket failed");
+            goto fail2;
+        }
+        
+        // bind
+        if (bind(o->fd, (struct sockaddr *)&unixaddr.u.addr, unixaddr.len) < 0) {
+            BLog(BLOG_ERROR, "bind failed");
+            goto fail2;
+        }
+    } else {
+        // set SO_REUSEADDR
+        int optval = 1;
+        if (setsockopt(o->fd, SOL_SOCKET, SO_REUSEADDR, &optval, sizeof(optval)) < 0) {
+            BLog(BLOG_ERROR, "setsockopt(SO_REUSEADDR) failed");
+        }
+        
+        // bind
+        if (bind(o->fd, &sysaddr.addr.generic, sysaddr.len) < 0) {
+            BLog(BLOG_ERROR, "bind failed");
+            goto fail2;
+        }
+    }
+    
+    // listen
+    if (listen(o->fd, BCONNECTION_LISTEN_BACKLOG) < 0) {
+        BLog(BLOG_ERROR, "listen failed");
+        goto fail3;
+    }
+    
+    // init BFileDescriptor
+    BFileDescriptor_Init(&o->bfd, o->fd, (BFileDescriptor_handler)listener_fd_handler, o);
+    if (!BReactor_AddFileDescriptor(o->reactor, &o->bfd)) {
+        BLog(BLOG_ERROR, "BReactor_AddFileDescriptor failed");
+        goto fail3;
+    }
+    BReactor_SetFileDescriptorEvents(o->reactor, &o->bfd, BREACTOR_READ);
+    
+    // init default job
+    BPending_Init(&o->default_job, BReactor_PendingGroup(o->reactor), (BPending_handler)listener_default_job_handler, o);
+    
+    DebugObject_Init(&o->d_obj);
+    return 1;
+    
+fail3:
+    if (from.type == BLISCON_FROM_UNIX) {
+        if (unlink(o->unix_socket_path) < 0) {
+            BLog(BLOG_ERROR, "unlink socket failed");
+        }
+    }
+fail2:
+    if (close(o->fd) < 0) {
+        BLog(BLOG_ERROR, "close failed");
+    }
+fail1:
+    free(o->unix_socket_path);
+fail0:
+    return 0;
+}
+
+void BListener_Free (BListener *o)
+{
+    DebugObject_Free(&o->d_obj);
+    
+    // free default job
+    BPending_Free(&o->default_job);
+    
+    // free BFileDescriptor
+    BReactor_RemoveFileDescriptor(o->reactor, &o->bfd);
+    
+    // free fd
+    if (close(o->fd) < 0) {
+        BLog(BLOG_ERROR, "close failed");
+    }
+    
+    // unlink unix socket
+    if (o->unix_socket_path) {
+        if (unlink(o->unix_socket_path) < 0) {
+            BLog(BLOG_ERROR, "unlink socket failed");
+        }
+    }
+    
+    // free unix socket path
+    if (o->unix_socket_path) {
+        free(o->unix_socket_path);
+    }
+}
+
+int BConnector_InitFrom (BConnector *o, struct BLisCon_from from, BReactor *reactor, void *user,
+                         BConnector_handler handler)
+{
+    ASSERT(from.type == BLISCON_FROM_ADDR || from.type == BLISCON_FROM_UNIX)
+    ASSERT(from.type != BLISCON_FROM_UNIX || from.u.from_unix.socket_path)
+    ASSERT(handler)
+    BNetwork_Assert();
+    
+    // init arguments
+    o->reactor = reactor;
+    o->user = user;
+    o->handler = handler;
+    
+    struct unix_addr unixaddr;
+    struct sys_addr sysaddr;
+    
+    if (from.type == BLISCON_FROM_UNIX) {
+        // build address
+        if (!build_unix_address(&unixaddr, from.u.from_unix.socket_path)) {
+            BLog(BLOG_ERROR, "build_unix_address failed");
+            goto fail0;
+        }
+    } else {
+        // check address
+        if (!BConnection_AddressSupported(from.u.from_addr.addr)) {
+            BLog(BLOG_ERROR, "address not supported");
+            goto fail0;
+        }
+        
+        // convert address
+        addr_socket_to_sys(&sysaddr, from.u.from_addr.addr);
+    }
+    
+    // init job
+    BPending_Init(&o->job, BReactor_PendingGroup(o->reactor), (BPending_handler)connector_job_handler, o);
+    
+    if (from.type == BLISCON_FROM_UNIX) {
+        // init fd
+        if ((o->fd = socket(AF_UNIX, SOCK_STREAM, 0)) < 0) {
+            BLog(BLOG_ERROR, "socket failed");
+            goto fail1;
+        }
+    } else {
+        // init fd
+        if ((o->fd = socket(sysaddr.addr.generic.sa_family, SOCK_STREAM, 0)) < 0) {
+            BLog(BLOG_ERROR, "socket failed");
+            goto fail1;
+        }
+    }
+    
+    // set fd non-blocking
+    if (!badvpn_set_nonblocking(o->fd)) {
+        BLog(BLOG_ERROR, "badvpn_set_nonblocking failed");
+        goto fail2;
+    }
+    
+    // connect fd
+    int connect_res;
+    if (from.type == BLISCON_FROM_UNIX) {
+        connect_res = connect(o->fd, (struct sockaddr *)&unixaddr.u.addr, unixaddr.len);
+    } else {
+        connect_res = connect(o->fd, &sysaddr.addr.generic, sysaddr.len);
+    }
+    if (connect_res < 0 && errno != EINPROGRESS) {
+        BLog(BLOG_ERROR, "connect failed");
+        goto fail2;
+    }
+    
+    // set not connected
+    o->connected = 0;
+    
+    // set have no BFileDescriptor
+    o->have_bfd = 0;
+    
+    if (connect_res < 0) {
+        // init BFileDescriptor
+        BFileDescriptor_Init(&o->bfd, o->fd, (BFileDescriptor_handler)connector_fd_handler, o);
+        if (!BReactor_AddFileDescriptor(o->reactor, &o->bfd)) {
+            BLog(BLOG_ERROR, "BReactor_AddFileDescriptor failed");
+            goto fail2;
+        }
+        BReactor_SetFileDescriptorEvents(o->reactor, &o->bfd, BREACTOR_WRITE);
+        
+        // set have BFileDescriptor
+        o->have_bfd = 1;
+    } else {
+        // set connected
+        o->connected = 1;
+        
+        // set job
+        BPending_Set(&o->job);
+    }
+    
+    DebugObject_Init(&o->d_obj);
+    return 1;
+    
+fail2:
+    if (close(o->fd) < 0) {
+        BLog(BLOG_ERROR, "close failed");
+    }
+fail1:
+    BPending_Free(&o->job);
+fail0:
+    return 0;
+}
+
+void BConnector_Free (BConnector *o)
+{
+    DebugObject_Free(&o->d_obj);
+    
+    // free BFileDescriptor
+    if (o->have_bfd) {
+        BReactor_RemoveFileDescriptor(o->reactor, &o->bfd);
+    }
+    
+    // close fd
+    if (o->fd != -1) {
+        if (close(o->fd) < 0) {
+            BLog(BLOG_ERROR, "close failed");
+        }
+    }
+    
+    // free job
+    BPending_Free(&o->job);
+}
+
+int BConnection_Init (BConnection *o, struct BConnection_source source, BReactor *reactor, void *user,
+                      BConnection_handler handler)
+{
+    switch (source.type) {
+        case BCONNECTION_SOURCE_TYPE_LISTENER: {
+            BListener *listener = source.u.listener.listener;
+            DebugObject_Access(&listener->d_obj);
+            ASSERT(BPending_IsSet(&listener->default_job))
+        } break;
+        case BCONNECTION_SOURCE_TYPE_CONNECTOR: {
+            BConnector *connector = source.u.connector.connector;
+            DebugObject_Access(&connector->d_obj);
+            ASSERT(connector->fd >= 0)
+            ASSERT(connector->connected)
+            ASSERT(!connector->have_bfd)
+            ASSERT(!BPending_IsSet(&connector->job))
+        } break;
+        case BCONNECTION_SOURCE_TYPE_PIPE: {
+            ASSERT(source.u.pipe.pipefd >= 0)
+        } break;
+        default: ASSERT(0);
+    }
+    ASSERT(handler)
+    BNetwork_Assert();
+    
+    // init arguments
+    o->reactor = reactor;
+    o->user = user;
+    o->handler = handler;
+    
+    switch (source.type) {
+        case BCONNECTION_SOURCE_TYPE_LISTENER: {
+            BListener *listener = source.u.listener.listener;
+            
+            // unset listener's default job
+            BPending_Unset(&listener->default_job);
+            
+            // accept
+            struct sys_addr sysaddr;
+            sysaddr.len = sizeof(sysaddr.addr);
+            if ((o->fd = accept(listener->fd, &sysaddr.addr.generic, &sysaddr.len)) < 0) {
+                BLog(BLOG_ERROR, "accept failed");
+                goto fail0;
+            }
+            o->close_fd = 1;
+            
+            // set non-blocking
+            if (!badvpn_set_nonblocking(o->fd)) {
+                BLog(BLOG_ERROR, "badvpn_set_nonblocking failed");
+                goto fail1;
+            }
+            
+            // return address
+            if (source.u.listener.out_addr) {
+                addr_sys_to_socket(source.u.listener.out_addr, sysaddr);
+            }
+        } break;
+        
+        case BCONNECTION_SOURCE_TYPE_CONNECTOR: {
+            BConnector *connector = source.u.connector.connector;
+            
+            // grab fd from connector
+            o->fd = connector->fd;
+            connector->fd = -1;
+            o->close_fd = 1;
+        } break;
+        
+        case BCONNECTION_SOURCE_TYPE_PIPE: {
+            // use user-provided fd
+            o->fd = source.u.pipe.pipefd;
+            o->close_fd = !!source.u.pipe.close_it;
+            
+            // set non-blocking
+            if (!badvpn_set_nonblocking(o->fd)) {
+                BLog(BLOG_ERROR, "badvpn_set_nonblocking failed");
+                goto fail1;
+            }
+        } break;
+    }
+    
+    // set not HUPd
+    o->is_hupd = 0;
+    
+    // init BFileDescriptor
+    BFileDescriptor_Init(&o->bfd, o->fd, (BFileDescriptor_handler)connection_fd_handler, o);
+    if (!BReactor_AddFileDescriptor(o->reactor, &o->bfd)) {
+        BLog(BLOG_ERROR, "BReactor_AddFileDescriptor failed");
+        goto fail1;
+    }
+    
+    // set no wait events
+    o->wait_events = 0;
+    
+    // init limits
+    BReactorLimit_Init(&o->send.limit, o->reactor, BCONNECTION_SEND_LIMIT);
+    BReactorLimit_Init(&o->recv.limit, o->reactor, BCONNECTION_RECV_LIMIT);
+    
+    // set send and recv not inited
+    o->send.state = SEND_STATE_NOT_INITED;
+    o->recv.state = RECV_STATE_NOT_INITED;
+    
+    DebugError_Init(&o->d_err, BReactor_PendingGroup(o->reactor));
+    DebugObject_Init(&o->d_obj);
+    return 1;
+    
+fail1:
+    if (o->close_fd) {
+        if (close(o->fd) < 0) {
+            BLog(BLOG_ERROR, "close failed");
+        }
+    }
+fail0:
+    return 0;
+}
+
+void BConnection_Free (BConnection *o)
+{
+    DebugObject_Free(&o->d_obj);
+    DebugError_Free(&o->d_err);
+    ASSERT(o->send.state == SEND_STATE_NOT_INITED)
+    ASSERT(o->recv.state == RECV_STATE_NOT_INITED || o->recv.state == RECV_STATE_NOT_INITED_CLOSED)
+    
+    // free limits
+    BReactorLimit_Free(&o->recv.limit);
+    BReactorLimit_Free(&o->send.limit);
+    
+    // free BFileDescriptor
+    if (!o->is_hupd) {
+        BReactor_RemoveFileDescriptor(o->reactor, &o->bfd);
+    }
+    
+    // close fd
+    if (o->close_fd) {
+        if (close(o->fd) < 0) {
+            BLog(BLOG_ERROR, "close failed");
+        }
+    }
+}
+
+void BConnection_SetHandlers (BConnection *o, void *user, BConnection_handler handler)
+{
+    DebugObject_Access(&o->d_obj);
+    
+    // set handlers
+    o->user = user;
+    o->handler = handler;
+}
+
+int BConnection_SetSendBuffer (BConnection *o, int buf_size)
+{
+    DebugObject_Access(&o->d_obj);
+    
+    if (setsockopt(o->fd, SOL_SOCKET, SO_SNDBUF, (void *)&buf_size, sizeof(buf_size)) < 0) {
+        BLog(BLOG_ERROR, "setsockopt failed");
+        return 0;
+    }
+    
+    return 1;
+}
+
+void BConnection_SendAsync_Init (BConnection *o)
+{
+    DebugObject_Access(&o->d_obj);
+    DebugError_AssertNoError(&o->d_err);
+    ASSERT(o->send.state == SEND_STATE_NOT_INITED)
+    
+    // init interface
+    StreamPassInterface_Init(&o->send.iface, (StreamPassInterface_handler_send)connection_send_if_handler_send, o, BReactor_PendingGroup(o->reactor));
+    
+    // init job
+    BPending_Init(&o->send.job, BReactor_PendingGroup(o->reactor), (BPending_handler)connection_send_job_handler, o);
+    
+    // set ready
+    o->send.state = SEND_STATE_READY;
+}
+
+void BConnection_SendAsync_Free (BConnection *o)
+{
+    DebugObject_Access(&o->d_obj);
+    ASSERT(o->send.state == SEND_STATE_READY || o->send.state == SEND_STATE_BUSY)
+    
+    // update events
+    if (!o->is_hupd) {
+        o->wait_events &= ~BREACTOR_WRITE;
+        BReactor_SetFileDescriptorEvents(o->reactor, &o->bfd, o->wait_events);
+    }
+    
+    // free job
+    BPending_Free(&o->send.job);
+    
+    // free interface
+    StreamPassInterface_Free(&o->send.iface);
+    
+    // set not inited
+    o->send.state = SEND_STATE_NOT_INITED;
+}
+
+StreamPassInterface * BConnection_SendAsync_GetIf (BConnection *o)
+{
+    DebugObject_Access(&o->d_obj);
+    ASSERT(o->send.state == SEND_STATE_READY || o->send.state == SEND_STATE_BUSY)
+    
+    return &o->send.iface;
+}
+
+void BConnection_RecvAsync_Init (BConnection *o)
+{
+    DebugObject_Access(&o->d_obj);
+    DebugError_AssertNoError(&o->d_err);
+    ASSERT(o->recv.state == RECV_STATE_NOT_INITED)
+    
+    // init interface
+    StreamRecvInterface_Init(&o->recv.iface, (StreamRecvInterface_handler_recv)connection_recv_if_handler_recv, o, BReactor_PendingGroup(o->reactor));
+    
+    // init job
+    BPending_Init(&o->recv.job, BReactor_PendingGroup(o->reactor), (BPending_handler)connection_recv_job_handler, o);
+    
+    // set ready
+    o->recv.state = RECV_STATE_READY;
+}
+
+void BConnection_RecvAsync_Free (BConnection *o)
+{
+    DebugObject_Access(&o->d_obj);
+    ASSERT(o->recv.state == RECV_STATE_READY || o->recv.state == RECV_STATE_BUSY || o->recv.state == RECV_STATE_INITED_CLOSED)
+    
+    // update events
+    if (!o->is_hupd) {
+        o->wait_events &= ~BREACTOR_READ;
+        BReactor_SetFileDescriptorEvents(o->reactor, &o->bfd, o->wait_events);
+    }
+    
+    // free job
+    BPending_Free(&o->recv.job);
+    
+    // free interface
+    StreamRecvInterface_Free(&o->recv.iface);
+    
+    // set not inited
+    o->recv.state = RECV_STATE_NOT_INITED;
+}
+
+StreamRecvInterface * BConnection_RecvAsync_GetIf (BConnection *o)
+{
+    DebugObject_Access(&o->d_obj);
+    ASSERT(o->recv.state == RECV_STATE_READY || o->recv.state == RECV_STATE_BUSY || o->recv.state == RECV_STATE_INITED_CLOSED)
+    
+    return &o->recv.iface;
+}
diff --git a/client/3rd/PacketProcessor/PacketProcessor/tun2socks-iOS/system/BConnection_unix.h b/client/3rd/PacketProcessor/PacketProcessor/tun2socks-iOS/system/BConnection_unix.h
new file mode 100644
index 00000000..38d368ca
--- /dev/null
+++ b/client/3rd/PacketProcessor/PacketProcessor/tun2socks-iOS/system/BConnection_unix.h
@@ -0,0 +1,87 @@
+/**
+ * @file BConnection_unix.h
+ * @author Ambroz Bizjak <ambrop7@gmail.com>
+ * 
+ * @section LICENSE
+ * 
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions are met:
+ * 1. Redistributions of source code must retain the above copyright
+ *    notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in the
+ *    documentation and/or other materials provided with the distribution.
+ * 3. Neither the name of the author nor the
+ *    names of its contributors may be used to endorse or promote products
+ *    derived from this software without specific prior written permission.
+ * 
+ * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS" AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED
+ * WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE
+ * DISCLAIMED. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY
+ * DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES
+ * (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
+ * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND
+ * ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
+ * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS
+ * SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
+ */
+
+#include "misc/debugerror.h"
+#include "base/DebugObject.h"
+
+#define BCONNECTION_SEND_LIMIT 2
+#define BCONNECTION_RECV_LIMIT 2
+#define BCONNECTION_LISTEN_BACKLOG 128
+
+struct BListener_s {
+    BReactor *reactor;
+    void *user;
+    BListener_handler handler;
+    char *unix_socket_path;
+    int fd;
+    BFileDescriptor bfd;
+    BPending default_job;
+    DebugObject d_obj;
+};
+
+struct BConnector_s {
+    BReactor *reactor;
+    void *user;
+    BConnector_handler handler;
+    BPending job;
+    int fd;
+    int connected;
+    int have_bfd;
+    BFileDescriptor bfd;
+    DebugObject d_obj;
+};
+
+struct BConnection_s {
+    BReactor *reactor;
+    void *user;
+    BConnection_handler handler;
+    int fd;
+    int close_fd;
+    int is_hupd;
+    BFileDescriptor bfd;
+    int wait_events;
+    struct {
+        BReactorLimit limit;
+        StreamPassInterface iface;
+        BPending job;
+        const uint8_t *busy_data;
+        int busy_data_len;
+        int state;
+    } send;
+    struct {
+        BReactorLimit limit;
+        StreamRecvInterface iface;
+        BPending job;
+        uint8_t *busy_data;
+        int busy_data_avail;
+        int state;
+    } recv;
+    DebugError d_err;
+    DebugObject d_obj;
+};
diff --git a/client/3rd/PacketProcessor/PacketProcessor/tun2socks-iOS/system/BDatagram.h b/client/3rd/PacketProcessor/PacketProcessor/tun2socks-iOS/system/BDatagram.h
new file mode 100644
index 00000000..6196b5df
--- /dev/null
+++ b/client/3rd/PacketProcessor/PacketProcessor/tun2socks-iOS/system/BDatagram.h
@@ -0,0 +1,209 @@
+/**
+ * @file BDatagram.h
+ * @author Ambroz Bizjak <ambrop7@gmail.com>
+ * 
+ * @section LICENSE
+ * 
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions are met:
+ * 1. Redistributions of source code must retain the above copyright
+ *    notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in the
+ *    documentation and/or other materials provided with the distribution.
+ * 3. Neither the name of the author nor the
+ *    names of its contributors may be used to endorse or promote products
+ *    derived from this software without specific prior written permission.
+ * 
+ * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS" AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED
+ * WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE
+ * DISCLAIMED. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY
+ * DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES
+ * (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
+ * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND
+ * ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
+ * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS
+ * SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
+ */
+
+#ifndef BADVPN_SYSTEM_BDATAGRAM
+#define BADVPN_SYSTEM_BDATAGRAM
+
+#include "misc/debug.h"
+#include "flow/PacketPassInterface.h"
+#include "flow/PacketRecvInterface.h"
+#include "system/BAddr.h"
+#include "system/BReactor.h"
+#include "system/BNetwork.h"
+
+struct BDatagram_s;
+
+/**
+ * Represents datagram communication. This is usually UDP, but may also be Linux packet sockets.
+ * Sending and receiving is performed via {@link PacketPassInterface} and {@link PacketRecvInterface},
+ * respectively.
+ */
+typedef struct BDatagram_s BDatagram;
+
+#define BDATAGRAM_EVENT_ERROR 1
+
+/**
+ * Handler called when an error occurs with the datagram object.
+ * The datagram object is no longer usable and must be freed from withing the job closure of
+ * this handler. No further I/O, interface initialization, binding and send address setting
+ * must occur.
+ * 
+ * @param user as in {@link BDatagram_Init}
+ * @param event always BDATAGRAM_EVENT_ERROR
+ */
+typedef void (*BDatagram_handler) (void *user, int event);
+
+/**
+ * Checks if the given address family (from {@link BAddr.h}) is supported by {@link BDatagram}
+ * and related objects.
+ * 
+ * @param family family to check
+ * @return 1 if supported, 0 if not
+ */
+int BDatagram_AddressFamilySupported (int family);
+
+/**
+ * Initializes the object.
+ * {@link BNetwork_GlobalInit} must have been done.
+ * 
+ * @param o the object
+ * @param family address family. Must be supported according to {@link BDatagram_AddressFamilySupported}.
+ * @param reactor reactor we live in
+ * @param user argument to handler
+ * @param handler handler called when an error occurs
+ * @return 1 on success, 0 on failure
+ */
+int BDatagram_Init (BDatagram *o, int family, BReactor *reactor, void *user,
+                    BDatagram_handler handler) WARN_UNUSED;
+
+/**
+ * Frees the object.
+ * The send and receive interfaces must not be initialized.
+ * 
+ * @param o the object
+ */
+void BDatagram_Free (BDatagram *o);
+
+/**
+ * Binds to the given local address.
+ * May initiate I/O.
+ * 
+ * @param o the object
+ * @param addr address to bind to. Its family must be supported according to {@link BDatagram_AddressFamilySupported}.
+ * @return 1 on success, 0 on failure
+ */
+int BDatagram_Bind (BDatagram *o, BAddr addr) WARN_UNUSED;
+
+/**
+ * Sets addresses for sending.
+ * May initiate I/O.
+ * 
+ * @param o the object
+ * @param remote_addr destination address for sending datagrams. Its family must be supported according
+ *                    to {@link BDatagram_AddressFamilySupported}.
+ * @param local_addr local source IP address. May be an invalid address, otherwise its family must be
+ *                   supported according to {@link BDatagram_AddressFamilySupported}.
+ */
+void BDatagram_SetSendAddrs (BDatagram *o, BAddr remote_addr, BIPAddr local_addr);
+
+/**
+ * Returns the remote and local address of the last datagram received.
+ * Fails if and only if no datagrams have been received yet.
+ * 
+ * @param o the object
+ * @param remote_addr returns the remote source address of the datagram. May be an invalid address, theoretically.
+ * @param local_addr returns the local destination IP address. May be an invalid address.
+ * @return 1 on success, 0 on failure
+ */
+int BDatagram_GetLastReceiveAddrs (BDatagram *o, BAddr *remote_addr, BIPAddr *local_addr);
+
+#ifndef BADVPN_USE_WINAPI
+/**
+ * Returns the underlying socket file descriptor of the datagram object.
+ * Available on Unix-like systems only.
+ * 
+ * @param o the object
+ * @return file descriptor
+ */
+int BDatagram_GetFd (BDatagram *o);
+#endif
+
+/**
+ * Sets the SO_REUSEADDR option for the underlying socket.
+ * 
+ * @param o the object
+ * @param reuse value of the option. Must be 0 or 1.
+ */
+int BDatagram_SetReuseAddr (BDatagram *o, int reuse);
+
+/**
+ * Initializes the send interface.
+ * The send interface must not be initialized.
+ * 
+ * @param o the object
+ * @param mtu maximum transmission unit. Must be >=0.
+ */
+void BDatagram_SendAsync_Init (BDatagram *o, int mtu);
+
+/**
+ * Frees the send interface.
+ * The send interface must be initialized.
+ * If the send interface was busy when this is called, the datagram object is no longer usable and must be
+ * freed before any further I/O or interface initialization.
+ * 
+ * @param o the object
+ */
+void BDatagram_SendAsync_Free (BDatagram *o);
+
+/**
+ * Returns the send interface.
+ * The send interface must be initialized.
+ * The MTU of the interface will be as in {@link BDatagram_SendAsync_Init}.
+ * 
+ * @param o the object
+ * @return send interface
+ */
+PacketPassInterface * BDatagram_SendAsync_GetIf (BDatagram *o);
+
+/**
+ * Initializes the receive interface.
+ * The receive interface must not be initialized.
+ * 
+ * @param o the object
+ * @param mtu maximum transmission unit. Must be >=0.
+ */
+void BDatagram_RecvAsync_Init (BDatagram *o, int mtu);
+
+/**
+ * Frees the receive interface.
+ * The receive interface must be initialized.
+ * If the receive interface was busy when this is called, the datagram object is no longer usable and must be
+ * freed before any further I/O or interface initialization.
+ * 
+ * @param o the object
+ */
+void BDatagram_RecvAsync_Free (BDatagram *o);
+
+/**
+ * Returns the receive interface.
+ * The receive interface must be initialized.
+ * The MTU of the interface will be as in {@link BDatagram_RecvAsync_Init}.
+ * 
+ * @param o the object
+ * @return receive interface
+ */
+PacketRecvInterface * BDatagram_RecvAsync_GetIf (BDatagram *o);
+
+#ifdef BADVPN_USE_WINAPI
+#include "BDatagram_win.h"
+#else
+#include "BDatagram_unix.h"
+#endif
+
+#endif
diff --git a/client/3rd/PacketProcessor/PacketProcessor/tun2socks-iOS/system/BDatagram_unix.c b/client/3rd/PacketProcessor/PacketProcessor/tun2socks-iOS/system/BDatagram_unix.c
new file mode 100644
index 00000000..6f9a9323
--- /dev/null
+++ b/client/3rd/PacketProcessor/PacketProcessor/tun2socks-iOS/system/BDatagram_unix.c
@@ -0,0 +1,881 @@
+/**
+ * @file BDatagram_unix.c
+ * @author Ambroz Bizjak <ambrop7@gmail.com>
+ * 
+ * @section LICENSE
+ * 
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions are met:
+ * 1. Redistributions of source code must retain the above copyright
+ *    notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in the
+ *    documentation and/or other materials provided with the distribution.
+ * 3. Neither the name of the author nor the
+ *    names of its contributors may be used to endorse or promote products
+ *    derived from this software without specific prior written permission.
+ * 
+ * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS" AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED
+ * WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE
+ * DISCLAIMED. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY
+ * DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES
+ * (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
+ * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND
+ * ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
+ * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS
+ * SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
+ */
+
+#ifndef _GNU_SOURCE
+#define _GNU_SOURCE
+#endif
+
+#include <stddef.h>
+#include <string.h>
+#include <unistd.h>
+#include <errno.h>
+#ifdef __APPLE__
+#define	IPV6_PKTINFO	IPV6_2292PKTINFO
+#endif
+#include <sys/types.h>
+#include <sys/socket.h>
+#ifdef BADVPN_LINUX
+#    include <netpacket/packet.h>
+#    include <net/ethernet.h>
+#endif
+
+#include "misc/nonblocking.h"
+#include "base/BLog.h"
+
+#include "BDatagram.h"
+
+#include "generated/blog_channel_BDatagram.h"
+
+struct sys_addr {
+    socklen_t len;
+    union {
+        struct sockaddr generic;
+        struct sockaddr_in ipv4;
+        struct sockaddr_in6 ipv6;
+#ifdef BADVPN_LINUX
+        struct sockaddr_ll packet;
+#endif
+    } addr;
+};
+
+static int family_socket_to_sys (int family);
+static void addr_socket_to_sys (struct sys_addr *out, BAddr addr);
+static void addr_sys_to_socket (BAddr *out, struct sys_addr addr);
+static void set_pktinfo (int fd, int family);
+static void report_error (BDatagram *o);
+static void do_send (BDatagram *o);
+static void do_recv (BDatagram *o);
+static void fd_handler (BDatagram *o, int events);
+static void send_job_handler (BDatagram *o);
+static void recv_job_handler (BDatagram *o);
+static void send_if_handler_send (BDatagram *o, uint8_t *data, int data_len);
+static void recv_if_handler_recv (BDatagram *o, uint8_t *data);
+
+static int family_socket_to_sys (int family)
+{
+    switch (family) {
+        case BADDR_TYPE_IPV4:
+            return AF_INET;
+        case BADDR_TYPE_IPV6:
+            return AF_INET6;
+#ifdef BADVPN_LINUX
+        case BADDR_TYPE_PACKET:
+            return AF_PACKET;
+#endif
+    }
+    
+    ASSERT(0);
+    return 0;
+}
+
+static void addr_socket_to_sys (struct sys_addr *out, BAddr addr)
+{
+    switch (addr.type) {
+        case BADDR_TYPE_IPV4: {
+            out->len = sizeof(out->addr.ipv4);
+            memset(&out->addr.ipv4, 0, sizeof(out->addr.ipv4));
+            out->addr.ipv4.sin_family = AF_INET;
+            out->addr.ipv4.sin_port = addr.ipv4.port;
+            out->addr.ipv4.sin_addr.s_addr = addr.ipv4.ip;
+        } break;
+        
+        case BADDR_TYPE_IPV6: {
+            out->len = sizeof(out->addr.ipv6);
+            memset(&out->addr.ipv6, 0, sizeof(out->addr.ipv6));
+            out->addr.ipv6.sin6_family = AF_INET6;
+            out->addr.ipv6.sin6_port = addr.ipv6.port;
+            out->addr.ipv6.sin6_flowinfo = 0;
+            memcpy(out->addr.ipv6.sin6_addr.s6_addr, addr.ipv6.ip, 16);
+            out->addr.ipv6.sin6_scope_id = 0;
+        } break;
+        
+#ifdef BADVPN_LINUX
+        case BADDR_TYPE_PACKET: {
+            ASSERT(addr.packet.header_type == BADDR_PACKET_HEADER_TYPE_ETHERNET)
+            memset(&out->addr.packet, 0, sizeof(out->addr.packet));
+            out->len = sizeof(out->addr.packet);
+            out->addr.packet.sll_family = AF_PACKET;
+            out->addr.packet.sll_protocol = addr.packet.phys_proto;
+            out->addr.packet.sll_ifindex = addr.packet.interface_index;
+            out->addr.packet.sll_hatype = 1; // linux/if_arp.h: #define ARPHRD_ETHER 1
+            switch (addr.packet.packet_type) {
+                case BADDR_PACKET_PACKET_TYPE_HOST:
+                    out->addr.packet.sll_pkttype = PACKET_HOST;
+                    break;
+                case BADDR_PACKET_PACKET_TYPE_BROADCAST:
+                    out->addr.packet.sll_pkttype = PACKET_BROADCAST;
+                    break;
+                case BADDR_PACKET_PACKET_TYPE_MULTICAST:
+                    out->addr.packet.sll_pkttype = PACKET_MULTICAST;
+                    break;
+                case BADDR_PACKET_PACKET_TYPE_OTHERHOST:
+                    out->addr.packet.sll_pkttype = PACKET_OTHERHOST;
+                    break;
+                case BADDR_PACKET_PACKET_TYPE_OUTGOING:
+                    out->addr.packet.sll_pkttype = PACKET_OUTGOING;
+                    break;
+                default:
+                    ASSERT(0);
+            }
+            out->addr.packet.sll_halen = 6;
+            memcpy(out->addr.packet.sll_addr, addr.packet.phys_addr, 6);
+        } break;
+#endif
+        
+        default: ASSERT(0);
+    }
+}
+
+static void addr_sys_to_socket (BAddr *out, struct sys_addr addr)
+{
+    switch (addr.addr.generic.sa_family) {
+        case AF_INET: {
+            ASSERT(addr.len == sizeof(struct sockaddr_in))
+            BAddr_InitIPv4(out, addr.addr.ipv4.sin_addr.s_addr, addr.addr.ipv4.sin_port);
+        } break;
+        
+        case AF_INET6: {
+            ASSERT(addr.len == sizeof(struct sockaddr_in6))
+            BAddr_InitIPv6(out, addr.addr.ipv6.sin6_addr.s6_addr, addr.addr.ipv6.sin6_port);
+        } break;
+        
+#ifdef BADVPN_LINUX
+        case AF_PACKET: {
+            if (addr.len < offsetof(struct sockaddr_ll, sll_addr) + 6) {
+                goto fail;
+            }
+            if (addr.addr.packet.sll_hatype != 1) { // linux/if_arp.h: #define ARPHRD_ETHER 1
+                goto fail;
+            }
+            int packet_type;
+            switch (addr.addr.packet.sll_pkttype) {
+                case PACKET_HOST:
+                    packet_type = BADDR_PACKET_PACKET_TYPE_HOST;
+                    break;
+                case PACKET_BROADCAST:
+                    packet_type = BADDR_PACKET_PACKET_TYPE_BROADCAST;
+                    break;
+                case PACKET_MULTICAST:
+                    packet_type = BADDR_PACKET_PACKET_TYPE_MULTICAST;
+                    break;
+                case PACKET_OTHERHOST:
+                    packet_type = BADDR_PACKET_PACKET_TYPE_OTHERHOST;
+                    break;
+                case PACKET_OUTGOING:
+                    packet_type = BADDR_PACKET_PACKET_TYPE_OUTGOING;
+                    break;
+                default:
+                    goto fail;
+            }
+            if (addr.addr.packet.sll_halen != 6) {
+                goto fail;
+            }
+            BAddr_InitPacket(out, addr.addr.packet.sll_protocol, addr.addr.packet.sll_ifindex, BADDR_PACKET_HEADER_TYPE_ETHERNET, packet_type, addr.addr.packet.sll_addr);
+        } break;
+#endif
+        
+        fail:
+        default: {
+            BAddr_InitNone(out);
+        } break;
+    }
+}
+
+static void set_pktinfo (int fd, int family)
+{
+    int opt = 1;
+    
+    switch (family) {
+        case BADDR_TYPE_IPV4: {
+#ifdef BADVPN_FREEBSD
+            if (setsockopt(fd, IPPROTO_IP, IP_RECVDSTADDR, &opt, sizeof(opt)) < 0) {
+                BLog(BLOG_ERROR, "setsockopt(IP_RECVDSTADDR) failed");
+            }
+#else
+            if (setsockopt(fd, IPPROTO_IP, IP_PKTINFO, &opt, sizeof(opt)) < 0) {
+                BLog(BLOG_ERROR, "setsockopt(IP_PKTINFO) failed");
+            }
+#endif
+        } break;
+        
+#ifdef IPV6_RECVPKTINFO
+        case BADDR_TYPE_IPV6: {
+            if (setsockopt(fd, IPPROTO_IPV6, IPV6_RECVPKTINFO, &opt, sizeof(opt)) < 0) {
+                BLog(BLOG_ERROR, "setsockopt(IPV6_RECVPKTINFO) failed");
+            }
+        } break;
+#endif
+    }
+}
+
+static void report_error (BDatagram *o)
+{
+    DebugError_AssertNoError(&o->d_err);
+    
+    // report error
+    DEBUGERROR(&o->d_err, o->handler(o->user, BDATAGRAM_EVENT_ERROR));
+    return;
+}
+
+static void do_send (BDatagram *o)
+{
+    DebugError_AssertNoError(&o->d_err);
+    ASSERT(o->send.inited)
+    ASSERT(o->send.busy)
+    ASSERT(o->send.have_addrs)
+    
+    // limit
+    if (!BReactorLimit_Increment(&o->send.limit)) {
+        // wait for fd
+        o->wait_events |= BREACTOR_WRITE;
+        BReactor_SetFileDescriptorEvents(o->reactor, &o->bfd, o->wait_events);
+        return;
+    }
+    
+    // convert destination address
+    struct sys_addr sysaddr;
+    addr_socket_to_sys(&sysaddr, o->send.remote_addr);
+    
+    struct iovec iov;
+    iov.iov_base = (uint8_t *)o->send.busy_data;
+    iov.iov_len = o->send.busy_data_len;
+    
+    union {
+#ifdef BADVPN_FREEBSD
+        char in[CMSG_SPACE(sizeof(struct in_addr))];
+#else
+        char in[CMSG_SPACE(sizeof(struct in_pktinfo))];
+#endif
+        char in6[CMSG_SPACE(sizeof(struct in6_pktinfo))];
+    } cdata;
+    
+    struct msghdr msg;
+    memset(&msg, 0, sizeof(msg));
+    msg.msg_name = &sysaddr.addr.generic;
+    msg.msg_namelen = sysaddr.len;
+    msg.msg_iov = &iov;
+    msg.msg_iovlen = 1;
+    msg.msg_control = &cdata;
+    msg.msg_controllen = sizeof(cdata);
+    
+    struct cmsghdr *cmsg = CMSG_FIRSTHDR(&msg);
+    
+    size_t controllen = 0;
+#ifdef __APPLE__
+    int bytes = -1;
+    switch (o->send.local_addr.type) {
+        case BADDR_TYPE_IPV4: {
+            bytes = sendto(o->fd, iov.iov_base, iov.iov_len, 0, msg.msg_name, msg.msg_namelen);
+        } break;
+
+        case BADDR_TYPE_IPV6: {
+            memset(cmsg, 0, CMSG_SPACE(sizeof(struct in6_pktinfo)));
+            cmsg->cmsg_level = IPPROTO_IPV6;
+            cmsg->cmsg_type = IPV6_PKTINFO;
+            cmsg->cmsg_len = CMSG_LEN(sizeof(struct in6_pktinfo));
+            struct in6_pktinfo *pktinfo = (struct in6_pktinfo *)CMSG_DATA(cmsg);
+            memcpy(pktinfo->ipi6_addr.s6_addr, o->send.local_addr.ipv6, 16);
+            controllen += CMSG_SPACE(sizeof(struct in6_pktinfo));
+            msg.msg_controllen = controllen;
+            if (msg.msg_controllen == 0) {
+                msg.msg_control = NULL;
+            }
+            bytes = sendmsg(o->fd, &msg, 0);
+        } break;
+    }
+#else
+    switch (o->send.local_addr.type) {
+        case BADDR_TYPE_IPV4: {
+#ifdef BADVPN_FREEBSD
+            memset(cmsg, 0, CMSG_SPACE(sizeof(struct in_addr)));
+            cmsg->cmsg_level = IPPROTO_IP;
+            cmsg->cmsg_type = IP_SENDSRCADDR;
+            cmsg->cmsg_len = CMSG_LEN(sizeof(struct in_addr));
+            struct in_addr *addrinfo = (struct in_addr *)CMSG_DATA(cmsg);
+            addrinfo->s_addr = o->send.local_addr.ipv4;
+            controllen += CMSG_SPACE(sizeof(struct in_addr));
+#else
+            memset(cmsg, 0, CMSG_SPACE(sizeof(struct in_pktinfo)));
+            cmsg->cmsg_level = IPPROTO_IP;
+            cmsg->cmsg_type = IP_PKTINFO;
+            cmsg->cmsg_len = CMSG_LEN(sizeof(struct in_pktinfo));
+            struct in_pktinfo *pktinfo = (struct in_pktinfo *)CMSG_DATA(cmsg);
+            pktinfo->ipi_spec_dst.s_addr = o->send.local_addr.ipv4;
+            controllen += CMSG_SPACE(sizeof(struct in_pktinfo));
+#endif
+        } break;
+        
+        case BADDR_TYPE_IPV6: {
+            memset(cmsg, 0, CMSG_SPACE(sizeof(struct in6_pktinfo)));
+            cmsg->cmsg_level = IPPROTO_IPV6;
+            cmsg->cmsg_type = IPV6_PKTINFO;
+            cmsg->cmsg_len = CMSG_LEN(sizeof(struct in6_pktinfo));
+            struct in6_pktinfo *pktinfo = (struct in6_pktinfo *)CMSG_DATA(cmsg);
+            memcpy(pktinfo->ipi6_addr.s6_addr, o->send.local_addr.ipv6, 16);
+            controllen += CMSG_SPACE(sizeof(struct in6_pktinfo));
+        } break;
+    }
+    
+    msg.msg_controllen = controllen;
+    
+    if (msg.msg_controllen == 0) {
+        msg.msg_control = NULL;
+    }
+    
+    // send
+    int bytes = sendmsg(o->fd, &msg, 0);
+#endif
+    if (bytes < 0) {
+        if (errno == EAGAIN || errno == EWOULDBLOCK) {
+            // wait for fd
+            o->wait_events |= BREACTOR_WRITE;
+            BReactor_SetFileDescriptorEvents(o->reactor, &o->bfd, o->wait_events);
+            return;
+        }
+        
+        BLog(BLOG_ERROR, "send failed");
+        report_error(o);
+        return;
+    }
+    
+    ASSERT(bytes >= 0)
+    ASSERT(bytes <= o->send.busy_data_len)
+    
+    if (bytes < o->send.busy_data_len) {
+        BLog(BLOG_ERROR, "send sent too little");
+    }
+    
+    // if recv wasn't started yet, start it
+    if (!o->recv.started) {
+        // set recv started
+        o->recv.started = 1;
+        
+        // continue receiving
+        if (o->recv.inited && o->recv.busy) {
+            BPending_Set(&o->recv.job);
+        }
+    }
+    
+    // set not busy
+    o->send.busy = 0;
+    
+    // done
+    PacketPassInterface_Done(&o->send.iface);
+}
+
+static void do_recv (BDatagram *o)
+{
+    DebugError_AssertNoError(&o->d_err);
+    ASSERT(o->recv.inited)
+    ASSERT(o->recv.busy)
+    ASSERT(o->recv.started)
+    
+    // limit
+    if (!BReactorLimit_Increment(&o->recv.limit)) {
+        // wait for fd
+        o->wait_events |= BREACTOR_READ;
+        BReactor_SetFileDescriptorEvents(o->reactor, &o->bfd, o->wait_events);
+        return;
+    }
+    
+    struct sys_addr sysaddr;
+    
+    struct iovec iov;
+    iov.iov_base = o->recv.busy_data;
+    iov.iov_len = o->recv.mtu;
+    
+    union {
+#ifdef BADVPN_FREEBSD
+        char in[CMSG_SPACE(sizeof(struct in_addr))];
+#else
+        char in[CMSG_SPACE(sizeof(struct in_pktinfo))];
+#endif
+        char in6[CMSG_SPACE(sizeof(struct in6_pktinfo))];
+    } cdata;
+    
+    struct msghdr msg;
+    memset(&msg, 0, sizeof(msg));
+    msg.msg_name = &sysaddr.addr.generic;
+    msg.msg_namelen = sizeof(sysaddr.addr);
+    msg.msg_iov = &iov;
+    msg.msg_iovlen = 1;
+    msg.msg_control = &cdata;
+    msg.msg_controllen = sizeof(cdata);
+    
+    // recv
+    int bytes = recvmsg(o->fd, &msg, 0);
+    if (bytes < 0) {
+        if (errno == EAGAIN || errno == EWOULDBLOCK) {
+            // wait for fd
+            o->wait_events |= BREACTOR_READ;
+            BReactor_SetFileDescriptorEvents(o->reactor, &o->bfd, o->wait_events);
+            return;
+        }
+        
+        BLog(BLOG_ERROR, "recv failed");
+        report_error(o);
+        return;
+    }
+    
+    ASSERT(bytes >= 0)
+    ASSERT(bytes <= o->recv.mtu)
+    
+    // read returned address
+    sysaddr.len = msg.msg_namelen;
+    addr_sys_to_socket(&o->recv.remote_addr, sysaddr);
+    
+    // read returned local address
+    BIPAddr_InitInvalid(&o->recv.local_addr);
+    for (struct cmsghdr *cmsg = CMSG_FIRSTHDR(&msg); cmsg; cmsg = CMSG_NXTHDR(&msg, cmsg)) {
+#ifdef BADVPN_FREEBSD
+        if (cmsg->cmsg_level == IPPROTO_IP && cmsg->cmsg_type == IP_RECVDSTADDR) {
+            struct in_addr *addrinfo = (struct in_addr *)CMSG_DATA(cmsg);
+            BIPAddr_InitIPv4(&o->recv.local_addr, addrinfo->s_addr);
+        }
+#else
+        if (cmsg->cmsg_level == IPPROTO_IP && cmsg->cmsg_type == IP_PKTINFO) {
+            struct in_pktinfo *pktinfo = (struct in_pktinfo *)CMSG_DATA(cmsg);
+            BIPAddr_InitIPv4(&o->recv.local_addr, pktinfo->ipi_addr.s_addr);
+        }
+#endif
+        else if (cmsg->cmsg_level == IPPROTO_IPV6 && cmsg->cmsg_type == IPV6_PKTINFO) {
+            struct in6_pktinfo *pktinfo = (struct in6_pktinfo *)CMSG_DATA(cmsg);
+            BIPAddr_InitIPv6(&o->recv.local_addr, pktinfo->ipi6_addr.s6_addr);
+        }
+    }
+    
+    // set have addresses
+    o->recv.have_addrs = 1;
+    
+    // set not busy
+    o->recv.busy = 0;
+    
+    // done
+    PacketRecvInterface_Done(&o->recv.iface, bytes);
+}
+
+static void fd_handler (BDatagram *o, int events)
+{
+    DebugObject_Access(&o->d_obj);
+    DebugError_AssertNoError(&o->d_err);
+    
+    // clear handled events
+    o->wait_events &= ~events;
+    BReactor_SetFileDescriptorEvents(o->reactor, &o->bfd, o->wait_events);
+    
+    int have_send = 0;
+    int have_recv = 0;
+    
+    if ((events & BREACTOR_WRITE) || ((events & (BREACTOR_ERROR|BREACTOR_HUP)) && o->send.inited && o->send.busy && o->send.have_addrs)) {
+        ASSERT(o->send.inited)
+        ASSERT(o->send.busy)
+        ASSERT(o->send.have_addrs)
+        
+        have_send = 1;
+    }
+    
+    if ((events & BREACTOR_READ) || ((events & (BREACTOR_ERROR|BREACTOR_HUP)) && o->recv.inited && o->recv.busy && o->recv.started)) {
+        ASSERT(o->recv.inited)
+        ASSERT(o->recv.busy)
+        ASSERT(o->recv.started)
+        
+        have_recv = 1;
+    }
+    
+    if (have_send) {
+        if (have_recv) {
+            BPending_Set(&o->recv.job);
+        }
+        
+        do_send(o);
+        return;
+    }
+    
+    if (have_recv) {
+        do_recv(o);
+        return;
+    }
+    
+    BLog(BLOG_ERROR, "fd error event");
+    report_error(o);
+    return;
+}
+
+static void send_job_handler (BDatagram *o)
+{
+    DebugObject_Access(&o->d_obj);
+    DebugError_AssertNoError(&o->d_err);
+    ASSERT(o->send.inited)
+    ASSERT(o->send.busy)
+    ASSERT(o->send.have_addrs)
+    
+    do_send(o);
+    return;
+}
+
+static void recv_job_handler (BDatagram *o)
+{
+    DebugObject_Access(&o->d_obj);
+    DebugError_AssertNoError(&o->d_err);
+    ASSERT(o->recv.inited)
+    ASSERT(o->recv.busy)
+    ASSERT(o->recv.started)
+    
+    do_recv(o);
+    return;
+}
+
+static void send_if_handler_send (BDatagram *o, uint8_t *data, int data_len)
+{
+    DebugObject_Access(&o->d_obj);
+    DebugError_AssertNoError(&o->d_err);
+    ASSERT(o->send.inited)
+    ASSERT(!o->send.busy)
+    ASSERT(data_len >= 0)
+    ASSERT(data_len <= o->send.mtu)
+    
+    // remember data
+    o->send.busy_data = data;
+    o->send.busy_data_len = data_len;
+    
+    // set busy
+    o->send.busy = 1;
+    
+    // if have no addresses, wait
+    if (!o->send.have_addrs) {
+        return;
+    }
+    
+    // set job
+    BPending_Set(&o->send.job);
+}
+
+static void recv_if_handler_recv (BDatagram *o, uint8_t *data)
+{
+    DebugObject_Access(&o->d_obj);
+    DebugError_AssertNoError(&o->d_err);
+    ASSERT(o->recv.inited)
+    ASSERT(!o->recv.busy)
+    
+    // remember data
+    o->recv.busy_data = data;
+    
+    // set busy
+    o->recv.busy = 1;
+    
+    // if recv not started yet, wait
+    if (!o->recv.started) {
+        return;
+    }
+    
+    // set job
+    BPending_Set(&o->recv.job);
+}
+
+int BDatagram_AddressFamilySupported (int family)
+{
+    switch (family) {
+        case BADDR_TYPE_IPV4:
+        case BADDR_TYPE_IPV6:
+#ifdef BADVPN_LINUX
+        case BADDR_TYPE_PACKET:
+#endif
+            return 1;
+    }
+    
+    return 0;
+}
+
+int BDatagram_Init (BDatagram *o, int family, BReactor *reactor, void *user,
+                    BDatagram_handler handler)
+{
+    ASSERT(BDatagram_AddressFamilySupported(family))
+    ASSERT(handler)
+    BNetwork_Assert();
+    
+    // init arguments
+    o->reactor = reactor;
+    o->user = user;
+    o->handler = handler;
+    
+    // init fd
+    if ((o->fd = socket(family_socket_to_sys(family), SOCK_DGRAM, 0)) < 0) {
+        BLog(BLOG_ERROR, "socket failed");
+        goto fail0;
+    }
+    
+    // set fd non-blocking
+    if (!badvpn_set_nonblocking(o->fd)) {
+        BLog(BLOG_ERROR, "badvpn_set_nonblocking failed");
+        goto fail1;
+    }
+    
+    // enable receiving pktinfo
+    set_pktinfo(o->fd, family);
+    
+    // init BFileDescriptor
+    BFileDescriptor_Init(&o->bfd, o->fd, (BFileDescriptor_handler)fd_handler, o);
+    if (!BReactor_AddFileDescriptor(o->reactor, &o->bfd)) {
+        BLog(BLOG_ERROR, "BReactor_AddFileDescriptor failed");
+        goto fail1;
+    }
+    
+    // set no wait events
+    o->wait_events = 0;
+    
+    // init limits
+    BReactorLimit_Init(&o->send.limit, o->reactor, BDATAGRAM_SEND_LIMIT);
+    BReactorLimit_Init(&o->recv.limit, o->reactor, BDATAGRAM_RECV_LIMIT);
+    
+    // set have no send and recv addresses
+    o->send.have_addrs = 0;
+    o->recv.have_addrs = 0;
+    
+    // set recv not started
+    o->recv.started = 0;
+    
+    // set send and recv not inited
+    o->send.inited = 0;
+    o->recv.inited = 0;
+    
+    DebugError_Init(&o->d_err, BReactor_PendingGroup(o->reactor));
+    DebugObject_Init(&o->d_obj);
+    return 1;
+    
+fail1:
+    if (close(o->fd) < 0) {
+        BLog(BLOG_ERROR, "close failed");
+    }
+fail0:
+    return 0;
+}
+
+void BDatagram_Free (BDatagram *o)
+{
+    DebugObject_Free(&o->d_obj);
+    DebugError_Free(&o->d_err);
+    ASSERT(!o->recv.inited)
+    ASSERT(!o->send.inited)
+    
+    // free limits
+    BReactorLimit_Free(&o->recv.limit);
+    BReactorLimit_Free(&o->send.limit);
+    
+    // free BFileDescriptor
+    BReactor_RemoveFileDescriptor(o->reactor, &o->bfd);
+    
+    // free fd
+    if (close(o->fd) < 0) {
+        BLog(BLOG_ERROR, "close failed");
+    }
+}
+
+int BDatagram_Bind (BDatagram *o, BAddr addr)
+{
+    DebugObject_Access(&o->d_obj);
+    DebugError_AssertNoError(&o->d_err);
+    ASSERT(BDatagram_AddressFamilySupported(addr.type))
+    
+    // translate address
+    struct sys_addr sysaddr;
+    addr_socket_to_sys(&sysaddr, addr);
+    
+    // bind
+    if (bind(o->fd, &sysaddr.addr.generic, sysaddr.len) < 0) {
+        BLog(BLOG_ERROR, "bind failed");
+        return 0;
+    }
+    
+    // if recv wasn't started yet, start it
+    if (!o->recv.started) {
+        // set recv started
+        o->recv.started = 1;
+        
+        // continue receiving
+        if (o->recv.inited && o->recv.busy) {
+            BPending_Set(&o->recv.job);
+        }
+    }
+    
+    return 1;
+}
+
+void BDatagram_SetSendAddrs (BDatagram *o, BAddr remote_addr, BIPAddr local_addr)
+{
+    DebugObject_Access(&o->d_obj);
+    DebugError_AssertNoError(&o->d_err);
+    ASSERT(BDatagram_AddressFamilySupported(remote_addr.type))
+    ASSERT(local_addr.type == BADDR_TYPE_NONE || BDatagram_AddressFamilySupported(local_addr.type))
+    
+    // set addresses
+    o->send.remote_addr = remote_addr;
+    o->send.local_addr = local_addr;
+    
+    if (!o->send.have_addrs) {
+        // set have addresses
+        o->send.have_addrs = 1;
+        
+        // start sending
+        if (o->send.inited && o->send.busy) {
+            BPending_Set(&o->send.job);
+        }
+    }
+}
+
+int BDatagram_GetLastReceiveAddrs (BDatagram *o, BAddr *remote_addr, BIPAddr *local_addr)
+{
+    DebugObject_Access(&o->d_obj);
+    
+    if (!o->recv.have_addrs) {
+        return 0;
+    }
+    
+    *remote_addr = o->recv.remote_addr;
+    *local_addr = o->recv.local_addr;
+    return 1;
+}
+
+int BDatagram_GetFd (BDatagram *o)
+{
+    DebugObject_Access(&o->d_obj);
+    
+    return o->fd;
+}
+
+int BDatagram_SetReuseAddr (BDatagram *o, int reuse)
+{
+    DebugObject_Access(&o->d_obj);
+    ASSERT(reuse == 0 || reuse == 1)
+    
+    if (setsockopt(o->fd, SOL_SOCKET, SO_REUSEADDR, &reuse, sizeof(reuse)) < 0) {
+        return 0;
+    }
+    
+    return 1;
+}
+
+void BDatagram_SendAsync_Init (BDatagram *o, int mtu)
+{
+    DebugObject_Access(&o->d_obj);
+    DebugError_AssertNoError(&o->d_err);
+    ASSERT(!o->send.inited)
+    ASSERT(mtu >= 0)
+    
+    // init arguments
+    o->send.mtu = mtu;
+    
+    // init interface
+    PacketPassInterface_Init(&o->send.iface, o->send.mtu, (PacketPassInterface_handler_send)send_if_handler_send, o, BReactor_PendingGroup(o->reactor));
+    
+    // init job
+    BPending_Init(&o->send.job, BReactor_PendingGroup(o->reactor), (BPending_handler)send_job_handler, o);
+    
+    // set not busy
+    o->send.busy = 0;
+    
+    // set inited
+    o->send.inited = 1;
+}
+
+void BDatagram_SendAsync_Free (BDatagram *o)
+{
+    DebugObject_Access(&o->d_obj);
+    ASSERT(o->send.inited)
+    
+    // update events
+    o->wait_events &= ~BREACTOR_WRITE;
+    BReactor_SetFileDescriptorEvents(o->reactor, &o->bfd, o->wait_events);
+    
+    // free job
+    BPending_Free(&o->send.job);
+    
+    // free interface
+    PacketPassInterface_Free(&o->send.iface);
+    
+    // set not inited
+    o->send.inited = 0;
+}
+
+PacketPassInterface * BDatagram_SendAsync_GetIf (BDatagram *o)
+{
+    DebugObject_Access(&o->d_obj);
+    ASSERT(o->send.inited)
+    
+    return &o->send.iface;
+}
+
+void BDatagram_RecvAsync_Init (BDatagram *o, int mtu)
+{
+    DebugObject_Access(&o->d_obj);
+    DebugError_AssertNoError(&o->d_err);
+    ASSERT(!o->recv.inited)
+    ASSERT(mtu >= 0)
+    
+    // init arguments
+    o->recv.mtu = mtu;
+    
+    // init interface
+    PacketRecvInterface_Init(&o->recv.iface, o->recv.mtu, (PacketRecvInterface_handler_recv)recv_if_handler_recv, o, BReactor_PendingGroup(o->reactor));
+    
+    // init job
+    BPending_Init(&o->recv.job, BReactor_PendingGroup(o->reactor), (BPending_handler)recv_job_handler, o);
+    
+    // set not busy
+    o->recv.busy = 0;
+    
+    // set inited
+    o->recv.inited = 1;
+}
+
+void BDatagram_RecvAsync_Free (BDatagram *o)
+{
+    DebugObject_Access(&o->d_obj);
+    ASSERT(o->recv.inited)
+    
+    // update events
+    o->wait_events &= ~BREACTOR_READ;
+    BReactor_SetFileDescriptorEvents(o->reactor, &o->bfd, o->wait_events);
+    
+    // free job
+    BPending_Free(&o->recv.job);
+    
+    // free interface
+    PacketRecvInterface_Free(&o->recv.iface);
+    
+    // set not inited
+    o->recv.inited = 0;
+}
+
+PacketRecvInterface * BDatagram_RecvAsync_GetIf (BDatagram *o)
+{
+    DebugObject_Access(&o->d_obj);
+    ASSERT(o->recv.inited)
+    
+    return &o->recv.iface;
+}
diff --git a/client/3rd/PacketProcessor/PacketProcessor/tun2socks-iOS/system/BDatagram_unix.h b/client/3rd/PacketProcessor/PacketProcessor/tun2socks-iOS/system/BDatagram_unix.h
new file mode 100644
index 00000000..ffc5a529
--- /dev/null
+++ b/client/3rd/PacketProcessor/PacketProcessor/tun2socks-iOS/system/BDatagram_unix.h
@@ -0,0 +1,71 @@
+/**
+ * @file BDatagram_unix.h
+ * @author Ambroz Bizjak <ambrop7@gmail.com>
+ * 
+ * @section LICENSE
+ * 
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions are met:
+ * 1. Redistributions of source code must retain the above copyright
+ *    notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in the
+ *    documentation and/or other materials provided with the distribution.
+ * 3. Neither the name of the author nor the
+ *    names of its contributors may be used to endorse or promote products
+ *    derived from this software without specific prior written permission.
+ * 
+ * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS" AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED
+ * WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE
+ * DISCLAIMED. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY
+ * DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES
+ * (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
+ * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND
+ * ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
+ * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS
+ * SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
+ */
+
+#include "misc/debugerror.h"
+#include "base/DebugObject.h"
+
+#define BDATAGRAM_SEND_LIMIT 2
+#define BDATAGRAM_RECV_LIMIT 2
+
+struct BDatagram_s {
+    BReactor *reactor;
+    void *user;
+    BDatagram_handler handler;
+    int fd;
+    BFileDescriptor bfd;
+    int wait_events;
+    struct {
+        BReactorLimit limit;
+        int have_addrs;
+        BAddr remote_addr;
+        BIPAddr local_addr;
+        int inited;
+        int mtu;
+        PacketPassInterface iface;
+        BPending job;
+        int busy;
+        const uint8_t *busy_data;
+        int busy_data_len;
+    } send;
+    struct {
+        BReactorLimit limit;
+        int started;
+        int have_addrs;
+        BAddr remote_addr;
+        BIPAddr local_addr;
+        int inited;
+        int mtu;
+        PacketRecvInterface iface;
+        BPending job;
+        int busy;
+        uint8_t *busy_data;
+    } recv;
+    DebugError d_err;
+    DebugObject d_obj;
+};
diff --git a/client/3rd/PacketProcessor/PacketProcessor/tun2socks-iOS/system/BNetwork.c b/client/3rd/PacketProcessor/PacketProcessor/tun2socks-iOS/system/BNetwork.c
new file mode 100644
index 00000000..82fb266b
--- /dev/null
+++ b/client/3rd/PacketProcessor/PacketProcessor/tun2socks-iOS/system/BNetwork.c
@@ -0,0 +1,99 @@
+/**
+ * @file BNetwork.c
+ * @author Ambroz Bizjak <ambrop7@gmail.com>
+ * 
+ * @section LICENSE
+ * 
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions are met:
+ * 1. Redistributions of source code must retain the above copyright
+ *    notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in the
+ *    documentation and/or other materials provided with the distribution.
+ * 3. Neither the name of the author nor the
+ *    names of its contributors may be used to endorse or promote products
+ *    derived from this software without specific prior written permission.
+ * 
+ * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS" AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED
+ * WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE
+ * DISCLAIMED. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY
+ * DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES
+ * (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
+ * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND
+ * ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
+ * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS
+ * SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
+ */
+
+#ifdef BADVPN_USE_WINAPI
+#include <windows.h>
+#include <winsock2.h>
+#include <mswsock.h>
+#else
+#include <string.h>
+#include <signal.h>
+#endif
+
+#include "misc/debug.h"
+#include "base/BLog.h"
+
+#include "system/BNetwork.h"
+
+#include "generated/blog_channel_BNetwork.h"
+
+extern int bnetwork_initialized;
+
+#ifndef BADVPN_PLUGIN
+int bnetwork_initialized = 0;
+#endif
+
+int BNetwork_GlobalInit (void)
+{
+    ASSERT(!bnetwork_initialized)
+    
+#ifdef BADVPN_USE_WINAPI
+    
+    WORD requested = MAKEWORD(2, 2);
+    WSADATA wsadata;
+    if (WSAStartup(requested, &wsadata) != 0) {
+        BLog(BLOG_ERROR, "WSAStartup failed");
+        goto fail0;
+    }
+    if (wsadata.wVersion != requested) {
+        BLog(BLOG_ERROR, "WSAStartup returned wrong version");
+        goto fail1;
+    }
+    
+#else
+    
+    struct sigaction act;
+    memset(&act, 0, sizeof(act));
+    act.sa_handler = SIG_IGN;
+    sigemptyset(&act.sa_mask);
+    act.sa_flags = 0;
+    if (sigaction(SIGPIPE, &act, NULL) < 0) {
+        BLog(BLOG_ERROR, "sigaction failed");
+        goto fail0;
+    }
+    
+#endif
+    
+    bnetwork_initialized = 1;
+    
+    return 1;
+    
+#ifdef BADVPN_USE_WINAPI
+fail1:
+    WSACleanup();
+#endif
+    
+fail0:
+    return 0;
+}
+
+void BNetwork_Assert (void)
+{
+    ASSERT(bnetwork_initialized)
+}
diff --git a/client/3rd/PacketProcessor/PacketProcessor/tun2socks-iOS/system/BNetwork.h b/client/3rd/PacketProcessor/PacketProcessor/tun2socks-iOS/system/BNetwork.h
new file mode 100644
index 00000000..0db1744c
--- /dev/null
+++ b/client/3rd/PacketProcessor/PacketProcessor/tun2socks-iOS/system/BNetwork.h
@@ -0,0 +1,36 @@
+/**
+ * @file BNetwork.h
+ * @author Ambroz Bizjak <ambrop7@gmail.com>
+ * 
+ * @section LICENSE
+ * 
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions are met:
+ * 1. Redistributions of source code must retain the above copyright
+ *    notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in the
+ *    documentation and/or other materials provided with the distribution.
+ * 3. Neither the name of the author nor the
+ *    names of its contributors may be used to endorse or promote products
+ *    derived from this software without specific prior written permission.
+ * 
+ * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS" AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED
+ * WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE
+ * DISCLAIMED. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY
+ * DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES
+ * (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
+ * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND
+ * ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
+ * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS
+ * SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
+ */
+
+#ifndef BADVPN_SYSTEM_BNETWORK_H
+#define BADVPN_SYSTEM_BNETWORK_H
+
+int BNetwork_GlobalInit (void);
+void BNetwork_Assert (void);
+
+#endif
diff --git a/client/3rd/PacketProcessor/PacketProcessor/tun2socks-iOS/system/BReactor.h b/client/3rd/PacketProcessor/PacketProcessor/tun2socks-iOS/system/BReactor.h
new file mode 100644
index 00000000..4c0fa5be
--- /dev/null
+++ b/client/3rd/PacketProcessor/PacketProcessor/tun2socks-iOS/system/BReactor.h
@@ -0,0 +1,11 @@
+#if defined(BADVPN_BREACTOR_BADVPN) + defined(BADVPN_BREACTOR_GLIB) + defined(BADVPN_BREACTOR_EMSCRIPTEN) != 1
+#error No reactor backend or too many reactor backens
+#endif
+
+#if defined(BADVPN_BREACTOR_BADVPN)
+#include "BReactor_badvpn.h"
+#elif defined(BADVPN_BREACTOR_GLIB)
+#include "BReactor_glib.h"
+#elif defined(BADVPN_BREACTOR_EMSCRIPTEN)
+#include "BReactor_emscripten.h"
+#endif
diff --git a/client/3rd/PacketProcessor/PacketProcessor/tun2socks-iOS/system/BReactor_badvpn.c b/client/3rd/PacketProcessor/PacketProcessor/tun2socks-iOS/system/BReactor_badvpn.c
new file mode 100644
index 00000000..29e96ebd
--- /dev/null
+++ b/client/3rd/PacketProcessor/PacketProcessor/tun2socks-iOS/system/BReactor_badvpn.c
@@ -0,0 +1,1430 @@
+/**
+ * @file BReactor_badvpn.c
+ * @author Ambroz Bizjak <ambrop7@gmail.com>
+ * 
+ * @section LICENSE
+ * 
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions are met:
+ * 1. Redistributions of source code must retain the above copyright
+ *    notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in the
+ *    documentation and/or other materials provided with the distribution.
+ * 3. Neither the name of the author nor the
+ *    names of its contributors may be used to endorse or promote products
+ *    derived from this software without specific prior written permission.
+ * 
+ * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS" AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED
+ * WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE
+ * DISCLAIMED. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY
+ * DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES
+ * (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
+ * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND
+ * ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
+ * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS
+ * SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
+ */
+
+#include <stdlib.h>
+#include <string.h>
+#include <stdio.h>
+#include <stddef.h>
+
+#ifdef BADVPN_USE_WINAPI
+#include <windows.h>
+#else
+#include <limits.h>
+#include <sys/types.h>
+#include <errno.h>
+#include <unistd.h>
+#endif
+
+#include "misc/debug.h"
+#include "misc/offset.h"
+#include "misc/balloc.h"
+#include "misc/compare.h"
+#include "base/BLog.h"
+
+#include "system/BReactor.h"
+
+#include "generated/blog_channel_BReactor.h"
+
+#define KEVENT_TAG_FD 1
+#define KEVENT_TAG_KEVENT 2
+
+#define TIMER_STATE_INACTIVE 1
+#define TIMER_STATE_RUNNING 2
+#define TIMER_STATE_EXPIRED 3
+
+static int compare_timers (BSmallTimer *t1, BSmallTimer *t2)
+{
+    int cmp = B_COMPARE(t1->absTime, t2->absTime);
+    if (cmp) {
+        return cmp;
+    }
+    
+    return B_COMPARE((uintptr_t)t1, (uintptr_t)t2);
+}
+
+#include "BReactor_badvpn_timerstree.h"
+#include "structure/CAvl_impl.h"
+
+static void assert_timer (BSmallTimer *bt)
+{
+    ASSERT(bt->state == TIMER_STATE_INACTIVE || bt->state == TIMER_STATE_RUNNING ||
+           bt->state == TIMER_STATE_EXPIRED)
+}
+
+static int move_expired_timers (BReactor *bsys, btime_t now)
+{
+    int moved = 0;
+    
+    // move timed out timers to the expired list
+    BReactor__TimersTreeRef ref;
+    BSmallTimer *timer;
+    while (timer = (ref = BReactor__TimersTree_GetFirst(&bsys->timers_tree, 0)).link) {
+        ASSERT(timer->state == TIMER_STATE_RUNNING)
+        
+        // if it's in the future, stop
+        if (timer->absTime > now) {
+            break;
+        }
+        moved = 1;
+        
+        // remove from running timers tree
+        BReactor__TimersTree_Remove(&bsys->timers_tree, 0, ref);
+        
+        // add to expired timers list
+        LinkedList1_Append(&bsys->timers_expired_list, &timer->u.list_node);
+
+        // set expired
+        timer->state = TIMER_STATE_EXPIRED;
+    }
+
+    return moved;
+}
+
+static void move_first_timers (BReactor *bsys)
+{
+    BReactor__TimersTreeRef ref;
+    
+    // get the time of the first timer
+    BSmallTimer *first_timer = (ref = BReactor__TimersTree_GetFirst(&bsys->timers_tree, 0)).link;
+    ASSERT(first_timer)
+    ASSERT(first_timer->state == TIMER_STATE_RUNNING)
+    btime_t first_time = first_timer->absTime;
+    
+    // remove from running timers tree
+    BReactor__TimersTree_Remove(&bsys->timers_tree, 0, ref);
+    
+    // add to expired timers list
+    LinkedList1_Append(&bsys->timers_expired_list, &first_timer->u.list_node);
+    
+    // set expired
+    first_timer->state = TIMER_STATE_EXPIRED;
+    
+    // also move other timers with the same timeout
+    BSmallTimer *timer;
+    while (timer = (ref = BReactor__TimersTree_GetFirst(&bsys->timers_tree, 0)).link) {
+        ASSERT(timer->state == TIMER_STATE_RUNNING)
+        ASSERT(timer->absTime >= first_time)
+        
+        // if it's in the future, stop
+        if (timer->absTime > first_time) {
+            break;
+        }
+        
+        // remove from running timers tree
+        BReactor__TimersTree_Remove(&bsys->timers_tree, 0, ref);
+        
+        // add to expired timers list
+        LinkedList1_Append(&bsys->timers_expired_list, &timer->u.list_node);
+        
+        // set expired
+        timer->state = TIMER_STATE_EXPIRED;
+    }
+}
+
+#ifdef BADVPN_USE_WINAPI
+
+static void set_iocp_ready (BReactorIOCPOverlapped *olap, int succeeded, DWORD bytes)
+{
+    BReactor *reactor = olap->reactor;
+    ASSERT(!olap->is_ready)
+    
+    // set parameters
+    olap->ready_succeeded = succeeded;
+    olap->ready_bytes = bytes;
+    
+    // insert to IOCP ready list
+    LinkedList1_Append(&reactor->iocp_ready_list, &olap->ready_list_node);
+    
+    // set ready
+    olap->is_ready = 1;
+}
+
+#endif
+
+#ifdef BADVPN_USE_EPOLL
+
+static void set_epoll_fd_pointers (BReactor *bsys)
+{
+    // Write pointers to our entry pointers into file descriptors.
+    // If a handler function frees some other file descriptor, the
+    // free routine will set our pointer to NULL so we don't dispatch it.
+    for (int i = 0; i < bsys->epoll_results_num; i++) {
+        struct epoll_event *event = &bsys->epoll_results[i];
+        ASSERT(event->data.ptr)
+        BFileDescriptor *bfd = (BFileDescriptor *)event->data.ptr;
+        ASSERT(bfd->active)
+        ASSERT(!bfd->epoll_returned_ptr)
+        bfd->epoll_returned_ptr = (BFileDescriptor **)&event->data.ptr;
+    }
+}
+
+#endif
+
+#ifdef BADVPN_USE_KEVENT
+
+static void set_kevent_fd_pointers (BReactor *bsys)
+{
+    for (int i = 0; i < bsys->kevent_results_num; i++) {
+        struct kevent *event = &bsys->kevent_results[i];
+        ASSERT(event->udata)
+        int *tag = event->udata;
+        switch (*tag) {
+            case KEVENT_TAG_FD: {
+                BFileDescriptor *bfd = UPPER_OBJECT(tag, BFileDescriptor, kevent_tag);
+                ASSERT(bfd->active)
+                ASSERT(!bfd->kevent_returned_ptr)
+                bfd->kevent_returned_ptr = (int **)&event->udata;
+            } break;
+            
+            case KEVENT_TAG_KEVENT: {
+                BReactorKEvent *kev = UPPER_OBJECT(tag, BReactorKEvent, kevent_tag);
+                ASSERT(kev->reactor == bsys)
+                ASSERT(!kev->kevent_returned_ptr)
+                kev->kevent_returned_ptr = (int **)&event->udata;
+            } break;
+            
+            default:
+                ASSERT(0);
+        }
+    }
+}
+
+static void update_kevent_fd_events (BReactor *bsys, BFileDescriptor *bs, int events)
+{
+    struct kevent event;
+    
+    if (!(bs->waitEvents & BREACTOR_READ) && (events & BREACTOR_READ)) {
+        memset(&event, 0, sizeof(event));
+        event.ident = bs->fd;
+        event.filter = EVFILT_READ;
+        event.flags = EV_ADD;
+        event.udata = &bs->kevent_tag;
+        ASSERT_FORCE(kevent(bsys->kqueue_fd, &event, 1, NULL, 0, NULL) == 0)
+    }
+    else if ((bs->waitEvents & BREACTOR_READ) && !(events & BREACTOR_READ)) {
+        memset(&event, 0, sizeof(event));
+        event.ident = bs->fd;
+        event.filter = EVFILT_READ;
+        event.flags = EV_DELETE;
+        ASSERT_FORCE(kevent(bsys->kqueue_fd, &event, 1, NULL, 0, NULL) == 0)
+    }
+    
+    if (!(bs->waitEvents & BREACTOR_WRITE) && (events & BREACTOR_WRITE)) {
+        memset(&event, 0, sizeof(event));
+        event.ident = bs->fd;
+        event.filter = EVFILT_WRITE;
+        event.flags = EV_ADD;
+        event.udata = &bs->kevent_tag;
+        ASSERT_FORCE(kevent(bsys->kqueue_fd, &event, 1, NULL, 0, NULL) == 0)
+    }
+    else if ((bs->waitEvents & BREACTOR_WRITE) && !(events & BREACTOR_WRITE)) {
+        memset(&event, 0, sizeof(event));
+        event.ident = bs->fd;
+        event.filter = EVFILT_WRITE;
+        event.flags = EV_DELETE;
+        ASSERT_FORCE(kevent(bsys->kqueue_fd, &event, 1, NULL, 0, NULL) == 0)
+    }
+}
+
+#endif
+
+#ifdef BADVPN_USE_POLL
+
+static void set_poll_fd_pointers (BReactor *bsys)
+{
+    for (int i = 0; i < bsys->poll_results_num; i++) {
+        BFileDescriptor *bfd = bsys->poll_results_bfds[i];
+        ASSERT(bfd)
+        ASSERT(bfd->active)
+        ASSERT(bfd->poll_returned_index == -1)
+        bfd->poll_returned_index = i;
+    }
+}
+
+#endif
+
+static void wait_for_events (BReactor *bsys)
+{
+    // must have processed all pending events
+    ASSERT(!BPendingGroup_HasJobs(&bsys->pending_jobs))
+    ASSERT(LinkedList1_IsEmpty(&bsys->timers_expired_list))
+    #ifdef BADVPN_USE_WINAPI
+    ASSERT(LinkedList1_IsEmpty(&bsys->iocp_ready_list))
+    #endif
+    #ifdef BADVPN_USE_EPOLL
+    ASSERT(bsys->epoll_results_pos == bsys->epoll_results_num)
+    #endif
+    #ifdef BADVPN_USE_KEVENT
+    ASSERT(bsys->kevent_results_pos == bsys->kevent_results_num)
+    #endif
+    #ifdef BADVPN_USE_POLL
+    ASSERT(bsys->poll_results_pos == bsys->poll_results_num)
+    #endif
+
+    // clean up epoll results
+    #ifdef BADVPN_USE_EPOLL
+    bsys->epoll_results_num = 0;
+    bsys->epoll_results_pos = 0;
+    #endif
+    
+    // clean up kevent results
+    #ifdef BADVPN_USE_KEVENT
+    bsys->kevent_results_num = 0;
+    bsys->kevent_results_pos = 0;
+    #endif
+    
+    // clean up poll results
+    #ifdef BADVPN_USE_POLL
+    bsys->poll_results_num = 0;
+    bsys->poll_results_pos = 0;
+    #endif
+    
+    // timeout vars
+    int have_timeout = 0;
+    btime_t timeout_abs;
+    btime_t now = 0; // to remove warning
+    
+    // compute timeout
+    BSmallTimer *first_timer = BReactor__TimersTree_GetFirst(&bsys->timers_tree, 0).link;
+    if (first_timer) {
+        ASSERT(first_timer->state == TIMER_STATE_RUNNING)
+        
+        // get current time
+        now = btime_gettime();
+        
+        // if some timers have already timed out, return them immediately
+        if (move_expired_timers(bsys, now)) {
+            BLog(BLOG_DEBUG, "Got already expired timers");
+            return;
+        }
+        
+        // timeout is first timer, remember absolute time
+        have_timeout = 1;
+        timeout_abs = first_timer->absTime;
+    }
+    
+    // wait until the timeout is reached or the file descriptor / handle in ready
+    while (1) {
+        // compute timeout
+        btime_t timeout_rel = 0; // to remove warning
+        btime_t timeout_rel_trunc = 0; // to remove warning
+        if (have_timeout) {
+            timeout_rel = timeout_abs - now;
+            timeout_rel_trunc = timeout_rel;
+        }
+        
+        // perform wait
+        
+        #ifdef BADVPN_USE_WINAPI
+        
+        if (have_timeout) {
+            if (timeout_rel_trunc > INFINITE - 1) {
+                timeout_rel_trunc = INFINITE - 1;
+            }
+        }
+        
+        DWORD bytes = 0;
+        ULONG_PTR key;
+        BReactorIOCPOverlapped *olap = NULL;
+        BOOL res = GetQueuedCompletionStatus(bsys->iocp_handle, &bytes, &key, (OVERLAPPED **)&olap, (have_timeout ? timeout_rel_trunc : INFINITE));
+        
+        ASSERT_FORCE(olap || have_timeout)
+        
+        if (olap || timeout_rel_trunc == timeout_rel) {
+            if (olap) {
+                BLog(BLOG_DEBUG, "GetQueuedCompletionStatus returned event");
+                
+                DebugObject_Access(&olap->d_obj);
+                ASSERT(olap->reactor == bsys)
+                ASSERT(!olap->is_ready)
+                
+                set_iocp_ready(olap, (res == TRUE), bytes);
+            } else {
+                BLog(BLOG_DEBUG, "GetQueuedCompletionStatus timed out");
+                move_first_timers(bsys);
+            }
+            break;
+        }
+        
+        #endif
+        
+        #ifdef BADVPN_USE_EPOLL
+        
+        if (have_timeout) {
+            if (timeout_rel_trunc > INT_MAX) {
+                timeout_rel_trunc = INT_MAX;
+            }
+        }
+        
+        BLog(BLOG_DEBUG, "Calling epoll_wait");
+        
+        int waitres = epoll_wait(bsys->efd, bsys->epoll_results, BSYSTEM_MAX_RESULTS, (have_timeout ? timeout_rel_trunc : -1));
+        if (waitres < 0) {
+            int error = errno;
+            if (error == EINTR) {
+                BLog(BLOG_DEBUG, "epoll_wait interrupted");
+                goto try_again;
+            }
+            perror("epoll_wait");
+            ASSERT_FORCE(0)
+        }
+        
+        ASSERT_FORCE(!(waitres == 0) || have_timeout)
+        ASSERT_FORCE(waitres <= BSYSTEM_MAX_RESULTS)
+        
+        if (waitres != 0 || timeout_rel_trunc == timeout_rel) {
+            if (waitres != 0) {
+                BLog(BLOG_DEBUG, "epoll_wait returned %d file descriptors", waitres);
+                bsys->epoll_results_num = waitres;
+                set_epoll_fd_pointers(bsys);
+            } else {
+                BLog(BLOG_DEBUG, "epoll_wait timed out");
+                move_first_timers(bsys);
+            }
+            break;
+        }
+        
+        #endif
+        
+        #ifdef BADVPN_USE_KEVENT
+        
+        struct timespec ts;
+        if (have_timeout) {
+            if (timeout_rel_trunc > 86400000) {
+                timeout_rel_trunc = 86400000;
+            }
+            ts.tv_sec = timeout_rel_trunc / 1000;
+            ts.tv_nsec = (timeout_rel_trunc % 1000) * 1000000;
+        }
+        
+//        BLog(BLOG_DEBUG, "Calling kevent");
+        
+        int waitres = kevent(bsys->kqueue_fd, NULL, 0, bsys->kevent_results, BSYSTEM_MAX_RESULTS, (have_timeout ? &ts : NULL));
+        if (waitres < 0) {
+            int error = errno;
+            if (error == EINTR) {
+                BLog(BLOG_DEBUG, "kevent interrupted");
+                goto try_again;
+            }
+            perror("kevent");
+            ASSERT_FORCE(0)
+        }
+        
+        ASSERT_FORCE(!(waitres == 0) || have_timeout)
+        ASSERT_FORCE(waitres <= BSYSTEM_MAX_RESULTS)
+        
+        if (waitres != 0 || timeout_rel_trunc == timeout_rel) {
+            if (waitres != 0) {
+//                BLog(BLOG_DEBUG, "kevent returned %d events", waitres);
+                bsys->kevent_results_num = waitres;
+                set_kevent_fd_pointers(bsys);
+            } else {
+//                BLog(BLOG_DEBUG, "kevent timed out");
+                move_first_timers(bsys);
+            }
+            break;
+        }
+        
+        #endif
+        
+        #ifdef BADVPN_USE_POLL
+        
+        if (have_timeout) {
+            if (timeout_rel_trunc > INT_MAX) {
+                timeout_rel_trunc = INT_MAX;
+            }
+        }
+        
+        ASSERT(bsys->poll_num_enabled_fds >= 0)
+        ASSERT(bsys->poll_num_enabled_fds <= BSYSTEM_MAX_POLL_FDS)
+        int num_fds = 0;
+        
+        LinkedList1Node *list_node = LinkedList1_GetFirst(&bsys->poll_enabled_fds_list);
+        while (list_node) {
+            BFileDescriptor *bfd = UPPER_OBJECT(list_node, BFileDescriptor, poll_enabled_fds_list_node);
+            ASSERT(bfd->active)
+            ASSERT(bfd->poll_returned_index == -1)
+            
+            // calculate poll events
+            int pevents = 0;
+            if ((bfd->waitEvents & BREACTOR_READ)) {
+                pevents |= POLLIN;
+            }
+            if ((bfd->waitEvents & BREACTOR_WRITE)) {
+                pevents |= POLLOUT;
+            }
+            
+            // write pollfd entry
+            struct pollfd *pfd = &bsys->poll_results_pollfds[num_fds];
+            pfd->fd = bfd->fd;
+            pfd->events = pevents;
+            pfd->revents = 0;
+            
+            // write BFileDescriptor reference entry
+            bsys->poll_results_bfds[num_fds] = bfd;
+            
+            // increment number of fds in array
+            num_fds++;
+            
+            list_node = LinkedList1Node_Next(list_node);
+        }
+        
+        BLog(BLOG_DEBUG, "Calling poll");
+        
+        int waitres = poll(bsys->poll_results_pollfds, num_fds, (have_timeout ? timeout_rel_trunc : -1));
+        if (waitres < 0) {
+            int error = errno;
+            if (error == EINTR) {
+                BLog(BLOG_DEBUG, "poll interrupted");
+                goto try_again;
+            }
+            perror("poll");
+            ASSERT_FORCE(0)
+        }
+        
+        ASSERT_FORCE(!(waitres == 0) || have_timeout)
+        
+        if (waitres != 0 || timeout_rel_trunc == timeout_rel) {
+            if (waitres != 0) {
+                BLog(BLOG_DEBUG, "poll returned %d file descriptors", waitres);
+                bsys->poll_results_num = num_fds;
+                bsys->poll_results_pos = 0;
+                set_poll_fd_pointers(bsys);
+            } else {
+                BLog(BLOG_DEBUG, "poll timed out");
+                move_first_timers(bsys);
+            }
+            break;
+        }
+        
+        #endif
+        
+    try_again:
+        if (have_timeout) {
+            // get current time
+            now = btime_gettime();
+            // check if we already reached the time we're waiting for
+            if (now >= timeout_abs) {
+                BLog(BLOG_DEBUG, "already timed out while trying again");
+                move_first_timers(bsys);
+                break;
+            }
+        }
+    }
+    
+    // reset limit objects
+    LinkedList1Node *list_node;
+    while (list_node = LinkedList1_GetFirst(&bsys->active_limits_list)) {
+        BReactorLimit *limit = UPPER_OBJECT(list_node, BReactorLimit, active_limits_list_node);
+        ASSERT(limit->count > 0)
+        limit->count = 0;
+        LinkedList1_Remove(&bsys->active_limits_list, &limit->active_limits_list_node);
+    }
+}
+
+#ifndef BADVPN_USE_WINAPI
+
+void BFileDescriptor_Init (BFileDescriptor *bs, int fd, BFileDescriptor_handler handler, void *user)
+{
+    bs->fd = fd;
+    bs->handler = handler;
+    bs->user = user;
+    bs->active = 0;
+}
+
+#endif
+
+void BSmallTimer_Init (BSmallTimer *bt, BSmallTimer_handler handler)
+{
+    bt->handler.smalll = handler;
+    bt->state = TIMER_STATE_INACTIVE;
+    bt->is_small = 1;
+}
+
+int BSmallTimer_IsRunning (BSmallTimer *bt)
+{
+    assert_timer(bt);
+    
+    return (bt->state != TIMER_STATE_INACTIVE);
+}
+
+void BTimer_Init (BTimer *bt, btime_t msTime, BTimer_handler handler, void *user)
+{
+    bt->base.handler.heavy = handler;
+    bt->base.state = TIMER_STATE_INACTIVE;
+    bt->base.is_small = 0;
+    bt->user = user;
+    bt->msTime = msTime;
+}
+
+int BTimer_IsRunning (BTimer *bt)
+{
+    return BSmallTimer_IsRunning(&bt->base);
+}
+
+int BReactor_Init (BReactor *bsys)
+{
+    BLog(BLOG_DEBUG, "Reactor initializing");
+    
+    // set not exiting
+    bsys->exiting = 0;
+    
+    // init jobs
+    BPendingGroup_Init(&bsys->pending_jobs);
+    
+    // init timers
+    BReactor__TimersTree_Init(&bsys->timers_tree);
+    LinkedList1_Init(&bsys->timers_expired_list);
+    
+    // init limits
+    LinkedList1_Init(&bsys->active_limits_list);
+    
+    #ifdef BADVPN_USE_WINAPI
+    
+    // init IOCP list
+    LinkedList1_Init(&bsys->iocp_list);
+    
+    // init IOCP handle
+    if (!(bsys->iocp_handle = CreateIoCompletionPort(INVALID_HANDLE_VALUE, NULL, 0, 1))) {
+        BLog(BLOG_ERROR, "CreateIoCompletionPort failed");
+        goto fail0;
+    }
+    
+    // init IOCP ready list
+    LinkedList1_Init(&bsys->iocp_ready_list);
+    
+    #endif
+    
+    #ifdef BADVPN_USE_EPOLL
+    
+    // create epoll fd
+    if ((bsys->efd = epoll_create(10)) < 0) {
+        BLog(BLOG_ERROR, "epoll_create failed");
+        goto fail0;
+    }
+    
+    // init results array
+    bsys->epoll_results_num = 0;
+    bsys->epoll_results_pos = 0;
+    
+    #endif
+    
+    #ifdef BADVPN_USE_KEVENT
+    
+    // create kqueue fd
+    if ((bsys->kqueue_fd = kqueue()) < 0) {
+        BLog(BLOG_ERROR, "kqueue failed");
+        goto fail0;
+    }
+    
+    // init results array
+    bsys->kevent_results_num = 0;
+    bsys->kevent_results_pos = 0;
+    
+    #endif
+    
+    #ifdef BADVPN_USE_POLL
+    
+    // init enabled fds list
+    LinkedList1_Init(&bsys->poll_enabled_fds_list);
+    
+    // set zero enabled fds
+    bsys->poll_num_enabled_fds = 0;
+    
+    // allocate results arrays
+    if (!(bsys->poll_results_pollfds = BAllocArray(BSYSTEM_MAX_POLL_FDS, sizeof(bsys->poll_results_pollfds[0])))) {
+        BLog(BLOG_ERROR, "BAllocArray failed");
+        goto fail0;
+    }
+    if (!(bsys->poll_results_bfds = BAllocArray(BSYSTEM_MAX_POLL_FDS, sizeof(bsys->poll_results_bfds[0])))) {
+        BLog(BLOG_ERROR, "BAllocArray failed");
+        goto fail1;
+    }
+    
+    // init results array
+    bsys->poll_results_num = 0;
+    bsys->poll_results_pos = 0;
+    
+    #endif
+    
+    DebugObject_Init(&bsys->d_obj);
+    #ifndef BADVPN_USE_WINAPI
+    DebugCounter_Init(&bsys->d_fds_counter);
+    #endif
+    #ifdef BADVPN_USE_KEVENT
+    DebugCounter_Init(&bsys->d_kevent_ctr);
+    #endif
+    DebugCounter_Init(&bsys->d_limits_ctr);
+    
+    return 1;
+    
+    #ifdef BADVPN_USE_POLL
+fail1:
+    BFree(bsys->poll_results_pollfds);
+    #endif
+fail0:
+    BPendingGroup_Free(&bsys->pending_jobs);
+    BLog(BLOG_ERROR, "Reactor failed to initialize");
+    return 0;
+}
+
+void BReactor_Free (BReactor *bsys)
+{
+    DebugObject_Access(&bsys->d_obj);
+    
+    #ifdef BADVPN_USE_WINAPI
+    while (!LinkedList1_IsEmpty(&bsys->iocp_list)) {
+        BReactorIOCPOverlapped *olap = UPPER_OBJECT(LinkedList1_GetLast(&bsys->iocp_list), BReactorIOCPOverlapped, iocp_list_node);
+        ASSERT(olap->reactor == bsys)
+        olap->handler(olap->user, BREACTOR_IOCP_EVENT_EXITING, 0);
+    }
+    #endif
+    
+    // {pending group has no BPending objects}
+    ASSERT(!BPendingGroup_HasJobs(&bsys->pending_jobs))
+    ASSERT(BReactor__TimersTree_IsEmpty(&bsys->timers_tree))
+    ASSERT(LinkedList1_IsEmpty(&bsys->timers_expired_list))
+    ASSERT(LinkedList1_IsEmpty(&bsys->active_limits_list))
+    DebugObject_Free(&bsys->d_obj);
+    #ifdef BADVPN_USE_WINAPI
+    ASSERT(LinkedList1_IsEmpty(&bsys->iocp_ready_list))
+    ASSERT(LinkedList1_IsEmpty(&bsys->iocp_list))
+    #endif
+    #ifndef BADVPN_USE_WINAPI
+    DebugCounter_Free(&bsys->d_fds_counter);
+    #endif
+    #ifdef BADVPN_USE_KEVENT
+    DebugCounter_Free(&bsys->d_kevent_ctr);
+    #endif
+    DebugCounter_Free(&bsys->d_limits_ctr);
+    #ifdef BADVPN_USE_POLL
+    ASSERT(bsys->poll_num_enabled_fds == 0)
+    ASSERT(LinkedList1_IsEmpty(&bsys->poll_enabled_fds_list))
+    #endif
+    
+    BLog(BLOG_DEBUG, "Reactor freeing");
+    
+    #ifdef BADVPN_USE_WINAPI
+    
+    // close IOCP handle
+    ASSERT_FORCE(CloseHandle(bsys->iocp_handle))
+    
+    #endif
+    
+    #ifdef BADVPN_USE_EPOLL
+    
+    // close epoll fd
+    ASSERT_FORCE(close(bsys->efd) == 0)
+    
+    #endif
+    
+    #ifdef BADVPN_USE_KEVENT
+    
+    // close kqueue fd
+    ASSERT_FORCE(close(bsys->kqueue_fd) == 0)
+    
+    #endif
+    
+    #ifdef BADVPN_USE_POLL
+    
+    // free results arrays
+    BFree(bsys->poll_results_bfds);
+    BFree(bsys->poll_results_pollfds);
+    
+    #endif
+    
+    // free jobs
+    BPendingGroup_Free(&bsys->pending_jobs);
+}
+
+int BReactor_Exec (BReactor *bsys)
+{
+    BLog(BLOG_DEBUG, "Entering event loop");
+    
+    while (!bsys->exiting) {
+        // dispatch job
+        if (BPendingGroup_HasJobs(&bsys->pending_jobs)) {
+            BPendingGroup_ExecuteJob(&bsys->pending_jobs);
+            continue;
+        }
+        
+        // dispatch timer
+        LinkedList1Node *list_node = LinkedList1_GetFirst(&bsys->timers_expired_list);
+        if (list_node) {
+            BSmallTimer *timer = UPPER_OBJECT(list_node, BSmallTimer, u.list_node);
+            ASSERT(timer->state == TIMER_STATE_EXPIRED)
+            
+            // remove from expired list
+            LinkedList1_Remove(&bsys->timers_expired_list, &timer->u.list_node);
+            
+            // set inactive
+            timer->state = TIMER_STATE_INACTIVE;
+            
+            // call handler
+//            BLog(BLOG_DEBUG, "Dispatching timer");
+            if (timer->is_small) {
+                timer->handler.smalll(timer);
+            } else {
+                BTimer *btimer = UPPER_OBJECT(timer, BTimer, base);
+                timer->handler.heavy(btimer->user);
+            }
+            continue;
+        }
+        
+        #ifdef BADVPN_USE_WINAPI
+        
+        if (!LinkedList1_IsEmpty(&bsys->iocp_ready_list)) {
+            BReactorIOCPOverlapped *olap = UPPER_OBJECT(LinkedList1_GetFirst(&bsys->iocp_ready_list), BReactorIOCPOverlapped, ready_list_node);
+            ASSERT(olap->is_ready)
+            ASSERT(olap->handler)
+            
+            // remove from ready list
+            LinkedList1_Remove(&bsys->iocp_ready_list, &olap->ready_list_node);
+            
+            // set not ready
+            olap->is_ready = 0;
+            
+            int event = (olap->ready_succeeded ? BREACTOR_IOCP_EVENT_SUCCEEDED : BREACTOR_IOCP_EVENT_FAILED);
+            
+            // call handler
+            olap->handler(olap->user, event, olap->ready_bytes);
+            continue;
+        }
+        
+        #endif
+        
+        #ifdef BADVPN_USE_EPOLL
+        
+        // dispatch file descriptor
+        if (bsys->epoll_results_pos < bsys->epoll_results_num) {
+            // grab event
+            struct epoll_event *event = &bsys->epoll_results[bsys->epoll_results_pos];
+            bsys->epoll_results_pos++;
+            
+            // check if the BFileDescriptor was removed
+            if (!event->data.ptr) {
+                continue;
+            }
+            
+            // get BFileDescriptor
+            BFileDescriptor *bfd = (BFileDescriptor *)event->data.ptr;
+            ASSERT(bfd->active)
+            ASSERT(bfd->epoll_returned_ptr == (BFileDescriptor **)&event->data.ptr)
+            
+            // zero pointer to the epoll entry
+            bfd->epoll_returned_ptr = NULL;
+            
+            // calculate events to report
+            int events = 0;
+            if ((bfd->waitEvents&BREACTOR_READ) && (event->events&EPOLLIN)) {
+                events |= BREACTOR_READ;
+            }
+            if ((bfd->waitEvents&BREACTOR_WRITE) && (event->events&EPOLLOUT)) {
+                events |= BREACTOR_WRITE;
+            }
+            if ((event->events&EPOLLERR)) {
+                events |= BREACTOR_ERROR;
+            }
+            if ((event->events&EPOLLHUP)) {
+                events |= BREACTOR_HUP;
+            }
+            
+            if (!events) {
+                BLog(BLOG_ERROR, "no events detected?");
+                continue;
+            }
+            
+            // call handler
+            BLog(BLOG_DEBUG, "Dispatching file descriptor");
+            bfd->handler(bfd->user, events);
+            continue;
+        }
+        
+        #endif
+        
+        #ifdef BADVPN_USE_KEVENT
+        
+        // dispatch kevent
+        if (bsys->kevent_results_pos < bsys->kevent_results_num) {
+            // grab event
+            struct kevent *event = &bsys->kevent_results[bsys->kevent_results_pos];
+            bsys->kevent_results_pos++;
+            
+            // check if the event was removed
+            if (!event->udata) {
+                continue;
+            }
+            
+            // check tag
+            int *tag = event->udata;
+            switch (*tag) {
+                case KEVENT_TAG_FD: {
+                    // get BFileDescriptor
+                    BFileDescriptor *bfd = UPPER_OBJECT(tag, BFileDescriptor, kevent_tag);
+                    ASSERT(bfd->active)
+                    ASSERT(bfd->kevent_returned_ptr == (int **)&event->udata)
+                    
+                    // zero pointer to the kevent entry
+                    bfd->kevent_returned_ptr = NULL;
+                    
+                    // calculate event to report
+                    int events = 0;
+                    if ((bfd->waitEvents&BREACTOR_READ) && event->filter == EVFILT_READ) {
+                        events |= BREACTOR_READ;
+                    }
+                    if ((bfd->waitEvents&BREACTOR_WRITE) && event->filter == EVFILT_WRITE) {
+                        events |= BREACTOR_WRITE;
+                    }
+                    
+                    if (!events) {
+                        BLog(BLOG_ERROR, "no events detected?");
+                        continue;
+                    }
+                    
+                    // call handler
+//                    BLog(BLOG_DEBUG, "Dispatching file descriptor");
+                    bfd->handler(bfd->user, events);
+                    continue;
+                } break;
+                
+                case KEVENT_TAG_KEVENT: {
+                    // get BReactorKEvent
+                    BReactorKEvent *kev = UPPER_OBJECT(tag, BReactorKEvent, kevent_tag);
+                    ASSERT(kev->reactor == bsys)
+                    ASSERT(kev->kevent_returned_ptr == (int **)&event->udata)
+                    
+                    // zero pointer to the kevent entry
+                    kev->kevent_returned_ptr = NULL;
+                    
+                    // call handler
+//                    BLog(BLOG_DEBUG, "Dispatching kevent");
+                    kev->handler(kev->user, event->fflags, event->data);
+                    continue;
+                } break;
+                
+                default:
+                    ASSERT(0);
+            }
+        }
+        
+        #endif
+        
+        #ifdef BADVPN_USE_POLL
+        
+        if (bsys->poll_results_pos < bsys->poll_results_num) {
+            // grab event
+            struct pollfd *pfd = &bsys->poll_results_pollfds[bsys->poll_results_pos];
+            BFileDescriptor *bfd = bsys->poll_results_bfds[bsys->poll_results_pos];
+            bsys->poll_results_pos++;
+            
+            // skip removed entry
+            if (!bfd) {
+                continue;
+            }
+            
+            ASSERT(bfd->active)
+            ASSERT(bfd->poll_returned_index == bsys->poll_results_pos - 1)
+            
+            // remove result reference
+            bfd->poll_returned_index = -1;
+            
+            // calculate events to report
+            int events = 0;
+            if ((bfd->waitEvents & BREACTOR_READ) && (pfd->revents & POLLIN)) {
+                events |= BREACTOR_READ;
+            }
+            if ((bfd->waitEvents & BREACTOR_WRITE) && (pfd->revents & POLLOUT)) {
+                events |= BREACTOR_WRITE;
+            }
+            if ((pfd->revents & POLLERR) || (pfd->revents & POLLHUP)) {
+                events |= BREACTOR_ERROR;
+            }
+            
+            if (!events) {
+                continue;
+            }
+            
+            // call handler
+            BLog(BLOG_DEBUG, "Dispatching file descriptor");
+            bfd->handler(bfd->user, events);
+            continue;
+        }
+        
+        #endif
+        
+        wait_for_events(bsys);
+    }
+
+    BLog(BLOG_DEBUG, "Exiting event loop, exit code %d", bsys->exit_code);
+
+    return bsys->exit_code;
+}
+
+void BReactor_Quit (BReactor *bsys, int code)
+{
+    bsys->exiting = 1;
+    bsys->exit_code = code;
+}
+
+void BReactor_SetSmallTimer (BReactor *bsys, BSmallTimer *bt, int mode, btime_t time)
+{
+    assert_timer(bt);
+    ASSERT(mode == BTIMER_SET_ABSOLUTE || mode == BTIMER_SET_RELATIVE)
+    
+    // unlink it if it's already in the list
+    BReactor_RemoveSmallTimer(bsys, bt);
+    
+    // if mode is relative, add current time
+    if (mode == BTIMER_SET_RELATIVE) {
+        time = btime_add(btime_gettime(), time);
+    }
+    
+    // set time
+    bt->absTime = time;
+    
+    // set running
+    bt->state = TIMER_STATE_RUNNING;
+    
+    // insert to running timers tree
+    BReactor__TimersTreeRef ref = {bt, bt};
+    int res = BReactor__TimersTree_Insert(&bsys->timers_tree, 0, ref, NULL);
+    ASSERT_EXECUTE(res)
+}
+
+void BReactor_RemoveSmallTimer (BReactor *bsys, BSmallTimer *bt)
+{
+    assert_timer(bt);
+    
+    if (bt->state == TIMER_STATE_INACTIVE) {
+        return;
+    }
+
+    if (bt->state == TIMER_STATE_EXPIRED) {
+        // remove from expired list
+        LinkedList1_Remove(&bsys->timers_expired_list, &bt->u.list_node);
+    } else {
+        // remove from running tree
+        BReactor__TimersTreeRef ref = {bt, bt};
+        BReactor__TimersTree_Remove(&bsys->timers_tree, 0, ref);
+    }
+
+    // set inactive
+    bt->state = TIMER_STATE_INACTIVE;
+}
+
+void BReactor_SetTimer (BReactor *bsys, BTimer *bt)
+{
+    BReactor_SetSmallTimer(bsys, &bt->base, BTIMER_SET_RELATIVE, bt->msTime);
+}
+
+void BReactor_SetTimerAfter (BReactor *bsys, BTimer *bt, btime_t after)
+{
+    BReactor_SetSmallTimer(bsys, &bt->base, BTIMER_SET_RELATIVE, after);
+}
+
+void BReactor_SetTimerAbsolute (BReactor *bsys, BTimer *bt, btime_t time)
+{
+    BReactor_SetSmallTimer(bsys, &bt->base, BTIMER_SET_ABSOLUTE, time);
+}
+
+void BReactor_RemoveTimer (BReactor *bsys, BTimer *bt)
+{
+    return BReactor_RemoveSmallTimer(bsys, &bt->base);
+}
+
+BPendingGroup * BReactor_PendingGroup (BReactor *bsys)
+{
+    return &bsys->pending_jobs;
+}
+
+int BReactor_Synchronize (BReactor *bsys, BSmallPending *ref)
+{
+    ASSERT(ref)
+    
+    while (!bsys->exiting) {
+        ASSERT(BPendingGroup_HasJobs(&bsys->pending_jobs))
+        
+        if (BPendingGroup_PeekJob(&bsys->pending_jobs) == ref) {
+            return 1;
+        }
+        
+        BPendingGroup_ExecuteJob(&bsys->pending_jobs);
+    }
+    
+    return 0;
+}
+
+#ifndef BADVPN_USE_WINAPI
+
+int BReactor_AddFileDescriptor (BReactor *bsys, BFileDescriptor *bs)
+{
+    ASSERT(!bs->active)
+    
+    #ifdef BADVPN_USE_EPOLL
+    
+    // add epoll entry
+    struct epoll_event event;
+    memset(&event, 0, sizeof(event));
+    event.events = 0;
+    event.data.ptr = bs;
+    if (epoll_ctl(bsys->efd, EPOLL_CTL_ADD, bs->fd, &event) < 0) {
+        int error = errno;
+        BLog(BLOG_ERROR, "epoll_ctl failed: %d", error);
+        return 0;
+    }
+    
+    // set epoll returned pointer
+    bs->epoll_returned_ptr = NULL;
+    
+    #endif
+    
+    #ifdef BADVPN_USE_KEVENT
+    
+    // set kevent tag
+    bs->kevent_tag = KEVENT_TAG_FD;
+    
+    // set kevent returned pointer
+    bs->kevent_returned_ptr = NULL;
+    
+    #endif
+    
+    #ifdef BADVPN_USE_POLL
+    
+    if (bsys->poll_num_enabled_fds == BSYSTEM_MAX_POLL_FDS) {
+        BLog(BLOG_ERROR, "too many fds");
+        return 0;
+    }
+    
+    // append to enabled fds list
+    LinkedList1_Append(&bsys->poll_enabled_fds_list, &bs->poll_enabled_fds_list_node);
+    bsys->poll_num_enabled_fds++;
+    
+    // set not returned
+    bs->poll_returned_index = -1;
+    
+    #endif
+    
+    bs->active = 1;
+    bs->waitEvents = 0;
+    
+    DebugCounter_Increment(&bsys->d_fds_counter);
+    return 1;
+}
+
+void BReactor_RemoveFileDescriptor (BReactor *bsys, BFileDescriptor *bs)
+{
+    ASSERT(bs->active)
+    DebugCounter_Decrement(&bsys->d_fds_counter);
+
+    bs->active = 0;
+
+    #ifdef BADVPN_USE_EPOLL
+    
+    // delete epoll entry
+    struct epoll_event event;
+    memset(&event, 0, sizeof(event));
+    ASSERT_FORCE(epoll_ctl(bsys->efd, EPOLL_CTL_DEL, bs->fd, &event) == 0)
+    
+    // write through epoll returned pointer
+    if (bs->epoll_returned_ptr) {
+        *bs->epoll_returned_ptr = NULL;
+    }
+    
+    #endif
+    
+    #ifdef BADVPN_USE_KEVENT
+    
+    // delete kevents
+    update_kevent_fd_events(bsys, bs, 0);
+    
+    // write through kevent returned pointer
+    if (bs->kevent_returned_ptr) {
+        *bs->kevent_returned_ptr = NULL;
+    }
+    
+    #endif
+    
+    #ifdef BADVPN_USE_POLL
+    
+    // invalidate results entry
+    if (bs->poll_returned_index != -1) {
+        ASSERT(bs->poll_returned_index >= bsys->poll_results_pos)
+        ASSERT(bs->poll_returned_index < bsys->poll_results_num)
+        ASSERT(bsys->poll_results_bfds[bs->poll_returned_index] == bs)
+        
+        bsys->poll_results_bfds[bs->poll_returned_index] = NULL;
+    }
+    
+    // remove from enabled fds list
+    LinkedList1_Remove(&bsys->poll_enabled_fds_list, &bs->poll_enabled_fds_list_node);
+    bsys->poll_num_enabled_fds--;
+    
+    #endif
+}
+
+void BReactor_SetFileDescriptorEvents (BReactor *bsys, BFileDescriptor *bs, int events)
+{
+    ASSERT(bs->active)
+    ASSERT(!(events&~(BREACTOR_READ|BREACTOR_WRITE)))
+    
+    if (bs->waitEvents == events) {
+        return;
+    }
+    
+    #ifdef BADVPN_USE_EPOLL
+    
+    // calculate epoll events
+    int eevents = 0;
+    if ((events & BREACTOR_READ)) {
+        eevents |= EPOLLIN;
+    }
+    if ((events & BREACTOR_WRITE)) {
+        eevents |= EPOLLOUT;
+    }
+    
+    // update epoll entry
+    struct epoll_event event;
+    memset(&event, 0, sizeof(event));
+    event.events = eevents;
+    event.data.ptr = bs;
+    ASSERT_FORCE(epoll_ctl(bsys->efd, EPOLL_CTL_MOD, bs->fd, &event) == 0)
+    
+    #endif
+    
+    #ifdef BADVPN_USE_KEVENT
+    
+    update_kevent_fd_events(bsys, bs, events);
+    
+    #endif
+    
+    // update events
+    bs->waitEvents = events;
+}
+
+#endif
+
+void BReactorLimit_Init (BReactorLimit *o, BReactor *reactor, int limit)
+{
+    DebugObject_Access(&reactor->d_obj);
+    ASSERT(limit > 0)
+    
+    // init arguments
+    o->reactor = reactor;
+    o->limit = limit;
+    
+    // set count zero
+    o->count = 0;
+    
+    DebugCounter_Increment(&reactor->d_limits_ctr);
+    DebugObject_Init(&o->d_obj);
+}
+
+void BReactorLimit_Free (BReactorLimit *o)
+{
+    BReactor *reactor = o->reactor;
+    DebugObject_Free(&o->d_obj);
+    DebugCounter_Decrement(&reactor->d_limits_ctr);
+    
+    // remove from active limits list
+    if (o->count > 0) {
+        LinkedList1_Remove(&reactor->active_limits_list, &o->active_limits_list_node);
+    }
+}
+
+int BReactorLimit_Increment (BReactorLimit *o)
+{
+    BReactor *reactor = o->reactor;
+    DebugObject_Access(&o->d_obj);
+    
+    // check count against limit
+    if (o->count >= o->limit) {
+        return 0;
+    }
+    
+    // increment count
+    o->count++;
+    
+    // if limit was zero, add to active limits list
+    if (o->count == 1) {
+        LinkedList1_Append(&reactor->active_limits_list, &o->active_limits_list_node);
+    }
+    
+    return 1;
+}
+
+void BReactorLimit_SetLimit (BReactorLimit *o, int limit)
+{
+    DebugObject_Access(&o->d_obj);
+    ASSERT(limit > 0)
+    
+    // set limit
+    o->limit = limit;
+}
+
+#ifdef BADVPN_USE_KEVENT
+
+int BReactorKEvent_Init (BReactorKEvent *o, BReactor *reactor, BReactorKEvent_handler handler, void *user, uintptr_t ident, short filter, u_int fflags, intptr_t data)
+{
+    DebugObject_Access(&reactor->d_obj);
+    
+    // init arguments
+    o->reactor = reactor;
+    o->handler = handler;
+    o->user = user;
+    o->ident = ident;
+    o->filter = filter;
+    
+    // add kevent
+    struct kevent event;
+    memset(&event, 0, sizeof(event));
+    event.ident = o->ident;
+    event.filter = o->filter;
+    event.flags = EV_ADD;
+    event.fflags = fflags;
+    event.data = data;
+    event.udata = &o->kevent_tag;
+    if (kevent(o->reactor->kqueue_fd, &event, 1, NULL, 0, NULL) < 0) {
+        return 0;
+    }
+    
+    // set kevent tag
+    o->kevent_tag = KEVENT_TAG_KEVENT;
+    
+    // set kevent returned pointer
+    o->kevent_returned_ptr = NULL;
+    
+    DebugObject_Init(&o->d_obj);
+    DebugCounter_Increment(&o->reactor->d_kevent_ctr);
+    return 1;
+}
+
+void BReactorKEvent_Free (BReactorKEvent *o)
+{
+    DebugObject_Free(&o->d_obj);
+    DebugCounter_Decrement(&o->reactor->d_kevent_ctr);
+    
+    // write through kevent returned pointer
+    if (o->kevent_returned_ptr) {
+        *o->kevent_returned_ptr = NULL;
+    }
+    
+    // delete kevent
+    struct kevent event;
+    memset(&event, 0, sizeof(event));
+    event.ident = o->ident;
+    event.filter = o->filter;
+    event.flags = EV_DELETE;
+    ASSERT_FORCE(kevent(o->reactor->kqueue_fd, &event, 1, NULL, 0, NULL) == 0)
+}
+
+#endif
+
+#ifdef BADVPN_USE_WINAPI
+
+HANDLE BReactor_GetIOCPHandle (BReactor *reactor)
+{
+    DebugObject_Access(&reactor->d_obj);
+    
+    return reactor->iocp_handle;
+}
+
+void BReactorIOCPOverlapped_Init (BReactorIOCPOverlapped *o, BReactor *reactor, void *user, BReactorIOCPOverlapped_handler handler)
+{
+    DebugObject_Access(&reactor->d_obj);
+    
+    // init arguments
+    o->reactor = reactor;
+    o->user = user;
+    o->handler = handler;
+    
+    // zero overlapped
+    memset(&o->olap, 0, sizeof(o->olap));
+    
+    // append to IOCP list
+    LinkedList1_Append(&reactor->iocp_list, &o->iocp_list_node);
+    
+    // set not ready
+    o->is_ready = 0;
+    
+    DebugObject_Init(&o->d_obj);
+}
+
+void BReactorIOCPOverlapped_Free (BReactorIOCPOverlapped *o)
+{
+    BReactor *reactor = o->reactor;
+    DebugObject_Free(&o->d_obj);
+    
+    // remove from IOCP ready list
+    if (o->is_ready) {
+        LinkedList1_Remove(&reactor->iocp_ready_list, &o->ready_list_node);
+    }
+    
+    // remove from IOCP list
+    LinkedList1_Remove(&reactor->iocp_list, &o->iocp_list_node);
+}
+
+void BReactorIOCPOverlapped_Wait (BReactorIOCPOverlapped *o, int *out_succeeded, DWORD *out_bytes)
+{
+    BReactor *reactor = o->reactor;
+    DebugObject_Access(&o->d_obj);
+    
+    // wait for IOCP events until we get an event for this olap
+    while (!o->is_ready) {
+        DWORD bytes = 0;
+        ULONG_PTR key;
+        BReactorIOCPOverlapped *olap = NULL;
+        BOOL res = GetQueuedCompletionStatus(reactor->iocp_handle, &bytes, &key, (OVERLAPPED **)&olap, INFINITE);
+        
+        ASSERT_FORCE(olap)
+        DebugObject_Access(&olap->d_obj);
+        ASSERT(olap->reactor == reactor)
+        
+        // regular I/O should be done synchronously, so we shoudln't ever get a second completion before an
+        // existing one is dispatched. If however PostQueuedCompletionStatus is being used to signal events,
+        // just discard any excess events.
+        if (!olap->is_ready) {
+            set_iocp_ready(olap, (res == TRUE), bytes);
+        }
+    }
+    
+    // remove from IOCP ready list
+    LinkedList1_Remove(&reactor->iocp_ready_list, &o->ready_list_node);
+    
+    // set not ready
+    o->is_ready = 0;
+    
+    if (out_succeeded) {
+        *out_succeeded = o->ready_succeeded;
+    }
+    if (out_bytes) {
+        *out_bytes = o->ready_bytes;
+    }
+}
+
+#endif
diff --git a/client/3rd/PacketProcessor/PacketProcessor/tun2socks-iOS/system/BReactor_badvpn.h b/client/3rd/PacketProcessor/PacketProcessor/tun2socks-iOS/system/BReactor_badvpn.h
new file mode 100644
index 00000000..8f10532f
--- /dev/null
+++ b/client/3rd/PacketProcessor/PacketProcessor/tun2socks-iOS/system/BReactor_badvpn.h
@@ -0,0 +1,572 @@
+/**
+ * @file BReactor_badvpn.h
+ * @author Ambroz Bizjak <ambrop7@gmail.com>
+ * 
+ * @section LICENSE
+ * 
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions are met:
+ * 1. Redistributions of source code must retain the above copyright
+ *    notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in the
+ *    documentation and/or other materials provided with the distribution.
+ * 3. Neither the name of the author nor the
+ *    names of its contributors may be used to endorse or promote products
+ *    derived from this software without specific prior written permission.
+ * 
+ * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS" AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED
+ * WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE
+ * DISCLAIMED. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY
+ * DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES
+ * (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
+ * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND
+ * ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
+ * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS
+ * SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
+ * 
+ * @section DESCRIPTION
+ * 
+ * Event loop that supports file desciptor (Linux) or HANDLE (Windows) events
+ * and timers.
+ */
+
+#ifndef BADVPN_SYSTEM_BREACTOR_H
+#define BADVPN_SYSTEM_BREACTOR_H
+
+#if (defined(BADVPN_USE_WINAPI) + defined(BADVPN_USE_EPOLL) + defined(BADVPN_USE_KEVENT) + defined(BADVPN_USE_POLL)) != 1
+#error Unknown event backend or too many event backends
+#endif
+
+#ifdef BADVPN_USE_WINAPI
+#include <windows.h>
+#endif
+
+#ifdef BADVPN_USE_EPOLL
+#include <sys/epoll.h>
+#endif
+
+#ifdef BADVPN_USE_KEVENT
+#include <sys/types.h>
+#include <sys/event.h>
+#include <sys/time.h>
+#endif
+
+#ifdef BADVPN_USE_POLL
+#include <poll.h>
+#endif
+
+#include <stdint.h>
+
+#include "misc/debug.h"
+#include "misc/debugcounter.h"
+#include "base/DebugObject.h"
+#include "structure/LinkedList1.h"
+#include "structure/CAvl.h"
+#include "system/BTime.h"
+#include "base/BPending.h"
+
+struct BSmallTimer_t;
+typedef struct BSmallTimer_t *BReactor_timerstree_link;
+
+#include "BReactor_badvpn_timerstree.h"
+#include "structure/CAvl_decl.h"
+
+#define BTIMER_SET_ABSOLUTE 1
+#define BTIMER_SET_RELATIVE 2
+
+/**
+ * Handler function invoked when the timer expires.
+ * The timer was in running state.
+ * The timer enters not running state before this function is invoked.
+ * This function is being called from within the timer's previosly
+ * associated reactor.
+ *
+ * @param timer pointer to the timer. Use the {@link UPPER_OBJECT} macro
+ *              to obtain the pointer to the containing structure.
+ */
+typedef void (*BSmallTimer_handler) (struct BSmallTimer_t *timer);
+
+/**
+ * Handler function invoked when the timer expires.
+ * The timer was in running state.
+ * The timer enters not running state before this function is invoked.
+ * This function is being called from within the timer's previosly
+ * associated reactor.
+ *
+ * @param user value passed to {@link BTimer_Init}
+ */
+typedef void (*BTimer_handler) (void *user);
+
+/**
+ * Timer object used with {@link BReactor}.
+ */
+typedef struct BSmallTimer_t {
+    union {
+        BSmallTimer_handler smalll; // MSVC doesn't like "small"
+        BTimer_handler heavy;
+    } handler;
+    union {
+        LinkedList1Node list_node;
+        struct BSmallTimer_t *tree_child[2];
+    } u;
+    struct BSmallTimer_t *tree_parent;
+    btime_t absTime;
+    int8_t tree_balance;
+    uint8_t state;
+    uint8_t is_small;
+} BSmallTimer;
+
+/**
+ * Initializes the timer object.
+ * The timer object is initialized in not running state.
+ *
+ * @param bt the object
+ * @param handler handler function invoked when the timer expires
+ */
+void BSmallTimer_Init (BSmallTimer *bt, BSmallTimer_handler handler);
+
+/**
+ * Checks if the timer is running.
+ *
+ * @param bt the object
+ * @return 1 if running, 0 if not running
+ */
+int BSmallTimer_IsRunning (BSmallTimer *bt);
+
+/**
+ * Timer object used with {@link BReactor}. This is a legacy wrapper
+ * around {@link BSmallTimer} with an extra field for the default time.
+ */
+typedef struct {
+    BSmallTimer base;
+    void *user;
+    btime_t msTime;
+} BTimer;
+
+/**
+ * Initializes the timer object.
+ * The timer object is initialized in not running state.
+ *
+ * @param bt the object
+ * @param msTime default timeout in milliseconds
+ * @param handler handler function invoked when the timer expires
+ * @param user value to pass to the handler function
+ */
+void BTimer_Init (BTimer *bt, btime_t msTime, BTimer_handler handler, void *user);
+
+/**
+ * Checks if the timer is running.
+ *
+ * @param bt the object
+ * @return 1 if running, 0 if not running
+ */
+int BTimer_IsRunning (BTimer *bt);
+
+#ifndef BADVPN_USE_WINAPI
+
+struct BFileDescriptor_t;
+
+#define BREACTOR_READ (1 << 0)
+#define BREACTOR_WRITE (1 << 1)
+#define BREACTOR_ERROR (1 << 2)
+#define BREACTOR_HUP (1 << 3)
+
+/**
+ * Handler function invoked by the reactor when one or more events are detected.
+ * The events argument will contain a subset of the monitored events (BREACTOR_READ, BREACTOR_WRITE),
+ * plus possibly the error event (BREACTOR_ERROR).
+ * The file descriptor object is in active state, being called from within
+ * the associated reactor.
+ *
+ * @param user value passed to {@link BFileDescriptor_Init}
+ * @param events bitmask composed of a subset of monitored events (BREACTOR_READ, BREACTOR_WRITE),
+ *               and possibly the error event BREACTOR_ERROR and the hang-up event BREACTOR_HUP.
+ *               Will be nonzero.
+ */
+typedef void (*BFileDescriptor_handler) (void *user, int events);
+
+/**
+ * File descriptor object used with {@link BReactor}.
+ */
+typedef struct BFileDescriptor_t {
+    int fd;
+    BFileDescriptor_handler handler;
+    void *user;
+    int active;
+    int waitEvents;
+    
+    #ifdef BADVPN_USE_EPOLL
+    struct BFileDescriptor_t **epoll_returned_ptr;
+    #endif
+    
+    #ifdef BADVPN_USE_KEVENT
+    int kevent_tag;
+    int **kevent_returned_ptr;
+    #endif
+    
+    #ifdef BADVPN_USE_POLL
+    LinkedList1Node poll_enabled_fds_list_node;
+    int poll_returned_index;
+    #endif
+} BFileDescriptor;
+
+/**
+ * Intializes the file descriptor object.
+ * The object is initialized in not active state.
+ *
+ * @param bs file descriptor object to initialize
+ * @param fb file descriptor to represent
+ * @param handler handler function invoked by the reactor when a monitored event is detected
+ * @param user value passed to the handler functuon
+ */
+void BFileDescriptor_Init (BFileDescriptor *bs, int fd, BFileDescriptor_handler handler, void *user);
+
+#endif
+
+// BReactor
+
+#define BSYSTEM_MAX_RESULTS 64
+#define BSYSTEM_MAX_HANDLES 64
+#define BSYSTEM_MAX_POLL_FDS 4096
+
+/**
+ * Event loop that supports file desciptor (Linux) or HANDLE (Windows) events
+ * and timers.
+ */
+typedef struct {
+    int exiting;
+    int exit_code;
+    
+    // jobs
+    BPendingGroup pending_jobs;
+    
+    // timers
+    BReactor__TimersTree timers_tree;
+    LinkedList1 timers_expired_list;
+    
+    // limits
+    LinkedList1 active_limits_list;
+    
+    #ifdef BADVPN_USE_WINAPI
+    LinkedList1 iocp_list;
+    HANDLE iocp_handle;
+    LinkedList1 iocp_ready_list;
+    #endif
+    
+    #ifdef BADVPN_USE_EPOLL
+    int efd; // epoll fd
+    struct epoll_event epoll_results[BSYSTEM_MAX_RESULTS]; // epoll returned events buffer
+    int epoll_results_num; // number of events in the array
+    int epoll_results_pos; // number of events processed so far
+    #endif
+    
+    #ifdef BADVPN_USE_KEVENT
+    int kqueue_fd;
+    struct kevent kevent_results[BSYSTEM_MAX_RESULTS];
+    int kevent_results_num;
+    int kevent_results_pos;
+    #endif
+    
+    #ifdef BADVPN_USE_POLL
+    LinkedList1 poll_enabled_fds_list;
+    int poll_num_enabled_fds;
+    int poll_results_num;
+    int poll_results_pos;
+    struct pollfd *poll_results_pollfds;
+    BFileDescriptor **poll_results_bfds;
+    #endif
+    
+    DebugObject d_obj;
+    #ifndef BADVPN_USE_WINAPI
+    DebugCounter d_fds_counter;
+    #endif
+    #ifdef BADVPN_USE_KEVENT
+    DebugCounter d_kevent_ctr;
+    #endif
+    DebugCounter d_limits_ctr;
+} BReactor;
+
+/**
+ * Initializes the reactor.
+ * {@link BLog_Init} must have been done.
+ * {@link BTime_Init} must have been done.
+ *
+ * @param bsys the object
+ * @return 1 on success, 0 on failure
+ */
+int BReactor_Init (BReactor *bsys) WARN_UNUSED;
+
+/**
+ * Frees the reactor.
+ * Must not be called from within the event loop ({@link BReactor_Exec}).
+ * There must be no {@link BPending} or {@link BSmallPending} objects using the
+ * pending group returned by {@link BReactor_PendingGroup}.
+ * There must be no running timers in this reactor.
+ * There must be no limit objects in this reactor.
+ * There must be no file descriptors or handles registered
+ * with this reactor.
+ * There must be no {@link BReactorKEvent} objects in this reactor.
+ *
+ * @param bsys the object
+ */
+void BReactor_Free (BReactor *bsys);
+
+/**
+ * Runs the event loop.
+ *
+ * @param bsys the object
+ * @return value passed to {@link BReactor_Quit}
+ */
+int BReactor_Exec (BReactor *bsys);
+
+/**
+ * Causes the event loop ({@link BReactor_Exec}) to cease
+ * dispatching events and return.
+ * Any further calls of {@link BReactor_Exec} will return immediately.
+ *
+ * @param bsys the object
+ * @param code value {@link BReactor_Exec} should return. If this is
+ *             called more than once, it will return the last code.
+ */
+void BReactor_Quit (BReactor *bsys, int code);
+
+/**
+ * Starts a timer to expire at the specified time.
+ * The timer must have been initialized with {@link BSmallTimer_Init}.
+ * If the timer is in running state, it must be associated with this reactor.
+ * The timer enters running state, associated with this reactor.
+ *
+ * @param bsys the object
+ * @param bt timer to start
+ * @param mode interpretation of time (BTIMER_SET_ABSOLUTE or BTIMER_SET_RELATIVE)
+ * @param time absolute or relative expiration time
+ */
+void BReactor_SetSmallTimer (BReactor *bsys, BSmallTimer *bt, int mode, btime_t time);
+
+/**
+ * Stops a timer.
+ * If the timer is in running state, it must be associated with this reactor.
+ * The timer enters not running state.
+ *
+ * @param bsys the object
+ * @param bt timer to stop
+ */
+void BReactor_RemoveSmallTimer (BReactor *bsys, BSmallTimer *bt);
+
+/**
+ * Starts a timer to expire after its default time.
+ * The timer must have been initialized with {@link BTimer_Init}.
+ * If the timer is in running state, it must be associated with this reactor.
+ * The timer enters running state, associated with this reactor.
+ *
+ * @param bsys the object
+ * @param bt timer to start
+ */
+void BReactor_SetTimer (BReactor *bsys, BTimer *bt);
+
+/**
+ * Starts a timer to expire after a given time.
+ * The timer must have been initialized with {@link BTimer_Init}.
+ * If the timer is in running state, it must be associated with this reactor.
+ * The timer enters running state, associated with this reactor.
+ *
+ * @param bsys the object
+ * @param bt timer to start
+ * @param after relative expiration time
+ */
+void BReactor_SetTimerAfter (BReactor *bsys, BTimer *bt, btime_t after);
+
+/**
+ * Starts a timer to expire at the specified time.
+ * The timer must have been initialized with {@link BTimer_Init}.
+ * If the timer is in running state, it must be associated with this reactor.
+ * The timer enters running state, associated with this reactor.
+ * The timer's expiration time is set to the time argument.
+ *
+ * @param bsys the object
+ * @param bt timer to start
+ * @param time absolute expiration time (according to {@link btime_gettime})
+ */
+void BReactor_SetTimerAbsolute (BReactor *bsys, BTimer *bt, btime_t time);
+
+/**
+ * Stops a timer.
+ * If the timer is in running state, it must be associated with this reactor.
+ * The timer enters not running state.
+ *
+ * @param bsys the object
+ * @param bt timer to stop
+ */
+void BReactor_RemoveTimer (BReactor *bsys, BTimer *bt);
+
+/**
+ * Returns a {@link BPendingGroup} object that can be used to schedule jobs for
+ * the reactor to execute. These jobs have complete priority over other events
+ * (timers, file descriptors and Windows handles).
+ * The returned pending group may only be used as an argument to {@link BPending_Init},
+ * and must not be accessed by other means.
+ * All {@link BPending} and {@link BSmallPending} objects using this group must be
+ * freed before freeing the reactor.
+ * 
+ * @param bsys the object
+ * @return pending group for scheduling jobs for the reactor to execute
+ */
+BPendingGroup * BReactor_PendingGroup (BReactor *bsys);
+
+/**
+ * Executes pending jobs until either:
+ *   - the reference job is reached, or
+ *   - {@link BReactor_Quit} is called.
+ * The reference job must be reached before the job list empties.
+ * The reference job will not be executed.
+ * 
+ * WARNING: Use with care. This should only be used to to work around third-party software
+ * that does not integrade into the jobs system. In particular, you should think about:
+ *   - the effects the jobs to be executed may have, and
+ *   - the environment those jobs expect to be executed in.
+ * 
+ * @param bsys the object
+ * @param ref reference job. It is not accessed in any way, only its address is compared to
+ *            pending jobs before they are executed.
+ * @return 1 if the reference job was reached,
+ *         0 if {@link BReactor_Quit} was called (either while executing a job, or before)
+ */
+int BReactor_Synchronize (BReactor *bsys, BSmallPending *ref);
+
+#ifndef BADVPN_USE_WINAPI
+
+/**
+ * Starts monitoring a file descriptor.
+ *
+ * @param bsys the object
+ * @param bs file descriptor object. Must have been initialized with
+ *           {@link BFileDescriptor_Init} Must be in not active state.
+ *           On success, the file descriptor object enters active state,
+ *           associated with this reactor.
+ * @return 1 on success, 0 on failure
+ */
+int BReactor_AddFileDescriptor (BReactor *bsys, BFileDescriptor *bs) WARN_UNUSED;
+
+/**
+ * Stops monitoring a file descriptor.
+ *
+ * @param bsys the object
+ * @param bs {@link BFileDescriptor} object. Must be in active state,
+ *           associated with this reactor. The file descriptor object
+ *           enters not active state.
+ */
+void BReactor_RemoveFileDescriptor (BReactor *bsys, BFileDescriptor *bs);
+
+/**
+ * Sets monitored file descriptor events.
+ *
+ * @param bsys the object
+ * @param bs {@link BFileDescriptor} object. Must be in active state,
+ *           associated with this reactor.
+ * @param events events to watch for. Must not have any bits other than
+ *               BREACTOR_READ and BREACTOR_WRITE.
+ *               This overrides previosly monitored events.
+ */
+void BReactor_SetFileDescriptorEvents (BReactor *bsys, BFileDescriptor *bs, int events);
+
+#endif
+
+typedef struct {
+    BReactor *reactor;
+    int limit;
+    int count;
+    LinkedList1Node active_limits_list_node;
+    DebugObject d_obj;
+} BReactorLimit;
+
+/**
+ * Initializes a limit object.
+ * A limit object consists of a counter integer, which is initialized to
+ * zero, is incremented by {@link BReactorLimit_Increment} up to \a limit,
+ * and is reset to zero every time the event loop performs a wait.
+ * If the event loop has processed all detected events, and before performing
+ * a wait, it determines that timers have expired, the counter will not be reset.
+ * 
+ * @param o the object
+ * @param reactor reactor the object is tied to
+ * @param limit maximum counter value. Must be >0.
+ */
+void BReactorLimit_Init (BReactorLimit *o, BReactor *reactor, int limit);
+
+/**
+ * Frees a limit object.
+ * 
+ * @param o the object
+ */
+void BReactorLimit_Free (BReactorLimit *o);
+
+/**
+ * Attempts to increment the counter of a limit object.
+ * 
+ * @param o the object
+ * @return 1 if the counter was lesser than the limit and was incremented,
+ *         0 if the counter was greater or equal to the limit and could not be
+ *           incremented
+ */
+int BReactorLimit_Increment (BReactorLimit *o);
+
+/**
+ * Sets the limit of a limit object.
+ * 
+ * @param o the object
+ * @param limit new limit. Must be >0.
+ */
+void BReactorLimit_SetLimit (BReactorLimit *o, int limit);
+
+#ifdef BADVPN_USE_KEVENT
+
+typedef void (*BReactorKEvent_handler) (void *user, u_int fflags, intptr_t data);
+
+typedef struct {
+    BReactor *reactor;
+    BReactorKEvent_handler handler;
+    void *user;
+    uintptr_t ident;
+    short filter;
+    int kevent_tag;
+    int **kevent_returned_ptr;
+    DebugObject d_obj;
+} BReactorKEvent;
+
+int BReactorKEvent_Init (BReactorKEvent *o, BReactor *reactor, BReactorKEvent_handler handler, void *user, uintptr_t ident, short filter, u_int fflags, intptr_t data);
+void BReactorKEvent_Free (BReactorKEvent *o);
+
+#endif
+
+#ifdef BADVPN_USE_WINAPI
+
+#define BREACTOR_IOCP_EVENT_SUCCEEDED 1
+#define BREACTOR_IOCP_EVENT_FAILED 2
+#define BREACTOR_IOCP_EVENT_EXITING 3
+
+typedef void (*BReactorIOCPOverlapped_handler) (void *user, int event, DWORD bytes);
+
+typedef struct {
+    OVERLAPPED olap;
+    BReactor *reactor;
+    void *user;
+    BReactorIOCPOverlapped_handler handler;
+    LinkedList1Node iocp_list_node;
+    int is_ready;
+    LinkedList1Node ready_list_node;
+    int ready_succeeded;
+    DWORD ready_bytes;
+    DebugObject d_obj;
+} BReactorIOCPOverlapped;
+
+HANDLE BReactor_GetIOCPHandle (BReactor *reactor);
+
+void BReactorIOCPOverlapped_Init (BReactorIOCPOverlapped *o, BReactor *reactor, void *user, BReactorIOCPOverlapped_handler handler);
+void BReactorIOCPOverlapped_Free (BReactorIOCPOverlapped *o);
+void BReactorIOCPOverlapped_Wait (BReactorIOCPOverlapped *o, int *out_succeeded, DWORD *out_bytes);
+
+#endif
+
+#endif
diff --git a/client/3rd/PacketProcessor/PacketProcessor/tun2socks-iOS/system/BReactor_badvpn_timerstree.h b/client/3rd/PacketProcessor/PacketProcessor/tun2socks-iOS/system/BReactor_badvpn_timerstree.h
new file mode 100644
index 00000000..3cecd75e
--- /dev/null
+++ b/client/3rd/PacketProcessor/PacketProcessor/tun2socks-iOS/system/BReactor_badvpn_timerstree.h
@@ -0,0 +1,13 @@
+#define CAVL_PARAM_NAME BReactor__TimersTree
+#define CAVL_PARAM_FEATURE_COUNTS 0
+#define CAVL_PARAM_FEATURE_KEYS_ARE_INDICES 0
+#define CAVL_PARAM_FEATURE_NOKEYS 1
+#define CAVL_PARAM_TYPE_ENTRY struct BSmallTimer_t
+#define CAVL_PARAM_TYPE_LINK BReactor_timerstree_link
+#define CAVL_PARAM_TYPE_ARG int
+#define CAVL_PARAM_VALUE_NULL ((BReactor_timerstree_link)NULL)
+#define CAVL_PARAM_FUN_DEREF(arg, link) (link)
+#define CAVL_PARAM_FUN_COMPARE_ENTRIES(arg, entry1, entry2) compare_timers((entry1).link, (entry2).link)
+#define CAVL_PARAM_MEMBER_CHILD u.tree_child
+#define CAVL_PARAM_MEMBER_BALANCE tree_balance
+#define CAVL_PARAM_MEMBER_PARENT tree_parent
diff --git a/client/3rd/PacketProcessor/PacketProcessor/tun2socks-iOS/system/BSignal.c b/client/3rd/PacketProcessor/PacketProcessor/tun2socks-iOS/system/BSignal.c
new file mode 100644
index 00000000..4a71198d
--- /dev/null
+++ b/client/3rd/PacketProcessor/PacketProcessor/tun2socks-iOS/system/BSignal.c
@@ -0,0 +1,188 @@
+/**
+ * @file BSignal.c
+ * @author Ambroz Bizjak <ambrop7@gmail.com>
+ * 
+ * @section LICENSE
+ * 
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions are met:
+ * 1. Redistributions of source code must retain the above copyright
+ *    notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in the
+ *    documentation and/or other materials provided with the distribution.
+ * 3. Neither the name of the author nor the
+ *    names of its contributors may be used to endorse or promote products
+ *    derived from this software without specific prior written permission.
+ * 
+ * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS" AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED
+ * WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE
+ * DISCLAIMED. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY
+ * DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES
+ * (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
+ * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND
+ * ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
+ * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS
+ * SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
+ */
+
+#ifdef BADVPN_USE_WINAPI
+#include <windows.h>
+#else
+#include <signal.h>
+#include "system/BUnixSignal.h"
+#endif
+
+#include "misc/debug.h"
+#include "base/BLog.h"
+
+#include "system/BSignal.h"
+
+#include "generated/blog_channel_BSignal.h"
+
+static struct {
+    int initialized;
+    int finished;
+    BReactor *reactor;
+    BSignal_handler handler;
+    void *user;
+    #ifdef BADVPN_USE_WINAPI
+    BReactorIOCPOverlapped olap;
+    CRITICAL_SECTION iocp_handle_mutex;
+    HANDLE iocp_handle;
+    #else
+    BUnixSignal signal;
+    #endif
+} bsignal_global = {
+    0
+};
+
+#ifdef BADVPN_USE_WINAPI
+
+static void olap_handler (void *user, int event, DWORD bytes)
+{
+    ASSERT(bsignal_global.initialized)
+    ASSERT(!(event == BREACTOR_IOCP_EVENT_EXITING) || bsignal_global.finished)
+    
+    if (event == BREACTOR_IOCP_EVENT_EXITING) {
+        BReactorIOCPOverlapped_Free(&bsignal_global.olap);
+        return;
+    }
+    
+    if (!bsignal_global.finished) {
+        // call handler
+        bsignal_global.handler(bsignal_global.user);
+        return;
+    }
+}
+
+static BOOL WINAPI ctrl_handler (DWORD type)
+{
+    EnterCriticalSection(&bsignal_global.iocp_handle_mutex);
+    
+    if (bsignal_global.iocp_handle) {
+        PostQueuedCompletionStatus(bsignal_global.iocp_handle, 0, 0, &bsignal_global.olap.olap);
+    }
+    
+    LeaveCriticalSection(&bsignal_global.iocp_handle_mutex);
+    
+    return TRUE;
+}
+
+#else
+
+static void unix_signal_handler (void *user, int signo)
+{
+    ASSERT(signo == SIGTERM || signo == SIGINT)
+    ASSERT(bsignal_global.initialized)
+    ASSERT(!bsignal_global.finished)
+    
+    BLog(BLOG_DEBUG, "Dispatching signal");
+    
+    // call handler
+    bsignal_global.handler(bsignal_global.user);
+    return;
+}
+
+#endif
+
+int BSignal_Init (BReactor *reactor, BSignal_handler handler, void *user) 
+{
+    ASSERT(!bsignal_global.initialized)
+    
+    // init arguments
+    bsignal_global.reactor = reactor;
+    bsignal_global.handler = handler;
+    bsignal_global.user = user;
+    
+    BLog(BLOG_DEBUG, "BSignal initializing");
+    
+    #ifdef BADVPN_USE_WINAPI
+    
+    // init olap
+    BReactorIOCPOverlapped_Init(&bsignal_global.olap, bsignal_global.reactor, NULL, olap_handler);
+    
+    // init handler mutex
+    InitializeCriticalSection(&bsignal_global.iocp_handle_mutex);
+    
+    // remember IOCP handle
+    bsignal_global.iocp_handle = BReactor_GetIOCPHandle(bsignal_global.reactor);
+    
+    // configure ctrl handler
+    if (!SetConsoleCtrlHandler(ctrl_handler, TRUE)) {
+        BLog(BLOG_ERROR, "SetConsoleCtrlHandler failed");
+        goto fail1;
+    }
+    
+    #else
+    
+    sigset_t sset;
+    ASSERT_FORCE(sigemptyset(&sset) == 0)
+    ASSERT_FORCE(sigaddset(&sset, SIGTERM) == 0)
+    ASSERT_FORCE(sigaddset(&sset, SIGINT) == 0)
+    
+    // init BUnixSignal
+    if (!BUnixSignal_Init(&bsignal_global.signal, bsignal_global.reactor, sset, unix_signal_handler, NULL)) {
+        BLog(BLOG_ERROR, "BUnixSignal_Init failed");
+        goto fail0;
+    }
+    
+    #endif
+    
+    bsignal_global.initialized = 1;
+    bsignal_global.finished = 0;
+    
+    return 1;
+    
+    #ifdef BADVPN_USE_WINAPI
+fail1:
+    DeleteCriticalSection(&bsignal_global.iocp_handle_mutex);
+    BReactorIOCPOverlapped_Free(&bsignal_global.olap);
+    #endif
+    
+fail0:
+    return 0;
+}
+
+void BSignal_Finish (void)
+{
+    ASSERT(bsignal_global.initialized)
+    ASSERT(!bsignal_global.finished)
+    
+    #ifdef BADVPN_USE_WINAPI
+    
+    // forget IOCP handle
+    EnterCriticalSection(&bsignal_global.iocp_handle_mutex);
+    bsignal_global.iocp_handle = NULL;
+    LeaveCriticalSection(&bsignal_global.iocp_handle_mutex);
+    
+    #else
+    
+    // free BUnixSignal
+    BUnixSignal_Free(&bsignal_global.signal, 0);
+    
+    #endif
+    
+    bsignal_global.finished = 1;
+}
diff --git a/client/3rd/PacketProcessor/PacketProcessor/tun2socks-iOS/system/BSignal.h b/client/3rd/PacketProcessor/PacketProcessor/tun2socks-iOS/system/BSignal.h
new file mode 100644
index 00000000..9e7701df
--- /dev/null
+++ b/client/3rd/PacketProcessor/PacketProcessor/tun2socks-iOS/system/BSignal.h
@@ -0,0 +1,64 @@
+/**
+ * @file BSignal.h
+ * @author Ambroz Bizjak <ambrop7@gmail.com>
+ * 
+ * @section LICENSE
+ * 
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions are met:
+ * 1. Redistributions of source code must retain the above copyright
+ *    notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in the
+ *    documentation and/or other materials provided with the distribution.
+ * 3. Neither the name of the author nor the
+ *    names of its contributors may be used to endorse or promote products
+ *    derived from this software without specific prior written permission.
+ * 
+ * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS" AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED
+ * WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE
+ * DISCLAIMED. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY
+ * DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES
+ * (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
+ * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND
+ * ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
+ * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS
+ * SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
+ * 
+ * @section DESCRIPTION
+ * 
+ * A global object for catching program termination requests.
+ */
+
+#ifndef BADVPN_SYSTEM_BSIGNAL_H
+#define BADVPN_SYSTEM_BSIGNAL_H
+
+#include "misc/debug.h"
+#include "system/BReactor.h"
+
+typedef void (*BSignal_handler) (void *user);
+
+/**
+ * Initializes signal handling.
+ * The object is created in not capturing state.
+ * {@link BLog_Init} must have been done.
+ * 
+ * WARNING: make sure this won't interfere with other components:
+ *   - on Linux, this uses {@link BUnixSignal} to catch SIGTERM and SIGINT,
+ *   - on Windows, this sets up a handler with SetConsoleCtrlHandler.
+ *
+ * @param reactor {@link BReactor} from which the handler will be called
+ * @param handler callback function invoked from the reactor
+ * @param user value passed to callback function
+ * @return 1 on success, 0 on failure
+ */
+int BSignal_Init (BReactor *reactor, BSignal_handler handler, void *user) WARN_UNUSED;
+
+/**
+ * Finishes signal handling.
+ * {@link BSignal_Init} must not be called again.
+ */
+void BSignal_Finish (void);
+
+#endif
diff --git a/client/3rd/PacketProcessor/PacketProcessor/tun2socks-iOS/system/BTime.c b/client/3rd/PacketProcessor/PacketProcessor/tun2socks-iOS/system/BTime.c
new file mode 100644
index 00000000..0ab77f9a
--- /dev/null
+++ b/client/3rd/PacketProcessor/PacketProcessor/tun2socks-iOS/system/BTime.c
@@ -0,0 +1,55 @@
+/**
+ * @file BTime.c
+ * @author Ambroz Bizjak <ambrop7@gmail.com>
+ * 
+ * @section LICENSE
+ * 
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions are met:
+ * 1. Redistributions of source code must retain the above copyright
+ *    notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in the
+ *    documentation and/or other materials provided with the distribution.
+ * 3. Neither the name of the author nor the
+ *    names of its contributors may be used to endorse or promote products
+ *    derived from this software without specific prior written permission.
+ * 
+ * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS" AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED
+ * WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE
+ * DISCLAIMED. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY
+ * DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES
+ * (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
+ * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND
+ * ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
+ * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS
+ * SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
+ */
+
+#include "system/BTime.h"
+
+#ifndef BADVPN_PLUGIN
+struct _BTime_global btime_global = {
+    #ifndef NDEBUG
+    0
+    #endif
+};
+#endif
+
+#ifdef __MACH__
+#include <mach/clock.h>
+#include <mach/mach.h>
+
+int clock_gettime_ex(int clk_id, struct timespec* t)
+{
+    clock_serv_t cclock;
+    mach_timespec_t mts;
+    host_get_clock_service(mach_host_self(), CALENDAR_CLOCK, &cclock);
+    clock_get_time(cclock, &mts);
+    mach_port_deallocate(mach_task_self(), cclock);
+    t->tv_sec = mts.tv_sec;
+    t->tv_nsec = mts.tv_nsec;
+    return 0;
+}
+#endif
diff --git a/client/3rd/PacketProcessor/PacketProcessor/tun2socks-iOS/system/BTime.h b/client/3rd/PacketProcessor/PacketProcessor/tun2socks-iOS/system/BTime.h
new file mode 100644
index 00000000..481a1cde
--- /dev/null
+++ b/client/3rd/PacketProcessor/PacketProcessor/tun2socks-iOS/system/BTime.h
@@ -0,0 +1,168 @@
+/**
+ * @file BTime.h
+ * @author Ambroz Bizjak <ambrop7@gmail.com>
+ * 
+ * @section LICENSE
+ * 
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions are met:
+ * 1. Redistributions of source code must retain the above copyright
+ *    notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in the
+ *    documentation and/or other materials provided with the distribution.
+ * 3. Neither the name of the author nor the
+ *    names of its contributors may be used to endorse or promote products
+ *    derived from this software without specific prior written permission.
+ * 
+ * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS" AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED
+ * WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE
+ * DISCLAIMED. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY
+ * DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES
+ * (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
+ * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND
+ * ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
+ * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS
+ * SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
+ * 
+ * @section DESCRIPTION
+ * 
+ * System time abstraction used by {@link BReactor}.
+ */
+
+#ifndef BADVPN_SYSTEM_BTIME_H
+#define BADVPN_SYSTEM_BTIME_H
+
+#if defined(BADVPN_USE_WINAPI)
+#include <windows.h>
+#elif defined(BADVPN_EMSCRIPTEN)
+#include <emscripten/emscripten.h>
+#else
+#include <time.h>
+#include <sys/time.h>
+#endif
+
+#include <stdint.h>
+
+#include "misc/debug.h"
+#include "misc/overflow.h"
+#include "base/BLog.h"
+
+#include "generated/blog_channel_BTime.h"
+
+typedef int64_t btime_t;
+
+#define BTIME_MIN INT64_MIN
+
+struct _BTime_global {
+    #ifndef NDEBUG
+    int initialized; // initialized statically
+    #endif
+    #if defined(BADVPN_USE_WINAPI)
+    LARGE_INTEGER start_time;
+    #elif defined(BADVPN_EMSCRIPTEN)
+    btime_t start_time;
+    #else
+    btime_t start_time;
+    int use_gettimeofday;
+    #endif
+};
+
+#ifdef __MACH__
+#define CLOCK_MONOTONIC 1
+int clock_gettime_ex(int clk_id, struct timespec* t);
+#endif
+
+extern struct _BTime_global btime_global;
+
+static void BTime_Init (void)
+{
+    ASSERT(!btime_global.initialized)
+    
+    #if defined(BADVPN_USE_WINAPI)
+    
+    ASSERT_FORCE(QueryPerformanceCounter(&btime_global.start_time))
+    
+    #elif defined(BADVPN_EMSCRIPTEN)
+    
+    btime_global.start_time = emscripten_get_now();
+    
+    #else
+    
+    struct timespec ts;
+    if (clock_gettime_ex(CLOCK_MONOTONIC, &ts) < 0) {
+        BLog(BLOG_WARNING, "CLOCK_MONOTONIC is not available. Timers will be confused by clock changes.");
+        
+        struct timeval tv;
+        ASSERT_FORCE(gettimeofday(&tv, NULL) == 0)
+        
+        btime_global.start_time = (int64_t)tv.tv_sec * 1000 + (int64_t)tv.tv_usec/1000;
+        btime_global.use_gettimeofday = 1;
+    } else {
+        btime_global.start_time = (int64_t)ts.tv_sec * 1000 + (int64_t)ts.tv_nsec/1000000;
+        btime_global.use_gettimeofday = 0;
+    }
+    
+    #endif
+    
+    #ifndef NDEBUG
+    btime_global.initialized = 1;
+    #endif
+}
+
+static btime_t btime_gettime (void)
+{
+    ASSERT(btime_global.initialized)
+    
+    #if defined(BADVPN_USE_WINAPI)
+    
+    LARGE_INTEGER count;
+    LARGE_INTEGER freq;
+    ASSERT_FORCE(QueryPerformanceCounter(&count))
+    ASSERT_FORCE(QueryPerformanceFrequency(&freq))
+    return (((count.QuadPart - btime_global.start_time.QuadPart) * 1000) / freq.QuadPart);
+    
+    #elif defined(BADVPN_EMSCRIPTEN)
+    
+    return (btime_t)emscripten_get_now() - btime_global.start_time;
+    
+    #else
+    
+    if (btime_global.use_gettimeofday) {
+        struct timeval tv;
+        ASSERT_FORCE(gettimeofday(&tv, NULL) == 0)
+        return ((int64_t)tv.tv_sec * 1000 + (int64_t)tv.tv_usec/1000);
+    } else {
+        struct timespec ts;
+        ASSERT_FORCE(clock_gettime_ex(CLOCK_MONOTONIC, &ts) == 0)
+        return (((int64_t)ts.tv_sec * 1000 + (int64_t)ts.tv_nsec/1000000) - btime_global.start_time);
+    }
+    
+    #endif
+}
+
+static btime_t btime_add (btime_t t1, btime_t t2)
+{
+    // handle overflow
+    int overflows = add_int64_overflows(t1, t2);
+    btime_t sum;
+    if (overflows != 0) {
+        if (overflows > 0) {
+            sum = INT64_MAX;
+        } else {
+            sum = INT64_MIN;
+        }
+    } else {
+        sum = t1 + t2;
+    }
+    
+    return sum;
+}
+
+static btime_t btime_getpast (void)
+{
+    return INT64_MIN;
+}
+
+#endif
diff --git a/client/3rd/PacketProcessor/PacketProcessor/tun2socks-iOS/system/BUnixSignal.c b/client/3rd/PacketProcessor/PacketProcessor/tun2socks-iOS/system/BUnixSignal.c
new file mode 100644
index 00000000..aaea06d9
--- /dev/null
+++ b/client/3rd/PacketProcessor/PacketProcessor/tun2socks-iOS/system/BUnixSignal.c
@@ -0,0 +1,406 @@
+/**
+ * @file BUnixSignal.c
+ * @author Ambroz Bizjak <ambrop7@gmail.com>
+ * 
+ * @section LICENSE
+ * 
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions are met:
+ * 1. Redistributions of source code must retain the above copyright
+ *    notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in the
+ *    documentation and/or other materials provided with the distribution.
+ * 3. Neither the name of the author nor the
+ *    names of its contributors may be used to endorse or promote products
+ *    derived from this software without specific prior written permission.
+ * 
+ * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS" AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED
+ * WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE
+ * DISCLAIMED. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY
+ * DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES
+ * (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
+ * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND
+ * ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
+ * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS
+ * SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
+ */
+
+#include <inttypes.h>
+#include <stdlib.h>
+#include <limits.h>
+#include <errno.h>
+#include <fcntl.h>
+#include <string.h>
+
+#ifdef BADVPN_USE_SIGNALFD
+#include <sys/signalfd.h>
+#endif
+
+#include "misc/balloc.h"
+#include "misc/nonblocking.h"
+#include "base/BLog.h"
+
+#include "system/BUnixSignal.h"
+
+#include "generated/blog_channel_BUnixSignal.h"
+
+#define BUNIXSIGNAL_MAX_SIGNALS 64
+
+#ifdef BADVPN_USE_SIGNALFD
+
+static void signalfd_handler (BUnixSignal *o, int events)
+{
+    DebugObject_Access(&o->d_obj);
+    
+    // read a signal
+    struct signalfd_siginfo siginfo;
+    int bytes = read(o->signalfd_fd, &siginfo, sizeof(siginfo));
+    if (bytes < 0) {
+        int error = errno;
+        if (error == EAGAIN || error == EWOULDBLOCK) {
+            return;
+        }
+        BLog(BLOG_ERROR, "read failed (%d)", error);
+        return;
+    }
+    ASSERT_FORCE(bytes == sizeof(siginfo))
+    
+    // check signal
+    if (siginfo.ssi_signo > INT_MAX) {
+        BLog(BLOG_ERROR, "read returned out of int range signo (%"PRIu32")", siginfo.ssi_signo);
+        return;
+    }
+    int signo = siginfo.ssi_signo;
+    if (sigismember(&o->signals, signo) <= 0) {
+        BLog(BLOG_ERROR, "read returned wrong signo (%d)", signo);
+        return;
+    }
+    
+    BLog(BLOG_DEBUG, "dispatching signal %d", signo);
+    
+    // call handler
+    o->handler(o->user, signo);
+    return;
+}
+
+#endif
+
+#ifdef BADVPN_USE_KEVENT
+
+static void kevent_handler (struct BUnixSignal_kevent_entry *entry, u_int fflags, intptr_t data)
+{
+    BUnixSignal *o = entry->parent;
+    DebugObject_Access(&o->d_obj);
+    
+    // call signal
+    o->handler(o->user, entry->signo);
+    return;
+}
+
+#endif
+
+#ifdef BADVPN_USE_SELFPIPE
+
+struct BUnixSignal_selfpipe_entry *bunixsignal_selfpipe_entries[BUNIXSIGNAL_MAX_SIGNALS];
+
+static void free_selfpipe_entry (struct BUnixSignal_selfpipe_entry *entry)
+{
+    BUnixSignal *o = entry->parent;
+    
+    // uninstall signal handler
+    struct sigaction act;
+    memset(&act, 0, sizeof(act));
+    act.sa_handler = SIG_DFL;
+    sigemptyset(&act.sa_mask);
+    ASSERT_FORCE(sigaction(entry->signo, &act, NULL) == 0)
+    
+    // free BFileDescriptor
+    BReactor_RemoveFileDescriptor(o->reactor, &entry->pipe_read_bfd);
+    
+    // close pipe
+    ASSERT_FORCE(close(entry->pipefds[0]) == 0)
+    ASSERT_FORCE(close(entry->pipefds[1]) == 0)
+}
+
+static void pipe_read_fd_handler (struct BUnixSignal_selfpipe_entry *entry, int events)
+{
+    BUnixSignal *o = entry->parent;
+    DebugObject_Access(&o->d_obj);
+    
+    // read a byte
+    uint8_t b;
+    if (read(entry->pipefds[0], &b, sizeof(b)) < 0) {
+        int error = errno;
+        if (error == EAGAIN || error == EWOULDBLOCK) {
+            return;
+        }
+        BLog(BLOG_ERROR, "read failed (%d)", error);
+        return;
+    }
+    
+    // call handler
+    o->handler(o->user, entry->signo);
+    return;
+}
+
+static void signal_handler (int signo)
+{
+    ASSERT(signo >= 0)
+    ASSERT(signo < BUNIXSIGNAL_MAX_SIGNALS)
+    
+    struct BUnixSignal_selfpipe_entry *entry = bunixsignal_selfpipe_entries[signo];
+    
+    uint8_t b = 0;
+    write(entry->pipefds[1], &b, sizeof(b));
+}
+
+#endif
+
+int BUnixSignal_Init (BUnixSignal *o, BReactor *reactor, sigset_t signals, BUnixSignal_handler handler, void *user)
+{
+    // init arguments
+    o->reactor = reactor;
+    o->signals = signals;
+    o->handler = handler;
+    o->user = user;
+    
+    #ifdef BADVPN_USE_SIGNALFD
+    
+    // init signalfd fd
+    if ((o->signalfd_fd = signalfd(-1, &o->signals, 0)) < 0) {
+        BLog(BLOG_ERROR, "signalfd failed");
+        goto fail0;
+    }
+    
+    // set non-blocking
+    if (fcntl(o->signalfd_fd, F_SETFL, O_NONBLOCK) < 0) {
+        BLog(BLOG_ERROR, "cannot set non-blocking");
+        goto fail1;
+    }
+    
+    // init signalfd BFileDescriptor
+    BFileDescriptor_Init(&o->signalfd_bfd, o->signalfd_fd, (BFileDescriptor_handler)signalfd_handler, o);
+    if (!BReactor_AddFileDescriptor(o->reactor, &o->signalfd_bfd)) {
+        BLog(BLOG_ERROR, "BReactor_AddFileDescriptor failed");
+        goto fail1;
+    }
+    BReactor_SetFileDescriptorEvents(o->reactor, &o->signalfd_bfd, BREACTOR_READ);
+    
+    // block signals
+    if (sigprocmask(SIG_BLOCK, &o->signals, 0) < 0) {
+        BLog(BLOG_ERROR, "sigprocmask block failed");
+        goto fail2;
+    }
+    
+    #endif
+    
+    #ifdef BADVPN_USE_KEVENT
+    
+    // count signals
+    int num_signals = 0;
+    for (int i = 0; i < BUNIXSIGNAL_MAX_SIGNALS; i++) {
+        if (!sigismember(&o->signals, i)) {
+            continue;
+        }
+        num_signals++;
+    }
+    
+    // allocate array
+    if (!(o->entries = BAllocArray(num_signals, sizeof(o->entries[0])))) {
+        BLog(BLOG_ERROR, "BAllocArray failed");
+        goto fail0;
+    }
+    
+    // init kevents
+    o->num_entries = 0;
+    for (int i = 0; i < BUNIXSIGNAL_MAX_SIGNALS; i++) {
+        if (!sigismember(&o->signals, i)) {
+            continue;
+        }
+        struct BUnixSignal_kevent_entry *entry = &o->entries[o->num_entries];
+        entry->parent = o;
+        entry->signo = i;
+        if (!BReactorKEvent_Init(&entry->kevent, o->reactor, (BReactorKEvent_handler)kevent_handler, entry, entry->signo, EVFILT_SIGNAL, 0, 0)) {
+            BLog(BLOG_ERROR, "BReactorKEvent_Init failed");
+            goto fail2;
+        }
+        o->num_entries++;
+    }
+    
+    // block signals
+    if (sigprocmask(SIG_BLOCK, &o->signals, 0) < 0) {
+        BLog(BLOG_ERROR, "sigprocmask block failed");
+        goto fail2;
+    }
+    
+    #endif
+    
+    #ifdef BADVPN_USE_SELFPIPE
+    
+    // count signals
+    int num_signals = 0;
+    for (int i = 1; i < BUNIXSIGNAL_MAX_SIGNALS; i++) {
+        if (!sigismember(&o->signals, i)) {
+            continue;
+        }
+        num_signals++;
+    }
+    
+    // allocate array
+    if (!(o->entries = BAllocArray(num_signals, sizeof(o->entries[0])))) {
+        BLog(BLOG_ERROR, "BAllocArray failed");
+        goto fail0;
+    }
+    
+    // init entries
+    o->num_entries = 0;
+    for (int i = 1; i < BUNIXSIGNAL_MAX_SIGNALS; i++) {
+        if (!sigismember(&o->signals, i)) {
+            continue;
+        }
+        
+        struct BUnixSignal_selfpipe_entry *entry = &o->entries[o->num_entries];
+        entry->parent = o;
+        entry->signo = i;
+        
+        // init pipe
+        if (pipe(entry->pipefds) < 0) {
+            BLog(BLOG_ERROR, "pipe failed");
+            goto loop_fail0;
+        }
+        
+        // set pipe ends non-blocking
+        if (!badvpn_set_nonblocking(entry->pipefds[0]) || !badvpn_set_nonblocking(entry->pipefds[1])) {
+            BLog(BLOG_ERROR, "set nonblocking failed");
+            goto loop_fail1;
+        }
+        
+        // init read end BFileDescriptor
+        BFileDescriptor_Init(&entry->pipe_read_bfd, entry->pipefds[0], (BFileDescriptor_handler)pipe_read_fd_handler, entry);
+        if (!BReactor_AddFileDescriptor(o->reactor, &entry->pipe_read_bfd)) {
+            BLog(BLOG_ERROR, "BReactor_AddFileDescriptor failed");
+            goto loop_fail1;
+        }
+        BReactor_SetFileDescriptorEvents(o->reactor, &entry->pipe_read_bfd, BREACTOR_READ);
+        
+        // set global entry pointer
+        bunixsignal_selfpipe_entries[entry->signo] = entry;
+        
+        // install signal handler
+        struct sigaction act;
+        memset(&act, 0, sizeof(act));
+        act.sa_handler = signal_handler;
+        sigemptyset(&act.sa_mask);
+        if (sigaction(entry->signo, &act, NULL) < 0) {
+            BLog(BLOG_ERROR, "sigaction failed");
+            goto loop_fail2;
+        }
+        
+        o->num_entries++;
+        
+        continue;
+        
+    loop_fail2:
+        BReactor_RemoveFileDescriptor(o->reactor, &entry->pipe_read_bfd);
+    loop_fail1:
+        ASSERT_FORCE(close(entry->pipefds[0]) == 0)
+        ASSERT_FORCE(close(entry->pipefds[1]) == 0)
+    loop_fail0:
+        goto fail2;
+    }
+    
+    #endif
+    
+    DebugObject_Init(&o->d_obj);
+    
+    return 1;
+    
+    #ifdef BADVPN_USE_SIGNALFD
+fail2:
+    BReactor_RemoveFileDescriptor(o->reactor, &o->signalfd_bfd);
+fail1:
+    ASSERT_FORCE(close(o->signalfd_fd) == 0)
+    #endif
+    
+    #ifdef BADVPN_USE_KEVENT
+fail2:
+    while (o->num_entries > 0) {
+        BReactorKEvent_Free(&o->entries[o->num_entries - 1].kevent);
+        o->num_entries--;
+    }
+    BFree(o->entries);
+    #endif
+    
+    #ifdef BADVPN_USE_SELFPIPE
+fail2:
+    while (o->num_entries > 0) {
+        free_selfpipe_entry(&o->entries[o->num_entries - 1]);
+        o->num_entries--;
+    }
+    BFree(o->entries);
+    #endif
+    
+fail0:
+    return 0;
+}
+
+void BUnixSignal_Free (BUnixSignal *o, int unblock)
+{
+    ASSERT(unblock == 0 || unblock == 1)
+    DebugObject_Free(&o->d_obj);
+    
+    #ifdef BADVPN_USE_SIGNALFD
+    
+    if (unblock) {
+        // unblock signals
+        ASSERT_FORCE(sigprocmask(SIG_UNBLOCK, &o->signals, 0) == 0)
+    }
+    
+    // free signalfd BFileDescriptor
+    BReactor_RemoveFileDescriptor(o->reactor, &o->signalfd_bfd);
+    
+    // free signalfd fd
+    ASSERT_FORCE(close(o->signalfd_fd) == 0)
+    
+    #endif
+    
+    #ifdef BADVPN_USE_KEVENT
+    
+    if (unblock) {
+        // unblock signals
+        ASSERT_FORCE(sigprocmask(SIG_UNBLOCK, &o->signals, 0) == 0)
+    }
+    
+    // free kevents
+    while (o->num_entries > 0) {
+        BReactorKEvent_Free(&o->entries[o->num_entries - 1].kevent);
+        o->num_entries--;
+    }
+    
+    // free array
+    BFree(o->entries);
+    
+    #endif
+    
+    #ifdef BADVPN_USE_SELFPIPE
+    
+    if (!unblock) {
+        // block signals
+        if (sigprocmask(SIG_BLOCK, &o->signals, 0) < 0) {
+            BLog(BLOG_ERROR, "sigprocmask block failed");
+        }
+    }
+    
+    // free entries
+    while (o->num_entries > 0) {
+        free_selfpipe_entry(&o->entries[o->num_entries - 1]);
+        o->num_entries--;
+    }
+    
+    // free array
+    BFree(o->entries);
+    
+    #endif
+}
diff --git a/client/3rd/PacketProcessor/PacketProcessor/tun2socks-iOS/system/BUnixSignal.h b/client/3rd/PacketProcessor/PacketProcessor/tun2socks-iOS/system/BUnixSignal.h
new file mode 100644
index 00000000..53f48ae3
--- /dev/null
+++ b/client/3rd/PacketProcessor/PacketProcessor/tun2socks-iOS/system/BUnixSignal.h
@@ -0,0 +1,132 @@
+/**
+ * @file BUnixSignal.h
+ * @author Ambroz Bizjak <ambrop7@gmail.com>
+ * 
+ * @section LICENSE
+ * 
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions are met:
+ * 1. Redistributions of source code must retain the above copyright
+ *    notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in the
+ *    documentation and/or other materials provided with the distribution.
+ * 3. Neither the name of the author nor the
+ *    names of its contributors may be used to endorse or promote products
+ *    derived from this software without specific prior written permission.
+ * 
+ * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS" AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED
+ * WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE
+ * DISCLAIMED. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY
+ * DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES
+ * (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
+ * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND
+ * ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
+ * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS
+ * SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
+ * 
+ * @section DESCRIPTION
+ * 
+ * Object for catching unix signals.
+ */
+
+#ifndef BADVPN_SYSTEM_BUNIXSIGNAL_H
+#define BADVPN_SYSTEM_BUNIXSIGNAL_H
+
+#if (defined(BADVPN_USE_SIGNALFD) + defined(BADVPN_USE_KEVENT) + defined(BADVPN_USE_SELFPIPE)) != 1
+#error Unknown signal backend or too many signal backends
+#endif
+
+#include <unistd.h>
+#include <signal.h>
+
+#include "misc/debug.h"
+#include "system/BReactor.h"
+#include "base/DebugObject.h"
+
+struct BUnixSignal_s;
+
+/**
+ * Handler function called when a signal is received.
+ * 
+ * @param user as in {@link BUnixSignal_Init}
+ * @param signo signal number. Will be one of the signals provided to {@link signals}.
+ */
+typedef void (*BUnixSignal_handler) (void *user, int signo);
+
+#ifdef BADVPN_USE_KEVENT
+struct BUnixSignal_kevent_entry {
+    struct BUnixSignal_s *parent;
+    int signo;
+    BReactorKEvent kevent;
+};
+#endif
+
+#ifdef BADVPN_USE_SELFPIPE
+struct BUnixSignal_selfpipe_entry {
+    struct BUnixSignal_s *parent;
+    int signo;
+    int pipefds[2];
+    BFileDescriptor pipe_read_bfd;
+};
+#endif
+
+/**
+ * Object for catching unix signals.
+ */
+typedef struct BUnixSignal_s {
+    BReactor *reactor;
+    sigset_t signals;
+    BUnixSignal_handler handler;
+    void *user;
+    
+    #ifdef BADVPN_USE_SIGNALFD
+    int signalfd_fd;
+    BFileDescriptor signalfd_bfd;
+    #endif
+    
+    #ifdef BADVPN_USE_KEVENT
+    struct BUnixSignal_kevent_entry *entries;
+    int num_entries;
+    #endif
+    
+    #ifdef BADVPN_USE_SELFPIPE
+    struct BUnixSignal_selfpipe_entry *entries;
+    int num_entries;
+    #endif
+    
+    DebugObject d_obj;
+} BUnixSignal;
+
+/**
+ * Initializes the object.
+ * {@link BLog_Init} must have been done.
+ * 
+ * WARNING: for every signal number there should be at most one {@link BUnixSignal}
+ * object handling it (or anything else that could interfere).
+ * 
+ * This blocks the signal using sigprocmask() and sets up signalfd() for receiving
+ * signals.
+ *
+ * @param o the object
+ * @param reactor reactor we live in
+ * @param signals signals to handle. See man 3 sigsetops.
+ * @param handler handler function to call when a signal is received
+ * @param user value passed to callback function
+ * @return 1 on success, 0 on failure
+ */
+int BUnixSignal_Init (BUnixSignal *o, BReactor *reactor, sigset_t signals, BUnixSignal_handler handler, void *user) WARN_UNUSED;
+
+/**
+ * Frees the object.
+ * 
+ * @param o the object
+ * @param unblock whether to unblock the signals using sigprocmask(). Not unblocking it
+ *                can be used while the program is exiting gracefully to prevent the
+ *                signals from being handled handled according to its default disposition
+ *                after this function is called. Must be 0 or 1.
+ */
+void BUnixSignal_Free (BUnixSignal *o, int unblock);
+
+#endif
diff --git a/client/3rd/PacketProcessor/PacketProcessor/tun2socks-iOS/tun2socks/SocksUdpGwClient.c b/client/3rd/PacketProcessor/PacketProcessor/tun2socks-iOS/tun2socks/SocksUdpGwClient.c
new file mode 100644
index 00000000..93fb019d
--- /dev/null
+++ b/client/3rd/PacketProcessor/PacketProcessor/tun2socks-iOS/tun2socks/SocksUdpGwClient.c
@@ -0,0 +1,606 @@
+/*
+ * Copyright (C) Ambroz Bizjak <ambrop7@gmail.com>
+ * Contributions:
+ * Transparent DNS: Copyright (C) Kerem Hadimli <kerem.hadimli@gmail.com>
+ * 
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions are met:
+ * 1. Redistributions of source code must retain the above copyright
+ *    notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in the
+ *    documentation and/or other materials provided with the distribution.
+ * 3. Neither the name of the author nor the
+ *    names of its contributors may be used to endorse or promote products
+ *    derived from this software without specific prior written permission.
+ * 
+ * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS" AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED
+ * WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE
+ * DISCLAIMED. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY
+ * DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES
+ * (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
+ * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND
+ * ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
+ * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS
+ * SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
+ */
+
+#include "misc/debug.h"
+#include "base/BLog.h"
+
+#include "tun2socks/SocksUdpGwClient.h"
+
+#include "generated/blog_channel_SocksUdpGwClient.h"
+
+#ifdef BADVPN_SOCKS_UDP_RELAY
+
+#include "misc/socks_proto.h"
+#define CONNECTION_UDP_BUFFER_SIZE 1
+
+#else
+
+static void free_socks (SocksUdpGwClient *o);
+static void try_connect (SocksUdpGwClient *o);
+static void reconnect_timer_handler (SocksUdpGwClient *o);
+static void socks_client_handler (SocksUdpGwClient *o, int event);
+static void udpgw_handler_servererror (SocksUdpGwClient *o);
+static void udpgw_handler_received (SocksUdpGwClient *o, BAddr local_addr, BAddr remote_addr, const uint8_t *data, int data_len);
+
+#endif
+
+#ifdef BADVPN_SOCKS_UDP_RELAY
+static void dgram_handler (SocksUdpGwClient_connection *o, int event);
+static void dgram_handler_received (SocksUdpGwClient_connection *o, uint8_t *data, int data_len);
+static int conaddr_comparator (void *unused, SocksUdpGwClient_conaddr *v1, SocksUdpGwClient_conaddr *v2);
+static SocksUdpGwClient_connection * find_connection (SocksUdpGwClient *o, SocksUdpGwClient_conaddr conaddr);
+static SocksUdpGwClient_connection * reuse_connection (SocksUdpGwClient *o, SocksUdpGwClient_conaddr conaddr);
+static void connection_send (SocksUdpGwClient_connection *o, const uint8_t *data, int data_len);
+static void connection_first_job_handler (SocksUdpGwClient_connection *con);
+static SocksUdpGwClient_connection *connection_init (SocksUdpGwClient *client, SocksUdpGwClient_conaddr conaddr, const uint8_t *data, int data_len);
+static void connection_free (SocksUdpGwClient_connection *o);
+
+static void dgram_handler (SocksUdpGwClient_connection *o, int event)
+{
+    SocksUdpGwClient *client = o->client;
+    ASSERT(client);
+    
+    DebugObject_Access(&client->d_obj);
+    
+    BLog(BLOG_INFO, "UDP error");
+}
+
+static void dgram_handler_received (SocksUdpGwClient_connection *o, uint8_t *data, int data_len)
+{
+    SocksUdpGwClient *client = o->client;
+    ASSERT(client);
+    
+    DebugObject_Access(&client->d_obj);
+    ASSERT(data_len >= 0)
+    ASSERT(data_len <= client->udpgw_mtu)
+    
+    // accept packet
+    PacketPassInterface_Done(&o->udp_recv_if);
+    
+    // check header
+    if (data_len < sizeof(struct socks_udp_header)) {
+        BLog(BLOG_ERROR, "missing header");
+        return;
+    }
+    struct socks_udp_header header;
+    memcpy(&header, data, sizeof(header));
+    data += sizeof(header);
+    data_len -= sizeof(header);
+    uint8_t frag = header.frag;
+    uint8_t atyp = header.atyp;
+    
+    // check fragment
+    if (frag) {
+        BLog(BLOG_ERROR, "unexpected frag");
+        return;
+    }
+    
+    // parse address
+    BAddr remote_addr;
+    if (atyp == SOCKS_ATYP_IPV6) {
+        if (data_len < sizeof(struct udpgw_addr_ipv6)) {
+            BLog(BLOG_ERROR, "missing ipv6 address");
+            return;
+        }
+        struct udpgw_addr_ipv6 addr_ipv6;
+        memcpy(&addr_ipv6, data, sizeof(addr_ipv6));
+        data += sizeof(addr_ipv6);
+        data_len -= sizeof(addr_ipv6);
+        BAddr_InitIPv6(&remote_addr, addr_ipv6.addr_ip, addr_ipv6.addr_port);
+    } else {
+        if (data_len < sizeof(struct udpgw_addr_ipv4)) {
+            BLog(BLOG_ERROR, "missing ipv4 address");
+            return;
+        }
+        struct udpgw_addr_ipv4 addr_ipv4;
+        memcpy(&addr_ipv4, data, sizeof(addr_ipv4));
+        data += sizeof(addr_ipv4);
+        data_len -= sizeof(addr_ipv4);
+        BAddr_InitIPv4(&remote_addr, addr_ipv4.addr_ip, addr_ipv4.addr_port);
+    }
+    
+    // check remote addr
+    if (!BAddr_Compare(&remote_addr, &o->conaddr.remote_addr)) {
+        BLog(BLOG_ERROR, "remote addr not match");
+        return;
+    }
+    
+    // check remaining data
+    if (data_len > client->udp_mtu) {
+        BLog(BLOG_ERROR, "too much data");
+        return;
+    }
+    
+    // submit to user
+    client->handler_received(client->user, o->conaddr.local_addr, remote_addr, data, data_len);
+}
+
+static int conaddr_comparator (void *unused, SocksUdpGwClient_conaddr *v1, SocksUdpGwClient_conaddr *v2)
+{
+    int r = BAddr_CompareOrder(&v1->remote_addr, &v2->remote_addr);
+    if (r) {
+        return r;
+    }
+    return BAddr_CompareOrder(&v1->local_addr, &v2->local_addr);
+}
+
+static SocksUdpGwClient_connection * find_connection (SocksUdpGwClient *o, SocksUdpGwClient_conaddr conaddr)
+{
+    BAVLNode *tree_node = BAVL_LookupExact(&o->connections_tree, &conaddr);
+    if (!tree_node) {
+        return NULL;
+    }
+    
+    return UPPER_OBJECT(tree_node, SocksUdpGwClient_connection, connections_tree_node);
+}
+
+static SocksUdpGwClient_connection * reuse_connection (SocksUdpGwClient *o, SocksUdpGwClient_conaddr conaddr)
+{
+    ASSERT(!find_connection(o, conaddr))
+    ASSERT(o->num_connections > 0)
+    
+    // get least recently used connection
+    SocksUdpGwClient_connection *con = UPPER_OBJECT(LinkedList1_GetFirst(&o->connections_list), SocksUdpGwClient_connection, connections_list_node);
+    
+    // remove from connections tree by conaddr
+    BAVL_Remove(&o->connections_tree, &con->connections_tree_node);
+    
+    // set new conaddr
+    con->conaddr = conaddr;
+    
+    // insert to connections tree by conaddr
+    ASSERT_EXECUTE(BAVL_Insert(&o->connections_tree, &con->connections_tree_node, NULL))
+    
+    return con;
+}
+
+static void connection_send (SocksUdpGwClient_connection *o, const uint8_t *data, int data_len)
+{
+    // get buffer location
+    uint8_t *out;
+    if (!BufferWriter_StartPacket(&o->udp_send_writer, &out)) {
+        BLog(BLOG_ERROR, "out of UDP buffer");
+        return;
+    }
+    int out_pos = 0;
+    
+    // write header
+    BAddr remote_addr = o->conaddr.remote_addr;
+    struct socks_udp_header header;
+    header.rsv = 0;
+    header.frag = 0;
+    if (remote_addr.type == BADDR_TYPE_IPV4) {
+        header.atyp = SOCKS_ATYP_IPV4;
+    } else {
+        header.atyp = SOCKS_ATYP_IPV6;
+    }
+    memcpy(out + out_pos, &header, sizeof(header));
+    out_pos += sizeof(header);
+    
+    // write address
+    switch (remote_addr.type) {
+        case BADDR_TYPE_IPV4: {
+            struct udpgw_addr_ipv4 addr_ipv4;
+            addr_ipv4.addr_ip = remote_addr.ipv4.ip;
+            addr_ipv4.addr_port = remote_addr.ipv4.port;
+            memcpy(out + out_pos, &addr_ipv4, sizeof(addr_ipv4));
+            out_pos += sizeof(addr_ipv4);
+        } break;
+        case BADDR_TYPE_IPV6: {
+            struct udpgw_addr_ipv6 addr_ipv6;
+            memcpy(addr_ipv6.addr_ip, remote_addr.ipv6.ip, sizeof(addr_ipv6.addr_ip));
+            addr_ipv6.addr_port = remote_addr.ipv6.port;
+            memcpy(out + out_pos, &addr_ipv6, sizeof(addr_ipv6));
+            out_pos += sizeof(addr_ipv6);
+        } break;
+    }
+    
+    // write packet to buffer
+    memcpy(out + out_pos, data, data_len);
+    out_pos += data_len;
+    
+    // submit written message
+    BufferWriter_EndPacket(&o->udp_send_writer, out_pos);
+}
+
+static void connection_first_job_handler (SocksUdpGwClient_connection *con)
+{
+    connection_send(con, con->first_data, con->first_data_len);
+}
+
+static SocksUdpGwClient_connection *connection_init (SocksUdpGwClient *client, SocksUdpGwClient_conaddr conaddr, const uint8_t *data, int data_len)
+{
+    // allocate structure
+    SocksUdpGwClient_connection *o = (SocksUdpGwClient_connection *) malloc(sizeof(*o));
+    if (!o) {
+        BLog(BLOG_ERROR, "malloc failed");
+        goto fail;
+    }
+    
+    // init arguments
+    o->client = client;
+    o->conaddr = conaddr;
+    o->first_data = data;
+    o->first_data_len = data_len;
+    
+    // init first job
+    BPending_Init(&o->first_job, BReactor_PendingGroup(client->reactor), (BPending_handler)connection_first_job_handler, o);
+    BPending_Set(&o->first_job);
+    
+    // init UDP dgram
+    if (!BDatagram_Init(&o->udp_dgram, client->remote_udpgw_addr.type, client->reactor, o, (BDatagram_handler)dgram_handler)) {
+        goto fail0;
+    }
+    
+    // set SO_REUSEADDR
+    if (!BDatagram_SetReuseAddr(&o->udp_dgram, 1)) {
+        BLog(BLOG_ERROR, "set SO_REUSEADDR failed");
+        goto fail1;
+    }
+    
+    // set UDP dgram send address
+    BIPAddr ipaddr;
+    memset(&ipaddr, 0, sizeof(ipaddr));
+    ipaddr.type = client->remote_udpgw_addr.type;
+    BDatagram_SetSendAddrs(&o->udp_dgram, client->remote_udpgw_addr, ipaddr);
+    
+    // init UDP dgram interfaces
+    BDatagram_SendAsync_Init(&o->udp_dgram, client->udp_mtu);
+    BDatagram_RecvAsync_Init(&o->udp_dgram, client->udp_mtu);
+    
+    // init UDP writer
+    BufferWriter_Init(&o->udp_send_writer, client->udp_mtu, BReactor_PendingGroup(client->reactor));
+    
+    // init UDP buffer
+    if (!PacketBuffer_Init(&o->udp_send_buffer, BufferWriter_GetOutput(&o->udp_send_writer), BDatagram_SendAsync_GetIf(&o->udp_dgram), CONNECTION_UDP_BUFFER_SIZE, BReactor_PendingGroup(client->reactor))) {
+        BLog(BLOG_ERROR, "PacketBuffer_Init failed");
+        goto fail2;
+    }
+    
+    // init UDP recv interface
+    PacketPassInterface_Init(&o->udp_recv_if, client->udp_mtu, (PacketPassInterface_handler_send)dgram_handler_received, o, BReactor_PendingGroup(client->reactor));
+    
+    // init UDP recv buffer
+    if (!SinglePacketBuffer_Init(&o->udp_recv_buffer, BDatagram_RecvAsync_GetIf(&o->udp_dgram), &o->udp_recv_if, BReactor_PendingGroup(client->reactor))) {
+        BLog(BLOG_ERROR, "SinglePacketBuffer_Init failed");
+        goto fail3;
+    }
+    
+    // insert to connections tree by conaddr
+    ASSERT_EXECUTE(BAVL_Insert(&client->connections_tree, &o->connections_tree_node, NULL));
+    
+    // insert to connections list
+    LinkedList1_Append(&client->connections_list, &o->connections_list_node);
+    
+    // increment number of connections
+    client->num_connections++;
+    
+    // succeed to init
+    return o;
+    
+fail3:
+    PacketPassInterface_Free(&o->udp_recv_if);
+    PacketBuffer_Free(&o->udp_send_buffer);
+fail2:
+    BufferWriter_Free(&o->udp_send_writer);
+    BDatagram_RecvAsync_Free(&o->udp_dgram);
+    BDatagram_SendAsync_Free(&o->udp_dgram);
+fail1:
+    BDatagram_Free(&o->udp_dgram);
+    
+fail0:
+    BPending_Free(&o->first_job);
+    free(o);
+fail:
+    return NULL;
+}
+
+static void connection_free (SocksUdpGwClient_connection *o)
+{
+    SocksUdpGwClient *client = o->client;
+    
+    // decrement number of connections
+    client->num_connections--;
+    
+    // remove from connections list
+    LinkedList1_Remove(&client->connections_list, &o->connections_list_node);
+    
+    // remove from connections tree by conaddr
+    BAVL_Remove(&client->connections_tree, &o->connections_tree_node);
+    
+    // free UDP receive buffer
+    SinglePacketBuffer_Free(&o->udp_recv_buffer);
+    
+    // free UDP receive interface
+    PacketPassInterface_Free(&o->udp_recv_if);
+    
+    // free UDP buffer
+    PacketBuffer_Free(&o->udp_send_buffer);
+    
+    // free UDP writer
+    BufferWriter_Free(&o->udp_send_writer);
+    
+    // free UDP dgram interfaces
+    BDatagram_RecvAsync_Free(&o->udp_dgram);
+    BDatagram_SendAsync_Free(&o->udp_dgram);
+    
+    // free UDP dgram
+    BDatagram_Free(&o->udp_dgram);
+    
+    // free structure
+    free(o);
+}
+
+#else
+
+static void free_socks (SocksUdpGwClient *o)
+{
+    ASSERT(o->have_socks)
+    
+    // disconnect udpgw client from SOCKS
+    if (o->socks_up) {
+        UdpGwClient_DisconnectServer(&o->udpgw_client);
+    }
+    
+    // free SOCKS client
+    BSocksClient_Free(&o->socks_client);
+    
+    // set have no SOCKS
+    o->have_socks = 0;
+}
+
+static void try_connect (SocksUdpGwClient *o)
+{
+    ASSERT(!o->have_socks)
+    ASSERT(!BTimer_IsRunning(&o->reconnect_timer))
+    
+    // init SOCKS client
+    if (!BSocksClient_Init(&o->socks_client, o->socks_server_addr, o->auth_info, o->num_auth_info, o->remote_udpgw_addr, (BSocksClient_handler)socks_client_handler, o, o->reactor)) {
+        BLog(BLOG_ERROR, "BSocksClient_Init failed");
+        goto fail0;
+    }
+    
+    // set have SOCKS
+    o->have_socks = 1;
+    
+    // set SOCKS not up
+    o->socks_up = 0;
+    
+    return;
+    
+fail0:
+    // set reconnect timer
+    BReactor_SetTimer(o->reactor, &o->reconnect_timer);
+}
+
+static void reconnect_timer_handler (SocksUdpGwClient *o)
+{
+    DebugObject_Access(&o->d_obj);
+    ASSERT(!o->have_socks)
+    
+    // try connecting
+    try_connect(o);
+}
+
+static void socks_client_handler (SocksUdpGwClient *o, int event)
+{
+    DebugObject_Access(&o->d_obj);
+    ASSERT(o->have_socks)
+    
+    switch (event) {
+        case BSOCKSCLIENT_EVENT_UP: {
+            ASSERT(!o->socks_up)
+            
+            BLog(BLOG_INFO, "SOCKS up");
+            
+            // connect udpgw client to SOCKS
+            if (!UdpGwClient_ConnectServer(&o->udpgw_client, BSocksClient_GetSendInterface(&o->socks_client), BSocksClient_GetRecvInterface(&o->socks_client))) {
+                BLog(BLOG_ERROR, "UdpGwClient_ConnectServer failed");
+                goto fail0;
+            }
+            
+            // set SOCKS up
+            o->socks_up = 1;
+            
+            return;
+            
+        fail0:
+            // free SOCKS
+            free_socks(o);
+            
+            // set reconnect timer
+            BReactor_SetTimer(o->reactor, &o->reconnect_timer);
+        } break;
+        
+        case BSOCKSCLIENT_EVENT_ERROR:
+        case BSOCKSCLIENT_EVENT_ERROR_CLOSED: {
+            BLog(BLOG_INFO, "SOCKS error");
+            
+            // free SOCKS
+            free_socks(o);
+            
+            // set reconnect timer
+            BReactor_SetTimer(o->reactor, &o->reconnect_timer);
+        } break;
+        
+        default: ASSERT(0);
+    }
+}
+
+static void udpgw_handler_servererror (SocksUdpGwClient *o)
+{
+    DebugObject_Access(&o->d_obj);
+    ASSERT(o->have_socks)
+    ASSERT(o->socks_up)
+    
+    BLog(BLOG_ERROR, "client reports server error");
+    
+    // free SOCKS
+    free_socks(o);
+    
+    // set reconnect timer
+    BReactor_SetTimer(o->reactor, &o->reconnect_timer);
+}
+
+static void udpgw_handler_received (SocksUdpGwClient *o, BAddr local_addr, BAddr remote_addr, const uint8_t *data, int data_len)
+{
+    DebugObject_Access(&o->d_obj);
+    
+    // submit to user
+    o->handler_received(o->user, local_addr, remote_addr, data, data_len);
+    return;
+}
+
+#endif
+
+int SocksUdpGwClient_Init (SocksUdpGwClient *o, int udp_mtu, int max_connections, int send_buffer_size, btime_t keepalive_time, BAddr socks_server_addr, const struct BSocksClient_auth_info *auth_info, size_t num_auth_info,
+                           BAddr remote_udpgw_addr, btime_t reconnect_time, BReactor *reactor, void *user,
+                           SocksUdpGwClient_handler_received handler_received)
+{
+    // see asserts in UdpGwClient_Init
+//    ASSERT(!BAddr_IsInvalid(&socks_server_addr))
+#ifndef BADVPN_SOCKS_UDP_RELAY
+    ASSERT(remote_udpgw_addr.type == BADDR_TYPE_IPV4 || remote_udpgw_addr.type == BADDR_TYPE_IPV6)
+#endif
+    
+    // init arguments
+    o->udp_mtu = udp_mtu;
+    o->socks_server_addr = socks_server_addr;
+    o->auth_info = auth_info;
+    o->num_auth_info = num_auth_info;
+    o->remote_udpgw_addr = remote_udpgw_addr;
+    o->reactor = reactor;
+    o->user = user;
+    o->handler_received = handler_received;
+    
+#ifdef BADVPN_SOCKS_UDP_RELAY
+    // compute MTUs
+    o->udpgw_mtu = udpgw_compute_mtu(o->udp_mtu);
+    o->max_connections = max_connections;
+    
+    // limit max connections to number of conid's
+    if (o->max_connections > UINT16_MAX + 1) {
+        o->max_connections = UINT16_MAX + 1;
+    }
+    
+    // init connections tree by conaddr
+    BAVL_Init(&o->connections_tree, OFFSET_DIFF(SocksUdpGwClient_connection, conaddr, connections_tree_node), (BAVL_comparator)conaddr_comparator, NULL);
+    
+    // init connections list
+    LinkedList1_Init(&o->connections_list);
+#else
+    // init udpgw client
+    if (!UdpGwClient_Init(&o->udpgw_client, udp_mtu, max_connections, send_buffer_size, keepalive_time, o->reactor, o,
+                          (UdpGwClient_handler_servererror)udpgw_handler_servererror,
+                          (UdpGwClient_handler_received)udpgw_handler_received
+    )) {
+        goto fail0;
+    }
+    
+    // init reconnect timer
+    BTimer_Init(&o->reconnect_timer, reconnect_time, (BTimer_handler)reconnect_timer_handler, o);
+    
+    // set have no SOCKS
+    o->have_socks = 0;
+    
+    // try connecting
+    try_connect(o);
+#endif
+    
+    DebugObject_Init(&o->d_obj);
+    return 1;
+    
+fail0:
+    return 0;
+}
+
+void SocksUdpGwClient_Free (SocksUdpGwClient *o)
+{
+    DebugObject_Free(&o->d_obj);
+    
+#ifdef BADVPN_SOCKS_UDP_RELAY
+    // free connections
+    while (!LinkedList1_IsEmpty(&o->connections_list)) {
+        SocksUdpGwClient_connection *con = UPPER_OBJECT(LinkedList1_GetFirst(&o->connections_list), SocksUdpGwClient_connection, connections_list_node);
+        connection_free(con);
+    }
+#else
+    // free SOCKS
+    if (o->have_socks) {
+        free_socks(o);
+    }
+    
+    // free reconnect timer
+    BReactor_RemoveTimer(o->reactor, &o->reconnect_timer);
+    
+    // free udpgw client
+    UdpGwClient_Free(&o->udpgw_client);
+#endif
+}
+
+void SocksUdpGwClient_SubmitPacket (SocksUdpGwClient *o, BAddr local_addr, BAddr remote_addr, int is_dns, const uint8_t *data, int data_len)
+{
+    DebugObject_Access(&o->d_obj);
+    // see asserts in UdpGwClient_SubmitPacket
+    
+#ifdef BADVPN_SOCKS_UDP_RELAY
+    ASSERT(local_addr.type == BADDR_TYPE_IPV4 || local_addr.type == BADDR_TYPE_IPV6)
+    ASSERT(remote_addr.type == BADDR_TYPE_IPV4 || remote_addr.type == BADDR_TYPE_IPV6)
+    ASSERT(data_len >= 0)
+    ASSERT(data_len <= o->udp_mtu)
+    
+    // build conaddr
+    SocksUdpGwClient_conaddr conaddr;
+    conaddr.local_addr = local_addr;
+    conaddr.remote_addr = remote_addr;
+    
+    // lookup connection
+    SocksUdpGwClient_connection *con = find_connection(o, conaddr);
+    
+    // if no connection and can't create a new one, reuse the least recently used une
+    if (!con && o->num_connections == o->max_connections) {
+        con = reuse_connection(o, conaddr);
+    }
+    
+    if (!con) {
+        // create new connection
+        con = connection_init(o, conaddr, data, data_len);
+    } else {
+        // move connection to front of the list
+        LinkedList1_Remove(&o->connections_list, &con->connections_list_node);
+        LinkedList1_Append(&o->connections_list, &con->connections_list_node);
+        
+        // send packet to existing connection
+        connection_send(con, data, data_len);
+    }
+#else
+    // submit to udpgw client
+    UdpGwClient_SubmitPacket(&o->udpgw_client, local_addr, remote_addr, is_dns, data, data_len);
+#endif
+}
+
diff --git a/client/3rd/PacketProcessor/PacketProcessor/tun2socks-iOS/tun2socks/SocksUdpGwClient.h b/client/3rd/PacketProcessor/PacketProcessor/tun2socks-iOS/tun2socks/SocksUdpGwClient.h
new file mode 100644
index 00000000..f69df1f9
--- /dev/null
+++ b/client/3rd/PacketProcessor/PacketProcessor/tun2socks-iOS/tun2socks/SocksUdpGwClient.h
@@ -0,0 +1,105 @@
+/*
+ * Copyright (C) Ambroz Bizjak <ambrop7@gmail.com>
+ * Contributions:
+ * Transparent DNS: Copyright (C) Kerem Hadimli <kerem.hadimli@gmail.com>
+ * 
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions are met:
+ * 1. Redistributions of source code must retain the above copyright
+ *    notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in the
+ *    documentation and/or other materials provided with the distribution.
+ * 3. Neither the name of the author nor the
+ *    names of its contributors may be used to endorse or promote products
+ *    derived from this software without specific prior written permission.
+ * 
+ * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS" AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED
+ * WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE
+ * DISCLAIMED. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY
+ * DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES
+ * (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
+ * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND
+ * ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
+ * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS
+ * SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
+ */
+
+#ifndef BADVPN_TUN2SOCKS_SOCKSUDPGWCLIENT_H
+#define BADVPN_TUN2SOCKS_SOCKSUDPGWCLIENT_H
+
+#include "misc/debug.h"
+#include "base/DebugObject.h"
+#include "system/BReactor.h"
+#ifdef BADVPN_SOCKS_UDP_RELAY
+#include <protocol/udpgw_proto.h>
+#include <protocol/packetproto.h>
+#include <system/BDatagram.h>
+#include <flow/PacketBuffer.h>
+#include <flow/SinglePacketBuffer.h>
+#include <flow/BufferWriter.h>
+#include <structure/BAVL.h>
+#include <structure/LinkedList1.h>
+#include <misc/offset.h>
+#else
+#include "udpgw_client/UdpGwClient.h"
+#include "socksclient/BSocksClient.h"
+#endif
+
+typedef void (*SocksUdpGwClient_handler_received) (void *user, BAddr local_addr, BAddr remote_addr, const uint8_t *data, int data_len);
+
+typedef struct {
+    int udp_mtu;
+    BAddr socks_server_addr;
+    const struct BSocksClient_auth_info *auth_info;
+    size_t num_auth_info;
+    BAddr remote_udpgw_addr;
+    BReactor *reactor;
+    void *user;
+    SocksUdpGwClient_handler_received handler_received;
+#ifdef BADVPN_SOCKS_UDP_RELAY
+    int udpgw_mtu;
+    int num_connections;
+    int max_connections;
+    BAVL connections_tree;
+    LinkedList1 connections_list;
+#else
+    UdpGwClient udpgw_client;
+    BTimer reconnect_timer;
+    int have_socks;
+    BSocksClient socks_client;
+    int socks_up;
+#endif
+    DebugObject d_obj;
+} SocksUdpGwClient;
+
+#ifdef BADVPN_SOCKS_UDP_RELAY
+typedef struct {
+    BAddr local_addr;
+    BAddr remote_addr;
+} SocksUdpGwClient_conaddr;
+
+typedef struct {
+    SocksUdpGwClient *client;
+    SocksUdpGwClient_conaddr conaddr;
+    BPending first_job;
+    const uint8_t *first_data;
+    int first_data_len;
+    BDatagram udp_dgram;
+    BufferWriter udp_send_writer;
+    PacketBuffer udp_send_buffer;
+    SinglePacketBuffer udp_recv_buffer;
+    PacketPassInterface udp_recv_if;
+    BAVLNode connections_tree_node;
+    LinkedList1Node connections_list_node;
+} SocksUdpGwClient_connection;
+#endif
+
+int SocksUdpGwClient_Init (SocksUdpGwClient *o, int udp_mtu, int max_connections, int send_buffer_size, btime_t keepalive_time, BAddr socks_server_addr, const struct BSocksClient_auth_info *auth_info, size_t num_auth_info,
+                           BAddr remote_udpgw_addr, btime_t reconnect_time, BReactor *reactor, void *user,
+                           SocksUdpGwClient_handler_received handler_received) WARN_UNUSED;
+void SocksUdpGwClient_Free (SocksUdpGwClient *o);
+void SocksUdpGwClient_SubmitPacket (SocksUdpGwClient *o, BAddr local_addr, BAddr remote_addr, int is_dns, const uint8_t *data, int data_len);
+
+#endif
diff --git a/client/3rd/PacketProcessor/PacketProcessor/tun2socks-iOS/tun2socks/tun2socks.c b/client/3rd/PacketProcessor/PacketProcessor/tun2socks-iOS/tun2socks/tun2socks.c
new file mode 100644
index 00000000..4e07999a
--- /dev/null
+++ b/client/3rd/PacketProcessor/PacketProcessor/tun2socks-iOS/tun2socks/tun2socks.c
@@ -0,0 +1,1955 @@
+/*
+ * Copyright (C) Ambroz Bizjak <ambrop7@gmail.com>
+ * Contributions:
+ * Transparent DNS: Copyright (C) Kerem Hadimli <kerem.hadimli@gmail.com>
+ * 
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions are met:
+ * 1. Redistributions of source code must retain the above copyright
+ *    notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in the
+ *    documentation and/or other materials provided with the distribution.
+ * 3. Neither the name of the author nor the
+ *    names of its contributors may be used to endorse or promote products
+ *    derived from this software without specific prior written permission.
+ * 
+ * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS" AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED
+ * WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE
+ * DISCLAIMED. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY
+ * DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES
+ * (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
+ * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND
+ * ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
+ * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS
+ * SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
+ */
+
+#include <stdint.h>
+#include <stdio.h>
+#include <stddef.h>
+#include <string.h>
+#include <limits.h>
+
+#include "misc/version.h"
+#include "misc/loggers_string.h"
+#include "misc/loglevel.h"
+#include "misc/minmax.h"
+#include "misc/offset.h"
+#include "misc/dead.h"
+#include "misc/ipv4_proto.h"
+#include "misc/ipv6_proto.h"
+#include "misc/udp_proto.h"
+#include "misc/byteorder.h"
+#include "misc/balloc.h"
+#include "misc/open_standard_streams.h"
+#include "misc/read_file.h"
+#include "misc/ipaddr6.h"
+#include "misc/concat_strings.h"
+#include "structure/LinkedList1.h"
+#include "base/BLog.h"
+#include "system/BReactor.h"
+#include "system/BSignal.h"
+#include "system/BAddr.h"
+#include "system/BNetwork.h"
+#include "flow/SinglePacketBuffer.h"
+#include "socksclient/BSocksClient.h"
+#include "tuntap/BTap.h"
+#include "lwip/init.h"
+#include "lwip/tcp_impl.h"
+#include "lwip/netif.h"
+#include "lwip/tcp.h"
+#include "tun2socks/SocksUdpGwClient.h"
+//#include <Foundation/Foundation.h>
+
+#ifndef BADVPN_USE_WINAPI
+#include "base/BLog_syslog.h"
+#endif
+
+#include "tun2socks/tun2socks.h"
+
+#include "generated/blog_channel_tun2socks.h"
+
+#define LOGGER_STDOUT 1
+#define LOGGER_SYSLOG 2
+
+#define SYNC_DECL \
+    BPending sync_mark; \
+
+#define SYNC_FROMHERE \
+    BPending_Init(&sync_mark, BReactor_PendingGroup(&ss), NULL, NULL); \
+    BPending_Set(&sync_mark);
+
+#define SYNC_BREAK \
+    BPending_Free(&sync_mark);
+
+#define SYNC_COMMIT \
+    BReactor_Synchronize(&ss, &sync_mark.base); \
+    BPending_Free(&sync_mark);
+
+// command-line options
+struct {
+    int help;
+    int version;
+    int logger;
+    #ifndef BADVPN_USE_WINAPI
+    char *logger_syslog_facility;
+    char *logger_syslog_ident;
+    #endif
+    int loglevel;
+    int loglevels[BLOG_NUM_CHANNELS];
+    int fd;
+    int mtu;
+    char *netif_ipaddr;
+    char *netif_netmask;
+    char *netif_ip6addr;
+    char *socks_server_addr;
+    char *username;
+    char *password;
+    char *password_file;
+    int append_source_to_username;
+    char *udpgw_remote_server_addr;
+    int udpgw_max_connections;
+    int udpgw_connection_buffer_size;
+    int udpgw_transparent_dns;
+} options;
+
+// TCP client
+struct tcp_client {
+    dead_t dead;
+    dead_t dead_client;
+    LinkedList1Node list_node;
+    BAddr local_addr;
+    BAddr remote_addr;
+    struct tcp_pcb *pcb;
+    int client_closed;
+    uint8_t buf[TCP_WND];
+    int buf_used;
+    char *socks_username;
+    BSocksClient socks_client;
+    int socks_up;
+    int socks_closed;
+    StreamPassInterface *socks_send_if;
+    StreamRecvInterface *socks_recv_if;
+    uint8_t socks_recv_buf[CLIENT_SOCKS_RECV_BUF_SIZE];
+    int socks_recv_buf_used;
+    int socks_recv_buf_sent;
+    int socks_recv_waiting;
+    int socks_recv_tcp_pending;
+};
+
+// IP address of netif
+BIPAddr netif_ipaddr;
+
+// netmask of netif
+BIPAddr netif_netmask;
+
+// IP6 address of netif
+struct ipv6_addr netif_ip6addr;
+
+// SOCKS server address
+BAddr socks_server_addr;
+
+// allocated password file contents
+uint8_t *password_file_contents;
+
+// SOCKS authentication information
+struct BSocksClient_auth_info socks_auth_info[2];
+size_t socks_num_auth_info;
+
+// remote udpgw server addr, if provided
+BAddr udpgw_remote_server_addr;
+
+// reactor
+BReactor ss;
+
+// set to 1 by terminate
+int quitting;
+
+// TUN device
+BTap device;
+
+// device write buffer
+uint8_t *device_write_buf;
+
+// device reading
+SinglePacketBuffer device_read_buffer;
+PacketPassInterface device_read_interface;
+
+// udpgw client
+SocksUdpGwClient udpgw_client;
+int udp_mtu;
+
+// TCP timer
+BTimer tcp_timer;
+
+// job for initializing lwip
+BPending lwip_init_job;
+
+// lwip netif
+int have_netif;
+struct netif the_netif;
+
+// lwip TCP listener
+struct tcp_pcb *listener;
+
+// lwip TCP/IPv6 listener
+struct tcp_pcb *listener_ip6;
+
+// TCP clients
+LinkedList1 tcp_clients;
+
+// number of clients
+int num_clients;
+
+static void terminate (void);
+static void print_help (const char *name);
+static void print_version (void);
+static int parse_arguments (int argc, char *argv[]);
+static int process_arguments (void);
+static void signal_handler (void *unused);
+static BAddr baddr_from_lwip (int is_ipv6, const ipX_addr_t *ipx_addr, uint16_t port_hostorder);
+static void lwip_init_job_hadler (void *unused);
+static void tcp_timer_handler (void *unused);
+static void device_error_handler (void *unused);
+static void device_read_handler_send (void *unused, uint8_t *data, int data_len);
+static int process_device_udp_packet (uint8_t *data, int data_len);
+static err_t netif_init_func (struct netif *netif);
+static err_t netif_output_func (struct netif *netif, struct pbuf *p, ip_addr_t *ipaddr);
+//static err_t netif_output_ip6_func (struct netif *netif, struct pbuf *p, ip6_addr_t *ipaddr);
+static err_t common_netif_output (struct netif *netif, struct pbuf *p);
+static err_t netif_input_func (struct pbuf *p, struct netif *inp);
+static void client_logfunc (struct tcp_client *client);
+static void client_log (struct tcp_client *client, int level, const char *fmt, ...);
+static err_t listener_accept_func (void *arg, struct tcp_pcb *newpcb, err_t err);
+static void client_handle_freed_client (struct tcp_client *client);
+static void client_free_client (struct tcp_client *client);
+static void client_abort_client (struct tcp_client *client);
+static void client_free_socks (struct tcp_client *client);
+static void client_murder (struct tcp_client *client);
+static void client_dealloc (struct tcp_client *client);
+static void client_err_func (void *arg, err_t err);
+static err_t client_recv_func (void *arg, struct tcp_pcb *tpcb, struct pbuf *p, err_t err);
+static void client_socks_handler (struct tcp_client *client, int event);
+static void client_send_to_socks (struct tcp_client *client);
+static void client_socks_send_handler_done (struct tcp_client *client, int data_len);
+static void client_socks_recv_initiate (struct tcp_client *client);
+static void client_socks_recv_handler_done (struct tcp_client *client, int data_len);
+static int client_socks_recv_send_out (struct tcp_client *client);
+static err_t client_sent_func (void *arg, struct tcp_pcb *tpcb, u16_t len);
+static void udpgw_client_handler_received (void *unused, BAddr local_addr, BAddr remote_addr, const uint8_t *data, int data_len);
+
+int tun2socks_main (int argc, char **argv, int fd, int mtu)
+{
+    if (argc <= 0) {
+        return 1;
+    }
+    
+    // open standard streams
+    open_standard_streams();
+    
+    // parse command-line arguments
+    if (!parse_arguments(argc, argv)) {
+        fprintf(stderr, "Failed to parse arguments\n");
+        print_help(argv[0]);
+        goto fail0;
+    }
+    
+    options.fd = fd;
+    options.mtu = mtu;
+    // handle --help and --version
+    if (options.help) {
+        print_version();
+        print_help(argv[0]);
+        return 0;
+    }
+    if (options.version) {
+        print_version();
+        return 0;
+    }
+    
+    // initialize logger
+    switch (options.logger) {
+        case LOGGER_STDOUT:
+            BLog_InitStdout();
+            break;
+        #ifndef BADVPN_USE_WINAPI
+        case LOGGER_SYSLOG:
+            if (!BLog_InitSyslog(options.logger_syslog_ident, options.logger_syslog_facility)) {
+                fprintf(stderr, "Failed to initialize syslog logger\n");
+                goto fail0;
+            }
+            break;
+        #endif
+        default:
+            ASSERT(0);
+    }
+    
+    // configure logger channels
+    for (int i = 0; i < BLOG_NUM_CHANNELS; i++) {
+        if (options.loglevels[i] >= 0) {
+            BLog_SetChannelLoglevel(i, options.loglevels[i]);
+        }
+        else if (options.loglevel >= 0) {
+            BLog_SetChannelLoglevel(i, options.loglevel);
+        }
+    }
+    
+    BLog(BLOG_NOTICE, "initializing "GLOBAL_PRODUCT_NAME" "PROGRAM_NAME" "GLOBAL_VERSION);
+    
+    // clear password contents pointer
+    password_file_contents = NULL;
+    
+    // initialize network
+    if (!BNetwork_GlobalInit()) {
+        BLog(BLOG_ERROR, "BNetwork_GlobalInit failed");
+        goto fail1;
+    }
+    
+    // process arguments
+    if (!process_arguments()) {
+        BLog(BLOG_ERROR, "Failed to process arguments");
+        goto fail1;
+    }
+    
+    // init time
+    BTime_Init();
+    
+    // init reactor
+    if (!BReactor_Init(&ss)) {
+        BLog(BLOG_ERROR, "BReactor_Init failed");
+        goto fail1;
+    }
+    
+    // set not quitting
+    quitting = 0;
+    
+//    // setup signal handler
+//    if (!BSignal_Init(&ss, signal_handler, NULL)) {
+//        BLog(BLOG_ERROR, "BSignal_Init failed");
+//        goto fail2;
+//    }
+    
+    struct BTap_init_data init_data;
+    init_data.dev_type = BTAP_DEV_TUN ;
+    init_data.init_type = BTAP_INIT_FD;
+    init_data.init.fd.fd = fd;
+    init_data.init.fd.mtu = mtu;
+    
+    if (!BTap_Init2(&device, &ss, init_data, device_error_handler, NULL)) {
+    // init TUN device
+//    if (!BTap_Init(&device, &ss, options.fd, options.mtu, device_error_handler, NULL, 1)) {
+        BLog(BLOG_ERROR, "BTap_Init failed");
+        goto fail2;
+    }
+    
+    // NOTE: the order of the following is important:
+    // first device writing must evaluate,
+    // then lwip (so it can send packets to the device),
+    // then device reading (so it can pass received packets to lwip).
+    
+    // init device reading
+    PacketPassInterface_Init(&device_read_interface, BTap_GetMTU(&device), device_read_handler_send, NULL, BReactor_PendingGroup(&ss));
+    if (!SinglePacketBuffer_Init(&device_read_buffer, BTap_GetOutput(&device), &device_read_interface, BReactor_PendingGroup(&ss))) {
+        BLog(BLOG_ERROR, "SinglePacketBuffer_Init failed");
+        goto fail4;
+    }
+    
+    if (options.udpgw_remote_server_addr) {
+        // compute maximum UDP payload size we need to pass through udpgw
+        udp_mtu = BTap_GetMTU(&device) - (int)(sizeof(struct ipv4_header) + sizeof(struct udp_header));
+        if (options.netif_ip6addr) {
+            int udp_ip6_mtu = BTap_GetMTU(&device) - (int)(sizeof(struct ipv6_header) + sizeof(struct udp_header));
+            if (udp_mtu < udp_ip6_mtu) {
+                udp_mtu = udp_ip6_mtu;
+            }
+        }
+        if (udp_mtu < 0) {
+            udp_mtu = 0;
+        }
+        
+        // make sure our UDP payloads aren't too large for udpgw
+        int udpgw_mtu = udpgw_compute_mtu(udp_mtu);
+        if (udpgw_mtu < 0 || udpgw_mtu > PACKETPROTO_MAXPAYLOAD) {
+            BLog(BLOG_ERROR, "device MTU is too large for UDP");
+            goto fail4a;
+        }
+        
+        // init udpgw client
+        if (!SocksUdpGwClient_Init(&udpgw_client, udp_mtu, DEFAULT_UDPGW_MAX_CONNECTIONS, options.udpgw_connection_buffer_size, UDPGW_KEEPALIVE_TIME, socks_server_addr, socks_auth_info, socks_num_auth_info, udpgw_remote_server_addr, UDPGW_RECONNECT_TIME, &ss, NULL, udpgw_client_handler_received)) {
+            BLog(BLOG_ERROR, "SocksUdpGwClient_Init failed");
+            goto fail4a;
+        }
+    }
+    
+    // init lwip init job
+    BPending_Init(&lwip_init_job, BReactor_PendingGroup(&ss), lwip_init_job_hadler, NULL);
+    BPending_Set(&lwip_init_job);
+    
+    // init device write buffer
+    if (!(device_write_buf = (uint8_t *)BAlloc(BTap_GetMTU(&device)))) {
+        BLog(BLOG_ERROR, "BAlloc failed");
+        goto fail5;
+    }
+    
+    // init TCP timer
+    // it won't trigger before lwip is initialized, becuase the lwip init is a job
+    BTimer_Init(&tcp_timer, TCP_TMR_INTERVAL, tcp_timer_handler, NULL);
+    BReactor_SetTimer(&ss, &tcp_timer);
+    
+    // set no netif
+    have_netif = 0;
+    
+    // set no listener
+    listener = NULL;
+    listener_ip6 = NULL;
+    
+    // init clients list
+    LinkedList1_Init(&tcp_clients);
+    
+    // init number of clients
+    num_clients = 0;
+    
+    // enter event loop
+    BLog(BLOG_NOTICE, "entering event loop");
+    BReactor_Exec(&ss);
+    
+    // free clients
+    LinkedList1Node *node;
+    while ((node = LinkedList1_GetFirst(&tcp_clients)) != NULL) {
+        struct tcp_client *client = UPPER_OBJECT(node, struct tcp_client, list_node);
+        client_murder(client);
+    }
+    
+    // free listener
+    if (listener_ip6) {
+        tcp_close(listener_ip6);
+    }
+    if (listener) {
+        tcp_close(listener);
+    }
+    
+    // free netif
+    if (have_netif) {
+        netif_remove(&the_netif);
+    }
+    
+    BReactor_RemoveTimer(&ss, &tcp_timer);
+    BFree(device_write_buf);
+fail5:
+    BPending_Free(&lwip_init_job);
+    if (options.udpgw_remote_server_addr) {
+        SocksUdpGwClient_Free(&udpgw_client);
+    }
+fail4a:
+    SinglePacketBuffer_Free(&device_read_buffer);
+fail4:
+    PacketPassInterface_Free(&device_read_interface);
+    BTap_Free(&device);
+//fail3:
+//    BSignal_Finish();
+fail2:
+    BReactor_Free(&ss);
+fail1:
+    BFree(password_file_contents);
+    BLog(BLOG_NOTICE, "exiting");
+    BLog_Free();
+fail0:
+    DebugObjectGlobal_Finish();
+    
+    return 1;
+}
+
+void stop_tun2socks() {
+    terminate();
+}
+
+void terminate (void)
+{
+    ASSERT(!quitting)
+    
+    BLog(BLOG_NOTICE, "tearing down");
+    
+    // set quitting
+    quitting = 1;
+    
+    // exit event loop
+    BReactor_Quit(&ss, 1);
+}
+
+void print_help (const char *name)
+{
+    printf(
+        "Usage:\n"
+        "    %s\n"
+        "        [--help]\n"
+        "        [--version]\n"
+        "        [--logger <"LOGGERS_STRING">]\n"
+        #ifndef BADVPN_USE_WINAPI
+        "        (logger=syslog?\n"
+        "            [--syslog-facility <string>]\n"
+        "            [--syslog-ident <string>]\n"
+        "        )\n"
+        #endif
+        "        [--loglevel <0-5/none/error/warning/notice/info/debug>]\n"
+        "        [--channel-loglevel <channel-name> <0-5/none/error/warning/notice/info/debug>] ...\n"
+        "        [--tundev <name>]\n"
+        "        --netif-ipaddr <ipaddr>\n"
+        "        --netif-netmask <ipnetmask>\n"
+        "        --socks-server-addr <addr>\n"
+        "        [--netif-ip6addr <addr>]\n"
+        "        [--username <username>]\n"
+        "        [--password <password>]\n"
+        "        [--password-file <file>]\n"
+        "        [--append-source-to-username]\n"
+#ifdef BADVPN_SOCKS_UDP_RELAY
+        "        [--enable-udprelay]\n"
+        "        [--udprelay-max-connections <number>]\n"
+#else
+        "        [--udpgw-remote-server-addr <addr>]\n"
+        "        [--udpgw-max-connections <number>]\n"
+        "        [--udpgw-connection-buffer-size <number>]\n"
+        "        [--udpgw-transparent-dns]\n"
+#endif
+        "Address format is a.b.c.d:port (IPv4) or [addr]:port (IPv6).\n",
+        name
+    );
+}
+
+void print_version (void)
+{
+    printf(GLOBAL_PRODUCT_NAME" "PROGRAM_NAME" "GLOBAL_VERSION"\n"GLOBAL_COPYRIGHT_NOTICE"\n");
+}
+
+int parse_arguments (int argc, char *argv[])
+{
+    if (argc <= 0) {
+        return 0;
+    }
+    
+    options.help = 0;
+    options.version = 0;
+    options.logger = LOGGER_STDOUT;
+    #ifndef BADVPN_USE_WINAPI
+    options.logger_syslog_facility = "daemon";
+    options.logger_syslog_ident = argv[0];
+    #endif
+    options.loglevel = -1;
+    for (int i = 0; i < BLOG_NUM_CHANNELS; i++) {
+        options.loglevels[i] = -1;
+    }
+    options.fd = 0;
+    options.mtu = 4096;
+    options.netif_ipaddr = NULL;
+    options.netif_netmask = NULL;
+    options.netif_ip6addr = NULL;
+    options.socks_server_addr = NULL;
+    options.username = NULL;
+    options.password = NULL;
+    options.password_file = NULL;
+    options.append_source_to_username = 0;
+    options.udpgw_remote_server_addr = NULL;
+    options.udpgw_max_connections = DEFAULT_UDPGW_MAX_CONNECTIONS;
+    options.udpgw_connection_buffer_size = DEFAULT_UDPGW_CONNECTION_BUFFER_SIZE;
+    options.udpgw_transparent_dns = 0;
+    
+    int i;
+    for (i = 1; i < argc; i++) {
+        char *arg = argv[i];
+        if (!strcmp(arg, "--help")) {
+            options.help = 1;
+        }
+        else if (!strcmp(arg, "--version")) {
+            options.version = 1;
+        }
+        else if (!strcmp(arg, "--logger")) {
+            if (1 >= argc - i) {
+                fprintf(stderr, "%s: requires an argument\n", arg);
+                return 0;
+            }
+            char *arg2 = argv[i + 1];
+            if (!strcmp(arg2, "stdout")) {
+                options.logger = LOGGER_STDOUT;
+            }
+            #ifndef BADVPN_USE_WINAPI
+            else if (!strcmp(arg2, "syslog")) {
+                options.logger = LOGGER_SYSLOG;
+            }
+            #endif
+            else {
+                fprintf(stderr, "%s: wrong argument\n", arg);
+                return 0;
+            }
+            i++;
+        }
+        #ifndef BADVPN_USE_WINAPI
+        else if (!strcmp(arg, "--syslog-facility")) {
+            if (1 >= argc - i) {
+                fprintf(stderr, "%s: requires an argument\n", arg);
+                return 0;
+            }
+            options.logger_syslog_facility = argv[i + 1];
+            i++;
+        }
+        else if (!strcmp(arg, "--syslog-ident")) {
+            if (1 >= argc - i) {
+                fprintf(stderr, "%s: requires an argument\n", arg);
+                return 0;
+            }
+            options.logger_syslog_ident = argv[i + 1];
+            i++;
+        }
+        #endif
+        else if (!strcmp(arg, "--loglevel")) {
+            if (1 >= argc - i) {
+                fprintf(stderr, "%s: requires an argument\n", arg);
+                return 0;
+            }
+            if ((options.loglevel = parse_loglevel(argv[i + 1])) < 0) {
+                fprintf(stderr, "%s: wrong argument\n", arg);
+                return 0;
+            }
+            i++;
+        }
+        else if (!strcmp(arg, "--channel-loglevel")) {
+            if (2 >= argc - i) {
+                fprintf(stderr, "%s: requires two arguments\n", arg);
+                return 0;
+            }
+            int channel = BLogGlobal_GetChannelByName(argv[i + 1]);
+            if (channel < 0) {
+                fprintf(stderr, "%s: wrong channel argument\n", arg);
+                return 0;
+            }
+            int loglevel = parse_loglevel(argv[i + 2]);
+            if (loglevel < 0) {
+                fprintf(stderr, "%s: wrong loglevel argument\n", arg);
+                return 0;
+            }
+            options.loglevels[channel] = loglevel;
+            i += 2;
+        }
+        else if (!strcmp(arg, "--netif-ipaddr")) {
+            if (1 >= argc - i) {
+                fprintf(stderr, "%s: requires an argument\n", arg);
+                return 0;
+            }
+            options.netif_ipaddr = argv[i + 1];
+            i++;
+        }
+        else if (!strcmp(arg, "--netif-netmask")) {
+            if (1 >= argc - i) {
+                fprintf(stderr, "%s: requires an argument\n", arg);
+                return 0;
+            }
+            options.netif_netmask = argv[i + 1];
+            i++;
+        }
+        else if (!strcmp(arg, "--netif-ip6addr")) {
+            if (1 >= argc - i) {
+                fprintf(stderr, "%s: requires an argument\n", arg);
+                return 0;
+            }
+            options.netif_ip6addr = argv[i + 1];
+            i++;
+        }
+        else if (!strcmp(arg, "--socks-server-addr")) {
+            if (1 >= argc - i) {
+                fprintf(stderr, "%s: requires an argument\n", arg);
+                return 0;
+            }
+            options.socks_server_addr = argv[i + 1];
+            i++;
+        }
+        else if (!strcmp(arg, "--username")) {
+            if (1 >= argc - i) {
+                fprintf(stderr, "%s: requires an argument\n", arg);
+                return 0;
+            }
+            options.username = argv[i + 1];
+            i++;
+        }
+        else if (!strcmp(arg, "--password")) {
+            if (1 >= argc - i) {
+                fprintf(stderr, "%s: requires an argument\n", arg);
+                return 0;
+            }
+            options.password = argv[i + 1];
+            i++;
+        }
+        else if (!strcmp(arg, "--password-file")) {
+            if (1 >= argc - i) {
+                fprintf(stderr, "%s: requires an argument\n", arg);
+                return 0;
+            }
+            options.password_file = argv[i + 1];
+            i++;
+        }
+        else if (!strcmp(arg, "--append-source-to-username")) {
+            options.append_source_to_username = 1;
+        }
+#ifdef BADVPN_SOCKS_UDP_RELAY
+        else if (!strcmp(arg, "--udpgw-remote-server-addr")) {
+//            options.udpgw_remote_server_addr = "0.0.0.0:0";
+            if (1 >= argc - i) {
+                fprintf(stderr, "%s: requires an argument\n", arg);
+                return 0;
+            }
+            options.udpgw_remote_server_addr = argv[i + 1];
+            i++;
+#else
+        else if (!strcmp(arg, "--udpgw-remote-server-addr")) {
+            if (1 >= argc - i) {
+                fprintf(stderr, "%s: requires an argument\n", arg);
+                return 0;
+            }
+            options.udpgw_remote_server_addr = argv[i + 1];
+            i++;
+#endif
+        }
+#ifdef BADVPN_SOCKS_UDP_RELAY
+        else if (!strcmp(arg, "--udprelay-max-connections")) {
+#else
+        else if (!strcmp(arg, "--udpgw-max-connections")) {
+#endif
+            if (1 >= argc - i) {
+                fprintf(stderr, "%s: requires an argument\n", arg);
+                return 0;
+            }
+            if ((options.udpgw_max_connections = atoi(argv[i + 1])) <= 0) {
+                fprintf(stderr, "%s: wrong argument\n", arg);
+                return 0;
+            }
+            i++;
+        }
+#ifndef BADVPN_SOCKS_UDP_RELAY
+        else if (!strcmp(arg, "--udpgw-connection-buffer-size")) {
+            if (1 >= argc - i) {
+                fprintf(stderr, "%s: requires an argument\n", arg);
+                return 0;
+            }
+            if ((options.udpgw_connection_buffer_size = atoi(argv[i + 1])) <= 0) {
+                fprintf(stderr, "%s: wrong argument\n", arg);
+                return 0;
+            }
+            i++;
+        }
+        else if (!strcmp(arg, "--udpgw-transparent-dns")) {
+            options.udpgw_transparent_dns = 1;
+        }
+#endif
+        else {
+            fprintf(stderr, "unknown option: %s\n", arg);
+            return 0;
+        }
+    }
+    
+    if (options.help || options.version) {
+        return 1;
+    }
+    
+    if (!options.netif_ipaddr) {
+        fprintf(stderr, "--netif-ipaddr is required\n");
+        return 0;
+    }
+    
+    if (!options.netif_netmask) {
+        fprintf(stderr, "--netif-netmask is required\n");
+        return 0;
+    }
+    
+    if (!options.socks_server_addr) {
+        fprintf(stderr, "--socks-server-addr is required\n");
+        return 0;
+    }
+    
+    if (options.username) {
+        if (!options.password && !options.password_file) {
+            fprintf(stderr, "username given but password not given\n");
+            return 0;
+        }
+        
+        if (options.password && options.password_file) {
+            fprintf(stderr, "--password and --password-file cannot both be given\n");
+            return 0;
+        }
+    }
+    
+    return 1;
+}
+
+int process_arguments (void)
+{
+    ASSERT(!password_file_contents)
+    
+    // resolve netif ipaddr
+    if (!BIPAddr_Resolve(&netif_ipaddr, options.netif_ipaddr, 0)) {
+        BLog(BLOG_ERROR, "netif ipaddr: BIPAddr_Resolve failed");
+        return 0;
+    }
+    if (netif_ipaddr.type != BADDR_TYPE_IPV4) {
+        BLog(BLOG_ERROR, "netif ipaddr: must be an IPv4 address");
+        return 0;
+    }
+    
+    // resolve netif netmask
+    if (!BIPAddr_Resolve(&netif_netmask, options.netif_netmask, 0)) {
+        BLog(BLOG_ERROR, "netif netmask: BIPAddr_Resolve failed");
+        return 0;
+    }
+    if (netif_netmask.type != BADDR_TYPE_IPV4) {
+        BLog(BLOG_ERROR, "netif netmask: must be an IPv4 address");
+        return 0;
+    }
+    
+    // parse IP6 address
+    if (options.netif_ip6addr) {
+        if (!ipaddr6_parse_ipv6_addr(MemRef_MakeCstr(options.netif_ip6addr), &netif_ip6addr)) {
+            BLog(BLOG_ERROR, "netif ip6addr: incorrect");
+            return 0;
+        }
+    }
+    
+    // resolve SOCKS server address
+    if (!BAddr_Parse2(&socks_server_addr, options.socks_server_addr, NULL, 0, 0)) {
+        BLog(BLOG_ERROR, "socks server addr: BAddr_Parse2 failed");
+        return 0;
+    }
+    
+    // add none socks authentication method
+    socks_auth_info[0] = BSocksClient_auth_none();
+    socks_num_auth_info = 1;
+    
+    // add password socks authentication method
+    if (options.username) {
+        const char *password;
+        size_t password_len;
+        if (options.password) {
+            password = options.password;
+            password_len = strlen(options.password);
+        } else {
+            if (!read_file(options.password_file, &password_file_contents, &password_len)) {
+                BLog(BLOG_ERROR, "failed to read password file");
+                return 0;
+            }
+            password = (char *)password_file_contents;
+        }
+        
+        socks_auth_info[socks_num_auth_info++] = BSocksClient_auth_password(
+            options.username, strlen(options.username),
+            password, password_len
+        );
+    }
+    
+    // resolve remote udpgw server address
+    if (options.udpgw_remote_server_addr) {
+        if (!BAddr_Parse2(&udpgw_remote_server_addr, options.udpgw_remote_server_addr, NULL, 0, 0)) {
+#ifdef BADVPN_SOCKS_UDP_RELAY
+            BLog(BLOG_ERROR, "udprelay server addr: BAddr_Parse2 failed");
+#else
+            BLog(BLOG_ERROR, "remote udpgw server addr: BAddr_Parse2 failed");
+#endif
+            return 0;
+        }
+    }
+    
+    return 1;
+}
+
+void signal_handler (void *unused)
+{
+    ASSERT(!quitting)
+    
+    BLog(BLOG_NOTICE, "termination requested");
+    
+    terminate();
+}
+
+BAddr baddr_from_lwip (int is_ipv6, const ipX_addr_t *ipx_addr, uint16_t port_hostorder)
+{
+    BAddr addr;
+//    if (is_ipv6) {
+//        BAddr_InitIPv6(&addr, (uint8_t *)ipx_addr->ip6.addr, hton16(port_hostorder));
+//    } else {
+        BAddr_InitIPv4(&addr, ipx_addr->addr, hton16(port_hostorder));
+//    }
+    return addr;
+}
+
+void lwip_init_job_hadler (void *unused)
+{
+    ASSERT(!quitting)
+    ASSERT(netif_ipaddr.type == BADDR_TYPE_IPV4)
+    ASSERT(netif_netmask.type == BADDR_TYPE_IPV4)
+    ASSERT(!have_netif)
+    ASSERT(!listener)
+    ASSERT(!listener_ip6)
+    
+    BLog(BLOG_DEBUG, "lwip init");
+    
+    // NOTE: the device may fail during this, but there's no harm in not checking
+    // for that at every step
+    
+    // init lwip
+    lwip_init();
+    
+    // make addresses for netif
+    ip_addr_t addr;
+    addr.addr = netif_ipaddr.ipv4;
+    ip_addr_t netmask;
+    netmask.addr = netif_netmask.ipv4;
+    ip_addr_t gw;
+    ip_addr_set_any(&gw);
+    
+    // init netif
+    if (!netif_add(&the_netif, &addr, &netmask, &gw, NULL, netif_init_func, netif_input_func)) {
+        BLog(BLOG_ERROR, "netif_add failed");
+        goto fail;
+    }
+    have_netif = 1;
+    
+    // set netif up
+    netif_set_up(&the_netif);
+    
+    // set netif pretend TCP
+    netif_set_pretend_tcp(&the_netif, 1);
+    
+    // set netif default
+    netif_set_default(&the_netif);
+    
+//    if (options.netif_ip6addr) {
+//        // add IPv6 address
+//        memcpy(netif_ip6_addr(&the_netif, 0), netif_ip6addr.bytes, sizeof(netif_ip6addr.bytes));
+//        netif_ip6_addr_set_state(&the_netif, 0, IP6_ADDR_VALID);
+//    }
+    
+    // init listener
+    struct tcp_pcb *l = tcp_new();
+    if (!l) {
+        BLog(BLOG_ERROR, "tcp_new failed");
+        goto fail;
+    }
+    
+    // bind listener
+    if (tcp_bind_to_netif(l, "ho0") != ERR_OK) {
+        BLog(BLOG_ERROR, "tcp_bind_to_netif failed");
+        tcp_close(l);
+        goto fail;
+    }
+    
+    // listen listener
+    if (!(listener = tcp_listen(l))) {
+        BLog(BLOG_ERROR, "tcp_listen failed");
+        tcp_close(l);
+        goto fail;
+    }
+    
+    // setup listener accept handler
+    tcp_accept(listener, listener_accept_func);
+    
+//    if (options.netif_ip6addr) {
+//        struct tcp_pcb *l_ip6 = tcp_new_ip6();
+//        if (!l_ip6) {
+//            BLog(BLOG_ERROR, "tcp_new_ip6 failed");
+//            goto fail;
+//        }
+//        
+//        if (tcp_bind_to_netif(l_ip6, "ho0") != ERR_OK) {
+//            BLog(BLOG_ERROR, "tcp_bind_to_netif failed");
+//            tcp_close(l_ip6);
+//            goto fail;
+//        }
+//        
+//        if (!(listener_ip6 = tcp_listen(l_ip6))) {
+//            BLog(BLOG_ERROR, "tcp_listen failed");
+//            tcp_close(l_ip6);
+//            goto fail;
+//        }
+//        
+//        tcp_accept(listener_ip6, listener_accept_func);
+//    }
+    
+    return;
+    
+fail:
+    if (!quitting) {
+        terminate();
+    }
+}
+
+void tcp_timer_handler (void *unused)
+{
+    ASSERT(!quitting)
+    
+//    BLog(BLOG_DEBUG, "TCP timer");
+    
+    // schedule next timer
+    // TODO: calculate timeout so we don't drift
+    BReactor_SetTimer(&ss, &tcp_timer);
+    
+    tcp_tmr();
+    return;
+}
+
+void device_error_handler (void *unused)
+{
+    ASSERT(!quitting)
+    
+    BLog(BLOG_ERROR, "device error");
+    
+    terminate();
+    return;
+}
+
+void device_read_handler_send (void *unused, uint8_t *data, int data_len)
+{
+    ASSERT(!quitting)
+    ASSERT(data_len >= 0)
+    
+    BLog(BLOG_DEBUG, "device: received packet");
+    
+    // accept packet
+    PacketPassInterface_Done(&device_read_interface);
+    
+    // process UDP directly
+    if (process_device_udp_packet(data, data_len)) {
+        return;
+    }
+    
+    // obtain pbuf
+    if (data_len > UINT16_MAX) {
+        BLog(BLOG_WARNING, "device read: packet too large");
+        return;
+    }
+    struct pbuf *p = pbuf_alloc(PBUF_RAW, data_len, PBUF_POOL);
+    if (!p) {
+        BLog(BLOG_WARNING, "device read: pbuf_alloc failed");
+        return;
+    }
+    
+    // write packet to pbuf
+    ASSERT_FORCE(pbuf_take(p, data, data_len) == ERR_OK)
+    
+    // pass pbuf to input
+    if (the_netif.input(p, &the_netif) != ERR_OK) {
+        BLog(BLOG_WARNING, "device read: input failed");
+        pbuf_free(p);
+    }
+}
+
+int process_device_udp_packet (uint8_t *data, int data_len)
+{
+    ASSERT(data_len >= 0)
+    
+    // do nothing if we don't have udpgw
+//    if (!options.udpgw_remote_server_addr) {
+//        goto fail;
+//    }
+    
+    BAddr local_addr;
+    BAddr remote_addr;
+    int is_dns = 0;
+    
+    uint8_t ip_version = 0;
+    if (data_len > 0) {
+        ip_version = (data[0] >> 4);
+    }
+    
+    switch (ip_version) {
+        case 4: {
+            // ignore non-UDP packets
+            if (data_len < sizeof(struct ipv4_header) || data[offsetof(struct ipv4_header, protocol)] != IPV4_PROTOCOL_UDP) {
+                goto fail;
+            }
+            
+            // parse IPv4 header
+            struct ipv4_header ipv4_header;
+            if (!ipv4_check(data, data_len, &ipv4_header, &data, &data_len)) {
+                goto fail;
+            }
+            
+            // parse UDP
+            struct udp_header udp_header;
+            if (!udp_check(data, data_len, &udp_header, &data, &data_len)) {
+                goto fail;
+            }
+            
+            // verify UDP checksum
+            uint16_t checksum_in_packet = udp_header.checksum;
+            udp_header.checksum = 0;
+            uint16_t checksum_computed = udp_checksum(&udp_header, data, data_len, ipv4_header.source_address, ipv4_header.destination_address);
+            if (checksum_in_packet != checksum_computed) {
+                goto fail;
+            }
+            
+            BLog(BLOG_INFO, "UDP: from device %d bytes", data_len);
+            
+            // construct addresses
+            BAddr_InitIPv4(&local_addr, ipv4_header.source_address, udp_header.source_port);
+            BAddr_InitIPv4(&remote_addr, ipv4_header.destination_address, udp_header.dest_port);
+            
+            // if transparent DNS is enabled, any packet arriving at out netif
+            // address to port 53 is considered a DNS packet
+//            is_dns = (options.udpgw_transparent_dns &&
+//                      ipv4_header.destination_address == netif_ipaddr.ipv4 &&
+//                      udp_header.dest_port == hton16(53));
+//            is_dns = 0;
+        } break;
+        
+        case 6: {
+            // ignore if IPv6 support is disabled
+            if (!options.netif_ip6addr) {
+                goto fail;
+            }
+            
+            // ignore non-UDP packets
+            if (data_len < sizeof(struct ipv6_header) || data[offsetof(struct ipv6_header, next_header)] != IPV6_NEXT_UDP) {
+                goto fail;
+            }
+            
+            // parse IPv6 header
+            struct ipv6_header ipv6_header;
+            if (!ipv6_check(data, data_len, &ipv6_header, &data, &data_len)) {
+                goto fail;
+            }
+            
+            // parse UDP
+            struct udp_header udp_header;
+            if (!udp_check(data, data_len, &udp_header, &data, &data_len)) {
+                goto fail;
+            }
+            
+            // verify UDP checksum
+            uint16_t checksum_in_packet = udp_header.checksum;
+            udp_header.checksum = 0;
+            uint16_t checksum_computed = udp_ip6_checksum(&udp_header, data, data_len, ipv6_header.source_address, ipv6_header.destination_address);
+            if (checksum_in_packet != checksum_computed) {
+                goto fail;
+            }
+            
+            BLog(BLOG_INFO, "UDP/IPv6: from device %d bytes", data_len);
+            
+            // construct addresses
+            BAddr_InitIPv6(&local_addr, ipv6_header.source_address, udp_header.source_port);
+            BAddr_InitIPv6(&remote_addr, ipv6_header.destination_address, udp_header.dest_port);
+            
+            // TODO dns
+            is_dns = 0;
+        } break;
+        
+        default: {
+            goto fail;
+        } break;
+    }
+    
+    // check payload length
+    if (data_len > udp_mtu) {
+#ifdef BADVPN_SOCKS_UDP_RELAY
+        BLog(BLOG_ERROR, "packet is too large, cannot send to udprelay");
+#else
+        BLog(BLOG_ERROR, "packet is too large, cannot send to udpgw");
+#endif
+        goto fail;
+    }
+    
+    // submit packet to udpgw
+    SocksUdpGwClient_SubmitPacket(&udpgw_client, local_addr, remote_addr, is_dns, data, data_len);
+    
+    return 1;
+    
+fail:
+    return 0;
+}
+
+err_t netif_init_func (struct netif *netif)
+{
+    BLog(BLOG_DEBUG, "netif func init");
+    
+    netif->name[0] = 'h';
+    netif->name[1] = 'o';
+    netif->output = netif_output_func;
+//    netif->output_ip6 = netif_output_ip6_func;
+    netif->mtu = options.mtu;
+    
+    return ERR_OK;
+}
+
+err_t netif_output_func (struct netif *netif, struct pbuf *p, ip_addr_t *ipaddr)
+{
+    return common_netif_output(netif, p);
+}
+
+//err_t netif_output_ip6_func (struct netif *netif, struct pbuf *p, ip6_addr_t *ipaddr)
+//{
+//    return common_netif_output(netif, p);
+//}
+
+err_t common_netif_output (struct netif *netif, struct pbuf *p)
+{
+    SYNC_DECL
+    
+    BLog(BLOG_DEBUG, "device write: send packet");
+    
+    if (quitting) {
+        return ERR_OK;
+    }
+    
+    // if there is just one chunk, send it directly, else via buffer
+    if (!p->next) {
+        if (p->len > BTap_GetMTU(&device)) {
+            BLog(BLOG_WARNING, "netif func output: no space left");
+            goto out;
+        }
+        
+        SYNC_FROMHERE
+        BTap_Send(&device, (uint8_t *)p->payload, p->len);
+        SYNC_COMMIT
+    } else {
+        int len = 0;
+        do {
+            if (p->len > BTap_GetMTU(&device) - len) {
+                BLog(BLOG_WARNING, "netif func output: no space left");
+                goto out;
+            }
+            memcpy(device_write_buf + len, p->payload, p->len);
+            len += p->len;
+        } while ((p = p->next) != NULL);
+        
+        SYNC_FROMHERE
+        BTap_Send(&device, device_write_buf, len);
+        SYNC_COMMIT
+    }
+    
+out:
+    return ERR_OK;
+}
+
+err_t netif_input_func (struct pbuf *p, struct netif *inp)
+{
+    uint8_t ip_version = 0;
+    if (p->len > 0) {
+        ip_version = (((uint8_t *)p->payload)[0] >> 4);
+    }
+    
+    switch (ip_version) {
+        case 4: {
+            return ip_input(p, inp);
+        } break;
+        case 6: {
+//            if (options.netif_ip6addr) {
+//                return ip6_input(p, inp);
+//            }
+        } break;
+    }
+    
+    pbuf_free(p);
+    return ERR_OK;
+}
+
+void client_logfunc (struct tcp_client *client)
+{
+    char local_addr_s[BADDR_MAX_PRINT_LEN];
+    BAddr_Print(&client->local_addr, local_addr_s);
+    char remote_addr_s[BADDR_MAX_PRINT_LEN];
+    BAddr_Print(&client->remote_addr, remote_addr_s);
+    
+    BLog_Append("%05d (%s %s): ", num_clients, local_addr_s, remote_addr_s);
+}
+
+void client_log (struct tcp_client *client, int level, const char *fmt, ...)
+{
+    va_list vl;
+    va_start(vl, fmt);
+    BLog_LogViaFuncVarArg((BLog_logfunc)client_logfunc, client, BLOG_CURRENT_CHANNEL, level, fmt, vl);
+    va_end(vl);
+}
+
+err_t listener_accept_func (void *arg, struct tcp_pcb *newpcb, err_t err)
+{
+    ASSERT(err == ERR_OK)
+    
+    // signal accepted
+    struct tcp_pcb *this_listener = (PCB_ISIPV6(newpcb) ? listener_ip6 : listener);
+    tcp_accepted(this_listener);
+    
+    // allocate client structure
+    struct tcp_client *client = (struct tcp_client *)malloc(sizeof(*client));
+    if (!client) {
+        BLog(BLOG_ERROR, "listener accept: malloc failed");
+        goto fail0;
+    }
+    client->socks_username = NULL;
+    
+    SYNC_DECL
+    SYNC_FROMHERE
+    
+    // read addresses
+    client->local_addr = baddr_from_lwip(PCB_ISIPV6(newpcb), &newpcb->local_ip, newpcb->local_port);
+    client->remote_addr = baddr_from_lwip(PCB_ISIPV6(newpcb), &newpcb->remote_ip, newpcb->remote_port);
+    
+    // get destination address
+    BAddr addr = client->local_addr;
+#ifdef OVERRIDE_DEST_ADDR
+    ASSERT_FORCE(BAddr_Parse2(&addr, OVERRIDE_DEST_ADDR, NULL, 0, 1))
+#endif
+    
+    // add source address to username if requested
+    if (options.username && options.append_source_to_username) {
+        char addr_str[BADDR_MAX_PRINT_LEN];
+        BAddr_Print(&client->remote_addr, addr_str);
+        client->socks_username = concat_strings(3, options.username, "@", addr_str);
+        if (!client->socks_username) {
+            goto fail1;
+        }
+        socks_auth_info[1].password.username = client->socks_username;
+        socks_auth_info[1].password.username_len = strlen(client->socks_username);
+    }
+    
+    // init SOCKS
+    if (!BSocksClient_Init(&client->socks_client, socks_server_addr, socks_auth_info, socks_num_auth_info,
+                           addr, (BSocksClient_handler)client_socks_handler, client, &ss)) {
+        BLog(BLOG_ERROR, "listener accept: BSocksClient_Init failed");
+        goto fail1;
+    }
+    
+    // init dead vars
+    DEAD_INIT(client->dead);
+    DEAD_INIT(client->dead_client);
+    
+    // add to linked list
+    LinkedList1_Append(&tcp_clients, &client->list_node);
+    
+    // increment counter
+    ASSERT(num_clients >= 0)
+    num_clients++;
+    
+    // set pcb
+    client->pcb = newpcb;
+    
+    // set client not closed
+    client->client_closed = 0;
+    
+    // setup handler argument
+    tcp_arg(client->pcb, client);
+    
+    // setup handlers
+    tcp_err(client->pcb, client_err_func);
+    tcp_recv(client->pcb, client_recv_func);
+    
+    // setup buffer
+    client->buf_used = 0;
+    
+    // set SOCKS not up, not closed
+    client->socks_up = 0;
+    client->socks_closed = 0;
+    
+    client_log(client, BLOG_INFO, "accepted");
+    
+    DEAD_ENTER(client->dead_client)
+    SYNC_COMMIT
+    DEAD_LEAVE2(client->dead_client)
+    if (DEAD_KILLED) {
+        return ERR_ABRT;
+    }
+    
+    return ERR_OK;
+    
+fail1:
+    SYNC_BREAK
+    free(client->socks_username);
+    free(client);
+fail0:
+    return ERR_MEM;
+}
+
+void client_handle_freed_client (struct tcp_client *client)
+{
+    ASSERT(!client->client_closed)
+    
+    // pcb was taken care of by the caller
+    
+    // kill client dead var
+    DEAD_KILL(client->dead_client);
+    
+    // set client closed
+    client->client_closed = 1;
+    
+    // if we have data to be sent to SOCKS and can send it, keep sending
+    if (client->buf_used > 0 && !client->socks_closed) {
+        client_log(client, BLOG_INFO, "waiting untill buffered data is sent to SOCKS");
+    } else {
+        if (!client->socks_closed) {
+            client_free_socks(client);
+        } else {
+            client_dealloc(client);
+        }
+    }
+}
+
+void client_free_client (struct tcp_client *client)
+{
+    ASSERT(!client->client_closed)
+    
+    // remove callbacks
+    tcp_err(client->pcb, NULL);
+    tcp_recv(client->pcb, NULL);
+    tcp_sent(client->pcb, NULL);
+    
+    // free pcb
+    err_t err = tcp_close(client->pcb);
+    if (err != ERR_OK) {
+        client_log(client, BLOG_ERROR, "tcp_close failed (%d)", err);
+        tcp_abort(client->pcb);
+    }
+    
+    client_handle_freed_client(client);
+}
+
+void client_abort_client (struct tcp_client *client)
+{
+    ASSERT(!client->client_closed)
+    
+    // remove callbacks
+    tcp_err(client->pcb, NULL);
+    tcp_recv(client->pcb, NULL);
+    tcp_sent(client->pcb, NULL);
+    
+    // free pcb
+    tcp_abort(client->pcb);
+    
+    client_handle_freed_client(client);
+}
+
+void client_free_socks (struct tcp_client *client)
+{
+    ASSERT(!client->socks_closed)
+    
+    // stop sending to SOCKS
+    if (client->socks_up) {
+        // stop receiving from client
+        if (!client->client_closed) {
+            tcp_recv(client->pcb, NULL);
+        }
+    }
+    
+    // free SOCKS
+    BSocksClient_Free(&client->socks_client);
+    
+    // set SOCKS closed
+    client->socks_closed = 1;
+    
+    // if we have data to be sent to the client and we can send it, keep sending
+    if (client->socks_up && (client->socks_recv_buf_used >= 0 || client->socks_recv_tcp_pending > 0) && !client->client_closed) {
+        client_log(client, BLOG_INFO, "waiting until buffered data is sent to client");
+    } else {
+        if (!client->client_closed) {
+            client_free_client(client);
+        } else {
+            client_dealloc(client);
+        }
+    }
+}
+
+void client_murder (struct tcp_client *client)
+{
+    // free client
+    if (!client->client_closed) {
+        // remove callbacks
+        tcp_err(client->pcb, NULL);
+        tcp_recv(client->pcb, NULL);
+        tcp_sent(client->pcb, NULL);
+        
+        // abort
+        tcp_abort(client->pcb);
+        
+        // kill client dead var
+        DEAD_KILL(client->dead_client);
+        
+        // set client closed
+        client->client_closed = 1;
+    }
+    
+    // free SOCKS
+    if (!client->socks_closed) {
+        // free SOCKS
+        BSocksClient_Free(&client->socks_client);
+        
+        // set SOCKS closed
+        client->socks_closed = 1;
+    }
+    
+    // dealloc entry
+    client_dealloc(client);
+}
+
+void client_dealloc (struct tcp_client *client)
+{
+    ASSERT(client->client_closed)
+    ASSERT(client->socks_closed)
+    
+    // decrement counter
+    ASSERT(num_clients > 0)
+    num_clients--;
+    
+    // remove client entry
+    LinkedList1_Remove(&tcp_clients, &client->list_node);
+    
+    // kill dead var
+    DEAD_KILL(client->dead);
+    
+    // free memory
+    free(client->socks_username);
+    free(client);
+}
+
+void client_err_func (void *arg, err_t err)
+{
+    struct tcp_client *client = (struct tcp_client *)arg;
+    ASSERT(!client->client_closed)
+    
+    client_log(client, BLOG_INFO, "client_err_func client error (%d)", (int)err);
+    
+    // the pcb was taken care of by the caller
+    client_handle_freed_client(client);
+}
+
+err_t client_recv_func (void *arg, struct tcp_pcb *tpcb, struct pbuf *p, err_t err)
+{
+
+    struct tcp_client *client = (struct tcp_client *)arg;
+    client_log(client, BLOG_INFO, "client_recv_func client received (%d)", sizeof(client->buf));
+
+    ASSERT(!client->client_closed)
+    ASSERT(err == ERR_OK) // checked in lwIP source. Otherwise, I've no idea what should
+                          // be done with the pbuf in case of an error.
+    
+    if (!p) {
+        client_log(client, BLOG_INFO, "client closed");
+        client_free_client(client);
+        return ERR_ABRT;
+    }
+    
+    ASSERT(p->tot_len > 0)
+    
+    // check if we have enough buffer
+    if (p->tot_len > sizeof(client->buf) - client->buf_used) {
+        client_log(client, BLOG_ERROR, "no buffer for data !?!");
+        return ERR_MEM;
+    }
+    
+    // copy data to buffer
+    ASSERT_EXECUTE(pbuf_copy_partial(p, client->buf + client->buf_used, p->tot_len, 0) == p->tot_len)
+    client->buf_used += p->tot_len;
+    
+    // if there was nothing in the buffer before, and SOCKS is up, start send data
+    if (client->buf_used == p->tot_len && client->socks_up) {
+        ASSERT(!client->socks_closed) // this callback is removed when SOCKS is closed
+        
+        SYNC_DECL
+        SYNC_FROMHERE
+        client_send_to_socks(client);
+        DEAD_ENTER(client->dead_client)
+        SYNC_COMMIT
+        DEAD_LEAVE2(client->dead_client)
+        if (DEAD_KILLED) {
+            return ERR_ABRT;
+        }
+    }
+    
+    // free pbuff
+    pbuf_free(p);
+    
+    return ERR_OK;
+}
+
+void client_socks_handler (struct tcp_client *client, int event)
+{
+    ASSERT(!client->socks_closed)
+#if SOCKS_DATA_LOG_ENABLE
+    client_log(client, BLOG_DEBUG, "tun2socks client_socks_handler event: %d", event);
+#endif
+    switch (event) {
+        case BSOCKSCLIENT_EVENT_ERROR: {
+            client_log(client, BLOG_INFO, "SOCKS error");
+            
+            client_free_socks(client);
+        } break;
+        
+        case BSOCKSCLIENT_EVENT_UP: {
+            ASSERT(!client->socks_up)
+            
+            client_log(client, BLOG_INFO, "tun2socks SOCKS up");
+            
+            // init sending
+            client->socks_send_if = BSocksClient_GetSendInterface(&client->socks_client);
+            StreamPassInterface_Sender_Init(client->socks_send_if, (StreamPassInterface_handler_done)client_socks_send_handler_done, client);
+            client_log(client, BLOG_INFO, "tun2socks SOCKS init 0");
+            // init receiving
+            client->socks_recv_if = BSocksClient_GetRecvInterface(&client->socks_client);
+            StreamRecvInterface_Receiver_Init(client->socks_recv_if, (StreamRecvInterface_handler_done)client_socks_recv_handler_done, client);
+            client->socks_recv_buf_used = -1;
+            client->socks_recv_tcp_pending = 0;
+            client_log(client, BLOG_INFO, "tun2socks SOCKS init 1");
+            if (!client->client_closed) {
+                client_log(client, BLOG_INFO, "tun2socks SOCKS init 2");
+                tcp_sent(client->pcb, client_sent_func);
+            }
+            client_log(client, BLOG_INFO, "tun2socks SOCKS init 3");
+            // set up
+            client->socks_up = 1;
+            
+            // start sending data if there is any
+            if (client->buf_used > 0) {
+                client_log(client, BLOG_INFO, "tun2socks SOCKS init 4");
+//                client->buf_used = 0;
+                client_send_to_socks(client);
+            }
+            client_log(client, BLOG_INFO, "tun2socks SOCKS init 5");
+            // start receiving data if client is still up
+            if (!client->client_closed) {
+                client_log(client, BLOG_INFO, "tun2socks SOCKS init 6");
+                client_socks_recv_initiate(client);
+            }
+        } break;
+        
+        case BSOCKSCLIENT_EVENT_ERROR_CLOSED: {
+            ASSERT(client->socks_up)
+            
+            client_log(client, BLOG_INFO, "SOCKS closed");
+            
+            client_free_socks(client);
+        } break;
+        
+        default:
+            ASSERT(0);
+    }
+}
+
+void client_send_to_socks (struct tcp_client *client)
+{
+    ASSERT(!client->socks_closed)
+    ASSERT(client->socks_up)
+    ASSERT(client->buf_used > 0)
+    
+#if SOCKS_DATA_LOG_ENABLE
+    client_log(client, BLOG_DEBUG, "tun2socks client_send_to_socks data<len: %d>: %@", client->buf_used);
+#endif
+    // schedule sending
+    StreamPassInterface_Sender_Send(client->socks_send_if, client->buf, client->buf_used);
+}
+
+void client_socks_send_handler_done (struct tcp_client *client, int data_len)
+{
+    ASSERT(!client->socks_closed)
+    ASSERT(client->socks_up)
+    ASSERT(client->buf_used > 0)
+    ASSERT(data_len > 0)
+    ASSERT(data_len <= client->buf_used)
+    
+    // remove sent data from buffer
+    memmove(client->buf, client->buf + data_len, client->buf_used - data_len);
+    client->buf_used -= data_len;
+    
+    if (!client->client_closed) {
+        // confirm sent data
+        tcp_recved(client->pcb, data_len);
+    }
+    
+    if (client->buf_used > 0) {
+        // send any further data
+        StreamPassInterface_Sender_Send(client->socks_send_if, client->buf, client->buf_used);
+    }
+    else if (client->client_closed) {
+        // client was closed we've sent everything we had buffered; we're done with it
+        client_log(client, BLOG_INFO, "removing after client went down");
+        
+        client_free_socks(client);
+    }
+}
+
+void client_socks_recv_initiate (struct tcp_client *client)
+{
+    ASSERT(!client->client_closed)
+    ASSERT(!client->socks_closed)
+    ASSERT(client->socks_up)
+    ASSERT(client->socks_recv_buf_used == -1)
+    
+    StreamRecvInterface_Receiver_Recv(client->socks_recv_if, client->socks_recv_buf, sizeof(client->socks_recv_buf));
+}
+
+void client_socks_recv_handler_done (struct tcp_client *client, int data_len)
+{
+    ASSERT(data_len > 0)
+    ASSERT(data_len <= sizeof(client->socks_recv_buf))
+    ASSERT(!client->socks_closed)
+    ASSERT(client->socks_up)
+    ASSERT(client->socks_recv_buf_used == -1)
+    
+    // if client was closed, stop receiving
+    if (client->client_closed) {
+        return;
+    }
+    
+    // set amount of data in buffer
+    client->socks_recv_buf_used = data_len;
+    client->socks_recv_buf_sent = 0;
+    client->socks_recv_waiting = 0;
+    
+    // send to client
+    client_log(client, BLOG_INFO, "client_socks_recv_handler_done prepare send to client: %d", data_len);
+    if (client_socks_recv_send_out(client) < 0) {
+        client_log(client, BLOG_INFO, "client_socks_recv_send_out error");
+        return;
+    }
+    
+    // continue receiving if needed
+    if (client->socks_recv_buf_used == -1) {
+        client_log(client, BLOG_INFO, "client_socks_recv_send_out continue receiving");
+        client_socks_recv_initiate(client);
+    }else{
+//        client_socks_recv_initiate(client);
+        client_log(client, BLOG_INFO, "client_socks_recv_send_out continue error");
+    }
+}
+
+int client_socks_recv_send_out (struct tcp_client *client)
+{
+    ASSERT(!client->client_closed)
+    ASSERT(client->socks_up)
+    ASSERT(client->socks_recv_buf_used > 0)
+    ASSERT(client->socks_recv_buf_sent < client->socks_recv_buf_used)
+    ASSERT(!client->socks_recv_waiting)
+    
+    // return value -1 means tcp_abort() was done,
+    // 0 means it wasn't and the client (pcb) is still up
+    
+    do {
+        int to_write = bmin_int(client->socks_recv_buf_used - client->socks_recv_buf_sent, tcp_sndbuf(client->pcb));
+#if SOCKS_DATA_LOG_ENABLE
+        client_log(client, BLOG_INFO, "tun2socks client_socks_recv_send_out data<len: %d>", to_write);
+#endif
+        if (to_write == 0) {
+#if SOCKS_DATA_LOG_ENABLE
+            client_log(client, BLOG_INFO, "tun2socks client_socks_recv_send_out to_write zero, break");
+#endif
+            break;
+        }
+        err_t err = tcp_write(client->pcb, client->socks_recv_buf + client->socks_recv_buf_sent, to_write, TCP_WRITE_FLAG_COPY);
+#if SOCKS_DATA_LOG_ENABLE
+        client_log(client, BLOG_INFO, "tun2socks client_socks_recv_send_out tcp write err: %d", err);
+#endif
+        if (err != ERR_OK) {
+            if (err == ERR_MEM) {
+#if SOCKS_DATA_LOG_ENABLE
+                client_log(client, BLOG_INFO, "tun2socks client_socks_recv_send_out tcp write error error_mem");
+#endif
+                break;
+            }
+#if SOCKS_DATA_LOG_ENABLE
+            client_log(client, BLOG_INFO, "tcp_write failed (%d)", (int)err);
+#endif
+            client_abort_client(client);
+            return -1;
+        }
+        
+        client->socks_recv_buf_sent += to_write;
+        client->socks_recv_tcp_pending += to_write;
+    } while (client->socks_recv_buf_sent < client->socks_recv_buf_used);
+#if SOCKS_DATA_LOG_ENABLE
+    client_log(client, BLOG_INFO, "tun2socks client_socks_recv_send_out begin tcp_output");
+#endif
+    // start sending now
+    err_t err = tcp_output(client->pcb);
+#if SOCKS_DATA_LOG_ENABLE
+    client_log(client, BLOG_INFO, "tun2socks client_socks_recv_send_out begin tcp_output err: %d", err);
+#endif
+    if (err != ERR_OK) {
+#if SOCKS_DATA_LOG_ENABLE
+        client_log(client, BLOG_INFO, "tcp_output failed (%d)", (int)err);
+#endif
+        client_abort_client(client);
+        return -1;
+    }
+    
+    // more data to queue?
+    if (client->socks_recv_buf_sent < client->socks_recv_buf_used) {
+        if (client->socks_recv_tcp_pending == 0) {
+            client_log(client, BLOG_ERROR, "can't queue data, but all data was confirmed !?!");
+            
+            client_abort_client(client);
+            return -1;
+        }
+        
+        // set waiting, continue in client_sent_func
+        client->socks_recv_waiting = 1;
+        return 0;
+    }
+    
+    // everything was queued
+    client->socks_recv_buf_used = -1;
+//    client->socks_recv_buf_used = 0;
+    
+    return 0;
+}
+
+err_t client_sent_func (void *arg, struct tcp_pcb *tpcb, u16_t len)
+{
+    struct tcp_client *client = (struct tcp_client *)arg;
+    
+    ASSERT(!client->client_closed)
+    ASSERT(client->socks_up)
+    ASSERT(len > 0)
+    ASSERT(len <= client->socks_recv_tcp_pending)
+    
+    // decrement pending
+    client->socks_recv_tcp_pending -= len;
+    
+    // continue queuing
+    if (client->socks_recv_buf_used > 0) {
+        ASSERT(client->socks_recv_waiting)
+        ASSERT(client->socks_recv_buf_sent < client->socks_recv_buf_used)
+        
+        // set not waiting
+        client->socks_recv_waiting = 0;
+        
+        // possibly send more data
+        if (client_socks_recv_send_out(client) < 0) {
+            return ERR_ABRT;
+        }
+        
+        // we just queued some data, so it can't have been confirmed yet
+        ASSERT(client->socks_recv_tcp_pending > 0)
+        
+        // continue receiving if needed
+        if (client->socks_recv_buf_used == -1 && !client->socks_closed) {
+            SYNC_DECL
+            SYNC_FROMHERE
+            client_socks_recv_initiate(client);
+            DEAD_ENTER(client->dead_client)
+            SYNC_COMMIT
+            DEAD_LEAVE2(client->dead_client)
+            if (DEAD_KILLED) {
+                return ERR_ABRT;
+            }
+        }
+        
+        return ERR_OK;
+    }
+    
+    // have we sent everything after SOCKS was closed?
+    if (client->socks_closed && client->socks_recv_tcp_pending == 0) {
+        client_log(client, BLOG_INFO, "removing after SOCKS went down");
+        client_free_client(client);
+        return ERR_ABRT;
+    }
+    
+    return ERR_OK;
+}
+
+void udpgw_client_handler_received (void *unused, BAddr local_addr, BAddr remote_addr, const uint8_t *data, int data_len)
+{
+    ASSERT(options.udpgw_remote_server_addr)
+    ASSERT(local_addr.type == BADDR_TYPE_IPV4 || local_addr.type == BADDR_TYPE_IPV6)
+    ASSERT(local_addr.type == remote_addr.type)
+    ASSERT(data_len >= 0)
+    
+    int packet_length = 0;
+    
+    switch (local_addr.type) {
+        case BADDR_TYPE_IPV4: {
+#ifdef BADVPN_SOCKS_UDP_RELAY
+            BLog(BLOG_INFO, "UDP: from udprelay %d bytes", data_len);
+#else
+            BLog(BLOG_INFO, "UDP: from udpgw %d bytes", data_len);
+#endif
+            
+            if (data_len > UINT16_MAX - (sizeof(struct ipv4_header) + sizeof(struct udp_header)) ||
+                data_len > BTap_GetMTU(&device) - (int)(sizeof(struct ipv4_header) + sizeof(struct udp_header))
+            ) {
+                BLog(BLOG_ERROR, "UDP: packet is too large");
+                return;
+            }
+            
+            // build IP header
+            struct ipv4_header iph;
+            iph.version4_ihl4 = IPV4_MAKE_VERSION_IHL(sizeof(iph));
+            iph.ds = hton8(0);
+            iph.total_length = hton16(sizeof(iph) + sizeof(struct udp_header) + data_len);
+            iph.identification = hton16(0);
+            iph.flags3_fragmentoffset13 = hton16(0);
+            iph.ttl = hton8(64);
+            iph.protocol = hton8(IPV4_PROTOCOL_UDP);
+            iph.checksum = hton16(0);
+            iph.source_address = remote_addr.ipv4.ip;
+            iph.destination_address = local_addr.ipv4.ip;
+            iph.checksum = ipv4_checksum(&iph, NULL, 0);
+            
+            // build UDP header
+            struct udp_header udph;
+            udph.source_port = remote_addr.ipv4.port;
+            udph.dest_port = local_addr.ipv4.port;
+            udph.length = hton16(sizeof(udph) + data_len);
+            udph.checksum = hton16(0);
+            udph.checksum = udp_checksum(&udph, data, data_len, iph.source_address, iph.destination_address);
+            
+            // write packet
+            memcpy(device_write_buf, &iph, sizeof(iph));
+            memcpy(device_write_buf + sizeof(iph), &udph, sizeof(udph));
+            memcpy(device_write_buf + sizeof(iph) + sizeof(udph), data, data_len);
+            packet_length = sizeof(iph) + sizeof(udph) + data_len;
+        } break;
+        
+        case BADDR_TYPE_IPV6: {
+#ifdef BADVPN_SOCKS_UDP_RELAY
+            BLog(BLOG_INFO, "UDP/IPv6: from udprelay %d bytes", data_len);
+#else
+            BLog(BLOG_INFO, "UDP/IPv6: from udpgw %d bytes", data_len);
+#endif
+            
+            if (!options.netif_ip6addr) {
+#ifdef BADVPN_SOCKS_UDP_RELAY
+                BLog(BLOG_ERROR, "got IPv6 packet from udprelay but IPv6 is disabled");
+#else
+                BLog(BLOG_ERROR, "got IPv6 packet from udpgw but IPv6 is disabled");
+#endif
+                return;
+            }
+            
+            if (data_len > UINT16_MAX - sizeof(struct udp_header) ||
+                data_len > BTap_GetMTU(&device) - (int)(sizeof(struct ipv6_header) + sizeof(struct udp_header))
+            ) {
+                BLog(BLOG_ERROR, "UDP/IPv6: packet is too large");
+                return;
+            }
+            
+            // build IPv6 header
+            struct ipv6_header iph;
+            iph.version4_tc4 = hton8((6 << 4));
+            iph.tc4_fl4 = hton8(0);
+            iph.fl = hton16(0);
+            iph.payload_length = hton16(sizeof(struct udp_header) + data_len);
+            iph.next_header = hton8(IPV6_NEXT_UDP);
+            iph.hop_limit = hton8(64);
+            memcpy(iph.source_address, remote_addr.ipv6.ip, 16);
+            memcpy(iph.destination_address, local_addr.ipv6.ip, 16);
+            
+            // build UDP header
+            struct udp_header udph;
+            udph.source_port = remote_addr.ipv6.port;
+            udph.dest_port = local_addr.ipv6.port;
+            udph.length = hton16(sizeof(udph) + data_len);
+            udph.checksum = hton16(0);
+            udph.checksum = udp_ip6_checksum(&udph, data, data_len, iph.source_address, iph.destination_address);
+            
+            // write packet
+            memcpy(device_write_buf, &iph, sizeof(iph));
+            memcpy(device_write_buf + sizeof(iph), &udph, sizeof(udph));
+            memcpy(device_write_buf + sizeof(iph) + sizeof(udph), data, data_len);
+            packet_length = sizeof(iph) + sizeof(udph) + data_len;
+        } break;
+    }
+    
+    // submit packet
+    BTap_Send(&device, device_write_buf, packet_length);
+}
diff --git a/client/3rd/PacketProcessor/PacketProcessor/tun2socks-iOS/tun2socks/tun2socks.h b/client/3rd/PacketProcessor/PacketProcessor/tun2socks-iOS/tun2socks/tun2socks.h
new file mode 100644
index 00000000..87bb5374
--- /dev/null
+++ b/client/3rd/PacketProcessor/PacketProcessor/tun2socks-iOS/tun2socks/tun2socks.h
@@ -0,0 +1,50 @@
+/*
+ * Copyright (C) Ambroz Bizjak <ambrop7@gmail.com>
+ * 
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions are met:
+ * 1. Redistributions of source code must retain the above copyright
+ *    notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in the
+ *    documentation and/or other materials provided with the distribution.
+ * 3. Neither the name of the author nor the
+ *    names of its contributors may be used to endorse or promote products
+ *    derived from this software without specific prior written permission.
+ * 
+ * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS" AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED
+ * WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE
+ * DISCLAIMED. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY
+ * DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES
+ * (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
+ * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND
+ * ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
+ * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS
+ * SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
+ */
+
+
+// name of the program
+#define PROGRAM_NAME "tun2socks"
+
+// size of temporary buffer for passing data from the SOCKS server to TCP for sending
+#define CLIENT_SOCKS_RECV_BUF_SIZE 2048
+
+// maximum number of udpgw connections
+#define DEFAULT_UDPGW_MAX_CONNECTIONS 256
+
+// udpgw per-connection send buffer size, in number of packets
+#define DEFAULT_UDPGW_CONNECTION_BUFFER_SIZE 8
+
+// udpgw reconnect time after connection fails
+#define UDPGW_RECONNECT_TIME 5000
+
+// udpgw keepalive sending interval
+#define UDPGW_KEEPALIVE_TIME 10000
+
+// option to override the destination addresses to give the SOCKS server
+//#define OVERRIDE_DEST_ADDR "10.111.0.2:2000"
+
+extern int tun2socks_main (int argc, char **argv, int fd, int mtu);
+extern void stop_tun2socks();
\ No newline at end of file
diff --git a/client/3rd/PacketProcessor/PacketProcessor/tun2socks-iOS/tuntap/BTap.h b/client/3rd/PacketProcessor/PacketProcessor/tun2socks-iOS/tuntap/BTap.h
new file mode 100644
index 00000000..555f3143
--- /dev/null
+++ b/client/3rd/PacketProcessor/PacketProcessor/tun2socks-iOS/tuntap/BTap.h
@@ -0,0 +1,196 @@
+/**
+ * @file BTap.h
+ * @author Ambroz Bizjak <ambrop7@gmail.com>
+ * 
+ * @section LICENSE
+ * 
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions are met:
+ * 1. Redistributions of source code must retain the above copyright
+ *    notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in the
+ *    documentation and/or other materials provided with the distribution.
+ * 3. Neither the name of the author nor the
+ *    names of its contributors may be used to endorse or promote products
+ *    derived from this software without specific prior written permission.
+ * 
+ * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS" AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED
+ * WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE
+ * DISCLAIMED. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY
+ * DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES
+ * (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
+ * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND
+ * ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
+ * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS
+ * SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
+ * 
+ * @section DESCRIPTION
+ * 
+ * TAP device abstraction.
+ */
+
+#ifndef BADVPN_TUNTAP_BTAP_H
+#define BADVPN_TUNTAP_BTAP_H
+
+#if (defined(BADVPN_USE_WINAPI) + defined(BADVPN_LINUX) + defined(BADVPN_FREEBSD)) != 1
+#error Unknown TAP backend or too many TAP backends
+#endif
+
+#include <stdint.h>
+
+#ifdef BADVPN_USE_WINAPI
+#else
+#include <net/if.h>
+#endif
+
+#include "misc/debug.h"
+#include "misc/debugerror.h"
+#include "base/DebugObject.h"
+#include "system/BReactor.h"
+#include "flow/PacketRecvInterface.h"
+
+#define BTAP_ETHERNET_HEADER_LENGTH 14
+
+/**
+ * Handler called when an error occurs on the device.
+ * The object must be destroyed from the job context of this
+ * handler, and no further I/O may occur.
+ * 
+ * @param user as in {@link BTap_Init}
+ */
+typedef void (*BTap_handler_error) (void *used);
+
+typedef struct {
+    BReactor *reactor;
+    BTap_handler_error handler_error;
+    void *handler_error_user;
+    int frame_mtu;
+    PacketRecvInterface output;
+    uint8_t *output_packet;
+    
+#ifdef BADVPN_USE_WINAPI
+    HANDLE device;
+    BReactorIOCPOverlapped send_olap;
+    BReactorIOCPOverlapped recv_olap;
+#else
+    int close_fd;
+    int fd;
+    BFileDescriptor bfd;
+    int poll_events;
+#endif
+    
+    DebugError d_err;
+    DebugObject d_obj;
+} BTap;
+
+/**
+ * Initializes the TAP device.
+ *
+ * @param o the object
+ * @param BReactor {@link BReactor} we live in
+ * @param devname name of the devece to open.
+ *                On Linux: a network interface name. If it is NULL, no
+ *                specific device will be requested, and the operating system
+ *                may create a new device.
+ *                On Windows: a string "component_id:device_name", where
+ *                component_id is a string identifying the driver, and device_name
+ *                is the name of the network interface. If component_id is empty,
+ *                a hardcoded default will be used instead. If device_name is empty,
+ *                the first device found with a matching component_id will be used.
+ *                Specifying a NULL devname is equivalent to specifying ":".
+ * @param handler_error error handler function
+ * @param handler_error_user value passed to error handler
+ * @param tun whether to create a TUN (IP) device or a TAP (Ethernet) device. Must be 0 or 1.
+ * @return 1 on success, 0 on failure
+ */
+int BTap_Init (BTap *o, BReactor *reactor, int fd, int mtu, BTap_handler_error handler_error, void *handler_error_user, int tun);
+
+enum BTap_dev_type {BTAP_DEV_TUN, BTAP_DEV_TAP};
+
+enum BTap_init_type {
+    BTAP_INIT_STRING,
+#ifndef BADVPN_USE_WINAPI
+    BTAP_INIT_FD,
+#endif
+};
+
+struct BTap_init_data {
+    enum BTap_dev_type dev_type;
+    enum BTap_init_type init_type;
+    union {
+        char *string;
+        struct {
+            int fd;
+            int mtu;
+        } fd;
+    } init;
+};
+
+/**
+ * Initializes the TAP device.
+ *
+ * @param o the object
+ * @param BReactor {@link BReactor} we live in
+ * @param init_data struct containing initialization parameters (to allow transparent passing).
+ *                  init.data.dev_type must be either BTAP_DEV_TUN for an IP device, or
+ *                  BTAP_DEV_TAP for an Ethernet device.
+ *                  init_data.init_type must be either BTAP_INIT_STRING or BTAP_INIT_FD.
+ *                  For BTAP_INIT_STRING, init_data.init.string specifies the TUN or TAP
+ *                  device, as described next.
+ *                  On Linux: a network interface name. If it is NULL, no
+ *                  specific device will be requested, and the operating system
+ *                  may create a new device.
+ *                  On Windows: a string "component_id:device_name", where
+ *                  component_id is a string identifying the driver, and device_name
+ *                  is the name of the network interface. If component_id is empty,
+ *                  a hardcoded default will be used instead. If device_name is empty,
+ *                  the first device found with a matching component_id will be used.
+ *                  Specifying NULL is equivalent to specifying ":".
+ *                  For BTAP_INIT_FD, the device is initialized using a file descriptor.
+ *                  In this case, init_data.init.fd.fd must be set to the file descriptor,
+ *                  and init_data.init.fd.mtu must be set to the largest IP packet or
+ *                  Ethernet frame supported, for a TUN or TAP device, respectively.
+ *                  File descriptor initialization is not supported on Windows.
+ * @param handler_error error handler function
+ * @param handler_error_user value passed to error handler
+ * @return 1 on success, 0 on failure
+ */
+int BTap_Init2 (BTap *o, BReactor *reactor, struct BTap_init_data init_data, BTap_handler_error handler_error, void *handler_error_user) WARN_UNUSED;
+
+/**
+ * Frees the TAP device.
+ *
+ * @param o the object
+ */
+void BTap_Free (BTap *o);
+
+/**
+ * Returns the device's maximum transmission unit (including any protocol headers).
+ *
+ * @param o the object
+ * @return device's MTU
+ */
+int BTap_GetMTU (BTap *o);
+
+/**
+ * Sends a packet to the device.
+ * Any errors will be reported via a job.
+ * 
+ * @param o the object
+ * @param data packet to send
+ * @param data_len length of packet. Must be >=0 and <=MTU, as reported by {@link BTap_GetMTU}.
+ */
+void BTap_Send (BTap *o, uint8_t *data, int data_len);
+
+/**
+ * Returns a {@link PacketRecvInterface} for reading packets from the device.
+ * The MTU of the interface will be {@link BTap_GetMTU}.
+ * 
+ * @param o the object
+ * @return output interface
+ */
+PacketRecvInterface * BTap_GetOutput (BTap *o);
+
+#endif
diff --git a/client/3rd/PacketProcessor/PacketProcessor/tun2socks-iOS/tuntap/BTap.m b/client/3rd/PacketProcessor/PacketProcessor/tun2socks-iOS/tuntap/BTap.m
new file mode 100644
index 00000000..18a17760
--- /dev/null
+++ b/client/3rd/PacketProcessor/PacketProcessor/tun2socks-iOS/tuntap/BTap.m
@@ -0,0 +1,511 @@
+/**
+ * @file BTap.c
+ * @author Ambroz Bizjak <ambrop7@gmail.com>
+ *
+ * @section LICENSE
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions are met:
+ * 1. Redistributions of source code must retain the above copyright
+ *    notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in the
+ *    documentation and/or other materials provided with the distribution.
+ * 3. Neither the name of the author nor the
+ *    names of its contributors may be used to endorse or promote products
+ *    derived from this software without specific prior written permission.
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS" AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED
+ * WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE
+ * DISCLAIMED. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY
+ * DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES
+ * (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
+ * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND
+ * ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
+ * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS
+ * SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
+ */
+
+#include <string.h>
+#include <stdio.h>
+
+#ifdef BADVPN_USE_WINAPI
+#include <windows.h>
+#include <winioctl.h>
+#include <objbase.h>
+#include <wtypes.h>
+#include "wintap-common.h"
+#include <tuntap/tapwin32-funcs.h>
+#else
+#include <fcntl.h>
+#include <unistd.h>
+#include <errno.h>
+#include <sys/ioctl.h>
+#include <sys/types.h>
+#include <sys/stat.h>
+#include <sys/socket.h>
+#include <net/if.h>
+//    #include <net/if_arp.h>
+#ifdef BADVPN_LINUX
+#include <linux/if_tun.h>
+#endif
+#ifdef BADVPN_FREEBSD
+#ifdef __APPLE__
+#include <ctype.h>
+//            #include <net/if_utun.h>
+//            #include <sys/sys_domain.h>
+//            #include <sys/kern_control.h>
+#include <netinet/ip.h>
+#include <sys/uio.h>
+#else
+#include <net/if_tun.h>
+#include <net/if_tap.h>
+#endif
+#endif
+#endif
+
+#include "base/BLog.h"
+
+#include "tuntap/BTap.h"
+
+#include "generated/blog_channel_BTap.h"
+#include "TunnelInterface.h"
+
+static void report_error (BTap *o);
+static void output_handler_recv (BTap *o, uint8_t *data);
+
+#ifdef BADVPN_USE_WINAPI
+
+static void recv_olap_handler (BTap *o, int event, DWORD bytes)
+{
+    DebugObject_Access(&o->d_obj);
+    ASSERT(o->output_packet)
+    ASSERT(event == BREACTOR_IOCP_EVENT_SUCCEEDED || event == BREACTOR_IOCP_EVENT_FAILED)
+    
+    // set no output packet
+    o->output_packet = NULL;
+    
+    if (event == BREACTOR_IOCP_EVENT_FAILED) {
+        BLog(BLOG_ERROR, "read operation failed");
+        report_error(o);
+        return;
+    }
+    
+    ASSERT(bytes >= 0)
+    ASSERT(bytes <= o->frame_mtu)
+    
+    // done
+    PacketRecvInterface_Done(&o->output, bytes);
+}
+
+#else
+
+#ifdef __APPLE__
+
+static inline int header_modify_read_write_return (int len)
+{
+    if (len > 0) {
+        return len > sizeof (u_int32_t) ? len - sizeof (u_int32_t) : 0;
+    } else {
+        return len;
+    }
+}
+
+static int write_tun_header (int fd, void *buf, size_t len)
+{
+    u_int32_t type;
+    struct iovec iv[2];
+    struct ip *iph;
+    
+    iph = (struct ip *) buf;
+    
+    if (iph->ip_v == 6) {
+        type = htonl(AF_INET6);
+    } else {
+        type = htonl(AF_INET);
+    }
+    
+    iv[0].iov_base = &type;
+    iv[0].iov_len = sizeof(type);
+    iv[1].iov_base = buf;
+    iv[1].iov_len = len;
+    
+    return header_modify_read_write_return(writev(fd, iv, 2));
+}
+
+static int read_tun_header (int fd, void *buf, size_t len)
+{
+    u_int32_t type;
+    struct iovec iv[2];
+    
+    iv[0].iov_base = &type;
+    iv[0].iov_len = sizeof(type);
+    iv[1].iov_base = buf;
+    iv[1].iov_len = len;
+    
+    return header_modify_read_write_return(readv(fd, iv, 2));
+}
+
+#endif
+
+static void fd_handler (BTap *o, int events)
+{
+    DebugObject_Access(&o->d_obj);
+    DebugError_AssertNoError(&o->d_err);
+    
+    if (events&(BREACTOR_ERROR|BREACTOR_HUP)) {
+        BLog(BLOG_WARNING, "device fd reports error?");
+    }
+    
+    if (events&BREACTOR_READ) do {
+        ASSERT(o->output_packet)
+        
+        // try reading into the buffer
+#ifdef __APPLE__
+        //        int bytes = read_tun_header(o->fd, o->output_packet, o->frame_mtu);
+        uint8_t data[2];
+        int bytes = read(o->fd, data, 2);
+        if (bytes != 2) {
+            // Treat zero return value the same as EAGAIN.
+            // See: https://bugzilla.kernel.org/show_bug.cgi?id=96381
+//            if (bytes == 0 || errno == EAGAIN || errno == EWOULDBLOCK) {
+//                // retry later
+//                break;
+//            }
+//            // report fatal error
+//            report_error(o);
+//            return;
+            break;
+        }
+        int data_len = data[0] * 256 + data[1];
+        
+        bytes = read(o->fd, o->output_packet, data_len);
+#else
+        int bytes = read(o->fd, o->output_packet, o->frame_mtu);
+#endif
+        if (bytes != data_len) {
+            // report fatal error
+            report_error(o);
+            return;
+        }
+        if (bytes <= 0) {
+            // Treat zero return value the same as EAGAIN.
+            // See: https://bugzilla.kernel.org/show_bug.cgi?id=96381
+            if (bytes == 0 || errno == EAGAIN || errno == EWOULDBLOCK) {
+                // retry later
+                break;
+            }
+            // report fatal error
+            report_error(o);
+            return;
+        }
+        
+#if TCP_DATA_LOG_ENABLE
+        BLog(BLOG_DEBUG, "tun2socks receive from tunnel data<len: %d>", bytes);
+#endif
+        
+        ASSERT_FORCE(bytes <= o->frame_mtu)
+        
+        // set no output packet
+        o->output_packet = NULL;
+        
+        // update events
+        o->poll_events &= ~BREACTOR_READ;
+        BReactor_SetFileDescriptorEvents(o->reactor, &o->bfd, o->poll_events);
+        
+        // inform receiver we finished the packet
+        PacketRecvInterface_Done(&o->output, bytes);
+    } while (0);
+}
+
+#endif
+
+void report_error (BTap *o)
+{
+    DEBUGERROR(&o->d_err, o->handler_error(o->handler_error_user));
+}
+
+void output_handler_recv (BTap *o, uint8_t *data)
+{
+    DebugObject_Access(&o->d_obj);
+    DebugError_AssertNoError(&o->d_err);
+    ASSERT(data)
+    ASSERT(!o->output_packet)
+    
+#ifdef BADVPN_USE_WINAPI
+    
+    memset(&o->recv_olap.olap, 0, sizeof(o->recv_olap.olap));
+    
+    // read
+    BOOL res = ReadFile(o->device, data, o->frame_mtu, NULL, &o->recv_olap.olap);
+    if (res == FALSE && GetLastError() != ERROR_IO_PENDING) {
+        BLog(BLOG_ERROR, "ReadFile failed (%u)", GetLastError());
+        report_error(o);
+        return;
+    }
+    
+    o->output_packet = data;
+    
+#else
+    
+    // attempt read
+//#ifdef __APPLE__
+//    //    int bytes = read_tun_header(o->fd, data, o->frame_mtu);
+//    char msg[2];
+//    int bytes = read(o->fd, msg, 2);
+//    NSLog(@"fd2 bytes: %d", bytes);
+//    
+//    if (bytes <= 0) {
+//        if (bytes == 0 || errno == EAGAIN || errno == EWOULDBLOCK) {
+//            // See note about zero return in fd_handler.
+//            // retry later in fd_handler
+//            // remember packet
+//            o->output_packet = data;
+//            // update events
+//            o->poll_events |= BREACTOR_READ;
+//            BReactor_SetFileDescriptorEvents(o->reactor, &o->bfd, o->poll_events);
+//            return;
+//        }
+//        // report fatal error
+//        report_error(o);
+//        return;
+//    }
+//    int len = msg[0] * 256 + msg[1];
+//    NSLog(@"fd2 len: %x, %x, len: %d", data[0], data[1], len);
+//    bytes = read(o->fd, data, len);
+//#else
+//    int bytes = read(o->fd, data, o->frame_mtu);
+//#endif
+//    if (bytes <= 0) {
+//        if (bytes == 0 || errno == EAGAIN || errno == EWOULDBLOCK) {
+//            // See note about zero return in fd_handler.
+//            // retry later in fd_handler
+//            // remember packet
+//            o->output_packet = data;
+//            // update events
+//            o->poll_events |= BREACTOR_READ;
+//            BReactor_SetFileDescriptorEvents(o->reactor, &o->bfd, o->poll_events);
+//            return;
+//        }
+//        // report fatal error
+//        report_error(o);
+//        return;
+//    }
+//    
+//    NSLog(@"tun2 receive: %@", [[NSData alloc] initWithBytes:data length:bytes]);
+//    
+//    ASSERT_FORCE(bytes <= o->frame_mtu)
+//    
+//    PacketRecvInterface_Done(&o->output, bytes);
+    o->output_packet = data;
+    // update events
+    o->poll_events |= BREACTOR_READ;
+    BReactor_SetFileDescriptorEvents(o->reactor, &o->bfd, o->poll_events);
+    
+#endif
+}
+
+int BTap_Init (BTap *o, BReactor *reactor, int fd, int mtu, BTap_handler_error handler_error, void *handler_error_user, int tun)
+{
+    ASSERT(tun == 0 || tun == 1)
+    
+    struct BTap_init_data init_data;
+    init_data.dev_type = tun ? BTAP_DEV_TUN : BTAP_DEV_TAP;
+    init_data.init_type = BTAP_INIT_FD;
+    init_data.init.fd.fd = fd;
+    init_data.init.fd.mtu = mtu;
+    
+    return BTap_Init2(o, reactor, init_data, handler_error, handler_error_user);
+}
+
+int BTap_Init2 (BTap *o, BReactor *reactor, struct BTap_init_data init_data, BTap_handler_error handler_error, void *handler_error_user)
+{
+    ASSERT(init_data.dev_type == BTAP_DEV_TUN || init_data.dev_type == BTAP_DEV_TAP)
+    
+    // init arguments
+    o->reactor = reactor;
+    o->handler_error = handler_error;
+    o->handler_error_user = handler_error_user;
+    
+#if defined(BADVPN_LINUX) || defined(BADVPN_FREEBSD)
+    
+    o->close_fd = (init_data.init_type != BTAP_INIT_FD);
+    
+    switch (init_data.init_type) {
+        case BTAP_INIT_FD: {
+            ASSERT(init_data.init.fd.fd >= 0)
+            ASSERT(init_data.init.fd.mtu >= 0)
+            ASSERT(init_data.dev_type != BTAP_DEV_TAP || init_data.init.fd.mtu >= BTAP_ETHERNET_HEADER_LENGTH)
+            
+            o->fd = init_data.init.fd.fd;
+            o->frame_mtu = init_data.init.fd.mtu;
+        } break;
+            
+        case BTAP_INIT_STRING:
+            break;
+            
+        default: ASSERT(0);
+    }
+    
+    // set non-blocking
+    if (fcntl(o->fd, F_SETFL, O_NONBLOCK) < 0) {
+        BLog(BLOG_ERROR, "cannot set non-blocking");
+        goto fail1;
+    }
+    
+    // init file descriptor object
+    BFileDescriptor_Init(&o->bfd, o->fd, (BFileDescriptor_handler)fd_handler, o);
+    if (!BReactor_AddFileDescriptor(o->reactor, &o->bfd)) {
+        BLog(BLOG_ERROR, "BReactor_AddFileDescriptor failed");
+        goto fail1;
+    }
+    o->poll_events = 0;
+    
+    goto success;
+    
+fail1:
+    if (o->close_fd) {
+        ASSERT_FORCE(close(o->fd) == 0)
+    }
+fail0:
+    return 0;
+    
+#endif
+    
+success:
+    // init output
+    PacketRecvInterface_Init(&o->output, o->frame_mtu, (PacketRecvInterface_handler_recv)output_handler_recv, o, BReactor_PendingGroup(o->reactor));
+    
+    // set no output packet
+    o->output_packet = NULL;
+    
+    DebugError_Init(&o->d_err, BReactor_PendingGroup(o->reactor));
+    DebugObject_Init(&o->d_obj);
+    return 1;
+}
+
+void BTap_Free (BTap *o)
+{
+    DebugObject_Free(&o->d_obj);
+    DebugError_Free(&o->d_err);
+    
+    // free output
+    PacketRecvInterface_Free(&o->output);
+    
+#ifdef BADVPN_USE_WINAPI
+    
+    // cancel I/O
+    ASSERT_FORCE(CancelIo(o->device))
+    
+    // wait receiving to finish
+    if (o->output_packet) {
+        BLog(BLOG_DEBUG, "waiting for receiving to finish");
+        BReactorIOCPOverlapped_Wait(&o->recv_olap, NULL, NULL);
+    }
+    
+    // free recv olap
+    BReactorIOCPOverlapped_Free(&o->recv_olap);
+    
+    // free send olap
+    BReactorIOCPOverlapped_Free(&o->send_olap);
+    
+    // close device
+    ASSERT_FORCE(CloseHandle(o->device))
+    
+#else
+    
+    // free BFileDescriptor
+    BReactor_RemoveFileDescriptor(o->reactor, &o->bfd);
+    
+    if (o->close_fd) {
+        // close file descriptor
+        ASSERT_FORCE(close(o->fd) == 0)
+    }
+    
+#endif
+}
+
+int BTap_GetMTU (BTap *o)
+{
+    DebugObject_Access(&o->d_obj);
+    
+    return o->frame_mtu;
+}
+
+void BTap_Send (BTap *o, uint8_t *data, int data_len)
+{
+    DebugObject_Access(&o->d_obj);
+    DebugError_AssertNoError(&o->d_err);
+    ASSERT(data_len >= 0)
+    ASSERT(data_len <= o->frame_mtu)
+    
+#ifdef BADVPN_USE_WINAPI
+    
+    // ignore frames without an Ethernet header, or we get errors in WriteFile
+    if (data_len < 14) {
+        return;
+    }
+    
+    memset(&o->send_olap.olap, 0, sizeof(o->send_olap.olap));
+    
+    // write
+    BOOL res = WriteFile(o->device, data, data_len, NULL, &o->send_olap.olap);
+    if (res == FALSE && GetLastError() != ERROR_IO_PENDING) {
+        BLog(BLOG_ERROR, "WriteFile failed (%u)", GetLastError());
+        return;
+    }
+    
+    // wait
+    int succeeded;
+    DWORD bytes;
+    BReactorIOCPOverlapped_Wait(&o->send_olap, &succeeded, &bytes);
+    
+    if (!succeeded) {
+        BLog(BLOG_ERROR, "write operation failed");
+    } else {
+        ASSERT(bytes >= 0)
+        ASSERT(bytes <= data_len)
+        
+        if (bytes < data_len) {
+            BLog(BLOG_ERROR, "write operation didn't write everything");
+        }
+    }
+    
+#else
+    
+#ifdef __APPLE__
+    //    int bytes = write_tun_header(o->fd, data, data_len);
+    NSData *outdata = [[NSData alloc] initWithBytes:data length:data_len];
+#if TCP_DATA_LOG_ENABLE
+    BLog(BLOG_DEBUG, "tun2socks send to tunnel data<len: %d>", data_len);
+#endif
+    [TunnelInterface writePacket:outdata];
+    return;
+    uint8_t msg[o->frame_mtu+2];
+    msg[0] = data_len / 256;
+    msg[1] = data_len % 256;
+    memcpy(msg + 2, data, data_len);
+
+    int bytes = write(o->fd, msg, data_len + 2);
+#else
+    int bytes = write(o->fd, data, data_len);
+#endif
+    if (bytes < 0) {
+        // malformed packets will cause errors, ignore them and act like
+        // the packet was accepeted
+    } else {
+        if (bytes != data_len + 2) {
+            BLog(BLOG_WARNING, "written %d expected %d", bytes, data_len + 2);
+        }
+    }
+    
+#endif
+}
+
+PacketRecvInterface * BTap_GetOutput (BTap *o)
+{
+    DebugObject_Access(&o->d_obj);
+    
+    return &o->output;
+}
diff --git a/client/3rd/PacketProcessor/PacketProcessor/tun2socks-iOS/udpgw/udpgw.c b/client/3rd/PacketProcessor/PacketProcessor/tun2socks-iOS/udpgw/udpgw.c
new file mode 100644
index 00000000..5247574c
--- /dev/null
+++ b/client/3rd/PacketProcessor/PacketProcessor/tun2socks-iOS/udpgw/udpgw.c
@@ -0,0 +1,1473 @@
+/*
+ * Copyright (C) Ambroz Bizjak <ambrop7@gmail.com>
+ * Contributions:
+ * Transparent DNS: Copyright (C) Kerem Hadimli <kerem.hadimli@gmail.com>
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions are met:
+ * 1. Redistributions of source code must retain the above copyright
+ *    notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in the
+ *    documentation and/or other materials provided with the distribution.
+ * 3. Neither the name of the author nor the
+ *    names of its contributors may be used to endorse or promote products
+ *    derived from this software without specific prior written permission.
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS" AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED
+ * WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE
+ * DISCLAIMED. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY
+ * DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES
+ * (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
+ * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND
+ * ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
+ * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS
+ * SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
+ */
+
+#include <stdio.h>
+#include <string.h>
+#include <stdarg.h>
+#include <stdlib.h>
+#include <limits.h>
+
+#include "protocol/udpgw_proto.h"
+#include "misc/debug.h"
+#include "misc/version.h"
+#include "misc/loggers_string.h"
+#include "misc/loglevel.h"
+#include "misc/offset.h"
+#include "misc/byteorder.h"
+#include "misc/bsize.h"
+#include "misc/open_standard_streams.h"
+#include "misc/balloc.h"
+#include "misc/compare.h"
+#include "misc/print_macros.h"
+#include "structure/LinkedList1.h"
+#include "structure/BAVL.h"
+#include "base/BLog.h"
+#include "system/BReactor.h"
+#include "system/BNetwork.h"
+#include "system/BConnection.h"
+#include "system/BDatagram.h"
+#include "system/BSignal.h"
+#include "flow/PacketProtoDecoder.h"
+#include "flow/PacketPassFairQueue.h"
+#include "flow/PacketStreamSender.h"
+#include "flow/PacketProtoFlow.h"
+#include "flow/SinglePacketBuffer.h"
+
+#ifndef BADVPN_USE_WINAPI
+#include "base/BLog_syslog.h"
+#include <arpa/nameser.h>
+#include <resolv.h>
+#endif
+
+#include "udpgw.h"
+
+#include "generated/blog_channel_udpgw.h"
+
+#define LOGGER_STDOUT 1
+#define LOGGER_SYSLOG 2
+
+#define DNS_UPDATE_TIME 2000
+
+struct client {
+    BConnection con;
+    BAddr addr;
+    BTimer disconnect_timer;
+    PacketProtoDecoder recv_decoder;
+    PacketPassInterface recv_if;
+    PacketPassFairQueue send_queue;
+    PacketStreamSender send_sender;
+    BAVL connections_tree;
+    LinkedList1 connections_list;
+    int num_connections;
+    LinkedList1 closing_connections_list;
+    LinkedList1Node clients_list_node;
+};
+
+struct connection {
+    struct client *client;
+    uint16_t conid;
+    BAddr addr;
+    BAddr orig_addr;
+    const uint8_t *first_data;
+    int first_data_len;
+    btime_t last_use_time;
+    int closing;
+    BPending first_job;
+    BufferWriter *send_if;
+    PacketProtoFlow send_ppflow;
+    PacketPassFairQueueFlow send_qflow;
+    union {
+        struct {
+            BDatagram udp_dgram;
+            int local_port_index;
+            BufferWriter udp_send_writer;
+            PacketBuffer udp_send_buffer;
+            SinglePacketBuffer udp_recv_buffer;
+            PacketPassInterface udp_recv_if;
+            BAVLNode connections_tree_node;
+            LinkedList1Node connections_list_node;
+        };
+        struct {
+            LinkedList1Node closing_connections_list_node;
+        };
+    };
+};
+
+// command-line options
+struct {
+    int help;
+    int version;
+    int logger;
+#ifndef BADVPN_USE_WINAPI
+    char *logger_syslog_facility;
+    char *logger_syslog_ident;
+#endif
+    int loglevel;
+    int loglevels[BLOG_NUM_CHANNELS];
+    char *listen_addrs[MAX_LISTEN_ADDRS];
+    int num_listen_addrs;
+    int udp_mtu;
+    int max_clients;
+    int max_connections_for_client;
+    int client_socket_sndbuf;
+    int local_udp_num_ports;
+    char *local_udp_addr;
+    int local_udp_ip6_num_ports;
+    char *local_udp_ip6_addr;
+    int unique_local_ports;
+} server_options;
+
+// MTUs
+int udpgw_mtu;
+int pp_mtu;
+
+// listen addresses
+BAddr listen_addrs[MAX_LISTEN_ADDRS];
+int num_listen_addrs;
+
+// local UDP port range, if options.local_udp_num_ports>=0
+BAddr local_udp_addr;
+
+// local UDP/IPv6 port range, if options.local_udp_ip6_num_ports>=0
+BAddr local_udp_ip6_addr;
+
+// DNS forwarding
+BAddr dns_addr;
+btime_t last_dns_update_time;
+
+// reactor
+BReactor server_ss;
+
+// listeners
+BListener listeners[MAX_LISTEN_ADDRS];
+int num_listeners;
+
+// clients
+LinkedList1 clients_list;
+int server_num_clients;
+
+static void print_help (const char *name);
+static void print_version (void);
+static int parse_arguments (int argc, char *argv[]);
+static int process_arguments (void);
+static void signal_handler (void *unused);
+static void listener_handler (BListener *listener);
+static void client_free (struct client *client);
+static void client_logfunc (struct client *client);
+static void client_log (struct client *client, int level, const char *fmt, ...);
+static void client_disconnect_timer_handler (struct client *client);
+static void client_connection_handler (struct client *client, int event);
+static void client_decoder_handler_error (struct client *client);
+static void client_recv_if_handler_send (struct client *client, uint8_t *data, int data_len);
+static int get_local_num_ports (int addr_type);
+static BAddr get_local_addr (int addr_type);
+static uint8_t * build_port_usage_array_and_find_least_used_connection (BAddr remote_addr, struct connection **out_con);
+static void connection_init (struct client *client, uint16_t conid, BAddr addr, BAddr orig_addr, const uint8_t *data, int data_len);
+static void connection_free (struct connection *con);
+static void connection_logfunc (struct connection *con);
+static void connection_log (struct connection *con, int level, const char *fmt, ...);
+static void connection_free_udp (struct connection *con);
+static void connection_first_job_handler (struct connection *con);
+static void connection_send_to_client (struct connection *con, uint8_t flags, const uint8_t *data, int data_len);
+static int connection_send_to_udp (struct connection *con, const uint8_t *data, int data_len);
+static void connection_close (struct connection *con);
+static void connection_send_qflow_busy_handler (struct connection *con);
+static void connection_dgram_handler_event (struct connection *con, int event);
+static void connection_udp_recv_if_handler_send (struct connection *con, uint8_t *data, int data_len);
+static struct connection * find_connection (struct client *client, uint16_t conid);
+static int uint16_comparator (void *unused, uint16_t *v1, uint16_t *v2);
+static void maybe_update_dns (void);
+
+int udpgw_main (int argc, char **argv)
+{
+    if (argc <= 0) {
+        return 1;
+    }
+    
+    // open standard streams
+    open_standard_streams();
+    
+    // parse command-line arguments
+    if (!parse_arguments(argc, argv)) {
+        fprintf(stderr, "Failed to parse arguments\n");
+        print_help(argv[0]);
+        goto fail0;
+    }
+    
+    // handle --help and --version
+    if (server_options.help) {
+        print_version();
+        print_help(argv[0]);
+        return 0;
+    }
+    if (server_options.version) {
+        print_version();
+        return 0;
+    }
+    
+    // initialize logger
+    switch (server_options.logger) {
+        case LOGGER_STDOUT:
+            BLog_InitStdout();
+            break;
+#ifndef BADVPN_USE_WINAPI
+        case LOGGER_SYSLOG:
+            if (!BLog_InitSyslog(server_options.logger_syslog_ident, server_options.logger_syslog_facility)) {
+                fprintf(stderr, "Failed to initialize syslog logger\n");
+                goto fail0;
+            }
+            break;
+#endif
+        default:
+            ASSERT(0);
+    }
+    
+    // configure logger channels
+    for (int i = 0; i < BLOG_NUM_CHANNELS; i++) {
+        if (server_options.loglevels[i] >= 0) {
+            BLog_SetChannelLoglevel(i, server_options.loglevels[i]);
+        }
+        else if (server_options.loglevel >= 0) {
+            BLog_SetChannelLoglevel(i, server_options.loglevel);
+        }
+    }
+    
+    BLog(BLOG_NOTICE, "initializing "GLOBAL_PRODUCT_NAME" "PROGRAM_NAME" "GLOBAL_VERSION);
+    
+    // initialize network
+    if (!BNetwork_GlobalInit()) {
+        BLog(BLOG_ERROR, "BNetwork_GlobalInit failed");
+        goto fail1;
+    }
+    
+    // process arguments
+    if (!process_arguments()) {
+        BLog(BLOG_ERROR, "Failed to process arguments");
+        goto fail1;
+    }
+    
+    // compute MTUs
+    udpgw_mtu = udpgw_compute_mtu(server_options.udp_mtu);
+    if (udpgw_mtu < 0 || udpgw_mtu > PACKETPROTO_MAXPAYLOAD) {
+        udpgw_mtu = PACKETPROTO_MAXPAYLOAD;
+    }
+    pp_mtu = udpgw_mtu + sizeof(struct packetproto_header);
+    
+    // init time
+    BTime_Init();
+    
+    // init DNS forwarding
+    BAddr_InitNone(&dns_addr);
+    last_dns_update_time = INT64_MIN;
+    maybe_update_dns();
+    
+    // init reactor
+    if (!BReactor_Init(&server_ss)) {
+        BLog(BLOG_ERROR, "BReactor_Init failed");
+        goto fail1;
+    }
+    
+    // setup signal handler
+    if (!BSignal_Init(&server_ss, signal_handler, NULL)) {
+        BLog(BLOG_ERROR, "BSignal_Init failed");
+        goto fail2;
+    }
+    
+    // initialize listeners
+    num_listeners = 0;
+    while (num_listeners < num_listen_addrs) {
+        if (!BListener_Init(&listeners[num_listeners], listen_addrs[num_listeners], &server_ss, &listeners[num_listeners], (BListener_handler)listener_handler)) {
+            BLog(BLOG_ERROR, "Listener_Init failed");
+            goto fail3;
+        }
+        num_listeners++;
+    }
+    
+    // init clients list
+    LinkedList1_Init(&clients_list);
+    server_num_clients = 0;
+    
+    // enter event loop
+    BLog(BLOG_NOTICE, "entering event loop");
+    BReactor_Exec(&server_ss);
+    
+    // free clients
+    while (!LinkedList1_IsEmpty(&clients_list)) {
+        struct client *client = UPPER_OBJECT(LinkedList1_GetFirst(&clients_list), struct client, clients_list_node);
+        client_free(client);
+    }
+fail3:
+    // free listeners
+    while (num_listeners > 0) {
+        num_listeners--;
+        BListener_Free(&listeners[num_listeners]);
+    }
+    // finish signal handling
+    BSignal_Finish();
+fail2:
+    // free reactor
+    BReactor_Free(&server_ss);
+fail1:
+    // free logger
+    BLog(BLOG_NOTICE, "exiting");
+    BLog_Free();
+fail0:
+    // finish debug objects
+    DebugObjectGlobal_Finish();
+    
+    return 1;
+}
+
+void print_help (const char *name)
+{
+    printf(
+           "Usage:\n"
+           "    %s\n"
+           "        [--help]\n"
+           "        [--version]\n"
+           "        [--logger <"LOGGERS_STRING">]\n"
+#ifndef BADVPN_USE_WINAPI
+           "        (logger=syslog?\n"
+           "            [--syslog-facility <string>]\n"
+           "            [--syslog-ident <string>]\n"
+           "        )\n"
+#endif
+           "        [--loglevel <0-5/none/error/warning/notice/info/debug>]\n"
+           "        [--channel-loglevel <channel-name> <0-5/none/error/warning/notice/info/debug>] ...\n"
+           "        [--listen-addr <addr>] ...\n"
+           "        [--udp-mtu <bytes>]\n"
+           "        [--max-clients <number>]\n"
+           "        [--max-connections-for-client <number>]\n"
+           "        [--client-socket-sndbuf <bytes / 0>]\n"
+           "        [--local-udp-addrs <addr> <num_ports>]\n"
+           "        [--local-udp-ip6-addrs <addr> <num_ports>]\n"
+           "        [--unique-local-ports]\n"
+           "Address format is a.b.c.d:port (IPv4) or [addr]:port (IPv6).\n",
+           name
+           );
+}
+
+void print_version (void)
+{
+    printf(GLOBAL_PRODUCT_NAME" "PROGRAM_NAME" "GLOBAL_VERSION"\n"GLOBAL_COPYRIGHT_NOTICE"\n");
+}
+
+int parse_arguments (int argc, char *argv[])
+{
+    if (argc <= 0) {
+        return 0;
+    }
+    
+    server_options.help = 0;
+    server_options.version = 0;
+    server_options.logger = LOGGER_STDOUT;
+#ifndef BADVPN_USE_WINAPI
+    server_options.logger_syslog_facility = "daemon";
+    server_options.logger_syslog_ident = argv[0];
+#endif
+    server_options.loglevel = -1;
+    for (int i = 0; i < BLOG_NUM_CHANNELS; i++) {
+        server_options.loglevels[i] = -1;
+    }
+    server_options.num_listen_addrs = 0;
+    server_options.udp_mtu = DEFAULT_UDP_MTU;
+    server_options.max_clients = DEFAULT_MAX_CLIENTS;
+    server_options.max_connections_for_client = DEFAULT_MAX_CONNECTIONS_FOR_CLIENT;
+    server_options.client_socket_sndbuf = CLIENT_DEFAULT_SOCKET_SEND_BUFFER;
+    server_options.local_udp_num_ports = -1;
+    server_options.local_udp_ip6_num_ports = -1;
+    server_options.unique_local_ports = 0;
+    
+    int i;
+    for (i = 1; i < argc; i++) {
+        char *arg = argv[i];
+        if (!strcmp(arg, "--help")) {
+            server_options.help = 1;
+        }
+        else if (!strcmp(arg, "--version")) {
+            server_options.version = 1;
+        }
+        else if (!strcmp(arg, "--logger")) {
+            if (1 >= argc - i) {
+                fprintf(stderr, "%s: requires an argument\n", arg);
+                return 0;
+            }
+            char *arg2 = argv[i + 1];
+            if (!strcmp(arg2, "stdout")) {
+                server_options.logger = LOGGER_STDOUT;
+            }
+#ifndef BADVPN_USE_WINAPI
+            else if (!strcmp(arg2, "syslog")) {
+                server_options.logger = LOGGER_SYSLOG;
+            }
+#endif
+            else {
+                fprintf(stderr, "%s: wrong argument\n", arg);
+                return 0;
+            }
+            i++;
+        }
+#ifndef BADVPN_USE_WINAPI
+        else if (!strcmp(arg, "--syslog-facility")) {
+            if (1 >= argc - i) {
+                fprintf(stderr, "%s: requires an argument\n", arg);
+                return 0;
+            }
+            server_options.logger_syslog_facility = argv[i + 1];
+            i++;
+        }
+        else if (!strcmp(arg, "--syslog-ident")) {
+            if (1 >= argc - i) {
+                fprintf(stderr, "%s: requires an argument\n", arg);
+                return 0;
+            }
+            server_options.logger_syslog_ident = argv[i + 1];
+            i++;
+        }
+#endif
+        else if (!strcmp(arg, "--loglevel")) {
+            if (1 >= argc - i) {
+                fprintf(stderr, "%s: requires an argument\n", arg);
+                return 0;
+            }
+            if ((server_options.loglevel = parse_loglevel(argv[i + 1])) < 0) {
+                fprintf(stderr, "%s: wrong argument\n", arg);
+                return 0;
+            }
+            i++;
+        }
+        else if (!strcmp(arg, "--channel-loglevel")) {
+            if (2 >= argc - i) {
+                fprintf(stderr, "%s: requires two arguments\n", arg);
+                return 0;
+            }
+            int channel = BLogGlobal_GetChannelByName(argv[i + 1]);
+            if (channel < 0) {
+                fprintf(stderr, "%s: wrong channel argument\n", arg);
+                return 0;
+            }
+            int loglevel = parse_loglevel(argv[i + 2]);
+            if (loglevel < 0) {
+                fprintf(stderr, "%s: wrong loglevel argument\n", arg);
+                return 0;
+            }
+            server_options.loglevels[channel] = loglevel;
+            i += 2;
+        }
+        else if (!strcmp(arg, "--listen-addr")) {
+            if (1 >= argc - i) {
+                fprintf(stderr, "%s: requires an argument\n", arg);
+                return 0;
+            }
+            if (server_options.num_listen_addrs == MAX_LISTEN_ADDRS) {
+                fprintf(stderr, "%s: too many\n", arg);
+                return 0;
+            }
+            server_options.listen_addrs[server_options.num_listen_addrs] = argv[i + 1];
+            server_options.num_listen_addrs++;
+            i++;
+        }
+        else if (!strcmp(arg, "--udp-mtu")) {
+            if (1 >= argc - i) {
+                fprintf(stderr, "%s: requires an argument\n", arg);
+                return 0;
+            }
+            if ((server_options.udp_mtu = atoi(argv[i + 1])) < 0) {
+                fprintf(stderr, "%s: wrong argument\n", arg);
+                return 0;
+            }
+            i++;
+        }
+        else if (!strcmp(arg, "--max-clients")) {
+            if (1 >= argc - i) {
+                fprintf(stderr, "%s: requires an argument\n", arg);
+                return 0;
+            }
+            if ((server_options.max_clients = atoi(argv[i + 1])) <= 0) {
+                fprintf(stderr, "%s: wrong argument\n", arg);
+                return 0;
+            }
+            i++;
+        }
+        else if (!strcmp(arg, "--max-connections-for-client")) {
+            if (1 >= argc - i) {
+                fprintf(stderr, "%s: requires an argument\n", arg);
+                return 0;
+            }
+            if ((server_options.max_connections_for_client = atoi(argv[i + 1])) <= 0) {
+                fprintf(stderr, "%s: wrong argument\n", arg);
+                return 0;
+            }
+            i++;
+        }
+        else if (!strcmp(arg, "--client-socket-sndbuf")) {
+            if (1 >= argc - i) {
+                fprintf(stderr, "%s: requires an argument\n", arg);
+                return 0;
+            }
+            if ((server_options.client_socket_sndbuf = atoi(argv[i + 1])) < 0) {
+                fprintf(stderr, "%s: wrong argument\n", arg);
+                return 0;
+            }
+            i++;
+        }
+        else if (!strcmp(arg, "--local-udp-addrs")) {
+            if (2 >= argc - i) {
+                fprintf(stderr, "%s: requires two arguments\n", arg);
+                return 0;
+            }
+            server_options.local_udp_addr = argv[i + 1];
+            if ((server_options.local_udp_num_ports = atoi(argv[i + 2])) < 0) {
+                fprintf(stderr, "%s: wrong argument\n", arg);
+                return 0;
+            }
+            i += 2;
+        }
+        else if (!strcmp(arg, "--local-udp-ip6-addrs")) {
+            if (2 >= argc - i) {
+                fprintf(stderr, "%s: requires two arguments\n", arg);
+                return 0;
+            }
+            server_options.local_udp_ip6_addr = argv[i + 1];
+            if ((server_options.local_udp_ip6_num_ports = atoi(argv[i + 2])) < 0) {
+                fprintf(stderr, "%s: wrong argument\n", arg);
+                return 0;
+            }
+            i += 2;
+        }
+        else if (!strcmp(arg, "--unique-local-ports")) {
+            server_options.unique_local_ports = 1;
+        }
+        else {
+            fprintf(stderr, "unknown option: %s\n", arg);
+            return 0;
+        }
+    }
+    
+    if (server_options.help || server_options.version) {
+        return 1;
+    }
+    
+    return 1;
+}
+
+int process_arguments (void)
+{
+    // resolve listen addresses
+    num_listen_addrs = 0;
+    while (num_listen_addrs < server_options.num_listen_addrs) {
+        if (!BAddr_Parse(&listen_addrs[num_listen_addrs], server_options.listen_addrs[num_listen_addrs], NULL, 0)) {
+            BLog(BLOG_ERROR, "listen addr: BAddr_Parse failed");
+            return 0;
+        }
+        num_listen_addrs++;
+    }
+    
+    // resolve local UDP address
+    if (server_options.local_udp_num_ports >= 0) {
+        if (!BAddr_Parse(&local_udp_addr, server_options.local_udp_addr, NULL, 0)) {
+            BLog(BLOG_ERROR, "local udp addr: BAddr_Parse failed");
+            return 0;
+        }
+        if (local_udp_addr.type != BADDR_TYPE_IPV4) {
+            BLog(BLOG_ERROR, "local udp addr: must be an IPv4 address");
+            return 0;
+        }
+    }
+    
+    // resolve local UDP/IPv6 address
+    if (server_options.local_udp_ip6_num_ports >= 0) {
+        if (!BAddr_Parse(&local_udp_ip6_addr, server_options.local_udp_ip6_addr, NULL, 0)) {
+            BLog(BLOG_ERROR, "local udp ip6 addr: BAddr_Parse failed");
+            return 0;
+        }
+        if (local_udp_ip6_addr.type != BADDR_TYPE_IPV6) {
+            BLog(BLOG_ERROR, "local udp ip6 addr: must be an IPv6 address");
+            return 0;
+        }
+    }
+    
+    return 1;
+}
+
+void signal_handler (void *unused)
+{
+    BLog(BLOG_NOTICE, "termination requested");
+    
+    // exit event loop
+    BReactor_Quit(&server_ss, 1);
+}
+
+void listener_handler (BListener *listener)
+{
+    if (server_num_clients == server_options.max_clients) {
+        BLog(BLOG_ERROR, "maximum number of clients reached");
+        goto fail0;
+    }
+    
+    // allocate structure
+    struct client *client = (struct client *)malloc(sizeof(*client));
+    if (!client) {
+        BLog(BLOG_ERROR, "malloc failed");
+        goto fail0;
+    }
+    
+    // accept client
+    if (!BConnection_Init(&client->con, BConnection_source_listener(listener, &client->addr), &server_ss, client, (BConnection_handler)client_connection_handler)) {
+        BLog(BLOG_ERROR, "BConnection_Init failed");
+        goto fail1;
+    }
+    
+    // limit socket send buffer, else our scheduling is pointless
+    if (server_options.client_socket_sndbuf > 0) {
+        if (!BConnection_SetSendBuffer(&client->con, server_options.client_socket_sndbuf)) {
+            BLog(BLOG_WARNING, "BConnection_SetSendBuffer failed");
+        }
+    }
+    
+    // init connection interfaces
+    BConnection_SendAsync_Init(&client->con);
+    BConnection_RecvAsync_Init(&client->con);
+    
+    // init disconnect timer
+    BTimer_Init(&client->disconnect_timer, CLIENT_DISCONNECT_TIMEOUT, (BTimer_handler)client_disconnect_timer_handler, client);
+    BReactor_SetTimer(&server_ss, &client->disconnect_timer);
+    
+    // init recv interface
+    PacketPassInterface_Init(&client->recv_if, udpgw_mtu, (PacketPassInterface_handler_send)client_recv_if_handler_send, client, BReactor_PendingGroup(&server_ss));
+    
+    // init recv decoder
+    if (!PacketProtoDecoder_Init(&client->recv_decoder, BConnection_RecvAsync_GetIf(&client->con), &client->recv_if, BReactor_PendingGroup(&server_ss), client,
+                                 (PacketProtoDecoder_handler_error)client_decoder_handler_error
+                                 )) {
+        BLog(BLOG_ERROR, "PacketProtoDecoder_Init failed");
+        goto fail2;
+    }
+    
+    // init send sender
+    PacketStreamSender_Init(&client->send_sender, BConnection_SendAsync_GetIf(&client->con), pp_mtu, BReactor_PendingGroup(&server_ss));
+    
+    // init send queue
+    if (!PacketPassFairQueue_Init(&client->send_queue, PacketStreamSender_GetInput(&client->send_sender), BReactor_PendingGroup(&server_ss), 0, 1)) {
+        BLog(BLOG_ERROR, "PacketPassFairQueue_Init failed");
+        goto fail3;
+    }
+    
+    // init connections tree
+    BAVL_Init(&client->connections_tree, OFFSET_DIFF(struct connection, conid, connections_tree_node), (BAVL_comparator)uint16_comparator, NULL);
+    
+    // init connections list
+    LinkedList1_Init(&client->connections_list);
+    
+    // set zero connections
+    client->num_connections = 0;
+    
+    // init closing connections list
+    LinkedList1_Init(&client->closing_connections_list);
+    
+    // insert to clients list
+    LinkedList1_Append(&clients_list, &client->clients_list_node);
+    server_num_clients++;
+    
+    client_log(client, BLOG_INFO, "connected");
+    
+    return;
+    
+fail3:
+    PacketStreamSender_Free(&client->send_sender);
+    PacketProtoDecoder_Free(&client->recv_decoder);
+fail2:
+    PacketPassInterface_Free(&client->recv_if);
+    BReactor_RemoveTimer(&server_ss, &client->disconnect_timer);
+    BConnection_RecvAsync_Free(&client->con);
+    BConnection_SendAsync_Free(&client->con);
+    BConnection_Free(&client->con);
+fail1:
+    free(client);
+fail0:
+    return;
+}
+
+void client_free (struct client *client)
+{
+    // allow freeing send queue flows
+    PacketPassFairQueue_PrepareFree(&client->send_queue);
+    
+    // free connections
+    while (!LinkedList1_IsEmpty(&client->connections_list)) {
+        struct connection *con = UPPER_OBJECT(LinkedList1_GetFirst(&client->connections_list), struct connection, connections_list_node);
+        connection_free(con);
+    }
+    
+    // free closing connections
+    while (!LinkedList1_IsEmpty(&client->closing_connections_list)) {
+        struct connection *con = UPPER_OBJECT(LinkedList1_GetFirst(&client->closing_connections_list), struct connection, closing_connections_list_node);
+        connection_free(con);
+    }
+    
+    // remove from clients list
+    LinkedList1_Remove(&clients_list, &client->clients_list_node);
+    server_num_clients--;
+    
+    // free send queue
+    PacketPassFairQueue_Free(&client->send_queue);
+    
+    // free send sender
+    PacketStreamSender_Free(&client->send_sender);
+    
+    // free recv decoder
+    PacketProtoDecoder_Free(&client->recv_decoder);
+    
+    // free recv interface
+    PacketPassInterface_Free(&client->recv_if);
+    
+    // free disconnect timer
+    BReactor_RemoveTimer(&server_ss, &client->disconnect_timer);
+    
+    // free connection interfaces
+    BConnection_RecvAsync_Free(&client->con);
+    BConnection_SendAsync_Free(&client->con);
+    
+    // free connection
+    BConnection_Free(&client->con);
+    
+    // free structure
+    free(client);
+}
+
+void client_logfunc (struct client *client)
+{
+    char addr[BADDR_MAX_PRINT_LEN];
+    BAddr_Print(&client->addr, addr);
+    
+    BLog_Append("client (%s): ", addr);
+}
+
+void client_log (struct client *client, int level, const char *fmt, ...)
+{
+    va_list vl;
+    va_start(vl, fmt);
+    BLog_LogViaFuncVarArg((BLog_logfunc)client_logfunc, client, BLOG_CURRENT_CHANNEL, level, fmt, vl);
+    va_end(vl);
+}
+
+void client_disconnect_timer_handler (struct client *client)
+{
+    client_log(client, BLOG_INFO, "timed out, disconnecting");
+    
+    // free client
+    client_free(client);
+}
+
+void client_connection_handler (struct client *client, int event)
+{
+    if (event == BCONNECTION_EVENT_RECVCLOSED) {
+        client_log(client, BLOG_INFO, "client closed");
+    } else {
+        client_log(client, BLOG_INFO, "client error");
+    }
+    
+    // free client
+    client_free(client);
+}
+
+void client_decoder_handler_error (struct client *client)
+{
+    client_log(client, BLOG_ERROR, "decoder error");
+    
+    // free client
+    client_free(client);
+}
+
+void client_recv_if_handler_send (struct client *client, uint8_t *data, int data_len)
+{
+    ASSERT(data_len >= 0)
+    ASSERT(data_len <= udpgw_mtu)
+    
+    // accept packet
+    PacketPassInterface_Done(&client->recv_if);
+    
+    // parse header
+    if (data_len < sizeof(struct udpgw_header)) {
+        client_log(client, BLOG_ERROR, "missing header");
+        return;
+    }
+    struct udpgw_header header;
+    memcpy(&header, data, sizeof(header));
+    data += sizeof(header);
+    data_len -= sizeof(header);
+    uint8_t flags = ltoh8(header.flags);
+    uint16_t conid = ltoh16(header.conid);
+    
+    // reset disconnect timer
+    BReactor_SetTimer(&server_ss, &client->disconnect_timer);
+    
+    // if this is keepalive, ignore any payload
+    if ((flags & UDPGW_CLIENT_FLAG_KEEPALIVE)) {
+        client_log(client, BLOG_DEBUG, "received keepalive");
+        return;
+    }
+    
+    // parse address
+    BAddr orig_addr;
+    if ((flags & UDPGW_CLIENT_FLAG_IPV6)) {
+        if (data_len < sizeof(struct udpgw_addr_ipv6)) {
+            client_log(client, BLOG_ERROR, "missing ipv6 address");
+            return;
+        }
+        struct udpgw_addr_ipv6 addr_ipv6;
+        memcpy(&addr_ipv6, data, sizeof(addr_ipv6));
+        data += sizeof(addr_ipv6);
+        data_len -= sizeof(addr_ipv6);
+        BAddr_InitIPv6(&orig_addr, addr_ipv6.addr_ip, addr_ipv6.addr_port);
+    } else {
+        if (data_len < sizeof(struct udpgw_addr_ipv4)) {
+            client_log(client, BLOG_ERROR, "missing ipv4 address");
+            return;
+        }
+        struct udpgw_addr_ipv4 addr_ipv4;
+        memcpy(&addr_ipv4, data, sizeof(addr_ipv4));
+        data += sizeof(addr_ipv4);
+        data_len -= sizeof(addr_ipv4);
+        BAddr_InitIPv4(&orig_addr, addr_ipv4.addr_ip, addr_ipv4.addr_port);
+    }
+    
+    // check payload length
+    if (data_len > server_options.udp_mtu) {
+        client_log(client, BLOG_ERROR, "too much data");
+        return;
+    }
+    
+    // find connection
+    struct connection *con = find_connection(client, conid);
+    ASSERT(!con || !con->closing)
+    
+    // if connection exists, close it if needed
+    if (con && ((flags & UDPGW_CLIENT_FLAG_REBIND) || !BAddr_Compare(&con->orig_addr, &orig_addr))) {
+        connection_log(con, BLOG_DEBUG, "close old");
+        connection_close(con);
+        con = NULL;
+    }
+    
+    // if connection doesn't exists, create it
+    if (!con) {
+        // check number of connections
+        if (client->num_connections == server_options.max_connections_for_client) {
+            // close least recently used connection
+            con = UPPER_OBJECT(LinkedList1_GetFirst(&client->connections_list), struct connection, connections_list_node);
+            connection_close(con);
+        }
+        
+        // if this is DNS, replace actual address, but keep still remember the orig_addr
+        BAddr addr = orig_addr;
+        if ((flags & UDPGW_CLIENT_FLAG_DNS)) {
+            maybe_update_dns();
+            if (dns_addr.type == BADDR_TYPE_NONE) {
+                client_log(client, BLOG_WARNING, "received DNS packet, but no DNS server available");
+            } else {
+                client_log(client, BLOG_DEBUG, "received DNS");
+                addr = dns_addr;
+            }
+        }
+        
+        // create new connection
+        connection_init(client, conid, addr, orig_addr, data, data_len);
+    } else {
+        // submit packet to existing connection
+        connection_send_to_udp(con, data, data_len);
+    }
+}
+
+int get_local_num_ports (int addr_type)
+{
+    switch (addr_type) {
+        case BADDR_TYPE_IPV4: return server_options.local_udp_num_ports;
+        case BADDR_TYPE_IPV6: return server_options.local_udp_ip6_num_ports;
+        default: ASSERT(0); return 0;
+    }
+}
+
+BAddr get_local_addr (int addr_type)
+{
+    ASSERT(get_local_num_ports(addr_type) >= 0)
+    
+    switch (addr_type) {
+        case BADDR_TYPE_IPV4: return local_udp_addr;
+        case BADDR_TYPE_IPV6: return local_udp_ip6_addr;
+        default: ASSERT(0); return BAddr_MakeNone();
+    }
+}
+
+uint8_t * build_port_usage_array_and_find_least_used_connection (BAddr remote_addr, struct connection **out_con)
+{
+    ASSERT(remote_addr.type == BADDR_TYPE_IPV4 || remote_addr.type == BADDR_TYPE_IPV6)
+    ASSERT(get_local_num_ports(remote_addr.type) >= 0)
+    
+    int local_num_ports = get_local_num_ports(remote_addr.type);
+    
+    // allocate port usage array
+    uint8_t *port_usage = (uint8_t *)BAllocSize(bsize_fromint(local_num_ports));
+    if (!port_usage) {
+        return NULL;
+    }
+    
+    // zero array
+    memset(port_usage, 0, local_num_ports);
+    
+    struct connection *least_con = NULL;
+    
+    // flag inappropriate ports (those with the same remote address)
+    for (LinkedList1Node *ln = LinkedList1_GetFirst(&clients_list); ln; ln = LinkedList1Node_Next(ln)) {
+        struct client *client = UPPER_OBJECT(ln, struct client, clients_list_node);
+        
+        for (LinkedList1Node *ln2 = LinkedList1_GetFirst(&client->connections_list); ln2; ln2 = LinkedList1Node_Next(ln2)) {
+            struct connection *con = UPPER_OBJECT(ln2, struct connection, connections_list_node);
+            ASSERT(con->client == client)
+            ASSERT(!con->closing)
+            
+            if (con->addr.type != remote_addr.type || con->local_port_index < 0) {
+                continue;
+            }
+            ASSERT(con->local_port_index < local_num_ports)
+            
+            if (server_options.unique_local_ports) {
+                BIPAddr ip1;
+                BIPAddr ip2;
+                BAddr_GetIPAddr(&con->addr, &ip1);
+                BAddr_GetIPAddr(&remote_addr, &ip2);
+                if (!BIPAddr_Compare(&ip1, &ip2)) {
+                    continue;
+                }
+            } else {
+                if (!BAddr_Compare(&con->addr, &remote_addr)) {
+                    continue;
+                }
+            }
+            
+            port_usage[con->local_port_index] = 1;
+            
+            if (!PacketPassFairQueueFlow_IsBusy(&con->send_qflow)) {
+                if (!least_con || con->last_use_time < least_con->last_use_time) {
+                    least_con = con;
+                }
+            }
+        }
+    }
+    
+    *out_con = least_con;
+    return port_usage;
+}
+
+void connection_init (struct client *client, uint16_t conid, BAddr addr, BAddr orig_addr, const uint8_t *data, int data_len)
+{
+    ASSERT(client->num_connections < server_options.max_connections_for_client)
+    ASSERT(!find_connection(client, conid))
+    BAddr_Assert(&addr);
+    ASSERT(addr.type == BADDR_TYPE_IPV4 || addr.type == BADDR_TYPE_IPV6)
+    ASSERT(orig_addr.type == BADDR_TYPE_IPV4 || orig_addr.type == BADDR_TYPE_IPV6)
+    ASSERT(data_len >= 0)
+    ASSERT(data_len <= server_options.udp_mtu)
+    
+    // allocate structure
+    struct connection *con = (struct connection *)malloc(sizeof(*con));
+    if (!con) {
+        client_log(client, BLOG_ERROR, "malloc failed");
+        goto fail0;
+    }
+    
+    // init arguments
+    con->client = client;
+    con->conid = conid;
+    con->addr = addr;
+    con->orig_addr = orig_addr;
+    con->first_data = data;
+    con->first_data_len = data_len;
+    
+    // set last use time
+    con->last_use_time = btime_gettime();
+    
+    // set not closing
+    con->closing = 0;
+    
+    // init first job
+    BPending_Init(&con->first_job, BReactor_PendingGroup(&server_ss), (BPending_handler)connection_first_job_handler, con);
+    BPending_Set(&con->first_job);
+    
+    // init send queue flow
+    PacketPassFairQueueFlow_Init(&con->send_qflow, &client->send_queue);
+    
+    // init send PacketProtoFlow
+    if (!PacketProtoFlow_Init(&con->send_ppflow, udpgw_mtu, CONNECTION_CLIENT_BUFFER_SIZE, PacketPassFairQueueFlow_GetInput(&con->send_qflow), BReactor_PendingGroup(&server_ss))) {
+        client_log(client, BLOG_ERROR, "PacketProtoFlow_Init failed");
+        goto fail1;
+    }
+    con->send_if = PacketProtoFlow_GetInput(&con->send_ppflow);
+    
+    // init UDP dgram
+    if (!BDatagram_Init(&con->udp_dgram, addr.type, &server_ss, con, (BDatagram_handler)connection_dgram_handler_event)) {
+        client_log(client, BLOG_ERROR, "BDatagram_Init failed");
+        goto fail2;
+    }
+    
+    con->local_port_index = -1;
+    
+    int local_num_ports = get_local_num_ports(addr.type);
+    
+    if (local_num_ports >= 0) {
+        // build port usage array, find least used connection
+        struct connection *least_con;
+        uint8_t *port_usage = build_port_usage_array_and_find_least_used_connection(addr, &least_con);
+        if (!port_usage) {
+            client_log(client, BLOG_ERROR, "build_port_usage_array failed");
+            goto failed;
+        }
+        
+        // set SO_REUSEADDR
+        if (!BDatagram_SetReuseAddr(&con->udp_dgram, 1)) {
+            client_log(client, BLOG_ERROR, "set SO_REUSEADDR failed");
+            goto failed;
+        }
+        
+        // get starting local address
+        BAddr local_addr = get_local_addr(addr.type);
+        
+        // try different ports
+        for (int i = 0; i < local_num_ports; i++) {
+            // skip inappropriate ports
+            if (port_usage[i]) {
+                continue;
+            }
+            
+            BAddr bind_addr = local_addr;
+            BAddr_SetPort(&bind_addr, hton16(ntoh16(BAddr_GetPort(&bind_addr)) + (uint16_t)i));
+            if (BDatagram_Bind(&con->udp_dgram, bind_addr)) {
+                // remember which port we're using
+                con->local_port_index = i;
+                goto cont;
+            }
+        }
+        
+        // try closing an unused connection with the same remote addr
+        if (!least_con) {
+            goto failed;
+        }
+        
+        ASSERT(least_con->addr.type == addr.type)
+        ASSERT(least_con->local_port_index >= 0)
+        ASSERT(least_con->local_port_index < local_num_ports)
+        ASSERT(!PacketPassFairQueueFlow_IsBusy(&least_con->send_qflow))
+        
+        int i = least_con->local_port_index;
+        
+        BLog(BLOG_INFO, "closing connection for its remote address");
+        
+        // close the offending connection
+        connection_close(least_con);
+        
+        // try binding to its port
+        BAddr bind_addr = local_addr;
+        BAddr_SetPort(&bind_addr, hton16(ntoh16(BAddr_GetPort(&bind_addr)) + (uint16_t)i));
+        if (BDatagram_Bind(&con->udp_dgram, bind_addr)) {
+            // remember which port we're using
+            con->local_port_index = i;
+            goto cont;
+        }
+        
+    failed:
+        client_log(client, BLOG_WARNING, "failed to bind to any local address; proceeding regardless");
+    cont:;
+        BFree(port_usage);
+    }
+    
+    // set UDP dgram send address
+    BIPAddr ipaddr;
+    BIPAddr_InitInvalid(&ipaddr);
+    BDatagram_SetSendAddrs(&con->udp_dgram, addr, ipaddr);
+    
+    // init UDP dgram interfaces
+    BDatagram_SendAsync_Init(&con->udp_dgram, server_options.udp_mtu);
+    BDatagram_RecvAsync_Init(&con->udp_dgram, server_options.udp_mtu);
+    
+    // init UDP writer
+    BufferWriter_Init(&con->udp_send_writer, server_options.udp_mtu, BReactor_PendingGroup(&server_ss));
+    
+    // init UDP buffer
+    if (!PacketBuffer_Init(&con->udp_send_buffer, BufferWriter_GetOutput(&con->udp_send_writer), BDatagram_SendAsync_GetIf(&con->udp_dgram), CONNECTION_UDP_BUFFER_SIZE, BReactor_PendingGroup(&server_ss))) {
+        client_log(client, BLOG_ERROR, "PacketBuffer_Init failed");
+        goto fail4;
+    }
+    
+    // init UDP recv interface
+    PacketPassInterface_Init(&con->udp_recv_if, server_options.udp_mtu, (PacketPassInterface_handler_send)connection_udp_recv_if_handler_send, con, BReactor_PendingGroup(&server_ss));
+    
+    // init UDP recv buffer
+    if (!SinglePacketBuffer_Init(&con->udp_recv_buffer, BDatagram_RecvAsync_GetIf(&con->udp_dgram), &con->udp_recv_if, BReactor_PendingGroup(&server_ss))) {
+        client_log(client, BLOG_ERROR, "SinglePacketBuffer_Init failed");
+        goto fail5;
+    }
+    
+    // insert to client's connections tree
+    ASSERT_EXECUTE(BAVL_Insert(&client->connections_tree, &con->connections_tree_node, NULL))
+    
+    // insert to client's connections list
+    LinkedList1_Append(&client->connections_list, &con->connections_list_node);
+    
+    // increment number of connections
+    client->num_connections++;
+    
+    connection_log(con, BLOG_DEBUG, "initialized");
+    
+    return;
+    
+fail5:
+    PacketPassInterface_Free(&con->udp_recv_if);
+    PacketBuffer_Free(&con->udp_send_buffer);
+fail4:
+    BufferWriter_Free(&con->udp_send_writer);
+    BDatagram_RecvAsync_Free(&con->udp_dgram);
+    BDatagram_SendAsync_Free(&con->udp_dgram);
+    BDatagram_Free(&con->udp_dgram);
+fail2:
+    PacketProtoFlow_Free(&con->send_ppflow);
+fail1:
+    PacketPassFairQueueFlow_Free(&con->send_qflow);
+    BPending_Free(&con->first_job);
+    free(con);
+fail0:
+    return;
+}
+
+void connection_free (struct connection *con)
+{
+    struct client *client = con->client;
+    PacketPassFairQueueFlow_AssertFree(&con->send_qflow);
+    
+    if (con->closing) {
+        // remove from client's closing connections list
+        LinkedList1_Remove(&client->closing_connections_list, &con->closing_connections_list_node);
+    } else {
+        // decrement number of connections
+        client->num_connections--;
+        
+        // remove from client's connections list
+        LinkedList1_Remove(&client->connections_list, &con->connections_list_node);
+        
+        // remove from client's connections tree
+        BAVL_Remove(&client->connections_tree, &con->connections_tree_node);
+        
+        // free UDP
+        connection_free_udp(con);
+    }
+    
+    // free send PacketProtoFlow
+    PacketProtoFlow_Free(&con->send_ppflow);
+    
+    // free send queue flow
+    PacketPassFairQueueFlow_Free(&con->send_qflow);
+    
+    // free first job
+    BPending_Free(&con->first_job);
+    
+    // free structure
+    free(con);
+}
+
+void connection_logfunc (struct connection *con)
+{
+    client_logfunc(con->client);
+    
+    if (con->closing) {
+        BLog_Append("old connection %"PRIu16": ", con->conid);
+    } else {
+        BLog_Append("connection %"PRIu16": ", con->conid);
+    }
+}
+
+void connection_log (struct connection *con, int level, const char *fmt, ...)
+{
+    va_list vl;
+    va_start(vl, fmt);
+    BLog_LogViaFuncVarArg((BLog_logfunc)connection_logfunc, con, BLOG_CURRENT_CHANNEL, level, fmt, vl);
+    va_end(vl);
+}
+
+void connection_free_udp (struct connection *con)
+{
+    // free UDP receive buffer
+    SinglePacketBuffer_Free(&con->udp_recv_buffer);
+    
+    // free UDP receive interface
+    PacketPassInterface_Free(&con->udp_recv_if);
+    
+    // free UDP buffer
+    PacketBuffer_Free(&con->udp_send_buffer);
+    
+    // free UDP writer
+    BufferWriter_Free(&con->udp_send_writer);
+    
+    // free UDP dgram interfaces
+    BDatagram_RecvAsync_Free(&con->udp_dgram);
+    BDatagram_SendAsync_Free(&con->udp_dgram);
+    
+    // free UDP dgram
+    BDatagram_Free(&con->udp_dgram);
+}
+
+void connection_first_job_handler (struct connection *con)
+{
+    ASSERT(!con->closing)
+    
+    connection_send_to_udp(con, con->first_data, con->first_data_len);
+}
+
+void connection_send_to_client (struct connection *con, uint8_t flags, const uint8_t *data, int data_len)
+{
+    ASSERT(data_len >= 0)
+    ASSERT(data_len <= server_options.udp_mtu)
+    
+    size_t addr_len = (con->orig_addr.type == BADDR_TYPE_IPV6) ? sizeof(struct udpgw_addr_ipv6) :
+    (con->orig_addr.type == BADDR_TYPE_IPV4) ? sizeof(struct udpgw_addr_ipv4) : 0;
+    if (data_len > udpgw_mtu - (int)(sizeof(struct udpgw_header) + addr_len)) {
+        connection_log(con, BLOG_WARNING, "packet is too large, cannot send to client");
+        return;
+    }
+    
+    // get buffer location
+    uint8_t *out;
+    if (!BufferWriter_StartPacket(con->send_if, &out)) {
+        connection_log(con, BLOG_ERROR, "out of client buffer");
+        return;
+    }
+    int out_pos = 0;
+    
+    if (con->orig_addr.type == BADDR_TYPE_IPV6) {
+        flags |= UDPGW_CLIENT_FLAG_IPV6;
+    }
+    
+    // write header
+    struct udpgw_header header;
+    header.flags = htol8(flags);
+    header.conid = htol16(con->conid);
+    memcpy(out + out_pos, &header, sizeof(header));
+    out_pos += sizeof(header);
+    
+    // write address
+    switch (con->orig_addr.type) {
+        case BADDR_TYPE_IPV4: {
+            struct udpgw_addr_ipv4 addr_ipv4;
+            addr_ipv4.addr_ip = con->orig_addr.ipv4.ip;
+            addr_ipv4.addr_port = con->orig_addr.ipv4.port;
+            memcpy(out + out_pos, &addr_ipv4, sizeof(addr_ipv4));
+            out_pos += sizeof(addr_ipv4);
+        } break;
+        case BADDR_TYPE_IPV6: {
+            struct udpgw_addr_ipv6 addr_ipv6;
+            memcpy(addr_ipv6.addr_ip, con->orig_addr.ipv6.ip, sizeof(addr_ipv6.addr_ip));
+            addr_ipv6.addr_port = con->orig_addr.ipv6.port;
+            memcpy(out + out_pos, &addr_ipv6, sizeof(addr_ipv6));
+            out_pos += sizeof(addr_ipv6);
+        } break;
+    }
+    
+    // write message
+    memcpy(out + out_pos, data, data_len);
+    out_pos += data_len;
+    
+    // submit written message
+    ASSERT(out_pos <= udpgw_mtu)
+    BufferWriter_EndPacket(con->send_if, out_pos);
+}
+
+int connection_send_to_udp (struct connection *con, const uint8_t *data, int data_len)
+{
+    struct client *client = con->client;
+    ASSERT(!con->closing)
+    ASSERT(data_len >= 0)
+    ASSERT(data_len <= server_options.udp_mtu)
+    
+    connection_log(con, BLOG_DEBUG, "from client %d bytes", data_len);
+    
+    // set last use time
+    con->last_use_time = btime_gettime();
+    
+    // move connection to front
+    LinkedList1_Remove(&client->connections_list, &con->connections_list_node);
+    LinkedList1_Append(&client->connections_list, &con->connections_list_node);
+    
+    // get buffer location
+    uint8_t *out;
+    if (!BufferWriter_StartPacket(&con->udp_send_writer, &out)) {
+        connection_log(con, BLOG_ERROR, "out of UDP buffer");
+        return 0;
+    }
+    
+    // write message
+    memcpy(out, data, data_len);
+    
+    // submit written message
+    BufferWriter_EndPacket(&con->udp_send_writer, data_len);
+    
+    return 1;
+}
+
+void connection_close (struct connection *con)
+{
+    struct client *client = con->client;
+    ASSERT(!con->closing)
+    
+    // if possible, free connection immediately
+    if (!PacketPassFairQueueFlow_IsBusy(&con->send_qflow)) {
+        connection_free(con);
+        return;
+    }
+    
+    connection_log(con, BLOG_DEBUG, "closing later");
+    
+    // decrement number of connections
+    client->num_connections--;
+    
+    // remove from client's connections list
+    LinkedList1_Remove(&client->connections_list, &con->connections_list_node);
+    
+    // remove from client's connections tree
+    BAVL_Remove(&client->connections_tree, &con->connections_tree_node);
+    
+    // free UDP
+    connection_free_udp(con);
+    
+    // insert to client's closing connections list
+    LinkedList1_Append(&client->closing_connections_list, &con->closing_connections_list_node);
+    
+    // set busy handler
+    PacketPassFairQueueFlow_SetBusyHandler(&con->send_qflow, (PacketPassFairQueue_handler_busy)connection_send_qflow_busy_handler, con);
+    
+    // unset first job
+    BPending_Unset(&con->first_job);
+    
+    // set closing
+    con->closing = 1;
+}
+
+void connection_send_qflow_busy_handler (struct connection *con)
+{
+    ASSERT(con->closing)
+    PacketPassFairQueueFlow_AssertFree(&con->send_qflow);
+    
+    connection_log(con, BLOG_DEBUG, "closing finally");
+    
+    // free connection
+    connection_free(con);
+}
+
+void connection_dgram_handler_event (struct connection *con, int event)
+{
+    ASSERT(!con->closing)
+    
+    connection_log(con, BLOG_INFO, "UDP error");
+    
+    // close connection
+    connection_close(con);
+}
+
+void connection_udp_recv_if_handler_send (struct connection *con, uint8_t *data, int data_len)
+{
+    struct client *client = con->client;
+    ASSERT(!con->closing)
+    ASSERT(data_len >= 0)
+    ASSERT(data_len <= server_options.udp_mtu)
+    
+    connection_log(con, BLOG_DEBUG, "from UDP %d bytes", data_len);
+    
+    // set last use time
+    con->last_use_time = btime_gettime();
+    
+    // move connection to front
+    LinkedList1_Remove(&client->connections_list, &con->connections_list_node);
+    LinkedList1_Append(&client->connections_list, &con->connections_list_node);
+    
+    // accept packet
+    PacketPassInterface_Done(&con->udp_recv_if);
+    
+    // send packet to client
+    connection_send_to_client(con, 0, data, data_len);
+}
+
+struct connection * find_connection (struct client *client, uint16_t conid)
+{
+    BAVLNode *tree_node = BAVL_LookupExact(&client->connections_tree, &conid);
+    if (!tree_node) {
+        return NULL;
+    }
+    struct connection *con = UPPER_OBJECT(tree_node, struct connection, connections_tree_node);
+    ASSERT(con->conid == conid)
+    ASSERT(!con->closing)
+    
+    return con;
+}
+
+int uint16_comparator (void *unused, uint16_t *v1, uint16_t *v2)
+{
+    return B_COMPARE(*v1, *v2);
+}
+
+void maybe_update_dns (void)
+{
+#ifndef BADVPN_USE_WINAPI
+    btime_t now = btime_gettime();
+    if (now < btime_add(last_dns_update_time, DNS_UPDATE_TIME)) {
+        return;
+    }
+    last_dns_update_time = now;
+    BLog(BLOG_DEBUG, "update dns");
+    
+    if (res_init() != 0) {
+        BLog(BLOG_ERROR, "res_init failed");
+        goto fail;
+    }
+    
+    if (_res.nscount == 0) {
+        BLog(BLOG_ERROR, "no name servers available");
+        goto fail;
+    }
+    
+    BAddr addr;
+    BAddr_InitIPv4(&addr, _res.nsaddr_list[0].sin_addr.s_addr, hton16(53));
+    
+    if (!BAddr_Compare(&addr, &dns_addr)) {
+        char str[BADDR_MAX_PRINT_LEN];
+        BAddr_Print(&addr, str);
+        BLog(BLOG_INFO, "using DNS server %s", str);
+    }
+    
+    dns_addr = addr;
+    return;
+    
+fail:
+    BAddr_InitNone(&dns_addr);
+#endif
+}
\ No newline at end of file
diff --git a/client/3rd/PacketProcessor/PacketProcessor/tun2socks-iOS/udpgw/udpgw.h b/client/3rd/PacketProcessor/PacketProcessor/tun2socks-iOS/udpgw/udpgw.h
new file mode 100644
index 00000000..45f2e5e4
--- /dev/null
+++ b/client/3rd/PacketProcessor/PacketProcessor/tun2socks-iOS/udpgw/udpgw.h
@@ -0,0 +1,54 @@
+/*
+ * Copyright (C) Ambroz Bizjak <ambrop7@gmail.com>
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions are met:
+ * 1. Redistributions of source code must retain the above copyright
+ *    notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in the
+ *    documentation and/or other materials provided with the distribution.
+ * 3. Neither the name of the author nor the
+ *    names of its contributors may be used to endorse or promote products
+ *    derived from this software without specific prior written permission.
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS" AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED
+ * WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE
+ * DISCLAIMED. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY
+ * DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES
+ * (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
+ * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND
+ * ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
+ * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS
+ * SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
+ */
+
+// name of the program
+#define PROGRAM_NAME "udpgw"
+
+// maxiumum listen addresses
+#define MAX_LISTEN_ADDRS 16
+
+// maximum datagram size
+#define DEFAULT_UDP_MTU 65520
+
+// connection buffer size for sending to client, in packets
+#define CONNECTION_CLIENT_BUFFER_SIZE 1
+
+// connection buffer size for sending to UDP, in packets
+#define CONNECTION_UDP_BUFFER_SIZE 1
+
+// maximum number of clients
+#define DEFAULT_MAX_CLIENTS 3
+
+// maximum connections for client
+#define DEFAULT_MAX_CONNECTIONS_FOR_CLIENT 256
+
+// how long after nothing has been received to disconnect a client
+#define CLIENT_DISCONNECT_TIMEOUT 20000
+
+// SO_SNDBFUF socket option for clients, 0 to not set
+#define CLIENT_DEFAULT_SOCKET_SEND_BUFFER 1048576
+
+extern int udpgw_main (int argc, char **argv);
\ No newline at end of file
diff --git a/client/3rd/PacketProcessor/PacketProcessor/tun2socks-iOS/udpgw_client/UdpGwClient.c b/client/3rd/PacketProcessor/PacketProcessor/tun2socks-iOS/udpgw_client/UdpGwClient.c
new file mode 100644
index 00000000..e4e458cc
--- /dev/null
+++ b/client/3rd/PacketProcessor/PacketProcessor/tun2socks-iOS/udpgw_client/UdpGwClient.c
@@ -0,0 +1,597 @@
+/*
+ * Copyright (C) Ambroz Bizjak <ambrop7@gmail.com>
+ * Contributions:
+ * Transparent DNS: Copyright (C) Kerem Hadimli <kerem.hadimli@gmail.com>
+ * 
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions are met:
+ * 1. Redistributions of source code must retain the above copyright
+ *    notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in the
+ *    documentation and/or other materials provided with the distribution.
+ * 3. Neither the name of the author nor the
+ *    names of its contributors may be used to endorse or promote products
+ *    derived from this software without specific prior written permission.
+ * 
+ * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS" AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED
+ * WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE
+ * DISCLAIMED. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY
+ * DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES
+ * (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
+ * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND
+ * ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
+ * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS
+ * SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
+ */
+
+#include <stdlib.h>
+#include <string.h>
+
+#include "misc/offset.h"
+#include "misc/byteorder.h"
+#include "misc/compare.h"
+#include "base/BLog.h"
+
+#include "udpgw_client/UdpGwClient.h"
+
+#include "generated/blog_channel_UdpGwClient.h"
+
+static int uint16_comparator (void *unused, uint16_t *v1, uint16_t *v2);
+static int conaddr_comparator (void *unused, struct UdpGwClient_conaddr *v1, struct UdpGwClient_conaddr *v2);
+static void free_server (UdpGwClient *o);
+static void decoder_handler_error (UdpGwClient *o);
+static void recv_interface_handler_send (UdpGwClient *o, uint8_t *data, int data_len);
+static void send_monitor_handler (UdpGwClient *o);
+static void keepalive_if_handler_done (UdpGwClient *o);
+static struct UdpGwClient_connection * find_connection_by_conaddr (UdpGwClient *o, struct UdpGwClient_conaddr conaddr);
+static struct UdpGwClient_connection * find_connection_by_conid (UdpGwClient *o, uint16_t conid);
+static uint16_t find_unused_conid (UdpGwClient *o);
+static void connection_init (UdpGwClient *o, struct UdpGwClient_conaddr conaddr, uint8_t flags, const uint8_t *data, int data_len);
+static void connection_free (struct UdpGwClient_connection *con);
+static void connection_first_job_handler (struct UdpGwClient_connection *con);
+static void connection_send (struct UdpGwClient_connection *con, uint8_t flags, const uint8_t *data, int data_len);
+static struct UdpGwClient_connection * reuse_connection (UdpGwClient *o, struct UdpGwClient_conaddr conaddr);
+
+static int uint16_comparator (void *unused, uint16_t *v1, uint16_t *v2)
+{
+    return B_COMPARE(*v1, *v2);
+}
+
+static int conaddr_comparator (void *unused, struct UdpGwClient_conaddr *v1, struct UdpGwClient_conaddr *v2)
+{
+    int r = BAddr_CompareOrder(&v1->remote_addr, &v2->remote_addr);
+    if (r) {
+        return r;
+    }
+    return BAddr_CompareOrder(&v1->local_addr, &v2->local_addr);
+}
+
+static void free_server (UdpGwClient *o)
+{
+    // disconnect send connector
+    PacketPassConnector_DisconnectOutput(&o->send_connector);
+    
+    // free send sender
+    PacketStreamSender_Free(&o->send_sender);
+    
+    // free receive decoder
+    PacketProtoDecoder_Free(&o->recv_decoder);
+    
+    // free receive interface
+    PacketPassInterface_Free(&o->recv_if);
+}
+
+static void decoder_handler_error (UdpGwClient *o)
+{
+    DebugObject_Access(&o->d_obj);
+    ASSERT(o->have_server)
+    
+    BLog(BLOG_ERROR, "decoder error");
+    
+    // report error
+    o->handler_servererror(o->user);
+    return;
+}
+
+static void recv_interface_handler_send (UdpGwClient *o, uint8_t *data, int data_len)
+{
+    DebugObject_Access(&o->d_obj);
+    ASSERT(o->have_server)
+    ASSERT(data_len >= 0)
+    ASSERT(data_len <= o->udpgw_mtu)
+    
+    // accept packet
+    PacketPassInterface_Done(&o->recv_if);
+    
+    // check header
+    if (data_len < sizeof(struct udpgw_header)) {
+        BLog(BLOG_ERROR, "missing header");
+        return;
+    }
+    struct udpgw_header header;
+    memcpy(&header, data, sizeof(header));
+    data += sizeof(header);
+    data_len -= sizeof(header);
+    uint8_t flags = ltoh8(header.flags);
+    uint16_t conid = ltoh16(header.conid);
+    
+    // parse address
+    BAddr remote_addr;
+    if ((flags & UDPGW_CLIENT_FLAG_IPV6)) {
+        if (data_len < sizeof(struct udpgw_addr_ipv6)) {
+            BLog(BLOG_ERROR, "missing ipv6 address");
+            return;
+        }
+        struct udpgw_addr_ipv6 addr_ipv6;
+        memcpy(&addr_ipv6, data, sizeof(addr_ipv6));
+        data += sizeof(addr_ipv6);
+        data_len -= sizeof(addr_ipv6);
+        BAddr_InitIPv6(&remote_addr, addr_ipv6.addr_ip, addr_ipv6.addr_port);
+    } else {
+        if (data_len < sizeof(struct udpgw_addr_ipv4)) {
+            BLog(BLOG_ERROR, "missing ipv4 address");
+            return;
+        }
+        struct udpgw_addr_ipv4 addr_ipv4;
+        memcpy(&addr_ipv4, data, sizeof(addr_ipv4));
+        data += sizeof(addr_ipv4);
+        data_len -= sizeof(addr_ipv4);
+        BAddr_InitIPv4(&remote_addr, addr_ipv4.addr_ip, addr_ipv4.addr_port);
+    }
+    
+    // check remaining data
+    if (data_len > o->udp_mtu) {
+        BLog(BLOG_ERROR, "too much data");
+        return;
+    }
+    
+    // find connection
+    struct UdpGwClient_connection *con = find_connection_by_conid(o, conid);
+    if (!con) {
+        BLog(BLOG_ERROR, "unknown conid");
+        return;
+    }
+    
+    // check remote address
+    if (BAddr_CompareOrder(&con->conaddr.remote_addr, &remote_addr) != 0) {
+        BLog(BLOG_ERROR, "wrong remote address");
+        return;
+    }
+    
+    // move connection to front of the list
+    LinkedList1_Remove(&o->connections_list, &con->connections_list_node);
+    LinkedList1_Append(&o->connections_list, &con->connections_list_node);
+    
+    // pass packet to user
+    o->handler_received(o->user, con->conaddr.local_addr, con->conaddr.remote_addr, data, data_len);
+    return;
+}
+
+static void send_monitor_handler (UdpGwClient *o)
+{
+    DebugObject_Access(&o->d_obj);
+    
+    if (o->keepalive_sending) {
+        return;
+    }
+    
+    BLog(BLOG_INFO, "keepalive");
+    
+    // send keepalive
+    PacketPassInterface_Sender_Send(o->keepalive_if, (uint8_t *)&o->keepalive_packet, sizeof(o->keepalive_packet));
+    
+    // set sending keep-alive
+    o->keepalive_sending = 1;
+}
+
+static void keepalive_if_handler_done (UdpGwClient *o)
+{
+    DebugObject_Access(&o->d_obj);
+    ASSERT(o->keepalive_sending)
+    
+    // set not sending keepalive
+    o->keepalive_sending = 0;
+}
+
+static struct UdpGwClient_connection * find_connection_by_conaddr (UdpGwClient *o, struct UdpGwClient_conaddr conaddr)
+{
+    BAVLNode *tree_node = BAVL_LookupExact(&o->connections_tree_by_conaddr, &conaddr);
+    if (!tree_node) {
+        return NULL;
+    }
+    
+    return UPPER_OBJECT(tree_node, struct UdpGwClient_connection, connections_tree_by_conaddr_node);
+}
+
+static struct UdpGwClient_connection * find_connection_by_conid (UdpGwClient *o, uint16_t conid)
+{
+    BAVLNode *tree_node = BAVL_LookupExact(&o->connections_tree_by_conid, &conid);
+    if (!tree_node) {
+        return NULL;
+    }
+    
+    return UPPER_OBJECT(tree_node, struct UdpGwClient_connection, connections_tree_by_conid_node);
+}
+
+static uint16_t find_unused_conid (UdpGwClient *o)
+{
+    ASSERT(o->num_connections < o->max_connections)
+    
+    while (1) {
+        if (!find_connection_by_conid(o, o->next_conid)) {
+            return o->next_conid;
+        }
+        
+        if (o->next_conid == o->max_connections - 1) {
+            o->next_conid = 0;
+        } else {
+            o->next_conid++;
+        }
+    }
+}
+
+static void connection_init (UdpGwClient *o, struct UdpGwClient_conaddr conaddr, uint8_t flags, const uint8_t *data, int data_len)
+{
+    ASSERT(o->num_connections < o->max_connections)
+    ASSERT(!find_connection_by_conaddr(o, conaddr))
+    ASSERT(data_len >= 0)
+    ASSERT(data_len <= o->udp_mtu)
+    
+    // allocate structure
+    struct UdpGwClient_connection *con = (struct UdpGwClient_connection *)malloc(sizeof(*con));
+    if (!con) {
+        BLog(BLOG_ERROR, "malloc failed");
+        goto fail0;
+    }
+    
+    // init arguments
+    con->client = o;
+    con->conaddr = conaddr;
+    con->first_flags = flags;
+    con->first_data = data;
+    con->first_data_len = data_len;
+    
+    // allocate conid
+    con->conid = find_unused_conid(o);
+    
+    // init first job
+    BPending_Init(&con->first_job, BReactor_PendingGroup(o->reactor), (BPending_handler)connection_first_job_handler, con);
+    BPending_Set(&con->first_job);
+    
+    // init queue flow
+    PacketPassFairQueueFlow_Init(&con->send_qflow, &o->send_queue);
+    
+    // init PacketProtoFlow
+    if (!PacketProtoFlow_Init(&con->send_ppflow, o->udpgw_mtu, o->send_buffer_size, PacketPassFairQueueFlow_GetInput(&con->send_qflow), BReactor_PendingGroup(o->reactor))) {
+        BLog(BLOG_ERROR, "PacketProtoFlow_Init failed");
+        goto fail1;
+    }
+    con->send_if = PacketProtoFlow_GetInput(&con->send_ppflow);
+    
+    // insert to connections tree by conaddr
+    ASSERT_EXECUTE(BAVL_Insert(&o->connections_tree_by_conaddr, &con->connections_tree_by_conaddr_node, NULL))
+    
+    // insert to connections tree by conid
+    ASSERT_EXECUTE(BAVL_Insert(&o->connections_tree_by_conid, &con->connections_tree_by_conid_node, NULL))
+    
+    // insert to connections list
+    LinkedList1_Append(&o->connections_list, &con->connections_list_node);
+    
+    // increment number of connections
+    o->num_connections++;
+    
+    return;
+    
+fail1:
+    PacketPassFairQueueFlow_Free(&con->send_qflow);
+    BPending_Free(&con->first_job);
+    free(con);
+fail0:
+    return;
+}
+
+static void connection_free (struct UdpGwClient_connection *con)
+{
+    UdpGwClient *o = con->client;
+    PacketPassFairQueueFlow_AssertFree(&con->send_qflow);
+    
+    // decrement number of connections
+    o->num_connections--;
+    
+    // remove from connections list
+    LinkedList1_Remove(&o->connections_list, &con->connections_list_node);
+    
+    // remove from connections tree by conid
+    BAVL_Remove(&o->connections_tree_by_conid, &con->connections_tree_by_conid_node);
+    
+    // remove from connections tree by conaddr
+    BAVL_Remove(&o->connections_tree_by_conaddr, &con->connections_tree_by_conaddr_node);
+    
+    // free PacketProtoFlow
+    PacketProtoFlow_Free(&con->send_ppflow);
+    
+    // free queue flow
+    PacketPassFairQueueFlow_Free(&con->send_qflow);
+    
+    // free first job
+    BPending_Free(&con->first_job);
+    
+    // free structure
+    free(con);
+}
+
+static void connection_first_job_handler (struct UdpGwClient_connection *con)
+{
+    connection_send(con, UDPGW_CLIENT_FLAG_REBIND|con->first_flags, con->first_data, con->first_data_len);
+}
+
+static void connection_send (struct UdpGwClient_connection *con, uint8_t flags, const uint8_t *data, int data_len)
+{
+    UdpGwClient *o = con->client;
+    B_USE(o)
+    ASSERT(data_len >= 0)
+    ASSERT(data_len <= o->udp_mtu)
+    
+    // get buffer location
+    uint8_t *out;
+    if (!BufferWriter_StartPacket(con->send_if, &out)) {
+        BLog(BLOG_ERROR, "out of buffer");
+        return;
+    }
+    int out_pos = 0;
+    
+    if (con->conaddr.remote_addr.type == BADDR_TYPE_IPV6) {
+        flags |= UDPGW_CLIENT_FLAG_IPV6;
+    }
+    
+    // write header
+    struct udpgw_header header;
+    header.flags = ltoh8(flags);
+    header.conid = ltoh16(con->conid);
+    memcpy(out + out_pos, &header, sizeof(header));
+    out_pos += sizeof(header);
+    
+    // write address
+    switch (con->conaddr.remote_addr.type) {
+        case BADDR_TYPE_IPV4: {
+            struct udpgw_addr_ipv4 addr_ipv4;
+            addr_ipv4.addr_ip = con->conaddr.remote_addr.ipv4.ip;
+            addr_ipv4.addr_port = con->conaddr.remote_addr.ipv4.port;
+            memcpy(out + out_pos, &addr_ipv4, sizeof(addr_ipv4));
+            out_pos += sizeof(addr_ipv4);
+        } break;
+        case BADDR_TYPE_IPV6: {
+            struct udpgw_addr_ipv6 addr_ipv6;
+            memcpy(addr_ipv6.addr_ip, con->conaddr.remote_addr.ipv6.ip, sizeof(addr_ipv6.addr_ip));
+            addr_ipv6.addr_port = con->conaddr.remote_addr.ipv6.port;
+            memcpy(out + out_pos, &addr_ipv6, sizeof(addr_ipv6));
+            out_pos += sizeof(addr_ipv6);
+        } break;
+    }
+    
+    // write packet to buffer
+    memcpy(out + out_pos, data, data_len);
+    out_pos += data_len;
+    
+    // submit packet to buffer
+    BufferWriter_EndPacket(con->send_if, out_pos);
+}
+
+static struct UdpGwClient_connection * reuse_connection (UdpGwClient *o, struct UdpGwClient_conaddr conaddr)
+{
+    ASSERT(!find_connection_by_conaddr(o, conaddr))
+    ASSERT(o->num_connections > 0)
+    
+    // get least recently used connection
+    struct UdpGwClient_connection *con = UPPER_OBJECT(LinkedList1_GetFirst(&o->connections_list), struct UdpGwClient_connection, connections_list_node);
+    
+    // remove from connections tree by conaddr
+    BAVL_Remove(&o->connections_tree_by_conaddr, &con->connections_tree_by_conaddr_node);
+    
+    // set new conaddr
+    con->conaddr = conaddr;
+    
+    // insert to connections tree by conaddr
+    ASSERT_EXECUTE(BAVL_Insert(&o->connections_tree_by_conaddr, &con->connections_tree_by_conaddr_node, NULL))
+    
+    return con;
+}
+
+int UdpGwClient_Init (UdpGwClient *o, int udp_mtu, int max_connections, int send_buffer_size, btime_t keepalive_time, BReactor *reactor, void *user,
+                      UdpGwClient_handler_servererror handler_servererror,
+                      UdpGwClient_handler_received handler_received)
+{
+    ASSERT(udp_mtu >= 0)
+    ASSERT(udpgw_compute_mtu(udp_mtu) >= 0)
+    ASSERT(udpgw_compute_mtu(udp_mtu) <= PACKETPROTO_MAXPAYLOAD)
+    ASSERT(max_connections > 0)
+    ASSERT(send_buffer_size > 0)
+    
+    // init arguments
+    o->udp_mtu = udp_mtu;
+    o->max_connections = max_connections;
+    o->send_buffer_size = send_buffer_size;
+    o->keepalive_time = keepalive_time;
+    o->reactor = reactor;
+    o->user = user;
+    o->handler_servererror = handler_servererror;
+    o->handler_received = handler_received;
+    
+    // limit max connections to number of conid's
+    if (o->max_connections > UINT16_MAX + 1) {
+        o->max_connections = UINT16_MAX + 1;
+    }
+    
+    // compute MTUs
+    o->udpgw_mtu = udpgw_compute_mtu(o->udp_mtu);
+    o->pp_mtu = o->udpgw_mtu + sizeof(struct packetproto_header);
+    
+    // init connections tree by conaddr
+    BAVL_Init(&o->connections_tree_by_conaddr, OFFSET_DIFF(struct UdpGwClient_connection, conaddr, connections_tree_by_conaddr_node), (BAVL_comparator)conaddr_comparator, NULL);
+    
+    // init connections tree by conid
+    BAVL_Init(&o->connections_tree_by_conid, OFFSET_DIFF(struct UdpGwClient_connection, conid, connections_tree_by_conid_node), (BAVL_comparator)uint16_comparator, NULL);
+    
+    // init connections list
+    LinkedList1_Init(&o->connections_list);
+    
+    // set zero connections
+    o->num_connections = 0;
+    
+    // set next conid
+    o->next_conid = 0;
+    
+    // init send connector
+    PacketPassConnector_Init(&o->send_connector, o->pp_mtu, BReactor_PendingGroup(o->reactor));
+    
+    // init send monitor
+    PacketPassInactivityMonitor_Init(&o->send_monitor, PacketPassConnector_GetInput(&o->send_connector), o->reactor, o->keepalive_time, (PacketPassInactivityMonitor_handler)send_monitor_handler, o);
+    
+    // init send queue
+    if (!PacketPassFairQueue_Init(&o->send_queue, PacketPassInactivityMonitor_GetInput(&o->send_monitor), BReactor_PendingGroup(o->reactor), 0, 1)) {
+        goto fail0;
+    }
+    
+    // construct keepalive packet
+    o->keepalive_packet.pp.len = sizeof(o->keepalive_packet.udpgw);
+    memset(&o->keepalive_packet.udpgw, 0, sizeof(o->keepalive_packet.udpgw));
+    o->keepalive_packet.udpgw.flags = UDPGW_CLIENT_FLAG_KEEPALIVE;
+    
+    // init keepalive queue flow
+    PacketPassFairQueueFlow_Init(&o->keepalive_qflow, &o->send_queue);
+    o->keepalive_if = PacketPassFairQueueFlow_GetInput(&o->keepalive_qflow);
+    
+    // init keepalive output
+    PacketPassInterface_Sender_Init(o->keepalive_if, (PacketPassInterface_handler_done)keepalive_if_handler_done, o);
+    
+    // set not sending keepalive
+    o->keepalive_sending = 0;
+    
+    // set have no server
+    o->have_server = 0;
+    
+    DebugObject_Init(&o->d_obj);
+    return 1;
+    
+fail0:
+    PacketPassInactivityMonitor_Free(&o->send_monitor);
+    PacketPassConnector_Free(&o->send_connector);
+    return 0;
+}
+
+void UdpGwClient_Free (UdpGwClient *o)
+{
+    DebugObject_Free(&o->d_obj);
+    
+    // allow freeing send queue flows
+    PacketPassFairQueue_PrepareFree(&o->send_queue);
+    
+    // free connections
+    while (!LinkedList1_IsEmpty(&o->connections_list)) {
+        struct UdpGwClient_connection *con = UPPER_OBJECT(LinkedList1_GetFirst(&o->connections_list), struct UdpGwClient_connection, connections_list_node);
+        connection_free(con);
+    }
+    
+    // free server
+    if (o->have_server) {
+        free_server(o);
+    }
+    
+    // free keepalive queue flow
+    PacketPassFairQueueFlow_Free(&o->keepalive_qflow);
+    
+    // free send queue
+    PacketPassFairQueue_Free(&o->send_queue);
+    
+    // free send
+    PacketPassInactivityMonitor_Free(&o->send_monitor);
+    
+    // free send connector
+    PacketPassConnector_Free(&o->send_connector);
+}
+
+void UdpGwClient_SubmitPacket (UdpGwClient *o, BAddr local_addr, BAddr remote_addr, int is_dns, const uint8_t *data, int data_len)
+{
+    DebugObject_Access(&o->d_obj);
+    ASSERT(local_addr.type == BADDR_TYPE_IPV4 || local_addr.type == BADDR_TYPE_IPV6)
+    ASSERT(remote_addr.type == BADDR_TYPE_IPV4 || remote_addr.type == BADDR_TYPE_IPV6)
+    ASSERT(data_len >= 0)
+    ASSERT(data_len <= o->udp_mtu)
+    
+    // build conaddr
+    struct UdpGwClient_conaddr conaddr;
+    conaddr.local_addr = local_addr;
+    conaddr.remote_addr = remote_addr;
+    
+    // lookup connection
+    struct UdpGwClient_connection *con = find_connection_by_conaddr(o, conaddr);
+    
+    uint8_t flags = 0;
+
+    if (is_dns) {
+        // route to remote DNS server instead of provided address
+        flags |= UDPGW_CLIENT_FLAG_DNS;
+    }
+    
+    // if no connection and can't create a new one, reuse the least recently used une
+    if (!con && o->num_connections == o->max_connections) {
+        con = reuse_connection(o, conaddr);
+        flags |= UDPGW_CLIENT_FLAG_REBIND;
+    }
+    
+    if (!con) {
+        // create new connection
+        connection_init(o, conaddr, flags, data, data_len);
+    } else {
+        // move connection to front of the list
+        LinkedList1_Remove(&o->connections_list, &con->connections_list_node);
+        LinkedList1_Append(&o->connections_list, &con->connections_list_node);
+        
+        // send packet to existing connection
+        connection_send(con, flags, data, data_len);
+    }
+}
+
+int UdpGwClient_ConnectServer (UdpGwClient *o, StreamPassInterface *send_if, StreamRecvInterface *recv_if)
+{
+    DebugObject_Access(&o->d_obj);
+    ASSERT(!o->have_server)
+    
+    // init receive interface
+    PacketPassInterface_Init(&o->recv_if, o->udpgw_mtu, (PacketPassInterface_handler_send)recv_interface_handler_send, o, BReactor_PendingGroup(o->reactor));
+    
+    // init receive decoder
+    if (!PacketProtoDecoder_Init(&o->recv_decoder, recv_if, &o->recv_if, BReactor_PendingGroup(o->reactor), o, (PacketProtoDecoder_handler_error)decoder_handler_error)) {
+        BLog(BLOG_ERROR, "PacketProtoDecoder_Init failed");
+        goto fail1;
+    }
+    
+    // init send sender
+    PacketStreamSender_Init(&o->send_sender, send_if, o->pp_mtu, BReactor_PendingGroup(o->reactor));
+    
+    // connect send connector
+    PacketPassConnector_ConnectOutput(&o->send_connector, PacketStreamSender_GetInput(&o->send_sender));
+    
+    // set have server
+    o->have_server = 1;
+    
+    return 1;
+    
+fail1:
+    PacketPassInterface_Free(&o->recv_if);
+    return 0;
+}
+
+void UdpGwClient_DisconnectServer (UdpGwClient *o)
+{
+    DebugObject_Access(&o->d_obj);
+    ASSERT(o->have_server)
+    
+    // free server
+    free_server(o);
+    
+    // set have no server
+    o->have_server = 0;
+}
diff --git a/client/3rd/PacketProcessor/PacketProcessor/tun2socks-iOS/udpgw_client/UdpGwClient.h b/client/3rd/PacketProcessor/PacketProcessor/tun2socks-iOS/udpgw_client/UdpGwClient.h
new file mode 100644
index 00000000..fae257ba
--- /dev/null
+++ b/client/3rd/PacketProcessor/PacketProcessor/tun2socks-iOS/udpgw_client/UdpGwClient.h
@@ -0,0 +1,118 @@
+/*
+ * Copyright (C) Ambroz Bizjak <ambrop7@gmail.com>
+ * Contributions:
+ * Transparent DNS: Copyright (C) Kerem Hadimli <kerem.hadimli@gmail.com>
+ * 
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions are met:
+ * 1. Redistributions of source code must retain the above copyright
+ *    notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in the
+ *    documentation and/or other materials provided with the distribution.
+ * 3. Neither the name of the author nor the
+ *    names of its contributors may be used to endorse or promote products
+ *    derived from this software without specific prior written permission.
+ * 
+ * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS" AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED
+ * WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE
+ * DISCLAIMED. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY
+ * DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES
+ * (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
+ * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND
+ * ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
+ * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS
+ * SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
+ */
+
+#ifndef BADVPN_UDPGW_CLIENT_UDPGWCLIENT_H
+#define BADVPN_UDPGW_CLIENT_UDPGWCLIENT_H
+
+#include <stdint.h>
+
+#include "protocol/udpgw_proto.h"
+#include "misc/debug.h"
+#include "misc/packed.h"
+#include "structure/BAVL.h"
+#include "structure/LinkedList1.h"
+#include "base/DebugObject.h"
+#include "system/BAddr.h"
+#include "base/BPending.h"
+#include "flow/PacketPassFairQueue.h"
+#include "flow/PacketStreamSender.h"
+#include "flow/PacketProtoFlow.h"
+#include "flow/PacketProtoDecoder.h"
+#include "flow/PacketPassConnector.h"
+#include "flowextra/PacketPassInactivityMonitor.h"
+
+typedef void (*UdpGwClient_handler_servererror) (void *user);
+typedef void (*UdpGwClient_handler_received) (void *user, BAddr local_addr, BAddr remote_addr, const uint8_t *data, int data_len);
+
+B_START_PACKED
+struct UdpGwClient__keepalive_packet {
+    struct packetproto_header pp;
+    struct udpgw_header udpgw;
+} B_PACKED;
+B_END_PACKED
+
+typedef struct {
+    int udp_mtu;
+    int max_connections;
+    int send_buffer_size;
+    btime_t keepalive_time;
+    BReactor *reactor;
+    void *user;
+    UdpGwClient_handler_servererror handler_servererror;
+    UdpGwClient_handler_received handler_received;
+    int udpgw_mtu;
+    int pp_mtu;
+    BAVL connections_tree_by_conaddr;
+    BAVL connections_tree_by_conid;
+    LinkedList1 connections_list;
+    int num_connections;
+    int next_conid;
+    PacketPassFairQueue send_queue;
+    PacketPassInactivityMonitor send_monitor;
+    PacketPassConnector send_connector;
+    struct UdpGwClient__keepalive_packet keepalive_packet;
+    PacketPassInterface *keepalive_if;
+    PacketPassFairQueueFlow keepalive_qflow;
+    int keepalive_sending;
+    int have_server;
+    PacketStreamSender send_sender;
+    PacketProtoDecoder recv_decoder;
+    PacketPassInterface recv_if;
+    DebugObject d_obj;
+} UdpGwClient;
+
+struct UdpGwClient_conaddr {
+    BAddr local_addr;
+    BAddr remote_addr;
+};
+
+struct UdpGwClient_connection {
+    UdpGwClient *client;
+    struct UdpGwClient_conaddr conaddr;
+    uint8_t first_flags;
+    const uint8_t *first_data;
+    int first_data_len;
+    uint16_t conid;
+    BPending first_job;
+    BufferWriter *send_if;
+    PacketProtoFlow send_ppflow;
+    PacketPassFairQueueFlow send_qflow;
+    BAVLNode connections_tree_by_conaddr_node;
+    BAVLNode connections_tree_by_conid_node;
+    LinkedList1Node connections_list_node;
+};
+
+int UdpGwClient_Init (UdpGwClient *o, int udp_mtu, int max_connections, int send_buffer_size, btime_t keepalive_time, BReactor *reactor, void *user,
+                      UdpGwClient_handler_servererror handler_servererror,
+                      UdpGwClient_handler_received handler_received) WARN_UNUSED;
+void UdpGwClient_Free (UdpGwClient *o);
+void UdpGwClient_SubmitPacket (UdpGwClient *o, BAddr local_addr, BAddr remote_addr, int is_dns, const uint8_t *data, int data_len);
+int UdpGwClient_ConnectServer (UdpGwClient *o, StreamPassInterface *send_if, StreamRecvInterface *recv_if) WARN_UNUSED;
+void UdpGwClient_DisconnectServer (UdpGwClient *o);
+
+#endif
diff --git a/client/3rd/QtSsh/src/ssh/sshconnection.cpp b/client/3rd/QtSsh/src/ssh/sshconnection.cpp
index 6b214121..e4403499 100644
--- a/client/3rd/QtSsh/src/ssh/sshconnection.cpp
+++ b/client/3rd/QtSsh/src/ssh/sshconnection.cpp
@@ -940,8 +940,8 @@ void SshConnectionPrivate::connectToHost()
             this, &SshConnectionPrivate::handleSocketConnected);
     connect(m_socket, &QIODevice::readyRead,
             this, &SshConnectionPrivate::handleIncomingData);
-    connect(m_socket, &QAbstractSocket::errorOccurred,
-            this, &SshConnectionPrivate::handleSocketError);
+    //connect(m_socket, &QAbstractSocket::errorOccurred,
+    //        this, &SshConnectionPrivate::handleSocketError);
     connect(m_socket, &QAbstractSocket::disconnected,
             this, &SshConnectionPrivate::handleSocketDisconnected);
     connect(&m_timeoutTimer, &QTimer::timeout, this, &SshConnectionPrivate::handleTimeout);
diff --git a/client/3rd/ShadowPath b/client/3rd/ShadowPath
new file mode 160000
index 00000000..51942d6b
--- /dev/null
+++ b/client/3rd/ShadowPath
@@ -0,0 +1 @@
+Subproject commit 51942d6b4cbacc056a33993a3aa4eb0db6afcd94
diff --git a/client/3rd/ShadowSocks/ShadowSocks.xcodeproj/project.pbxproj b/client/3rd/ShadowSocks/ShadowSocks.xcodeproj/project.pbxproj
new file mode 100644
index 00000000..1b1480e5
--- /dev/null
+++ b/client/3rd/ShadowSocks/ShadowSocks.xcodeproj/project.pbxproj
@@ -0,0 +1,1796 @@
+// !$*UTF8*$!
+{
+	archiveVersion = 1;
+	classes = {
+	};
+	objectVersion = 55;
+	objects = {
+
+/* Begin PBXBuildFile section */
+		190B1226276CF6B5002B86DD /* ShadowSocks.h in Headers */ = {isa = PBXBuildFile; fileRef = 190B1225276CF6B5002B86DD /* ShadowSocks.h */; settings = {ATTRIBUTES = (Public, ); }; };
+		190B1DAE276CFC69002B86DD /* event.h in Headers */ = {isa = PBXBuildFile; fileRef = 190B1AB6276CFC67002B86DD /* event.h */; };
+		190B1DAF276CFC69002B86DD /* ev++.h in Headers */ = {isa = PBXBuildFile; fileRef = 190B1AB7276CFC67002B86DD /* ev++.h */; };
+		190B1DB0276CFC69002B86DD /* ev.h in Headers */ = {isa = PBXBuildFile; fileRef = 190B1AB8276CFC67002B86DD /* ev.h */; };
+		190B1E07276CFC69002B86DD /* libmbedcrypto.a in Frameworks */ = {isa = PBXBuildFile; fileRef = 190B1B18276CFC67002B86DD /* libmbedcrypto.a */; platformFilter = ios; };
+		190B1E08276CFC69002B86DD /* libmbedx509.a in Frameworks */ = {isa = PBXBuildFile; fileRef = 190B1B19276CFC67002B86DD /* libmbedx509.a */; platformFilter = ios; };
+		190B1E09276CFC69002B86DD /* libmbedtls.a in Frameworks */ = {isa = PBXBuildFile; fileRef = 190B1B1A276CFC67002B86DD /* libmbedtls.a */; platformFilter = ios; };
+		190B1E0A276CFC69002B86DD /* ares_version.h in Headers */ = {isa = PBXBuildFile; fileRef = 190B1B1D276CFC67002B86DD /* ares_version.h */; };
+		190B1E0B276CFC69002B86DD /* ares_build.h in Headers */ = {isa = PBXBuildFile; fileRef = 190B1B1E276CFC67002B86DD /* ares_build.h */; };
+		190B1E0C276CFC69002B86DD /* ares.h in Headers */ = {isa = PBXBuildFile; fileRef = 190B1B1F276CFC67002B86DD /* ares.h */; };
+		190B1E0D276CFC69002B86DD /* ares_rules.h in Headers */ = {isa = PBXBuildFile; fileRef = 190B1B20276CFC67002B86DD /* ares_rules.h */; };
+		190B1E0E276CFC69002B86DD /* ares_dns.h in Headers */ = {isa = PBXBuildFile; fileRef = 190B1B21276CFC67002B86DD /* ares_dns.h */; };
+		190B2144276D0DB5002B86DD /* json.c in Sources */ = {isa = PBXBuildFile; fileRef = 190B1F45276D0DB3002B86DD /* json.c */; };
+		190B2145276D0DB5002B86DD /* utils.h in Headers */ = {isa = PBXBuildFile; fileRef = 190B1F46276D0DB3002B86DD /* utils.h */; };
+		190B2146276D0DB5002B86DD /* resolv.h in Headers */ = {isa = PBXBuildFile; fileRef = 190B1F47276D0DB3002B86DD /* resolv.h */; };
+		190B2147276D0DB5002B86DD /* winsock.h in Headers */ = {isa = PBXBuildFile; fileRef = 190B1F48276D0DB3002B86DD /* winsock.h */; };
+		190B2148276D0DB5002B86DD /* rule.c in Sources */ = {isa = PBXBuildFile; fileRef = 190B1F49276D0DB3002B86DD /* rule.c */; };
+		190B214A276D0DB5002B86DD /* acl.h in Headers */ = {isa = PBXBuildFile; fileRef = 190B1F4B276D0DB3002B86DD /* acl.h */; };
+		190B214B276D0DB5002B86DD /* plugin.h in Headers */ = {isa = PBXBuildFile; fileRef = 190B1F4C276D0DB3002B86DD /* plugin.h */; };
+		190B214C276D0DB5002B86DD /* aead.c in Sources */ = {isa = PBXBuildFile; fileRef = 190B1F4D276D0DB3002B86DD /* aead.c */; };
+		190B214D276D0DB5002B86DD /* ppbloom.c in Sources */ = {isa = PBXBuildFile; fileRef = 190B1F4E276D0DB3002B86DD /* ppbloom.c */; };
+		190B214E276D0DB5002B86DD /* base64.h in Headers */ = {isa = PBXBuildFile; fileRef = 190B1F4F276D0DB3002B86DD /* base64.h */; };
+		190B214F276D0DB5002B86DD /* netutils.h in Headers */ = {isa = PBXBuildFile; fileRef = 190B1F50276D0DB3002B86DD /* netutils.h */; };
+		190B2150276D0DB5002B86DD /* local.c in Sources */ = {isa = PBXBuildFile; fileRef = 190B1F51276D0DB3002B86DD /* local.c */; };
+		190B2151276D0DB5002B86DD /* manager.h in Headers */ = {isa = PBXBuildFile; fileRef = 190B1F52276D0DB3002B86DD /* manager.h */; };
+		190B2152276D0DB5002B86DD /* tunnel.h in Headers */ = {isa = PBXBuildFile; fileRef = 190B1F53276D0DB3002B86DD /* tunnel.h */; };
+		190B2153276D0DB5002B86DD /* cache.h in Headers */ = {isa = PBXBuildFile; fileRef = 190B1F54276D0DB3002B86DD /* cache.h */; };
+		190B2156276D0DB5002B86DD /* stream.h in Headers */ = {isa = PBXBuildFile; fileRef = 190B1F57276D0DB3002B86DD /* stream.h */; };
+		190B2157276D0DB5002B86DD /* uthash.h in Headers */ = {isa = PBXBuildFile; fileRef = 190B1F58276D0DB3002B86DD /* uthash.h */; };
+		190B2158276D0DB5002B86DD /* server.c in Sources */ = {isa = PBXBuildFile; fileRef = 190B1F59276D0DB3002B86DD /* server.c */; };
+		190B2159276D0DB5002B86DD /* jconf.h in Headers */ = {isa = PBXBuildFile; fileRef = 190B1F5A276D0DB3002B86DD /* jconf.h */; };
+		190B215A276D0DB5002B86DD /* crypto.h in Headers */ = {isa = PBXBuildFile; fileRef = 190B1F5B276D0DB3002B86DD /* crypto.h */; };
+		190B215B276D0DB5002B86DD /* udprelay.c in Sources */ = {isa = PBXBuildFile; fileRef = 190B1F5C276D0DB3002B86DD /* udprelay.c */; };
+		190B215C276D0DB5002B86DD /* winsock.c in Sources */ = {isa = PBXBuildFile; fileRef = 190B1F5D276D0DB3002B86DD /* winsock.c */; };
+		190B215E276D0DB5002B86DD /* resolv.c in Sources */ = {isa = PBXBuildFile; fileRef = 190B1F5F276D0DB3002B86DD /* resolv.c */; };
+		190B215F276D0DB5002B86DD /* utils.c in Sources */ = {isa = PBXBuildFile; fileRef = 190B1F60276D0DB3002B86DD /* utils.c */; };
+		190B2160276D0DB5002B86DD /* common.h in Headers */ = {isa = PBXBuildFile; fileRef = 190B1F61276D0DB3002B86DD /* common.h */; };
+		190B2161276D0DB5002B86DD /* json.h in Headers */ = {isa = PBXBuildFile; fileRef = 190B1F62276D0DB3002B86DD /* json.h */; };
+		190B2162276D0DB5002B86DD /* netutils.c in Sources */ = {isa = PBXBuildFile; fileRef = 190B1F63276D0DB3002B86DD /* netutils.c */; };
+		190B2163276D0DB5002B86DD /* base64.c in Sources */ = {isa = PBXBuildFile; fileRef = 190B1F64276D0DB3002B86DD /* base64.c */; };
+		190B2165276D0DB5002B86DD /* ppbloom.h in Headers */ = {isa = PBXBuildFile; fileRef = 190B1F66276D0DB3002B86DD /* ppbloom.h */; };
+		190B2166276D0DB5002B86DD /* aead.h in Headers */ = {isa = PBXBuildFile; fileRef = 190B1F67276D0DB3002B86DD /* aead.h */; };
+		190B2167276D0DB5002B86DD /* plugin.c in Sources */ = {isa = PBXBuildFile; fileRef = 190B1F68276D0DB3002B86DD /* plugin.c */; };
+		190B2168276D0DB5002B86DD /* acl.c in Sources */ = {isa = PBXBuildFile; fileRef = 190B1F69276D0DB3002B86DD /* acl.c */; };
+		190B2169276D0DB5002B86DD /* rule.h in Headers */ = {isa = PBXBuildFile; fileRef = 190B1F6A276D0DB3002B86DD /* rule.h */; };
+		190B216A276D0DB5002B86DD /* cache.c in Sources */ = {isa = PBXBuildFile; fileRef = 190B1F6B276D0DB3002B86DD /* cache.c */; };
+		190B216B276D0DB5002B86DD /* manager.c in Sources */ = {isa = PBXBuildFile; fileRef = 190B1F6C276D0DB3002B86DD /* manager.c */; };
+		190B216C276D0DB5002B86DD /* tunnel.c in Sources */ = {isa = PBXBuildFile; fileRef = 190B1F6D276D0DB3002B86DD /* tunnel.c */; };
+		190B216D276D0DB5002B86DD /* shadowsocks.h in Headers */ = {isa = PBXBuildFile; fileRef = 190B1F6E276D0DB3002B86DD /* shadowsocks.h */; settings = {ATTRIBUTES = (Public, ); }; };
+		190B216E276D0DB5002B86DD /* local.h in Headers */ = {isa = PBXBuildFile; fileRef = 190B1F6F276D0DB3002B86DD /* local.h */; };
+		190B216F276D0DB5002B86DD /* crypto.c in Sources */ = {isa = PBXBuildFile; fileRef = 190B1F71276D0DB3002B86DD /* crypto.c */; };
+		190B2170276D0DB5002B86DD /* jconf.c in Sources */ = {isa = PBXBuildFile; fileRef = 190B1F72276D0DB3002B86DD /* jconf.c */; };
+		190B2171276D0DB5002B86DD /* server.h in Headers */ = {isa = PBXBuildFile; fileRef = 190B1F73276D0DB3002B86DD /* server.h */; };
+		190B2172276D0DB5002B86DD /* udprelay.h in Headers */ = {isa = PBXBuildFile; fileRef = 190B1F74276D0DB4002B86DD /* udprelay.h */; };
+		190B2174276D0DB5002B86DD /* socks5.h in Headers */ = {isa = PBXBuildFile; fileRef = 190B1F76276D0DB4002B86DD /* socks5.h */; };
+		190B2175276D0DB5002B86DD /* stream.c in Sources */ = {isa = PBXBuildFile; fileRef = 190B1F77276D0DB4002B86DD /* stream.c */; };
+		190B2268276D0DB6002B86DD /* bloom.c in Sources */ = {isa = PBXBuildFile; fileRef = 190B2095276D0DB4002B86DD /* bloom.c */; };
+		190B226C276D0DB6002B86DD /* bloom.h in Headers */ = {isa = PBXBuildFile; fileRef = 190B2099276D0DB4002B86DD /* bloom.h */; };
+		190B226E276D0DB6002B86DD /* murmurhash2.h in Headers */ = {isa = PBXBuildFile; fileRef = 190B209D276D0DB5002B86DD /* murmurhash2.h */; };
+		190B2270276D0DB6002B86DD /* MurmurHash2.c in Sources */ = {isa = PBXBuildFile; fileRef = 190B209F276D0DB5002B86DD /* MurmurHash2.c */; };
+		190B2294276D1697002B86DD /* storage.c in Sources */ = {isa = PBXBuildFile; fileRef = 190B2273276D1697002B86DD /* storage.c */; };
+		190B2295276D1697002B86DD /* inspection.c in Sources */ = {isa = PBXBuildFile; fileRef = 190B2274276D1697002B86DD /* inspection.c */; };
+		190B2297276D1697002B86DD /* ipv4_map.c in Sources */ = {isa = PBXBuildFile; fileRef = 190B2276276D1697002B86DD /* ipv4_map.c */; };
+		190B2298276D1697002B86DD /* ipv6_map.c in Sources */ = {isa = PBXBuildFile; fileRef = 190B2277276D1697002B86DD /* ipv6_map.c */; };
+		190B2299276D1697002B86DD /* allocation.c in Sources */ = {isa = PBXBuildFile; fileRef = 190B2278276D1697002B86DD /* allocation.c */; };
+		190B229A276D1697002B86DD /* expanded.c in Sources */ = {isa = PBXBuildFile; fileRef = 190B227B276D1697002B86DD /* expanded.c */; };
+		190B229B276D1697002B86DD /* basics.c in Sources */ = {isa = PBXBuildFile; fileRef = 190B227C276D1697002B86DD /* basics.c */; };
+		190B229C276D1697002B86DD /* assignments.c in Sources */ = {isa = PBXBuildFile; fileRef = 190B227D276D1697002B86DD /* assignments.c */; };
+		190B229D276D1697002B86DD /* bdd-iterator.c in Sources */ = {isa = PBXBuildFile; fileRef = 190B227E276D1697002B86DD /* bdd-iterator.c */; };
+		190B229E276D1697002B86DD /* read.c in Sources */ = {isa = PBXBuildFile; fileRef = 190B227F276D1697002B86DD /* read.c */; };
+		190B229F276D1697002B86DD /* reachable.c in Sources */ = {isa = PBXBuildFile; fileRef = 190B2280276D1697002B86DD /* reachable.c */; };
+		190B22A0276D1697002B86DD /* write.c in Sources */ = {isa = PBXBuildFile; fileRef = 190B2282276D1697002B86DD /* write.c */; };
+		190B22A1276D1697002B86DD /* ipv4_set.c in Sources */ = {isa = PBXBuildFile; fileRef = 190B2284276D1697002B86DD /* ipv4_set.c */; };
+		190B22A2276D1697002B86DD /* ipv6_set.c in Sources */ = {isa = PBXBuildFile; fileRef = 190B2285276D1697002B86DD /* ipv6_set.c */; };
+		190B22A3276D1697002B86DD /* storage.c in Sources */ = {isa = PBXBuildFile; fileRef = 190B2286276D1697002B86DD /* storage.c */; };
+		190B22A4276D1697002B86DD /* inspection.c in Sources */ = {isa = PBXBuildFile; fileRef = 190B2287276D1697002B86DD /* inspection.c */; };
+		190B22A5276D1697002B86DD /* iterator.c in Sources */ = {isa = PBXBuildFile; fileRef = 190B2288276D1697002B86DD /* iterator.c */; };
+		190B22A7276D1697002B86DD /* allocation.c in Sources */ = {isa = PBXBuildFile; fileRef = 190B228A276D1697002B86DD /* allocation.c */; };
+		190B22A8276D1697002B86DD /* general.c in Sources */ = {isa = PBXBuildFile; fileRef = 190B228C276D1697002B86DD /* general.c */; };
+		190B22A9276D1697002B86DD /* ipsetcat.c in Sources */ = {isa = PBXBuildFile; fileRef = 190B228F276D1697002B86DD /* ipsetcat.c */; };
+		190B22AA276D1697002B86DD /* ipsetbuild.c in Sources */ = {isa = PBXBuildFile; fileRef = 190B2291276D1697002B86DD /* ipsetbuild.c */; };
+		190B22AB276D1697002B86DD /* ipsetdot.c in Sources */ = {isa = PBXBuildFile; fileRef = 190B2293276D1697002B86DD /* ipsetdot.c */; };
+		190B22DA276D16C2002B86DD /* mingw.c in Sources */ = {isa = PBXBuildFile; fileRef = 190B22AE276D16C2002B86DD /* mingw.c */; };
+		190B22DB276D16C2002B86DD /* process.c in Sources */ = {isa = PBXBuildFile; fileRef = 190B22AF276D16C2002B86DD /* process.c */; };
+		190B22DC276D16C2002B86DD /* exec.c in Sources */ = {isa = PBXBuildFile; fileRef = 190B22B0276D16C2002B86DD /* exec.c */; };
+		190B22DD276D16C2002B86DD /* files.c in Sources */ = {isa = PBXBuildFile; fileRef = 190B22B1276D16C2002B86DD /* files.c */; };
+		190B22DE276D16C2002B86DD /* subprocess.c in Sources */ = {isa = PBXBuildFile; fileRef = 190B22B2276D16C2002B86DD /* subprocess.c */; };
+		190B22DF276D16C2002B86DD /* env.c in Sources */ = {isa = PBXBuildFile; fileRef = 190B22B3276D16C2002B86DD /* env.c */; };
+		190B22E0276D16C2002B86DD /* directory-walker.c in Sources */ = {isa = PBXBuildFile; fileRef = 190B22B4276D16C2002B86DD /* directory-walker.c */; };
+		190B22E1276D16C2002B86DD /* allocator.c in Sources */ = {isa = PBXBuildFile; fileRef = 190B22B7276D16C2002B86DD /* allocator.c */; };
+		190B22E2276D16C2002B86DD /* ip-address.c in Sources */ = {isa = PBXBuildFile; fileRef = 190B22B8276D16C2002B86DD /* ip-address.c */; };
+		190B22E3276D16C2002B86DD /* mempool.c in Sources */ = {isa = PBXBuildFile; fileRef = 190B22B9276D16C2002B86DD /* mempool.c */; };
+		190B22E4276D16C2002B86DD /* timestamp.c in Sources */ = {isa = PBXBuildFile; fileRef = 190B22BA276D16C2002B86DD /* timestamp.c */; };
+		190B22E5276D16C2002B86DD /* hash.c in Sources */ = {isa = PBXBuildFile; fileRef = 190B22BB276D16C2002B86DD /* hash.c */; };
+		190B22E6276D16C2002B86DD /* error.c in Sources */ = {isa = PBXBuildFile; fileRef = 190B22BC276D16C2002B86DD /* error.c */; };
+		190B22E7276D16C2002B86DD /* version.c in Sources */ = {isa = PBXBuildFile; fileRef = 190B22BD276D16C2002B86DD /* version.c */; };
+		190B22E8276D16C2002B86DD /* u128.c in Sources */ = {isa = PBXBuildFile; fileRef = 190B22BE276D16C2002B86DD /* u128.c */; };
+		190B22E9276D16C2002B86DD /* gc.c in Sources */ = {isa = PBXBuildFile; fileRef = 190B22C0276D16C2002B86DD /* gc.c */; };
+		190B22EA276D16C2002B86DD /* buffer.c in Sources */ = {isa = PBXBuildFile; fileRef = 190B22C2276D16C2002B86DD /* buffer.c */; };
+		190B22EB276D16C2002B86DD /* managed-buffer.c in Sources */ = {isa = PBXBuildFile; fileRef = 190B22C3276D16C2002B86DD /* managed-buffer.c */; };
+		190B22EC276D16C2002B86DD /* array.c in Sources */ = {isa = PBXBuildFile; fileRef = 190B22C4276D16C2002B86DD /* array.c */; };
+		190B22ED276D16C2002B86DD /* dllist.c in Sources */ = {isa = PBXBuildFile; fileRef = 190B22C5276D16C2002B86DD /* dllist.c */; };
+		190B22EE276D16C2002B86DD /* file-stream.c in Sources */ = {isa = PBXBuildFile; fileRef = 190B22C6276D16C2002B86DD /* file-stream.c */; };
+		190B22EF276D16C2002B86DD /* ring-buffer.c in Sources */ = {isa = PBXBuildFile; fileRef = 190B22C7276D16C2002B86DD /* ring-buffer.c */; };
+		190B22F0276D16C2002B86DD /* hash-table.c in Sources */ = {isa = PBXBuildFile; fileRef = 190B22C8276D16C2002B86DD /* hash-table.c */; };
+		190B22F1276D16C2002B86DD /* bitset.c in Sources */ = {isa = PBXBuildFile; fileRef = 190B22C9276D16C2002B86DD /* bitset.c */; };
+		190B22F2276D16C2002B86DD /* slice.c in Sources */ = {isa = PBXBuildFile; fileRef = 190B22CA276D16C2002B86DD /* slice.c */; };
+		190B22F3276D16C2002B86DD /* commands.c in Sources */ = {isa = PBXBuildFile; fileRef = 190B22CE276D16C2002B86DD /* commands.c */; };
+		190B22F4276D16C2002B86DD /* thread.c in Sources */ = {isa = PBXBuildFile; fileRef = 190B22D0276D16C2002B86DD /* thread.c */; };
+		190B22F5276D16C2002B86DD /* cork-test.c in Sources */ = {isa = PBXBuildFile; fileRef = 190B22D3276D16C2002B86DD /* cork-test.c */; };
+		190B22F6276D16C2002B86DD /* init1.c in Sources */ = {isa = PBXBuildFile; fileRef = 190B22D5276D16C2002B86DD /* init1.c */; };
+		190B22F7276D16C2002B86DD /* init2.c in Sources */ = {isa = PBXBuildFile; fileRef = 190B22D6276D16C2002B86DD /* init2.c */; };
+		190B22F8276D16C2002B86DD /* main.c in Sources */ = {isa = PBXBuildFile; fileRef = 190B22D7276D16C2002B86DD /* main.c */; };
+		190B22F9276D16C2002B86DD /* cork-hash.c in Sources */ = {isa = PBXBuildFile; fileRef = 190B22D9276D16C2002B86DD /* cork-hash.c */; };
+		190B23C4276D18CF002B86DD /* pem.h in Headers */ = {isa = PBXBuildFile; fileRef = 190B233D276D18CE002B86DD /* pem.h */; };
+		190B23C5276D18CF002B86DD /* check_config.h in Headers */ = {isa = PBXBuildFile; fileRef = 190B233E276D18CE002B86DD /* check_config.h */; };
+		190B23C6276D18CF002B86DD /* error.h in Headers */ = {isa = PBXBuildFile; fileRef = 190B233F276D18CE002B86DD /* error.h */; };
+		190B23C7276D18CF002B86DD /* md2.h in Headers */ = {isa = PBXBuildFile; fileRef = 190B2340276D18CE002B86DD /* md2.h */; };
+		190B23C8276D18CF002B86DD /* oid.h in Headers */ = {isa = PBXBuildFile; fileRef = 190B2341276D18CE002B86DD /* oid.h */; };
+		190B23C9276D18CF002B86DD /* pkcs5.h in Headers */ = {isa = PBXBuildFile; fileRef = 190B2342276D18CE002B86DD /* pkcs5.h */; };
+		190B23CA276D18CF002B86DD /* ripemd160.h in Headers */ = {isa = PBXBuildFile; fileRef = 190B2343276D18CE002B86DD /* ripemd160.h */; };
+		190B23CB276D18CF002B86DD /* blowfish.h in Headers */ = {isa = PBXBuildFile; fileRef = 190B2344276D18CE002B86DD /* blowfish.h */; };
+		190B23CC276D18CF002B86DD /* debug.h in Headers */ = {isa = PBXBuildFile; fileRef = 190B2345276D18CE002B86DD /* debug.h */; };
+		190B23CD276D18CF002B86DD /* x509.h in Headers */ = {isa = PBXBuildFile; fileRef = 190B2346276D18CE002B86DD /* x509.h */; };
+		190B23CE276D18CF002B86DD /* version.h in Headers */ = {isa = PBXBuildFile; fileRef = 190B2347276D18CE002B86DD /* version.h */; };
+		190B23D0276D18CF002B86DD /* ecp.h in Headers */ = {isa = PBXBuildFile; fileRef = 190B2349276D18CE002B86DD /* ecp.h */; };
+		190B23D1276D18CF002B86DD /* net.h in Headers */ = {isa = PBXBuildFile; fileRef = 190B234A276D18CE002B86DD /* net.h */; };
+		190B23D2276D18CF002B86DD /* cipher_internal.h in Headers */ = {isa = PBXBuildFile; fileRef = 190B234B276D18CE002B86DD /* cipher_internal.h */; };
+		190B23D4276D18CF002B86DD /* md_internal.h in Headers */ = {isa = PBXBuildFile; fileRef = 190B234D276D18CE002B86DD /* md_internal.h */; };
+		190B23D5276D18CF002B86DD /* base64.h in Headers */ = {isa = PBXBuildFile; fileRef = 190B234E276D18CE002B86DD /* base64.h */; };
+		190B23D6276D18CF002B86DD /* pkcs11.h in Headers */ = {isa = PBXBuildFile; fileRef = 190B234F276D18CE002B86DD /* pkcs11.h */; };
+		190B23D7276D18CF002B86DD /* ssl_internal.h in Headers */ = {isa = PBXBuildFile; fileRef = 190B2350276D18CE002B86DD /* ssl_internal.h */; };
+		190B23D8276D18CF002B86DD /* asn1.h in Headers */ = {isa = PBXBuildFile; fileRef = 190B2351276D18CE002B86DD /* asn1.h */; };
+		190B23D9276D18CF002B86DD /* config.h in Headers */ = {isa = PBXBuildFile; fileRef = 190B2352276D18CE002B86DD /* config.h */; };
+		190B23DA276D18CF002B86DD /* memory_buffer_alloc.h in Headers */ = {isa = PBXBuildFile; fileRef = 190B2353276D18CE002B86DD /* memory_buffer_alloc.h */; };
+		190B23DB276D18CF002B86DD /* x509_csr.h in Headers */ = {isa = PBXBuildFile; fileRef = 190B2354276D18CE002B86DD /* x509_csr.h */; };
+		190B23DC276D18CF002B86DD /* xtea.h in Headers */ = {isa = PBXBuildFile; fileRef = 190B2355276D18CE002B86DD /* xtea.h */; };
+		190B23DD276D18CF002B86DD /* threading.h in Headers */ = {isa = PBXBuildFile; fileRef = 190B2356276D18CE002B86DD /* threading.h */; };
+		190B23DE276D18CF002B86DD /* compat-1.3.h in Headers */ = {isa = PBXBuildFile; fileRef = 190B2357276D18CE002B86DD /* compat-1.3.h */; };
+		190B23DF276D18CF002B86DD /* md5.h in Headers */ = {isa = PBXBuildFile; fileRef = 190B2358276D18CE002B86DD /* md5.h */; };
+		190B23E0276D18CF002B86DD /* timing.h in Headers */ = {isa = PBXBuildFile; fileRef = 190B2359276D18CE002B86DD /* timing.h */; };
+		190B23E1276D18CF002B86DD /* arc4.h in Headers */ = {isa = PBXBuildFile; fileRef = 190B235A276D18CE002B86DD /* arc4.h */; };
+		190B23E2276D18CF002B86DD /* sha256.h in Headers */ = {isa = PBXBuildFile; fileRef = 190B235B276D18CE002B86DD /* sha256.h */; };
+		190B23E3276D18CF002B86DD /* pem.h in Headers */ = {isa = PBXBuildFile; fileRef = 190B235D276D18CE002B86DD /* pem.h */; };
+		190B23E5276D18CF002B86DD /* error.h in Headers */ = {isa = PBXBuildFile; fileRef = 190B235F276D18CE002B86DD /* error.h */; };
+		190B23E6276D18CF002B86DD /* md2.h in Headers */ = {isa = PBXBuildFile; fileRef = 190B2360276D18CE002B86DD /* md2.h */; };
+		190B23E7276D18CF002B86DD /* oid.h in Headers */ = {isa = PBXBuildFile; fileRef = 190B2361276D18CE002B86DD /* oid.h */; };
+		190B23E8276D18CF002B86DD /* pkcs5.h in Headers */ = {isa = PBXBuildFile; fileRef = 190B2362276D18CE002B86DD /* pkcs5.h */; };
+		190B23E9276D18CF002B86DD /* ripemd160.h in Headers */ = {isa = PBXBuildFile; fileRef = 190B2363276D18CE002B86DD /* ripemd160.h */; };
+		190B23EA276D18CF002B86DD /* blowfish.h in Headers */ = {isa = PBXBuildFile; fileRef = 190B2364276D18CE002B86DD /* blowfish.h */; };
+		190B23EB276D18CF002B86DD /* debug.h in Headers */ = {isa = PBXBuildFile; fileRef = 190B2365276D18CE002B86DD /* debug.h */; };
+		190B23EC276D18CF002B86DD /* x509.h in Headers */ = {isa = PBXBuildFile; fileRef = 190B2366276D18CE002B86DD /* x509.h */; };
+		190B23ED276D18CF002B86DD /* version.h in Headers */ = {isa = PBXBuildFile; fileRef = 190B2367276D18CE002B86DD /* version.h */; };
+		190B23EE276D18CF002B86DD /* ecp.h in Headers */ = {isa = PBXBuildFile; fileRef = 190B2368276D18CE002B86DD /* ecp.h */; };
+		190B23EF276D18CF002B86DD /* net.h in Headers */ = {isa = PBXBuildFile; fileRef = 190B2369276D18CE002B86DD /* net.h */; };
+		190B23F0276D18CF002B86DD /* cipher_internal.h in Headers */ = {isa = PBXBuildFile; fileRef = 190B236A276D18CE002B86DD /* cipher_internal.h */; };
+		190B23F2276D18CF002B86DD /* md_internal.h in Headers */ = {isa = PBXBuildFile; fileRef = 190B236C276D18CF002B86DD /* md_internal.h */; };
+		190B23F3276D18CF002B86DD /* base64.h in Headers */ = {isa = PBXBuildFile; fileRef = 190B236D276D18CF002B86DD /* base64.h */; };
+		190B23F4276D18CF002B86DD /* pkcs11.h in Headers */ = {isa = PBXBuildFile; fileRef = 190B236E276D18CF002B86DD /* pkcs11.h */; };
+		190B23F5276D18CF002B86DD /* ssl_internal.h in Headers */ = {isa = PBXBuildFile; fileRef = 190B236F276D18CF002B86DD /* ssl_internal.h */; };
+		190B23F6276D18CF002B86DD /* asn1.h in Headers */ = {isa = PBXBuildFile; fileRef = 190B2370276D18CF002B86DD /* asn1.h */; };
+		190B23F8276D18CF002B86DD /* memory_buffer_alloc.h in Headers */ = {isa = PBXBuildFile; fileRef = 190B2372276D18CF002B86DD /* memory_buffer_alloc.h */; };
+		190B23F9276D18CF002B86DD /* x509_csr.h in Headers */ = {isa = PBXBuildFile; fileRef = 190B2373276D18CF002B86DD /* x509_csr.h */; };
+		190B23FA276D18CF002B86DD /* xtea.h in Headers */ = {isa = PBXBuildFile; fileRef = 190B2374276D18CF002B86DD /* xtea.h */; };
+		190B23FB276D18CF002B86DD /* threading.h in Headers */ = {isa = PBXBuildFile; fileRef = 190B2375276D18CF002B86DD /* threading.h */; };
+		190B23FC276D18CF002B86DD /* compat-1.3.h in Headers */ = {isa = PBXBuildFile; fileRef = 190B2376276D18CF002B86DD /* compat-1.3.h */; };
+		190B23FD276D18CF002B86DD /* md5.h in Headers */ = {isa = PBXBuildFile; fileRef = 190B2377276D18CF002B86DD /* md5.h */; };
+		190B23FE276D18CF002B86DD /* timing.h in Headers */ = {isa = PBXBuildFile; fileRef = 190B2378276D18CF002B86DD /* timing.h */; };
+		190B23FF276D18CF002B86DD /* arc4.h in Headers */ = {isa = PBXBuildFile; fileRef = 190B2379276D18CF002B86DD /* arc4.h */; };
+		190B2400276D18CF002B86DD /* sha256.h in Headers */ = {isa = PBXBuildFile; fileRef = 190B237A276D18CF002B86DD /* sha256.h */; };
+		190B2401276D18CF002B86DD /* ecdsa.h in Headers */ = {isa = PBXBuildFile; fileRef = 190B237B276D18CF002B86DD /* ecdsa.h */; };
+		190B2402276D18CF002B86DD /* md.h in Headers */ = {isa = PBXBuildFile; fileRef = 190B237C276D18CF002B86DD /* md.h */; };
+		190B2403276D18CF002B86DD /* cipher.h in Headers */ = {isa = PBXBuildFile; fileRef = 190B237D276D18CF002B86DD /* cipher.h */; };
+		190B2404276D18CF002B86DD /* entropy.h in Headers */ = {isa = PBXBuildFile; fileRef = 190B237E276D18CF002B86DD /* entropy.h */; };
+		190B2405276D18CF002B86DD /* pkcs12.h in Headers */ = {isa = PBXBuildFile; fileRef = 190B237F276D18CF002B86DD /* pkcs12.h */; };
+		190B2406276D18CF002B86DD /* padlock.h in Headers */ = {isa = PBXBuildFile; fileRef = 190B2380276D18CF002B86DD /* padlock.h */; };
+		190B2407276D18CF002B86DD /* sha512.h in Headers */ = {isa = PBXBuildFile; fileRef = 190B2381276D18CF002B86DD /* sha512.h */; };
+		190B2408276D18CF002B86DD /* bn_mul.h in Headers */ = {isa = PBXBuildFile; fileRef = 190B2382276D18CF002B86DD /* bn_mul.h */; };
+		190B2409276D18CF002B86DD /* pk.h in Headers */ = {isa = PBXBuildFile; fileRef = 190B2383276D18CF002B86DD /* pk.h */; };
+		190B240A276D18CF002B86DD /* ssl.h in Headers */ = {isa = PBXBuildFile; fileRef = 190B2384276D18CF002B86DD /* ssl.h */; };
+		190B240B276D18CF002B86DD /* camellia.h in Headers */ = {isa = PBXBuildFile; fileRef = 190B2385276D18CF002B86DD /* camellia.h */; };
+		190B240C276D18CF002B86DD /* md4.h in Headers */ = {isa = PBXBuildFile; fileRef = 190B2386276D18CF002B86DD /* md4.h */; };
+		190B240D276D18CF002B86DD /* x509_crt.h in Headers */ = {isa = PBXBuildFile; fileRef = 190B2387276D18CF002B86DD /* x509_crt.h */; };
+		190B240E276D18CF002B86DD /* aes.h in Headers */ = {isa = PBXBuildFile; fileRef = 190B2388276D18CF002B86DD /* aes.h */; };
+		190B240F276D18CF002B86DD /* pk_internal.h in Headers */ = {isa = PBXBuildFile; fileRef = 190B2389276D18CF002B86DD /* pk_internal.h */; };
+		190B2410276D18CF002B86DD /* ssl_cookie.h in Headers */ = {isa = PBXBuildFile; fileRef = 190B238A276D18CF002B86DD /* ssl_cookie.h */; };
+		190B2411276D18CF002B86DD /* dhm.h in Headers */ = {isa = PBXBuildFile; fileRef = 190B238B276D18CF002B86DD /* dhm.h */; };
+		190B2412276D18CF002B86DD /* aesni.h in Headers */ = {isa = PBXBuildFile; fileRef = 190B238C276D18CF002B86DD /* aesni.h */; };
+		190B2413276D18CF002B86DD /* ctr_drbg.h in Headers */ = {isa = PBXBuildFile; fileRef = 190B238D276D18CF002B86DD /* ctr_drbg.h */; };
+		190B2414276D18CF002B86DD /* des.h in Headers */ = {isa = PBXBuildFile; fileRef = 190B238E276D18CF002B86DD /* des.h */; };
+		190B2415276D18CF002B86DD /* x509_crl.h in Headers */ = {isa = PBXBuildFile; fileRef = 190B238F276D18CF002B86DD /* x509_crl.h */; };
+		190B2416276D18CF002B86DD /* ecdh.h in Headers */ = {isa = PBXBuildFile; fileRef = 190B2390276D18CF002B86DD /* ecdh.h */; };
+		190B2417276D18CF002B86DD /* sha1.h in Headers */ = {isa = PBXBuildFile; fileRef = 190B2391276D18CF002B86DD /* sha1.h */; };
+		190B2418276D18CF002B86DD /* gcm.h in Headers */ = {isa = PBXBuildFile; fileRef = 190B2392276D18CF002B86DD /* gcm.h */; };
+		190B2419276D18CF002B86DD /* certs.h in Headers */ = {isa = PBXBuildFile; fileRef = 190B2393276D18CF002B86DD /* certs.h */; };
+		190B241A276D18CF002B86DD /* rsa.h in Headers */ = {isa = PBXBuildFile; fileRef = 190B2394276D18CF002B86DD /* rsa.h */; };
+		190B241B276D18CF002B86DD /* hmac_drbg.h in Headers */ = {isa = PBXBuildFile; fileRef = 190B2395276D18CF002B86DD /* hmac_drbg.h */; };
+		190B241C276D18CF002B86DD /* ssl_ticket.h in Headers */ = {isa = PBXBuildFile; fileRef = 190B2396276D18CF002B86DD /* ssl_ticket.h */; };
+		190B241D276D18CF002B86DD /* ssl_ciphersuites.h in Headers */ = {isa = PBXBuildFile; fileRef = 190B2397276D18CF002B86DD /* ssl_ciphersuites.h */; };
+		190B241E276D18CF002B86DD /* ssl_cache.h in Headers */ = {isa = PBXBuildFile; fileRef = 190B2398276D18CF002B86DD /* ssl_cache.h */; };
+		190B241F276D18CF002B86DD /* platform.h in Headers */ = {isa = PBXBuildFile; fileRef = 190B2399276D18CF002B86DD /* platform.h */; };
+		190B2420276D18CF002B86DD /* bignum.h in Headers */ = {isa = PBXBuildFile; fileRef = 190B239A276D18CF002B86DD /* bignum.h */; };
+		190B2421276D18CF002B86DD /* entropy_poll.h in Headers */ = {isa = PBXBuildFile; fileRef = 190B239B276D18CF002B86DD /* entropy_poll.h */; };
+		190B2422276D18CF002B86DD /* havege.h in Headers */ = {isa = PBXBuildFile; fileRef = 190B239C276D18CF002B86DD /* havege.h */; };
+		190B2423276D18CF002B86DD /* asn1write.h in Headers */ = {isa = PBXBuildFile; fileRef = 190B239D276D18CF002B86DD /* asn1write.h */; };
+		190B2424276D18CF002B86DD /* ccm.h in Headers */ = {isa = PBXBuildFile; fileRef = 190B239E276D18CF002B86DD /* ccm.h */; };
+		190B2425276D18CF002B86DD /* ecdsa.h in Headers */ = {isa = PBXBuildFile; fileRef = 190B239F276D18CF002B86DD /* ecdsa.h */; };
+		190B2426276D18CF002B86DD /* md.h in Headers */ = {isa = PBXBuildFile; fileRef = 190B23A0276D18CF002B86DD /* md.h */; };
+		190B2427276D18CF002B86DD /* cipher.h in Headers */ = {isa = PBXBuildFile; fileRef = 190B23A1276D18CF002B86DD /* cipher.h */; };
+		190B2428276D18CF002B86DD /* entropy.h in Headers */ = {isa = PBXBuildFile; fileRef = 190B23A2276D18CF002B86DD /* entropy.h */; };
+		190B2429276D18CF002B86DD /* pkcs12.h in Headers */ = {isa = PBXBuildFile; fileRef = 190B23A3276D18CF002B86DD /* pkcs12.h */; };
+		190B242A276D18CF002B86DD /* padlock.h in Headers */ = {isa = PBXBuildFile; fileRef = 190B23A4276D18CF002B86DD /* padlock.h */; };
+		190B242B276D18CF002B86DD /* sha512.h in Headers */ = {isa = PBXBuildFile; fileRef = 190B23A5276D18CF002B86DD /* sha512.h */; };
+		190B242C276D18CF002B86DD /* bn_mul.h in Headers */ = {isa = PBXBuildFile; fileRef = 190B23A6276D18CF002B86DD /* bn_mul.h */; };
+		190B242D276D18CF002B86DD /* pk.h in Headers */ = {isa = PBXBuildFile; fileRef = 190B23A7276D18CF002B86DD /* pk.h */; };
+		190B242E276D18CF002B86DD /* ssl.h in Headers */ = {isa = PBXBuildFile; fileRef = 190B23A8276D18CF002B86DD /* ssl.h */; };
+		190B242F276D18CF002B86DD /* camellia.h in Headers */ = {isa = PBXBuildFile; fileRef = 190B23A9276D18CF002B86DD /* camellia.h */; };
+		190B2430276D18CF002B86DD /* md4.h in Headers */ = {isa = PBXBuildFile; fileRef = 190B23AA276D18CF002B86DD /* md4.h */; };
+		190B2431276D18CF002B86DD /* x509_crt.h in Headers */ = {isa = PBXBuildFile; fileRef = 190B23AB276D18CF002B86DD /* x509_crt.h */; };
+		190B2433276D18CF002B86DD /* aes.h in Headers */ = {isa = PBXBuildFile; fileRef = 190B23AD276D18CF002B86DD /* aes.h */; };
+		190B2434276D18CF002B86DD /* pk_internal.h in Headers */ = {isa = PBXBuildFile; fileRef = 190B23AE276D18CF002B86DD /* pk_internal.h */; };
+		190B2435276D18CF002B86DD /* ssl_cookie.h in Headers */ = {isa = PBXBuildFile; fileRef = 190B23AF276D18CF002B86DD /* ssl_cookie.h */; };
+		190B2436276D18CF002B86DD /* dhm.h in Headers */ = {isa = PBXBuildFile; fileRef = 190B23B0276D18CF002B86DD /* dhm.h */; };
+		190B2437276D18CF002B86DD /* aesni.h in Headers */ = {isa = PBXBuildFile; fileRef = 190B23B1276D18CF002B86DD /* aesni.h */; };
+		190B2438276D18CF002B86DD /* ctr_drbg.h in Headers */ = {isa = PBXBuildFile; fileRef = 190B23B2276D18CF002B86DD /* ctr_drbg.h */; };
+		190B2439276D18CF002B86DD /* des.h in Headers */ = {isa = PBXBuildFile; fileRef = 190B23B3276D18CF002B86DD /* des.h */; };
+		190B243A276D18CF002B86DD /* x509_crl.h in Headers */ = {isa = PBXBuildFile; fileRef = 190B23B4276D18CF002B86DD /* x509_crl.h */; };
+		190B243B276D18CF002B86DD /* ecdh.h in Headers */ = {isa = PBXBuildFile; fileRef = 190B23B5276D18CF002B86DD /* ecdh.h */; };
+		190B243C276D18CF002B86DD /* sha1.h in Headers */ = {isa = PBXBuildFile; fileRef = 190B23B6276D18CF002B86DD /* sha1.h */; };
+		190B243D276D18CF002B86DD /* gcm.h in Headers */ = {isa = PBXBuildFile; fileRef = 190B23B7276D18CF002B86DD /* gcm.h */; };
+		190B243E276D18CF002B86DD /* certs.h in Headers */ = {isa = PBXBuildFile; fileRef = 190B23B8276D18CF002B86DD /* certs.h */; };
+		190B243F276D18CF002B86DD /* rsa.h in Headers */ = {isa = PBXBuildFile; fileRef = 190B23B9276D18CF002B86DD /* rsa.h */; };
+		190B2440276D18CF002B86DD /* hmac_drbg.h in Headers */ = {isa = PBXBuildFile; fileRef = 190B23BA276D18CF002B86DD /* hmac_drbg.h */; };
+		190B2441276D18CF002B86DD /* ssl_ticket.h in Headers */ = {isa = PBXBuildFile; fileRef = 190B23BB276D18CF002B86DD /* ssl_ticket.h */; };
+		190B2442276D18CF002B86DD /* ssl_ciphersuites.h in Headers */ = {isa = PBXBuildFile; fileRef = 190B23BC276D18CF002B86DD /* ssl_ciphersuites.h */; };
+		190B2443276D18CF002B86DD /* ssl_cache.h in Headers */ = {isa = PBXBuildFile; fileRef = 190B23BD276D18CF002B86DD /* ssl_cache.h */; };
+		190B2444276D18CF002B86DD /* platform.h in Headers */ = {isa = PBXBuildFile; fileRef = 190B23BE276D18CF002B86DD /* platform.h */; };
+		190B2445276D18CF002B86DD /* bignum.h in Headers */ = {isa = PBXBuildFile; fileRef = 190B23BF276D18CF002B86DD /* bignum.h */; };
+		190B2446276D18CF002B86DD /* entropy_poll.h in Headers */ = {isa = PBXBuildFile; fileRef = 190B23C0276D18CF002B86DD /* entropy_poll.h */; };
+		190B2447276D18CF002B86DD /* havege.h in Headers */ = {isa = PBXBuildFile; fileRef = 190B23C1276D18CF002B86DD /* havege.h */; };
+		190B2448276D18CF002B86DD /* asn1write.h in Headers */ = {isa = PBXBuildFile; fileRef = 190B23C2276D18CF002B86DD /* asn1write.h */; };
+		190B2449276D18CF002B86DD /* ccm.h in Headers */ = {isa = PBXBuildFile; fileRef = 190B23C3276D18CF002B86DD /* ccm.h */; };
+		190B28D6276D25DA002B86DD /* redir.c in Sources */ = {isa = PBXBuildFile; fileRef = 190B28D3276D25DA002B86DD /* redir.c */; };
+		190B28D8276D25DA002B86DD /* redir.h in Headers */ = {isa = PBXBuildFile; fileRef = 190B28D5276D25DA002B86DD /* redir.h */; };
+		196AAB6A2776263400602189 /* Clibsodium.xcframework in Frameworks */ = {isa = PBXBuildFile; fileRef = 196AAB672776262D00602189 /* Clibsodium.xcframework */; settings = {ATTRIBUTES = (Weak, ); }; };
+		196AAB6D2776264F00602189 /* Clibsodium.xcframework in CopyFiles */ = {isa = PBXBuildFile; fileRef = 196AAB672776262D00602189 /* Clibsodium.xcframework */; settings = {ATTRIBUTES = (CodeSignOnCopy, RemoveHeadersOnCopy, ); }; };
+		19835087276D2DED0002E2E9 /* config.h in Headers */ = {isa = PBXBuildFile; fileRef = 19835086276D2CB40002E2E9 /* config.h */; };
+		19835092276D3C0D0002E2E9 /* libev.a in Frameworks */ = {isa = PBXBuildFile; fileRef = 19835090276D3C0D0002E2E9 /* libev.a */; platformFilter = ios; };
+		198350A0276D3C4F0002E2E9 /* libcares.a in Frameworks */ = {isa = PBXBuildFile; fileRef = 1983509D276D3C4E0002E2E9 /* libcares.a */; platformFilter = ios; };
+		198350B1276D3C850002E2E9 /* libpcreposix.a in Frameworks */ = {isa = PBXBuildFile; fileRef = 198350A8276D3C850002E2E9 /* libpcreposix.a */; platformFilter = ios; };
+		198350B2276D3C850002E2E9 /* libpcre.a in Frameworks */ = {isa = PBXBuildFile; fileRef = 198350A9276D3C850002E2E9 /* libpcre.a */; platformFilter = ios; };
+		198350B4276D3C850002E2E9 /* libpcrecpp.a in Frameworks */ = {isa = PBXBuildFile; fileRef = 198350AB276D3C850002E2E9 /* libpcrecpp.a */; platformFilter = ios; };
+		198350BC276D3DAC0002E2E9 /* libresolv.tbd in Frameworks */ = {isa = PBXBuildFile; fileRef = 19835089276D3A4F0002E2E9 /* libresolv.tbd */; platformFilter = ios; };
+/* End PBXBuildFile section */
+
+/* Begin PBXCopyFilesBuildPhase section */
+		196AAB66277625DF00602189 /* CopyFiles */ = {
+			isa = PBXCopyFilesBuildPhase;
+			buildActionMask = 2147483647;
+			dstPath = "";
+			dstSubfolderSpec = 10;
+			files = (
+				196AAB6D2776264F00602189 /* Clibsodium.xcframework in CopyFiles */,
+			);
+			runOnlyForDeploymentPostprocessing = 0;
+		};
+		196AAB6C2776263400602189 /* Embed Frameworks */ = {
+			isa = PBXCopyFilesBuildPhase;
+			buildActionMask = 2147483647;
+			dstPath = "";
+			dstSubfolderSpec = 10;
+			files = (
+			);
+			name = "Embed Frameworks";
+			runOnlyForDeploymentPostprocessing = 0;
+		};
+/* End PBXCopyFilesBuildPhase section */
+
+/* Begin PBXFileReference section */
+		190B1222276CF6B5002B86DD /* ShadowSocks.framework */ = {isa = PBXFileReference; explicitFileType = wrapper.framework; includeInIndex = 0; path = ShadowSocks.framework; sourceTree = BUILT_PRODUCTS_DIR; };
+		190B1225276CF6B5002B86DD /* ShadowSocks.h */ = {isa = PBXFileReference; lastKnownFileType = sourcecode.c.h; path = ShadowSocks.h; sourceTree = "<group>"; };
+		190B1AB6276CFC67002B86DD /* event.h */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.h; path = event.h; sourceTree = "<group>"; };
+		190B1AB7276CFC67002B86DD /* ev++.h */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.h; path = "ev++.h"; sourceTree = "<group>"; };
+		190B1AB8276CFC67002B86DD /* ev.h */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.h; path = ev.h; sourceTree = "<group>"; };
+		190B1B18276CFC67002B86DD /* libmbedcrypto.a */ = {isa = PBXFileReference; lastKnownFileType = archive.ar; path = libmbedcrypto.a; sourceTree = "<group>"; };
+		190B1B19276CFC67002B86DD /* libmbedx509.a */ = {isa = PBXFileReference; lastKnownFileType = archive.ar; path = libmbedx509.a; sourceTree = "<group>"; };
+		190B1B1A276CFC67002B86DD /* libmbedtls.a */ = {isa = PBXFileReference; lastKnownFileType = archive.ar; path = libmbedtls.a; sourceTree = "<group>"; };
+		190B1B1D276CFC67002B86DD /* ares_version.h */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.h; path = ares_version.h; sourceTree = "<group>"; };
+		190B1B1E276CFC67002B86DD /* ares_build.h */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.h; path = ares_build.h; sourceTree = "<group>"; };
+		190B1B1F276CFC67002B86DD /* ares.h */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.h; path = ares.h; sourceTree = "<group>"; };
+		190B1B20276CFC67002B86DD /* ares_rules.h */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.h; path = ares_rules.h; sourceTree = "<group>"; };
+		190B1B21276CFC67002B86DD /* ares_dns.h */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.h; path = ares_dns.h; sourceTree = "<group>"; };
+		190B1F45276D0DB3002B86DD /* json.c */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.c; path = json.c; sourceTree = "<group>"; };
+		190B1F46276D0DB3002B86DD /* utils.h */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.h; path = utils.h; sourceTree = "<group>"; };
+		190B1F47276D0DB3002B86DD /* resolv.h */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.h; path = resolv.h; sourceTree = "<group>"; };
+		190B1F48276D0DB3002B86DD /* winsock.h */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.h; path = winsock.h; sourceTree = "<group>"; };
+		190B1F49276D0DB3002B86DD /* rule.c */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.c; path = rule.c; sourceTree = "<group>"; };
+		190B1F4B276D0DB3002B86DD /* acl.h */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.h; path = acl.h; sourceTree = "<group>"; };
+		190B1F4C276D0DB3002B86DD /* plugin.h */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.h; path = plugin.h; sourceTree = "<group>"; };
+		190B1F4D276D0DB3002B86DD /* aead.c */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.c; path = aead.c; sourceTree = "<group>"; };
+		190B1F4E276D0DB3002B86DD /* ppbloom.c */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.c; path = ppbloom.c; sourceTree = "<group>"; };
+		190B1F4F276D0DB3002B86DD /* base64.h */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.h; path = base64.h; sourceTree = "<group>"; };
+		190B1F50276D0DB3002B86DD /* netutils.h */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.h; path = netutils.h; sourceTree = "<group>"; };
+		190B1F51276D0DB3002B86DD /* local.c */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.c; path = local.c; sourceTree = "<group>"; };
+		190B1F52276D0DB3002B86DD /* manager.h */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.h; path = manager.h; sourceTree = "<group>"; };
+		190B1F53276D0DB3002B86DD /* tunnel.h */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.h; path = tunnel.h; sourceTree = "<group>"; };
+		190B1F54276D0DB3002B86DD /* cache.h */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.h; path = cache.h; sourceTree = "<group>"; };
+		190B1F57276D0DB3002B86DD /* stream.h */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.h; path = stream.h; sourceTree = "<group>"; };
+		190B1F58276D0DB3002B86DD /* uthash.h */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.h; path = uthash.h; sourceTree = "<group>"; };
+		190B1F59276D0DB3002B86DD /* server.c */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.c; path = server.c; sourceTree = "<group>"; };
+		190B1F5A276D0DB3002B86DD /* jconf.h */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.h; path = jconf.h; sourceTree = "<group>"; };
+		190B1F5B276D0DB3002B86DD /* crypto.h */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.h; path = crypto.h; sourceTree = "<group>"; };
+		190B1F5C276D0DB3002B86DD /* udprelay.c */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.c; path = udprelay.c; sourceTree = "<group>"; };
+		190B1F5D276D0DB3002B86DD /* winsock.c */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.c; path = winsock.c; sourceTree = "<group>"; };
+		190B1F5F276D0DB3002B86DD /* resolv.c */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.c; path = resolv.c; sourceTree = "<group>"; };
+		190B1F60276D0DB3002B86DD /* utils.c */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.c; path = utils.c; sourceTree = "<group>"; };
+		190B1F61276D0DB3002B86DD /* common.h */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.h; path = common.h; sourceTree = "<group>"; };
+		190B1F62276D0DB3002B86DD /* json.h */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.h; path = json.h; sourceTree = "<group>"; };
+		190B1F63276D0DB3002B86DD /* netutils.c */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.c; path = netutils.c; sourceTree = "<group>"; };
+		190B1F64276D0DB3002B86DD /* base64.c */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.c; path = base64.c; sourceTree = "<group>"; };
+		190B1F66276D0DB3002B86DD /* ppbloom.h */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.h; path = ppbloom.h; sourceTree = "<group>"; };
+		190B1F67276D0DB3002B86DD /* aead.h */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.h; path = aead.h; sourceTree = "<group>"; };
+		190B1F68276D0DB3002B86DD /* plugin.c */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.c; path = plugin.c; sourceTree = "<group>"; };
+		190B1F69276D0DB3002B86DD /* acl.c */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.c; path = acl.c; sourceTree = "<group>"; };
+		190B1F6A276D0DB3002B86DD /* rule.h */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.h; path = rule.h; sourceTree = "<group>"; };
+		190B1F6B276D0DB3002B86DD /* cache.c */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.c; path = cache.c; sourceTree = "<group>"; };
+		190B1F6C276D0DB3002B86DD /* manager.c */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.c; path = manager.c; sourceTree = "<group>"; };
+		190B1F6D276D0DB3002B86DD /* tunnel.c */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.c; path = tunnel.c; sourceTree = "<group>"; };
+		190B1F6E276D0DB3002B86DD /* shadowsocks.h */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.h; path = shadowsocks.h; sourceTree = "<group>"; };
+		190B1F6F276D0DB3002B86DD /* local.h */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.h; path = local.h; sourceTree = "<group>"; };
+		190B1F71276D0DB3002B86DD /* crypto.c */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.c; path = crypto.c; sourceTree = "<group>"; };
+		190B1F72276D0DB3002B86DD /* jconf.c */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.c; path = jconf.c; sourceTree = "<group>"; };
+		190B1F73276D0DB3002B86DD /* server.h */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.h; path = server.h; sourceTree = "<group>"; };
+		190B1F74276D0DB4002B86DD /* udprelay.h */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.h; path = udprelay.h; sourceTree = "<group>"; };
+		190B1F76276D0DB4002B86DD /* socks5.h */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.h; path = socks5.h; sourceTree = "<group>"; };
+		190B1F77276D0DB4002B86DD /* stream.c */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.c; path = stream.c; sourceTree = "<group>"; };
+		190B2095276D0DB4002B86DD /* bloom.c */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.c; path = bloom.c; sourceTree = "<group>"; };
+		190B2099276D0DB4002B86DD /* bloom.h */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.h; path = bloom.h; sourceTree = "<group>"; };
+		190B209D276D0DB5002B86DD /* murmurhash2.h */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.h; path = murmurhash2.h; sourceTree = "<group>"; };
+		190B209F276D0DB5002B86DD /* MurmurHash2.c */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.c; path = MurmurHash2.c; sourceTree = "<group>"; };
+		190B2273276D1697002B86DD /* storage.c */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.c; path = storage.c; sourceTree = "<group>"; };
+		190B2274276D1697002B86DD /* inspection.c */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.c; path = inspection.c; sourceTree = "<group>"; };
+		190B2276276D1697002B86DD /* ipv4_map.c */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.c; path = ipv4_map.c; sourceTree = "<group>"; };
+		190B2277276D1697002B86DD /* ipv6_map.c */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.c; path = ipv6_map.c; sourceTree = "<group>"; };
+		190B2278276D1697002B86DD /* allocation.c */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.c; path = allocation.c; sourceTree = "<group>"; };
+		190B227B276D1697002B86DD /* expanded.c */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.c; path = expanded.c; sourceTree = "<group>"; };
+		190B227C276D1697002B86DD /* basics.c */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.c; path = basics.c; sourceTree = "<group>"; };
+		190B227D276D1697002B86DD /* assignments.c */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.c; path = assignments.c; sourceTree = "<group>"; };
+		190B227E276D1697002B86DD /* bdd-iterator.c */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.c; path = "bdd-iterator.c"; sourceTree = "<group>"; };
+		190B227F276D1697002B86DD /* read.c */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.c; path = read.c; sourceTree = "<group>"; };
+		190B2280276D1697002B86DD /* reachable.c */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.c; path = reachable.c; sourceTree = "<group>"; };
+		190B2282276D1697002B86DD /* write.c */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.c; path = write.c; sourceTree = "<group>"; };
+		190B2284276D1697002B86DD /* ipv4_set.c */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.c; path = ipv4_set.c; sourceTree = "<group>"; };
+		190B2285276D1697002B86DD /* ipv6_set.c */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.c; path = ipv6_set.c; sourceTree = "<group>"; };
+		190B2286276D1697002B86DD /* storage.c */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.c; path = storage.c; sourceTree = "<group>"; };
+		190B2287276D1697002B86DD /* inspection.c */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.c; path = inspection.c; sourceTree = "<group>"; };
+		190B2288276D1697002B86DD /* iterator.c */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.c; path = iterator.c; sourceTree = "<group>"; };
+		190B228A276D1697002B86DD /* allocation.c */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.c; path = allocation.c; sourceTree = "<group>"; };
+		190B228C276D1697002B86DD /* general.c */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.c; path = general.c; sourceTree = "<group>"; };
+		190B228F276D1697002B86DD /* ipsetcat.c */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.c; path = ipsetcat.c; sourceTree = "<group>"; };
+		190B2291276D1697002B86DD /* ipsetbuild.c */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.c; path = ipsetbuild.c; sourceTree = "<group>"; };
+		190B2293276D1697002B86DD /* ipsetdot.c */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.c; path = ipsetdot.c; sourceTree = "<group>"; };
+		190B22AE276D16C2002B86DD /* mingw.c */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.c; path = mingw.c; sourceTree = "<group>"; };
+		190B22AF276D16C2002B86DD /* process.c */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.c; path = process.c; sourceTree = "<group>"; };
+		190B22B0276D16C2002B86DD /* exec.c */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.c; path = exec.c; sourceTree = "<group>"; };
+		190B22B1276D16C2002B86DD /* files.c */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.c; path = files.c; sourceTree = "<group>"; };
+		190B22B2276D16C2002B86DD /* subprocess.c */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.c; path = subprocess.c; sourceTree = "<group>"; };
+		190B22B3276D16C2002B86DD /* env.c */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.c; path = env.c; sourceTree = "<group>"; };
+		190B22B4276D16C2002B86DD /* directory-walker.c */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.c; path = "directory-walker.c"; sourceTree = "<group>"; };
+		190B22B7276D16C2002B86DD /* allocator.c */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.c; path = allocator.c; sourceTree = "<group>"; };
+		190B22B8276D16C2002B86DD /* ip-address.c */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.c; path = "ip-address.c"; sourceTree = "<group>"; };
+		190B22B9276D16C2002B86DD /* mempool.c */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.c; path = mempool.c; sourceTree = "<group>"; };
+		190B22BA276D16C2002B86DD /* timestamp.c */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.c; path = timestamp.c; sourceTree = "<group>"; };
+		190B22BB276D16C2002B86DD /* hash.c */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.c; path = hash.c; sourceTree = "<group>"; };
+		190B22BC276D16C2002B86DD /* error.c */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.c; path = error.c; sourceTree = "<group>"; };
+		190B22BD276D16C2002B86DD /* version.c */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.c; path = version.c; sourceTree = "<group>"; };
+		190B22BE276D16C2002B86DD /* u128.c */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.c; path = u128.c; sourceTree = "<group>"; };
+		190B22C0276D16C2002B86DD /* gc.c */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.c; path = gc.c; sourceTree = "<group>"; };
+		190B22C2276D16C2002B86DD /* buffer.c */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.c; path = buffer.c; sourceTree = "<group>"; };
+		190B22C3276D16C2002B86DD /* managed-buffer.c */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.c; path = "managed-buffer.c"; sourceTree = "<group>"; };
+		190B22C4276D16C2002B86DD /* array.c */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.c; path = array.c; sourceTree = "<group>"; };
+		190B22C5276D16C2002B86DD /* dllist.c */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.c; path = dllist.c; sourceTree = "<group>"; };
+		190B22C6276D16C2002B86DD /* file-stream.c */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.c; path = "file-stream.c"; sourceTree = "<group>"; };
+		190B22C7276D16C2002B86DD /* ring-buffer.c */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.c; path = "ring-buffer.c"; sourceTree = "<group>"; };
+		190B22C8276D16C2002B86DD /* hash-table.c */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.c; path = "hash-table.c"; sourceTree = "<group>"; };
+		190B22C9276D16C2002B86DD /* bitset.c */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.c; path = bitset.c; sourceTree = "<group>"; };
+		190B22CA276D16C2002B86DD /* slice.c */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.c; path = slice.c; sourceTree = "<group>"; };
+		190B22CE276D16C2002B86DD /* commands.c */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.c; path = commands.c; sourceTree = "<group>"; };
+		190B22D0276D16C2002B86DD /* thread.c */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.c; path = thread.c; sourceTree = "<group>"; };
+		190B22D3276D16C2002B86DD /* cork-test.c */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.c; path = "cork-test.c"; sourceTree = "<group>"; };
+		190B22D5276D16C2002B86DD /* init1.c */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.c; path = init1.c; sourceTree = "<group>"; };
+		190B22D6276D16C2002B86DD /* init2.c */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.c; path = init2.c; sourceTree = "<group>"; };
+		190B22D7276D16C2002B86DD /* main.c */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.c; path = main.c; sourceTree = "<group>"; };
+		190B22D9276D16C2002B86DD /* cork-hash.c */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.c; path = "cork-hash.c"; sourceTree = "<group>"; };
+		190B233D276D18CE002B86DD /* pem.h */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.h; path = pem.h; sourceTree = "<group>"; };
+		190B233E276D18CE002B86DD /* check_config.h */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.h; path = check_config.h; sourceTree = "<group>"; };
+		190B233F276D18CE002B86DD /* error.h */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.h; path = error.h; sourceTree = "<group>"; };
+		190B2340276D18CE002B86DD /* md2.h */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.h; path = md2.h; sourceTree = "<group>"; };
+		190B2341276D18CE002B86DD /* oid.h */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.h; path = oid.h; sourceTree = "<group>"; };
+		190B2342276D18CE002B86DD /* pkcs5.h */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.h; path = pkcs5.h; sourceTree = "<group>"; };
+		190B2343276D18CE002B86DD /* ripemd160.h */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.h; path = ripemd160.h; sourceTree = "<group>"; };
+		190B2344276D18CE002B86DD /* blowfish.h */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.h; path = blowfish.h; sourceTree = "<group>"; };
+		190B2345276D18CE002B86DD /* debug.h */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.h; path = debug.h; sourceTree = "<group>"; };
+		190B2346276D18CE002B86DD /* x509.h */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.h; path = x509.h; sourceTree = "<group>"; };
+		190B2347276D18CE002B86DD /* version.h */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.h; path = version.h; sourceTree = "<group>"; };
+		190B2349276D18CE002B86DD /* ecp.h */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.h; path = ecp.h; sourceTree = "<group>"; };
+		190B234A276D18CE002B86DD /* net.h */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.h; path = net.h; sourceTree = "<group>"; };
+		190B234B276D18CE002B86DD /* cipher_internal.h */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.h; path = cipher_internal.h; sourceTree = "<group>"; };
+		190B234D276D18CE002B86DD /* md_internal.h */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.h; path = md_internal.h; sourceTree = "<group>"; };
+		190B234E276D18CE002B86DD /* base64.h */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.h; path = base64.h; sourceTree = "<group>"; };
+		190B234F276D18CE002B86DD /* pkcs11.h */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.h; path = pkcs11.h; sourceTree = "<group>"; };
+		190B2350276D18CE002B86DD /* ssl_internal.h */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.h; path = ssl_internal.h; sourceTree = "<group>"; };
+		190B2351276D18CE002B86DD /* asn1.h */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.h; path = asn1.h; sourceTree = "<group>"; };
+		190B2352276D18CE002B86DD /* config.h */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.h; path = config.h; sourceTree = "<group>"; };
+		190B2353276D18CE002B86DD /* memory_buffer_alloc.h */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.h; path = memory_buffer_alloc.h; sourceTree = "<group>"; };
+		190B2354276D18CE002B86DD /* x509_csr.h */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.h; path = x509_csr.h; sourceTree = "<group>"; };
+		190B2355276D18CE002B86DD /* xtea.h */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.h; path = xtea.h; sourceTree = "<group>"; };
+		190B2356276D18CE002B86DD /* threading.h */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.h; path = threading.h; sourceTree = "<group>"; };
+		190B2357276D18CE002B86DD /* compat-1.3.h */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.h; path = "compat-1.3.h"; sourceTree = "<group>"; };
+		190B2358276D18CE002B86DD /* md5.h */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.h; path = md5.h; sourceTree = "<group>"; };
+		190B2359276D18CE002B86DD /* timing.h */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.h; path = timing.h; sourceTree = "<group>"; };
+		190B235A276D18CE002B86DD /* arc4.h */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.h; path = arc4.h; sourceTree = "<group>"; };
+		190B235B276D18CE002B86DD /* sha256.h */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.h; path = sha256.h; sourceTree = "<group>"; };
+		190B235D276D18CE002B86DD /* pem.h */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.h; path = pem.h; sourceTree = "<group>"; };
+		190B235E276D18CE002B86DD /* check_config.h */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.h; path = check_config.h; sourceTree = "<group>"; };
+		190B235F276D18CE002B86DD /* error.h */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.h; path = error.h; sourceTree = "<group>"; };
+		190B2360276D18CE002B86DD /* md2.h */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.h; path = md2.h; sourceTree = "<group>"; };
+		190B2361276D18CE002B86DD /* oid.h */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.h; path = oid.h; sourceTree = "<group>"; };
+		190B2362276D18CE002B86DD /* pkcs5.h */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.h; path = pkcs5.h; sourceTree = "<group>"; };
+		190B2363276D18CE002B86DD /* ripemd160.h */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.h; path = ripemd160.h; sourceTree = "<group>"; };
+		190B2364276D18CE002B86DD /* blowfish.h */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.h; path = blowfish.h; sourceTree = "<group>"; };
+		190B2365276D18CE002B86DD /* debug.h */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.h; path = debug.h; sourceTree = "<group>"; };
+		190B2366276D18CE002B86DD /* x509.h */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.h; path = x509.h; sourceTree = "<group>"; };
+		190B2367276D18CE002B86DD /* version.h */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.h; path = version.h; sourceTree = "<group>"; };
+		190B2368276D18CE002B86DD /* ecp.h */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.h; path = ecp.h; sourceTree = "<group>"; };
+		190B2369276D18CE002B86DD /* net.h */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.h; path = net.h; sourceTree = "<group>"; };
+		190B236A276D18CE002B86DD /* cipher_internal.h */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.h; path = cipher_internal.h; sourceTree = "<group>"; };
+		190B236B276D18CE002B86DD /* LICENSE */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = text; path = LICENSE; sourceTree = "<group>"; };
+		190B236C276D18CF002B86DD /* md_internal.h */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.h; path = md_internal.h; sourceTree = "<group>"; };
+		190B236D276D18CF002B86DD /* base64.h */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.h; path = base64.h; sourceTree = "<group>"; };
+		190B236E276D18CF002B86DD /* pkcs11.h */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.h; path = pkcs11.h; sourceTree = "<group>"; };
+		190B236F276D18CF002B86DD /* ssl_internal.h */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.h; path = ssl_internal.h; sourceTree = "<group>"; };
+		190B2370276D18CF002B86DD /* asn1.h */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.h; path = asn1.h; sourceTree = "<group>"; };
+		190B2371276D18CF002B86DD /* config.h */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.h; path = config.h; sourceTree = "<group>"; };
+		190B2372276D18CF002B86DD /* memory_buffer_alloc.h */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.h; path = memory_buffer_alloc.h; sourceTree = "<group>"; };
+		190B2373276D18CF002B86DD /* x509_csr.h */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.h; path = x509_csr.h; sourceTree = "<group>"; };
+		190B2374276D18CF002B86DD /* xtea.h */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.h; path = xtea.h; sourceTree = "<group>"; };
+		190B2375276D18CF002B86DD /* threading.h */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.h; path = threading.h; sourceTree = "<group>"; };
+		190B2376276D18CF002B86DD /* compat-1.3.h */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.h; path = "compat-1.3.h"; sourceTree = "<group>"; };
+		190B2377276D18CF002B86DD /* md5.h */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.h; path = md5.h; sourceTree = "<group>"; };
+		190B2378276D18CF002B86DD /* timing.h */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.h; path = timing.h; sourceTree = "<group>"; };
+		190B2379276D18CF002B86DD /* arc4.h */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.h; path = arc4.h; sourceTree = "<group>"; };
+		190B237A276D18CF002B86DD /* sha256.h */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.h; path = sha256.h; sourceTree = "<group>"; };
+		190B237B276D18CF002B86DD /* ecdsa.h */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.h; path = ecdsa.h; sourceTree = "<group>"; };
+		190B237C276D18CF002B86DD /* md.h */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.h; path = md.h; sourceTree = "<group>"; };
+		190B237D276D18CF002B86DD /* cipher.h */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.h; path = cipher.h; sourceTree = "<group>"; };
+		190B237E276D18CF002B86DD /* entropy.h */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.h; path = entropy.h; sourceTree = "<group>"; };
+		190B237F276D18CF002B86DD /* pkcs12.h */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.h; path = pkcs12.h; sourceTree = "<group>"; };
+		190B2380276D18CF002B86DD /* padlock.h */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.h; path = padlock.h; sourceTree = "<group>"; };
+		190B2381276D18CF002B86DD /* sha512.h */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.h; path = sha512.h; sourceTree = "<group>"; };
+		190B2382276D18CF002B86DD /* bn_mul.h */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.h; path = bn_mul.h; sourceTree = "<group>"; };
+		190B2383276D18CF002B86DD /* pk.h */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.h; path = pk.h; sourceTree = "<group>"; };
+		190B2384276D18CF002B86DD /* ssl.h */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.h; path = ssl.h; sourceTree = "<group>"; };
+		190B2385276D18CF002B86DD /* camellia.h */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.h; path = camellia.h; sourceTree = "<group>"; };
+		190B2386276D18CF002B86DD /* md4.h */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.h; path = md4.h; sourceTree = "<group>"; };
+		190B2387276D18CF002B86DD /* x509_crt.h */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.h; path = x509_crt.h; sourceTree = "<group>"; };
+		190B2388276D18CF002B86DD /* aes.h */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.h; path = aes.h; sourceTree = "<group>"; };
+		190B2389276D18CF002B86DD /* pk_internal.h */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.h; path = pk_internal.h; sourceTree = "<group>"; };
+		190B238A276D18CF002B86DD /* ssl_cookie.h */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.h; path = ssl_cookie.h; sourceTree = "<group>"; };
+		190B238B276D18CF002B86DD /* dhm.h */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.h; path = dhm.h; sourceTree = "<group>"; };
+		190B238C276D18CF002B86DD /* aesni.h */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.h; path = aesni.h; sourceTree = "<group>"; };
+		190B238D276D18CF002B86DD /* ctr_drbg.h */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.h; path = ctr_drbg.h; sourceTree = "<group>"; };
+		190B238E276D18CF002B86DD /* des.h */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.h; path = des.h; sourceTree = "<group>"; };
+		190B238F276D18CF002B86DD /* x509_crl.h */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.h; path = x509_crl.h; sourceTree = "<group>"; };
+		190B2390276D18CF002B86DD /* ecdh.h */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.h; path = ecdh.h; sourceTree = "<group>"; };
+		190B2391276D18CF002B86DD /* sha1.h */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.h; path = sha1.h; sourceTree = "<group>"; };
+		190B2392276D18CF002B86DD /* gcm.h */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.h; path = gcm.h; sourceTree = "<group>"; };
+		190B2393276D18CF002B86DD /* certs.h */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.h; path = certs.h; sourceTree = "<group>"; };
+		190B2394276D18CF002B86DD /* rsa.h */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.h; path = rsa.h; sourceTree = "<group>"; };
+		190B2395276D18CF002B86DD /* hmac_drbg.h */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.h; path = hmac_drbg.h; sourceTree = "<group>"; };
+		190B2396276D18CF002B86DD /* ssl_ticket.h */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.h; path = ssl_ticket.h; sourceTree = "<group>"; };
+		190B2397276D18CF002B86DD /* ssl_ciphersuites.h */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.h; path = ssl_ciphersuites.h; sourceTree = "<group>"; };
+		190B2398276D18CF002B86DD /* ssl_cache.h */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.h; path = ssl_cache.h; sourceTree = "<group>"; };
+		190B2399276D18CF002B86DD /* platform.h */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.h; path = platform.h; sourceTree = "<group>"; };
+		190B239A276D18CF002B86DD /* bignum.h */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.h; path = bignum.h; sourceTree = "<group>"; };
+		190B239B276D18CF002B86DD /* entropy_poll.h */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.h; path = entropy_poll.h; sourceTree = "<group>"; };
+		190B239C276D18CF002B86DD /* havege.h */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.h; path = havege.h; sourceTree = "<group>"; };
+		190B239D276D18CF002B86DD /* asn1write.h */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.h; path = asn1write.h; sourceTree = "<group>"; };
+		190B239E276D18CF002B86DD /* ccm.h */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.h; path = ccm.h; sourceTree = "<group>"; };
+		190B239F276D18CF002B86DD /* ecdsa.h */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.h; path = ecdsa.h; sourceTree = "<group>"; };
+		190B23A0276D18CF002B86DD /* md.h */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.h; path = md.h; sourceTree = "<group>"; };
+		190B23A1276D18CF002B86DD /* cipher.h */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.h; path = cipher.h; sourceTree = "<group>"; };
+		190B23A2276D18CF002B86DD /* entropy.h */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.h; path = entropy.h; sourceTree = "<group>"; };
+		190B23A3276D18CF002B86DD /* pkcs12.h */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.h; path = pkcs12.h; sourceTree = "<group>"; };
+		190B23A4276D18CF002B86DD /* padlock.h */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.h; path = padlock.h; sourceTree = "<group>"; };
+		190B23A5276D18CF002B86DD /* sha512.h */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.h; path = sha512.h; sourceTree = "<group>"; };
+		190B23A6276D18CF002B86DD /* bn_mul.h */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.h; path = bn_mul.h; sourceTree = "<group>"; };
+		190B23A7276D18CF002B86DD /* pk.h */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.h; path = pk.h; sourceTree = "<group>"; };
+		190B23A8276D18CF002B86DD /* ssl.h */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.h; path = ssl.h; sourceTree = "<group>"; };
+		190B23A9276D18CF002B86DD /* camellia.h */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.h; path = camellia.h; sourceTree = "<group>"; };
+		190B23AA276D18CF002B86DD /* md4.h */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.h; path = md4.h; sourceTree = "<group>"; };
+		190B23AB276D18CF002B86DD /* x509_crt.h */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.h; path = x509_crt.h; sourceTree = "<group>"; };
+		190B23AC276D18CF002B86DD /* .gitignore */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = text; path = .gitignore; sourceTree = "<group>"; };
+		190B23AD276D18CF002B86DD /* aes.h */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.h; path = aes.h; sourceTree = "<group>"; };
+		190B23AE276D18CF002B86DD /* pk_internal.h */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.h; path = pk_internal.h; sourceTree = "<group>"; };
+		190B23AF276D18CF002B86DD /* ssl_cookie.h */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.h; path = ssl_cookie.h; sourceTree = "<group>"; };
+		190B23B0276D18CF002B86DD /* dhm.h */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.h; path = dhm.h; sourceTree = "<group>"; };
+		190B23B1276D18CF002B86DD /* aesni.h */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.h; path = aesni.h; sourceTree = "<group>"; };
+		190B23B2276D18CF002B86DD /* ctr_drbg.h */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.h; path = ctr_drbg.h; sourceTree = "<group>"; };
+		190B23B3276D18CF002B86DD /* des.h */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.h; path = des.h; sourceTree = "<group>"; };
+		190B23B4276D18CF002B86DD /* x509_crl.h */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.h; path = x509_crl.h; sourceTree = "<group>"; };
+		190B23B5276D18CF002B86DD /* ecdh.h */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.h; path = ecdh.h; sourceTree = "<group>"; };
+		190B23B6276D18CF002B86DD /* sha1.h */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.h; path = sha1.h; sourceTree = "<group>"; };
+		190B23B7276D18CF002B86DD /* gcm.h */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.h; path = gcm.h; sourceTree = "<group>"; };
+		190B23B8276D18CF002B86DD /* certs.h */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.h; path = certs.h; sourceTree = "<group>"; };
+		190B23B9276D18CF002B86DD /* rsa.h */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.h; path = rsa.h; sourceTree = "<group>"; };
+		190B23BA276D18CF002B86DD /* hmac_drbg.h */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.h; path = hmac_drbg.h; sourceTree = "<group>"; };
+		190B23BB276D18CF002B86DD /* ssl_ticket.h */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.h; path = ssl_ticket.h; sourceTree = "<group>"; };
+		190B23BC276D18CF002B86DD /* ssl_ciphersuites.h */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.h; path = ssl_ciphersuites.h; sourceTree = "<group>"; };
+		190B23BD276D18CF002B86DD /* ssl_cache.h */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.h; path = ssl_cache.h; sourceTree = "<group>"; };
+		190B23BE276D18CF002B86DD /* platform.h */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.h; path = platform.h; sourceTree = "<group>"; };
+		190B23BF276D18CF002B86DD /* bignum.h */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.h; path = bignum.h; sourceTree = "<group>"; };
+		190B23C0276D18CF002B86DD /* entropy_poll.h */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.h; path = entropy_poll.h; sourceTree = "<group>"; };
+		190B23C1276D18CF002B86DD /* havege.h */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.h; path = havege.h; sourceTree = "<group>"; };
+		190B23C2276D18CF002B86DD /* asn1write.h */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.h; path = asn1write.h; sourceTree = "<group>"; };
+		190B23C3276D18CF002B86DD /* ccm.h */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.h; path = ccm.h; sourceTree = "<group>"; };
+		190B245A276D2251002B86DD /* pcrecpparg.h */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.h; path = pcrecpparg.h; sourceTree = "<group>"; };
+		190B245B276D2251002B86DD /* pcreposix.h */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.h; path = pcreposix.h; sourceTree = "<group>"; };
+		190B245C276D2251002B86DD /* pcre_scanner.h */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.h; path = pcre_scanner.h; sourceTree = "<group>"; };
+		190B245D276D2251002B86DD /* pcre_stringpiece.h */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.h; path = pcre_stringpiece.h; sourceTree = "<group>"; };
+		190B245E276D2251002B86DD /* pcre.h */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.h; path = pcre.h; sourceTree = "<group>"; };
+		190B245F276D2251002B86DD /* pcrecpp.h */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.h; path = pcrecpp.h; sourceTree = "<group>"; };
+		190B28D3276D25DA002B86DD /* redir.c */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.c; path = redir.c; sourceTree = "<group>"; };
+		190B28D4276D25DA002B86DD /* android.c */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.c; path = android.c; sourceTree = "<group>"; };
+		190B28D5276D25DA002B86DD /* redir.h */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.h; path = redir.h; sourceTree = "<group>"; };
+		196AAB672776262D00602189 /* Clibsodium.xcframework */ = {isa = PBXFileReference; lastKnownFileType = wrapper.xcframework; name = Clibsodium.xcframework; path = ShadowSocks/libsodium/lib/Clibsodium.xcframework; sourceTree = "<group>"; };
+		19835086276D2CB40002E2E9 /* config.h */ = {isa = PBXFileReference; lastKnownFileType = sourcecode.c.h; path = config.h; sourceTree = "<group>"; };
+		19835089276D3A4F0002E2E9 /* libresolv.tbd */ = {isa = PBXFileReference; lastKnownFileType = "sourcecode.text-based-dylib-definition"; name = libresolv.tbd; path = Platforms/MacOSX.platform/Developer/SDKs/MacOSX12.1.sdk/usr/lib/libresolv.tbd; sourceTree = DEVELOPER_DIR; };
+		19835090276D3C0D0002E2E9 /* libev.a */ = {isa = PBXFileReference; lastKnownFileType = archive.ar; path = libev.a; sourceTree = "<group>"; };
+		19835091276D3C0D0002E2E9 /* libev.la */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = text; path = libev.la; sourceTree = "<group>"; };
+		1983509D276D3C4E0002E2E9 /* libcares.a */ = {isa = PBXFileReference; lastKnownFileType = archive.ar; path = libcares.a; sourceTree = "<group>"; };
+		198350A6276D3C850002E2E9 /* libpcre.la */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = text; path = libpcre.la; sourceTree = "<group>"; };
+		198350A7276D3C850002E2E9 /* libpcrecpp.la */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = text; path = libpcrecpp.la; sourceTree = "<group>"; };
+		198350A8276D3C850002E2E9 /* libpcreposix.a */ = {isa = PBXFileReference; lastKnownFileType = archive.ar; path = libpcreposix.a; sourceTree = "<group>"; };
+		198350A9276D3C850002E2E9 /* libpcre.a */ = {isa = PBXFileReference; lastKnownFileType = archive.ar; path = libpcre.a; sourceTree = "<group>"; };
+		198350AA276D3C850002E2E9 /* libpcreposix.la */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = text; path = libpcreposix.la; sourceTree = "<group>"; };
+		198350AB276D3C850002E2E9 /* libpcrecpp.a */ = {isa = PBXFileReference; lastKnownFileType = archive.ar; path = libpcrecpp.a; sourceTree = "<group>"; };
+		198350B6276D3D6A0002E2E9 /* libz.tbd */ = {isa = PBXFileReference; lastKnownFileType = "sourcecode.text-based-dylib-definition"; name = libz.tbd; path = Platforms/MacOSX.platform/Developer/SDKs/MacOSX12.1.sdk/usr/lib/libz.tbd; sourceTree = DEVELOPER_DIR; };
+		198350B8276D3D840002E2E9 /* libexpat.tbd */ = {isa = PBXFileReference; lastKnownFileType = "sourcecode.text-based-dylib-definition"; name = libexpat.tbd; path = Platforms/MacOSX.platform/Developer/SDKs/MacOSX12.1.sdk/usr/lib/libexpat.tbd; sourceTree = DEVELOPER_DIR; };
+		198350BA276D3D9D0002E2E9 /* libresolv.9.tbd */ = {isa = PBXFileReference; lastKnownFileType = "sourcecode.text-based-dylib-definition"; name = libresolv.9.tbd; path = Platforms/MacOSX.platform/Developer/SDKs/MacOSX12.1.sdk/usr/lib/libresolv.9.tbd; sourceTree = DEVELOPER_DIR; };
+		198350BD276D3E430002E2E9 /* libpthread.tbd */ = {isa = PBXFileReference; lastKnownFileType = "sourcecode.text-based-dylib-definition"; name = libpthread.tbd; path = Platforms/MacOSX.platform/Developer/SDKs/MacOSX12.1.sdk/usr/lib/libpthread.tbd; sourceTree = DEVELOPER_DIR; };
+		198350BF276D520F0002E2E9 /* Info.plist */ = {isa = PBXFileReference; lastKnownFileType = text.plist; path = Info.plist; sourceTree = "<group>"; };
+/* End PBXFileReference section */
+
+/* Begin PBXFrameworksBuildPhase section */
+		190B121F276CF6B5002B86DD /* Frameworks */ = {
+			isa = PBXFrameworksBuildPhase;
+			buildActionMask = 2147483647;
+			files = (
+				198350BC276D3DAC0002E2E9 /* libresolv.tbd in Frameworks */,
+				19835092276D3C0D0002E2E9 /* libev.a in Frameworks */,
+				198350B4276D3C850002E2E9 /* libpcrecpp.a in Frameworks */,
+				198350B1276D3C850002E2E9 /* libpcreposix.a in Frameworks */,
+				198350B2276D3C850002E2E9 /* libpcre.a in Frameworks */,
+				198350A0276D3C4F0002E2E9 /* libcares.a in Frameworks */,
+				196AAB6A2776263400602189 /* Clibsodium.xcframework in Frameworks */,
+				190B1E08276CFC69002B86DD /* libmbedx509.a in Frameworks */,
+				190B1E07276CFC69002B86DD /* libmbedcrypto.a in Frameworks */,
+				190B1E09276CFC69002B86DD /* libmbedtls.a in Frameworks */,
+			);
+			runOnlyForDeploymentPostprocessing = 0;
+		};
+/* End PBXFrameworksBuildPhase section */
+
+/* Begin PBXGroup section */
+		190B1218276CF6B5002B86DD = {
+			isa = PBXGroup;
+			children = (
+				190B1224276CF6B5002B86DD /* ShadowSocks */,
+				190B1223276CF6B5002B86DD /* Products */,
+				190B1E6B276D06F2002B86DD /* Frameworks */,
+			);
+			sourceTree = "<group>";
+		};
+		190B1223276CF6B5002B86DD /* Products */ = {
+			isa = PBXGroup;
+			children = (
+				190B1222276CF6B5002B86DD /* ShadowSocks.framework */,
+			);
+			name = Products;
+			sourceTree = "<group>";
+		};
+		190B1224276CF6B5002B86DD /* ShadowSocks */ = {
+			isa = PBXGroup;
+			children = (
+				190B2458276D2251002B86DD /* pcre */,
+				190B1B1B276CFC67002B86DD /* libcares */,
+				190B1A9B276CFC66002B86DD /* libev */,
+				190B1AC0276CFC67002B86DD /* mbedtls */,
+				190B1B72276CFC67002B86DD /* shadowsocks-libev */,
+				190B1225276CF6B5002B86DD /* ShadowSocks.h */,
+				198350BF276D520F0002E2E9 /* Info.plist */,
+			);
+			path = ShadowSocks;
+			sourceTree = "<group>";
+		};
+		190B1A9B276CFC66002B86DD /* libev */ = {
+			isa = PBXGroup;
+			children = (
+				190B1AB4276CFC67002B86DD /* arm64 */,
+			);
+			path = libev;
+			sourceTree = "<group>";
+		};
+		190B1AB4276CFC67002B86DD /* arm64 */ = {
+			isa = PBXGroup;
+			children = (
+				1983508F276D3C0D0002E2E9 /* lib */,
+				190B1AB5276CFC67002B86DD /* include */,
+			);
+			path = arm64;
+			sourceTree = "<group>";
+		};
+		190B1AB5276CFC67002B86DD /* include */ = {
+			isa = PBXGroup;
+			children = (
+				190B1AB6276CFC67002B86DD /* event.h */,
+				190B1AB7276CFC67002B86DD /* ev++.h */,
+				190B1AB8276CFC67002B86DD /* ev.h */,
+			);
+			path = include;
+			sourceTree = "<group>";
+		};
+		190B1AC0276CFC67002B86DD /* mbedtls */ = {
+			isa = PBXGroup;
+			children = (
+				190B233C276D18CE002B86DD /* include */,
+				190B1B17276CFC67002B86DD /* lib */,
+			);
+			path = mbedtls;
+			sourceTree = "<group>";
+		};
+		190B1B17276CFC67002B86DD /* lib */ = {
+			isa = PBXGroup;
+			children = (
+				190B1B18276CFC67002B86DD /* libmbedcrypto.a */,
+				190B1B19276CFC67002B86DD /* libmbedx509.a */,
+				190B1B1A276CFC67002B86DD /* libmbedtls.a */,
+			);
+			path = lib;
+			sourceTree = "<group>";
+		};
+		190B1B1B276CFC67002B86DD /* libcares */ = {
+			isa = PBXGroup;
+			children = (
+				19835097276D3C4E0002E2E9 /* lib */,
+				190B1B1C276CFC67002B86DD /* include */,
+			);
+			path = libcares;
+			sourceTree = "<group>";
+		};
+		190B1B1C276CFC67002B86DD /* include */ = {
+			isa = PBXGroup;
+			children = (
+				190B1B1D276CFC67002B86DD /* ares_version.h */,
+				190B1B1E276CFC67002B86DD /* ares_build.h */,
+				190B1B1F276CFC67002B86DD /* ares.h */,
+				190B1B20276CFC67002B86DD /* ares_rules.h */,
+				190B1B21276CFC67002B86DD /* ares_dns.h */,
+			);
+			path = include;
+			sourceTree = "<group>";
+		};
+		190B1B72276CFC67002B86DD /* shadowsocks-libev */ = {
+			isa = PBXGroup;
+			children = (
+				19835086276D2CB40002E2E9 /* config.h */,
+				190B2070276D0DB4002B86DD /* libbloom */,
+				190B1F79276D0DB4002B86DD /* libcork */,
+				190B1E6C276D0DB3002B86DD /* libipset */,
+				190B1F44276D0DB3002B86DD /* src */,
+			);
+			path = "shadowsocks-libev";
+			sourceTree = "<group>";
+		};
+		190B1E6B276D06F2002B86DD /* Frameworks */ = {
+			isa = PBXGroup;
+			children = (
+				196AAB672776262D00602189 /* Clibsodium.xcframework */,
+				198350BD276D3E430002E2E9 /* libpthread.tbd */,
+				198350BA276D3D9D0002E2E9 /* libresolv.9.tbd */,
+				198350B8276D3D840002E2E9 /* libexpat.tbd */,
+				198350B6276D3D6A0002E2E9 /* libz.tbd */,
+				19835089276D3A4F0002E2E9 /* libresolv.tbd */,
+			);
+			name = Frameworks;
+			sourceTree = "<group>";
+		};
+		190B1E6C276D0DB3002B86DD /* libipset */ = {
+			isa = PBXGroup;
+			children = (
+				190B2290276D1697002B86DD /* ipsetbuild */,
+				190B228E276D1697002B86DD /* ipsetcat */,
+				190B2292276D1697002B86DD /* ipsetdot */,
+				190B2271276D1697002B86DD /* libipset */,
+			);
+			path = libipset;
+			sourceTree = "<group>";
+		};
+		190B1F44276D0DB3002B86DD /* src */ = {
+			isa = PBXGroup;
+			children = (
+				190B1F69276D0DB3002B86DD /* acl.c */,
+				190B1F4B276D0DB3002B86DD /* acl.h */,
+				190B1F4D276D0DB3002B86DD /* aead.c */,
+				190B1F67276D0DB3002B86DD /* aead.h */,
+				190B28D4276D25DA002B86DD /* android.c */,
+				190B1F64276D0DB3002B86DD /* base64.c */,
+				190B1F4F276D0DB3002B86DD /* base64.h */,
+				190B1F6B276D0DB3002B86DD /* cache.c */,
+				190B1F54276D0DB3002B86DD /* cache.h */,
+				190B1F61276D0DB3002B86DD /* common.h */,
+				190B1F71276D0DB3002B86DD /* crypto.c */,
+				190B1F5B276D0DB3002B86DD /* crypto.h */,
+				190B1F72276D0DB3002B86DD /* jconf.c */,
+				190B1F5A276D0DB3002B86DD /* jconf.h */,
+				190B1F45276D0DB3002B86DD /* json.c */,
+				190B1F62276D0DB3002B86DD /* json.h */,
+				190B1F51276D0DB3002B86DD /* local.c */,
+				190B1F6F276D0DB3002B86DD /* local.h */,
+				190B1F6C276D0DB3002B86DD /* manager.c */,
+				190B1F52276D0DB3002B86DD /* manager.h */,
+				190B1F63276D0DB3002B86DD /* netutils.c */,
+				190B1F50276D0DB3002B86DD /* netutils.h */,
+				190B1F68276D0DB3002B86DD /* plugin.c */,
+				190B1F4C276D0DB3002B86DD /* plugin.h */,
+				190B1F4E276D0DB3002B86DD /* ppbloom.c */,
+				190B1F66276D0DB3002B86DD /* ppbloom.h */,
+				190B28D3276D25DA002B86DD /* redir.c */,
+				190B28D5276D25DA002B86DD /* redir.h */,
+				190B1F5F276D0DB3002B86DD /* resolv.c */,
+				190B1F47276D0DB3002B86DD /* resolv.h */,
+				190B1F49276D0DB3002B86DD /* rule.c */,
+				190B1F6A276D0DB3002B86DD /* rule.h */,
+				190B1F59276D0DB3002B86DD /* server.c */,
+				190B1F73276D0DB3002B86DD /* server.h */,
+				190B1F6E276D0DB3002B86DD /* shadowsocks.h */,
+				190B1F76276D0DB4002B86DD /* socks5.h */,
+				190B1F77276D0DB4002B86DD /* stream.c */,
+				190B1F57276D0DB3002B86DD /* stream.h */,
+				190B1F6D276D0DB3002B86DD /* tunnel.c */,
+				190B1F53276D0DB3002B86DD /* tunnel.h */,
+				190B1F5C276D0DB3002B86DD /* udprelay.c */,
+				190B1F74276D0DB4002B86DD /* udprelay.h */,
+				190B1F58276D0DB3002B86DD /* uthash.h */,
+				190B1F60276D0DB3002B86DD /* utils.c */,
+				190B1F46276D0DB3002B86DD /* utils.h */,
+				190B1F5D276D0DB3002B86DD /* winsock.c */,
+				190B1F48276D0DB3002B86DD /* winsock.h */,
+			);
+			path = src;
+			sourceTree = "<group>";
+		};
+		190B1F79276D0DB4002B86DD /* libcork */ = {
+			isa = PBXGroup;
+			children = (
+				190B22D8276D16C2002B86DD /* cork-hash */,
+				190B22D4276D16C2002B86DD /* cork-initializer */,
+				190B22D2276D16C2002B86DD /* cork-test */,
+				190B22AC276D16C2002B86DD /* libcork */,
+			);
+			path = libcork;
+			sourceTree = "<group>";
+		};
+		190B2070276D0DB4002B86DD /* libbloom */ = {
+			isa = PBXGroup;
+			children = (
+				190B2095276D0DB4002B86DD /* bloom.c */,
+				190B2099276D0DB4002B86DD /* bloom.h */,
+				190B209C276D0DB4002B86DD /* murmur2 */,
+			);
+			path = libbloom;
+			sourceTree = "<group>";
+		};
+		190B209C276D0DB4002B86DD /* murmur2 */ = {
+			isa = PBXGroup;
+			children = (
+				190B209D276D0DB5002B86DD /* murmurhash2.h */,
+				190B209F276D0DB5002B86DD /* MurmurHash2.c */,
+			);
+			path = murmur2;
+			sourceTree = "<group>";
+		};
+		190B2271276D1697002B86DD /* libipset */ = {
+			isa = PBXGroup;
+			children = (
+				190B2272276D1697002B86DD /* map */,
+				190B227A276D1697002B86DD /* bdd */,
+				190B2283276D1697002B86DD /* set */,
+				190B228C276D1697002B86DD /* general.c */,
+			);
+			name = libipset;
+			path = src/libipset;
+			sourceTree = "<group>";
+		};
+		190B2272276D1697002B86DD /* map */ = {
+			isa = PBXGroup;
+			children = (
+				190B2273276D1697002B86DD /* storage.c */,
+				190B2274276D1697002B86DD /* inspection.c */,
+				190B2276276D1697002B86DD /* ipv4_map.c */,
+				190B2277276D1697002B86DD /* ipv6_map.c */,
+				190B2278276D1697002B86DD /* allocation.c */,
+			);
+			path = map;
+			sourceTree = "<group>";
+		};
+		190B227A276D1697002B86DD /* bdd */ = {
+			isa = PBXGroup;
+			children = (
+				190B227B276D1697002B86DD /* expanded.c */,
+				190B227C276D1697002B86DD /* basics.c */,
+				190B227D276D1697002B86DD /* assignments.c */,
+				190B227E276D1697002B86DD /* bdd-iterator.c */,
+				190B227F276D1697002B86DD /* read.c */,
+				190B2280276D1697002B86DD /* reachable.c */,
+				190B2282276D1697002B86DD /* write.c */,
+			);
+			path = bdd;
+			sourceTree = "<group>";
+		};
+		190B2283276D1697002B86DD /* set */ = {
+			isa = PBXGroup;
+			children = (
+				190B2284276D1697002B86DD /* ipv4_set.c */,
+				190B2285276D1697002B86DD /* ipv6_set.c */,
+				190B2286276D1697002B86DD /* storage.c */,
+				190B2287276D1697002B86DD /* inspection.c */,
+				190B2288276D1697002B86DD /* iterator.c */,
+				190B228A276D1697002B86DD /* allocation.c */,
+			);
+			path = set;
+			sourceTree = "<group>";
+		};
+		190B228E276D1697002B86DD /* ipsetcat */ = {
+			isa = PBXGroup;
+			children = (
+				190B228F276D1697002B86DD /* ipsetcat.c */,
+			);
+			name = ipsetcat;
+			path = src/ipsetcat;
+			sourceTree = "<group>";
+		};
+		190B2290276D1697002B86DD /* ipsetbuild */ = {
+			isa = PBXGroup;
+			children = (
+				190B2291276D1697002B86DD /* ipsetbuild.c */,
+			);
+			name = ipsetbuild;
+			path = src/ipsetbuild;
+			sourceTree = "<group>";
+		};
+		190B2292276D1697002B86DD /* ipsetdot */ = {
+			isa = PBXGroup;
+			children = (
+				190B2293276D1697002B86DD /* ipsetdot.c */,
+			);
+			name = ipsetdot;
+			path = src/ipsetdot;
+			sourceTree = "<group>";
+		};
+		190B22AC276D16C2002B86DD /* libcork */ = {
+			isa = PBXGroup;
+			children = (
+				190B22AD276D16C2002B86DD /* posix */,
+				190B22B6276D16C2002B86DD /* core */,
+				190B22C1276D16C2002B86DD /* ds */,
+				190B22CC276D16C2002B86DD /* cli */,
+				190B22CF276D16C2002B86DD /* pthreads */,
+			);
+			name = libcork;
+			path = src/libcork;
+			sourceTree = "<group>";
+		};
+		190B22AD276D16C2002B86DD /* posix */ = {
+			isa = PBXGroup;
+			children = (
+				190B22AE276D16C2002B86DD /* mingw.c */,
+				190B22AF276D16C2002B86DD /* process.c */,
+				190B22B0276D16C2002B86DD /* exec.c */,
+				190B22B1276D16C2002B86DD /* files.c */,
+				190B22B2276D16C2002B86DD /* subprocess.c */,
+				190B22B3276D16C2002B86DD /* env.c */,
+				190B22B4276D16C2002B86DD /* directory-walker.c */,
+			);
+			path = posix;
+			sourceTree = "<group>";
+		};
+		190B22B6276D16C2002B86DD /* core */ = {
+			isa = PBXGroup;
+			children = (
+				190B22B7276D16C2002B86DD /* allocator.c */,
+				190B22B8276D16C2002B86DD /* ip-address.c */,
+				190B22B9276D16C2002B86DD /* mempool.c */,
+				190B22BA276D16C2002B86DD /* timestamp.c */,
+				190B22BB276D16C2002B86DD /* hash.c */,
+				190B22BC276D16C2002B86DD /* error.c */,
+				190B22BD276D16C2002B86DD /* version.c */,
+				190B22BE276D16C2002B86DD /* u128.c */,
+				190B22C0276D16C2002B86DD /* gc.c */,
+			);
+			path = core;
+			sourceTree = "<group>";
+		};
+		190B22C1276D16C2002B86DD /* ds */ = {
+			isa = PBXGroup;
+			children = (
+				190B22C2276D16C2002B86DD /* buffer.c */,
+				190B22C3276D16C2002B86DD /* managed-buffer.c */,
+				190B22C4276D16C2002B86DD /* array.c */,
+				190B22C5276D16C2002B86DD /* dllist.c */,
+				190B22C6276D16C2002B86DD /* file-stream.c */,
+				190B22C7276D16C2002B86DD /* ring-buffer.c */,
+				190B22C8276D16C2002B86DD /* hash-table.c */,
+				190B22C9276D16C2002B86DD /* bitset.c */,
+				190B22CA276D16C2002B86DD /* slice.c */,
+			);
+			path = ds;
+			sourceTree = "<group>";
+		};
+		190B22CC276D16C2002B86DD /* cli */ = {
+			isa = PBXGroup;
+			children = (
+				190B22CE276D16C2002B86DD /* commands.c */,
+			);
+			path = cli;
+			sourceTree = "<group>";
+		};
+		190B22CF276D16C2002B86DD /* pthreads */ = {
+			isa = PBXGroup;
+			children = (
+				190B22D0276D16C2002B86DD /* thread.c */,
+			);
+			path = pthreads;
+			sourceTree = "<group>";
+		};
+		190B22D2276D16C2002B86DD /* cork-test */ = {
+			isa = PBXGroup;
+			children = (
+				190B22D3276D16C2002B86DD /* cork-test.c */,
+			);
+			name = "cork-test";
+			path = "src/cork-test";
+			sourceTree = "<group>";
+		};
+		190B22D4276D16C2002B86DD /* cork-initializer */ = {
+			isa = PBXGroup;
+			children = (
+				190B22D5276D16C2002B86DD /* init1.c */,
+				190B22D6276D16C2002B86DD /* init2.c */,
+				190B22D7276D16C2002B86DD /* main.c */,
+			);
+			name = "cork-initializer";
+			path = "src/cork-initializer";
+			sourceTree = "<group>";
+		};
+		190B22D8276D16C2002B86DD /* cork-hash */ = {
+			isa = PBXGroup;
+			children = (
+				190B22D9276D16C2002B86DD /* cork-hash.c */,
+			);
+			name = "cork-hash";
+			path = "src/cork-hash";
+			sourceTree = "<group>";
+		};
+		190B233C276D18CE002B86DD /* include */ = {
+			isa = PBXGroup;
+			children = (
+				190B233D276D18CE002B86DD /* pem.h */,
+				190B233E276D18CE002B86DD /* check_config.h */,
+				190B233F276D18CE002B86DD /* error.h */,
+				190B2340276D18CE002B86DD /* md2.h */,
+				190B2341276D18CE002B86DD /* oid.h */,
+				190B2342276D18CE002B86DD /* pkcs5.h */,
+				190B2343276D18CE002B86DD /* ripemd160.h */,
+				190B2344276D18CE002B86DD /* blowfish.h */,
+				190B2345276D18CE002B86DD /* debug.h */,
+				190B2346276D18CE002B86DD /* x509.h */,
+				190B2347276D18CE002B86DD /* version.h */,
+				190B2349276D18CE002B86DD /* ecp.h */,
+				190B234A276D18CE002B86DD /* net.h */,
+				190B234B276D18CE002B86DD /* cipher_internal.h */,
+				190B234D276D18CE002B86DD /* md_internal.h */,
+				190B234E276D18CE002B86DD /* base64.h */,
+				190B234F276D18CE002B86DD /* pkcs11.h */,
+				190B2350276D18CE002B86DD /* ssl_internal.h */,
+				190B2351276D18CE002B86DD /* asn1.h */,
+				190B2352276D18CE002B86DD /* config.h */,
+				190B2353276D18CE002B86DD /* memory_buffer_alloc.h */,
+				190B2354276D18CE002B86DD /* x509_csr.h */,
+				190B2355276D18CE002B86DD /* xtea.h */,
+				190B2356276D18CE002B86DD /* threading.h */,
+				190B2357276D18CE002B86DD /* compat-1.3.h */,
+				190B2358276D18CE002B86DD /* md5.h */,
+				190B2359276D18CE002B86DD /* timing.h */,
+				190B235A276D18CE002B86DD /* arc4.h */,
+				190B235B276D18CE002B86DD /* sha256.h */,
+				190B235C276D18CE002B86DD /* mbedtls */,
+				190B239F276D18CF002B86DD /* ecdsa.h */,
+				190B23A0276D18CF002B86DD /* md.h */,
+				190B23A1276D18CF002B86DD /* cipher.h */,
+				190B23A2276D18CF002B86DD /* entropy.h */,
+				190B23A3276D18CF002B86DD /* pkcs12.h */,
+				190B23A4276D18CF002B86DD /* padlock.h */,
+				190B23A5276D18CF002B86DD /* sha512.h */,
+				190B23A6276D18CF002B86DD /* bn_mul.h */,
+				190B23A7276D18CF002B86DD /* pk.h */,
+				190B23A8276D18CF002B86DD /* ssl.h */,
+				190B23A9276D18CF002B86DD /* camellia.h */,
+				190B23AA276D18CF002B86DD /* md4.h */,
+				190B23AB276D18CF002B86DD /* x509_crt.h */,
+				190B23AC276D18CF002B86DD /* .gitignore */,
+				190B23AD276D18CF002B86DD /* aes.h */,
+				190B23AE276D18CF002B86DD /* pk_internal.h */,
+				190B23AF276D18CF002B86DD /* ssl_cookie.h */,
+				190B23B0276D18CF002B86DD /* dhm.h */,
+				190B23B1276D18CF002B86DD /* aesni.h */,
+				190B23B2276D18CF002B86DD /* ctr_drbg.h */,
+				190B23B3276D18CF002B86DD /* des.h */,
+				190B23B4276D18CF002B86DD /* x509_crl.h */,
+				190B23B5276D18CF002B86DD /* ecdh.h */,
+				190B23B6276D18CF002B86DD /* sha1.h */,
+				190B23B7276D18CF002B86DD /* gcm.h */,
+				190B23B8276D18CF002B86DD /* certs.h */,
+				190B23B9276D18CF002B86DD /* rsa.h */,
+				190B23BA276D18CF002B86DD /* hmac_drbg.h */,
+				190B23BB276D18CF002B86DD /* ssl_ticket.h */,
+				190B23BC276D18CF002B86DD /* ssl_ciphersuites.h */,
+				190B23BD276D18CF002B86DD /* ssl_cache.h */,
+				190B23BE276D18CF002B86DD /* platform.h */,
+				190B23BF276D18CF002B86DD /* bignum.h */,
+				190B23C0276D18CF002B86DD /* entropy_poll.h */,
+				190B23C1276D18CF002B86DD /* havege.h */,
+				190B23C2276D18CF002B86DD /* asn1write.h */,
+				190B23C3276D18CF002B86DD /* ccm.h */,
+			);
+			path = include;
+			sourceTree = "<group>";
+		};
+		190B235C276D18CE002B86DD /* mbedtls */ = {
+			isa = PBXGroup;
+			children = (
+				190B235D276D18CE002B86DD /* pem.h */,
+				190B235E276D18CE002B86DD /* check_config.h */,
+				190B235F276D18CE002B86DD /* error.h */,
+				190B2360276D18CE002B86DD /* md2.h */,
+				190B2361276D18CE002B86DD /* oid.h */,
+				190B2362276D18CE002B86DD /* pkcs5.h */,
+				190B2363276D18CE002B86DD /* ripemd160.h */,
+				190B2364276D18CE002B86DD /* blowfish.h */,
+				190B2365276D18CE002B86DD /* debug.h */,
+				190B2366276D18CE002B86DD /* x509.h */,
+				190B2367276D18CE002B86DD /* version.h */,
+				190B2368276D18CE002B86DD /* ecp.h */,
+				190B2369276D18CE002B86DD /* net.h */,
+				190B236A276D18CE002B86DD /* cipher_internal.h */,
+				190B236B276D18CE002B86DD /* LICENSE */,
+				190B236C276D18CF002B86DD /* md_internal.h */,
+				190B236D276D18CF002B86DD /* base64.h */,
+				190B236E276D18CF002B86DD /* pkcs11.h */,
+				190B236F276D18CF002B86DD /* ssl_internal.h */,
+				190B2370276D18CF002B86DD /* asn1.h */,
+				190B2371276D18CF002B86DD /* config.h */,
+				190B2372276D18CF002B86DD /* memory_buffer_alloc.h */,
+				190B2373276D18CF002B86DD /* x509_csr.h */,
+				190B2374276D18CF002B86DD /* xtea.h */,
+				190B2375276D18CF002B86DD /* threading.h */,
+				190B2376276D18CF002B86DD /* compat-1.3.h */,
+				190B2377276D18CF002B86DD /* md5.h */,
+				190B2378276D18CF002B86DD /* timing.h */,
+				190B2379276D18CF002B86DD /* arc4.h */,
+				190B237A276D18CF002B86DD /* sha256.h */,
+				190B237B276D18CF002B86DD /* ecdsa.h */,
+				190B237C276D18CF002B86DD /* md.h */,
+				190B237D276D18CF002B86DD /* cipher.h */,
+				190B237E276D18CF002B86DD /* entropy.h */,
+				190B237F276D18CF002B86DD /* pkcs12.h */,
+				190B2380276D18CF002B86DD /* padlock.h */,
+				190B2381276D18CF002B86DD /* sha512.h */,
+				190B2382276D18CF002B86DD /* bn_mul.h */,
+				190B2383276D18CF002B86DD /* pk.h */,
+				190B2384276D18CF002B86DD /* ssl.h */,
+				190B2385276D18CF002B86DD /* camellia.h */,
+				190B2386276D18CF002B86DD /* md4.h */,
+				190B2387276D18CF002B86DD /* x509_crt.h */,
+				190B2388276D18CF002B86DD /* aes.h */,
+				190B2389276D18CF002B86DD /* pk_internal.h */,
+				190B238A276D18CF002B86DD /* ssl_cookie.h */,
+				190B238B276D18CF002B86DD /* dhm.h */,
+				190B238C276D18CF002B86DD /* aesni.h */,
+				190B238D276D18CF002B86DD /* ctr_drbg.h */,
+				190B238E276D18CF002B86DD /* des.h */,
+				190B238F276D18CF002B86DD /* x509_crl.h */,
+				190B2390276D18CF002B86DD /* ecdh.h */,
+				190B2391276D18CF002B86DD /* sha1.h */,
+				190B2392276D18CF002B86DD /* gcm.h */,
+				190B2393276D18CF002B86DD /* certs.h */,
+				190B2394276D18CF002B86DD /* rsa.h */,
+				190B2395276D18CF002B86DD /* hmac_drbg.h */,
+				190B2396276D18CF002B86DD /* ssl_ticket.h */,
+				190B2397276D18CF002B86DD /* ssl_ciphersuites.h */,
+				190B2398276D18CF002B86DD /* ssl_cache.h */,
+				190B2399276D18CF002B86DD /* platform.h */,
+				190B239A276D18CF002B86DD /* bignum.h */,
+				190B239B276D18CF002B86DD /* entropy_poll.h */,
+				190B239C276D18CF002B86DD /* havege.h */,
+				190B239D276D18CF002B86DD /* asn1write.h */,
+				190B239E276D18CF002B86DD /* ccm.h */,
+			);
+			path = mbedtls;
+			sourceTree = "<group>";
+		};
+		190B2458276D2251002B86DD /* pcre */ = {
+			isa = PBXGroup;
+			children = (
+				198350A1276D3C850002E2E9 /* lib */,
+				190B2459276D2251002B86DD /* include */,
+			);
+			path = pcre;
+			sourceTree = "<group>";
+		};
+		190B2459276D2251002B86DD /* include */ = {
+			isa = PBXGroup;
+			children = (
+				190B245A276D2251002B86DD /* pcrecpparg.h */,
+				190B245B276D2251002B86DD /* pcreposix.h */,
+				190B245C276D2251002B86DD /* pcre_scanner.h */,
+				190B245D276D2251002B86DD /* pcre_stringpiece.h */,
+				190B245E276D2251002B86DD /* pcre.h */,
+				190B245F276D2251002B86DD /* pcrecpp.h */,
+			);
+			path = include;
+			sourceTree = "<group>";
+		};
+		1983508F276D3C0D0002E2E9 /* lib */ = {
+			isa = PBXGroup;
+			children = (
+				19835090276D3C0D0002E2E9 /* libev.a */,
+				19835091276D3C0D0002E2E9 /* libev.la */,
+			);
+			path = lib;
+			sourceTree = "<group>";
+		};
+		19835097276D3C4E0002E2E9 /* lib */ = {
+			isa = PBXGroup;
+			children = (
+				1983509C276D3C4E0002E2E9 /* arm64 */,
+			);
+			path = lib;
+			sourceTree = "<group>";
+		};
+		1983509C276D3C4E0002E2E9 /* arm64 */ = {
+			isa = PBXGroup;
+			children = (
+				1983509D276D3C4E0002E2E9 /* libcares.a */,
+			);
+			path = arm64;
+			sourceTree = "<group>";
+		};
+		198350A1276D3C850002E2E9 /* lib */ = {
+			isa = PBXGroup;
+			children = (
+				198350A6276D3C850002E2E9 /* libpcre.la */,
+				198350A7276D3C850002E2E9 /* libpcrecpp.la */,
+				198350A8276D3C850002E2E9 /* libpcreposix.a */,
+				198350A9276D3C850002E2E9 /* libpcre.a */,
+				198350AA276D3C850002E2E9 /* libpcreposix.la */,
+				198350AB276D3C850002E2E9 /* libpcrecpp.a */,
+			);
+			path = lib;
+			sourceTree = "<group>";
+		};
+/* End PBXGroup section */
+
+/* Begin PBXHeadersBuildPhase section */
+		190B121D276CF6B5002B86DD /* Headers */ = {
+			isa = PBXHeadersBuildPhase;
+			buildActionMask = 2147483647;
+			files = (
+				190B23F2276D18CF002B86DD /* md_internal.h in Headers */,
+				190B216D276D0DB5002B86DD /* shadowsocks.h in Headers */,
+				19835087276D2DED0002E2E9 /* config.h in Headers */,
+				190B241E276D18CF002B86DD /* ssl_cache.h in Headers */,
+				190B214B276D0DB5002B86DD /* plugin.h in Headers */,
+				190B23E8276D18CF002B86DD /* pkcs5.h in Headers */,
+				190B2413276D18CF002B86DD /* ctr_drbg.h in Headers */,
+				190B2424276D18CF002B86DD /* ccm.h in Headers */,
+				190B23C8276D18CF002B86DD /* oid.h in Headers */,
+				190B2443276D18CF002B86DD /* ssl_cache.h in Headers */,
+				190B1E0B276CFC69002B86DD /* ares_build.h in Headers */,
+				190B1226276CF6B5002B86DD /* ShadowSocks.h in Headers */,
+				190B23EC276D18CF002B86DD /* x509.h in Headers */,
+				190B1E0D276CFC69002B86DD /* ares_rules.h in Headers */,
+				190B241F276D18CF002B86DD /* platform.h in Headers */,
+				190B2439276D18CF002B86DD /* des.h in Headers */,
+				190B1E0C276CFC69002B86DD /* ares.h in Headers */,
+				190B23EA276D18CF002B86DD /* blowfish.h in Headers */,
+				190B2441276D18CF002B86DD /* ssl_ticket.h in Headers */,
+				190B23E6276D18CF002B86DD /* md2.h in Headers */,
+				190B241B276D18CF002B86DD /* hmac_drbg.h in Headers */,
+				190B243F276D18CF002B86DD /* rsa.h in Headers */,
+				190B2428276D18CF002B86DD /* entropy.h in Headers */,
+				190B23DB276D18CF002B86DD /* x509_csr.h in Headers */,
+				190B23FE276D18CF002B86DD /* timing.h in Headers */,
+				190B2427276D18CF002B86DD /* cipher.h in Headers */,
+				190B23C4276D18CF002B86DD /* pem.h in Headers */,
+				190B240D276D18CF002B86DD /* x509_crt.h in Headers */,
+				190B23D9276D18CF002B86DD /* config.h in Headers */,
+				190B2404276D18CF002B86DD /* entropy.h in Headers */,
+				190B2440276D18CF002B86DD /* hmac_drbg.h in Headers */,
+				190B23E9276D18CF002B86DD /* ripemd160.h in Headers */,
+				190B2423276D18CF002B86DD /* asn1write.h in Headers */,
+				190B240C276D18CF002B86DD /* md4.h in Headers */,
+				190B2412276D18CF002B86DD /* aesni.h in Headers */,
+				190B242E276D18CF002B86DD /* ssl.h in Headers */,
+				190B2151276D0DB5002B86DD /* manager.h in Headers */,
+				190B2414276D18CF002B86DD /* des.h in Headers */,
+				190B2405276D18CF002B86DD /* pkcs12.h in Headers */,
+				190B23D2276D18CF002B86DD /* cipher_internal.h in Headers */,
+				190B242D276D18CF002B86DD /* pk.h in Headers */,
+				190B23D6276D18CF002B86DD /* pkcs11.h in Headers */,
+				190B2411276D18CF002B86DD /* dhm.h in Headers */,
+				190B23F0276D18CF002B86DD /* cipher_internal.h in Headers */,
+				190B2161276D0DB5002B86DD /* json.h in Headers */,
+				190B23C9276D18CF002B86DD /* pkcs5.h in Headers */,
+				190B243C276D18CF002B86DD /* sha1.h in Headers */,
+				190B23D4276D18CF002B86DD /* md_internal.h in Headers */,
+				190B23E7276D18CF002B86DD /* oid.h in Headers */,
+				190B23FD276D18CF002B86DD /* md5.h in Headers */,
+				190B2410276D18CF002B86DD /* ssl_cookie.h in Headers */,
+				190B2447276D18CF002B86DD /* havege.h in Headers */,
+				190B2401276D18CF002B86DD /* ecdsa.h in Headers */,
+				190B2402276D18CF002B86DD /* md.h in Headers */,
+				190B23F8276D18CF002B86DD /* memory_buffer_alloc.h in Headers */,
+				190B1DB0276CFC69002B86DD /* ev.h in Headers */,
+				190B23DF276D18CF002B86DD /* md5.h in Headers */,
+				190B240E276D18CF002B86DD /* aes.h in Headers */,
+				190B2169276D0DB5002B86DD /* rule.h in Headers */,
+				190B240A276D18CF002B86DD /* ssl.h in Headers */,
+				190B214E276D0DB5002B86DD /* base64.h in Headers */,
+				190B2153276D0DB5002B86DD /* cache.h in Headers */,
+				190B23E5276D18CF002B86DD /* error.h in Headers */,
+				190B243E276D18CF002B86DD /* certs.h in Headers */,
+				190B2156276D0DB5002B86DD /* stream.h in Headers */,
+				190B241D276D18CF002B86DD /* ssl_ciphersuites.h in Headers */,
+				190B23EE276D18CF002B86DD /* ecp.h in Headers */,
+				190B23ED276D18CF002B86DD /* version.h in Headers */,
+				190B214A276D0DB5002B86DD /* acl.h in Headers */,
+				190B2426276D18CF002B86DD /* md.h in Headers */,
+				190B23DA276D18CF002B86DD /* memory_buffer_alloc.h in Headers */,
+				190B23C6276D18CF002B86DD /* error.h in Headers */,
+				190B2416276D18CF002B86DD /* ecdh.h in Headers */,
+				190B2421276D18CF002B86DD /* entropy_poll.h in Headers */,
+				190B23D5276D18CF002B86DD /* base64.h in Headers */,
+				190B2437276D18CF002B86DD /* aesni.h in Headers */,
+				190B23EF276D18CF002B86DD /* net.h in Headers */,
+				190B23CD276D18CF002B86DD /* x509.h in Headers */,
+				190B2172276D0DB5002B86DD /* udprelay.h in Headers */,
+				190B23DD276D18CF002B86DD /* threading.h in Headers */,
+				190B2174276D0DB5002B86DD /* socks5.h in Headers */,
+				190B2147276D0DB5002B86DD /* winsock.h in Headers */,
+				190B2422276D18CF002B86DD /* havege.h in Headers */,
+				190B240B276D18CF002B86DD /* camellia.h in Headers */,
+				190B23FC276D18CF002B86DD /* compat-1.3.h in Headers */,
+				190B2157276D0DB5002B86DD /* uthash.h in Headers */,
+				190B2145276D0DB5002B86DD /* utils.h in Headers */,
+				190B23DC276D18CF002B86DD /* xtea.h in Headers */,
+				190B242F276D18CF002B86DD /* camellia.h in Headers */,
+				190B241A276D18CF002B86DD /* rsa.h in Headers */,
+				190B2166276D0DB5002B86DD /* aead.h in Headers */,
+				190B2446276D18CF002B86DD /* entropy_poll.h in Headers */,
+				190B226E276D0DB6002B86DD /* murmurhash2.h in Headers */,
+				190B23EB276D18CF002B86DD /* debug.h in Headers */,
+				190B23D0276D18CF002B86DD /* ecp.h in Headers */,
+				190B23F4276D18CF002B86DD /* pkcs11.h in Headers */,
+				190B243A276D18CF002B86DD /* x509_crl.h in Headers */,
+				190B2159276D0DB5002B86DD /* jconf.h in Headers */,
+				190B2408276D18CF002B86DD /* bn_mul.h in Headers */,
+				190B23CC276D18CF002B86DD /* debug.h in Headers */,
+				190B23CB276D18CF002B86DD /* blowfish.h in Headers */,
+				190B2425276D18CF002B86DD /* ecdsa.h in Headers */,
+				190B2430276D18CF002B86DD /* md4.h in Headers */,
+				190B2449276D18CF002B86DD /* ccm.h in Headers */,
+				190B2146276D0DB5002B86DD /* resolv.h in Headers */,
+				190B2152276D0DB5002B86DD /* tunnel.h in Headers */,
+				190B1E0E276CFC69002B86DD /* ares_dns.h in Headers */,
+				190B23E2276D18CF002B86DD /* sha256.h in Headers */,
+				190B2438276D18CF002B86DD /* ctr_drbg.h in Headers */,
+				190B1DAF276CFC69002B86DD /* ev++.h in Headers */,
+				190B28D8276D25DA002B86DD /* redir.h in Headers */,
+				190B23DE276D18CF002B86DD /* compat-1.3.h in Headers */,
+				190B2436276D18CF002B86DD /* dhm.h in Headers */,
+				190B2433276D18CF002B86DD /* aes.h in Headers */,
+				190B241C276D18CF002B86DD /* ssl_ticket.h in Headers */,
+				190B23E3276D18CF002B86DD /* pem.h in Headers */,
+				190B2406276D18CF002B86DD /* padlock.h in Headers */,
+				190B2420276D18CF002B86DD /* bignum.h in Headers */,
+				190B2403276D18CF002B86DD /* cipher.h in Headers */,
+				190B242B276D18CF002B86DD /* sha512.h in Headers */,
+				190B226C276D0DB6002B86DD /* bloom.h in Headers */,
+				190B1DAE276CFC69002B86DD /* event.h in Headers */,
+				190B23FF276D18CF002B86DD /* arc4.h in Headers */,
+				190B2419276D18CF002B86DD /* certs.h in Headers */,
+				190B2444276D18CF002B86DD /* platform.h in Headers */,
+				190B23E1276D18CF002B86DD /* arc4.h in Headers */,
+				190B2418276D18CF002B86DD /* gcm.h in Headers */,
+				190B23FB276D18CF002B86DD /* threading.h in Headers */,
+				190B23D8276D18CF002B86DD /* asn1.h in Headers */,
+				190B23D1276D18CF002B86DD /* net.h in Headers */,
+				190B23F6276D18CF002B86DD /* asn1.h in Headers */,
+				190B2165276D0DB5002B86DD /* ppbloom.h in Headers */,
+				190B23C5276D18CF002B86DD /* check_config.h in Headers */,
+				190B23E0276D18CF002B86DD /* timing.h in Headers */,
+				190B23CA276D18CF002B86DD /* ripemd160.h in Headers */,
+				190B23FA276D18CF002B86DD /* xtea.h in Headers */,
+				190B23D7276D18CF002B86DD /* ssl_internal.h in Headers */,
+				190B2431276D18CF002B86DD /* x509_crt.h in Headers */,
+				190B2434276D18CF002B86DD /* pk_internal.h in Headers */,
+				190B214F276D0DB5002B86DD /* netutils.h in Headers */,
+				190B23CE276D18CF002B86DD /* version.h in Headers */,
+				190B2435276D18CF002B86DD /* ssl_cookie.h in Headers */,
+				190B2442276D18CF002B86DD /* ssl_ciphersuites.h in Headers */,
+				190B215A276D0DB5002B86DD /* crypto.h in Headers */,
+				190B2400276D18CF002B86DD /* sha256.h in Headers */,
+				190B240F276D18CF002B86DD /* pk_internal.h in Headers */,
+				190B1E0A276CFC69002B86DD /* ares_version.h in Headers */,
+				190B23C7276D18CF002B86DD /* md2.h in Headers */,
+				190B2160276D0DB5002B86DD /* common.h in Headers */,
+				190B2429276D18CF002B86DD /* pkcs12.h in Headers */,
+				190B2409276D18CF002B86DD /* pk.h in Headers */,
+				190B243B276D18CF002B86DD /* ecdh.h in Headers */,
+				190B2415276D18CF002B86DD /* x509_crl.h in Headers */,
+				190B2171276D0DB5002B86DD /* server.h in Headers */,
+				190B2448276D18CF002B86DD /* asn1write.h in Headers */,
+				190B242A276D18CF002B86DD /* padlock.h in Headers */,
+				190B243D276D18CF002B86DD /* gcm.h in Headers */,
+				190B2445276D18CF002B86DD /* bignum.h in Headers */,
+				190B242C276D18CF002B86DD /* bn_mul.h in Headers */,
+				190B23F5276D18CF002B86DD /* ssl_internal.h in Headers */,
+				190B216E276D0DB5002B86DD /* local.h in Headers */,
+				190B2417276D18CF002B86DD /* sha1.h in Headers */,
+				190B2407276D18CF002B86DD /* sha512.h in Headers */,
+				190B23F9276D18CF002B86DD /* x509_csr.h in Headers */,
+				190B23F3276D18CF002B86DD /* base64.h in Headers */,
+			);
+			runOnlyForDeploymentPostprocessing = 0;
+		};
+/* End PBXHeadersBuildPhase section */
+
+/* Begin PBXNativeTarget section */
+		190B1221276CF6B5002B86DD /* ShadowSocks */ = {
+			isa = PBXNativeTarget;
+			buildConfigurationList = 190B1229276CF6B5002B86DD /* Build configuration list for PBXNativeTarget "ShadowSocks" */;
+			buildPhases = (
+				190B121D276CF6B5002B86DD /* Headers */,
+				190B121E276CF6B5002B86DD /* Sources */,
+				190B121F276CF6B5002B86DD /* Frameworks */,
+				190B1220276CF6B5002B86DD /* Resources */,
+				196AAB66277625DF00602189 /* CopyFiles */,
+				196AAB6C2776263400602189 /* Embed Frameworks */,
+			);
+			buildRules = (
+			);
+			dependencies = (
+			);
+			name = ShadowSocks;
+			productName = ShadowSocks;
+			productReference = 190B1222276CF6B5002B86DD /* ShadowSocks.framework */;
+			productType = "com.apple.product-type.framework";
+		};
+/* End PBXNativeTarget section */
+
+/* Begin PBXProject section */
+		190B1219276CF6B5002B86DD /* Project object */ = {
+			isa = PBXProject;
+			attributes = {
+				BuildIndependentTargetsInParallel = 1;
+				LastUpgradeCheck = 1320;
+				TargetAttributes = {
+					190B1221276CF6B5002B86DD = {
+						CreatedOnToolsVersion = 13.2;
+					};
+				};
+			};
+			buildConfigurationList = 190B121C276CF6B5002B86DD /* Build configuration list for PBXProject "ShadowSocks" */;
+			compatibilityVersion = "Xcode 13.0";
+			developmentRegion = en;
+			hasScannedForEncodings = 0;
+			knownRegions = (
+				en,
+				Base,
+			);
+			mainGroup = 190B1218276CF6B5002B86DD;
+			productRefGroup = 190B1223276CF6B5002B86DD /* Products */;
+			projectDirPath = "";
+			projectRoot = "";
+			targets = (
+				190B1221276CF6B5002B86DD /* ShadowSocks */,
+			);
+		};
+/* End PBXProject section */
+
+/* Begin PBXResourcesBuildPhase section */
+		190B1220276CF6B5002B86DD /* Resources */ = {
+			isa = PBXResourcesBuildPhase;
+			buildActionMask = 2147483647;
+			files = (
+			);
+			runOnlyForDeploymentPostprocessing = 0;
+		};
+/* End PBXResourcesBuildPhase section */
+
+/* Begin PBXSourcesBuildPhase section */
+		190B121E276CF6B5002B86DD /* Sources */ = {
+			isa = PBXSourcesBuildPhase;
+			buildActionMask = 2147483647;
+			files = (
+				190B22DA276D16C2002B86DD /* mingw.c in Sources */,
+				190B22DD276D16C2002B86DD /* files.c in Sources */,
+				190B229D276D1697002B86DD /* bdd-iterator.c in Sources */,
+				190B2158276D0DB5002B86DD /* server.c in Sources */,
+				190B22F8276D16C2002B86DD /* main.c in Sources */,
+				190B2148276D0DB5002B86DD /* rule.c in Sources */,
+				190B216B276D0DB5002B86DD /* manager.c in Sources */,
+				190B22DF276D16C2002B86DD /* env.c in Sources */,
+				190B216C276D0DB5002B86DD /* tunnel.c in Sources */,
+				190B229B276D1697002B86DD /* basics.c in Sources */,
+				190B2150276D0DB5002B86DD /* local.c in Sources */,
+				190B229F276D1697002B86DD /* reachable.c in Sources */,
+				190B22F1276D16C2002B86DD /* bitset.c in Sources */,
+				190B22EA276D16C2002B86DD /* buffer.c in Sources */,
+				190B216F276D0DB5002B86DD /* crypto.c in Sources */,
+				190B214C276D0DB5002B86DD /* aead.c in Sources */,
+				190B2298276D1697002B86DD /* ipv6_map.c in Sources */,
+				190B2294276D1697002B86DD /* storage.c in Sources */,
+				190B22E8276D16C2002B86DD /* u128.c in Sources */,
+				190B2163276D0DB5002B86DD /* base64.c in Sources */,
+				190B22A1276D1697002B86DD /* ipv4_set.c in Sources */,
+				190B22EE276D16C2002B86DD /* file-stream.c in Sources */,
+				190B22EB276D16C2002B86DD /* managed-buffer.c in Sources */,
+				190B22E2276D16C2002B86DD /* ip-address.c in Sources */,
+				190B22EF276D16C2002B86DD /* ring-buffer.c in Sources */,
+				190B215B276D0DB5002B86DD /* udprelay.c in Sources */,
+				190B22A4276D1697002B86DD /* inspection.c in Sources */,
+				190B229E276D1697002B86DD /* read.c in Sources */,
+				190B22DE276D16C2002B86DD /* subprocess.c in Sources */,
+				190B2170276D0DB5002B86DD /* jconf.c in Sources */,
+				190B2168276D0DB5002B86DD /* acl.c in Sources */,
+				190B215E276D0DB5002B86DD /* resolv.c in Sources */,
+				190B2175276D0DB5002B86DD /* stream.c in Sources */,
+				190B22DB276D16C2002B86DD /* process.c in Sources */,
+				190B214D276D0DB5002B86DD /* ppbloom.c in Sources */,
+				190B2167276D0DB5002B86DD /* plugin.c in Sources */,
+				190B22F7276D16C2002B86DD /* init2.c in Sources */,
+				190B2297276D1697002B86DD /* ipv4_map.c in Sources */,
+				190B2299276D1697002B86DD /* allocation.c in Sources */,
+				190B22A3276D1697002B86DD /* storage.c in Sources */,
+				190B215F276D0DB5002B86DD /* utils.c in Sources */,
+				190B22E5276D16C2002B86DD /* hash.c in Sources */,
+				190B2162276D0DB5002B86DD /* netutils.c in Sources */,
+				190B2270276D0DB6002B86DD /* MurmurHash2.c in Sources */,
+				190B22F6276D16C2002B86DD /* init1.c in Sources */,
+				190B22F0276D16C2002B86DD /* hash-table.c in Sources */,
+				190B22F3276D16C2002B86DD /* commands.c in Sources */,
+				190B22E0276D16C2002B86DD /* directory-walker.c in Sources */,
+				190B22E9276D16C2002B86DD /* gc.c in Sources */,
+				190B2144276D0DB5002B86DD /* json.c in Sources */,
+				190B22A0276D1697002B86DD /* write.c in Sources */,
+				190B216A276D0DB5002B86DD /* cache.c in Sources */,
+				190B22E4276D16C2002B86DD /* timestamp.c in Sources */,
+				190B22A2276D1697002B86DD /* ipv6_set.c in Sources */,
+				190B22E1276D16C2002B86DD /* allocator.c in Sources */,
+				190B22AA276D1697002B86DD /* ipsetbuild.c in Sources */,
+				190B22A9276D1697002B86DD /* ipsetcat.c in Sources */,
+				190B22A8276D1697002B86DD /* general.c in Sources */,
+				190B22A7276D1697002B86DD /* allocation.c in Sources */,
+				190B2295276D1697002B86DD /* inspection.c in Sources */,
+				190B215C276D0DB5002B86DD /* winsock.c in Sources */,
+				190B229A276D1697002B86DD /* expanded.c in Sources */,
+				190B22EC276D16C2002B86DD /* array.c in Sources */,
+				190B22AB276D1697002B86DD /* ipsetdot.c in Sources */,
+				190B22DC276D16C2002B86DD /* exec.c in Sources */,
+				190B22F2276D16C2002B86DD /* slice.c in Sources */,
+				190B22A5276D1697002B86DD /* iterator.c in Sources */,
+				190B22F4276D16C2002B86DD /* thread.c in Sources */,
+				190B22F9276D16C2002B86DD /* cork-hash.c in Sources */,
+				190B22E7276D16C2002B86DD /* version.c in Sources */,
+				190B28D6276D25DA002B86DD /* redir.c in Sources */,
+				190B22E6276D16C2002B86DD /* error.c in Sources */,
+				190B2268276D0DB6002B86DD /* bloom.c in Sources */,
+				190B22E3276D16C2002B86DD /* mempool.c in Sources */,
+				190B22F5276D16C2002B86DD /* cork-test.c in Sources */,
+				190B22ED276D16C2002B86DD /* dllist.c in Sources */,
+				190B229C276D1697002B86DD /* assignments.c in Sources */,
+			);
+			runOnlyForDeploymentPostprocessing = 0;
+		};
+/* End PBXSourcesBuildPhase section */
+
+/* Begin XCBuildConfiguration section */
+		190B1227276CF6B5002B86DD /* Debug */ = {
+			isa = XCBuildConfiguration;
+			buildSettings = {
+				ALWAYS_SEARCH_USER_PATHS = NO;
+				CLANG_ANALYZER_NONNULL = YES;
+				CLANG_ANALYZER_NUMBER_OBJECT_CONVERSION = YES_AGGRESSIVE;
+				CLANG_CXX_LANGUAGE_STANDARD = "gnu++17";
+				CLANG_CXX_LIBRARY = "libc++";
+				CLANG_ENABLE_MODULES = YES;
+				CLANG_ENABLE_OBJC_ARC = YES;
+				CLANG_ENABLE_OBJC_WEAK = YES;
+				CLANG_WARN_BLOCK_CAPTURE_AUTORELEASING = YES;
+				CLANG_WARN_BOOL_CONVERSION = YES;
+				CLANG_WARN_COMMA = YES;
+				CLANG_WARN_CONSTANT_CONVERSION = YES;
+				CLANG_WARN_DEPRECATED_OBJC_IMPLEMENTATIONS = YES;
+				CLANG_WARN_DIRECT_OBJC_ISA_USAGE = YES_ERROR;
+				CLANG_WARN_DOCUMENTATION_COMMENTS = YES;
+				CLANG_WARN_EMPTY_BODY = YES;
+				CLANG_WARN_ENUM_CONVERSION = YES;
+				CLANG_WARN_INFINITE_RECURSION = YES;
+				CLANG_WARN_INT_CONVERSION = YES;
+				CLANG_WARN_NON_LITERAL_NULL_CONVERSION = YES;
+				CLANG_WARN_OBJC_IMPLICIT_RETAIN_SELF = YES;
+				CLANG_WARN_OBJC_LITERAL_CONVERSION = YES;
+				CLANG_WARN_OBJC_ROOT_CLASS = YES_ERROR;
+				CLANG_WARN_QUOTED_INCLUDE_IN_FRAMEWORK_HEADER = YES;
+				CLANG_WARN_RANGE_LOOP_ANALYSIS = YES;
+				CLANG_WARN_STRICT_PROTOTYPES = YES;
+				CLANG_WARN_SUSPICIOUS_MOVE = YES;
+				CLANG_WARN_UNGUARDED_AVAILABILITY = YES_AGGRESSIVE;
+				CLANG_WARN_UNREACHABLE_CODE = YES;
+				CLANG_WARN__DUPLICATE_METHOD_MATCH = YES;
+				COPY_PHASE_STRIP = NO;
+				CURRENT_PROJECT_VERSION = 1;
+				DEBUG_INFORMATION_FORMAT = dwarf;
+				ENABLE_STRICT_OBJC_MSGSEND = YES;
+				ENABLE_TESTABILITY = YES;
+				GCC_C_LANGUAGE_STANDARD = gnu11;
+				GCC_DYNAMIC_NO_PIC = NO;
+				GCC_NO_COMMON_BLOCKS = YES;
+				GCC_OPTIMIZATION_LEVEL = 0;
+				GCC_PREPROCESSOR_DEFINITIONS = (
+					"DEBUG=1",
+					"$(inherited)",
+				);
+				GCC_WARN_64_TO_32_BIT_CONVERSION = YES;
+				GCC_WARN_ABOUT_RETURN_TYPE = YES_ERROR;
+				GCC_WARN_UNDECLARED_SELECTOR = YES;
+				GCC_WARN_UNINITIALIZED_AUTOS = YES_AGGRESSIVE;
+				GCC_WARN_UNUSED_FUNCTION = YES;
+				GCC_WARN_UNUSED_VARIABLE = YES;
+				IPHONEOS_DEPLOYMENT_TARGET = 12.0;
+				MTL_ENABLE_DEBUG_INFO = INCLUDE_SOURCE;
+				MTL_FAST_MATH = YES;
+				ONLY_ACTIVE_ARCH = YES;
+				SDKROOT = iphoneos;
+				SWIFT_ACTIVE_COMPILATION_CONDITIONS = DEBUG;
+				SWIFT_OPTIMIZATION_LEVEL = "-Onone";
+				VERSIONING_SYSTEM = "apple-generic";
+				VERSION_INFO_PREFIX = "";
+			};
+			name = Debug;
+		};
+		190B1228276CF6B5002B86DD /* Release */ = {
+			isa = XCBuildConfiguration;
+			buildSettings = {
+				ALWAYS_SEARCH_USER_PATHS = NO;
+				CLANG_ANALYZER_NONNULL = YES;
+				CLANG_ANALYZER_NUMBER_OBJECT_CONVERSION = YES_AGGRESSIVE;
+				CLANG_CXX_LANGUAGE_STANDARD = "gnu++17";
+				CLANG_CXX_LIBRARY = "libc++";
+				CLANG_ENABLE_MODULES = YES;
+				CLANG_ENABLE_OBJC_ARC = YES;
+				CLANG_ENABLE_OBJC_WEAK = YES;
+				CLANG_WARN_BLOCK_CAPTURE_AUTORELEASING = YES;
+				CLANG_WARN_BOOL_CONVERSION = YES;
+				CLANG_WARN_COMMA = YES;
+				CLANG_WARN_CONSTANT_CONVERSION = YES;
+				CLANG_WARN_DEPRECATED_OBJC_IMPLEMENTATIONS = YES;
+				CLANG_WARN_DIRECT_OBJC_ISA_USAGE = YES_ERROR;
+				CLANG_WARN_DOCUMENTATION_COMMENTS = YES;
+				CLANG_WARN_EMPTY_BODY = YES;
+				CLANG_WARN_ENUM_CONVERSION = YES;
+				CLANG_WARN_INFINITE_RECURSION = YES;
+				CLANG_WARN_INT_CONVERSION = YES;
+				CLANG_WARN_NON_LITERAL_NULL_CONVERSION = YES;
+				CLANG_WARN_OBJC_IMPLICIT_RETAIN_SELF = YES;
+				CLANG_WARN_OBJC_LITERAL_CONVERSION = YES;
+				CLANG_WARN_OBJC_ROOT_CLASS = YES_ERROR;
+				CLANG_WARN_QUOTED_INCLUDE_IN_FRAMEWORK_HEADER = YES;
+				CLANG_WARN_RANGE_LOOP_ANALYSIS = YES;
+				CLANG_WARN_STRICT_PROTOTYPES = YES;
+				CLANG_WARN_SUSPICIOUS_MOVE = YES;
+				CLANG_WARN_UNGUARDED_AVAILABILITY = YES_AGGRESSIVE;
+				CLANG_WARN_UNREACHABLE_CODE = YES;
+				CLANG_WARN__DUPLICATE_METHOD_MATCH = YES;
+				COPY_PHASE_STRIP = NO;
+				CURRENT_PROJECT_VERSION = 1;
+				DEBUG_INFORMATION_FORMAT = "dwarf-with-dsym";
+				ENABLE_NS_ASSERTIONS = NO;
+				ENABLE_STRICT_OBJC_MSGSEND = YES;
+				GCC_C_LANGUAGE_STANDARD = gnu11;
+				GCC_NO_COMMON_BLOCKS = YES;
+				GCC_WARN_64_TO_32_BIT_CONVERSION = YES;
+				GCC_WARN_ABOUT_RETURN_TYPE = YES_ERROR;
+				GCC_WARN_UNDECLARED_SELECTOR = YES;
+				GCC_WARN_UNINITIALIZED_AUTOS = YES_AGGRESSIVE;
+				GCC_WARN_UNUSED_FUNCTION = YES;
+				GCC_WARN_UNUSED_VARIABLE = YES;
+				IPHONEOS_DEPLOYMENT_TARGET = 12.0;
+				MTL_ENABLE_DEBUG_INFO = NO;
+				MTL_FAST_MATH = YES;
+				SDKROOT = iphoneos;
+				SWIFT_COMPILATION_MODE = wholemodule;
+				SWIFT_OPTIMIZATION_LEVEL = "-O";
+				VALIDATE_PRODUCT = YES;
+				VERSIONING_SYSTEM = "apple-generic";
+				VERSION_INFO_PREFIX = "";
+			};
+			name = Release;
+		};
+		190B122A276CF6B5002B86DD /* Debug */ = {
+			isa = XCBuildConfiguration;
+			buildSettings = {
+				APPLICATION_EXTENSION_API_ONLY = YES;
+				ARCHS = arm64;
+				BUILD_LIBRARY_FOR_DISTRIBUTION = YES;
+				CLANG_CXX_LANGUAGE_STANDARD = "gnu++0x";
+				CODE_SIGN_STYLE = Automatic;
+				CURRENT_PROJECT_VERSION = 1;
+				DEAD_CODE_STRIPPING = NO;
+				DEFINES_MODULE = YES;
+				DYLIB_COMPATIBILITY_VERSION = "";
+				DYLIB_CURRENT_VERSION = "";
+				DYLIB_INSTALL_NAME_BASE = "@rpath";
+				ENABLE_BITCODE = NO;
+				GCC_C_LANGUAGE_STANDARD = gnu11;
+				GCC_NO_COMMON_BLOCKS = YES;
+				GENERATE_INFOPLIST_FILE = YES;
+				HEADER_SEARCH_PATHS = (
+					"${PROJECT_DIR}/ShadowSocks/shadowsocks-libev/libcork/include/**",
+					"${PROJECT_DIR}/ShadowSocks/shadowsocks-libev/libipset/include/**",
+					"$(PROJECT_DIR)/ShadowSocks/libev/arm64/include",
+					"$(PROJECT_DIR)/ShadowSocks/mbedtls/include",
+					"$(PROJECT_DIR)/ShadowSocks/libcares/include/arm64",
+					"${PROJECT_DIR}/ShadowSocks/shadowsocks-libev/src",
+				);
+				INFOPLIST_FILE = ShadowSocks/Info.plist;
+				INFOPLIST_KEY_NSHumanReadableCopyright = "";
+				INSTALL_PATH = "$(LOCAL_LIBRARY_DIR)/Frameworks";
+				IPHONEOS_DEPLOYMENT_TARGET = 12.0;
+				LD_RUNPATH_SEARCH_PATHS = (
+					"$(inherited)",
+					"@executable_path/Frameworks",
+					"@loader_path/Frameworks",
+				);
+				LIBRARY_SEARCH_PATHS = (
+					"${Inherited}",
+					"$(PROJECT_DIR)/ShadowSocks/libev/arm64/lib",
+					"$(PROJECT_DIR)/ShadowSocks/mbedtls/bin",
+					"$(PROJECT_DIR)/ShadowSocks/mbedtls/lib",
+					"$(PROJECT_DIR)/ShadowSocks/libcares/lib/arm64",
+					"$(PROJECT_DIR)/ShadowSocks/shadowsocks-libev/lib",
+					"$(PROJECT_DIR)/ShadowSocks/pcre/lib",
+					"$(PROJECT_DIR)/ShadowSocks/libsodium/lib",
+				);
+				MACH_O_TYPE = mh_dylib;
+				MARKETING_VERSION = 1.0;
+				OTHER_CFLAGS = (
+					"-DHAVE_CONFIG_H",
+					"-DLIB_ONLY",
+					"-DUDPRELAY_LOCAL",
+					"-DMODULE_LOCAL",
+				);
+				PRODUCT_BUNDLE_IDENTIFIER = org.amnezia.Amnezia.ShadowSocks;
+				PRODUCT_NAME = "$(TARGET_NAME:c99extidentifier)";
+				SKIP_INSTALL = YES;
+				SUPPORTS_MACCATALYST = NO;
+				SWIFT_EMIT_LOC_STRINGS = YES;
+				SWIFT_VERSION = 5.0;
+				SYSTEM_FRAMEWORK_SEARCH_PATHS = "${inherited}";
+				SYSTEM_HEADER_SEARCH_PATHS = "${inherited}";
+				TARGETED_DEVICE_FAMILY = 1;
+			};
+			name = Debug;
+		};
+		190B122B276CF6B5002B86DD /* Release */ = {
+			isa = XCBuildConfiguration;
+			buildSettings = {
+				APPLICATION_EXTENSION_API_ONLY = YES;
+				ARCHS = arm64;
+				BUILD_LIBRARY_FOR_DISTRIBUTION = YES;
+				CLANG_CXX_LANGUAGE_STANDARD = "gnu++0x";
+				CODE_SIGN_STYLE = Automatic;
+				CURRENT_PROJECT_VERSION = 1;
+				DEAD_CODE_STRIPPING = NO;
+				DEFINES_MODULE = YES;
+				DYLIB_COMPATIBILITY_VERSION = "";
+				DYLIB_CURRENT_VERSION = "";
+				DYLIB_INSTALL_NAME_BASE = "@rpath";
+				ENABLE_BITCODE = NO;
+				GCC_C_LANGUAGE_STANDARD = gnu11;
+				GCC_NO_COMMON_BLOCKS = YES;
+				GENERATE_INFOPLIST_FILE = YES;
+				HEADER_SEARCH_PATHS = (
+					"${PROJECT_DIR}/ShadowSocks/shadowsocks-libev/libcork/include/**",
+					"${PROJECT_DIR}/ShadowSocks/shadowsocks-libev/libipset/include/**",
+					"$(PROJECT_DIR)/ShadowSocks/libev/arm64/include",
+					"$(PROJECT_DIR)/ShadowSocks/mbedtls/include",
+					"$(PROJECT_DIR)/ShadowSocks/libcares/include/arm64",
+					"${PROJECT_DIR}/ShadowSocks/shadowsocks-libev/src",
+				);
+				INFOPLIST_FILE = ShadowSocks/Info.plist;
+				INFOPLIST_KEY_NSHumanReadableCopyright = "";
+				INSTALL_PATH = "$(LOCAL_LIBRARY_DIR)/Frameworks";
+				IPHONEOS_DEPLOYMENT_TARGET = 12.0;
+				LD_RUNPATH_SEARCH_PATHS = (
+					"$(inherited)",
+					"@executable_path/Frameworks",
+					"@loader_path/Frameworks",
+				);
+				LIBRARY_SEARCH_PATHS = (
+					"${Inherited}",
+					"$(PROJECT_DIR)/ShadowSocks/libev/arm64/lib",
+					"$(PROJECT_DIR)/ShadowSocks/mbedtls/bin",
+					"$(PROJECT_DIR)/ShadowSocks/mbedtls/lib",
+					"$(PROJECT_DIR)/ShadowSocks/libcares/lib/arm64",
+					"$(PROJECT_DIR)/ShadowSocks/shadowsocks-libev/lib",
+					"$(PROJECT_DIR)/ShadowSocks/pcre/lib",
+					"$(PROJECT_DIR)/ShadowSocks/libsodium/lib",
+				);
+				MACH_O_TYPE = mh_dylib;
+				MARKETING_VERSION = 1.0;
+				OTHER_CFLAGS = (
+					"-DHAVE_CONFIG_H",
+					"-DLIB_ONLY",
+					"-DUDPRELAY_LOCAL",
+					"-DMODULE_LOCAL",
+				);
+				PRODUCT_BUNDLE_IDENTIFIER = org.amnezia.Amnezia.ShadowSocks;
+				PRODUCT_NAME = "$(TARGET_NAME:c99extidentifier)";
+				SKIP_INSTALL = YES;
+				SUPPORTS_MACCATALYST = NO;
+				SWIFT_EMIT_LOC_STRINGS = YES;
+				SWIFT_VERSION = 5.0;
+				SYSTEM_FRAMEWORK_SEARCH_PATHS = "${inherited}";
+				SYSTEM_HEADER_SEARCH_PATHS = "${inherited}";
+				TARGETED_DEVICE_FAMILY = 1;
+			};
+			name = Release;
+		};
+/* End XCBuildConfiguration section */
+
+/* Begin XCConfigurationList section */
+		190B121C276CF6B5002B86DD /* Build configuration list for PBXProject "ShadowSocks" */ = {
+			isa = XCConfigurationList;
+			buildConfigurations = (
+				190B1227276CF6B5002B86DD /* Debug */,
+				190B1228276CF6B5002B86DD /* Release */,
+			);
+			defaultConfigurationIsVisible = 0;
+			defaultConfigurationName = Release;
+		};
+		190B1229276CF6B5002B86DD /* Build configuration list for PBXNativeTarget "ShadowSocks" */ = {
+			isa = XCConfigurationList;
+			buildConfigurations = (
+				190B122A276CF6B5002B86DD /* Debug */,
+				190B122B276CF6B5002B86DD /* Release */,
+			);
+			defaultConfigurationIsVisible = 0;
+			defaultConfigurationName = Release;
+		};
+/* End XCConfigurationList section */
+	};
+	rootObject = 190B1219276CF6B5002B86DD /* Project object */;
+}
diff --git a/client/3rd/ShadowSocks/ShadowSocks.xcodeproj/project.xcworkspace/contents.xcworkspacedata b/client/3rd/ShadowSocks/ShadowSocks.xcodeproj/project.xcworkspace/contents.xcworkspacedata
new file mode 100644
index 00000000..919434a6
--- /dev/null
+++ b/client/3rd/ShadowSocks/ShadowSocks.xcodeproj/project.xcworkspace/contents.xcworkspacedata
@@ -0,0 +1,7 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<Workspace
+   version = "1.0">
+   <FileRef
+      location = "self:">
+   </FileRef>
+</Workspace>
diff --git a/client/3rd/ShadowSocks/ShadowSocks.xcodeproj/project.xcworkspace/xcshareddata/IDEWorkspaceChecks.plist b/client/3rd/ShadowSocks/ShadowSocks.xcodeproj/project.xcworkspace/xcshareddata/IDEWorkspaceChecks.plist
new file mode 100644
index 00000000..18d98100
--- /dev/null
+++ b/client/3rd/ShadowSocks/ShadowSocks.xcodeproj/project.xcworkspace/xcshareddata/IDEWorkspaceChecks.plist
@@ -0,0 +1,8 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!DOCTYPE plist PUBLIC "-//Apple//DTD PLIST 1.0//EN" "http://www.apple.com/DTDs/PropertyList-1.0.dtd">
+<plist version="1.0">
+<dict>
+	<key>IDEDidComputeMac32BitWarning</key>
+	<true/>
+</dict>
+</plist>
diff --git a/client/3rd/ShadowSocks/ShadowSocks.xcodeproj/project.xcworkspace/xcshareddata/WorkspaceSettings.xcsettings b/client/3rd/ShadowSocks/ShadowSocks.xcodeproj/project.xcworkspace/xcshareddata/WorkspaceSettings.xcsettings
new file mode 100644
index 00000000..f9b0d7c5
--- /dev/null
+++ b/client/3rd/ShadowSocks/ShadowSocks.xcodeproj/project.xcworkspace/xcshareddata/WorkspaceSettings.xcsettings
@@ -0,0 +1,8 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!DOCTYPE plist PUBLIC "-//Apple//DTD PLIST 1.0//EN" "http://www.apple.com/DTDs/PropertyList-1.0.dtd">
+<plist version="1.0">
+<dict>
+	<key>PreviewsEnabled</key>
+	<false/>
+</dict>
+</plist>
diff --git a/client/3rd/ShadowSocks/ShadowSocks.xcodeproj/project.xcworkspace/xcuserdata/sanchez.xcuserdatad/UserInterfaceState.xcuserstate b/client/3rd/ShadowSocks/ShadowSocks.xcodeproj/project.xcworkspace/xcuserdata/sanchez.xcuserdatad/UserInterfaceState.xcuserstate
new file mode 100644
index 00000000..932288fc
Binary files /dev/null and b/client/3rd/ShadowSocks/ShadowSocks.xcodeproj/project.xcworkspace/xcuserdata/sanchez.xcuserdatad/UserInterfaceState.xcuserstate differ
diff --git a/client/3rd/ShadowSocks/ShadowSocks.xcodeproj/project.xcworkspace/xcuserdata/sanchez.xcuserdatad/WorkspaceSettings.xcsettings b/client/3rd/ShadowSocks/ShadowSocks.xcodeproj/project.xcworkspace/xcuserdata/sanchez.xcuserdatad/WorkspaceSettings.xcsettings
new file mode 100644
index 00000000..379adbed
--- /dev/null
+++ b/client/3rd/ShadowSocks/ShadowSocks.xcodeproj/project.xcworkspace/xcuserdata/sanchez.xcuserdatad/WorkspaceSettings.xcsettings
@@ -0,0 +1,18 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!DOCTYPE plist PUBLIC "-//Apple//DTD PLIST 1.0//EN" "http://www.apple.com/DTDs/PropertyList-1.0.dtd">
+<plist version="1.0">
+<dict>
+	<key>BuildLocationStyle</key>
+	<string>UseAppPreferences</string>
+	<key>CustomBuildLocationType</key>
+	<string>RelativeToDerivedData</string>
+	<key>DerivedDataLocationStyle</key>
+	<string>Default</string>
+	<key>IssueFilterStyle</key>
+	<string>ShowActiveSchemeOnly</string>
+	<key>LiveSourceIssuesEnabled</key>
+	<true/>
+	<key>ShowSharedSchemesAutomaticallyEnabled</key>
+	<true/>
+</dict>
+</plist>
diff --git a/client/3rd/ShadowSocks/ShadowSocks.xcodeproj/xcshareddata/xcschemes/ShadowSocks.xcscheme b/client/3rd/ShadowSocks/ShadowSocks.xcodeproj/xcshareddata/xcschemes/ShadowSocks.xcscheme
new file mode 100644
index 00000000..f9afd0eb
--- /dev/null
+++ b/client/3rd/ShadowSocks/ShadowSocks.xcodeproj/xcshareddata/xcschemes/ShadowSocks.xcscheme
@@ -0,0 +1,67 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<Scheme
+   LastUpgradeVersion = "1320"
+   version = "1.3">
+   <BuildAction
+      parallelizeBuildables = "YES"
+      buildImplicitDependencies = "YES">
+      <BuildActionEntries>
+         <BuildActionEntry
+            buildForTesting = "YES"
+            buildForRunning = "YES"
+            buildForProfiling = "YES"
+            buildForArchiving = "YES"
+            buildForAnalyzing = "YES">
+            <BuildableReference
+               BuildableIdentifier = "primary"
+               BlueprintIdentifier = "190B1221276CF6B5002B86DD"
+               BuildableName = "ShadowSocks.framework"
+               BlueprintName = "ShadowSocks"
+               ReferencedContainer = "container:ShadowSocks.xcodeproj">
+            </BuildableReference>
+         </BuildActionEntry>
+      </BuildActionEntries>
+   </BuildAction>
+   <TestAction
+      buildConfiguration = "Debug"
+      selectedDebuggerIdentifier = "Xcode.DebuggerFoundation.Debugger.LLDB"
+      selectedLauncherIdentifier = "Xcode.DebuggerFoundation.Launcher.LLDB"
+      shouldUseLaunchSchemeArgsEnv = "YES">
+      <Testables>
+      </Testables>
+   </TestAction>
+   <LaunchAction
+      buildConfiguration = "Debug"
+      selectedDebuggerIdentifier = "Xcode.DebuggerFoundation.Debugger.LLDB"
+      selectedLauncherIdentifier = "Xcode.DebuggerFoundation.Launcher.LLDB"
+      launchStyle = "0"
+      useCustomWorkingDirectory = "NO"
+      ignoresPersistentStateOnLaunch = "NO"
+      debugDocumentVersioning = "YES"
+      debugServiceExtension = "internal"
+      allowLocationSimulation = "YES">
+   </LaunchAction>
+   <ProfileAction
+      buildConfiguration = "Release"
+      shouldUseLaunchSchemeArgsEnv = "YES"
+      savedToolIdentifier = ""
+      useCustomWorkingDirectory = "NO"
+      debugDocumentVersioning = "YES">
+      <MacroExpansion>
+         <BuildableReference
+            BuildableIdentifier = "primary"
+            BlueprintIdentifier = "190B1221276CF6B5002B86DD"
+            BuildableName = "ShadowSocks.framework"
+            BlueprintName = "ShadowSocks"
+            ReferencedContainer = "container:ShadowSocks.xcodeproj">
+         </BuildableReference>
+      </MacroExpansion>
+   </ProfileAction>
+   <AnalyzeAction
+      buildConfiguration = "Debug">
+   </AnalyzeAction>
+   <ArchiveAction
+      buildConfiguration = "Release"
+      revealArchiveInOrganizer = "YES">
+   </ArchiveAction>
+</Scheme>
diff --git a/client/3rd/ShadowSocks/ShadowSocks.xcodeproj/xcuserdata/sanchez.xcuserdatad/xcschemes/xcschememanagement.plist b/client/3rd/ShadowSocks/ShadowSocks.xcodeproj/xcuserdata/sanchez.xcuserdatad/xcschemes/xcschememanagement.plist
new file mode 100644
index 00000000..f526c1f7
--- /dev/null
+++ b/client/3rd/ShadowSocks/ShadowSocks.xcodeproj/xcuserdata/sanchez.xcuserdatad/xcschemes/xcschememanagement.plist
@@ -0,0 +1,22 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!DOCTYPE plist PUBLIC "-//Apple//DTD PLIST 1.0//EN" "http://www.apple.com/DTDs/PropertyList-1.0.dtd">
+<plist version="1.0">
+<dict>
+	<key>SchemeUserState</key>
+	<dict>
+		<key>ShadowSocks.xcscheme_^#shared#^_</key>
+		<dict>
+			<key>orderHint</key>
+			<integer>0</integer>
+		</dict>
+	</dict>
+	<key>SuppressBuildableAutocreation</key>
+	<dict>
+		<key>190B1221276CF6B5002B86DD</key>
+		<dict>
+			<key>primary</key>
+			<true/>
+		</dict>
+	</dict>
+</dict>
+</plist>
diff --git a/client/3rd/ShadowSocks/ShadowSocks/Info.plist b/client/3rd/ShadowSocks/ShadowSocks/Info.plist
new file mode 100644
index 00000000..d4062ea9
--- /dev/null
+++ b/client/3rd/ShadowSocks/ShadowSocks/Info.plist
@@ -0,0 +1,26 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!DOCTYPE plist PUBLIC "-//Apple//DTD PLIST 1.0//EN" "http://www.apple.com/DTDs/PropertyList-1.0.dtd">
+<plist version="1.0">
+<dict>
+	<key>CFBundleSignature</key>
+	<string>????</string>
+	<key>CFBundlePackageType</key>
+	<string>FMWK</string>
+	<key>CFBundleIdentifier</key>
+	<string>${PRODUCT_BUNDLE_IDENTIFIER}</string>
+	<key>CFBundleName</key>
+	<string>${PRODUCT_NAME}</string>
+	<key>CFBundleVersion</key>
+	<string>${CURRENT_PROJECT_VERSION}</string>
+	<key>CFBundleInfoDictionaryVersion</key>
+	<string>6.0</string>
+	<key>CFBundleExecutable</key>
+	<string>${EXECUTABLE_NAME}</string>
+	<key>CFBundleShortVersionString</key>
+	<string>1.0</string>
+	<key>CFBundleDevelopmentRegion</key>
+	<string>en_US</string>
+	<key>NSPrincipalClass</key>
+	<string></string>
+</dict>
+</plist>
diff --git a/client/3rd/ShadowSocks/ShadowSocks/ShadowSocks.h b/client/3rd/ShadowSocks/ShadowSocks/ShadowSocks.h
new file mode 100644
index 00000000..9336d1e2
--- /dev/null
+++ b/client/3rd/ShadowSocks/ShadowSocks/ShadowSocks.h
@@ -0,0 +1,11 @@
+#import <Foundation/Foundation.h>
+
+//! Project version number for ShadowSocks.
+FOUNDATION_EXPORT double ShadowSocksVersionNumber;
+
+//! Project version string for ShadowSocks.
+FOUNDATION_EXPORT const unsigned char ShadowSocksVersionString[];
+
+// In this header, you should import all the public headers of your framework using statements like #import <ShadowSocks/PublicHeader.h>
+
+#import "shadowsocks.h"
diff --git a/client/3rd/ShadowSocks/ShadowSocks/libcares/include/ares.h b/client/3rd/ShadowSocks/ShadowSocks/libcares/include/ares.h
new file mode 100644
index 00000000..cf8a8553
--- /dev/null
+++ b/client/3rd/ShadowSocks/ShadowSocks/libcares/include/ares.h
@@ -0,0 +1,755 @@
+
+/* Copyright 1998 by the Massachusetts Institute of Technology.
+ * Copyright (C) 2007-2013 by Daniel Stenberg
+ *
+ * Permission to use, copy, modify, and distribute this
+ * software and its documentation for any purpose and without
+ * fee is hereby granted, provided that the above copyright
+ * notice appear in all copies and that both that copyright
+ * notice and this permission notice appear in supporting
+ * documentation, and that the name of M.I.T. not be used in
+ * advertising or publicity pertaining to distribution of the
+ * software without specific, written prior permission.
+ * M.I.T. makes no representations about the suitability of
+ * this software for any purpose.  It is provided "as is"
+ * without express or implied warranty.
+ */
+
+#ifndef ARES__H
+#define ARES__H
+
+#include "ares_version.h"  /* c-ares version defines   */
+#include "ares_build.h"    /* c-ares build definitions */
+#include "ares_rules.h"    /* c-ares rules enforcement */
+
+/*
+ * Define WIN32 when build target is Win32 API
+ */
+
+#if (defined(_WIN32) || defined(__WIN32__)) && \
+   !defined(WIN32) && !defined(__SYMBIAN32__)
+#  define WIN32
+#endif
+
+#include <sys/types.h>
+
+/* HP-UX systems version 9, 10 and 11 lack sys/select.h and so does oldish
+   libc5-based Linux systems. Only include it on system that are known to
+   require it! */
+#if defined(_AIX) || defined(__NOVELL_LIBC__) || defined(__NetBSD__) || \
+    defined(__minix) || defined(__SYMBIAN32__) || defined(__INTEGRITY) || \
+    defined(ANDROID) || defined(__ANDROID__) || defined(__OpenBSD__) || \
+    defined(__QNXNTO__) || defined(__MVS__) || defined(__HAIKU__)
+#include <sys/select.h>
+#endif
+#if (defined(NETWARE) && !defined(__NOVELL_LIBC__))
+#include <sys/bsdskt.h>
+#endif
+
+#if defined(WATT32)
+#  include <netinet/in.h>
+#  include <sys/socket.h>
+#  include <tcp.h>
+#elif defined(_WIN32_WCE)
+#  ifndef WIN32_LEAN_AND_MEAN
+#    define WIN32_LEAN_AND_MEAN
+#  endif
+#  include <windows.h>
+#  include <winsock.h>
+#elif defined(WIN32)
+#  ifndef WIN32_LEAN_AND_MEAN
+#    define WIN32_LEAN_AND_MEAN
+#  endif
+#  include <windows.h>
+#  include <winsock2.h>
+#  include <ws2tcpip.h>
+#else
+#  include <sys/socket.h>
+#  include <netinet/in.h>
+#endif
+
+#if defined(ANDROID) || defined(__ANDROID__)
+#include <jni.h>
+#endif
+
+#ifdef  __cplusplus
+extern "C" {
+#endif
+
+/*
+** c-ares external API function linkage decorations.
+*/
+
+#ifdef CARES_STATICLIB
+#  define CARES_EXTERN
+#elif defined(WIN32) || defined(_WIN32) || defined(__SYMBIAN32__)
+#  if defined(CARES_BUILDING_LIBRARY)
+#    define CARES_EXTERN  __declspec(dllexport)
+#  else
+#    define CARES_EXTERN  __declspec(dllimport)
+#  endif
+#elif defined(CARES_BUILDING_LIBRARY) && defined(CARES_SYMBOL_HIDING)
+#  define CARES_EXTERN CARES_SYMBOL_SCOPE_EXTERN
+#else
+#  define CARES_EXTERN
+#endif
+
+
+#define ARES_SUCCESS            0
+
+/* Server error codes (ARES_ENODATA indicates no relevant answer) */
+#define ARES_ENODATA            1
+#define ARES_EFORMERR           2
+#define ARES_ESERVFAIL          3
+#define ARES_ENOTFOUND          4
+#define ARES_ENOTIMP            5
+#define ARES_EREFUSED           6
+
+/* Locally generated error codes */
+#define ARES_EBADQUERY          7
+#define ARES_EBADNAME           8
+#define ARES_EBADFAMILY         9
+#define ARES_EBADRESP           10
+#define ARES_ECONNREFUSED       11
+#define ARES_ETIMEOUT           12
+#define ARES_EOF                13
+#define ARES_EFILE              14
+#define ARES_ENOMEM             15
+#define ARES_EDESTRUCTION       16
+#define ARES_EBADSTR            17
+
+/* ares_getnameinfo error codes */
+#define ARES_EBADFLAGS          18
+
+/* ares_getaddrinfo error codes */
+#define ARES_ENONAME            19
+#define ARES_EBADHINTS          20
+
+/* Uninitialized library error code */
+#define ARES_ENOTINITIALIZED    21          /* introduced in 1.7.0 */
+
+/* ares_library_init error codes */
+#define ARES_ELOADIPHLPAPI           22     /* introduced in 1.7.0 */
+#define ARES_EADDRGETNETWORKPARAMS   23     /* introduced in 1.7.0 */
+
+/* More error codes */
+#define ARES_ECANCELLED         24          /* introduced in 1.7.0 */
+
+/* More ares_getaddrinfo error codes */
+#define ARES_ESERVICE           25          /* introduced in 1.?.0 */
+
+/* Flag values */
+#define ARES_FLAG_USEVC         (1 << 0)
+#define ARES_FLAG_PRIMARY       (1 << 1)
+#define ARES_FLAG_IGNTC         (1 << 2)
+#define ARES_FLAG_NORECURSE     (1 << 3)
+#define ARES_FLAG_STAYOPEN      (1 << 4)
+#define ARES_FLAG_NOSEARCH      (1 << 5)
+#define ARES_FLAG_NOALIASES     (1 << 6)
+#define ARES_FLAG_NOCHECKRESP   (1 << 7)
+#define ARES_FLAG_EDNS          (1 << 8)
+
+/* Option mask values */
+#define ARES_OPT_FLAGS          (1 << 0)
+#define ARES_OPT_TIMEOUT        (1 << 1)
+#define ARES_OPT_TRIES          (1 << 2)
+#define ARES_OPT_NDOTS          (1 << 3)
+#define ARES_OPT_UDP_PORT       (1 << 4)
+#define ARES_OPT_TCP_PORT       (1 << 5)
+#define ARES_OPT_SERVERS        (1 << 6)
+#define ARES_OPT_DOMAINS        (1 << 7)
+#define ARES_OPT_LOOKUPS        (1 << 8)
+#define ARES_OPT_SOCK_STATE_CB  (1 << 9)
+#define ARES_OPT_SORTLIST       (1 << 10)
+#define ARES_OPT_SOCK_SNDBUF    (1 << 11)
+#define ARES_OPT_SOCK_RCVBUF    (1 << 12)
+#define ARES_OPT_TIMEOUTMS      (1 << 13)
+#define ARES_OPT_ROTATE         (1 << 14)
+#define ARES_OPT_EDNSPSZ        (1 << 15)
+#define ARES_OPT_NOROTATE       (1 << 16)
+#define ARES_OPT_RESOLVCONF     (1 << 17)
+
+/* Nameinfo flag values */
+#define ARES_NI_NOFQDN                  (1 << 0)
+#define ARES_NI_NUMERICHOST             (1 << 1)
+#define ARES_NI_NAMEREQD                (1 << 2)
+#define ARES_NI_NUMERICSERV             (1 << 3)
+#define ARES_NI_DGRAM                   (1 << 4)
+#define ARES_NI_TCP                     0
+#define ARES_NI_UDP                     ARES_NI_DGRAM
+#define ARES_NI_SCTP                    (1 << 5)
+#define ARES_NI_DCCP                    (1 << 6)
+#define ARES_NI_NUMERICSCOPE            (1 << 7)
+#define ARES_NI_LOOKUPHOST              (1 << 8)
+#define ARES_NI_LOOKUPSERVICE           (1 << 9)
+/* Reserved for future use */
+#define ARES_NI_IDN                     (1 << 10)
+#define ARES_NI_IDN_ALLOW_UNASSIGNED    (1 << 11)
+#define ARES_NI_IDN_USE_STD3_ASCII_RULES (1 << 12)
+
+/* Addrinfo flag values */
+#define ARES_AI_CANONNAME               (1 << 0)
+#define ARES_AI_NUMERICHOST             (1 << 1)
+#define ARES_AI_PASSIVE                 (1 << 2)
+#define ARES_AI_NUMERICSERV             (1 << 3)
+#define ARES_AI_V4MAPPED                (1 << 4)
+#define ARES_AI_ALL                     (1 << 5)
+#define ARES_AI_ADDRCONFIG              (1 << 6)
+#define ARES_AI_NOSORT                  (1 << 7)
+#define ARES_AI_ENVHOSTS                (1 << 8)
+/* Reserved for future use */
+#define ARES_AI_IDN                     (1 << 10)
+#define ARES_AI_IDN_ALLOW_UNASSIGNED    (1 << 11)
+#define ARES_AI_IDN_USE_STD3_ASCII_RULES (1 << 12)
+#define ARES_AI_CANONIDN                (1 << 13)
+
+#define ARES_AI_MASK (ARES_AI_CANONNAME|ARES_AI_NUMERICHOST|ARES_AI_PASSIVE| \
+                      ARES_AI_NUMERICSERV|ARES_AI_V4MAPPED|ARES_AI_ALL| \
+                      ARES_AI_ADDRCONFIG)
+#define ARES_GETSOCK_MAXNUM 16 /* ares_getsock() can return info about this
+                                  many sockets */
+#define ARES_GETSOCK_READABLE(bits,num) (bits & (1<< (num)))
+#define ARES_GETSOCK_WRITABLE(bits,num) (bits & (1 << ((num) + \
+                                         ARES_GETSOCK_MAXNUM)))
+
+/* c-ares library initialization flag values */
+#define ARES_LIB_INIT_NONE   (0)
+#define ARES_LIB_INIT_WIN32  (1 << 0)
+#define ARES_LIB_INIT_ALL    (ARES_LIB_INIT_WIN32)
+
+
+/*
+ * Typedef our socket type
+ */
+
+#ifndef ares_socket_typedef
+#ifdef WIN32
+typedef SOCKET ares_socket_t;
+#define ARES_SOCKET_BAD INVALID_SOCKET
+#else
+typedef int ares_socket_t;
+#define ARES_SOCKET_BAD -1
+#endif
+#define ares_socket_typedef
+#endif /* ares_socket_typedef */
+
+typedef void (*ares_sock_state_cb)(void *data,
+                                   ares_socket_t socket_fd,
+                                   int readable,
+                                   int writable);
+
+struct apattern;
+
+/* NOTE about the ares_options struct to users and developers.
+
+   This struct will remain looking like this. It will not be extended nor
+   shrunk in future releases, but all new options will be set by ares_set_*()
+   options instead of with the ares_init_options() function.
+
+   Eventually (in a galaxy far far away), all options will be settable by
+   ares_set_*() options and the ares_init_options() function will become
+   deprecated.
+
+   When new options are added to c-ares, they are not added to this
+   struct. And they are not "saved" with the ares_save_options() function but
+   instead we encourage the use of the ares_dup() function. Needless to say,
+   if you add config options to c-ares you need to make sure ares_dup()
+   duplicates this new option.
+
+ */
+struct ares_options {
+  int flags;
+  int timeout; /* in seconds or milliseconds, depending on options */
+  int tries;
+  int ndots;
+  unsigned short udp_port;
+  unsigned short tcp_port;
+  int socket_send_buffer_size;
+  int socket_receive_buffer_size;
+  struct in_addr *servers;
+  int nservers;
+  char **domains;
+  int ndomains;
+  char *lookups;
+  ares_sock_state_cb sock_state_cb;
+  void *sock_state_cb_data;
+  struct apattern *sortlist;
+  int nsort;
+  int ednspsz;
+  char *resolvconf_path;
+};
+
+struct hostent;
+struct timeval;
+struct sockaddr;
+struct ares_channeldata;
+struct ares_addrinfo;
+struct ares_addrinfo_hints;
+
+typedef struct ares_channeldata *ares_channel;
+
+typedef void (*ares_callback)(void *arg,
+                              int status,
+                              int timeouts,
+                              unsigned char *abuf,
+                              int alen);
+
+typedef void (*ares_host_callback)(void *arg,
+                                   int status,
+                                   int timeouts,
+                                   struct hostent *hostent);
+
+typedef void (*ares_nameinfo_callback)(void *arg,
+                                       int status,
+                                       int timeouts,
+                                       char *node,
+                                       char *service);
+
+typedef int  (*ares_sock_create_callback)(ares_socket_t socket_fd,
+                                          int type,
+                                          void *data);
+
+typedef int  (*ares_sock_config_callback)(ares_socket_t socket_fd,
+                                          int type,
+                                          void *data);
+
+typedef void (*ares_addrinfo_callback)(void *arg,
+                                   int status,
+                                   int timeouts,
+                                   struct ares_addrinfo *res);
+
+CARES_EXTERN int ares_library_init(int flags);
+
+CARES_EXTERN int ares_library_init_mem(int flags,
+                                       void *(*amalloc)(size_t size),
+                                       void (*afree)(void *ptr),
+                                       void *(*arealloc)(void *ptr, size_t size));
+
+#if defined(ANDROID) || defined(__ANDROID__)
+CARES_EXTERN void ares_library_init_jvm(JavaVM *jvm);
+CARES_EXTERN int ares_library_init_android(jobject connectivity_manager);
+CARES_EXTERN int ares_library_android_initialized(void);
+#endif
+
+CARES_EXTERN int ares_library_initialized(void);
+
+CARES_EXTERN void ares_library_cleanup(void);
+
+CARES_EXTERN const char *ares_version(int *version);
+
+CARES_EXTERN int ares_init(ares_channel *channelptr);
+
+CARES_EXTERN int ares_init_options(ares_channel *channelptr,
+                                   struct ares_options *options,
+                                   int optmask);
+
+CARES_EXTERN int ares_save_options(ares_channel channel,
+                                   struct ares_options *options,
+                                   int *optmask);
+
+CARES_EXTERN void ares_destroy_options(struct ares_options *options);
+
+CARES_EXTERN int ares_dup(ares_channel *dest,
+                          ares_channel src);
+
+CARES_EXTERN void ares_destroy(ares_channel channel);
+
+CARES_EXTERN void ares_cancel(ares_channel channel);
+
+/* These next 3 configure local binding for the out-going socket
+ * connection.  Use these to specify source IP and/or network device
+ * on multi-homed systems.
+ */
+CARES_EXTERN void ares_set_local_ip4(ares_channel channel, unsigned int local_ip);
+
+/* local_ip6 should be 16 bytes in length */
+CARES_EXTERN void ares_set_local_ip6(ares_channel channel,
+                                     const unsigned char* local_ip6);
+
+/* local_dev_name should be null terminated. */
+CARES_EXTERN void ares_set_local_dev(ares_channel channel,
+                                     const char* local_dev_name);
+
+CARES_EXTERN void ares_set_socket_callback(ares_channel channel,
+                                           ares_sock_create_callback callback,
+                                           void *user_data);
+
+CARES_EXTERN void ares_set_socket_configure_callback(ares_channel channel,
+                                                     ares_sock_config_callback callback,
+                                                     void *user_data);
+
+CARES_EXTERN int ares_set_sortlist(ares_channel channel,
+                                   const char *sortstr);
+
+CARES_EXTERN void ares_getaddrinfo(ares_channel channel,
+                                   const char* node,
+                                   const char* service,
+                                   const struct ares_addrinfo_hints* hints,
+                                   ares_addrinfo_callback callback,
+                                   void* arg);
+
+CARES_EXTERN void ares_freeaddrinfo(struct ares_addrinfo* ai);
+
+/*
+ * Virtual function set to have user-managed socket IO.
+ * Note that all functions need to be defined, and when
+ * set, the library will not do any bind nor set any
+ * socket options, assuming the client handles these
+ * through either socket creation or the
+ * ares_sock_config_callback call.
+ */
+struct iovec;
+struct ares_socket_functions {
+   ares_socket_t(*asocket)(int, int, int, void *);
+   int(*aclose)(ares_socket_t, void *);
+   int(*aconnect)(ares_socket_t, const struct sockaddr *, ares_socklen_t, void *);
+   ares_ssize_t(*arecvfrom)(ares_socket_t, void *, size_t, int, struct sockaddr *, ares_socklen_t *, void *);
+   ares_ssize_t(*asendv)(ares_socket_t, const struct iovec *, int, void *);
+};
+
+CARES_EXTERN void ares_set_socket_functions(ares_channel channel,
+					    const struct ares_socket_functions * funcs,
+					    void *user_data);
+
+CARES_EXTERN void ares_send(ares_channel channel,
+                            const unsigned char *qbuf,
+                            int qlen,
+                            ares_callback callback,
+                            void *arg);
+
+CARES_EXTERN void ares_query(ares_channel channel,
+                             const char *name,
+                             int dnsclass,
+                             int type,
+                             ares_callback callback,
+                             void *arg);
+
+CARES_EXTERN void ares_search(ares_channel channel,
+                              const char *name,
+                              int dnsclass,
+                              int type,
+                              ares_callback callback,
+                              void *arg);
+
+CARES_EXTERN void ares_gethostbyname(ares_channel channel,
+                                     const char *name,
+                                     int family,
+                                     ares_host_callback callback,
+                                     void *arg);
+
+CARES_EXTERN int ares_gethostbyname_file(ares_channel channel,
+                                         const char *name,
+                                         int family,
+                                         struct hostent **host);
+
+CARES_EXTERN void ares_gethostbyaddr(ares_channel channel,
+                                     const void *addr,
+                                     int addrlen,
+                                     int family,
+                                     ares_host_callback callback,
+                                     void *arg);
+
+CARES_EXTERN void ares_getnameinfo(ares_channel channel,
+                                   const struct sockaddr *sa,
+                                   ares_socklen_t salen,
+                                   int flags,
+                                   ares_nameinfo_callback callback,
+                                   void *arg);
+
+CARES_EXTERN int ares_fds(ares_channel channel,
+                          fd_set *read_fds,
+                          fd_set *write_fds);
+
+CARES_EXTERN int ares_getsock(ares_channel channel,
+                              ares_socket_t *socks,
+                              int numsocks);
+
+CARES_EXTERN struct timeval *ares_timeout(ares_channel channel,
+                                          struct timeval *maxtv,
+                                          struct timeval *tv);
+
+CARES_EXTERN void ares_process(ares_channel channel,
+                               fd_set *read_fds,
+                               fd_set *write_fds);
+
+CARES_EXTERN void ares_process_fd(ares_channel channel,
+                                  ares_socket_t read_fd,
+                                  ares_socket_t write_fd);
+
+CARES_EXTERN int ares_create_query(const char *name,
+                                   int dnsclass,
+                                   int type,
+                                   unsigned short id,
+                                   int rd,
+                                   unsigned char **buf,
+                                   int *buflen,
+                                   int max_udp_size);
+
+CARES_EXTERN int ares_mkquery(const char *name,
+                              int dnsclass,
+                              int type,
+                              unsigned short id,
+                              int rd,
+                              unsigned char **buf,
+                              int *buflen);
+
+CARES_EXTERN int ares_expand_name(const unsigned char *encoded,
+                                  const unsigned char *abuf,
+                                  int alen,
+                                  char **s,
+                                  long *enclen);
+
+CARES_EXTERN int ares_expand_string(const unsigned char *encoded,
+                                    const unsigned char *abuf,
+                                    int alen,
+                                    unsigned char **s,
+                                    long *enclen);
+
+/*
+ * NOTE: before c-ares 1.7.0 we would most often use the system in6_addr
+ * struct below when ares itself was built, but many apps would use this
+ * private version since the header checked a HAVE_* define for it. Starting
+ * with 1.7.0 we always declare and use our own to stop relying on the
+ * system's one.
+ */
+struct ares_in6_addr {
+  union {
+    unsigned char _S6_u8[16];
+  } _S6_un;
+};
+
+struct ares_addrttl {
+  struct in_addr ipaddr;
+  int            ttl;
+};
+
+struct ares_addr6ttl {
+  struct ares_in6_addr ip6addr;
+  int             ttl;
+};
+
+struct ares_caa_reply {
+  struct ares_caa_reply  *next;
+  int                     critical;
+  unsigned char          *property;
+  size_t                  plength;  /* plength excludes null termination */
+  unsigned char          *value;
+  size_t                  length;   /* length excludes null termination */
+};
+
+struct ares_srv_reply {
+  struct ares_srv_reply  *next;
+  char                   *host;
+  unsigned short          priority;
+  unsigned short          weight;
+  unsigned short          port;
+};
+
+struct ares_mx_reply {
+  struct ares_mx_reply   *next;
+  char                   *host;
+  unsigned short          priority;
+};
+
+struct ares_txt_reply {
+  struct ares_txt_reply  *next;
+  unsigned char          *txt;
+  size_t                  length;  /* length excludes null termination */
+};
+
+/* NOTE: This structure is a superset of ares_txt_reply
+ */
+struct ares_txt_ext {
+  struct ares_txt_ext      *next;
+  unsigned char            *txt;
+  size_t                   length;
+  /* 1 - if start of new record
+   * 0 - if a chunk in the same record */
+  unsigned char            record_start;
+};
+
+struct ares_naptr_reply {
+  struct ares_naptr_reply *next;
+  unsigned char           *flags;
+  unsigned char           *service;
+  unsigned char           *regexp;
+  char                    *replacement;
+  unsigned short           order;
+  unsigned short           preference;
+};
+
+struct ares_soa_reply {
+  char        *nsname;
+  char        *hostmaster;
+  unsigned int serial;
+  unsigned int refresh;
+  unsigned int retry;
+  unsigned int expire;
+  unsigned int minttl;
+};
+
+struct ares_uri_reply {
+  struct ares_uri_reply  *next;
+  unsigned short          priority;
+  unsigned short          weight;
+  char                   *uri;
+  int                     ttl;
+};
+
+/*
+ * Similar to addrinfo, but with extra ttl and missing canonname.
+ */
+struct ares_addrinfo_node {
+  int                        ai_ttl;
+  int                        ai_flags;
+  int                        ai_family;
+  int                        ai_socktype;
+  int                        ai_protocol;
+  ares_socklen_t             ai_addrlen;
+  struct sockaddr           *ai_addr;
+  struct ares_addrinfo_node *ai_next;
+};
+
+/*
+ * alias - label of the resource record.
+ * name - value (canonical name) of the resource record.
+ * See RFC2181 10.1.1. CNAME terminology.
+ */
+struct ares_addrinfo_cname {
+  int                         ttl;
+  char                       *alias;
+  char                       *name;
+  struct ares_addrinfo_cname *next;
+};
+
+struct ares_addrinfo {
+  struct ares_addrinfo_cname *cnames;
+  struct ares_addrinfo_node  *nodes;
+  char                       *name;
+};
+
+struct ares_addrinfo_hints {
+  int ai_flags;
+  int ai_family;
+  int ai_socktype;
+  int ai_protocol;
+};
+
+/*
+** Parse the buffer, starting at *abuf and of length alen bytes, previously
+** obtained from an ares_search call.  Put the results in *host, if nonnull.
+** Also, if addrttls is nonnull, put up to *naddrttls IPv4 addresses along with
+** their TTLs in that array, and set *naddrttls to the number of addresses
+** so written.
+*/
+
+CARES_EXTERN int ares_parse_a_reply(const unsigned char *abuf,
+                                    int alen,
+                                    struct hostent **host,
+                                    struct ares_addrttl *addrttls,
+                                    int *naddrttls);
+
+CARES_EXTERN int ares_parse_aaaa_reply(const unsigned char *abuf,
+                                       int alen,
+                                       struct hostent **host,
+                                       struct ares_addr6ttl *addrttls,
+                                       int *naddrttls);
+
+CARES_EXTERN int ares_parse_caa_reply(const unsigned char* abuf,
+				      int alen,
+				      struct ares_caa_reply** caa_out);
+
+CARES_EXTERN int ares_parse_ptr_reply(const unsigned char *abuf,
+                                      int alen,
+                                      const void *addr,
+                                      int addrlen,
+                                      int family,
+                                      struct hostent **host);
+
+CARES_EXTERN int ares_parse_ns_reply(const unsigned char *abuf,
+                                     int alen,
+                                     struct hostent **host);
+
+CARES_EXTERN int ares_parse_srv_reply(const unsigned char* abuf,
+                                      int alen,
+                                      struct ares_srv_reply** srv_out);
+
+CARES_EXTERN int ares_parse_mx_reply(const unsigned char* abuf,
+                                      int alen,
+                                      struct ares_mx_reply** mx_out);
+
+CARES_EXTERN int ares_parse_txt_reply(const unsigned char* abuf,
+                                      int alen,
+                                      struct ares_txt_reply** txt_out);
+
+CARES_EXTERN int ares_parse_txt_reply_ext(const unsigned char* abuf,
+                                          int alen,
+                                          struct ares_txt_ext** txt_out);
+
+CARES_EXTERN int ares_parse_naptr_reply(const unsigned char* abuf,
+                                        int alen,
+                                        struct ares_naptr_reply** naptr_out);
+
+CARES_EXTERN int ares_parse_soa_reply(const unsigned char* abuf,
+				      int alen,
+				      struct ares_soa_reply** soa_out);
+
+CARES_EXTERN int ares_parse_uri_reply(const unsigned char* abuf,
+                                      int alen,
+                                      struct ares_uri_reply** uri_out);
+
+CARES_EXTERN void ares_free_string(void *str);
+
+CARES_EXTERN void ares_free_hostent(struct hostent *host);
+
+CARES_EXTERN void ares_free_data(void *dataptr);
+
+CARES_EXTERN const char *ares_strerror(int code);
+
+struct ares_addr_node {
+  struct ares_addr_node *next;
+  int family;
+  union {
+    struct in_addr       addr4;
+    struct ares_in6_addr addr6;
+  } addr;
+};
+
+struct ares_addr_port_node {
+  struct ares_addr_port_node *next;
+  int family;
+  union {
+    struct in_addr       addr4;
+    struct ares_in6_addr addr6;
+  } addr;
+  int udp_port;
+  int tcp_port;
+};
+
+CARES_EXTERN int ares_set_servers(ares_channel channel,
+                                  struct ares_addr_node *servers);
+CARES_EXTERN int ares_set_servers_ports(ares_channel channel,
+                                        struct ares_addr_port_node *servers);
+
+/* Incomming string format: host[:port][,host[:port]]... */
+CARES_EXTERN int ares_set_servers_csv(ares_channel channel,
+                                      const char* servers);
+CARES_EXTERN int ares_set_servers_ports_csv(ares_channel channel,
+                                            const char* servers);
+
+CARES_EXTERN int ares_get_servers(ares_channel channel,
+                                  struct ares_addr_node **servers);
+CARES_EXTERN int ares_get_servers_ports(ares_channel channel,
+                                        struct ares_addr_port_node **servers);
+
+CARES_EXTERN const char *ares_inet_ntop(int af, const void *src, char *dst,
+                                        ares_socklen_t size);
+
+CARES_EXTERN int ares_inet_pton(int af, const char *src, void *dst);
+
+
+#ifdef  __cplusplus
+}
+#endif
+
+#endif /* ARES__H */
diff --git a/client/3rd/ShadowSocks/ShadowSocks/libcares/include/ares_build.h b/client/3rd/ShadowSocks/ShadowSocks/libcares/include/ares_build.h
new file mode 100644
index 00000000..f42b59d0
--- /dev/null
+++ b/client/3rd/ShadowSocks/ShadowSocks/libcares/include/ares_build.h
@@ -0,0 +1,104 @@
+/* include/ares_build.h.  Generated from ares_build.h.in by configure.  */
+#ifndef __CARES_BUILD_H
+#define __CARES_BUILD_H
+
+
+/* Copyright (C) 2009 - 2021 by Daniel Stenberg et al
+ *
+ * Permission to use, copy, modify, and distribute this software and its
+ * documentation for any purpose and without fee is hereby granted, provided
+ * that the above copyright notice appear in all copies and that both that
+ * copyright notice and this permission notice appear in supporting
+ * documentation, and that the name of M.I.T. not be used in advertising or
+ * publicity pertaining to distribution of the software without specific,
+ * written prior permission.  M.I.T. makes no representations about the
+ * suitability of this software for any purpose.  It is provided "as is"
+ * without express or implied warranty.
+ */
+
+/* ================================================================ */
+/*               NOTES FOR CONFIGURE CAPABLE SYSTEMS                */
+/* ================================================================ */
+
+/*
+ * NOTE 1:
+ * -------
+ *
+ * Nothing in this file is intended to be modified or adjusted by the
+ * c-ares library user nor by the c-ares library builder.
+ *
+ * If you think that something actually needs to be changed, adjusted
+ * or fixed in this file, then, report it on the c-ares development
+ * mailing list: http://lists.haxx.se/listinfo/c-ares/
+ *
+ * This header file shall only export symbols which are 'cares' or 'CARES'
+ * prefixed, otherwise public name space would be polluted.
+ *
+ * NOTE 2:
+ * -------
+ *
+ * Right now you might be staring at file ares_build.h.in or ares_build.h,
+ * this is due to the following reason:
+ *
+ * On systems capable of running the configure script, the configure process
+ * will overwrite the distributed ares_build.h file with one that is suitable
+ * and specific to the library being configured and built, which is generated
+ * from the ares_build.h.in template file.
+ *
+ */
+
+/* ================================================================ */
+/*  DEFINITION OF THESE SYMBOLS SHALL NOT TAKE PLACE ANYWHERE ELSE  */
+/* ================================================================ */
+
+#ifdef CARES_TYPEOF_ARES_SOCKLEN_T
+#  error "CARES_TYPEOF_ARES_SOCKLEN_T shall not be defined except in ares_build.h"
+   Error Compilation_aborted_CARES_TYPEOF_ARES_SOCKLEN_T_already_defined
+#endif
+
+#define CARES_HAVE_ARPA_NAMESER_H 1
+#define CARES_HAVE_ARPA_NAMESER_COMPAT_H 1
+
+/* ================================================================ */
+/*  EXTERNAL INTERFACE SETTINGS FOR CONFIGURE CAPABLE SYSTEMS ONLY  */
+/* ================================================================ */
+
+/* Configure process defines this to 1 when it finds out that system  */
+/* header file ws2tcpip.h must be included by the external interface. */
+/* #undef CARES_PULL_WS2TCPIP_H */
+#ifdef CARES_PULL_WS2TCPIP_H
+#  ifndef WIN32_LEAN_AND_MEAN
+#    define WIN32_LEAN_AND_MEAN
+#  endif
+#  include <windows.h>
+#  include <winsock2.h>
+#  include <ws2tcpip.h>
+#endif
+
+/* Configure process defines this to 1 when it finds out that system   */
+/* header file sys/types.h must be included by the external interface. */
+#define CARES_PULL_SYS_TYPES_H 1
+#ifdef CARES_PULL_SYS_TYPES_H
+#  include <sys/types.h>
+#endif
+
+/* Configure process defines this to 1 when it finds out that system    */
+/* header file sys/socket.h must be included by the external interface. */
+#define CARES_PULL_SYS_SOCKET_H 1
+#ifdef CARES_PULL_SYS_SOCKET_H
+#  include <sys/socket.h>
+#endif
+
+/* Integral data type used for ares_socklen_t. */
+#define CARES_TYPEOF_ARES_SOCKLEN_T socklen_t
+
+/* Data type definition of ares_socklen_t. */
+typedef CARES_TYPEOF_ARES_SOCKLEN_T ares_socklen_t;
+
+/* Integral data type used for ares_ssize_t. */
+#define CARES_TYPEOF_ARES_SSIZE_T ssize_t
+
+/* Data type definition of ares_ssize_t. */
+typedef CARES_TYPEOF_ARES_SSIZE_T ares_ssize_t;
+
+#endif /* __CARES_BUILD_H */
diff --git a/client/3rd/ShadowSocks/ShadowSocks/libcares/include/ares_dns.h b/client/3rd/ShadowSocks/ShadowSocks/libcares/include/ares_dns.h
new file mode 100644
index 00000000..bc8aa7b1
--- /dev/null
+++ b/client/3rd/ShadowSocks/ShadowSocks/libcares/include/ares_dns.h
@@ -0,0 +1,112 @@
+#ifndef HEADER_CARES_DNS_H
+#define HEADER_CARES_DNS_H
+
+/* Copyright 1998, 2011 by the Massachusetts Institute of Technology.
+ *
+ * Permission to use, copy, modify, and distribute this
+ * software and its documentation for any purpose and without
+ * fee is hereby granted, provided that the above copyright
+ * notice appear in all copies and that both that copyright
+ * notice and this permission notice appear in supporting
+ * documentation, and that the name of M.I.T. not be used in
+ * advertising or publicity pertaining to distribution of the
+ * software without specific, written prior permission.
+ * M.I.T. makes no representations about the suitability of
+ * this software for any purpose.  It is provided "as is"
+ * without express or implied warranty.
+ */
+
+/*
+ * NOTE TO INTEGRATORS:
+ *
+ * This header is made public due to legacy projects relying on it.
+ * Please do not use the macros within this header, or include this
+ * header in your project as it may be removed in the future.
+ */
+
+
+/*
+ * Macro DNS__16BIT reads a network short (16 bit) given in network
+ * byte order, and returns its value as an unsigned short.
+ */
+#define DNS__16BIT(p)  ((unsigned short)((unsigned int) 0xffff & \
+                         (((unsigned int)((unsigned char)(p)[0]) << 8U) | \
+                          ((unsigned int)((unsigned char)(p)[1])))))
+
+/*
+ * Macro DNS__32BIT reads a network long (32 bit) given in network
+ * byte order, and returns its value as an unsigned int.
+ */
+#define DNS__32BIT(p)  ((unsigned int) \
+                         (((unsigned int)((unsigned char)(p)[0]) << 24U) | \
+                          ((unsigned int)((unsigned char)(p)[1]) << 16U) | \
+                          ((unsigned int)((unsigned char)(p)[2]) <<  8U) | \
+                          ((unsigned int)((unsigned char)(p)[3]))))
+
+#define DNS__SET16BIT(p, v)  (((p)[0] = (unsigned char)(((v) >> 8) & 0xff)), \
+                              ((p)[1] = (unsigned char)((v) & 0xff)))
+#define DNS__SET32BIT(p, v)  (((p)[0] = (unsigned char)(((v) >> 24) & 0xff)), \
+                              ((p)[1] = (unsigned char)(((v) >> 16) & 0xff)), \
+                              ((p)[2] = (unsigned char)(((v) >> 8) & 0xff)), \
+                              ((p)[3] = (unsigned char)((v) & 0xff)))
+
+#if 0
+/* we cannot use this approach on systems where we can't access 16/32 bit
+   data on un-aligned addresses */
+#define DNS__16BIT(p)                   ntohs(*(unsigned short*)(p))
+#define DNS__32BIT(p)                   ntohl(*(unsigned long*)(p))
+#define DNS__SET16BIT(p, v)             *(unsigned short*)(p) = htons(v)
+#define DNS__SET32BIT(p, v)             *(unsigned long*)(p) = htonl(v)
+#endif
+
+/* Macros for parsing a DNS header */
+#define DNS_HEADER_QID(h)               DNS__16BIT(h)
+#define DNS_HEADER_QR(h)                (((h)[2] >> 7) & 0x1)
+#define DNS_HEADER_OPCODE(h)            (((h)[2] >> 3) & 0xf)
+#define DNS_HEADER_AA(h)                (((h)[2] >> 2) & 0x1)
+#define DNS_HEADER_TC(h)                (((h)[2] >> 1) & 0x1)
+#define DNS_HEADER_RD(h)                ((h)[2] & 0x1)
+#define DNS_HEADER_RA(h)                (((h)[3] >> 7) & 0x1)
+#define DNS_HEADER_Z(h)                 (((h)[3] >> 4) & 0x7)
+#define DNS_HEADER_RCODE(h)             ((h)[3] & 0xf)
+#define DNS_HEADER_QDCOUNT(h)           DNS__16BIT((h) + 4)
+#define DNS_HEADER_ANCOUNT(h)           DNS__16BIT((h) + 6)
+#define DNS_HEADER_NSCOUNT(h)           DNS__16BIT((h) + 8)
+#define DNS_HEADER_ARCOUNT(h)           DNS__16BIT((h) + 10)
+
+/* Macros for constructing a DNS header */
+#define DNS_HEADER_SET_QID(h, v)      DNS__SET16BIT(h, v)
+#define DNS_HEADER_SET_QR(h, v)       ((h)[2] |= (unsigned char)(((v) & 0x1) << 7))
+#define DNS_HEADER_SET_OPCODE(h, v)   ((h)[2] |= (unsigned char)(((v) & 0xf) << 3))
+#define DNS_HEADER_SET_AA(h, v)       ((h)[2] |= (unsigned char)(((v) & 0x1) << 2))
+#define DNS_HEADER_SET_TC(h, v)       ((h)[2] |= (unsigned char)(((v) & 0x1) << 1))
+#define DNS_HEADER_SET_RD(h, v)       ((h)[2] |= (unsigned char)((v) & 0x1))
+#define DNS_HEADER_SET_RA(h, v)       ((h)[3] |= (unsigned char)(((v) & 0x1) << 7))
+#define DNS_HEADER_SET_Z(h, v)        ((h)[3] |= (unsigned char)(((v) & 0x7) << 4))
+#define DNS_HEADER_SET_RCODE(h, v)    ((h)[3] |= (unsigned char)((v) & 0xf))
+#define DNS_HEADER_SET_QDCOUNT(h, v)  DNS__SET16BIT((h) + 4, v)
+#define DNS_HEADER_SET_ANCOUNT(h, v)  DNS__SET16BIT((h) + 6, v)
+#define DNS_HEADER_SET_NSCOUNT(h, v)  DNS__SET16BIT((h) + 8, v)
+#define DNS_HEADER_SET_ARCOUNT(h, v)  DNS__SET16BIT((h) + 10, v)
+
+/* Macros for parsing the fixed part of a DNS question */
+#define DNS_QUESTION_TYPE(q)            DNS__16BIT(q)
+#define DNS_QUESTION_CLASS(q)           DNS__16BIT((q) + 2)
+
+/* Macros for constructing the fixed part of a DNS question */
+#define DNS_QUESTION_SET_TYPE(q, v)     DNS__SET16BIT(q, v)
+#define DNS_QUESTION_SET_CLASS(q, v)    DNS__SET16BIT((q) + 2, v)
+
+/* Macros for parsing the fixed part of a DNS resource record */
+#define DNS_RR_TYPE(r)                  DNS__16BIT(r)
+#define DNS_RR_CLASS(r)                 DNS__16BIT((r) + 2)
+#define DNS_RR_TTL(r)                   DNS__32BIT((r) + 4)
+#define DNS_RR_LEN(r)                   DNS__16BIT((r) + 8)
+
+/* Macros for constructing the fixed part of a DNS resource record */
+#define DNS_RR_SET_TYPE(r, v)           DNS__SET16BIT(r, v)
+#define DNS_RR_SET_CLASS(r, v)          DNS__SET16BIT((r) + 2, v)
+#define DNS_RR_SET_TTL(r, v)            DNS__SET32BIT((r) + 4, v)
+#define DNS_RR_SET_LEN(r, v)            DNS__SET16BIT((r) + 8, v)
+
+#endif /* HEADER_CARES_DNS_H */
diff --git a/client/3rd/ShadowSocks/ShadowSocks/libcares/include/ares_rules.h b/client/3rd/ShadowSocks/ShadowSocks/libcares/include/ares_rules.h
new file mode 100644
index 00000000..1706ab7d
--- /dev/null
+++ b/client/3rd/ShadowSocks/ShadowSocks/libcares/include/ares_rules.h
@@ -0,0 +1,125 @@
+#ifndef __CARES_RULES_H
+#define __CARES_RULES_H
+
+
+/* Copyright (C) 2009 - 2021 by Daniel Stenberg et al
+ *
+ * Permission to use, copy, modify, and distribute this software and its
+ * documentation for any purpose and without fee is hereby granted, provided
+ * that the above copyright notice appear in all copies and that both that
+ * copyright notice and this permission notice appear in supporting
+ * documentation, and that the name of M.I.T. not be used in advertising or
+ * publicity pertaining to distribution of the software without specific,
+ * written prior permission.  M.I.T. makes no representations about the
+ * suitability of this software for any purpose.  It is provided "as is"
+ * without express or implied warranty.
+ */
+
+/* ================================================================ */
+/*                    COMPILE TIME SANITY CHECKS                    */
+/* ================================================================ */
+
+/*
+ * NOTE 1:
+ * -------
+ *
+ * All checks done in this file are intentionally placed in a public
+ * header file which is pulled by ares.h when an application is
+ * being built using an already built c-ares library. Additionally
+ * this file is also included and used when building the library.
+ *
+ * If compilation fails on this file it is certainly sure that the
+ * problem is elsewhere. It could be a problem in the ares_build.h
+ * header file, or simply that you are using different compilation
+ * settings than those used to build the library.
+ *
+ * Nothing in this file is intended to be modified or adjusted by the
+ * c-ares library user nor by the c-ares library builder.
+ *
+ * Do not deactivate any check, these are done to make sure that the
+ * library is properly built and used.
+ *
+ * You can find further help on the c-ares development mailing list:
+ * http://lists.haxx.se/listinfo/c-ares/
+ *
+ * NOTE 2
+ * ------
+ *
+ * Some of the following compile time checks are based on the fact
+ * that the dimension of a constant array can not be a negative one.
+ * In this way if the compile time verification fails, the compilation
+ * will fail issuing an error. The error description wording is compiler
+ * dependent but it will be quite similar to one of the following:
+ *
+ *   "negative subscript or subscript is too large"
+ *   "array must have at least one element"
+ *   "-1 is an illegal array size"
+ *   "size of array is negative"
+ *
+ * If you are building an application which tries to use an already
+ * built c-ares library and you are getting this kind of errors on
+ * this file, it is a clear indication that there is a mismatch between
+ * how the library was built and how you are trying to use it for your
+ * application. Your already compiled or binary library provider is the
+ * only one who can give you the details you need to properly use it.
+ */
+
+/*
+ * Verify that some macros are actually defined.
+ */
+
+#ifndef CARES_TYPEOF_ARES_SOCKLEN_T
+#  error "CARES_TYPEOF_ARES_SOCKLEN_T definition is missing!"
+   Error Compilation_aborted_CARES_TYPEOF_ARES_SOCKLEN_T_is_missing
+#endif
+
+/*
+ * Macros private to this header file.
+ */
+
+#define CareschkszEQ(t, s) sizeof(t) == s ? 1 : -1
+
+#define CareschkszGE(t1, t2) sizeof(t1) >= sizeof(t2) ? 1 : -1
+
+/*
+ * Verify that the size previously defined and expected for
+ * ares_socklen_t is actually the same as the one reported
+ * by sizeof() at compile time.
+ */
+
+typedef char
+  __cares_rule_02__
+    [CareschkszEQ(ares_socklen_t, sizeof(CARES_TYPEOF_ARES_SOCKLEN_T))];
+
+/*
+ * Verify at compile time that the size of ares_socklen_t as reported
+ * by sizeof() is greater or equal than the one reported for int for
+ * the current compilation.
+ */
+
+typedef char
+  __cares_rule_03__
+    [CareschkszGE(ares_socklen_t, int)];
+
+/* ================================================================ */
+/*          EXTERNALLY AND INTERNALLY VISIBLE DEFINITIONS           */
+/* ================================================================ */
+
+/*
+ * Get rid of macros private to this header file.
+ */
+
+#undef CareschkszEQ
+#undef CareschkszGE
+
+/*
+ * Get rid of macros not intended to exist beyond this point.
+ */
+
+#undef CARES_PULL_WS2TCPIP_H
+#undef CARES_PULL_SYS_TYPES_H
+#undef CARES_PULL_SYS_SOCKET_H
+
+#undef CARES_TYPEOF_ARES_SOCKLEN_T
+
+#endif /* __CARES_RULES_H */
diff --git a/client/3rd/ShadowSocks/ShadowSocks/libcares/include/ares_version.h b/client/3rd/ShadowSocks/ShadowSocks/libcares/include/ares_version.h
new file mode 100644
index 00000000..22c6f62f
--- /dev/null
+++ b/client/3rd/ShadowSocks/ShadowSocks/libcares/include/ares_version.h
@@ -0,0 +1,24 @@
+
+#ifndef ARES__VERSION_H
+#define ARES__VERSION_H
+
+/* This is the global package copyright */
+#define ARES_COPYRIGHT "2004 - 2021 Daniel Stenberg, <daniel@haxx.se>."
+
+#define ARES_VERSION_MAJOR 1
+#define ARES_VERSION_MINOR 18
+#define ARES_VERSION_PATCH 1
+#define ARES_VERSION ((ARES_VERSION_MAJOR<<16)|\
+                       (ARES_VERSION_MINOR<<8)|\
+                       (ARES_VERSION_PATCH))
+#define ARES_VERSION_STR "1.18.1"
+
+#if (ARES_VERSION >= 0x010700)
+#  define CARES_HAVE_ARES_LIBRARY_INIT 1
+#  define CARES_HAVE_ARES_LIBRARY_CLEANUP 1
+#else
+#  undef CARES_HAVE_ARES_LIBRARY_INIT
+#  undef CARES_HAVE_ARES_LIBRARY_CLEANUP
+#endif
+
+#endif
diff --git a/client/3rd/ShadowSocks/ShadowSocks/libcares/lib/arm64/libcares.a b/client/3rd/ShadowSocks/ShadowSocks/libcares/lib/arm64/libcares.a
new file mode 100644
index 00000000..f0deed82
Binary files /dev/null and b/client/3rd/ShadowSocks/ShadowSocks/libcares/lib/arm64/libcares.a differ
diff --git a/client/3rd/ShadowSocks/ShadowSocks/libcares/lib/armv7/libcares.a b/client/3rd/ShadowSocks/ShadowSocks/libcares/lib/armv7/libcares.a
new file mode 100644
index 00000000..34185f5d
Binary files /dev/null and b/client/3rd/ShadowSocks/ShadowSocks/libcares/lib/armv7/libcares.a differ
diff --git a/client/3rd/ShadowSocks/ShadowSocks/libcares/lib/armv7s/libcares.a b/client/3rd/ShadowSocks/ShadowSocks/libcares/lib/armv7s/libcares.a
new file mode 100644
index 00000000..98fadd9d
Binary files /dev/null and b/client/3rd/ShadowSocks/ShadowSocks/libcares/lib/armv7s/libcares.a differ
diff --git a/client/3rd/ShadowSocks/ShadowSocks/libev/arm64/include/ev++.h b/client/3rd/ShadowSocks/ShadowSocks/libev/arm64/include/ev++.h
new file mode 100644
index 00000000..22dfcf58
--- /dev/null
+++ b/client/3rd/ShadowSocks/ShadowSocks/libev/arm64/include/ev++.h
@@ -0,0 +1,818 @@
+/*
+ * libev simple C++ wrapper classes
+ *
+ * Copyright (c) 2007,2008,2010,2018,2020 Marc Alexander Lehmann <libev@schmorp.de>
+ * All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without modifica-
+ * tion, are permitted provided that the following conditions are met:
+ *
+ *   1.  Redistributions of source code must retain the above copyright notice,
+ *       this list of conditions and the following disclaimer.
+ *
+ *   2.  Redistributions in binary form must reproduce the above copyright
+ *       notice, this list of conditions and the following disclaimer in the
+ *       documentation and/or other materials provided with the distribution.
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE AUTHOR ``AS IS'' AND ANY EXPRESS OR IMPLIED
+ * WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MER-
+ * CHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED.  IN NO
+ * EVENT SHALL THE AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPE-
+ * CIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO,
+ * PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS;
+ * OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY,
+ * WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTH-
+ * ERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
+ * OF THE POSSIBILITY OF SUCH DAMAGE.
+ *
+ * Alternatively, the contents of this file may be used under the terms of
+ * the GNU General Public License ("GPL") version 2 or any later version,
+ * in which case the provisions of the GPL are applicable instead of
+ * the above. If you wish to allow the use of your version of this file
+ * only under the terms of the GPL and not to allow others to use your
+ * version of this file under the BSD license, indicate your decision
+ * by deleting the provisions above and replace them with the notice
+ * and other provisions required by the GPL. If you do not delete the
+ * provisions above, a recipient may use your version of this file under
+ * either the BSD or the GPL.
+ */
+
+#ifndef EVPP_H__
+#define EVPP_H__
+
+#ifdef EV_H
+# include EV_H
+#else
+# include "ev.h"
+#endif
+
+#ifndef EV_USE_STDEXCEPT
+# define EV_USE_STDEXCEPT 1
+#endif
+
+#if EV_USE_STDEXCEPT
+# include <stdexcept>
+#endif
+
+namespace ev {
+
+  typedef ev_tstamp tstamp;
+
+  enum {
+    UNDEF    = EV_UNDEF,
+    NONE     = EV_NONE,
+    READ     = EV_READ,
+    WRITE    = EV_WRITE,
+#if EV_COMPAT3
+    TIMEOUT  = EV_TIMEOUT,
+#endif
+    TIMER    = EV_TIMER,
+    PERIODIC = EV_PERIODIC,
+    SIGNAL   = EV_SIGNAL,
+    CHILD    = EV_CHILD,
+    STAT     = EV_STAT,
+    IDLE     = EV_IDLE,
+    CHECK    = EV_CHECK,
+    PREPARE  = EV_PREPARE,
+    FORK     = EV_FORK,
+    ASYNC    = EV_ASYNC,
+    EMBED    = EV_EMBED,
+#   undef ERROR // some systems stupidly #define ERROR
+    ERROR    = EV_ERROR
+  };
+
+  enum
+  {
+    AUTO      = EVFLAG_AUTO,
+    NOENV     = EVFLAG_NOENV,
+    FORKCHECK = EVFLAG_FORKCHECK,
+
+    SELECT    = EVBACKEND_SELECT,
+    POLL      = EVBACKEND_POLL,
+    EPOLL     = EVBACKEND_EPOLL,
+    KQUEUE    = EVBACKEND_KQUEUE,
+    DEVPOLL   = EVBACKEND_DEVPOLL,
+    PORT      = EVBACKEND_PORT
+  };
+
+  enum
+  {
+#if EV_COMPAT3
+    NONBLOCK = EVLOOP_NONBLOCK,
+    ONESHOT  = EVLOOP_ONESHOT,
+#endif
+    NOWAIT   = EVRUN_NOWAIT,
+    ONCE     = EVRUN_ONCE
+  };
+
+  enum how_t
+  {
+    ONE = EVBREAK_ONE,
+    ALL = EVBREAK_ALL
+  };
+
+  struct bad_loop
+#if EV_USE_STDEXCEPT
+  : std::exception
+#endif
+  {
+#if EV_USE_STDEXCEPT
+    const char *what () const EV_NOEXCEPT
+    {
+      return "libev event loop cannot be initialized, bad value of LIBEV_FLAGS?";
+    }
+#endif
+  };
+
+#ifdef EV_AX
+#  undef EV_AX
+#endif
+
+#ifdef EV_AX_
+#  undef EV_AX_
+#endif
+
+#if EV_MULTIPLICITY
+#  define EV_AX  raw_loop
+#  define EV_AX_ raw_loop,
+#else
+#  define EV_AX
+#  define EV_AX_
+#endif
+
+  struct loop_ref
+  {
+    loop_ref (EV_P) EV_NOEXCEPT
+#if EV_MULTIPLICITY
+    : EV_AX (EV_A)
+#endif
+    {
+    }
+
+    bool operator == (const loop_ref &other) const EV_NOEXCEPT
+    {
+#if EV_MULTIPLICITY
+      return EV_AX == other.EV_AX;
+#else
+      return true;
+#endif
+    }
+
+    bool operator != (const loop_ref &other) const EV_NOEXCEPT
+    {
+#if EV_MULTIPLICITY
+      return ! (*this == other);
+#else
+      return false;
+#endif
+    }
+
+#if EV_MULTIPLICITY
+    bool operator == (const EV_P) const EV_NOEXCEPT
+    {
+      return this->EV_AX == EV_A;
+    }
+
+    bool operator != (const EV_P) const EV_NOEXCEPT
+    {
+      return ! (*this == EV_A);
+    }
+
+    operator struct ev_loop * () const EV_NOEXCEPT
+    {
+      return EV_AX;
+    }
+
+    operator const struct ev_loop * () const EV_NOEXCEPT
+    {
+      return EV_AX;
+    }
+
+    bool is_default () const EV_NOEXCEPT
+    {
+      return EV_AX == ev_default_loop (0);
+    }
+#endif
+
+#if EV_COMPAT3
+    void loop (int flags = 0)
+    {
+      ev_run (EV_AX_ flags);
+    }
+
+    void unloop (how_t how = ONE) EV_NOEXCEPT
+    {
+      ev_break (EV_AX_ how);
+    }
+#endif
+
+    void run (int flags = 0)
+    {
+      ev_run (EV_AX_ flags);
+    }
+
+    void break_loop (how_t how = ONE) EV_NOEXCEPT
+    {
+      ev_break (EV_AX_ how);
+    }
+
+    void post_fork () EV_NOEXCEPT
+    {
+      ev_loop_fork (EV_AX);
+    }
+
+    unsigned int backend () const EV_NOEXCEPT
+    {
+      return ev_backend (EV_AX);
+    }
+
+    tstamp now () const EV_NOEXCEPT
+    {
+      return ev_now (EV_AX);
+    }
+
+    void ref () EV_NOEXCEPT
+    {
+      ev_ref (EV_AX);
+    }
+
+    void unref () EV_NOEXCEPT
+    {
+      ev_unref (EV_AX);
+    }
+
+#if EV_FEATURE_API
+    unsigned int iteration () const EV_NOEXCEPT
+    {
+      return ev_iteration (EV_AX);
+    }
+
+    unsigned int depth () const EV_NOEXCEPT
+    {
+      return ev_depth (EV_AX);
+    }
+
+    void set_io_collect_interval (tstamp interval) EV_NOEXCEPT
+    {
+      ev_set_io_collect_interval (EV_AX_ interval);
+    }
+
+    void set_timeout_collect_interval (tstamp interval) EV_NOEXCEPT
+    {
+      ev_set_timeout_collect_interval (EV_AX_ interval);
+    }
+#endif
+
+    // function callback
+    void once (int fd, int events, tstamp timeout, void (*cb)(int, void *), void *arg = 0) EV_NOEXCEPT
+    {
+      ev_once (EV_AX_ fd, events, timeout, cb, arg);
+    }
+
+    // method callback
+    template<class K, void (K::*method)(int)>
+    void once (int fd, int events, tstamp timeout, K *object) EV_NOEXCEPT
+    {
+      once (fd, events, timeout, method_thunk<K, method>, object);
+    }
+
+    // default method == operator ()
+    template<class K>
+    void once (int fd, int events, tstamp timeout, K *object) EV_NOEXCEPT
+    {
+      once (fd, events, timeout, method_thunk<K, &K::operator ()>, object);
+    }
+
+    template<class K, void (K::*method)(int)>
+    static void method_thunk (int revents, void *arg)
+    {
+      (static_cast<K *>(arg)->*method)
+        (revents);
+    }
+
+    // no-argument method callback
+    template<class K, void (K::*method)()>
+    void once (int fd, int events, tstamp timeout, K *object) EV_NOEXCEPT
+    {
+      once (fd, events, timeout, method_noargs_thunk<K, method>, object);
+    }
+
+    template<class K, void (K::*method)()>
+    static void method_noargs_thunk (int revents, void *arg)
+    {
+      (static_cast<K *>(arg)->*method)
+        ();
+    }
+
+    // simpler function callback
+    template<void (*cb)(int)>
+    void once (int fd, int events, tstamp timeout) EV_NOEXCEPT
+    {
+      once (fd, events, timeout, simpler_func_thunk<cb>);
+    }
+
+    template<void (*cb)(int)>
+    static void simpler_func_thunk (int revents, void *arg)
+    {
+      (*cb)
+        (revents);
+    }
+
+    // simplest function callback
+    template<void (*cb)()>
+    void once (int fd, int events, tstamp timeout) EV_NOEXCEPT
+    {
+      once (fd, events, timeout, simplest_func_thunk<cb>);
+    }
+
+    template<void (*cb)()>
+    static void simplest_func_thunk (int revents, void *arg)
+    {
+      (*cb)
+        ();
+    }
+
+    void feed_fd_event (int fd, int revents) EV_NOEXCEPT
+    {
+      ev_feed_fd_event (EV_AX_ fd, revents);
+    }
+
+    void feed_signal_event (int signum) EV_NOEXCEPT
+    {
+      ev_feed_signal_event (EV_AX_ signum);
+    }
+
+#if EV_MULTIPLICITY
+    struct ev_loop* EV_AX;
+#endif
+
+  };
+
+#if EV_MULTIPLICITY
+  struct dynamic_loop : loop_ref
+  {
+
+    dynamic_loop (unsigned int flags = AUTO)
+    : loop_ref (ev_loop_new (flags))
+    {
+      if (!EV_AX)
+        throw bad_loop ();
+    }
+
+    ~dynamic_loop () EV_NOEXCEPT
+    {
+      ev_loop_destroy (EV_AX);
+      EV_AX = 0;
+    }
+
+  private:
+
+    dynamic_loop (const dynamic_loop &);
+
+    dynamic_loop & operator= (const dynamic_loop &);
+
+  };
+#endif
+
+  struct default_loop : loop_ref
+  {
+    default_loop (unsigned int flags = AUTO)
+#if EV_MULTIPLICITY
+    : loop_ref (ev_default_loop (flags))
+#endif
+    {
+      if (
+#if EV_MULTIPLICITY
+          !EV_AX
+#else
+          !ev_default_loop (flags)
+#endif
+      )
+        throw bad_loop ();
+    }
+
+  private:
+    default_loop (const default_loop &);
+    default_loop &operator = (const default_loop &);
+  };
+
+  inline loop_ref get_default_loop () EV_NOEXCEPT
+  {
+#if EV_MULTIPLICITY
+    return ev_default_loop (0);
+#else
+    return loop_ref ();
+#endif
+  }
+
+#undef EV_AX
+#undef EV_AX_
+
+#undef EV_PX
+#undef EV_PX_
+#if EV_MULTIPLICITY
+#  define EV_PX  loop_ref EV_A
+#  define EV_PX_ loop_ref EV_A_
+#else
+#  define EV_PX
+#  define EV_PX_
+#endif
+
+  template<class ev_watcher, class watcher>
+  struct base : ev_watcher
+  {
+    // scoped pause/unpause of a watcher
+    struct freeze_guard
+    {
+      watcher &w;
+      bool active;
+
+      freeze_guard (watcher *self) EV_NOEXCEPT
+      : w (*self), active (w.is_active ())
+      {
+        if (active) w.stop ();
+      }
+
+      ~freeze_guard ()
+      {
+        if (active) w.start ();
+      }
+    };
+
+    #if EV_MULTIPLICITY
+      EV_PX;
+
+      // loop set
+      void set (EV_P) EV_NOEXCEPT
+      {
+        this->EV_A = EV_A;
+      }
+    #endif
+
+    base (EV_PX) EV_NOEXCEPT
+    #if EV_MULTIPLICITY
+      : EV_A (EV_A)
+    #endif
+    {
+      ev_init (this, 0);
+    }
+
+    void set_ (const void *data, void (*cb)(EV_P_ ev_watcher *w, int revents)) EV_NOEXCEPT
+    {
+      this->data = (void *)data;
+      ev_set_cb (static_cast<ev_watcher *>(this), cb);
+    }
+
+    // function callback
+    template<void (*function)(watcher &w, int)>
+    void set (void *data = 0) EV_NOEXCEPT
+    {
+      set_ (data, function_thunk<function>);
+    }
+
+    template<void (*function)(watcher &w, int)>
+    static void function_thunk (EV_P_ ev_watcher *w, int revents)
+    {
+      function
+        (*static_cast<watcher *>(w), revents);
+    }
+
+    // method callback
+    template<class K, void (K::*method)(watcher &w, int)>
+    void set (K *object) EV_NOEXCEPT
+    {
+      set_ (object, method_thunk<K, method>);
+    }
+
+    // default method == operator ()
+    template<class K>
+    void set (K *object) EV_NOEXCEPT
+    {
+      set_ (object, method_thunk<K, &K::operator ()>);
+    }
+
+    template<class K, void (K::*method)(watcher &w, int)>
+    static void method_thunk (EV_P_ ev_watcher *w, int revents)
+    {
+      (static_cast<K *>(w->data)->*method)
+        (*static_cast<watcher *>(w), revents);
+    }
+
+    // no-argument callback
+    template<class K, void (K::*method)()>
+    void set (K *object) EV_NOEXCEPT
+    {
+      set_ (object, method_noargs_thunk<K, method>);
+    }
+
+    template<class K, void (K::*method)()>
+    static void method_noargs_thunk (EV_P_ ev_watcher *w, int revents)
+    {
+      (static_cast<K *>(w->data)->*method)
+        ();
+    }
+
+    void operator ()(int events = EV_UNDEF)
+    {
+      return
+        ev_cb (static_cast<ev_watcher *>(this))
+          (static_cast<ev_watcher *>(this), events);
+    }
+
+    bool is_active () const EV_NOEXCEPT
+    {
+      return ev_is_active (static_cast<const ev_watcher *>(this));
+    }
+
+    bool is_pending () const EV_NOEXCEPT
+    {
+      return ev_is_pending (static_cast<const ev_watcher *>(this));
+    }
+
+    void feed_event (int revents) EV_NOEXCEPT
+    {
+      ev_feed_event (EV_A_ static_cast<ev_watcher *>(this), revents);
+    }
+  };
+
+  inline tstamp now (EV_P) EV_NOEXCEPT
+  {
+    return ev_now (EV_A);
+  }
+
+  inline void delay (tstamp interval) EV_NOEXCEPT
+  {
+    ev_sleep (interval);
+  }
+
+  inline int version_major () EV_NOEXCEPT
+  {
+    return ev_version_major ();
+  }
+
+  inline int version_minor () EV_NOEXCEPT
+  {
+    return ev_version_minor ();
+  }
+
+  inline unsigned int supported_backends () EV_NOEXCEPT
+  {
+    return ev_supported_backends ();
+  }
+
+  inline unsigned int recommended_backends () EV_NOEXCEPT
+  {
+    return ev_recommended_backends ();
+  }
+
+  inline unsigned int embeddable_backends () EV_NOEXCEPT
+  {
+    return ev_embeddable_backends ();
+  }
+
+  inline void set_allocator (void *(*cb)(void *ptr, long size) EV_NOEXCEPT) EV_NOEXCEPT
+  {
+    ev_set_allocator (cb);
+  }
+
+  inline void set_syserr_cb (void (*cb)(const char *msg) EV_NOEXCEPT) EV_NOEXCEPT
+  {
+    ev_set_syserr_cb (cb);
+  }
+
+  #if EV_MULTIPLICITY
+    #define EV_CONSTRUCT(cppstem,cstem)	                                                \
+      (EV_PX = get_default_loop ()) EV_NOEXCEPT                                         \
+        : base<ev_ ## cstem, cppstem> (EV_A)                                            \
+      {                                                                                 \
+      }
+  #else
+    #define EV_CONSTRUCT(cppstem,cstem)                                                 \
+      () EV_NOEXCEPT                                                                    \
+      {                                                                                 \
+      }
+  #endif
+
+  /* using a template here would require quite a few more lines,
+   * so a macro solution was chosen */
+  #define EV_BEGIN_WATCHER(cppstem,cstem)	                                        \
+                                                                                        \
+  struct cppstem : base<ev_ ## cstem, cppstem>                                          \
+  {                                                                                     \
+    void start () EV_NOEXCEPT                                                           \
+    {                                                                                   \
+      ev_ ## cstem ## _start (EV_A_ static_cast<ev_ ## cstem *>(this));                 \
+    }                                                                                   \
+                                                                                        \
+    void stop () EV_NOEXCEPT                                                            \
+    {                                                                                   \
+      ev_ ## cstem ## _stop (EV_A_ static_cast<ev_ ## cstem *>(this));                  \
+    }                                                                                   \
+                                                                                        \
+    cppstem EV_CONSTRUCT(cppstem,cstem)                                                 \
+                                                                                        \
+    ~cppstem () EV_NOEXCEPT                                                             \
+    {                                                                                   \
+      stop ();                                                                          \
+    }                                                                                   \
+                                                                                        \
+    using base<ev_ ## cstem, cppstem>::set;                                             \
+                                                                                        \
+  private:                                                                              \
+                                                                                        \
+    cppstem (const cppstem &o);                                                         \
+                                                                                        \
+    cppstem &operator =(const cppstem &o);                                              \
+                                                                                        \
+  public:
+
+  #define EV_END_WATCHER(cppstem,cstem)	                                                \
+  };
+
+  EV_BEGIN_WATCHER (io, io)
+    void set (int fd, int events) EV_NOEXCEPT
+    {
+      freeze_guard freeze (this);
+      ev_io_set (static_cast<ev_io *>(this), fd, events);
+    }
+
+    void set (int events) EV_NOEXCEPT
+    {
+      freeze_guard freeze (this);
+      ev_io_modify (static_cast<ev_io *>(this), events);
+    }
+
+    void start (int fd, int events) EV_NOEXCEPT
+    {
+      set (fd, events);
+      start ();
+    }
+  EV_END_WATCHER (io, io)
+
+  EV_BEGIN_WATCHER (timer, timer)
+    void set (ev_tstamp after, ev_tstamp repeat = 0.) EV_NOEXCEPT
+    {
+      freeze_guard freeze (this);
+      ev_timer_set (static_cast<ev_timer *>(this), after, repeat);
+    }
+
+    void start (ev_tstamp after, ev_tstamp repeat = 0.) EV_NOEXCEPT
+    {
+      set (after, repeat);
+      start ();
+    }
+
+    void again () EV_NOEXCEPT
+    {
+      ev_timer_again (EV_A_ static_cast<ev_timer *>(this));
+    }
+
+    ev_tstamp remaining ()
+    {
+      return ev_timer_remaining (EV_A_ static_cast<ev_timer *>(this));
+    }
+  EV_END_WATCHER (timer, timer)
+
+  #if EV_PERIODIC_ENABLE
+  EV_BEGIN_WATCHER (periodic, periodic)
+    void set (ev_tstamp at, ev_tstamp interval = 0.) EV_NOEXCEPT
+    {
+      freeze_guard freeze (this);
+      ev_periodic_set (static_cast<ev_periodic *>(this), at, interval, 0);
+    }
+
+    void start (ev_tstamp at, ev_tstamp interval = 0.) EV_NOEXCEPT
+    {
+      set (at, interval);
+      start ();
+    }
+
+    void again () EV_NOEXCEPT
+    {
+      ev_periodic_again (EV_A_ static_cast<ev_periodic *>(this));
+    }
+  EV_END_WATCHER (periodic, periodic)
+  #endif
+
+  #if EV_SIGNAL_ENABLE
+  EV_BEGIN_WATCHER (sig, signal)
+    void set (int signum) EV_NOEXCEPT
+    {
+      freeze_guard freeze (this);
+      ev_signal_set (static_cast<ev_signal *>(this), signum);
+    }
+
+    void start (int signum) EV_NOEXCEPT
+    {
+      set (signum);
+      start ();
+    }
+  EV_END_WATCHER (sig, signal)
+  #endif
+
+  #if EV_CHILD_ENABLE
+  EV_BEGIN_WATCHER (child, child)
+    void set (int pid, int trace = 0) EV_NOEXCEPT
+    {
+      freeze_guard freeze (this);
+      ev_child_set (static_cast<ev_child *>(this), pid, trace);
+    }
+
+    void start (int pid, int trace = 0) EV_NOEXCEPT
+    {
+      set (pid, trace);
+      start ();
+    }
+  EV_END_WATCHER (child, child)
+  #endif
+
+  #if EV_STAT_ENABLE
+  EV_BEGIN_WATCHER (stat, stat)
+    void set (const char *path, ev_tstamp interval = 0.) EV_NOEXCEPT
+    {
+      freeze_guard freeze (this);
+      ev_stat_set (static_cast<ev_stat *>(this), path, interval);
+    }
+
+    void start (const char *path, ev_tstamp interval = 0.) EV_NOEXCEPT
+    {
+      stop ();
+      set (path, interval);
+      start ();
+    }
+
+    void update () EV_NOEXCEPT
+    {
+      ev_stat_stat (EV_A_ static_cast<ev_stat *>(this));
+    }
+  EV_END_WATCHER (stat, stat)
+  #endif
+
+  #if EV_IDLE_ENABLE
+  EV_BEGIN_WATCHER (idle, idle)
+    void set () EV_NOEXCEPT { }
+  EV_END_WATCHER (idle, idle)
+  #endif
+
+  #if EV_PREPARE_ENABLE
+  EV_BEGIN_WATCHER (prepare, prepare)
+    void set () EV_NOEXCEPT { }
+  EV_END_WATCHER (prepare, prepare)
+  #endif
+
+  #if EV_CHECK_ENABLE
+  EV_BEGIN_WATCHER (check, check)
+    void set () EV_NOEXCEPT { }
+  EV_END_WATCHER (check, check)
+  #endif
+
+  #if EV_EMBED_ENABLE
+  EV_BEGIN_WATCHER (embed, embed)
+    void set_embed (struct ev_loop *embedded_loop) EV_NOEXCEPT
+    {
+      freeze_guard freeze (this);
+      ev_embed_set (static_cast<ev_embed *>(this), embedded_loop);
+    }
+
+    void start (struct ev_loop *embedded_loop) EV_NOEXCEPT
+    {
+      set (embedded_loop);
+      start ();
+    }
+
+    void sweep ()
+    {
+      ev_embed_sweep (EV_A_ static_cast<ev_embed *>(this));
+    }
+  EV_END_WATCHER (embed, embed)
+  #endif
+
+  #if EV_FORK_ENABLE
+  EV_BEGIN_WATCHER (fork, fork)
+    void set () EV_NOEXCEPT { }
+  EV_END_WATCHER (fork, fork)
+  #endif
+
+  #if EV_ASYNC_ENABLE
+  EV_BEGIN_WATCHER (async, async)
+    void send () EV_NOEXCEPT
+    {
+      ev_async_send (EV_A_ static_cast<ev_async *>(this));
+    }
+
+    bool async_pending () EV_NOEXCEPT
+    {
+      return ev_async_pending (static_cast<ev_async *>(this));
+    }
+  EV_END_WATCHER (async, async)
+  #endif
+
+  #undef EV_PX
+  #undef EV_PX_
+  #undef EV_CONSTRUCT
+  #undef EV_BEGIN_WATCHER
+  #undef EV_END_WATCHER
+}
+
+#endif
+
diff --git a/client/3rd/ShadowSocks/ShadowSocks/libev/arm64/include/ev.h b/client/3rd/ShadowSocks/ShadowSocks/libev/arm64/include/ev.h
new file mode 100644
index 00000000..4669c39b
--- /dev/null
+++ b/client/3rd/ShadowSocks/ShadowSocks/libev/arm64/include/ev.h
@@ -0,0 +1,860 @@
+/*
+ * libev native API header
+ *
+ * Copyright (c) 2007-2020 Marc Alexander Lehmann <libev@schmorp.de>
+ * All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without modifica-
+ * tion, are permitted provided that the following conditions are met:
+ *
+ *   1.  Redistributions of source code must retain the above copyright notice,
+ *       this list of conditions and the following disclaimer.
+ *
+ *   2.  Redistributions in binary form must reproduce the above copyright
+ *       notice, this list of conditions and the following disclaimer in the
+ *       documentation and/or other materials provided with the distribution.
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE AUTHOR ``AS IS'' AND ANY EXPRESS OR IMPLIED
+ * WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MER-
+ * CHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED.  IN NO
+ * EVENT SHALL THE AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPE-
+ * CIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO,
+ * PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS;
+ * OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY,
+ * WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTH-
+ * ERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
+ * OF THE POSSIBILITY OF SUCH DAMAGE.
+ *
+ * Alternatively, the contents of this file may be used under the terms of
+ * the GNU General Public License ("GPL") version 2 or any later version,
+ * in which case the provisions of the GPL are applicable instead of
+ * the above. If you wish to allow the use of your version of this file
+ * only under the terms of the GPL and not to allow others to use your
+ * version of this file under the BSD license, indicate your decision
+ * by deleting the provisions above and replace them with the notice
+ * and other provisions required by the GPL. If you do not delete the
+ * provisions above, a recipient may use your version of this file under
+ * either the BSD or the GPL.
+ */
+
+#ifndef EV_H_
+#define EV_H_
+
+#ifdef __cplusplus
+# define EV_CPP(x) x
+# if __cplusplus >= 201103L
+#  define EV_NOEXCEPT noexcept
+# else
+#  define EV_NOEXCEPT
+# endif
+#else
+# define EV_CPP(x)
+# define EV_NOEXCEPT
+#endif
+#define EV_THROW EV_NOEXCEPT /* pre-4.25, do not use in new code */
+
+EV_CPP(extern "C" {)
+
+/*****************************************************************************/
+
+/* pre-4.0 compatibility */
+#ifndef EV_COMPAT3
+# define EV_COMPAT3 1
+#endif
+
+#ifndef EV_FEATURES
+# if defined __OPTIMIZE_SIZE__
+#  define EV_FEATURES 0x7c
+# else
+#  define EV_FEATURES 0x7f
+# endif
+#endif
+
+#define EV_FEATURE_CODE     ((EV_FEATURES) &  1)
+#define EV_FEATURE_DATA     ((EV_FEATURES) &  2)
+#define EV_FEATURE_CONFIG   ((EV_FEATURES) &  4)
+#define EV_FEATURE_API      ((EV_FEATURES) &  8)
+#define EV_FEATURE_WATCHERS ((EV_FEATURES) & 16)
+#define EV_FEATURE_BACKENDS ((EV_FEATURES) & 32)
+#define EV_FEATURE_OS       ((EV_FEATURES) & 64)
+
+/* these priorities are inclusive, higher priorities will be invoked earlier */
+#ifndef EV_MINPRI
+# define EV_MINPRI (EV_FEATURE_CONFIG ? -2 : 0)
+#endif
+#ifndef EV_MAXPRI
+# define EV_MAXPRI (EV_FEATURE_CONFIG ? +2 : 0)
+#endif
+
+#ifndef EV_MULTIPLICITY
+# define EV_MULTIPLICITY EV_FEATURE_CONFIG
+#endif
+
+#ifndef EV_PERIODIC_ENABLE
+# define EV_PERIODIC_ENABLE EV_FEATURE_WATCHERS
+#endif
+
+#ifndef EV_STAT_ENABLE
+# define EV_STAT_ENABLE EV_FEATURE_WATCHERS
+#endif
+
+#ifndef EV_PREPARE_ENABLE
+# define EV_PREPARE_ENABLE EV_FEATURE_WATCHERS
+#endif
+
+#ifndef EV_CHECK_ENABLE
+# define EV_CHECK_ENABLE EV_FEATURE_WATCHERS
+#endif
+
+#ifndef EV_IDLE_ENABLE
+# define EV_IDLE_ENABLE EV_FEATURE_WATCHERS
+#endif
+
+#ifndef EV_FORK_ENABLE
+# define EV_FORK_ENABLE EV_FEATURE_WATCHERS
+#endif
+
+#ifndef EV_CLEANUP_ENABLE
+# define EV_CLEANUP_ENABLE EV_FEATURE_WATCHERS
+#endif
+
+#ifndef EV_SIGNAL_ENABLE
+# define EV_SIGNAL_ENABLE EV_FEATURE_WATCHERS
+#endif
+
+#ifndef EV_CHILD_ENABLE
+# ifdef _WIN32
+#  define EV_CHILD_ENABLE 0
+# else
+#  define EV_CHILD_ENABLE EV_FEATURE_WATCHERS
+#endif
+#endif
+
+#ifndef EV_ASYNC_ENABLE
+# define EV_ASYNC_ENABLE EV_FEATURE_WATCHERS
+#endif
+
+#ifndef EV_EMBED_ENABLE
+# define EV_EMBED_ENABLE EV_FEATURE_WATCHERS
+#endif
+
+#ifndef EV_WALK_ENABLE
+# define EV_WALK_ENABLE 0 /* not yet */
+#endif
+
+/*****************************************************************************/
+
+#if EV_CHILD_ENABLE && !EV_SIGNAL_ENABLE
+# undef EV_SIGNAL_ENABLE
+# define EV_SIGNAL_ENABLE 1
+#endif
+
+/*****************************************************************************/
+
+#ifndef EV_TSTAMP_T
+# define EV_TSTAMP_T double
+#endif
+typedef EV_TSTAMP_T ev_tstamp;
+
+#include <string.h> /* for memmove */
+
+#ifndef EV_ATOMIC_T
+# include <signal.h>
+# define EV_ATOMIC_T sig_atomic_t volatile
+#endif
+
+#if EV_STAT_ENABLE
+# ifdef _WIN32
+#  include <time.h>
+#  include <sys/types.h>
+# endif
+# include <sys/stat.h>
+#endif
+
+/* support multiple event loops? */
+#if EV_MULTIPLICITY
+struct ev_loop;
+# define EV_P  struct ev_loop *loop               /* a loop as sole parameter in a declaration */
+# define EV_P_ EV_P,                              /* a loop as first of multiple parameters */
+# define EV_A  loop                               /* a loop as sole argument to a function call */
+# define EV_A_ EV_A,                              /* a loop as first of multiple arguments */
+# define EV_DEFAULT_UC  ev_default_loop_uc_ ()    /* the default loop, if initialised, as sole arg */
+# define EV_DEFAULT_UC_ EV_DEFAULT_UC,            /* the default loop as first of multiple arguments */
+# define EV_DEFAULT  ev_default_loop (0)          /* the default loop as sole arg */
+# define EV_DEFAULT_ EV_DEFAULT,                  /* the default loop as first of multiple arguments */
+#else
+# define EV_P void
+# define EV_P_
+# define EV_A
+# define EV_A_
+# define EV_DEFAULT
+# define EV_DEFAULT_
+# define EV_DEFAULT_UC
+# define EV_DEFAULT_UC_
+# undef EV_EMBED_ENABLE
+#endif
+
+/* EV_INLINE is used for functions in header files */
+#if __STDC_VERSION__ >= 199901L || __GNUC__ >= 3
+# define EV_INLINE static inline
+#else
+# define EV_INLINE static
+#endif
+
+#ifdef EV_API_STATIC
+# define EV_API_DECL static
+#else
+# define EV_API_DECL extern
+#endif
+
+/* EV_PROTOTYPES can be used to switch of prototype declarations */
+#ifndef EV_PROTOTYPES
+# define EV_PROTOTYPES 1
+#endif
+
+/*****************************************************************************/
+
+#define EV_VERSION_MAJOR 4
+#define EV_VERSION_MINOR 33
+
+/* eventmask, revents, events... */
+enum {
+  EV_UNDEF    = (int)0xFFFFFFFF, /* guaranteed to be invalid */
+  EV_NONE     =            0x00, /* no events */
+  EV_READ     =            0x01, /* ev_io detected read will not block */
+  EV_WRITE    =            0x02, /* ev_io detected write will not block */
+  EV__IOFDSET =            0x80, /* internal use only */
+  EV_IO       =         EV_READ, /* alias for type-detection */
+  EV_TIMER    =      0x00000100, /* timer timed out */
+#if EV_COMPAT3
+  EV_TIMEOUT  =        EV_TIMER, /* pre 4.0 API compatibility */
+#endif
+  EV_PERIODIC =      0x00000200, /* periodic timer timed out */
+  EV_SIGNAL   =      0x00000400, /* signal was received */
+  EV_CHILD    =      0x00000800, /* child/pid had status change */
+  EV_STAT     =      0x00001000, /* stat data changed */
+  EV_IDLE     =      0x00002000, /* event loop is idling */
+  EV_PREPARE  =      0x00004000, /* event loop about to poll */
+  EV_CHECK    =      0x00008000, /* event loop finished poll */
+  EV_EMBED    =      0x00010000, /* embedded event loop needs sweep */
+  EV_FORK     =      0x00020000, /* event loop resumed in child */
+  EV_CLEANUP  =      0x00040000, /* event loop resumed in child */
+  EV_ASYNC    =      0x00080000, /* async intra-loop signal */
+  EV_CUSTOM   =      0x01000000, /* for use by user code */
+  EV_ERROR    = (int)0x80000000  /* sent when an error occurs */
+};
+
+/* can be used to add custom fields to all watchers, while losing binary compatibility */
+#ifndef EV_COMMON
+# define EV_COMMON void *data;
+#endif
+
+#ifndef EV_CB_DECLARE
+# define EV_CB_DECLARE(type) void (*cb)(EV_P_ struct type *w, int revents);
+#endif
+#ifndef EV_CB_INVOKE
+# define EV_CB_INVOKE(watcher,revents) (watcher)->cb (EV_A_ (watcher), (revents))
+#endif
+
+/* not official, do not use */
+#define EV_CB(type,name) void name (EV_P_ struct ev_ ## type *w, int revents)
+
+/*
+ * struct member types:
+ * private: you may look at them, but not change them,
+ *          and they might not mean anything to you.
+ * ro: can be read anytime, but only changed when the watcher isn't active.
+ * rw: can be read and modified anytime, even when the watcher is active.
+ *
+ * some internal details that might be helpful for debugging:
+ *
+ * active is either 0, which means the watcher is not active,
+ *           or the array index of the watcher (periodics, timers)
+ *           or the array index + 1 (most other watchers)
+ *           or simply 1 for watchers that aren't in some array.
+ * pending is either 0, in which case the watcher isn't,
+ *           or the array index + 1 in the pendings array.
+ */
+
+#if EV_MINPRI == EV_MAXPRI
+# define EV_DECL_PRIORITY
+#elif !defined (EV_DECL_PRIORITY)
+# define EV_DECL_PRIORITY int priority;
+#endif
+
+/* shared by all watchers */
+#define EV_WATCHER(type)			\
+  int active; /* private */			\
+  int pending; /* private */			\
+  EV_DECL_PRIORITY /* private */		\
+  EV_COMMON /* rw */				\
+  EV_CB_DECLARE (type) /* private */
+
+#define EV_WATCHER_LIST(type)			\
+  EV_WATCHER (type)				\
+  struct ev_watcher_list *next; /* private */
+
+#define EV_WATCHER_TIME(type)			\
+  EV_WATCHER (type)				\
+  ev_tstamp at;     /* private */
+
+/* base class, nothing to see here unless you subclass */
+typedef struct ev_watcher
+{
+  EV_WATCHER (ev_watcher)
+} ev_watcher;
+
+/* base class, nothing to see here unless you subclass */
+typedef struct ev_watcher_list
+{
+  EV_WATCHER_LIST (ev_watcher_list)
+} ev_watcher_list;
+
+/* base class, nothing to see here unless you subclass */
+typedef struct ev_watcher_time
+{
+  EV_WATCHER_TIME (ev_watcher_time)
+} ev_watcher_time;
+
+/* invoked when fd is either EV_READable or EV_WRITEable */
+/* revent EV_READ, EV_WRITE */
+typedef struct ev_io
+{
+  EV_WATCHER_LIST (ev_io)
+
+  int fd;     /* ro */
+  int events; /* ro */
+} ev_io;
+
+/* invoked after a specific time, repeatable (based on monotonic clock) */
+/* revent EV_TIMEOUT */
+typedef struct ev_timer
+{
+  EV_WATCHER_TIME (ev_timer)
+
+  ev_tstamp repeat; /* rw */
+} ev_timer;
+
+/* invoked at some specific time, possibly repeating at regular intervals (based on UTC) */
+/* revent EV_PERIODIC */
+typedef struct ev_periodic
+{
+  EV_WATCHER_TIME (ev_periodic)
+
+  ev_tstamp offset; /* rw */
+  ev_tstamp interval; /* rw */
+  ev_tstamp (*reschedule_cb)(struct ev_periodic *w, ev_tstamp now) EV_NOEXCEPT; /* rw */
+} ev_periodic;
+
+/* invoked when the given signal has been received */
+/* revent EV_SIGNAL */
+typedef struct ev_signal
+{
+  EV_WATCHER_LIST (ev_signal)
+
+  int signum; /* ro */
+} ev_signal;
+
+/* invoked when sigchld is received and waitpid indicates the given pid */
+/* revent EV_CHILD */
+/* does not support priorities */
+typedef struct ev_child
+{
+  EV_WATCHER_LIST (ev_child)
+
+  int flags;   /* private */
+  int pid;     /* ro */
+  int rpid;    /* rw, holds the received pid */
+  int rstatus; /* rw, holds the exit status, use the macros from sys/wait.h */
+} ev_child;
+
+#if EV_STAT_ENABLE
+/* st_nlink = 0 means missing file or other error */
+# ifdef _WIN32
+typedef struct _stati64 ev_statdata;
+# else
+typedef struct stat ev_statdata;
+# endif
+
+/* invoked each time the stat data changes for a given path */
+/* revent EV_STAT */
+typedef struct ev_stat
+{
+  EV_WATCHER_LIST (ev_stat)
+
+  ev_timer timer;     /* private */
+  ev_tstamp interval; /* ro */
+  const char *path;   /* ro */
+  ev_statdata prev;   /* ro */
+  ev_statdata attr;   /* ro */
+
+  int wd; /* wd for inotify, fd for kqueue */
+} ev_stat;
+#endif
+
+/* invoked when the nothing else needs to be done, keeps the process from blocking */
+/* revent EV_IDLE */
+typedef struct ev_idle
+{
+  EV_WATCHER (ev_idle)
+} ev_idle;
+
+/* invoked for each run of the mainloop, just before the blocking call */
+/* you can still change events in any way you like */
+/* revent EV_PREPARE */
+typedef struct ev_prepare
+{
+  EV_WATCHER (ev_prepare)
+} ev_prepare;
+
+/* invoked for each run of the mainloop, just after the blocking call */
+/* revent EV_CHECK */
+typedef struct ev_check
+{
+  EV_WATCHER (ev_check)
+} ev_check;
+
+/* the callback gets invoked before check in the child process when a fork was detected */
+/* revent EV_FORK */
+typedef struct ev_fork
+{
+  EV_WATCHER (ev_fork)
+} ev_fork;
+
+/* is invoked just before the loop gets destroyed */
+/* revent EV_CLEANUP */
+typedef struct ev_cleanup
+{
+  EV_WATCHER (ev_cleanup)
+} ev_cleanup;
+
+#if EV_EMBED_ENABLE
+/* used to embed an event loop inside another */
+/* the callback gets invoked when the event loop has handled events, and can be 0 */
+typedef struct ev_embed
+{
+  EV_WATCHER (ev_embed)
+
+  struct ev_loop *other; /* ro */
+#undef EV_IO_ENABLE
+#define EV_IO_ENABLE 1
+  ev_io io;              /* private */
+#undef EV_PREPARE_ENABLE
+#define EV_PREPARE_ENABLE 1
+  ev_prepare prepare;    /* private */
+  ev_check check;        /* unused */
+  ev_timer timer;        /* unused */
+  ev_periodic periodic;  /* unused */
+  ev_idle idle;          /* unused */
+  ev_fork fork;          /* private */
+  ev_cleanup cleanup;    /* unused */
+} ev_embed;
+#endif
+
+#if EV_ASYNC_ENABLE
+/* invoked when somebody calls ev_async_send on the watcher */
+/* revent EV_ASYNC */
+typedef struct ev_async
+{
+  EV_WATCHER (ev_async)
+
+  EV_ATOMIC_T sent; /* private */
+} ev_async;
+
+# define ev_async_pending(w) (+(w)->sent)
+#endif
+
+/* the presence of this union forces similar struct layout */
+union ev_any_watcher
+{
+  struct ev_watcher w;
+  struct ev_watcher_list wl;
+
+  struct ev_io io;
+  struct ev_timer timer;
+  struct ev_periodic periodic;
+  struct ev_signal signal;
+  struct ev_child child;
+#if EV_STAT_ENABLE
+  struct ev_stat stat;
+#endif
+#if EV_IDLE_ENABLE
+  struct ev_idle idle;
+#endif
+  struct ev_prepare prepare;
+  struct ev_check check;
+#if EV_FORK_ENABLE
+  struct ev_fork fork;
+#endif
+#if EV_CLEANUP_ENABLE
+  struct ev_cleanup cleanup;
+#endif
+#if EV_EMBED_ENABLE
+  struct ev_embed embed;
+#endif
+#if EV_ASYNC_ENABLE
+  struct ev_async async;
+#endif
+};
+
+/* flag bits for ev_default_loop and ev_loop_new */
+enum {
+  /* the default */
+  EVFLAG_AUTO       = 0x00000000U, /* not quite a mask */
+  /* flag bits */
+  EVFLAG_NOENV      = 0x01000000U, /* do NOT consult environment */
+  EVFLAG_FORKCHECK  = 0x02000000U, /* check for a fork in each iteration */
+  /* debugging/feature disable */
+  EVFLAG_NOINOTIFY  = 0x00100000U, /* do not attempt to use inotify */
+#if EV_COMPAT3
+  EVFLAG_NOSIGFD    = 0, /* compatibility to pre-3.9 */
+#endif
+  EVFLAG_SIGNALFD   = 0x00200000U, /* attempt to use signalfd */
+  EVFLAG_NOSIGMASK  = 0x00400000U, /* avoid modifying the signal mask */
+  EVFLAG_NOTIMERFD  = 0x00800000U  /* avoid creating a timerfd */
+};
+
+/* method bits to be ored together */
+enum {
+  EVBACKEND_SELECT   = 0x00000001U, /* available just about anywhere */
+  EVBACKEND_POLL     = 0x00000002U, /* !win, !aix, broken on osx */
+  EVBACKEND_EPOLL    = 0x00000004U, /* linux */
+  EVBACKEND_KQUEUE   = 0x00000008U, /* bsd, broken on osx */
+  EVBACKEND_DEVPOLL  = 0x00000010U, /* solaris 8 */ /* NYI */
+  EVBACKEND_PORT     = 0x00000020U, /* solaris 10 */
+  EVBACKEND_LINUXAIO = 0x00000040U, /* linux AIO, 4.19+ */
+  EVBACKEND_IOURING  = 0x00000080U, /* linux io_uring, 5.1+ */
+  EVBACKEND_ALL      = 0x000000FFU, /* all known backends */
+  EVBACKEND_MASK     = 0x0000FFFFU  /* all future backends */
+};
+
+#if EV_PROTOTYPES
+EV_API_DECL int ev_version_major (void) EV_NOEXCEPT;
+EV_API_DECL int ev_version_minor (void) EV_NOEXCEPT;
+
+EV_API_DECL unsigned int ev_supported_backends (void) EV_NOEXCEPT;
+EV_API_DECL unsigned int ev_recommended_backends (void) EV_NOEXCEPT;
+EV_API_DECL unsigned int ev_embeddable_backends (void) EV_NOEXCEPT;
+
+EV_API_DECL ev_tstamp ev_time (void) EV_NOEXCEPT;
+EV_API_DECL void ev_sleep (ev_tstamp delay) EV_NOEXCEPT; /* sleep for a while */
+
+/* Sets the allocation function to use, works like realloc.
+ * It is used to allocate and free memory.
+ * If it returns zero when memory needs to be allocated, the library might abort
+ * or take some potentially destructive action.
+ * The default is your system realloc function.
+ */
+EV_API_DECL void ev_set_allocator (void *(*cb)(void *ptr, long size) EV_NOEXCEPT) EV_NOEXCEPT;
+
+/* set the callback function to call on a
+ * retryable syscall error
+ * (such as failed select, poll, epoll_wait)
+ */
+EV_API_DECL void ev_set_syserr_cb (void (*cb)(const char *msg) EV_NOEXCEPT) EV_NOEXCEPT;
+
+#if EV_MULTIPLICITY
+
+/* the default loop is the only one that handles signals and child watchers */
+/* you can call this as often as you like */
+EV_API_DECL struct ev_loop *ev_default_loop (unsigned int flags EV_CPP (= 0)) EV_NOEXCEPT;
+
+#ifdef EV_API_STATIC
+EV_API_DECL struct ev_loop *ev_default_loop_ptr;
+#endif
+
+EV_INLINE struct ev_loop *
+ev_default_loop_uc_ (void) EV_NOEXCEPT
+{
+  extern struct ev_loop *ev_default_loop_ptr;
+
+  return ev_default_loop_ptr;
+}
+
+EV_INLINE int
+ev_is_default_loop (EV_P) EV_NOEXCEPT
+{
+  return EV_A == EV_DEFAULT_UC;
+}
+
+/* create and destroy alternative loops that don't handle signals */
+EV_API_DECL struct ev_loop *ev_loop_new (unsigned int flags EV_CPP (= 0)) EV_NOEXCEPT;
+
+EV_API_DECL ev_tstamp ev_now (EV_P) EV_NOEXCEPT; /* time w.r.t. timers and the eventloop, updated after each poll */
+
+#else
+
+EV_API_DECL int ev_default_loop (unsigned int flags EV_CPP (= 0)) EV_NOEXCEPT; /* returns true when successful */
+
+EV_API_DECL ev_tstamp ev_rt_now;
+
+EV_INLINE ev_tstamp
+ev_now (void) EV_NOEXCEPT
+{
+  return ev_rt_now;
+}
+
+/* looks weird, but ev_is_default_loop (EV_A) still works if this exists */
+EV_INLINE int
+ev_is_default_loop (void) EV_NOEXCEPT
+{
+  return 1;
+}
+
+#endif /* multiplicity */
+
+/* destroy event loops, also works for the default loop */
+EV_API_DECL void ev_loop_destroy (EV_P);
+
+/* this needs to be called after fork, to duplicate the loop */
+/* when you want to re-use it in the child */
+/* you can call it in either the parent or the child */
+/* you can actually call it at any time, anywhere :) */
+EV_API_DECL void ev_loop_fork (EV_P) EV_NOEXCEPT;
+
+EV_API_DECL unsigned int ev_backend (EV_P) EV_NOEXCEPT; /* backend in use by loop */
+
+EV_API_DECL void ev_now_update (EV_P) EV_NOEXCEPT; /* update event loop time */
+
+#if EV_WALK_ENABLE
+/* walk (almost) all watchers in the loop of a given type, invoking the */
+/* callback on every such watcher. The callback might stop the watcher, */
+/* but do nothing else with the loop */
+EV_API_DECL void ev_walk (EV_P_ int types, void (*cb)(EV_P_ int type, void *w)) EV_NOEXCEPT;
+#endif
+
+#endif /* prototypes */
+
+/* ev_run flags values */
+enum {
+  EVRUN_NOWAIT = 1, /* do not block/wait */
+  EVRUN_ONCE   = 2  /* block *once* only */
+};
+
+/* ev_break how values */
+enum {
+  EVBREAK_CANCEL = 0, /* undo unloop */
+  EVBREAK_ONE    = 1, /* unloop once */
+  EVBREAK_ALL    = 2  /* unloop all loops */
+};
+
+#if EV_PROTOTYPES
+EV_API_DECL int  ev_run (EV_P_ int flags EV_CPP (= 0));
+EV_API_DECL void ev_break (EV_P_ int how EV_CPP (= EVBREAK_ONE)) EV_NOEXCEPT; /* break out of the loop */
+
+/*
+ * ref/unref can be used to add or remove a refcount on the mainloop. every watcher
+ * keeps one reference. if you have a long-running watcher you never unregister that
+ * should not keep ev_loop from running, unref() after starting, and ref() before stopping.
+ */
+EV_API_DECL void ev_ref   (EV_P) EV_NOEXCEPT;
+EV_API_DECL void ev_unref (EV_P) EV_NOEXCEPT;
+
+/*
+ * convenience function, wait for a single event, without registering an event watcher
+ * if timeout is < 0, do wait indefinitely
+ */
+EV_API_DECL void ev_once (EV_P_ int fd, int events, ev_tstamp timeout, void (*cb)(int revents, void *arg), void *arg) EV_NOEXCEPT;
+
+EV_API_DECL void ev_invoke_pending (EV_P); /* invoke all pending watchers */
+
+# if EV_FEATURE_API
+EV_API_DECL unsigned int ev_iteration (EV_P) EV_NOEXCEPT; /* number of loop iterations */
+EV_API_DECL unsigned int ev_depth     (EV_P) EV_NOEXCEPT; /* #ev_loop enters - #ev_loop leaves */
+EV_API_DECL void         ev_verify    (EV_P) EV_NOEXCEPT; /* abort if loop data corrupted */
+
+EV_API_DECL void ev_set_io_collect_interval (EV_P_ ev_tstamp interval) EV_NOEXCEPT; /* sleep at least this time, default 0 */
+EV_API_DECL void ev_set_timeout_collect_interval (EV_P_ ev_tstamp interval) EV_NOEXCEPT; /* sleep at least this time, default 0 */
+
+/* advanced stuff for threading etc. support, see docs */
+EV_API_DECL void ev_set_userdata (EV_P_ void *data) EV_NOEXCEPT;
+EV_API_DECL void *ev_userdata (EV_P) EV_NOEXCEPT;
+typedef void (*ev_loop_callback)(EV_P);
+EV_API_DECL void ev_set_invoke_pending_cb (EV_P_ ev_loop_callback invoke_pending_cb) EV_NOEXCEPT;
+/* C++ doesn't allow the use of the ev_loop_callback typedef here, so we need to spell it out */
+EV_API_DECL void ev_set_loop_release_cb (EV_P_ void (*release)(EV_P) EV_NOEXCEPT, void (*acquire)(EV_P) EV_NOEXCEPT) EV_NOEXCEPT;
+
+EV_API_DECL unsigned int ev_pending_count (EV_P) EV_NOEXCEPT; /* number of pending events, if any */
+
+/*
+ * stop/start the timer handling.
+ */
+EV_API_DECL void ev_suspend (EV_P) EV_NOEXCEPT;
+EV_API_DECL void ev_resume  (EV_P) EV_NOEXCEPT;
+#endif
+
+#endif
+
+/* these may evaluate ev multiple times, and the other arguments at most once */
+/* either use ev_init + ev_TYPE_set, or the ev_TYPE_init macro, below, to first initialise a watcher */
+#define ev_init(ev,cb_) do {			\
+  ((ev_watcher *)(void *)(ev))->active  =	\
+  ((ev_watcher *)(void *)(ev))->pending = 0;	\
+  ev_set_priority ((ev), 0);			\
+  ev_set_cb ((ev), cb_);			\
+} while (0)
+
+#define ev_io_modify(ev,events_)             do { (ev)->events = (ev)->events & EV__IOFDSET | (events_); } while (0)
+#define ev_io_set(ev,fd_,events_)            do { (ev)->fd = (fd_); (ev)->events = (events_) | EV__IOFDSET; } while (0)
+#define ev_timer_set(ev,after_,repeat_)      do { ((ev_watcher_time *)(ev))->at = (after_); (ev)->repeat = (repeat_); } while (0)
+#define ev_periodic_set(ev,ofs_,ival_,rcb_)  do { (ev)->offset = (ofs_); (ev)->interval = (ival_); (ev)->reschedule_cb = (rcb_); } while (0)
+#define ev_signal_set(ev,signum_)            do { (ev)->signum = (signum_); } while (0)
+#define ev_child_set(ev,pid_,trace_)         do { (ev)->pid = (pid_); (ev)->flags = !!(trace_); } while (0)
+#define ev_stat_set(ev,path_,interval_)      do { (ev)->path = (path_); (ev)->interval = (interval_); (ev)->wd = -2; } while (0)
+#define ev_idle_set(ev)                      /* nop, yes, this is a serious in-joke */
+#define ev_prepare_set(ev)                   /* nop, yes, this is a serious in-joke */
+#define ev_check_set(ev)                     /* nop, yes, this is a serious in-joke */
+#define ev_embed_set(ev,other_)              do { (ev)->other = (other_); } while (0)
+#define ev_fork_set(ev)                      /* nop, yes, this is a serious in-joke */
+#define ev_cleanup_set(ev)                   /* nop, yes, this is a serious in-joke */
+#define ev_async_set(ev)                     /* nop, yes, this is a serious in-joke */
+
+#define ev_io_init(ev,cb,fd,events)          do { ev_init ((ev), (cb)); ev_io_set ((ev),(fd),(events)); } while (0)
+#define ev_timer_init(ev,cb,after,repeat)    do { ev_init ((ev), (cb)); ev_timer_set ((ev),(after),(repeat)); } while (0)
+#define ev_periodic_init(ev,cb,ofs,ival,rcb) do { ev_init ((ev), (cb)); ev_periodic_set ((ev),(ofs),(ival),(rcb)); } while (0)
+#define ev_signal_init(ev,cb,signum)         do { ev_init ((ev), (cb)); ev_signal_set ((ev), (signum)); } while (0)
+#define ev_child_init(ev,cb,pid,trace)       do { ev_init ((ev), (cb)); ev_child_set ((ev),(pid),(trace)); } while (0)
+#define ev_stat_init(ev,cb,path,interval)    do { ev_init ((ev), (cb)); ev_stat_set ((ev),(path),(interval)); } while (0)
+#define ev_idle_init(ev,cb)                  do { ev_init ((ev), (cb)); ev_idle_set ((ev)); } while (0)
+#define ev_prepare_init(ev,cb)               do { ev_init ((ev), (cb)); ev_prepare_set ((ev)); } while (0)
+#define ev_check_init(ev,cb)                 do { ev_init ((ev), (cb)); ev_check_set ((ev)); } while (0)
+#define ev_embed_init(ev,cb,other)           do { ev_init ((ev), (cb)); ev_embed_set ((ev),(other)); } while (0)
+#define ev_fork_init(ev,cb)                  do { ev_init ((ev), (cb)); ev_fork_set ((ev)); } while (0)
+#define ev_cleanup_init(ev,cb)               do { ev_init ((ev), (cb)); ev_cleanup_set ((ev)); } while (0)
+#define ev_async_init(ev,cb)                 do { ev_init ((ev), (cb)); ev_async_set ((ev)); } while (0)
+
+#define ev_is_pending(ev)                    (0 + ((ev_watcher *)(void *)(ev))->pending) /* ro, true when watcher is waiting for callback invocation */
+#define ev_is_active(ev)                     (0 + ((ev_watcher *)(void *)(ev))->active) /* ro, true when the watcher has been started */
+
+#define ev_cb_(ev)                           (ev)->cb /* rw */
+#define ev_cb(ev)                            (memmove (&ev_cb_ (ev), &((ev_watcher *)(ev))->cb, sizeof (ev_cb_ (ev))), (ev)->cb)
+
+#if EV_MINPRI == EV_MAXPRI
+# define ev_priority(ev)                     ((ev), EV_MINPRI)
+# define ev_set_priority(ev,pri)             ((ev), (pri))
+#else
+# define ev_priority(ev)                     (+(((ev_watcher *)(void *)(ev))->priority))
+# define ev_set_priority(ev,pri)             (   (ev_watcher *)(void *)(ev))->priority = (pri)
+#endif
+
+#define ev_periodic_at(ev)                   (+((ev_watcher_time *)(ev))->at)
+
+#ifndef ev_set_cb
+/* memmove is used here to avoid strict aliasing violations, and hopefully is optimized out by any reasonable compiler */
+# define ev_set_cb(ev,cb_)                   (ev_cb_ (ev) = (cb_), memmove (&((ev_watcher *)(ev))->cb, &ev_cb_ (ev), sizeof (ev_cb_ (ev))))
+#endif
+
+/* stopping (enabling, adding) a watcher does nothing if it is already running */
+/* stopping (disabling, deleting) a watcher does nothing unless it's already running */
+#if EV_PROTOTYPES
+
+/* feeds an event into a watcher as if the event actually occurred */
+/* accepts any ev_watcher type */
+EV_API_DECL void ev_feed_event     (EV_P_ void *w, int revents) EV_NOEXCEPT;
+EV_API_DECL void ev_feed_fd_event  (EV_P_ int fd, int revents) EV_NOEXCEPT;
+#if EV_SIGNAL_ENABLE
+EV_API_DECL void ev_feed_signal    (int signum) EV_NOEXCEPT;
+EV_API_DECL void ev_feed_signal_event (EV_P_ int signum) EV_NOEXCEPT;
+#endif
+EV_API_DECL void ev_invoke         (EV_P_ void *w, int revents);
+EV_API_DECL int  ev_clear_pending  (EV_P_ void *w) EV_NOEXCEPT;
+
+EV_API_DECL void ev_io_start       (EV_P_ ev_io *w) EV_NOEXCEPT;
+EV_API_DECL void ev_io_stop        (EV_P_ ev_io *w) EV_NOEXCEPT;
+
+EV_API_DECL void ev_timer_start    (EV_P_ ev_timer *w) EV_NOEXCEPT;
+EV_API_DECL void ev_timer_stop     (EV_P_ ev_timer *w) EV_NOEXCEPT;
+/* stops if active and no repeat, restarts if active and repeating, starts if inactive and repeating */
+EV_API_DECL void ev_timer_again    (EV_P_ ev_timer *w) EV_NOEXCEPT;
+/* return remaining time */
+EV_API_DECL ev_tstamp ev_timer_remaining (EV_P_ ev_timer *w) EV_NOEXCEPT;
+
+#if EV_PERIODIC_ENABLE
+EV_API_DECL void ev_periodic_start (EV_P_ ev_periodic *w) EV_NOEXCEPT;
+EV_API_DECL void ev_periodic_stop  (EV_P_ ev_periodic *w) EV_NOEXCEPT;
+EV_API_DECL void ev_periodic_again (EV_P_ ev_periodic *w) EV_NOEXCEPT;
+#endif
+
+/* only supported in the default loop */
+#if EV_SIGNAL_ENABLE
+EV_API_DECL void ev_signal_start   (EV_P_ ev_signal *w) EV_NOEXCEPT;
+EV_API_DECL void ev_signal_stop    (EV_P_ ev_signal *w) EV_NOEXCEPT;
+#endif
+
+/* only supported in the default loop */
+# if EV_CHILD_ENABLE
+EV_API_DECL void ev_child_start    (EV_P_ ev_child *w) EV_NOEXCEPT;
+EV_API_DECL void ev_child_stop     (EV_P_ ev_child *w) EV_NOEXCEPT;
+# endif
+
+# if EV_STAT_ENABLE
+EV_API_DECL void ev_stat_start     (EV_P_ ev_stat *w) EV_NOEXCEPT;
+EV_API_DECL void ev_stat_stop      (EV_P_ ev_stat *w) EV_NOEXCEPT;
+EV_API_DECL void ev_stat_stat      (EV_P_ ev_stat *w) EV_NOEXCEPT;
+# endif
+
+# if EV_IDLE_ENABLE
+EV_API_DECL void ev_idle_start     (EV_P_ ev_idle *w) EV_NOEXCEPT;
+EV_API_DECL void ev_idle_stop      (EV_P_ ev_idle *w) EV_NOEXCEPT;
+# endif
+
+#if EV_PREPARE_ENABLE
+EV_API_DECL void ev_prepare_start  (EV_P_ ev_prepare *w) EV_NOEXCEPT;
+EV_API_DECL void ev_prepare_stop   (EV_P_ ev_prepare *w) EV_NOEXCEPT;
+#endif
+
+#if EV_CHECK_ENABLE
+EV_API_DECL void ev_check_start    (EV_P_ ev_check *w) EV_NOEXCEPT;
+EV_API_DECL void ev_check_stop     (EV_P_ ev_check *w) EV_NOEXCEPT;
+#endif
+
+# if EV_FORK_ENABLE
+EV_API_DECL void ev_fork_start     (EV_P_ ev_fork *w) EV_NOEXCEPT;
+EV_API_DECL void ev_fork_stop      (EV_P_ ev_fork *w) EV_NOEXCEPT;
+# endif
+
+# if EV_CLEANUP_ENABLE
+EV_API_DECL void ev_cleanup_start  (EV_P_ ev_cleanup *w) EV_NOEXCEPT;
+EV_API_DECL void ev_cleanup_stop   (EV_P_ ev_cleanup *w) EV_NOEXCEPT;
+# endif
+
+# if EV_EMBED_ENABLE
+/* only supported when loop to be embedded is in fact embeddable */
+EV_API_DECL void ev_embed_start    (EV_P_ ev_embed *w) EV_NOEXCEPT;
+EV_API_DECL void ev_embed_stop     (EV_P_ ev_embed *w) EV_NOEXCEPT;
+EV_API_DECL void ev_embed_sweep    (EV_P_ ev_embed *w) EV_NOEXCEPT;
+# endif
+
+# if EV_ASYNC_ENABLE
+EV_API_DECL void ev_async_start    (EV_P_ ev_async *w) EV_NOEXCEPT;
+EV_API_DECL void ev_async_stop     (EV_P_ ev_async *w) EV_NOEXCEPT;
+EV_API_DECL void ev_async_send     (EV_P_ ev_async *w) EV_NOEXCEPT;
+# endif
+
+#if EV_COMPAT3
+  #define EVLOOP_NONBLOCK EVRUN_NOWAIT
+  #define EVLOOP_ONESHOT  EVRUN_ONCE
+  #define EVUNLOOP_CANCEL EVBREAK_CANCEL
+  #define EVUNLOOP_ONE    EVBREAK_ONE
+  #define EVUNLOOP_ALL    EVBREAK_ALL
+  #if EV_PROTOTYPES
+    EV_INLINE void ev_loop   (EV_P_ int flags) { ev_run   (EV_A_ flags); }
+    EV_INLINE void ev_unloop (EV_P_ int how  ) { ev_break (EV_A_ how  ); }
+    EV_INLINE void ev_default_destroy (void) { ev_loop_destroy (EV_DEFAULT); }
+    EV_INLINE void ev_default_fork    (void) { ev_loop_fork    (EV_DEFAULT); }
+    #if EV_FEATURE_API
+      EV_INLINE unsigned int ev_loop_count  (EV_P) { return ev_iteration  (EV_A); }
+      EV_INLINE unsigned int ev_loop_depth  (EV_P) { return ev_depth      (EV_A); }
+      EV_INLINE void         ev_loop_verify (EV_P) {        ev_verify     (EV_A); }
+    #endif
+  #endif
+#else
+  typedef struct ev_loop ev_loop;
+#endif
+
+#endif
+
+EV_CPP(})
+
+#endif
+
diff --git a/client/3rd/ShadowSocks/ShadowSocks/libev/arm64/include/event.h b/client/3rd/ShadowSocks/ShadowSocks/libev/arm64/include/event.h
new file mode 100644
index 00000000..aa81928f
--- /dev/null
+++ b/client/3rd/ShadowSocks/ShadowSocks/libev/arm64/include/event.h
@@ -0,0 +1,177 @@
+/*
+ * libevent compatibility header, only core events supported
+ *
+ * Copyright (c) 2007,2008,2010,2012 Marc Alexander Lehmann <libev@schmorp.de>
+ * All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without modifica-
+ * tion, are permitted provided that the following conditions are met:
+ *
+ *   1.  Redistributions of source code must retain the above copyright notice,
+ *       this list of conditions and the following disclaimer.
+ *
+ *   2.  Redistributions in binary form must reproduce the above copyright
+ *       notice, this list of conditions and the following disclaimer in the
+ *       documentation and/or other materials provided with the distribution.
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE AUTHOR ``AS IS'' AND ANY EXPRESS OR IMPLIED
+ * WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MER-
+ * CHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED.  IN NO
+ * EVENT SHALL THE AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPE-
+ * CIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO,
+ * PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS;
+ * OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY,
+ * WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTH-
+ * ERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
+ * OF THE POSSIBILITY OF SUCH DAMAGE.
+ *
+ * Alternatively, the contents of this file may be used under the terms of
+ * the GNU General Public License ("GPL") version 2 or any later version,
+ * in which case the provisions of the GPL are applicable instead of
+ * the above. If you wish to allow the use of your version of this file
+ * only under the terms of the GPL and not to allow others to use your
+ * version of this file under the BSD license, indicate your decision
+ * by deleting the provisions above and replace them with the notice
+ * and other provisions required by the GPL. If you do not delete the
+ * provisions above, a recipient may use your version of this file under
+ * either the BSD or the GPL.
+ */
+
+#ifndef EVENT_H_
+#define EVENT_H_
+
+#ifdef EV_H
+# include EV_H
+#else
+# include "ev.h"
+#endif
+
+#ifndef EVLOOP_NONBLOCK
+# define EVLOOP_NONBLOCK EVRUN_NOWAIT
+#endif
+#ifndef EVLOOP_ONESHOT
+# define EVLOOP_ONESHOT EVRUN_ONCE
+#endif
+#ifndef EV_TIMEOUT
+# define EV_TIMEOUT EV_TIMER
+#endif
+
+#ifdef __cplusplus
+extern "C" {
+#endif
+
+/* we need sys/time.h for struct timeval only */
+#if !defined (WIN32) || defined (__MINGW32__)
+# include <time.h> /* mingw seems to need this, for whatever reason */
+# include <sys/time.h>
+#endif
+
+struct event_base;
+
+#define EVLIST_TIMEOUT  0x01
+#define EVLIST_INSERTED 0x02
+#define EVLIST_SIGNAL   0x04
+#define EVLIST_ACTIVE   0x08
+#define EVLIST_INTERNAL 0x10
+#define EVLIST_INIT     0x80
+
+typedef void (*event_callback_fn)(int, short, void *);
+
+struct event
+{
+  /* libev watchers we map onto */
+  union {
+    struct ev_io io;
+    struct ev_signal sig;
+  } iosig;
+  struct ev_timer to;
+
+  /* compatibility slots */
+  struct event_base *ev_base;
+  event_callback_fn ev_callback;
+  void *ev_arg;
+  int ev_fd;
+  int ev_pri;
+  int ev_res;
+  int ev_flags;
+  short ev_events;
+};
+
+event_callback_fn event_get_callback (const struct event *ev);
+
+#define EV_READ                    EV_READ
+#define EV_WRITE                   EV_WRITE
+#define EV_PERSIST                 0x10
+#define EV_ET                      0x20 /* nop */
+
+#define EVENT_SIGNAL(ev)           ((int) (ev)->ev_fd)
+#define EVENT_FD(ev)               ((int) (ev)->ev_fd)
+
+#define event_initialized(ev)      ((ev)->ev_flags & EVLIST_INIT)
+
+#define evtimer_add(ev,tv)         event_add (ev, tv)
+#define evtimer_set(ev,cb,data)    event_set (ev, -1, 0, cb, data)
+#define evtimer_del(ev)            event_del (ev)
+#define evtimer_pending(ev,tv)     event_pending (ev, EV_TIMEOUT, tv)
+#define evtimer_initialized(ev)    event_initialized (ev)
+
+#define timeout_add(ev,tv)         evtimer_add (ev, tv)
+#define timeout_set(ev,cb,data)    evtimer_set (ev, cb, data)
+#define timeout_del(ev)            evtimer_del (ev)
+#define timeout_pending(ev,tv)     evtimer_pending (ev, tv)
+#define timeout_initialized(ev)    evtimer_initialized (ev)
+
+#define signal_add(ev,tv)          event_add (ev, tv)
+#define signal_set(ev,sig,cb,data) event_set (ev, sig, EV_SIGNAL | EV_PERSIST, cb, data)
+#define signal_del(ev)             event_del (ev)
+#define signal_pending(ev,tv)      event_pending (ev, EV_SIGNAL, tv)
+#define signal_initialized(ev)     event_initialized (ev)
+
+const char *event_get_version (void);
+const char *event_get_method (void);
+
+void *event_init (void);
+void event_base_free (struct event_base *base);
+
+#define EVLOOP_ONCE      EVLOOP_ONESHOT
+int event_loop (int);
+int event_loopexit (struct timeval *tv);
+int event_dispatch (void);
+
+#define _EVENT_LOG_DEBUG 0
+#define _EVENT_LOG_MSG   1
+#define _EVENT_LOG_WARN  2
+#define _EVENT_LOG_ERR   3
+typedef void (*event_log_cb)(int severity, const char *msg);
+void event_set_log_callback(event_log_cb cb);
+
+void event_set (struct event *ev, int fd, short events, void (*cb)(int, short, void *), void *arg);
+int event_once (int fd, short events, void (*cb)(int, short, void *), void *arg, struct timeval *tv);
+
+int event_add (struct event *ev, struct timeval *tv);
+int event_del (struct event *ev);
+void event_active (struct event *ev, int res, short ncalls); /* ncalls is being ignored */
+
+int event_pending (struct event *ev, short, struct timeval *tv);
+
+int event_priority_init (int npri);
+int event_priority_set (struct event *ev, int pri);
+
+struct event_base *event_base_new (void);
+const char *event_base_get_method (const struct event_base *);
+int event_base_set (struct event_base *base, struct event *ev);
+int event_base_loop (struct event_base *base, int);
+int event_base_loopexit (struct event_base *base, struct timeval *tv);
+int event_base_dispatch (struct event_base *base);
+int event_base_once (struct event_base *base, int fd, short events, void (*cb)(int, short, void *), void *arg, struct timeval *tv);
+int event_base_priority_init (struct event_base *base, int fd);
+
+/* next line is different in the libevent+libev version */
+/*libevent-include*/
+
+#ifdef __cplusplus
+}
+#endif
+
+#endif
+
diff --git a/client/3rd/ShadowSocks/ShadowSocks/libev/arm64/lib/libev.a b/client/3rd/ShadowSocks/ShadowSocks/libev/arm64/lib/libev.a
new file mode 100644
index 00000000..e5f098b3
Binary files /dev/null and b/client/3rd/ShadowSocks/ShadowSocks/libev/arm64/lib/libev.a differ
diff --git a/client/3rd/ShadowSocks/ShadowSocks/libev/arm64/lib/libev.la b/client/3rd/ShadowSocks/ShadowSocks/libev/arm64/lib/libev.la
new file mode 100755
index 00000000..f1daa889
--- /dev/null
+++ b/client/3rd/ShadowSocks/ShadowSocks/libev/arm64/lib/libev.la
@@ -0,0 +1,41 @@
+# libev.la - a libtool library file
+# Generated by libtool (GNU libtool) 2.4.6 Debian-2.4.6-9
+#
+# Please DO NOT delete this file!
+# It is necessary for linking the library.
+
+# The name that we can dlopen(3).
+dlname=''
+
+# Names of this library.
+library_names=''
+
+# The name of the static archive.
+old_library='libev.a'
+
+# Linker flags that cannot go in dependency_libs.
+inherited_linker_flags=' '
+
+# Libraries that this one depends upon.
+dependency_libs=' -L/Applications/Xcode.app/Contents/Developer/Platforms/iPhoneOS.platform/Developer/SDKs/iPhoneOS15.2.sdk/usr/lib'
+
+# Names of additional weak libraries provided by this library
+weak_library_names=''
+
+# Version information for libev.
+current=4
+age=0
+revision=0
+
+# Is this an already installed library?
+installed=yes
+
+# Should we warn about portability when linking against -modules?
+shouldnotlink=no
+
+# Files to dlopen/dlpreopen
+dlopen=''
+dlpreopen=''
+
+# Directory that this library needs to be installed in:
+libdir='/Users/sanchez/work/vied/ios/vpn/playground/ss-libev-build/ShadowSocks-libev-iOS/ShadowSocks-libev-iOS/libev/libev/arm64/lib'
diff --git a/client/3rd/ShadowSocks/ShadowSocks/libev/arm64/share/man/man3/ev.3 b/client/3rd/ShadowSocks/ShadowSocks/libev/arm64/share/man/man3/ev.3
new file mode 100644
index 00000000..af578f0b
--- /dev/null
+++ b/client/3rd/ShadowSocks/ShadowSocks/libev/arm64/share/man/man3/ev.3
@@ -0,0 +1,5819 @@
+.\" Automatically generated by Pod::Man 4.11 (Pod::Simple 3.35)
+.\"
+.\" Standard preamble:
+.\" ========================================================================
+.de Sp \" Vertical space (when we can't use .PP)
+.if t .sp .5v
+.if n .sp
+..
+.de Vb \" Begin verbatim text
+.ft CW
+.nf
+.ne \\$1
+..
+.de Ve \" End verbatim text
+.ft R
+.fi
+..
+.\" Set up some character translations and predefined strings.  \*(-- will
+.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left
+.\" double quote, and \*(R" will give a right double quote.  \*(C+ will
+.\" give a nicer C++.  Capital omega is used to do unbreakable dashes and
+.\" therefore won't be available.  \*(C` and \*(C' expand to `' in nroff,
+.\" nothing in troff, for use with C<>.
+.tr \(*W-
+.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p'
+.ie n \{\
+.    ds -- \(*W-
+.    ds PI pi
+.    if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch
+.    if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\"  diablo 12 pitch
+.    ds L" ""
+.    ds R" ""
+.    ds C` ""
+.    ds C' ""
+'br\}
+.el\{\
+.    ds -- \|\(em\|
+.    ds PI \(*p
+.    ds L" ``
+.    ds R" ''
+.    ds C`
+.    ds C'
+'br\}
+.\"
+.\" Escape single quotes in literal strings from groff's Unicode transform.
+.ie \n(.g .ds Aq \(aq
+.el       .ds Aq '
+.\"
+.\" If the F register is >0, we'll generate index entries on stderr for
+.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index
+.\" entries marked with X<> in POD.  Of course, you'll have to process the
+.\" output yourself in some meaningful fashion.
+.\"
+.\" Avoid warning from groff about undefined register 'F'.
+.de IX
+..
+.nr rF 0
+.if \n(.g .if rF .nr rF 1
+.if (\n(rF:(\n(.g==0)) \{\
+.    if \nF \{\
+.        de IX
+.        tm Index:\\$1\t\\n%\t"\\$2"
+..
+.        if !\nF==2 \{\
+.            nr % 0
+.            nr F 2
+.        \}
+.    \}
+.\}
+.rr rF
+.\"
+.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2).
+.\" Fear.  Run.  Save yourself.  No user-serviceable parts.
+.    \" fudge factors for nroff and troff
+.if n \{\
+.    ds #H 0
+.    ds #V .8m
+.    ds #F .3m
+.    ds #[ \f1
+.    ds #] \fP
+.\}
+.if t \{\
+.    ds #H ((1u-(\\\\n(.fu%2u))*.13m)
+.    ds #V .6m
+.    ds #F 0
+.    ds #[ \&
+.    ds #] \&
+.\}
+.    \" simple accents for nroff and troff
+.if n \{\
+.    ds ' \&
+.    ds ` \&
+.    ds ^ \&
+.    ds , \&
+.    ds ~ ~
+.    ds /
+.\}
+.if t \{\
+.    ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u"
+.    ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u'
+.    ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u'
+.    ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u'
+.    ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u'
+.    ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u'
+.\}
+.    \" troff and (daisy-wheel) nroff accents
+.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V'
+.ds 8 \h'\*(#H'\(*b\h'-\*(#H'
+.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#]
+.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H'
+.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u'
+.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#]
+.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#]
+.ds ae a\h'-(\w'a'u*4/10)'e
+.ds Ae A\h'-(\w'A'u*4/10)'E
+.    \" corrections for vroff
+.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u'
+.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u'
+.    \" for low resolution devices (crt and lpr)
+.if \n(.H>23 .if \n(.V>19 \
+\{\
+.    ds : e
+.    ds 8 ss
+.    ds o a
+.    ds d- d\h'-1'\(ga
+.    ds D- D\h'-1'\(hy
+.    ds th \o'bp'
+.    ds Th \o'LP'
+.    ds ae ae
+.    ds Ae AE
+.\}
+.rm #[ #] #H #V #F C
+.\" ========================================================================
+.\"
+.IX Title "LIBEV 3"
+.TH LIBEV 3 "2020-03-12" "libev-4.31" "libev - high performance full featured event loop"
+.\" For nroff, turn off justification.  Always turn off hyphenation; it makes
+.\" way too many mistakes in technical documents.
+.if n .ad l
+.nh
+.SH "NAME"
+libev \- a high performance full\-featured event loop written in C
+.SH "SYNOPSIS"
+.IX Header "SYNOPSIS"
+.Vb 1
+\&   #include <ev.h>
+.Ve
+.SS "\s-1EXAMPLE PROGRAM\s0"
+.IX Subsection "EXAMPLE PROGRAM"
+.Vb 2
+\&   // a single header file is required
+\&   #include <ev.h>
+\&
+\&   #include <stdio.h> // for puts
+\&
+\&   // every watcher type has its own typedef\*(Aqd struct
+\&   // with the name ev_TYPE
+\&   ev_io stdin_watcher;
+\&   ev_timer timeout_watcher;
+\&
+\&   // all watcher callbacks have a similar signature
+\&   // this callback is called when data is readable on stdin
+\&   static void
+\&   stdin_cb (EV_P_ ev_io *w, int revents)
+\&   {
+\&     puts ("stdin ready");
+\&     // for one\-shot events, one must manually stop the watcher
+\&     // with its corresponding stop function.
+\&     ev_io_stop (EV_A_ w);
+\&
+\&     // this causes all nested ev_run\*(Aqs to stop iterating
+\&     ev_break (EV_A_ EVBREAK_ALL);
+\&   }
+\&
+\&   // another callback, this time for a time\-out
+\&   static void
+\&   timeout_cb (EV_P_ ev_timer *w, int revents)
+\&   {
+\&     puts ("timeout");
+\&     // this causes the innermost ev_run to stop iterating
+\&     ev_break (EV_A_ EVBREAK_ONE);
+\&   }
+\&
+\&   int
+\&   main (void)
+\&   {
+\&     // use the default event loop unless you have special needs
+\&     struct ev_loop *loop = EV_DEFAULT;
+\&
+\&     // initialise an io watcher, then start it
+\&     // this one will watch for stdin to become readable
+\&     ev_io_init (&stdin_watcher, stdin_cb, /*STDIN_FILENO*/ 0, EV_READ);
+\&     ev_io_start (loop, &stdin_watcher);
+\&
+\&     // initialise a timer watcher, then start it
+\&     // simple non\-repeating 5.5 second timeout
+\&     ev_timer_init (&timeout_watcher, timeout_cb, 5.5, 0.);
+\&     ev_timer_start (loop, &timeout_watcher);
+\&
+\&     // now wait for events to arrive
+\&     ev_run (loop, 0);
+\&
+\&     // break was called, so exit
+\&     return 0;
+\&   }
+.Ve
+.SH "ABOUT THIS DOCUMENT"
+.IX Header "ABOUT THIS DOCUMENT"
+This document documents the libev software package.
+.PP
+The newest version of this document is also available as an html-formatted
+web page you might find easier to navigate when reading it for the first
+time: <http://pod.tst.eu/http://cvs.schmorp.de/libev/ev.pod>.
+.PP
+While this document tries to be as complete as possible in documenting
+libev, its usage and the rationale behind its design, it is not a tutorial
+on event-based programming, nor will it introduce event-based programming
+with libev.
+.PP
+Familiarity with event based programming techniques in general is assumed
+throughout this document.
+.SH "WHAT TO READ WHEN IN A HURRY"
+.IX Header "WHAT TO READ WHEN IN A HURRY"
+This manual tries to be very detailed, but unfortunately, this also makes
+it very long. If you just want to know the basics of libev, I suggest
+reading \*(L"\s-1ANATOMY OF A WATCHER\*(R"\s0, then the \*(L"\s-1EXAMPLE PROGRAM\*(R"\s0 above and
+look up the missing functions in \*(L"\s-1GLOBAL FUNCTIONS\*(R"\s0 and the \f(CW\*(C`ev_io\*(C'\fR and
+\&\f(CW\*(C`ev_timer\*(C'\fR sections in \*(L"\s-1WATCHER TYPES\*(R"\s0.
+.SH "ABOUT LIBEV"
+.IX Header "ABOUT LIBEV"
+Libev is an event loop: you register interest in certain events (such as a
+file descriptor being readable or a timeout occurring), and it will manage
+these event sources and provide your program with events.
+.PP
+To do this, it must take more or less complete control over your process
+(or thread) by executing the \fIevent loop\fR handler, and will then
+communicate events via a callback mechanism.
+.PP
+You register interest in certain events by registering so-called \fIevent
+watchers\fR, which are relatively small C structures you initialise with the
+details of the event, and then hand it over to libev by \fIstarting\fR the
+watcher.
+.SS "\s-1FEATURES\s0"
+.IX Subsection "FEATURES"
+Libev supports \f(CW\*(C`select\*(C'\fR, \f(CW\*(C`poll\*(C'\fR, the Linux-specific aio and \f(CW\*(C`epoll\*(C'\fR
+interfaces, the BSD-specific \f(CW\*(C`kqueue\*(C'\fR and the Solaris-specific event port
+mechanisms for file descriptor events (\f(CW\*(C`ev_io\*(C'\fR), the Linux \f(CW\*(C`inotify\*(C'\fR
+interface (for \f(CW\*(C`ev_stat\*(C'\fR), Linux eventfd/signalfd (for faster and cleaner
+inter-thread wakeup (\f(CW\*(C`ev_async\*(C'\fR)/signal handling (\f(CW\*(C`ev_signal\*(C'\fR)) relative
+timers (\f(CW\*(C`ev_timer\*(C'\fR), absolute timers with customised rescheduling
+(\f(CW\*(C`ev_periodic\*(C'\fR), synchronous signals (\f(CW\*(C`ev_signal\*(C'\fR), process status
+change events (\f(CW\*(C`ev_child\*(C'\fR), and event watchers dealing with the event
+loop mechanism itself (\f(CW\*(C`ev_idle\*(C'\fR, \f(CW\*(C`ev_embed\*(C'\fR, \f(CW\*(C`ev_prepare\*(C'\fR and
+\&\f(CW\*(C`ev_check\*(C'\fR watchers) as well as file watchers (\f(CW\*(C`ev_stat\*(C'\fR) and even
+limited support for fork events (\f(CW\*(C`ev_fork\*(C'\fR).
+.PP
+It also is quite fast (see this
+benchmark <http://libev.schmorp.de/bench.html> comparing it to libevent
+for example).
+.SS "\s-1CONVENTIONS\s0"
+.IX Subsection "CONVENTIONS"
+Libev is very configurable. In this manual the default (and most common)
+configuration will be described, which supports multiple event loops. For
+more info about various configuration options please have a look at
+\&\fB\s-1EMBED\s0\fR section in this manual. If libev was configured without support
+for multiple event loops, then all functions taking an initial argument of
+name \f(CW\*(C`loop\*(C'\fR (which is always of type \f(CW\*(C`struct ev_loop *\*(C'\fR) will not have
+this argument.
+.SS "\s-1TIME REPRESENTATION\s0"
+.IX Subsection "TIME REPRESENTATION"
+Libev represents time as a single floating point number, representing
+the (fractional) number of seconds since the (\s-1POSIX\s0) epoch (in practice
+somewhere near the beginning of 1970, details are complicated, don't
+ask). This type is called \f(CW\*(C`ev_tstamp\*(C'\fR, which is what you should use
+too. It usually aliases to the \f(CW\*(C`double\*(C'\fR type in C. When you need to do
+any calculations on it, you should treat it as some floating point value.
+.PP
+Unlike the name component \f(CW\*(C`stamp\*(C'\fR might indicate, it is also used for
+time differences (e.g. delays) throughout libev.
+.SH "ERROR HANDLING"
+.IX Header "ERROR HANDLING"
+Libev knows three classes of errors: operating system errors, usage errors
+and internal errors (bugs).
+.PP
+When libev catches an operating system error it cannot handle (for example
+a system call indicating a condition libev cannot fix), it calls the callback
+set via \f(CW\*(C`ev_set_syserr_cb\*(C'\fR, which is supposed to fix the problem or
+abort. The default is to print a diagnostic message and to call \f(CW\*(C`abort
+()\*(C'\fR.
+.PP
+When libev detects a usage error such as a negative timer interval, then
+it will print a diagnostic message and abort (via the \f(CW\*(C`assert\*(C'\fR mechanism,
+so \f(CW\*(C`NDEBUG\*(C'\fR will disable this checking): these are programming errors in
+the libev caller and need to be fixed there.
+.PP
+Via the \f(CW\*(C`EV_FREQUENT\*(C'\fR macro you can compile in and/or enable extensive
+consistency checking code inside libev that can be used to check for
+internal inconsistencies, suually caused by application bugs.
+.PP
+Libev also has a few internal error-checking \f(CW\*(C`assert\*(C'\fRions. These do not
+trigger under normal circumstances, as they indicate either a bug in libev
+or worse.
+.SH "GLOBAL FUNCTIONS"
+.IX Header "GLOBAL FUNCTIONS"
+These functions can be called anytime, even before initialising the
+library in any way.
+.IP "ev_tstamp ev_time ()" 4
+.IX Item "ev_tstamp ev_time ()"
+Returns the current time as libev would use it. Please note that the
+\&\f(CW\*(C`ev_now\*(C'\fR function is usually faster and also often returns the timestamp
+you actually want to know. Also interesting is the combination of
+\&\f(CW\*(C`ev_now_update\*(C'\fR and \f(CW\*(C`ev_now\*(C'\fR.
+.IP "ev_sleep (ev_tstamp interval)" 4
+.IX Item "ev_sleep (ev_tstamp interval)"
+Sleep for the given interval: The current thread will be blocked
+until either it is interrupted or the given time interval has
+passed (approximately \- it might return a bit earlier even if not
+interrupted). Returns immediately if \f(CW\*(C`interval <= 0\*(C'\fR.
+.Sp
+Basically this is a sub-second-resolution \f(CW\*(C`sleep ()\*(C'\fR.
+.Sp
+The range of the \f(CW\*(C`interval\*(C'\fR is limited \- libev only guarantees to work
+with sleep times of up to one day (\f(CW\*(C`interval <= 86400\*(C'\fR).
+.IP "int ev_version_major ()" 4
+.IX Item "int ev_version_major ()"
+.PD 0
+.IP "int ev_version_minor ()" 4
+.IX Item "int ev_version_minor ()"
+.PD
+You can find out the major and minor \s-1ABI\s0 version numbers of the library
+you linked against by calling the functions \f(CW\*(C`ev_version_major\*(C'\fR and
+\&\f(CW\*(C`ev_version_minor\*(C'\fR. If you want, you can compare against the global
+symbols \f(CW\*(C`EV_VERSION_MAJOR\*(C'\fR and \f(CW\*(C`EV_VERSION_MINOR\*(C'\fR, which specify the
+version of the library your program was compiled against.
+.Sp
+These version numbers refer to the \s-1ABI\s0 version of the library, not the
+release version.
+.Sp
+Usually, it's a good idea to terminate if the major versions mismatch,
+as this indicates an incompatible change. Minor versions are usually
+compatible to older versions, so a larger minor version alone is usually
+not a problem.
+.Sp
+Example: Make sure we haven't accidentally been linked against the wrong
+version (note, however, that this will not detect other \s-1ABI\s0 mismatches,
+such as \s-1LFS\s0 or reentrancy).
+.Sp
+.Vb 3
+\&   assert (("libev version mismatch",
+\&            ev_version_major () == EV_VERSION_MAJOR
+\&            && ev_version_minor () >= EV_VERSION_MINOR));
+.Ve
+.IP "unsigned int ev_supported_backends ()" 4
+.IX Item "unsigned int ev_supported_backends ()"
+Return the set of all backends (i.e. their corresponding \f(CW\*(C`EV_BACKEND_*\*(C'\fR
+value) compiled into this binary of libev (independent of their
+availability on the system you are running on). See \f(CW\*(C`ev_default_loop\*(C'\fR for
+a description of the set values.
+.Sp
+Example: make sure we have the epoll method, because yeah this is cool and
+a must have and can we have a torrent of it please!!!11
+.Sp
+.Vb 2
+\&   assert (("sorry, no epoll, no sex",
+\&            ev_supported_backends () & EVBACKEND_EPOLL));
+.Ve
+.IP "unsigned int ev_recommended_backends ()" 4
+.IX Item "unsigned int ev_recommended_backends ()"
+Return the set of all backends compiled into this binary of libev and
+also recommended for this platform, meaning it will work for most file
+descriptor types. This set is often smaller than the one returned by
+\&\f(CW\*(C`ev_supported_backends\*(C'\fR, as for example kqueue is broken on most BSDs
+and will not be auto-detected unless you explicitly request it (assuming
+you know what you are doing). This is the set of backends that libev will
+probe for if you specify no backends explicitly.
+.IP "unsigned int ev_embeddable_backends ()" 4
+.IX Item "unsigned int ev_embeddable_backends ()"
+Returns the set of backends that are embeddable in other event loops. This
+value is platform-specific but can include backends not available on the
+current system. To find which embeddable backends might be supported on
+the current system, you would need to look at \f(CW\*(C`ev_embeddable_backends ()
+& ev_supported_backends ()\*(C'\fR, likewise for recommended ones.
+.Sp
+See the description of \f(CW\*(C`ev_embed\*(C'\fR watchers for more info.
+.IP "ev_set_allocator (void *(*cb)(void *ptr, long size) throw ())" 4
+.IX Item "ev_set_allocator (void *(*cb)(void *ptr, long size) throw ())"
+Sets the allocation function to use (the prototype is similar \- the
+semantics are identical to the \f(CW\*(C`realloc\*(C'\fR C89/SuS/POSIX function). It is
+used to allocate and free memory (no surprises here). If it returns zero
+when memory needs to be allocated (\f(CW\*(C`size != 0\*(C'\fR), the library might abort
+or take some potentially destructive action.
+.Sp
+Since some systems (at least OpenBSD and Darwin) fail to implement
+correct \f(CW\*(C`realloc\*(C'\fR semantics, libev will use a wrapper around the system
+\&\f(CW\*(C`realloc\*(C'\fR and \f(CW\*(C`free\*(C'\fR functions by default.
+.Sp
+You could override this function in high-availability programs to, say,
+free some memory if it cannot allocate memory, to use a special allocator,
+or even to sleep a while and retry until some memory is available.
+.Sp
+Example: The following is the \f(CW\*(C`realloc\*(C'\fR function that libev itself uses
+which should work with \f(CW\*(C`realloc\*(C'\fR and \f(CW\*(C`free\*(C'\fR functions of all kinds and
+is probably a good basis for your own implementation.
+.Sp
+.Vb 5
+\&   static void *
+\&   ev_realloc_emul (void *ptr, long size) EV_NOEXCEPT
+\&   {
+\&     if (size)
+\&       return realloc (ptr, size);
+\&
+\&     free (ptr);
+\&     return 0;
+\&   }
+.Ve
+.Sp
+Example: Replace the libev allocator with one that waits a bit and then
+retries.
+.Sp
+.Vb 8
+\&   static void *
+\&   persistent_realloc (void *ptr, size_t size)
+\&   {
+\&     if (!size)
+\&       {
+\&         free (ptr);
+\&         return 0;
+\&       }
+\&
+\&     for (;;)
+\&       {
+\&         void *newptr = realloc (ptr, size);
+\&
+\&         if (newptr)
+\&           return newptr;
+\&
+\&         sleep (60);
+\&       }
+\&   }
+\&
+\&   ...
+\&   ev_set_allocator (persistent_realloc);
+.Ve
+.IP "ev_set_syserr_cb (void (*cb)(const char *msg) throw ())" 4
+.IX Item "ev_set_syserr_cb (void (*cb)(const char *msg) throw ())"
+Set the callback function to call on a retryable system call error (such
+as failed select, poll, epoll_wait). The message is a printable string
+indicating the system call or subsystem causing the problem. If this
+callback is set, then libev will expect it to remedy the situation, no
+matter what, when it returns. That is, libev will generally retry the
+requested operation, or, if the condition doesn't go away, do bad stuff
+(such as abort).
+.Sp
+Example: This is basically the same thing that libev does internally, too.
+.Sp
+.Vb 6
+\&   static void
+\&   fatal_error (const char *msg)
+\&   {
+\&     perror (msg);
+\&     abort ();
+\&   }
+\&
+\&   ...
+\&   ev_set_syserr_cb (fatal_error);
+.Ve
+.IP "ev_feed_signal (int signum)" 4
+.IX Item "ev_feed_signal (int signum)"
+This function can be used to \*(L"simulate\*(R" a signal receive. It is completely
+safe to call this function at any time, from any context, including signal
+handlers or random threads.
+.Sp
+Its main use is to customise signal handling in your process, especially
+in the presence of threads. For example, you could block signals
+by default in all threads (and specifying \f(CW\*(C`EVFLAG_NOSIGMASK\*(C'\fR when
+creating any loops), and in one thread, use \f(CW\*(C`sigwait\*(C'\fR or any other
+mechanism to wait for signals, then \*(L"deliver\*(R" them to libev by calling
+\&\f(CW\*(C`ev_feed_signal\*(C'\fR.
+.SH "FUNCTIONS CONTROLLING EVENT LOOPS"
+.IX Header "FUNCTIONS CONTROLLING EVENT LOOPS"
+An event loop is described by a \f(CW\*(C`struct ev_loop *\*(C'\fR (the \f(CW\*(C`struct\*(C'\fR is
+\&\fInot\fR optional in this case unless libev 3 compatibility is disabled, as
+libev 3 had an \f(CW\*(C`ev_loop\*(C'\fR function colliding with the struct name).
+.PP
+The library knows two types of such loops, the \fIdefault\fR loop, which
+supports child process events, and dynamically created event loops which
+do not.
+.IP "struct ev_loop *ev_default_loop (unsigned int flags)" 4
+.IX Item "struct ev_loop *ev_default_loop (unsigned int flags)"
+This returns the \*(L"default\*(R" event loop object, which is what you should
+normally use when you just need \*(L"the event loop\*(R". Event loop objects and
+the \f(CW\*(C`flags\*(C'\fR parameter are described in more detail in the entry for
+\&\f(CW\*(C`ev_loop_new\*(C'\fR.
+.Sp
+If the default loop is already initialised then this function simply
+returns it (and ignores the flags. If that is troubling you, check
+\&\f(CW\*(C`ev_backend ()\*(C'\fR afterwards). Otherwise it will create it with the given
+flags, which should almost always be \f(CW0\fR, unless the caller is also the
+one calling \f(CW\*(C`ev_run\*(C'\fR or otherwise qualifies as \*(L"the main program\*(R".
+.Sp
+If you don't know what event loop to use, use the one returned from this
+function (or via the \f(CW\*(C`EV_DEFAULT\*(C'\fR macro).
+.Sp
+Note that this function is \fInot\fR thread-safe, so if you want to use it
+from multiple threads, you have to employ some kind of mutex (note also
+that this case is unlikely, as loops cannot be shared easily between
+threads anyway).
+.Sp
+The default loop is the only loop that can handle \f(CW\*(C`ev_child\*(C'\fR watchers,
+and to do this, it always registers a handler for \f(CW\*(C`SIGCHLD\*(C'\fR. If this is
+a problem for your application you can either create a dynamic loop with
+\&\f(CW\*(C`ev_loop_new\*(C'\fR which doesn't do that, or you can simply overwrite the
+\&\f(CW\*(C`SIGCHLD\*(C'\fR signal handler \fIafter\fR calling \f(CW\*(C`ev_default_init\*(C'\fR.
+.Sp
+Example: This is the most typical usage.
+.Sp
+.Vb 2
+\&   if (!ev_default_loop (0))
+\&     fatal ("could not initialise libev, bad $LIBEV_FLAGS in environment?");
+.Ve
+.Sp
+Example: Restrict libev to the select and poll backends, and do not allow
+environment settings to be taken into account:
+.Sp
+.Vb 1
+\&   ev_default_loop (EVBACKEND_POLL | EVBACKEND_SELECT | EVFLAG_NOENV);
+.Ve
+.IP "struct ev_loop *ev_loop_new (unsigned int flags)" 4
+.IX Item "struct ev_loop *ev_loop_new (unsigned int flags)"
+This will create and initialise a new event loop object. If the loop
+could not be initialised, returns false.
+.Sp
+This function is thread-safe, and one common way to use libev with
+threads is indeed to create one loop per thread, and using the default
+loop in the \*(L"main\*(R" or \*(L"initial\*(R" thread.
+.Sp
+The flags argument can be used to specify special behaviour or specific
+backends to use, and is usually specified as \f(CW0\fR (or \f(CW\*(C`EVFLAG_AUTO\*(C'\fR).
+.Sp
+The following flags are supported:
+.RS 4
+.ie n .IP """EVFLAG_AUTO""" 4
+.el .IP "\f(CWEVFLAG_AUTO\fR" 4
+.IX Item "EVFLAG_AUTO"
+The default flags value. Use this if you have no clue (it's the right
+thing, believe me).
+.ie n .IP """EVFLAG_NOENV""" 4
+.el .IP "\f(CWEVFLAG_NOENV\fR" 4
+.IX Item "EVFLAG_NOENV"
+If this flag bit is or'ed into the flag value (or the program runs setuid
+or setgid) then libev will \fInot\fR look at the environment variable
+\&\f(CW\*(C`LIBEV_FLAGS\*(C'\fR. Otherwise (the default), this environment variable will
+override the flags completely if it is found in the environment. This is
+useful to try out specific backends to test their performance, to work
+around bugs, or to make libev threadsafe (accessing environment variables
+cannot be done in a threadsafe way, but usually it works if no other
+thread modifies them).
+.ie n .IP """EVFLAG_FORKCHECK""" 4
+.el .IP "\f(CWEVFLAG_FORKCHECK\fR" 4
+.IX Item "EVFLAG_FORKCHECK"
+Instead of calling \f(CW\*(C`ev_loop_fork\*(C'\fR manually after a fork, you can also
+make libev check for a fork in each iteration by enabling this flag.
+.Sp
+This works by calling \f(CW\*(C`getpid ()\*(C'\fR on every iteration of the loop,
+and thus this might slow down your event loop if you do a lot of loop
+iterations and little real work, but is usually not noticeable (on my
+GNU/Linux system for example, \f(CW\*(C`getpid\*(C'\fR is actually a simple 5\-insn
+sequence without a system call and thus \fIvery\fR fast, but my GNU/Linux
+system also has \f(CW\*(C`pthread_atfork\*(C'\fR which is even faster). (Update: glibc
+versions 2.25 apparently removed the \f(CW\*(C`getpid\*(C'\fR optimisation again).
+.Sp
+The big advantage of this flag is that you can forget about fork (and
+forget about forgetting to tell libev about forking, although you still
+have to ignore \f(CW\*(C`SIGPIPE\*(C'\fR) when you use this flag.
+.Sp
+This flag setting cannot be overridden or specified in the \f(CW\*(C`LIBEV_FLAGS\*(C'\fR
+environment variable.
+.ie n .IP """EVFLAG_NOINOTIFY""" 4
+.el .IP "\f(CWEVFLAG_NOINOTIFY\fR" 4
+.IX Item "EVFLAG_NOINOTIFY"
+When this flag is specified, then libev will not attempt to use the
+\&\fIinotify\fR \s-1API\s0 for its \f(CW\*(C`ev_stat\*(C'\fR watchers. Apart from debugging and
+testing, this flag can be useful to conserve inotify file descriptors, as
+otherwise each loop using \f(CW\*(C`ev_stat\*(C'\fR watchers consumes one inotify handle.
+.ie n .IP """EVFLAG_SIGNALFD""" 4
+.el .IP "\f(CWEVFLAG_SIGNALFD\fR" 4
+.IX Item "EVFLAG_SIGNALFD"
+When this flag is specified, then libev will attempt to use the
+\&\fIsignalfd\fR \s-1API\s0 for its \f(CW\*(C`ev_signal\*(C'\fR (and \f(CW\*(C`ev_child\*(C'\fR) watchers. This \s-1API\s0
+delivers signals synchronously, which makes it both faster and might make
+it possible to get the queued signal data. It can also simplify signal
+handling with threads, as long as you properly block signals in your
+threads that are not interested in handling them.
+.Sp
+Signalfd will not be used by default as this changes your signal mask, and
+there are a lot of shoddy libraries and programs (glib's threadpool for
+example) that can't properly initialise their signal masks.
+.ie n .IP """EVFLAG_NOSIGMASK""" 4
+.el .IP "\f(CWEVFLAG_NOSIGMASK\fR" 4
+.IX Item "EVFLAG_NOSIGMASK"
+When this flag is specified, then libev will avoid to modify the signal
+mask. Specifically, this means you have to make sure signals are unblocked
+when you want to receive them.
+.Sp
+This behaviour is useful when you want to do your own signal handling, or
+want to handle signals only in specific threads and want to avoid libev
+unblocking the signals.
+.Sp
+It's also required by \s-1POSIX\s0 in a threaded program, as libev calls
+\&\f(CW\*(C`sigprocmask\*(C'\fR, whose behaviour is officially unspecified.
+.ie n .IP """EVFLAG_NOTIMERFD""" 4
+.el .IP "\f(CWEVFLAG_NOTIMERFD\fR" 4
+.IX Item "EVFLAG_NOTIMERFD"
+When this flag is specified, the libev will avoid using a \f(CW\*(C`timerfd\*(C'\fR to
+detect time jumps. It will still be able to detect time jumps, but takes
+longer and has a lower accuracy in doing so, but saves a file descriptor
+per loop.
+.Sp
+The current implementation only tries to use a \f(CW\*(C`timerfd\*(C'\fR when the first
+\&\f(CW\*(C`ev_periodic\*(C'\fR watcher is started and falls back on other methods if it
+cannot be created, but this behaviour might change in the future.
+.ie n .IP """EVBACKEND_SELECT""  (value 1, portable select backend)" 4
+.el .IP "\f(CWEVBACKEND_SELECT\fR  (value 1, portable select backend)" 4
+.IX Item "EVBACKEND_SELECT (value 1, portable select backend)"
+This is your standard \fBselect\fR\|(2) backend. Not \fIcompletely\fR standard, as
+libev tries to roll its own fd_set with no limits on the number of fds,
+but if that fails, expect a fairly low limit on the number of fds when
+using this backend. It doesn't scale too well (O(highest_fd)), but its
+usually the fastest backend for a low number of (low-numbered :) fds.
+.Sp
+To get good performance out of this backend you need a high amount of
+parallelism (most of the file descriptors should be busy). If you are
+writing a server, you should \f(CW\*(C`accept ()\*(C'\fR in a loop to accept as many
+connections as possible during one iteration. You might also want to have
+a look at \f(CW\*(C`ev_set_io_collect_interval ()\*(C'\fR to increase the amount of
+readiness notifications you get per iteration.
+.Sp
+This backend maps \f(CW\*(C`EV_READ\*(C'\fR to the \f(CW\*(C`readfds\*(C'\fR set and \f(CW\*(C`EV_WRITE\*(C'\fR to the
+\&\f(CW\*(C`writefds\*(C'\fR set (and to work around Microsoft Windows bugs, also onto the
+\&\f(CW\*(C`exceptfds\*(C'\fR set on that platform).
+.ie n .IP """EVBACKEND_POLL""    (value 2, poll backend, available everywhere except on windows)" 4
+.el .IP "\f(CWEVBACKEND_POLL\fR    (value 2, poll backend, available everywhere except on windows)" 4
+.IX Item "EVBACKEND_POLL (value 2, poll backend, available everywhere except on windows)"
+And this is your standard \fBpoll\fR\|(2) backend. It's more complicated
+than select, but handles sparse fds better and has no artificial
+limit on the number of fds you can use (except it will slow down
+considerably with a lot of inactive fds). It scales similarly to select,
+i.e. O(total_fds). See the entry for \f(CW\*(C`EVBACKEND_SELECT\*(C'\fR, above, for
+performance tips.
+.Sp
+This backend maps \f(CW\*(C`EV_READ\*(C'\fR to \f(CW\*(C`POLLIN | POLLERR | POLLHUP\*(C'\fR, and
+\&\f(CW\*(C`EV_WRITE\*(C'\fR to \f(CW\*(C`POLLOUT | POLLERR | POLLHUP\*(C'\fR.
+.ie n .IP """EVBACKEND_EPOLL""   (value 4, Linux)" 4
+.el .IP "\f(CWEVBACKEND_EPOLL\fR   (value 4, Linux)" 4
+.IX Item "EVBACKEND_EPOLL (value 4, Linux)"
+Use the Linux-specific \fBepoll\fR\|(7) interface (for both pre\- and post\-2.6.9
+kernels).
+.Sp
+For few fds, this backend is a bit little slower than poll and select, but
+it scales phenomenally better. While poll and select usually scale like
+O(total_fds) where total_fds is the total number of fds (or the highest
+fd), epoll scales either O(1) or O(active_fds).
+.Sp
+The epoll mechanism deserves honorable mention as the most misdesigned
+of the more advanced event mechanisms: mere annoyances include silently
+dropping file descriptors, requiring a system call per change per file
+descriptor (and unnecessary guessing of parameters), problems with dup,
+returning before the timeout value, resulting in additional iterations
+(and only giving 5ms accuracy while select on the same platform gives
+0.1ms) and so on. The biggest issue is fork races, however \- if a program
+forks then \fIboth\fR parent and child process have to recreate the epoll
+set, which can take considerable time (one syscall per file descriptor)
+and is of course hard to detect.
+.Sp
+Epoll is also notoriously buggy \- embedding epoll fds \fIshould\fR work,
+but of course \fIdoesn't\fR, and epoll just loves to report events for
+totally \fIdifferent\fR file descriptors (even already closed ones, so
+one cannot even remove them from the set) than registered in the set
+(especially on \s-1SMP\s0 systems). Libev tries to counter these spurious
+notifications by employing an additional generation counter and comparing
+that against the events to filter out spurious ones, recreating the set
+when required. Epoll also erroneously rounds down timeouts, but gives you
+no way to know when and by how much, so sometimes you have to busy-wait
+because epoll returns immediately despite a nonzero timeout. And last
+not least, it also refuses to work with some file descriptors which work
+perfectly fine with \f(CW\*(C`select\*(C'\fR (files, many character devices...).
+.Sp
+Epoll is truly the train wreck among event poll mechanisms, a frankenpoll,
+cobbled together in a hurry, no thought to design or interaction with
+others. Oh, the pain, will it ever stop...
+.Sp
+While stopping, setting and starting an I/O watcher in the same iteration
+will result in some caching, there is still a system call per such
+incident (because the same \fIfile descriptor\fR could point to a different
+\&\fIfile description\fR now), so its best to avoid that. Also, \f(CW\*(C`dup ()\*(C'\fR'ed
+file descriptors might not work very well if you register events for both
+file descriptors.
+.Sp
+Best performance from this backend is achieved by not unregistering all
+watchers for a file descriptor until it has been closed, if possible,
+i.e. keep at least one watcher active per fd at all times. Stopping and
+starting a watcher (without re-setting it) also usually doesn't cause
+extra overhead. A fork can both result in spurious notifications as well
+as in libev having to destroy and recreate the epoll object, which can
+take considerable time and thus should be avoided.
+.Sp
+All this means that, in practice, \f(CW\*(C`EVBACKEND_SELECT\*(C'\fR can be as fast or
+faster than epoll for maybe up to a hundred file descriptors, depending on
+the usage. So sad.
+.Sp
+While nominally embeddable in other event loops, this feature is broken in
+a lot of kernel revisions, but probably(!) works in current versions.
+.Sp
+This backend maps \f(CW\*(C`EV_READ\*(C'\fR and \f(CW\*(C`EV_WRITE\*(C'\fR in the same way as
+\&\f(CW\*(C`EVBACKEND_POLL\*(C'\fR.
+.ie n .IP """EVBACKEND_LINUXAIO""   (value 64, Linux)" 4
+.el .IP "\f(CWEVBACKEND_LINUXAIO\fR   (value 64, Linux)" 4
+.IX Item "EVBACKEND_LINUXAIO (value 64, Linux)"
+Use the Linux-specific Linux \s-1AIO\s0 (\fInot\fR \f(CWaio(7)\fR but \f(CWio_submit(2)\fR) event interface available in post\-4.18 kernels (but libev
+only tries to use it in 4.19+).
+.Sp
+This is another Linux train wreck of an event interface.
+.Sp
+If this backend works for you (as of this writing, it was very
+experimental), it is the best event interface available on Linux and might
+be well worth enabling it \- if it isn't available in your kernel this will
+be detected and this backend will be skipped.
+.Sp
+This backend can batch oneshot requests and supports a user-space ring
+buffer to receive events. It also doesn't suffer from most of the design
+problems of epoll (such as not being able to remove event sources from
+the epoll set), and generally sounds too good to be true. Because, this
+being the Linux kernel, of course it suffers from a whole new set of
+limitations, forcing you to fall back to epoll, inheriting all its design
+issues.
+.Sp
+For one, it is not easily embeddable (but probably could be done using
+an event fd at some extra overhead). It also is subject to a system wide
+limit that can be configured in \fI/proc/sys/fs/aio\-max\-nr\fR. If no \s-1AIO\s0
+requests are left, this backend will be skipped during initialisation, and
+will switch to epoll when the loop is active.
+.Sp
+Most problematic in practice, however, is that not all file descriptors
+work with it. For example, in Linux 5.1, \s-1TCP\s0 sockets, pipes, event fds,
+files, \fI/dev/null\fR and many others are supported, but ttys do not work
+properly (a known bug that the kernel developers don't care about, see
+<https://lore.kernel.org/patchwork/patch/1047453/>), so this is not
+(yet?) a generic event polling interface.
+.Sp
+Overall, it seems the Linux developers just don't want it to have a
+generic event handling mechanism other than \f(CW\*(C`select\*(C'\fR or \f(CW\*(C`poll\*(C'\fR.
+.Sp
+To work around all these problem, the current version of libev uses its
+epoll backend as a fallback for file descriptor types that do not work. Or
+falls back completely to epoll if the kernel acts up.
+.Sp
+This backend maps \f(CW\*(C`EV_READ\*(C'\fR and \f(CW\*(C`EV_WRITE\*(C'\fR in the same way as
+\&\f(CW\*(C`EVBACKEND_POLL\*(C'\fR.
+.ie n .IP """EVBACKEND_KQUEUE""  (value 8, most \s-1BSD\s0 clones)" 4
+.el .IP "\f(CWEVBACKEND_KQUEUE\fR  (value 8, most \s-1BSD\s0 clones)" 4
+.IX Item "EVBACKEND_KQUEUE (value 8, most BSD clones)"
+Kqueue deserves special mention, as at the time this backend was
+implemented, it was broken on all BSDs except NetBSD (usually it doesn't
+work reliably with anything but sockets and pipes, except on Darwin,
+where of course it's completely useless). Unlike epoll, however, whose
+brokenness is by design, these kqueue bugs can be (and mostly have been)
+fixed without \s-1API\s0 changes to existing programs. For this reason it's not
+being \*(L"auto-detected\*(R" on all platforms unless you explicitly specify it
+in the flags (i.e. using \f(CW\*(C`EVBACKEND_KQUEUE\*(C'\fR) or libev was compiled on a
+known-to-be-good (\-enough) system like NetBSD.
+.Sp
+You still can embed kqueue into a normal poll or select backend and use it
+only for sockets (after having made sure that sockets work with kqueue on
+the target platform). See \f(CW\*(C`ev_embed\*(C'\fR watchers for more info.
+.Sp
+It scales in the same way as the epoll backend, but the interface to the
+kernel is more efficient (which says nothing about its actual speed, of
+course). While stopping, setting and starting an I/O watcher does never
+cause an extra system call as with \f(CW\*(C`EVBACKEND_EPOLL\*(C'\fR, it still adds up to
+two event changes per incident. Support for \f(CW\*(C`fork ()\*(C'\fR is very bad (you
+might have to leak fds on fork, but it's more sane than epoll) and it
+drops fds silently in similarly hard-to-detect cases.
+.Sp
+This backend usually performs well under most conditions.
+.Sp
+While nominally embeddable in other event loops, this doesn't work
+everywhere, so you might need to test for this. And since it is broken
+almost everywhere, you should only use it when you have a lot of sockets
+(for which it usually works), by embedding it into another event loop
+(e.g. \f(CW\*(C`EVBACKEND_SELECT\*(C'\fR or \f(CW\*(C`EVBACKEND_POLL\*(C'\fR (but \f(CW\*(C`poll\*(C'\fR is of course
+also broken on \s-1OS X\s0)) and, did I mention it, using it only for sockets.
+.Sp
+This backend maps \f(CW\*(C`EV_READ\*(C'\fR into an \f(CW\*(C`EVFILT_READ\*(C'\fR kevent with
+\&\f(CW\*(C`NOTE_EOF\*(C'\fR, and \f(CW\*(C`EV_WRITE\*(C'\fR into an \f(CW\*(C`EVFILT_WRITE\*(C'\fR kevent with
+\&\f(CW\*(C`NOTE_EOF\*(C'\fR.
+.ie n .IP """EVBACKEND_DEVPOLL"" (value 16, Solaris 8)" 4
+.el .IP "\f(CWEVBACKEND_DEVPOLL\fR (value 16, Solaris 8)" 4
+.IX Item "EVBACKEND_DEVPOLL (value 16, Solaris 8)"
+This is not implemented yet (and might never be, unless you send me an
+implementation). According to reports, \f(CW\*(C`/dev/poll\*(C'\fR only supports sockets
+and is not embeddable, which would limit the usefulness of this backend
+immensely.
+.ie n .IP """EVBACKEND_PORT""    (value 32, Solaris 10)" 4
+.el .IP "\f(CWEVBACKEND_PORT\fR    (value 32, Solaris 10)" 4
+.IX Item "EVBACKEND_PORT (value 32, Solaris 10)"
+This uses the Solaris 10 event port mechanism. As with everything on Solaris,
+it's really slow, but it still scales very well (O(active_fds)).
+.Sp
+While this backend scales well, it requires one system call per active
+file descriptor per loop iteration. For small and medium numbers of file
+descriptors a \*(L"slow\*(R" \f(CW\*(C`EVBACKEND_SELECT\*(C'\fR or \f(CW\*(C`EVBACKEND_POLL\*(C'\fR backend
+might perform better.
+.Sp
+On the positive side, this backend actually performed fully to
+specification in all tests and is fully embeddable, which is a rare feat
+among the OS-specific backends (I vastly prefer correctness over speed
+hacks).
+.Sp
+On the negative side, the interface is \fIbizarre\fR \- so bizarre that
+even sun itself gets it wrong in their code examples: The event polling
+function sometimes returns events to the caller even though an error
+occurred, but with no indication whether it has done so or not (yes, it's
+even documented that way) \- deadly for edge-triggered interfaces where you
+absolutely have to know whether an event occurred or not because you have
+to re-arm the watcher.
+.Sp
+Fortunately libev seems to be able to work around these idiocies.
+.Sp
+This backend maps \f(CW\*(C`EV_READ\*(C'\fR and \f(CW\*(C`EV_WRITE\*(C'\fR in the same way as
+\&\f(CW\*(C`EVBACKEND_POLL\*(C'\fR.
+.ie n .IP """EVBACKEND_ALL""" 4
+.el .IP "\f(CWEVBACKEND_ALL\fR" 4
+.IX Item "EVBACKEND_ALL"
+Try all backends (even potentially broken ones that wouldn't be tried
+with \f(CW\*(C`EVFLAG_AUTO\*(C'\fR). Since this is a mask, you can do stuff such as
+\&\f(CW\*(C`EVBACKEND_ALL & ~EVBACKEND_KQUEUE\*(C'\fR.
+.Sp
+It is definitely not recommended to use this flag, use whatever
+\&\f(CW\*(C`ev_recommended_backends ()\*(C'\fR returns, or simply do not specify a backend
+at all.
+.ie n .IP """EVBACKEND_MASK""" 4
+.el .IP "\f(CWEVBACKEND_MASK\fR" 4
+.IX Item "EVBACKEND_MASK"
+Not a backend at all, but a mask to select all backend bits from a
+\&\f(CW\*(C`flags\*(C'\fR value, in case you want to mask out any backends from a flags
+value (e.g. when modifying the \f(CW\*(C`LIBEV_FLAGS\*(C'\fR environment variable).
+.RE
+.RS 4
+.Sp
+If one or more of the backend flags are or'ed into the flags value,
+then only these backends will be tried (in the reverse order as listed
+here). If none are specified, all backends in \f(CW\*(C`ev_recommended_backends
+()\*(C'\fR will be tried.
+.Sp
+Example: Try to create a event loop that uses epoll and nothing else.
+.Sp
+.Vb 3
+\&   struct ev_loop *epoller = ev_loop_new (EVBACKEND_EPOLL | EVFLAG_NOENV);
+\&   if (!epoller)
+\&     fatal ("no epoll found here, maybe it hides under your chair");
+.Ve
+.Sp
+Example: Use whatever libev has to offer, but make sure that kqueue is
+used if available.
+.Sp
+.Vb 1
+\&   struct ev_loop *loop = ev_loop_new (ev_recommended_backends () | EVBACKEND_KQUEUE);
+.Ve
+.Sp
+Example: Similarly, on linux, you mgiht want to take advantage of the
+linux aio backend if possible, but fall back to something else if that
+isn't available.
+.Sp
+.Vb 1
+\&   struct ev_loop *loop = ev_loop_new (ev_recommended_backends () | EVBACKEND_LINUXAIO);
+.Ve
+.RE
+.IP "ev_loop_destroy (loop)" 4
+.IX Item "ev_loop_destroy (loop)"
+Destroys an event loop object (frees all memory and kernel state
+etc.). None of the active event watchers will be stopped in the normal
+sense, so e.g. \f(CW\*(C`ev_is_active\*(C'\fR might still return true. It is your
+responsibility to either stop all watchers cleanly yourself \fIbefore\fR
+calling this function, or cope with the fact afterwards (which is usually
+the easiest thing, you can just ignore the watchers and/or \f(CW\*(C`free ()\*(C'\fR them
+for example).
+.Sp
+Note that certain global state, such as signal state (and installed signal
+handlers), will not be freed by this function, and related watchers (such
+as signal and child watchers) would need to be stopped manually.
+.Sp
+This function is normally used on loop objects allocated by
+\&\f(CW\*(C`ev_loop_new\*(C'\fR, but it can also be used on the default loop returned by
+\&\f(CW\*(C`ev_default_loop\*(C'\fR, in which case it is not thread-safe.
+.Sp
+Note that it is not advisable to call this function on the default loop
+except in the rare occasion where you really need to free its resources.
+If you need dynamically allocated loops it is better to use \f(CW\*(C`ev_loop_new\*(C'\fR
+and \f(CW\*(C`ev_loop_destroy\*(C'\fR.
+.IP "ev_loop_fork (loop)" 4
+.IX Item "ev_loop_fork (loop)"
+This function sets a flag that causes subsequent \f(CW\*(C`ev_run\*(C'\fR iterations
+to reinitialise the kernel state for backends that have one. Despite
+the name, you can call it anytime you are allowed to start or stop
+watchers (except inside an \f(CW\*(C`ev_prepare\*(C'\fR callback), but it makes most
+sense after forking, in the child process. You \fImust\fR call it (or use
+\&\f(CW\*(C`EVFLAG_FORKCHECK\*(C'\fR) in the child before resuming or calling \f(CW\*(C`ev_run\*(C'\fR.
+.Sp
+In addition, if you want to reuse a loop (via this function or
+\&\f(CW\*(C`EVFLAG_FORKCHECK\*(C'\fR), you \fIalso\fR have to ignore \f(CW\*(C`SIGPIPE\*(C'\fR.
+.Sp
+Again, you \fIhave\fR to call it on \fIany\fR loop that you want to re-use after
+a fork, \fIeven if you do not plan to use the loop in the parent\fR. This is
+because some kernel interfaces *cough* \fIkqueue\fR *cough* do funny things
+during fork.
+.Sp
+On the other hand, you only need to call this function in the child
+process if and only if you want to use the event loop in the child. If
+you just fork+exec or create a new loop in the child, you don't have to
+call it at all (in fact, \f(CW\*(C`epoll\*(C'\fR is so badly broken that it makes a
+difference, but libev will usually detect this case on its own and do a
+costly reset of the backend).
+.Sp
+The function itself is quite fast and it's usually not a problem to call
+it just in case after a fork.
+.Sp
+Example: Automate calling \f(CW\*(C`ev_loop_fork\*(C'\fR on the default loop when
+using pthreads.
+.Sp
+.Vb 5
+\&   static void
+\&   post_fork_child (void)
+\&   {
+\&     ev_loop_fork (EV_DEFAULT);
+\&   }
+\&
+\&   ...
+\&   pthread_atfork (0, 0, post_fork_child);
+.Ve
+.IP "int ev_is_default_loop (loop)" 4
+.IX Item "int ev_is_default_loop (loop)"
+Returns true when the given loop is, in fact, the default loop, and false
+otherwise.
+.IP "unsigned int ev_iteration (loop)" 4
+.IX Item "unsigned int ev_iteration (loop)"
+Returns the current iteration count for the event loop, which is identical
+to the number of times libev did poll for new events. It starts at \f(CW0\fR
+and happily wraps around with enough iterations.
+.Sp
+This value can sometimes be useful as a generation counter of sorts (it
+\&\*(L"ticks\*(R" the number of loop iterations), as it roughly corresponds with
+\&\f(CW\*(C`ev_prepare\*(C'\fR and \f(CW\*(C`ev_check\*(C'\fR calls \- and is incremented between the
+prepare and check phases.
+.IP "unsigned int ev_depth (loop)" 4
+.IX Item "unsigned int ev_depth (loop)"
+Returns the number of times \f(CW\*(C`ev_run\*(C'\fR was entered minus the number of
+times \f(CW\*(C`ev_run\*(C'\fR was exited normally, in other words, the recursion depth.
+.Sp
+Outside \f(CW\*(C`ev_run\*(C'\fR, this number is zero. In a callback, this number is
+\&\f(CW1\fR, unless \f(CW\*(C`ev_run\*(C'\fR was invoked recursively (or from another thread),
+in which case it is higher.
+.Sp
+Leaving \f(CW\*(C`ev_run\*(C'\fR abnormally (setjmp/longjmp, cancelling the thread,
+throwing an exception etc.), doesn't count as \*(L"exit\*(R" \- consider this
+as a hint to avoid such ungentleman-like behaviour unless it's really
+convenient, in which case it is fully supported.
+.IP "unsigned int ev_backend (loop)" 4
+.IX Item "unsigned int ev_backend (loop)"
+Returns one of the \f(CW\*(C`EVBACKEND_*\*(C'\fR flags indicating the event backend in
+use.
+.IP "ev_tstamp ev_now (loop)" 4
+.IX Item "ev_tstamp ev_now (loop)"
+Returns the current \*(L"event loop time\*(R", which is the time the event loop
+received events and started processing them. This timestamp does not
+change as long as callbacks are being processed, and this is also the base
+time used for relative timers. You can treat it as the timestamp of the
+event occurring (or more correctly, libev finding out about it).
+.IP "ev_now_update (loop)" 4
+.IX Item "ev_now_update (loop)"
+Establishes the current time by querying the kernel, updating the time
+returned by \f(CW\*(C`ev_now ()\*(C'\fR in the progress. This is a costly operation and
+is usually done automatically within \f(CW\*(C`ev_run ()\*(C'\fR.
+.Sp
+This function is rarely useful, but when some event callback runs for a
+very long time without entering the event loop, updating libev's idea of
+the current time is a good idea.
+.Sp
+See also \*(L"The special problem of time updates\*(R" in the \f(CW\*(C`ev_timer\*(C'\fR section.
+.IP "ev_suspend (loop)" 4
+.IX Item "ev_suspend (loop)"
+.PD 0
+.IP "ev_resume (loop)" 4
+.IX Item "ev_resume (loop)"
+.PD
+These two functions suspend and resume an event loop, for use when the
+loop is not used for a while and timeouts should not be processed.
+.Sp
+A typical use case would be an interactive program such as a game:  When
+the user presses \f(CW\*(C`^Z\*(C'\fR to suspend the game and resumes it an hour later it
+would be best to handle timeouts as if no time had actually passed while
+the program was suspended. This can be achieved by calling \f(CW\*(C`ev_suspend\*(C'\fR
+in your \f(CW\*(C`SIGTSTP\*(C'\fR handler, sending yourself a \f(CW\*(C`SIGSTOP\*(C'\fR and calling
+\&\f(CW\*(C`ev_resume\*(C'\fR directly afterwards to resume timer processing.
+.Sp
+Effectively, all \f(CW\*(C`ev_timer\*(C'\fR watchers will be delayed by the time spend
+between \f(CW\*(C`ev_suspend\*(C'\fR and \f(CW\*(C`ev_resume\*(C'\fR, and all \f(CW\*(C`ev_periodic\*(C'\fR watchers
+will be rescheduled (that is, they will lose any events that would have
+occurred while suspended).
+.Sp
+After calling \f(CW\*(C`ev_suspend\*(C'\fR you \fBmust not\fR call \fIany\fR function on the
+given loop other than \f(CW\*(C`ev_resume\*(C'\fR, and you \fBmust not\fR call \f(CW\*(C`ev_resume\*(C'\fR
+without a previous call to \f(CW\*(C`ev_suspend\*(C'\fR.
+.Sp
+Calling \f(CW\*(C`ev_suspend\*(C'\fR/\f(CW\*(C`ev_resume\*(C'\fR has the side effect of updating the
+event loop time (see \f(CW\*(C`ev_now_update\*(C'\fR).
+.IP "bool ev_run (loop, int flags)" 4
+.IX Item "bool ev_run (loop, int flags)"
+Finally, this is it, the event handler. This function usually is called
+after you have initialised all your watchers and you want to start
+handling events. It will ask the operating system for any new events, call
+the watcher callbacks, and then repeat the whole process indefinitely: This
+is why event loops are called \fIloops\fR.
+.Sp
+If the flags argument is specified as \f(CW0\fR, it will keep handling events
+until either no event watchers are active anymore or \f(CW\*(C`ev_break\*(C'\fR was
+called.
+.Sp
+The return value is false if there are no more active watchers (which
+usually means \*(L"all jobs done\*(R" or \*(L"deadlock\*(R"), and true in all other cases
+(which usually means " you should call \f(CW\*(C`ev_run\*(C'\fR again").
+.Sp
+Please note that an explicit \f(CW\*(C`ev_break\*(C'\fR is usually better than
+relying on all watchers to be stopped when deciding when a program has
+finished (especially in interactive programs), but having a program
+that automatically loops as long as it has to and no longer by virtue
+of relying on its watchers stopping correctly, that is truly a thing of
+beauty.
+.Sp
+This function is \fImostly\fR exception-safe \- you can break out of a
+\&\f(CW\*(C`ev_run\*(C'\fR call by calling \f(CW\*(C`longjmp\*(C'\fR in a callback, throwing a \*(C+
+exception and so on. This does not decrement the \f(CW\*(C`ev_depth\*(C'\fR value, nor
+will it clear any outstanding \f(CW\*(C`EVBREAK_ONE\*(C'\fR breaks.
+.Sp
+A flags value of \f(CW\*(C`EVRUN_NOWAIT\*(C'\fR will look for new events, will handle
+those events and any already outstanding ones, but will not wait and
+block your process in case there are no events and will return after one
+iteration of the loop. This is sometimes useful to poll and handle new
+events while doing lengthy calculations, to keep the program responsive.
+.Sp
+A flags value of \f(CW\*(C`EVRUN_ONCE\*(C'\fR will look for new events (waiting if
+necessary) and will handle those and any already outstanding ones. It
+will block your process until at least one new event arrives (which could
+be an event internal to libev itself, so there is no guarantee that a
+user-registered callback will be called), and will return after one
+iteration of the loop.
+.Sp
+This is useful if you are waiting for some external event in conjunction
+with something not expressible using other libev watchers (i.e. "roll your
+own \f(CW\*(C`ev_run\*(C'\fR"). However, a pair of \f(CW\*(C`ev_prepare\*(C'\fR/\f(CW\*(C`ev_check\*(C'\fR watchers is
+usually a better approach for this kind of thing.
+.Sp
+Here are the gory details of what \f(CW\*(C`ev_run\*(C'\fR does (this is for your
+understanding, not a guarantee that things will work exactly like this in
+future versions):
+.Sp
+.Vb 10
+\&   \- Increment loop depth.
+\&   \- Reset the ev_break status.
+\&   \- Before the first iteration, call any pending watchers.
+\&   LOOP:
+\&   \- If EVFLAG_FORKCHECK was used, check for a fork.
+\&   \- If a fork was detected (by any means), queue and call all fork watchers.
+\&   \- Queue and call all prepare watchers.
+\&   \- If ev_break was called, goto FINISH.
+\&   \- If we have been forked, detach and recreate the kernel state
+\&     as to not disturb the other process.
+\&   \- Update the kernel state with all outstanding changes.
+\&   \- Update the "event loop time" (ev_now ()).
+\&   \- Calculate for how long to sleep or block, if at all
+\&     (active idle watchers, EVRUN_NOWAIT or not having
+\&     any active watchers at all will result in not sleeping).
+\&   \- Sleep if the I/O and timer collect interval say so.
+\&   \- Increment loop iteration counter.
+\&   \- Block the process, waiting for any events.
+\&   \- Queue all outstanding I/O (fd) events.
+\&   \- Update the "event loop time" (ev_now ()), and do time jump adjustments.
+\&   \- Queue all expired timers.
+\&   \- Queue all expired periodics.
+\&   \- Queue all idle watchers with priority higher than that of pending events.
+\&   \- Queue all check watchers.
+\&   \- Call all queued watchers in reverse order (i.e. check watchers first).
+\&     Signals and child watchers are implemented as I/O watchers, and will
+\&     be handled here by queueing them when their watcher gets executed.
+\&   \- If ev_break has been called, or EVRUN_ONCE or EVRUN_NOWAIT
+\&     were used, or there are no active watchers, goto FINISH, otherwise
+\&     continue with step LOOP.
+\&   FINISH:
+\&   \- Reset the ev_break status iff it was EVBREAK_ONE.
+\&   \- Decrement the loop depth.
+\&   \- Return.
+.Ve
+.Sp
+Example: Queue some jobs and then loop until no events are outstanding
+anymore.
+.Sp
+.Vb 4
+\&   ... queue jobs here, make sure they register event watchers as long
+\&   ... as they still have work to do (even an idle watcher will do..)
+\&   ev_run (my_loop, 0);
+\&   ... jobs done or somebody called break. yeah!
+.Ve
+.IP "ev_break (loop, how)" 4
+.IX Item "ev_break (loop, how)"
+Can be used to make a call to \f(CW\*(C`ev_run\*(C'\fR return early (but only after it
+has processed all outstanding events). The \f(CW\*(C`how\*(C'\fR argument must be either
+\&\f(CW\*(C`EVBREAK_ONE\*(C'\fR, which will make the innermost \f(CW\*(C`ev_run\*(C'\fR call return, or
+\&\f(CW\*(C`EVBREAK_ALL\*(C'\fR, which will make all nested \f(CW\*(C`ev_run\*(C'\fR calls return.
+.Sp
+This \*(L"break state\*(R" will be cleared on the next call to \f(CW\*(C`ev_run\*(C'\fR.
+.Sp
+It is safe to call \f(CW\*(C`ev_break\*(C'\fR from outside any \f(CW\*(C`ev_run\*(C'\fR calls, too, in
+which case it will have no effect.
+.IP "ev_ref (loop)" 4
+.IX Item "ev_ref (loop)"
+.PD 0
+.IP "ev_unref (loop)" 4
+.IX Item "ev_unref (loop)"
+.PD
+Ref/unref can be used to add or remove a reference count on the event
+loop: Every watcher keeps one reference, and as long as the reference
+count is nonzero, \f(CW\*(C`ev_run\*(C'\fR will not return on its own.
+.Sp
+This is useful when you have a watcher that you never intend to
+unregister, but that nevertheless should not keep \f(CW\*(C`ev_run\*(C'\fR from
+returning. In such a case, call \f(CW\*(C`ev_unref\*(C'\fR after starting, and \f(CW\*(C`ev_ref\*(C'\fR
+before stopping it.
+.Sp
+As an example, libev itself uses this for its internal signal pipe: It
+is not visible to the libev user and should not keep \f(CW\*(C`ev_run\*(C'\fR from
+exiting if no event watchers registered by it are active. It is also an
+excellent way to do this for generic recurring timers or from within
+third-party libraries. Just remember to \fIunref after start\fR and \fIref
+before stop\fR (but only if the watcher wasn't active before, or was active
+before, respectively. Note also that libev might stop watchers itself
+(e.g. non-repeating timers) in which case you have to \f(CW\*(C`ev_ref\*(C'\fR
+in the callback).
+.Sp
+Example: Create a signal watcher, but keep it from keeping \f(CW\*(C`ev_run\*(C'\fR
+running when nothing else is active.
+.Sp
+.Vb 4
+\&   ev_signal exitsig;
+\&   ev_signal_init (&exitsig, sig_cb, SIGINT);
+\&   ev_signal_start (loop, &exitsig);
+\&   ev_unref (loop);
+.Ve
+.Sp
+Example: For some weird reason, unregister the above signal handler again.
+.Sp
+.Vb 2
+\&   ev_ref (loop);
+\&   ev_signal_stop (loop, &exitsig);
+.Ve
+.IP "ev_set_io_collect_interval (loop, ev_tstamp interval)" 4
+.IX Item "ev_set_io_collect_interval (loop, ev_tstamp interval)"
+.PD 0
+.IP "ev_set_timeout_collect_interval (loop, ev_tstamp interval)" 4
+.IX Item "ev_set_timeout_collect_interval (loop, ev_tstamp interval)"
+.PD
+These advanced functions influence the time that libev will spend waiting
+for events. Both time intervals are by default \f(CW0\fR, meaning that libev
+will try to invoke timer/periodic callbacks and I/O callbacks with minimum
+latency.
+.Sp
+Setting these to a higher value (the \f(CW\*(C`interval\*(C'\fR \fImust\fR be >= \f(CW0\fR)
+allows libev to delay invocation of I/O and timer/periodic callbacks
+to increase efficiency of loop iterations (or to increase power-saving
+opportunities).
+.Sp
+The idea is that sometimes your program runs just fast enough to handle
+one (or very few) event(s) per loop iteration. While this makes the
+program responsive, it also wastes a lot of \s-1CPU\s0 time to poll for new
+events, especially with backends like \f(CW\*(C`select ()\*(C'\fR which have a high
+overhead for the actual polling but can deliver many events at once.
+.Sp
+By setting a higher \fIio collect interval\fR you allow libev to spend more
+time collecting I/O events, so you can handle more events per iteration,
+at the cost of increasing latency. Timeouts (both \f(CW\*(C`ev_periodic\*(C'\fR and
+\&\f(CW\*(C`ev_timer\*(C'\fR) will not be affected. Setting this to a non-null value will
+introduce an additional \f(CW\*(C`ev_sleep ()\*(C'\fR call into most loop iterations. The
+sleep time ensures that libev will not poll for I/O events more often then
+once per this interval, on average (as long as the host time resolution is
+good enough).
+.Sp
+Likewise, by setting a higher \fItimeout collect interval\fR you allow libev
+to spend more time collecting timeouts, at the expense of increased
+latency/jitter/inexactness (the watcher callback will be called
+later). \f(CW\*(C`ev_io\*(C'\fR watchers will not be affected. Setting this to a non-null
+value will not introduce any overhead in libev.
+.Sp
+Many (busy) programs can usually benefit by setting the I/O collect
+interval to a value near \f(CW0.1\fR or so, which is often enough for
+interactive servers (of course not for games), likewise for timeouts. It
+usually doesn't make much sense to set it to a lower value than \f(CW0.01\fR,
+as this approaches the timing granularity of most systems. Note that if
+you do transactions with the outside world and you can't increase the
+parallelity, then this setting will limit your transaction rate (if you
+need to poll once per transaction and the I/O collect interval is 0.01,
+then you can't do more than 100 transactions per second).
+.Sp
+Setting the \fItimeout collect interval\fR can improve the opportunity for
+saving power, as the program will \*(L"bundle\*(R" timer callback invocations that
+are \*(L"near\*(R" in time together, by delaying some, thus reducing the number of
+times the process sleeps and wakes up again. Another useful technique to
+reduce iterations/wake\-ups is to use \f(CW\*(C`ev_periodic\*(C'\fR watchers and make sure
+they fire on, say, one-second boundaries only.
+.Sp
+Example: we only need 0.1s timeout granularity, and we wish not to poll
+more often than 100 times per second:
+.Sp
+.Vb 2
+\&   ev_set_timeout_collect_interval (EV_DEFAULT_UC_ 0.1);
+\&   ev_set_io_collect_interval (EV_DEFAULT_UC_ 0.01);
+.Ve
+.IP "ev_invoke_pending (loop)" 4
+.IX Item "ev_invoke_pending (loop)"
+This call will simply invoke all pending watchers while resetting their
+pending state. Normally, \f(CW\*(C`ev_run\*(C'\fR does this automatically when required,
+but when overriding the invoke callback this call comes handy. This
+function can be invoked from a watcher \- this can be useful for example
+when you want to do some lengthy calculation and want to pass further
+event handling to another thread (you still have to make sure only one
+thread executes within \f(CW\*(C`ev_invoke_pending\*(C'\fR or \f(CW\*(C`ev_run\*(C'\fR of course).
+.IP "int ev_pending_count (loop)" 4
+.IX Item "int ev_pending_count (loop)"
+Returns the number of pending watchers \- zero indicates that no watchers
+are pending.
+.IP "ev_set_invoke_pending_cb (loop, void (*invoke_pending_cb)(\s-1EV_P\s0))" 4
+.IX Item "ev_set_invoke_pending_cb (loop, void (*invoke_pending_cb)(EV_P))"
+This overrides the invoke pending functionality of the loop: Instead of
+invoking all pending watchers when there are any, \f(CW\*(C`ev_run\*(C'\fR will call
+this callback instead. This is useful, for example, when you want to
+invoke the actual watchers inside another context (another thread etc.).
+.Sp
+If you want to reset the callback, use \f(CW\*(C`ev_invoke_pending\*(C'\fR as new
+callback.
+.IP "ev_set_loop_release_cb (loop, void (*release)(\s-1EV_P\s0) throw (), void (*acquire)(\s-1EV_P\s0) throw ())" 4
+.IX Item "ev_set_loop_release_cb (loop, void (*release)(EV_P) throw (), void (*acquire)(EV_P) throw ())"
+Sometimes you want to share the same loop between multiple threads. This
+can be done relatively simply by putting mutex_lock/unlock calls around
+each call to a libev function.
+.Sp
+However, \f(CW\*(C`ev_run\*(C'\fR can run an indefinite time, so it is not feasible
+to wait for it to return. One way around this is to wake up the event
+loop via \f(CW\*(C`ev_break\*(C'\fR and \f(CW\*(C`ev_async_send\*(C'\fR, another way is to set these
+\&\fIrelease\fR and \fIacquire\fR callbacks on the loop.
+.Sp
+When set, then \f(CW\*(C`release\*(C'\fR will be called just before the thread is
+suspended waiting for new events, and \f(CW\*(C`acquire\*(C'\fR is called just
+afterwards.
+.Sp
+Ideally, \f(CW\*(C`release\*(C'\fR will just call your mutex_unlock function, and
+\&\f(CW\*(C`acquire\*(C'\fR will just call the mutex_lock function again.
+.Sp
+While event loop modifications are allowed between invocations of
+\&\f(CW\*(C`release\*(C'\fR and \f(CW\*(C`acquire\*(C'\fR (that's their only purpose after all), no
+modifications done will affect the event loop, i.e. adding watchers will
+have no effect on the set of file descriptors being watched, or the time
+waited. Use an \f(CW\*(C`ev_async\*(C'\fR watcher to wake up \f(CW\*(C`ev_run\*(C'\fR when you want it
+to take note of any changes you made.
+.Sp
+In theory, threads executing \f(CW\*(C`ev_run\*(C'\fR will be async-cancel safe between
+invocations of \f(CW\*(C`release\*(C'\fR and \f(CW\*(C`acquire\*(C'\fR.
+.Sp
+See also the locking example in the \f(CW\*(C`THREADS\*(C'\fR section later in this
+document.
+.IP "ev_set_userdata (loop, void *data)" 4
+.IX Item "ev_set_userdata (loop, void *data)"
+.PD 0
+.IP "void *ev_userdata (loop)" 4
+.IX Item "void *ev_userdata (loop)"
+.PD
+Set and retrieve a single \f(CW\*(C`void *\*(C'\fR associated with a loop. When
+\&\f(CW\*(C`ev_set_userdata\*(C'\fR has never been called, then \f(CW\*(C`ev_userdata\*(C'\fR returns
+\&\f(CW0\fR.
+.Sp
+These two functions can be used to associate arbitrary data with a loop,
+and are intended solely for the \f(CW\*(C`invoke_pending_cb\*(C'\fR, \f(CW\*(C`release\*(C'\fR and
+\&\f(CW\*(C`acquire\*(C'\fR callbacks described above, but of course can be (ab\-)used for
+any other purpose as well.
+.IP "ev_verify (loop)" 4
+.IX Item "ev_verify (loop)"
+This function only does something when \f(CW\*(C`EV_VERIFY\*(C'\fR support has been
+compiled in, which is the default for non-minimal builds. It tries to go
+through all internal structures and checks them for validity. If anything
+is found to be inconsistent, it will print an error message to standard
+error and call \f(CW\*(C`abort ()\*(C'\fR.
+.Sp
+This can be used to catch bugs inside libev itself: under normal
+circumstances, this function will never abort as of course libev keeps its
+data structures consistent.
+.SH "ANATOMY OF A WATCHER"
+.IX Header "ANATOMY OF A WATCHER"
+In the following description, uppercase \f(CW\*(C`TYPE\*(C'\fR in names stands for the
+watcher type, e.g. \f(CW\*(C`ev_TYPE_start\*(C'\fR can mean \f(CW\*(C`ev_timer_start\*(C'\fR for timer
+watchers and \f(CW\*(C`ev_io_start\*(C'\fR for I/O watchers.
+.PP
+A watcher is an opaque structure that you allocate and register to record
+your interest in some event. To make a concrete example, imagine you want
+to wait for \s-1STDIN\s0 to become readable, you would create an \f(CW\*(C`ev_io\*(C'\fR watcher
+for that:
+.PP
+.Vb 5
+\&   static void my_cb (struct ev_loop *loop, ev_io *w, int revents)
+\&   {
+\&     ev_io_stop (w);
+\&     ev_break (loop, EVBREAK_ALL);
+\&   }
+\&
+\&   struct ev_loop *loop = ev_default_loop (0);
+\&
+\&   ev_io stdin_watcher;
+\&
+\&   ev_init (&stdin_watcher, my_cb);
+\&   ev_io_set (&stdin_watcher, STDIN_FILENO, EV_READ);
+\&   ev_io_start (loop, &stdin_watcher);
+\&
+\&   ev_run (loop, 0);
+.Ve
+.PP
+As you can see, you are responsible for allocating the memory for your
+watcher structures (and it is \fIusually\fR a bad idea to do this on the
+stack).
+.PP
+Each watcher has an associated watcher structure (called \f(CW\*(C`struct ev_TYPE\*(C'\fR
+or simply \f(CW\*(C`ev_TYPE\*(C'\fR, as typedefs are provided for all watcher structs).
+.PP
+Each watcher structure must be initialised by a call to \f(CW\*(C`ev_init (watcher
+*, callback)\*(C'\fR, which expects a callback to be provided. This callback is
+invoked each time the event occurs (or, in the case of I/O watchers, each
+time the event loop detects that the file descriptor given is readable
+and/or writable).
+.PP
+Each watcher type further has its own \f(CW\*(C`ev_TYPE_set (watcher *, ...)\*(C'\fR
+macro to configure it, with arguments specific to the watcher type. There
+is also a macro to combine initialisation and setting in one call: \f(CW\*(C`ev_TYPE_init (watcher *, callback, ...)\*(C'\fR.
+.PP
+To make the watcher actually watch out for events, you have to start it
+with a watcher-specific start function (\f(CW\*(C`ev_TYPE_start (loop, watcher
+*)\*(C'\fR), and you can stop watching for events at any time by calling the
+corresponding stop function (\f(CW\*(C`ev_TYPE_stop (loop, watcher *)\*(C'\fR.
+.PP
+As long as your watcher is active (has been started but not stopped) you
+must not touch the values stored in it except when explicitly documented
+otherwise. Most specifically you must never reinitialise it or call its
+\&\f(CW\*(C`ev_TYPE_set\*(C'\fR macro.
+.PP
+Each and every callback receives the event loop pointer as first, the
+registered watcher structure as second, and a bitset of received events as
+third argument.
+.PP
+The received events usually include a single bit per event type received
+(you can receive multiple events at the same time). The possible bit masks
+are:
+.ie n .IP """EV_READ""" 4
+.el .IP "\f(CWEV_READ\fR" 4
+.IX Item "EV_READ"
+.PD 0
+.ie n .IP """EV_WRITE""" 4
+.el .IP "\f(CWEV_WRITE\fR" 4
+.IX Item "EV_WRITE"
+.PD
+The file descriptor in the \f(CW\*(C`ev_io\*(C'\fR watcher has become readable and/or
+writable.
+.ie n .IP """EV_TIMER""" 4
+.el .IP "\f(CWEV_TIMER\fR" 4
+.IX Item "EV_TIMER"
+The \f(CW\*(C`ev_timer\*(C'\fR watcher has timed out.
+.ie n .IP """EV_PERIODIC""" 4
+.el .IP "\f(CWEV_PERIODIC\fR" 4
+.IX Item "EV_PERIODIC"
+The \f(CW\*(C`ev_periodic\*(C'\fR watcher has timed out.
+.ie n .IP """EV_SIGNAL""" 4
+.el .IP "\f(CWEV_SIGNAL\fR" 4
+.IX Item "EV_SIGNAL"
+The signal specified in the \f(CW\*(C`ev_signal\*(C'\fR watcher has been received by a thread.
+.ie n .IP """EV_CHILD""" 4
+.el .IP "\f(CWEV_CHILD\fR" 4
+.IX Item "EV_CHILD"
+The pid specified in the \f(CW\*(C`ev_child\*(C'\fR watcher has received a status change.
+.ie n .IP """EV_STAT""" 4
+.el .IP "\f(CWEV_STAT\fR" 4
+.IX Item "EV_STAT"
+The path specified in the \f(CW\*(C`ev_stat\*(C'\fR watcher changed its attributes somehow.
+.ie n .IP """EV_IDLE""" 4
+.el .IP "\f(CWEV_IDLE\fR" 4
+.IX Item "EV_IDLE"
+The \f(CW\*(C`ev_idle\*(C'\fR watcher has determined that you have nothing better to do.
+.ie n .IP """EV_PREPARE""" 4
+.el .IP "\f(CWEV_PREPARE\fR" 4
+.IX Item "EV_PREPARE"
+.PD 0
+.ie n .IP """EV_CHECK""" 4
+.el .IP "\f(CWEV_CHECK\fR" 4
+.IX Item "EV_CHECK"
+.PD
+All \f(CW\*(C`ev_prepare\*(C'\fR watchers are invoked just \fIbefore\fR \f(CW\*(C`ev_run\*(C'\fR starts to
+gather new events, and all \f(CW\*(C`ev_check\*(C'\fR watchers are queued (not invoked)
+just after \f(CW\*(C`ev_run\*(C'\fR has gathered them, but before it queues any callbacks
+for any received events. That means \f(CW\*(C`ev_prepare\*(C'\fR watchers are the last
+watchers invoked before the event loop sleeps or polls for new events, and
+\&\f(CW\*(C`ev_check\*(C'\fR watchers will be invoked before any other watchers of the same
+or lower priority within an event loop iteration.
+.Sp
+Callbacks of both watcher types can start and stop as many watchers as
+they want, and all of them will be taken into account (for example, a
+\&\f(CW\*(C`ev_prepare\*(C'\fR watcher might start an idle watcher to keep \f(CW\*(C`ev_run\*(C'\fR from
+blocking).
+.ie n .IP """EV_EMBED""" 4
+.el .IP "\f(CWEV_EMBED\fR" 4
+.IX Item "EV_EMBED"
+The embedded event loop specified in the \f(CW\*(C`ev_embed\*(C'\fR watcher needs attention.
+.ie n .IP """EV_FORK""" 4
+.el .IP "\f(CWEV_FORK\fR" 4
+.IX Item "EV_FORK"
+The event loop has been resumed in the child process after fork (see
+\&\f(CW\*(C`ev_fork\*(C'\fR).
+.ie n .IP """EV_CLEANUP""" 4
+.el .IP "\f(CWEV_CLEANUP\fR" 4
+.IX Item "EV_CLEANUP"
+The event loop is about to be destroyed (see \f(CW\*(C`ev_cleanup\*(C'\fR).
+.ie n .IP """EV_ASYNC""" 4
+.el .IP "\f(CWEV_ASYNC\fR" 4
+.IX Item "EV_ASYNC"
+The given async watcher has been asynchronously notified (see \f(CW\*(C`ev_async\*(C'\fR).
+.ie n .IP """EV_CUSTOM""" 4
+.el .IP "\f(CWEV_CUSTOM\fR" 4
+.IX Item "EV_CUSTOM"
+Not ever sent (or otherwise used) by libev itself, but can be freely used
+by libev users to signal watchers (e.g. via \f(CW\*(C`ev_feed_event\*(C'\fR).
+.ie n .IP """EV_ERROR""" 4
+.el .IP "\f(CWEV_ERROR\fR" 4
+.IX Item "EV_ERROR"
+An unspecified error has occurred, the watcher has been stopped. This might
+happen because the watcher could not be properly started because libev
+ran out of memory, a file descriptor was found to be closed or any other
+problem. Libev considers these application bugs.
+.Sp
+You best act on it by reporting the problem and somehow coping with the
+watcher being stopped. Note that well-written programs should not receive
+an error ever, so when your watcher receives it, this usually indicates a
+bug in your program.
+.Sp
+Libev will usually signal a few \*(L"dummy\*(R" events together with an error, for
+example it might indicate that a fd is readable or writable, and if your
+callbacks is well-written it can just attempt the operation and cope with
+the error from \fBread()\fR or \fBwrite()\fR. This will not work in multi-threaded
+programs, though, as the fd could already be closed and reused for another
+thing, so beware.
+.SS "\s-1GENERIC WATCHER FUNCTIONS\s0"
+.IX Subsection "GENERIC WATCHER FUNCTIONS"
+.ie n .IP """ev_init"" (ev_TYPE *watcher, callback)" 4
+.el .IP "\f(CWev_init\fR (ev_TYPE *watcher, callback)" 4
+.IX Item "ev_init (ev_TYPE *watcher, callback)"
+This macro initialises the generic portion of a watcher. The contents
+of the watcher object can be arbitrary (so \f(CW\*(C`malloc\*(C'\fR will do). Only
+the generic parts of the watcher are initialised, you \fIneed\fR to call
+the type-specific \f(CW\*(C`ev_TYPE_set\*(C'\fR macro afterwards to initialise the
+type-specific parts. For each type there is also a \f(CW\*(C`ev_TYPE_init\*(C'\fR macro
+which rolls both calls into one.
+.Sp
+You can reinitialise a watcher at any time as long as it has been stopped
+(or never started) and there are no pending events outstanding.
+.Sp
+The callback is always of type \f(CW\*(C`void (*)(struct ev_loop *loop, ev_TYPE *watcher,
+int revents)\*(C'\fR.
+.Sp
+Example: Initialise an \f(CW\*(C`ev_io\*(C'\fR watcher in two steps.
+.Sp
+.Vb 3
+\&   ev_io w;
+\&   ev_init (&w, my_cb);
+\&   ev_io_set (&w, STDIN_FILENO, EV_READ);
+.Ve
+.ie n .IP """ev_TYPE_set"" (ev_TYPE *watcher, [args])" 4
+.el .IP "\f(CWev_TYPE_set\fR (ev_TYPE *watcher, [args])" 4
+.IX Item "ev_TYPE_set (ev_TYPE *watcher, [args])"
+This macro initialises the type-specific parts of a watcher. You need to
+call \f(CW\*(C`ev_init\*(C'\fR at least once before you call this macro, but you can
+call \f(CW\*(C`ev_TYPE_set\*(C'\fR any number of times. You must not, however, call this
+macro on a watcher that is active (it can be pending, however, which is a
+difference to the \f(CW\*(C`ev_init\*(C'\fR macro).
+.Sp
+Although some watcher types do not have type-specific arguments
+(e.g. \f(CW\*(C`ev_prepare\*(C'\fR) you still need to call its \f(CW\*(C`set\*(C'\fR macro.
+.Sp
+See \f(CW\*(C`ev_init\*(C'\fR, above, for an example.
+.ie n .IP """ev_TYPE_init"" (ev_TYPE *watcher, callback, [args])" 4
+.el .IP "\f(CWev_TYPE_init\fR (ev_TYPE *watcher, callback, [args])" 4
+.IX Item "ev_TYPE_init (ev_TYPE *watcher, callback, [args])"
+This convenience macro rolls both \f(CW\*(C`ev_init\*(C'\fR and \f(CW\*(C`ev_TYPE_set\*(C'\fR macro
+calls into a single call. This is the most convenient method to initialise
+a watcher. The same limitations apply, of course.
+.Sp
+Example: Initialise and set an \f(CW\*(C`ev_io\*(C'\fR watcher in one step.
+.Sp
+.Vb 1
+\&   ev_io_init (&w, my_cb, STDIN_FILENO, EV_READ);
+.Ve
+.ie n .IP """ev_TYPE_start"" (loop, ev_TYPE *watcher)" 4
+.el .IP "\f(CWev_TYPE_start\fR (loop, ev_TYPE *watcher)" 4
+.IX Item "ev_TYPE_start (loop, ev_TYPE *watcher)"
+Starts (activates) the given watcher. Only active watchers will receive
+events. If the watcher is already active nothing will happen.
+.Sp
+Example: Start the \f(CW\*(C`ev_io\*(C'\fR watcher that is being abused as example in this
+whole section.
+.Sp
+.Vb 1
+\&   ev_io_start (EV_DEFAULT_UC, &w);
+.Ve
+.ie n .IP """ev_TYPE_stop"" (loop, ev_TYPE *watcher)" 4
+.el .IP "\f(CWev_TYPE_stop\fR (loop, ev_TYPE *watcher)" 4
+.IX Item "ev_TYPE_stop (loop, ev_TYPE *watcher)"
+Stops the given watcher if active, and clears the pending status (whether
+the watcher was active or not).
+.Sp
+It is possible that stopped watchers are pending \- for example,
+non-repeating timers are being stopped when they become pending \- but
+calling \f(CW\*(C`ev_TYPE_stop\*(C'\fR ensures that the watcher is neither active nor
+pending. If you want to free or reuse the memory used by the watcher it is
+therefore a good idea to always call its \f(CW\*(C`ev_TYPE_stop\*(C'\fR function.
+.IP "bool ev_is_active (ev_TYPE *watcher)" 4
+.IX Item "bool ev_is_active (ev_TYPE *watcher)"
+Returns a true value iff the watcher is active (i.e. it has been started
+and not yet been stopped). As long as a watcher is active you must not modify
+it.
+.IP "bool ev_is_pending (ev_TYPE *watcher)" 4
+.IX Item "bool ev_is_pending (ev_TYPE *watcher)"
+Returns a true value iff the watcher is pending, (i.e. it has outstanding
+events but its callback has not yet been invoked). As long as a watcher
+is pending (but not active) you must not call an init function on it (but
+\&\f(CW\*(C`ev_TYPE_set\*(C'\fR is safe), you must not change its priority, and you must
+make sure the watcher is available to libev (e.g. you cannot \f(CW\*(C`free ()\*(C'\fR
+it).
+.IP "callback ev_cb (ev_TYPE *watcher)" 4
+.IX Item "callback ev_cb (ev_TYPE *watcher)"
+Returns the callback currently set on the watcher.
+.IP "ev_set_cb (ev_TYPE *watcher, callback)" 4
+.IX Item "ev_set_cb (ev_TYPE *watcher, callback)"
+Change the callback. You can change the callback at virtually any time
+(modulo threads).
+.IP "ev_set_priority (ev_TYPE *watcher, int priority)" 4
+.IX Item "ev_set_priority (ev_TYPE *watcher, int priority)"
+.PD 0
+.IP "int ev_priority (ev_TYPE *watcher)" 4
+.IX Item "int ev_priority (ev_TYPE *watcher)"
+.PD
+Set and query the priority of the watcher. The priority is a small
+integer between \f(CW\*(C`EV_MAXPRI\*(C'\fR (default: \f(CW2\fR) and \f(CW\*(C`EV_MINPRI\*(C'\fR
+(default: \f(CW\*(C`\-2\*(C'\fR). Pending watchers with higher priority will be invoked
+before watchers with lower priority, but priority will not keep watchers
+from being executed (except for \f(CW\*(C`ev_idle\*(C'\fR watchers).
+.Sp
+If you need to suppress invocation when higher priority events are pending
+you need to look at \f(CW\*(C`ev_idle\*(C'\fR watchers, which provide this functionality.
+.Sp
+You \fImust not\fR change the priority of a watcher as long as it is active or
+pending.
+.Sp
+Setting a priority outside the range of \f(CW\*(C`EV_MINPRI\*(C'\fR to \f(CW\*(C`EV_MAXPRI\*(C'\fR is
+fine, as long as you do not mind that the priority value you query might
+or might not have been clamped to the valid range.
+.Sp
+The default priority used by watchers when no priority has been set is
+always \f(CW0\fR, which is supposed to not be too high and not be too low :).
+.Sp
+See \*(L"\s-1WATCHER PRIORITY MODELS\*(R"\s0, below, for a more thorough treatment of
+priorities.
+.IP "ev_invoke (loop, ev_TYPE *watcher, int revents)" 4
+.IX Item "ev_invoke (loop, ev_TYPE *watcher, int revents)"
+Invoke the \f(CW\*(C`watcher\*(C'\fR with the given \f(CW\*(C`loop\*(C'\fR and \f(CW\*(C`revents\*(C'\fR. Neither
+\&\f(CW\*(C`loop\*(C'\fR nor \f(CW\*(C`revents\*(C'\fR need to be valid as long as the watcher callback
+can deal with that fact, as both are simply passed through to the
+callback.
+.IP "int ev_clear_pending (loop, ev_TYPE *watcher)" 4
+.IX Item "int ev_clear_pending (loop, ev_TYPE *watcher)"
+If the watcher is pending, this function clears its pending status and
+returns its \f(CW\*(C`revents\*(C'\fR bitset (as if its callback was invoked). If the
+watcher isn't pending it does nothing and returns \f(CW0\fR.
+.Sp
+Sometimes it can be useful to \*(L"poll\*(R" a watcher instead of waiting for its
+callback to be invoked, which can be accomplished with this function.
+.IP "ev_feed_event (loop, ev_TYPE *watcher, int revents)" 4
+.IX Item "ev_feed_event (loop, ev_TYPE *watcher, int revents)"
+Feeds the given event set into the event loop, as if the specified event
+had happened for the specified watcher (which must be a pointer to an
+initialised but not necessarily started event watcher). Obviously you must
+not free the watcher as long as it has pending events.
+.Sp
+Stopping the watcher, letting libev invoke it, or calling
+\&\f(CW\*(C`ev_clear_pending\*(C'\fR will clear the pending event, even if the watcher was
+not started in the first place.
+.Sp
+See also \f(CW\*(C`ev_feed_fd_event\*(C'\fR and \f(CW\*(C`ev_feed_signal_event\*(C'\fR for related
+functions that do not need a watcher.
+.PP
+See also the \*(L"\s-1ASSOCIATING CUSTOM DATA WITH A WATCHER\*(R"\s0 and \*(L"\s-1BUILDING YOUR
+OWN COMPOSITE WATCHERS\*(R"\s0 idioms.
+.SS "\s-1WATCHER STATES\s0"
+.IX Subsection "WATCHER STATES"
+There are various watcher states mentioned throughout this manual \-
+active, pending and so on. In this section these states and the rules to
+transition between them will be described in more detail \- and while these
+rules might look complicated, they usually do \*(L"the right thing\*(R".
+.IP "initialised" 4
+.IX Item "initialised"
+Before a watcher can be registered with the event loop it has to be
+initialised. This can be done with a call to \f(CW\*(C`ev_TYPE_init\*(C'\fR, or calls to
+\&\f(CW\*(C`ev_init\*(C'\fR followed by the watcher-specific \f(CW\*(C`ev_TYPE_set\*(C'\fR function.
+.Sp
+In this state it is simply some block of memory that is suitable for
+use in an event loop. It can be moved around, freed, reused etc. at
+will \- as long as you either keep the memory contents intact, or call
+\&\f(CW\*(C`ev_TYPE_init\*(C'\fR again.
+.IP "started/running/active" 4
+.IX Item "started/running/active"
+Once a watcher has been started with a call to \f(CW\*(C`ev_TYPE_start\*(C'\fR it becomes
+property of the event loop, and is actively waiting for events. While in
+this state it cannot be accessed (except in a few documented ways), moved,
+freed or anything else \- the only legal thing is to keep a pointer to it,
+and call libev functions on it that are documented to work on active watchers.
+.IP "pending" 4
+.IX Item "pending"
+If a watcher is active and libev determines that an event it is interested
+in has occurred (such as a timer expiring), it will become pending. It will
+stay in this pending state until either it is stopped or its callback is
+about to be invoked, so it is not normally pending inside the watcher
+callback.
+.Sp
+The watcher might or might not be active while it is pending (for example,
+an expired non-repeating timer can be pending but no longer active). If it
+is stopped, it can be freely accessed (e.g. by calling \f(CW\*(C`ev_TYPE_set\*(C'\fR),
+but it is still property of the event loop at this time, so cannot be
+moved, freed or reused. And if it is active the rules described in the
+previous item still apply.
+.Sp
+It is also possible to feed an event on a watcher that is not active (e.g.
+via \f(CW\*(C`ev_feed_event\*(C'\fR), in which case it becomes pending without being
+active.
+.IP "stopped" 4
+.IX Item "stopped"
+A watcher can be stopped implicitly by libev (in which case it might still
+be pending), or explicitly by calling its \f(CW\*(C`ev_TYPE_stop\*(C'\fR function. The
+latter will clear any pending state the watcher might be in, regardless
+of whether it was active or not, so stopping a watcher explicitly before
+freeing it is often a good idea.
+.Sp
+While stopped (and not pending) the watcher is essentially in the
+initialised state, that is, it can be reused, moved, modified in any way
+you wish (but when you trash the memory block, you need to \f(CW\*(C`ev_TYPE_init\*(C'\fR
+it again).
+.SS "\s-1WATCHER PRIORITY MODELS\s0"
+.IX Subsection "WATCHER PRIORITY MODELS"
+Many event loops support \fIwatcher priorities\fR, which are usually small
+integers that influence the ordering of event callback invocation
+between watchers in some way, all else being equal.
+.PP
+In libev, watcher priorities can be set using \f(CW\*(C`ev_set_priority\*(C'\fR. See its
+description for the more technical details such as the actual priority
+range.
+.PP
+There are two common ways how these these priorities are being interpreted
+by event loops:
+.PP
+In the more common lock-out model, higher priorities \*(L"lock out\*(R" invocation
+of lower priority watchers, which means as long as higher priority
+watchers receive events, lower priority watchers are not being invoked.
+.PP
+The less common only-for-ordering model uses priorities solely to order
+callback invocation within a single event loop iteration: Higher priority
+watchers are invoked before lower priority ones, but they all get invoked
+before polling for new events.
+.PP
+Libev uses the second (only-for-ordering) model for all its watchers
+except for idle watchers (which use the lock-out model).
+.PP
+The rationale behind this is that implementing the lock-out model for
+watchers is not well supported by most kernel interfaces, and most event
+libraries will just poll for the same events again and again as long as
+their callbacks have not been executed, which is very inefficient in the
+common case of one high-priority watcher locking out a mass of lower
+priority ones.
+.PP
+Static (ordering) priorities are most useful when you have two or more
+watchers handling the same resource: a typical usage example is having an
+\&\f(CW\*(C`ev_io\*(C'\fR watcher to receive data, and an associated \f(CW\*(C`ev_timer\*(C'\fR to handle
+timeouts. Under load, data might be received while the program handles
+other jobs, but since timers normally get invoked first, the timeout
+handler will be executed before checking for data. In that case, giving
+the timer a lower priority than the I/O watcher ensures that I/O will be
+handled first even under adverse conditions (which is usually, but not
+always, what you want).
+.PP
+Since idle watchers use the \*(L"lock-out\*(R" model, meaning that idle watchers
+will only be executed when no same or higher priority watchers have
+received events, they can be used to implement the \*(L"lock-out\*(R" model when
+required.
+.PP
+For example, to emulate how many other event libraries handle priorities,
+you can associate an \f(CW\*(C`ev_idle\*(C'\fR watcher to each such watcher, and in
+the normal watcher callback, you just start the idle watcher. The real
+processing is done in the idle watcher callback. This causes libev to
+continuously poll and process kernel event data for the watcher, but when
+the lock-out case is known to be rare (which in turn is rare :), this is
+workable.
+.PP
+Usually, however, the lock-out model implemented that way will perform
+miserably under the type of load it was designed to handle. In that case,
+it might be preferable to stop the real watcher before starting the
+idle watcher, so the kernel will not have to process the event in case
+the actual processing will be delayed for considerable time.
+.PP
+Here is an example of an I/O watcher that should run at a strictly lower
+priority than the default, and which should only process data when no
+other events are pending:
+.PP
+.Vb 2
+\&   ev_idle idle; // actual processing watcher
+\&   ev_io io;     // actual event watcher
+\&
+\&   static void
+\&   io_cb (EV_P_ ev_io *w, int revents)
+\&   {
+\&     // stop the I/O watcher, we received the event, but
+\&     // are not yet ready to handle it.
+\&     ev_io_stop (EV_A_ w);
+\&
+\&     // start the idle watcher to handle the actual event.
+\&     // it will not be executed as long as other watchers
+\&     // with the default priority are receiving events.
+\&     ev_idle_start (EV_A_ &idle);
+\&   }
+\&
+\&   static void
+\&   idle_cb (EV_P_ ev_idle *w, int revents)
+\&   {
+\&     // actual processing
+\&     read (STDIN_FILENO, ...);
+\&
+\&     // have to start the I/O watcher again, as
+\&     // we have handled the event
+\&     ev_io_start (EV_P_ &io);
+\&   }
+\&
+\&   // initialisation
+\&   ev_idle_init (&idle, idle_cb);
+\&   ev_io_init (&io, io_cb, STDIN_FILENO, EV_READ);
+\&   ev_io_start (EV_DEFAULT_ &io);
+.Ve
+.PP
+In the \*(L"real\*(R" world, it might also be beneficial to start a timer, so that
+low-priority connections can not be locked out forever under load. This
+enables your program to keep a lower latency for important connections
+during short periods of high load, while not completely locking out less
+important ones.
+.SH "WATCHER TYPES"
+.IX Header "WATCHER TYPES"
+This section describes each watcher in detail, but will not repeat
+information given in the last section. Any initialisation/set macros,
+functions and members specific to the watcher type are explained.
+.PP
+Most members are additionally marked with either \fI[read\-only]\fR, meaning
+that, while the watcher is active, you can look at the member and expect
+some sensible content, but you must not modify it (you can modify it while
+the watcher is stopped to your hearts content), or \fI[read\-write]\fR, which
+means you can expect it to have some sensible content while the watcher is
+active, but you can also modify it (within the same thread as the event
+loop, i.e. without creating data races). Modifying it may not do something
+sensible or take immediate effect (or do anything at all), but libev will
+not crash or malfunction in any way.
+.PP
+In any case, the documentation for each member will explain what the
+effects are, and if there are any additional access restrictions.
+.ie n .SS """ev_io"" \- is this file descriptor readable or writable?"
+.el .SS "\f(CWev_io\fP \- is this file descriptor readable or writable?"
+.IX Subsection "ev_io - is this file descriptor readable or writable?"
+I/O watchers check whether a file descriptor is readable or writable
+in each iteration of the event loop, or, more precisely, when reading
+would not block the process and writing would at least be able to write
+some data. This behaviour is called level-triggering because you keep
+receiving events as long as the condition persists. Remember you can stop
+the watcher if you don't want to act on the event and neither want to
+receive future events.
+.PP
+In general you can register as many read and/or write event watchers per
+fd as you want (as long as you don't confuse yourself). Setting all file
+descriptors to non-blocking mode is also usually a good idea (but not
+required if you know what you are doing).
+.PP
+Another thing you have to watch out for is that it is quite easy to
+receive \*(L"spurious\*(R" readiness notifications, that is, your callback might
+be called with \f(CW\*(C`EV_READ\*(C'\fR but a subsequent \f(CW\*(C`read\*(C'\fR(2) will actually block
+because there is no data. It is very easy to get into this situation even
+with a relatively standard program structure. Thus it is best to always
+use non-blocking I/O: An extra \f(CW\*(C`read\*(C'\fR(2) returning \f(CW\*(C`EAGAIN\*(C'\fR is far
+preferable to a program hanging until some data arrives.
+.PP
+If you cannot run the fd in non-blocking mode (for example you should
+not play around with an Xlib connection), then you have to separately
+re-test whether a file descriptor is really ready with a known-to-be good
+interface such as poll (fortunately in the case of Xlib, it already does
+this on its own, so its quite safe to use). Some people additionally
+use \f(CW\*(C`SIGALRM\*(C'\fR and an interval timer, just to be sure you won't block
+indefinitely.
+.PP
+But really, best use non-blocking mode.
+.PP
+\fIThe special problem of disappearing file descriptors\fR
+.IX Subsection "The special problem of disappearing file descriptors"
+.PP
+Some backends (e.g. kqueue, epoll, linuxaio) need to be told about closing
+a file descriptor (either due to calling \f(CW\*(C`close\*(C'\fR explicitly or any other
+means, such as \f(CW\*(C`dup2\*(C'\fR). The reason is that you register interest in some
+file descriptor, but when it goes away, the operating system will silently
+drop this interest. If another file descriptor with the same number then
+is registered with libev, there is no efficient way to see that this is,
+in fact, a different file descriptor.
+.PP
+To avoid having to explicitly tell libev about such cases, libev follows
+the following policy:  Each time \f(CW\*(C`ev_io_set\*(C'\fR is being called, libev
+will assume that this is potentially a new file descriptor, otherwise
+it is assumed that the file descriptor stays the same. That means that
+you \fIhave\fR to call \f(CW\*(C`ev_io_set\*(C'\fR (or \f(CW\*(C`ev_io_init\*(C'\fR) when you change the
+descriptor even if the file descriptor number itself did not change.
+.PP
+This is how one would do it normally anyway, the important point is that
+the libev application should not optimise around libev but should leave
+optimisations to libev.
+.PP
+\fIThe special problem of dup'ed file descriptors\fR
+.IX Subsection "The special problem of dup'ed file descriptors"
+.PP
+Some backends (e.g. epoll), cannot register events for file descriptors,
+but only events for the underlying file descriptions. That means when you
+have \f(CW\*(C`dup ()\*(C'\fR'ed file descriptors or weirder constellations, and register
+events for them, only one file descriptor might actually receive events.
+.PP
+There is no workaround possible except not registering events
+for potentially \f(CW\*(C`dup ()\*(C'\fR'ed file descriptors, or to resort to
+\&\f(CW\*(C`EVBACKEND_SELECT\*(C'\fR or \f(CW\*(C`EVBACKEND_POLL\*(C'\fR.
+.PP
+\fIThe special problem of files\fR
+.IX Subsection "The special problem of files"
+.PP
+Many people try to use \f(CW\*(C`select\*(C'\fR (or libev) on file descriptors
+representing files, and expect it to become ready when their program
+doesn't block on disk accesses (which can take a long time on their own).
+.PP
+However, this cannot ever work in the \*(L"expected\*(R" way \- you get a readiness
+notification as soon as the kernel knows whether and how much data is
+there, and in the case of open files, that's always the case, so you
+always get a readiness notification instantly, and your read (or possibly
+write) will still block on the disk I/O.
+.PP
+Another way to view it is that in the case of sockets, pipes, character
+devices and so on, there is another party (the sender) that delivers data
+on its own, but in the case of files, there is no such thing: the disk
+will not send data on its own, simply because it doesn't know what you
+wish to read \- you would first have to request some data.
+.PP
+Since files are typically not-so-well supported by advanced notification
+mechanism, libev tries hard to emulate \s-1POSIX\s0 behaviour with respect
+to files, even though you should not use it. The reason for this is
+convenience: sometimes you want to watch \s-1STDIN\s0 or \s-1STDOUT,\s0 which is
+usually a tty, often a pipe, but also sometimes files or special devices
+(for example, \f(CW\*(C`epoll\*(C'\fR on Linux works with \fI/dev/random\fR but not with
+\&\fI/dev/urandom\fR), and even though the file might better be served with
+asynchronous I/O instead of with non-blocking I/O, it is still useful when
+it \*(L"just works\*(R" instead of freezing.
+.PP
+So avoid file descriptors pointing to files when you know it (e.g. use
+libeio), but use them when it is convenient, e.g. for \s-1STDIN/STDOUT,\s0 or
+when you rarely read from a file instead of from a socket, and want to
+reuse the same code path.
+.PP
+\fIThe special problem of fork\fR
+.IX Subsection "The special problem of fork"
+.PP
+Some backends (epoll, kqueue, linuxaio, iouring) do not support \f(CW\*(C`fork ()\*(C'\fR
+at all or exhibit useless behaviour. Libev fully supports fork, but needs
+to be told about it in the child if you want to continue to use it in the
+child.
+.PP
+To support fork in your child processes, you have to call \f(CW\*(C`ev_loop_fork
+()\*(C'\fR after a fork in the child, enable \f(CW\*(C`EVFLAG_FORKCHECK\*(C'\fR, or resort to
+\&\f(CW\*(C`EVBACKEND_SELECT\*(C'\fR or \f(CW\*(C`EVBACKEND_POLL\*(C'\fR.
+.PP
+\fIThe special problem of \s-1SIGPIPE\s0\fR
+.IX Subsection "The special problem of SIGPIPE"
+.PP
+While not really specific to libev, it is easy to forget about \f(CW\*(C`SIGPIPE\*(C'\fR:
+when writing to a pipe whose other end has been closed, your program gets
+sent a \s-1SIGPIPE,\s0 which, by default, aborts your program. For most programs
+this is sensible behaviour, for daemons, this is usually undesirable.
+.PP
+So when you encounter spurious, unexplained daemon exits, make sure you
+ignore \s-1SIGPIPE\s0 (and maybe make sure you log the exit status of your daemon
+somewhere, as that would have given you a big clue).
+.PP
+\fIThe special problem of \f(BIaccept()\fIing when you can't\fR
+.IX Subsection "The special problem of accept()ing when you can't"
+.PP
+Many implementations of the \s-1POSIX\s0 \f(CW\*(C`accept\*(C'\fR function (for example,
+found in post\-2004 Linux) have the peculiar behaviour of not removing a
+connection from the pending queue in all error cases.
+.PP
+For example, larger servers often run out of file descriptors (because
+of resource limits), causing \f(CW\*(C`accept\*(C'\fR to fail with \f(CW\*(C`ENFILE\*(C'\fR but not
+rejecting the connection, leading to libev signalling readiness on
+the next iteration again (the connection still exists after all), and
+typically causing the program to loop at 100% \s-1CPU\s0 usage.
+.PP
+Unfortunately, the set of errors that cause this issue differs between
+operating systems, there is usually little the app can do to remedy the
+situation, and no known thread-safe method of removing the connection to
+cope with overload is known (to me).
+.PP
+One of the easiest ways to handle this situation is to just ignore it
+\&\- when the program encounters an overload, it will just loop until the
+situation is over. While this is a form of busy waiting, no \s-1OS\s0 offers an
+event-based way to handle this situation, so it's the best one can do.
+.PP
+A better way to handle the situation is to log any errors other than
+\&\f(CW\*(C`EAGAIN\*(C'\fR and \f(CW\*(C`EWOULDBLOCK\*(C'\fR, making sure not to flood the log with such
+messages, and continue as usual, which at least gives the user an idea of
+what could be wrong (\*(L"raise the ulimit!\*(R"). For extra points one could stop
+the \f(CW\*(C`ev_io\*(C'\fR watcher on the listening fd \*(L"for a while\*(R", which reduces \s-1CPU\s0
+usage.
+.PP
+If your program is single-threaded, then you could also keep a dummy file
+descriptor for overload situations (e.g. by opening \fI/dev/null\fR), and
+when you run into \f(CW\*(C`ENFILE\*(C'\fR or \f(CW\*(C`EMFILE\*(C'\fR, close it, run \f(CW\*(C`accept\*(C'\fR,
+close that fd, and create a new dummy fd. This will gracefully refuse
+clients under typical overload conditions.
+.PP
+The last way to handle it is to simply log the error and \f(CW\*(C`exit\*(C'\fR, as
+is often done with \f(CW\*(C`malloc\*(C'\fR failures, but this results in an easy
+opportunity for a DoS attack.
+.PP
+\fIWatcher-Specific Functions\fR
+.IX Subsection "Watcher-Specific Functions"
+.IP "ev_io_init (ev_io *, callback, int fd, int events)" 4
+.IX Item "ev_io_init (ev_io *, callback, int fd, int events)"
+.PD 0
+.IP "ev_io_set (ev_io *, int fd, int events)" 4
+.IX Item "ev_io_set (ev_io *, int fd, int events)"
+.PD
+Configures an \f(CW\*(C`ev_io\*(C'\fR watcher. The \f(CW\*(C`fd\*(C'\fR is the file descriptor to
+receive events for and \f(CW\*(C`events\*(C'\fR is either \f(CW\*(C`EV_READ\*(C'\fR, \f(CW\*(C`EV_WRITE\*(C'\fR, both
+\&\f(CW\*(C`EV_READ | EV_WRITE\*(C'\fR or \f(CW0\fR, to express the desire to receive the given
+events.
+.Sp
+Note that setting the \f(CW\*(C`events\*(C'\fR to \f(CW0\fR and starting the watcher is
+supported, but not specially optimized \- if your program sometimes happens
+to generate this combination this is fine, but if it is easy to avoid
+starting an io watcher watching for no events you should do so.
+.IP "ev_io_modify (ev_io *, int events)" 4
+.IX Item "ev_io_modify (ev_io *, int events)"
+Similar to \f(CW\*(C`ev_io_set\*(C'\fR, but only changes the requested events. Using this
+might be faster with some backends, as libev can assume that the \f(CW\*(C`fd\*(C'\fR
+still refers to the same underlying file description, something it cannot
+do when using \f(CW\*(C`ev_io_set\*(C'\fR.
+.IP "int fd [no\-modify]" 4
+.IX Item "int fd [no-modify]"
+The file descriptor being watched. While it can be read at any time, you
+must not modify this member even when the watcher is stopped \- always use
+\&\f(CW\*(C`ev_io_set\*(C'\fR for that.
+.IP "int events [no\-modify]" 4
+.IX Item "int events [no-modify]"
+The set of events the fd is being watched for, among other flags. Remember
+that this is a bit set \- to test for \f(CW\*(C`EV_READ\*(C'\fR, use \f(CW\*(C`w\->events &
+EV_READ\*(C'\fR, and similarly for \f(CW\*(C`EV_WRITE\*(C'\fR.
+.Sp
+As with \f(CW\*(C`fd\*(C'\fR, you must not modify this member even when the watcher is
+stopped, always use \f(CW\*(C`ev_io_set\*(C'\fR or \f(CW\*(C`ev_io_modify\*(C'\fR for that.
+.PP
+\fIExamples\fR
+.IX Subsection "Examples"
+.PP
+Example: Call \f(CW\*(C`stdin_readable_cb\*(C'\fR when \s-1STDIN_FILENO\s0 has become, well
+readable, but only once. Since it is likely line-buffered, you could
+attempt to read a whole line in the callback.
+.PP
+.Vb 6
+\&   static void
+\&   stdin_readable_cb (struct ev_loop *loop, ev_io *w, int revents)
+\&   {
+\&      ev_io_stop (loop, w);
+\&     .. read from stdin here (or from w\->fd) and handle any I/O errors
+\&   }
+\&
+\&   ...
+\&   struct ev_loop *loop = ev_default_init (0);
+\&   ev_io stdin_readable;
+\&   ev_io_init (&stdin_readable, stdin_readable_cb, STDIN_FILENO, EV_READ);
+\&   ev_io_start (loop, &stdin_readable);
+\&   ev_run (loop, 0);
+.Ve
+.ie n .SS """ev_timer"" \- relative and optionally repeating timeouts"
+.el .SS "\f(CWev_timer\fP \- relative and optionally repeating timeouts"
+.IX Subsection "ev_timer - relative and optionally repeating timeouts"
+Timer watchers are simple relative timers that generate an event after a
+given time, and optionally repeating in regular intervals after that.
+.PP
+The timers are based on real time, that is, if you register an event that
+times out after an hour and you reset your system clock to January last
+year, it will still time out after (roughly) one hour. \*(L"Roughly\*(R" because
+detecting time jumps is hard, and some inaccuracies are unavoidable (the
+monotonic clock option helps a lot here).
+.PP
+The callback is guaranteed to be invoked only \fIafter\fR its timeout has
+passed (not \fIat\fR, so on systems with very low-resolution clocks this
+might introduce a small delay, see \*(L"the special problem of being too
+early\*(R", below). If multiple timers become ready during the same loop
+iteration then the ones with earlier time-out values are invoked before
+ones of the same priority with later time-out values (but this is no
+longer true when a callback calls \f(CW\*(C`ev_run\*(C'\fR recursively).
+.PP
+\fIBe smart about timeouts\fR
+.IX Subsection "Be smart about timeouts"
+.PP
+Many real-world problems involve some kind of timeout, usually for error
+recovery. A typical example is an \s-1HTTP\s0 request \- if the other side hangs,
+you want to raise some error after a while.
+.PP
+What follows are some ways to handle this problem, from obvious and
+inefficient to smart and efficient.
+.PP
+In the following, a 60 second activity timeout is assumed \- a timeout that
+gets reset to 60 seconds each time there is activity (e.g. each time some
+data or other life sign was received).
+.IP "1. Use a timer and stop, reinitialise and start it on activity." 4
+.IX Item "1. Use a timer and stop, reinitialise and start it on activity."
+This is the most obvious, but not the most simple way: In the beginning,
+start the watcher:
+.Sp
+.Vb 2
+\&   ev_timer_init (timer, callback, 60., 0.);
+\&   ev_timer_start (loop, timer);
+.Ve
+.Sp
+Then, each time there is some activity, \f(CW\*(C`ev_timer_stop\*(C'\fR it, initialise it
+and start it again:
+.Sp
+.Vb 3
+\&   ev_timer_stop (loop, timer);
+\&   ev_timer_set (timer, 60., 0.);
+\&   ev_timer_start (loop, timer);
+.Ve
+.Sp
+This is relatively simple to implement, but means that each time there is
+some activity, libev will first have to remove the timer from its internal
+data structure and then add it again. Libev tries to be fast, but it's
+still not a constant-time operation.
+.ie n .IP "2. Use a timer and re-start it with ""ev_timer_again"" inactivity." 4
+.el .IP "2. Use a timer and re-start it with \f(CWev_timer_again\fR inactivity." 4
+.IX Item "2. Use a timer and re-start it with ev_timer_again inactivity."
+This is the easiest way, and involves using \f(CW\*(C`ev_timer_again\*(C'\fR instead of
+\&\f(CW\*(C`ev_timer_start\*(C'\fR.
+.Sp
+To implement this, configure an \f(CW\*(C`ev_timer\*(C'\fR with a \f(CW\*(C`repeat\*(C'\fR value
+of \f(CW60\fR and then call \f(CW\*(C`ev_timer_again\*(C'\fR at start and each time you
+successfully read or write some data. If you go into an idle state where
+you do not expect data to travel on the socket, you can \f(CW\*(C`ev_timer_stop\*(C'\fR
+the timer, and \f(CW\*(C`ev_timer_again\*(C'\fR will automatically restart it if need be.
+.Sp
+That means you can ignore both the \f(CW\*(C`ev_timer_start\*(C'\fR function and the
+\&\f(CW\*(C`after\*(C'\fR argument to \f(CW\*(C`ev_timer_set\*(C'\fR, and only ever use the \f(CW\*(C`repeat\*(C'\fR
+member and \f(CW\*(C`ev_timer_again\*(C'\fR.
+.Sp
+At start:
+.Sp
+.Vb 3
+\&   ev_init (timer, callback);
+\&   timer\->repeat = 60.;
+\&   ev_timer_again (loop, timer);
+.Ve
+.Sp
+Each time there is some activity:
+.Sp
+.Vb 1
+\&   ev_timer_again (loop, timer);
+.Ve
+.Sp
+It is even possible to change the time-out on the fly, regardless of
+whether the watcher is active or not:
+.Sp
+.Vb 2
+\&   timer\->repeat = 30.;
+\&   ev_timer_again (loop, timer);
+.Ve
+.Sp
+This is slightly more efficient then stopping/starting the timer each time
+you want to modify its timeout value, as libev does not have to completely
+remove and re-insert the timer from/into its internal data structure.
+.Sp
+It is, however, even simpler than the \*(L"obvious\*(R" way to do it.
+.IP "3. Let the timer time out, but then re-arm it as required." 4
+.IX Item "3. Let the timer time out, but then re-arm it as required."
+This method is more tricky, but usually most efficient: Most timeouts are
+relatively long compared to the intervals between other activity \- in
+our example, within 60 seconds, there are usually many I/O events with
+associated activity resets.
+.Sp
+In this case, it would be more efficient to leave the \f(CW\*(C`ev_timer\*(C'\fR alone,
+but remember the time of last activity, and check for a real timeout only
+within the callback:
+.Sp
+.Vb 3
+\&   ev_tstamp timeout = 60.;
+\&   ev_tstamp last_activity; // time of last activity
+\&   ev_timer timer;
+\&
+\&   static void
+\&   callback (EV_P_ ev_timer *w, int revents)
+\&   {
+\&     // calculate when the timeout would happen
+\&     ev_tstamp after = last_activity \- ev_now (EV_A) + timeout;
+\&
+\&     // if negative, it means we the timeout already occurred
+\&     if (after < 0.)
+\&       {
+\&         // timeout occurred, take action
+\&       }
+\&     else
+\&       {
+\&         // callback was invoked, but there was some recent 
+\&         // activity. simply restart the timer to time out
+\&         // after "after" seconds, which is the earliest time
+\&         // the timeout can occur.
+\&         ev_timer_set (w, after, 0.);
+\&         ev_timer_start (EV_A_ w);
+\&       }
+\&   }
+.Ve
+.Sp
+To summarise the callback: first calculate in how many seconds the
+timeout will occur (by calculating the absolute time when it would occur,
+\&\f(CW\*(C`last_activity + timeout\*(C'\fR, and subtracting the current time, \f(CW\*(C`ev_now
+(EV_A)\*(C'\fR from that).
+.Sp
+If this value is negative, then we are already past the timeout, i.e. we
+timed out, and need to do whatever is needed in this case.
+.Sp
+Otherwise, we now the earliest time at which the timeout would trigger,
+and simply start the timer with this timeout value.
+.Sp
+In other words, each time the callback is invoked it will check whether
+the timeout occurred. If not, it will simply reschedule itself to check
+again at the earliest time it could time out. Rinse. Repeat.
+.Sp
+This scheme causes more callback invocations (about one every 60 seconds
+minus half the average time between activity), but virtually no calls to
+libev to change the timeout.
+.Sp
+To start the machinery, simply initialise the watcher and set
+\&\f(CW\*(C`last_activity\*(C'\fR to the current time (meaning there was some activity just
+now), then call the callback, which will \*(L"do the right thing\*(R" and start
+the timer:
+.Sp
+.Vb 3
+\&   last_activity = ev_now (EV_A);
+\&   ev_init (&timer, callback);
+\&   callback (EV_A_ &timer, 0);
+.Ve
+.Sp
+When there is some activity, simply store the current time in
+\&\f(CW\*(C`last_activity\*(C'\fR, no libev calls at all:
+.Sp
+.Vb 2
+\&   if (activity detected)
+\&     last_activity = ev_now (EV_A);
+.Ve
+.Sp
+When your timeout value changes, then the timeout can be changed by simply
+providing a new value, stopping the timer and calling the callback, which
+will again do the right thing (for example, time out immediately :).
+.Sp
+.Vb 3
+\&   timeout = new_value;
+\&   ev_timer_stop (EV_A_ &timer);
+\&   callback (EV_A_ &timer, 0);
+.Ve
+.Sp
+This technique is slightly more complex, but in most cases where the
+time-out is unlikely to be triggered, much more efficient.
+.IP "4. Wee, just use a double-linked list for your timeouts." 4
+.IX Item "4. Wee, just use a double-linked list for your timeouts."
+If there is not one request, but many thousands (millions...), all
+employing some kind of timeout with the same timeout value, then one can
+do even better:
+.Sp
+When starting the timeout, calculate the timeout value and put the timeout
+at the \fIend\fR of the list.
+.Sp
+Then use an \f(CW\*(C`ev_timer\*(C'\fR to fire when the timeout at the \fIbeginning\fR of
+the list is expected to fire (for example, using the technique #3).
+.Sp
+When there is some activity, remove the timer from the list, recalculate
+the timeout, append it to the end of the list again, and make sure to
+update the \f(CW\*(C`ev_timer\*(C'\fR if it was taken from the beginning of the list.
+.Sp
+This way, one can manage an unlimited number of timeouts in O(1) time for
+starting, stopping and updating the timers, at the expense of a major
+complication, and having to use a constant timeout. The constant timeout
+ensures that the list stays sorted.
+.PP
+So which method the best?
+.PP
+Method #2 is a simple no-brain-required solution that is adequate in most
+situations. Method #3 requires a bit more thinking, but handles many cases
+better, and isn't very complicated either. In most case, choosing either
+one is fine, with #3 being better in typical situations.
+.PP
+Method #1 is almost always a bad idea, and buys you nothing. Method #4 is
+rather complicated, but extremely efficient, something that really pays
+off after the first million or so of active timers, i.e. it's usually
+overkill :)
+.PP
+\fIThe special problem of being too early\fR
+.IX Subsection "The special problem of being too early"
+.PP
+If you ask a timer to call your callback after three seconds, then
+you expect it to be invoked after three seconds \- but of course, this
+cannot be guaranteed to infinite precision. Less obviously, it cannot be
+guaranteed to any precision by libev \- imagine somebody suspending the
+process with a \s-1STOP\s0 signal for a few hours for example.
+.PP
+So, libev tries to invoke your callback as soon as possible \fIafter\fR the
+delay has occurred, but cannot guarantee this.
+.PP
+A less obvious failure mode is calling your callback too early: many event
+loops compare timestamps with a \*(L"elapsed delay >= requested delay\*(R", but
+this can cause your callback to be invoked much earlier than you would
+expect.
+.PP
+To see why, imagine a system with a clock that only offers full second
+resolution (think windows if you can't come up with a broken enough \s-1OS\s0
+yourself). If you schedule a one-second timer at the time 500.9, then the
+event loop will schedule your timeout to elapse at a system time of 500
+(500.9 truncated to the resolution) + 1, or 501.
+.PP
+If an event library looks at the timeout 0.1s later, it will see \*(L"501 >=
+501\*(R" and invoke the callback 0.1s after it was started, even though a
+one-second delay was requested \- this is being \*(L"too early\*(R", despite best
+intentions.
+.PP
+This is the reason why libev will never invoke the callback if the elapsed
+delay equals the requested delay, but only when the elapsed delay is
+larger than the requested delay. In the example above, libev would only invoke
+the callback at system time 502, or 1.1s after the timer was started.
+.PP
+So, while libev cannot guarantee that your callback will be invoked
+exactly when requested, it \fIcan\fR and \fIdoes\fR guarantee that the requested
+delay has actually elapsed, or in other words, it always errs on the \*(L"too
+late\*(R" side of things.
+.PP
+\fIThe special problem of time updates\fR
+.IX Subsection "The special problem of time updates"
+.PP
+Establishing the current time is a costly operation (it usually takes
+at least one system call): \s-1EV\s0 therefore updates its idea of the current
+time only before and after \f(CW\*(C`ev_run\*(C'\fR collects new events, which causes a
+growing difference between \f(CW\*(C`ev_now ()\*(C'\fR and \f(CW\*(C`ev_time ()\*(C'\fR when handling
+lots of events in one iteration.
+.PP
+The relative timeouts are calculated relative to the \f(CW\*(C`ev_now ()\*(C'\fR
+time. This is usually the right thing as this timestamp refers to the time
+of the event triggering whatever timeout you are modifying/starting. If
+you suspect event processing to be delayed and you \fIneed\fR to base the
+timeout on the current time, use something like the following to adjust
+for it:
+.PP
+.Vb 1
+\&   ev_timer_set (&timer, after + (ev_time () \- ev_now ()), 0.);
+.Ve
+.PP
+If the event loop is suspended for a long time, you can also force an
+update of the time returned by \f(CW\*(C`ev_now ()\*(C'\fR by calling \f(CW\*(C`ev_now_update
+()\*(C'\fR, although that will push the event time of all outstanding events
+further into the future.
+.PP
+\fIThe special problem of unsynchronised clocks\fR
+.IX Subsection "The special problem of unsynchronised clocks"
+.PP
+Modern systems have a variety of clocks \- libev itself uses the normal
+\&\*(L"wall clock\*(R" clock and, if available, the monotonic clock (to avoid time
+jumps).
+.PP
+Neither of these clocks is synchronised with each other or any other clock
+on the system, so \f(CW\*(C`ev_time ()\*(C'\fR might return a considerably different time
+than \f(CW\*(C`gettimeofday ()\*(C'\fR or \f(CW\*(C`time ()\*(C'\fR. On a GNU/Linux system, for example,
+a call to \f(CW\*(C`gettimeofday\*(C'\fR might return a second count that is one higher
+than a directly following call to \f(CW\*(C`time\*(C'\fR.
+.PP
+The moral of this is to only compare libev-related timestamps with
+\&\f(CW\*(C`ev_time ()\*(C'\fR and \f(CW\*(C`ev_now ()\*(C'\fR, at least if you want better precision than
+a second or so.
+.PP
+One more problem arises due to this lack of synchronisation: if libev uses
+the system monotonic clock and you compare timestamps from \f(CW\*(C`ev_time\*(C'\fR
+or \f(CW\*(C`ev_now\*(C'\fR from when you started your timer and when your callback is
+invoked, you will find that sometimes the callback is a bit \*(L"early\*(R".
+.PP
+This is because \f(CW\*(C`ev_timer\*(C'\fRs work in real time, not wall clock time, so
+libev makes sure your callback is not invoked before the delay happened,
+\&\fImeasured according to the real time\fR, not the system clock.
+.PP
+If your timeouts are based on a physical timescale (e.g. \*(L"time out this
+connection after 100 seconds\*(R") then this shouldn't bother you as it is
+exactly the right behaviour.
+.PP
+If you want to compare wall clock/system timestamps to your timers, then
+you need to use \f(CW\*(C`ev_periodic\*(C'\fRs, as these are based on the wall clock
+time, where your comparisons will always generate correct results.
+.PP
+\fIThe special problems of suspended animation\fR
+.IX Subsection "The special problems of suspended animation"
+.PP
+When you leave the server world it is quite customary to hit machines that
+can suspend/hibernate \- what happens to the clocks during such a suspend?
+.PP
+Some quick tests made with a Linux 2.6.28 indicate that a suspend freezes
+all processes, while the clocks (\f(CW\*(C`times\*(C'\fR, \f(CW\*(C`CLOCK_MONOTONIC\*(C'\fR) continue
+to run until the system is suspended, but they will not advance while the
+system is suspended. That means, on resume, it will be as if the program
+was frozen for a few seconds, but the suspend time will not be counted
+towards \f(CW\*(C`ev_timer\*(C'\fR when a monotonic clock source is used. The real time
+clock advanced as expected, but if it is used as sole clocksource, then a
+long suspend would be detected as a time jump by libev, and timers would
+be adjusted accordingly.
+.PP
+I would not be surprised to see different behaviour in different between
+operating systems, \s-1OS\s0 versions or even different hardware.
+.PP
+The other form of suspend (job control, or sending a \s-1SIGSTOP\s0) will see a
+time jump in the monotonic clocks and the realtime clock. If the program
+is suspended for a very long time, and monotonic clock sources are in use,
+then you can expect \f(CW\*(C`ev_timer\*(C'\fRs to expire as the full suspension time
+will be counted towards the timers. When no monotonic clock source is in
+use, then libev will again assume a timejump and adjust accordingly.
+.PP
+It might be beneficial for this latter case to call \f(CW\*(C`ev_suspend\*(C'\fR
+and \f(CW\*(C`ev_resume\*(C'\fR in code that handles \f(CW\*(C`SIGTSTP\*(C'\fR, to at least get
+deterministic behaviour in this case (you can do nothing against
+\&\f(CW\*(C`SIGSTOP\*(C'\fR).
+.PP
+\fIWatcher-Specific Functions and Data Members\fR
+.IX Subsection "Watcher-Specific Functions and Data Members"
+.IP "ev_timer_init (ev_timer *, callback, ev_tstamp after, ev_tstamp repeat)" 4
+.IX Item "ev_timer_init (ev_timer *, callback, ev_tstamp after, ev_tstamp repeat)"
+.PD 0
+.IP "ev_timer_set (ev_timer *, ev_tstamp after, ev_tstamp repeat)" 4
+.IX Item "ev_timer_set (ev_timer *, ev_tstamp after, ev_tstamp repeat)"
+.PD
+Configure the timer to trigger after \f(CW\*(C`after\*(C'\fR seconds (fractional and
+negative values are supported). If \f(CW\*(C`repeat\*(C'\fR is \f(CW0.\fR, then it will
+automatically be stopped once the timeout is reached. If it is positive,
+then the timer will automatically be configured to trigger again \f(CW\*(C`repeat\*(C'\fR
+seconds later, again, and again, until stopped manually.
+.Sp
+The timer itself will do a best-effort at avoiding drift, that is, if
+you configure a timer to trigger every 10 seconds, then it will normally
+trigger at exactly 10 second intervals. If, however, your program cannot
+keep up with the timer (because it takes longer than those 10 seconds to
+do stuff) the timer will not fire more than once per event loop iteration.
+.IP "ev_timer_again (loop, ev_timer *)" 4
+.IX Item "ev_timer_again (loop, ev_timer *)"
+This will act as if the timer timed out, and restarts it again if it is
+repeating. It basically works like calling \f(CW\*(C`ev_timer_stop\*(C'\fR, updating the
+timeout to the \f(CW\*(C`repeat\*(C'\fR value and calling \f(CW\*(C`ev_timer_start\*(C'\fR.
+.Sp
+The exact semantics are as in the following rules, all of which will be
+applied to the watcher:
+.RS 4
+.IP "If the timer is pending, the pending status is always cleared." 4
+.IX Item "If the timer is pending, the pending status is always cleared."
+.PD 0
+.IP "If the timer is started but non-repeating, stop it (as if it timed out, without invoking it)." 4
+.IX Item "If the timer is started but non-repeating, stop it (as if it timed out, without invoking it)."
+.ie n .IP "If the timer is repeating, make the ""repeat"" value the new timeout and start the timer, if necessary." 4
+.el .IP "If the timer is repeating, make the \f(CWrepeat\fR value the new timeout and start the timer, if necessary." 4
+.IX Item "If the timer is repeating, make the repeat value the new timeout and start the timer, if necessary."
+.RE
+.RS 4
+.PD
+.Sp
+This sounds a bit complicated, see \*(L"Be smart about timeouts\*(R", above, for a
+usage example.
+.RE
+.IP "ev_tstamp ev_timer_remaining (loop, ev_timer *)" 4
+.IX Item "ev_tstamp ev_timer_remaining (loop, ev_timer *)"
+Returns the remaining time until a timer fires. If the timer is active,
+then this time is relative to the current event loop time, otherwise it's
+the timeout value currently configured.
+.Sp
+That is, after an \f(CW\*(C`ev_timer_set (w, 5, 7)\*(C'\fR, \f(CW\*(C`ev_timer_remaining\*(C'\fR returns
+\&\f(CW5\fR. When the timer is started and one second passes, \f(CW\*(C`ev_timer_remaining\*(C'\fR
+will return \f(CW4\fR. When the timer expires and is restarted, it will return
+roughly \f(CW7\fR (likely slightly less as callback invocation takes some time,
+too), and so on.
+.IP "ev_tstamp repeat [read\-write]" 4
+.IX Item "ev_tstamp repeat [read-write]"
+The current \f(CW\*(C`repeat\*(C'\fR value. Will be used each time the watcher times out
+or \f(CW\*(C`ev_timer_again\*(C'\fR is called, and determines the next timeout (if any),
+which is also when any modifications are taken into account.
+.PP
+\fIExamples\fR
+.IX Subsection "Examples"
+.PP
+Example: Create a timer that fires after 60 seconds.
+.PP
+.Vb 5
+\&   static void
+\&   one_minute_cb (struct ev_loop *loop, ev_timer *w, int revents)
+\&   {
+\&     .. one minute over, w is actually stopped right here
+\&   }
+\&
+\&   ev_timer mytimer;
+\&   ev_timer_init (&mytimer, one_minute_cb, 60., 0.);
+\&   ev_timer_start (loop, &mytimer);
+.Ve
+.PP
+Example: Create a timeout timer that times out after 10 seconds of
+inactivity.
+.PP
+.Vb 5
+\&   static void
+\&   timeout_cb (struct ev_loop *loop, ev_timer *w, int revents)
+\&   {
+\&     .. ten seconds without any activity
+\&   }
+\&
+\&   ev_timer mytimer;
+\&   ev_timer_init (&mytimer, timeout_cb, 0., 10.); /* note, only repeat used */
+\&   ev_timer_again (&mytimer); /* start timer */
+\&   ev_run (loop, 0);
+\&
+\&   // and in some piece of code that gets executed on any "activity":
+\&   // reset the timeout to start ticking again at 10 seconds
+\&   ev_timer_again (&mytimer);
+.Ve
+.ie n .SS """ev_periodic"" \- to cron or not to cron?"
+.el .SS "\f(CWev_periodic\fP \- to cron or not to cron?"
+.IX Subsection "ev_periodic - to cron or not to cron?"
+Periodic watchers are also timers of a kind, but they are very versatile
+(and unfortunately a bit complex).
+.PP
+Unlike \f(CW\*(C`ev_timer\*(C'\fR, periodic watchers are not based on real time (or
+relative time, the physical time that passes) but on wall clock time
+(absolute time, the thing you can read on your calendar or clock). The
+difference is that wall clock time can run faster or slower than real
+time, and time jumps are not uncommon (e.g. when you adjust your
+wrist-watch).
+.PP
+You can tell a periodic watcher to trigger after some specific point
+in time: for example, if you tell a periodic watcher to trigger \*(L"in 10
+seconds\*(R" (by specifying e.g. \f(CW\*(C`ev_now () + 10.\*(C'\fR, that is, an absolute time
+not a delay) and then reset your system clock to January of the previous
+year, then it will take a year or more to trigger the event (unlike an
+\&\f(CW\*(C`ev_timer\*(C'\fR, which would still trigger roughly 10 seconds after starting
+it, as it uses a relative timeout).
+.PP
+\&\f(CW\*(C`ev_periodic\*(C'\fR watchers can also be used to implement vastly more complex
+timers, such as triggering an event on each \*(L"midnight, local time\*(R", or
+other complicated rules. This cannot easily be done with \f(CW\*(C`ev_timer\*(C'\fR
+watchers, as those cannot react to time jumps.
+.PP
+As with timers, the callback is guaranteed to be invoked only when the
+point in time where it is supposed to trigger has passed. If multiple
+timers become ready during the same loop iteration then the ones with
+earlier time-out values are invoked before ones with later time-out values
+(but this is no longer true when a callback calls \f(CW\*(C`ev_run\*(C'\fR recursively).
+.PP
+\fIWatcher-Specific Functions and Data Members\fR
+.IX Subsection "Watcher-Specific Functions and Data Members"
+.IP "ev_periodic_init (ev_periodic *, callback, ev_tstamp offset, ev_tstamp interval, reschedule_cb)" 4
+.IX Item "ev_periodic_init (ev_periodic *, callback, ev_tstamp offset, ev_tstamp interval, reschedule_cb)"
+.PD 0
+.IP "ev_periodic_set (ev_periodic *, ev_tstamp offset, ev_tstamp interval, reschedule_cb)" 4
+.IX Item "ev_periodic_set (ev_periodic *, ev_tstamp offset, ev_tstamp interval, reschedule_cb)"
+.PD
+Lots of arguments, let's sort it out... There are basically three modes of
+operation, and we will explain them from simplest to most complex:
+.RS 4
+.IP "\(bu" 4
+absolute timer (offset = absolute time, interval = 0, reschedule_cb = 0)
+.Sp
+In this configuration the watcher triggers an event after the wall clock
+time \f(CW\*(C`offset\*(C'\fR has passed. It will not repeat and will not adjust when a
+time jump occurs, that is, if it is to be run at January 1st 2011 then it
+will be stopped and invoked when the system clock reaches or surpasses
+this point in time.
+.IP "\(bu" 4
+repeating interval timer (offset = offset within interval, interval > 0, reschedule_cb = 0)
+.Sp
+In this mode the watcher will always be scheduled to time out at the next
+\&\f(CW\*(C`offset + N * interval\*(C'\fR time (for some integer N, which can also be
+negative) and then repeat, regardless of any time jumps. The \f(CW\*(C`offset\*(C'\fR
+argument is merely an offset into the \f(CW\*(C`interval\*(C'\fR periods.
+.Sp
+This can be used to create timers that do not drift with respect to the
+system clock, for example, here is an \f(CW\*(C`ev_periodic\*(C'\fR that triggers each
+hour, on the hour (with respect to \s-1UTC\s0):
+.Sp
+.Vb 1
+\&   ev_periodic_set (&periodic, 0., 3600., 0);
+.Ve
+.Sp
+This doesn't mean there will always be 3600 seconds in between triggers,
+but only that the callback will be called when the system time shows a
+full hour (\s-1UTC\s0), or more correctly, when the system time is evenly divisible
+by 3600.
+.Sp
+Another way to think about it (for the mathematically inclined) is that
+\&\f(CW\*(C`ev_periodic\*(C'\fR will try to run the callback in this mode at the next possible
+time where \f(CW\*(C`time = offset (mod interval)\*(C'\fR, regardless of any time jumps.
+.Sp
+The \f(CW\*(C`interval\*(C'\fR \fI\s-1MUST\s0\fR be positive, and for numerical stability, the
+interval value should be higher than \f(CW\*(C`1/8192\*(C'\fR (which is around 100
+microseconds) and \f(CW\*(C`offset\*(C'\fR should be higher than \f(CW0\fR and should have
+at most a similar magnitude as the current time (say, within a factor of
+ten). Typical values for offset are, in fact, \f(CW0\fR or something between
+\&\f(CW0\fR and \f(CW\*(C`interval\*(C'\fR, which is also the recommended range.
+.Sp
+Note also that there is an upper limit to how often a timer can fire (\s-1CPU\s0
+speed for example), so if \f(CW\*(C`interval\*(C'\fR is very small then timing stability
+will of course deteriorate. Libev itself tries to be exact to be about one
+millisecond (if the \s-1OS\s0 supports it and the machine is fast enough).
+.IP "\(bu" 4
+manual reschedule mode (offset ignored, interval ignored, reschedule_cb = callback)
+.Sp
+In this mode the values for \f(CW\*(C`interval\*(C'\fR and \f(CW\*(C`offset\*(C'\fR are both being
+ignored. Instead, each time the periodic watcher gets scheduled, the
+reschedule callback will be called with the watcher as first, and the
+current time as second argument.
+.Sp
+\&\s-1NOTE:\s0 \fIThis callback \s-1MUST NOT\s0 stop or destroy any periodic watcher, ever,
+or make \s-1ANY\s0 other event loop modifications whatsoever, unless explicitly
+allowed by documentation here\fR.
+.Sp
+If you need to stop it, return \f(CW\*(C`now + 1e30\*(C'\fR (or so, fudge fudge) and stop
+it afterwards (e.g. by starting an \f(CW\*(C`ev_prepare\*(C'\fR watcher, which is the
+only event loop modification you are allowed to do).
+.Sp
+The callback prototype is \f(CW\*(C`ev_tstamp (*reschedule_cb)(ev_periodic
+*w, ev_tstamp now)\*(C'\fR, e.g.:
+.Sp
+.Vb 5
+\&   static ev_tstamp
+\&   my_rescheduler (ev_periodic *w, ev_tstamp now)
+\&   {
+\&     return now + 60.;
+\&   }
+.Ve
+.Sp
+It must return the next time to trigger, based on the passed time value
+(that is, the lowest time value larger than to the second argument). It
+will usually be called just before the callback will be triggered, but
+might be called at other times, too.
+.Sp
+\&\s-1NOTE:\s0 \fIThis callback must always return a time that is higher than or
+equal to the passed \f(CI\*(C`now\*(C'\fI value\fR.
+.Sp
+This can be used to create very complex timers, such as a timer that
+triggers on \*(L"next midnight, local time\*(R". To do this, you would calculate
+the next midnight after \f(CW\*(C`now\*(C'\fR and return the timestamp value for
+this. Here is a (completely untested, no error checking) example on how to
+do this:
+.Sp
+.Vb 1
+\&   #include <time.h>
+\&
+\&   static ev_tstamp
+\&   my_rescheduler (ev_periodic *w, ev_tstamp now)
+\&   {
+\&     time_t tnow = (time_t)now;
+\&     struct tm tm;
+\&     localtime_r (&tnow, &tm);
+\&
+\&     tm.tm_sec = tm.tm_min = tm.tm_hour = 0; // midnight current day
+\&     ++tm.tm_mday; // midnight next day
+\&
+\&     return mktime (&tm);
+\&   }
+.Ve
+.Sp
+Note: this code might run into trouble on days that have more then two
+midnights (beginning and end).
+.RE
+.RS 4
+.RE
+.IP "ev_periodic_again (loop, ev_periodic *)" 4
+.IX Item "ev_periodic_again (loop, ev_periodic *)"
+Simply stops and restarts the periodic watcher again. This is only useful
+when you changed some parameters or the reschedule callback would return
+a different time than the last time it was called (e.g. in a crond like
+program when the crontabs have changed).
+.IP "ev_tstamp ev_periodic_at (ev_periodic *)" 4
+.IX Item "ev_tstamp ev_periodic_at (ev_periodic *)"
+When active, returns the absolute time that the watcher is supposed
+to trigger next. This is not the same as the \f(CW\*(C`offset\*(C'\fR argument to
+\&\f(CW\*(C`ev_periodic_set\*(C'\fR, but indeed works even in interval and manual
+rescheduling modes.
+.IP "ev_tstamp offset [read\-write]" 4
+.IX Item "ev_tstamp offset [read-write]"
+When repeating, this contains the offset value, otherwise this is the
+absolute point in time (the \f(CW\*(C`offset\*(C'\fR value passed to \f(CW\*(C`ev_periodic_set\*(C'\fR,
+although libev might modify this value for better numerical stability).
+.Sp
+Can be modified any time, but changes only take effect when the periodic
+timer fires or \f(CW\*(C`ev_periodic_again\*(C'\fR is being called.
+.IP "ev_tstamp interval [read\-write]" 4
+.IX Item "ev_tstamp interval [read-write]"
+The current interval value. Can be modified any time, but changes only
+take effect when the periodic timer fires or \f(CW\*(C`ev_periodic_again\*(C'\fR is being
+called.
+.IP "ev_tstamp (*reschedule_cb)(ev_periodic *w, ev_tstamp now) [read\-write]" 4
+.IX Item "ev_tstamp (*reschedule_cb)(ev_periodic *w, ev_tstamp now) [read-write]"
+The current reschedule callback, or \f(CW0\fR, if this functionality is
+switched off. Can be changed any time, but changes only take effect when
+the periodic timer fires or \f(CW\*(C`ev_periodic_again\*(C'\fR is being called.
+.PP
+\fIExamples\fR
+.IX Subsection "Examples"
+.PP
+Example: Call a callback every hour, or, more precisely, whenever the
+system time is divisible by 3600. The callback invocation times have
+potentially a lot of jitter, but good long-term stability.
+.PP
+.Vb 5
+\&   static void
+\&   clock_cb (struct ev_loop *loop, ev_periodic *w, int revents)
+\&   {
+\&     ... its now a full hour (UTC, or TAI or whatever your clock follows)
+\&   }
+\&
+\&   ev_periodic hourly_tick;
+\&   ev_periodic_init (&hourly_tick, clock_cb, 0., 3600., 0);
+\&   ev_periodic_start (loop, &hourly_tick);
+.Ve
+.PP
+Example: The same as above, but use a reschedule callback to do it:
+.PP
+.Vb 1
+\&   #include <math.h>
+\&
+\&   static ev_tstamp
+\&   my_scheduler_cb (ev_periodic *w, ev_tstamp now)
+\&   {
+\&     return now + (3600. \- fmod (now, 3600.));
+\&   }
+\&
+\&   ev_periodic_init (&hourly_tick, clock_cb, 0., 0., my_scheduler_cb);
+.Ve
+.PP
+Example: Call a callback every hour, starting now:
+.PP
+.Vb 4
+\&   ev_periodic hourly_tick;
+\&   ev_periodic_init (&hourly_tick, clock_cb,
+\&                     fmod (ev_now (loop), 3600.), 3600., 0);
+\&   ev_periodic_start (loop, &hourly_tick);
+.Ve
+.ie n .SS """ev_signal"" \- signal me when a signal gets signalled!"
+.el .SS "\f(CWev_signal\fP \- signal me when a signal gets signalled!"
+.IX Subsection "ev_signal - signal me when a signal gets signalled!"
+Signal watchers will trigger an event when the process receives a specific
+signal one or more times. Even though signals are very asynchronous, libev
+will try its best to deliver signals synchronously, i.e. as part of the
+normal event processing, like any other event.
+.PP
+If you want signals to be delivered truly asynchronously, just use
+\&\f(CW\*(C`sigaction\*(C'\fR as you would do without libev and forget about sharing
+the signal. You can even use \f(CW\*(C`ev_async\*(C'\fR from a signal handler to
+synchronously wake up an event loop.
+.PP
+You can configure as many watchers as you like for the same signal, but
+only within the same loop, i.e. you can watch for \f(CW\*(C`SIGINT\*(C'\fR in your
+default loop and for \f(CW\*(C`SIGIO\*(C'\fR in another loop, but you cannot watch for
+\&\f(CW\*(C`SIGINT\*(C'\fR in both the default loop and another loop at the same time. At
+the moment, \f(CW\*(C`SIGCHLD\*(C'\fR is permanently tied to the default loop.
+.PP
+Only after the first watcher for a signal is started will libev actually
+register something with the kernel. It thus coexists with your own signal
+handlers as long as you don't register any with libev for the same signal.
+.PP
+If possible and supported, libev will install its handlers with
+\&\f(CW\*(C`SA_RESTART\*(C'\fR (or equivalent) behaviour enabled, so system calls should
+not be unduly interrupted. If you have a problem with system calls getting
+interrupted by signals you can block all signals in an \f(CW\*(C`ev_check\*(C'\fR watcher
+and unblock them in an \f(CW\*(C`ev_prepare\*(C'\fR watcher.
+.PP
+\fIThe special problem of inheritance over fork/execve/pthread_create\fR
+.IX Subsection "The special problem of inheritance over fork/execve/pthread_create"
+.PP
+Both the signal mask (\f(CW\*(C`sigprocmask\*(C'\fR) and the signal disposition
+(\f(CW\*(C`sigaction\*(C'\fR) are unspecified after starting a signal watcher (and after
+stopping it again), that is, libev might or might not block the signal,
+and might or might not set or restore the installed signal handler (but
+see \f(CW\*(C`EVFLAG_NOSIGMASK\*(C'\fR).
+.PP
+While this does not matter for the signal disposition (libev never
+sets signals to \f(CW\*(C`SIG_IGN\*(C'\fR, so handlers will be reset to \f(CW\*(C`SIG_DFL\*(C'\fR on
+\&\f(CW\*(C`execve\*(C'\fR), this matters for the signal mask: many programs do not expect
+certain signals to be blocked.
+.PP
+This means that before calling \f(CW\*(C`exec\*(C'\fR (from the child) you should reset
+the signal mask to whatever \*(L"default\*(R" you expect (all clear is a good
+choice usually).
+.PP
+The simplest way to ensure that the signal mask is reset in the child is
+to install a fork handler with \f(CW\*(C`pthread_atfork\*(C'\fR that resets it. That will
+catch fork calls done by libraries (such as the libc) as well.
+.PP
+In current versions of libev, the signal will not be blocked indefinitely
+unless you use the \f(CW\*(C`signalfd\*(C'\fR \s-1API\s0 (\f(CW\*(C`EV_SIGNALFD\*(C'\fR). While this reduces
+the window of opportunity for problems, it will not go away, as libev
+\&\fIhas\fR to modify the signal mask, at least temporarily.
+.PP
+So I can't stress this enough: \fIIf you do not reset your signal mask when
+you expect it to be empty, you have a race condition in your code\fR. This
+is not a libev-specific thing, this is true for most event libraries.
+.PP
+\fIThe special problem of threads signal handling\fR
+.IX Subsection "The special problem of threads signal handling"
+.PP
+\&\s-1POSIX\s0 threads has problematic signal handling semantics, specifically,
+a lot of functionality (sigfd, sigwait etc.) only really works if all
+threads in a process block signals, which is hard to achieve.
+.PP
+When you want to use sigwait (or mix libev signal handling with your own
+for the same signals), you can tackle this problem by globally blocking
+all signals before creating any threads (or creating them with a fully set
+sigprocmask) and also specifying the \f(CW\*(C`EVFLAG_NOSIGMASK\*(C'\fR when creating
+loops. Then designate one thread as \*(L"signal receiver thread\*(R" which handles
+these signals. You can pass on any signals that libev might be interested
+in by calling \f(CW\*(C`ev_feed_signal\*(C'\fR.
+.PP
+\fIWatcher-Specific Functions and Data Members\fR
+.IX Subsection "Watcher-Specific Functions and Data Members"
+.IP "ev_signal_init (ev_signal *, callback, int signum)" 4
+.IX Item "ev_signal_init (ev_signal *, callback, int signum)"
+.PD 0
+.IP "ev_signal_set (ev_signal *, int signum)" 4
+.IX Item "ev_signal_set (ev_signal *, int signum)"
+.PD
+Configures the watcher to trigger on the given signal number (usually one
+of the \f(CW\*(C`SIGxxx\*(C'\fR constants).
+.IP "int signum [read\-only]" 4
+.IX Item "int signum [read-only]"
+The signal the watcher watches out for.
+.PP
+\fIExamples\fR
+.IX Subsection "Examples"
+.PP
+Example: Try to exit cleanly on \s-1SIGINT.\s0
+.PP
+.Vb 5
+\&   static void
+\&   sigint_cb (struct ev_loop *loop, ev_signal *w, int revents)
+\&   {
+\&     ev_break (loop, EVBREAK_ALL);
+\&   }
+\&
+\&   ev_signal signal_watcher;
+\&   ev_signal_init (&signal_watcher, sigint_cb, SIGINT);
+\&   ev_signal_start (loop, &signal_watcher);
+.Ve
+.ie n .SS """ev_child"" \- watch out for process status changes"
+.el .SS "\f(CWev_child\fP \- watch out for process status changes"
+.IX Subsection "ev_child - watch out for process status changes"
+Child watchers trigger when your process receives a \s-1SIGCHLD\s0 in response to
+some child status changes (most typically when a child of yours dies or
+exits). It is permissible to install a child watcher \fIafter\fR the child
+has been forked (which implies it might have already exited), as long
+as the event loop isn't entered (or is continued from a watcher), i.e.,
+forking and then immediately registering a watcher for the child is fine,
+but forking and registering a watcher a few event loop iterations later or
+in the next callback invocation is not.
+.PP
+Only the default event loop is capable of handling signals, and therefore
+you can only register child watchers in the default event loop.
+.PP
+Due to some design glitches inside libev, child watchers will always be
+handled at maximum priority (their priority is set to \f(CW\*(C`EV_MAXPRI\*(C'\fR by
+libev)
+.PP
+\fIProcess Interaction\fR
+.IX Subsection "Process Interaction"
+.PP
+Libev grabs \f(CW\*(C`SIGCHLD\*(C'\fR as soon as the default event loop is
+initialised. This is necessary to guarantee proper behaviour even if the
+first child watcher is started after the child exits. The occurrence
+of \f(CW\*(C`SIGCHLD\*(C'\fR is recorded asynchronously, but child reaping is done
+synchronously as part of the event loop processing. Libev always reaps all
+children, even ones not watched.
+.PP
+\fIOverriding the Built-In Processing\fR
+.IX Subsection "Overriding the Built-In Processing"
+.PP
+Libev offers no special support for overriding the built-in child
+processing, but if your application collides with libev's default child
+handler, you can override it easily by installing your own handler for
+\&\f(CW\*(C`SIGCHLD\*(C'\fR after initialising the default loop, and making sure the
+default loop never gets destroyed. You are encouraged, however, to use an
+event-based approach to child reaping and thus use libev's support for
+that, so other libev users can use \f(CW\*(C`ev_child\*(C'\fR watchers freely.
+.PP
+\fIStopping the Child Watcher\fR
+.IX Subsection "Stopping the Child Watcher"
+.PP
+Currently, the child watcher never gets stopped, even when the
+child terminates, so normally one needs to stop the watcher in the
+callback. Future versions of libev might stop the watcher automatically
+when a child exit is detected (calling \f(CW\*(C`ev_child_stop\*(C'\fR twice is not a
+problem).
+.PP
+\fIWatcher-Specific Functions and Data Members\fR
+.IX Subsection "Watcher-Specific Functions and Data Members"
+.IP "ev_child_init (ev_child *, callback, int pid, int trace)" 4
+.IX Item "ev_child_init (ev_child *, callback, int pid, int trace)"
+.PD 0
+.IP "ev_child_set (ev_child *, int pid, int trace)" 4
+.IX Item "ev_child_set (ev_child *, int pid, int trace)"
+.PD
+Configures the watcher to wait for status changes of process \f(CW\*(C`pid\*(C'\fR (or
+\&\fIany\fR process if \f(CW\*(C`pid\*(C'\fR is specified as \f(CW0\fR). The callback can look
+at the \f(CW\*(C`rstatus\*(C'\fR member of the \f(CW\*(C`ev_child\*(C'\fR watcher structure to see
+the status word (use the macros from \f(CW\*(C`sys/wait.h\*(C'\fR and see your systems
+\&\f(CW\*(C`waitpid\*(C'\fR documentation). The \f(CW\*(C`rpid\*(C'\fR member contains the pid of the
+process causing the status change. \f(CW\*(C`trace\*(C'\fR must be either \f(CW0\fR (only
+activate the watcher when the process terminates) or \f(CW1\fR (additionally
+activate the watcher when the process is stopped or continued).
+.IP "int pid [read\-only]" 4
+.IX Item "int pid [read-only]"
+The process id this watcher watches out for, or \f(CW0\fR, meaning any process id.
+.IP "int rpid [read\-write]" 4
+.IX Item "int rpid [read-write]"
+The process id that detected a status change.
+.IP "int rstatus [read\-write]" 4
+.IX Item "int rstatus [read-write]"
+The process exit/trace status caused by \f(CW\*(C`rpid\*(C'\fR (see your systems
+\&\f(CW\*(C`waitpid\*(C'\fR and \f(CW\*(C`sys/wait.h\*(C'\fR documentation for details).
+.PP
+\fIExamples\fR
+.IX Subsection "Examples"
+.PP
+Example: \f(CW\*(C`fork()\*(C'\fR a new process and install a child handler to wait for
+its completion.
+.PP
+.Vb 1
+\&   ev_child cw;
+\&
+\&   static void
+\&   child_cb (EV_P_ ev_child *w, int revents)
+\&   {
+\&     ev_child_stop (EV_A_ w);
+\&     printf ("process %d exited with status %x\en", w\->rpid, w\->rstatus);
+\&   }
+\&
+\&   pid_t pid = fork ();
+\&
+\&   if (pid < 0)
+\&     // error
+\&   else if (pid == 0)
+\&     {
+\&       // the forked child executes here
+\&       exit (1);
+\&     }
+\&   else
+\&     {
+\&       ev_child_init (&cw, child_cb, pid, 0);
+\&       ev_child_start (EV_DEFAULT_ &cw);
+\&     }
+.Ve
+.ie n .SS """ev_stat"" \- did the file attributes just change?"
+.el .SS "\f(CWev_stat\fP \- did the file attributes just change?"
+.IX Subsection "ev_stat - did the file attributes just change?"
+This watches a file system path for attribute changes. That is, it calls
+\&\f(CW\*(C`stat\*(C'\fR on that path in regular intervals (or when the \s-1OS\s0 says it changed)
+and sees if it changed compared to the last time, invoking the callback
+if it did. Starting the watcher \f(CW\*(C`stat\*(C'\fR's the file, so only changes that
+happen after the watcher has been started will be reported.
+.PP
+The path does not need to exist: changing from \*(L"path exists\*(R" to \*(L"path does
+not exist\*(R" is a status change like any other. The condition \*(L"path does not
+exist\*(R" (or more correctly \*(L"path cannot be stat'ed\*(R") is signified by the
+\&\f(CW\*(C`st_nlink\*(C'\fR field being zero (which is otherwise always forced to be at
+least one) and all the other fields of the stat buffer having unspecified
+contents.
+.PP
+The path \fImust not\fR end in a slash or contain special components such as
+\&\f(CW\*(C`.\*(C'\fR or \f(CW\*(C`..\*(C'\fR. The path \fIshould\fR be absolute: If it is relative and
+your working directory changes, then the behaviour is undefined.
+.PP
+Since there is no portable change notification interface available, the
+portable implementation simply calls \f(CWstat(2)\fR regularly on the path
+to see if it changed somehow. You can specify a recommended polling
+interval for this case. If you specify a polling interval of \f(CW0\fR (highly
+recommended!) then a \fIsuitable, unspecified default\fR value will be used
+(which you can expect to be around five seconds, although this might
+change dynamically). Libev will also impose a minimum interval which is
+currently around \f(CW0.1\fR, but that's usually overkill.
+.PP
+This watcher type is not meant for massive numbers of stat watchers,
+as even with OS-supported change notifications, this can be
+resource-intensive.
+.PP
+At the time of this writing, the only OS-specific interface implemented
+is the Linux inotify interface (implementing kqueue support is left as an
+exercise for the reader. Note, however, that the author sees no way of
+implementing \f(CW\*(C`ev_stat\*(C'\fR semantics with kqueue, except as a hint).
+.PP
+\fI\s-1ABI\s0 Issues (Largefile Support)\fR
+.IX Subsection "ABI Issues (Largefile Support)"
+.PP
+Libev by default (unless the user overrides this) uses the default
+compilation environment, which means that on systems with large file
+support disabled by default, you get the 32 bit version of the stat
+structure. When using the library from programs that change the \s-1ABI\s0 to
+use 64 bit file offsets the programs will fail. In that case you have to
+compile libev with the same flags to get binary compatibility. This is
+obviously the case with any flags that change the \s-1ABI,\s0 but the problem is
+most noticeably displayed with ev_stat and large file support.
+.PP
+The solution for this is to lobby your distribution maker to make large
+file interfaces available by default (as e.g. FreeBSD does) and not
+optional. Libev cannot simply switch on large file support because it has
+to exchange stat structures with application programs compiled using the
+default compilation environment.
+.PP
+\fIInotify and Kqueue\fR
+.IX Subsection "Inotify and Kqueue"
+.PP
+When \f(CW\*(C`inotify (7)\*(C'\fR support has been compiled into libev and present at
+runtime, it will be used to speed up change detection where possible. The
+inotify descriptor will be created lazily when the first \f(CW\*(C`ev_stat\*(C'\fR
+watcher is being started.
+.PP
+Inotify presence does not change the semantics of \f(CW\*(C`ev_stat\*(C'\fR watchers
+except that changes might be detected earlier, and in some cases, to avoid
+making regular \f(CW\*(C`stat\*(C'\fR calls. Even in the presence of inotify support
+there are many cases where libev has to resort to regular \f(CW\*(C`stat\*(C'\fR polling,
+but as long as kernel 2.6.25 or newer is used (2.6.24 and older have too
+many bugs), the path exists (i.e. stat succeeds), and the path resides on
+a local filesystem (libev currently assumes only ext2/3, jfs, reiserfs and
+xfs are fully working) libev usually gets away without polling.
+.PP
+There is no support for kqueue, as apparently it cannot be used to
+implement this functionality, due to the requirement of having a file
+descriptor open on the object at all times, and detecting renames, unlinks
+etc. is difficult.
+.PP
+\fI\f(CI\*(C`stat ()\*(C'\fI is a synchronous operation\fR
+.IX Subsection "stat () is a synchronous operation"
+.PP
+Libev doesn't normally do any kind of I/O itself, and so is not blocking
+the process. The exception are \f(CW\*(C`ev_stat\*(C'\fR watchers \- those call \f(CW\*(C`stat
+()\*(C'\fR, which is a synchronous operation.
+.PP
+For local paths, this usually doesn't matter: unless the system is very
+busy or the intervals between stat's are large, a stat call will be fast,
+as the path data is usually in memory already (except when starting the
+watcher).
+.PP
+For networked file systems, calling \f(CW\*(C`stat ()\*(C'\fR can block an indefinite
+time due to network issues, and even under good conditions, a stat call
+often takes multiple milliseconds.
+.PP
+Therefore, it is best to avoid using \f(CW\*(C`ev_stat\*(C'\fR watchers on networked
+paths, although this is fully supported by libev.
+.PP
+\fIThe special problem of stat time resolution\fR
+.IX Subsection "The special problem of stat time resolution"
+.PP
+The \f(CW\*(C`stat ()\*(C'\fR system call only supports full-second resolution portably,
+and even on systems where the resolution is higher, most file systems
+still only support whole seconds.
+.PP
+That means that, if the time is the only thing that changes, you can
+easily miss updates: on the first update, \f(CW\*(C`ev_stat\*(C'\fR detects a change and
+calls your callback, which does something. When there is another update
+within the same second, \f(CW\*(C`ev_stat\*(C'\fR will be unable to detect unless the
+stat data does change in other ways (e.g. file size).
+.PP
+The solution to this is to delay acting on a change for slightly more
+than a second (or till slightly after the next full second boundary), using
+a roughly one-second-delay \f(CW\*(C`ev_timer\*(C'\fR (e.g. \f(CW\*(C`ev_timer_set (w, 0., 1.02);
+ev_timer_again (loop, w)\*(C'\fR).
+.PP
+The \f(CW.02\fR offset is added to work around small timing inconsistencies
+of some operating systems (where the second counter of the current time
+might be be delayed. One such system is the Linux kernel, where a call to
+\&\f(CW\*(C`gettimeofday\*(C'\fR might return a timestamp with a full second later than
+a subsequent \f(CW\*(C`time\*(C'\fR call \- if the equivalent of \f(CW\*(C`time ()\*(C'\fR is used to
+update file times then there will be a small window where the kernel uses
+the previous second to update file times but libev might already execute
+the timer callback).
+.PP
+\fIWatcher-Specific Functions and Data Members\fR
+.IX Subsection "Watcher-Specific Functions and Data Members"
+.IP "ev_stat_init (ev_stat *, callback, const char *path, ev_tstamp interval)" 4
+.IX Item "ev_stat_init (ev_stat *, callback, const char *path, ev_tstamp interval)"
+.PD 0
+.IP "ev_stat_set (ev_stat *, const char *path, ev_tstamp interval)" 4
+.IX Item "ev_stat_set (ev_stat *, const char *path, ev_tstamp interval)"
+.PD
+Configures the watcher to wait for status changes of the given
+\&\f(CW\*(C`path\*(C'\fR. The \f(CW\*(C`interval\*(C'\fR is a hint on how quickly a change is expected to
+be detected and should normally be specified as \f(CW0\fR to let libev choose
+a suitable value. The memory pointed to by \f(CW\*(C`path\*(C'\fR must point to the same
+path for as long as the watcher is active.
+.Sp
+The callback will receive an \f(CW\*(C`EV_STAT\*(C'\fR event when a change was detected,
+relative to the attributes at the time the watcher was started (or the
+last change was detected).
+.IP "ev_stat_stat (loop, ev_stat *)" 4
+.IX Item "ev_stat_stat (loop, ev_stat *)"
+Updates the stat buffer immediately with new values. If you change the
+watched path in your callback, you could call this function to avoid
+detecting this change (while introducing a race condition if you are not
+the only one changing the path). Can also be useful simply to find out the
+new values.
+.IP "ev_statdata attr [read\-only]" 4
+.IX Item "ev_statdata attr [read-only]"
+The most-recently detected attributes of the file. Although the type is
+\&\f(CW\*(C`ev_statdata\*(C'\fR, this is usually the (or one of the) \f(CW\*(C`struct stat\*(C'\fR types
+suitable for your system, but you can only rely on the POSIX-standardised
+members to be present. If the \f(CW\*(C`st_nlink\*(C'\fR member is \f(CW0\fR, then there was
+some error while \f(CW\*(C`stat\*(C'\fRing the file.
+.IP "ev_statdata prev [read\-only]" 4
+.IX Item "ev_statdata prev [read-only]"
+The previous attributes of the file. The callback gets invoked whenever
+\&\f(CW\*(C`prev\*(C'\fR != \f(CW\*(C`attr\*(C'\fR, or, more precisely, one or more of these members
+differ: \f(CW\*(C`st_dev\*(C'\fR, \f(CW\*(C`st_ino\*(C'\fR, \f(CW\*(C`st_mode\*(C'\fR, \f(CW\*(C`st_nlink\*(C'\fR, \f(CW\*(C`st_uid\*(C'\fR,
+\&\f(CW\*(C`st_gid\*(C'\fR, \f(CW\*(C`st_rdev\*(C'\fR, \f(CW\*(C`st_size\*(C'\fR, \f(CW\*(C`st_atime\*(C'\fR, \f(CW\*(C`st_mtime\*(C'\fR, \f(CW\*(C`st_ctime\*(C'\fR.
+.IP "ev_tstamp interval [read\-only]" 4
+.IX Item "ev_tstamp interval [read-only]"
+The specified interval.
+.IP "const char *path [read\-only]" 4
+.IX Item "const char *path [read-only]"
+The file system path that is being watched.
+.PP
+\fIExamples\fR
+.IX Subsection "Examples"
+.PP
+Example: Watch \f(CW\*(C`/etc/passwd\*(C'\fR for attribute changes.
+.PP
+.Vb 10
+\&   static void
+\&   passwd_cb (struct ev_loop *loop, ev_stat *w, int revents)
+\&   {
+\&     /* /etc/passwd changed in some way */
+\&     if (w\->attr.st_nlink)
+\&       {
+\&         printf ("passwd current size  %ld\en", (long)w\->attr.st_size);
+\&         printf ("passwd current atime %ld\en", (long)w\->attr.st_mtime);
+\&         printf ("passwd current mtime %ld\en", (long)w\->attr.st_mtime);
+\&       }
+\&     else
+\&       /* you shalt not abuse printf for puts */
+\&       puts ("wow, /etc/passwd is not there, expect problems. "
+\&             "if this is windows, they already arrived\en");
+\&   }
+\&
+\&   ...
+\&   ev_stat passwd;
+\&
+\&   ev_stat_init (&passwd, passwd_cb, "/etc/passwd", 0.);
+\&   ev_stat_start (loop, &passwd);
+.Ve
+.PP
+Example: Like above, but additionally use a one-second delay so we do not
+miss updates (however, frequent updates will delay processing, too, so
+one might do the work both on \f(CW\*(C`ev_stat\*(C'\fR callback invocation \fIand\fR on
+\&\f(CW\*(C`ev_timer\*(C'\fR callback invocation).
+.PP
+.Vb 2
+\&   static ev_stat passwd;
+\&   static ev_timer timer;
+\&
+\&   static void
+\&   timer_cb (EV_P_ ev_timer *w, int revents)
+\&   {
+\&     ev_timer_stop (EV_A_ w);
+\&
+\&     /* now it\*(Aqs one second after the most recent passwd change */
+\&   }
+\&
+\&   static void
+\&   stat_cb (EV_P_ ev_stat *w, int revents)
+\&   {
+\&     /* reset the one\-second timer */
+\&     ev_timer_again (EV_A_ &timer);
+\&   }
+\&
+\&   ...
+\&   ev_stat_init (&passwd, stat_cb, "/etc/passwd", 0.);
+\&   ev_stat_start (loop, &passwd);
+\&   ev_timer_init (&timer, timer_cb, 0., 1.02);
+.Ve
+.ie n .SS """ev_idle"" \- when you've got nothing better to do..."
+.el .SS "\f(CWev_idle\fP \- when you've got nothing better to do..."
+.IX Subsection "ev_idle - when you've got nothing better to do..."
+Idle watchers trigger events when no other events of the same or higher
+priority are pending (prepare, check and other idle watchers do not count
+as receiving \*(L"events\*(R").
+.PP
+That is, as long as your process is busy handling sockets or timeouts
+(or even signals, imagine) of the same or higher priority it will not be
+triggered. But when your process is idle (or only lower-priority watchers
+are pending), the idle watchers are being called once per event loop
+iteration \- until stopped, that is, or your process receives more events
+and becomes busy again with higher priority stuff.
+.PP
+The most noteworthy effect is that as long as any idle watchers are
+active, the process will not block when waiting for new events.
+.PP
+Apart from keeping your process non-blocking (which is a useful
+effect on its own sometimes), idle watchers are a good place to do
+\&\*(L"pseudo-background processing\*(R", or delay processing stuff to after the
+event loop has handled all outstanding events.
+.PP
+\fIAbusing an \f(CI\*(C`ev_idle\*(C'\fI watcher for its side-effect\fR
+.IX Subsection "Abusing an ev_idle watcher for its side-effect"
+.PP
+As long as there is at least one active idle watcher, libev will never
+sleep unnecessarily. Or in other words, it will loop as fast as possible.
+For this to work, the idle watcher doesn't need to be invoked at all \- the
+lowest priority will do.
+.PP
+This mode of operation can be useful together with an \f(CW\*(C`ev_check\*(C'\fR watcher,
+to do something on each event loop iteration \- for example to balance load
+between different connections.
+.PP
+See \*(L"Abusing an ev_check watcher for its side-effect\*(R" for a longer
+example.
+.PP
+\fIWatcher-Specific Functions and Data Members\fR
+.IX Subsection "Watcher-Specific Functions and Data Members"
+.IP "ev_idle_init (ev_idle *, callback)" 4
+.IX Item "ev_idle_init (ev_idle *, callback)"
+Initialises and configures the idle watcher \- it has no parameters of any
+kind. There is a \f(CW\*(C`ev_idle_set\*(C'\fR macro, but using it is utterly pointless,
+believe me.
+.PP
+\fIExamples\fR
+.IX Subsection "Examples"
+.PP
+Example: Dynamically allocate an \f(CW\*(C`ev_idle\*(C'\fR watcher, start it, and in the
+callback, free it. Also, use no error checking, as usual.
+.PP
+.Vb 5
+\&   static void
+\&   idle_cb (struct ev_loop *loop, ev_idle *w, int revents)
+\&   {
+\&     // stop the watcher
+\&     ev_idle_stop (loop, w);
+\&
+\&     // now we can free it
+\&     free (w);
+\&
+\&     // now do something you wanted to do when the program has
+\&     // no longer anything immediate to do.
+\&   }
+\&
+\&   ev_idle *idle_watcher = malloc (sizeof (ev_idle));
+\&   ev_idle_init (idle_watcher, idle_cb);
+\&   ev_idle_start (loop, idle_watcher);
+.Ve
+.ie n .SS """ev_prepare"" and ""ev_check"" \- customise your event loop!"
+.el .SS "\f(CWev_prepare\fP and \f(CWev_check\fP \- customise your event loop!"
+.IX Subsection "ev_prepare and ev_check - customise your event loop!"
+Prepare and check watchers are often (but not always) used in pairs:
+prepare watchers get invoked before the process blocks and check watchers
+afterwards.
+.PP
+You \fImust not\fR call \f(CW\*(C`ev_run\*(C'\fR (or similar functions that enter the
+current event loop) or \f(CW\*(C`ev_loop_fork\*(C'\fR from either \f(CW\*(C`ev_prepare\*(C'\fR or
+\&\f(CW\*(C`ev_check\*(C'\fR watchers. Other loops than the current one are fine,
+however. The rationale behind this is that you do not need to check
+for recursion in those watchers, i.e. the sequence will always be
+\&\f(CW\*(C`ev_prepare\*(C'\fR, blocking, \f(CW\*(C`ev_check\*(C'\fR so if you have one watcher of each
+kind they will always be called in pairs bracketing the blocking call.
+.PP
+Their main purpose is to integrate other event mechanisms into libev and
+their use is somewhat advanced. They could be used, for example, to track
+variable changes, implement your own watchers, integrate net-snmp or a
+coroutine library and lots more. They are also occasionally useful if
+you cache some data and want to flush it before blocking (for example,
+in X programs you might want to do an \f(CW\*(C`XFlush ()\*(C'\fR in an \f(CW\*(C`ev_prepare\*(C'\fR
+watcher).
+.PP
+This is done by examining in each prepare call which file descriptors
+need to be watched by the other library, registering \f(CW\*(C`ev_io\*(C'\fR watchers
+for them and starting an \f(CW\*(C`ev_timer\*(C'\fR watcher for any timeouts (many
+libraries provide exactly this functionality). Then, in the check watcher,
+you check for any events that occurred (by checking the pending status
+of all watchers and stopping them) and call back into the library. The
+I/O and timer callbacks will never actually be called (but must be valid
+nevertheless, because you never know, you know?).
+.PP
+As another example, the Perl Coro module uses these hooks to integrate
+coroutines into libev programs, by yielding to other active coroutines
+during each prepare and only letting the process block if no coroutines
+are ready to run (it's actually more complicated: it only runs coroutines
+with priority higher than or equal to the event loop and one coroutine
+of lower priority, but only once, using idle watchers to keep the event
+loop from blocking if lower-priority coroutines are active, thus mapping
+low-priority coroutines to idle/background tasks).
+.PP
+When used for this purpose, it is recommended to give \f(CW\*(C`ev_check\*(C'\fR watchers
+highest (\f(CW\*(C`EV_MAXPRI\*(C'\fR) priority, to ensure that they are being run before
+any other watchers after the poll (this doesn't matter for \f(CW\*(C`ev_prepare\*(C'\fR
+watchers).
+.PP
+Also, \f(CW\*(C`ev_check\*(C'\fR watchers (and \f(CW\*(C`ev_prepare\*(C'\fR watchers, too) should not
+activate (\*(L"feed\*(R") events into libev. While libev fully supports this, they
+might get executed before other \f(CW\*(C`ev_check\*(C'\fR watchers did their job. As
+\&\f(CW\*(C`ev_check\*(C'\fR watchers are often used to embed other (non-libev) event
+loops those other event loops might be in an unusable state until their
+\&\f(CW\*(C`ev_check\*(C'\fR watcher ran (always remind yourself to coexist peacefully with
+others).
+.PP
+\fIAbusing an \f(CI\*(C`ev_check\*(C'\fI watcher for its side-effect\fR
+.IX Subsection "Abusing an ev_check watcher for its side-effect"
+.PP
+\&\f(CW\*(C`ev_check\*(C'\fR (and less often also \f(CW\*(C`ev_prepare\*(C'\fR) watchers can also be
+useful because they are called once per event loop iteration. For
+example, if you want to handle a large number of connections fairly, you
+normally only do a bit of work for each active connection, and if there
+is more work to do, you wait for the next event loop iteration, so other
+connections have a chance of making progress.
+.PP
+Using an \f(CW\*(C`ev_check\*(C'\fR watcher is almost enough: it will be called on the
+next event loop iteration. However, that isn't as soon as possible \-
+without external events, your \f(CW\*(C`ev_check\*(C'\fR watcher will not be invoked.
+.PP
+This is where \f(CW\*(C`ev_idle\*(C'\fR watchers come in handy \- all you need is a
+single global idle watcher that is active as long as you have one active
+\&\f(CW\*(C`ev_check\*(C'\fR watcher. The \f(CW\*(C`ev_idle\*(C'\fR watcher makes sure the event loop
+will not sleep, and the \f(CW\*(C`ev_check\*(C'\fR watcher makes sure a callback gets
+invoked. Neither watcher alone can do that.
+.PP
+\fIWatcher-Specific Functions and Data Members\fR
+.IX Subsection "Watcher-Specific Functions and Data Members"
+.IP "ev_prepare_init (ev_prepare *, callback)" 4
+.IX Item "ev_prepare_init (ev_prepare *, callback)"
+.PD 0
+.IP "ev_check_init (ev_check *, callback)" 4
+.IX Item "ev_check_init (ev_check *, callback)"
+.PD
+Initialises and configures the prepare or check watcher \- they have no
+parameters of any kind. There are \f(CW\*(C`ev_prepare_set\*(C'\fR and \f(CW\*(C`ev_check_set\*(C'\fR
+macros, but using them is utterly, utterly, utterly and completely
+pointless.
+.PP
+\fIExamples\fR
+.IX Subsection "Examples"
+.PP
+There are a number of principal ways to embed other event loops or modules
+into libev. Here are some ideas on how to include libadns into libev
+(there is a Perl module named \f(CW\*(C`EV::ADNS\*(C'\fR that does this, which you could
+use as a working example. Another Perl module named \f(CW\*(C`EV::Glib\*(C'\fR embeds a
+Glib main context into libev, and finally, \f(CW\*(C`Glib::EV\*(C'\fR embeds \s-1EV\s0 into the
+Glib event loop).
+.PP
+Method 1: Add \s-1IO\s0 watchers and a timeout watcher in a prepare handler,
+and in a check watcher, destroy them and call into libadns. What follows
+is pseudo-code only of course. This requires you to either use a low
+priority for the check watcher or use \f(CW\*(C`ev_clear_pending\*(C'\fR explicitly, as
+the callbacks for the IO/timeout watchers might not have been called yet.
+.PP
+.Vb 2
+\&   static ev_io iow [nfd];
+\&   static ev_timer tw;
+\&
+\&   static void
+\&   io_cb (struct ev_loop *loop, ev_io *w, int revents)
+\&   {
+\&   }
+\&
+\&   // create io watchers for each fd and a timer before blocking
+\&   static void
+\&   adns_prepare_cb (struct ev_loop *loop, ev_prepare *w, int revents)
+\&   {
+\&     int timeout = 3600000;
+\&     struct pollfd fds [nfd];
+\&     // actual code will need to loop here and realloc etc.
+\&     adns_beforepoll (ads, fds, &nfd, &timeout, timeval_from (ev_time ()));
+\&
+\&     /* the callback is illegal, but won\*(Aqt be called as we stop during check */
+\&     ev_timer_init (&tw, 0, timeout * 1e\-3, 0.);
+\&     ev_timer_start (loop, &tw);
+\&
+\&     // create one ev_io per pollfd
+\&     for (int i = 0; i < nfd; ++i)
+\&       {
+\&         ev_io_init (iow + i, io_cb, fds [i].fd,
+\&           ((fds [i].events & POLLIN ? EV_READ : 0)
+\&            | (fds [i].events & POLLOUT ? EV_WRITE : 0)));
+\&
+\&         fds [i].revents = 0;
+\&         ev_io_start (loop, iow + i);
+\&       }
+\&   }
+\&
+\&   // stop all watchers after blocking
+\&   static void
+\&   adns_check_cb (struct ev_loop *loop, ev_check *w, int revents)
+\&   {
+\&     ev_timer_stop (loop, &tw);
+\&
+\&     for (int i = 0; i < nfd; ++i)
+\&       {
+\&         // set the relevant poll flags
+\&         // could also call adns_processreadable etc. here
+\&         struct pollfd *fd = fds + i;
+\&         int revents = ev_clear_pending (iow + i);
+\&         if (revents & EV_READ ) fd\->revents |= fd\->events & POLLIN;
+\&         if (revents & EV_WRITE) fd\->revents |= fd\->events & POLLOUT;
+\&
+\&         // now stop the watcher
+\&         ev_io_stop (loop, iow + i);
+\&       }
+\&
+\&     adns_afterpoll (adns, fds, nfd, timeval_from (ev_now (loop));
+\&   }
+.Ve
+.PP
+Method 2: This would be just like method 1, but you run \f(CW\*(C`adns_afterpoll\*(C'\fR
+in the prepare watcher and would dispose of the check watcher.
+.PP
+Method 3: If the module to be embedded supports explicit event
+notification (libadns does), you can also make use of the actual watcher
+callbacks, and only destroy/create the watchers in the prepare watcher.
+.PP
+.Vb 5
+\&   static void
+\&   timer_cb (EV_P_ ev_timer *w, int revents)
+\&   {
+\&     adns_state ads = (adns_state)w\->data;
+\&     update_now (EV_A);
+\&
+\&     adns_processtimeouts (ads, &tv_now);
+\&   }
+\&
+\&   static void
+\&   io_cb (EV_P_ ev_io *w, int revents)
+\&   {
+\&     adns_state ads = (adns_state)w\->data;
+\&     update_now (EV_A);
+\&
+\&     if (revents & EV_READ ) adns_processreadable  (ads, w\->fd, &tv_now);
+\&     if (revents & EV_WRITE) adns_processwriteable (ads, w\->fd, &tv_now);
+\&   }
+\&
+\&   // do not ever call adns_afterpoll
+.Ve
+.PP
+Method 4: Do not use a prepare or check watcher because the module you
+want to embed is not flexible enough to support it. Instead, you can
+override their poll function. The drawback with this solution is that the
+main loop is now no longer controllable by \s-1EV.\s0 The \f(CW\*(C`Glib::EV\*(C'\fR module uses
+this approach, effectively embedding \s-1EV\s0 as a client into the horrible
+libglib event loop.
+.PP
+.Vb 4
+\&   static gint
+\&   event_poll_func (GPollFD *fds, guint nfds, gint timeout)
+\&   {
+\&     int got_events = 0;
+\&
+\&     for (n = 0; n < nfds; ++n)
+\&       // create/start io watcher that sets the relevant bits in fds[n] and increment got_events
+\&
+\&     if (timeout >= 0)
+\&       // create/start timer
+\&
+\&     // poll
+\&     ev_run (EV_A_ 0);
+\&
+\&     // stop timer again
+\&     if (timeout >= 0)
+\&       ev_timer_stop (EV_A_ &to);
+\&
+\&     // stop io watchers again \- their callbacks should have set
+\&     for (n = 0; n < nfds; ++n)
+\&       ev_io_stop (EV_A_ iow [n]);
+\&
+\&     return got_events;
+\&   }
+.Ve
+.ie n .SS """ev_embed"" \- when one backend isn't enough..."
+.el .SS "\f(CWev_embed\fP \- when one backend isn't enough..."
+.IX Subsection "ev_embed - when one backend isn't enough..."
+This is a rather advanced watcher type that lets you embed one event loop
+into another (currently only \f(CW\*(C`ev_io\*(C'\fR events are supported in the embedded
+loop, other types of watchers might be handled in a delayed or incorrect
+fashion and must not be used).
+.PP
+There are primarily two reasons you would want that: work around bugs and
+prioritise I/O.
+.PP
+As an example for a bug workaround, the kqueue backend might only support
+sockets on some platform, so it is unusable as generic backend, but you
+still want to make use of it because you have many sockets and it scales
+so nicely. In this case, you would create a kqueue-based loop and embed
+it into your default loop (which might use e.g. poll). Overall operation
+will be a bit slower because first libev has to call \f(CW\*(C`poll\*(C'\fR and then
+\&\f(CW\*(C`kevent\*(C'\fR, but at least you can use both mechanisms for what they are
+best: \f(CW\*(C`kqueue\*(C'\fR for scalable sockets and \f(CW\*(C`poll\*(C'\fR if you want it to work :)
+.PP
+As for prioritising I/O: under rare circumstances you have the case where
+some fds have to be watched and handled very quickly (with low latency),
+and even priorities and idle watchers might have too much overhead. In
+this case you would put all the high priority stuff in one loop and all
+the rest in a second one, and embed the second one in the first.
+.PP
+As long as the watcher is active, the callback will be invoked every
+time there might be events pending in the embedded loop. The callback
+must then call \f(CW\*(C`ev_embed_sweep (mainloop, watcher)\*(C'\fR to make a single
+sweep and invoke their callbacks (the callback doesn't need to invoke the
+\&\f(CW\*(C`ev_embed_sweep\*(C'\fR function directly, it could also start an idle watcher
+to give the embedded loop strictly lower priority for example).
+.PP
+You can also set the callback to \f(CW0\fR, in which case the embed watcher
+will automatically execute the embedded loop sweep whenever necessary.
+.PP
+Fork detection will be handled transparently while the \f(CW\*(C`ev_embed\*(C'\fR watcher
+is active, i.e., the embedded loop will automatically be forked when the
+embedding loop forks. In other cases, the user is responsible for calling
+\&\f(CW\*(C`ev_loop_fork\*(C'\fR on the embedded loop.
+.PP
+Unfortunately, not all backends are embeddable: only the ones returned by
+\&\f(CW\*(C`ev_embeddable_backends\*(C'\fR are, which, unfortunately, does not include any
+portable one.
+.PP
+So when you want to use this feature you will always have to be prepared
+that you cannot get an embeddable loop. The recommended way to get around
+this is to have a separate variables for your embeddable loop, try to
+create it, and if that fails, use the normal loop for everything.
+.PP
+\fI\f(CI\*(C`ev_embed\*(C'\fI and fork\fR
+.IX Subsection "ev_embed and fork"
+.PP
+While the \f(CW\*(C`ev_embed\*(C'\fR watcher is running, forks in the embedding loop will
+automatically be applied to the embedded loop as well, so no special
+fork handling is required in that case. When the watcher is not running,
+however, it is still the task of the libev user to call \f(CW\*(C`ev_loop_fork ()\*(C'\fR
+as applicable.
+.PP
+\fIWatcher-Specific Functions and Data Members\fR
+.IX Subsection "Watcher-Specific Functions and Data Members"
+.IP "ev_embed_init (ev_embed *, callback, struct ev_loop *embedded_loop)" 4
+.IX Item "ev_embed_init (ev_embed *, callback, struct ev_loop *embedded_loop)"
+.PD 0
+.IP "ev_embed_set (ev_embed *, struct ev_loop *embedded_loop)" 4
+.IX Item "ev_embed_set (ev_embed *, struct ev_loop *embedded_loop)"
+.PD
+Configures the watcher to embed the given loop, which must be
+embeddable. If the callback is \f(CW0\fR, then \f(CW\*(C`ev_embed_sweep\*(C'\fR will be
+invoked automatically, otherwise it is the responsibility of the callback
+to invoke it (it will continue to be called until the sweep has been done,
+if you do not want that, you need to temporarily stop the embed watcher).
+.IP "ev_embed_sweep (loop, ev_embed *)" 4
+.IX Item "ev_embed_sweep (loop, ev_embed *)"
+Make a single, non-blocking sweep over the embedded loop. This works
+similarly to \f(CW\*(C`ev_run (embedded_loop, EVRUN_NOWAIT)\*(C'\fR, but in the most
+appropriate way for embedded loops.
+.IP "struct ev_loop *other [read\-only]" 4
+.IX Item "struct ev_loop *other [read-only]"
+The embedded event loop.
+.PP
+\fIExamples\fR
+.IX Subsection "Examples"
+.PP
+Example: Try to get an embeddable event loop and embed it into the default
+event loop. If that is not possible, use the default loop. The default
+loop is stored in \f(CW\*(C`loop_hi\*(C'\fR, while the embeddable loop is stored in
+\&\f(CW\*(C`loop_lo\*(C'\fR (which is \f(CW\*(C`loop_hi\*(C'\fR in the case no embeddable loop can be
+used).
+.PP
+.Vb 3
+\&   struct ev_loop *loop_hi = ev_default_init (0);
+\&   struct ev_loop *loop_lo = 0;
+\&   ev_embed embed;
+\&
+\&   // see if there is a chance of getting one that works
+\&   // (remember that a flags value of 0 means autodetection)
+\&   loop_lo = ev_embeddable_backends () & ev_recommended_backends ()
+\&     ? ev_loop_new (ev_embeddable_backends () & ev_recommended_backends ())
+\&     : 0;
+\&
+\&   // if we got one, then embed it, otherwise default to loop_hi
+\&   if (loop_lo)
+\&     {
+\&       ev_embed_init (&embed, 0, loop_lo);
+\&       ev_embed_start (loop_hi, &embed);
+\&     }
+\&   else
+\&     loop_lo = loop_hi;
+.Ve
+.PP
+Example: Check if kqueue is available but not recommended and create
+a kqueue backend for use with sockets (which usually work with any
+kqueue implementation). Store the kqueue/socket\-only event loop in
+\&\f(CW\*(C`loop_socket\*(C'\fR. (One might optionally use \f(CW\*(C`EVFLAG_NOENV\*(C'\fR, too).
+.PP
+.Vb 3
+\&   struct ev_loop *loop = ev_default_init (0);
+\&   struct ev_loop *loop_socket = 0;
+\&   ev_embed embed;
+\&
+\&   if (ev_supported_backends () & ~ev_recommended_backends () & EVBACKEND_KQUEUE)
+\&     if ((loop_socket = ev_loop_new (EVBACKEND_KQUEUE))
+\&       {
+\&         ev_embed_init (&embed, 0, loop_socket);
+\&         ev_embed_start (loop, &embed);
+\&       }
+\&
+\&   if (!loop_socket)
+\&     loop_socket = loop;
+\&
+\&   // now use loop_socket for all sockets, and loop for everything else
+.Ve
+.ie n .SS """ev_fork"" \- the audacity to resume the event loop after a fork"
+.el .SS "\f(CWev_fork\fP \- the audacity to resume the event loop after a fork"
+.IX Subsection "ev_fork - the audacity to resume the event loop after a fork"
+Fork watchers are called when a \f(CW\*(C`fork ()\*(C'\fR was detected (usually because
+whoever is a good citizen cared to tell libev about it by calling
+\&\f(CW\*(C`ev_loop_fork\*(C'\fR). The invocation is done before the event loop blocks next
+and before \f(CW\*(C`ev_check\*(C'\fR watchers are being called, and only in the child
+after the fork. If whoever good citizen calling \f(CW\*(C`ev_default_fork\*(C'\fR cheats
+and calls it in the wrong process, the fork handlers will be invoked, too,
+of course.
+.PP
+\fIThe special problem of life after fork \- how is it possible?\fR
+.IX Subsection "The special problem of life after fork - how is it possible?"
+.PP
+Most uses of \f(CW\*(C`fork ()\*(C'\fR consist of forking, then some simple calls to set
+up/change the process environment, followed by a call to \f(CW\*(C`exec()\*(C'\fR. This
+sequence should be handled by libev without any problems.
+.PP
+This changes when the application actually wants to do event handling
+in the child, or both parent in child, in effect \*(L"continuing\*(R" after the
+fork.
+.PP
+The default mode of operation (for libev, with application help to detect
+forks) is to duplicate all the state in the child, as would be expected
+when \fIeither\fR the parent \fIor\fR the child process continues.
+.PP
+When both processes want to continue using libev, then this is usually the
+wrong result. In that case, usually one process (typically the parent) is
+supposed to continue with all watchers in place as before, while the other
+process typically wants to start fresh, i.e. without any active watchers.
+.PP
+The cleanest and most efficient way to achieve that with libev is to
+simply create a new event loop, which of course will be \*(L"empty\*(R", and
+use that for new watchers. This has the advantage of not touching more
+memory than necessary, and thus avoiding the copy-on-write, and the
+disadvantage of having to use multiple event loops (which do not support
+signal watchers).
+.PP
+When this is not possible, or you want to use the default loop for
+other reasons, then in the process that wants to start \*(L"fresh\*(R", call
+\&\f(CW\*(C`ev_loop_destroy (EV_DEFAULT)\*(C'\fR followed by \f(CW\*(C`ev_default_loop (...)\*(C'\fR.
+Destroying the default loop will \*(L"orphan\*(R" (not stop) all registered
+watchers, so you have to be careful not to execute code that modifies
+those watchers. Note also that in that case, you have to re-register any
+signal watchers.
+.PP
+\fIWatcher-Specific Functions and Data Members\fR
+.IX Subsection "Watcher-Specific Functions and Data Members"
+.IP "ev_fork_init (ev_fork *, callback)" 4
+.IX Item "ev_fork_init (ev_fork *, callback)"
+Initialises and configures the fork watcher \- it has no parameters of any
+kind. There is a \f(CW\*(C`ev_fork_set\*(C'\fR macro, but using it is utterly pointless,
+really.
+.ie n .SS """ev_cleanup"" \- even the best things end"
+.el .SS "\f(CWev_cleanup\fP \- even the best things end"
+.IX Subsection "ev_cleanup - even the best things end"
+Cleanup watchers are called just before the event loop is being destroyed
+by a call to \f(CW\*(C`ev_loop_destroy\*(C'\fR.
+.PP
+While there is no guarantee that the event loop gets destroyed, cleanup
+watchers provide a convenient method to install cleanup hooks for your
+program, worker threads and so on \- you just to make sure to destroy the
+loop when you want them to be invoked.
+.PP
+Cleanup watchers are invoked in the same way as any other watcher. Unlike
+all other watchers, they do not keep a reference to the event loop (which
+makes a lot of sense if you think about it). Like all other watchers, you
+can call libev functions in the callback, except \f(CW\*(C`ev_cleanup_start\*(C'\fR.
+.PP
+\fIWatcher-Specific Functions and Data Members\fR
+.IX Subsection "Watcher-Specific Functions and Data Members"
+.IP "ev_cleanup_init (ev_cleanup *, callback)" 4
+.IX Item "ev_cleanup_init (ev_cleanup *, callback)"
+Initialises and configures the cleanup watcher \- it has no parameters of
+any kind. There is a \f(CW\*(C`ev_cleanup_set\*(C'\fR macro, but using it is utterly
+pointless, I assure you.
+.PP
+Example: Register an atexit handler to destroy the default loop, so any
+cleanup functions are called.
+.PP
+.Vb 5
+\&   static void
+\&   program_exits (void)
+\&   {
+\&     ev_loop_destroy (EV_DEFAULT_UC);
+\&   }
+\&
+\&   ...
+\&   atexit (program_exits);
+.Ve
+.ie n .SS """ev_async"" \- how to wake up an event loop"
+.el .SS "\f(CWev_async\fP \- how to wake up an event loop"
+.IX Subsection "ev_async - how to wake up an event loop"
+In general, you cannot use an \f(CW\*(C`ev_loop\*(C'\fR from multiple threads or other
+asynchronous sources such as signal handlers (as opposed to multiple event
+loops \- those are of course safe to use in different threads).
+.PP
+Sometimes, however, you need to wake up an event loop you do not control,
+for example because it belongs to another thread. This is what \f(CW\*(C`ev_async\*(C'\fR
+watchers do: as long as the \f(CW\*(C`ev_async\*(C'\fR watcher is active, you can signal
+it by calling \f(CW\*(C`ev_async_send\*(C'\fR, which is thread\- and signal safe.
+.PP
+This functionality is very similar to \f(CW\*(C`ev_signal\*(C'\fR watchers, as signals,
+too, are asynchronous in nature, and signals, too, will be compressed
+(i.e. the number of callback invocations may be less than the number of
+\&\f(CW\*(C`ev_async_send\*(C'\fR calls). In fact, you could use signal watchers as a kind
+of \*(L"global async watchers\*(R" by using a watcher on an otherwise unused
+signal, and \f(CW\*(C`ev_feed_signal\*(C'\fR to signal this watcher from another thread,
+even without knowing which loop owns the signal.
+.PP
+\fIQueueing\fR
+.IX Subsection "Queueing"
+.PP
+\&\f(CW\*(C`ev_async\*(C'\fR does not support queueing of data in any way. The reason
+is that the author does not know of a simple (or any) algorithm for a
+multiple-writer-single-reader queue that works in all cases and doesn't
+need elaborate support such as pthreads or unportable memory access
+semantics.
+.PP
+That means that if you want to queue data, you have to provide your own
+queue. But at least I can tell you how to implement locking around your
+queue:
+.IP "queueing from a signal handler context" 4
+.IX Item "queueing from a signal handler context"
+To implement race-free queueing, you simply add to the queue in the signal
+handler but you block the signal handler in the watcher callback. Here is
+an example that does that for some fictitious \s-1SIGUSR1\s0 handler:
+.Sp
+.Vb 1
+\&   static ev_async mysig;
+\&
+\&   static void
+\&   sigusr1_handler (void)
+\&   {
+\&     sometype data;
+\&
+\&     // no locking etc.
+\&     queue_put (data);
+\&     ev_async_send (EV_DEFAULT_ &mysig);
+\&   }
+\&
+\&   static void
+\&   mysig_cb (EV_P_ ev_async *w, int revents)
+\&   {
+\&     sometype data;
+\&     sigset_t block, prev;
+\&
+\&     sigemptyset (&block);
+\&     sigaddset (&block, SIGUSR1);
+\&     sigprocmask (SIG_BLOCK, &block, &prev);
+\&
+\&     while (queue_get (&data))
+\&       process (data);
+\&
+\&     if (sigismember (&prev, SIGUSR1)
+\&       sigprocmask (SIG_UNBLOCK, &block, 0);
+\&   }
+.Ve
+.Sp
+(Note: pthreads in theory requires you to use \f(CW\*(C`pthread_setmask\*(C'\fR
+instead of \f(CW\*(C`sigprocmask\*(C'\fR when you use threads, but libev doesn't do it
+either...).
+.IP "queueing from a thread context" 4
+.IX Item "queueing from a thread context"
+The strategy for threads is different, as you cannot (easily) block
+threads but you can easily preempt them, so to queue safely you need to
+employ a traditional mutex lock, such as in this pthread example:
+.Sp
+.Vb 2
+\&   static ev_async mysig;
+\&   static pthread_mutex_t mymutex = PTHREAD_MUTEX_INITIALIZER;
+\&
+\&   static void
+\&   otherthread (void)
+\&   {
+\&     // only need to lock the actual queueing operation
+\&     pthread_mutex_lock (&mymutex);
+\&     queue_put (data);
+\&     pthread_mutex_unlock (&mymutex);
+\&
+\&     ev_async_send (EV_DEFAULT_ &mysig);
+\&   }
+\&
+\&   static void
+\&   mysig_cb (EV_P_ ev_async *w, int revents)
+\&   {
+\&     pthread_mutex_lock (&mymutex);
+\&
+\&     while (queue_get (&data))
+\&       process (data);
+\&
+\&     pthread_mutex_unlock (&mymutex);
+\&   }
+.Ve
+.PP
+\fIWatcher-Specific Functions and Data Members\fR
+.IX Subsection "Watcher-Specific Functions and Data Members"
+.IP "ev_async_init (ev_async *, callback)" 4
+.IX Item "ev_async_init (ev_async *, callback)"
+Initialises and configures the async watcher \- it has no parameters of any
+kind. There is a \f(CW\*(C`ev_async_set\*(C'\fR macro, but using it is utterly pointless,
+trust me.
+.IP "ev_async_send (loop, ev_async *)" 4
+.IX Item "ev_async_send (loop, ev_async *)"
+Sends/signals/activates the given \f(CW\*(C`ev_async\*(C'\fR watcher, that is, feeds
+an \f(CW\*(C`EV_ASYNC\*(C'\fR event on the watcher into the event loop, and instantly
+returns.
+.Sp
+Unlike \f(CW\*(C`ev_feed_event\*(C'\fR, this call is safe to do from other threads,
+signal or similar contexts (see the discussion of \f(CW\*(C`EV_ATOMIC_T\*(C'\fR in the
+embedding section below on what exactly this means).
+.Sp
+Note that, as with other watchers in libev, multiple events might get
+compressed into a single callback invocation (another way to look at
+this is that \f(CW\*(C`ev_async\*(C'\fR watchers are level-triggered: they are set on
+\&\f(CW\*(C`ev_async_send\*(C'\fR, reset when the event loop detects that).
+.Sp
+This call incurs the overhead of at most one extra system call per event
+loop iteration, if the event loop is blocked, and no syscall at all if
+the event loop (or your program) is processing events. That means that
+repeated calls are basically free (there is no need to avoid calls for
+performance reasons) and that the overhead becomes smaller (typically
+zero) under load.
+.IP "bool = ev_async_pending (ev_async *)" 4
+.IX Item "bool = ev_async_pending (ev_async *)"
+Returns a non-zero value when \f(CW\*(C`ev_async_send\*(C'\fR has been called on the
+watcher but the event has not yet been processed (or even noted) by the
+event loop.
+.Sp
+\&\f(CW\*(C`ev_async_send\*(C'\fR sets a flag in the watcher and wakes up the loop. When
+the loop iterates next and checks for the watcher to have become active,
+it will reset the flag again. \f(CW\*(C`ev_async_pending\*(C'\fR can be used to very
+quickly check whether invoking the loop might be a good idea.
+.Sp
+Not that this does \fInot\fR check whether the watcher itself is pending,
+only whether it has been requested to make this watcher pending: there
+is a time window between the event loop checking and resetting the async
+notification, and the callback being invoked.
+.SH "OTHER FUNCTIONS"
+.IX Header "OTHER FUNCTIONS"
+There are some other functions of possible interest. Described. Here. Now.
+.IP "ev_once (loop, int fd, int events, ev_tstamp timeout, callback, arg)" 4
+.IX Item "ev_once (loop, int fd, int events, ev_tstamp timeout, callback, arg)"
+This function combines a simple timer and an I/O watcher, calls your
+callback on whichever event happens first and automatically stops both
+watchers. This is useful if you want to wait for a single event on an fd
+or timeout without having to allocate/configure/start/stop/free one or
+more watchers yourself.
+.Sp
+If \f(CW\*(C`fd\*(C'\fR is less than 0, then no I/O watcher will be started and the
+\&\f(CW\*(C`events\*(C'\fR argument is being ignored. Otherwise, an \f(CW\*(C`ev_io\*(C'\fR watcher for
+the given \f(CW\*(C`fd\*(C'\fR and \f(CW\*(C`events\*(C'\fR set will be created and started.
+.Sp
+If \f(CW\*(C`timeout\*(C'\fR is less than 0, then no timeout watcher will be
+started. Otherwise an \f(CW\*(C`ev_timer\*(C'\fR watcher with after = \f(CW\*(C`timeout\*(C'\fR (and
+repeat = 0) will be started. \f(CW0\fR is a valid timeout.
+.Sp
+The callback has the type \f(CW\*(C`void (*cb)(int revents, void *arg)\*(C'\fR and is
+passed an \f(CW\*(C`revents\*(C'\fR set like normal event callbacks (a combination of
+\&\f(CW\*(C`EV_ERROR\*(C'\fR, \f(CW\*(C`EV_READ\*(C'\fR, \f(CW\*(C`EV_WRITE\*(C'\fR or \f(CW\*(C`EV_TIMER\*(C'\fR) and the \f(CW\*(C`arg\*(C'\fR
+value passed to \f(CW\*(C`ev_once\*(C'\fR. Note that it is possible to receive \fIboth\fR
+a timeout and an io event at the same time \- you probably should give io
+events precedence.
+.Sp
+Example: wait up to ten seconds for data to appear on \s-1STDIN_FILENO.\s0
+.Sp
+.Vb 7
+\&   static void stdin_ready (int revents, void *arg)
+\&   {
+\&     if (revents & EV_READ)
+\&       /* stdin might have data for us, joy! */;
+\&     else if (revents & EV_TIMER)
+\&       /* doh, nothing entered */;
+\&   }
+\&
+\&   ev_once (STDIN_FILENO, EV_READ, 10., stdin_ready, 0);
+.Ve
+.IP "ev_feed_fd_event (loop, int fd, int revents)" 4
+.IX Item "ev_feed_fd_event (loop, int fd, int revents)"
+Feed an event on the given fd, as if a file descriptor backend detected
+the given events.
+.IP "ev_feed_signal_event (loop, int signum)" 4
+.IX Item "ev_feed_signal_event (loop, int signum)"
+Feed an event as if the given signal occurred. See also \f(CW\*(C`ev_feed_signal\*(C'\fR,
+which is async-safe.
+.SH "COMMON OR USEFUL IDIOMS (OR BOTH)"
+.IX Header "COMMON OR USEFUL IDIOMS (OR BOTH)"
+This section explains some common idioms that are not immediately
+obvious. Note that examples are sprinkled over the whole manual, and this
+section only contains stuff that wouldn't fit anywhere else.
+.SS "\s-1ASSOCIATING CUSTOM DATA WITH A WATCHER\s0"
+.IX Subsection "ASSOCIATING CUSTOM DATA WITH A WATCHER"
+Each watcher has, by default, a \f(CW\*(C`void *data\*(C'\fR member that you can read
+or modify at any time: libev will completely ignore it. This can be used
+to associate arbitrary data with your watcher. If you need more data and
+don't want to allocate memory separately and store a pointer to it in that
+data member, you can also \*(L"subclass\*(R" the watcher type and provide your own
+data:
+.PP
+.Vb 7
+\&   struct my_io
+\&   {
+\&     ev_io io;
+\&     int otherfd;
+\&     void *somedata;
+\&     struct whatever *mostinteresting;
+\&   };
+\&
+\&   ...
+\&   struct my_io w;
+\&   ev_io_init (&w.io, my_cb, fd, EV_READ);
+.Ve
+.PP
+And since your callback will be called with a pointer to the watcher, you
+can cast it back to your own type:
+.PP
+.Vb 5
+\&   static void my_cb (struct ev_loop *loop, ev_io *w_, int revents)
+\&   {
+\&     struct my_io *w = (struct my_io *)w_;
+\&     ...
+\&   }
+.Ve
+.PP
+More interesting and less C\-conformant ways of casting your callback
+function type instead have been omitted.
+.SS "\s-1BUILDING YOUR OWN COMPOSITE WATCHERS\s0"
+.IX Subsection "BUILDING YOUR OWN COMPOSITE WATCHERS"
+Another common scenario is to use some data structure with multiple
+embedded watchers, in effect creating your own watcher that combines
+multiple libev event sources into one \*(L"super-watcher\*(R":
+.PP
+.Vb 6
+\&   struct my_biggy
+\&   {
+\&     int some_data;
+\&     ev_timer t1;
+\&     ev_timer t2;
+\&   }
+.Ve
+.PP
+In this case getting the pointer to \f(CW\*(C`my_biggy\*(C'\fR is a bit more
+complicated: Either you store the address of your \f(CW\*(C`my_biggy\*(C'\fR struct in
+the \f(CW\*(C`data\*(C'\fR member of the watcher (for woozies or \*(C+ coders), or you need
+to use some pointer arithmetic using \f(CW\*(C`offsetof\*(C'\fR inside your watchers (for
+real programmers):
+.PP
+.Vb 1
+\&   #include <stddef.h>
+\&
+\&   static void
+\&   t1_cb (EV_P_ ev_timer *w, int revents)
+\&   {
+\&     struct my_biggy big = (struct my_biggy *)
+\&       (((char *)w) \- offsetof (struct my_biggy, t1));
+\&   }
+\&
+\&   static void
+\&   t2_cb (EV_P_ ev_timer *w, int revents)
+\&   {
+\&     struct my_biggy big = (struct my_biggy *)
+\&       (((char *)w) \- offsetof (struct my_biggy, t2));
+\&   }
+.Ve
+.SS "\s-1AVOIDING FINISHING BEFORE RETURNING\s0"
+.IX Subsection "AVOIDING FINISHING BEFORE RETURNING"
+Often you have structures like this in event-based programs:
+.PP
+.Vb 4
+\&  callback ()
+\&  {
+\&    free (request);
+\&  }
+\&
+\&  request = start_new_request (..., callback);
+.Ve
+.PP
+The intent is to start some \*(L"lengthy\*(R" operation. The \f(CW\*(C`request\*(C'\fR could be
+used to cancel the operation, or do other things with it.
+.PP
+It's not uncommon to have code paths in \f(CW\*(C`start_new_request\*(C'\fR that
+immediately invoke the callback, for example, to report errors. Or you add
+some caching layer that finds that it can skip the lengthy aspects of the
+operation and simply invoke the callback with the result.
+.PP
+The problem here is that this will happen \fIbefore\fR \f(CW\*(C`start_new_request\*(C'\fR
+has returned, so \f(CW\*(C`request\*(C'\fR is not set.
+.PP
+Even if you pass the request by some safer means to the callback, you
+might want to do something to the request after starting it, such as
+canceling it, which probably isn't working so well when the callback has
+already been invoked.
+.PP
+A common way around all these issues is to make sure that
+\&\f(CW\*(C`start_new_request\*(C'\fR \fIalways\fR returns before the callback is invoked. If
+\&\f(CW\*(C`start_new_request\*(C'\fR immediately knows the result, it can artificially
+delay invoking the callback by using a \f(CW\*(C`prepare\*(C'\fR or \f(CW\*(C`idle\*(C'\fR watcher for
+example, or more sneakily, by reusing an existing (stopped) watcher and
+pushing it into the pending queue:
+.PP
+.Vb 2
+\&   ev_set_cb (watcher, callback);
+\&   ev_feed_event (EV_A_ watcher, 0);
+.Ve
+.PP
+This way, \f(CW\*(C`start_new_request\*(C'\fR can safely return before the callback is
+invoked, while not delaying callback invocation too much.
+.SS "\s-1MODEL/NESTED EVENT LOOP INVOCATIONS AND EXIT CONDITIONS\s0"
+.IX Subsection "MODEL/NESTED EVENT LOOP INVOCATIONS AND EXIT CONDITIONS"
+Often (especially in \s-1GUI\s0 toolkits) there are places where you have
+\&\fImodal\fR interaction, which is most easily implemented by recursively
+invoking \f(CW\*(C`ev_run\*(C'\fR.
+.PP
+This brings the problem of exiting \- a callback might want to finish the
+main \f(CW\*(C`ev_run\*(C'\fR call, but not the nested one (e.g. user clicked \*(L"Quit\*(R", but
+a modal \*(L"Are you sure?\*(R" dialog is still waiting), or just the nested one
+and not the main one (e.g. user clocked \*(L"Ok\*(R" in a modal dialog), or some
+other combination: In these cases, a simple \f(CW\*(C`ev_break\*(C'\fR will not work.
+.PP
+The solution is to maintain \*(L"break this loop\*(R" variable for each \f(CW\*(C`ev_run\*(C'\fR
+invocation, and use a loop around \f(CW\*(C`ev_run\*(C'\fR until the condition is
+triggered, using \f(CW\*(C`EVRUN_ONCE\*(C'\fR:
+.PP
+.Vb 2
+\&   // main loop
+\&   int exit_main_loop = 0;
+\&
+\&   while (!exit_main_loop)
+\&     ev_run (EV_DEFAULT_ EVRUN_ONCE);
+\&
+\&   // in a modal watcher
+\&   int exit_nested_loop = 0;
+\&
+\&   while (!exit_nested_loop)
+\&     ev_run (EV_A_ EVRUN_ONCE);
+.Ve
+.PP
+To exit from any of these loops, just set the corresponding exit variable:
+.PP
+.Vb 2
+\&   // exit modal loop
+\&   exit_nested_loop = 1;
+\&
+\&   // exit main program, after modal loop is finished
+\&   exit_main_loop = 1;
+\&
+\&   // exit both
+\&   exit_main_loop = exit_nested_loop = 1;
+.Ve
+.SS "\s-1THREAD LOCKING EXAMPLE\s0"
+.IX Subsection "THREAD LOCKING EXAMPLE"
+Here is a fictitious example of how to run an event loop in a different
+thread from where callbacks are being invoked and watchers are
+created/added/removed.
+.PP
+For a real-world example, see the \f(CW\*(C`EV::Loop::Async\*(C'\fR perl module,
+which uses exactly this technique (which is suited for many high-level
+languages).
+.PP
+The example uses a pthread mutex to protect the loop data, a condition
+variable to wait for callback invocations, an async watcher to notify the
+event loop thread and an unspecified mechanism to wake up the main thread.
+.PP
+First, you need to associate some data with the event loop:
+.PP
+.Vb 6
+\&   typedef struct {
+\&     mutex_t lock; /* global loop lock */
+\&     ev_async async_w;
+\&     thread_t tid;
+\&     cond_t invoke_cv;
+\&   } userdata;
+\&
+\&   void prepare_loop (EV_P)
+\&   {
+\&      // for simplicity, we use a static userdata struct.
+\&      static userdata u;
+\&
+\&      ev_async_init (&u\->async_w, async_cb);
+\&      ev_async_start (EV_A_ &u\->async_w);
+\&
+\&      pthread_mutex_init (&u\->lock, 0);
+\&      pthread_cond_init (&u\->invoke_cv, 0);
+\&
+\&      // now associate this with the loop
+\&      ev_set_userdata (EV_A_ u);
+\&      ev_set_invoke_pending_cb (EV_A_ l_invoke);
+\&      ev_set_loop_release_cb (EV_A_ l_release, l_acquire);
+\&
+\&      // then create the thread running ev_run
+\&      pthread_create (&u\->tid, 0, l_run, EV_A);
+\&   }
+.Ve
+.PP
+The callback for the \f(CW\*(C`ev_async\*(C'\fR watcher does nothing: the watcher is used
+solely to wake up the event loop so it takes notice of any new watchers
+that might have been added:
+.PP
+.Vb 5
+\&   static void
+\&   async_cb (EV_P_ ev_async *w, int revents)
+\&   {
+\&      // just used for the side effects
+\&   }
+.Ve
+.PP
+The \f(CW\*(C`l_release\*(C'\fR and \f(CW\*(C`l_acquire\*(C'\fR callbacks simply unlock/lock the mutex
+protecting the loop data, respectively.
+.PP
+.Vb 6
+\&   static void
+\&   l_release (EV_P)
+\&   {
+\&     userdata *u = ev_userdata (EV_A);
+\&     pthread_mutex_unlock (&u\->lock);
+\&   }
+\&
+\&   static void
+\&   l_acquire (EV_P)
+\&   {
+\&     userdata *u = ev_userdata (EV_A);
+\&     pthread_mutex_lock (&u\->lock);
+\&   }
+.Ve
+.PP
+The event loop thread first acquires the mutex, and then jumps straight
+into \f(CW\*(C`ev_run\*(C'\fR:
+.PP
+.Vb 4
+\&   void *
+\&   l_run (void *thr_arg)
+\&   {
+\&     struct ev_loop *loop = (struct ev_loop *)thr_arg;
+\&
+\&     l_acquire (EV_A);
+\&     pthread_setcanceltype (PTHREAD_CANCEL_ASYNCHRONOUS, 0);
+\&     ev_run (EV_A_ 0);
+\&     l_release (EV_A);
+\&
+\&     return 0;
+\&   }
+.Ve
+.PP
+Instead of invoking all pending watchers, the \f(CW\*(C`l_invoke\*(C'\fR callback will
+signal the main thread via some unspecified mechanism (signals? pipe
+writes? \f(CW\*(C`Async::Interrupt\*(C'\fR?) and then waits until all pending watchers
+have been called (in a while loop because a) spurious wakeups are possible
+and b) skipping inter-thread-communication when there are no pending
+watchers is very beneficial):
+.PP
+.Vb 4
+\&   static void
+\&   l_invoke (EV_P)
+\&   {
+\&     userdata *u = ev_userdata (EV_A);
+\&
+\&     while (ev_pending_count (EV_A))
+\&       {
+\&         wake_up_other_thread_in_some_magic_or_not_so_magic_way ();
+\&         pthread_cond_wait (&u\->invoke_cv, &u\->lock);
+\&       }
+\&   }
+.Ve
+.PP
+Now, whenever the main thread gets told to invoke pending watchers, it
+will grab the lock, call \f(CW\*(C`ev_invoke_pending\*(C'\fR and then signal the loop
+thread to continue:
+.PP
+.Vb 4
+\&   static void
+\&   real_invoke_pending (EV_P)
+\&   {
+\&     userdata *u = ev_userdata (EV_A);
+\&
+\&     pthread_mutex_lock (&u\->lock);
+\&     ev_invoke_pending (EV_A);
+\&     pthread_cond_signal (&u\->invoke_cv);
+\&     pthread_mutex_unlock (&u\->lock);
+\&   }
+.Ve
+.PP
+Whenever you want to start/stop a watcher or do other modifications to an
+event loop, you will now have to lock:
+.PP
+.Vb 2
+\&   ev_timer timeout_watcher;
+\&   userdata *u = ev_userdata (EV_A);
+\&
+\&   ev_timer_init (&timeout_watcher, timeout_cb, 5.5, 0.);
+\&
+\&   pthread_mutex_lock (&u\->lock);
+\&   ev_timer_start (EV_A_ &timeout_watcher);
+\&   ev_async_send (EV_A_ &u\->async_w);
+\&   pthread_mutex_unlock (&u\->lock);
+.Ve
+.PP
+Note that sending the \f(CW\*(C`ev_async\*(C'\fR watcher is required because otherwise
+an event loop currently blocking in the kernel will have no knowledge
+about the newly added timer. By waking up the loop it will pick up any new
+watchers in the next event loop iteration.
+.SS "\s-1THREADS, COROUTINES, CONTINUATIONS, QUEUES... INSTEAD OF CALLBACKS\s0"
+.IX Subsection "THREADS, COROUTINES, CONTINUATIONS, QUEUES... INSTEAD OF CALLBACKS"
+While the overhead of a callback that e.g. schedules a thread is small, it
+is still an overhead. If you embed libev, and your main usage is with some
+kind of threads or coroutines, you might want to customise libev so that
+doesn't need callbacks anymore.
+.PP
+Imagine you have coroutines that you can switch to using a function
+\&\f(CW\*(C`switch_to (coro)\*(C'\fR, that libev runs in a coroutine called \f(CW\*(C`libev_coro\*(C'\fR
+and that due to some magic, the currently active coroutine is stored in a
+global called \f(CW\*(C`current_coro\*(C'\fR. Then you can build your own \*(L"wait for libev
+event\*(R" primitive by changing \f(CW\*(C`EV_CB_DECLARE\*(C'\fR and \f(CW\*(C`EV_CB_INVOKE\*(C'\fR (note
+the differing \f(CW\*(C`;\*(C'\fR conventions):
+.PP
+.Vb 2
+\&   #define EV_CB_DECLARE(type)   struct my_coro *cb;
+\&   #define EV_CB_INVOKE(watcher) switch_to ((watcher)\->cb)
+.Ve
+.PP
+That means instead of having a C callback function, you store the
+coroutine to switch to in each watcher, and instead of having libev call
+your callback, you instead have it switch to that coroutine.
+.PP
+A coroutine might now wait for an event with a function called
+\&\f(CW\*(C`wait_for_event\*(C'\fR. (the watcher needs to be started, as always, but it doesn't
+matter when, or whether the watcher is active or not when this function is
+called):
+.PP
+.Vb 6
+\&   void
+\&   wait_for_event (ev_watcher *w)
+\&   {
+\&     ev_set_cb (w, current_coro);
+\&     switch_to (libev_coro);
+\&   }
+.Ve
+.PP
+That basically suspends the coroutine inside \f(CW\*(C`wait_for_event\*(C'\fR and
+continues the libev coroutine, which, when appropriate, switches back to
+this or any other coroutine.
+.PP
+You can do similar tricks if you have, say, threads with an event queue \-
+instead of storing a coroutine, you store the queue object and instead of
+switching to a coroutine, you push the watcher onto the queue and notify
+any waiters.
+.PP
+To embed libev, see \*(L"\s-1EMBEDDING\*(R"\s0, but in short, it's easiest to create two
+files, \fImy_ev.h\fR and \fImy_ev.c\fR that include the respective libev files:
+.PP
+.Vb 4
+\&   // my_ev.h
+\&   #define EV_CB_DECLARE(type)   struct my_coro *cb;
+\&   #define EV_CB_INVOKE(watcher) switch_to ((watcher)\->cb)
+\&   #include "../libev/ev.h"
+\&
+\&   // my_ev.c
+\&   #define EV_H "my_ev.h"
+\&   #include "../libev/ev.c"
+.Ve
+.PP
+And then use \fImy_ev.h\fR when you would normally use \fIev.h\fR, and compile
+\&\fImy_ev.c\fR into your project. When properly specifying include paths, you
+can even use \fIev.h\fR as header file name directly.
+.SH "LIBEVENT EMULATION"
+.IX Header "LIBEVENT EMULATION"
+Libev offers a compatibility emulation layer for libevent. It cannot
+emulate the internals of libevent, so here are some usage hints:
+.IP "\(bu" 4
+Only the libevent\-1.4.1\-beta \s-1API\s0 is being emulated.
+.Sp
+This was the newest libevent version available when libev was implemented,
+and is still mostly unchanged in 2010.
+.IP "\(bu" 4
+Use it by including <event.h>, as usual.
+.IP "\(bu" 4
+The following members are fully supported: ev_base, ev_callback,
+ev_arg, ev_fd, ev_res, ev_events.
+.IP "\(bu" 4
+Avoid using ev_flags and the EVLIST_*\-macros, while it is
+maintained by libev, it does not work exactly the same way as in libevent (consider
+it a private \s-1API\s0).
+.IP "\(bu" 4
+Priorities are not currently supported. Initialising priorities
+will fail and all watchers will have the same priority, even though there
+is an ev_pri field.
+.IP "\(bu" 4
+In libevent, the last base created gets the signals, in libev, the
+base that registered the signal gets the signals.
+.IP "\(bu" 4
+Other members are not supported.
+.IP "\(bu" 4
+The libev emulation is \fInot\fR \s-1ABI\s0 compatible to libevent, you need
+to use the libev header file and library.
+.SH "\*(C+ SUPPORT"
+.IX Header " SUPPORT"
+.SS "C \s-1API\s0"
+.IX Subsection "C API"
+The normal C \s-1API\s0 should work fine when used from \*(C+: both ev.h and the
+libev sources can be compiled as \*(C+. Therefore, code that uses the C \s-1API\s0
+will work fine.
+.PP
+Proper exception specifications might have to be added to callbacks passed
+to libev: exceptions may be thrown only from watcher callbacks, all other
+callbacks (allocator, syserr, loop acquire/release and periodic reschedule
+callbacks) must not throw exceptions, and might need a \f(CW\*(C`noexcept\*(C'\fR
+specification. If you have code that needs to be compiled as both C and
+\&\*(C+ you can use the \f(CW\*(C`EV_NOEXCEPT\*(C'\fR macro for this:
+.PP
+.Vb 6
+\&   static void
+\&   fatal_error (const char *msg) EV_NOEXCEPT
+\&   {
+\&     perror (msg);
+\&     abort ();
+\&   }
+\&
+\&   ...
+\&   ev_set_syserr_cb (fatal_error);
+.Ve
+.PP
+The only \s-1API\s0 functions that can currently throw exceptions are \f(CW\*(C`ev_run\*(C'\fR,
+\&\f(CW\*(C`ev_invoke\*(C'\fR, \f(CW\*(C`ev_invoke_pending\*(C'\fR and \f(CW\*(C`ev_loop_destroy\*(C'\fR (the latter
+because it runs cleanup watchers).
+.PP
+Throwing exceptions in watcher callbacks is only supported if libev itself
+is compiled with a \*(C+ compiler or your C and \*(C+ environments allow
+throwing exceptions through C libraries (most do).
+.SS "\*(C+ \s-1API\s0"
+.IX Subsection " API"
+Libev comes with some simplistic wrapper classes for \*(C+ that mainly allow
+you to use some convenience methods to start/stop watchers and also change
+the callback model to a model using method callbacks on objects.
+.PP
+To use it,
+.PP
+.Vb 1
+\&   #include <ev++.h>
+.Ve
+.PP
+This automatically includes \fIev.h\fR and puts all of its definitions (many
+of them macros) into the global namespace. All \*(C+ specific things are
+put into the \f(CW\*(C`ev\*(C'\fR namespace. It should support all the same embedding
+options as \fIev.h\fR, most notably \f(CW\*(C`EV_MULTIPLICITY\*(C'\fR.
+.PP
+Care has been taken to keep the overhead low. The only data member the \*(C+
+classes add (compared to plain C\-style watchers) is the event loop pointer
+that the watcher is associated with (or no additional members at all if
+you disable \f(CW\*(C`EV_MULTIPLICITY\*(C'\fR when embedding libev).
+.PP
+Currently, functions, static and non-static member functions and classes
+with \f(CW\*(C`operator ()\*(C'\fR can be used as callbacks. Other types should be easy
+to add as long as they only need one additional pointer for context. If
+you need support for other types of functors please contact the author
+(preferably after implementing it).
+.PP
+For all this to work, your \*(C+ compiler either has to use the same calling
+conventions as your C compiler (for static member functions), or you have
+to embed libev and compile libev itself as \*(C+.
+.PP
+Here is a list of things available in the \f(CW\*(C`ev\*(C'\fR namespace:
+.ie n .IP """ev::READ"", ""ev::WRITE"" etc." 4
+.el .IP "\f(CWev::READ\fR, \f(CWev::WRITE\fR etc." 4
+.IX Item "ev::READ, ev::WRITE etc."
+These are just enum values with the same values as the \f(CW\*(C`EV_READ\*(C'\fR etc.
+macros from \fIev.h\fR.
+.ie n .IP """ev::tstamp"", ""ev::now""" 4
+.el .IP "\f(CWev::tstamp\fR, \f(CWev::now\fR" 4
+.IX Item "ev::tstamp, ev::now"
+Aliases to the same types/functions as with the \f(CW\*(C`ev_\*(C'\fR prefix.
+.ie n .IP """ev::io"", ""ev::timer"", ""ev::periodic"", ""ev::idle"", ""ev::sig"" etc." 4
+.el .IP "\f(CWev::io\fR, \f(CWev::timer\fR, \f(CWev::periodic\fR, \f(CWev::idle\fR, \f(CWev::sig\fR etc." 4
+.IX Item "ev::io, ev::timer, ev::periodic, ev::idle, ev::sig etc."
+For each \f(CW\*(C`ev_TYPE\*(C'\fR watcher in \fIev.h\fR there is a corresponding class of
+the same name in the \f(CW\*(C`ev\*(C'\fR namespace, with the exception of \f(CW\*(C`ev_signal\*(C'\fR
+which is called \f(CW\*(C`ev::sig\*(C'\fR to avoid clashes with the \f(CW\*(C`signal\*(C'\fR macro
+defined by many implementations.
+.Sp
+All of those classes have these methods:
+.RS 4
+.IP "ev::TYPE::TYPE ()" 4
+.IX Item "ev::TYPE::TYPE ()"
+.PD 0
+.IP "ev::TYPE::TYPE (loop)" 4
+.IX Item "ev::TYPE::TYPE (loop)"
+.IP "ev::TYPE::~TYPE" 4
+.IX Item "ev::TYPE::~TYPE"
+.PD
+The constructor (optionally) takes an event loop to associate the watcher
+with. If it is omitted, it will use \f(CW\*(C`EV_DEFAULT\*(C'\fR.
+.Sp
+The constructor calls \f(CW\*(C`ev_init\*(C'\fR for you, which means you have to call the
+\&\f(CW\*(C`set\*(C'\fR method before starting it.
+.Sp
+It will not set a callback, however: You have to call the templated \f(CW\*(C`set\*(C'\fR
+method to set a callback before you can start the watcher.
+.Sp
+(The reason why you have to use a method is a limitation in \*(C+ which does
+not allow explicit template arguments for constructors).
+.Sp
+The destructor automatically stops the watcher if it is active.
+.IP "w\->set<class, &class::method> (object *)" 4
+.IX Item "w->set<class, &class::method> (object *)"
+This method sets the callback method to call. The method has to have a
+signature of \f(CW\*(C`void (*)(ev_TYPE &, int)\*(C'\fR, it receives the watcher as
+first argument and the \f(CW\*(C`revents\*(C'\fR as second. The object must be given as
+parameter and is stored in the \f(CW\*(C`data\*(C'\fR member of the watcher.
+.Sp
+This method synthesizes efficient thunking code to call your method from
+the C callback that libev requires. If your compiler can inline your
+callback (i.e. it is visible to it at the place of the \f(CW\*(C`set\*(C'\fR call and
+your compiler is good :), then the method will be fully inlined into the
+thunking function, making it as fast as a direct C callback.
+.Sp
+Example: simple class declaration and watcher initialisation
+.Sp
+.Vb 4
+\&   struct myclass
+\&   {
+\&     void io_cb (ev::io &w, int revents) { }
+\&   }
+\&
+\&   myclass obj;
+\&   ev::io iow;
+\&   iow.set <myclass, &myclass::io_cb> (&obj);
+.Ve
+.IP "w\->set (object *)" 4
+.IX Item "w->set (object *)"
+This is a variation of a method callback \- leaving out the method to call
+will default the method to \f(CW\*(C`operator ()\*(C'\fR, which makes it possible to use
+functor objects without having to manually specify the \f(CW\*(C`operator ()\*(C'\fR all
+the time. Incidentally, you can then also leave out the template argument
+list.
+.Sp
+The \f(CW\*(C`operator ()\*(C'\fR method prototype must be \f(CW\*(C`void operator ()(watcher &w,
+int revents)\*(C'\fR.
+.Sp
+See the method\-\f(CW\*(C`set\*(C'\fR above for more details.
+.Sp
+Example: use a functor object as callback.
+.Sp
+.Vb 7
+\&   struct myfunctor
+\&   {
+\&     void operator() (ev::io &w, int revents)
+\&     {
+\&       ...
+\&     }
+\&   }
+\&
+\&   myfunctor f;
+\&
+\&   ev::io w;
+\&   w.set (&f);
+.Ve
+.IP "w\->set<function> (void *data = 0)" 4
+.IX Item "w->set<function> (void *data = 0)"
+Also sets a callback, but uses a static method or plain function as
+callback. The optional \f(CW\*(C`data\*(C'\fR argument will be stored in the watcher's
+\&\f(CW\*(C`data\*(C'\fR member and is free for you to use.
+.Sp
+The prototype of the \f(CW\*(C`function\*(C'\fR must be \f(CW\*(C`void (*)(ev::TYPE &w, int)\*(C'\fR.
+.Sp
+See the method\-\f(CW\*(C`set\*(C'\fR above for more details.
+.Sp
+Example: Use a plain function as callback.
+.Sp
+.Vb 2
+\&   static void io_cb (ev::io &w, int revents) { }
+\&   iow.set <io_cb> ();
+.Ve
+.IP "w\->set (loop)" 4
+.IX Item "w->set (loop)"
+Associates a different \f(CW\*(C`struct ev_loop\*(C'\fR with this watcher. You can only
+do this when the watcher is inactive (and not pending either).
+.IP "w\->set ([arguments])" 4
+.IX Item "w->set ([arguments])"
+Basically the same as \f(CW\*(C`ev_TYPE_set\*(C'\fR (except for \f(CW\*(C`ev::embed\*(C'\fR watchers>),
+with the same arguments. Either this method or a suitable start method
+must be called at least once. Unlike the C counterpart, an active watcher
+gets automatically stopped and restarted when reconfiguring it with this
+method.
+.Sp
+For \f(CW\*(C`ev::embed\*(C'\fR watchers this method is called \f(CW\*(C`set_embed\*(C'\fR, to avoid
+clashing with the \f(CW\*(C`set (loop)\*(C'\fR method.
+.Sp
+For \f(CW\*(C`ev::io\*(C'\fR watchers there is an additional \f(CW\*(C`set\*(C'\fR method that acepts a
+new event mask only, and internally calls \f(CW\*(C`ev_io_modfify\*(C'\fR.
+.IP "w\->start ()" 4
+.IX Item "w->start ()"
+Starts the watcher. Note that there is no \f(CW\*(C`loop\*(C'\fR argument, as the
+constructor already stores the event loop.
+.IP "w\->start ([arguments])" 4
+.IX Item "w->start ([arguments])"
+Instead of calling \f(CW\*(C`set\*(C'\fR and \f(CW\*(C`start\*(C'\fR methods separately, it is often
+convenient to wrap them in one call. Uses the same type of arguments as
+the configure \f(CW\*(C`set\*(C'\fR method of the watcher.
+.IP "w\->stop ()" 4
+.IX Item "w->stop ()"
+Stops the watcher if it is active. Again, no \f(CW\*(C`loop\*(C'\fR argument.
+.ie n .IP "w\->again () (""ev::timer"", ""ev::periodic"" only)" 4
+.el .IP "w\->again () (\f(CWev::timer\fR, \f(CWev::periodic\fR only)" 4
+.IX Item "w->again () (ev::timer, ev::periodic only)"
+For \f(CW\*(C`ev::timer\*(C'\fR and \f(CW\*(C`ev::periodic\*(C'\fR, this invokes the corresponding
+\&\f(CW\*(C`ev_TYPE_again\*(C'\fR function.
+.ie n .IP "w\->sweep () (""ev::embed"" only)" 4
+.el .IP "w\->sweep () (\f(CWev::embed\fR only)" 4
+.IX Item "w->sweep () (ev::embed only)"
+Invokes \f(CW\*(C`ev_embed_sweep\*(C'\fR.
+.ie n .IP "w\->update () (""ev::stat"" only)" 4
+.el .IP "w\->update () (\f(CWev::stat\fR only)" 4
+.IX Item "w->update () (ev::stat only)"
+Invokes \f(CW\*(C`ev_stat_stat\*(C'\fR.
+.RE
+.RS 4
+.RE
+.PP
+Example: Define a class with two I/O and idle watchers, start the I/O
+watchers in the constructor.
+.PP
+.Vb 5
+\&   class myclass
+\&   {
+\&     ev::io   io  ; void io_cb   (ev::io   &w, int revents);
+\&     ev::io   io2 ; void io2_cb  (ev::io   &w, int revents);
+\&     ev::idle idle; void idle_cb (ev::idle &w, int revents);
+\&
+\&     myclass (int fd)
+\&     {
+\&       io  .set <myclass, &myclass::io_cb  > (this);
+\&       io2 .set <myclass, &myclass::io2_cb > (this);
+\&       idle.set <myclass, &myclass::idle_cb> (this);
+\&
+\&       io.set (fd, ev::WRITE); // configure the watcher
+\&       io.start ();            // start it whenever convenient
+\&
+\&       io2.start (fd, ev::READ); // set + start in one call
+\&     }
+\&   };
+.Ve
+.SH "OTHER LANGUAGE BINDINGS"
+.IX Header "OTHER LANGUAGE BINDINGS"
+Libev does not offer other language bindings itself, but bindings for a
+number of languages exist in the form of third-party packages. If you know
+any interesting language binding in addition to the ones listed here, drop
+me a note.
+.IP "Perl" 4
+.IX Item "Perl"
+The \s-1EV\s0 module implements the full libev \s-1API\s0 and is actually used to test
+libev. \s-1EV\s0 is developed together with libev. Apart from the \s-1EV\s0 core module,
+there are additional modules that implement libev-compatible interfaces
+to \f(CW\*(C`libadns\*(C'\fR (\f(CW\*(C`EV::ADNS\*(C'\fR, but \f(CW\*(C`AnyEvent::DNS\*(C'\fR is preferred nowadays),
+\&\f(CW\*(C`Net::SNMP\*(C'\fR (\f(CW\*(C`Net::SNMP::EV\*(C'\fR) and the \f(CW\*(C`libglib\*(C'\fR event core (\f(CW\*(C`Glib::EV\*(C'\fR
+and \f(CW\*(C`EV::Glib\*(C'\fR).
+.Sp
+It can be found and installed via \s-1CPAN,\s0 its homepage is at
+<http://software.schmorp.de/pkg/EV>.
+.IP "Python" 4
+.IX Item "Python"
+Python bindings can be found at <http://code.google.com/p/pyev/>. It
+seems to be quite complete and well-documented.
+.IP "Ruby" 4
+.IX Item "Ruby"
+Tony Arcieri has written a ruby extension that offers access to a subset
+of the libev \s-1API\s0 and adds file handle abstractions, asynchronous \s-1DNS\s0 and
+more on top of it. It can be found via gem servers. Its homepage is at
+<http://rev.rubyforge.org/>.
+.Sp
+Roger Pack reports that using the link order \f(CW\*(C`\-lws2_32 \-lmsvcrt\-ruby\-190\*(C'\fR
+makes rev work even on mingw.
+.IP "Haskell" 4
+.IX Item "Haskell"
+A haskell binding to libev is available at
+<http://hackage.haskell.org/cgi\-bin/hackage\-scripts/package/hlibev>.
+.IP "D" 4
+.IX Item "D"
+Leandro Lucarella has written a D language binding (\fIev.d\fR) for libev, to
+be found at <http://www.llucax.com.ar/proj/ev.d/index.html>.
+.IP "Ocaml" 4
+.IX Item "Ocaml"
+Erkki Seppala has written Ocaml bindings for libev, to be found at
+<http://modeemi.cs.tut.fi/~flux/software/ocaml\-ev/>.
+.IP "Lua" 4
+.IX Item "Lua"
+Brian Maher has written a partial interface to libev for lua (at the
+time of this writing, only \f(CW\*(C`ev_io\*(C'\fR and \f(CW\*(C`ev_timer\*(C'\fR), to be found at
+<http://github.com/brimworks/lua\-ev>.
+.IP "Javascript" 4
+.IX Item "Javascript"
+Node.js (<http://nodejs.org>) uses libev as the underlying event library.
+.IP "Others" 4
+.IX Item "Others"
+There are others, and I stopped counting.
+.SH "MACRO MAGIC"
+.IX Header "MACRO MAGIC"
+Libev can be compiled with a variety of options, the most fundamental
+of which is \f(CW\*(C`EV_MULTIPLICITY\*(C'\fR. This option determines whether (most)
+functions and callbacks have an initial \f(CW\*(C`struct ev_loop *\*(C'\fR argument.
+.PP
+To make it easier to write programs that cope with either variant, the
+following macros are defined:
+.ie n .IP """EV_A"", ""EV_A_""" 4
+.el .IP "\f(CWEV_A\fR, \f(CWEV_A_\fR" 4
+.IX Item "EV_A, EV_A_"
+This provides the loop \fIargument\fR for functions, if one is required (\*(L"ev
+loop argument\*(R"). The \f(CW\*(C`EV_A\*(C'\fR form is used when this is the sole argument,
+\&\f(CW\*(C`EV_A_\*(C'\fR is used when other arguments are following. Example:
+.Sp
+.Vb 3
+\&   ev_unref (EV_A);
+\&   ev_timer_add (EV_A_ watcher);
+\&   ev_run (EV_A_ 0);
+.Ve
+.Sp
+It assumes the variable \f(CW\*(C`loop\*(C'\fR of type \f(CW\*(C`struct ev_loop *\*(C'\fR is in scope,
+which is often provided by the following macro.
+.ie n .IP """EV_P"", ""EV_P_""" 4
+.el .IP "\f(CWEV_P\fR, \f(CWEV_P_\fR" 4
+.IX Item "EV_P, EV_P_"
+This provides the loop \fIparameter\fR for functions, if one is required (\*(L"ev
+loop parameter\*(R"). The \f(CW\*(C`EV_P\*(C'\fR form is used when this is the sole parameter,
+\&\f(CW\*(C`EV_P_\*(C'\fR is used when other parameters are following. Example:
+.Sp
+.Vb 2
+\&   // this is how ev_unref is being declared
+\&   static void ev_unref (EV_P);
+\&
+\&   // this is how you can declare your typical callback
+\&   static void cb (EV_P_ ev_timer *w, int revents)
+.Ve
+.Sp
+It declares a parameter \f(CW\*(C`loop\*(C'\fR of type \f(CW\*(C`struct ev_loop *\*(C'\fR, quite
+suitable for use with \f(CW\*(C`EV_A\*(C'\fR.
+.ie n .IP """EV_DEFAULT"", ""EV_DEFAULT_""" 4
+.el .IP "\f(CWEV_DEFAULT\fR, \f(CWEV_DEFAULT_\fR" 4
+.IX Item "EV_DEFAULT, EV_DEFAULT_"
+Similar to the other two macros, this gives you the value of the default
+loop, if multiple loops are supported (\*(L"ev loop default\*(R"). The default loop
+will be initialised if it isn't already initialised.
+.Sp
+For non-multiplicity builds, these macros do nothing, so you always have
+to initialise the loop somewhere.
+.ie n .IP """EV_DEFAULT_UC"", ""EV_DEFAULT_UC_""" 4
+.el .IP "\f(CWEV_DEFAULT_UC\fR, \f(CWEV_DEFAULT_UC_\fR" 4
+.IX Item "EV_DEFAULT_UC, EV_DEFAULT_UC_"
+Usage identical to \f(CW\*(C`EV_DEFAULT\*(C'\fR and \f(CW\*(C`EV_DEFAULT_\*(C'\fR, but requires that the
+default loop has been initialised (\f(CW\*(C`UC\*(C'\fR == unchecked). Their behaviour
+is undefined when the default loop has not been initialised by a previous
+execution of \f(CW\*(C`EV_DEFAULT\*(C'\fR, \f(CW\*(C`EV_DEFAULT_\*(C'\fR or \f(CW\*(C`ev_default_init (...)\*(C'\fR.
+.Sp
+It is often prudent to use \f(CW\*(C`EV_DEFAULT\*(C'\fR when initialising the first
+watcher in a function but use \f(CW\*(C`EV_DEFAULT_UC\*(C'\fR afterwards.
+.PP
+Example: Declare and initialise a check watcher, utilising the above
+macros so it will work regardless of whether multiple loops are supported
+or not.
+.PP
+.Vb 5
+\&   static void
+\&   check_cb (EV_P_ ev_timer *w, int revents)
+\&   {
+\&     ev_check_stop (EV_A_ w);
+\&   }
+\&
+\&   ev_check check;
+\&   ev_check_init (&check, check_cb);
+\&   ev_check_start (EV_DEFAULT_ &check);
+\&   ev_run (EV_DEFAULT_ 0);
+.Ve
+.SH "EMBEDDING"
+.IX Header "EMBEDDING"
+Libev can (and often is) directly embedded into host
+applications. Examples of applications that embed it include the Deliantra
+Game Server, the \s-1EV\s0 perl module, the \s-1GNU\s0 Virtual Private Ethernet (gvpe)
+and rxvt-unicode.
+.PP
+The goal is to enable you to just copy the necessary files into your
+source directory without having to change even a single line in them, so
+you can easily upgrade by simply copying (or having a checked-out copy of
+libev somewhere in your source tree).
+.SS "\s-1FILESETS\s0"
+.IX Subsection "FILESETS"
+Depending on what features you need you need to include one or more sets of files
+in your application.
+.PP
+\fI\s-1CORE EVENT LOOP\s0\fR
+.IX Subsection "CORE EVENT LOOP"
+.PP
+To include only the libev core (all the \f(CW\*(C`ev_*\*(C'\fR functions), with manual
+configuration (no autoconf):
+.PP
+.Vb 2
+\&   #define EV_STANDALONE 1
+\&   #include "ev.c"
+.Ve
+.PP
+This will automatically include \fIev.h\fR, too, and should be done in a
+single C source file only to provide the function implementations. To use
+it, do the same for \fIev.h\fR in all files wishing to use this \s-1API\s0 (best
+done by writing a wrapper around \fIev.h\fR that you can include instead and
+where you can put other configuration options):
+.PP
+.Vb 2
+\&   #define EV_STANDALONE 1
+\&   #include "ev.h"
+.Ve
+.PP
+Both header files and implementation files can be compiled with a \*(C+
+compiler (at least, that's a stated goal, and breakage will be treated
+as a bug).
+.PP
+You need the following files in your source tree, or in a directory
+in your include path (e.g. in libev/ when using \-Ilibev):
+.PP
+.Vb 4
+\&   ev.h
+\&   ev.c
+\&   ev_vars.h
+\&   ev_wrap.h
+\&
+\&   ev_win32.c      required on win32 platforms only
+\&
+\&   ev_select.c     only when select backend is enabled
+\&   ev_poll.c       only when poll backend is enabled
+\&   ev_epoll.c      only when the epoll backend is enabled
+\&   ev_linuxaio.c   only when the linux aio backend is enabled
+\&   ev_iouring.c    only when the linux io_uring backend is enabled
+\&   ev_kqueue.c     only when the kqueue backend is enabled
+\&   ev_port.c       only when the solaris port backend is enabled
+.Ve
+.PP
+\&\fIev.c\fR includes the backend files directly when enabled, so you only need
+to compile this single file.
+.PP
+\fI\s-1LIBEVENT COMPATIBILITY API\s0\fR
+.IX Subsection "LIBEVENT COMPATIBILITY API"
+.PP
+To include the libevent compatibility \s-1API,\s0 also include:
+.PP
+.Vb 1
+\&   #include "event.c"
+.Ve
+.PP
+in the file including \fIev.c\fR, and:
+.PP
+.Vb 1
+\&   #include "event.h"
+.Ve
+.PP
+in the files that want to use the libevent \s-1API.\s0 This also includes \fIev.h\fR.
+.PP
+You need the following additional files for this:
+.PP
+.Vb 2
+\&   event.h
+\&   event.c
+.Ve
+.PP
+\fI\s-1AUTOCONF SUPPORT\s0\fR
+.IX Subsection "AUTOCONF SUPPORT"
+.PP
+Instead of using \f(CW\*(C`EV_STANDALONE=1\*(C'\fR and providing your configuration in
+whatever way you want, you can also \f(CW\*(C`m4_include([libev.m4])\*(C'\fR in your
+\&\fIconfigure.ac\fR and leave \f(CW\*(C`EV_STANDALONE\*(C'\fR undefined. \fIev.c\fR will then
+include \fIconfig.h\fR and configure itself accordingly.
+.PP
+For this of course you need the m4 file:
+.PP
+.Vb 1
+\&   libev.m4
+.Ve
+.SS "\s-1PREPROCESSOR SYMBOLS/MACROS\s0"
+.IX Subsection "PREPROCESSOR SYMBOLS/MACROS"
+Libev can be configured via a variety of preprocessor symbols you have to
+define before including (or compiling) any of its files. The default in
+the absence of autoconf is documented for every option.
+.PP
+Symbols marked with \*(L"(h)\*(R" do not change the \s-1ABI,\s0 and can have different
+values when compiling libev vs. including \fIev.h\fR, so it is permissible
+to redefine them before including \fIev.h\fR without breaking compatibility
+to a compiled library. All other symbols change the \s-1ABI,\s0 which means all
+users of libev and the libev code itself must be compiled with compatible
+settings.
+.IP "\s-1EV_COMPAT3\s0 (h)" 4
+.IX Item "EV_COMPAT3 (h)"
+Backwards compatibility is a major concern for libev. This is why this
+release of libev comes with wrappers for the functions and symbols that
+have been renamed between libev version 3 and 4.
+.Sp
+You can disable these wrappers (to test compatibility with future
+versions) by defining \f(CW\*(C`EV_COMPAT3\*(C'\fR to \f(CW0\fR when compiling your
+sources. This has the additional advantage that you can drop the \f(CW\*(C`struct\*(C'\fR
+from \f(CW\*(C`struct ev_loop\*(C'\fR declarations, as libev will provide an \f(CW\*(C`ev_loop\*(C'\fR
+typedef in that case.
+.Sp
+In some future version, the default for \f(CW\*(C`EV_COMPAT3\*(C'\fR will become \f(CW0\fR,
+and in some even more future version the compatibility code will be
+removed completely.
+.IP "\s-1EV_STANDALONE\s0 (h)" 4
+.IX Item "EV_STANDALONE (h)"
+Must always be \f(CW1\fR if you do not use autoconf configuration, which
+keeps libev from including \fIconfig.h\fR, and it also defines dummy
+implementations for some libevent functions (such as logging, which is not
+supported). It will also not define any of the structs usually found in
+\&\fIevent.h\fR that are not directly supported by the libev core alone.
+.Sp
+In standalone mode, libev will still try to automatically deduce the
+configuration, but has to be more conservative.
+.IP "\s-1EV_USE_FLOOR\s0" 4
+.IX Item "EV_USE_FLOOR"
+If defined to be \f(CW1\fR, libev will use the \f(CW\*(C`floor ()\*(C'\fR function for its
+periodic reschedule calculations, otherwise libev will fall back on a
+portable (slower) implementation. If you enable this, you usually have to
+link against libm or something equivalent. Enabling this when the \f(CW\*(C`floor\*(C'\fR
+function is not available will fail, so the safe default is to not enable
+this.
+.IP "\s-1EV_USE_MONOTONIC\s0" 4
+.IX Item "EV_USE_MONOTONIC"
+If defined to be \f(CW1\fR, libev will try to detect the availability of the
+monotonic clock option at both compile time and runtime. Otherwise no
+use of the monotonic clock option will be attempted. If you enable this,
+you usually have to link against librt or something similar. Enabling it
+when the functionality isn't available is safe, though, although you have
+to make sure you link against any libraries where the \f(CW\*(C`clock_gettime\*(C'\fR
+function is hiding in (often \fI\-lrt\fR). See also \f(CW\*(C`EV_USE_CLOCK_SYSCALL\*(C'\fR.
+.IP "\s-1EV_USE_REALTIME\s0" 4
+.IX Item "EV_USE_REALTIME"
+If defined to be \f(CW1\fR, libev will try to detect the availability of the
+real-time clock option at compile time (and assume its availability
+at runtime if successful). Otherwise no use of the real-time clock
+option will be attempted. This effectively replaces \f(CW\*(C`gettimeofday\*(C'\fR
+by \f(CW\*(C`clock_get (CLOCK_REALTIME, ...)\*(C'\fR and will not normally affect
+correctness. See the note about libraries in the description of
+\&\f(CW\*(C`EV_USE_MONOTONIC\*(C'\fR, though. Defaults to the opposite value of
+\&\f(CW\*(C`EV_USE_CLOCK_SYSCALL\*(C'\fR.
+.IP "\s-1EV_USE_CLOCK_SYSCALL\s0" 4
+.IX Item "EV_USE_CLOCK_SYSCALL"
+If defined to be \f(CW1\fR, libev will try to use a direct syscall instead
+of calling the system-provided \f(CW\*(C`clock_gettime\*(C'\fR function. This option
+exists because on GNU/Linux, \f(CW\*(C`clock_gettime\*(C'\fR is in \f(CW\*(C`librt\*(C'\fR, but \f(CW\*(C`librt\*(C'\fR
+unconditionally pulls in \f(CW\*(C`libpthread\*(C'\fR, slowing down single-threaded
+programs needlessly. Using a direct syscall is slightly slower (in
+theory), because no optimised vdso implementation can be used, but avoids
+the pthread dependency. Defaults to \f(CW1\fR on GNU/Linux with glibc 2.x or
+higher, as it simplifies linking (no need for \f(CW\*(C`\-lrt\*(C'\fR).
+.IP "\s-1EV_USE_NANOSLEEP\s0" 4
+.IX Item "EV_USE_NANOSLEEP"
+If defined to be \f(CW1\fR, libev will assume that \f(CW\*(C`nanosleep ()\*(C'\fR is available
+and will use it for delays. Otherwise it will use \f(CW\*(C`select ()\*(C'\fR.
+.IP "\s-1EV_USE_EVENTFD\s0" 4
+.IX Item "EV_USE_EVENTFD"
+If defined to be \f(CW1\fR, then libev will assume that \f(CW\*(C`eventfd ()\*(C'\fR is
+available and will probe for kernel support at runtime. This will improve
+\&\f(CW\*(C`ev_signal\*(C'\fR and \f(CW\*(C`ev_async\*(C'\fR performance and reduce resource consumption.
+If undefined, it will be enabled if the headers indicate GNU/Linux + Glibc
+2.7 or newer, otherwise disabled.
+.IP "\s-1EV_USE_SIGNALFD\s0" 4
+.IX Item "EV_USE_SIGNALFD"
+If defined to be \f(CW1\fR, then libev will assume that \f(CW\*(C`signalfd ()\*(C'\fR is
+available and will probe for kernel support at runtime. This enables
+the use of \s-1EVFLAG_SIGNALFD\s0 for faster and simpler signal handling. If
+undefined, it will be enabled if the headers indicate GNU/Linux + Glibc
+2.7 or newer, otherwise disabled.
+.IP "\s-1EV_USE_TIMERFD\s0" 4
+.IX Item "EV_USE_TIMERFD"
+If defined to be \f(CW1\fR, then libev will assume that \f(CW\*(C`timerfd ()\*(C'\fR is
+available and will probe for kernel support at runtime. This allows
+libev to detect time jumps accurately. If undefined, it will be enabled
+if the headers indicate GNU/Linux + Glibc 2.8 or newer and define
+\&\f(CW\*(C`TFD_TIMER_CANCEL_ON_SET\*(C'\fR, otherwise disabled.
+.IP "\s-1EV_USE_EVENTFD\s0" 4
+.IX Item "EV_USE_EVENTFD"
+If defined to be \f(CW1\fR, then libev will assume that \f(CW\*(C`eventfd ()\*(C'\fR is
+available and will probe for kernel support at runtime. This will improve
+\&\f(CW\*(C`ev_signal\*(C'\fR and \f(CW\*(C`ev_async\*(C'\fR performance and reduce resource consumption.
+If undefined, it will be enabled if the headers indicate GNU/Linux + Glibc
+2.7 or newer, otherwise disabled.
+.IP "\s-1EV_USE_SELECT\s0" 4
+.IX Item "EV_USE_SELECT"
+If undefined or defined to be \f(CW1\fR, libev will compile in support for the
+\&\f(CW\*(C`select\*(C'\fR(2) backend. No attempt at auto-detection will be done: if no
+other method takes over, select will be it. Otherwise the select backend
+will not be compiled in.
+.IP "\s-1EV_SELECT_USE_FD_SET\s0" 4
+.IX Item "EV_SELECT_USE_FD_SET"
+If defined to \f(CW1\fR, then the select backend will use the system \f(CW\*(C`fd_set\*(C'\fR
+structure. This is useful if libev doesn't compile due to a missing
+\&\f(CW\*(C`NFDBITS\*(C'\fR or \f(CW\*(C`fd_mask\*(C'\fR definition or it mis-guesses the bitset layout
+on exotic systems. This usually limits the range of file descriptors to
+some low limit such as 1024 or might have other limitations (winsocket
+only allows 64 sockets). The \f(CW\*(C`FD_SETSIZE\*(C'\fR macro, set before compilation,
+configures the maximum size of the \f(CW\*(C`fd_set\*(C'\fR.
+.IP "\s-1EV_SELECT_IS_WINSOCKET\s0" 4
+.IX Item "EV_SELECT_IS_WINSOCKET"
+When defined to \f(CW1\fR, the select backend will assume that
+select/socket/connect etc. don't understand file descriptors but
+wants osf handles on win32 (this is the case when the select to
+be used is the winsock select). This means that it will call
+\&\f(CW\*(C`_get_osfhandle\*(C'\fR on the fd to convert it to an \s-1OS\s0 handle. Otherwise,
+it is assumed that all these functions actually work on fds, even
+on win32. Should not be defined on non\-win32 platforms.
+.IP "\s-1EV_FD_TO_WIN32_HANDLE\s0(fd)" 4
+.IX Item "EV_FD_TO_WIN32_HANDLE(fd)"
+If \f(CW\*(C`EV_SELECT_IS_WINSOCKET\*(C'\fR is enabled, then libev needs a way to map
+file descriptors to socket handles. When not defining this symbol (the
+default), then libev will call \f(CW\*(C`_get_osfhandle\*(C'\fR, which is usually
+correct. In some cases, programs use their own file descriptor management,
+in which case they can provide this function to map fds to socket handles.
+.IP "\s-1EV_WIN32_HANDLE_TO_FD\s0(handle)" 4
+.IX Item "EV_WIN32_HANDLE_TO_FD(handle)"
+If \f(CW\*(C`EV_SELECT_IS_WINSOCKET\*(C'\fR then libev maps handles to file descriptors
+using the standard \f(CW\*(C`_open_osfhandle\*(C'\fR function. For programs implementing
+their own fd to handle mapping, overwriting this function makes it easier
+to do so. This can be done by defining this macro to an appropriate value.
+.IP "\s-1EV_WIN32_CLOSE_FD\s0(fd)" 4
+.IX Item "EV_WIN32_CLOSE_FD(fd)"
+If programs implement their own fd to handle mapping on win32, then this
+macro can be used to override the \f(CW\*(C`close\*(C'\fR function, useful to unregister
+file descriptors again. Note that the replacement function has to close
+the underlying \s-1OS\s0 handle.
+.IP "\s-1EV_USE_WSASOCKET\s0" 4
+.IX Item "EV_USE_WSASOCKET"
+If defined to be \f(CW1\fR, libev will use \f(CW\*(C`WSASocket\*(C'\fR to create its internal
+communication socket, which works better in some environments. Otherwise,
+the normal \f(CW\*(C`socket\*(C'\fR function will be used, which works better in other
+environments.
+.IP "\s-1EV_USE_POLL\s0" 4
+.IX Item "EV_USE_POLL"
+If defined to be \f(CW1\fR, libev will compile in support for the \f(CW\*(C`poll\*(C'\fR(2)
+backend. Otherwise it will be enabled on non\-win32 platforms. It
+takes precedence over select.
+.IP "\s-1EV_USE_EPOLL\s0" 4
+.IX Item "EV_USE_EPOLL"
+If defined to be \f(CW1\fR, libev will compile in support for the Linux
+\&\f(CW\*(C`epoll\*(C'\fR(7) backend. Its availability will be detected at runtime,
+otherwise another method will be used as fallback. This is the preferred
+backend for GNU/Linux systems. If undefined, it will be enabled if the
+headers indicate GNU/Linux + Glibc 2.4 or newer, otherwise disabled.
+.IP "\s-1EV_USE_LINUXAIO\s0" 4
+.IX Item "EV_USE_LINUXAIO"
+If defined to be \f(CW1\fR, libev will compile in support for the Linux aio
+backend (\f(CW\*(C`EV_USE_EPOLL\*(C'\fR must also be enabled). If undefined, it will be
+enabled on linux, otherwise disabled.
+.IP "\s-1EV_USE_IOURING\s0" 4
+.IX Item "EV_USE_IOURING"
+If defined to be \f(CW1\fR, libev will compile in support for the Linux
+io_uring backend (\f(CW\*(C`EV_USE_EPOLL\*(C'\fR must also be enabled). Due to it's
+current limitations it has to be requested explicitly. If undefined, it
+will be enabled on linux, otherwise disabled.
+.IP "\s-1EV_USE_KQUEUE\s0" 4
+.IX Item "EV_USE_KQUEUE"
+If defined to be \f(CW1\fR, libev will compile in support for the \s-1BSD\s0 style
+\&\f(CW\*(C`kqueue\*(C'\fR(2) backend. Its actual availability will be detected at runtime,
+otherwise another method will be used as fallback. This is the preferred
+backend for \s-1BSD\s0 and BSD-like systems, although on most BSDs kqueue only
+supports some types of fds correctly (the only platform we found that
+supports ptys for example was NetBSD), so kqueue might be compiled in, but
+not be used unless explicitly requested. The best way to use it is to find
+out whether kqueue supports your type of fd properly and use an embedded
+kqueue loop.
+.IP "\s-1EV_USE_PORT\s0" 4
+.IX Item "EV_USE_PORT"
+If defined to be \f(CW1\fR, libev will compile in support for the Solaris
+10 port style backend. Its availability will be detected at runtime,
+otherwise another method will be used as fallback. This is the preferred
+backend for Solaris 10 systems.
+.IP "\s-1EV_USE_DEVPOLL\s0" 4
+.IX Item "EV_USE_DEVPOLL"
+Reserved for future expansion, works like the \s-1USE\s0 symbols above.
+.IP "\s-1EV_USE_INOTIFY\s0" 4
+.IX Item "EV_USE_INOTIFY"
+If defined to be \f(CW1\fR, libev will compile in support for the Linux inotify
+interface to speed up \f(CW\*(C`ev_stat\*(C'\fR watchers. Its actual availability will
+be detected at runtime. If undefined, it will be enabled if the headers
+indicate GNU/Linux + Glibc 2.4 or newer, otherwise disabled.
+.IP "\s-1EV_NO_SMP\s0" 4
+.IX Item "EV_NO_SMP"
+If defined to be \f(CW1\fR, libev will assume that memory is always coherent
+between threads, that is, threads can be used, but threads never run on
+different cpus (or different cpu cores). This reduces dependencies
+and makes libev faster.
+.IP "\s-1EV_NO_THREADS\s0" 4
+.IX Item "EV_NO_THREADS"
+If defined to be \f(CW1\fR, libev will assume that it will never be called from
+different threads (that includes signal handlers), which is a stronger
+assumption than \f(CW\*(C`EV_NO_SMP\*(C'\fR, above. This reduces dependencies and makes
+libev faster.
+.IP "\s-1EV_ATOMIC_T\s0" 4
+.IX Item "EV_ATOMIC_T"
+Libev requires an integer type (suitable for storing \f(CW0\fR or \f(CW1\fR) whose
+access is atomic with respect to other threads or signal contexts. No
+such type is easily found in the C language, so you can provide your own
+type that you know is safe for your purposes. It is used both for signal
+handler \*(L"locking\*(R" as well as for signal and thread safety in \f(CW\*(C`ev_async\*(C'\fR
+watchers.
+.Sp
+In the absence of this define, libev will use \f(CW\*(C`sig_atomic_t volatile\*(C'\fR
+(from \fIsignal.h\fR), which is usually good enough on most platforms.
+.IP "\s-1EV_H\s0 (h)" 4
+.IX Item "EV_H (h)"
+The name of the \fIev.h\fR header file used to include it. The default if
+undefined is \f(CW"ev.h"\fR in \fIevent.h\fR, \fIev.c\fR and \fIev++.h\fR. This can be
+used to virtually rename the \fIev.h\fR header file in case of conflicts.
+.IP "\s-1EV_CONFIG_H\s0 (h)" 4
+.IX Item "EV_CONFIG_H (h)"
+If \f(CW\*(C`EV_STANDALONE\*(C'\fR isn't \f(CW1\fR, this variable can be used to override
+\&\fIev.c\fR's idea of where to find the \fIconfig.h\fR file, similarly to
+\&\f(CW\*(C`EV_H\*(C'\fR, above.
+.IP "\s-1EV_EVENT_H\s0 (h)" 4
+.IX Item "EV_EVENT_H (h)"
+Similarly to \f(CW\*(C`EV_H\*(C'\fR, this macro can be used to override \fIevent.c\fR's idea
+of how the \fIevent.h\fR header can be found, the default is \f(CW"event.h"\fR.
+.IP "\s-1EV_PROTOTYPES\s0 (h)" 4
+.IX Item "EV_PROTOTYPES (h)"
+If defined to be \f(CW0\fR, then \fIev.h\fR will not define any function
+prototypes, but still define all the structs and other symbols. This is
+occasionally useful if you want to provide your own wrapper functions
+around libev functions.
+.IP "\s-1EV_MULTIPLICITY\s0" 4
+.IX Item "EV_MULTIPLICITY"
+If undefined or defined to \f(CW1\fR, then all event-loop-specific functions
+will have the \f(CW\*(C`struct ev_loop *\*(C'\fR as first argument, and you can create
+additional independent event loops. Otherwise there will be no support
+for multiple event loops and there is no first event loop pointer
+argument. Instead, all functions act on the single default loop.
+.Sp
+Note that \f(CW\*(C`EV_DEFAULT\*(C'\fR and \f(CW\*(C`EV_DEFAULT_\*(C'\fR will no longer provide a
+default loop when multiplicity is switched off \- you always have to
+initialise the loop manually in this case.
+.IP "\s-1EV_MINPRI\s0" 4
+.IX Item "EV_MINPRI"
+.PD 0
+.IP "\s-1EV_MAXPRI\s0" 4
+.IX Item "EV_MAXPRI"
+.PD
+The range of allowed priorities. \f(CW\*(C`EV_MINPRI\*(C'\fR must be smaller or equal to
+\&\f(CW\*(C`EV_MAXPRI\*(C'\fR, but otherwise there are no non-obvious limitations. You can
+provide for more priorities by overriding those symbols (usually defined
+to be \f(CW\*(C`\-2\*(C'\fR and \f(CW2\fR, respectively).
+.Sp
+When doing priority-based operations, libev usually has to linearly search
+all the priorities, so having many of them (hundreds) uses a lot of space
+and time, so using the defaults of five priorities (\-2 .. +2) is usually
+fine.
+.Sp
+If your embedding application does not need any priorities, defining these
+both to \f(CW0\fR will save some memory and \s-1CPU.\s0
+.IP "\s-1EV_PERIODIC_ENABLE, EV_IDLE_ENABLE, EV_EMBED_ENABLE, EV_STAT_ENABLE, EV_PREPARE_ENABLE, EV_CHECK_ENABLE, EV_FORK_ENABLE, EV_SIGNAL_ENABLE, EV_ASYNC_ENABLE, EV_CHILD_ENABLE.\s0" 4
+.IX Item "EV_PERIODIC_ENABLE, EV_IDLE_ENABLE, EV_EMBED_ENABLE, EV_STAT_ENABLE, EV_PREPARE_ENABLE, EV_CHECK_ENABLE, EV_FORK_ENABLE, EV_SIGNAL_ENABLE, EV_ASYNC_ENABLE, EV_CHILD_ENABLE."
+If undefined or defined to be \f(CW1\fR (and the platform supports it), then
+the respective watcher type is supported. If defined to be \f(CW0\fR, then it
+is not. Disabling watcher types mainly saves code size.
+.IP "\s-1EV_FEATURES\s0" 4
+.IX Item "EV_FEATURES"
+If you need to shave off some kilobytes of code at the expense of some
+speed (but with the full \s-1API\s0), you can define this symbol to request
+certain subsets of functionality. The default is to enable all features
+that can be enabled on the platform.
+.Sp
+A typical way to use this symbol is to define it to \f(CW0\fR (or to a bitset
+with some broad features you want) and then selectively re-enable
+additional parts you want, for example if you want everything minimal,
+but multiple event loop support, async and child watchers and the poll
+backend, use this:
+.Sp
+.Vb 5
+\&   #define EV_FEATURES 0
+\&   #define EV_MULTIPLICITY 1
+\&   #define EV_USE_POLL 1
+\&   #define EV_CHILD_ENABLE 1
+\&   #define EV_ASYNC_ENABLE 1
+.Ve
+.Sp
+The actual value is a bitset, it can be a combination of the following
+values (by default, all of these are enabled):
+.RS 4
+.ie n .IP "1 \- faster/larger code" 4
+.el .IP "\f(CW1\fR \- faster/larger code" 4
+.IX Item "1 - faster/larger code"
+Use larger code to speed up some operations.
+.Sp
+Currently this is used to override some inlining decisions (enlarging the
+code size by roughly 30% on amd64).
+.Sp
+When optimising for size, use of compiler flags such as \f(CW\*(C`\-Os\*(C'\fR with
+gcc is recommended, as well as \f(CW\*(C`\-DNDEBUG\*(C'\fR, as libev contains a number of
+assertions.
+.Sp
+The default is off when \f(CW\*(C`_\|_OPTIMIZE_SIZE_\|_\*(C'\fR is defined by your compiler
+(e.g. gcc with \f(CW\*(C`\-Os\*(C'\fR).
+.ie n .IP "2 \- faster/larger data structures" 4
+.el .IP "\f(CW2\fR \- faster/larger data structures" 4
+.IX Item "2 - faster/larger data structures"
+Replaces the small 2\-heap for timer management by a faster 4\-heap, larger
+hash table sizes and so on. This will usually further increase code size
+and can additionally have an effect on the size of data structures at
+runtime.
+.Sp
+The default is off when \f(CW\*(C`_\|_OPTIMIZE_SIZE_\|_\*(C'\fR is defined by your compiler
+(e.g. gcc with \f(CW\*(C`\-Os\*(C'\fR).
+.ie n .IP "4 \- full \s-1API\s0 configuration" 4
+.el .IP "\f(CW4\fR \- full \s-1API\s0 configuration" 4
+.IX Item "4 - full API configuration"
+This enables priorities (sets \f(CW\*(C`EV_MAXPRI\*(C'\fR=2 and \f(CW\*(C`EV_MINPRI\*(C'\fR=\-2), and
+enables multiplicity (\f(CW\*(C`EV_MULTIPLICITY\*(C'\fR=1).
+.ie n .IP "8 \- full \s-1API\s0" 4
+.el .IP "\f(CW8\fR \- full \s-1API\s0" 4
+.IX Item "8 - full API"
+This enables a lot of the \*(L"lesser used\*(R" \s-1API\s0 functions. See \f(CW\*(C`ev.h\*(C'\fR for
+details on which parts of the \s-1API\s0 are still available without this
+feature, and do not complain if this subset changes over time.
+.ie n .IP "16 \- enable all optional watcher types" 4
+.el .IP "\f(CW16\fR \- enable all optional watcher types" 4
+.IX Item "16 - enable all optional watcher types"
+Enables all optional watcher types.  If you want to selectively enable
+only some watcher types other than I/O and timers (e.g. prepare,
+embed, async, child...) you can enable them manually by defining
+\&\f(CW\*(C`EV_watchertype_ENABLE\*(C'\fR to \f(CW1\fR instead.
+.ie n .IP "32 \- enable all backends" 4
+.el .IP "\f(CW32\fR \- enable all backends" 4
+.IX Item "32 - enable all backends"
+This enables all backends \- without this feature, you need to enable at
+least one backend manually (\f(CW\*(C`EV_USE_SELECT\*(C'\fR is a good choice).
+.ie n .IP "64 \- enable OS-specific ""helper"" APIs" 4
+.el .IP "\f(CW64\fR \- enable OS-specific ``helper'' APIs" 4
+.IX Item "64 - enable OS-specific helper APIs"
+Enable inotify, eventfd, signalfd and similar OS-specific helper APIs by
+default.
+.RE
+.RS 4
+.Sp
+Compiling with \f(CW\*(C`gcc \-Os \-DEV_STANDALONE \-DEV_USE_EPOLL=1 \-DEV_FEATURES=0\*(C'\fR
+reduces the compiled size of libev from 24.7Kb code/2.8Kb data to 6.5Kb
+code/0.3Kb data on my GNU/Linux amd64 system, while still giving you I/O
+watchers, timers and monotonic clock support.
+.Sp
+With an intelligent-enough linker (gcc+binutils are intelligent enough
+when you use \f(CW\*(C`\-Wl,\-\-gc\-sections \-ffunction\-sections\*(C'\fR) functions unused by
+your program might be left out as well \- a binary starting a timer and an
+I/O watcher then might come out at only 5Kb.
+.RE
+.IP "\s-1EV_API_STATIC\s0" 4
+.IX Item "EV_API_STATIC"
+If this symbol is defined (by default it is not), then all identifiers
+will have static linkage. This means that libev will not export any
+identifiers, and you cannot link against libev anymore. This can be useful
+when you embed libev, only want to use libev functions in a single file,
+and do not want its identifiers to be visible.
+.Sp
+To use this, define \f(CW\*(C`EV_API_STATIC\*(C'\fR and include \fIev.c\fR in the file that
+wants to use libev.
+.Sp
+This option only works when libev is compiled with a C compiler, as \*(C+
+doesn't support the required declaration syntax.
+.IP "\s-1EV_AVOID_STDIO\s0" 4
+.IX Item "EV_AVOID_STDIO"
+If this is set to \f(CW1\fR at compiletime, then libev will avoid using stdio
+functions (printf, scanf, perror etc.). This will increase the code size
+somewhat, but if your program doesn't otherwise depend on stdio and your
+libc allows it, this avoids linking in the stdio library which is quite
+big.
+.Sp
+Note that error messages might become less precise when this option is
+enabled.
+.IP "\s-1EV_NSIG\s0" 4
+.IX Item "EV_NSIG"
+The highest supported signal number, +1 (or, the number of
+signals): Normally, libev tries to deduce the maximum number of signals
+automatically, but sometimes this fails, in which case it can be
+specified. Also, using a lower number than detected (\f(CW32\fR should be
+good for about any system in existence) can save some memory, as libev
+statically allocates some 12\-24 bytes per signal number.
+.IP "\s-1EV_PID_HASHSIZE\s0" 4
+.IX Item "EV_PID_HASHSIZE"
+\&\f(CW\*(C`ev_child\*(C'\fR watchers use a small hash table to distribute workload by
+pid. The default size is \f(CW16\fR (or \f(CW1\fR with \f(CW\*(C`EV_FEATURES\*(C'\fR disabled),
+usually more than enough. If you need to manage thousands of children you
+might want to increase this value (\fImust\fR be a power of two).
+.IP "\s-1EV_INOTIFY_HASHSIZE\s0" 4
+.IX Item "EV_INOTIFY_HASHSIZE"
+\&\f(CW\*(C`ev_stat\*(C'\fR watchers use a small hash table to distribute workload by
+inotify watch id. The default size is \f(CW16\fR (or \f(CW1\fR with \f(CW\*(C`EV_FEATURES\*(C'\fR
+disabled), usually more than enough. If you need to manage thousands of
+\&\f(CW\*(C`ev_stat\*(C'\fR watchers you might want to increase this value (\fImust\fR be a
+power of two).
+.IP "\s-1EV_USE_4HEAP\s0" 4
+.IX Item "EV_USE_4HEAP"
+Heaps are not very cache-efficient. To improve the cache-efficiency of the
+timer and periodics heaps, libev uses a 4\-heap when this symbol is defined
+to \f(CW1\fR. The 4\-heap uses more complicated (longer) code but has noticeably
+faster performance with many (thousands) of watchers.
+.Sp
+The default is \f(CW1\fR, unless \f(CW\*(C`EV_FEATURES\*(C'\fR overrides it, in which case it
+will be \f(CW0\fR.
+.IP "\s-1EV_HEAP_CACHE_AT\s0" 4
+.IX Item "EV_HEAP_CACHE_AT"
+Heaps are not very cache-efficient. To improve the cache-efficiency of the
+timer and periodics heaps, libev can cache the timestamp (\fIat\fR) within
+the heap structure (selected by defining \f(CW\*(C`EV_HEAP_CACHE_AT\*(C'\fR to \f(CW1\fR),
+which uses 8\-12 bytes more per watcher and a few hundred bytes more code,
+but avoids random read accesses on heap changes. This improves performance
+noticeably with many (hundreds) of watchers.
+.Sp
+The default is \f(CW1\fR, unless \f(CW\*(C`EV_FEATURES\*(C'\fR overrides it, in which case it
+will be \f(CW0\fR.
+.IP "\s-1EV_VERIFY\s0" 4
+.IX Item "EV_VERIFY"
+Controls how much internal verification (see \f(CW\*(C`ev_verify ()\*(C'\fR) will
+be done: If set to \f(CW0\fR, no internal verification code will be compiled
+in. If set to \f(CW1\fR, then verification code will be compiled in, but not
+called. If set to \f(CW2\fR, then the internal verification code will be
+called once per loop, which can slow down libev. If set to \f(CW3\fR, then the
+verification code will be called very frequently, which will slow down
+libev considerably.
+.Sp
+Verification errors are reported via C's \f(CW\*(C`assert\*(C'\fR mechanism, so if you
+disable that (e.g. by defining \f(CW\*(C`NDEBUG\*(C'\fR) then no errors will be reported.
+.Sp
+The default is \f(CW1\fR, unless \f(CW\*(C`EV_FEATURES\*(C'\fR overrides it, in which case it
+will be \f(CW0\fR.
+.IP "\s-1EV_COMMON\s0" 4
+.IX Item "EV_COMMON"
+By default, all watchers have a \f(CW\*(C`void *data\*(C'\fR member. By redefining
+this macro to something else you can include more and other types of
+members. You have to define it each time you include one of the files,
+though, and it must be identical each time.
+.Sp
+For example, the perl \s-1EV\s0 module uses something like this:
+.Sp
+.Vb 3
+\&   #define EV_COMMON                       \e
+\&     SV *self; /* contains this struct */  \e
+\&     SV *cb_sv, *fh /* note no trailing ";" */
+.Ve
+.IP "\s-1EV_CB_DECLARE\s0 (type)" 4
+.IX Item "EV_CB_DECLARE (type)"
+.PD 0
+.IP "\s-1EV_CB_INVOKE\s0 (watcher, revents)" 4
+.IX Item "EV_CB_INVOKE (watcher, revents)"
+.IP "ev_set_cb (ev, cb)" 4
+.IX Item "ev_set_cb (ev, cb)"
+.PD
+Can be used to change the callback member declaration in each watcher,
+and the way callbacks are invoked and set. Must expand to a struct member
+definition and a statement, respectively. See the \fIev.h\fR header file for
+their default definitions. One possible use for overriding these is to
+avoid the \f(CW\*(C`struct ev_loop *\*(C'\fR as first argument in all cases, or to use
+method calls instead of plain function calls in \*(C+.
+.SS "\s-1EXPORTED API SYMBOLS\s0"
+.IX Subsection "EXPORTED API SYMBOLS"
+If you need to re-export the \s-1API\s0 (e.g. via a \s-1DLL\s0) and you need a list of
+exported symbols, you can use the provided \fISymbol.*\fR files which list
+all public symbols, one per line:
+.PP
+.Vb 2
+\&   Symbols.ev      for libev proper
+\&   Symbols.event   for the libevent emulation
+.Ve
+.PP
+This can also be used to rename all public symbols to avoid clashes with
+multiple versions of libev linked together (which is obviously bad in
+itself, but sometimes it is inconvenient to avoid this).
+.PP
+A sed command like this will create wrapper \f(CW\*(C`#define\*(C'\fR's that you need to
+include before including \fIev.h\fR:
+.PP
+.Vb 1
+\&   <Symbols.ev sed \-e "s/.*/#define & myprefix_&/" >wrap.h
+.Ve
+.PP
+This would create a file \fIwrap.h\fR which essentially looks like this:
+.PP
+.Vb 4
+\&   #define ev_backend     myprefix_ev_backend
+\&   #define ev_check_start myprefix_ev_check_start
+\&   #define ev_check_stop  myprefix_ev_check_stop
+\&   ...
+.Ve
+.SS "\s-1EXAMPLES\s0"
+.IX Subsection "EXAMPLES"
+For a real-world example of a program the includes libev
+verbatim, you can have a look at the \s-1EV\s0 perl module
+(<http://software.schmorp.de/pkg/EV.html>). It has the libev files in
+the \fIlibev/\fR subdirectory and includes them in the \fI\s-1EV/EVAPI\s0.h\fR (public
+interface) and \fI\s-1EV\s0.xs\fR (implementation) files. Only the \fI\s-1EV\s0.xs\fR file
+will be compiled. It is pretty complex because it provides its own header
+file.
+.PP
+The usage in rxvt-unicode is simpler. It has a \fIev_cpp.h\fR header file
+that everybody includes and which overrides some configure choices:
+.PP
+.Vb 8
+\&   #define EV_FEATURES 8
+\&   #define EV_USE_SELECT 1
+\&   #define EV_PREPARE_ENABLE 1
+\&   #define EV_IDLE_ENABLE 1
+\&   #define EV_SIGNAL_ENABLE 1
+\&   #define EV_CHILD_ENABLE 1
+\&   #define EV_USE_STDEXCEPT 0
+\&   #define EV_CONFIG_H <config.h>
+\&
+\&   #include "ev++.h"
+.Ve
+.PP
+And a \fIev_cpp.C\fR implementation file that contains libev proper and is compiled:
+.PP
+.Vb 2
+\&   #include "ev_cpp.h"
+\&   #include "ev.c"
+.Ve
+.SH "INTERACTION WITH OTHER PROGRAMS, LIBRARIES OR THE ENVIRONMENT"
+.IX Header "INTERACTION WITH OTHER PROGRAMS, LIBRARIES OR THE ENVIRONMENT"
+.SS "\s-1THREADS AND COROUTINES\s0"
+.IX Subsection "THREADS AND COROUTINES"
+\fI\s-1THREADS\s0\fR
+.IX Subsection "THREADS"
+.PP
+All libev functions are reentrant and thread-safe unless explicitly
+documented otherwise, but libev implements no locking itself. This means
+that you can use as many loops as you want in parallel, as long as there
+are no concurrent calls into any libev function with the same loop
+parameter (\f(CW\*(C`ev_default_*\*(C'\fR calls have an implicit default loop parameter,
+of course): libev guarantees that different event loops share no data
+structures that need any locking.
+.PP
+Or to put it differently: calls with different loop parameters can be done
+concurrently from multiple threads, calls with the same loop parameter
+must be done serially (but can be done from different threads, as long as
+only one thread ever is inside a call at any point in time, e.g. by using
+a mutex per loop).
+.PP
+Specifically to support threads (and signal handlers), libev implements
+so-called \f(CW\*(C`ev_async\*(C'\fR watchers, which allow some limited form of
+concurrency on the same event loop, namely waking it up \*(L"from the
+outside\*(R".
+.PP
+If you want to know which design (one loop, locking, or multiple loops
+without or something else still) is best for your problem, then I cannot
+help you, but here is some generic advice:
+.IP "\(bu" 4
+most applications have a main thread: use the default libev loop
+in that thread, or create a separate thread running only the default loop.
+.Sp
+This helps integrating other libraries or software modules that use libev
+themselves and don't care/know about threading.
+.IP "\(bu" 4
+one loop per thread is usually a good model.
+.Sp
+Doing this is almost never wrong, sometimes a better-performance model
+exists, but it is always a good start.
+.IP "\(bu" 4
+other models exist, such as the leader/follower pattern, where one
+loop is handed through multiple threads in a kind of round-robin fashion.
+.Sp
+Choosing a model is hard \- look around, learn, know that usually you can do
+better than you currently do :\-)
+.IP "\(bu" 4
+often you need to talk to some other thread which blocks in the
+event loop.
+.Sp
+\&\f(CW\*(C`ev_async\*(C'\fR watchers can be used to wake them up from other threads safely
+(or from signal contexts...).
+.Sp
+An example use would be to communicate signals or other events that only
+work in the default loop by registering the signal watcher with the
+default loop and triggering an \f(CW\*(C`ev_async\*(C'\fR watcher from the default loop
+watcher callback into the event loop interested in the signal.
+.PP
+See also \*(L"\s-1THREAD LOCKING EXAMPLE\*(R"\s0.
+.PP
+\fI\s-1COROUTINES\s0\fR
+.IX Subsection "COROUTINES"
+.PP
+Libev is very accommodating to coroutines (\*(L"cooperative threads\*(R"):
+libev fully supports nesting calls to its functions from different
+coroutines (e.g. you can call \f(CW\*(C`ev_run\*(C'\fR on the same loop from two
+different coroutines, and switch freely between both coroutines running
+the loop, as long as you don't confuse yourself). The only exception is
+that you must not do this from \f(CW\*(C`ev_periodic\*(C'\fR reschedule callbacks.
+.PP
+Care has been taken to ensure that libev does not keep local state inside
+\&\f(CW\*(C`ev_run\*(C'\fR, and other calls do not usually allow for coroutine switches as
+they do not call any callbacks.
+.SS "\s-1COMPILER WARNINGS\s0"
+.IX Subsection "COMPILER WARNINGS"
+Depending on your compiler and compiler settings, you might get no or a
+lot of warnings when compiling libev code. Some people are apparently
+scared by this.
+.PP
+However, these are unavoidable for many reasons. For one, each compiler
+has different warnings, and each user has different tastes regarding
+warning options. \*(L"Warn-free\*(R" code therefore cannot be a goal except when
+targeting a specific compiler and compiler-version.
+.PP
+Another reason is that some compiler warnings require elaborate
+workarounds, or other changes to the code that make it less clear and less
+maintainable.
+.PP
+And of course, some compiler warnings are just plain stupid, or simply
+wrong (because they don't actually warn about the condition their message
+seems to warn about). For example, certain older gcc versions had some
+warnings that resulted in an extreme number of false positives. These have
+been fixed, but some people still insist on making code warn-free with
+such buggy versions.
+.PP
+While libev is written to generate as few warnings as possible,
+\&\*(L"warn-free\*(R" code is not a goal, and it is recommended not to build libev
+with any compiler warnings enabled unless you are prepared to cope with
+them (e.g. by ignoring them). Remember that warnings are just that:
+warnings, not errors, or proof of bugs.
+.SS "\s-1VALGRIND\s0"
+.IX Subsection "VALGRIND"
+Valgrind has a special section here because it is a popular tool that is
+highly useful. Unfortunately, valgrind reports are very hard to interpret.
+.PP
+If you think you found a bug (memory leak, uninitialised data access etc.)
+in libev, then check twice: If valgrind reports something like:
+.PP
+.Vb 3
+\&   ==2274==    definitely lost: 0 bytes in 0 blocks.
+\&   ==2274==      possibly lost: 0 bytes in 0 blocks.
+\&   ==2274==    still reachable: 256 bytes in 1 blocks.
+.Ve
+.PP
+Then there is no memory leak, just as memory accounted to global variables
+is not a memleak \- the memory is still being referenced, and didn't leak.
+.PP
+Similarly, under some circumstances, valgrind might report kernel bugs
+as if it were a bug in libev (e.g. in realloc or in the poll backend,
+although an acceptable workaround has been found here), or it might be
+confused.
+.PP
+Keep in mind that valgrind is a very good tool, but only a tool. Don't
+make it into some kind of religion.
+.PP
+If you are unsure about something, feel free to contact the mailing list
+with the full valgrind report and an explanation on why you think this
+is a bug in libev (best check the archives, too :). However, don't be
+annoyed when you get a brisk \*(L"this is no bug\*(R" answer and take the chance
+of learning how to interpret valgrind properly.
+.PP
+If you need, for some reason, empty reports from valgrind for your project
+I suggest using suppression lists.
+.SH "PORTABILITY NOTES"
+.IX Header "PORTABILITY NOTES"
+.SS "\s-1GNU/LINUX 32 BIT LIMITATIONS\s0"
+.IX Subsection "GNU/LINUX 32 BIT LIMITATIONS"
+GNU/Linux is the only common platform that supports 64 bit file/large file
+interfaces but \fIdisables\fR them by default.
+.PP
+That means that libev compiled in the default environment doesn't support
+files larger than 2GiB or so, which mainly affects \f(CW\*(C`ev_stat\*(C'\fR watchers.
+.PP
+Unfortunately, many programs try to work around this GNU/Linux issue
+by enabling the large file \s-1API,\s0 which makes them incompatible with the
+standard libev compiled for their system.
+.PP
+Likewise, libev cannot enable the large file \s-1API\s0 itself as this would
+suddenly make it incompatible to the default compile time environment,
+i.e. all programs not using special compile switches.
+.SS "\s-1OS/X AND DARWIN BUGS\s0"
+.IX Subsection "OS/X AND DARWIN BUGS"
+The whole thing is a bug if you ask me \- basically any system interface
+you touch is broken, whether it is locales, poll, kqueue or even the
+OpenGL drivers.
+.PP
+\fI\f(CI\*(C`kqueue\*(C'\fI is buggy\fR
+.IX Subsection "kqueue is buggy"
+.PP
+The kqueue syscall is broken in all known versions \- most versions support
+only sockets, many support pipes.
+.PP
+Libev tries to work around this by not using \f(CW\*(C`kqueue\*(C'\fR by default on this
+rotten platform, but of course you can still ask for it when creating a
+loop \- embedding a socket-only kqueue loop into a select-based one is
+probably going to work well.
+.PP
+\fI\f(CI\*(C`poll\*(C'\fI is buggy\fR
+.IX Subsection "poll is buggy"
+.PP
+Instead of fixing \f(CW\*(C`kqueue\*(C'\fR, Apple replaced their (working) \f(CW\*(C`poll\*(C'\fR
+implementation by something calling \f(CW\*(C`kqueue\*(C'\fR internally around the 10.5.6
+release, so now \f(CW\*(C`kqueue\*(C'\fR \fIand\fR \f(CW\*(C`poll\*(C'\fR are broken.
+.PP
+Libev tries to work around this by not using \f(CW\*(C`poll\*(C'\fR by default on
+this rotten platform, but of course you can still ask for it when creating
+a loop.
+.PP
+\fI\f(CI\*(C`select\*(C'\fI is buggy\fR
+.IX Subsection "select is buggy"
+.PP
+All that's left is \f(CW\*(C`select\*(C'\fR, and of course Apple found a way to fuck this
+one up as well: On \s-1OS/X,\s0 \f(CW\*(C`select\*(C'\fR actively limits the number of file
+descriptors you can pass in to 1024 \- your program suddenly crashes when
+you use more.
+.PP
+There is an undocumented \*(L"workaround\*(R" for this \- defining
+\&\f(CW\*(C`_DARWIN_UNLIMITED_SELECT\*(C'\fR, which libev tries to use, so select \fIshould\fR
+work on \s-1OS/X.\s0
+.SS "\s-1SOLARIS PROBLEMS AND WORKAROUNDS\s0"
+.IX Subsection "SOLARIS PROBLEMS AND WORKAROUNDS"
+\fI\f(CI\*(C`errno\*(C'\fI reentrancy\fR
+.IX Subsection "errno reentrancy"
+.PP
+The default compile environment on Solaris is unfortunately so
+thread-unsafe that you can't even use components/libraries compiled
+without \f(CW\*(C`\-D_REENTRANT\*(C'\fR in a threaded program, which, of course, isn't
+defined by default. A valid, if stupid, implementation choice.
+.PP
+If you want to use libev in threaded environments you have to make sure
+it's compiled with \f(CW\*(C`_REENTRANT\*(C'\fR defined.
+.PP
+\fIEvent port backend\fR
+.IX Subsection "Event port backend"
+.PP
+The scalable event interface for Solaris is called \*(L"event
+ports\*(R". Unfortunately, this mechanism is very buggy in all major
+releases. If you run into high \s-1CPU\s0 usage, your program freezes or you get
+a large number of spurious wakeups, make sure you have all the relevant
+and latest kernel patches applied. No, I don't know which ones, but there
+are multiple ones to apply, and afterwards, event ports actually work
+great.
+.PP
+If you can't get it to work, you can try running the program by setting
+the environment variable \f(CW\*(C`LIBEV_FLAGS=3\*(C'\fR to only allow \f(CW\*(C`poll\*(C'\fR and
+\&\f(CW\*(C`select\*(C'\fR backends.
+.SS "\s-1AIX POLL BUG\s0"
+.IX Subsection "AIX POLL BUG"
+\&\s-1AIX\s0 unfortunately has a broken \f(CW\*(C`poll.h\*(C'\fR header. Libev works around
+this by trying to avoid the poll backend altogether (i.e. it's not even
+compiled in), which normally isn't a big problem as \f(CW\*(C`select\*(C'\fR works fine
+with large bitsets on \s-1AIX,\s0 and \s-1AIX\s0 is dead anyway.
+.SS "\s-1WIN32 PLATFORM LIMITATIONS AND WORKAROUNDS\s0"
+.IX Subsection "WIN32 PLATFORM LIMITATIONS AND WORKAROUNDS"
+\fIGeneral issues\fR
+.IX Subsection "General issues"
+.PP
+Win32 doesn't support any of the standards (e.g. \s-1POSIX\s0) that libev
+requires, and its I/O model is fundamentally incompatible with the \s-1POSIX\s0
+model. Libev still offers limited functionality on this platform in
+the form of the \f(CW\*(C`EVBACKEND_SELECT\*(C'\fR backend, and only supports socket
+descriptors. This only applies when using Win32 natively, not when using
+e.g. cygwin. Actually, it only applies to the microsofts own compilers,
+as every compiler comes with a slightly differently broken/incompatible
+environment.
+.PP
+Lifting these limitations would basically require the full
+re-implementation of the I/O system. If you are into this kind of thing,
+then note that glib does exactly that for you in a very portable way (note
+also that glib is the slowest event library known to man).
+.PP
+There is no supported compilation method available on windows except
+embedding it into other applications.
+.PP
+Sensible signal handling is officially unsupported by Microsoft \- libev
+tries its best, but under most conditions, signals will simply not work.
+.PP
+Not a libev limitation but worth mentioning: windows apparently doesn't
+accept large writes: instead of resulting in a partial write, windows will
+either accept everything or return \f(CW\*(C`ENOBUFS\*(C'\fR if the buffer is too large,
+so make sure you only write small amounts into your sockets (less than a
+megabyte seems safe, but this apparently depends on the amount of memory
+available).
+.PP
+Due to the many, low, and arbitrary limits on the win32 platform and
+the abysmal performance of winsockets, using a large number of sockets
+is not recommended (and not reasonable). If your program needs to use
+more than a hundred or so sockets, then likely it needs to use a totally
+different implementation for windows, as libev offers the \s-1POSIX\s0 readiness
+notification model, which cannot be implemented efficiently on windows
+(due to Microsoft monopoly games).
+.PP
+A typical way to use libev under windows is to embed it (see the embedding
+section for details) and use the following \fIevwrap.h\fR header file instead
+of \fIev.h\fR:
+.PP
+.Vb 2
+\&   #define EV_STANDALONE              /* keeps ev from requiring config.h */
+\&   #define EV_SELECT_IS_WINSOCKET 1   /* configure libev for windows select */
+\&
+\&   #include "ev.h"
+.Ve
+.PP
+And compile the following \fIevwrap.c\fR file into your project (make sure
+you do \fInot\fR compile the \fIev.c\fR or any other embedded source files!):
+.PP
+.Vb 2
+\&   #include "evwrap.h"
+\&   #include "ev.c"
+.Ve
+.PP
+\fIThe winsocket \f(CI\*(C`select\*(C'\fI function\fR
+.IX Subsection "The winsocket select function"
+.PP
+The winsocket \f(CW\*(C`select\*(C'\fR function doesn't follow \s-1POSIX\s0 in that it
+requires socket \fIhandles\fR and not socket \fIfile descriptors\fR (it is
+also extremely buggy). This makes select very inefficient, and also
+requires a mapping from file descriptors to socket handles (the Microsoft
+C runtime provides the function \f(CW\*(C`_open_osfhandle\*(C'\fR for this). See the
+discussion of the \f(CW\*(C`EV_SELECT_USE_FD_SET\*(C'\fR, \f(CW\*(C`EV_SELECT_IS_WINSOCKET\*(C'\fR and
+\&\f(CW\*(C`EV_FD_TO_WIN32_HANDLE\*(C'\fR preprocessor symbols for more info.
+.PP
+The configuration for a \*(L"naked\*(R" win32 using the Microsoft runtime
+libraries and raw winsocket select is:
+.PP
+.Vb 2
+\&   #define EV_USE_SELECT 1
+\&   #define EV_SELECT_IS_WINSOCKET 1   /* forces EV_SELECT_USE_FD_SET, too */
+.Ve
+.PP
+Note that winsockets handling of fd sets is O(n), so you can easily get a
+complexity in the O(nX) range when using win32.
+.PP
+\fILimited number of file descriptors\fR
+.IX Subsection "Limited number of file descriptors"
+.PP
+Windows has numerous arbitrary (and low) limits on things.
+.PP
+Early versions of winsocket's select only supported waiting for a maximum
+of \f(CW64\fR handles (probably owning to the fact that all windows kernels
+can only wait for \f(CW64\fR things at the same time internally; Microsoft
+recommends spawning a chain of threads and wait for 63 handles and the
+previous thread in each. Sounds great!).
+.PP
+Newer versions support more handles, but you need to define \f(CW\*(C`FD_SETSIZE\*(C'\fR
+to some high number (e.g. \f(CW2048\fR) before compiling the winsocket select
+call (which might be in libev or elsewhere, for example, perl and many
+other interpreters do their own select emulation on windows).
+.PP
+Another limit is the number of file descriptors in the Microsoft runtime
+libraries, which by default is \f(CW64\fR (there must be a hidden \fI64\fR
+fetish or something like this inside Microsoft). You can increase this
+by calling \f(CW\*(C`_setmaxstdio\*(C'\fR, which can increase this limit to \f(CW2048\fR
+(another arbitrary limit), but is broken in many versions of the Microsoft
+runtime libraries. This might get you to about \f(CW512\fR or \f(CW2048\fR sockets
+(depending on windows version and/or the phase of the moon). To get more,
+you need to wrap all I/O functions and provide your own fd management, but
+the cost of calling select (O(nX)) will likely make this unworkable.
+.SS "\s-1PORTABILITY REQUIREMENTS\s0"
+.IX Subsection "PORTABILITY REQUIREMENTS"
+In addition to a working ISO-C implementation and of course the
+backend-specific APIs, libev relies on a few additional extensions:
+.ie n .IP """void (*)(ev_watcher_type *, int revents)"" must have compatible calling conventions regardless of ""ev_watcher_type *""." 4
+.el .IP "\f(CWvoid (*)(ev_watcher_type *, int revents)\fR must have compatible calling conventions regardless of \f(CWev_watcher_type *\fR." 4
+.IX Item "void (*)(ev_watcher_type *, int revents) must have compatible calling conventions regardless of ev_watcher_type *."
+Libev assumes not only that all watcher pointers have the same internal
+structure (guaranteed by \s-1POSIX\s0 but not by \s-1ISO C\s0 for example), but it also
+assumes that the same (machine) code can be used to call any watcher
+callback: The watcher callbacks have different type signatures, but libev
+calls them using an \f(CW\*(C`ev_watcher *\*(C'\fR internally.
+.IP "null pointers and integer zero are represented by 0 bytes" 4
+.IX Item "null pointers and integer zero are represented by 0 bytes"
+Libev uses \f(CW\*(C`memset\*(C'\fR to initialise structs and arrays to \f(CW0\fR bytes, and
+relies on this setting pointers and integers to null.
+.IP "pointer accesses must be thread-atomic" 4
+.IX Item "pointer accesses must be thread-atomic"
+Accessing a pointer value must be atomic, it must both be readable and
+writable in one piece \- this is the case on all current architectures.
+.ie n .IP """sig_atomic_t volatile"" must be thread-atomic as well" 4
+.el .IP "\f(CWsig_atomic_t volatile\fR must be thread-atomic as well" 4
+.IX Item "sig_atomic_t volatile must be thread-atomic as well"
+The type \f(CW\*(C`sig_atomic_t volatile\*(C'\fR (or whatever is defined as
+\&\f(CW\*(C`EV_ATOMIC_T\*(C'\fR) must be atomic with respect to accesses from different
+threads. This is not part of the specification for \f(CW\*(C`sig_atomic_t\*(C'\fR, but is
+believed to be sufficiently portable.
+.ie n .IP """sigprocmask"" must work in a threaded environment" 4
+.el .IP "\f(CWsigprocmask\fR must work in a threaded environment" 4
+.IX Item "sigprocmask must work in a threaded environment"
+Libev uses \f(CW\*(C`sigprocmask\*(C'\fR to temporarily block signals. This is not
+allowed in a threaded program (\f(CW\*(C`pthread_sigmask\*(C'\fR has to be used). Typical
+pthread implementations will either allow \f(CW\*(C`sigprocmask\*(C'\fR in the \*(L"main
+thread\*(R" or will block signals process-wide, both behaviours would
+be compatible with libev. Interaction between \f(CW\*(C`sigprocmask\*(C'\fR and
+\&\f(CW\*(C`pthread_sigmask\*(C'\fR could complicate things, however.
+.Sp
+The most portable way to handle signals is to block signals in all threads
+except the initial one, and run the signal handling loop in the initial
+thread as well.
+.ie n .IP """long"" must be large enough for common memory allocation sizes" 4
+.el .IP "\f(CWlong\fR must be large enough for common memory allocation sizes" 4
+.IX Item "long must be large enough for common memory allocation sizes"
+To improve portability and simplify its \s-1API,\s0 libev uses \f(CW\*(C`long\*(C'\fR internally
+instead of \f(CW\*(C`size_t\*(C'\fR when allocating its data structures. On non-POSIX
+systems (Microsoft...) this might be unexpectedly low, but is still at
+least 31 bits everywhere, which is enough for hundreds of millions of
+watchers.
+.ie n .IP """double"" must hold a time value in seconds with enough accuracy" 4
+.el .IP "\f(CWdouble\fR must hold a time value in seconds with enough accuracy" 4
+.IX Item "double must hold a time value in seconds with enough accuracy"
+The type \f(CW\*(C`double\*(C'\fR is used to represent timestamps. It is required to
+have at least 51 bits of mantissa (and 9 bits of exponent), which is
+good enough for at least into the year 4000 with millisecond accuracy
+(the design goal for libev). This requirement is overfulfilled by
+implementations using \s-1IEEE 754,\s0 which is basically all existing ones.
+.Sp
+With \s-1IEEE 754\s0 doubles, you get microsecond accuracy until at least the
+year 2255 (and millisecond accuracy till the year 287396 \- by then, libev
+is either obsolete or somebody patched it to use \f(CW\*(C`long double\*(C'\fR or
+something like that, just kidding).
+.PP
+If you know of other additional requirements drop me a note.
+.SH "ALGORITHMIC COMPLEXITIES"
+.IX Header "ALGORITHMIC COMPLEXITIES"
+In this section the complexities of (many of) the algorithms used inside
+libev will be documented. For complexity discussions about backends see
+the documentation for \f(CW\*(C`ev_default_init\*(C'\fR.
+.PP
+All of the following are about amortised time: If an array needs to be
+extended, libev needs to realloc and move the whole array, but this
+happens asymptotically rarer with higher number of elements, so O(1) might
+mean that libev does a lengthy realloc operation in rare cases, but on
+average it is much faster and asymptotically approaches constant time.
+.IP "Starting and stopping timer/periodic watchers: O(log skipped_other_timers)" 4
+.IX Item "Starting and stopping timer/periodic watchers: O(log skipped_other_timers)"
+This means that, when you have a watcher that triggers in one hour and
+there are 100 watchers that would trigger before that, then inserting will
+have to skip roughly seven (\f(CW\*(C`ld 100\*(C'\fR) of these watchers.
+.IP "Changing timer/periodic watchers (by autorepeat or calling again): O(log skipped_other_timers)" 4
+.IX Item "Changing timer/periodic watchers (by autorepeat or calling again): O(log skipped_other_timers)"
+That means that changing a timer costs less than removing/adding them,
+as only the relative motion in the event queue has to be paid for.
+.IP "Starting io/check/prepare/idle/signal/child/fork/async watchers: O(1)" 4
+.IX Item "Starting io/check/prepare/idle/signal/child/fork/async watchers: O(1)"
+These just add the watcher into an array or at the head of a list.
+.IP "Stopping check/prepare/idle/fork/async watchers: O(1)" 4
+.IX Item "Stopping check/prepare/idle/fork/async watchers: O(1)"
+.PD 0
+.IP "Stopping an io/signal/child watcher: O(number_of_watchers_for_this_(fd/signal/pid % \s-1EV_PID_HASHSIZE\s0))" 4
+.IX Item "Stopping an io/signal/child watcher: O(number_of_watchers_for_this_(fd/signal/pid % EV_PID_HASHSIZE))"
+.PD
+These watchers are stored in lists, so they need to be walked to find the
+correct watcher to remove. The lists are usually short (you don't usually
+have many watchers waiting for the same fd or signal: one is typical, two
+is rare).
+.IP "Finding the next timer in each loop iteration: O(1)" 4
+.IX Item "Finding the next timer in each loop iteration: O(1)"
+By virtue of using a binary or 4\-heap, the next timer is always found at a
+fixed position in the storage array.
+.IP "Each change on a file descriptor per loop iteration: O(number_of_watchers_for_this_fd)" 4
+.IX Item "Each change on a file descriptor per loop iteration: O(number_of_watchers_for_this_fd)"
+A change means an I/O watcher gets started or stopped, which requires
+libev to recalculate its status (and possibly tell the kernel, depending
+on backend and whether \f(CW\*(C`ev_io_set\*(C'\fR was used).
+.IP "Activating one watcher (putting it into the pending state): O(1)" 4
+.IX Item "Activating one watcher (putting it into the pending state): O(1)"
+.PD 0
+.IP "Priority handling: O(number_of_priorities)" 4
+.IX Item "Priority handling: O(number_of_priorities)"
+.PD
+Priorities are implemented by allocating some space for each
+priority. When doing priority-based operations, libev usually has to
+linearly search all the priorities, but starting/stopping and activating
+watchers becomes O(1) with respect to priority handling.
+.IP "Sending an ev_async: O(1)" 4
+.IX Item "Sending an ev_async: O(1)"
+.PD 0
+.IP "Processing ev_async_send: O(number_of_async_watchers)" 4
+.IX Item "Processing ev_async_send: O(number_of_async_watchers)"
+.IP "Processing signals: O(max_signal_number)" 4
+.IX Item "Processing signals: O(max_signal_number)"
+.PD
+Sending involves a system call \fIiff\fR there were no other \f(CW\*(C`ev_async_send\*(C'\fR
+calls in the current loop iteration and the loop is currently
+blocked. Checking for async and signal events involves iterating over all
+running async watchers or all signal numbers.
+.SH "PORTING FROM LIBEV 3.X TO 4.X"
+.IX Header "PORTING FROM LIBEV 3.X TO 4.X"
+The major version 4 introduced some incompatible changes to the \s-1API.\s0
+.PP
+At the moment, the \f(CW\*(C`ev.h\*(C'\fR header file provides compatibility definitions
+for all changes, so most programs should still compile. The compatibility
+layer might be removed in later versions of libev, so better update to the
+new \s-1API\s0 early than late.
+.ie n .IP """EV_COMPAT3"" backwards compatibility mechanism" 4
+.el .IP "\f(CWEV_COMPAT3\fR backwards compatibility mechanism" 4
+.IX Item "EV_COMPAT3 backwards compatibility mechanism"
+The backward compatibility mechanism can be controlled by
+\&\f(CW\*(C`EV_COMPAT3\*(C'\fR. See \*(L"\s-1PREPROCESSOR SYMBOLS/MACROS\*(R"\s0 in the \*(L"\s-1EMBEDDING\*(R"\s0
+section.
+.ie n .IP """ev_default_destroy"" and ""ev_default_fork"" have been removed" 4
+.el .IP "\f(CWev_default_destroy\fR and \f(CWev_default_fork\fR have been removed" 4
+.IX Item "ev_default_destroy and ev_default_fork have been removed"
+These calls can be replaced easily by their \f(CW\*(C`ev_loop_xxx\*(C'\fR counterparts:
+.Sp
+.Vb 2
+\&   ev_loop_destroy (EV_DEFAULT_UC);
+\&   ev_loop_fork (EV_DEFAULT);
+.Ve
+.IP "function/symbol renames" 4
+.IX Item "function/symbol renames"
+A number of functions and symbols have been renamed:
+.Sp
+.Vb 3
+\&  ev_loop         => ev_run
+\&  EVLOOP_NONBLOCK => EVRUN_NOWAIT
+\&  EVLOOP_ONESHOT  => EVRUN_ONCE
+\&
+\&  ev_unloop       => ev_break
+\&  EVUNLOOP_CANCEL => EVBREAK_CANCEL
+\&  EVUNLOOP_ONE    => EVBREAK_ONE
+\&  EVUNLOOP_ALL    => EVBREAK_ALL
+\&
+\&  EV_TIMEOUT      => EV_TIMER
+\&
+\&  ev_loop_count   => ev_iteration
+\&  ev_loop_depth   => ev_depth
+\&  ev_loop_verify  => ev_verify
+.Ve
+.Sp
+Most functions working on \f(CW\*(C`struct ev_loop\*(C'\fR objects don't have an
+\&\f(CW\*(C`ev_loop_\*(C'\fR prefix, so it was removed; \f(CW\*(C`ev_loop\*(C'\fR, \f(CW\*(C`ev_unloop\*(C'\fR and
+associated constants have been renamed to not collide with the \f(CW\*(C`struct
+ev_loop\*(C'\fR anymore and \f(CW\*(C`EV_TIMER\*(C'\fR now follows the same naming scheme
+as all other watcher types. Note that \f(CW\*(C`ev_loop_fork\*(C'\fR is still called
+\&\f(CW\*(C`ev_loop_fork\*(C'\fR because it would otherwise clash with the \f(CW\*(C`ev_fork\*(C'\fR
+typedef.
+.ie n .IP """EV_MINIMAL"" mechanism replaced by ""EV_FEATURES""" 4
+.el .IP "\f(CWEV_MINIMAL\fR mechanism replaced by \f(CWEV_FEATURES\fR" 4
+.IX Item "EV_MINIMAL mechanism replaced by EV_FEATURES"
+The preprocessor symbol \f(CW\*(C`EV_MINIMAL\*(C'\fR has been replaced by a different
+mechanism, \f(CW\*(C`EV_FEATURES\*(C'\fR. Programs using \f(CW\*(C`EV_MINIMAL\*(C'\fR usually compile
+and work, but the library code will of course be larger.
+.SH "GLOSSARY"
+.IX Header "GLOSSARY"
+.IP "active" 4
+.IX Item "active"
+A watcher is active as long as it has been started and not yet stopped.
+See \*(L"\s-1WATCHER STATES\*(R"\s0 for details.
+.IP "application" 4
+.IX Item "application"
+In this document, an application is whatever is using libev.
+.IP "backend" 4
+.IX Item "backend"
+The part of the code dealing with the operating system interfaces.
+.IP "callback" 4
+.IX Item "callback"
+The address of a function that is called when some event has been
+detected. Callbacks are being passed the event loop, the watcher that
+received the event, and the actual event bitset.
+.IP "callback/watcher invocation" 4
+.IX Item "callback/watcher invocation"
+The act of calling the callback associated with a watcher.
+.IP "event" 4
+.IX Item "event"
+A change of state of some external event, such as data now being available
+for reading on a file descriptor, time having passed or simply not having
+any other events happening anymore.
+.Sp
+In libev, events are represented as single bits (such as \f(CW\*(C`EV_READ\*(C'\fR or
+\&\f(CW\*(C`EV_TIMER\*(C'\fR).
+.IP "event library" 4
+.IX Item "event library"
+A software package implementing an event model and loop.
+.IP "event loop" 4
+.IX Item "event loop"
+An entity that handles and processes external events and converts them
+into callback invocations.
+.IP "event model" 4
+.IX Item "event model"
+The model used to describe how an event loop handles and processes
+watchers and events.
+.IP "pending" 4
+.IX Item "pending"
+A watcher is pending as soon as the corresponding event has been
+detected. See \*(L"\s-1WATCHER STATES\*(R"\s0 for details.
+.IP "real time" 4
+.IX Item "real time"
+The physical time that is observed. It is apparently strictly monotonic :)
+.IP "wall-clock time" 4
+.IX Item "wall-clock time"
+The time and date as shown on clocks. Unlike real time, it can actually
+be wrong and jump forwards and backwards, e.g. when you adjust your
+clock.
+.IP "watcher" 4
+.IX Item "watcher"
+A data structure that describes interest in certain events. Watchers need
+to be started (attached to an event loop) before they can receive events.
+.SH "AUTHOR"
+.IX Header "AUTHOR"
+Marc Lehmann <libev@schmorp.de>, with repeated corrections by Mikael
+Magnusson and Emanuele Giaquinta, and minor corrections by many others.
diff --git a/client/3rd/ShadowSocks/ShadowSocks/libev/armv7/include/ev++.h b/client/3rd/ShadowSocks/ShadowSocks/libev/armv7/include/ev++.h
new file mode 100644
index 00000000..22dfcf58
--- /dev/null
+++ b/client/3rd/ShadowSocks/ShadowSocks/libev/armv7/include/ev++.h
@@ -0,0 +1,818 @@
+/*
+ * libev simple C++ wrapper classes
+ *
+ * Copyright (c) 2007,2008,2010,2018,2020 Marc Alexander Lehmann <libev@schmorp.de>
+ * All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without modifica-
+ * tion, are permitted provided that the following conditions are met:
+ *
+ *   1.  Redistributions of source code must retain the above copyright notice,
+ *       this list of conditions and the following disclaimer.
+ *
+ *   2.  Redistributions in binary form must reproduce the above copyright
+ *       notice, this list of conditions and the following disclaimer in the
+ *       documentation and/or other materials provided with the distribution.
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE AUTHOR ``AS IS'' AND ANY EXPRESS OR IMPLIED
+ * WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MER-
+ * CHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED.  IN NO
+ * EVENT SHALL THE AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPE-
+ * CIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO,
+ * PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS;
+ * OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY,
+ * WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTH-
+ * ERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
+ * OF THE POSSIBILITY OF SUCH DAMAGE.
+ *
+ * Alternatively, the contents of this file may be used under the terms of
+ * the GNU General Public License ("GPL") version 2 or any later version,
+ * in which case the provisions of the GPL are applicable instead of
+ * the above. If you wish to allow the use of your version of this file
+ * only under the terms of the GPL and not to allow others to use your
+ * version of this file under the BSD license, indicate your decision
+ * by deleting the provisions above and replace them with the notice
+ * and other provisions required by the GPL. If you do not delete the
+ * provisions above, a recipient may use your version of this file under
+ * either the BSD or the GPL.
+ */
+
+#ifndef EVPP_H__
+#define EVPP_H__
+
+#ifdef EV_H
+# include EV_H
+#else
+# include "ev.h"
+#endif
+
+#ifndef EV_USE_STDEXCEPT
+# define EV_USE_STDEXCEPT 1
+#endif
+
+#if EV_USE_STDEXCEPT
+# include <stdexcept>
+#endif
+
+namespace ev {
+
+  typedef ev_tstamp tstamp;
+
+  enum {
+    UNDEF    = EV_UNDEF,
+    NONE     = EV_NONE,
+    READ     = EV_READ,
+    WRITE    = EV_WRITE,
+#if EV_COMPAT3
+    TIMEOUT  = EV_TIMEOUT,
+#endif
+    TIMER    = EV_TIMER,
+    PERIODIC = EV_PERIODIC,
+    SIGNAL   = EV_SIGNAL,
+    CHILD    = EV_CHILD,
+    STAT     = EV_STAT,
+    IDLE     = EV_IDLE,
+    CHECK    = EV_CHECK,
+    PREPARE  = EV_PREPARE,
+    FORK     = EV_FORK,
+    ASYNC    = EV_ASYNC,
+    EMBED    = EV_EMBED,
+#   undef ERROR // some systems stupidly #define ERROR
+    ERROR    = EV_ERROR
+  };
+
+  enum
+  {
+    AUTO      = EVFLAG_AUTO,
+    NOENV     = EVFLAG_NOENV,
+    FORKCHECK = EVFLAG_FORKCHECK,
+
+    SELECT    = EVBACKEND_SELECT,
+    POLL      = EVBACKEND_POLL,
+    EPOLL     = EVBACKEND_EPOLL,
+    KQUEUE    = EVBACKEND_KQUEUE,
+    DEVPOLL   = EVBACKEND_DEVPOLL,
+    PORT      = EVBACKEND_PORT
+  };
+
+  enum
+  {
+#if EV_COMPAT3
+    NONBLOCK = EVLOOP_NONBLOCK,
+    ONESHOT  = EVLOOP_ONESHOT,
+#endif
+    NOWAIT   = EVRUN_NOWAIT,
+    ONCE     = EVRUN_ONCE
+  };
+
+  enum how_t
+  {
+    ONE = EVBREAK_ONE,
+    ALL = EVBREAK_ALL
+  };
+
+  struct bad_loop
+#if EV_USE_STDEXCEPT
+  : std::exception
+#endif
+  {
+#if EV_USE_STDEXCEPT
+    const char *what () const EV_NOEXCEPT
+    {
+      return "libev event loop cannot be initialized, bad value of LIBEV_FLAGS?";
+    }
+#endif
+  };
+
+#ifdef EV_AX
+#  undef EV_AX
+#endif
+
+#ifdef EV_AX_
+#  undef EV_AX_
+#endif
+
+#if EV_MULTIPLICITY
+#  define EV_AX  raw_loop
+#  define EV_AX_ raw_loop,
+#else
+#  define EV_AX
+#  define EV_AX_
+#endif
+
+  struct loop_ref
+  {
+    loop_ref (EV_P) EV_NOEXCEPT
+#if EV_MULTIPLICITY
+    : EV_AX (EV_A)
+#endif
+    {
+    }
+
+    bool operator == (const loop_ref &other) const EV_NOEXCEPT
+    {
+#if EV_MULTIPLICITY
+      return EV_AX == other.EV_AX;
+#else
+      return true;
+#endif
+    }
+
+    bool operator != (const loop_ref &other) const EV_NOEXCEPT
+    {
+#if EV_MULTIPLICITY
+      return ! (*this == other);
+#else
+      return false;
+#endif
+    }
+
+#if EV_MULTIPLICITY
+    bool operator == (const EV_P) const EV_NOEXCEPT
+    {
+      return this->EV_AX == EV_A;
+    }
+
+    bool operator != (const EV_P) const EV_NOEXCEPT
+    {
+      return ! (*this == EV_A);
+    }
+
+    operator struct ev_loop * () const EV_NOEXCEPT
+    {
+      return EV_AX;
+    }
+
+    operator const struct ev_loop * () const EV_NOEXCEPT
+    {
+      return EV_AX;
+    }
+
+    bool is_default () const EV_NOEXCEPT
+    {
+      return EV_AX == ev_default_loop (0);
+    }
+#endif
+
+#if EV_COMPAT3
+    void loop (int flags = 0)
+    {
+      ev_run (EV_AX_ flags);
+    }
+
+    void unloop (how_t how = ONE) EV_NOEXCEPT
+    {
+      ev_break (EV_AX_ how);
+    }
+#endif
+
+    void run (int flags = 0)
+    {
+      ev_run (EV_AX_ flags);
+    }
+
+    void break_loop (how_t how = ONE) EV_NOEXCEPT
+    {
+      ev_break (EV_AX_ how);
+    }
+
+    void post_fork () EV_NOEXCEPT
+    {
+      ev_loop_fork (EV_AX);
+    }
+
+    unsigned int backend () const EV_NOEXCEPT
+    {
+      return ev_backend (EV_AX);
+    }
+
+    tstamp now () const EV_NOEXCEPT
+    {
+      return ev_now (EV_AX);
+    }
+
+    void ref () EV_NOEXCEPT
+    {
+      ev_ref (EV_AX);
+    }
+
+    void unref () EV_NOEXCEPT
+    {
+      ev_unref (EV_AX);
+    }
+
+#if EV_FEATURE_API
+    unsigned int iteration () const EV_NOEXCEPT
+    {
+      return ev_iteration (EV_AX);
+    }
+
+    unsigned int depth () const EV_NOEXCEPT
+    {
+      return ev_depth (EV_AX);
+    }
+
+    void set_io_collect_interval (tstamp interval) EV_NOEXCEPT
+    {
+      ev_set_io_collect_interval (EV_AX_ interval);
+    }
+
+    void set_timeout_collect_interval (tstamp interval) EV_NOEXCEPT
+    {
+      ev_set_timeout_collect_interval (EV_AX_ interval);
+    }
+#endif
+
+    // function callback
+    void once (int fd, int events, tstamp timeout, void (*cb)(int, void *), void *arg = 0) EV_NOEXCEPT
+    {
+      ev_once (EV_AX_ fd, events, timeout, cb, arg);
+    }
+
+    // method callback
+    template<class K, void (K::*method)(int)>
+    void once (int fd, int events, tstamp timeout, K *object) EV_NOEXCEPT
+    {
+      once (fd, events, timeout, method_thunk<K, method>, object);
+    }
+
+    // default method == operator ()
+    template<class K>
+    void once (int fd, int events, tstamp timeout, K *object) EV_NOEXCEPT
+    {
+      once (fd, events, timeout, method_thunk<K, &K::operator ()>, object);
+    }
+
+    template<class K, void (K::*method)(int)>
+    static void method_thunk (int revents, void *arg)
+    {
+      (static_cast<K *>(arg)->*method)
+        (revents);
+    }
+
+    // no-argument method callback
+    template<class K, void (K::*method)()>
+    void once (int fd, int events, tstamp timeout, K *object) EV_NOEXCEPT
+    {
+      once (fd, events, timeout, method_noargs_thunk<K, method>, object);
+    }
+
+    template<class K, void (K::*method)()>
+    static void method_noargs_thunk (int revents, void *arg)
+    {
+      (static_cast<K *>(arg)->*method)
+        ();
+    }
+
+    // simpler function callback
+    template<void (*cb)(int)>
+    void once (int fd, int events, tstamp timeout) EV_NOEXCEPT
+    {
+      once (fd, events, timeout, simpler_func_thunk<cb>);
+    }
+
+    template<void (*cb)(int)>
+    static void simpler_func_thunk (int revents, void *arg)
+    {
+      (*cb)
+        (revents);
+    }
+
+    // simplest function callback
+    template<void (*cb)()>
+    void once (int fd, int events, tstamp timeout) EV_NOEXCEPT
+    {
+      once (fd, events, timeout, simplest_func_thunk<cb>);
+    }
+
+    template<void (*cb)()>
+    static void simplest_func_thunk (int revents, void *arg)
+    {
+      (*cb)
+        ();
+    }
+
+    void feed_fd_event (int fd, int revents) EV_NOEXCEPT
+    {
+      ev_feed_fd_event (EV_AX_ fd, revents);
+    }
+
+    void feed_signal_event (int signum) EV_NOEXCEPT
+    {
+      ev_feed_signal_event (EV_AX_ signum);
+    }
+
+#if EV_MULTIPLICITY
+    struct ev_loop* EV_AX;
+#endif
+
+  };
+
+#if EV_MULTIPLICITY
+  struct dynamic_loop : loop_ref
+  {
+
+    dynamic_loop (unsigned int flags = AUTO)
+    : loop_ref (ev_loop_new (flags))
+    {
+      if (!EV_AX)
+        throw bad_loop ();
+    }
+
+    ~dynamic_loop () EV_NOEXCEPT
+    {
+      ev_loop_destroy (EV_AX);
+      EV_AX = 0;
+    }
+
+  private:
+
+    dynamic_loop (const dynamic_loop &);
+
+    dynamic_loop & operator= (const dynamic_loop &);
+
+  };
+#endif
+
+  struct default_loop : loop_ref
+  {
+    default_loop (unsigned int flags = AUTO)
+#if EV_MULTIPLICITY
+    : loop_ref (ev_default_loop (flags))
+#endif
+    {
+      if (
+#if EV_MULTIPLICITY
+          !EV_AX
+#else
+          !ev_default_loop (flags)
+#endif
+      )
+        throw bad_loop ();
+    }
+
+  private:
+    default_loop (const default_loop &);
+    default_loop &operator = (const default_loop &);
+  };
+
+  inline loop_ref get_default_loop () EV_NOEXCEPT
+  {
+#if EV_MULTIPLICITY
+    return ev_default_loop (0);
+#else
+    return loop_ref ();
+#endif
+  }
+
+#undef EV_AX
+#undef EV_AX_
+
+#undef EV_PX
+#undef EV_PX_
+#if EV_MULTIPLICITY
+#  define EV_PX  loop_ref EV_A
+#  define EV_PX_ loop_ref EV_A_
+#else
+#  define EV_PX
+#  define EV_PX_
+#endif
+
+  template<class ev_watcher, class watcher>
+  struct base : ev_watcher
+  {
+    // scoped pause/unpause of a watcher
+    struct freeze_guard
+    {
+      watcher &w;
+      bool active;
+
+      freeze_guard (watcher *self) EV_NOEXCEPT
+      : w (*self), active (w.is_active ())
+      {
+        if (active) w.stop ();
+      }
+
+      ~freeze_guard ()
+      {
+        if (active) w.start ();
+      }
+    };
+
+    #if EV_MULTIPLICITY
+      EV_PX;
+
+      // loop set
+      void set (EV_P) EV_NOEXCEPT
+      {
+        this->EV_A = EV_A;
+      }
+    #endif
+
+    base (EV_PX) EV_NOEXCEPT
+    #if EV_MULTIPLICITY
+      : EV_A (EV_A)
+    #endif
+    {
+      ev_init (this, 0);
+    }
+
+    void set_ (const void *data, void (*cb)(EV_P_ ev_watcher *w, int revents)) EV_NOEXCEPT
+    {
+      this->data = (void *)data;
+      ev_set_cb (static_cast<ev_watcher *>(this), cb);
+    }
+
+    // function callback
+    template<void (*function)(watcher &w, int)>
+    void set (void *data = 0) EV_NOEXCEPT
+    {
+      set_ (data, function_thunk<function>);
+    }
+
+    template<void (*function)(watcher &w, int)>
+    static void function_thunk (EV_P_ ev_watcher *w, int revents)
+    {
+      function
+        (*static_cast<watcher *>(w), revents);
+    }
+
+    // method callback
+    template<class K, void (K::*method)(watcher &w, int)>
+    void set (K *object) EV_NOEXCEPT
+    {
+      set_ (object, method_thunk<K, method>);
+    }
+
+    // default method == operator ()
+    template<class K>
+    void set (K *object) EV_NOEXCEPT
+    {
+      set_ (object, method_thunk<K, &K::operator ()>);
+    }
+
+    template<class K, void (K::*method)(watcher &w, int)>
+    static void method_thunk (EV_P_ ev_watcher *w, int revents)
+    {
+      (static_cast<K *>(w->data)->*method)
+        (*static_cast<watcher *>(w), revents);
+    }
+
+    // no-argument callback
+    template<class K, void (K::*method)()>
+    void set (K *object) EV_NOEXCEPT
+    {
+      set_ (object, method_noargs_thunk<K, method>);
+    }
+
+    template<class K, void (K::*method)()>
+    static void method_noargs_thunk (EV_P_ ev_watcher *w, int revents)
+    {
+      (static_cast<K *>(w->data)->*method)
+        ();
+    }
+
+    void operator ()(int events = EV_UNDEF)
+    {
+      return
+        ev_cb (static_cast<ev_watcher *>(this))
+          (static_cast<ev_watcher *>(this), events);
+    }
+
+    bool is_active () const EV_NOEXCEPT
+    {
+      return ev_is_active (static_cast<const ev_watcher *>(this));
+    }
+
+    bool is_pending () const EV_NOEXCEPT
+    {
+      return ev_is_pending (static_cast<const ev_watcher *>(this));
+    }
+
+    void feed_event (int revents) EV_NOEXCEPT
+    {
+      ev_feed_event (EV_A_ static_cast<ev_watcher *>(this), revents);
+    }
+  };
+
+  inline tstamp now (EV_P) EV_NOEXCEPT
+  {
+    return ev_now (EV_A);
+  }
+
+  inline void delay (tstamp interval) EV_NOEXCEPT
+  {
+    ev_sleep (interval);
+  }
+
+  inline int version_major () EV_NOEXCEPT
+  {
+    return ev_version_major ();
+  }
+
+  inline int version_minor () EV_NOEXCEPT
+  {
+    return ev_version_minor ();
+  }
+
+  inline unsigned int supported_backends () EV_NOEXCEPT
+  {
+    return ev_supported_backends ();
+  }
+
+  inline unsigned int recommended_backends () EV_NOEXCEPT
+  {
+    return ev_recommended_backends ();
+  }
+
+  inline unsigned int embeddable_backends () EV_NOEXCEPT
+  {
+    return ev_embeddable_backends ();
+  }
+
+  inline void set_allocator (void *(*cb)(void *ptr, long size) EV_NOEXCEPT) EV_NOEXCEPT
+  {
+    ev_set_allocator (cb);
+  }
+
+  inline void set_syserr_cb (void (*cb)(const char *msg) EV_NOEXCEPT) EV_NOEXCEPT
+  {
+    ev_set_syserr_cb (cb);
+  }
+
+  #if EV_MULTIPLICITY
+    #define EV_CONSTRUCT(cppstem,cstem)	                                                \
+      (EV_PX = get_default_loop ()) EV_NOEXCEPT                                         \
+        : base<ev_ ## cstem, cppstem> (EV_A)                                            \
+      {                                                                                 \
+      }
+  #else
+    #define EV_CONSTRUCT(cppstem,cstem)                                                 \
+      () EV_NOEXCEPT                                                                    \
+      {                                                                                 \
+      }
+  #endif
+
+  /* using a template here would require quite a few more lines,
+   * so a macro solution was chosen */
+  #define EV_BEGIN_WATCHER(cppstem,cstem)	                                        \
+                                                                                        \
+  struct cppstem : base<ev_ ## cstem, cppstem>                                          \
+  {                                                                                     \
+    void start () EV_NOEXCEPT                                                           \
+    {                                                                                   \
+      ev_ ## cstem ## _start (EV_A_ static_cast<ev_ ## cstem *>(this));                 \
+    }                                                                                   \
+                                                                                        \
+    void stop () EV_NOEXCEPT                                                            \
+    {                                                                                   \
+      ev_ ## cstem ## _stop (EV_A_ static_cast<ev_ ## cstem *>(this));                  \
+    }                                                                                   \
+                                                                                        \
+    cppstem EV_CONSTRUCT(cppstem,cstem)                                                 \
+                                                                                        \
+    ~cppstem () EV_NOEXCEPT                                                             \
+    {                                                                                   \
+      stop ();                                                                          \
+    }                                                                                   \
+                                                                                        \
+    using base<ev_ ## cstem, cppstem>::set;                                             \
+                                                                                        \
+  private:                                                                              \
+                                                                                        \
+    cppstem (const cppstem &o);                                                         \
+                                                                                        \
+    cppstem &operator =(const cppstem &o);                                              \
+                                                                                        \
+  public:
+
+  #define EV_END_WATCHER(cppstem,cstem)	                                                \
+  };
+
+  EV_BEGIN_WATCHER (io, io)
+    void set (int fd, int events) EV_NOEXCEPT
+    {
+      freeze_guard freeze (this);
+      ev_io_set (static_cast<ev_io *>(this), fd, events);
+    }
+
+    void set (int events) EV_NOEXCEPT
+    {
+      freeze_guard freeze (this);
+      ev_io_modify (static_cast<ev_io *>(this), events);
+    }
+
+    void start (int fd, int events) EV_NOEXCEPT
+    {
+      set (fd, events);
+      start ();
+    }
+  EV_END_WATCHER (io, io)
+
+  EV_BEGIN_WATCHER (timer, timer)
+    void set (ev_tstamp after, ev_tstamp repeat = 0.) EV_NOEXCEPT
+    {
+      freeze_guard freeze (this);
+      ev_timer_set (static_cast<ev_timer *>(this), after, repeat);
+    }
+
+    void start (ev_tstamp after, ev_tstamp repeat = 0.) EV_NOEXCEPT
+    {
+      set (after, repeat);
+      start ();
+    }
+
+    void again () EV_NOEXCEPT
+    {
+      ev_timer_again (EV_A_ static_cast<ev_timer *>(this));
+    }
+
+    ev_tstamp remaining ()
+    {
+      return ev_timer_remaining (EV_A_ static_cast<ev_timer *>(this));
+    }
+  EV_END_WATCHER (timer, timer)
+
+  #if EV_PERIODIC_ENABLE
+  EV_BEGIN_WATCHER (periodic, periodic)
+    void set (ev_tstamp at, ev_tstamp interval = 0.) EV_NOEXCEPT
+    {
+      freeze_guard freeze (this);
+      ev_periodic_set (static_cast<ev_periodic *>(this), at, interval, 0);
+    }
+
+    void start (ev_tstamp at, ev_tstamp interval = 0.) EV_NOEXCEPT
+    {
+      set (at, interval);
+      start ();
+    }
+
+    void again () EV_NOEXCEPT
+    {
+      ev_periodic_again (EV_A_ static_cast<ev_periodic *>(this));
+    }
+  EV_END_WATCHER (periodic, periodic)
+  #endif
+
+  #if EV_SIGNAL_ENABLE
+  EV_BEGIN_WATCHER (sig, signal)
+    void set (int signum) EV_NOEXCEPT
+    {
+      freeze_guard freeze (this);
+      ev_signal_set (static_cast<ev_signal *>(this), signum);
+    }
+
+    void start (int signum) EV_NOEXCEPT
+    {
+      set (signum);
+      start ();
+    }
+  EV_END_WATCHER (sig, signal)
+  #endif
+
+  #if EV_CHILD_ENABLE
+  EV_BEGIN_WATCHER (child, child)
+    void set (int pid, int trace = 0) EV_NOEXCEPT
+    {
+      freeze_guard freeze (this);
+      ev_child_set (static_cast<ev_child *>(this), pid, trace);
+    }
+
+    void start (int pid, int trace = 0) EV_NOEXCEPT
+    {
+      set (pid, trace);
+      start ();
+    }
+  EV_END_WATCHER (child, child)
+  #endif
+
+  #if EV_STAT_ENABLE
+  EV_BEGIN_WATCHER (stat, stat)
+    void set (const char *path, ev_tstamp interval = 0.) EV_NOEXCEPT
+    {
+      freeze_guard freeze (this);
+      ev_stat_set (static_cast<ev_stat *>(this), path, interval);
+    }
+
+    void start (const char *path, ev_tstamp interval = 0.) EV_NOEXCEPT
+    {
+      stop ();
+      set (path, interval);
+      start ();
+    }
+
+    void update () EV_NOEXCEPT
+    {
+      ev_stat_stat (EV_A_ static_cast<ev_stat *>(this));
+    }
+  EV_END_WATCHER (stat, stat)
+  #endif
+
+  #if EV_IDLE_ENABLE
+  EV_BEGIN_WATCHER (idle, idle)
+    void set () EV_NOEXCEPT { }
+  EV_END_WATCHER (idle, idle)
+  #endif
+
+  #if EV_PREPARE_ENABLE
+  EV_BEGIN_WATCHER (prepare, prepare)
+    void set () EV_NOEXCEPT { }
+  EV_END_WATCHER (prepare, prepare)
+  #endif
+
+  #if EV_CHECK_ENABLE
+  EV_BEGIN_WATCHER (check, check)
+    void set () EV_NOEXCEPT { }
+  EV_END_WATCHER (check, check)
+  #endif
+
+  #if EV_EMBED_ENABLE
+  EV_BEGIN_WATCHER (embed, embed)
+    void set_embed (struct ev_loop *embedded_loop) EV_NOEXCEPT
+    {
+      freeze_guard freeze (this);
+      ev_embed_set (static_cast<ev_embed *>(this), embedded_loop);
+    }
+
+    void start (struct ev_loop *embedded_loop) EV_NOEXCEPT
+    {
+      set (embedded_loop);
+      start ();
+    }
+
+    void sweep ()
+    {
+      ev_embed_sweep (EV_A_ static_cast<ev_embed *>(this));
+    }
+  EV_END_WATCHER (embed, embed)
+  #endif
+
+  #if EV_FORK_ENABLE
+  EV_BEGIN_WATCHER (fork, fork)
+    void set () EV_NOEXCEPT { }
+  EV_END_WATCHER (fork, fork)
+  #endif
+
+  #if EV_ASYNC_ENABLE
+  EV_BEGIN_WATCHER (async, async)
+    void send () EV_NOEXCEPT
+    {
+      ev_async_send (EV_A_ static_cast<ev_async *>(this));
+    }
+
+    bool async_pending () EV_NOEXCEPT
+    {
+      return ev_async_pending (static_cast<ev_async *>(this));
+    }
+  EV_END_WATCHER (async, async)
+  #endif
+
+  #undef EV_PX
+  #undef EV_PX_
+  #undef EV_CONSTRUCT
+  #undef EV_BEGIN_WATCHER
+  #undef EV_END_WATCHER
+}
+
+#endif
+
diff --git a/client/3rd/ShadowSocks/ShadowSocks/libev/armv7/include/ev.h b/client/3rd/ShadowSocks/ShadowSocks/libev/armv7/include/ev.h
new file mode 100644
index 00000000..4669c39b
--- /dev/null
+++ b/client/3rd/ShadowSocks/ShadowSocks/libev/armv7/include/ev.h
@@ -0,0 +1,860 @@
+/*
+ * libev native API header
+ *
+ * Copyright (c) 2007-2020 Marc Alexander Lehmann <libev@schmorp.de>
+ * All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without modifica-
+ * tion, are permitted provided that the following conditions are met:
+ *
+ *   1.  Redistributions of source code must retain the above copyright notice,
+ *       this list of conditions and the following disclaimer.
+ *
+ *   2.  Redistributions in binary form must reproduce the above copyright
+ *       notice, this list of conditions and the following disclaimer in the
+ *       documentation and/or other materials provided with the distribution.
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE AUTHOR ``AS IS'' AND ANY EXPRESS OR IMPLIED
+ * WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MER-
+ * CHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED.  IN NO
+ * EVENT SHALL THE AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPE-
+ * CIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO,
+ * PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS;
+ * OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY,
+ * WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTH-
+ * ERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
+ * OF THE POSSIBILITY OF SUCH DAMAGE.
+ *
+ * Alternatively, the contents of this file may be used under the terms of
+ * the GNU General Public License ("GPL") version 2 or any later version,
+ * in which case the provisions of the GPL are applicable instead of
+ * the above. If you wish to allow the use of your version of this file
+ * only under the terms of the GPL and not to allow others to use your
+ * version of this file under the BSD license, indicate your decision
+ * by deleting the provisions above and replace them with the notice
+ * and other provisions required by the GPL. If you do not delete the
+ * provisions above, a recipient may use your version of this file under
+ * either the BSD or the GPL.
+ */
+
+#ifndef EV_H_
+#define EV_H_
+
+#ifdef __cplusplus
+# define EV_CPP(x) x
+# if __cplusplus >= 201103L
+#  define EV_NOEXCEPT noexcept
+# else
+#  define EV_NOEXCEPT
+# endif
+#else
+# define EV_CPP(x)
+# define EV_NOEXCEPT
+#endif
+#define EV_THROW EV_NOEXCEPT /* pre-4.25, do not use in new code */
+
+EV_CPP(extern "C" {)
+
+/*****************************************************************************/
+
+/* pre-4.0 compatibility */
+#ifndef EV_COMPAT3
+# define EV_COMPAT3 1
+#endif
+
+#ifndef EV_FEATURES
+# if defined __OPTIMIZE_SIZE__
+#  define EV_FEATURES 0x7c
+# else
+#  define EV_FEATURES 0x7f
+# endif
+#endif
+
+#define EV_FEATURE_CODE     ((EV_FEATURES) &  1)
+#define EV_FEATURE_DATA     ((EV_FEATURES) &  2)
+#define EV_FEATURE_CONFIG   ((EV_FEATURES) &  4)
+#define EV_FEATURE_API      ((EV_FEATURES) &  8)
+#define EV_FEATURE_WATCHERS ((EV_FEATURES) & 16)
+#define EV_FEATURE_BACKENDS ((EV_FEATURES) & 32)
+#define EV_FEATURE_OS       ((EV_FEATURES) & 64)
+
+/* these priorities are inclusive, higher priorities will be invoked earlier */
+#ifndef EV_MINPRI
+# define EV_MINPRI (EV_FEATURE_CONFIG ? -2 : 0)
+#endif
+#ifndef EV_MAXPRI
+# define EV_MAXPRI (EV_FEATURE_CONFIG ? +2 : 0)
+#endif
+
+#ifndef EV_MULTIPLICITY
+# define EV_MULTIPLICITY EV_FEATURE_CONFIG
+#endif
+
+#ifndef EV_PERIODIC_ENABLE
+# define EV_PERIODIC_ENABLE EV_FEATURE_WATCHERS
+#endif
+
+#ifndef EV_STAT_ENABLE
+# define EV_STAT_ENABLE EV_FEATURE_WATCHERS
+#endif
+
+#ifndef EV_PREPARE_ENABLE
+# define EV_PREPARE_ENABLE EV_FEATURE_WATCHERS
+#endif
+
+#ifndef EV_CHECK_ENABLE
+# define EV_CHECK_ENABLE EV_FEATURE_WATCHERS
+#endif
+
+#ifndef EV_IDLE_ENABLE
+# define EV_IDLE_ENABLE EV_FEATURE_WATCHERS
+#endif
+
+#ifndef EV_FORK_ENABLE
+# define EV_FORK_ENABLE EV_FEATURE_WATCHERS
+#endif
+
+#ifndef EV_CLEANUP_ENABLE
+# define EV_CLEANUP_ENABLE EV_FEATURE_WATCHERS
+#endif
+
+#ifndef EV_SIGNAL_ENABLE
+# define EV_SIGNAL_ENABLE EV_FEATURE_WATCHERS
+#endif
+
+#ifndef EV_CHILD_ENABLE
+# ifdef _WIN32
+#  define EV_CHILD_ENABLE 0
+# else
+#  define EV_CHILD_ENABLE EV_FEATURE_WATCHERS
+#endif
+#endif
+
+#ifndef EV_ASYNC_ENABLE
+# define EV_ASYNC_ENABLE EV_FEATURE_WATCHERS
+#endif
+
+#ifndef EV_EMBED_ENABLE
+# define EV_EMBED_ENABLE EV_FEATURE_WATCHERS
+#endif
+
+#ifndef EV_WALK_ENABLE
+# define EV_WALK_ENABLE 0 /* not yet */
+#endif
+
+/*****************************************************************************/
+
+#if EV_CHILD_ENABLE && !EV_SIGNAL_ENABLE
+# undef EV_SIGNAL_ENABLE
+# define EV_SIGNAL_ENABLE 1
+#endif
+
+/*****************************************************************************/
+
+#ifndef EV_TSTAMP_T
+# define EV_TSTAMP_T double
+#endif
+typedef EV_TSTAMP_T ev_tstamp;
+
+#include <string.h> /* for memmove */
+
+#ifndef EV_ATOMIC_T
+# include <signal.h>
+# define EV_ATOMIC_T sig_atomic_t volatile
+#endif
+
+#if EV_STAT_ENABLE
+# ifdef _WIN32
+#  include <time.h>
+#  include <sys/types.h>
+# endif
+# include <sys/stat.h>
+#endif
+
+/* support multiple event loops? */
+#if EV_MULTIPLICITY
+struct ev_loop;
+# define EV_P  struct ev_loop *loop               /* a loop as sole parameter in a declaration */
+# define EV_P_ EV_P,                              /* a loop as first of multiple parameters */
+# define EV_A  loop                               /* a loop as sole argument to a function call */
+# define EV_A_ EV_A,                              /* a loop as first of multiple arguments */
+# define EV_DEFAULT_UC  ev_default_loop_uc_ ()    /* the default loop, if initialised, as sole arg */
+# define EV_DEFAULT_UC_ EV_DEFAULT_UC,            /* the default loop as first of multiple arguments */
+# define EV_DEFAULT  ev_default_loop (0)          /* the default loop as sole arg */
+# define EV_DEFAULT_ EV_DEFAULT,                  /* the default loop as first of multiple arguments */
+#else
+# define EV_P void
+# define EV_P_
+# define EV_A
+# define EV_A_
+# define EV_DEFAULT
+# define EV_DEFAULT_
+# define EV_DEFAULT_UC
+# define EV_DEFAULT_UC_
+# undef EV_EMBED_ENABLE
+#endif
+
+/* EV_INLINE is used for functions in header files */
+#if __STDC_VERSION__ >= 199901L || __GNUC__ >= 3
+# define EV_INLINE static inline
+#else
+# define EV_INLINE static
+#endif
+
+#ifdef EV_API_STATIC
+# define EV_API_DECL static
+#else
+# define EV_API_DECL extern
+#endif
+
+/* EV_PROTOTYPES can be used to switch of prototype declarations */
+#ifndef EV_PROTOTYPES
+# define EV_PROTOTYPES 1
+#endif
+
+/*****************************************************************************/
+
+#define EV_VERSION_MAJOR 4
+#define EV_VERSION_MINOR 33
+
+/* eventmask, revents, events... */
+enum {
+  EV_UNDEF    = (int)0xFFFFFFFF, /* guaranteed to be invalid */
+  EV_NONE     =            0x00, /* no events */
+  EV_READ     =            0x01, /* ev_io detected read will not block */
+  EV_WRITE    =            0x02, /* ev_io detected write will not block */
+  EV__IOFDSET =            0x80, /* internal use only */
+  EV_IO       =         EV_READ, /* alias for type-detection */
+  EV_TIMER    =      0x00000100, /* timer timed out */
+#if EV_COMPAT3
+  EV_TIMEOUT  =        EV_TIMER, /* pre 4.0 API compatibility */
+#endif
+  EV_PERIODIC =      0x00000200, /* periodic timer timed out */
+  EV_SIGNAL   =      0x00000400, /* signal was received */
+  EV_CHILD    =      0x00000800, /* child/pid had status change */
+  EV_STAT     =      0x00001000, /* stat data changed */
+  EV_IDLE     =      0x00002000, /* event loop is idling */
+  EV_PREPARE  =      0x00004000, /* event loop about to poll */
+  EV_CHECK    =      0x00008000, /* event loop finished poll */
+  EV_EMBED    =      0x00010000, /* embedded event loop needs sweep */
+  EV_FORK     =      0x00020000, /* event loop resumed in child */
+  EV_CLEANUP  =      0x00040000, /* event loop resumed in child */
+  EV_ASYNC    =      0x00080000, /* async intra-loop signal */
+  EV_CUSTOM   =      0x01000000, /* for use by user code */
+  EV_ERROR    = (int)0x80000000  /* sent when an error occurs */
+};
+
+/* can be used to add custom fields to all watchers, while losing binary compatibility */
+#ifndef EV_COMMON
+# define EV_COMMON void *data;
+#endif
+
+#ifndef EV_CB_DECLARE
+# define EV_CB_DECLARE(type) void (*cb)(EV_P_ struct type *w, int revents);
+#endif
+#ifndef EV_CB_INVOKE
+# define EV_CB_INVOKE(watcher,revents) (watcher)->cb (EV_A_ (watcher), (revents))
+#endif
+
+/* not official, do not use */
+#define EV_CB(type,name) void name (EV_P_ struct ev_ ## type *w, int revents)
+
+/*
+ * struct member types:
+ * private: you may look at them, but not change them,
+ *          and they might not mean anything to you.
+ * ro: can be read anytime, but only changed when the watcher isn't active.
+ * rw: can be read and modified anytime, even when the watcher is active.
+ *
+ * some internal details that might be helpful for debugging:
+ *
+ * active is either 0, which means the watcher is not active,
+ *           or the array index of the watcher (periodics, timers)
+ *           or the array index + 1 (most other watchers)
+ *           or simply 1 for watchers that aren't in some array.
+ * pending is either 0, in which case the watcher isn't,
+ *           or the array index + 1 in the pendings array.
+ */
+
+#if EV_MINPRI == EV_MAXPRI
+# define EV_DECL_PRIORITY
+#elif !defined (EV_DECL_PRIORITY)
+# define EV_DECL_PRIORITY int priority;
+#endif
+
+/* shared by all watchers */
+#define EV_WATCHER(type)			\
+  int active; /* private */			\
+  int pending; /* private */			\
+  EV_DECL_PRIORITY /* private */		\
+  EV_COMMON /* rw */				\
+  EV_CB_DECLARE (type) /* private */
+
+#define EV_WATCHER_LIST(type)			\
+  EV_WATCHER (type)				\
+  struct ev_watcher_list *next; /* private */
+
+#define EV_WATCHER_TIME(type)			\
+  EV_WATCHER (type)				\
+  ev_tstamp at;     /* private */
+
+/* base class, nothing to see here unless you subclass */
+typedef struct ev_watcher
+{
+  EV_WATCHER (ev_watcher)
+} ev_watcher;
+
+/* base class, nothing to see here unless you subclass */
+typedef struct ev_watcher_list
+{
+  EV_WATCHER_LIST (ev_watcher_list)
+} ev_watcher_list;
+
+/* base class, nothing to see here unless you subclass */
+typedef struct ev_watcher_time
+{
+  EV_WATCHER_TIME (ev_watcher_time)
+} ev_watcher_time;
+
+/* invoked when fd is either EV_READable or EV_WRITEable */
+/* revent EV_READ, EV_WRITE */
+typedef struct ev_io
+{
+  EV_WATCHER_LIST (ev_io)
+
+  int fd;     /* ro */
+  int events; /* ro */
+} ev_io;
+
+/* invoked after a specific time, repeatable (based on monotonic clock) */
+/* revent EV_TIMEOUT */
+typedef struct ev_timer
+{
+  EV_WATCHER_TIME (ev_timer)
+
+  ev_tstamp repeat; /* rw */
+} ev_timer;
+
+/* invoked at some specific time, possibly repeating at regular intervals (based on UTC) */
+/* revent EV_PERIODIC */
+typedef struct ev_periodic
+{
+  EV_WATCHER_TIME (ev_periodic)
+
+  ev_tstamp offset; /* rw */
+  ev_tstamp interval; /* rw */
+  ev_tstamp (*reschedule_cb)(struct ev_periodic *w, ev_tstamp now) EV_NOEXCEPT; /* rw */
+} ev_periodic;
+
+/* invoked when the given signal has been received */
+/* revent EV_SIGNAL */
+typedef struct ev_signal
+{
+  EV_WATCHER_LIST (ev_signal)
+
+  int signum; /* ro */
+} ev_signal;
+
+/* invoked when sigchld is received and waitpid indicates the given pid */
+/* revent EV_CHILD */
+/* does not support priorities */
+typedef struct ev_child
+{
+  EV_WATCHER_LIST (ev_child)
+
+  int flags;   /* private */
+  int pid;     /* ro */
+  int rpid;    /* rw, holds the received pid */
+  int rstatus; /* rw, holds the exit status, use the macros from sys/wait.h */
+} ev_child;
+
+#if EV_STAT_ENABLE
+/* st_nlink = 0 means missing file or other error */
+# ifdef _WIN32
+typedef struct _stati64 ev_statdata;
+# else
+typedef struct stat ev_statdata;
+# endif
+
+/* invoked each time the stat data changes for a given path */
+/* revent EV_STAT */
+typedef struct ev_stat
+{
+  EV_WATCHER_LIST (ev_stat)
+
+  ev_timer timer;     /* private */
+  ev_tstamp interval; /* ro */
+  const char *path;   /* ro */
+  ev_statdata prev;   /* ro */
+  ev_statdata attr;   /* ro */
+
+  int wd; /* wd for inotify, fd for kqueue */
+} ev_stat;
+#endif
+
+/* invoked when the nothing else needs to be done, keeps the process from blocking */
+/* revent EV_IDLE */
+typedef struct ev_idle
+{
+  EV_WATCHER (ev_idle)
+} ev_idle;
+
+/* invoked for each run of the mainloop, just before the blocking call */
+/* you can still change events in any way you like */
+/* revent EV_PREPARE */
+typedef struct ev_prepare
+{
+  EV_WATCHER (ev_prepare)
+} ev_prepare;
+
+/* invoked for each run of the mainloop, just after the blocking call */
+/* revent EV_CHECK */
+typedef struct ev_check
+{
+  EV_WATCHER (ev_check)
+} ev_check;
+
+/* the callback gets invoked before check in the child process when a fork was detected */
+/* revent EV_FORK */
+typedef struct ev_fork
+{
+  EV_WATCHER (ev_fork)
+} ev_fork;
+
+/* is invoked just before the loop gets destroyed */
+/* revent EV_CLEANUP */
+typedef struct ev_cleanup
+{
+  EV_WATCHER (ev_cleanup)
+} ev_cleanup;
+
+#if EV_EMBED_ENABLE
+/* used to embed an event loop inside another */
+/* the callback gets invoked when the event loop has handled events, and can be 0 */
+typedef struct ev_embed
+{
+  EV_WATCHER (ev_embed)
+
+  struct ev_loop *other; /* ro */
+#undef EV_IO_ENABLE
+#define EV_IO_ENABLE 1
+  ev_io io;              /* private */
+#undef EV_PREPARE_ENABLE
+#define EV_PREPARE_ENABLE 1
+  ev_prepare prepare;    /* private */
+  ev_check check;        /* unused */
+  ev_timer timer;        /* unused */
+  ev_periodic periodic;  /* unused */
+  ev_idle idle;          /* unused */
+  ev_fork fork;          /* private */
+  ev_cleanup cleanup;    /* unused */
+} ev_embed;
+#endif
+
+#if EV_ASYNC_ENABLE
+/* invoked when somebody calls ev_async_send on the watcher */
+/* revent EV_ASYNC */
+typedef struct ev_async
+{
+  EV_WATCHER (ev_async)
+
+  EV_ATOMIC_T sent; /* private */
+} ev_async;
+
+# define ev_async_pending(w) (+(w)->sent)
+#endif
+
+/* the presence of this union forces similar struct layout */
+union ev_any_watcher
+{
+  struct ev_watcher w;
+  struct ev_watcher_list wl;
+
+  struct ev_io io;
+  struct ev_timer timer;
+  struct ev_periodic periodic;
+  struct ev_signal signal;
+  struct ev_child child;
+#if EV_STAT_ENABLE
+  struct ev_stat stat;
+#endif
+#if EV_IDLE_ENABLE
+  struct ev_idle idle;
+#endif
+  struct ev_prepare prepare;
+  struct ev_check check;
+#if EV_FORK_ENABLE
+  struct ev_fork fork;
+#endif
+#if EV_CLEANUP_ENABLE
+  struct ev_cleanup cleanup;
+#endif
+#if EV_EMBED_ENABLE
+  struct ev_embed embed;
+#endif
+#if EV_ASYNC_ENABLE
+  struct ev_async async;
+#endif
+};
+
+/* flag bits for ev_default_loop and ev_loop_new */
+enum {
+  /* the default */
+  EVFLAG_AUTO       = 0x00000000U, /* not quite a mask */
+  /* flag bits */
+  EVFLAG_NOENV      = 0x01000000U, /* do NOT consult environment */
+  EVFLAG_FORKCHECK  = 0x02000000U, /* check for a fork in each iteration */
+  /* debugging/feature disable */
+  EVFLAG_NOINOTIFY  = 0x00100000U, /* do not attempt to use inotify */
+#if EV_COMPAT3
+  EVFLAG_NOSIGFD    = 0, /* compatibility to pre-3.9 */
+#endif
+  EVFLAG_SIGNALFD   = 0x00200000U, /* attempt to use signalfd */
+  EVFLAG_NOSIGMASK  = 0x00400000U, /* avoid modifying the signal mask */
+  EVFLAG_NOTIMERFD  = 0x00800000U  /* avoid creating a timerfd */
+};
+
+/* method bits to be ored together */
+enum {
+  EVBACKEND_SELECT   = 0x00000001U, /* available just about anywhere */
+  EVBACKEND_POLL     = 0x00000002U, /* !win, !aix, broken on osx */
+  EVBACKEND_EPOLL    = 0x00000004U, /* linux */
+  EVBACKEND_KQUEUE   = 0x00000008U, /* bsd, broken on osx */
+  EVBACKEND_DEVPOLL  = 0x00000010U, /* solaris 8 */ /* NYI */
+  EVBACKEND_PORT     = 0x00000020U, /* solaris 10 */
+  EVBACKEND_LINUXAIO = 0x00000040U, /* linux AIO, 4.19+ */
+  EVBACKEND_IOURING  = 0x00000080U, /* linux io_uring, 5.1+ */
+  EVBACKEND_ALL      = 0x000000FFU, /* all known backends */
+  EVBACKEND_MASK     = 0x0000FFFFU  /* all future backends */
+};
+
+#if EV_PROTOTYPES
+EV_API_DECL int ev_version_major (void) EV_NOEXCEPT;
+EV_API_DECL int ev_version_minor (void) EV_NOEXCEPT;
+
+EV_API_DECL unsigned int ev_supported_backends (void) EV_NOEXCEPT;
+EV_API_DECL unsigned int ev_recommended_backends (void) EV_NOEXCEPT;
+EV_API_DECL unsigned int ev_embeddable_backends (void) EV_NOEXCEPT;
+
+EV_API_DECL ev_tstamp ev_time (void) EV_NOEXCEPT;
+EV_API_DECL void ev_sleep (ev_tstamp delay) EV_NOEXCEPT; /* sleep for a while */
+
+/* Sets the allocation function to use, works like realloc.
+ * It is used to allocate and free memory.
+ * If it returns zero when memory needs to be allocated, the library might abort
+ * or take some potentially destructive action.
+ * The default is your system realloc function.
+ */
+EV_API_DECL void ev_set_allocator (void *(*cb)(void *ptr, long size) EV_NOEXCEPT) EV_NOEXCEPT;
+
+/* set the callback function to call on a
+ * retryable syscall error
+ * (such as failed select, poll, epoll_wait)
+ */
+EV_API_DECL void ev_set_syserr_cb (void (*cb)(const char *msg) EV_NOEXCEPT) EV_NOEXCEPT;
+
+#if EV_MULTIPLICITY
+
+/* the default loop is the only one that handles signals and child watchers */
+/* you can call this as often as you like */
+EV_API_DECL struct ev_loop *ev_default_loop (unsigned int flags EV_CPP (= 0)) EV_NOEXCEPT;
+
+#ifdef EV_API_STATIC
+EV_API_DECL struct ev_loop *ev_default_loop_ptr;
+#endif
+
+EV_INLINE struct ev_loop *
+ev_default_loop_uc_ (void) EV_NOEXCEPT
+{
+  extern struct ev_loop *ev_default_loop_ptr;
+
+  return ev_default_loop_ptr;
+}
+
+EV_INLINE int
+ev_is_default_loop (EV_P) EV_NOEXCEPT
+{
+  return EV_A == EV_DEFAULT_UC;
+}
+
+/* create and destroy alternative loops that don't handle signals */
+EV_API_DECL struct ev_loop *ev_loop_new (unsigned int flags EV_CPP (= 0)) EV_NOEXCEPT;
+
+EV_API_DECL ev_tstamp ev_now (EV_P) EV_NOEXCEPT; /* time w.r.t. timers and the eventloop, updated after each poll */
+
+#else
+
+EV_API_DECL int ev_default_loop (unsigned int flags EV_CPP (= 0)) EV_NOEXCEPT; /* returns true when successful */
+
+EV_API_DECL ev_tstamp ev_rt_now;
+
+EV_INLINE ev_tstamp
+ev_now (void) EV_NOEXCEPT
+{
+  return ev_rt_now;
+}
+
+/* looks weird, but ev_is_default_loop (EV_A) still works if this exists */
+EV_INLINE int
+ev_is_default_loop (void) EV_NOEXCEPT
+{
+  return 1;
+}
+
+#endif /* multiplicity */
+
+/* destroy event loops, also works for the default loop */
+EV_API_DECL void ev_loop_destroy (EV_P);
+
+/* this needs to be called after fork, to duplicate the loop */
+/* when you want to re-use it in the child */
+/* you can call it in either the parent or the child */
+/* you can actually call it at any time, anywhere :) */
+EV_API_DECL void ev_loop_fork (EV_P) EV_NOEXCEPT;
+
+EV_API_DECL unsigned int ev_backend (EV_P) EV_NOEXCEPT; /* backend in use by loop */
+
+EV_API_DECL void ev_now_update (EV_P) EV_NOEXCEPT; /* update event loop time */
+
+#if EV_WALK_ENABLE
+/* walk (almost) all watchers in the loop of a given type, invoking the */
+/* callback on every such watcher. The callback might stop the watcher, */
+/* but do nothing else with the loop */
+EV_API_DECL void ev_walk (EV_P_ int types, void (*cb)(EV_P_ int type, void *w)) EV_NOEXCEPT;
+#endif
+
+#endif /* prototypes */
+
+/* ev_run flags values */
+enum {
+  EVRUN_NOWAIT = 1, /* do not block/wait */
+  EVRUN_ONCE   = 2  /* block *once* only */
+};
+
+/* ev_break how values */
+enum {
+  EVBREAK_CANCEL = 0, /* undo unloop */
+  EVBREAK_ONE    = 1, /* unloop once */
+  EVBREAK_ALL    = 2  /* unloop all loops */
+};
+
+#if EV_PROTOTYPES
+EV_API_DECL int  ev_run (EV_P_ int flags EV_CPP (= 0));
+EV_API_DECL void ev_break (EV_P_ int how EV_CPP (= EVBREAK_ONE)) EV_NOEXCEPT; /* break out of the loop */
+
+/*
+ * ref/unref can be used to add or remove a refcount on the mainloop. every watcher
+ * keeps one reference. if you have a long-running watcher you never unregister that
+ * should not keep ev_loop from running, unref() after starting, and ref() before stopping.
+ */
+EV_API_DECL void ev_ref   (EV_P) EV_NOEXCEPT;
+EV_API_DECL void ev_unref (EV_P) EV_NOEXCEPT;
+
+/*
+ * convenience function, wait for a single event, without registering an event watcher
+ * if timeout is < 0, do wait indefinitely
+ */
+EV_API_DECL void ev_once (EV_P_ int fd, int events, ev_tstamp timeout, void (*cb)(int revents, void *arg), void *arg) EV_NOEXCEPT;
+
+EV_API_DECL void ev_invoke_pending (EV_P); /* invoke all pending watchers */
+
+# if EV_FEATURE_API
+EV_API_DECL unsigned int ev_iteration (EV_P) EV_NOEXCEPT; /* number of loop iterations */
+EV_API_DECL unsigned int ev_depth     (EV_P) EV_NOEXCEPT; /* #ev_loop enters - #ev_loop leaves */
+EV_API_DECL void         ev_verify    (EV_P) EV_NOEXCEPT; /* abort if loop data corrupted */
+
+EV_API_DECL void ev_set_io_collect_interval (EV_P_ ev_tstamp interval) EV_NOEXCEPT; /* sleep at least this time, default 0 */
+EV_API_DECL void ev_set_timeout_collect_interval (EV_P_ ev_tstamp interval) EV_NOEXCEPT; /* sleep at least this time, default 0 */
+
+/* advanced stuff for threading etc. support, see docs */
+EV_API_DECL void ev_set_userdata (EV_P_ void *data) EV_NOEXCEPT;
+EV_API_DECL void *ev_userdata (EV_P) EV_NOEXCEPT;
+typedef void (*ev_loop_callback)(EV_P);
+EV_API_DECL void ev_set_invoke_pending_cb (EV_P_ ev_loop_callback invoke_pending_cb) EV_NOEXCEPT;
+/* C++ doesn't allow the use of the ev_loop_callback typedef here, so we need to spell it out */
+EV_API_DECL void ev_set_loop_release_cb (EV_P_ void (*release)(EV_P) EV_NOEXCEPT, void (*acquire)(EV_P) EV_NOEXCEPT) EV_NOEXCEPT;
+
+EV_API_DECL unsigned int ev_pending_count (EV_P) EV_NOEXCEPT; /* number of pending events, if any */
+
+/*
+ * stop/start the timer handling.
+ */
+EV_API_DECL void ev_suspend (EV_P) EV_NOEXCEPT;
+EV_API_DECL void ev_resume  (EV_P) EV_NOEXCEPT;
+#endif
+
+#endif
+
+/* these may evaluate ev multiple times, and the other arguments at most once */
+/* either use ev_init + ev_TYPE_set, or the ev_TYPE_init macro, below, to first initialise a watcher */
+#define ev_init(ev,cb_) do {			\
+  ((ev_watcher *)(void *)(ev))->active  =	\
+  ((ev_watcher *)(void *)(ev))->pending = 0;	\
+  ev_set_priority ((ev), 0);			\
+  ev_set_cb ((ev), cb_);			\
+} while (0)
+
+#define ev_io_modify(ev,events_)             do { (ev)->events = (ev)->events & EV__IOFDSET | (events_); } while (0)
+#define ev_io_set(ev,fd_,events_)            do { (ev)->fd = (fd_); (ev)->events = (events_) | EV__IOFDSET; } while (0)
+#define ev_timer_set(ev,after_,repeat_)      do { ((ev_watcher_time *)(ev))->at = (after_); (ev)->repeat = (repeat_); } while (0)
+#define ev_periodic_set(ev,ofs_,ival_,rcb_)  do { (ev)->offset = (ofs_); (ev)->interval = (ival_); (ev)->reschedule_cb = (rcb_); } while (0)
+#define ev_signal_set(ev,signum_)            do { (ev)->signum = (signum_); } while (0)
+#define ev_child_set(ev,pid_,trace_)         do { (ev)->pid = (pid_); (ev)->flags = !!(trace_); } while (0)
+#define ev_stat_set(ev,path_,interval_)      do { (ev)->path = (path_); (ev)->interval = (interval_); (ev)->wd = -2; } while (0)
+#define ev_idle_set(ev)                      /* nop, yes, this is a serious in-joke */
+#define ev_prepare_set(ev)                   /* nop, yes, this is a serious in-joke */
+#define ev_check_set(ev)                     /* nop, yes, this is a serious in-joke */
+#define ev_embed_set(ev,other_)              do { (ev)->other = (other_); } while (0)
+#define ev_fork_set(ev)                      /* nop, yes, this is a serious in-joke */
+#define ev_cleanup_set(ev)                   /* nop, yes, this is a serious in-joke */
+#define ev_async_set(ev)                     /* nop, yes, this is a serious in-joke */
+
+#define ev_io_init(ev,cb,fd,events)          do { ev_init ((ev), (cb)); ev_io_set ((ev),(fd),(events)); } while (0)
+#define ev_timer_init(ev,cb,after,repeat)    do { ev_init ((ev), (cb)); ev_timer_set ((ev),(after),(repeat)); } while (0)
+#define ev_periodic_init(ev,cb,ofs,ival,rcb) do { ev_init ((ev), (cb)); ev_periodic_set ((ev),(ofs),(ival),(rcb)); } while (0)
+#define ev_signal_init(ev,cb,signum)         do { ev_init ((ev), (cb)); ev_signal_set ((ev), (signum)); } while (0)
+#define ev_child_init(ev,cb,pid,trace)       do { ev_init ((ev), (cb)); ev_child_set ((ev),(pid),(trace)); } while (0)
+#define ev_stat_init(ev,cb,path,interval)    do { ev_init ((ev), (cb)); ev_stat_set ((ev),(path),(interval)); } while (0)
+#define ev_idle_init(ev,cb)                  do { ev_init ((ev), (cb)); ev_idle_set ((ev)); } while (0)
+#define ev_prepare_init(ev,cb)               do { ev_init ((ev), (cb)); ev_prepare_set ((ev)); } while (0)
+#define ev_check_init(ev,cb)                 do { ev_init ((ev), (cb)); ev_check_set ((ev)); } while (0)
+#define ev_embed_init(ev,cb,other)           do { ev_init ((ev), (cb)); ev_embed_set ((ev),(other)); } while (0)
+#define ev_fork_init(ev,cb)                  do { ev_init ((ev), (cb)); ev_fork_set ((ev)); } while (0)
+#define ev_cleanup_init(ev,cb)               do { ev_init ((ev), (cb)); ev_cleanup_set ((ev)); } while (0)
+#define ev_async_init(ev,cb)                 do { ev_init ((ev), (cb)); ev_async_set ((ev)); } while (0)
+
+#define ev_is_pending(ev)                    (0 + ((ev_watcher *)(void *)(ev))->pending) /* ro, true when watcher is waiting for callback invocation */
+#define ev_is_active(ev)                     (0 + ((ev_watcher *)(void *)(ev))->active) /* ro, true when the watcher has been started */
+
+#define ev_cb_(ev)                           (ev)->cb /* rw */
+#define ev_cb(ev)                            (memmove (&ev_cb_ (ev), &((ev_watcher *)(ev))->cb, sizeof (ev_cb_ (ev))), (ev)->cb)
+
+#if EV_MINPRI == EV_MAXPRI
+# define ev_priority(ev)                     ((ev), EV_MINPRI)
+# define ev_set_priority(ev,pri)             ((ev), (pri))
+#else
+# define ev_priority(ev)                     (+(((ev_watcher *)(void *)(ev))->priority))
+# define ev_set_priority(ev,pri)             (   (ev_watcher *)(void *)(ev))->priority = (pri)
+#endif
+
+#define ev_periodic_at(ev)                   (+((ev_watcher_time *)(ev))->at)
+
+#ifndef ev_set_cb
+/* memmove is used here to avoid strict aliasing violations, and hopefully is optimized out by any reasonable compiler */
+# define ev_set_cb(ev,cb_)                   (ev_cb_ (ev) = (cb_), memmove (&((ev_watcher *)(ev))->cb, &ev_cb_ (ev), sizeof (ev_cb_ (ev))))
+#endif
+
+/* stopping (enabling, adding) a watcher does nothing if it is already running */
+/* stopping (disabling, deleting) a watcher does nothing unless it's already running */
+#if EV_PROTOTYPES
+
+/* feeds an event into a watcher as if the event actually occurred */
+/* accepts any ev_watcher type */
+EV_API_DECL void ev_feed_event     (EV_P_ void *w, int revents) EV_NOEXCEPT;
+EV_API_DECL void ev_feed_fd_event  (EV_P_ int fd, int revents) EV_NOEXCEPT;
+#if EV_SIGNAL_ENABLE
+EV_API_DECL void ev_feed_signal    (int signum) EV_NOEXCEPT;
+EV_API_DECL void ev_feed_signal_event (EV_P_ int signum) EV_NOEXCEPT;
+#endif
+EV_API_DECL void ev_invoke         (EV_P_ void *w, int revents);
+EV_API_DECL int  ev_clear_pending  (EV_P_ void *w) EV_NOEXCEPT;
+
+EV_API_DECL void ev_io_start       (EV_P_ ev_io *w) EV_NOEXCEPT;
+EV_API_DECL void ev_io_stop        (EV_P_ ev_io *w) EV_NOEXCEPT;
+
+EV_API_DECL void ev_timer_start    (EV_P_ ev_timer *w) EV_NOEXCEPT;
+EV_API_DECL void ev_timer_stop     (EV_P_ ev_timer *w) EV_NOEXCEPT;
+/* stops if active and no repeat, restarts if active and repeating, starts if inactive and repeating */
+EV_API_DECL void ev_timer_again    (EV_P_ ev_timer *w) EV_NOEXCEPT;
+/* return remaining time */
+EV_API_DECL ev_tstamp ev_timer_remaining (EV_P_ ev_timer *w) EV_NOEXCEPT;
+
+#if EV_PERIODIC_ENABLE
+EV_API_DECL void ev_periodic_start (EV_P_ ev_periodic *w) EV_NOEXCEPT;
+EV_API_DECL void ev_periodic_stop  (EV_P_ ev_periodic *w) EV_NOEXCEPT;
+EV_API_DECL void ev_periodic_again (EV_P_ ev_periodic *w) EV_NOEXCEPT;
+#endif
+
+/* only supported in the default loop */
+#if EV_SIGNAL_ENABLE
+EV_API_DECL void ev_signal_start   (EV_P_ ev_signal *w) EV_NOEXCEPT;
+EV_API_DECL void ev_signal_stop    (EV_P_ ev_signal *w) EV_NOEXCEPT;
+#endif
+
+/* only supported in the default loop */
+# if EV_CHILD_ENABLE
+EV_API_DECL void ev_child_start    (EV_P_ ev_child *w) EV_NOEXCEPT;
+EV_API_DECL void ev_child_stop     (EV_P_ ev_child *w) EV_NOEXCEPT;
+# endif
+
+# if EV_STAT_ENABLE
+EV_API_DECL void ev_stat_start     (EV_P_ ev_stat *w) EV_NOEXCEPT;
+EV_API_DECL void ev_stat_stop      (EV_P_ ev_stat *w) EV_NOEXCEPT;
+EV_API_DECL void ev_stat_stat      (EV_P_ ev_stat *w) EV_NOEXCEPT;
+# endif
+
+# if EV_IDLE_ENABLE
+EV_API_DECL void ev_idle_start     (EV_P_ ev_idle *w) EV_NOEXCEPT;
+EV_API_DECL void ev_idle_stop      (EV_P_ ev_idle *w) EV_NOEXCEPT;
+# endif
+
+#if EV_PREPARE_ENABLE
+EV_API_DECL void ev_prepare_start  (EV_P_ ev_prepare *w) EV_NOEXCEPT;
+EV_API_DECL void ev_prepare_stop   (EV_P_ ev_prepare *w) EV_NOEXCEPT;
+#endif
+
+#if EV_CHECK_ENABLE
+EV_API_DECL void ev_check_start    (EV_P_ ev_check *w) EV_NOEXCEPT;
+EV_API_DECL void ev_check_stop     (EV_P_ ev_check *w) EV_NOEXCEPT;
+#endif
+
+# if EV_FORK_ENABLE
+EV_API_DECL void ev_fork_start     (EV_P_ ev_fork *w) EV_NOEXCEPT;
+EV_API_DECL void ev_fork_stop      (EV_P_ ev_fork *w) EV_NOEXCEPT;
+# endif
+
+# if EV_CLEANUP_ENABLE
+EV_API_DECL void ev_cleanup_start  (EV_P_ ev_cleanup *w) EV_NOEXCEPT;
+EV_API_DECL void ev_cleanup_stop   (EV_P_ ev_cleanup *w) EV_NOEXCEPT;
+# endif
+
+# if EV_EMBED_ENABLE
+/* only supported when loop to be embedded is in fact embeddable */
+EV_API_DECL void ev_embed_start    (EV_P_ ev_embed *w) EV_NOEXCEPT;
+EV_API_DECL void ev_embed_stop     (EV_P_ ev_embed *w) EV_NOEXCEPT;
+EV_API_DECL void ev_embed_sweep    (EV_P_ ev_embed *w) EV_NOEXCEPT;
+# endif
+
+# if EV_ASYNC_ENABLE
+EV_API_DECL void ev_async_start    (EV_P_ ev_async *w) EV_NOEXCEPT;
+EV_API_DECL void ev_async_stop     (EV_P_ ev_async *w) EV_NOEXCEPT;
+EV_API_DECL void ev_async_send     (EV_P_ ev_async *w) EV_NOEXCEPT;
+# endif
+
+#if EV_COMPAT3
+  #define EVLOOP_NONBLOCK EVRUN_NOWAIT
+  #define EVLOOP_ONESHOT  EVRUN_ONCE
+  #define EVUNLOOP_CANCEL EVBREAK_CANCEL
+  #define EVUNLOOP_ONE    EVBREAK_ONE
+  #define EVUNLOOP_ALL    EVBREAK_ALL
+  #if EV_PROTOTYPES
+    EV_INLINE void ev_loop   (EV_P_ int flags) { ev_run   (EV_A_ flags); }
+    EV_INLINE void ev_unloop (EV_P_ int how  ) { ev_break (EV_A_ how  ); }
+    EV_INLINE void ev_default_destroy (void) { ev_loop_destroy (EV_DEFAULT); }
+    EV_INLINE void ev_default_fork    (void) { ev_loop_fork    (EV_DEFAULT); }
+    #if EV_FEATURE_API
+      EV_INLINE unsigned int ev_loop_count  (EV_P) { return ev_iteration  (EV_A); }
+      EV_INLINE unsigned int ev_loop_depth  (EV_P) { return ev_depth      (EV_A); }
+      EV_INLINE void         ev_loop_verify (EV_P) {        ev_verify     (EV_A); }
+    #endif
+  #endif
+#else
+  typedef struct ev_loop ev_loop;
+#endif
+
+#endif
+
+EV_CPP(})
+
+#endif
+
diff --git a/client/3rd/ShadowSocks/ShadowSocks/libev/armv7/include/event.h b/client/3rd/ShadowSocks/ShadowSocks/libev/armv7/include/event.h
new file mode 100644
index 00000000..aa81928f
--- /dev/null
+++ b/client/3rd/ShadowSocks/ShadowSocks/libev/armv7/include/event.h
@@ -0,0 +1,177 @@
+/*
+ * libevent compatibility header, only core events supported
+ *
+ * Copyright (c) 2007,2008,2010,2012 Marc Alexander Lehmann <libev@schmorp.de>
+ * All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without modifica-
+ * tion, are permitted provided that the following conditions are met:
+ *
+ *   1.  Redistributions of source code must retain the above copyright notice,
+ *       this list of conditions and the following disclaimer.
+ *
+ *   2.  Redistributions in binary form must reproduce the above copyright
+ *       notice, this list of conditions and the following disclaimer in the
+ *       documentation and/or other materials provided with the distribution.
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE AUTHOR ``AS IS'' AND ANY EXPRESS OR IMPLIED
+ * WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MER-
+ * CHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED.  IN NO
+ * EVENT SHALL THE AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPE-
+ * CIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO,
+ * PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS;
+ * OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY,
+ * WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTH-
+ * ERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
+ * OF THE POSSIBILITY OF SUCH DAMAGE.
+ *
+ * Alternatively, the contents of this file may be used under the terms of
+ * the GNU General Public License ("GPL") version 2 or any later version,
+ * in which case the provisions of the GPL are applicable instead of
+ * the above. If you wish to allow the use of your version of this file
+ * only under the terms of the GPL and not to allow others to use your
+ * version of this file under the BSD license, indicate your decision
+ * by deleting the provisions above and replace them with the notice
+ * and other provisions required by the GPL. If you do not delete the
+ * provisions above, a recipient may use your version of this file under
+ * either the BSD or the GPL.
+ */
+
+#ifndef EVENT_H_
+#define EVENT_H_
+
+#ifdef EV_H
+# include EV_H
+#else
+# include "ev.h"
+#endif
+
+#ifndef EVLOOP_NONBLOCK
+# define EVLOOP_NONBLOCK EVRUN_NOWAIT
+#endif
+#ifndef EVLOOP_ONESHOT
+# define EVLOOP_ONESHOT EVRUN_ONCE
+#endif
+#ifndef EV_TIMEOUT
+# define EV_TIMEOUT EV_TIMER
+#endif
+
+#ifdef __cplusplus
+extern "C" {
+#endif
+
+/* we need sys/time.h for struct timeval only */
+#if !defined (WIN32) || defined (__MINGW32__)
+# include <time.h> /* mingw seems to need this, for whatever reason */
+# include <sys/time.h>
+#endif
+
+struct event_base;
+
+#define EVLIST_TIMEOUT  0x01
+#define EVLIST_INSERTED 0x02
+#define EVLIST_SIGNAL   0x04
+#define EVLIST_ACTIVE   0x08
+#define EVLIST_INTERNAL 0x10
+#define EVLIST_INIT     0x80
+
+typedef void (*event_callback_fn)(int, short, void *);
+
+struct event
+{
+  /* libev watchers we map onto */
+  union {
+    struct ev_io io;
+    struct ev_signal sig;
+  } iosig;
+  struct ev_timer to;
+
+  /* compatibility slots */
+  struct event_base *ev_base;
+  event_callback_fn ev_callback;
+  void *ev_arg;
+  int ev_fd;
+  int ev_pri;
+  int ev_res;
+  int ev_flags;
+  short ev_events;
+};
+
+event_callback_fn event_get_callback (const struct event *ev);
+
+#define EV_READ                    EV_READ
+#define EV_WRITE                   EV_WRITE
+#define EV_PERSIST                 0x10
+#define EV_ET                      0x20 /* nop */
+
+#define EVENT_SIGNAL(ev)           ((int) (ev)->ev_fd)
+#define EVENT_FD(ev)               ((int) (ev)->ev_fd)
+
+#define event_initialized(ev)      ((ev)->ev_flags & EVLIST_INIT)
+
+#define evtimer_add(ev,tv)         event_add (ev, tv)
+#define evtimer_set(ev,cb,data)    event_set (ev, -1, 0, cb, data)
+#define evtimer_del(ev)            event_del (ev)
+#define evtimer_pending(ev,tv)     event_pending (ev, EV_TIMEOUT, tv)
+#define evtimer_initialized(ev)    event_initialized (ev)
+
+#define timeout_add(ev,tv)         evtimer_add (ev, tv)
+#define timeout_set(ev,cb,data)    evtimer_set (ev, cb, data)
+#define timeout_del(ev)            evtimer_del (ev)
+#define timeout_pending(ev,tv)     evtimer_pending (ev, tv)
+#define timeout_initialized(ev)    evtimer_initialized (ev)
+
+#define signal_add(ev,tv)          event_add (ev, tv)
+#define signal_set(ev,sig,cb,data) event_set (ev, sig, EV_SIGNAL | EV_PERSIST, cb, data)
+#define signal_del(ev)             event_del (ev)
+#define signal_pending(ev,tv)      event_pending (ev, EV_SIGNAL, tv)
+#define signal_initialized(ev)     event_initialized (ev)
+
+const char *event_get_version (void);
+const char *event_get_method (void);
+
+void *event_init (void);
+void event_base_free (struct event_base *base);
+
+#define EVLOOP_ONCE      EVLOOP_ONESHOT
+int event_loop (int);
+int event_loopexit (struct timeval *tv);
+int event_dispatch (void);
+
+#define _EVENT_LOG_DEBUG 0
+#define _EVENT_LOG_MSG   1
+#define _EVENT_LOG_WARN  2
+#define _EVENT_LOG_ERR   3
+typedef void (*event_log_cb)(int severity, const char *msg);
+void event_set_log_callback(event_log_cb cb);
+
+void event_set (struct event *ev, int fd, short events, void (*cb)(int, short, void *), void *arg);
+int event_once (int fd, short events, void (*cb)(int, short, void *), void *arg, struct timeval *tv);
+
+int event_add (struct event *ev, struct timeval *tv);
+int event_del (struct event *ev);
+void event_active (struct event *ev, int res, short ncalls); /* ncalls is being ignored */
+
+int event_pending (struct event *ev, short, struct timeval *tv);
+
+int event_priority_init (int npri);
+int event_priority_set (struct event *ev, int pri);
+
+struct event_base *event_base_new (void);
+const char *event_base_get_method (const struct event_base *);
+int event_base_set (struct event_base *base, struct event *ev);
+int event_base_loop (struct event_base *base, int);
+int event_base_loopexit (struct event_base *base, struct timeval *tv);
+int event_base_dispatch (struct event_base *base);
+int event_base_once (struct event_base *base, int fd, short events, void (*cb)(int, short, void *), void *arg, struct timeval *tv);
+int event_base_priority_init (struct event_base *base, int fd);
+
+/* next line is different in the libevent+libev version */
+/*libevent-include*/
+
+#ifdef __cplusplus
+}
+#endif
+
+#endif
+
diff --git a/client/3rd/ShadowSocks/ShadowSocks/libev/armv7/lib/libev.a b/client/3rd/ShadowSocks/ShadowSocks/libev/armv7/lib/libev.a
new file mode 100644
index 00000000..075d4885
Binary files /dev/null and b/client/3rd/ShadowSocks/ShadowSocks/libev/armv7/lib/libev.a differ
diff --git a/client/3rd/ShadowSocks/ShadowSocks/libev/armv7/lib/libev.la b/client/3rd/ShadowSocks/ShadowSocks/libev/armv7/lib/libev.la
new file mode 100755
index 00000000..d1e8d01a
--- /dev/null
+++ b/client/3rd/ShadowSocks/ShadowSocks/libev/armv7/lib/libev.la
@@ -0,0 +1,41 @@
+# libev.la - a libtool library file
+# Generated by libtool (GNU libtool) 2.4.6 Debian-2.4.6-9
+#
+# Please DO NOT delete this file!
+# It is necessary for linking the library.
+
+# The name that we can dlopen(3).
+dlname=''
+
+# Names of this library.
+library_names=''
+
+# The name of the static archive.
+old_library='libev.a'
+
+# Linker flags that cannot go in dependency_libs.
+inherited_linker_flags=' '
+
+# Libraries that this one depends upon.
+dependency_libs=' -L/Applications/Xcode.app/Contents/Developer/Platforms/iPhoneOS.platform/Developer/SDKs/iPhoneOS15.2.sdk/usr/lib'
+
+# Names of additional weak libraries provided by this library
+weak_library_names=''
+
+# Version information for libev.
+current=4
+age=0
+revision=0
+
+# Is this an already installed library?
+installed=yes
+
+# Should we warn about portability when linking against -modules?
+shouldnotlink=no
+
+# Files to dlopen/dlpreopen
+dlopen=''
+dlpreopen=''
+
+# Directory that this library needs to be installed in:
+libdir='/Users/sanchez/work/vied/ios/vpn/playground/ss-libev-build/ShadowSocks-libev-iOS/ShadowSocks-libev-iOS/libev/libev/armv7/lib'
diff --git a/client/3rd/ShadowSocks/ShadowSocks/libev/armv7/share/man/man3/ev.3 b/client/3rd/ShadowSocks/ShadowSocks/libev/armv7/share/man/man3/ev.3
new file mode 100644
index 00000000..af578f0b
--- /dev/null
+++ b/client/3rd/ShadowSocks/ShadowSocks/libev/armv7/share/man/man3/ev.3
@@ -0,0 +1,5819 @@
+.\" Automatically generated by Pod::Man 4.11 (Pod::Simple 3.35)
+.\"
+.\" Standard preamble:
+.\" ========================================================================
+.de Sp \" Vertical space (when we can't use .PP)
+.if t .sp .5v
+.if n .sp
+..
+.de Vb \" Begin verbatim text
+.ft CW
+.nf
+.ne \\$1
+..
+.de Ve \" End verbatim text
+.ft R
+.fi
+..
+.\" Set up some character translations and predefined strings.  \*(-- will
+.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left
+.\" double quote, and \*(R" will give a right double quote.  \*(C+ will
+.\" give a nicer C++.  Capital omega is used to do unbreakable dashes and
+.\" therefore won't be available.  \*(C` and \*(C' expand to `' in nroff,
+.\" nothing in troff, for use with C<>.
+.tr \(*W-
+.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p'
+.ie n \{\
+.    ds -- \(*W-
+.    ds PI pi
+.    if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch
+.    if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\"  diablo 12 pitch
+.    ds L" ""
+.    ds R" ""
+.    ds C` ""
+.    ds C' ""
+'br\}
+.el\{\
+.    ds -- \|\(em\|
+.    ds PI \(*p
+.    ds L" ``
+.    ds R" ''
+.    ds C`
+.    ds C'
+'br\}
+.\"
+.\" Escape single quotes in literal strings from groff's Unicode transform.
+.ie \n(.g .ds Aq \(aq
+.el       .ds Aq '
+.\"
+.\" If the F register is >0, we'll generate index entries on stderr for
+.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index
+.\" entries marked with X<> in POD.  Of course, you'll have to process the
+.\" output yourself in some meaningful fashion.
+.\"
+.\" Avoid warning from groff about undefined register 'F'.
+.de IX
+..
+.nr rF 0
+.if \n(.g .if rF .nr rF 1
+.if (\n(rF:(\n(.g==0)) \{\
+.    if \nF \{\
+.        de IX
+.        tm Index:\\$1\t\\n%\t"\\$2"
+..
+.        if !\nF==2 \{\
+.            nr % 0
+.            nr F 2
+.        \}
+.    \}
+.\}
+.rr rF
+.\"
+.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2).
+.\" Fear.  Run.  Save yourself.  No user-serviceable parts.
+.    \" fudge factors for nroff and troff
+.if n \{\
+.    ds #H 0
+.    ds #V .8m
+.    ds #F .3m
+.    ds #[ \f1
+.    ds #] \fP
+.\}
+.if t \{\
+.    ds #H ((1u-(\\\\n(.fu%2u))*.13m)
+.    ds #V .6m
+.    ds #F 0
+.    ds #[ \&
+.    ds #] \&
+.\}
+.    \" simple accents for nroff and troff
+.if n \{\
+.    ds ' \&
+.    ds ` \&
+.    ds ^ \&
+.    ds , \&
+.    ds ~ ~
+.    ds /
+.\}
+.if t \{\
+.    ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u"
+.    ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u'
+.    ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u'
+.    ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u'
+.    ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u'
+.    ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u'
+.\}
+.    \" troff and (daisy-wheel) nroff accents
+.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V'
+.ds 8 \h'\*(#H'\(*b\h'-\*(#H'
+.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#]
+.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H'
+.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u'
+.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#]
+.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#]
+.ds ae a\h'-(\w'a'u*4/10)'e
+.ds Ae A\h'-(\w'A'u*4/10)'E
+.    \" corrections for vroff
+.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u'
+.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u'
+.    \" for low resolution devices (crt and lpr)
+.if \n(.H>23 .if \n(.V>19 \
+\{\
+.    ds : e
+.    ds 8 ss
+.    ds o a
+.    ds d- d\h'-1'\(ga
+.    ds D- D\h'-1'\(hy
+.    ds th \o'bp'
+.    ds Th \o'LP'
+.    ds ae ae
+.    ds Ae AE
+.\}
+.rm #[ #] #H #V #F C
+.\" ========================================================================
+.\"
+.IX Title "LIBEV 3"
+.TH LIBEV 3 "2020-03-12" "libev-4.31" "libev - high performance full featured event loop"
+.\" For nroff, turn off justification.  Always turn off hyphenation; it makes
+.\" way too many mistakes in technical documents.
+.if n .ad l
+.nh
+.SH "NAME"
+libev \- a high performance full\-featured event loop written in C
+.SH "SYNOPSIS"
+.IX Header "SYNOPSIS"
+.Vb 1
+\&   #include <ev.h>
+.Ve
+.SS "\s-1EXAMPLE PROGRAM\s0"
+.IX Subsection "EXAMPLE PROGRAM"
+.Vb 2
+\&   // a single header file is required
+\&   #include <ev.h>
+\&
+\&   #include <stdio.h> // for puts
+\&
+\&   // every watcher type has its own typedef\*(Aqd struct
+\&   // with the name ev_TYPE
+\&   ev_io stdin_watcher;
+\&   ev_timer timeout_watcher;
+\&
+\&   // all watcher callbacks have a similar signature
+\&   // this callback is called when data is readable on stdin
+\&   static void
+\&   stdin_cb (EV_P_ ev_io *w, int revents)
+\&   {
+\&     puts ("stdin ready");
+\&     // for one\-shot events, one must manually stop the watcher
+\&     // with its corresponding stop function.
+\&     ev_io_stop (EV_A_ w);
+\&
+\&     // this causes all nested ev_run\*(Aqs to stop iterating
+\&     ev_break (EV_A_ EVBREAK_ALL);
+\&   }
+\&
+\&   // another callback, this time for a time\-out
+\&   static void
+\&   timeout_cb (EV_P_ ev_timer *w, int revents)
+\&   {
+\&     puts ("timeout");
+\&     // this causes the innermost ev_run to stop iterating
+\&     ev_break (EV_A_ EVBREAK_ONE);
+\&   }
+\&
+\&   int
+\&   main (void)
+\&   {
+\&     // use the default event loop unless you have special needs
+\&     struct ev_loop *loop = EV_DEFAULT;
+\&
+\&     // initialise an io watcher, then start it
+\&     // this one will watch for stdin to become readable
+\&     ev_io_init (&stdin_watcher, stdin_cb, /*STDIN_FILENO*/ 0, EV_READ);
+\&     ev_io_start (loop, &stdin_watcher);
+\&
+\&     // initialise a timer watcher, then start it
+\&     // simple non\-repeating 5.5 second timeout
+\&     ev_timer_init (&timeout_watcher, timeout_cb, 5.5, 0.);
+\&     ev_timer_start (loop, &timeout_watcher);
+\&
+\&     // now wait for events to arrive
+\&     ev_run (loop, 0);
+\&
+\&     // break was called, so exit
+\&     return 0;
+\&   }
+.Ve
+.SH "ABOUT THIS DOCUMENT"
+.IX Header "ABOUT THIS DOCUMENT"
+This document documents the libev software package.
+.PP
+The newest version of this document is also available as an html-formatted
+web page you might find easier to navigate when reading it for the first
+time: <http://pod.tst.eu/http://cvs.schmorp.de/libev/ev.pod>.
+.PP
+While this document tries to be as complete as possible in documenting
+libev, its usage and the rationale behind its design, it is not a tutorial
+on event-based programming, nor will it introduce event-based programming
+with libev.
+.PP
+Familiarity with event based programming techniques in general is assumed
+throughout this document.
+.SH "WHAT TO READ WHEN IN A HURRY"
+.IX Header "WHAT TO READ WHEN IN A HURRY"
+This manual tries to be very detailed, but unfortunately, this also makes
+it very long. If you just want to know the basics of libev, I suggest
+reading \*(L"\s-1ANATOMY OF A WATCHER\*(R"\s0, then the \*(L"\s-1EXAMPLE PROGRAM\*(R"\s0 above and
+look up the missing functions in \*(L"\s-1GLOBAL FUNCTIONS\*(R"\s0 and the \f(CW\*(C`ev_io\*(C'\fR and
+\&\f(CW\*(C`ev_timer\*(C'\fR sections in \*(L"\s-1WATCHER TYPES\*(R"\s0.
+.SH "ABOUT LIBEV"
+.IX Header "ABOUT LIBEV"
+Libev is an event loop: you register interest in certain events (such as a
+file descriptor being readable or a timeout occurring), and it will manage
+these event sources and provide your program with events.
+.PP
+To do this, it must take more or less complete control over your process
+(or thread) by executing the \fIevent loop\fR handler, and will then
+communicate events via a callback mechanism.
+.PP
+You register interest in certain events by registering so-called \fIevent
+watchers\fR, which are relatively small C structures you initialise with the
+details of the event, and then hand it over to libev by \fIstarting\fR the
+watcher.
+.SS "\s-1FEATURES\s0"
+.IX Subsection "FEATURES"
+Libev supports \f(CW\*(C`select\*(C'\fR, \f(CW\*(C`poll\*(C'\fR, the Linux-specific aio and \f(CW\*(C`epoll\*(C'\fR
+interfaces, the BSD-specific \f(CW\*(C`kqueue\*(C'\fR and the Solaris-specific event port
+mechanisms for file descriptor events (\f(CW\*(C`ev_io\*(C'\fR), the Linux \f(CW\*(C`inotify\*(C'\fR
+interface (for \f(CW\*(C`ev_stat\*(C'\fR), Linux eventfd/signalfd (for faster and cleaner
+inter-thread wakeup (\f(CW\*(C`ev_async\*(C'\fR)/signal handling (\f(CW\*(C`ev_signal\*(C'\fR)) relative
+timers (\f(CW\*(C`ev_timer\*(C'\fR), absolute timers with customised rescheduling
+(\f(CW\*(C`ev_periodic\*(C'\fR), synchronous signals (\f(CW\*(C`ev_signal\*(C'\fR), process status
+change events (\f(CW\*(C`ev_child\*(C'\fR), and event watchers dealing with the event
+loop mechanism itself (\f(CW\*(C`ev_idle\*(C'\fR, \f(CW\*(C`ev_embed\*(C'\fR, \f(CW\*(C`ev_prepare\*(C'\fR and
+\&\f(CW\*(C`ev_check\*(C'\fR watchers) as well as file watchers (\f(CW\*(C`ev_stat\*(C'\fR) and even
+limited support for fork events (\f(CW\*(C`ev_fork\*(C'\fR).
+.PP
+It also is quite fast (see this
+benchmark <http://libev.schmorp.de/bench.html> comparing it to libevent
+for example).
+.SS "\s-1CONVENTIONS\s0"
+.IX Subsection "CONVENTIONS"
+Libev is very configurable. In this manual the default (and most common)
+configuration will be described, which supports multiple event loops. For
+more info about various configuration options please have a look at
+\&\fB\s-1EMBED\s0\fR section in this manual. If libev was configured without support
+for multiple event loops, then all functions taking an initial argument of
+name \f(CW\*(C`loop\*(C'\fR (which is always of type \f(CW\*(C`struct ev_loop *\*(C'\fR) will not have
+this argument.
+.SS "\s-1TIME REPRESENTATION\s0"
+.IX Subsection "TIME REPRESENTATION"
+Libev represents time as a single floating point number, representing
+the (fractional) number of seconds since the (\s-1POSIX\s0) epoch (in practice
+somewhere near the beginning of 1970, details are complicated, don't
+ask). This type is called \f(CW\*(C`ev_tstamp\*(C'\fR, which is what you should use
+too. It usually aliases to the \f(CW\*(C`double\*(C'\fR type in C. When you need to do
+any calculations on it, you should treat it as some floating point value.
+.PP
+Unlike the name component \f(CW\*(C`stamp\*(C'\fR might indicate, it is also used for
+time differences (e.g. delays) throughout libev.
+.SH "ERROR HANDLING"
+.IX Header "ERROR HANDLING"
+Libev knows three classes of errors: operating system errors, usage errors
+and internal errors (bugs).
+.PP
+When libev catches an operating system error it cannot handle (for example
+a system call indicating a condition libev cannot fix), it calls the callback
+set via \f(CW\*(C`ev_set_syserr_cb\*(C'\fR, which is supposed to fix the problem or
+abort. The default is to print a diagnostic message and to call \f(CW\*(C`abort
+()\*(C'\fR.
+.PP
+When libev detects a usage error such as a negative timer interval, then
+it will print a diagnostic message and abort (via the \f(CW\*(C`assert\*(C'\fR mechanism,
+so \f(CW\*(C`NDEBUG\*(C'\fR will disable this checking): these are programming errors in
+the libev caller and need to be fixed there.
+.PP
+Via the \f(CW\*(C`EV_FREQUENT\*(C'\fR macro you can compile in and/or enable extensive
+consistency checking code inside libev that can be used to check for
+internal inconsistencies, suually caused by application bugs.
+.PP
+Libev also has a few internal error-checking \f(CW\*(C`assert\*(C'\fRions. These do not
+trigger under normal circumstances, as they indicate either a bug in libev
+or worse.
+.SH "GLOBAL FUNCTIONS"
+.IX Header "GLOBAL FUNCTIONS"
+These functions can be called anytime, even before initialising the
+library in any way.
+.IP "ev_tstamp ev_time ()" 4
+.IX Item "ev_tstamp ev_time ()"
+Returns the current time as libev would use it. Please note that the
+\&\f(CW\*(C`ev_now\*(C'\fR function is usually faster and also often returns the timestamp
+you actually want to know. Also interesting is the combination of
+\&\f(CW\*(C`ev_now_update\*(C'\fR and \f(CW\*(C`ev_now\*(C'\fR.
+.IP "ev_sleep (ev_tstamp interval)" 4
+.IX Item "ev_sleep (ev_tstamp interval)"
+Sleep for the given interval: The current thread will be blocked
+until either it is interrupted or the given time interval has
+passed (approximately \- it might return a bit earlier even if not
+interrupted). Returns immediately if \f(CW\*(C`interval <= 0\*(C'\fR.
+.Sp
+Basically this is a sub-second-resolution \f(CW\*(C`sleep ()\*(C'\fR.
+.Sp
+The range of the \f(CW\*(C`interval\*(C'\fR is limited \- libev only guarantees to work
+with sleep times of up to one day (\f(CW\*(C`interval <= 86400\*(C'\fR).
+.IP "int ev_version_major ()" 4
+.IX Item "int ev_version_major ()"
+.PD 0
+.IP "int ev_version_minor ()" 4
+.IX Item "int ev_version_minor ()"
+.PD
+You can find out the major and minor \s-1ABI\s0 version numbers of the library
+you linked against by calling the functions \f(CW\*(C`ev_version_major\*(C'\fR and
+\&\f(CW\*(C`ev_version_minor\*(C'\fR. If you want, you can compare against the global
+symbols \f(CW\*(C`EV_VERSION_MAJOR\*(C'\fR and \f(CW\*(C`EV_VERSION_MINOR\*(C'\fR, which specify the
+version of the library your program was compiled against.
+.Sp
+These version numbers refer to the \s-1ABI\s0 version of the library, not the
+release version.
+.Sp
+Usually, it's a good idea to terminate if the major versions mismatch,
+as this indicates an incompatible change. Minor versions are usually
+compatible to older versions, so a larger minor version alone is usually
+not a problem.
+.Sp
+Example: Make sure we haven't accidentally been linked against the wrong
+version (note, however, that this will not detect other \s-1ABI\s0 mismatches,
+such as \s-1LFS\s0 or reentrancy).
+.Sp
+.Vb 3
+\&   assert (("libev version mismatch",
+\&            ev_version_major () == EV_VERSION_MAJOR
+\&            && ev_version_minor () >= EV_VERSION_MINOR));
+.Ve
+.IP "unsigned int ev_supported_backends ()" 4
+.IX Item "unsigned int ev_supported_backends ()"
+Return the set of all backends (i.e. their corresponding \f(CW\*(C`EV_BACKEND_*\*(C'\fR
+value) compiled into this binary of libev (independent of their
+availability on the system you are running on). See \f(CW\*(C`ev_default_loop\*(C'\fR for
+a description of the set values.
+.Sp
+Example: make sure we have the epoll method, because yeah this is cool and
+a must have and can we have a torrent of it please!!!11
+.Sp
+.Vb 2
+\&   assert (("sorry, no epoll, no sex",
+\&            ev_supported_backends () & EVBACKEND_EPOLL));
+.Ve
+.IP "unsigned int ev_recommended_backends ()" 4
+.IX Item "unsigned int ev_recommended_backends ()"
+Return the set of all backends compiled into this binary of libev and
+also recommended for this platform, meaning it will work for most file
+descriptor types. This set is often smaller than the one returned by
+\&\f(CW\*(C`ev_supported_backends\*(C'\fR, as for example kqueue is broken on most BSDs
+and will not be auto-detected unless you explicitly request it (assuming
+you know what you are doing). This is the set of backends that libev will
+probe for if you specify no backends explicitly.
+.IP "unsigned int ev_embeddable_backends ()" 4
+.IX Item "unsigned int ev_embeddable_backends ()"
+Returns the set of backends that are embeddable in other event loops. This
+value is platform-specific but can include backends not available on the
+current system. To find which embeddable backends might be supported on
+the current system, you would need to look at \f(CW\*(C`ev_embeddable_backends ()
+& ev_supported_backends ()\*(C'\fR, likewise for recommended ones.
+.Sp
+See the description of \f(CW\*(C`ev_embed\*(C'\fR watchers for more info.
+.IP "ev_set_allocator (void *(*cb)(void *ptr, long size) throw ())" 4
+.IX Item "ev_set_allocator (void *(*cb)(void *ptr, long size) throw ())"
+Sets the allocation function to use (the prototype is similar \- the
+semantics are identical to the \f(CW\*(C`realloc\*(C'\fR C89/SuS/POSIX function). It is
+used to allocate and free memory (no surprises here). If it returns zero
+when memory needs to be allocated (\f(CW\*(C`size != 0\*(C'\fR), the library might abort
+or take some potentially destructive action.
+.Sp
+Since some systems (at least OpenBSD and Darwin) fail to implement
+correct \f(CW\*(C`realloc\*(C'\fR semantics, libev will use a wrapper around the system
+\&\f(CW\*(C`realloc\*(C'\fR and \f(CW\*(C`free\*(C'\fR functions by default.
+.Sp
+You could override this function in high-availability programs to, say,
+free some memory if it cannot allocate memory, to use a special allocator,
+or even to sleep a while and retry until some memory is available.
+.Sp
+Example: The following is the \f(CW\*(C`realloc\*(C'\fR function that libev itself uses
+which should work with \f(CW\*(C`realloc\*(C'\fR and \f(CW\*(C`free\*(C'\fR functions of all kinds and
+is probably a good basis for your own implementation.
+.Sp
+.Vb 5
+\&   static void *
+\&   ev_realloc_emul (void *ptr, long size) EV_NOEXCEPT
+\&   {
+\&     if (size)
+\&       return realloc (ptr, size);
+\&
+\&     free (ptr);
+\&     return 0;
+\&   }
+.Ve
+.Sp
+Example: Replace the libev allocator with one that waits a bit and then
+retries.
+.Sp
+.Vb 8
+\&   static void *
+\&   persistent_realloc (void *ptr, size_t size)
+\&   {
+\&     if (!size)
+\&       {
+\&         free (ptr);
+\&         return 0;
+\&       }
+\&
+\&     for (;;)
+\&       {
+\&         void *newptr = realloc (ptr, size);
+\&
+\&         if (newptr)
+\&           return newptr;
+\&
+\&         sleep (60);
+\&       }
+\&   }
+\&
+\&   ...
+\&   ev_set_allocator (persistent_realloc);
+.Ve
+.IP "ev_set_syserr_cb (void (*cb)(const char *msg) throw ())" 4
+.IX Item "ev_set_syserr_cb (void (*cb)(const char *msg) throw ())"
+Set the callback function to call on a retryable system call error (such
+as failed select, poll, epoll_wait). The message is a printable string
+indicating the system call or subsystem causing the problem. If this
+callback is set, then libev will expect it to remedy the situation, no
+matter what, when it returns. That is, libev will generally retry the
+requested operation, or, if the condition doesn't go away, do bad stuff
+(such as abort).
+.Sp
+Example: This is basically the same thing that libev does internally, too.
+.Sp
+.Vb 6
+\&   static void
+\&   fatal_error (const char *msg)
+\&   {
+\&     perror (msg);
+\&     abort ();
+\&   }
+\&
+\&   ...
+\&   ev_set_syserr_cb (fatal_error);
+.Ve
+.IP "ev_feed_signal (int signum)" 4
+.IX Item "ev_feed_signal (int signum)"
+This function can be used to \*(L"simulate\*(R" a signal receive. It is completely
+safe to call this function at any time, from any context, including signal
+handlers or random threads.
+.Sp
+Its main use is to customise signal handling in your process, especially
+in the presence of threads. For example, you could block signals
+by default in all threads (and specifying \f(CW\*(C`EVFLAG_NOSIGMASK\*(C'\fR when
+creating any loops), and in one thread, use \f(CW\*(C`sigwait\*(C'\fR or any other
+mechanism to wait for signals, then \*(L"deliver\*(R" them to libev by calling
+\&\f(CW\*(C`ev_feed_signal\*(C'\fR.
+.SH "FUNCTIONS CONTROLLING EVENT LOOPS"
+.IX Header "FUNCTIONS CONTROLLING EVENT LOOPS"
+An event loop is described by a \f(CW\*(C`struct ev_loop *\*(C'\fR (the \f(CW\*(C`struct\*(C'\fR is
+\&\fInot\fR optional in this case unless libev 3 compatibility is disabled, as
+libev 3 had an \f(CW\*(C`ev_loop\*(C'\fR function colliding with the struct name).
+.PP
+The library knows two types of such loops, the \fIdefault\fR loop, which
+supports child process events, and dynamically created event loops which
+do not.
+.IP "struct ev_loop *ev_default_loop (unsigned int flags)" 4
+.IX Item "struct ev_loop *ev_default_loop (unsigned int flags)"
+This returns the \*(L"default\*(R" event loop object, which is what you should
+normally use when you just need \*(L"the event loop\*(R". Event loop objects and
+the \f(CW\*(C`flags\*(C'\fR parameter are described in more detail in the entry for
+\&\f(CW\*(C`ev_loop_new\*(C'\fR.
+.Sp
+If the default loop is already initialised then this function simply
+returns it (and ignores the flags. If that is troubling you, check
+\&\f(CW\*(C`ev_backend ()\*(C'\fR afterwards). Otherwise it will create it with the given
+flags, which should almost always be \f(CW0\fR, unless the caller is also the
+one calling \f(CW\*(C`ev_run\*(C'\fR or otherwise qualifies as \*(L"the main program\*(R".
+.Sp
+If you don't know what event loop to use, use the one returned from this
+function (or via the \f(CW\*(C`EV_DEFAULT\*(C'\fR macro).
+.Sp
+Note that this function is \fInot\fR thread-safe, so if you want to use it
+from multiple threads, you have to employ some kind of mutex (note also
+that this case is unlikely, as loops cannot be shared easily between
+threads anyway).
+.Sp
+The default loop is the only loop that can handle \f(CW\*(C`ev_child\*(C'\fR watchers,
+and to do this, it always registers a handler for \f(CW\*(C`SIGCHLD\*(C'\fR. If this is
+a problem for your application you can either create a dynamic loop with
+\&\f(CW\*(C`ev_loop_new\*(C'\fR which doesn't do that, or you can simply overwrite the
+\&\f(CW\*(C`SIGCHLD\*(C'\fR signal handler \fIafter\fR calling \f(CW\*(C`ev_default_init\*(C'\fR.
+.Sp
+Example: This is the most typical usage.
+.Sp
+.Vb 2
+\&   if (!ev_default_loop (0))
+\&     fatal ("could not initialise libev, bad $LIBEV_FLAGS in environment?");
+.Ve
+.Sp
+Example: Restrict libev to the select and poll backends, and do not allow
+environment settings to be taken into account:
+.Sp
+.Vb 1
+\&   ev_default_loop (EVBACKEND_POLL | EVBACKEND_SELECT | EVFLAG_NOENV);
+.Ve
+.IP "struct ev_loop *ev_loop_new (unsigned int flags)" 4
+.IX Item "struct ev_loop *ev_loop_new (unsigned int flags)"
+This will create and initialise a new event loop object. If the loop
+could not be initialised, returns false.
+.Sp
+This function is thread-safe, and one common way to use libev with
+threads is indeed to create one loop per thread, and using the default
+loop in the \*(L"main\*(R" or \*(L"initial\*(R" thread.
+.Sp
+The flags argument can be used to specify special behaviour or specific
+backends to use, and is usually specified as \f(CW0\fR (or \f(CW\*(C`EVFLAG_AUTO\*(C'\fR).
+.Sp
+The following flags are supported:
+.RS 4
+.ie n .IP """EVFLAG_AUTO""" 4
+.el .IP "\f(CWEVFLAG_AUTO\fR" 4
+.IX Item "EVFLAG_AUTO"
+The default flags value. Use this if you have no clue (it's the right
+thing, believe me).
+.ie n .IP """EVFLAG_NOENV""" 4
+.el .IP "\f(CWEVFLAG_NOENV\fR" 4
+.IX Item "EVFLAG_NOENV"
+If this flag bit is or'ed into the flag value (or the program runs setuid
+or setgid) then libev will \fInot\fR look at the environment variable
+\&\f(CW\*(C`LIBEV_FLAGS\*(C'\fR. Otherwise (the default), this environment variable will
+override the flags completely if it is found in the environment. This is
+useful to try out specific backends to test their performance, to work
+around bugs, or to make libev threadsafe (accessing environment variables
+cannot be done in a threadsafe way, but usually it works if no other
+thread modifies them).
+.ie n .IP """EVFLAG_FORKCHECK""" 4
+.el .IP "\f(CWEVFLAG_FORKCHECK\fR" 4
+.IX Item "EVFLAG_FORKCHECK"
+Instead of calling \f(CW\*(C`ev_loop_fork\*(C'\fR manually after a fork, you can also
+make libev check for a fork in each iteration by enabling this flag.
+.Sp
+This works by calling \f(CW\*(C`getpid ()\*(C'\fR on every iteration of the loop,
+and thus this might slow down your event loop if you do a lot of loop
+iterations and little real work, but is usually not noticeable (on my
+GNU/Linux system for example, \f(CW\*(C`getpid\*(C'\fR is actually a simple 5\-insn
+sequence without a system call and thus \fIvery\fR fast, but my GNU/Linux
+system also has \f(CW\*(C`pthread_atfork\*(C'\fR which is even faster). (Update: glibc
+versions 2.25 apparently removed the \f(CW\*(C`getpid\*(C'\fR optimisation again).
+.Sp
+The big advantage of this flag is that you can forget about fork (and
+forget about forgetting to tell libev about forking, although you still
+have to ignore \f(CW\*(C`SIGPIPE\*(C'\fR) when you use this flag.
+.Sp
+This flag setting cannot be overridden or specified in the \f(CW\*(C`LIBEV_FLAGS\*(C'\fR
+environment variable.
+.ie n .IP """EVFLAG_NOINOTIFY""" 4
+.el .IP "\f(CWEVFLAG_NOINOTIFY\fR" 4
+.IX Item "EVFLAG_NOINOTIFY"
+When this flag is specified, then libev will not attempt to use the
+\&\fIinotify\fR \s-1API\s0 for its \f(CW\*(C`ev_stat\*(C'\fR watchers. Apart from debugging and
+testing, this flag can be useful to conserve inotify file descriptors, as
+otherwise each loop using \f(CW\*(C`ev_stat\*(C'\fR watchers consumes one inotify handle.
+.ie n .IP """EVFLAG_SIGNALFD""" 4
+.el .IP "\f(CWEVFLAG_SIGNALFD\fR" 4
+.IX Item "EVFLAG_SIGNALFD"
+When this flag is specified, then libev will attempt to use the
+\&\fIsignalfd\fR \s-1API\s0 for its \f(CW\*(C`ev_signal\*(C'\fR (and \f(CW\*(C`ev_child\*(C'\fR) watchers. This \s-1API\s0
+delivers signals synchronously, which makes it both faster and might make
+it possible to get the queued signal data. It can also simplify signal
+handling with threads, as long as you properly block signals in your
+threads that are not interested in handling them.
+.Sp
+Signalfd will not be used by default as this changes your signal mask, and
+there are a lot of shoddy libraries and programs (glib's threadpool for
+example) that can't properly initialise their signal masks.
+.ie n .IP """EVFLAG_NOSIGMASK""" 4
+.el .IP "\f(CWEVFLAG_NOSIGMASK\fR" 4
+.IX Item "EVFLAG_NOSIGMASK"
+When this flag is specified, then libev will avoid to modify the signal
+mask. Specifically, this means you have to make sure signals are unblocked
+when you want to receive them.
+.Sp
+This behaviour is useful when you want to do your own signal handling, or
+want to handle signals only in specific threads and want to avoid libev
+unblocking the signals.
+.Sp
+It's also required by \s-1POSIX\s0 in a threaded program, as libev calls
+\&\f(CW\*(C`sigprocmask\*(C'\fR, whose behaviour is officially unspecified.
+.ie n .IP """EVFLAG_NOTIMERFD""" 4
+.el .IP "\f(CWEVFLAG_NOTIMERFD\fR" 4
+.IX Item "EVFLAG_NOTIMERFD"
+When this flag is specified, the libev will avoid using a \f(CW\*(C`timerfd\*(C'\fR to
+detect time jumps. It will still be able to detect time jumps, but takes
+longer and has a lower accuracy in doing so, but saves a file descriptor
+per loop.
+.Sp
+The current implementation only tries to use a \f(CW\*(C`timerfd\*(C'\fR when the first
+\&\f(CW\*(C`ev_periodic\*(C'\fR watcher is started and falls back on other methods if it
+cannot be created, but this behaviour might change in the future.
+.ie n .IP """EVBACKEND_SELECT""  (value 1, portable select backend)" 4
+.el .IP "\f(CWEVBACKEND_SELECT\fR  (value 1, portable select backend)" 4
+.IX Item "EVBACKEND_SELECT (value 1, portable select backend)"
+This is your standard \fBselect\fR\|(2) backend. Not \fIcompletely\fR standard, as
+libev tries to roll its own fd_set with no limits on the number of fds,
+but if that fails, expect a fairly low limit on the number of fds when
+using this backend. It doesn't scale too well (O(highest_fd)), but its
+usually the fastest backend for a low number of (low-numbered :) fds.
+.Sp
+To get good performance out of this backend you need a high amount of
+parallelism (most of the file descriptors should be busy). If you are
+writing a server, you should \f(CW\*(C`accept ()\*(C'\fR in a loop to accept as many
+connections as possible during one iteration. You might also want to have
+a look at \f(CW\*(C`ev_set_io_collect_interval ()\*(C'\fR to increase the amount of
+readiness notifications you get per iteration.
+.Sp
+This backend maps \f(CW\*(C`EV_READ\*(C'\fR to the \f(CW\*(C`readfds\*(C'\fR set and \f(CW\*(C`EV_WRITE\*(C'\fR to the
+\&\f(CW\*(C`writefds\*(C'\fR set (and to work around Microsoft Windows bugs, also onto the
+\&\f(CW\*(C`exceptfds\*(C'\fR set on that platform).
+.ie n .IP """EVBACKEND_POLL""    (value 2, poll backend, available everywhere except on windows)" 4
+.el .IP "\f(CWEVBACKEND_POLL\fR    (value 2, poll backend, available everywhere except on windows)" 4
+.IX Item "EVBACKEND_POLL (value 2, poll backend, available everywhere except on windows)"
+And this is your standard \fBpoll\fR\|(2) backend. It's more complicated
+than select, but handles sparse fds better and has no artificial
+limit on the number of fds you can use (except it will slow down
+considerably with a lot of inactive fds). It scales similarly to select,
+i.e. O(total_fds). See the entry for \f(CW\*(C`EVBACKEND_SELECT\*(C'\fR, above, for
+performance tips.
+.Sp
+This backend maps \f(CW\*(C`EV_READ\*(C'\fR to \f(CW\*(C`POLLIN | POLLERR | POLLHUP\*(C'\fR, and
+\&\f(CW\*(C`EV_WRITE\*(C'\fR to \f(CW\*(C`POLLOUT | POLLERR | POLLHUP\*(C'\fR.
+.ie n .IP """EVBACKEND_EPOLL""   (value 4, Linux)" 4
+.el .IP "\f(CWEVBACKEND_EPOLL\fR   (value 4, Linux)" 4
+.IX Item "EVBACKEND_EPOLL (value 4, Linux)"
+Use the Linux-specific \fBepoll\fR\|(7) interface (for both pre\- and post\-2.6.9
+kernels).
+.Sp
+For few fds, this backend is a bit little slower than poll and select, but
+it scales phenomenally better. While poll and select usually scale like
+O(total_fds) where total_fds is the total number of fds (or the highest
+fd), epoll scales either O(1) or O(active_fds).
+.Sp
+The epoll mechanism deserves honorable mention as the most misdesigned
+of the more advanced event mechanisms: mere annoyances include silently
+dropping file descriptors, requiring a system call per change per file
+descriptor (and unnecessary guessing of parameters), problems with dup,
+returning before the timeout value, resulting in additional iterations
+(and only giving 5ms accuracy while select on the same platform gives
+0.1ms) and so on. The biggest issue is fork races, however \- if a program
+forks then \fIboth\fR parent and child process have to recreate the epoll
+set, which can take considerable time (one syscall per file descriptor)
+and is of course hard to detect.
+.Sp
+Epoll is also notoriously buggy \- embedding epoll fds \fIshould\fR work,
+but of course \fIdoesn't\fR, and epoll just loves to report events for
+totally \fIdifferent\fR file descriptors (even already closed ones, so
+one cannot even remove them from the set) than registered in the set
+(especially on \s-1SMP\s0 systems). Libev tries to counter these spurious
+notifications by employing an additional generation counter and comparing
+that against the events to filter out spurious ones, recreating the set
+when required. Epoll also erroneously rounds down timeouts, but gives you
+no way to know when and by how much, so sometimes you have to busy-wait
+because epoll returns immediately despite a nonzero timeout. And last
+not least, it also refuses to work with some file descriptors which work
+perfectly fine with \f(CW\*(C`select\*(C'\fR (files, many character devices...).
+.Sp
+Epoll is truly the train wreck among event poll mechanisms, a frankenpoll,
+cobbled together in a hurry, no thought to design or interaction with
+others. Oh, the pain, will it ever stop...
+.Sp
+While stopping, setting and starting an I/O watcher in the same iteration
+will result in some caching, there is still a system call per such
+incident (because the same \fIfile descriptor\fR could point to a different
+\&\fIfile description\fR now), so its best to avoid that. Also, \f(CW\*(C`dup ()\*(C'\fR'ed
+file descriptors might not work very well if you register events for both
+file descriptors.
+.Sp
+Best performance from this backend is achieved by not unregistering all
+watchers for a file descriptor until it has been closed, if possible,
+i.e. keep at least one watcher active per fd at all times. Stopping and
+starting a watcher (without re-setting it) also usually doesn't cause
+extra overhead. A fork can both result in spurious notifications as well
+as in libev having to destroy and recreate the epoll object, which can
+take considerable time and thus should be avoided.
+.Sp
+All this means that, in practice, \f(CW\*(C`EVBACKEND_SELECT\*(C'\fR can be as fast or
+faster than epoll for maybe up to a hundred file descriptors, depending on
+the usage. So sad.
+.Sp
+While nominally embeddable in other event loops, this feature is broken in
+a lot of kernel revisions, but probably(!) works in current versions.
+.Sp
+This backend maps \f(CW\*(C`EV_READ\*(C'\fR and \f(CW\*(C`EV_WRITE\*(C'\fR in the same way as
+\&\f(CW\*(C`EVBACKEND_POLL\*(C'\fR.
+.ie n .IP """EVBACKEND_LINUXAIO""   (value 64, Linux)" 4
+.el .IP "\f(CWEVBACKEND_LINUXAIO\fR   (value 64, Linux)" 4
+.IX Item "EVBACKEND_LINUXAIO (value 64, Linux)"
+Use the Linux-specific Linux \s-1AIO\s0 (\fInot\fR \f(CWaio(7)\fR but \f(CWio_submit(2)\fR) event interface available in post\-4.18 kernels (but libev
+only tries to use it in 4.19+).
+.Sp
+This is another Linux train wreck of an event interface.
+.Sp
+If this backend works for you (as of this writing, it was very
+experimental), it is the best event interface available on Linux and might
+be well worth enabling it \- if it isn't available in your kernel this will
+be detected and this backend will be skipped.
+.Sp
+This backend can batch oneshot requests and supports a user-space ring
+buffer to receive events. It also doesn't suffer from most of the design
+problems of epoll (such as not being able to remove event sources from
+the epoll set), and generally sounds too good to be true. Because, this
+being the Linux kernel, of course it suffers from a whole new set of
+limitations, forcing you to fall back to epoll, inheriting all its design
+issues.
+.Sp
+For one, it is not easily embeddable (but probably could be done using
+an event fd at some extra overhead). It also is subject to a system wide
+limit that can be configured in \fI/proc/sys/fs/aio\-max\-nr\fR. If no \s-1AIO\s0
+requests are left, this backend will be skipped during initialisation, and
+will switch to epoll when the loop is active.
+.Sp
+Most problematic in practice, however, is that not all file descriptors
+work with it. For example, in Linux 5.1, \s-1TCP\s0 sockets, pipes, event fds,
+files, \fI/dev/null\fR and many others are supported, but ttys do not work
+properly (a known bug that the kernel developers don't care about, see
+<https://lore.kernel.org/patchwork/patch/1047453/>), so this is not
+(yet?) a generic event polling interface.
+.Sp
+Overall, it seems the Linux developers just don't want it to have a
+generic event handling mechanism other than \f(CW\*(C`select\*(C'\fR or \f(CW\*(C`poll\*(C'\fR.
+.Sp
+To work around all these problem, the current version of libev uses its
+epoll backend as a fallback for file descriptor types that do not work. Or
+falls back completely to epoll if the kernel acts up.
+.Sp
+This backend maps \f(CW\*(C`EV_READ\*(C'\fR and \f(CW\*(C`EV_WRITE\*(C'\fR in the same way as
+\&\f(CW\*(C`EVBACKEND_POLL\*(C'\fR.
+.ie n .IP """EVBACKEND_KQUEUE""  (value 8, most \s-1BSD\s0 clones)" 4
+.el .IP "\f(CWEVBACKEND_KQUEUE\fR  (value 8, most \s-1BSD\s0 clones)" 4
+.IX Item "EVBACKEND_KQUEUE (value 8, most BSD clones)"
+Kqueue deserves special mention, as at the time this backend was
+implemented, it was broken on all BSDs except NetBSD (usually it doesn't
+work reliably with anything but sockets and pipes, except on Darwin,
+where of course it's completely useless). Unlike epoll, however, whose
+brokenness is by design, these kqueue bugs can be (and mostly have been)
+fixed without \s-1API\s0 changes to existing programs. For this reason it's not
+being \*(L"auto-detected\*(R" on all platforms unless you explicitly specify it
+in the flags (i.e. using \f(CW\*(C`EVBACKEND_KQUEUE\*(C'\fR) or libev was compiled on a
+known-to-be-good (\-enough) system like NetBSD.
+.Sp
+You still can embed kqueue into a normal poll or select backend and use it
+only for sockets (after having made sure that sockets work with kqueue on
+the target platform). See \f(CW\*(C`ev_embed\*(C'\fR watchers for more info.
+.Sp
+It scales in the same way as the epoll backend, but the interface to the
+kernel is more efficient (which says nothing about its actual speed, of
+course). While stopping, setting and starting an I/O watcher does never
+cause an extra system call as with \f(CW\*(C`EVBACKEND_EPOLL\*(C'\fR, it still adds up to
+two event changes per incident. Support for \f(CW\*(C`fork ()\*(C'\fR is very bad (you
+might have to leak fds on fork, but it's more sane than epoll) and it
+drops fds silently in similarly hard-to-detect cases.
+.Sp
+This backend usually performs well under most conditions.
+.Sp
+While nominally embeddable in other event loops, this doesn't work
+everywhere, so you might need to test for this. And since it is broken
+almost everywhere, you should only use it when you have a lot of sockets
+(for which it usually works), by embedding it into another event loop
+(e.g. \f(CW\*(C`EVBACKEND_SELECT\*(C'\fR or \f(CW\*(C`EVBACKEND_POLL\*(C'\fR (but \f(CW\*(C`poll\*(C'\fR is of course
+also broken on \s-1OS X\s0)) and, did I mention it, using it only for sockets.
+.Sp
+This backend maps \f(CW\*(C`EV_READ\*(C'\fR into an \f(CW\*(C`EVFILT_READ\*(C'\fR kevent with
+\&\f(CW\*(C`NOTE_EOF\*(C'\fR, and \f(CW\*(C`EV_WRITE\*(C'\fR into an \f(CW\*(C`EVFILT_WRITE\*(C'\fR kevent with
+\&\f(CW\*(C`NOTE_EOF\*(C'\fR.
+.ie n .IP """EVBACKEND_DEVPOLL"" (value 16, Solaris 8)" 4
+.el .IP "\f(CWEVBACKEND_DEVPOLL\fR (value 16, Solaris 8)" 4
+.IX Item "EVBACKEND_DEVPOLL (value 16, Solaris 8)"
+This is not implemented yet (and might never be, unless you send me an
+implementation). According to reports, \f(CW\*(C`/dev/poll\*(C'\fR only supports sockets
+and is not embeddable, which would limit the usefulness of this backend
+immensely.
+.ie n .IP """EVBACKEND_PORT""    (value 32, Solaris 10)" 4
+.el .IP "\f(CWEVBACKEND_PORT\fR    (value 32, Solaris 10)" 4
+.IX Item "EVBACKEND_PORT (value 32, Solaris 10)"
+This uses the Solaris 10 event port mechanism. As with everything on Solaris,
+it's really slow, but it still scales very well (O(active_fds)).
+.Sp
+While this backend scales well, it requires one system call per active
+file descriptor per loop iteration. For small and medium numbers of file
+descriptors a \*(L"slow\*(R" \f(CW\*(C`EVBACKEND_SELECT\*(C'\fR or \f(CW\*(C`EVBACKEND_POLL\*(C'\fR backend
+might perform better.
+.Sp
+On the positive side, this backend actually performed fully to
+specification in all tests and is fully embeddable, which is a rare feat
+among the OS-specific backends (I vastly prefer correctness over speed
+hacks).
+.Sp
+On the negative side, the interface is \fIbizarre\fR \- so bizarre that
+even sun itself gets it wrong in their code examples: The event polling
+function sometimes returns events to the caller even though an error
+occurred, but with no indication whether it has done so or not (yes, it's
+even documented that way) \- deadly for edge-triggered interfaces where you
+absolutely have to know whether an event occurred or not because you have
+to re-arm the watcher.
+.Sp
+Fortunately libev seems to be able to work around these idiocies.
+.Sp
+This backend maps \f(CW\*(C`EV_READ\*(C'\fR and \f(CW\*(C`EV_WRITE\*(C'\fR in the same way as
+\&\f(CW\*(C`EVBACKEND_POLL\*(C'\fR.
+.ie n .IP """EVBACKEND_ALL""" 4
+.el .IP "\f(CWEVBACKEND_ALL\fR" 4
+.IX Item "EVBACKEND_ALL"
+Try all backends (even potentially broken ones that wouldn't be tried
+with \f(CW\*(C`EVFLAG_AUTO\*(C'\fR). Since this is a mask, you can do stuff such as
+\&\f(CW\*(C`EVBACKEND_ALL & ~EVBACKEND_KQUEUE\*(C'\fR.
+.Sp
+It is definitely not recommended to use this flag, use whatever
+\&\f(CW\*(C`ev_recommended_backends ()\*(C'\fR returns, or simply do not specify a backend
+at all.
+.ie n .IP """EVBACKEND_MASK""" 4
+.el .IP "\f(CWEVBACKEND_MASK\fR" 4
+.IX Item "EVBACKEND_MASK"
+Not a backend at all, but a mask to select all backend bits from a
+\&\f(CW\*(C`flags\*(C'\fR value, in case you want to mask out any backends from a flags
+value (e.g. when modifying the \f(CW\*(C`LIBEV_FLAGS\*(C'\fR environment variable).
+.RE
+.RS 4
+.Sp
+If one or more of the backend flags are or'ed into the flags value,
+then only these backends will be tried (in the reverse order as listed
+here). If none are specified, all backends in \f(CW\*(C`ev_recommended_backends
+()\*(C'\fR will be tried.
+.Sp
+Example: Try to create a event loop that uses epoll and nothing else.
+.Sp
+.Vb 3
+\&   struct ev_loop *epoller = ev_loop_new (EVBACKEND_EPOLL | EVFLAG_NOENV);
+\&   if (!epoller)
+\&     fatal ("no epoll found here, maybe it hides under your chair");
+.Ve
+.Sp
+Example: Use whatever libev has to offer, but make sure that kqueue is
+used if available.
+.Sp
+.Vb 1
+\&   struct ev_loop *loop = ev_loop_new (ev_recommended_backends () | EVBACKEND_KQUEUE);
+.Ve
+.Sp
+Example: Similarly, on linux, you mgiht want to take advantage of the
+linux aio backend if possible, but fall back to something else if that
+isn't available.
+.Sp
+.Vb 1
+\&   struct ev_loop *loop = ev_loop_new (ev_recommended_backends () | EVBACKEND_LINUXAIO);
+.Ve
+.RE
+.IP "ev_loop_destroy (loop)" 4
+.IX Item "ev_loop_destroy (loop)"
+Destroys an event loop object (frees all memory and kernel state
+etc.). None of the active event watchers will be stopped in the normal
+sense, so e.g. \f(CW\*(C`ev_is_active\*(C'\fR might still return true. It is your
+responsibility to either stop all watchers cleanly yourself \fIbefore\fR
+calling this function, or cope with the fact afterwards (which is usually
+the easiest thing, you can just ignore the watchers and/or \f(CW\*(C`free ()\*(C'\fR them
+for example).
+.Sp
+Note that certain global state, such as signal state (and installed signal
+handlers), will not be freed by this function, and related watchers (such
+as signal and child watchers) would need to be stopped manually.
+.Sp
+This function is normally used on loop objects allocated by
+\&\f(CW\*(C`ev_loop_new\*(C'\fR, but it can also be used on the default loop returned by
+\&\f(CW\*(C`ev_default_loop\*(C'\fR, in which case it is not thread-safe.
+.Sp
+Note that it is not advisable to call this function on the default loop
+except in the rare occasion where you really need to free its resources.
+If you need dynamically allocated loops it is better to use \f(CW\*(C`ev_loop_new\*(C'\fR
+and \f(CW\*(C`ev_loop_destroy\*(C'\fR.
+.IP "ev_loop_fork (loop)" 4
+.IX Item "ev_loop_fork (loop)"
+This function sets a flag that causes subsequent \f(CW\*(C`ev_run\*(C'\fR iterations
+to reinitialise the kernel state for backends that have one. Despite
+the name, you can call it anytime you are allowed to start or stop
+watchers (except inside an \f(CW\*(C`ev_prepare\*(C'\fR callback), but it makes most
+sense after forking, in the child process. You \fImust\fR call it (or use
+\&\f(CW\*(C`EVFLAG_FORKCHECK\*(C'\fR) in the child before resuming or calling \f(CW\*(C`ev_run\*(C'\fR.
+.Sp
+In addition, if you want to reuse a loop (via this function or
+\&\f(CW\*(C`EVFLAG_FORKCHECK\*(C'\fR), you \fIalso\fR have to ignore \f(CW\*(C`SIGPIPE\*(C'\fR.
+.Sp
+Again, you \fIhave\fR to call it on \fIany\fR loop that you want to re-use after
+a fork, \fIeven if you do not plan to use the loop in the parent\fR. This is
+because some kernel interfaces *cough* \fIkqueue\fR *cough* do funny things
+during fork.
+.Sp
+On the other hand, you only need to call this function in the child
+process if and only if you want to use the event loop in the child. If
+you just fork+exec or create a new loop in the child, you don't have to
+call it at all (in fact, \f(CW\*(C`epoll\*(C'\fR is so badly broken that it makes a
+difference, but libev will usually detect this case on its own and do a
+costly reset of the backend).
+.Sp
+The function itself is quite fast and it's usually not a problem to call
+it just in case after a fork.
+.Sp
+Example: Automate calling \f(CW\*(C`ev_loop_fork\*(C'\fR on the default loop when
+using pthreads.
+.Sp
+.Vb 5
+\&   static void
+\&   post_fork_child (void)
+\&   {
+\&     ev_loop_fork (EV_DEFAULT);
+\&   }
+\&
+\&   ...
+\&   pthread_atfork (0, 0, post_fork_child);
+.Ve
+.IP "int ev_is_default_loop (loop)" 4
+.IX Item "int ev_is_default_loop (loop)"
+Returns true when the given loop is, in fact, the default loop, and false
+otherwise.
+.IP "unsigned int ev_iteration (loop)" 4
+.IX Item "unsigned int ev_iteration (loop)"
+Returns the current iteration count for the event loop, which is identical
+to the number of times libev did poll for new events. It starts at \f(CW0\fR
+and happily wraps around with enough iterations.
+.Sp
+This value can sometimes be useful as a generation counter of sorts (it
+\&\*(L"ticks\*(R" the number of loop iterations), as it roughly corresponds with
+\&\f(CW\*(C`ev_prepare\*(C'\fR and \f(CW\*(C`ev_check\*(C'\fR calls \- and is incremented between the
+prepare and check phases.
+.IP "unsigned int ev_depth (loop)" 4
+.IX Item "unsigned int ev_depth (loop)"
+Returns the number of times \f(CW\*(C`ev_run\*(C'\fR was entered minus the number of
+times \f(CW\*(C`ev_run\*(C'\fR was exited normally, in other words, the recursion depth.
+.Sp
+Outside \f(CW\*(C`ev_run\*(C'\fR, this number is zero. In a callback, this number is
+\&\f(CW1\fR, unless \f(CW\*(C`ev_run\*(C'\fR was invoked recursively (or from another thread),
+in which case it is higher.
+.Sp
+Leaving \f(CW\*(C`ev_run\*(C'\fR abnormally (setjmp/longjmp, cancelling the thread,
+throwing an exception etc.), doesn't count as \*(L"exit\*(R" \- consider this
+as a hint to avoid such ungentleman-like behaviour unless it's really
+convenient, in which case it is fully supported.
+.IP "unsigned int ev_backend (loop)" 4
+.IX Item "unsigned int ev_backend (loop)"
+Returns one of the \f(CW\*(C`EVBACKEND_*\*(C'\fR flags indicating the event backend in
+use.
+.IP "ev_tstamp ev_now (loop)" 4
+.IX Item "ev_tstamp ev_now (loop)"
+Returns the current \*(L"event loop time\*(R", which is the time the event loop
+received events and started processing them. This timestamp does not
+change as long as callbacks are being processed, and this is also the base
+time used for relative timers. You can treat it as the timestamp of the
+event occurring (or more correctly, libev finding out about it).
+.IP "ev_now_update (loop)" 4
+.IX Item "ev_now_update (loop)"
+Establishes the current time by querying the kernel, updating the time
+returned by \f(CW\*(C`ev_now ()\*(C'\fR in the progress. This is a costly operation and
+is usually done automatically within \f(CW\*(C`ev_run ()\*(C'\fR.
+.Sp
+This function is rarely useful, but when some event callback runs for a
+very long time without entering the event loop, updating libev's idea of
+the current time is a good idea.
+.Sp
+See also \*(L"The special problem of time updates\*(R" in the \f(CW\*(C`ev_timer\*(C'\fR section.
+.IP "ev_suspend (loop)" 4
+.IX Item "ev_suspend (loop)"
+.PD 0
+.IP "ev_resume (loop)" 4
+.IX Item "ev_resume (loop)"
+.PD
+These two functions suspend and resume an event loop, for use when the
+loop is not used for a while and timeouts should not be processed.
+.Sp
+A typical use case would be an interactive program such as a game:  When
+the user presses \f(CW\*(C`^Z\*(C'\fR to suspend the game and resumes it an hour later it
+would be best to handle timeouts as if no time had actually passed while
+the program was suspended. This can be achieved by calling \f(CW\*(C`ev_suspend\*(C'\fR
+in your \f(CW\*(C`SIGTSTP\*(C'\fR handler, sending yourself a \f(CW\*(C`SIGSTOP\*(C'\fR and calling
+\&\f(CW\*(C`ev_resume\*(C'\fR directly afterwards to resume timer processing.
+.Sp
+Effectively, all \f(CW\*(C`ev_timer\*(C'\fR watchers will be delayed by the time spend
+between \f(CW\*(C`ev_suspend\*(C'\fR and \f(CW\*(C`ev_resume\*(C'\fR, and all \f(CW\*(C`ev_periodic\*(C'\fR watchers
+will be rescheduled (that is, they will lose any events that would have
+occurred while suspended).
+.Sp
+After calling \f(CW\*(C`ev_suspend\*(C'\fR you \fBmust not\fR call \fIany\fR function on the
+given loop other than \f(CW\*(C`ev_resume\*(C'\fR, and you \fBmust not\fR call \f(CW\*(C`ev_resume\*(C'\fR
+without a previous call to \f(CW\*(C`ev_suspend\*(C'\fR.
+.Sp
+Calling \f(CW\*(C`ev_suspend\*(C'\fR/\f(CW\*(C`ev_resume\*(C'\fR has the side effect of updating the
+event loop time (see \f(CW\*(C`ev_now_update\*(C'\fR).
+.IP "bool ev_run (loop, int flags)" 4
+.IX Item "bool ev_run (loop, int flags)"
+Finally, this is it, the event handler. This function usually is called
+after you have initialised all your watchers and you want to start
+handling events. It will ask the operating system for any new events, call
+the watcher callbacks, and then repeat the whole process indefinitely: This
+is why event loops are called \fIloops\fR.
+.Sp
+If the flags argument is specified as \f(CW0\fR, it will keep handling events
+until either no event watchers are active anymore or \f(CW\*(C`ev_break\*(C'\fR was
+called.
+.Sp
+The return value is false if there are no more active watchers (which
+usually means \*(L"all jobs done\*(R" or \*(L"deadlock\*(R"), and true in all other cases
+(which usually means " you should call \f(CW\*(C`ev_run\*(C'\fR again").
+.Sp
+Please note that an explicit \f(CW\*(C`ev_break\*(C'\fR is usually better than
+relying on all watchers to be stopped when deciding when a program has
+finished (especially in interactive programs), but having a program
+that automatically loops as long as it has to and no longer by virtue
+of relying on its watchers stopping correctly, that is truly a thing of
+beauty.
+.Sp
+This function is \fImostly\fR exception-safe \- you can break out of a
+\&\f(CW\*(C`ev_run\*(C'\fR call by calling \f(CW\*(C`longjmp\*(C'\fR in a callback, throwing a \*(C+
+exception and so on. This does not decrement the \f(CW\*(C`ev_depth\*(C'\fR value, nor
+will it clear any outstanding \f(CW\*(C`EVBREAK_ONE\*(C'\fR breaks.
+.Sp
+A flags value of \f(CW\*(C`EVRUN_NOWAIT\*(C'\fR will look for new events, will handle
+those events and any already outstanding ones, but will not wait and
+block your process in case there are no events and will return after one
+iteration of the loop. This is sometimes useful to poll and handle new
+events while doing lengthy calculations, to keep the program responsive.
+.Sp
+A flags value of \f(CW\*(C`EVRUN_ONCE\*(C'\fR will look for new events (waiting if
+necessary) and will handle those and any already outstanding ones. It
+will block your process until at least one new event arrives (which could
+be an event internal to libev itself, so there is no guarantee that a
+user-registered callback will be called), and will return after one
+iteration of the loop.
+.Sp
+This is useful if you are waiting for some external event in conjunction
+with something not expressible using other libev watchers (i.e. "roll your
+own \f(CW\*(C`ev_run\*(C'\fR"). However, a pair of \f(CW\*(C`ev_prepare\*(C'\fR/\f(CW\*(C`ev_check\*(C'\fR watchers is
+usually a better approach for this kind of thing.
+.Sp
+Here are the gory details of what \f(CW\*(C`ev_run\*(C'\fR does (this is for your
+understanding, not a guarantee that things will work exactly like this in
+future versions):
+.Sp
+.Vb 10
+\&   \- Increment loop depth.
+\&   \- Reset the ev_break status.
+\&   \- Before the first iteration, call any pending watchers.
+\&   LOOP:
+\&   \- If EVFLAG_FORKCHECK was used, check for a fork.
+\&   \- If a fork was detected (by any means), queue and call all fork watchers.
+\&   \- Queue and call all prepare watchers.
+\&   \- If ev_break was called, goto FINISH.
+\&   \- If we have been forked, detach and recreate the kernel state
+\&     as to not disturb the other process.
+\&   \- Update the kernel state with all outstanding changes.
+\&   \- Update the "event loop time" (ev_now ()).
+\&   \- Calculate for how long to sleep or block, if at all
+\&     (active idle watchers, EVRUN_NOWAIT or not having
+\&     any active watchers at all will result in not sleeping).
+\&   \- Sleep if the I/O and timer collect interval say so.
+\&   \- Increment loop iteration counter.
+\&   \- Block the process, waiting for any events.
+\&   \- Queue all outstanding I/O (fd) events.
+\&   \- Update the "event loop time" (ev_now ()), and do time jump adjustments.
+\&   \- Queue all expired timers.
+\&   \- Queue all expired periodics.
+\&   \- Queue all idle watchers with priority higher than that of pending events.
+\&   \- Queue all check watchers.
+\&   \- Call all queued watchers in reverse order (i.e. check watchers first).
+\&     Signals and child watchers are implemented as I/O watchers, and will
+\&     be handled here by queueing them when their watcher gets executed.
+\&   \- If ev_break has been called, or EVRUN_ONCE or EVRUN_NOWAIT
+\&     were used, or there are no active watchers, goto FINISH, otherwise
+\&     continue with step LOOP.
+\&   FINISH:
+\&   \- Reset the ev_break status iff it was EVBREAK_ONE.
+\&   \- Decrement the loop depth.
+\&   \- Return.
+.Ve
+.Sp
+Example: Queue some jobs and then loop until no events are outstanding
+anymore.
+.Sp
+.Vb 4
+\&   ... queue jobs here, make sure they register event watchers as long
+\&   ... as they still have work to do (even an idle watcher will do..)
+\&   ev_run (my_loop, 0);
+\&   ... jobs done or somebody called break. yeah!
+.Ve
+.IP "ev_break (loop, how)" 4
+.IX Item "ev_break (loop, how)"
+Can be used to make a call to \f(CW\*(C`ev_run\*(C'\fR return early (but only after it
+has processed all outstanding events). The \f(CW\*(C`how\*(C'\fR argument must be either
+\&\f(CW\*(C`EVBREAK_ONE\*(C'\fR, which will make the innermost \f(CW\*(C`ev_run\*(C'\fR call return, or
+\&\f(CW\*(C`EVBREAK_ALL\*(C'\fR, which will make all nested \f(CW\*(C`ev_run\*(C'\fR calls return.
+.Sp
+This \*(L"break state\*(R" will be cleared on the next call to \f(CW\*(C`ev_run\*(C'\fR.
+.Sp
+It is safe to call \f(CW\*(C`ev_break\*(C'\fR from outside any \f(CW\*(C`ev_run\*(C'\fR calls, too, in
+which case it will have no effect.
+.IP "ev_ref (loop)" 4
+.IX Item "ev_ref (loop)"
+.PD 0
+.IP "ev_unref (loop)" 4
+.IX Item "ev_unref (loop)"
+.PD
+Ref/unref can be used to add or remove a reference count on the event
+loop: Every watcher keeps one reference, and as long as the reference
+count is nonzero, \f(CW\*(C`ev_run\*(C'\fR will not return on its own.
+.Sp
+This is useful when you have a watcher that you never intend to
+unregister, but that nevertheless should not keep \f(CW\*(C`ev_run\*(C'\fR from
+returning. In such a case, call \f(CW\*(C`ev_unref\*(C'\fR after starting, and \f(CW\*(C`ev_ref\*(C'\fR
+before stopping it.
+.Sp
+As an example, libev itself uses this for its internal signal pipe: It
+is not visible to the libev user and should not keep \f(CW\*(C`ev_run\*(C'\fR from
+exiting if no event watchers registered by it are active. It is also an
+excellent way to do this for generic recurring timers or from within
+third-party libraries. Just remember to \fIunref after start\fR and \fIref
+before stop\fR (but only if the watcher wasn't active before, or was active
+before, respectively. Note also that libev might stop watchers itself
+(e.g. non-repeating timers) in which case you have to \f(CW\*(C`ev_ref\*(C'\fR
+in the callback).
+.Sp
+Example: Create a signal watcher, but keep it from keeping \f(CW\*(C`ev_run\*(C'\fR
+running when nothing else is active.
+.Sp
+.Vb 4
+\&   ev_signal exitsig;
+\&   ev_signal_init (&exitsig, sig_cb, SIGINT);
+\&   ev_signal_start (loop, &exitsig);
+\&   ev_unref (loop);
+.Ve
+.Sp
+Example: For some weird reason, unregister the above signal handler again.
+.Sp
+.Vb 2
+\&   ev_ref (loop);
+\&   ev_signal_stop (loop, &exitsig);
+.Ve
+.IP "ev_set_io_collect_interval (loop, ev_tstamp interval)" 4
+.IX Item "ev_set_io_collect_interval (loop, ev_tstamp interval)"
+.PD 0
+.IP "ev_set_timeout_collect_interval (loop, ev_tstamp interval)" 4
+.IX Item "ev_set_timeout_collect_interval (loop, ev_tstamp interval)"
+.PD
+These advanced functions influence the time that libev will spend waiting
+for events. Both time intervals are by default \f(CW0\fR, meaning that libev
+will try to invoke timer/periodic callbacks and I/O callbacks with minimum
+latency.
+.Sp
+Setting these to a higher value (the \f(CW\*(C`interval\*(C'\fR \fImust\fR be >= \f(CW0\fR)
+allows libev to delay invocation of I/O and timer/periodic callbacks
+to increase efficiency of loop iterations (or to increase power-saving
+opportunities).
+.Sp
+The idea is that sometimes your program runs just fast enough to handle
+one (or very few) event(s) per loop iteration. While this makes the
+program responsive, it also wastes a lot of \s-1CPU\s0 time to poll for new
+events, especially with backends like \f(CW\*(C`select ()\*(C'\fR which have a high
+overhead for the actual polling but can deliver many events at once.
+.Sp
+By setting a higher \fIio collect interval\fR you allow libev to spend more
+time collecting I/O events, so you can handle more events per iteration,
+at the cost of increasing latency. Timeouts (both \f(CW\*(C`ev_periodic\*(C'\fR and
+\&\f(CW\*(C`ev_timer\*(C'\fR) will not be affected. Setting this to a non-null value will
+introduce an additional \f(CW\*(C`ev_sleep ()\*(C'\fR call into most loop iterations. The
+sleep time ensures that libev will not poll for I/O events more often then
+once per this interval, on average (as long as the host time resolution is
+good enough).
+.Sp
+Likewise, by setting a higher \fItimeout collect interval\fR you allow libev
+to spend more time collecting timeouts, at the expense of increased
+latency/jitter/inexactness (the watcher callback will be called
+later). \f(CW\*(C`ev_io\*(C'\fR watchers will not be affected. Setting this to a non-null
+value will not introduce any overhead in libev.
+.Sp
+Many (busy) programs can usually benefit by setting the I/O collect
+interval to a value near \f(CW0.1\fR or so, which is often enough for
+interactive servers (of course not for games), likewise for timeouts. It
+usually doesn't make much sense to set it to a lower value than \f(CW0.01\fR,
+as this approaches the timing granularity of most systems. Note that if
+you do transactions with the outside world and you can't increase the
+parallelity, then this setting will limit your transaction rate (if you
+need to poll once per transaction and the I/O collect interval is 0.01,
+then you can't do more than 100 transactions per second).
+.Sp
+Setting the \fItimeout collect interval\fR can improve the opportunity for
+saving power, as the program will \*(L"bundle\*(R" timer callback invocations that
+are \*(L"near\*(R" in time together, by delaying some, thus reducing the number of
+times the process sleeps and wakes up again. Another useful technique to
+reduce iterations/wake\-ups is to use \f(CW\*(C`ev_periodic\*(C'\fR watchers and make sure
+they fire on, say, one-second boundaries only.
+.Sp
+Example: we only need 0.1s timeout granularity, and we wish not to poll
+more often than 100 times per second:
+.Sp
+.Vb 2
+\&   ev_set_timeout_collect_interval (EV_DEFAULT_UC_ 0.1);
+\&   ev_set_io_collect_interval (EV_DEFAULT_UC_ 0.01);
+.Ve
+.IP "ev_invoke_pending (loop)" 4
+.IX Item "ev_invoke_pending (loop)"
+This call will simply invoke all pending watchers while resetting their
+pending state. Normally, \f(CW\*(C`ev_run\*(C'\fR does this automatically when required,
+but when overriding the invoke callback this call comes handy. This
+function can be invoked from a watcher \- this can be useful for example
+when you want to do some lengthy calculation and want to pass further
+event handling to another thread (you still have to make sure only one
+thread executes within \f(CW\*(C`ev_invoke_pending\*(C'\fR or \f(CW\*(C`ev_run\*(C'\fR of course).
+.IP "int ev_pending_count (loop)" 4
+.IX Item "int ev_pending_count (loop)"
+Returns the number of pending watchers \- zero indicates that no watchers
+are pending.
+.IP "ev_set_invoke_pending_cb (loop, void (*invoke_pending_cb)(\s-1EV_P\s0))" 4
+.IX Item "ev_set_invoke_pending_cb (loop, void (*invoke_pending_cb)(EV_P))"
+This overrides the invoke pending functionality of the loop: Instead of
+invoking all pending watchers when there are any, \f(CW\*(C`ev_run\*(C'\fR will call
+this callback instead. This is useful, for example, when you want to
+invoke the actual watchers inside another context (another thread etc.).
+.Sp
+If you want to reset the callback, use \f(CW\*(C`ev_invoke_pending\*(C'\fR as new
+callback.
+.IP "ev_set_loop_release_cb (loop, void (*release)(\s-1EV_P\s0) throw (), void (*acquire)(\s-1EV_P\s0) throw ())" 4
+.IX Item "ev_set_loop_release_cb (loop, void (*release)(EV_P) throw (), void (*acquire)(EV_P) throw ())"
+Sometimes you want to share the same loop between multiple threads. This
+can be done relatively simply by putting mutex_lock/unlock calls around
+each call to a libev function.
+.Sp
+However, \f(CW\*(C`ev_run\*(C'\fR can run an indefinite time, so it is not feasible
+to wait for it to return. One way around this is to wake up the event
+loop via \f(CW\*(C`ev_break\*(C'\fR and \f(CW\*(C`ev_async_send\*(C'\fR, another way is to set these
+\&\fIrelease\fR and \fIacquire\fR callbacks on the loop.
+.Sp
+When set, then \f(CW\*(C`release\*(C'\fR will be called just before the thread is
+suspended waiting for new events, and \f(CW\*(C`acquire\*(C'\fR is called just
+afterwards.
+.Sp
+Ideally, \f(CW\*(C`release\*(C'\fR will just call your mutex_unlock function, and
+\&\f(CW\*(C`acquire\*(C'\fR will just call the mutex_lock function again.
+.Sp
+While event loop modifications are allowed between invocations of
+\&\f(CW\*(C`release\*(C'\fR and \f(CW\*(C`acquire\*(C'\fR (that's their only purpose after all), no
+modifications done will affect the event loop, i.e. adding watchers will
+have no effect on the set of file descriptors being watched, or the time
+waited. Use an \f(CW\*(C`ev_async\*(C'\fR watcher to wake up \f(CW\*(C`ev_run\*(C'\fR when you want it
+to take note of any changes you made.
+.Sp
+In theory, threads executing \f(CW\*(C`ev_run\*(C'\fR will be async-cancel safe between
+invocations of \f(CW\*(C`release\*(C'\fR and \f(CW\*(C`acquire\*(C'\fR.
+.Sp
+See also the locking example in the \f(CW\*(C`THREADS\*(C'\fR section later in this
+document.
+.IP "ev_set_userdata (loop, void *data)" 4
+.IX Item "ev_set_userdata (loop, void *data)"
+.PD 0
+.IP "void *ev_userdata (loop)" 4
+.IX Item "void *ev_userdata (loop)"
+.PD
+Set and retrieve a single \f(CW\*(C`void *\*(C'\fR associated with a loop. When
+\&\f(CW\*(C`ev_set_userdata\*(C'\fR has never been called, then \f(CW\*(C`ev_userdata\*(C'\fR returns
+\&\f(CW0\fR.
+.Sp
+These two functions can be used to associate arbitrary data with a loop,
+and are intended solely for the \f(CW\*(C`invoke_pending_cb\*(C'\fR, \f(CW\*(C`release\*(C'\fR and
+\&\f(CW\*(C`acquire\*(C'\fR callbacks described above, but of course can be (ab\-)used for
+any other purpose as well.
+.IP "ev_verify (loop)" 4
+.IX Item "ev_verify (loop)"
+This function only does something when \f(CW\*(C`EV_VERIFY\*(C'\fR support has been
+compiled in, which is the default for non-minimal builds. It tries to go
+through all internal structures and checks them for validity. If anything
+is found to be inconsistent, it will print an error message to standard
+error and call \f(CW\*(C`abort ()\*(C'\fR.
+.Sp
+This can be used to catch bugs inside libev itself: under normal
+circumstances, this function will never abort as of course libev keeps its
+data structures consistent.
+.SH "ANATOMY OF A WATCHER"
+.IX Header "ANATOMY OF A WATCHER"
+In the following description, uppercase \f(CW\*(C`TYPE\*(C'\fR in names stands for the
+watcher type, e.g. \f(CW\*(C`ev_TYPE_start\*(C'\fR can mean \f(CW\*(C`ev_timer_start\*(C'\fR for timer
+watchers and \f(CW\*(C`ev_io_start\*(C'\fR for I/O watchers.
+.PP
+A watcher is an opaque structure that you allocate and register to record
+your interest in some event. To make a concrete example, imagine you want
+to wait for \s-1STDIN\s0 to become readable, you would create an \f(CW\*(C`ev_io\*(C'\fR watcher
+for that:
+.PP
+.Vb 5
+\&   static void my_cb (struct ev_loop *loop, ev_io *w, int revents)
+\&   {
+\&     ev_io_stop (w);
+\&     ev_break (loop, EVBREAK_ALL);
+\&   }
+\&
+\&   struct ev_loop *loop = ev_default_loop (0);
+\&
+\&   ev_io stdin_watcher;
+\&
+\&   ev_init (&stdin_watcher, my_cb);
+\&   ev_io_set (&stdin_watcher, STDIN_FILENO, EV_READ);
+\&   ev_io_start (loop, &stdin_watcher);
+\&
+\&   ev_run (loop, 0);
+.Ve
+.PP
+As you can see, you are responsible for allocating the memory for your
+watcher structures (and it is \fIusually\fR a bad idea to do this on the
+stack).
+.PP
+Each watcher has an associated watcher structure (called \f(CW\*(C`struct ev_TYPE\*(C'\fR
+or simply \f(CW\*(C`ev_TYPE\*(C'\fR, as typedefs are provided for all watcher structs).
+.PP
+Each watcher structure must be initialised by a call to \f(CW\*(C`ev_init (watcher
+*, callback)\*(C'\fR, which expects a callback to be provided. This callback is
+invoked each time the event occurs (or, in the case of I/O watchers, each
+time the event loop detects that the file descriptor given is readable
+and/or writable).
+.PP
+Each watcher type further has its own \f(CW\*(C`ev_TYPE_set (watcher *, ...)\*(C'\fR
+macro to configure it, with arguments specific to the watcher type. There
+is also a macro to combine initialisation and setting in one call: \f(CW\*(C`ev_TYPE_init (watcher *, callback, ...)\*(C'\fR.
+.PP
+To make the watcher actually watch out for events, you have to start it
+with a watcher-specific start function (\f(CW\*(C`ev_TYPE_start (loop, watcher
+*)\*(C'\fR), and you can stop watching for events at any time by calling the
+corresponding stop function (\f(CW\*(C`ev_TYPE_stop (loop, watcher *)\*(C'\fR.
+.PP
+As long as your watcher is active (has been started but not stopped) you
+must not touch the values stored in it except when explicitly documented
+otherwise. Most specifically you must never reinitialise it or call its
+\&\f(CW\*(C`ev_TYPE_set\*(C'\fR macro.
+.PP
+Each and every callback receives the event loop pointer as first, the
+registered watcher structure as second, and a bitset of received events as
+third argument.
+.PP
+The received events usually include a single bit per event type received
+(you can receive multiple events at the same time). The possible bit masks
+are:
+.ie n .IP """EV_READ""" 4
+.el .IP "\f(CWEV_READ\fR" 4
+.IX Item "EV_READ"
+.PD 0
+.ie n .IP """EV_WRITE""" 4
+.el .IP "\f(CWEV_WRITE\fR" 4
+.IX Item "EV_WRITE"
+.PD
+The file descriptor in the \f(CW\*(C`ev_io\*(C'\fR watcher has become readable and/or
+writable.
+.ie n .IP """EV_TIMER""" 4
+.el .IP "\f(CWEV_TIMER\fR" 4
+.IX Item "EV_TIMER"
+The \f(CW\*(C`ev_timer\*(C'\fR watcher has timed out.
+.ie n .IP """EV_PERIODIC""" 4
+.el .IP "\f(CWEV_PERIODIC\fR" 4
+.IX Item "EV_PERIODIC"
+The \f(CW\*(C`ev_periodic\*(C'\fR watcher has timed out.
+.ie n .IP """EV_SIGNAL""" 4
+.el .IP "\f(CWEV_SIGNAL\fR" 4
+.IX Item "EV_SIGNAL"
+The signal specified in the \f(CW\*(C`ev_signal\*(C'\fR watcher has been received by a thread.
+.ie n .IP """EV_CHILD""" 4
+.el .IP "\f(CWEV_CHILD\fR" 4
+.IX Item "EV_CHILD"
+The pid specified in the \f(CW\*(C`ev_child\*(C'\fR watcher has received a status change.
+.ie n .IP """EV_STAT""" 4
+.el .IP "\f(CWEV_STAT\fR" 4
+.IX Item "EV_STAT"
+The path specified in the \f(CW\*(C`ev_stat\*(C'\fR watcher changed its attributes somehow.
+.ie n .IP """EV_IDLE""" 4
+.el .IP "\f(CWEV_IDLE\fR" 4
+.IX Item "EV_IDLE"
+The \f(CW\*(C`ev_idle\*(C'\fR watcher has determined that you have nothing better to do.
+.ie n .IP """EV_PREPARE""" 4
+.el .IP "\f(CWEV_PREPARE\fR" 4
+.IX Item "EV_PREPARE"
+.PD 0
+.ie n .IP """EV_CHECK""" 4
+.el .IP "\f(CWEV_CHECK\fR" 4
+.IX Item "EV_CHECK"
+.PD
+All \f(CW\*(C`ev_prepare\*(C'\fR watchers are invoked just \fIbefore\fR \f(CW\*(C`ev_run\*(C'\fR starts to
+gather new events, and all \f(CW\*(C`ev_check\*(C'\fR watchers are queued (not invoked)
+just after \f(CW\*(C`ev_run\*(C'\fR has gathered them, but before it queues any callbacks
+for any received events. That means \f(CW\*(C`ev_prepare\*(C'\fR watchers are the last
+watchers invoked before the event loop sleeps or polls for new events, and
+\&\f(CW\*(C`ev_check\*(C'\fR watchers will be invoked before any other watchers of the same
+or lower priority within an event loop iteration.
+.Sp
+Callbacks of both watcher types can start and stop as many watchers as
+they want, and all of them will be taken into account (for example, a
+\&\f(CW\*(C`ev_prepare\*(C'\fR watcher might start an idle watcher to keep \f(CW\*(C`ev_run\*(C'\fR from
+blocking).
+.ie n .IP """EV_EMBED""" 4
+.el .IP "\f(CWEV_EMBED\fR" 4
+.IX Item "EV_EMBED"
+The embedded event loop specified in the \f(CW\*(C`ev_embed\*(C'\fR watcher needs attention.
+.ie n .IP """EV_FORK""" 4
+.el .IP "\f(CWEV_FORK\fR" 4
+.IX Item "EV_FORK"
+The event loop has been resumed in the child process after fork (see
+\&\f(CW\*(C`ev_fork\*(C'\fR).
+.ie n .IP """EV_CLEANUP""" 4
+.el .IP "\f(CWEV_CLEANUP\fR" 4
+.IX Item "EV_CLEANUP"
+The event loop is about to be destroyed (see \f(CW\*(C`ev_cleanup\*(C'\fR).
+.ie n .IP """EV_ASYNC""" 4
+.el .IP "\f(CWEV_ASYNC\fR" 4
+.IX Item "EV_ASYNC"
+The given async watcher has been asynchronously notified (see \f(CW\*(C`ev_async\*(C'\fR).
+.ie n .IP """EV_CUSTOM""" 4
+.el .IP "\f(CWEV_CUSTOM\fR" 4
+.IX Item "EV_CUSTOM"
+Not ever sent (or otherwise used) by libev itself, but can be freely used
+by libev users to signal watchers (e.g. via \f(CW\*(C`ev_feed_event\*(C'\fR).
+.ie n .IP """EV_ERROR""" 4
+.el .IP "\f(CWEV_ERROR\fR" 4
+.IX Item "EV_ERROR"
+An unspecified error has occurred, the watcher has been stopped. This might
+happen because the watcher could not be properly started because libev
+ran out of memory, a file descriptor was found to be closed or any other
+problem. Libev considers these application bugs.
+.Sp
+You best act on it by reporting the problem and somehow coping with the
+watcher being stopped. Note that well-written programs should not receive
+an error ever, so when your watcher receives it, this usually indicates a
+bug in your program.
+.Sp
+Libev will usually signal a few \*(L"dummy\*(R" events together with an error, for
+example it might indicate that a fd is readable or writable, and if your
+callbacks is well-written it can just attempt the operation and cope with
+the error from \fBread()\fR or \fBwrite()\fR. This will not work in multi-threaded
+programs, though, as the fd could already be closed and reused for another
+thing, so beware.
+.SS "\s-1GENERIC WATCHER FUNCTIONS\s0"
+.IX Subsection "GENERIC WATCHER FUNCTIONS"
+.ie n .IP """ev_init"" (ev_TYPE *watcher, callback)" 4
+.el .IP "\f(CWev_init\fR (ev_TYPE *watcher, callback)" 4
+.IX Item "ev_init (ev_TYPE *watcher, callback)"
+This macro initialises the generic portion of a watcher. The contents
+of the watcher object can be arbitrary (so \f(CW\*(C`malloc\*(C'\fR will do). Only
+the generic parts of the watcher are initialised, you \fIneed\fR to call
+the type-specific \f(CW\*(C`ev_TYPE_set\*(C'\fR macro afterwards to initialise the
+type-specific parts. For each type there is also a \f(CW\*(C`ev_TYPE_init\*(C'\fR macro
+which rolls both calls into one.
+.Sp
+You can reinitialise a watcher at any time as long as it has been stopped
+(or never started) and there are no pending events outstanding.
+.Sp
+The callback is always of type \f(CW\*(C`void (*)(struct ev_loop *loop, ev_TYPE *watcher,
+int revents)\*(C'\fR.
+.Sp
+Example: Initialise an \f(CW\*(C`ev_io\*(C'\fR watcher in two steps.
+.Sp
+.Vb 3
+\&   ev_io w;
+\&   ev_init (&w, my_cb);
+\&   ev_io_set (&w, STDIN_FILENO, EV_READ);
+.Ve
+.ie n .IP """ev_TYPE_set"" (ev_TYPE *watcher, [args])" 4
+.el .IP "\f(CWev_TYPE_set\fR (ev_TYPE *watcher, [args])" 4
+.IX Item "ev_TYPE_set (ev_TYPE *watcher, [args])"
+This macro initialises the type-specific parts of a watcher. You need to
+call \f(CW\*(C`ev_init\*(C'\fR at least once before you call this macro, but you can
+call \f(CW\*(C`ev_TYPE_set\*(C'\fR any number of times. You must not, however, call this
+macro on a watcher that is active (it can be pending, however, which is a
+difference to the \f(CW\*(C`ev_init\*(C'\fR macro).
+.Sp
+Although some watcher types do not have type-specific arguments
+(e.g. \f(CW\*(C`ev_prepare\*(C'\fR) you still need to call its \f(CW\*(C`set\*(C'\fR macro.
+.Sp
+See \f(CW\*(C`ev_init\*(C'\fR, above, for an example.
+.ie n .IP """ev_TYPE_init"" (ev_TYPE *watcher, callback, [args])" 4
+.el .IP "\f(CWev_TYPE_init\fR (ev_TYPE *watcher, callback, [args])" 4
+.IX Item "ev_TYPE_init (ev_TYPE *watcher, callback, [args])"
+This convenience macro rolls both \f(CW\*(C`ev_init\*(C'\fR and \f(CW\*(C`ev_TYPE_set\*(C'\fR macro
+calls into a single call. This is the most convenient method to initialise
+a watcher. The same limitations apply, of course.
+.Sp
+Example: Initialise and set an \f(CW\*(C`ev_io\*(C'\fR watcher in one step.
+.Sp
+.Vb 1
+\&   ev_io_init (&w, my_cb, STDIN_FILENO, EV_READ);
+.Ve
+.ie n .IP """ev_TYPE_start"" (loop, ev_TYPE *watcher)" 4
+.el .IP "\f(CWev_TYPE_start\fR (loop, ev_TYPE *watcher)" 4
+.IX Item "ev_TYPE_start (loop, ev_TYPE *watcher)"
+Starts (activates) the given watcher. Only active watchers will receive
+events. If the watcher is already active nothing will happen.
+.Sp
+Example: Start the \f(CW\*(C`ev_io\*(C'\fR watcher that is being abused as example in this
+whole section.
+.Sp
+.Vb 1
+\&   ev_io_start (EV_DEFAULT_UC, &w);
+.Ve
+.ie n .IP """ev_TYPE_stop"" (loop, ev_TYPE *watcher)" 4
+.el .IP "\f(CWev_TYPE_stop\fR (loop, ev_TYPE *watcher)" 4
+.IX Item "ev_TYPE_stop (loop, ev_TYPE *watcher)"
+Stops the given watcher if active, and clears the pending status (whether
+the watcher was active or not).
+.Sp
+It is possible that stopped watchers are pending \- for example,
+non-repeating timers are being stopped when they become pending \- but
+calling \f(CW\*(C`ev_TYPE_stop\*(C'\fR ensures that the watcher is neither active nor
+pending. If you want to free or reuse the memory used by the watcher it is
+therefore a good idea to always call its \f(CW\*(C`ev_TYPE_stop\*(C'\fR function.
+.IP "bool ev_is_active (ev_TYPE *watcher)" 4
+.IX Item "bool ev_is_active (ev_TYPE *watcher)"
+Returns a true value iff the watcher is active (i.e. it has been started
+and not yet been stopped). As long as a watcher is active you must not modify
+it.
+.IP "bool ev_is_pending (ev_TYPE *watcher)" 4
+.IX Item "bool ev_is_pending (ev_TYPE *watcher)"
+Returns a true value iff the watcher is pending, (i.e. it has outstanding
+events but its callback has not yet been invoked). As long as a watcher
+is pending (but not active) you must not call an init function on it (but
+\&\f(CW\*(C`ev_TYPE_set\*(C'\fR is safe), you must not change its priority, and you must
+make sure the watcher is available to libev (e.g. you cannot \f(CW\*(C`free ()\*(C'\fR
+it).
+.IP "callback ev_cb (ev_TYPE *watcher)" 4
+.IX Item "callback ev_cb (ev_TYPE *watcher)"
+Returns the callback currently set on the watcher.
+.IP "ev_set_cb (ev_TYPE *watcher, callback)" 4
+.IX Item "ev_set_cb (ev_TYPE *watcher, callback)"
+Change the callback. You can change the callback at virtually any time
+(modulo threads).
+.IP "ev_set_priority (ev_TYPE *watcher, int priority)" 4
+.IX Item "ev_set_priority (ev_TYPE *watcher, int priority)"
+.PD 0
+.IP "int ev_priority (ev_TYPE *watcher)" 4
+.IX Item "int ev_priority (ev_TYPE *watcher)"
+.PD
+Set and query the priority of the watcher. The priority is a small
+integer between \f(CW\*(C`EV_MAXPRI\*(C'\fR (default: \f(CW2\fR) and \f(CW\*(C`EV_MINPRI\*(C'\fR
+(default: \f(CW\*(C`\-2\*(C'\fR). Pending watchers with higher priority will be invoked
+before watchers with lower priority, but priority will not keep watchers
+from being executed (except for \f(CW\*(C`ev_idle\*(C'\fR watchers).
+.Sp
+If you need to suppress invocation when higher priority events are pending
+you need to look at \f(CW\*(C`ev_idle\*(C'\fR watchers, which provide this functionality.
+.Sp
+You \fImust not\fR change the priority of a watcher as long as it is active or
+pending.
+.Sp
+Setting a priority outside the range of \f(CW\*(C`EV_MINPRI\*(C'\fR to \f(CW\*(C`EV_MAXPRI\*(C'\fR is
+fine, as long as you do not mind that the priority value you query might
+or might not have been clamped to the valid range.
+.Sp
+The default priority used by watchers when no priority has been set is
+always \f(CW0\fR, which is supposed to not be too high and not be too low :).
+.Sp
+See \*(L"\s-1WATCHER PRIORITY MODELS\*(R"\s0, below, for a more thorough treatment of
+priorities.
+.IP "ev_invoke (loop, ev_TYPE *watcher, int revents)" 4
+.IX Item "ev_invoke (loop, ev_TYPE *watcher, int revents)"
+Invoke the \f(CW\*(C`watcher\*(C'\fR with the given \f(CW\*(C`loop\*(C'\fR and \f(CW\*(C`revents\*(C'\fR. Neither
+\&\f(CW\*(C`loop\*(C'\fR nor \f(CW\*(C`revents\*(C'\fR need to be valid as long as the watcher callback
+can deal with that fact, as both are simply passed through to the
+callback.
+.IP "int ev_clear_pending (loop, ev_TYPE *watcher)" 4
+.IX Item "int ev_clear_pending (loop, ev_TYPE *watcher)"
+If the watcher is pending, this function clears its pending status and
+returns its \f(CW\*(C`revents\*(C'\fR bitset (as if its callback was invoked). If the
+watcher isn't pending it does nothing and returns \f(CW0\fR.
+.Sp
+Sometimes it can be useful to \*(L"poll\*(R" a watcher instead of waiting for its
+callback to be invoked, which can be accomplished with this function.
+.IP "ev_feed_event (loop, ev_TYPE *watcher, int revents)" 4
+.IX Item "ev_feed_event (loop, ev_TYPE *watcher, int revents)"
+Feeds the given event set into the event loop, as if the specified event
+had happened for the specified watcher (which must be a pointer to an
+initialised but not necessarily started event watcher). Obviously you must
+not free the watcher as long as it has pending events.
+.Sp
+Stopping the watcher, letting libev invoke it, or calling
+\&\f(CW\*(C`ev_clear_pending\*(C'\fR will clear the pending event, even if the watcher was
+not started in the first place.
+.Sp
+See also \f(CW\*(C`ev_feed_fd_event\*(C'\fR and \f(CW\*(C`ev_feed_signal_event\*(C'\fR for related
+functions that do not need a watcher.
+.PP
+See also the \*(L"\s-1ASSOCIATING CUSTOM DATA WITH A WATCHER\*(R"\s0 and \*(L"\s-1BUILDING YOUR
+OWN COMPOSITE WATCHERS\*(R"\s0 idioms.
+.SS "\s-1WATCHER STATES\s0"
+.IX Subsection "WATCHER STATES"
+There are various watcher states mentioned throughout this manual \-
+active, pending and so on. In this section these states and the rules to
+transition between them will be described in more detail \- and while these
+rules might look complicated, they usually do \*(L"the right thing\*(R".
+.IP "initialised" 4
+.IX Item "initialised"
+Before a watcher can be registered with the event loop it has to be
+initialised. This can be done with a call to \f(CW\*(C`ev_TYPE_init\*(C'\fR, or calls to
+\&\f(CW\*(C`ev_init\*(C'\fR followed by the watcher-specific \f(CW\*(C`ev_TYPE_set\*(C'\fR function.
+.Sp
+In this state it is simply some block of memory that is suitable for
+use in an event loop. It can be moved around, freed, reused etc. at
+will \- as long as you either keep the memory contents intact, or call
+\&\f(CW\*(C`ev_TYPE_init\*(C'\fR again.
+.IP "started/running/active" 4
+.IX Item "started/running/active"
+Once a watcher has been started with a call to \f(CW\*(C`ev_TYPE_start\*(C'\fR it becomes
+property of the event loop, and is actively waiting for events. While in
+this state it cannot be accessed (except in a few documented ways), moved,
+freed or anything else \- the only legal thing is to keep a pointer to it,
+and call libev functions on it that are documented to work on active watchers.
+.IP "pending" 4
+.IX Item "pending"
+If a watcher is active and libev determines that an event it is interested
+in has occurred (such as a timer expiring), it will become pending. It will
+stay in this pending state until either it is stopped or its callback is
+about to be invoked, so it is not normally pending inside the watcher
+callback.
+.Sp
+The watcher might or might not be active while it is pending (for example,
+an expired non-repeating timer can be pending but no longer active). If it
+is stopped, it can be freely accessed (e.g. by calling \f(CW\*(C`ev_TYPE_set\*(C'\fR),
+but it is still property of the event loop at this time, so cannot be
+moved, freed or reused. And if it is active the rules described in the
+previous item still apply.
+.Sp
+It is also possible to feed an event on a watcher that is not active (e.g.
+via \f(CW\*(C`ev_feed_event\*(C'\fR), in which case it becomes pending without being
+active.
+.IP "stopped" 4
+.IX Item "stopped"
+A watcher can be stopped implicitly by libev (in which case it might still
+be pending), or explicitly by calling its \f(CW\*(C`ev_TYPE_stop\*(C'\fR function. The
+latter will clear any pending state the watcher might be in, regardless
+of whether it was active or not, so stopping a watcher explicitly before
+freeing it is often a good idea.
+.Sp
+While stopped (and not pending) the watcher is essentially in the
+initialised state, that is, it can be reused, moved, modified in any way
+you wish (but when you trash the memory block, you need to \f(CW\*(C`ev_TYPE_init\*(C'\fR
+it again).
+.SS "\s-1WATCHER PRIORITY MODELS\s0"
+.IX Subsection "WATCHER PRIORITY MODELS"
+Many event loops support \fIwatcher priorities\fR, which are usually small
+integers that influence the ordering of event callback invocation
+between watchers in some way, all else being equal.
+.PP
+In libev, watcher priorities can be set using \f(CW\*(C`ev_set_priority\*(C'\fR. See its
+description for the more technical details such as the actual priority
+range.
+.PP
+There are two common ways how these these priorities are being interpreted
+by event loops:
+.PP
+In the more common lock-out model, higher priorities \*(L"lock out\*(R" invocation
+of lower priority watchers, which means as long as higher priority
+watchers receive events, lower priority watchers are not being invoked.
+.PP
+The less common only-for-ordering model uses priorities solely to order
+callback invocation within a single event loop iteration: Higher priority
+watchers are invoked before lower priority ones, but they all get invoked
+before polling for new events.
+.PP
+Libev uses the second (only-for-ordering) model for all its watchers
+except for idle watchers (which use the lock-out model).
+.PP
+The rationale behind this is that implementing the lock-out model for
+watchers is not well supported by most kernel interfaces, and most event
+libraries will just poll for the same events again and again as long as
+their callbacks have not been executed, which is very inefficient in the
+common case of one high-priority watcher locking out a mass of lower
+priority ones.
+.PP
+Static (ordering) priorities are most useful when you have two or more
+watchers handling the same resource: a typical usage example is having an
+\&\f(CW\*(C`ev_io\*(C'\fR watcher to receive data, and an associated \f(CW\*(C`ev_timer\*(C'\fR to handle
+timeouts. Under load, data might be received while the program handles
+other jobs, but since timers normally get invoked first, the timeout
+handler will be executed before checking for data. In that case, giving
+the timer a lower priority than the I/O watcher ensures that I/O will be
+handled first even under adverse conditions (which is usually, but not
+always, what you want).
+.PP
+Since idle watchers use the \*(L"lock-out\*(R" model, meaning that idle watchers
+will only be executed when no same or higher priority watchers have
+received events, they can be used to implement the \*(L"lock-out\*(R" model when
+required.
+.PP
+For example, to emulate how many other event libraries handle priorities,
+you can associate an \f(CW\*(C`ev_idle\*(C'\fR watcher to each such watcher, and in
+the normal watcher callback, you just start the idle watcher. The real
+processing is done in the idle watcher callback. This causes libev to
+continuously poll and process kernel event data for the watcher, but when
+the lock-out case is known to be rare (which in turn is rare :), this is
+workable.
+.PP
+Usually, however, the lock-out model implemented that way will perform
+miserably under the type of load it was designed to handle. In that case,
+it might be preferable to stop the real watcher before starting the
+idle watcher, so the kernel will not have to process the event in case
+the actual processing will be delayed for considerable time.
+.PP
+Here is an example of an I/O watcher that should run at a strictly lower
+priority than the default, and which should only process data when no
+other events are pending:
+.PP
+.Vb 2
+\&   ev_idle idle; // actual processing watcher
+\&   ev_io io;     // actual event watcher
+\&
+\&   static void
+\&   io_cb (EV_P_ ev_io *w, int revents)
+\&   {
+\&     // stop the I/O watcher, we received the event, but
+\&     // are not yet ready to handle it.
+\&     ev_io_stop (EV_A_ w);
+\&
+\&     // start the idle watcher to handle the actual event.
+\&     // it will not be executed as long as other watchers
+\&     // with the default priority are receiving events.
+\&     ev_idle_start (EV_A_ &idle);
+\&   }
+\&
+\&   static void
+\&   idle_cb (EV_P_ ev_idle *w, int revents)
+\&   {
+\&     // actual processing
+\&     read (STDIN_FILENO, ...);
+\&
+\&     // have to start the I/O watcher again, as
+\&     // we have handled the event
+\&     ev_io_start (EV_P_ &io);
+\&   }
+\&
+\&   // initialisation
+\&   ev_idle_init (&idle, idle_cb);
+\&   ev_io_init (&io, io_cb, STDIN_FILENO, EV_READ);
+\&   ev_io_start (EV_DEFAULT_ &io);
+.Ve
+.PP
+In the \*(L"real\*(R" world, it might also be beneficial to start a timer, so that
+low-priority connections can not be locked out forever under load. This
+enables your program to keep a lower latency for important connections
+during short periods of high load, while not completely locking out less
+important ones.
+.SH "WATCHER TYPES"
+.IX Header "WATCHER TYPES"
+This section describes each watcher in detail, but will not repeat
+information given in the last section. Any initialisation/set macros,
+functions and members specific to the watcher type are explained.
+.PP
+Most members are additionally marked with either \fI[read\-only]\fR, meaning
+that, while the watcher is active, you can look at the member and expect
+some sensible content, but you must not modify it (you can modify it while
+the watcher is stopped to your hearts content), or \fI[read\-write]\fR, which
+means you can expect it to have some sensible content while the watcher is
+active, but you can also modify it (within the same thread as the event
+loop, i.e. without creating data races). Modifying it may not do something
+sensible or take immediate effect (or do anything at all), but libev will
+not crash or malfunction in any way.
+.PP
+In any case, the documentation for each member will explain what the
+effects are, and if there are any additional access restrictions.
+.ie n .SS """ev_io"" \- is this file descriptor readable or writable?"
+.el .SS "\f(CWev_io\fP \- is this file descriptor readable or writable?"
+.IX Subsection "ev_io - is this file descriptor readable or writable?"
+I/O watchers check whether a file descriptor is readable or writable
+in each iteration of the event loop, or, more precisely, when reading
+would not block the process and writing would at least be able to write
+some data. This behaviour is called level-triggering because you keep
+receiving events as long as the condition persists. Remember you can stop
+the watcher if you don't want to act on the event and neither want to
+receive future events.
+.PP
+In general you can register as many read and/or write event watchers per
+fd as you want (as long as you don't confuse yourself). Setting all file
+descriptors to non-blocking mode is also usually a good idea (but not
+required if you know what you are doing).
+.PP
+Another thing you have to watch out for is that it is quite easy to
+receive \*(L"spurious\*(R" readiness notifications, that is, your callback might
+be called with \f(CW\*(C`EV_READ\*(C'\fR but a subsequent \f(CW\*(C`read\*(C'\fR(2) will actually block
+because there is no data. It is very easy to get into this situation even
+with a relatively standard program structure. Thus it is best to always
+use non-blocking I/O: An extra \f(CW\*(C`read\*(C'\fR(2) returning \f(CW\*(C`EAGAIN\*(C'\fR is far
+preferable to a program hanging until some data arrives.
+.PP
+If you cannot run the fd in non-blocking mode (for example you should
+not play around with an Xlib connection), then you have to separately
+re-test whether a file descriptor is really ready with a known-to-be good
+interface such as poll (fortunately in the case of Xlib, it already does
+this on its own, so its quite safe to use). Some people additionally
+use \f(CW\*(C`SIGALRM\*(C'\fR and an interval timer, just to be sure you won't block
+indefinitely.
+.PP
+But really, best use non-blocking mode.
+.PP
+\fIThe special problem of disappearing file descriptors\fR
+.IX Subsection "The special problem of disappearing file descriptors"
+.PP
+Some backends (e.g. kqueue, epoll, linuxaio) need to be told about closing
+a file descriptor (either due to calling \f(CW\*(C`close\*(C'\fR explicitly or any other
+means, such as \f(CW\*(C`dup2\*(C'\fR). The reason is that you register interest in some
+file descriptor, but when it goes away, the operating system will silently
+drop this interest. If another file descriptor with the same number then
+is registered with libev, there is no efficient way to see that this is,
+in fact, a different file descriptor.
+.PP
+To avoid having to explicitly tell libev about such cases, libev follows
+the following policy:  Each time \f(CW\*(C`ev_io_set\*(C'\fR is being called, libev
+will assume that this is potentially a new file descriptor, otherwise
+it is assumed that the file descriptor stays the same. That means that
+you \fIhave\fR to call \f(CW\*(C`ev_io_set\*(C'\fR (or \f(CW\*(C`ev_io_init\*(C'\fR) when you change the
+descriptor even if the file descriptor number itself did not change.
+.PP
+This is how one would do it normally anyway, the important point is that
+the libev application should not optimise around libev but should leave
+optimisations to libev.
+.PP
+\fIThe special problem of dup'ed file descriptors\fR
+.IX Subsection "The special problem of dup'ed file descriptors"
+.PP
+Some backends (e.g. epoll), cannot register events for file descriptors,
+but only events for the underlying file descriptions. That means when you
+have \f(CW\*(C`dup ()\*(C'\fR'ed file descriptors or weirder constellations, and register
+events for them, only one file descriptor might actually receive events.
+.PP
+There is no workaround possible except not registering events
+for potentially \f(CW\*(C`dup ()\*(C'\fR'ed file descriptors, or to resort to
+\&\f(CW\*(C`EVBACKEND_SELECT\*(C'\fR or \f(CW\*(C`EVBACKEND_POLL\*(C'\fR.
+.PP
+\fIThe special problem of files\fR
+.IX Subsection "The special problem of files"
+.PP
+Many people try to use \f(CW\*(C`select\*(C'\fR (or libev) on file descriptors
+representing files, and expect it to become ready when their program
+doesn't block on disk accesses (which can take a long time on their own).
+.PP
+However, this cannot ever work in the \*(L"expected\*(R" way \- you get a readiness
+notification as soon as the kernel knows whether and how much data is
+there, and in the case of open files, that's always the case, so you
+always get a readiness notification instantly, and your read (or possibly
+write) will still block on the disk I/O.
+.PP
+Another way to view it is that in the case of sockets, pipes, character
+devices and so on, there is another party (the sender) that delivers data
+on its own, but in the case of files, there is no such thing: the disk
+will not send data on its own, simply because it doesn't know what you
+wish to read \- you would first have to request some data.
+.PP
+Since files are typically not-so-well supported by advanced notification
+mechanism, libev tries hard to emulate \s-1POSIX\s0 behaviour with respect
+to files, even though you should not use it. The reason for this is
+convenience: sometimes you want to watch \s-1STDIN\s0 or \s-1STDOUT,\s0 which is
+usually a tty, often a pipe, but also sometimes files or special devices
+(for example, \f(CW\*(C`epoll\*(C'\fR on Linux works with \fI/dev/random\fR but not with
+\&\fI/dev/urandom\fR), and even though the file might better be served with
+asynchronous I/O instead of with non-blocking I/O, it is still useful when
+it \*(L"just works\*(R" instead of freezing.
+.PP
+So avoid file descriptors pointing to files when you know it (e.g. use
+libeio), but use them when it is convenient, e.g. for \s-1STDIN/STDOUT,\s0 or
+when you rarely read from a file instead of from a socket, and want to
+reuse the same code path.
+.PP
+\fIThe special problem of fork\fR
+.IX Subsection "The special problem of fork"
+.PP
+Some backends (epoll, kqueue, linuxaio, iouring) do not support \f(CW\*(C`fork ()\*(C'\fR
+at all or exhibit useless behaviour. Libev fully supports fork, but needs
+to be told about it in the child if you want to continue to use it in the
+child.
+.PP
+To support fork in your child processes, you have to call \f(CW\*(C`ev_loop_fork
+()\*(C'\fR after a fork in the child, enable \f(CW\*(C`EVFLAG_FORKCHECK\*(C'\fR, or resort to
+\&\f(CW\*(C`EVBACKEND_SELECT\*(C'\fR or \f(CW\*(C`EVBACKEND_POLL\*(C'\fR.
+.PP
+\fIThe special problem of \s-1SIGPIPE\s0\fR
+.IX Subsection "The special problem of SIGPIPE"
+.PP
+While not really specific to libev, it is easy to forget about \f(CW\*(C`SIGPIPE\*(C'\fR:
+when writing to a pipe whose other end has been closed, your program gets
+sent a \s-1SIGPIPE,\s0 which, by default, aborts your program. For most programs
+this is sensible behaviour, for daemons, this is usually undesirable.
+.PP
+So when you encounter spurious, unexplained daemon exits, make sure you
+ignore \s-1SIGPIPE\s0 (and maybe make sure you log the exit status of your daemon
+somewhere, as that would have given you a big clue).
+.PP
+\fIThe special problem of \f(BIaccept()\fIing when you can't\fR
+.IX Subsection "The special problem of accept()ing when you can't"
+.PP
+Many implementations of the \s-1POSIX\s0 \f(CW\*(C`accept\*(C'\fR function (for example,
+found in post\-2004 Linux) have the peculiar behaviour of not removing a
+connection from the pending queue in all error cases.
+.PP
+For example, larger servers often run out of file descriptors (because
+of resource limits), causing \f(CW\*(C`accept\*(C'\fR to fail with \f(CW\*(C`ENFILE\*(C'\fR but not
+rejecting the connection, leading to libev signalling readiness on
+the next iteration again (the connection still exists after all), and
+typically causing the program to loop at 100% \s-1CPU\s0 usage.
+.PP
+Unfortunately, the set of errors that cause this issue differs between
+operating systems, there is usually little the app can do to remedy the
+situation, and no known thread-safe method of removing the connection to
+cope with overload is known (to me).
+.PP
+One of the easiest ways to handle this situation is to just ignore it
+\&\- when the program encounters an overload, it will just loop until the
+situation is over. While this is a form of busy waiting, no \s-1OS\s0 offers an
+event-based way to handle this situation, so it's the best one can do.
+.PP
+A better way to handle the situation is to log any errors other than
+\&\f(CW\*(C`EAGAIN\*(C'\fR and \f(CW\*(C`EWOULDBLOCK\*(C'\fR, making sure not to flood the log with such
+messages, and continue as usual, which at least gives the user an idea of
+what could be wrong (\*(L"raise the ulimit!\*(R"). For extra points one could stop
+the \f(CW\*(C`ev_io\*(C'\fR watcher on the listening fd \*(L"for a while\*(R", which reduces \s-1CPU\s0
+usage.
+.PP
+If your program is single-threaded, then you could also keep a dummy file
+descriptor for overload situations (e.g. by opening \fI/dev/null\fR), and
+when you run into \f(CW\*(C`ENFILE\*(C'\fR or \f(CW\*(C`EMFILE\*(C'\fR, close it, run \f(CW\*(C`accept\*(C'\fR,
+close that fd, and create a new dummy fd. This will gracefully refuse
+clients under typical overload conditions.
+.PP
+The last way to handle it is to simply log the error and \f(CW\*(C`exit\*(C'\fR, as
+is often done with \f(CW\*(C`malloc\*(C'\fR failures, but this results in an easy
+opportunity for a DoS attack.
+.PP
+\fIWatcher-Specific Functions\fR
+.IX Subsection "Watcher-Specific Functions"
+.IP "ev_io_init (ev_io *, callback, int fd, int events)" 4
+.IX Item "ev_io_init (ev_io *, callback, int fd, int events)"
+.PD 0
+.IP "ev_io_set (ev_io *, int fd, int events)" 4
+.IX Item "ev_io_set (ev_io *, int fd, int events)"
+.PD
+Configures an \f(CW\*(C`ev_io\*(C'\fR watcher. The \f(CW\*(C`fd\*(C'\fR is the file descriptor to
+receive events for and \f(CW\*(C`events\*(C'\fR is either \f(CW\*(C`EV_READ\*(C'\fR, \f(CW\*(C`EV_WRITE\*(C'\fR, both
+\&\f(CW\*(C`EV_READ | EV_WRITE\*(C'\fR or \f(CW0\fR, to express the desire to receive the given
+events.
+.Sp
+Note that setting the \f(CW\*(C`events\*(C'\fR to \f(CW0\fR and starting the watcher is
+supported, but not specially optimized \- if your program sometimes happens
+to generate this combination this is fine, but if it is easy to avoid
+starting an io watcher watching for no events you should do so.
+.IP "ev_io_modify (ev_io *, int events)" 4
+.IX Item "ev_io_modify (ev_io *, int events)"
+Similar to \f(CW\*(C`ev_io_set\*(C'\fR, but only changes the requested events. Using this
+might be faster with some backends, as libev can assume that the \f(CW\*(C`fd\*(C'\fR
+still refers to the same underlying file description, something it cannot
+do when using \f(CW\*(C`ev_io_set\*(C'\fR.
+.IP "int fd [no\-modify]" 4
+.IX Item "int fd [no-modify]"
+The file descriptor being watched. While it can be read at any time, you
+must not modify this member even when the watcher is stopped \- always use
+\&\f(CW\*(C`ev_io_set\*(C'\fR for that.
+.IP "int events [no\-modify]" 4
+.IX Item "int events [no-modify]"
+The set of events the fd is being watched for, among other flags. Remember
+that this is a bit set \- to test for \f(CW\*(C`EV_READ\*(C'\fR, use \f(CW\*(C`w\->events &
+EV_READ\*(C'\fR, and similarly for \f(CW\*(C`EV_WRITE\*(C'\fR.
+.Sp
+As with \f(CW\*(C`fd\*(C'\fR, you must not modify this member even when the watcher is
+stopped, always use \f(CW\*(C`ev_io_set\*(C'\fR or \f(CW\*(C`ev_io_modify\*(C'\fR for that.
+.PP
+\fIExamples\fR
+.IX Subsection "Examples"
+.PP
+Example: Call \f(CW\*(C`stdin_readable_cb\*(C'\fR when \s-1STDIN_FILENO\s0 has become, well
+readable, but only once. Since it is likely line-buffered, you could
+attempt to read a whole line in the callback.
+.PP
+.Vb 6
+\&   static void
+\&   stdin_readable_cb (struct ev_loop *loop, ev_io *w, int revents)
+\&   {
+\&      ev_io_stop (loop, w);
+\&     .. read from stdin here (or from w\->fd) and handle any I/O errors
+\&   }
+\&
+\&   ...
+\&   struct ev_loop *loop = ev_default_init (0);
+\&   ev_io stdin_readable;
+\&   ev_io_init (&stdin_readable, stdin_readable_cb, STDIN_FILENO, EV_READ);
+\&   ev_io_start (loop, &stdin_readable);
+\&   ev_run (loop, 0);
+.Ve
+.ie n .SS """ev_timer"" \- relative and optionally repeating timeouts"
+.el .SS "\f(CWev_timer\fP \- relative and optionally repeating timeouts"
+.IX Subsection "ev_timer - relative and optionally repeating timeouts"
+Timer watchers are simple relative timers that generate an event after a
+given time, and optionally repeating in regular intervals after that.
+.PP
+The timers are based on real time, that is, if you register an event that
+times out after an hour and you reset your system clock to January last
+year, it will still time out after (roughly) one hour. \*(L"Roughly\*(R" because
+detecting time jumps is hard, and some inaccuracies are unavoidable (the
+monotonic clock option helps a lot here).
+.PP
+The callback is guaranteed to be invoked only \fIafter\fR its timeout has
+passed (not \fIat\fR, so on systems with very low-resolution clocks this
+might introduce a small delay, see \*(L"the special problem of being too
+early\*(R", below). If multiple timers become ready during the same loop
+iteration then the ones with earlier time-out values are invoked before
+ones of the same priority with later time-out values (but this is no
+longer true when a callback calls \f(CW\*(C`ev_run\*(C'\fR recursively).
+.PP
+\fIBe smart about timeouts\fR
+.IX Subsection "Be smart about timeouts"
+.PP
+Many real-world problems involve some kind of timeout, usually for error
+recovery. A typical example is an \s-1HTTP\s0 request \- if the other side hangs,
+you want to raise some error after a while.
+.PP
+What follows are some ways to handle this problem, from obvious and
+inefficient to smart and efficient.
+.PP
+In the following, a 60 second activity timeout is assumed \- a timeout that
+gets reset to 60 seconds each time there is activity (e.g. each time some
+data or other life sign was received).
+.IP "1. Use a timer and stop, reinitialise and start it on activity." 4
+.IX Item "1. Use a timer and stop, reinitialise and start it on activity."
+This is the most obvious, but not the most simple way: In the beginning,
+start the watcher:
+.Sp
+.Vb 2
+\&   ev_timer_init (timer, callback, 60., 0.);
+\&   ev_timer_start (loop, timer);
+.Ve
+.Sp
+Then, each time there is some activity, \f(CW\*(C`ev_timer_stop\*(C'\fR it, initialise it
+and start it again:
+.Sp
+.Vb 3
+\&   ev_timer_stop (loop, timer);
+\&   ev_timer_set (timer, 60., 0.);
+\&   ev_timer_start (loop, timer);
+.Ve
+.Sp
+This is relatively simple to implement, but means that each time there is
+some activity, libev will first have to remove the timer from its internal
+data structure and then add it again. Libev tries to be fast, but it's
+still not a constant-time operation.
+.ie n .IP "2. Use a timer and re-start it with ""ev_timer_again"" inactivity." 4
+.el .IP "2. Use a timer and re-start it with \f(CWev_timer_again\fR inactivity." 4
+.IX Item "2. Use a timer and re-start it with ev_timer_again inactivity."
+This is the easiest way, and involves using \f(CW\*(C`ev_timer_again\*(C'\fR instead of
+\&\f(CW\*(C`ev_timer_start\*(C'\fR.
+.Sp
+To implement this, configure an \f(CW\*(C`ev_timer\*(C'\fR with a \f(CW\*(C`repeat\*(C'\fR value
+of \f(CW60\fR and then call \f(CW\*(C`ev_timer_again\*(C'\fR at start and each time you
+successfully read or write some data. If you go into an idle state where
+you do not expect data to travel on the socket, you can \f(CW\*(C`ev_timer_stop\*(C'\fR
+the timer, and \f(CW\*(C`ev_timer_again\*(C'\fR will automatically restart it if need be.
+.Sp
+That means you can ignore both the \f(CW\*(C`ev_timer_start\*(C'\fR function and the
+\&\f(CW\*(C`after\*(C'\fR argument to \f(CW\*(C`ev_timer_set\*(C'\fR, and only ever use the \f(CW\*(C`repeat\*(C'\fR
+member and \f(CW\*(C`ev_timer_again\*(C'\fR.
+.Sp
+At start:
+.Sp
+.Vb 3
+\&   ev_init (timer, callback);
+\&   timer\->repeat = 60.;
+\&   ev_timer_again (loop, timer);
+.Ve
+.Sp
+Each time there is some activity:
+.Sp
+.Vb 1
+\&   ev_timer_again (loop, timer);
+.Ve
+.Sp
+It is even possible to change the time-out on the fly, regardless of
+whether the watcher is active or not:
+.Sp
+.Vb 2
+\&   timer\->repeat = 30.;
+\&   ev_timer_again (loop, timer);
+.Ve
+.Sp
+This is slightly more efficient then stopping/starting the timer each time
+you want to modify its timeout value, as libev does not have to completely
+remove and re-insert the timer from/into its internal data structure.
+.Sp
+It is, however, even simpler than the \*(L"obvious\*(R" way to do it.
+.IP "3. Let the timer time out, but then re-arm it as required." 4
+.IX Item "3. Let the timer time out, but then re-arm it as required."
+This method is more tricky, but usually most efficient: Most timeouts are
+relatively long compared to the intervals between other activity \- in
+our example, within 60 seconds, there are usually many I/O events with
+associated activity resets.
+.Sp
+In this case, it would be more efficient to leave the \f(CW\*(C`ev_timer\*(C'\fR alone,
+but remember the time of last activity, and check for a real timeout only
+within the callback:
+.Sp
+.Vb 3
+\&   ev_tstamp timeout = 60.;
+\&   ev_tstamp last_activity; // time of last activity
+\&   ev_timer timer;
+\&
+\&   static void
+\&   callback (EV_P_ ev_timer *w, int revents)
+\&   {
+\&     // calculate when the timeout would happen
+\&     ev_tstamp after = last_activity \- ev_now (EV_A) + timeout;
+\&
+\&     // if negative, it means we the timeout already occurred
+\&     if (after < 0.)
+\&       {
+\&         // timeout occurred, take action
+\&       }
+\&     else
+\&       {
+\&         // callback was invoked, but there was some recent 
+\&         // activity. simply restart the timer to time out
+\&         // after "after" seconds, which is the earliest time
+\&         // the timeout can occur.
+\&         ev_timer_set (w, after, 0.);
+\&         ev_timer_start (EV_A_ w);
+\&       }
+\&   }
+.Ve
+.Sp
+To summarise the callback: first calculate in how many seconds the
+timeout will occur (by calculating the absolute time when it would occur,
+\&\f(CW\*(C`last_activity + timeout\*(C'\fR, and subtracting the current time, \f(CW\*(C`ev_now
+(EV_A)\*(C'\fR from that).
+.Sp
+If this value is negative, then we are already past the timeout, i.e. we
+timed out, and need to do whatever is needed in this case.
+.Sp
+Otherwise, we now the earliest time at which the timeout would trigger,
+and simply start the timer with this timeout value.
+.Sp
+In other words, each time the callback is invoked it will check whether
+the timeout occurred. If not, it will simply reschedule itself to check
+again at the earliest time it could time out. Rinse. Repeat.
+.Sp
+This scheme causes more callback invocations (about one every 60 seconds
+minus half the average time between activity), but virtually no calls to
+libev to change the timeout.
+.Sp
+To start the machinery, simply initialise the watcher and set
+\&\f(CW\*(C`last_activity\*(C'\fR to the current time (meaning there was some activity just
+now), then call the callback, which will \*(L"do the right thing\*(R" and start
+the timer:
+.Sp
+.Vb 3
+\&   last_activity = ev_now (EV_A);
+\&   ev_init (&timer, callback);
+\&   callback (EV_A_ &timer, 0);
+.Ve
+.Sp
+When there is some activity, simply store the current time in
+\&\f(CW\*(C`last_activity\*(C'\fR, no libev calls at all:
+.Sp
+.Vb 2
+\&   if (activity detected)
+\&     last_activity = ev_now (EV_A);
+.Ve
+.Sp
+When your timeout value changes, then the timeout can be changed by simply
+providing a new value, stopping the timer and calling the callback, which
+will again do the right thing (for example, time out immediately :).
+.Sp
+.Vb 3
+\&   timeout = new_value;
+\&   ev_timer_stop (EV_A_ &timer);
+\&   callback (EV_A_ &timer, 0);
+.Ve
+.Sp
+This technique is slightly more complex, but in most cases where the
+time-out is unlikely to be triggered, much more efficient.
+.IP "4. Wee, just use a double-linked list for your timeouts." 4
+.IX Item "4. Wee, just use a double-linked list for your timeouts."
+If there is not one request, but many thousands (millions...), all
+employing some kind of timeout with the same timeout value, then one can
+do even better:
+.Sp
+When starting the timeout, calculate the timeout value and put the timeout
+at the \fIend\fR of the list.
+.Sp
+Then use an \f(CW\*(C`ev_timer\*(C'\fR to fire when the timeout at the \fIbeginning\fR of
+the list is expected to fire (for example, using the technique #3).
+.Sp
+When there is some activity, remove the timer from the list, recalculate
+the timeout, append it to the end of the list again, and make sure to
+update the \f(CW\*(C`ev_timer\*(C'\fR if it was taken from the beginning of the list.
+.Sp
+This way, one can manage an unlimited number of timeouts in O(1) time for
+starting, stopping and updating the timers, at the expense of a major
+complication, and having to use a constant timeout. The constant timeout
+ensures that the list stays sorted.
+.PP
+So which method the best?
+.PP
+Method #2 is a simple no-brain-required solution that is adequate in most
+situations. Method #3 requires a bit more thinking, but handles many cases
+better, and isn't very complicated either. In most case, choosing either
+one is fine, with #3 being better in typical situations.
+.PP
+Method #1 is almost always a bad idea, and buys you nothing. Method #4 is
+rather complicated, but extremely efficient, something that really pays
+off after the first million or so of active timers, i.e. it's usually
+overkill :)
+.PP
+\fIThe special problem of being too early\fR
+.IX Subsection "The special problem of being too early"
+.PP
+If you ask a timer to call your callback after three seconds, then
+you expect it to be invoked after three seconds \- but of course, this
+cannot be guaranteed to infinite precision. Less obviously, it cannot be
+guaranteed to any precision by libev \- imagine somebody suspending the
+process with a \s-1STOP\s0 signal for a few hours for example.
+.PP
+So, libev tries to invoke your callback as soon as possible \fIafter\fR the
+delay has occurred, but cannot guarantee this.
+.PP
+A less obvious failure mode is calling your callback too early: many event
+loops compare timestamps with a \*(L"elapsed delay >= requested delay\*(R", but
+this can cause your callback to be invoked much earlier than you would
+expect.
+.PP
+To see why, imagine a system with a clock that only offers full second
+resolution (think windows if you can't come up with a broken enough \s-1OS\s0
+yourself). If you schedule a one-second timer at the time 500.9, then the
+event loop will schedule your timeout to elapse at a system time of 500
+(500.9 truncated to the resolution) + 1, or 501.
+.PP
+If an event library looks at the timeout 0.1s later, it will see \*(L"501 >=
+501\*(R" and invoke the callback 0.1s after it was started, even though a
+one-second delay was requested \- this is being \*(L"too early\*(R", despite best
+intentions.
+.PP
+This is the reason why libev will never invoke the callback if the elapsed
+delay equals the requested delay, but only when the elapsed delay is
+larger than the requested delay. In the example above, libev would only invoke
+the callback at system time 502, or 1.1s after the timer was started.
+.PP
+So, while libev cannot guarantee that your callback will be invoked
+exactly when requested, it \fIcan\fR and \fIdoes\fR guarantee that the requested
+delay has actually elapsed, or in other words, it always errs on the \*(L"too
+late\*(R" side of things.
+.PP
+\fIThe special problem of time updates\fR
+.IX Subsection "The special problem of time updates"
+.PP
+Establishing the current time is a costly operation (it usually takes
+at least one system call): \s-1EV\s0 therefore updates its idea of the current
+time only before and after \f(CW\*(C`ev_run\*(C'\fR collects new events, which causes a
+growing difference between \f(CW\*(C`ev_now ()\*(C'\fR and \f(CW\*(C`ev_time ()\*(C'\fR when handling
+lots of events in one iteration.
+.PP
+The relative timeouts are calculated relative to the \f(CW\*(C`ev_now ()\*(C'\fR
+time. This is usually the right thing as this timestamp refers to the time
+of the event triggering whatever timeout you are modifying/starting. If
+you suspect event processing to be delayed and you \fIneed\fR to base the
+timeout on the current time, use something like the following to adjust
+for it:
+.PP
+.Vb 1
+\&   ev_timer_set (&timer, after + (ev_time () \- ev_now ()), 0.);
+.Ve
+.PP
+If the event loop is suspended for a long time, you can also force an
+update of the time returned by \f(CW\*(C`ev_now ()\*(C'\fR by calling \f(CW\*(C`ev_now_update
+()\*(C'\fR, although that will push the event time of all outstanding events
+further into the future.
+.PP
+\fIThe special problem of unsynchronised clocks\fR
+.IX Subsection "The special problem of unsynchronised clocks"
+.PP
+Modern systems have a variety of clocks \- libev itself uses the normal
+\&\*(L"wall clock\*(R" clock and, if available, the monotonic clock (to avoid time
+jumps).
+.PP
+Neither of these clocks is synchronised with each other or any other clock
+on the system, so \f(CW\*(C`ev_time ()\*(C'\fR might return a considerably different time
+than \f(CW\*(C`gettimeofday ()\*(C'\fR or \f(CW\*(C`time ()\*(C'\fR. On a GNU/Linux system, for example,
+a call to \f(CW\*(C`gettimeofday\*(C'\fR might return a second count that is one higher
+than a directly following call to \f(CW\*(C`time\*(C'\fR.
+.PP
+The moral of this is to only compare libev-related timestamps with
+\&\f(CW\*(C`ev_time ()\*(C'\fR and \f(CW\*(C`ev_now ()\*(C'\fR, at least if you want better precision than
+a second or so.
+.PP
+One more problem arises due to this lack of synchronisation: if libev uses
+the system monotonic clock and you compare timestamps from \f(CW\*(C`ev_time\*(C'\fR
+or \f(CW\*(C`ev_now\*(C'\fR from when you started your timer and when your callback is
+invoked, you will find that sometimes the callback is a bit \*(L"early\*(R".
+.PP
+This is because \f(CW\*(C`ev_timer\*(C'\fRs work in real time, not wall clock time, so
+libev makes sure your callback is not invoked before the delay happened,
+\&\fImeasured according to the real time\fR, not the system clock.
+.PP
+If your timeouts are based on a physical timescale (e.g. \*(L"time out this
+connection after 100 seconds\*(R") then this shouldn't bother you as it is
+exactly the right behaviour.
+.PP
+If you want to compare wall clock/system timestamps to your timers, then
+you need to use \f(CW\*(C`ev_periodic\*(C'\fRs, as these are based on the wall clock
+time, where your comparisons will always generate correct results.
+.PP
+\fIThe special problems of suspended animation\fR
+.IX Subsection "The special problems of suspended animation"
+.PP
+When you leave the server world it is quite customary to hit machines that
+can suspend/hibernate \- what happens to the clocks during such a suspend?
+.PP
+Some quick tests made with a Linux 2.6.28 indicate that a suspend freezes
+all processes, while the clocks (\f(CW\*(C`times\*(C'\fR, \f(CW\*(C`CLOCK_MONOTONIC\*(C'\fR) continue
+to run until the system is suspended, but they will not advance while the
+system is suspended. That means, on resume, it will be as if the program
+was frozen for a few seconds, but the suspend time will not be counted
+towards \f(CW\*(C`ev_timer\*(C'\fR when a monotonic clock source is used. The real time
+clock advanced as expected, but if it is used as sole clocksource, then a
+long suspend would be detected as a time jump by libev, and timers would
+be adjusted accordingly.
+.PP
+I would not be surprised to see different behaviour in different between
+operating systems, \s-1OS\s0 versions or even different hardware.
+.PP
+The other form of suspend (job control, or sending a \s-1SIGSTOP\s0) will see a
+time jump in the monotonic clocks and the realtime clock. If the program
+is suspended for a very long time, and monotonic clock sources are in use,
+then you can expect \f(CW\*(C`ev_timer\*(C'\fRs to expire as the full suspension time
+will be counted towards the timers. When no monotonic clock source is in
+use, then libev will again assume a timejump and adjust accordingly.
+.PP
+It might be beneficial for this latter case to call \f(CW\*(C`ev_suspend\*(C'\fR
+and \f(CW\*(C`ev_resume\*(C'\fR in code that handles \f(CW\*(C`SIGTSTP\*(C'\fR, to at least get
+deterministic behaviour in this case (you can do nothing against
+\&\f(CW\*(C`SIGSTOP\*(C'\fR).
+.PP
+\fIWatcher-Specific Functions and Data Members\fR
+.IX Subsection "Watcher-Specific Functions and Data Members"
+.IP "ev_timer_init (ev_timer *, callback, ev_tstamp after, ev_tstamp repeat)" 4
+.IX Item "ev_timer_init (ev_timer *, callback, ev_tstamp after, ev_tstamp repeat)"
+.PD 0
+.IP "ev_timer_set (ev_timer *, ev_tstamp after, ev_tstamp repeat)" 4
+.IX Item "ev_timer_set (ev_timer *, ev_tstamp after, ev_tstamp repeat)"
+.PD
+Configure the timer to trigger after \f(CW\*(C`after\*(C'\fR seconds (fractional and
+negative values are supported). If \f(CW\*(C`repeat\*(C'\fR is \f(CW0.\fR, then it will
+automatically be stopped once the timeout is reached. If it is positive,
+then the timer will automatically be configured to trigger again \f(CW\*(C`repeat\*(C'\fR
+seconds later, again, and again, until stopped manually.
+.Sp
+The timer itself will do a best-effort at avoiding drift, that is, if
+you configure a timer to trigger every 10 seconds, then it will normally
+trigger at exactly 10 second intervals. If, however, your program cannot
+keep up with the timer (because it takes longer than those 10 seconds to
+do stuff) the timer will not fire more than once per event loop iteration.
+.IP "ev_timer_again (loop, ev_timer *)" 4
+.IX Item "ev_timer_again (loop, ev_timer *)"
+This will act as if the timer timed out, and restarts it again if it is
+repeating. It basically works like calling \f(CW\*(C`ev_timer_stop\*(C'\fR, updating the
+timeout to the \f(CW\*(C`repeat\*(C'\fR value and calling \f(CW\*(C`ev_timer_start\*(C'\fR.
+.Sp
+The exact semantics are as in the following rules, all of which will be
+applied to the watcher:
+.RS 4
+.IP "If the timer is pending, the pending status is always cleared." 4
+.IX Item "If the timer is pending, the pending status is always cleared."
+.PD 0
+.IP "If the timer is started but non-repeating, stop it (as if it timed out, without invoking it)." 4
+.IX Item "If the timer is started but non-repeating, stop it (as if it timed out, without invoking it)."
+.ie n .IP "If the timer is repeating, make the ""repeat"" value the new timeout and start the timer, if necessary." 4
+.el .IP "If the timer is repeating, make the \f(CWrepeat\fR value the new timeout and start the timer, if necessary." 4
+.IX Item "If the timer is repeating, make the repeat value the new timeout and start the timer, if necessary."
+.RE
+.RS 4
+.PD
+.Sp
+This sounds a bit complicated, see \*(L"Be smart about timeouts\*(R", above, for a
+usage example.
+.RE
+.IP "ev_tstamp ev_timer_remaining (loop, ev_timer *)" 4
+.IX Item "ev_tstamp ev_timer_remaining (loop, ev_timer *)"
+Returns the remaining time until a timer fires. If the timer is active,
+then this time is relative to the current event loop time, otherwise it's
+the timeout value currently configured.
+.Sp
+That is, after an \f(CW\*(C`ev_timer_set (w, 5, 7)\*(C'\fR, \f(CW\*(C`ev_timer_remaining\*(C'\fR returns
+\&\f(CW5\fR. When the timer is started and one second passes, \f(CW\*(C`ev_timer_remaining\*(C'\fR
+will return \f(CW4\fR. When the timer expires and is restarted, it will return
+roughly \f(CW7\fR (likely slightly less as callback invocation takes some time,
+too), and so on.
+.IP "ev_tstamp repeat [read\-write]" 4
+.IX Item "ev_tstamp repeat [read-write]"
+The current \f(CW\*(C`repeat\*(C'\fR value. Will be used each time the watcher times out
+or \f(CW\*(C`ev_timer_again\*(C'\fR is called, and determines the next timeout (if any),
+which is also when any modifications are taken into account.
+.PP
+\fIExamples\fR
+.IX Subsection "Examples"
+.PP
+Example: Create a timer that fires after 60 seconds.
+.PP
+.Vb 5
+\&   static void
+\&   one_minute_cb (struct ev_loop *loop, ev_timer *w, int revents)
+\&   {
+\&     .. one minute over, w is actually stopped right here
+\&   }
+\&
+\&   ev_timer mytimer;
+\&   ev_timer_init (&mytimer, one_minute_cb, 60., 0.);
+\&   ev_timer_start (loop, &mytimer);
+.Ve
+.PP
+Example: Create a timeout timer that times out after 10 seconds of
+inactivity.
+.PP
+.Vb 5
+\&   static void
+\&   timeout_cb (struct ev_loop *loop, ev_timer *w, int revents)
+\&   {
+\&     .. ten seconds without any activity
+\&   }
+\&
+\&   ev_timer mytimer;
+\&   ev_timer_init (&mytimer, timeout_cb, 0., 10.); /* note, only repeat used */
+\&   ev_timer_again (&mytimer); /* start timer */
+\&   ev_run (loop, 0);
+\&
+\&   // and in some piece of code that gets executed on any "activity":
+\&   // reset the timeout to start ticking again at 10 seconds
+\&   ev_timer_again (&mytimer);
+.Ve
+.ie n .SS """ev_periodic"" \- to cron or not to cron?"
+.el .SS "\f(CWev_periodic\fP \- to cron or not to cron?"
+.IX Subsection "ev_periodic - to cron or not to cron?"
+Periodic watchers are also timers of a kind, but they are very versatile
+(and unfortunately a bit complex).
+.PP
+Unlike \f(CW\*(C`ev_timer\*(C'\fR, periodic watchers are not based on real time (or
+relative time, the physical time that passes) but on wall clock time
+(absolute time, the thing you can read on your calendar or clock). The
+difference is that wall clock time can run faster or slower than real
+time, and time jumps are not uncommon (e.g. when you adjust your
+wrist-watch).
+.PP
+You can tell a periodic watcher to trigger after some specific point
+in time: for example, if you tell a periodic watcher to trigger \*(L"in 10
+seconds\*(R" (by specifying e.g. \f(CW\*(C`ev_now () + 10.\*(C'\fR, that is, an absolute time
+not a delay) and then reset your system clock to January of the previous
+year, then it will take a year or more to trigger the event (unlike an
+\&\f(CW\*(C`ev_timer\*(C'\fR, which would still trigger roughly 10 seconds after starting
+it, as it uses a relative timeout).
+.PP
+\&\f(CW\*(C`ev_periodic\*(C'\fR watchers can also be used to implement vastly more complex
+timers, such as triggering an event on each \*(L"midnight, local time\*(R", or
+other complicated rules. This cannot easily be done with \f(CW\*(C`ev_timer\*(C'\fR
+watchers, as those cannot react to time jumps.
+.PP
+As with timers, the callback is guaranteed to be invoked only when the
+point in time where it is supposed to trigger has passed. If multiple
+timers become ready during the same loop iteration then the ones with
+earlier time-out values are invoked before ones with later time-out values
+(but this is no longer true when a callback calls \f(CW\*(C`ev_run\*(C'\fR recursively).
+.PP
+\fIWatcher-Specific Functions and Data Members\fR
+.IX Subsection "Watcher-Specific Functions and Data Members"
+.IP "ev_periodic_init (ev_periodic *, callback, ev_tstamp offset, ev_tstamp interval, reschedule_cb)" 4
+.IX Item "ev_periodic_init (ev_periodic *, callback, ev_tstamp offset, ev_tstamp interval, reschedule_cb)"
+.PD 0
+.IP "ev_periodic_set (ev_periodic *, ev_tstamp offset, ev_tstamp interval, reschedule_cb)" 4
+.IX Item "ev_periodic_set (ev_periodic *, ev_tstamp offset, ev_tstamp interval, reschedule_cb)"
+.PD
+Lots of arguments, let's sort it out... There are basically three modes of
+operation, and we will explain them from simplest to most complex:
+.RS 4
+.IP "\(bu" 4
+absolute timer (offset = absolute time, interval = 0, reschedule_cb = 0)
+.Sp
+In this configuration the watcher triggers an event after the wall clock
+time \f(CW\*(C`offset\*(C'\fR has passed. It will not repeat and will not adjust when a
+time jump occurs, that is, if it is to be run at January 1st 2011 then it
+will be stopped and invoked when the system clock reaches or surpasses
+this point in time.
+.IP "\(bu" 4
+repeating interval timer (offset = offset within interval, interval > 0, reschedule_cb = 0)
+.Sp
+In this mode the watcher will always be scheduled to time out at the next
+\&\f(CW\*(C`offset + N * interval\*(C'\fR time (for some integer N, which can also be
+negative) and then repeat, regardless of any time jumps. The \f(CW\*(C`offset\*(C'\fR
+argument is merely an offset into the \f(CW\*(C`interval\*(C'\fR periods.
+.Sp
+This can be used to create timers that do not drift with respect to the
+system clock, for example, here is an \f(CW\*(C`ev_periodic\*(C'\fR that triggers each
+hour, on the hour (with respect to \s-1UTC\s0):
+.Sp
+.Vb 1
+\&   ev_periodic_set (&periodic, 0., 3600., 0);
+.Ve
+.Sp
+This doesn't mean there will always be 3600 seconds in between triggers,
+but only that the callback will be called when the system time shows a
+full hour (\s-1UTC\s0), or more correctly, when the system time is evenly divisible
+by 3600.
+.Sp
+Another way to think about it (for the mathematically inclined) is that
+\&\f(CW\*(C`ev_periodic\*(C'\fR will try to run the callback in this mode at the next possible
+time where \f(CW\*(C`time = offset (mod interval)\*(C'\fR, regardless of any time jumps.
+.Sp
+The \f(CW\*(C`interval\*(C'\fR \fI\s-1MUST\s0\fR be positive, and for numerical stability, the
+interval value should be higher than \f(CW\*(C`1/8192\*(C'\fR (which is around 100
+microseconds) and \f(CW\*(C`offset\*(C'\fR should be higher than \f(CW0\fR and should have
+at most a similar magnitude as the current time (say, within a factor of
+ten). Typical values for offset are, in fact, \f(CW0\fR or something between
+\&\f(CW0\fR and \f(CW\*(C`interval\*(C'\fR, which is also the recommended range.
+.Sp
+Note also that there is an upper limit to how often a timer can fire (\s-1CPU\s0
+speed for example), so if \f(CW\*(C`interval\*(C'\fR is very small then timing stability
+will of course deteriorate. Libev itself tries to be exact to be about one
+millisecond (if the \s-1OS\s0 supports it and the machine is fast enough).
+.IP "\(bu" 4
+manual reschedule mode (offset ignored, interval ignored, reschedule_cb = callback)
+.Sp
+In this mode the values for \f(CW\*(C`interval\*(C'\fR and \f(CW\*(C`offset\*(C'\fR are both being
+ignored. Instead, each time the periodic watcher gets scheduled, the
+reschedule callback will be called with the watcher as first, and the
+current time as second argument.
+.Sp
+\&\s-1NOTE:\s0 \fIThis callback \s-1MUST NOT\s0 stop or destroy any periodic watcher, ever,
+or make \s-1ANY\s0 other event loop modifications whatsoever, unless explicitly
+allowed by documentation here\fR.
+.Sp
+If you need to stop it, return \f(CW\*(C`now + 1e30\*(C'\fR (or so, fudge fudge) and stop
+it afterwards (e.g. by starting an \f(CW\*(C`ev_prepare\*(C'\fR watcher, which is the
+only event loop modification you are allowed to do).
+.Sp
+The callback prototype is \f(CW\*(C`ev_tstamp (*reschedule_cb)(ev_periodic
+*w, ev_tstamp now)\*(C'\fR, e.g.:
+.Sp
+.Vb 5
+\&   static ev_tstamp
+\&   my_rescheduler (ev_periodic *w, ev_tstamp now)
+\&   {
+\&     return now + 60.;
+\&   }
+.Ve
+.Sp
+It must return the next time to trigger, based on the passed time value
+(that is, the lowest time value larger than to the second argument). It
+will usually be called just before the callback will be triggered, but
+might be called at other times, too.
+.Sp
+\&\s-1NOTE:\s0 \fIThis callback must always return a time that is higher than or
+equal to the passed \f(CI\*(C`now\*(C'\fI value\fR.
+.Sp
+This can be used to create very complex timers, such as a timer that
+triggers on \*(L"next midnight, local time\*(R". To do this, you would calculate
+the next midnight after \f(CW\*(C`now\*(C'\fR and return the timestamp value for
+this. Here is a (completely untested, no error checking) example on how to
+do this:
+.Sp
+.Vb 1
+\&   #include <time.h>
+\&
+\&   static ev_tstamp
+\&   my_rescheduler (ev_periodic *w, ev_tstamp now)
+\&   {
+\&     time_t tnow = (time_t)now;
+\&     struct tm tm;
+\&     localtime_r (&tnow, &tm);
+\&
+\&     tm.tm_sec = tm.tm_min = tm.tm_hour = 0; // midnight current day
+\&     ++tm.tm_mday; // midnight next day
+\&
+\&     return mktime (&tm);
+\&   }
+.Ve
+.Sp
+Note: this code might run into trouble on days that have more then two
+midnights (beginning and end).
+.RE
+.RS 4
+.RE
+.IP "ev_periodic_again (loop, ev_periodic *)" 4
+.IX Item "ev_periodic_again (loop, ev_periodic *)"
+Simply stops and restarts the periodic watcher again. This is only useful
+when you changed some parameters or the reschedule callback would return
+a different time than the last time it was called (e.g. in a crond like
+program when the crontabs have changed).
+.IP "ev_tstamp ev_periodic_at (ev_periodic *)" 4
+.IX Item "ev_tstamp ev_periodic_at (ev_periodic *)"
+When active, returns the absolute time that the watcher is supposed
+to trigger next. This is not the same as the \f(CW\*(C`offset\*(C'\fR argument to
+\&\f(CW\*(C`ev_periodic_set\*(C'\fR, but indeed works even in interval and manual
+rescheduling modes.
+.IP "ev_tstamp offset [read\-write]" 4
+.IX Item "ev_tstamp offset [read-write]"
+When repeating, this contains the offset value, otherwise this is the
+absolute point in time (the \f(CW\*(C`offset\*(C'\fR value passed to \f(CW\*(C`ev_periodic_set\*(C'\fR,
+although libev might modify this value for better numerical stability).
+.Sp
+Can be modified any time, but changes only take effect when the periodic
+timer fires or \f(CW\*(C`ev_periodic_again\*(C'\fR is being called.
+.IP "ev_tstamp interval [read\-write]" 4
+.IX Item "ev_tstamp interval [read-write]"
+The current interval value. Can be modified any time, but changes only
+take effect when the periodic timer fires or \f(CW\*(C`ev_periodic_again\*(C'\fR is being
+called.
+.IP "ev_tstamp (*reschedule_cb)(ev_periodic *w, ev_tstamp now) [read\-write]" 4
+.IX Item "ev_tstamp (*reschedule_cb)(ev_periodic *w, ev_tstamp now) [read-write]"
+The current reschedule callback, or \f(CW0\fR, if this functionality is
+switched off. Can be changed any time, but changes only take effect when
+the periodic timer fires or \f(CW\*(C`ev_periodic_again\*(C'\fR is being called.
+.PP
+\fIExamples\fR
+.IX Subsection "Examples"
+.PP
+Example: Call a callback every hour, or, more precisely, whenever the
+system time is divisible by 3600. The callback invocation times have
+potentially a lot of jitter, but good long-term stability.
+.PP
+.Vb 5
+\&   static void
+\&   clock_cb (struct ev_loop *loop, ev_periodic *w, int revents)
+\&   {
+\&     ... its now a full hour (UTC, or TAI or whatever your clock follows)
+\&   }
+\&
+\&   ev_periodic hourly_tick;
+\&   ev_periodic_init (&hourly_tick, clock_cb, 0., 3600., 0);
+\&   ev_periodic_start (loop, &hourly_tick);
+.Ve
+.PP
+Example: The same as above, but use a reschedule callback to do it:
+.PP
+.Vb 1
+\&   #include <math.h>
+\&
+\&   static ev_tstamp
+\&   my_scheduler_cb (ev_periodic *w, ev_tstamp now)
+\&   {
+\&     return now + (3600. \- fmod (now, 3600.));
+\&   }
+\&
+\&   ev_periodic_init (&hourly_tick, clock_cb, 0., 0., my_scheduler_cb);
+.Ve
+.PP
+Example: Call a callback every hour, starting now:
+.PP
+.Vb 4
+\&   ev_periodic hourly_tick;
+\&   ev_periodic_init (&hourly_tick, clock_cb,
+\&                     fmod (ev_now (loop), 3600.), 3600., 0);
+\&   ev_periodic_start (loop, &hourly_tick);
+.Ve
+.ie n .SS """ev_signal"" \- signal me when a signal gets signalled!"
+.el .SS "\f(CWev_signal\fP \- signal me when a signal gets signalled!"
+.IX Subsection "ev_signal - signal me when a signal gets signalled!"
+Signal watchers will trigger an event when the process receives a specific
+signal one or more times. Even though signals are very asynchronous, libev
+will try its best to deliver signals synchronously, i.e. as part of the
+normal event processing, like any other event.
+.PP
+If you want signals to be delivered truly asynchronously, just use
+\&\f(CW\*(C`sigaction\*(C'\fR as you would do without libev and forget about sharing
+the signal. You can even use \f(CW\*(C`ev_async\*(C'\fR from a signal handler to
+synchronously wake up an event loop.
+.PP
+You can configure as many watchers as you like for the same signal, but
+only within the same loop, i.e. you can watch for \f(CW\*(C`SIGINT\*(C'\fR in your
+default loop and for \f(CW\*(C`SIGIO\*(C'\fR in another loop, but you cannot watch for
+\&\f(CW\*(C`SIGINT\*(C'\fR in both the default loop and another loop at the same time. At
+the moment, \f(CW\*(C`SIGCHLD\*(C'\fR is permanently tied to the default loop.
+.PP
+Only after the first watcher for a signal is started will libev actually
+register something with the kernel. It thus coexists with your own signal
+handlers as long as you don't register any with libev for the same signal.
+.PP
+If possible and supported, libev will install its handlers with
+\&\f(CW\*(C`SA_RESTART\*(C'\fR (or equivalent) behaviour enabled, so system calls should
+not be unduly interrupted. If you have a problem with system calls getting
+interrupted by signals you can block all signals in an \f(CW\*(C`ev_check\*(C'\fR watcher
+and unblock them in an \f(CW\*(C`ev_prepare\*(C'\fR watcher.
+.PP
+\fIThe special problem of inheritance over fork/execve/pthread_create\fR
+.IX Subsection "The special problem of inheritance over fork/execve/pthread_create"
+.PP
+Both the signal mask (\f(CW\*(C`sigprocmask\*(C'\fR) and the signal disposition
+(\f(CW\*(C`sigaction\*(C'\fR) are unspecified after starting a signal watcher (and after
+stopping it again), that is, libev might or might not block the signal,
+and might or might not set or restore the installed signal handler (but
+see \f(CW\*(C`EVFLAG_NOSIGMASK\*(C'\fR).
+.PP
+While this does not matter for the signal disposition (libev never
+sets signals to \f(CW\*(C`SIG_IGN\*(C'\fR, so handlers will be reset to \f(CW\*(C`SIG_DFL\*(C'\fR on
+\&\f(CW\*(C`execve\*(C'\fR), this matters for the signal mask: many programs do not expect
+certain signals to be blocked.
+.PP
+This means that before calling \f(CW\*(C`exec\*(C'\fR (from the child) you should reset
+the signal mask to whatever \*(L"default\*(R" you expect (all clear is a good
+choice usually).
+.PP
+The simplest way to ensure that the signal mask is reset in the child is
+to install a fork handler with \f(CW\*(C`pthread_atfork\*(C'\fR that resets it. That will
+catch fork calls done by libraries (such as the libc) as well.
+.PP
+In current versions of libev, the signal will not be blocked indefinitely
+unless you use the \f(CW\*(C`signalfd\*(C'\fR \s-1API\s0 (\f(CW\*(C`EV_SIGNALFD\*(C'\fR). While this reduces
+the window of opportunity for problems, it will not go away, as libev
+\&\fIhas\fR to modify the signal mask, at least temporarily.
+.PP
+So I can't stress this enough: \fIIf you do not reset your signal mask when
+you expect it to be empty, you have a race condition in your code\fR. This
+is not a libev-specific thing, this is true for most event libraries.
+.PP
+\fIThe special problem of threads signal handling\fR
+.IX Subsection "The special problem of threads signal handling"
+.PP
+\&\s-1POSIX\s0 threads has problematic signal handling semantics, specifically,
+a lot of functionality (sigfd, sigwait etc.) only really works if all
+threads in a process block signals, which is hard to achieve.
+.PP
+When you want to use sigwait (or mix libev signal handling with your own
+for the same signals), you can tackle this problem by globally blocking
+all signals before creating any threads (or creating them with a fully set
+sigprocmask) and also specifying the \f(CW\*(C`EVFLAG_NOSIGMASK\*(C'\fR when creating
+loops. Then designate one thread as \*(L"signal receiver thread\*(R" which handles
+these signals. You can pass on any signals that libev might be interested
+in by calling \f(CW\*(C`ev_feed_signal\*(C'\fR.
+.PP
+\fIWatcher-Specific Functions and Data Members\fR
+.IX Subsection "Watcher-Specific Functions and Data Members"
+.IP "ev_signal_init (ev_signal *, callback, int signum)" 4
+.IX Item "ev_signal_init (ev_signal *, callback, int signum)"
+.PD 0
+.IP "ev_signal_set (ev_signal *, int signum)" 4
+.IX Item "ev_signal_set (ev_signal *, int signum)"
+.PD
+Configures the watcher to trigger on the given signal number (usually one
+of the \f(CW\*(C`SIGxxx\*(C'\fR constants).
+.IP "int signum [read\-only]" 4
+.IX Item "int signum [read-only]"
+The signal the watcher watches out for.
+.PP
+\fIExamples\fR
+.IX Subsection "Examples"
+.PP
+Example: Try to exit cleanly on \s-1SIGINT.\s0
+.PP
+.Vb 5
+\&   static void
+\&   sigint_cb (struct ev_loop *loop, ev_signal *w, int revents)
+\&   {
+\&     ev_break (loop, EVBREAK_ALL);
+\&   }
+\&
+\&   ev_signal signal_watcher;
+\&   ev_signal_init (&signal_watcher, sigint_cb, SIGINT);
+\&   ev_signal_start (loop, &signal_watcher);
+.Ve
+.ie n .SS """ev_child"" \- watch out for process status changes"
+.el .SS "\f(CWev_child\fP \- watch out for process status changes"
+.IX Subsection "ev_child - watch out for process status changes"
+Child watchers trigger when your process receives a \s-1SIGCHLD\s0 in response to
+some child status changes (most typically when a child of yours dies or
+exits). It is permissible to install a child watcher \fIafter\fR the child
+has been forked (which implies it might have already exited), as long
+as the event loop isn't entered (or is continued from a watcher), i.e.,
+forking and then immediately registering a watcher for the child is fine,
+but forking and registering a watcher a few event loop iterations later or
+in the next callback invocation is not.
+.PP
+Only the default event loop is capable of handling signals, and therefore
+you can only register child watchers in the default event loop.
+.PP
+Due to some design glitches inside libev, child watchers will always be
+handled at maximum priority (their priority is set to \f(CW\*(C`EV_MAXPRI\*(C'\fR by
+libev)
+.PP
+\fIProcess Interaction\fR
+.IX Subsection "Process Interaction"
+.PP
+Libev grabs \f(CW\*(C`SIGCHLD\*(C'\fR as soon as the default event loop is
+initialised. This is necessary to guarantee proper behaviour even if the
+first child watcher is started after the child exits. The occurrence
+of \f(CW\*(C`SIGCHLD\*(C'\fR is recorded asynchronously, but child reaping is done
+synchronously as part of the event loop processing. Libev always reaps all
+children, even ones not watched.
+.PP
+\fIOverriding the Built-In Processing\fR
+.IX Subsection "Overriding the Built-In Processing"
+.PP
+Libev offers no special support for overriding the built-in child
+processing, but if your application collides with libev's default child
+handler, you can override it easily by installing your own handler for
+\&\f(CW\*(C`SIGCHLD\*(C'\fR after initialising the default loop, and making sure the
+default loop never gets destroyed. You are encouraged, however, to use an
+event-based approach to child reaping and thus use libev's support for
+that, so other libev users can use \f(CW\*(C`ev_child\*(C'\fR watchers freely.
+.PP
+\fIStopping the Child Watcher\fR
+.IX Subsection "Stopping the Child Watcher"
+.PP
+Currently, the child watcher never gets stopped, even when the
+child terminates, so normally one needs to stop the watcher in the
+callback. Future versions of libev might stop the watcher automatically
+when a child exit is detected (calling \f(CW\*(C`ev_child_stop\*(C'\fR twice is not a
+problem).
+.PP
+\fIWatcher-Specific Functions and Data Members\fR
+.IX Subsection "Watcher-Specific Functions and Data Members"
+.IP "ev_child_init (ev_child *, callback, int pid, int trace)" 4
+.IX Item "ev_child_init (ev_child *, callback, int pid, int trace)"
+.PD 0
+.IP "ev_child_set (ev_child *, int pid, int trace)" 4
+.IX Item "ev_child_set (ev_child *, int pid, int trace)"
+.PD
+Configures the watcher to wait for status changes of process \f(CW\*(C`pid\*(C'\fR (or
+\&\fIany\fR process if \f(CW\*(C`pid\*(C'\fR is specified as \f(CW0\fR). The callback can look
+at the \f(CW\*(C`rstatus\*(C'\fR member of the \f(CW\*(C`ev_child\*(C'\fR watcher structure to see
+the status word (use the macros from \f(CW\*(C`sys/wait.h\*(C'\fR and see your systems
+\&\f(CW\*(C`waitpid\*(C'\fR documentation). The \f(CW\*(C`rpid\*(C'\fR member contains the pid of the
+process causing the status change. \f(CW\*(C`trace\*(C'\fR must be either \f(CW0\fR (only
+activate the watcher when the process terminates) or \f(CW1\fR (additionally
+activate the watcher when the process is stopped or continued).
+.IP "int pid [read\-only]" 4
+.IX Item "int pid [read-only]"
+The process id this watcher watches out for, or \f(CW0\fR, meaning any process id.
+.IP "int rpid [read\-write]" 4
+.IX Item "int rpid [read-write]"
+The process id that detected a status change.
+.IP "int rstatus [read\-write]" 4
+.IX Item "int rstatus [read-write]"
+The process exit/trace status caused by \f(CW\*(C`rpid\*(C'\fR (see your systems
+\&\f(CW\*(C`waitpid\*(C'\fR and \f(CW\*(C`sys/wait.h\*(C'\fR documentation for details).
+.PP
+\fIExamples\fR
+.IX Subsection "Examples"
+.PP
+Example: \f(CW\*(C`fork()\*(C'\fR a new process and install a child handler to wait for
+its completion.
+.PP
+.Vb 1
+\&   ev_child cw;
+\&
+\&   static void
+\&   child_cb (EV_P_ ev_child *w, int revents)
+\&   {
+\&     ev_child_stop (EV_A_ w);
+\&     printf ("process %d exited with status %x\en", w\->rpid, w\->rstatus);
+\&   }
+\&
+\&   pid_t pid = fork ();
+\&
+\&   if (pid < 0)
+\&     // error
+\&   else if (pid == 0)
+\&     {
+\&       // the forked child executes here
+\&       exit (1);
+\&     }
+\&   else
+\&     {
+\&       ev_child_init (&cw, child_cb, pid, 0);
+\&       ev_child_start (EV_DEFAULT_ &cw);
+\&     }
+.Ve
+.ie n .SS """ev_stat"" \- did the file attributes just change?"
+.el .SS "\f(CWev_stat\fP \- did the file attributes just change?"
+.IX Subsection "ev_stat - did the file attributes just change?"
+This watches a file system path for attribute changes. That is, it calls
+\&\f(CW\*(C`stat\*(C'\fR on that path in regular intervals (or when the \s-1OS\s0 says it changed)
+and sees if it changed compared to the last time, invoking the callback
+if it did. Starting the watcher \f(CW\*(C`stat\*(C'\fR's the file, so only changes that
+happen after the watcher has been started will be reported.
+.PP
+The path does not need to exist: changing from \*(L"path exists\*(R" to \*(L"path does
+not exist\*(R" is a status change like any other. The condition \*(L"path does not
+exist\*(R" (or more correctly \*(L"path cannot be stat'ed\*(R") is signified by the
+\&\f(CW\*(C`st_nlink\*(C'\fR field being zero (which is otherwise always forced to be at
+least one) and all the other fields of the stat buffer having unspecified
+contents.
+.PP
+The path \fImust not\fR end in a slash or contain special components such as
+\&\f(CW\*(C`.\*(C'\fR or \f(CW\*(C`..\*(C'\fR. The path \fIshould\fR be absolute: If it is relative and
+your working directory changes, then the behaviour is undefined.
+.PP
+Since there is no portable change notification interface available, the
+portable implementation simply calls \f(CWstat(2)\fR regularly on the path
+to see if it changed somehow. You can specify a recommended polling
+interval for this case. If you specify a polling interval of \f(CW0\fR (highly
+recommended!) then a \fIsuitable, unspecified default\fR value will be used
+(which you can expect to be around five seconds, although this might
+change dynamically). Libev will also impose a minimum interval which is
+currently around \f(CW0.1\fR, but that's usually overkill.
+.PP
+This watcher type is not meant for massive numbers of stat watchers,
+as even with OS-supported change notifications, this can be
+resource-intensive.
+.PP
+At the time of this writing, the only OS-specific interface implemented
+is the Linux inotify interface (implementing kqueue support is left as an
+exercise for the reader. Note, however, that the author sees no way of
+implementing \f(CW\*(C`ev_stat\*(C'\fR semantics with kqueue, except as a hint).
+.PP
+\fI\s-1ABI\s0 Issues (Largefile Support)\fR
+.IX Subsection "ABI Issues (Largefile Support)"
+.PP
+Libev by default (unless the user overrides this) uses the default
+compilation environment, which means that on systems with large file
+support disabled by default, you get the 32 bit version of the stat
+structure. When using the library from programs that change the \s-1ABI\s0 to
+use 64 bit file offsets the programs will fail. In that case you have to
+compile libev with the same flags to get binary compatibility. This is
+obviously the case with any flags that change the \s-1ABI,\s0 but the problem is
+most noticeably displayed with ev_stat and large file support.
+.PP
+The solution for this is to lobby your distribution maker to make large
+file interfaces available by default (as e.g. FreeBSD does) and not
+optional. Libev cannot simply switch on large file support because it has
+to exchange stat structures with application programs compiled using the
+default compilation environment.
+.PP
+\fIInotify and Kqueue\fR
+.IX Subsection "Inotify and Kqueue"
+.PP
+When \f(CW\*(C`inotify (7)\*(C'\fR support has been compiled into libev and present at
+runtime, it will be used to speed up change detection where possible. The
+inotify descriptor will be created lazily when the first \f(CW\*(C`ev_stat\*(C'\fR
+watcher is being started.
+.PP
+Inotify presence does not change the semantics of \f(CW\*(C`ev_stat\*(C'\fR watchers
+except that changes might be detected earlier, and in some cases, to avoid
+making regular \f(CW\*(C`stat\*(C'\fR calls. Even in the presence of inotify support
+there are many cases where libev has to resort to regular \f(CW\*(C`stat\*(C'\fR polling,
+but as long as kernel 2.6.25 or newer is used (2.6.24 and older have too
+many bugs), the path exists (i.e. stat succeeds), and the path resides on
+a local filesystem (libev currently assumes only ext2/3, jfs, reiserfs and
+xfs are fully working) libev usually gets away without polling.
+.PP
+There is no support for kqueue, as apparently it cannot be used to
+implement this functionality, due to the requirement of having a file
+descriptor open on the object at all times, and detecting renames, unlinks
+etc. is difficult.
+.PP
+\fI\f(CI\*(C`stat ()\*(C'\fI is a synchronous operation\fR
+.IX Subsection "stat () is a synchronous operation"
+.PP
+Libev doesn't normally do any kind of I/O itself, and so is not blocking
+the process. The exception are \f(CW\*(C`ev_stat\*(C'\fR watchers \- those call \f(CW\*(C`stat
+()\*(C'\fR, which is a synchronous operation.
+.PP
+For local paths, this usually doesn't matter: unless the system is very
+busy or the intervals between stat's are large, a stat call will be fast,
+as the path data is usually in memory already (except when starting the
+watcher).
+.PP
+For networked file systems, calling \f(CW\*(C`stat ()\*(C'\fR can block an indefinite
+time due to network issues, and even under good conditions, a stat call
+often takes multiple milliseconds.
+.PP
+Therefore, it is best to avoid using \f(CW\*(C`ev_stat\*(C'\fR watchers on networked
+paths, although this is fully supported by libev.
+.PP
+\fIThe special problem of stat time resolution\fR
+.IX Subsection "The special problem of stat time resolution"
+.PP
+The \f(CW\*(C`stat ()\*(C'\fR system call only supports full-second resolution portably,
+and even on systems where the resolution is higher, most file systems
+still only support whole seconds.
+.PP
+That means that, if the time is the only thing that changes, you can
+easily miss updates: on the first update, \f(CW\*(C`ev_stat\*(C'\fR detects a change and
+calls your callback, which does something. When there is another update
+within the same second, \f(CW\*(C`ev_stat\*(C'\fR will be unable to detect unless the
+stat data does change in other ways (e.g. file size).
+.PP
+The solution to this is to delay acting on a change for slightly more
+than a second (or till slightly after the next full second boundary), using
+a roughly one-second-delay \f(CW\*(C`ev_timer\*(C'\fR (e.g. \f(CW\*(C`ev_timer_set (w, 0., 1.02);
+ev_timer_again (loop, w)\*(C'\fR).
+.PP
+The \f(CW.02\fR offset is added to work around small timing inconsistencies
+of some operating systems (where the second counter of the current time
+might be be delayed. One such system is the Linux kernel, where a call to
+\&\f(CW\*(C`gettimeofday\*(C'\fR might return a timestamp with a full second later than
+a subsequent \f(CW\*(C`time\*(C'\fR call \- if the equivalent of \f(CW\*(C`time ()\*(C'\fR is used to
+update file times then there will be a small window where the kernel uses
+the previous second to update file times but libev might already execute
+the timer callback).
+.PP
+\fIWatcher-Specific Functions and Data Members\fR
+.IX Subsection "Watcher-Specific Functions and Data Members"
+.IP "ev_stat_init (ev_stat *, callback, const char *path, ev_tstamp interval)" 4
+.IX Item "ev_stat_init (ev_stat *, callback, const char *path, ev_tstamp interval)"
+.PD 0
+.IP "ev_stat_set (ev_stat *, const char *path, ev_tstamp interval)" 4
+.IX Item "ev_stat_set (ev_stat *, const char *path, ev_tstamp interval)"
+.PD
+Configures the watcher to wait for status changes of the given
+\&\f(CW\*(C`path\*(C'\fR. The \f(CW\*(C`interval\*(C'\fR is a hint on how quickly a change is expected to
+be detected and should normally be specified as \f(CW0\fR to let libev choose
+a suitable value. The memory pointed to by \f(CW\*(C`path\*(C'\fR must point to the same
+path for as long as the watcher is active.
+.Sp
+The callback will receive an \f(CW\*(C`EV_STAT\*(C'\fR event when a change was detected,
+relative to the attributes at the time the watcher was started (or the
+last change was detected).
+.IP "ev_stat_stat (loop, ev_stat *)" 4
+.IX Item "ev_stat_stat (loop, ev_stat *)"
+Updates the stat buffer immediately with new values. If you change the
+watched path in your callback, you could call this function to avoid
+detecting this change (while introducing a race condition if you are not
+the only one changing the path). Can also be useful simply to find out the
+new values.
+.IP "ev_statdata attr [read\-only]" 4
+.IX Item "ev_statdata attr [read-only]"
+The most-recently detected attributes of the file. Although the type is
+\&\f(CW\*(C`ev_statdata\*(C'\fR, this is usually the (or one of the) \f(CW\*(C`struct stat\*(C'\fR types
+suitable for your system, but you can only rely on the POSIX-standardised
+members to be present. If the \f(CW\*(C`st_nlink\*(C'\fR member is \f(CW0\fR, then there was
+some error while \f(CW\*(C`stat\*(C'\fRing the file.
+.IP "ev_statdata prev [read\-only]" 4
+.IX Item "ev_statdata prev [read-only]"
+The previous attributes of the file. The callback gets invoked whenever
+\&\f(CW\*(C`prev\*(C'\fR != \f(CW\*(C`attr\*(C'\fR, or, more precisely, one or more of these members
+differ: \f(CW\*(C`st_dev\*(C'\fR, \f(CW\*(C`st_ino\*(C'\fR, \f(CW\*(C`st_mode\*(C'\fR, \f(CW\*(C`st_nlink\*(C'\fR, \f(CW\*(C`st_uid\*(C'\fR,
+\&\f(CW\*(C`st_gid\*(C'\fR, \f(CW\*(C`st_rdev\*(C'\fR, \f(CW\*(C`st_size\*(C'\fR, \f(CW\*(C`st_atime\*(C'\fR, \f(CW\*(C`st_mtime\*(C'\fR, \f(CW\*(C`st_ctime\*(C'\fR.
+.IP "ev_tstamp interval [read\-only]" 4
+.IX Item "ev_tstamp interval [read-only]"
+The specified interval.
+.IP "const char *path [read\-only]" 4
+.IX Item "const char *path [read-only]"
+The file system path that is being watched.
+.PP
+\fIExamples\fR
+.IX Subsection "Examples"
+.PP
+Example: Watch \f(CW\*(C`/etc/passwd\*(C'\fR for attribute changes.
+.PP
+.Vb 10
+\&   static void
+\&   passwd_cb (struct ev_loop *loop, ev_stat *w, int revents)
+\&   {
+\&     /* /etc/passwd changed in some way */
+\&     if (w\->attr.st_nlink)
+\&       {
+\&         printf ("passwd current size  %ld\en", (long)w\->attr.st_size);
+\&         printf ("passwd current atime %ld\en", (long)w\->attr.st_mtime);
+\&         printf ("passwd current mtime %ld\en", (long)w\->attr.st_mtime);
+\&       }
+\&     else
+\&       /* you shalt not abuse printf for puts */
+\&       puts ("wow, /etc/passwd is not there, expect problems. "
+\&             "if this is windows, they already arrived\en");
+\&   }
+\&
+\&   ...
+\&   ev_stat passwd;
+\&
+\&   ev_stat_init (&passwd, passwd_cb, "/etc/passwd", 0.);
+\&   ev_stat_start (loop, &passwd);
+.Ve
+.PP
+Example: Like above, but additionally use a one-second delay so we do not
+miss updates (however, frequent updates will delay processing, too, so
+one might do the work both on \f(CW\*(C`ev_stat\*(C'\fR callback invocation \fIand\fR on
+\&\f(CW\*(C`ev_timer\*(C'\fR callback invocation).
+.PP
+.Vb 2
+\&   static ev_stat passwd;
+\&   static ev_timer timer;
+\&
+\&   static void
+\&   timer_cb (EV_P_ ev_timer *w, int revents)
+\&   {
+\&     ev_timer_stop (EV_A_ w);
+\&
+\&     /* now it\*(Aqs one second after the most recent passwd change */
+\&   }
+\&
+\&   static void
+\&   stat_cb (EV_P_ ev_stat *w, int revents)
+\&   {
+\&     /* reset the one\-second timer */
+\&     ev_timer_again (EV_A_ &timer);
+\&   }
+\&
+\&   ...
+\&   ev_stat_init (&passwd, stat_cb, "/etc/passwd", 0.);
+\&   ev_stat_start (loop, &passwd);
+\&   ev_timer_init (&timer, timer_cb, 0., 1.02);
+.Ve
+.ie n .SS """ev_idle"" \- when you've got nothing better to do..."
+.el .SS "\f(CWev_idle\fP \- when you've got nothing better to do..."
+.IX Subsection "ev_idle - when you've got nothing better to do..."
+Idle watchers trigger events when no other events of the same or higher
+priority are pending (prepare, check and other idle watchers do not count
+as receiving \*(L"events\*(R").
+.PP
+That is, as long as your process is busy handling sockets or timeouts
+(or even signals, imagine) of the same or higher priority it will not be
+triggered. But when your process is idle (or only lower-priority watchers
+are pending), the idle watchers are being called once per event loop
+iteration \- until stopped, that is, or your process receives more events
+and becomes busy again with higher priority stuff.
+.PP
+The most noteworthy effect is that as long as any idle watchers are
+active, the process will not block when waiting for new events.
+.PP
+Apart from keeping your process non-blocking (which is a useful
+effect on its own sometimes), idle watchers are a good place to do
+\&\*(L"pseudo-background processing\*(R", or delay processing stuff to after the
+event loop has handled all outstanding events.
+.PP
+\fIAbusing an \f(CI\*(C`ev_idle\*(C'\fI watcher for its side-effect\fR
+.IX Subsection "Abusing an ev_idle watcher for its side-effect"
+.PP
+As long as there is at least one active idle watcher, libev will never
+sleep unnecessarily. Or in other words, it will loop as fast as possible.
+For this to work, the idle watcher doesn't need to be invoked at all \- the
+lowest priority will do.
+.PP
+This mode of operation can be useful together with an \f(CW\*(C`ev_check\*(C'\fR watcher,
+to do something on each event loop iteration \- for example to balance load
+between different connections.
+.PP
+See \*(L"Abusing an ev_check watcher for its side-effect\*(R" for a longer
+example.
+.PP
+\fIWatcher-Specific Functions and Data Members\fR
+.IX Subsection "Watcher-Specific Functions and Data Members"
+.IP "ev_idle_init (ev_idle *, callback)" 4
+.IX Item "ev_idle_init (ev_idle *, callback)"
+Initialises and configures the idle watcher \- it has no parameters of any
+kind. There is a \f(CW\*(C`ev_idle_set\*(C'\fR macro, but using it is utterly pointless,
+believe me.
+.PP
+\fIExamples\fR
+.IX Subsection "Examples"
+.PP
+Example: Dynamically allocate an \f(CW\*(C`ev_idle\*(C'\fR watcher, start it, and in the
+callback, free it. Also, use no error checking, as usual.
+.PP
+.Vb 5
+\&   static void
+\&   idle_cb (struct ev_loop *loop, ev_idle *w, int revents)
+\&   {
+\&     // stop the watcher
+\&     ev_idle_stop (loop, w);
+\&
+\&     // now we can free it
+\&     free (w);
+\&
+\&     // now do something you wanted to do when the program has
+\&     // no longer anything immediate to do.
+\&   }
+\&
+\&   ev_idle *idle_watcher = malloc (sizeof (ev_idle));
+\&   ev_idle_init (idle_watcher, idle_cb);
+\&   ev_idle_start (loop, idle_watcher);
+.Ve
+.ie n .SS """ev_prepare"" and ""ev_check"" \- customise your event loop!"
+.el .SS "\f(CWev_prepare\fP and \f(CWev_check\fP \- customise your event loop!"
+.IX Subsection "ev_prepare and ev_check - customise your event loop!"
+Prepare and check watchers are often (but not always) used in pairs:
+prepare watchers get invoked before the process blocks and check watchers
+afterwards.
+.PP
+You \fImust not\fR call \f(CW\*(C`ev_run\*(C'\fR (or similar functions that enter the
+current event loop) or \f(CW\*(C`ev_loop_fork\*(C'\fR from either \f(CW\*(C`ev_prepare\*(C'\fR or
+\&\f(CW\*(C`ev_check\*(C'\fR watchers. Other loops than the current one are fine,
+however. The rationale behind this is that you do not need to check
+for recursion in those watchers, i.e. the sequence will always be
+\&\f(CW\*(C`ev_prepare\*(C'\fR, blocking, \f(CW\*(C`ev_check\*(C'\fR so if you have one watcher of each
+kind they will always be called in pairs bracketing the blocking call.
+.PP
+Their main purpose is to integrate other event mechanisms into libev and
+their use is somewhat advanced. They could be used, for example, to track
+variable changes, implement your own watchers, integrate net-snmp or a
+coroutine library and lots more. They are also occasionally useful if
+you cache some data and want to flush it before blocking (for example,
+in X programs you might want to do an \f(CW\*(C`XFlush ()\*(C'\fR in an \f(CW\*(C`ev_prepare\*(C'\fR
+watcher).
+.PP
+This is done by examining in each prepare call which file descriptors
+need to be watched by the other library, registering \f(CW\*(C`ev_io\*(C'\fR watchers
+for them and starting an \f(CW\*(C`ev_timer\*(C'\fR watcher for any timeouts (many
+libraries provide exactly this functionality). Then, in the check watcher,
+you check for any events that occurred (by checking the pending status
+of all watchers and stopping them) and call back into the library. The
+I/O and timer callbacks will never actually be called (but must be valid
+nevertheless, because you never know, you know?).
+.PP
+As another example, the Perl Coro module uses these hooks to integrate
+coroutines into libev programs, by yielding to other active coroutines
+during each prepare and only letting the process block if no coroutines
+are ready to run (it's actually more complicated: it only runs coroutines
+with priority higher than or equal to the event loop and one coroutine
+of lower priority, but only once, using idle watchers to keep the event
+loop from blocking if lower-priority coroutines are active, thus mapping
+low-priority coroutines to idle/background tasks).
+.PP
+When used for this purpose, it is recommended to give \f(CW\*(C`ev_check\*(C'\fR watchers
+highest (\f(CW\*(C`EV_MAXPRI\*(C'\fR) priority, to ensure that they are being run before
+any other watchers after the poll (this doesn't matter for \f(CW\*(C`ev_prepare\*(C'\fR
+watchers).
+.PP
+Also, \f(CW\*(C`ev_check\*(C'\fR watchers (and \f(CW\*(C`ev_prepare\*(C'\fR watchers, too) should not
+activate (\*(L"feed\*(R") events into libev. While libev fully supports this, they
+might get executed before other \f(CW\*(C`ev_check\*(C'\fR watchers did their job. As
+\&\f(CW\*(C`ev_check\*(C'\fR watchers are often used to embed other (non-libev) event
+loops those other event loops might be in an unusable state until their
+\&\f(CW\*(C`ev_check\*(C'\fR watcher ran (always remind yourself to coexist peacefully with
+others).
+.PP
+\fIAbusing an \f(CI\*(C`ev_check\*(C'\fI watcher for its side-effect\fR
+.IX Subsection "Abusing an ev_check watcher for its side-effect"
+.PP
+\&\f(CW\*(C`ev_check\*(C'\fR (and less often also \f(CW\*(C`ev_prepare\*(C'\fR) watchers can also be
+useful because they are called once per event loop iteration. For
+example, if you want to handle a large number of connections fairly, you
+normally only do a bit of work for each active connection, and if there
+is more work to do, you wait for the next event loop iteration, so other
+connections have a chance of making progress.
+.PP
+Using an \f(CW\*(C`ev_check\*(C'\fR watcher is almost enough: it will be called on the
+next event loop iteration. However, that isn't as soon as possible \-
+without external events, your \f(CW\*(C`ev_check\*(C'\fR watcher will not be invoked.
+.PP
+This is where \f(CW\*(C`ev_idle\*(C'\fR watchers come in handy \- all you need is a
+single global idle watcher that is active as long as you have one active
+\&\f(CW\*(C`ev_check\*(C'\fR watcher. The \f(CW\*(C`ev_idle\*(C'\fR watcher makes sure the event loop
+will not sleep, and the \f(CW\*(C`ev_check\*(C'\fR watcher makes sure a callback gets
+invoked. Neither watcher alone can do that.
+.PP
+\fIWatcher-Specific Functions and Data Members\fR
+.IX Subsection "Watcher-Specific Functions and Data Members"
+.IP "ev_prepare_init (ev_prepare *, callback)" 4
+.IX Item "ev_prepare_init (ev_prepare *, callback)"
+.PD 0
+.IP "ev_check_init (ev_check *, callback)" 4
+.IX Item "ev_check_init (ev_check *, callback)"
+.PD
+Initialises and configures the prepare or check watcher \- they have no
+parameters of any kind. There are \f(CW\*(C`ev_prepare_set\*(C'\fR and \f(CW\*(C`ev_check_set\*(C'\fR
+macros, but using them is utterly, utterly, utterly and completely
+pointless.
+.PP
+\fIExamples\fR
+.IX Subsection "Examples"
+.PP
+There are a number of principal ways to embed other event loops or modules
+into libev. Here are some ideas on how to include libadns into libev
+(there is a Perl module named \f(CW\*(C`EV::ADNS\*(C'\fR that does this, which you could
+use as a working example. Another Perl module named \f(CW\*(C`EV::Glib\*(C'\fR embeds a
+Glib main context into libev, and finally, \f(CW\*(C`Glib::EV\*(C'\fR embeds \s-1EV\s0 into the
+Glib event loop).
+.PP
+Method 1: Add \s-1IO\s0 watchers and a timeout watcher in a prepare handler,
+and in a check watcher, destroy them and call into libadns. What follows
+is pseudo-code only of course. This requires you to either use a low
+priority for the check watcher or use \f(CW\*(C`ev_clear_pending\*(C'\fR explicitly, as
+the callbacks for the IO/timeout watchers might not have been called yet.
+.PP
+.Vb 2
+\&   static ev_io iow [nfd];
+\&   static ev_timer tw;
+\&
+\&   static void
+\&   io_cb (struct ev_loop *loop, ev_io *w, int revents)
+\&   {
+\&   }
+\&
+\&   // create io watchers for each fd and a timer before blocking
+\&   static void
+\&   adns_prepare_cb (struct ev_loop *loop, ev_prepare *w, int revents)
+\&   {
+\&     int timeout = 3600000;
+\&     struct pollfd fds [nfd];
+\&     // actual code will need to loop here and realloc etc.
+\&     adns_beforepoll (ads, fds, &nfd, &timeout, timeval_from (ev_time ()));
+\&
+\&     /* the callback is illegal, but won\*(Aqt be called as we stop during check */
+\&     ev_timer_init (&tw, 0, timeout * 1e\-3, 0.);
+\&     ev_timer_start (loop, &tw);
+\&
+\&     // create one ev_io per pollfd
+\&     for (int i = 0; i < nfd; ++i)
+\&       {
+\&         ev_io_init (iow + i, io_cb, fds [i].fd,
+\&           ((fds [i].events & POLLIN ? EV_READ : 0)
+\&            | (fds [i].events & POLLOUT ? EV_WRITE : 0)));
+\&
+\&         fds [i].revents = 0;
+\&         ev_io_start (loop, iow + i);
+\&       }
+\&   }
+\&
+\&   // stop all watchers after blocking
+\&   static void
+\&   adns_check_cb (struct ev_loop *loop, ev_check *w, int revents)
+\&   {
+\&     ev_timer_stop (loop, &tw);
+\&
+\&     for (int i = 0; i < nfd; ++i)
+\&       {
+\&         // set the relevant poll flags
+\&         // could also call adns_processreadable etc. here
+\&         struct pollfd *fd = fds + i;
+\&         int revents = ev_clear_pending (iow + i);
+\&         if (revents & EV_READ ) fd\->revents |= fd\->events & POLLIN;
+\&         if (revents & EV_WRITE) fd\->revents |= fd\->events & POLLOUT;
+\&
+\&         // now stop the watcher
+\&         ev_io_stop (loop, iow + i);
+\&       }
+\&
+\&     adns_afterpoll (adns, fds, nfd, timeval_from (ev_now (loop));
+\&   }
+.Ve
+.PP
+Method 2: This would be just like method 1, but you run \f(CW\*(C`adns_afterpoll\*(C'\fR
+in the prepare watcher and would dispose of the check watcher.
+.PP
+Method 3: If the module to be embedded supports explicit event
+notification (libadns does), you can also make use of the actual watcher
+callbacks, and only destroy/create the watchers in the prepare watcher.
+.PP
+.Vb 5
+\&   static void
+\&   timer_cb (EV_P_ ev_timer *w, int revents)
+\&   {
+\&     adns_state ads = (adns_state)w\->data;
+\&     update_now (EV_A);
+\&
+\&     adns_processtimeouts (ads, &tv_now);
+\&   }
+\&
+\&   static void
+\&   io_cb (EV_P_ ev_io *w, int revents)
+\&   {
+\&     adns_state ads = (adns_state)w\->data;
+\&     update_now (EV_A);
+\&
+\&     if (revents & EV_READ ) adns_processreadable  (ads, w\->fd, &tv_now);
+\&     if (revents & EV_WRITE) adns_processwriteable (ads, w\->fd, &tv_now);
+\&   }
+\&
+\&   // do not ever call adns_afterpoll
+.Ve
+.PP
+Method 4: Do not use a prepare or check watcher because the module you
+want to embed is not flexible enough to support it. Instead, you can
+override their poll function. The drawback with this solution is that the
+main loop is now no longer controllable by \s-1EV.\s0 The \f(CW\*(C`Glib::EV\*(C'\fR module uses
+this approach, effectively embedding \s-1EV\s0 as a client into the horrible
+libglib event loop.
+.PP
+.Vb 4
+\&   static gint
+\&   event_poll_func (GPollFD *fds, guint nfds, gint timeout)
+\&   {
+\&     int got_events = 0;
+\&
+\&     for (n = 0; n < nfds; ++n)
+\&       // create/start io watcher that sets the relevant bits in fds[n] and increment got_events
+\&
+\&     if (timeout >= 0)
+\&       // create/start timer
+\&
+\&     // poll
+\&     ev_run (EV_A_ 0);
+\&
+\&     // stop timer again
+\&     if (timeout >= 0)
+\&       ev_timer_stop (EV_A_ &to);
+\&
+\&     // stop io watchers again \- their callbacks should have set
+\&     for (n = 0; n < nfds; ++n)
+\&       ev_io_stop (EV_A_ iow [n]);
+\&
+\&     return got_events;
+\&   }
+.Ve
+.ie n .SS """ev_embed"" \- when one backend isn't enough..."
+.el .SS "\f(CWev_embed\fP \- when one backend isn't enough..."
+.IX Subsection "ev_embed - when one backend isn't enough..."
+This is a rather advanced watcher type that lets you embed one event loop
+into another (currently only \f(CW\*(C`ev_io\*(C'\fR events are supported in the embedded
+loop, other types of watchers might be handled in a delayed or incorrect
+fashion and must not be used).
+.PP
+There are primarily two reasons you would want that: work around bugs and
+prioritise I/O.
+.PP
+As an example for a bug workaround, the kqueue backend might only support
+sockets on some platform, so it is unusable as generic backend, but you
+still want to make use of it because you have many sockets and it scales
+so nicely. In this case, you would create a kqueue-based loop and embed
+it into your default loop (which might use e.g. poll). Overall operation
+will be a bit slower because first libev has to call \f(CW\*(C`poll\*(C'\fR and then
+\&\f(CW\*(C`kevent\*(C'\fR, but at least you can use both mechanisms for what they are
+best: \f(CW\*(C`kqueue\*(C'\fR for scalable sockets and \f(CW\*(C`poll\*(C'\fR if you want it to work :)
+.PP
+As for prioritising I/O: under rare circumstances you have the case where
+some fds have to be watched and handled very quickly (with low latency),
+and even priorities and idle watchers might have too much overhead. In
+this case you would put all the high priority stuff in one loop and all
+the rest in a second one, and embed the second one in the first.
+.PP
+As long as the watcher is active, the callback will be invoked every
+time there might be events pending in the embedded loop. The callback
+must then call \f(CW\*(C`ev_embed_sweep (mainloop, watcher)\*(C'\fR to make a single
+sweep and invoke their callbacks (the callback doesn't need to invoke the
+\&\f(CW\*(C`ev_embed_sweep\*(C'\fR function directly, it could also start an idle watcher
+to give the embedded loop strictly lower priority for example).
+.PP
+You can also set the callback to \f(CW0\fR, in which case the embed watcher
+will automatically execute the embedded loop sweep whenever necessary.
+.PP
+Fork detection will be handled transparently while the \f(CW\*(C`ev_embed\*(C'\fR watcher
+is active, i.e., the embedded loop will automatically be forked when the
+embedding loop forks. In other cases, the user is responsible for calling
+\&\f(CW\*(C`ev_loop_fork\*(C'\fR on the embedded loop.
+.PP
+Unfortunately, not all backends are embeddable: only the ones returned by
+\&\f(CW\*(C`ev_embeddable_backends\*(C'\fR are, which, unfortunately, does not include any
+portable one.
+.PP
+So when you want to use this feature you will always have to be prepared
+that you cannot get an embeddable loop. The recommended way to get around
+this is to have a separate variables for your embeddable loop, try to
+create it, and if that fails, use the normal loop for everything.
+.PP
+\fI\f(CI\*(C`ev_embed\*(C'\fI and fork\fR
+.IX Subsection "ev_embed and fork"
+.PP
+While the \f(CW\*(C`ev_embed\*(C'\fR watcher is running, forks in the embedding loop will
+automatically be applied to the embedded loop as well, so no special
+fork handling is required in that case. When the watcher is not running,
+however, it is still the task of the libev user to call \f(CW\*(C`ev_loop_fork ()\*(C'\fR
+as applicable.
+.PP
+\fIWatcher-Specific Functions and Data Members\fR
+.IX Subsection "Watcher-Specific Functions and Data Members"
+.IP "ev_embed_init (ev_embed *, callback, struct ev_loop *embedded_loop)" 4
+.IX Item "ev_embed_init (ev_embed *, callback, struct ev_loop *embedded_loop)"
+.PD 0
+.IP "ev_embed_set (ev_embed *, struct ev_loop *embedded_loop)" 4
+.IX Item "ev_embed_set (ev_embed *, struct ev_loop *embedded_loop)"
+.PD
+Configures the watcher to embed the given loop, which must be
+embeddable. If the callback is \f(CW0\fR, then \f(CW\*(C`ev_embed_sweep\*(C'\fR will be
+invoked automatically, otherwise it is the responsibility of the callback
+to invoke it (it will continue to be called until the sweep has been done,
+if you do not want that, you need to temporarily stop the embed watcher).
+.IP "ev_embed_sweep (loop, ev_embed *)" 4
+.IX Item "ev_embed_sweep (loop, ev_embed *)"
+Make a single, non-blocking sweep over the embedded loop. This works
+similarly to \f(CW\*(C`ev_run (embedded_loop, EVRUN_NOWAIT)\*(C'\fR, but in the most
+appropriate way for embedded loops.
+.IP "struct ev_loop *other [read\-only]" 4
+.IX Item "struct ev_loop *other [read-only]"
+The embedded event loop.
+.PP
+\fIExamples\fR
+.IX Subsection "Examples"
+.PP
+Example: Try to get an embeddable event loop and embed it into the default
+event loop. If that is not possible, use the default loop. The default
+loop is stored in \f(CW\*(C`loop_hi\*(C'\fR, while the embeddable loop is stored in
+\&\f(CW\*(C`loop_lo\*(C'\fR (which is \f(CW\*(C`loop_hi\*(C'\fR in the case no embeddable loop can be
+used).
+.PP
+.Vb 3
+\&   struct ev_loop *loop_hi = ev_default_init (0);
+\&   struct ev_loop *loop_lo = 0;
+\&   ev_embed embed;
+\&
+\&   // see if there is a chance of getting one that works
+\&   // (remember that a flags value of 0 means autodetection)
+\&   loop_lo = ev_embeddable_backends () & ev_recommended_backends ()
+\&     ? ev_loop_new (ev_embeddable_backends () & ev_recommended_backends ())
+\&     : 0;
+\&
+\&   // if we got one, then embed it, otherwise default to loop_hi
+\&   if (loop_lo)
+\&     {
+\&       ev_embed_init (&embed, 0, loop_lo);
+\&       ev_embed_start (loop_hi, &embed);
+\&     }
+\&   else
+\&     loop_lo = loop_hi;
+.Ve
+.PP
+Example: Check if kqueue is available but not recommended and create
+a kqueue backend for use with sockets (which usually work with any
+kqueue implementation). Store the kqueue/socket\-only event loop in
+\&\f(CW\*(C`loop_socket\*(C'\fR. (One might optionally use \f(CW\*(C`EVFLAG_NOENV\*(C'\fR, too).
+.PP
+.Vb 3
+\&   struct ev_loop *loop = ev_default_init (0);
+\&   struct ev_loop *loop_socket = 0;
+\&   ev_embed embed;
+\&
+\&   if (ev_supported_backends () & ~ev_recommended_backends () & EVBACKEND_KQUEUE)
+\&     if ((loop_socket = ev_loop_new (EVBACKEND_KQUEUE))
+\&       {
+\&         ev_embed_init (&embed, 0, loop_socket);
+\&         ev_embed_start (loop, &embed);
+\&       }
+\&
+\&   if (!loop_socket)
+\&     loop_socket = loop;
+\&
+\&   // now use loop_socket for all sockets, and loop for everything else
+.Ve
+.ie n .SS """ev_fork"" \- the audacity to resume the event loop after a fork"
+.el .SS "\f(CWev_fork\fP \- the audacity to resume the event loop after a fork"
+.IX Subsection "ev_fork - the audacity to resume the event loop after a fork"
+Fork watchers are called when a \f(CW\*(C`fork ()\*(C'\fR was detected (usually because
+whoever is a good citizen cared to tell libev about it by calling
+\&\f(CW\*(C`ev_loop_fork\*(C'\fR). The invocation is done before the event loop blocks next
+and before \f(CW\*(C`ev_check\*(C'\fR watchers are being called, and only in the child
+after the fork. If whoever good citizen calling \f(CW\*(C`ev_default_fork\*(C'\fR cheats
+and calls it in the wrong process, the fork handlers will be invoked, too,
+of course.
+.PP
+\fIThe special problem of life after fork \- how is it possible?\fR
+.IX Subsection "The special problem of life after fork - how is it possible?"
+.PP
+Most uses of \f(CW\*(C`fork ()\*(C'\fR consist of forking, then some simple calls to set
+up/change the process environment, followed by a call to \f(CW\*(C`exec()\*(C'\fR. This
+sequence should be handled by libev without any problems.
+.PP
+This changes when the application actually wants to do event handling
+in the child, or both parent in child, in effect \*(L"continuing\*(R" after the
+fork.
+.PP
+The default mode of operation (for libev, with application help to detect
+forks) is to duplicate all the state in the child, as would be expected
+when \fIeither\fR the parent \fIor\fR the child process continues.
+.PP
+When both processes want to continue using libev, then this is usually the
+wrong result. In that case, usually one process (typically the parent) is
+supposed to continue with all watchers in place as before, while the other
+process typically wants to start fresh, i.e. without any active watchers.
+.PP
+The cleanest and most efficient way to achieve that with libev is to
+simply create a new event loop, which of course will be \*(L"empty\*(R", and
+use that for new watchers. This has the advantage of not touching more
+memory than necessary, and thus avoiding the copy-on-write, and the
+disadvantage of having to use multiple event loops (which do not support
+signal watchers).
+.PP
+When this is not possible, or you want to use the default loop for
+other reasons, then in the process that wants to start \*(L"fresh\*(R", call
+\&\f(CW\*(C`ev_loop_destroy (EV_DEFAULT)\*(C'\fR followed by \f(CW\*(C`ev_default_loop (...)\*(C'\fR.
+Destroying the default loop will \*(L"orphan\*(R" (not stop) all registered
+watchers, so you have to be careful not to execute code that modifies
+those watchers. Note also that in that case, you have to re-register any
+signal watchers.
+.PP
+\fIWatcher-Specific Functions and Data Members\fR
+.IX Subsection "Watcher-Specific Functions and Data Members"
+.IP "ev_fork_init (ev_fork *, callback)" 4
+.IX Item "ev_fork_init (ev_fork *, callback)"
+Initialises and configures the fork watcher \- it has no parameters of any
+kind. There is a \f(CW\*(C`ev_fork_set\*(C'\fR macro, but using it is utterly pointless,
+really.
+.ie n .SS """ev_cleanup"" \- even the best things end"
+.el .SS "\f(CWev_cleanup\fP \- even the best things end"
+.IX Subsection "ev_cleanup - even the best things end"
+Cleanup watchers are called just before the event loop is being destroyed
+by a call to \f(CW\*(C`ev_loop_destroy\*(C'\fR.
+.PP
+While there is no guarantee that the event loop gets destroyed, cleanup
+watchers provide a convenient method to install cleanup hooks for your
+program, worker threads and so on \- you just to make sure to destroy the
+loop when you want them to be invoked.
+.PP
+Cleanup watchers are invoked in the same way as any other watcher. Unlike
+all other watchers, they do not keep a reference to the event loop (which
+makes a lot of sense if you think about it). Like all other watchers, you
+can call libev functions in the callback, except \f(CW\*(C`ev_cleanup_start\*(C'\fR.
+.PP
+\fIWatcher-Specific Functions and Data Members\fR
+.IX Subsection "Watcher-Specific Functions and Data Members"
+.IP "ev_cleanup_init (ev_cleanup *, callback)" 4
+.IX Item "ev_cleanup_init (ev_cleanup *, callback)"
+Initialises and configures the cleanup watcher \- it has no parameters of
+any kind. There is a \f(CW\*(C`ev_cleanup_set\*(C'\fR macro, but using it is utterly
+pointless, I assure you.
+.PP
+Example: Register an atexit handler to destroy the default loop, so any
+cleanup functions are called.
+.PP
+.Vb 5
+\&   static void
+\&   program_exits (void)
+\&   {
+\&     ev_loop_destroy (EV_DEFAULT_UC);
+\&   }
+\&
+\&   ...
+\&   atexit (program_exits);
+.Ve
+.ie n .SS """ev_async"" \- how to wake up an event loop"
+.el .SS "\f(CWev_async\fP \- how to wake up an event loop"
+.IX Subsection "ev_async - how to wake up an event loop"
+In general, you cannot use an \f(CW\*(C`ev_loop\*(C'\fR from multiple threads or other
+asynchronous sources such as signal handlers (as opposed to multiple event
+loops \- those are of course safe to use in different threads).
+.PP
+Sometimes, however, you need to wake up an event loop you do not control,
+for example because it belongs to another thread. This is what \f(CW\*(C`ev_async\*(C'\fR
+watchers do: as long as the \f(CW\*(C`ev_async\*(C'\fR watcher is active, you can signal
+it by calling \f(CW\*(C`ev_async_send\*(C'\fR, which is thread\- and signal safe.
+.PP
+This functionality is very similar to \f(CW\*(C`ev_signal\*(C'\fR watchers, as signals,
+too, are asynchronous in nature, and signals, too, will be compressed
+(i.e. the number of callback invocations may be less than the number of
+\&\f(CW\*(C`ev_async_send\*(C'\fR calls). In fact, you could use signal watchers as a kind
+of \*(L"global async watchers\*(R" by using a watcher on an otherwise unused
+signal, and \f(CW\*(C`ev_feed_signal\*(C'\fR to signal this watcher from another thread,
+even without knowing which loop owns the signal.
+.PP
+\fIQueueing\fR
+.IX Subsection "Queueing"
+.PP
+\&\f(CW\*(C`ev_async\*(C'\fR does not support queueing of data in any way. The reason
+is that the author does not know of a simple (or any) algorithm for a
+multiple-writer-single-reader queue that works in all cases and doesn't
+need elaborate support such as pthreads or unportable memory access
+semantics.
+.PP
+That means that if you want to queue data, you have to provide your own
+queue. But at least I can tell you how to implement locking around your
+queue:
+.IP "queueing from a signal handler context" 4
+.IX Item "queueing from a signal handler context"
+To implement race-free queueing, you simply add to the queue in the signal
+handler but you block the signal handler in the watcher callback. Here is
+an example that does that for some fictitious \s-1SIGUSR1\s0 handler:
+.Sp
+.Vb 1
+\&   static ev_async mysig;
+\&
+\&   static void
+\&   sigusr1_handler (void)
+\&   {
+\&     sometype data;
+\&
+\&     // no locking etc.
+\&     queue_put (data);
+\&     ev_async_send (EV_DEFAULT_ &mysig);
+\&   }
+\&
+\&   static void
+\&   mysig_cb (EV_P_ ev_async *w, int revents)
+\&   {
+\&     sometype data;
+\&     sigset_t block, prev;
+\&
+\&     sigemptyset (&block);
+\&     sigaddset (&block, SIGUSR1);
+\&     sigprocmask (SIG_BLOCK, &block, &prev);
+\&
+\&     while (queue_get (&data))
+\&       process (data);
+\&
+\&     if (sigismember (&prev, SIGUSR1)
+\&       sigprocmask (SIG_UNBLOCK, &block, 0);
+\&   }
+.Ve
+.Sp
+(Note: pthreads in theory requires you to use \f(CW\*(C`pthread_setmask\*(C'\fR
+instead of \f(CW\*(C`sigprocmask\*(C'\fR when you use threads, but libev doesn't do it
+either...).
+.IP "queueing from a thread context" 4
+.IX Item "queueing from a thread context"
+The strategy for threads is different, as you cannot (easily) block
+threads but you can easily preempt them, so to queue safely you need to
+employ a traditional mutex lock, such as in this pthread example:
+.Sp
+.Vb 2
+\&   static ev_async mysig;
+\&   static pthread_mutex_t mymutex = PTHREAD_MUTEX_INITIALIZER;
+\&
+\&   static void
+\&   otherthread (void)
+\&   {
+\&     // only need to lock the actual queueing operation
+\&     pthread_mutex_lock (&mymutex);
+\&     queue_put (data);
+\&     pthread_mutex_unlock (&mymutex);
+\&
+\&     ev_async_send (EV_DEFAULT_ &mysig);
+\&   }
+\&
+\&   static void
+\&   mysig_cb (EV_P_ ev_async *w, int revents)
+\&   {
+\&     pthread_mutex_lock (&mymutex);
+\&
+\&     while (queue_get (&data))
+\&       process (data);
+\&
+\&     pthread_mutex_unlock (&mymutex);
+\&   }
+.Ve
+.PP
+\fIWatcher-Specific Functions and Data Members\fR
+.IX Subsection "Watcher-Specific Functions and Data Members"
+.IP "ev_async_init (ev_async *, callback)" 4
+.IX Item "ev_async_init (ev_async *, callback)"
+Initialises and configures the async watcher \- it has no parameters of any
+kind. There is a \f(CW\*(C`ev_async_set\*(C'\fR macro, but using it is utterly pointless,
+trust me.
+.IP "ev_async_send (loop, ev_async *)" 4
+.IX Item "ev_async_send (loop, ev_async *)"
+Sends/signals/activates the given \f(CW\*(C`ev_async\*(C'\fR watcher, that is, feeds
+an \f(CW\*(C`EV_ASYNC\*(C'\fR event on the watcher into the event loop, and instantly
+returns.
+.Sp
+Unlike \f(CW\*(C`ev_feed_event\*(C'\fR, this call is safe to do from other threads,
+signal or similar contexts (see the discussion of \f(CW\*(C`EV_ATOMIC_T\*(C'\fR in the
+embedding section below on what exactly this means).
+.Sp
+Note that, as with other watchers in libev, multiple events might get
+compressed into a single callback invocation (another way to look at
+this is that \f(CW\*(C`ev_async\*(C'\fR watchers are level-triggered: they are set on
+\&\f(CW\*(C`ev_async_send\*(C'\fR, reset when the event loop detects that).
+.Sp
+This call incurs the overhead of at most one extra system call per event
+loop iteration, if the event loop is blocked, and no syscall at all if
+the event loop (or your program) is processing events. That means that
+repeated calls are basically free (there is no need to avoid calls for
+performance reasons) and that the overhead becomes smaller (typically
+zero) under load.
+.IP "bool = ev_async_pending (ev_async *)" 4
+.IX Item "bool = ev_async_pending (ev_async *)"
+Returns a non-zero value when \f(CW\*(C`ev_async_send\*(C'\fR has been called on the
+watcher but the event has not yet been processed (or even noted) by the
+event loop.
+.Sp
+\&\f(CW\*(C`ev_async_send\*(C'\fR sets a flag in the watcher and wakes up the loop. When
+the loop iterates next and checks for the watcher to have become active,
+it will reset the flag again. \f(CW\*(C`ev_async_pending\*(C'\fR can be used to very
+quickly check whether invoking the loop might be a good idea.
+.Sp
+Not that this does \fInot\fR check whether the watcher itself is pending,
+only whether it has been requested to make this watcher pending: there
+is a time window between the event loop checking and resetting the async
+notification, and the callback being invoked.
+.SH "OTHER FUNCTIONS"
+.IX Header "OTHER FUNCTIONS"
+There are some other functions of possible interest. Described. Here. Now.
+.IP "ev_once (loop, int fd, int events, ev_tstamp timeout, callback, arg)" 4
+.IX Item "ev_once (loop, int fd, int events, ev_tstamp timeout, callback, arg)"
+This function combines a simple timer and an I/O watcher, calls your
+callback on whichever event happens first and automatically stops both
+watchers. This is useful if you want to wait for a single event on an fd
+or timeout without having to allocate/configure/start/stop/free one or
+more watchers yourself.
+.Sp
+If \f(CW\*(C`fd\*(C'\fR is less than 0, then no I/O watcher will be started and the
+\&\f(CW\*(C`events\*(C'\fR argument is being ignored. Otherwise, an \f(CW\*(C`ev_io\*(C'\fR watcher for
+the given \f(CW\*(C`fd\*(C'\fR and \f(CW\*(C`events\*(C'\fR set will be created and started.
+.Sp
+If \f(CW\*(C`timeout\*(C'\fR is less than 0, then no timeout watcher will be
+started. Otherwise an \f(CW\*(C`ev_timer\*(C'\fR watcher with after = \f(CW\*(C`timeout\*(C'\fR (and
+repeat = 0) will be started. \f(CW0\fR is a valid timeout.
+.Sp
+The callback has the type \f(CW\*(C`void (*cb)(int revents, void *arg)\*(C'\fR and is
+passed an \f(CW\*(C`revents\*(C'\fR set like normal event callbacks (a combination of
+\&\f(CW\*(C`EV_ERROR\*(C'\fR, \f(CW\*(C`EV_READ\*(C'\fR, \f(CW\*(C`EV_WRITE\*(C'\fR or \f(CW\*(C`EV_TIMER\*(C'\fR) and the \f(CW\*(C`arg\*(C'\fR
+value passed to \f(CW\*(C`ev_once\*(C'\fR. Note that it is possible to receive \fIboth\fR
+a timeout and an io event at the same time \- you probably should give io
+events precedence.
+.Sp
+Example: wait up to ten seconds for data to appear on \s-1STDIN_FILENO.\s0
+.Sp
+.Vb 7
+\&   static void stdin_ready (int revents, void *arg)
+\&   {
+\&     if (revents & EV_READ)
+\&       /* stdin might have data for us, joy! */;
+\&     else if (revents & EV_TIMER)
+\&       /* doh, nothing entered */;
+\&   }
+\&
+\&   ev_once (STDIN_FILENO, EV_READ, 10., stdin_ready, 0);
+.Ve
+.IP "ev_feed_fd_event (loop, int fd, int revents)" 4
+.IX Item "ev_feed_fd_event (loop, int fd, int revents)"
+Feed an event on the given fd, as if a file descriptor backend detected
+the given events.
+.IP "ev_feed_signal_event (loop, int signum)" 4
+.IX Item "ev_feed_signal_event (loop, int signum)"
+Feed an event as if the given signal occurred. See also \f(CW\*(C`ev_feed_signal\*(C'\fR,
+which is async-safe.
+.SH "COMMON OR USEFUL IDIOMS (OR BOTH)"
+.IX Header "COMMON OR USEFUL IDIOMS (OR BOTH)"
+This section explains some common idioms that are not immediately
+obvious. Note that examples are sprinkled over the whole manual, and this
+section only contains stuff that wouldn't fit anywhere else.
+.SS "\s-1ASSOCIATING CUSTOM DATA WITH A WATCHER\s0"
+.IX Subsection "ASSOCIATING CUSTOM DATA WITH A WATCHER"
+Each watcher has, by default, a \f(CW\*(C`void *data\*(C'\fR member that you can read
+or modify at any time: libev will completely ignore it. This can be used
+to associate arbitrary data with your watcher. If you need more data and
+don't want to allocate memory separately and store a pointer to it in that
+data member, you can also \*(L"subclass\*(R" the watcher type and provide your own
+data:
+.PP
+.Vb 7
+\&   struct my_io
+\&   {
+\&     ev_io io;
+\&     int otherfd;
+\&     void *somedata;
+\&     struct whatever *mostinteresting;
+\&   };
+\&
+\&   ...
+\&   struct my_io w;
+\&   ev_io_init (&w.io, my_cb, fd, EV_READ);
+.Ve
+.PP
+And since your callback will be called with a pointer to the watcher, you
+can cast it back to your own type:
+.PP
+.Vb 5
+\&   static void my_cb (struct ev_loop *loop, ev_io *w_, int revents)
+\&   {
+\&     struct my_io *w = (struct my_io *)w_;
+\&     ...
+\&   }
+.Ve
+.PP
+More interesting and less C\-conformant ways of casting your callback
+function type instead have been omitted.
+.SS "\s-1BUILDING YOUR OWN COMPOSITE WATCHERS\s0"
+.IX Subsection "BUILDING YOUR OWN COMPOSITE WATCHERS"
+Another common scenario is to use some data structure with multiple
+embedded watchers, in effect creating your own watcher that combines
+multiple libev event sources into one \*(L"super-watcher\*(R":
+.PP
+.Vb 6
+\&   struct my_biggy
+\&   {
+\&     int some_data;
+\&     ev_timer t1;
+\&     ev_timer t2;
+\&   }
+.Ve
+.PP
+In this case getting the pointer to \f(CW\*(C`my_biggy\*(C'\fR is a bit more
+complicated: Either you store the address of your \f(CW\*(C`my_biggy\*(C'\fR struct in
+the \f(CW\*(C`data\*(C'\fR member of the watcher (for woozies or \*(C+ coders), or you need
+to use some pointer arithmetic using \f(CW\*(C`offsetof\*(C'\fR inside your watchers (for
+real programmers):
+.PP
+.Vb 1
+\&   #include <stddef.h>
+\&
+\&   static void
+\&   t1_cb (EV_P_ ev_timer *w, int revents)
+\&   {
+\&     struct my_biggy big = (struct my_biggy *)
+\&       (((char *)w) \- offsetof (struct my_biggy, t1));
+\&   }
+\&
+\&   static void
+\&   t2_cb (EV_P_ ev_timer *w, int revents)
+\&   {
+\&     struct my_biggy big = (struct my_biggy *)
+\&       (((char *)w) \- offsetof (struct my_biggy, t2));
+\&   }
+.Ve
+.SS "\s-1AVOIDING FINISHING BEFORE RETURNING\s0"
+.IX Subsection "AVOIDING FINISHING BEFORE RETURNING"
+Often you have structures like this in event-based programs:
+.PP
+.Vb 4
+\&  callback ()
+\&  {
+\&    free (request);
+\&  }
+\&
+\&  request = start_new_request (..., callback);
+.Ve
+.PP
+The intent is to start some \*(L"lengthy\*(R" operation. The \f(CW\*(C`request\*(C'\fR could be
+used to cancel the operation, or do other things with it.
+.PP
+It's not uncommon to have code paths in \f(CW\*(C`start_new_request\*(C'\fR that
+immediately invoke the callback, for example, to report errors. Or you add
+some caching layer that finds that it can skip the lengthy aspects of the
+operation and simply invoke the callback with the result.
+.PP
+The problem here is that this will happen \fIbefore\fR \f(CW\*(C`start_new_request\*(C'\fR
+has returned, so \f(CW\*(C`request\*(C'\fR is not set.
+.PP
+Even if you pass the request by some safer means to the callback, you
+might want to do something to the request after starting it, such as
+canceling it, which probably isn't working so well when the callback has
+already been invoked.
+.PP
+A common way around all these issues is to make sure that
+\&\f(CW\*(C`start_new_request\*(C'\fR \fIalways\fR returns before the callback is invoked. If
+\&\f(CW\*(C`start_new_request\*(C'\fR immediately knows the result, it can artificially
+delay invoking the callback by using a \f(CW\*(C`prepare\*(C'\fR or \f(CW\*(C`idle\*(C'\fR watcher for
+example, or more sneakily, by reusing an existing (stopped) watcher and
+pushing it into the pending queue:
+.PP
+.Vb 2
+\&   ev_set_cb (watcher, callback);
+\&   ev_feed_event (EV_A_ watcher, 0);
+.Ve
+.PP
+This way, \f(CW\*(C`start_new_request\*(C'\fR can safely return before the callback is
+invoked, while not delaying callback invocation too much.
+.SS "\s-1MODEL/NESTED EVENT LOOP INVOCATIONS AND EXIT CONDITIONS\s0"
+.IX Subsection "MODEL/NESTED EVENT LOOP INVOCATIONS AND EXIT CONDITIONS"
+Often (especially in \s-1GUI\s0 toolkits) there are places where you have
+\&\fImodal\fR interaction, which is most easily implemented by recursively
+invoking \f(CW\*(C`ev_run\*(C'\fR.
+.PP
+This brings the problem of exiting \- a callback might want to finish the
+main \f(CW\*(C`ev_run\*(C'\fR call, but not the nested one (e.g. user clicked \*(L"Quit\*(R", but
+a modal \*(L"Are you sure?\*(R" dialog is still waiting), or just the nested one
+and not the main one (e.g. user clocked \*(L"Ok\*(R" in a modal dialog), or some
+other combination: In these cases, a simple \f(CW\*(C`ev_break\*(C'\fR will not work.
+.PP
+The solution is to maintain \*(L"break this loop\*(R" variable for each \f(CW\*(C`ev_run\*(C'\fR
+invocation, and use a loop around \f(CW\*(C`ev_run\*(C'\fR until the condition is
+triggered, using \f(CW\*(C`EVRUN_ONCE\*(C'\fR:
+.PP
+.Vb 2
+\&   // main loop
+\&   int exit_main_loop = 0;
+\&
+\&   while (!exit_main_loop)
+\&     ev_run (EV_DEFAULT_ EVRUN_ONCE);
+\&
+\&   // in a modal watcher
+\&   int exit_nested_loop = 0;
+\&
+\&   while (!exit_nested_loop)
+\&     ev_run (EV_A_ EVRUN_ONCE);
+.Ve
+.PP
+To exit from any of these loops, just set the corresponding exit variable:
+.PP
+.Vb 2
+\&   // exit modal loop
+\&   exit_nested_loop = 1;
+\&
+\&   // exit main program, after modal loop is finished
+\&   exit_main_loop = 1;
+\&
+\&   // exit both
+\&   exit_main_loop = exit_nested_loop = 1;
+.Ve
+.SS "\s-1THREAD LOCKING EXAMPLE\s0"
+.IX Subsection "THREAD LOCKING EXAMPLE"
+Here is a fictitious example of how to run an event loop in a different
+thread from where callbacks are being invoked and watchers are
+created/added/removed.
+.PP
+For a real-world example, see the \f(CW\*(C`EV::Loop::Async\*(C'\fR perl module,
+which uses exactly this technique (which is suited for many high-level
+languages).
+.PP
+The example uses a pthread mutex to protect the loop data, a condition
+variable to wait for callback invocations, an async watcher to notify the
+event loop thread and an unspecified mechanism to wake up the main thread.
+.PP
+First, you need to associate some data with the event loop:
+.PP
+.Vb 6
+\&   typedef struct {
+\&     mutex_t lock; /* global loop lock */
+\&     ev_async async_w;
+\&     thread_t tid;
+\&     cond_t invoke_cv;
+\&   } userdata;
+\&
+\&   void prepare_loop (EV_P)
+\&   {
+\&      // for simplicity, we use a static userdata struct.
+\&      static userdata u;
+\&
+\&      ev_async_init (&u\->async_w, async_cb);
+\&      ev_async_start (EV_A_ &u\->async_w);
+\&
+\&      pthread_mutex_init (&u\->lock, 0);
+\&      pthread_cond_init (&u\->invoke_cv, 0);
+\&
+\&      // now associate this with the loop
+\&      ev_set_userdata (EV_A_ u);
+\&      ev_set_invoke_pending_cb (EV_A_ l_invoke);
+\&      ev_set_loop_release_cb (EV_A_ l_release, l_acquire);
+\&
+\&      // then create the thread running ev_run
+\&      pthread_create (&u\->tid, 0, l_run, EV_A);
+\&   }
+.Ve
+.PP
+The callback for the \f(CW\*(C`ev_async\*(C'\fR watcher does nothing: the watcher is used
+solely to wake up the event loop so it takes notice of any new watchers
+that might have been added:
+.PP
+.Vb 5
+\&   static void
+\&   async_cb (EV_P_ ev_async *w, int revents)
+\&   {
+\&      // just used for the side effects
+\&   }
+.Ve
+.PP
+The \f(CW\*(C`l_release\*(C'\fR and \f(CW\*(C`l_acquire\*(C'\fR callbacks simply unlock/lock the mutex
+protecting the loop data, respectively.
+.PP
+.Vb 6
+\&   static void
+\&   l_release (EV_P)
+\&   {
+\&     userdata *u = ev_userdata (EV_A);
+\&     pthread_mutex_unlock (&u\->lock);
+\&   }
+\&
+\&   static void
+\&   l_acquire (EV_P)
+\&   {
+\&     userdata *u = ev_userdata (EV_A);
+\&     pthread_mutex_lock (&u\->lock);
+\&   }
+.Ve
+.PP
+The event loop thread first acquires the mutex, and then jumps straight
+into \f(CW\*(C`ev_run\*(C'\fR:
+.PP
+.Vb 4
+\&   void *
+\&   l_run (void *thr_arg)
+\&   {
+\&     struct ev_loop *loop = (struct ev_loop *)thr_arg;
+\&
+\&     l_acquire (EV_A);
+\&     pthread_setcanceltype (PTHREAD_CANCEL_ASYNCHRONOUS, 0);
+\&     ev_run (EV_A_ 0);
+\&     l_release (EV_A);
+\&
+\&     return 0;
+\&   }
+.Ve
+.PP
+Instead of invoking all pending watchers, the \f(CW\*(C`l_invoke\*(C'\fR callback will
+signal the main thread via some unspecified mechanism (signals? pipe
+writes? \f(CW\*(C`Async::Interrupt\*(C'\fR?) and then waits until all pending watchers
+have been called (in a while loop because a) spurious wakeups are possible
+and b) skipping inter-thread-communication when there are no pending
+watchers is very beneficial):
+.PP
+.Vb 4
+\&   static void
+\&   l_invoke (EV_P)
+\&   {
+\&     userdata *u = ev_userdata (EV_A);
+\&
+\&     while (ev_pending_count (EV_A))
+\&       {
+\&         wake_up_other_thread_in_some_magic_or_not_so_magic_way ();
+\&         pthread_cond_wait (&u\->invoke_cv, &u\->lock);
+\&       }
+\&   }
+.Ve
+.PP
+Now, whenever the main thread gets told to invoke pending watchers, it
+will grab the lock, call \f(CW\*(C`ev_invoke_pending\*(C'\fR and then signal the loop
+thread to continue:
+.PP
+.Vb 4
+\&   static void
+\&   real_invoke_pending (EV_P)
+\&   {
+\&     userdata *u = ev_userdata (EV_A);
+\&
+\&     pthread_mutex_lock (&u\->lock);
+\&     ev_invoke_pending (EV_A);
+\&     pthread_cond_signal (&u\->invoke_cv);
+\&     pthread_mutex_unlock (&u\->lock);
+\&   }
+.Ve
+.PP
+Whenever you want to start/stop a watcher or do other modifications to an
+event loop, you will now have to lock:
+.PP
+.Vb 2
+\&   ev_timer timeout_watcher;
+\&   userdata *u = ev_userdata (EV_A);
+\&
+\&   ev_timer_init (&timeout_watcher, timeout_cb, 5.5, 0.);
+\&
+\&   pthread_mutex_lock (&u\->lock);
+\&   ev_timer_start (EV_A_ &timeout_watcher);
+\&   ev_async_send (EV_A_ &u\->async_w);
+\&   pthread_mutex_unlock (&u\->lock);
+.Ve
+.PP
+Note that sending the \f(CW\*(C`ev_async\*(C'\fR watcher is required because otherwise
+an event loop currently blocking in the kernel will have no knowledge
+about the newly added timer. By waking up the loop it will pick up any new
+watchers in the next event loop iteration.
+.SS "\s-1THREADS, COROUTINES, CONTINUATIONS, QUEUES... INSTEAD OF CALLBACKS\s0"
+.IX Subsection "THREADS, COROUTINES, CONTINUATIONS, QUEUES... INSTEAD OF CALLBACKS"
+While the overhead of a callback that e.g. schedules a thread is small, it
+is still an overhead. If you embed libev, and your main usage is with some
+kind of threads or coroutines, you might want to customise libev so that
+doesn't need callbacks anymore.
+.PP
+Imagine you have coroutines that you can switch to using a function
+\&\f(CW\*(C`switch_to (coro)\*(C'\fR, that libev runs in a coroutine called \f(CW\*(C`libev_coro\*(C'\fR
+and that due to some magic, the currently active coroutine is stored in a
+global called \f(CW\*(C`current_coro\*(C'\fR. Then you can build your own \*(L"wait for libev
+event\*(R" primitive by changing \f(CW\*(C`EV_CB_DECLARE\*(C'\fR and \f(CW\*(C`EV_CB_INVOKE\*(C'\fR (note
+the differing \f(CW\*(C`;\*(C'\fR conventions):
+.PP
+.Vb 2
+\&   #define EV_CB_DECLARE(type)   struct my_coro *cb;
+\&   #define EV_CB_INVOKE(watcher) switch_to ((watcher)\->cb)
+.Ve
+.PP
+That means instead of having a C callback function, you store the
+coroutine to switch to in each watcher, and instead of having libev call
+your callback, you instead have it switch to that coroutine.
+.PP
+A coroutine might now wait for an event with a function called
+\&\f(CW\*(C`wait_for_event\*(C'\fR. (the watcher needs to be started, as always, but it doesn't
+matter when, or whether the watcher is active or not when this function is
+called):
+.PP
+.Vb 6
+\&   void
+\&   wait_for_event (ev_watcher *w)
+\&   {
+\&     ev_set_cb (w, current_coro);
+\&     switch_to (libev_coro);
+\&   }
+.Ve
+.PP
+That basically suspends the coroutine inside \f(CW\*(C`wait_for_event\*(C'\fR and
+continues the libev coroutine, which, when appropriate, switches back to
+this or any other coroutine.
+.PP
+You can do similar tricks if you have, say, threads with an event queue \-
+instead of storing a coroutine, you store the queue object and instead of
+switching to a coroutine, you push the watcher onto the queue and notify
+any waiters.
+.PP
+To embed libev, see \*(L"\s-1EMBEDDING\*(R"\s0, but in short, it's easiest to create two
+files, \fImy_ev.h\fR and \fImy_ev.c\fR that include the respective libev files:
+.PP
+.Vb 4
+\&   // my_ev.h
+\&   #define EV_CB_DECLARE(type)   struct my_coro *cb;
+\&   #define EV_CB_INVOKE(watcher) switch_to ((watcher)\->cb)
+\&   #include "../libev/ev.h"
+\&
+\&   // my_ev.c
+\&   #define EV_H "my_ev.h"
+\&   #include "../libev/ev.c"
+.Ve
+.PP
+And then use \fImy_ev.h\fR when you would normally use \fIev.h\fR, and compile
+\&\fImy_ev.c\fR into your project. When properly specifying include paths, you
+can even use \fIev.h\fR as header file name directly.
+.SH "LIBEVENT EMULATION"
+.IX Header "LIBEVENT EMULATION"
+Libev offers a compatibility emulation layer for libevent. It cannot
+emulate the internals of libevent, so here are some usage hints:
+.IP "\(bu" 4
+Only the libevent\-1.4.1\-beta \s-1API\s0 is being emulated.
+.Sp
+This was the newest libevent version available when libev was implemented,
+and is still mostly unchanged in 2010.
+.IP "\(bu" 4
+Use it by including <event.h>, as usual.
+.IP "\(bu" 4
+The following members are fully supported: ev_base, ev_callback,
+ev_arg, ev_fd, ev_res, ev_events.
+.IP "\(bu" 4
+Avoid using ev_flags and the EVLIST_*\-macros, while it is
+maintained by libev, it does not work exactly the same way as in libevent (consider
+it a private \s-1API\s0).
+.IP "\(bu" 4
+Priorities are not currently supported. Initialising priorities
+will fail and all watchers will have the same priority, even though there
+is an ev_pri field.
+.IP "\(bu" 4
+In libevent, the last base created gets the signals, in libev, the
+base that registered the signal gets the signals.
+.IP "\(bu" 4
+Other members are not supported.
+.IP "\(bu" 4
+The libev emulation is \fInot\fR \s-1ABI\s0 compatible to libevent, you need
+to use the libev header file and library.
+.SH "\*(C+ SUPPORT"
+.IX Header " SUPPORT"
+.SS "C \s-1API\s0"
+.IX Subsection "C API"
+The normal C \s-1API\s0 should work fine when used from \*(C+: both ev.h and the
+libev sources can be compiled as \*(C+. Therefore, code that uses the C \s-1API\s0
+will work fine.
+.PP
+Proper exception specifications might have to be added to callbacks passed
+to libev: exceptions may be thrown only from watcher callbacks, all other
+callbacks (allocator, syserr, loop acquire/release and periodic reschedule
+callbacks) must not throw exceptions, and might need a \f(CW\*(C`noexcept\*(C'\fR
+specification. If you have code that needs to be compiled as both C and
+\&\*(C+ you can use the \f(CW\*(C`EV_NOEXCEPT\*(C'\fR macro for this:
+.PP
+.Vb 6
+\&   static void
+\&   fatal_error (const char *msg) EV_NOEXCEPT
+\&   {
+\&     perror (msg);
+\&     abort ();
+\&   }
+\&
+\&   ...
+\&   ev_set_syserr_cb (fatal_error);
+.Ve
+.PP
+The only \s-1API\s0 functions that can currently throw exceptions are \f(CW\*(C`ev_run\*(C'\fR,
+\&\f(CW\*(C`ev_invoke\*(C'\fR, \f(CW\*(C`ev_invoke_pending\*(C'\fR and \f(CW\*(C`ev_loop_destroy\*(C'\fR (the latter
+because it runs cleanup watchers).
+.PP
+Throwing exceptions in watcher callbacks is only supported if libev itself
+is compiled with a \*(C+ compiler or your C and \*(C+ environments allow
+throwing exceptions through C libraries (most do).
+.SS "\*(C+ \s-1API\s0"
+.IX Subsection " API"
+Libev comes with some simplistic wrapper classes for \*(C+ that mainly allow
+you to use some convenience methods to start/stop watchers and also change
+the callback model to a model using method callbacks on objects.
+.PP
+To use it,
+.PP
+.Vb 1
+\&   #include <ev++.h>
+.Ve
+.PP
+This automatically includes \fIev.h\fR and puts all of its definitions (many
+of them macros) into the global namespace. All \*(C+ specific things are
+put into the \f(CW\*(C`ev\*(C'\fR namespace. It should support all the same embedding
+options as \fIev.h\fR, most notably \f(CW\*(C`EV_MULTIPLICITY\*(C'\fR.
+.PP
+Care has been taken to keep the overhead low. The only data member the \*(C+
+classes add (compared to plain C\-style watchers) is the event loop pointer
+that the watcher is associated with (or no additional members at all if
+you disable \f(CW\*(C`EV_MULTIPLICITY\*(C'\fR when embedding libev).
+.PP
+Currently, functions, static and non-static member functions and classes
+with \f(CW\*(C`operator ()\*(C'\fR can be used as callbacks. Other types should be easy
+to add as long as they only need one additional pointer for context. If
+you need support for other types of functors please contact the author
+(preferably after implementing it).
+.PP
+For all this to work, your \*(C+ compiler either has to use the same calling
+conventions as your C compiler (for static member functions), or you have
+to embed libev and compile libev itself as \*(C+.
+.PP
+Here is a list of things available in the \f(CW\*(C`ev\*(C'\fR namespace:
+.ie n .IP """ev::READ"", ""ev::WRITE"" etc." 4
+.el .IP "\f(CWev::READ\fR, \f(CWev::WRITE\fR etc." 4
+.IX Item "ev::READ, ev::WRITE etc."
+These are just enum values with the same values as the \f(CW\*(C`EV_READ\*(C'\fR etc.
+macros from \fIev.h\fR.
+.ie n .IP """ev::tstamp"", ""ev::now""" 4
+.el .IP "\f(CWev::tstamp\fR, \f(CWev::now\fR" 4
+.IX Item "ev::tstamp, ev::now"
+Aliases to the same types/functions as with the \f(CW\*(C`ev_\*(C'\fR prefix.
+.ie n .IP """ev::io"", ""ev::timer"", ""ev::periodic"", ""ev::idle"", ""ev::sig"" etc." 4
+.el .IP "\f(CWev::io\fR, \f(CWev::timer\fR, \f(CWev::periodic\fR, \f(CWev::idle\fR, \f(CWev::sig\fR etc." 4
+.IX Item "ev::io, ev::timer, ev::periodic, ev::idle, ev::sig etc."
+For each \f(CW\*(C`ev_TYPE\*(C'\fR watcher in \fIev.h\fR there is a corresponding class of
+the same name in the \f(CW\*(C`ev\*(C'\fR namespace, with the exception of \f(CW\*(C`ev_signal\*(C'\fR
+which is called \f(CW\*(C`ev::sig\*(C'\fR to avoid clashes with the \f(CW\*(C`signal\*(C'\fR macro
+defined by many implementations.
+.Sp
+All of those classes have these methods:
+.RS 4
+.IP "ev::TYPE::TYPE ()" 4
+.IX Item "ev::TYPE::TYPE ()"
+.PD 0
+.IP "ev::TYPE::TYPE (loop)" 4
+.IX Item "ev::TYPE::TYPE (loop)"
+.IP "ev::TYPE::~TYPE" 4
+.IX Item "ev::TYPE::~TYPE"
+.PD
+The constructor (optionally) takes an event loop to associate the watcher
+with. If it is omitted, it will use \f(CW\*(C`EV_DEFAULT\*(C'\fR.
+.Sp
+The constructor calls \f(CW\*(C`ev_init\*(C'\fR for you, which means you have to call the
+\&\f(CW\*(C`set\*(C'\fR method before starting it.
+.Sp
+It will not set a callback, however: You have to call the templated \f(CW\*(C`set\*(C'\fR
+method to set a callback before you can start the watcher.
+.Sp
+(The reason why you have to use a method is a limitation in \*(C+ which does
+not allow explicit template arguments for constructors).
+.Sp
+The destructor automatically stops the watcher if it is active.
+.IP "w\->set<class, &class::method> (object *)" 4
+.IX Item "w->set<class, &class::method> (object *)"
+This method sets the callback method to call. The method has to have a
+signature of \f(CW\*(C`void (*)(ev_TYPE &, int)\*(C'\fR, it receives the watcher as
+first argument and the \f(CW\*(C`revents\*(C'\fR as second. The object must be given as
+parameter and is stored in the \f(CW\*(C`data\*(C'\fR member of the watcher.
+.Sp
+This method synthesizes efficient thunking code to call your method from
+the C callback that libev requires. If your compiler can inline your
+callback (i.e. it is visible to it at the place of the \f(CW\*(C`set\*(C'\fR call and
+your compiler is good :), then the method will be fully inlined into the
+thunking function, making it as fast as a direct C callback.
+.Sp
+Example: simple class declaration and watcher initialisation
+.Sp
+.Vb 4
+\&   struct myclass
+\&   {
+\&     void io_cb (ev::io &w, int revents) { }
+\&   }
+\&
+\&   myclass obj;
+\&   ev::io iow;
+\&   iow.set <myclass, &myclass::io_cb> (&obj);
+.Ve
+.IP "w\->set (object *)" 4
+.IX Item "w->set (object *)"
+This is a variation of a method callback \- leaving out the method to call
+will default the method to \f(CW\*(C`operator ()\*(C'\fR, which makes it possible to use
+functor objects without having to manually specify the \f(CW\*(C`operator ()\*(C'\fR all
+the time. Incidentally, you can then also leave out the template argument
+list.
+.Sp
+The \f(CW\*(C`operator ()\*(C'\fR method prototype must be \f(CW\*(C`void operator ()(watcher &w,
+int revents)\*(C'\fR.
+.Sp
+See the method\-\f(CW\*(C`set\*(C'\fR above for more details.
+.Sp
+Example: use a functor object as callback.
+.Sp
+.Vb 7
+\&   struct myfunctor
+\&   {
+\&     void operator() (ev::io &w, int revents)
+\&     {
+\&       ...
+\&     }
+\&   }
+\&
+\&   myfunctor f;
+\&
+\&   ev::io w;
+\&   w.set (&f);
+.Ve
+.IP "w\->set<function> (void *data = 0)" 4
+.IX Item "w->set<function> (void *data = 0)"
+Also sets a callback, but uses a static method or plain function as
+callback. The optional \f(CW\*(C`data\*(C'\fR argument will be stored in the watcher's
+\&\f(CW\*(C`data\*(C'\fR member and is free for you to use.
+.Sp
+The prototype of the \f(CW\*(C`function\*(C'\fR must be \f(CW\*(C`void (*)(ev::TYPE &w, int)\*(C'\fR.
+.Sp
+See the method\-\f(CW\*(C`set\*(C'\fR above for more details.
+.Sp
+Example: Use a plain function as callback.
+.Sp
+.Vb 2
+\&   static void io_cb (ev::io &w, int revents) { }
+\&   iow.set <io_cb> ();
+.Ve
+.IP "w\->set (loop)" 4
+.IX Item "w->set (loop)"
+Associates a different \f(CW\*(C`struct ev_loop\*(C'\fR with this watcher. You can only
+do this when the watcher is inactive (and not pending either).
+.IP "w\->set ([arguments])" 4
+.IX Item "w->set ([arguments])"
+Basically the same as \f(CW\*(C`ev_TYPE_set\*(C'\fR (except for \f(CW\*(C`ev::embed\*(C'\fR watchers>),
+with the same arguments. Either this method or a suitable start method
+must be called at least once. Unlike the C counterpart, an active watcher
+gets automatically stopped and restarted when reconfiguring it with this
+method.
+.Sp
+For \f(CW\*(C`ev::embed\*(C'\fR watchers this method is called \f(CW\*(C`set_embed\*(C'\fR, to avoid
+clashing with the \f(CW\*(C`set (loop)\*(C'\fR method.
+.Sp
+For \f(CW\*(C`ev::io\*(C'\fR watchers there is an additional \f(CW\*(C`set\*(C'\fR method that acepts a
+new event mask only, and internally calls \f(CW\*(C`ev_io_modfify\*(C'\fR.
+.IP "w\->start ()" 4
+.IX Item "w->start ()"
+Starts the watcher. Note that there is no \f(CW\*(C`loop\*(C'\fR argument, as the
+constructor already stores the event loop.
+.IP "w\->start ([arguments])" 4
+.IX Item "w->start ([arguments])"
+Instead of calling \f(CW\*(C`set\*(C'\fR and \f(CW\*(C`start\*(C'\fR methods separately, it is often
+convenient to wrap them in one call. Uses the same type of arguments as
+the configure \f(CW\*(C`set\*(C'\fR method of the watcher.
+.IP "w\->stop ()" 4
+.IX Item "w->stop ()"
+Stops the watcher if it is active. Again, no \f(CW\*(C`loop\*(C'\fR argument.
+.ie n .IP "w\->again () (""ev::timer"", ""ev::periodic"" only)" 4
+.el .IP "w\->again () (\f(CWev::timer\fR, \f(CWev::periodic\fR only)" 4
+.IX Item "w->again () (ev::timer, ev::periodic only)"
+For \f(CW\*(C`ev::timer\*(C'\fR and \f(CW\*(C`ev::periodic\*(C'\fR, this invokes the corresponding
+\&\f(CW\*(C`ev_TYPE_again\*(C'\fR function.
+.ie n .IP "w\->sweep () (""ev::embed"" only)" 4
+.el .IP "w\->sweep () (\f(CWev::embed\fR only)" 4
+.IX Item "w->sweep () (ev::embed only)"
+Invokes \f(CW\*(C`ev_embed_sweep\*(C'\fR.
+.ie n .IP "w\->update () (""ev::stat"" only)" 4
+.el .IP "w\->update () (\f(CWev::stat\fR only)" 4
+.IX Item "w->update () (ev::stat only)"
+Invokes \f(CW\*(C`ev_stat_stat\*(C'\fR.
+.RE
+.RS 4
+.RE
+.PP
+Example: Define a class with two I/O and idle watchers, start the I/O
+watchers in the constructor.
+.PP
+.Vb 5
+\&   class myclass
+\&   {
+\&     ev::io   io  ; void io_cb   (ev::io   &w, int revents);
+\&     ev::io   io2 ; void io2_cb  (ev::io   &w, int revents);
+\&     ev::idle idle; void idle_cb (ev::idle &w, int revents);
+\&
+\&     myclass (int fd)
+\&     {
+\&       io  .set <myclass, &myclass::io_cb  > (this);
+\&       io2 .set <myclass, &myclass::io2_cb > (this);
+\&       idle.set <myclass, &myclass::idle_cb> (this);
+\&
+\&       io.set (fd, ev::WRITE); // configure the watcher
+\&       io.start ();            // start it whenever convenient
+\&
+\&       io2.start (fd, ev::READ); // set + start in one call
+\&     }
+\&   };
+.Ve
+.SH "OTHER LANGUAGE BINDINGS"
+.IX Header "OTHER LANGUAGE BINDINGS"
+Libev does not offer other language bindings itself, but bindings for a
+number of languages exist in the form of third-party packages. If you know
+any interesting language binding in addition to the ones listed here, drop
+me a note.
+.IP "Perl" 4
+.IX Item "Perl"
+The \s-1EV\s0 module implements the full libev \s-1API\s0 and is actually used to test
+libev. \s-1EV\s0 is developed together with libev. Apart from the \s-1EV\s0 core module,
+there are additional modules that implement libev-compatible interfaces
+to \f(CW\*(C`libadns\*(C'\fR (\f(CW\*(C`EV::ADNS\*(C'\fR, but \f(CW\*(C`AnyEvent::DNS\*(C'\fR is preferred nowadays),
+\&\f(CW\*(C`Net::SNMP\*(C'\fR (\f(CW\*(C`Net::SNMP::EV\*(C'\fR) and the \f(CW\*(C`libglib\*(C'\fR event core (\f(CW\*(C`Glib::EV\*(C'\fR
+and \f(CW\*(C`EV::Glib\*(C'\fR).
+.Sp
+It can be found and installed via \s-1CPAN,\s0 its homepage is at
+<http://software.schmorp.de/pkg/EV>.
+.IP "Python" 4
+.IX Item "Python"
+Python bindings can be found at <http://code.google.com/p/pyev/>. It
+seems to be quite complete and well-documented.
+.IP "Ruby" 4
+.IX Item "Ruby"
+Tony Arcieri has written a ruby extension that offers access to a subset
+of the libev \s-1API\s0 and adds file handle abstractions, asynchronous \s-1DNS\s0 and
+more on top of it. It can be found via gem servers. Its homepage is at
+<http://rev.rubyforge.org/>.
+.Sp
+Roger Pack reports that using the link order \f(CW\*(C`\-lws2_32 \-lmsvcrt\-ruby\-190\*(C'\fR
+makes rev work even on mingw.
+.IP "Haskell" 4
+.IX Item "Haskell"
+A haskell binding to libev is available at
+<http://hackage.haskell.org/cgi\-bin/hackage\-scripts/package/hlibev>.
+.IP "D" 4
+.IX Item "D"
+Leandro Lucarella has written a D language binding (\fIev.d\fR) for libev, to
+be found at <http://www.llucax.com.ar/proj/ev.d/index.html>.
+.IP "Ocaml" 4
+.IX Item "Ocaml"
+Erkki Seppala has written Ocaml bindings for libev, to be found at
+<http://modeemi.cs.tut.fi/~flux/software/ocaml\-ev/>.
+.IP "Lua" 4
+.IX Item "Lua"
+Brian Maher has written a partial interface to libev for lua (at the
+time of this writing, only \f(CW\*(C`ev_io\*(C'\fR and \f(CW\*(C`ev_timer\*(C'\fR), to be found at
+<http://github.com/brimworks/lua\-ev>.
+.IP "Javascript" 4
+.IX Item "Javascript"
+Node.js (<http://nodejs.org>) uses libev as the underlying event library.
+.IP "Others" 4
+.IX Item "Others"
+There are others, and I stopped counting.
+.SH "MACRO MAGIC"
+.IX Header "MACRO MAGIC"
+Libev can be compiled with a variety of options, the most fundamental
+of which is \f(CW\*(C`EV_MULTIPLICITY\*(C'\fR. This option determines whether (most)
+functions and callbacks have an initial \f(CW\*(C`struct ev_loop *\*(C'\fR argument.
+.PP
+To make it easier to write programs that cope with either variant, the
+following macros are defined:
+.ie n .IP """EV_A"", ""EV_A_""" 4
+.el .IP "\f(CWEV_A\fR, \f(CWEV_A_\fR" 4
+.IX Item "EV_A, EV_A_"
+This provides the loop \fIargument\fR for functions, if one is required (\*(L"ev
+loop argument\*(R"). The \f(CW\*(C`EV_A\*(C'\fR form is used when this is the sole argument,
+\&\f(CW\*(C`EV_A_\*(C'\fR is used when other arguments are following. Example:
+.Sp
+.Vb 3
+\&   ev_unref (EV_A);
+\&   ev_timer_add (EV_A_ watcher);
+\&   ev_run (EV_A_ 0);
+.Ve
+.Sp
+It assumes the variable \f(CW\*(C`loop\*(C'\fR of type \f(CW\*(C`struct ev_loop *\*(C'\fR is in scope,
+which is often provided by the following macro.
+.ie n .IP """EV_P"", ""EV_P_""" 4
+.el .IP "\f(CWEV_P\fR, \f(CWEV_P_\fR" 4
+.IX Item "EV_P, EV_P_"
+This provides the loop \fIparameter\fR for functions, if one is required (\*(L"ev
+loop parameter\*(R"). The \f(CW\*(C`EV_P\*(C'\fR form is used when this is the sole parameter,
+\&\f(CW\*(C`EV_P_\*(C'\fR is used when other parameters are following. Example:
+.Sp
+.Vb 2
+\&   // this is how ev_unref is being declared
+\&   static void ev_unref (EV_P);
+\&
+\&   // this is how you can declare your typical callback
+\&   static void cb (EV_P_ ev_timer *w, int revents)
+.Ve
+.Sp
+It declares a parameter \f(CW\*(C`loop\*(C'\fR of type \f(CW\*(C`struct ev_loop *\*(C'\fR, quite
+suitable for use with \f(CW\*(C`EV_A\*(C'\fR.
+.ie n .IP """EV_DEFAULT"", ""EV_DEFAULT_""" 4
+.el .IP "\f(CWEV_DEFAULT\fR, \f(CWEV_DEFAULT_\fR" 4
+.IX Item "EV_DEFAULT, EV_DEFAULT_"
+Similar to the other two macros, this gives you the value of the default
+loop, if multiple loops are supported (\*(L"ev loop default\*(R"). The default loop
+will be initialised if it isn't already initialised.
+.Sp
+For non-multiplicity builds, these macros do nothing, so you always have
+to initialise the loop somewhere.
+.ie n .IP """EV_DEFAULT_UC"", ""EV_DEFAULT_UC_""" 4
+.el .IP "\f(CWEV_DEFAULT_UC\fR, \f(CWEV_DEFAULT_UC_\fR" 4
+.IX Item "EV_DEFAULT_UC, EV_DEFAULT_UC_"
+Usage identical to \f(CW\*(C`EV_DEFAULT\*(C'\fR and \f(CW\*(C`EV_DEFAULT_\*(C'\fR, but requires that the
+default loop has been initialised (\f(CW\*(C`UC\*(C'\fR == unchecked). Their behaviour
+is undefined when the default loop has not been initialised by a previous
+execution of \f(CW\*(C`EV_DEFAULT\*(C'\fR, \f(CW\*(C`EV_DEFAULT_\*(C'\fR or \f(CW\*(C`ev_default_init (...)\*(C'\fR.
+.Sp
+It is often prudent to use \f(CW\*(C`EV_DEFAULT\*(C'\fR when initialising the first
+watcher in a function but use \f(CW\*(C`EV_DEFAULT_UC\*(C'\fR afterwards.
+.PP
+Example: Declare and initialise a check watcher, utilising the above
+macros so it will work regardless of whether multiple loops are supported
+or not.
+.PP
+.Vb 5
+\&   static void
+\&   check_cb (EV_P_ ev_timer *w, int revents)
+\&   {
+\&     ev_check_stop (EV_A_ w);
+\&   }
+\&
+\&   ev_check check;
+\&   ev_check_init (&check, check_cb);
+\&   ev_check_start (EV_DEFAULT_ &check);
+\&   ev_run (EV_DEFAULT_ 0);
+.Ve
+.SH "EMBEDDING"
+.IX Header "EMBEDDING"
+Libev can (and often is) directly embedded into host
+applications. Examples of applications that embed it include the Deliantra
+Game Server, the \s-1EV\s0 perl module, the \s-1GNU\s0 Virtual Private Ethernet (gvpe)
+and rxvt-unicode.
+.PP
+The goal is to enable you to just copy the necessary files into your
+source directory without having to change even a single line in them, so
+you can easily upgrade by simply copying (or having a checked-out copy of
+libev somewhere in your source tree).
+.SS "\s-1FILESETS\s0"
+.IX Subsection "FILESETS"
+Depending on what features you need you need to include one or more sets of files
+in your application.
+.PP
+\fI\s-1CORE EVENT LOOP\s0\fR
+.IX Subsection "CORE EVENT LOOP"
+.PP
+To include only the libev core (all the \f(CW\*(C`ev_*\*(C'\fR functions), with manual
+configuration (no autoconf):
+.PP
+.Vb 2
+\&   #define EV_STANDALONE 1
+\&   #include "ev.c"
+.Ve
+.PP
+This will automatically include \fIev.h\fR, too, and should be done in a
+single C source file only to provide the function implementations. To use
+it, do the same for \fIev.h\fR in all files wishing to use this \s-1API\s0 (best
+done by writing a wrapper around \fIev.h\fR that you can include instead and
+where you can put other configuration options):
+.PP
+.Vb 2
+\&   #define EV_STANDALONE 1
+\&   #include "ev.h"
+.Ve
+.PP
+Both header files and implementation files can be compiled with a \*(C+
+compiler (at least, that's a stated goal, and breakage will be treated
+as a bug).
+.PP
+You need the following files in your source tree, or in a directory
+in your include path (e.g. in libev/ when using \-Ilibev):
+.PP
+.Vb 4
+\&   ev.h
+\&   ev.c
+\&   ev_vars.h
+\&   ev_wrap.h
+\&
+\&   ev_win32.c      required on win32 platforms only
+\&
+\&   ev_select.c     only when select backend is enabled
+\&   ev_poll.c       only when poll backend is enabled
+\&   ev_epoll.c      only when the epoll backend is enabled
+\&   ev_linuxaio.c   only when the linux aio backend is enabled
+\&   ev_iouring.c    only when the linux io_uring backend is enabled
+\&   ev_kqueue.c     only when the kqueue backend is enabled
+\&   ev_port.c       only when the solaris port backend is enabled
+.Ve
+.PP
+\&\fIev.c\fR includes the backend files directly when enabled, so you only need
+to compile this single file.
+.PP
+\fI\s-1LIBEVENT COMPATIBILITY API\s0\fR
+.IX Subsection "LIBEVENT COMPATIBILITY API"
+.PP
+To include the libevent compatibility \s-1API,\s0 also include:
+.PP
+.Vb 1
+\&   #include "event.c"
+.Ve
+.PP
+in the file including \fIev.c\fR, and:
+.PP
+.Vb 1
+\&   #include "event.h"
+.Ve
+.PP
+in the files that want to use the libevent \s-1API.\s0 This also includes \fIev.h\fR.
+.PP
+You need the following additional files for this:
+.PP
+.Vb 2
+\&   event.h
+\&   event.c
+.Ve
+.PP
+\fI\s-1AUTOCONF SUPPORT\s0\fR
+.IX Subsection "AUTOCONF SUPPORT"
+.PP
+Instead of using \f(CW\*(C`EV_STANDALONE=1\*(C'\fR and providing your configuration in
+whatever way you want, you can also \f(CW\*(C`m4_include([libev.m4])\*(C'\fR in your
+\&\fIconfigure.ac\fR and leave \f(CW\*(C`EV_STANDALONE\*(C'\fR undefined. \fIev.c\fR will then
+include \fIconfig.h\fR and configure itself accordingly.
+.PP
+For this of course you need the m4 file:
+.PP
+.Vb 1
+\&   libev.m4
+.Ve
+.SS "\s-1PREPROCESSOR SYMBOLS/MACROS\s0"
+.IX Subsection "PREPROCESSOR SYMBOLS/MACROS"
+Libev can be configured via a variety of preprocessor symbols you have to
+define before including (or compiling) any of its files. The default in
+the absence of autoconf is documented for every option.
+.PP
+Symbols marked with \*(L"(h)\*(R" do not change the \s-1ABI,\s0 and can have different
+values when compiling libev vs. including \fIev.h\fR, so it is permissible
+to redefine them before including \fIev.h\fR without breaking compatibility
+to a compiled library. All other symbols change the \s-1ABI,\s0 which means all
+users of libev and the libev code itself must be compiled with compatible
+settings.
+.IP "\s-1EV_COMPAT3\s0 (h)" 4
+.IX Item "EV_COMPAT3 (h)"
+Backwards compatibility is a major concern for libev. This is why this
+release of libev comes with wrappers for the functions and symbols that
+have been renamed between libev version 3 and 4.
+.Sp
+You can disable these wrappers (to test compatibility with future
+versions) by defining \f(CW\*(C`EV_COMPAT3\*(C'\fR to \f(CW0\fR when compiling your
+sources. This has the additional advantage that you can drop the \f(CW\*(C`struct\*(C'\fR
+from \f(CW\*(C`struct ev_loop\*(C'\fR declarations, as libev will provide an \f(CW\*(C`ev_loop\*(C'\fR
+typedef in that case.
+.Sp
+In some future version, the default for \f(CW\*(C`EV_COMPAT3\*(C'\fR will become \f(CW0\fR,
+and in some even more future version the compatibility code will be
+removed completely.
+.IP "\s-1EV_STANDALONE\s0 (h)" 4
+.IX Item "EV_STANDALONE (h)"
+Must always be \f(CW1\fR if you do not use autoconf configuration, which
+keeps libev from including \fIconfig.h\fR, and it also defines dummy
+implementations for some libevent functions (such as logging, which is not
+supported). It will also not define any of the structs usually found in
+\&\fIevent.h\fR that are not directly supported by the libev core alone.
+.Sp
+In standalone mode, libev will still try to automatically deduce the
+configuration, but has to be more conservative.
+.IP "\s-1EV_USE_FLOOR\s0" 4
+.IX Item "EV_USE_FLOOR"
+If defined to be \f(CW1\fR, libev will use the \f(CW\*(C`floor ()\*(C'\fR function for its
+periodic reschedule calculations, otherwise libev will fall back on a
+portable (slower) implementation. If you enable this, you usually have to
+link against libm or something equivalent. Enabling this when the \f(CW\*(C`floor\*(C'\fR
+function is not available will fail, so the safe default is to not enable
+this.
+.IP "\s-1EV_USE_MONOTONIC\s0" 4
+.IX Item "EV_USE_MONOTONIC"
+If defined to be \f(CW1\fR, libev will try to detect the availability of the
+monotonic clock option at both compile time and runtime. Otherwise no
+use of the monotonic clock option will be attempted. If you enable this,
+you usually have to link against librt or something similar. Enabling it
+when the functionality isn't available is safe, though, although you have
+to make sure you link against any libraries where the \f(CW\*(C`clock_gettime\*(C'\fR
+function is hiding in (often \fI\-lrt\fR). See also \f(CW\*(C`EV_USE_CLOCK_SYSCALL\*(C'\fR.
+.IP "\s-1EV_USE_REALTIME\s0" 4
+.IX Item "EV_USE_REALTIME"
+If defined to be \f(CW1\fR, libev will try to detect the availability of the
+real-time clock option at compile time (and assume its availability
+at runtime if successful). Otherwise no use of the real-time clock
+option will be attempted. This effectively replaces \f(CW\*(C`gettimeofday\*(C'\fR
+by \f(CW\*(C`clock_get (CLOCK_REALTIME, ...)\*(C'\fR and will not normally affect
+correctness. See the note about libraries in the description of
+\&\f(CW\*(C`EV_USE_MONOTONIC\*(C'\fR, though. Defaults to the opposite value of
+\&\f(CW\*(C`EV_USE_CLOCK_SYSCALL\*(C'\fR.
+.IP "\s-1EV_USE_CLOCK_SYSCALL\s0" 4
+.IX Item "EV_USE_CLOCK_SYSCALL"
+If defined to be \f(CW1\fR, libev will try to use a direct syscall instead
+of calling the system-provided \f(CW\*(C`clock_gettime\*(C'\fR function. This option
+exists because on GNU/Linux, \f(CW\*(C`clock_gettime\*(C'\fR is in \f(CW\*(C`librt\*(C'\fR, but \f(CW\*(C`librt\*(C'\fR
+unconditionally pulls in \f(CW\*(C`libpthread\*(C'\fR, slowing down single-threaded
+programs needlessly. Using a direct syscall is slightly slower (in
+theory), because no optimised vdso implementation can be used, but avoids
+the pthread dependency. Defaults to \f(CW1\fR on GNU/Linux with glibc 2.x or
+higher, as it simplifies linking (no need for \f(CW\*(C`\-lrt\*(C'\fR).
+.IP "\s-1EV_USE_NANOSLEEP\s0" 4
+.IX Item "EV_USE_NANOSLEEP"
+If defined to be \f(CW1\fR, libev will assume that \f(CW\*(C`nanosleep ()\*(C'\fR is available
+and will use it for delays. Otherwise it will use \f(CW\*(C`select ()\*(C'\fR.
+.IP "\s-1EV_USE_EVENTFD\s0" 4
+.IX Item "EV_USE_EVENTFD"
+If defined to be \f(CW1\fR, then libev will assume that \f(CW\*(C`eventfd ()\*(C'\fR is
+available and will probe for kernel support at runtime. This will improve
+\&\f(CW\*(C`ev_signal\*(C'\fR and \f(CW\*(C`ev_async\*(C'\fR performance and reduce resource consumption.
+If undefined, it will be enabled if the headers indicate GNU/Linux + Glibc
+2.7 or newer, otherwise disabled.
+.IP "\s-1EV_USE_SIGNALFD\s0" 4
+.IX Item "EV_USE_SIGNALFD"
+If defined to be \f(CW1\fR, then libev will assume that \f(CW\*(C`signalfd ()\*(C'\fR is
+available and will probe for kernel support at runtime. This enables
+the use of \s-1EVFLAG_SIGNALFD\s0 for faster and simpler signal handling. If
+undefined, it will be enabled if the headers indicate GNU/Linux + Glibc
+2.7 or newer, otherwise disabled.
+.IP "\s-1EV_USE_TIMERFD\s0" 4
+.IX Item "EV_USE_TIMERFD"
+If defined to be \f(CW1\fR, then libev will assume that \f(CW\*(C`timerfd ()\*(C'\fR is
+available and will probe for kernel support at runtime. This allows
+libev to detect time jumps accurately. If undefined, it will be enabled
+if the headers indicate GNU/Linux + Glibc 2.8 or newer and define
+\&\f(CW\*(C`TFD_TIMER_CANCEL_ON_SET\*(C'\fR, otherwise disabled.
+.IP "\s-1EV_USE_EVENTFD\s0" 4
+.IX Item "EV_USE_EVENTFD"
+If defined to be \f(CW1\fR, then libev will assume that \f(CW\*(C`eventfd ()\*(C'\fR is
+available and will probe for kernel support at runtime. This will improve
+\&\f(CW\*(C`ev_signal\*(C'\fR and \f(CW\*(C`ev_async\*(C'\fR performance and reduce resource consumption.
+If undefined, it will be enabled if the headers indicate GNU/Linux + Glibc
+2.7 or newer, otherwise disabled.
+.IP "\s-1EV_USE_SELECT\s0" 4
+.IX Item "EV_USE_SELECT"
+If undefined or defined to be \f(CW1\fR, libev will compile in support for the
+\&\f(CW\*(C`select\*(C'\fR(2) backend. No attempt at auto-detection will be done: if no
+other method takes over, select will be it. Otherwise the select backend
+will not be compiled in.
+.IP "\s-1EV_SELECT_USE_FD_SET\s0" 4
+.IX Item "EV_SELECT_USE_FD_SET"
+If defined to \f(CW1\fR, then the select backend will use the system \f(CW\*(C`fd_set\*(C'\fR
+structure. This is useful if libev doesn't compile due to a missing
+\&\f(CW\*(C`NFDBITS\*(C'\fR or \f(CW\*(C`fd_mask\*(C'\fR definition or it mis-guesses the bitset layout
+on exotic systems. This usually limits the range of file descriptors to
+some low limit such as 1024 or might have other limitations (winsocket
+only allows 64 sockets). The \f(CW\*(C`FD_SETSIZE\*(C'\fR macro, set before compilation,
+configures the maximum size of the \f(CW\*(C`fd_set\*(C'\fR.
+.IP "\s-1EV_SELECT_IS_WINSOCKET\s0" 4
+.IX Item "EV_SELECT_IS_WINSOCKET"
+When defined to \f(CW1\fR, the select backend will assume that
+select/socket/connect etc. don't understand file descriptors but
+wants osf handles on win32 (this is the case when the select to
+be used is the winsock select). This means that it will call
+\&\f(CW\*(C`_get_osfhandle\*(C'\fR on the fd to convert it to an \s-1OS\s0 handle. Otherwise,
+it is assumed that all these functions actually work on fds, even
+on win32. Should not be defined on non\-win32 platforms.
+.IP "\s-1EV_FD_TO_WIN32_HANDLE\s0(fd)" 4
+.IX Item "EV_FD_TO_WIN32_HANDLE(fd)"
+If \f(CW\*(C`EV_SELECT_IS_WINSOCKET\*(C'\fR is enabled, then libev needs a way to map
+file descriptors to socket handles. When not defining this symbol (the
+default), then libev will call \f(CW\*(C`_get_osfhandle\*(C'\fR, which is usually
+correct. In some cases, programs use their own file descriptor management,
+in which case they can provide this function to map fds to socket handles.
+.IP "\s-1EV_WIN32_HANDLE_TO_FD\s0(handle)" 4
+.IX Item "EV_WIN32_HANDLE_TO_FD(handle)"
+If \f(CW\*(C`EV_SELECT_IS_WINSOCKET\*(C'\fR then libev maps handles to file descriptors
+using the standard \f(CW\*(C`_open_osfhandle\*(C'\fR function. For programs implementing
+their own fd to handle mapping, overwriting this function makes it easier
+to do so. This can be done by defining this macro to an appropriate value.
+.IP "\s-1EV_WIN32_CLOSE_FD\s0(fd)" 4
+.IX Item "EV_WIN32_CLOSE_FD(fd)"
+If programs implement their own fd to handle mapping on win32, then this
+macro can be used to override the \f(CW\*(C`close\*(C'\fR function, useful to unregister
+file descriptors again. Note that the replacement function has to close
+the underlying \s-1OS\s0 handle.
+.IP "\s-1EV_USE_WSASOCKET\s0" 4
+.IX Item "EV_USE_WSASOCKET"
+If defined to be \f(CW1\fR, libev will use \f(CW\*(C`WSASocket\*(C'\fR to create its internal
+communication socket, which works better in some environments. Otherwise,
+the normal \f(CW\*(C`socket\*(C'\fR function will be used, which works better in other
+environments.
+.IP "\s-1EV_USE_POLL\s0" 4
+.IX Item "EV_USE_POLL"
+If defined to be \f(CW1\fR, libev will compile in support for the \f(CW\*(C`poll\*(C'\fR(2)
+backend. Otherwise it will be enabled on non\-win32 platforms. It
+takes precedence over select.
+.IP "\s-1EV_USE_EPOLL\s0" 4
+.IX Item "EV_USE_EPOLL"
+If defined to be \f(CW1\fR, libev will compile in support for the Linux
+\&\f(CW\*(C`epoll\*(C'\fR(7) backend. Its availability will be detected at runtime,
+otherwise another method will be used as fallback. This is the preferred
+backend for GNU/Linux systems. If undefined, it will be enabled if the
+headers indicate GNU/Linux + Glibc 2.4 or newer, otherwise disabled.
+.IP "\s-1EV_USE_LINUXAIO\s0" 4
+.IX Item "EV_USE_LINUXAIO"
+If defined to be \f(CW1\fR, libev will compile in support for the Linux aio
+backend (\f(CW\*(C`EV_USE_EPOLL\*(C'\fR must also be enabled). If undefined, it will be
+enabled on linux, otherwise disabled.
+.IP "\s-1EV_USE_IOURING\s0" 4
+.IX Item "EV_USE_IOURING"
+If defined to be \f(CW1\fR, libev will compile in support for the Linux
+io_uring backend (\f(CW\*(C`EV_USE_EPOLL\*(C'\fR must also be enabled). Due to it's
+current limitations it has to be requested explicitly. If undefined, it
+will be enabled on linux, otherwise disabled.
+.IP "\s-1EV_USE_KQUEUE\s0" 4
+.IX Item "EV_USE_KQUEUE"
+If defined to be \f(CW1\fR, libev will compile in support for the \s-1BSD\s0 style
+\&\f(CW\*(C`kqueue\*(C'\fR(2) backend. Its actual availability will be detected at runtime,
+otherwise another method will be used as fallback. This is the preferred
+backend for \s-1BSD\s0 and BSD-like systems, although on most BSDs kqueue only
+supports some types of fds correctly (the only platform we found that
+supports ptys for example was NetBSD), so kqueue might be compiled in, but
+not be used unless explicitly requested. The best way to use it is to find
+out whether kqueue supports your type of fd properly and use an embedded
+kqueue loop.
+.IP "\s-1EV_USE_PORT\s0" 4
+.IX Item "EV_USE_PORT"
+If defined to be \f(CW1\fR, libev will compile in support for the Solaris
+10 port style backend. Its availability will be detected at runtime,
+otherwise another method will be used as fallback. This is the preferred
+backend for Solaris 10 systems.
+.IP "\s-1EV_USE_DEVPOLL\s0" 4
+.IX Item "EV_USE_DEVPOLL"
+Reserved for future expansion, works like the \s-1USE\s0 symbols above.
+.IP "\s-1EV_USE_INOTIFY\s0" 4
+.IX Item "EV_USE_INOTIFY"
+If defined to be \f(CW1\fR, libev will compile in support for the Linux inotify
+interface to speed up \f(CW\*(C`ev_stat\*(C'\fR watchers. Its actual availability will
+be detected at runtime. If undefined, it will be enabled if the headers
+indicate GNU/Linux + Glibc 2.4 or newer, otherwise disabled.
+.IP "\s-1EV_NO_SMP\s0" 4
+.IX Item "EV_NO_SMP"
+If defined to be \f(CW1\fR, libev will assume that memory is always coherent
+between threads, that is, threads can be used, but threads never run on
+different cpus (or different cpu cores). This reduces dependencies
+and makes libev faster.
+.IP "\s-1EV_NO_THREADS\s0" 4
+.IX Item "EV_NO_THREADS"
+If defined to be \f(CW1\fR, libev will assume that it will never be called from
+different threads (that includes signal handlers), which is a stronger
+assumption than \f(CW\*(C`EV_NO_SMP\*(C'\fR, above. This reduces dependencies and makes
+libev faster.
+.IP "\s-1EV_ATOMIC_T\s0" 4
+.IX Item "EV_ATOMIC_T"
+Libev requires an integer type (suitable for storing \f(CW0\fR or \f(CW1\fR) whose
+access is atomic with respect to other threads or signal contexts. No
+such type is easily found in the C language, so you can provide your own
+type that you know is safe for your purposes. It is used both for signal
+handler \*(L"locking\*(R" as well as for signal and thread safety in \f(CW\*(C`ev_async\*(C'\fR
+watchers.
+.Sp
+In the absence of this define, libev will use \f(CW\*(C`sig_atomic_t volatile\*(C'\fR
+(from \fIsignal.h\fR), which is usually good enough on most platforms.
+.IP "\s-1EV_H\s0 (h)" 4
+.IX Item "EV_H (h)"
+The name of the \fIev.h\fR header file used to include it. The default if
+undefined is \f(CW"ev.h"\fR in \fIevent.h\fR, \fIev.c\fR and \fIev++.h\fR. This can be
+used to virtually rename the \fIev.h\fR header file in case of conflicts.
+.IP "\s-1EV_CONFIG_H\s0 (h)" 4
+.IX Item "EV_CONFIG_H (h)"
+If \f(CW\*(C`EV_STANDALONE\*(C'\fR isn't \f(CW1\fR, this variable can be used to override
+\&\fIev.c\fR's idea of where to find the \fIconfig.h\fR file, similarly to
+\&\f(CW\*(C`EV_H\*(C'\fR, above.
+.IP "\s-1EV_EVENT_H\s0 (h)" 4
+.IX Item "EV_EVENT_H (h)"
+Similarly to \f(CW\*(C`EV_H\*(C'\fR, this macro can be used to override \fIevent.c\fR's idea
+of how the \fIevent.h\fR header can be found, the default is \f(CW"event.h"\fR.
+.IP "\s-1EV_PROTOTYPES\s0 (h)" 4
+.IX Item "EV_PROTOTYPES (h)"
+If defined to be \f(CW0\fR, then \fIev.h\fR will not define any function
+prototypes, but still define all the structs and other symbols. This is
+occasionally useful if you want to provide your own wrapper functions
+around libev functions.
+.IP "\s-1EV_MULTIPLICITY\s0" 4
+.IX Item "EV_MULTIPLICITY"
+If undefined or defined to \f(CW1\fR, then all event-loop-specific functions
+will have the \f(CW\*(C`struct ev_loop *\*(C'\fR as first argument, and you can create
+additional independent event loops. Otherwise there will be no support
+for multiple event loops and there is no first event loop pointer
+argument. Instead, all functions act on the single default loop.
+.Sp
+Note that \f(CW\*(C`EV_DEFAULT\*(C'\fR and \f(CW\*(C`EV_DEFAULT_\*(C'\fR will no longer provide a
+default loop when multiplicity is switched off \- you always have to
+initialise the loop manually in this case.
+.IP "\s-1EV_MINPRI\s0" 4
+.IX Item "EV_MINPRI"
+.PD 0
+.IP "\s-1EV_MAXPRI\s0" 4
+.IX Item "EV_MAXPRI"
+.PD
+The range of allowed priorities. \f(CW\*(C`EV_MINPRI\*(C'\fR must be smaller or equal to
+\&\f(CW\*(C`EV_MAXPRI\*(C'\fR, but otherwise there are no non-obvious limitations. You can
+provide for more priorities by overriding those symbols (usually defined
+to be \f(CW\*(C`\-2\*(C'\fR and \f(CW2\fR, respectively).
+.Sp
+When doing priority-based operations, libev usually has to linearly search
+all the priorities, so having many of them (hundreds) uses a lot of space
+and time, so using the defaults of five priorities (\-2 .. +2) is usually
+fine.
+.Sp
+If your embedding application does not need any priorities, defining these
+both to \f(CW0\fR will save some memory and \s-1CPU.\s0
+.IP "\s-1EV_PERIODIC_ENABLE, EV_IDLE_ENABLE, EV_EMBED_ENABLE, EV_STAT_ENABLE, EV_PREPARE_ENABLE, EV_CHECK_ENABLE, EV_FORK_ENABLE, EV_SIGNAL_ENABLE, EV_ASYNC_ENABLE, EV_CHILD_ENABLE.\s0" 4
+.IX Item "EV_PERIODIC_ENABLE, EV_IDLE_ENABLE, EV_EMBED_ENABLE, EV_STAT_ENABLE, EV_PREPARE_ENABLE, EV_CHECK_ENABLE, EV_FORK_ENABLE, EV_SIGNAL_ENABLE, EV_ASYNC_ENABLE, EV_CHILD_ENABLE."
+If undefined or defined to be \f(CW1\fR (and the platform supports it), then
+the respective watcher type is supported. If defined to be \f(CW0\fR, then it
+is not. Disabling watcher types mainly saves code size.
+.IP "\s-1EV_FEATURES\s0" 4
+.IX Item "EV_FEATURES"
+If you need to shave off some kilobytes of code at the expense of some
+speed (but with the full \s-1API\s0), you can define this symbol to request
+certain subsets of functionality. The default is to enable all features
+that can be enabled on the platform.
+.Sp
+A typical way to use this symbol is to define it to \f(CW0\fR (or to a bitset
+with some broad features you want) and then selectively re-enable
+additional parts you want, for example if you want everything minimal,
+but multiple event loop support, async and child watchers and the poll
+backend, use this:
+.Sp
+.Vb 5
+\&   #define EV_FEATURES 0
+\&   #define EV_MULTIPLICITY 1
+\&   #define EV_USE_POLL 1
+\&   #define EV_CHILD_ENABLE 1
+\&   #define EV_ASYNC_ENABLE 1
+.Ve
+.Sp
+The actual value is a bitset, it can be a combination of the following
+values (by default, all of these are enabled):
+.RS 4
+.ie n .IP "1 \- faster/larger code" 4
+.el .IP "\f(CW1\fR \- faster/larger code" 4
+.IX Item "1 - faster/larger code"
+Use larger code to speed up some operations.
+.Sp
+Currently this is used to override some inlining decisions (enlarging the
+code size by roughly 30% on amd64).
+.Sp
+When optimising for size, use of compiler flags such as \f(CW\*(C`\-Os\*(C'\fR with
+gcc is recommended, as well as \f(CW\*(C`\-DNDEBUG\*(C'\fR, as libev contains a number of
+assertions.
+.Sp
+The default is off when \f(CW\*(C`_\|_OPTIMIZE_SIZE_\|_\*(C'\fR is defined by your compiler
+(e.g. gcc with \f(CW\*(C`\-Os\*(C'\fR).
+.ie n .IP "2 \- faster/larger data structures" 4
+.el .IP "\f(CW2\fR \- faster/larger data structures" 4
+.IX Item "2 - faster/larger data structures"
+Replaces the small 2\-heap for timer management by a faster 4\-heap, larger
+hash table sizes and so on. This will usually further increase code size
+and can additionally have an effect on the size of data structures at
+runtime.
+.Sp
+The default is off when \f(CW\*(C`_\|_OPTIMIZE_SIZE_\|_\*(C'\fR is defined by your compiler
+(e.g. gcc with \f(CW\*(C`\-Os\*(C'\fR).
+.ie n .IP "4 \- full \s-1API\s0 configuration" 4
+.el .IP "\f(CW4\fR \- full \s-1API\s0 configuration" 4
+.IX Item "4 - full API configuration"
+This enables priorities (sets \f(CW\*(C`EV_MAXPRI\*(C'\fR=2 and \f(CW\*(C`EV_MINPRI\*(C'\fR=\-2), and
+enables multiplicity (\f(CW\*(C`EV_MULTIPLICITY\*(C'\fR=1).
+.ie n .IP "8 \- full \s-1API\s0" 4
+.el .IP "\f(CW8\fR \- full \s-1API\s0" 4
+.IX Item "8 - full API"
+This enables a lot of the \*(L"lesser used\*(R" \s-1API\s0 functions. See \f(CW\*(C`ev.h\*(C'\fR for
+details on which parts of the \s-1API\s0 are still available without this
+feature, and do not complain if this subset changes over time.
+.ie n .IP "16 \- enable all optional watcher types" 4
+.el .IP "\f(CW16\fR \- enable all optional watcher types" 4
+.IX Item "16 - enable all optional watcher types"
+Enables all optional watcher types.  If you want to selectively enable
+only some watcher types other than I/O and timers (e.g. prepare,
+embed, async, child...) you can enable them manually by defining
+\&\f(CW\*(C`EV_watchertype_ENABLE\*(C'\fR to \f(CW1\fR instead.
+.ie n .IP "32 \- enable all backends" 4
+.el .IP "\f(CW32\fR \- enable all backends" 4
+.IX Item "32 - enable all backends"
+This enables all backends \- without this feature, you need to enable at
+least one backend manually (\f(CW\*(C`EV_USE_SELECT\*(C'\fR is a good choice).
+.ie n .IP "64 \- enable OS-specific ""helper"" APIs" 4
+.el .IP "\f(CW64\fR \- enable OS-specific ``helper'' APIs" 4
+.IX Item "64 - enable OS-specific helper APIs"
+Enable inotify, eventfd, signalfd and similar OS-specific helper APIs by
+default.
+.RE
+.RS 4
+.Sp
+Compiling with \f(CW\*(C`gcc \-Os \-DEV_STANDALONE \-DEV_USE_EPOLL=1 \-DEV_FEATURES=0\*(C'\fR
+reduces the compiled size of libev from 24.7Kb code/2.8Kb data to 6.5Kb
+code/0.3Kb data on my GNU/Linux amd64 system, while still giving you I/O
+watchers, timers and monotonic clock support.
+.Sp
+With an intelligent-enough linker (gcc+binutils are intelligent enough
+when you use \f(CW\*(C`\-Wl,\-\-gc\-sections \-ffunction\-sections\*(C'\fR) functions unused by
+your program might be left out as well \- a binary starting a timer and an
+I/O watcher then might come out at only 5Kb.
+.RE
+.IP "\s-1EV_API_STATIC\s0" 4
+.IX Item "EV_API_STATIC"
+If this symbol is defined (by default it is not), then all identifiers
+will have static linkage. This means that libev will not export any
+identifiers, and you cannot link against libev anymore. This can be useful
+when you embed libev, only want to use libev functions in a single file,
+and do not want its identifiers to be visible.
+.Sp
+To use this, define \f(CW\*(C`EV_API_STATIC\*(C'\fR and include \fIev.c\fR in the file that
+wants to use libev.
+.Sp
+This option only works when libev is compiled with a C compiler, as \*(C+
+doesn't support the required declaration syntax.
+.IP "\s-1EV_AVOID_STDIO\s0" 4
+.IX Item "EV_AVOID_STDIO"
+If this is set to \f(CW1\fR at compiletime, then libev will avoid using stdio
+functions (printf, scanf, perror etc.). This will increase the code size
+somewhat, but if your program doesn't otherwise depend on stdio and your
+libc allows it, this avoids linking in the stdio library which is quite
+big.
+.Sp
+Note that error messages might become less precise when this option is
+enabled.
+.IP "\s-1EV_NSIG\s0" 4
+.IX Item "EV_NSIG"
+The highest supported signal number, +1 (or, the number of
+signals): Normally, libev tries to deduce the maximum number of signals
+automatically, but sometimes this fails, in which case it can be
+specified. Also, using a lower number than detected (\f(CW32\fR should be
+good for about any system in existence) can save some memory, as libev
+statically allocates some 12\-24 bytes per signal number.
+.IP "\s-1EV_PID_HASHSIZE\s0" 4
+.IX Item "EV_PID_HASHSIZE"
+\&\f(CW\*(C`ev_child\*(C'\fR watchers use a small hash table to distribute workload by
+pid. The default size is \f(CW16\fR (or \f(CW1\fR with \f(CW\*(C`EV_FEATURES\*(C'\fR disabled),
+usually more than enough. If you need to manage thousands of children you
+might want to increase this value (\fImust\fR be a power of two).
+.IP "\s-1EV_INOTIFY_HASHSIZE\s0" 4
+.IX Item "EV_INOTIFY_HASHSIZE"
+\&\f(CW\*(C`ev_stat\*(C'\fR watchers use a small hash table to distribute workload by
+inotify watch id. The default size is \f(CW16\fR (or \f(CW1\fR with \f(CW\*(C`EV_FEATURES\*(C'\fR
+disabled), usually more than enough. If you need to manage thousands of
+\&\f(CW\*(C`ev_stat\*(C'\fR watchers you might want to increase this value (\fImust\fR be a
+power of two).
+.IP "\s-1EV_USE_4HEAP\s0" 4
+.IX Item "EV_USE_4HEAP"
+Heaps are not very cache-efficient. To improve the cache-efficiency of the
+timer and periodics heaps, libev uses a 4\-heap when this symbol is defined
+to \f(CW1\fR. The 4\-heap uses more complicated (longer) code but has noticeably
+faster performance with many (thousands) of watchers.
+.Sp
+The default is \f(CW1\fR, unless \f(CW\*(C`EV_FEATURES\*(C'\fR overrides it, in which case it
+will be \f(CW0\fR.
+.IP "\s-1EV_HEAP_CACHE_AT\s0" 4
+.IX Item "EV_HEAP_CACHE_AT"
+Heaps are not very cache-efficient. To improve the cache-efficiency of the
+timer and periodics heaps, libev can cache the timestamp (\fIat\fR) within
+the heap structure (selected by defining \f(CW\*(C`EV_HEAP_CACHE_AT\*(C'\fR to \f(CW1\fR),
+which uses 8\-12 bytes more per watcher and a few hundred bytes more code,
+but avoids random read accesses on heap changes. This improves performance
+noticeably with many (hundreds) of watchers.
+.Sp
+The default is \f(CW1\fR, unless \f(CW\*(C`EV_FEATURES\*(C'\fR overrides it, in which case it
+will be \f(CW0\fR.
+.IP "\s-1EV_VERIFY\s0" 4
+.IX Item "EV_VERIFY"
+Controls how much internal verification (see \f(CW\*(C`ev_verify ()\*(C'\fR) will
+be done: If set to \f(CW0\fR, no internal verification code will be compiled
+in. If set to \f(CW1\fR, then verification code will be compiled in, but not
+called. If set to \f(CW2\fR, then the internal verification code will be
+called once per loop, which can slow down libev. If set to \f(CW3\fR, then the
+verification code will be called very frequently, which will slow down
+libev considerably.
+.Sp
+Verification errors are reported via C's \f(CW\*(C`assert\*(C'\fR mechanism, so if you
+disable that (e.g. by defining \f(CW\*(C`NDEBUG\*(C'\fR) then no errors will be reported.
+.Sp
+The default is \f(CW1\fR, unless \f(CW\*(C`EV_FEATURES\*(C'\fR overrides it, in which case it
+will be \f(CW0\fR.
+.IP "\s-1EV_COMMON\s0" 4
+.IX Item "EV_COMMON"
+By default, all watchers have a \f(CW\*(C`void *data\*(C'\fR member. By redefining
+this macro to something else you can include more and other types of
+members. You have to define it each time you include one of the files,
+though, and it must be identical each time.
+.Sp
+For example, the perl \s-1EV\s0 module uses something like this:
+.Sp
+.Vb 3
+\&   #define EV_COMMON                       \e
+\&     SV *self; /* contains this struct */  \e
+\&     SV *cb_sv, *fh /* note no trailing ";" */
+.Ve
+.IP "\s-1EV_CB_DECLARE\s0 (type)" 4
+.IX Item "EV_CB_DECLARE (type)"
+.PD 0
+.IP "\s-1EV_CB_INVOKE\s0 (watcher, revents)" 4
+.IX Item "EV_CB_INVOKE (watcher, revents)"
+.IP "ev_set_cb (ev, cb)" 4
+.IX Item "ev_set_cb (ev, cb)"
+.PD
+Can be used to change the callback member declaration in each watcher,
+and the way callbacks are invoked and set. Must expand to a struct member
+definition and a statement, respectively. See the \fIev.h\fR header file for
+their default definitions. One possible use for overriding these is to
+avoid the \f(CW\*(C`struct ev_loop *\*(C'\fR as first argument in all cases, or to use
+method calls instead of plain function calls in \*(C+.
+.SS "\s-1EXPORTED API SYMBOLS\s0"
+.IX Subsection "EXPORTED API SYMBOLS"
+If you need to re-export the \s-1API\s0 (e.g. via a \s-1DLL\s0) and you need a list of
+exported symbols, you can use the provided \fISymbol.*\fR files which list
+all public symbols, one per line:
+.PP
+.Vb 2
+\&   Symbols.ev      for libev proper
+\&   Symbols.event   for the libevent emulation
+.Ve
+.PP
+This can also be used to rename all public symbols to avoid clashes with
+multiple versions of libev linked together (which is obviously bad in
+itself, but sometimes it is inconvenient to avoid this).
+.PP
+A sed command like this will create wrapper \f(CW\*(C`#define\*(C'\fR's that you need to
+include before including \fIev.h\fR:
+.PP
+.Vb 1
+\&   <Symbols.ev sed \-e "s/.*/#define & myprefix_&/" >wrap.h
+.Ve
+.PP
+This would create a file \fIwrap.h\fR which essentially looks like this:
+.PP
+.Vb 4
+\&   #define ev_backend     myprefix_ev_backend
+\&   #define ev_check_start myprefix_ev_check_start
+\&   #define ev_check_stop  myprefix_ev_check_stop
+\&   ...
+.Ve
+.SS "\s-1EXAMPLES\s0"
+.IX Subsection "EXAMPLES"
+For a real-world example of a program the includes libev
+verbatim, you can have a look at the \s-1EV\s0 perl module
+(<http://software.schmorp.de/pkg/EV.html>). It has the libev files in
+the \fIlibev/\fR subdirectory and includes them in the \fI\s-1EV/EVAPI\s0.h\fR (public
+interface) and \fI\s-1EV\s0.xs\fR (implementation) files. Only the \fI\s-1EV\s0.xs\fR file
+will be compiled. It is pretty complex because it provides its own header
+file.
+.PP
+The usage in rxvt-unicode is simpler. It has a \fIev_cpp.h\fR header file
+that everybody includes and which overrides some configure choices:
+.PP
+.Vb 8
+\&   #define EV_FEATURES 8
+\&   #define EV_USE_SELECT 1
+\&   #define EV_PREPARE_ENABLE 1
+\&   #define EV_IDLE_ENABLE 1
+\&   #define EV_SIGNAL_ENABLE 1
+\&   #define EV_CHILD_ENABLE 1
+\&   #define EV_USE_STDEXCEPT 0
+\&   #define EV_CONFIG_H <config.h>
+\&
+\&   #include "ev++.h"
+.Ve
+.PP
+And a \fIev_cpp.C\fR implementation file that contains libev proper and is compiled:
+.PP
+.Vb 2
+\&   #include "ev_cpp.h"
+\&   #include "ev.c"
+.Ve
+.SH "INTERACTION WITH OTHER PROGRAMS, LIBRARIES OR THE ENVIRONMENT"
+.IX Header "INTERACTION WITH OTHER PROGRAMS, LIBRARIES OR THE ENVIRONMENT"
+.SS "\s-1THREADS AND COROUTINES\s0"
+.IX Subsection "THREADS AND COROUTINES"
+\fI\s-1THREADS\s0\fR
+.IX Subsection "THREADS"
+.PP
+All libev functions are reentrant and thread-safe unless explicitly
+documented otherwise, but libev implements no locking itself. This means
+that you can use as many loops as you want in parallel, as long as there
+are no concurrent calls into any libev function with the same loop
+parameter (\f(CW\*(C`ev_default_*\*(C'\fR calls have an implicit default loop parameter,
+of course): libev guarantees that different event loops share no data
+structures that need any locking.
+.PP
+Or to put it differently: calls with different loop parameters can be done
+concurrently from multiple threads, calls with the same loop parameter
+must be done serially (but can be done from different threads, as long as
+only one thread ever is inside a call at any point in time, e.g. by using
+a mutex per loop).
+.PP
+Specifically to support threads (and signal handlers), libev implements
+so-called \f(CW\*(C`ev_async\*(C'\fR watchers, which allow some limited form of
+concurrency on the same event loop, namely waking it up \*(L"from the
+outside\*(R".
+.PP
+If you want to know which design (one loop, locking, or multiple loops
+without or something else still) is best for your problem, then I cannot
+help you, but here is some generic advice:
+.IP "\(bu" 4
+most applications have a main thread: use the default libev loop
+in that thread, or create a separate thread running only the default loop.
+.Sp
+This helps integrating other libraries or software modules that use libev
+themselves and don't care/know about threading.
+.IP "\(bu" 4
+one loop per thread is usually a good model.
+.Sp
+Doing this is almost never wrong, sometimes a better-performance model
+exists, but it is always a good start.
+.IP "\(bu" 4
+other models exist, such as the leader/follower pattern, where one
+loop is handed through multiple threads in a kind of round-robin fashion.
+.Sp
+Choosing a model is hard \- look around, learn, know that usually you can do
+better than you currently do :\-)
+.IP "\(bu" 4
+often you need to talk to some other thread which blocks in the
+event loop.
+.Sp
+\&\f(CW\*(C`ev_async\*(C'\fR watchers can be used to wake them up from other threads safely
+(or from signal contexts...).
+.Sp
+An example use would be to communicate signals or other events that only
+work in the default loop by registering the signal watcher with the
+default loop and triggering an \f(CW\*(C`ev_async\*(C'\fR watcher from the default loop
+watcher callback into the event loop interested in the signal.
+.PP
+See also \*(L"\s-1THREAD LOCKING EXAMPLE\*(R"\s0.
+.PP
+\fI\s-1COROUTINES\s0\fR
+.IX Subsection "COROUTINES"
+.PP
+Libev is very accommodating to coroutines (\*(L"cooperative threads\*(R"):
+libev fully supports nesting calls to its functions from different
+coroutines (e.g. you can call \f(CW\*(C`ev_run\*(C'\fR on the same loop from two
+different coroutines, and switch freely between both coroutines running
+the loop, as long as you don't confuse yourself). The only exception is
+that you must not do this from \f(CW\*(C`ev_periodic\*(C'\fR reschedule callbacks.
+.PP
+Care has been taken to ensure that libev does not keep local state inside
+\&\f(CW\*(C`ev_run\*(C'\fR, and other calls do not usually allow for coroutine switches as
+they do not call any callbacks.
+.SS "\s-1COMPILER WARNINGS\s0"
+.IX Subsection "COMPILER WARNINGS"
+Depending on your compiler and compiler settings, you might get no or a
+lot of warnings when compiling libev code. Some people are apparently
+scared by this.
+.PP
+However, these are unavoidable for many reasons. For one, each compiler
+has different warnings, and each user has different tastes regarding
+warning options. \*(L"Warn-free\*(R" code therefore cannot be a goal except when
+targeting a specific compiler and compiler-version.
+.PP
+Another reason is that some compiler warnings require elaborate
+workarounds, or other changes to the code that make it less clear and less
+maintainable.
+.PP
+And of course, some compiler warnings are just plain stupid, or simply
+wrong (because they don't actually warn about the condition their message
+seems to warn about). For example, certain older gcc versions had some
+warnings that resulted in an extreme number of false positives. These have
+been fixed, but some people still insist on making code warn-free with
+such buggy versions.
+.PP
+While libev is written to generate as few warnings as possible,
+\&\*(L"warn-free\*(R" code is not a goal, and it is recommended not to build libev
+with any compiler warnings enabled unless you are prepared to cope with
+them (e.g. by ignoring them). Remember that warnings are just that:
+warnings, not errors, or proof of bugs.
+.SS "\s-1VALGRIND\s0"
+.IX Subsection "VALGRIND"
+Valgrind has a special section here because it is a popular tool that is
+highly useful. Unfortunately, valgrind reports are very hard to interpret.
+.PP
+If you think you found a bug (memory leak, uninitialised data access etc.)
+in libev, then check twice: If valgrind reports something like:
+.PP
+.Vb 3
+\&   ==2274==    definitely lost: 0 bytes in 0 blocks.
+\&   ==2274==      possibly lost: 0 bytes in 0 blocks.
+\&   ==2274==    still reachable: 256 bytes in 1 blocks.
+.Ve
+.PP
+Then there is no memory leak, just as memory accounted to global variables
+is not a memleak \- the memory is still being referenced, and didn't leak.
+.PP
+Similarly, under some circumstances, valgrind might report kernel bugs
+as if it were a bug in libev (e.g. in realloc or in the poll backend,
+although an acceptable workaround has been found here), or it might be
+confused.
+.PP
+Keep in mind that valgrind is a very good tool, but only a tool. Don't
+make it into some kind of religion.
+.PP
+If you are unsure about something, feel free to contact the mailing list
+with the full valgrind report and an explanation on why you think this
+is a bug in libev (best check the archives, too :). However, don't be
+annoyed when you get a brisk \*(L"this is no bug\*(R" answer and take the chance
+of learning how to interpret valgrind properly.
+.PP
+If you need, for some reason, empty reports from valgrind for your project
+I suggest using suppression lists.
+.SH "PORTABILITY NOTES"
+.IX Header "PORTABILITY NOTES"
+.SS "\s-1GNU/LINUX 32 BIT LIMITATIONS\s0"
+.IX Subsection "GNU/LINUX 32 BIT LIMITATIONS"
+GNU/Linux is the only common platform that supports 64 bit file/large file
+interfaces but \fIdisables\fR them by default.
+.PP
+That means that libev compiled in the default environment doesn't support
+files larger than 2GiB or so, which mainly affects \f(CW\*(C`ev_stat\*(C'\fR watchers.
+.PP
+Unfortunately, many programs try to work around this GNU/Linux issue
+by enabling the large file \s-1API,\s0 which makes them incompatible with the
+standard libev compiled for their system.
+.PP
+Likewise, libev cannot enable the large file \s-1API\s0 itself as this would
+suddenly make it incompatible to the default compile time environment,
+i.e. all programs not using special compile switches.
+.SS "\s-1OS/X AND DARWIN BUGS\s0"
+.IX Subsection "OS/X AND DARWIN BUGS"
+The whole thing is a bug if you ask me \- basically any system interface
+you touch is broken, whether it is locales, poll, kqueue or even the
+OpenGL drivers.
+.PP
+\fI\f(CI\*(C`kqueue\*(C'\fI is buggy\fR
+.IX Subsection "kqueue is buggy"
+.PP
+The kqueue syscall is broken in all known versions \- most versions support
+only sockets, many support pipes.
+.PP
+Libev tries to work around this by not using \f(CW\*(C`kqueue\*(C'\fR by default on this
+rotten platform, but of course you can still ask for it when creating a
+loop \- embedding a socket-only kqueue loop into a select-based one is
+probably going to work well.
+.PP
+\fI\f(CI\*(C`poll\*(C'\fI is buggy\fR
+.IX Subsection "poll is buggy"
+.PP
+Instead of fixing \f(CW\*(C`kqueue\*(C'\fR, Apple replaced their (working) \f(CW\*(C`poll\*(C'\fR
+implementation by something calling \f(CW\*(C`kqueue\*(C'\fR internally around the 10.5.6
+release, so now \f(CW\*(C`kqueue\*(C'\fR \fIand\fR \f(CW\*(C`poll\*(C'\fR are broken.
+.PP
+Libev tries to work around this by not using \f(CW\*(C`poll\*(C'\fR by default on
+this rotten platform, but of course you can still ask for it when creating
+a loop.
+.PP
+\fI\f(CI\*(C`select\*(C'\fI is buggy\fR
+.IX Subsection "select is buggy"
+.PP
+All that's left is \f(CW\*(C`select\*(C'\fR, and of course Apple found a way to fuck this
+one up as well: On \s-1OS/X,\s0 \f(CW\*(C`select\*(C'\fR actively limits the number of file
+descriptors you can pass in to 1024 \- your program suddenly crashes when
+you use more.
+.PP
+There is an undocumented \*(L"workaround\*(R" for this \- defining
+\&\f(CW\*(C`_DARWIN_UNLIMITED_SELECT\*(C'\fR, which libev tries to use, so select \fIshould\fR
+work on \s-1OS/X.\s0
+.SS "\s-1SOLARIS PROBLEMS AND WORKAROUNDS\s0"
+.IX Subsection "SOLARIS PROBLEMS AND WORKAROUNDS"
+\fI\f(CI\*(C`errno\*(C'\fI reentrancy\fR
+.IX Subsection "errno reentrancy"
+.PP
+The default compile environment on Solaris is unfortunately so
+thread-unsafe that you can't even use components/libraries compiled
+without \f(CW\*(C`\-D_REENTRANT\*(C'\fR in a threaded program, which, of course, isn't
+defined by default. A valid, if stupid, implementation choice.
+.PP
+If you want to use libev in threaded environments you have to make sure
+it's compiled with \f(CW\*(C`_REENTRANT\*(C'\fR defined.
+.PP
+\fIEvent port backend\fR
+.IX Subsection "Event port backend"
+.PP
+The scalable event interface for Solaris is called \*(L"event
+ports\*(R". Unfortunately, this mechanism is very buggy in all major
+releases. If you run into high \s-1CPU\s0 usage, your program freezes or you get
+a large number of spurious wakeups, make sure you have all the relevant
+and latest kernel patches applied. No, I don't know which ones, but there
+are multiple ones to apply, and afterwards, event ports actually work
+great.
+.PP
+If you can't get it to work, you can try running the program by setting
+the environment variable \f(CW\*(C`LIBEV_FLAGS=3\*(C'\fR to only allow \f(CW\*(C`poll\*(C'\fR and
+\&\f(CW\*(C`select\*(C'\fR backends.
+.SS "\s-1AIX POLL BUG\s0"
+.IX Subsection "AIX POLL BUG"
+\&\s-1AIX\s0 unfortunately has a broken \f(CW\*(C`poll.h\*(C'\fR header. Libev works around
+this by trying to avoid the poll backend altogether (i.e. it's not even
+compiled in), which normally isn't a big problem as \f(CW\*(C`select\*(C'\fR works fine
+with large bitsets on \s-1AIX,\s0 and \s-1AIX\s0 is dead anyway.
+.SS "\s-1WIN32 PLATFORM LIMITATIONS AND WORKAROUNDS\s0"
+.IX Subsection "WIN32 PLATFORM LIMITATIONS AND WORKAROUNDS"
+\fIGeneral issues\fR
+.IX Subsection "General issues"
+.PP
+Win32 doesn't support any of the standards (e.g. \s-1POSIX\s0) that libev
+requires, and its I/O model is fundamentally incompatible with the \s-1POSIX\s0
+model. Libev still offers limited functionality on this platform in
+the form of the \f(CW\*(C`EVBACKEND_SELECT\*(C'\fR backend, and only supports socket
+descriptors. This only applies when using Win32 natively, not when using
+e.g. cygwin. Actually, it only applies to the microsofts own compilers,
+as every compiler comes with a slightly differently broken/incompatible
+environment.
+.PP
+Lifting these limitations would basically require the full
+re-implementation of the I/O system. If you are into this kind of thing,
+then note that glib does exactly that for you in a very portable way (note
+also that glib is the slowest event library known to man).
+.PP
+There is no supported compilation method available on windows except
+embedding it into other applications.
+.PP
+Sensible signal handling is officially unsupported by Microsoft \- libev
+tries its best, but under most conditions, signals will simply not work.
+.PP
+Not a libev limitation but worth mentioning: windows apparently doesn't
+accept large writes: instead of resulting in a partial write, windows will
+either accept everything or return \f(CW\*(C`ENOBUFS\*(C'\fR if the buffer is too large,
+so make sure you only write small amounts into your sockets (less than a
+megabyte seems safe, but this apparently depends on the amount of memory
+available).
+.PP
+Due to the many, low, and arbitrary limits on the win32 platform and
+the abysmal performance of winsockets, using a large number of sockets
+is not recommended (and not reasonable). If your program needs to use
+more than a hundred or so sockets, then likely it needs to use a totally
+different implementation for windows, as libev offers the \s-1POSIX\s0 readiness
+notification model, which cannot be implemented efficiently on windows
+(due to Microsoft monopoly games).
+.PP
+A typical way to use libev under windows is to embed it (see the embedding
+section for details) and use the following \fIevwrap.h\fR header file instead
+of \fIev.h\fR:
+.PP
+.Vb 2
+\&   #define EV_STANDALONE              /* keeps ev from requiring config.h */
+\&   #define EV_SELECT_IS_WINSOCKET 1   /* configure libev for windows select */
+\&
+\&   #include "ev.h"
+.Ve
+.PP
+And compile the following \fIevwrap.c\fR file into your project (make sure
+you do \fInot\fR compile the \fIev.c\fR or any other embedded source files!):
+.PP
+.Vb 2
+\&   #include "evwrap.h"
+\&   #include "ev.c"
+.Ve
+.PP
+\fIThe winsocket \f(CI\*(C`select\*(C'\fI function\fR
+.IX Subsection "The winsocket select function"
+.PP
+The winsocket \f(CW\*(C`select\*(C'\fR function doesn't follow \s-1POSIX\s0 in that it
+requires socket \fIhandles\fR and not socket \fIfile descriptors\fR (it is
+also extremely buggy). This makes select very inefficient, and also
+requires a mapping from file descriptors to socket handles (the Microsoft
+C runtime provides the function \f(CW\*(C`_open_osfhandle\*(C'\fR for this). See the
+discussion of the \f(CW\*(C`EV_SELECT_USE_FD_SET\*(C'\fR, \f(CW\*(C`EV_SELECT_IS_WINSOCKET\*(C'\fR and
+\&\f(CW\*(C`EV_FD_TO_WIN32_HANDLE\*(C'\fR preprocessor symbols for more info.
+.PP
+The configuration for a \*(L"naked\*(R" win32 using the Microsoft runtime
+libraries and raw winsocket select is:
+.PP
+.Vb 2
+\&   #define EV_USE_SELECT 1
+\&   #define EV_SELECT_IS_WINSOCKET 1   /* forces EV_SELECT_USE_FD_SET, too */
+.Ve
+.PP
+Note that winsockets handling of fd sets is O(n), so you can easily get a
+complexity in the O(nX) range when using win32.
+.PP
+\fILimited number of file descriptors\fR
+.IX Subsection "Limited number of file descriptors"
+.PP
+Windows has numerous arbitrary (and low) limits on things.
+.PP
+Early versions of winsocket's select only supported waiting for a maximum
+of \f(CW64\fR handles (probably owning to the fact that all windows kernels
+can only wait for \f(CW64\fR things at the same time internally; Microsoft
+recommends spawning a chain of threads and wait for 63 handles and the
+previous thread in each. Sounds great!).
+.PP
+Newer versions support more handles, but you need to define \f(CW\*(C`FD_SETSIZE\*(C'\fR
+to some high number (e.g. \f(CW2048\fR) before compiling the winsocket select
+call (which might be in libev or elsewhere, for example, perl and many
+other interpreters do their own select emulation on windows).
+.PP
+Another limit is the number of file descriptors in the Microsoft runtime
+libraries, which by default is \f(CW64\fR (there must be a hidden \fI64\fR
+fetish or something like this inside Microsoft). You can increase this
+by calling \f(CW\*(C`_setmaxstdio\*(C'\fR, which can increase this limit to \f(CW2048\fR
+(another arbitrary limit), but is broken in many versions of the Microsoft
+runtime libraries. This might get you to about \f(CW512\fR or \f(CW2048\fR sockets
+(depending on windows version and/or the phase of the moon). To get more,
+you need to wrap all I/O functions and provide your own fd management, but
+the cost of calling select (O(nX)) will likely make this unworkable.
+.SS "\s-1PORTABILITY REQUIREMENTS\s0"
+.IX Subsection "PORTABILITY REQUIREMENTS"
+In addition to a working ISO-C implementation and of course the
+backend-specific APIs, libev relies on a few additional extensions:
+.ie n .IP """void (*)(ev_watcher_type *, int revents)"" must have compatible calling conventions regardless of ""ev_watcher_type *""." 4
+.el .IP "\f(CWvoid (*)(ev_watcher_type *, int revents)\fR must have compatible calling conventions regardless of \f(CWev_watcher_type *\fR." 4
+.IX Item "void (*)(ev_watcher_type *, int revents) must have compatible calling conventions regardless of ev_watcher_type *."
+Libev assumes not only that all watcher pointers have the same internal
+structure (guaranteed by \s-1POSIX\s0 but not by \s-1ISO C\s0 for example), but it also
+assumes that the same (machine) code can be used to call any watcher
+callback: The watcher callbacks have different type signatures, but libev
+calls them using an \f(CW\*(C`ev_watcher *\*(C'\fR internally.
+.IP "null pointers and integer zero are represented by 0 bytes" 4
+.IX Item "null pointers and integer zero are represented by 0 bytes"
+Libev uses \f(CW\*(C`memset\*(C'\fR to initialise structs and arrays to \f(CW0\fR bytes, and
+relies on this setting pointers and integers to null.
+.IP "pointer accesses must be thread-atomic" 4
+.IX Item "pointer accesses must be thread-atomic"
+Accessing a pointer value must be atomic, it must both be readable and
+writable in one piece \- this is the case on all current architectures.
+.ie n .IP """sig_atomic_t volatile"" must be thread-atomic as well" 4
+.el .IP "\f(CWsig_atomic_t volatile\fR must be thread-atomic as well" 4
+.IX Item "sig_atomic_t volatile must be thread-atomic as well"
+The type \f(CW\*(C`sig_atomic_t volatile\*(C'\fR (or whatever is defined as
+\&\f(CW\*(C`EV_ATOMIC_T\*(C'\fR) must be atomic with respect to accesses from different
+threads. This is not part of the specification for \f(CW\*(C`sig_atomic_t\*(C'\fR, but is
+believed to be sufficiently portable.
+.ie n .IP """sigprocmask"" must work in a threaded environment" 4
+.el .IP "\f(CWsigprocmask\fR must work in a threaded environment" 4
+.IX Item "sigprocmask must work in a threaded environment"
+Libev uses \f(CW\*(C`sigprocmask\*(C'\fR to temporarily block signals. This is not
+allowed in a threaded program (\f(CW\*(C`pthread_sigmask\*(C'\fR has to be used). Typical
+pthread implementations will either allow \f(CW\*(C`sigprocmask\*(C'\fR in the \*(L"main
+thread\*(R" or will block signals process-wide, both behaviours would
+be compatible with libev. Interaction between \f(CW\*(C`sigprocmask\*(C'\fR and
+\&\f(CW\*(C`pthread_sigmask\*(C'\fR could complicate things, however.
+.Sp
+The most portable way to handle signals is to block signals in all threads
+except the initial one, and run the signal handling loop in the initial
+thread as well.
+.ie n .IP """long"" must be large enough for common memory allocation sizes" 4
+.el .IP "\f(CWlong\fR must be large enough for common memory allocation sizes" 4
+.IX Item "long must be large enough for common memory allocation sizes"
+To improve portability and simplify its \s-1API,\s0 libev uses \f(CW\*(C`long\*(C'\fR internally
+instead of \f(CW\*(C`size_t\*(C'\fR when allocating its data structures. On non-POSIX
+systems (Microsoft...) this might be unexpectedly low, but is still at
+least 31 bits everywhere, which is enough for hundreds of millions of
+watchers.
+.ie n .IP """double"" must hold a time value in seconds with enough accuracy" 4
+.el .IP "\f(CWdouble\fR must hold a time value in seconds with enough accuracy" 4
+.IX Item "double must hold a time value in seconds with enough accuracy"
+The type \f(CW\*(C`double\*(C'\fR is used to represent timestamps. It is required to
+have at least 51 bits of mantissa (and 9 bits of exponent), which is
+good enough for at least into the year 4000 with millisecond accuracy
+(the design goal for libev). This requirement is overfulfilled by
+implementations using \s-1IEEE 754,\s0 which is basically all existing ones.
+.Sp
+With \s-1IEEE 754\s0 doubles, you get microsecond accuracy until at least the
+year 2255 (and millisecond accuracy till the year 287396 \- by then, libev
+is either obsolete or somebody patched it to use \f(CW\*(C`long double\*(C'\fR or
+something like that, just kidding).
+.PP
+If you know of other additional requirements drop me a note.
+.SH "ALGORITHMIC COMPLEXITIES"
+.IX Header "ALGORITHMIC COMPLEXITIES"
+In this section the complexities of (many of) the algorithms used inside
+libev will be documented. For complexity discussions about backends see
+the documentation for \f(CW\*(C`ev_default_init\*(C'\fR.
+.PP
+All of the following are about amortised time: If an array needs to be
+extended, libev needs to realloc and move the whole array, but this
+happens asymptotically rarer with higher number of elements, so O(1) might
+mean that libev does a lengthy realloc operation in rare cases, but on
+average it is much faster and asymptotically approaches constant time.
+.IP "Starting and stopping timer/periodic watchers: O(log skipped_other_timers)" 4
+.IX Item "Starting and stopping timer/periodic watchers: O(log skipped_other_timers)"
+This means that, when you have a watcher that triggers in one hour and
+there are 100 watchers that would trigger before that, then inserting will
+have to skip roughly seven (\f(CW\*(C`ld 100\*(C'\fR) of these watchers.
+.IP "Changing timer/periodic watchers (by autorepeat or calling again): O(log skipped_other_timers)" 4
+.IX Item "Changing timer/periodic watchers (by autorepeat or calling again): O(log skipped_other_timers)"
+That means that changing a timer costs less than removing/adding them,
+as only the relative motion in the event queue has to be paid for.
+.IP "Starting io/check/prepare/idle/signal/child/fork/async watchers: O(1)" 4
+.IX Item "Starting io/check/prepare/idle/signal/child/fork/async watchers: O(1)"
+These just add the watcher into an array or at the head of a list.
+.IP "Stopping check/prepare/idle/fork/async watchers: O(1)" 4
+.IX Item "Stopping check/prepare/idle/fork/async watchers: O(1)"
+.PD 0
+.IP "Stopping an io/signal/child watcher: O(number_of_watchers_for_this_(fd/signal/pid % \s-1EV_PID_HASHSIZE\s0))" 4
+.IX Item "Stopping an io/signal/child watcher: O(number_of_watchers_for_this_(fd/signal/pid % EV_PID_HASHSIZE))"
+.PD
+These watchers are stored in lists, so they need to be walked to find the
+correct watcher to remove. The lists are usually short (you don't usually
+have many watchers waiting for the same fd or signal: one is typical, two
+is rare).
+.IP "Finding the next timer in each loop iteration: O(1)" 4
+.IX Item "Finding the next timer in each loop iteration: O(1)"
+By virtue of using a binary or 4\-heap, the next timer is always found at a
+fixed position in the storage array.
+.IP "Each change on a file descriptor per loop iteration: O(number_of_watchers_for_this_fd)" 4
+.IX Item "Each change on a file descriptor per loop iteration: O(number_of_watchers_for_this_fd)"
+A change means an I/O watcher gets started or stopped, which requires
+libev to recalculate its status (and possibly tell the kernel, depending
+on backend and whether \f(CW\*(C`ev_io_set\*(C'\fR was used).
+.IP "Activating one watcher (putting it into the pending state): O(1)" 4
+.IX Item "Activating one watcher (putting it into the pending state): O(1)"
+.PD 0
+.IP "Priority handling: O(number_of_priorities)" 4
+.IX Item "Priority handling: O(number_of_priorities)"
+.PD
+Priorities are implemented by allocating some space for each
+priority. When doing priority-based operations, libev usually has to
+linearly search all the priorities, but starting/stopping and activating
+watchers becomes O(1) with respect to priority handling.
+.IP "Sending an ev_async: O(1)" 4
+.IX Item "Sending an ev_async: O(1)"
+.PD 0
+.IP "Processing ev_async_send: O(number_of_async_watchers)" 4
+.IX Item "Processing ev_async_send: O(number_of_async_watchers)"
+.IP "Processing signals: O(max_signal_number)" 4
+.IX Item "Processing signals: O(max_signal_number)"
+.PD
+Sending involves a system call \fIiff\fR there were no other \f(CW\*(C`ev_async_send\*(C'\fR
+calls in the current loop iteration and the loop is currently
+blocked. Checking for async and signal events involves iterating over all
+running async watchers or all signal numbers.
+.SH "PORTING FROM LIBEV 3.X TO 4.X"
+.IX Header "PORTING FROM LIBEV 3.X TO 4.X"
+The major version 4 introduced some incompatible changes to the \s-1API.\s0
+.PP
+At the moment, the \f(CW\*(C`ev.h\*(C'\fR header file provides compatibility definitions
+for all changes, so most programs should still compile. The compatibility
+layer might be removed in later versions of libev, so better update to the
+new \s-1API\s0 early than late.
+.ie n .IP """EV_COMPAT3"" backwards compatibility mechanism" 4
+.el .IP "\f(CWEV_COMPAT3\fR backwards compatibility mechanism" 4
+.IX Item "EV_COMPAT3 backwards compatibility mechanism"
+The backward compatibility mechanism can be controlled by
+\&\f(CW\*(C`EV_COMPAT3\*(C'\fR. See \*(L"\s-1PREPROCESSOR SYMBOLS/MACROS\*(R"\s0 in the \*(L"\s-1EMBEDDING\*(R"\s0
+section.
+.ie n .IP """ev_default_destroy"" and ""ev_default_fork"" have been removed" 4
+.el .IP "\f(CWev_default_destroy\fR and \f(CWev_default_fork\fR have been removed" 4
+.IX Item "ev_default_destroy and ev_default_fork have been removed"
+These calls can be replaced easily by their \f(CW\*(C`ev_loop_xxx\*(C'\fR counterparts:
+.Sp
+.Vb 2
+\&   ev_loop_destroy (EV_DEFAULT_UC);
+\&   ev_loop_fork (EV_DEFAULT);
+.Ve
+.IP "function/symbol renames" 4
+.IX Item "function/symbol renames"
+A number of functions and symbols have been renamed:
+.Sp
+.Vb 3
+\&  ev_loop         => ev_run
+\&  EVLOOP_NONBLOCK => EVRUN_NOWAIT
+\&  EVLOOP_ONESHOT  => EVRUN_ONCE
+\&
+\&  ev_unloop       => ev_break
+\&  EVUNLOOP_CANCEL => EVBREAK_CANCEL
+\&  EVUNLOOP_ONE    => EVBREAK_ONE
+\&  EVUNLOOP_ALL    => EVBREAK_ALL
+\&
+\&  EV_TIMEOUT      => EV_TIMER
+\&
+\&  ev_loop_count   => ev_iteration
+\&  ev_loop_depth   => ev_depth
+\&  ev_loop_verify  => ev_verify
+.Ve
+.Sp
+Most functions working on \f(CW\*(C`struct ev_loop\*(C'\fR objects don't have an
+\&\f(CW\*(C`ev_loop_\*(C'\fR prefix, so it was removed; \f(CW\*(C`ev_loop\*(C'\fR, \f(CW\*(C`ev_unloop\*(C'\fR and
+associated constants have been renamed to not collide with the \f(CW\*(C`struct
+ev_loop\*(C'\fR anymore and \f(CW\*(C`EV_TIMER\*(C'\fR now follows the same naming scheme
+as all other watcher types. Note that \f(CW\*(C`ev_loop_fork\*(C'\fR is still called
+\&\f(CW\*(C`ev_loop_fork\*(C'\fR because it would otherwise clash with the \f(CW\*(C`ev_fork\*(C'\fR
+typedef.
+.ie n .IP """EV_MINIMAL"" mechanism replaced by ""EV_FEATURES""" 4
+.el .IP "\f(CWEV_MINIMAL\fR mechanism replaced by \f(CWEV_FEATURES\fR" 4
+.IX Item "EV_MINIMAL mechanism replaced by EV_FEATURES"
+The preprocessor symbol \f(CW\*(C`EV_MINIMAL\*(C'\fR has been replaced by a different
+mechanism, \f(CW\*(C`EV_FEATURES\*(C'\fR. Programs using \f(CW\*(C`EV_MINIMAL\*(C'\fR usually compile
+and work, but the library code will of course be larger.
+.SH "GLOSSARY"
+.IX Header "GLOSSARY"
+.IP "active" 4
+.IX Item "active"
+A watcher is active as long as it has been started and not yet stopped.
+See \*(L"\s-1WATCHER STATES\*(R"\s0 for details.
+.IP "application" 4
+.IX Item "application"
+In this document, an application is whatever is using libev.
+.IP "backend" 4
+.IX Item "backend"
+The part of the code dealing with the operating system interfaces.
+.IP "callback" 4
+.IX Item "callback"
+The address of a function that is called when some event has been
+detected. Callbacks are being passed the event loop, the watcher that
+received the event, and the actual event bitset.
+.IP "callback/watcher invocation" 4
+.IX Item "callback/watcher invocation"
+The act of calling the callback associated with a watcher.
+.IP "event" 4
+.IX Item "event"
+A change of state of some external event, such as data now being available
+for reading on a file descriptor, time having passed or simply not having
+any other events happening anymore.
+.Sp
+In libev, events are represented as single bits (such as \f(CW\*(C`EV_READ\*(C'\fR or
+\&\f(CW\*(C`EV_TIMER\*(C'\fR).
+.IP "event library" 4
+.IX Item "event library"
+A software package implementing an event model and loop.
+.IP "event loop" 4
+.IX Item "event loop"
+An entity that handles and processes external events and converts them
+into callback invocations.
+.IP "event model" 4
+.IX Item "event model"
+The model used to describe how an event loop handles and processes
+watchers and events.
+.IP "pending" 4
+.IX Item "pending"
+A watcher is pending as soon as the corresponding event has been
+detected. See \*(L"\s-1WATCHER STATES\*(R"\s0 for details.
+.IP "real time" 4
+.IX Item "real time"
+The physical time that is observed. It is apparently strictly monotonic :)
+.IP "wall-clock time" 4
+.IX Item "wall-clock time"
+The time and date as shown on clocks. Unlike real time, it can actually
+be wrong and jump forwards and backwards, e.g. when you adjust your
+clock.
+.IP "watcher" 4
+.IX Item "watcher"
+A data structure that describes interest in certain events. Watchers need
+to be started (attached to an event loop) before they can receive events.
+.SH "AUTHOR"
+.IX Header "AUTHOR"
+Marc Lehmann <libev@schmorp.de>, with repeated corrections by Mikael
+Magnusson and Emanuele Giaquinta, and minor corrections by many others.
diff --git a/client/3rd/ShadowSocks/ShadowSocks/libev/armv7s/include/ev++.h b/client/3rd/ShadowSocks/ShadowSocks/libev/armv7s/include/ev++.h
new file mode 100644
index 00000000..22dfcf58
--- /dev/null
+++ b/client/3rd/ShadowSocks/ShadowSocks/libev/armv7s/include/ev++.h
@@ -0,0 +1,818 @@
+/*
+ * libev simple C++ wrapper classes
+ *
+ * Copyright (c) 2007,2008,2010,2018,2020 Marc Alexander Lehmann <libev@schmorp.de>
+ * All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without modifica-
+ * tion, are permitted provided that the following conditions are met:
+ *
+ *   1.  Redistributions of source code must retain the above copyright notice,
+ *       this list of conditions and the following disclaimer.
+ *
+ *   2.  Redistributions in binary form must reproduce the above copyright
+ *       notice, this list of conditions and the following disclaimer in the
+ *       documentation and/or other materials provided with the distribution.
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE AUTHOR ``AS IS'' AND ANY EXPRESS OR IMPLIED
+ * WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MER-
+ * CHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED.  IN NO
+ * EVENT SHALL THE AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPE-
+ * CIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO,
+ * PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS;
+ * OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY,
+ * WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTH-
+ * ERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
+ * OF THE POSSIBILITY OF SUCH DAMAGE.
+ *
+ * Alternatively, the contents of this file may be used under the terms of
+ * the GNU General Public License ("GPL") version 2 or any later version,
+ * in which case the provisions of the GPL are applicable instead of
+ * the above. If you wish to allow the use of your version of this file
+ * only under the terms of the GPL and not to allow others to use your
+ * version of this file under the BSD license, indicate your decision
+ * by deleting the provisions above and replace them with the notice
+ * and other provisions required by the GPL. If you do not delete the
+ * provisions above, a recipient may use your version of this file under
+ * either the BSD or the GPL.
+ */
+
+#ifndef EVPP_H__
+#define EVPP_H__
+
+#ifdef EV_H
+# include EV_H
+#else
+# include "ev.h"
+#endif
+
+#ifndef EV_USE_STDEXCEPT
+# define EV_USE_STDEXCEPT 1
+#endif
+
+#if EV_USE_STDEXCEPT
+# include <stdexcept>
+#endif
+
+namespace ev {
+
+  typedef ev_tstamp tstamp;
+
+  enum {
+    UNDEF    = EV_UNDEF,
+    NONE     = EV_NONE,
+    READ     = EV_READ,
+    WRITE    = EV_WRITE,
+#if EV_COMPAT3
+    TIMEOUT  = EV_TIMEOUT,
+#endif
+    TIMER    = EV_TIMER,
+    PERIODIC = EV_PERIODIC,
+    SIGNAL   = EV_SIGNAL,
+    CHILD    = EV_CHILD,
+    STAT     = EV_STAT,
+    IDLE     = EV_IDLE,
+    CHECK    = EV_CHECK,
+    PREPARE  = EV_PREPARE,
+    FORK     = EV_FORK,
+    ASYNC    = EV_ASYNC,
+    EMBED    = EV_EMBED,
+#   undef ERROR // some systems stupidly #define ERROR
+    ERROR    = EV_ERROR
+  };
+
+  enum
+  {
+    AUTO      = EVFLAG_AUTO,
+    NOENV     = EVFLAG_NOENV,
+    FORKCHECK = EVFLAG_FORKCHECK,
+
+    SELECT    = EVBACKEND_SELECT,
+    POLL      = EVBACKEND_POLL,
+    EPOLL     = EVBACKEND_EPOLL,
+    KQUEUE    = EVBACKEND_KQUEUE,
+    DEVPOLL   = EVBACKEND_DEVPOLL,
+    PORT      = EVBACKEND_PORT
+  };
+
+  enum
+  {
+#if EV_COMPAT3
+    NONBLOCK = EVLOOP_NONBLOCK,
+    ONESHOT  = EVLOOP_ONESHOT,
+#endif
+    NOWAIT   = EVRUN_NOWAIT,
+    ONCE     = EVRUN_ONCE
+  };
+
+  enum how_t
+  {
+    ONE = EVBREAK_ONE,
+    ALL = EVBREAK_ALL
+  };
+
+  struct bad_loop
+#if EV_USE_STDEXCEPT
+  : std::exception
+#endif
+  {
+#if EV_USE_STDEXCEPT
+    const char *what () const EV_NOEXCEPT
+    {
+      return "libev event loop cannot be initialized, bad value of LIBEV_FLAGS?";
+    }
+#endif
+  };
+
+#ifdef EV_AX
+#  undef EV_AX
+#endif
+
+#ifdef EV_AX_
+#  undef EV_AX_
+#endif
+
+#if EV_MULTIPLICITY
+#  define EV_AX  raw_loop
+#  define EV_AX_ raw_loop,
+#else
+#  define EV_AX
+#  define EV_AX_
+#endif
+
+  struct loop_ref
+  {
+    loop_ref (EV_P) EV_NOEXCEPT
+#if EV_MULTIPLICITY
+    : EV_AX (EV_A)
+#endif
+    {
+    }
+
+    bool operator == (const loop_ref &other) const EV_NOEXCEPT
+    {
+#if EV_MULTIPLICITY
+      return EV_AX == other.EV_AX;
+#else
+      return true;
+#endif
+    }
+
+    bool operator != (const loop_ref &other) const EV_NOEXCEPT
+    {
+#if EV_MULTIPLICITY
+      return ! (*this == other);
+#else
+      return false;
+#endif
+    }
+
+#if EV_MULTIPLICITY
+    bool operator == (const EV_P) const EV_NOEXCEPT
+    {
+      return this->EV_AX == EV_A;
+    }
+
+    bool operator != (const EV_P) const EV_NOEXCEPT
+    {
+      return ! (*this == EV_A);
+    }
+
+    operator struct ev_loop * () const EV_NOEXCEPT
+    {
+      return EV_AX;
+    }
+
+    operator const struct ev_loop * () const EV_NOEXCEPT
+    {
+      return EV_AX;
+    }
+
+    bool is_default () const EV_NOEXCEPT
+    {
+      return EV_AX == ev_default_loop (0);
+    }
+#endif
+
+#if EV_COMPAT3
+    void loop (int flags = 0)
+    {
+      ev_run (EV_AX_ flags);
+    }
+
+    void unloop (how_t how = ONE) EV_NOEXCEPT
+    {
+      ev_break (EV_AX_ how);
+    }
+#endif
+
+    void run (int flags = 0)
+    {
+      ev_run (EV_AX_ flags);
+    }
+
+    void break_loop (how_t how = ONE) EV_NOEXCEPT
+    {
+      ev_break (EV_AX_ how);
+    }
+
+    void post_fork () EV_NOEXCEPT
+    {
+      ev_loop_fork (EV_AX);
+    }
+
+    unsigned int backend () const EV_NOEXCEPT
+    {
+      return ev_backend (EV_AX);
+    }
+
+    tstamp now () const EV_NOEXCEPT
+    {
+      return ev_now (EV_AX);
+    }
+
+    void ref () EV_NOEXCEPT
+    {
+      ev_ref (EV_AX);
+    }
+
+    void unref () EV_NOEXCEPT
+    {
+      ev_unref (EV_AX);
+    }
+
+#if EV_FEATURE_API
+    unsigned int iteration () const EV_NOEXCEPT
+    {
+      return ev_iteration (EV_AX);
+    }
+
+    unsigned int depth () const EV_NOEXCEPT
+    {
+      return ev_depth (EV_AX);
+    }
+
+    void set_io_collect_interval (tstamp interval) EV_NOEXCEPT
+    {
+      ev_set_io_collect_interval (EV_AX_ interval);
+    }
+
+    void set_timeout_collect_interval (tstamp interval) EV_NOEXCEPT
+    {
+      ev_set_timeout_collect_interval (EV_AX_ interval);
+    }
+#endif
+
+    // function callback
+    void once (int fd, int events, tstamp timeout, void (*cb)(int, void *), void *arg = 0) EV_NOEXCEPT
+    {
+      ev_once (EV_AX_ fd, events, timeout, cb, arg);
+    }
+
+    // method callback
+    template<class K, void (K::*method)(int)>
+    void once (int fd, int events, tstamp timeout, K *object) EV_NOEXCEPT
+    {
+      once (fd, events, timeout, method_thunk<K, method>, object);
+    }
+
+    // default method == operator ()
+    template<class K>
+    void once (int fd, int events, tstamp timeout, K *object) EV_NOEXCEPT
+    {
+      once (fd, events, timeout, method_thunk<K, &K::operator ()>, object);
+    }
+
+    template<class K, void (K::*method)(int)>
+    static void method_thunk (int revents, void *arg)
+    {
+      (static_cast<K *>(arg)->*method)
+        (revents);
+    }
+
+    // no-argument method callback
+    template<class K, void (K::*method)()>
+    void once (int fd, int events, tstamp timeout, K *object) EV_NOEXCEPT
+    {
+      once (fd, events, timeout, method_noargs_thunk<K, method>, object);
+    }
+
+    template<class K, void (K::*method)()>
+    static void method_noargs_thunk (int revents, void *arg)
+    {
+      (static_cast<K *>(arg)->*method)
+        ();
+    }
+
+    // simpler function callback
+    template<void (*cb)(int)>
+    void once (int fd, int events, tstamp timeout) EV_NOEXCEPT
+    {
+      once (fd, events, timeout, simpler_func_thunk<cb>);
+    }
+
+    template<void (*cb)(int)>
+    static void simpler_func_thunk (int revents, void *arg)
+    {
+      (*cb)
+        (revents);
+    }
+
+    // simplest function callback
+    template<void (*cb)()>
+    void once (int fd, int events, tstamp timeout) EV_NOEXCEPT
+    {
+      once (fd, events, timeout, simplest_func_thunk<cb>);
+    }
+
+    template<void (*cb)()>
+    static void simplest_func_thunk (int revents, void *arg)
+    {
+      (*cb)
+        ();
+    }
+
+    void feed_fd_event (int fd, int revents) EV_NOEXCEPT
+    {
+      ev_feed_fd_event (EV_AX_ fd, revents);
+    }
+
+    void feed_signal_event (int signum) EV_NOEXCEPT
+    {
+      ev_feed_signal_event (EV_AX_ signum);
+    }
+
+#if EV_MULTIPLICITY
+    struct ev_loop* EV_AX;
+#endif
+
+  };
+
+#if EV_MULTIPLICITY
+  struct dynamic_loop : loop_ref
+  {
+
+    dynamic_loop (unsigned int flags = AUTO)
+    : loop_ref (ev_loop_new (flags))
+    {
+      if (!EV_AX)
+        throw bad_loop ();
+    }
+
+    ~dynamic_loop () EV_NOEXCEPT
+    {
+      ev_loop_destroy (EV_AX);
+      EV_AX = 0;
+    }
+
+  private:
+
+    dynamic_loop (const dynamic_loop &);
+
+    dynamic_loop & operator= (const dynamic_loop &);
+
+  };
+#endif
+
+  struct default_loop : loop_ref
+  {
+    default_loop (unsigned int flags = AUTO)
+#if EV_MULTIPLICITY
+    : loop_ref (ev_default_loop (flags))
+#endif
+    {
+      if (
+#if EV_MULTIPLICITY
+          !EV_AX
+#else
+          !ev_default_loop (flags)
+#endif
+      )
+        throw bad_loop ();
+    }
+
+  private:
+    default_loop (const default_loop &);
+    default_loop &operator = (const default_loop &);
+  };
+
+  inline loop_ref get_default_loop () EV_NOEXCEPT
+  {
+#if EV_MULTIPLICITY
+    return ev_default_loop (0);
+#else
+    return loop_ref ();
+#endif
+  }
+
+#undef EV_AX
+#undef EV_AX_
+
+#undef EV_PX
+#undef EV_PX_
+#if EV_MULTIPLICITY
+#  define EV_PX  loop_ref EV_A
+#  define EV_PX_ loop_ref EV_A_
+#else
+#  define EV_PX
+#  define EV_PX_
+#endif
+
+  template<class ev_watcher, class watcher>
+  struct base : ev_watcher
+  {
+    // scoped pause/unpause of a watcher
+    struct freeze_guard
+    {
+      watcher &w;
+      bool active;
+
+      freeze_guard (watcher *self) EV_NOEXCEPT
+      : w (*self), active (w.is_active ())
+      {
+        if (active) w.stop ();
+      }
+
+      ~freeze_guard ()
+      {
+        if (active) w.start ();
+      }
+    };
+
+    #if EV_MULTIPLICITY
+      EV_PX;
+
+      // loop set
+      void set (EV_P) EV_NOEXCEPT
+      {
+        this->EV_A = EV_A;
+      }
+    #endif
+
+    base (EV_PX) EV_NOEXCEPT
+    #if EV_MULTIPLICITY
+      : EV_A (EV_A)
+    #endif
+    {
+      ev_init (this, 0);
+    }
+
+    void set_ (const void *data, void (*cb)(EV_P_ ev_watcher *w, int revents)) EV_NOEXCEPT
+    {
+      this->data = (void *)data;
+      ev_set_cb (static_cast<ev_watcher *>(this), cb);
+    }
+
+    // function callback
+    template<void (*function)(watcher &w, int)>
+    void set (void *data = 0) EV_NOEXCEPT
+    {
+      set_ (data, function_thunk<function>);
+    }
+
+    template<void (*function)(watcher &w, int)>
+    static void function_thunk (EV_P_ ev_watcher *w, int revents)
+    {
+      function
+        (*static_cast<watcher *>(w), revents);
+    }
+
+    // method callback
+    template<class K, void (K::*method)(watcher &w, int)>
+    void set (K *object) EV_NOEXCEPT
+    {
+      set_ (object, method_thunk<K, method>);
+    }
+
+    // default method == operator ()
+    template<class K>
+    void set (K *object) EV_NOEXCEPT
+    {
+      set_ (object, method_thunk<K, &K::operator ()>);
+    }
+
+    template<class K, void (K::*method)(watcher &w, int)>
+    static void method_thunk (EV_P_ ev_watcher *w, int revents)
+    {
+      (static_cast<K *>(w->data)->*method)
+        (*static_cast<watcher *>(w), revents);
+    }
+
+    // no-argument callback
+    template<class K, void (K::*method)()>
+    void set (K *object) EV_NOEXCEPT
+    {
+      set_ (object, method_noargs_thunk<K, method>);
+    }
+
+    template<class K, void (K::*method)()>
+    static void method_noargs_thunk (EV_P_ ev_watcher *w, int revents)
+    {
+      (static_cast<K *>(w->data)->*method)
+        ();
+    }
+
+    void operator ()(int events = EV_UNDEF)
+    {
+      return
+        ev_cb (static_cast<ev_watcher *>(this))
+          (static_cast<ev_watcher *>(this), events);
+    }
+
+    bool is_active () const EV_NOEXCEPT
+    {
+      return ev_is_active (static_cast<const ev_watcher *>(this));
+    }
+
+    bool is_pending () const EV_NOEXCEPT
+    {
+      return ev_is_pending (static_cast<const ev_watcher *>(this));
+    }
+
+    void feed_event (int revents) EV_NOEXCEPT
+    {
+      ev_feed_event (EV_A_ static_cast<ev_watcher *>(this), revents);
+    }
+  };
+
+  inline tstamp now (EV_P) EV_NOEXCEPT
+  {
+    return ev_now (EV_A);
+  }
+
+  inline void delay (tstamp interval) EV_NOEXCEPT
+  {
+    ev_sleep (interval);
+  }
+
+  inline int version_major () EV_NOEXCEPT
+  {
+    return ev_version_major ();
+  }
+
+  inline int version_minor () EV_NOEXCEPT
+  {
+    return ev_version_minor ();
+  }
+
+  inline unsigned int supported_backends () EV_NOEXCEPT
+  {
+    return ev_supported_backends ();
+  }
+
+  inline unsigned int recommended_backends () EV_NOEXCEPT
+  {
+    return ev_recommended_backends ();
+  }
+
+  inline unsigned int embeddable_backends () EV_NOEXCEPT
+  {
+    return ev_embeddable_backends ();
+  }
+
+  inline void set_allocator (void *(*cb)(void *ptr, long size) EV_NOEXCEPT) EV_NOEXCEPT
+  {
+    ev_set_allocator (cb);
+  }
+
+  inline void set_syserr_cb (void (*cb)(const char *msg) EV_NOEXCEPT) EV_NOEXCEPT
+  {
+    ev_set_syserr_cb (cb);
+  }
+
+  #if EV_MULTIPLICITY
+    #define EV_CONSTRUCT(cppstem,cstem)	                                                \
+      (EV_PX = get_default_loop ()) EV_NOEXCEPT                                         \
+        : base<ev_ ## cstem, cppstem> (EV_A)                                            \
+      {                                                                                 \
+      }
+  #else
+    #define EV_CONSTRUCT(cppstem,cstem)                                                 \
+      () EV_NOEXCEPT                                                                    \
+      {                                                                                 \
+      }
+  #endif
+
+  /* using a template here would require quite a few more lines,
+   * so a macro solution was chosen */
+  #define EV_BEGIN_WATCHER(cppstem,cstem)	                                        \
+                                                                                        \
+  struct cppstem : base<ev_ ## cstem, cppstem>                                          \
+  {                                                                                     \
+    void start () EV_NOEXCEPT                                                           \
+    {                                                                                   \
+      ev_ ## cstem ## _start (EV_A_ static_cast<ev_ ## cstem *>(this));                 \
+    }                                                                                   \
+                                                                                        \
+    void stop () EV_NOEXCEPT                                                            \
+    {                                                                                   \
+      ev_ ## cstem ## _stop (EV_A_ static_cast<ev_ ## cstem *>(this));                  \
+    }                                                                                   \
+                                                                                        \
+    cppstem EV_CONSTRUCT(cppstem,cstem)                                                 \
+                                                                                        \
+    ~cppstem () EV_NOEXCEPT                                                             \
+    {                                                                                   \
+      stop ();                                                                          \
+    }                                                                                   \
+                                                                                        \
+    using base<ev_ ## cstem, cppstem>::set;                                             \
+                                                                                        \
+  private:                                                                              \
+                                                                                        \
+    cppstem (const cppstem &o);                                                         \
+                                                                                        \
+    cppstem &operator =(const cppstem &o);                                              \
+                                                                                        \
+  public:
+
+  #define EV_END_WATCHER(cppstem,cstem)	                                                \
+  };
+
+  EV_BEGIN_WATCHER (io, io)
+    void set (int fd, int events) EV_NOEXCEPT
+    {
+      freeze_guard freeze (this);
+      ev_io_set (static_cast<ev_io *>(this), fd, events);
+    }
+
+    void set (int events) EV_NOEXCEPT
+    {
+      freeze_guard freeze (this);
+      ev_io_modify (static_cast<ev_io *>(this), events);
+    }
+
+    void start (int fd, int events) EV_NOEXCEPT
+    {
+      set (fd, events);
+      start ();
+    }
+  EV_END_WATCHER (io, io)
+
+  EV_BEGIN_WATCHER (timer, timer)
+    void set (ev_tstamp after, ev_tstamp repeat = 0.) EV_NOEXCEPT
+    {
+      freeze_guard freeze (this);
+      ev_timer_set (static_cast<ev_timer *>(this), after, repeat);
+    }
+
+    void start (ev_tstamp after, ev_tstamp repeat = 0.) EV_NOEXCEPT
+    {
+      set (after, repeat);
+      start ();
+    }
+
+    void again () EV_NOEXCEPT
+    {
+      ev_timer_again (EV_A_ static_cast<ev_timer *>(this));
+    }
+
+    ev_tstamp remaining ()
+    {
+      return ev_timer_remaining (EV_A_ static_cast<ev_timer *>(this));
+    }
+  EV_END_WATCHER (timer, timer)
+
+  #if EV_PERIODIC_ENABLE
+  EV_BEGIN_WATCHER (periodic, periodic)
+    void set (ev_tstamp at, ev_tstamp interval = 0.) EV_NOEXCEPT
+    {
+      freeze_guard freeze (this);
+      ev_periodic_set (static_cast<ev_periodic *>(this), at, interval, 0);
+    }
+
+    void start (ev_tstamp at, ev_tstamp interval = 0.) EV_NOEXCEPT
+    {
+      set (at, interval);
+      start ();
+    }
+
+    void again () EV_NOEXCEPT
+    {
+      ev_periodic_again (EV_A_ static_cast<ev_periodic *>(this));
+    }
+  EV_END_WATCHER (periodic, periodic)
+  #endif
+
+  #if EV_SIGNAL_ENABLE
+  EV_BEGIN_WATCHER (sig, signal)
+    void set (int signum) EV_NOEXCEPT
+    {
+      freeze_guard freeze (this);
+      ev_signal_set (static_cast<ev_signal *>(this), signum);
+    }
+
+    void start (int signum) EV_NOEXCEPT
+    {
+      set (signum);
+      start ();
+    }
+  EV_END_WATCHER (sig, signal)
+  #endif
+
+  #if EV_CHILD_ENABLE
+  EV_BEGIN_WATCHER (child, child)
+    void set (int pid, int trace = 0) EV_NOEXCEPT
+    {
+      freeze_guard freeze (this);
+      ev_child_set (static_cast<ev_child *>(this), pid, trace);
+    }
+
+    void start (int pid, int trace = 0) EV_NOEXCEPT
+    {
+      set (pid, trace);
+      start ();
+    }
+  EV_END_WATCHER (child, child)
+  #endif
+
+  #if EV_STAT_ENABLE
+  EV_BEGIN_WATCHER (stat, stat)
+    void set (const char *path, ev_tstamp interval = 0.) EV_NOEXCEPT
+    {
+      freeze_guard freeze (this);
+      ev_stat_set (static_cast<ev_stat *>(this), path, interval);
+    }
+
+    void start (const char *path, ev_tstamp interval = 0.) EV_NOEXCEPT
+    {
+      stop ();
+      set (path, interval);
+      start ();
+    }
+
+    void update () EV_NOEXCEPT
+    {
+      ev_stat_stat (EV_A_ static_cast<ev_stat *>(this));
+    }
+  EV_END_WATCHER (stat, stat)
+  #endif
+
+  #if EV_IDLE_ENABLE
+  EV_BEGIN_WATCHER (idle, idle)
+    void set () EV_NOEXCEPT { }
+  EV_END_WATCHER (idle, idle)
+  #endif
+
+  #if EV_PREPARE_ENABLE
+  EV_BEGIN_WATCHER (prepare, prepare)
+    void set () EV_NOEXCEPT { }
+  EV_END_WATCHER (prepare, prepare)
+  #endif
+
+  #if EV_CHECK_ENABLE
+  EV_BEGIN_WATCHER (check, check)
+    void set () EV_NOEXCEPT { }
+  EV_END_WATCHER (check, check)
+  #endif
+
+  #if EV_EMBED_ENABLE
+  EV_BEGIN_WATCHER (embed, embed)
+    void set_embed (struct ev_loop *embedded_loop) EV_NOEXCEPT
+    {
+      freeze_guard freeze (this);
+      ev_embed_set (static_cast<ev_embed *>(this), embedded_loop);
+    }
+
+    void start (struct ev_loop *embedded_loop) EV_NOEXCEPT
+    {
+      set (embedded_loop);
+      start ();
+    }
+
+    void sweep ()
+    {
+      ev_embed_sweep (EV_A_ static_cast<ev_embed *>(this));
+    }
+  EV_END_WATCHER (embed, embed)
+  #endif
+
+  #if EV_FORK_ENABLE
+  EV_BEGIN_WATCHER (fork, fork)
+    void set () EV_NOEXCEPT { }
+  EV_END_WATCHER (fork, fork)
+  #endif
+
+  #if EV_ASYNC_ENABLE
+  EV_BEGIN_WATCHER (async, async)
+    void send () EV_NOEXCEPT
+    {
+      ev_async_send (EV_A_ static_cast<ev_async *>(this));
+    }
+
+    bool async_pending () EV_NOEXCEPT
+    {
+      return ev_async_pending (static_cast<ev_async *>(this));
+    }
+  EV_END_WATCHER (async, async)
+  #endif
+
+  #undef EV_PX
+  #undef EV_PX_
+  #undef EV_CONSTRUCT
+  #undef EV_BEGIN_WATCHER
+  #undef EV_END_WATCHER
+}
+
+#endif
+
diff --git a/client/3rd/ShadowSocks/ShadowSocks/libev/armv7s/include/ev.h b/client/3rd/ShadowSocks/ShadowSocks/libev/armv7s/include/ev.h
new file mode 100644
index 00000000..4669c39b
--- /dev/null
+++ b/client/3rd/ShadowSocks/ShadowSocks/libev/armv7s/include/ev.h
@@ -0,0 +1,860 @@
+/*
+ * libev native API header
+ *
+ * Copyright (c) 2007-2020 Marc Alexander Lehmann <libev@schmorp.de>
+ * All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without modifica-
+ * tion, are permitted provided that the following conditions are met:
+ *
+ *   1.  Redistributions of source code must retain the above copyright notice,
+ *       this list of conditions and the following disclaimer.
+ *
+ *   2.  Redistributions in binary form must reproduce the above copyright
+ *       notice, this list of conditions and the following disclaimer in the
+ *       documentation and/or other materials provided with the distribution.
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE AUTHOR ``AS IS'' AND ANY EXPRESS OR IMPLIED
+ * WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MER-
+ * CHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED.  IN NO
+ * EVENT SHALL THE AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPE-
+ * CIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO,
+ * PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS;
+ * OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY,
+ * WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTH-
+ * ERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
+ * OF THE POSSIBILITY OF SUCH DAMAGE.
+ *
+ * Alternatively, the contents of this file may be used under the terms of
+ * the GNU General Public License ("GPL") version 2 or any later version,
+ * in which case the provisions of the GPL are applicable instead of
+ * the above. If you wish to allow the use of your version of this file
+ * only under the terms of the GPL and not to allow others to use your
+ * version of this file under the BSD license, indicate your decision
+ * by deleting the provisions above and replace them with the notice
+ * and other provisions required by the GPL. If you do not delete the
+ * provisions above, a recipient may use your version of this file under
+ * either the BSD or the GPL.
+ */
+
+#ifndef EV_H_
+#define EV_H_
+
+#ifdef __cplusplus
+# define EV_CPP(x) x
+# if __cplusplus >= 201103L
+#  define EV_NOEXCEPT noexcept
+# else
+#  define EV_NOEXCEPT
+# endif
+#else
+# define EV_CPP(x)
+# define EV_NOEXCEPT
+#endif
+#define EV_THROW EV_NOEXCEPT /* pre-4.25, do not use in new code */
+
+EV_CPP(extern "C" {)
+
+/*****************************************************************************/
+
+/* pre-4.0 compatibility */
+#ifndef EV_COMPAT3
+# define EV_COMPAT3 1
+#endif
+
+#ifndef EV_FEATURES
+# if defined __OPTIMIZE_SIZE__
+#  define EV_FEATURES 0x7c
+# else
+#  define EV_FEATURES 0x7f
+# endif
+#endif
+
+#define EV_FEATURE_CODE     ((EV_FEATURES) &  1)
+#define EV_FEATURE_DATA     ((EV_FEATURES) &  2)
+#define EV_FEATURE_CONFIG   ((EV_FEATURES) &  4)
+#define EV_FEATURE_API      ((EV_FEATURES) &  8)
+#define EV_FEATURE_WATCHERS ((EV_FEATURES) & 16)
+#define EV_FEATURE_BACKENDS ((EV_FEATURES) & 32)
+#define EV_FEATURE_OS       ((EV_FEATURES) & 64)
+
+/* these priorities are inclusive, higher priorities will be invoked earlier */
+#ifndef EV_MINPRI
+# define EV_MINPRI (EV_FEATURE_CONFIG ? -2 : 0)
+#endif
+#ifndef EV_MAXPRI
+# define EV_MAXPRI (EV_FEATURE_CONFIG ? +2 : 0)
+#endif
+
+#ifndef EV_MULTIPLICITY
+# define EV_MULTIPLICITY EV_FEATURE_CONFIG
+#endif
+
+#ifndef EV_PERIODIC_ENABLE
+# define EV_PERIODIC_ENABLE EV_FEATURE_WATCHERS
+#endif
+
+#ifndef EV_STAT_ENABLE
+# define EV_STAT_ENABLE EV_FEATURE_WATCHERS
+#endif
+
+#ifndef EV_PREPARE_ENABLE
+# define EV_PREPARE_ENABLE EV_FEATURE_WATCHERS
+#endif
+
+#ifndef EV_CHECK_ENABLE
+# define EV_CHECK_ENABLE EV_FEATURE_WATCHERS
+#endif
+
+#ifndef EV_IDLE_ENABLE
+# define EV_IDLE_ENABLE EV_FEATURE_WATCHERS
+#endif
+
+#ifndef EV_FORK_ENABLE
+# define EV_FORK_ENABLE EV_FEATURE_WATCHERS
+#endif
+
+#ifndef EV_CLEANUP_ENABLE
+# define EV_CLEANUP_ENABLE EV_FEATURE_WATCHERS
+#endif
+
+#ifndef EV_SIGNAL_ENABLE
+# define EV_SIGNAL_ENABLE EV_FEATURE_WATCHERS
+#endif
+
+#ifndef EV_CHILD_ENABLE
+# ifdef _WIN32
+#  define EV_CHILD_ENABLE 0
+# else
+#  define EV_CHILD_ENABLE EV_FEATURE_WATCHERS
+#endif
+#endif
+
+#ifndef EV_ASYNC_ENABLE
+# define EV_ASYNC_ENABLE EV_FEATURE_WATCHERS
+#endif
+
+#ifndef EV_EMBED_ENABLE
+# define EV_EMBED_ENABLE EV_FEATURE_WATCHERS
+#endif
+
+#ifndef EV_WALK_ENABLE
+# define EV_WALK_ENABLE 0 /* not yet */
+#endif
+
+/*****************************************************************************/
+
+#if EV_CHILD_ENABLE && !EV_SIGNAL_ENABLE
+# undef EV_SIGNAL_ENABLE
+# define EV_SIGNAL_ENABLE 1
+#endif
+
+/*****************************************************************************/
+
+#ifndef EV_TSTAMP_T
+# define EV_TSTAMP_T double
+#endif
+typedef EV_TSTAMP_T ev_tstamp;
+
+#include <string.h> /* for memmove */
+
+#ifndef EV_ATOMIC_T
+# include <signal.h>
+# define EV_ATOMIC_T sig_atomic_t volatile
+#endif
+
+#if EV_STAT_ENABLE
+# ifdef _WIN32
+#  include <time.h>
+#  include <sys/types.h>
+# endif
+# include <sys/stat.h>
+#endif
+
+/* support multiple event loops? */
+#if EV_MULTIPLICITY
+struct ev_loop;
+# define EV_P  struct ev_loop *loop               /* a loop as sole parameter in a declaration */
+# define EV_P_ EV_P,                              /* a loop as first of multiple parameters */
+# define EV_A  loop                               /* a loop as sole argument to a function call */
+# define EV_A_ EV_A,                              /* a loop as first of multiple arguments */
+# define EV_DEFAULT_UC  ev_default_loop_uc_ ()    /* the default loop, if initialised, as sole arg */
+# define EV_DEFAULT_UC_ EV_DEFAULT_UC,            /* the default loop as first of multiple arguments */
+# define EV_DEFAULT  ev_default_loop (0)          /* the default loop as sole arg */
+# define EV_DEFAULT_ EV_DEFAULT,                  /* the default loop as first of multiple arguments */
+#else
+# define EV_P void
+# define EV_P_
+# define EV_A
+# define EV_A_
+# define EV_DEFAULT
+# define EV_DEFAULT_
+# define EV_DEFAULT_UC
+# define EV_DEFAULT_UC_
+# undef EV_EMBED_ENABLE
+#endif
+
+/* EV_INLINE is used for functions in header files */
+#if __STDC_VERSION__ >= 199901L || __GNUC__ >= 3
+# define EV_INLINE static inline
+#else
+# define EV_INLINE static
+#endif
+
+#ifdef EV_API_STATIC
+# define EV_API_DECL static
+#else
+# define EV_API_DECL extern
+#endif
+
+/* EV_PROTOTYPES can be used to switch of prototype declarations */
+#ifndef EV_PROTOTYPES
+# define EV_PROTOTYPES 1
+#endif
+
+/*****************************************************************************/
+
+#define EV_VERSION_MAJOR 4
+#define EV_VERSION_MINOR 33
+
+/* eventmask, revents, events... */
+enum {
+  EV_UNDEF    = (int)0xFFFFFFFF, /* guaranteed to be invalid */
+  EV_NONE     =            0x00, /* no events */
+  EV_READ     =            0x01, /* ev_io detected read will not block */
+  EV_WRITE    =            0x02, /* ev_io detected write will not block */
+  EV__IOFDSET =            0x80, /* internal use only */
+  EV_IO       =         EV_READ, /* alias for type-detection */
+  EV_TIMER    =      0x00000100, /* timer timed out */
+#if EV_COMPAT3
+  EV_TIMEOUT  =        EV_TIMER, /* pre 4.0 API compatibility */
+#endif
+  EV_PERIODIC =      0x00000200, /* periodic timer timed out */
+  EV_SIGNAL   =      0x00000400, /* signal was received */
+  EV_CHILD    =      0x00000800, /* child/pid had status change */
+  EV_STAT     =      0x00001000, /* stat data changed */
+  EV_IDLE     =      0x00002000, /* event loop is idling */
+  EV_PREPARE  =      0x00004000, /* event loop about to poll */
+  EV_CHECK    =      0x00008000, /* event loop finished poll */
+  EV_EMBED    =      0x00010000, /* embedded event loop needs sweep */
+  EV_FORK     =      0x00020000, /* event loop resumed in child */
+  EV_CLEANUP  =      0x00040000, /* event loop resumed in child */
+  EV_ASYNC    =      0x00080000, /* async intra-loop signal */
+  EV_CUSTOM   =      0x01000000, /* for use by user code */
+  EV_ERROR    = (int)0x80000000  /* sent when an error occurs */
+};
+
+/* can be used to add custom fields to all watchers, while losing binary compatibility */
+#ifndef EV_COMMON
+# define EV_COMMON void *data;
+#endif
+
+#ifndef EV_CB_DECLARE
+# define EV_CB_DECLARE(type) void (*cb)(EV_P_ struct type *w, int revents);
+#endif
+#ifndef EV_CB_INVOKE
+# define EV_CB_INVOKE(watcher,revents) (watcher)->cb (EV_A_ (watcher), (revents))
+#endif
+
+/* not official, do not use */
+#define EV_CB(type,name) void name (EV_P_ struct ev_ ## type *w, int revents)
+
+/*
+ * struct member types:
+ * private: you may look at them, but not change them,
+ *          and they might not mean anything to you.
+ * ro: can be read anytime, but only changed when the watcher isn't active.
+ * rw: can be read and modified anytime, even when the watcher is active.
+ *
+ * some internal details that might be helpful for debugging:
+ *
+ * active is either 0, which means the watcher is not active,
+ *           or the array index of the watcher (periodics, timers)
+ *           or the array index + 1 (most other watchers)
+ *           or simply 1 for watchers that aren't in some array.
+ * pending is either 0, in which case the watcher isn't,
+ *           or the array index + 1 in the pendings array.
+ */
+
+#if EV_MINPRI == EV_MAXPRI
+# define EV_DECL_PRIORITY
+#elif !defined (EV_DECL_PRIORITY)
+# define EV_DECL_PRIORITY int priority;
+#endif
+
+/* shared by all watchers */
+#define EV_WATCHER(type)			\
+  int active; /* private */			\
+  int pending; /* private */			\
+  EV_DECL_PRIORITY /* private */		\
+  EV_COMMON /* rw */				\
+  EV_CB_DECLARE (type) /* private */
+
+#define EV_WATCHER_LIST(type)			\
+  EV_WATCHER (type)				\
+  struct ev_watcher_list *next; /* private */
+
+#define EV_WATCHER_TIME(type)			\
+  EV_WATCHER (type)				\
+  ev_tstamp at;     /* private */
+
+/* base class, nothing to see here unless you subclass */
+typedef struct ev_watcher
+{
+  EV_WATCHER (ev_watcher)
+} ev_watcher;
+
+/* base class, nothing to see here unless you subclass */
+typedef struct ev_watcher_list
+{
+  EV_WATCHER_LIST (ev_watcher_list)
+} ev_watcher_list;
+
+/* base class, nothing to see here unless you subclass */
+typedef struct ev_watcher_time
+{
+  EV_WATCHER_TIME (ev_watcher_time)
+} ev_watcher_time;
+
+/* invoked when fd is either EV_READable or EV_WRITEable */
+/* revent EV_READ, EV_WRITE */
+typedef struct ev_io
+{
+  EV_WATCHER_LIST (ev_io)
+
+  int fd;     /* ro */
+  int events; /* ro */
+} ev_io;
+
+/* invoked after a specific time, repeatable (based on monotonic clock) */
+/* revent EV_TIMEOUT */
+typedef struct ev_timer
+{
+  EV_WATCHER_TIME (ev_timer)
+
+  ev_tstamp repeat; /* rw */
+} ev_timer;
+
+/* invoked at some specific time, possibly repeating at regular intervals (based on UTC) */
+/* revent EV_PERIODIC */
+typedef struct ev_periodic
+{
+  EV_WATCHER_TIME (ev_periodic)
+
+  ev_tstamp offset; /* rw */
+  ev_tstamp interval; /* rw */
+  ev_tstamp (*reschedule_cb)(struct ev_periodic *w, ev_tstamp now) EV_NOEXCEPT; /* rw */
+} ev_periodic;
+
+/* invoked when the given signal has been received */
+/* revent EV_SIGNAL */
+typedef struct ev_signal
+{
+  EV_WATCHER_LIST (ev_signal)
+
+  int signum; /* ro */
+} ev_signal;
+
+/* invoked when sigchld is received and waitpid indicates the given pid */
+/* revent EV_CHILD */
+/* does not support priorities */
+typedef struct ev_child
+{
+  EV_WATCHER_LIST (ev_child)
+
+  int flags;   /* private */
+  int pid;     /* ro */
+  int rpid;    /* rw, holds the received pid */
+  int rstatus; /* rw, holds the exit status, use the macros from sys/wait.h */
+} ev_child;
+
+#if EV_STAT_ENABLE
+/* st_nlink = 0 means missing file or other error */
+# ifdef _WIN32
+typedef struct _stati64 ev_statdata;
+# else
+typedef struct stat ev_statdata;
+# endif
+
+/* invoked each time the stat data changes for a given path */
+/* revent EV_STAT */
+typedef struct ev_stat
+{
+  EV_WATCHER_LIST (ev_stat)
+
+  ev_timer timer;     /* private */
+  ev_tstamp interval; /* ro */
+  const char *path;   /* ro */
+  ev_statdata prev;   /* ro */
+  ev_statdata attr;   /* ro */
+
+  int wd; /* wd for inotify, fd for kqueue */
+} ev_stat;
+#endif
+
+/* invoked when the nothing else needs to be done, keeps the process from blocking */
+/* revent EV_IDLE */
+typedef struct ev_idle
+{
+  EV_WATCHER (ev_idle)
+} ev_idle;
+
+/* invoked for each run of the mainloop, just before the blocking call */
+/* you can still change events in any way you like */
+/* revent EV_PREPARE */
+typedef struct ev_prepare
+{
+  EV_WATCHER (ev_prepare)
+} ev_prepare;
+
+/* invoked for each run of the mainloop, just after the blocking call */
+/* revent EV_CHECK */
+typedef struct ev_check
+{
+  EV_WATCHER (ev_check)
+} ev_check;
+
+/* the callback gets invoked before check in the child process when a fork was detected */
+/* revent EV_FORK */
+typedef struct ev_fork
+{
+  EV_WATCHER (ev_fork)
+} ev_fork;
+
+/* is invoked just before the loop gets destroyed */
+/* revent EV_CLEANUP */
+typedef struct ev_cleanup
+{
+  EV_WATCHER (ev_cleanup)
+} ev_cleanup;
+
+#if EV_EMBED_ENABLE
+/* used to embed an event loop inside another */
+/* the callback gets invoked when the event loop has handled events, and can be 0 */
+typedef struct ev_embed
+{
+  EV_WATCHER (ev_embed)
+
+  struct ev_loop *other; /* ro */
+#undef EV_IO_ENABLE
+#define EV_IO_ENABLE 1
+  ev_io io;              /* private */
+#undef EV_PREPARE_ENABLE
+#define EV_PREPARE_ENABLE 1
+  ev_prepare prepare;    /* private */
+  ev_check check;        /* unused */
+  ev_timer timer;        /* unused */
+  ev_periodic periodic;  /* unused */
+  ev_idle idle;          /* unused */
+  ev_fork fork;          /* private */
+  ev_cleanup cleanup;    /* unused */
+} ev_embed;
+#endif
+
+#if EV_ASYNC_ENABLE
+/* invoked when somebody calls ev_async_send on the watcher */
+/* revent EV_ASYNC */
+typedef struct ev_async
+{
+  EV_WATCHER (ev_async)
+
+  EV_ATOMIC_T sent; /* private */
+} ev_async;
+
+# define ev_async_pending(w) (+(w)->sent)
+#endif
+
+/* the presence of this union forces similar struct layout */
+union ev_any_watcher
+{
+  struct ev_watcher w;
+  struct ev_watcher_list wl;
+
+  struct ev_io io;
+  struct ev_timer timer;
+  struct ev_periodic periodic;
+  struct ev_signal signal;
+  struct ev_child child;
+#if EV_STAT_ENABLE
+  struct ev_stat stat;
+#endif
+#if EV_IDLE_ENABLE
+  struct ev_idle idle;
+#endif
+  struct ev_prepare prepare;
+  struct ev_check check;
+#if EV_FORK_ENABLE
+  struct ev_fork fork;
+#endif
+#if EV_CLEANUP_ENABLE
+  struct ev_cleanup cleanup;
+#endif
+#if EV_EMBED_ENABLE
+  struct ev_embed embed;
+#endif
+#if EV_ASYNC_ENABLE
+  struct ev_async async;
+#endif
+};
+
+/* flag bits for ev_default_loop and ev_loop_new */
+enum {
+  /* the default */
+  EVFLAG_AUTO       = 0x00000000U, /* not quite a mask */
+  /* flag bits */
+  EVFLAG_NOENV      = 0x01000000U, /* do NOT consult environment */
+  EVFLAG_FORKCHECK  = 0x02000000U, /* check for a fork in each iteration */
+  /* debugging/feature disable */
+  EVFLAG_NOINOTIFY  = 0x00100000U, /* do not attempt to use inotify */
+#if EV_COMPAT3
+  EVFLAG_NOSIGFD    = 0, /* compatibility to pre-3.9 */
+#endif
+  EVFLAG_SIGNALFD   = 0x00200000U, /* attempt to use signalfd */
+  EVFLAG_NOSIGMASK  = 0x00400000U, /* avoid modifying the signal mask */
+  EVFLAG_NOTIMERFD  = 0x00800000U  /* avoid creating a timerfd */
+};
+
+/* method bits to be ored together */
+enum {
+  EVBACKEND_SELECT   = 0x00000001U, /* available just about anywhere */
+  EVBACKEND_POLL     = 0x00000002U, /* !win, !aix, broken on osx */
+  EVBACKEND_EPOLL    = 0x00000004U, /* linux */
+  EVBACKEND_KQUEUE   = 0x00000008U, /* bsd, broken on osx */
+  EVBACKEND_DEVPOLL  = 0x00000010U, /* solaris 8 */ /* NYI */
+  EVBACKEND_PORT     = 0x00000020U, /* solaris 10 */
+  EVBACKEND_LINUXAIO = 0x00000040U, /* linux AIO, 4.19+ */
+  EVBACKEND_IOURING  = 0x00000080U, /* linux io_uring, 5.1+ */
+  EVBACKEND_ALL      = 0x000000FFU, /* all known backends */
+  EVBACKEND_MASK     = 0x0000FFFFU  /* all future backends */
+};
+
+#if EV_PROTOTYPES
+EV_API_DECL int ev_version_major (void) EV_NOEXCEPT;
+EV_API_DECL int ev_version_minor (void) EV_NOEXCEPT;
+
+EV_API_DECL unsigned int ev_supported_backends (void) EV_NOEXCEPT;
+EV_API_DECL unsigned int ev_recommended_backends (void) EV_NOEXCEPT;
+EV_API_DECL unsigned int ev_embeddable_backends (void) EV_NOEXCEPT;
+
+EV_API_DECL ev_tstamp ev_time (void) EV_NOEXCEPT;
+EV_API_DECL void ev_sleep (ev_tstamp delay) EV_NOEXCEPT; /* sleep for a while */
+
+/* Sets the allocation function to use, works like realloc.
+ * It is used to allocate and free memory.
+ * If it returns zero when memory needs to be allocated, the library might abort
+ * or take some potentially destructive action.
+ * The default is your system realloc function.
+ */
+EV_API_DECL void ev_set_allocator (void *(*cb)(void *ptr, long size) EV_NOEXCEPT) EV_NOEXCEPT;
+
+/* set the callback function to call on a
+ * retryable syscall error
+ * (such as failed select, poll, epoll_wait)
+ */
+EV_API_DECL void ev_set_syserr_cb (void (*cb)(const char *msg) EV_NOEXCEPT) EV_NOEXCEPT;
+
+#if EV_MULTIPLICITY
+
+/* the default loop is the only one that handles signals and child watchers */
+/* you can call this as often as you like */
+EV_API_DECL struct ev_loop *ev_default_loop (unsigned int flags EV_CPP (= 0)) EV_NOEXCEPT;
+
+#ifdef EV_API_STATIC
+EV_API_DECL struct ev_loop *ev_default_loop_ptr;
+#endif
+
+EV_INLINE struct ev_loop *
+ev_default_loop_uc_ (void) EV_NOEXCEPT
+{
+  extern struct ev_loop *ev_default_loop_ptr;
+
+  return ev_default_loop_ptr;
+}
+
+EV_INLINE int
+ev_is_default_loop (EV_P) EV_NOEXCEPT
+{
+  return EV_A == EV_DEFAULT_UC;
+}
+
+/* create and destroy alternative loops that don't handle signals */
+EV_API_DECL struct ev_loop *ev_loop_new (unsigned int flags EV_CPP (= 0)) EV_NOEXCEPT;
+
+EV_API_DECL ev_tstamp ev_now (EV_P) EV_NOEXCEPT; /* time w.r.t. timers and the eventloop, updated after each poll */
+
+#else
+
+EV_API_DECL int ev_default_loop (unsigned int flags EV_CPP (= 0)) EV_NOEXCEPT; /* returns true when successful */
+
+EV_API_DECL ev_tstamp ev_rt_now;
+
+EV_INLINE ev_tstamp
+ev_now (void) EV_NOEXCEPT
+{
+  return ev_rt_now;
+}
+
+/* looks weird, but ev_is_default_loop (EV_A) still works if this exists */
+EV_INLINE int
+ev_is_default_loop (void) EV_NOEXCEPT
+{
+  return 1;
+}
+
+#endif /* multiplicity */
+
+/* destroy event loops, also works for the default loop */
+EV_API_DECL void ev_loop_destroy (EV_P);
+
+/* this needs to be called after fork, to duplicate the loop */
+/* when you want to re-use it in the child */
+/* you can call it in either the parent or the child */
+/* you can actually call it at any time, anywhere :) */
+EV_API_DECL void ev_loop_fork (EV_P) EV_NOEXCEPT;
+
+EV_API_DECL unsigned int ev_backend (EV_P) EV_NOEXCEPT; /* backend in use by loop */
+
+EV_API_DECL void ev_now_update (EV_P) EV_NOEXCEPT; /* update event loop time */
+
+#if EV_WALK_ENABLE
+/* walk (almost) all watchers in the loop of a given type, invoking the */
+/* callback on every such watcher. The callback might stop the watcher, */
+/* but do nothing else with the loop */
+EV_API_DECL void ev_walk (EV_P_ int types, void (*cb)(EV_P_ int type, void *w)) EV_NOEXCEPT;
+#endif
+
+#endif /* prototypes */
+
+/* ev_run flags values */
+enum {
+  EVRUN_NOWAIT = 1, /* do not block/wait */
+  EVRUN_ONCE   = 2  /* block *once* only */
+};
+
+/* ev_break how values */
+enum {
+  EVBREAK_CANCEL = 0, /* undo unloop */
+  EVBREAK_ONE    = 1, /* unloop once */
+  EVBREAK_ALL    = 2  /* unloop all loops */
+};
+
+#if EV_PROTOTYPES
+EV_API_DECL int  ev_run (EV_P_ int flags EV_CPP (= 0));
+EV_API_DECL void ev_break (EV_P_ int how EV_CPP (= EVBREAK_ONE)) EV_NOEXCEPT; /* break out of the loop */
+
+/*
+ * ref/unref can be used to add or remove a refcount on the mainloop. every watcher
+ * keeps one reference. if you have a long-running watcher you never unregister that
+ * should not keep ev_loop from running, unref() after starting, and ref() before stopping.
+ */
+EV_API_DECL void ev_ref   (EV_P) EV_NOEXCEPT;
+EV_API_DECL void ev_unref (EV_P) EV_NOEXCEPT;
+
+/*
+ * convenience function, wait for a single event, without registering an event watcher
+ * if timeout is < 0, do wait indefinitely
+ */
+EV_API_DECL void ev_once (EV_P_ int fd, int events, ev_tstamp timeout, void (*cb)(int revents, void *arg), void *arg) EV_NOEXCEPT;
+
+EV_API_DECL void ev_invoke_pending (EV_P); /* invoke all pending watchers */
+
+# if EV_FEATURE_API
+EV_API_DECL unsigned int ev_iteration (EV_P) EV_NOEXCEPT; /* number of loop iterations */
+EV_API_DECL unsigned int ev_depth     (EV_P) EV_NOEXCEPT; /* #ev_loop enters - #ev_loop leaves */
+EV_API_DECL void         ev_verify    (EV_P) EV_NOEXCEPT; /* abort if loop data corrupted */
+
+EV_API_DECL void ev_set_io_collect_interval (EV_P_ ev_tstamp interval) EV_NOEXCEPT; /* sleep at least this time, default 0 */
+EV_API_DECL void ev_set_timeout_collect_interval (EV_P_ ev_tstamp interval) EV_NOEXCEPT; /* sleep at least this time, default 0 */
+
+/* advanced stuff for threading etc. support, see docs */
+EV_API_DECL void ev_set_userdata (EV_P_ void *data) EV_NOEXCEPT;
+EV_API_DECL void *ev_userdata (EV_P) EV_NOEXCEPT;
+typedef void (*ev_loop_callback)(EV_P);
+EV_API_DECL void ev_set_invoke_pending_cb (EV_P_ ev_loop_callback invoke_pending_cb) EV_NOEXCEPT;
+/* C++ doesn't allow the use of the ev_loop_callback typedef here, so we need to spell it out */
+EV_API_DECL void ev_set_loop_release_cb (EV_P_ void (*release)(EV_P) EV_NOEXCEPT, void (*acquire)(EV_P) EV_NOEXCEPT) EV_NOEXCEPT;
+
+EV_API_DECL unsigned int ev_pending_count (EV_P) EV_NOEXCEPT; /* number of pending events, if any */
+
+/*
+ * stop/start the timer handling.
+ */
+EV_API_DECL void ev_suspend (EV_P) EV_NOEXCEPT;
+EV_API_DECL void ev_resume  (EV_P) EV_NOEXCEPT;
+#endif
+
+#endif
+
+/* these may evaluate ev multiple times, and the other arguments at most once */
+/* either use ev_init + ev_TYPE_set, or the ev_TYPE_init macro, below, to first initialise a watcher */
+#define ev_init(ev,cb_) do {			\
+  ((ev_watcher *)(void *)(ev))->active  =	\
+  ((ev_watcher *)(void *)(ev))->pending = 0;	\
+  ev_set_priority ((ev), 0);			\
+  ev_set_cb ((ev), cb_);			\
+} while (0)
+
+#define ev_io_modify(ev,events_)             do { (ev)->events = (ev)->events & EV__IOFDSET | (events_); } while (0)
+#define ev_io_set(ev,fd_,events_)            do { (ev)->fd = (fd_); (ev)->events = (events_) | EV__IOFDSET; } while (0)
+#define ev_timer_set(ev,after_,repeat_)      do { ((ev_watcher_time *)(ev))->at = (after_); (ev)->repeat = (repeat_); } while (0)
+#define ev_periodic_set(ev,ofs_,ival_,rcb_)  do { (ev)->offset = (ofs_); (ev)->interval = (ival_); (ev)->reschedule_cb = (rcb_); } while (0)
+#define ev_signal_set(ev,signum_)            do { (ev)->signum = (signum_); } while (0)
+#define ev_child_set(ev,pid_,trace_)         do { (ev)->pid = (pid_); (ev)->flags = !!(trace_); } while (0)
+#define ev_stat_set(ev,path_,interval_)      do { (ev)->path = (path_); (ev)->interval = (interval_); (ev)->wd = -2; } while (0)
+#define ev_idle_set(ev)                      /* nop, yes, this is a serious in-joke */
+#define ev_prepare_set(ev)                   /* nop, yes, this is a serious in-joke */
+#define ev_check_set(ev)                     /* nop, yes, this is a serious in-joke */
+#define ev_embed_set(ev,other_)              do { (ev)->other = (other_); } while (0)
+#define ev_fork_set(ev)                      /* nop, yes, this is a serious in-joke */
+#define ev_cleanup_set(ev)                   /* nop, yes, this is a serious in-joke */
+#define ev_async_set(ev)                     /* nop, yes, this is a serious in-joke */
+
+#define ev_io_init(ev,cb,fd,events)          do { ev_init ((ev), (cb)); ev_io_set ((ev),(fd),(events)); } while (0)
+#define ev_timer_init(ev,cb,after,repeat)    do { ev_init ((ev), (cb)); ev_timer_set ((ev),(after),(repeat)); } while (0)
+#define ev_periodic_init(ev,cb,ofs,ival,rcb) do { ev_init ((ev), (cb)); ev_periodic_set ((ev),(ofs),(ival),(rcb)); } while (0)
+#define ev_signal_init(ev,cb,signum)         do { ev_init ((ev), (cb)); ev_signal_set ((ev), (signum)); } while (0)
+#define ev_child_init(ev,cb,pid,trace)       do { ev_init ((ev), (cb)); ev_child_set ((ev),(pid),(trace)); } while (0)
+#define ev_stat_init(ev,cb,path,interval)    do { ev_init ((ev), (cb)); ev_stat_set ((ev),(path),(interval)); } while (0)
+#define ev_idle_init(ev,cb)                  do { ev_init ((ev), (cb)); ev_idle_set ((ev)); } while (0)
+#define ev_prepare_init(ev,cb)               do { ev_init ((ev), (cb)); ev_prepare_set ((ev)); } while (0)
+#define ev_check_init(ev,cb)                 do { ev_init ((ev), (cb)); ev_check_set ((ev)); } while (0)
+#define ev_embed_init(ev,cb,other)           do { ev_init ((ev), (cb)); ev_embed_set ((ev),(other)); } while (0)
+#define ev_fork_init(ev,cb)                  do { ev_init ((ev), (cb)); ev_fork_set ((ev)); } while (0)
+#define ev_cleanup_init(ev,cb)               do { ev_init ((ev), (cb)); ev_cleanup_set ((ev)); } while (0)
+#define ev_async_init(ev,cb)                 do { ev_init ((ev), (cb)); ev_async_set ((ev)); } while (0)
+
+#define ev_is_pending(ev)                    (0 + ((ev_watcher *)(void *)(ev))->pending) /* ro, true when watcher is waiting for callback invocation */
+#define ev_is_active(ev)                     (0 + ((ev_watcher *)(void *)(ev))->active) /* ro, true when the watcher has been started */
+
+#define ev_cb_(ev)                           (ev)->cb /* rw */
+#define ev_cb(ev)                            (memmove (&ev_cb_ (ev), &((ev_watcher *)(ev))->cb, sizeof (ev_cb_ (ev))), (ev)->cb)
+
+#if EV_MINPRI == EV_MAXPRI
+# define ev_priority(ev)                     ((ev), EV_MINPRI)
+# define ev_set_priority(ev,pri)             ((ev), (pri))
+#else
+# define ev_priority(ev)                     (+(((ev_watcher *)(void *)(ev))->priority))
+# define ev_set_priority(ev,pri)             (   (ev_watcher *)(void *)(ev))->priority = (pri)
+#endif
+
+#define ev_periodic_at(ev)                   (+((ev_watcher_time *)(ev))->at)
+
+#ifndef ev_set_cb
+/* memmove is used here to avoid strict aliasing violations, and hopefully is optimized out by any reasonable compiler */
+# define ev_set_cb(ev,cb_)                   (ev_cb_ (ev) = (cb_), memmove (&((ev_watcher *)(ev))->cb, &ev_cb_ (ev), sizeof (ev_cb_ (ev))))
+#endif
+
+/* stopping (enabling, adding) a watcher does nothing if it is already running */
+/* stopping (disabling, deleting) a watcher does nothing unless it's already running */
+#if EV_PROTOTYPES
+
+/* feeds an event into a watcher as if the event actually occurred */
+/* accepts any ev_watcher type */
+EV_API_DECL void ev_feed_event     (EV_P_ void *w, int revents) EV_NOEXCEPT;
+EV_API_DECL void ev_feed_fd_event  (EV_P_ int fd, int revents) EV_NOEXCEPT;
+#if EV_SIGNAL_ENABLE
+EV_API_DECL void ev_feed_signal    (int signum) EV_NOEXCEPT;
+EV_API_DECL void ev_feed_signal_event (EV_P_ int signum) EV_NOEXCEPT;
+#endif
+EV_API_DECL void ev_invoke         (EV_P_ void *w, int revents);
+EV_API_DECL int  ev_clear_pending  (EV_P_ void *w) EV_NOEXCEPT;
+
+EV_API_DECL void ev_io_start       (EV_P_ ev_io *w) EV_NOEXCEPT;
+EV_API_DECL void ev_io_stop        (EV_P_ ev_io *w) EV_NOEXCEPT;
+
+EV_API_DECL void ev_timer_start    (EV_P_ ev_timer *w) EV_NOEXCEPT;
+EV_API_DECL void ev_timer_stop     (EV_P_ ev_timer *w) EV_NOEXCEPT;
+/* stops if active and no repeat, restarts if active and repeating, starts if inactive and repeating */
+EV_API_DECL void ev_timer_again    (EV_P_ ev_timer *w) EV_NOEXCEPT;
+/* return remaining time */
+EV_API_DECL ev_tstamp ev_timer_remaining (EV_P_ ev_timer *w) EV_NOEXCEPT;
+
+#if EV_PERIODIC_ENABLE
+EV_API_DECL void ev_periodic_start (EV_P_ ev_periodic *w) EV_NOEXCEPT;
+EV_API_DECL void ev_periodic_stop  (EV_P_ ev_periodic *w) EV_NOEXCEPT;
+EV_API_DECL void ev_periodic_again (EV_P_ ev_periodic *w) EV_NOEXCEPT;
+#endif
+
+/* only supported in the default loop */
+#if EV_SIGNAL_ENABLE
+EV_API_DECL void ev_signal_start   (EV_P_ ev_signal *w) EV_NOEXCEPT;
+EV_API_DECL void ev_signal_stop    (EV_P_ ev_signal *w) EV_NOEXCEPT;
+#endif
+
+/* only supported in the default loop */
+# if EV_CHILD_ENABLE
+EV_API_DECL void ev_child_start    (EV_P_ ev_child *w) EV_NOEXCEPT;
+EV_API_DECL void ev_child_stop     (EV_P_ ev_child *w) EV_NOEXCEPT;
+# endif
+
+# if EV_STAT_ENABLE
+EV_API_DECL void ev_stat_start     (EV_P_ ev_stat *w) EV_NOEXCEPT;
+EV_API_DECL void ev_stat_stop      (EV_P_ ev_stat *w) EV_NOEXCEPT;
+EV_API_DECL void ev_stat_stat      (EV_P_ ev_stat *w) EV_NOEXCEPT;
+# endif
+
+# if EV_IDLE_ENABLE
+EV_API_DECL void ev_idle_start     (EV_P_ ev_idle *w) EV_NOEXCEPT;
+EV_API_DECL void ev_idle_stop      (EV_P_ ev_idle *w) EV_NOEXCEPT;
+# endif
+
+#if EV_PREPARE_ENABLE
+EV_API_DECL void ev_prepare_start  (EV_P_ ev_prepare *w) EV_NOEXCEPT;
+EV_API_DECL void ev_prepare_stop   (EV_P_ ev_prepare *w) EV_NOEXCEPT;
+#endif
+
+#if EV_CHECK_ENABLE
+EV_API_DECL void ev_check_start    (EV_P_ ev_check *w) EV_NOEXCEPT;
+EV_API_DECL void ev_check_stop     (EV_P_ ev_check *w) EV_NOEXCEPT;
+#endif
+
+# if EV_FORK_ENABLE
+EV_API_DECL void ev_fork_start     (EV_P_ ev_fork *w) EV_NOEXCEPT;
+EV_API_DECL void ev_fork_stop      (EV_P_ ev_fork *w) EV_NOEXCEPT;
+# endif
+
+# if EV_CLEANUP_ENABLE
+EV_API_DECL void ev_cleanup_start  (EV_P_ ev_cleanup *w) EV_NOEXCEPT;
+EV_API_DECL void ev_cleanup_stop   (EV_P_ ev_cleanup *w) EV_NOEXCEPT;
+# endif
+
+# if EV_EMBED_ENABLE
+/* only supported when loop to be embedded is in fact embeddable */
+EV_API_DECL void ev_embed_start    (EV_P_ ev_embed *w) EV_NOEXCEPT;
+EV_API_DECL void ev_embed_stop     (EV_P_ ev_embed *w) EV_NOEXCEPT;
+EV_API_DECL void ev_embed_sweep    (EV_P_ ev_embed *w) EV_NOEXCEPT;
+# endif
+
+# if EV_ASYNC_ENABLE
+EV_API_DECL void ev_async_start    (EV_P_ ev_async *w) EV_NOEXCEPT;
+EV_API_DECL void ev_async_stop     (EV_P_ ev_async *w) EV_NOEXCEPT;
+EV_API_DECL void ev_async_send     (EV_P_ ev_async *w) EV_NOEXCEPT;
+# endif
+
+#if EV_COMPAT3
+  #define EVLOOP_NONBLOCK EVRUN_NOWAIT
+  #define EVLOOP_ONESHOT  EVRUN_ONCE
+  #define EVUNLOOP_CANCEL EVBREAK_CANCEL
+  #define EVUNLOOP_ONE    EVBREAK_ONE
+  #define EVUNLOOP_ALL    EVBREAK_ALL
+  #if EV_PROTOTYPES
+    EV_INLINE void ev_loop   (EV_P_ int flags) { ev_run   (EV_A_ flags); }
+    EV_INLINE void ev_unloop (EV_P_ int how  ) { ev_break (EV_A_ how  ); }
+    EV_INLINE void ev_default_destroy (void) { ev_loop_destroy (EV_DEFAULT); }
+    EV_INLINE void ev_default_fork    (void) { ev_loop_fork    (EV_DEFAULT); }
+    #if EV_FEATURE_API
+      EV_INLINE unsigned int ev_loop_count  (EV_P) { return ev_iteration  (EV_A); }
+      EV_INLINE unsigned int ev_loop_depth  (EV_P) { return ev_depth      (EV_A); }
+      EV_INLINE void         ev_loop_verify (EV_P) {        ev_verify     (EV_A); }
+    #endif
+  #endif
+#else
+  typedef struct ev_loop ev_loop;
+#endif
+
+#endif
+
+EV_CPP(})
+
+#endif
+
diff --git a/client/3rd/ShadowSocks/ShadowSocks/libev/armv7s/include/event.h b/client/3rd/ShadowSocks/ShadowSocks/libev/armv7s/include/event.h
new file mode 100644
index 00000000..aa81928f
--- /dev/null
+++ b/client/3rd/ShadowSocks/ShadowSocks/libev/armv7s/include/event.h
@@ -0,0 +1,177 @@
+/*
+ * libevent compatibility header, only core events supported
+ *
+ * Copyright (c) 2007,2008,2010,2012 Marc Alexander Lehmann <libev@schmorp.de>
+ * All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without modifica-
+ * tion, are permitted provided that the following conditions are met:
+ *
+ *   1.  Redistributions of source code must retain the above copyright notice,
+ *       this list of conditions and the following disclaimer.
+ *
+ *   2.  Redistributions in binary form must reproduce the above copyright
+ *       notice, this list of conditions and the following disclaimer in the
+ *       documentation and/or other materials provided with the distribution.
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE AUTHOR ``AS IS'' AND ANY EXPRESS OR IMPLIED
+ * WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MER-
+ * CHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED.  IN NO
+ * EVENT SHALL THE AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPE-
+ * CIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO,
+ * PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS;
+ * OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY,
+ * WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTH-
+ * ERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
+ * OF THE POSSIBILITY OF SUCH DAMAGE.
+ *
+ * Alternatively, the contents of this file may be used under the terms of
+ * the GNU General Public License ("GPL") version 2 or any later version,
+ * in which case the provisions of the GPL are applicable instead of
+ * the above. If you wish to allow the use of your version of this file
+ * only under the terms of the GPL and not to allow others to use your
+ * version of this file under the BSD license, indicate your decision
+ * by deleting the provisions above and replace them with the notice
+ * and other provisions required by the GPL. If you do not delete the
+ * provisions above, a recipient may use your version of this file under
+ * either the BSD or the GPL.
+ */
+
+#ifndef EVENT_H_
+#define EVENT_H_
+
+#ifdef EV_H
+# include EV_H
+#else
+# include "ev.h"
+#endif
+
+#ifndef EVLOOP_NONBLOCK
+# define EVLOOP_NONBLOCK EVRUN_NOWAIT
+#endif
+#ifndef EVLOOP_ONESHOT
+# define EVLOOP_ONESHOT EVRUN_ONCE
+#endif
+#ifndef EV_TIMEOUT
+# define EV_TIMEOUT EV_TIMER
+#endif
+
+#ifdef __cplusplus
+extern "C" {
+#endif
+
+/* we need sys/time.h for struct timeval only */
+#if !defined (WIN32) || defined (__MINGW32__)
+# include <time.h> /* mingw seems to need this, for whatever reason */
+# include <sys/time.h>
+#endif
+
+struct event_base;
+
+#define EVLIST_TIMEOUT  0x01
+#define EVLIST_INSERTED 0x02
+#define EVLIST_SIGNAL   0x04
+#define EVLIST_ACTIVE   0x08
+#define EVLIST_INTERNAL 0x10
+#define EVLIST_INIT     0x80
+
+typedef void (*event_callback_fn)(int, short, void *);
+
+struct event
+{
+  /* libev watchers we map onto */
+  union {
+    struct ev_io io;
+    struct ev_signal sig;
+  } iosig;
+  struct ev_timer to;
+
+  /* compatibility slots */
+  struct event_base *ev_base;
+  event_callback_fn ev_callback;
+  void *ev_arg;
+  int ev_fd;
+  int ev_pri;
+  int ev_res;
+  int ev_flags;
+  short ev_events;
+};
+
+event_callback_fn event_get_callback (const struct event *ev);
+
+#define EV_READ                    EV_READ
+#define EV_WRITE                   EV_WRITE
+#define EV_PERSIST                 0x10
+#define EV_ET                      0x20 /* nop */
+
+#define EVENT_SIGNAL(ev)           ((int) (ev)->ev_fd)
+#define EVENT_FD(ev)               ((int) (ev)->ev_fd)
+
+#define event_initialized(ev)      ((ev)->ev_flags & EVLIST_INIT)
+
+#define evtimer_add(ev,tv)         event_add (ev, tv)
+#define evtimer_set(ev,cb,data)    event_set (ev, -1, 0, cb, data)
+#define evtimer_del(ev)            event_del (ev)
+#define evtimer_pending(ev,tv)     event_pending (ev, EV_TIMEOUT, tv)
+#define evtimer_initialized(ev)    event_initialized (ev)
+
+#define timeout_add(ev,tv)         evtimer_add (ev, tv)
+#define timeout_set(ev,cb,data)    evtimer_set (ev, cb, data)
+#define timeout_del(ev)            evtimer_del (ev)
+#define timeout_pending(ev,tv)     evtimer_pending (ev, tv)
+#define timeout_initialized(ev)    evtimer_initialized (ev)
+
+#define signal_add(ev,tv)          event_add (ev, tv)
+#define signal_set(ev,sig,cb,data) event_set (ev, sig, EV_SIGNAL | EV_PERSIST, cb, data)
+#define signal_del(ev)             event_del (ev)
+#define signal_pending(ev,tv)      event_pending (ev, EV_SIGNAL, tv)
+#define signal_initialized(ev)     event_initialized (ev)
+
+const char *event_get_version (void);
+const char *event_get_method (void);
+
+void *event_init (void);
+void event_base_free (struct event_base *base);
+
+#define EVLOOP_ONCE      EVLOOP_ONESHOT
+int event_loop (int);
+int event_loopexit (struct timeval *tv);
+int event_dispatch (void);
+
+#define _EVENT_LOG_DEBUG 0
+#define _EVENT_LOG_MSG   1
+#define _EVENT_LOG_WARN  2
+#define _EVENT_LOG_ERR   3
+typedef void (*event_log_cb)(int severity, const char *msg);
+void event_set_log_callback(event_log_cb cb);
+
+void event_set (struct event *ev, int fd, short events, void (*cb)(int, short, void *), void *arg);
+int event_once (int fd, short events, void (*cb)(int, short, void *), void *arg, struct timeval *tv);
+
+int event_add (struct event *ev, struct timeval *tv);
+int event_del (struct event *ev);
+void event_active (struct event *ev, int res, short ncalls); /* ncalls is being ignored */
+
+int event_pending (struct event *ev, short, struct timeval *tv);
+
+int event_priority_init (int npri);
+int event_priority_set (struct event *ev, int pri);
+
+struct event_base *event_base_new (void);
+const char *event_base_get_method (const struct event_base *);
+int event_base_set (struct event_base *base, struct event *ev);
+int event_base_loop (struct event_base *base, int);
+int event_base_loopexit (struct event_base *base, struct timeval *tv);
+int event_base_dispatch (struct event_base *base);
+int event_base_once (struct event_base *base, int fd, short events, void (*cb)(int, short, void *), void *arg, struct timeval *tv);
+int event_base_priority_init (struct event_base *base, int fd);
+
+/* next line is different in the libevent+libev version */
+/*libevent-include*/
+
+#ifdef __cplusplus
+}
+#endif
+
+#endif
+
diff --git a/client/3rd/ShadowSocks/ShadowSocks/libev/armv7s/lib/libev.a b/client/3rd/ShadowSocks/ShadowSocks/libev/armv7s/lib/libev.a
new file mode 100644
index 00000000..effb47a2
Binary files /dev/null and b/client/3rd/ShadowSocks/ShadowSocks/libev/armv7s/lib/libev.a differ
diff --git a/client/3rd/ShadowSocks/ShadowSocks/libev/armv7s/lib/libev.la b/client/3rd/ShadowSocks/ShadowSocks/libev/armv7s/lib/libev.la
new file mode 100755
index 00000000..919347d3
--- /dev/null
+++ b/client/3rd/ShadowSocks/ShadowSocks/libev/armv7s/lib/libev.la
@@ -0,0 +1,41 @@
+# libev.la - a libtool library file
+# Generated by libtool (GNU libtool) 2.4.6 Debian-2.4.6-9
+#
+# Please DO NOT delete this file!
+# It is necessary for linking the library.
+
+# The name that we can dlopen(3).
+dlname=''
+
+# Names of this library.
+library_names=''
+
+# The name of the static archive.
+old_library='libev.a'
+
+# Linker flags that cannot go in dependency_libs.
+inherited_linker_flags=' '
+
+# Libraries that this one depends upon.
+dependency_libs=' -L/Applications/Xcode.app/Contents/Developer/Platforms/iPhoneOS.platform/Developer/SDKs/iPhoneOS15.2.sdk/usr/lib'
+
+# Names of additional weak libraries provided by this library
+weak_library_names=''
+
+# Version information for libev.
+current=4
+age=0
+revision=0
+
+# Is this an already installed library?
+installed=yes
+
+# Should we warn about portability when linking against -modules?
+shouldnotlink=no
+
+# Files to dlopen/dlpreopen
+dlopen=''
+dlpreopen=''
+
+# Directory that this library needs to be installed in:
+libdir='/Users/sanchez/work/vied/ios/vpn/playground/ss-libev-build/ShadowSocks-libev-iOS/ShadowSocks-libev-iOS/libev/libev/armv7s/lib'
diff --git a/client/3rd/ShadowSocks/ShadowSocks/libev/armv7s/share/man/man3/ev.3 b/client/3rd/ShadowSocks/ShadowSocks/libev/armv7s/share/man/man3/ev.3
new file mode 100644
index 00000000..af578f0b
--- /dev/null
+++ b/client/3rd/ShadowSocks/ShadowSocks/libev/armv7s/share/man/man3/ev.3
@@ -0,0 +1,5819 @@
+.\" Automatically generated by Pod::Man 4.11 (Pod::Simple 3.35)
+.\"
+.\" Standard preamble:
+.\" ========================================================================
+.de Sp \" Vertical space (when we can't use .PP)
+.if t .sp .5v
+.if n .sp
+..
+.de Vb \" Begin verbatim text
+.ft CW
+.nf
+.ne \\$1
+..
+.de Ve \" End verbatim text
+.ft R
+.fi
+..
+.\" Set up some character translations and predefined strings.  \*(-- will
+.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left
+.\" double quote, and \*(R" will give a right double quote.  \*(C+ will
+.\" give a nicer C++.  Capital omega is used to do unbreakable dashes and
+.\" therefore won't be available.  \*(C` and \*(C' expand to `' in nroff,
+.\" nothing in troff, for use with C<>.
+.tr \(*W-
+.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p'
+.ie n \{\
+.    ds -- \(*W-
+.    ds PI pi
+.    if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch
+.    if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\"  diablo 12 pitch
+.    ds L" ""
+.    ds R" ""
+.    ds C` ""
+.    ds C' ""
+'br\}
+.el\{\
+.    ds -- \|\(em\|
+.    ds PI \(*p
+.    ds L" ``
+.    ds R" ''
+.    ds C`
+.    ds C'
+'br\}
+.\"
+.\" Escape single quotes in literal strings from groff's Unicode transform.
+.ie \n(.g .ds Aq \(aq
+.el       .ds Aq '
+.\"
+.\" If the F register is >0, we'll generate index entries on stderr for
+.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index
+.\" entries marked with X<> in POD.  Of course, you'll have to process the
+.\" output yourself in some meaningful fashion.
+.\"
+.\" Avoid warning from groff about undefined register 'F'.
+.de IX
+..
+.nr rF 0
+.if \n(.g .if rF .nr rF 1
+.if (\n(rF:(\n(.g==0)) \{\
+.    if \nF \{\
+.        de IX
+.        tm Index:\\$1\t\\n%\t"\\$2"
+..
+.        if !\nF==2 \{\
+.            nr % 0
+.            nr F 2
+.        \}
+.    \}
+.\}
+.rr rF
+.\"
+.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2).
+.\" Fear.  Run.  Save yourself.  No user-serviceable parts.
+.    \" fudge factors for nroff and troff
+.if n \{\
+.    ds #H 0
+.    ds #V .8m
+.    ds #F .3m
+.    ds #[ \f1
+.    ds #] \fP
+.\}
+.if t \{\
+.    ds #H ((1u-(\\\\n(.fu%2u))*.13m)
+.    ds #V .6m
+.    ds #F 0
+.    ds #[ \&
+.    ds #] \&
+.\}
+.    \" simple accents for nroff and troff
+.if n \{\
+.    ds ' \&
+.    ds ` \&
+.    ds ^ \&
+.    ds , \&
+.    ds ~ ~
+.    ds /
+.\}
+.if t \{\
+.    ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u"
+.    ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u'
+.    ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u'
+.    ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u'
+.    ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u'
+.    ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u'
+.\}
+.    \" troff and (daisy-wheel) nroff accents
+.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V'
+.ds 8 \h'\*(#H'\(*b\h'-\*(#H'
+.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#]
+.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H'
+.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u'
+.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#]
+.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#]
+.ds ae a\h'-(\w'a'u*4/10)'e
+.ds Ae A\h'-(\w'A'u*4/10)'E
+.    \" corrections for vroff
+.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u'
+.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u'
+.    \" for low resolution devices (crt and lpr)
+.if \n(.H>23 .if \n(.V>19 \
+\{\
+.    ds : e
+.    ds 8 ss
+.    ds o a
+.    ds d- d\h'-1'\(ga
+.    ds D- D\h'-1'\(hy
+.    ds th \o'bp'
+.    ds Th \o'LP'
+.    ds ae ae
+.    ds Ae AE
+.\}
+.rm #[ #] #H #V #F C
+.\" ========================================================================
+.\"
+.IX Title "LIBEV 3"
+.TH LIBEV 3 "2020-03-12" "libev-4.31" "libev - high performance full featured event loop"
+.\" For nroff, turn off justification.  Always turn off hyphenation; it makes
+.\" way too many mistakes in technical documents.
+.if n .ad l
+.nh
+.SH "NAME"
+libev \- a high performance full\-featured event loop written in C
+.SH "SYNOPSIS"
+.IX Header "SYNOPSIS"
+.Vb 1
+\&   #include <ev.h>
+.Ve
+.SS "\s-1EXAMPLE PROGRAM\s0"
+.IX Subsection "EXAMPLE PROGRAM"
+.Vb 2
+\&   // a single header file is required
+\&   #include <ev.h>
+\&
+\&   #include <stdio.h> // for puts
+\&
+\&   // every watcher type has its own typedef\*(Aqd struct
+\&   // with the name ev_TYPE
+\&   ev_io stdin_watcher;
+\&   ev_timer timeout_watcher;
+\&
+\&   // all watcher callbacks have a similar signature
+\&   // this callback is called when data is readable on stdin
+\&   static void
+\&   stdin_cb (EV_P_ ev_io *w, int revents)
+\&   {
+\&     puts ("stdin ready");
+\&     // for one\-shot events, one must manually stop the watcher
+\&     // with its corresponding stop function.
+\&     ev_io_stop (EV_A_ w);
+\&
+\&     // this causes all nested ev_run\*(Aqs to stop iterating
+\&     ev_break (EV_A_ EVBREAK_ALL);
+\&   }
+\&
+\&   // another callback, this time for a time\-out
+\&   static void
+\&   timeout_cb (EV_P_ ev_timer *w, int revents)
+\&   {
+\&     puts ("timeout");
+\&     // this causes the innermost ev_run to stop iterating
+\&     ev_break (EV_A_ EVBREAK_ONE);
+\&   }
+\&
+\&   int
+\&   main (void)
+\&   {
+\&     // use the default event loop unless you have special needs
+\&     struct ev_loop *loop = EV_DEFAULT;
+\&
+\&     // initialise an io watcher, then start it
+\&     // this one will watch for stdin to become readable
+\&     ev_io_init (&stdin_watcher, stdin_cb, /*STDIN_FILENO*/ 0, EV_READ);
+\&     ev_io_start (loop, &stdin_watcher);
+\&
+\&     // initialise a timer watcher, then start it
+\&     // simple non\-repeating 5.5 second timeout
+\&     ev_timer_init (&timeout_watcher, timeout_cb, 5.5, 0.);
+\&     ev_timer_start (loop, &timeout_watcher);
+\&
+\&     // now wait for events to arrive
+\&     ev_run (loop, 0);
+\&
+\&     // break was called, so exit
+\&     return 0;
+\&   }
+.Ve
+.SH "ABOUT THIS DOCUMENT"
+.IX Header "ABOUT THIS DOCUMENT"
+This document documents the libev software package.
+.PP
+The newest version of this document is also available as an html-formatted
+web page you might find easier to navigate when reading it for the first
+time: <http://pod.tst.eu/http://cvs.schmorp.de/libev/ev.pod>.
+.PP
+While this document tries to be as complete as possible in documenting
+libev, its usage and the rationale behind its design, it is not a tutorial
+on event-based programming, nor will it introduce event-based programming
+with libev.
+.PP
+Familiarity with event based programming techniques in general is assumed
+throughout this document.
+.SH "WHAT TO READ WHEN IN A HURRY"
+.IX Header "WHAT TO READ WHEN IN A HURRY"
+This manual tries to be very detailed, but unfortunately, this also makes
+it very long. If you just want to know the basics of libev, I suggest
+reading \*(L"\s-1ANATOMY OF A WATCHER\*(R"\s0, then the \*(L"\s-1EXAMPLE PROGRAM\*(R"\s0 above and
+look up the missing functions in \*(L"\s-1GLOBAL FUNCTIONS\*(R"\s0 and the \f(CW\*(C`ev_io\*(C'\fR and
+\&\f(CW\*(C`ev_timer\*(C'\fR sections in \*(L"\s-1WATCHER TYPES\*(R"\s0.
+.SH "ABOUT LIBEV"
+.IX Header "ABOUT LIBEV"
+Libev is an event loop: you register interest in certain events (such as a
+file descriptor being readable or a timeout occurring), and it will manage
+these event sources and provide your program with events.
+.PP
+To do this, it must take more or less complete control over your process
+(or thread) by executing the \fIevent loop\fR handler, and will then
+communicate events via a callback mechanism.
+.PP
+You register interest in certain events by registering so-called \fIevent
+watchers\fR, which are relatively small C structures you initialise with the
+details of the event, and then hand it over to libev by \fIstarting\fR the
+watcher.
+.SS "\s-1FEATURES\s0"
+.IX Subsection "FEATURES"
+Libev supports \f(CW\*(C`select\*(C'\fR, \f(CW\*(C`poll\*(C'\fR, the Linux-specific aio and \f(CW\*(C`epoll\*(C'\fR
+interfaces, the BSD-specific \f(CW\*(C`kqueue\*(C'\fR and the Solaris-specific event port
+mechanisms for file descriptor events (\f(CW\*(C`ev_io\*(C'\fR), the Linux \f(CW\*(C`inotify\*(C'\fR
+interface (for \f(CW\*(C`ev_stat\*(C'\fR), Linux eventfd/signalfd (for faster and cleaner
+inter-thread wakeup (\f(CW\*(C`ev_async\*(C'\fR)/signal handling (\f(CW\*(C`ev_signal\*(C'\fR)) relative
+timers (\f(CW\*(C`ev_timer\*(C'\fR), absolute timers with customised rescheduling
+(\f(CW\*(C`ev_periodic\*(C'\fR), synchronous signals (\f(CW\*(C`ev_signal\*(C'\fR), process status
+change events (\f(CW\*(C`ev_child\*(C'\fR), and event watchers dealing with the event
+loop mechanism itself (\f(CW\*(C`ev_idle\*(C'\fR, \f(CW\*(C`ev_embed\*(C'\fR, \f(CW\*(C`ev_prepare\*(C'\fR and
+\&\f(CW\*(C`ev_check\*(C'\fR watchers) as well as file watchers (\f(CW\*(C`ev_stat\*(C'\fR) and even
+limited support for fork events (\f(CW\*(C`ev_fork\*(C'\fR).
+.PP
+It also is quite fast (see this
+benchmark <http://libev.schmorp.de/bench.html> comparing it to libevent
+for example).
+.SS "\s-1CONVENTIONS\s0"
+.IX Subsection "CONVENTIONS"
+Libev is very configurable. In this manual the default (and most common)
+configuration will be described, which supports multiple event loops. For
+more info about various configuration options please have a look at
+\&\fB\s-1EMBED\s0\fR section in this manual. If libev was configured without support
+for multiple event loops, then all functions taking an initial argument of
+name \f(CW\*(C`loop\*(C'\fR (which is always of type \f(CW\*(C`struct ev_loop *\*(C'\fR) will not have
+this argument.
+.SS "\s-1TIME REPRESENTATION\s0"
+.IX Subsection "TIME REPRESENTATION"
+Libev represents time as a single floating point number, representing
+the (fractional) number of seconds since the (\s-1POSIX\s0) epoch (in practice
+somewhere near the beginning of 1970, details are complicated, don't
+ask). This type is called \f(CW\*(C`ev_tstamp\*(C'\fR, which is what you should use
+too. It usually aliases to the \f(CW\*(C`double\*(C'\fR type in C. When you need to do
+any calculations on it, you should treat it as some floating point value.
+.PP
+Unlike the name component \f(CW\*(C`stamp\*(C'\fR might indicate, it is also used for
+time differences (e.g. delays) throughout libev.
+.SH "ERROR HANDLING"
+.IX Header "ERROR HANDLING"
+Libev knows three classes of errors: operating system errors, usage errors
+and internal errors (bugs).
+.PP
+When libev catches an operating system error it cannot handle (for example
+a system call indicating a condition libev cannot fix), it calls the callback
+set via \f(CW\*(C`ev_set_syserr_cb\*(C'\fR, which is supposed to fix the problem or
+abort. The default is to print a diagnostic message and to call \f(CW\*(C`abort
+()\*(C'\fR.
+.PP
+When libev detects a usage error such as a negative timer interval, then
+it will print a diagnostic message and abort (via the \f(CW\*(C`assert\*(C'\fR mechanism,
+so \f(CW\*(C`NDEBUG\*(C'\fR will disable this checking): these are programming errors in
+the libev caller and need to be fixed there.
+.PP
+Via the \f(CW\*(C`EV_FREQUENT\*(C'\fR macro you can compile in and/or enable extensive
+consistency checking code inside libev that can be used to check for
+internal inconsistencies, suually caused by application bugs.
+.PP
+Libev also has a few internal error-checking \f(CW\*(C`assert\*(C'\fRions. These do not
+trigger under normal circumstances, as they indicate either a bug in libev
+or worse.
+.SH "GLOBAL FUNCTIONS"
+.IX Header "GLOBAL FUNCTIONS"
+These functions can be called anytime, even before initialising the
+library in any way.
+.IP "ev_tstamp ev_time ()" 4
+.IX Item "ev_tstamp ev_time ()"
+Returns the current time as libev would use it. Please note that the
+\&\f(CW\*(C`ev_now\*(C'\fR function is usually faster and also often returns the timestamp
+you actually want to know. Also interesting is the combination of
+\&\f(CW\*(C`ev_now_update\*(C'\fR and \f(CW\*(C`ev_now\*(C'\fR.
+.IP "ev_sleep (ev_tstamp interval)" 4
+.IX Item "ev_sleep (ev_tstamp interval)"
+Sleep for the given interval: The current thread will be blocked
+until either it is interrupted or the given time interval has
+passed (approximately \- it might return a bit earlier even if not
+interrupted). Returns immediately if \f(CW\*(C`interval <= 0\*(C'\fR.
+.Sp
+Basically this is a sub-second-resolution \f(CW\*(C`sleep ()\*(C'\fR.
+.Sp
+The range of the \f(CW\*(C`interval\*(C'\fR is limited \- libev only guarantees to work
+with sleep times of up to one day (\f(CW\*(C`interval <= 86400\*(C'\fR).
+.IP "int ev_version_major ()" 4
+.IX Item "int ev_version_major ()"
+.PD 0
+.IP "int ev_version_minor ()" 4
+.IX Item "int ev_version_minor ()"
+.PD
+You can find out the major and minor \s-1ABI\s0 version numbers of the library
+you linked against by calling the functions \f(CW\*(C`ev_version_major\*(C'\fR and
+\&\f(CW\*(C`ev_version_minor\*(C'\fR. If you want, you can compare against the global
+symbols \f(CW\*(C`EV_VERSION_MAJOR\*(C'\fR and \f(CW\*(C`EV_VERSION_MINOR\*(C'\fR, which specify the
+version of the library your program was compiled against.
+.Sp
+These version numbers refer to the \s-1ABI\s0 version of the library, not the
+release version.
+.Sp
+Usually, it's a good idea to terminate if the major versions mismatch,
+as this indicates an incompatible change. Minor versions are usually
+compatible to older versions, so a larger minor version alone is usually
+not a problem.
+.Sp
+Example: Make sure we haven't accidentally been linked against the wrong
+version (note, however, that this will not detect other \s-1ABI\s0 mismatches,
+such as \s-1LFS\s0 or reentrancy).
+.Sp
+.Vb 3
+\&   assert (("libev version mismatch",
+\&            ev_version_major () == EV_VERSION_MAJOR
+\&            && ev_version_minor () >= EV_VERSION_MINOR));
+.Ve
+.IP "unsigned int ev_supported_backends ()" 4
+.IX Item "unsigned int ev_supported_backends ()"
+Return the set of all backends (i.e. their corresponding \f(CW\*(C`EV_BACKEND_*\*(C'\fR
+value) compiled into this binary of libev (independent of their
+availability on the system you are running on). See \f(CW\*(C`ev_default_loop\*(C'\fR for
+a description of the set values.
+.Sp
+Example: make sure we have the epoll method, because yeah this is cool and
+a must have and can we have a torrent of it please!!!11
+.Sp
+.Vb 2
+\&   assert (("sorry, no epoll, no sex",
+\&            ev_supported_backends () & EVBACKEND_EPOLL));
+.Ve
+.IP "unsigned int ev_recommended_backends ()" 4
+.IX Item "unsigned int ev_recommended_backends ()"
+Return the set of all backends compiled into this binary of libev and
+also recommended for this platform, meaning it will work for most file
+descriptor types. This set is often smaller than the one returned by
+\&\f(CW\*(C`ev_supported_backends\*(C'\fR, as for example kqueue is broken on most BSDs
+and will not be auto-detected unless you explicitly request it (assuming
+you know what you are doing). This is the set of backends that libev will
+probe for if you specify no backends explicitly.
+.IP "unsigned int ev_embeddable_backends ()" 4
+.IX Item "unsigned int ev_embeddable_backends ()"
+Returns the set of backends that are embeddable in other event loops. This
+value is platform-specific but can include backends not available on the
+current system. To find which embeddable backends might be supported on
+the current system, you would need to look at \f(CW\*(C`ev_embeddable_backends ()
+& ev_supported_backends ()\*(C'\fR, likewise for recommended ones.
+.Sp
+See the description of \f(CW\*(C`ev_embed\*(C'\fR watchers for more info.
+.IP "ev_set_allocator (void *(*cb)(void *ptr, long size) throw ())" 4
+.IX Item "ev_set_allocator (void *(*cb)(void *ptr, long size) throw ())"
+Sets the allocation function to use (the prototype is similar \- the
+semantics are identical to the \f(CW\*(C`realloc\*(C'\fR C89/SuS/POSIX function). It is
+used to allocate and free memory (no surprises here). If it returns zero
+when memory needs to be allocated (\f(CW\*(C`size != 0\*(C'\fR), the library might abort
+or take some potentially destructive action.
+.Sp
+Since some systems (at least OpenBSD and Darwin) fail to implement
+correct \f(CW\*(C`realloc\*(C'\fR semantics, libev will use a wrapper around the system
+\&\f(CW\*(C`realloc\*(C'\fR and \f(CW\*(C`free\*(C'\fR functions by default.
+.Sp
+You could override this function in high-availability programs to, say,
+free some memory if it cannot allocate memory, to use a special allocator,
+or even to sleep a while and retry until some memory is available.
+.Sp
+Example: The following is the \f(CW\*(C`realloc\*(C'\fR function that libev itself uses
+which should work with \f(CW\*(C`realloc\*(C'\fR and \f(CW\*(C`free\*(C'\fR functions of all kinds and
+is probably a good basis for your own implementation.
+.Sp
+.Vb 5
+\&   static void *
+\&   ev_realloc_emul (void *ptr, long size) EV_NOEXCEPT
+\&   {
+\&     if (size)
+\&       return realloc (ptr, size);
+\&
+\&     free (ptr);
+\&     return 0;
+\&   }
+.Ve
+.Sp
+Example: Replace the libev allocator with one that waits a bit and then
+retries.
+.Sp
+.Vb 8
+\&   static void *
+\&   persistent_realloc (void *ptr, size_t size)
+\&   {
+\&     if (!size)
+\&       {
+\&         free (ptr);
+\&         return 0;
+\&       }
+\&
+\&     for (;;)
+\&       {
+\&         void *newptr = realloc (ptr, size);
+\&
+\&         if (newptr)
+\&           return newptr;
+\&
+\&         sleep (60);
+\&       }
+\&   }
+\&
+\&   ...
+\&   ev_set_allocator (persistent_realloc);
+.Ve
+.IP "ev_set_syserr_cb (void (*cb)(const char *msg) throw ())" 4
+.IX Item "ev_set_syserr_cb (void (*cb)(const char *msg) throw ())"
+Set the callback function to call on a retryable system call error (such
+as failed select, poll, epoll_wait). The message is a printable string
+indicating the system call or subsystem causing the problem. If this
+callback is set, then libev will expect it to remedy the situation, no
+matter what, when it returns. That is, libev will generally retry the
+requested operation, or, if the condition doesn't go away, do bad stuff
+(such as abort).
+.Sp
+Example: This is basically the same thing that libev does internally, too.
+.Sp
+.Vb 6
+\&   static void
+\&   fatal_error (const char *msg)
+\&   {
+\&     perror (msg);
+\&     abort ();
+\&   }
+\&
+\&   ...
+\&   ev_set_syserr_cb (fatal_error);
+.Ve
+.IP "ev_feed_signal (int signum)" 4
+.IX Item "ev_feed_signal (int signum)"
+This function can be used to \*(L"simulate\*(R" a signal receive. It is completely
+safe to call this function at any time, from any context, including signal
+handlers or random threads.
+.Sp
+Its main use is to customise signal handling in your process, especially
+in the presence of threads. For example, you could block signals
+by default in all threads (and specifying \f(CW\*(C`EVFLAG_NOSIGMASK\*(C'\fR when
+creating any loops), and in one thread, use \f(CW\*(C`sigwait\*(C'\fR or any other
+mechanism to wait for signals, then \*(L"deliver\*(R" them to libev by calling
+\&\f(CW\*(C`ev_feed_signal\*(C'\fR.
+.SH "FUNCTIONS CONTROLLING EVENT LOOPS"
+.IX Header "FUNCTIONS CONTROLLING EVENT LOOPS"
+An event loop is described by a \f(CW\*(C`struct ev_loop *\*(C'\fR (the \f(CW\*(C`struct\*(C'\fR is
+\&\fInot\fR optional in this case unless libev 3 compatibility is disabled, as
+libev 3 had an \f(CW\*(C`ev_loop\*(C'\fR function colliding with the struct name).
+.PP
+The library knows two types of such loops, the \fIdefault\fR loop, which
+supports child process events, and dynamically created event loops which
+do not.
+.IP "struct ev_loop *ev_default_loop (unsigned int flags)" 4
+.IX Item "struct ev_loop *ev_default_loop (unsigned int flags)"
+This returns the \*(L"default\*(R" event loop object, which is what you should
+normally use when you just need \*(L"the event loop\*(R". Event loop objects and
+the \f(CW\*(C`flags\*(C'\fR parameter are described in more detail in the entry for
+\&\f(CW\*(C`ev_loop_new\*(C'\fR.
+.Sp
+If the default loop is already initialised then this function simply
+returns it (and ignores the flags. If that is troubling you, check
+\&\f(CW\*(C`ev_backend ()\*(C'\fR afterwards). Otherwise it will create it with the given
+flags, which should almost always be \f(CW0\fR, unless the caller is also the
+one calling \f(CW\*(C`ev_run\*(C'\fR or otherwise qualifies as \*(L"the main program\*(R".
+.Sp
+If you don't know what event loop to use, use the one returned from this
+function (or via the \f(CW\*(C`EV_DEFAULT\*(C'\fR macro).
+.Sp
+Note that this function is \fInot\fR thread-safe, so if you want to use it
+from multiple threads, you have to employ some kind of mutex (note also
+that this case is unlikely, as loops cannot be shared easily between
+threads anyway).
+.Sp
+The default loop is the only loop that can handle \f(CW\*(C`ev_child\*(C'\fR watchers,
+and to do this, it always registers a handler for \f(CW\*(C`SIGCHLD\*(C'\fR. If this is
+a problem for your application you can either create a dynamic loop with
+\&\f(CW\*(C`ev_loop_new\*(C'\fR which doesn't do that, or you can simply overwrite the
+\&\f(CW\*(C`SIGCHLD\*(C'\fR signal handler \fIafter\fR calling \f(CW\*(C`ev_default_init\*(C'\fR.
+.Sp
+Example: This is the most typical usage.
+.Sp
+.Vb 2
+\&   if (!ev_default_loop (0))
+\&     fatal ("could not initialise libev, bad $LIBEV_FLAGS in environment?");
+.Ve
+.Sp
+Example: Restrict libev to the select and poll backends, and do not allow
+environment settings to be taken into account:
+.Sp
+.Vb 1
+\&   ev_default_loop (EVBACKEND_POLL | EVBACKEND_SELECT | EVFLAG_NOENV);
+.Ve
+.IP "struct ev_loop *ev_loop_new (unsigned int flags)" 4
+.IX Item "struct ev_loop *ev_loop_new (unsigned int flags)"
+This will create and initialise a new event loop object. If the loop
+could not be initialised, returns false.
+.Sp
+This function is thread-safe, and one common way to use libev with
+threads is indeed to create one loop per thread, and using the default
+loop in the \*(L"main\*(R" or \*(L"initial\*(R" thread.
+.Sp
+The flags argument can be used to specify special behaviour or specific
+backends to use, and is usually specified as \f(CW0\fR (or \f(CW\*(C`EVFLAG_AUTO\*(C'\fR).
+.Sp
+The following flags are supported:
+.RS 4
+.ie n .IP """EVFLAG_AUTO""" 4
+.el .IP "\f(CWEVFLAG_AUTO\fR" 4
+.IX Item "EVFLAG_AUTO"
+The default flags value. Use this if you have no clue (it's the right
+thing, believe me).
+.ie n .IP """EVFLAG_NOENV""" 4
+.el .IP "\f(CWEVFLAG_NOENV\fR" 4
+.IX Item "EVFLAG_NOENV"
+If this flag bit is or'ed into the flag value (or the program runs setuid
+or setgid) then libev will \fInot\fR look at the environment variable
+\&\f(CW\*(C`LIBEV_FLAGS\*(C'\fR. Otherwise (the default), this environment variable will
+override the flags completely if it is found in the environment. This is
+useful to try out specific backends to test their performance, to work
+around bugs, or to make libev threadsafe (accessing environment variables
+cannot be done in a threadsafe way, but usually it works if no other
+thread modifies them).
+.ie n .IP """EVFLAG_FORKCHECK""" 4
+.el .IP "\f(CWEVFLAG_FORKCHECK\fR" 4
+.IX Item "EVFLAG_FORKCHECK"
+Instead of calling \f(CW\*(C`ev_loop_fork\*(C'\fR manually after a fork, you can also
+make libev check for a fork in each iteration by enabling this flag.
+.Sp
+This works by calling \f(CW\*(C`getpid ()\*(C'\fR on every iteration of the loop,
+and thus this might slow down your event loop if you do a lot of loop
+iterations and little real work, but is usually not noticeable (on my
+GNU/Linux system for example, \f(CW\*(C`getpid\*(C'\fR is actually a simple 5\-insn
+sequence without a system call and thus \fIvery\fR fast, but my GNU/Linux
+system also has \f(CW\*(C`pthread_atfork\*(C'\fR which is even faster). (Update: glibc
+versions 2.25 apparently removed the \f(CW\*(C`getpid\*(C'\fR optimisation again).
+.Sp
+The big advantage of this flag is that you can forget about fork (and
+forget about forgetting to tell libev about forking, although you still
+have to ignore \f(CW\*(C`SIGPIPE\*(C'\fR) when you use this flag.
+.Sp
+This flag setting cannot be overridden or specified in the \f(CW\*(C`LIBEV_FLAGS\*(C'\fR
+environment variable.
+.ie n .IP """EVFLAG_NOINOTIFY""" 4
+.el .IP "\f(CWEVFLAG_NOINOTIFY\fR" 4
+.IX Item "EVFLAG_NOINOTIFY"
+When this flag is specified, then libev will not attempt to use the
+\&\fIinotify\fR \s-1API\s0 for its \f(CW\*(C`ev_stat\*(C'\fR watchers. Apart from debugging and
+testing, this flag can be useful to conserve inotify file descriptors, as
+otherwise each loop using \f(CW\*(C`ev_stat\*(C'\fR watchers consumes one inotify handle.
+.ie n .IP """EVFLAG_SIGNALFD""" 4
+.el .IP "\f(CWEVFLAG_SIGNALFD\fR" 4
+.IX Item "EVFLAG_SIGNALFD"
+When this flag is specified, then libev will attempt to use the
+\&\fIsignalfd\fR \s-1API\s0 for its \f(CW\*(C`ev_signal\*(C'\fR (and \f(CW\*(C`ev_child\*(C'\fR) watchers. This \s-1API\s0
+delivers signals synchronously, which makes it both faster and might make
+it possible to get the queued signal data. It can also simplify signal
+handling with threads, as long as you properly block signals in your
+threads that are not interested in handling them.
+.Sp
+Signalfd will not be used by default as this changes your signal mask, and
+there are a lot of shoddy libraries and programs (glib's threadpool for
+example) that can't properly initialise their signal masks.
+.ie n .IP """EVFLAG_NOSIGMASK""" 4
+.el .IP "\f(CWEVFLAG_NOSIGMASK\fR" 4
+.IX Item "EVFLAG_NOSIGMASK"
+When this flag is specified, then libev will avoid to modify the signal
+mask. Specifically, this means you have to make sure signals are unblocked
+when you want to receive them.
+.Sp
+This behaviour is useful when you want to do your own signal handling, or
+want to handle signals only in specific threads and want to avoid libev
+unblocking the signals.
+.Sp
+It's also required by \s-1POSIX\s0 in a threaded program, as libev calls
+\&\f(CW\*(C`sigprocmask\*(C'\fR, whose behaviour is officially unspecified.
+.ie n .IP """EVFLAG_NOTIMERFD""" 4
+.el .IP "\f(CWEVFLAG_NOTIMERFD\fR" 4
+.IX Item "EVFLAG_NOTIMERFD"
+When this flag is specified, the libev will avoid using a \f(CW\*(C`timerfd\*(C'\fR to
+detect time jumps. It will still be able to detect time jumps, but takes
+longer and has a lower accuracy in doing so, but saves a file descriptor
+per loop.
+.Sp
+The current implementation only tries to use a \f(CW\*(C`timerfd\*(C'\fR when the first
+\&\f(CW\*(C`ev_periodic\*(C'\fR watcher is started and falls back on other methods if it
+cannot be created, but this behaviour might change in the future.
+.ie n .IP """EVBACKEND_SELECT""  (value 1, portable select backend)" 4
+.el .IP "\f(CWEVBACKEND_SELECT\fR  (value 1, portable select backend)" 4
+.IX Item "EVBACKEND_SELECT (value 1, portable select backend)"
+This is your standard \fBselect\fR\|(2) backend. Not \fIcompletely\fR standard, as
+libev tries to roll its own fd_set with no limits on the number of fds,
+but if that fails, expect a fairly low limit on the number of fds when
+using this backend. It doesn't scale too well (O(highest_fd)), but its
+usually the fastest backend for a low number of (low-numbered :) fds.
+.Sp
+To get good performance out of this backend you need a high amount of
+parallelism (most of the file descriptors should be busy). If you are
+writing a server, you should \f(CW\*(C`accept ()\*(C'\fR in a loop to accept as many
+connections as possible during one iteration. You might also want to have
+a look at \f(CW\*(C`ev_set_io_collect_interval ()\*(C'\fR to increase the amount of
+readiness notifications you get per iteration.
+.Sp
+This backend maps \f(CW\*(C`EV_READ\*(C'\fR to the \f(CW\*(C`readfds\*(C'\fR set and \f(CW\*(C`EV_WRITE\*(C'\fR to the
+\&\f(CW\*(C`writefds\*(C'\fR set (and to work around Microsoft Windows bugs, also onto the
+\&\f(CW\*(C`exceptfds\*(C'\fR set on that platform).
+.ie n .IP """EVBACKEND_POLL""    (value 2, poll backend, available everywhere except on windows)" 4
+.el .IP "\f(CWEVBACKEND_POLL\fR    (value 2, poll backend, available everywhere except on windows)" 4
+.IX Item "EVBACKEND_POLL (value 2, poll backend, available everywhere except on windows)"
+And this is your standard \fBpoll\fR\|(2) backend. It's more complicated
+than select, but handles sparse fds better and has no artificial
+limit on the number of fds you can use (except it will slow down
+considerably with a lot of inactive fds). It scales similarly to select,
+i.e. O(total_fds). See the entry for \f(CW\*(C`EVBACKEND_SELECT\*(C'\fR, above, for
+performance tips.
+.Sp
+This backend maps \f(CW\*(C`EV_READ\*(C'\fR to \f(CW\*(C`POLLIN | POLLERR | POLLHUP\*(C'\fR, and
+\&\f(CW\*(C`EV_WRITE\*(C'\fR to \f(CW\*(C`POLLOUT | POLLERR | POLLHUP\*(C'\fR.
+.ie n .IP """EVBACKEND_EPOLL""   (value 4, Linux)" 4
+.el .IP "\f(CWEVBACKEND_EPOLL\fR   (value 4, Linux)" 4
+.IX Item "EVBACKEND_EPOLL (value 4, Linux)"
+Use the Linux-specific \fBepoll\fR\|(7) interface (for both pre\- and post\-2.6.9
+kernels).
+.Sp
+For few fds, this backend is a bit little slower than poll and select, but
+it scales phenomenally better. While poll and select usually scale like
+O(total_fds) where total_fds is the total number of fds (or the highest
+fd), epoll scales either O(1) or O(active_fds).
+.Sp
+The epoll mechanism deserves honorable mention as the most misdesigned
+of the more advanced event mechanisms: mere annoyances include silently
+dropping file descriptors, requiring a system call per change per file
+descriptor (and unnecessary guessing of parameters), problems with dup,
+returning before the timeout value, resulting in additional iterations
+(and only giving 5ms accuracy while select on the same platform gives
+0.1ms) and so on. The biggest issue is fork races, however \- if a program
+forks then \fIboth\fR parent and child process have to recreate the epoll
+set, which can take considerable time (one syscall per file descriptor)
+and is of course hard to detect.
+.Sp
+Epoll is also notoriously buggy \- embedding epoll fds \fIshould\fR work,
+but of course \fIdoesn't\fR, and epoll just loves to report events for
+totally \fIdifferent\fR file descriptors (even already closed ones, so
+one cannot even remove them from the set) than registered in the set
+(especially on \s-1SMP\s0 systems). Libev tries to counter these spurious
+notifications by employing an additional generation counter and comparing
+that against the events to filter out spurious ones, recreating the set
+when required. Epoll also erroneously rounds down timeouts, but gives you
+no way to know when and by how much, so sometimes you have to busy-wait
+because epoll returns immediately despite a nonzero timeout. And last
+not least, it also refuses to work with some file descriptors which work
+perfectly fine with \f(CW\*(C`select\*(C'\fR (files, many character devices...).
+.Sp
+Epoll is truly the train wreck among event poll mechanisms, a frankenpoll,
+cobbled together in a hurry, no thought to design or interaction with
+others. Oh, the pain, will it ever stop...
+.Sp
+While stopping, setting and starting an I/O watcher in the same iteration
+will result in some caching, there is still a system call per such
+incident (because the same \fIfile descriptor\fR could point to a different
+\&\fIfile description\fR now), so its best to avoid that. Also, \f(CW\*(C`dup ()\*(C'\fR'ed
+file descriptors might not work very well if you register events for both
+file descriptors.
+.Sp
+Best performance from this backend is achieved by not unregistering all
+watchers for a file descriptor until it has been closed, if possible,
+i.e. keep at least one watcher active per fd at all times. Stopping and
+starting a watcher (without re-setting it) also usually doesn't cause
+extra overhead. A fork can both result in spurious notifications as well
+as in libev having to destroy and recreate the epoll object, which can
+take considerable time and thus should be avoided.
+.Sp
+All this means that, in practice, \f(CW\*(C`EVBACKEND_SELECT\*(C'\fR can be as fast or
+faster than epoll for maybe up to a hundred file descriptors, depending on
+the usage. So sad.
+.Sp
+While nominally embeddable in other event loops, this feature is broken in
+a lot of kernel revisions, but probably(!) works in current versions.
+.Sp
+This backend maps \f(CW\*(C`EV_READ\*(C'\fR and \f(CW\*(C`EV_WRITE\*(C'\fR in the same way as
+\&\f(CW\*(C`EVBACKEND_POLL\*(C'\fR.
+.ie n .IP """EVBACKEND_LINUXAIO""   (value 64, Linux)" 4
+.el .IP "\f(CWEVBACKEND_LINUXAIO\fR   (value 64, Linux)" 4
+.IX Item "EVBACKEND_LINUXAIO (value 64, Linux)"
+Use the Linux-specific Linux \s-1AIO\s0 (\fInot\fR \f(CWaio(7)\fR but \f(CWio_submit(2)\fR) event interface available in post\-4.18 kernels (but libev
+only tries to use it in 4.19+).
+.Sp
+This is another Linux train wreck of an event interface.
+.Sp
+If this backend works for you (as of this writing, it was very
+experimental), it is the best event interface available on Linux and might
+be well worth enabling it \- if it isn't available in your kernel this will
+be detected and this backend will be skipped.
+.Sp
+This backend can batch oneshot requests and supports a user-space ring
+buffer to receive events. It also doesn't suffer from most of the design
+problems of epoll (such as not being able to remove event sources from
+the epoll set), and generally sounds too good to be true. Because, this
+being the Linux kernel, of course it suffers from a whole new set of
+limitations, forcing you to fall back to epoll, inheriting all its design
+issues.
+.Sp
+For one, it is not easily embeddable (but probably could be done using
+an event fd at some extra overhead). It also is subject to a system wide
+limit that can be configured in \fI/proc/sys/fs/aio\-max\-nr\fR. If no \s-1AIO\s0
+requests are left, this backend will be skipped during initialisation, and
+will switch to epoll when the loop is active.
+.Sp
+Most problematic in practice, however, is that not all file descriptors
+work with it. For example, in Linux 5.1, \s-1TCP\s0 sockets, pipes, event fds,
+files, \fI/dev/null\fR and many others are supported, but ttys do not work
+properly (a known bug that the kernel developers don't care about, see
+<https://lore.kernel.org/patchwork/patch/1047453/>), so this is not
+(yet?) a generic event polling interface.
+.Sp
+Overall, it seems the Linux developers just don't want it to have a
+generic event handling mechanism other than \f(CW\*(C`select\*(C'\fR or \f(CW\*(C`poll\*(C'\fR.
+.Sp
+To work around all these problem, the current version of libev uses its
+epoll backend as a fallback for file descriptor types that do not work. Or
+falls back completely to epoll if the kernel acts up.
+.Sp
+This backend maps \f(CW\*(C`EV_READ\*(C'\fR and \f(CW\*(C`EV_WRITE\*(C'\fR in the same way as
+\&\f(CW\*(C`EVBACKEND_POLL\*(C'\fR.
+.ie n .IP """EVBACKEND_KQUEUE""  (value 8, most \s-1BSD\s0 clones)" 4
+.el .IP "\f(CWEVBACKEND_KQUEUE\fR  (value 8, most \s-1BSD\s0 clones)" 4
+.IX Item "EVBACKEND_KQUEUE (value 8, most BSD clones)"
+Kqueue deserves special mention, as at the time this backend was
+implemented, it was broken on all BSDs except NetBSD (usually it doesn't
+work reliably with anything but sockets and pipes, except on Darwin,
+where of course it's completely useless). Unlike epoll, however, whose
+brokenness is by design, these kqueue bugs can be (and mostly have been)
+fixed without \s-1API\s0 changes to existing programs. For this reason it's not
+being \*(L"auto-detected\*(R" on all platforms unless you explicitly specify it
+in the flags (i.e. using \f(CW\*(C`EVBACKEND_KQUEUE\*(C'\fR) or libev was compiled on a
+known-to-be-good (\-enough) system like NetBSD.
+.Sp
+You still can embed kqueue into a normal poll or select backend and use it
+only for sockets (after having made sure that sockets work with kqueue on
+the target platform). See \f(CW\*(C`ev_embed\*(C'\fR watchers for more info.
+.Sp
+It scales in the same way as the epoll backend, but the interface to the
+kernel is more efficient (which says nothing about its actual speed, of
+course). While stopping, setting and starting an I/O watcher does never
+cause an extra system call as with \f(CW\*(C`EVBACKEND_EPOLL\*(C'\fR, it still adds up to
+two event changes per incident. Support for \f(CW\*(C`fork ()\*(C'\fR is very bad (you
+might have to leak fds on fork, but it's more sane than epoll) and it
+drops fds silently in similarly hard-to-detect cases.
+.Sp
+This backend usually performs well under most conditions.
+.Sp
+While nominally embeddable in other event loops, this doesn't work
+everywhere, so you might need to test for this. And since it is broken
+almost everywhere, you should only use it when you have a lot of sockets
+(for which it usually works), by embedding it into another event loop
+(e.g. \f(CW\*(C`EVBACKEND_SELECT\*(C'\fR or \f(CW\*(C`EVBACKEND_POLL\*(C'\fR (but \f(CW\*(C`poll\*(C'\fR is of course
+also broken on \s-1OS X\s0)) and, did I mention it, using it only for sockets.
+.Sp
+This backend maps \f(CW\*(C`EV_READ\*(C'\fR into an \f(CW\*(C`EVFILT_READ\*(C'\fR kevent with
+\&\f(CW\*(C`NOTE_EOF\*(C'\fR, and \f(CW\*(C`EV_WRITE\*(C'\fR into an \f(CW\*(C`EVFILT_WRITE\*(C'\fR kevent with
+\&\f(CW\*(C`NOTE_EOF\*(C'\fR.
+.ie n .IP """EVBACKEND_DEVPOLL"" (value 16, Solaris 8)" 4
+.el .IP "\f(CWEVBACKEND_DEVPOLL\fR (value 16, Solaris 8)" 4
+.IX Item "EVBACKEND_DEVPOLL (value 16, Solaris 8)"
+This is not implemented yet (and might never be, unless you send me an
+implementation). According to reports, \f(CW\*(C`/dev/poll\*(C'\fR only supports sockets
+and is not embeddable, which would limit the usefulness of this backend
+immensely.
+.ie n .IP """EVBACKEND_PORT""    (value 32, Solaris 10)" 4
+.el .IP "\f(CWEVBACKEND_PORT\fR    (value 32, Solaris 10)" 4
+.IX Item "EVBACKEND_PORT (value 32, Solaris 10)"
+This uses the Solaris 10 event port mechanism. As with everything on Solaris,
+it's really slow, but it still scales very well (O(active_fds)).
+.Sp
+While this backend scales well, it requires one system call per active
+file descriptor per loop iteration. For small and medium numbers of file
+descriptors a \*(L"slow\*(R" \f(CW\*(C`EVBACKEND_SELECT\*(C'\fR or \f(CW\*(C`EVBACKEND_POLL\*(C'\fR backend
+might perform better.
+.Sp
+On the positive side, this backend actually performed fully to
+specification in all tests and is fully embeddable, which is a rare feat
+among the OS-specific backends (I vastly prefer correctness over speed
+hacks).
+.Sp
+On the negative side, the interface is \fIbizarre\fR \- so bizarre that
+even sun itself gets it wrong in their code examples: The event polling
+function sometimes returns events to the caller even though an error
+occurred, but with no indication whether it has done so or not (yes, it's
+even documented that way) \- deadly for edge-triggered interfaces where you
+absolutely have to know whether an event occurred or not because you have
+to re-arm the watcher.
+.Sp
+Fortunately libev seems to be able to work around these idiocies.
+.Sp
+This backend maps \f(CW\*(C`EV_READ\*(C'\fR and \f(CW\*(C`EV_WRITE\*(C'\fR in the same way as
+\&\f(CW\*(C`EVBACKEND_POLL\*(C'\fR.
+.ie n .IP """EVBACKEND_ALL""" 4
+.el .IP "\f(CWEVBACKEND_ALL\fR" 4
+.IX Item "EVBACKEND_ALL"
+Try all backends (even potentially broken ones that wouldn't be tried
+with \f(CW\*(C`EVFLAG_AUTO\*(C'\fR). Since this is a mask, you can do stuff such as
+\&\f(CW\*(C`EVBACKEND_ALL & ~EVBACKEND_KQUEUE\*(C'\fR.
+.Sp
+It is definitely not recommended to use this flag, use whatever
+\&\f(CW\*(C`ev_recommended_backends ()\*(C'\fR returns, or simply do not specify a backend
+at all.
+.ie n .IP """EVBACKEND_MASK""" 4
+.el .IP "\f(CWEVBACKEND_MASK\fR" 4
+.IX Item "EVBACKEND_MASK"
+Not a backend at all, but a mask to select all backend bits from a
+\&\f(CW\*(C`flags\*(C'\fR value, in case you want to mask out any backends from a flags
+value (e.g. when modifying the \f(CW\*(C`LIBEV_FLAGS\*(C'\fR environment variable).
+.RE
+.RS 4
+.Sp
+If one or more of the backend flags are or'ed into the flags value,
+then only these backends will be tried (in the reverse order as listed
+here). If none are specified, all backends in \f(CW\*(C`ev_recommended_backends
+()\*(C'\fR will be tried.
+.Sp
+Example: Try to create a event loop that uses epoll and nothing else.
+.Sp
+.Vb 3
+\&   struct ev_loop *epoller = ev_loop_new (EVBACKEND_EPOLL | EVFLAG_NOENV);
+\&   if (!epoller)
+\&     fatal ("no epoll found here, maybe it hides under your chair");
+.Ve
+.Sp
+Example: Use whatever libev has to offer, but make sure that kqueue is
+used if available.
+.Sp
+.Vb 1
+\&   struct ev_loop *loop = ev_loop_new (ev_recommended_backends () | EVBACKEND_KQUEUE);
+.Ve
+.Sp
+Example: Similarly, on linux, you mgiht want to take advantage of the
+linux aio backend if possible, but fall back to something else if that
+isn't available.
+.Sp
+.Vb 1
+\&   struct ev_loop *loop = ev_loop_new (ev_recommended_backends () | EVBACKEND_LINUXAIO);
+.Ve
+.RE
+.IP "ev_loop_destroy (loop)" 4
+.IX Item "ev_loop_destroy (loop)"
+Destroys an event loop object (frees all memory and kernel state
+etc.). None of the active event watchers will be stopped in the normal
+sense, so e.g. \f(CW\*(C`ev_is_active\*(C'\fR might still return true. It is your
+responsibility to either stop all watchers cleanly yourself \fIbefore\fR
+calling this function, or cope with the fact afterwards (which is usually
+the easiest thing, you can just ignore the watchers and/or \f(CW\*(C`free ()\*(C'\fR them
+for example).
+.Sp
+Note that certain global state, such as signal state (and installed signal
+handlers), will not be freed by this function, and related watchers (such
+as signal and child watchers) would need to be stopped manually.
+.Sp
+This function is normally used on loop objects allocated by
+\&\f(CW\*(C`ev_loop_new\*(C'\fR, but it can also be used on the default loop returned by
+\&\f(CW\*(C`ev_default_loop\*(C'\fR, in which case it is not thread-safe.
+.Sp
+Note that it is not advisable to call this function on the default loop
+except in the rare occasion where you really need to free its resources.
+If you need dynamically allocated loops it is better to use \f(CW\*(C`ev_loop_new\*(C'\fR
+and \f(CW\*(C`ev_loop_destroy\*(C'\fR.
+.IP "ev_loop_fork (loop)" 4
+.IX Item "ev_loop_fork (loop)"
+This function sets a flag that causes subsequent \f(CW\*(C`ev_run\*(C'\fR iterations
+to reinitialise the kernel state for backends that have one. Despite
+the name, you can call it anytime you are allowed to start or stop
+watchers (except inside an \f(CW\*(C`ev_prepare\*(C'\fR callback), but it makes most
+sense after forking, in the child process. You \fImust\fR call it (or use
+\&\f(CW\*(C`EVFLAG_FORKCHECK\*(C'\fR) in the child before resuming or calling \f(CW\*(C`ev_run\*(C'\fR.
+.Sp
+In addition, if you want to reuse a loop (via this function or
+\&\f(CW\*(C`EVFLAG_FORKCHECK\*(C'\fR), you \fIalso\fR have to ignore \f(CW\*(C`SIGPIPE\*(C'\fR.
+.Sp
+Again, you \fIhave\fR to call it on \fIany\fR loop that you want to re-use after
+a fork, \fIeven if you do not plan to use the loop in the parent\fR. This is
+because some kernel interfaces *cough* \fIkqueue\fR *cough* do funny things
+during fork.
+.Sp
+On the other hand, you only need to call this function in the child
+process if and only if you want to use the event loop in the child. If
+you just fork+exec or create a new loop in the child, you don't have to
+call it at all (in fact, \f(CW\*(C`epoll\*(C'\fR is so badly broken that it makes a
+difference, but libev will usually detect this case on its own and do a
+costly reset of the backend).
+.Sp
+The function itself is quite fast and it's usually not a problem to call
+it just in case after a fork.
+.Sp
+Example: Automate calling \f(CW\*(C`ev_loop_fork\*(C'\fR on the default loop when
+using pthreads.
+.Sp
+.Vb 5
+\&   static void
+\&   post_fork_child (void)
+\&   {
+\&     ev_loop_fork (EV_DEFAULT);
+\&   }
+\&
+\&   ...
+\&   pthread_atfork (0, 0, post_fork_child);
+.Ve
+.IP "int ev_is_default_loop (loop)" 4
+.IX Item "int ev_is_default_loop (loop)"
+Returns true when the given loop is, in fact, the default loop, and false
+otherwise.
+.IP "unsigned int ev_iteration (loop)" 4
+.IX Item "unsigned int ev_iteration (loop)"
+Returns the current iteration count for the event loop, which is identical
+to the number of times libev did poll for new events. It starts at \f(CW0\fR
+and happily wraps around with enough iterations.
+.Sp
+This value can sometimes be useful as a generation counter of sorts (it
+\&\*(L"ticks\*(R" the number of loop iterations), as it roughly corresponds with
+\&\f(CW\*(C`ev_prepare\*(C'\fR and \f(CW\*(C`ev_check\*(C'\fR calls \- and is incremented between the
+prepare and check phases.
+.IP "unsigned int ev_depth (loop)" 4
+.IX Item "unsigned int ev_depth (loop)"
+Returns the number of times \f(CW\*(C`ev_run\*(C'\fR was entered minus the number of
+times \f(CW\*(C`ev_run\*(C'\fR was exited normally, in other words, the recursion depth.
+.Sp
+Outside \f(CW\*(C`ev_run\*(C'\fR, this number is zero. In a callback, this number is
+\&\f(CW1\fR, unless \f(CW\*(C`ev_run\*(C'\fR was invoked recursively (or from another thread),
+in which case it is higher.
+.Sp
+Leaving \f(CW\*(C`ev_run\*(C'\fR abnormally (setjmp/longjmp, cancelling the thread,
+throwing an exception etc.), doesn't count as \*(L"exit\*(R" \- consider this
+as a hint to avoid such ungentleman-like behaviour unless it's really
+convenient, in which case it is fully supported.
+.IP "unsigned int ev_backend (loop)" 4
+.IX Item "unsigned int ev_backend (loop)"
+Returns one of the \f(CW\*(C`EVBACKEND_*\*(C'\fR flags indicating the event backend in
+use.
+.IP "ev_tstamp ev_now (loop)" 4
+.IX Item "ev_tstamp ev_now (loop)"
+Returns the current \*(L"event loop time\*(R", which is the time the event loop
+received events and started processing them. This timestamp does not
+change as long as callbacks are being processed, and this is also the base
+time used for relative timers. You can treat it as the timestamp of the
+event occurring (or more correctly, libev finding out about it).
+.IP "ev_now_update (loop)" 4
+.IX Item "ev_now_update (loop)"
+Establishes the current time by querying the kernel, updating the time
+returned by \f(CW\*(C`ev_now ()\*(C'\fR in the progress. This is a costly operation and
+is usually done automatically within \f(CW\*(C`ev_run ()\*(C'\fR.
+.Sp
+This function is rarely useful, but when some event callback runs for a
+very long time without entering the event loop, updating libev's idea of
+the current time is a good idea.
+.Sp
+See also \*(L"The special problem of time updates\*(R" in the \f(CW\*(C`ev_timer\*(C'\fR section.
+.IP "ev_suspend (loop)" 4
+.IX Item "ev_suspend (loop)"
+.PD 0
+.IP "ev_resume (loop)" 4
+.IX Item "ev_resume (loop)"
+.PD
+These two functions suspend and resume an event loop, for use when the
+loop is not used for a while and timeouts should not be processed.
+.Sp
+A typical use case would be an interactive program such as a game:  When
+the user presses \f(CW\*(C`^Z\*(C'\fR to suspend the game and resumes it an hour later it
+would be best to handle timeouts as if no time had actually passed while
+the program was suspended. This can be achieved by calling \f(CW\*(C`ev_suspend\*(C'\fR
+in your \f(CW\*(C`SIGTSTP\*(C'\fR handler, sending yourself a \f(CW\*(C`SIGSTOP\*(C'\fR and calling
+\&\f(CW\*(C`ev_resume\*(C'\fR directly afterwards to resume timer processing.
+.Sp
+Effectively, all \f(CW\*(C`ev_timer\*(C'\fR watchers will be delayed by the time spend
+between \f(CW\*(C`ev_suspend\*(C'\fR and \f(CW\*(C`ev_resume\*(C'\fR, and all \f(CW\*(C`ev_periodic\*(C'\fR watchers
+will be rescheduled (that is, they will lose any events that would have
+occurred while suspended).
+.Sp
+After calling \f(CW\*(C`ev_suspend\*(C'\fR you \fBmust not\fR call \fIany\fR function on the
+given loop other than \f(CW\*(C`ev_resume\*(C'\fR, and you \fBmust not\fR call \f(CW\*(C`ev_resume\*(C'\fR
+without a previous call to \f(CW\*(C`ev_suspend\*(C'\fR.
+.Sp
+Calling \f(CW\*(C`ev_suspend\*(C'\fR/\f(CW\*(C`ev_resume\*(C'\fR has the side effect of updating the
+event loop time (see \f(CW\*(C`ev_now_update\*(C'\fR).
+.IP "bool ev_run (loop, int flags)" 4
+.IX Item "bool ev_run (loop, int flags)"
+Finally, this is it, the event handler. This function usually is called
+after you have initialised all your watchers and you want to start
+handling events. It will ask the operating system for any new events, call
+the watcher callbacks, and then repeat the whole process indefinitely: This
+is why event loops are called \fIloops\fR.
+.Sp
+If the flags argument is specified as \f(CW0\fR, it will keep handling events
+until either no event watchers are active anymore or \f(CW\*(C`ev_break\*(C'\fR was
+called.
+.Sp
+The return value is false if there are no more active watchers (which
+usually means \*(L"all jobs done\*(R" or \*(L"deadlock\*(R"), and true in all other cases
+(which usually means " you should call \f(CW\*(C`ev_run\*(C'\fR again").
+.Sp
+Please note that an explicit \f(CW\*(C`ev_break\*(C'\fR is usually better than
+relying on all watchers to be stopped when deciding when a program has
+finished (especially in interactive programs), but having a program
+that automatically loops as long as it has to and no longer by virtue
+of relying on its watchers stopping correctly, that is truly a thing of
+beauty.
+.Sp
+This function is \fImostly\fR exception-safe \- you can break out of a
+\&\f(CW\*(C`ev_run\*(C'\fR call by calling \f(CW\*(C`longjmp\*(C'\fR in a callback, throwing a \*(C+
+exception and so on. This does not decrement the \f(CW\*(C`ev_depth\*(C'\fR value, nor
+will it clear any outstanding \f(CW\*(C`EVBREAK_ONE\*(C'\fR breaks.
+.Sp
+A flags value of \f(CW\*(C`EVRUN_NOWAIT\*(C'\fR will look for new events, will handle
+those events and any already outstanding ones, but will not wait and
+block your process in case there are no events and will return after one
+iteration of the loop. This is sometimes useful to poll and handle new
+events while doing lengthy calculations, to keep the program responsive.
+.Sp
+A flags value of \f(CW\*(C`EVRUN_ONCE\*(C'\fR will look for new events (waiting if
+necessary) and will handle those and any already outstanding ones. It
+will block your process until at least one new event arrives (which could
+be an event internal to libev itself, so there is no guarantee that a
+user-registered callback will be called), and will return after one
+iteration of the loop.
+.Sp
+This is useful if you are waiting for some external event in conjunction
+with something not expressible using other libev watchers (i.e. "roll your
+own \f(CW\*(C`ev_run\*(C'\fR"). However, a pair of \f(CW\*(C`ev_prepare\*(C'\fR/\f(CW\*(C`ev_check\*(C'\fR watchers is
+usually a better approach for this kind of thing.
+.Sp
+Here are the gory details of what \f(CW\*(C`ev_run\*(C'\fR does (this is for your
+understanding, not a guarantee that things will work exactly like this in
+future versions):
+.Sp
+.Vb 10
+\&   \- Increment loop depth.
+\&   \- Reset the ev_break status.
+\&   \- Before the first iteration, call any pending watchers.
+\&   LOOP:
+\&   \- If EVFLAG_FORKCHECK was used, check for a fork.
+\&   \- If a fork was detected (by any means), queue and call all fork watchers.
+\&   \- Queue and call all prepare watchers.
+\&   \- If ev_break was called, goto FINISH.
+\&   \- If we have been forked, detach and recreate the kernel state
+\&     as to not disturb the other process.
+\&   \- Update the kernel state with all outstanding changes.
+\&   \- Update the "event loop time" (ev_now ()).
+\&   \- Calculate for how long to sleep or block, if at all
+\&     (active idle watchers, EVRUN_NOWAIT or not having
+\&     any active watchers at all will result in not sleeping).
+\&   \- Sleep if the I/O and timer collect interval say so.
+\&   \- Increment loop iteration counter.
+\&   \- Block the process, waiting for any events.
+\&   \- Queue all outstanding I/O (fd) events.
+\&   \- Update the "event loop time" (ev_now ()), and do time jump adjustments.
+\&   \- Queue all expired timers.
+\&   \- Queue all expired periodics.
+\&   \- Queue all idle watchers with priority higher than that of pending events.
+\&   \- Queue all check watchers.
+\&   \- Call all queued watchers in reverse order (i.e. check watchers first).
+\&     Signals and child watchers are implemented as I/O watchers, and will
+\&     be handled here by queueing them when their watcher gets executed.
+\&   \- If ev_break has been called, or EVRUN_ONCE or EVRUN_NOWAIT
+\&     were used, or there are no active watchers, goto FINISH, otherwise
+\&     continue with step LOOP.
+\&   FINISH:
+\&   \- Reset the ev_break status iff it was EVBREAK_ONE.
+\&   \- Decrement the loop depth.
+\&   \- Return.
+.Ve
+.Sp
+Example: Queue some jobs and then loop until no events are outstanding
+anymore.
+.Sp
+.Vb 4
+\&   ... queue jobs here, make sure they register event watchers as long
+\&   ... as they still have work to do (even an idle watcher will do..)
+\&   ev_run (my_loop, 0);
+\&   ... jobs done or somebody called break. yeah!
+.Ve
+.IP "ev_break (loop, how)" 4
+.IX Item "ev_break (loop, how)"
+Can be used to make a call to \f(CW\*(C`ev_run\*(C'\fR return early (but only after it
+has processed all outstanding events). The \f(CW\*(C`how\*(C'\fR argument must be either
+\&\f(CW\*(C`EVBREAK_ONE\*(C'\fR, which will make the innermost \f(CW\*(C`ev_run\*(C'\fR call return, or
+\&\f(CW\*(C`EVBREAK_ALL\*(C'\fR, which will make all nested \f(CW\*(C`ev_run\*(C'\fR calls return.
+.Sp
+This \*(L"break state\*(R" will be cleared on the next call to \f(CW\*(C`ev_run\*(C'\fR.
+.Sp
+It is safe to call \f(CW\*(C`ev_break\*(C'\fR from outside any \f(CW\*(C`ev_run\*(C'\fR calls, too, in
+which case it will have no effect.
+.IP "ev_ref (loop)" 4
+.IX Item "ev_ref (loop)"
+.PD 0
+.IP "ev_unref (loop)" 4
+.IX Item "ev_unref (loop)"
+.PD
+Ref/unref can be used to add or remove a reference count on the event
+loop: Every watcher keeps one reference, and as long as the reference
+count is nonzero, \f(CW\*(C`ev_run\*(C'\fR will not return on its own.
+.Sp
+This is useful when you have a watcher that you never intend to
+unregister, but that nevertheless should not keep \f(CW\*(C`ev_run\*(C'\fR from
+returning. In such a case, call \f(CW\*(C`ev_unref\*(C'\fR after starting, and \f(CW\*(C`ev_ref\*(C'\fR
+before stopping it.
+.Sp
+As an example, libev itself uses this for its internal signal pipe: It
+is not visible to the libev user and should not keep \f(CW\*(C`ev_run\*(C'\fR from
+exiting if no event watchers registered by it are active. It is also an
+excellent way to do this for generic recurring timers or from within
+third-party libraries. Just remember to \fIunref after start\fR and \fIref
+before stop\fR (but only if the watcher wasn't active before, or was active
+before, respectively. Note also that libev might stop watchers itself
+(e.g. non-repeating timers) in which case you have to \f(CW\*(C`ev_ref\*(C'\fR
+in the callback).
+.Sp
+Example: Create a signal watcher, but keep it from keeping \f(CW\*(C`ev_run\*(C'\fR
+running when nothing else is active.
+.Sp
+.Vb 4
+\&   ev_signal exitsig;
+\&   ev_signal_init (&exitsig, sig_cb, SIGINT);
+\&   ev_signal_start (loop, &exitsig);
+\&   ev_unref (loop);
+.Ve
+.Sp
+Example: For some weird reason, unregister the above signal handler again.
+.Sp
+.Vb 2
+\&   ev_ref (loop);
+\&   ev_signal_stop (loop, &exitsig);
+.Ve
+.IP "ev_set_io_collect_interval (loop, ev_tstamp interval)" 4
+.IX Item "ev_set_io_collect_interval (loop, ev_tstamp interval)"
+.PD 0
+.IP "ev_set_timeout_collect_interval (loop, ev_tstamp interval)" 4
+.IX Item "ev_set_timeout_collect_interval (loop, ev_tstamp interval)"
+.PD
+These advanced functions influence the time that libev will spend waiting
+for events. Both time intervals are by default \f(CW0\fR, meaning that libev
+will try to invoke timer/periodic callbacks and I/O callbacks with minimum
+latency.
+.Sp
+Setting these to a higher value (the \f(CW\*(C`interval\*(C'\fR \fImust\fR be >= \f(CW0\fR)
+allows libev to delay invocation of I/O and timer/periodic callbacks
+to increase efficiency of loop iterations (or to increase power-saving
+opportunities).
+.Sp
+The idea is that sometimes your program runs just fast enough to handle
+one (or very few) event(s) per loop iteration. While this makes the
+program responsive, it also wastes a lot of \s-1CPU\s0 time to poll for new
+events, especially with backends like \f(CW\*(C`select ()\*(C'\fR which have a high
+overhead for the actual polling but can deliver many events at once.
+.Sp
+By setting a higher \fIio collect interval\fR you allow libev to spend more
+time collecting I/O events, so you can handle more events per iteration,
+at the cost of increasing latency. Timeouts (both \f(CW\*(C`ev_periodic\*(C'\fR and
+\&\f(CW\*(C`ev_timer\*(C'\fR) will not be affected. Setting this to a non-null value will
+introduce an additional \f(CW\*(C`ev_sleep ()\*(C'\fR call into most loop iterations. The
+sleep time ensures that libev will not poll for I/O events more often then
+once per this interval, on average (as long as the host time resolution is
+good enough).
+.Sp
+Likewise, by setting a higher \fItimeout collect interval\fR you allow libev
+to spend more time collecting timeouts, at the expense of increased
+latency/jitter/inexactness (the watcher callback will be called
+later). \f(CW\*(C`ev_io\*(C'\fR watchers will not be affected. Setting this to a non-null
+value will not introduce any overhead in libev.
+.Sp
+Many (busy) programs can usually benefit by setting the I/O collect
+interval to a value near \f(CW0.1\fR or so, which is often enough for
+interactive servers (of course not for games), likewise for timeouts. It
+usually doesn't make much sense to set it to a lower value than \f(CW0.01\fR,
+as this approaches the timing granularity of most systems. Note that if
+you do transactions with the outside world and you can't increase the
+parallelity, then this setting will limit your transaction rate (if you
+need to poll once per transaction and the I/O collect interval is 0.01,
+then you can't do more than 100 transactions per second).
+.Sp
+Setting the \fItimeout collect interval\fR can improve the opportunity for
+saving power, as the program will \*(L"bundle\*(R" timer callback invocations that
+are \*(L"near\*(R" in time together, by delaying some, thus reducing the number of
+times the process sleeps and wakes up again. Another useful technique to
+reduce iterations/wake\-ups is to use \f(CW\*(C`ev_periodic\*(C'\fR watchers and make sure
+they fire on, say, one-second boundaries only.
+.Sp
+Example: we only need 0.1s timeout granularity, and we wish not to poll
+more often than 100 times per second:
+.Sp
+.Vb 2
+\&   ev_set_timeout_collect_interval (EV_DEFAULT_UC_ 0.1);
+\&   ev_set_io_collect_interval (EV_DEFAULT_UC_ 0.01);
+.Ve
+.IP "ev_invoke_pending (loop)" 4
+.IX Item "ev_invoke_pending (loop)"
+This call will simply invoke all pending watchers while resetting their
+pending state. Normally, \f(CW\*(C`ev_run\*(C'\fR does this automatically when required,
+but when overriding the invoke callback this call comes handy. This
+function can be invoked from a watcher \- this can be useful for example
+when you want to do some lengthy calculation and want to pass further
+event handling to another thread (you still have to make sure only one
+thread executes within \f(CW\*(C`ev_invoke_pending\*(C'\fR or \f(CW\*(C`ev_run\*(C'\fR of course).
+.IP "int ev_pending_count (loop)" 4
+.IX Item "int ev_pending_count (loop)"
+Returns the number of pending watchers \- zero indicates that no watchers
+are pending.
+.IP "ev_set_invoke_pending_cb (loop, void (*invoke_pending_cb)(\s-1EV_P\s0))" 4
+.IX Item "ev_set_invoke_pending_cb (loop, void (*invoke_pending_cb)(EV_P))"
+This overrides the invoke pending functionality of the loop: Instead of
+invoking all pending watchers when there are any, \f(CW\*(C`ev_run\*(C'\fR will call
+this callback instead. This is useful, for example, when you want to
+invoke the actual watchers inside another context (another thread etc.).
+.Sp
+If you want to reset the callback, use \f(CW\*(C`ev_invoke_pending\*(C'\fR as new
+callback.
+.IP "ev_set_loop_release_cb (loop, void (*release)(\s-1EV_P\s0) throw (), void (*acquire)(\s-1EV_P\s0) throw ())" 4
+.IX Item "ev_set_loop_release_cb (loop, void (*release)(EV_P) throw (), void (*acquire)(EV_P) throw ())"
+Sometimes you want to share the same loop between multiple threads. This
+can be done relatively simply by putting mutex_lock/unlock calls around
+each call to a libev function.
+.Sp
+However, \f(CW\*(C`ev_run\*(C'\fR can run an indefinite time, so it is not feasible
+to wait for it to return. One way around this is to wake up the event
+loop via \f(CW\*(C`ev_break\*(C'\fR and \f(CW\*(C`ev_async_send\*(C'\fR, another way is to set these
+\&\fIrelease\fR and \fIacquire\fR callbacks on the loop.
+.Sp
+When set, then \f(CW\*(C`release\*(C'\fR will be called just before the thread is
+suspended waiting for new events, and \f(CW\*(C`acquire\*(C'\fR is called just
+afterwards.
+.Sp
+Ideally, \f(CW\*(C`release\*(C'\fR will just call your mutex_unlock function, and
+\&\f(CW\*(C`acquire\*(C'\fR will just call the mutex_lock function again.
+.Sp
+While event loop modifications are allowed between invocations of
+\&\f(CW\*(C`release\*(C'\fR and \f(CW\*(C`acquire\*(C'\fR (that's their only purpose after all), no
+modifications done will affect the event loop, i.e. adding watchers will
+have no effect on the set of file descriptors being watched, or the time
+waited. Use an \f(CW\*(C`ev_async\*(C'\fR watcher to wake up \f(CW\*(C`ev_run\*(C'\fR when you want it
+to take note of any changes you made.
+.Sp
+In theory, threads executing \f(CW\*(C`ev_run\*(C'\fR will be async-cancel safe between
+invocations of \f(CW\*(C`release\*(C'\fR and \f(CW\*(C`acquire\*(C'\fR.
+.Sp
+See also the locking example in the \f(CW\*(C`THREADS\*(C'\fR section later in this
+document.
+.IP "ev_set_userdata (loop, void *data)" 4
+.IX Item "ev_set_userdata (loop, void *data)"
+.PD 0
+.IP "void *ev_userdata (loop)" 4
+.IX Item "void *ev_userdata (loop)"
+.PD
+Set and retrieve a single \f(CW\*(C`void *\*(C'\fR associated with a loop. When
+\&\f(CW\*(C`ev_set_userdata\*(C'\fR has never been called, then \f(CW\*(C`ev_userdata\*(C'\fR returns
+\&\f(CW0\fR.
+.Sp
+These two functions can be used to associate arbitrary data with a loop,
+and are intended solely for the \f(CW\*(C`invoke_pending_cb\*(C'\fR, \f(CW\*(C`release\*(C'\fR and
+\&\f(CW\*(C`acquire\*(C'\fR callbacks described above, but of course can be (ab\-)used for
+any other purpose as well.
+.IP "ev_verify (loop)" 4
+.IX Item "ev_verify (loop)"
+This function only does something when \f(CW\*(C`EV_VERIFY\*(C'\fR support has been
+compiled in, which is the default for non-minimal builds. It tries to go
+through all internal structures and checks them for validity. If anything
+is found to be inconsistent, it will print an error message to standard
+error and call \f(CW\*(C`abort ()\*(C'\fR.
+.Sp
+This can be used to catch bugs inside libev itself: under normal
+circumstances, this function will never abort as of course libev keeps its
+data structures consistent.
+.SH "ANATOMY OF A WATCHER"
+.IX Header "ANATOMY OF A WATCHER"
+In the following description, uppercase \f(CW\*(C`TYPE\*(C'\fR in names stands for the
+watcher type, e.g. \f(CW\*(C`ev_TYPE_start\*(C'\fR can mean \f(CW\*(C`ev_timer_start\*(C'\fR for timer
+watchers and \f(CW\*(C`ev_io_start\*(C'\fR for I/O watchers.
+.PP
+A watcher is an opaque structure that you allocate and register to record
+your interest in some event. To make a concrete example, imagine you want
+to wait for \s-1STDIN\s0 to become readable, you would create an \f(CW\*(C`ev_io\*(C'\fR watcher
+for that:
+.PP
+.Vb 5
+\&   static void my_cb (struct ev_loop *loop, ev_io *w, int revents)
+\&   {
+\&     ev_io_stop (w);
+\&     ev_break (loop, EVBREAK_ALL);
+\&   }
+\&
+\&   struct ev_loop *loop = ev_default_loop (0);
+\&
+\&   ev_io stdin_watcher;
+\&
+\&   ev_init (&stdin_watcher, my_cb);
+\&   ev_io_set (&stdin_watcher, STDIN_FILENO, EV_READ);
+\&   ev_io_start (loop, &stdin_watcher);
+\&
+\&   ev_run (loop, 0);
+.Ve
+.PP
+As you can see, you are responsible for allocating the memory for your
+watcher structures (and it is \fIusually\fR a bad idea to do this on the
+stack).
+.PP
+Each watcher has an associated watcher structure (called \f(CW\*(C`struct ev_TYPE\*(C'\fR
+or simply \f(CW\*(C`ev_TYPE\*(C'\fR, as typedefs are provided for all watcher structs).
+.PP
+Each watcher structure must be initialised by a call to \f(CW\*(C`ev_init (watcher
+*, callback)\*(C'\fR, which expects a callback to be provided. This callback is
+invoked each time the event occurs (or, in the case of I/O watchers, each
+time the event loop detects that the file descriptor given is readable
+and/or writable).
+.PP
+Each watcher type further has its own \f(CW\*(C`ev_TYPE_set (watcher *, ...)\*(C'\fR
+macro to configure it, with arguments specific to the watcher type. There
+is also a macro to combine initialisation and setting in one call: \f(CW\*(C`ev_TYPE_init (watcher *, callback, ...)\*(C'\fR.
+.PP
+To make the watcher actually watch out for events, you have to start it
+with a watcher-specific start function (\f(CW\*(C`ev_TYPE_start (loop, watcher
+*)\*(C'\fR), and you can stop watching for events at any time by calling the
+corresponding stop function (\f(CW\*(C`ev_TYPE_stop (loop, watcher *)\*(C'\fR.
+.PP
+As long as your watcher is active (has been started but not stopped) you
+must not touch the values stored in it except when explicitly documented
+otherwise. Most specifically you must never reinitialise it or call its
+\&\f(CW\*(C`ev_TYPE_set\*(C'\fR macro.
+.PP
+Each and every callback receives the event loop pointer as first, the
+registered watcher structure as second, and a bitset of received events as
+third argument.
+.PP
+The received events usually include a single bit per event type received
+(you can receive multiple events at the same time). The possible bit masks
+are:
+.ie n .IP """EV_READ""" 4
+.el .IP "\f(CWEV_READ\fR" 4
+.IX Item "EV_READ"
+.PD 0
+.ie n .IP """EV_WRITE""" 4
+.el .IP "\f(CWEV_WRITE\fR" 4
+.IX Item "EV_WRITE"
+.PD
+The file descriptor in the \f(CW\*(C`ev_io\*(C'\fR watcher has become readable and/or
+writable.
+.ie n .IP """EV_TIMER""" 4
+.el .IP "\f(CWEV_TIMER\fR" 4
+.IX Item "EV_TIMER"
+The \f(CW\*(C`ev_timer\*(C'\fR watcher has timed out.
+.ie n .IP """EV_PERIODIC""" 4
+.el .IP "\f(CWEV_PERIODIC\fR" 4
+.IX Item "EV_PERIODIC"
+The \f(CW\*(C`ev_periodic\*(C'\fR watcher has timed out.
+.ie n .IP """EV_SIGNAL""" 4
+.el .IP "\f(CWEV_SIGNAL\fR" 4
+.IX Item "EV_SIGNAL"
+The signal specified in the \f(CW\*(C`ev_signal\*(C'\fR watcher has been received by a thread.
+.ie n .IP """EV_CHILD""" 4
+.el .IP "\f(CWEV_CHILD\fR" 4
+.IX Item "EV_CHILD"
+The pid specified in the \f(CW\*(C`ev_child\*(C'\fR watcher has received a status change.
+.ie n .IP """EV_STAT""" 4
+.el .IP "\f(CWEV_STAT\fR" 4
+.IX Item "EV_STAT"
+The path specified in the \f(CW\*(C`ev_stat\*(C'\fR watcher changed its attributes somehow.
+.ie n .IP """EV_IDLE""" 4
+.el .IP "\f(CWEV_IDLE\fR" 4
+.IX Item "EV_IDLE"
+The \f(CW\*(C`ev_idle\*(C'\fR watcher has determined that you have nothing better to do.
+.ie n .IP """EV_PREPARE""" 4
+.el .IP "\f(CWEV_PREPARE\fR" 4
+.IX Item "EV_PREPARE"
+.PD 0
+.ie n .IP """EV_CHECK""" 4
+.el .IP "\f(CWEV_CHECK\fR" 4
+.IX Item "EV_CHECK"
+.PD
+All \f(CW\*(C`ev_prepare\*(C'\fR watchers are invoked just \fIbefore\fR \f(CW\*(C`ev_run\*(C'\fR starts to
+gather new events, and all \f(CW\*(C`ev_check\*(C'\fR watchers are queued (not invoked)
+just after \f(CW\*(C`ev_run\*(C'\fR has gathered them, but before it queues any callbacks
+for any received events. That means \f(CW\*(C`ev_prepare\*(C'\fR watchers are the last
+watchers invoked before the event loop sleeps or polls for new events, and
+\&\f(CW\*(C`ev_check\*(C'\fR watchers will be invoked before any other watchers of the same
+or lower priority within an event loop iteration.
+.Sp
+Callbacks of both watcher types can start and stop as many watchers as
+they want, and all of them will be taken into account (for example, a
+\&\f(CW\*(C`ev_prepare\*(C'\fR watcher might start an idle watcher to keep \f(CW\*(C`ev_run\*(C'\fR from
+blocking).
+.ie n .IP """EV_EMBED""" 4
+.el .IP "\f(CWEV_EMBED\fR" 4
+.IX Item "EV_EMBED"
+The embedded event loop specified in the \f(CW\*(C`ev_embed\*(C'\fR watcher needs attention.
+.ie n .IP """EV_FORK""" 4
+.el .IP "\f(CWEV_FORK\fR" 4
+.IX Item "EV_FORK"
+The event loop has been resumed in the child process after fork (see
+\&\f(CW\*(C`ev_fork\*(C'\fR).
+.ie n .IP """EV_CLEANUP""" 4
+.el .IP "\f(CWEV_CLEANUP\fR" 4
+.IX Item "EV_CLEANUP"
+The event loop is about to be destroyed (see \f(CW\*(C`ev_cleanup\*(C'\fR).
+.ie n .IP """EV_ASYNC""" 4
+.el .IP "\f(CWEV_ASYNC\fR" 4
+.IX Item "EV_ASYNC"
+The given async watcher has been asynchronously notified (see \f(CW\*(C`ev_async\*(C'\fR).
+.ie n .IP """EV_CUSTOM""" 4
+.el .IP "\f(CWEV_CUSTOM\fR" 4
+.IX Item "EV_CUSTOM"
+Not ever sent (or otherwise used) by libev itself, but can be freely used
+by libev users to signal watchers (e.g. via \f(CW\*(C`ev_feed_event\*(C'\fR).
+.ie n .IP """EV_ERROR""" 4
+.el .IP "\f(CWEV_ERROR\fR" 4
+.IX Item "EV_ERROR"
+An unspecified error has occurred, the watcher has been stopped. This might
+happen because the watcher could not be properly started because libev
+ran out of memory, a file descriptor was found to be closed or any other
+problem. Libev considers these application bugs.
+.Sp
+You best act on it by reporting the problem and somehow coping with the
+watcher being stopped. Note that well-written programs should not receive
+an error ever, so when your watcher receives it, this usually indicates a
+bug in your program.
+.Sp
+Libev will usually signal a few \*(L"dummy\*(R" events together with an error, for
+example it might indicate that a fd is readable or writable, and if your
+callbacks is well-written it can just attempt the operation and cope with
+the error from \fBread()\fR or \fBwrite()\fR. This will not work in multi-threaded
+programs, though, as the fd could already be closed and reused for another
+thing, so beware.
+.SS "\s-1GENERIC WATCHER FUNCTIONS\s0"
+.IX Subsection "GENERIC WATCHER FUNCTIONS"
+.ie n .IP """ev_init"" (ev_TYPE *watcher, callback)" 4
+.el .IP "\f(CWev_init\fR (ev_TYPE *watcher, callback)" 4
+.IX Item "ev_init (ev_TYPE *watcher, callback)"
+This macro initialises the generic portion of a watcher. The contents
+of the watcher object can be arbitrary (so \f(CW\*(C`malloc\*(C'\fR will do). Only
+the generic parts of the watcher are initialised, you \fIneed\fR to call
+the type-specific \f(CW\*(C`ev_TYPE_set\*(C'\fR macro afterwards to initialise the
+type-specific parts. For each type there is also a \f(CW\*(C`ev_TYPE_init\*(C'\fR macro
+which rolls both calls into one.
+.Sp
+You can reinitialise a watcher at any time as long as it has been stopped
+(or never started) and there are no pending events outstanding.
+.Sp
+The callback is always of type \f(CW\*(C`void (*)(struct ev_loop *loop, ev_TYPE *watcher,
+int revents)\*(C'\fR.
+.Sp
+Example: Initialise an \f(CW\*(C`ev_io\*(C'\fR watcher in two steps.
+.Sp
+.Vb 3
+\&   ev_io w;
+\&   ev_init (&w, my_cb);
+\&   ev_io_set (&w, STDIN_FILENO, EV_READ);
+.Ve
+.ie n .IP """ev_TYPE_set"" (ev_TYPE *watcher, [args])" 4
+.el .IP "\f(CWev_TYPE_set\fR (ev_TYPE *watcher, [args])" 4
+.IX Item "ev_TYPE_set (ev_TYPE *watcher, [args])"
+This macro initialises the type-specific parts of a watcher. You need to
+call \f(CW\*(C`ev_init\*(C'\fR at least once before you call this macro, but you can
+call \f(CW\*(C`ev_TYPE_set\*(C'\fR any number of times. You must not, however, call this
+macro on a watcher that is active (it can be pending, however, which is a
+difference to the \f(CW\*(C`ev_init\*(C'\fR macro).
+.Sp
+Although some watcher types do not have type-specific arguments
+(e.g. \f(CW\*(C`ev_prepare\*(C'\fR) you still need to call its \f(CW\*(C`set\*(C'\fR macro.
+.Sp
+See \f(CW\*(C`ev_init\*(C'\fR, above, for an example.
+.ie n .IP """ev_TYPE_init"" (ev_TYPE *watcher, callback, [args])" 4
+.el .IP "\f(CWev_TYPE_init\fR (ev_TYPE *watcher, callback, [args])" 4
+.IX Item "ev_TYPE_init (ev_TYPE *watcher, callback, [args])"
+This convenience macro rolls both \f(CW\*(C`ev_init\*(C'\fR and \f(CW\*(C`ev_TYPE_set\*(C'\fR macro
+calls into a single call. This is the most convenient method to initialise
+a watcher. The same limitations apply, of course.
+.Sp
+Example: Initialise and set an \f(CW\*(C`ev_io\*(C'\fR watcher in one step.
+.Sp
+.Vb 1
+\&   ev_io_init (&w, my_cb, STDIN_FILENO, EV_READ);
+.Ve
+.ie n .IP """ev_TYPE_start"" (loop, ev_TYPE *watcher)" 4
+.el .IP "\f(CWev_TYPE_start\fR (loop, ev_TYPE *watcher)" 4
+.IX Item "ev_TYPE_start (loop, ev_TYPE *watcher)"
+Starts (activates) the given watcher. Only active watchers will receive
+events. If the watcher is already active nothing will happen.
+.Sp
+Example: Start the \f(CW\*(C`ev_io\*(C'\fR watcher that is being abused as example in this
+whole section.
+.Sp
+.Vb 1
+\&   ev_io_start (EV_DEFAULT_UC, &w);
+.Ve
+.ie n .IP """ev_TYPE_stop"" (loop, ev_TYPE *watcher)" 4
+.el .IP "\f(CWev_TYPE_stop\fR (loop, ev_TYPE *watcher)" 4
+.IX Item "ev_TYPE_stop (loop, ev_TYPE *watcher)"
+Stops the given watcher if active, and clears the pending status (whether
+the watcher was active or not).
+.Sp
+It is possible that stopped watchers are pending \- for example,
+non-repeating timers are being stopped when they become pending \- but
+calling \f(CW\*(C`ev_TYPE_stop\*(C'\fR ensures that the watcher is neither active nor
+pending. If you want to free or reuse the memory used by the watcher it is
+therefore a good idea to always call its \f(CW\*(C`ev_TYPE_stop\*(C'\fR function.
+.IP "bool ev_is_active (ev_TYPE *watcher)" 4
+.IX Item "bool ev_is_active (ev_TYPE *watcher)"
+Returns a true value iff the watcher is active (i.e. it has been started
+and not yet been stopped). As long as a watcher is active you must not modify
+it.
+.IP "bool ev_is_pending (ev_TYPE *watcher)" 4
+.IX Item "bool ev_is_pending (ev_TYPE *watcher)"
+Returns a true value iff the watcher is pending, (i.e. it has outstanding
+events but its callback has not yet been invoked). As long as a watcher
+is pending (but not active) you must not call an init function on it (but
+\&\f(CW\*(C`ev_TYPE_set\*(C'\fR is safe), you must not change its priority, and you must
+make sure the watcher is available to libev (e.g. you cannot \f(CW\*(C`free ()\*(C'\fR
+it).
+.IP "callback ev_cb (ev_TYPE *watcher)" 4
+.IX Item "callback ev_cb (ev_TYPE *watcher)"
+Returns the callback currently set on the watcher.
+.IP "ev_set_cb (ev_TYPE *watcher, callback)" 4
+.IX Item "ev_set_cb (ev_TYPE *watcher, callback)"
+Change the callback. You can change the callback at virtually any time
+(modulo threads).
+.IP "ev_set_priority (ev_TYPE *watcher, int priority)" 4
+.IX Item "ev_set_priority (ev_TYPE *watcher, int priority)"
+.PD 0
+.IP "int ev_priority (ev_TYPE *watcher)" 4
+.IX Item "int ev_priority (ev_TYPE *watcher)"
+.PD
+Set and query the priority of the watcher. The priority is a small
+integer between \f(CW\*(C`EV_MAXPRI\*(C'\fR (default: \f(CW2\fR) and \f(CW\*(C`EV_MINPRI\*(C'\fR
+(default: \f(CW\*(C`\-2\*(C'\fR). Pending watchers with higher priority will be invoked
+before watchers with lower priority, but priority will not keep watchers
+from being executed (except for \f(CW\*(C`ev_idle\*(C'\fR watchers).
+.Sp
+If you need to suppress invocation when higher priority events are pending
+you need to look at \f(CW\*(C`ev_idle\*(C'\fR watchers, which provide this functionality.
+.Sp
+You \fImust not\fR change the priority of a watcher as long as it is active or
+pending.
+.Sp
+Setting a priority outside the range of \f(CW\*(C`EV_MINPRI\*(C'\fR to \f(CW\*(C`EV_MAXPRI\*(C'\fR is
+fine, as long as you do not mind that the priority value you query might
+or might not have been clamped to the valid range.
+.Sp
+The default priority used by watchers when no priority has been set is
+always \f(CW0\fR, which is supposed to not be too high and not be too low :).
+.Sp
+See \*(L"\s-1WATCHER PRIORITY MODELS\*(R"\s0, below, for a more thorough treatment of
+priorities.
+.IP "ev_invoke (loop, ev_TYPE *watcher, int revents)" 4
+.IX Item "ev_invoke (loop, ev_TYPE *watcher, int revents)"
+Invoke the \f(CW\*(C`watcher\*(C'\fR with the given \f(CW\*(C`loop\*(C'\fR and \f(CW\*(C`revents\*(C'\fR. Neither
+\&\f(CW\*(C`loop\*(C'\fR nor \f(CW\*(C`revents\*(C'\fR need to be valid as long as the watcher callback
+can deal with that fact, as both are simply passed through to the
+callback.
+.IP "int ev_clear_pending (loop, ev_TYPE *watcher)" 4
+.IX Item "int ev_clear_pending (loop, ev_TYPE *watcher)"
+If the watcher is pending, this function clears its pending status and
+returns its \f(CW\*(C`revents\*(C'\fR bitset (as if its callback was invoked). If the
+watcher isn't pending it does nothing and returns \f(CW0\fR.
+.Sp
+Sometimes it can be useful to \*(L"poll\*(R" a watcher instead of waiting for its
+callback to be invoked, which can be accomplished with this function.
+.IP "ev_feed_event (loop, ev_TYPE *watcher, int revents)" 4
+.IX Item "ev_feed_event (loop, ev_TYPE *watcher, int revents)"
+Feeds the given event set into the event loop, as if the specified event
+had happened for the specified watcher (which must be a pointer to an
+initialised but not necessarily started event watcher). Obviously you must
+not free the watcher as long as it has pending events.
+.Sp
+Stopping the watcher, letting libev invoke it, or calling
+\&\f(CW\*(C`ev_clear_pending\*(C'\fR will clear the pending event, even if the watcher was
+not started in the first place.
+.Sp
+See also \f(CW\*(C`ev_feed_fd_event\*(C'\fR and \f(CW\*(C`ev_feed_signal_event\*(C'\fR for related
+functions that do not need a watcher.
+.PP
+See also the \*(L"\s-1ASSOCIATING CUSTOM DATA WITH A WATCHER\*(R"\s0 and \*(L"\s-1BUILDING YOUR
+OWN COMPOSITE WATCHERS\*(R"\s0 idioms.
+.SS "\s-1WATCHER STATES\s0"
+.IX Subsection "WATCHER STATES"
+There are various watcher states mentioned throughout this manual \-
+active, pending and so on. In this section these states and the rules to
+transition between them will be described in more detail \- and while these
+rules might look complicated, they usually do \*(L"the right thing\*(R".
+.IP "initialised" 4
+.IX Item "initialised"
+Before a watcher can be registered with the event loop it has to be
+initialised. This can be done with a call to \f(CW\*(C`ev_TYPE_init\*(C'\fR, or calls to
+\&\f(CW\*(C`ev_init\*(C'\fR followed by the watcher-specific \f(CW\*(C`ev_TYPE_set\*(C'\fR function.
+.Sp
+In this state it is simply some block of memory that is suitable for
+use in an event loop. It can be moved around, freed, reused etc. at
+will \- as long as you either keep the memory contents intact, or call
+\&\f(CW\*(C`ev_TYPE_init\*(C'\fR again.
+.IP "started/running/active" 4
+.IX Item "started/running/active"
+Once a watcher has been started with a call to \f(CW\*(C`ev_TYPE_start\*(C'\fR it becomes
+property of the event loop, and is actively waiting for events. While in
+this state it cannot be accessed (except in a few documented ways), moved,
+freed or anything else \- the only legal thing is to keep a pointer to it,
+and call libev functions on it that are documented to work on active watchers.
+.IP "pending" 4
+.IX Item "pending"
+If a watcher is active and libev determines that an event it is interested
+in has occurred (such as a timer expiring), it will become pending. It will
+stay in this pending state until either it is stopped or its callback is
+about to be invoked, so it is not normally pending inside the watcher
+callback.
+.Sp
+The watcher might or might not be active while it is pending (for example,
+an expired non-repeating timer can be pending but no longer active). If it
+is stopped, it can be freely accessed (e.g. by calling \f(CW\*(C`ev_TYPE_set\*(C'\fR),
+but it is still property of the event loop at this time, so cannot be
+moved, freed or reused. And if it is active the rules described in the
+previous item still apply.
+.Sp
+It is also possible to feed an event on a watcher that is not active (e.g.
+via \f(CW\*(C`ev_feed_event\*(C'\fR), in which case it becomes pending without being
+active.
+.IP "stopped" 4
+.IX Item "stopped"
+A watcher can be stopped implicitly by libev (in which case it might still
+be pending), or explicitly by calling its \f(CW\*(C`ev_TYPE_stop\*(C'\fR function. The
+latter will clear any pending state the watcher might be in, regardless
+of whether it was active or not, so stopping a watcher explicitly before
+freeing it is often a good idea.
+.Sp
+While stopped (and not pending) the watcher is essentially in the
+initialised state, that is, it can be reused, moved, modified in any way
+you wish (but when you trash the memory block, you need to \f(CW\*(C`ev_TYPE_init\*(C'\fR
+it again).
+.SS "\s-1WATCHER PRIORITY MODELS\s0"
+.IX Subsection "WATCHER PRIORITY MODELS"
+Many event loops support \fIwatcher priorities\fR, which are usually small
+integers that influence the ordering of event callback invocation
+between watchers in some way, all else being equal.
+.PP
+In libev, watcher priorities can be set using \f(CW\*(C`ev_set_priority\*(C'\fR. See its
+description for the more technical details such as the actual priority
+range.
+.PP
+There are two common ways how these these priorities are being interpreted
+by event loops:
+.PP
+In the more common lock-out model, higher priorities \*(L"lock out\*(R" invocation
+of lower priority watchers, which means as long as higher priority
+watchers receive events, lower priority watchers are not being invoked.
+.PP
+The less common only-for-ordering model uses priorities solely to order
+callback invocation within a single event loop iteration: Higher priority
+watchers are invoked before lower priority ones, but they all get invoked
+before polling for new events.
+.PP
+Libev uses the second (only-for-ordering) model for all its watchers
+except for idle watchers (which use the lock-out model).
+.PP
+The rationale behind this is that implementing the lock-out model for
+watchers is not well supported by most kernel interfaces, and most event
+libraries will just poll for the same events again and again as long as
+their callbacks have not been executed, which is very inefficient in the
+common case of one high-priority watcher locking out a mass of lower
+priority ones.
+.PP
+Static (ordering) priorities are most useful when you have two or more
+watchers handling the same resource: a typical usage example is having an
+\&\f(CW\*(C`ev_io\*(C'\fR watcher to receive data, and an associated \f(CW\*(C`ev_timer\*(C'\fR to handle
+timeouts. Under load, data might be received while the program handles
+other jobs, but since timers normally get invoked first, the timeout
+handler will be executed before checking for data. In that case, giving
+the timer a lower priority than the I/O watcher ensures that I/O will be
+handled first even under adverse conditions (which is usually, but not
+always, what you want).
+.PP
+Since idle watchers use the \*(L"lock-out\*(R" model, meaning that idle watchers
+will only be executed when no same or higher priority watchers have
+received events, they can be used to implement the \*(L"lock-out\*(R" model when
+required.
+.PP
+For example, to emulate how many other event libraries handle priorities,
+you can associate an \f(CW\*(C`ev_idle\*(C'\fR watcher to each such watcher, and in
+the normal watcher callback, you just start the idle watcher. The real
+processing is done in the idle watcher callback. This causes libev to
+continuously poll and process kernel event data for the watcher, but when
+the lock-out case is known to be rare (which in turn is rare :), this is
+workable.
+.PP
+Usually, however, the lock-out model implemented that way will perform
+miserably under the type of load it was designed to handle. In that case,
+it might be preferable to stop the real watcher before starting the
+idle watcher, so the kernel will not have to process the event in case
+the actual processing will be delayed for considerable time.
+.PP
+Here is an example of an I/O watcher that should run at a strictly lower
+priority than the default, and which should only process data when no
+other events are pending:
+.PP
+.Vb 2
+\&   ev_idle idle; // actual processing watcher
+\&   ev_io io;     // actual event watcher
+\&
+\&   static void
+\&   io_cb (EV_P_ ev_io *w, int revents)
+\&   {
+\&     // stop the I/O watcher, we received the event, but
+\&     // are not yet ready to handle it.
+\&     ev_io_stop (EV_A_ w);
+\&
+\&     // start the idle watcher to handle the actual event.
+\&     // it will not be executed as long as other watchers
+\&     // with the default priority are receiving events.
+\&     ev_idle_start (EV_A_ &idle);
+\&   }
+\&
+\&   static void
+\&   idle_cb (EV_P_ ev_idle *w, int revents)
+\&   {
+\&     // actual processing
+\&     read (STDIN_FILENO, ...);
+\&
+\&     // have to start the I/O watcher again, as
+\&     // we have handled the event
+\&     ev_io_start (EV_P_ &io);
+\&   }
+\&
+\&   // initialisation
+\&   ev_idle_init (&idle, idle_cb);
+\&   ev_io_init (&io, io_cb, STDIN_FILENO, EV_READ);
+\&   ev_io_start (EV_DEFAULT_ &io);
+.Ve
+.PP
+In the \*(L"real\*(R" world, it might also be beneficial to start a timer, so that
+low-priority connections can not be locked out forever under load. This
+enables your program to keep a lower latency for important connections
+during short periods of high load, while not completely locking out less
+important ones.
+.SH "WATCHER TYPES"
+.IX Header "WATCHER TYPES"
+This section describes each watcher in detail, but will not repeat
+information given in the last section. Any initialisation/set macros,
+functions and members specific to the watcher type are explained.
+.PP
+Most members are additionally marked with either \fI[read\-only]\fR, meaning
+that, while the watcher is active, you can look at the member and expect
+some sensible content, but you must not modify it (you can modify it while
+the watcher is stopped to your hearts content), or \fI[read\-write]\fR, which
+means you can expect it to have some sensible content while the watcher is
+active, but you can also modify it (within the same thread as the event
+loop, i.e. without creating data races). Modifying it may not do something
+sensible or take immediate effect (or do anything at all), but libev will
+not crash or malfunction in any way.
+.PP
+In any case, the documentation for each member will explain what the
+effects are, and if there are any additional access restrictions.
+.ie n .SS """ev_io"" \- is this file descriptor readable or writable?"
+.el .SS "\f(CWev_io\fP \- is this file descriptor readable or writable?"
+.IX Subsection "ev_io - is this file descriptor readable or writable?"
+I/O watchers check whether a file descriptor is readable or writable
+in each iteration of the event loop, or, more precisely, when reading
+would not block the process and writing would at least be able to write
+some data. This behaviour is called level-triggering because you keep
+receiving events as long as the condition persists. Remember you can stop
+the watcher if you don't want to act on the event and neither want to
+receive future events.
+.PP
+In general you can register as many read and/or write event watchers per
+fd as you want (as long as you don't confuse yourself). Setting all file
+descriptors to non-blocking mode is also usually a good idea (but not
+required if you know what you are doing).
+.PP
+Another thing you have to watch out for is that it is quite easy to
+receive \*(L"spurious\*(R" readiness notifications, that is, your callback might
+be called with \f(CW\*(C`EV_READ\*(C'\fR but a subsequent \f(CW\*(C`read\*(C'\fR(2) will actually block
+because there is no data. It is very easy to get into this situation even
+with a relatively standard program structure. Thus it is best to always
+use non-blocking I/O: An extra \f(CW\*(C`read\*(C'\fR(2) returning \f(CW\*(C`EAGAIN\*(C'\fR is far
+preferable to a program hanging until some data arrives.
+.PP
+If you cannot run the fd in non-blocking mode (for example you should
+not play around with an Xlib connection), then you have to separately
+re-test whether a file descriptor is really ready with a known-to-be good
+interface such as poll (fortunately in the case of Xlib, it already does
+this on its own, so its quite safe to use). Some people additionally
+use \f(CW\*(C`SIGALRM\*(C'\fR and an interval timer, just to be sure you won't block
+indefinitely.
+.PP
+But really, best use non-blocking mode.
+.PP
+\fIThe special problem of disappearing file descriptors\fR
+.IX Subsection "The special problem of disappearing file descriptors"
+.PP
+Some backends (e.g. kqueue, epoll, linuxaio) need to be told about closing
+a file descriptor (either due to calling \f(CW\*(C`close\*(C'\fR explicitly or any other
+means, such as \f(CW\*(C`dup2\*(C'\fR). The reason is that you register interest in some
+file descriptor, but when it goes away, the operating system will silently
+drop this interest. If another file descriptor with the same number then
+is registered with libev, there is no efficient way to see that this is,
+in fact, a different file descriptor.
+.PP
+To avoid having to explicitly tell libev about such cases, libev follows
+the following policy:  Each time \f(CW\*(C`ev_io_set\*(C'\fR is being called, libev
+will assume that this is potentially a new file descriptor, otherwise
+it is assumed that the file descriptor stays the same. That means that
+you \fIhave\fR to call \f(CW\*(C`ev_io_set\*(C'\fR (or \f(CW\*(C`ev_io_init\*(C'\fR) when you change the
+descriptor even if the file descriptor number itself did not change.
+.PP
+This is how one would do it normally anyway, the important point is that
+the libev application should not optimise around libev but should leave
+optimisations to libev.
+.PP
+\fIThe special problem of dup'ed file descriptors\fR
+.IX Subsection "The special problem of dup'ed file descriptors"
+.PP
+Some backends (e.g. epoll), cannot register events for file descriptors,
+but only events for the underlying file descriptions. That means when you
+have \f(CW\*(C`dup ()\*(C'\fR'ed file descriptors or weirder constellations, and register
+events for them, only one file descriptor might actually receive events.
+.PP
+There is no workaround possible except not registering events
+for potentially \f(CW\*(C`dup ()\*(C'\fR'ed file descriptors, or to resort to
+\&\f(CW\*(C`EVBACKEND_SELECT\*(C'\fR or \f(CW\*(C`EVBACKEND_POLL\*(C'\fR.
+.PP
+\fIThe special problem of files\fR
+.IX Subsection "The special problem of files"
+.PP
+Many people try to use \f(CW\*(C`select\*(C'\fR (or libev) on file descriptors
+representing files, and expect it to become ready when their program
+doesn't block on disk accesses (which can take a long time on their own).
+.PP
+However, this cannot ever work in the \*(L"expected\*(R" way \- you get a readiness
+notification as soon as the kernel knows whether and how much data is
+there, and in the case of open files, that's always the case, so you
+always get a readiness notification instantly, and your read (or possibly
+write) will still block on the disk I/O.
+.PP
+Another way to view it is that in the case of sockets, pipes, character
+devices and so on, there is another party (the sender) that delivers data
+on its own, but in the case of files, there is no such thing: the disk
+will not send data on its own, simply because it doesn't know what you
+wish to read \- you would first have to request some data.
+.PP
+Since files are typically not-so-well supported by advanced notification
+mechanism, libev tries hard to emulate \s-1POSIX\s0 behaviour with respect
+to files, even though you should not use it. The reason for this is
+convenience: sometimes you want to watch \s-1STDIN\s0 or \s-1STDOUT,\s0 which is
+usually a tty, often a pipe, but also sometimes files or special devices
+(for example, \f(CW\*(C`epoll\*(C'\fR on Linux works with \fI/dev/random\fR but not with
+\&\fI/dev/urandom\fR), and even though the file might better be served with
+asynchronous I/O instead of with non-blocking I/O, it is still useful when
+it \*(L"just works\*(R" instead of freezing.
+.PP
+So avoid file descriptors pointing to files when you know it (e.g. use
+libeio), but use them when it is convenient, e.g. for \s-1STDIN/STDOUT,\s0 or
+when you rarely read from a file instead of from a socket, and want to
+reuse the same code path.
+.PP
+\fIThe special problem of fork\fR
+.IX Subsection "The special problem of fork"
+.PP
+Some backends (epoll, kqueue, linuxaio, iouring) do not support \f(CW\*(C`fork ()\*(C'\fR
+at all or exhibit useless behaviour. Libev fully supports fork, but needs
+to be told about it in the child if you want to continue to use it in the
+child.
+.PP
+To support fork in your child processes, you have to call \f(CW\*(C`ev_loop_fork
+()\*(C'\fR after a fork in the child, enable \f(CW\*(C`EVFLAG_FORKCHECK\*(C'\fR, or resort to
+\&\f(CW\*(C`EVBACKEND_SELECT\*(C'\fR or \f(CW\*(C`EVBACKEND_POLL\*(C'\fR.
+.PP
+\fIThe special problem of \s-1SIGPIPE\s0\fR
+.IX Subsection "The special problem of SIGPIPE"
+.PP
+While not really specific to libev, it is easy to forget about \f(CW\*(C`SIGPIPE\*(C'\fR:
+when writing to a pipe whose other end has been closed, your program gets
+sent a \s-1SIGPIPE,\s0 which, by default, aborts your program. For most programs
+this is sensible behaviour, for daemons, this is usually undesirable.
+.PP
+So when you encounter spurious, unexplained daemon exits, make sure you
+ignore \s-1SIGPIPE\s0 (and maybe make sure you log the exit status of your daemon
+somewhere, as that would have given you a big clue).
+.PP
+\fIThe special problem of \f(BIaccept()\fIing when you can't\fR
+.IX Subsection "The special problem of accept()ing when you can't"
+.PP
+Many implementations of the \s-1POSIX\s0 \f(CW\*(C`accept\*(C'\fR function (for example,
+found in post\-2004 Linux) have the peculiar behaviour of not removing a
+connection from the pending queue in all error cases.
+.PP
+For example, larger servers often run out of file descriptors (because
+of resource limits), causing \f(CW\*(C`accept\*(C'\fR to fail with \f(CW\*(C`ENFILE\*(C'\fR but not
+rejecting the connection, leading to libev signalling readiness on
+the next iteration again (the connection still exists after all), and
+typically causing the program to loop at 100% \s-1CPU\s0 usage.
+.PP
+Unfortunately, the set of errors that cause this issue differs between
+operating systems, there is usually little the app can do to remedy the
+situation, and no known thread-safe method of removing the connection to
+cope with overload is known (to me).
+.PP
+One of the easiest ways to handle this situation is to just ignore it
+\&\- when the program encounters an overload, it will just loop until the
+situation is over. While this is a form of busy waiting, no \s-1OS\s0 offers an
+event-based way to handle this situation, so it's the best one can do.
+.PP
+A better way to handle the situation is to log any errors other than
+\&\f(CW\*(C`EAGAIN\*(C'\fR and \f(CW\*(C`EWOULDBLOCK\*(C'\fR, making sure not to flood the log with such
+messages, and continue as usual, which at least gives the user an idea of
+what could be wrong (\*(L"raise the ulimit!\*(R"). For extra points one could stop
+the \f(CW\*(C`ev_io\*(C'\fR watcher on the listening fd \*(L"for a while\*(R", which reduces \s-1CPU\s0
+usage.
+.PP
+If your program is single-threaded, then you could also keep a dummy file
+descriptor for overload situations (e.g. by opening \fI/dev/null\fR), and
+when you run into \f(CW\*(C`ENFILE\*(C'\fR or \f(CW\*(C`EMFILE\*(C'\fR, close it, run \f(CW\*(C`accept\*(C'\fR,
+close that fd, and create a new dummy fd. This will gracefully refuse
+clients under typical overload conditions.
+.PP
+The last way to handle it is to simply log the error and \f(CW\*(C`exit\*(C'\fR, as
+is often done with \f(CW\*(C`malloc\*(C'\fR failures, but this results in an easy
+opportunity for a DoS attack.
+.PP
+\fIWatcher-Specific Functions\fR
+.IX Subsection "Watcher-Specific Functions"
+.IP "ev_io_init (ev_io *, callback, int fd, int events)" 4
+.IX Item "ev_io_init (ev_io *, callback, int fd, int events)"
+.PD 0
+.IP "ev_io_set (ev_io *, int fd, int events)" 4
+.IX Item "ev_io_set (ev_io *, int fd, int events)"
+.PD
+Configures an \f(CW\*(C`ev_io\*(C'\fR watcher. The \f(CW\*(C`fd\*(C'\fR is the file descriptor to
+receive events for and \f(CW\*(C`events\*(C'\fR is either \f(CW\*(C`EV_READ\*(C'\fR, \f(CW\*(C`EV_WRITE\*(C'\fR, both
+\&\f(CW\*(C`EV_READ | EV_WRITE\*(C'\fR or \f(CW0\fR, to express the desire to receive the given
+events.
+.Sp
+Note that setting the \f(CW\*(C`events\*(C'\fR to \f(CW0\fR and starting the watcher is
+supported, but not specially optimized \- if your program sometimes happens
+to generate this combination this is fine, but if it is easy to avoid
+starting an io watcher watching for no events you should do so.
+.IP "ev_io_modify (ev_io *, int events)" 4
+.IX Item "ev_io_modify (ev_io *, int events)"
+Similar to \f(CW\*(C`ev_io_set\*(C'\fR, but only changes the requested events. Using this
+might be faster with some backends, as libev can assume that the \f(CW\*(C`fd\*(C'\fR
+still refers to the same underlying file description, something it cannot
+do when using \f(CW\*(C`ev_io_set\*(C'\fR.
+.IP "int fd [no\-modify]" 4
+.IX Item "int fd [no-modify]"
+The file descriptor being watched. While it can be read at any time, you
+must not modify this member even when the watcher is stopped \- always use
+\&\f(CW\*(C`ev_io_set\*(C'\fR for that.
+.IP "int events [no\-modify]" 4
+.IX Item "int events [no-modify]"
+The set of events the fd is being watched for, among other flags. Remember
+that this is a bit set \- to test for \f(CW\*(C`EV_READ\*(C'\fR, use \f(CW\*(C`w\->events &
+EV_READ\*(C'\fR, and similarly for \f(CW\*(C`EV_WRITE\*(C'\fR.
+.Sp
+As with \f(CW\*(C`fd\*(C'\fR, you must not modify this member even when the watcher is
+stopped, always use \f(CW\*(C`ev_io_set\*(C'\fR or \f(CW\*(C`ev_io_modify\*(C'\fR for that.
+.PP
+\fIExamples\fR
+.IX Subsection "Examples"
+.PP
+Example: Call \f(CW\*(C`stdin_readable_cb\*(C'\fR when \s-1STDIN_FILENO\s0 has become, well
+readable, but only once. Since it is likely line-buffered, you could
+attempt to read a whole line in the callback.
+.PP
+.Vb 6
+\&   static void
+\&   stdin_readable_cb (struct ev_loop *loop, ev_io *w, int revents)
+\&   {
+\&      ev_io_stop (loop, w);
+\&     .. read from stdin here (or from w\->fd) and handle any I/O errors
+\&   }
+\&
+\&   ...
+\&   struct ev_loop *loop = ev_default_init (0);
+\&   ev_io stdin_readable;
+\&   ev_io_init (&stdin_readable, stdin_readable_cb, STDIN_FILENO, EV_READ);
+\&   ev_io_start (loop, &stdin_readable);
+\&   ev_run (loop, 0);
+.Ve
+.ie n .SS """ev_timer"" \- relative and optionally repeating timeouts"
+.el .SS "\f(CWev_timer\fP \- relative and optionally repeating timeouts"
+.IX Subsection "ev_timer - relative and optionally repeating timeouts"
+Timer watchers are simple relative timers that generate an event after a
+given time, and optionally repeating in regular intervals after that.
+.PP
+The timers are based on real time, that is, if you register an event that
+times out after an hour and you reset your system clock to January last
+year, it will still time out after (roughly) one hour. \*(L"Roughly\*(R" because
+detecting time jumps is hard, and some inaccuracies are unavoidable (the
+monotonic clock option helps a lot here).
+.PP
+The callback is guaranteed to be invoked only \fIafter\fR its timeout has
+passed (not \fIat\fR, so on systems with very low-resolution clocks this
+might introduce a small delay, see \*(L"the special problem of being too
+early\*(R", below). If multiple timers become ready during the same loop
+iteration then the ones with earlier time-out values are invoked before
+ones of the same priority with later time-out values (but this is no
+longer true when a callback calls \f(CW\*(C`ev_run\*(C'\fR recursively).
+.PP
+\fIBe smart about timeouts\fR
+.IX Subsection "Be smart about timeouts"
+.PP
+Many real-world problems involve some kind of timeout, usually for error
+recovery. A typical example is an \s-1HTTP\s0 request \- if the other side hangs,
+you want to raise some error after a while.
+.PP
+What follows are some ways to handle this problem, from obvious and
+inefficient to smart and efficient.
+.PP
+In the following, a 60 second activity timeout is assumed \- a timeout that
+gets reset to 60 seconds each time there is activity (e.g. each time some
+data or other life sign was received).
+.IP "1. Use a timer and stop, reinitialise and start it on activity." 4
+.IX Item "1. Use a timer and stop, reinitialise and start it on activity."
+This is the most obvious, but not the most simple way: In the beginning,
+start the watcher:
+.Sp
+.Vb 2
+\&   ev_timer_init (timer, callback, 60., 0.);
+\&   ev_timer_start (loop, timer);
+.Ve
+.Sp
+Then, each time there is some activity, \f(CW\*(C`ev_timer_stop\*(C'\fR it, initialise it
+and start it again:
+.Sp
+.Vb 3
+\&   ev_timer_stop (loop, timer);
+\&   ev_timer_set (timer, 60., 0.);
+\&   ev_timer_start (loop, timer);
+.Ve
+.Sp
+This is relatively simple to implement, but means that each time there is
+some activity, libev will first have to remove the timer from its internal
+data structure and then add it again. Libev tries to be fast, but it's
+still not a constant-time operation.
+.ie n .IP "2. Use a timer and re-start it with ""ev_timer_again"" inactivity." 4
+.el .IP "2. Use a timer and re-start it with \f(CWev_timer_again\fR inactivity." 4
+.IX Item "2. Use a timer and re-start it with ev_timer_again inactivity."
+This is the easiest way, and involves using \f(CW\*(C`ev_timer_again\*(C'\fR instead of
+\&\f(CW\*(C`ev_timer_start\*(C'\fR.
+.Sp
+To implement this, configure an \f(CW\*(C`ev_timer\*(C'\fR with a \f(CW\*(C`repeat\*(C'\fR value
+of \f(CW60\fR and then call \f(CW\*(C`ev_timer_again\*(C'\fR at start and each time you
+successfully read or write some data. If you go into an idle state where
+you do not expect data to travel on the socket, you can \f(CW\*(C`ev_timer_stop\*(C'\fR
+the timer, and \f(CW\*(C`ev_timer_again\*(C'\fR will automatically restart it if need be.
+.Sp
+That means you can ignore both the \f(CW\*(C`ev_timer_start\*(C'\fR function and the
+\&\f(CW\*(C`after\*(C'\fR argument to \f(CW\*(C`ev_timer_set\*(C'\fR, and only ever use the \f(CW\*(C`repeat\*(C'\fR
+member and \f(CW\*(C`ev_timer_again\*(C'\fR.
+.Sp
+At start:
+.Sp
+.Vb 3
+\&   ev_init (timer, callback);
+\&   timer\->repeat = 60.;
+\&   ev_timer_again (loop, timer);
+.Ve
+.Sp
+Each time there is some activity:
+.Sp
+.Vb 1
+\&   ev_timer_again (loop, timer);
+.Ve
+.Sp
+It is even possible to change the time-out on the fly, regardless of
+whether the watcher is active or not:
+.Sp
+.Vb 2
+\&   timer\->repeat = 30.;
+\&   ev_timer_again (loop, timer);
+.Ve
+.Sp
+This is slightly more efficient then stopping/starting the timer each time
+you want to modify its timeout value, as libev does not have to completely
+remove and re-insert the timer from/into its internal data structure.
+.Sp
+It is, however, even simpler than the \*(L"obvious\*(R" way to do it.
+.IP "3. Let the timer time out, but then re-arm it as required." 4
+.IX Item "3. Let the timer time out, but then re-arm it as required."
+This method is more tricky, but usually most efficient: Most timeouts are
+relatively long compared to the intervals between other activity \- in
+our example, within 60 seconds, there are usually many I/O events with
+associated activity resets.
+.Sp
+In this case, it would be more efficient to leave the \f(CW\*(C`ev_timer\*(C'\fR alone,
+but remember the time of last activity, and check for a real timeout only
+within the callback:
+.Sp
+.Vb 3
+\&   ev_tstamp timeout = 60.;
+\&   ev_tstamp last_activity; // time of last activity
+\&   ev_timer timer;
+\&
+\&   static void
+\&   callback (EV_P_ ev_timer *w, int revents)
+\&   {
+\&     // calculate when the timeout would happen
+\&     ev_tstamp after = last_activity \- ev_now (EV_A) + timeout;
+\&
+\&     // if negative, it means we the timeout already occurred
+\&     if (after < 0.)
+\&       {
+\&         // timeout occurred, take action
+\&       }
+\&     else
+\&       {
+\&         // callback was invoked, but there was some recent 
+\&         // activity. simply restart the timer to time out
+\&         // after "after" seconds, which is the earliest time
+\&         // the timeout can occur.
+\&         ev_timer_set (w, after, 0.);
+\&         ev_timer_start (EV_A_ w);
+\&       }
+\&   }
+.Ve
+.Sp
+To summarise the callback: first calculate in how many seconds the
+timeout will occur (by calculating the absolute time when it would occur,
+\&\f(CW\*(C`last_activity + timeout\*(C'\fR, and subtracting the current time, \f(CW\*(C`ev_now
+(EV_A)\*(C'\fR from that).
+.Sp
+If this value is negative, then we are already past the timeout, i.e. we
+timed out, and need to do whatever is needed in this case.
+.Sp
+Otherwise, we now the earliest time at which the timeout would trigger,
+and simply start the timer with this timeout value.
+.Sp
+In other words, each time the callback is invoked it will check whether
+the timeout occurred. If not, it will simply reschedule itself to check
+again at the earliest time it could time out. Rinse. Repeat.
+.Sp
+This scheme causes more callback invocations (about one every 60 seconds
+minus half the average time between activity), but virtually no calls to
+libev to change the timeout.
+.Sp
+To start the machinery, simply initialise the watcher and set
+\&\f(CW\*(C`last_activity\*(C'\fR to the current time (meaning there was some activity just
+now), then call the callback, which will \*(L"do the right thing\*(R" and start
+the timer:
+.Sp
+.Vb 3
+\&   last_activity = ev_now (EV_A);
+\&   ev_init (&timer, callback);
+\&   callback (EV_A_ &timer, 0);
+.Ve
+.Sp
+When there is some activity, simply store the current time in
+\&\f(CW\*(C`last_activity\*(C'\fR, no libev calls at all:
+.Sp
+.Vb 2
+\&   if (activity detected)
+\&     last_activity = ev_now (EV_A);
+.Ve
+.Sp
+When your timeout value changes, then the timeout can be changed by simply
+providing a new value, stopping the timer and calling the callback, which
+will again do the right thing (for example, time out immediately :).
+.Sp
+.Vb 3
+\&   timeout = new_value;
+\&   ev_timer_stop (EV_A_ &timer);
+\&   callback (EV_A_ &timer, 0);
+.Ve
+.Sp
+This technique is slightly more complex, but in most cases where the
+time-out is unlikely to be triggered, much more efficient.
+.IP "4. Wee, just use a double-linked list for your timeouts." 4
+.IX Item "4. Wee, just use a double-linked list for your timeouts."
+If there is not one request, but many thousands (millions...), all
+employing some kind of timeout with the same timeout value, then one can
+do even better:
+.Sp
+When starting the timeout, calculate the timeout value and put the timeout
+at the \fIend\fR of the list.
+.Sp
+Then use an \f(CW\*(C`ev_timer\*(C'\fR to fire when the timeout at the \fIbeginning\fR of
+the list is expected to fire (for example, using the technique #3).
+.Sp
+When there is some activity, remove the timer from the list, recalculate
+the timeout, append it to the end of the list again, and make sure to
+update the \f(CW\*(C`ev_timer\*(C'\fR if it was taken from the beginning of the list.
+.Sp
+This way, one can manage an unlimited number of timeouts in O(1) time for
+starting, stopping and updating the timers, at the expense of a major
+complication, and having to use a constant timeout. The constant timeout
+ensures that the list stays sorted.
+.PP
+So which method the best?
+.PP
+Method #2 is a simple no-brain-required solution that is adequate in most
+situations. Method #3 requires a bit more thinking, but handles many cases
+better, and isn't very complicated either. In most case, choosing either
+one is fine, with #3 being better in typical situations.
+.PP
+Method #1 is almost always a bad idea, and buys you nothing. Method #4 is
+rather complicated, but extremely efficient, something that really pays
+off after the first million or so of active timers, i.e. it's usually
+overkill :)
+.PP
+\fIThe special problem of being too early\fR
+.IX Subsection "The special problem of being too early"
+.PP
+If you ask a timer to call your callback after three seconds, then
+you expect it to be invoked after three seconds \- but of course, this
+cannot be guaranteed to infinite precision. Less obviously, it cannot be
+guaranteed to any precision by libev \- imagine somebody suspending the
+process with a \s-1STOP\s0 signal for a few hours for example.
+.PP
+So, libev tries to invoke your callback as soon as possible \fIafter\fR the
+delay has occurred, but cannot guarantee this.
+.PP
+A less obvious failure mode is calling your callback too early: many event
+loops compare timestamps with a \*(L"elapsed delay >= requested delay\*(R", but
+this can cause your callback to be invoked much earlier than you would
+expect.
+.PP
+To see why, imagine a system with a clock that only offers full second
+resolution (think windows if you can't come up with a broken enough \s-1OS\s0
+yourself). If you schedule a one-second timer at the time 500.9, then the
+event loop will schedule your timeout to elapse at a system time of 500
+(500.9 truncated to the resolution) + 1, or 501.
+.PP
+If an event library looks at the timeout 0.1s later, it will see \*(L"501 >=
+501\*(R" and invoke the callback 0.1s after it was started, even though a
+one-second delay was requested \- this is being \*(L"too early\*(R", despite best
+intentions.
+.PP
+This is the reason why libev will never invoke the callback if the elapsed
+delay equals the requested delay, but only when the elapsed delay is
+larger than the requested delay. In the example above, libev would only invoke
+the callback at system time 502, or 1.1s after the timer was started.
+.PP
+So, while libev cannot guarantee that your callback will be invoked
+exactly when requested, it \fIcan\fR and \fIdoes\fR guarantee that the requested
+delay has actually elapsed, or in other words, it always errs on the \*(L"too
+late\*(R" side of things.
+.PP
+\fIThe special problem of time updates\fR
+.IX Subsection "The special problem of time updates"
+.PP
+Establishing the current time is a costly operation (it usually takes
+at least one system call): \s-1EV\s0 therefore updates its idea of the current
+time only before and after \f(CW\*(C`ev_run\*(C'\fR collects new events, which causes a
+growing difference between \f(CW\*(C`ev_now ()\*(C'\fR and \f(CW\*(C`ev_time ()\*(C'\fR when handling
+lots of events in one iteration.
+.PP
+The relative timeouts are calculated relative to the \f(CW\*(C`ev_now ()\*(C'\fR
+time. This is usually the right thing as this timestamp refers to the time
+of the event triggering whatever timeout you are modifying/starting. If
+you suspect event processing to be delayed and you \fIneed\fR to base the
+timeout on the current time, use something like the following to adjust
+for it:
+.PP
+.Vb 1
+\&   ev_timer_set (&timer, after + (ev_time () \- ev_now ()), 0.);
+.Ve
+.PP
+If the event loop is suspended for a long time, you can also force an
+update of the time returned by \f(CW\*(C`ev_now ()\*(C'\fR by calling \f(CW\*(C`ev_now_update
+()\*(C'\fR, although that will push the event time of all outstanding events
+further into the future.
+.PP
+\fIThe special problem of unsynchronised clocks\fR
+.IX Subsection "The special problem of unsynchronised clocks"
+.PP
+Modern systems have a variety of clocks \- libev itself uses the normal
+\&\*(L"wall clock\*(R" clock and, if available, the monotonic clock (to avoid time
+jumps).
+.PP
+Neither of these clocks is synchronised with each other or any other clock
+on the system, so \f(CW\*(C`ev_time ()\*(C'\fR might return a considerably different time
+than \f(CW\*(C`gettimeofday ()\*(C'\fR or \f(CW\*(C`time ()\*(C'\fR. On a GNU/Linux system, for example,
+a call to \f(CW\*(C`gettimeofday\*(C'\fR might return a second count that is one higher
+than a directly following call to \f(CW\*(C`time\*(C'\fR.
+.PP
+The moral of this is to only compare libev-related timestamps with
+\&\f(CW\*(C`ev_time ()\*(C'\fR and \f(CW\*(C`ev_now ()\*(C'\fR, at least if you want better precision than
+a second or so.
+.PP
+One more problem arises due to this lack of synchronisation: if libev uses
+the system monotonic clock and you compare timestamps from \f(CW\*(C`ev_time\*(C'\fR
+or \f(CW\*(C`ev_now\*(C'\fR from when you started your timer and when your callback is
+invoked, you will find that sometimes the callback is a bit \*(L"early\*(R".
+.PP
+This is because \f(CW\*(C`ev_timer\*(C'\fRs work in real time, not wall clock time, so
+libev makes sure your callback is not invoked before the delay happened,
+\&\fImeasured according to the real time\fR, not the system clock.
+.PP
+If your timeouts are based on a physical timescale (e.g. \*(L"time out this
+connection after 100 seconds\*(R") then this shouldn't bother you as it is
+exactly the right behaviour.
+.PP
+If you want to compare wall clock/system timestamps to your timers, then
+you need to use \f(CW\*(C`ev_periodic\*(C'\fRs, as these are based on the wall clock
+time, where your comparisons will always generate correct results.
+.PP
+\fIThe special problems of suspended animation\fR
+.IX Subsection "The special problems of suspended animation"
+.PP
+When you leave the server world it is quite customary to hit machines that
+can suspend/hibernate \- what happens to the clocks during such a suspend?
+.PP
+Some quick tests made with a Linux 2.6.28 indicate that a suspend freezes
+all processes, while the clocks (\f(CW\*(C`times\*(C'\fR, \f(CW\*(C`CLOCK_MONOTONIC\*(C'\fR) continue
+to run until the system is suspended, but they will not advance while the
+system is suspended. That means, on resume, it will be as if the program
+was frozen for a few seconds, but the suspend time will not be counted
+towards \f(CW\*(C`ev_timer\*(C'\fR when a monotonic clock source is used. The real time
+clock advanced as expected, but if it is used as sole clocksource, then a
+long suspend would be detected as a time jump by libev, and timers would
+be adjusted accordingly.
+.PP
+I would not be surprised to see different behaviour in different between
+operating systems, \s-1OS\s0 versions or even different hardware.
+.PP
+The other form of suspend (job control, or sending a \s-1SIGSTOP\s0) will see a
+time jump in the monotonic clocks and the realtime clock. If the program
+is suspended for a very long time, and monotonic clock sources are in use,
+then you can expect \f(CW\*(C`ev_timer\*(C'\fRs to expire as the full suspension time
+will be counted towards the timers. When no monotonic clock source is in
+use, then libev will again assume a timejump and adjust accordingly.
+.PP
+It might be beneficial for this latter case to call \f(CW\*(C`ev_suspend\*(C'\fR
+and \f(CW\*(C`ev_resume\*(C'\fR in code that handles \f(CW\*(C`SIGTSTP\*(C'\fR, to at least get
+deterministic behaviour in this case (you can do nothing against
+\&\f(CW\*(C`SIGSTOP\*(C'\fR).
+.PP
+\fIWatcher-Specific Functions and Data Members\fR
+.IX Subsection "Watcher-Specific Functions and Data Members"
+.IP "ev_timer_init (ev_timer *, callback, ev_tstamp after, ev_tstamp repeat)" 4
+.IX Item "ev_timer_init (ev_timer *, callback, ev_tstamp after, ev_tstamp repeat)"
+.PD 0
+.IP "ev_timer_set (ev_timer *, ev_tstamp after, ev_tstamp repeat)" 4
+.IX Item "ev_timer_set (ev_timer *, ev_tstamp after, ev_tstamp repeat)"
+.PD
+Configure the timer to trigger after \f(CW\*(C`after\*(C'\fR seconds (fractional and
+negative values are supported). If \f(CW\*(C`repeat\*(C'\fR is \f(CW0.\fR, then it will
+automatically be stopped once the timeout is reached. If it is positive,
+then the timer will automatically be configured to trigger again \f(CW\*(C`repeat\*(C'\fR
+seconds later, again, and again, until stopped manually.
+.Sp
+The timer itself will do a best-effort at avoiding drift, that is, if
+you configure a timer to trigger every 10 seconds, then it will normally
+trigger at exactly 10 second intervals. If, however, your program cannot
+keep up with the timer (because it takes longer than those 10 seconds to
+do stuff) the timer will not fire more than once per event loop iteration.
+.IP "ev_timer_again (loop, ev_timer *)" 4
+.IX Item "ev_timer_again (loop, ev_timer *)"
+This will act as if the timer timed out, and restarts it again if it is
+repeating. It basically works like calling \f(CW\*(C`ev_timer_stop\*(C'\fR, updating the
+timeout to the \f(CW\*(C`repeat\*(C'\fR value and calling \f(CW\*(C`ev_timer_start\*(C'\fR.
+.Sp
+The exact semantics are as in the following rules, all of which will be
+applied to the watcher:
+.RS 4
+.IP "If the timer is pending, the pending status is always cleared." 4
+.IX Item "If the timer is pending, the pending status is always cleared."
+.PD 0
+.IP "If the timer is started but non-repeating, stop it (as if it timed out, without invoking it)." 4
+.IX Item "If the timer is started but non-repeating, stop it (as if it timed out, without invoking it)."
+.ie n .IP "If the timer is repeating, make the ""repeat"" value the new timeout and start the timer, if necessary." 4
+.el .IP "If the timer is repeating, make the \f(CWrepeat\fR value the new timeout and start the timer, if necessary." 4
+.IX Item "If the timer is repeating, make the repeat value the new timeout and start the timer, if necessary."
+.RE
+.RS 4
+.PD
+.Sp
+This sounds a bit complicated, see \*(L"Be smart about timeouts\*(R", above, for a
+usage example.
+.RE
+.IP "ev_tstamp ev_timer_remaining (loop, ev_timer *)" 4
+.IX Item "ev_tstamp ev_timer_remaining (loop, ev_timer *)"
+Returns the remaining time until a timer fires. If the timer is active,
+then this time is relative to the current event loop time, otherwise it's
+the timeout value currently configured.
+.Sp
+That is, after an \f(CW\*(C`ev_timer_set (w, 5, 7)\*(C'\fR, \f(CW\*(C`ev_timer_remaining\*(C'\fR returns
+\&\f(CW5\fR. When the timer is started and one second passes, \f(CW\*(C`ev_timer_remaining\*(C'\fR
+will return \f(CW4\fR. When the timer expires and is restarted, it will return
+roughly \f(CW7\fR (likely slightly less as callback invocation takes some time,
+too), and so on.
+.IP "ev_tstamp repeat [read\-write]" 4
+.IX Item "ev_tstamp repeat [read-write]"
+The current \f(CW\*(C`repeat\*(C'\fR value. Will be used each time the watcher times out
+or \f(CW\*(C`ev_timer_again\*(C'\fR is called, and determines the next timeout (if any),
+which is also when any modifications are taken into account.
+.PP
+\fIExamples\fR
+.IX Subsection "Examples"
+.PP
+Example: Create a timer that fires after 60 seconds.
+.PP
+.Vb 5
+\&   static void
+\&   one_minute_cb (struct ev_loop *loop, ev_timer *w, int revents)
+\&   {
+\&     .. one minute over, w is actually stopped right here
+\&   }
+\&
+\&   ev_timer mytimer;
+\&   ev_timer_init (&mytimer, one_minute_cb, 60., 0.);
+\&   ev_timer_start (loop, &mytimer);
+.Ve
+.PP
+Example: Create a timeout timer that times out after 10 seconds of
+inactivity.
+.PP
+.Vb 5
+\&   static void
+\&   timeout_cb (struct ev_loop *loop, ev_timer *w, int revents)
+\&   {
+\&     .. ten seconds without any activity
+\&   }
+\&
+\&   ev_timer mytimer;
+\&   ev_timer_init (&mytimer, timeout_cb, 0., 10.); /* note, only repeat used */
+\&   ev_timer_again (&mytimer); /* start timer */
+\&   ev_run (loop, 0);
+\&
+\&   // and in some piece of code that gets executed on any "activity":
+\&   // reset the timeout to start ticking again at 10 seconds
+\&   ev_timer_again (&mytimer);
+.Ve
+.ie n .SS """ev_periodic"" \- to cron or not to cron?"
+.el .SS "\f(CWev_periodic\fP \- to cron or not to cron?"
+.IX Subsection "ev_periodic - to cron or not to cron?"
+Periodic watchers are also timers of a kind, but they are very versatile
+(and unfortunately a bit complex).
+.PP
+Unlike \f(CW\*(C`ev_timer\*(C'\fR, periodic watchers are not based on real time (or
+relative time, the physical time that passes) but on wall clock time
+(absolute time, the thing you can read on your calendar or clock). The
+difference is that wall clock time can run faster or slower than real
+time, and time jumps are not uncommon (e.g. when you adjust your
+wrist-watch).
+.PP
+You can tell a periodic watcher to trigger after some specific point
+in time: for example, if you tell a periodic watcher to trigger \*(L"in 10
+seconds\*(R" (by specifying e.g. \f(CW\*(C`ev_now () + 10.\*(C'\fR, that is, an absolute time
+not a delay) and then reset your system clock to January of the previous
+year, then it will take a year or more to trigger the event (unlike an
+\&\f(CW\*(C`ev_timer\*(C'\fR, which would still trigger roughly 10 seconds after starting
+it, as it uses a relative timeout).
+.PP
+\&\f(CW\*(C`ev_periodic\*(C'\fR watchers can also be used to implement vastly more complex
+timers, such as triggering an event on each \*(L"midnight, local time\*(R", or
+other complicated rules. This cannot easily be done with \f(CW\*(C`ev_timer\*(C'\fR
+watchers, as those cannot react to time jumps.
+.PP
+As with timers, the callback is guaranteed to be invoked only when the
+point in time where it is supposed to trigger has passed. If multiple
+timers become ready during the same loop iteration then the ones with
+earlier time-out values are invoked before ones with later time-out values
+(but this is no longer true when a callback calls \f(CW\*(C`ev_run\*(C'\fR recursively).
+.PP
+\fIWatcher-Specific Functions and Data Members\fR
+.IX Subsection "Watcher-Specific Functions and Data Members"
+.IP "ev_periodic_init (ev_periodic *, callback, ev_tstamp offset, ev_tstamp interval, reschedule_cb)" 4
+.IX Item "ev_periodic_init (ev_periodic *, callback, ev_tstamp offset, ev_tstamp interval, reschedule_cb)"
+.PD 0
+.IP "ev_periodic_set (ev_periodic *, ev_tstamp offset, ev_tstamp interval, reschedule_cb)" 4
+.IX Item "ev_periodic_set (ev_periodic *, ev_tstamp offset, ev_tstamp interval, reschedule_cb)"
+.PD
+Lots of arguments, let's sort it out... There are basically three modes of
+operation, and we will explain them from simplest to most complex:
+.RS 4
+.IP "\(bu" 4
+absolute timer (offset = absolute time, interval = 0, reschedule_cb = 0)
+.Sp
+In this configuration the watcher triggers an event after the wall clock
+time \f(CW\*(C`offset\*(C'\fR has passed. It will not repeat and will not adjust when a
+time jump occurs, that is, if it is to be run at January 1st 2011 then it
+will be stopped and invoked when the system clock reaches or surpasses
+this point in time.
+.IP "\(bu" 4
+repeating interval timer (offset = offset within interval, interval > 0, reschedule_cb = 0)
+.Sp
+In this mode the watcher will always be scheduled to time out at the next
+\&\f(CW\*(C`offset + N * interval\*(C'\fR time (for some integer N, which can also be
+negative) and then repeat, regardless of any time jumps. The \f(CW\*(C`offset\*(C'\fR
+argument is merely an offset into the \f(CW\*(C`interval\*(C'\fR periods.
+.Sp
+This can be used to create timers that do not drift with respect to the
+system clock, for example, here is an \f(CW\*(C`ev_periodic\*(C'\fR that triggers each
+hour, on the hour (with respect to \s-1UTC\s0):
+.Sp
+.Vb 1
+\&   ev_periodic_set (&periodic, 0., 3600., 0);
+.Ve
+.Sp
+This doesn't mean there will always be 3600 seconds in between triggers,
+but only that the callback will be called when the system time shows a
+full hour (\s-1UTC\s0), or more correctly, when the system time is evenly divisible
+by 3600.
+.Sp
+Another way to think about it (for the mathematically inclined) is that
+\&\f(CW\*(C`ev_periodic\*(C'\fR will try to run the callback in this mode at the next possible
+time where \f(CW\*(C`time = offset (mod interval)\*(C'\fR, regardless of any time jumps.
+.Sp
+The \f(CW\*(C`interval\*(C'\fR \fI\s-1MUST\s0\fR be positive, and for numerical stability, the
+interval value should be higher than \f(CW\*(C`1/8192\*(C'\fR (which is around 100
+microseconds) and \f(CW\*(C`offset\*(C'\fR should be higher than \f(CW0\fR and should have
+at most a similar magnitude as the current time (say, within a factor of
+ten). Typical values for offset are, in fact, \f(CW0\fR or something between
+\&\f(CW0\fR and \f(CW\*(C`interval\*(C'\fR, which is also the recommended range.
+.Sp
+Note also that there is an upper limit to how often a timer can fire (\s-1CPU\s0
+speed for example), so if \f(CW\*(C`interval\*(C'\fR is very small then timing stability
+will of course deteriorate. Libev itself tries to be exact to be about one
+millisecond (if the \s-1OS\s0 supports it and the machine is fast enough).
+.IP "\(bu" 4
+manual reschedule mode (offset ignored, interval ignored, reschedule_cb = callback)
+.Sp
+In this mode the values for \f(CW\*(C`interval\*(C'\fR and \f(CW\*(C`offset\*(C'\fR are both being
+ignored. Instead, each time the periodic watcher gets scheduled, the
+reschedule callback will be called with the watcher as first, and the
+current time as second argument.
+.Sp
+\&\s-1NOTE:\s0 \fIThis callback \s-1MUST NOT\s0 stop or destroy any periodic watcher, ever,
+or make \s-1ANY\s0 other event loop modifications whatsoever, unless explicitly
+allowed by documentation here\fR.
+.Sp
+If you need to stop it, return \f(CW\*(C`now + 1e30\*(C'\fR (or so, fudge fudge) and stop
+it afterwards (e.g. by starting an \f(CW\*(C`ev_prepare\*(C'\fR watcher, which is the
+only event loop modification you are allowed to do).
+.Sp
+The callback prototype is \f(CW\*(C`ev_tstamp (*reschedule_cb)(ev_periodic
+*w, ev_tstamp now)\*(C'\fR, e.g.:
+.Sp
+.Vb 5
+\&   static ev_tstamp
+\&   my_rescheduler (ev_periodic *w, ev_tstamp now)
+\&   {
+\&     return now + 60.;
+\&   }
+.Ve
+.Sp
+It must return the next time to trigger, based on the passed time value
+(that is, the lowest time value larger than to the second argument). It
+will usually be called just before the callback will be triggered, but
+might be called at other times, too.
+.Sp
+\&\s-1NOTE:\s0 \fIThis callback must always return a time that is higher than or
+equal to the passed \f(CI\*(C`now\*(C'\fI value\fR.
+.Sp
+This can be used to create very complex timers, such as a timer that
+triggers on \*(L"next midnight, local time\*(R". To do this, you would calculate
+the next midnight after \f(CW\*(C`now\*(C'\fR and return the timestamp value for
+this. Here is a (completely untested, no error checking) example on how to
+do this:
+.Sp
+.Vb 1
+\&   #include <time.h>
+\&
+\&   static ev_tstamp
+\&   my_rescheduler (ev_periodic *w, ev_tstamp now)
+\&   {
+\&     time_t tnow = (time_t)now;
+\&     struct tm tm;
+\&     localtime_r (&tnow, &tm);
+\&
+\&     tm.tm_sec = tm.tm_min = tm.tm_hour = 0; // midnight current day
+\&     ++tm.tm_mday; // midnight next day
+\&
+\&     return mktime (&tm);
+\&   }
+.Ve
+.Sp
+Note: this code might run into trouble on days that have more then two
+midnights (beginning and end).
+.RE
+.RS 4
+.RE
+.IP "ev_periodic_again (loop, ev_periodic *)" 4
+.IX Item "ev_periodic_again (loop, ev_periodic *)"
+Simply stops and restarts the periodic watcher again. This is only useful
+when you changed some parameters or the reschedule callback would return
+a different time than the last time it was called (e.g. in a crond like
+program when the crontabs have changed).
+.IP "ev_tstamp ev_periodic_at (ev_periodic *)" 4
+.IX Item "ev_tstamp ev_periodic_at (ev_periodic *)"
+When active, returns the absolute time that the watcher is supposed
+to trigger next. This is not the same as the \f(CW\*(C`offset\*(C'\fR argument to
+\&\f(CW\*(C`ev_periodic_set\*(C'\fR, but indeed works even in interval and manual
+rescheduling modes.
+.IP "ev_tstamp offset [read\-write]" 4
+.IX Item "ev_tstamp offset [read-write]"
+When repeating, this contains the offset value, otherwise this is the
+absolute point in time (the \f(CW\*(C`offset\*(C'\fR value passed to \f(CW\*(C`ev_periodic_set\*(C'\fR,
+although libev might modify this value for better numerical stability).
+.Sp
+Can be modified any time, but changes only take effect when the periodic
+timer fires or \f(CW\*(C`ev_periodic_again\*(C'\fR is being called.
+.IP "ev_tstamp interval [read\-write]" 4
+.IX Item "ev_tstamp interval [read-write]"
+The current interval value. Can be modified any time, but changes only
+take effect when the periodic timer fires or \f(CW\*(C`ev_periodic_again\*(C'\fR is being
+called.
+.IP "ev_tstamp (*reschedule_cb)(ev_periodic *w, ev_tstamp now) [read\-write]" 4
+.IX Item "ev_tstamp (*reschedule_cb)(ev_periodic *w, ev_tstamp now) [read-write]"
+The current reschedule callback, or \f(CW0\fR, if this functionality is
+switched off. Can be changed any time, but changes only take effect when
+the periodic timer fires or \f(CW\*(C`ev_periodic_again\*(C'\fR is being called.
+.PP
+\fIExamples\fR
+.IX Subsection "Examples"
+.PP
+Example: Call a callback every hour, or, more precisely, whenever the
+system time is divisible by 3600. The callback invocation times have
+potentially a lot of jitter, but good long-term stability.
+.PP
+.Vb 5
+\&   static void
+\&   clock_cb (struct ev_loop *loop, ev_periodic *w, int revents)
+\&   {
+\&     ... its now a full hour (UTC, or TAI or whatever your clock follows)
+\&   }
+\&
+\&   ev_periodic hourly_tick;
+\&   ev_periodic_init (&hourly_tick, clock_cb, 0., 3600., 0);
+\&   ev_periodic_start (loop, &hourly_tick);
+.Ve
+.PP
+Example: The same as above, but use a reschedule callback to do it:
+.PP
+.Vb 1
+\&   #include <math.h>
+\&
+\&   static ev_tstamp
+\&   my_scheduler_cb (ev_periodic *w, ev_tstamp now)
+\&   {
+\&     return now + (3600. \- fmod (now, 3600.));
+\&   }
+\&
+\&   ev_periodic_init (&hourly_tick, clock_cb, 0., 0., my_scheduler_cb);
+.Ve
+.PP
+Example: Call a callback every hour, starting now:
+.PP
+.Vb 4
+\&   ev_periodic hourly_tick;
+\&   ev_periodic_init (&hourly_tick, clock_cb,
+\&                     fmod (ev_now (loop), 3600.), 3600., 0);
+\&   ev_periodic_start (loop, &hourly_tick);
+.Ve
+.ie n .SS """ev_signal"" \- signal me when a signal gets signalled!"
+.el .SS "\f(CWev_signal\fP \- signal me when a signal gets signalled!"
+.IX Subsection "ev_signal - signal me when a signal gets signalled!"
+Signal watchers will trigger an event when the process receives a specific
+signal one or more times. Even though signals are very asynchronous, libev
+will try its best to deliver signals synchronously, i.e. as part of the
+normal event processing, like any other event.
+.PP
+If you want signals to be delivered truly asynchronously, just use
+\&\f(CW\*(C`sigaction\*(C'\fR as you would do without libev and forget about sharing
+the signal. You can even use \f(CW\*(C`ev_async\*(C'\fR from a signal handler to
+synchronously wake up an event loop.
+.PP
+You can configure as many watchers as you like for the same signal, but
+only within the same loop, i.e. you can watch for \f(CW\*(C`SIGINT\*(C'\fR in your
+default loop and for \f(CW\*(C`SIGIO\*(C'\fR in another loop, but you cannot watch for
+\&\f(CW\*(C`SIGINT\*(C'\fR in both the default loop and another loop at the same time. At
+the moment, \f(CW\*(C`SIGCHLD\*(C'\fR is permanently tied to the default loop.
+.PP
+Only after the first watcher for a signal is started will libev actually
+register something with the kernel. It thus coexists with your own signal
+handlers as long as you don't register any with libev for the same signal.
+.PP
+If possible and supported, libev will install its handlers with
+\&\f(CW\*(C`SA_RESTART\*(C'\fR (or equivalent) behaviour enabled, so system calls should
+not be unduly interrupted. If you have a problem with system calls getting
+interrupted by signals you can block all signals in an \f(CW\*(C`ev_check\*(C'\fR watcher
+and unblock them in an \f(CW\*(C`ev_prepare\*(C'\fR watcher.
+.PP
+\fIThe special problem of inheritance over fork/execve/pthread_create\fR
+.IX Subsection "The special problem of inheritance over fork/execve/pthread_create"
+.PP
+Both the signal mask (\f(CW\*(C`sigprocmask\*(C'\fR) and the signal disposition
+(\f(CW\*(C`sigaction\*(C'\fR) are unspecified after starting a signal watcher (and after
+stopping it again), that is, libev might or might not block the signal,
+and might or might not set or restore the installed signal handler (but
+see \f(CW\*(C`EVFLAG_NOSIGMASK\*(C'\fR).
+.PP
+While this does not matter for the signal disposition (libev never
+sets signals to \f(CW\*(C`SIG_IGN\*(C'\fR, so handlers will be reset to \f(CW\*(C`SIG_DFL\*(C'\fR on
+\&\f(CW\*(C`execve\*(C'\fR), this matters for the signal mask: many programs do not expect
+certain signals to be blocked.
+.PP
+This means that before calling \f(CW\*(C`exec\*(C'\fR (from the child) you should reset
+the signal mask to whatever \*(L"default\*(R" you expect (all clear is a good
+choice usually).
+.PP
+The simplest way to ensure that the signal mask is reset in the child is
+to install a fork handler with \f(CW\*(C`pthread_atfork\*(C'\fR that resets it. That will
+catch fork calls done by libraries (such as the libc) as well.
+.PP
+In current versions of libev, the signal will not be blocked indefinitely
+unless you use the \f(CW\*(C`signalfd\*(C'\fR \s-1API\s0 (\f(CW\*(C`EV_SIGNALFD\*(C'\fR). While this reduces
+the window of opportunity for problems, it will not go away, as libev
+\&\fIhas\fR to modify the signal mask, at least temporarily.
+.PP
+So I can't stress this enough: \fIIf you do not reset your signal mask when
+you expect it to be empty, you have a race condition in your code\fR. This
+is not a libev-specific thing, this is true for most event libraries.
+.PP
+\fIThe special problem of threads signal handling\fR
+.IX Subsection "The special problem of threads signal handling"
+.PP
+\&\s-1POSIX\s0 threads has problematic signal handling semantics, specifically,
+a lot of functionality (sigfd, sigwait etc.) only really works if all
+threads in a process block signals, which is hard to achieve.
+.PP
+When you want to use sigwait (or mix libev signal handling with your own
+for the same signals), you can tackle this problem by globally blocking
+all signals before creating any threads (or creating them with a fully set
+sigprocmask) and also specifying the \f(CW\*(C`EVFLAG_NOSIGMASK\*(C'\fR when creating
+loops. Then designate one thread as \*(L"signal receiver thread\*(R" which handles
+these signals. You can pass on any signals that libev might be interested
+in by calling \f(CW\*(C`ev_feed_signal\*(C'\fR.
+.PP
+\fIWatcher-Specific Functions and Data Members\fR
+.IX Subsection "Watcher-Specific Functions and Data Members"
+.IP "ev_signal_init (ev_signal *, callback, int signum)" 4
+.IX Item "ev_signal_init (ev_signal *, callback, int signum)"
+.PD 0
+.IP "ev_signal_set (ev_signal *, int signum)" 4
+.IX Item "ev_signal_set (ev_signal *, int signum)"
+.PD
+Configures the watcher to trigger on the given signal number (usually one
+of the \f(CW\*(C`SIGxxx\*(C'\fR constants).
+.IP "int signum [read\-only]" 4
+.IX Item "int signum [read-only]"
+The signal the watcher watches out for.
+.PP
+\fIExamples\fR
+.IX Subsection "Examples"
+.PP
+Example: Try to exit cleanly on \s-1SIGINT.\s0
+.PP
+.Vb 5
+\&   static void
+\&   sigint_cb (struct ev_loop *loop, ev_signal *w, int revents)
+\&   {
+\&     ev_break (loop, EVBREAK_ALL);
+\&   }
+\&
+\&   ev_signal signal_watcher;
+\&   ev_signal_init (&signal_watcher, sigint_cb, SIGINT);
+\&   ev_signal_start (loop, &signal_watcher);
+.Ve
+.ie n .SS """ev_child"" \- watch out for process status changes"
+.el .SS "\f(CWev_child\fP \- watch out for process status changes"
+.IX Subsection "ev_child - watch out for process status changes"
+Child watchers trigger when your process receives a \s-1SIGCHLD\s0 in response to
+some child status changes (most typically when a child of yours dies or
+exits). It is permissible to install a child watcher \fIafter\fR the child
+has been forked (which implies it might have already exited), as long
+as the event loop isn't entered (or is continued from a watcher), i.e.,
+forking and then immediately registering a watcher for the child is fine,
+but forking and registering a watcher a few event loop iterations later or
+in the next callback invocation is not.
+.PP
+Only the default event loop is capable of handling signals, and therefore
+you can only register child watchers in the default event loop.
+.PP
+Due to some design glitches inside libev, child watchers will always be
+handled at maximum priority (their priority is set to \f(CW\*(C`EV_MAXPRI\*(C'\fR by
+libev)
+.PP
+\fIProcess Interaction\fR
+.IX Subsection "Process Interaction"
+.PP
+Libev grabs \f(CW\*(C`SIGCHLD\*(C'\fR as soon as the default event loop is
+initialised. This is necessary to guarantee proper behaviour even if the
+first child watcher is started after the child exits. The occurrence
+of \f(CW\*(C`SIGCHLD\*(C'\fR is recorded asynchronously, but child reaping is done
+synchronously as part of the event loop processing. Libev always reaps all
+children, even ones not watched.
+.PP
+\fIOverriding the Built-In Processing\fR
+.IX Subsection "Overriding the Built-In Processing"
+.PP
+Libev offers no special support for overriding the built-in child
+processing, but if your application collides with libev's default child
+handler, you can override it easily by installing your own handler for
+\&\f(CW\*(C`SIGCHLD\*(C'\fR after initialising the default loop, and making sure the
+default loop never gets destroyed. You are encouraged, however, to use an
+event-based approach to child reaping and thus use libev's support for
+that, so other libev users can use \f(CW\*(C`ev_child\*(C'\fR watchers freely.
+.PP
+\fIStopping the Child Watcher\fR
+.IX Subsection "Stopping the Child Watcher"
+.PP
+Currently, the child watcher never gets stopped, even when the
+child terminates, so normally one needs to stop the watcher in the
+callback. Future versions of libev might stop the watcher automatically
+when a child exit is detected (calling \f(CW\*(C`ev_child_stop\*(C'\fR twice is not a
+problem).
+.PP
+\fIWatcher-Specific Functions and Data Members\fR
+.IX Subsection "Watcher-Specific Functions and Data Members"
+.IP "ev_child_init (ev_child *, callback, int pid, int trace)" 4
+.IX Item "ev_child_init (ev_child *, callback, int pid, int trace)"
+.PD 0
+.IP "ev_child_set (ev_child *, int pid, int trace)" 4
+.IX Item "ev_child_set (ev_child *, int pid, int trace)"
+.PD
+Configures the watcher to wait for status changes of process \f(CW\*(C`pid\*(C'\fR (or
+\&\fIany\fR process if \f(CW\*(C`pid\*(C'\fR is specified as \f(CW0\fR). The callback can look
+at the \f(CW\*(C`rstatus\*(C'\fR member of the \f(CW\*(C`ev_child\*(C'\fR watcher structure to see
+the status word (use the macros from \f(CW\*(C`sys/wait.h\*(C'\fR and see your systems
+\&\f(CW\*(C`waitpid\*(C'\fR documentation). The \f(CW\*(C`rpid\*(C'\fR member contains the pid of the
+process causing the status change. \f(CW\*(C`trace\*(C'\fR must be either \f(CW0\fR (only
+activate the watcher when the process terminates) or \f(CW1\fR (additionally
+activate the watcher when the process is stopped or continued).
+.IP "int pid [read\-only]" 4
+.IX Item "int pid [read-only]"
+The process id this watcher watches out for, or \f(CW0\fR, meaning any process id.
+.IP "int rpid [read\-write]" 4
+.IX Item "int rpid [read-write]"
+The process id that detected a status change.
+.IP "int rstatus [read\-write]" 4
+.IX Item "int rstatus [read-write]"
+The process exit/trace status caused by \f(CW\*(C`rpid\*(C'\fR (see your systems
+\&\f(CW\*(C`waitpid\*(C'\fR and \f(CW\*(C`sys/wait.h\*(C'\fR documentation for details).
+.PP
+\fIExamples\fR
+.IX Subsection "Examples"
+.PP
+Example: \f(CW\*(C`fork()\*(C'\fR a new process and install a child handler to wait for
+its completion.
+.PP
+.Vb 1
+\&   ev_child cw;
+\&
+\&   static void
+\&   child_cb (EV_P_ ev_child *w, int revents)
+\&   {
+\&     ev_child_stop (EV_A_ w);
+\&     printf ("process %d exited with status %x\en", w\->rpid, w\->rstatus);
+\&   }
+\&
+\&   pid_t pid = fork ();
+\&
+\&   if (pid < 0)
+\&     // error
+\&   else if (pid == 0)
+\&     {
+\&       // the forked child executes here
+\&       exit (1);
+\&     }
+\&   else
+\&     {
+\&       ev_child_init (&cw, child_cb, pid, 0);
+\&       ev_child_start (EV_DEFAULT_ &cw);
+\&     }
+.Ve
+.ie n .SS """ev_stat"" \- did the file attributes just change?"
+.el .SS "\f(CWev_stat\fP \- did the file attributes just change?"
+.IX Subsection "ev_stat - did the file attributes just change?"
+This watches a file system path for attribute changes. That is, it calls
+\&\f(CW\*(C`stat\*(C'\fR on that path in regular intervals (or when the \s-1OS\s0 says it changed)
+and sees if it changed compared to the last time, invoking the callback
+if it did. Starting the watcher \f(CW\*(C`stat\*(C'\fR's the file, so only changes that
+happen after the watcher has been started will be reported.
+.PP
+The path does not need to exist: changing from \*(L"path exists\*(R" to \*(L"path does
+not exist\*(R" is a status change like any other. The condition \*(L"path does not
+exist\*(R" (or more correctly \*(L"path cannot be stat'ed\*(R") is signified by the
+\&\f(CW\*(C`st_nlink\*(C'\fR field being zero (which is otherwise always forced to be at
+least one) and all the other fields of the stat buffer having unspecified
+contents.
+.PP
+The path \fImust not\fR end in a slash or contain special components such as
+\&\f(CW\*(C`.\*(C'\fR or \f(CW\*(C`..\*(C'\fR. The path \fIshould\fR be absolute: If it is relative and
+your working directory changes, then the behaviour is undefined.
+.PP
+Since there is no portable change notification interface available, the
+portable implementation simply calls \f(CWstat(2)\fR regularly on the path
+to see if it changed somehow. You can specify a recommended polling
+interval for this case. If you specify a polling interval of \f(CW0\fR (highly
+recommended!) then a \fIsuitable, unspecified default\fR value will be used
+(which you can expect to be around five seconds, although this might
+change dynamically). Libev will also impose a minimum interval which is
+currently around \f(CW0.1\fR, but that's usually overkill.
+.PP
+This watcher type is not meant for massive numbers of stat watchers,
+as even with OS-supported change notifications, this can be
+resource-intensive.
+.PP
+At the time of this writing, the only OS-specific interface implemented
+is the Linux inotify interface (implementing kqueue support is left as an
+exercise for the reader. Note, however, that the author sees no way of
+implementing \f(CW\*(C`ev_stat\*(C'\fR semantics with kqueue, except as a hint).
+.PP
+\fI\s-1ABI\s0 Issues (Largefile Support)\fR
+.IX Subsection "ABI Issues (Largefile Support)"
+.PP
+Libev by default (unless the user overrides this) uses the default
+compilation environment, which means that on systems with large file
+support disabled by default, you get the 32 bit version of the stat
+structure. When using the library from programs that change the \s-1ABI\s0 to
+use 64 bit file offsets the programs will fail. In that case you have to
+compile libev with the same flags to get binary compatibility. This is
+obviously the case with any flags that change the \s-1ABI,\s0 but the problem is
+most noticeably displayed with ev_stat and large file support.
+.PP
+The solution for this is to lobby your distribution maker to make large
+file interfaces available by default (as e.g. FreeBSD does) and not
+optional. Libev cannot simply switch on large file support because it has
+to exchange stat structures with application programs compiled using the
+default compilation environment.
+.PP
+\fIInotify and Kqueue\fR
+.IX Subsection "Inotify and Kqueue"
+.PP
+When \f(CW\*(C`inotify (7)\*(C'\fR support has been compiled into libev and present at
+runtime, it will be used to speed up change detection where possible. The
+inotify descriptor will be created lazily when the first \f(CW\*(C`ev_stat\*(C'\fR
+watcher is being started.
+.PP
+Inotify presence does not change the semantics of \f(CW\*(C`ev_stat\*(C'\fR watchers
+except that changes might be detected earlier, and in some cases, to avoid
+making regular \f(CW\*(C`stat\*(C'\fR calls. Even in the presence of inotify support
+there are many cases where libev has to resort to regular \f(CW\*(C`stat\*(C'\fR polling,
+but as long as kernel 2.6.25 or newer is used (2.6.24 and older have too
+many bugs), the path exists (i.e. stat succeeds), and the path resides on
+a local filesystem (libev currently assumes only ext2/3, jfs, reiserfs and
+xfs are fully working) libev usually gets away without polling.
+.PP
+There is no support for kqueue, as apparently it cannot be used to
+implement this functionality, due to the requirement of having a file
+descriptor open on the object at all times, and detecting renames, unlinks
+etc. is difficult.
+.PP
+\fI\f(CI\*(C`stat ()\*(C'\fI is a synchronous operation\fR
+.IX Subsection "stat () is a synchronous operation"
+.PP
+Libev doesn't normally do any kind of I/O itself, and so is not blocking
+the process. The exception are \f(CW\*(C`ev_stat\*(C'\fR watchers \- those call \f(CW\*(C`stat
+()\*(C'\fR, which is a synchronous operation.
+.PP
+For local paths, this usually doesn't matter: unless the system is very
+busy or the intervals between stat's are large, a stat call will be fast,
+as the path data is usually in memory already (except when starting the
+watcher).
+.PP
+For networked file systems, calling \f(CW\*(C`stat ()\*(C'\fR can block an indefinite
+time due to network issues, and even under good conditions, a stat call
+often takes multiple milliseconds.
+.PP
+Therefore, it is best to avoid using \f(CW\*(C`ev_stat\*(C'\fR watchers on networked
+paths, although this is fully supported by libev.
+.PP
+\fIThe special problem of stat time resolution\fR
+.IX Subsection "The special problem of stat time resolution"
+.PP
+The \f(CW\*(C`stat ()\*(C'\fR system call only supports full-second resolution portably,
+and even on systems where the resolution is higher, most file systems
+still only support whole seconds.
+.PP
+That means that, if the time is the only thing that changes, you can
+easily miss updates: on the first update, \f(CW\*(C`ev_stat\*(C'\fR detects a change and
+calls your callback, which does something. When there is another update
+within the same second, \f(CW\*(C`ev_stat\*(C'\fR will be unable to detect unless the
+stat data does change in other ways (e.g. file size).
+.PP
+The solution to this is to delay acting on a change for slightly more
+than a second (or till slightly after the next full second boundary), using
+a roughly one-second-delay \f(CW\*(C`ev_timer\*(C'\fR (e.g. \f(CW\*(C`ev_timer_set (w, 0., 1.02);
+ev_timer_again (loop, w)\*(C'\fR).
+.PP
+The \f(CW.02\fR offset is added to work around small timing inconsistencies
+of some operating systems (where the second counter of the current time
+might be be delayed. One such system is the Linux kernel, where a call to
+\&\f(CW\*(C`gettimeofday\*(C'\fR might return a timestamp with a full second later than
+a subsequent \f(CW\*(C`time\*(C'\fR call \- if the equivalent of \f(CW\*(C`time ()\*(C'\fR is used to
+update file times then there will be a small window where the kernel uses
+the previous second to update file times but libev might already execute
+the timer callback).
+.PP
+\fIWatcher-Specific Functions and Data Members\fR
+.IX Subsection "Watcher-Specific Functions and Data Members"
+.IP "ev_stat_init (ev_stat *, callback, const char *path, ev_tstamp interval)" 4
+.IX Item "ev_stat_init (ev_stat *, callback, const char *path, ev_tstamp interval)"
+.PD 0
+.IP "ev_stat_set (ev_stat *, const char *path, ev_tstamp interval)" 4
+.IX Item "ev_stat_set (ev_stat *, const char *path, ev_tstamp interval)"
+.PD
+Configures the watcher to wait for status changes of the given
+\&\f(CW\*(C`path\*(C'\fR. The \f(CW\*(C`interval\*(C'\fR is a hint on how quickly a change is expected to
+be detected and should normally be specified as \f(CW0\fR to let libev choose
+a suitable value. The memory pointed to by \f(CW\*(C`path\*(C'\fR must point to the same
+path for as long as the watcher is active.
+.Sp
+The callback will receive an \f(CW\*(C`EV_STAT\*(C'\fR event when a change was detected,
+relative to the attributes at the time the watcher was started (or the
+last change was detected).
+.IP "ev_stat_stat (loop, ev_stat *)" 4
+.IX Item "ev_stat_stat (loop, ev_stat *)"
+Updates the stat buffer immediately with new values. If you change the
+watched path in your callback, you could call this function to avoid
+detecting this change (while introducing a race condition if you are not
+the only one changing the path). Can also be useful simply to find out the
+new values.
+.IP "ev_statdata attr [read\-only]" 4
+.IX Item "ev_statdata attr [read-only]"
+The most-recently detected attributes of the file. Although the type is
+\&\f(CW\*(C`ev_statdata\*(C'\fR, this is usually the (or one of the) \f(CW\*(C`struct stat\*(C'\fR types
+suitable for your system, but you can only rely on the POSIX-standardised
+members to be present. If the \f(CW\*(C`st_nlink\*(C'\fR member is \f(CW0\fR, then there was
+some error while \f(CW\*(C`stat\*(C'\fRing the file.
+.IP "ev_statdata prev [read\-only]" 4
+.IX Item "ev_statdata prev [read-only]"
+The previous attributes of the file. The callback gets invoked whenever
+\&\f(CW\*(C`prev\*(C'\fR != \f(CW\*(C`attr\*(C'\fR, or, more precisely, one or more of these members
+differ: \f(CW\*(C`st_dev\*(C'\fR, \f(CW\*(C`st_ino\*(C'\fR, \f(CW\*(C`st_mode\*(C'\fR, \f(CW\*(C`st_nlink\*(C'\fR, \f(CW\*(C`st_uid\*(C'\fR,
+\&\f(CW\*(C`st_gid\*(C'\fR, \f(CW\*(C`st_rdev\*(C'\fR, \f(CW\*(C`st_size\*(C'\fR, \f(CW\*(C`st_atime\*(C'\fR, \f(CW\*(C`st_mtime\*(C'\fR, \f(CW\*(C`st_ctime\*(C'\fR.
+.IP "ev_tstamp interval [read\-only]" 4
+.IX Item "ev_tstamp interval [read-only]"
+The specified interval.
+.IP "const char *path [read\-only]" 4
+.IX Item "const char *path [read-only]"
+The file system path that is being watched.
+.PP
+\fIExamples\fR
+.IX Subsection "Examples"
+.PP
+Example: Watch \f(CW\*(C`/etc/passwd\*(C'\fR for attribute changes.
+.PP
+.Vb 10
+\&   static void
+\&   passwd_cb (struct ev_loop *loop, ev_stat *w, int revents)
+\&   {
+\&     /* /etc/passwd changed in some way */
+\&     if (w\->attr.st_nlink)
+\&       {
+\&         printf ("passwd current size  %ld\en", (long)w\->attr.st_size);
+\&         printf ("passwd current atime %ld\en", (long)w\->attr.st_mtime);
+\&         printf ("passwd current mtime %ld\en", (long)w\->attr.st_mtime);
+\&       }
+\&     else
+\&       /* you shalt not abuse printf for puts */
+\&       puts ("wow, /etc/passwd is not there, expect problems. "
+\&             "if this is windows, they already arrived\en");
+\&   }
+\&
+\&   ...
+\&   ev_stat passwd;
+\&
+\&   ev_stat_init (&passwd, passwd_cb, "/etc/passwd", 0.);
+\&   ev_stat_start (loop, &passwd);
+.Ve
+.PP
+Example: Like above, but additionally use a one-second delay so we do not
+miss updates (however, frequent updates will delay processing, too, so
+one might do the work both on \f(CW\*(C`ev_stat\*(C'\fR callback invocation \fIand\fR on
+\&\f(CW\*(C`ev_timer\*(C'\fR callback invocation).
+.PP
+.Vb 2
+\&   static ev_stat passwd;
+\&   static ev_timer timer;
+\&
+\&   static void
+\&   timer_cb (EV_P_ ev_timer *w, int revents)
+\&   {
+\&     ev_timer_stop (EV_A_ w);
+\&
+\&     /* now it\*(Aqs one second after the most recent passwd change */
+\&   }
+\&
+\&   static void
+\&   stat_cb (EV_P_ ev_stat *w, int revents)
+\&   {
+\&     /* reset the one\-second timer */
+\&     ev_timer_again (EV_A_ &timer);
+\&   }
+\&
+\&   ...
+\&   ev_stat_init (&passwd, stat_cb, "/etc/passwd", 0.);
+\&   ev_stat_start (loop, &passwd);
+\&   ev_timer_init (&timer, timer_cb, 0., 1.02);
+.Ve
+.ie n .SS """ev_idle"" \- when you've got nothing better to do..."
+.el .SS "\f(CWev_idle\fP \- when you've got nothing better to do..."
+.IX Subsection "ev_idle - when you've got nothing better to do..."
+Idle watchers trigger events when no other events of the same or higher
+priority are pending (prepare, check and other idle watchers do not count
+as receiving \*(L"events\*(R").
+.PP
+That is, as long as your process is busy handling sockets or timeouts
+(or even signals, imagine) of the same or higher priority it will not be
+triggered. But when your process is idle (or only lower-priority watchers
+are pending), the idle watchers are being called once per event loop
+iteration \- until stopped, that is, or your process receives more events
+and becomes busy again with higher priority stuff.
+.PP
+The most noteworthy effect is that as long as any idle watchers are
+active, the process will not block when waiting for new events.
+.PP
+Apart from keeping your process non-blocking (which is a useful
+effect on its own sometimes), idle watchers are a good place to do
+\&\*(L"pseudo-background processing\*(R", or delay processing stuff to after the
+event loop has handled all outstanding events.
+.PP
+\fIAbusing an \f(CI\*(C`ev_idle\*(C'\fI watcher for its side-effect\fR
+.IX Subsection "Abusing an ev_idle watcher for its side-effect"
+.PP
+As long as there is at least one active idle watcher, libev will never
+sleep unnecessarily. Or in other words, it will loop as fast as possible.
+For this to work, the idle watcher doesn't need to be invoked at all \- the
+lowest priority will do.
+.PP
+This mode of operation can be useful together with an \f(CW\*(C`ev_check\*(C'\fR watcher,
+to do something on each event loop iteration \- for example to balance load
+between different connections.
+.PP
+See \*(L"Abusing an ev_check watcher for its side-effect\*(R" for a longer
+example.
+.PP
+\fIWatcher-Specific Functions and Data Members\fR
+.IX Subsection "Watcher-Specific Functions and Data Members"
+.IP "ev_idle_init (ev_idle *, callback)" 4
+.IX Item "ev_idle_init (ev_idle *, callback)"
+Initialises and configures the idle watcher \- it has no parameters of any
+kind. There is a \f(CW\*(C`ev_idle_set\*(C'\fR macro, but using it is utterly pointless,
+believe me.
+.PP
+\fIExamples\fR
+.IX Subsection "Examples"
+.PP
+Example: Dynamically allocate an \f(CW\*(C`ev_idle\*(C'\fR watcher, start it, and in the
+callback, free it. Also, use no error checking, as usual.
+.PP
+.Vb 5
+\&   static void
+\&   idle_cb (struct ev_loop *loop, ev_idle *w, int revents)
+\&   {
+\&     // stop the watcher
+\&     ev_idle_stop (loop, w);
+\&
+\&     // now we can free it
+\&     free (w);
+\&
+\&     // now do something you wanted to do when the program has
+\&     // no longer anything immediate to do.
+\&   }
+\&
+\&   ev_idle *idle_watcher = malloc (sizeof (ev_idle));
+\&   ev_idle_init (idle_watcher, idle_cb);
+\&   ev_idle_start (loop, idle_watcher);
+.Ve
+.ie n .SS """ev_prepare"" and ""ev_check"" \- customise your event loop!"
+.el .SS "\f(CWev_prepare\fP and \f(CWev_check\fP \- customise your event loop!"
+.IX Subsection "ev_prepare and ev_check - customise your event loop!"
+Prepare and check watchers are often (but not always) used in pairs:
+prepare watchers get invoked before the process blocks and check watchers
+afterwards.
+.PP
+You \fImust not\fR call \f(CW\*(C`ev_run\*(C'\fR (or similar functions that enter the
+current event loop) or \f(CW\*(C`ev_loop_fork\*(C'\fR from either \f(CW\*(C`ev_prepare\*(C'\fR or
+\&\f(CW\*(C`ev_check\*(C'\fR watchers. Other loops than the current one are fine,
+however. The rationale behind this is that you do not need to check
+for recursion in those watchers, i.e. the sequence will always be
+\&\f(CW\*(C`ev_prepare\*(C'\fR, blocking, \f(CW\*(C`ev_check\*(C'\fR so if you have one watcher of each
+kind they will always be called in pairs bracketing the blocking call.
+.PP
+Their main purpose is to integrate other event mechanisms into libev and
+their use is somewhat advanced. They could be used, for example, to track
+variable changes, implement your own watchers, integrate net-snmp or a
+coroutine library and lots more. They are also occasionally useful if
+you cache some data and want to flush it before blocking (for example,
+in X programs you might want to do an \f(CW\*(C`XFlush ()\*(C'\fR in an \f(CW\*(C`ev_prepare\*(C'\fR
+watcher).
+.PP
+This is done by examining in each prepare call which file descriptors
+need to be watched by the other library, registering \f(CW\*(C`ev_io\*(C'\fR watchers
+for them and starting an \f(CW\*(C`ev_timer\*(C'\fR watcher for any timeouts (many
+libraries provide exactly this functionality). Then, in the check watcher,
+you check for any events that occurred (by checking the pending status
+of all watchers and stopping them) and call back into the library. The
+I/O and timer callbacks will never actually be called (but must be valid
+nevertheless, because you never know, you know?).
+.PP
+As another example, the Perl Coro module uses these hooks to integrate
+coroutines into libev programs, by yielding to other active coroutines
+during each prepare and only letting the process block if no coroutines
+are ready to run (it's actually more complicated: it only runs coroutines
+with priority higher than or equal to the event loop and one coroutine
+of lower priority, but only once, using idle watchers to keep the event
+loop from blocking if lower-priority coroutines are active, thus mapping
+low-priority coroutines to idle/background tasks).
+.PP
+When used for this purpose, it is recommended to give \f(CW\*(C`ev_check\*(C'\fR watchers
+highest (\f(CW\*(C`EV_MAXPRI\*(C'\fR) priority, to ensure that they are being run before
+any other watchers after the poll (this doesn't matter for \f(CW\*(C`ev_prepare\*(C'\fR
+watchers).
+.PP
+Also, \f(CW\*(C`ev_check\*(C'\fR watchers (and \f(CW\*(C`ev_prepare\*(C'\fR watchers, too) should not
+activate (\*(L"feed\*(R") events into libev. While libev fully supports this, they
+might get executed before other \f(CW\*(C`ev_check\*(C'\fR watchers did their job. As
+\&\f(CW\*(C`ev_check\*(C'\fR watchers are often used to embed other (non-libev) event
+loops those other event loops might be in an unusable state until their
+\&\f(CW\*(C`ev_check\*(C'\fR watcher ran (always remind yourself to coexist peacefully with
+others).
+.PP
+\fIAbusing an \f(CI\*(C`ev_check\*(C'\fI watcher for its side-effect\fR
+.IX Subsection "Abusing an ev_check watcher for its side-effect"
+.PP
+\&\f(CW\*(C`ev_check\*(C'\fR (and less often also \f(CW\*(C`ev_prepare\*(C'\fR) watchers can also be
+useful because they are called once per event loop iteration. For
+example, if you want to handle a large number of connections fairly, you
+normally only do a bit of work for each active connection, and if there
+is more work to do, you wait for the next event loop iteration, so other
+connections have a chance of making progress.
+.PP
+Using an \f(CW\*(C`ev_check\*(C'\fR watcher is almost enough: it will be called on the
+next event loop iteration. However, that isn't as soon as possible \-
+without external events, your \f(CW\*(C`ev_check\*(C'\fR watcher will not be invoked.
+.PP
+This is where \f(CW\*(C`ev_idle\*(C'\fR watchers come in handy \- all you need is a
+single global idle watcher that is active as long as you have one active
+\&\f(CW\*(C`ev_check\*(C'\fR watcher. The \f(CW\*(C`ev_idle\*(C'\fR watcher makes sure the event loop
+will not sleep, and the \f(CW\*(C`ev_check\*(C'\fR watcher makes sure a callback gets
+invoked. Neither watcher alone can do that.
+.PP
+\fIWatcher-Specific Functions and Data Members\fR
+.IX Subsection "Watcher-Specific Functions and Data Members"
+.IP "ev_prepare_init (ev_prepare *, callback)" 4
+.IX Item "ev_prepare_init (ev_prepare *, callback)"
+.PD 0
+.IP "ev_check_init (ev_check *, callback)" 4
+.IX Item "ev_check_init (ev_check *, callback)"
+.PD
+Initialises and configures the prepare or check watcher \- they have no
+parameters of any kind. There are \f(CW\*(C`ev_prepare_set\*(C'\fR and \f(CW\*(C`ev_check_set\*(C'\fR
+macros, but using them is utterly, utterly, utterly and completely
+pointless.
+.PP
+\fIExamples\fR
+.IX Subsection "Examples"
+.PP
+There are a number of principal ways to embed other event loops or modules
+into libev. Here are some ideas on how to include libadns into libev
+(there is a Perl module named \f(CW\*(C`EV::ADNS\*(C'\fR that does this, which you could
+use as a working example. Another Perl module named \f(CW\*(C`EV::Glib\*(C'\fR embeds a
+Glib main context into libev, and finally, \f(CW\*(C`Glib::EV\*(C'\fR embeds \s-1EV\s0 into the
+Glib event loop).
+.PP
+Method 1: Add \s-1IO\s0 watchers and a timeout watcher in a prepare handler,
+and in a check watcher, destroy them and call into libadns. What follows
+is pseudo-code only of course. This requires you to either use a low
+priority for the check watcher or use \f(CW\*(C`ev_clear_pending\*(C'\fR explicitly, as
+the callbacks for the IO/timeout watchers might not have been called yet.
+.PP
+.Vb 2
+\&   static ev_io iow [nfd];
+\&   static ev_timer tw;
+\&
+\&   static void
+\&   io_cb (struct ev_loop *loop, ev_io *w, int revents)
+\&   {
+\&   }
+\&
+\&   // create io watchers for each fd and a timer before blocking
+\&   static void
+\&   adns_prepare_cb (struct ev_loop *loop, ev_prepare *w, int revents)
+\&   {
+\&     int timeout = 3600000;
+\&     struct pollfd fds [nfd];
+\&     // actual code will need to loop here and realloc etc.
+\&     adns_beforepoll (ads, fds, &nfd, &timeout, timeval_from (ev_time ()));
+\&
+\&     /* the callback is illegal, but won\*(Aqt be called as we stop during check */
+\&     ev_timer_init (&tw, 0, timeout * 1e\-3, 0.);
+\&     ev_timer_start (loop, &tw);
+\&
+\&     // create one ev_io per pollfd
+\&     for (int i = 0; i < nfd; ++i)
+\&       {
+\&         ev_io_init (iow + i, io_cb, fds [i].fd,
+\&           ((fds [i].events & POLLIN ? EV_READ : 0)
+\&            | (fds [i].events & POLLOUT ? EV_WRITE : 0)));
+\&
+\&         fds [i].revents = 0;
+\&         ev_io_start (loop, iow + i);
+\&       }
+\&   }
+\&
+\&   // stop all watchers after blocking
+\&   static void
+\&   adns_check_cb (struct ev_loop *loop, ev_check *w, int revents)
+\&   {
+\&     ev_timer_stop (loop, &tw);
+\&
+\&     for (int i = 0; i < nfd; ++i)
+\&       {
+\&         // set the relevant poll flags
+\&         // could also call adns_processreadable etc. here
+\&         struct pollfd *fd = fds + i;
+\&         int revents = ev_clear_pending (iow + i);
+\&         if (revents & EV_READ ) fd\->revents |= fd\->events & POLLIN;
+\&         if (revents & EV_WRITE) fd\->revents |= fd\->events & POLLOUT;
+\&
+\&         // now stop the watcher
+\&         ev_io_stop (loop, iow + i);
+\&       }
+\&
+\&     adns_afterpoll (adns, fds, nfd, timeval_from (ev_now (loop));
+\&   }
+.Ve
+.PP
+Method 2: This would be just like method 1, but you run \f(CW\*(C`adns_afterpoll\*(C'\fR
+in the prepare watcher and would dispose of the check watcher.
+.PP
+Method 3: If the module to be embedded supports explicit event
+notification (libadns does), you can also make use of the actual watcher
+callbacks, and only destroy/create the watchers in the prepare watcher.
+.PP
+.Vb 5
+\&   static void
+\&   timer_cb (EV_P_ ev_timer *w, int revents)
+\&   {
+\&     adns_state ads = (adns_state)w\->data;
+\&     update_now (EV_A);
+\&
+\&     adns_processtimeouts (ads, &tv_now);
+\&   }
+\&
+\&   static void
+\&   io_cb (EV_P_ ev_io *w, int revents)
+\&   {
+\&     adns_state ads = (adns_state)w\->data;
+\&     update_now (EV_A);
+\&
+\&     if (revents & EV_READ ) adns_processreadable  (ads, w\->fd, &tv_now);
+\&     if (revents & EV_WRITE) adns_processwriteable (ads, w\->fd, &tv_now);
+\&   }
+\&
+\&   // do not ever call adns_afterpoll
+.Ve
+.PP
+Method 4: Do not use a prepare or check watcher because the module you
+want to embed is not flexible enough to support it. Instead, you can
+override their poll function. The drawback with this solution is that the
+main loop is now no longer controllable by \s-1EV.\s0 The \f(CW\*(C`Glib::EV\*(C'\fR module uses
+this approach, effectively embedding \s-1EV\s0 as a client into the horrible
+libglib event loop.
+.PP
+.Vb 4
+\&   static gint
+\&   event_poll_func (GPollFD *fds, guint nfds, gint timeout)
+\&   {
+\&     int got_events = 0;
+\&
+\&     for (n = 0; n < nfds; ++n)
+\&       // create/start io watcher that sets the relevant bits in fds[n] and increment got_events
+\&
+\&     if (timeout >= 0)
+\&       // create/start timer
+\&
+\&     // poll
+\&     ev_run (EV_A_ 0);
+\&
+\&     // stop timer again
+\&     if (timeout >= 0)
+\&       ev_timer_stop (EV_A_ &to);
+\&
+\&     // stop io watchers again \- their callbacks should have set
+\&     for (n = 0; n < nfds; ++n)
+\&       ev_io_stop (EV_A_ iow [n]);
+\&
+\&     return got_events;
+\&   }
+.Ve
+.ie n .SS """ev_embed"" \- when one backend isn't enough..."
+.el .SS "\f(CWev_embed\fP \- when one backend isn't enough..."
+.IX Subsection "ev_embed - when one backend isn't enough..."
+This is a rather advanced watcher type that lets you embed one event loop
+into another (currently only \f(CW\*(C`ev_io\*(C'\fR events are supported in the embedded
+loop, other types of watchers might be handled in a delayed or incorrect
+fashion and must not be used).
+.PP
+There are primarily two reasons you would want that: work around bugs and
+prioritise I/O.
+.PP
+As an example for a bug workaround, the kqueue backend might only support
+sockets on some platform, so it is unusable as generic backend, but you
+still want to make use of it because you have many sockets and it scales
+so nicely. In this case, you would create a kqueue-based loop and embed
+it into your default loop (which might use e.g. poll). Overall operation
+will be a bit slower because first libev has to call \f(CW\*(C`poll\*(C'\fR and then
+\&\f(CW\*(C`kevent\*(C'\fR, but at least you can use both mechanisms for what they are
+best: \f(CW\*(C`kqueue\*(C'\fR for scalable sockets and \f(CW\*(C`poll\*(C'\fR if you want it to work :)
+.PP
+As for prioritising I/O: under rare circumstances you have the case where
+some fds have to be watched and handled very quickly (with low latency),
+and even priorities and idle watchers might have too much overhead. In
+this case you would put all the high priority stuff in one loop and all
+the rest in a second one, and embed the second one in the first.
+.PP
+As long as the watcher is active, the callback will be invoked every
+time there might be events pending in the embedded loop. The callback
+must then call \f(CW\*(C`ev_embed_sweep (mainloop, watcher)\*(C'\fR to make a single
+sweep and invoke their callbacks (the callback doesn't need to invoke the
+\&\f(CW\*(C`ev_embed_sweep\*(C'\fR function directly, it could also start an idle watcher
+to give the embedded loop strictly lower priority for example).
+.PP
+You can also set the callback to \f(CW0\fR, in which case the embed watcher
+will automatically execute the embedded loop sweep whenever necessary.
+.PP
+Fork detection will be handled transparently while the \f(CW\*(C`ev_embed\*(C'\fR watcher
+is active, i.e., the embedded loop will automatically be forked when the
+embedding loop forks. In other cases, the user is responsible for calling
+\&\f(CW\*(C`ev_loop_fork\*(C'\fR on the embedded loop.
+.PP
+Unfortunately, not all backends are embeddable: only the ones returned by
+\&\f(CW\*(C`ev_embeddable_backends\*(C'\fR are, which, unfortunately, does not include any
+portable one.
+.PP
+So when you want to use this feature you will always have to be prepared
+that you cannot get an embeddable loop. The recommended way to get around
+this is to have a separate variables for your embeddable loop, try to
+create it, and if that fails, use the normal loop for everything.
+.PP
+\fI\f(CI\*(C`ev_embed\*(C'\fI and fork\fR
+.IX Subsection "ev_embed and fork"
+.PP
+While the \f(CW\*(C`ev_embed\*(C'\fR watcher is running, forks in the embedding loop will
+automatically be applied to the embedded loop as well, so no special
+fork handling is required in that case. When the watcher is not running,
+however, it is still the task of the libev user to call \f(CW\*(C`ev_loop_fork ()\*(C'\fR
+as applicable.
+.PP
+\fIWatcher-Specific Functions and Data Members\fR
+.IX Subsection "Watcher-Specific Functions and Data Members"
+.IP "ev_embed_init (ev_embed *, callback, struct ev_loop *embedded_loop)" 4
+.IX Item "ev_embed_init (ev_embed *, callback, struct ev_loop *embedded_loop)"
+.PD 0
+.IP "ev_embed_set (ev_embed *, struct ev_loop *embedded_loop)" 4
+.IX Item "ev_embed_set (ev_embed *, struct ev_loop *embedded_loop)"
+.PD
+Configures the watcher to embed the given loop, which must be
+embeddable. If the callback is \f(CW0\fR, then \f(CW\*(C`ev_embed_sweep\*(C'\fR will be
+invoked automatically, otherwise it is the responsibility of the callback
+to invoke it (it will continue to be called until the sweep has been done,
+if you do not want that, you need to temporarily stop the embed watcher).
+.IP "ev_embed_sweep (loop, ev_embed *)" 4
+.IX Item "ev_embed_sweep (loop, ev_embed *)"
+Make a single, non-blocking sweep over the embedded loop. This works
+similarly to \f(CW\*(C`ev_run (embedded_loop, EVRUN_NOWAIT)\*(C'\fR, but in the most
+appropriate way for embedded loops.
+.IP "struct ev_loop *other [read\-only]" 4
+.IX Item "struct ev_loop *other [read-only]"
+The embedded event loop.
+.PP
+\fIExamples\fR
+.IX Subsection "Examples"
+.PP
+Example: Try to get an embeddable event loop and embed it into the default
+event loop. If that is not possible, use the default loop. The default
+loop is stored in \f(CW\*(C`loop_hi\*(C'\fR, while the embeddable loop is stored in
+\&\f(CW\*(C`loop_lo\*(C'\fR (which is \f(CW\*(C`loop_hi\*(C'\fR in the case no embeddable loop can be
+used).
+.PP
+.Vb 3
+\&   struct ev_loop *loop_hi = ev_default_init (0);
+\&   struct ev_loop *loop_lo = 0;
+\&   ev_embed embed;
+\&
+\&   // see if there is a chance of getting one that works
+\&   // (remember that a flags value of 0 means autodetection)
+\&   loop_lo = ev_embeddable_backends () & ev_recommended_backends ()
+\&     ? ev_loop_new (ev_embeddable_backends () & ev_recommended_backends ())
+\&     : 0;
+\&
+\&   // if we got one, then embed it, otherwise default to loop_hi
+\&   if (loop_lo)
+\&     {
+\&       ev_embed_init (&embed, 0, loop_lo);
+\&       ev_embed_start (loop_hi, &embed);
+\&     }
+\&   else
+\&     loop_lo = loop_hi;
+.Ve
+.PP
+Example: Check if kqueue is available but not recommended and create
+a kqueue backend for use with sockets (which usually work with any
+kqueue implementation). Store the kqueue/socket\-only event loop in
+\&\f(CW\*(C`loop_socket\*(C'\fR. (One might optionally use \f(CW\*(C`EVFLAG_NOENV\*(C'\fR, too).
+.PP
+.Vb 3
+\&   struct ev_loop *loop = ev_default_init (0);
+\&   struct ev_loop *loop_socket = 0;
+\&   ev_embed embed;
+\&
+\&   if (ev_supported_backends () & ~ev_recommended_backends () & EVBACKEND_KQUEUE)
+\&     if ((loop_socket = ev_loop_new (EVBACKEND_KQUEUE))
+\&       {
+\&         ev_embed_init (&embed, 0, loop_socket);
+\&         ev_embed_start (loop, &embed);
+\&       }
+\&
+\&   if (!loop_socket)
+\&     loop_socket = loop;
+\&
+\&   // now use loop_socket for all sockets, and loop for everything else
+.Ve
+.ie n .SS """ev_fork"" \- the audacity to resume the event loop after a fork"
+.el .SS "\f(CWev_fork\fP \- the audacity to resume the event loop after a fork"
+.IX Subsection "ev_fork - the audacity to resume the event loop after a fork"
+Fork watchers are called when a \f(CW\*(C`fork ()\*(C'\fR was detected (usually because
+whoever is a good citizen cared to tell libev about it by calling
+\&\f(CW\*(C`ev_loop_fork\*(C'\fR). The invocation is done before the event loop blocks next
+and before \f(CW\*(C`ev_check\*(C'\fR watchers are being called, and only in the child
+after the fork. If whoever good citizen calling \f(CW\*(C`ev_default_fork\*(C'\fR cheats
+and calls it in the wrong process, the fork handlers will be invoked, too,
+of course.
+.PP
+\fIThe special problem of life after fork \- how is it possible?\fR
+.IX Subsection "The special problem of life after fork - how is it possible?"
+.PP
+Most uses of \f(CW\*(C`fork ()\*(C'\fR consist of forking, then some simple calls to set
+up/change the process environment, followed by a call to \f(CW\*(C`exec()\*(C'\fR. This
+sequence should be handled by libev without any problems.
+.PP
+This changes when the application actually wants to do event handling
+in the child, or both parent in child, in effect \*(L"continuing\*(R" after the
+fork.
+.PP
+The default mode of operation (for libev, with application help to detect
+forks) is to duplicate all the state in the child, as would be expected
+when \fIeither\fR the parent \fIor\fR the child process continues.
+.PP
+When both processes want to continue using libev, then this is usually the
+wrong result. In that case, usually one process (typically the parent) is
+supposed to continue with all watchers in place as before, while the other
+process typically wants to start fresh, i.e. without any active watchers.
+.PP
+The cleanest and most efficient way to achieve that with libev is to
+simply create a new event loop, which of course will be \*(L"empty\*(R", and
+use that for new watchers. This has the advantage of not touching more
+memory than necessary, and thus avoiding the copy-on-write, and the
+disadvantage of having to use multiple event loops (which do not support
+signal watchers).
+.PP
+When this is not possible, or you want to use the default loop for
+other reasons, then in the process that wants to start \*(L"fresh\*(R", call
+\&\f(CW\*(C`ev_loop_destroy (EV_DEFAULT)\*(C'\fR followed by \f(CW\*(C`ev_default_loop (...)\*(C'\fR.
+Destroying the default loop will \*(L"orphan\*(R" (not stop) all registered
+watchers, so you have to be careful not to execute code that modifies
+those watchers. Note also that in that case, you have to re-register any
+signal watchers.
+.PP
+\fIWatcher-Specific Functions and Data Members\fR
+.IX Subsection "Watcher-Specific Functions and Data Members"
+.IP "ev_fork_init (ev_fork *, callback)" 4
+.IX Item "ev_fork_init (ev_fork *, callback)"
+Initialises and configures the fork watcher \- it has no parameters of any
+kind. There is a \f(CW\*(C`ev_fork_set\*(C'\fR macro, but using it is utterly pointless,
+really.
+.ie n .SS """ev_cleanup"" \- even the best things end"
+.el .SS "\f(CWev_cleanup\fP \- even the best things end"
+.IX Subsection "ev_cleanup - even the best things end"
+Cleanup watchers are called just before the event loop is being destroyed
+by a call to \f(CW\*(C`ev_loop_destroy\*(C'\fR.
+.PP
+While there is no guarantee that the event loop gets destroyed, cleanup
+watchers provide a convenient method to install cleanup hooks for your
+program, worker threads and so on \- you just to make sure to destroy the
+loop when you want them to be invoked.
+.PP
+Cleanup watchers are invoked in the same way as any other watcher. Unlike
+all other watchers, they do not keep a reference to the event loop (which
+makes a lot of sense if you think about it). Like all other watchers, you
+can call libev functions in the callback, except \f(CW\*(C`ev_cleanup_start\*(C'\fR.
+.PP
+\fIWatcher-Specific Functions and Data Members\fR
+.IX Subsection "Watcher-Specific Functions and Data Members"
+.IP "ev_cleanup_init (ev_cleanup *, callback)" 4
+.IX Item "ev_cleanup_init (ev_cleanup *, callback)"
+Initialises and configures the cleanup watcher \- it has no parameters of
+any kind. There is a \f(CW\*(C`ev_cleanup_set\*(C'\fR macro, but using it is utterly
+pointless, I assure you.
+.PP
+Example: Register an atexit handler to destroy the default loop, so any
+cleanup functions are called.
+.PP
+.Vb 5
+\&   static void
+\&   program_exits (void)
+\&   {
+\&     ev_loop_destroy (EV_DEFAULT_UC);
+\&   }
+\&
+\&   ...
+\&   atexit (program_exits);
+.Ve
+.ie n .SS """ev_async"" \- how to wake up an event loop"
+.el .SS "\f(CWev_async\fP \- how to wake up an event loop"
+.IX Subsection "ev_async - how to wake up an event loop"
+In general, you cannot use an \f(CW\*(C`ev_loop\*(C'\fR from multiple threads or other
+asynchronous sources such as signal handlers (as opposed to multiple event
+loops \- those are of course safe to use in different threads).
+.PP
+Sometimes, however, you need to wake up an event loop you do not control,
+for example because it belongs to another thread. This is what \f(CW\*(C`ev_async\*(C'\fR
+watchers do: as long as the \f(CW\*(C`ev_async\*(C'\fR watcher is active, you can signal
+it by calling \f(CW\*(C`ev_async_send\*(C'\fR, which is thread\- and signal safe.
+.PP
+This functionality is very similar to \f(CW\*(C`ev_signal\*(C'\fR watchers, as signals,
+too, are asynchronous in nature, and signals, too, will be compressed
+(i.e. the number of callback invocations may be less than the number of
+\&\f(CW\*(C`ev_async_send\*(C'\fR calls). In fact, you could use signal watchers as a kind
+of \*(L"global async watchers\*(R" by using a watcher on an otherwise unused
+signal, and \f(CW\*(C`ev_feed_signal\*(C'\fR to signal this watcher from another thread,
+even without knowing which loop owns the signal.
+.PP
+\fIQueueing\fR
+.IX Subsection "Queueing"
+.PP
+\&\f(CW\*(C`ev_async\*(C'\fR does not support queueing of data in any way. The reason
+is that the author does not know of a simple (or any) algorithm for a
+multiple-writer-single-reader queue that works in all cases and doesn't
+need elaborate support such as pthreads or unportable memory access
+semantics.
+.PP
+That means that if you want to queue data, you have to provide your own
+queue. But at least I can tell you how to implement locking around your
+queue:
+.IP "queueing from a signal handler context" 4
+.IX Item "queueing from a signal handler context"
+To implement race-free queueing, you simply add to the queue in the signal
+handler but you block the signal handler in the watcher callback. Here is
+an example that does that for some fictitious \s-1SIGUSR1\s0 handler:
+.Sp
+.Vb 1
+\&   static ev_async mysig;
+\&
+\&   static void
+\&   sigusr1_handler (void)
+\&   {
+\&     sometype data;
+\&
+\&     // no locking etc.
+\&     queue_put (data);
+\&     ev_async_send (EV_DEFAULT_ &mysig);
+\&   }
+\&
+\&   static void
+\&   mysig_cb (EV_P_ ev_async *w, int revents)
+\&   {
+\&     sometype data;
+\&     sigset_t block, prev;
+\&
+\&     sigemptyset (&block);
+\&     sigaddset (&block, SIGUSR1);
+\&     sigprocmask (SIG_BLOCK, &block, &prev);
+\&
+\&     while (queue_get (&data))
+\&       process (data);
+\&
+\&     if (sigismember (&prev, SIGUSR1)
+\&       sigprocmask (SIG_UNBLOCK, &block, 0);
+\&   }
+.Ve
+.Sp
+(Note: pthreads in theory requires you to use \f(CW\*(C`pthread_setmask\*(C'\fR
+instead of \f(CW\*(C`sigprocmask\*(C'\fR when you use threads, but libev doesn't do it
+either...).
+.IP "queueing from a thread context" 4
+.IX Item "queueing from a thread context"
+The strategy for threads is different, as you cannot (easily) block
+threads but you can easily preempt them, so to queue safely you need to
+employ a traditional mutex lock, such as in this pthread example:
+.Sp
+.Vb 2
+\&   static ev_async mysig;
+\&   static pthread_mutex_t mymutex = PTHREAD_MUTEX_INITIALIZER;
+\&
+\&   static void
+\&   otherthread (void)
+\&   {
+\&     // only need to lock the actual queueing operation
+\&     pthread_mutex_lock (&mymutex);
+\&     queue_put (data);
+\&     pthread_mutex_unlock (&mymutex);
+\&
+\&     ev_async_send (EV_DEFAULT_ &mysig);
+\&   }
+\&
+\&   static void
+\&   mysig_cb (EV_P_ ev_async *w, int revents)
+\&   {
+\&     pthread_mutex_lock (&mymutex);
+\&
+\&     while (queue_get (&data))
+\&       process (data);
+\&
+\&     pthread_mutex_unlock (&mymutex);
+\&   }
+.Ve
+.PP
+\fIWatcher-Specific Functions and Data Members\fR
+.IX Subsection "Watcher-Specific Functions and Data Members"
+.IP "ev_async_init (ev_async *, callback)" 4
+.IX Item "ev_async_init (ev_async *, callback)"
+Initialises and configures the async watcher \- it has no parameters of any
+kind. There is a \f(CW\*(C`ev_async_set\*(C'\fR macro, but using it is utterly pointless,
+trust me.
+.IP "ev_async_send (loop, ev_async *)" 4
+.IX Item "ev_async_send (loop, ev_async *)"
+Sends/signals/activates the given \f(CW\*(C`ev_async\*(C'\fR watcher, that is, feeds
+an \f(CW\*(C`EV_ASYNC\*(C'\fR event on the watcher into the event loop, and instantly
+returns.
+.Sp
+Unlike \f(CW\*(C`ev_feed_event\*(C'\fR, this call is safe to do from other threads,
+signal or similar contexts (see the discussion of \f(CW\*(C`EV_ATOMIC_T\*(C'\fR in the
+embedding section below on what exactly this means).
+.Sp
+Note that, as with other watchers in libev, multiple events might get
+compressed into a single callback invocation (another way to look at
+this is that \f(CW\*(C`ev_async\*(C'\fR watchers are level-triggered: they are set on
+\&\f(CW\*(C`ev_async_send\*(C'\fR, reset when the event loop detects that).
+.Sp
+This call incurs the overhead of at most one extra system call per event
+loop iteration, if the event loop is blocked, and no syscall at all if
+the event loop (or your program) is processing events. That means that
+repeated calls are basically free (there is no need to avoid calls for
+performance reasons) and that the overhead becomes smaller (typically
+zero) under load.
+.IP "bool = ev_async_pending (ev_async *)" 4
+.IX Item "bool = ev_async_pending (ev_async *)"
+Returns a non-zero value when \f(CW\*(C`ev_async_send\*(C'\fR has been called on the
+watcher but the event has not yet been processed (or even noted) by the
+event loop.
+.Sp
+\&\f(CW\*(C`ev_async_send\*(C'\fR sets a flag in the watcher and wakes up the loop. When
+the loop iterates next and checks for the watcher to have become active,
+it will reset the flag again. \f(CW\*(C`ev_async_pending\*(C'\fR can be used to very
+quickly check whether invoking the loop might be a good idea.
+.Sp
+Not that this does \fInot\fR check whether the watcher itself is pending,
+only whether it has been requested to make this watcher pending: there
+is a time window between the event loop checking and resetting the async
+notification, and the callback being invoked.
+.SH "OTHER FUNCTIONS"
+.IX Header "OTHER FUNCTIONS"
+There are some other functions of possible interest. Described. Here. Now.
+.IP "ev_once (loop, int fd, int events, ev_tstamp timeout, callback, arg)" 4
+.IX Item "ev_once (loop, int fd, int events, ev_tstamp timeout, callback, arg)"
+This function combines a simple timer and an I/O watcher, calls your
+callback on whichever event happens first and automatically stops both
+watchers. This is useful if you want to wait for a single event on an fd
+or timeout without having to allocate/configure/start/stop/free one or
+more watchers yourself.
+.Sp
+If \f(CW\*(C`fd\*(C'\fR is less than 0, then no I/O watcher will be started and the
+\&\f(CW\*(C`events\*(C'\fR argument is being ignored. Otherwise, an \f(CW\*(C`ev_io\*(C'\fR watcher for
+the given \f(CW\*(C`fd\*(C'\fR and \f(CW\*(C`events\*(C'\fR set will be created and started.
+.Sp
+If \f(CW\*(C`timeout\*(C'\fR is less than 0, then no timeout watcher will be
+started. Otherwise an \f(CW\*(C`ev_timer\*(C'\fR watcher with after = \f(CW\*(C`timeout\*(C'\fR (and
+repeat = 0) will be started. \f(CW0\fR is a valid timeout.
+.Sp
+The callback has the type \f(CW\*(C`void (*cb)(int revents, void *arg)\*(C'\fR and is
+passed an \f(CW\*(C`revents\*(C'\fR set like normal event callbacks (a combination of
+\&\f(CW\*(C`EV_ERROR\*(C'\fR, \f(CW\*(C`EV_READ\*(C'\fR, \f(CW\*(C`EV_WRITE\*(C'\fR or \f(CW\*(C`EV_TIMER\*(C'\fR) and the \f(CW\*(C`arg\*(C'\fR
+value passed to \f(CW\*(C`ev_once\*(C'\fR. Note that it is possible to receive \fIboth\fR
+a timeout and an io event at the same time \- you probably should give io
+events precedence.
+.Sp
+Example: wait up to ten seconds for data to appear on \s-1STDIN_FILENO.\s0
+.Sp
+.Vb 7
+\&   static void stdin_ready (int revents, void *arg)
+\&   {
+\&     if (revents & EV_READ)
+\&       /* stdin might have data for us, joy! */;
+\&     else if (revents & EV_TIMER)
+\&       /* doh, nothing entered */;
+\&   }
+\&
+\&   ev_once (STDIN_FILENO, EV_READ, 10., stdin_ready, 0);
+.Ve
+.IP "ev_feed_fd_event (loop, int fd, int revents)" 4
+.IX Item "ev_feed_fd_event (loop, int fd, int revents)"
+Feed an event on the given fd, as if a file descriptor backend detected
+the given events.
+.IP "ev_feed_signal_event (loop, int signum)" 4
+.IX Item "ev_feed_signal_event (loop, int signum)"
+Feed an event as if the given signal occurred. See also \f(CW\*(C`ev_feed_signal\*(C'\fR,
+which is async-safe.
+.SH "COMMON OR USEFUL IDIOMS (OR BOTH)"
+.IX Header "COMMON OR USEFUL IDIOMS (OR BOTH)"
+This section explains some common idioms that are not immediately
+obvious. Note that examples are sprinkled over the whole manual, and this
+section only contains stuff that wouldn't fit anywhere else.
+.SS "\s-1ASSOCIATING CUSTOM DATA WITH A WATCHER\s0"
+.IX Subsection "ASSOCIATING CUSTOM DATA WITH A WATCHER"
+Each watcher has, by default, a \f(CW\*(C`void *data\*(C'\fR member that you can read
+or modify at any time: libev will completely ignore it. This can be used
+to associate arbitrary data with your watcher. If you need more data and
+don't want to allocate memory separately and store a pointer to it in that
+data member, you can also \*(L"subclass\*(R" the watcher type and provide your own
+data:
+.PP
+.Vb 7
+\&   struct my_io
+\&   {
+\&     ev_io io;
+\&     int otherfd;
+\&     void *somedata;
+\&     struct whatever *mostinteresting;
+\&   };
+\&
+\&   ...
+\&   struct my_io w;
+\&   ev_io_init (&w.io, my_cb, fd, EV_READ);
+.Ve
+.PP
+And since your callback will be called with a pointer to the watcher, you
+can cast it back to your own type:
+.PP
+.Vb 5
+\&   static void my_cb (struct ev_loop *loop, ev_io *w_, int revents)
+\&   {
+\&     struct my_io *w = (struct my_io *)w_;
+\&     ...
+\&   }
+.Ve
+.PP
+More interesting and less C\-conformant ways of casting your callback
+function type instead have been omitted.
+.SS "\s-1BUILDING YOUR OWN COMPOSITE WATCHERS\s0"
+.IX Subsection "BUILDING YOUR OWN COMPOSITE WATCHERS"
+Another common scenario is to use some data structure with multiple
+embedded watchers, in effect creating your own watcher that combines
+multiple libev event sources into one \*(L"super-watcher\*(R":
+.PP
+.Vb 6
+\&   struct my_biggy
+\&   {
+\&     int some_data;
+\&     ev_timer t1;
+\&     ev_timer t2;
+\&   }
+.Ve
+.PP
+In this case getting the pointer to \f(CW\*(C`my_biggy\*(C'\fR is a bit more
+complicated: Either you store the address of your \f(CW\*(C`my_biggy\*(C'\fR struct in
+the \f(CW\*(C`data\*(C'\fR member of the watcher (for woozies or \*(C+ coders), or you need
+to use some pointer arithmetic using \f(CW\*(C`offsetof\*(C'\fR inside your watchers (for
+real programmers):
+.PP
+.Vb 1
+\&   #include <stddef.h>
+\&
+\&   static void
+\&   t1_cb (EV_P_ ev_timer *w, int revents)
+\&   {
+\&     struct my_biggy big = (struct my_biggy *)
+\&       (((char *)w) \- offsetof (struct my_biggy, t1));
+\&   }
+\&
+\&   static void
+\&   t2_cb (EV_P_ ev_timer *w, int revents)
+\&   {
+\&     struct my_biggy big = (struct my_biggy *)
+\&       (((char *)w) \- offsetof (struct my_biggy, t2));
+\&   }
+.Ve
+.SS "\s-1AVOIDING FINISHING BEFORE RETURNING\s0"
+.IX Subsection "AVOIDING FINISHING BEFORE RETURNING"
+Often you have structures like this in event-based programs:
+.PP
+.Vb 4
+\&  callback ()
+\&  {
+\&    free (request);
+\&  }
+\&
+\&  request = start_new_request (..., callback);
+.Ve
+.PP
+The intent is to start some \*(L"lengthy\*(R" operation. The \f(CW\*(C`request\*(C'\fR could be
+used to cancel the operation, or do other things with it.
+.PP
+It's not uncommon to have code paths in \f(CW\*(C`start_new_request\*(C'\fR that
+immediately invoke the callback, for example, to report errors. Or you add
+some caching layer that finds that it can skip the lengthy aspects of the
+operation and simply invoke the callback with the result.
+.PP
+The problem here is that this will happen \fIbefore\fR \f(CW\*(C`start_new_request\*(C'\fR
+has returned, so \f(CW\*(C`request\*(C'\fR is not set.
+.PP
+Even if you pass the request by some safer means to the callback, you
+might want to do something to the request after starting it, such as
+canceling it, which probably isn't working so well when the callback has
+already been invoked.
+.PP
+A common way around all these issues is to make sure that
+\&\f(CW\*(C`start_new_request\*(C'\fR \fIalways\fR returns before the callback is invoked. If
+\&\f(CW\*(C`start_new_request\*(C'\fR immediately knows the result, it can artificially
+delay invoking the callback by using a \f(CW\*(C`prepare\*(C'\fR or \f(CW\*(C`idle\*(C'\fR watcher for
+example, or more sneakily, by reusing an existing (stopped) watcher and
+pushing it into the pending queue:
+.PP
+.Vb 2
+\&   ev_set_cb (watcher, callback);
+\&   ev_feed_event (EV_A_ watcher, 0);
+.Ve
+.PP
+This way, \f(CW\*(C`start_new_request\*(C'\fR can safely return before the callback is
+invoked, while not delaying callback invocation too much.
+.SS "\s-1MODEL/NESTED EVENT LOOP INVOCATIONS AND EXIT CONDITIONS\s0"
+.IX Subsection "MODEL/NESTED EVENT LOOP INVOCATIONS AND EXIT CONDITIONS"
+Often (especially in \s-1GUI\s0 toolkits) there are places where you have
+\&\fImodal\fR interaction, which is most easily implemented by recursively
+invoking \f(CW\*(C`ev_run\*(C'\fR.
+.PP
+This brings the problem of exiting \- a callback might want to finish the
+main \f(CW\*(C`ev_run\*(C'\fR call, but not the nested one (e.g. user clicked \*(L"Quit\*(R", but
+a modal \*(L"Are you sure?\*(R" dialog is still waiting), or just the nested one
+and not the main one (e.g. user clocked \*(L"Ok\*(R" in a modal dialog), or some
+other combination: In these cases, a simple \f(CW\*(C`ev_break\*(C'\fR will not work.
+.PP
+The solution is to maintain \*(L"break this loop\*(R" variable for each \f(CW\*(C`ev_run\*(C'\fR
+invocation, and use a loop around \f(CW\*(C`ev_run\*(C'\fR until the condition is
+triggered, using \f(CW\*(C`EVRUN_ONCE\*(C'\fR:
+.PP
+.Vb 2
+\&   // main loop
+\&   int exit_main_loop = 0;
+\&
+\&   while (!exit_main_loop)
+\&     ev_run (EV_DEFAULT_ EVRUN_ONCE);
+\&
+\&   // in a modal watcher
+\&   int exit_nested_loop = 0;
+\&
+\&   while (!exit_nested_loop)
+\&     ev_run (EV_A_ EVRUN_ONCE);
+.Ve
+.PP
+To exit from any of these loops, just set the corresponding exit variable:
+.PP
+.Vb 2
+\&   // exit modal loop
+\&   exit_nested_loop = 1;
+\&
+\&   // exit main program, after modal loop is finished
+\&   exit_main_loop = 1;
+\&
+\&   // exit both
+\&   exit_main_loop = exit_nested_loop = 1;
+.Ve
+.SS "\s-1THREAD LOCKING EXAMPLE\s0"
+.IX Subsection "THREAD LOCKING EXAMPLE"
+Here is a fictitious example of how to run an event loop in a different
+thread from where callbacks are being invoked and watchers are
+created/added/removed.
+.PP
+For a real-world example, see the \f(CW\*(C`EV::Loop::Async\*(C'\fR perl module,
+which uses exactly this technique (which is suited for many high-level
+languages).
+.PP
+The example uses a pthread mutex to protect the loop data, a condition
+variable to wait for callback invocations, an async watcher to notify the
+event loop thread and an unspecified mechanism to wake up the main thread.
+.PP
+First, you need to associate some data with the event loop:
+.PP
+.Vb 6
+\&   typedef struct {
+\&     mutex_t lock; /* global loop lock */
+\&     ev_async async_w;
+\&     thread_t tid;
+\&     cond_t invoke_cv;
+\&   } userdata;
+\&
+\&   void prepare_loop (EV_P)
+\&   {
+\&      // for simplicity, we use a static userdata struct.
+\&      static userdata u;
+\&
+\&      ev_async_init (&u\->async_w, async_cb);
+\&      ev_async_start (EV_A_ &u\->async_w);
+\&
+\&      pthread_mutex_init (&u\->lock, 0);
+\&      pthread_cond_init (&u\->invoke_cv, 0);
+\&
+\&      // now associate this with the loop
+\&      ev_set_userdata (EV_A_ u);
+\&      ev_set_invoke_pending_cb (EV_A_ l_invoke);
+\&      ev_set_loop_release_cb (EV_A_ l_release, l_acquire);
+\&
+\&      // then create the thread running ev_run
+\&      pthread_create (&u\->tid, 0, l_run, EV_A);
+\&   }
+.Ve
+.PP
+The callback for the \f(CW\*(C`ev_async\*(C'\fR watcher does nothing: the watcher is used
+solely to wake up the event loop so it takes notice of any new watchers
+that might have been added:
+.PP
+.Vb 5
+\&   static void
+\&   async_cb (EV_P_ ev_async *w, int revents)
+\&   {
+\&      // just used for the side effects
+\&   }
+.Ve
+.PP
+The \f(CW\*(C`l_release\*(C'\fR and \f(CW\*(C`l_acquire\*(C'\fR callbacks simply unlock/lock the mutex
+protecting the loop data, respectively.
+.PP
+.Vb 6
+\&   static void
+\&   l_release (EV_P)
+\&   {
+\&     userdata *u = ev_userdata (EV_A);
+\&     pthread_mutex_unlock (&u\->lock);
+\&   }
+\&
+\&   static void
+\&   l_acquire (EV_P)
+\&   {
+\&     userdata *u = ev_userdata (EV_A);
+\&     pthread_mutex_lock (&u\->lock);
+\&   }
+.Ve
+.PP
+The event loop thread first acquires the mutex, and then jumps straight
+into \f(CW\*(C`ev_run\*(C'\fR:
+.PP
+.Vb 4
+\&   void *
+\&   l_run (void *thr_arg)
+\&   {
+\&     struct ev_loop *loop = (struct ev_loop *)thr_arg;
+\&
+\&     l_acquire (EV_A);
+\&     pthread_setcanceltype (PTHREAD_CANCEL_ASYNCHRONOUS, 0);
+\&     ev_run (EV_A_ 0);
+\&     l_release (EV_A);
+\&
+\&     return 0;
+\&   }
+.Ve
+.PP
+Instead of invoking all pending watchers, the \f(CW\*(C`l_invoke\*(C'\fR callback will
+signal the main thread via some unspecified mechanism (signals? pipe
+writes? \f(CW\*(C`Async::Interrupt\*(C'\fR?) and then waits until all pending watchers
+have been called (in a while loop because a) spurious wakeups are possible
+and b) skipping inter-thread-communication when there are no pending
+watchers is very beneficial):
+.PP
+.Vb 4
+\&   static void
+\&   l_invoke (EV_P)
+\&   {
+\&     userdata *u = ev_userdata (EV_A);
+\&
+\&     while (ev_pending_count (EV_A))
+\&       {
+\&         wake_up_other_thread_in_some_magic_or_not_so_magic_way ();
+\&         pthread_cond_wait (&u\->invoke_cv, &u\->lock);
+\&       }
+\&   }
+.Ve
+.PP
+Now, whenever the main thread gets told to invoke pending watchers, it
+will grab the lock, call \f(CW\*(C`ev_invoke_pending\*(C'\fR and then signal the loop
+thread to continue:
+.PP
+.Vb 4
+\&   static void
+\&   real_invoke_pending (EV_P)
+\&   {
+\&     userdata *u = ev_userdata (EV_A);
+\&
+\&     pthread_mutex_lock (&u\->lock);
+\&     ev_invoke_pending (EV_A);
+\&     pthread_cond_signal (&u\->invoke_cv);
+\&     pthread_mutex_unlock (&u\->lock);
+\&   }
+.Ve
+.PP
+Whenever you want to start/stop a watcher or do other modifications to an
+event loop, you will now have to lock:
+.PP
+.Vb 2
+\&   ev_timer timeout_watcher;
+\&   userdata *u = ev_userdata (EV_A);
+\&
+\&   ev_timer_init (&timeout_watcher, timeout_cb, 5.5, 0.);
+\&
+\&   pthread_mutex_lock (&u\->lock);
+\&   ev_timer_start (EV_A_ &timeout_watcher);
+\&   ev_async_send (EV_A_ &u\->async_w);
+\&   pthread_mutex_unlock (&u\->lock);
+.Ve
+.PP
+Note that sending the \f(CW\*(C`ev_async\*(C'\fR watcher is required because otherwise
+an event loop currently blocking in the kernel will have no knowledge
+about the newly added timer. By waking up the loop it will pick up any new
+watchers in the next event loop iteration.
+.SS "\s-1THREADS, COROUTINES, CONTINUATIONS, QUEUES... INSTEAD OF CALLBACKS\s0"
+.IX Subsection "THREADS, COROUTINES, CONTINUATIONS, QUEUES... INSTEAD OF CALLBACKS"
+While the overhead of a callback that e.g. schedules a thread is small, it
+is still an overhead. If you embed libev, and your main usage is with some
+kind of threads or coroutines, you might want to customise libev so that
+doesn't need callbacks anymore.
+.PP
+Imagine you have coroutines that you can switch to using a function
+\&\f(CW\*(C`switch_to (coro)\*(C'\fR, that libev runs in a coroutine called \f(CW\*(C`libev_coro\*(C'\fR
+and that due to some magic, the currently active coroutine is stored in a
+global called \f(CW\*(C`current_coro\*(C'\fR. Then you can build your own \*(L"wait for libev
+event\*(R" primitive by changing \f(CW\*(C`EV_CB_DECLARE\*(C'\fR and \f(CW\*(C`EV_CB_INVOKE\*(C'\fR (note
+the differing \f(CW\*(C`;\*(C'\fR conventions):
+.PP
+.Vb 2
+\&   #define EV_CB_DECLARE(type)   struct my_coro *cb;
+\&   #define EV_CB_INVOKE(watcher) switch_to ((watcher)\->cb)
+.Ve
+.PP
+That means instead of having a C callback function, you store the
+coroutine to switch to in each watcher, and instead of having libev call
+your callback, you instead have it switch to that coroutine.
+.PP
+A coroutine might now wait for an event with a function called
+\&\f(CW\*(C`wait_for_event\*(C'\fR. (the watcher needs to be started, as always, but it doesn't
+matter when, or whether the watcher is active or not when this function is
+called):
+.PP
+.Vb 6
+\&   void
+\&   wait_for_event (ev_watcher *w)
+\&   {
+\&     ev_set_cb (w, current_coro);
+\&     switch_to (libev_coro);
+\&   }
+.Ve
+.PP
+That basically suspends the coroutine inside \f(CW\*(C`wait_for_event\*(C'\fR and
+continues the libev coroutine, which, when appropriate, switches back to
+this or any other coroutine.
+.PP
+You can do similar tricks if you have, say, threads with an event queue \-
+instead of storing a coroutine, you store the queue object and instead of
+switching to a coroutine, you push the watcher onto the queue and notify
+any waiters.
+.PP
+To embed libev, see \*(L"\s-1EMBEDDING\*(R"\s0, but in short, it's easiest to create two
+files, \fImy_ev.h\fR and \fImy_ev.c\fR that include the respective libev files:
+.PP
+.Vb 4
+\&   // my_ev.h
+\&   #define EV_CB_DECLARE(type)   struct my_coro *cb;
+\&   #define EV_CB_INVOKE(watcher) switch_to ((watcher)\->cb)
+\&   #include "../libev/ev.h"
+\&
+\&   // my_ev.c
+\&   #define EV_H "my_ev.h"
+\&   #include "../libev/ev.c"
+.Ve
+.PP
+And then use \fImy_ev.h\fR when you would normally use \fIev.h\fR, and compile
+\&\fImy_ev.c\fR into your project. When properly specifying include paths, you
+can even use \fIev.h\fR as header file name directly.
+.SH "LIBEVENT EMULATION"
+.IX Header "LIBEVENT EMULATION"
+Libev offers a compatibility emulation layer for libevent. It cannot
+emulate the internals of libevent, so here are some usage hints:
+.IP "\(bu" 4
+Only the libevent\-1.4.1\-beta \s-1API\s0 is being emulated.
+.Sp
+This was the newest libevent version available when libev was implemented,
+and is still mostly unchanged in 2010.
+.IP "\(bu" 4
+Use it by including <event.h>, as usual.
+.IP "\(bu" 4
+The following members are fully supported: ev_base, ev_callback,
+ev_arg, ev_fd, ev_res, ev_events.
+.IP "\(bu" 4
+Avoid using ev_flags and the EVLIST_*\-macros, while it is
+maintained by libev, it does not work exactly the same way as in libevent (consider
+it a private \s-1API\s0).
+.IP "\(bu" 4
+Priorities are not currently supported. Initialising priorities
+will fail and all watchers will have the same priority, even though there
+is an ev_pri field.
+.IP "\(bu" 4
+In libevent, the last base created gets the signals, in libev, the
+base that registered the signal gets the signals.
+.IP "\(bu" 4
+Other members are not supported.
+.IP "\(bu" 4
+The libev emulation is \fInot\fR \s-1ABI\s0 compatible to libevent, you need
+to use the libev header file and library.
+.SH "\*(C+ SUPPORT"
+.IX Header " SUPPORT"
+.SS "C \s-1API\s0"
+.IX Subsection "C API"
+The normal C \s-1API\s0 should work fine when used from \*(C+: both ev.h and the
+libev sources can be compiled as \*(C+. Therefore, code that uses the C \s-1API\s0
+will work fine.
+.PP
+Proper exception specifications might have to be added to callbacks passed
+to libev: exceptions may be thrown only from watcher callbacks, all other
+callbacks (allocator, syserr, loop acquire/release and periodic reschedule
+callbacks) must not throw exceptions, and might need a \f(CW\*(C`noexcept\*(C'\fR
+specification. If you have code that needs to be compiled as both C and
+\&\*(C+ you can use the \f(CW\*(C`EV_NOEXCEPT\*(C'\fR macro for this:
+.PP
+.Vb 6
+\&   static void
+\&   fatal_error (const char *msg) EV_NOEXCEPT
+\&   {
+\&     perror (msg);
+\&     abort ();
+\&   }
+\&
+\&   ...
+\&   ev_set_syserr_cb (fatal_error);
+.Ve
+.PP
+The only \s-1API\s0 functions that can currently throw exceptions are \f(CW\*(C`ev_run\*(C'\fR,
+\&\f(CW\*(C`ev_invoke\*(C'\fR, \f(CW\*(C`ev_invoke_pending\*(C'\fR and \f(CW\*(C`ev_loop_destroy\*(C'\fR (the latter
+because it runs cleanup watchers).
+.PP
+Throwing exceptions in watcher callbacks is only supported if libev itself
+is compiled with a \*(C+ compiler or your C and \*(C+ environments allow
+throwing exceptions through C libraries (most do).
+.SS "\*(C+ \s-1API\s0"
+.IX Subsection " API"
+Libev comes with some simplistic wrapper classes for \*(C+ that mainly allow
+you to use some convenience methods to start/stop watchers and also change
+the callback model to a model using method callbacks on objects.
+.PP
+To use it,
+.PP
+.Vb 1
+\&   #include <ev++.h>
+.Ve
+.PP
+This automatically includes \fIev.h\fR and puts all of its definitions (many
+of them macros) into the global namespace. All \*(C+ specific things are
+put into the \f(CW\*(C`ev\*(C'\fR namespace. It should support all the same embedding
+options as \fIev.h\fR, most notably \f(CW\*(C`EV_MULTIPLICITY\*(C'\fR.
+.PP
+Care has been taken to keep the overhead low. The only data member the \*(C+
+classes add (compared to plain C\-style watchers) is the event loop pointer
+that the watcher is associated with (or no additional members at all if
+you disable \f(CW\*(C`EV_MULTIPLICITY\*(C'\fR when embedding libev).
+.PP
+Currently, functions, static and non-static member functions and classes
+with \f(CW\*(C`operator ()\*(C'\fR can be used as callbacks. Other types should be easy
+to add as long as they only need one additional pointer for context. If
+you need support for other types of functors please contact the author
+(preferably after implementing it).
+.PP
+For all this to work, your \*(C+ compiler either has to use the same calling
+conventions as your C compiler (for static member functions), or you have
+to embed libev and compile libev itself as \*(C+.
+.PP
+Here is a list of things available in the \f(CW\*(C`ev\*(C'\fR namespace:
+.ie n .IP """ev::READ"", ""ev::WRITE"" etc." 4
+.el .IP "\f(CWev::READ\fR, \f(CWev::WRITE\fR etc." 4
+.IX Item "ev::READ, ev::WRITE etc."
+These are just enum values with the same values as the \f(CW\*(C`EV_READ\*(C'\fR etc.
+macros from \fIev.h\fR.
+.ie n .IP """ev::tstamp"", ""ev::now""" 4
+.el .IP "\f(CWev::tstamp\fR, \f(CWev::now\fR" 4
+.IX Item "ev::tstamp, ev::now"
+Aliases to the same types/functions as with the \f(CW\*(C`ev_\*(C'\fR prefix.
+.ie n .IP """ev::io"", ""ev::timer"", ""ev::periodic"", ""ev::idle"", ""ev::sig"" etc." 4
+.el .IP "\f(CWev::io\fR, \f(CWev::timer\fR, \f(CWev::periodic\fR, \f(CWev::idle\fR, \f(CWev::sig\fR etc." 4
+.IX Item "ev::io, ev::timer, ev::periodic, ev::idle, ev::sig etc."
+For each \f(CW\*(C`ev_TYPE\*(C'\fR watcher in \fIev.h\fR there is a corresponding class of
+the same name in the \f(CW\*(C`ev\*(C'\fR namespace, with the exception of \f(CW\*(C`ev_signal\*(C'\fR
+which is called \f(CW\*(C`ev::sig\*(C'\fR to avoid clashes with the \f(CW\*(C`signal\*(C'\fR macro
+defined by many implementations.
+.Sp
+All of those classes have these methods:
+.RS 4
+.IP "ev::TYPE::TYPE ()" 4
+.IX Item "ev::TYPE::TYPE ()"
+.PD 0
+.IP "ev::TYPE::TYPE (loop)" 4
+.IX Item "ev::TYPE::TYPE (loop)"
+.IP "ev::TYPE::~TYPE" 4
+.IX Item "ev::TYPE::~TYPE"
+.PD
+The constructor (optionally) takes an event loop to associate the watcher
+with. If it is omitted, it will use \f(CW\*(C`EV_DEFAULT\*(C'\fR.
+.Sp
+The constructor calls \f(CW\*(C`ev_init\*(C'\fR for you, which means you have to call the
+\&\f(CW\*(C`set\*(C'\fR method before starting it.
+.Sp
+It will not set a callback, however: You have to call the templated \f(CW\*(C`set\*(C'\fR
+method to set a callback before you can start the watcher.
+.Sp
+(The reason why you have to use a method is a limitation in \*(C+ which does
+not allow explicit template arguments for constructors).
+.Sp
+The destructor automatically stops the watcher if it is active.
+.IP "w\->set<class, &class::method> (object *)" 4
+.IX Item "w->set<class, &class::method> (object *)"
+This method sets the callback method to call. The method has to have a
+signature of \f(CW\*(C`void (*)(ev_TYPE &, int)\*(C'\fR, it receives the watcher as
+first argument and the \f(CW\*(C`revents\*(C'\fR as second. The object must be given as
+parameter and is stored in the \f(CW\*(C`data\*(C'\fR member of the watcher.
+.Sp
+This method synthesizes efficient thunking code to call your method from
+the C callback that libev requires. If your compiler can inline your
+callback (i.e. it is visible to it at the place of the \f(CW\*(C`set\*(C'\fR call and
+your compiler is good :), then the method will be fully inlined into the
+thunking function, making it as fast as a direct C callback.
+.Sp
+Example: simple class declaration and watcher initialisation
+.Sp
+.Vb 4
+\&   struct myclass
+\&   {
+\&     void io_cb (ev::io &w, int revents) { }
+\&   }
+\&
+\&   myclass obj;
+\&   ev::io iow;
+\&   iow.set <myclass, &myclass::io_cb> (&obj);
+.Ve
+.IP "w\->set (object *)" 4
+.IX Item "w->set (object *)"
+This is a variation of a method callback \- leaving out the method to call
+will default the method to \f(CW\*(C`operator ()\*(C'\fR, which makes it possible to use
+functor objects without having to manually specify the \f(CW\*(C`operator ()\*(C'\fR all
+the time. Incidentally, you can then also leave out the template argument
+list.
+.Sp
+The \f(CW\*(C`operator ()\*(C'\fR method prototype must be \f(CW\*(C`void operator ()(watcher &w,
+int revents)\*(C'\fR.
+.Sp
+See the method\-\f(CW\*(C`set\*(C'\fR above for more details.
+.Sp
+Example: use a functor object as callback.
+.Sp
+.Vb 7
+\&   struct myfunctor
+\&   {
+\&     void operator() (ev::io &w, int revents)
+\&     {
+\&       ...
+\&     }
+\&   }
+\&
+\&   myfunctor f;
+\&
+\&   ev::io w;
+\&   w.set (&f);
+.Ve
+.IP "w\->set<function> (void *data = 0)" 4
+.IX Item "w->set<function> (void *data = 0)"
+Also sets a callback, but uses a static method or plain function as
+callback. The optional \f(CW\*(C`data\*(C'\fR argument will be stored in the watcher's
+\&\f(CW\*(C`data\*(C'\fR member and is free for you to use.
+.Sp
+The prototype of the \f(CW\*(C`function\*(C'\fR must be \f(CW\*(C`void (*)(ev::TYPE &w, int)\*(C'\fR.
+.Sp
+See the method\-\f(CW\*(C`set\*(C'\fR above for more details.
+.Sp
+Example: Use a plain function as callback.
+.Sp
+.Vb 2
+\&   static void io_cb (ev::io &w, int revents) { }
+\&   iow.set <io_cb> ();
+.Ve
+.IP "w\->set (loop)" 4
+.IX Item "w->set (loop)"
+Associates a different \f(CW\*(C`struct ev_loop\*(C'\fR with this watcher. You can only
+do this when the watcher is inactive (and not pending either).
+.IP "w\->set ([arguments])" 4
+.IX Item "w->set ([arguments])"
+Basically the same as \f(CW\*(C`ev_TYPE_set\*(C'\fR (except for \f(CW\*(C`ev::embed\*(C'\fR watchers>),
+with the same arguments. Either this method or a suitable start method
+must be called at least once. Unlike the C counterpart, an active watcher
+gets automatically stopped and restarted when reconfiguring it with this
+method.
+.Sp
+For \f(CW\*(C`ev::embed\*(C'\fR watchers this method is called \f(CW\*(C`set_embed\*(C'\fR, to avoid
+clashing with the \f(CW\*(C`set (loop)\*(C'\fR method.
+.Sp
+For \f(CW\*(C`ev::io\*(C'\fR watchers there is an additional \f(CW\*(C`set\*(C'\fR method that acepts a
+new event mask only, and internally calls \f(CW\*(C`ev_io_modfify\*(C'\fR.
+.IP "w\->start ()" 4
+.IX Item "w->start ()"
+Starts the watcher. Note that there is no \f(CW\*(C`loop\*(C'\fR argument, as the
+constructor already stores the event loop.
+.IP "w\->start ([arguments])" 4
+.IX Item "w->start ([arguments])"
+Instead of calling \f(CW\*(C`set\*(C'\fR and \f(CW\*(C`start\*(C'\fR methods separately, it is often
+convenient to wrap them in one call. Uses the same type of arguments as
+the configure \f(CW\*(C`set\*(C'\fR method of the watcher.
+.IP "w\->stop ()" 4
+.IX Item "w->stop ()"
+Stops the watcher if it is active. Again, no \f(CW\*(C`loop\*(C'\fR argument.
+.ie n .IP "w\->again () (""ev::timer"", ""ev::periodic"" only)" 4
+.el .IP "w\->again () (\f(CWev::timer\fR, \f(CWev::periodic\fR only)" 4
+.IX Item "w->again () (ev::timer, ev::periodic only)"
+For \f(CW\*(C`ev::timer\*(C'\fR and \f(CW\*(C`ev::periodic\*(C'\fR, this invokes the corresponding
+\&\f(CW\*(C`ev_TYPE_again\*(C'\fR function.
+.ie n .IP "w\->sweep () (""ev::embed"" only)" 4
+.el .IP "w\->sweep () (\f(CWev::embed\fR only)" 4
+.IX Item "w->sweep () (ev::embed only)"
+Invokes \f(CW\*(C`ev_embed_sweep\*(C'\fR.
+.ie n .IP "w\->update () (""ev::stat"" only)" 4
+.el .IP "w\->update () (\f(CWev::stat\fR only)" 4
+.IX Item "w->update () (ev::stat only)"
+Invokes \f(CW\*(C`ev_stat_stat\*(C'\fR.
+.RE
+.RS 4
+.RE
+.PP
+Example: Define a class with two I/O and idle watchers, start the I/O
+watchers in the constructor.
+.PP
+.Vb 5
+\&   class myclass
+\&   {
+\&     ev::io   io  ; void io_cb   (ev::io   &w, int revents);
+\&     ev::io   io2 ; void io2_cb  (ev::io   &w, int revents);
+\&     ev::idle idle; void idle_cb (ev::idle &w, int revents);
+\&
+\&     myclass (int fd)
+\&     {
+\&       io  .set <myclass, &myclass::io_cb  > (this);
+\&       io2 .set <myclass, &myclass::io2_cb > (this);
+\&       idle.set <myclass, &myclass::idle_cb> (this);
+\&
+\&       io.set (fd, ev::WRITE); // configure the watcher
+\&       io.start ();            // start it whenever convenient
+\&
+\&       io2.start (fd, ev::READ); // set + start in one call
+\&     }
+\&   };
+.Ve
+.SH "OTHER LANGUAGE BINDINGS"
+.IX Header "OTHER LANGUAGE BINDINGS"
+Libev does not offer other language bindings itself, but bindings for a
+number of languages exist in the form of third-party packages. If you know
+any interesting language binding in addition to the ones listed here, drop
+me a note.
+.IP "Perl" 4
+.IX Item "Perl"
+The \s-1EV\s0 module implements the full libev \s-1API\s0 and is actually used to test
+libev. \s-1EV\s0 is developed together with libev. Apart from the \s-1EV\s0 core module,
+there are additional modules that implement libev-compatible interfaces
+to \f(CW\*(C`libadns\*(C'\fR (\f(CW\*(C`EV::ADNS\*(C'\fR, but \f(CW\*(C`AnyEvent::DNS\*(C'\fR is preferred nowadays),
+\&\f(CW\*(C`Net::SNMP\*(C'\fR (\f(CW\*(C`Net::SNMP::EV\*(C'\fR) and the \f(CW\*(C`libglib\*(C'\fR event core (\f(CW\*(C`Glib::EV\*(C'\fR
+and \f(CW\*(C`EV::Glib\*(C'\fR).
+.Sp
+It can be found and installed via \s-1CPAN,\s0 its homepage is at
+<http://software.schmorp.de/pkg/EV>.
+.IP "Python" 4
+.IX Item "Python"
+Python bindings can be found at <http://code.google.com/p/pyev/>. It
+seems to be quite complete and well-documented.
+.IP "Ruby" 4
+.IX Item "Ruby"
+Tony Arcieri has written a ruby extension that offers access to a subset
+of the libev \s-1API\s0 and adds file handle abstractions, asynchronous \s-1DNS\s0 and
+more on top of it. It can be found via gem servers. Its homepage is at
+<http://rev.rubyforge.org/>.
+.Sp
+Roger Pack reports that using the link order \f(CW\*(C`\-lws2_32 \-lmsvcrt\-ruby\-190\*(C'\fR
+makes rev work even on mingw.
+.IP "Haskell" 4
+.IX Item "Haskell"
+A haskell binding to libev is available at
+<http://hackage.haskell.org/cgi\-bin/hackage\-scripts/package/hlibev>.
+.IP "D" 4
+.IX Item "D"
+Leandro Lucarella has written a D language binding (\fIev.d\fR) for libev, to
+be found at <http://www.llucax.com.ar/proj/ev.d/index.html>.
+.IP "Ocaml" 4
+.IX Item "Ocaml"
+Erkki Seppala has written Ocaml bindings for libev, to be found at
+<http://modeemi.cs.tut.fi/~flux/software/ocaml\-ev/>.
+.IP "Lua" 4
+.IX Item "Lua"
+Brian Maher has written a partial interface to libev for lua (at the
+time of this writing, only \f(CW\*(C`ev_io\*(C'\fR and \f(CW\*(C`ev_timer\*(C'\fR), to be found at
+<http://github.com/brimworks/lua\-ev>.
+.IP "Javascript" 4
+.IX Item "Javascript"
+Node.js (<http://nodejs.org>) uses libev as the underlying event library.
+.IP "Others" 4
+.IX Item "Others"
+There are others, and I stopped counting.
+.SH "MACRO MAGIC"
+.IX Header "MACRO MAGIC"
+Libev can be compiled with a variety of options, the most fundamental
+of which is \f(CW\*(C`EV_MULTIPLICITY\*(C'\fR. This option determines whether (most)
+functions and callbacks have an initial \f(CW\*(C`struct ev_loop *\*(C'\fR argument.
+.PP
+To make it easier to write programs that cope with either variant, the
+following macros are defined:
+.ie n .IP """EV_A"", ""EV_A_""" 4
+.el .IP "\f(CWEV_A\fR, \f(CWEV_A_\fR" 4
+.IX Item "EV_A, EV_A_"
+This provides the loop \fIargument\fR for functions, if one is required (\*(L"ev
+loop argument\*(R"). The \f(CW\*(C`EV_A\*(C'\fR form is used when this is the sole argument,
+\&\f(CW\*(C`EV_A_\*(C'\fR is used when other arguments are following. Example:
+.Sp
+.Vb 3
+\&   ev_unref (EV_A);
+\&   ev_timer_add (EV_A_ watcher);
+\&   ev_run (EV_A_ 0);
+.Ve
+.Sp
+It assumes the variable \f(CW\*(C`loop\*(C'\fR of type \f(CW\*(C`struct ev_loop *\*(C'\fR is in scope,
+which is often provided by the following macro.
+.ie n .IP """EV_P"", ""EV_P_""" 4
+.el .IP "\f(CWEV_P\fR, \f(CWEV_P_\fR" 4
+.IX Item "EV_P, EV_P_"
+This provides the loop \fIparameter\fR for functions, if one is required (\*(L"ev
+loop parameter\*(R"). The \f(CW\*(C`EV_P\*(C'\fR form is used when this is the sole parameter,
+\&\f(CW\*(C`EV_P_\*(C'\fR is used when other parameters are following. Example:
+.Sp
+.Vb 2
+\&   // this is how ev_unref is being declared
+\&   static void ev_unref (EV_P);
+\&
+\&   // this is how you can declare your typical callback
+\&   static void cb (EV_P_ ev_timer *w, int revents)
+.Ve
+.Sp
+It declares a parameter \f(CW\*(C`loop\*(C'\fR of type \f(CW\*(C`struct ev_loop *\*(C'\fR, quite
+suitable for use with \f(CW\*(C`EV_A\*(C'\fR.
+.ie n .IP """EV_DEFAULT"", ""EV_DEFAULT_""" 4
+.el .IP "\f(CWEV_DEFAULT\fR, \f(CWEV_DEFAULT_\fR" 4
+.IX Item "EV_DEFAULT, EV_DEFAULT_"
+Similar to the other two macros, this gives you the value of the default
+loop, if multiple loops are supported (\*(L"ev loop default\*(R"). The default loop
+will be initialised if it isn't already initialised.
+.Sp
+For non-multiplicity builds, these macros do nothing, so you always have
+to initialise the loop somewhere.
+.ie n .IP """EV_DEFAULT_UC"", ""EV_DEFAULT_UC_""" 4
+.el .IP "\f(CWEV_DEFAULT_UC\fR, \f(CWEV_DEFAULT_UC_\fR" 4
+.IX Item "EV_DEFAULT_UC, EV_DEFAULT_UC_"
+Usage identical to \f(CW\*(C`EV_DEFAULT\*(C'\fR and \f(CW\*(C`EV_DEFAULT_\*(C'\fR, but requires that the
+default loop has been initialised (\f(CW\*(C`UC\*(C'\fR == unchecked). Their behaviour
+is undefined when the default loop has not been initialised by a previous
+execution of \f(CW\*(C`EV_DEFAULT\*(C'\fR, \f(CW\*(C`EV_DEFAULT_\*(C'\fR or \f(CW\*(C`ev_default_init (...)\*(C'\fR.
+.Sp
+It is often prudent to use \f(CW\*(C`EV_DEFAULT\*(C'\fR when initialising the first
+watcher in a function but use \f(CW\*(C`EV_DEFAULT_UC\*(C'\fR afterwards.
+.PP
+Example: Declare and initialise a check watcher, utilising the above
+macros so it will work regardless of whether multiple loops are supported
+or not.
+.PP
+.Vb 5
+\&   static void
+\&   check_cb (EV_P_ ev_timer *w, int revents)
+\&   {
+\&     ev_check_stop (EV_A_ w);
+\&   }
+\&
+\&   ev_check check;
+\&   ev_check_init (&check, check_cb);
+\&   ev_check_start (EV_DEFAULT_ &check);
+\&   ev_run (EV_DEFAULT_ 0);
+.Ve
+.SH "EMBEDDING"
+.IX Header "EMBEDDING"
+Libev can (and often is) directly embedded into host
+applications. Examples of applications that embed it include the Deliantra
+Game Server, the \s-1EV\s0 perl module, the \s-1GNU\s0 Virtual Private Ethernet (gvpe)
+and rxvt-unicode.
+.PP
+The goal is to enable you to just copy the necessary files into your
+source directory without having to change even a single line in them, so
+you can easily upgrade by simply copying (or having a checked-out copy of
+libev somewhere in your source tree).
+.SS "\s-1FILESETS\s0"
+.IX Subsection "FILESETS"
+Depending on what features you need you need to include one or more sets of files
+in your application.
+.PP
+\fI\s-1CORE EVENT LOOP\s0\fR
+.IX Subsection "CORE EVENT LOOP"
+.PP
+To include only the libev core (all the \f(CW\*(C`ev_*\*(C'\fR functions), with manual
+configuration (no autoconf):
+.PP
+.Vb 2
+\&   #define EV_STANDALONE 1
+\&   #include "ev.c"
+.Ve
+.PP
+This will automatically include \fIev.h\fR, too, and should be done in a
+single C source file only to provide the function implementations. To use
+it, do the same for \fIev.h\fR in all files wishing to use this \s-1API\s0 (best
+done by writing a wrapper around \fIev.h\fR that you can include instead and
+where you can put other configuration options):
+.PP
+.Vb 2
+\&   #define EV_STANDALONE 1
+\&   #include "ev.h"
+.Ve
+.PP
+Both header files and implementation files can be compiled with a \*(C+
+compiler (at least, that's a stated goal, and breakage will be treated
+as a bug).
+.PP
+You need the following files in your source tree, or in a directory
+in your include path (e.g. in libev/ when using \-Ilibev):
+.PP
+.Vb 4
+\&   ev.h
+\&   ev.c
+\&   ev_vars.h
+\&   ev_wrap.h
+\&
+\&   ev_win32.c      required on win32 platforms only
+\&
+\&   ev_select.c     only when select backend is enabled
+\&   ev_poll.c       only when poll backend is enabled
+\&   ev_epoll.c      only when the epoll backend is enabled
+\&   ev_linuxaio.c   only when the linux aio backend is enabled
+\&   ev_iouring.c    only when the linux io_uring backend is enabled
+\&   ev_kqueue.c     only when the kqueue backend is enabled
+\&   ev_port.c       only when the solaris port backend is enabled
+.Ve
+.PP
+\&\fIev.c\fR includes the backend files directly when enabled, so you only need
+to compile this single file.
+.PP
+\fI\s-1LIBEVENT COMPATIBILITY API\s0\fR
+.IX Subsection "LIBEVENT COMPATIBILITY API"
+.PP
+To include the libevent compatibility \s-1API,\s0 also include:
+.PP
+.Vb 1
+\&   #include "event.c"
+.Ve
+.PP
+in the file including \fIev.c\fR, and:
+.PP
+.Vb 1
+\&   #include "event.h"
+.Ve
+.PP
+in the files that want to use the libevent \s-1API.\s0 This also includes \fIev.h\fR.
+.PP
+You need the following additional files for this:
+.PP
+.Vb 2
+\&   event.h
+\&   event.c
+.Ve
+.PP
+\fI\s-1AUTOCONF SUPPORT\s0\fR
+.IX Subsection "AUTOCONF SUPPORT"
+.PP
+Instead of using \f(CW\*(C`EV_STANDALONE=1\*(C'\fR and providing your configuration in
+whatever way you want, you can also \f(CW\*(C`m4_include([libev.m4])\*(C'\fR in your
+\&\fIconfigure.ac\fR and leave \f(CW\*(C`EV_STANDALONE\*(C'\fR undefined. \fIev.c\fR will then
+include \fIconfig.h\fR and configure itself accordingly.
+.PP
+For this of course you need the m4 file:
+.PP
+.Vb 1
+\&   libev.m4
+.Ve
+.SS "\s-1PREPROCESSOR SYMBOLS/MACROS\s0"
+.IX Subsection "PREPROCESSOR SYMBOLS/MACROS"
+Libev can be configured via a variety of preprocessor symbols you have to
+define before including (or compiling) any of its files. The default in
+the absence of autoconf is documented for every option.
+.PP
+Symbols marked with \*(L"(h)\*(R" do not change the \s-1ABI,\s0 and can have different
+values when compiling libev vs. including \fIev.h\fR, so it is permissible
+to redefine them before including \fIev.h\fR without breaking compatibility
+to a compiled library. All other symbols change the \s-1ABI,\s0 which means all
+users of libev and the libev code itself must be compiled with compatible
+settings.
+.IP "\s-1EV_COMPAT3\s0 (h)" 4
+.IX Item "EV_COMPAT3 (h)"
+Backwards compatibility is a major concern for libev. This is why this
+release of libev comes with wrappers for the functions and symbols that
+have been renamed between libev version 3 and 4.
+.Sp
+You can disable these wrappers (to test compatibility with future
+versions) by defining \f(CW\*(C`EV_COMPAT3\*(C'\fR to \f(CW0\fR when compiling your
+sources. This has the additional advantage that you can drop the \f(CW\*(C`struct\*(C'\fR
+from \f(CW\*(C`struct ev_loop\*(C'\fR declarations, as libev will provide an \f(CW\*(C`ev_loop\*(C'\fR
+typedef in that case.
+.Sp
+In some future version, the default for \f(CW\*(C`EV_COMPAT3\*(C'\fR will become \f(CW0\fR,
+and in some even more future version the compatibility code will be
+removed completely.
+.IP "\s-1EV_STANDALONE\s0 (h)" 4
+.IX Item "EV_STANDALONE (h)"
+Must always be \f(CW1\fR if you do not use autoconf configuration, which
+keeps libev from including \fIconfig.h\fR, and it also defines dummy
+implementations for some libevent functions (such as logging, which is not
+supported). It will also not define any of the structs usually found in
+\&\fIevent.h\fR that are not directly supported by the libev core alone.
+.Sp
+In standalone mode, libev will still try to automatically deduce the
+configuration, but has to be more conservative.
+.IP "\s-1EV_USE_FLOOR\s0" 4
+.IX Item "EV_USE_FLOOR"
+If defined to be \f(CW1\fR, libev will use the \f(CW\*(C`floor ()\*(C'\fR function for its
+periodic reschedule calculations, otherwise libev will fall back on a
+portable (slower) implementation. If you enable this, you usually have to
+link against libm or something equivalent. Enabling this when the \f(CW\*(C`floor\*(C'\fR
+function is not available will fail, so the safe default is to not enable
+this.
+.IP "\s-1EV_USE_MONOTONIC\s0" 4
+.IX Item "EV_USE_MONOTONIC"
+If defined to be \f(CW1\fR, libev will try to detect the availability of the
+monotonic clock option at both compile time and runtime. Otherwise no
+use of the monotonic clock option will be attempted. If you enable this,
+you usually have to link against librt or something similar. Enabling it
+when the functionality isn't available is safe, though, although you have
+to make sure you link against any libraries where the \f(CW\*(C`clock_gettime\*(C'\fR
+function is hiding in (often \fI\-lrt\fR). See also \f(CW\*(C`EV_USE_CLOCK_SYSCALL\*(C'\fR.
+.IP "\s-1EV_USE_REALTIME\s0" 4
+.IX Item "EV_USE_REALTIME"
+If defined to be \f(CW1\fR, libev will try to detect the availability of the
+real-time clock option at compile time (and assume its availability
+at runtime if successful). Otherwise no use of the real-time clock
+option will be attempted. This effectively replaces \f(CW\*(C`gettimeofday\*(C'\fR
+by \f(CW\*(C`clock_get (CLOCK_REALTIME, ...)\*(C'\fR and will not normally affect
+correctness. See the note about libraries in the description of
+\&\f(CW\*(C`EV_USE_MONOTONIC\*(C'\fR, though. Defaults to the opposite value of
+\&\f(CW\*(C`EV_USE_CLOCK_SYSCALL\*(C'\fR.
+.IP "\s-1EV_USE_CLOCK_SYSCALL\s0" 4
+.IX Item "EV_USE_CLOCK_SYSCALL"
+If defined to be \f(CW1\fR, libev will try to use a direct syscall instead
+of calling the system-provided \f(CW\*(C`clock_gettime\*(C'\fR function. This option
+exists because on GNU/Linux, \f(CW\*(C`clock_gettime\*(C'\fR is in \f(CW\*(C`librt\*(C'\fR, but \f(CW\*(C`librt\*(C'\fR
+unconditionally pulls in \f(CW\*(C`libpthread\*(C'\fR, slowing down single-threaded
+programs needlessly. Using a direct syscall is slightly slower (in
+theory), because no optimised vdso implementation can be used, but avoids
+the pthread dependency. Defaults to \f(CW1\fR on GNU/Linux with glibc 2.x or
+higher, as it simplifies linking (no need for \f(CW\*(C`\-lrt\*(C'\fR).
+.IP "\s-1EV_USE_NANOSLEEP\s0" 4
+.IX Item "EV_USE_NANOSLEEP"
+If defined to be \f(CW1\fR, libev will assume that \f(CW\*(C`nanosleep ()\*(C'\fR is available
+and will use it for delays. Otherwise it will use \f(CW\*(C`select ()\*(C'\fR.
+.IP "\s-1EV_USE_EVENTFD\s0" 4
+.IX Item "EV_USE_EVENTFD"
+If defined to be \f(CW1\fR, then libev will assume that \f(CW\*(C`eventfd ()\*(C'\fR is
+available and will probe for kernel support at runtime. This will improve
+\&\f(CW\*(C`ev_signal\*(C'\fR and \f(CW\*(C`ev_async\*(C'\fR performance and reduce resource consumption.
+If undefined, it will be enabled if the headers indicate GNU/Linux + Glibc
+2.7 or newer, otherwise disabled.
+.IP "\s-1EV_USE_SIGNALFD\s0" 4
+.IX Item "EV_USE_SIGNALFD"
+If defined to be \f(CW1\fR, then libev will assume that \f(CW\*(C`signalfd ()\*(C'\fR is
+available and will probe for kernel support at runtime. This enables
+the use of \s-1EVFLAG_SIGNALFD\s0 for faster and simpler signal handling. If
+undefined, it will be enabled if the headers indicate GNU/Linux + Glibc
+2.7 or newer, otherwise disabled.
+.IP "\s-1EV_USE_TIMERFD\s0" 4
+.IX Item "EV_USE_TIMERFD"
+If defined to be \f(CW1\fR, then libev will assume that \f(CW\*(C`timerfd ()\*(C'\fR is
+available and will probe for kernel support at runtime. This allows
+libev to detect time jumps accurately. If undefined, it will be enabled
+if the headers indicate GNU/Linux + Glibc 2.8 or newer and define
+\&\f(CW\*(C`TFD_TIMER_CANCEL_ON_SET\*(C'\fR, otherwise disabled.
+.IP "\s-1EV_USE_EVENTFD\s0" 4
+.IX Item "EV_USE_EVENTFD"
+If defined to be \f(CW1\fR, then libev will assume that \f(CW\*(C`eventfd ()\*(C'\fR is
+available and will probe for kernel support at runtime. This will improve
+\&\f(CW\*(C`ev_signal\*(C'\fR and \f(CW\*(C`ev_async\*(C'\fR performance and reduce resource consumption.
+If undefined, it will be enabled if the headers indicate GNU/Linux + Glibc
+2.7 or newer, otherwise disabled.
+.IP "\s-1EV_USE_SELECT\s0" 4
+.IX Item "EV_USE_SELECT"
+If undefined or defined to be \f(CW1\fR, libev will compile in support for the
+\&\f(CW\*(C`select\*(C'\fR(2) backend. No attempt at auto-detection will be done: if no
+other method takes over, select will be it. Otherwise the select backend
+will not be compiled in.
+.IP "\s-1EV_SELECT_USE_FD_SET\s0" 4
+.IX Item "EV_SELECT_USE_FD_SET"
+If defined to \f(CW1\fR, then the select backend will use the system \f(CW\*(C`fd_set\*(C'\fR
+structure. This is useful if libev doesn't compile due to a missing
+\&\f(CW\*(C`NFDBITS\*(C'\fR or \f(CW\*(C`fd_mask\*(C'\fR definition or it mis-guesses the bitset layout
+on exotic systems. This usually limits the range of file descriptors to
+some low limit such as 1024 or might have other limitations (winsocket
+only allows 64 sockets). The \f(CW\*(C`FD_SETSIZE\*(C'\fR macro, set before compilation,
+configures the maximum size of the \f(CW\*(C`fd_set\*(C'\fR.
+.IP "\s-1EV_SELECT_IS_WINSOCKET\s0" 4
+.IX Item "EV_SELECT_IS_WINSOCKET"
+When defined to \f(CW1\fR, the select backend will assume that
+select/socket/connect etc. don't understand file descriptors but
+wants osf handles on win32 (this is the case when the select to
+be used is the winsock select). This means that it will call
+\&\f(CW\*(C`_get_osfhandle\*(C'\fR on the fd to convert it to an \s-1OS\s0 handle. Otherwise,
+it is assumed that all these functions actually work on fds, even
+on win32. Should not be defined on non\-win32 platforms.
+.IP "\s-1EV_FD_TO_WIN32_HANDLE\s0(fd)" 4
+.IX Item "EV_FD_TO_WIN32_HANDLE(fd)"
+If \f(CW\*(C`EV_SELECT_IS_WINSOCKET\*(C'\fR is enabled, then libev needs a way to map
+file descriptors to socket handles. When not defining this symbol (the
+default), then libev will call \f(CW\*(C`_get_osfhandle\*(C'\fR, which is usually
+correct. In some cases, programs use their own file descriptor management,
+in which case they can provide this function to map fds to socket handles.
+.IP "\s-1EV_WIN32_HANDLE_TO_FD\s0(handle)" 4
+.IX Item "EV_WIN32_HANDLE_TO_FD(handle)"
+If \f(CW\*(C`EV_SELECT_IS_WINSOCKET\*(C'\fR then libev maps handles to file descriptors
+using the standard \f(CW\*(C`_open_osfhandle\*(C'\fR function. For programs implementing
+their own fd to handle mapping, overwriting this function makes it easier
+to do so. This can be done by defining this macro to an appropriate value.
+.IP "\s-1EV_WIN32_CLOSE_FD\s0(fd)" 4
+.IX Item "EV_WIN32_CLOSE_FD(fd)"
+If programs implement their own fd to handle mapping on win32, then this
+macro can be used to override the \f(CW\*(C`close\*(C'\fR function, useful to unregister
+file descriptors again. Note that the replacement function has to close
+the underlying \s-1OS\s0 handle.
+.IP "\s-1EV_USE_WSASOCKET\s0" 4
+.IX Item "EV_USE_WSASOCKET"
+If defined to be \f(CW1\fR, libev will use \f(CW\*(C`WSASocket\*(C'\fR to create its internal
+communication socket, which works better in some environments. Otherwise,
+the normal \f(CW\*(C`socket\*(C'\fR function will be used, which works better in other
+environments.
+.IP "\s-1EV_USE_POLL\s0" 4
+.IX Item "EV_USE_POLL"
+If defined to be \f(CW1\fR, libev will compile in support for the \f(CW\*(C`poll\*(C'\fR(2)
+backend. Otherwise it will be enabled on non\-win32 platforms. It
+takes precedence over select.
+.IP "\s-1EV_USE_EPOLL\s0" 4
+.IX Item "EV_USE_EPOLL"
+If defined to be \f(CW1\fR, libev will compile in support for the Linux
+\&\f(CW\*(C`epoll\*(C'\fR(7) backend. Its availability will be detected at runtime,
+otherwise another method will be used as fallback. This is the preferred
+backend for GNU/Linux systems. If undefined, it will be enabled if the
+headers indicate GNU/Linux + Glibc 2.4 or newer, otherwise disabled.
+.IP "\s-1EV_USE_LINUXAIO\s0" 4
+.IX Item "EV_USE_LINUXAIO"
+If defined to be \f(CW1\fR, libev will compile in support for the Linux aio
+backend (\f(CW\*(C`EV_USE_EPOLL\*(C'\fR must also be enabled). If undefined, it will be
+enabled on linux, otherwise disabled.
+.IP "\s-1EV_USE_IOURING\s0" 4
+.IX Item "EV_USE_IOURING"
+If defined to be \f(CW1\fR, libev will compile in support for the Linux
+io_uring backend (\f(CW\*(C`EV_USE_EPOLL\*(C'\fR must also be enabled). Due to it's
+current limitations it has to be requested explicitly. If undefined, it
+will be enabled on linux, otherwise disabled.
+.IP "\s-1EV_USE_KQUEUE\s0" 4
+.IX Item "EV_USE_KQUEUE"
+If defined to be \f(CW1\fR, libev will compile in support for the \s-1BSD\s0 style
+\&\f(CW\*(C`kqueue\*(C'\fR(2) backend. Its actual availability will be detected at runtime,
+otherwise another method will be used as fallback. This is the preferred
+backend for \s-1BSD\s0 and BSD-like systems, although on most BSDs kqueue only
+supports some types of fds correctly (the only platform we found that
+supports ptys for example was NetBSD), so kqueue might be compiled in, but
+not be used unless explicitly requested. The best way to use it is to find
+out whether kqueue supports your type of fd properly and use an embedded
+kqueue loop.
+.IP "\s-1EV_USE_PORT\s0" 4
+.IX Item "EV_USE_PORT"
+If defined to be \f(CW1\fR, libev will compile in support for the Solaris
+10 port style backend. Its availability will be detected at runtime,
+otherwise another method will be used as fallback. This is the preferred
+backend for Solaris 10 systems.
+.IP "\s-1EV_USE_DEVPOLL\s0" 4
+.IX Item "EV_USE_DEVPOLL"
+Reserved for future expansion, works like the \s-1USE\s0 symbols above.
+.IP "\s-1EV_USE_INOTIFY\s0" 4
+.IX Item "EV_USE_INOTIFY"
+If defined to be \f(CW1\fR, libev will compile in support for the Linux inotify
+interface to speed up \f(CW\*(C`ev_stat\*(C'\fR watchers. Its actual availability will
+be detected at runtime. If undefined, it will be enabled if the headers
+indicate GNU/Linux + Glibc 2.4 or newer, otherwise disabled.
+.IP "\s-1EV_NO_SMP\s0" 4
+.IX Item "EV_NO_SMP"
+If defined to be \f(CW1\fR, libev will assume that memory is always coherent
+between threads, that is, threads can be used, but threads never run on
+different cpus (or different cpu cores). This reduces dependencies
+and makes libev faster.
+.IP "\s-1EV_NO_THREADS\s0" 4
+.IX Item "EV_NO_THREADS"
+If defined to be \f(CW1\fR, libev will assume that it will never be called from
+different threads (that includes signal handlers), which is a stronger
+assumption than \f(CW\*(C`EV_NO_SMP\*(C'\fR, above. This reduces dependencies and makes
+libev faster.
+.IP "\s-1EV_ATOMIC_T\s0" 4
+.IX Item "EV_ATOMIC_T"
+Libev requires an integer type (suitable for storing \f(CW0\fR or \f(CW1\fR) whose
+access is atomic with respect to other threads or signal contexts. No
+such type is easily found in the C language, so you can provide your own
+type that you know is safe for your purposes. It is used both for signal
+handler \*(L"locking\*(R" as well as for signal and thread safety in \f(CW\*(C`ev_async\*(C'\fR
+watchers.
+.Sp
+In the absence of this define, libev will use \f(CW\*(C`sig_atomic_t volatile\*(C'\fR
+(from \fIsignal.h\fR), which is usually good enough on most platforms.
+.IP "\s-1EV_H\s0 (h)" 4
+.IX Item "EV_H (h)"
+The name of the \fIev.h\fR header file used to include it. The default if
+undefined is \f(CW"ev.h"\fR in \fIevent.h\fR, \fIev.c\fR and \fIev++.h\fR. This can be
+used to virtually rename the \fIev.h\fR header file in case of conflicts.
+.IP "\s-1EV_CONFIG_H\s0 (h)" 4
+.IX Item "EV_CONFIG_H (h)"
+If \f(CW\*(C`EV_STANDALONE\*(C'\fR isn't \f(CW1\fR, this variable can be used to override
+\&\fIev.c\fR's idea of where to find the \fIconfig.h\fR file, similarly to
+\&\f(CW\*(C`EV_H\*(C'\fR, above.
+.IP "\s-1EV_EVENT_H\s0 (h)" 4
+.IX Item "EV_EVENT_H (h)"
+Similarly to \f(CW\*(C`EV_H\*(C'\fR, this macro can be used to override \fIevent.c\fR's idea
+of how the \fIevent.h\fR header can be found, the default is \f(CW"event.h"\fR.
+.IP "\s-1EV_PROTOTYPES\s0 (h)" 4
+.IX Item "EV_PROTOTYPES (h)"
+If defined to be \f(CW0\fR, then \fIev.h\fR will not define any function
+prototypes, but still define all the structs and other symbols. This is
+occasionally useful if you want to provide your own wrapper functions
+around libev functions.
+.IP "\s-1EV_MULTIPLICITY\s0" 4
+.IX Item "EV_MULTIPLICITY"
+If undefined or defined to \f(CW1\fR, then all event-loop-specific functions
+will have the \f(CW\*(C`struct ev_loop *\*(C'\fR as first argument, and you can create
+additional independent event loops. Otherwise there will be no support
+for multiple event loops and there is no first event loop pointer
+argument. Instead, all functions act on the single default loop.
+.Sp
+Note that \f(CW\*(C`EV_DEFAULT\*(C'\fR and \f(CW\*(C`EV_DEFAULT_\*(C'\fR will no longer provide a
+default loop when multiplicity is switched off \- you always have to
+initialise the loop manually in this case.
+.IP "\s-1EV_MINPRI\s0" 4
+.IX Item "EV_MINPRI"
+.PD 0
+.IP "\s-1EV_MAXPRI\s0" 4
+.IX Item "EV_MAXPRI"
+.PD
+The range of allowed priorities. \f(CW\*(C`EV_MINPRI\*(C'\fR must be smaller or equal to
+\&\f(CW\*(C`EV_MAXPRI\*(C'\fR, but otherwise there are no non-obvious limitations. You can
+provide for more priorities by overriding those symbols (usually defined
+to be \f(CW\*(C`\-2\*(C'\fR and \f(CW2\fR, respectively).
+.Sp
+When doing priority-based operations, libev usually has to linearly search
+all the priorities, so having many of them (hundreds) uses a lot of space
+and time, so using the defaults of five priorities (\-2 .. +2) is usually
+fine.
+.Sp
+If your embedding application does not need any priorities, defining these
+both to \f(CW0\fR will save some memory and \s-1CPU.\s0
+.IP "\s-1EV_PERIODIC_ENABLE, EV_IDLE_ENABLE, EV_EMBED_ENABLE, EV_STAT_ENABLE, EV_PREPARE_ENABLE, EV_CHECK_ENABLE, EV_FORK_ENABLE, EV_SIGNAL_ENABLE, EV_ASYNC_ENABLE, EV_CHILD_ENABLE.\s0" 4
+.IX Item "EV_PERIODIC_ENABLE, EV_IDLE_ENABLE, EV_EMBED_ENABLE, EV_STAT_ENABLE, EV_PREPARE_ENABLE, EV_CHECK_ENABLE, EV_FORK_ENABLE, EV_SIGNAL_ENABLE, EV_ASYNC_ENABLE, EV_CHILD_ENABLE."
+If undefined or defined to be \f(CW1\fR (and the platform supports it), then
+the respective watcher type is supported. If defined to be \f(CW0\fR, then it
+is not. Disabling watcher types mainly saves code size.
+.IP "\s-1EV_FEATURES\s0" 4
+.IX Item "EV_FEATURES"
+If you need to shave off some kilobytes of code at the expense of some
+speed (but with the full \s-1API\s0), you can define this symbol to request
+certain subsets of functionality. The default is to enable all features
+that can be enabled on the platform.
+.Sp
+A typical way to use this symbol is to define it to \f(CW0\fR (or to a bitset
+with some broad features you want) and then selectively re-enable
+additional parts you want, for example if you want everything minimal,
+but multiple event loop support, async and child watchers and the poll
+backend, use this:
+.Sp
+.Vb 5
+\&   #define EV_FEATURES 0
+\&   #define EV_MULTIPLICITY 1
+\&   #define EV_USE_POLL 1
+\&   #define EV_CHILD_ENABLE 1
+\&   #define EV_ASYNC_ENABLE 1
+.Ve
+.Sp
+The actual value is a bitset, it can be a combination of the following
+values (by default, all of these are enabled):
+.RS 4
+.ie n .IP "1 \- faster/larger code" 4
+.el .IP "\f(CW1\fR \- faster/larger code" 4
+.IX Item "1 - faster/larger code"
+Use larger code to speed up some operations.
+.Sp
+Currently this is used to override some inlining decisions (enlarging the
+code size by roughly 30% on amd64).
+.Sp
+When optimising for size, use of compiler flags such as \f(CW\*(C`\-Os\*(C'\fR with
+gcc is recommended, as well as \f(CW\*(C`\-DNDEBUG\*(C'\fR, as libev contains a number of
+assertions.
+.Sp
+The default is off when \f(CW\*(C`_\|_OPTIMIZE_SIZE_\|_\*(C'\fR is defined by your compiler
+(e.g. gcc with \f(CW\*(C`\-Os\*(C'\fR).
+.ie n .IP "2 \- faster/larger data structures" 4
+.el .IP "\f(CW2\fR \- faster/larger data structures" 4
+.IX Item "2 - faster/larger data structures"
+Replaces the small 2\-heap for timer management by a faster 4\-heap, larger
+hash table sizes and so on. This will usually further increase code size
+and can additionally have an effect on the size of data structures at
+runtime.
+.Sp
+The default is off when \f(CW\*(C`_\|_OPTIMIZE_SIZE_\|_\*(C'\fR is defined by your compiler
+(e.g. gcc with \f(CW\*(C`\-Os\*(C'\fR).
+.ie n .IP "4 \- full \s-1API\s0 configuration" 4
+.el .IP "\f(CW4\fR \- full \s-1API\s0 configuration" 4
+.IX Item "4 - full API configuration"
+This enables priorities (sets \f(CW\*(C`EV_MAXPRI\*(C'\fR=2 and \f(CW\*(C`EV_MINPRI\*(C'\fR=\-2), and
+enables multiplicity (\f(CW\*(C`EV_MULTIPLICITY\*(C'\fR=1).
+.ie n .IP "8 \- full \s-1API\s0" 4
+.el .IP "\f(CW8\fR \- full \s-1API\s0" 4
+.IX Item "8 - full API"
+This enables a lot of the \*(L"lesser used\*(R" \s-1API\s0 functions. See \f(CW\*(C`ev.h\*(C'\fR for
+details on which parts of the \s-1API\s0 are still available without this
+feature, and do not complain if this subset changes over time.
+.ie n .IP "16 \- enable all optional watcher types" 4
+.el .IP "\f(CW16\fR \- enable all optional watcher types" 4
+.IX Item "16 - enable all optional watcher types"
+Enables all optional watcher types.  If you want to selectively enable
+only some watcher types other than I/O and timers (e.g. prepare,
+embed, async, child...) you can enable them manually by defining
+\&\f(CW\*(C`EV_watchertype_ENABLE\*(C'\fR to \f(CW1\fR instead.
+.ie n .IP "32 \- enable all backends" 4
+.el .IP "\f(CW32\fR \- enable all backends" 4
+.IX Item "32 - enable all backends"
+This enables all backends \- without this feature, you need to enable at
+least one backend manually (\f(CW\*(C`EV_USE_SELECT\*(C'\fR is a good choice).
+.ie n .IP "64 \- enable OS-specific ""helper"" APIs" 4
+.el .IP "\f(CW64\fR \- enable OS-specific ``helper'' APIs" 4
+.IX Item "64 - enable OS-specific helper APIs"
+Enable inotify, eventfd, signalfd and similar OS-specific helper APIs by
+default.
+.RE
+.RS 4
+.Sp
+Compiling with \f(CW\*(C`gcc \-Os \-DEV_STANDALONE \-DEV_USE_EPOLL=1 \-DEV_FEATURES=0\*(C'\fR
+reduces the compiled size of libev from 24.7Kb code/2.8Kb data to 6.5Kb
+code/0.3Kb data on my GNU/Linux amd64 system, while still giving you I/O
+watchers, timers and monotonic clock support.
+.Sp
+With an intelligent-enough linker (gcc+binutils are intelligent enough
+when you use \f(CW\*(C`\-Wl,\-\-gc\-sections \-ffunction\-sections\*(C'\fR) functions unused by
+your program might be left out as well \- a binary starting a timer and an
+I/O watcher then might come out at only 5Kb.
+.RE
+.IP "\s-1EV_API_STATIC\s0" 4
+.IX Item "EV_API_STATIC"
+If this symbol is defined (by default it is not), then all identifiers
+will have static linkage. This means that libev will not export any
+identifiers, and you cannot link against libev anymore. This can be useful
+when you embed libev, only want to use libev functions in a single file,
+and do not want its identifiers to be visible.
+.Sp
+To use this, define \f(CW\*(C`EV_API_STATIC\*(C'\fR and include \fIev.c\fR in the file that
+wants to use libev.
+.Sp
+This option only works when libev is compiled with a C compiler, as \*(C+
+doesn't support the required declaration syntax.
+.IP "\s-1EV_AVOID_STDIO\s0" 4
+.IX Item "EV_AVOID_STDIO"
+If this is set to \f(CW1\fR at compiletime, then libev will avoid using stdio
+functions (printf, scanf, perror etc.). This will increase the code size
+somewhat, but if your program doesn't otherwise depend on stdio and your
+libc allows it, this avoids linking in the stdio library which is quite
+big.
+.Sp
+Note that error messages might become less precise when this option is
+enabled.
+.IP "\s-1EV_NSIG\s0" 4
+.IX Item "EV_NSIG"
+The highest supported signal number, +1 (or, the number of
+signals): Normally, libev tries to deduce the maximum number of signals
+automatically, but sometimes this fails, in which case it can be
+specified. Also, using a lower number than detected (\f(CW32\fR should be
+good for about any system in existence) can save some memory, as libev
+statically allocates some 12\-24 bytes per signal number.
+.IP "\s-1EV_PID_HASHSIZE\s0" 4
+.IX Item "EV_PID_HASHSIZE"
+\&\f(CW\*(C`ev_child\*(C'\fR watchers use a small hash table to distribute workload by
+pid. The default size is \f(CW16\fR (or \f(CW1\fR with \f(CW\*(C`EV_FEATURES\*(C'\fR disabled),
+usually more than enough. If you need to manage thousands of children you
+might want to increase this value (\fImust\fR be a power of two).
+.IP "\s-1EV_INOTIFY_HASHSIZE\s0" 4
+.IX Item "EV_INOTIFY_HASHSIZE"
+\&\f(CW\*(C`ev_stat\*(C'\fR watchers use a small hash table to distribute workload by
+inotify watch id. The default size is \f(CW16\fR (or \f(CW1\fR with \f(CW\*(C`EV_FEATURES\*(C'\fR
+disabled), usually more than enough. If you need to manage thousands of
+\&\f(CW\*(C`ev_stat\*(C'\fR watchers you might want to increase this value (\fImust\fR be a
+power of two).
+.IP "\s-1EV_USE_4HEAP\s0" 4
+.IX Item "EV_USE_4HEAP"
+Heaps are not very cache-efficient. To improve the cache-efficiency of the
+timer and periodics heaps, libev uses a 4\-heap when this symbol is defined
+to \f(CW1\fR. The 4\-heap uses more complicated (longer) code but has noticeably
+faster performance with many (thousands) of watchers.
+.Sp
+The default is \f(CW1\fR, unless \f(CW\*(C`EV_FEATURES\*(C'\fR overrides it, in which case it
+will be \f(CW0\fR.
+.IP "\s-1EV_HEAP_CACHE_AT\s0" 4
+.IX Item "EV_HEAP_CACHE_AT"
+Heaps are not very cache-efficient. To improve the cache-efficiency of the
+timer and periodics heaps, libev can cache the timestamp (\fIat\fR) within
+the heap structure (selected by defining \f(CW\*(C`EV_HEAP_CACHE_AT\*(C'\fR to \f(CW1\fR),
+which uses 8\-12 bytes more per watcher and a few hundred bytes more code,
+but avoids random read accesses on heap changes. This improves performance
+noticeably with many (hundreds) of watchers.
+.Sp
+The default is \f(CW1\fR, unless \f(CW\*(C`EV_FEATURES\*(C'\fR overrides it, in which case it
+will be \f(CW0\fR.
+.IP "\s-1EV_VERIFY\s0" 4
+.IX Item "EV_VERIFY"
+Controls how much internal verification (see \f(CW\*(C`ev_verify ()\*(C'\fR) will
+be done: If set to \f(CW0\fR, no internal verification code will be compiled
+in. If set to \f(CW1\fR, then verification code will be compiled in, but not
+called. If set to \f(CW2\fR, then the internal verification code will be
+called once per loop, which can slow down libev. If set to \f(CW3\fR, then the
+verification code will be called very frequently, which will slow down
+libev considerably.
+.Sp
+Verification errors are reported via C's \f(CW\*(C`assert\*(C'\fR mechanism, so if you
+disable that (e.g. by defining \f(CW\*(C`NDEBUG\*(C'\fR) then no errors will be reported.
+.Sp
+The default is \f(CW1\fR, unless \f(CW\*(C`EV_FEATURES\*(C'\fR overrides it, in which case it
+will be \f(CW0\fR.
+.IP "\s-1EV_COMMON\s0" 4
+.IX Item "EV_COMMON"
+By default, all watchers have a \f(CW\*(C`void *data\*(C'\fR member. By redefining
+this macro to something else you can include more and other types of
+members. You have to define it each time you include one of the files,
+though, and it must be identical each time.
+.Sp
+For example, the perl \s-1EV\s0 module uses something like this:
+.Sp
+.Vb 3
+\&   #define EV_COMMON                       \e
+\&     SV *self; /* contains this struct */  \e
+\&     SV *cb_sv, *fh /* note no trailing ";" */
+.Ve
+.IP "\s-1EV_CB_DECLARE\s0 (type)" 4
+.IX Item "EV_CB_DECLARE (type)"
+.PD 0
+.IP "\s-1EV_CB_INVOKE\s0 (watcher, revents)" 4
+.IX Item "EV_CB_INVOKE (watcher, revents)"
+.IP "ev_set_cb (ev, cb)" 4
+.IX Item "ev_set_cb (ev, cb)"
+.PD
+Can be used to change the callback member declaration in each watcher,
+and the way callbacks are invoked and set. Must expand to a struct member
+definition and a statement, respectively. See the \fIev.h\fR header file for
+their default definitions. One possible use for overriding these is to
+avoid the \f(CW\*(C`struct ev_loop *\*(C'\fR as first argument in all cases, or to use
+method calls instead of plain function calls in \*(C+.
+.SS "\s-1EXPORTED API SYMBOLS\s0"
+.IX Subsection "EXPORTED API SYMBOLS"
+If you need to re-export the \s-1API\s0 (e.g. via a \s-1DLL\s0) and you need a list of
+exported symbols, you can use the provided \fISymbol.*\fR files which list
+all public symbols, one per line:
+.PP
+.Vb 2
+\&   Symbols.ev      for libev proper
+\&   Symbols.event   for the libevent emulation
+.Ve
+.PP
+This can also be used to rename all public symbols to avoid clashes with
+multiple versions of libev linked together (which is obviously bad in
+itself, but sometimes it is inconvenient to avoid this).
+.PP
+A sed command like this will create wrapper \f(CW\*(C`#define\*(C'\fR's that you need to
+include before including \fIev.h\fR:
+.PP
+.Vb 1
+\&   <Symbols.ev sed \-e "s/.*/#define & myprefix_&/" >wrap.h
+.Ve
+.PP
+This would create a file \fIwrap.h\fR which essentially looks like this:
+.PP
+.Vb 4
+\&   #define ev_backend     myprefix_ev_backend
+\&   #define ev_check_start myprefix_ev_check_start
+\&   #define ev_check_stop  myprefix_ev_check_stop
+\&   ...
+.Ve
+.SS "\s-1EXAMPLES\s0"
+.IX Subsection "EXAMPLES"
+For a real-world example of a program the includes libev
+verbatim, you can have a look at the \s-1EV\s0 perl module
+(<http://software.schmorp.de/pkg/EV.html>). It has the libev files in
+the \fIlibev/\fR subdirectory and includes them in the \fI\s-1EV/EVAPI\s0.h\fR (public
+interface) and \fI\s-1EV\s0.xs\fR (implementation) files. Only the \fI\s-1EV\s0.xs\fR file
+will be compiled. It is pretty complex because it provides its own header
+file.
+.PP
+The usage in rxvt-unicode is simpler. It has a \fIev_cpp.h\fR header file
+that everybody includes and which overrides some configure choices:
+.PP
+.Vb 8
+\&   #define EV_FEATURES 8
+\&   #define EV_USE_SELECT 1
+\&   #define EV_PREPARE_ENABLE 1
+\&   #define EV_IDLE_ENABLE 1
+\&   #define EV_SIGNAL_ENABLE 1
+\&   #define EV_CHILD_ENABLE 1
+\&   #define EV_USE_STDEXCEPT 0
+\&   #define EV_CONFIG_H <config.h>
+\&
+\&   #include "ev++.h"
+.Ve
+.PP
+And a \fIev_cpp.C\fR implementation file that contains libev proper and is compiled:
+.PP
+.Vb 2
+\&   #include "ev_cpp.h"
+\&   #include "ev.c"
+.Ve
+.SH "INTERACTION WITH OTHER PROGRAMS, LIBRARIES OR THE ENVIRONMENT"
+.IX Header "INTERACTION WITH OTHER PROGRAMS, LIBRARIES OR THE ENVIRONMENT"
+.SS "\s-1THREADS AND COROUTINES\s0"
+.IX Subsection "THREADS AND COROUTINES"
+\fI\s-1THREADS\s0\fR
+.IX Subsection "THREADS"
+.PP
+All libev functions are reentrant and thread-safe unless explicitly
+documented otherwise, but libev implements no locking itself. This means
+that you can use as many loops as you want in parallel, as long as there
+are no concurrent calls into any libev function with the same loop
+parameter (\f(CW\*(C`ev_default_*\*(C'\fR calls have an implicit default loop parameter,
+of course): libev guarantees that different event loops share no data
+structures that need any locking.
+.PP
+Or to put it differently: calls with different loop parameters can be done
+concurrently from multiple threads, calls with the same loop parameter
+must be done serially (but can be done from different threads, as long as
+only one thread ever is inside a call at any point in time, e.g. by using
+a mutex per loop).
+.PP
+Specifically to support threads (and signal handlers), libev implements
+so-called \f(CW\*(C`ev_async\*(C'\fR watchers, which allow some limited form of
+concurrency on the same event loop, namely waking it up \*(L"from the
+outside\*(R".
+.PP
+If you want to know which design (one loop, locking, or multiple loops
+without or something else still) is best for your problem, then I cannot
+help you, but here is some generic advice:
+.IP "\(bu" 4
+most applications have a main thread: use the default libev loop
+in that thread, or create a separate thread running only the default loop.
+.Sp
+This helps integrating other libraries or software modules that use libev
+themselves and don't care/know about threading.
+.IP "\(bu" 4
+one loop per thread is usually a good model.
+.Sp
+Doing this is almost never wrong, sometimes a better-performance model
+exists, but it is always a good start.
+.IP "\(bu" 4
+other models exist, such as the leader/follower pattern, where one
+loop is handed through multiple threads in a kind of round-robin fashion.
+.Sp
+Choosing a model is hard \- look around, learn, know that usually you can do
+better than you currently do :\-)
+.IP "\(bu" 4
+often you need to talk to some other thread which blocks in the
+event loop.
+.Sp
+\&\f(CW\*(C`ev_async\*(C'\fR watchers can be used to wake them up from other threads safely
+(or from signal contexts...).
+.Sp
+An example use would be to communicate signals or other events that only
+work in the default loop by registering the signal watcher with the
+default loop and triggering an \f(CW\*(C`ev_async\*(C'\fR watcher from the default loop
+watcher callback into the event loop interested in the signal.
+.PP
+See also \*(L"\s-1THREAD LOCKING EXAMPLE\*(R"\s0.
+.PP
+\fI\s-1COROUTINES\s0\fR
+.IX Subsection "COROUTINES"
+.PP
+Libev is very accommodating to coroutines (\*(L"cooperative threads\*(R"):
+libev fully supports nesting calls to its functions from different
+coroutines (e.g. you can call \f(CW\*(C`ev_run\*(C'\fR on the same loop from two
+different coroutines, and switch freely between both coroutines running
+the loop, as long as you don't confuse yourself). The only exception is
+that you must not do this from \f(CW\*(C`ev_periodic\*(C'\fR reschedule callbacks.
+.PP
+Care has been taken to ensure that libev does not keep local state inside
+\&\f(CW\*(C`ev_run\*(C'\fR, and other calls do not usually allow for coroutine switches as
+they do not call any callbacks.
+.SS "\s-1COMPILER WARNINGS\s0"
+.IX Subsection "COMPILER WARNINGS"
+Depending on your compiler and compiler settings, you might get no or a
+lot of warnings when compiling libev code. Some people are apparently
+scared by this.
+.PP
+However, these are unavoidable for many reasons. For one, each compiler
+has different warnings, and each user has different tastes regarding
+warning options. \*(L"Warn-free\*(R" code therefore cannot be a goal except when
+targeting a specific compiler and compiler-version.
+.PP
+Another reason is that some compiler warnings require elaborate
+workarounds, or other changes to the code that make it less clear and less
+maintainable.
+.PP
+And of course, some compiler warnings are just plain stupid, or simply
+wrong (because they don't actually warn about the condition their message
+seems to warn about). For example, certain older gcc versions had some
+warnings that resulted in an extreme number of false positives. These have
+been fixed, but some people still insist on making code warn-free with
+such buggy versions.
+.PP
+While libev is written to generate as few warnings as possible,
+\&\*(L"warn-free\*(R" code is not a goal, and it is recommended not to build libev
+with any compiler warnings enabled unless you are prepared to cope with
+them (e.g. by ignoring them). Remember that warnings are just that:
+warnings, not errors, or proof of bugs.
+.SS "\s-1VALGRIND\s0"
+.IX Subsection "VALGRIND"
+Valgrind has a special section here because it is a popular tool that is
+highly useful. Unfortunately, valgrind reports are very hard to interpret.
+.PP
+If you think you found a bug (memory leak, uninitialised data access etc.)
+in libev, then check twice: If valgrind reports something like:
+.PP
+.Vb 3
+\&   ==2274==    definitely lost: 0 bytes in 0 blocks.
+\&   ==2274==      possibly lost: 0 bytes in 0 blocks.
+\&   ==2274==    still reachable: 256 bytes in 1 blocks.
+.Ve
+.PP
+Then there is no memory leak, just as memory accounted to global variables
+is not a memleak \- the memory is still being referenced, and didn't leak.
+.PP
+Similarly, under some circumstances, valgrind might report kernel bugs
+as if it were a bug in libev (e.g. in realloc or in the poll backend,
+although an acceptable workaround has been found here), or it might be
+confused.
+.PP
+Keep in mind that valgrind is a very good tool, but only a tool. Don't
+make it into some kind of religion.
+.PP
+If you are unsure about something, feel free to contact the mailing list
+with the full valgrind report and an explanation on why you think this
+is a bug in libev (best check the archives, too :). However, don't be
+annoyed when you get a brisk \*(L"this is no bug\*(R" answer and take the chance
+of learning how to interpret valgrind properly.
+.PP
+If you need, for some reason, empty reports from valgrind for your project
+I suggest using suppression lists.
+.SH "PORTABILITY NOTES"
+.IX Header "PORTABILITY NOTES"
+.SS "\s-1GNU/LINUX 32 BIT LIMITATIONS\s0"
+.IX Subsection "GNU/LINUX 32 BIT LIMITATIONS"
+GNU/Linux is the only common platform that supports 64 bit file/large file
+interfaces but \fIdisables\fR them by default.
+.PP
+That means that libev compiled in the default environment doesn't support
+files larger than 2GiB or so, which mainly affects \f(CW\*(C`ev_stat\*(C'\fR watchers.
+.PP
+Unfortunately, many programs try to work around this GNU/Linux issue
+by enabling the large file \s-1API,\s0 which makes them incompatible with the
+standard libev compiled for their system.
+.PP
+Likewise, libev cannot enable the large file \s-1API\s0 itself as this would
+suddenly make it incompatible to the default compile time environment,
+i.e. all programs not using special compile switches.
+.SS "\s-1OS/X AND DARWIN BUGS\s0"
+.IX Subsection "OS/X AND DARWIN BUGS"
+The whole thing is a bug if you ask me \- basically any system interface
+you touch is broken, whether it is locales, poll, kqueue or even the
+OpenGL drivers.
+.PP
+\fI\f(CI\*(C`kqueue\*(C'\fI is buggy\fR
+.IX Subsection "kqueue is buggy"
+.PP
+The kqueue syscall is broken in all known versions \- most versions support
+only sockets, many support pipes.
+.PP
+Libev tries to work around this by not using \f(CW\*(C`kqueue\*(C'\fR by default on this
+rotten platform, but of course you can still ask for it when creating a
+loop \- embedding a socket-only kqueue loop into a select-based one is
+probably going to work well.
+.PP
+\fI\f(CI\*(C`poll\*(C'\fI is buggy\fR
+.IX Subsection "poll is buggy"
+.PP
+Instead of fixing \f(CW\*(C`kqueue\*(C'\fR, Apple replaced their (working) \f(CW\*(C`poll\*(C'\fR
+implementation by something calling \f(CW\*(C`kqueue\*(C'\fR internally around the 10.5.6
+release, so now \f(CW\*(C`kqueue\*(C'\fR \fIand\fR \f(CW\*(C`poll\*(C'\fR are broken.
+.PP
+Libev tries to work around this by not using \f(CW\*(C`poll\*(C'\fR by default on
+this rotten platform, but of course you can still ask for it when creating
+a loop.
+.PP
+\fI\f(CI\*(C`select\*(C'\fI is buggy\fR
+.IX Subsection "select is buggy"
+.PP
+All that's left is \f(CW\*(C`select\*(C'\fR, and of course Apple found a way to fuck this
+one up as well: On \s-1OS/X,\s0 \f(CW\*(C`select\*(C'\fR actively limits the number of file
+descriptors you can pass in to 1024 \- your program suddenly crashes when
+you use more.
+.PP
+There is an undocumented \*(L"workaround\*(R" for this \- defining
+\&\f(CW\*(C`_DARWIN_UNLIMITED_SELECT\*(C'\fR, which libev tries to use, so select \fIshould\fR
+work on \s-1OS/X.\s0
+.SS "\s-1SOLARIS PROBLEMS AND WORKAROUNDS\s0"
+.IX Subsection "SOLARIS PROBLEMS AND WORKAROUNDS"
+\fI\f(CI\*(C`errno\*(C'\fI reentrancy\fR
+.IX Subsection "errno reentrancy"
+.PP
+The default compile environment on Solaris is unfortunately so
+thread-unsafe that you can't even use components/libraries compiled
+without \f(CW\*(C`\-D_REENTRANT\*(C'\fR in a threaded program, which, of course, isn't
+defined by default. A valid, if stupid, implementation choice.
+.PP
+If you want to use libev in threaded environments you have to make sure
+it's compiled with \f(CW\*(C`_REENTRANT\*(C'\fR defined.
+.PP
+\fIEvent port backend\fR
+.IX Subsection "Event port backend"
+.PP
+The scalable event interface for Solaris is called \*(L"event
+ports\*(R". Unfortunately, this mechanism is very buggy in all major
+releases. If you run into high \s-1CPU\s0 usage, your program freezes or you get
+a large number of spurious wakeups, make sure you have all the relevant
+and latest kernel patches applied. No, I don't know which ones, but there
+are multiple ones to apply, and afterwards, event ports actually work
+great.
+.PP
+If you can't get it to work, you can try running the program by setting
+the environment variable \f(CW\*(C`LIBEV_FLAGS=3\*(C'\fR to only allow \f(CW\*(C`poll\*(C'\fR and
+\&\f(CW\*(C`select\*(C'\fR backends.
+.SS "\s-1AIX POLL BUG\s0"
+.IX Subsection "AIX POLL BUG"
+\&\s-1AIX\s0 unfortunately has a broken \f(CW\*(C`poll.h\*(C'\fR header. Libev works around
+this by trying to avoid the poll backend altogether (i.e. it's not even
+compiled in), which normally isn't a big problem as \f(CW\*(C`select\*(C'\fR works fine
+with large bitsets on \s-1AIX,\s0 and \s-1AIX\s0 is dead anyway.
+.SS "\s-1WIN32 PLATFORM LIMITATIONS AND WORKAROUNDS\s0"
+.IX Subsection "WIN32 PLATFORM LIMITATIONS AND WORKAROUNDS"
+\fIGeneral issues\fR
+.IX Subsection "General issues"
+.PP
+Win32 doesn't support any of the standards (e.g. \s-1POSIX\s0) that libev
+requires, and its I/O model is fundamentally incompatible with the \s-1POSIX\s0
+model. Libev still offers limited functionality on this platform in
+the form of the \f(CW\*(C`EVBACKEND_SELECT\*(C'\fR backend, and only supports socket
+descriptors. This only applies when using Win32 natively, not when using
+e.g. cygwin. Actually, it only applies to the microsofts own compilers,
+as every compiler comes with a slightly differently broken/incompatible
+environment.
+.PP
+Lifting these limitations would basically require the full
+re-implementation of the I/O system. If you are into this kind of thing,
+then note that glib does exactly that for you in a very portable way (note
+also that glib is the slowest event library known to man).
+.PP
+There is no supported compilation method available on windows except
+embedding it into other applications.
+.PP
+Sensible signal handling is officially unsupported by Microsoft \- libev
+tries its best, but under most conditions, signals will simply not work.
+.PP
+Not a libev limitation but worth mentioning: windows apparently doesn't
+accept large writes: instead of resulting in a partial write, windows will
+either accept everything or return \f(CW\*(C`ENOBUFS\*(C'\fR if the buffer is too large,
+so make sure you only write small amounts into your sockets (less than a
+megabyte seems safe, but this apparently depends on the amount of memory
+available).
+.PP
+Due to the many, low, and arbitrary limits on the win32 platform and
+the abysmal performance of winsockets, using a large number of sockets
+is not recommended (and not reasonable). If your program needs to use
+more than a hundred or so sockets, then likely it needs to use a totally
+different implementation for windows, as libev offers the \s-1POSIX\s0 readiness
+notification model, which cannot be implemented efficiently on windows
+(due to Microsoft monopoly games).
+.PP
+A typical way to use libev under windows is to embed it (see the embedding
+section for details) and use the following \fIevwrap.h\fR header file instead
+of \fIev.h\fR:
+.PP
+.Vb 2
+\&   #define EV_STANDALONE              /* keeps ev from requiring config.h */
+\&   #define EV_SELECT_IS_WINSOCKET 1   /* configure libev for windows select */
+\&
+\&   #include "ev.h"
+.Ve
+.PP
+And compile the following \fIevwrap.c\fR file into your project (make sure
+you do \fInot\fR compile the \fIev.c\fR or any other embedded source files!):
+.PP
+.Vb 2
+\&   #include "evwrap.h"
+\&   #include "ev.c"
+.Ve
+.PP
+\fIThe winsocket \f(CI\*(C`select\*(C'\fI function\fR
+.IX Subsection "The winsocket select function"
+.PP
+The winsocket \f(CW\*(C`select\*(C'\fR function doesn't follow \s-1POSIX\s0 in that it
+requires socket \fIhandles\fR and not socket \fIfile descriptors\fR (it is
+also extremely buggy). This makes select very inefficient, and also
+requires a mapping from file descriptors to socket handles (the Microsoft
+C runtime provides the function \f(CW\*(C`_open_osfhandle\*(C'\fR for this). See the
+discussion of the \f(CW\*(C`EV_SELECT_USE_FD_SET\*(C'\fR, \f(CW\*(C`EV_SELECT_IS_WINSOCKET\*(C'\fR and
+\&\f(CW\*(C`EV_FD_TO_WIN32_HANDLE\*(C'\fR preprocessor symbols for more info.
+.PP
+The configuration for a \*(L"naked\*(R" win32 using the Microsoft runtime
+libraries and raw winsocket select is:
+.PP
+.Vb 2
+\&   #define EV_USE_SELECT 1
+\&   #define EV_SELECT_IS_WINSOCKET 1   /* forces EV_SELECT_USE_FD_SET, too */
+.Ve
+.PP
+Note that winsockets handling of fd sets is O(n), so you can easily get a
+complexity in the O(nX) range when using win32.
+.PP
+\fILimited number of file descriptors\fR
+.IX Subsection "Limited number of file descriptors"
+.PP
+Windows has numerous arbitrary (and low) limits on things.
+.PP
+Early versions of winsocket's select only supported waiting for a maximum
+of \f(CW64\fR handles (probably owning to the fact that all windows kernels
+can only wait for \f(CW64\fR things at the same time internally; Microsoft
+recommends spawning a chain of threads and wait for 63 handles and the
+previous thread in each. Sounds great!).
+.PP
+Newer versions support more handles, but you need to define \f(CW\*(C`FD_SETSIZE\*(C'\fR
+to some high number (e.g. \f(CW2048\fR) before compiling the winsocket select
+call (which might be in libev or elsewhere, for example, perl and many
+other interpreters do their own select emulation on windows).
+.PP
+Another limit is the number of file descriptors in the Microsoft runtime
+libraries, which by default is \f(CW64\fR (there must be a hidden \fI64\fR
+fetish or something like this inside Microsoft). You can increase this
+by calling \f(CW\*(C`_setmaxstdio\*(C'\fR, which can increase this limit to \f(CW2048\fR
+(another arbitrary limit), but is broken in many versions of the Microsoft
+runtime libraries. This might get you to about \f(CW512\fR or \f(CW2048\fR sockets
+(depending on windows version and/or the phase of the moon). To get more,
+you need to wrap all I/O functions and provide your own fd management, but
+the cost of calling select (O(nX)) will likely make this unworkable.
+.SS "\s-1PORTABILITY REQUIREMENTS\s0"
+.IX Subsection "PORTABILITY REQUIREMENTS"
+In addition to a working ISO-C implementation and of course the
+backend-specific APIs, libev relies on a few additional extensions:
+.ie n .IP """void (*)(ev_watcher_type *, int revents)"" must have compatible calling conventions regardless of ""ev_watcher_type *""." 4
+.el .IP "\f(CWvoid (*)(ev_watcher_type *, int revents)\fR must have compatible calling conventions regardless of \f(CWev_watcher_type *\fR." 4
+.IX Item "void (*)(ev_watcher_type *, int revents) must have compatible calling conventions regardless of ev_watcher_type *."
+Libev assumes not only that all watcher pointers have the same internal
+structure (guaranteed by \s-1POSIX\s0 but not by \s-1ISO C\s0 for example), but it also
+assumes that the same (machine) code can be used to call any watcher
+callback: The watcher callbacks have different type signatures, but libev
+calls them using an \f(CW\*(C`ev_watcher *\*(C'\fR internally.
+.IP "null pointers and integer zero are represented by 0 bytes" 4
+.IX Item "null pointers and integer zero are represented by 0 bytes"
+Libev uses \f(CW\*(C`memset\*(C'\fR to initialise structs and arrays to \f(CW0\fR bytes, and
+relies on this setting pointers and integers to null.
+.IP "pointer accesses must be thread-atomic" 4
+.IX Item "pointer accesses must be thread-atomic"
+Accessing a pointer value must be atomic, it must both be readable and
+writable in one piece \- this is the case on all current architectures.
+.ie n .IP """sig_atomic_t volatile"" must be thread-atomic as well" 4
+.el .IP "\f(CWsig_atomic_t volatile\fR must be thread-atomic as well" 4
+.IX Item "sig_atomic_t volatile must be thread-atomic as well"
+The type \f(CW\*(C`sig_atomic_t volatile\*(C'\fR (or whatever is defined as
+\&\f(CW\*(C`EV_ATOMIC_T\*(C'\fR) must be atomic with respect to accesses from different
+threads. This is not part of the specification for \f(CW\*(C`sig_atomic_t\*(C'\fR, but is
+believed to be sufficiently portable.
+.ie n .IP """sigprocmask"" must work in a threaded environment" 4
+.el .IP "\f(CWsigprocmask\fR must work in a threaded environment" 4
+.IX Item "sigprocmask must work in a threaded environment"
+Libev uses \f(CW\*(C`sigprocmask\*(C'\fR to temporarily block signals. This is not
+allowed in a threaded program (\f(CW\*(C`pthread_sigmask\*(C'\fR has to be used). Typical
+pthread implementations will either allow \f(CW\*(C`sigprocmask\*(C'\fR in the \*(L"main
+thread\*(R" or will block signals process-wide, both behaviours would
+be compatible with libev. Interaction between \f(CW\*(C`sigprocmask\*(C'\fR and
+\&\f(CW\*(C`pthread_sigmask\*(C'\fR could complicate things, however.
+.Sp
+The most portable way to handle signals is to block signals in all threads
+except the initial one, and run the signal handling loop in the initial
+thread as well.
+.ie n .IP """long"" must be large enough for common memory allocation sizes" 4
+.el .IP "\f(CWlong\fR must be large enough for common memory allocation sizes" 4
+.IX Item "long must be large enough for common memory allocation sizes"
+To improve portability and simplify its \s-1API,\s0 libev uses \f(CW\*(C`long\*(C'\fR internally
+instead of \f(CW\*(C`size_t\*(C'\fR when allocating its data structures. On non-POSIX
+systems (Microsoft...) this might be unexpectedly low, but is still at
+least 31 bits everywhere, which is enough for hundreds of millions of
+watchers.
+.ie n .IP """double"" must hold a time value in seconds with enough accuracy" 4
+.el .IP "\f(CWdouble\fR must hold a time value in seconds with enough accuracy" 4
+.IX Item "double must hold a time value in seconds with enough accuracy"
+The type \f(CW\*(C`double\*(C'\fR is used to represent timestamps. It is required to
+have at least 51 bits of mantissa (and 9 bits of exponent), which is
+good enough for at least into the year 4000 with millisecond accuracy
+(the design goal for libev). This requirement is overfulfilled by
+implementations using \s-1IEEE 754,\s0 which is basically all existing ones.
+.Sp
+With \s-1IEEE 754\s0 doubles, you get microsecond accuracy until at least the
+year 2255 (and millisecond accuracy till the year 287396 \- by then, libev
+is either obsolete or somebody patched it to use \f(CW\*(C`long double\*(C'\fR or
+something like that, just kidding).
+.PP
+If you know of other additional requirements drop me a note.
+.SH "ALGORITHMIC COMPLEXITIES"
+.IX Header "ALGORITHMIC COMPLEXITIES"
+In this section the complexities of (many of) the algorithms used inside
+libev will be documented. For complexity discussions about backends see
+the documentation for \f(CW\*(C`ev_default_init\*(C'\fR.
+.PP
+All of the following are about amortised time: If an array needs to be
+extended, libev needs to realloc and move the whole array, but this
+happens asymptotically rarer with higher number of elements, so O(1) might
+mean that libev does a lengthy realloc operation in rare cases, but on
+average it is much faster and asymptotically approaches constant time.
+.IP "Starting and stopping timer/periodic watchers: O(log skipped_other_timers)" 4
+.IX Item "Starting and stopping timer/periodic watchers: O(log skipped_other_timers)"
+This means that, when you have a watcher that triggers in one hour and
+there are 100 watchers that would trigger before that, then inserting will
+have to skip roughly seven (\f(CW\*(C`ld 100\*(C'\fR) of these watchers.
+.IP "Changing timer/periodic watchers (by autorepeat or calling again): O(log skipped_other_timers)" 4
+.IX Item "Changing timer/periodic watchers (by autorepeat or calling again): O(log skipped_other_timers)"
+That means that changing a timer costs less than removing/adding them,
+as only the relative motion in the event queue has to be paid for.
+.IP "Starting io/check/prepare/idle/signal/child/fork/async watchers: O(1)" 4
+.IX Item "Starting io/check/prepare/idle/signal/child/fork/async watchers: O(1)"
+These just add the watcher into an array or at the head of a list.
+.IP "Stopping check/prepare/idle/fork/async watchers: O(1)" 4
+.IX Item "Stopping check/prepare/idle/fork/async watchers: O(1)"
+.PD 0
+.IP "Stopping an io/signal/child watcher: O(number_of_watchers_for_this_(fd/signal/pid % \s-1EV_PID_HASHSIZE\s0))" 4
+.IX Item "Stopping an io/signal/child watcher: O(number_of_watchers_for_this_(fd/signal/pid % EV_PID_HASHSIZE))"
+.PD
+These watchers are stored in lists, so they need to be walked to find the
+correct watcher to remove. The lists are usually short (you don't usually
+have many watchers waiting for the same fd or signal: one is typical, two
+is rare).
+.IP "Finding the next timer in each loop iteration: O(1)" 4
+.IX Item "Finding the next timer in each loop iteration: O(1)"
+By virtue of using a binary or 4\-heap, the next timer is always found at a
+fixed position in the storage array.
+.IP "Each change on a file descriptor per loop iteration: O(number_of_watchers_for_this_fd)" 4
+.IX Item "Each change on a file descriptor per loop iteration: O(number_of_watchers_for_this_fd)"
+A change means an I/O watcher gets started or stopped, which requires
+libev to recalculate its status (and possibly tell the kernel, depending
+on backend and whether \f(CW\*(C`ev_io_set\*(C'\fR was used).
+.IP "Activating one watcher (putting it into the pending state): O(1)" 4
+.IX Item "Activating one watcher (putting it into the pending state): O(1)"
+.PD 0
+.IP "Priority handling: O(number_of_priorities)" 4
+.IX Item "Priority handling: O(number_of_priorities)"
+.PD
+Priorities are implemented by allocating some space for each
+priority. When doing priority-based operations, libev usually has to
+linearly search all the priorities, but starting/stopping and activating
+watchers becomes O(1) with respect to priority handling.
+.IP "Sending an ev_async: O(1)" 4
+.IX Item "Sending an ev_async: O(1)"
+.PD 0
+.IP "Processing ev_async_send: O(number_of_async_watchers)" 4
+.IX Item "Processing ev_async_send: O(number_of_async_watchers)"
+.IP "Processing signals: O(max_signal_number)" 4
+.IX Item "Processing signals: O(max_signal_number)"
+.PD
+Sending involves a system call \fIiff\fR there were no other \f(CW\*(C`ev_async_send\*(C'\fR
+calls in the current loop iteration and the loop is currently
+blocked. Checking for async and signal events involves iterating over all
+running async watchers or all signal numbers.
+.SH "PORTING FROM LIBEV 3.X TO 4.X"
+.IX Header "PORTING FROM LIBEV 3.X TO 4.X"
+The major version 4 introduced some incompatible changes to the \s-1API.\s0
+.PP
+At the moment, the \f(CW\*(C`ev.h\*(C'\fR header file provides compatibility definitions
+for all changes, so most programs should still compile. The compatibility
+layer might be removed in later versions of libev, so better update to the
+new \s-1API\s0 early than late.
+.ie n .IP """EV_COMPAT3"" backwards compatibility mechanism" 4
+.el .IP "\f(CWEV_COMPAT3\fR backwards compatibility mechanism" 4
+.IX Item "EV_COMPAT3 backwards compatibility mechanism"
+The backward compatibility mechanism can be controlled by
+\&\f(CW\*(C`EV_COMPAT3\*(C'\fR. See \*(L"\s-1PREPROCESSOR SYMBOLS/MACROS\*(R"\s0 in the \*(L"\s-1EMBEDDING\*(R"\s0
+section.
+.ie n .IP """ev_default_destroy"" and ""ev_default_fork"" have been removed" 4
+.el .IP "\f(CWev_default_destroy\fR and \f(CWev_default_fork\fR have been removed" 4
+.IX Item "ev_default_destroy and ev_default_fork have been removed"
+These calls can be replaced easily by their \f(CW\*(C`ev_loop_xxx\*(C'\fR counterparts:
+.Sp
+.Vb 2
+\&   ev_loop_destroy (EV_DEFAULT_UC);
+\&   ev_loop_fork (EV_DEFAULT);
+.Ve
+.IP "function/symbol renames" 4
+.IX Item "function/symbol renames"
+A number of functions and symbols have been renamed:
+.Sp
+.Vb 3
+\&  ev_loop         => ev_run
+\&  EVLOOP_NONBLOCK => EVRUN_NOWAIT
+\&  EVLOOP_ONESHOT  => EVRUN_ONCE
+\&
+\&  ev_unloop       => ev_break
+\&  EVUNLOOP_CANCEL => EVBREAK_CANCEL
+\&  EVUNLOOP_ONE    => EVBREAK_ONE
+\&  EVUNLOOP_ALL    => EVBREAK_ALL
+\&
+\&  EV_TIMEOUT      => EV_TIMER
+\&
+\&  ev_loop_count   => ev_iteration
+\&  ev_loop_depth   => ev_depth
+\&  ev_loop_verify  => ev_verify
+.Ve
+.Sp
+Most functions working on \f(CW\*(C`struct ev_loop\*(C'\fR objects don't have an
+\&\f(CW\*(C`ev_loop_\*(C'\fR prefix, so it was removed; \f(CW\*(C`ev_loop\*(C'\fR, \f(CW\*(C`ev_unloop\*(C'\fR and
+associated constants have been renamed to not collide with the \f(CW\*(C`struct
+ev_loop\*(C'\fR anymore and \f(CW\*(C`EV_TIMER\*(C'\fR now follows the same naming scheme
+as all other watcher types. Note that \f(CW\*(C`ev_loop_fork\*(C'\fR is still called
+\&\f(CW\*(C`ev_loop_fork\*(C'\fR because it would otherwise clash with the \f(CW\*(C`ev_fork\*(C'\fR
+typedef.
+.ie n .IP """EV_MINIMAL"" mechanism replaced by ""EV_FEATURES""" 4
+.el .IP "\f(CWEV_MINIMAL\fR mechanism replaced by \f(CWEV_FEATURES\fR" 4
+.IX Item "EV_MINIMAL mechanism replaced by EV_FEATURES"
+The preprocessor symbol \f(CW\*(C`EV_MINIMAL\*(C'\fR has been replaced by a different
+mechanism, \f(CW\*(C`EV_FEATURES\*(C'\fR. Programs using \f(CW\*(C`EV_MINIMAL\*(C'\fR usually compile
+and work, but the library code will of course be larger.
+.SH "GLOSSARY"
+.IX Header "GLOSSARY"
+.IP "active" 4
+.IX Item "active"
+A watcher is active as long as it has been started and not yet stopped.
+See \*(L"\s-1WATCHER STATES\*(R"\s0 for details.
+.IP "application" 4
+.IX Item "application"
+In this document, an application is whatever is using libev.
+.IP "backend" 4
+.IX Item "backend"
+The part of the code dealing with the operating system interfaces.
+.IP "callback" 4
+.IX Item "callback"
+The address of a function that is called when some event has been
+detected. Callbacks are being passed the event loop, the watcher that
+received the event, and the actual event bitset.
+.IP "callback/watcher invocation" 4
+.IX Item "callback/watcher invocation"
+The act of calling the callback associated with a watcher.
+.IP "event" 4
+.IX Item "event"
+A change of state of some external event, such as data now being available
+for reading on a file descriptor, time having passed or simply not having
+any other events happening anymore.
+.Sp
+In libev, events are represented as single bits (such as \f(CW\*(C`EV_READ\*(C'\fR or
+\&\f(CW\*(C`EV_TIMER\*(C'\fR).
+.IP "event library" 4
+.IX Item "event library"
+A software package implementing an event model and loop.
+.IP "event loop" 4
+.IX Item "event loop"
+An entity that handles and processes external events and converts them
+into callback invocations.
+.IP "event model" 4
+.IX Item "event model"
+The model used to describe how an event loop handles and processes
+watchers and events.
+.IP "pending" 4
+.IX Item "pending"
+A watcher is pending as soon as the corresponding event has been
+detected. See \*(L"\s-1WATCHER STATES\*(R"\s0 for details.
+.IP "real time" 4
+.IX Item "real time"
+The physical time that is observed. It is apparently strictly monotonic :)
+.IP "wall-clock time" 4
+.IX Item "wall-clock time"
+The time and date as shown on clocks. Unlike real time, it can actually
+be wrong and jump forwards and backwards, e.g. when you adjust your
+clock.
+.IP "watcher" 4
+.IX Item "watcher"
+A data structure that describes interest in certain events. Watchers need
+to be started (attached to an event loop) before they can receive events.
+.SH "AUTHOR"
+.IX Header "AUTHOR"
+Marc Lehmann <libev@schmorp.de>, with repeated corrections by Mikael
+Magnusson and Emanuele Giaquinta, and minor corrections by many others.
diff --git a/client/3rd/ShadowSocks/ShadowSocks/libsodium/include/module.modulemap b/client/3rd/ShadowSocks/ShadowSocks/libsodium/include/module.modulemap
new file mode 100644
index 00000000..d5e34df3
--- /dev/null
+++ b/client/3rd/ShadowSocks/ShadowSocks/libsodium/include/module.modulemap
@@ -0,0 +1,4 @@
+module Clibsodium {
+    header "sodium.h"
+    export *
+}
diff --git a/client/3rd/ShadowSocks/ShadowSocks/libsodium/include/sodium.h b/client/3rd/ShadowSocks/ShadowSocks/libsodium/include/sodium.h
new file mode 100644
index 00000000..610d6328
--- /dev/null
+++ b/client/3rd/ShadowSocks/ShadowSocks/libsodium/include/sodium.h
@@ -0,0 +1,73 @@
+
+#ifndef sodium_H
+#define sodium_H
+
+#include "sodium/version.h"
+
+#include "sodium/core.h"
+#include "sodium/crypto_aead_aes256gcm.h"
+#include "sodium/crypto_aead_aegis128l.h"
+#include "sodium/crypto_aead_aegis256.h"
+#include "sodium/crypto_aead_chacha20poly1305.h"
+#include "sodium/crypto_aead_xchacha20poly1305.h"
+#include "sodium/crypto_auth.h"
+#include "sodium/crypto_auth_hmacsha256.h"
+#include "sodium/crypto_auth_hmacsha512.h"
+#include "sodium/crypto_auth_hmacsha512256.h"
+#include "sodium/crypto_box.h"
+#include "sodium/crypto_box_curve25519xsalsa20poly1305.h"
+#include "sodium/crypto_core_hsalsa20.h"
+#include "sodium/crypto_core_hchacha20.h"
+#include "sodium/crypto_core_salsa20.h"
+#include "sodium/crypto_core_salsa2012.h"
+#include "sodium/crypto_core_salsa208.h"
+#include "sodium/crypto_generichash.h"
+#include "sodium/crypto_generichash_blake2b.h"
+#include "sodium/crypto_hash.h"
+#include "sodium/crypto_hash_sha256.h"
+#include "sodium/crypto_hash_sha512.h"
+#include "sodium/crypto_kdf.h"
+#include "sodium/crypto_kdf_blake2b.h"
+#include "sodium/crypto_kx.h"
+#include "sodium/crypto_onetimeauth.h"
+#include "sodium/crypto_onetimeauth_poly1305.h"
+#include "sodium/crypto_pwhash.h"
+#include "sodium/crypto_pwhash_argon2i.h"
+#include "sodium/crypto_scalarmult.h"
+#include "sodium/crypto_scalarmult_curve25519.h"
+#include "sodium/crypto_secretbox.h"
+#include "sodium/crypto_secretbox_xsalsa20poly1305.h"
+#include "sodium/crypto_secretstream_xchacha20poly1305.h"
+#include "sodium/crypto_shorthash.h"
+#include "sodium/crypto_shorthash_siphash24.h"
+#include "sodium/crypto_sign.h"
+#include "sodium/crypto_sign_ed25519.h"
+#include "sodium/crypto_stream.h"
+#include "sodium/crypto_stream_chacha20.h"
+#include "sodium/crypto_stream_salsa20.h"
+#include "sodium/crypto_stream_xsalsa20.h"
+#include "sodium/crypto_verify_16.h"
+#include "sodium/crypto_verify_32.h"
+#include "sodium/crypto_verify_64.h"
+#include "sodium/randombytes.h"
+#include "sodium/randombytes_internal_random.h"
+#include "sodium/randombytes_sysrandom.h"
+#include "sodium/runtime.h"
+#include "sodium/utils.h"
+
+#ifndef SODIUM_LIBRARY_MINIMAL
+# include "sodium/crypto_box_curve25519xchacha20poly1305.h"
+# include "sodium/crypto_core_ed25519.h"
+# include "sodium/crypto_core_ristretto255.h"
+# include "sodium/crypto_kdf_hkdf_sha256.h"
+# include "sodium/crypto_kdf_hkdf_sha512.h"
+# include "sodium/crypto_scalarmult_ed25519.h"
+# include "sodium/crypto_scalarmult_ristretto255.h"
+# include "sodium/crypto_secretbox_xchacha20poly1305.h"
+# include "sodium/crypto_pwhash_scryptsalsa208sha256.h"
+# include "sodium/crypto_stream_salsa2012.h"
+# include "sodium/crypto_stream_salsa208.h"
+# include "sodium/crypto_stream_xchacha20.h"
+#endif
+
+#endif
diff --git a/client/3rd/ShadowSocks/ShadowSocks/libsodium/include/sodium/core.h b/client/3rd/ShadowSocks/ShadowSocks/libsodium/include/sodium/core.h
new file mode 100644
index 00000000..dd088d2c
--- /dev/null
+++ b/client/3rd/ShadowSocks/ShadowSocks/libsodium/include/sodium/core.h
@@ -0,0 +1,28 @@
+
+#ifndef sodium_core_H
+#define sodium_core_H
+
+#include "export.h"
+
+#ifdef __cplusplus
+extern "C" {
+#endif
+
+SODIUM_EXPORT
+int sodium_init(void)
+            __attribute__ ((warn_unused_result));
+
+/* ---- */
+
+SODIUM_EXPORT
+int sodium_set_misuse_handler(void (*handler)(void));
+
+SODIUM_EXPORT
+void sodium_misuse(void)
+            __attribute__ ((noreturn));
+
+#ifdef __cplusplus
+}
+#endif
+
+#endif
diff --git a/client/3rd/ShadowSocks/ShadowSocks/libsodium/include/sodium/crypto_aead_aegis128l.h b/client/3rd/ShadowSocks/ShadowSocks/libsodium/include/sodium/crypto_aead_aegis128l.h
new file mode 100644
index 00000000..ed8d2f2b
--- /dev/null
+++ b/client/3rd/ShadowSocks/ShadowSocks/libsodium/include/sodium/crypto_aead_aegis128l.h
@@ -0,0 +1,96 @@
+#ifndef crypto_aead_aegis128l_H
+#define crypto_aead_aegis128l_H
+
+#include <stddef.h>
+#include "export.h"
+
+#ifdef __cplusplus
+# ifdef __GNUC__
+#  pragma GCC diagnostic ignored "-Wlong-long"
+# endif
+extern "C" {
+#endif
+
+SODIUM_EXPORT
+int crypto_aead_aegis128l_is_available(void);
+
+#define crypto_aead_aegis128l_KEYBYTES  16U
+SODIUM_EXPORT
+size_t crypto_aead_aegis128l_keybytes(void);
+
+#define crypto_aead_aegis128l_NSECBYTES 0U
+SODIUM_EXPORT
+size_t crypto_aead_aegis128l_nsecbytes(void);
+
+#define crypto_aead_aegis128l_NPUBBYTES 16U
+SODIUM_EXPORT
+size_t crypto_aead_aegis128l_npubbytes(void);
+
+#define crypto_aead_aegis128l_ABYTES    16U
+SODIUM_EXPORT
+size_t crypto_aead_aegis128l_abytes(void);
+
+#define crypto_aead_aegis128l_MESSAGEBYTES_MAX \
+    SODIUM_MIN(SODIUM_SIZE_MAX - crypto_aead_aegis128l_ABYTES, \
+               (1ULL << 61) - 1)
+SODIUM_EXPORT
+size_t crypto_aead_aegis128l_messagebytes_max(void);
+
+SODIUM_EXPORT
+int crypto_aead_aegis128l_encrypt(unsigned char *c,
+                                  unsigned long long *clen_p,
+                                  const unsigned char *m,
+                                  unsigned long long mlen,
+                                  const unsigned char *ad,
+                                  unsigned long long adlen,
+                                  const unsigned char *nsec,
+                                  const unsigned char *npub,
+                                  const unsigned char *k)
+            __attribute__ ((nonnull(1, 8, 9)));
+
+SODIUM_EXPORT
+int crypto_aead_aegis128l_decrypt(unsigned char *m,
+                                  unsigned long long *mlen_p,
+                                  unsigned char *nsec,
+                                  const unsigned char *c,
+                                  unsigned long long clen,
+                                  const unsigned char *ad,
+                                  unsigned long long adlen,
+                                  const unsigned char *npub,
+                                  const unsigned char *k)
+            __attribute__ ((warn_unused_result)) __attribute__ ((nonnull(4, 8, 9)));
+
+SODIUM_EXPORT
+int crypto_aead_aegis128l_encrypt_detached(unsigned char *c,
+                                           unsigned char *mac,
+                                           unsigned long long *maclen_p,
+                                           const unsigned char *m,
+                                           unsigned long long mlen,
+                                           const unsigned char *ad,
+                                           unsigned long long adlen,
+                                           const unsigned char *nsec,
+                                           const unsigned char *npub,
+                                           const unsigned char *k)
+            __attribute__ ((nonnull(1, 2, 9, 10)));
+
+SODIUM_EXPORT
+int crypto_aead_aegis128l_decrypt_detached(unsigned char *m,
+                                           unsigned char *nsec,
+                                           const unsigned char *c,
+                                           unsigned long long clen,
+                                           const unsigned char *mac,
+                                           const unsigned char *ad,
+                                           unsigned long long adlen,
+                                           const unsigned char *npub,
+                                           const unsigned char *k)
+            __attribute__ ((warn_unused_result)) __attribute__ ((nonnull(3, 5, 8, 9)));
+
+SODIUM_EXPORT
+void crypto_aead_aegis128l_keygen(unsigned char k[crypto_aead_aegis128l_KEYBYTES])
+            __attribute__ ((nonnull));
+
+#ifdef __cplusplus
+}
+#endif
+
+#endif
diff --git a/client/3rd/ShadowSocks/ShadowSocks/libsodium/include/sodium/crypto_aead_aegis256.h b/client/3rd/ShadowSocks/ShadowSocks/libsodium/include/sodium/crypto_aead_aegis256.h
new file mode 100644
index 00000000..32e76896
--- /dev/null
+++ b/client/3rd/ShadowSocks/ShadowSocks/libsodium/include/sodium/crypto_aead_aegis256.h
@@ -0,0 +1,96 @@
+#ifndef crypto_aead_aegis256_H
+#define crypto_aead_aegis256_H
+
+#include <stddef.h>
+#include "export.h"
+
+#ifdef __cplusplus
+# ifdef __GNUC__
+#  pragma GCC diagnostic ignored "-Wlong-long"
+# endif
+extern "C" {
+#endif
+
+SODIUM_EXPORT
+int crypto_aead_aegis256_is_available(void);
+
+#define crypto_aead_aegis256_KEYBYTES  32U
+SODIUM_EXPORT
+size_t crypto_aead_aegis256_keybytes(void);
+
+#define crypto_aead_aegis256_NSECBYTES 0U
+SODIUM_EXPORT
+size_t crypto_aead_aegis256_nsecbytes(void);
+
+#define crypto_aead_aegis256_NPUBBYTES 32U
+SODIUM_EXPORT
+size_t crypto_aead_aegis256_npubbytes(void);
+
+#define crypto_aead_aegis256_ABYTES    16U
+SODIUM_EXPORT
+size_t crypto_aead_aegis256_abytes(void);
+
+#define crypto_aead_aegis256_MESSAGEBYTES_MAX \
+    SODIUM_MIN(SODIUM_SIZE_MAX - crypto_aead_aegis256_ABYTES, \
+               (1ULL << 61) - 1)
+SODIUM_EXPORT
+size_t crypto_aead_aegis256_messagebytes_max(void);
+
+SODIUM_EXPORT
+int crypto_aead_aegis256_encrypt(unsigned char *c,
+                                 unsigned long long *clen_p,
+                                 const unsigned char *m,
+                                 unsigned long long mlen,
+                                 const unsigned char *ad,
+                                 unsigned long long adlen,
+                                 const unsigned char *nsec,
+                                 const unsigned char *npub,
+                                 const unsigned char *k)
+            __attribute__ ((nonnull(1, 8, 9)));
+
+SODIUM_EXPORT
+int crypto_aead_aegis256_decrypt(unsigned char *m,
+                                 unsigned long long *mlen_p,
+                                 unsigned char *nsec,
+                                 const unsigned char *c,
+                                 unsigned long long clen,
+                                 const unsigned char *ad,
+                                 unsigned long long adlen,
+                                 const unsigned char *npub,
+                                 const unsigned char *k)
+            __attribute__ ((warn_unused_result)) __attribute__ ((nonnull(4, 8, 9)));
+
+SODIUM_EXPORT
+int crypto_aead_aegis256_encrypt_detached(unsigned char *c,
+                                          unsigned char *mac,
+                                          unsigned long long *maclen_p,
+                                          const unsigned char *m,
+                                          unsigned long long mlen,
+                                          const unsigned char *ad,
+                                          unsigned long long adlen,
+                                          const unsigned char *nsec,
+                                          const unsigned char *npub,
+                                          const unsigned char *k)
+            __attribute__ ((nonnull(1, 2, 9, 10)));
+
+SODIUM_EXPORT
+int crypto_aead_aegis256_decrypt_detached(unsigned char *m,
+                                          unsigned char *nsec,
+                                          const unsigned char *c,
+                                          unsigned long long clen,
+                                          const unsigned char *mac,
+                                          const unsigned char *ad,
+                                          unsigned long long adlen,
+                                          const unsigned char *npub,
+                                          const unsigned char *k)
+            __attribute__ ((warn_unused_result)) __attribute__ ((nonnull(3, 5, 8, 9)));
+
+SODIUM_EXPORT
+void crypto_aead_aegis256_keygen(unsigned char k[crypto_aead_aegis256_KEYBYTES])
+            __attribute__ ((nonnull));
+
+#ifdef __cplusplus
+}
+#endif
+
+#endif
diff --git a/client/3rd/ShadowSocks/ShadowSocks/libsodium/include/sodium/crypto_aead_aes256gcm.h b/client/3rd/ShadowSocks/ShadowSocks/libsodium/include/sodium/crypto_aead_aes256gcm.h
new file mode 100644
index 00000000..9baeb3f1
--- /dev/null
+++ b/client/3rd/ShadowSocks/ShadowSocks/libsodium/include/sodium/crypto_aead_aes256gcm.h
@@ -0,0 +1,179 @@
+#ifndef crypto_aead_aes256gcm_H
+#define crypto_aead_aes256gcm_H
+
+/*
+ * WARNING: Despite being the most popular AEAD construction due to its
+ * use in TLS, safely using AES-GCM in a different context is tricky.
+ *
+ * No more than ~ 350 GB of input data should be encrypted with a given key.
+ * This is for ~ 16 KB messages -- Actual figures vary according to
+ * message sizes.
+ *
+ * In addition, nonces are short and repeated nonces would totally destroy
+ * the security of this scheme.
+ *
+ * Nonces should thus come from atomic counters, which can be difficult to
+ * set up in a distributed environment.
+ *
+ * Unless you absolutely need AES-GCM, use crypto_aead_xchacha20poly1305_ietf_*()
+ * instead. It doesn't have any of these limitations.
+ * Or, if you don't need to authenticate additional data, just stick to
+ * crypto_secretbox().
+ */
+
+#include <stddef.h>
+#include "export.h"
+
+#ifdef __cplusplus
+# ifdef __GNUC__
+#  pragma GCC diagnostic ignored "-Wlong-long"
+# endif
+extern "C" {
+#endif
+
+SODIUM_EXPORT
+int crypto_aead_aes256gcm_is_available(void);
+
+#define crypto_aead_aes256gcm_KEYBYTES  32U
+SODIUM_EXPORT
+size_t crypto_aead_aes256gcm_keybytes(void);
+
+#define crypto_aead_aes256gcm_NSECBYTES 0U
+SODIUM_EXPORT
+size_t crypto_aead_aes256gcm_nsecbytes(void);
+
+#define crypto_aead_aes256gcm_NPUBBYTES 12U
+SODIUM_EXPORT
+size_t crypto_aead_aes256gcm_npubbytes(void);
+
+#define crypto_aead_aes256gcm_ABYTES    16U
+SODIUM_EXPORT
+size_t crypto_aead_aes256gcm_abytes(void);
+
+#define crypto_aead_aes256gcm_MESSAGEBYTES_MAX \
+    SODIUM_MIN(SODIUM_SIZE_MAX - crypto_aead_aes256gcm_ABYTES, \
+               (16ULL * ((1ULL << 32) - 2ULL)))
+SODIUM_EXPORT
+size_t crypto_aead_aes256gcm_messagebytes_max(void);
+
+typedef struct CRYPTO_ALIGN(16) crypto_aead_aes256gcm_state_ {
+    unsigned char opaque[512];
+} crypto_aead_aes256gcm_state;
+
+SODIUM_EXPORT
+size_t crypto_aead_aes256gcm_statebytes(void);
+
+SODIUM_EXPORT
+int crypto_aead_aes256gcm_encrypt(unsigned char *c,
+                                  unsigned long long *clen_p,
+                                  const unsigned char *m,
+                                  unsigned long long mlen,
+                                  const unsigned char *ad,
+                                  unsigned long long adlen,
+                                  const unsigned char *nsec,
+                                  const unsigned char *npub,
+                                  const unsigned char *k)
+            __attribute__ ((nonnull(1, 8, 9)));
+
+SODIUM_EXPORT
+int crypto_aead_aes256gcm_decrypt(unsigned char *m,
+                                  unsigned long long *mlen_p,
+                                  unsigned char *nsec,
+                                  const unsigned char *c,
+                                  unsigned long long clen,
+                                  const unsigned char *ad,
+                                  unsigned long long adlen,
+                                  const unsigned char *npub,
+                                  const unsigned char *k)
+            __attribute__ ((warn_unused_result)) __attribute__ ((nonnull(4, 8, 9)));
+
+SODIUM_EXPORT
+int crypto_aead_aes256gcm_encrypt_detached(unsigned char *c,
+                                           unsigned char *mac,
+                                           unsigned long long *maclen_p,
+                                           const unsigned char *m,
+                                           unsigned long long mlen,
+                                           const unsigned char *ad,
+                                           unsigned long long adlen,
+                                           const unsigned char *nsec,
+                                           const unsigned char *npub,
+                                           const unsigned char *k)
+            __attribute__ ((nonnull(1, 2, 9, 10)));
+
+SODIUM_EXPORT
+int crypto_aead_aes256gcm_decrypt_detached(unsigned char *m,
+                                           unsigned char *nsec,
+                                           const unsigned char *c,
+                                           unsigned long long clen,
+                                           const unsigned char *mac,
+                                           const unsigned char *ad,
+                                           unsigned long long adlen,
+                                           const unsigned char *npub,
+                                           const unsigned char *k)
+            __attribute__ ((warn_unused_result)) __attribute__ ((nonnull(3, 5, 8, 9)));
+
+/* -- Precomputation interface -- */
+
+SODIUM_EXPORT
+int crypto_aead_aes256gcm_beforenm(crypto_aead_aes256gcm_state *ctx_,
+                                   const unsigned char *k)
+            __attribute__ ((nonnull));
+
+SODIUM_EXPORT
+int crypto_aead_aes256gcm_encrypt_afternm(unsigned char *c,
+                                          unsigned long long *clen_p,
+                                          const unsigned char *m,
+                                          unsigned long long mlen,
+                                          const unsigned char *ad,
+                                          unsigned long long adlen,
+                                          const unsigned char *nsec,
+                                          const unsigned char *npub,
+                                          const crypto_aead_aes256gcm_state *ctx_)
+            __attribute__ ((nonnull(1, 8, 9)));
+
+SODIUM_EXPORT
+int crypto_aead_aes256gcm_decrypt_afternm(unsigned char *m,
+                                          unsigned long long *mlen_p,
+                                          unsigned char *nsec,
+                                          const unsigned char *c,
+                                          unsigned long long clen,
+                                          const unsigned char *ad,
+                                          unsigned long long adlen,
+                                          const unsigned char *npub,
+                                          const crypto_aead_aes256gcm_state *ctx_)
+            __attribute__ ((warn_unused_result)) __attribute__ ((nonnull(4, 8, 9)));
+
+SODIUM_EXPORT
+int crypto_aead_aes256gcm_encrypt_detached_afternm(unsigned char *c,
+                                                   unsigned char *mac,
+                                                   unsigned long long *maclen_p,
+                                                   const unsigned char *m,
+                                                   unsigned long long mlen,
+                                                   const unsigned char *ad,
+                                                   unsigned long long adlen,
+                                                   const unsigned char *nsec,
+                                                   const unsigned char *npub,
+                                                   const crypto_aead_aes256gcm_state *ctx_)
+            __attribute__ ((nonnull(1, 2, 9, 10)));
+
+SODIUM_EXPORT
+int crypto_aead_aes256gcm_decrypt_detached_afternm(unsigned char *m,
+                                                   unsigned char *nsec,
+                                                   const unsigned char *c,
+                                                   unsigned long long clen,
+                                                   const unsigned char *mac,
+                                                   const unsigned char *ad,
+                                                   unsigned long long adlen,
+                                                   const unsigned char *npub,
+                                                   const crypto_aead_aes256gcm_state *ctx_)
+            __attribute__ ((warn_unused_result)) __attribute__ ((nonnull(3, 5, 8, 9)));
+
+SODIUM_EXPORT
+void crypto_aead_aes256gcm_keygen(unsigned char k[crypto_aead_aes256gcm_KEYBYTES])
+            __attribute__ ((nonnull));
+
+#ifdef __cplusplus
+}
+#endif
+
+#endif
diff --git a/client/3rd/ShadowSocks/ShadowSocks/libsodium/include/sodium/crypto_aead_chacha20poly1305.h b/client/3rd/ShadowSocks/ShadowSocks/libsodium/include/sodium/crypto_aead_chacha20poly1305.h
new file mode 100644
index 00000000..5d671df1
--- /dev/null
+++ b/client/3rd/ShadowSocks/ShadowSocks/libsodium/include/sodium/crypto_aead_chacha20poly1305.h
@@ -0,0 +1,180 @@
+#ifndef crypto_aead_chacha20poly1305_H
+#define crypto_aead_chacha20poly1305_H
+
+#include <stddef.h>
+#include "export.h"
+
+#ifdef __cplusplus
+# ifdef __GNUC__
+#  pragma GCC diagnostic ignored "-Wlong-long"
+# endif
+extern "C" {
+#endif
+
+/* -- IETF ChaCha20-Poly1305 construction with a 96-bit nonce and a 32-bit internal counter -- */
+
+#define crypto_aead_chacha20poly1305_ietf_KEYBYTES 32U
+SODIUM_EXPORT
+size_t crypto_aead_chacha20poly1305_ietf_keybytes(void);
+
+#define crypto_aead_chacha20poly1305_ietf_NSECBYTES 0U
+SODIUM_EXPORT
+size_t crypto_aead_chacha20poly1305_ietf_nsecbytes(void);
+
+#define crypto_aead_chacha20poly1305_ietf_NPUBBYTES 12U
+
+SODIUM_EXPORT
+size_t crypto_aead_chacha20poly1305_ietf_npubbytes(void);
+
+#define crypto_aead_chacha20poly1305_ietf_ABYTES 16U
+SODIUM_EXPORT
+size_t crypto_aead_chacha20poly1305_ietf_abytes(void);
+
+#define crypto_aead_chacha20poly1305_ietf_MESSAGEBYTES_MAX \
+    SODIUM_MIN(SODIUM_SIZE_MAX - crypto_aead_chacha20poly1305_ietf_ABYTES, \
+               (64ULL * ((1ULL << 32) - 1ULL)))
+SODIUM_EXPORT
+size_t crypto_aead_chacha20poly1305_ietf_messagebytes_max(void);
+
+SODIUM_EXPORT
+int crypto_aead_chacha20poly1305_ietf_encrypt(unsigned char *c,
+                                              unsigned long long *clen_p,
+                                              const unsigned char *m,
+                                              unsigned long long mlen,
+                                              const unsigned char *ad,
+                                              unsigned long long adlen,
+                                              const unsigned char *nsec,
+                                              const unsigned char *npub,
+                                              const unsigned char *k)
+            __attribute__ ((nonnull(1, 8, 9)));
+
+SODIUM_EXPORT
+int crypto_aead_chacha20poly1305_ietf_decrypt(unsigned char *m,
+                                              unsigned long long *mlen_p,
+                                              unsigned char *nsec,
+                                              const unsigned char *c,
+                                              unsigned long long clen,
+                                              const unsigned char *ad,
+                                              unsigned long long adlen,
+                                              const unsigned char *npub,
+                                              const unsigned char *k)
+            __attribute__ ((warn_unused_result)) __attribute__ ((nonnull(4, 8, 9)));
+
+SODIUM_EXPORT
+int crypto_aead_chacha20poly1305_ietf_encrypt_detached(unsigned char *c,
+                                                       unsigned char *mac,
+                                                       unsigned long long *maclen_p,
+                                                       const unsigned char *m,
+                                                       unsigned long long mlen,
+                                                       const unsigned char *ad,
+                                                       unsigned long long adlen,
+                                                       const unsigned char *nsec,
+                                                       const unsigned char *npub,
+                                                       const unsigned char *k)
+            __attribute__ ((nonnull(1, 2, 9, 10)));
+
+SODIUM_EXPORT
+int crypto_aead_chacha20poly1305_ietf_decrypt_detached(unsigned char *m,
+                                                       unsigned char *nsec,
+                                                       const unsigned char *c,
+                                                       unsigned long long clen,
+                                                       const unsigned char *mac,
+                                                       const unsigned char *ad,
+                                                       unsigned long long adlen,
+                                                       const unsigned char *npub,
+                                                       const unsigned char *k)
+            __attribute__ ((warn_unused_result)) __attribute__ ((nonnull(3, 5, 8, 9)));
+
+SODIUM_EXPORT
+void crypto_aead_chacha20poly1305_ietf_keygen(unsigned char k[crypto_aead_chacha20poly1305_ietf_KEYBYTES])
+            __attribute__ ((nonnull));
+
+/* -- Original ChaCha20-Poly1305 construction with a 64-bit nonce and a 64-bit internal counter -- */
+
+#define crypto_aead_chacha20poly1305_KEYBYTES 32U
+SODIUM_EXPORT
+size_t crypto_aead_chacha20poly1305_keybytes(void);
+
+#define crypto_aead_chacha20poly1305_NSECBYTES 0U
+SODIUM_EXPORT
+size_t crypto_aead_chacha20poly1305_nsecbytes(void);
+
+#define crypto_aead_chacha20poly1305_NPUBBYTES 8U
+SODIUM_EXPORT
+size_t crypto_aead_chacha20poly1305_npubbytes(void);
+
+#define crypto_aead_chacha20poly1305_ABYTES 16U
+SODIUM_EXPORT
+size_t crypto_aead_chacha20poly1305_abytes(void);
+
+#define crypto_aead_chacha20poly1305_MESSAGEBYTES_MAX \
+    (SODIUM_SIZE_MAX - crypto_aead_chacha20poly1305_ABYTES)
+SODIUM_EXPORT
+size_t crypto_aead_chacha20poly1305_messagebytes_max(void);
+
+SODIUM_EXPORT
+int crypto_aead_chacha20poly1305_encrypt(unsigned char *c,
+                                         unsigned long long *clen_p,
+                                         const unsigned char *m,
+                                         unsigned long long mlen,
+                                         const unsigned char *ad,
+                                         unsigned long long adlen,
+                                         const unsigned char *nsec,
+                                         const unsigned char *npub,
+                                         const unsigned char *k)
+            __attribute__ ((nonnull(1, 8, 9)));
+
+SODIUM_EXPORT
+int crypto_aead_chacha20poly1305_decrypt(unsigned char *m,
+                                         unsigned long long *mlen_p,
+                                         unsigned char *nsec,
+                                         const unsigned char *c,
+                                         unsigned long long clen,
+                                         const unsigned char *ad,
+                                         unsigned long long adlen,
+                                         const unsigned char *npub,
+                                         const unsigned char *k)
+            __attribute__ ((warn_unused_result)) __attribute__ ((nonnull(4, 8, 9)));
+
+SODIUM_EXPORT
+int crypto_aead_chacha20poly1305_encrypt_detached(unsigned char *c,
+                                                  unsigned char *mac,
+                                                  unsigned long long *maclen_p,
+                                                  const unsigned char *m,
+                                                  unsigned long long mlen,
+                                                  const unsigned char *ad,
+                                                  unsigned long long adlen,
+                                                  const unsigned char *nsec,
+                                                  const unsigned char *npub,
+                                                  const unsigned char *k)
+            __attribute__ ((nonnull(1, 2, 9, 10)));
+
+SODIUM_EXPORT
+int crypto_aead_chacha20poly1305_decrypt_detached(unsigned char *m,
+                                                  unsigned char *nsec,
+                                                  const unsigned char *c,
+                                                  unsigned long long clen,
+                                                  const unsigned char *mac,
+                                                  const unsigned char *ad,
+                                                  unsigned long long adlen,
+                                                  const unsigned char *npub,
+                                                  const unsigned char *k)
+            __attribute__ ((warn_unused_result)) __attribute__ ((nonnull(3, 5, 8, 9)));
+
+SODIUM_EXPORT
+void crypto_aead_chacha20poly1305_keygen(unsigned char k[crypto_aead_chacha20poly1305_KEYBYTES])
+            __attribute__ ((nonnull));
+
+/* Aliases */
+
+#define crypto_aead_chacha20poly1305_IETF_KEYBYTES         crypto_aead_chacha20poly1305_ietf_KEYBYTES
+#define crypto_aead_chacha20poly1305_IETF_NSECBYTES        crypto_aead_chacha20poly1305_ietf_NSECBYTES
+#define crypto_aead_chacha20poly1305_IETF_NPUBBYTES        crypto_aead_chacha20poly1305_ietf_NPUBBYTES
+#define crypto_aead_chacha20poly1305_IETF_ABYTES           crypto_aead_chacha20poly1305_ietf_ABYTES
+#define crypto_aead_chacha20poly1305_IETF_MESSAGEBYTES_MAX crypto_aead_chacha20poly1305_ietf_MESSAGEBYTES_MAX
+
+#ifdef __cplusplus
+}
+#endif
+
+#endif
diff --git a/client/3rd/ShadowSocks/ShadowSocks/libsodium/include/sodium/crypto_aead_xchacha20poly1305.h b/client/3rd/ShadowSocks/ShadowSocks/libsodium/include/sodium/crypto_aead_xchacha20poly1305.h
new file mode 100644
index 00000000..6643b0cb
--- /dev/null
+++ b/client/3rd/ShadowSocks/ShadowSocks/libsodium/include/sodium/crypto_aead_xchacha20poly1305.h
@@ -0,0 +1,100 @@
+#ifndef crypto_aead_xchacha20poly1305_H
+#define crypto_aead_xchacha20poly1305_H
+
+#include <stddef.h>
+#include "export.h"
+
+#ifdef __cplusplus
+# ifdef __GNUC__
+#  pragma GCC diagnostic ignored "-Wlong-long"
+# endif
+extern "C" {
+#endif
+
+#define crypto_aead_xchacha20poly1305_ietf_KEYBYTES 32U
+SODIUM_EXPORT
+size_t crypto_aead_xchacha20poly1305_ietf_keybytes(void);
+
+#define crypto_aead_xchacha20poly1305_ietf_NSECBYTES 0U
+SODIUM_EXPORT
+size_t crypto_aead_xchacha20poly1305_ietf_nsecbytes(void);
+
+#define crypto_aead_xchacha20poly1305_ietf_NPUBBYTES 24U
+SODIUM_EXPORT
+size_t crypto_aead_xchacha20poly1305_ietf_npubbytes(void);
+
+#define crypto_aead_xchacha20poly1305_ietf_ABYTES 16U
+SODIUM_EXPORT
+size_t crypto_aead_xchacha20poly1305_ietf_abytes(void);
+
+#define crypto_aead_xchacha20poly1305_ietf_MESSAGEBYTES_MAX \
+    (SODIUM_SIZE_MAX - crypto_aead_xchacha20poly1305_ietf_ABYTES)
+SODIUM_EXPORT
+size_t crypto_aead_xchacha20poly1305_ietf_messagebytes_max(void);
+
+SODIUM_EXPORT
+int crypto_aead_xchacha20poly1305_ietf_encrypt(unsigned char *c,
+                                               unsigned long long *clen_p,
+                                               const unsigned char *m,
+                                               unsigned long long mlen,
+                                               const unsigned char *ad,
+                                               unsigned long long adlen,
+                                               const unsigned char *nsec,
+                                               const unsigned char *npub,
+                                               const unsigned char *k)
+            __attribute__ ((nonnull(1, 8, 9)));
+
+SODIUM_EXPORT
+int crypto_aead_xchacha20poly1305_ietf_decrypt(unsigned char *m,
+                                               unsigned long long *mlen_p,
+                                               unsigned char *nsec,
+                                               const unsigned char *c,
+                                               unsigned long long clen,
+                                               const unsigned char *ad,
+                                               unsigned long long adlen,
+                                               const unsigned char *npub,
+                                               const unsigned char *k)
+            __attribute__ ((warn_unused_result)) __attribute__ ((nonnull(4, 8, 9)));
+
+SODIUM_EXPORT
+int crypto_aead_xchacha20poly1305_ietf_encrypt_detached(unsigned char *c,
+                                                        unsigned char *mac,
+                                                        unsigned long long *maclen_p,
+                                                        const unsigned char *m,
+                                                        unsigned long long mlen,
+                                                        const unsigned char *ad,
+                                                        unsigned long long adlen,
+                                                        const unsigned char *nsec,
+                                                        const unsigned char *npub,
+                                                        const unsigned char *k)
+            __attribute__ ((nonnull(1, 2, 9, 10)));
+
+SODIUM_EXPORT
+int crypto_aead_xchacha20poly1305_ietf_decrypt_detached(unsigned char *m,
+                                                        unsigned char *nsec,
+                                                        const unsigned char *c,
+                                                        unsigned long long clen,
+                                                        const unsigned char *mac,
+                                                        const unsigned char *ad,
+                                                        unsigned long long adlen,
+                                                        const unsigned char *npub,
+                                                        const unsigned char *k)
+            __attribute__ ((warn_unused_result)) __attribute__ ((nonnull(3, 5, 8, 9)));
+
+SODIUM_EXPORT
+void crypto_aead_xchacha20poly1305_ietf_keygen(unsigned char k[crypto_aead_xchacha20poly1305_ietf_KEYBYTES])
+            __attribute__ ((nonnull));
+
+/* Aliases */
+
+#define crypto_aead_xchacha20poly1305_IETF_KEYBYTES         crypto_aead_xchacha20poly1305_ietf_KEYBYTES
+#define crypto_aead_xchacha20poly1305_IETF_NSECBYTES        crypto_aead_xchacha20poly1305_ietf_NSECBYTES
+#define crypto_aead_xchacha20poly1305_IETF_NPUBBYTES        crypto_aead_xchacha20poly1305_ietf_NPUBBYTES
+#define crypto_aead_xchacha20poly1305_IETF_ABYTES           crypto_aead_xchacha20poly1305_ietf_ABYTES
+#define crypto_aead_xchacha20poly1305_IETF_MESSAGEBYTES_MAX crypto_aead_xchacha20poly1305_ietf_MESSAGEBYTES_MAX
+
+#ifdef __cplusplus
+}
+#endif
+
+#endif
diff --git a/client/3rd/ShadowSocks/ShadowSocks/libsodium/include/sodium/crypto_auth.h b/client/3rd/ShadowSocks/ShadowSocks/libsodium/include/sodium/crypto_auth.h
new file mode 100644
index 00000000..540aee0e
--- /dev/null
+++ b/client/3rd/ShadowSocks/ShadowSocks/libsodium/include/sodium/crypto_auth.h
@@ -0,0 +1,46 @@
+#ifndef crypto_auth_H
+#define crypto_auth_H
+
+#include <stddef.h>
+
+#include "crypto_auth_hmacsha512256.h"
+#include "export.h"
+
+#ifdef __cplusplus
+# ifdef __GNUC__
+#  pragma GCC diagnostic ignored "-Wlong-long"
+# endif
+extern "C" {
+#endif
+
+#define crypto_auth_BYTES crypto_auth_hmacsha512256_BYTES
+SODIUM_EXPORT
+size_t  crypto_auth_bytes(void);
+
+#define crypto_auth_KEYBYTES crypto_auth_hmacsha512256_KEYBYTES
+SODIUM_EXPORT
+size_t  crypto_auth_keybytes(void);
+
+#define crypto_auth_PRIMITIVE "hmacsha512256"
+SODIUM_EXPORT
+const char *crypto_auth_primitive(void);
+
+SODIUM_EXPORT
+int crypto_auth(unsigned char *out, const unsigned char *in,
+                unsigned long long inlen, const unsigned char *k)
+            __attribute__ ((nonnull(1, 4)));
+
+SODIUM_EXPORT
+int crypto_auth_verify(const unsigned char *h, const unsigned char *in,
+                       unsigned long long inlen, const unsigned char *k)
+            __attribute__ ((warn_unused_result)) __attribute__ ((nonnull(1, 4)));
+
+SODIUM_EXPORT
+void crypto_auth_keygen(unsigned char k[crypto_auth_KEYBYTES])
+            __attribute__ ((nonnull));
+
+#ifdef __cplusplus
+}
+#endif
+
+#endif
diff --git a/client/3rd/ShadowSocks/ShadowSocks/libsodium/include/sodium/crypto_auth_hmacsha256.h b/client/3rd/ShadowSocks/ShadowSocks/libsodium/include/sodium/crypto_auth_hmacsha256.h
new file mode 100644
index 00000000..3da864c7
--- /dev/null
+++ b/client/3rd/ShadowSocks/ShadowSocks/libsodium/include/sodium/crypto_auth_hmacsha256.h
@@ -0,0 +1,70 @@
+#ifndef crypto_auth_hmacsha256_H
+#define crypto_auth_hmacsha256_H
+
+#include <stddef.h>
+#include "crypto_hash_sha256.h"
+#include "export.h"
+
+#ifdef __cplusplus
+# ifdef __GNUC__
+#  pragma GCC diagnostic ignored "-Wlong-long"
+# endif
+extern "C" {
+#endif
+
+#define crypto_auth_hmacsha256_BYTES 32U
+SODIUM_EXPORT
+size_t crypto_auth_hmacsha256_bytes(void);
+
+#define crypto_auth_hmacsha256_KEYBYTES 32U
+SODIUM_EXPORT
+size_t crypto_auth_hmacsha256_keybytes(void);
+
+SODIUM_EXPORT
+int crypto_auth_hmacsha256(unsigned char *out,
+                           const unsigned char *in,
+                           unsigned long long inlen,
+                           const unsigned char *k) __attribute__ ((nonnull(1, 4)));
+
+SODIUM_EXPORT
+int crypto_auth_hmacsha256_verify(const unsigned char *h,
+                                  const unsigned char *in,
+                                  unsigned long long inlen,
+                                  const unsigned char *k)
+            __attribute__ ((warn_unused_result)) __attribute__ ((nonnull(1, 4)));
+
+/* ------------------------------------------------------------------------- */
+
+typedef struct crypto_auth_hmacsha256_state {
+    crypto_hash_sha256_state ictx;
+    crypto_hash_sha256_state octx;
+} crypto_auth_hmacsha256_state;
+
+SODIUM_EXPORT
+size_t crypto_auth_hmacsha256_statebytes(void);
+
+SODIUM_EXPORT
+int crypto_auth_hmacsha256_init(crypto_auth_hmacsha256_state *state,
+                                const unsigned char *key,
+                                size_t keylen) __attribute__ ((nonnull));
+
+SODIUM_EXPORT
+int crypto_auth_hmacsha256_update(crypto_auth_hmacsha256_state *state,
+                                  const unsigned char *in,
+                                  unsigned long long inlen)
+            __attribute__ ((nonnull(1)));
+
+SODIUM_EXPORT
+int crypto_auth_hmacsha256_final(crypto_auth_hmacsha256_state *state,
+                                 unsigned char *out) __attribute__ ((nonnull));
+
+
+SODIUM_EXPORT
+void crypto_auth_hmacsha256_keygen(unsigned char k[crypto_auth_hmacsha256_KEYBYTES])
+            __attribute__ ((nonnull));
+
+#ifdef __cplusplus
+}
+#endif
+
+#endif
diff --git a/client/3rd/ShadowSocks/ShadowSocks/libsodium/include/sodium/crypto_auth_hmacsha512.h b/client/3rd/ShadowSocks/ShadowSocks/libsodium/include/sodium/crypto_auth_hmacsha512.h
new file mode 100644
index 00000000..d992cb81
--- /dev/null
+++ b/client/3rd/ShadowSocks/ShadowSocks/libsodium/include/sodium/crypto_auth_hmacsha512.h
@@ -0,0 +1,68 @@
+#ifndef crypto_auth_hmacsha512_H
+#define crypto_auth_hmacsha512_H
+
+#include <stddef.h>
+#include "crypto_hash_sha512.h"
+#include "export.h"
+
+#ifdef __cplusplus
+# ifdef __GNUC__
+#  pragma GCC diagnostic ignored "-Wlong-long"
+# endif
+extern "C" {
+#endif
+
+#define crypto_auth_hmacsha512_BYTES 64U
+SODIUM_EXPORT
+size_t crypto_auth_hmacsha512_bytes(void);
+
+#define crypto_auth_hmacsha512_KEYBYTES 32U
+SODIUM_EXPORT
+size_t crypto_auth_hmacsha512_keybytes(void);
+
+SODIUM_EXPORT
+int crypto_auth_hmacsha512(unsigned char *out,
+                           const unsigned char *in,
+                           unsigned long long inlen,
+                           const unsigned char *k) __attribute__ ((nonnull(1, 4)));
+
+SODIUM_EXPORT
+int crypto_auth_hmacsha512_verify(const unsigned char *h,
+                                  const unsigned char *in,
+                                  unsigned long long inlen,
+                                  const unsigned char *k)
+            __attribute__ ((warn_unused_result)) __attribute__ ((nonnull(1, 4)));
+
+/* ------------------------------------------------------------------------- */
+
+typedef struct crypto_auth_hmacsha512_state {
+    crypto_hash_sha512_state ictx;
+    crypto_hash_sha512_state octx;
+} crypto_auth_hmacsha512_state;
+
+SODIUM_EXPORT
+size_t crypto_auth_hmacsha512_statebytes(void);
+
+SODIUM_EXPORT
+int crypto_auth_hmacsha512_init(crypto_auth_hmacsha512_state *state,
+                                const unsigned char *key,
+                                size_t keylen) __attribute__ ((nonnull));
+
+SODIUM_EXPORT
+int crypto_auth_hmacsha512_update(crypto_auth_hmacsha512_state *state,
+                                  const unsigned char *in,
+                                  unsigned long long inlen) __attribute__ ((nonnull(1)));
+
+SODIUM_EXPORT
+int crypto_auth_hmacsha512_final(crypto_auth_hmacsha512_state *state,
+                                 unsigned char *out) __attribute__ ((nonnull));
+
+SODIUM_EXPORT
+void crypto_auth_hmacsha512_keygen(unsigned char k[crypto_auth_hmacsha512_KEYBYTES])
+            __attribute__ ((nonnull));
+
+#ifdef __cplusplus
+}
+#endif
+
+#endif
diff --git a/client/3rd/ShadowSocks/ShadowSocks/libsodium/include/sodium/crypto_auth_hmacsha512256.h b/client/3rd/ShadowSocks/ShadowSocks/libsodium/include/sodium/crypto_auth_hmacsha512256.h
new file mode 100644
index 00000000..3fb52638
--- /dev/null
+++ b/client/3rd/ShadowSocks/ShadowSocks/libsodium/include/sodium/crypto_auth_hmacsha512256.h
@@ -0,0 +1,65 @@
+#ifndef crypto_auth_hmacsha512256_H
+#define crypto_auth_hmacsha512256_H
+
+#include <stddef.h>
+#include "crypto_auth_hmacsha512.h"
+#include "export.h"
+
+#ifdef __cplusplus
+# ifdef __GNUC__
+#  pragma GCC diagnostic ignored "-Wlong-long"
+# endif
+extern "C" {
+#endif
+
+#define crypto_auth_hmacsha512256_BYTES 32U
+SODIUM_EXPORT
+size_t crypto_auth_hmacsha512256_bytes(void);
+
+#define crypto_auth_hmacsha512256_KEYBYTES 32U
+SODIUM_EXPORT
+size_t crypto_auth_hmacsha512256_keybytes(void);
+
+SODIUM_EXPORT
+int crypto_auth_hmacsha512256(unsigned char *out,
+                              const unsigned char *in,
+                              unsigned long long inlen,
+                              const unsigned char *k) __attribute__ ((nonnull(1, 4)));
+
+SODIUM_EXPORT
+int crypto_auth_hmacsha512256_verify(const unsigned char *h,
+                                     const unsigned char *in,
+                                     unsigned long long inlen,
+                                     const unsigned char *k)
+            __attribute__ ((warn_unused_result)) __attribute__ ((nonnull(1, 4)));
+
+/* ------------------------------------------------------------------------- */
+
+typedef crypto_auth_hmacsha512_state crypto_auth_hmacsha512256_state;
+
+SODIUM_EXPORT
+size_t crypto_auth_hmacsha512256_statebytes(void);
+
+SODIUM_EXPORT
+int crypto_auth_hmacsha512256_init(crypto_auth_hmacsha512256_state *state,
+                                   const unsigned char *key,
+                                   size_t keylen) __attribute__ ((nonnull));
+
+SODIUM_EXPORT
+int crypto_auth_hmacsha512256_update(crypto_auth_hmacsha512256_state *state,
+                                     const unsigned char *in,
+                                     unsigned long long inlen) __attribute__ ((nonnull(1)));
+
+SODIUM_EXPORT
+int crypto_auth_hmacsha512256_final(crypto_auth_hmacsha512256_state *state,
+                                    unsigned char *out) __attribute__ ((nonnull));
+
+SODIUM_EXPORT
+void crypto_auth_hmacsha512256_keygen(unsigned char k[crypto_auth_hmacsha512256_KEYBYTES])
+            __attribute__ ((nonnull));
+
+#ifdef __cplusplus
+}
+#endif
+
+#endif
diff --git a/client/3rd/ShadowSocks/ShadowSocks/libsodium/include/sodium/crypto_box.h b/client/3rd/ShadowSocks/ShadowSocks/libsodium/include/sodium/crypto_box.h
new file mode 100644
index 00000000..0008e020
--- /dev/null
+++ b/client/3rd/ShadowSocks/ShadowSocks/libsodium/include/sodium/crypto_box.h
@@ -0,0 +1,177 @@
+#ifndef crypto_box_H
+#define crypto_box_H
+
+/*
+ * THREAD SAFETY: crypto_box_keypair() is thread-safe,
+ * provided that sodium_init() was called before.
+ *
+ * Other functions are always thread-safe.
+ */
+
+#include <stddef.h>
+
+#include "crypto_box_curve25519xsalsa20poly1305.h"
+#include "export.h"
+
+#ifdef __cplusplus
+# ifdef __GNUC__
+#  pragma GCC diagnostic ignored "-Wlong-long"
+# endif
+extern "C" {
+#endif
+
+#define crypto_box_SEEDBYTES crypto_box_curve25519xsalsa20poly1305_SEEDBYTES
+SODIUM_EXPORT
+size_t  crypto_box_seedbytes(void);
+
+#define crypto_box_PUBLICKEYBYTES crypto_box_curve25519xsalsa20poly1305_PUBLICKEYBYTES
+SODIUM_EXPORT
+size_t  crypto_box_publickeybytes(void);
+
+#define crypto_box_SECRETKEYBYTES crypto_box_curve25519xsalsa20poly1305_SECRETKEYBYTES
+SODIUM_EXPORT
+size_t  crypto_box_secretkeybytes(void);
+
+#define crypto_box_NONCEBYTES crypto_box_curve25519xsalsa20poly1305_NONCEBYTES
+SODIUM_EXPORT
+size_t  crypto_box_noncebytes(void);
+
+#define crypto_box_MACBYTES crypto_box_curve25519xsalsa20poly1305_MACBYTES
+SODIUM_EXPORT
+size_t  crypto_box_macbytes(void);
+
+#define crypto_box_MESSAGEBYTES_MAX crypto_box_curve25519xsalsa20poly1305_MESSAGEBYTES_MAX
+SODIUM_EXPORT
+size_t  crypto_box_messagebytes_max(void);
+
+#define crypto_box_PRIMITIVE "curve25519xsalsa20poly1305"
+SODIUM_EXPORT
+const char *crypto_box_primitive(void);
+
+SODIUM_EXPORT
+int crypto_box_seed_keypair(unsigned char *pk, unsigned char *sk,
+                            const unsigned char *seed)
+            __attribute__ ((nonnull));
+
+SODIUM_EXPORT
+int crypto_box_keypair(unsigned char *pk, unsigned char *sk)
+            __attribute__ ((nonnull));
+
+SODIUM_EXPORT
+int crypto_box_easy(unsigned char *c, const unsigned char *m,
+                    unsigned long long mlen, const unsigned char *n,
+                    const unsigned char *pk, const unsigned char *sk)
+            __attribute__ ((warn_unused_result)) __attribute__ ((nonnull(1, 4, 5, 6)));
+
+SODIUM_EXPORT
+int crypto_box_open_easy(unsigned char *m, const unsigned char *c,
+                         unsigned long long clen, const unsigned char *n,
+                         const unsigned char *pk, const unsigned char *sk)
+            __attribute__ ((warn_unused_result)) __attribute__ ((nonnull(2, 4, 5, 6)));
+
+SODIUM_EXPORT
+int crypto_box_detached(unsigned char *c, unsigned char *mac,
+                        const unsigned char *m, unsigned long long mlen,
+                        const unsigned char *n, const unsigned char *pk,
+                        const unsigned char *sk)
+            __attribute__ ((warn_unused_result)) __attribute__ ((nonnull(1, 2, 5, 6, 7)));
+
+SODIUM_EXPORT
+int crypto_box_open_detached(unsigned char *m, const unsigned char *c,
+                             const unsigned char *mac,
+                             unsigned long long clen,
+                             const unsigned char *n,
+                             const unsigned char *pk,
+                             const unsigned char *sk)
+            __attribute__ ((warn_unused_result)) __attribute__ ((nonnull(2, 3, 5, 6, 7)));
+
+/* -- Precomputation interface -- */
+
+#define crypto_box_BEFORENMBYTES crypto_box_curve25519xsalsa20poly1305_BEFORENMBYTES
+SODIUM_EXPORT
+size_t  crypto_box_beforenmbytes(void);
+
+SODIUM_EXPORT
+int crypto_box_beforenm(unsigned char *k, const unsigned char *pk,
+                        const unsigned char *sk)
+            __attribute__ ((warn_unused_result)) __attribute__ ((nonnull));
+
+SODIUM_EXPORT
+int crypto_box_easy_afternm(unsigned char *c, const unsigned char *m,
+                            unsigned long long mlen, const unsigned char *n,
+                            const unsigned char *k) __attribute__ ((nonnull(1, 4, 5)));
+
+SODIUM_EXPORT
+int crypto_box_open_easy_afternm(unsigned char *m, const unsigned char *c,
+                                 unsigned long long clen, const unsigned char *n,
+                                 const unsigned char *k)
+            __attribute__ ((warn_unused_result)) __attribute__ ((nonnull(2, 4, 5)));
+
+SODIUM_EXPORT
+int crypto_box_detached_afternm(unsigned char *c, unsigned char *mac,
+                                const unsigned char *m, unsigned long long mlen,
+                                const unsigned char *n, const unsigned char *k)
+            __attribute__ ((nonnull(1, 2, 5, 6)));
+
+SODIUM_EXPORT
+int crypto_box_open_detached_afternm(unsigned char *m, const unsigned char *c,
+                                     const unsigned char *mac,
+                                     unsigned long long clen, const unsigned char *n,
+                                     const unsigned char *k)
+            __attribute__ ((warn_unused_result)) __attribute__ ((nonnull(2, 3, 5, 6)));
+
+/* -- Ephemeral SK interface -- */
+
+#define crypto_box_SEALBYTES (crypto_box_PUBLICKEYBYTES + crypto_box_MACBYTES)
+SODIUM_EXPORT
+size_t crypto_box_sealbytes(void);
+
+SODIUM_EXPORT
+int crypto_box_seal(unsigned char *c, const unsigned char *m,
+                    unsigned long long mlen, const unsigned char *pk)
+            __attribute__ ((nonnull(1, 4)));
+
+SODIUM_EXPORT
+int crypto_box_seal_open(unsigned char *m, const unsigned char *c,
+                         unsigned long long clen,
+                         const unsigned char *pk, const unsigned char *sk)
+            __attribute__ ((warn_unused_result)) __attribute__ ((nonnull(2, 4, 5)));
+
+/* -- NaCl compatibility interface ; Requires padding -- */
+
+#define crypto_box_ZEROBYTES crypto_box_curve25519xsalsa20poly1305_ZEROBYTES
+SODIUM_EXPORT
+size_t  crypto_box_zerobytes(void) __attribute__ ((deprecated));
+
+#define crypto_box_BOXZEROBYTES crypto_box_curve25519xsalsa20poly1305_BOXZEROBYTES
+SODIUM_EXPORT
+size_t  crypto_box_boxzerobytes(void) __attribute__ ((deprecated));
+
+SODIUM_EXPORT
+int crypto_box(unsigned char *c, const unsigned char *m,
+               unsigned long long mlen, const unsigned char *n,
+               const unsigned char *pk, const unsigned char *sk)
+            __attribute__ ((deprecated)) __attribute__ ((warn_unused_result)) __attribute__ ((nonnull(1, 4, 5, 6)));
+
+SODIUM_EXPORT
+int crypto_box_open(unsigned char *m, const unsigned char *c,
+                    unsigned long long clen, const unsigned char *n,
+                    const unsigned char *pk, const unsigned char *sk)
+            __attribute__ ((deprecated)) __attribute__ ((warn_unused_result)) __attribute__ ((nonnull(2, 4, 5, 6)));
+
+SODIUM_EXPORT
+int crypto_box_afternm(unsigned char *c, const unsigned char *m,
+                       unsigned long long mlen, const unsigned char *n,
+                       const unsigned char *k) __attribute__ ((deprecated)) __attribute__ ((nonnull(1, 4, 5)));
+
+SODIUM_EXPORT
+int crypto_box_open_afternm(unsigned char *m, const unsigned char *c,
+                            unsigned long long clen, const unsigned char *n,
+                            const unsigned char *k)
+            __attribute__ ((warn_unused_result)) __attribute__ ((deprecated)) __attribute__ ((nonnull(2, 4, 5)));
+
+#ifdef __cplusplus
+}
+#endif
+
+#endif
diff --git a/client/3rd/ShadowSocks/ShadowSocks/libsodium/include/sodium/crypto_box_curve25519xchacha20poly1305.h b/client/3rd/ShadowSocks/ShadowSocks/libsodium/include/sodium/crypto_box_curve25519xchacha20poly1305.h
new file mode 100644
index 00000000..26a3d31e
--- /dev/null
+++ b/client/3rd/ShadowSocks/ShadowSocks/libsodium/include/sodium/crypto_box_curve25519xchacha20poly1305.h
@@ -0,0 +1,164 @@
+
+#ifndef crypto_box_curve25519xchacha20poly1305_H
+#define crypto_box_curve25519xchacha20poly1305_H
+
+#include <stddef.h>
+#include "crypto_stream_xchacha20.h"
+#include "export.h"
+
+#ifdef __cplusplus
+# ifdef __GNUC__
+#  pragma GCC diagnostic ignored "-Wlong-long"
+# endif
+extern "C" {
+#endif
+
+#define crypto_box_curve25519xchacha20poly1305_SEEDBYTES 32U
+SODIUM_EXPORT
+size_t crypto_box_curve25519xchacha20poly1305_seedbytes(void);
+
+#define crypto_box_curve25519xchacha20poly1305_PUBLICKEYBYTES 32U
+SODIUM_EXPORT
+size_t crypto_box_curve25519xchacha20poly1305_publickeybytes(void);
+
+#define crypto_box_curve25519xchacha20poly1305_SECRETKEYBYTES 32U
+SODIUM_EXPORT
+size_t crypto_box_curve25519xchacha20poly1305_secretkeybytes(void);
+
+#define crypto_box_curve25519xchacha20poly1305_BEFORENMBYTES 32U
+SODIUM_EXPORT
+size_t crypto_box_curve25519xchacha20poly1305_beforenmbytes(void);
+
+#define crypto_box_curve25519xchacha20poly1305_NONCEBYTES 24U
+SODIUM_EXPORT
+size_t crypto_box_curve25519xchacha20poly1305_noncebytes(void);
+
+#define crypto_box_curve25519xchacha20poly1305_MACBYTES 16U
+SODIUM_EXPORT
+size_t crypto_box_curve25519xchacha20poly1305_macbytes(void);
+
+#define crypto_box_curve25519xchacha20poly1305_MESSAGEBYTES_MAX \
+    (crypto_stream_xchacha20_MESSAGEBYTES_MAX - crypto_box_curve25519xchacha20poly1305_MACBYTES)
+SODIUM_EXPORT
+size_t crypto_box_curve25519xchacha20poly1305_messagebytes_max(void);
+
+SODIUM_EXPORT
+int crypto_box_curve25519xchacha20poly1305_seed_keypair(unsigned char *pk,
+                                                        unsigned char *sk,
+                                                        const unsigned char *seed)
+            __attribute__ ((nonnull));
+
+SODIUM_EXPORT
+int crypto_box_curve25519xchacha20poly1305_keypair(unsigned char *pk,
+                                                   unsigned char *sk)
+            __attribute__ ((nonnull));
+
+SODIUM_EXPORT
+int crypto_box_curve25519xchacha20poly1305_easy(unsigned char *c,
+                                                const unsigned char *m,
+                                                unsigned long long mlen,
+                                                const unsigned char *n,
+                                                const unsigned char *pk,
+                                                const unsigned char *sk)
+            __attribute__ ((warn_unused_result)) __attribute__ ((nonnull(1, 4, 5, 6)));
+
+SODIUM_EXPORT
+int crypto_box_curve25519xchacha20poly1305_open_easy(unsigned char *m,
+                                                     const unsigned char *c,
+                                                     unsigned long long clen,
+                                                     const unsigned char *n,
+                                                     const unsigned char *pk,
+                                                     const unsigned char *sk)
+            __attribute__ ((warn_unused_result)) __attribute__ ((nonnull(2, 4, 5, 6)));
+
+SODIUM_EXPORT
+int crypto_box_curve25519xchacha20poly1305_detached(unsigned char *c,
+                                                    unsigned char *mac,
+                                                    const unsigned char *m,
+                                                    unsigned long long mlen,
+                                                    const unsigned char *n,
+                                                    const unsigned char *pk,
+                                                    const unsigned char *sk)
+            __attribute__ ((warn_unused_result)) __attribute__ ((nonnull(1, 2, 5, 6, 7)));
+
+SODIUM_EXPORT
+int crypto_box_curve25519xchacha20poly1305_open_detached(unsigned char *m,
+                                                         const unsigned char *c,
+                                                         const unsigned char *mac,
+                                                         unsigned long long clen,
+                                                         const unsigned char *n,
+                                                         const unsigned char *pk,
+                                                         const unsigned char *sk)
+            __attribute__ ((warn_unused_result)) __attribute__ ((nonnull(2, 3, 5, 6, 7)));
+
+/* -- Precomputation interface -- */
+
+SODIUM_EXPORT
+int crypto_box_curve25519xchacha20poly1305_beforenm(unsigned char *k,
+                                                    const unsigned char *pk,
+                                                    const unsigned char *sk)
+            __attribute__ ((warn_unused_result)) __attribute__ ((nonnull));
+
+SODIUM_EXPORT
+int crypto_box_curve25519xchacha20poly1305_easy_afternm(unsigned char *c,
+                                                        const unsigned char *m,
+                                                        unsigned long long mlen,
+                                                        const unsigned char *n,
+                                                        const unsigned char *k)
+            __attribute__ ((nonnull(1, 4, 5)));
+
+SODIUM_EXPORT
+int crypto_box_curve25519xchacha20poly1305_open_easy_afternm(unsigned char *m,
+                                                             const unsigned char *c,
+                                                             unsigned long long clen,
+                                                             const unsigned char *n,
+                                                             const unsigned char *k)
+            __attribute__ ((warn_unused_result)) __attribute__ ((nonnull(2, 4, 5)));
+
+SODIUM_EXPORT
+int crypto_box_curve25519xchacha20poly1305_detached_afternm(unsigned char *c,
+                                                            unsigned char *mac,
+                                                            const unsigned char *m,
+                                                            unsigned long long mlen,
+                                                            const unsigned char *n,
+                                                            const unsigned char *k)
+            __attribute__ ((nonnull(1, 2, 5, 6)));
+
+SODIUM_EXPORT
+int crypto_box_curve25519xchacha20poly1305_open_detached_afternm(unsigned char *m,
+                                                                 const unsigned char *c,
+                                                                 const unsigned char *mac,
+                                                                 unsigned long long clen,
+                                                                 const unsigned char *n,
+                                                                 const unsigned char *k)
+            __attribute__ ((warn_unused_result)) __attribute__ ((nonnull(2, 3, 5, 6)));
+
+/* -- Ephemeral SK interface -- */
+
+#define crypto_box_curve25519xchacha20poly1305_SEALBYTES \
+    (crypto_box_curve25519xchacha20poly1305_PUBLICKEYBYTES + \
+     crypto_box_curve25519xchacha20poly1305_MACBYTES)
+
+SODIUM_EXPORT
+size_t crypto_box_curve25519xchacha20poly1305_sealbytes(void);
+
+SODIUM_EXPORT
+int crypto_box_curve25519xchacha20poly1305_seal(unsigned char *c,
+                                                const unsigned char *m,
+                                                unsigned long long mlen,
+                                                const unsigned char *pk)
+            __attribute__ ((nonnull(1, 4)));
+
+SODIUM_EXPORT
+int crypto_box_curve25519xchacha20poly1305_seal_open(unsigned char *m,
+                                                     const unsigned char *c,
+                                                     unsigned long long clen,
+                                                     const unsigned char *pk,
+                                                     const unsigned char *sk)
+            __attribute__ ((warn_unused_result)) __attribute__ ((nonnull(2, 4, 5)));
+
+#ifdef __cplusplus
+}
+#endif
+
+#endif
diff --git a/client/3rd/ShadowSocks/ShadowSocks/libsodium/include/sodium/crypto_box_curve25519xsalsa20poly1305.h b/client/3rd/ShadowSocks/ShadowSocks/libsodium/include/sodium/crypto_box_curve25519xsalsa20poly1305.h
new file mode 100644
index 00000000..2c9b5d6e
--- /dev/null
+++ b/client/3rd/ShadowSocks/ShadowSocks/libsodium/include/sodium/crypto_box_curve25519xsalsa20poly1305.h
@@ -0,0 +1,113 @@
+#ifndef crypto_box_curve25519xsalsa20poly1305_H
+#define crypto_box_curve25519xsalsa20poly1305_H
+
+#include <stddef.h>
+#include "crypto_stream_xsalsa20.h"
+#include "export.h"
+
+#ifdef __cplusplus
+# ifdef __GNUC__
+#  pragma GCC diagnostic ignored "-Wlong-long"
+# endif
+extern "C" {
+#endif
+
+#define crypto_box_curve25519xsalsa20poly1305_SEEDBYTES 32U
+SODIUM_EXPORT
+size_t crypto_box_curve25519xsalsa20poly1305_seedbytes(void);
+
+#define crypto_box_curve25519xsalsa20poly1305_PUBLICKEYBYTES 32U
+SODIUM_EXPORT
+size_t crypto_box_curve25519xsalsa20poly1305_publickeybytes(void);
+
+#define crypto_box_curve25519xsalsa20poly1305_SECRETKEYBYTES 32U
+SODIUM_EXPORT
+size_t crypto_box_curve25519xsalsa20poly1305_secretkeybytes(void);
+
+#define crypto_box_curve25519xsalsa20poly1305_BEFORENMBYTES 32U
+SODIUM_EXPORT
+size_t crypto_box_curve25519xsalsa20poly1305_beforenmbytes(void);
+
+#define crypto_box_curve25519xsalsa20poly1305_NONCEBYTES 24U
+SODIUM_EXPORT
+size_t crypto_box_curve25519xsalsa20poly1305_noncebytes(void);
+
+#define crypto_box_curve25519xsalsa20poly1305_MACBYTES 16U
+SODIUM_EXPORT
+size_t crypto_box_curve25519xsalsa20poly1305_macbytes(void);
+
+/* Only for the libsodium API - The NaCl compatibility API would require BOXZEROBYTES extra bytes */
+#define crypto_box_curve25519xsalsa20poly1305_MESSAGEBYTES_MAX \
+    (crypto_stream_xsalsa20_MESSAGEBYTES_MAX - crypto_box_curve25519xsalsa20poly1305_MACBYTES)
+SODIUM_EXPORT
+size_t crypto_box_curve25519xsalsa20poly1305_messagebytes_max(void);
+
+SODIUM_EXPORT
+int crypto_box_curve25519xsalsa20poly1305_seed_keypair(unsigned char *pk,
+                                                       unsigned char *sk,
+                                                       const unsigned char *seed)
+            __attribute__ ((nonnull));
+
+SODIUM_EXPORT
+int crypto_box_curve25519xsalsa20poly1305_keypair(unsigned char *pk,
+                                                  unsigned char *sk)
+            __attribute__ ((nonnull));
+
+SODIUM_EXPORT
+int crypto_box_curve25519xsalsa20poly1305_beforenm(unsigned char *k,
+                                                   const unsigned char *pk,
+                                                   const unsigned char *sk)
+            __attribute__ ((warn_unused_result)) __attribute__ ((nonnull));
+
+/* -- NaCl compatibility interface ; Requires padding -- */
+
+#define crypto_box_curve25519xsalsa20poly1305_BOXZEROBYTES 16U
+SODIUM_EXPORT
+size_t crypto_box_curve25519xsalsa20poly1305_boxzerobytes(void);
+
+#define crypto_box_curve25519xsalsa20poly1305_ZEROBYTES \
+    (crypto_box_curve25519xsalsa20poly1305_BOXZEROBYTES + \
+     crypto_box_curve25519xsalsa20poly1305_MACBYTES)
+SODIUM_EXPORT
+size_t crypto_box_curve25519xsalsa20poly1305_zerobytes(void)
+            __attribute__ ((deprecated));
+
+SODIUM_EXPORT
+int crypto_box_curve25519xsalsa20poly1305(unsigned char *c,
+                                          const unsigned char *m,
+                                          unsigned long long mlen,
+                                          const unsigned char *n,
+                                          const unsigned char *pk,
+                                          const unsigned char *sk)
+            __attribute__ ((deprecated)) __attribute__ ((warn_unused_result)) __attribute__ ((nonnull(1, 4, 5, 6)));
+
+SODIUM_EXPORT
+int crypto_box_curve25519xsalsa20poly1305_open(unsigned char *m,
+                                               const unsigned char *c,
+                                               unsigned long long clen,
+                                               const unsigned char *n,
+                                               const unsigned char *pk,
+                                               const unsigned char *sk)
+            __attribute__ ((deprecated)) __attribute__ ((warn_unused_result)) __attribute__ ((nonnull(2, 4, 5, 6)));
+
+SODIUM_EXPORT
+int crypto_box_curve25519xsalsa20poly1305_afternm(unsigned char *c,
+                                                  const unsigned char *m,
+                                                  unsigned long long mlen,
+                                                  const unsigned char *n,
+                                                  const unsigned char *k)
+            __attribute__ ((deprecated)) __attribute__ ((nonnull(1, 4, 5)));
+
+SODIUM_EXPORT
+int crypto_box_curve25519xsalsa20poly1305_open_afternm(unsigned char *m,
+                                                       const unsigned char *c,
+                                                       unsigned long long clen,
+                                                       const unsigned char *n,
+                                                       const unsigned char *k)
+            __attribute__ ((deprecated)) __attribute__ ((warn_unused_result)) __attribute__ ((nonnull(2, 4, 5)));
+
+#ifdef __cplusplus
+}
+#endif
+
+#endif
diff --git a/client/3rd/ShadowSocks/ShadowSocks/libsodium/include/sodium/crypto_core_ed25519.h b/client/3rd/ShadowSocks/ShadowSocks/libsodium/include/sodium/crypto_core_ed25519.h
new file mode 100644
index 00000000..618a44f9
--- /dev/null
+++ b/client/3rd/ShadowSocks/ShadowSocks/libsodium/include/sodium/crypto_core_ed25519.h
@@ -0,0 +1,115 @@
+#ifndef crypto_core_ed25519_H
+#define crypto_core_ed25519_H
+
+#include <stddef.h>
+#include "export.h"
+
+#ifdef __cplusplus
+extern "C" {
+#endif
+
+#define crypto_core_ed25519_BYTES 32
+SODIUM_EXPORT
+size_t crypto_core_ed25519_bytes(void);
+
+#define crypto_core_ed25519_UNIFORMBYTES 32
+SODIUM_EXPORT
+size_t crypto_core_ed25519_uniformbytes(void);
+
+#define crypto_core_ed25519_HASHBYTES 64
+SODIUM_EXPORT
+size_t crypto_core_ed25519_hashbytes(void);
+
+#define crypto_core_ed25519_SCALARBYTES 32
+SODIUM_EXPORT
+size_t crypto_core_ed25519_scalarbytes(void);
+
+#define crypto_core_ed25519_NONREDUCEDSCALARBYTES 64
+SODIUM_EXPORT
+size_t crypto_core_ed25519_nonreducedscalarbytes(void);
+
+#define crypto_core_ed25519_H2CSHA256 1
+#define crypto_core_ed25519_H2CSHA512 2
+
+SODIUM_EXPORT
+int crypto_core_ed25519_is_valid_point(const unsigned char *p)
+            __attribute__ ((nonnull));
+
+SODIUM_EXPORT
+int crypto_core_ed25519_add(unsigned char *r,
+                            const unsigned char *p, const unsigned char *q)
+            __attribute__ ((nonnull));
+
+SODIUM_EXPORT
+int crypto_core_ed25519_sub(unsigned char *r,
+                            const unsigned char *p, const unsigned char *q)
+            __attribute__ ((nonnull));
+
+SODIUM_EXPORT
+int crypto_core_ed25519_from_uniform(unsigned char *p, const unsigned char *r)
+            __attribute__ ((nonnull));
+
+SODIUM_EXPORT
+int crypto_core_ed25519_from_string(unsigned char p[crypto_core_ed25519_BYTES],
+                                    const char *ctx, const unsigned char *msg,
+                                    size_t msg_len, int hash_alg)
+            __attribute__ ((nonnull(1)));
+
+SODIUM_EXPORT
+int crypto_core_ed25519_from_string_ro(unsigned char p[crypto_core_ed25519_BYTES],
+                                       const char *ctx, const unsigned char *msg,
+                                       size_t msg_len, int hash_alg)
+            __attribute__ ((nonnull(1)));
+
+SODIUM_EXPORT
+void crypto_core_ed25519_random(unsigned char *p)
+            __attribute__ ((nonnull));
+
+SODIUM_EXPORT
+void crypto_core_ed25519_scalar_random(unsigned char *r)
+            __attribute__ ((nonnull));
+
+SODIUM_EXPORT
+int crypto_core_ed25519_scalar_invert(unsigned char *recip, const unsigned char *s)
+            __attribute__ ((nonnull));
+
+SODIUM_EXPORT
+void crypto_core_ed25519_scalar_negate(unsigned char *neg, const unsigned char *s)
+            __attribute__ ((nonnull));
+
+SODIUM_EXPORT
+void crypto_core_ed25519_scalar_complement(unsigned char *comp, const unsigned char *s)
+            __attribute__ ((nonnull));
+
+SODIUM_EXPORT
+void crypto_core_ed25519_scalar_add(unsigned char *z, const unsigned char *x,
+                                    const unsigned char *y)
+            __attribute__ ((nonnull));
+
+SODIUM_EXPORT
+void crypto_core_ed25519_scalar_sub(unsigned char *z, const unsigned char *x,
+                                    const unsigned char *y)
+            __attribute__ ((nonnull));
+
+SODIUM_EXPORT
+void crypto_core_ed25519_scalar_mul(unsigned char *z, const unsigned char *x,
+                                    const unsigned char *y)
+            __attribute__ ((nonnull));
+
+/*
+ * The interval `s` is sampled from should be at least 317 bits to ensure almost
+ * uniformity of `r` over `L`.
+ */
+SODIUM_EXPORT
+void crypto_core_ed25519_scalar_reduce(unsigned char *r, const unsigned char *s)
+            __attribute__ ((nonnull));
+
+SODIUM_EXPORT
+int crypto_core_ed25519_scalar_is_canonical(const unsigned char *s)
+            __attribute__ ((nonnull));
+
+#ifdef __cplusplus
+}
+#endif
+
+#endif
diff --git a/client/3rd/ShadowSocks/ShadowSocks/libsodium/include/sodium/crypto_core_hchacha20.h b/client/3rd/ShadowSocks/ShadowSocks/libsodium/include/sodium/crypto_core_hchacha20.h
new file mode 100644
index 00000000..ece141b0
--- /dev/null
+++ b/client/3rd/ShadowSocks/ShadowSocks/libsodium/include/sodium/crypto_core_hchacha20.h
@@ -0,0 +1,36 @@
+#ifndef crypto_core_hchacha20_H
+#define crypto_core_hchacha20_H
+
+#include <stddef.h>
+#include "export.h"
+
+#ifdef __cplusplus
+extern "C" {
+#endif
+
+#define crypto_core_hchacha20_OUTPUTBYTES 32U
+SODIUM_EXPORT
+size_t crypto_core_hchacha20_outputbytes(void);
+
+#define crypto_core_hchacha20_INPUTBYTES 16U
+SODIUM_EXPORT
+size_t crypto_core_hchacha20_inputbytes(void);
+
+#define crypto_core_hchacha20_KEYBYTES 32U
+SODIUM_EXPORT
+size_t crypto_core_hchacha20_keybytes(void);
+
+#define crypto_core_hchacha20_CONSTBYTES 16U
+SODIUM_EXPORT
+size_t crypto_core_hchacha20_constbytes(void);
+
+SODIUM_EXPORT
+int crypto_core_hchacha20(unsigned char *out, const unsigned char *in,
+                          const unsigned char *k, const unsigned char *c)
+            __attribute__ ((nonnull(1, 2, 3)));
+
+#ifdef __cplusplus
+}
+#endif
+
+#endif
diff --git a/client/3rd/ShadowSocks/ShadowSocks/libsodium/include/sodium/crypto_core_hsalsa20.h b/client/3rd/ShadowSocks/ShadowSocks/libsodium/include/sodium/crypto_core_hsalsa20.h
new file mode 100644
index 00000000..4bf7a487
--- /dev/null
+++ b/client/3rd/ShadowSocks/ShadowSocks/libsodium/include/sodium/crypto_core_hsalsa20.h
@@ -0,0 +1,36 @@
+#ifndef crypto_core_hsalsa20_H
+#define crypto_core_hsalsa20_H
+
+#include <stddef.h>
+#include "export.h"
+
+#ifdef __cplusplus
+extern "C" {
+#endif
+
+#define crypto_core_hsalsa20_OUTPUTBYTES 32U
+SODIUM_EXPORT
+size_t crypto_core_hsalsa20_outputbytes(void);
+
+#define crypto_core_hsalsa20_INPUTBYTES 16U
+SODIUM_EXPORT
+size_t crypto_core_hsalsa20_inputbytes(void);
+
+#define crypto_core_hsalsa20_KEYBYTES 32U
+SODIUM_EXPORT
+size_t crypto_core_hsalsa20_keybytes(void);
+
+#define crypto_core_hsalsa20_CONSTBYTES 16U
+SODIUM_EXPORT
+size_t crypto_core_hsalsa20_constbytes(void);
+
+SODIUM_EXPORT
+int crypto_core_hsalsa20(unsigned char *out, const unsigned char *in,
+                         const unsigned char *k, const unsigned char *c)
+            __attribute__ ((nonnull(1, 2, 3)));
+
+#ifdef __cplusplus
+}
+#endif
+
+#endif
diff --git a/client/3rd/ShadowSocks/ShadowSocks/libsodium/include/sodium/crypto_core_ristretto255.h b/client/3rd/ShadowSocks/ShadowSocks/libsodium/include/sodium/crypto_core_ristretto255.h
new file mode 100644
index 00000000..5fc3a1be
--- /dev/null
+++ b/client/3rd/ShadowSocks/ShadowSocks/libsodium/include/sodium/crypto_core_ristretto255.h
@@ -0,0 +1,121 @@
+#ifndef crypto_core_ristretto255_H
+#define crypto_core_ristretto255_H
+
+#include <stddef.h>
+#include "export.h"
+
+#ifdef __cplusplus
+extern "C" {
+#endif
+
+#define crypto_core_ristretto255_BYTES 32
+SODIUM_EXPORT
+size_t crypto_core_ristretto255_bytes(void);
+
+#define crypto_core_ristretto255_HASHBYTES 64
+SODIUM_EXPORT
+size_t crypto_core_ristretto255_hashbytes(void);
+
+#define crypto_core_ristretto255_SCALARBYTES 32
+SODIUM_EXPORT
+size_t crypto_core_ristretto255_scalarbytes(void);
+
+#define crypto_core_ristretto255_NONREDUCEDSCALARBYTES 64
+SODIUM_EXPORT
+size_t crypto_core_ristretto255_nonreducedscalarbytes(void);
+
+#define crypto_core_ristretto255_H2CSHA256 1
+#define crypto_core_ristretto255_H2CSHA512 2
+
+SODIUM_EXPORT
+int crypto_core_ristretto255_is_valid_point(const unsigned char *p)
+            __attribute__ ((nonnull));
+
+SODIUM_EXPORT
+int crypto_core_ristretto255_add(unsigned char *r,
+                                 const unsigned char *p, const unsigned char *q)
+            __attribute__ ((nonnull));
+
+SODIUM_EXPORT
+int crypto_core_ristretto255_sub(unsigned char *r,
+                                 const unsigned char *p, const unsigned char *q)
+            __attribute__ ((nonnull));
+
+SODIUM_EXPORT
+int crypto_core_ristretto255_from_hash(unsigned char *p,
+                                       const unsigned char *r)
+            __attribute__ ((nonnull));
+
+SODIUM_EXPORT
+int crypto_core_ristretto255_from_string(unsigned char p[crypto_core_ristretto255_BYTES],
+                                         const char *ctx,
+                                         const unsigned char *msg,
+                                         size_t msg_len, int hash_alg)
+            __attribute__ ((nonnull(1)));
+
+SODIUM_EXPORT
+int crypto_core_ristretto255_from_string_ro(unsigned char p[crypto_core_ristretto255_BYTES],
+                                            const char *ctx,
+                                            const unsigned char *msg,
+                                            size_t msg_len, int hash_alg)
+            __attribute__ ((nonnull(1)));
+
+SODIUM_EXPORT
+void crypto_core_ristretto255_random(unsigned char *p)
+            __attribute__ ((nonnull));
+
+SODIUM_EXPORT
+void crypto_core_ristretto255_scalar_random(unsigned char *r)
+            __attribute__ ((nonnull));
+
+SODIUM_EXPORT
+int crypto_core_ristretto255_scalar_invert(unsigned char *recip,
+                                           const unsigned char *s)
+            __attribute__ ((nonnull));
+
+SODIUM_EXPORT
+void crypto_core_ristretto255_scalar_negate(unsigned char *neg,
+                                            const unsigned char *s)
+            __attribute__ ((nonnull));
+
+SODIUM_EXPORT
+void crypto_core_ristretto255_scalar_complement(unsigned char *comp,
+                                                const unsigned char *s)
+            __attribute__ ((nonnull));
+
+SODIUM_EXPORT
+void crypto_core_ristretto255_scalar_add(unsigned char *z,
+                                         const unsigned char *x,
+                                         const unsigned char *y)
+            __attribute__ ((nonnull));
+
+SODIUM_EXPORT
+void crypto_core_ristretto255_scalar_sub(unsigned char *z,
+                                         const unsigned char *x,
+                                         const unsigned char *y)
+            __attribute__ ((nonnull));
+
+SODIUM_EXPORT
+void crypto_core_ristretto255_scalar_mul(unsigned char *z,
+                                         const unsigned char *x,
+                                         const unsigned char *y)
+            __attribute__ ((nonnull));
+
+/*
+ * The interval `s` is sampled from should be at least 317 bits to ensure almost
+ * uniformity of `r` over `L`.
+ */
+SODIUM_EXPORT
+void crypto_core_ristretto255_scalar_reduce(unsigned char *r,
+                                            const unsigned char *s)
+            __attribute__ ((nonnull));
+
+SODIUM_EXPORT
+int crypto_core_ristretto255_scalar_is_canonical(const unsigned char *s)
+            __attribute__ ((nonnull));
+
+#ifdef __cplusplus
+}
+#endif
+
+#endif
diff --git a/client/3rd/ShadowSocks/ShadowSocks/libsodium/include/sodium/crypto_core_salsa20.h b/client/3rd/ShadowSocks/ShadowSocks/libsodium/include/sodium/crypto_core_salsa20.h
new file mode 100644
index 00000000..bd79fd9f
--- /dev/null
+++ b/client/3rd/ShadowSocks/ShadowSocks/libsodium/include/sodium/crypto_core_salsa20.h
@@ -0,0 +1,36 @@
+#ifndef crypto_core_salsa20_H
+#define crypto_core_salsa20_H
+
+#include <stddef.h>
+#include "export.h"
+
+#ifdef __cplusplus
+extern "C" {
+#endif
+
+#define crypto_core_salsa20_OUTPUTBYTES 64U
+SODIUM_EXPORT
+size_t crypto_core_salsa20_outputbytes(void);
+
+#define crypto_core_salsa20_INPUTBYTES 16U
+SODIUM_EXPORT
+size_t crypto_core_salsa20_inputbytes(void);
+
+#define crypto_core_salsa20_KEYBYTES 32U
+SODIUM_EXPORT
+size_t crypto_core_salsa20_keybytes(void);
+
+#define crypto_core_salsa20_CONSTBYTES 16U
+SODIUM_EXPORT
+size_t crypto_core_salsa20_constbytes(void);
+
+SODIUM_EXPORT
+int crypto_core_salsa20(unsigned char *out, const unsigned char *in,
+                        const unsigned char *k, const unsigned char *c)
+            __attribute__ ((nonnull(1, 2, 3)));
+
+#ifdef __cplusplus
+}
+#endif
+
+#endif
diff --git a/client/3rd/ShadowSocks/ShadowSocks/libsodium/include/sodium/crypto_core_salsa2012.h b/client/3rd/ShadowSocks/ShadowSocks/libsodium/include/sodium/crypto_core_salsa2012.h
new file mode 100644
index 00000000..05957591
--- /dev/null
+++ b/client/3rd/ShadowSocks/ShadowSocks/libsodium/include/sodium/crypto_core_salsa2012.h
@@ -0,0 +1,36 @@
+#ifndef crypto_core_salsa2012_H
+#define crypto_core_salsa2012_H
+
+#include <stddef.h>
+#include "export.h"
+
+#ifdef __cplusplus
+extern "C" {
+#endif
+
+#define crypto_core_salsa2012_OUTPUTBYTES 64U
+SODIUM_EXPORT
+size_t crypto_core_salsa2012_outputbytes(void);
+
+#define crypto_core_salsa2012_INPUTBYTES 16U
+SODIUM_EXPORT
+size_t crypto_core_salsa2012_inputbytes(void);
+
+#define crypto_core_salsa2012_KEYBYTES 32U
+SODIUM_EXPORT
+size_t crypto_core_salsa2012_keybytes(void);
+
+#define crypto_core_salsa2012_CONSTBYTES 16U
+SODIUM_EXPORT
+size_t crypto_core_salsa2012_constbytes(void);
+
+SODIUM_EXPORT
+int crypto_core_salsa2012(unsigned char *out, const unsigned char *in,
+                          const unsigned char *k, const unsigned char *c)
+            __attribute__ ((nonnull(1, 2, 3)));
+
+#ifdef __cplusplus
+}
+#endif
+
+#endif
diff --git a/client/3rd/ShadowSocks/ShadowSocks/libsodium/include/sodium/crypto_core_salsa208.h b/client/3rd/ShadowSocks/ShadowSocks/libsodium/include/sodium/crypto_core_salsa208.h
new file mode 100644
index 00000000..d2f216af
--- /dev/null
+++ b/client/3rd/ShadowSocks/ShadowSocks/libsodium/include/sodium/crypto_core_salsa208.h
@@ -0,0 +1,40 @@
+#ifndef crypto_core_salsa208_H
+#define crypto_core_salsa208_H
+
+#include <stddef.h>
+#include "export.h"
+
+#ifdef __cplusplus
+extern "C" {
+#endif
+
+#define crypto_core_salsa208_OUTPUTBYTES 64U
+SODIUM_EXPORT
+size_t crypto_core_salsa208_outputbytes(void)
+            __attribute__ ((deprecated));
+
+#define crypto_core_salsa208_INPUTBYTES 16U
+SODIUM_EXPORT
+size_t crypto_core_salsa208_inputbytes(void)
+            __attribute__ ((deprecated));
+
+#define crypto_core_salsa208_KEYBYTES 32U
+SODIUM_EXPORT
+size_t crypto_core_salsa208_keybytes(void)
+            __attribute__ ((deprecated));
+
+#define crypto_core_salsa208_CONSTBYTES 16U
+SODIUM_EXPORT
+size_t crypto_core_salsa208_constbytes(void)
+            __attribute__ ((deprecated));
+
+SODIUM_EXPORT
+int crypto_core_salsa208(unsigned char *out, const unsigned char *in,
+                         const unsigned char *k, const unsigned char *c)
+            __attribute__ ((nonnull(1, 2, 3)));
+
+#ifdef __cplusplus
+}
+#endif
+
+#endif
diff --git a/client/3rd/ShadowSocks/ShadowSocks/libsodium/include/sodium/crypto_generichash.h b/client/3rd/ShadowSocks/ShadowSocks/libsodium/include/sodium/crypto_generichash.h
new file mode 100644
index 00000000..d897e5d2
--- /dev/null
+++ b/client/3rd/ShadowSocks/ShadowSocks/libsodium/include/sodium/crypto_generichash.h
@@ -0,0 +1,84 @@
+#ifndef crypto_generichash_H
+#define crypto_generichash_H
+
+#include <stddef.h>
+
+#include "crypto_generichash_blake2b.h"
+#include "export.h"
+
+#ifdef __cplusplus
+# ifdef __GNUC__
+#  pragma GCC diagnostic ignored "-Wlong-long"
+# endif
+extern "C" {
+#endif
+
+#define crypto_generichash_BYTES_MIN crypto_generichash_blake2b_BYTES_MIN
+SODIUM_EXPORT
+size_t  crypto_generichash_bytes_min(void);
+
+#define crypto_generichash_BYTES_MAX crypto_generichash_blake2b_BYTES_MAX
+SODIUM_EXPORT
+size_t  crypto_generichash_bytes_max(void);
+
+#define crypto_generichash_BYTES crypto_generichash_blake2b_BYTES
+SODIUM_EXPORT
+size_t  crypto_generichash_bytes(void);
+
+#define crypto_generichash_KEYBYTES_MIN crypto_generichash_blake2b_KEYBYTES_MIN
+SODIUM_EXPORT
+size_t  crypto_generichash_keybytes_min(void);
+
+#define crypto_generichash_KEYBYTES_MAX crypto_generichash_blake2b_KEYBYTES_MAX
+SODIUM_EXPORT
+size_t  crypto_generichash_keybytes_max(void);
+
+#define crypto_generichash_KEYBYTES crypto_generichash_blake2b_KEYBYTES
+SODIUM_EXPORT
+size_t  crypto_generichash_keybytes(void);
+
+#define crypto_generichash_PRIMITIVE "blake2b"
+SODIUM_EXPORT
+const char *crypto_generichash_primitive(void);
+
+/*
+ * Important when writing bindings for other programming languages:
+ * the state address should be 64-bytes aligned.
+ */
+typedef crypto_generichash_blake2b_state crypto_generichash_state;
+
+SODIUM_EXPORT
+size_t  crypto_generichash_statebytes(void);
+
+SODIUM_EXPORT
+int crypto_generichash(unsigned char *out, size_t outlen,
+                       const unsigned char *in, unsigned long long inlen,
+                       const unsigned char *key, size_t keylen)
+            __attribute__ ((nonnull(1)));
+
+SODIUM_EXPORT
+int crypto_generichash_init(crypto_generichash_state *state,
+                            const unsigned char *key,
+                            const size_t keylen, const size_t outlen)
+            __attribute__ ((nonnull(1)));
+
+SODIUM_EXPORT
+int crypto_generichash_update(crypto_generichash_state *state,
+                              const unsigned char *in,
+                              unsigned long long inlen)
+            __attribute__ ((nonnull(1)));
+
+SODIUM_EXPORT
+int crypto_generichash_final(crypto_generichash_state *state,
+                             unsigned char *out, const size_t outlen)
+            __attribute__ ((nonnull));
+
+SODIUM_EXPORT
+void crypto_generichash_keygen(unsigned char k[crypto_generichash_KEYBYTES])
+            __attribute__ ((nonnull));
+
+#ifdef __cplusplus
+}
+#endif
+
+#endif
diff --git a/client/3rd/ShadowSocks/ShadowSocks/libsodium/include/sodium/crypto_generichash_blake2b.h b/client/3rd/ShadowSocks/ShadowSocks/libsodium/include/sodium/crypto_generichash_blake2b.h
new file mode 100644
index 00000000..ae3b52f7
--- /dev/null
+++ b/client/3rd/ShadowSocks/ShadowSocks/libsodium/include/sodium/crypto_generichash_blake2b.h
@@ -0,0 +1,122 @@
+#ifndef crypto_generichash_blake2b_H
+#define crypto_generichash_blake2b_H
+
+#include <stddef.h>
+#include <stdint.h>
+#include <stdlib.h>
+
+#include "export.h"
+
+#ifdef __cplusplus
+# ifdef __GNUC__
+#  pragma GCC diagnostic ignored "-Wlong-long"
+# endif
+extern "C" {
+#endif
+
+#ifdef __IBMC__
+# pragma pack(1)
+#elif defined(__SUNPRO_C) || defined(__SUNPRO_CC)
+# pragma pack(1)
+#else
+# pragma pack(push, 1)
+#endif
+
+typedef struct CRYPTO_ALIGN(64) crypto_generichash_blake2b_state {
+    unsigned char opaque[384];
+} crypto_generichash_blake2b_state;
+
+#ifdef __IBMC__
+# pragma pack(pop)
+#elif defined(__SUNPRO_C) || defined(__SUNPRO_CC)
+# pragma pack()
+#else
+# pragma pack(pop)
+#endif
+
+#define crypto_generichash_blake2b_BYTES_MIN     16U
+SODIUM_EXPORT
+size_t crypto_generichash_blake2b_bytes_min(void);
+
+#define crypto_generichash_blake2b_BYTES_MAX     64U
+SODIUM_EXPORT
+size_t crypto_generichash_blake2b_bytes_max(void);
+
+#define crypto_generichash_blake2b_BYTES         32U
+SODIUM_EXPORT
+size_t crypto_generichash_blake2b_bytes(void);
+
+#define crypto_generichash_blake2b_KEYBYTES_MIN  16U
+SODIUM_EXPORT
+size_t crypto_generichash_blake2b_keybytes_min(void);
+
+#define crypto_generichash_blake2b_KEYBYTES_MAX  64U
+SODIUM_EXPORT
+size_t crypto_generichash_blake2b_keybytes_max(void);
+
+#define crypto_generichash_blake2b_KEYBYTES      32U
+SODIUM_EXPORT
+size_t crypto_generichash_blake2b_keybytes(void);
+
+#define crypto_generichash_blake2b_SALTBYTES     16U
+SODIUM_EXPORT
+size_t crypto_generichash_blake2b_saltbytes(void);
+
+#define crypto_generichash_blake2b_PERSONALBYTES 16U
+SODIUM_EXPORT
+size_t crypto_generichash_blake2b_personalbytes(void);
+
+SODIUM_EXPORT
+size_t crypto_generichash_blake2b_statebytes(void);
+
+SODIUM_EXPORT
+int crypto_generichash_blake2b(unsigned char *out, size_t outlen,
+                               const unsigned char *in,
+                               unsigned long long inlen,
+                               const unsigned char *key, size_t keylen)
+            __attribute__ ((nonnull(1)));
+
+SODIUM_EXPORT
+int crypto_generichash_blake2b_salt_personal(unsigned char *out, size_t outlen,
+                                             const unsigned char *in,
+                                             unsigned long long inlen,
+                                             const unsigned char *key,
+                                             size_t keylen,
+                                             const unsigned char *salt,
+                                             const unsigned char *personal)
+            __attribute__ ((nonnull(1)));
+
+SODIUM_EXPORT
+int crypto_generichash_blake2b_init(crypto_generichash_blake2b_state *state,
+                                    const unsigned char *key,
+                                    const size_t keylen, const size_t outlen)
+            __attribute__ ((nonnull(1)));
+
+SODIUM_EXPORT
+int crypto_generichash_blake2b_init_salt_personal(crypto_generichash_blake2b_state *state,
+                                                  const unsigned char *key,
+                                                  const size_t keylen, const size_t outlen,
+                                                  const unsigned char *salt,
+                                                  const unsigned char *personal)
+            __attribute__ ((nonnull(1)));
+
+SODIUM_EXPORT
+int crypto_generichash_blake2b_update(crypto_generichash_blake2b_state *state,
+                                      const unsigned char *in,
+                                      unsigned long long inlen)
+            __attribute__ ((nonnull(1)));
+
+SODIUM_EXPORT
+int crypto_generichash_blake2b_final(crypto_generichash_blake2b_state *state,
+                                     unsigned char *out,
+                                     const size_t outlen) __attribute__ ((nonnull));
+
+SODIUM_EXPORT
+void crypto_generichash_blake2b_keygen(unsigned char k[crypto_generichash_blake2b_KEYBYTES])
+            __attribute__ ((nonnull));
+
+#ifdef __cplusplus
+}
+#endif
+
+#endif
diff --git a/client/3rd/ShadowSocks/ShadowSocks/libsodium/include/sodium/crypto_hash.h b/client/3rd/ShadowSocks/ShadowSocks/libsodium/include/sodium/crypto_hash.h
new file mode 100644
index 00000000..767d5480
--- /dev/null
+++ b/client/3rd/ShadowSocks/ShadowSocks/libsodium/include/sodium/crypto_hash.h
@@ -0,0 +1,40 @@
+#ifndef crypto_hash_H
+#define crypto_hash_H
+
+/*
+ * WARNING: Unless you absolutely need to use SHA512 for interoperability,
+ * purposes, you might want to consider crypto_generichash() instead.
+ * Unlike SHA512, crypto_generichash() is not vulnerable to length
+ * extension attacks.
+ */
+
+#include <stddef.h>
+
+#include "crypto_hash_sha512.h"
+#include "export.h"
+
+#ifdef __cplusplus
+# ifdef __GNUC__
+#  pragma GCC diagnostic ignored "-Wlong-long"
+# endif
+extern "C" {
+#endif
+
+#define crypto_hash_BYTES crypto_hash_sha512_BYTES
+SODIUM_EXPORT
+size_t crypto_hash_bytes(void);
+
+SODIUM_EXPORT
+int crypto_hash(unsigned char *out, const unsigned char *in,
+                unsigned long long inlen) __attribute__ ((nonnull(1)));
+
+#define crypto_hash_PRIMITIVE "sha512"
+SODIUM_EXPORT
+const char *crypto_hash_primitive(void)
+            __attribute__ ((warn_unused_result));
+
+#ifdef __cplusplus
+}
+#endif
+
+#endif
diff --git a/client/3rd/ShadowSocks/ShadowSocks/libsodium/include/sodium/crypto_hash_sha256.h b/client/3rd/ShadowSocks/ShadowSocks/libsodium/include/sodium/crypto_hash_sha256.h
new file mode 100644
index 00000000..c47982af
--- /dev/null
+++ b/client/3rd/ShadowSocks/ShadowSocks/libsodium/include/sodium/crypto_hash_sha256.h
@@ -0,0 +1,60 @@
+#ifndef crypto_hash_sha256_H
+#define crypto_hash_sha256_H
+
+/*
+ * WARNING: Unless you absolutely need to use SHA256 for interoperability,
+ * purposes, you might want to consider crypto_generichash() instead.
+ * Unlike SHA256, crypto_generichash() is not vulnerable to length
+ * extension attacks.
+ */
+
+#include <stddef.h>
+#include <stdint.h>
+#include <stdlib.h>
+
+#include "export.h"
+
+#ifdef __cplusplus
+# ifdef __GNUC__
+#  pragma GCC diagnostic ignored "-Wlong-long"
+# endif
+extern "C" {
+#endif
+
+typedef struct crypto_hash_sha256_state {
+    uint32_t state[8];
+    uint64_t count;
+    uint8_t  buf[64];
+} crypto_hash_sha256_state;
+
+SODIUM_EXPORT
+size_t crypto_hash_sha256_statebytes(void);
+
+#define crypto_hash_sha256_BYTES 32U
+SODIUM_EXPORT
+size_t crypto_hash_sha256_bytes(void);
+
+SODIUM_EXPORT
+int crypto_hash_sha256(unsigned char *out, const unsigned char *in,
+                       unsigned long long inlen) __attribute__ ((nonnull(1)));
+
+SODIUM_EXPORT
+int crypto_hash_sha256_init(crypto_hash_sha256_state *state)
+            __attribute__ ((nonnull));
+
+SODIUM_EXPORT
+int crypto_hash_sha256_update(crypto_hash_sha256_state *state,
+                              const unsigned char *in,
+                              unsigned long long inlen)
+            __attribute__ ((nonnull(1)));
+
+SODIUM_EXPORT
+int crypto_hash_sha256_final(crypto_hash_sha256_state *state,
+                             unsigned char *out)
+            __attribute__ ((nonnull));
+
+#ifdef __cplusplus
+}
+#endif
+
+#endif
diff --git a/client/3rd/ShadowSocks/ShadowSocks/libsodium/include/sodium/crypto_hash_sha512.h b/client/3rd/ShadowSocks/ShadowSocks/libsodium/include/sodium/crypto_hash_sha512.h
new file mode 100644
index 00000000..5b690fb2
--- /dev/null
+++ b/client/3rd/ShadowSocks/ShadowSocks/libsodium/include/sodium/crypto_hash_sha512.h
@@ -0,0 +1,60 @@
+#ifndef crypto_hash_sha512_H
+#define crypto_hash_sha512_H
+
+/*
+ * WARNING: Unless you absolutely need to use SHA512 for interoperability,
+ * purposes, you might want to consider crypto_generichash() instead.
+ * Unlike SHA512, crypto_generichash() is not vulnerable to length
+ * extension attacks.
+ */
+
+#include <stddef.h>
+#include <stdint.h>
+#include <stdlib.h>
+
+#include "export.h"
+
+#ifdef __cplusplus
+# ifdef __GNUC__
+#  pragma GCC diagnostic ignored "-Wlong-long"
+# endif
+extern "C" {
+#endif
+
+typedef struct crypto_hash_sha512_state {
+    uint64_t state[8];
+    uint64_t count[2];
+    uint8_t  buf[128];
+} crypto_hash_sha512_state;
+
+SODIUM_EXPORT
+size_t crypto_hash_sha512_statebytes(void);
+
+#define crypto_hash_sha512_BYTES 64U
+SODIUM_EXPORT
+size_t crypto_hash_sha512_bytes(void);
+
+SODIUM_EXPORT
+int crypto_hash_sha512(unsigned char *out, const unsigned char *in,
+                       unsigned long long inlen) __attribute__ ((nonnull(1)));
+
+SODIUM_EXPORT
+int crypto_hash_sha512_init(crypto_hash_sha512_state *state)
+            __attribute__ ((nonnull));
+
+SODIUM_EXPORT
+int crypto_hash_sha512_update(crypto_hash_sha512_state *state,
+                              const unsigned char *in,
+                              unsigned long long inlen)
+            __attribute__ ((nonnull(1)));
+
+SODIUM_EXPORT
+int crypto_hash_sha512_final(crypto_hash_sha512_state *state,
+                             unsigned char *out)
+            __attribute__ ((nonnull));
+
+#ifdef __cplusplus
+}
+#endif
+
+#endif
diff --git a/client/3rd/ShadowSocks/ShadowSocks/libsodium/include/sodium/crypto_kdf.h b/client/3rd/ShadowSocks/ShadowSocks/libsodium/include/sodium/crypto_kdf.h
new file mode 100644
index 00000000..ac2fc618
--- /dev/null
+++ b/client/3rd/ShadowSocks/ShadowSocks/libsodium/include/sodium/crypto_kdf.h
@@ -0,0 +1,53 @@
+#ifndef crypto_kdf_H
+#define crypto_kdf_H
+
+#include <stddef.h>
+#include <stdint.h>
+
+#include "crypto_kdf_blake2b.h"
+#include "export.h"
+
+#ifdef __cplusplus
+# ifdef __GNUC__
+#  pragma GCC diagnostic ignored "-Wlong-long"
+# endif
+extern "C" {
+#endif
+
+#define crypto_kdf_BYTES_MIN crypto_kdf_blake2b_BYTES_MIN
+SODIUM_EXPORT
+size_t crypto_kdf_bytes_min(void);
+
+#define crypto_kdf_BYTES_MAX crypto_kdf_blake2b_BYTES_MAX
+SODIUM_EXPORT
+size_t crypto_kdf_bytes_max(void);
+
+#define crypto_kdf_CONTEXTBYTES crypto_kdf_blake2b_CONTEXTBYTES
+SODIUM_EXPORT
+size_t crypto_kdf_contextbytes(void);
+
+#define crypto_kdf_KEYBYTES crypto_kdf_blake2b_KEYBYTES
+SODIUM_EXPORT
+size_t crypto_kdf_keybytes(void);
+
+#define crypto_kdf_PRIMITIVE "blake2b"
+SODIUM_EXPORT
+const char *crypto_kdf_primitive(void)
+            __attribute__ ((warn_unused_result));
+
+SODIUM_EXPORT
+int crypto_kdf_derive_from_key(unsigned char *subkey, size_t subkey_len,
+                               uint64_t subkey_id,
+                               const char ctx[crypto_kdf_CONTEXTBYTES],
+                               const unsigned char key[crypto_kdf_KEYBYTES])
+            __attribute__ ((nonnull));
+
+SODIUM_EXPORT
+void crypto_kdf_keygen(unsigned char k[crypto_kdf_KEYBYTES])
+            __attribute__ ((nonnull));
+
+#ifdef __cplusplus
+}
+#endif
+
+#endif
diff --git a/client/3rd/ShadowSocks/ShadowSocks/libsodium/include/sodium/crypto_kdf_blake2b.h b/client/3rd/ShadowSocks/ShadowSocks/libsodium/include/sodium/crypto_kdf_blake2b.h
new file mode 100644
index 00000000..489c7c20
--- /dev/null
+++ b/client/3rd/ShadowSocks/ShadowSocks/libsodium/include/sodium/crypto_kdf_blake2b.h
@@ -0,0 +1,44 @@
+#ifndef crypto_kdf_blake2b_H
+#define crypto_kdf_blake2b_H
+
+#include <stddef.h>
+#include <stdint.h>
+#include <stdlib.h>
+
+#include "export.h"
+
+#ifdef __cplusplus
+# ifdef __GNUC__
+#  pragma GCC diagnostic ignored "-Wlong-long"
+# endif
+extern "C" {
+#endif
+
+#define crypto_kdf_blake2b_BYTES_MIN 16
+SODIUM_EXPORT
+size_t crypto_kdf_blake2b_bytes_min(void);
+
+#define crypto_kdf_blake2b_BYTES_MAX 64
+SODIUM_EXPORT
+size_t crypto_kdf_blake2b_bytes_max(void);
+
+#define crypto_kdf_blake2b_CONTEXTBYTES 8
+SODIUM_EXPORT
+size_t crypto_kdf_blake2b_contextbytes(void);
+
+#define crypto_kdf_blake2b_KEYBYTES 32
+SODIUM_EXPORT
+size_t crypto_kdf_blake2b_keybytes(void);
+
+SODIUM_EXPORT
+int crypto_kdf_blake2b_derive_from_key(unsigned char *subkey, size_t subkey_len,
+                                       uint64_t subkey_id,
+                                       const char ctx[crypto_kdf_blake2b_CONTEXTBYTES],
+                                       const unsigned char key[crypto_kdf_blake2b_KEYBYTES])
+            __attribute__ ((nonnull));
+
+#ifdef __cplusplus
+}
+#endif
+
+#endif
diff --git a/client/3rd/ShadowSocks/ShadowSocks/libsodium/include/sodium/crypto_kdf_hkdf_sha256.h b/client/3rd/ShadowSocks/ShadowSocks/libsodium/include/sodium/crypto_kdf_hkdf_sha256.h
new file mode 100644
index 00000000..899a6316
--- /dev/null
+++ b/client/3rd/ShadowSocks/ShadowSocks/libsodium/include/sodium/crypto_kdf_hkdf_sha256.h
@@ -0,0 +1,48 @@
+#ifndef crypto_kdf_hkdf_sha256_H
+#define crypto_kdf_hkdf_sha256_H
+
+#include <stddef.h>
+#include <stdint.h>
+#include <stdlib.h>
+
+#include "crypto_kdf.h"
+#include "crypto_auth_hmacsha256.h"
+#include "export.h"
+
+#ifdef __cplusplus
+# ifdef __GNUC__
+#  pragma GCC diagnostic ignored "-Wlong-long"
+# endif
+extern "C" {
+#endif
+
+#define crypto_kdf_hkdf_sha256_KEYBYTES crypto_auth_hmacsha256_BYTES
+SODIUM_EXPORT
+size_t crypto_kdf_hkdf_sha256_keybytes(void);
+
+#define crypto_kdf_hkdf_sha256_BYTES_MIN 0U
+SODIUM_EXPORT
+size_t crypto_kdf_hkdf_sha256_bytes_min(void);
+
+#define crypto_kdf_hkdf_sha256_BYTES_MAX (0xff * crypto_auth_hmacsha256_BYTES)
+SODIUM_EXPORT
+size_t crypto_kdf_hkdf_sha256_bytes_max(void);
+
+SODIUM_EXPORT
+int crypto_kdf_hkdf_sha256_extract(unsigned char prk[crypto_kdf_hkdf_sha256_KEYBYTES],
+                                   const unsigned char *salt, size_t salt_len,
+                                   const unsigned char *ikm, size_t ikm_len);
+
+SODIUM_EXPORT
+void crypto_kdf_hkdf_sha256_keygen(unsigned char prk[crypto_kdf_hkdf_sha256_KEYBYTES]);
+
+SODIUM_EXPORT
+int crypto_kdf_hkdf_sha256_expand(unsigned char *out, size_t out_len,
+                                  const char *ctx, size_t ctx_len,
+                                  const unsigned char prk[crypto_kdf_hkdf_sha256_KEYBYTES]);
+
+#ifdef __cplusplus
+}
+#endif
+
+#endif
diff --git a/client/3rd/ShadowSocks/ShadowSocks/libsodium/include/sodium/crypto_kdf_hkdf_sha512.h b/client/3rd/ShadowSocks/ShadowSocks/libsodium/include/sodium/crypto_kdf_hkdf_sha512.h
new file mode 100644
index 00000000..3fa6868c
--- /dev/null
+++ b/client/3rd/ShadowSocks/ShadowSocks/libsodium/include/sodium/crypto_kdf_hkdf_sha512.h
@@ -0,0 +1,51 @@
+#ifndef crypto_kdf_hkdf_sha512_H
+#define crypto_kdf_hkdf_sha512_H
+
+#include <stddef.h>
+#include <stdint.h>
+#include <stdlib.h>
+
+#include "crypto_kdf.h"
+#include "crypto_auth_hmacsha512.h"
+#include "export.h"
+
+#ifdef __cplusplus
+# ifdef __GNUC__
+#  pragma GCC diagnostic ignored "-Wlong-long"
+# endif
+extern "C" {
+#endif
+
+#define crypto_kdf_hkdf_sha512_KEYBYTES crypto_auth_hmacsha512_BYTES
+SODIUM_EXPORT
+size_t crypto_kdf_hkdf_sha512_keybytes(void);
+
+#define crypto_kdf_hkdf_sha512_BYTES_MIN 0U
+SODIUM_EXPORT
+size_t crypto_kdf_hkdf_sha512_bytes_min(void);
+
+#define crypto_kdf_hkdf_sha512_BYTES_MAX (0xff * crypto_auth_hmacsha512_BYTES)
+SODIUM_EXPORT
+size_t crypto_kdf_hkdf_sha512_bytes_max(void);
+
+SODIUM_EXPORT
+int crypto_kdf_hkdf_sha512_extract(unsigned char prk[crypto_kdf_hkdf_sha512_KEYBYTES],
+                                   const unsigned char *salt, size_t salt_len,
+                                   const unsigned char *ikm, size_t ikm_len)
+            __attribute__ ((nonnull(1)));
+
+SODIUM_EXPORT
+void crypto_kdf_hkdf_sha512_keygen(unsigned char prk[crypto_kdf_hkdf_sha512_KEYBYTES])
+            __attribute__ ((nonnull));
+
+SODIUM_EXPORT
+int crypto_kdf_hkdf_sha512_expand(unsigned char *out, size_t out_len,
+                                  const char *ctx, size_t ctx_len,
+                                  const unsigned char prk[crypto_kdf_hkdf_sha512_KEYBYTES])
+            __attribute__ ((nonnull(1)));
+
+#ifdef __cplusplus
+}
+#endif
+
+#endif
diff --git a/client/3rd/ShadowSocks/ShadowSocks/libsodium/include/sodium/crypto_kx.h b/client/3rd/ShadowSocks/ShadowSocks/libsodium/include/sodium/crypto_kx.h
new file mode 100644
index 00000000..347132c3
--- /dev/null
+++ b/client/3rd/ShadowSocks/ShadowSocks/libsodium/include/sodium/crypto_kx.h
@@ -0,0 +1,66 @@
+#ifndef crypto_kx_H
+#define crypto_kx_H
+
+#include <stddef.h>
+
+#include "export.h"
+
+#ifdef __cplusplus
+# ifdef __GNUC__
+#  pragma GCC diagnostic ignored "-Wlong-long"
+# endif
+extern "C" {
+#endif
+
+#define crypto_kx_PUBLICKEYBYTES 32
+SODIUM_EXPORT
+size_t crypto_kx_publickeybytes(void);
+
+#define crypto_kx_SECRETKEYBYTES 32
+SODIUM_EXPORT
+size_t crypto_kx_secretkeybytes(void);
+
+#define crypto_kx_SEEDBYTES 32
+SODIUM_EXPORT
+size_t crypto_kx_seedbytes(void);
+
+#define crypto_kx_SESSIONKEYBYTES 32
+SODIUM_EXPORT
+size_t crypto_kx_sessionkeybytes(void);
+
+#define crypto_kx_PRIMITIVE "x25519blake2b"
+SODIUM_EXPORT
+const char *crypto_kx_primitive(void);
+
+SODIUM_EXPORT
+int crypto_kx_seed_keypair(unsigned char pk[crypto_kx_PUBLICKEYBYTES],
+                           unsigned char sk[crypto_kx_SECRETKEYBYTES],
+                           const unsigned char seed[crypto_kx_SEEDBYTES])
+            __attribute__ ((nonnull));
+
+SODIUM_EXPORT
+int crypto_kx_keypair(unsigned char pk[crypto_kx_PUBLICKEYBYTES],
+                      unsigned char sk[crypto_kx_SECRETKEYBYTES])
+            __attribute__ ((nonnull));
+
+SODIUM_EXPORT
+int crypto_kx_client_session_keys(unsigned char rx[crypto_kx_SESSIONKEYBYTES],
+                                  unsigned char tx[crypto_kx_SESSIONKEYBYTES],
+                                  const unsigned char client_pk[crypto_kx_PUBLICKEYBYTES],
+                                  const unsigned char client_sk[crypto_kx_SECRETKEYBYTES],
+                                  const unsigned char server_pk[crypto_kx_PUBLICKEYBYTES])
+            __attribute__ ((warn_unused_result))  __attribute__ ((nonnull(3, 4, 5)));
+
+SODIUM_EXPORT
+int crypto_kx_server_session_keys(unsigned char rx[crypto_kx_SESSIONKEYBYTES],
+                                  unsigned char tx[crypto_kx_SESSIONKEYBYTES],
+                                  const unsigned char server_pk[crypto_kx_PUBLICKEYBYTES],
+                                  const unsigned char server_sk[crypto_kx_SECRETKEYBYTES],
+                                  const unsigned char client_pk[crypto_kx_PUBLICKEYBYTES])
+            __attribute__ ((warn_unused_result))  __attribute__ ((nonnull(3, 4, 5)));
+
+#ifdef __cplusplus
+}
+#endif
+
+#endif
diff --git a/client/3rd/ShadowSocks/ShadowSocks/libsodium/include/sodium/crypto_onetimeauth.h b/client/3rd/ShadowSocks/ShadowSocks/libsodium/include/sodium/crypto_onetimeauth.h
new file mode 100644
index 00000000..7cd7b070
--- /dev/null
+++ b/client/3rd/ShadowSocks/ShadowSocks/libsodium/include/sodium/crypto_onetimeauth.h
@@ -0,0 +1,65 @@
+#ifndef crypto_onetimeauth_H
+#define crypto_onetimeauth_H
+
+#include <stddef.h>
+
+#include "crypto_onetimeauth_poly1305.h"
+#include "export.h"
+
+#ifdef __cplusplus
+# ifdef __GNUC__
+#  pragma GCC diagnostic ignored "-Wlong-long"
+# endif
+extern "C" {
+#endif
+
+typedef crypto_onetimeauth_poly1305_state crypto_onetimeauth_state;
+
+SODIUM_EXPORT
+size_t  crypto_onetimeauth_statebytes(void);
+
+#define crypto_onetimeauth_BYTES crypto_onetimeauth_poly1305_BYTES
+SODIUM_EXPORT
+size_t  crypto_onetimeauth_bytes(void);
+
+#define crypto_onetimeauth_KEYBYTES crypto_onetimeauth_poly1305_KEYBYTES
+SODIUM_EXPORT
+size_t  crypto_onetimeauth_keybytes(void);
+
+#define crypto_onetimeauth_PRIMITIVE "poly1305"
+SODIUM_EXPORT
+const char *crypto_onetimeauth_primitive(void);
+
+SODIUM_EXPORT
+int crypto_onetimeauth(unsigned char *out, const unsigned char *in,
+                       unsigned long long inlen, const unsigned char *k)
+            __attribute__ ((nonnull(1, 4)));
+
+SODIUM_EXPORT
+int crypto_onetimeauth_verify(const unsigned char *h, const unsigned char *in,
+                              unsigned long long inlen, const unsigned char *k)
+            __attribute__ ((warn_unused_result)) __attribute__ ((nonnull(1, 4)));
+
+SODIUM_EXPORT
+int crypto_onetimeauth_init(crypto_onetimeauth_state *state,
+                            const unsigned char *key) __attribute__ ((nonnull));
+
+SODIUM_EXPORT
+int crypto_onetimeauth_update(crypto_onetimeauth_state *state,
+                              const unsigned char *in,
+                              unsigned long long inlen)
+            __attribute__ ((nonnull(1)));
+
+SODIUM_EXPORT
+int crypto_onetimeauth_final(crypto_onetimeauth_state *state,
+                             unsigned char *out) __attribute__ ((nonnull));
+
+SODIUM_EXPORT
+void crypto_onetimeauth_keygen(unsigned char k[crypto_onetimeauth_KEYBYTES])
+            __attribute__ ((nonnull));
+
+#ifdef __cplusplus
+}
+#endif
+
+#endif
diff --git a/client/3rd/ShadowSocks/ShadowSocks/libsodium/include/sodium/crypto_onetimeauth_poly1305.h b/client/3rd/ShadowSocks/ShadowSocks/libsodium/include/sodium/crypto_onetimeauth_poly1305.h
new file mode 100644
index 00000000..f3e34d86
--- /dev/null
+++ b/client/3rd/ShadowSocks/ShadowSocks/libsodium/include/sodium/crypto_onetimeauth_poly1305.h
@@ -0,0 +1,72 @@
+#ifndef crypto_onetimeauth_poly1305_H
+#define crypto_onetimeauth_poly1305_H
+
+#ifdef __cplusplus
+# ifdef __GNUC__
+#  pragma GCC diagnostic ignored "-Wlong-long"
+# endif
+extern "C" {
+#endif
+
+#include <stdint.h>
+#include <stdio.h>
+#include <stdlib.h>
+
+#include <sys/types.h>
+
+#include "export.h"
+
+typedef struct CRYPTO_ALIGN(16) crypto_onetimeauth_poly1305_state {
+    unsigned char opaque[256];
+} crypto_onetimeauth_poly1305_state;
+
+SODIUM_EXPORT
+size_t crypto_onetimeauth_poly1305_statebytes(void);
+
+#define crypto_onetimeauth_poly1305_BYTES 16U
+SODIUM_EXPORT
+size_t crypto_onetimeauth_poly1305_bytes(void);
+
+#define crypto_onetimeauth_poly1305_KEYBYTES 32U
+SODIUM_EXPORT
+size_t crypto_onetimeauth_poly1305_keybytes(void);
+
+SODIUM_EXPORT
+int crypto_onetimeauth_poly1305(unsigned char *out,
+                                const unsigned char *in,
+                                unsigned long long inlen,
+                                const unsigned char *k)
+            __attribute__ ((nonnull(1, 4)));
+
+SODIUM_EXPORT
+int crypto_onetimeauth_poly1305_verify(const unsigned char *h,
+                                       const unsigned char *in,
+                                       unsigned long long inlen,
+                                       const unsigned char *k)
+            __attribute__ ((warn_unused_result)) __attribute__ ((nonnull(1, 4)));
+
+SODIUM_EXPORT
+int crypto_onetimeauth_poly1305_init(crypto_onetimeauth_poly1305_state *state,
+                                     const unsigned char *key)
+            __attribute__ ((nonnull));
+
+SODIUM_EXPORT
+int crypto_onetimeauth_poly1305_update(crypto_onetimeauth_poly1305_state *state,
+                                       const unsigned char *in,
+                                       unsigned long long inlen)
+            __attribute__ ((nonnull(1)));
+
+SODIUM_EXPORT
+int crypto_onetimeauth_poly1305_final(crypto_onetimeauth_poly1305_state *state,
+                                      unsigned char *out)
+            __attribute__ ((nonnull));
+
+SODIUM_EXPORT
+void crypto_onetimeauth_poly1305_keygen(unsigned char k[crypto_onetimeauth_poly1305_KEYBYTES])
+            __attribute__ ((nonnull));
+
+#ifdef __cplusplus
+}
+#endif
+
+#endif
diff --git a/client/3rd/ShadowSocks/ShadowSocks/libsodium/include/sodium/crypto_pwhash.h b/client/3rd/ShadowSocks/ShadowSocks/libsodium/include/sodium/crypto_pwhash.h
new file mode 100644
index 00000000..307265d3
--- /dev/null
+++ b/client/3rd/ShadowSocks/ShadowSocks/libsodium/include/sodium/crypto_pwhash.h
@@ -0,0 +1,147 @@
+#ifndef crypto_pwhash_H
+#define crypto_pwhash_H
+
+#include <stddef.h>
+
+#include "crypto_pwhash_argon2i.h"
+#include "crypto_pwhash_argon2id.h"
+#include "export.h"
+
+#ifdef __cplusplus
+# ifdef __GNUC__
+#  pragma GCC diagnostic ignored "-Wlong-long"
+# endif
+extern "C" {
+#endif
+
+#define crypto_pwhash_ALG_ARGON2I13 crypto_pwhash_argon2i_ALG_ARGON2I13
+SODIUM_EXPORT
+int crypto_pwhash_alg_argon2i13(void);
+
+#define crypto_pwhash_ALG_ARGON2ID13 crypto_pwhash_argon2id_ALG_ARGON2ID13
+SODIUM_EXPORT
+int crypto_pwhash_alg_argon2id13(void);
+
+#define crypto_pwhash_ALG_DEFAULT crypto_pwhash_ALG_ARGON2ID13
+SODIUM_EXPORT
+int crypto_pwhash_alg_default(void);
+
+#define crypto_pwhash_BYTES_MIN crypto_pwhash_argon2id_BYTES_MIN
+SODIUM_EXPORT
+size_t crypto_pwhash_bytes_min(void);
+
+#define crypto_pwhash_BYTES_MAX crypto_pwhash_argon2id_BYTES_MAX
+SODIUM_EXPORT
+size_t crypto_pwhash_bytes_max(void);
+
+#define crypto_pwhash_PASSWD_MIN crypto_pwhash_argon2id_PASSWD_MIN
+SODIUM_EXPORT
+size_t crypto_pwhash_passwd_min(void);
+
+#define crypto_pwhash_PASSWD_MAX crypto_pwhash_argon2id_PASSWD_MAX
+SODIUM_EXPORT
+size_t crypto_pwhash_passwd_max(void);
+
+#define crypto_pwhash_SALTBYTES crypto_pwhash_argon2id_SALTBYTES
+SODIUM_EXPORT
+size_t crypto_pwhash_saltbytes(void);
+
+#define crypto_pwhash_STRBYTES crypto_pwhash_argon2id_STRBYTES
+SODIUM_EXPORT
+size_t crypto_pwhash_strbytes(void);
+
+#define crypto_pwhash_STRPREFIX crypto_pwhash_argon2id_STRPREFIX
+SODIUM_EXPORT
+const char *crypto_pwhash_strprefix(void);
+
+#define crypto_pwhash_OPSLIMIT_MIN crypto_pwhash_argon2id_OPSLIMIT_MIN
+SODIUM_EXPORT
+unsigned long long crypto_pwhash_opslimit_min(void);
+
+#define crypto_pwhash_OPSLIMIT_MAX crypto_pwhash_argon2id_OPSLIMIT_MAX
+SODIUM_EXPORT
+unsigned long long crypto_pwhash_opslimit_max(void);
+
+#define crypto_pwhash_MEMLIMIT_MIN crypto_pwhash_argon2id_MEMLIMIT_MIN
+SODIUM_EXPORT
+size_t crypto_pwhash_memlimit_min(void);
+
+#define crypto_pwhash_MEMLIMIT_MAX crypto_pwhash_argon2id_MEMLIMIT_MAX
+SODIUM_EXPORT
+size_t crypto_pwhash_memlimit_max(void);
+
+#define crypto_pwhash_OPSLIMIT_INTERACTIVE crypto_pwhash_argon2id_OPSLIMIT_INTERACTIVE
+SODIUM_EXPORT
+unsigned long long crypto_pwhash_opslimit_interactive(void);
+
+#define crypto_pwhash_MEMLIMIT_INTERACTIVE crypto_pwhash_argon2id_MEMLIMIT_INTERACTIVE
+SODIUM_EXPORT
+size_t crypto_pwhash_memlimit_interactive(void);
+
+#define crypto_pwhash_OPSLIMIT_MODERATE crypto_pwhash_argon2id_OPSLIMIT_MODERATE
+SODIUM_EXPORT
+unsigned long long crypto_pwhash_opslimit_moderate(void);
+
+#define crypto_pwhash_MEMLIMIT_MODERATE crypto_pwhash_argon2id_MEMLIMIT_MODERATE
+SODIUM_EXPORT
+size_t crypto_pwhash_memlimit_moderate(void);
+
+#define crypto_pwhash_OPSLIMIT_SENSITIVE crypto_pwhash_argon2id_OPSLIMIT_SENSITIVE
+SODIUM_EXPORT
+unsigned long long crypto_pwhash_opslimit_sensitive(void);
+
+#define crypto_pwhash_MEMLIMIT_SENSITIVE crypto_pwhash_argon2id_MEMLIMIT_SENSITIVE
+SODIUM_EXPORT
+size_t crypto_pwhash_memlimit_sensitive(void);
+
+/*
+ * With this function, do not forget to store all parameters, including the
+ * algorithm identifier in order to produce deterministic output.
+ * The crypto_pwhash_* definitions, including crypto_pwhash_ALG_DEFAULT,
+ * may change.
+ */
+SODIUM_EXPORT
+int crypto_pwhash(unsigned char * const out, unsigned long long outlen,
+                  const char * const passwd, unsigned long long passwdlen,
+                  const unsigned char * const salt,
+                  unsigned long long opslimit, size_t memlimit, int alg)
+            __attribute__ ((warn_unused_result)) __attribute__ ((nonnull));
+
+/*
+ * The output string already includes all the required parameters, including
+ * the algorithm identifier. The string is all that has to be stored in
+ * order to verify a password.
+ */
+SODIUM_EXPORT
+int crypto_pwhash_str(char out[crypto_pwhash_STRBYTES],
+                      const char * const passwd, unsigned long long passwdlen,
+                      unsigned long long opslimit, size_t memlimit)
+            __attribute__ ((warn_unused_result)) __attribute__ ((nonnull));
+
+SODIUM_EXPORT
+int crypto_pwhash_str_alg(char out[crypto_pwhash_STRBYTES],
+                          const char * const passwd, unsigned long long passwdlen,
+                          unsigned long long opslimit, size_t memlimit, int alg)
+            __attribute__ ((warn_unused_result)) __attribute__ ((nonnull));
+
+SODIUM_EXPORT
+int crypto_pwhash_str_verify(const char *str,
+                             const char * const passwd,
+                             unsigned long long passwdlen)
+            __attribute__ ((warn_unused_result)) __attribute__ ((nonnull));
+
+SODIUM_EXPORT
+int crypto_pwhash_str_needs_rehash(const char *str,
+                                   unsigned long long opslimit, size_t memlimit)
+            __attribute__ ((warn_unused_result)) __attribute__ ((nonnull));
+
+#define crypto_pwhash_PRIMITIVE "argon2i"
+SODIUM_EXPORT
+const char *crypto_pwhash_primitive(void)
+            __attribute__ ((warn_unused_result));
+
+#ifdef __cplusplus
+}
+#endif
+
+#endif
diff --git a/client/3rd/ShadowSocks/ShadowSocks/libsodium/include/sodium/crypto_pwhash_argon2i.h b/client/3rd/ShadowSocks/ShadowSocks/libsodium/include/sodium/crypto_pwhash_argon2i.h
new file mode 100644
index 00000000..91156ba0
--- /dev/null
+++ b/client/3rd/ShadowSocks/ShadowSocks/libsodium/include/sodium/crypto_pwhash_argon2i.h
@@ -0,0 +1,122 @@
+#ifndef crypto_pwhash_argon2i_H
+#define crypto_pwhash_argon2i_H
+
+#include <limits.h>
+#include <stddef.h>
+#include <stdint.h>
+
+#include "export.h"
+
+#ifdef __cplusplus
+# ifdef __GNUC__
+#  pragma GCC diagnostic ignored "-Wlong-long"
+# endif
+extern "C" {
+#endif
+
+#define crypto_pwhash_argon2i_ALG_ARGON2I13 1
+SODIUM_EXPORT
+int crypto_pwhash_argon2i_alg_argon2i13(void);
+
+#define crypto_pwhash_argon2i_BYTES_MIN 16U
+SODIUM_EXPORT
+size_t crypto_pwhash_argon2i_bytes_min(void);
+
+#define crypto_pwhash_argon2i_BYTES_MAX SODIUM_MIN(SODIUM_SIZE_MAX, 4294967295U)
+SODIUM_EXPORT
+size_t crypto_pwhash_argon2i_bytes_max(void);
+
+#define crypto_pwhash_argon2i_PASSWD_MIN 0U
+SODIUM_EXPORT
+size_t crypto_pwhash_argon2i_passwd_min(void);
+
+#define crypto_pwhash_argon2i_PASSWD_MAX 4294967295U
+SODIUM_EXPORT
+size_t crypto_pwhash_argon2i_passwd_max(void);
+
+#define crypto_pwhash_argon2i_SALTBYTES 16U
+SODIUM_EXPORT
+size_t crypto_pwhash_argon2i_saltbytes(void);
+
+#define crypto_pwhash_argon2i_STRBYTES 128U
+SODIUM_EXPORT
+size_t crypto_pwhash_argon2i_strbytes(void);
+
+#define crypto_pwhash_argon2i_STRPREFIX "$argon2i$"
+SODIUM_EXPORT
+const char *crypto_pwhash_argon2i_strprefix(void);
+
+#define crypto_pwhash_argon2i_OPSLIMIT_MIN 3U
+SODIUM_EXPORT
+unsigned long long crypto_pwhash_argon2i_opslimit_min(void);
+
+#define crypto_pwhash_argon2i_OPSLIMIT_MAX 4294967295U
+SODIUM_EXPORT
+unsigned long long crypto_pwhash_argon2i_opslimit_max(void);
+
+#define crypto_pwhash_argon2i_MEMLIMIT_MIN 8192U
+SODIUM_EXPORT
+size_t crypto_pwhash_argon2i_memlimit_min(void);
+
+#define crypto_pwhash_argon2i_MEMLIMIT_MAX \
+    ((SIZE_MAX >= 4398046510080U) ? 4398046510080U : (SIZE_MAX >= 2147483648U) ? 2147483648U : 32768U)
+SODIUM_EXPORT
+size_t crypto_pwhash_argon2i_memlimit_max(void);
+
+#define crypto_pwhash_argon2i_OPSLIMIT_INTERACTIVE 4U
+SODIUM_EXPORT
+unsigned long long crypto_pwhash_argon2i_opslimit_interactive(void);
+
+#define crypto_pwhash_argon2i_MEMLIMIT_INTERACTIVE 33554432U
+SODIUM_EXPORT
+size_t crypto_pwhash_argon2i_memlimit_interactive(void);
+
+#define crypto_pwhash_argon2i_OPSLIMIT_MODERATE 6U
+SODIUM_EXPORT
+unsigned long long crypto_pwhash_argon2i_opslimit_moderate(void);
+
+#define crypto_pwhash_argon2i_MEMLIMIT_MODERATE 134217728U
+SODIUM_EXPORT
+size_t crypto_pwhash_argon2i_memlimit_moderate(void);
+
+#define crypto_pwhash_argon2i_OPSLIMIT_SENSITIVE 8U
+SODIUM_EXPORT
+unsigned long long crypto_pwhash_argon2i_opslimit_sensitive(void);
+
+#define crypto_pwhash_argon2i_MEMLIMIT_SENSITIVE 536870912U
+SODIUM_EXPORT
+size_t crypto_pwhash_argon2i_memlimit_sensitive(void);
+
+SODIUM_EXPORT
+int crypto_pwhash_argon2i(unsigned char * const out,
+                          unsigned long long outlen,
+                          const char * const passwd,
+                          unsigned long long passwdlen,
+                          const unsigned char * const salt,
+                          unsigned long long opslimit, size_t memlimit,
+                          int alg)
+            __attribute__ ((warn_unused_result)) __attribute__ ((nonnull));
+
+SODIUM_EXPORT
+int crypto_pwhash_argon2i_str(char out[crypto_pwhash_argon2i_STRBYTES],
+                              const char * const passwd,
+                              unsigned long long passwdlen,
+                              unsigned long long opslimit, size_t memlimit)
+            __attribute__ ((warn_unused_result)) __attribute__ ((nonnull));
+
+SODIUM_EXPORT
+int crypto_pwhash_argon2i_str_verify(const char * str,
+                                     const char * const passwd,
+                                     unsigned long long passwdlen)
+            __attribute__ ((warn_unused_result)) __attribute__ ((nonnull));
+
+SODIUM_EXPORT
+int crypto_pwhash_argon2i_str_needs_rehash(const char * str,
+                                           unsigned long long opslimit, size_t memlimit)
+            __attribute__ ((warn_unused_result))  __attribute__ ((nonnull));
+
+#ifdef __cplusplus
+}
+#endif
+
+#endif
diff --git a/client/3rd/ShadowSocks/ShadowSocks/libsodium/include/sodium/crypto_pwhash_argon2id.h b/client/3rd/ShadowSocks/ShadowSocks/libsodium/include/sodium/crypto_pwhash_argon2id.h
new file mode 100644
index 00000000..e6f72a92
--- /dev/null
+++ b/client/3rd/ShadowSocks/ShadowSocks/libsodium/include/sodium/crypto_pwhash_argon2id.h
@@ -0,0 +1,122 @@
+#ifndef crypto_pwhash_argon2id_H
+#define crypto_pwhash_argon2id_H
+
+#include <limits.h>
+#include <stddef.h>
+#include <stdint.h>
+
+#include "export.h"
+
+#ifdef __cplusplus
+# ifdef __GNUC__
+#  pragma GCC diagnostic ignored "-Wlong-long"
+# endif
+extern "C" {
+#endif
+
+#define crypto_pwhash_argon2id_ALG_ARGON2ID13 2
+SODIUM_EXPORT
+int crypto_pwhash_argon2id_alg_argon2id13(void);
+
+#define crypto_pwhash_argon2id_BYTES_MIN 16U
+SODIUM_EXPORT
+size_t crypto_pwhash_argon2id_bytes_min(void);
+
+#define crypto_pwhash_argon2id_BYTES_MAX SODIUM_MIN(SODIUM_SIZE_MAX, 4294967295U)
+SODIUM_EXPORT
+size_t crypto_pwhash_argon2id_bytes_max(void);
+
+#define crypto_pwhash_argon2id_PASSWD_MIN 0U
+SODIUM_EXPORT
+size_t crypto_pwhash_argon2id_passwd_min(void);
+
+#define crypto_pwhash_argon2id_PASSWD_MAX 4294967295U
+SODIUM_EXPORT
+size_t crypto_pwhash_argon2id_passwd_max(void);
+
+#define crypto_pwhash_argon2id_SALTBYTES 16U
+SODIUM_EXPORT
+size_t crypto_pwhash_argon2id_saltbytes(void);
+
+#define crypto_pwhash_argon2id_STRBYTES 128U
+SODIUM_EXPORT
+size_t crypto_pwhash_argon2id_strbytes(void);
+
+#define crypto_pwhash_argon2id_STRPREFIX "$argon2id$"
+SODIUM_EXPORT
+const char *crypto_pwhash_argon2id_strprefix(void);
+
+#define crypto_pwhash_argon2id_OPSLIMIT_MIN 1U
+SODIUM_EXPORT
+unsigned long long crypto_pwhash_argon2id_opslimit_min(void);
+
+#define crypto_pwhash_argon2id_OPSLIMIT_MAX 4294967295U
+SODIUM_EXPORT
+unsigned long long crypto_pwhash_argon2id_opslimit_max(void);
+
+#define crypto_pwhash_argon2id_MEMLIMIT_MIN 8192U
+SODIUM_EXPORT
+size_t crypto_pwhash_argon2id_memlimit_min(void);
+
+#define crypto_pwhash_argon2id_MEMLIMIT_MAX \
+    ((SIZE_MAX >= 4398046510080U) ? 4398046510080U : (SIZE_MAX >= 2147483648U) ? 2147483648U : 32768U)
+SODIUM_EXPORT
+size_t crypto_pwhash_argon2id_memlimit_max(void);
+
+#define crypto_pwhash_argon2id_OPSLIMIT_INTERACTIVE 2U
+SODIUM_EXPORT
+unsigned long long crypto_pwhash_argon2id_opslimit_interactive(void);
+
+#define crypto_pwhash_argon2id_MEMLIMIT_INTERACTIVE 67108864U
+SODIUM_EXPORT
+size_t crypto_pwhash_argon2id_memlimit_interactive(void);
+
+#define crypto_pwhash_argon2id_OPSLIMIT_MODERATE 3U
+SODIUM_EXPORT
+unsigned long long crypto_pwhash_argon2id_opslimit_moderate(void);
+
+#define crypto_pwhash_argon2id_MEMLIMIT_MODERATE 268435456U
+SODIUM_EXPORT
+size_t crypto_pwhash_argon2id_memlimit_moderate(void);
+
+#define crypto_pwhash_argon2id_OPSLIMIT_SENSITIVE 4U
+SODIUM_EXPORT
+unsigned long long crypto_pwhash_argon2id_opslimit_sensitive(void);
+
+#define crypto_pwhash_argon2id_MEMLIMIT_SENSITIVE 1073741824U
+SODIUM_EXPORT
+size_t crypto_pwhash_argon2id_memlimit_sensitive(void);
+
+SODIUM_EXPORT
+int crypto_pwhash_argon2id(unsigned char * const out,
+                           unsigned long long outlen,
+                           const char * const passwd,
+                           unsigned long long passwdlen,
+                           const unsigned char * const salt,
+                           unsigned long long opslimit, size_t memlimit,
+                           int alg)
+            __attribute__ ((warn_unused_result)) __attribute__ ((nonnull));
+
+SODIUM_EXPORT
+int crypto_pwhash_argon2id_str(char out[crypto_pwhash_argon2id_STRBYTES],
+                               const char * const passwd,
+                               unsigned long long passwdlen,
+                               unsigned long long opslimit, size_t memlimit)
+            __attribute__ ((warn_unused_result)) __attribute__ ((nonnull));
+
+SODIUM_EXPORT
+int crypto_pwhash_argon2id_str_verify(const char * str,
+                                      const char * const passwd,
+                                      unsigned long long passwdlen)
+            __attribute__ ((warn_unused_result))  __attribute__ ((nonnull));
+
+SODIUM_EXPORT
+int crypto_pwhash_argon2id_str_needs_rehash(const char * str,
+                                            unsigned long long opslimit, size_t memlimit)
+            __attribute__ ((warn_unused_result))  __attribute__ ((nonnull));
+
+#ifdef __cplusplus
+}
+#endif
+
+#endif
diff --git a/client/3rd/ShadowSocks/ShadowSocks/libsodium/include/sodium/crypto_pwhash_scryptsalsa208sha256.h b/client/3rd/ShadowSocks/ShadowSocks/libsodium/include/sodium/crypto_pwhash_scryptsalsa208sha256.h
new file mode 100644
index 00000000..1fd3692f
--- /dev/null
+++ b/client/3rd/ShadowSocks/ShadowSocks/libsodium/include/sodium/crypto_pwhash_scryptsalsa208sha256.h
@@ -0,0 +1,120 @@
+#ifndef crypto_pwhash_scryptsalsa208sha256_H
+#define crypto_pwhash_scryptsalsa208sha256_H
+
+#include <limits.h>
+#include <stddef.h>
+#include <stdint.h>
+
+#include "export.h"
+
+#ifdef __cplusplus
+# ifdef __GNUC__
+#  pragma GCC diagnostic ignored "-Wlong-long"
+# endif
+extern "C" {
+#endif
+
+#define crypto_pwhash_scryptsalsa208sha256_BYTES_MIN 16U
+SODIUM_EXPORT
+size_t crypto_pwhash_scryptsalsa208sha256_bytes_min(void);
+
+#define crypto_pwhash_scryptsalsa208sha256_BYTES_MAX \
+    SODIUM_MIN(SODIUM_SIZE_MAX, 0x1fffffffe0ULL)
+SODIUM_EXPORT
+size_t crypto_pwhash_scryptsalsa208sha256_bytes_max(void);
+
+#define crypto_pwhash_scryptsalsa208sha256_PASSWD_MIN 0U
+SODIUM_EXPORT
+size_t crypto_pwhash_scryptsalsa208sha256_passwd_min(void);
+
+#define crypto_pwhash_scryptsalsa208sha256_PASSWD_MAX SODIUM_SIZE_MAX
+SODIUM_EXPORT
+size_t crypto_pwhash_scryptsalsa208sha256_passwd_max(void);
+
+#define crypto_pwhash_scryptsalsa208sha256_SALTBYTES 32U
+SODIUM_EXPORT
+size_t crypto_pwhash_scryptsalsa208sha256_saltbytes(void);
+
+#define crypto_pwhash_scryptsalsa208sha256_STRBYTES 102U
+SODIUM_EXPORT
+size_t crypto_pwhash_scryptsalsa208sha256_strbytes(void);
+
+#define crypto_pwhash_scryptsalsa208sha256_STRPREFIX "$7$"
+SODIUM_EXPORT
+const char *crypto_pwhash_scryptsalsa208sha256_strprefix(void);
+
+#define crypto_pwhash_scryptsalsa208sha256_OPSLIMIT_MIN 32768U
+SODIUM_EXPORT
+unsigned long long crypto_pwhash_scryptsalsa208sha256_opslimit_min(void);
+
+#define crypto_pwhash_scryptsalsa208sha256_OPSLIMIT_MAX 4294967295U
+SODIUM_EXPORT
+unsigned long long crypto_pwhash_scryptsalsa208sha256_opslimit_max(void);
+
+#define crypto_pwhash_scryptsalsa208sha256_MEMLIMIT_MIN 16777216U
+SODIUM_EXPORT
+size_t crypto_pwhash_scryptsalsa208sha256_memlimit_min(void);
+
+#define crypto_pwhash_scryptsalsa208sha256_MEMLIMIT_MAX \
+    SODIUM_MIN(SIZE_MAX, 68719476736ULL)
+SODIUM_EXPORT
+size_t crypto_pwhash_scryptsalsa208sha256_memlimit_max(void);
+
+#define crypto_pwhash_scryptsalsa208sha256_OPSLIMIT_INTERACTIVE 524288U
+SODIUM_EXPORT
+unsigned long long crypto_pwhash_scryptsalsa208sha256_opslimit_interactive(void);
+
+#define crypto_pwhash_scryptsalsa208sha256_MEMLIMIT_INTERACTIVE 16777216U
+SODIUM_EXPORT
+size_t crypto_pwhash_scryptsalsa208sha256_memlimit_interactive(void);
+
+#define crypto_pwhash_scryptsalsa208sha256_OPSLIMIT_SENSITIVE 33554432U
+SODIUM_EXPORT
+unsigned long long crypto_pwhash_scryptsalsa208sha256_opslimit_sensitive(void);
+
+#define crypto_pwhash_scryptsalsa208sha256_MEMLIMIT_SENSITIVE 1073741824U
+SODIUM_EXPORT
+size_t crypto_pwhash_scryptsalsa208sha256_memlimit_sensitive(void);
+
+SODIUM_EXPORT
+int crypto_pwhash_scryptsalsa208sha256(unsigned char * const out,
+                                       unsigned long long outlen,
+                                       const char * const passwd,
+                                       unsigned long long passwdlen,
+                                       const unsigned char * const salt,
+                                       unsigned long long opslimit,
+                                       size_t memlimit)
+            __attribute__ ((warn_unused_result)) __attribute__ ((nonnull));
+
+SODIUM_EXPORT
+int crypto_pwhash_scryptsalsa208sha256_str(char out[crypto_pwhash_scryptsalsa208sha256_STRBYTES],
+                                           const char * const passwd,
+                                           unsigned long long passwdlen,
+                                           unsigned long long opslimit,
+                                           size_t memlimit)
+            __attribute__ ((warn_unused_result)) __attribute__ ((nonnull));
+
+SODIUM_EXPORT
+int crypto_pwhash_scryptsalsa208sha256_str_verify(const char * str,
+                                                  const char * const passwd,
+                                                  unsigned long long passwdlen)
+            __attribute__ ((warn_unused_result)) __attribute__ ((nonnull));
+
+SODIUM_EXPORT
+int crypto_pwhash_scryptsalsa208sha256_ll(const uint8_t * passwd, size_t passwdlen,
+                                          const uint8_t * salt, size_t saltlen,
+                                          uint64_t N, uint32_t r, uint32_t p,
+                                          uint8_t * buf, size_t buflen)
+            __attribute__ ((warn_unused_result)) __attribute__ ((nonnull));
+
+SODIUM_EXPORT
+int crypto_pwhash_scryptsalsa208sha256_str_needs_rehash(const char * str,
+                                                        unsigned long long opslimit,
+                                                        size_t memlimit)
+            __attribute__ ((warn_unused_result))  __attribute__ ((nonnull));
+
+#ifdef __cplusplus
+}
+#endif
+
+#endif
diff --git a/client/3rd/ShadowSocks/ShadowSocks/libsodium/include/sodium/crypto_scalarmult.h b/client/3rd/ShadowSocks/ShadowSocks/libsodium/include/sodium/crypto_scalarmult.h
new file mode 100644
index 00000000..1c685853
--- /dev/null
+++ b/client/3rd/ShadowSocks/ShadowSocks/libsodium/include/sodium/crypto_scalarmult.h
@@ -0,0 +1,46 @@
+#ifndef crypto_scalarmult_H
+#define crypto_scalarmult_H
+
+#include <stddef.h>
+
+#include "crypto_scalarmult_curve25519.h"
+#include "export.h"
+
+#ifdef __cplusplus
+extern "C" {
+#endif
+
+#define crypto_scalarmult_BYTES crypto_scalarmult_curve25519_BYTES
+SODIUM_EXPORT
+size_t  crypto_scalarmult_bytes(void);
+
+#define crypto_scalarmult_SCALARBYTES crypto_scalarmult_curve25519_SCALARBYTES
+SODIUM_EXPORT
+size_t  crypto_scalarmult_scalarbytes(void);
+
+#define crypto_scalarmult_PRIMITIVE "curve25519"
+SODIUM_EXPORT
+const char *crypto_scalarmult_primitive(void);
+
+SODIUM_EXPORT
+int crypto_scalarmult_base(unsigned char *q, const unsigned char *n)
+            __attribute__ ((nonnull));
+
+/*
+ * NOTE: Do not use the result of this function directly for key exchange.
+ *
+ * Hash the result with the public keys in order to compute a shared
+ * secret key: H(q || client_pk || server_pk)
+ *
+ * Or unless this is not an option, use the crypto_kx() API instead.
+ */
+SODIUM_EXPORT
+int crypto_scalarmult(unsigned char *q, const unsigned char *n,
+                      const unsigned char *p)
+            __attribute__ ((warn_unused_result)) __attribute__ ((nonnull));
+
+#ifdef __cplusplus
+}
+#endif
+
+#endif
diff --git a/client/3rd/ShadowSocks/ShadowSocks/libsodium/include/sodium/crypto_scalarmult_curve25519.h b/client/3rd/ShadowSocks/ShadowSocks/libsodium/include/sodium/crypto_scalarmult_curve25519.h
new file mode 100644
index 00000000..60e9d0c5
--- /dev/null
+++ b/client/3rd/ShadowSocks/ShadowSocks/libsodium/include/sodium/crypto_scalarmult_curve25519.h
@@ -0,0 +1,42 @@
+#ifndef crypto_scalarmult_curve25519_H
+#define crypto_scalarmult_curve25519_H
+
+#include <stddef.h>
+
+#include "export.h"
+
+#ifdef __cplusplus
+extern "C" {
+#endif
+
+#define crypto_scalarmult_curve25519_BYTES 32U
+SODIUM_EXPORT
+size_t crypto_scalarmult_curve25519_bytes(void);
+
+#define crypto_scalarmult_curve25519_SCALARBYTES 32U
+SODIUM_EXPORT
+size_t crypto_scalarmult_curve25519_scalarbytes(void);
+
+/*
+ * NOTE: Do not use the result of this function directly for key exchange.
+ *
+ * Hash the result with the public keys in order to compute a shared
+ * secret key: H(q || client_pk || server_pk)
+ *
+ * Or unless this is not an option, use the crypto_kx() API instead.
+ */
+SODIUM_EXPORT
+int crypto_scalarmult_curve25519(unsigned char *q, const unsigned char *n,
+                                 const unsigned char *p)
+            __attribute__ ((warn_unused_result)) __attribute__ ((nonnull));
+
+SODIUM_EXPORT
+int crypto_scalarmult_curve25519_base(unsigned char *q,
+                                      const unsigned char *n)
+            __attribute__ ((nonnull));
+
+#ifdef __cplusplus
+}
+#endif
+
+#endif
diff --git a/client/3rd/ShadowSocks/ShadowSocks/libsodium/include/sodium/crypto_scalarmult_ed25519.h b/client/3rd/ShadowSocks/ShadowSocks/libsodium/include/sodium/crypto_scalarmult_ed25519.h
new file mode 100644
index 00000000..2dfa4d70
--- /dev/null
+++ b/client/3rd/ShadowSocks/ShadowSocks/libsodium/include/sodium/crypto_scalarmult_ed25519.h
@@ -0,0 +1,51 @@
+
+#ifndef crypto_scalarmult_ed25519_H
+#define crypto_scalarmult_ed25519_H
+
+#include <stddef.h>
+
+#include "export.h"
+
+#ifdef __cplusplus
+extern "C" {
+#endif
+
+#define crypto_scalarmult_ed25519_BYTES 32U
+SODIUM_EXPORT
+size_t crypto_scalarmult_ed25519_bytes(void);
+
+#define crypto_scalarmult_ed25519_SCALARBYTES 32U
+SODIUM_EXPORT
+size_t crypto_scalarmult_ed25519_scalarbytes(void);
+
+/*
+ * NOTE: Do not use the result of this function directly for key exchange.
+ *
+ * Hash the result with the public keys in order to compute a shared
+ * secret key: H(q || client_pk || server_pk)
+ *
+ * Or unless this is not an option, use the crypto_kx() API instead.
+ */
+SODIUM_EXPORT
+int crypto_scalarmult_ed25519(unsigned char *q, const unsigned char *n,
+                              const unsigned char *p)
+            __attribute__ ((warn_unused_result)) __attribute__ ((nonnull));
+
+SODIUM_EXPORT
+int crypto_scalarmult_ed25519_noclamp(unsigned char *q, const unsigned char *n,
+                                      const unsigned char *p)
+            __attribute__ ((warn_unused_result)) __attribute__ ((nonnull));
+
+SODIUM_EXPORT
+int crypto_scalarmult_ed25519_base(unsigned char *q, const unsigned char *n)
+            __attribute__ ((nonnull));
+
+SODIUM_EXPORT
+int crypto_scalarmult_ed25519_base_noclamp(unsigned char *q, const unsigned char *n)
+            __attribute__ ((nonnull));
+
+#ifdef __cplusplus
+}
+#endif
+
+#endif
diff --git a/client/3rd/ShadowSocks/ShadowSocks/libsodium/include/sodium/crypto_scalarmult_ristretto255.h b/client/3rd/ShadowSocks/ShadowSocks/libsodium/include/sodium/crypto_scalarmult_ristretto255.h
new file mode 100644
index 00000000..40a45cce
--- /dev/null
+++ b/client/3rd/ShadowSocks/ShadowSocks/libsodium/include/sodium/crypto_scalarmult_ristretto255.h
@@ -0,0 +1,43 @@
+
+#ifndef crypto_scalarmult_ristretto255_H
+#define crypto_scalarmult_ristretto255_H
+
+#include <stddef.h>
+
+#include "export.h"
+
+#ifdef __cplusplus
+extern "C" {
+#endif
+
+#define crypto_scalarmult_ristretto255_BYTES 32U
+SODIUM_EXPORT
+size_t crypto_scalarmult_ristretto255_bytes(void);
+
+#define crypto_scalarmult_ristretto255_SCALARBYTES 32U
+SODIUM_EXPORT
+size_t crypto_scalarmult_ristretto255_scalarbytes(void);
+
+/*
+ * NOTE: Do not use the result of this function directly for key exchange.
+ *
+ * Hash the result with the public keys in order to compute a shared
+ * secret key: H(q || client_pk || server_pk)
+ *
+ * Or unless this is not an option, use the crypto_kx() API instead.
+ */
+SODIUM_EXPORT
+int crypto_scalarmult_ristretto255(unsigned char *q, const unsigned char *n,
+                                   const unsigned char *p)
+            __attribute__ ((warn_unused_result)) __attribute__ ((nonnull));
+
+SODIUM_EXPORT
+int crypto_scalarmult_ristretto255_base(unsigned char *q,
+                                        const unsigned char *n)
+            __attribute__ ((nonnull));
+
+#ifdef __cplusplus
+}
+#endif
+
+#endif
diff --git a/client/3rd/ShadowSocks/ShadowSocks/libsodium/include/sodium/crypto_secretbox.h b/client/3rd/ShadowSocks/ShadowSocks/libsodium/include/sodium/crypto_secretbox.h
new file mode 100644
index 00000000..68024b45
--- /dev/null
+++ b/client/3rd/ShadowSocks/ShadowSocks/libsodium/include/sodium/crypto_secretbox.h
@@ -0,0 +1,94 @@
+#ifndef crypto_secretbox_H
+#define crypto_secretbox_H
+
+#include <stddef.h>
+
+#include "crypto_secretbox_xsalsa20poly1305.h"
+#include "export.h"
+
+#ifdef __cplusplus
+# ifdef __GNUC__
+#  pragma GCC diagnostic ignored "-Wlong-long"
+# endif
+extern "C" {
+#endif
+
+#define crypto_secretbox_KEYBYTES crypto_secretbox_xsalsa20poly1305_KEYBYTES
+SODIUM_EXPORT
+size_t  crypto_secretbox_keybytes(void);
+
+#define crypto_secretbox_NONCEBYTES crypto_secretbox_xsalsa20poly1305_NONCEBYTES
+SODIUM_EXPORT
+size_t  crypto_secretbox_noncebytes(void);
+
+#define crypto_secretbox_MACBYTES crypto_secretbox_xsalsa20poly1305_MACBYTES
+SODIUM_EXPORT
+size_t  crypto_secretbox_macbytes(void);
+
+#define crypto_secretbox_PRIMITIVE "xsalsa20poly1305"
+SODIUM_EXPORT
+const char *crypto_secretbox_primitive(void);
+
+#define crypto_secretbox_MESSAGEBYTES_MAX crypto_secretbox_xsalsa20poly1305_MESSAGEBYTES_MAX
+SODIUM_EXPORT
+size_t crypto_secretbox_messagebytes_max(void);
+
+SODIUM_EXPORT
+int crypto_secretbox_easy(unsigned char *c, const unsigned char *m,
+                          unsigned long long mlen, const unsigned char *n,
+                          const unsigned char *k) __attribute__ ((nonnull(1, 4, 5)));
+
+SODIUM_EXPORT
+int crypto_secretbox_open_easy(unsigned char *m, const unsigned char *c,
+                               unsigned long long clen, const unsigned char *n,
+                               const unsigned char *k)
+            __attribute__ ((warn_unused_result)) __attribute__ ((nonnull(2, 4, 5)));
+
+SODIUM_EXPORT
+int crypto_secretbox_detached(unsigned char *c, unsigned char *mac,
+                              const unsigned char *m,
+                              unsigned long long mlen,
+                              const unsigned char *n,
+                              const unsigned char *k)
+            __attribute__ ((nonnull(1, 2, 5, 6)));
+
+SODIUM_EXPORT
+int crypto_secretbox_open_detached(unsigned char *m,
+                                   const unsigned char *c,
+                                   const unsigned char *mac,
+                                   unsigned long long clen,
+                                   const unsigned char *n,
+                                   const unsigned char *k)
+            __attribute__ ((warn_unused_result)) __attribute__ ((nonnull(2, 3, 5, 6)));
+
+SODIUM_EXPORT
+void crypto_secretbox_keygen(unsigned char k[crypto_secretbox_KEYBYTES])
+            __attribute__ ((nonnull));
+
+/* -- NaCl compatibility interface ; Requires padding -- */
+
+#define crypto_secretbox_ZEROBYTES crypto_secretbox_xsalsa20poly1305_ZEROBYTES
+SODIUM_EXPORT
+size_t  crypto_secretbox_zerobytes(void) __attribute__ ((deprecated));
+
+#define crypto_secretbox_BOXZEROBYTES crypto_secretbox_xsalsa20poly1305_BOXZEROBYTES
+SODIUM_EXPORT
+size_t  crypto_secretbox_boxzerobytes(void) __attribute__ ((deprecated));
+
+SODIUM_EXPORT
+int crypto_secretbox(unsigned char *c, const unsigned char *m,
+                     unsigned long long mlen, const unsigned char *n,
+                     const unsigned char *k)
+            __attribute__ ((deprecated)) __attribute__ ((nonnull(1, 4, 5)));
+
+SODIUM_EXPORT
+int crypto_secretbox_open(unsigned char *m, const unsigned char *c,
+                          unsigned long long clen, const unsigned char *n,
+                          const unsigned char *k)
+            __attribute__ ((deprecated)) __attribute__ ((warn_unused_result)) __attribute__ ((nonnull(2, 4, 5)));
+
+#ifdef __cplusplus
+}
+#endif
+
+#endif
diff --git a/client/3rd/ShadowSocks/ShadowSocks/libsodium/include/sodium/crypto_secretbox_xchacha20poly1305.h b/client/3rd/ShadowSocks/ShadowSocks/libsodium/include/sodium/crypto_secretbox_xchacha20poly1305.h
new file mode 100644
index 00000000..6ec674e3
--- /dev/null
+++ b/client/3rd/ShadowSocks/ShadowSocks/libsodium/include/sodium/crypto_secretbox_xchacha20poly1305.h
@@ -0,0 +1,70 @@
+#ifndef crypto_secretbox_xchacha20poly1305_H
+#define crypto_secretbox_xchacha20poly1305_H
+
+#include <stddef.h>
+#include "crypto_stream_xchacha20.h"
+#include "export.h"
+
+#ifdef __cplusplus
+# ifdef __GNUC__
+#  pragma GCC diagnostic ignored "-Wlong-long"
+# endif
+extern "C" {
+#endif
+
+#define crypto_secretbox_xchacha20poly1305_KEYBYTES 32U
+SODIUM_EXPORT
+size_t crypto_secretbox_xchacha20poly1305_keybytes(void);
+
+#define crypto_secretbox_xchacha20poly1305_NONCEBYTES 24U
+SODIUM_EXPORT
+size_t crypto_secretbox_xchacha20poly1305_noncebytes(void);
+
+#define crypto_secretbox_xchacha20poly1305_MACBYTES 16U
+SODIUM_EXPORT
+size_t crypto_secretbox_xchacha20poly1305_macbytes(void);
+
+#define crypto_secretbox_xchacha20poly1305_MESSAGEBYTES_MAX \
+    (crypto_stream_xchacha20_MESSAGEBYTES_MAX - crypto_secretbox_xchacha20poly1305_MACBYTES)
+SODIUM_EXPORT
+size_t crypto_secretbox_xchacha20poly1305_messagebytes_max(void);
+
+SODIUM_EXPORT
+int crypto_secretbox_xchacha20poly1305_easy(unsigned char *c,
+                                            const unsigned char *m,
+                                            unsigned long long mlen,
+                                            const unsigned char *n,
+                                            const unsigned char *k)
+            __attribute__ ((nonnull(1, 4, 5)));
+
+SODIUM_EXPORT
+int crypto_secretbox_xchacha20poly1305_open_easy(unsigned char *m,
+                                                 const unsigned char *c,
+                                                 unsigned long long clen,
+                                                 const unsigned char *n,
+                                                 const unsigned char *k)
+            __attribute__ ((warn_unused_result)) __attribute__ ((nonnull(2, 4, 5)));
+
+SODIUM_EXPORT
+int crypto_secretbox_xchacha20poly1305_detached(unsigned char *c,
+                                                unsigned char *mac,
+                                                const unsigned char *m,
+                                                unsigned long long mlen,
+                                                const unsigned char *n,
+                                                const unsigned char *k)
+            __attribute__ ((nonnull(1, 2, 5, 6)));
+
+SODIUM_EXPORT
+int crypto_secretbox_xchacha20poly1305_open_detached(unsigned char *m,
+                                                     const unsigned char *c,
+                                                     const unsigned char *mac,
+                                                     unsigned long long clen,
+                                                     const unsigned char *n,
+                                                     const unsigned char *k)
+            __attribute__ ((warn_unused_result)) __attribute__ ((nonnull(2, 3, 5, 6)));
+
+#ifdef __cplusplus
+}
+#endif
+
+#endif
diff --git a/client/3rd/ShadowSocks/ShadowSocks/libsodium/include/sodium/crypto_secretbox_xsalsa20poly1305.h b/client/3rd/ShadowSocks/ShadowSocks/libsodium/include/sodium/crypto_secretbox_xsalsa20poly1305.h
new file mode 100644
index 00000000..81bff3d6
--- /dev/null
+++ b/client/3rd/ShadowSocks/ShadowSocks/libsodium/include/sodium/crypto_secretbox_xsalsa20poly1305.h
@@ -0,0 +1,71 @@
+#ifndef crypto_secretbox_xsalsa20poly1305_H
+#define crypto_secretbox_xsalsa20poly1305_H
+
+#include <stddef.h>
+#include "crypto_stream_xsalsa20.h"
+#include "export.h"
+
+#ifdef __cplusplus
+# ifdef __GNUC__
+#  pragma GCC diagnostic ignored "-Wlong-long"
+# endif
+extern "C" {
+#endif
+
+#define crypto_secretbox_xsalsa20poly1305_KEYBYTES 32U
+SODIUM_EXPORT
+size_t crypto_secretbox_xsalsa20poly1305_keybytes(void);
+
+#define crypto_secretbox_xsalsa20poly1305_NONCEBYTES 24U
+SODIUM_EXPORT
+size_t crypto_secretbox_xsalsa20poly1305_noncebytes(void);
+
+#define crypto_secretbox_xsalsa20poly1305_MACBYTES 16U
+SODIUM_EXPORT
+size_t crypto_secretbox_xsalsa20poly1305_macbytes(void);
+
+/* Only for the libsodium API - The NaCl compatibility API would require BOXZEROBYTES extra bytes */
+#define crypto_secretbox_xsalsa20poly1305_MESSAGEBYTES_MAX \
+    (crypto_stream_xsalsa20_MESSAGEBYTES_MAX - crypto_secretbox_xsalsa20poly1305_MACBYTES)
+SODIUM_EXPORT
+size_t crypto_secretbox_xsalsa20poly1305_messagebytes_max(void);
+
+SODIUM_EXPORT
+void crypto_secretbox_xsalsa20poly1305_keygen(unsigned char k[crypto_secretbox_xsalsa20poly1305_KEYBYTES])
+            __attribute__ ((nonnull));
+
+/* -- NaCl compatibility interface ; Requires padding -- */
+
+#define crypto_secretbox_xsalsa20poly1305_BOXZEROBYTES 16U
+SODIUM_EXPORT
+size_t crypto_secretbox_xsalsa20poly1305_boxzerobytes(void)
+            __attribute__ ((deprecated));
+
+#define crypto_secretbox_xsalsa20poly1305_ZEROBYTES \
+    (crypto_secretbox_xsalsa20poly1305_BOXZEROBYTES + \
+     crypto_secretbox_xsalsa20poly1305_MACBYTES)
+SODIUM_EXPORT
+size_t crypto_secretbox_xsalsa20poly1305_zerobytes(void)
+            __attribute__ ((deprecated));
+
+SODIUM_EXPORT
+int crypto_secretbox_xsalsa20poly1305(unsigned char *c,
+                                      const unsigned char *m,
+                                      unsigned long long mlen,
+                                      const unsigned char *n,
+                                      const unsigned char *k)
+            __attribute__ ((deprecated)) __attribute__ ((nonnull(1, 4, 5)));
+
+SODIUM_EXPORT
+int crypto_secretbox_xsalsa20poly1305_open(unsigned char *m,
+                                           const unsigned char *c,
+                                           unsigned long long clen,
+                                           const unsigned char *n,
+                                           const unsigned char *k)
+            __attribute__ ((deprecated)) __attribute__ ((warn_unused_result)) __attribute__ ((nonnull(2, 4, 5)));
+
+#ifdef __cplusplus
+}
+#endif
+
+#endif
diff --git a/client/3rd/ShadowSocks/ShadowSocks/libsodium/include/sodium/crypto_secretstream_xchacha20poly1305.h b/client/3rd/ShadowSocks/ShadowSocks/libsodium/include/sodium/crypto_secretstream_xchacha20poly1305.h
new file mode 100644
index 00000000..b22e4e93
--- /dev/null
+++ b/client/3rd/ShadowSocks/ShadowSocks/libsodium/include/sodium/crypto_secretstream_xchacha20poly1305.h
@@ -0,0 +1,108 @@
+#ifndef crypto_secretstream_xchacha20poly1305_H
+#define crypto_secretstream_xchacha20poly1305_H
+
+#include <stddef.h>
+
+#include "crypto_aead_xchacha20poly1305.h"
+#include "crypto_stream_chacha20.h"
+#include "export.h"
+
+#ifdef __cplusplus
+# ifdef __GNUC__
+#  pragma GCC diagnostic ignored "-Wlong-long"
+# endif
+extern "C" {
+#endif
+
+#define crypto_secretstream_xchacha20poly1305_ABYTES \
+    (1U + crypto_aead_xchacha20poly1305_ietf_ABYTES)
+SODIUM_EXPORT
+size_t crypto_secretstream_xchacha20poly1305_abytes(void);
+
+#define crypto_secretstream_xchacha20poly1305_HEADERBYTES \
+    crypto_aead_xchacha20poly1305_ietf_NPUBBYTES
+SODIUM_EXPORT
+size_t crypto_secretstream_xchacha20poly1305_headerbytes(void);
+
+#define crypto_secretstream_xchacha20poly1305_KEYBYTES \
+    crypto_aead_xchacha20poly1305_ietf_KEYBYTES
+SODIUM_EXPORT
+size_t crypto_secretstream_xchacha20poly1305_keybytes(void);
+
+#define crypto_secretstream_xchacha20poly1305_MESSAGEBYTES_MAX \
+    SODIUM_MIN(SODIUM_SIZE_MAX - crypto_secretstream_xchacha20poly1305_ABYTES, \
+              (64ULL * ((1ULL << 32) - 2ULL)))
+SODIUM_EXPORT
+size_t crypto_secretstream_xchacha20poly1305_messagebytes_max(void);
+
+#define crypto_secretstream_xchacha20poly1305_TAG_MESSAGE 0x00
+SODIUM_EXPORT
+unsigned char crypto_secretstream_xchacha20poly1305_tag_message(void);
+
+#define crypto_secretstream_xchacha20poly1305_TAG_PUSH    0x01
+SODIUM_EXPORT
+unsigned char crypto_secretstream_xchacha20poly1305_tag_push(void);
+
+#define crypto_secretstream_xchacha20poly1305_TAG_REKEY   0x02
+SODIUM_EXPORT
+unsigned char crypto_secretstream_xchacha20poly1305_tag_rekey(void);
+
+#define crypto_secretstream_xchacha20poly1305_TAG_FINAL \
+    (crypto_secretstream_xchacha20poly1305_TAG_PUSH | \
+     crypto_secretstream_xchacha20poly1305_TAG_REKEY)
+SODIUM_EXPORT
+unsigned char crypto_secretstream_xchacha20poly1305_tag_final(void);
+
+typedef struct crypto_secretstream_xchacha20poly1305_state {
+    unsigned char k[crypto_stream_chacha20_ietf_KEYBYTES];
+    unsigned char nonce[crypto_stream_chacha20_ietf_NONCEBYTES];
+    unsigned char _pad[8];
+} crypto_secretstream_xchacha20poly1305_state;
+
+SODIUM_EXPORT
+size_t crypto_secretstream_xchacha20poly1305_statebytes(void);
+
+SODIUM_EXPORT
+void crypto_secretstream_xchacha20poly1305_keygen
+   (unsigned char k[crypto_secretstream_xchacha20poly1305_KEYBYTES])
+            __attribute__ ((nonnull));
+
+SODIUM_EXPORT
+int crypto_secretstream_xchacha20poly1305_init_push
+   (crypto_secretstream_xchacha20poly1305_state *state,
+    unsigned char header[crypto_secretstream_xchacha20poly1305_HEADERBYTES],
+    const unsigned char k[crypto_secretstream_xchacha20poly1305_KEYBYTES])
+            __attribute__ ((nonnull));
+
+SODIUM_EXPORT
+int crypto_secretstream_xchacha20poly1305_push
+   (crypto_secretstream_xchacha20poly1305_state *state,
+    unsigned char *c, unsigned long long *clen_p,
+    const unsigned char *m, unsigned long long mlen,
+    const unsigned char *ad, unsigned long long adlen, unsigned char tag)
+            __attribute__ ((nonnull(1)));
+
+SODIUM_EXPORT
+int crypto_secretstream_xchacha20poly1305_init_pull
+   (crypto_secretstream_xchacha20poly1305_state *state,
+    const unsigned char header[crypto_secretstream_xchacha20poly1305_HEADERBYTES],
+    const unsigned char k[crypto_secretstream_xchacha20poly1305_KEYBYTES])
+            __attribute__ ((nonnull));
+
+SODIUM_EXPORT
+int crypto_secretstream_xchacha20poly1305_pull
+   (crypto_secretstream_xchacha20poly1305_state *state,
+    unsigned char *m, unsigned long long *mlen_p, unsigned char *tag_p,
+    const unsigned char *c, unsigned long long clen,
+    const unsigned char *ad, unsigned long long adlen)
+            __attribute__ ((nonnull(1)));
+
+SODIUM_EXPORT
+void crypto_secretstream_xchacha20poly1305_rekey
+    (crypto_secretstream_xchacha20poly1305_state *state);
+
+#ifdef __cplusplus
+}
+#endif
+
+#endif
diff --git a/client/3rd/ShadowSocks/ShadowSocks/libsodium/include/sodium/crypto_shorthash.h b/client/3rd/ShadowSocks/ShadowSocks/libsodium/include/sodium/crypto_shorthash.h
new file mode 100644
index 00000000..fecaa88b
--- /dev/null
+++ b/client/3rd/ShadowSocks/ShadowSocks/libsodium/include/sodium/crypto_shorthash.h
@@ -0,0 +1,41 @@
+#ifndef crypto_shorthash_H
+#define crypto_shorthash_H
+
+#include <stddef.h>
+
+#include "crypto_shorthash_siphash24.h"
+#include "export.h"
+
+#ifdef __cplusplus
+# ifdef __GNUC__
+#  pragma GCC diagnostic ignored "-Wlong-long"
+# endif
+extern "C" {
+#endif
+
+#define crypto_shorthash_BYTES crypto_shorthash_siphash24_BYTES
+SODIUM_EXPORT
+size_t  crypto_shorthash_bytes(void);
+
+#define crypto_shorthash_KEYBYTES crypto_shorthash_siphash24_KEYBYTES
+SODIUM_EXPORT
+size_t  crypto_shorthash_keybytes(void);
+
+#define crypto_shorthash_PRIMITIVE "siphash24"
+SODIUM_EXPORT
+const char *crypto_shorthash_primitive(void);
+
+SODIUM_EXPORT
+int crypto_shorthash(unsigned char *out, const unsigned char *in,
+                     unsigned long long inlen, const unsigned char *k)
+            __attribute__ ((nonnull(1, 4)));
+
+SODIUM_EXPORT
+void crypto_shorthash_keygen(unsigned char k[crypto_shorthash_KEYBYTES])
+            __attribute__ ((nonnull));
+
+#ifdef __cplusplus
+}
+#endif
+
+#endif
diff --git a/client/3rd/ShadowSocks/ShadowSocks/libsodium/include/sodium/crypto_shorthash_siphash24.h b/client/3rd/ShadowSocks/ShadowSocks/libsodium/include/sodium/crypto_shorthash_siphash24.h
new file mode 100644
index 00000000..1e6f72a6
--- /dev/null
+++ b/client/3rd/ShadowSocks/ShadowSocks/libsodium/include/sodium/crypto_shorthash_siphash24.h
@@ -0,0 +1,50 @@
+#ifndef crypto_shorthash_siphash24_H
+#define crypto_shorthash_siphash24_H
+
+#include <stddef.h>
+#include "export.h"
+
+#ifdef __cplusplus
+# ifdef __GNUC__
+#  pragma GCC diagnostic ignored "-Wlong-long"
+# endif
+extern "C" {
+#endif
+
+/* -- 64-bit output -- */
+
+#define crypto_shorthash_siphash24_BYTES 8U
+SODIUM_EXPORT
+size_t crypto_shorthash_siphash24_bytes(void);
+
+#define crypto_shorthash_siphash24_KEYBYTES 16U
+SODIUM_EXPORT
+size_t crypto_shorthash_siphash24_keybytes(void);
+
+SODIUM_EXPORT
+int crypto_shorthash_siphash24(unsigned char *out, const unsigned char *in,
+                               unsigned long long inlen, const unsigned char *k)
+            __attribute__ ((nonnull(1, 4)));
+
+#ifndef SODIUM_LIBRARY_MINIMAL
+/* -- 128-bit output -- */
+
+#define crypto_shorthash_siphashx24_BYTES 16U
+SODIUM_EXPORT
+size_t crypto_shorthash_siphashx24_bytes(void);
+
+#define crypto_shorthash_siphashx24_KEYBYTES 16U
+SODIUM_EXPORT
+size_t crypto_shorthash_siphashx24_keybytes(void);
+
+SODIUM_EXPORT
+int crypto_shorthash_siphashx24(unsigned char *out, const unsigned char *in,
+                                unsigned long long inlen, const unsigned char *k)
+            __attribute__ ((nonnull(1, 4)));
+#endif
+
+#ifdef __cplusplus
+}
+#endif
+
+#endif
diff --git a/client/3rd/ShadowSocks/ShadowSocks/libsodium/include/sodium/crypto_sign.h b/client/3rd/ShadowSocks/ShadowSocks/libsodium/include/sodium/crypto_sign.h
new file mode 100644
index 00000000..f5fafb12
--- /dev/null
+++ b/client/3rd/ShadowSocks/ShadowSocks/libsodium/include/sodium/crypto_sign.h
@@ -0,0 +1,107 @@
+#ifndef crypto_sign_H
+#define crypto_sign_H
+
+/*
+ * THREAD SAFETY: crypto_sign_keypair() is thread-safe,
+ * provided that sodium_init() was called before.
+ *
+ * Other functions, including crypto_sign_seed_keypair() are always thread-safe.
+ */
+
+#include <stddef.h>
+
+#include "crypto_sign_ed25519.h"
+#include "export.h"
+
+#ifdef __cplusplus
+# ifdef __GNUC__
+#  pragma GCC diagnostic ignored "-Wlong-long"
+# endif
+extern "C" {
+#endif
+
+typedef crypto_sign_ed25519ph_state crypto_sign_state;
+
+SODIUM_EXPORT
+size_t  crypto_sign_statebytes(void);
+
+#define crypto_sign_BYTES crypto_sign_ed25519_BYTES
+SODIUM_EXPORT
+size_t  crypto_sign_bytes(void);
+
+#define crypto_sign_SEEDBYTES crypto_sign_ed25519_SEEDBYTES
+SODIUM_EXPORT
+size_t  crypto_sign_seedbytes(void);
+
+#define crypto_sign_PUBLICKEYBYTES crypto_sign_ed25519_PUBLICKEYBYTES
+SODIUM_EXPORT
+size_t  crypto_sign_publickeybytes(void);
+
+#define crypto_sign_SECRETKEYBYTES crypto_sign_ed25519_SECRETKEYBYTES
+SODIUM_EXPORT
+size_t  crypto_sign_secretkeybytes(void);
+
+#define crypto_sign_MESSAGEBYTES_MAX crypto_sign_ed25519_MESSAGEBYTES_MAX
+SODIUM_EXPORT
+size_t  crypto_sign_messagebytes_max(void);
+
+#define crypto_sign_PRIMITIVE "ed25519"
+SODIUM_EXPORT
+const char *crypto_sign_primitive(void);
+
+SODIUM_EXPORT
+int crypto_sign_seed_keypair(unsigned char *pk, unsigned char *sk,
+                             const unsigned char *seed)
+            __attribute__ ((nonnull));
+
+SODIUM_EXPORT
+int crypto_sign_keypair(unsigned char *pk, unsigned char *sk)
+            __attribute__ ((nonnull));
+
+SODIUM_EXPORT
+int crypto_sign(unsigned char *sm, unsigned long long *smlen_p,
+                const unsigned char *m, unsigned long long mlen,
+                const unsigned char *sk) __attribute__ ((nonnull(1, 5)));
+
+SODIUM_EXPORT
+int crypto_sign_open(unsigned char *m, unsigned long long *mlen_p,
+                     const unsigned char *sm, unsigned long long smlen,
+                     const unsigned char *pk)
+            __attribute__ ((warn_unused_result)) __attribute__ ((nonnull(3, 5)));
+
+SODIUM_EXPORT
+int crypto_sign_detached(unsigned char *sig, unsigned long long *siglen_p,
+                         const unsigned char *m, unsigned long long mlen,
+                         const unsigned char *sk) __attribute__ ((nonnull(1, 5)));
+
+SODIUM_EXPORT
+int crypto_sign_verify_detached(const unsigned char *sig,
+                                const unsigned char *m,
+                                unsigned long long mlen,
+                                const unsigned char *pk)
+            __attribute__ ((warn_unused_result)) __attribute__ ((nonnull(1, 4)));
+
+SODIUM_EXPORT
+int crypto_sign_init(crypto_sign_state *state);
+
+SODIUM_EXPORT
+int crypto_sign_update(crypto_sign_state *state,
+                       const unsigned char *m, unsigned long long mlen)
+            __attribute__ ((nonnull(1)));
+
+SODIUM_EXPORT
+int crypto_sign_final_create(crypto_sign_state *state, unsigned char *sig,
+                             unsigned long long *siglen_p,
+                             const unsigned char *sk)
+            __attribute__ ((nonnull(1, 2, 4)));
+
+SODIUM_EXPORT
+int crypto_sign_final_verify(crypto_sign_state *state, const unsigned char *sig,
+                             const unsigned char *pk)
+            __attribute__ ((warn_unused_result)) __attribute__ ((nonnull));
+
+#ifdef __cplusplus
+}
+#endif
+
+#endif
diff --git a/client/3rd/ShadowSocks/ShadowSocks/libsodium/include/sodium/crypto_sign_ed25519.h b/client/3rd/ShadowSocks/ShadowSocks/libsodium/include/sodium/crypto_sign_ed25519.h
new file mode 100644
index 00000000..0fdac42d
--- /dev/null
+++ b/client/3rd/ShadowSocks/ShadowSocks/libsodium/include/sodium/crypto_sign_ed25519.h
@@ -0,0 +1,124 @@
+#ifndef crypto_sign_ed25519_H
+#define crypto_sign_ed25519_H
+
+#include <stddef.h>
+#include "crypto_hash_sha512.h"
+#include "export.h"
+
+#ifdef __cplusplus
+# ifdef __GNUC__
+#  pragma GCC diagnostic ignored "-Wlong-long"
+# endif
+extern "C" {
+#endif
+
+typedef struct crypto_sign_ed25519ph_state {
+    crypto_hash_sha512_state hs;
+} crypto_sign_ed25519ph_state;
+
+SODIUM_EXPORT
+size_t crypto_sign_ed25519ph_statebytes(void);
+
+#define crypto_sign_ed25519_BYTES 64U
+SODIUM_EXPORT
+size_t crypto_sign_ed25519_bytes(void);
+
+#define crypto_sign_ed25519_SEEDBYTES 32U
+SODIUM_EXPORT
+size_t crypto_sign_ed25519_seedbytes(void);
+
+#define crypto_sign_ed25519_PUBLICKEYBYTES 32U
+SODIUM_EXPORT
+size_t crypto_sign_ed25519_publickeybytes(void);
+
+#define crypto_sign_ed25519_SECRETKEYBYTES (32U + 32U)
+SODIUM_EXPORT
+size_t crypto_sign_ed25519_secretkeybytes(void);
+
+#define crypto_sign_ed25519_MESSAGEBYTES_MAX (SODIUM_SIZE_MAX - crypto_sign_ed25519_BYTES)
+SODIUM_EXPORT
+size_t crypto_sign_ed25519_messagebytes_max(void);
+
+SODIUM_EXPORT
+int crypto_sign_ed25519(unsigned char *sm, unsigned long long *smlen_p,
+                        const unsigned char *m, unsigned long long mlen,
+                        const unsigned char *sk)
+            __attribute__ ((nonnull(1, 5)));
+
+SODIUM_EXPORT
+int crypto_sign_ed25519_open(unsigned char *m, unsigned long long *mlen_p,
+                             const unsigned char *sm, unsigned long long smlen,
+                             const unsigned char *pk)
+            __attribute__ ((warn_unused_result)) __attribute__ ((nonnull(3, 5)));
+
+SODIUM_EXPORT
+int crypto_sign_ed25519_detached(unsigned char *sig,
+                                 unsigned long long *siglen_p,
+                                 const unsigned char *m,
+                                 unsigned long long mlen,
+                                 const unsigned char *sk)
+            __attribute__ ((nonnull(1, 5)));
+
+SODIUM_EXPORT
+int crypto_sign_ed25519_verify_detached(const unsigned char *sig,
+                                        const unsigned char *m,
+                                        unsigned long long mlen,
+                                        const unsigned char *pk)
+            __attribute__ ((warn_unused_result)) __attribute__ ((nonnull(1, 4)));
+
+SODIUM_EXPORT
+int crypto_sign_ed25519_keypair(unsigned char *pk, unsigned char *sk)
+            __attribute__ ((nonnull));
+
+SODIUM_EXPORT
+int crypto_sign_ed25519_seed_keypair(unsigned char *pk, unsigned char *sk,
+                                     const unsigned char *seed)
+            __attribute__ ((nonnull));
+
+SODIUM_EXPORT
+int crypto_sign_ed25519_pk_to_curve25519(unsigned char *curve25519_pk,
+                                         const unsigned char *ed25519_pk)
+            __attribute__ ((warn_unused_result)) __attribute__ ((nonnull));
+
+SODIUM_EXPORT
+int crypto_sign_ed25519_sk_to_curve25519(unsigned char *curve25519_sk,
+                                         const unsigned char *ed25519_sk)
+            __attribute__ ((nonnull));
+
+SODIUM_EXPORT
+int crypto_sign_ed25519_sk_to_seed(unsigned char *seed,
+                                   const unsigned char *sk)
+            __attribute__ ((nonnull));
+
+SODIUM_EXPORT
+int crypto_sign_ed25519_sk_to_pk(unsigned char *pk, const unsigned char *sk)
+            __attribute__ ((nonnull));
+
+SODIUM_EXPORT
+int crypto_sign_ed25519ph_init(crypto_sign_ed25519ph_state *state)
+            __attribute__ ((nonnull));
+
+SODIUM_EXPORT
+int crypto_sign_ed25519ph_update(crypto_sign_ed25519ph_state *state,
+                                 const unsigned char *m,
+                                 unsigned long long mlen)
+            __attribute__ ((nonnull(1)));
+
+SODIUM_EXPORT
+int crypto_sign_ed25519ph_final_create(crypto_sign_ed25519ph_state *state,
+                                       unsigned char *sig,
+                                       unsigned long long *siglen_p,
+                                       const unsigned char *sk)
+            __attribute__ ((nonnull(1, 2, 4)));
+
+SODIUM_EXPORT
+int crypto_sign_ed25519ph_final_verify(crypto_sign_ed25519ph_state *state,
+                                       const unsigned char *sig,
+                                       const unsigned char *pk)
+            __attribute__ ((warn_unused_result)) __attribute__ ((nonnull));
+
+#ifdef __cplusplus
+}
+#endif
+
+#endif
diff --git a/client/3rd/ShadowSocks/ShadowSocks/libsodium/include/sodium/crypto_stream.h b/client/3rd/ShadowSocks/ShadowSocks/libsodium/include/sodium/crypto_stream.h
new file mode 100644
index 00000000..88dab5f6
--- /dev/null
+++ b/client/3rd/ShadowSocks/ShadowSocks/libsodium/include/sodium/crypto_stream.h
@@ -0,0 +1,59 @@
+#ifndef crypto_stream_H
+#define crypto_stream_H
+
+/*
+ *  WARNING: This is just a stream cipher. It is NOT authenticated encryption.
+ *  While it provides some protection against eavesdropping, it does NOT
+ *  provide any security against active attacks.
+ *  Unless you know what you're doing, what you are looking for is probably
+ *  the crypto_box functions.
+ */
+
+#include <stddef.h>
+
+#include "crypto_stream_xsalsa20.h"
+#include "export.h"
+
+#ifdef __cplusplus
+# ifdef __GNUC__
+#  pragma GCC diagnostic ignored "-Wlong-long"
+# endif
+extern "C" {
+#endif
+
+#define crypto_stream_KEYBYTES crypto_stream_xsalsa20_KEYBYTES
+SODIUM_EXPORT
+size_t  crypto_stream_keybytes(void);
+
+#define crypto_stream_NONCEBYTES crypto_stream_xsalsa20_NONCEBYTES
+SODIUM_EXPORT
+size_t  crypto_stream_noncebytes(void);
+
+#define crypto_stream_MESSAGEBYTES_MAX crypto_stream_xsalsa20_MESSAGEBYTES_MAX
+SODIUM_EXPORT
+size_t  crypto_stream_messagebytes_max(void);
+
+#define crypto_stream_PRIMITIVE "xsalsa20"
+SODIUM_EXPORT
+const char *crypto_stream_primitive(void);
+
+SODIUM_EXPORT
+int crypto_stream(unsigned char *c, unsigned long long clen,
+                  const unsigned char *n, const unsigned char *k)
+            __attribute__ ((nonnull));
+
+SODIUM_EXPORT
+int crypto_stream_xor(unsigned char *c, const unsigned char *m,
+                      unsigned long long mlen, const unsigned char *n,
+                      const unsigned char *k)
+            __attribute__ ((nonnull));
+
+SODIUM_EXPORT
+void crypto_stream_keygen(unsigned char k[crypto_stream_KEYBYTES])
+            __attribute__ ((nonnull));
+
+#ifdef __cplusplus
+}
+#endif
+
+#endif
diff --git a/client/3rd/ShadowSocks/ShadowSocks/libsodium/include/sodium/crypto_stream_chacha20.h b/client/3rd/ShadowSocks/ShadowSocks/libsodium/include/sodium/crypto_stream_chacha20.h
new file mode 100644
index 00000000..40889755
--- /dev/null
+++ b/client/3rd/ShadowSocks/ShadowSocks/libsodium/include/sodium/crypto_stream_chacha20.h
@@ -0,0 +1,106 @@
+#ifndef crypto_stream_chacha20_H
+#define crypto_stream_chacha20_H
+
+/*
+ *  WARNING: This is just a stream cipher. It is NOT authenticated encryption.
+ *  While it provides some protection against eavesdropping, it does NOT
+ *  provide any security against active attacks.
+ *  Unless you know what you're doing, what you are looking for is probably
+ *  the crypto_box functions.
+ */
+
+#include <stddef.h>
+#include <stdint.h>
+#include "export.h"
+
+#ifdef __cplusplus
+# ifdef __GNUC__
+#  pragma GCC diagnostic ignored "-Wlong-long"
+# endif
+extern "C" {
+#endif
+
+#define crypto_stream_chacha20_KEYBYTES 32U
+SODIUM_EXPORT
+size_t crypto_stream_chacha20_keybytes(void);
+
+#define crypto_stream_chacha20_NONCEBYTES 8U
+SODIUM_EXPORT
+size_t crypto_stream_chacha20_noncebytes(void);
+
+#define crypto_stream_chacha20_MESSAGEBYTES_MAX SODIUM_SIZE_MAX
+SODIUM_EXPORT
+size_t crypto_stream_chacha20_messagebytes_max(void);
+
+/* ChaCha20 with a 64-bit nonce and a 64-bit counter, as originally designed */
+
+SODIUM_EXPORT
+int crypto_stream_chacha20(unsigned char *c, unsigned long long clen,
+                           const unsigned char *n, const unsigned char *k)
+            __attribute__ ((nonnull));
+
+SODIUM_EXPORT
+int crypto_stream_chacha20_xor(unsigned char *c, const unsigned char *m,
+                               unsigned long long mlen, const unsigned char *n,
+                               const unsigned char *k)
+            __attribute__ ((nonnull));
+
+SODIUM_EXPORT
+int crypto_stream_chacha20_xor_ic(unsigned char *c, const unsigned char *m,
+                                  unsigned long long mlen,
+                                  const unsigned char *n, uint64_t ic,
+                                  const unsigned char *k)
+            __attribute__ ((nonnull));
+
+SODIUM_EXPORT
+void crypto_stream_chacha20_keygen(unsigned char k[crypto_stream_chacha20_KEYBYTES])
+            __attribute__ ((nonnull));
+
+/* ChaCha20 with a 96-bit nonce and a 32-bit counter (IETF) */
+
+#define crypto_stream_chacha20_ietf_KEYBYTES 32U
+SODIUM_EXPORT
+size_t crypto_stream_chacha20_ietf_keybytes(void);
+
+#define crypto_stream_chacha20_ietf_NONCEBYTES 12U
+SODIUM_EXPORT
+size_t crypto_stream_chacha20_ietf_noncebytes(void);
+
+#define crypto_stream_chacha20_ietf_MESSAGEBYTES_MAX \
+    SODIUM_MIN(SODIUM_SIZE_MAX, 64ULL * (1ULL << 32))
+SODIUM_EXPORT
+size_t crypto_stream_chacha20_ietf_messagebytes_max(void);
+
+SODIUM_EXPORT
+int crypto_stream_chacha20_ietf(unsigned char *c, unsigned long long clen,
+                                const unsigned char *n, const unsigned char *k)
+            __attribute__ ((nonnull));
+
+SODIUM_EXPORT
+int crypto_stream_chacha20_ietf_xor(unsigned char *c, const unsigned char *m,
+                                    unsigned long long mlen, const unsigned char *n,
+                                    const unsigned char *k)
+            __attribute__ ((nonnull));
+
+SODIUM_EXPORT
+int crypto_stream_chacha20_ietf_xor_ic(unsigned char *c, const unsigned char *m,
+                                       unsigned long long mlen,
+                                       const unsigned char *n, uint32_t ic,
+                                       const unsigned char *k)
+            __attribute__ ((nonnull));
+
+SODIUM_EXPORT
+void crypto_stream_chacha20_ietf_keygen(unsigned char k[crypto_stream_chacha20_ietf_KEYBYTES])
+            __attribute__ ((nonnull));
+
+/* Aliases */
+
+#define crypto_stream_chacha20_IETF_KEYBYTES crypto_stream_chacha20_ietf_KEYBYTES
+#define crypto_stream_chacha20_IETF_NONCEBYTES crypto_stream_chacha20_ietf_NONCEBYTES
+#define crypto_stream_chacha20_IETF_MESSAGEBYTES_MAX crypto_stream_chacha20_ietf_MESSAGEBYTES_MAX
+
+#ifdef __cplusplus
+}
+#endif
+
+#endif
diff --git a/client/3rd/ShadowSocks/ShadowSocks/libsodium/include/sodium/crypto_stream_salsa20.h b/client/3rd/ShadowSocks/ShadowSocks/libsodium/include/sodium/crypto_stream_salsa20.h
new file mode 100644
index 00000000..45b3b3e3
--- /dev/null
+++ b/client/3rd/ShadowSocks/ShadowSocks/libsodium/include/sodium/crypto_stream_salsa20.h
@@ -0,0 +1,61 @@
+#ifndef crypto_stream_salsa20_H
+#define crypto_stream_salsa20_H
+
+/*
+ *  WARNING: This is just a stream cipher. It is NOT authenticated encryption.
+ *  While it provides some protection against eavesdropping, it does NOT
+ *  provide any security against active attacks.
+ *  Unless you know what you're doing, what you are looking for is probably
+ *  the crypto_box functions.
+ */
+
+#include <stddef.h>
+#include <stdint.h>
+#include "export.h"
+
+#ifdef __cplusplus
+# ifdef __GNUC__
+#  pragma GCC diagnostic ignored "-Wlong-long"
+# endif
+extern "C" {
+#endif
+
+#define crypto_stream_salsa20_KEYBYTES 32U
+SODIUM_EXPORT
+size_t crypto_stream_salsa20_keybytes(void);
+
+#define crypto_stream_salsa20_NONCEBYTES 8U
+SODIUM_EXPORT
+size_t crypto_stream_salsa20_noncebytes(void);
+
+#define crypto_stream_salsa20_MESSAGEBYTES_MAX SODIUM_SIZE_MAX
+SODIUM_EXPORT
+size_t crypto_stream_salsa20_messagebytes_max(void);
+
+SODIUM_EXPORT
+int crypto_stream_salsa20(unsigned char *c, unsigned long long clen,
+                          const unsigned char *n, const unsigned char *k)
+            __attribute__ ((nonnull));
+
+SODIUM_EXPORT
+int crypto_stream_salsa20_xor(unsigned char *c, const unsigned char *m,
+                              unsigned long long mlen, const unsigned char *n,
+                              const unsigned char *k)
+            __attribute__ ((nonnull));
+
+SODIUM_EXPORT
+int crypto_stream_salsa20_xor_ic(unsigned char *c, const unsigned char *m,
+                                 unsigned long long mlen,
+                                 const unsigned char *n, uint64_t ic,
+                                 const unsigned char *k)
+            __attribute__ ((nonnull));
+
+SODIUM_EXPORT
+void crypto_stream_salsa20_keygen(unsigned char k[crypto_stream_salsa20_KEYBYTES])
+            __attribute__ ((nonnull));
+
+#ifdef __cplusplus
+}
+#endif
+
+#endif
diff --git a/client/3rd/ShadowSocks/ShadowSocks/libsodium/include/sodium/crypto_stream_salsa2012.h b/client/3rd/ShadowSocks/ShadowSocks/libsodium/include/sodium/crypto_stream_salsa2012.h
new file mode 100644
index 00000000..6c5d303c
--- /dev/null
+++ b/client/3rd/ShadowSocks/ShadowSocks/libsodium/include/sodium/crypto_stream_salsa2012.h
@@ -0,0 +1,53 @@
+#ifndef crypto_stream_salsa2012_H
+#define crypto_stream_salsa2012_H
+
+/*
+ *  WARNING: This is just a stream cipher. It is NOT authenticated encryption.
+ *  While it provides some protection against eavesdropping, it does NOT
+ *  provide any security against active attacks.
+ *  Unless you know what you're doing, what you are looking for is probably
+ *  the crypto_box functions.
+ */
+
+#include <stddef.h>
+#include "export.h"
+
+#ifdef __cplusplus
+# ifdef __GNUC__
+#  pragma GCC diagnostic ignored "-Wlong-long"
+# endif
+extern "C" {
+#endif
+
+#define crypto_stream_salsa2012_KEYBYTES 32U
+SODIUM_EXPORT
+size_t crypto_stream_salsa2012_keybytes(void);
+
+#define crypto_stream_salsa2012_NONCEBYTES 8U
+SODIUM_EXPORT
+size_t crypto_stream_salsa2012_noncebytes(void);
+
+#define crypto_stream_salsa2012_MESSAGEBYTES_MAX SODIUM_SIZE_MAX
+SODIUM_EXPORT
+size_t crypto_stream_salsa2012_messagebytes_max(void);
+
+SODIUM_EXPORT
+int crypto_stream_salsa2012(unsigned char *c, unsigned long long clen,
+                            const unsigned char *n, const unsigned char *k)
+            __attribute__ ((nonnull));
+
+SODIUM_EXPORT
+int crypto_stream_salsa2012_xor(unsigned char *c, const unsigned char *m,
+                                unsigned long long mlen, const unsigned char *n,
+                                const unsigned char *k)
+            __attribute__ ((nonnull));
+
+SODIUM_EXPORT
+void crypto_stream_salsa2012_keygen(unsigned char k[crypto_stream_salsa2012_KEYBYTES])
+            __attribute__ ((nonnull));
+
+#ifdef __cplusplus
+}
+#endif
+
+#endif
diff --git a/client/3rd/ShadowSocks/ShadowSocks/libsodium/include/sodium/crypto_stream_salsa208.h b/client/3rd/ShadowSocks/ShadowSocks/libsodium/include/sodium/crypto_stream_salsa208.h
new file mode 100644
index 00000000..d574f304
--- /dev/null
+++ b/client/3rd/ShadowSocks/ShadowSocks/libsodium/include/sodium/crypto_stream_salsa208.h
@@ -0,0 +1,56 @@
+#ifndef crypto_stream_salsa208_H
+#define crypto_stream_salsa208_H
+
+/*
+ *  WARNING: This is just a stream cipher. It is NOT authenticated encryption.
+ *  While it provides some protection against eavesdropping, it does NOT
+ *  provide any security against active attacks.
+ *  Unless you know what you're doing, what you are looking for is probably
+ *  the crypto_box functions.
+ */
+
+#include <stddef.h>
+#include "export.h"
+
+#ifdef __cplusplus
+# ifdef __GNUC__
+#  pragma GCC diagnostic ignored "-Wlong-long"
+# endif
+extern "C" {
+#endif
+
+#define crypto_stream_salsa208_KEYBYTES 32U
+SODIUM_EXPORT
+size_t crypto_stream_salsa208_keybytes(void)
+            __attribute__ ((deprecated));
+
+#define crypto_stream_salsa208_NONCEBYTES 8U
+SODIUM_EXPORT
+size_t crypto_stream_salsa208_noncebytes(void)
+            __attribute__ ((deprecated));
+
+#define crypto_stream_salsa208_MESSAGEBYTES_MAX SODIUM_SIZE_MAX
+    SODIUM_EXPORT
+size_t crypto_stream_salsa208_messagebytes_max(void)
+            __attribute__ ((deprecated));
+
+SODIUM_EXPORT
+int crypto_stream_salsa208(unsigned char *c, unsigned long long clen,
+                           const unsigned char *n, const unsigned char *k)
+            __attribute__ ((deprecated)) __attribute__ ((nonnull));
+
+SODIUM_EXPORT
+int crypto_stream_salsa208_xor(unsigned char *c, const unsigned char *m,
+                               unsigned long long mlen, const unsigned char *n,
+                               const unsigned char *k)
+            __attribute__ ((deprecated)) __attribute__ ((nonnull));
+
+SODIUM_EXPORT
+void crypto_stream_salsa208_keygen(unsigned char k[crypto_stream_salsa208_KEYBYTES])
+            __attribute__ ((deprecated)) __attribute__ ((nonnull));
+
+#ifdef __cplusplus
+}
+#endif
+
+#endif
diff --git a/client/3rd/ShadowSocks/ShadowSocks/libsodium/include/sodium/crypto_stream_xchacha20.h b/client/3rd/ShadowSocks/ShadowSocks/libsodium/include/sodium/crypto_stream_xchacha20.h
new file mode 100644
index 00000000..c4002db0
--- /dev/null
+++ b/client/3rd/ShadowSocks/ShadowSocks/libsodium/include/sodium/crypto_stream_xchacha20.h
@@ -0,0 +1,61 @@
+#ifndef crypto_stream_xchacha20_H
+#define crypto_stream_xchacha20_H
+
+/*
+ *  WARNING: This is just a stream cipher. It is NOT authenticated encryption.
+ *  While it provides some protection against eavesdropping, it does NOT
+ *  provide any security against active attacks.
+ *  Unless you know what you're doing, what you are looking for is probably
+ *  the crypto_box functions.
+ */
+
+#include <stddef.h>
+#include <stdint.h>
+#include "export.h"
+
+#ifdef __cplusplus
+# ifdef __GNUC__
+#  pragma GCC diagnostic ignored "-Wlong-long"
+# endif
+extern "C" {
+#endif
+
+#define crypto_stream_xchacha20_KEYBYTES 32U
+SODIUM_EXPORT
+size_t crypto_stream_xchacha20_keybytes(void);
+
+#define crypto_stream_xchacha20_NONCEBYTES 24U
+SODIUM_EXPORT
+size_t crypto_stream_xchacha20_noncebytes(void);
+
+#define crypto_stream_xchacha20_MESSAGEBYTES_MAX SODIUM_SIZE_MAX
+SODIUM_EXPORT
+size_t crypto_stream_xchacha20_messagebytes_max(void);
+
+SODIUM_EXPORT
+int crypto_stream_xchacha20(unsigned char *c, unsigned long long clen,
+                            const unsigned char *n, const unsigned char *k)
+            __attribute__ ((nonnull));
+
+SODIUM_EXPORT
+int crypto_stream_xchacha20_xor(unsigned char *c, const unsigned char *m,
+                                unsigned long long mlen, const unsigned char *n,
+                                const unsigned char *k)
+            __attribute__ ((nonnull));
+
+SODIUM_EXPORT
+int crypto_stream_xchacha20_xor_ic(unsigned char *c, const unsigned char *m,
+                                   unsigned long long mlen,
+                                   const unsigned char *n, uint64_t ic,
+                                   const unsigned char *k)
+            __attribute__ ((nonnull));
+
+SODIUM_EXPORT
+void crypto_stream_xchacha20_keygen(unsigned char k[crypto_stream_xchacha20_KEYBYTES])
+            __attribute__ ((nonnull));
+
+#ifdef __cplusplus
+}
+#endif
+
+#endif
diff --git a/client/3rd/ShadowSocks/ShadowSocks/libsodium/include/sodium/crypto_stream_xsalsa20.h b/client/3rd/ShadowSocks/ShadowSocks/libsodium/include/sodium/crypto_stream_xsalsa20.h
new file mode 100644
index 00000000..20034e34
--- /dev/null
+++ b/client/3rd/ShadowSocks/ShadowSocks/libsodium/include/sodium/crypto_stream_xsalsa20.h
@@ -0,0 +1,61 @@
+#ifndef crypto_stream_xsalsa20_H
+#define crypto_stream_xsalsa20_H
+
+/*
+ *  WARNING: This is just a stream cipher. It is NOT authenticated encryption.
+ *  While it provides some protection against eavesdropping, it does NOT
+ *  provide any security against active attacks.
+ *  Unless you know what you're doing, what you are looking for is probably
+ *  the crypto_box functions.
+ */
+
+#include <stddef.h>
+#include <stdint.h>
+#include "export.h"
+
+#ifdef __cplusplus
+# ifdef __GNUC__
+#  pragma GCC diagnostic ignored "-Wlong-long"
+# endif
+extern "C" {
+#endif
+
+#define crypto_stream_xsalsa20_KEYBYTES 32U
+SODIUM_EXPORT
+size_t crypto_stream_xsalsa20_keybytes(void);
+
+#define crypto_stream_xsalsa20_NONCEBYTES 24U
+SODIUM_EXPORT
+size_t crypto_stream_xsalsa20_noncebytes(void);
+
+#define crypto_stream_xsalsa20_MESSAGEBYTES_MAX SODIUM_SIZE_MAX
+SODIUM_EXPORT
+size_t crypto_stream_xsalsa20_messagebytes_max(void);
+
+SODIUM_EXPORT
+int crypto_stream_xsalsa20(unsigned char *c, unsigned long long clen,
+                           const unsigned char *n, const unsigned char *k)
+            __attribute__ ((nonnull));
+
+SODIUM_EXPORT
+int crypto_stream_xsalsa20_xor(unsigned char *c, const unsigned char *m,
+                               unsigned long long mlen, const unsigned char *n,
+                               const unsigned char *k)
+            __attribute__ ((nonnull));
+
+SODIUM_EXPORT
+int crypto_stream_xsalsa20_xor_ic(unsigned char *c, const unsigned char *m,
+                                  unsigned long long mlen,
+                                  const unsigned char *n, uint64_t ic,
+                                  const unsigned char *k)
+            __attribute__ ((nonnull));
+
+SODIUM_EXPORT
+void crypto_stream_xsalsa20_keygen(unsigned char k[crypto_stream_xsalsa20_KEYBYTES])
+            __attribute__ ((nonnull));
+
+#ifdef __cplusplus
+}
+#endif
+
+#endif
diff --git a/client/3rd/ShadowSocks/ShadowSocks/libsodium/include/sodium/crypto_verify_16.h b/client/3rd/ShadowSocks/ShadowSocks/libsodium/include/sodium/crypto_verify_16.h
new file mode 100644
index 00000000..7b9c8077
--- /dev/null
+++ b/client/3rd/ShadowSocks/ShadowSocks/libsodium/include/sodium/crypto_verify_16.h
@@ -0,0 +1,23 @@
+#ifndef crypto_verify_16_H
+#define crypto_verify_16_H
+
+#include <stddef.h>
+#include "export.h"
+
+#ifdef __cplusplus
+extern "C" {
+#endif
+
+#define crypto_verify_16_BYTES 16U
+SODIUM_EXPORT
+size_t crypto_verify_16_bytes(void);
+
+SODIUM_EXPORT
+int crypto_verify_16(const unsigned char *x, const unsigned char *y)
+            __attribute__ ((warn_unused_result)) __attribute__ ((nonnull));
+
+#ifdef __cplusplus
+}
+#endif
+
+#endif
diff --git a/client/3rd/ShadowSocks/ShadowSocks/libsodium/include/sodium/crypto_verify_32.h b/client/3rd/ShadowSocks/ShadowSocks/libsodium/include/sodium/crypto_verify_32.h
new file mode 100644
index 00000000..9b0f4529
--- /dev/null
+++ b/client/3rd/ShadowSocks/ShadowSocks/libsodium/include/sodium/crypto_verify_32.h
@@ -0,0 +1,23 @@
+#ifndef crypto_verify_32_H
+#define crypto_verify_32_H
+
+#include <stddef.h>
+#include "export.h"
+
+#ifdef __cplusplus
+extern "C" {
+#endif
+
+#define crypto_verify_32_BYTES 32U
+SODIUM_EXPORT
+size_t crypto_verify_32_bytes(void);
+
+SODIUM_EXPORT
+int crypto_verify_32(const unsigned char *x, const unsigned char *y)
+            __attribute__ ((warn_unused_result)) __attribute__ ((nonnull));
+
+#ifdef __cplusplus
+}
+#endif
+
+#endif
diff --git a/client/3rd/ShadowSocks/ShadowSocks/libsodium/include/sodium/crypto_verify_64.h b/client/3rd/ShadowSocks/ShadowSocks/libsodium/include/sodium/crypto_verify_64.h
new file mode 100644
index 00000000..c83b7302
--- /dev/null
+++ b/client/3rd/ShadowSocks/ShadowSocks/libsodium/include/sodium/crypto_verify_64.h
@@ -0,0 +1,23 @@
+#ifndef crypto_verify_64_H
+#define crypto_verify_64_H
+
+#include <stddef.h>
+#include "export.h"
+
+#ifdef __cplusplus
+extern "C" {
+#endif
+
+#define crypto_verify_64_BYTES 64U
+SODIUM_EXPORT
+size_t crypto_verify_64_bytes(void);
+
+SODIUM_EXPORT
+int crypto_verify_64(const unsigned char *x, const unsigned char *y)
+            __attribute__ ((warn_unused_result)) __attribute__ ((nonnull));
+
+#ifdef __cplusplus
+}
+#endif
+
+#endif
diff --git a/client/3rd/ShadowSocks/ShadowSocks/libsodium/include/sodium/export.h b/client/3rd/ShadowSocks/ShadowSocks/libsodium/include/sodium/export.h
new file mode 100644
index 00000000..a0074fc9
--- /dev/null
+++ b/client/3rd/ShadowSocks/ShadowSocks/libsodium/include/sodium/export.h
@@ -0,0 +1,57 @@
+
+#ifndef sodium_export_H
+#define sodium_export_H
+
+#include <stddef.h>
+#include <stdint.h>
+#include <limits.h>
+
+#if !defined(__clang__) && !defined(__GNUC__)
+# ifdef __attribute__
+#  undef __attribute__
+# endif
+# define __attribute__(a)
+#endif
+
+#ifdef SODIUM_STATIC
+# define SODIUM_EXPORT
+# define SODIUM_EXPORT_WEAK
+#else
+# if defined(_MSC_VER)
+#  ifdef SODIUM_DLL_EXPORT
+#   define SODIUM_EXPORT __declspec(dllexport)
+#  else
+#   define SODIUM_EXPORT __declspec(dllimport)
+#  endif
+# else
+#  if defined(__SUNPRO_C)
+#   ifndef __GNU_C__
+#    define SODIUM_EXPORT __attribute__ (visibility(__global))
+#   else
+#    define SODIUM_EXPORT __attribute__ __global
+#   endif
+#  elif defined(_MSG_VER)
+#   define SODIUM_EXPORT extern __declspec(dllexport)
+#  else
+#   define SODIUM_EXPORT __attribute__ ((visibility ("default")))
+#  endif
+# endif
+# if defined(__ELF__) && !defined(SODIUM_DISABLE_WEAK_FUNCTIONS)
+#  define SODIUM_EXPORT_WEAK SODIUM_EXPORT __attribute__((weak))
+# else
+#  define SODIUM_EXPORT_WEAK SODIUM_EXPORT
+# endif
+#endif
+
+#ifndef CRYPTO_ALIGN
+# if defined(__INTEL_COMPILER) || defined(_MSC_VER)
+#  define CRYPTO_ALIGN(x) __declspec(align(x))
+# else
+#  define CRYPTO_ALIGN(x) __attribute__ ((aligned(x)))
+# endif
+#endif
+
+#define SODIUM_MIN(A, B) ((A) < (B) ? (A) : (B))
+#define SODIUM_SIZE_MAX SODIUM_MIN(UINT64_MAX, SIZE_MAX)
+
+#endif
diff --git a/client/3rd/ShadowSocks/ShadowSocks/libsodium/include/sodium/randombytes.h b/client/3rd/ShadowSocks/ShadowSocks/libsodium/include/sodium/randombytes.h
new file mode 100644
index 00000000..c83a4df5
--- /dev/null
+++ b/client/3rd/ShadowSocks/ShadowSocks/libsodium/include/sodium/randombytes.h
@@ -0,0 +1,72 @@
+
+#ifndef randombytes_H
+#define randombytes_H
+
+#include <stddef.h>
+#include <stdint.h>
+
+#include <sys/types.h>
+
+#include "export.h"
+
+#ifdef __cplusplus
+# ifdef __GNUC__
+#  pragma GCC diagnostic ignored "-Wlong-long"
+# endif
+extern "C" {
+#endif
+
+typedef struct randombytes_implementation {
+    const char *(*implementation_name)(void); /* required */
+    uint32_t    (*random)(void);              /* required */
+    void        (*stir)(void);                /* optional */
+    uint32_t    (*uniform)(const uint32_t upper_bound); /* optional, a default implementation will be used if NULL */
+    void        (*buf)(void * const buf, const size_t size); /* required */
+    int         (*close)(void);               /* optional */
+} randombytes_implementation;
+
+#define randombytes_BYTES_MAX SODIUM_MIN(SODIUM_SIZE_MAX, 0xffffffffUL)
+
+#define randombytes_SEEDBYTES 32U
+SODIUM_EXPORT
+size_t randombytes_seedbytes(void);
+
+SODIUM_EXPORT
+void randombytes_buf(void * const buf, const size_t size)
+            __attribute__ ((nonnull));
+
+SODIUM_EXPORT
+void randombytes_buf_deterministic(void * const buf, const size_t size,
+                                   const unsigned char seed[randombytes_SEEDBYTES])
+            __attribute__ ((nonnull));
+
+SODIUM_EXPORT
+uint32_t randombytes_random(void);
+
+SODIUM_EXPORT
+uint32_t randombytes_uniform(const uint32_t upper_bound);
+
+SODIUM_EXPORT
+void randombytes_stir(void);
+
+SODIUM_EXPORT
+int randombytes_close(void);
+
+SODIUM_EXPORT
+int randombytes_set_implementation(const randombytes_implementation *impl)
+            __attribute__ ((nonnull));
+
+SODIUM_EXPORT
+const char *randombytes_implementation_name(void);
+
+/* -- NaCl compatibility interface -- */
+
+SODIUM_EXPORT
+void randombytes(unsigned char * const buf, const unsigned long long buf_len)
+            __attribute__ ((nonnull));
+
+#ifdef __cplusplus
+}
+#endif
+
+#endif
diff --git a/client/3rd/ShadowSocks/ShadowSocks/libsodium/include/sodium/randombytes_internal_random.h b/client/3rd/ShadowSocks/ShadowSocks/libsodium/include/sodium/randombytes_internal_random.h
new file mode 100644
index 00000000..2b2b7d6e
--- /dev/null
+++ b/client/3rd/ShadowSocks/ShadowSocks/libsodium/include/sodium/randombytes_internal_random.h
@@ -0,0 +1,22 @@
+
+#ifndef randombytes_internal_random_H
+#define randombytes_internal_random_H
+
+#include "export.h"
+#include "randombytes.h"
+
+#ifdef __cplusplus
+extern "C" {
+#endif
+
+SODIUM_EXPORT
+extern struct randombytes_implementation randombytes_internal_implementation;
+
+/* Backwards compatibility with libsodium < 1.0.18 */
+#define randombytes_salsa20_implementation randombytes_internal_implementation
+
+#ifdef __cplusplus
+}
+#endif
+
+#endif
diff --git a/client/3rd/ShadowSocks/ShadowSocks/libsodium/include/sodium/randombytes_sysrandom.h b/client/3rd/ShadowSocks/ShadowSocks/libsodium/include/sodium/randombytes_sysrandom.h
new file mode 100644
index 00000000..9e27b674
--- /dev/null
+++ b/client/3rd/ShadowSocks/ShadowSocks/libsodium/include/sodium/randombytes_sysrandom.h
@@ -0,0 +1,19 @@
+
+#ifndef randombytes_sysrandom_H
+#define randombytes_sysrandom_H
+
+#include "export.h"
+#include "randombytes.h"
+
+#ifdef __cplusplus
+extern "C" {
+#endif
+
+SODIUM_EXPORT
+extern struct randombytes_implementation randombytes_sysrandom_implementation;
+
+#ifdef __cplusplus
+}
+#endif
+
+#endif
diff --git a/client/3rd/ShadowSocks/ShadowSocks/libsodium/include/sodium/runtime.h b/client/3rd/ShadowSocks/ShadowSocks/libsodium/include/sodium/runtime.h
new file mode 100644
index 00000000..c1cec853
--- /dev/null
+++ b/client/3rd/ShadowSocks/ShadowSocks/libsodium/include/sodium/runtime.h
@@ -0,0 +1,55 @@
+
+#ifndef sodium_runtime_H
+#define sodium_runtime_H
+
+#include "export.h"
+
+#ifdef __cplusplus
+extern "C" {
+#endif
+
+SODIUM_EXPORT_WEAK
+int sodium_runtime_has_neon(void);
+
+SODIUM_EXPORT_WEAK
+int sodium_runtime_has_armcrypto(void);
+
+SODIUM_EXPORT_WEAK
+int sodium_runtime_has_sse2(void);
+
+SODIUM_EXPORT_WEAK
+int sodium_runtime_has_sse3(void);
+
+SODIUM_EXPORT_WEAK
+int sodium_runtime_has_ssse3(void);
+
+SODIUM_EXPORT_WEAK
+int sodium_runtime_has_sse41(void);
+
+SODIUM_EXPORT_WEAK
+int sodium_runtime_has_avx(void);
+
+SODIUM_EXPORT_WEAK
+int sodium_runtime_has_avx2(void);
+
+SODIUM_EXPORT_WEAK
+int sodium_runtime_has_avx512f(void);
+
+SODIUM_EXPORT_WEAK
+int sodium_runtime_has_pclmul(void);
+
+SODIUM_EXPORT_WEAK
+int sodium_runtime_has_aesni(void);
+
+SODIUM_EXPORT_WEAK
+int sodium_runtime_has_rdrand(void);
+
+/* ------------------------------------------------------------------------- */
+
+int _sodium_runtime_get_cpu_features(void);
+
+#ifdef __cplusplus
+}
+#endif
+
+#endif
diff --git a/client/3rd/ShadowSocks/ShadowSocks/libsodium/include/sodium/utils.h b/client/3rd/ShadowSocks/ShadowSocks/libsodium/include/sodium/utils.h
new file mode 100644
index 00000000..f9b36979
--- /dev/null
+++ b/client/3rd/ShadowSocks/ShadowSocks/libsodium/include/sodium/utils.h
@@ -0,0 +1,179 @@
+
+#ifndef sodium_utils_H
+#define sodium_utils_H
+
+#include <stddef.h>
+
+#include "export.h"
+
+#ifdef __cplusplus
+extern "C" {
+#endif
+
+#ifndef SODIUM_C99
+# if defined(__cplusplus) || !defined(__STDC_VERSION__) || __STDC_VERSION__ < 199901L
+#  define SODIUM_C99(X)
+# else
+#  define SODIUM_C99(X) X
+# endif
+#endif
+
+SODIUM_EXPORT
+void sodium_memzero(void * const pnt, const size_t len);
+
+SODIUM_EXPORT
+void sodium_stackzero(const size_t len);
+
+/*
+ * WARNING: sodium_memcmp() must be used to verify if two secret keys
+ * are equal, in constant time.
+ * It returns 0 if the keys are equal, and -1 if they differ.
+ * This function is not designed for lexicographical comparisons.
+ */
+SODIUM_EXPORT
+int sodium_memcmp(const void * const b1_, const void * const b2_, size_t len)
+            __attribute__ ((warn_unused_result));
+
+/*
+ * sodium_compare() returns -1 if b1_ < b2_, 1 if b1_ > b2_ and 0 if b1_ == b2_
+ * It is suitable for lexicographical comparisons, or to compare nonces
+ * and counters stored in little-endian format.
+ * However, it is slower than sodium_memcmp().
+ */
+SODIUM_EXPORT
+int sodium_compare(const unsigned char *b1_, const unsigned char *b2_,
+                   size_t len) __attribute__ ((warn_unused_result));
+
+SODIUM_EXPORT
+int sodium_is_zero(const unsigned char *n, const size_t nlen);
+
+SODIUM_EXPORT
+void sodium_increment(unsigned char *n, const size_t nlen);
+
+SODIUM_EXPORT
+void sodium_add(unsigned char *a, const unsigned char *b, const size_t len);
+
+SODIUM_EXPORT
+void sodium_sub(unsigned char *a, const unsigned char *b, const size_t len);
+
+SODIUM_EXPORT
+char *sodium_bin2hex(char * const hex, const size_t hex_maxlen,
+                     const unsigned char * const bin, const size_t bin_len)
+            __attribute__ ((nonnull(1)));
+
+SODIUM_EXPORT
+int sodium_hex2bin(unsigned char * const bin, const size_t bin_maxlen,
+                   const char * const hex, const size_t hex_len,
+                   const char * const ignore, size_t * const bin_len,
+                   const char ** const hex_end)
+            __attribute__ ((nonnull(1)));
+
+#define sodium_base64_VARIANT_ORIGINAL            1
+#define sodium_base64_VARIANT_ORIGINAL_NO_PADDING 3
+#define sodium_base64_VARIANT_URLSAFE             5
+#define sodium_base64_VARIANT_URLSAFE_NO_PADDING  7
+
+/*
+ * Computes the required length to encode BIN_LEN bytes as a base64 string
+ * using the given variant. The computed length includes a trailing \0.
+ */
+#define sodium_base64_ENCODED_LEN(BIN_LEN, VARIANT) \
+    (((BIN_LEN) / 3U) * 4U + \
+    ((((BIN_LEN) - ((BIN_LEN) / 3U) * 3U) | (((BIN_LEN) - ((BIN_LEN) / 3U) * 3U) >> 1)) & 1U) * \
+     (4U - (~((((VARIANT) & 2U) >> 1) - 1U) & (3U - ((BIN_LEN) - ((BIN_LEN) / 3U) * 3U)))) + 1U)
+
+SODIUM_EXPORT
+size_t sodium_base64_encoded_len(const size_t bin_len, const int variant);
+
+SODIUM_EXPORT
+char *sodium_bin2base64(char * const b64, const size_t b64_maxlen,
+                        const unsigned char * const bin, const size_t bin_len,
+                        const int variant) __attribute__ ((nonnull(1)));
+
+SODIUM_EXPORT
+int sodium_base642bin(unsigned char * const bin, const size_t bin_maxlen,
+                      const char * const b64, const size_t b64_len,
+                      const char * const ignore, size_t * const bin_len,
+                      const char ** const b64_end, const int variant)
+            __attribute__ ((nonnull(1)));
+
+SODIUM_EXPORT
+int sodium_mlock(void * const addr, const size_t len)
+            __attribute__ ((nonnull));
+
+SODIUM_EXPORT
+int sodium_munlock(void * const addr, const size_t len)
+            __attribute__ ((nonnull));
+
+/* WARNING: sodium_malloc() and sodium_allocarray() are not general-purpose
+ * allocation functions.
+ *
+ * They return a pointer to a region filled with 0xd0 bytes, immediately
+ * followed by a guard page.
+ * As a result, accessing a single byte after the requested allocation size
+ * will intentionally trigger a segmentation fault.
+ *
+ * A canary and an additional guard page placed before the beginning of the
+ * region may also kill the process if a buffer underflow is detected.
+ *
+ * The memory layout is:
+ * [unprotected region size (read only)][guard page (no access)][unprotected pages (read/write)][guard page (no access)]
+ * With the layout of the unprotected pages being:
+ * [optional padding][16-bytes canary][user region]
+ *
+ * However:
+ * - These functions are significantly slower than standard functions
+ * - Each allocation requires 3 or 4 additional pages
+ * - The returned address will not be aligned if the allocation size is not
+ *   a multiple of the required alignment. For this reason, these functions
+ *   are designed to store data, such as secret keys and messages.
+ *
+ * sodium_malloc() can be used to allocate any libsodium data structure.
+ *
+ * The crypto_generichash_state structure is packed and its length is
+ * either 357 or 361 bytes. For this reason, when using sodium_malloc() to
+ * allocate a crypto_generichash_state structure, padding must be added in
+ * order to ensure proper alignment. crypto_generichash_statebytes()
+ * returns the rounded up structure size, and should be preferred to sizeof():
+ * state = sodium_malloc(crypto_generichash_statebytes());
+ */
+
+SODIUM_EXPORT
+void *sodium_malloc(const size_t size)
+            __attribute__ ((malloc));
+
+SODIUM_EXPORT
+void *sodium_allocarray(size_t count, size_t size)
+            __attribute__ ((malloc));
+
+SODIUM_EXPORT
+void sodium_free(void *ptr);
+
+SODIUM_EXPORT
+int sodium_mprotect_noaccess(void *ptr) __attribute__ ((nonnull));
+
+SODIUM_EXPORT
+int sodium_mprotect_readonly(void *ptr) __attribute__ ((nonnull));
+
+SODIUM_EXPORT
+int sodium_mprotect_readwrite(void *ptr) __attribute__ ((nonnull));
+
+SODIUM_EXPORT
+int sodium_pad(size_t *padded_buflen_p, unsigned char *buf,
+               size_t unpadded_buflen, size_t blocksize, size_t max_buflen)
+            __attribute__ ((nonnull(2)));
+
+SODIUM_EXPORT
+int sodium_unpad(size_t *unpadded_buflen_p, const unsigned char *buf,
+                 size_t padded_buflen, size_t blocksize)
+            __attribute__ ((nonnull(2)));
+
+/* -------- */
+
+int _sodium_alloc_init(void);
+
+#ifdef __cplusplus
+}
+#endif
+
+#endif
diff --git a/client/3rd/ShadowSocks/ShadowSocks/libsodium/include/sodium/version.h b/client/3rd/ShadowSocks/ShadowSocks/libsodium/include/sodium/version.h
new file mode 100644
index 00000000..cc60e448
--- /dev/null
+++ b/client/3rd/ShadowSocks/ShadowSocks/libsodium/include/sodium/version.h
@@ -0,0 +1,33 @@
+
+#ifndef sodium_version_H
+#define sodium_version_H
+
+#include "export.h"
+
+#define SODIUM_VERSION_STRING "1.0.18"
+
+#define SODIUM_LIBRARY_VERSION_MAJOR 11
+#define SODIUM_LIBRARY_VERSION_MINOR 0
+#define SODIUM_LIBRARY_MINIMAL 1
+
+#ifdef __cplusplus
+extern "C" {
+#endif
+
+SODIUM_EXPORT
+const char *sodium_version_string(void);
+
+SODIUM_EXPORT
+int         sodium_library_version_major(void);
+
+SODIUM_EXPORT
+int         sodium_library_version_minor(void);
+
+SODIUM_EXPORT
+int         sodium_library_minimal(void);
+
+#ifdef __cplusplus
+}
+#endif
+
+#endif
diff --git a/client/3rd/ShadowSocks/ShadowSocks/libsodium/ios/include/module.modulemap b/client/3rd/ShadowSocks/ShadowSocks/libsodium/ios/include/module.modulemap
new file mode 100644
index 00000000..d5e34df3
--- /dev/null
+++ b/client/3rd/ShadowSocks/ShadowSocks/libsodium/ios/include/module.modulemap
@@ -0,0 +1,4 @@
+module Clibsodium {
+    header "sodium.h"
+    export *
+}
diff --git a/client/3rd/ShadowSocks/ShadowSocks/libsodium/ios/include/sodium.h b/client/3rd/ShadowSocks/ShadowSocks/libsodium/ios/include/sodium.h
new file mode 100644
index 00000000..610d6328
--- /dev/null
+++ b/client/3rd/ShadowSocks/ShadowSocks/libsodium/ios/include/sodium.h
@@ -0,0 +1,73 @@
+
+#ifndef sodium_H
+#define sodium_H
+
+#include "sodium/version.h"
+
+#include "sodium/core.h"
+#include "sodium/crypto_aead_aes256gcm.h"
+#include "sodium/crypto_aead_aegis128l.h"
+#include "sodium/crypto_aead_aegis256.h"
+#include "sodium/crypto_aead_chacha20poly1305.h"
+#include "sodium/crypto_aead_xchacha20poly1305.h"
+#include "sodium/crypto_auth.h"
+#include "sodium/crypto_auth_hmacsha256.h"
+#include "sodium/crypto_auth_hmacsha512.h"
+#include "sodium/crypto_auth_hmacsha512256.h"
+#include "sodium/crypto_box.h"
+#include "sodium/crypto_box_curve25519xsalsa20poly1305.h"
+#include "sodium/crypto_core_hsalsa20.h"
+#include "sodium/crypto_core_hchacha20.h"
+#include "sodium/crypto_core_salsa20.h"
+#include "sodium/crypto_core_salsa2012.h"
+#include "sodium/crypto_core_salsa208.h"
+#include "sodium/crypto_generichash.h"
+#include "sodium/crypto_generichash_blake2b.h"
+#include "sodium/crypto_hash.h"
+#include "sodium/crypto_hash_sha256.h"
+#include "sodium/crypto_hash_sha512.h"
+#include "sodium/crypto_kdf.h"
+#include "sodium/crypto_kdf_blake2b.h"
+#include "sodium/crypto_kx.h"
+#include "sodium/crypto_onetimeauth.h"
+#include "sodium/crypto_onetimeauth_poly1305.h"
+#include "sodium/crypto_pwhash.h"
+#include "sodium/crypto_pwhash_argon2i.h"
+#include "sodium/crypto_scalarmult.h"
+#include "sodium/crypto_scalarmult_curve25519.h"
+#include "sodium/crypto_secretbox.h"
+#include "sodium/crypto_secretbox_xsalsa20poly1305.h"
+#include "sodium/crypto_secretstream_xchacha20poly1305.h"
+#include "sodium/crypto_shorthash.h"
+#include "sodium/crypto_shorthash_siphash24.h"
+#include "sodium/crypto_sign.h"
+#include "sodium/crypto_sign_ed25519.h"
+#include "sodium/crypto_stream.h"
+#include "sodium/crypto_stream_chacha20.h"
+#include "sodium/crypto_stream_salsa20.h"
+#include "sodium/crypto_stream_xsalsa20.h"
+#include "sodium/crypto_verify_16.h"
+#include "sodium/crypto_verify_32.h"
+#include "sodium/crypto_verify_64.h"
+#include "sodium/randombytes.h"
+#include "sodium/randombytes_internal_random.h"
+#include "sodium/randombytes_sysrandom.h"
+#include "sodium/runtime.h"
+#include "sodium/utils.h"
+
+#ifndef SODIUM_LIBRARY_MINIMAL
+# include "sodium/crypto_box_curve25519xchacha20poly1305.h"
+# include "sodium/crypto_core_ed25519.h"
+# include "sodium/crypto_core_ristretto255.h"
+# include "sodium/crypto_kdf_hkdf_sha256.h"
+# include "sodium/crypto_kdf_hkdf_sha512.h"
+# include "sodium/crypto_scalarmult_ed25519.h"
+# include "sodium/crypto_scalarmult_ristretto255.h"
+# include "sodium/crypto_secretbox_xchacha20poly1305.h"
+# include "sodium/crypto_pwhash_scryptsalsa208sha256.h"
+# include "sodium/crypto_stream_salsa2012.h"
+# include "sodium/crypto_stream_salsa208.h"
+# include "sodium/crypto_stream_xchacha20.h"
+#endif
+
+#endif
diff --git a/client/3rd/ShadowSocks/ShadowSocks/libsodium/ios/include/sodium/core.h b/client/3rd/ShadowSocks/ShadowSocks/libsodium/ios/include/sodium/core.h
new file mode 100644
index 00000000..dd088d2c
--- /dev/null
+++ b/client/3rd/ShadowSocks/ShadowSocks/libsodium/ios/include/sodium/core.h
@@ -0,0 +1,28 @@
+
+#ifndef sodium_core_H
+#define sodium_core_H
+
+#include "export.h"
+
+#ifdef __cplusplus
+extern "C" {
+#endif
+
+SODIUM_EXPORT
+int sodium_init(void)
+            __attribute__ ((warn_unused_result));
+
+/* ---- */
+
+SODIUM_EXPORT
+int sodium_set_misuse_handler(void (*handler)(void));
+
+SODIUM_EXPORT
+void sodium_misuse(void)
+            __attribute__ ((noreturn));
+
+#ifdef __cplusplus
+}
+#endif
+
+#endif
diff --git a/client/3rd/ShadowSocks/ShadowSocks/libsodium/ios/include/sodium/crypto_aead_aegis128l.h b/client/3rd/ShadowSocks/ShadowSocks/libsodium/ios/include/sodium/crypto_aead_aegis128l.h
new file mode 100644
index 00000000..ed8d2f2b
--- /dev/null
+++ b/client/3rd/ShadowSocks/ShadowSocks/libsodium/ios/include/sodium/crypto_aead_aegis128l.h
@@ -0,0 +1,96 @@
+#ifndef crypto_aead_aegis128l_H
+#define crypto_aead_aegis128l_H
+
+#include <stddef.h>
+#include "export.h"
+
+#ifdef __cplusplus
+# ifdef __GNUC__
+#  pragma GCC diagnostic ignored "-Wlong-long"
+# endif
+extern "C" {
+#endif
+
+SODIUM_EXPORT
+int crypto_aead_aegis128l_is_available(void);
+
+#define crypto_aead_aegis128l_KEYBYTES  16U
+SODIUM_EXPORT
+size_t crypto_aead_aegis128l_keybytes(void);
+
+#define crypto_aead_aegis128l_NSECBYTES 0U
+SODIUM_EXPORT
+size_t crypto_aead_aegis128l_nsecbytes(void);
+
+#define crypto_aead_aegis128l_NPUBBYTES 16U
+SODIUM_EXPORT
+size_t crypto_aead_aegis128l_npubbytes(void);
+
+#define crypto_aead_aegis128l_ABYTES    16U
+SODIUM_EXPORT
+size_t crypto_aead_aegis128l_abytes(void);
+
+#define crypto_aead_aegis128l_MESSAGEBYTES_MAX \
+    SODIUM_MIN(SODIUM_SIZE_MAX - crypto_aead_aegis128l_ABYTES, \
+               (1ULL << 61) - 1)
+SODIUM_EXPORT
+size_t crypto_aead_aegis128l_messagebytes_max(void);
+
+SODIUM_EXPORT
+int crypto_aead_aegis128l_encrypt(unsigned char *c,
+                                  unsigned long long *clen_p,
+                                  const unsigned char *m,
+                                  unsigned long long mlen,
+                                  const unsigned char *ad,
+                                  unsigned long long adlen,
+                                  const unsigned char *nsec,
+                                  const unsigned char *npub,
+                                  const unsigned char *k)
+            __attribute__ ((nonnull(1, 8, 9)));
+
+SODIUM_EXPORT
+int crypto_aead_aegis128l_decrypt(unsigned char *m,
+                                  unsigned long long *mlen_p,
+                                  unsigned char *nsec,
+                                  const unsigned char *c,
+                                  unsigned long long clen,
+                                  const unsigned char *ad,
+                                  unsigned long long adlen,
+                                  const unsigned char *npub,
+                                  const unsigned char *k)
+            __attribute__ ((warn_unused_result)) __attribute__ ((nonnull(4, 8, 9)));
+
+SODIUM_EXPORT
+int crypto_aead_aegis128l_encrypt_detached(unsigned char *c,
+                                           unsigned char *mac,
+                                           unsigned long long *maclen_p,
+                                           const unsigned char *m,
+                                           unsigned long long mlen,
+                                           const unsigned char *ad,
+                                           unsigned long long adlen,
+                                           const unsigned char *nsec,
+                                           const unsigned char *npub,
+                                           const unsigned char *k)
+            __attribute__ ((nonnull(1, 2, 9, 10)));
+
+SODIUM_EXPORT
+int crypto_aead_aegis128l_decrypt_detached(unsigned char *m,
+                                           unsigned char *nsec,
+                                           const unsigned char *c,
+                                           unsigned long long clen,
+                                           const unsigned char *mac,
+                                           const unsigned char *ad,
+                                           unsigned long long adlen,
+                                           const unsigned char *npub,
+                                           const unsigned char *k)
+            __attribute__ ((warn_unused_result)) __attribute__ ((nonnull(3, 5, 8, 9)));
+
+SODIUM_EXPORT
+void crypto_aead_aegis128l_keygen(unsigned char k[crypto_aead_aegis128l_KEYBYTES])
+            __attribute__ ((nonnull));
+
+#ifdef __cplusplus
+}
+#endif
+
+#endif
diff --git a/client/3rd/ShadowSocks/ShadowSocks/libsodium/ios/include/sodium/crypto_aead_aegis256.h b/client/3rd/ShadowSocks/ShadowSocks/libsodium/ios/include/sodium/crypto_aead_aegis256.h
new file mode 100644
index 00000000..32e76896
--- /dev/null
+++ b/client/3rd/ShadowSocks/ShadowSocks/libsodium/ios/include/sodium/crypto_aead_aegis256.h
@@ -0,0 +1,96 @@
+#ifndef crypto_aead_aegis256_H
+#define crypto_aead_aegis256_H
+
+#include <stddef.h>
+#include "export.h"
+
+#ifdef __cplusplus
+# ifdef __GNUC__
+#  pragma GCC diagnostic ignored "-Wlong-long"
+# endif
+extern "C" {
+#endif
+
+SODIUM_EXPORT
+int crypto_aead_aegis256_is_available(void);
+
+#define crypto_aead_aegis256_KEYBYTES  32U
+SODIUM_EXPORT
+size_t crypto_aead_aegis256_keybytes(void);
+
+#define crypto_aead_aegis256_NSECBYTES 0U
+SODIUM_EXPORT
+size_t crypto_aead_aegis256_nsecbytes(void);
+
+#define crypto_aead_aegis256_NPUBBYTES 32U
+SODIUM_EXPORT
+size_t crypto_aead_aegis256_npubbytes(void);
+
+#define crypto_aead_aegis256_ABYTES    16U
+SODIUM_EXPORT
+size_t crypto_aead_aegis256_abytes(void);
+
+#define crypto_aead_aegis256_MESSAGEBYTES_MAX \
+    SODIUM_MIN(SODIUM_SIZE_MAX - crypto_aead_aegis256_ABYTES, \
+               (1ULL << 61) - 1)
+SODIUM_EXPORT
+size_t crypto_aead_aegis256_messagebytes_max(void);
+
+SODIUM_EXPORT
+int crypto_aead_aegis256_encrypt(unsigned char *c,
+                                 unsigned long long *clen_p,
+                                 const unsigned char *m,
+                                 unsigned long long mlen,
+                                 const unsigned char *ad,
+                                 unsigned long long adlen,
+                                 const unsigned char *nsec,
+                                 const unsigned char *npub,
+                                 const unsigned char *k)
+            __attribute__ ((nonnull(1, 8, 9)));
+
+SODIUM_EXPORT
+int crypto_aead_aegis256_decrypt(unsigned char *m,
+                                 unsigned long long *mlen_p,
+                                 unsigned char *nsec,
+                                 const unsigned char *c,
+                                 unsigned long long clen,
+                                 const unsigned char *ad,
+                                 unsigned long long adlen,
+                                 const unsigned char *npub,
+                                 const unsigned char *k)
+            __attribute__ ((warn_unused_result)) __attribute__ ((nonnull(4, 8, 9)));
+
+SODIUM_EXPORT
+int crypto_aead_aegis256_encrypt_detached(unsigned char *c,
+                                          unsigned char *mac,
+                                          unsigned long long *maclen_p,
+                                          const unsigned char *m,
+                                          unsigned long long mlen,
+                                          const unsigned char *ad,
+                                          unsigned long long adlen,
+                                          const unsigned char *nsec,
+                                          const unsigned char *npub,
+                                          const unsigned char *k)
+            __attribute__ ((nonnull(1, 2, 9, 10)));
+
+SODIUM_EXPORT
+int crypto_aead_aegis256_decrypt_detached(unsigned char *m,
+                                          unsigned char *nsec,
+                                          const unsigned char *c,
+                                          unsigned long long clen,
+                                          const unsigned char *mac,
+                                          const unsigned char *ad,
+                                          unsigned long long adlen,
+                                          const unsigned char *npub,
+                                          const unsigned char *k)
+            __attribute__ ((warn_unused_result)) __attribute__ ((nonnull(3, 5, 8, 9)));
+
+SODIUM_EXPORT
+void crypto_aead_aegis256_keygen(unsigned char k[crypto_aead_aegis256_KEYBYTES])
+            __attribute__ ((nonnull));
+
+#ifdef __cplusplus
+}
+#endif
+
+#endif
diff --git a/client/3rd/ShadowSocks/ShadowSocks/libsodium/ios/include/sodium/crypto_aead_aes256gcm.h b/client/3rd/ShadowSocks/ShadowSocks/libsodium/ios/include/sodium/crypto_aead_aes256gcm.h
new file mode 100644
index 00000000..9baeb3f1
--- /dev/null
+++ b/client/3rd/ShadowSocks/ShadowSocks/libsodium/ios/include/sodium/crypto_aead_aes256gcm.h
@@ -0,0 +1,179 @@
+#ifndef crypto_aead_aes256gcm_H
+#define crypto_aead_aes256gcm_H
+
+/*
+ * WARNING: Despite being the most popular AEAD construction due to its
+ * use in TLS, safely using AES-GCM in a different context is tricky.
+ *
+ * No more than ~ 350 GB of input data should be encrypted with a given key.
+ * This is for ~ 16 KB messages -- Actual figures vary according to
+ * message sizes.
+ *
+ * In addition, nonces are short and repeated nonces would totally destroy
+ * the security of this scheme.
+ *
+ * Nonces should thus come from atomic counters, which can be difficult to
+ * set up in a distributed environment.
+ *
+ * Unless you absolutely need AES-GCM, use crypto_aead_xchacha20poly1305_ietf_*()
+ * instead. It doesn't have any of these limitations.
+ * Or, if you don't need to authenticate additional data, just stick to
+ * crypto_secretbox().
+ */
+
+#include <stddef.h>
+#include "export.h"
+
+#ifdef __cplusplus
+# ifdef __GNUC__
+#  pragma GCC diagnostic ignored "-Wlong-long"
+# endif
+extern "C" {
+#endif
+
+SODIUM_EXPORT
+int crypto_aead_aes256gcm_is_available(void);
+
+#define crypto_aead_aes256gcm_KEYBYTES  32U
+SODIUM_EXPORT
+size_t crypto_aead_aes256gcm_keybytes(void);
+
+#define crypto_aead_aes256gcm_NSECBYTES 0U
+SODIUM_EXPORT
+size_t crypto_aead_aes256gcm_nsecbytes(void);
+
+#define crypto_aead_aes256gcm_NPUBBYTES 12U
+SODIUM_EXPORT
+size_t crypto_aead_aes256gcm_npubbytes(void);
+
+#define crypto_aead_aes256gcm_ABYTES    16U
+SODIUM_EXPORT
+size_t crypto_aead_aes256gcm_abytes(void);
+
+#define crypto_aead_aes256gcm_MESSAGEBYTES_MAX \
+    SODIUM_MIN(SODIUM_SIZE_MAX - crypto_aead_aes256gcm_ABYTES, \
+               (16ULL * ((1ULL << 32) - 2ULL)))
+SODIUM_EXPORT
+size_t crypto_aead_aes256gcm_messagebytes_max(void);
+
+typedef struct CRYPTO_ALIGN(16) crypto_aead_aes256gcm_state_ {
+    unsigned char opaque[512];
+} crypto_aead_aes256gcm_state;
+
+SODIUM_EXPORT
+size_t crypto_aead_aes256gcm_statebytes(void);
+
+SODIUM_EXPORT
+int crypto_aead_aes256gcm_encrypt(unsigned char *c,
+                                  unsigned long long *clen_p,
+                                  const unsigned char *m,
+                                  unsigned long long mlen,
+                                  const unsigned char *ad,
+                                  unsigned long long adlen,
+                                  const unsigned char *nsec,
+                                  const unsigned char *npub,
+                                  const unsigned char *k)
+            __attribute__ ((nonnull(1, 8, 9)));
+
+SODIUM_EXPORT
+int crypto_aead_aes256gcm_decrypt(unsigned char *m,
+                                  unsigned long long *mlen_p,
+                                  unsigned char *nsec,
+                                  const unsigned char *c,
+                                  unsigned long long clen,
+                                  const unsigned char *ad,
+                                  unsigned long long adlen,
+                                  const unsigned char *npub,
+                                  const unsigned char *k)
+            __attribute__ ((warn_unused_result)) __attribute__ ((nonnull(4, 8, 9)));
+
+SODIUM_EXPORT
+int crypto_aead_aes256gcm_encrypt_detached(unsigned char *c,
+                                           unsigned char *mac,
+                                           unsigned long long *maclen_p,
+                                           const unsigned char *m,
+                                           unsigned long long mlen,
+                                           const unsigned char *ad,
+                                           unsigned long long adlen,
+                                           const unsigned char *nsec,
+                                           const unsigned char *npub,
+                                           const unsigned char *k)
+            __attribute__ ((nonnull(1, 2, 9, 10)));
+
+SODIUM_EXPORT
+int crypto_aead_aes256gcm_decrypt_detached(unsigned char *m,
+                                           unsigned char *nsec,
+                                           const unsigned char *c,
+                                           unsigned long long clen,
+                                           const unsigned char *mac,
+                                           const unsigned char *ad,
+                                           unsigned long long adlen,
+                                           const unsigned char *npub,
+                                           const unsigned char *k)
+            __attribute__ ((warn_unused_result)) __attribute__ ((nonnull(3, 5, 8, 9)));
+
+/* -- Precomputation interface -- */
+
+SODIUM_EXPORT
+int crypto_aead_aes256gcm_beforenm(crypto_aead_aes256gcm_state *ctx_,
+                                   const unsigned char *k)
+            __attribute__ ((nonnull));
+
+SODIUM_EXPORT
+int crypto_aead_aes256gcm_encrypt_afternm(unsigned char *c,
+                                          unsigned long long *clen_p,
+                                          const unsigned char *m,
+                                          unsigned long long mlen,
+                                          const unsigned char *ad,
+                                          unsigned long long adlen,
+                                          const unsigned char *nsec,
+                                          const unsigned char *npub,
+                                          const crypto_aead_aes256gcm_state *ctx_)
+            __attribute__ ((nonnull(1, 8, 9)));
+
+SODIUM_EXPORT
+int crypto_aead_aes256gcm_decrypt_afternm(unsigned char *m,
+                                          unsigned long long *mlen_p,
+                                          unsigned char *nsec,
+                                          const unsigned char *c,
+                                          unsigned long long clen,
+                                          const unsigned char *ad,
+                                          unsigned long long adlen,
+                                          const unsigned char *npub,
+                                          const crypto_aead_aes256gcm_state *ctx_)
+            __attribute__ ((warn_unused_result)) __attribute__ ((nonnull(4, 8, 9)));
+
+SODIUM_EXPORT
+int crypto_aead_aes256gcm_encrypt_detached_afternm(unsigned char *c,
+                                                   unsigned char *mac,
+                                                   unsigned long long *maclen_p,
+                                                   const unsigned char *m,
+                                                   unsigned long long mlen,
+                                                   const unsigned char *ad,
+                                                   unsigned long long adlen,
+                                                   const unsigned char *nsec,
+                                                   const unsigned char *npub,
+                                                   const crypto_aead_aes256gcm_state *ctx_)
+            __attribute__ ((nonnull(1, 2, 9, 10)));
+
+SODIUM_EXPORT
+int crypto_aead_aes256gcm_decrypt_detached_afternm(unsigned char *m,
+                                                   unsigned char *nsec,
+                                                   const unsigned char *c,
+                                                   unsigned long long clen,
+                                                   const unsigned char *mac,
+                                                   const unsigned char *ad,
+                                                   unsigned long long adlen,
+                                                   const unsigned char *npub,
+                                                   const crypto_aead_aes256gcm_state *ctx_)
+            __attribute__ ((warn_unused_result)) __attribute__ ((nonnull(3, 5, 8, 9)));
+
+SODIUM_EXPORT
+void crypto_aead_aes256gcm_keygen(unsigned char k[crypto_aead_aes256gcm_KEYBYTES])
+            __attribute__ ((nonnull));
+
+#ifdef __cplusplus
+}
+#endif
+
+#endif
diff --git a/client/3rd/ShadowSocks/ShadowSocks/libsodium/ios/include/sodium/crypto_aead_chacha20poly1305.h b/client/3rd/ShadowSocks/ShadowSocks/libsodium/ios/include/sodium/crypto_aead_chacha20poly1305.h
new file mode 100644
index 00000000..5d671df1
--- /dev/null
+++ b/client/3rd/ShadowSocks/ShadowSocks/libsodium/ios/include/sodium/crypto_aead_chacha20poly1305.h
@@ -0,0 +1,180 @@
+#ifndef crypto_aead_chacha20poly1305_H
+#define crypto_aead_chacha20poly1305_H
+
+#include <stddef.h>
+#include "export.h"
+
+#ifdef __cplusplus
+# ifdef __GNUC__
+#  pragma GCC diagnostic ignored "-Wlong-long"
+# endif
+extern "C" {
+#endif
+
+/* -- IETF ChaCha20-Poly1305 construction with a 96-bit nonce and a 32-bit internal counter -- */
+
+#define crypto_aead_chacha20poly1305_ietf_KEYBYTES 32U
+SODIUM_EXPORT
+size_t crypto_aead_chacha20poly1305_ietf_keybytes(void);
+
+#define crypto_aead_chacha20poly1305_ietf_NSECBYTES 0U
+SODIUM_EXPORT
+size_t crypto_aead_chacha20poly1305_ietf_nsecbytes(void);
+
+#define crypto_aead_chacha20poly1305_ietf_NPUBBYTES 12U
+
+SODIUM_EXPORT
+size_t crypto_aead_chacha20poly1305_ietf_npubbytes(void);
+
+#define crypto_aead_chacha20poly1305_ietf_ABYTES 16U
+SODIUM_EXPORT
+size_t crypto_aead_chacha20poly1305_ietf_abytes(void);
+
+#define crypto_aead_chacha20poly1305_ietf_MESSAGEBYTES_MAX \
+    SODIUM_MIN(SODIUM_SIZE_MAX - crypto_aead_chacha20poly1305_ietf_ABYTES, \
+               (64ULL * ((1ULL << 32) - 1ULL)))
+SODIUM_EXPORT
+size_t crypto_aead_chacha20poly1305_ietf_messagebytes_max(void);
+
+SODIUM_EXPORT
+int crypto_aead_chacha20poly1305_ietf_encrypt(unsigned char *c,
+                                              unsigned long long *clen_p,
+                                              const unsigned char *m,
+                                              unsigned long long mlen,
+                                              const unsigned char *ad,
+                                              unsigned long long adlen,
+                                              const unsigned char *nsec,
+                                              const unsigned char *npub,
+                                              const unsigned char *k)
+            __attribute__ ((nonnull(1, 8, 9)));
+
+SODIUM_EXPORT
+int crypto_aead_chacha20poly1305_ietf_decrypt(unsigned char *m,
+                                              unsigned long long *mlen_p,
+                                              unsigned char *nsec,
+                                              const unsigned char *c,
+                                              unsigned long long clen,
+                                              const unsigned char *ad,
+                                              unsigned long long adlen,
+                                              const unsigned char *npub,
+                                              const unsigned char *k)
+            __attribute__ ((warn_unused_result)) __attribute__ ((nonnull(4, 8, 9)));
+
+SODIUM_EXPORT
+int crypto_aead_chacha20poly1305_ietf_encrypt_detached(unsigned char *c,
+                                                       unsigned char *mac,
+                                                       unsigned long long *maclen_p,
+                                                       const unsigned char *m,
+                                                       unsigned long long mlen,
+                                                       const unsigned char *ad,
+                                                       unsigned long long adlen,
+                                                       const unsigned char *nsec,
+                                                       const unsigned char *npub,
+                                                       const unsigned char *k)
+            __attribute__ ((nonnull(1, 2, 9, 10)));
+
+SODIUM_EXPORT
+int crypto_aead_chacha20poly1305_ietf_decrypt_detached(unsigned char *m,
+                                                       unsigned char *nsec,
+                                                       const unsigned char *c,
+                                                       unsigned long long clen,
+                                                       const unsigned char *mac,
+                                                       const unsigned char *ad,
+                                                       unsigned long long adlen,
+                                                       const unsigned char *npub,
+                                                       const unsigned char *k)
+            __attribute__ ((warn_unused_result)) __attribute__ ((nonnull(3, 5, 8, 9)));
+
+SODIUM_EXPORT
+void crypto_aead_chacha20poly1305_ietf_keygen(unsigned char k[crypto_aead_chacha20poly1305_ietf_KEYBYTES])
+            __attribute__ ((nonnull));
+
+/* -- Original ChaCha20-Poly1305 construction with a 64-bit nonce and a 64-bit internal counter -- */
+
+#define crypto_aead_chacha20poly1305_KEYBYTES 32U
+SODIUM_EXPORT
+size_t crypto_aead_chacha20poly1305_keybytes(void);
+
+#define crypto_aead_chacha20poly1305_NSECBYTES 0U
+SODIUM_EXPORT
+size_t crypto_aead_chacha20poly1305_nsecbytes(void);
+
+#define crypto_aead_chacha20poly1305_NPUBBYTES 8U
+SODIUM_EXPORT
+size_t crypto_aead_chacha20poly1305_npubbytes(void);
+
+#define crypto_aead_chacha20poly1305_ABYTES 16U
+SODIUM_EXPORT
+size_t crypto_aead_chacha20poly1305_abytes(void);
+
+#define crypto_aead_chacha20poly1305_MESSAGEBYTES_MAX \
+    (SODIUM_SIZE_MAX - crypto_aead_chacha20poly1305_ABYTES)
+SODIUM_EXPORT
+size_t crypto_aead_chacha20poly1305_messagebytes_max(void);
+
+SODIUM_EXPORT
+int crypto_aead_chacha20poly1305_encrypt(unsigned char *c,
+                                         unsigned long long *clen_p,
+                                         const unsigned char *m,
+                                         unsigned long long mlen,
+                                         const unsigned char *ad,
+                                         unsigned long long adlen,
+                                         const unsigned char *nsec,
+                                         const unsigned char *npub,
+                                         const unsigned char *k)
+            __attribute__ ((nonnull(1, 8, 9)));
+
+SODIUM_EXPORT
+int crypto_aead_chacha20poly1305_decrypt(unsigned char *m,
+                                         unsigned long long *mlen_p,
+                                         unsigned char *nsec,
+                                         const unsigned char *c,
+                                         unsigned long long clen,
+                                         const unsigned char *ad,
+                                         unsigned long long adlen,
+                                         const unsigned char *npub,
+                                         const unsigned char *k)
+            __attribute__ ((warn_unused_result)) __attribute__ ((nonnull(4, 8, 9)));
+
+SODIUM_EXPORT
+int crypto_aead_chacha20poly1305_encrypt_detached(unsigned char *c,
+                                                  unsigned char *mac,
+                                                  unsigned long long *maclen_p,
+                                                  const unsigned char *m,
+                                                  unsigned long long mlen,
+                                                  const unsigned char *ad,
+                                                  unsigned long long adlen,
+                                                  const unsigned char *nsec,
+                                                  const unsigned char *npub,
+                                                  const unsigned char *k)
+            __attribute__ ((nonnull(1, 2, 9, 10)));
+
+SODIUM_EXPORT
+int crypto_aead_chacha20poly1305_decrypt_detached(unsigned char *m,
+                                                  unsigned char *nsec,
+                                                  const unsigned char *c,
+                                                  unsigned long long clen,
+                                                  const unsigned char *mac,
+                                                  const unsigned char *ad,
+                                                  unsigned long long adlen,
+                                                  const unsigned char *npub,
+                                                  const unsigned char *k)
+            __attribute__ ((warn_unused_result)) __attribute__ ((nonnull(3, 5, 8, 9)));
+
+SODIUM_EXPORT
+void crypto_aead_chacha20poly1305_keygen(unsigned char k[crypto_aead_chacha20poly1305_KEYBYTES])
+            __attribute__ ((nonnull));
+
+/* Aliases */
+
+#define crypto_aead_chacha20poly1305_IETF_KEYBYTES         crypto_aead_chacha20poly1305_ietf_KEYBYTES
+#define crypto_aead_chacha20poly1305_IETF_NSECBYTES        crypto_aead_chacha20poly1305_ietf_NSECBYTES
+#define crypto_aead_chacha20poly1305_IETF_NPUBBYTES        crypto_aead_chacha20poly1305_ietf_NPUBBYTES
+#define crypto_aead_chacha20poly1305_IETF_ABYTES           crypto_aead_chacha20poly1305_ietf_ABYTES
+#define crypto_aead_chacha20poly1305_IETF_MESSAGEBYTES_MAX crypto_aead_chacha20poly1305_ietf_MESSAGEBYTES_MAX
+
+#ifdef __cplusplus
+}
+#endif
+
+#endif
diff --git a/client/3rd/ShadowSocks/ShadowSocks/libsodium/ios/include/sodium/crypto_aead_xchacha20poly1305.h b/client/3rd/ShadowSocks/ShadowSocks/libsodium/ios/include/sodium/crypto_aead_xchacha20poly1305.h
new file mode 100644
index 00000000..6643b0cb
--- /dev/null
+++ b/client/3rd/ShadowSocks/ShadowSocks/libsodium/ios/include/sodium/crypto_aead_xchacha20poly1305.h
@@ -0,0 +1,100 @@
+#ifndef crypto_aead_xchacha20poly1305_H
+#define crypto_aead_xchacha20poly1305_H
+
+#include <stddef.h>
+#include "export.h"
+
+#ifdef __cplusplus
+# ifdef __GNUC__
+#  pragma GCC diagnostic ignored "-Wlong-long"
+# endif
+extern "C" {
+#endif
+
+#define crypto_aead_xchacha20poly1305_ietf_KEYBYTES 32U
+SODIUM_EXPORT
+size_t crypto_aead_xchacha20poly1305_ietf_keybytes(void);
+
+#define crypto_aead_xchacha20poly1305_ietf_NSECBYTES 0U
+SODIUM_EXPORT
+size_t crypto_aead_xchacha20poly1305_ietf_nsecbytes(void);
+
+#define crypto_aead_xchacha20poly1305_ietf_NPUBBYTES 24U
+SODIUM_EXPORT
+size_t crypto_aead_xchacha20poly1305_ietf_npubbytes(void);
+
+#define crypto_aead_xchacha20poly1305_ietf_ABYTES 16U
+SODIUM_EXPORT
+size_t crypto_aead_xchacha20poly1305_ietf_abytes(void);
+
+#define crypto_aead_xchacha20poly1305_ietf_MESSAGEBYTES_MAX \
+    (SODIUM_SIZE_MAX - crypto_aead_xchacha20poly1305_ietf_ABYTES)
+SODIUM_EXPORT
+size_t crypto_aead_xchacha20poly1305_ietf_messagebytes_max(void);
+
+SODIUM_EXPORT
+int crypto_aead_xchacha20poly1305_ietf_encrypt(unsigned char *c,
+                                               unsigned long long *clen_p,
+                                               const unsigned char *m,
+                                               unsigned long long mlen,
+                                               const unsigned char *ad,
+                                               unsigned long long adlen,
+                                               const unsigned char *nsec,
+                                               const unsigned char *npub,
+                                               const unsigned char *k)
+            __attribute__ ((nonnull(1, 8, 9)));
+
+SODIUM_EXPORT
+int crypto_aead_xchacha20poly1305_ietf_decrypt(unsigned char *m,
+                                               unsigned long long *mlen_p,
+                                               unsigned char *nsec,
+                                               const unsigned char *c,
+                                               unsigned long long clen,
+                                               const unsigned char *ad,
+                                               unsigned long long adlen,
+                                               const unsigned char *npub,
+                                               const unsigned char *k)
+            __attribute__ ((warn_unused_result)) __attribute__ ((nonnull(4, 8, 9)));
+
+SODIUM_EXPORT
+int crypto_aead_xchacha20poly1305_ietf_encrypt_detached(unsigned char *c,
+                                                        unsigned char *mac,
+                                                        unsigned long long *maclen_p,
+                                                        const unsigned char *m,
+                                                        unsigned long long mlen,
+                                                        const unsigned char *ad,
+                                                        unsigned long long adlen,
+                                                        const unsigned char *nsec,
+                                                        const unsigned char *npub,
+                                                        const unsigned char *k)
+            __attribute__ ((nonnull(1, 2, 9, 10)));
+
+SODIUM_EXPORT
+int crypto_aead_xchacha20poly1305_ietf_decrypt_detached(unsigned char *m,
+                                                        unsigned char *nsec,
+                                                        const unsigned char *c,
+                                                        unsigned long long clen,
+                                                        const unsigned char *mac,
+                                                        const unsigned char *ad,
+                                                        unsigned long long adlen,
+                                                        const unsigned char *npub,
+                                                        const unsigned char *k)
+            __attribute__ ((warn_unused_result)) __attribute__ ((nonnull(3, 5, 8, 9)));
+
+SODIUM_EXPORT
+void crypto_aead_xchacha20poly1305_ietf_keygen(unsigned char k[crypto_aead_xchacha20poly1305_ietf_KEYBYTES])
+            __attribute__ ((nonnull));
+
+/* Aliases */
+
+#define crypto_aead_xchacha20poly1305_IETF_KEYBYTES         crypto_aead_xchacha20poly1305_ietf_KEYBYTES
+#define crypto_aead_xchacha20poly1305_IETF_NSECBYTES        crypto_aead_xchacha20poly1305_ietf_NSECBYTES
+#define crypto_aead_xchacha20poly1305_IETF_NPUBBYTES        crypto_aead_xchacha20poly1305_ietf_NPUBBYTES
+#define crypto_aead_xchacha20poly1305_IETF_ABYTES           crypto_aead_xchacha20poly1305_ietf_ABYTES
+#define crypto_aead_xchacha20poly1305_IETF_MESSAGEBYTES_MAX crypto_aead_xchacha20poly1305_ietf_MESSAGEBYTES_MAX
+
+#ifdef __cplusplus
+}
+#endif
+
+#endif
diff --git a/client/3rd/ShadowSocks/ShadowSocks/libsodium/ios/include/sodium/crypto_auth.h b/client/3rd/ShadowSocks/ShadowSocks/libsodium/ios/include/sodium/crypto_auth.h
new file mode 100644
index 00000000..540aee0e
--- /dev/null
+++ b/client/3rd/ShadowSocks/ShadowSocks/libsodium/ios/include/sodium/crypto_auth.h
@@ -0,0 +1,46 @@
+#ifndef crypto_auth_H
+#define crypto_auth_H
+
+#include <stddef.h>
+
+#include "crypto_auth_hmacsha512256.h"
+#include "export.h"
+
+#ifdef __cplusplus
+# ifdef __GNUC__
+#  pragma GCC diagnostic ignored "-Wlong-long"
+# endif
+extern "C" {
+#endif
+
+#define crypto_auth_BYTES crypto_auth_hmacsha512256_BYTES
+SODIUM_EXPORT
+size_t  crypto_auth_bytes(void);
+
+#define crypto_auth_KEYBYTES crypto_auth_hmacsha512256_KEYBYTES
+SODIUM_EXPORT
+size_t  crypto_auth_keybytes(void);
+
+#define crypto_auth_PRIMITIVE "hmacsha512256"
+SODIUM_EXPORT
+const char *crypto_auth_primitive(void);
+
+SODIUM_EXPORT
+int crypto_auth(unsigned char *out, const unsigned char *in,
+                unsigned long long inlen, const unsigned char *k)
+            __attribute__ ((nonnull(1, 4)));
+
+SODIUM_EXPORT
+int crypto_auth_verify(const unsigned char *h, const unsigned char *in,
+                       unsigned long long inlen, const unsigned char *k)
+            __attribute__ ((warn_unused_result)) __attribute__ ((nonnull(1, 4)));
+
+SODIUM_EXPORT
+void crypto_auth_keygen(unsigned char k[crypto_auth_KEYBYTES])
+            __attribute__ ((nonnull));
+
+#ifdef __cplusplus
+}
+#endif
+
+#endif
diff --git a/client/3rd/ShadowSocks/ShadowSocks/libsodium/ios/include/sodium/crypto_auth_hmacsha256.h b/client/3rd/ShadowSocks/ShadowSocks/libsodium/ios/include/sodium/crypto_auth_hmacsha256.h
new file mode 100644
index 00000000..3da864c7
--- /dev/null
+++ b/client/3rd/ShadowSocks/ShadowSocks/libsodium/ios/include/sodium/crypto_auth_hmacsha256.h
@@ -0,0 +1,70 @@
+#ifndef crypto_auth_hmacsha256_H
+#define crypto_auth_hmacsha256_H
+
+#include <stddef.h>
+#include "crypto_hash_sha256.h"
+#include "export.h"
+
+#ifdef __cplusplus
+# ifdef __GNUC__
+#  pragma GCC diagnostic ignored "-Wlong-long"
+# endif
+extern "C" {
+#endif
+
+#define crypto_auth_hmacsha256_BYTES 32U
+SODIUM_EXPORT
+size_t crypto_auth_hmacsha256_bytes(void);
+
+#define crypto_auth_hmacsha256_KEYBYTES 32U
+SODIUM_EXPORT
+size_t crypto_auth_hmacsha256_keybytes(void);
+
+SODIUM_EXPORT
+int crypto_auth_hmacsha256(unsigned char *out,
+                           const unsigned char *in,
+                           unsigned long long inlen,
+                           const unsigned char *k) __attribute__ ((nonnull(1, 4)));
+
+SODIUM_EXPORT
+int crypto_auth_hmacsha256_verify(const unsigned char *h,
+                                  const unsigned char *in,
+                                  unsigned long long inlen,
+                                  const unsigned char *k)
+            __attribute__ ((warn_unused_result)) __attribute__ ((nonnull(1, 4)));
+
+/* ------------------------------------------------------------------------- */
+
+typedef struct crypto_auth_hmacsha256_state {
+    crypto_hash_sha256_state ictx;
+    crypto_hash_sha256_state octx;
+} crypto_auth_hmacsha256_state;
+
+SODIUM_EXPORT
+size_t crypto_auth_hmacsha256_statebytes(void);
+
+SODIUM_EXPORT
+int crypto_auth_hmacsha256_init(crypto_auth_hmacsha256_state *state,
+                                const unsigned char *key,
+                                size_t keylen) __attribute__ ((nonnull));
+
+SODIUM_EXPORT
+int crypto_auth_hmacsha256_update(crypto_auth_hmacsha256_state *state,
+                                  const unsigned char *in,
+                                  unsigned long long inlen)
+            __attribute__ ((nonnull(1)));
+
+SODIUM_EXPORT
+int crypto_auth_hmacsha256_final(crypto_auth_hmacsha256_state *state,
+                                 unsigned char *out) __attribute__ ((nonnull));
+
+
+SODIUM_EXPORT
+void crypto_auth_hmacsha256_keygen(unsigned char k[crypto_auth_hmacsha256_KEYBYTES])
+            __attribute__ ((nonnull));
+
+#ifdef __cplusplus
+}
+#endif
+
+#endif
diff --git a/client/3rd/ShadowSocks/ShadowSocks/libsodium/ios/include/sodium/crypto_auth_hmacsha512.h b/client/3rd/ShadowSocks/ShadowSocks/libsodium/ios/include/sodium/crypto_auth_hmacsha512.h
new file mode 100644
index 00000000..d992cb81
--- /dev/null
+++ b/client/3rd/ShadowSocks/ShadowSocks/libsodium/ios/include/sodium/crypto_auth_hmacsha512.h
@@ -0,0 +1,68 @@
+#ifndef crypto_auth_hmacsha512_H
+#define crypto_auth_hmacsha512_H
+
+#include <stddef.h>
+#include "crypto_hash_sha512.h"
+#include "export.h"
+
+#ifdef __cplusplus
+# ifdef __GNUC__
+#  pragma GCC diagnostic ignored "-Wlong-long"
+# endif
+extern "C" {
+#endif
+
+#define crypto_auth_hmacsha512_BYTES 64U
+SODIUM_EXPORT
+size_t crypto_auth_hmacsha512_bytes(void);
+
+#define crypto_auth_hmacsha512_KEYBYTES 32U
+SODIUM_EXPORT
+size_t crypto_auth_hmacsha512_keybytes(void);
+
+SODIUM_EXPORT
+int crypto_auth_hmacsha512(unsigned char *out,
+                           const unsigned char *in,
+                           unsigned long long inlen,
+                           const unsigned char *k) __attribute__ ((nonnull(1, 4)));
+
+SODIUM_EXPORT
+int crypto_auth_hmacsha512_verify(const unsigned char *h,
+                                  const unsigned char *in,
+                                  unsigned long long inlen,
+                                  const unsigned char *k)
+            __attribute__ ((warn_unused_result)) __attribute__ ((nonnull(1, 4)));
+
+/* ------------------------------------------------------------------------- */
+
+typedef struct crypto_auth_hmacsha512_state {
+    crypto_hash_sha512_state ictx;
+    crypto_hash_sha512_state octx;
+} crypto_auth_hmacsha512_state;
+
+SODIUM_EXPORT
+size_t crypto_auth_hmacsha512_statebytes(void);
+
+SODIUM_EXPORT
+int crypto_auth_hmacsha512_init(crypto_auth_hmacsha512_state *state,
+                                const unsigned char *key,
+                                size_t keylen) __attribute__ ((nonnull));
+
+SODIUM_EXPORT
+int crypto_auth_hmacsha512_update(crypto_auth_hmacsha512_state *state,
+                                  const unsigned char *in,
+                                  unsigned long long inlen) __attribute__ ((nonnull(1)));
+
+SODIUM_EXPORT
+int crypto_auth_hmacsha512_final(crypto_auth_hmacsha512_state *state,
+                                 unsigned char *out) __attribute__ ((nonnull));
+
+SODIUM_EXPORT
+void crypto_auth_hmacsha512_keygen(unsigned char k[crypto_auth_hmacsha512_KEYBYTES])
+            __attribute__ ((nonnull));
+
+#ifdef __cplusplus
+}
+#endif
+
+#endif
diff --git a/client/3rd/ShadowSocks/ShadowSocks/libsodium/ios/include/sodium/crypto_auth_hmacsha512256.h b/client/3rd/ShadowSocks/ShadowSocks/libsodium/ios/include/sodium/crypto_auth_hmacsha512256.h
new file mode 100644
index 00000000..3fb52638
--- /dev/null
+++ b/client/3rd/ShadowSocks/ShadowSocks/libsodium/ios/include/sodium/crypto_auth_hmacsha512256.h
@@ -0,0 +1,65 @@
+#ifndef crypto_auth_hmacsha512256_H
+#define crypto_auth_hmacsha512256_H
+
+#include <stddef.h>
+#include "crypto_auth_hmacsha512.h"
+#include "export.h"
+
+#ifdef __cplusplus
+# ifdef __GNUC__
+#  pragma GCC diagnostic ignored "-Wlong-long"
+# endif
+extern "C" {
+#endif
+
+#define crypto_auth_hmacsha512256_BYTES 32U
+SODIUM_EXPORT
+size_t crypto_auth_hmacsha512256_bytes(void);
+
+#define crypto_auth_hmacsha512256_KEYBYTES 32U
+SODIUM_EXPORT
+size_t crypto_auth_hmacsha512256_keybytes(void);
+
+SODIUM_EXPORT
+int crypto_auth_hmacsha512256(unsigned char *out,
+                              const unsigned char *in,
+                              unsigned long long inlen,
+                              const unsigned char *k) __attribute__ ((nonnull(1, 4)));
+
+SODIUM_EXPORT
+int crypto_auth_hmacsha512256_verify(const unsigned char *h,
+                                     const unsigned char *in,
+                                     unsigned long long inlen,
+                                     const unsigned char *k)
+            __attribute__ ((warn_unused_result)) __attribute__ ((nonnull(1, 4)));
+
+/* ------------------------------------------------------------------------- */
+
+typedef crypto_auth_hmacsha512_state crypto_auth_hmacsha512256_state;
+
+SODIUM_EXPORT
+size_t crypto_auth_hmacsha512256_statebytes(void);
+
+SODIUM_EXPORT
+int crypto_auth_hmacsha512256_init(crypto_auth_hmacsha512256_state *state,
+                                   const unsigned char *key,
+                                   size_t keylen) __attribute__ ((nonnull));
+
+SODIUM_EXPORT
+int crypto_auth_hmacsha512256_update(crypto_auth_hmacsha512256_state *state,
+                                     const unsigned char *in,
+                                     unsigned long long inlen) __attribute__ ((nonnull(1)));
+
+SODIUM_EXPORT
+int crypto_auth_hmacsha512256_final(crypto_auth_hmacsha512256_state *state,
+                                    unsigned char *out) __attribute__ ((nonnull));
+
+SODIUM_EXPORT
+void crypto_auth_hmacsha512256_keygen(unsigned char k[crypto_auth_hmacsha512256_KEYBYTES])
+            __attribute__ ((nonnull));
+
+#ifdef __cplusplus
+}
+#endif
+
+#endif
diff --git a/client/3rd/ShadowSocks/ShadowSocks/libsodium/ios/include/sodium/crypto_box.h b/client/3rd/ShadowSocks/ShadowSocks/libsodium/ios/include/sodium/crypto_box.h
new file mode 100644
index 00000000..0008e020
--- /dev/null
+++ b/client/3rd/ShadowSocks/ShadowSocks/libsodium/ios/include/sodium/crypto_box.h
@@ -0,0 +1,177 @@
+#ifndef crypto_box_H
+#define crypto_box_H
+
+/*
+ * THREAD SAFETY: crypto_box_keypair() is thread-safe,
+ * provided that sodium_init() was called before.
+ *
+ * Other functions are always thread-safe.
+ */
+
+#include <stddef.h>
+
+#include "crypto_box_curve25519xsalsa20poly1305.h"
+#include "export.h"
+
+#ifdef __cplusplus
+# ifdef __GNUC__
+#  pragma GCC diagnostic ignored "-Wlong-long"
+# endif
+extern "C" {
+#endif
+
+#define crypto_box_SEEDBYTES crypto_box_curve25519xsalsa20poly1305_SEEDBYTES
+SODIUM_EXPORT
+size_t  crypto_box_seedbytes(void);
+
+#define crypto_box_PUBLICKEYBYTES crypto_box_curve25519xsalsa20poly1305_PUBLICKEYBYTES
+SODIUM_EXPORT
+size_t  crypto_box_publickeybytes(void);
+
+#define crypto_box_SECRETKEYBYTES crypto_box_curve25519xsalsa20poly1305_SECRETKEYBYTES
+SODIUM_EXPORT
+size_t  crypto_box_secretkeybytes(void);
+
+#define crypto_box_NONCEBYTES crypto_box_curve25519xsalsa20poly1305_NONCEBYTES
+SODIUM_EXPORT
+size_t  crypto_box_noncebytes(void);
+
+#define crypto_box_MACBYTES crypto_box_curve25519xsalsa20poly1305_MACBYTES
+SODIUM_EXPORT
+size_t  crypto_box_macbytes(void);
+
+#define crypto_box_MESSAGEBYTES_MAX crypto_box_curve25519xsalsa20poly1305_MESSAGEBYTES_MAX
+SODIUM_EXPORT
+size_t  crypto_box_messagebytes_max(void);
+
+#define crypto_box_PRIMITIVE "curve25519xsalsa20poly1305"
+SODIUM_EXPORT
+const char *crypto_box_primitive(void);
+
+SODIUM_EXPORT
+int crypto_box_seed_keypair(unsigned char *pk, unsigned char *sk,
+                            const unsigned char *seed)
+            __attribute__ ((nonnull));
+
+SODIUM_EXPORT
+int crypto_box_keypair(unsigned char *pk, unsigned char *sk)
+            __attribute__ ((nonnull));
+
+SODIUM_EXPORT
+int crypto_box_easy(unsigned char *c, const unsigned char *m,
+                    unsigned long long mlen, const unsigned char *n,
+                    const unsigned char *pk, const unsigned char *sk)
+            __attribute__ ((warn_unused_result)) __attribute__ ((nonnull(1, 4, 5, 6)));
+
+SODIUM_EXPORT
+int crypto_box_open_easy(unsigned char *m, const unsigned char *c,
+                         unsigned long long clen, const unsigned char *n,
+                         const unsigned char *pk, const unsigned char *sk)
+            __attribute__ ((warn_unused_result)) __attribute__ ((nonnull(2, 4, 5, 6)));
+
+SODIUM_EXPORT
+int crypto_box_detached(unsigned char *c, unsigned char *mac,
+                        const unsigned char *m, unsigned long long mlen,
+                        const unsigned char *n, const unsigned char *pk,
+                        const unsigned char *sk)
+            __attribute__ ((warn_unused_result)) __attribute__ ((nonnull(1, 2, 5, 6, 7)));
+
+SODIUM_EXPORT
+int crypto_box_open_detached(unsigned char *m, const unsigned char *c,
+                             const unsigned char *mac,
+                             unsigned long long clen,
+                             const unsigned char *n,
+                             const unsigned char *pk,
+                             const unsigned char *sk)
+            __attribute__ ((warn_unused_result)) __attribute__ ((nonnull(2, 3, 5, 6, 7)));
+
+/* -- Precomputation interface -- */
+
+#define crypto_box_BEFORENMBYTES crypto_box_curve25519xsalsa20poly1305_BEFORENMBYTES
+SODIUM_EXPORT
+size_t  crypto_box_beforenmbytes(void);
+
+SODIUM_EXPORT
+int crypto_box_beforenm(unsigned char *k, const unsigned char *pk,
+                        const unsigned char *sk)
+            __attribute__ ((warn_unused_result)) __attribute__ ((nonnull));
+
+SODIUM_EXPORT
+int crypto_box_easy_afternm(unsigned char *c, const unsigned char *m,
+                            unsigned long long mlen, const unsigned char *n,
+                            const unsigned char *k) __attribute__ ((nonnull(1, 4, 5)));
+
+SODIUM_EXPORT
+int crypto_box_open_easy_afternm(unsigned char *m, const unsigned char *c,
+                                 unsigned long long clen, const unsigned char *n,
+                                 const unsigned char *k)
+            __attribute__ ((warn_unused_result)) __attribute__ ((nonnull(2, 4, 5)));
+
+SODIUM_EXPORT
+int crypto_box_detached_afternm(unsigned char *c, unsigned char *mac,
+                                const unsigned char *m, unsigned long long mlen,
+                                const unsigned char *n, const unsigned char *k)
+            __attribute__ ((nonnull(1, 2, 5, 6)));
+
+SODIUM_EXPORT
+int crypto_box_open_detached_afternm(unsigned char *m, const unsigned char *c,
+                                     const unsigned char *mac,
+                                     unsigned long long clen, const unsigned char *n,
+                                     const unsigned char *k)
+            __attribute__ ((warn_unused_result)) __attribute__ ((nonnull(2, 3, 5, 6)));
+
+/* -- Ephemeral SK interface -- */
+
+#define crypto_box_SEALBYTES (crypto_box_PUBLICKEYBYTES + crypto_box_MACBYTES)
+SODIUM_EXPORT
+size_t crypto_box_sealbytes(void);
+
+SODIUM_EXPORT
+int crypto_box_seal(unsigned char *c, const unsigned char *m,
+                    unsigned long long mlen, const unsigned char *pk)
+            __attribute__ ((nonnull(1, 4)));
+
+SODIUM_EXPORT
+int crypto_box_seal_open(unsigned char *m, const unsigned char *c,
+                         unsigned long long clen,
+                         const unsigned char *pk, const unsigned char *sk)
+            __attribute__ ((warn_unused_result)) __attribute__ ((nonnull(2, 4, 5)));
+
+/* -- NaCl compatibility interface ; Requires padding -- */
+
+#define crypto_box_ZEROBYTES crypto_box_curve25519xsalsa20poly1305_ZEROBYTES
+SODIUM_EXPORT
+size_t  crypto_box_zerobytes(void) __attribute__ ((deprecated));
+
+#define crypto_box_BOXZEROBYTES crypto_box_curve25519xsalsa20poly1305_BOXZEROBYTES
+SODIUM_EXPORT
+size_t  crypto_box_boxzerobytes(void) __attribute__ ((deprecated));
+
+SODIUM_EXPORT
+int crypto_box(unsigned char *c, const unsigned char *m,
+               unsigned long long mlen, const unsigned char *n,
+               const unsigned char *pk, const unsigned char *sk)
+            __attribute__ ((deprecated)) __attribute__ ((warn_unused_result)) __attribute__ ((nonnull(1, 4, 5, 6)));
+
+SODIUM_EXPORT
+int crypto_box_open(unsigned char *m, const unsigned char *c,
+                    unsigned long long clen, const unsigned char *n,
+                    const unsigned char *pk, const unsigned char *sk)
+            __attribute__ ((deprecated)) __attribute__ ((warn_unused_result)) __attribute__ ((nonnull(2, 4, 5, 6)));
+
+SODIUM_EXPORT
+int crypto_box_afternm(unsigned char *c, const unsigned char *m,
+                       unsigned long long mlen, const unsigned char *n,
+                       const unsigned char *k) __attribute__ ((deprecated)) __attribute__ ((nonnull(1, 4, 5)));
+
+SODIUM_EXPORT
+int crypto_box_open_afternm(unsigned char *m, const unsigned char *c,
+                            unsigned long long clen, const unsigned char *n,
+                            const unsigned char *k)
+            __attribute__ ((warn_unused_result)) __attribute__ ((deprecated)) __attribute__ ((nonnull(2, 4, 5)));
+
+#ifdef __cplusplus
+}
+#endif
+
+#endif
diff --git a/client/3rd/ShadowSocks/ShadowSocks/libsodium/ios/include/sodium/crypto_box_curve25519xchacha20poly1305.h b/client/3rd/ShadowSocks/ShadowSocks/libsodium/ios/include/sodium/crypto_box_curve25519xchacha20poly1305.h
new file mode 100644
index 00000000..26a3d31e
--- /dev/null
+++ b/client/3rd/ShadowSocks/ShadowSocks/libsodium/ios/include/sodium/crypto_box_curve25519xchacha20poly1305.h
@@ -0,0 +1,164 @@
+
+#ifndef crypto_box_curve25519xchacha20poly1305_H
+#define crypto_box_curve25519xchacha20poly1305_H
+
+#include <stddef.h>
+#include "crypto_stream_xchacha20.h"
+#include "export.h"
+
+#ifdef __cplusplus
+# ifdef __GNUC__
+#  pragma GCC diagnostic ignored "-Wlong-long"
+# endif
+extern "C" {
+#endif
+
+#define crypto_box_curve25519xchacha20poly1305_SEEDBYTES 32U
+SODIUM_EXPORT
+size_t crypto_box_curve25519xchacha20poly1305_seedbytes(void);
+
+#define crypto_box_curve25519xchacha20poly1305_PUBLICKEYBYTES 32U
+SODIUM_EXPORT
+size_t crypto_box_curve25519xchacha20poly1305_publickeybytes(void);
+
+#define crypto_box_curve25519xchacha20poly1305_SECRETKEYBYTES 32U
+SODIUM_EXPORT
+size_t crypto_box_curve25519xchacha20poly1305_secretkeybytes(void);
+
+#define crypto_box_curve25519xchacha20poly1305_BEFORENMBYTES 32U
+SODIUM_EXPORT
+size_t crypto_box_curve25519xchacha20poly1305_beforenmbytes(void);
+
+#define crypto_box_curve25519xchacha20poly1305_NONCEBYTES 24U
+SODIUM_EXPORT
+size_t crypto_box_curve25519xchacha20poly1305_noncebytes(void);
+
+#define crypto_box_curve25519xchacha20poly1305_MACBYTES 16U
+SODIUM_EXPORT
+size_t crypto_box_curve25519xchacha20poly1305_macbytes(void);
+
+#define crypto_box_curve25519xchacha20poly1305_MESSAGEBYTES_MAX \
+    (crypto_stream_xchacha20_MESSAGEBYTES_MAX - crypto_box_curve25519xchacha20poly1305_MACBYTES)
+SODIUM_EXPORT
+size_t crypto_box_curve25519xchacha20poly1305_messagebytes_max(void);
+
+SODIUM_EXPORT
+int crypto_box_curve25519xchacha20poly1305_seed_keypair(unsigned char *pk,
+                                                        unsigned char *sk,
+                                                        const unsigned char *seed)
+            __attribute__ ((nonnull));
+
+SODIUM_EXPORT
+int crypto_box_curve25519xchacha20poly1305_keypair(unsigned char *pk,
+                                                   unsigned char *sk)
+            __attribute__ ((nonnull));
+
+SODIUM_EXPORT
+int crypto_box_curve25519xchacha20poly1305_easy(unsigned char *c,
+                                                const unsigned char *m,
+                                                unsigned long long mlen,
+                                                const unsigned char *n,
+                                                const unsigned char *pk,
+                                                const unsigned char *sk)
+            __attribute__ ((warn_unused_result)) __attribute__ ((nonnull(1, 4, 5, 6)));
+
+SODIUM_EXPORT
+int crypto_box_curve25519xchacha20poly1305_open_easy(unsigned char *m,
+                                                     const unsigned char *c,
+                                                     unsigned long long clen,
+                                                     const unsigned char *n,
+                                                     const unsigned char *pk,
+                                                     const unsigned char *sk)
+            __attribute__ ((warn_unused_result)) __attribute__ ((nonnull(2, 4, 5, 6)));
+
+SODIUM_EXPORT
+int crypto_box_curve25519xchacha20poly1305_detached(unsigned char *c,
+                                                    unsigned char *mac,
+                                                    const unsigned char *m,
+                                                    unsigned long long mlen,
+                                                    const unsigned char *n,
+                                                    const unsigned char *pk,
+                                                    const unsigned char *sk)
+            __attribute__ ((warn_unused_result)) __attribute__ ((nonnull(1, 2, 5, 6, 7)));
+
+SODIUM_EXPORT
+int crypto_box_curve25519xchacha20poly1305_open_detached(unsigned char *m,
+                                                         const unsigned char *c,
+                                                         const unsigned char *mac,
+                                                         unsigned long long clen,
+                                                         const unsigned char *n,
+                                                         const unsigned char *pk,
+                                                         const unsigned char *sk)
+            __attribute__ ((warn_unused_result)) __attribute__ ((nonnull(2, 3, 5, 6, 7)));
+
+/* -- Precomputation interface -- */
+
+SODIUM_EXPORT
+int crypto_box_curve25519xchacha20poly1305_beforenm(unsigned char *k,
+                                                    const unsigned char *pk,
+                                                    const unsigned char *sk)
+            __attribute__ ((warn_unused_result)) __attribute__ ((nonnull));
+
+SODIUM_EXPORT
+int crypto_box_curve25519xchacha20poly1305_easy_afternm(unsigned char *c,
+                                                        const unsigned char *m,
+                                                        unsigned long long mlen,
+                                                        const unsigned char *n,
+                                                        const unsigned char *k)
+            __attribute__ ((nonnull(1, 4, 5)));
+
+SODIUM_EXPORT
+int crypto_box_curve25519xchacha20poly1305_open_easy_afternm(unsigned char *m,
+                                                             const unsigned char *c,
+                                                             unsigned long long clen,
+                                                             const unsigned char *n,
+                                                             const unsigned char *k)
+            __attribute__ ((warn_unused_result)) __attribute__ ((nonnull(2, 4, 5)));
+
+SODIUM_EXPORT
+int crypto_box_curve25519xchacha20poly1305_detached_afternm(unsigned char *c,
+                                                            unsigned char *mac,
+                                                            const unsigned char *m,
+                                                            unsigned long long mlen,
+                                                            const unsigned char *n,
+                                                            const unsigned char *k)
+            __attribute__ ((nonnull(1, 2, 5, 6)));
+
+SODIUM_EXPORT
+int crypto_box_curve25519xchacha20poly1305_open_detached_afternm(unsigned char *m,
+                                                                 const unsigned char *c,
+                                                                 const unsigned char *mac,
+                                                                 unsigned long long clen,
+                                                                 const unsigned char *n,
+                                                                 const unsigned char *k)
+            __attribute__ ((warn_unused_result)) __attribute__ ((nonnull(2, 3, 5, 6)));
+
+/* -- Ephemeral SK interface -- */
+
+#define crypto_box_curve25519xchacha20poly1305_SEALBYTES \
+    (crypto_box_curve25519xchacha20poly1305_PUBLICKEYBYTES + \
+     crypto_box_curve25519xchacha20poly1305_MACBYTES)
+
+SODIUM_EXPORT
+size_t crypto_box_curve25519xchacha20poly1305_sealbytes(void);
+
+SODIUM_EXPORT
+int crypto_box_curve25519xchacha20poly1305_seal(unsigned char *c,
+                                                const unsigned char *m,
+                                                unsigned long long mlen,
+                                                const unsigned char *pk)
+            __attribute__ ((nonnull(1, 4)));
+
+SODIUM_EXPORT
+int crypto_box_curve25519xchacha20poly1305_seal_open(unsigned char *m,
+                                                     const unsigned char *c,
+                                                     unsigned long long clen,
+                                                     const unsigned char *pk,
+                                                     const unsigned char *sk)
+            __attribute__ ((warn_unused_result)) __attribute__ ((nonnull(2, 4, 5)));
+
+#ifdef __cplusplus
+}
+#endif
+
+#endif
diff --git a/client/3rd/ShadowSocks/ShadowSocks/libsodium/ios/include/sodium/crypto_box_curve25519xsalsa20poly1305.h b/client/3rd/ShadowSocks/ShadowSocks/libsodium/ios/include/sodium/crypto_box_curve25519xsalsa20poly1305.h
new file mode 100644
index 00000000..2c9b5d6e
--- /dev/null
+++ b/client/3rd/ShadowSocks/ShadowSocks/libsodium/ios/include/sodium/crypto_box_curve25519xsalsa20poly1305.h
@@ -0,0 +1,113 @@
+#ifndef crypto_box_curve25519xsalsa20poly1305_H
+#define crypto_box_curve25519xsalsa20poly1305_H
+
+#include <stddef.h>
+#include "crypto_stream_xsalsa20.h"
+#include "export.h"
+
+#ifdef __cplusplus
+# ifdef __GNUC__
+#  pragma GCC diagnostic ignored "-Wlong-long"
+# endif
+extern "C" {
+#endif
+
+#define crypto_box_curve25519xsalsa20poly1305_SEEDBYTES 32U
+SODIUM_EXPORT
+size_t crypto_box_curve25519xsalsa20poly1305_seedbytes(void);
+
+#define crypto_box_curve25519xsalsa20poly1305_PUBLICKEYBYTES 32U
+SODIUM_EXPORT
+size_t crypto_box_curve25519xsalsa20poly1305_publickeybytes(void);
+
+#define crypto_box_curve25519xsalsa20poly1305_SECRETKEYBYTES 32U
+SODIUM_EXPORT
+size_t crypto_box_curve25519xsalsa20poly1305_secretkeybytes(void);
+
+#define crypto_box_curve25519xsalsa20poly1305_BEFORENMBYTES 32U
+SODIUM_EXPORT
+size_t crypto_box_curve25519xsalsa20poly1305_beforenmbytes(void);
+
+#define crypto_box_curve25519xsalsa20poly1305_NONCEBYTES 24U
+SODIUM_EXPORT
+size_t crypto_box_curve25519xsalsa20poly1305_noncebytes(void);
+
+#define crypto_box_curve25519xsalsa20poly1305_MACBYTES 16U
+SODIUM_EXPORT
+size_t crypto_box_curve25519xsalsa20poly1305_macbytes(void);
+
+/* Only for the libsodium API - The NaCl compatibility API would require BOXZEROBYTES extra bytes */
+#define crypto_box_curve25519xsalsa20poly1305_MESSAGEBYTES_MAX \
+    (crypto_stream_xsalsa20_MESSAGEBYTES_MAX - crypto_box_curve25519xsalsa20poly1305_MACBYTES)
+SODIUM_EXPORT
+size_t crypto_box_curve25519xsalsa20poly1305_messagebytes_max(void);
+
+SODIUM_EXPORT
+int crypto_box_curve25519xsalsa20poly1305_seed_keypair(unsigned char *pk,
+                                                       unsigned char *sk,
+                                                       const unsigned char *seed)
+            __attribute__ ((nonnull));
+
+SODIUM_EXPORT
+int crypto_box_curve25519xsalsa20poly1305_keypair(unsigned char *pk,
+                                                  unsigned char *sk)
+            __attribute__ ((nonnull));
+
+SODIUM_EXPORT
+int crypto_box_curve25519xsalsa20poly1305_beforenm(unsigned char *k,
+                                                   const unsigned char *pk,
+                                                   const unsigned char *sk)
+            __attribute__ ((warn_unused_result)) __attribute__ ((nonnull));
+
+/* -- NaCl compatibility interface ; Requires padding -- */
+
+#define crypto_box_curve25519xsalsa20poly1305_BOXZEROBYTES 16U
+SODIUM_EXPORT
+size_t crypto_box_curve25519xsalsa20poly1305_boxzerobytes(void);
+
+#define crypto_box_curve25519xsalsa20poly1305_ZEROBYTES \
+    (crypto_box_curve25519xsalsa20poly1305_BOXZEROBYTES + \
+     crypto_box_curve25519xsalsa20poly1305_MACBYTES)
+SODIUM_EXPORT
+size_t crypto_box_curve25519xsalsa20poly1305_zerobytes(void)
+            __attribute__ ((deprecated));
+
+SODIUM_EXPORT
+int crypto_box_curve25519xsalsa20poly1305(unsigned char *c,
+                                          const unsigned char *m,
+                                          unsigned long long mlen,
+                                          const unsigned char *n,
+                                          const unsigned char *pk,
+                                          const unsigned char *sk)
+            __attribute__ ((deprecated)) __attribute__ ((warn_unused_result)) __attribute__ ((nonnull(1, 4, 5, 6)));
+
+SODIUM_EXPORT
+int crypto_box_curve25519xsalsa20poly1305_open(unsigned char *m,
+                                               const unsigned char *c,
+                                               unsigned long long clen,
+                                               const unsigned char *n,
+                                               const unsigned char *pk,
+                                               const unsigned char *sk)
+            __attribute__ ((deprecated)) __attribute__ ((warn_unused_result)) __attribute__ ((nonnull(2, 4, 5, 6)));
+
+SODIUM_EXPORT
+int crypto_box_curve25519xsalsa20poly1305_afternm(unsigned char *c,
+                                                  const unsigned char *m,
+                                                  unsigned long long mlen,
+                                                  const unsigned char *n,
+                                                  const unsigned char *k)
+            __attribute__ ((deprecated)) __attribute__ ((nonnull(1, 4, 5)));
+
+SODIUM_EXPORT
+int crypto_box_curve25519xsalsa20poly1305_open_afternm(unsigned char *m,
+                                                       const unsigned char *c,
+                                                       unsigned long long clen,
+                                                       const unsigned char *n,
+                                                       const unsigned char *k)
+            __attribute__ ((deprecated)) __attribute__ ((warn_unused_result)) __attribute__ ((nonnull(2, 4, 5)));
+
+#ifdef __cplusplus
+}
+#endif
+
+#endif
diff --git a/client/3rd/ShadowSocks/ShadowSocks/libsodium/ios/include/sodium/crypto_core_ed25519.h b/client/3rd/ShadowSocks/ShadowSocks/libsodium/ios/include/sodium/crypto_core_ed25519.h
new file mode 100644
index 00000000..618a44f9
--- /dev/null
+++ b/client/3rd/ShadowSocks/ShadowSocks/libsodium/ios/include/sodium/crypto_core_ed25519.h
@@ -0,0 +1,115 @@
+#ifndef crypto_core_ed25519_H
+#define crypto_core_ed25519_H
+
+#include <stddef.h>
+#include "export.h"
+
+#ifdef __cplusplus
+extern "C" {
+#endif
+
+#define crypto_core_ed25519_BYTES 32
+SODIUM_EXPORT
+size_t crypto_core_ed25519_bytes(void);
+
+#define crypto_core_ed25519_UNIFORMBYTES 32
+SODIUM_EXPORT
+size_t crypto_core_ed25519_uniformbytes(void);
+
+#define crypto_core_ed25519_HASHBYTES 64
+SODIUM_EXPORT
+size_t crypto_core_ed25519_hashbytes(void);
+
+#define crypto_core_ed25519_SCALARBYTES 32
+SODIUM_EXPORT
+size_t crypto_core_ed25519_scalarbytes(void);
+
+#define crypto_core_ed25519_NONREDUCEDSCALARBYTES 64
+SODIUM_EXPORT
+size_t crypto_core_ed25519_nonreducedscalarbytes(void);
+
+#define crypto_core_ed25519_H2CSHA256 1
+#define crypto_core_ed25519_H2CSHA512 2
+
+SODIUM_EXPORT
+int crypto_core_ed25519_is_valid_point(const unsigned char *p)
+            __attribute__ ((nonnull));
+
+SODIUM_EXPORT
+int crypto_core_ed25519_add(unsigned char *r,
+                            const unsigned char *p, const unsigned char *q)
+            __attribute__ ((nonnull));
+
+SODIUM_EXPORT
+int crypto_core_ed25519_sub(unsigned char *r,
+                            const unsigned char *p, const unsigned char *q)
+            __attribute__ ((nonnull));
+
+SODIUM_EXPORT
+int crypto_core_ed25519_from_uniform(unsigned char *p, const unsigned char *r)
+            __attribute__ ((nonnull));
+
+SODIUM_EXPORT
+int crypto_core_ed25519_from_string(unsigned char p[crypto_core_ed25519_BYTES],
+                                    const char *ctx, const unsigned char *msg,
+                                    size_t msg_len, int hash_alg)
+            __attribute__ ((nonnull(1)));
+
+SODIUM_EXPORT
+int crypto_core_ed25519_from_string_ro(unsigned char p[crypto_core_ed25519_BYTES],
+                                       const char *ctx, const unsigned char *msg,
+                                       size_t msg_len, int hash_alg)
+            __attribute__ ((nonnull(1)));
+
+SODIUM_EXPORT
+void crypto_core_ed25519_random(unsigned char *p)
+            __attribute__ ((nonnull));
+
+SODIUM_EXPORT
+void crypto_core_ed25519_scalar_random(unsigned char *r)
+            __attribute__ ((nonnull));
+
+SODIUM_EXPORT
+int crypto_core_ed25519_scalar_invert(unsigned char *recip, const unsigned char *s)
+            __attribute__ ((nonnull));
+
+SODIUM_EXPORT
+void crypto_core_ed25519_scalar_negate(unsigned char *neg, const unsigned char *s)
+            __attribute__ ((nonnull));
+
+SODIUM_EXPORT
+void crypto_core_ed25519_scalar_complement(unsigned char *comp, const unsigned char *s)
+            __attribute__ ((nonnull));
+
+SODIUM_EXPORT
+void crypto_core_ed25519_scalar_add(unsigned char *z, const unsigned char *x,
+                                    const unsigned char *y)
+            __attribute__ ((nonnull));
+
+SODIUM_EXPORT
+void crypto_core_ed25519_scalar_sub(unsigned char *z, const unsigned char *x,
+                                    const unsigned char *y)
+            __attribute__ ((nonnull));
+
+SODIUM_EXPORT
+void crypto_core_ed25519_scalar_mul(unsigned char *z, const unsigned char *x,
+                                    const unsigned char *y)
+            __attribute__ ((nonnull));
+
+/*
+ * The interval `s` is sampled from should be at least 317 bits to ensure almost
+ * uniformity of `r` over `L`.
+ */
+SODIUM_EXPORT
+void crypto_core_ed25519_scalar_reduce(unsigned char *r, const unsigned char *s)
+            __attribute__ ((nonnull));
+
+SODIUM_EXPORT
+int crypto_core_ed25519_scalar_is_canonical(const unsigned char *s)
+            __attribute__ ((nonnull));
+
+#ifdef __cplusplus
+}
+#endif
+
+#endif
diff --git a/client/3rd/ShadowSocks/ShadowSocks/libsodium/ios/include/sodium/crypto_core_hchacha20.h b/client/3rd/ShadowSocks/ShadowSocks/libsodium/ios/include/sodium/crypto_core_hchacha20.h
new file mode 100644
index 00000000..ece141b0
--- /dev/null
+++ b/client/3rd/ShadowSocks/ShadowSocks/libsodium/ios/include/sodium/crypto_core_hchacha20.h
@@ -0,0 +1,36 @@
+#ifndef crypto_core_hchacha20_H
+#define crypto_core_hchacha20_H
+
+#include <stddef.h>
+#include "export.h"
+
+#ifdef __cplusplus
+extern "C" {
+#endif
+
+#define crypto_core_hchacha20_OUTPUTBYTES 32U
+SODIUM_EXPORT
+size_t crypto_core_hchacha20_outputbytes(void);
+
+#define crypto_core_hchacha20_INPUTBYTES 16U
+SODIUM_EXPORT
+size_t crypto_core_hchacha20_inputbytes(void);
+
+#define crypto_core_hchacha20_KEYBYTES 32U
+SODIUM_EXPORT
+size_t crypto_core_hchacha20_keybytes(void);
+
+#define crypto_core_hchacha20_CONSTBYTES 16U
+SODIUM_EXPORT
+size_t crypto_core_hchacha20_constbytes(void);
+
+SODIUM_EXPORT
+int crypto_core_hchacha20(unsigned char *out, const unsigned char *in,
+                          const unsigned char *k, const unsigned char *c)
+            __attribute__ ((nonnull(1, 2, 3)));
+
+#ifdef __cplusplus
+}
+#endif
+
+#endif
diff --git a/client/3rd/ShadowSocks/ShadowSocks/libsodium/ios/include/sodium/crypto_core_hsalsa20.h b/client/3rd/ShadowSocks/ShadowSocks/libsodium/ios/include/sodium/crypto_core_hsalsa20.h
new file mode 100644
index 00000000..4bf7a487
--- /dev/null
+++ b/client/3rd/ShadowSocks/ShadowSocks/libsodium/ios/include/sodium/crypto_core_hsalsa20.h
@@ -0,0 +1,36 @@
+#ifndef crypto_core_hsalsa20_H
+#define crypto_core_hsalsa20_H
+
+#include <stddef.h>
+#include "export.h"
+
+#ifdef __cplusplus
+extern "C" {
+#endif
+
+#define crypto_core_hsalsa20_OUTPUTBYTES 32U
+SODIUM_EXPORT
+size_t crypto_core_hsalsa20_outputbytes(void);
+
+#define crypto_core_hsalsa20_INPUTBYTES 16U
+SODIUM_EXPORT
+size_t crypto_core_hsalsa20_inputbytes(void);
+
+#define crypto_core_hsalsa20_KEYBYTES 32U
+SODIUM_EXPORT
+size_t crypto_core_hsalsa20_keybytes(void);
+
+#define crypto_core_hsalsa20_CONSTBYTES 16U
+SODIUM_EXPORT
+size_t crypto_core_hsalsa20_constbytes(void);
+
+SODIUM_EXPORT
+int crypto_core_hsalsa20(unsigned char *out, const unsigned char *in,
+                         const unsigned char *k, const unsigned char *c)
+            __attribute__ ((nonnull(1, 2, 3)));
+
+#ifdef __cplusplus
+}
+#endif
+
+#endif
diff --git a/client/3rd/ShadowSocks/ShadowSocks/libsodium/ios/include/sodium/crypto_core_ristretto255.h b/client/3rd/ShadowSocks/ShadowSocks/libsodium/ios/include/sodium/crypto_core_ristretto255.h
new file mode 100644
index 00000000..5fc3a1be
--- /dev/null
+++ b/client/3rd/ShadowSocks/ShadowSocks/libsodium/ios/include/sodium/crypto_core_ristretto255.h
@@ -0,0 +1,121 @@
+#ifndef crypto_core_ristretto255_H
+#define crypto_core_ristretto255_H
+
+#include <stddef.h>
+#include "export.h"
+
+#ifdef __cplusplus
+extern "C" {
+#endif
+
+#define crypto_core_ristretto255_BYTES 32
+SODIUM_EXPORT
+size_t crypto_core_ristretto255_bytes(void);
+
+#define crypto_core_ristretto255_HASHBYTES 64
+SODIUM_EXPORT
+size_t crypto_core_ristretto255_hashbytes(void);
+
+#define crypto_core_ristretto255_SCALARBYTES 32
+SODIUM_EXPORT
+size_t crypto_core_ristretto255_scalarbytes(void);
+
+#define crypto_core_ristretto255_NONREDUCEDSCALARBYTES 64
+SODIUM_EXPORT
+size_t crypto_core_ristretto255_nonreducedscalarbytes(void);
+
+#define crypto_core_ristretto255_H2CSHA256 1
+#define crypto_core_ristretto255_H2CSHA512 2
+
+SODIUM_EXPORT
+int crypto_core_ristretto255_is_valid_point(const unsigned char *p)
+            __attribute__ ((nonnull));
+
+SODIUM_EXPORT
+int crypto_core_ristretto255_add(unsigned char *r,
+                                 const unsigned char *p, const unsigned char *q)
+            __attribute__ ((nonnull));
+
+SODIUM_EXPORT
+int crypto_core_ristretto255_sub(unsigned char *r,
+                                 const unsigned char *p, const unsigned char *q)
+            __attribute__ ((nonnull));
+
+SODIUM_EXPORT
+int crypto_core_ristretto255_from_hash(unsigned char *p,
+                                       const unsigned char *r)
+            __attribute__ ((nonnull));
+
+SODIUM_EXPORT
+int crypto_core_ristretto255_from_string(unsigned char p[crypto_core_ristretto255_BYTES],
+                                         const char *ctx,
+                                         const unsigned char *msg,
+                                         size_t msg_len, int hash_alg)
+            __attribute__ ((nonnull(1)));
+
+SODIUM_EXPORT
+int crypto_core_ristretto255_from_string_ro(unsigned char p[crypto_core_ristretto255_BYTES],
+                                            const char *ctx,
+                                            const unsigned char *msg,
+                                            size_t msg_len, int hash_alg)
+            __attribute__ ((nonnull(1)));
+
+SODIUM_EXPORT
+void crypto_core_ristretto255_random(unsigned char *p)
+            __attribute__ ((nonnull));
+
+SODIUM_EXPORT
+void crypto_core_ristretto255_scalar_random(unsigned char *r)
+            __attribute__ ((nonnull));
+
+SODIUM_EXPORT
+int crypto_core_ristretto255_scalar_invert(unsigned char *recip,
+                                           const unsigned char *s)
+            __attribute__ ((nonnull));
+
+SODIUM_EXPORT
+void crypto_core_ristretto255_scalar_negate(unsigned char *neg,
+                                            const unsigned char *s)
+            __attribute__ ((nonnull));
+
+SODIUM_EXPORT
+void crypto_core_ristretto255_scalar_complement(unsigned char *comp,
+                                                const unsigned char *s)
+            __attribute__ ((nonnull));
+
+SODIUM_EXPORT
+void crypto_core_ristretto255_scalar_add(unsigned char *z,
+                                         const unsigned char *x,
+                                         const unsigned char *y)
+            __attribute__ ((nonnull));
+
+SODIUM_EXPORT
+void crypto_core_ristretto255_scalar_sub(unsigned char *z,
+                                         const unsigned char *x,
+                                         const unsigned char *y)
+            __attribute__ ((nonnull));
+
+SODIUM_EXPORT
+void crypto_core_ristretto255_scalar_mul(unsigned char *z,
+                                         const unsigned char *x,
+                                         const unsigned char *y)
+            __attribute__ ((nonnull));
+
+/*
+ * The interval `s` is sampled from should be at least 317 bits to ensure almost
+ * uniformity of `r` over `L`.
+ */
+SODIUM_EXPORT
+void crypto_core_ristretto255_scalar_reduce(unsigned char *r,
+                                            const unsigned char *s)
+            __attribute__ ((nonnull));
+
+SODIUM_EXPORT
+int crypto_core_ristretto255_scalar_is_canonical(const unsigned char *s)
+            __attribute__ ((nonnull));
+
+#ifdef __cplusplus
+}
+#endif
+
+#endif
diff --git a/client/3rd/ShadowSocks/ShadowSocks/libsodium/ios/include/sodium/crypto_core_salsa20.h b/client/3rd/ShadowSocks/ShadowSocks/libsodium/ios/include/sodium/crypto_core_salsa20.h
new file mode 100644
index 00000000..bd79fd9f
--- /dev/null
+++ b/client/3rd/ShadowSocks/ShadowSocks/libsodium/ios/include/sodium/crypto_core_salsa20.h
@@ -0,0 +1,36 @@
+#ifndef crypto_core_salsa20_H
+#define crypto_core_salsa20_H
+
+#include <stddef.h>
+#include "export.h"
+
+#ifdef __cplusplus
+extern "C" {
+#endif
+
+#define crypto_core_salsa20_OUTPUTBYTES 64U
+SODIUM_EXPORT
+size_t crypto_core_salsa20_outputbytes(void);
+
+#define crypto_core_salsa20_INPUTBYTES 16U
+SODIUM_EXPORT
+size_t crypto_core_salsa20_inputbytes(void);
+
+#define crypto_core_salsa20_KEYBYTES 32U
+SODIUM_EXPORT
+size_t crypto_core_salsa20_keybytes(void);
+
+#define crypto_core_salsa20_CONSTBYTES 16U
+SODIUM_EXPORT
+size_t crypto_core_salsa20_constbytes(void);
+
+SODIUM_EXPORT
+int crypto_core_salsa20(unsigned char *out, const unsigned char *in,
+                        const unsigned char *k, const unsigned char *c)
+            __attribute__ ((nonnull(1, 2, 3)));
+
+#ifdef __cplusplus
+}
+#endif
+
+#endif
diff --git a/client/3rd/ShadowSocks/ShadowSocks/libsodium/ios/include/sodium/crypto_core_salsa2012.h b/client/3rd/ShadowSocks/ShadowSocks/libsodium/ios/include/sodium/crypto_core_salsa2012.h
new file mode 100644
index 00000000..05957591
--- /dev/null
+++ b/client/3rd/ShadowSocks/ShadowSocks/libsodium/ios/include/sodium/crypto_core_salsa2012.h
@@ -0,0 +1,36 @@
+#ifndef crypto_core_salsa2012_H
+#define crypto_core_salsa2012_H
+
+#include <stddef.h>
+#include "export.h"
+
+#ifdef __cplusplus
+extern "C" {
+#endif
+
+#define crypto_core_salsa2012_OUTPUTBYTES 64U
+SODIUM_EXPORT
+size_t crypto_core_salsa2012_outputbytes(void);
+
+#define crypto_core_salsa2012_INPUTBYTES 16U
+SODIUM_EXPORT
+size_t crypto_core_salsa2012_inputbytes(void);
+
+#define crypto_core_salsa2012_KEYBYTES 32U
+SODIUM_EXPORT
+size_t crypto_core_salsa2012_keybytes(void);
+
+#define crypto_core_salsa2012_CONSTBYTES 16U
+SODIUM_EXPORT
+size_t crypto_core_salsa2012_constbytes(void);
+
+SODIUM_EXPORT
+int crypto_core_salsa2012(unsigned char *out, const unsigned char *in,
+                          const unsigned char *k, const unsigned char *c)
+            __attribute__ ((nonnull(1, 2, 3)));
+
+#ifdef __cplusplus
+}
+#endif
+
+#endif
diff --git a/client/3rd/ShadowSocks/ShadowSocks/libsodium/ios/include/sodium/crypto_core_salsa208.h b/client/3rd/ShadowSocks/ShadowSocks/libsodium/ios/include/sodium/crypto_core_salsa208.h
new file mode 100644
index 00000000..d2f216af
--- /dev/null
+++ b/client/3rd/ShadowSocks/ShadowSocks/libsodium/ios/include/sodium/crypto_core_salsa208.h
@@ -0,0 +1,40 @@
+#ifndef crypto_core_salsa208_H
+#define crypto_core_salsa208_H
+
+#include <stddef.h>
+#include "export.h"
+
+#ifdef __cplusplus
+extern "C" {
+#endif
+
+#define crypto_core_salsa208_OUTPUTBYTES 64U
+SODIUM_EXPORT
+size_t crypto_core_salsa208_outputbytes(void)
+            __attribute__ ((deprecated));
+
+#define crypto_core_salsa208_INPUTBYTES 16U
+SODIUM_EXPORT
+size_t crypto_core_salsa208_inputbytes(void)
+            __attribute__ ((deprecated));
+
+#define crypto_core_salsa208_KEYBYTES 32U
+SODIUM_EXPORT
+size_t crypto_core_salsa208_keybytes(void)
+            __attribute__ ((deprecated));
+
+#define crypto_core_salsa208_CONSTBYTES 16U
+SODIUM_EXPORT
+size_t crypto_core_salsa208_constbytes(void)
+            __attribute__ ((deprecated));
+
+SODIUM_EXPORT
+int crypto_core_salsa208(unsigned char *out, const unsigned char *in,
+                         const unsigned char *k, const unsigned char *c)
+            __attribute__ ((nonnull(1, 2, 3)));
+
+#ifdef __cplusplus
+}
+#endif
+
+#endif
diff --git a/client/3rd/ShadowSocks/ShadowSocks/libsodium/ios/include/sodium/crypto_generichash.h b/client/3rd/ShadowSocks/ShadowSocks/libsodium/ios/include/sodium/crypto_generichash.h
new file mode 100644
index 00000000..d897e5d2
--- /dev/null
+++ b/client/3rd/ShadowSocks/ShadowSocks/libsodium/ios/include/sodium/crypto_generichash.h
@@ -0,0 +1,84 @@
+#ifndef crypto_generichash_H
+#define crypto_generichash_H
+
+#include <stddef.h>
+
+#include "crypto_generichash_blake2b.h"
+#include "export.h"
+
+#ifdef __cplusplus
+# ifdef __GNUC__
+#  pragma GCC diagnostic ignored "-Wlong-long"
+# endif
+extern "C" {
+#endif
+
+#define crypto_generichash_BYTES_MIN crypto_generichash_blake2b_BYTES_MIN
+SODIUM_EXPORT
+size_t  crypto_generichash_bytes_min(void);
+
+#define crypto_generichash_BYTES_MAX crypto_generichash_blake2b_BYTES_MAX
+SODIUM_EXPORT
+size_t  crypto_generichash_bytes_max(void);
+
+#define crypto_generichash_BYTES crypto_generichash_blake2b_BYTES
+SODIUM_EXPORT
+size_t  crypto_generichash_bytes(void);
+
+#define crypto_generichash_KEYBYTES_MIN crypto_generichash_blake2b_KEYBYTES_MIN
+SODIUM_EXPORT
+size_t  crypto_generichash_keybytes_min(void);
+
+#define crypto_generichash_KEYBYTES_MAX crypto_generichash_blake2b_KEYBYTES_MAX
+SODIUM_EXPORT
+size_t  crypto_generichash_keybytes_max(void);
+
+#define crypto_generichash_KEYBYTES crypto_generichash_blake2b_KEYBYTES
+SODIUM_EXPORT
+size_t  crypto_generichash_keybytes(void);
+
+#define crypto_generichash_PRIMITIVE "blake2b"
+SODIUM_EXPORT
+const char *crypto_generichash_primitive(void);
+
+/*
+ * Important when writing bindings for other programming languages:
+ * the state address should be 64-bytes aligned.
+ */
+typedef crypto_generichash_blake2b_state crypto_generichash_state;
+
+SODIUM_EXPORT
+size_t  crypto_generichash_statebytes(void);
+
+SODIUM_EXPORT
+int crypto_generichash(unsigned char *out, size_t outlen,
+                       const unsigned char *in, unsigned long long inlen,
+                       const unsigned char *key, size_t keylen)
+            __attribute__ ((nonnull(1)));
+
+SODIUM_EXPORT
+int crypto_generichash_init(crypto_generichash_state *state,
+                            const unsigned char *key,
+                            const size_t keylen, const size_t outlen)
+            __attribute__ ((nonnull(1)));
+
+SODIUM_EXPORT
+int crypto_generichash_update(crypto_generichash_state *state,
+                              const unsigned char *in,
+                              unsigned long long inlen)
+            __attribute__ ((nonnull(1)));
+
+SODIUM_EXPORT
+int crypto_generichash_final(crypto_generichash_state *state,
+                             unsigned char *out, const size_t outlen)
+            __attribute__ ((nonnull));
+
+SODIUM_EXPORT
+void crypto_generichash_keygen(unsigned char k[crypto_generichash_KEYBYTES])
+            __attribute__ ((nonnull));
+
+#ifdef __cplusplus
+}
+#endif
+
+#endif
diff --git a/client/3rd/ShadowSocks/ShadowSocks/libsodium/ios/include/sodium/crypto_generichash_blake2b.h b/client/3rd/ShadowSocks/ShadowSocks/libsodium/ios/include/sodium/crypto_generichash_blake2b.h
new file mode 100644
index 00000000..ae3b52f7
--- /dev/null
+++ b/client/3rd/ShadowSocks/ShadowSocks/libsodium/ios/include/sodium/crypto_generichash_blake2b.h
@@ -0,0 +1,122 @@
+#ifndef crypto_generichash_blake2b_H
+#define crypto_generichash_blake2b_H
+
+#include <stddef.h>
+#include <stdint.h>
+#include <stdlib.h>
+
+#include "export.h"
+
+#ifdef __cplusplus
+# ifdef __GNUC__
+#  pragma GCC diagnostic ignored "-Wlong-long"
+# endif
+extern "C" {
+#endif
+
+#ifdef __IBMC__
+# pragma pack(1)
+#elif defined(__SUNPRO_C) || defined(__SUNPRO_CC)
+# pragma pack(1)
+#else
+# pragma pack(push, 1)
+#endif
+
+typedef struct CRYPTO_ALIGN(64) crypto_generichash_blake2b_state {
+    unsigned char opaque[384];
+} crypto_generichash_blake2b_state;
+
+#ifdef __IBMC__
+# pragma pack(pop)
+#elif defined(__SUNPRO_C) || defined(__SUNPRO_CC)
+# pragma pack()
+#else
+# pragma pack(pop)
+#endif
+
+#define crypto_generichash_blake2b_BYTES_MIN     16U
+SODIUM_EXPORT
+size_t crypto_generichash_blake2b_bytes_min(void);
+
+#define crypto_generichash_blake2b_BYTES_MAX     64U
+SODIUM_EXPORT
+size_t crypto_generichash_blake2b_bytes_max(void);
+
+#define crypto_generichash_blake2b_BYTES         32U
+SODIUM_EXPORT
+size_t crypto_generichash_blake2b_bytes(void);
+
+#define crypto_generichash_blake2b_KEYBYTES_MIN  16U
+SODIUM_EXPORT
+size_t crypto_generichash_blake2b_keybytes_min(void);
+
+#define crypto_generichash_blake2b_KEYBYTES_MAX  64U
+SODIUM_EXPORT
+size_t crypto_generichash_blake2b_keybytes_max(void);
+
+#define crypto_generichash_blake2b_KEYBYTES      32U
+SODIUM_EXPORT
+size_t crypto_generichash_blake2b_keybytes(void);
+
+#define crypto_generichash_blake2b_SALTBYTES     16U
+SODIUM_EXPORT
+size_t crypto_generichash_blake2b_saltbytes(void);
+
+#define crypto_generichash_blake2b_PERSONALBYTES 16U
+SODIUM_EXPORT
+size_t crypto_generichash_blake2b_personalbytes(void);
+
+SODIUM_EXPORT
+size_t crypto_generichash_blake2b_statebytes(void);
+
+SODIUM_EXPORT
+int crypto_generichash_blake2b(unsigned char *out, size_t outlen,
+                               const unsigned char *in,
+                               unsigned long long inlen,
+                               const unsigned char *key, size_t keylen)
+            __attribute__ ((nonnull(1)));
+
+SODIUM_EXPORT
+int crypto_generichash_blake2b_salt_personal(unsigned char *out, size_t outlen,
+                                             const unsigned char *in,
+                                             unsigned long long inlen,
+                                             const unsigned char *key,
+                                             size_t keylen,
+                                             const unsigned char *salt,
+                                             const unsigned char *personal)
+            __attribute__ ((nonnull(1)));
+
+SODIUM_EXPORT
+int crypto_generichash_blake2b_init(crypto_generichash_blake2b_state *state,
+                                    const unsigned char *key,
+                                    const size_t keylen, const size_t outlen)
+            __attribute__ ((nonnull(1)));
+
+SODIUM_EXPORT
+int crypto_generichash_blake2b_init_salt_personal(crypto_generichash_blake2b_state *state,
+                                                  const unsigned char *key,
+                                                  const size_t keylen, const size_t outlen,
+                                                  const unsigned char *salt,
+                                                  const unsigned char *personal)
+            __attribute__ ((nonnull(1)));
+
+SODIUM_EXPORT
+int crypto_generichash_blake2b_update(crypto_generichash_blake2b_state *state,
+                                      const unsigned char *in,
+                                      unsigned long long inlen)
+            __attribute__ ((nonnull(1)));
+
+SODIUM_EXPORT
+int crypto_generichash_blake2b_final(crypto_generichash_blake2b_state *state,
+                                     unsigned char *out,
+                                     const size_t outlen) __attribute__ ((nonnull));
+
+SODIUM_EXPORT
+void crypto_generichash_blake2b_keygen(unsigned char k[crypto_generichash_blake2b_KEYBYTES])
+            __attribute__ ((nonnull));
+
+#ifdef __cplusplus
+}
+#endif
+
+#endif
diff --git a/client/3rd/ShadowSocks/ShadowSocks/libsodium/ios/include/sodium/crypto_hash.h b/client/3rd/ShadowSocks/ShadowSocks/libsodium/ios/include/sodium/crypto_hash.h
new file mode 100644
index 00000000..767d5480
--- /dev/null
+++ b/client/3rd/ShadowSocks/ShadowSocks/libsodium/ios/include/sodium/crypto_hash.h
@@ -0,0 +1,40 @@
+#ifndef crypto_hash_H
+#define crypto_hash_H
+
+/*
+ * WARNING: Unless you absolutely need to use SHA512 for interoperability,
+ * purposes, you might want to consider crypto_generichash() instead.
+ * Unlike SHA512, crypto_generichash() is not vulnerable to length
+ * extension attacks.
+ */
+
+#include <stddef.h>
+
+#include "crypto_hash_sha512.h"
+#include "export.h"
+
+#ifdef __cplusplus
+# ifdef __GNUC__
+#  pragma GCC diagnostic ignored "-Wlong-long"
+# endif
+extern "C" {
+#endif
+
+#define crypto_hash_BYTES crypto_hash_sha512_BYTES
+SODIUM_EXPORT
+size_t crypto_hash_bytes(void);
+
+SODIUM_EXPORT
+int crypto_hash(unsigned char *out, const unsigned char *in,
+                unsigned long long inlen) __attribute__ ((nonnull(1)));
+
+#define crypto_hash_PRIMITIVE "sha512"
+SODIUM_EXPORT
+const char *crypto_hash_primitive(void)
+            __attribute__ ((warn_unused_result));
+
+#ifdef __cplusplus
+}
+#endif
+
+#endif
diff --git a/client/3rd/ShadowSocks/ShadowSocks/libsodium/ios/include/sodium/crypto_hash_sha256.h b/client/3rd/ShadowSocks/ShadowSocks/libsodium/ios/include/sodium/crypto_hash_sha256.h
new file mode 100644
index 00000000..c47982af
--- /dev/null
+++ b/client/3rd/ShadowSocks/ShadowSocks/libsodium/ios/include/sodium/crypto_hash_sha256.h
@@ -0,0 +1,60 @@
+#ifndef crypto_hash_sha256_H
+#define crypto_hash_sha256_H
+
+/*
+ * WARNING: Unless you absolutely need to use SHA256 for interoperability,
+ * purposes, you might want to consider crypto_generichash() instead.
+ * Unlike SHA256, crypto_generichash() is not vulnerable to length
+ * extension attacks.
+ */
+
+#include <stddef.h>
+#include <stdint.h>
+#include <stdlib.h>
+
+#include "export.h"
+
+#ifdef __cplusplus
+# ifdef __GNUC__
+#  pragma GCC diagnostic ignored "-Wlong-long"
+# endif
+extern "C" {
+#endif
+
+typedef struct crypto_hash_sha256_state {
+    uint32_t state[8];
+    uint64_t count;
+    uint8_t  buf[64];
+} crypto_hash_sha256_state;
+
+SODIUM_EXPORT
+size_t crypto_hash_sha256_statebytes(void);
+
+#define crypto_hash_sha256_BYTES 32U
+SODIUM_EXPORT
+size_t crypto_hash_sha256_bytes(void);
+
+SODIUM_EXPORT
+int crypto_hash_sha256(unsigned char *out, const unsigned char *in,
+                       unsigned long long inlen) __attribute__ ((nonnull(1)));
+
+SODIUM_EXPORT
+int crypto_hash_sha256_init(crypto_hash_sha256_state *state)
+            __attribute__ ((nonnull));
+
+SODIUM_EXPORT
+int crypto_hash_sha256_update(crypto_hash_sha256_state *state,
+                              const unsigned char *in,
+                              unsigned long long inlen)
+            __attribute__ ((nonnull(1)));
+
+SODIUM_EXPORT
+int crypto_hash_sha256_final(crypto_hash_sha256_state *state,
+                             unsigned char *out)
+            __attribute__ ((nonnull));
+
+#ifdef __cplusplus
+}
+#endif
+
+#endif
diff --git a/client/3rd/ShadowSocks/ShadowSocks/libsodium/ios/include/sodium/crypto_hash_sha512.h b/client/3rd/ShadowSocks/ShadowSocks/libsodium/ios/include/sodium/crypto_hash_sha512.h
new file mode 100644
index 00000000..5b690fb2
--- /dev/null
+++ b/client/3rd/ShadowSocks/ShadowSocks/libsodium/ios/include/sodium/crypto_hash_sha512.h
@@ -0,0 +1,60 @@
+#ifndef crypto_hash_sha512_H
+#define crypto_hash_sha512_H
+
+/*
+ * WARNING: Unless you absolutely need to use SHA512 for interoperability,
+ * purposes, you might want to consider crypto_generichash() instead.
+ * Unlike SHA512, crypto_generichash() is not vulnerable to length
+ * extension attacks.
+ */
+
+#include <stddef.h>
+#include <stdint.h>
+#include <stdlib.h>
+
+#include "export.h"
+
+#ifdef __cplusplus
+# ifdef __GNUC__
+#  pragma GCC diagnostic ignored "-Wlong-long"
+# endif
+extern "C" {
+#endif
+
+typedef struct crypto_hash_sha512_state {
+    uint64_t state[8];
+    uint64_t count[2];
+    uint8_t  buf[128];
+} crypto_hash_sha512_state;
+
+SODIUM_EXPORT
+size_t crypto_hash_sha512_statebytes(void);
+
+#define crypto_hash_sha512_BYTES 64U
+SODIUM_EXPORT
+size_t crypto_hash_sha512_bytes(void);
+
+SODIUM_EXPORT
+int crypto_hash_sha512(unsigned char *out, const unsigned char *in,
+                       unsigned long long inlen) __attribute__ ((nonnull(1)));
+
+SODIUM_EXPORT
+int crypto_hash_sha512_init(crypto_hash_sha512_state *state)
+            __attribute__ ((nonnull));
+
+SODIUM_EXPORT
+int crypto_hash_sha512_update(crypto_hash_sha512_state *state,
+                              const unsigned char *in,
+                              unsigned long long inlen)
+            __attribute__ ((nonnull(1)));
+
+SODIUM_EXPORT
+int crypto_hash_sha512_final(crypto_hash_sha512_state *state,
+                             unsigned char *out)
+            __attribute__ ((nonnull));
+
+#ifdef __cplusplus
+}
+#endif
+
+#endif
diff --git a/client/3rd/ShadowSocks/ShadowSocks/libsodium/ios/include/sodium/crypto_kdf.h b/client/3rd/ShadowSocks/ShadowSocks/libsodium/ios/include/sodium/crypto_kdf.h
new file mode 100644
index 00000000..ac2fc618
--- /dev/null
+++ b/client/3rd/ShadowSocks/ShadowSocks/libsodium/ios/include/sodium/crypto_kdf.h
@@ -0,0 +1,53 @@
+#ifndef crypto_kdf_H
+#define crypto_kdf_H
+
+#include <stddef.h>
+#include <stdint.h>
+
+#include "crypto_kdf_blake2b.h"
+#include "export.h"
+
+#ifdef __cplusplus
+# ifdef __GNUC__
+#  pragma GCC diagnostic ignored "-Wlong-long"
+# endif
+extern "C" {
+#endif
+
+#define crypto_kdf_BYTES_MIN crypto_kdf_blake2b_BYTES_MIN
+SODIUM_EXPORT
+size_t crypto_kdf_bytes_min(void);
+
+#define crypto_kdf_BYTES_MAX crypto_kdf_blake2b_BYTES_MAX
+SODIUM_EXPORT
+size_t crypto_kdf_bytes_max(void);
+
+#define crypto_kdf_CONTEXTBYTES crypto_kdf_blake2b_CONTEXTBYTES
+SODIUM_EXPORT
+size_t crypto_kdf_contextbytes(void);
+
+#define crypto_kdf_KEYBYTES crypto_kdf_blake2b_KEYBYTES
+SODIUM_EXPORT
+size_t crypto_kdf_keybytes(void);
+
+#define crypto_kdf_PRIMITIVE "blake2b"
+SODIUM_EXPORT
+const char *crypto_kdf_primitive(void)
+            __attribute__ ((warn_unused_result));
+
+SODIUM_EXPORT
+int crypto_kdf_derive_from_key(unsigned char *subkey, size_t subkey_len,
+                               uint64_t subkey_id,
+                               const char ctx[crypto_kdf_CONTEXTBYTES],
+                               const unsigned char key[crypto_kdf_KEYBYTES])
+            __attribute__ ((nonnull));
+
+SODIUM_EXPORT
+void crypto_kdf_keygen(unsigned char k[crypto_kdf_KEYBYTES])
+            __attribute__ ((nonnull));
+
+#ifdef __cplusplus
+}
+#endif
+
+#endif
diff --git a/client/3rd/ShadowSocks/ShadowSocks/libsodium/ios/include/sodium/crypto_kdf_blake2b.h b/client/3rd/ShadowSocks/ShadowSocks/libsodium/ios/include/sodium/crypto_kdf_blake2b.h
new file mode 100644
index 00000000..489c7c20
--- /dev/null
+++ b/client/3rd/ShadowSocks/ShadowSocks/libsodium/ios/include/sodium/crypto_kdf_blake2b.h
@@ -0,0 +1,44 @@
+#ifndef crypto_kdf_blake2b_H
+#define crypto_kdf_blake2b_H
+
+#include <stddef.h>
+#include <stdint.h>
+#include <stdlib.h>
+
+#include "export.h"
+
+#ifdef __cplusplus
+# ifdef __GNUC__
+#  pragma GCC diagnostic ignored "-Wlong-long"
+# endif
+extern "C" {
+#endif
+
+#define crypto_kdf_blake2b_BYTES_MIN 16
+SODIUM_EXPORT
+size_t crypto_kdf_blake2b_bytes_min(void);
+
+#define crypto_kdf_blake2b_BYTES_MAX 64
+SODIUM_EXPORT
+size_t crypto_kdf_blake2b_bytes_max(void);
+
+#define crypto_kdf_blake2b_CONTEXTBYTES 8
+SODIUM_EXPORT
+size_t crypto_kdf_blake2b_contextbytes(void);
+
+#define crypto_kdf_blake2b_KEYBYTES 32
+SODIUM_EXPORT
+size_t crypto_kdf_blake2b_keybytes(void);
+
+SODIUM_EXPORT
+int crypto_kdf_blake2b_derive_from_key(unsigned char *subkey, size_t subkey_len,
+                                       uint64_t subkey_id,
+                                       const char ctx[crypto_kdf_blake2b_CONTEXTBYTES],
+                                       const unsigned char key[crypto_kdf_blake2b_KEYBYTES])
+            __attribute__ ((nonnull));
+
+#ifdef __cplusplus
+}
+#endif
+
+#endif
diff --git a/client/3rd/ShadowSocks/ShadowSocks/libsodium/ios/include/sodium/crypto_kdf_hkdf_sha256.h b/client/3rd/ShadowSocks/ShadowSocks/libsodium/ios/include/sodium/crypto_kdf_hkdf_sha256.h
new file mode 100644
index 00000000..899a6316
--- /dev/null
+++ b/client/3rd/ShadowSocks/ShadowSocks/libsodium/ios/include/sodium/crypto_kdf_hkdf_sha256.h
@@ -0,0 +1,48 @@
+#ifndef crypto_kdf_hkdf_sha256_H
+#define crypto_kdf_hkdf_sha256_H
+
+#include <stddef.h>
+#include <stdint.h>
+#include <stdlib.h>
+
+#include "crypto_kdf.h"
+#include "crypto_auth_hmacsha256.h"
+#include "export.h"
+
+#ifdef __cplusplus
+# ifdef __GNUC__
+#  pragma GCC diagnostic ignored "-Wlong-long"
+# endif
+extern "C" {
+#endif
+
+#define crypto_kdf_hkdf_sha256_KEYBYTES crypto_auth_hmacsha256_BYTES
+SODIUM_EXPORT
+size_t crypto_kdf_hkdf_sha256_keybytes(void);
+
+#define crypto_kdf_hkdf_sha256_BYTES_MIN 0U
+SODIUM_EXPORT
+size_t crypto_kdf_hkdf_sha256_bytes_min(void);
+
+#define crypto_kdf_hkdf_sha256_BYTES_MAX (0xff * crypto_auth_hmacsha256_BYTES)
+SODIUM_EXPORT
+size_t crypto_kdf_hkdf_sha256_bytes_max(void);
+
+SODIUM_EXPORT
+int crypto_kdf_hkdf_sha256_extract(unsigned char prk[crypto_kdf_hkdf_sha256_KEYBYTES],
+                                   const unsigned char *salt, size_t salt_len,
+                                   const unsigned char *ikm, size_t ikm_len);
+
+SODIUM_EXPORT
+void crypto_kdf_hkdf_sha256_keygen(unsigned char prk[crypto_kdf_hkdf_sha256_KEYBYTES]);
+
+SODIUM_EXPORT
+int crypto_kdf_hkdf_sha256_expand(unsigned char *out, size_t out_len,
+                                  const char *ctx, size_t ctx_len,
+                                  const unsigned char prk[crypto_kdf_hkdf_sha256_KEYBYTES]);
+
+#ifdef __cplusplus
+}
+#endif
+
+#endif
diff --git a/client/3rd/ShadowSocks/ShadowSocks/libsodium/ios/include/sodium/crypto_kdf_hkdf_sha512.h b/client/3rd/ShadowSocks/ShadowSocks/libsodium/ios/include/sodium/crypto_kdf_hkdf_sha512.h
new file mode 100644
index 00000000..3fa6868c
--- /dev/null
+++ b/client/3rd/ShadowSocks/ShadowSocks/libsodium/ios/include/sodium/crypto_kdf_hkdf_sha512.h
@@ -0,0 +1,51 @@
+#ifndef crypto_kdf_hkdf_sha512_H
+#define crypto_kdf_hkdf_sha512_H
+
+#include <stddef.h>
+#include <stdint.h>
+#include <stdlib.h>
+
+#include "crypto_kdf.h"
+#include "crypto_auth_hmacsha512.h"
+#include "export.h"
+
+#ifdef __cplusplus
+# ifdef __GNUC__
+#  pragma GCC diagnostic ignored "-Wlong-long"
+# endif
+extern "C" {
+#endif
+
+#define crypto_kdf_hkdf_sha512_KEYBYTES crypto_auth_hmacsha512_BYTES
+SODIUM_EXPORT
+size_t crypto_kdf_hkdf_sha512_keybytes(void);
+
+#define crypto_kdf_hkdf_sha512_BYTES_MIN 0U
+SODIUM_EXPORT
+size_t crypto_kdf_hkdf_sha512_bytes_min(void);
+
+#define crypto_kdf_hkdf_sha512_BYTES_MAX (0xff * crypto_auth_hmacsha512_BYTES)
+SODIUM_EXPORT
+size_t crypto_kdf_hkdf_sha512_bytes_max(void);
+
+SODIUM_EXPORT
+int crypto_kdf_hkdf_sha512_extract(unsigned char prk[crypto_kdf_hkdf_sha512_KEYBYTES],
+                                   const unsigned char *salt, size_t salt_len,
+                                   const unsigned char *ikm, size_t ikm_len)
+            __attribute__ ((nonnull(1)));
+
+SODIUM_EXPORT
+void crypto_kdf_hkdf_sha512_keygen(unsigned char prk[crypto_kdf_hkdf_sha512_KEYBYTES])
+            __attribute__ ((nonnull));
+
+SODIUM_EXPORT
+int crypto_kdf_hkdf_sha512_expand(unsigned char *out, size_t out_len,
+                                  const char *ctx, size_t ctx_len,
+                                  const unsigned char prk[crypto_kdf_hkdf_sha512_KEYBYTES])
+            __attribute__ ((nonnull(1)));
+
+#ifdef __cplusplus
+}
+#endif
+
+#endif
diff --git a/client/3rd/ShadowSocks/ShadowSocks/libsodium/ios/include/sodium/crypto_kx.h b/client/3rd/ShadowSocks/ShadowSocks/libsodium/ios/include/sodium/crypto_kx.h
new file mode 100644
index 00000000..347132c3
--- /dev/null
+++ b/client/3rd/ShadowSocks/ShadowSocks/libsodium/ios/include/sodium/crypto_kx.h
@@ -0,0 +1,66 @@
+#ifndef crypto_kx_H
+#define crypto_kx_H
+
+#include <stddef.h>
+
+#include "export.h"
+
+#ifdef __cplusplus
+# ifdef __GNUC__
+#  pragma GCC diagnostic ignored "-Wlong-long"
+# endif
+extern "C" {
+#endif
+
+#define crypto_kx_PUBLICKEYBYTES 32
+SODIUM_EXPORT
+size_t crypto_kx_publickeybytes(void);
+
+#define crypto_kx_SECRETKEYBYTES 32
+SODIUM_EXPORT
+size_t crypto_kx_secretkeybytes(void);
+
+#define crypto_kx_SEEDBYTES 32
+SODIUM_EXPORT
+size_t crypto_kx_seedbytes(void);
+
+#define crypto_kx_SESSIONKEYBYTES 32
+SODIUM_EXPORT
+size_t crypto_kx_sessionkeybytes(void);
+
+#define crypto_kx_PRIMITIVE "x25519blake2b"
+SODIUM_EXPORT
+const char *crypto_kx_primitive(void);
+
+SODIUM_EXPORT
+int crypto_kx_seed_keypair(unsigned char pk[crypto_kx_PUBLICKEYBYTES],
+                           unsigned char sk[crypto_kx_SECRETKEYBYTES],
+                           const unsigned char seed[crypto_kx_SEEDBYTES])
+            __attribute__ ((nonnull));
+
+SODIUM_EXPORT
+int crypto_kx_keypair(unsigned char pk[crypto_kx_PUBLICKEYBYTES],
+                      unsigned char sk[crypto_kx_SECRETKEYBYTES])
+            __attribute__ ((nonnull));
+
+SODIUM_EXPORT
+int crypto_kx_client_session_keys(unsigned char rx[crypto_kx_SESSIONKEYBYTES],
+                                  unsigned char tx[crypto_kx_SESSIONKEYBYTES],
+                                  const unsigned char client_pk[crypto_kx_PUBLICKEYBYTES],
+                                  const unsigned char client_sk[crypto_kx_SECRETKEYBYTES],
+                                  const unsigned char server_pk[crypto_kx_PUBLICKEYBYTES])
+            __attribute__ ((warn_unused_result))  __attribute__ ((nonnull(3, 4, 5)));
+
+SODIUM_EXPORT
+int crypto_kx_server_session_keys(unsigned char rx[crypto_kx_SESSIONKEYBYTES],
+                                  unsigned char tx[crypto_kx_SESSIONKEYBYTES],
+                                  const unsigned char server_pk[crypto_kx_PUBLICKEYBYTES],
+                                  const unsigned char server_sk[crypto_kx_SECRETKEYBYTES],
+                                  const unsigned char client_pk[crypto_kx_PUBLICKEYBYTES])
+            __attribute__ ((warn_unused_result))  __attribute__ ((nonnull(3, 4, 5)));
+
+#ifdef __cplusplus
+}
+#endif
+
+#endif
diff --git a/client/3rd/ShadowSocks/ShadowSocks/libsodium/ios/include/sodium/crypto_onetimeauth.h b/client/3rd/ShadowSocks/ShadowSocks/libsodium/ios/include/sodium/crypto_onetimeauth.h
new file mode 100644
index 00000000..7cd7b070
--- /dev/null
+++ b/client/3rd/ShadowSocks/ShadowSocks/libsodium/ios/include/sodium/crypto_onetimeauth.h
@@ -0,0 +1,65 @@
+#ifndef crypto_onetimeauth_H
+#define crypto_onetimeauth_H
+
+#include <stddef.h>
+
+#include "crypto_onetimeauth_poly1305.h"
+#include "export.h"
+
+#ifdef __cplusplus
+# ifdef __GNUC__
+#  pragma GCC diagnostic ignored "-Wlong-long"
+# endif
+extern "C" {
+#endif
+
+typedef crypto_onetimeauth_poly1305_state crypto_onetimeauth_state;
+
+SODIUM_EXPORT
+size_t  crypto_onetimeauth_statebytes(void);
+
+#define crypto_onetimeauth_BYTES crypto_onetimeauth_poly1305_BYTES
+SODIUM_EXPORT
+size_t  crypto_onetimeauth_bytes(void);
+
+#define crypto_onetimeauth_KEYBYTES crypto_onetimeauth_poly1305_KEYBYTES
+SODIUM_EXPORT
+size_t  crypto_onetimeauth_keybytes(void);
+
+#define crypto_onetimeauth_PRIMITIVE "poly1305"
+SODIUM_EXPORT
+const char *crypto_onetimeauth_primitive(void);
+
+SODIUM_EXPORT
+int crypto_onetimeauth(unsigned char *out, const unsigned char *in,
+                       unsigned long long inlen, const unsigned char *k)
+            __attribute__ ((nonnull(1, 4)));
+
+SODIUM_EXPORT
+int crypto_onetimeauth_verify(const unsigned char *h, const unsigned char *in,
+                              unsigned long long inlen, const unsigned char *k)
+            __attribute__ ((warn_unused_result)) __attribute__ ((nonnull(1, 4)));
+
+SODIUM_EXPORT
+int crypto_onetimeauth_init(crypto_onetimeauth_state *state,
+                            const unsigned char *key) __attribute__ ((nonnull));
+
+SODIUM_EXPORT
+int crypto_onetimeauth_update(crypto_onetimeauth_state *state,
+                              const unsigned char *in,
+                              unsigned long long inlen)
+            __attribute__ ((nonnull(1)));
+
+SODIUM_EXPORT
+int crypto_onetimeauth_final(crypto_onetimeauth_state *state,
+                             unsigned char *out) __attribute__ ((nonnull));
+
+SODIUM_EXPORT
+void crypto_onetimeauth_keygen(unsigned char k[crypto_onetimeauth_KEYBYTES])
+            __attribute__ ((nonnull));
+
+#ifdef __cplusplus
+}
+#endif
+
+#endif
diff --git a/client/3rd/ShadowSocks/ShadowSocks/libsodium/ios/include/sodium/crypto_onetimeauth_poly1305.h b/client/3rd/ShadowSocks/ShadowSocks/libsodium/ios/include/sodium/crypto_onetimeauth_poly1305.h
new file mode 100644
index 00000000..f3e34d86
--- /dev/null
+++ b/client/3rd/ShadowSocks/ShadowSocks/libsodium/ios/include/sodium/crypto_onetimeauth_poly1305.h
@@ -0,0 +1,72 @@
+#ifndef crypto_onetimeauth_poly1305_H
+#define crypto_onetimeauth_poly1305_H
+
+#ifdef __cplusplus
+# ifdef __GNUC__
+#  pragma GCC diagnostic ignored "-Wlong-long"
+# endif
+extern "C" {
+#endif
+
+#include <stdint.h>
+#include <stdio.h>
+#include <stdlib.h>
+
+#include <sys/types.h>
+
+#include "export.h"
+
+typedef struct CRYPTO_ALIGN(16) crypto_onetimeauth_poly1305_state {
+    unsigned char opaque[256];
+} crypto_onetimeauth_poly1305_state;
+
+SODIUM_EXPORT
+size_t crypto_onetimeauth_poly1305_statebytes(void);
+
+#define crypto_onetimeauth_poly1305_BYTES 16U
+SODIUM_EXPORT
+size_t crypto_onetimeauth_poly1305_bytes(void);
+
+#define crypto_onetimeauth_poly1305_KEYBYTES 32U
+SODIUM_EXPORT
+size_t crypto_onetimeauth_poly1305_keybytes(void);
+
+SODIUM_EXPORT
+int crypto_onetimeauth_poly1305(unsigned char *out,
+                                const unsigned char *in,
+                                unsigned long long inlen,
+                                const unsigned char *k)
+            __attribute__ ((nonnull(1, 4)));
+
+SODIUM_EXPORT
+int crypto_onetimeauth_poly1305_verify(const unsigned char *h,
+                                       const unsigned char *in,
+                                       unsigned long long inlen,
+                                       const unsigned char *k)
+            __attribute__ ((warn_unused_result)) __attribute__ ((nonnull(1, 4)));
+
+SODIUM_EXPORT
+int crypto_onetimeauth_poly1305_init(crypto_onetimeauth_poly1305_state *state,
+                                     const unsigned char *key)
+            __attribute__ ((nonnull));
+
+SODIUM_EXPORT
+int crypto_onetimeauth_poly1305_update(crypto_onetimeauth_poly1305_state *state,
+                                       const unsigned char *in,
+                                       unsigned long long inlen)
+            __attribute__ ((nonnull(1)));
+
+SODIUM_EXPORT
+int crypto_onetimeauth_poly1305_final(crypto_onetimeauth_poly1305_state *state,
+                                      unsigned char *out)
+            __attribute__ ((nonnull));
+
+SODIUM_EXPORT
+void crypto_onetimeauth_poly1305_keygen(unsigned char k[crypto_onetimeauth_poly1305_KEYBYTES])
+            __attribute__ ((nonnull));
+
+#ifdef __cplusplus
+}
+#endif
+
+#endif
diff --git a/client/3rd/ShadowSocks/ShadowSocks/libsodium/ios/include/sodium/crypto_pwhash.h b/client/3rd/ShadowSocks/ShadowSocks/libsodium/ios/include/sodium/crypto_pwhash.h
new file mode 100644
index 00000000..307265d3
--- /dev/null
+++ b/client/3rd/ShadowSocks/ShadowSocks/libsodium/ios/include/sodium/crypto_pwhash.h
@@ -0,0 +1,147 @@
+#ifndef crypto_pwhash_H
+#define crypto_pwhash_H
+
+#include <stddef.h>
+
+#include "crypto_pwhash_argon2i.h"
+#include "crypto_pwhash_argon2id.h"
+#include "export.h"
+
+#ifdef __cplusplus
+# ifdef __GNUC__
+#  pragma GCC diagnostic ignored "-Wlong-long"
+# endif
+extern "C" {
+#endif
+
+#define crypto_pwhash_ALG_ARGON2I13 crypto_pwhash_argon2i_ALG_ARGON2I13
+SODIUM_EXPORT
+int crypto_pwhash_alg_argon2i13(void);
+
+#define crypto_pwhash_ALG_ARGON2ID13 crypto_pwhash_argon2id_ALG_ARGON2ID13
+SODIUM_EXPORT
+int crypto_pwhash_alg_argon2id13(void);
+
+#define crypto_pwhash_ALG_DEFAULT crypto_pwhash_ALG_ARGON2ID13
+SODIUM_EXPORT
+int crypto_pwhash_alg_default(void);
+
+#define crypto_pwhash_BYTES_MIN crypto_pwhash_argon2id_BYTES_MIN
+SODIUM_EXPORT
+size_t crypto_pwhash_bytes_min(void);
+
+#define crypto_pwhash_BYTES_MAX crypto_pwhash_argon2id_BYTES_MAX
+SODIUM_EXPORT
+size_t crypto_pwhash_bytes_max(void);
+
+#define crypto_pwhash_PASSWD_MIN crypto_pwhash_argon2id_PASSWD_MIN
+SODIUM_EXPORT
+size_t crypto_pwhash_passwd_min(void);
+
+#define crypto_pwhash_PASSWD_MAX crypto_pwhash_argon2id_PASSWD_MAX
+SODIUM_EXPORT
+size_t crypto_pwhash_passwd_max(void);
+
+#define crypto_pwhash_SALTBYTES crypto_pwhash_argon2id_SALTBYTES
+SODIUM_EXPORT
+size_t crypto_pwhash_saltbytes(void);
+
+#define crypto_pwhash_STRBYTES crypto_pwhash_argon2id_STRBYTES
+SODIUM_EXPORT
+size_t crypto_pwhash_strbytes(void);
+
+#define crypto_pwhash_STRPREFIX crypto_pwhash_argon2id_STRPREFIX
+SODIUM_EXPORT
+const char *crypto_pwhash_strprefix(void);
+
+#define crypto_pwhash_OPSLIMIT_MIN crypto_pwhash_argon2id_OPSLIMIT_MIN
+SODIUM_EXPORT
+unsigned long long crypto_pwhash_opslimit_min(void);
+
+#define crypto_pwhash_OPSLIMIT_MAX crypto_pwhash_argon2id_OPSLIMIT_MAX
+SODIUM_EXPORT
+unsigned long long crypto_pwhash_opslimit_max(void);
+
+#define crypto_pwhash_MEMLIMIT_MIN crypto_pwhash_argon2id_MEMLIMIT_MIN
+SODIUM_EXPORT
+size_t crypto_pwhash_memlimit_min(void);
+
+#define crypto_pwhash_MEMLIMIT_MAX crypto_pwhash_argon2id_MEMLIMIT_MAX
+SODIUM_EXPORT
+size_t crypto_pwhash_memlimit_max(void);
+
+#define crypto_pwhash_OPSLIMIT_INTERACTIVE crypto_pwhash_argon2id_OPSLIMIT_INTERACTIVE
+SODIUM_EXPORT
+unsigned long long crypto_pwhash_opslimit_interactive(void);
+
+#define crypto_pwhash_MEMLIMIT_INTERACTIVE crypto_pwhash_argon2id_MEMLIMIT_INTERACTIVE
+SODIUM_EXPORT
+size_t crypto_pwhash_memlimit_interactive(void);
+
+#define crypto_pwhash_OPSLIMIT_MODERATE crypto_pwhash_argon2id_OPSLIMIT_MODERATE
+SODIUM_EXPORT
+unsigned long long crypto_pwhash_opslimit_moderate(void);
+
+#define crypto_pwhash_MEMLIMIT_MODERATE crypto_pwhash_argon2id_MEMLIMIT_MODERATE
+SODIUM_EXPORT
+size_t crypto_pwhash_memlimit_moderate(void);
+
+#define crypto_pwhash_OPSLIMIT_SENSITIVE crypto_pwhash_argon2id_OPSLIMIT_SENSITIVE
+SODIUM_EXPORT
+unsigned long long crypto_pwhash_opslimit_sensitive(void);
+
+#define crypto_pwhash_MEMLIMIT_SENSITIVE crypto_pwhash_argon2id_MEMLIMIT_SENSITIVE
+SODIUM_EXPORT
+size_t crypto_pwhash_memlimit_sensitive(void);
+
+/*
+ * With this function, do not forget to store all parameters, including the
+ * algorithm identifier in order to produce deterministic output.
+ * The crypto_pwhash_* definitions, including crypto_pwhash_ALG_DEFAULT,
+ * may change.
+ */
+SODIUM_EXPORT
+int crypto_pwhash(unsigned char * const out, unsigned long long outlen,
+                  const char * const passwd, unsigned long long passwdlen,
+                  const unsigned char * const salt,
+                  unsigned long long opslimit, size_t memlimit, int alg)
+            __attribute__ ((warn_unused_result)) __attribute__ ((nonnull));
+
+/*
+ * The output string already includes all the required parameters, including
+ * the algorithm identifier. The string is all that has to be stored in
+ * order to verify a password.
+ */
+SODIUM_EXPORT
+int crypto_pwhash_str(char out[crypto_pwhash_STRBYTES],
+                      const char * const passwd, unsigned long long passwdlen,
+                      unsigned long long opslimit, size_t memlimit)
+            __attribute__ ((warn_unused_result)) __attribute__ ((nonnull));
+
+SODIUM_EXPORT
+int crypto_pwhash_str_alg(char out[crypto_pwhash_STRBYTES],
+                          const char * const passwd, unsigned long long passwdlen,
+                          unsigned long long opslimit, size_t memlimit, int alg)
+            __attribute__ ((warn_unused_result)) __attribute__ ((nonnull));
+
+SODIUM_EXPORT
+int crypto_pwhash_str_verify(const char *str,
+                             const char * const passwd,
+                             unsigned long long passwdlen)
+            __attribute__ ((warn_unused_result)) __attribute__ ((nonnull));
+
+SODIUM_EXPORT
+int crypto_pwhash_str_needs_rehash(const char *str,
+                                   unsigned long long opslimit, size_t memlimit)
+            __attribute__ ((warn_unused_result)) __attribute__ ((nonnull));
+
+#define crypto_pwhash_PRIMITIVE "argon2i"
+SODIUM_EXPORT
+const char *crypto_pwhash_primitive(void)
+            __attribute__ ((warn_unused_result));
+
+#ifdef __cplusplus
+}
+#endif
+
+#endif
diff --git a/client/3rd/ShadowSocks/ShadowSocks/libsodium/ios/include/sodium/crypto_pwhash_argon2i.h b/client/3rd/ShadowSocks/ShadowSocks/libsodium/ios/include/sodium/crypto_pwhash_argon2i.h
new file mode 100644
index 00000000..91156ba0
--- /dev/null
+++ b/client/3rd/ShadowSocks/ShadowSocks/libsodium/ios/include/sodium/crypto_pwhash_argon2i.h
@@ -0,0 +1,122 @@
+#ifndef crypto_pwhash_argon2i_H
+#define crypto_pwhash_argon2i_H
+
+#include <limits.h>
+#include <stddef.h>
+#include <stdint.h>
+
+#include "export.h"
+
+#ifdef __cplusplus
+# ifdef __GNUC__
+#  pragma GCC diagnostic ignored "-Wlong-long"
+# endif
+extern "C" {
+#endif
+
+#define crypto_pwhash_argon2i_ALG_ARGON2I13 1
+SODIUM_EXPORT
+int crypto_pwhash_argon2i_alg_argon2i13(void);
+
+#define crypto_pwhash_argon2i_BYTES_MIN 16U
+SODIUM_EXPORT
+size_t crypto_pwhash_argon2i_bytes_min(void);
+
+#define crypto_pwhash_argon2i_BYTES_MAX SODIUM_MIN(SODIUM_SIZE_MAX, 4294967295U)
+SODIUM_EXPORT
+size_t crypto_pwhash_argon2i_bytes_max(void);
+
+#define crypto_pwhash_argon2i_PASSWD_MIN 0U
+SODIUM_EXPORT
+size_t crypto_pwhash_argon2i_passwd_min(void);
+
+#define crypto_pwhash_argon2i_PASSWD_MAX 4294967295U
+SODIUM_EXPORT
+size_t crypto_pwhash_argon2i_passwd_max(void);
+
+#define crypto_pwhash_argon2i_SALTBYTES 16U
+SODIUM_EXPORT
+size_t crypto_pwhash_argon2i_saltbytes(void);
+
+#define crypto_pwhash_argon2i_STRBYTES 128U
+SODIUM_EXPORT
+size_t crypto_pwhash_argon2i_strbytes(void);
+
+#define crypto_pwhash_argon2i_STRPREFIX "$argon2i$"
+SODIUM_EXPORT
+const char *crypto_pwhash_argon2i_strprefix(void);
+
+#define crypto_pwhash_argon2i_OPSLIMIT_MIN 3U
+SODIUM_EXPORT
+unsigned long long crypto_pwhash_argon2i_opslimit_min(void);
+
+#define crypto_pwhash_argon2i_OPSLIMIT_MAX 4294967295U
+SODIUM_EXPORT
+unsigned long long crypto_pwhash_argon2i_opslimit_max(void);
+
+#define crypto_pwhash_argon2i_MEMLIMIT_MIN 8192U
+SODIUM_EXPORT
+size_t crypto_pwhash_argon2i_memlimit_min(void);
+
+#define crypto_pwhash_argon2i_MEMLIMIT_MAX \
+    ((SIZE_MAX >= 4398046510080U) ? 4398046510080U : (SIZE_MAX >= 2147483648U) ? 2147483648U : 32768U)
+SODIUM_EXPORT
+size_t crypto_pwhash_argon2i_memlimit_max(void);
+
+#define crypto_pwhash_argon2i_OPSLIMIT_INTERACTIVE 4U
+SODIUM_EXPORT
+unsigned long long crypto_pwhash_argon2i_opslimit_interactive(void);
+
+#define crypto_pwhash_argon2i_MEMLIMIT_INTERACTIVE 33554432U
+SODIUM_EXPORT
+size_t crypto_pwhash_argon2i_memlimit_interactive(void);
+
+#define crypto_pwhash_argon2i_OPSLIMIT_MODERATE 6U
+SODIUM_EXPORT
+unsigned long long crypto_pwhash_argon2i_opslimit_moderate(void);
+
+#define crypto_pwhash_argon2i_MEMLIMIT_MODERATE 134217728U
+SODIUM_EXPORT
+size_t crypto_pwhash_argon2i_memlimit_moderate(void);
+
+#define crypto_pwhash_argon2i_OPSLIMIT_SENSITIVE 8U
+SODIUM_EXPORT
+unsigned long long crypto_pwhash_argon2i_opslimit_sensitive(void);
+
+#define crypto_pwhash_argon2i_MEMLIMIT_SENSITIVE 536870912U
+SODIUM_EXPORT
+size_t crypto_pwhash_argon2i_memlimit_sensitive(void);
+
+SODIUM_EXPORT
+int crypto_pwhash_argon2i(unsigned char * const out,
+                          unsigned long long outlen,
+                          const char * const passwd,
+                          unsigned long long passwdlen,
+                          const unsigned char * const salt,
+                          unsigned long long opslimit, size_t memlimit,
+                          int alg)
+            __attribute__ ((warn_unused_result)) __attribute__ ((nonnull));
+
+SODIUM_EXPORT
+int crypto_pwhash_argon2i_str(char out[crypto_pwhash_argon2i_STRBYTES],
+                              const char * const passwd,
+                              unsigned long long passwdlen,
+                              unsigned long long opslimit, size_t memlimit)
+            __attribute__ ((warn_unused_result)) __attribute__ ((nonnull));
+
+SODIUM_EXPORT
+int crypto_pwhash_argon2i_str_verify(const char * str,
+                                     const char * const passwd,
+                                     unsigned long long passwdlen)
+            __attribute__ ((warn_unused_result)) __attribute__ ((nonnull));
+
+SODIUM_EXPORT
+int crypto_pwhash_argon2i_str_needs_rehash(const char * str,
+                                           unsigned long long opslimit, size_t memlimit)
+            __attribute__ ((warn_unused_result))  __attribute__ ((nonnull));
+
+#ifdef __cplusplus
+}
+#endif
+
+#endif
diff --git a/client/3rd/ShadowSocks/ShadowSocks/libsodium/ios/include/sodium/crypto_pwhash_argon2id.h b/client/3rd/ShadowSocks/ShadowSocks/libsodium/ios/include/sodium/crypto_pwhash_argon2id.h
new file mode 100644
index 00000000..e6f72a92
--- /dev/null
+++ b/client/3rd/ShadowSocks/ShadowSocks/libsodium/ios/include/sodium/crypto_pwhash_argon2id.h
@@ -0,0 +1,122 @@
+#ifndef crypto_pwhash_argon2id_H
+#define crypto_pwhash_argon2id_H
+
+#include <limits.h>
+#include <stddef.h>
+#include <stdint.h>
+
+#include "export.h"
+
+#ifdef __cplusplus
+# ifdef __GNUC__
+#  pragma GCC diagnostic ignored "-Wlong-long"
+# endif
+extern "C" {
+#endif
+
+#define crypto_pwhash_argon2id_ALG_ARGON2ID13 2
+SODIUM_EXPORT
+int crypto_pwhash_argon2id_alg_argon2id13(void);
+
+#define crypto_pwhash_argon2id_BYTES_MIN 16U
+SODIUM_EXPORT
+size_t crypto_pwhash_argon2id_bytes_min(void);
+
+#define crypto_pwhash_argon2id_BYTES_MAX SODIUM_MIN(SODIUM_SIZE_MAX, 4294967295U)
+SODIUM_EXPORT
+size_t crypto_pwhash_argon2id_bytes_max(void);
+
+#define crypto_pwhash_argon2id_PASSWD_MIN 0U
+SODIUM_EXPORT
+size_t crypto_pwhash_argon2id_passwd_min(void);
+
+#define crypto_pwhash_argon2id_PASSWD_MAX 4294967295U
+SODIUM_EXPORT
+size_t crypto_pwhash_argon2id_passwd_max(void);
+
+#define crypto_pwhash_argon2id_SALTBYTES 16U
+SODIUM_EXPORT
+size_t crypto_pwhash_argon2id_saltbytes(void);
+
+#define crypto_pwhash_argon2id_STRBYTES 128U
+SODIUM_EXPORT
+size_t crypto_pwhash_argon2id_strbytes(void);
+
+#define crypto_pwhash_argon2id_STRPREFIX "$argon2id$"
+SODIUM_EXPORT
+const char *crypto_pwhash_argon2id_strprefix(void);
+
+#define crypto_pwhash_argon2id_OPSLIMIT_MIN 1U
+SODIUM_EXPORT
+unsigned long long crypto_pwhash_argon2id_opslimit_min(void);
+
+#define crypto_pwhash_argon2id_OPSLIMIT_MAX 4294967295U
+SODIUM_EXPORT
+unsigned long long crypto_pwhash_argon2id_opslimit_max(void);
+
+#define crypto_pwhash_argon2id_MEMLIMIT_MIN 8192U
+SODIUM_EXPORT
+size_t crypto_pwhash_argon2id_memlimit_min(void);
+
+#define crypto_pwhash_argon2id_MEMLIMIT_MAX \
+    ((SIZE_MAX >= 4398046510080U) ? 4398046510080U : (SIZE_MAX >= 2147483648U) ? 2147483648U : 32768U)
+SODIUM_EXPORT
+size_t crypto_pwhash_argon2id_memlimit_max(void);
+
+#define crypto_pwhash_argon2id_OPSLIMIT_INTERACTIVE 2U
+SODIUM_EXPORT
+unsigned long long crypto_pwhash_argon2id_opslimit_interactive(void);
+
+#define crypto_pwhash_argon2id_MEMLIMIT_INTERACTIVE 67108864U
+SODIUM_EXPORT
+size_t crypto_pwhash_argon2id_memlimit_interactive(void);
+
+#define crypto_pwhash_argon2id_OPSLIMIT_MODERATE 3U
+SODIUM_EXPORT
+unsigned long long crypto_pwhash_argon2id_opslimit_moderate(void);
+
+#define crypto_pwhash_argon2id_MEMLIMIT_MODERATE 268435456U
+SODIUM_EXPORT
+size_t crypto_pwhash_argon2id_memlimit_moderate(void);
+
+#define crypto_pwhash_argon2id_OPSLIMIT_SENSITIVE 4U
+SODIUM_EXPORT
+unsigned long long crypto_pwhash_argon2id_opslimit_sensitive(void);
+
+#define crypto_pwhash_argon2id_MEMLIMIT_SENSITIVE 1073741824U
+SODIUM_EXPORT
+size_t crypto_pwhash_argon2id_memlimit_sensitive(void);
+
+SODIUM_EXPORT
+int crypto_pwhash_argon2id(unsigned char * const out,
+                           unsigned long long outlen,
+                           const char * const passwd,
+                           unsigned long long passwdlen,
+                           const unsigned char * const salt,
+                           unsigned long long opslimit, size_t memlimit,
+                           int alg)
+            __attribute__ ((warn_unused_result)) __attribute__ ((nonnull));
+
+SODIUM_EXPORT
+int crypto_pwhash_argon2id_str(char out[crypto_pwhash_argon2id_STRBYTES],
+                               const char * const passwd,
+                               unsigned long long passwdlen,
+                               unsigned long long opslimit, size_t memlimit)
+            __attribute__ ((warn_unused_result)) __attribute__ ((nonnull));
+
+SODIUM_EXPORT
+int crypto_pwhash_argon2id_str_verify(const char * str,
+                                      const char * const passwd,
+                                      unsigned long long passwdlen)
+            __attribute__ ((warn_unused_result))  __attribute__ ((nonnull));
+
+SODIUM_EXPORT
+int crypto_pwhash_argon2id_str_needs_rehash(const char * str,
+                                            unsigned long long opslimit, size_t memlimit)
+            __attribute__ ((warn_unused_result))  __attribute__ ((nonnull));
+
+#ifdef __cplusplus
+}
+#endif
+
+#endif
diff --git a/client/3rd/ShadowSocks/ShadowSocks/libsodium/ios/include/sodium/crypto_pwhash_scryptsalsa208sha256.h b/client/3rd/ShadowSocks/ShadowSocks/libsodium/ios/include/sodium/crypto_pwhash_scryptsalsa208sha256.h
new file mode 100644
index 00000000..1fd3692f
--- /dev/null
+++ b/client/3rd/ShadowSocks/ShadowSocks/libsodium/ios/include/sodium/crypto_pwhash_scryptsalsa208sha256.h
@@ -0,0 +1,120 @@
+#ifndef crypto_pwhash_scryptsalsa208sha256_H
+#define crypto_pwhash_scryptsalsa208sha256_H
+
+#include <limits.h>
+#include <stddef.h>
+#include <stdint.h>
+
+#include "export.h"
+
+#ifdef __cplusplus
+# ifdef __GNUC__
+#  pragma GCC diagnostic ignored "-Wlong-long"
+# endif
+extern "C" {
+#endif
+
+#define crypto_pwhash_scryptsalsa208sha256_BYTES_MIN 16U
+SODIUM_EXPORT
+size_t crypto_pwhash_scryptsalsa208sha256_bytes_min(void);
+
+#define crypto_pwhash_scryptsalsa208sha256_BYTES_MAX \
+    SODIUM_MIN(SODIUM_SIZE_MAX, 0x1fffffffe0ULL)
+SODIUM_EXPORT
+size_t crypto_pwhash_scryptsalsa208sha256_bytes_max(void);
+
+#define crypto_pwhash_scryptsalsa208sha256_PASSWD_MIN 0U
+SODIUM_EXPORT
+size_t crypto_pwhash_scryptsalsa208sha256_passwd_min(void);
+
+#define crypto_pwhash_scryptsalsa208sha256_PASSWD_MAX SODIUM_SIZE_MAX
+SODIUM_EXPORT
+size_t crypto_pwhash_scryptsalsa208sha256_passwd_max(void);
+
+#define crypto_pwhash_scryptsalsa208sha256_SALTBYTES 32U
+SODIUM_EXPORT
+size_t crypto_pwhash_scryptsalsa208sha256_saltbytes(void);
+
+#define crypto_pwhash_scryptsalsa208sha256_STRBYTES 102U
+SODIUM_EXPORT
+size_t crypto_pwhash_scryptsalsa208sha256_strbytes(void);
+
+#define crypto_pwhash_scryptsalsa208sha256_STRPREFIX "$7$"
+SODIUM_EXPORT
+const char *crypto_pwhash_scryptsalsa208sha256_strprefix(void);
+
+#define crypto_pwhash_scryptsalsa208sha256_OPSLIMIT_MIN 32768U
+SODIUM_EXPORT
+unsigned long long crypto_pwhash_scryptsalsa208sha256_opslimit_min(void);
+
+#define crypto_pwhash_scryptsalsa208sha256_OPSLIMIT_MAX 4294967295U
+SODIUM_EXPORT
+unsigned long long crypto_pwhash_scryptsalsa208sha256_opslimit_max(void);
+
+#define crypto_pwhash_scryptsalsa208sha256_MEMLIMIT_MIN 16777216U
+SODIUM_EXPORT
+size_t crypto_pwhash_scryptsalsa208sha256_memlimit_min(void);
+
+#define crypto_pwhash_scryptsalsa208sha256_MEMLIMIT_MAX \
+    SODIUM_MIN(SIZE_MAX, 68719476736ULL)
+SODIUM_EXPORT
+size_t crypto_pwhash_scryptsalsa208sha256_memlimit_max(void);
+
+#define crypto_pwhash_scryptsalsa208sha256_OPSLIMIT_INTERACTIVE 524288U
+SODIUM_EXPORT
+unsigned long long crypto_pwhash_scryptsalsa208sha256_opslimit_interactive(void);
+
+#define crypto_pwhash_scryptsalsa208sha256_MEMLIMIT_INTERACTIVE 16777216U
+SODIUM_EXPORT
+size_t crypto_pwhash_scryptsalsa208sha256_memlimit_interactive(void);
+
+#define crypto_pwhash_scryptsalsa208sha256_OPSLIMIT_SENSITIVE 33554432U
+SODIUM_EXPORT
+unsigned long long crypto_pwhash_scryptsalsa208sha256_opslimit_sensitive(void);
+
+#define crypto_pwhash_scryptsalsa208sha256_MEMLIMIT_SENSITIVE 1073741824U
+SODIUM_EXPORT
+size_t crypto_pwhash_scryptsalsa208sha256_memlimit_sensitive(void);
+
+SODIUM_EXPORT
+int crypto_pwhash_scryptsalsa208sha256(unsigned char * const out,
+                                       unsigned long long outlen,
+                                       const char * const passwd,
+                                       unsigned long long passwdlen,
+                                       const unsigned char * const salt,
+                                       unsigned long long opslimit,
+                                       size_t memlimit)
+            __attribute__ ((warn_unused_result)) __attribute__ ((nonnull));
+
+SODIUM_EXPORT
+int crypto_pwhash_scryptsalsa208sha256_str(char out[crypto_pwhash_scryptsalsa208sha256_STRBYTES],
+                                           const char * const passwd,
+                                           unsigned long long passwdlen,
+                                           unsigned long long opslimit,
+                                           size_t memlimit)
+            __attribute__ ((warn_unused_result)) __attribute__ ((nonnull));
+
+SODIUM_EXPORT
+int crypto_pwhash_scryptsalsa208sha256_str_verify(const char * str,
+                                                  const char * const passwd,
+                                                  unsigned long long passwdlen)
+            __attribute__ ((warn_unused_result)) __attribute__ ((nonnull));
+
+SODIUM_EXPORT
+int crypto_pwhash_scryptsalsa208sha256_ll(const uint8_t * passwd, size_t passwdlen,
+                                          const uint8_t * salt, size_t saltlen,
+                                          uint64_t N, uint32_t r, uint32_t p,
+                                          uint8_t * buf, size_t buflen)
+            __attribute__ ((warn_unused_result)) __attribute__ ((nonnull));
+
+SODIUM_EXPORT
+int crypto_pwhash_scryptsalsa208sha256_str_needs_rehash(const char * str,
+                                                        unsigned long long opslimit,
+                                                        size_t memlimit)
+            __attribute__ ((warn_unused_result))  __attribute__ ((nonnull));
+
+#ifdef __cplusplus
+}
+#endif
+
+#endif
diff --git a/client/3rd/ShadowSocks/ShadowSocks/libsodium/ios/include/sodium/crypto_scalarmult.h b/client/3rd/ShadowSocks/ShadowSocks/libsodium/ios/include/sodium/crypto_scalarmult.h
new file mode 100644
index 00000000..1c685853
--- /dev/null
+++ b/client/3rd/ShadowSocks/ShadowSocks/libsodium/ios/include/sodium/crypto_scalarmult.h
@@ -0,0 +1,46 @@
+#ifndef crypto_scalarmult_H
+#define crypto_scalarmult_H
+
+#include <stddef.h>
+
+#include "crypto_scalarmult_curve25519.h"
+#include "export.h"
+
+#ifdef __cplusplus
+extern "C" {
+#endif
+
+#define crypto_scalarmult_BYTES crypto_scalarmult_curve25519_BYTES
+SODIUM_EXPORT
+size_t  crypto_scalarmult_bytes(void);
+
+#define crypto_scalarmult_SCALARBYTES crypto_scalarmult_curve25519_SCALARBYTES
+SODIUM_EXPORT
+size_t  crypto_scalarmult_scalarbytes(void);
+
+#define crypto_scalarmult_PRIMITIVE "curve25519"
+SODIUM_EXPORT
+const char *crypto_scalarmult_primitive(void);
+
+SODIUM_EXPORT
+int crypto_scalarmult_base(unsigned char *q, const unsigned char *n)
+            __attribute__ ((nonnull));
+
+/*
+ * NOTE: Do not use the result of this function directly for key exchange.
+ *
+ * Hash the result with the public keys in order to compute a shared
+ * secret key: H(q || client_pk || server_pk)
+ *
+ * Or unless this is not an option, use the crypto_kx() API instead.
+ */
+SODIUM_EXPORT
+int crypto_scalarmult(unsigned char *q, const unsigned char *n,
+                      const unsigned char *p)
+            __attribute__ ((warn_unused_result)) __attribute__ ((nonnull));
+
+#ifdef __cplusplus
+}
+#endif
+
+#endif
diff --git a/client/3rd/ShadowSocks/ShadowSocks/libsodium/ios/include/sodium/crypto_scalarmult_curve25519.h b/client/3rd/ShadowSocks/ShadowSocks/libsodium/ios/include/sodium/crypto_scalarmult_curve25519.h
new file mode 100644
index 00000000..60e9d0c5
--- /dev/null
+++ b/client/3rd/ShadowSocks/ShadowSocks/libsodium/ios/include/sodium/crypto_scalarmult_curve25519.h
@@ -0,0 +1,42 @@
+#ifndef crypto_scalarmult_curve25519_H
+#define crypto_scalarmult_curve25519_H
+
+#include <stddef.h>
+
+#include "export.h"
+
+#ifdef __cplusplus
+extern "C" {
+#endif
+
+#define crypto_scalarmult_curve25519_BYTES 32U
+SODIUM_EXPORT
+size_t crypto_scalarmult_curve25519_bytes(void);
+
+#define crypto_scalarmult_curve25519_SCALARBYTES 32U
+SODIUM_EXPORT
+size_t crypto_scalarmult_curve25519_scalarbytes(void);
+
+/*
+ * NOTE: Do not use the result of this function directly for key exchange.
+ *
+ * Hash the result with the public keys in order to compute a shared
+ * secret key: H(q || client_pk || server_pk)
+ *
+ * Or unless this is not an option, use the crypto_kx() API instead.
+ */
+SODIUM_EXPORT
+int crypto_scalarmult_curve25519(unsigned char *q, const unsigned char *n,
+                                 const unsigned char *p)
+            __attribute__ ((warn_unused_result)) __attribute__ ((nonnull));
+
+SODIUM_EXPORT
+int crypto_scalarmult_curve25519_base(unsigned char *q,
+                                      const unsigned char *n)
+            __attribute__ ((nonnull));
+
+#ifdef __cplusplus
+}
+#endif
+
+#endif
diff --git a/client/3rd/ShadowSocks/ShadowSocks/libsodium/ios/include/sodium/crypto_scalarmult_ed25519.h b/client/3rd/ShadowSocks/ShadowSocks/libsodium/ios/include/sodium/crypto_scalarmult_ed25519.h
new file mode 100644
index 00000000..2dfa4d70
--- /dev/null
+++ b/client/3rd/ShadowSocks/ShadowSocks/libsodium/ios/include/sodium/crypto_scalarmult_ed25519.h
@@ -0,0 +1,51 @@
+
+#ifndef crypto_scalarmult_ed25519_H
+#define crypto_scalarmult_ed25519_H
+
+#include <stddef.h>
+
+#include "export.h"
+
+#ifdef __cplusplus
+extern "C" {
+#endif
+
+#define crypto_scalarmult_ed25519_BYTES 32U
+SODIUM_EXPORT
+size_t crypto_scalarmult_ed25519_bytes(void);
+
+#define crypto_scalarmult_ed25519_SCALARBYTES 32U
+SODIUM_EXPORT
+size_t crypto_scalarmult_ed25519_scalarbytes(void);
+
+/*
+ * NOTE: Do not use the result of this function directly for key exchange.
+ *
+ * Hash the result with the public keys in order to compute a shared
+ * secret key: H(q || client_pk || server_pk)
+ *
+ * Or unless this is not an option, use the crypto_kx() API instead.
+ */
+SODIUM_EXPORT
+int crypto_scalarmult_ed25519(unsigned char *q, const unsigned char *n,
+                              const unsigned char *p)
+            __attribute__ ((warn_unused_result)) __attribute__ ((nonnull));
+
+SODIUM_EXPORT
+int crypto_scalarmult_ed25519_noclamp(unsigned char *q, const unsigned char *n,
+                                      const unsigned char *p)
+            __attribute__ ((warn_unused_result)) __attribute__ ((nonnull));
+
+SODIUM_EXPORT
+int crypto_scalarmult_ed25519_base(unsigned char *q, const unsigned char *n)
+            __attribute__ ((nonnull));
+
+SODIUM_EXPORT
+int crypto_scalarmult_ed25519_base_noclamp(unsigned char *q, const unsigned char *n)
+            __attribute__ ((nonnull));
+
+#ifdef __cplusplus
+}
+#endif
+
+#endif
diff --git a/client/3rd/ShadowSocks/ShadowSocks/libsodium/ios/include/sodium/crypto_scalarmult_ristretto255.h b/client/3rd/ShadowSocks/ShadowSocks/libsodium/ios/include/sodium/crypto_scalarmult_ristretto255.h
new file mode 100644
index 00000000..40a45cce
--- /dev/null
+++ b/client/3rd/ShadowSocks/ShadowSocks/libsodium/ios/include/sodium/crypto_scalarmult_ristretto255.h
@@ -0,0 +1,43 @@
+
+#ifndef crypto_scalarmult_ristretto255_H
+#define crypto_scalarmult_ristretto255_H
+
+#include <stddef.h>
+
+#include "export.h"
+
+#ifdef __cplusplus
+extern "C" {
+#endif
+
+#define crypto_scalarmult_ristretto255_BYTES 32U
+SODIUM_EXPORT
+size_t crypto_scalarmult_ristretto255_bytes(void);
+
+#define crypto_scalarmult_ristretto255_SCALARBYTES 32U
+SODIUM_EXPORT
+size_t crypto_scalarmult_ristretto255_scalarbytes(void);
+
+/*
+ * NOTE: Do not use the result of this function directly for key exchange.
+ *
+ * Hash the result with the public keys in order to compute a shared
+ * secret key: H(q || client_pk || server_pk)
+ *
+ * Or unless this is not an option, use the crypto_kx() API instead.
+ */
+SODIUM_EXPORT
+int crypto_scalarmult_ristretto255(unsigned char *q, const unsigned char *n,
+                                   const unsigned char *p)
+            __attribute__ ((warn_unused_result)) __attribute__ ((nonnull));
+
+SODIUM_EXPORT
+int crypto_scalarmult_ristretto255_base(unsigned char *q,
+                                        const unsigned char *n)
+            __attribute__ ((nonnull));
+
+#ifdef __cplusplus
+}
+#endif
+
+#endif
diff --git a/client/3rd/ShadowSocks/ShadowSocks/libsodium/ios/include/sodium/crypto_secretbox.h b/client/3rd/ShadowSocks/ShadowSocks/libsodium/ios/include/sodium/crypto_secretbox.h
new file mode 100644
index 00000000..68024b45
--- /dev/null
+++ b/client/3rd/ShadowSocks/ShadowSocks/libsodium/ios/include/sodium/crypto_secretbox.h
@@ -0,0 +1,94 @@
+#ifndef crypto_secretbox_H
+#define crypto_secretbox_H
+
+#include <stddef.h>
+
+#include "crypto_secretbox_xsalsa20poly1305.h"
+#include "export.h"
+
+#ifdef __cplusplus
+# ifdef __GNUC__
+#  pragma GCC diagnostic ignored "-Wlong-long"
+# endif
+extern "C" {
+#endif
+
+#define crypto_secretbox_KEYBYTES crypto_secretbox_xsalsa20poly1305_KEYBYTES
+SODIUM_EXPORT
+size_t  crypto_secretbox_keybytes(void);
+
+#define crypto_secretbox_NONCEBYTES crypto_secretbox_xsalsa20poly1305_NONCEBYTES
+SODIUM_EXPORT
+size_t  crypto_secretbox_noncebytes(void);
+
+#define crypto_secretbox_MACBYTES crypto_secretbox_xsalsa20poly1305_MACBYTES
+SODIUM_EXPORT
+size_t  crypto_secretbox_macbytes(void);
+
+#define crypto_secretbox_PRIMITIVE "xsalsa20poly1305"
+SODIUM_EXPORT
+const char *crypto_secretbox_primitive(void);
+
+#define crypto_secretbox_MESSAGEBYTES_MAX crypto_secretbox_xsalsa20poly1305_MESSAGEBYTES_MAX
+SODIUM_EXPORT
+size_t crypto_secretbox_messagebytes_max(void);
+
+SODIUM_EXPORT
+int crypto_secretbox_easy(unsigned char *c, const unsigned char *m,
+                          unsigned long long mlen, const unsigned char *n,
+                          const unsigned char *k) __attribute__ ((nonnull(1, 4, 5)));
+
+SODIUM_EXPORT
+int crypto_secretbox_open_easy(unsigned char *m, const unsigned char *c,
+                               unsigned long long clen, const unsigned char *n,
+                               const unsigned char *k)
+            __attribute__ ((warn_unused_result)) __attribute__ ((nonnull(2, 4, 5)));
+
+SODIUM_EXPORT
+int crypto_secretbox_detached(unsigned char *c, unsigned char *mac,
+                              const unsigned char *m,
+                              unsigned long long mlen,
+                              const unsigned char *n,
+                              const unsigned char *k)
+            __attribute__ ((nonnull(1, 2, 5, 6)));
+
+SODIUM_EXPORT
+int crypto_secretbox_open_detached(unsigned char *m,
+                                   const unsigned char *c,
+                                   const unsigned char *mac,
+                                   unsigned long long clen,
+                                   const unsigned char *n,
+                                   const unsigned char *k)
+            __attribute__ ((warn_unused_result)) __attribute__ ((nonnull(2, 3, 5, 6)));
+
+SODIUM_EXPORT
+void crypto_secretbox_keygen(unsigned char k[crypto_secretbox_KEYBYTES])
+            __attribute__ ((nonnull));
+
+/* -- NaCl compatibility interface ; Requires padding -- */
+
+#define crypto_secretbox_ZEROBYTES crypto_secretbox_xsalsa20poly1305_ZEROBYTES
+SODIUM_EXPORT
+size_t  crypto_secretbox_zerobytes(void) __attribute__ ((deprecated));
+
+#define crypto_secretbox_BOXZEROBYTES crypto_secretbox_xsalsa20poly1305_BOXZEROBYTES
+SODIUM_EXPORT
+size_t  crypto_secretbox_boxzerobytes(void) __attribute__ ((deprecated));
+
+SODIUM_EXPORT
+int crypto_secretbox(unsigned char *c, const unsigned char *m,
+                     unsigned long long mlen, const unsigned char *n,
+                     const unsigned char *k)
+            __attribute__ ((deprecated)) __attribute__ ((nonnull(1, 4, 5)));
+
+SODIUM_EXPORT
+int crypto_secretbox_open(unsigned char *m, const unsigned char *c,
+                          unsigned long long clen, const unsigned char *n,
+                          const unsigned char *k)
+            __attribute__ ((deprecated)) __attribute__ ((warn_unused_result)) __attribute__ ((nonnull(2, 4, 5)));
+
+#ifdef __cplusplus
+}
+#endif
+
+#endif
diff --git a/client/3rd/ShadowSocks/ShadowSocks/libsodium/ios/include/sodium/crypto_secretbox_xchacha20poly1305.h b/client/3rd/ShadowSocks/ShadowSocks/libsodium/ios/include/sodium/crypto_secretbox_xchacha20poly1305.h
new file mode 100644
index 00000000..6ec674e3
--- /dev/null
+++ b/client/3rd/ShadowSocks/ShadowSocks/libsodium/ios/include/sodium/crypto_secretbox_xchacha20poly1305.h
@@ -0,0 +1,70 @@
+#ifndef crypto_secretbox_xchacha20poly1305_H
+#define crypto_secretbox_xchacha20poly1305_H
+
+#include <stddef.h>
+#include "crypto_stream_xchacha20.h"
+#include "export.h"
+
+#ifdef __cplusplus
+# ifdef __GNUC__
+#  pragma GCC diagnostic ignored "-Wlong-long"
+# endif
+extern "C" {
+#endif
+
+#define crypto_secretbox_xchacha20poly1305_KEYBYTES 32U
+SODIUM_EXPORT
+size_t crypto_secretbox_xchacha20poly1305_keybytes(void);
+
+#define crypto_secretbox_xchacha20poly1305_NONCEBYTES 24U
+SODIUM_EXPORT
+size_t crypto_secretbox_xchacha20poly1305_noncebytes(void);
+
+#define crypto_secretbox_xchacha20poly1305_MACBYTES 16U
+SODIUM_EXPORT
+size_t crypto_secretbox_xchacha20poly1305_macbytes(void);
+
+#define crypto_secretbox_xchacha20poly1305_MESSAGEBYTES_MAX \
+    (crypto_stream_xchacha20_MESSAGEBYTES_MAX - crypto_secretbox_xchacha20poly1305_MACBYTES)
+SODIUM_EXPORT
+size_t crypto_secretbox_xchacha20poly1305_messagebytes_max(void);
+
+SODIUM_EXPORT
+int crypto_secretbox_xchacha20poly1305_easy(unsigned char *c,
+                                            const unsigned char *m,
+                                            unsigned long long mlen,
+                                            const unsigned char *n,
+                                            const unsigned char *k)
+            __attribute__ ((nonnull(1, 4, 5)));
+
+SODIUM_EXPORT
+int crypto_secretbox_xchacha20poly1305_open_easy(unsigned char *m,
+                                                 const unsigned char *c,
+                                                 unsigned long long clen,
+                                                 const unsigned char *n,
+                                                 const unsigned char *k)
+            __attribute__ ((warn_unused_result)) __attribute__ ((nonnull(2, 4, 5)));
+
+SODIUM_EXPORT
+int crypto_secretbox_xchacha20poly1305_detached(unsigned char *c,
+                                                unsigned char *mac,
+                                                const unsigned char *m,
+                                                unsigned long long mlen,
+                                                const unsigned char *n,
+                                                const unsigned char *k)
+            __attribute__ ((nonnull(1, 2, 5, 6)));
+
+SODIUM_EXPORT
+int crypto_secretbox_xchacha20poly1305_open_detached(unsigned char *m,
+                                                     const unsigned char *c,
+                                                     const unsigned char *mac,
+                                                     unsigned long long clen,
+                                                     const unsigned char *n,
+                                                     const unsigned char *k)
+            __attribute__ ((warn_unused_result)) __attribute__ ((nonnull(2, 3, 5, 6)));
+
+#ifdef __cplusplus
+}
+#endif
+
+#endif
diff --git a/client/3rd/ShadowSocks/ShadowSocks/libsodium/ios/include/sodium/crypto_secretbox_xsalsa20poly1305.h b/client/3rd/ShadowSocks/ShadowSocks/libsodium/ios/include/sodium/crypto_secretbox_xsalsa20poly1305.h
new file mode 100644
index 00000000..81bff3d6
--- /dev/null
+++ b/client/3rd/ShadowSocks/ShadowSocks/libsodium/ios/include/sodium/crypto_secretbox_xsalsa20poly1305.h
@@ -0,0 +1,71 @@
+#ifndef crypto_secretbox_xsalsa20poly1305_H
+#define crypto_secretbox_xsalsa20poly1305_H
+
+#include <stddef.h>
+#include "crypto_stream_xsalsa20.h"
+#include "export.h"
+
+#ifdef __cplusplus
+# ifdef __GNUC__
+#  pragma GCC diagnostic ignored "-Wlong-long"
+# endif
+extern "C" {
+#endif
+
+#define crypto_secretbox_xsalsa20poly1305_KEYBYTES 32U
+SODIUM_EXPORT
+size_t crypto_secretbox_xsalsa20poly1305_keybytes(void);
+
+#define crypto_secretbox_xsalsa20poly1305_NONCEBYTES 24U
+SODIUM_EXPORT
+size_t crypto_secretbox_xsalsa20poly1305_noncebytes(void);
+
+#define crypto_secretbox_xsalsa20poly1305_MACBYTES 16U
+SODIUM_EXPORT
+size_t crypto_secretbox_xsalsa20poly1305_macbytes(void);
+
+/* Only for the libsodium API - The NaCl compatibility API would require BOXZEROBYTES extra bytes */
+#define crypto_secretbox_xsalsa20poly1305_MESSAGEBYTES_MAX \
+    (crypto_stream_xsalsa20_MESSAGEBYTES_MAX - crypto_secretbox_xsalsa20poly1305_MACBYTES)
+SODIUM_EXPORT
+size_t crypto_secretbox_xsalsa20poly1305_messagebytes_max(void);
+
+SODIUM_EXPORT
+void crypto_secretbox_xsalsa20poly1305_keygen(unsigned char k[crypto_secretbox_xsalsa20poly1305_KEYBYTES])
+            __attribute__ ((nonnull));
+
+/* -- NaCl compatibility interface ; Requires padding -- */
+
+#define crypto_secretbox_xsalsa20poly1305_BOXZEROBYTES 16U
+SODIUM_EXPORT
+size_t crypto_secretbox_xsalsa20poly1305_boxzerobytes(void)
+            __attribute__ ((deprecated));
+
+#define crypto_secretbox_xsalsa20poly1305_ZEROBYTES \
+    (crypto_secretbox_xsalsa20poly1305_BOXZEROBYTES + \
+     crypto_secretbox_xsalsa20poly1305_MACBYTES)
+SODIUM_EXPORT
+size_t crypto_secretbox_xsalsa20poly1305_zerobytes(void)
+            __attribute__ ((deprecated));
+
+SODIUM_EXPORT
+int crypto_secretbox_xsalsa20poly1305(unsigned char *c,
+                                      const unsigned char *m,
+                                      unsigned long long mlen,
+                                      const unsigned char *n,
+                                      const unsigned char *k)
+            __attribute__ ((deprecated)) __attribute__ ((nonnull(1, 4, 5)));
+
+SODIUM_EXPORT
+int crypto_secretbox_xsalsa20poly1305_open(unsigned char *m,
+                                           const unsigned char *c,
+                                           unsigned long long clen,
+                                           const unsigned char *n,
+                                           const unsigned char *k)
+            __attribute__ ((deprecated)) __attribute__ ((warn_unused_result)) __attribute__ ((nonnull(2, 4, 5)));
+
+#ifdef __cplusplus
+}
+#endif
+
+#endif
diff --git a/client/3rd/ShadowSocks/ShadowSocks/libsodium/ios/include/sodium/crypto_secretstream_xchacha20poly1305.h b/client/3rd/ShadowSocks/ShadowSocks/libsodium/ios/include/sodium/crypto_secretstream_xchacha20poly1305.h
new file mode 100644
index 00000000..b22e4e93
--- /dev/null
+++ b/client/3rd/ShadowSocks/ShadowSocks/libsodium/ios/include/sodium/crypto_secretstream_xchacha20poly1305.h
@@ -0,0 +1,108 @@
+#ifndef crypto_secretstream_xchacha20poly1305_H
+#define crypto_secretstream_xchacha20poly1305_H
+
+#include <stddef.h>
+
+#include "crypto_aead_xchacha20poly1305.h"
+#include "crypto_stream_chacha20.h"
+#include "export.h"
+
+#ifdef __cplusplus
+# ifdef __GNUC__
+#  pragma GCC diagnostic ignored "-Wlong-long"
+# endif
+extern "C" {
+#endif
+
+#define crypto_secretstream_xchacha20poly1305_ABYTES \
+    (1U + crypto_aead_xchacha20poly1305_ietf_ABYTES)
+SODIUM_EXPORT
+size_t crypto_secretstream_xchacha20poly1305_abytes(void);
+
+#define crypto_secretstream_xchacha20poly1305_HEADERBYTES \
+    crypto_aead_xchacha20poly1305_ietf_NPUBBYTES
+SODIUM_EXPORT
+size_t crypto_secretstream_xchacha20poly1305_headerbytes(void);
+
+#define crypto_secretstream_xchacha20poly1305_KEYBYTES \
+    crypto_aead_xchacha20poly1305_ietf_KEYBYTES
+SODIUM_EXPORT
+size_t crypto_secretstream_xchacha20poly1305_keybytes(void);
+
+#define crypto_secretstream_xchacha20poly1305_MESSAGEBYTES_MAX \
+    SODIUM_MIN(SODIUM_SIZE_MAX - crypto_secretstream_xchacha20poly1305_ABYTES, \
+              (64ULL * ((1ULL << 32) - 2ULL)))
+SODIUM_EXPORT
+size_t crypto_secretstream_xchacha20poly1305_messagebytes_max(void);
+
+#define crypto_secretstream_xchacha20poly1305_TAG_MESSAGE 0x00
+SODIUM_EXPORT
+unsigned char crypto_secretstream_xchacha20poly1305_tag_message(void);
+
+#define crypto_secretstream_xchacha20poly1305_TAG_PUSH    0x01
+SODIUM_EXPORT
+unsigned char crypto_secretstream_xchacha20poly1305_tag_push(void);
+
+#define crypto_secretstream_xchacha20poly1305_TAG_REKEY   0x02
+SODIUM_EXPORT
+unsigned char crypto_secretstream_xchacha20poly1305_tag_rekey(void);
+
+#define crypto_secretstream_xchacha20poly1305_TAG_FINAL \
+    (crypto_secretstream_xchacha20poly1305_TAG_PUSH | \
+     crypto_secretstream_xchacha20poly1305_TAG_REKEY)
+SODIUM_EXPORT
+unsigned char crypto_secretstream_xchacha20poly1305_tag_final(void);
+
+typedef struct crypto_secretstream_xchacha20poly1305_state {
+    unsigned char k[crypto_stream_chacha20_ietf_KEYBYTES];
+    unsigned char nonce[crypto_stream_chacha20_ietf_NONCEBYTES];
+    unsigned char _pad[8];
+} crypto_secretstream_xchacha20poly1305_state;
+
+SODIUM_EXPORT
+size_t crypto_secretstream_xchacha20poly1305_statebytes(void);
+
+SODIUM_EXPORT
+void crypto_secretstream_xchacha20poly1305_keygen
+   (unsigned char k[crypto_secretstream_xchacha20poly1305_KEYBYTES])
+            __attribute__ ((nonnull));
+
+SODIUM_EXPORT
+int crypto_secretstream_xchacha20poly1305_init_push
+   (crypto_secretstream_xchacha20poly1305_state *state,
+    unsigned char header[crypto_secretstream_xchacha20poly1305_HEADERBYTES],
+    const unsigned char k[crypto_secretstream_xchacha20poly1305_KEYBYTES])
+            __attribute__ ((nonnull));
+
+SODIUM_EXPORT
+int crypto_secretstream_xchacha20poly1305_push
+   (crypto_secretstream_xchacha20poly1305_state *state,
+    unsigned char *c, unsigned long long *clen_p,
+    const unsigned char *m, unsigned long long mlen,
+    const unsigned char *ad, unsigned long long adlen, unsigned char tag)
+            __attribute__ ((nonnull(1)));
+
+SODIUM_EXPORT
+int crypto_secretstream_xchacha20poly1305_init_pull
+   (crypto_secretstream_xchacha20poly1305_state *state,
+    const unsigned char header[crypto_secretstream_xchacha20poly1305_HEADERBYTES],
+    const unsigned char k[crypto_secretstream_xchacha20poly1305_KEYBYTES])
+            __attribute__ ((nonnull));
+
+SODIUM_EXPORT
+int crypto_secretstream_xchacha20poly1305_pull
+   (crypto_secretstream_xchacha20poly1305_state *state,
+    unsigned char *m, unsigned long long *mlen_p, unsigned char *tag_p,
+    const unsigned char *c, unsigned long long clen,
+    const unsigned char *ad, unsigned long long adlen)
+            __attribute__ ((nonnull(1)));
+
+SODIUM_EXPORT
+void crypto_secretstream_xchacha20poly1305_rekey
+    (crypto_secretstream_xchacha20poly1305_state *state);
+
+#ifdef __cplusplus
+}
+#endif
+
+#endif
diff --git a/client/3rd/ShadowSocks/ShadowSocks/libsodium/ios/include/sodium/crypto_shorthash.h b/client/3rd/ShadowSocks/ShadowSocks/libsodium/ios/include/sodium/crypto_shorthash.h
new file mode 100644
index 00000000..fecaa88b
--- /dev/null
+++ b/client/3rd/ShadowSocks/ShadowSocks/libsodium/ios/include/sodium/crypto_shorthash.h
@@ -0,0 +1,41 @@
+#ifndef crypto_shorthash_H
+#define crypto_shorthash_H
+
+#include <stddef.h>
+
+#include "crypto_shorthash_siphash24.h"
+#include "export.h"
+
+#ifdef __cplusplus
+# ifdef __GNUC__
+#  pragma GCC diagnostic ignored "-Wlong-long"
+# endif
+extern "C" {
+#endif
+
+#define crypto_shorthash_BYTES crypto_shorthash_siphash24_BYTES
+SODIUM_EXPORT
+size_t  crypto_shorthash_bytes(void);
+
+#define crypto_shorthash_KEYBYTES crypto_shorthash_siphash24_KEYBYTES
+SODIUM_EXPORT
+size_t  crypto_shorthash_keybytes(void);
+
+#define crypto_shorthash_PRIMITIVE "siphash24"
+SODIUM_EXPORT
+const char *crypto_shorthash_primitive(void);
+
+SODIUM_EXPORT
+int crypto_shorthash(unsigned char *out, const unsigned char *in,
+                     unsigned long long inlen, const unsigned char *k)
+            __attribute__ ((nonnull(1, 4)));
+
+SODIUM_EXPORT
+void crypto_shorthash_keygen(unsigned char k[crypto_shorthash_KEYBYTES])
+            __attribute__ ((nonnull));
+
+#ifdef __cplusplus
+}
+#endif
+
+#endif
diff --git a/client/3rd/ShadowSocks/ShadowSocks/libsodium/ios/include/sodium/crypto_shorthash_siphash24.h b/client/3rd/ShadowSocks/ShadowSocks/libsodium/ios/include/sodium/crypto_shorthash_siphash24.h
new file mode 100644
index 00000000..1e6f72a6
--- /dev/null
+++ b/client/3rd/ShadowSocks/ShadowSocks/libsodium/ios/include/sodium/crypto_shorthash_siphash24.h
@@ -0,0 +1,50 @@
+#ifndef crypto_shorthash_siphash24_H
+#define crypto_shorthash_siphash24_H
+
+#include <stddef.h>
+#include "export.h"
+
+#ifdef __cplusplus
+# ifdef __GNUC__
+#  pragma GCC diagnostic ignored "-Wlong-long"
+# endif
+extern "C" {
+#endif
+
+/* -- 64-bit output -- */
+
+#define crypto_shorthash_siphash24_BYTES 8U
+SODIUM_EXPORT
+size_t crypto_shorthash_siphash24_bytes(void);
+
+#define crypto_shorthash_siphash24_KEYBYTES 16U
+SODIUM_EXPORT
+size_t crypto_shorthash_siphash24_keybytes(void);
+
+SODIUM_EXPORT
+int crypto_shorthash_siphash24(unsigned char *out, const unsigned char *in,
+                               unsigned long long inlen, const unsigned char *k)
+            __attribute__ ((nonnull(1, 4)));
+
+#ifndef SODIUM_LIBRARY_MINIMAL
+/* -- 128-bit output -- */
+
+#define crypto_shorthash_siphashx24_BYTES 16U
+SODIUM_EXPORT
+size_t crypto_shorthash_siphashx24_bytes(void);
+
+#define crypto_shorthash_siphashx24_KEYBYTES 16U
+SODIUM_EXPORT
+size_t crypto_shorthash_siphashx24_keybytes(void);
+
+SODIUM_EXPORT
+int crypto_shorthash_siphashx24(unsigned char *out, const unsigned char *in,
+                                unsigned long long inlen, const unsigned char *k)
+            __attribute__ ((nonnull(1, 4)));
+#endif
+
+#ifdef __cplusplus
+}
+#endif
+
+#endif
diff --git a/client/3rd/ShadowSocks/ShadowSocks/libsodium/ios/include/sodium/crypto_sign.h b/client/3rd/ShadowSocks/ShadowSocks/libsodium/ios/include/sodium/crypto_sign.h
new file mode 100644
index 00000000..f5fafb12
--- /dev/null
+++ b/client/3rd/ShadowSocks/ShadowSocks/libsodium/ios/include/sodium/crypto_sign.h
@@ -0,0 +1,107 @@
+#ifndef crypto_sign_H
+#define crypto_sign_H
+
+/*
+ * THREAD SAFETY: crypto_sign_keypair() is thread-safe,
+ * provided that sodium_init() was called before.
+ *
+ * Other functions, including crypto_sign_seed_keypair() are always thread-safe.
+ */
+
+#include <stddef.h>
+
+#include "crypto_sign_ed25519.h"
+#include "export.h"
+
+#ifdef __cplusplus
+# ifdef __GNUC__
+#  pragma GCC diagnostic ignored "-Wlong-long"
+# endif
+extern "C" {
+#endif
+
+typedef crypto_sign_ed25519ph_state crypto_sign_state;
+
+SODIUM_EXPORT
+size_t  crypto_sign_statebytes(void);
+
+#define crypto_sign_BYTES crypto_sign_ed25519_BYTES
+SODIUM_EXPORT
+size_t  crypto_sign_bytes(void);
+
+#define crypto_sign_SEEDBYTES crypto_sign_ed25519_SEEDBYTES
+SODIUM_EXPORT
+size_t  crypto_sign_seedbytes(void);
+
+#define crypto_sign_PUBLICKEYBYTES crypto_sign_ed25519_PUBLICKEYBYTES
+SODIUM_EXPORT
+size_t  crypto_sign_publickeybytes(void);
+
+#define crypto_sign_SECRETKEYBYTES crypto_sign_ed25519_SECRETKEYBYTES
+SODIUM_EXPORT
+size_t  crypto_sign_secretkeybytes(void);
+
+#define crypto_sign_MESSAGEBYTES_MAX crypto_sign_ed25519_MESSAGEBYTES_MAX
+SODIUM_EXPORT
+size_t  crypto_sign_messagebytes_max(void);
+
+#define crypto_sign_PRIMITIVE "ed25519"
+SODIUM_EXPORT
+const char *crypto_sign_primitive(void);
+
+SODIUM_EXPORT
+int crypto_sign_seed_keypair(unsigned char *pk, unsigned char *sk,
+                             const unsigned char *seed)
+            __attribute__ ((nonnull));
+
+SODIUM_EXPORT
+int crypto_sign_keypair(unsigned char *pk, unsigned char *sk)
+            __attribute__ ((nonnull));
+
+SODIUM_EXPORT
+int crypto_sign(unsigned char *sm, unsigned long long *smlen_p,
+                const unsigned char *m, unsigned long long mlen,
+                const unsigned char *sk) __attribute__ ((nonnull(1, 5)));
+
+SODIUM_EXPORT
+int crypto_sign_open(unsigned char *m, unsigned long long *mlen_p,
+                     const unsigned char *sm, unsigned long long smlen,
+                     const unsigned char *pk)
+            __attribute__ ((warn_unused_result)) __attribute__ ((nonnull(3, 5)));
+
+SODIUM_EXPORT
+int crypto_sign_detached(unsigned char *sig, unsigned long long *siglen_p,
+                         const unsigned char *m, unsigned long long mlen,
+                         const unsigned char *sk) __attribute__ ((nonnull(1, 5)));
+
+SODIUM_EXPORT
+int crypto_sign_verify_detached(const unsigned char *sig,
+                                const unsigned char *m,
+                                unsigned long long mlen,
+                                const unsigned char *pk)
+            __attribute__ ((warn_unused_result)) __attribute__ ((nonnull(1, 4)));
+
+SODIUM_EXPORT
+int crypto_sign_init(crypto_sign_state *state);
+
+SODIUM_EXPORT
+int crypto_sign_update(crypto_sign_state *state,
+                       const unsigned char *m, unsigned long long mlen)
+            __attribute__ ((nonnull(1)));
+
+SODIUM_EXPORT
+int crypto_sign_final_create(crypto_sign_state *state, unsigned char *sig,
+                             unsigned long long *siglen_p,
+                             const unsigned char *sk)
+            __attribute__ ((nonnull(1, 2, 4)));
+
+SODIUM_EXPORT
+int crypto_sign_final_verify(crypto_sign_state *state, const unsigned char *sig,
+                             const unsigned char *pk)
+            __attribute__ ((warn_unused_result)) __attribute__ ((nonnull));
+
+#ifdef __cplusplus
+}
+#endif
+
+#endif
diff --git a/client/3rd/ShadowSocks/ShadowSocks/libsodium/ios/include/sodium/crypto_sign_ed25519.h b/client/3rd/ShadowSocks/ShadowSocks/libsodium/ios/include/sodium/crypto_sign_ed25519.h
new file mode 100644
index 00000000..0fdac42d
--- /dev/null
+++ b/client/3rd/ShadowSocks/ShadowSocks/libsodium/ios/include/sodium/crypto_sign_ed25519.h
@@ -0,0 +1,124 @@
+#ifndef crypto_sign_ed25519_H
+#define crypto_sign_ed25519_H
+
+#include <stddef.h>
+#include "crypto_hash_sha512.h"
+#include "export.h"
+
+#ifdef __cplusplus
+# ifdef __GNUC__
+#  pragma GCC diagnostic ignored "-Wlong-long"
+# endif
+extern "C" {
+#endif
+
+typedef struct crypto_sign_ed25519ph_state {
+    crypto_hash_sha512_state hs;
+} crypto_sign_ed25519ph_state;
+
+SODIUM_EXPORT
+size_t crypto_sign_ed25519ph_statebytes(void);
+
+#define crypto_sign_ed25519_BYTES 64U
+SODIUM_EXPORT
+size_t crypto_sign_ed25519_bytes(void);
+
+#define crypto_sign_ed25519_SEEDBYTES 32U
+SODIUM_EXPORT
+size_t crypto_sign_ed25519_seedbytes(void);
+
+#define crypto_sign_ed25519_PUBLICKEYBYTES 32U
+SODIUM_EXPORT
+size_t crypto_sign_ed25519_publickeybytes(void);
+
+#define crypto_sign_ed25519_SECRETKEYBYTES (32U + 32U)
+SODIUM_EXPORT
+size_t crypto_sign_ed25519_secretkeybytes(void);
+
+#define crypto_sign_ed25519_MESSAGEBYTES_MAX (SODIUM_SIZE_MAX - crypto_sign_ed25519_BYTES)
+SODIUM_EXPORT
+size_t crypto_sign_ed25519_messagebytes_max(void);
+
+SODIUM_EXPORT
+int crypto_sign_ed25519(unsigned char *sm, unsigned long long *smlen_p,
+                        const unsigned char *m, unsigned long long mlen,
+                        const unsigned char *sk)
+            __attribute__ ((nonnull(1, 5)));
+
+SODIUM_EXPORT
+int crypto_sign_ed25519_open(unsigned char *m, unsigned long long *mlen_p,
+                             const unsigned char *sm, unsigned long long smlen,
+                             const unsigned char *pk)
+            __attribute__ ((warn_unused_result)) __attribute__ ((nonnull(3, 5)));
+
+SODIUM_EXPORT
+int crypto_sign_ed25519_detached(unsigned char *sig,
+                                 unsigned long long *siglen_p,
+                                 const unsigned char *m,
+                                 unsigned long long mlen,
+                                 const unsigned char *sk)
+            __attribute__ ((nonnull(1, 5)));
+
+SODIUM_EXPORT
+int crypto_sign_ed25519_verify_detached(const unsigned char *sig,
+                                        const unsigned char *m,
+                                        unsigned long long mlen,
+                                        const unsigned char *pk)
+            __attribute__ ((warn_unused_result)) __attribute__ ((nonnull(1, 4)));
+
+SODIUM_EXPORT
+int crypto_sign_ed25519_keypair(unsigned char *pk, unsigned char *sk)
+            __attribute__ ((nonnull));
+
+SODIUM_EXPORT
+int crypto_sign_ed25519_seed_keypair(unsigned char *pk, unsigned char *sk,
+                                     const unsigned char *seed)
+            __attribute__ ((nonnull));
+
+SODIUM_EXPORT
+int crypto_sign_ed25519_pk_to_curve25519(unsigned char *curve25519_pk,
+                                         const unsigned char *ed25519_pk)
+            __attribute__ ((warn_unused_result)) __attribute__ ((nonnull));
+
+SODIUM_EXPORT
+int crypto_sign_ed25519_sk_to_curve25519(unsigned char *curve25519_sk,
+                                         const unsigned char *ed25519_sk)
+            __attribute__ ((nonnull));
+
+SODIUM_EXPORT
+int crypto_sign_ed25519_sk_to_seed(unsigned char *seed,
+                                   const unsigned char *sk)
+            __attribute__ ((nonnull));
+
+SODIUM_EXPORT
+int crypto_sign_ed25519_sk_to_pk(unsigned char *pk, const unsigned char *sk)
+            __attribute__ ((nonnull));
+
+SODIUM_EXPORT
+int crypto_sign_ed25519ph_init(crypto_sign_ed25519ph_state *state)
+            __attribute__ ((nonnull));
+
+SODIUM_EXPORT
+int crypto_sign_ed25519ph_update(crypto_sign_ed25519ph_state *state,
+                                 const unsigned char *m,
+                                 unsigned long long mlen)
+            __attribute__ ((nonnull(1)));
+
+SODIUM_EXPORT
+int crypto_sign_ed25519ph_final_create(crypto_sign_ed25519ph_state *state,
+                                       unsigned char *sig,
+                                       unsigned long long *siglen_p,
+                                       const unsigned char *sk)
+            __attribute__ ((nonnull(1, 2, 4)));
+
+SODIUM_EXPORT
+int crypto_sign_ed25519ph_final_verify(crypto_sign_ed25519ph_state *state,
+                                       const unsigned char *sig,
+                                       const unsigned char *pk)
+            __attribute__ ((warn_unused_result)) __attribute__ ((nonnull));
+
+#ifdef __cplusplus
+}
+#endif
+
+#endif
diff --git a/client/3rd/ShadowSocks/ShadowSocks/libsodium/ios/include/sodium/crypto_stream.h b/client/3rd/ShadowSocks/ShadowSocks/libsodium/ios/include/sodium/crypto_stream.h
new file mode 100644
index 00000000..88dab5f6
--- /dev/null
+++ b/client/3rd/ShadowSocks/ShadowSocks/libsodium/ios/include/sodium/crypto_stream.h
@@ -0,0 +1,59 @@
+#ifndef crypto_stream_H
+#define crypto_stream_H
+
+/*
+ *  WARNING: This is just a stream cipher. It is NOT authenticated encryption.
+ *  While it provides some protection against eavesdropping, it does NOT
+ *  provide any security against active attacks.
+ *  Unless you know what you're doing, what you are looking for is probably
+ *  the crypto_box functions.
+ */
+
+#include <stddef.h>
+
+#include "crypto_stream_xsalsa20.h"
+#include "export.h"
+
+#ifdef __cplusplus
+# ifdef __GNUC__
+#  pragma GCC diagnostic ignored "-Wlong-long"
+# endif
+extern "C" {
+#endif
+
+#define crypto_stream_KEYBYTES crypto_stream_xsalsa20_KEYBYTES
+SODIUM_EXPORT
+size_t  crypto_stream_keybytes(void);
+
+#define crypto_stream_NONCEBYTES crypto_stream_xsalsa20_NONCEBYTES
+SODIUM_EXPORT
+size_t  crypto_stream_noncebytes(void);
+
+#define crypto_stream_MESSAGEBYTES_MAX crypto_stream_xsalsa20_MESSAGEBYTES_MAX
+SODIUM_EXPORT
+size_t  crypto_stream_messagebytes_max(void);
+
+#define crypto_stream_PRIMITIVE "xsalsa20"
+SODIUM_EXPORT
+const char *crypto_stream_primitive(void);
+
+SODIUM_EXPORT
+int crypto_stream(unsigned char *c, unsigned long long clen,
+                  const unsigned char *n, const unsigned char *k)
+            __attribute__ ((nonnull));
+
+SODIUM_EXPORT
+int crypto_stream_xor(unsigned char *c, const unsigned char *m,
+                      unsigned long long mlen, const unsigned char *n,
+                      const unsigned char *k)
+            __attribute__ ((nonnull));
+
+SODIUM_EXPORT
+void crypto_stream_keygen(unsigned char k[crypto_stream_KEYBYTES])
+            __attribute__ ((nonnull));
+
+#ifdef __cplusplus
+}
+#endif
+
+#endif
diff --git a/client/3rd/ShadowSocks/ShadowSocks/libsodium/ios/include/sodium/crypto_stream_chacha20.h b/client/3rd/ShadowSocks/ShadowSocks/libsodium/ios/include/sodium/crypto_stream_chacha20.h
new file mode 100644
index 00000000..40889755
--- /dev/null
+++ b/client/3rd/ShadowSocks/ShadowSocks/libsodium/ios/include/sodium/crypto_stream_chacha20.h
@@ -0,0 +1,106 @@
+#ifndef crypto_stream_chacha20_H
+#define crypto_stream_chacha20_H
+
+/*
+ *  WARNING: This is just a stream cipher. It is NOT authenticated encryption.
+ *  While it provides some protection against eavesdropping, it does NOT
+ *  provide any security against active attacks.
+ *  Unless you know what you're doing, what you are looking for is probably
+ *  the crypto_box functions.
+ */
+
+#include <stddef.h>
+#include <stdint.h>
+#include "export.h"
+
+#ifdef __cplusplus
+# ifdef __GNUC__
+#  pragma GCC diagnostic ignored "-Wlong-long"
+# endif
+extern "C" {
+#endif
+
+#define crypto_stream_chacha20_KEYBYTES 32U
+SODIUM_EXPORT
+size_t crypto_stream_chacha20_keybytes(void);
+
+#define crypto_stream_chacha20_NONCEBYTES 8U
+SODIUM_EXPORT
+size_t crypto_stream_chacha20_noncebytes(void);
+
+#define crypto_stream_chacha20_MESSAGEBYTES_MAX SODIUM_SIZE_MAX
+SODIUM_EXPORT
+size_t crypto_stream_chacha20_messagebytes_max(void);
+
+/* ChaCha20 with a 64-bit nonce and a 64-bit counter, as originally designed */
+
+SODIUM_EXPORT
+int crypto_stream_chacha20(unsigned char *c, unsigned long long clen,
+                           const unsigned char *n, const unsigned char *k)
+            __attribute__ ((nonnull));
+
+SODIUM_EXPORT
+int crypto_stream_chacha20_xor(unsigned char *c, const unsigned char *m,
+                               unsigned long long mlen, const unsigned char *n,
+                               const unsigned char *k)
+            __attribute__ ((nonnull));
+
+SODIUM_EXPORT
+int crypto_stream_chacha20_xor_ic(unsigned char *c, const unsigned char *m,
+                                  unsigned long long mlen,
+                                  const unsigned char *n, uint64_t ic,
+                                  const unsigned char *k)
+            __attribute__ ((nonnull));
+
+SODIUM_EXPORT
+void crypto_stream_chacha20_keygen(unsigned char k[crypto_stream_chacha20_KEYBYTES])
+            __attribute__ ((nonnull));
+
+/* ChaCha20 with a 96-bit nonce and a 32-bit counter (IETF) */
+
+#define crypto_stream_chacha20_ietf_KEYBYTES 32U
+SODIUM_EXPORT
+size_t crypto_stream_chacha20_ietf_keybytes(void);
+
+#define crypto_stream_chacha20_ietf_NONCEBYTES 12U
+SODIUM_EXPORT
+size_t crypto_stream_chacha20_ietf_noncebytes(void);
+
+#define crypto_stream_chacha20_ietf_MESSAGEBYTES_MAX \
+    SODIUM_MIN(SODIUM_SIZE_MAX, 64ULL * (1ULL << 32))
+SODIUM_EXPORT
+size_t crypto_stream_chacha20_ietf_messagebytes_max(void);
+
+SODIUM_EXPORT
+int crypto_stream_chacha20_ietf(unsigned char *c, unsigned long long clen,
+                                const unsigned char *n, const unsigned char *k)
+            __attribute__ ((nonnull));
+
+SODIUM_EXPORT
+int crypto_stream_chacha20_ietf_xor(unsigned char *c, const unsigned char *m,
+                                    unsigned long long mlen, const unsigned char *n,
+                                    const unsigned char *k)
+            __attribute__ ((nonnull));
+
+SODIUM_EXPORT
+int crypto_stream_chacha20_ietf_xor_ic(unsigned char *c, const unsigned char *m,
+                                       unsigned long long mlen,
+                                       const unsigned char *n, uint32_t ic,
+                                       const unsigned char *k)
+            __attribute__ ((nonnull));
+
+SODIUM_EXPORT
+void crypto_stream_chacha20_ietf_keygen(unsigned char k[crypto_stream_chacha20_ietf_KEYBYTES])
+            __attribute__ ((nonnull));
+
+/* Aliases */
+
+#define crypto_stream_chacha20_IETF_KEYBYTES crypto_stream_chacha20_ietf_KEYBYTES
+#define crypto_stream_chacha20_IETF_NONCEBYTES crypto_stream_chacha20_ietf_NONCEBYTES
+#define crypto_stream_chacha20_IETF_MESSAGEBYTES_MAX crypto_stream_chacha20_ietf_MESSAGEBYTES_MAX
+
+#ifdef __cplusplus
+}
+#endif
+
+#endif
diff --git a/client/3rd/ShadowSocks/ShadowSocks/libsodium/ios/include/sodium/crypto_stream_salsa20.h b/client/3rd/ShadowSocks/ShadowSocks/libsodium/ios/include/sodium/crypto_stream_salsa20.h
new file mode 100644
index 00000000..45b3b3e3
--- /dev/null
+++ b/client/3rd/ShadowSocks/ShadowSocks/libsodium/ios/include/sodium/crypto_stream_salsa20.h
@@ -0,0 +1,61 @@
+#ifndef crypto_stream_salsa20_H
+#define crypto_stream_salsa20_H
+
+/*
+ *  WARNING: This is just a stream cipher. It is NOT authenticated encryption.
+ *  While it provides some protection against eavesdropping, it does NOT
+ *  provide any security against active attacks.
+ *  Unless you know what you're doing, what you are looking for is probably
+ *  the crypto_box functions.
+ */
+
+#include <stddef.h>
+#include <stdint.h>
+#include "export.h"
+
+#ifdef __cplusplus
+# ifdef __GNUC__
+#  pragma GCC diagnostic ignored "-Wlong-long"
+# endif
+extern "C" {
+#endif
+
+#define crypto_stream_salsa20_KEYBYTES 32U
+SODIUM_EXPORT
+size_t crypto_stream_salsa20_keybytes(void);
+
+#define crypto_stream_salsa20_NONCEBYTES 8U
+SODIUM_EXPORT
+size_t crypto_stream_salsa20_noncebytes(void);
+
+#define crypto_stream_salsa20_MESSAGEBYTES_MAX SODIUM_SIZE_MAX
+SODIUM_EXPORT
+size_t crypto_stream_salsa20_messagebytes_max(void);
+
+SODIUM_EXPORT
+int crypto_stream_salsa20(unsigned char *c, unsigned long long clen,
+                          const unsigned char *n, const unsigned char *k)
+            __attribute__ ((nonnull));
+
+SODIUM_EXPORT
+int crypto_stream_salsa20_xor(unsigned char *c, const unsigned char *m,
+                              unsigned long long mlen, const unsigned char *n,
+                              const unsigned char *k)
+            __attribute__ ((nonnull));
+
+SODIUM_EXPORT
+int crypto_stream_salsa20_xor_ic(unsigned char *c, const unsigned char *m,
+                                 unsigned long long mlen,
+                                 const unsigned char *n, uint64_t ic,
+                                 const unsigned char *k)
+            __attribute__ ((nonnull));
+
+SODIUM_EXPORT
+void crypto_stream_salsa20_keygen(unsigned char k[crypto_stream_salsa20_KEYBYTES])
+            __attribute__ ((nonnull));
+
+#ifdef __cplusplus
+}
+#endif
+
+#endif
diff --git a/client/3rd/ShadowSocks/ShadowSocks/libsodium/ios/include/sodium/crypto_stream_salsa2012.h b/client/3rd/ShadowSocks/ShadowSocks/libsodium/ios/include/sodium/crypto_stream_salsa2012.h
new file mode 100644
index 00000000..6c5d303c
--- /dev/null
+++ b/client/3rd/ShadowSocks/ShadowSocks/libsodium/ios/include/sodium/crypto_stream_salsa2012.h
@@ -0,0 +1,53 @@
+#ifndef crypto_stream_salsa2012_H
+#define crypto_stream_salsa2012_H
+
+/*
+ *  WARNING: This is just a stream cipher. It is NOT authenticated encryption.
+ *  While it provides some protection against eavesdropping, it does NOT
+ *  provide any security against active attacks.
+ *  Unless you know what you're doing, what you are looking for is probably
+ *  the crypto_box functions.
+ */
+
+#include <stddef.h>
+#include "export.h"
+
+#ifdef __cplusplus
+# ifdef __GNUC__
+#  pragma GCC diagnostic ignored "-Wlong-long"
+# endif
+extern "C" {
+#endif
+
+#define crypto_stream_salsa2012_KEYBYTES 32U
+SODIUM_EXPORT
+size_t crypto_stream_salsa2012_keybytes(void);
+
+#define crypto_stream_salsa2012_NONCEBYTES 8U
+SODIUM_EXPORT
+size_t crypto_stream_salsa2012_noncebytes(void);
+
+#define crypto_stream_salsa2012_MESSAGEBYTES_MAX SODIUM_SIZE_MAX
+SODIUM_EXPORT
+size_t crypto_stream_salsa2012_messagebytes_max(void);
+
+SODIUM_EXPORT
+int crypto_stream_salsa2012(unsigned char *c, unsigned long long clen,
+                            const unsigned char *n, const unsigned char *k)
+            __attribute__ ((nonnull));
+
+SODIUM_EXPORT
+int crypto_stream_salsa2012_xor(unsigned char *c, const unsigned char *m,
+                                unsigned long long mlen, const unsigned char *n,
+                                const unsigned char *k)
+            __attribute__ ((nonnull));
+
+SODIUM_EXPORT
+void crypto_stream_salsa2012_keygen(unsigned char k[crypto_stream_salsa2012_KEYBYTES])
+            __attribute__ ((nonnull));
+
+#ifdef __cplusplus
+}
+#endif
+
+#endif
diff --git a/client/3rd/ShadowSocks/ShadowSocks/libsodium/ios/include/sodium/crypto_stream_salsa208.h b/client/3rd/ShadowSocks/ShadowSocks/libsodium/ios/include/sodium/crypto_stream_salsa208.h
new file mode 100644
index 00000000..d574f304
--- /dev/null
+++ b/client/3rd/ShadowSocks/ShadowSocks/libsodium/ios/include/sodium/crypto_stream_salsa208.h
@@ -0,0 +1,56 @@
+#ifndef crypto_stream_salsa208_H
+#define crypto_stream_salsa208_H
+
+/*
+ *  WARNING: This is just a stream cipher. It is NOT authenticated encryption.
+ *  While it provides some protection against eavesdropping, it does NOT
+ *  provide any security against active attacks.
+ *  Unless you know what you're doing, what you are looking for is probably
+ *  the crypto_box functions.
+ */
+
+#include <stddef.h>
+#include "export.h"
+
+#ifdef __cplusplus
+# ifdef __GNUC__
+#  pragma GCC diagnostic ignored "-Wlong-long"
+# endif
+extern "C" {
+#endif
+
+#define crypto_stream_salsa208_KEYBYTES 32U
+SODIUM_EXPORT
+size_t crypto_stream_salsa208_keybytes(void)
+            __attribute__ ((deprecated));
+
+#define crypto_stream_salsa208_NONCEBYTES 8U
+SODIUM_EXPORT
+size_t crypto_stream_salsa208_noncebytes(void)
+            __attribute__ ((deprecated));
+
+#define crypto_stream_salsa208_MESSAGEBYTES_MAX SODIUM_SIZE_MAX
+    SODIUM_EXPORT
+size_t crypto_stream_salsa208_messagebytes_max(void)
+            __attribute__ ((deprecated));
+
+SODIUM_EXPORT
+int crypto_stream_salsa208(unsigned char *c, unsigned long long clen,
+                           const unsigned char *n, const unsigned char *k)
+            __attribute__ ((deprecated)) __attribute__ ((nonnull));
+
+SODIUM_EXPORT
+int crypto_stream_salsa208_xor(unsigned char *c, const unsigned char *m,
+                               unsigned long long mlen, const unsigned char *n,
+                               const unsigned char *k)
+            __attribute__ ((deprecated)) __attribute__ ((nonnull));
+
+SODIUM_EXPORT
+void crypto_stream_salsa208_keygen(unsigned char k[crypto_stream_salsa208_KEYBYTES])
+            __attribute__ ((deprecated)) __attribute__ ((nonnull));
+
+#ifdef __cplusplus
+}
+#endif
+
+#endif
diff --git a/client/3rd/ShadowSocks/ShadowSocks/libsodium/ios/include/sodium/crypto_stream_xchacha20.h b/client/3rd/ShadowSocks/ShadowSocks/libsodium/ios/include/sodium/crypto_stream_xchacha20.h
new file mode 100644
index 00000000..c4002db0
--- /dev/null
+++ b/client/3rd/ShadowSocks/ShadowSocks/libsodium/ios/include/sodium/crypto_stream_xchacha20.h
@@ -0,0 +1,61 @@
+#ifndef crypto_stream_xchacha20_H
+#define crypto_stream_xchacha20_H
+
+/*
+ *  WARNING: This is just a stream cipher. It is NOT authenticated encryption.
+ *  While it provides some protection against eavesdropping, it does NOT
+ *  provide any security against active attacks.
+ *  Unless you know what you're doing, what you are looking for is probably
+ *  the crypto_box functions.
+ */
+
+#include <stddef.h>
+#include <stdint.h>
+#include "export.h"
+
+#ifdef __cplusplus
+# ifdef __GNUC__
+#  pragma GCC diagnostic ignored "-Wlong-long"
+# endif
+extern "C" {
+#endif
+
+#define crypto_stream_xchacha20_KEYBYTES 32U
+SODIUM_EXPORT
+size_t crypto_stream_xchacha20_keybytes(void);
+
+#define crypto_stream_xchacha20_NONCEBYTES 24U
+SODIUM_EXPORT
+size_t crypto_stream_xchacha20_noncebytes(void);
+
+#define crypto_stream_xchacha20_MESSAGEBYTES_MAX SODIUM_SIZE_MAX
+SODIUM_EXPORT
+size_t crypto_stream_xchacha20_messagebytes_max(void);
+
+SODIUM_EXPORT
+int crypto_stream_xchacha20(unsigned char *c, unsigned long long clen,
+                            const unsigned char *n, const unsigned char *k)
+            __attribute__ ((nonnull));
+
+SODIUM_EXPORT
+int crypto_stream_xchacha20_xor(unsigned char *c, const unsigned char *m,
+                                unsigned long long mlen, const unsigned char *n,
+                                const unsigned char *k)
+            __attribute__ ((nonnull));
+
+SODIUM_EXPORT
+int crypto_stream_xchacha20_xor_ic(unsigned char *c, const unsigned char *m,
+                                   unsigned long long mlen,
+                                   const unsigned char *n, uint64_t ic,
+                                   const unsigned char *k)
+            __attribute__ ((nonnull));
+
+SODIUM_EXPORT
+void crypto_stream_xchacha20_keygen(unsigned char k[crypto_stream_xchacha20_KEYBYTES])
+            __attribute__ ((nonnull));
+
+#ifdef __cplusplus
+}
+#endif
+
+#endif
diff --git a/client/3rd/ShadowSocks/ShadowSocks/libsodium/ios/include/sodium/crypto_stream_xsalsa20.h b/client/3rd/ShadowSocks/ShadowSocks/libsodium/ios/include/sodium/crypto_stream_xsalsa20.h
new file mode 100644
index 00000000..20034e34
--- /dev/null
+++ b/client/3rd/ShadowSocks/ShadowSocks/libsodium/ios/include/sodium/crypto_stream_xsalsa20.h
@@ -0,0 +1,61 @@
+#ifndef crypto_stream_xsalsa20_H
+#define crypto_stream_xsalsa20_H
+
+/*
+ *  WARNING: This is just a stream cipher. It is NOT authenticated encryption.
+ *  While it provides some protection against eavesdropping, it does NOT
+ *  provide any security against active attacks.
+ *  Unless you know what you're doing, what you are looking for is probably
+ *  the crypto_box functions.
+ */
+
+#include <stddef.h>
+#include <stdint.h>
+#include "export.h"
+
+#ifdef __cplusplus
+# ifdef __GNUC__
+#  pragma GCC diagnostic ignored "-Wlong-long"
+# endif
+extern "C" {
+#endif
+
+#define crypto_stream_xsalsa20_KEYBYTES 32U
+SODIUM_EXPORT
+size_t crypto_stream_xsalsa20_keybytes(void);
+
+#define crypto_stream_xsalsa20_NONCEBYTES 24U
+SODIUM_EXPORT
+size_t crypto_stream_xsalsa20_noncebytes(void);
+
+#define crypto_stream_xsalsa20_MESSAGEBYTES_MAX SODIUM_SIZE_MAX
+SODIUM_EXPORT
+size_t crypto_stream_xsalsa20_messagebytes_max(void);
+
+SODIUM_EXPORT
+int crypto_stream_xsalsa20(unsigned char *c, unsigned long long clen,
+                           const unsigned char *n, const unsigned char *k)
+            __attribute__ ((nonnull));
+
+SODIUM_EXPORT
+int crypto_stream_xsalsa20_xor(unsigned char *c, const unsigned char *m,
+                               unsigned long long mlen, const unsigned char *n,
+                               const unsigned char *k)
+            __attribute__ ((nonnull));
+
+SODIUM_EXPORT
+int crypto_stream_xsalsa20_xor_ic(unsigned char *c, const unsigned char *m,
+                                  unsigned long long mlen,
+                                  const unsigned char *n, uint64_t ic,
+                                  const unsigned char *k)
+            __attribute__ ((nonnull));
+
+SODIUM_EXPORT
+void crypto_stream_xsalsa20_keygen(unsigned char k[crypto_stream_xsalsa20_KEYBYTES])
+            __attribute__ ((nonnull));
+
+#ifdef __cplusplus
+}
+#endif
+
+#endif
diff --git a/client/3rd/ShadowSocks/ShadowSocks/libsodium/ios/include/sodium/crypto_verify_16.h b/client/3rd/ShadowSocks/ShadowSocks/libsodium/ios/include/sodium/crypto_verify_16.h
new file mode 100644
index 00000000..7b9c8077
--- /dev/null
+++ b/client/3rd/ShadowSocks/ShadowSocks/libsodium/ios/include/sodium/crypto_verify_16.h
@@ -0,0 +1,23 @@
+#ifndef crypto_verify_16_H
+#define crypto_verify_16_H
+
+#include <stddef.h>
+#include "export.h"
+
+#ifdef __cplusplus
+extern "C" {
+#endif
+
+#define crypto_verify_16_BYTES 16U
+SODIUM_EXPORT
+size_t crypto_verify_16_bytes(void);
+
+SODIUM_EXPORT
+int crypto_verify_16(const unsigned char *x, const unsigned char *y)
+            __attribute__ ((warn_unused_result)) __attribute__ ((nonnull));
+
+#ifdef __cplusplus
+}
+#endif
+
+#endif
diff --git a/client/3rd/ShadowSocks/ShadowSocks/libsodium/ios/include/sodium/crypto_verify_32.h b/client/3rd/ShadowSocks/ShadowSocks/libsodium/ios/include/sodium/crypto_verify_32.h
new file mode 100644
index 00000000..9b0f4529
--- /dev/null
+++ b/client/3rd/ShadowSocks/ShadowSocks/libsodium/ios/include/sodium/crypto_verify_32.h
@@ -0,0 +1,23 @@
+#ifndef crypto_verify_32_H
+#define crypto_verify_32_H
+
+#include <stddef.h>
+#include "export.h"
+
+#ifdef __cplusplus
+extern "C" {
+#endif
+
+#define crypto_verify_32_BYTES 32U
+SODIUM_EXPORT
+size_t crypto_verify_32_bytes(void);
+
+SODIUM_EXPORT
+int crypto_verify_32(const unsigned char *x, const unsigned char *y)
+            __attribute__ ((warn_unused_result)) __attribute__ ((nonnull));
+
+#ifdef __cplusplus
+}
+#endif
+
+#endif
diff --git a/client/3rd/ShadowSocks/ShadowSocks/libsodium/ios/include/sodium/crypto_verify_64.h b/client/3rd/ShadowSocks/ShadowSocks/libsodium/ios/include/sodium/crypto_verify_64.h
new file mode 100644
index 00000000..c83b7302
--- /dev/null
+++ b/client/3rd/ShadowSocks/ShadowSocks/libsodium/ios/include/sodium/crypto_verify_64.h
@@ -0,0 +1,23 @@
+#ifndef crypto_verify_64_H
+#define crypto_verify_64_H
+
+#include <stddef.h>
+#include "export.h"
+
+#ifdef __cplusplus
+extern "C" {
+#endif
+
+#define crypto_verify_64_BYTES 64U
+SODIUM_EXPORT
+size_t crypto_verify_64_bytes(void);
+
+SODIUM_EXPORT
+int crypto_verify_64(const unsigned char *x, const unsigned char *y)
+            __attribute__ ((warn_unused_result)) __attribute__ ((nonnull));
+
+#ifdef __cplusplus
+}
+#endif
+
+#endif
diff --git a/client/3rd/ShadowSocks/ShadowSocks/libsodium/ios/include/sodium/export.h b/client/3rd/ShadowSocks/ShadowSocks/libsodium/ios/include/sodium/export.h
new file mode 100644
index 00000000..a0074fc9
--- /dev/null
+++ b/client/3rd/ShadowSocks/ShadowSocks/libsodium/ios/include/sodium/export.h
@@ -0,0 +1,57 @@
+
+#ifndef sodium_export_H
+#define sodium_export_H
+
+#include <stddef.h>
+#include <stdint.h>
+#include <limits.h>
+
+#if !defined(__clang__) && !defined(__GNUC__)
+# ifdef __attribute__
+#  undef __attribute__
+# endif
+# define __attribute__(a)
+#endif
+
+#ifdef SODIUM_STATIC
+# define SODIUM_EXPORT
+# define SODIUM_EXPORT_WEAK
+#else
+# if defined(_MSC_VER)
+#  ifdef SODIUM_DLL_EXPORT
+#   define SODIUM_EXPORT __declspec(dllexport)
+#  else
+#   define SODIUM_EXPORT __declspec(dllimport)
+#  endif
+# else
+#  if defined(__SUNPRO_C)
+#   ifndef __GNU_C__
+#    define SODIUM_EXPORT __attribute__ (visibility(__global))
+#   else
+#    define SODIUM_EXPORT __attribute__ __global
+#   endif
+#  elif defined(_MSG_VER)
+#   define SODIUM_EXPORT extern __declspec(dllexport)
+#  else
+#   define SODIUM_EXPORT __attribute__ ((visibility ("default")))
+#  endif
+# endif
+# if defined(__ELF__) && !defined(SODIUM_DISABLE_WEAK_FUNCTIONS)
+#  define SODIUM_EXPORT_WEAK SODIUM_EXPORT __attribute__((weak))
+# else
+#  define SODIUM_EXPORT_WEAK SODIUM_EXPORT
+# endif
+#endif
+
+#ifndef CRYPTO_ALIGN
+# if defined(__INTEL_COMPILER) || defined(_MSC_VER)
+#  define CRYPTO_ALIGN(x) __declspec(align(x))
+# else
+#  define CRYPTO_ALIGN(x) __attribute__ ((aligned(x)))
+# endif
+#endif
+
+#define SODIUM_MIN(A, B) ((A) < (B) ? (A) : (B))
+#define SODIUM_SIZE_MAX SODIUM_MIN(UINT64_MAX, SIZE_MAX)
+
+#endif
diff --git a/client/3rd/ShadowSocks/ShadowSocks/libsodium/ios/include/sodium/randombytes.h b/client/3rd/ShadowSocks/ShadowSocks/libsodium/ios/include/sodium/randombytes.h
new file mode 100644
index 00000000..c83a4df5
--- /dev/null
+++ b/client/3rd/ShadowSocks/ShadowSocks/libsodium/ios/include/sodium/randombytes.h
@@ -0,0 +1,72 @@
+
+#ifndef randombytes_H
+#define randombytes_H
+
+#include <stddef.h>
+#include <stdint.h>
+
+#include <sys/types.h>
+
+#include "export.h"
+
+#ifdef __cplusplus
+# ifdef __GNUC__
+#  pragma GCC diagnostic ignored "-Wlong-long"
+# endif
+extern "C" {
+#endif
+
+typedef struct randombytes_implementation {
+    const char *(*implementation_name)(void); /* required */
+    uint32_t    (*random)(void);              /* required */
+    void        (*stir)(void);                /* optional */
+    uint32_t    (*uniform)(const uint32_t upper_bound); /* optional, a default implementation will be used if NULL */
+    void        (*buf)(void * const buf, const size_t size); /* required */
+    int         (*close)(void);               /* optional */
+} randombytes_implementation;
+
+#define randombytes_BYTES_MAX SODIUM_MIN(SODIUM_SIZE_MAX, 0xffffffffUL)
+
+#define randombytes_SEEDBYTES 32U
+SODIUM_EXPORT
+size_t randombytes_seedbytes(void);
+
+SODIUM_EXPORT
+void randombytes_buf(void * const buf, const size_t size)
+            __attribute__ ((nonnull));
+
+SODIUM_EXPORT
+void randombytes_buf_deterministic(void * const buf, const size_t size,
+                                   const unsigned char seed[randombytes_SEEDBYTES])
+            __attribute__ ((nonnull));
+
+SODIUM_EXPORT
+uint32_t randombytes_random(void);
+
+SODIUM_EXPORT
+uint32_t randombytes_uniform(const uint32_t upper_bound);
+
+SODIUM_EXPORT
+void randombytes_stir(void);
+
+SODIUM_EXPORT
+int randombytes_close(void);
+
+SODIUM_EXPORT
+int randombytes_set_implementation(const randombytes_implementation *impl)
+            __attribute__ ((nonnull));
+
+SODIUM_EXPORT
+const char *randombytes_implementation_name(void);
+
+/* -- NaCl compatibility interface -- */
+
+SODIUM_EXPORT
+void randombytes(unsigned char * const buf, const unsigned long long buf_len)
+            __attribute__ ((nonnull));
+
+#ifdef __cplusplus
+}
+#endif
+
+#endif
diff --git a/client/3rd/ShadowSocks/ShadowSocks/libsodium/ios/include/sodium/randombytes_internal_random.h b/client/3rd/ShadowSocks/ShadowSocks/libsodium/ios/include/sodium/randombytes_internal_random.h
new file mode 100644
index 00000000..2b2b7d6e
--- /dev/null
+++ b/client/3rd/ShadowSocks/ShadowSocks/libsodium/ios/include/sodium/randombytes_internal_random.h
@@ -0,0 +1,22 @@
+
+#ifndef randombytes_internal_random_H
+#define randombytes_internal_random_H
+
+#include "export.h"
+#include "randombytes.h"
+
+#ifdef __cplusplus
+extern "C" {
+#endif
+
+SODIUM_EXPORT
+extern struct randombytes_implementation randombytes_internal_implementation;
+
+/* Backwards compatibility with libsodium < 1.0.18 */
+#define randombytes_salsa20_implementation randombytes_internal_implementation
+
+#ifdef __cplusplus
+}
+#endif
+
+#endif
diff --git a/client/3rd/ShadowSocks/ShadowSocks/libsodium/ios/include/sodium/randombytes_sysrandom.h b/client/3rd/ShadowSocks/ShadowSocks/libsodium/ios/include/sodium/randombytes_sysrandom.h
new file mode 100644
index 00000000..9e27b674
--- /dev/null
+++ b/client/3rd/ShadowSocks/ShadowSocks/libsodium/ios/include/sodium/randombytes_sysrandom.h
@@ -0,0 +1,19 @@
+
+#ifndef randombytes_sysrandom_H
+#define randombytes_sysrandom_H
+
+#include "export.h"
+#include "randombytes.h"
+
+#ifdef __cplusplus
+extern "C" {
+#endif
+
+SODIUM_EXPORT
+extern struct randombytes_implementation randombytes_sysrandom_implementation;
+
+#ifdef __cplusplus
+}
+#endif
+
+#endif
diff --git a/client/3rd/ShadowSocks/ShadowSocks/libsodium/ios/include/sodium/runtime.h b/client/3rd/ShadowSocks/ShadowSocks/libsodium/ios/include/sodium/runtime.h
new file mode 100644
index 00000000..c1cec853
--- /dev/null
+++ b/client/3rd/ShadowSocks/ShadowSocks/libsodium/ios/include/sodium/runtime.h
@@ -0,0 +1,55 @@
+
+#ifndef sodium_runtime_H
+#define sodium_runtime_H
+
+#include "export.h"
+
+#ifdef __cplusplus
+extern "C" {
+#endif
+
+SODIUM_EXPORT_WEAK
+int sodium_runtime_has_neon(void);
+
+SODIUM_EXPORT_WEAK
+int sodium_runtime_has_armcrypto(void);
+
+SODIUM_EXPORT_WEAK
+int sodium_runtime_has_sse2(void);
+
+SODIUM_EXPORT_WEAK
+int sodium_runtime_has_sse3(void);
+
+SODIUM_EXPORT_WEAK
+int sodium_runtime_has_ssse3(void);
+
+SODIUM_EXPORT_WEAK
+int sodium_runtime_has_sse41(void);
+
+SODIUM_EXPORT_WEAK
+int sodium_runtime_has_avx(void);
+
+SODIUM_EXPORT_WEAK
+int sodium_runtime_has_avx2(void);
+
+SODIUM_EXPORT_WEAK
+int sodium_runtime_has_avx512f(void);
+
+SODIUM_EXPORT_WEAK
+int sodium_runtime_has_pclmul(void);
+
+SODIUM_EXPORT_WEAK
+int sodium_runtime_has_aesni(void);
+
+SODIUM_EXPORT_WEAK
+int sodium_runtime_has_rdrand(void);
+
+/* ------------------------------------------------------------------------- */
+
+int _sodium_runtime_get_cpu_features(void);
+
+#ifdef __cplusplus
+}
+#endif
+
+#endif
diff --git a/client/3rd/ShadowSocks/ShadowSocks/libsodium/ios/include/sodium/utils.h b/client/3rd/ShadowSocks/ShadowSocks/libsodium/ios/include/sodium/utils.h
new file mode 100644
index 00000000..f9b36979
--- /dev/null
+++ b/client/3rd/ShadowSocks/ShadowSocks/libsodium/ios/include/sodium/utils.h
@@ -0,0 +1,179 @@
+
+#ifndef sodium_utils_H
+#define sodium_utils_H
+
+#include <stddef.h>
+
+#include "export.h"
+
+#ifdef __cplusplus
+extern "C" {
+#endif
+
+#ifndef SODIUM_C99
+# if defined(__cplusplus) || !defined(__STDC_VERSION__) || __STDC_VERSION__ < 199901L
+#  define SODIUM_C99(X)
+# else
+#  define SODIUM_C99(X) X
+# endif
+#endif
+
+SODIUM_EXPORT
+void sodium_memzero(void * const pnt, const size_t len);
+
+SODIUM_EXPORT
+void sodium_stackzero(const size_t len);
+
+/*
+ * WARNING: sodium_memcmp() must be used to verify if two secret keys
+ * are equal, in constant time.
+ * It returns 0 if the keys are equal, and -1 if they differ.
+ * This function is not designed for lexicographical comparisons.
+ */
+SODIUM_EXPORT
+int sodium_memcmp(const void * const b1_, const void * const b2_, size_t len)
+            __attribute__ ((warn_unused_result));
+
+/*
+ * sodium_compare() returns -1 if b1_ < b2_, 1 if b1_ > b2_ and 0 if b1_ == b2_
+ * It is suitable for lexicographical comparisons, or to compare nonces
+ * and counters stored in little-endian format.
+ * However, it is slower than sodium_memcmp().
+ */
+SODIUM_EXPORT
+int sodium_compare(const unsigned char *b1_, const unsigned char *b2_,
+                   size_t len) __attribute__ ((warn_unused_result));
+
+SODIUM_EXPORT
+int sodium_is_zero(const unsigned char *n, const size_t nlen);
+
+SODIUM_EXPORT
+void sodium_increment(unsigned char *n, const size_t nlen);
+
+SODIUM_EXPORT
+void sodium_add(unsigned char *a, const unsigned char *b, const size_t len);
+
+SODIUM_EXPORT
+void sodium_sub(unsigned char *a, const unsigned char *b, const size_t len);
+
+SODIUM_EXPORT
+char *sodium_bin2hex(char * const hex, const size_t hex_maxlen,
+                     const unsigned char * const bin, const size_t bin_len)
+            __attribute__ ((nonnull(1)));
+
+SODIUM_EXPORT
+int sodium_hex2bin(unsigned char * const bin, const size_t bin_maxlen,
+                   const char * const hex, const size_t hex_len,
+                   const char * const ignore, size_t * const bin_len,
+                   const char ** const hex_end)
+            __attribute__ ((nonnull(1)));
+
+#define sodium_base64_VARIANT_ORIGINAL            1
+#define sodium_base64_VARIANT_ORIGINAL_NO_PADDING 3
+#define sodium_base64_VARIANT_URLSAFE             5
+#define sodium_base64_VARIANT_URLSAFE_NO_PADDING  7
+
+/*
+ * Computes the required length to encode BIN_LEN bytes as a base64 string
+ * using the given variant. The computed length includes a trailing \0.
+ */
+#define sodium_base64_ENCODED_LEN(BIN_LEN, VARIANT) \
+    (((BIN_LEN) / 3U) * 4U + \
+    ((((BIN_LEN) - ((BIN_LEN) / 3U) * 3U) | (((BIN_LEN) - ((BIN_LEN) / 3U) * 3U) >> 1)) & 1U) * \
+     (4U - (~((((VARIANT) & 2U) >> 1) - 1U) & (3U - ((BIN_LEN) - ((BIN_LEN) / 3U) * 3U)))) + 1U)
+
+SODIUM_EXPORT
+size_t sodium_base64_encoded_len(const size_t bin_len, const int variant);
+
+SODIUM_EXPORT
+char *sodium_bin2base64(char * const b64, const size_t b64_maxlen,
+                        const unsigned char * const bin, const size_t bin_len,
+                        const int variant) __attribute__ ((nonnull(1)));
+
+SODIUM_EXPORT
+int sodium_base642bin(unsigned char * const bin, const size_t bin_maxlen,
+                      const char * const b64, const size_t b64_len,
+                      const char * const ignore, size_t * const bin_len,
+                      const char ** const b64_end, const int variant)
+            __attribute__ ((nonnull(1)));
+
+SODIUM_EXPORT
+int sodium_mlock(void * const addr, const size_t len)
+            __attribute__ ((nonnull));
+
+SODIUM_EXPORT
+int sodium_munlock(void * const addr, const size_t len)
+            __attribute__ ((nonnull));
+
+/* WARNING: sodium_malloc() and sodium_allocarray() are not general-purpose
+ * allocation functions.
+ *
+ * They return a pointer to a region filled with 0xd0 bytes, immediately
+ * followed by a guard page.
+ * As a result, accessing a single byte after the requested allocation size
+ * will intentionally trigger a segmentation fault.
+ *
+ * A canary and an additional guard page placed before the beginning of the
+ * region may also kill the process if a buffer underflow is detected.
+ *
+ * The memory layout is:
+ * [unprotected region size (read only)][guard page (no access)][unprotected pages (read/write)][guard page (no access)]
+ * With the layout of the unprotected pages being:
+ * [optional padding][16-bytes canary][user region]
+ *
+ * However:
+ * - These functions are significantly slower than standard functions
+ * - Each allocation requires 3 or 4 additional pages
+ * - The returned address will not be aligned if the allocation size is not
+ *   a multiple of the required alignment. For this reason, these functions
+ *   are designed to store data, such as secret keys and messages.
+ *
+ * sodium_malloc() can be used to allocate any libsodium data structure.
+ *
+ * The crypto_generichash_state structure is packed and its length is
+ * either 357 or 361 bytes. For this reason, when using sodium_malloc() to
+ * allocate a crypto_generichash_state structure, padding must be added in
+ * order to ensure proper alignment. crypto_generichash_statebytes()
+ * returns the rounded up structure size, and should be preferred to sizeof():
+ * state = sodium_malloc(crypto_generichash_statebytes());
+ */
+
+SODIUM_EXPORT
+void *sodium_malloc(const size_t size)
+            __attribute__ ((malloc));
+
+SODIUM_EXPORT
+void *sodium_allocarray(size_t count, size_t size)
+            __attribute__ ((malloc));
+
+SODIUM_EXPORT
+void sodium_free(void *ptr);
+
+SODIUM_EXPORT
+int sodium_mprotect_noaccess(void *ptr) __attribute__ ((nonnull));
+
+SODIUM_EXPORT
+int sodium_mprotect_readonly(void *ptr) __attribute__ ((nonnull));
+
+SODIUM_EXPORT
+int sodium_mprotect_readwrite(void *ptr) __attribute__ ((nonnull));
+
+SODIUM_EXPORT
+int sodium_pad(size_t *padded_buflen_p, unsigned char *buf,
+               size_t unpadded_buflen, size_t blocksize, size_t max_buflen)
+            __attribute__ ((nonnull(2)));
+
+SODIUM_EXPORT
+int sodium_unpad(size_t *unpadded_buflen_p, const unsigned char *buf,
+                 size_t padded_buflen, size_t blocksize)
+            __attribute__ ((nonnull(2)));
+
+/* -------- */
+
+int _sodium_alloc_init(void);
+
+#ifdef __cplusplus
+}
+#endif
+
+#endif
diff --git a/client/3rd/ShadowSocks/ShadowSocks/libsodium/ios/include/sodium/version.h b/client/3rd/ShadowSocks/ShadowSocks/libsodium/ios/include/sodium/version.h
new file mode 100644
index 00000000..cc60e448
--- /dev/null
+++ b/client/3rd/ShadowSocks/ShadowSocks/libsodium/ios/include/sodium/version.h
@@ -0,0 +1,33 @@
+
+#ifndef sodium_version_H
+#define sodium_version_H
+
+#include "export.h"
+
+#define SODIUM_VERSION_STRING "1.0.18"
+
+#define SODIUM_LIBRARY_VERSION_MAJOR 11
+#define SODIUM_LIBRARY_VERSION_MINOR 0
+#define SODIUM_LIBRARY_MINIMAL 1
+
+#ifdef __cplusplus
+extern "C" {
+#endif
+
+SODIUM_EXPORT
+const char *sodium_version_string(void);
+
+SODIUM_EXPORT
+int         sodium_library_version_major(void);
+
+SODIUM_EXPORT
+int         sodium_library_version_minor(void);
+
+SODIUM_EXPORT
+int         sodium_library_minimal(void);
+
+#ifdef __cplusplus
+}
+#endif
+
+#endif
diff --git a/client/3rd/ShadowSocks/ShadowSocks/libsodium/ios/lib/libsodium.27.dylib b/client/3rd/ShadowSocks/ShadowSocks/libsodium/ios/lib/libsodium.27.dylib
new file mode 100755
index 00000000..3aff9226
Binary files /dev/null and b/client/3rd/ShadowSocks/ShadowSocks/libsodium/ios/lib/libsodium.27.dylib differ
diff --git a/client/3rd/ShadowSocks/ShadowSocks/libsodium/ios/lib/libsodium.a b/client/3rd/ShadowSocks/ShadowSocks/libsodium/ios/lib/libsodium.a
new file mode 100644
index 00000000..a833e4dc
Binary files /dev/null and b/client/3rd/ShadowSocks/ShadowSocks/libsodium/ios/lib/libsodium.a differ
diff --git a/client/3rd/ShadowSocks/ShadowSocks/libsodium/ios/lib/libsodium.dylib b/client/3rd/ShadowSocks/ShadowSocks/libsodium/ios/lib/libsodium.dylib
new file mode 120000
index 00000000..7f3f6fe6
--- /dev/null
+++ b/client/3rd/ShadowSocks/ShadowSocks/libsodium/ios/lib/libsodium.dylib
@@ -0,0 +1 @@
+libsodium.27.dylib
\ No newline at end of file
diff --git a/client/3rd/ShadowSocks/ShadowSocks/libsodium/ios/lib/libsodium.la b/client/3rd/ShadowSocks/ShadowSocks/libsodium/ios/lib/libsodium.la
new file mode 100755
index 00000000..f960ec8f
--- /dev/null
+++ b/client/3rd/ShadowSocks/ShadowSocks/libsodium/ios/lib/libsodium.la
@@ -0,0 +1,41 @@
+# libsodium.la - a libtool library file
+# Generated by libtool (GNU libtool) 2.4.6
+#
+# Please DO NOT delete this file!
+# It is necessary for linking the library.
+
+# The name that we can dlopen(3).
+dlname='libsodium.27.dylib'
+
+# Names of this library.
+library_names='libsodium.27.dylib libsodium.dylib'
+
+# The name of the static archive.
+old_library='libsodium.a'
+
+# Linker flags that cannot go in dependency_libs.
+inherited_linker_flags='  -pthread'
+
+# Libraries that this one depends upon.
+dependency_libs=' -lpthread'
+
+# Names of additional weak libraries provided by this library
+weak_library_names=''
+
+# Version information for libsodium.
+current=27
+age=0
+revision=0
+
+# Is this an already installed library?
+installed=yes
+
+# Should we warn about portability when linking against -modules?
+shouldnotlink=no
+
+# Files to dlopen/dlpreopen
+dlopen=''
+dlpreopen=''
+
+# Directory that this library needs to be installed in:
+libdir='/Users/sanchez/work/vied/ios/vpn/playground/ss-libev-build/ShadowSocks-libev-iOS/ShadowSocks-libev-iOS/libsodium/libsodium-apple/tmp/ios64/lib'
diff --git a/client/3rd/ShadowSocks/ShadowSocks/libsodium/ios/lib/pkgconfig/libsodium.pc b/client/3rd/ShadowSocks/ShadowSocks/libsodium/ios/lib/pkgconfig/libsodium.pc
new file mode 100644
index 00000000..fa9275e2
--- /dev/null
+++ b/client/3rd/ShadowSocks/ShadowSocks/libsodium/ios/lib/pkgconfig/libsodium.pc
@@ -0,0 +1,12 @@
+prefix=/Users/sanchez/work/vied/ios/vpn/playground/ss-libev-build/ShadowSocks-libev-iOS/ShadowSocks-libev-iOS/libsodium/libsodium-apple/tmp/ios64
+exec_prefix=${prefix}
+libdir=${exec_prefix}/lib
+includedir=${prefix}/include
+
+Name: libsodium
+Version: 1.0.18
+Description: A modern and easy-to-use crypto library
+
+Libs: -L${libdir} -lsodium
+Libs.private: -lpthread -pthread 
+Cflags: -I${includedir}
diff --git a/client/3rd/ShadowSocks/ShadowSocks/libsodium/ios64/include/module.modulemap b/client/3rd/ShadowSocks/ShadowSocks/libsodium/ios64/include/module.modulemap
new file mode 100644
index 00000000..d5e34df3
--- /dev/null
+++ b/client/3rd/ShadowSocks/ShadowSocks/libsodium/ios64/include/module.modulemap
@@ -0,0 +1,4 @@
+module Clibsodium {
+    header "sodium.h"
+    export *
+}
diff --git a/client/3rd/ShadowSocks/ShadowSocks/libsodium/ios64/include/sodium.h b/client/3rd/ShadowSocks/ShadowSocks/libsodium/ios64/include/sodium.h
new file mode 100644
index 00000000..610d6328
--- /dev/null
+++ b/client/3rd/ShadowSocks/ShadowSocks/libsodium/ios64/include/sodium.h
@@ -0,0 +1,73 @@
+
+#ifndef sodium_H
+#define sodium_H
+
+#include "sodium/version.h"
+
+#include "sodium/core.h"
+#include "sodium/crypto_aead_aes256gcm.h"
+#include "sodium/crypto_aead_aegis128l.h"
+#include "sodium/crypto_aead_aegis256.h"
+#include "sodium/crypto_aead_chacha20poly1305.h"
+#include "sodium/crypto_aead_xchacha20poly1305.h"
+#include "sodium/crypto_auth.h"
+#include "sodium/crypto_auth_hmacsha256.h"
+#include "sodium/crypto_auth_hmacsha512.h"
+#include "sodium/crypto_auth_hmacsha512256.h"
+#include "sodium/crypto_box.h"
+#include "sodium/crypto_box_curve25519xsalsa20poly1305.h"
+#include "sodium/crypto_core_hsalsa20.h"
+#include "sodium/crypto_core_hchacha20.h"
+#include "sodium/crypto_core_salsa20.h"
+#include "sodium/crypto_core_salsa2012.h"
+#include "sodium/crypto_core_salsa208.h"
+#include "sodium/crypto_generichash.h"
+#include "sodium/crypto_generichash_blake2b.h"
+#include "sodium/crypto_hash.h"
+#include "sodium/crypto_hash_sha256.h"
+#include "sodium/crypto_hash_sha512.h"
+#include "sodium/crypto_kdf.h"
+#include "sodium/crypto_kdf_blake2b.h"
+#include "sodium/crypto_kx.h"
+#include "sodium/crypto_onetimeauth.h"
+#include "sodium/crypto_onetimeauth_poly1305.h"
+#include "sodium/crypto_pwhash.h"
+#include "sodium/crypto_pwhash_argon2i.h"
+#include "sodium/crypto_scalarmult.h"
+#include "sodium/crypto_scalarmult_curve25519.h"
+#include "sodium/crypto_secretbox.h"
+#include "sodium/crypto_secretbox_xsalsa20poly1305.h"
+#include "sodium/crypto_secretstream_xchacha20poly1305.h"
+#include "sodium/crypto_shorthash.h"
+#include "sodium/crypto_shorthash_siphash24.h"
+#include "sodium/crypto_sign.h"
+#include "sodium/crypto_sign_ed25519.h"
+#include "sodium/crypto_stream.h"
+#include "sodium/crypto_stream_chacha20.h"
+#include "sodium/crypto_stream_salsa20.h"
+#include "sodium/crypto_stream_xsalsa20.h"
+#include "sodium/crypto_verify_16.h"
+#include "sodium/crypto_verify_32.h"
+#include "sodium/crypto_verify_64.h"
+#include "sodium/randombytes.h"
+#include "sodium/randombytes_internal_random.h"
+#include "sodium/randombytes_sysrandom.h"
+#include "sodium/runtime.h"
+#include "sodium/utils.h"
+
+#ifndef SODIUM_LIBRARY_MINIMAL
+# include "sodium/crypto_box_curve25519xchacha20poly1305.h"
+# include "sodium/crypto_core_ed25519.h"
+# include "sodium/crypto_core_ristretto255.h"
+# include "sodium/crypto_kdf_hkdf_sha256.h"
+# include "sodium/crypto_kdf_hkdf_sha512.h"
+# include "sodium/crypto_scalarmult_ed25519.h"
+# include "sodium/crypto_scalarmult_ristretto255.h"
+# include "sodium/crypto_secretbox_xchacha20poly1305.h"
+# include "sodium/crypto_pwhash_scryptsalsa208sha256.h"
+# include "sodium/crypto_stream_salsa2012.h"
+# include "sodium/crypto_stream_salsa208.h"
+# include "sodium/crypto_stream_xchacha20.h"
+#endif
+
+#endif
diff --git a/client/3rd/ShadowSocks/ShadowSocks/libsodium/ios64/include/sodium/core.h b/client/3rd/ShadowSocks/ShadowSocks/libsodium/ios64/include/sodium/core.h
new file mode 100644
index 00000000..dd088d2c
--- /dev/null
+++ b/client/3rd/ShadowSocks/ShadowSocks/libsodium/ios64/include/sodium/core.h
@@ -0,0 +1,28 @@
+
+#ifndef sodium_core_H
+#define sodium_core_H
+
+#include "export.h"
+
+#ifdef __cplusplus
+extern "C" {
+#endif
+
+SODIUM_EXPORT
+int sodium_init(void)
+            __attribute__ ((warn_unused_result));
+
+/* ---- */
+
+SODIUM_EXPORT
+int sodium_set_misuse_handler(void (*handler)(void));
+
+SODIUM_EXPORT
+void sodium_misuse(void)
+            __attribute__ ((noreturn));
+
+#ifdef __cplusplus
+}
+#endif
+
+#endif
diff --git a/client/3rd/ShadowSocks/ShadowSocks/libsodium/ios64/include/sodium/crypto_aead_aegis128l.h b/client/3rd/ShadowSocks/ShadowSocks/libsodium/ios64/include/sodium/crypto_aead_aegis128l.h
new file mode 100644
index 00000000..ed8d2f2b
--- /dev/null
+++ b/client/3rd/ShadowSocks/ShadowSocks/libsodium/ios64/include/sodium/crypto_aead_aegis128l.h
@@ -0,0 +1,96 @@
+#ifndef crypto_aead_aegis128l_H
+#define crypto_aead_aegis128l_H
+
+#include <stddef.h>
+#include "export.h"
+
+#ifdef __cplusplus
+# ifdef __GNUC__
+#  pragma GCC diagnostic ignored "-Wlong-long"
+# endif
+extern "C" {
+#endif
+
+SODIUM_EXPORT
+int crypto_aead_aegis128l_is_available(void);
+
+#define crypto_aead_aegis128l_KEYBYTES  16U
+SODIUM_EXPORT
+size_t crypto_aead_aegis128l_keybytes(void);
+
+#define crypto_aead_aegis128l_NSECBYTES 0U
+SODIUM_EXPORT
+size_t crypto_aead_aegis128l_nsecbytes(void);
+
+#define crypto_aead_aegis128l_NPUBBYTES 16U
+SODIUM_EXPORT
+size_t crypto_aead_aegis128l_npubbytes(void);
+
+#define crypto_aead_aegis128l_ABYTES    16U
+SODIUM_EXPORT
+size_t crypto_aead_aegis128l_abytes(void);
+
+#define crypto_aead_aegis128l_MESSAGEBYTES_MAX \
+    SODIUM_MIN(SODIUM_SIZE_MAX - crypto_aead_aegis128l_ABYTES, \
+               (1ULL << 61) - 1)
+SODIUM_EXPORT
+size_t crypto_aead_aegis128l_messagebytes_max(void);
+
+SODIUM_EXPORT
+int crypto_aead_aegis128l_encrypt(unsigned char *c,
+                                  unsigned long long *clen_p,
+                                  const unsigned char *m,
+                                  unsigned long long mlen,
+                                  const unsigned char *ad,
+                                  unsigned long long adlen,
+                                  const unsigned char *nsec,
+                                  const unsigned char *npub,
+                                  const unsigned char *k)
+            __attribute__ ((nonnull(1, 8, 9)));
+
+SODIUM_EXPORT
+int crypto_aead_aegis128l_decrypt(unsigned char *m,
+                                  unsigned long long *mlen_p,
+                                  unsigned char *nsec,
+                                  const unsigned char *c,
+                                  unsigned long long clen,
+                                  const unsigned char *ad,
+                                  unsigned long long adlen,
+                                  const unsigned char *npub,
+                                  const unsigned char *k)
+            __attribute__ ((warn_unused_result)) __attribute__ ((nonnull(4, 8, 9)));
+
+SODIUM_EXPORT
+int crypto_aead_aegis128l_encrypt_detached(unsigned char *c,
+                                           unsigned char *mac,
+                                           unsigned long long *maclen_p,
+                                           const unsigned char *m,
+                                           unsigned long long mlen,
+                                           const unsigned char *ad,
+                                           unsigned long long adlen,
+                                           const unsigned char *nsec,
+                                           const unsigned char *npub,
+                                           const unsigned char *k)
+            __attribute__ ((nonnull(1, 2, 9, 10)));
+
+SODIUM_EXPORT
+int crypto_aead_aegis128l_decrypt_detached(unsigned char *m,
+                                           unsigned char *nsec,
+                                           const unsigned char *c,
+                                           unsigned long long clen,
+                                           const unsigned char *mac,
+                                           const unsigned char *ad,
+                                           unsigned long long adlen,
+                                           const unsigned char *npub,
+                                           const unsigned char *k)
+            __attribute__ ((warn_unused_result)) __attribute__ ((nonnull(3, 5, 8, 9)));
+
+SODIUM_EXPORT
+void crypto_aead_aegis128l_keygen(unsigned char k[crypto_aead_aegis128l_KEYBYTES])
+            __attribute__ ((nonnull));
+
+#ifdef __cplusplus
+}
+#endif
+
+#endif
diff --git a/client/3rd/ShadowSocks/ShadowSocks/libsodium/ios64/include/sodium/crypto_aead_aegis256.h b/client/3rd/ShadowSocks/ShadowSocks/libsodium/ios64/include/sodium/crypto_aead_aegis256.h
new file mode 100644
index 00000000..32e76896
--- /dev/null
+++ b/client/3rd/ShadowSocks/ShadowSocks/libsodium/ios64/include/sodium/crypto_aead_aegis256.h
@@ -0,0 +1,96 @@
+#ifndef crypto_aead_aegis256_H
+#define crypto_aead_aegis256_H
+
+#include <stddef.h>
+#include "export.h"
+
+#ifdef __cplusplus
+# ifdef __GNUC__
+#  pragma GCC diagnostic ignored "-Wlong-long"
+# endif
+extern "C" {
+#endif
+
+SODIUM_EXPORT
+int crypto_aead_aegis256_is_available(void);
+
+#define crypto_aead_aegis256_KEYBYTES  32U
+SODIUM_EXPORT
+size_t crypto_aead_aegis256_keybytes(void);
+
+#define crypto_aead_aegis256_NSECBYTES 0U
+SODIUM_EXPORT
+size_t crypto_aead_aegis256_nsecbytes(void);
+
+#define crypto_aead_aegis256_NPUBBYTES 32U
+SODIUM_EXPORT
+size_t crypto_aead_aegis256_npubbytes(void);
+
+#define crypto_aead_aegis256_ABYTES    16U
+SODIUM_EXPORT
+size_t crypto_aead_aegis256_abytes(void);
+
+#define crypto_aead_aegis256_MESSAGEBYTES_MAX \
+    SODIUM_MIN(SODIUM_SIZE_MAX - crypto_aead_aegis256_ABYTES, \
+               (1ULL << 61) - 1)
+SODIUM_EXPORT
+size_t crypto_aead_aegis256_messagebytes_max(void);
+
+SODIUM_EXPORT
+int crypto_aead_aegis256_encrypt(unsigned char *c,
+                                 unsigned long long *clen_p,
+                                 const unsigned char *m,
+                                 unsigned long long mlen,
+                                 const unsigned char *ad,
+                                 unsigned long long adlen,
+                                 const unsigned char *nsec,
+                                 const unsigned char *npub,
+                                 const unsigned char *k)
+            __attribute__ ((nonnull(1, 8, 9)));
+
+SODIUM_EXPORT
+int crypto_aead_aegis256_decrypt(unsigned char *m,
+                                 unsigned long long *mlen_p,
+                                 unsigned char *nsec,
+                                 const unsigned char *c,
+                                 unsigned long long clen,
+                                 const unsigned char *ad,
+                                 unsigned long long adlen,
+                                 const unsigned char *npub,
+                                 const unsigned char *k)
+            __attribute__ ((warn_unused_result)) __attribute__ ((nonnull(4, 8, 9)));
+
+SODIUM_EXPORT
+int crypto_aead_aegis256_encrypt_detached(unsigned char *c,
+                                          unsigned char *mac,
+                                          unsigned long long *maclen_p,
+                                          const unsigned char *m,
+                                          unsigned long long mlen,
+                                          const unsigned char *ad,
+                                          unsigned long long adlen,
+                                          const unsigned char *nsec,
+                                          const unsigned char *npub,
+                                          const unsigned char *k)
+            __attribute__ ((nonnull(1, 2, 9, 10)));
+
+SODIUM_EXPORT
+int crypto_aead_aegis256_decrypt_detached(unsigned char *m,
+                                          unsigned char *nsec,
+                                          const unsigned char *c,
+                                          unsigned long long clen,
+                                          const unsigned char *mac,
+                                          const unsigned char *ad,
+                                          unsigned long long adlen,
+                                          const unsigned char *npub,
+                                          const unsigned char *k)
+            __attribute__ ((warn_unused_result)) __attribute__ ((nonnull(3, 5, 8, 9)));
+
+SODIUM_EXPORT
+void crypto_aead_aegis256_keygen(unsigned char k[crypto_aead_aegis256_KEYBYTES])
+            __attribute__ ((nonnull));
+
+#ifdef __cplusplus
+}
+#endif
+
+#endif
diff --git a/client/3rd/ShadowSocks/ShadowSocks/libsodium/ios64/include/sodium/crypto_aead_aes256gcm.h b/client/3rd/ShadowSocks/ShadowSocks/libsodium/ios64/include/sodium/crypto_aead_aes256gcm.h
new file mode 100644
index 00000000..9baeb3f1
--- /dev/null
+++ b/client/3rd/ShadowSocks/ShadowSocks/libsodium/ios64/include/sodium/crypto_aead_aes256gcm.h
@@ -0,0 +1,179 @@
+#ifndef crypto_aead_aes256gcm_H
+#define crypto_aead_aes256gcm_H
+
+/*
+ * WARNING: Despite being the most popular AEAD construction due to its
+ * use in TLS, safely using AES-GCM in a different context is tricky.
+ *
+ * No more than ~ 350 GB of input data should be encrypted with a given key.
+ * This is for ~ 16 KB messages -- Actual figures vary according to
+ * message sizes.
+ *
+ * In addition, nonces are short and repeated nonces would totally destroy
+ * the security of this scheme.
+ *
+ * Nonces should thus come from atomic counters, which can be difficult to
+ * set up in a distributed environment.
+ *
+ * Unless you absolutely need AES-GCM, use crypto_aead_xchacha20poly1305_ietf_*()
+ * instead. It doesn't have any of these limitations.
+ * Or, if you don't need to authenticate additional data, just stick to
+ * crypto_secretbox().
+ */
+
+#include <stddef.h>
+#include "export.h"
+
+#ifdef __cplusplus
+# ifdef __GNUC__
+#  pragma GCC diagnostic ignored "-Wlong-long"
+# endif
+extern "C" {
+#endif
+
+SODIUM_EXPORT
+int crypto_aead_aes256gcm_is_available(void);
+
+#define crypto_aead_aes256gcm_KEYBYTES  32U
+SODIUM_EXPORT
+size_t crypto_aead_aes256gcm_keybytes(void);
+
+#define crypto_aead_aes256gcm_NSECBYTES 0U
+SODIUM_EXPORT
+size_t crypto_aead_aes256gcm_nsecbytes(void);
+
+#define crypto_aead_aes256gcm_NPUBBYTES 12U
+SODIUM_EXPORT
+size_t crypto_aead_aes256gcm_npubbytes(void);
+
+#define crypto_aead_aes256gcm_ABYTES    16U
+SODIUM_EXPORT
+size_t crypto_aead_aes256gcm_abytes(void);
+
+#define crypto_aead_aes256gcm_MESSAGEBYTES_MAX \
+    SODIUM_MIN(SODIUM_SIZE_MAX - crypto_aead_aes256gcm_ABYTES, \
+               (16ULL * ((1ULL << 32) - 2ULL)))
+SODIUM_EXPORT
+size_t crypto_aead_aes256gcm_messagebytes_max(void);
+
+typedef struct CRYPTO_ALIGN(16) crypto_aead_aes256gcm_state_ {
+    unsigned char opaque[512];
+} crypto_aead_aes256gcm_state;
+
+SODIUM_EXPORT
+size_t crypto_aead_aes256gcm_statebytes(void);
+
+SODIUM_EXPORT
+int crypto_aead_aes256gcm_encrypt(unsigned char *c,
+                                  unsigned long long *clen_p,
+                                  const unsigned char *m,
+                                  unsigned long long mlen,
+                                  const unsigned char *ad,
+                                  unsigned long long adlen,
+                                  const unsigned char *nsec,
+                                  const unsigned char *npub,
+                                  const unsigned char *k)
+            __attribute__ ((nonnull(1, 8, 9)));
+
+SODIUM_EXPORT
+int crypto_aead_aes256gcm_decrypt(unsigned char *m,
+                                  unsigned long long *mlen_p,
+                                  unsigned char *nsec,
+                                  const unsigned char *c,
+                                  unsigned long long clen,
+                                  const unsigned char *ad,
+                                  unsigned long long adlen,
+                                  const unsigned char *npub,
+                                  const unsigned char *k)
+            __attribute__ ((warn_unused_result)) __attribute__ ((nonnull(4, 8, 9)));
+
+SODIUM_EXPORT
+int crypto_aead_aes256gcm_encrypt_detached(unsigned char *c,
+                                           unsigned char *mac,
+                                           unsigned long long *maclen_p,
+                                           const unsigned char *m,
+                                           unsigned long long mlen,
+                                           const unsigned char *ad,
+                                           unsigned long long adlen,
+                                           const unsigned char *nsec,
+                                           const unsigned char *npub,
+                                           const unsigned char *k)
+            __attribute__ ((nonnull(1, 2, 9, 10)));
+
+SODIUM_EXPORT
+int crypto_aead_aes256gcm_decrypt_detached(unsigned char *m,
+                                           unsigned char *nsec,
+                                           const unsigned char *c,
+                                           unsigned long long clen,
+                                           const unsigned char *mac,
+                                           const unsigned char *ad,
+                                           unsigned long long adlen,
+                                           const unsigned char *npub,
+                                           const unsigned char *k)
+            __attribute__ ((warn_unused_result)) __attribute__ ((nonnull(3, 5, 8, 9)));
+
+/* -- Precomputation interface -- */
+
+SODIUM_EXPORT
+int crypto_aead_aes256gcm_beforenm(crypto_aead_aes256gcm_state *ctx_,
+                                   const unsigned char *k)
+            __attribute__ ((nonnull));
+
+SODIUM_EXPORT
+int crypto_aead_aes256gcm_encrypt_afternm(unsigned char *c,
+                                          unsigned long long *clen_p,
+                                          const unsigned char *m,
+                                          unsigned long long mlen,
+                                          const unsigned char *ad,
+                                          unsigned long long adlen,
+                                          const unsigned char *nsec,
+                                          const unsigned char *npub,
+                                          const crypto_aead_aes256gcm_state *ctx_)
+            __attribute__ ((nonnull(1, 8, 9)));
+
+SODIUM_EXPORT
+int crypto_aead_aes256gcm_decrypt_afternm(unsigned char *m,
+                                          unsigned long long *mlen_p,
+                                          unsigned char *nsec,
+                                          const unsigned char *c,
+                                          unsigned long long clen,
+                                          const unsigned char *ad,
+                                          unsigned long long adlen,
+                                          const unsigned char *npub,
+                                          const crypto_aead_aes256gcm_state *ctx_)
+            __attribute__ ((warn_unused_result)) __attribute__ ((nonnull(4, 8, 9)));
+
+SODIUM_EXPORT
+int crypto_aead_aes256gcm_encrypt_detached_afternm(unsigned char *c,
+                                                   unsigned char *mac,
+                                                   unsigned long long *maclen_p,
+                                                   const unsigned char *m,
+                                                   unsigned long long mlen,
+                                                   const unsigned char *ad,
+                                                   unsigned long long adlen,
+                                                   const unsigned char *nsec,
+                                                   const unsigned char *npub,
+                                                   const crypto_aead_aes256gcm_state *ctx_)
+            __attribute__ ((nonnull(1, 2, 9, 10)));
+
+SODIUM_EXPORT
+int crypto_aead_aes256gcm_decrypt_detached_afternm(unsigned char *m,
+                                                   unsigned char *nsec,
+                                                   const unsigned char *c,
+                                                   unsigned long long clen,
+                                                   const unsigned char *mac,
+                                                   const unsigned char *ad,
+                                                   unsigned long long adlen,
+                                                   const unsigned char *npub,
+                                                   const crypto_aead_aes256gcm_state *ctx_)
+            __attribute__ ((warn_unused_result)) __attribute__ ((nonnull(3, 5, 8, 9)));
+
+SODIUM_EXPORT
+void crypto_aead_aes256gcm_keygen(unsigned char k[crypto_aead_aes256gcm_KEYBYTES])
+            __attribute__ ((nonnull));
+
+#ifdef __cplusplus
+}
+#endif
+
+#endif
diff --git a/client/3rd/ShadowSocks/ShadowSocks/libsodium/ios64/include/sodium/crypto_aead_chacha20poly1305.h b/client/3rd/ShadowSocks/ShadowSocks/libsodium/ios64/include/sodium/crypto_aead_chacha20poly1305.h
new file mode 100644
index 00000000..5d671df1
--- /dev/null
+++ b/client/3rd/ShadowSocks/ShadowSocks/libsodium/ios64/include/sodium/crypto_aead_chacha20poly1305.h
@@ -0,0 +1,180 @@
+#ifndef crypto_aead_chacha20poly1305_H
+#define crypto_aead_chacha20poly1305_H
+
+#include <stddef.h>
+#include "export.h"
+
+#ifdef __cplusplus
+# ifdef __GNUC__
+#  pragma GCC diagnostic ignored "-Wlong-long"
+# endif
+extern "C" {
+#endif
+
+/* -- IETF ChaCha20-Poly1305 construction with a 96-bit nonce and a 32-bit internal counter -- */
+
+#define crypto_aead_chacha20poly1305_ietf_KEYBYTES 32U
+SODIUM_EXPORT
+size_t crypto_aead_chacha20poly1305_ietf_keybytes(void);
+
+#define crypto_aead_chacha20poly1305_ietf_NSECBYTES 0U
+SODIUM_EXPORT
+size_t crypto_aead_chacha20poly1305_ietf_nsecbytes(void);
+
+#define crypto_aead_chacha20poly1305_ietf_NPUBBYTES 12U
+
+SODIUM_EXPORT
+size_t crypto_aead_chacha20poly1305_ietf_npubbytes(void);
+
+#define crypto_aead_chacha20poly1305_ietf_ABYTES 16U
+SODIUM_EXPORT
+size_t crypto_aead_chacha20poly1305_ietf_abytes(void);
+
+#define crypto_aead_chacha20poly1305_ietf_MESSAGEBYTES_MAX \
+    SODIUM_MIN(SODIUM_SIZE_MAX - crypto_aead_chacha20poly1305_ietf_ABYTES, \
+               (64ULL * ((1ULL << 32) - 1ULL)))
+SODIUM_EXPORT
+size_t crypto_aead_chacha20poly1305_ietf_messagebytes_max(void);
+
+SODIUM_EXPORT
+int crypto_aead_chacha20poly1305_ietf_encrypt(unsigned char *c,
+                                              unsigned long long *clen_p,
+                                              const unsigned char *m,
+                                              unsigned long long mlen,
+                                              const unsigned char *ad,
+                                              unsigned long long adlen,
+                                              const unsigned char *nsec,
+                                              const unsigned char *npub,
+                                              const unsigned char *k)
+            __attribute__ ((nonnull(1, 8, 9)));
+
+SODIUM_EXPORT
+int crypto_aead_chacha20poly1305_ietf_decrypt(unsigned char *m,
+                                              unsigned long long *mlen_p,
+                                              unsigned char *nsec,
+                                              const unsigned char *c,
+                                              unsigned long long clen,
+                                              const unsigned char *ad,
+                                              unsigned long long adlen,
+                                              const unsigned char *npub,
+                                              const unsigned char *k)
+            __attribute__ ((warn_unused_result)) __attribute__ ((nonnull(4, 8, 9)));
+
+SODIUM_EXPORT
+int crypto_aead_chacha20poly1305_ietf_encrypt_detached(unsigned char *c,
+                                                       unsigned char *mac,
+                                                       unsigned long long *maclen_p,
+                                                       const unsigned char *m,
+                                                       unsigned long long mlen,
+                                                       const unsigned char *ad,
+                                                       unsigned long long adlen,
+                                                       const unsigned char *nsec,
+                                                       const unsigned char *npub,
+                                                       const unsigned char *k)
+            __attribute__ ((nonnull(1, 2, 9, 10)));
+
+SODIUM_EXPORT
+int crypto_aead_chacha20poly1305_ietf_decrypt_detached(unsigned char *m,
+                                                       unsigned char *nsec,
+                                                       const unsigned char *c,
+                                                       unsigned long long clen,
+                                                       const unsigned char *mac,
+                                                       const unsigned char *ad,
+                                                       unsigned long long adlen,
+                                                       const unsigned char *npub,
+                                                       const unsigned char *k)
+            __attribute__ ((warn_unused_result)) __attribute__ ((nonnull(3, 5, 8, 9)));
+
+SODIUM_EXPORT
+void crypto_aead_chacha20poly1305_ietf_keygen(unsigned char k[crypto_aead_chacha20poly1305_ietf_KEYBYTES])
+            __attribute__ ((nonnull));
+
+/* -- Original ChaCha20-Poly1305 construction with a 64-bit nonce and a 64-bit internal counter -- */
+
+#define crypto_aead_chacha20poly1305_KEYBYTES 32U
+SODIUM_EXPORT
+size_t crypto_aead_chacha20poly1305_keybytes(void);
+
+#define crypto_aead_chacha20poly1305_NSECBYTES 0U
+SODIUM_EXPORT
+size_t crypto_aead_chacha20poly1305_nsecbytes(void);
+
+#define crypto_aead_chacha20poly1305_NPUBBYTES 8U
+SODIUM_EXPORT
+size_t crypto_aead_chacha20poly1305_npubbytes(void);
+
+#define crypto_aead_chacha20poly1305_ABYTES 16U
+SODIUM_EXPORT
+size_t crypto_aead_chacha20poly1305_abytes(void);
+
+#define crypto_aead_chacha20poly1305_MESSAGEBYTES_MAX \
+    (SODIUM_SIZE_MAX - crypto_aead_chacha20poly1305_ABYTES)
+SODIUM_EXPORT
+size_t crypto_aead_chacha20poly1305_messagebytes_max(void);
+
+SODIUM_EXPORT
+int crypto_aead_chacha20poly1305_encrypt(unsigned char *c,
+                                         unsigned long long *clen_p,
+                                         const unsigned char *m,
+                                         unsigned long long mlen,
+                                         const unsigned char *ad,
+                                         unsigned long long adlen,
+                                         const unsigned char *nsec,
+                                         const unsigned char *npub,
+                                         const unsigned char *k)
+            __attribute__ ((nonnull(1, 8, 9)));
+
+SODIUM_EXPORT
+int crypto_aead_chacha20poly1305_decrypt(unsigned char *m,
+                                         unsigned long long *mlen_p,
+                                         unsigned char *nsec,
+                                         const unsigned char *c,
+                                         unsigned long long clen,
+                                         const unsigned char *ad,
+                                         unsigned long long adlen,
+                                         const unsigned char *npub,
+                                         const unsigned char *k)
+            __attribute__ ((warn_unused_result)) __attribute__ ((nonnull(4, 8, 9)));
+
+SODIUM_EXPORT
+int crypto_aead_chacha20poly1305_encrypt_detached(unsigned char *c,
+                                                  unsigned char *mac,
+                                                  unsigned long long *maclen_p,
+                                                  const unsigned char *m,
+                                                  unsigned long long mlen,
+                                                  const unsigned char *ad,
+                                                  unsigned long long adlen,
+                                                  const unsigned char *nsec,
+                                                  const unsigned char *npub,
+                                                  const unsigned char *k)
+            __attribute__ ((nonnull(1, 2, 9, 10)));
+
+SODIUM_EXPORT
+int crypto_aead_chacha20poly1305_decrypt_detached(unsigned char *m,
+                                                  unsigned char *nsec,
+                                                  const unsigned char *c,
+                                                  unsigned long long clen,
+                                                  const unsigned char *mac,
+                                                  const unsigned char *ad,
+                                                  unsigned long long adlen,
+                                                  const unsigned char *npub,
+                                                  const unsigned char *k)
+            __attribute__ ((warn_unused_result)) __attribute__ ((nonnull(3, 5, 8, 9)));
+
+SODIUM_EXPORT
+void crypto_aead_chacha20poly1305_keygen(unsigned char k[crypto_aead_chacha20poly1305_KEYBYTES])
+            __attribute__ ((nonnull));
+
+/* Aliases */
+
+#define crypto_aead_chacha20poly1305_IETF_KEYBYTES         crypto_aead_chacha20poly1305_ietf_KEYBYTES
+#define crypto_aead_chacha20poly1305_IETF_NSECBYTES        crypto_aead_chacha20poly1305_ietf_NSECBYTES
+#define crypto_aead_chacha20poly1305_IETF_NPUBBYTES        crypto_aead_chacha20poly1305_ietf_NPUBBYTES
+#define crypto_aead_chacha20poly1305_IETF_ABYTES           crypto_aead_chacha20poly1305_ietf_ABYTES
+#define crypto_aead_chacha20poly1305_IETF_MESSAGEBYTES_MAX crypto_aead_chacha20poly1305_ietf_MESSAGEBYTES_MAX
+
+#ifdef __cplusplus
+}
+#endif
+
+#endif
diff --git a/client/3rd/ShadowSocks/ShadowSocks/libsodium/ios64/include/sodium/crypto_aead_xchacha20poly1305.h b/client/3rd/ShadowSocks/ShadowSocks/libsodium/ios64/include/sodium/crypto_aead_xchacha20poly1305.h
new file mode 100644
index 00000000..6643b0cb
--- /dev/null
+++ b/client/3rd/ShadowSocks/ShadowSocks/libsodium/ios64/include/sodium/crypto_aead_xchacha20poly1305.h
@@ -0,0 +1,100 @@
+#ifndef crypto_aead_xchacha20poly1305_H
+#define crypto_aead_xchacha20poly1305_H
+
+#include <stddef.h>
+#include "export.h"
+
+#ifdef __cplusplus
+# ifdef __GNUC__
+#  pragma GCC diagnostic ignored "-Wlong-long"
+# endif
+extern "C" {
+#endif
+
+#define crypto_aead_xchacha20poly1305_ietf_KEYBYTES 32U
+SODIUM_EXPORT
+size_t crypto_aead_xchacha20poly1305_ietf_keybytes(void);
+
+#define crypto_aead_xchacha20poly1305_ietf_NSECBYTES 0U
+SODIUM_EXPORT
+size_t crypto_aead_xchacha20poly1305_ietf_nsecbytes(void);
+
+#define crypto_aead_xchacha20poly1305_ietf_NPUBBYTES 24U
+SODIUM_EXPORT
+size_t crypto_aead_xchacha20poly1305_ietf_npubbytes(void);
+
+#define crypto_aead_xchacha20poly1305_ietf_ABYTES 16U
+SODIUM_EXPORT
+size_t crypto_aead_xchacha20poly1305_ietf_abytes(void);
+
+#define crypto_aead_xchacha20poly1305_ietf_MESSAGEBYTES_MAX \
+    (SODIUM_SIZE_MAX - crypto_aead_xchacha20poly1305_ietf_ABYTES)
+SODIUM_EXPORT
+size_t crypto_aead_xchacha20poly1305_ietf_messagebytes_max(void);
+
+SODIUM_EXPORT
+int crypto_aead_xchacha20poly1305_ietf_encrypt(unsigned char *c,
+                                               unsigned long long *clen_p,
+                                               const unsigned char *m,
+                                               unsigned long long mlen,
+                                               const unsigned char *ad,
+                                               unsigned long long adlen,
+                                               const unsigned char *nsec,
+                                               const unsigned char *npub,
+                                               const unsigned char *k)
+            __attribute__ ((nonnull(1, 8, 9)));
+
+SODIUM_EXPORT
+int crypto_aead_xchacha20poly1305_ietf_decrypt(unsigned char *m,
+                                               unsigned long long *mlen_p,
+                                               unsigned char *nsec,
+                                               const unsigned char *c,
+                                               unsigned long long clen,
+                                               const unsigned char *ad,
+                                               unsigned long long adlen,
+                                               const unsigned char *npub,
+                                               const unsigned char *k)
+            __attribute__ ((warn_unused_result)) __attribute__ ((nonnull(4, 8, 9)));
+
+SODIUM_EXPORT
+int crypto_aead_xchacha20poly1305_ietf_encrypt_detached(unsigned char *c,
+                                                        unsigned char *mac,
+                                                        unsigned long long *maclen_p,
+                                                        const unsigned char *m,
+                                                        unsigned long long mlen,
+                                                        const unsigned char *ad,
+                                                        unsigned long long adlen,
+                                                        const unsigned char *nsec,
+                                                        const unsigned char *npub,
+                                                        const unsigned char *k)
+            __attribute__ ((nonnull(1, 2, 9, 10)));
+
+SODIUM_EXPORT
+int crypto_aead_xchacha20poly1305_ietf_decrypt_detached(unsigned char *m,
+                                                        unsigned char *nsec,
+                                                        const unsigned char *c,
+                                                        unsigned long long clen,
+                                                        const unsigned char *mac,
+                                                        const unsigned char *ad,
+                                                        unsigned long long adlen,
+                                                        const unsigned char *npub,
+                                                        const unsigned char *k)
+            __attribute__ ((warn_unused_result)) __attribute__ ((nonnull(3, 5, 8, 9)));
+
+SODIUM_EXPORT
+void crypto_aead_xchacha20poly1305_ietf_keygen(unsigned char k[crypto_aead_xchacha20poly1305_ietf_KEYBYTES])
+            __attribute__ ((nonnull));
+
+/* Aliases */
+
+#define crypto_aead_xchacha20poly1305_IETF_KEYBYTES         crypto_aead_xchacha20poly1305_ietf_KEYBYTES
+#define crypto_aead_xchacha20poly1305_IETF_NSECBYTES        crypto_aead_xchacha20poly1305_ietf_NSECBYTES
+#define crypto_aead_xchacha20poly1305_IETF_NPUBBYTES        crypto_aead_xchacha20poly1305_ietf_NPUBBYTES
+#define crypto_aead_xchacha20poly1305_IETF_ABYTES           crypto_aead_xchacha20poly1305_ietf_ABYTES
+#define crypto_aead_xchacha20poly1305_IETF_MESSAGEBYTES_MAX crypto_aead_xchacha20poly1305_ietf_MESSAGEBYTES_MAX
+
+#ifdef __cplusplus
+}
+#endif
+
+#endif
diff --git a/client/3rd/ShadowSocks/ShadowSocks/libsodium/ios64/include/sodium/crypto_auth.h b/client/3rd/ShadowSocks/ShadowSocks/libsodium/ios64/include/sodium/crypto_auth.h
new file mode 100644
index 00000000..540aee0e
--- /dev/null
+++ b/client/3rd/ShadowSocks/ShadowSocks/libsodium/ios64/include/sodium/crypto_auth.h
@@ -0,0 +1,46 @@
+#ifndef crypto_auth_H
+#define crypto_auth_H
+
+#include <stddef.h>
+
+#include "crypto_auth_hmacsha512256.h"
+#include "export.h"
+
+#ifdef __cplusplus
+# ifdef __GNUC__
+#  pragma GCC diagnostic ignored "-Wlong-long"
+# endif
+extern "C" {
+#endif
+
+#define crypto_auth_BYTES crypto_auth_hmacsha512256_BYTES
+SODIUM_EXPORT
+size_t  crypto_auth_bytes(void);
+
+#define crypto_auth_KEYBYTES crypto_auth_hmacsha512256_KEYBYTES
+SODIUM_EXPORT
+size_t  crypto_auth_keybytes(void);
+
+#define crypto_auth_PRIMITIVE "hmacsha512256"
+SODIUM_EXPORT
+const char *crypto_auth_primitive(void);
+
+SODIUM_EXPORT
+int crypto_auth(unsigned char *out, const unsigned char *in,
+                unsigned long long inlen, const unsigned char *k)
+            __attribute__ ((nonnull(1, 4)));
+
+SODIUM_EXPORT
+int crypto_auth_verify(const unsigned char *h, const unsigned char *in,
+                       unsigned long long inlen, const unsigned char *k)
+            __attribute__ ((warn_unused_result)) __attribute__ ((nonnull(1, 4)));
+
+SODIUM_EXPORT
+void crypto_auth_keygen(unsigned char k[crypto_auth_KEYBYTES])
+            __attribute__ ((nonnull));
+
+#ifdef __cplusplus
+}
+#endif
+
+#endif
diff --git a/client/3rd/ShadowSocks/ShadowSocks/libsodium/ios64/include/sodium/crypto_auth_hmacsha256.h b/client/3rd/ShadowSocks/ShadowSocks/libsodium/ios64/include/sodium/crypto_auth_hmacsha256.h
new file mode 100644
index 00000000..3da864c7
--- /dev/null
+++ b/client/3rd/ShadowSocks/ShadowSocks/libsodium/ios64/include/sodium/crypto_auth_hmacsha256.h
@@ -0,0 +1,70 @@
+#ifndef crypto_auth_hmacsha256_H
+#define crypto_auth_hmacsha256_H
+
+#include <stddef.h>
+#include "crypto_hash_sha256.h"
+#include "export.h"
+
+#ifdef __cplusplus
+# ifdef __GNUC__
+#  pragma GCC diagnostic ignored "-Wlong-long"
+# endif
+extern "C" {
+#endif
+
+#define crypto_auth_hmacsha256_BYTES 32U
+SODIUM_EXPORT
+size_t crypto_auth_hmacsha256_bytes(void);
+
+#define crypto_auth_hmacsha256_KEYBYTES 32U
+SODIUM_EXPORT
+size_t crypto_auth_hmacsha256_keybytes(void);
+
+SODIUM_EXPORT
+int crypto_auth_hmacsha256(unsigned char *out,
+                           const unsigned char *in,
+                           unsigned long long inlen,
+                           const unsigned char *k) __attribute__ ((nonnull(1, 4)));
+
+SODIUM_EXPORT
+int crypto_auth_hmacsha256_verify(const unsigned char *h,
+                                  const unsigned char *in,
+                                  unsigned long long inlen,
+                                  const unsigned char *k)
+            __attribute__ ((warn_unused_result)) __attribute__ ((nonnull(1, 4)));
+
+/* ------------------------------------------------------------------------- */
+
+typedef struct crypto_auth_hmacsha256_state {
+    crypto_hash_sha256_state ictx;
+    crypto_hash_sha256_state octx;
+} crypto_auth_hmacsha256_state;
+
+SODIUM_EXPORT
+size_t crypto_auth_hmacsha256_statebytes(void);
+
+SODIUM_EXPORT
+int crypto_auth_hmacsha256_init(crypto_auth_hmacsha256_state *state,
+                                const unsigned char *key,
+                                size_t keylen) __attribute__ ((nonnull));
+
+SODIUM_EXPORT
+int crypto_auth_hmacsha256_update(crypto_auth_hmacsha256_state *state,
+                                  const unsigned char *in,
+                                  unsigned long long inlen)
+            __attribute__ ((nonnull(1)));
+
+SODIUM_EXPORT
+int crypto_auth_hmacsha256_final(crypto_auth_hmacsha256_state *state,
+                                 unsigned char *out) __attribute__ ((nonnull));
+
+
+SODIUM_EXPORT
+void crypto_auth_hmacsha256_keygen(unsigned char k[crypto_auth_hmacsha256_KEYBYTES])
+            __attribute__ ((nonnull));
+
+#ifdef __cplusplus
+}
+#endif
+
+#endif
diff --git a/client/3rd/ShadowSocks/ShadowSocks/libsodium/ios64/include/sodium/crypto_auth_hmacsha512.h b/client/3rd/ShadowSocks/ShadowSocks/libsodium/ios64/include/sodium/crypto_auth_hmacsha512.h
new file mode 100644
index 00000000..d992cb81
--- /dev/null
+++ b/client/3rd/ShadowSocks/ShadowSocks/libsodium/ios64/include/sodium/crypto_auth_hmacsha512.h
@@ -0,0 +1,68 @@
+#ifndef crypto_auth_hmacsha512_H
+#define crypto_auth_hmacsha512_H
+
+#include <stddef.h>
+#include "crypto_hash_sha512.h"
+#include "export.h"
+
+#ifdef __cplusplus
+# ifdef __GNUC__
+#  pragma GCC diagnostic ignored "-Wlong-long"
+# endif
+extern "C" {
+#endif
+
+#define crypto_auth_hmacsha512_BYTES 64U
+SODIUM_EXPORT
+size_t crypto_auth_hmacsha512_bytes(void);
+
+#define crypto_auth_hmacsha512_KEYBYTES 32U
+SODIUM_EXPORT
+size_t crypto_auth_hmacsha512_keybytes(void);
+
+SODIUM_EXPORT
+int crypto_auth_hmacsha512(unsigned char *out,
+                           const unsigned char *in,
+                           unsigned long long inlen,
+                           const unsigned char *k) __attribute__ ((nonnull(1, 4)));
+
+SODIUM_EXPORT
+int crypto_auth_hmacsha512_verify(const unsigned char *h,
+                                  const unsigned char *in,
+                                  unsigned long long inlen,
+                                  const unsigned char *k)
+            __attribute__ ((warn_unused_result)) __attribute__ ((nonnull(1, 4)));
+
+/* ------------------------------------------------------------------------- */
+
+typedef struct crypto_auth_hmacsha512_state {
+    crypto_hash_sha512_state ictx;
+    crypto_hash_sha512_state octx;
+} crypto_auth_hmacsha512_state;
+
+SODIUM_EXPORT
+size_t crypto_auth_hmacsha512_statebytes(void);
+
+SODIUM_EXPORT
+int crypto_auth_hmacsha512_init(crypto_auth_hmacsha512_state *state,
+                                const unsigned char *key,
+                                size_t keylen) __attribute__ ((nonnull));
+
+SODIUM_EXPORT
+int crypto_auth_hmacsha512_update(crypto_auth_hmacsha512_state *state,
+                                  const unsigned char *in,
+                                  unsigned long long inlen) __attribute__ ((nonnull(1)));
+
+SODIUM_EXPORT
+int crypto_auth_hmacsha512_final(crypto_auth_hmacsha512_state *state,
+                                 unsigned char *out) __attribute__ ((nonnull));
+
+SODIUM_EXPORT
+void crypto_auth_hmacsha512_keygen(unsigned char k[crypto_auth_hmacsha512_KEYBYTES])
+            __attribute__ ((nonnull));
+
+#ifdef __cplusplus
+}
+#endif
+
+#endif
diff --git a/client/3rd/ShadowSocks/ShadowSocks/libsodium/ios64/include/sodium/crypto_auth_hmacsha512256.h b/client/3rd/ShadowSocks/ShadowSocks/libsodium/ios64/include/sodium/crypto_auth_hmacsha512256.h
new file mode 100644
index 00000000..3fb52638
--- /dev/null
+++ b/client/3rd/ShadowSocks/ShadowSocks/libsodium/ios64/include/sodium/crypto_auth_hmacsha512256.h
@@ -0,0 +1,65 @@
+#ifndef crypto_auth_hmacsha512256_H
+#define crypto_auth_hmacsha512256_H
+
+#include <stddef.h>
+#include "crypto_auth_hmacsha512.h"
+#include "export.h"
+
+#ifdef __cplusplus
+# ifdef __GNUC__
+#  pragma GCC diagnostic ignored "-Wlong-long"
+# endif
+extern "C" {
+#endif
+
+#define crypto_auth_hmacsha512256_BYTES 32U
+SODIUM_EXPORT
+size_t crypto_auth_hmacsha512256_bytes(void);
+
+#define crypto_auth_hmacsha512256_KEYBYTES 32U
+SODIUM_EXPORT
+size_t crypto_auth_hmacsha512256_keybytes(void);
+
+SODIUM_EXPORT
+int crypto_auth_hmacsha512256(unsigned char *out,
+                              const unsigned char *in,
+                              unsigned long long inlen,
+                              const unsigned char *k) __attribute__ ((nonnull(1, 4)));
+
+SODIUM_EXPORT
+int crypto_auth_hmacsha512256_verify(const unsigned char *h,
+                                     const unsigned char *in,
+                                     unsigned long long inlen,
+                                     const unsigned char *k)
+            __attribute__ ((warn_unused_result)) __attribute__ ((nonnull(1, 4)));
+
+/* ------------------------------------------------------------------------- */
+
+typedef crypto_auth_hmacsha512_state crypto_auth_hmacsha512256_state;
+
+SODIUM_EXPORT
+size_t crypto_auth_hmacsha512256_statebytes(void);
+
+SODIUM_EXPORT
+int crypto_auth_hmacsha512256_init(crypto_auth_hmacsha512256_state *state,
+                                   const unsigned char *key,
+                                   size_t keylen) __attribute__ ((nonnull));
+
+SODIUM_EXPORT
+int crypto_auth_hmacsha512256_update(crypto_auth_hmacsha512256_state *state,
+                                     const unsigned char *in,
+                                     unsigned long long inlen) __attribute__ ((nonnull(1)));
+
+SODIUM_EXPORT
+int crypto_auth_hmacsha512256_final(crypto_auth_hmacsha512256_state *state,
+                                    unsigned char *out) __attribute__ ((nonnull));
+
+SODIUM_EXPORT
+void crypto_auth_hmacsha512256_keygen(unsigned char k[crypto_auth_hmacsha512256_KEYBYTES])
+            __attribute__ ((nonnull));
+
+#ifdef __cplusplus
+}
+#endif
+
+#endif
diff --git a/client/3rd/ShadowSocks/ShadowSocks/libsodium/ios64/include/sodium/crypto_box.h b/client/3rd/ShadowSocks/ShadowSocks/libsodium/ios64/include/sodium/crypto_box.h
new file mode 100644
index 00000000..0008e020
--- /dev/null
+++ b/client/3rd/ShadowSocks/ShadowSocks/libsodium/ios64/include/sodium/crypto_box.h
@@ -0,0 +1,177 @@
+#ifndef crypto_box_H
+#define crypto_box_H
+
+/*
+ * THREAD SAFETY: crypto_box_keypair() is thread-safe,
+ * provided that sodium_init() was called before.
+ *
+ * Other functions are always thread-safe.
+ */
+
+#include <stddef.h>
+
+#include "crypto_box_curve25519xsalsa20poly1305.h"
+#include "export.h"
+
+#ifdef __cplusplus
+# ifdef __GNUC__
+#  pragma GCC diagnostic ignored "-Wlong-long"
+# endif
+extern "C" {
+#endif
+
+#define crypto_box_SEEDBYTES crypto_box_curve25519xsalsa20poly1305_SEEDBYTES
+SODIUM_EXPORT
+size_t  crypto_box_seedbytes(void);
+
+#define crypto_box_PUBLICKEYBYTES crypto_box_curve25519xsalsa20poly1305_PUBLICKEYBYTES
+SODIUM_EXPORT
+size_t  crypto_box_publickeybytes(void);
+
+#define crypto_box_SECRETKEYBYTES crypto_box_curve25519xsalsa20poly1305_SECRETKEYBYTES
+SODIUM_EXPORT
+size_t  crypto_box_secretkeybytes(void);
+
+#define crypto_box_NONCEBYTES crypto_box_curve25519xsalsa20poly1305_NONCEBYTES
+SODIUM_EXPORT
+size_t  crypto_box_noncebytes(void);
+
+#define crypto_box_MACBYTES crypto_box_curve25519xsalsa20poly1305_MACBYTES
+SODIUM_EXPORT
+size_t  crypto_box_macbytes(void);
+
+#define crypto_box_MESSAGEBYTES_MAX crypto_box_curve25519xsalsa20poly1305_MESSAGEBYTES_MAX
+SODIUM_EXPORT
+size_t  crypto_box_messagebytes_max(void);
+
+#define crypto_box_PRIMITIVE "curve25519xsalsa20poly1305"
+SODIUM_EXPORT
+const char *crypto_box_primitive(void);
+
+SODIUM_EXPORT
+int crypto_box_seed_keypair(unsigned char *pk, unsigned char *sk,
+                            const unsigned char *seed)
+            __attribute__ ((nonnull));
+
+SODIUM_EXPORT
+int crypto_box_keypair(unsigned char *pk, unsigned char *sk)
+            __attribute__ ((nonnull));
+
+SODIUM_EXPORT
+int crypto_box_easy(unsigned char *c, const unsigned char *m,
+                    unsigned long long mlen, const unsigned char *n,
+                    const unsigned char *pk, const unsigned char *sk)
+            __attribute__ ((warn_unused_result)) __attribute__ ((nonnull(1, 4, 5, 6)));
+
+SODIUM_EXPORT
+int crypto_box_open_easy(unsigned char *m, const unsigned char *c,
+                         unsigned long long clen, const unsigned char *n,
+                         const unsigned char *pk, const unsigned char *sk)
+            __attribute__ ((warn_unused_result)) __attribute__ ((nonnull(2, 4, 5, 6)));
+
+SODIUM_EXPORT
+int crypto_box_detached(unsigned char *c, unsigned char *mac,
+                        const unsigned char *m, unsigned long long mlen,
+                        const unsigned char *n, const unsigned char *pk,
+                        const unsigned char *sk)
+            __attribute__ ((warn_unused_result)) __attribute__ ((nonnull(1, 2, 5, 6, 7)));
+
+SODIUM_EXPORT
+int crypto_box_open_detached(unsigned char *m, const unsigned char *c,
+                             const unsigned char *mac,
+                             unsigned long long clen,
+                             const unsigned char *n,
+                             const unsigned char *pk,
+                             const unsigned char *sk)
+            __attribute__ ((warn_unused_result)) __attribute__ ((nonnull(2, 3, 5, 6, 7)));
+
+/* -- Precomputation interface -- */
+
+#define crypto_box_BEFORENMBYTES crypto_box_curve25519xsalsa20poly1305_BEFORENMBYTES
+SODIUM_EXPORT
+size_t  crypto_box_beforenmbytes(void);
+
+SODIUM_EXPORT
+int crypto_box_beforenm(unsigned char *k, const unsigned char *pk,
+                        const unsigned char *sk)
+            __attribute__ ((warn_unused_result)) __attribute__ ((nonnull));
+
+SODIUM_EXPORT
+int crypto_box_easy_afternm(unsigned char *c, const unsigned char *m,
+                            unsigned long long mlen, const unsigned char *n,
+                            const unsigned char *k) __attribute__ ((nonnull(1, 4, 5)));
+
+SODIUM_EXPORT
+int crypto_box_open_easy_afternm(unsigned char *m, const unsigned char *c,
+                                 unsigned long long clen, const unsigned char *n,
+                                 const unsigned char *k)
+            __attribute__ ((warn_unused_result)) __attribute__ ((nonnull(2, 4, 5)));
+
+SODIUM_EXPORT
+int crypto_box_detached_afternm(unsigned char *c, unsigned char *mac,
+                                const unsigned char *m, unsigned long long mlen,
+                                const unsigned char *n, const unsigned char *k)
+            __attribute__ ((nonnull(1, 2, 5, 6)));
+
+SODIUM_EXPORT
+int crypto_box_open_detached_afternm(unsigned char *m, const unsigned char *c,
+                                     const unsigned char *mac,
+                                     unsigned long long clen, const unsigned char *n,
+                                     const unsigned char *k)
+            __attribute__ ((warn_unused_result)) __attribute__ ((nonnull(2, 3, 5, 6)));
+
+/* -- Ephemeral SK interface -- */
+
+#define crypto_box_SEALBYTES (crypto_box_PUBLICKEYBYTES + crypto_box_MACBYTES)
+SODIUM_EXPORT
+size_t crypto_box_sealbytes(void);
+
+SODIUM_EXPORT
+int crypto_box_seal(unsigned char *c, const unsigned char *m,
+                    unsigned long long mlen, const unsigned char *pk)
+            __attribute__ ((nonnull(1, 4)));
+
+SODIUM_EXPORT
+int crypto_box_seal_open(unsigned char *m, const unsigned char *c,
+                         unsigned long long clen,
+                         const unsigned char *pk, const unsigned char *sk)
+            __attribute__ ((warn_unused_result)) __attribute__ ((nonnull(2, 4, 5)));
+
+/* -- NaCl compatibility interface ; Requires padding -- */
+
+#define crypto_box_ZEROBYTES crypto_box_curve25519xsalsa20poly1305_ZEROBYTES
+SODIUM_EXPORT
+size_t  crypto_box_zerobytes(void) __attribute__ ((deprecated));
+
+#define crypto_box_BOXZEROBYTES crypto_box_curve25519xsalsa20poly1305_BOXZEROBYTES
+SODIUM_EXPORT
+size_t  crypto_box_boxzerobytes(void) __attribute__ ((deprecated));
+
+SODIUM_EXPORT
+int crypto_box(unsigned char *c, const unsigned char *m,
+               unsigned long long mlen, const unsigned char *n,
+               const unsigned char *pk, const unsigned char *sk)
+            __attribute__ ((deprecated)) __attribute__ ((warn_unused_result)) __attribute__ ((nonnull(1, 4, 5, 6)));
+
+SODIUM_EXPORT
+int crypto_box_open(unsigned char *m, const unsigned char *c,
+                    unsigned long long clen, const unsigned char *n,
+                    const unsigned char *pk, const unsigned char *sk)
+            __attribute__ ((deprecated)) __attribute__ ((warn_unused_result)) __attribute__ ((nonnull(2, 4, 5, 6)));
+
+SODIUM_EXPORT
+int crypto_box_afternm(unsigned char *c, const unsigned char *m,
+                       unsigned long long mlen, const unsigned char *n,
+                       const unsigned char *k) __attribute__ ((deprecated)) __attribute__ ((nonnull(1, 4, 5)));
+
+SODIUM_EXPORT
+int crypto_box_open_afternm(unsigned char *m, const unsigned char *c,
+                            unsigned long long clen, const unsigned char *n,
+                            const unsigned char *k)
+            __attribute__ ((warn_unused_result)) __attribute__ ((deprecated)) __attribute__ ((nonnull(2, 4, 5)));
+
+#ifdef __cplusplus
+}
+#endif
+
+#endif
diff --git a/client/3rd/ShadowSocks/ShadowSocks/libsodium/ios64/include/sodium/crypto_box_curve25519xchacha20poly1305.h b/client/3rd/ShadowSocks/ShadowSocks/libsodium/ios64/include/sodium/crypto_box_curve25519xchacha20poly1305.h
new file mode 100644
index 00000000..26a3d31e
--- /dev/null
+++ b/client/3rd/ShadowSocks/ShadowSocks/libsodium/ios64/include/sodium/crypto_box_curve25519xchacha20poly1305.h
@@ -0,0 +1,164 @@
+
+#ifndef crypto_box_curve25519xchacha20poly1305_H
+#define crypto_box_curve25519xchacha20poly1305_H
+
+#include <stddef.h>
+#include "crypto_stream_xchacha20.h"
+#include "export.h"
+
+#ifdef __cplusplus
+# ifdef __GNUC__
+#  pragma GCC diagnostic ignored "-Wlong-long"
+# endif
+extern "C" {
+#endif
+
+#define crypto_box_curve25519xchacha20poly1305_SEEDBYTES 32U
+SODIUM_EXPORT
+size_t crypto_box_curve25519xchacha20poly1305_seedbytes(void);
+
+#define crypto_box_curve25519xchacha20poly1305_PUBLICKEYBYTES 32U
+SODIUM_EXPORT
+size_t crypto_box_curve25519xchacha20poly1305_publickeybytes(void);
+
+#define crypto_box_curve25519xchacha20poly1305_SECRETKEYBYTES 32U
+SODIUM_EXPORT
+size_t crypto_box_curve25519xchacha20poly1305_secretkeybytes(void);
+
+#define crypto_box_curve25519xchacha20poly1305_BEFORENMBYTES 32U
+SODIUM_EXPORT
+size_t crypto_box_curve25519xchacha20poly1305_beforenmbytes(void);
+
+#define crypto_box_curve25519xchacha20poly1305_NONCEBYTES 24U
+SODIUM_EXPORT
+size_t crypto_box_curve25519xchacha20poly1305_noncebytes(void);
+
+#define crypto_box_curve25519xchacha20poly1305_MACBYTES 16U
+SODIUM_EXPORT
+size_t crypto_box_curve25519xchacha20poly1305_macbytes(void);
+
+#define crypto_box_curve25519xchacha20poly1305_MESSAGEBYTES_MAX \
+    (crypto_stream_xchacha20_MESSAGEBYTES_MAX - crypto_box_curve25519xchacha20poly1305_MACBYTES)
+SODIUM_EXPORT
+size_t crypto_box_curve25519xchacha20poly1305_messagebytes_max(void);
+
+SODIUM_EXPORT
+int crypto_box_curve25519xchacha20poly1305_seed_keypair(unsigned char *pk,
+                                                        unsigned char *sk,
+                                                        const unsigned char *seed)
+            __attribute__ ((nonnull));
+
+SODIUM_EXPORT
+int crypto_box_curve25519xchacha20poly1305_keypair(unsigned char *pk,
+                                                   unsigned char *sk)
+            __attribute__ ((nonnull));
+
+SODIUM_EXPORT
+int crypto_box_curve25519xchacha20poly1305_easy(unsigned char *c,
+                                                const unsigned char *m,
+                                                unsigned long long mlen,
+                                                const unsigned char *n,
+                                                const unsigned char *pk,
+                                                const unsigned char *sk)
+            __attribute__ ((warn_unused_result)) __attribute__ ((nonnull(1, 4, 5, 6)));
+
+SODIUM_EXPORT
+int crypto_box_curve25519xchacha20poly1305_open_easy(unsigned char *m,
+                                                     const unsigned char *c,
+                                                     unsigned long long clen,
+                                                     const unsigned char *n,
+                                                     const unsigned char *pk,
+                                                     const unsigned char *sk)
+            __attribute__ ((warn_unused_result)) __attribute__ ((nonnull(2, 4, 5, 6)));
+
+SODIUM_EXPORT
+int crypto_box_curve25519xchacha20poly1305_detached(unsigned char *c,
+                                                    unsigned char *mac,
+                                                    const unsigned char *m,
+                                                    unsigned long long mlen,
+                                                    const unsigned char *n,
+                                                    const unsigned char *pk,
+                                                    const unsigned char *sk)
+            __attribute__ ((warn_unused_result)) __attribute__ ((nonnull(1, 2, 5, 6, 7)));
+
+SODIUM_EXPORT
+int crypto_box_curve25519xchacha20poly1305_open_detached(unsigned char *m,
+                                                         const unsigned char *c,
+                                                         const unsigned char *mac,
+                                                         unsigned long long clen,
+                                                         const unsigned char *n,
+                                                         const unsigned char *pk,
+                                                         const unsigned char *sk)
+            __attribute__ ((warn_unused_result)) __attribute__ ((nonnull(2, 3, 5, 6, 7)));
+
+/* -- Precomputation interface -- */
+
+SODIUM_EXPORT
+int crypto_box_curve25519xchacha20poly1305_beforenm(unsigned char *k,
+                                                    const unsigned char *pk,
+                                                    const unsigned char *sk)
+            __attribute__ ((warn_unused_result)) __attribute__ ((nonnull));
+
+SODIUM_EXPORT
+int crypto_box_curve25519xchacha20poly1305_easy_afternm(unsigned char *c,
+                                                        const unsigned char *m,
+                                                        unsigned long long mlen,
+                                                        const unsigned char *n,
+                                                        const unsigned char *k)
+            __attribute__ ((nonnull(1, 4, 5)));
+
+SODIUM_EXPORT
+int crypto_box_curve25519xchacha20poly1305_open_easy_afternm(unsigned char *m,
+                                                             const unsigned char *c,
+                                                             unsigned long long clen,
+                                                             const unsigned char *n,
+                                                             const unsigned char *k)
+            __attribute__ ((warn_unused_result)) __attribute__ ((nonnull(2, 4, 5)));
+
+SODIUM_EXPORT
+int crypto_box_curve25519xchacha20poly1305_detached_afternm(unsigned char *c,
+                                                            unsigned char *mac,
+                                                            const unsigned char *m,
+                                                            unsigned long long mlen,
+                                                            const unsigned char *n,
+                                                            const unsigned char *k)
+            __attribute__ ((nonnull(1, 2, 5, 6)));
+
+SODIUM_EXPORT
+int crypto_box_curve25519xchacha20poly1305_open_detached_afternm(unsigned char *m,
+                                                                 const unsigned char *c,
+                                                                 const unsigned char *mac,
+                                                                 unsigned long long clen,
+                                                                 const unsigned char *n,
+                                                                 const unsigned char *k)
+            __attribute__ ((warn_unused_result)) __attribute__ ((nonnull(2, 3, 5, 6)));
+
+/* -- Ephemeral SK interface -- */
+
+#define crypto_box_curve25519xchacha20poly1305_SEALBYTES \
+    (crypto_box_curve25519xchacha20poly1305_PUBLICKEYBYTES + \
+     crypto_box_curve25519xchacha20poly1305_MACBYTES)
+
+SODIUM_EXPORT
+size_t crypto_box_curve25519xchacha20poly1305_sealbytes(void);
+
+SODIUM_EXPORT
+int crypto_box_curve25519xchacha20poly1305_seal(unsigned char *c,
+                                                const unsigned char *m,
+                                                unsigned long long mlen,
+                                                const unsigned char *pk)
+            __attribute__ ((nonnull(1, 4)));
+
+SODIUM_EXPORT
+int crypto_box_curve25519xchacha20poly1305_seal_open(unsigned char *m,
+                                                     const unsigned char *c,
+                                                     unsigned long long clen,
+                                                     const unsigned char *pk,
+                                                     const unsigned char *sk)
+            __attribute__ ((warn_unused_result)) __attribute__ ((nonnull(2, 4, 5)));
+
+#ifdef __cplusplus
+}
+#endif
+
+#endif
diff --git a/client/3rd/ShadowSocks/ShadowSocks/libsodium/ios64/include/sodium/crypto_box_curve25519xsalsa20poly1305.h b/client/3rd/ShadowSocks/ShadowSocks/libsodium/ios64/include/sodium/crypto_box_curve25519xsalsa20poly1305.h
new file mode 100644
index 00000000..2c9b5d6e
--- /dev/null
+++ b/client/3rd/ShadowSocks/ShadowSocks/libsodium/ios64/include/sodium/crypto_box_curve25519xsalsa20poly1305.h
@@ -0,0 +1,113 @@
+#ifndef crypto_box_curve25519xsalsa20poly1305_H
+#define crypto_box_curve25519xsalsa20poly1305_H
+
+#include <stddef.h>
+#include "crypto_stream_xsalsa20.h"
+#include "export.h"
+
+#ifdef __cplusplus
+# ifdef __GNUC__
+#  pragma GCC diagnostic ignored "-Wlong-long"
+# endif
+extern "C" {
+#endif
+
+#define crypto_box_curve25519xsalsa20poly1305_SEEDBYTES 32U
+SODIUM_EXPORT
+size_t crypto_box_curve25519xsalsa20poly1305_seedbytes(void);
+
+#define crypto_box_curve25519xsalsa20poly1305_PUBLICKEYBYTES 32U
+SODIUM_EXPORT
+size_t crypto_box_curve25519xsalsa20poly1305_publickeybytes(void);
+
+#define crypto_box_curve25519xsalsa20poly1305_SECRETKEYBYTES 32U
+SODIUM_EXPORT
+size_t crypto_box_curve25519xsalsa20poly1305_secretkeybytes(void);
+
+#define crypto_box_curve25519xsalsa20poly1305_BEFORENMBYTES 32U
+SODIUM_EXPORT
+size_t crypto_box_curve25519xsalsa20poly1305_beforenmbytes(void);
+
+#define crypto_box_curve25519xsalsa20poly1305_NONCEBYTES 24U
+SODIUM_EXPORT
+size_t crypto_box_curve25519xsalsa20poly1305_noncebytes(void);
+
+#define crypto_box_curve25519xsalsa20poly1305_MACBYTES 16U
+SODIUM_EXPORT
+size_t crypto_box_curve25519xsalsa20poly1305_macbytes(void);
+
+/* Only for the libsodium API - The NaCl compatibility API would require BOXZEROBYTES extra bytes */
+#define crypto_box_curve25519xsalsa20poly1305_MESSAGEBYTES_MAX \
+    (crypto_stream_xsalsa20_MESSAGEBYTES_MAX - crypto_box_curve25519xsalsa20poly1305_MACBYTES)
+SODIUM_EXPORT
+size_t crypto_box_curve25519xsalsa20poly1305_messagebytes_max(void);
+
+SODIUM_EXPORT
+int crypto_box_curve25519xsalsa20poly1305_seed_keypair(unsigned char *pk,
+                                                       unsigned char *sk,
+                                                       const unsigned char *seed)
+            __attribute__ ((nonnull));
+
+SODIUM_EXPORT
+int crypto_box_curve25519xsalsa20poly1305_keypair(unsigned char *pk,
+                                                  unsigned char *sk)
+            __attribute__ ((nonnull));
+
+SODIUM_EXPORT
+int crypto_box_curve25519xsalsa20poly1305_beforenm(unsigned char *k,
+                                                   const unsigned char *pk,
+                                                   const unsigned char *sk)
+            __attribute__ ((warn_unused_result)) __attribute__ ((nonnull));
+
+/* -- NaCl compatibility interface ; Requires padding -- */
+
+#define crypto_box_curve25519xsalsa20poly1305_BOXZEROBYTES 16U
+SODIUM_EXPORT
+size_t crypto_box_curve25519xsalsa20poly1305_boxzerobytes(void);
+
+#define crypto_box_curve25519xsalsa20poly1305_ZEROBYTES \
+    (crypto_box_curve25519xsalsa20poly1305_BOXZEROBYTES + \
+     crypto_box_curve25519xsalsa20poly1305_MACBYTES)
+SODIUM_EXPORT
+size_t crypto_box_curve25519xsalsa20poly1305_zerobytes(void)
+            __attribute__ ((deprecated));
+
+SODIUM_EXPORT
+int crypto_box_curve25519xsalsa20poly1305(unsigned char *c,
+                                          const unsigned char *m,
+                                          unsigned long long mlen,
+                                          const unsigned char *n,
+                                          const unsigned char *pk,
+                                          const unsigned char *sk)
+            __attribute__ ((deprecated)) __attribute__ ((warn_unused_result)) __attribute__ ((nonnull(1, 4, 5, 6)));
+
+SODIUM_EXPORT
+int crypto_box_curve25519xsalsa20poly1305_open(unsigned char *m,
+                                               const unsigned char *c,
+                                               unsigned long long clen,
+                                               const unsigned char *n,
+                                               const unsigned char *pk,
+                                               const unsigned char *sk)
+            __attribute__ ((deprecated)) __attribute__ ((warn_unused_result)) __attribute__ ((nonnull(2, 4, 5, 6)));
+
+SODIUM_EXPORT
+int crypto_box_curve25519xsalsa20poly1305_afternm(unsigned char *c,
+                                                  const unsigned char *m,
+                                                  unsigned long long mlen,
+                                                  const unsigned char *n,
+                                                  const unsigned char *k)
+            __attribute__ ((deprecated)) __attribute__ ((nonnull(1, 4, 5)));
+
+SODIUM_EXPORT
+int crypto_box_curve25519xsalsa20poly1305_open_afternm(unsigned char *m,
+                                                       const unsigned char *c,
+                                                       unsigned long long clen,
+                                                       const unsigned char *n,
+                                                       const unsigned char *k)
+            __attribute__ ((deprecated)) __attribute__ ((warn_unused_result)) __attribute__ ((nonnull(2, 4, 5)));
+
+#ifdef __cplusplus
+}
+#endif
+
+#endif
diff --git a/client/3rd/ShadowSocks/ShadowSocks/libsodium/ios64/include/sodium/crypto_core_ed25519.h b/client/3rd/ShadowSocks/ShadowSocks/libsodium/ios64/include/sodium/crypto_core_ed25519.h
new file mode 100644
index 00000000..618a44f9
--- /dev/null
+++ b/client/3rd/ShadowSocks/ShadowSocks/libsodium/ios64/include/sodium/crypto_core_ed25519.h
@@ -0,0 +1,115 @@
+#ifndef crypto_core_ed25519_H
+#define crypto_core_ed25519_H
+
+#include <stddef.h>
+#include "export.h"
+
+#ifdef __cplusplus
+extern "C" {
+#endif
+
+#define crypto_core_ed25519_BYTES 32
+SODIUM_EXPORT
+size_t crypto_core_ed25519_bytes(void);
+
+#define crypto_core_ed25519_UNIFORMBYTES 32
+SODIUM_EXPORT
+size_t crypto_core_ed25519_uniformbytes(void);
+
+#define crypto_core_ed25519_HASHBYTES 64
+SODIUM_EXPORT
+size_t crypto_core_ed25519_hashbytes(void);
+
+#define crypto_core_ed25519_SCALARBYTES 32
+SODIUM_EXPORT
+size_t crypto_core_ed25519_scalarbytes(void);
+
+#define crypto_core_ed25519_NONREDUCEDSCALARBYTES 64
+SODIUM_EXPORT
+size_t crypto_core_ed25519_nonreducedscalarbytes(void);
+
+#define crypto_core_ed25519_H2CSHA256 1
+#define crypto_core_ed25519_H2CSHA512 2
+
+SODIUM_EXPORT
+int crypto_core_ed25519_is_valid_point(const unsigned char *p)
+            __attribute__ ((nonnull));
+
+SODIUM_EXPORT
+int crypto_core_ed25519_add(unsigned char *r,
+                            const unsigned char *p, const unsigned char *q)
+            __attribute__ ((nonnull));
+
+SODIUM_EXPORT
+int crypto_core_ed25519_sub(unsigned char *r,
+                            const unsigned char *p, const unsigned char *q)
+            __attribute__ ((nonnull));
+
+SODIUM_EXPORT
+int crypto_core_ed25519_from_uniform(unsigned char *p, const unsigned char *r)
+            __attribute__ ((nonnull));
+
+SODIUM_EXPORT
+int crypto_core_ed25519_from_string(unsigned char p[crypto_core_ed25519_BYTES],
+                                    const char *ctx, const unsigned char *msg,
+                                    size_t msg_len, int hash_alg)
+            __attribute__ ((nonnull(1)));
+
+SODIUM_EXPORT
+int crypto_core_ed25519_from_string_ro(unsigned char p[crypto_core_ed25519_BYTES],
+                                       const char *ctx, const unsigned char *msg,
+                                       size_t msg_len, int hash_alg)
+            __attribute__ ((nonnull(1)));
+
+SODIUM_EXPORT
+void crypto_core_ed25519_random(unsigned char *p)
+            __attribute__ ((nonnull));
+
+SODIUM_EXPORT
+void crypto_core_ed25519_scalar_random(unsigned char *r)
+            __attribute__ ((nonnull));
+
+SODIUM_EXPORT
+int crypto_core_ed25519_scalar_invert(unsigned char *recip, const unsigned char *s)
+            __attribute__ ((nonnull));
+
+SODIUM_EXPORT
+void crypto_core_ed25519_scalar_negate(unsigned char *neg, const unsigned char *s)
+            __attribute__ ((nonnull));
+
+SODIUM_EXPORT
+void crypto_core_ed25519_scalar_complement(unsigned char *comp, const unsigned char *s)
+            __attribute__ ((nonnull));
+
+SODIUM_EXPORT
+void crypto_core_ed25519_scalar_add(unsigned char *z, const unsigned char *x,
+                                    const unsigned char *y)
+            __attribute__ ((nonnull));
+
+SODIUM_EXPORT
+void crypto_core_ed25519_scalar_sub(unsigned char *z, const unsigned char *x,
+                                    const unsigned char *y)
+            __attribute__ ((nonnull));
+
+SODIUM_EXPORT
+void crypto_core_ed25519_scalar_mul(unsigned char *z, const unsigned char *x,
+                                    const unsigned char *y)
+            __attribute__ ((nonnull));
+
+/*
+ * The interval `s` is sampled from should be at least 317 bits to ensure almost
+ * uniformity of `r` over `L`.
+ */
+SODIUM_EXPORT
+void crypto_core_ed25519_scalar_reduce(unsigned char *r, const unsigned char *s)
+            __attribute__ ((nonnull));
+
+SODIUM_EXPORT
+int crypto_core_ed25519_scalar_is_canonical(const unsigned char *s)
+            __attribute__ ((nonnull));
+
+#ifdef __cplusplus
+}
+#endif
+
+#endif
diff --git a/client/3rd/ShadowSocks/ShadowSocks/libsodium/ios64/include/sodium/crypto_core_hchacha20.h b/client/3rd/ShadowSocks/ShadowSocks/libsodium/ios64/include/sodium/crypto_core_hchacha20.h
new file mode 100644
index 00000000..ece141b0
--- /dev/null
+++ b/client/3rd/ShadowSocks/ShadowSocks/libsodium/ios64/include/sodium/crypto_core_hchacha20.h
@@ -0,0 +1,36 @@
+#ifndef crypto_core_hchacha20_H
+#define crypto_core_hchacha20_H
+
+#include <stddef.h>
+#include "export.h"
+
+#ifdef __cplusplus
+extern "C" {
+#endif
+
+#define crypto_core_hchacha20_OUTPUTBYTES 32U
+SODIUM_EXPORT
+size_t crypto_core_hchacha20_outputbytes(void);
+
+#define crypto_core_hchacha20_INPUTBYTES 16U
+SODIUM_EXPORT
+size_t crypto_core_hchacha20_inputbytes(void);
+
+#define crypto_core_hchacha20_KEYBYTES 32U
+SODIUM_EXPORT
+size_t crypto_core_hchacha20_keybytes(void);
+
+#define crypto_core_hchacha20_CONSTBYTES 16U
+SODIUM_EXPORT
+size_t crypto_core_hchacha20_constbytes(void);
+
+SODIUM_EXPORT
+int crypto_core_hchacha20(unsigned char *out, const unsigned char *in,
+                          const unsigned char *k, const unsigned char *c)
+            __attribute__ ((nonnull(1, 2, 3)));
+
+#ifdef __cplusplus
+}
+#endif
+
+#endif
diff --git a/client/3rd/ShadowSocks/ShadowSocks/libsodium/ios64/include/sodium/crypto_core_hsalsa20.h b/client/3rd/ShadowSocks/ShadowSocks/libsodium/ios64/include/sodium/crypto_core_hsalsa20.h
new file mode 100644
index 00000000..4bf7a487
--- /dev/null
+++ b/client/3rd/ShadowSocks/ShadowSocks/libsodium/ios64/include/sodium/crypto_core_hsalsa20.h
@@ -0,0 +1,36 @@
+#ifndef crypto_core_hsalsa20_H
+#define crypto_core_hsalsa20_H
+
+#include <stddef.h>
+#include "export.h"
+
+#ifdef __cplusplus
+extern "C" {
+#endif
+
+#define crypto_core_hsalsa20_OUTPUTBYTES 32U
+SODIUM_EXPORT
+size_t crypto_core_hsalsa20_outputbytes(void);
+
+#define crypto_core_hsalsa20_INPUTBYTES 16U
+SODIUM_EXPORT
+size_t crypto_core_hsalsa20_inputbytes(void);
+
+#define crypto_core_hsalsa20_KEYBYTES 32U
+SODIUM_EXPORT
+size_t crypto_core_hsalsa20_keybytes(void);
+
+#define crypto_core_hsalsa20_CONSTBYTES 16U
+SODIUM_EXPORT
+size_t crypto_core_hsalsa20_constbytes(void);
+
+SODIUM_EXPORT
+int crypto_core_hsalsa20(unsigned char *out, const unsigned char *in,
+                         const unsigned char *k, const unsigned char *c)
+            __attribute__ ((nonnull(1, 2, 3)));
+
+#ifdef __cplusplus
+}
+#endif
+
+#endif
diff --git a/client/3rd/ShadowSocks/ShadowSocks/libsodium/ios64/include/sodium/crypto_core_ristretto255.h b/client/3rd/ShadowSocks/ShadowSocks/libsodium/ios64/include/sodium/crypto_core_ristretto255.h
new file mode 100644
index 00000000..5fc3a1be
--- /dev/null
+++ b/client/3rd/ShadowSocks/ShadowSocks/libsodium/ios64/include/sodium/crypto_core_ristretto255.h
@@ -0,0 +1,121 @@
+#ifndef crypto_core_ristretto255_H
+#define crypto_core_ristretto255_H
+
+#include <stddef.h>
+#include "export.h"
+
+#ifdef __cplusplus
+extern "C" {
+#endif
+
+#define crypto_core_ristretto255_BYTES 32
+SODIUM_EXPORT
+size_t crypto_core_ristretto255_bytes(void);
+
+#define crypto_core_ristretto255_HASHBYTES 64
+SODIUM_EXPORT
+size_t crypto_core_ristretto255_hashbytes(void);
+
+#define crypto_core_ristretto255_SCALARBYTES 32
+SODIUM_EXPORT
+size_t crypto_core_ristretto255_scalarbytes(void);
+
+#define crypto_core_ristretto255_NONREDUCEDSCALARBYTES 64
+SODIUM_EXPORT
+size_t crypto_core_ristretto255_nonreducedscalarbytes(void);
+
+#define crypto_core_ristretto255_H2CSHA256 1
+#define crypto_core_ristretto255_H2CSHA512 2
+
+SODIUM_EXPORT
+int crypto_core_ristretto255_is_valid_point(const unsigned char *p)
+            __attribute__ ((nonnull));
+
+SODIUM_EXPORT
+int crypto_core_ristretto255_add(unsigned char *r,
+                                 const unsigned char *p, const unsigned char *q)
+            __attribute__ ((nonnull));
+
+SODIUM_EXPORT
+int crypto_core_ristretto255_sub(unsigned char *r,
+                                 const unsigned char *p, const unsigned char *q)
+            __attribute__ ((nonnull));
+
+SODIUM_EXPORT
+int crypto_core_ristretto255_from_hash(unsigned char *p,
+                                       const unsigned char *r)
+            __attribute__ ((nonnull));
+
+SODIUM_EXPORT
+int crypto_core_ristretto255_from_string(unsigned char p[crypto_core_ristretto255_BYTES],
+                                         const char *ctx,
+                                         const unsigned char *msg,
+                                         size_t msg_len, int hash_alg)
+            __attribute__ ((nonnull(1)));
+
+SODIUM_EXPORT
+int crypto_core_ristretto255_from_string_ro(unsigned char p[crypto_core_ristretto255_BYTES],
+                                            const char *ctx,
+                                            const unsigned char *msg,
+                                            size_t msg_len, int hash_alg)
+            __attribute__ ((nonnull(1)));
+
+SODIUM_EXPORT
+void crypto_core_ristretto255_random(unsigned char *p)
+            __attribute__ ((nonnull));
+
+SODIUM_EXPORT
+void crypto_core_ristretto255_scalar_random(unsigned char *r)
+            __attribute__ ((nonnull));
+
+SODIUM_EXPORT
+int crypto_core_ristretto255_scalar_invert(unsigned char *recip,
+                                           const unsigned char *s)
+            __attribute__ ((nonnull));
+
+SODIUM_EXPORT
+void crypto_core_ristretto255_scalar_negate(unsigned char *neg,
+                                            const unsigned char *s)
+            __attribute__ ((nonnull));
+
+SODIUM_EXPORT
+void crypto_core_ristretto255_scalar_complement(unsigned char *comp,
+                                                const unsigned char *s)
+            __attribute__ ((nonnull));
+
+SODIUM_EXPORT
+void crypto_core_ristretto255_scalar_add(unsigned char *z,
+                                         const unsigned char *x,
+                                         const unsigned char *y)
+            __attribute__ ((nonnull));
+
+SODIUM_EXPORT
+void crypto_core_ristretto255_scalar_sub(unsigned char *z,
+                                         const unsigned char *x,
+                                         const unsigned char *y)
+            __attribute__ ((nonnull));
+
+SODIUM_EXPORT
+void crypto_core_ristretto255_scalar_mul(unsigned char *z,
+                                         const unsigned char *x,
+                                         const unsigned char *y)
+            __attribute__ ((nonnull));
+
+/*
+ * The interval `s` is sampled from should be at least 317 bits to ensure almost
+ * uniformity of `r` over `L`.
+ */
+SODIUM_EXPORT
+void crypto_core_ristretto255_scalar_reduce(unsigned char *r,
+                                            const unsigned char *s)
+            __attribute__ ((nonnull));
+
+SODIUM_EXPORT
+int crypto_core_ristretto255_scalar_is_canonical(const unsigned char *s)
+            __attribute__ ((nonnull));
+
+#ifdef __cplusplus
+}
+#endif
+
+#endif
diff --git a/client/3rd/ShadowSocks/ShadowSocks/libsodium/ios64/include/sodium/crypto_core_salsa20.h b/client/3rd/ShadowSocks/ShadowSocks/libsodium/ios64/include/sodium/crypto_core_salsa20.h
new file mode 100644
index 00000000..bd79fd9f
--- /dev/null
+++ b/client/3rd/ShadowSocks/ShadowSocks/libsodium/ios64/include/sodium/crypto_core_salsa20.h
@@ -0,0 +1,36 @@
+#ifndef crypto_core_salsa20_H
+#define crypto_core_salsa20_H
+
+#include <stddef.h>
+#include "export.h"
+
+#ifdef __cplusplus
+extern "C" {
+#endif
+
+#define crypto_core_salsa20_OUTPUTBYTES 64U
+SODIUM_EXPORT
+size_t crypto_core_salsa20_outputbytes(void);
+
+#define crypto_core_salsa20_INPUTBYTES 16U
+SODIUM_EXPORT
+size_t crypto_core_salsa20_inputbytes(void);
+
+#define crypto_core_salsa20_KEYBYTES 32U
+SODIUM_EXPORT
+size_t crypto_core_salsa20_keybytes(void);
+
+#define crypto_core_salsa20_CONSTBYTES 16U
+SODIUM_EXPORT
+size_t crypto_core_salsa20_constbytes(void);
+
+SODIUM_EXPORT
+int crypto_core_salsa20(unsigned char *out, const unsigned char *in,
+                        const unsigned char *k, const unsigned char *c)
+            __attribute__ ((nonnull(1, 2, 3)));
+
+#ifdef __cplusplus
+}
+#endif
+
+#endif
diff --git a/client/3rd/ShadowSocks/ShadowSocks/libsodium/ios64/include/sodium/crypto_core_salsa2012.h b/client/3rd/ShadowSocks/ShadowSocks/libsodium/ios64/include/sodium/crypto_core_salsa2012.h
new file mode 100644
index 00000000..05957591
--- /dev/null
+++ b/client/3rd/ShadowSocks/ShadowSocks/libsodium/ios64/include/sodium/crypto_core_salsa2012.h
@@ -0,0 +1,36 @@
+#ifndef crypto_core_salsa2012_H
+#define crypto_core_salsa2012_H
+
+#include <stddef.h>
+#include "export.h"
+
+#ifdef __cplusplus
+extern "C" {
+#endif
+
+#define crypto_core_salsa2012_OUTPUTBYTES 64U
+SODIUM_EXPORT
+size_t crypto_core_salsa2012_outputbytes(void);
+
+#define crypto_core_salsa2012_INPUTBYTES 16U
+SODIUM_EXPORT
+size_t crypto_core_salsa2012_inputbytes(void);
+
+#define crypto_core_salsa2012_KEYBYTES 32U
+SODIUM_EXPORT
+size_t crypto_core_salsa2012_keybytes(void);
+
+#define crypto_core_salsa2012_CONSTBYTES 16U
+SODIUM_EXPORT
+size_t crypto_core_salsa2012_constbytes(void);
+
+SODIUM_EXPORT
+int crypto_core_salsa2012(unsigned char *out, const unsigned char *in,
+                          const unsigned char *k, const unsigned char *c)
+            __attribute__ ((nonnull(1, 2, 3)));
+
+#ifdef __cplusplus
+}
+#endif
+
+#endif
diff --git a/client/3rd/ShadowSocks/ShadowSocks/libsodium/ios64/include/sodium/crypto_core_salsa208.h b/client/3rd/ShadowSocks/ShadowSocks/libsodium/ios64/include/sodium/crypto_core_salsa208.h
new file mode 100644
index 00000000..d2f216af
--- /dev/null
+++ b/client/3rd/ShadowSocks/ShadowSocks/libsodium/ios64/include/sodium/crypto_core_salsa208.h
@@ -0,0 +1,40 @@
+#ifndef crypto_core_salsa208_H
+#define crypto_core_salsa208_H
+
+#include <stddef.h>
+#include "export.h"
+
+#ifdef __cplusplus
+extern "C" {
+#endif
+
+#define crypto_core_salsa208_OUTPUTBYTES 64U
+SODIUM_EXPORT
+size_t crypto_core_salsa208_outputbytes(void)
+            __attribute__ ((deprecated));
+
+#define crypto_core_salsa208_INPUTBYTES 16U
+SODIUM_EXPORT
+size_t crypto_core_salsa208_inputbytes(void)
+            __attribute__ ((deprecated));
+
+#define crypto_core_salsa208_KEYBYTES 32U
+SODIUM_EXPORT
+size_t crypto_core_salsa208_keybytes(void)
+            __attribute__ ((deprecated));
+
+#define crypto_core_salsa208_CONSTBYTES 16U
+SODIUM_EXPORT
+size_t crypto_core_salsa208_constbytes(void)
+            __attribute__ ((deprecated));
+
+SODIUM_EXPORT
+int crypto_core_salsa208(unsigned char *out, const unsigned char *in,
+                         const unsigned char *k, const unsigned char *c)
+            __attribute__ ((nonnull(1, 2, 3)));
+
+#ifdef __cplusplus
+}
+#endif
+
+#endif
diff --git a/client/3rd/ShadowSocks/ShadowSocks/libsodium/ios64/include/sodium/crypto_generichash.h b/client/3rd/ShadowSocks/ShadowSocks/libsodium/ios64/include/sodium/crypto_generichash.h
new file mode 100644
index 00000000..d897e5d2
--- /dev/null
+++ b/client/3rd/ShadowSocks/ShadowSocks/libsodium/ios64/include/sodium/crypto_generichash.h
@@ -0,0 +1,84 @@
+#ifndef crypto_generichash_H
+#define crypto_generichash_H
+
+#include <stddef.h>
+
+#include "crypto_generichash_blake2b.h"
+#include "export.h"
+
+#ifdef __cplusplus
+# ifdef __GNUC__
+#  pragma GCC diagnostic ignored "-Wlong-long"
+# endif
+extern "C" {
+#endif
+
+#define crypto_generichash_BYTES_MIN crypto_generichash_blake2b_BYTES_MIN
+SODIUM_EXPORT
+size_t  crypto_generichash_bytes_min(void);
+
+#define crypto_generichash_BYTES_MAX crypto_generichash_blake2b_BYTES_MAX
+SODIUM_EXPORT
+size_t  crypto_generichash_bytes_max(void);
+
+#define crypto_generichash_BYTES crypto_generichash_blake2b_BYTES
+SODIUM_EXPORT
+size_t  crypto_generichash_bytes(void);
+
+#define crypto_generichash_KEYBYTES_MIN crypto_generichash_blake2b_KEYBYTES_MIN
+SODIUM_EXPORT
+size_t  crypto_generichash_keybytes_min(void);
+
+#define crypto_generichash_KEYBYTES_MAX crypto_generichash_blake2b_KEYBYTES_MAX
+SODIUM_EXPORT
+size_t  crypto_generichash_keybytes_max(void);
+
+#define crypto_generichash_KEYBYTES crypto_generichash_blake2b_KEYBYTES
+SODIUM_EXPORT
+size_t  crypto_generichash_keybytes(void);
+
+#define crypto_generichash_PRIMITIVE "blake2b"
+SODIUM_EXPORT
+const char *crypto_generichash_primitive(void);
+
+/*
+ * Important when writing bindings for other programming languages:
+ * the state address should be 64-bytes aligned.
+ */
+typedef crypto_generichash_blake2b_state crypto_generichash_state;
+
+SODIUM_EXPORT
+size_t  crypto_generichash_statebytes(void);
+
+SODIUM_EXPORT
+int crypto_generichash(unsigned char *out, size_t outlen,
+                       const unsigned char *in, unsigned long long inlen,
+                       const unsigned char *key, size_t keylen)
+            __attribute__ ((nonnull(1)));
+
+SODIUM_EXPORT
+int crypto_generichash_init(crypto_generichash_state *state,
+                            const unsigned char *key,
+                            const size_t keylen, const size_t outlen)
+            __attribute__ ((nonnull(1)));
+
+SODIUM_EXPORT
+int crypto_generichash_update(crypto_generichash_state *state,
+                              const unsigned char *in,
+                              unsigned long long inlen)
+            __attribute__ ((nonnull(1)));
+
+SODIUM_EXPORT
+int crypto_generichash_final(crypto_generichash_state *state,
+                             unsigned char *out, const size_t outlen)
+            __attribute__ ((nonnull));
+
+SODIUM_EXPORT
+void crypto_generichash_keygen(unsigned char k[crypto_generichash_KEYBYTES])
+            __attribute__ ((nonnull));
+
+#ifdef __cplusplus
+}
+#endif
+
+#endif
diff --git a/client/3rd/ShadowSocks/ShadowSocks/libsodium/ios64/include/sodium/crypto_generichash_blake2b.h b/client/3rd/ShadowSocks/ShadowSocks/libsodium/ios64/include/sodium/crypto_generichash_blake2b.h
new file mode 100644
index 00000000..ae3b52f7
--- /dev/null
+++ b/client/3rd/ShadowSocks/ShadowSocks/libsodium/ios64/include/sodium/crypto_generichash_blake2b.h
@@ -0,0 +1,122 @@
+#ifndef crypto_generichash_blake2b_H
+#define crypto_generichash_blake2b_H
+
+#include <stddef.h>
+#include <stdint.h>
+#include <stdlib.h>
+
+#include "export.h"
+
+#ifdef __cplusplus
+# ifdef __GNUC__
+#  pragma GCC diagnostic ignored "-Wlong-long"
+# endif
+extern "C" {
+#endif
+
+#ifdef __IBMC__
+# pragma pack(1)
+#elif defined(__SUNPRO_C) || defined(__SUNPRO_CC)
+# pragma pack(1)
+#else
+# pragma pack(push, 1)
+#endif
+
+typedef struct CRYPTO_ALIGN(64) crypto_generichash_blake2b_state {
+    unsigned char opaque[384];
+} crypto_generichash_blake2b_state;
+
+#ifdef __IBMC__
+# pragma pack(pop)
+#elif defined(__SUNPRO_C) || defined(__SUNPRO_CC)
+# pragma pack()
+#else
+# pragma pack(pop)
+#endif
+
+#define crypto_generichash_blake2b_BYTES_MIN     16U
+SODIUM_EXPORT
+size_t crypto_generichash_blake2b_bytes_min(void);
+
+#define crypto_generichash_blake2b_BYTES_MAX     64U
+SODIUM_EXPORT
+size_t crypto_generichash_blake2b_bytes_max(void);
+
+#define crypto_generichash_blake2b_BYTES         32U
+SODIUM_EXPORT
+size_t crypto_generichash_blake2b_bytes(void);
+
+#define crypto_generichash_blake2b_KEYBYTES_MIN  16U
+SODIUM_EXPORT
+size_t crypto_generichash_blake2b_keybytes_min(void);
+
+#define crypto_generichash_blake2b_KEYBYTES_MAX  64U
+SODIUM_EXPORT
+size_t crypto_generichash_blake2b_keybytes_max(void);
+
+#define crypto_generichash_blake2b_KEYBYTES      32U
+SODIUM_EXPORT
+size_t crypto_generichash_blake2b_keybytes(void);
+
+#define crypto_generichash_blake2b_SALTBYTES     16U
+SODIUM_EXPORT
+size_t crypto_generichash_blake2b_saltbytes(void);
+
+#define crypto_generichash_blake2b_PERSONALBYTES 16U
+SODIUM_EXPORT
+size_t crypto_generichash_blake2b_personalbytes(void);
+
+SODIUM_EXPORT
+size_t crypto_generichash_blake2b_statebytes(void);
+
+SODIUM_EXPORT
+int crypto_generichash_blake2b(unsigned char *out, size_t outlen,
+                               const unsigned char *in,
+                               unsigned long long inlen,
+                               const unsigned char *key, size_t keylen)
+            __attribute__ ((nonnull(1)));
+
+SODIUM_EXPORT
+int crypto_generichash_blake2b_salt_personal(unsigned char *out, size_t outlen,
+                                             const unsigned char *in,
+                                             unsigned long long inlen,
+                                             const unsigned char *key,
+                                             size_t keylen,
+                                             const unsigned char *salt,
+                                             const unsigned char *personal)
+            __attribute__ ((nonnull(1)));
+
+SODIUM_EXPORT
+int crypto_generichash_blake2b_init(crypto_generichash_blake2b_state *state,
+                                    const unsigned char *key,
+                                    const size_t keylen, const size_t outlen)
+            __attribute__ ((nonnull(1)));
+
+SODIUM_EXPORT
+int crypto_generichash_blake2b_init_salt_personal(crypto_generichash_blake2b_state *state,
+                                                  const unsigned char *key,
+                                                  const size_t keylen, const size_t outlen,
+                                                  const unsigned char *salt,
+                                                  const unsigned char *personal)
+            __attribute__ ((nonnull(1)));
+
+SODIUM_EXPORT
+int crypto_generichash_blake2b_update(crypto_generichash_blake2b_state *state,
+                                      const unsigned char *in,
+                                      unsigned long long inlen)
+            __attribute__ ((nonnull(1)));
+
+SODIUM_EXPORT
+int crypto_generichash_blake2b_final(crypto_generichash_blake2b_state *state,
+                                     unsigned char *out,
+                                     const size_t outlen) __attribute__ ((nonnull));
+
+SODIUM_EXPORT
+void crypto_generichash_blake2b_keygen(unsigned char k[crypto_generichash_blake2b_KEYBYTES])
+            __attribute__ ((nonnull));
+
+#ifdef __cplusplus
+}
+#endif
+
+#endif
diff --git a/client/3rd/ShadowSocks/ShadowSocks/libsodium/ios64/include/sodium/crypto_hash.h b/client/3rd/ShadowSocks/ShadowSocks/libsodium/ios64/include/sodium/crypto_hash.h
new file mode 100644
index 00000000..767d5480
--- /dev/null
+++ b/client/3rd/ShadowSocks/ShadowSocks/libsodium/ios64/include/sodium/crypto_hash.h
@@ -0,0 +1,40 @@
+#ifndef crypto_hash_H
+#define crypto_hash_H
+
+/*
+ * WARNING: Unless you absolutely need to use SHA512 for interoperability,
+ * purposes, you might want to consider crypto_generichash() instead.
+ * Unlike SHA512, crypto_generichash() is not vulnerable to length
+ * extension attacks.
+ */
+
+#include <stddef.h>
+
+#include "crypto_hash_sha512.h"
+#include "export.h"
+
+#ifdef __cplusplus
+# ifdef __GNUC__
+#  pragma GCC diagnostic ignored "-Wlong-long"
+# endif
+extern "C" {
+#endif
+
+#define crypto_hash_BYTES crypto_hash_sha512_BYTES
+SODIUM_EXPORT
+size_t crypto_hash_bytes(void);
+
+SODIUM_EXPORT
+int crypto_hash(unsigned char *out, const unsigned char *in,
+                unsigned long long inlen) __attribute__ ((nonnull(1)));
+
+#define crypto_hash_PRIMITIVE "sha512"
+SODIUM_EXPORT
+const char *crypto_hash_primitive(void)
+            __attribute__ ((warn_unused_result));
+
+#ifdef __cplusplus
+}
+#endif
+
+#endif
diff --git a/client/3rd/ShadowSocks/ShadowSocks/libsodium/ios64/include/sodium/crypto_hash_sha256.h b/client/3rd/ShadowSocks/ShadowSocks/libsodium/ios64/include/sodium/crypto_hash_sha256.h
new file mode 100644
index 00000000..c47982af
--- /dev/null
+++ b/client/3rd/ShadowSocks/ShadowSocks/libsodium/ios64/include/sodium/crypto_hash_sha256.h
@@ -0,0 +1,60 @@
+#ifndef crypto_hash_sha256_H
+#define crypto_hash_sha256_H
+
+/*
+ * WARNING: Unless you absolutely need to use SHA256 for interoperability,
+ * purposes, you might want to consider crypto_generichash() instead.
+ * Unlike SHA256, crypto_generichash() is not vulnerable to length
+ * extension attacks.
+ */
+
+#include <stddef.h>
+#include <stdint.h>
+#include <stdlib.h>
+
+#include "export.h"
+
+#ifdef __cplusplus
+# ifdef __GNUC__
+#  pragma GCC diagnostic ignored "-Wlong-long"
+# endif
+extern "C" {
+#endif
+
+typedef struct crypto_hash_sha256_state {
+    uint32_t state[8];
+    uint64_t count;
+    uint8_t  buf[64];
+} crypto_hash_sha256_state;
+
+SODIUM_EXPORT
+size_t crypto_hash_sha256_statebytes(void);
+
+#define crypto_hash_sha256_BYTES 32U
+SODIUM_EXPORT
+size_t crypto_hash_sha256_bytes(void);
+
+SODIUM_EXPORT
+int crypto_hash_sha256(unsigned char *out, const unsigned char *in,
+                       unsigned long long inlen) __attribute__ ((nonnull(1)));
+
+SODIUM_EXPORT
+int crypto_hash_sha256_init(crypto_hash_sha256_state *state)
+            __attribute__ ((nonnull));
+
+SODIUM_EXPORT
+int crypto_hash_sha256_update(crypto_hash_sha256_state *state,
+                              const unsigned char *in,
+                              unsigned long long inlen)
+            __attribute__ ((nonnull(1)));
+
+SODIUM_EXPORT
+int crypto_hash_sha256_final(crypto_hash_sha256_state *state,
+                             unsigned char *out)
+            __attribute__ ((nonnull));
+
+#ifdef __cplusplus
+}
+#endif
+
+#endif
diff --git a/client/3rd/ShadowSocks/ShadowSocks/libsodium/ios64/include/sodium/crypto_hash_sha512.h b/client/3rd/ShadowSocks/ShadowSocks/libsodium/ios64/include/sodium/crypto_hash_sha512.h
new file mode 100644
index 00000000..5b690fb2
--- /dev/null
+++ b/client/3rd/ShadowSocks/ShadowSocks/libsodium/ios64/include/sodium/crypto_hash_sha512.h
@@ -0,0 +1,60 @@
+#ifndef crypto_hash_sha512_H
+#define crypto_hash_sha512_H
+
+/*
+ * WARNING: Unless you absolutely need to use SHA512 for interoperability,
+ * purposes, you might want to consider crypto_generichash() instead.
+ * Unlike SHA512, crypto_generichash() is not vulnerable to length
+ * extension attacks.
+ */
+
+#include <stddef.h>
+#include <stdint.h>
+#include <stdlib.h>
+
+#include "export.h"
+
+#ifdef __cplusplus
+# ifdef __GNUC__
+#  pragma GCC diagnostic ignored "-Wlong-long"
+# endif
+extern "C" {
+#endif
+
+typedef struct crypto_hash_sha512_state {
+    uint64_t state[8];
+    uint64_t count[2];
+    uint8_t  buf[128];
+} crypto_hash_sha512_state;
+
+SODIUM_EXPORT
+size_t crypto_hash_sha512_statebytes(void);
+
+#define crypto_hash_sha512_BYTES 64U
+SODIUM_EXPORT
+size_t crypto_hash_sha512_bytes(void);
+
+SODIUM_EXPORT
+int crypto_hash_sha512(unsigned char *out, const unsigned char *in,
+                       unsigned long long inlen) __attribute__ ((nonnull(1)));
+
+SODIUM_EXPORT
+int crypto_hash_sha512_init(crypto_hash_sha512_state *state)
+            __attribute__ ((nonnull));
+
+SODIUM_EXPORT
+int crypto_hash_sha512_update(crypto_hash_sha512_state *state,
+                              const unsigned char *in,
+                              unsigned long long inlen)
+            __attribute__ ((nonnull(1)));
+
+SODIUM_EXPORT
+int crypto_hash_sha512_final(crypto_hash_sha512_state *state,
+                             unsigned char *out)
+            __attribute__ ((nonnull));
+
+#ifdef __cplusplus
+}
+#endif
+
+#endif
diff --git a/client/3rd/ShadowSocks/ShadowSocks/libsodium/ios64/include/sodium/crypto_kdf.h b/client/3rd/ShadowSocks/ShadowSocks/libsodium/ios64/include/sodium/crypto_kdf.h
new file mode 100644
index 00000000..ac2fc618
--- /dev/null
+++ b/client/3rd/ShadowSocks/ShadowSocks/libsodium/ios64/include/sodium/crypto_kdf.h
@@ -0,0 +1,53 @@
+#ifndef crypto_kdf_H
+#define crypto_kdf_H
+
+#include <stddef.h>
+#include <stdint.h>
+
+#include "crypto_kdf_blake2b.h"
+#include "export.h"
+
+#ifdef __cplusplus
+# ifdef __GNUC__
+#  pragma GCC diagnostic ignored "-Wlong-long"
+# endif
+extern "C" {
+#endif
+
+#define crypto_kdf_BYTES_MIN crypto_kdf_blake2b_BYTES_MIN
+SODIUM_EXPORT
+size_t crypto_kdf_bytes_min(void);
+
+#define crypto_kdf_BYTES_MAX crypto_kdf_blake2b_BYTES_MAX
+SODIUM_EXPORT
+size_t crypto_kdf_bytes_max(void);
+
+#define crypto_kdf_CONTEXTBYTES crypto_kdf_blake2b_CONTEXTBYTES
+SODIUM_EXPORT
+size_t crypto_kdf_contextbytes(void);
+
+#define crypto_kdf_KEYBYTES crypto_kdf_blake2b_KEYBYTES
+SODIUM_EXPORT
+size_t crypto_kdf_keybytes(void);
+
+#define crypto_kdf_PRIMITIVE "blake2b"
+SODIUM_EXPORT
+const char *crypto_kdf_primitive(void)
+            __attribute__ ((warn_unused_result));
+
+SODIUM_EXPORT
+int crypto_kdf_derive_from_key(unsigned char *subkey, size_t subkey_len,
+                               uint64_t subkey_id,
+                               const char ctx[crypto_kdf_CONTEXTBYTES],
+                               const unsigned char key[crypto_kdf_KEYBYTES])
+            __attribute__ ((nonnull));
+
+SODIUM_EXPORT
+void crypto_kdf_keygen(unsigned char k[crypto_kdf_KEYBYTES])
+            __attribute__ ((nonnull));
+
+#ifdef __cplusplus
+}
+#endif
+
+#endif
diff --git a/client/3rd/ShadowSocks/ShadowSocks/libsodium/ios64/include/sodium/crypto_kdf_blake2b.h b/client/3rd/ShadowSocks/ShadowSocks/libsodium/ios64/include/sodium/crypto_kdf_blake2b.h
new file mode 100644
index 00000000..489c7c20
--- /dev/null
+++ b/client/3rd/ShadowSocks/ShadowSocks/libsodium/ios64/include/sodium/crypto_kdf_blake2b.h
@@ -0,0 +1,44 @@
+#ifndef crypto_kdf_blake2b_H
+#define crypto_kdf_blake2b_H
+
+#include <stddef.h>
+#include <stdint.h>
+#include <stdlib.h>
+
+#include "export.h"
+
+#ifdef __cplusplus
+# ifdef __GNUC__
+#  pragma GCC diagnostic ignored "-Wlong-long"
+# endif
+extern "C" {
+#endif
+
+#define crypto_kdf_blake2b_BYTES_MIN 16
+SODIUM_EXPORT
+size_t crypto_kdf_blake2b_bytes_min(void);
+
+#define crypto_kdf_blake2b_BYTES_MAX 64
+SODIUM_EXPORT
+size_t crypto_kdf_blake2b_bytes_max(void);
+
+#define crypto_kdf_blake2b_CONTEXTBYTES 8
+SODIUM_EXPORT
+size_t crypto_kdf_blake2b_contextbytes(void);
+
+#define crypto_kdf_blake2b_KEYBYTES 32
+SODIUM_EXPORT
+size_t crypto_kdf_blake2b_keybytes(void);
+
+SODIUM_EXPORT
+int crypto_kdf_blake2b_derive_from_key(unsigned char *subkey, size_t subkey_len,
+                                       uint64_t subkey_id,
+                                       const char ctx[crypto_kdf_blake2b_CONTEXTBYTES],
+                                       const unsigned char key[crypto_kdf_blake2b_KEYBYTES])
+            __attribute__ ((nonnull));
+
+#ifdef __cplusplus
+}
+#endif
+
+#endif
diff --git a/client/3rd/ShadowSocks/ShadowSocks/libsodium/ios64/include/sodium/crypto_kdf_hkdf_sha256.h b/client/3rd/ShadowSocks/ShadowSocks/libsodium/ios64/include/sodium/crypto_kdf_hkdf_sha256.h
new file mode 100644
index 00000000..899a6316
--- /dev/null
+++ b/client/3rd/ShadowSocks/ShadowSocks/libsodium/ios64/include/sodium/crypto_kdf_hkdf_sha256.h
@@ -0,0 +1,48 @@
+#ifndef crypto_kdf_hkdf_sha256_H
+#define crypto_kdf_hkdf_sha256_H
+
+#include <stddef.h>
+#include <stdint.h>
+#include <stdlib.h>
+
+#include "crypto_kdf.h"
+#include "crypto_auth_hmacsha256.h"
+#include "export.h"
+
+#ifdef __cplusplus
+# ifdef __GNUC__
+#  pragma GCC diagnostic ignored "-Wlong-long"
+# endif
+extern "C" {
+#endif
+
+#define crypto_kdf_hkdf_sha256_KEYBYTES crypto_auth_hmacsha256_BYTES
+SODIUM_EXPORT
+size_t crypto_kdf_hkdf_sha256_keybytes(void);
+
+#define crypto_kdf_hkdf_sha256_BYTES_MIN 0U
+SODIUM_EXPORT
+size_t crypto_kdf_hkdf_sha256_bytes_min(void);
+
+#define crypto_kdf_hkdf_sha256_BYTES_MAX (0xff * crypto_auth_hmacsha256_BYTES)
+SODIUM_EXPORT
+size_t crypto_kdf_hkdf_sha256_bytes_max(void);
+
+SODIUM_EXPORT
+int crypto_kdf_hkdf_sha256_extract(unsigned char prk[crypto_kdf_hkdf_sha256_KEYBYTES],
+                                   const unsigned char *salt, size_t salt_len,
+                                   const unsigned char *ikm, size_t ikm_len);
+
+SODIUM_EXPORT
+void crypto_kdf_hkdf_sha256_keygen(unsigned char prk[crypto_kdf_hkdf_sha256_KEYBYTES]);
+
+SODIUM_EXPORT
+int crypto_kdf_hkdf_sha256_expand(unsigned char *out, size_t out_len,
+                                  const char *ctx, size_t ctx_len,
+                                  const unsigned char prk[crypto_kdf_hkdf_sha256_KEYBYTES]);
+
+#ifdef __cplusplus
+}
+#endif
+
+#endif
diff --git a/client/3rd/ShadowSocks/ShadowSocks/libsodium/ios64/include/sodium/crypto_kdf_hkdf_sha512.h b/client/3rd/ShadowSocks/ShadowSocks/libsodium/ios64/include/sodium/crypto_kdf_hkdf_sha512.h
new file mode 100644
index 00000000..3fa6868c
--- /dev/null
+++ b/client/3rd/ShadowSocks/ShadowSocks/libsodium/ios64/include/sodium/crypto_kdf_hkdf_sha512.h
@@ -0,0 +1,51 @@
+#ifndef crypto_kdf_hkdf_sha512_H
+#define crypto_kdf_hkdf_sha512_H
+
+#include <stddef.h>
+#include <stdint.h>
+#include <stdlib.h>
+
+#include "crypto_kdf.h"
+#include "crypto_auth_hmacsha512.h"
+#include "export.h"
+
+#ifdef __cplusplus
+# ifdef __GNUC__
+#  pragma GCC diagnostic ignored "-Wlong-long"
+# endif
+extern "C" {
+#endif
+
+#define crypto_kdf_hkdf_sha512_KEYBYTES crypto_auth_hmacsha512_BYTES
+SODIUM_EXPORT
+size_t crypto_kdf_hkdf_sha512_keybytes(void);
+
+#define crypto_kdf_hkdf_sha512_BYTES_MIN 0U
+SODIUM_EXPORT
+size_t crypto_kdf_hkdf_sha512_bytes_min(void);
+
+#define crypto_kdf_hkdf_sha512_BYTES_MAX (0xff * crypto_auth_hmacsha512_BYTES)
+SODIUM_EXPORT
+size_t crypto_kdf_hkdf_sha512_bytes_max(void);
+
+SODIUM_EXPORT
+int crypto_kdf_hkdf_sha512_extract(unsigned char prk[crypto_kdf_hkdf_sha512_KEYBYTES],
+                                   const unsigned char *salt, size_t salt_len,
+                                   const unsigned char *ikm, size_t ikm_len)
+            __attribute__ ((nonnull(1)));
+
+SODIUM_EXPORT
+void crypto_kdf_hkdf_sha512_keygen(unsigned char prk[crypto_kdf_hkdf_sha512_KEYBYTES])
+            __attribute__ ((nonnull));
+
+SODIUM_EXPORT
+int crypto_kdf_hkdf_sha512_expand(unsigned char *out, size_t out_len,
+                                  const char *ctx, size_t ctx_len,
+                                  const unsigned char prk[crypto_kdf_hkdf_sha512_KEYBYTES])
+            __attribute__ ((nonnull(1)));
+
+#ifdef __cplusplus
+}
+#endif
+
+#endif
diff --git a/client/3rd/ShadowSocks/ShadowSocks/libsodium/ios64/include/sodium/crypto_kx.h b/client/3rd/ShadowSocks/ShadowSocks/libsodium/ios64/include/sodium/crypto_kx.h
new file mode 100644
index 00000000..347132c3
--- /dev/null
+++ b/client/3rd/ShadowSocks/ShadowSocks/libsodium/ios64/include/sodium/crypto_kx.h
@@ -0,0 +1,66 @@
+#ifndef crypto_kx_H
+#define crypto_kx_H
+
+#include <stddef.h>
+
+#include "export.h"
+
+#ifdef __cplusplus
+# ifdef __GNUC__
+#  pragma GCC diagnostic ignored "-Wlong-long"
+# endif
+extern "C" {
+#endif
+
+#define crypto_kx_PUBLICKEYBYTES 32
+SODIUM_EXPORT
+size_t crypto_kx_publickeybytes(void);
+
+#define crypto_kx_SECRETKEYBYTES 32
+SODIUM_EXPORT
+size_t crypto_kx_secretkeybytes(void);
+
+#define crypto_kx_SEEDBYTES 32
+SODIUM_EXPORT
+size_t crypto_kx_seedbytes(void);
+
+#define crypto_kx_SESSIONKEYBYTES 32
+SODIUM_EXPORT
+size_t crypto_kx_sessionkeybytes(void);
+
+#define crypto_kx_PRIMITIVE "x25519blake2b"
+SODIUM_EXPORT
+const char *crypto_kx_primitive(void);
+
+SODIUM_EXPORT
+int crypto_kx_seed_keypair(unsigned char pk[crypto_kx_PUBLICKEYBYTES],
+                           unsigned char sk[crypto_kx_SECRETKEYBYTES],
+                           const unsigned char seed[crypto_kx_SEEDBYTES])
+            __attribute__ ((nonnull));
+
+SODIUM_EXPORT
+int crypto_kx_keypair(unsigned char pk[crypto_kx_PUBLICKEYBYTES],
+                      unsigned char sk[crypto_kx_SECRETKEYBYTES])
+            __attribute__ ((nonnull));
+
+SODIUM_EXPORT
+int crypto_kx_client_session_keys(unsigned char rx[crypto_kx_SESSIONKEYBYTES],
+                                  unsigned char tx[crypto_kx_SESSIONKEYBYTES],
+                                  const unsigned char client_pk[crypto_kx_PUBLICKEYBYTES],
+                                  const unsigned char client_sk[crypto_kx_SECRETKEYBYTES],
+                                  const unsigned char server_pk[crypto_kx_PUBLICKEYBYTES])
+            __attribute__ ((warn_unused_result))  __attribute__ ((nonnull(3, 4, 5)));
+
+SODIUM_EXPORT
+int crypto_kx_server_session_keys(unsigned char rx[crypto_kx_SESSIONKEYBYTES],
+                                  unsigned char tx[crypto_kx_SESSIONKEYBYTES],
+                                  const unsigned char server_pk[crypto_kx_PUBLICKEYBYTES],
+                                  const unsigned char server_sk[crypto_kx_SECRETKEYBYTES],
+                                  const unsigned char client_pk[crypto_kx_PUBLICKEYBYTES])
+            __attribute__ ((warn_unused_result))  __attribute__ ((nonnull(3, 4, 5)));
+
+#ifdef __cplusplus
+}
+#endif
+
+#endif
diff --git a/client/3rd/ShadowSocks/ShadowSocks/libsodium/ios64/include/sodium/crypto_onetimeauth.h b/client/3rd/ShadowSocks/ShadowSocks/libsodium/ios64/include/sodium/crypto_onetimeauth.h
new file mode 100644
index 00000000..7cd7b070
--- /dev/null
+++ b/client/3rd/ShadowSocks/ShadowSocks/libsodium/ios64/include/sodium/crypto_onetimeauth.h
@@ -0,0 +1,65 @@
+#ifndef crypto_onetimeauth_H
+#define crypto_onetimeauth_H
+
+#include <stddef.h>
+
+#include "crypto_onetimeauth_poly1305.h"
+#include "export.h"
+
+#ifdef __cplusplus
+# ifdef __GNUC__
+#  pragma GCC diagnostic ignored "-Wlong-long"
+# endif
+extern "C" {
+#endif
+
+typedef crypto_onetimeauth_poly1305_state crypto_onetimeauth_state;
+
+SODIUM_EXPORT
+size_t  crypto_onetimeauth_statebytes(void);
+
+#define crypto_onetimeauth_BYTES crypto_onetimeauth_poly1305_BYTES
+SODIUM_EXPORT
+size_t  crypto_onetimeauth_bytes(void);
+
+#define crypto_onetimeauth_KEYBYTES crypto_onetimeauth_poly1305_KEYBYTES
+SODIUM_EXPORT
+size_t  crypto_onetimeauth_keybytes(void);
+
+#define crypto_onetimeauth_PRIMITIVE "poly1305"
+SODIUM_EXPORT
+const char *crypto_onetimeauth_primitive(void);
+
+SODIUM_EXPORT
+int crypto_onetimeauth(unsigned char *out, const unsigned char *in,
+                       unsigned long long inlen, const unsigned char *k)
+            __attribute__ ((nonnull(1, 4)));
+
+SODIUM_EXPORT
+int crypto_onetimeauth_verify(const unsigned char *h, const unsigned char *in,
+                              unsigned long long inlen, const unsigned char *k)
+            __attribute__ ((warn_unused_result)) __attribute__ ((nonnull(1, 4)));
+
+SODIUM_EXPORT
+int crypto_onetimeauth_init(crypto_onetimeauth_state *state,
+                            const unsigned char *key) __attribute__ ((nonnull));
+
+SODIUM_EXPORT
+int crypto_onetimeauth_update(crypto_onetimeauth_state *state,
+                              const unsigned char *in,
+                              unsigned long long inlen)
+            __attribute__ ((nonnull(1)));
+
+SODIUM_EXPORT
+int crypto_onetimeauth_final(crypto_onetimeauth_state *state,
+                             unsigned char *out) __attribute__ ((nonnull));
+
+SODIUM_EXPORT
+void crypto_onetimeauth_keygen(unsigned char k[crypto_onetimeauth_KEYBYTES])
+            __attribute__ ((nonnull));
+
+#ifdef __cplusplus
+}
+#endif
+
+#endif
diff --git a/client/3rd/ShadowSocks/ShadowSocks/libsodium/ios64/include/sodium/crypto_onetimeauth_poly1305.h b/client/3rd/ShadowSocks/ShadowSocks/libsodium/ios64/include/sodium/crypto_onetimeauth_poly1305.h
new file mode 100644
index 00000000..f3e34d86
--- /dev/null
+++ b/client/3rd/ShadowSocks/ShadowSocks/libsodium/ios64/include/sodium/crypto_onetimeauth_poly1305.h
@@ -0,0 +1,72 @@
+#ifndef crypto_onetimeauth_poly1305_H
+#define crypto_onetimeauth_poly1305_H
+
+#ifdef __cplusplus
+# ifdef __GNUC__
+#  pragma GCC diagnostic ignored "-Wlong-long"
+# endif
+extern "C" {
+#endif
+
+#include <stdint.h>
+#include <stdio.h>
+#include <stdlib.h>
+
+#include <sys/types.h>
+
+#include "export.h"
+
+typedef struct CRYPTO_ALIGN(16) crypto_onetimeauth_poly1305_state {
+    unsigned char opaque[256];
+} crypto_onetimeauth_poly1305_state;
+
+SODIUM_EXPORT
+size_t crypto_onetimeauth_poly1305_statebytes(void);
+
+#define crypto_onetimeauth_poly1305_BYTES 16U
+SODIUM_EXPORT
+size_t crypto_onetimeauth_poly1305_bytes(void);
+
+#define crypto_onetimeauth_poly1305_KEYBYTES 32U
+SODIUM_EXPORT
+size_t crypto_onetimeauth_poly1305_keybytes(void);
+
+SODIUM_EXPORT
+int crypto_onetimeauth_poly1305(unsigned char *out,
+                                const unsigned char *in,
+                                unsigned long long inlen,
+                                const unsigned char *k)
+            __attribute__ ((nonnull(1, 4)));
+
+SODIUM_EXPORT
+int crypto_onetimeauth_poly1305_verify(const unsigned char *h,
+                                       const unsigned char *in,
+                                       unsigned long long inlen,
+                                       const unsigned char *k)
+            __attribute__ ((warn_unused_result)) __attribute__ ((nonnull(1, 4)));
+
+SODIUM_EXPORT
+int crypto_onetimeauth_poly1305_init(crypto_onetimeauth_poly1305_state *state,
+                                     const unsigned char *key)
+            __attribute__ ((nonnull));
+
+SODIUM_EXPORT
+int crypto_onetimeauth_poly1305_update(crypto_onetimeauth_poly1305_state *state,
+                                       const unsigned char *in,
+                                       unsigned long long inlen)
+            __attribute__ ((nonnull(1)));
+
+SODIUM_EXPORT
+int crypto_onetimeauth_poly1305_final(crypto_onetimeauth_poly1305_state *state,
+                                      unsigned char *out)
+            __attribute__ ((nonnull));
+
+SODIUM_EXPORT
+void crypto_onetimeauth_poly1305_keygen(unsigned char k[crypto_onetimeauth_poly1305_KEYBYTES])
+            __attribute__ ((nonnull));
+
+#ifdef __cplusplus
+}
+#endif
+
+#endif
diff --git a/client/3rd/ShadowSocks/ShadowSocks/libsodium/ios64/include/sodium/crypto_pwhash.h b/client/3rd/ShadowSocks/ShadowSocks/libsodium/ios64/include/sodium/crypto_pwhash.h
new file mode 100644
index 00000000..307265d3
--- /dev/null
+++ b/client/3rd/ShadowSocks/ShadowSocks/libsodium/ios64/include/sodium/crypto_pwhash.h
@@ -0,0 +1,147 @@
+#ifndef crypto_pwhash_H
+#define crypto_pwhash_H
+
+#include <stddef.h>
+
+#include "crypto_pwhash_argon2i.h"
+#include "crypto_pwhash_argon2id.h"
+#include "export.h"
+
+#ifdef __cplusplus
+# ifdef __GNUC__
+#  pragma GCC diagnostic ignored "-Wlong-long"
+# endif
+extern "C" {
+#endif
+
+#define crypto_pwhash_ALG_ARGON2I13 crypto_pwhash_argon2i_ALG_ARGON2I13
+SODIUM_EXPORT
+int crypto_pwhash_alg_argon2i13(void);
+
+#define crypto_pwhash_ALG_ARGON2ID13 crypto_pwhash_argon2id_ALG_ARGON2ID13
+SODIUM_EXPORT
+int crypto_pwhash_alg_argon2id13(void);
+
+#define crypto_pwhash_ALG_DEFAULT crypto_pwhash_ALG_ARGON2ID13
+SODIUM_EXPORT
+int crypto_pwhash_alg_default(void);
+
+#define crypto_pwhash_BYTES_MIN crypto_pwhash_argon2id_BYTES_MIN
+SODIUM_EXPORT
+size_t crypto_pwhash_bytes_min(void);
+
+#define crypto_pwhash_BYTES_MAX crypto_pwhash_argon2id_BYTES_MAX
+SODIUM_EXPORT
+size_t crypto_pwhash_bytes_max(void);
+
+#define crypto_pwhash_PASSWD_MIN crypto_pwhash_argon2id_PASSWD_MIN
+SODIUM_EXPORT
+size_t crypto_pwhash_passwd_min(void);
+
+#define crypto_pwhash_PASSWD_MAX crypto_pwhash_argon2id_PASSWD_MAX
+SODIUM_EXPORT
+size_t crypto_pwhash_passwd_max(void);
+
+#define crypto_pwhash_SALTBYTES crypto_pwhash_argon2id_SALTBYTES
+SODIUM_EXPORT
+size_t crypto_pwhash_saltbytes(void);
+
+#define crypto_pwhash_STRBYTES crypto_pwhash_argon2id_STRBYTES
+SODIUM_EXPORT
+size_t crypto_pwhash_strbytes(void);
+
+#define crypto_pwhash_STRPREFIX crypto_pwhash_argon2id_STRPREFIX
+SODIUM_EXPORT
+const char *crypto_pwhash_strprefix(void);
+
+#define crypto_pwhash_OPSLIMIT_MIN crypto_pwhash_argon2id_OPSLIMIT_MIN
+SODIUM_EXPORT
+unsigned long long crypto_pwhash_opslimit_min(void);
+
+#define crypto_pwhash_OPSLIMIT_MAX crypto_pwhash_argon2id_OPSLIMIT_MAX
+SODIUM_EXPORT
+unsigned long long crypto_pwhash_opslimit_max(void);
+
+#define crypto_pwhash_MEMLIMIT_MIN crypto_pwhash_argon2id_MEMLIMIT_MIN
+SODIUM_EXPORT
+size_t crypto_pwhash_memlimit_min(void);
+
+#define crypto_pwhash_MEMLIMIT_MAX crypto_pwhash_argon2id_MEMLIMIT_MAX
+SODIUM_EXPORT
+size_t crypto_pwhash_memlimit_max(void);
+
+#define crypto_pwhash_OPSLIMIT_INTERACTIVE crypto_pwhash_argon2id_OPSLIMIT_INTERACTIVE
+SODIUM_EXPORT
+unsigned long long crypto_pwhash_opslimit_interactive(void);
+
+#define crypto_pwhash_MEMLIMIT_INTERACTIVE crypto_pwhash_argon2id_MEMLIMIT_INTERACTIVE
+SODIUM_EXPORT
+size_t crypto_pwhash_memlimit_interactive(void);
+
+#define crypto_pwhash_OPSLIMIT_MODERATE crypto_pwhash_argon2id_OPSLIMIT_MODERATE
+SODIUM_EXPORT
+unsigned long long crypto_pwhash_opslimit_moderate(void);
+
+#define crypto_pwhash_MEMLIMIT_MODERATE crypto_pwhash_argon2id_MEMLIMIT_MODERATE
+SODIUM_EXPORT
+size_t crypto_pwhash_memlimit_moderate(void);
+
+#define crypto_pwhash_OPSLIMIT_SENSITIVE crypto_pwhash_argon2id_OPSLIMIT_SENSITIVE
+SODIUM_EXPORT
+unsigned long long crypto_pwhash_opslimit_sensitive(void);
+
+#define crypto_pwhash_MEMLIMIT_SENSITIVE crypto_pwhash_argon2id_MEMLIMIT_SENSITIVE
+SODIUM_EXPORT
+size_t crypto_pwhash_memlimit_sensitive(void);
+
+/*
+ * With this function, do not forget to store all parameters, including the
+ * algorithm identifier in order to produce deterministic output.
+ * The crypto_pwhash_* definitions, including crypto_pwhash_ALG_DEFAULT,
+ * may change.
+ */
+SODIUM_EXPORT
+int crypto_pwhash(unsigned char * const out, unsigned long long outlen,
+                  const char * const passwd, unsigned long long passwdlen,
+                  const unsigned char * const salt,
+                  unsigned long long opslimit, size_t memlimit, int alg)
+            __attribute__ ((warn_unused_result)) __attribute__ ((nonnull));
+
+/*
+ * The output string already includes all the required parameters, including
+ * the algorithm identifier. The string is all that has to be stored in
+ * order to verify a password.
+ */
+SODIUM_EXPORT
+int crypto_pwhash_str(char out[crypto_pwhash_STRBYTES],
+                      const char * const passwd, unsigned long long passwdlen,
+                      unsigned long long opslimit, size_t memlimit)
+            __attribute__ ((warn_unused_result)) __attribute__ ((nonnull));
+
+SODIUM_EXPORT
+int crypto_pwhash_str_alg(char out[crypto_pwhash_STRBYTES],
+                          const char * const passwd, unsigned long long passwdlen,
+                          unsigned long long opslimit, size_t memlimit, int alg)
+            __attribute__ ((warn_unused_result)) __attribute__ ((nonnull));
+
+SODIUM_EXPORT
+int crypto_pwhash_str_verify(const char *str,
+                             const char * const passwd,
+                             unsigned long long passwdlen)
+            __attribute__ ((warn_unused_result)) __attribute__ ((nonnull));
+
+SODIUM_EXPORT
+int crypto_pwhash_str_needs_rehash(const char *str,
+                                   unsigned long long opslimit, size_t memlimit)
+            __attribute__ ((warn_unused_result)) __attribute__ ((nonnull));
+
+#define crypto_pwhash_PRIMITIVE "argon2i"
+SODIUM_EXPORT
+const char *crypto_pwhash_primitive(void)
+            __attribute__ ((warn_unused_result));
+
+#ifdef __cplusplus
+}
+#endif
+
+#endif
diff --git a/client/3rd/ShadowSocks/ShadowSocks/libsodium/ios64/include/sodium/crypto_pwhash_argon2i.h b/client/3rd/ShadowSocks/ShadowSocks/libsodium/ios64/include/sodium/crypto_pwhash_argon2i.h
new file mode 100644
index 00000000..91156ba0
--- /dev/null
+++ b/client/3rd/ShadowSocks/ShadowSocks/libsodium/ios64/include/sodium/crypto_pwhash_argon2i.h
@@ -0,0 +1,122 @@
+#ifndef crypto_pwhash_argon2i_H
+#define crypto_pwhash_argon2i_H
+
+#include <limits.h>
+#include <stddef.h>
+#include <stdint.h>
+
+#include "export.h"
+
+#ifdef __cplusplus
+# ifdef __GNUC__
+#  pragma GCC diagnostic ignored "-Wlong-long"
+# endif
+extern "C" {
+#endif
+
+#define crypto_pwhash_argon2i_ALG_ARGON2I13 1
+SODIUM_EXPORT
+int crypto_pwhash_argon2i_alg_argon2i13(void);
+
+#define crypto_pwhash_argon2i_BYTES_MIN 16U
+SODIUM_EXPORT
+size_t crypto_pwhash_argon2i_bytes_min(void);
+
+#define crypto_pwhash_argon2i_BYTES_MAX SODIUM_MIN(SODIUM_SIZE_MAX, 4294967295U)
+SODIUM_EXPORT
+size_t crypto_pwhash_argon2i_bytes_max(void);
+
+#define crypto_pwhash_argon2i_PASSWD_MIN 0U
+SODIUM_EXPORT
+size_t crypto_pwhash_argon2i_passwd_min(void);
+
+#define crypto_pwhash_argon2i_PASSWD_MAX 4294967295U
+SODIUM_EXPORT
+size_t crypto_pwhash_argon2i_passwd_max(void);
+
+#define crypto_pwhash_argon2i_SALTBYTES 16U
+SODIUM_EXPORT
+size_t crypto_pwhash_argon2i_saltbytes(void);
+
+#define crypto_pwhash_argon2i_STRBYTES 128U
+SODIUM_EXPORT
+size_t crypto_pwhash_argon2i_strbytes(void);
+
+#define crypto_pwhash_argon2i_STRPREFIX "$argon2i$"
+SODIUM_EXPORT
+const char *crypto_pwhash_argon2i_strprefix(void);
+
+#define crypto_pwhash_argon2i_OPSLIMIT_MIN 3U
+SODIUM_EXPORT
+unsigned long long crypto_pwhash_argon2i_opslimit_min(void);
+
+#define crypto_pwhash_argon2i_OPSLIMIT_MAX 4294967295U
+SODIUM_EXPORT
+unsigned long long crypto_pwhash_argon2i_opslimit_max(void);
+
+#define crypto_pwhash_argon2i_MEMLIMIT_MIN 8192U
+SODIUM_EXPORT
+size_t crypto_pwhash_argon2i_memlimit_min(void);
+
+#define crypto_pwhash_argon2i_MEMLIMIT_MAX \
+    ((SIZE_MAX >= 4398046510080U) ? 4398046510080U : (SIZE_MAX >= 2147483648U) ? 2147483648U : 32768U)
+SODIUM_EXPORT
+size_t crypto_pwhash_argon2i_memlimit_max(void);
+
+#define crypto_pwhash_argon2i_OPSLIMIT_INTERACTIVE 4U
+SODIUM_EXPORT
+unsigned long long crypto_pwhash_argon2i_opslimit_interactive(void);
+
+#define crypto_pwhash_argon2i_MEMLIMIT_INTERACTIVE 33554432U
+SODIUM_EXPORT
+size_t crypto_pwhash_argon2i_memlimit_interactive(void);
+
+#define crypto_pwhash_argon2i_OPSLIMIT_MODERATE 6U
+SODIUM_EXPORT
+unsigned long long crypto_pwhash_argon2i_opslimit_moderate(void);
+
+#define crypto_pwhash_argon2i_MEMLIMIT_MODERATE 134217728U
+SODIUM_EXPORT
+size_t crypto_pwhash_argon2i_memlimit_moderate(void);
+
+#define crypto_pwhash_argon2i_OPSLIMIT_SENSITIVE 8U
+SODIUM_EXPORT
+unsigned long long crypto_pwhash_argon2i_opslimit_sensitive(void);
+
+#define crypto_pwhash_argon2i_MEMLIMIT_SENSITIVE 536870912U
+SODIUM_EXPORT
+size_t crypto_pwhash_argon2i_memlimit_sensitive(void);
+
+SODIUM_EXPORT
+int crypto_pwhash_argon2i(unsigned char * const out,
+                          unsigned long long outlen,
+                          const char * const passwd,
+                          unsigned long long passwdlen,
+                          const unsigned char * const salt,
+                          unsigned long long opslimit, size_t memlimit,
+                          int alg)
+            __attribute__ ((warn_unused_result)) __attribute__ ((nonnull));
+
+SODIUM_EXPORT
+int crypto_pwhash_argon2i_str(char out[crypto_pwhash_argon2i_STRBYTES],
+                              const char * const passwd,
+                              unsigned long long passwdlen,
+                              unsigned long long opslimit, size_t memlimit)
+            __attribute__ ((warn_unused_result)) __attribute__ ((nonnull));
+
+SODIUM_EXPORT
+int crypto_pwhash_argon2i_str_verify(const char * str,
+                                     const char * const passwd,
+                                     unsigned long long passwdlen)
+            __attribute__ ((warn_unused_result)) __attribute__ ((nonnull));
+
+SODIUM_EXPORT
+int crypto_pwhash_argon2i_str_needs_rehash(const char * str,
+                                           unsigned long long opslimit, size_t memlimit)
+            __attribute__ ((warn_unused_result))  __attribute__ ((nonnull));
+
+#ifdef __cplusplus
+}
+#endif
+
+#endif
diff --git a/client/3rd/ShadowSocks/ShadowSocks/libsodium/ios64/include/sodium/crypto_pwhash_argon2id.h b/client/3rd/ShadowSocks/ShadowSocks/libsodium/ios64/include/sodium/crypto_pwhash_argon2id.h
new file mode 100644
index 00000000..e6f72a92
--- /dev/null
+++ b/client/3rd/ShadowSocks/ShadowSocks/libsodium/ios64/include/sodium/crypto_pwhash_argon2id.h
@@ -0,0 +1,122 @@
+#ifndef crypto_pwhash_argon2id_H
+#define crypto_pwhash_argon2id_H
+
+#include <limits.h>
+#include <stddef.h>
+#include <stdint.h>
+
+#include "export.h"
+
+#ifdef __cplusplus
+# ifdef __GNUC__
+#  pragma GCC diagnostic ignored "-Wlong-long"
+# endif
+extern "C" {
+#endif
+
+#define crypto_pwhash_argon2id_ALG_ARGON2ID13 2
+SODIUM_EXPORT
+int crypto_pwhash_argon2id_alg_argon2id13(void);
+
+#define crypto_pwhash_argon2id_BYTES_MIN 16U
+SODIUM_EXPORT
+size_t crypto_pwhash_argon2id_bytes_min(void);
+
+#define crypto_pwhash_argon2id_BYTES_MAX SODIUM_MIN(SODIUM_SIZE_MAX, 4294967295U)
+SODIUM_EXPORT
+size_t crypto_pwhash_argon2id_bytes_max(void);
+
+#define crypto_pwhash_argon2id_PASSWD_MIN 0U
+SODIUM_EXPORT
+size_t crypto_pwhash_argon2id_passwd_min(void);
+
+#define crypto_pwhash_argon2id_PASSWD_MAX 4294967295U
+SODIUM_EXPORT
+size_t crypto_pwhash_argon2id_passwd_max(void);
+
+#define crypto_pwhash_argon2id_SALTBYTES 16U
+SODIUM_EXPORT
+size_t crypto_pwhash_argon2id_saltbytes(void);
+
+#define crypto_pwhash_argon2id_STRBYTES 128U
+SODIUM_EXPORT
+size_t crypto_pwhash_argon2id_strbytes(void);
+
+#define crypto_pwhash_argon2id_STRPREFIX "$argon2id$"
+SODIUM_EXPORT
+const char *crypto_pwhash_argon2id_strprefix(void);
+
+#define crypto_pwhash_argon2id_OPSLIMIT_MIN 1U
+SODIUM_EXPORT
+unsigned long long crypto_pwhash_argon2id_opslimit_min(void);
+
+#define crypto_pwhash_argon2id_OPSLIMIT_MAX 4294967295U
+SODIUM_EXPORT
+unsigned long long crypto_pwhash_argon2id_opslimit_max(void);
+
+#define crypto_pwhash_argon2id_MEMLIMIT_MIN 8192U
+SODIUM_EXPORT
+size_t crypto_pwhash_argon2id_memlimit_min(void);
+
+#define crypto_pwhash_argon2id_MEMLIMIT_MAX \
+    ((SIZE_MAX >= 4398046510080U) ? 4398046510080U : (SIZE_MAX >= 2147483648U) ? 2147483648U : 32768U)
+SODIUM_EXPORT
+size_t crypto_pwhash_argon2id_memlimit_max(void);
+
+#define crypto_pwhash_argon2id_OPSLIMIT_INTERACTIVE 2U
+SODIUM_EXPORT
+unsigned long long crypto_pwhash_argon2id_opslimit_interactive(void);
+
+#define crypto_pwhash_argon2id_MEMLIMIT_INTERACTIVE 67108864U
+SODIUM_EXPORT
+size_t crypto_pwhash_argon2id_memlimit_interactive(void);
+
+#define crypto_pwhash_argon2id_OPSLIMIT_MODERATE 3U
+SODIUM_EXPORT
+unsigned long long crypto_pwhash_argon2id_opslimit_moderate(void);
+
+#define crypto_pwhash_argon2id_MEMLIMIT_MODERATE 268435456U
+SODIUM_EXPORT
+size_t crypto_pwhash_argon2id_memlimit_moderate(void);
+
+#define crypto_pwhash_argon2id_OPSLIMIT_SENSITIVE 4U
+SODIUM_EXPORT
+unsigned long long crypto_pwhash_argon2id_opslimit_sensitive(void);
+
+#define crypto_pwhash_argon2id_MEMLIMIT_SENSITIVE 1073741824U
+SODIUM_EXPORT
+size_t crypto_pwhash_argon2id_memlimit_sensitive(void);
+
+SODIUM_EXPORT
+int crypto_pwhash_argon2id(unsigned char * const out,
+                           unsigned long long outlen,
+                           const char * const passwd,
+                           unsigned long long passwdlen,
+                           const unsigned char * const salt,
+                           unsigned long long opslimit, size_t memlimit,
+                           int alg)
+            __attribute__ ((warn_unused_result)) __attribute__ ((nonnull));
+
+SODIUM_EXPORT
+int crypto_pwhash_argon2id_str(char out[crypto_pwhash_argon2id_STRBYTES],
+                               const char * const passwd,
+                               unsigned long long passwdlen,
+                               unsigned long long opslimit, size_t memlimit)
+            __attribute__ ((warn_unused_result)) __attribute__ ((nonnull));
+
+SODIUM_EXPORT
+int crypto_pwhash_argon2id_str_verify(const char * str,
+                                      const char * const passwd,
+                                      unsigned long long passwdlen)
+            __attribute__ ((warn_unused_result))  __attribute__ ((nonnull));
+
+SODIUM_EXPORT
+int crypto_pwhash_argon2id_str_needs_rehash(const char * str,
+                                            unsigned long long opslimit, size_t memlimit)
+            __attribute__ ((warn_unused_result))  __attribute__ ((nonnull));
+
+#ifdef __cplusplus
+}
+#endif
+
+#endif
diff --git a/client/3rd/ShadowSocks/ShadowSocks/libsodium/ios64/include/sodium/crypto_pwhash_scryptsalsa208sha256.h b/client/3rd/ShadowSocks/ShadowSocks/libsodium/ios64/include/sodium/crypto_pwhash_scryptsalsa208sha256.h
new file mode 100644
index 00000000..1fd3692f
--- /dev/null
+++ b/client/3rd/ShadowSocks/ShadowSocks/libsodium/ios64/include/sodium/crypto_pwhash_scryptsalsa208sha256.h
@@ -0,0 +1,120 @@
+#ifndef crypto_pwhash_scryptsalsa208sha256_H
+#define crypto_pwhash_scryptsalsa208sha256_H
+
+#include <limits.h>
+#include <stddef.h>
+#include <stdint.h>
+
+#include "export.h"
+
+#ifdef __cplusplus
+# ifdef __GNUC__
+#  pragma GCC diagnostic ignored "-Wlong-long"
+# endif
+extern "C" {
+#endif
+
+#define crypto_pwhash_scryptsalsa208sha256_BYTES_MIN 16U
+SODIUM_EXPORT
+size_t crypto_pwhash_scryptsalsa208sha256_bytes_min(void);
+
+#define crypto_pwhash_scryptsalsa208sha256_BYTES_MAX \
+    SODIUM_MIN(SODIUM_SIZE_MAX, 0x1fffffffe0ULL)
+SODIUM_EXPORT
+size_t crypto_pwhash_scryptsalsa208sha256_bytes_max(void);
+
+#define crypto_pwhash_scryptsalsa208sha256_PASSWD_MIN 0U
+SODIUM_EXPORT
+size_t crypto_pwhash_scryptsalsa208sha256_passwd_min(void);
+
+#define crypto_pwhash_scryptsalsa208sha256_PASSWD_MAX SODIUM_SIZE_MAX
+SODIUM_EXPORT
+size_t crypto_pwhash_scryptsalsa208sha256_passwd_max(void);
+
+#define crypto_pwhash_scryptsalsa208sha256_SALTBYTES 32U
+SODIUM_EXPORT
+size_t crypto_pwhash_scryptsalsa208sha256_saltbytes(void);
+
+#define crypto_pwhash_scryptsalsa208sha256_STRBYTES 102U
+SODIUM_EXPORT
+size_t crypto_pwhash_scryptsalsa208sha256_strbytes(void);
+
+#define crypto_pwhash_scryptsalsa208sha256_STRPREFIX "$7$"
+SODIUM_EXPORT
+const char *crypto_pwhash_scryptsalsa208sha256_strprefix(void);
+
+#define crypto_pwhash_scryptsalsa208sha256_OPSLIMIT_MIN 32768U
+SODIUM_EXPORT
+unsigned long long crypto_pwhash_scryptsalsa208sha256_opslimit_min(void);
+
+#define crypto_pwhash_scryptsalsa208sha256_OPSLIMIT_MAX 4294967295U
+SODIUM_EXPORT
+unsigned long long crypto_pwhash_scryptsalsa208sha256_opslimit_max(void);
+
+#define crypto_pwhash_scryptsalsa208sha256_MEMLIMIT_MIN 16777216U
+SODIUM_EXPORT
+size_t crypto_pwhash_scryptsalsa208sha256_memlimit_min(void);
+
+#define crypto_pwhash_scryptsalsa208sha256_MEMLIMIT_MAX \
+    SODIUM_MIN(SIZE_MAX, 68719476736ULL)
+SODIUM_EXPORT
+size_t crypto_pwhash_scryptsalsa208sha256_memlimit_max(void);
+
+#define crypto_pwhash_scryptsalsa208sha256_OPSLIMIT_INTERACTIVE 524288U
+SODIUM_EXPORT
+unsigned long long crypto_pwhash_scryptsalsa208sha256_opslimit_interactive(void);
+
+#define crypto_pwhash_scryptsalsa208sha256_MEMLIMIT_INTERACTIVE 16777216U
+SODIUM_EXPORT
+size_t crypto_pwhash_scryptsalsa208sha256_memlimit_interactive(void);
+
+#define crypto_pwhash_scryptsalsa208sha256_OPSLIMIT_SENSITIVE 33554432U
+SODIUM_EXPORT
+unsigned long long crypto_pwhash_scryptsalsa208sha256_opslimit_sensitive(void);
+
+#define crypto_pwhash_scryptsalsa208sha256_MEMLIMIT_SENSITIVE 1073741824U
+SODIUM_EXPORT
+size_t crypto_pwhash_scryptsalsa208sha256_memlimit_sensitive(void);
+
+SODIUM_EXPORT
+int crypto_pwhash_scryptsalsa208sha256(unsigned char * const out,
+                                       unsigned long long outlen,
+                                       const char * const passwd,
+                                       unsigned long long passwdlen,
+                                       const unsigned char * const salt,
+                                       unsigned long long opslimit,
+                                       size_t memlimit)
+            __attribute__ ((warn_unused_result)) __attribute__ ((nonnull));
+
+SODIUM_EXPORT
+int crypto_pwhash_scryptsalsa208sha256_str(char out[crypto_pwhash_scryptsalsa208sha256_STRBYTES],
+                                           const char * const passwd,
+                                           unsigned long long passwdlen,
+                                           unsigned long long opslimit,
+                                           size_t memlimit)
+            __attribute__ ((warn_unused_result)) __attribute__ ((nonnull));
+
+SODIUM_EXPORT
+int crypto_pwhash_scryptsalsa208sha256_str_verify(const char * str,
+                                                  const char * const passwd,
+                                                  unsigned long long passwdlen)
+            __attribute__ ((warn_unused_result)) __attribute__ ((nonnull));
+
+SODIUM_EXPORT
+int crypto_pwhash_scryptsalsa208sha256_ll(const uint8_t * passwd, size_t passwdlen,
+                                          const uint8_t * salt, size_t saltlen,
+                                          uint64_t N, uint32_t r, uint32_t p,
+                                          uint8_t * buf, size_t buflen)
+            __attribute__ ((warn_unused_result)) __attribute__ ((nonnull));
+
+SODIUM_EXPORT
+int crypto_pwhash_scryptsalsa208sha256_str_needs_rehash(const char * str,
+                                                        unsigned long long opslimit,
+                                                        size_t memlimit)
+            __attribute__ ((warn_unused_result))  __attribute__ ((nonnull));
+
+#ifdef __cplusplus
+}
+#endif
+
+#endif
diff --git a/client/3rd/ShadowSocks/ShadowSocks/libsodium/ios64/include/sodium/crypto_scalarmult.h b/client/3rd/ShadowSocks/ShadowSocks/libsodium/ios64/include/sodium/crypto_scalarmult.h
new file mode 100644
index 00000000..1c685853
--- /dev/null
+++ b/client/3rd/ShadowSocks/ShadowSocks/libsodium/ios64/include/sodium/crypto_scalarmult.h
@@ -0,0 +1,46 @@
+#ifndef crypto_scalarmult_H
+#define crypto_scalarmult_H
+
+#include <stddef.h>
+
+#include "crypto_scalarmult_curve25519.h"
+#include "export.h"
+
+#ifdef __cplusplus
+extern "C" {
+#endif
+
+#define crypto_scalarmult_BYTES crypto_scalarmult_curve25519_BYTES
+SODIUM_EXPORT
+size_t  crypto_scalarmult_bytes(void);
+
+#define crypto_scalarmult_SCALARBYTES crypto_scalarmult_curve25519_SCALARBYTES
+SODIUM_EXPORT
+size_t  crypto_scalarmult_scalarbytes(void);
+
+#define crypto_scalarmult_PRIMITIVE "curve25519"
+SODIUM_EXPORT
+const char *crypto_scalarmult_primitive(void);
+
+SODIUM_EXPORT
+int crypto_scalarmult_base(unsigned char *q, const unsigned char *n)
+            __attribute__ ((nonnull));
+
+/*
+ * NOTE: Do not use the result of this function directly for key exchange.
+ *
+ * Hash the result with the public keys in order to compute a shared
+ * secret key: H(q || client_pk || server_pk)
+ *
+ * Or unless this is not an option, use the crypto_kx() API instead.
+ */
+SODIUM_EXPORT
+int crypto_scalarmult(unsigned char *q, const unsigned char *n,
+                      const unsigned char *p)
+            __attribute__ ((warn_unused_result)) __attribute__ ((nonnull));
+
+#ifdef __cplusplus
+}
+#endif
+
+#endif
diff --git a/client/3rd/ShadowSocks/ShadowSocks/libsodium/ios64/include/sodium/crypto_scalarmult_curve25519.h b/client/3rd/ShadowSocks/ShadowSocks/libsodium/ios64/include/sodium/crypto_scalarmult_curve25519.h
new file mode 100644
index 00000000..60e9d0c5
--- /dev/null
+++ b/client/3rd/ShadowSocks/ShadowSocks/libsodium/ios64/include/sodium/crypto_scalarmult_curve25519.h
@@ -0,0 +1,42 @@
+#ifndef crypto_scalarmult_curve25519_H
+#define crypto_scalarmult_curve25519_H
+
+#include <stddef.h>
+
+#include "export.h"
+
+#ifdef __cplusplus
+extern "C" {
+#endif
+
+#define crypto_scalarmult_curve25519_BYTES 32U
+SODIUM_EXPORT
+size_t crypto_scalarmult_curve25519_bytes(void);
+
+#define crypto_scalarmult_curve25519_SCALARBYTES 32U
+SODIUM_EXPORT
+size_t crypto_scalarmult_curve25519_scalarbytes(void);
+
+/*
+ * NOTE: Do not use the result of this function directly for key exchange.
+ *
+ * Hash the result with the public keys in order to compute a shared
+ * secret key: H(q || client_pk || server_pk)
+ *
+ * Or unless this is not an option, use the crypto_kx() API instead.
+ */
+SODIUM_EXPORT
+int crypto_scalarmult_curve25519(unsigned char *q, const unsigned char *n,
+                                 const unsigned char *p)
+            __attribute__ ((warn_unused_result)) __attribute__ ((nonnull));
+
+SODIUM_EXPORT
+int crypto_scalarmult_curve25519_base(unsigned char *q,
+                                      const unsigned char *n)
+            __attribute__ ((nonnull));
+
+#ifdef __cplusplus
+}
+#endif
+
+#endif
diff --git a/client/3rd/ShadowSocks/ShadowSocks/libsodium/ios64/include/sodium/crypto_scalarmult_ed25519.h b/client/3rd/ShadowSocks/ShadowSocks/libsodium/ios64/include/sodium/crypto_scalarmult_ed25519.h
new file mode 100644
index 00000000..2dfa4d70
--- /dev/null
+++ b/client/3rd/ShadowSocks/ShadowSocks/libsodium/ios64/include/sodium/crypto_scalarmult_ed25519.h
@@ -0,0 +1,51 @@
+
+#ifndef crypto_scalarmult_ed25519_H
+#define crypto_scalarmult_ed25519_H
+
+#include <stddef.h>
+
+#include "export.h"
+
+#ifdef __cplusplus
+extern "C" {
+#endif
+
+#define crypto_scalarmult_ed25519_BYTES 32U
+SODIUM_EXPORT
+size_t crypto_scalarmult_ed25519_bytes(void);
+
+#define crypto_scalarmult_ed25519_SCALARBYTES 32U
+SODIUM_EXPORT
+size_t crypto_scalarmult_ed25519_scalarbytes(void);
+
+/*
+ * NOTE: Do not use the result of this function directly for key exchange.
+ *
+ * Hash the result with the public keys in order to compute a shared
+ * secret key: H(q || client_pk || server_pk)
+ *
+ * Or unless this is not an option, use the crypto_kx() API instead.
+ */
+SODIUM_EXPORT
+int crypto_scalarmult_ed25519(unsigned char *q, const unsigned char *n,
+                              const unsigned char *p)
+            __attribute__ ((warn_unused_result)) __attribute__ ((nonnull));
+
+SODIUM_EXPORT
+int crypto_scalarmult_ed25519_noclamp(unsigned char *q, const unsigned char *n,
+                                      const unsigned char *p)
+            __attribute__ ((warn_unused_result)) __attribute__ ((nonnull));
+
+SODIUM_EXPORT
+int crypto_scalarmult_ed25519_base(unsigned char *q, const unsigned char *n)
+            __attribute__ ((nonnull));
+
+SODIUM_EXPORT
+int crypto_scalarmult_ed25519_base_noclamp(unsigned char *q, const unsigned char *n)
+            __attribute__ ((nonnull));
+
+#ifdef __cplusplus
+}
+#endif
+
+#endif
diff --git a/client/3rd/ShadowSocks/ShadowSocks/libsodium/ios64/include/sodium/crypto_scalarmult_ristretto255.h b/client/3rd/ShadowSocks/ShadowSocks/libsodium/ios64/include/sodium/crypto_scalarmult_ristretto255.h
new file mode 100644
index 00000000..40a45cce
--- /dev/null
+++ b/client/3rd/ShadowSocks/ShadowSocks/libsodium/ios64/include/sodium/crypto_scalarmult_ristretto255.h
@@ -0,0 +1,43 @@
+
+#ifndef crypto_scalarmult_ristretto255_H
+#define crypto_scalarmult_ristretto255_H
+
+#include <stddef.h>
+
+#include "export.h"
+
+#ifdef __cplusplus
+extern "C" {
+#endif
+
+#define crypto_scalarmult_ristretto255_BYTES 32U
+SODIUM_EXPORT
+size_t crypto_scalarmult_ristretto255_bytes(void);
+
+#define crypto_scalarmult_ristretto255_SCALARBYTES 32U
+SODIUM_EXPORT
+size_t crypto_scalarmult_ristretto255_scalarbytes(void);
+
+/*
+ * NOTE: Do not use the result of this function directly for key exchange.
+ *
+ * Hash the result with the public keys in order to compute a shared
+ * secret key: H(q || client_pk || server_pk)
+ *
+ * Or unless this is not an option, use the crypto_kx() API instead.
+ */
+SODIUM_EXPORT
+int crypto_scalarmult_ristretto255(unsigned char *q, const unsigned char *n,
+                                   const unsigned char *p)
+            __attribute__ ((warn_unused_result)) __attribute__ ((nonnull));
+
+SODIUM_EXPORT
+int crypto_scalarmult_ristretto255_base(unsigned char *q,
+                                        const unsigned char *n)
+            __attribute__ ((nonnull));
+
+#ifdef __cplusplus
+}
+#endif
+
+#endif
diff --git a/client/3rd/ShadowSocks/ShadowSocks/libsodium/ios64/include/sodium/crypto_secretbox.h b/client/3rd/ShadowSocks/ShadowSocks/libsodium/ios64/include/sodium/crypto_secretbox.h
new file mode 100644
index 00000000..68024b45
--- /dev/null
+++ b/client/3rd/ShadowSocks/ShadowSocks/libsodium/ios64/include/sodium/crypto_secretbox.h
@@ -0,0 +1,94 @@
+#ifndef crypto_secretbox_H
+#define crypto_secretbox_H
+
+#include <stddef.h>
+
+#include "crypto_secretbox_xsalsa20poly1305.h"
+#include "export.h"
+
+#ifdef __cplusplus
+# ifdef __GNUC__
+#  pragma GCC diagnostic ignored "-Wlong-long"
+# endif
+extern "C" {
+#endif
+
+#define crypto_secretbox_KEYBYTES crypto_secretbox_xsalsa20poly1305_KEYBYTES
+SODIUM_EXPORT
+size_t  crypto_secretbox_keybytes(void);
+
+#define crypto_secretbox_NONCEBYTES crypto_secretbox_xsalsa20poly1305_NONCEBYTES
+SODIUM_EXPORT
+size_t  crypto_secretbox_noncebytes(void);
+
+#define crypto_secretbox_MACBYTES crypto_secretbox_xsalsa20poly1305_MACBYTES
+SODIUM_EXPORT
+size_t  crypto_secretbox_macbytes(void);
+
+#define crypto_secretbox_PRIMITIVE "xsalsa20poly1305"
+SODIUM_EXPORT
+const char *crypto_secretbox_primitive(void);
+
+#define crypto_secretbox_MESSAGEBYTES_MAX crypto_secretbox_xsalsa20poly1305_MESSAGEBYTES_MAX
+SODIUM_EXPORT
+size_t crypto_secretbox_messagebytes_max(void);
+
+SODIUM_EXPORT
+int crypto_secretbox_easy(unsigned char *c, const unsigned char *m,
+                          unsigned long long mlen, const unsigned char *n,
+                          const unsigned char *k) __attribute__ ((nonnull(1, 4, 5)));
+
+SODIUM_EXPORT
+int crypto_secretbox_open_easy(unsigned char *m, const unsigned char *c,
+                               unsigned long long clen, const unsigned char *n,
+                               const unsigned char *k)
+            __attribute__ ((warn_unused_result)) __attribute__ ((nonnull(2, 4, 5)));
+
+SODIUM_EXPORT
+int crypto_secretbox_detached(unsigned char *c, unsigned char *mac,
+                              const unsigned char *m,
+                              unsigned long long mlen,
+                              const unsigned char *n,
+                              const unsigned char *k)
+            __attribute__ ((nonnull(1, 2, 5, 6)));
+
+SODIUM_EXPORT
+int crypto_secretbox_open_detached(unsigned char *m,
+                                   const unsigned char *c,
+                                   const unsigned char *mac,
+                                   unsigned long long clen,
+                                   const unsigned char *n,
+                                   const unsigned char *k)
+            __attribute__ ((warn_unused_result)) __attribute__ ((nonnull(2, 3, 5, 6)));
+
+SODIUM_EXPORT
+void crypto_secretbox_keygen(unsigned char k[crypto_secretbox_KEYBYTES])
+            __attribute__ ((nonnull));
+
+/* -- NaCl compatibility interface ; Requires padding -- */
+
+#define crypto_secretbox_ZEROBYTES crypto_secretbox_xsalsa20poly1305_ZEROBYTES
+SODIUM_EXPORT
+size_t  crypto_secretbox_zerobytes(void) __attribute__ ((deprecated));
+
+#define crypto_secretbox_BOXZEROBYTES crypto_secretbox_xsalsa20poly1305_BOXZEROBYTES
+SODIUM_EXPORT
+size_t  crypto_secretbox_boxzerobytes(void) __attribute__ ((deprecated));
+
+SODIUM_EXPORT
+int crypto_secretbox(unsigned char *c, const unsigned char *m,
+                     unsigned long long mlen, const unsigned char *n,
+                     const unsigned char *k)
+            __attribute__ ((deprecated)) __attribute__ ((nonnull(1, 4, 5)));
+
+SODIUM_EXPORT
+int crypto_secretbox_open(unsigned char *m, const unsigned char *c,
+                          unsigned long long clen, const unsigned char *n,
+                          const unsigned char *k)
+            __attribute__ ((deprecated)) __attribute__ ((warn_unused_result)) __attribute__ ((nonnull(2, 4, 5)));
+
+#ifdef __cplusplus
+}
+#endif
+
+#endif
diff --git a/client/3rd/ShadowSocks/ShadowSocks/libsodium/ios64/include/sodium/crypto_secretbox_xchacha20poly1305.h b/client/3rd/ShadowSocks/ShadowSocks/libsodium/ios64/include/sodium/crypto_secretbox_xchacha20poly1305.h
new file mode 100644
index 00000000..6ec674e3
--- /dev/null
+++ b/client/3rd/ShadowSocks/ShadowSocks/libsodium/ios64/include/sodium/crypto_secretbox_xchacha20poly1305.h
@@ -0,0 +1,70 @@
+#ifndef crypto_secretbox_xchacha20poly1305_H
+#define crypto_secretbox_xchacha20poly1305_H
+
+#include <stddef.h>
+#include "crypto_stream_xchacha20.h"
+#include "export.h"
+
+#ifdef __cplusplus
+# ifdef __GNUC__
+#  pragma GCC diagnostic ignored "-Wlong-long"
+# endif
+extern "C" {
+#endif
+
+#define crypto_secretbox_xchacha20poly1305_KEYBYTES 32U
+SODIUM_EXPORT
+size_t crypto_secretbox_xchacha20poly1305_keybytes(void);
+
+#define crypto_secretbox_xchacha20poly1305_NONCEBYTES 24U
+SODIUM_EXPORT
+size_t crypto_secretbox_xchacha20poly1305_noncebytes(void);
+
+#define crypto_secretbox_xchacha20poly1305_MACBYTES 16U
+SODIUM_EXPORT
+size_t crypto_secretbox_xchacha20poly1305_macbytes(void);
+
+#define crypto_secretbox_xchacha20poly1305_MESSAGEBYTES_MAX \
+    (crypto_stream_xchacha20_MESSAGEBYTES_MAX - crypto_secretbox_xchacha20poly1305_MACBYTES)
+SODIUM_EXPORT
+size_t crypto_secretbox_xchacha20poly1305_messagebytes_max(void);
+
+SODIUM_EXPORT
+int crypto_secretbox_xchacha20poly1305_easy(unsigned char *c,
+                                            const unsigned char *m,
+                                            unsigned long long mlen,
+                                            const unsigned char *n,
+                                            const unsigned char *k)
+            __attribute__ ((nonnull(1, 4, 5)));
+
+SODIUM_EXPORT
+int crypto_secretbox_xchacha20poly1305_open_easy(unsigned char *m,
+                                                 const unsigned char *c,
+                                                 unsigned long long clen,
+                                                 const unsigned char *n,
+                                                 const unsigned char *k)
+            __attribute__ ((warn_unused_result)) __attribute__ ((nonnull(2, 4, 5)));
+
+SODIUM_EXPORT
+int crypto_secretbox_xchacha20poly1305_detached(unsigned char *c,
+                                                unsigned char *mac,
+                                                const unsigned char *m,
+                                                unsigned long long mlen,
+                                                const unsigned char *n,
+                                                const unsigned char *k)
+            __attribute__ ((nonnull(1, 2, 5, 6)));
+
+SODIUM_EXPORT
+int crypto_secretbox_xchacha20poly1305_open_detached(unsigned char *m,
+                                                     const unsigned char *c,
+                                                     const unsigned char *mac,
+                                                     unsigned long long clen,
+                                                     const unsigned char *n,
+                                                     const unsigned char *k)
+            __attribute__ ((warn_unused_result)) __attribute__ ((nonnull(2, 3, 5, 6)));
+
+#ifdef __cplusplus
+}
+#endif
+
+#endif
diff --git a/client/3rd/ShadowSocks/ShadowSocks/libsodium/ios64/include/sodium/crypto_secretbox_xsalsa20poly1305.h b/client/3rd/ShadowSocks/ShadowSocks/libsodium/ios64/include/sodium/crypto_secretbox_xsalsa20poly1305.h
new file mode 100644
index 00000000..81bff3d6
--- /dev/null
+++ b/client/3rd/ShadowSocks/ShadowSocks/libsodium/ios64/include/sodium/crypto_secretbox_xsalsa20poly1305.h
@@ -0,0 +1,71 @@
+#ifndef crypto_secretbox_xsalsa20poly1305_H
+#define crypto_secretbox_xsalsa20poly1305_H
+
+#include <stddef.h>
+#include "crypto_stream_xsalsa20.h"
+#include "export.h"
+
+#ifdef __cplusplus
+# ifdef __GNUC__
+#  pragma GCC diagnostic ignored "-Wlong-long"
+# endif
+extern "C" {
+#endif
+
+#define crypto_secretbox_xsalsa20poly1305_KEYBYTES 32U
+SODIUM_EXPORT
+size_t crypto_secretbox_xsalsa20poly1305_keybytes(void);
+
+#define crypto_secretbox_xsalsa20poly1305_NONCEBYTES 24U
+SODIUM_EXPORT
+size_t crypto_secretbox_xsalsa20poly1305_noncebytes(void);
+
+#define crypto_secretbox_xsalsa20poly1305_MACBYTES 16U
+SODIUM_EXPORT
+size_t crypto_secretbox_xsalsa20poly1305_macbytes(void);
+
+/* Only for the libsodium API - The NaCl compatibility API would require BOXZEROBYTES extra bytes */
+#define crypto_secretbox_xsalsa20poly1305_MESSAGEBYTES_MAX \
+    (crypto_stream_xsalsa20_MESSAGEBYTES_MAX - crypto_secretbox_xsalsa20poly1305_MACBYTES)
+SODIUM_EXPORT
+size_t crypto_secretbox_xsalsa20poly1305_messagebytes_max(void);
+
+SODIUM_EXPORT
+void crypto_secretbox_xsalsa20poly1305_keygen(unsigned char k[crypto_secretbox_xsalsa20poly1305_KEYBYTES])
+            __attribute__ ((nonnull));
+
+/* -- NaCl compatibility interface ; Requires padding -- */
+
+#define crypto_secretbox_xsalsa20poly1305_BOXZEROBYTES 16U
+SODIUM_EXPORT
+size_t crypto_secretbox_xsalsa20poly1305_boxzerobytes(void)
+            __attribute__ ((deprecated));
+
+#define crypto_secretbox_xsalsa20poly1305_ZEROBYTES \
+    (crypto_secretbox_xsalsa20poly1305_BOXZEROBYTES + \
+     crypto_secretbox_xsalsa20poly1305_MACBYTES)
+SODIUM_EXPORT
+size_t crypto_secretbox_xsalsa20poly1305_zerobytes(void)
+            __attribute__ ((deprecated));
+
+SODIUM_EXPORT
+int crypto_secretbox_xsalsa20poly1305(unsigned char *c,
+                                      const unsigned char *m,
+                                      unsigned long long mlen,
+                                      const unsigned char *n,
+                                      const unsigned char *k)
+            __attribute__ ((deprecated)) __attribute__ ((nonnull(1, 4, 5)));
+
+SODIUM_EXPORT
+int crypto_secretbox_xsalsa20poly1305_open(unsigned char *m,
+                                           const unsigned char *c,
+                                           unsigned long long clen,
+                                           const unsigned char *n,
+                                           const unsigned char *k)
+            __attribute__ ((deprecated)) __attribute__ ((warn_unused_result)) __attribute__ ((nonnull(2, 4, 5)));
+
+#ifdef __cplusplus
+}
+#endif
+
+#endif
diff --git a/client/3rd/ShadowSocks/ShadowSocks/libsodium/ios64/include/sodium/crypto_secretstream_xchacha20poly1305.h b/client/3rd/ShadowSocks/ShadowSocks/libsodium/ios64/include/sodium/crypto_secretstream_xchacha20poly1305.h
new file mode 100644
index 00000000..b22e4e93
--- /dev/null
+++ b/client/3rd/ShadowSocks/ShadowSocks/libsodium/ios64/include/sodium/crypto_secretstream_xchacha20poly1305.h
@@ -0,0 +1,108 @@
+#ifndef crypto_secretstream_xchacha20poly1305_H
+#define crypto_secretstream_xchacha20poly1305_H
+
+#include <stddef.h>
+
+#include "crypto_aead_xchacha20poly1305.h"
+#include "crypto_stream_chacha20.h"
+#include "export.h"
+
+#ifdef __cplusplus
+# ifdef __GNUC__
+#  pragma GCC diagnostic ignored "-Wlong-long"
+# endif
+extern "C" {
+#endif
+
+#define crypto_secretstream_xchacha20poly1305_ABYTES \
+    (1U + crypto_aead_xchacha20poly1305_ietf_ABYTES)
+SODIUM_EXPORT
+size_t crypto_secretstream_xchacha20poly1305_abytes(void);
+
+#define crypto_secretstream_xchacha20poly1305_HEADERBYTES \
+    crypto_aead_xchacha20poly1305_ietf_NPUBBYTES
+SODIUM_EXPORT
+size_t crypto_secretstream_xchacha20poly1305_headerbytes(void);
+
+#define crypto_secretstream_xchacha20poly1305_KEYBYTES \
+    crypto_aead_xchacha20poly1305_ietf_KEYBYTES
+SODIUM_EXPORT
+size_t crypto_secretstream_xchacha20poly1305_keybytes(void);
+
+#define crypto_secretstream_xchacha20poly1305_MESSAGEBYTES_MAX \
+    SODIUM_MIN(SODIUM_SIZE_MAX - crypto_secretstream_xchacha20poly1305_ABYTES, \
+              (64ULL * ((1ULL << 32) - 2ULL)))
+SODIUM_EXPORT
+size_t crypto_secretstream_xchacha20poly1305_messagebytes_max(void);
+
+#define crypto_secretstream_xchacha20poly1305_TAG_MESSAGE 0x00
+SODIUM_EXPORT
+unsigned char crypto_secretstream_xchacha20poly1305_tag_message(void);
+
+#define crypto_secretstream_xchacha20poly1305_TAG_PUSH    0x01
+SODIUM_EXPORT
+unsigned char crypto_secretstream_xchacha20poly1305_tag_push(void);
+
+#define crypto_secretstream_xchacha20poly1305_TAG_REKEY   0x02
+SODIUM_EXPORT
+unsigned char crypto_secretstream_xchacha20poly1305_tag_rekey(void);
+
+#define crypto_secretstream_xchacha20poly1305_TAG_FINAL \
+    (crypto_secretstream_xchacha20poly1305_TAG_PUSH | \
+     crypto_secretstream_xchacha20poly1305_TAG_REKEY)
+SODIUM_EXPORT
+unsigned char crypto_secretstream_xchacha20poly1305_tag_final(void);
+
+typedef struct crypto_secretstream_xchacha20poly1305_state {
+    unsigned char k[crypto_stream_chacha20_ietf_KEYBYTES];
+    unsigned char nonce[crypto_stream_chacha20_ietf_NONCEBYTES];
+    unsigned char _pad[8];
+} crypto_secretstream_xchacha20poly1305_state;
+
+SODIUM_EXPORT
+size_t crypto_secretstream_xchacha20poly1305_statebytes(void);
+
+SODIUM_EXPORT
+void crypto_secretstream_xchacha20poly1305_keygen
+   (unsigned char k[crypto_secretstream_xchacha20poly1305_KEYBYTES])
+            __attribute__ ((nonnull));
+
+SODIUM_EXPORT
+int crypto_secretstream_xchacha20poly1305_init_push
+   (crypto_secretstream_xchacha20poly1305_state *state,
+    unsigned char header[crypto_secretstream_xchacha20poly1305_HEADERBYTES],
+    const unsigned char k[crypto_secretstream_xchacha20poly1305_KEYBYTES])
+            __attribute__ ((nonnull));
+
+SODIUM_EXPORT
+int crypto_secretstream_xchacha20poly1305_push
+   (crypto_secretstream_xchacha20poly1305_state *state,
+    unsigned char *c, unsigned long long *clen_p,
+    const unsigned char *m, unsigned long long mlen,
+    const unsigned char *ad, unsigned long long adlen, unsigned char tag)
+            __attribute__ ((nonnull(1)));
+
+SODIUM_EXPORT
+int crypto_secretstream_xchacha20poly1305_init_pull
+   (crypto_secretstream_xchacha20poly1305_state *state,
+    const unsigned char header[crypto_secretstream_xchacha20poly1305_HEADERBYTES],
+    const unsigned char k[crypto_secretstream_xchacha20poly1305_KEYBYTES])
+            __attribute__ ((nonnull));
+
+SODIUM_EXPORT
+int crypto_secretstream_xchacha20poly1305_pull
+   (crypto_secretstream_xchacha20poly1305_state *state,
+    unsigned char *m, unsigned long long *mlen_p, unsigned char *tag_p,
+    const unsigned char *c, unsigned long long clen,
+    const unsigned char *ad, unsigned long long adlen)
+            __attribute__ ((nonnull(1)));
+
+SODIUM_EXPORT
+void crypto_secretstream_xchacha20poly1305_rekey
+    (crypto_secretstream_xchacha20poly1305_state *state);
+
+#ifdef __cplusplus
+}
+#endif
+
+#endif
diff --git a/client/3rd/ShadowSocks/ShadowSocks/libsodium/ios64/include/sodium/crypto_shorthash.h b/client/3rd/ShadowSocks/ShadowSocks/libsodium/ios64/include/sodium/crypto_shorthash.h
new file mode 100644
index 00000000..fecaa88b
--- /dev/null
+++ b/client/3rd/ShadowSocks/ShadowSocks/libsodium/ios64/include/sodium/crypto_shorthash.h
@@ -0,0 +1,41 @@
+#ifndef crypto_shorthash_H
+#define crypto_shorthash_H
+
+#include <stddef.h>
+
+#include "crypto_shorthash_siphash24.h"
+#include "export.h"
+
+#ifdef __cplusplus
+# ifdef __GNUC__
+#  pragma GCC diagnostic ignored "-Wlong-long"
+# endif
+extern "C" {
+#endif
+
+#define crypto_shorthash_BYTES crypto_shorthash_siphash24_BYTES
+SODIUM_EXPORT
+size_t  crypto_shorthash_bytes(void);
+
+#define crypto_shorthash_KEYBYTES crypto_shorthash_siphash24_KEYBYTES
+SODIUM_EXPORT
+size_t  crypto_shorthash_keybytes(void);
+
+#define crypto_shorthash_PRIMITIVE "siphash24"
+SODIUM_EXPORT
+const char *crypto_shorthash_primitive(void);
+
+SODIUM_EXPORT
+int crypto_shorthash(unsigned char *out, const unsigned char *in,
+                     unsigned long long inlen, const unsigned char *k)
+            __attribute__ ((nonnull(1, 4)));
+
+SODIUM_EXPORT
+void crypto_shorthash_keygen(unsigned char k[crypto_shorthash_KEYBYTES])
+            __attribute__ ((nonnull));
+
+#ifdef __cplusplus
+}
+#endif
+
+#endif
diff --git a/client/3rd/ShadowSocks/ShadowSocks/libsodium/ios64/include/sodium/crypto_shorthash_siphash24.h b/client/3rd/ShadowSocks/ShadowSocks/libsodium/ios64/include/sodium/crypto_shorthash_siphash24.h
new file mode 100644
index 00000000..1e6f72a6
--- /dev/null
+++ b/client/3rd/ShadowSocks/ShadowSocks/libsodium/ios64/include/sodium/crypto_shorthash_siphash24.h
@@ -0,0 +1,50 @@
+#ifndef crypto_shorthash_siphash24_H
+#define crypto_shorthash_siphash24_H
+
+#include <stddef.h>
+#include "export.h"
+
+#ifdef __cplusplus
+# ifdef __GNUC__
+#  pragma GCC diagnostic ignored "-Wlong-long"
+# endif
+extern "C" {
+#endif
+
+/* -- 64-bit output -- */
+
+#define crypto_shorthash_siphash24_BYTES 8U
+SODIUM_EXPORT
+size_t crypto_shorthash_siphash24_bytes(void);
+
+#define crypto_shorthash_siphash24_KEYBYTES 16U
+SODIUM_EXPORT
+size_t crypto_shorthash_siphash24_keybytes(void);
+
+SODIUM_EXPORT
+int crypto_shorthash_siphash24(unsigned char *out, const unsigned char *in,
+                               unsigned long long inlen, const unsigned char *k)
+            __attribute__ ((nonnull(1, 4)));
+
+#ifndef SODIUM_LIBRARY_MINIMAL
+/* -- 128-bit output -- */
+
+#define crypto_shorthash_siphashx24_BYTES 16U
+SODIUM_EXPORT
+size_t crypto_shorthash_siphashx24_bytes(void);
+
+#define crypto_shorthash_siphashx24_KEYBYTES 16U
+SODIUM_EXPORT
+size_t crypto_shorthash_siphashx24_keybytes(void);
+
+SODIUM_EXPORT
+int crypto_shorthash_siphashx24(unsigned char *out, const unsigned char *in,
+                                unsigned long long inlen, const unsigned char *k)
+            __attribute__ ((nonnull(1, 4)));
+#endif
+
+#ifdef __cplusplus
+}
+#endif
+
+#endif
diff --git a/client/3rd/ShadowSocks/ShadowSocks/libsodium/ios64/include/sodium/crypto_sign.h b/client/3rd/ShadowSocks/ShadowSocks/libsodium/ios64/include/sodium/crypto_sign.h
new file mode 100644
index 00000000..f5fafb12
--- /dev/null
+++ b/client/3rd/ShadowSocks/ShadowSocks/libsodium/ios64/include/sodium/crypto_sign.h
@@ -0,0 +1,107 @@
+#ifndef crypto_sign_H
+#define crypto_sign_H
+
+/*
+ * THREAD SAFETY: crypto_sign_keypair() is thread-safe,
+ * provided that sodium_init() was called before.
+ *
+ * Other functions, including crypto_sign_seed_keypair() are always thread-safe.
+ */
+
+#include <stddef.h>
+
+#include "crypto_sign_ed25519.h"
+#include "export.h"
+
+#ifdef __cplusplus
+# ifdef __GNUC__
+#  pragma GCC diagnostic ignored "-Wlong-long"
+# endif
+extern "C" {
+#endif
+
+typedef crypto_sign_ed25519ph_state crypto_sign_state;
+
+SODIUM_EXPORT
+size_t  crypto_sign_statebytes(void);
+
+#define crypto_sign_BYTES crypto_sign_ed25519_BYTES
+SODIUM_EXPORT
+size_t  crypto_sign_bytes(void);
+
+#define crypto_sign_SEEDBYTES crypto_sign_ed25519_SEEDBYTES
+SODIUM_EXPORT
+size_t  crypto_sign_seedbytes(void);
+
+#define crypto_sign_PUBLICKEYBYTES crypto_sign_ed25519_PUBLICKEYBYTES
+SODIUM_EXPORT
+size_t  crypto_sign_publickeybytes(void);
+
+#define crypto_sign_SECRETKEYBYTES crypto_sign_ed25519_SECRETKEYBYTES
+SODIUM_EXPORT
+size_t  crypto_sign_secretkeybytes(void);
+
+#define crypto_sign_MESSAGEBYTES_MAX crypto_sign_ed25519_MESSAGEBYTES_MAX
+SODIUM_EXPORT
+size_t  crypto_sign_messagebytes_max(void);
+
+#define crypto_sign_PRIMITIVE "ed25519"
+SODIUM_EXPORT
+const char *crypto_sign_primitive(void);
+
+SODIUM_EXPORT
+int crypto_sign_seed_keypair(unsigned char *pk, unsigned char *sk,
+                             const unsigned char *seed)
+            __attribute__ ((nonnull));
+
+SODIUM_EXPORT
+int crypto_sign_keypair(unsigned char *pk, unsigned char *sk)
+            __attribute__ ((nonnull));
+
+SODIUM_EXPORT
+int crypto_sign(unsigned char *sm, unsigned long long *smlen_p,
+                const unsigned char *m, unsigned long long mlen,
+                const unsigned char *sk) __attribute__ ((nonnull(1, 5)));
+
+SODIUM_EXPORT
+int crypto_sign_open(unsigned char *m, unsigned long long *mlen_p,
+                     const unsigned char *sm, unsigned long long smlen,
+                     const unsigned char *pk)
+            __attribute__ ((warn_unused_result)) __attribute__ ((nonnull(3, 5)));
+
+SODIUM_EXPORT
+int crypto_sign_detached(unsigned char *sig, unsigned long long *siglen_p,
+                         const unsigned char *m, unsigned long long mlen,
+                         const unsigned char *sk) __attribute__ ((nonnull(1, 5)));
+
+SODIUM_EXPORT
+int crypto_sign_verify_detached(const unsigned char *sig,
+                                const unsigned char *m,
+                                unsigned long long mlen,
+                                const unsigned char *pk)
+            __attribute__ ((warn_unused_result)) __attribute__ ((nonnull(1, 4)));
+
+SODIUM_EXPORT
+int crypto_sign_init(crypto_sign_state *state);
+
+SODIUM_EXPORT
+int crypto_sign_update(crypto_sign_state *state,
+                       const unsigned char *m, unsigned long long mlen)
+            __attribute__ ((nonnull(1)));
+
+SODIUM_EXPORT
+int crypto_sign_final_create(crypto_sign_state *state, unsigned char *sig,
+                             unsigned long long *siglen_p,
+                             const unsigned char *sk)
+            __attribute__ ((nonnull(1, 2, 4)));
+
+SODIUM_EXPORT
+int crypto_sign_final_verify(crypto_sign_state *state, const unsigned char *sig,
+                             const unsigned char *pk)
+            __attribute__ ((warn_unused_result)) __attribute__ ((nonnull));
+
+#ifdef __cplusplus
+}
+#endif
+
+#endif
diff --git a/client/3rd/ShadowSocks/ShadowSocks/libsodium/ios64/include/sodium/crypto_sign_ed25519.h b/client/3rd/ShadowSocks/ShadowSocks/libsodium/ios64/include/sodium/crypto_sign_ed25519.h
new file mode 100644
index 00000000..0fdac42d
--- /dev/null
+++ b/client/3rd/ShadowSocks/ShadowSocks/libsodium/ios64/include/sodium/crypto_sign_ed25519.h
@@ -0,0 +1,124 @@
+#ifndef crypto_sign_ed25519_H
+#define crypto_sign_ed25519_H
+
+#include <stddef.h>
+#include "crypto_hash_sha512.h"
+#include "export.h"
+
+#ifdef __cplusplus
+# ifdef __GNUC__
+#  pragma GCC diagnostic ignored "-Wlong-long"
+# endif
+extern "C" {
+#endif
+
+typedef struct crypto_sign_ed25519ph_state {
+    crypto_hash_sha512_state hs;
+} crypto_sign_ed25519ph_state;
+
+SODIUM_EXPORT
+size_t crypto_sign_ed25519ph_statebytes(void);
+
+#define crypto_sign_ed25519_BYTES 64U
+SODIUM_EXPORT
+size_t crypto_sign_ed25519_bytes(void);
+
+#define crypto_sign_ed25519_SEEDBYTES 32U
+SODIUM_EXPORT
+size_t crypto_sign_ed25519_seedbytes(void);
+
+#define crypto_sign_ed25519_PUBLICKEYBYTES 32U
+SODIUM_EXPORT
+size_t crypto_sign_ed25519_publickeybytes(void);
+
+#define crypto_sign_ed25519_SECRETKEYBYTES (32U + 32U)
+SODIUM_EXPORT
+size_t crypto_sign_ed25519_secretkeybytes(void);
+
+#define crypto_sign_ed25519_MESSAGEBYTES_MAX (SODIUM_SIZE_MAX - crypto_sign_ed25519_BYTES)
+SODIUM_EXPORT
+size_t crypto_sign_ed25519_messagebytes_max(void);
+
+SODIUM_EXPORT
+int crypto_sign_ed25519(unsigned char *sm, unsigned long long *smlen_p,
+                        const unsigned char *m, unsigned long long mlen,
+                        const unsigned char *sk)
+            __attribute__ ((nonnull(1, 5)));
+
+SODIUM_EXPORT
+int crypto_sign_ed25519_open(unsigned char *m, unsigned long long *mlen_p,
+                             const unsigned char *sm, unsigned long long smlen,
+                             const unsigned char *pk)
+            __attribute__ ((warn_unused_result)) __attribute__ ((nonnull(3, 5)));
+
+SODIUM_EXPORT
+int crypto_sign_ed25519_detached(unsigned char *sig,
+                                 unsigned long long *siglen_p,
+                                 const unsigned char *m,
+                                 unsigned long long mlen,
+                                 const unsigned char *sk)
+            __attribute__ ((nonnull(1, 5)));
+
+SODIUM_EXPORT
+int crypto_sign_ed25519_verify_detached(const unsigned char *sig,
+                                        const unsigned char *m,
+                                        unsigned long long mlen,
+                                        const unsigned char *pk)
+            __attribute__ ((warn_unused_result)) __attribute__ ((nonnull(1, 4)));
+
+SODIUM_EXPORT
+int crypto_sign_ed25519_keypair(unsigned char *pk, unsigned char *sk)
+            __attribute__ ((nonnull));
+
+SODIUM_EXPORT
+int crypto_sign_ed25519_seed_keypair(unsigned char *pk, unsigned char *sk,
+                                     const unsigned char *seed)
+            __attribute__ ((nonnull));
+
+SODIUM_EXPORT
+int crypto_sign_ed25519_pk_to_curve25519(unsigned char *curve25519_pk,
+                                         const unsigned char *ed25519_pk)
+            __attribute__ ((warn_unused_result)) __attribute__ ((nonnull));
+
+SODIUM_EXPORT
+int crypto_sign_ed25519_sk_to_curve25519(unsigned char *curve25519_sk,
+                                         const unsigned char *ed25519_sk)
+            __attribute__ ((nonnull));
+
+SODIUM_EXPORT
+int crypto_sign_ed25519_sk_to_seed(unsigned char *seed,
+                                   const unsigned char *sk)
+            __attribute__ ((nonnull));
+
+SODIUM_EXPORT
+int crypto_sign_ed25519_sk_to_pk(unsigned char *pk, const unsigned char *sk)
+            __attribute__ ((nonnull));
+
+SODIUM_EXPORT
+int crypto_sign_ed25519ph_init(crypto_sign_ed25519ph_state *state)
+            __attribute__ ((nonnull));
+
+SODIUM_EXPORT
+int crypto_sign_ed25519ph_update(crypto_sign_ed25519ph_state *state,
+                                 const unsigned char *m,
+                                 unsigned long long mlen)
+            __attribute__ ((nonnull(1)));
+
+SODIUM_EXPORT
+int crypto_sign_ed25519ph_final_create(crypto_sign_ed25519ph_state *state,
+                                       unsigned char *sig,
+                                       unsigned long long *siglen_p,
+                                       const unsigned char *sk)
+            __attribute__ ((nonnull(1, 2, 4)));
+
+SODIUM_EXPORT
+int crypto_sign_ed25519ph_final_verify(crypto_sign_ed25519ph_state *state,
+                                       const unsigned char *sig,
+                                       const unsigned char *pk)
+            __attribute__ ((warn_unused_result)) __attribute__ ((nonnull));
+
+#ifdef __cplusplus
+}
+#endif
+
+#endif
diff --git a/client/3rd/ShadowSocks/ShadowSocks/libsodium/ios64/include/sodium/crypto_stream.h b/client/3rd/ShadowSocks/ShadowSocks/libsodium/ios64/include/sodium/crypto_stream.h
new file mode 100644
index 00000000..88dab5f6
--- /dev/null
+++ b/client/3rd/ShadowSocks/ShadowSocks/libsodium/ios64/include/sodium/crypto_stream.h
@@ -0,0 +1,59 @@
+#ifndef crypto_stream_H
+#define crypto_stream_H
+
+/*
+ *  WARNING: This is just a stream cipher. It is NOT authenticated encryption.
+ *  While it provides some protection against eavesdropping, it does NOT
+ *  provide any security against active attacks.
+ *  Unless you know what you're doing, what you are looking for is probably
+ *  the crypto_box functions.
+ */
+
+#include <stddef.h>
+
+#include "crypto_stream_xsalsa20.h"
+#include "export.h"
+
+#ifdef __cplusplus
+# ifdef __GNUC__
+#  pragma GCC diagnostic ignored "-Wlong-long"
+# endif
+extern "C" {
+#endif
+
+#define crypto_stream_KEYBYTES crypto_stream_xsalsa20_KEYBYTES
+SODIUM_EXPORT
+size_t  crypto_stream_keybytes(void);
+
+#define crypto_stream_NONCEBYTES crypto_stream_xsalsa20_NONCEBYTES
+SODIUM_EXPORT
+size_t  crypto_stream_noncebytes(void);
+
+#define crypto_stream_MESSAGEBYTES_MAX crypto_stream_xsalsa20_MESSAGEBYTES_MAX
+SODIUM_EXPORT
+size_t  crypto_stream_messagebytes_max(void);
+
+#define crypto_stream_PRIMITIVE "xsalsa20"
+SODIUM_EXPORT
+const char *crypto_stream_primitive(void);
+
+SODIUM_EXPORT
+int crypto_stream(unsigned char *c, unsigned long long clen,
+                  const unsigned char *n, const unsigned char *k)
+            __attribute__ ((nonnull));
+
+SODIUM_EXPORT
+int crypto_stream_xor(unsigned char *c, const unsigned char *m,
+                      unsigned long long mlen, const unsigned char *n,
+                      const unsigned char *k)
+            __attribute__ ((nonnull));
+
+SODIUM_EXPORT
+void crypto_stream_keygen(unsigned char k[crypto_stream_KEYBYTES])
+            __attribute__ ((nonnull));
+
+#ifdef __cplusplus
+}
+#endif
+
+#endif
diff --git a/client/3rd/ShadowSocks/ShadowSocks/libsodium/ios64/include/sodium/crypto_stream_chacha20.h b/client/3rd/ShadowSocks/ShadowSocks/libsodium/ios64/include/sodium/crypto_stream_chacha20.h
new file mode 100644
index 00000000..40889755
--- /dev/null
+++ b/client/3rd/ShadowSocks/ShadowSocks/libsodium/ios64/include/sodium/crypto_stream_chacha20.h
@@ -0,0 +1,106 @@
+#ifndef crypto_stream_chacha20_H
+#define crypto_stream_chacha20_H
+
+/*
+ *  WARNING: This is just a stream cipher. It is NOT authenticated encryption.
+ *  While it provides some protection against eavesdropping, it does NOT
+ *  provide any security against active attacks.
+ *  Unless you know what you're doing, what you are looking for is probably
+ *  the crypto_box functions.
+ */
+
+#include <stddef.h>
+#include <stdint.h>
+#include "export.h"
+
+#ifdef __cplusplus
+# ifdef __GNUC__
+#  pragma GCC diagnostic ignored "-Wlong-long"
+# endif
+extern "C" {
+#endif
+
+#define crypto_stream_chacha20_KEYBYTES 32U
+SODIUM_EXPORT
+size_t crypto_stream_chacha20_keybytes(void);
+
+#define crypto_stream_chacha20_NONCEBYTES 8U
+SODIUM_EXPORT
+size_t crypto_stream_chacha20_noncebytes(void);
+
+#define crypto_stream_chacha20_MESSAGEBYTES_MAX SODIUM_SIZE_MAX
+SODIUM_EXPORT
+size_t crypto_stream_chacha20_messagebytes_max(void);
+
+/* ChaCha20 with a 64-bit nonce and a 64-bit counter, as originally designed */
+
+SODIUM_EXPORT
+int crypto_stream_chacha20(unsigned char *c, unsigned long long clen,
+                           const unsigned char *n, const unsigned char *k)
+            __attribute__ ((nonnull));
+
+SODIUM_EXPORT
+int crypto_stream_chacha20_xor(unsigned char *c, const unsigned char *m,
+                               unsigned long long mlen, const unsigned char *n,
+                               const unsigned char *k)
+            __attribute__ ((nonnull));
+
+SODIUM_EXPORT
+int crypto_stream_chacha20_xor_ic(unsigned char *c, const unsigned char *m,
+                                  unsigned long long mlen,
+                                  const unsigned char *n, uint64_t ic,
+                                  const unsigned char *k)
+            __attribute__ ((nonnull));
+
+SODIUM_EXPORT
+void crypto_stream_chacha20_keygen(unsigned char k[crypto_stream_chacha20_KEYBYTES])
+            __attribute__ ((nonnull));
+
+/* ChaCha20 with a 96-bit nonce and a 32-bit counter (IETF) */
+
+#define crypto_stream_chacha20_ietf_KEYBYTES 32U
+SODIUM_EXPORT
+size_t crypto_stream_chacha20_ietf_keybytes(void);
+
+#define crypto_stream_chacha20_ietf_NONCEBYTES 12U
+SODIUM_EXPORT
+size_t crypto_stream_chacha20_ietf_noncebytes(void);
+
+#define crypto_stream_chacha20_ietf_MESSAGEBYTES_MAX \
+    SODIUM_MIN(SODIUM_SIZE_MAX, 64ULL * (1ULL << 32))
+SODIUM_EXPORT
+size_t crypto_stream_chacha20_ietf_messagebytes_max(void);
+
+SODIUM_EXPORT
+int crypto_stream_chacha20_ietf(unsigned char *c, unsigned long long clen,
+                                const unsigned char *n, const unsigned char *k)
+            __attribute__ ((nonnull));
+
+SODIUM_EXPORT
+int crypto_stream_chacha20_ietf_xor(unsigned char *c, const unsigned char *m,
+                                    unsigned long long mlen, const unsigned char *n,
+                                    const unsigned char *k)
+            __attribute__ ((nonnull));
+
+SODIUM_EXPORT
+int crypto_stream_chacha20_ietf_xor_ic(unsigned char *c, const unsigned char *m,
+                                       unsigned long long mlen,
+                                       const unsigned char *n, uint32_t ic,
+                                       const unsigned char *k)
+            __attribute__ ((nonnull));
+
+SODIUM_EXPORT
+void crypto_stream_chacha20_ietf_keygen(unsigned char k[crypto_stream_chacha20_ietf_KEYBYTES])
+            __attribute__ ((nonnull));
+
+/* Aliases */
+
+#define crypto_stream_chacha20_IETF_KEYBYTES crypto_stream_chacha20_ietf_KEYBYTES
+#define crypto_stream_chacha20_IETF_NONCEBYTES crypto_stream_chacha20_ietf_NONCEBYTES
+#define crypto_stream_chacha20_IETF_MESSAGEBYTES_MAX crypto_stream_chacha20_ietf_MESSAGEBYTES_MAX
+
+#ifdef __cplusplus
+}
+#endif
+
+#endif
diff --git a/client/3rd/ShadowSocks/ShadowSocks/libsodium/ios64/include/sodium/crypto_stream_salsa20.h b/client/3rd/ShadowSocks/ShadowSocks/libsodium/ios64/include/sodium/crypto_stream_salsa20.h
new file mode 100644
index 00000000..45b3b3e3
--- /dev/null
+++ b/client/3rd/ShadowSocks/ShadowSocks/libsodium/ios64/include/sodium/crypto_stream_salsa20.h
@@ -0,0 +1,61 @@
+#ifndef crypto_stream_salsa20_H
+#define crypto_stream_salsa20_H
+
+/*
+ *  WARNING: This is just a stream cipher. It is NOT authenticated encryption.
+ *  While it provides some protection against eavesdropping, it does NOT
+ *  provide any security against active attacks.
+ *  Unless you know what you're doing, what you are looking for is probably
+ *  the crypto_box functions.
+ */
+
+#include <stddef.h>
+#include <stdint.h>
+#include "export.h"
+
+#ifdef __cplusplus
+# ifdef __GNUC__
+#  pragma GCC diagnostic ignored "-Wlong-long"
+# endif
+extern "C" {
+#endif
+
+#define crypto_stream_salsa20_KEYBYTES 32U
+SODIUM_EXPORT
+size_t crypto_stream_salsa20_keybytes(void);
+
+#define crypto_stream_salsa20_NONCEBYTES 8U
+SODIUM_EXPORT
+size_t crypto_stream_salsa20_noncebytes(void);
+
+#define crypto_stream_salsa20_MESSAGEBYTES_MAX SODIUM_SIZE_MAX
+SODIUM_EXPORT
+size_t crypto_stream_salsa20_messagebytes_max(void);
+
+SODIUM_EXPORT
+int crypto_stream_salsa20(unsigned char *c, unsigned long long clen,
+                          const unsigned char *n, const unsigned char *k)
+            __attribute__ ((nonnull));
+
+SODIUM_EXPORT
+int crypto_stream_salsa20_xor(unsigned char *c, const unsigned char *m,
+                              unsigned long long mlen, const unsigned char *n,
+                              const unsigned char *k)
+            __attribute__ ((nonnull));
+
+SODIUM_EXPORT
+int crypto_stream_salsa20_xor_ic(unsigned char *c, const unsigned char *m,
+                                 unsigned long long mlen,
+                                 const unsigned char *n, uint64_t ic,
+                                 const unsigned char *k)
+            __attribute__ ((nonnull));
+
+SODIUM_EXPORT
+void crypto_stream_salsa20_keygen(unsigned char k[crypto_stream_salsa20_KEYBYTES])
+            __attribute__ ((nonnull));
+
+#ifdef __cplusplus
+}
+#endif
+
+#endif
diff --git a/client/3rd/ShadowSocks/ShadowSocks/libsodium/ios64/include/sodium/crypto_stream_salsa2012.h b/client/3rd/ShadowSocks/ShadowSocks/libsodium/ios64/include/sodium/crypto_stream_salsa2012.h
new file mode 100644
index 00000000..6c5d303c
--- /dev/null
+++ b/client/3rd/ShadowSocks/ShadowSocks/libsodium/ios64/include/sodium/crypto_stream_salsa2012.h
@@ -0,0 +1,53 @@
+#ifndef crypto_stream_salsa2012_H
+#define crypto_stream_salsa2012_H
+
+/*
+ *  WARNING: This is just a stream cipher. It is NOT authenticated encryption.
+ *  While it provides some protection against eavesdropping, it does NOT
+ *  provide any security against active attacks.
+ *  Unless you know what you're doing, what you are looking for is probably
+ *  the crypto_box functions.
+ */
+
+#include <stddef.h>
+#include "export.h"
+
+#ifdef __cplusplus
+# ifdef __GNUC__
+#  pragma GCC diagnostic ignored "-Wlong-long"
+# endif
+extern "C" {
+#endif
+
+#define crypto_stream_salsa2012_KEYBYTES 32U
+SODIUM_EXPORT
+size_t crypto_stream_salsa2012_keybytes(void);
+
+#define crypto_stream_salsa2012_NONCEBYTES 8U
+SODIUM_EXPORT
+size_t crypto_stream_salsa2012_noncebytes(void);
+
+#define crypto_stream_salsa2012_MESSAGEBYTES_MAX SODIUM_SIZE_MAX
+SODIUM_EXPORT
+size_t crypto_stream_salsa2012_messagebytes_max(void);
+
+SODIUM_EXPORT
+int crypto_stream_salsa2012(unsigned char *c, unsigned long long clen,
+                            const unsigned char *n, const unsigned char *k)
+            __attribute__ ((nonnull));
+
+SODIUM_EXPORT
+int crypto_stream_salsa2012_xor(unsigned char *c, const unsigned char *m,
+                                unsigned long long mlen, const unsigned char *n,
+                                const unsigned char *k)
+            __attribute__ ((nonnull));
+
+SODIUM_EXPORT
+void crypto_stream_salsa2012_keygen(unsigned char k[crypto_stream_salsa2012_KEYBYTES])
+            __attribute__ ((nonnull));
+
+#ifdef __cplusplus
+}
+#endif
+
+#endif
diff --git a/client/3rd/ShadowSocks/ShadowSocks/libsodium/ios64/include/sodium/crypto_stream_salsa208.h b/client/3rd/ShadowSocks/ShadowSocks/libsodium/ios64/include/sodium/crypto_stream_salsa208.h
new file mode 100644
index 00000000..d574f304
--- /dev/null
+++ b/client/3rd/ShadowSocks/ShadowSocks/libsodium/ios64/include/sodium/crypto_stream_salsa208.h
@@ -0,0 +1,56 @@
+#ifndef crypto_stream_salsa208_H
+#define crypto_stream_salsa208_H
+
+/*
+ *  WARNING: This is just a stream cipher. It is NOT authenticated encryption.
+ *  While it provides some protection against eavesdropping, it does NOT
+ *  provide any security against active attacks.
+ *  Unless you know what you're doing, what you are looking for is probably
+ *  the crypto_box functions.
+ */
+
+#include <stddef.h>
+#include "export.h"
+
+#ifdef __cplusplus
+# ifdef __GNUC__
+#  pragma GCC diagnostic ignored "-Wlong-long"
+# endif
+extern "C" {
+#endif
+
+#define crypto_stream_salsa208_KEYBYTES 32U
+SODIUM_EXPORT
+size_t crypto_stream_salsa208_keybytes(void)
+            __attribute__ ((deprecated));
+
+#define crypto_stream_salsa208_NONCEBYTES 8U
+SODIUM_EXPORT
+size_t crypto_stream_salsa208_noncebytes(void)
+            __attribute__ ((deprecated));
+
+#define crypto_stream_salsa208_MESSAGEBYTES_MAX SODIUM_SIZE_MAX
+    SODIUM_EXPORT
+size_t crypto_stream_salsa208_messagebytes_max(void)
+            __attribute__ ((deprecated));
+
+SODIUM_EXPORT
+int crypto_stream_salsa208(unsigned char *c, unsigned long long clen,
+                           const unsigned char *n, const unsigned char *k)
+            __attribute__ ((deprecated)) __attribute__ ((nonnull));
+
+SODIUM_EXPORT
+int crypto_stream_salsa208_xor(unsigned char *c, const unsigned char *m,
+                               unsigned long long mlen, const unsigned char *n,
+                               const unsigned char *k)
+            __attribute__ ((deprecated)) __attribute__ ((nonnull));
+
+SODIUM_EXPORT
+void crypto_stream_salsa208_keygen(unsigned char k[crypto_stream_salsa208_KEYBYTES])
+            __attribute__ ((deprecated)) __attribute__ ((nonnull));
+
+#ifdef __cplusplus
+}
+#endif
+
+#endif
diff --git a/client/3rd/ShadowSocks/ShadowSocks/libsodium/ios64/include/sodium/crypto_stream_xchacha20.h b/client/3rd/ShadowSocks/ShadowSocks/libsodium/ios64/include/sodium/crypto_stream_xchacha20.h
new file mode 100644
index 00000000..c4002db0
--- /dev/null
+++ b/client/3rd/ShadowSocks/ShadowSocks/libsodium/ios64/include/sodium/crypto_stream_xchacha20.h
@@ -0,0 +1,61 @@
+#ifndef crypto_stream_xchacha20_H
+#define crypto_stream_xchacha20_H
+
+/*
+ *  WARNING: This is just a stream cipher. It is NOT authenticated encryption.
+ *  While it provides some protection against eavesdropping, it does NOT
+ *  provide any security against active attacks.
+ *  Unless you know what you're doing, what you are looking for is probably
+ *  the crypto_box functions.
+ */
+
+#include <stddef.h>
+#include <stdint.h>
+#include "export.h"
+
+#ifdef __cplusplus
+# ifdef __GNUC__
+#  pragma GCC diagnostic ignored "-Wlong-long"
+# endif
+extern "C" {
+#endif
+
+#define crypto_stream_xchacha20_KEYBYTES 32U
+SODIUM_EXPORT
+size_t crypto_stream_xchacha20_keybytes(void);
+
+#define crypto_stream_xchacha20_NONCEBYTES 24U
+SODIUM_EXPORT
+size_t crypto_stream_xchacha20_noncebytes(void);
+
+#define crypto_stream_xchacha20_MESSAGEBYTES_MAX SODIUM_SIZE_MAX
+SODIUM_EXPORT
+size_t crypto_stream_xchacha20_messagebytes_max(void);
+
+SODIUM_EXPORT
+int crypto_stream_xchacha20(unsigned char *c, unsigned long long clen,
+                            const unsigned char *n, const unsigned char *k)
+            __attribute__ ((nonnull));
+
+SODIUM_EXPORT
+int crypto_stream_xchacha20_xor(unsigned char *c, const unsigned char *m,
+                                unsigned long long mlen, const unsigned char *n,
+                                const unsigned char *k)
+            __attribute__ ((nonnull));
+
+SODIUM_EXPORT
+int crypto_stream_xchacha20_xor_ic(unsigned char *c, const unsigned char *m,
+                                   unsigned long long mlen,
+                                   const unsigned char *n, uint64_t ic,
+                                   const unsigned char *k)
+            __attribute__ ((nonnull));
+
+SODIUM_EXPORT
+void crypto_stream_xchacha20_keygen(unsigned char k[crypto_stream_xchacha20_KEYBYTES])
+            __attribute__ ((nonnull));
+
+#ifdef __cplusplus
+}
+#endif
+
+#endif
diff --git a/client/3rd/ShadowSocks/ShadowSocks/libsodium/ios64/include/sodium/crypto_stream_xsalsa20.h b/client/3rd/ShadowSocks/ShadowSocks/libsodium/ios64/include/sodium/crypto_stream_xsalsa20.h
new file mode 100644
index 00000000..20034e34
--- /dev/null
+++ b/client/3rd/ShadowSocks/ShadowSocks/libsodium/ios64/include/sodium/crypto_stream_xsalsa20.h
@@ -0,0 +1,61 @@
+#ifndef crypto_stream_xsalsa20_H
+#define crypto_stream_xsalsa20_H
+
+/*
+ *  WARNING: This is just a stream cipher. It is NOT authenticated encryption.
+ *  While it provides some protection against eavesdropping, it does NOT
+ *  provide any security against active attacks.
+ *  Unless you know what you're doing, what you are looking for is probably
+ *  the crypto_box functions.
+ */
+
+#include <stddef.h>
+#include <stdint.h>
+#include "export.h"
+
+#ifdef __cplusplus
+# ifdef __GNUC__
+#  pragma GCC diagnostic ignored "-Wlong-long"
+# endif
+extern "C" {
+#endif
+
+#define crypto_stream_xsalsa20_KEYBYTES 32U
+SODIUM_EXPORT
+size_t crypto_stream_xsalsa20_keybytes(void);
+
+#define crypto_stream_xsalsa20_NONCEBYTES 24U
+SODIUM_EXPORT
+size_t crypto_stream_xsalsa20_noncebytes(void);
+
+#define crypto_stream_xsalsa20_MESSAGEBYTES_MAX SODIUM_SIZE_MAX
+SODIUM_EXPORT
+size_t crypto_stream_xsalsa20_messagebytes_max(void);
+
+SODIUM_EXPORT
+int crypto_stream_xsalsa20(unsigned char *c, unsigned long long clen,
+                           const unsigned char *n, const unsigned char *k)
+            __attribute__ ((nonnull));
+
+SODIUM_EXPORT
+int crypto_stream_xsalsa20_xor(unsigned char *c, const unsigned char *m,
+                               unsigned long long mlen, const unsigned char *n,
+                               const unsigned char *k)
+            __attribute__ ((nonnull));
+
+SODIUM_EXPORT
+int crypto_stream_xsalsa20_xor_ic(unsigned char *c, const unsigned char *m,
+                                  unsigned long long mlen,
+                                  const unsigned char *n, uint64_t ic,
+                                  const unsigned char *k)
+            __attribute__ ((nonnull));
+
+SODIUM_EXPORT
+void crypto_stream_xsalsa20_keygen(unsigned char k[crypto_stream_xsalsa20_KEYBYTES])
+            __attribute__ ((nonnull));
+
+#ifdef __cplusplus
+}
+#endif
+
+#endif
diff --git a/client/3rd/ShadowSocks/ShadowSocks/libsodium/ios64/include/sodium/crypto_verify_16.h b/client/3rd/ShadowSocks/ShadowSocks/libsodium/ios64/include/sodium/crypto_verify_16.h
new file mode 100644
index 00000000..7b9c8077
--- /dev/null
+++ b/client/3rd/ShadowSocks/ShadowSocks/libsodium/ios64/include/sodium/crypto_verify_16.h
@@ -0,0 +1,23 @@
+#ifndef crypto_verify_16_H
+#define crypto_verify_16_H
+
+#include <stddef.h>
+#include "export.h"
+
+#ifdef __cplusplus
+extern "C" {
+#endif
+
+#define crypto_verify_16_BYTES 16U
+SODIUM_EXPORT
+size_t crypto_verify_16_bytes(void);
+
+SODIUM_EXPORT
+int crypto_verify_16(const unsigned char *x, const unsigned char *y)
+            __attribute__ ((warn_unused_result)) __attribute__ ((nonnull));
+
+#ifdef __cplusplus
+}
+#endif
+
+#endif
diff --git a/client/3rd/ShadowSocks/ShadowSocks/libsodium/ios64/include/sodium/crypto_verify_32.h b/client/3rd/ShadowSocks/ShadowSocks/libsodium/ios64/include/sodium/crypto_verify_32.h
new file mode 100644
index 00000000..9b0f4529
--- /dev/null
+++ b/client/3rd/ShadowSocks/ShadowSocks/libsodium/ios64/include/sodium/crypto_verify_32.h
@@ -0,0 +1,23 @@
+#ifndef crypto_verify_32_H
+#define crypto_verify_32_H
+
+#include <stddef.h>
+#include "export.h"
+
+#ifdef __cplusplus
+extern "C" {
+#endif
+
+#define crypto_verify_32_BYTES 32U
+SODIUM_EXPORT
+size_t crypto_verify_32_bytes(void);
+
+SODIUM_EXPORT
+int crypto_verify_32(const unsigned char *x, const unsigned char *y)
+            __attribute__ ((warn_unused_result)) __attribute__ ((nonnull));
+
+#ifdef __cplusplus
+}
+#endif
+
+#endif
diff --git a/client/3rd/ShadowSocks/ShadowSocks/libsodium/ios64/include/sodium/crypto_verify_64.h b/client/3rd/ShadowSocks/ShadowSocks/libsodium/ios64/include/sodium/crypto_verify_64.h
new file mode 100644
index 00000000..c83b7302
--- /dev/null
+++ b/client/3rd/ShadowSocks/ShadowSocks/libsodium/ios64/include/sodium/crypto_verify_64.h
@@ -0,0 +1,23 @@
+#ifndef crypto_verify_64_H
+#define crypto_verify_64_H
+
+#include <stddef.h>
+#include "export.h"
+
+#ifdef __cplusplus
+extern "C" {
+#endif
+
+#define crypto_verify_64_BYTES 64U
+SODIUM_EXPORT
+size_t crypto_verify_64_bytes(void);
+
+SODIUM_EXPORT
+int crypto_verify_64(const unsigned char *x, const unsigned char *y)
+            __attribute__ ((warn_unused_result)) __attribute__ ((nonnull));
+
+#ifdef __cplusplus
+}
+#endif
+
+#endif
diff --git a/client/3rd/ShadowSocks/ShadowSocks/libsodium/ios64/include/sodium/export.h b/client/3rd/ShadowSocks/ShadowSocks/libsodium/ios64/include/sodium/export.h
new file mode 100644
index 00000000..a0074fc9
--- /dev/null
+++ b/client/3rd/ShadowSocks/ShadowSocks/libsodium/ios64/include/sodium/export.h
@@ -0,0 +1,57 @@
+
+#ifndef sodium_export_H
+#define sodium_export_H
+
+#include <stddef.h>
+#include <stdint.h>
+#include <limits.h>
+
+#if !defined(__clang__) && !defined(__GNUC__)
+# ifdef __attribute__
+#  undef __attribute__
+# endif
+# define __attribute__(a)
+#endif
+
+#ifdef SODIUM_STATIC
+# define SODIUM_EXPORT
+# define SODIUM_EXPORT_WEAK
+#else
+# if defined(_MSC_VER)
+#  ifdef SODIUM_DLL_EXPORT
+#   define SODIUM_EXPORT __declspec(dllexport)
+#  else
+#   define SODIUM_EXPORT __declspec(dllimport)
+#  endif
+# else
+#  if defined(__SUNPRO_C)
+#   ifndef __GNU_C__
+#    define SODIUM_EXPORT __attribute__ (visibility(__global))
+#   else
+#    define SODIUM_EXPORT __attribute__ __global
+#   endif
+#  elif defined(_MSG_VER)
+#   define SODIUM_EXPORT extern __declspec(dllexport)
+#  else
+#   define SODIUM_EXPORT __attribute__ ((visibility ("default")))
+#  endif
+# endif
+# if defined(__ELF__) && !defined(SODIUM_DISABLE_WEAK_FUNCTIONS)
+#  define SODIUM_EXPORT_WEAK SODIUM_EXPORT __attribute__((weak))
+# else
+#  define SODIUM_EXPORT_WEAK SODIUM_EXPORT
+# endif
+#endif
+
+#ifndef CRYPTO_ALIGN
+# if defined(__INTEL_COMPILER) || defined(_MSC_VER)
+#  define CRYPTO_ALIGN(x) __declspec(align(x))
+# else
+#  define CRYPTO_ALIGN(x) __attribute__ ((aligned(x)))
+# endif
+#endif
+
+#define SODIUM_MIN(A, B) ((A) < (B) ? (A) : (B))
+#define SODIUM_SIZE_MAX SODIUM_MIN(UINT64_MAX, SIZE_MAX)
+
+#endif
diff --git a/client/3rd/ShadowSocks/ShadowSocks/libsodium/ios64/include/sodium/randombytes.h b/client/3rd/ShadowSocks/ShadowSocks/libsodium/ios64/include/sodium/randombytes.h
new file mode 100644
index 00000000..c83a4df5
--- /dev/null
+++ b/client/3rd/ShadowSocks/ShadowSocks/libsodium/ios64/include/sodium/randombytes.h
@@ -0,0 +1,72 @@
+
+#ifndef randombytes_H
+#define randombytes_H
+
+#include <stddef.h>
+#include <stdint.h>
+
+#include <sys/types.h>
+
+#include "export.h"
+
+#ifdef __cplusplus
+# ifdef __GNUC__
+#  pragma GCC diagnostic ignored "-Wlong-long"
+# endif
+extern "C" {
+#endif
+
+typedef struct randombytes_implementation {
+    const char *(*implementation_name)(void); /* required */
+    uint32_t    (*random)(void);              /* required */
+    void        (*stir)(void);                /* optional */
+    uint32_t    (*uniform)(const uint32_t upper_bound); /* optional, a default implementation will be used if NULL */
+    void        (*buf)(void * const buf, const size_t size); /* required */
+    int         (*close)(void);               /* optional */
+} randombytes_implementation;
+
+#define randombytes_BYTES_MAX SODIUM_MIN(SODIUM_SIZE_MAX, 0xffffffffUL)
+
+#define randombytes_SEEDBYTES 32U
+SODIUM_EXPORT
+size_t randombytes_seedbytes(void);
+
+SODIUM_EXPORT
+void randombytes_buf(void * const buf, const size_t size)
+            __attribute__ ((nonnull));
+
+SODIUM_EXPORT
+void randombytes_buf_deterministic(void * const buf, const size_t size,
+                                   const unsigned char seed[randombytes_SEEDBYTES])
+            __attribute__ ((nonnull));
+
+SODIUM_EXPORT
+uint32_t randombytes_random(void);
+
+SODIUM_EXPORT
+uint32_t randombytes_uniform(const uint32_t upper_bound);
+
+SODIUM_EXPORT
+void randombytes_stir(void);
+
+SODIUM_EXPORT
+int randombytes_close(void);
+
+SODIUM_EXPORT
+int randombytes_set_implementation(const randombytes_implementation *impl)
+            __attribute__ ((nonnull));
+
+SODIUM_EXPORT
+const char *randombytes_implementation_name(void);
+
+/* -- NaCl compatibility interface -- */
+
+SODIUM_EXPORT
+void randombytes(unsigned char * const buf, const unsigned long long buf_len)
+            __attribute__ ((nonnull));
+
+#ifdef __cplusplus
+}
+#endif
+
+#endif
diff --git a/client/3rd/ShadowSocks/ShadowSocks/libsodium/ios64/include/sodium/randombytes_internal_random.h b/client/3rd/ShadowSocks/ShadowSocks/libsodium/ios64/include/sodium/randombytes_internal_random.h
new file mode 100644
index 00000000..2b2b7d6e
--- /dev/null
+++ b/client/3rd/ShadowSocks/ShadowSocks/libsodium/ios64/include/sodium/randombytes_internal_random.h
@@ -0,0 +1,22 @@
+
+#ifndef randombytes_internal_random_H
+#define randombytes_internal_random_H
+
+#include "export.h"
+#include "randombytes.h"
+
+#ifdef __cplusplus
+extern "C" {
+#endif
+
+SODIUM_EXPORT
+extern struct randombytes_implementation randombytes_internal_implementation;
+
+/* Backwards compatibility with libsodium < 1.0.18 */
+#define randombytes_salsa20_implementation randombytes_internal_implementation
+
+#ifdef __cplusplus
+}
+#endif
+
+#endif
diff --git a/client/3rd/ShadowSocks/ShadowSocks/libsodium/ios64/include/sodium/randombytes_sysrandom.h b/client/3rd/ShadowSocks/ShadowSocks/libsodium/ios64/include/sodium/randombytes_sysrandom.h
new file mode 100644
index 00000000..9e27b674
--- /dev/null
+++ b/client/3rd/ShadowSocks/ShadowSocks/libsodium/ios64/include/sodium/randombytes_sysrandom.h
@@ -0,0 +1,19 @@
+
+#ifndef randombytes_sysrandom_H
+#define randombytes_sysrandom_H
+
+#include "export.h"
+#include "randombytes.h"
+
+#ifdef __cplusplus
+extern "C" {
+#endif
+
+SODIUM_EXPORT
+extern struct randombytes_implementation randombytes_sysrandom_implementation;
+
+#ifdef __cplusplus
+}
+#endif
+
+#endif
diff --git a/client/3rd/ShadowSocks/ShadowSocks/libsodium/ios64/include/sodium/runtime.h b/client/3rd/ShadowSocks/ShadowSocks/libsodium/ios64/include/sodium/runtime.h
new file mode 100644
index 00000000..c1cec853
--- /dev/null
+++ b/client/3rd/ShadowSocks/ShadowSocks/libsodium/ios64/include/sodium/runtime.h
@@ -0,0 +1,55 @@
+
+#ifndef sodium_runtime_H
+#define sodium_runtime_H
+
+#include "export.h"
+
+#ifdef __cplusplus
+extern "C" {
+#endif
+
+SODIUM_EXPORT_WEAK
+int sodium_runtime_has_neon(void);
+
+SODIUM_EXPORT_WEAK
+int sodium_runtime_has_armcrypto(void);
+
+SODIUM_EXPORT_WEAK
+int sodium_runtime_has_sse2(void);
+
+SODIUM_EXPORT_WEAK
+int sodium_runtime_has_sse3(void);
+
+SODIUM_EXPORT_WEAK
+int sodium_runtime_has_ssse3(void);
+
+SODIUM_EXPORT_WEAK
+int sodium_runtime_has_sse41(void);
+
+SODIUM_EXPORT_WEAK
+int sodium_runtime_has_avx(void);
+
+SODIUM_EXPORT_WEAK
+int sodium_runtime_has_avx2(void);
+
+SODIUM_EXPORT_WEAK
+int sodium_runtime_has_avx512f(void);
+
+SODIUM_EXPORT_WEAK
+int sodium_runtime_has_pclmul(void);
+
+SODIUM_EXPORT_WEAK
+int sodium_runtime_has_aesni(void);
+
+SODIUM_EXPORT_WEAK
+int sodium_runtime_has_rdrand(void);
+
+/* ------------------------------------------------------------------------- */
+
+int _sodium_runtime_get_cpu_features(void);
+
+#ifdef __cplusplus
+}
+#endif
+
+#endif
diff --git a/client/3rd/ShadowSocks/ShadowSocks/libsodium/ios64/include/sodium/utils.h b/client/3rd/ShadowSocks/ShadowSocks/libsodium/ios64/include/sodium/utils.h
new file mode 100644
index 00000000..f9b36979
--- /dev/null
+++ b/client/3rd/ShadowSocks/ShadowSocks/libsodium/ios64/include/sodium/utils.h
@@ -0,0 +1,179 @@
+
+#ifndef sodium_utils_H
+#define sodium_utils_H
+
+#include <stddef.h>
+
+#include "export.h"
+
+#ifdef __cplusplus
+extern "C" {
+#endif
+
+#ifndef SODIUM_C99
+# if defined(__cplusplus) || !defined(__STDC_VERSION__) || __STDC_VERSION__ < 199901L
+#  define SODIUM_C99(X)
+# else
+#  define SODIUM_C99(X) X
+# endif
+#endif
+
+SODIUM_EXPORT
+void sodium_memzero(void * const pnt, const size_t len);
+
+SODIUM_EXPORT
+void sodium_stackzero(const size_t len);
+
+/*
+ * WARNING: sodium_memcmp() must be used to verify if two secret keys
+ * are equal, in constant time.
+ * It returns 0 if the keys are equal, and -1 if they differ.
+ * This function is not designed for lexicographical comparisons.
+ */
+SODIUM_EXPORT
+int sodium_memcmp(const void * const b1_, const void * const b2_, size_t len)
+            __attribute__ ((warn_unused_result));
+
+/*
+ * sodium_compare() returns -1 if b1_ < b2_, 1 if b1_ > b2_ and 0 if b1_ == b2_
+ * It is suitable for lexicographical comparisons, or to compare nonces
+ * and counters stored in little-endian format.
+ * However, it is slower than sodium_memcmp().
+ */
+SODIUM_EXPORT
+int sodium_compare(const unsigned char *b1_, const unsigned char *b2_,
+                   size_t len) __attribute__ ((warn_unused_result));
+
+SODIUM_EXPORT
+int sodium_is_zero(const unsigned char *n, const size_t nlen);
+
+SODIUM_EXPORT
+void sodium_increment(unsigned char *n, const size_t nlen);
+
+SODIUM_EXPORT
+void sodium_add(unsigned char *a, const unsigned char *b, const size_t len);
+
+SODIUM_EXPORT
+void sodium_sub(unsigned char *a, const unsigned char *b, const size_t len);
+
+SODIUM_EXPORT
+char *sodium_bin2hex(char * const hex, const size_t hex_maxlen,
+                     const unsigned char * const bin, const size_t bin_len)
+            __attribute__ ((nonnull(1)));
+
+SODIUM_EXPORT
+int sodium_hex2bin(unsigned char * const bin, const size_t bin_maxlen,
+                   const char * const hex, const size_t hex_len,
+                   const char * const ignore, size_t * const bin_len,
+                   const char ** const hex_end)
+            __attribute__ ((nonnull(1)));
+
+#define sodium_base64_VARIANT_ORIGINAL            1
+#define sodium_base64_VARIANT_ORIGINAL_NO_PADDING 3
+#define sodium_base64_VARIANT_URLSAFE             5
+#define sodium_base64_VARIANT_URLSAFE_NO_PADDING  7
+
+/*
+ * Computes the required length to encode BIN_LEN bytes as a base64 string
+ * using the given variant. The computed length includes a trailing \0.
+ */
+#define sodium_base64_ENCODED_LEN(BIN_LEN, VARIANT) \
+    (((BIN_LEN) / 3U) * 4U + \
+    ((((BIN_LEN) - ((BIN_LEN) / 3U) * 3U) | (((BIN_LEN) - ((BIN_LEN) / 3U) * 3U) >> 1)) & 1U) * \
+     (4U - (~((((VARIANT) & 2U) >> 1) - 1U) & (3U - ((BIN_LEN) - ((BIN_LEN) / 3U) * 3U)))) + 1U)
+
+SODIUM_EXPORT
+size_t sodium_base64_encoded_len(const size_t bin_len, const int variant);
+
+SODIUM_EXPORT
+char *sodium_bin2base64(char * const b64, const size_t b64_maxlen,
+                        const unsigned char * const bin, const size_t bin_len,
+                        const int variant) __attribute__ ((nonnull(1)));
+
+SODIUM_EXPORT
+int sodium_base642bin(unsigned char * const bin, const size_t bin_maxlen,
+                      const char * const b64, const size_t b64_len,
+                      const char * const ignore, size_t * const bin_len,
+                      const char ** const b64_end, const int variant)
+            __attribute__ ((nonnull(1)));
+
+SODIUM_EXPORT
+int sodium_mlock(void * const addr, const size_t len)
+            __attribute__ ((nonnull));
+
+SODIUM_EXPORT
+int sodium_munlock(void * const addr, const size_t len)
+            __attribute__ ((nonnull));
+
+/* WARNING: sodium_malloc() and sodium_allocarray() are not general-purpose
+ * allocation functions.
+ *
+ * They return a pointer to a region filled with 0xd0 bytes, immediately
+ * followed by a guard page.
+ * As a result, accessing a single byte after the requested allocation size
+ * will intentionally trigger a segmentation fault.
+ *
+ * A canary and an additional guard page placed before the beginning of the
+ * region may also kill the process if a buffer underflow is detected.
+ *
+ * The memory layout is:
+ * [unprotected region size (read only)][guard page (no access)][unprotected pages (read/write)][guard page (no access)]
+ * With the layout of the unprotected pages being:
+ * [optional padding][16-bytes canary][user region]
+ *
+ * However:
+ * - These functions are significantly slower than standard functions
+ * - Each allocation requires 3 or 4 additional pages
+ * - The returned address will not be aligned if the allocation size is not
+ *   a multiple of the required alignment. For this reason, these functions
+ *   are designed to store data, such as secret keys and messages.
+ *
+ * sodium_malloc() can be used to allocate any libsodium data structure.
+ *
+ * The crypto_generichash_state structure is packed and its length is
+ * either 357 or 361 bytes. For this reason, when using sodium_malloc() to
+ * allocate a crypto_generichash_state structure, padding must be added in
+ * order to ensure proper alignment. crypto_generichash_statebytes()
+ * returns the rounded up structure size, and should be preferred to sizeof():
+ * state = sodium_malloc(crypto_generichash_statebytes());
+ */
+
+SODIUM_EXPORT
+void *sodium_malloc(const size_t size)
+            __attribute__ ((malloc));
+
+SODIUM_EXPORT
+void *sodium_allocarray(size_t count, size_t size)
+            __attribute__ ((malloc));
+
+SODIUM_EXPORT
+void sodium_free(void *ptr);
+
+SODIUM_EXPORT
+int sodium_mprotect_noaccess(void *ptr) __attribute__ ((nonnull));
+
+SODIUM_EXPORT
+int sodium_mprotect_readonly(void *ptr) __attribute__ ((nonnull));
+
+SODIUM_EXPORT
+int sodium_mprotect_readwrite(void *ptr) __attribute__ ((nonnull));
+
+SODIUM_EXPORT
+int sodium_pad(size_t *padded_buflen_p, unsigned char *buf,
+               size_t unpadded_buflen, size_t blocksize, size_t max_buflen)
+            __attribute__ ((nonnull(2)));
+
+SODIUM_EXPORT
+int sodium_unpad(size_t *unpadded_buflen_p, const unsigned char *buf,
+                 size_t padded_buflen, size_t blocksize)
+            __attribute__ ((nonnull(2)));
+
+/* -------- */
+
+int _sodium_alloc_init(void);
+
+#ifdef __cplusplus
+}
+#endif
+
+#endif
diff --git a/client/3rd/ShadowSocks/ShadowSocks/libsodium/ios64/include/sodium/version.h b/client/3rd/ShadowSocks/ShadowSocks/libsodium/ios64/include/sodium/version.h
new file mode 100644
index 00000000..cc60e448
--- /dev/null
+++ b/client/3rd/ShadowSocks/ShadowSocks/libsodium/ios64/include/sodium/version.h
@@ -0,0 +1,33 @@
+
+#ifndef sodium_version_H
+#define sodium_version_H
+
+#include "export.h"
+
+#define SODIUM_VERSION_STRING "1.0.18"
+
+#define SODIUM_LIBRARY_VERSION_MAJOR 11
+#define SODIUM_LIBRARY_VERSION_MINOR 0
+#define SODIUM_LIBRARY_MINIMAL 1
+
+#ifdef __cplusplus
+extern "C" {
+#endif
+
+SODIUM_EXPORT
+const char *sodium_version_string(void);
+
+SODIUM_EXPORT
+int         sodium_library_version_major(void);
+
+SODIUM_EXPORT
+int         sodium_library_version_minor(void);
+
+SODIUM_EXPORT
+int         sodium_library_minimal(void);
+
+#ifdef __cplusplus
+}
+#endif
+
+#endif
diff --git a/client/3rd/ShadowSocks/ShadowSocks/libsodium/ios64/lib/libsodium.27.dylib b/client/3rd/ShadowSocks/ShadowSocks/libsodium/ios64/lib/libsodium.27.dylib
new file mode 100755
index 00000000..3aff9226
Binary files /dev/null and b/client/3rd/ShadowSocks/ShadowSocks/libsodium/ios64/lib/libsodium.27.dylib differ
diff --git a/client/3rd/ShadowSocks/ShadowSocks/libsodium/ios64/lib/libsodium.a b/client/3rd/ShadowSocks/ShadowSocks/libsodium/ios64/lib/libsodium.a
new file mode 100644
index 00000000..a833e4dc
Binary files /dev/null and b/client/3rd/ShadowSocks/ShadowSocks/libsodium/ios64/lib/libsodium.a differ
diff --git a/client/3rd/ShadowSocks/ShadowSocks/libsodium/ios64/lib/libsodium.dylib b/client/3rd/ShadowSocks/ShadowSocks/libsodium/ios64/lib/libsodium.dylib
new file mode 120000
index 00000000..7f3f6fe6
--- /dev/null
+++ b/client/3rd/ShadowSocks/ShadowSocks/libsodium/ios64/lib/libsodium.dylib
@@ -0,0 +1 @@
+libsodium.27.dylib
\ No newline at end of file
diff --git a/client/3rd/ShadowSocks/ShadowSocks/libsodium/ios64/lib/libsodium.la b/client/3rd/ShadowSocks/ShadowSocks/libsodium/ios64/lib/libsodium.la
new file mode 100755
index 00000000..f960ec8f
--- /dev/null
+++ b/client/3rd/ShadowSocks/ShadowSocks/libsodium/ios64/lib/libsodium.la
@@ -0,0 +1,41 @@
+# libsodium.la - a libtool library file
+# Generated by libtool (GNU libtool) 2.4.6
+#
+# Please DO NOT delete this file!
+# It is necessary for linking the library.
+
+# The name that we can dlopen(3).
+dlname='libsodium.27.dylib'
+
+# Names of this library.
+library_names='libsodium.27.dylib libsodium.dylib'
+
+# The name of the static archive.
+old_library='libsodium.a'
+
+# Linker flags that cannot go in dependency_libs.
+inherited_linker_flags='  -pthread'
+
+# Libraries that this one depends upon.
+dependency_libs=' -lpthread'
+
+# Names of additional weak libraries provided by this library
+weak_library_names=''
+
+# Version information for libsodium.
+current=27
+age=0
+revision=0
+
+# Is this an already installed library?
+installed=yes
+
+# Should we warn about portability when linking against -modules?
+shouldnotlink=no
+
+# Files to dlopen/dlpreopen
+dlopen=''
+dlpreopen=''
+
+# Directory that this library needs to be installed in:
+libdir='/Users/sanchez/work/vied/ios/vpn/playground/ss-libev-build/ShadowSocks-libev-iOS/ShadowSocks-libev-iOS/libsodium/libsodium-apple/tmp/ios64/lib'
diff --git a/client/3rd/ShadowSocks/ShadowSocks/libsodium/ios64/lib/pkgconfig/libsodium.pc b/client/3rd/ShadowSocks/ShadowSocks/libsodium/ios64/lib/pkgconfig/libsodium.pc
new file mode 100644
index 00000000..fa9275e2
--- /dev/null
+++ b/client/3rd/ShadowSocks/ShadowSocks/libsodium/ios64/lib/pkgconfig/libsodium.pc
@@ -0,0 +1,12 @@
+prefix=/Users/sanchez/work/vied/ios/vpn/playground/ss-libev-build/ShadowSocks-libev-iOS/ShadowSocks-libev-iOS/libsodium/libsodium-apple/tmp/ios64
+exec_prefix=${prefix}
+libdir=${exec_prefix}/lib
+includedir=${prefix}/include
+
+Name: libsodium
+Version: 1.0.18
+Description: A modern and easy-to-use crypto library
+
+Libs: -L${libdir} -lsodium
+Libs.private: -lpthread -pthread 
+Cflags: -I${includedir}
diff --git a/client/3rd/ShadowSocks/ShadowSocks/libsodium/lib/Clibsodium.xcframework/Info.plist b/client/3rd/ShadowSocks/ShadowSocks/libsodium/lib/Clibsodium.xcframework/Info.plist
new file mode 100644
index 00000000..5775c5ac
--- /dev/null
+++ b/client/3rd/ShadowSocks/ShadowSocks/libsodium/lib/Clibsodium.xcframework/Info.plist
@@ -0,0 +1,27 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!DOCTYPE plist PUBLIC "-//Apple//DTD PLIST 1.0//EN" "http://www.apple.com/DTDs/PropertyList-1.0.dtd">
+<plist version="1.0">
+<dict>
+	<key>AvailableLibraries</key>
+	<array>
+		<dict>
+			<key>HeadersPath</key>
+			<string>Headers</string>
+			<key>LibraryIdentifier</key>
+			<string>ios-arm64</string>
+			<key>LibraryPath</key>
+			<string>libsodium.a</string>
+			<key>SupportedArchitectures</key>
+			<array>
+				<string>arm64</string>
+			</array>
+			<key>SupportedPlatform</key>
+			<string>ios</string>
+		</dict>
+	</array>
+	<key>CFBundlePackageType</key>
+	<string>XFWK</string>
+	<key>XCFrameworkFormatVersion</key>
+	<string>1.0</string>
+</dict>
+</plist>
diff --git a/client/3rd/ShadowSocks/ShadowSocks/libsodium/lib/Clibsodium.xcframework/ios-arm64/Headers/module.modulemap b/client/3rd/ShadowSocks/ShadowSocks/libsodium/lib/Clibsodium.xcframework/ios-arm64/Headers/module.modulemap
new file mode 100644
index 00000000..d5e34df3
--- /dev/null
+++ b/client/3rd/ShadowSocks/ShadowSocks/libsodium/lib/Clibsodium.xcframework/ios-arm64/Headers/module.modulemap
@@ -0,0 +1,4 @@
+module Clibsodium {
+    header "sodium.h"
+    export *
+}
diff --git a/client/3rd/ShadowSocks/ShadowSocks/libsodium/lib/Clibsodium.xcframework/ios-arm64/Headers/sodium.h b/client/3rd/ShadowSocks/ShadowSocks/libsodium/lib/Clibsodium.xcframework/ios-arm64/Headers/sodium.h
new file mode 100644
index 00000000..610d6328
--- /dev/null
+++ b/client/3rd/ShadowSocks/ShadowSocks/libsodium/lib/Clibsodium.xcframework/ios-arm64/Headers/sodium.h
@@ -0,0 +1,73 @@
+
+#ifndef sodium_H
+#define sodium_H
+
+#include "sodium/version.h"
+
+#include "sodium/core.h"
+#include "sodium/crypto_aead_aes256gcm.h"
+#include "sodium/crypto_aead_aegis128l.h"
+#include "sodium/crypto_aead_aegis256.h"
+#include "sodium/crypto_aead_chacha20poly1305.h"
+#include "sodium/crypto_aead_xchacha20poly1305.h"
+#include "sodium/crypto_auth.h"
+#include "sodium/crypto_auth_hmacsha256.h"
+#include "sodium/crypto_auth_hmacsha512.h"
+#include "sodium/crypto_auth_hmacsha512256.h"
+#include "sodium/crypto_box.h"
+#include "sodium/crypto_box_curve25519xsalsa20poly1305.h"
+#include "sodium/crypto_core_hsalsa20.h"
+#include "sodium/crypto_core_hchacha20.h"
+#include "sodium/crypto_core_salsa20.h"
+#include "sodium/crypto_core_salsa2012.h"
+#include "sodium/crypto_core_salsa208.h"
+#include "sodium/crypto_generichash.h"
+#include "sodium/crypto_generichash_blake2b.h"
+#include "sodium/crypto_hash.h"
+#include "sodium/crypto_hash_sha256.h"
+#include "sodium/crypto_hash_sha512.h"
+#include "sodium/crypto_kdf.h"
+#include "sodium/crypto_kdf_blake2b.h"
+#include "sodium/crypto_kx.h"
+#include "sodium/crypto_onetimeauth.h"
+#include "sodium/crypto_onetimeauth_poly1305.h"
+#include "sodium/crypto_pwhash.h"
+#include "sodium/crypto_pwhash_argon2i.h"
+#include "sodium/crypto_scalarmult.h"
+#include "sodium/crypto_scalarmult_curve25519.h"
+#include "sodium/crypto_secretbox.h"
+#include "sodium/crypto_secretbox_xsalsa20poly1305.h"
+#include "sodium/crypto_secretstream_xchacha20poly1305.h"
+#include "sodium/crypto_shorthash.h"
+#include "sodium/crypto_shorthash_siphash24.h"
+#include "sodium/crypto_sign.h"
+#include "sodium/crypto_sign_ed25519.h"
+#include "sodium/crypto_stream.h"
+#include "sodium/crypto_stream_chacha20.h"
+#include "sodium/crypto_stream_salsa20.h"
+#include "sodium/crypto_stream_xsalsa20.h"
+#include "sodium/crypto_verify_16.h"
+#include "sodium/crypto_verify_32.h"
+#include "sodium/crypto_verify_64.h"
+#include "sodium/randombytes.h"
+#include "sodium/randombytes_internal_random.h"
+#include "sodium/randombytes_sysrandom.h"
+#include "sodium/runtime.h"
+#include "sodium/utils.h"
+
+#ifndef SODIUM_LIBRARY_MINIMAL
+# include "sodium/crypto_box_curve25519xchacha20poly1305.h"
+# include "sodium/crypto_core_ed25519.h"
+# include "sodium/crypto_core_ristretto255.h"
+# include "sodium/crypto_kdf_hkdf_sha256.h"
+# include "sodium/crypto_kdf_hkdf_sha512.h"
+# include "sodium/crypto_scalarmult_ed25519.h"
+# include "sodium/crypto_scalarmult_ristretto255.h"
+# include "sodium/crypto_secretbox_xchacha20poly1305.h"
+# include "sodium/crypto_pwhash_scryptsalsa208sha256.h"
+# include "sodium/crypto_stream_salsa2012.h"
+# include "sodium/crypto_stream_salsa208.h"
+# include "sodium/crypto_stream_xchacha20.h"
+#endif
+
+#endif
diff --git a/client/3rd/ShadowSocks/ShadowSocks/libsodium/lib/Clibsodium.xcframework/ios-arm64/Headers/sodium/core.h b/client/3rd/ShadowSocks/ShadowSocks/libsodium/lib/Clibsodium.xcframework/ios-arm64/Headers/sodium/core.h
new file mode 100644
index 00000000..dd088d2c
--- /dev/null
+++ b/client/3rd/ShadowSocks/ShadowSocks/libsodium/lib/Clibsodium.xcframework/ios-arm64/Headers/sodium/core.h
@@ -0,0 +1,28 @@
+
+#ifndef sodium_core_H
+#define sodium_core_H
+
+#include "export.h"
+
+#ifdef __cplusplus
+extern "C" {
+#endif
+
+SODIUM_EXPORT
+int sodium_init(void)
+            __attribute__ ((warn_unused_result));
+
+/* ---- */
+
+SODIUM_EXPORT
+int sodium_set_misuse_handler(void (*handler)(void));
+
+SODIUM_EXPORT
+void sodium_misuse(void)
+            __attribute__ ((noreturn));
+
+#ifdef __cplusplus
+}
+#endif
+
+#endif
diff --git a/client/3rd/ShadowSocks/ShadowSocks/libsodium/lib/Clibsodium.xcframework/ios-arm64/Headers/sodium/crypto_aead_aegis128l.h b/client/3rd/ShadowSocks/ShadowSocks/libsodium/lib/Clibsodium.xcframework/ios-arm64/Headers/sodium/crypto_aead_aegis128l.h
new file mode 100644
index 00000000..ed8d2f2b
--- /dev/null
+++ b/client/3rd/ShadowSocks/ShadowSocks/libsodium/lib/Clibsodium.xcframework/ios-arm64/Headers/sodium/crypto_aead_aegis128l.h
@@ -0,0 +1,96 @@
+#ifndef crypto_aead_aegis128l_H
+#define crypto_aead_aegis128l_H
+
+#include <stddef.h>
+#include "export.h"
+
+#ifdef __cplusplus
+# ifdef __GNUC__
+#  pragma GCC diagnostic ignored "-Wlong-long"
+# endif
+extern "C" {
+#endif
+
+SODIUM_EXPORT
+int crypto_aead_aegis128l_is_available(void);
+
+#define crypto_aead_aegis128l_KEYBYTES  16U
+SODIUM_EXPORT
+size_t crypto_aead_aegis128l_keybytes(void);
+
+#define crypto_aead_aegis128l_NSECBYTES 0U
+SODIUM_EXPORT
+size_t crypto_aead_aegis128l_nsecbytes(void);
+
+#define crypto_aead_aegis128l_NPUBBYTES 16U
+SODIUM_EXPORT
+size_t crypto_aead_aegis128l_npubbytes(void);
+
+#define crypto_aead_aegis128l_ABYTES    16U
+SODIUM_EXPORT
+size_t crypto_aead_aegis128l_abytes(void);
+
+#define crypto_aead_aegis128l_MESSAGEBYTES_MAX \
+    SODIUM_MIN(SODIUM_SIZE_MAX - crypto_aead_aegis128l_ABYTES, \
+               (1ULL << 61) - 1)
+SODIUM_EXPORT
+size_t crypto_aead_aegis128l_messagebytes_max(void);
+
+SODIUM_EXPORT
+int crypto_aead_aegis128l_encrypt(unsigned char *c,
+                                  unsigned long long *clen_p,
+                                  const unsigned char *m,
+                                  unsigned long long mlen,
+                                  const unsigned char *ad,
+                                  unsigned long long adlen,
+                                  const unsigned char *nsec,
+                                  const unsigned char *npub,
+                                  const unsigned char *k)
+            __attribute__ ((nonnull(1, 8, 9)));
+
+SODIUM_EXPORT
+int crypto_aead_aegis128l_decrypt(unsigned char *m,
+                                  unsigned long long *mlen_p,
+                                  unsigned char *nsec,
+                                  const unsigned char *c,
+                                  unsigned long long clen,
+                                  const unsigned char *ad,
+                                  unsigned long long adlen,
+                                  const unsigned char *npub,
+                                  const unsigned char *k)
+            __attribute__ ((warn_unused_result)) __attribute__ ((nonnull(4, 8, 9)));
+
+SODIUM_EXPORT
+int crypto_aead_aegis128l_encrypt_detached(unsigned char *c,
+                                           unsigned char *mac,
+                                           unsigned long long *maclen_p,
+                                           const unsigned char *m,
+                                           unsigned long long mlen,
+                                           const unsigned char *ad,
+                                           unsigned long long adlen,
+                                           const unsigned char *nsec,
+                                           const unsigned char *npub,
+                                           const unsigned char *k)
+            __attribute__ ((nonnull(1, 2, 9, 10)));
+
+SODIUM_EXPORT
+int crypto_aead_aegis128l_decrypt_detached(unsigned char *m,
+                                           unsigned char *nsec,
+                                           const unsigned char *c,
+                                           unsigned long long clen,
+                                           const unsigned char *mac,
+                                           const unsigned char *ad,
+                                           unsigned long long adlen,
+                                           const unsigned char *npub,
+                                           const unsigned char *k)
+            __attribute__ ((warn_unused_result)) __attribute__ ((nonnull(3, 5, 8, 9)));
+
+SODIUM_EXPORT
+void crypto_aead_aegis128l_keygen(unsigned char k[crypto_aead_aegis128l_KEYBYTES])
+            __attribute__ ((nonnull));
+
+#ifdef __cplusplus
+}
+#endif
+
+#endif
diff --git a/client/3rd/ShadowSocks/ShadowSocks/libsodium/lib/Clibsodium.xcframework/ios-arm64/Headers/sodium/crypto_aead_aegis256.h b/client/3rd/ShadowSocks/ShadowSocks/libsodium/lib/Clibsodium.xcframework/ios-arm64/Headers/sodium/crypto_aead_aegis256.h
new file mode 100644
index 00000000..32e76896
--- /dev/null
+++ b/client/3rd/ShadowSocks/ShadowSocks/libsodium/lib/Clibsodium.xcframework/ios-arm64/Headers/sodium/crypto_aead_aegis256.h
@@ -0,0 +1,96 @@
+#ifndef crypto_aead_aegis256_H
+#define crypto_aead_aegis256_H
+
+#include <stddef.h>
+#include "export.h"
+
+#ifdef __cplusplus
+# ifdef __GNUC__
+#  pragma GCC diagnostic ignored "-Wlong-long"
+# endif
+extern "C" {
+#endif
+
+SODIUM_EXPORT
+int crypto_aead_aegis256_is_available(void);
+
+#define crypto_aead_aegis256_KEYBYTES  32U
+SODIUM_EXPORT
+size_t crypto_aead_aegis256_keybytes(void);
+
+#define crypto_aead_aegis256_NSECBYTES 0U
+SODIUM_EXPORT
+size_t crypto_aead_aegis256_nsecbytes(void);
+
+#define crypto_aead_aegis256_NPUBBYTES 32U
+SODIUM_EXPORT
+size_t crypto_aead_aegis256_npubbytes(void);
+
+#define crypto_aead_aegis256_ABYTES    16U
+SODIUM_EXPORT
+size_t crypto_aead_aegis256_abytes(void);
+
+#define crypto_aead_aegis256_MESSAGEBYTES_MAX \
+    SODIUM_MIN(SODIUM_SIZE_MAX - crypto_aead_aegis256_ABYTES, \
+               (1ULL << 61) - 1)
+SODIUM_EXPORT
+size_t crypto_aead_aegis256_messagebytes_max(void);
+
+SODIUM_EXPORT
+int crypto_aead_aegis256_encrypt(unsigned char *c,
+                                 unsigned long long *clen_p,
+                                 const unsigned char *m,
+                                 unsigned long long mlen,
+                                 const unsigned char *ad,
+                                 unsigned long long adlen,
+                                 const unsigned char *nsec,
+                                 const unsigned char *npub,
+                                 const unsigned char *k)
+            __attribute__ ((nonnull(1, 8, 9)));
+
+SODIUM_EXPORT
+int crypto_aead_aegis256_decrypt(unsigned char *m,
+                                 unsigned long long *mlen_p,
+                                 unsigned char *nsec,
+                                 const unsigned char *c,
+                                 unsigned long long clen,
+                                 const unsigned char *ad,
+                                 unsigned long long adlen,
+                                 const unsigned char *npub,
+                                 const unsigned char *k)
+            __attribute__ ((warn_unused_result)) __attribute__ ((nonnull(4, 8, 9)));
+
+SODIUM_EXPORT
+int crypto_aead_aegis256_encrypt_detached(unsigned char *c,
+                                          unsigned char *mac,
+                                          unsigned long long *maclen_p,
+                                          const unsigned char *m,
+                                          unsigned long long mlen,
+                                          const unsigned char *ad,
+                                          unsigned long long adlen,
+                                          const unsigned char *nsec,
+                                          const unsigned char *npub,
+                                          const unsigned char *k)
+            __attribute__ ((nonnull(1, 2, 9, 10)));
+
+SODIUM_EXPORT
+int crypto_aead_aegis256_decrypt_detached(unsigned char *m,
+                                          unsigned char *nsec,
+                                          const unsigned char *c,
+                                          unsigned long long clen,
+                                          const unsigned char *mac,
+                                          const unsigned char *ad,
+                                          unsigned long long adlen,
+                                          const unsigned char *npub,
+                                          const unsigned char *k)
+            __attribute__ ((warn_unused_result)) __attribute__ ((nonnull(3, 5, 8, 9)));
+
+SODIUM_EXPORT
+void crypto_aead_aegis256_keygen(unsigned char k[crypto_aead_aegis256_KEYBYTES])
+            __attribute__ ((nonnull));
+
+#ifdef __cplusplus
+}
+#endif
+
+#endif
diff --git a/client/3rd/ShadowSocks/ShadowSocks/libsodium/lib/Clibsodium.xcframework/ios-arm64/Headers/sodium/crypto_aead_aes256gcm.h b/client/3rd/ShadowSocks/ShadowSocks/libsodium/lib/Clibsodium.xcframework/ios-arm64/Headers/sodium/crypto_aead_aes256gcm.h
new file mode 100644
index 00000000..9baeb3f1
--- /dev/null
+++ b/client/3rd/ShadowSocks/ShadowSocks/libsodium/lib/Clibsodium.xcframework/ios-arm64/Headers/sodium/crypto_aead_aes256gcm.h
@@ -0,0 +1,179 @@
+#ifndef crypto_aead_aes256gcm_H
+#define crypto_aead_aes256gcm_H
+
+/*
+ * WARNING: Despite being the most popular AEAD construction due to its
+ * use in TLS, safely using AES-GCM in a different context is tricky.
+ *
+ * No more than ~ 350 GB of input data should be encrypted with a given key.
+ * This is for ~ 16 KB messages -- Actual figures vary according to
+ * message sizes.
+ *
+ * In addition, nonces are short and repeated nonces would totally destroy
+ * the security of this scheme.
+ *
+ * Nonces should thus come from atomic counters, which can be difficult to
+ * set up in a distributed environment.
+ *
+ * Unless you absolutely need AES-GCM, use crypto_aead_xchacha20poly1305_ietf_*()
+ * instead. It doesn't have any of these limitations.
+ * Or, if you don't need to authenticate additional data, just stick to
+ * crypto_secretbox().
+ */
+
+#include <stddef.h>
+#include "export.h"
+
+#ifdef __cplusplus
+# ifdef __GNUC__
+#  pragma GCC diagnostic ignored "-Wlong-long"
+# endif
+extern "C" {
+#endif
+
+SODIUM_EXPORT
+int crypto_aead_aes256gcm_is_available(void);
+
+#define crypto_aead_aes256gcm_KEYBYTES  32U
+SODIUM_EXPORT
+size_t crypto_aead_aes256gcm_keybytes(void);
+
+#define crypto_aead_aes256gcm_NSECBYTES 0U
+SODIUM_EXPORT
+size_t crypto_aead_aes256gcm_nsecbytes(void);
+
+#define crypto_aead_aes256gcm_NPUBBYTES 12U
+SODIUM_EXPORT
+size_t crypto_aead_aes256gcm_npubbytes(void);
+
+#define crypto_aead_aes256gcm_ABYTES    16U
+SODIUM_EXPORT
+size_t crypto_aead_aes256gcm_abytes(void);
+
+#define crypto_aead_aes256gcm_MESSAGEBYTES_MAX \
+    SODIUM_MIN(SODIUM_SIZE_MAX - crypto_aead_aes256gcm_ABYTES, \
+               (16ULL * ((1ULL << 32) - 2ULL)))
+SODIUM_EXPORT
+size_t crypto_aead_aes256gcm_messagebytes_max(void);
+
+typedef struct CRYPTO_ALIGN(16) crypto_aead_aes256gcm_state_ {
+    unsigned char opaque[512];
+} crypto_aead_aes256gcm_state;
+
+SODIUM_EXPORT
+size_t crypto_aead_aes256gcm_statebytes(void);
+
+SODIUM_EXPORT
+int crypto_aead_aes256gcm_encrypt(unsigned char *c,
+                                  unsigned long long *clen_p,
+                                  const unsigned char *m,
+                                  unsigned long long mlen,
+                                  const unsigned char *ad,
+                                  unsigned long long adlen,
+                                  const unsigned char *nsec,
+                                  const unsigned char *npub,
+                                  const unsigned char *k)
+            __attribute__ ((nonnull(1, 8, 9)));
+
+SODIUM_EXPORT
+int crypto_aead_aes256gcm_decrypt(unsigned char *m,
+                                  unsigned long long *mlen_p,
+                                  unsigned char *nsec,
+                                  const unsigned char *c,
+                                  unsigned long long clen,
+                                  const unsigned char *ad,
+                                  unsigned long long adlen,
+                                  const unsigned char *npub,
+                                  const unsigned char *k)
+            __attribute__ ((warn_unused_result)) __attribute__ ((nonnull(4, 8, 9)));
+
+SODIUM_EXPORT
+int crypto_aead_aes256gcm_encrypt_detached(unsigned char *c,
+                                           unsigned char *mac,
+                                           unsigned long long *maclen_p,
+                                           const unsigned char *m,
+                                           unsigned long long mlen,
+                                           const unsigned char *ad,
+                                           unsigned long long adlen,
+                                           const unsigned char *nsec,
+                                           const unsigned char *npub,
+                                           const unsigned char *k)
+            __attribute__ ((nonnull(1, 2, 9, 10)));
+
+SODIUM_EXPORT
+int crypto_aead_aes256gcm_decrypt_detached(unsigned char *m,
+                                           unsigned char *nsec,
+                                           const unsigned char *c,
+                                           unsigned long long clen,
+                                           const unsigned char *mac,
+                                           const unsigned char *ad,
+                                           unsigned long long adlen,
+                                           const unsigned char *npub,
+                                           const unsigned char *k)
+            __attribute__ ((warn_unused_result)) __attribute__ ((nonnull(3, 5, 8, 9)));
+
+/* -- Precomputation interface -- */
+
+SODIUM_EXPORT
+int crypto_aead_aes256gcm_beforenm(crypto_aead_aes256gcm_state *ctx_,
+                                   const unsigned char *k)
+            __attribute__ ((nonnull));
+
+SODIUM_EXPORT
+int crypto_aead_aes256gcm_encrypt_afternm(unsigned char *c,
+                                          unsigned long long *clen_p,
+                                          const unsigned char *m,
+                                          unsigned long long mlen,
+                                          const unsigned char *ad,
+                                          unsigned long long adlen,
+                                          const unsigned char *nsec,
+                                          const unsigned char *npub,
+                                          const crypto_aead_aes256gcm_state *ctx_)
+            __attribute__ ((nonnull(1, 8, 9)));
+
+SODIUM_EXPORT
+int crypto_aead_aes256gcm_decrypt_afternm(unsigned char *m,
+                                          unsigned long long *mlen_p,
+                                          unsigned char *nsec,
+                                          const unsigned char *c,
+                                          unsigned long long clen,
+                                          const unsigned char *ad,
+                                          unsigned long long adlen,
+                                          const unsigned char *npub,
+                                          const crypto_aead_aes256gcm_state *ctx_)
+            __attribute__ ((warn_unused_result)) __attribute__ ((nonnull(4, 8, 9)));
+
+SODIUM_EXPORT
+int crypto_aead_aes256gcm_encrypt_detached_afternm(unsigned char *c,
+                                                   unsigned char *mac,
+                                                   unsigned long long *maclen_p,
+                                                   const unsigned char *m,
+                                                   unsigned long long mlen,
+                                                   const unsigned char *ad,
+                                                   unsigned long long adlen,
+                                                   const unsigned char *nsec,
+                                                   const unsigned char *npub,
+                                                   const crypto_aead_aes256gcm_state *ctx_)
+            __attribute__ ((nonnull(1, 2, 9, 10)));
+
+SODIUM_EXPORT
+int crypto_aead_aes256gcm_decrypt_detached_afternm(unsigned char *m,
+                                                   unsigned char *nsec,
+                                                   const unsigned char *c,
+                                                   unsigned long long clen,
+                                                   const unsigned char *mac,
+                                                   const unsigned char *ad,
+                                                   unsigned long long adlen,
+                                                   const unsigned char *npub,
+                                                   const crypto_aead_aes256gcm_state *ctx_)
+            __attribute__ ((warn_unused_result)) __attribute__ ((nonnull(3, 5, 8, 9)));
+
+SODIUM_EXPORT
+void crypto_aead_aes256gcm_keygen(unsigned char k[crypto_aead_aes256gcm_KEYBYTES])
+            __attribute__ ((nonnull));
+
+#ifdef __cplusplus
+}
+#endif
+
+#endif
diff --git a/client/3rd/ShadowSocks/ShadowSocks/libsodium/lib/Clibsodium.xcframework/ios-arm64/Headers/sodium/crypto_aead_chacha20poly1305.h b/client/3rd/ShadowSocks/ShadowSocks/libsodium/lib/Clibsodium.xcframework/ios-arm64/Headers/sodium/crypto_aead_chacha20poly1305.h
new file mode 100644
index 00000000..5d671df1
--- /dev/null
+++ b/client/3rd/ShadowSocks/ShadowSocks/libsodium/lib/Clibsodium.xcframework/ios-arm64/Headers/sodium/crypto_aead_chacha20poly1305.h
@@ -0,0 +1,180 @@
+#ifndef crypto_aead_chacha20poly1305_H
+#define crypto_aead_chacha20poly1305_H
+
+#include <stddef.h>
+#include "export.h"
+
+#ifdef __cplusplus
+# ifdef __GNUC__
+#  pragma GCC diagnostic ignored "-Wlong-long"
+# endif
+extern "C" {
+#endif
+
+/* -- IETF ChaCha20-Poly1305 construction with a 96-bit nonce and a 32-bit internal counter -- */
+
+#define crypto_aead_chacha20poly1305_ietf_KEYBYTES 32U
+SODIUM_EXPORT
+size_t crypto_aead_chacha20poly1305_ietf_keybytes(void);
+
+#define crypto_aead_chacha20poly1305_ietf_NSECBYTES 0U
+SODIUM_EXPORT
+size_t crypto_aead_chacha20poly1305_ietf_nsecbytes(void);
+
+#define crypto_aead_chacha20poly1305_ietf_NPUBBYTES 12U
+
+SODIUM_EXPORT
+size_t crypto_aead_chacha20poly1305_ietf_npubbytes(void);
+
+#define crypto_aead_chacha20poly1305_ietf_ABYTES 16U
+SODIUM_EXPORT
+size_t crypto_aead_chacha20poly1305_ietf_abytes(void);
+
+#define crypto_aead_chacha20poly1305_ietf_MESSAGEBYTES_MAX \
+    SODIUM_MIN(SODIUM_SIZE_MAX - crypto_aead_chacha20poly1305_ietf_ABYTES, \
+               (64ULL * ((1ULL << 32) - 1ULL)))
+SODIUM_EXPORT
+size_t crypto_aead_chacha20poly1305_ietf_messagebytes_max(void);
+
+SODIUM_EXPORT
+int crypto_aead_chacha20poly1305_ietf_encrypt(unsigned char *c,
+                                              unsigned long long *clen_p,
+                                              const unsigned char *m,
+                                              unsigned long long mlen,
+                                              const unsigned char *ad,
+                                              unsigned long long adlen,
+                                              const unsigned char *nsec,
+                                              const unsigned char *npub,
+                                              const unsigned char *k)
+            __attribute__ ((nonnull(1, 8, 9)));
+
+SODIUM_EXPORT
+int crypto_aead_chacha20poly1305_ietf_decrypt(unsigned char *m,
+                                              unsigned long long *mlen_p,
+                                              unsigned char *nsec,
+                                              const unsigned char *c,
+                                              unsigned long long clen,
+                                              const unsigned char *ad,
+                                              unsigned long long adlen,
+                                              const unsigned char *npub,
+                                              const unsigned char *k)
+            __attribute__ ((warn_unused_result)) __attribute__ ((nonnull(4, 8, 9)));
+
+SODIUM_EXPORT
+int crypto_aead_chacha20poly1305_ietf_encrypt_detached(unsigned char *c,
+                                                       unsigned char *mac,
+                                                       unsigned long long *maclen_p,
+                                                       const unsigned char *m,
+                                                       unsigned long long mlen,
+                                                       const unsigned char *ad,
+                                                       unsigned long long adlen,
+                                                       const unsigned char *nsec,
+                                                       const unsigned char *npub,
+                                                       const unsigned char *k)
+            __attribute__ ((nonnull(1, 2, 9, 10)));
+
+SODIUM_EXPORT
+int crypto_aead_chacha20poly1305_ietf_decrypt_detached(unsigned char *m,
+                                                       unsigned char *nsec,
+                                                       const unsigned char *c,
+                                                       unsigned long long clen,
+                                                       const unsigned char *mac,
+                                                       const unsigned char *ad,
+                                                       unsigned long long adlen,
+                                                       const unsigned char *npub,
+                                                       const unsigned char *k)
+            __attribute__ ((warn_unused_result)) __attribute__ ((nonnull(3, 5, 8, 9)));
+
+SODIUM_EXPORT
+void crypto_aead_chacha20poly1305_ietf_keygen(unsigned char k[crypto_aead_chacha20poly1305_ietf_KEYBYTES])
+            __attribute__ ((nonnull));
+
+/* -- Original ChaCha20-Poly1305 construction with a 64-bit nonce and a 64-bit internal counter -- */
+
+#define crypto_aead_chacha20poly1305_KEYBYTES 32U
+SODIUM_EXPORT
+size_t crypto_aead_chacha20poly1305_keybytes(void);
+
+#define crypto_aead_chacha20poly1305_NSECBYTES 0U
+SODIUM_EXPORT
+size_t crypto_aead_chacha20poly1305_nsecbytes(void);
+
+#define crypto_aead_chacha20poly1305_NPUBBYTES 8U
+SODIUM_EXPORT
+size_t crypto_aead_chacha20poly1305_npubbytes(void);
+
+#define crypto_aead_chacha20poly1305_ABYTES 16U
+SODIUM_EXPORT
+size_t crypto_aead_chacha20poly1305_abytes(void);
+
+#define crypto_aead_chacha20poly1305_MESSAGEBYTES_MAX \
+    (SODIUM_SIZE_MAX - crypto_aead_chacha20poly1305_ABYTES)
+SODIUM_EXPORT
+size_t crypto_aead_chacha20poly1305_messagebytes_max(void);
+
+SODIUM_EXPORT
+int crypto_aead_chacha20poly1305_encrypt(unsigned char *c,
+                                         unsigned long long *clen_p,
+                                         const unsigned char *m,
+                                         unsigned long long mlen,
+                                         const unsigned char *ad,
+                                         unsigned long long adlen,
+                                         const unsigned char *nsec,
+                                         const unsigned char *npub,
+                                         const unsigned char *k)
+            __attribute__ ((nonnull(1, 8, 9)));
+
+SODIUM_EXPORT
+int crypto_aead_chacha20poly1305_decrypt(unsigned char *m,
+                                         unsigned long long *mlen_p,
+                                         unsigned char *nsec,
+                                         const unsigned char *c,
+                                         unsigned long long clen,
+                                         const unsigned char *ad,
+                                         unsigned long long adlen,
+                                         const unsigned char *npub,
+                                         const unsigned char *k)
+            __attribute__ ((warn_unused_result)) __attribute__ ((nonnull(4, 8, 9)));
+
+SODIUM_EXPORT
+int crypto_aead_chacha20poly1305_encrypt_detached(unsigned char *c,
+                                                  unsigned char *mac,
+                                                  unsigned long long *maclen_p,
+                                                  const unsigned char *m,
+                                                  unsigned long long mlen,
+                                                  const unsigned char *ad,
+                                                  unsigned long long adlen,
+                                                  const unsigned char *nsec,
+                                                  const unsigned char *npub,
+                                                  const unsigned char *k)
+            __attribute__ ((nonnull(1, 2, 9, 10)));
+
+SODIUM_EXPORT
+int crypto_aead_chacha20poly1305_decrypt_detached(unsigned char *m,
+                                                  unsigned char *nsec,
+                                                  const unsigned char *c,
+                                                  unsigned long long clen,
+                                                  const unsigned char *mac,
+                                                  const unsigned char *ad,
+                                                  unsigned long long adlen,
+                                                  const unsigned char *npub,
+                                                  const unsigned char *k)
+            __attribute__ ((warn_unused_result)) __attribute__ ((nonnull(3, 5, 8, 9)));
+
+SODIUM_EXPORT
+void crypto_aead_chacha20poly1305_keygen(unsigned char k[crypto_aead_chacha20poly1305_KEYBYTES])
+            __attribute__ ((nonnull));
+
+/* Aliases */
+
+#define crypto_aead_chacha20poly1305_IETF_KEYBYTES         crypto_aead_chacha20poly1305_ietf_KEYBYTES
+#define crypto_aead_chacha20poly1305_IETF_NSECBYTES        crypto_aead_chacha20poly1305_ietf_NSECBYTES
+#define crypto_aead_chacha20poly1305_IETF_NPUBBYTES        crypto_aead_chacha20poly1305_ietf_NPUBBYTES
+#define crypto_aead_chacha20poly1305_IETF_ABYTES           crypto_aead_chacha20poly1305_ietf_ABYTES
+#define crypto_aead_chacha20poly1305_IETF_MESSAGEBYTES_MAX crypto_aead_chacha20poly1305_ietf_MESSAGEBYTES_MAX
+
+#ifdef __cplusplus
+}
+#endif
+
+#endif
diff --git a/client/3rd/ShadowSocks/ShadowSocks/libsodium/lib/Clibsodium.xcframework/ios-arm64/Headers/sodium/crypto_aead_xchacha20poly1305.h b/client/3rd/ShadowSocks/ShadowSocks/libsodium/lib/Clibsodium.xcframework/ios-arm64/Headers/sodium/crypto_aead_xchacha20poly1305.h
new file mode 100644
index 00000000..6643b0cb
--- /dev/null
+++ b/client/3rd/ShadowSocks/ShadowSocks/libsodium/lib/Clibsodium.xcframework/ios-arm64/Headers/sodium/crypto_aead_xchacha20poly1305.h
@@ -0,0 +1,100 @@
+#ifndef crypto_aead_xchacha20poly1305_H
+#define crypto_aead_xchacha20poly1305_H
+
+#include <stddef.h>
+#include "export.h"
+
+#ifdef __cplusplus
+# ifdef __GNUC__
+#  pragma GCC diagnostic ignored "-Wlong-long"
+# endif
+extern "C" {
+#endif
+
+#define crypto_aead_xchacha20poly1305_ietf_KEYBYTES 32U
+SODIUM_EXPORT
+size_t crypto_aead_xchacha20poly1305_ietf_keybytes(void);
+
+#define crypto_aead_xchacha20poly1305_ietf_NSECBYTES 0U
+SODIUM_EXPORT
+size_t crypto_aead_xchacha20poly1305_ietf_nsecbytes(void);
+
+#define crypto_aead_xchacha20poly1305_ietf_NPUBBYTES 24U
+SODIUM_EXPORT
+size_t crypto_aead_xchacha20poly1305_ietf_npubbytes(void);
+
+#define crypto_aead_xchacha20poly1305_ietf_ABYTES 16U
+SODIUM_EXPORT
+size_t crypto_aead_xchacha20poly1305_ietf_abytes(void);
+
+#define crypto_aead_xchacha20poly1305_ietf_MESSAGEBYTES_MAX \
+    (SODIUM_SIZE_MAX - crypto_aead_xchacha20poly1305_ietf_ABYTES)
+SODIUM_EXPORT
+size_t crypto_aead_xchacha20poly1305_ietf_messagebytes_max(void);
+
+SODIUM_EXPORT
+int crypto_aead_xchacha20poly1305_ietf_encrypt(unsigned char *c,
+                                               unsigned long long *clen_p,
+                                               const unsigned char *m,
+                                               unsigned long long mlen,
+                                               const unsigned char *ad,
+                                               unsigned long long adlen,
+                                               const unsigned char *nsec,
+                                               const unsigned char *npub,
+                                               const unsigned char *k)
+            __attribute__ ((nonnull(1, 8, 9)));
+
+SODIUM_EXPORT
+int crypto_aead_xchacha20poly1305_ietf_decrypt(unsigned char *m,
+                                               unsigned long long *mlen_p,
+                                               unsigned char *nsec,
+                                               const unsigned char *c,
+                                               unsigned long long clen,
+                                               const unsigned char *ad,
+                                               unsigned long long adlen,
+                                               const unsigned char *npub,
+                                               const unsigned char *k)
+            __attribute__ ((warn_unused_result)) __attribute__ ((nonnull(4, 8, 9)));
+
+SODIUM_EXPORT
+int crypto_aead_xchacha20poly1305_ietf_encrypt_detached(unsigned char *c,
+                                                        unsigned char *mac,
+                                                        unsigned long long *maclen_p,
+                                                        const unsigned char *m,
+                                                        unsigned long long mlen,
+                                                        const unsigned char *ad,
+                                                        unsigned long long adlen,
+                                                        const unsigned char *nsec,
+                                                        const unsigned char *npub,
+                                                        const unsigned char *k)
+            __attribute__ ((nonnull(1, 2, 9, 10)));
+
+SODIUM_EXPORT
+int crypto_aead_xchacha20poly1305_ietf_decrypt_detached(unsigned char *m,
+                                                        unsigned char *nsec,
+                                                        const unsigned char *c,
+                                                        unsigned long long clen,
+                                                        const unsigned char *mac,
+                                                        const unsigned char *ad,
+                                                        unsigned long long adlen,
+                                                        const unsigned char *npub,
+                                                        const unsigned char *k)
+            __attribute__ ((warn_unused_result)) __attribute__ ((nonnull(3, 5, 8, 9)));
+
+SODIUM_EXPORT
+void crypto_aead_xchacha20poly1305_ietf_keygen(unsigned char k[crypto_aead_xchacha20poly1305_ietf_KEYBYTES])
+            __attribute__ ((nonnull));
+
+/* Aliases */
+
+#define crypto_aead_xchacha20poly1305_IETF_KEYBYTES         crypto_aead_xchacha20poly1305_ietf_KEYBYTES
+#define crypto_aead_xchacha20poly1305_IETF_NSECBYTES        crypto_aead_xchacha20poly1305_ietf_NSECBYTES
+#define crypto_aead_xchacha20poly1305_IETF_NPUBBYTES        crypto_aead_xchacha20poly1305_ietf_NPUBBYTES
+#define crypto_aead_xchacha20poly1305_IETF_ABYTES           crypto_aead_xchacha20poly1305_ietf_ABYTES
+#define crypto_aead_xchacha20poly1305_IETF_MESSAGEBYTES_MAX crypto_aead_xchacha20poly1305_ietf_MESSAGEBYTES_MAX
+
+#ifdef __cplusplus
+}
+#endif
+
+#endif
diff --git a/client/3rd/ShadowSocks/ShadowSocks/libsodium/lib/Clibsodium.xcframework/ios-arm64/Headers/sodium/crypto_auth.h b/client/3rd/ShadowSocks/ShadowSocks/libsodium/lib/Clibsodium.xcframework/ios-arm64/Headers/sodium/crypto_auth.h
new file mode 100644
index 00000000..540aee0e
--- /dev/null
+++ b/client/3rd/ShadowSocks/ShadowSocks/libsodium/lib/Clibsodium.xcframework/ios-arm64/Headers/sodium/crypto_auth.h
@@ -0,0 +1,46 @@
+#ifndef crypto_auth_H
+#define crypto_auth_H
+
+#include <stddef.h>
+
+#include "crypto_auth_hmacsha512256.h"
+#include "export.h"
+
+#ifdef __cplusplus
+# ifdef __GNUC__
+#  pragma GCC diagnostic ignored "-Wlong-long"
+# endif
+extern "C" {
+#endif
+
+#define crypto_auth_BYTES crypto_auth_hmacsha512256_BYTES
+SODIUM_EXPORT
+size_t  crypto_auth_bytes(void);
+
+#define crypto_auth_KEYBYTES crypto_auth_hmacsha512256_KEYBYTES
+SODIUM_EXPORT
+size_t  crypto_auth_keybytes(void);
+
+#define crypto_auth_PRIMITIVE "hmacsha512256"
+SODIUM_EXPORT
+const char *crypto_auth_primitive(void);
+
+SODIUM_EXPORT
+int crypto_auth(unsigned char *out, const unsigned char *in,
+                unsigned long long inlen, const unsigned char *k)
+            __attribute__ ((nonnull(1, 4)));
+
+SODIUM_EXPORT
+int crypto_auth_verify(const unsigned char *h, const unsigned char *in,
+                       unsigned long long inlen, const unsigned char *k)
+            __attribute__ ((warn_unused_result)) __attribute__ ((nonnull(1, 4)));
+
+SODIUM_EXPORT
+void crypto_auth_keygen(unsigned char k[crypto_auth_KEYBYTES])
+            __attribute__ ((nonnull));
+
+#ifdef __cplusplus
+}
+#endif
+
+#endif
diff --git a/client/3rd/ShadowSocks/ShadowSocks/libsodium/lib/Clibsodium.xcframework/ios-arm64/Headers/sodium/crypto_auth_hmacsha256.h b/client/3rd/ShadowSocks/ShadowSocks/libsodium/lib/Clibsodium.xcframework/ios-arm64/Headers/sodium/crypto_auth_hmacsha256.h
new file mode 100644
index 00000000..3da864c7
--- /dev/null
+++ b/client/3rd/ShadowSocks/ShadowSocks/libsodium/lib/Clibsodium.xcframework/ios-arm64/Headers/sodium/crypto_auth_hmacsha256.h
@@ -0,0 +1,70 @@
+#ifndef crypto_auth_hmacsha256_H
+#define crypto_auth_hmacsha256_H
+
+#include <stddef.h>
+#include "crypto_hash_sha256.h"
+#include "export.h"
+
+#ifdef __cplusplus
+# ifdef __GNUC__
+#  pragma GCC diagnostic ignored "-Wlong-long"
+# endif
+extern "C" {
+#endif
+
+#define crypto_auth_hmacsha256_BYTES 32U
+SODIUM_EXPORT
+size_t crypto_auth_hmacsha256_bytes(void);
+
+#define crypto_auth_hmacsha256_KEYBYTES 32U
+SODIUM_EXPORT
+size_t crypto_auth_hmacsha256_keybytes(void);
+
+SODIUM_EXPORT
+int crypto_auth_hmacsha256(unsigned char *out,
+                           const unsigned char *in,
+                           unsigned long long inlen,
+                           const unsigned char *k) __attribute__ ((nonnull(1, 4)));
+
+SODIUM_EXPORT
+int crypto_auth_hmacsha256_verify(const unsigned char *h,
+                                  const unsigned char *in,
+                                  unsigned long long inlen,
+                                  const unsigned char *k)
+            __attribute__ ((warn_unused_result)) __attribute__ ((nonnull(1, 4)));
+
+/* ------------------------------------------------------------------------- */
+
+typedef struct crypto_auth_hmacsha256_state {
+    crypto_hash_sha256_state ictx;
+    crypto_hash_sha256_state octx;
+} crypto_auth_hmacsha256_state;
+
+SODIUM_EXPORT
+size_t crypto_auth_hmacsha256_statebytes(void);
+
+SODIUM_EXPORT
+int crypto_auth_hmacsha256_init(crypto_auth_hmacsha256_state *state,
+                                const unsigned char *key,
+                                size_t keylen) __attribute__ ((nonnull));
+
+SODIUM_EXPORT
+int crypto_auth_hmacsha256_update(crypto_auth_hmacsha256_state *state,
+                                  const unsigned char *in,
+                                  unsigned long long inlen)
+            __attribute__ ((nonnull(1)));
+
+SODIUM_EXPORT
+int crypto_auth_hmacsha256_final(crypto_auth_hmacsha256_state *state,
+                                 unsigned char *out) __attribute__ ((nonnull));
+
+
+SODIUM_EXPORT
+void crypto_auth_hmacsha256_keygen(unsigned char k[crypto_auth_hmacsha256_KEYBYTES])
+            __attribute__ ((nonnull));
+
+#ifdef __cplusplus
+}
+#endif
+
+#endif
diff --git a/client/3rd/ShadowSocks/ShadowSocks/libsodium/lib/Clibsodium.xcframework/ios-arm64/Headers/sodium/crypto_auth_hmacsha512.h b/client/3rd/ShadowSocks/ShadowSocks/libsodium/lib/Clibsodium.xcframework/ios-arm64/Headers/sodium/crypto_auth_hmacsha512.h
new file mode 100644
index 00000000..d992cb81
--- /dev/null
+++ b/client/3rd/ShadowSocks/ShadowSocks/libsodium/lib/Clibsodium.xcframework/ios-arm64/Headers/sodium/crypto_auth_hmacsha512.h
@@ -0,0 +1,68 @@
+#ifndef crypto_auth_hmacsha512_H
+#define crypto_auth_hmacsha512_H
+
+#include <stddef.h>
+#include "crypto_hash_sha512.h"
+#include "export.h"
+
+#ifdef __cplusplus
+# ifdef __GNUC__
+#  pragma GCC diagnostic ignored "-Wlong-long"
+# endif
+extern "C" {
+#endif
+
+#define crypto_auth_hmacsha512_BYTES 64U
+SODIUM_EXPORT
+size_t crypto_auth_hmacsha512_bytes(void);
+
+#define crypto_auth_hmacsha512_KEYBYTES 32U
+SODIUM_EXPORT
+size_t crypto_auth_hmacsha512_keybytes(void);
+
+SODIUM_EXPORT
+int crypto_auth_hmacsha512(unsigned char *out,
+                           const unsigned char *in,
+                           unsigned long long inlen,
+                           const unsigned char *k) __attribute__ ((nonnull(1, 4)));
+
+SODIUM_EXPORT
+int crypto_auth_hmacsha512_verify(const unsigned char *h,
+                                  const unsigned char *in,
+                                  unsigned long long inlen,
+                                  const unsigned char *k)
+            __attribute__ ((warn_unused_result)) __attribute__ ((nonnull(1, 4)));
+
+/* ------------------------------------------------------------------------- */
+
+typedef struct crypto_auth_hmacsha512_state {
+    crypto_hash_sha512_state ictx;
+    crypto_hash_sha512_state octx;
+} crypto_auth_hmacsha512_state;
+
+SODIUM_EXPORT
+size_t crypto_auth_hmacsha512_statebytes(void);
+
+SODIUM_EXPORT
+int crypto_auth_hmacsha512_init(crypto_auth_hmacsha512_state *state,
+                                const unsigned char *key,
+                                size_t keylen) __attribute__ ((nonnull));
+
+SODIUM_EXPORT
+int crypto_auth_hmacsha512_update(crypto_auth_hmacsha512_state *state,
+                                  const unsigned char *in,
+                                  unsigned long long inlen) __attribute__ ((nonnull(1)));
+
+SODIUM_EXPORT
+int crypto_auth_hmacsha512_final(crypto_auth_hmacsha512_state *state,
+                                 unsigned char *out) __attribute__ ((nonnull));
+
+SODIUM_EXPORT
+void crypto_auth_hmacsha512_keygen(unsigned char k[crypto_auth_hmacsha512_KEYBYTES])
+            __attribute__ ((nonnull));
+
+#ifdef __cplusplus
+}
+#endif
+
+#endif
diff --git a/client/3rd/ShadowSocks/ShadowSocks/libsodium/lib/Clibsodium.xcframework/ios-arm64/Headers/sodium/crypto_auth_hmacsha512256.h b/client/3rd/ShadowSocks/ShadowSocks/libsodium/lib/Clibsodium.xcframework/ios-arm64/Headers/sodium/crypto_auth_hmacsha512256.h
new file mode 100644
index 00000000..3fb52638
--- /dev/null
+++ b/client/3rd/ShadowSocks/ShadowSocks/libsodium/lib/Clibsodium.xcframework/ios-arm64/Headers/sodium/crypto_auth_hmacsha512256.h
@@ -0,0 +1,65 @@
+#ifndef crypto_auth_hmacsha512256_H
+#define crypto_auth_hmacsha512256_H
+
+#include <stddef.h>
+#include "crypto_auth_hmacsha512.h"
+#include "export.h"
+
+#ifdef __cplusplus
+# ifdef __GNUC__
+#  pragma GCC diagnostic ignored "-Wlong-long"
+# endif
+extern "C" {
+#endif
+
+#define crypto_auth_hmacsha512256_BYTES 32U
+SODIUM_EXPORT
+size_t crypto_auth_hmacsha512256_bytes(void);
+
+#define crypto_auth_hmacsha512256_KEYBYTES 32U
+SODIUM_EXPORT
+size_t crypto_auth_hmacsha512256_keybytes(void);
+
+SODIUM_EXPORT
+int crypto_auth_hmacsha512256(unsigned char *out,
+                              const unsigned char *in,
+                              unsigned long long inlen,
+                              const unsigned char *k) __attribute__ ((nonnull(1, 4)));
+
+SODIUM_EXPORT
+int crypto_auth_hmacsha512256_verify(const unsigned char *h,
+                                     const unsigned char *in,
+                                     unsigned long long inlen,
+                                     const unsigned char *k)
+            __attribute__ ((warn_unused_result)) __attribute__ ((nonnull(1, 4)));
+
+/* ------------------------------------------------------------------------- */
+
+typedef crypto_auth_hmacsha512_state crypto_auth_hmacsha512256_state;
+
+SODIUM_EXPORT
+size_t crypto_auth_hmacsha512256_statebytes(void);
+
+SODIUM_EXPORT
+int crypto_auth_hmacsha512256_init(crypto_auth_hmacsha512256_state *state,
+                                   const unsigned char *key,
+                                   size_t keylen) __attribute__ ((nonnull));
+
+SODIUM_EXPORT
+int crypto_auth_hmacsha512256_update(crypto_auth_hmacsha512256_state *state,
+                                     const unsigned char *in,
+                                     unsigned long long inlen) __attribute__ ((nonnull(1)));
+
+SODIUM_EXPORT
+int crypto_auth_hmacsha512256_final(crypto_auth_hmacsha512256_state *state,
+                                    unsigned char *out) __attribute__ ((nonnull));
+
+SODIUM_EXPORT
+void crypto_auth_hmacsha512256_keygen(unsigned char k[crypto_auth_hmacsha512256_KEYBYTES])
+            __attribute__ ((nonnull));
+
+#ifdef __cplusplus
+}
+#endif
+
+#endif
diff --git a/client/3rd/ShadowSocks/ShadowSocks/libsodium/lib/Clibsodium.xcframework/ios-arm64/Headers/sodium/crypto_box.h b/client/3rd/ShadowSocks/ShadowSocks/libsodium/lib/Clibsodium.xcframework/ios-arm64/Headers/sodium/crypto_box.h
new file mode 100644
index 00000000..0008e020
--- /dev/null
+++ b/client/3rd/ShadowSocks/ShadowSocks/libsodium/lib/Clibsodium.xcframework/ios-arm64/Headers/sodium/crypto_box.h
@@ -0,0 +1,177 @@
+#ifndef crypto_box_H
+#define crypto_box_H
+
+/*
+ * THREAD SAFETY: crypto_box_keypair() is thread-safe,
+ * provided that sodium_init() was called before.
+ *
+ * Other functions are always thread-safe.
+ */
+
+#include <stddef.h>
+
+#include "crypto_box_curve25519xsalsa20poly1305.h"
+#include "export.h"
+
+#ifdef __cplusplus
+# ifdef __GNUC__
+#  pragma GCC diagnostic ignored "-Wlong-long"
+# endif
+extern "C" {
+#endif
+
+#define crypto_box_SEEDBYTES crypto_box_curve25519xsalsa20poly1305_SEEDBYTES
+SODIUM_EXPORT
+size_t  crypto_box_seedbytes(void);
+
+#define crypto_box_PUBLICKEYBYTES crypto_box_curve25519xsalsa20poly1305_PUBLICKEYBYTES
+SODIUM_EXPORT
+size_t  crypto_box_publickeybytes(void);
+
+#define crypto_box_SECRETKEYBYTES crypto_box_curve25519xsalsa20poly1305_SECRETKEYBYTES
+SODIUM_EXPORT
+size_t  crypto_box_secretkeybytes(void);
+
+#define crypto_box_NONCEBYTES crypto_box_curve25519xsalsa20poly1305_NONCEBYTES
+SODIUM_EXPORT
+size_t  crypto_box_noncebytes(void);
+
+#define crypto_box_MACBYTES crypto_box_curve25519xsalsa20poly1305_MACBYTES
+SODIUM_EXPORT
+size_t  crypto_box_macbytes(void);
+
+#define crypto_box_MESSAGEBYTES_MAX crypto_box_curve25519xsalsa20poly1305_MESSAGEBYTES_MAX
+SODIUM_EXPORT
+size_t  crypto_box_messagebytes_max(void);
+
+#define crypto_box_PRIMITIVE "curve25519xsalsa20poly1305"
+SODIUM_EXPORT
+const char *crypto_box_primitive(void);
+
+SODIUM_EXPORT
+int crypto_box_seed_keypair(unsigned char *pk, unsigned char *sk,
+                            const unsigned char *seed)
+            __attribute__ ((nonnull));
+
+SODIUM_EXPORT
+int crypto_box_keypair(unsigned char *pk, unsigned char *sk)
+            __attribute__ ((nonnull));
+
+SODIUM_EXPORT
+int crypto_box_easy(unsigned char *c, const unsigned char *m,
+                    unsigned long long mlen, const unsigned char *n,
+                    const unsigned char *pk, const unsigned char *sk)
+            __attribute__ ((warn_unused_result)) __attribute__ ((nonnull(1, 4, 5, 6)));
+
+SODIUM_EXPORT
+int crypto_box_open_easy(unsigned char *m, const unsigned char *c,
+                         unsigned long long clen, const unsigned char *n,
+                         const unsigned char *pk, const unsigned char *sk)
+            __attribute__ ((warn_unused_result)) __attribute__ ((nonnull(2, 4, 5, 6)));
+
+SODIUM_EXPORT
+int crypto_box_detached(unsigned char *c, unsigned char *mac,
+                        const unsigned char *m, unsigned long long mlen,
+                        const unsigned char *n, const unsigned char *pk,
+                        const unsigned char *sk)
+            __attribute__ ((warn_unused_result)) __attribute__ ((nonnull(1, 2, 5, 6, 7)));
+
+SODIUM_EXPORT
+int crypto_box_open_detached(unsigned char *m, const unsigned char *c,
+                             const unsigned char *mac,
+                             unsigned long long clen,
+                             const unsigned char *n,
+                             const unsigned char *pk,
+                             const unsigned char *sk)
+            __attribute__ ((warn_unused_result)) __attribute__ ((nonnull(2, 3, 5, 6, 7)));
+
+/* -- Precomputation interface -- */
+
+#define crypto_box_BEFORENMBYTES crypto_box_curve25519xsalsa20poly1305_BEFORENMBYTES
+SODIUM_EXPORT
+size_t  crypto_box_beforenmbytes(void);
+
+SODIUM_EXPORT
+int crypto_box_beforenm(unsigned char *k, const unsigned char *pk,
+                        const unsigned char *sk)
+            __attribute__ ((warn_unused_result)) __attribute__ ((nonnull));
+
+SODIUM_EXPORT
+int crypto_box_easy_afternm(unsigned char *c, const unsigned char *m,
+                            unsigned long long mlen, const unsigned char *n,
+                            const unsigned char *k) __attribute__ ((nonnull(1, 4, 5)));
+
+SODIUM_EXPORT
+int crypto_box_open_easy_afternm(unsigned char *m, const unsigned char *c,
+                                 unsigned long long clen, const unsigned char *n,
+                                 const unsigned char *k)
+            __attribute__ ((warn_unused_result)) __attribute__ ((nonnull(2, 4, 5)));
+
+SODIUM_EXPORT
+int crypto_box_detached_afternm(unsigned char *c, unsigned char *mac,
+                                const unsigned char *m, unsigned long long mlen,
+                                const unsigned char *n, const unsigned char *k)
+            __attribute__ ((nonnull(1, 2, 5, 6)));
+
+SODIUM_EXPORT
+int crypto_box_open_detached_afternm(unsigned char *m, const unsigned char *c,
+                                     const unsigned char *mac,
+                                     unsigned long long clen, const unsigned char *n,
+                                     const unsigned char *k)
+            __attribute__ ((warn_unused_result)) __attribute__ ((nonnull(2, 3, 5, 6)));
+
+/* -- Ephemeral SK interface -- */
+
+#define crypto_box_SEALBYTES (crypto_box_PUBLICKEYBYTES + crypto_box_MACBYTES)
+SODIUM_EXPORT
+size_t crypto_box_sealbytes(void);
+
+SODIUM_EXPORT
+int crypto_box_seal(unsigned char *c, const unsigned char *m,
+                    unsigned long long mlen, const unsigned char *pk)
+            __attribute__ ((nonnull(1, 4)));
+
+SODIUM_EXPORT
+int crypto_box_seal_open(unsigned char *m, const unsigned char *c,
+                         unsigned long long clen,
+                         const unsigned char *pk, const unsigned char *sk)
+            __attribute__ ((warn_unused_result)) __attribute__ ((nonnull(2, 4, 5)));
+
+/* -- NaCl compatibility interface ; Requires padding -- */
+
+#define crypto_box_ZEROBYTES crypto_box_curve25519xsalsa20poly1305_ZEROBYTES
+SODIUM_EXPORT
+size_t  crypto_box_zerobytes(void) __attribute__ ((deprecated));
+
+#define crypto_box_BOXZEROBYTES crypto_box_curve25519xsalsa20poly1305_BOXZEROBYTES
+SODIUM_EXPORT
+size_t  crypto_box_boxzerobytes(void) __attribute__ ((deprecated));
+
+SODIUM_EXPORT
+int crypto_box(unsigned char *c, const unsigned char *m,
+               unsigned long long mlen, const unsigned char *n,
+               const unsigned char *pk, const unsigned char *sk)
+            __attribute__ ((deprecated)) __attribute__ ((warn_unused_result)) __attribute__ ((nonnull(1, 4, 5, 6)));
+
+SODIUM_EXPORT
+int crypto_box_open(unsigned char *m, const unsigned char *c,
+                    unsigned long long clen, const unsigned char *n,
+                    const unsigned char *pk, const unsigned char *sk)
+            __attribute__ ((deprecated)) __attribute__ ((warn_unused_result)) __attribute__ ((nonnull(2, 4, 5, 6)));
+
+SODIUM_EXPORT
+int crypto_box_afternm(unsigned char *c, const unsigned char *m,
+                       unsigned long long mlen, const unsigned char *n,
+                       const unsigned char *k) __attribute__ ((deprecated)) __attribute__ ((nonnull(1, 4, 5)));
+
+SODIUM_EXPORT
+int crypto_box_open_afternm(unsigned char *m, const unsigned char *c,
+                            unsigned long long clen, const unsigned char *n,
+                            const unsigned char *k)
+            __attribute__ ((warn_unused_result)) __attribute__ ((deprecated)) __attribute__ ((nonnull(2, 4, 5)));
+
+#ifdef __cplusplus
+}
+#endif
+
+#endif
diff --git a/client/3rd/ShadowSocks/ShadowSocks/libsodium/lib/Clibsodium.xcframework/ios-arm64/Headers/sodium/crypto_box_curve25519xchacha20poly1305.h b/client/3rd/ShadowSocks/ShadowSocks/libsodium/lib/Clibsodium.xcframework/ios-arm64/Headers/sodium/crypto_box_curve25519xchacha20poly1305.h
new file mode 100644
index 00000000..26a3d31e
--- /dev/null
+++ b/client/3rd/ShadowSocks/ShadowSocks/libsodium/lib/Clibsodium.xcframework/ios-arm64/Headers/sodium/crypto_box_curve25519xchacha20poly1305.h
@@ -0,0 +1,164 @@
+
+#ifndef crypto_box_curve25519xchacha20poly1305_H
+#define crypto_box_curve25519xchacha20poly1305_H
+
+#include <stddef.h>
+#include "crypto_stream_xchacha20.h"
+#include "export.h"
+
+#ifdef __cplusplus
+# ifdef __GNUC__
+#  pragma GCC diagnostic ignored "-Wlong-long"
+# endif
+extern "C" {
+#endif
+
+#define crypto_box_curve25519xchacha20poly1305_SEEDBYTES 32U
+SODIUM_EXPORT
+size_t crypto_box_curve25519xchacha20poly1305_seedbytes(void);
+
+#define crypto_box_curve25519xchacha20poly1305_PUBLICKEYBYTES 32U
+SODIUM_EXPORT
+size_t crypto_box_curve25519xchacha20poly1305_publickeybytes(void);
+
+#define crypto_box_curve25519xchacha20poly1305_SECRETKEYBYTES 32U
+SODIUM_EXPORT
+size_t crypto_box_curve25519xchacha20poly1305_secretkeybytes(void);
+
+#define crypto_box_curve25519xchacha20poly1305_BEFORENMBYTES 32U
+SODIUM_EXPORT
+size_t crypto_box_curve25519xchacha20poly1305_beforenmbytes(void);
+
+#define crypto_box_curve25519xchacha20poly1305_NONCEBYTES 24U
+SODIUM_EXPORT
+size_t crypto_box_curve25519xchacha20poly1305_noncebytes(void);
+
+#define crypto_box_curve25519xchacha20poly1305_MACBYTES 16U
+SODIUM_EXPORT
+size_t crypto_box_curve25519xchacha20poly1305_macbytes(void);
+
+#define crypto_box_curve25519xchacha20poly1305_MESSAGEBYTES_MAX \
+    (crypto_stream_xchacha20_MESSAGEBYTES_MAX - crypto_box_curve25519xchacha20poly1305_MACBYTES)
+SODIUM_EXPORT
+size_t crypto_box_curve25519xchacha20poly1305_messagebytes_max(void);
+
+SODIUM_EXPORT
+int crypto_box_curve25519xchacha20poly1305_seed_keypair(unsigned char *pk,
+                                                        unsigned char *sk,
+                                                        const unsigned char *seed)
+            __attribute__ ((nonnull));
+
+SODIUM_EXPORT
+int crypto_box_curve25519xchacha20poly1305_keypair(unsigned char *pk,
+                                                   unsigned char *sk)
+            __attribute__ ((nonnull));
+
+SODIUM_EXPORT
+int crypto_box_curve25519xchacha20poly1305_easy(unsigned char *c,
+                                                const unsigned char *m,
+                                                unsigned long long mlen,
+                                                const unsigned char *n,
+                                                const unsigned char *pk,
+                                                const unsigned char *sk)
+            __attribute__ ((warn_unused_result)) __attribute__ ((nonnull(1, 4, 5, 6)));
+
+SODIUM_EXPORT
+int crypto_box_curve25519xchacha20poly1305_open_easy(unsigned char *m,
+                                                     const unsigned char *c,
+                                                     unsigned long long clen,
+                                                     const unsigned char *n,
+                                                     const unsigned char *pk,
+                                                     const unsigned char *sk)
+            __attribute__ ((warn_unused_result)) __attribute__ ((nonnull(2, 4, 5, 6)));
+
+SODIUM_EXPORT
+int crypto_box_curve25519xchacha20poly1305_detached(unsigned char *c,
+                                                    unsigned char *mac,
+                                                    const unsigned char *m,
+                                                    unsigned long long mlen,
+                                                    const unsigned char *n,
+                                                    const unsigned char *pk,
+                                                    const unsigned char *sk)
+            __attribute__ ((warn_unused_result)) __attribute__ ((nonnull(1, 2, 5, 6, 7)));
+
+SODIUM_EXPORT
+int crypto_box_curve25519xchacha20poly1305_open_detached(unsigned char *m,
+                                                         const unsigned char *c,
+                                                         const unsigned char *mac,
+                                                         unsigned long long clen,
+                                                         const unsigned char *n,
+                                                         const unsigned char *pk,
+                                                         const unsigned char *sk)
+            __attribute__ ((warn_unused_result)) __attribute__ ((nonnull(2, 3, 5, 6, 7)));
+
+/* -- Precomputation interface -- */
+
+SODIUM_EXPORT
+int crypto_box_curve25519xchacha20poly1305_beforenm(unsigned char *k,
+                                                    const unsigned char *pk,
+                                                    const unsigned char *sk)
+            __attribute__ ((warn_unused_result)) __attribute__ ((nonnull));
+
+SODIUM_EXPORT
+int crypto_box_curve25519xchacha20poly1305_easy_afternm(unsigned char *c,
+                                                        const unsigned char *m,
+                                                        unsigned long long mlen,
+                                                        const unsigned char *n,
+                                                        const unsigned char *k)
+            __attribute__ ((nonnull(1, 4, 5)));
+
+SODIUM_EXPORT
+int crypto_box_curve25519xchacha20poly1305_open_easy_afternm(unsigned char *m,
+                                                             const unsigned char *c,
+                                                             unsigned long long clen,
+                                                             const unsigned char *n,
+                                                             const unsigned char *k)
+            __attribute__ ((warn_unused_result)) __attribute__ ((nonnull(2, 4, 5)));
+
+SODIUM_EXPORT
+int crypto_box_curve25519xchacha20poly1305_detached_afternm(unsigned char *c,
+                                                            unsigned char *mac,
+                                                            const unsigned char *m,
+                                                            unsigned long long mlen,
+                                                            const unsigned char *n,
+                                                            const unsigned char *k)
+            __attribute__ ((nonnull(1, 2, 5, 6)));
+
+SODIUM_EXPORT
+int crypto_box_curve25519xchacha20poly1305_open_detached_afternm(unsigned char *m,
+                                                                 const unsigned char *c,
+                                                                 const unsigned char *mac,
+                                                                 unsigned long long clen,
+                                                                 const unsigned char *n,
+                                                                 const unsigned char *k)
+            __attribute__ ((warn_unused_result)) __attribute__ ((nonnull(2, 3, 5, 6)));
+
+/* -- Ephemeral SK interface -- */
+
+#define crypto_box_curve25519xchacha20poly1305_SEALBYTES \
+    (crypto_box_curve25519xchacha20poly1305_PUBLICKEYBYTES + \
+     crypto_box_curve25519xchacha20poly1305_MACBYTES)
+
+SODIUM_EXPORT
+size_t crypto_box_curve25519xchacha20poly1305_sealbytes(void);
+
+SODIUM_EXPORT
+int crypto_box_curve25519xchacha20poly1305_seal(unsigned char *c,
+                                                const unsigned char *m,
+                                                unsigned long long mlen,
+                                                const unsigned char *pk)
+            __attribute__ ((nonnull(1, 4)));
+
+SODIUM_EXPORT
+int crypto_box_curve25519xchacha20poly1305_seal_open(unsigned char *m,
+                                                     const unsigned char *c,
+                                                     unsigned long long clen,
+                                                     const unsigned char *pk,
+                                                     const unsigned char *sk)
+            __attribute__ ((warn_unused_result)) __attribute__ ((nonnull(2, 4, 5)));
+
+#ifdef __cplusplus
+}
+#endif
+
+#endif
diff --git a/client/3rd/ShadowSocks/ShadowSocks/libsodium/lib/Clibsodium.xcframework/ios-arm64/Headers/sodium/crypto_box_curve25519xsalsa20poly1305.h b/client/3rd/ShadowSocks/ShadowSocks/libsodium/lib/Clibsodium.xcframework/ios-arm64/Headers/sodium/crypto_box_curve25519xsalsa20poly1305.h
new file mode 100644
index 00000000..2c9b5d6e
--- /dev/null
+++ b/client/3rd/ShadowSocks/ShadowSocks/libsodium/lib/Clibsodium.xcframework/ios-arm64/Headers/sodium/crypto_box_curve25519xsalsa20poly1305.h
@@ -0,0 +1,113 @@
+#ifndef crypto_box_curve25519xsalsa20poly1305_H
+#define crypto_box_curve25519xsalsa20poly1305_H
+
+#include <stddef.h>
+#include "crypto_stream_xsalsa20.h"
+#include "export.h"
+
+#ifdef __cplusplus
+# ifdef __GNUC__
+#  pragma GCC diagnostic ignored "-Wlong-long"
+# endif
+extern "C" {
+#endif
+
+#define crypto_box_curve25519xsalsa20poly1305_SEEDBYTES 32U
+SODIUM_EXPORT
+size_t crypto_box_curve25519xsalsa20poly1305_seedbytes(void);
+
+#define crypto_box_curve25519xsalsa20poly1305_PUBLICKEYBYTES 32U
+SODIUM_EXPORT
+size_t crypto_box_curve25519xsalsa20poly1305_publickeybytes(void);
+
+#define crypto_box_curve25519xsalsa20poly1305_SECRETKEYBYTES 32U
+SODIUM_EXPORT
+size_t crypto_box_curve25519xsalsa20poly1305_secretkeybytes(void);
+
+#define crypto_box_curve25519xsalsa20poly1305_BEFORENMBYTES 32U
+SODIUM_EXPORT
+size_t crypto_box_curve25519xsalsa20poly1305_beforenmbytes(void);
+
+#define crypto_box_curve25519xsalsa20poly1305_NONCEBYTES 24U
+SODIUM_EXPORT
+size_t crypto_box_curve25519xsalsa20poly1305_noncebytes(void);
+
+#define crypto_box_curve25519xsalsa20poly1305_MACBYTES 16U
+SODIUM_EXPORT
+size_t crypto_box_curve25519xsalsa20poly1305_macbytes(void);
+
+/* Only for the libsodium API - The NaCl compatibility API would require BOXZEROBYTES extra bytes */
+#define crypto_box_curve25519xsalsa20poly1305_MESSAGEBYTES_MAX \
+    (crypto_stream_xsalsa20_MESSAGEBYTES_MAX - crypto_box_curve25519xsalsa20poly1305_MACBYTES)
+SODIUM_EXPORT
+size_t crypto_box_curve25519xsalsa20poly1305_messagebytes_max(void);
+
+SODIUM_EXPORT
+int crypto_box_curve25519xsalsa20poly1305_seed_keypair(unsigned char *pk,
+                                                       unsigned char *sk,
+                                                       const unsigned char *seed)
+            __attribute__ ((nonnull));
+
+SODIUM_EXPORT
+int crypto_box_curve25519xsalsa20poly1305_keypair(unsigned char *pk,
+                                                  unsigned char *sk)
+            __attribute__ ((nonnull));
+
+SODIUM_EXPORT
+int crypto_box_curve25519xsalsa20poly1305_beforenm(unsigned char *k,
+                                                   const unsigned char *pk,
+                                                   const unsigned char *sk)
+            __attribute__ ((warn_unused_result)) __attribute__ ((nonnull));
+
+/* -- NaCl compatibility interface ; Requires padding -- */
+
+#define crypto_box_curve25519xsalsa20poly1305_BOXZEROBYTES 16U
+SODIUM_EXPORT
+size_t crypto_box_curve25519xsalsa20poly1305_boxzerobytes(void);
+
+#define crypto_box_curve25519xsalsa20poly1305_ZEROBYTES \
+    (crypto_box_curve25519xsalsa20poly1305_BOXZEROBYTES + \
+     crypto_box_curve25519xsalsa20poly1305_MACBYTES)
+SODIUM_EXPORT
+size_t crypto_box_curve25519xsalsa20poly1305_zerobytes(void)
+            __attribute__ ((deprecated));
+
+SODIUM_EXPORT
+int crypto_box_curve25519xsalsa20poly1305(unsigned char *c,
+                                          const unsigned char *m,
+                                          unsigned long long mlen,
+                                          const unsigned char *n,
+                                          const unsigned char *pk,
+                                          const unsigned char *sk)
+            __attribute__ ((deprecated)) __attribute__ ((warn_unused_result)) __attribute__ ((nonnull(1, 4, 5, 6)));
+
+SODIUM_EXPORT
+int crypto_box_curve25519xsalsa20poly1305_open(unsigned char *m,
+                                               const unsigned char *c,
+                                               unsigned long long clen,
+                                               const unsigned char *n,
+                                               const unsigned char *pk,
+                                               const unsigned char *sk)
+            __attribute__ ((deprecated)) __attribute__ ((warn_unused_result)) __attribute__ ((nonnull(2, 4, 5, 6)));
+
+SODIUM_EXPORT
+int crypto_box_curve25519xsalsa20poly1305_afternm(unsigned char *c,
+                                                  const unsigned char *m,
+                                                  unsigned long long mlen,
+                                                  const unsigned char *n,
+                                                  const unsigned char *k)
+            __attribute__ ((deprecated)) __attribute__ ((nonnull(1, 4, 5)));
+
+SODIUM_EXPORT
+int crypto_box_curve25519xsalsa20poly1305_open_afternm(unsigned char *m,
+                                                       const unsigned char *c,
+                                                       unsigned long long clen,
+                                                       const unsigned char *n,
+                                                       const unsigned char *k)
+            __attribute__ ((deprecated)) __attribute__ ((warn_unused_result)) __attribute__ ((nonnull(2, 4, 5)));
+
+#ifdef __cplusplus
+}
+#endif
+
+#endif
diff --git a/client/3rd/ShadowSocks/ShadowSocks/libsodium/lib/Clibsodium.xcframework/ios-arm64/Headers/sodium/crypto_core_ed25519.h b/client/3rd/ShadowSocks/ShadowSocks/libsodium/lib/Clibsodium.xcframework/ios-arm64/Headers/sodium/crypto_core_ed25519.h
new file mode 100644
index 00000000..618a44f9
--- /dev/null
+++ b/client/3rd/ShadowSocks/ShadowSocks/libsodium/lib/Clibsodium.xcframework/ios-arm64/Headers/sodium/crypto_core_ed25519.h
@@ -0,0 +1,115 @@
+#ifndef crypto_core_ed25519_H
+#define crypto_core_ed25519_H
+
+#include <stddef.h>
+#include "export.h"
+
+#ifdef __cplusplus
+extern "C" {
+#endif
+
+#define crypto_core_ed25519_BYTES 32
+SODIUM_EXPORT
+size_t crypto_core_ed25519_bytes(void);
+
+#define crypto_core_ed25519_UNIFORMBYTES 32
+SODIUM_EXPORT
+size_t crypto_core_ed25519_uniformbytes(void);
+
+#define crypto_core_ed25519_HASHBYTES 64
+SODIUM_EXPORT
+size_t crypto_core_ed25519_hashbytes(void);
+
+#define crypto_core_ed25519_SCALARBYTES 32
+SODIUM_EXPORT
+size_t crypto_core_ed25519_scalarbytes(void);
+
+#define crypto_core_ed25519_NONREDUCEDSCALARBYTES 64
+SODIUM_EXPORT
+size_t crypto_core_ed25519_nonreducedscalarbytes(void);
+
+#define crypto_core_ed25519_H2CSHA256 1
+#define crypto_core_ed25519_H2CSHA512 2
+
+SODIUM_EXPORT
+int crypto_core_ed25519_is_valid_point(const unsigned char *p)
+            __attribute__ ((nonnull));
+
+SODIUM_EXPORT
+int crypto_core_ed25519_add(unsigned char *r,
+                            const unsigned char *p, const unsigned char *q)
+            __attribute__ ((nonnull));
+
+SODIUM_EXPORT
+int crypto_core_ed25519_sub(unsigned char *r,
+                            const unsigned char *p, const unsigned char *q)
+            __attribute__ ((nonnull));
+
+SODIUM_EXPORT
+int crypto_core_ed25519_from_uniform(unsigned char *p, const unsigned char *r)
+            __attribute__ ((nonnull));
+
+SODIUM_EXPORT
+int crypto_core_ed25519_from_string(unsigned char p[crypto_core_ed25519_BYTES],
+                                    const char *ctx, const unsigned char *msg,
+                                    size_t msg_len, int hash_alg)
+            __attribute__ ((nonnull(1)));
+
+SODIUM_EXPORT
+int crypto_core_ed25519_from_string_ro(unsigned char p[crypto_core_ed25519_BYTES],
+                                       const char *ctx, const unsigned char *msg,
+                                       size_t msg_len, int hash_alg)
+            __attribute__ ((nonnull(1)));
+
+SODIUM_EXPORT
+void crypto_core_ed25519_random(unsigned char *p)
+            __attribute__ ((nonnull));
+
+SODIUM_EXPORT
+void crypto_core_ed25519_scalar_random(unsigned char *r)
+            __attribute__ ((nonnull));
+
+SODIUM_EXPORT
+int crypto_core_ed25519_scalar_invert(unsigned char *recip, const unsigned char *s)
+            __attribute__ ((nonnull));
+
+SODIUM_EXPORT
+void crypto_core_ed25519_scalar_negate(unsigned char *neg, const unsigned char *s)
+            __attribute__ ((nonnull));
+
+SODIUM_EXPORT
+void crypto_core_ed25519_scalar_complement(unsigned char *comp, const unsigned char *s)
+            __attribute__ ((nonnull));
+
+SODIUM_EXPORT
+void crypto_core_ed25519_scalar_add(unsigned char *z, const unsigned char *x,
+                                    const unsigned char *y)
+            __attribute__ ((nonnull));
+
+SODIUM_EXPORT
+void crypto_core_ed25519_scalar_sub(unsigned char *z, const unsigned char *x,
+                                    const unsigned char *y)
+            __attribute__ ((nonnull));
+
+SODIUM_EXPORT
+void crypto_core_ed25519_scalar_mul(unsigned char *z, const unsigned char *x,
+                                    const unsigned char *y)
+            __attribute__ ((nonnull));
+
+/*
+ * The interval `s` is sampled from should be at least 317 bits to ensure almost
+ * uniformity of `r` over `L`.
+ */
+SODIUM_EXPORT
+void crypto_core_ed25519_scalar_reduce(unsigned char *r, const unsigned char *s)
+            __attribute__ ((nonnull));
+
+SODIUM_EXPORT
+int crypto_core_ed25519_scalar_is_canonical(const unsigned char *s)
+            __attribute__ ((nonnull));
+
+#ifdef __cplusplus
+}
+#endif
+
+#endif
diff --git a/client/3rd/ShadowSocks/ShadowSocks/libsodium/lib/Clibsodium.xcframework/ios-arm64/Headers/sodium/crypto_core_hchacha20.h b/client/3rd/ShadowSocks/ShadowSocks/libsodium/lib/Clibsodium.xcframework/ios-arm64/Headers/sodium/crypto_core_hchacha20.h
new file mode 100644
index 00000000..ece141b0
--- /dev/null
+++ b/client/3rd/ShadowSocks/ShadowSocks/libsodium/lib/Clibsodium.xcframework/ios-arm64/Headers/sodium/crypto_core_hchacha20.h
@@ -0,0 +1,36 @@
+#ifndef crypto_core_hchacha20_H
+#define crypto_core_hchacha20_H
+
+#include <stddef.h>
+#include "export.h"
+
+#ifdef __cplusplus
+extern "C" {
+#endif
+
+#define crypto_core_hchacha20_OUTPUTBYTES 32U
+SODIUM_EXPORT
+size_t crypto_core_hchacha20_outputbytes(void);
+
+#define crypto_core_hchacha20_INPUTBYTES 16U
+SODIUM_EXPORT
+size_t crypto_core_hchacha20_inputbytes(void);
+
+#define crypto_core_hchacha20_KEYBYTES 32U
+SODIUM_EXPORT
+size_t crypto_core_hchacha20_keybytes(void);
+
+#define crypto_core_hchacha20_CONSTBYTES 16U
+SODIUM_EXPORT
+size_t crypto_core_hchacha20_constbytes(void);
+
+SODIUM_EXPORT
+int crypto_core_hchacha20(unsigned char *out, const unsigned char *in,
+                          const unsigned char *k, const unsigned char *c)
+            __attribute__ ((nonnull(1, 2, 3)));
+
+#ifdef __cplusplus
+}
+#endif
+
+#endif
diff --git a/client/3rd/ShadowSocks/ShadowSocks/libsodium/lib/Clibsodium.xcframework/ios-arm64/Headers/sodium/crypto_core_hsalsa20.h b/client/3rd/ShadowSocks/ShadowSocks/libsodium/lib/Clibsodium.xcframework/ios-arm64/Headers/sodium/crypto_core_hsalsa20.h
new file mode 100644
index 00000000..4bf7a487
--- /dev/null
+++ b/client/3rd/ShadowSocks/ShadowSocks/libsodium/lib/Clibsodium.xcframework/ios-arm64/Headers/sodium/crypto_core_hsalsa20.h
@@ -0,0 +1,36 @@
+#ifndef crypto_core_hsalsa20_H
+#define crypto_core_hsalsa20_H
+
+#include <stddef.h>
+#include "export.h"
+
+#ifdef __cplusplus
+extern "C" {
+#endif
+
+#define crypto_core_hsalsa20_OUTPUTBYTES 32U
+SODIUM_EXPORT
+size_t crypto_core_hsalsa20_outputbytes(void);
+
+#define crypto_core_hsalsa20_INPUTBYTES 16U
+SODIUM_EXPORT
+size_t crypto_core_hsalsa20_inputbytes(void);
+
+#define crypto_core_hsalsa20_KEYBYTES 32U
+SODIUM_EXPORT
+size_t crypto_core_hsalsa20_keybytes(void);
+
+#define crypto_core_hsalsa20_CONSTBYTES 16U
+SODIUM_EXPORT
+size_t crypto_core_hsalsa20_constbytes(void);
+
+SODIUM_EXPORT
+int crypto_core_hsalsa20(unsigned char *out, const unsigned char *in,
+                         const unsigned char *k, const unsigned char *c)
+            __attribute__ ((nonnull(1, 2, 3)));
+
+#ifdef __cplusplus
+}
+#endif
+
+#endif
diff --git a/client/3rd/ShadowSocks/ShadowSocks/libsodium/lib/Clibsodium.xcframework/ios-arm64/Headers/sodium/crypto_core_ristretto255.h b/client/3rd/ShadowSocks/ShadowSocks/libsodium/lib/Clibsodium.xcframework/ios-arm64/Headers/sodium/crypto_core_ristretto255.h
new file mode 100644
index 00000000..5fc3a1be
--- /dev/null
+++ b/client/3rd/ShadowSocks/ShadowSocks/libsodium/lib/Clibsodium.xcframework/ios-arm64/Headers/sodium/crypto_core_ristretto255.h
@@ -0,0 +1,121 @@
+#ifndef crypto_core_ristretto255_H
+#define crypto_core_ristretto255_H
+
+#include <stddef.h>
+#include "export.h"
+
+#ifdef __cplusplus
+extern "C" {
+#endif
+
+#define crypto_core_ristretto255_BYTES 32
+SODIUM_EXPORT
+size_t crypto_core_ristretto255_bytes(void);
+
+#define crypto_core_ristretto255_HASHBYTES 64
+SODIUM_EXPORT
+size_t crypto_core_ristretto255_hashbytes(void);
+
+#define crypto_core_ristretto255_SCALARBYTES 32
+SODIUM_EXPORT
+size_t crypto_core_ristretto255_scalarbytes(void);
+
+#define crypto_core_ristretto255_NONREDUCEDSCALARBYTES 64
+SODIUM_EXPORT
+size_t crypto_core_ristretto255_nonreducedscalarbytes(void);
+
+#define crypto_core_ristretto255_H2CSHA256 1
+#define crypto_core_ristretto255_H2CSHA512 2
+
+SODIUM_EXPORT
+int crypto_core_ristretto255_is_valid_point(const unsigned char *p)
+            __attribute__ ((nonnull));
+
+SODIUM_EXPORT
+int crypto_core_ristretto255_add(unsigned char *r,
+                                 const unsigned char *p, const unsigned char *q)
+            __attribute__ ((nonnull));
+
+SODIUM_EXPORT
+int crypto_core_ristretto255_sub(unsigned char *r,
+                                 const unsigned char *p, const unsigned char *q)
+            __attribute__ ((nonnull));
+
+SODIUM_EXPORT
+int crypto_core_ristretto255_from_hash(unsigned char *p,
+                                       const unsigned char *r)
+            __attribute__ ((nonnull));
+
+SODIUM_EXPORT
+int crypto_core_ristretto255_from_string(unsigned char p[crypto_core_ristretto255_BYTES],
+                                         const char *ctx,
+                                         const unsigned char *msg,
+                                         size_t msg_len, int hash_alg)
+            __attribute__ ((nonnull(1)));
+
+SODIUM_EXPORT
+int crypto_core_ristretto255_from_string_ro(unsigned char p[crypto_core_ristretto255_BYTES],
+                                            const char *ctx,
+                                            const unsigned char *msg,
+                                            size_t msg_len, int hash_alg)
+            __attribute__ ((nonnull(1)));
+
+SODIUM_EXPORT
+void crypto_core_ristretto255_random(unsigned char *p)
+            __attribute__ ((nonnull));
+
+SODIUM_EXPORT
+void crypto_core_ristretto255_scalar_random(unsigned char *r)
+            __attribute__ ((nonnull));
+
+SODIUM_EXPORT
+int crypto_core_ristretto255_scalar_invert(unsigned char *recip,
+                                           const unsigned char *s)
+            __attribute__ ((nonnull));
+
+SODIUM_EXPORT
+void crypto_core_ristretto255_scalar_negate(unsigned char *neg,
+                                            const unsigned char *s)
+            __attribute__ ((nonnull));
+
+SODIUM_EXPORT
+void crypto_core_ristretto255_scalar_complement(unsigned char *comp,
+                                                const unsigned char *s)
+            __attribute__ ((nonnull));
+
+SODIUM_EXPORT
+void crypto_core_ristretto255_scalar_add(unsigned char *z,
+                                         const unsigned char *x,
+                                         const unsigned char *y)
+            __attribute__ ((nonnull));
+
+SODIUM_EXPORT
+void crypto_core_ristretto255_scalar_sub(unsigned char *z,
+                                         const unsigned char *x,
+                                         const unsigned char *y)
+            __attribute__ ((nonnull));
+
+SODIUM_EXPORT
+void crypto_core_ristretto255_scalar_mul(unsigned char *z,
+                                         const unsigned char *x,
+                                         const unsigned char *y)
+            __attribute__ ((nonnull));
+
+/*
+ * The interval `s` is sampled from should be at least 317 bits to ensure almost
+ * uniformity of `r` over `L`.
+ */
+SODIUM_EXPORT
+void crypto_core_ristretto255_scalar_reduce(unsigned char *r,
+                                            const unsigned char *s)
+            __attribute__ ((nonnull));
+
+SODIUM_EXPORT
+int crypto_core_ristretto255_scalar_is_canonical(const unsigned char *s)
+            __attribute__ ((nonnull));
+
+#ifdef __cplusplus
+}
+#endif
+
+#endif
diff --git a/client/3rd/ShadowSocks/ShadowSocks/libsodium/lib/Clibsodium.xcframework/ios-arm64/Headers/sodium/crypto_core_salsa20.h b/client/3rd/ShadowSocks/ShadowSocks/libsodium/lib/Clibsodium.xcframework/ios-arm64/Headers/sodium/crypto_core_salsa20.h
new file mode 100644
index 00000000..bd79fd9f
--- /dev/null
+++ b/client/3rd/ShadowSocks/ShadowSocks/libsodium/lib/Clibsodium.xcframework/ios-arm64/Headers/sodium/crypto_core_salsa20.h
@@ -0,0 +1,36 @@
+#ifndef crypto_core_salsa20_H
+#define crypto_core_salsa20_H
+
+#include <stddef.h>
+#include "export.h"
+
+#ifdef __cplusplus
+extern "C" {
+#endif
+
+#define crypto_core_salsa20_OUTPUTBYTES 64U
+SODIUM_EXPORT
+size_t crypto_core_salsa20_outputbytes(void);
+
+#define crypto_core_salsa20_INPUTBYTES 16U
+SODIUM_EXPORT
+size_t crypto_core_salsa20_inputbytes(void);
+
+#define crypto_core_salsa20_KEYBYTES 32U
+SODIUM_EXPORT
+size_t crypto_core_salsa20_keybytes(void);
+
+#define crypto_core_salsa20_CONSTBYTES 16U
+SODIUM_EXPORT
+size_t crypto_core_salsa20_constbytes(void);
+
+SODIUM_EXPORT
+int crypto_core_salsa20(unsigned char *out, const unsigned char *in,
+                        const unsigned char *k, const unsigned char *c)
+            __attribute__ ((nonnull(1, 2, 3)));
+
+#ifdef __cplusplus
+}
+#endif
+
+#endif
diff --git a/client/3rd/ShadowSocks/ShadowSocks/libsodium/lib/Clibsodium.xcframework/ios-arm64/Headers/sodium/crypto_core_salsa2012.h b/client/3rd/ShadowSocks/ShadowSocks/libsodium/lib/Clibsodium.xcframework/ios-arm64/Headers/sodium/crypto_core_salsa2012.h
new file mode 100644
index 00000000..05957591
--- /dev/null
+++ b/client/3rd/ShadowSocks/ShadowSocks/libsodium/lib/Clibsodium.xcframework/ios-arm64/Headers/sodium/crypto_core_salsa2012.h
@@ -0,0 +1,36 @@
+#ifndef crypto_core_salsa2012_H
+#define crypto_core_salsa2012_H
+
+#include <stddef.h>
+#include "export.h"
+
+#ifdef __cplusplus
+extern "C" {
+#endif
+
+#define crypto_core_salsa2012_OUTPUTBYTES 64U
+SODIUM_EXPORT
+size_t crypto_core_salsa2012_outputbytes(void);
+
+#define crypto_core_salsa2012_INPUTBYTES 16U
+SODIUM_EXPORT
+size_t crypto_core_salsa2012_inputbytes(void);
+
+#define crypto_core_salsa2012_KEYBYTES 32U
+SODIUM_EXPORT
+size_t crypto_core_salsa2012_keybytes(void);
+
+#define crypto_core_salsa2012_CONSTBYTES 16U
+SODIUM_EXPORT
+size_t crypto_core_salsa2012_constbytes(void);
+
+SODIUM_EXPORT
+int crypto_core_salsa2012(unsigned char *out, const unsigned char *in,
+                          const unsigned char *k, const unsigned char *c)
+            __attribute__ ((nonnull(1, 2, 3)));
+
+#ifdef __cplusplus
+}
+#endif
+
+#endif
diff --git a/client/3rd/ShadowSocks/ShadowSocks/libsodium/lib/Clibsodium.xcframework/ios-arm64/Headers/sodium/crypto_core_salsa208.h b/client/3rd/ShadowSocks/ShadowSocks/libsodium/lib/Clibsodium.xcframework/ios-arm64/Headers/sodium/crypto_core_salsa208.h
new file mode 100644
index 00000000..d2f216af
--- /dev/null
+++ b/client/3rd/ShadowSocks/ShadowSocks/libsodium/lib/Clibsodium.xcframework/ios-arm64/Headers/sodium/crypto_core_salsa208.h
@@ -0,0 +1,40 @@
+#ifndef crypto_core_salsa208_H
+#define crypto_core_salsa208_H
+
+#include <stddef.h>
+#include "export.h"
+
+#ifdef __cplusplus
+extern "C" {
+#endif
+
+#define crypto_core_salsa208_OUTPUTBYTES 64U
+SODIUM_EXPORT
+size_t crypto_core_salsa208_outputbytes(void)
+            __attribute__ ((deprecated));
+
+#define crypto_core_salsa208_INPUTBYTES 16U
+SODIUM_EXPORT
+size_t crypto_core_salsa208_inputbytes(void)
+            __attribute__ ((deprecated));
+
+#define crypto_core_salsa208_KEYBYTES 32U
+SODIUM_EXPORT
+size_t crypto_core_salsa208_keybytes(void)
+            __attribute__ ((deprecated));
+
+#define crypto_core_salsa208_CONSTBYTES 16U
+SODIUM_EXPORT
+size_t crypto_core_salsa208_constbytes(void)
+            __attribute__ ((deprecated));
+
+SODIUM_EXPORT
+int crypto_core_salsa208(unsigned char *out, const unsigned char *in,
+                         const unsigned char *k, const unsigned char *c)
+            __attribute__ ((nonnull(1, 2, 3)));
+
+#ifdef __cplusplus
+}
+#endif
+
+#endif
diff --git a/client/3rd/ShadowSocks/ShadowSocks/libsodium/lib/Clibsodium.xcframework/ios-arm64/Headers/sodium/crypto_generichash.h b/client/3rd/ShadowSocks/ShadowSocks/libsodium/lib/Clibsodium.xcframework/ios-arm64/Headers/sodium/crypto_generichash.h
new file mode 100644
index 00000000..d897e5d2
--- /dev/null
+++ b/client/3rd/ShadowSocks/ShadowSocks/libsodium/lib/Clibsodium.xcframework/ios-arm64/Headers/sodium/crypto_generichash.h
@@ -0,0 +1,84 @@
+#ifndef crypto_generichash_H
+#define crypto_generichash_H
+
+#include <stddef.h>
+
+#include "crypto_generichash_blake2b.h"
+#include "export.h"
+
+#ifdef __cplusplus
+# ifdef __GNUC__
+#  pragma GCC diagnostic ignored "-Wlong-long"
+# endif
+extern "C" {
+#endif
+
+#define crypto_generichash_BYTES_MIN crypto_generichash_blake2b_BYTES_MIN
+SODIUM_EXPORT
+size_t  crypto_generichash_bytes_min(void);
+
+#define crypto_generichash_BYTES_MAX crypto_generichash_blake2b_BYTES_MAX
+SODIUM_EXPORT
+size_t  crypto_generichash_bytes_max(void);
+
+#define crypto_generichash_BYTES crypto_generichash_blake2b_BYTES
+SODIUM_EXPORT
+size_t  crypto_generichash_bytes(void);
+
+#define crypto_generichash_KEYBYTES_MIN crypto_generichash_blake2b_KEYBYTES_MIN
+SODIUM_EXPORT
+size_t  crypto_generichash_keybytes_min(void);
+
+#define crypto_generichash_KEYBYTES_MAX crypto_generichash_blake2b_KEYBYTES_MAX
+SODIUM_EXPORT
+size_t  crypto_generichash_keybytes_max(void);
+
+#define crypto_generichash_KEYBYTES crypto_generichash_blake2b_KEYBYTES
+SODIUM_EXPORT
+size_t  crypto_generichash_keybytes(void);
+
+#define crypto_generichash_PRIMITIVE "blake2b"
+SODIUM_EXPORT
+const char *crypto_generichash_primitive(void);
+
+/*
+ * Important when writing bindings for other programming languages:
+ * the state address should be 64-bytes aligned.
+ */
+typedef crypto_generichash_blake2b_state crypto_generichash_state;
+
+SODIUM_EXPORT
+size_t  crypto_generichash_statebytes(void);
+
+SODIUM_EXPORT
+int crypto_generichash(unsigned char *out, size_t outlen,
+                       const unsigned char *in, unsigned long long inlen,
+                       const unsigned char *key, size_t keylen)
+            __attribute__ ((nonnull(1)));
+
+SODIUM_EXPORT
+int crypto_generichash_init(crypto_generichash_state *state,
+                            const unsigned char *key,
+                            const size_t keylen, const size_t outlen)
+            __attribute__ ((nonnull(1)));
+
+SODIUM_EXPORT
+int crypto_generichash_update(crypto_generichash_state *state,
+                              const unsigned char *in,
+                              unsigned long long inlen)
+            __attribute__ ((nonnull(1)));
+
+SODIUM_EXPORT
+int crypto_generichash_final(crypto_generichash_state *state,
+                             unsigned char *out, const size_t outlen)
+            __attribute__ ((nonnull));
+
+SODIUM_EXPORT
+void crypto_generichash_keygen(unsigned char k[crypto_generichash_KEYBYTES])
+            __attribute__ ((nonnull));
+
+#ifdef __cplusplus
+}
+#endif
+
+#endif
diff --git a/client/3rd/ShadowSocks/ShadowSocks/libsodium/lib/Clibsodium.xcframework/ios-arm64/Headers/sodium/crypto_generichash_blake2b.h b/client/3rd/ShadowSocks/ShadowSocks/libsodium/lib/Clibsodium.xcframework/ios-arm64/Headers/sodium/crypto_generichash_blake2b.h
new file mode 100644
index 00000000..ae3b52f7
--- /dev/null
+++ b/client/3rd/ShadowSocks/ShadowSocks/libsodium/lib/Clibsodium.xcframework/ios-arm64/Headers/sodium/crypto_generichash_blake2b.h
@@ -0,0 +1,122 @@
+#ifndef crypto_generichash_blake2b_H
+#define crypto_generichash_blake2b_H
+
+#include <stddef.h>
+#include <stdint.h>
+#include <stdlib.h>
+
+#include "export.h"
+
+#ifdef __cplusplus
+# ifdef __GNUC__
+#  pragma GCC diagnostic ignored "-Wlong-long"
+# endif
+extern "C" {
+#endif
+
+#ifdef __IBMC__
+# pragma pack(1)
+#elif defined(__SUNPRO_C) || defined(__SUNPRO_CC)
+# pragma pack(1)
+#else
+# pragma pack(push, 1)
+#endif
+
+typedef struct CRYPTO_ALIGN(64) crypto_generichash_blake2b_state {
+    unsigned char opaque[384];
+} crypto_generichash_blake2b_state;
+
+#ifdef __IBMC__
+# pragma pack(pop)
+#elif defined(__SUNPRO_C) || defined(__SUNPRO_CC)
+# pragma pack()
+#else
+# pragma pack(pop)
+#endif
+
+#define crypto_generichash_blake2b_BYTES_MIN     16U
+SODIUM_EXPORT
+size_t crypto_generichash_blake2b_bytes_min(void);
+
+#define crypto_generichash_blake2b_BYTES_MAX     64U
+SODIUM_EXPORT
+size_t crypto_generichash_blake2b_bytes_max(void);
+
+#define crypto_generichash_blake2b_BYTES         32U
+SODIUM_EXPORT
+size_t crypto_generichash_blake2b_bytes(void);
+
+#define crypto_generichash_blake2b_KEYBYTES_MIN  16U
+SODIUM_EXPORT
+size_t crypto_generichash_blake2b_keybytes_min(void);
+
+#define crypto_generichash_blake2b_KEYBYTES_MAX  64U
+SODIUM_EXPORT
+size_t crypto_generichash_blake2b_keybytes_max(void);
+
+#define crypto_generichash_blake2b_KEYBYTES      32U
+SODIUM_EXPORT
+size_t crypto_generichash_blake2b_keybytes(void);
+
+#define crypto_generichash_blake2b_SALTBYTES     16U
+SODIUM_EXPORT
+size_t crypto_generichash_blake2b_saltbytes(void);
+
+#define crypto_generichash_blake2b_PERSONALBYTES 16U
+SODIUM_EXPORT
+size_t crypto_generichash_blake2b_personalbytes(void);
+
+SODIUM_EXPORT
+size_t crypto_generichash_blake2b_statebytes(void);
+
+SODIUM_EXPORT
+int crypto_generichash_blake2b(unsigned char *out, size_t outlen,
+                               const unsigned char *in,
+                               unsigned long long inlen,
+                               const unsigned char *key, size_t keylen)
+            __attribute__ ((nonnull(1)));
+
+SODIUM_EXPORT
+int crypto_generichash_blake2b_salt_personal(unsigned char *out, size_t outlen,
+                                             const unsigned char *in,
+                                             unsigned long long inlen,
+                                             const unsigned char *key,
+                                             size_t keylen,
+                                             const unsigned char *salt,
+                                             const unsigned char *personal)
+            __attribute__ ((nonnull(1)));
+
+SODIUM_EXPORT
+int crypto_generichash_blake2b_init(crypto_generichash_blake2b_state *state,
+                                    const unsigned char *key,
+                                    const size_t keylen, const size_t outlen)
+            __attribute__ ((nonnull(1)));
+
+SODIUM_EXPORT
+int crypto_generichash_blake2b_init_salt_personal(crypto_generichash_blake2b_state *state,
+                                                  const unsigned char *key,
+                                                  const size_t keylen, const size_t outlen,
+                                                  const unsigned char *salt,
+                                                  const unsigned char *personal)
+            __attribute__ ((nonnull(1)));
+
+SODIUM_EXPORT
+int crypto_generichash_blake2b_update(crypto_generichash_blake2b_state *state,
+                                      const unsigned char *in,
+                                      unsigned long long inlen)
+            __attribute__ ((nonnull(1)));
+
+SODIUM_EXPORT
+int crypto_generichash_blake2b_final(crypto_generichash_blake2b_state *state,
+                                     unsigned char *out,
+                                     const size_t outlen) __attribute__ ((nonnull));
+
+SODIUM_EXPORT
+void crypto_generichash_blake2b_keygen(unsigned char k[crypto_generichash_blake2b_KEYBYTES])
+            __attribute__ ((nonnull));
+
+#ifdef __cplusplus
+}
+#endif
+
+#endif
diff --git a/client/3rd/ShadowSocks/ShadowSocks/libsodium/lib/Clibsodium.xcframework/ios-arm64/Headers/sodium/crypto_hash.h b/client/3rd/ShadowSocks/ShadowSocks/libsodium/lib/Clibsodium.xcframework/ios-arm64/Headers/sodium/crypto_hash.h
new file mode 100644
index 00000000..767d5480
--- /dev/null
+++ b/client/3rd/ShadowSocks/ShadowSocks/libsodium/lib/Clibsodium.xcframework/ios-arm64/Headers/sodium/crypto_hash.h
@@ -0,0 +1,40 @@
+#ifndef crypto_hash_H
+#define crypto_hash_H
+
+/*
+ * WARNING: Unless you absolutely need to use SHA512 for interoperability,
+ * purposes, you might want to consider crypto_generichash() instead.
+ * Unlike SHA512, crypto_generichash() is not vulnerable to length
+ * extension attacks.
+ */
+
+#include <stddef.h>
+
+#include "crypto_hash_sha512.h"
+#include "export.h"
+
+#ifdef __cplusplus
+# ifdef __GNUC__
+#  pragma GCC diagnostic ignored "-Wlong-long"
+# endif
+extern "C" {
+#endif
+
+#define crypto_hash_BYTES crypto_hash_sha512_BYTES
+SODIUM_EXPORT
+size_t crypto_hash_bytes(void);
+
+SODIUM_EXPORT
+int crypto_hash(unsigned char *out, const unsigned char *in,
+                unsigned long long inlen) __attribute__ ((nonnull(1)));
+
+#define crypto_hash_PRIMITIVE "sha512"
+SODIUM_EXPORT
+const char *crypto_hash_primitive(void)
+            __attribute__ ((warn_unused_result));
+
+#ifdef __cplusplus
+}
+#endif
+
+#endif
diff --git a/client/3rd/ShadowSocks/ShadowSocks/libsodium/lib/Clibsodium.xcframework/ios-arm64/Headers/sodium/crypto_hash_sha256.h b/client/3rd/ShadowSocks/ShadowSocks/libsodium/lib/Clibsodium.xcframework/ios-arm64/Headers/sodium/crypto_hash_sha256.h
new file mode 100644
index 00000000..c47982af
--- /dev/null
+++ b/client/3rd/ShadowSocks/ShadowSocks/libsodium/lib/Clibsodium.xcframework/ios-arm64/Headers/sodium/crypto_hash_sha256.h
@@ -0,0 +1,60 @@
+#ifndef crypto_hash_sha256_H
+#define crypto_hash_sha256_H
+
+/*
+ * WARNING: Unless you absolutely need to use SHA256 for interoperability,
+ * purposes, you might want to consider crypto_generichash() instead.
+ * Unlike SHA256, crypto_generichash() is not vulnerable to length
+ * extension attacks.
+ */
+
+#include <stddef.h>
+#include <stdint.h>
+#include <stdlib.h>
+
+#include "export.h"
+
+#ifdef __cplusplus
+# ifdef __GNUC__
+#  pragma GCC diagnostic ignored "-Wlong-long"
+# endif
+extern "C" {
+#endif
+
+typedef struct crypto_hash_sha256_state {
+    uint32_t state[8];
+    uint64_t count;
+    uint8_t  buf[64];
+} crypto_hash_sha256_state;
+
+SODIUM_EXPORT
+size_t crypto_hash_sha256_statebytes(void);
+
+#define crypto_hash_sha256_BYTES 32U
+SODIUM_EXPORT
+size_t crypto_hash_sha256_bytes(void);
+
+SODIUM_EXPORT
+int crypto_hash_sha256(unsigned char *out, const unsigned char *in,
+                       unsigned long long inlen) __attribute__ ((nonnull(1)));
+
+SODIUM_EXPORT
+int crypto_hash_sha256_init(crypto_hash_sha256_state *state)
+            __attribute__ ((nonnull));
+
+SODIUM_EXPORT
+int crypto_hash_sha256_update(crypto_hash_sha256_state *state,
+                              const unsigned char *in,
+                              unsigned long long inlen)
+            __attribute__ ((nonnull(1)));
+
+SODIUM_EXPORT
+int crypto_hash_sha256_final(crypto_hash_sha256_state *state,
+                             unsigned char *out)
+            __attribute__ ((nonnull));
+
+#ifdef __cplusplus
+}
+#endif
+
+#endif
diff --git a/client/3rd/ShadowSocks/ShadowSocks/libsodium/lib/Clibsodium.xcframework/ios-arm64/Headers/sodium/crypto_hash_sha512.h b/client/3rd/ShadowSocks/ShadowSocks/libsodium/lib/Clibsodium.xcframework/ios-arm64/Headers/sodium/crypto_hash_sha512.h
new file mode 100644
index 00000000..5b690fb2
--- /dev/null
+++ b/client/3rd/ShadowSocks/ShadowSocks/libsodium/lib/Clibsodium.xcframework/ios-arm64/Headers/sodium/crypto_hash_sha512.h
@@ -0,0 +1,60 @@
+#ifndef crypto_hash_sha512_H
+#define crypto_hash_sha512_H
+
+/*
+ * WARNING: Unless you absolutely need to use SHA512 for interoperability,
+ * purposes, you might want to consider crypto_generichash() instead.
+ * Unlike SHA512, crypto_generichash() is not vulnerable to length
+ * extension attacks.
+ */
+
+#include <stddef.h>
+#include <stdint.h>
+#include <stdlib.h>
+
+#include "export.h"
+
+#ifdef __cplusplus
+# ifdef __GNUC__
+#  pragma GCC diagnostic ignored "-Wlong-long"
+# endif
+extern "C" {
+#endif
+
+typedef struct crypto_hash_sha512_state {
+    uint64_t state[8];
+    uint64_t count[2];
+    uint8_t  buf[128];
+} crypto_hash_sha512_state;
+
+SODIUM_EXPORT
+size_t crypto_hash_sha512_statebytes(void);
+
+#define crypto_hash_sha512_BYTES 64U
+SODIUM_EXPORT
+size_t crypto_hash_sha512_bytes(void);
+
+SODIUM_EXPORT
+int crypto_hash_sha512(unsigned char *out, const unsigned char *in,
+                       unsigned long long inlen) __attribute__ ((nonnull(1)));
+
+SODIUM_EXPORT
+int crypto_hash_sha512_init(crypto_hash_sha512_state *state)
+            __attribute__ ((nonnull));
+
+SODIUM_EXPORT
+int crypto_hash_sha512_update(crypto_hash_sha512_state *state,
+                              const unsigned char *in,
+                              unsigned long long inlen)
+            __attribute__ ((nonnull(1)));
+
+SODIUM_EXPORT
+int crypto_hash_sha512_final(crypto_hash_sha512_state *state,
+                             unsigned char *out)
+            __attribute__ ((nonnull));
+
+#ifdef __cplusplus
+}
+#endif
+
+#endif
diff --git a/client/3rd/ShadowSocks/ShadowSocks/libsodium/lib/Clibsodium.xcframework/ios-arm64/Headers/sodium/crypto_kdf.h b/client/3rd/ShadowSocks/ShadowSocks/libsodium/lib/Clibsodium.xcframework/ios-arm64/Headers/sodium/crypto_kdf.h
new file mode 100644
index 00000000..ac2fc618
--- /dev/null
+++ b/client/3rd/ShadowSocks/ShadowSocks/libsodium/lib/Clibsodium.xcframework/ios-arm64/Headers/sodium/crypto_kdf.h
@@ -0,0 +1,53 @@
+#ifndef crypto_kdf_H
+#define crypto_kdf_H
+
+#include <stddef.h>
+#include <stdint.h>
+
+#include "crypto_kdf_blake2b.h"
+#include "export.h"
+
+#ifdef __cplusplus
+# ifdef __GNUC__
+#  pragma GCC diagnostic ignored "-Wlong-long"
+# endif
+extern "C" {
+#endif
+
+#define crypto_kdf_BYTES_MIN crypto_kdf_blake2b_BYTES_MIN
+SODIUM_EXPORT
+size_t crypto_kdf_bytes_min(void);
+
+#define crypto_kdf_BYTES_MAX crypto_kdf_blake2b_BYTES_MAX
+SODIUM_EXPORT
+size_t crypto_kdf_bytes_max(void);
+
+#define crypto_kdf_CONTEXTBYTES crypto_kdf_blake2b_CONTEXTBYTES
+SODIUM_EXPORT
+size_t crypto_kdf_contextbytes(void);
+
+#define crypto_kdf_KEYBYTES crypto_kdf_blake2b_KEYBYTES
+SODIUM_EXPORT
+size_t crypto_kdf_keybytes(void);
+
+#define crypto_kdf_PRIMITIVE "blake2b"
+SODIUM_EXPORT
+const char *crypto_kdf_primitive(void)
+            __attribute__ ((warn_unused_result));
+
+SODIUM_EXPORT
+int crypto_kdf_derive_from_key(unsigned char *subkey, size_t subkey_len,
+                               uint64_t subkey_id,
+                               const char ctx[crypto_kdf_CONTEXTBYTES],
+                               const unsigned char key[crypto_kdf_KEYBYTES])
+            __attribute__ ((nonnull));
+
+SODIUM_EXPORT
+void crypto_kdf_keygen(unsigned char k[crypto_kdf_KEYBYTES])
+            __attribute__ ((nonnull));
+
+#ifdef __cplusplus
+}
+#endif
+
+#endif
diff --git a/client/3rd/ShadowSocks/ShadowSocks/libsodium/lib/Clibsodium.xcframework/ios-arm64/Headers/sodium/crypto_kdf_blake2b.h b/client/3rd/ShadowSocks/ShadowSocks/libsodium/lib/Clibsodium.xcframework/ios-arm64/Headers/sodium/crypto_kdf_blake2b.h
new file mode 100644
index 00000000..489c7c20
--- /dev/null
+++ b/client/3rd/ShadowSocks/ShadowSocks/libsodium/lib/Clibsodium.xcframework/ios-arm64/Headers/sodium/crypto_kdf_blake2b.h
@@ -0,0 +1,44 @@
+#ifndef crypto_kdf_blake2b_H
+#define crypto_kdf_blake2b_H
+
+#include <stddef.h>
+#include <stdint.h>
+#include <stdlib.h>
+
+#include "export.h"
+
+#ifdef __cplusplus
+# ifdef __GNUC__
+#  pragma GCC diagnostic ignored "-Wlong-long"
+# endif
+extern "C" {
+#endif
+
+#define crypto_kdf_blake2b_BYTES_MIN 16
+SODIUM_EXPORT
+size_t crypto_kdf_blake2b_bytes_min(void);
+
+#define crypto_kdf_blake2b_BYTES_MAX 64
+SODIUM_EXPORT
+size_t crypto_kdf_blake2b_bytes_max(void);
+
+#define crypto_kdf_blake2b_CONTEXTBYTES 8
+SODIUM_EXPORT
+size_t crypto_kdf_blake2b_contextbytes(void);
+
+#define crypto_kdf_blake2b_KEYBYTES 32
+SODIUM_EXPORT
+size_t crypto_kdf_blake2b_keybytes(void);
+
+SODIUM_EXPORT
+int crypto_kdf_blake2b_derive_from_key(unsigned char *subkey, size_t subkey_len,
+                                       uint64_t subkey_id,
+                                       const char ctx[crypto_kdf_blake2b_CONTEXTBYTES],
+                                       const unsigned char key[crypto_kdf_blake2b_KEYBYTES])
+            __attribute__ ((nonnull));
+
+#ifdef __cplusplus
+}
+#endif
+
+#endif
diff --git a/client/3rd/ShadowSocks/ShadowSocks/libsodium/lib/Clibsodium.xcframework/ios-arm64/Headers/sodium/crypto_kdf_hkdf_sha256.h b/client/3rd/ShadowSocks/ShadowSocks/libsodium/lib/Clibsodium.xcframework/ios-arm64/Headers/sodium/crypto_kdf_hkdf_sha256.h
new file mode 100644
index 00000000..899a6316
--- /dev/null
+++ b/client/3rd/ShadowSocks/ShadowSocks/libsodium/lib/Clibsodium.xcframework/ios-arm64/Headers/sodium/crypto_kdf_hkdf_sha256.h
@@ -0,0 +1,48 @@
+#ifndef crypto_kdf_hkdf_sha256_H
+#define crypto_kdf_hkdf_sha256_H
+
+#include <stddef.h>
+#include <stdint.h>
+#include <stdlib.h>
+
+#include "crypto_kdf.h"
+#include "crypto_auth_hmacsha256.h"
+#include "export.h"
+
+#ifdef __cplusplus
+# ifdef __GNUC__
+#  pragma GCC diagnostic ignored "-Wlong-long"
+# endif
+extern "C" {
+#endif
+
+#define crypto_kdf_hkdf_sha256_KEYBYTES crypto_auth_hmacsha256_BYTES
+SODIUM_EXPORT
+size_t crypto_kdf_hkdf_sha256_keybytes(void);
+
+#define crypto_kdf_hkdf_sha256_BYTES_MIN 0U
+SODIUM_EXPORT
+size_t crypto_kdf_hkdf_sha256_bytes_min(void);
+
+#define crypto_kdf_hkdf_sha256_BYTES_MAX (0xff * crypto_auth_hmacsha256_BYTES)
+SODIUM_EXPORT
+size_t crypto_kdf_hkdf_sha256_bytes_max(void);
+
+SODIUM_EXPORT
+int crypto_kdf_hkdf_sha256_extract(unsigned char prk[crypto_kdf_hkdf_sha256_KEYBYTES],
+                                   const unsigned char *salt, size_t salt_len,
+                                   const unsigned char *ikm, size_t ikm_len);
+
+SODIUM_EXPORT
+void crypto_kdf_hkdf_sha256_keygen(unsigned char prk[crypto_kdf_hkdf_sha256_KEYBYTES]);
+
+SODIUM_EXPORT
+int crypto_kdf_hkdf_sha256_expand(unsigned char *out, size_t out_len,
+                                  const char *ctx, size_t ctx_len,
+                                  const unsigned char prk[crypto_kdf_hkdf_sha256_KEYBYTES]);
+
+#ifdef __cplusplus
+}
+#endif
+
+#endif
diff --git a/client/3rd/ShadowSocks/ShadowSocks/libsodium/lib/Clibsodium.xcframework/ios-arm64/Headers/sodium/crypto_kdf_hkdf_sha512.h b/client/3rd/ShadowSocks/ShadowSocks/libsodium/lib/Clibsodium.xcframework/ios-arm64/Headers/sodium/crypto_kdf_hkdf_sha512.h
new file mode 100644
index 00000000..3fa6868c
--- /dev/null
+++ b/client/3rd/ShadowSocks/ShadowSocks/libsodium/lib/Clibsodium.xcframework/ios-arm64/Headers/sodium/crypto_kdf_hkdf_sha512.h
@@ -0,0 +1,51 @@
+#ifndef crypto_kdf_hkdf_sha512_H
+#define crypto_kdf_hkdf_sha512_H
+
+#include <stddef.h>
+#include <stdint.h>
+#include <stdlib.h>
+
+#include "crypto_kdf.h"
+#include "crypto_auth_hmacsha512.h"
+#include "export.h"
+
+#ifdef __cplusplus
+# ifdef __GNUC__
+#  pragma GCC diagnostic ignored "-Wlong-long"
+# endif
+extern "C" {
+#endif
+
+#define crypto_kdf_hkdf_sha512_KEYBYTES crypto_auth_hmacsha512_BYTES
+SODIUM_EXPORT
+size_t crypto_kdf_hkdf_sha512_keybytes(void);
+
+#define crypto_kdf_hkdf_sha512_BYTES_MIN 0U
+SODIUM_EXPORT
+size_t crypto_kdf_hkdf_sha512_bytes_min(void);
+
+#define crypto_kdf_hkdf_sha512_BYTES_MAX (0xff * crypto_auth_hmacsha512_BYTES)
+SODIUM_EXPORT
+size_t crypto_kdf_hkdf_sha512_bytes_max(void);
+
+SODIUM_EXPORT
+int crypto_kdf_hkdf_sha512_extract(unsigned char prk[crypto_kdf_hkdf_sha512_KEYBYTES],
+                                   const unsigned char *salt, size_t salt_len,
+                                   const unsigned char *ikm, size_t ikm_len)
+            __attribute__ ((nonnull(1)));
+
+SODIUM_EXPORT
+void crypto_kdf_hkdf_sha512_keygen(unsigned char prk[crypto_kdf_hkdf_sha512_KEYBYTES])
+            __attribute__ ((nonnull));
+
+SODIUM_EXPORT
+int crypto_kdf_hkdf_sha512_expand(unsigned char *out, size_t out_len,
+                                  const char *ctx, size_t ctx_len,
+                                  const unsigned char prk[crypto_kdf_hkdf_sha512_KEYBYTES])
+            __attribute__ ((nonnull(1)));
+
+#ifdef __cplusplus
+}
+#endif
+
+#endif
diff --git a/client/3rd/ShadowSocks/ShadowSocks/libsodium/lib/Clibsodium.xcframework/ios-arm64/Headers/sodium/crypto_kx.h b/client/3rd/ShadowSocks/ShadowSocks/libsodium/lib/Clibsodium.xcframework/ios-arm64/Headers/sodium/crypto_kx.h
new file mode 100644
index 00000000..347132c3
--- /dev/null
+++ b/client/3rd/ShadowSocks/ShadowSocks/libsodium/lib/Clibsodium.xcframework/ios-arm64/Headers/sodium/crypto_kx.h
@@ -0,0 +1,66 @@
+#ifndef crypto_kx_H
+#define crypto_kx_H
+
+#include <stddef.h>
+
+#include "export.h"
+
+#ifdef __cplusplus
+# ifdef __GNUC__
+#  pragma GCC diagnostic ignored "-Wlong-long"
+# endif
+extern "C" {
+#endif
+
+#define crypto_kx_PUBLICKEYBYTES 32
+SODIUM_EXPORT
+size_t crypto_kx_publickeybytes(void);
+
+#define crypto_kx_SECRETKEYBYTES 32
+SODIUM_EXPORT
+size_t crypto_kx_secretkeybytes(void);
+
+#define crypto_kx_SEEDBYTES 32
+SODIUM_EXPORT
+size_t crypto_kx_seedbytes(void);
+
+#define crypto_kx_SESSIONKEYBYTES 32
+SODIUM_EXPORT
+size_t crypto_kx_sessionkeybytes(void);
+
+#define crypto_kx_PRIMITIVE "x25519blake2b"
+SODIUM_EXPORT
+const char *crypto_kx_primitive(void);
+
+SODIUM_EXPORT
+int crypto_kx_seed_keypair(unsigned char pk[crypto_kx_PUBLICKEYBYTES],
+                           unsigned char sk[crypto_kx_SECRETKEYBYTES],
+                           const unsigned char seed[crypto_kx_SEEDBYTES])
+            __attribute__ ((nonnull));
+
+SODIUM_EXPORT
+int crypto_kx_keypair(unsigned char pk[crypto_kx_PUBLICKEYBYTES],
+                      unsigned char sk[crypto_kx_SECRETKEYBYTES])
+            __attribute__ ((nonnull));
+
+SODIUM_EXPORT
+int crypto_kx_client_session_keys(unsigned char rx[crypto_kx_SESSIONKEYBYTES],
+                                  unsigned char tx[crypto_kx_SESSIONKEYBYTES],
+                                  const unsigned char client_pk[crypto_kx_PUBLICKEYBYTES],
+                                  const unsigned char client_sk[crypto_kx_SECRETKEYBYTES],
+                                  const unsigned char server_pk[crypto_kx_PUBLICKEYBYTES])
+            __attribute__ ((warn_unused_result))  __attribute__ ((nonnull(3, 4, 5)));
+
+SODIUM_EXPORT
+int crypto_kx_server_session_keys(unsigned char rx[crypto_kx_SESSIONKEYBYTES],
+                                  unsigned char tx[crypto_kx_SESSIONKEYBYTES],
+                                  const unsigned char server_pk[crypto_kx_PUBLICKEYBYTES],
+                                  const unsigned char server_sk[crypto_kx_SECRETKEYBYTES],
+                                  const unsigned char client_pk[crypto_kx_PUBLICKEYBYTES])
+            __attribute__ ((warn_unused_result))  __attribute__ ((nonnull(3, 4, 5)));
+
+#ifdef __cplusplus
+}
+#endif
+
+#endif
diff --git a/client/3rd/ShadowSocks/ShadowSocks/libsodium/lib/Clibsodium.xcframework/ios-arm64/Headers/sodium/crypto_onetimeauth.h b/client/3rd/ShadowSocks/ShadowSocks/libsodium/lib/Clibsodium.xcframework/ios-arm64/Headers/sodium/crypto_onetimeauth.h
new file mode 100644
index 00000000..7cd7b070
--- /dev/null
+++ b/client/3rd/ShadowSocks/ShadowSocks/libsodium/lib/Clibsodium.xcframework/ios-arm64/Headers/sodium/crypto_onetimeauth.h
@@ -0,0 +1,65 @@
+#ifndef crypto_onetimeauth_H
+#define crypto_onetimeauth_H
+
+#include <stddef.h>
+
+#include "crypto_onetimeauth_poly1305.h"
+#include "export.h"
+
+#ifdef __cplusplus
+# ifdef __GNUC__
+#  pragma GCC diagnostic ignored "-Wlong-long"
+# endif
+extern "C" {
+#endif
+
+typedef crypto_onetimeauth_poly1305_state crypto_onetimeauth_state;
+
+SODIUM_EXPORT
+size_t  crypto_onetimeauth_statebytes(void);
+
+#define crypto_onetimeauth_BYTES crypto_onetimeauth_poly1305_BYTES
+SODIUM_EXPORT
+size_t  crypto_onetimeauth_bytes(void);
+
+#define crypto_onetimeauth_KEYBYTES crypto_onetimeauth_poly1305_KEYBYTES
+SODIUM_EXPORT
+size_t  crypto_onetimeauth_keybytes(void);
+
+#define crypto_onetimeauth_PRIMITIVE "poly1305"
+SODIUM_EXPORT
+const char *crypto_onetimeauth_primitive(void);
+
+SODIUM_EXPORT
+int crypto_onetimeauth(unsigned char *out, const unsigned char *in,
+                       unsigned long long inlen, const unsigned char *k)
+            __attribute__ ((nonnull(1, 4)));
+
+SODIUM_EXPORT
+int crypto_onetimeauth_verify(const unsigned char *h, const unsigned char *in,
+                              unsigned long long inlen, const unsigned char *k)
+            __attribute__ ((warn_unused_result)) __attribute__ ((nonnull(1, 4)));
+
+SODIUM_EXPORT
+int crypto_onetimeauth_init(crypto_onetimeauth_state *state,
+                            const unsigned char *key) __attribute__ ((nonnull));
+
+SODIUM_EXPORT
+int crypto_onetimeauth_update(crypto_onetimeauth_state *state,
+                              const unsigned char *in,
+                              unsigned long long inlen)
+            __attribute__ ((nonnull(1)));
+
+SODIUM_EXPORT
+int crypto_onetimeauth_final(crypto_onetimeauth_state *state,
+                             unsigned char *out) __attribute__ ((nonnull));
+
+SODIUM_EXPORT
+void crypto_onetimeauth_keygen(unsigned char k[crypto_onetimeauth_KEYBYTES])
+            __attribute__ ((nonnull));
+
+#ifdef __cplusplus
+}
+#endif
+
+#endif
diff --git a/client/3rd/ShadowSocks/ShadowSocks/libsodium/lib/Clibsodium.xcframework/ios-arm64/Headers/sodium/crypto_onetimeauth_poly1305.h b/client/3rd/ShadowSocks/ShadowSocks/libsodium/lib/Clibsodium.xcframework/ios-arm64/Headers/sodium/crypto_onetimeauth_poly1305.h
new file mode 100644
index 00000000..f3e34d86
--- /dev/null
+++ b/client/3rd/ShadowSocks/ShadowSocks/libsodium/lib/Clibsodium.xcframework/ios-arm64/Headers/sodium/crypto_onetimeauth_poly1305.h
@@ -0,0 +1,72 @@
+#ifndef crypto_onetimeauth_poly1305_H
+#define crypto_onetimeauth_poly1305_H
+
+#ifdef __cplusplus
+# ifdef __GNUC__
+#  pragma GCC diagnostic ignored "-Wlong-long"
+# endif
+extern "C" {
+#endif
+
+#include <stdint.h>
+#include <stdio.h>
+#include <stdlib.h>
+
+#include <sys/types.h>
+
+#include "export.h"
+
+typedef struct CRYPTO_ALIGN(16) crypto_onetimeauth_poly1305_state {
+    unsigned char opaque[256];
+} crypto_onetimeauth_poly1305_state;
+
+SODIUM_EXPORT
+size_t crypto_onetimeauth_poly1305_statebytes(void);
+
+#define crypto_onetimeauth_poly1305_BYTES 16U
+SODIUM_EXPORT
+size_t crypto_onetimeauth_poly1305_bytes(void);
+
+#define crypto_onetimeauth_poly1305_KEYBYTES 32U
+SODIUM_EXPORT
+size_t crypto_onetimeauth_poly1305_keybytes(void);
+
+SODIUM_EXPORT
+int crypto_onetimeauth_poly1305(unsigned char *out,
+                                const unsigned char *in,
+                                unsigned long long inlen,
+                                const unsigned char *k)
+            __attribute__ ((nonnull(1, 4)));
+
+SODIUM_EXPORT
+int crypto_onetimeauth_poly1305_verify(const unsigned char *h,
+                                       const unsigned char *in,
+                                       unsigned long long inlen,
+                                       const unsigned char *k)
+            __attribute__ ((warn_unused_result)) __attribute__ ((nonnull(1, 4)));
+
+SODIUM_EXPORT
+int crypto_onetimeauth_poly1305_init(crypto_onetimeauth_poly1305_state *state,
+                                     const unsigned char *key)
+            __attribute__ ((nonnull));
+
+SODIUM_EXPORT
+int crypto_onetimeauth_poly1305_update(crypto_onetimeauth_poly1305_state *state,
+                                       const unsigned char *in,
+                                       unsigned long long inlen)
+            __attribute__ ((nonnull(1)));
+
+SODIUM_EXPORT
+int crypto_onetimeauth_poly1305_final(crypto_onetimeauth_poly1305_state *state,
+                                      unsigned char *out)
+            __attribute__ ((nonnull));
+
+SODIUM_EXPORT
+void crypto_onetimeauth_poly1305_keygen(unsigned char k[crypto_onetimeauth_poly1305_KEYBYTES])
+            __attribute__ ((nonnull));
+
+#ifdef __cplusplus
+}
+#endif
+
+#endif
diff --git a/client/3rd/ShadowSocks/ShadowSocks/libsodium/lib/Clibsodium.xcframework/ios-arm64/Headers/sodium/crypto_pwhash.h b/client/3rd/ShadowSocks/ShadowSocks/libsodium/lib/Clibsodium.xcframework/ios-arm64/Headers/sodium/crypto_pwhash.h
new file mode 100644
index 00000000..307265d3
--- /dev/null
+++ b/client/3rd/ShadowSocks/ShadowSocks/libsodium/lib/Clibsodium.xcframework/ios-arm64/Headers/sodium/crypto_pwhash.h
@@ -0,0 +1,147 @@
+#ifndef crypto_pwhash_H
+#define crypto_pwhash_H
+
+#include <stddef.h>
+
+#include "crypto_pwhash_argon2i.h"
+#include "crypto_pwhash_argon2id.h"
+#include "export.h"
+
+#ifdef __cplusplus
+# ifdef __GNUC__
+#  pragma GCC diagnostic ignored "-Wlong-long"
+# endif
+extern "C" {
+#endif
+
+#define crypto_pwhash_ALG_ARGON2I13 crypto_pwhash_argon2i_ALG_ARGON2I13
+SODIUM_EXPORT
+int crypto_pwhash_alg_argon2i13(void);
+
+#define crypto_pwhash_ALG_ARGON2ID13 crypto_pwhash_argon2id_ALG_ARGON2ID13
+SODIUM_EXPORT
+int crypto_pwhash_alg_argon2id13(void);
+
+#define crypto_pwhash_ALG_DEFAULT crypto_pwhash_ALG_ARGON2ID13
+SODIUM_EXPORT
+int crypto_pwhash_alg_default(void);
+
+#define crypto_pwhash_BYTES_MIN crypto_pwhash_argon2id_BYTES_MIN
+SODIUM_EXPORT
+size_t crypto_pwhash_bytes_min(void);
+
+#define crypto_pwhash_BYTES_MAX crypto_pwhash_argon2id_BYTES_MAX
+SODIUM_EXPORT
+size_t crypto_pwhash_bytes_max(void);
+
+#define crypto_pwhash_PASSWD_MIN crypto_pwhash_argon2id_PASSWD_MIN
+SODIUM_EXPORT
+size_t crypto_pwhash_passwd_min(void);
+
+#define crypto_pwhash_PASSWD_MAX crypto_pwhash_argon2id_PASSWD_MAX
+SODIUM_EXPORT
+size_t crypto_pwhash_passwd_max(void);
+
+#define crypto_pwhash_SALTBYTES crypto_pwhash_argon2id_SALTBYTES
+SODIUM_EXPORT
+size_t crypto_pwhash_saltbytes(void);
+
+#define crypto_pwhash_STRBYTES crypto_pwhash_argon2id_STRBYTES
+SODIUM_EXPORT
+size_t crypto_pwhash_strbytes(void);
+
+#define crypto_pwhash_STRPREFIX crypto_pwhash_argon2id_STRPREFIX
+SODIUM_EXPORT
+const char *crypto_pwhash_strprefix(void);
+
+#define crypto_pwhash_OPSLIMIT_MIN crypto_pwhash_argon2id_OPSLIMIT_MIN
+SODIUM_EXPORT
+unsigned long long crypto_pwhash_opslimit_min(void);
+
+#define crypto_pwhash_OPSLIMIT_MAX crypto_pwhash_argon2id_OPSLIMIT_MAX
+SODIUM_EXPORT
+unsigned long long crypto_pwhash_opslimit_max(void);
+
+#define crypto_pwhash_MEMLIMIT_MIN crypto_pwhash_argon2id_MEMLIMIT_MIN
+SODIUM_EXPORT
+size_t crypto_pwhash_memlimit_min(void);
+
+#define crypto_pwhash_MEMLIMIT_MAX crypto_pwhash_argon2id_MEMLIMIT_MAX
+SODIUM_EXPORT
+size_t crypto_pwhash_memlimit_max(void);
+
+#define crypto_pwhash_OPSLIMIT_INTERACTIVE crypto_pwhash_argon2id_OPSLIMIT_INTERACTIVE
+SODIUM_EXPORT
+unsigned long long crypto_pwhash_opslimit_interactive(void);
+
+#define crypto_pwhash_MEMLIMIT_INTERACTIVE crypto_pwhash_argon2id_MEMLIMIT_INTERACTIVE
+SODIUM_EXPORT
+size_t crypto_pwhash_memlimit_interactive(void);
+
+#define crypto_pwhash_OPSLIMIT_MODERATE crypto_pwhash_argon2id_OPSLIMIT_MODERATE
+SODIUM_EXPORT
+unsigned long long crypto_pwhash_opslimit_moderate(void);
+
+#define crypto_pwhash_MEMLIMIT_MODERATE crypto_pwhash_argon2id_MEMLIMIT_MODERATE
+SODIUM_EXPORT
+size_t crypto_pwhash_memlimit_moderate(void);
+
+#define crypto_pwhash_OPSLIMIT_SENSITIVE crypto_pwhash_argon2id_OPSLIMIT_SENSITIVE
+SODIUM_EXPORT
+unsigned long long crypto_pwhash_opslimit_sensitive(void);
+
+#define crypto_pwhash_MEMLIMIT_SENSITIVE crypto_pwhash_argon2id_MEMLIMIT_SENSITIVE
+SODIUM_EXPORT
+size_t crypto_pwhash_memlimit_sensitive(void);
+
+/*
+ * With this function, do not forget to store all parameters, including the
+ * algorithm identifier in order to produce deterministic output.
+ * The crypto_pwhash_* definitions, including crypto_pwhash_ALG_DEFAULT,
+ * may change.
+ */
+SODIUM_EXPORT
+int crypto_pwhash(unsigned char * const out, unsigned long long outlen,
+                  const char * const passwd, unsigned long long passwdlen,
+                  const unsigned char * const salt,
+                  unsigned long long opslimit, size_t memlimit, int alg)
+            __attribute__ ((warn_unused_result)) __attribute__ ((nonnull));
+
+/*
+ * The output string already includes all the required parameters, including
+ * the algorithm identifier. The string is all that has to be stored in
+ * order to verify a password.
+ */
+SODIUM_EXPORT
+int crypto_pwhash_str(char out[crypto_pwhash_STRBYTES],
+                      const char * const passwd, unsigned long long passwdlen,
+                      unsigned long long opslimit, size_t memlimit)
+            __attribute__ ((warn_unused_result)) __attribute__ ((nonnull));
+
+SODIUM_EXPORT
+int crypto_pwhash_str_alg(char out[crypto_pwhash_STRBYTES],
+                          const char * const passwd, unsigned long long passwdlen,
+                          unsigned long long opslimit, size_t memlimit, int alg)
+            __attribute__ ((warn_unused_result)) __attribute__ ((nonnull));
+
+SODIUM_EXPORT
+int crypto_pwhash_str_verify(const char *str,
+                             const char * const passwd,
+                             unsigned long long passwdlen)
+            __attribute__ ((warn_unused_result)) __attribute__ ((nonnull));
+
+SODIUM_EXPORT
+int crypto_pwhash_str_needs_rehash(const char *str,
+                                   unsigned long long opslimit, size_t memlimit)
+            __attribute__ ((warn_unused_result)) __attribute__ ((nonnull));
+
+#define crypto_pwhash_PRIMITIVE "argon2i"
+SODIUM_EXPORT
+const char *crypto_pwhash_primitive(void)
+            __attribute__ ((warn_unused_result));
+
+#ifdef __cplusplus
+}
+#endif
+
+#endif
diff --git a/client/3rd/ShadowSocks/ShadowSocks/libsodium/lib/Clibsodium.xcframework/ios-arm64/Headers/sodium/crypto_pwhash_argon2i.h b/client/3rd/ShadowSocks/ShadowSocks/libsodium/lib/Clibsodium.xcframework/ios-arm64/Headers/sodium/crypto_pwhash_argon2i.h
new file mode 100644
index 00000000..91156ba0
--- /dev/null
+++ b/client/3rd/ShadowSocks/ShadowSocks/libsodium/lib/Clibsodium.xcframework/ios-arm64/Headers/sodium/crypto_pwhash_argon2i.h
@@ -0,0 +1,122 @@
+#ifndef crypto_pwhash_argon2i_H
+#define crypto_pwhash_argon2i_H
+
+#include <limits.h>
+#include <stddef.h>
+#include <stdint.h>
+
+#include "export.h"
+
+#ifdef __cplusplus
+# ifdef __GNUC__
+#  pragma GCC diagnostic ignored "-Wlong-long"
+# endif
+extern "C" {
+#endif
+
+#define crypto_pwhash_argon2i_ALG_ARGON2I13 1
+SODIUM_EXPORT
+int crypto_pwhash_argon2i_alg_argon2i13(void);
+
+#define crypto_pwhash_argon2i_BYTES_MIN 16U
+SODIUM_EXPORT
+size_t crypto_pwhash_argon2i_bytes_min(void);
+
+#define crypto_pwhash_argon2i_BYTES_MAX SODIUM_MIN(SODIUM_SIZE_MAX, 4294967295U)
+SODIUM_EXPORT
+size_t crypto_pwhash_argon2i_bytes_max(void);
+
+#define crypto_pwhash_argon2i_PASSWD_MIN 0U
+SODIUM_EXPORT
+size_t crypto_pwhash_argon2i_passwd_min(void);
+
+#define crypto_pwhash_argon2i_PASSWD_MAX 4294967295U
+SODIUM_EXPORT
+size_t crypto_pwhash_argon2i_passwd_max(void);
+
+#define crypto_pwhash_argon2i_SALTBYTES 16U
+SODIUM_EXPORT
+size_t crypto_pwhash_argon2i_saltbytes(void);
+
+#define crypto_pwhash_argon2i_STRBYTES 128U
+SODIUM_EXPORT
+size_t crypto_pwhash_argon2i_strbytes(void);
+
+#define crypto_pwhash_argon2i_STRPREFIX "$argon2i$"
+SODIUM_EXPORT
+const char *crypto_pwhash_argon2i_strprefix(void);
+
+#define crypto_pwhash_argon2i_OPSLIMIT_MIN 3U
+SODIUM_EXPORT
+unsigned long long crypto_pwhash_argon2i_opslimit_min(void);
+
+#define crypto_pwhash_argon2i_OPSLIMIT_MAX 4294967295U
+SODIUM_EXPORT
+unsigned long long crypto_pwhash_argon2i_opslimit_max(void);
+
+#define crypto_pwhash_argon2i_MEMLIMIT_MIN 8192U
+SODIUM_EXPORT
+size_t crypto_pwhash_argon2i_memlimit_min(void);
+
+#define crypto_pwhash_argon2i_MEMLIMIT_MAX \
+    ((SIZE_MAX >= 4398046510080U) ? 4398046510080U : (SIZE_MAX >= 2147483648U) ? 2147483648U : 32768U)
+SODIUM_EXPORT
+size_t crypto_pwhash_argon2i_memlimit_max(void);
+
+#define crypto_pwhash_argon2i_OPSLIMIT_INTERACTIVE 4U
+SODIUM_EXPORT
+unsigned long long crypto_pwhash_argon2i_opslimit_interactive(void);
+
+#define crypto_pwhash_argon2i_MEMLIMIT_INTERACTIVE 33554432U
+SODIUM_EXPORT
+size_t crypto_pwhash_argon2i_memlimit_interactive(void);
+
+#define crypto_pwhash_argon2i_OPSLIMIT_MODERATE 6U
+SODIUM_EXPORT
+unsigned long long crypto_pwhash_argon2i_opslimit_moderate(void);
+
+#define crypto_pwhash_argon2i_MEMLIMIT_MODERATE 134217728U
+SODIUM_EXPORT
+size_t crypto_pwhash_argon2i_memlimit_moderate(void);
+
+#define crypto_pwhash_argon2i_OPSLIMIT_SENSITIVE 8U
+SODIUM_EXPORT
+unsigned long long crypto_pwhash_argon2i_opslimit_sensitive(void);
+
+#define crypto_pwhash_argon2i_MEMLIMIT_SENSITIVE 536870912U
+SODIUM_EXPORT
+size_t crypto_pwhash_argon2i_memlimit_sensitive(void);
+
+SODIUM_EXPORT
+int crypto_pwhash_argon2i(unsigned char * const out,
+                          unsigned long long outlen,
+                          const char * const passwd,
+                          unsigned long long passwdlen,
+                          const unsigned char * const salt,
+                          unsigned long long opslimit, size_t memlimit,
+                          int alg)
+            __attribute__ ((warn_unused_result)) __attribute__ ((nonnull));
+
+SODIUM_EXPORT
+int crypto_pwhash_argon2i_str(char out[crypto_pwhash_argon2i_STRBYTES],
+                              const char * const passwd,
+                              unsigned long long passwdlen,
+                              unsigned long long opslimit, size_t memlimit)
+            __attribute__ ((warn_unused_result)) __attribute__ ((nonnull));
+
+SODIUM_EXPORT
+int crypto_pwhash_argon2i_str_verify(const char * str,
+                                     const char * const passwd,
+                                     unsigned long long passwdlen)
+            __attribute__ ((warn_unused_result)) __attribute__ ((nonnull));
+
+SODIUM_EXPORT
+int crypto_pwhash_argon2i_str_needs_rehash(const char * str,
+                                           unsigned long long opslimit, size_t memlimit)
+            __attribute__ ((warn_unused_result))  __attribute__ ((nonnull));
+
+#ifdef __cplusplus
+}
+#endif
+
+#endif
diff --git a/client/3rd/ShadowSocks/ShadowSocks/libsodium/lib/Clibsodium.xcframework/ios-arm64/Headers/sodium/crypto_pwhash_argon2id.h b/client/3rd/ShadowSocks/ShadowSocks/libsodium/lib/Clibsodium.xcframework/ios-arm64/Headers/sodium/crypto_pwhash_argon2id.h
new file mode 100644
index 00000000..e6f72a92
--- /dev/null
+++ b/client/3rd/ShadowSocks/ShadowSocks/libsodium/lib/Clibsodium.xcframework/ios-arm64/Headers/sodium/crypto_pwhash_argon2id.h
@@ -0,0 +1,122 @@
+#ifndef crypto_pwhash_argon2id_H
+#define crypto_pwhash_argon2id_H
+
+#include <limits.h>
+#include <stddef.h>
+#include <stdint.h>
+
+#include "export.h"
+
+#ifdef __cplusplus
+# ifdef __GNUC__
+#  pragma GCC diagnostic ignored "-Wlong-long"
+# endif
+extern "C" {
+#endif
+
+#define crypto_pwhash_argon2id_ALG_ARGON2ID13 2
+SODIUM_EXPORT
+int crypto_pwhash_argon2id_alg_argon2id13(void);
+
+#define crypto_pwhash_argon2id_BYTES_MIN 16U
+SODIUM_EXPORT
+size_t crypto_pwhash_argon2id_bytes_min(void);
+
+#define crypto_pwhash_argon2id_BYTES_MAX SODIUM_MIN(SODIUM_SIZE_MAX, 4294967295U)
+SODIUM_EXPORT
+size_t crypto_pwhash_argon2id_bytes_max(void);
+
+#define crypto_pwhash_argon2id_PASSWD_MIN 0U
+SODIUM_EXPORT
+size_t crypto_pwhash_argon2id_passwd_min(void);
+
+#define crypto_pwhash_argon2id_PASSWD_MAX 4294967295U
+SODIUM_EXPORT
+size_t crypto_pwhash_argon2id_passwd_max(void);
+
+#define crypto_pwhash_argon2id_SALTBYTES 16U
+SODIUM_EXPORT
+size_t crypto_pwhash_argon2id_saltbytes(void);
+
+#define crypto_pwhash_argon2id_STRBYTES 128U
+SODIUM_EXPORT
+size_t crypto_pwhash_argon2id_strbytes(void);
+
+#define crypto_pwhash_argon2id_STRPREFIX "$argon2id$"
+SODIUM_EXPORT
+const char *crypto_pwhash_argon2id_strprefix(void);
+
+#define crypto_pwhash_argon2id_OPSLIMIT_MIN 1U
+SODIUM_EXPORT
+unsigned long long crypto_pwhash_argon2id_opslimit_min(void);
+
+#define crypto_pwhash_argon2id_OPSLIMIT_MAX 4294967295U
+SODIUM_EXPORT
+unsigned long long crypto_pwhash_argon2id_opslimit_max(void);
+
+#define crypto_pwhash_argon2id_MEMLIMIT_MIN 8192U
+SODIUM_EXPORT
+size_t crypto_pwhash_argon2id_memlimit_min(void);
+
+#define crypto_pwhash_argon2id_MEMLIMIT_MAX \
+    ((SIZE_MAX >= 4398046510080U) ? 4398046510080U : (SIZE_MAX >= 2147483648U) ? 2147483648U : 32768U)
+SODIUM_EXPORT
+size_t crypto_pwhash_argon2id_memlimit_max(void);
+
+#define crypto_pwhash_argon2id_OPSLIMIT_INTERACTIVE 2U
+SODIUM_EXPORT
+unsigned long long crypto_pwhash_argon2id_opslimit_interactive(void);
+
+#define crypto_pwhash_argon2id_MEMLIMIT_INTERACTIVE 67108864U
+SODIUM_EXPORT
+size_t crypto_pwhash_argon2id_memlimit_interactive(void);
+
+#define crypto_pwhash_argon2id_OPSLIMIT_MODERATE 3U
+SODIUM_EXPORT
+unsigned long long crypto_pwhash_argon2id_opslimit_moderate(void);
+
+#define crypto_pwhash_argon2id_MEMLIMIT_MODERATE 268435456U
+SODIUM_EXPORT
+size_t crypto_pwhash_argon2id_memlimit_moderate(void);
+
+#define crypto_pwhash_argon2id_OPSLIMIT_SENSITIVE 4U
+SODIUM_EXPORT
+unsigned long long crypto_pwhash_argon2id_opslimit_sensitive(void);
+
+#define crypto_pwhash_argon2id_MEMLIMIT_SENSITIVE 1073741824U
+SODIUM_EXPORT
+size_t crypto_pwhash_argon2id_memlimit_sensitive(void);
+
+SODIUM_EXPORT
+int crypto_pwhash_argon2id(unsigned char * const out,
+                           unsigned long long outlen,
+                           const char * const passwd,
+                           unsigned long long passwdlen,
+                           const unsigned char * const salt,
+                           unsigned long long opslimit, size_t memlimit,
+                           int alg)
+            __attribute__ ((warn_unused_result)) __attribute__ ((nonnull));
+
+SODIUM_EXPORT
+int crypto_pwhash_argon2id_str(char out[crypto_pwhash_argon2id_STRBYTES],
+                               const char * const passwd,
+                               unsigned long long passwdlen,
+                               unsigned long long opslimit, size_t memlimit)
+            __attribute__ ((warn_unused_result)) __attribute__ ((nonnull));
+
+SODIUM_EXPORT
+int crypto_pwhash_argon2id_str_verify(const char * str,
+                                      const char * const passwd,
+                                      unsigned long long passwdlen)
+            __attribute__ ((warn_unused_result))  __attribute__ ((nonnull));
+
+SODIUM_EXPORT
+int crypto_pwhash_argon2id_str_needs_rehash(const char * str,
+                                            unsigned long long opslimit, size_t memlimit)
+            __attribute__ ((warn_unused_result))  __attribute__ ((nonnull));
+
+#ifdef __cplusplus
+}
+#endif
+
+#endif
diff --git a/client/3rd/ShadowSocks/ShadowSocks/libsodium/lib/Clibsodium.xcframework/ios-arm64/Headers/sodium/crypto_pwhash_scryptsalsa208sha256.h b/client/3rd/ShadowSocks/ShadowSocks/libsodium/lib/Clibsodium.xcframework/ios-arm64/Headers/sodium/crypto_pwhash_scryptsalsa208sha256.h
new file mode 100644
index 00000000..1fd3692f
--- /dev/null
+++ b/client/3rd/ShadowSocks/ShadowSocks/libsodium/lib/Clibsodium.xcframework/ios-arm64/Headers/sodium/crypto_pwhash_scryptsalsa208sha256.h
@@ -0,0 +1,120 @@
+#ifndef crypto_pwhash_scryptsalsa208sha256_H
+#define crypto_pwhash_scryptsalsa208sha256_H
+
+#include <limits.h>
+#include <stddef.h>
+#include <stdint.h>
+
+#include "export.h"
+
+#ifdef __cplusplus
+# ifdef __GNUC__
+#  pragma GCC diagnostic ignored "-Wlong-long"
+# endif
+extern "C" {
+#endif
+
+#define crypto_pwhash_scryptsalsa208sha256_BYTES_MIN 16U
+SODIUM_EXPORT
+size_t crypto_pwhash_scryptsalsa208sha256_bytes_min(void);
+
+#define crypto_pwhash_scryptsalsa208sha256_BYTES_MAX \
+    SODIUM_MIN(SODIUM_SIZE_MAX, 0x1fffffffe0ULL)
+SODIUM_EXPORT
+size_t crypto_pwhash_scryptsalsa208sha256_bytes_max(void);
+
+#define crypto_pwhash_scryptsalsa208sha256_PASSWD_MIN 0U
+SODIUM_EXPORT
+size_t crypto_pwhash_scryptsalsa208sha256_passwd_min(void);
+
+#define crypto_pwhash_scryptsalsa208sha256_PASSWD_MAX SODIUM_SIZE_MAX
+SODIUM_EXPORT
+size_t crypto_pwhash_scryptsalsa208sha256_passwd_max(void);
+
+#define crypto_pwhash_scryptsalsa208sha256_SALTBYTES 32U
+SODIUM_EXPORT
+size_t crypto_pwhash_scryptsalsa208sha256_saltbytes(void);
+
+#define crypto_pwhash_scryptsalsa208sha256_STRBYTES 102U
+SODIUM_EXPORT
+size_t crypto_pwhash_scryptsalsa208sha256_strbytes(void);
+
+#define crypto_pwhash_scryptsalsa208sha256_STRPREFIX "$7$"
+SODIUM_EXPORT
+const char *crypto_pwhash_scryptsalsa208sha256_strprefix(void);
+
+#define crypto_pwhash_scryptsalsa208sha256_OPSLIMIT_MIN 32768U
+SODIUM_EXPORT
+unsigned long long crypto_pwhash_scryptsalsa208sha256_opslimit_min(void);
+
+#define crypto_pwhash_scryptsalsa208sha256_OPSLIMIT_MAX 4294967295U
+SODIUM_EXPORT
+unsigned long long crypto_pwhash_scryptsalsa208sha256_opslimit_max(void);
+
+#define crypto_pwhash_scryptsalsa208sha256_MEMLIMIT_MIN 16777216U
+SODIUM_EXPORT
+size_t crypto_pwhash_scryptsalsa208sha256_memlimit_min(void);
+
+#define crypto_pwhash_scryptsalsa208sha256_MEMLIMIT_MAX \
+    SODIUM_MIN(SIZE_MAX, 68719476736ULL)
+SODIUM_EXPORT
+size_t crypto_pwhash_scryptsalsa208sha256_memlimit_max(void);
+
+#define crypto_pwhash_scryptsalsa208sha256_OPSLIMIT_INTERACTIVE 524288U
+SODIUM_EXPORT
+unsigned long long crypto_pwhash_scryptsalsa208sha256_opslimit_interactive(void);
+
+#define crypto_pwhash_scryptsalsa208sha256_MEMLIMIT_INTERACTIVE 16777216U
+SODIUM_EXPORT
+size_t crypto_pwhash_scryptsalsa208sha256_memlimit_interactive(void);
+
+#define crypto_pwhash_scryptsalsa208sha256_OPSLIMIT_SENSITIVE 33554432U
+SODIUM_EXPORT
+unsigned long long crypto_pwhash_scryptsalsa208sha256_opslimit_sensitive(void);
+
+#define crypto_pwhash_scryptsalsa208sha256_MEMLIMIT_SENSITIVE 1073741824U
+SODIUM_EXPORT
+size_t crypto_pwhash_scryptsalsa208sha256_memlimit_sensitive(void);
+
+SODIUM_EXPORT
+int crypto_pwhash_scryptsalsa208sha256(unsigned char * const out,
+                                       unsigned long long outlen,
+                                       const char * const passwd,
+                                       unsigned long long passwdlen,
+                                       const unsigned char * const salt,
+                                       unsigned long long opslimit,
+                                       size_t memlimit)
+            __attribute__ ((warn_unused_result)) __attribute__ ((nonnull));
+
+SODIUM_EXPORT
+int crypto_pwhash_scryptsalsa208sha256_str(char out[crypto_pwhash_scryptsalsa208sha256_STRBYTES],
+                                           const char * const passwd,
+                                           unsigned long long passwdlen,
+                                           unsigned long long opslimit,
+                                           size_t memlimit)
+            __attribute__ ((warn_unused_result)) __attribute__ ((nonnull));
+
+SODIUM_EXPORT
+int crypto_pwhash_scryptsalsa208sha256_str_verify(const char * str,
+                                                  const char * const passwd,
+                                                  unsigned long long passwdlen)
+            __attribute__ ((warn_unused_result)) __attribute__ ((nonnull));
+
+SODIUM_EXPORT
+int crypto_pwhash_scryptsalsa208sha256_ll(const uint8_t * passwd, size_t passwdlen,
+                                          const uint8_t * salt, size_t saltlen,
+                                          uint64_t N, uint32_t r, uint32_t p,
+                                          uint8_t * buf, size_t buflen)
+            __attribute__ ((warn_unused_result)) __attribute__ ((nonnull));
+
+SODIUM_EXPORT
+int crypto_pwhash_scryptsalsa208sha256_str_needs_rehash(const char * str,
+                                                        unsigned long long opslimit,
+                                                        size_t memlimit)
+            __attribute__ ((warn_unused_result))  __attribute__ ((nonnull));
+
+#ifdef __cplusplus
+}
+#endif
+
+#endif
diff --git a/client/3rd/ShadowSocks/ShadowSocks/libsodium/lib/Clibsodium.xcframework/ios-arm64/Headers/sodium/crypto_scalarmult.h b/client/3rd/ShadowSocks/ShadowSocks/libsodium/lib/Clibsodium.xcframework/ios-arm64/Headers/sodium/crypto_scalarmult.h
new file mode 100644
index 00000000..1c685853
--- /dev/null
+++ b/client/3rd/ShadowSocks/ShadowSocks/libsodium/lib/Clibsodium.xcframework/ios-arm64/Headers/sodium/crypto_scalarmult.h
@@ -0,0 +1,46 @@
+#ifndef crypto_scalarmult_H
+#define crypto_scalarmult_H
+
+#include <stddef.h>
+
+#include "crypto_scalarmult_curve25519.h"
+#include "export.h"
+
+#ifdef __cplusplus
+extern "C" {
+#endif
+
+#define crypto_scalarmult_BYTES crypto_scalarmult_curve25519_BYTES
+SODIUM_EXPORT
+size_t  crypto_scalarmult_bytes(void);
+
+#define crypto_scalarmult_SCALARBYTES crypto_scalarmult_curve25519_SCALARBYTES
+SODIUM_EXPORT
+size_t  crypto_scalarmult_scalarbytes(void);
+
+#define crypto_scalarmult_PRIMITIVE "curve25519"
+SODIUM_EXPORT
+const char *crypto_scalarmult_primitive(void);
+
+SODIUM_EXPORT
+int crypto_scalarmult_base(unsigned char *q, const unsigned char *n)
+            __attribute__ ((nonnull));
+
+/*
+ * NOTE: Do not use the result of this function directly for key exchange.
+ *
+ * Hash the result with the public keys in order to compute a shared
+ * secret key: H(q || client_pk || server_pk)
+ *
+ * Or unless this is not an option, use the crypto_kx() API instead.
+ */
+SODIUM_EXPORT
+int crypto_scalarmult(unsigned char *q, const unsigned char *n,
+                      const unsigned char *p)
+            __attribute__ ((warn_unused_result)) __attribute__ ((nonnull));
+
+#ifdef __cplusplus
+}
+#endif
+
+#endif
diff --git a/client/3rd/ShadowSocks/ShadowSocks/libsodium/lib/Clibsodium.xcframework/ios-arm64/Headers/sodium/crypto_scalarmult_curve25519.h b/client/3rd/ShadowSocks/ShadowSocks/libsodium/lib/Clibsodium.xcframework/ios-arm64/Headers/sodium/crypto_scalarmult_curve25519.h
new file mode 100644
index 00000000..60e9d0c5
--- /dev/null
+++ b/client/3rd/ShadowSocks/ShadowSocks/libsodium/lib/Clibsodium.xcframework/ios-arm64/Headers/sodium/crypto_scalarmult_curve25519.h
@@ -0,0 +1,42 @@
+#ifndef crypto_scalarmult_curve25519_H
+#define crypto_scalarmult_curve25519_H
+
+#include <stddef.h>
+
+#include "export.h"
+
+#ifdef __cplusplus
+extern "C" {
+#endif
+
+#define crypto_scalarmult_curve25519_BYTES 32U
+SODIUM_EXPORT
+size_t crypto_scalarmult_curve25519_bytes(void);
+
+#define crypto_scalarmult_curve25519_SCALARBYTES 32U
+SODIUM_EXPORT
+size_t crypto_scalarmult_curve25519_scalarbytes(void);
+
+/*
+ * NOTE: Do not use the result of this function directly for key exchange.
+ *
+ * Hash the result with the public keys in order to compute a shared
+ * secret key: H(q || client_pk || server_pk)
+ *
+ * Or unless this is not an option, use the crypto_kx() API instead.
+ */
+SODIUM_EXPORT
+int crypto_scalarmult_curve25519(unsigned char *q, const unsigned char *n,
+                                 const unsigned char *p)
+            __attribute__ ((warn_unused_result)) __attribute__ ((nonnull));
+
+SODIUM_EXPORT
+int crypto_scalarmult_curve25519_base(unsigned char *q,
+                                      const unsigned char *n)
+            __attribute__ ((nonnull));
+
+#ifdef __cplusplus
+}
+#endif
+
+#endif
diff --git a/client/3rd/ShadowSocks/ShadowSocks/libsodium/lib/Clibsodium.xcframework/ios-arm64/Headers/sodium/crypto_scalarmult_ed25519.h b/client/3rd/ShadowSocks/ShadowSocks/libsodium/lib/Clibsodium.xcframework/ios-arm64/Headers/sodium/crypto_scalarmult_ed25519.h
new file mode 100644
index 00000000..2dfa4d70
--- /dev/null
+++ b/client/3rd/ShadowSocks/ShadowSocks/libsodium/lib/Clibsodium.xcframework/ios-arm64/Headers/sodium/crypto_scalarmult_ed25519.h
@@ -0,0 +1,51 @@
+
+#ifndef crypto_scalarmult_ed25519_H
+#define crypto_scalarmult_ed25519_H
+
+#include <stddef.h>
+
+#include "export.h"
+
+#ifdef __cplusplus
+extern "C" {
+#endif
+
+#define crypto_scalarmult_ed25519_BYTES 32U
+SODIUM_EXPORT
+size_t crypto_scalarmult_ed25519_bytes(void);
+
+#define crypto_scalarmult_ed25519_SCALARBYTES 32U
+SODIUM_EXPORT
+size_t crypto_scalarmult_ed25519_scalarbytes(void);
+
+/*
+ * NOTE: Do not use the result of this function directly for key exchange.
+ *
+ * Hash the result with the public keys in order to compute a shared
+ * secret key: H(q || client_pk || server_pk)
+ *
+ * Or unless this is not an option, use the crypto_kx() API instead.
+ */
+SODIUM_EXPORT
+int crypto_scalarmult_ed25519(unsigned char *q, const unsigned char *n,
+                              const unsigned char *p)
+            __attribute__ ((warn_unused_result)) __attribute__ ((nonnull));
+
+SODIUM_EXPORT
+int crypto_scalarmult_ed25519_noclamp(unsigned char *q, const unsigned char *n,
+                                      const unsigned char *p)
+            __attribute__ ((warn_unused_result)) __attribute__ ((nonnull));
+
+SODIUM_EXPORT
+int crypto_scalarmult_ed25519_base(unsigned char *q, const unsigned char *n)
+            __attribute__ ((nonnull));
+
+SODIUM_EXPORT
+int crypto_scalarmult_ed25519_base_noclamp(unsigned char *q, const unsigned char *n)
+            __attribute__ ((nonnull));
+
+#ifdef __cplusplus
+}
+#endif
+
+#endif
diff --git a/client/3rd/ShadowSocks/ShadowSocks/libsodium/lib/Clibsodium.xcframework/ios-arm64/Headers/sodium/crypto_scalarmult_ristretto255.h b/client/3rd/ShadowSocks/ShadowSocks/libsodium/lib/Clibsodium.xcframework/ios-arm64/Headers/sodium/crypto_scalarmult_ristretto255.h
new file mode 100644
index 00000000..40a45cce
--- /dev/null
+++ b/client/3rd/ShadowSocks/ShadowSocks/libsodium/lib/Clibsodium.xcframework/ios-arm64/Headers/sodium/crypto_scalarmult_ristretto255.h
@@ -0,0 +1,43 @@
+
+#ifndef crypto_scalarmult_ristretto255_H
+#define crypto_scalarmult_ristretto255_H
+
+#include <stddef.h>
+
+#include "export.h"
+
+#ifdef __cplusplus
+extern "C" {
+#endif
+
+#define crypto_scalarmult_ristretto255_BYTES 32U
+SODIUM_EXPORT
+size_t crypto_scalarmult_ristretto255_bytes(void);
+
+#define crypto_scalarmult_ristretto255_SCALARBYTES 32U
+SODIUM_EXPORT
+size_t crypto_scalarmult_ristretto255_scalarbytes(void);
+
+/*
+ * NOTE: Do not use the result of this function directly for key exchange.
+ *
+ * Hash the result with the public keys in order to compute a shared
+ * secret key: H(q || client_pk || server_pk)
+ *
+ * Or unless this is not an option, use the crypto_kx() API instead.
+ */
+SODIUM_EXPORT
+int crypto_scalarmult_ristretto255(unsigned char *q, const unsigned char *n,
+                                   const unsigned char *p)
+            __attribute__ ((warn_unused_result)) __attribute__ ((nonnull));
+
+SODIUM_EXPORT
+int crypto_scalarmult_ristretto255_base(unsigned char *q,
+                                        const unsigned char *n)
+            __attribute__ ((nonnull));
+
+#ifdef __cplusplus
+}
+#endif
+
+#endif
diff --git a/client/3rd/ShadowSocks/ShadowSocks/libsodium/lib/Clibsodium.xcframework/ios-arm64/Headers/sodium/crypto_secretbox.h b/client/3rd/ShadowSocks/ShadowSocks/libsodium/lib/Clibsodium.xcframework/ios-arm64/Headers/sodium/crypto_secretbox.h
new file mode 100644
index 00000000..68024b45
--- /dev/null
+++ b/client/3rd/ShadowSocks/ShadowSocks/libsodium/lib/Clibsodium.xcframework/ios-arm64/Headers/sodium/crypto_secretbox.h
@@ -0,0 +1,94 @@
+#ifndef crypto_secretbox_H
+#define crypto_secretbox_H
+
+#include <stddef.h>
+
+#include "crypto_secretbox_xsalsa20poly1305.h"
+#include "export.h"
+
+#ifdef __cplusplus
+# ifdef __GNUC__
+#  pragma GCC diagnostic ignored "-Wlong-long"
+# endif
+extern "C" {
+#endif
+
+#define crypto_secretbox_KEYBYTES crypto_secretbox_xsalsa20poly1305_KEYBYTES
+SODIUM_EXPORT
+size_t  crypto_secretbox_keybytes(void);
+
+#define crypto_secretbox_NONCEBYTES crypto_secretbox_xsalsa20poly1305_NONCEBYTES
+SODIUM_EXPORT
+size_t  crypto_secretbox_noncebytes(void);
+
+#define crypto_secretbox_MACBYTES crypto_secretbox_xsalsa20poly1305_MACBYTES
+SODIUM_EXPORT
+size_t  crypto_secretbox_macbytes(void);
+
+#define crypto_secretbox_PRIMITIVE "xsalsa20poly1305"
+SODIUM_EXPORT
+const char *crypto_secretbox_primitive(void);
+
+#define crypto_secretbox_MESSAGEBYTES_MAX crypto_secretbox_xsalsa20poly1305_MESSAGEBYTES_MAX
+SODIUM_EXPORT
+size_t crypto_secretbox_messagebytes_max(void);
+
+SODIUM_EXPORT
+int crypto_secretbox_easy(unsigned char *c, const unsigned char *m,
+                          unsigned long long mlen, const unsigned char *n,
+                          const unsigned char *k) __attribute__ ((nonnull(1, 4, 5)));
+
+SODIUM_EXPORT
+int crypto_secretbox_open_easy(unsigned char *m, const unsigned char *c,
+                               unsigned long long clen, const unsigned char *n,
+                               const unsigned char *k)
+            __attribute__ ((warn_unused_result)) __attribute__ ((nonnull(2, 4, 5)));
+
+SODIUM_EXPORT
+int crypto_secretbox_detached(unsigned char *c, unsigned char *mac,
+                              const unsigned char *m,
+                              unsigned long long mlen,
+                              const unsigned char *n,
+                              const unsigned char *k)
+            __attribute__ ((nonnull(1, 2, 5, 6)));
+
+SODIUM_EXPORT
+int crypto_secretbox_open_detached(unsigned char *m,
+                                   const unsigned char *c,
+                                   const unsigned char *mac,
+                                   unsigned long long clen,
+                                   const unsigned char *n,
+                                   const unsigned char *k)
+            __attribute__ ((warn_unused_result)) __attribute__ ((nonnull(2, 3, 5, 6)));
+
+SODIUM_EXPORT
+void crypto_secretbox_keygen(unsigned char k[crypto_secretbox_KEYBYTES])
+            __attribute__ ((nonnull));
+
+/* -- NaCl compatibility interface ; Requires padding -- */
+
+#define crypto_secretbox_ZEROBYTES crypto_secretbox_xsalsa20poly1305_ZEROBYTES
+SODIUM_EXPORT
+size_t  crypto_secretbox_zerobytes(void) __attribute__ ((deprecated));
+
+#define crypto_secretbox_BOXZEROBYTES crypto_secretbox_xsalsa20poly1305_BOXZEROBYTES
+SODIUM_EXPORT
+size_t  crypto_secretbox_boxzerobytes(void) __attribute__ ((deprecated));
+
+SODIUM_EXPORT
+int crypto_secretbox(unsigned char *c, const unsigned char *m,
+                     unsigned long long mlen, const unsigned char *n,
+                     const unsigned char *k)
+            __attribute__ ((deprecated)) __attribute__ ((nonnull(1, 4, 5)));
+
+SODIUM_EXPORT
+int crypto_secretbox_open(unsigned char *m, const unsigned char *c,
+                          unsigned long long clen, const unsigned char *n,
+                          const unsigned char *k)
+            __attribute__ ((deprecated)) __attribute__ ((warn_unused_result)) __attribute__ ((nonnull(2, 4, 5)));
+
+#ifdef __cplusplus
+}
+#endif
+
+#endif
diff --git a/client/3rd/ShadowSocks/ShadowSocks/libsodium/lib/Clibsodium.xcframework/ios-arm64/Headers/sodium/crypto_secretbox_xchacha20poly1305.h b/client/3rd/ShadowSocks/ShadowSocks/libsodium/lib/Clibsodium.xcframework/ios-arm64/Headers/sodium/crypto_secretbox_xchacha20poly1305.h
new file mode 100644
index 00000000..6ec674e3
--- /dev/null
+++ b/client/3rd/ShadowSocks/ShadowSocks/libsodium/lib/Clibsodium.xcframework/ios-arm64/Headers/sodium/crypto_secretbox_xchacha20poly1305.h
@@ -0,0 +1,70 @@
+#ifndef crypto_secretbox_xchacha20poly1305_H
+#define crypto_secretbox_xchacha20poly1305_H
+
+#include <stddef.h>
+#include "crypto_stream_xchacha20.h"
+#include "export.h"
+
+#ifdef __cplusplus
+# ifdef __GNUC__
+#  pragma GCC diagnostic ignored "-Wlong-long"
+# endif
+extern "C" {
+#endif
+
+#define crypto_secretbox_xchacha20poly1305_KEYBYTES 32U
+SODIUM_EXPORT
+size_t crypto_secretbox_xchacha20poly1305_keybytes(void);
+
+#define crypto_secretbox_xchacha20poly1305_NONCEBYTES 24U
+SODIUM_EXPORT
+size_t crypto_secretbox_xchacha20poly1305_noncebytes(void);
+
+#define crypto_secretbox_xchacha20poly1305_MACBYTES 16U
+SODIUM_EXPORT
+size_t crypto_secretbox_xchacha20poly1305_macbytes(void);
+
+#define crypto_secretbox_xchacha20poly1305_MESSAGEBYTES_MAX \
+    (crypto_stream_xchacha20_MESSAGEBYTES_MAX - crypto_secretbox_xchacha20poly1305_MACBYTES)
+SODIUM_EXPORT
+size_t crypto_secretbox_xchacha20poly1305_messagebytes_max(void);
+
+SODIUM_EXPORT
+int crypto_secretbox_xchacha20poly1305_easy(unsigned char *c,
+                                            const unsigned char *m,
+                                            unsigned long long mlen,
+                                            const unsigned char *n,
+                                            const unsigned char *k)
+            __attribute__ ((nonnull(1, 4, 5)));
+
+SODIUM_EXPORT
+int crypto_secretbox_xchacha20poly1305_open_easy(unsigned char *m,
+                                                 const unsigned char *c,
+                                                 unsigned long long clen,
+                                                 const unsigned char *n,
+                                                 const unsigned char *k)
+            __attribute__ ((warn_unused_result)) __attribute__ ((nonnull(2, 4, 5)));
+
+SODIUM_EXPORT
+int crypto_secretbox_xchacha20poly1305_detached(unsigned char *c,
+                                                unsigned char *mac,
+                                                const unsigned char *m,
+                                                unsigned long long mlen,
+                                                const unsigned char *n,
+                                                const unsigned char *k)
+            __attribute__ ((nonnull(1, 2, 5, 6)));
+
+SODIUM_EXPORT
+int crypto_secretbox_xchacha20poly1305_open_detached(unsigned char *m,
+                                                     const unsigned char *c,
+                                                     const unsigned char *mac,
+                                                     unsigned long long clen,
+                                                     const unsigned char *n,
+                                                     const unsigned char *k)
+            __attribute__ ((warn_unused_result)) __attribute__ ((nonnull(2, 3, 5, 6)));
+
+#ifdef __cplusplus
+}
+#endif
+
+#endif
diff --git a/client/3rd/ShadowSocks/ShadowSocks/libsodium/lib/Clibsodium.xcframework/ios-arm64/Headers/sodium/crypto_secretbox_xsalsa20poly1305.h b/client/3rd/ShadowSocks/ShadowSocks/libsodium/lib/Clibsodium.xcframework/ios-arm64/Headers/sodium/crypto_secretbox_xsalsa20poly1305.h
new file mode 100644
index 00000000..81bff3d6
--- /dev/null
+++ b/client/3rd/ShadowSocks/ShadowSocks/libsodium/lib/Clibsodium.xcframework/ios-arm64/Headers/sodium/crypto_secretbox_xsalsa20poly1305.h
@@ -0,0 +1,71 @@
+#ifndef crypto_secretbox_xsalsa20poly1305_H
+#define crypto_secretbox_xsalsa20poly1305_H
+
+#include <stddef.h>
+#include "crypto_stream_xsalsa20.h"
+#include "export.h"
+
+#ifdef __cplusplus
+# ifdef __GNUC__
+#  pragma GCC diagnostic ignored "-Wlong-long"
+# endif
+extern "C" {
+#endif
+
+#define crypto_secretbox_xsalsa20poly1305_KEYBYTES 32U
+SODIUM_EXPORT
+size_t crypto_secretbox_xsalsa20poly1305_keybytes(void);
+
+#define crypto_secretbox_xsalsa20poly1305_NONCEBYTES 24U
+SODIUM_EXPORT
+size_t crypto_secretbox_xsalsa20poly1305_noncebytes(void);
+
+#define crypto_secretbox_xsalsa20poly1305_MACBYTES 16U
+SODIUM_EXPORT
+size_t crypto_secretbox_xsalsa20poly1305_macbytes(void);
+
+/* Only for the libsodium API - The NaCl compatibility API would require BOXZEROBYTES extra bytes */
+#define crypto_secretbox_xsalsa20poly1305_MESSAGEBYTES_MAX \
+    (crypto_stream_xsalsa20_MESSAGEBYTES_MAX - crypto_secretbox_xsalsa20poly1305_MACBYTES)
+SODIUM_EXPORT
+size_t crypto_secretbox_xsalsa20poly1305_messagebytes_max(void);
+
+SODIUM_EXPORT
+void crypto_secretbox_xsalsa20poly1305_keygen(unsigned char k[crypto_secretbox_xsalsa20poly1305_KEYBYTES])
+            __attribute__ ((nonnull));
+
+/* -- NaCl compatibility interface ; Requires padding -- */
+
+#define crypto_secretbox_xsalsa20poly1305_BOXZEROBYTES 16U
+SODIUM_EXPORT
+size_t crypto_secretbox_xsalsa20poly1305_boxzerobytes(void)
+            __attribute__ ((deprecated));
+
+#define crypto_secretbox_xsalsa20poly1305_ZEROBYTES \
+    (crypto_secretbox_xsalsa20poly1305_BOXZEROBYTES + \
+     crypto_secretbox_xsalsa20poly1305_MACBYTES)
+SODIUM_EXPORT
+size_t crypto_secretbox_xsalsa20poly1305_zerobytes(void)
+            __attribute__ ((deprecated));
+
+SODIUM_EXPORT
+int crypto_secretbox_xsalsa20poly1305(unsigned char *c,
+                                      const unsigned char *m,
+                                      unsigned long long mlen,
+                                      const unsigned char *n,
+                                      const unsigned char *k)
+            __attribute__ ((deprecated)) __attribute__ ((nonnull(1, 4, 5)));
+
+SODIUM_EXPORT
+int crypto_secretbox_xsalsa20poly1305_open(unsigned char *m,
+                                           const unsigned char *c,
+                                           unsigned long long clen,
+                                           const unsigned char *n,
+                                           const unsigned char *k)
+            __attribute__ ((deprecated)) __attribute__ ((warn_unused_result)) __attribute__ ((nonnull(2, 4, 5)));
+
+#ifdef __cplusplus
+}
+#endif
+
+#endif
diff --git a/client/3rd/ShadowSocks/ShadowSocks/libsodium/lib/Clibsodium.xcframework/ios-arm64/Headers/sodium/crypto_secretstream_xchacha20poly1305.h b/client/3rd/ShadowSocks/ShadowSocks/libsodium/lib/Clibsodium.xcframework/ios-arm64/Headers/sodium/crypto_secretstream_xchacha20poly1305.h
new file mode 100644
index 00000000..b22e4e93
--- /dev/null
+++ b/client/3rd/ShadowSocks/ShadowSocks/libsodium/lib/Clibsodium.xcframework/ios-arm64/Headers/sodium/crypto_secretstream_xchacha20poly1305.h
@@ -0,0 +1,108 @@
+#ifndef crypto_secretstream_xchacha20poly1305_H
+#define crypto_secretstream_xchacha20poly1305_H
+
+#include <stddef.h>
+
+#include "crypto_aead_xchacha20poly1305.h"
+#include "crypto_stream_chacha20.h"
+#include "export.h"
+
+#ifdef __cplusplus
+# ifdef __GNUC__
+#  pragma GCC diagnostic ignored "-Wlong-long"
+# endif
+extern "C" {
+#endif
+
+#define crypto_secretstream_xchacha20poly1305_ABYTES \
+    (1U + crypto_aead_xchacha20poly1305_ietf_ABYTES)
+SODIUM_EXPORT
+size_t crypto_secretstream_xchacha20poly1305_abytes(void);
+
+#define crypto_secretstream_xchacha20poly1305_HEADERBYTES \
+    crypto_aead_xchacha20poly1305_ietf_NPUBBYTES
+SODIUM_EXPORT
+size_t crypto_secretstream_xchacha20poly1305_headerbytes(void);
+
+#define crypto_secretstream_xchacha20poly1305_KEYBYTES \
+    crypto_aead_xchacha20poly1305_ietf_KEYBYTES
+SODIUM_EXPORT
+size_t crypto_secretstream_xchacha20poly1305_keybytes(void);
+
+#define crypto_secretstream_xchacha20poly1305_MESSAGEBYTES_MAX \
+    SODIUM_MIN(SODIUM_SIZE_MAX - crypto_secretstream_xchacha20poly1305_ABYTES, \
+              (64ULL * ((1ULL << 32) - 2ULL)))
+SODIUM_EXPORT
+size_t crypto_secretstream_xchacha20poly1305_messagebytes_max(void);
+
+#define crypto_secretstream_xchacha20poly1305_TAG_MESSAGE 0x00
+SODIUM_EXPORT
+unsigned char crypto_secretstream_xchacha20poly1305_tag_message(void);
+
+#define crypto_secretstream_xchacha20poly1305_TAG_PUSH    0x01
+SODIUM_EXPORT
+unsigned char crypto_secretstream_xchacha20poly1305_tag_push(void);
+
+#define crypto_secretstream_xchacha20poly1305_TAG_REKEY   0x02
+SODIUM_EXPORT
+unsigned char crypto_secretstream_xchacha20poly1305_tag_rekey(void);
+
+#define crypto_secretstream_xchacha20poly1305_TAG_FINAL \
+    (crypto_secretstream_xchacha20poly1305_TAG_PUSH | \
+     crypto_secretstream_xchacha20poly1305_TAG_REKEY)
+SODIUM_EXPORT
+unsigned char crypto_secretstream_xchacha20poly1305_tag_final(void);
+
+typedef struct crypto_secretstream_xchacha20poly1305_state {
+    unsigned char k[crypto_stream_chacha20_ietf_KEYBYTES];
+    unsigned char nonce[crypto_stream_chacha20_ietf_NONCEBYTES];
+    unsigned char _pad[8];
+} crypto_secretstream_xchacha20poly1305_state;
+
+SODIUM_EXPORT
+size_t crypto_secretstream_xchacha20poly1305_statebytes(void);
+
+SODIUM_EXPORT
+void crypto_secretstream_xchacha20poly1305_keygen
+   (unsigned char k[crypto_secretstream_xchacha20poly1305_KEYBYTES])
+            __attribute__ ((nonnull));
+
+SODIUM_EXPORT
+int crypto_secretstream_xchacha20poly1305_init_push
+   (crypto_secretstream_xchacha20poly1305_state *state,
+    unsigned char header[crypto_secretstream_xchacha20poly1305_HEADERBYTES],
+    const unsigned char k[crypto_secretstream_xchacha20poly1305_KEYBYTES])
+            __attribute__ ((nonnull));
+
+SODIUM_EXPORT
+int crypto_secretstream_xchacha20poly1305_push
+   (crypto_secretstream_xchacha20poly1305_state *state,
+    unsigned char *c, unsigned long long *clen_p,
+    const unsigned char *m, unsigned long long mlen,
+    const unsigned char *ad, unsigned long long adlen, unsigned char tag)
+            __attribute__ ((nonnull(1)));
+
+SODIUM_EXPORT
+int crypto_secretstream_xchacha20poly1305_init_pull
+   (crypto_secretstream_xchacha20poly1305_state *state,
+    const unsigned char header[crypto_secretstream_xchacha20poly1305_HEADERBYTES],
+    const unsigned char k[crypto_secretstream_xchacha20poly1305_KEYBYTES])
+            __attribute__ ((nonnull));
+
+SODIUM_EXPORT
+int crypto_secretstream_xchacha20poly1305_pull
+   (crypto_secretstream_xchacha20poly1305_state *state,
+    unsigned char *m, unsigned long long *mlen_p, unsigned char *tag_p,
+    const unsigned char *c, unsigned long long clen,
+    const unsigned char *ad, unsigned long long adlen)
+            __attribute__ ((nonnull(1)));
+
+SODIUM_EXPORT
+void crypto_secretstream_xchacha20poly1305_rekey
+    (crypto_secretstream_xchacha20poly1305_state *state);
+
+#ifdef __cplusplus
+}
+#endif
+
+#endif
diff --git a/client/3rd/ShadowSocks/ShadowSocks/libsodium/lib/Clibsodium.xcframework/ios-arm64/Headers/sodium/crypto_shorthash.h b/client/3rd/ShadowSocks/ShadowSocks/libsodium/lib/Clibsodium.xcframework/ios-arm64/Headers/sodium/crypto_shorthash.h
new file mode 100644
index 00000000..fecaa88b
--- /dev/null
+++ b/client/3rd/ShadowSocks/ShadowSocks/libsodium/lib/Clibsodium.xcframework/ios-arm64/Headers/sodium/crypto_shorthash.h
@@ -0,0 +1,41 @@
+#ifndef crypto_shorthash_H
+#define crypto_shorthash_H
+
+#include <stddef.h>
+
+#include "crypto_shorthash_siphash24.h"
+#include "export.h"
+
+#ifdef __cplusplus
+# ifdef __GNUC__
+#  pragma GCC diagnostic ignored "-Wlong-long"
+# endif
+extern "C" {
+#endif
+
+#define crypto_shorthash_BYTES crypto_shorthash_siphash24_BYTES
+SODIUM_EXPORT
+size_t  crypto_shorthash_bytes(void);
+
+#define crypto_shorthash_KEYBYTES crypto_shorthash_siphash24_KEYBYTES
+SODIUM_EXPORT
+size_t  crypto_shorthash_keybytes(void);
+
+#define crypto_shorthash_PRIMITIVE "siphash24"
+SODIUM_EXPORT
+const char *crypto_shorthash_primitive(void);
+
+SODIUM_EXPORT
+int crypto_shorthash(unsigned char *out, const unsigned char *in,
+                     unsigned long long inlen, const unsigned char *k)
+            __attribute__ ((nonnull(1, 4)));
+
+SODIUM_EXPORT
+void crypto_shorthash_keygen(unsigned char k[crypto_shorthash_KEYBYTES])
+            __attribute__ ((nonnull));
+
+#ifdef __cplusplus
+}
+#endif
+
+#endif
diff --git a/client/3rd/ShadowSocks/ShadowSocks/libsodium/lib/Clibsodium.xcframework/ios-arm64/Headers/sodium/crypto_shorthash_siphash24.h b/client/3rd/ShadowSocks/ShadowSocks/libsodium/lib/Clibsodium.xcframework/ios-arm64/Headers/sodium/crypto_shorthash_siphash24.h
new file mode 100644
index 00000000..1e6f72a6
--- /dev/null
+++ b/client/3rd/ShadowSocks/ShadowSocks/libsodium/lib/Clibsodium.xcframework/ios-arm64/Headers/sodium/crypto_shorthash_siphash24.h
@@ -0,0 +1,50 @@
+#ifndef crypto_shorthash_siphash24_H
+#define crypto_shorthash_siphash24_H
+
+#include <stddef.h>
+#include "export.h"
+
+#ifdef __cplusplus
+# ifdef __GNUC__
+#  pragma GCC diagnostic ignored "-Wlong-long"
+# endif
+extern "C" {
+#endif
+
+/* -- 64-bit output -- */
+
+#define crypto_shorthash_siphash24_BYTES 8U
+SODIUM_EXPORT
+size_t crypto_shorthash_siphash24_bytes(void);
+
+#define crypto_shorthash_siphash24_KEYBYTES 16U
+SODIUM_EXPORT
+size_t crypto_shorthash_siphash24_keybytes(void);
+
+SODIUM_EXPORT
+int crypto_shorthash_siphash24(unsigned char *out, const unsigned char *in,
+                               unsigned long long inlen, const unsigned char *k)
+            __attribute__ ((nonnull(1, 4)));
+
+#ifndef SODIUM_LIBRARY_MINIMAL
+/* -- 128-bit output -- */
+
+#define crypto_shorthash_siphashx24_BYTES 16U
+SODIUM_EXPORT
+size_t crypto_shorthash_siphashx24_bytes(void);
+
+#define crypto_shorthash_siphashx24_KEYBYTES 16U
+SODIUM_EXPORT
+size_t crypto_shorthash_siphashx24_keybytes(void);
+
+SODIUM_EXPORT
+int crypto_shorthash_siphashx24(unsigned char *out, const unsigned char *in,
+                                unsigned long long inlen, const unsigned char *k)
+            __attribute__ ((nonnull(1, 4)));
+#endif
+
+#ifdef __cplusplus
+}
+#endif
+
+#endif
diff --git a/client/3rd/ShadowSocks/ShadowSocks/libsodium/lib/Clibsodium.xcframework/ios-arm64/Headers/sodium/crypto_sign.h b/client/3rd/ShadowSocks/ShadowSocks/libsodium/lib/Clibsodium.xcframework/ios-arm64/Headers/sodium/crypto_sign.h
new file mode 100644
index 00000000..f5fafb12
--- /dev/null
+++ b/client/3rd/ShadowSocks/ShadowSocks/libsodium/lib/Clibsodium.xcframework/ios-arm64/Headers/sodium/crypto_sign.h
@@ -0,0 +1,107 @@
+#ifndef crypto_sign_H
+#define crypto_sign_H
+
+/*
+ * THREAD SAFETY: crypto_sign_keypair() is thread-safe,
+ * provided that sodium_init() was called before.
+ *
+ * Other functions, including crypto_sign_seed_keypair() are always thread-safe.
+ */
+
+#include <stddef.h>
+
+#include "crypto_sign_ed25519.h"
+#include "export.h"
+
+#ifdef __cplusplus
+# ifdef __GNUC__
+#  pragma GCC diagnostic ignored "-Wlong-long"
+# endif
+extern "C" {
+#endif
+
+typedef crypto_sign_ed25519ph_state crypto_sign_state;
+
+SODIUM_EXPORT
+size_t  crypto_sign_statebytes(void);
+
+#define crypto_sign_BYTES crypto_sign_ed25519_BYTES
+SODIUM_EXPORT
+size_t  crypto_sign_bytes(void);
+
+#define crypto_sign_SEEDBYTES crypto_sign_ed25519_SEEDBYTES
+SODIUM_EXPORT
+size_t  crypto_sign_seedbytes(void);
+
+#define crypto_sign_PUBLICKEYBYTES crypto_sign_ed25519_PUBLICKEYBYTES
+SODIUM_EXPORT
+size_t  crypto_sign_publickeybytes(void);
+
+#define crypto_sign_SECRETKEYBYTES crypto_sign_ed25519_SECRETKEYBYTES
+SODIUM_EXPORT
+size_t  crypto_sign_secretkeybytes(void);
+
+#define crypto_sign_MESSAGEBYTES_MAX crypto_sign_ed25519_MESSAGEBYTES_MAX
+SODIUM_EXPORT
+size_t  crypto_sign_messagebytes_max(void);
+
+#define crypto_sign_PRIMITIVE "ed25519"
+SODIUM_EXPORT
+const char *crypto_sign_primitive(void);
+
+SODIUM_EXPORT
+int crypto_sign_seed_keypair(unsigned char *pk, unsigned char *sk,
+                             const unsigned char *seed)
+            __attribute__ ((nonnull));
+
+SODIUM_EXPORT
+int crypto_sign_keypair(unsigned char *pk, unsigned char *sk)
+            __attribute__ ((nonnull));
+
+SODIUM_EXPORT
+int crypto_sign(unsigned char *sm, unsigned long long *smlen_p,
+                const unsigned char *m, unsigned long long mlen,
+                const unsigned char *sk) __attribute__ ((nonnull(1, 5)));
+
+SODIUM_EXPORT
+int crypto_sign_open(unsigned char *m, unsigned long long *mlen_p,
+                     const unsigned char *sm, unsigned long long smlen,
+                     const unsigned char *pk)
+            __attribute__ ((warn_unused_result)) __attribute__ ((nonnull(3, 5)));
+
+SODIUM_EXPORT
+int crypto_sign_detached(unsigned char *sig, unsigned long long *siglen_p,
+                         const unsigned char *m, unsigned long long mlen,
+                         const unsigned char *sk) __attribute__ ((nonnull(1, 5)));
+
+SODIUM_EXPORT
+int crypto_sign_verify_detached(const unsigned char *sig,
+                                const unsigned char *m,
+                                unsigned long long mlen,
+                                const unsigned char *pk)
+            __attribute__ ((warn_unused_result)) __attribute__ ((nonnull(1, 4)));
+
+SODIUM_EXPORT
+int crypto_sign_init(crypto_sign_state *state);
+
+SODIUM_EXPORT
+int crypto_sign_update(crypto_sign_state *state,
+                       const unsigned char *m, unsigned long long mlen)
+            __attribute__ ((nonnull(1)));
+
+SODIUM_EXPORT
+int crypto_sign_final_create(crypto_sign_state *state, unsigned char *sig,
+                             unsigned long long *siglen_p,
+                             const unsigned char *sk)
+            __attribute__ ((nonnull(1, 2, 4)));
+
+SODIUM_EXPORT
+int crypto_sign_final_verify(crypto_sign_state *state, const unsigned char *sig,
+                             const unsigned char *pk)
+            __attribute__ ((warn_unused_result)) __attribute__ ((nonnull));
+
+#ifdef __cplusplus
+}
+#endif
+
+#endif
diff --git a/client/3rd/ShadowSocks/ShadowSocks/libsodium/lib/Clibsodium.xcframework/ios-arm64/Headers/sodium/crypto_sign_ed25519.h b/client/3rd/ShadowSocks/ShadowSocks/libsodium/lib/Clibsodium.xcframework/ios-arm64/Headers/sodium/crypto_sign_ed25519.h
new file mode 100644
index 00000000..0fdac42d
--- /dev/null
+++ b/client/3rd/ShadowSocks/ShadowSocks/libsodium/lib/Clibsodium.xcframework/ios-arm64/Headers/sodium/crypto_sign_ed25519.h
@@ -0,0 +1,124 @@
+#ifndef crypto_sign_ed25519_H
+#define crypto_sign_ed25519_H
+
+#include <stddef.h>
+#include "crypto_hash_sha512.h"
+#include "export.h"
+
+#ifdef __cplusplus
+# ifdef __GNUC__
+#  pragma GCC diagnostic ignored "-Wlong-long"
+# endif
+extern "C" {
+#endif
+
+typedef struct crypto_sign_ed25519ph_state {
+    crypto_hash_sha512_state hs;
+} crypto_sign_ed25519ph_state;
+
+SODIUM_EXPORT
+size_t crypto_sign_ed25519ph_statebytes(void);
+
+#define crypto_sign_ed25519_BYTES 64U
+SODIUM_EXPORT
+size_t crypto_sign_ed25519_bytes(void);
+
+#define crypto_sign_ed25519_SEEDBYTES 32U
+SODIUM_EXPORT
+size_t crypto_sign_ed25519_seedbytes(void);
+
+#define crypto_sign_ed25519_PUBLICKEYBYTES 32U
+SODIUM_EXPORT
+size_t crypto_sign_ed25519_publickeybytes(void);
+
+#define crypto_sign_ed25519_SECRETKEYBYTES (32U + 32U)
+SODIUM_EXPORT
+size_t crypto_sign_ed25519_secretkeybytes(void);
+
+#define crypto_sign_ed25519_MESSAGEBYTES_MAX (SODIUM_SIZE_MAX - crypto_sign_ed25519_BYTES)
+SODIUM_EXPORT
+size_t crypto_sign_ed25519_messagebytes_max(void);
+
+SODIUM_EXPORT
+int crypto_sign_ed25519(unsigned char *sm, unsigned long long *smlen_p,
+                        const unsigned char *m, unsigned long long mlen,
+                        const unsigned char *sk)
+            __attribute__ ((nonnull(1, 5)));
+
+SODIUM_EXPORT
+int crypto_sign_ed25519_open(unsigned char *m, unsigned long long *mlen_p,
+                             const unsigned char *sm, unsigned long long smlen,
+                             const unsigned char *pk)
+            __attribute__ ((warn_unused_result)) __attribute__ ((nonnull(3, 5)));
+
+SODIUM_EXPORT
+int crypto_sign_ed25519_detached(unsigned char *sig,
+                                 unsigned long long *siglen_p,
+                                 const unsigned char *m,
+                                 unsigned long long mlen,
+                                 const unsigned char *sk)
+            __attribute__ ((nonnull(1, 5)));
+
+SODIUM_EXPORT
+int crypto_sign_ed25519_verify_detached(const unsigned char *sig,
+                                        const unsigned char *m,
+                                        unsigned long long mlen,
+                                        const unsigned char *pk)
+            __attribute__ ((warn_unused_result)) __attribute__ ((nonnull(1, 4)));
+
+SODIUM_EXPORT
+int crypto_sign_ed25519_keypair(unsigned char *pk, unsigned char *sk)
+            __attribute__ ((nonnull));
+
+SODIUM_EXPORT
+int crypto_sign_ed25519_seed_keypair(unsigned char *pk, unsigned char *sk,
+                                     const unsigned char *seed)
+            __attribute__ ((nonnull));
+
+SODIUM_EXPORT
+int crypto_sign_ed25519_pk_to_curve25519(unsigned char *curve25519_pk,
+                                         const unsigned char *ed25519_pk)
+            __attribute__ ((warn_unused_result)) __attribute__ ((nonnull));
+
+SODIUM_EXPORT
+int crypto_sign_ed25519_sk_to_curve25519(unsigned char *curve25519_sk,
+                                         const unsigned char *ed25519_sk)
+            __attribute__ ((nonnull));
+
+SODIUM_EXPORT
+int crypto_sign_ed25519_sk_to_seed(unsigned char *seed,
+                                   const unsigned char *sk)
+            __attribute__ ((nonnull));
+
+SODIUM_EXPORT
+int crypto_sign_ed25519_sk_to_pk(unsigned char *pk, const unsigned char *sk)
+            __attribute__ ((nonnull));
+
+SODIUM_EXPORT
+int crypto_sign_ed25519ph_init(crypto_sign_ed25519ph_state *state)
+            __attribute__ ((nonnull));
+
+SODIUM_EXPORT
+int crypto_sign_ed25519ph_update(crypto_sign_ed25519ph_state *state,
+                                 const unsigned char *m,
+                                 unsigned long long mlen)
+            __attribute__ ((nonnull(1)));
+
+SODIUM_EXPORT
+int crypto_sign_ed25519ph_final_create(crypto_sign_ed25519ph_state *state,
+                                       unsigned char *sig,
+                                       unsigned long long *siglen_p,
+                                       const unsigned char *sk)
+            __attribute__ ((nonnull(1, 2, 4)));
+
+SODIUM_EXPORT
+int crypto_sign_ed25519ph_final_verify(crypto_sign_ed25519ph_state *state,
+                                       const unsigned char *sig,
+                                       const unsigned char *pk)
+            __attribute__ ((warn_unused_result)) __attribute__ ((nonnull));
+
+#ifdef __cplusplus
+}
+#endif
+
+#endif
diff --git a/client/3rd/ShadowSocks/ShadowSocks/libsodium/lib/Clibsodium.xcframework/ios-arm64/Headers/sodium/crypto_stream.h b/client/3rd/ShadowSocks/ShadowSocks/libsodium/lib/Clibsodium.xcframework/ios-arm64/Headers/sodium/crypto_stream.h
new file mode 100644
index 00000000..88dab5f6
--- /dev/null
+++ b/client/3rd/ShadowSocks/ShadowSocks/libsodium/lib/Clibsodium.xcframework/ios-arm64/Headers/sodium/crypto_stream.h
@@ -0,0 +1,59 @@
+#ifndef crypto_stream_H
+#define crypto_stream_H
+
+/*
+ *  WARNING: This is just a stream cipher. It is NOT authenticated encryption.
+ *  While it provides some protection against eavesdropping, it does NOT
+ *  provide any security against active attacks.
+ *  Unless you know what you're doing, what you are looking for is probably
+ *  the crypto_box functions.
+ */
+
+#include <stddef.h>
+
+#include "crypto_stream_xsalsa20.h"
+#include "export.h"
+
+#ifdef __cplusplus
+# ifdef __GNUC__
+#  pragma GCC diagnostic ignored "-Wlong-long"
+# endif
+extern "C" {
+#endif
+
+#define crypto_stream_KEYBYTES crypto_stream_xsalsa20_KEYBYTES
+SODIUM_EXPORT
+size_t  crypto_stream_keybytes(void);
+
+#define crypto_stream_NONCEBYTES crypto_stream_xsalsa20_NONCEBYTES
+SODIUM_EXPORT
+size_t  crypto_stream_noncebytes(void);
+
+#define crypto_stream_MESSAGEBYTES_MAX crypto_stream_xsalsa20_MESSAGEBYTES_MAX
+SODIUM_EXPORT
+size_t  crypto_stream_messagebytes_max(void);
+
+#define crypto_stream_PRIMITIVE "xsalsa20"
+SODIUM_EXPORT
+const char *crypto_stream_primitive(void);
+
+SODIUM_EXPORT
+int crypto_stream(unsigned char *c, unsigned long long clen,
+                  const unsigned char *n, const unsigned char *k)
+            __attribute__ ((nonnull));
+
+SODIUM_EXPORT
+int crypto_stream_xor(unsigned char *c, const unsigned char *m,
+                      unsigned long long mlen, const unsigned char *n,
+                      const unsigned char *k)
+            __attribute__ ((nonnull));
+
+SODIUM_EXPORT
+void crypto_stream_keygen(unsigned char k[crypto_stream_KEYBYTES])
+            __attribute__ ((nonnull));
+
+#ifdef __cplusplus
+}
+#endif
+
+#endif
diff --git a/client/3rd/ShadowSocks/ShadowSocks/libsodium/lib/Clibsodium.xcframework/ios-arm64/Headers/sodium/crypto_stream_chacha20.h b/client/3rd/ShadowSocks/ShadowSocks/libsodium/lib/Clibsodium.xcframework/ios-arm64/Headers/sodium/crypto_stream_chacha20.h
new file mode 100644
index 00000000..40889755
--- /dev/null
+++ b/client/3rd/ShadowSocks/ShadowSocks/libsodium/lib/Clibsodium.xcframework/ios-arm64/Headers/sodium/crypto_stream_chacha20.h
@@ -0,0 +1,106 @@
+#ifndef crypto_stream_chacha20_H
+#define crypto_stream_chacha20_H
+
+/*
+ *  WARNING: This is just a stream cipher. It is NOT authenticated encryption.
+ *  While it provides some protection against eavesdropping, it does NOT
+ *  provide any security against active attacks.
+ *  Unless you know what you're doing, what you are looking for is probably
+ *  the crypto_box functions.
+ */
+
+#include <stddef.h>
+#include <stdint.h>
+#include "export.h"
+
+#ifdef __cplusplus
+# ifdef __GNUC__
+#  pragma GCC diagnostic ignored "-Wlong-long"
+# endif
+extern "C" {
+#endif
+
+#define crypto_stream_chacha20_KEYBYTES 32U
+SODIUM_EXPORT
+size_t crypto_stream_chacha20_keybytes(void);
+
+#define crypto_stream_chacha20_NONCEBYTES 8U
+SODIUM_EXPORT
+size_t crypto_stream_chacha20_noncebytes(void);
+
+#define crypto_stream_chacha20_MESSAGEBYTES_MAX SODIUM_SIZE_MAX
+SODIUM_EXPORT
+size_t crypto_stream_chacha20_messagebytes_max(void);
+
+/* ChaCha20 with a 64-bit nonce and a 64-bit counter, as originally designed */
+
+SODIUM_EXPORT
+int crypto_stream_chacha20(unsigned char *c, unsigned long long clen,
+                           const unsigned char *n, const unsigned char *k)
+            __attribute__ ((nonnull));
+
+SODIUM_EXPORT
+int crypto_stream_chacha20_xor(unsigned char *c, const unsigned char *m,
+                               unsigned long long mlen, const unsigned char *n,
+                               const unsigned char *k)
+            __attribute__ ((nonnull));
+
+SODIUM_EXPORT
+int crypto_stream_chacha20_xor_ic(unsigned char *c, const unsigned char *m,
+                                  unsigned long long mlen,
+                                  const unsigned char *n, uint64_t ic,
+                                  const unsigned char *k)
+            __attribute__ ((nonnull));
+
+SODIUM_EXPORT
+void crypto_stream_chacha20_keygen(unsigned char k[crypto_stream_chacha20_KEYBYTES])
+            __attribute__ ((nonnull));
+
+/* ChaCha20 with a 96-bit nonce and a 32-bit counter (IETF) */
+
+#define crypto_stream_chacha20_ietf_KEYBYTES 32U
+SODIUM_EXPORT
+size_t crypto_stream_chacha20_ietf_keybytes(void);
+
+#define crypto_stream_chacha20_ietf_NONCEBYTES 12U
+SODIUM_EXPORT
+size_t crypto_stream_chacha20_ietf_noncebytes(void);
+
+#define crypto_stream_chacha20_ietf_MESSAGEBYTES_MAX \
+    SODIUM_MIN(SODIUM_SIZE_MAX, 64ULL * (1ULL << 32))
+SODIUM_EXPORT
+size_t crypto_stream_chacha20_ietf_messagebytes_max(void);
+
+SODIUM_EXPORT
+int crypto_stream_chacha20_ietf(unsigned char *c, unsigned long long clen,
+                                const unsigned char *n, const unsigned char *k)
+            __attribute__ ((nonnull));
+
+SODIUM_EXPORT
+int crypto_stream_chacha20_ietf_xor(unsigned char *c, const unsigned char *m,
+                                    unsigned long long mlen, const unsigned char *n,
+                                    const unsigned char *k)
+            __attribute__ ((nonnull));
+
+SODIUM_EXPORT
+int crypto_stream_chacha20_ietf_xor_ic(unsigned char *c, const unsigned char *m,
+                                       unsigned long long mlen,
+                                       const unsigned char *n, uint32_t ic,
+                                       const unsigned char *k)
+            __attribute__ ((nonnull));
+
+SODIUM_EXPORT
+void crypto_stream_chacha20_ietf_keygen(unsigned char k[crypto_stream_chacha20_ietf_KEYBYTES])
+            __attribute__ ((nonnull));
+
+/* Aliases */
+
+#define crypto_stream_chacha20_IETF_KEYBYTES crypto_stream_chacha20_ietf_KEYBYTES
+#define crypto_stream_chacha20_IETF_NONCEBYTES crypto_stream_chacha20_ietf_NONCEBYTES
+#define crypto_stream_chacha20_IETF_MESSAGEBYTES_MAX crypto_stream_chacha20_ietf_MESSAGEBYTES_MAX
+
+#ifdef __cplusplus
+}
+#endif
+
+#endif
diff --git a/client/3rd/ShadowSocks/ShadowSocks/libsodium/lib/Clibsodium.xcframework/ios-arm64/Headers/sodium/crypto_stream_salsa20.h b/client/3rd/ShadowSocks/ShadowSocks/libsodium/lib/Clibsodium.xcframework/ios-arm64/Headers/sodium/crypto_stream_salsa20.h
new file mode 100644
index 00000000..45b3b3e3
--- /dev/null
+++ b/client/3rd/ShadowSocks/ShadowSocks/libsodium/lib/Clibsodium.xcframework/ios-arm64/Headers/sodium/crypto_stream_salsa20.h
@@ -0,0 +1,61 @@
+#ifndef crypto_stream_salsa20_H
+#define crypto_stream_salsa20_H
+
+/*
+ *  WARNING: This is just a stream cipher. It is NOT authenticated encryption.
+ *  While it provides some protection against eavesdropping, it does NOT
+ *  provide any security against active attacks.
+ *  Unless you know what you're doing, what you are looking for is probably
+ *  the crypto_box functions.
+ */
+
+#include <stddef.h>
+#include <stdint.h>
+#include "export.h"
+
+#ifdef __cplusplus
+# ifdef __GNUC__
+#  pragma GCC diagnostic ignored "-Wlong-long"
+# endif
+extern "C" {
+#endif
+
+#define crypto_stream_salsa20_KEYBYTES 32U
+SODIUM_EXPORT
+size_t crypto_stream_salsa20_keybytes(void);
+
+#define crypto_stream_salsa20_NONCEBYTES 8U
+SODIUM_EXPORT
+size_t crypto_stream_salsa20_noncebytes(void);
+
+#define crypto_stream_salsa20_MESSAGEBYTES_MAX SODIUM_SIZE_MAX
+SODIUM_EXPORT
+size_t crypto_stream_salsa20_messagebytes_max(void);
+
+SODIUM_EXPORT
+int crypto_stream_salsa20(unsigned char *c, unsigned long long clen,
+                          const unsigned char *n, const unsigned char *k)
+            __attribute__ ((nonnull));
+
+SODIUM_EXPORT
+int crypto_stream_salsa20_xor(unsigned char *c, const unsigned char *m,
+                              unsigned long long mlen, const unsigned char *n,
+                              const unsigned char *k)
+            __attribute__ ((nonnull));
+
+SODIUM_EXPORT
+int crypto_stream_salsa20_xor_ic(unsigned char *c, const unsigned char *m,
+                                 unsigned long long mlen,
+                                 const unsigned char *n, uint64_t ic,
+                                 const unsigned char *k)
+            __attribute__ ((nonnull));
+
+SODIUM_EXPORT
+void crypto_stream_salsa20_keygen(unsigned char k[crypto_stream_salsa20_KEYBYTES])
+            __attribute__ ((nonnull));
+
+#ifdef __cplusplus
+}
+#endif
+
+#endif
diff --git a/client/3rd/ShadowSocks/ShadowSocks/libsodium/lib/Clibsodium.xcframework/ios-arm64/Headers/sodium/crypto_stream_salsa2012.h b/client/3rd/ShadowSocks/ShadowSocks/libsodium/lib/Clibsodium.xcframework/ios-arm64/Headers/sodium/crypto_stream_salsa2012.h
new file mode 100644
index 00000000..6c5d303c
--- /dev/null
+++ b/client/3rd/ShadowSocks/ShadowSocks/libsodium/lib/Clibsodium.xcframework/ios-arm64/Headers/sodium/crypto_stream_salsa2012.h
@@ -0,0 +1,53 @@
+#ifndef crypto_stream_salsa2012_H
+#define crypto_stream_salsa2012_H
+
+/*
+ *  WARNING: This is just a stream cipher. It is NOT authenticated encryption.
+ *  While it provides some protection against eavesdropping, it does NOT
+ *  provide any security against active attacks.
+ *  Unless you know what you're doing, what you are looking for is probably
+ *  the crypto_box functions.
+ */
+
+#include <stddef.h>
+#include "export.h"
+
+#ifdef __cplusplus
+# ifdef __GNUC__
+#  pragma GCC diagnostic ignored "-Wlong-long"
+# endif
+extern "C" {
+#endif
+
+#define crypto_stream_salsa2012_KEYBYTES 32U
+SODIUM_EXPORT
+size_t crypto_stream_salsa2012_keybytes(void);
+
+#define crypto_stream_salsa2012_NONCEBYTES 8U
+SODIUM_EXPORT
+size_t crypto_stream_salsa2012_noncebytes(void);
+
+#define crypto_stream_salsa2012_MESSAGEBYTES_MAX SODIUM_SIZE_MAX
+SODIUM_EXPORT
+size_t crypto_stream_salsa2012_messagebytes_max(void);
+
+SODIUM_EXPORT
+int crypto_stream_salsa2012(unsigned char *c, unsigned long long clen,
+                            const unsigned char *n, const unsigned char *k)
+            __attribute__ ((nonnull));
+
+SODIUM_EXPORT
+int crypto_stream_salsa2012_xor(unsigned char *c, const unsigned char *m,
+                                unsigned long long mlen, const unsigned char *n,
+                                const unsigned char *k)
+            __attribute__ ((nonnull));
+
+SODIUM_EXPORT
+void crypto_stream_salsa2012_keygen(unsigned char k[crypto_stream_salsa2012_KEYBYTES])
+            __attribute__ ((nonnull));
+
+#ifdef __cplusplus
+}
+#endif
+
+#endif
diff --git a/client/3rd/ShadowSocks/ShadowSocks/libsodium/lib/Clibsodium.xcframework/ios-arm64/Headers/sodium/crypto_stream_salsa208.h b/client/3rd/ShadowSocks/ShadowSocks/libsodium/lib/Clibsodium.xcframework/ios-arm64/Headers/sodium/crypto_stream_salsa208.h
new file mode 100644
index 00000000..d574f304
--- /dev/null
+++ b/client/3rd/ShadowSocks/ShadowSocks/libsodium/lib/Clibsodium.xcframework/ios-arm64/Headers/sodium/crypto_stream_salsa208.h
@@ -0,0 +1,56 @@
+#ifndef crypto_stream_salsa208_H
+#define crypto_stream_salsa208_H
+
+/*
+ *  WARNING: This is just a stream cipher. It is NOT authenticated encryption.
+ *  While it provides some protection against eavesdropping, it does NOT
+ *  provide any security against active attacks.
+ *  Unless you know what you're doing, what you are looking for is probably
+ *  the crypto_box functions.
+ */
+
+#include <stddef.h>
+#include "export.h"
+
+#ifdef __cplusplus
+# ifdef __GNUC__
+#  pragma GCC diagnostic ignored "-Wlong-long"
+# endif
+extern "C" {
+#endif
+
+#define crypto_stream_salsa208_KEYBYTES 32U
+SODIUM_EXPORT
+size_t crypto_stream_salsa208_keybytes(void)
+            __attribute__ ((deprecated));
+
+#define crypto_stream_salsa208_NONCEBYTES 8U
+SODIUM_EXPORT
+size_t crypto_stream_salsa208_noncebytes(void)
+            __attribute__ ((deprecated));
+
+#define crypto_stream_salsa208_MESSAGEBYTES_MAX SODIUM_SIZE_MAX
+    SODIUM_EXPORT
+size_t crypto_stream_salsa208_messagebytes_max(void)
+            __attribute__ ((deprecated));
+
+SODIUM_EXPORT
+int crypto_stream_salsa208(unsigned char *c, unsigned long long clen,
+                           const unsigned char *n, const unsigned char *k)
+            __attribute__ ((deprecated)) __attribute__ ((nonnull));
+
+SODIUM_EXPORT
+int crypto_stream_salsa208_xor(unsigned char *c, const unsigned char *m,
+                               unsigned long long mlen, const unsigned char *n,
+                               const unsigned char *k)
+            __attribute__ ((deprecated)) __attribute__ ((nonnull));
+
+SODIUM_EXPORT
+void crypto_stream_salsa208_keygen(unsigned char k[crypto_stream_salsa208_KEYBYTES])
+            __attribute__ ((deprecated)) __attribute__ ((nonnull));
+
+#ifdef __cplusplus
+}
+#endif
+
+#endif
diff --git a/client/3rd/ShadowSocks/ShadowSocks/libsodium/lib/Clibsodium.xcframework/ios-arm64/Headers/sodium/crypto_stream_xchacha20.h b/client/3rd/ShadowSocks/ShadowSocks/libsodium/lib/Clibsodium.xcframework/ios-arm64/Headers/sodium/crypto_stream_xchacha20.h
new file mode 100644
index 00000000..c4002db0
--- /dev/null
+++ b/client/3rd/ShadowSocks/ShadowSocks/libsodium/lib/Clibsodium.xcframework/ios-arm64/Headers/sodium/crypto_stream_xchacha20.h
@@ -0,0 +1,61 @@
+#ifndef crypto_stream_xchacha20_H
+#define crypto_stream_xchacha20_H
+
+/*
+ *  WARNING: This is just a stream cipher. It is NOT authenticated encryption.
+ *  While it provides some protection against eavesdropping, it does NOT
+ *  provide any security against active attacks.
+ *  Unless you know what you're doing, what you are looking for is probably
+ *  the crypto_box functions.
+ */
+
+#include <stddef.h>
+#include <stdint.h>
+#include "export.h"
+
+#ifdef __cplusplus
+# ifdef __GNUC__
+#  pragma GCC diagnostic ignored "-Wlong-long"
+# endif
+extern "C" {
+#endif
+
+#define crypto_stream_xchacha20_KEYBYTES 32U
+SODIUM_EXPORT
+size_t crypto_stream_xchacha20_keybytes(void);
+
+#define crypto_stream_xchacha20_NONCEBYTES 24U
+SODIUM_EXPORT
+size_t crypto_stream_xchacha20_noncebytes(void);
+
+#define crypto_stream_xchacha20_MESSAGEBYTES_MAX SODIUM_SIZE_MAX
+SODIUM_EXPORT
+size_t crypto_stream_xchacha20_messagebytes_max(void);
+
+SODIUM_EXPORT
+int crypto_stream_xchacha20(unsigned char *c, unsigned long long clen,
+                            const unsigned char *n, const unsigned char *k)
+            __attribute__ ((nonnull));
+
+SODIUM_EXPORT
+int crypto_stream_xchacha20_xor(unsigned char *c, const unsigned char *m,
+                                unsigned long long mlen, const unsigned char *n,
+                                const unsigned char *k)
+            __attribute__ ((nonnull));
+
+SODIUM_EXPORT
+int crypto_stream_xchacha20_xor_ic(unsigned char *c, const unsigned char *m,
+                                   unsigned long long mlen,
+                                   const unsigned char *n, uint64_t ic,
+                                   const unsigned char *k)
+            __attribute__ ((nonnull));
+
+SODIUM_EXPORT
+void crypto_stream_xchacha20_keygen(unsigned char k[crypto_stream_xchacha20_KEYBYTES])
+            __attribute__ ((nonnull));
+
+#ifdef __cplusplus
+}
+#endif
+
+#endif
diff --git a/client/3rd/ShadowSocks/ShadowSocks/libsodium/lib/Clibsodium.xcframework/ios-arm64/Headers/sodium/crypto_stream_xsalsa20.h b/client/3rd/ShadowSocks/ShadowSocks/libsodium/lib/Clibsodium.xcframework/ios-arm64/Headers/sodium/crypto_stream_xsalsa20.h
new file mode 100644
index 00000000..20034e34
--- /dev/null
+++ b/client/3rd/ShadowSocks/ShadowSocks/libsodium/lib/Clibsodium.xcframework/ios-arm64/Headers/sodium/crypto_stream_xsalsa20.h
@@ -0,0 +1,61 @@
+#ifndef crypto_stream_xsalsa20_H
+#define crypto_stream_xsalsa20_H
+
+/*
+ *  WARNING: This is just a stream cipher. It is NOT authenticated encryption.
+ *  While it provides some protection against eavesdropping, it does NOT
+ *  provide any security against active attacks.
+ *  Unless you know what you're doing, what you are looking for is probably
+ *  the crypto_box functions.
+ */
+
+#include <stddef.h>
+#include <stdint.h>
+#include "export.h"
+
+#ifdef __cplusplus
+# ifdef __GNUC__
+#  pragma GCC diagnostic ignored "-Wlong-long"
+# endif
+extern "C" {
+#endif
+
+#define crypto_stream_xsalsa20_KEYBYTES 32U
+SODIUM_EXPORT
+size_t crypto_stream_xsalsa20_keybytes(void);
+
+#define crypto_stream_xsalsa20_NONCEBYTES 24U
+SODIUM_EXPORT
+size_t crypto_stream_xsalsa20_noncebytes(void);
+
+#define crypto_stream_xsalsa20_MESSAGEBYTES_MAX SODIUM_SIZE_MAX
+SODIUM_EXPORT
+size_t crypto_stream_xsalsa20_messagebytes_max(void);
+
+SODIUM_EXPORT
+int crypto_stream_xsalsa20(unsigned char *c, unsigned long long clen,
+                           const unsigned char *n, const unsigned char *k)
+            __attribute__ ((nonnull));
+
+SODIUM_EXPORT
+int crypto_stream_xsalsa20_xor(unsigned char *c, const unsigned char *m,
+                               unsigned long long mlen, const unsigned char *n,
+                               const unsigned char *k)
+            __attribute__ ((nonnull));
+
+SODIUM_EXPORT
+int crypto_stream_xsalsa20_xor_ic(unsigned char *c, const unsigned char *m,
+                                  unsigned long long mlen,
+                                  const unsigned char *n, uint64_t ic,
+                                  const unsigned char *k)
+            __attribute__ ((nonnull));
+
+SODIUM_EXPORT
+void crypto_stream_xsalsa20_keygen(unsigned char k[crypto_stream_xsalsa20_KEYBYTES])
+            __attribute__ ((nonnull));
+
+#ifdef __cplusplus
+}
+#endif
+
+#endif
diff --git a/client/3rd/ShadowSocks/ShadowSocks/libsodium/lib/Clibsodium.xcframework/ios-arm64/Headers/sodium/crypto_verify_16.h b/client/3rd/ShadowSocks/ShadowSocks/libsodium/lib/Clibsodium.xcframework/ios-arm64/Headers/sodium/crypto_verify_16.h
new file mode 100644
index 00000000..7b9c8077
--- /dev/null
+++ b/client/3rd/ShadowSocks/ShadowSocks/libsodium/lib/Clibsodium.xcframework/ios-arm64/Headers/sodium/crypto_verify_16.h
@@ -0,0 +1,23 @@
+#ifndef crypto_verify_16_H
+#define crypto_verify_16_H
+
+#include <stddef.h>
+#include "export.h"
+
+#ifdef __cplusplus
+extern "C" {
+#endif
+
+#define crypto_verify_16_BYTES 16U
+SODIUM_EXPORT
+size_t crypto_verify_16_bytes(void);
+
+SODIUM_EXPORT
+int crypto_verify_16(const unsigned char *x, const unsigned char *y)
+            __attribute__ ((warn_unused_result)) __attribute__ ((nonnull));
+
+#ifdef __cplusplus
+}
+#endif
+
+#endif
diff --git a/client/3rd/ShadowSocks/ShadowSocks/libsodium/lib/Clibsodium.xcframework/ios-arm64/Headers/sodium/crypto_verify_32.h b/client/3rd/ShadowSocks/ShadowSocks/libsodium/lib/Clibsodium.xcframework/ios-arm64/Headers/sodium/crypto_verify_32.h
new file mode 100644
index 00000000..9b0f4529
--- /dev/null
+++ b/client/3rd/ShadowSocks/ShadowSocks/libsodium/lib/Clibsodium.xcframework/ios-arm64/Headers/sodium/crypto_verify_32.h
@@ -0,0 +1,23 @@
+#ifndef crypto_verify_32_H
+#define crypto_verify_32_H
+
+#include <stddef.h>
+#include "export.h"
+
+#ifdef __cplusplus
+extern "C" {
+#endif
+
+#define crypto_verify_32_BYTES 32U
+SODIUM_EXPORT
+size_t crypto_verify_32_bytes(void);
+
+SODIUM_EXPORT
+int crypto_verify_32(const unsigned char *x, const unsigned char *y)
+            __attribute__ ((warn_unused_result)) __attribute__ ((nonnull));
+
+#ifdef __cplusplus
+}
+#endif
+
+#endif
diff --git a/client/3rd/ShadowSocks/ShadowSocks/libsodium/lib/Clibsodium.xcframework/ios-arm64/Headers/sodium/crypto_verify_64.h b/client/3rd/ShadowSocks/ShadowSocks/libsodium/lib/Clibsodium.xcframework/ios-arm64/Headers/sodium/crypto_verify_64.h
new file mode 100644
index 00000000..c83b7302
--- /dev/null
+++ b/client/3rd/ShadowSocks/ShadowSocks/libsodium/lib/Clibsodium.xcframework/ios-arm64/Headers/sodium/crypto_verify_64.h
@@ -0,0 +1,23 @@
+#ifndef crypto_verify_64_H
+#define crypto_verify_64_H
+
+#include <stddef.h>
+#include "export.h"
+
+#ifdef __cplusplus
+extern "C" {
+#endif
+
+#define crypto_verify_64_BYTES 64U
+SODIUM_EXPORT
+size_t crypto_verify_64_bytes(void);
+
+SODIUM_EXPORT
+int crypto_verify_64(const unsigned char *x, const unsigned char *y)
+            __attribute__ ((warn_unused_result)) __attribute__ ((nonnull));
+
+#ifdef __cplusplus
+}
+#endif
+
+#endif
diff --git a/client/3rd/ShadowSocks/ShadowSocks/libsodium/lib/Clibsodium.xcframework/ios-arm64/Headers/sodium/export.h b/client/3rd/ShadowSocks/ShadowSocks/libsodium/lib/Clibsodium.xcframework/ios-arm64/Headers/sodium/export.h
new file mode 100644
index 00000000..a0074fc9
--- /dev/null
+++ b/client/3rd/ShadowSocks/ShadowSocks/libsodium/lib/Clibsodium.xcframework/ios-arm64/Headers/sodium/export.h
@@ -0,0 +1,57 @@
+
+#ifndef sodium_export_H
+#define sodium_export_H
+
+#include <stddef.h>
+#include <stdint.h>
+#include <limits.h>
+
+#if !defined(__clang__) && !defined(__GNUC__)
+# ifdef __attribute__
+#  undef __attribute__
+# endif
+# define __attribute__(a)
+#endif
+
+#ifdef SODIUM_STATIC
+# define SODIUM_EXPORT
+# define SODIUM_EXPORT_WEAK
+#else
+# if defined(_MSC_VER)
+#  ifdef SODIUM_DLL_EXPORT
+#   define SODIUM_EXPORT __declspec(dllexport)
+#  else
+#   define SODIUM_EXPORT __declspec(dllimport)
+#  endif
+# else
+#  if defined(__SUNPRO_C)
+#   ifndef __GNU_C__
+#    define SODIUM_EXPORT __attribute__ (visibility(__global))
+#   else
+#    define SODIUM_EXPORT __attribute__ __global
+#   endif
+#  elif defined(_MSG_VER)
+#   define SODIUM_EXPORT extern __declspec(dllexport)
+#  else
+#   define SODIUM_EXPORT __attribute__ ((visibility ("default")))
+#  endif
+# endif
+# if defined(__ELF__) && !defined(SODIUM_DISABLE_WEAK_FUNCTIONS)
+#  define SODIUM_EXPORT_WEAK SODIUM_EXPORT __attribute__((weak))
+# else
+#  define SODIUM_EXPORT_WEAK SODIUM_EXPORT
+# endif
+#endif
+
+#ifndef CRYPTO_ALIGN
+# if defined(__INTEL_COMPILER) || defined(_MSC_VER)
+#  define CRYPTO_ALIGN(x) __declspec(align(x))
+# else
+#  define CRYPTO_ALIGN(x) __attribute__ ((aligned(x)))
+# endif
+#endif
+
+#define SODIUM_MIN(A, B) ((A) < (B) ? (A) : (B))
+#define SODIUM_SIZE_MAX SODIUM_MIN(UINT64_MAX, SIZE_MAX)
+
+#endif
diff --git a/client/3rd/ShadowSocks/ShadowSocks/libsodium/lib/Clibsodium.xcframework/ios-arm64/Headers/sodium/randombytes.h b/client/3rd/ShadowSocks/ShadowSocks/libsodium/lib/Clibsodium.xcframework/ios-arm64/Headers/sodium/randombytes.h
new file mode 100644
index 00000000..c83a4df5
--- /dev/null
+++ b/client/3rd/ShadowSocks/ShadowSocks/libsodium/lib/Clibsodium.xcframework/ios-arm64/Headers/sodium/randombytes.h
@@ -0,0 +1,72 @@
+
+#ifndef randombytes_H
+#define randombytes_H
+
+#include <stddef.h>
+#include <stdint.h>
+
+#include <sys/types.h>
+
+#include "export.h"
+
+#ifdef __cplusplus
+# ifdef __GNUC__
+#  pragma GCC diagnostic ignored "-Wlong-long"
+# endif
+extern "C" {
+#endif
+
+typedef struct randombytes_implementation {
+    const char *(*implementation_name)(void); /* required */
+    uint32_t    (*random)(void);              /* required */
+    void        (*stir)(void);                /* optional */
+    uint32_t    (*uniform)(const uint32_t upper_bound); /* optional, a default implementation will be used if NULL */
+    void        (*buf)(void * const buf, const size_t size); /* required */
+    int         (*close)(void);               /* optional */
+} randombytes_implementation;
+
+#define randombytes_BYTES_MAX SODIUM_MIN(SODIUM_SIZE_MAX, 0xffffffffUL)
+
+#define randombytes_SEEDBYTES 32U
+SODIUM_EXPORT
+size_t randombytes_seedbytes(void);
+
+SODIUM_EXPORT
+void randombytes_buf(void * const buf, const size_t size)
+            __attribute__ ((nonnull));
+
+SODIUM_EXPORT
+void randombytes_buf_deterministic(void * const buf, const size_t size,
+                                   const unsigned char seed[randombytes_SEEDBYTES])
+            __attribute__ ((nonnull));
+
+SODIUM_EXPORT
+uint32_t randombytes_random(void);
+
+SODIUM_EXPORT
+uint32_t randombytes_uniform(const uint32_t upper_bound);
+
+SODIUM_EXPORT
+void randombytes_stir(void);
+
+SODIUM_EXPORT
+int randombytes_close(void);
+
+SODIUM_EXPORT
+int randombytes_set_implementation(const randombytes_implementation *impl)
+            __attribute__ ((nonnull));
+
+SODIUM_EXPORT
+const char *randombytes_implementation_name(void);
+
+/* -- NaCl compatibility interface -- */
+
+SODIUM_EXPORT
+void randombytes(unsigned char * const buf, const unsigned long long buf_len)
+            __attribute__ ((nonnull));
+
+#ifdef __cplusplus
+}
+#endif
+
+#endif
diff --git a/client/3rd/ShadowSocks/ShadowSocks/libsodium/lib/Clibsodium.xcframework/ios-arm64/Headers/sodium/randombytes_internal_random.h b/client/3rd/ShadowSocks/ShadowSocks/libsodium/lib/Clibsodium.xcframework/ios-arm64/Headers/sodium/randombytes_internal_random.h
new file mode 100644
index 00000000..2b2b7d6e
--- /dev/null
+++ b/client/3rd/ShadowSocks/ShadowSocks/libsodium/lib/Clibsodium.xcframework/ios-arm64/Headers/sodium/randombytes_internal_random.h
@@ -0,0 +1,22 @@
+
+#ifndef randombytes_internal_random_H
+#define randombytes_internal_random_H
+
+#include "export.h"
+#include "randombytes.h"
+
+#ifdef __cplusplus
+extern "C" {
+#endif
+
+SODIUM_EXPORT
+extern struct randombytes_implementation randombytes_internal_implementation;
+
+/* Backwards compatibility with libsodium < 1.0.18 */
+#define randombytes_salsa20_implementation randombytes_internal_implementation
+
+#ifdef __cplusplus
+}
+#endif
+
+#endif
diff --git a/client/3rd/ShadowSocks/ShadowSocks/libsodium/lib/Clibsodium.xcframework/ios-arm64/Headers/sodium/randombytes_sysrandom.h b/client/3rd/ShadowSocks/ShadowSocks/libsodium/lib/Clibsodium.xcframework/ios-arm64/Headers/sodium/randombytes_sysrandom.h
new file mode 100644
index 00000000..9e27b674
--- /dev/null
+++ b/client/3rd/ShadowSocks/ShadowSocks/libsodium/lib/Clibsodium.xcframework/ios-arm64/Headers/sodium/randombytes_sysrandom.h
@@ -0,0 +1,19 @@
+
+#ifndef randombytes_sysrandom_H
+#define randombytes_sysrandom_H
+
+#include "export.h"
+#include "randombytes.h"
+
+#ifdef __cplusplus
+extern "C" {
+#endif
+
+SODIUM_EXPORT
+extern struct randombytes_implementation randombytes_sysrandom_implementation;
+
+#ifdef __cplusplus
+}
+#endif
+
+#endif
diff --git a/client/3rd/ShadowSocks/ShadowSocks/libsodium/lib/Clibsodium.xcframework/ios-arm64/Headers/sodium/runtime.h b/client/3rd/ShadowSocks/ShadowSocks/libsodium/lib/Clibsodium.xcframework/ios-arm64/Headers/sodium/runtime.h
new file mode 100644
index 00000000..c1cec853
--- /dev/null
+++ b/client/3rd/ShadowSocks/ShadowSocks/libsodium/lib/Clibsodium.xcframework/ios-arm64/Headers/sodium/runtime.h
@@ -0,0 +1,55 @@
+
+#ifndef sodium_runtime_H
+#define sodium_runtime_H
+
+#include "export.h"
+
+#ifdef __cplusplus
+extern "C" {
+#endif
+
+SODIUM_EXPORT_WEAK
+int sodium_runtime_has_neon(void);
+
+SODIUM_EXPORT_WEAK
+int sodium_runtime_has_armcrypto(void);
+
+SODIUM_EXPORT_WEAK
+int sodium_runtime_has_sse2(void);
+
+SODIUM_EXPORT_WEAK
+int sodium_runtime_has_sse3(void);
+
+SODIUM_EXPORT_WEAK
+int sodium_runtime_has_ssse3(void);
+
+SODIUM_EXPORT_WEAK
+int sodium_runtime_has_sse41(void);
+
+SODIUM_EXPORT_WEAK
+int sodium_runtime_has_avx(void);
+
+SODIUM_EXPORT_WEAK
+int sodium_runtime_has_avx2(void);
+
+SODIUM_EXPORT_WEAK
+int sodium_runtime_has_avx512f(void);
+
+SODIUM_EXPORT_WEAK
+int sodium_runtime_has_pclmul(void);
+
+SODIUM_EXPORT_WEAK
+int sodium_runtime_has_aesni(void);
+
+SODIUM_EXPORT_WEAK
+int sodium_runtime_has_rdrand(void);
+
+/* ------------------------------------------------------------------------- */
+
+int _sodium_runtime_get_cpu_features(void);
+
+#ifdef __cplusplus
+}
+#endif
+
+#endif
diff --git a/client/3rd/ShadowSocks/ShadowSocks/libsodium/lib/Clibsodium.xcframework/ios-arm64/Headers/sodium/utils.h b/client/3rd/ShadowSocks/ShadowSocks/libsodium/lib/Clibsodium.xcframework/ios-arm64/Headers/sodium/utils.h
new file mode 100644
index 00000000..f9b36979
--- /dev/null
+++ b/client/3rd/ShadowSocks/ShadowSocks/libsodium/lib/Clibsodium.xcframework/ios-arm64/Headers/sodium/utils.h
@@ -0,0 +1,179 @@
+
+#ifndef sodium_utils_H
+#define sodium_utils_H
+
+#include <stddef.h>
+
+#include "export.h"
+
+#ifdef __cplusplus
+extern "C" {
+#endif
+
+#ifndef SODIUM_C99
+# if defined(__cplusplus) || !defined(__STDC_VERSION__) || __STDC_VERSION__ < 199901L
+#  define SODIUM_C99(X)
+# else
+#  define SODIUM_C99(X) X
+# endif
+#endif
+
+SODIUM_EXPORT
+void sodium_memzero(void * const pnt, const size_t len);
+
+SODIUM_EXPORT
+void sodium_stackzero(const size_t len);
+
+/*
+ * WARNING: sodium_memcmp() must be used to verify if two secret keys
+ * are equal, in constant time.
+ * It returns 0 if the keys are equal, and -1 if they differ.
+ * This function is not designed for lexicographical comparisons.
+ */
+SODIUM_EXPORT
+int sodium_memcmp(const void * const b1_, const void * const b2_, size_t len)
+            __attribute__ ((warn_unused_result));
+
+/*
+ * sodium_compare() returns -1 if b1_ < b2_, 1 if b1_ > b2_ and 0 if b1_ == b2_
+ * It is suitable for lexicographical comparisons, or to compare nonces
+ * and counters stored in little-endian format.
+ * However, it is slower than sodium_memcmp().
+ */
+SODIUM_EXPORT
+int sodium_compare(const unsigned char *b1_, const unsigned char *b2_,
+                   size_t len) __attribute__ ((warn_unused_result));
+
+SODIUM_EXPORT
+int sodium_is_zero(const unsigned char *n, const size_t nlen);
+
+SODIUM_EXPORT
+void sodium_increment(unsigned char *n, const size_t nlen);
+
+SODIUM_EXPORT
+void sodium_add(unsigned char *a, const unsigned char *b, const size_t len);
+
+SODIUM_EXPORT
+void sodium_sub(unsigned char *a, const unsigned char *b, const size_t len);
+
+SODIUM_EXPORT
+char *sodium_bin2hex(char * const hex, const size_t hex_maxlen,
+                     const unsigned char * const bin, const size_t bin_len)
+            __attribute__ ((nonnull(1)));
+
+SODIUM_EXPORT
+int sodium_hex2bin(unsigned char * const bin, const size_t bin_maxlen,
+                   const char * const hex, const size_t hex_len,
+                   const char * const ignore, size_t * const bin_len,
+                   const char ** const hex_end)
+            __attribute__ ((nonnull(1)));
+
+#define sodium_base64_VARIANT_ORIGINAL            1
+#define sodium_base64_VARIANT_ORIGINAL_NO_PADDING 3
+#define sodium_base64_VARIANT_URLSAFE             5
+#define sodium_base64_VARIANT_URLSAFE_NO_PADDING  7
+
+/*
+ * Computes the required length to encode BIN_LEN bytes as a base64 string
+ * using the given variant. The computed length includes a trailing \0.
+ */
+#define sodium_base64_ENCODED_LEN(BIN_LEN, VARIANT) \
+    (((BIN_LEN) / 3U) * 4U + \
+    ((((BIN_LEN) - ((BIN_LEN) / 3U) * 3U) | (((BIN_LEN) - ((BIN_LEN) / 3U) * 3U) >> 1)) & 1U) * \
+     (4U - (~((((VARIANT) & 2U) >> 1) - 1U) & (3U - ((BIN_LEN) - ((BIN_LEN) / 3U) * 3U)))) + 1U)
+
+SODIUM_EXPORT
+size_t sodium_base64_encoded_len(const size_t bin_len, const int variant);
+
+SODIUM_EXPORT
+char *sodium_bin2base64(char * const b64, const size_t b64_maxlen,
+                        const unsigned char * const bin, const size_t bin_len,
+                        const int variant) __attribute__ ((nonnull(1)));
+
+SODIUM_EXPORT
+int sodium_base642bin(unsigned char * const bin, const size_t bin_maxlen,
+                      const char * const b64, const size_t b64_len,
+                      const char * const ignore, size_t * const bin_len,
+                      const char ** const b64_end, const int variant)
+            __attribute__ ((nonnull(1)));
+
+SODIUM_EXPORT
+int sodium_mlock(void * const addr, const size_t len)
+            __attribute__ ((nonnull));
+
+SODIUM_EXPORT
+int sodium_munlock(void * const addr, const size_t len)
+            __attribute__ ((nonnull));
+
+/* WARNING: sodium_malloc() and sodium_allocarray() are not general-purpose
+ * allocation functions.
+ *
+ * They return a pointer to a region filled with 0xd0 bytes, immediately
+ * followed by a guard page.
+ * As a result, accessing a single byte after the requested allocation size
+ * will intentionally trigger a segmentation fault.
+ *
+ * A canary and an additional guard page placed before the beginning of the
+ * region may also kill the process if a buffer underflow is detected.
+ *
+ * The memory layout is:
+ * [unprotected region size (read only)][guard page (no access)][unprotected pages (read/write)][guard page (no access)]
+ * With the layout of the unprotected pages being:
+ * [optional padding][16-bytes canary][user region]
+ *
+ * However:
+ * - These functions are significantly slower than standard functions
+ * - Each allocation requires 3 or 4 additional pages
+ * - The returned address will not be aligned if the allocation size is not
+ *   a multiple of the required alignment. For this reason, these functions
+ *   are designed to store data, such as secret keys and messages.
+ *
+ * sodium_malloc() can be used to allocate any libsodium data structure.
+ *
+ * The crypto_generichash_state structure is packed and its length is
+ * either 357 or 361 bytes. For this reason, when using sodium_malloc() to
+ * allocate a crypto_generichash_state structure, padding must be added in
+ * order to ensure proper alignment. crypto_generichash_statebytes()
+ * returns the rounded up structure size, and should be preferred to sizeof():
+ * state = sodium_malloc(crypto_generichash_statebytes());
+ */
+
+SODIUM_EXPORT
+void *sodium_malloc(const size_t size)
+            __attribute__ ((malloc));
+
+SODIUM_EXPORT
+void *sodium_allocarray(size_t count, size_t size)
+            __attribute__ ((malloc));
+
+SODIUM_EXPORT
+void sodium_free(void *ptr);
+
+SODIUM_EXPORT
+int sodium_mprotect_noaccess(void *ptr) __attribute__ ((nonnull));
+
+SODIUM_EXPORT
+int sodium_mprotect_readonly(void *ptr) __attribute__ ((nonnull));
+
+SODIUM_EXPORT
+int sodium_mprotect_readwrite(void *ptr) __attribute__ ((nonnull));
+
+SODIUM_EXPORT
+int sodium_pad(size_t *padded_buflen_p, unsigned char *buf,
+               size_t unpadded_buflen, size_t blocksize, size_t max_buflen)
+            __attribute__ ((nonnull(2)));
+
+SODIUM_EXPORT
+int sodium_unpad(size_t *unpadded_buflen_p, const unsigned char *buf,
+                 size_t padded_buflen, size_t blocksize)
+            __attribute__ ((nonnull(2)));
+
+/* -------- */
+
+int _sodium_alloc_init(void);
+
+#ifdef __cplusplus
+}
+#endif
+
+#endif
diff --git a/client/3rd/ShadowSocks/ShadowSocks/libsodium/lib/Clibsodium.xcframework/ios-arm64/Headers/sodium/version.h b/client/3rd/ShadowSocks/ShadowSocks/libsodium/lib/Clibsodium.xcframework/ios-arm64/Headers/sodium/version.h
new file mode 100644
index 00000000..cc60e448
--- /dev/null
+++ b/client/3rd/ShadowSocks/ShadowSocks/libsodium/lib/Clibsodium.xcframework/ios-arm64/Headers/sodium/version.h
@@ -0,0 +1,33 @@
+
+#ifndef sodium_version_H
+#define sodium_version_H
+
+#include "export.h"
+
+#define SODIUM_VERSION_STRING "1.0.18"
+
+#define SODIUM_LIBRARY_VERSION_MAJOR 11
+#define SODIUM_LIBRARY_VERSION_MINOR 0
+#define SODIUM_LIBRARY_MINIMAL 1
+
+#ifdef __cplusplus
+extern "C" {
+#endif
+
+SODIUM_EXPORT
+const char *sodium_version_string(void);
+
+SODIUM_EXPORT
+int         sodium_library_version_major(void);
+
+SODIUM_EXPORT
+int         sodium_library_version_minor(void);
+
+SODIUM_EXPORT
+int         sodium_library_minimal(void);
+
+#ifdef __cplusplus
+}
+#endif
+
+#endif
diff --git a/client/3rd/ShadowSocks/ShadowSocks/libsodium/lib/Clibsodium.xcframework/ios-arm64/libsodium.a b/client/3rd/ShadowSocks/ShadowSocks/libsodium/lib/Clibsodium.xcframework/ios-arm64/libsodium.a
new file mode 100644
index 00000000..6698ea1d
Binary files /dev/null and b/client/3rd/ShadowSocks/ShadowSocks/libsodium/lib/Clibsodium.xcframework/ios-arm64/libsodium.a differ
diff --git a/client/3rd/ShadowSocks/ShadowSocks/libsodium/lib/libsodium.27.dylib b/client/3rd/ShadowSocks/ShadowSocks/libsodium/lib/libsodium.27.dylib
new file mode 100755
index 00000000..3aff9226
Binary files /dev/null and b/client/3rd/ShadowSocks/ShadowSocks/libsodium/lib/libsodium.27.dylib differ
diff --git a/client/3rd/ShadowSocks/ShadowSocks/libsodium/lib/libsodium.a b/client/3rd/ShadowSocks/ShadowSocks/libsodium/lib/libsodium.a
new file mode 100644
index 00000000..6698ea1d
Binary files /dev/null and b/client/3rd/ShadowSocks/ShadowSocks/libsodium/lib/libsodium.a differ
diff --git a/client/3rd/ShadowSocks/ShadowSocks/libsodium/lib/libsodium.dylib b/client/3rd/ShadowSocks/ShadowSocks/libsodium/lib/libsodium.dylib
new file mode 120000
index 00000000..7f3f6fe6
--- /dev/null
+++ b/client/3rd/ShadowSocks/ShadowSocks/libsodium/lib/libsodium.dylib
@@ -0,0 +1 @@
+libsodium.27.dylib
\ No newline at end of file
diff --git a/client/3rd/ShadowSocks/ShadowSocks/libsodium/lib/libsodium.la b/client/3rd/ShadowSocks/ShadowSocks/libsodium/lib/libsodium.la
new file mode 100755
index 00000000..f960ec8f
--- /dev/null
+++ b/client/3rd/ShadowSocks/ShadowSocks/libsodium/lib/libsodium.la
@@ -0,0 +1,41 @@
+# libsodium.la - a libtool library file
+# Generated by libtool (GNU libtool) 2.4.6
+#
+# Please DO NOT delete this file!
+# It is necessary for linking the library.
+
+# The name that we can dlopen(3).
+dlname='libsodium.27.dylib'
+
+# Names of this library.
+library_names='libsodium.27.dylib libsodium.dylib'
+
+# The name of the static archive.
+old_library='libsodium.a'
+
+# Linker flags that cannot go in dependency_libs.
+inherited_linker_flags='  -pthread'
+
+# Libraries that this one depends upon.
+dependency_libs=' -lpthread'
+
+# Names of additional weak libraries provided by this library
+weak_library_names=''
+
+# Version information for libsodium.
+current=27
+age=0
+revision=0
+
+# Is this an already installed library?
+installed=yes
+
+# Should we warn about portability when linking against -modules?
+shouldnotlink=no
+
+# Files to dlopen/dlpreopen
+dlopen=''
+dlpreopen=''
+
+# Directory that this library needs to be installed in:
+libdir='/Users/sanchez/work/vied/ios/vpn/playground/ss-libev-build/ShadowSocks-libev-iOS/ShadowSocks-libev-iOS/libsodium/libsodium-apple/tmp/ios64/lib'
diff --git a/client/3rd/ShadowSocks/ShadowSocks/libsodium/lib/pkgconfig/libsodium.pc b/client/3rd/ShadowSocks/ShadowSocks/libsodium/lib/pkgconfig/libsodium.pc
new file mode 100644
index 00000000..39287005
--- /dev/null
+++ b/client/3rd/ShadowSocks/ShadowSocks/libsodium/lib/pkgconfig/libsodium.pc
@@ -0,0 +1,12 @@
+prefix=/Users/sanchez/work/vied/ios/vpn/desktop-client-bkp/client/3rd/ShadowSocks/ShadowSocks/libsodium
+exec_prefix=${prefix}
+libdir=${exec_prefix}/lib
+includedir=${prefix}/include
+
+Name: libsodium
+Version: 1.0.18
+Description: A modern and easy-to-use crypto library
+
+Libs: -L${libdir} -lsodium
+Libs.private: -lpthread -pthread 
+Cflags: -I${includedir}
diff --git a/client/3rd/ShadowSocks/ShadowSocks/mbedtls/bin/libmbedcrypto-arm64.a b/client/3rd/ShadowSocks/ShadowSocks/mbedtls/bin/libmbedcrypto-arm64.a
new file mode 100644
index 00000000..336f308e
Binary files /dev/null and b/client/3rd/ShadowSocks/ShadowSocks/mbedtls/bin/libmbedcrypto-arm64.a differ
diff --git a/client/3rd/ShadowSocks/ShadowSocks/mbedtls/bin/libmbedcrypto-armv7.a b/client/3rd/ShadowSocks/ShadowSocks/mbedtls/bin/libmbedcrypto-armv7.a
new file mode 100644
index 00000000..17f1e2c6
Binary files /dev/null and b/client/3rd/ShadowSocks/ShadowSocks/mbedtls/bin/libmbedcrypto-armv7.a differ
diff --git a/client/3rd/ShadowSocks/ShadowSocks/mbedtls/bin/libmbedcrypto-armv7s.a b/client/3rd/ShadowSocks/ShadowSocks/mbedtls/bin/libmbedcrypto-armv7s.a
new file mode 100644
index 00000000..1b9db26e
Binary files /dev/null and b/client/3rd/ShadowSocks/ShadowSocks/mbedtls/bin/libmbedcrypto-armv7s.a differ
diff --git a/client/3rd/ShadowSocks/ShadowSocks/mbedtls/bin/libmbedcrypto-i386.a b/client/3rd/ShadowSocks/ShadowSocks/mbedtls/bin/libmbedcrypto-i386.a
new file mode 100644
index 00000000..5cdf5915
Binary files /dev/null and b/client/3rd/ShadowSocks/ShadowSocks/mbedtls/bin/libmbedcrypto-i386.a differ
diff --git a/client/3rd/ShadowSocks/ShadowSocks/mbedtls/bin/libmbedcrypto-x86_64.a b/client/3rd/ShadowSocks/ShadowSocks/mbedtls/bin/libmbedcrypto-x86_64.a
new file mode 100644
index 00000000..44e15906
Binary files /dev/null and b/client/3rd/ShadowSocks/ShadowSocks/mbedtls/bin/libmbedcrypto-x86_64.a differ
diff --git a/client/3rd/ShadowSocks/ShadowSocks/mbedtls/bin/libmbedtls-arm64.a b/client/3rd/ShadowSocks/ShadowSocks/mbedtls/bin/libmbedtls-arm64.a
new file mode 100644
index 00000000..b10c022c
Binary files /dev/null and b/client/3rd/ShadowSocks/ShadowSocks/mbedtls/bin/libmbedtls-arm64.a differ
diff --git a/client/3rd/ShadowSocks/ShadowSocks/mbedtls/bin/libmbedtls-armv7.a b/client/3rd/ShadowSocks/ShadowSocks/mbedtls/bin/libmbedtls-armv7.a
new file mode 100644
index 00000000..da569ccf
Binary files /dev/null and b/client/3rd/ShadowSocks/ShadowSocks/mbedtls/bin/libmbedtls-armv7.a differ
diff --git a/client/3rd/ShadowSocks/ShadowSocks/mbedtls/bin/libmbedtls-armv7s.a b/client/3rd/ShadowSocks/ShadowSocks/mbedtls/bin/libmbedtls-armv7s.a
new file mode 100644
index 00000000..cc4abbd1
Binary files /dev/null and b/client/3rd/ShadowSocks/ShadowSocks/mbedtls/bin/libmbedtls-armv7s.a differ
diff --git a/client/3rd/ShadowSocks/ShadowSocks/mbedtls/bin/libmbedtls-i386.a b/client/3rd/ShadowSocks/ShadowSocks/mbedtls/bin/libmbedtls-i386.a
new file mode 100644
index 00000000..db377f6b
Binary files /dev/null and b/client/3rd/ShadowSocks/ShadowSocks/mbedtls/bin/libmbedtls-i386.a differ
diff --git a/client/3rd/ShadowSocks/ShadowSocks/mbedtls/bin/libmbedtls-x86_64.a b/client/3rd/ShadowSocks/ShadowSocks/mbedtls/bin/libmbedtls-x86_64.a
new file mode 100644
index 00000000..d127d8a6
Binary files /dev/null and b/client/3rd/ShadowSocks/ShadowSocks/mbedtls/bin/libmbedtls-x86_64.a differ
diff --git a/client/3rd/ShadowSocks/ShadowSocks/mbedtls/bin/libmbedx509-arm64.a b/client/3rd/ShadowSocks/ShadowSocks/mbedtls/bin/libmbedx509-arm64.a
new file mode 100644
index 00000000..d3c4817a
Binary files /dev/null and b/client/3rd/ShadowSocks/ShadowSocks/mbedtls/bin/libmbedx509-arm64.a differ
diff --git a/client/3rd/ShadowSocks/ShadowSocks/mbedtls/bin/libmbedx509-armv7.a b/client/3rd/ShadowSocks/ShadowSocks/mbedtls/bin/libmbedx509-armv7.a
new file mode 100644
index 00000000..c13ddd66
Binary files /dev/null and b/client/3rd/ShadowSocks/ShadowSocks/mbedtls/bin/libmbedx509-armv7.a differ
diff --git a/client/3rd/ShadowSocks/ShadowSocks/mbedtls/bin/libmbedx509-armv7s.a b/client/3rd/ShadowSocks/ShadowSocks/mbedtls/bin/libmbedx509-armv7s.a
new file mode 100644
index 00000000..04b8169b
Binary files /dev/null and b/client/3rd/ShadowSocks/ShadowSocks/mbedtls/bin/libmbedx509-armv7s.a differ
diff --git a/client/3rd/ShadowSocks/ShadowSocks/mbedtls/bin/libmbedx509-i386.a b/client/3rd/ShadowSocks/ShadowSocks/mbedtls/bin/libmbedx509-i386.a
new file mode 100644
index 00000000..33348a48
Binary files /dev/null and b/client/3rd/ShadowSocks/ShadowSocks/mbedtls/bin/libmbedx509-i386.a differ
diff --git a/client/3rd/ShadowSocks/ShadowSocks/mbedtls/bin/libmbedx509-x86_64.a b/client/3rd/ShadowSocks/ShadowSocks/mbedtls/bin/libmbedx509-x86_64.a
new file mode 100644
index 00000000..f6b59773
Binary files /dev/null and b/client/3rd/ShadowSocks/ShadowSocks/mbedtls/bin/libmbedx509-x86_64.a differ
diff --git a/client/3rd/ShadowSocks/ShadowSocks/mbedtls/include/.gitignore b/client/3rd/ShadowSocks/ShadowSocks/mbedtls/include/.gitignore
new file mode 100644
index 00000000..bf67d02e
--- /dev/null
+++ b/client/3rd/ShadowSocks/ShadowSocks/mbedtls/include/.gitignore
@@ -0,0 +1,4 @@
+Makefile
+*.sln
+*.vcxproj
+mbedtls/check_config
diff --git a/client/3rd/ShadowSocks/ShadowSocks/mbedtls/include/CMakeLists.txt b/client/3rd/ShadowSocks/ShadowSocks/mbedtls/include/CMakeLists.txt
new file mode 100644
index 00000000..985a3530
--- /dev/null
+++ b/client/3rd/ShadowSocks/ShadowSocks/mbedtls/include/CMakeLists.txt
@@ -0,0 +1,11 @@
+option(INSTALL_MBEDTLS_HEADERS "Install mbed TLS headers." ON)
+
+if(INSTALL_MBEDTLS_HEADERS)
+
+    file(GLOB headers "mbedtls/*.h")
+
+    install(FILES ${headers}
+        DESTINATION include/mbedtls
+        PERMISSIONS OWNER_READ OWNER_WRITE GROUP_READ WORLD_READ)
+
+endif(INSTALL_MBEDTLS_HEADERS)
diff --git a/client/3rd/ShadowSocks/ShadowSocks/mbedtls/include/LICENSE b/client/3rd/ShadowSocks/ShadowSocks/mbedtls/include/LICENSE
new file mode 100644
index 00000000..546a8e63
--- /dev/null
+++ b/client/3rd/ShadowSocks/ShadowSocks/mbedtls/include/LICENSE
@@ -0,0 +1,2 @@
+Unless specifically indicated otherwise in a file, files are licensed
+under the Apache 2.0 license, as can be found in: apache-2.0.txt
diff --git a/client/3rd/ShadowSocks/ShadowSocks/mbedtls/include/aes.h b/client/3rd/ShadowSocks/ShadowSocks/mbedtls/include/aes.h
new file mode 100644
index 00000000..a36e825a
--- /dev/null
+++ b/client/3rd/ShadowSocks/ShadowSocks/mbedtls/include/aes.h
@@ -0,0 +1,297 @@
+/**
+ * \file aes.h
+ *
+ * \brief AES block cipher
+ *
+ *  Copyright (C) 2006-2015, ARM Limited, All Rights Reserved
+ *  SPDX-License-Identifier: Apache-2.0
+ *
+ *  Licensed under the Apache License, Version 2.0 (the "License"); you may
+ *  not use this file except in compliance with the License.
+ *  You may obtain a copy of the License at
+ *
+ *  http://www.apache.org/licenses/LICENSE-2.0
+ *
+ *  Unless required by applicable law or agreed to in writing, software
+ *  distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
+ *  WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ *  See the License for the specific language governing permissions and
+ *  limitations under the License.
+ *
+ *  This file is part of mbed TLS (https://tls.mbed.org)
+ */
+#ifndef MBEDTLS_AES_H
+#define MBEDTLS_AES_H
+
+#if !defined(MBEDTLS_CONFIG_FILE)
+#include "config.h"
+#else
+#include MBEDTLS_CONFIG_FILE
+#endif
+
+#include <stddef.h>
+#include <stdint.h>
+
+/* padlock.c and aesni.c rely on these values! */
+#define MBEDTLS_AES_ENCRYPT     1
+#define MBEDTLS_AES_DECRYPT     0
+
+#define MBEDTLS_ERR_AES_INVALID_KEY_LENGTH                -0x0020  /**< Invalid key length. */
+#define MBEDTLS_ERR_AES_INVALID_INPUT_LENGTH              -0x0022  /**< Invalid data input length. */
+
+#if !defined(MBEDTLS_AES_ALT)
+// Regular implementation
+//
+
+#ifdef __cplusplus
+extern "C" {
+#endif
+
+/**
+ * \brief          AES context structure
+ *
+ * \note           buf is able to hold 32 extra bytes, which can be used:
+ *                 - for alignment purposes if VIA padlock is used, and/or
+ *                 - to simplify key expansion in the 256-bit case by
+ *                 generating an extra round key
+ */
+typedef struct
+{
+    int nr;                     /*!<  number of rounds  */
+    uint32_t *rk;               /*!<  AES round keys    */
+    uint32_t buf[68];           /*!<  unaligned data    */
+}
+mbedtls_aes_context;
+
+/**
+ * \brief          Initialize AES context
+ *
+ * \param ctx      AES context to be initialized
+ */
+void mbedtls_aes_init( mbedtls_aes_context *ctx );
+
+/**
+ * \brief          Clear AES context
+ *
+ * \param ctx      AES context to be cleared
+ */
+void mbedtls_aes_free( mbedtls_aes_context *ctx );
+
+/**
+ * \brief          AES key schedule (encryption)
+ *
+ * \param ctx      AES context to be initialized
+ * \param key      encryption key
+ * \param keybits  must be 128, 192 or 256
+ *
+ * \return         0 if successful, or MBEDTLS_ERR_AES_INVALID_KEY_LENGTH
+ */
+int mbedtls_aes_setkey_enc( mbedtls_aes_context *ctx, const unsigned char *key,
+                    unsigned int keybits );
+
+/**
+ * \brief          AES key schedule (decryption)
+ *
+ * \param ctx      AES context to be initialized
+ * \param key      decryption key
+ * \param keybits  must be 128, 192 or 256
+ *
+ * \return         0 if successful, or MBEDTLS_ERR_AES_INVALID_KEY_LENGTH
+ */
+int mbedtls_aes_setkey_dec( mbedtls_aes_context *ctx, const unsigned char *key,
+                    unsigned int keybits );
+
+/**
+ * \brief          AES-ECB block encryption/decryption
+ *
+ * \param ctx      AES context
+ * \param mode     MBEDTLS_AES_ENCRYPT or MBEDTLS_AES_DECRYPT
+ * \param input    16-byte input block
+ * \param output   16-byte output block
+ *
+ * \return         0 if successful
+ */
+int mbedtls_aes_crypt_ecb( mbedtls_aes_context *ctx,
+                    int mode,
+                    const unsigned char input[16],
+                    unsigned char output[16] );
+
+#if defined(MBEDTLS_CIPHER_MODE_CBC)
+/**
+ * \brief          AES-CBC buffer encryption/decryption
+ *                 Length should be a multiple of the block
+ *                 size (16 bytes)
+ *
+ * \note           Upon exit, the content of the IV is updated so that you can
+ *                 call the function same function again on the following
+ *                 block(s) of data and get the same result as if it was
+ *                 encrypted in one call. This allows a "streaming" usage.
+ *                 If on the other hand you need to retain the contents of the
+ *                 IV, you should either save it manually or use the cipher
+ *                 module instead.
+ *
+ * \param ctx      AES context
+ * \param mode     MBEDTLS_AES_ENCRYPT or MBEDTLS_AES_DECRYPT
+ * \param length   length of the input data
+ * \param iv       initialization vector (updated after use)
+ * \param input    buffer holding the input data
+ * \param output   buffer holding the output data
+ *
+ * \return         0 if successful, or MBEDTLS_ERR_AES_INVALID_INPUT_LENGTH
+ */
+int mbedtls_aes_crypt_cbc( mbedtls_aes_context *ctx,
+                    int mode,
+                    size_t length,
+                    unsigned char iv[16],
+                    const unsigned char *input,
+                    unsigned char *output );
+#endif /* MBEDTLS_CIPHER_MODE_CBC */
+
+#if defined(MBEDTLS_CIPHER_MODE_CFB)
+/**
+ * \brief          AES-CFB128 buffer encryption/decryption.
+ *
+ * Note: Due to the nature of CFB you should use the same key schedule for
+ * both encryption and decryption. So a context initialized with
+ * mbedtls_aes_setkey_enc() for both MBEDTLS_AES_ENCRYPT and MBEDTLS_AES_DECRYPT.
+ *
+ * \note           Upon exit, the content of the IV is updated so that you can
+ *                 call the function same function again on the following
+ *                 block(s) of data and get the same result as if it was
+ *                 encrypted in one call. This allows a "streaming" usage.
+ *                 If on the other hand you need to retain the contents of the
+ *                 IV, you should either save it manually or use the cipher
+ *                 module instead.
+ *
+ * \param ctx      AES context
+ * \param mode     MBEDTLS_AES_ENCRYPT or MBEDTLS_AES_DECRYPT
+ * \param length   length of the input data
+ * \param iv_off   offset in IV (updated after use)
+ * \param iv       initialization vector (updated after use)
+ * \param input    buffer holding the input data
+ * \param output   buffer holding the output data
+ *
+ * \return         0 if successful
+ */
+int mbedtls_aes_crypt_cfb128( mbedtls_aes_context *ctx,
+                       int mode,
+                       size_t length,
+                       size_t *iv_off,
+                       unsigned char iv[16],
+                       const unsigned char *input,
+                       unsigned char *output );
+
+/**
+ * \brief          AES-CFB8 buffer encryption/decryption.
+ *
+ * Note: Due to the nature of CFB you should use the same key schedule for
+ * both encryption and decryption. So a context initialized with
+ * mbedtls_aes_setkey_enc() for both MBEDTLS_AES_ENCRYPT and MBEDTLS_AES_DECRYPT.
+ *
+ * \note           Upon exit, the content of the IV is updated so that you can
+ *                 call the function same function again on the following
+ *                 block(s) of data and get the same result as if it was
+ *                 encrypted in one call. This allows a "streaming" usage.
+ *                 If on the other hand you need to retain the contents of the
+ *                 IV, you should either save it manually or use the cipher
+ *                 module instead.
+ *
+ * \param ctx      AES context
+ * \param mode     MBEDTLS_AES_ENCRYPT or MBEDTLS_AES_DECRYPT
+ * \param length   length of the input data
+ * \param iv       initialization vector (updated after use)
+ * \param input    buffer holding the input data
+ * \param output   buffer holding the output data
+ *
+ * \return         0 if successful
+ */
+int mbedtls_aes_crypt_cfb8( mbedtls_aes_context *ctx,
+                    int mode,
+                    size_t length,
+                    unsigned char iv[16],
+                    const unsigned char *input,
+                    unsigned char *output );
+#endif /*MBEDTLS_CIPHER_MODE_CFB */
+
+#if defined(MBEDTLS_CIPHER_MODE_CTR)
+/**
+ * \brief               AES-CTR buffer encryption/decryption
+ *
+ * Warning: You have to keep the maximum use of your counter in mind!
+ *
+ * Note: Due to the nature of CTR you should use the same key schedule for
+ * both encryption and decryption. So a context initialized with
+ * mbedtls_aes_setkey_enc() for both MBEDTLS_AES_ENCRYPT and MBEDTLS_AES_DECRYPT.
+ *
+ * \param ctx           AES context
+ * \param length        The length of the data
+ * \param nc_off        The offset in the current stream_block (for resuming
+ *                      within current cipher stream). The offset pointer to
+ *                      should be 0 at the start of a stream.
+ * \param nonce_counter The 128-bit nonce and counter.
+ * \param stream_block  The saved stream-block for resuming. Is overwritten
+ *                      by the function.
+ * \param input         The input data stream
+ * \param output        The output data stream
+ *
+ * \return         0 if successful
+ */
+int mbedtls_aes_crypt_ctr( mbedtls_aes_context *ctx,
+                       size_t length,
+                       size_t *nc_off,
+                       unsigned char nonce_counter[16],
+                       unsigned char stream_block[16],
+                       const unsigned char *input,
+                       unsigned char *output );
+#endif /* MBEDTLS_CIPHER_MODE_CTR */
+
+/**
+ * \brief           Internal AES block encryption function
+ *                  (Only exposed to allow overriding it,
+ *                  see MBEDTLS_AES_ENCRYPT_ALT)
+ *
+ * \param ctx       AES context
+ * \param input     Plaintext block
+ * \param output    Output (ciphertext) block
+ */
+void mbedtls_aes_encrypt( mbedtls_aes_context *ctx,
+                          const unsigned char input[16],
+                          unsigned char output[16] );
+
+/**
+ * \brief           Internal AES block decryption function
+ *                  (Only exposed to allow overriding it,
+ *                  see MBEDTLS_AES_DECRYPT_ALT)
+ *
+ * \param ctx       AES context
+ * \param input     Ciphertext block
+ * \param output    Output (plaintext) block
+ */
+void mbedtls_aes_decrypt( mbedtls_aes_context *ctx,
+                          const unsigned char input[16],
+                          unsigned char output[16] );
+
+#ifdef __cplusplus
+}
+#endif
+
+#else  /* MBEDTLS_AES_ALT */
+#include "aes_alt.h"
+#endif /* MBEDTLS_AES_ALT */
+
+#ifdef __cplusplus
+extern "C" {
+#endif
+
+/**
+ * \brief          Checkup routine
+ *
+ * \return         0 if successful, or 1 if the test failed
+ */
+int mbedtls_aes_self_test( int verbose );
+
+#ifdef __cplusplus
+}
+#endif
+
+#endif /* aes.h */
diff --git a/client/3rd/ShadowSocks/ShadowSocks/mbedtls/include/aesni.h b/client/3rd/ShadowSocks/ShadowSocks/mbedtls/include/aesni.h
new file mode 100644
index 00000000..b1b7f1cd
--- /dev/null
+++ b/client/3rd/ShadowSocks/ShadowSocks/mbedtls/include/aesni.h
@@ -0,0 +1,111 @@
+/**
+ * \file aesni.h
+ *
+ * \brief AES-NI for hardware AES acceleration on some Intel processors
+ *
+ *  Copyright (C) 2006-2015, ARM Limited, All Rights Reserved
+ *  SPDX-License-Identifier: Apache-2.0
+ *
+ *  Licensed under the Apache License, Version 2.0 (the "License"); you may
+ *  not use this file except in compliance with the License.
+ *  You may obtain a copy of the License at
+ *
+ *  http://www.apache.org/licenses/LICENSE-2.0
+ *
+ *  Unless required by applicable law or agreed to in writing, software
+ *  distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
+ *  WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ *  See the License for the specific language governing permissions and
+ *  limitations under the License.
+ *
+ *  This file is part of mbed TLS (https://tls.mbed.org)
+ */
+#ifndef MBEDTLS_AESNI_H
+#define MBEDTLS_AESNI_H
+
+#include "aes.h"
+
+#define MBEDTLS_AESNI_AES      0x02000000u
+#define MBEDTLS_AESNI_CLMUL    0x00000002u
+
+#if defined(MBEDTLS_HAVE_ASM) && defined(__GNUC__) &&  \
+    ( defined(__amd64__) || defined(__x86_64__) )   &&  \
+    ! defined(MBEDTLS_HAVE_X86_64)
+#define MBEDTLS_HAVE_X86_64
+#endif
+
+#if defined(MBEDTLS_HAVE_X86_64)
+
+#ifdef __cplusplus
+extern "C" {
+#endif
+
+/**
+ * \brief          AES-NI features detection routine
+ *
+ * \param what     The feature to detect
+ *                 (MBEDTLS_AESNI_AES or MBEDTLS_AESNI_CLMUL)
+ *
+ * \return         1 if CPU has support for the feature, 0 otherwise
+ */
+int mbedtls_aesni_has_support( unsigned int what );
+
+/**
+ * \brief          AES-NI AES-ECB block en(de)cryption
+ *
+ * \param ctx      AES context
+ * \param mode     MBEDTLS_AES_ENCRYPT or MBEDTLS_AES_DECRYPT
+ * \param input    16-byte input block
+ * \param output   16-byte output block
+ *
+ * \return         0 on success (cannot fail)
+ */
+int mbedtls_aesni_crypt_ecb( mbedtls_aes_context *ctx,
+                     int mode,
+                     const unsigned char input[16],
+                     unsigned char output[16] );
+
+/**
+ * \brief          GCM multiplication: c = a * b in GF(2^128)
+ *
+ * \param c        Result
+ * \param a        First operand
+ * \param b        Second operand
+ *
+ * \note           Both operands and result are bit strings interpreted as
+ *                 elements of GF(2^128) as per the GCM spec.
+ */
+void mbedtls_aesni_gcm_mult( unsigned char c[16],
+                     const unsigned char a[16],
+                     const unsigned char b[16] );
+
+/**
+ * \brief           Compute decryption round keys from encryption round keys
+ *
+ * \param invkey    Round keys for the equivalent inverse cipher
+ * \param fwdkey    Original round keys (for encryption)
+ * \param nr        Number of rounds (that is, number of round keys minus one)
+ */
+void mbedtls_aesni_inverse_key( unsigned char *invkey,
+                        const unsigned char *fwdkey, int nr );
+
+/**
+ * \brief           Perform key expansion (for encryption)
+ *
+ * \param rk        Destination buffer where the round keys are written
+ * \param key       Encryption key
+ * \param bits      Key size in bits (must be 128, 192 or 256)
+ *
+ * \return          0 if successful, or MBEDTLS_ERR_AES_INVALID_KEY_LENGTH
+ */
+int mbedtls_aesni_setkey_enc( unsigned char *rk,
+                      const unsigned char *key,
+                      size_t bits );
+
+#ifdef __cplusplus
+}
+#endif
+
+#endif /* MBEDTLS_HAVE_X86_64 */
+
+#endif /* MBEDTLS_AESNI_H */
diff --git a/client/3rd/ShadowSocks/ShadowSocks/mbedtls/include/arc4.h b/client/3rd/ShadowSocks/ShadowSocks/mbedtls/include/arc4.h
new file mode 100644
index 00000000..5fc5395a
--- /dev/null
+++ b/client/3rd/ShadowSocks/ShadowSocks/mbedtls/include/arc4.h
@@ -0,0 +1,113 @@
+/**
+ * \file arc4.h
+ *
+ * \brief The ARCFOUR stream cipher
+ *
+ *  Copyright (C) 2006-2015, ARM Limited, All Rights Reserved
+ *  SPDX-License-Identifier: Apache-2.0
+ *
+ *  Licensed under the Apache License, Version 2.0 (the "License"); you may
+ *  not use this file except in compliance with the License.
+ *  You may obtain a copy of the License at
+ *
+ *  http://www.apache.org/licenses/LICENSE-2.0
+ *
+ *  Unless required by applicable law or agreed to in writing, software
+ *  distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
+ *  WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ *  See the License for the specific language governing permissions and
+ *  limitations under the License.
+ *
+ *  This file is part of mbed TLS (https://tls.mbed.org)
+ */
+#ifndef MBEDTLS_ARC4_H
+#define MBEDTLS_ARC4_H
+
+#if !defined(MBEDTLS_CONFIG_FILE)
+#include "config.h"
+#else
+#include MBEDTLS_CONFIG_FILE
+#endif
+
+#include <stddef.h>
+
+#if !defined(MBEDTLS_ARC4_ALT)
+// Regular implementation
+//
+
+#ifdef __cplusplus
+extern "C" {
+#endif
+
+/**
+ * \brief          ARC4 context structure
+ */
+typedef struct
+{
+    int x;                      /*!< permutation index */
+    int y;                      /*!< permutation index */
+    unsigned char m[256];       /*!< permutation table */
+}
+mbedtls_arc4_context;
+
+/**
+ * \brief          Initialize ARC4 context
+ *
+ * \param ctx      ARC4 context to be initialized
+ */
+void mbedtls_arc4_init( mbedtls_arc4_context *ctx );
+
+/**
+ * \brief          Clear ARC4 context
+ *
+ * \param ctx      ARC4 context to be cleared
+ */
+void mbedtls_arc4_free( mbedtls_arc4_context *ctx );
+
+/**
+ * \brief          ARC4 key schedule
+ *
+ * \param ctx      ARC4 context to be setup
+ * \param key      the secret key
+ * \param keylen   length of the key, in bytes
+ */
+void mbedtls_arc4_setup( mbedtls_arc4_context *ctx, const unsigned char *key,
+                 unsigned int keylen );
+
+/**
+ * \brief          ARC4 cipher function
+ *
+ * \param ctx      ARC4 context
+ * \param length   length of the input data
+ * \param input    buffer holding the input data
+ * \param output   buffer for the output data
+ *
+ * \return         0 if successful
+ */
+int mbedtls_arc4_crypt( mbedtls_arc4_context *ctx, size_t length, const unsigned char *input,
+                unsigned char *output );
+
+#ifdef __cplusplus
+}
+#endif
+
+#else  /* MBEDTLS_ARC4_ALT */
+#include "arc4_alt.h"
+#endif /* MBEDTLS_ARC4_ALT */
+
+#ifdef __cplusplus
+extern "C" {
+#endif
+
+/**
+ * \brief          Checkup routine
+ *
+ * \return         0 if successful, or 1 if the test failed
+ */
+int mbedtls_arc4_self_test( int verbose );
+
+#ifdef __cplusplus
+}
+#endif
+
+#endif /* arc4.h */
diff --git a/client/3rd/ShadowSocks/ShadowSocks/mbedtls/include/asn1.h b/client/3rd/ShadowSocks/ShadowSocks/mbedtls/include/asn1.h
new file mode 100644
index 00000000..082832c8
--- /dev/null
+++ b/client/3rd/ShadowSocks/ShadowSocks/mbedtls/include/asn1.h
@@ -0,0 +1,342 @@
+/**
+ * \file asn1.h
+ *
+ * \brief Generic ASN.1 parsing
+ *
+ *  Copyright (C) 2006-2015, ARM Limited, All Rights Reserved
+ *  SPDX-License-Identifier: Apache-2.0
+ *
+ *  Licensed under the Apache License, Version 2.0 (the "License"); you may
+ *  not use this file except in compliance with the License.
+ *  You may obtain a copy of the License at
+ *
+ *  http://www.apache.org/licenses/LICENSE-2.0
+ *
+ *  Unless required by applicable law or agreed to in writing, software
+ *  distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
+ *  WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ *  See the License for the specific language governing permissions and
+ *  limitations under the License.
+ *
+ *  This file is part of mbed TLS (https://tls.mbed.org)
+ */
+#ifndef MBEDTLS_ASN1_H
+#define MBEDTLS_ASN1_H
+
+#if !defined(MBEDTLS_CONFIG_FILE)
+#include "config.h"
+#else
+#include MBEDTLS_CONFIG_FILE
+#endif
+
+#include <stddef.h>
+
+#if defined(MBEDTLS_BIGNUM_C)
+#include "bignum.h"
+#endif
+
+/**
+ * \addtogroup asn1_module
+ * \{
+ */
+
+/**
+ * \name ASN1 Error codes
+ * These error codes are OR'ed to X509 error codes for
+ * higher error granularity.
+ * ASN1 is a standard to specify data structures.
+ * \{
+ */
+#define MBEDTLS_ERR_ASN1_OUT_OF_DATA                      -0x0060  /**< Out of data when parsing an ASN1 data structure. */
+#define MBEDTLS_ERR_ASN1_UNEXPECTED_TAG                   -0x0062  /**< ASN1 tag was of an unexpected value. */
+#define MBEDTLS_ERR_ASN1_INVALID_LENGTH                   -0x0064  /**< Error when trying to determine the length or invalid length. */
+#define MBEDTLS_ERR_ASN1_LENGTH_MISMATCH                  -0x0066  /**< Actual length differs from expected length. */
+#define MBEDTLS_ERR_ASN1_INVALID_DATA                     -0x0068  /**< Data is invalid. (not used) */
+#define MBEDTLS_ERR_ASN1_ALLOC_FAILED                     -0x006A  /**< Memory allocation failed */
+#define MBEDTLS_ERR_ASN1_BUF_TOO_SMALL                    -0x006C  /**< Buffer too small when writing ASN.1 data structure. */
+
+/* \} name */
+
+/**
+ * \name DER constants
+ * These constants comply with DER encoded the ANS1 type tags.
+ * DER encoding uses hexadecimal representation.
+ * An example DER sequence is:\n
+ * - 0x02 -- tag indicating INTEGER
+ * - 0x01 -- length in octets
+ * - 0x05 -- value
+ * Such sequences are typically read into \c ::mbedtls_x509_buf.
+ * \{
+ */
+#define MBEDTLS_ASN1_BOOLEAN                 0x01
+#define MBEDTLS_ASN1_INTEGER                 0x02
+#define MBEDTLS_ASN1_BIT_STRING              0x03
+#define MBEDTLS_ASN1_OCTET_STRING            0x04
+#define MBEDTLS_ASN1_NULL                    0x05
+#define MBEDTLS_ASN1_OID                     0x06
+#define MBEDTLS_ASN1_UTF8_STRING             0x0C
+#define MBEDTLS_ASN1_SEQUENCE                0x10
+#define MBEDTLS_ASN1_SET                     0x11
+#define MBEDTLS_ASN1_PRINTABLE_STRING        0x13
+#define MBEDTLS_ASN1_T61_STRING              0x14
+#define MBEDTLS_ASN1_IA5_STRING              0x16
+#define MBEDTLS_ASN1_UTC_TIME                0x17
+#define MBEDTLS_ASN1_GENERALIZED_TIME        0x18
+#define MBEDTLS_ASN1_UNIVERSAL_STRING        0x1C
+#define MBEDTLS_ASN1_BMP_STRING              0x1E
+#define MBEDTLS_ASN1_PRIMITIVE               0x00
+#define MBEDTLS_ASN1_CONSTRUCTED             0x20
+#define MBEDTLS_ASN1_CONTEXT_SPECIFIC        0x80
+/* \} name */
+/* \} addtogroup asn1_module */
+
+/** Returns the size of the binary string, without the trailing \\0 */
+#define MBEDTLS_OID_SIZE(x) (sizeof(x) - 1)
+
+/**
+ * Compares an mbedtls_asn1_buf structure to a reference OID.
+ *
+ * Only works for 'defined' oid_str values (MBEDTLS_OID_HMAC_SHA1), you cannot use a
+ * 'unsigned char *oid' here!
+ */
+#define MBEDTLS_OID_CMP(oid_str, oid_buf)                                   \
+        ( ( MBEDTLS_OID_SIZE(oid_str) != (oid_buf)->len ) ||                \
+          memcmp( (oid_str), (oid_buf)->p, (oid_buf)->len) != 0 )
+
+#ifdef __cplusplus
+extern "C" {
+#endif
+
+/**
+ * \name Functions to parse ASN.1 data structures
+ * \{
+ */
+
+/**
+ * Type-length-value structure that allows for ASN1 using DER.
+ */
+typedef struct mbedtls_asn1_buf
+{
+    int tag;                /**< ASN1 type, e.g. MBEDTLS_ASN1_UTF8_STRING. */
+    size_t len;             /**< ASN1 length, in octets. */
+    unsigned char *p;       /**< ASN1 data, e.g. in ASCII. */
+}
+mbedtls_asn1_buf;
+
+/**
+ * Container for ASN1 bit strings.
+ */
+typedef struct mbedtls_asn1_bitstring
+{
+    size_t len;                 /**< ASN1 length, in octets. */
+    unsigned char unused_bits;  /**< Number of unused bits at the end of the string */
+    unsigned char *p;           /**< Raw ASN1 data for the bit string */
+}
+mbedtls_asn1_bitstring;
+
+/**
+ * Container for a sequence of ASN.1 items
+ */
+typedef struct mbedtls_asn1_sequence
+{
+    mbedtls_asn1_buf buf;                   /**< Buffer containing the given ASN.1 item. */
+    struct mbedtls_asn1_sequence *next;    /**< The next entry in the sequence. */
+}
+mbedtls_asn1_sequence;
+
+/**
+ * Container for a sequence or list of 'named' ASN.1 data items
+ */
+typedef struct mbedtls_asn1_named_data
+{
+    mbedtls_asn1_buf oid;                   /**< The object identifier. */
+    mbedtls_asn1_buf val;                   /**< The named value. */
+    struct mbedtls_asn1_named_data *next;  /**< The next entry in the sequence. */
+    unsigned char next_merged;      /**< Merge next item into the current one? */
+}
+mbedtls_asn1_named_data;
+
+/**
+ * \brief       Get the length of an ASN.1 element.
+ *              Updates the pointer to immediately behind the length.
+ *
+ * \param p     The position in the ASN.1 data
+ * \param end   End of data
+ * \param len   The variable that will receive the value
+ *
+ * \return      0 if successful, MBEDTLS_ERR_ASN1_OUT_OF_DATA on reaching
+ *              end of data, MBEDTLS_ERR_ASN1_INVALID_LENGTH if length is
+ *              unparseable.
+ */
+int mbedtls_asn1_get_len( unsigned char **p,
+                  const unsigned char *end,
+                  size_t *len );
+
+/**
+ * \brief       Get the tag and length of the tag. Check for the requested tag.
+ *              Updates the pointer to immediately behind the tag and length.
+ *
+ * \param p     The position in the ASN.1 data
+ * \param end   End of data
+ * \param len   The variable that will receive the length
+ * \param tag   The expected tag
+ *
+ * \return      0 if successful, MBEDTLS_ERR_ASN1_UNEXPECTED_TAG if tag did
+ *              not match requested tag, or another specific ASN.1 error code.
+ */
+int mbedtls_asn1_get_tag( unsigned char **p,
+                  const unsigned char *end,
+                  size_t *len, int tag );
+
+/**
+ * \brief       Retrieve a boolean ASN.1 tag and its value.
+ *              Updates the pointer to immediately behind the full tag.
+ *
+ * \param p     The position in the ASN.1 data
+ * \param end   End of data
+ * \param val   The variable that will receive the value
+ *
+ * \return      0 if successful or a specific ASN.1 error code.
+ */
+int mbedtls_asn1_get_bool( unsigned char **p,
+                   const unsigned char *end,
+                   int *val );
+
+/**
+ * \brief       Retrieve an integer ASN.1 tag and its value.
+ *              Updates the pointer to immediately behind the full tag.
+ *
+ * \param p     The position in the ASN.1 data
+ * \param end   End of data
+ * \param val   The variable that will receive the value
+ *
+ * \return      0 if successful or a specific ASN.1 error code.
+ */
+int mbedtls_asn1_get_int( unsigned char **p,
+                  const unsigned char *end,
+                  int *val );
+
+/**
+ * \brief       Retrieve a bitstring ASN.1 tag and its value.
+ *              Updates the pointer to immediately behind the full tag.
+ *
+ * \param p     The position in the ASN.1 data
+ * \param end   End of data
+ * \param bs    The variable that will receive the value
+ *
+ * \return      0 if successful or a specific ASN.1 error code.
+ */
+int mbedtls_asn1_get_bitstring( unsigned char **p, const unsigned char *end,
+                        mbedtls_asn1_bitstring *bs);
+
+/**
+ * \brief       Retrieve a bitstring ASN.1 tag without unused bits and its
+ *              value.
+ *              Updates the pointer to the beginning of the bit/octet string.
+ *
+ * \param p     The position in the ASN.1 data
+ * \param end   End of data
+ * \param len   Length of the actual bit/octect string in bytes
+ *
+ * \return      0 if successful or a specific ASN.1 error code.
+ */
+int mbedtls_asn1_get_bitstring_null( unsigned char **p, const unsigned char *end,
+                             size_t *len );
+
+/**
+ * \brief       Parses and splits an ASN.1 "SEQUENCE OF <tag>"
+ *              Updated the pointer to immediately behind the full sequence tag.
+ *
+ * \param p     The position in the ASN.1 data
+ * \param end   End of data
+ * \param cur   First variable in the chain to fill
+ * \param tag   Type of sequence
+ *
+ * \return      0 if successful or a specific ASN.1 error code.
+ */
+int mbedtls_asn1_get_sequence_of( unsigned char **p,
+                          const unsigned char *end,
+                          mbedtls_asn1_sequence *cur,
+                          int tag);
+
+#if defined(MBEDTLS_BIGNUM_C)
+/**
+ * \brief       Retrieve a MPI value from an integer ASN.1 tag.
+ *              Updates the pointer to immediately behind the full tag.
+ *
+ * \param p     The position in the ASN.1 data
+ * \param end   End of data
+ * \param X     The MPI that will receive the value
+ *
+ * \return      0 if successful or a specific ASN.1 or MPI error code.
+ */
+int mbedtls_asn1_get_mpi( unsigned char **p,
+                  const unsigned char *end,
+                  mbedtls_mpi *X );
+#endif /* MBEDTLS_BIGNUM_C */
+
+/**
+ * \brief       Retrieve an AlgorithmIdentifier ASN.1 sequence.
+ *              Updates the pointer to immediately behind the full
+ *              AlgorithmIdentifier.
+ *
+ * \param p     The position in the ASN.1 data
+ * \param end   End of data
+ * \param alg   The buffer to receive the OID
+ * \param params The buffer to receive the params (if any)
+ *
+ * \return      0 if successful or a specific ASN.1 or MPI error code.
+ */
+int mbedtls_asn1_get_alg( unsigned char **p,
+                  const unsigned char *end,
+                  mbedtls_asn1_buf *alg, mbedtls_asn1_buf *params );
+
+/**
+ * \brief       Retrieve an AlgorithmIdentifier ASN.1 sequence with NULL or no
+ *              params.
+ *              Updates the pointer to immediately behind the full
+ *              AlgorithmIdentifier.
+ *
+ * \param p     The position in the ASN.1 data
+ * \param end   End of data
+ * \param alg   The buffer to receive the OID
+ *
+ * \return      0 if successful or a specific ASN.1 or MPI error code.
+ */
+int mbedtls_asn1_get_alg_null( unsigned char **p,
+                       const unsigned char *end,
+                       mbedtls_asn1_buf *alg );
+
+/**
+ * \brief       Find a specific named_data entry in a sequence or list based on
+ *              the OID.
+ *
+ * \param list  The list to seek through
+ * \param oid   The OID to look for
+ * \param len   Size of the OID
+ *
+ * \return      NULL if not found, or a pointer to the existing entry.
+ */
+mbedtls_asn1_named_data *mbedtls_asn1_find_named_data( mbedtls_asn1_named_data *list,
+                                       const char *oid, size_t len );
+
+/**
+ * \brief       Free a mbedtls_asn1_named_data entry
+ *
+ * \param entry The named data entry to free
+ */
+void mbedtls_asn1_free_named_data( mbedtls_asn1_named_data *entry );
+
+/**
+ * \brief       Free all entries in a mbedtls_asn1_named_data list
+ *              Head will be set to NULL
+ *
+ * \param head  Pointer to the head of the list of named data entries to free
+ */
+void mbedtls_asn1_free_named_data_list( mbedtls_asn1_named_data **head );
+
+#ifdef __cplusplus
+}
+#endif
+
+#endif /* asn1.h */
diff --git a/client/3rd/ShadowSocks/ShadowSocks/mbedtls/include/asn1write.h b/client/3rd/ShadowSocks/ShadowSocks/mbedtls/include/asn1write.h
new file mode 100644
index 00000000..73ff32b6
--- /dev/null
+++ b/client/3rd/ShadowSocks/ShadowSocks/mbedtls/include/asn1write.h
@@ -0,0 +1,239 @@
+/**
+ * \file asn1write.h
+ *
+ * \brief ASN.1 buffer writing functionality
+ *
+ *  Copyright (C) 2006-2015, ARM Limited, All Rights Reserved
+ *  SPDX-License-Identifier: Apache-2.0
+ *
+ *  Licensed under the Apache License, Version 2.0 (the "License"); you may
+ *  not use this file except in compliance with the License.
+ *  You may obtain a copy of the License at
+ *
+ *  http://www.apache.org/licenses/LICENSE-2.0
+ *
+ *  Unless required by applicable law or agreed to in writing, software
+ *  distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
+ *  WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ *  See the License for the specific language governing permissions and
+ *  limitations under the License.
+ *
+ *  This file is part of mbed TLS (https://tls.mbed.org)
+ */
+#ifndef MBEDTLS_ASN1_WRITE_H
+#define MBEDTLS_ASN1_WRITE_H
+
+#include "asn1.h"
+
+#define MBEDTLS_ASN1_CHK_ADD(g, f) do { if( ( ret = f ) < 0 ) return( ret ); else   \
+                                g += ret; } while( 0 )
+
+#ifdef __cplusplus
+extern "C" {
+#endif
+
+/**
+ * \brief           Write a length field in ASN.1 format
+ *                  Note: function works backwards in data buffer
+ *
+ * \param p         reference to current position pointer
+ * \param start     start of the buffer (for bounds-checking)
+ * \param len       the length to write
+ *
+ * \return          the length written or a negative error code
+ */
+int mbedtls_asn1_write_len( unsigned char **p, unsigned char *start, size_t len );
+
+/**
+ * \brief           Write a ASN.1 tag in ASN.1 format
+ *                  Note: function works backwards in data buffer
+ *
+ * \param p         reference to current position pointer
+ * \param start     start of the buffer (for bounds-checking)
+ * \param tag       the tag to write
+ *
+ * \return          the length written or a negative error code
+ */
+int mbedtls_asn1_write_tag( unsigned char **p, unsigned char *start,
+                    unsigned char tag );
+
+/**
+ * \brief           Write raw buffer data
+ *                  Note: function works backwards in data buffer
+ *
+ * \param p         reference to current position pointer
+ * \param start     start of the buffer (for bounds-checking)
+ * \param buf       data buffer to write
+ * \param size      length of the data buffer
+ *
+ * \return          the length written or a negative error code
+ */
+int mbedtls_asn1_write_raw_buffer( unsigned char **p, unsigned char *start,
+                           const unsigned char *buf, size_t size );
+
+#if defined(MBEDTLS_BIGNUM_C)
+/**
+ * \brief           Write a big number (MBEDTLS_ASN1_INTEGER) in ASN.1 format
+ *                  Note: function works backwards in data buffer
+ *
+ * \param p         reference to current position pointer
+ * \param start     start of the buffer (for bounds-checking)
+ * \param X         the MPI to write
+ *
+ * \return          the length written or a negative error code
+ */
+int mbedtls_asn1_write_mpi( unsigned char **p, unsigned char *start, const mbedtls_mpi *X );
+#endif /* MBEDTLS_BIGNUM_C */
+
+/**
+ * \brief           Write a NULL tag (MBEDTLS_ASN1_NULL) with zero data in ASN.1 format
+ *                  Note: function works backwards in data buffer
+ *
+ * \param p         reference to current position pointer
+ * \param start     start of the buffer (for bounds-checking)
+ *
+ * \return          the length written or a negative error code
+ */
+int mbedtls_asn1_write_null( unsigned char **p, unsigned char *start );
+
+/**
+ * \brief           Write an OID tag (MBEDTLS_ASN1_OID) and data in ASN.1 format
+ *                  Note: function works backwards in data buffer
+ *
+ * \param p         reference to current position pointer
+ * \param start     start of the buffer (for bounds-checking)
+ * \param oid       the OID to write
+ * \param oid_len   length of the OID
+ *
+ * \return          the length written or a negative error code
+ */
+int mbedtls_asn1_write_oid( unsigned char **p, unsigned char *start,
+                    const char *oid, size_t oid_len );
+
+/**
+ * \brief           Write an AlgorithmIdentifier sequence in ASN.1 format
+ *                  Note: function works backwards in data buffer
+ *
+ * \param p         reference to current position pointer
+ * \param start     start of the buffer (for bounds-checking)
+ * \param oid       the OID of the algorithm
+ * \param oid_len   length of the OID
+ * \param par_len   length of parameters, which must be already written.
+ *                  If 0, NULL parameters are added
+ *
+ * \return          the length written or a negative error code
+ */
+int mbedtls_asn1_write_algorithm_identifier( unsigned char **p, unsigned char *start,
+                                     const char *oid, size_t oid_len,
+                                     size_t par_len );
+
+/**
+ * \brief           Write a boolean tag (MBEDTLS_ASN1_BOOLEAN) and value in ASN.1 format
+ *                  Note: function works backwards in data buffer
+ *
+ * \param p         reference to current position pointer
+ * \param start     start of the buffer (for bounds-checking)
+ * \param boolean   0 or 1
+ *
+ * \return          the length written or a negative error code
+ */
+int mbedtls_asn1_write_bool( unsigned char **p, unsigned char *start, int boolean );
+
+/**
+ * \brief           Write an int tag (MBEDTLS_ASN1_INTEGER) and value in ASN.1 format
+ *                  Note: function works backwards in data buffer
+ *
+ * \param p         reference to current position pointer
+ * \param start     start of the buffer (for bounds-checking)
+ * \param val       the integer value
+ *
+ * \return          the length written or a negative error code
+ */
+int mbedtls_asn1_write_int( unsigned char **p, unsigned char *start, int val );
+
+/**
+ * \brief           Write a printable string tag (MBEDTLS_ASN1_PRINTABLE_STRING) and
+ *                  value in ASN.1 format
+ *                  Note: function works backwards in data buffer
+ *
+ * \param p         reference to current position pointer
+ * \param start     start of the buffer (for bounds-checking)
+ * \param text      the text to write
+ * \param text_len  length of the text
+ *
+ * \return          the length written or a negative error code
+ */
+int mbedtls_asn1_write_printable_string( unsigned char **p, unsigned char *start,
+                                 const char *text, size_t text_len );
+
+/**
+ * \brief           Write an IA5 string tag (MBEDTLS_ASN1_IA5_STRING) and
+ *                  value in ASN.1 format
+ *                  Note: function works backwards in data buffer
+ *
+ * \param p         reference to current position pointer
+ * \param start     start of the buffer (for bounds-checking)
+ * \param text      the text to write
+ * \param text_len  length of the text
+ *
+ * \return          the length written or a negative error code
+ */
+int mbedtls_asn1_write_ia5_string( unsigned char **p, unsigned char *start,
+                           const char *text, size_t text_len );
+
+/**
+ * \brief           Write a bitstring tag (MBEDTLS_ASN1_BIT_STRING) and
+ *                  value in ASN.1 format
+ *                  Note: function works backwards in data buffer
+ *
+ * \param p         reference to current position pointer
+ * \param start     start of the buffer (for bounds-checking)
+ * \param buf       the bitstring
+ * \param bits      the total number of bits in the bitstring
+ *
+ * \return          the length written or a negative error code
+ */
+int mbedtls_asn1_write_bitstring( unsigned char **p, unsigned char *start,
+                          const unsigned char *buf, size_t bits );
+
+/**
+ * \brief           Write an octet string tag (MBEDTLS_ASN1_OCTET_STRING) and
+ *                  value in ASN.1 format
+ *                  Note: function works backwards in data buffer
+ *
+ * \param p         reference to current position pointer
+ * \param start     start of the buffer (for bounds-checking)
+ * \param buf       data buffer to write
+ * \param size      length of the data buffer
+ *
+ * \return          the length written or a negative error code
+ */
+int mbedtls_asn1_write_octet_string( unsigned char **p, unsigned char *start,
+                             const unsigned char *buf, size_t size );
+
+/**
+ * \brief           Create or find a specific named_data entry for writing in a
+ *                  sequence or list based on the OID. If not already in there,
+ *                  a new entry is added to the head of the list.
+ *                  Warning: Destructive behaviour for the val data!
+ *
+ * \param list      Pointer to the location of the head of the list to seek
+ *                  through (will be updated in case of a new entry)
+ * \param oid       The OID to look for
+ * \param oid_len   Size of the OID
+ * \param val       Data to store (can be NULL if you want to fill it by hand)
+ * \param val_len   Minimum length of the data buffer needed
+ *
+ * \return      NULL if if there was a memory allocation error, or a pointer
+ *              to the new / existing entry.
+ */
+mbedtls_asn1_named_data *mbedtls_asn1_store_named_data( mbedtls_asn1_named_data **list,
+                                        const char *oid, size_t oid_len,
+                                        const unsigned char *val,
+                                        size_t val_len );
+
+#ifdef __cplusplus
+}
+#endif
+
+#endif /* MBEDTLS_ASN1_WRITE_H */
diff --git a/client/3rd/ShadowSocks/ShadowSocks/mbedtls/include/base64.h b/client/3rd/ShadowSocks/ShadowSocks/mbedtls/include/base64.h
new file mode 100644
index 00000000..352c652d
--- /dev/null
+++ b/client/3rd/ShadowSocks/ShadowSocks/mbedtls/include/base64.h
@@ -0,0 +1,88 @@
+/**
+ * \file base64.h
+ *
+ * \brief RFC 1521 base64 encoding/decoding
+ *
+ *  Copyright (C) 2006-2015, ARM Limited, All Rights Reserved
+ *  SPDX-License-Identifier: Apache-2.0
+ *
+ *  Licensed under the Apache License, Version 2.0 (the "License"); you may
+ *  not use this file except in compliance with the License.
+ *  You may obtain a copy of the License at
+ *
+ *  http://www.apache.org/licenses/LICENSE-2.0
+ *
+ *  Unless required by applicable law or agreed to in writing, software
+ *  distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
+ *  WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ *  See the License for the specific language governing permissions and
+ *  limitations under the License.
+ *
+ *  This file is part of mbed TLS (https://tls.mbed.org)
+ */
+#ifndef MBEDTLS_BASE64_H
+#define MBEDTLS_BASE64_H
+
+#include <stddef.h>
+
+#define MBEDTLS_ERR_BASE64_BUFFER_TOO_SMALL               -0x002A  /**< Output buffer too small. */
+#define MBEDTLS_ERR_BASE64_INVALID_CHARACTER              -0x002C  /**< Invalid character in input. */
+
+#ifdef __cplusplus
+extern "C" {
+#endif
+
+/**
+ * \brief          Encode a buffer into base64 format
+ *
+ * \param dst      destination buffer
+ * \param dlen     size of the destination buffer
+ * \param olen     number of bytes written
+ * \param src      source buffer
+ * \param slen     amount of data to be encoded
+ *
+ * \return         0 if successful, or MBEDTLS_ERR_BASE64_BUFFER_TOO_SMALL.
+ *                 *olen is always updated to reflect the amount
+ *                 of data that has (or would have) been written.
+ *                 If that length cannot be represented, then no data is
+ *                 written to the buffer and *olen is set to the maximum
+ *                 length representable as a size_t.
+ *
+ * \note           Call this function with dlen = 0 to obtain the
+ *                 required buffer size in *olen
+ */
+int mbedtls_base64_encode( unsigned char *dst, size_t dlen, size_t *olen,
+                   const unsigned char *src, size_t slen );
+
+/**
+ * \brief          Decode a base64-formatted buffer
+ *
+ * \param dst      destination buffer (can be NULL for checking size)
+ * \param dlen     size of the destination buffer
+ * \param olen     number of bytes written
+ * \param src      source buffer
+ * \param slen     amount of data to be decoded
+ *
+ * \return         0 if successful, MBEDTLS_ERR_BASE64_BUFFER_TOO_SMALL, or
+ *                 MBEDTLS_ERR_BASE64_INVALID_CHARACTER if the input data is
+ *                 not correct. *olen is always updated to reflect the amount
+ *                 of data that has (or would have) been written.
+ *
+ * \note           Call this function with *dst = NULL or dlen = 0 to obtain
+ *                 the required buffer size in *olen
+ */
+int mbedtls_base64_decode( unsigned char *dst, size_t dlen, size_t *olen,
+                   const unsigned char *src, size_t slen );
+
+/**
+ * \brief          Checkup routine
+ *
+ * \return         0 if successful, or 1 if the test failed
+ */
+int mbedtls_base64_self_test( int verbose );
+
+#ifdef __cplusplus
+}
+#endif
+
+#endif /* base64.h */
diff --git a/client/3rd/ShadowSocks/ShadowSocks/mbedtls/include/bignum.h b/client/3rd/ShadowSocks/ShadowSocks/mbedtls/include/bignum.h
new file mode 100644
index 00000000..146224a2
--- /dev/null
+++ b/client/3rd/ShadowSocks/ShadowSocks/mbedtls/include/bignum.h
@@ -0,0 +1,716 @@
+/**
+ * \file bignum.h
+ *
+ * \brief  Multi-precision integer library
+ *
+ *  Copyright (C) 2006-2015, ARM Limited, All Rights Reserved
+ *  SPDX-License-Identifier: Apache-2.0
+ *
+ *  Licensed under the Apache License, Version 2.0 (the "License"); you may
+ *  not use this file except in compliance with the License.
+ *  You may obtain a copy of the License at
+ *
+ *  http://www.apache.org/licenses/LICENSE-2.0
+ *
+ *  Unless required by applicable law or agreed to in writing, software
+ *  distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
+ *  WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ *  See the License for the specific language governing permissions and
+ *  limitations under the License.
+ *
+ *  This file is part of mbed TLS (https://tls.mbed.org)
+ */
+#ifndef MBEDTLS_BIGNUM_H
+#define MBEDTLS_BIGNUM_H
+
+#if !defined(MBEDTLS_CONFIG_FILE)
+#include "config.h"
+#else
+#include MBEDTLS_CONFIG_FILE
+#endif
+
+#include <stddef.h>
+#include <stdint.h>
+
+#if defined(MBEDTLS_FS_IO)
+#include <stdio.h>
+#endif
+
+#define MBEDTLS_ERR_MPI_FILE_IO_ERROR                     -0x0002  /**< An error occurred while reading from or writing to a file. */
+#define MBEDTLS_ERR_MPI_BAD_INPUT_DATA                    -0x0004  /**< Bad input parameters to function. */
+#define MBEDTLS_ERR_MPI_INVALID_CHARACTER                 -0x0006  /**< There is an invalid character in the digit string. */
+#define MBEDTLS_ERR_MPI_BUFFER_TOO_SMALL                  -0x0008  /**< The buffer is too small to write to. */
+#define MBEDTLS_ERR_MPI_NEGATIVE_VALUE                    -0x000A  /**< The input arguments are negative or result in illegal output. */
+#define MBEDTLS_ERR_MPI_DIVISION_BY_ZERO                  -0x000C  /**< The input argument for division is zero, which is not allowed. */
+#define MBEDTLS_ERR_MPI_NOT_ACCEPTABLE                    -0x000E  /**< The input arguments are not acceptable. */
+#define MBEDTLS_ERR_MPI_ALLOC_FAILED                      -0x0010  /**< Memory allocation failed. */
+
+#define MBEDTLS_MPI_CHK(f) do { if( ( ret = f ) != 0 ) goto cleanup; } while( 0 )
+
+/*
+ * Maximum size MPIs are allowed to grow to in number of limbs.
+ */
+#define MBEDTLS_MPI_MAX_LIMBS                             10000
+
+#if !defined(MBEDTLS_MPI_WINDOW_SIZE)
+/*
+ * Maximum window size used for modular exponentiation. Default: 6
+ * Minimum value: 1. Maximum value: 6.
+ *
+ * Result is an array of ( 2 << MBEDTLS_MPI_WINDOW_SIZE ) MPIs used
+ * for the sliding window calculation. (So 64 by default)
+ *
+ * Reduction in size, reduces speed.
+ */
+#define MBEDTLS_MPI_WINDOW_SIZE                           6        /**< Maximum windows size used. */
+#endif /* !MBEDTLS_MPI_WINDOW_SIZE */
+
+#if !defined(MBEDTLS_MPI_MAX_SIZE)
+/*
+ * Maximum size of MPIs allowed in bits and bytes for user-MPIs.
+ * ( Default: 512 bytes => 4096 bits, Maximum tested: 2048 bytes => 16384 bits )
+ *
+ * Note: Calculations can results temporarily in larger MPIs. So the number
+ * of limbs required (MBEDTLS_MPI_MAX_LIMBS) is higher.
+ */
+#define MBEDTLS_MPI_MAX_SIZE                              1024     /**< Maximum number of bytes for usable MPIs. */
+#endif /* !MBEDTLS_MPI_MAX_SIZE */
+
+#define MBEDTLS_MPI_MAX_BITS                              ( 8 * MBEDTLS_MPI_MAX_SIZE )    /**< Maximum number of bits for usable MPIs. */
+
+/*
+ * When reading from files with mbedtls_mpi_read_file() and writing to files with
+ * mbedtls_mpi_write_file() the buffer should have space
+ * for a (short) label, the MPI (in the provided radix), the newline
+ * characters and the '\0'.
+ *
+ * By default we assume at least a 10 char label, a minimum radix of 10
+ * (decimal) and a maximum of 4096 bit numbers (1234 decimal chars).
+ * Autosized at compile time for at least a 10 char label, a minimum radix
+ * of 10 (decimal) for a number of MBEDTLS_MPI_MAX_BITS size.
+ *
+ * This used to be statically sized to 1250 for a maximum of 4096 bit
+ * numbers (1234 decimal chars).
+ *
+ * Calculate using the formula:
+ *  MBEDTLS_MPI_RW_BUFFER_SIZE = ceil(MBEDTLS_MPI_MAX_BITS / ln(10) * ln(2)) +
+ *                                LabelSize + 6
+ */
+#define MBEDTLS_MPI_MAX_BITS_SCALE100          ( 100 * MBEDTLS_MPI_MAX_BITS )
+#define MBEDTLS_LN_2_DIV_LN_10_SCALE100                 332
+#define MBEDTLS_MPI_RW_BUFFER_SIZE             ( ((MBEDTLS_MPI_MAX_BITS_SCALE100 + MBEDTLS_LN_2_DIV_LN_10_SCALE100 - 1) / MBEDTLS_LN_2_DIV_LN_10_SCALE100) + 10 + 6 )
+
+/*
+ * Define the base integer type, architecture-wise.
+ *
+ * 32-bit integers can be forced on 64-bit arches (eg. for testing purposes)
+ * by defining MBEDTLS_HAVE_INT32 and undefining MBEDTLS_HAVE_ASM
+ */
+#if ( ! defined(MBEDTLS_HAVE_INT32) && \
+        defined(_MSC_VER) && defined(_M_AMD64) )
+  #define MBEDTLS_HAVE_INT64
+  typedef  int64_t mbedtls_mpi_sint;
+  typedef uint64_t mbedtls_mpi_uint;
+#else
+  #if ( ! defined(MBEDTLS_HAVE_INT32) &&               \
+        defined(__GNUC__) && (                          \
+        defined(__amd64__) || defined(__x86_64__)    || \
+        defined(__ppc64__) || defined(__powerpc64__) || \
+        defined(__ia64__)  || defined(__alpha__)     || \
+        (defined(__sparc__) && defined(__arch64__))  || \
+        defined(__s390x__) || defined(__mips64) ) )
+     #define MBEDTLS_HAVE_INT64
+     typedef  int64_t mbedtls_mpi_sint;
+     typedef uint64_t mbedtls_mpi_uint;
+     typedef unsigned int mbedtls_t_udbl __attribute__((mode(TI)));
+     #define MBEDTLS_HAVE_UDBL
+  #else
+     #define MBEDTLS_HAVE_INT32
+     typedef  int32_t mbedtls_mpi_sint;
+     typedef uint32_t mbedtls_mpi_uint;
+     typedef uint64_t mbedtls_t_udbl;
+     #define MBEDTLS_HAVE_UDBL
+  #endif /* !MBEDTLS_HAVE_INT32 && __GNUC__ && 64-bit platform */
+#endif /* !MBEDTLS_HAVE_INT32 && _MSC_VER && _M_AMD64 */
+
+#ifdef __cplusplus
+extern "C" {
+#endif
+
+/**
+ * \brief          MPI structure
+ */
+typedef struct
+{
+    int s;              /*!<  integer sign      */
+    size_t n;           /*!<  total # of limbs  */
+    mbedtls_mpi_uint *p;          /*!<  pointer to limbs  */
+}
+mbedtls_mpi;
+
+/**
+ * \brief           Initialize one MPI (make internal references valid)
+ *                  This just makes it ready to be set or freed,
+ *                  but does not define a value for the MPI.
+ *
+ * \param X         One MPI to initialize.
+ */
+void mbedtls_mpi_init( mbedtls_mpi *X );
+
+/**
+ * \brief          Unallocate one MPI
+ *
+ * \param X        One MPI to unallocate.
+ */
+void mbedtls_mpi_free( mbedtls_mpi *X );
+
+/**
+ * \brief          Enlarge to the specified number of limbs
+ *
+ * \param X        MPI to grow
+ * \param nblimbs  The target number of limbs
+ *
+ * \return         0 if successful,
+ *                 MBEDTLS_ERR_MPI_ALLOC_FAILED if memory allocation failed
+ */
+int mbedtls_mpi_grow( mbedtls_mpi *X, size_t nblimbs );
+
+/**
+ * \brief          Resize down, keeping at least the specified number of limbs
+ *
+ * \param X        MPI to shrink
+ * \param nblimbs  The minimum number of limbs to keep
+ *
+ * \return         0 if successful,
+ *                 MBEDTLS_ERR_MPI_ALLOC_FAILED if memory allocation failed
+ */
+int mbedtls_mpi_shrink( mbedtls_mpi *X, size_t nblimbs );
+
+/**
+ * \brief          Copy the contents of Y into X
+ *
+ * \param X        Destination MPI
+ * \param Y        Source MPI
+ *
+ * \return         0 if successful,
+ *                 MBEDTLS_ERR_MPI_ALLOC_FAILED if memory allocation failed
+ */
+int mbedtls_mpi_copy( mbedtls_mpi *X, const mbedtls_mpi *Y );
+
+/**
+ * \brief          Swap the contents of X and Y
+ *
+ * \param X        First MPI value
+ * \param Y        Second MPI value
+ */
+void mbedtls_mpi_swap( mbedtls_mpi *X, mbedtls_mpi *Y );
+
+/**
+ * \brief          Safe conditional assignement X = Y if assign is 1
+ *
+ * \param X        MPI to conditionally assign to
+ * \param Y        Value to be assigned
+ * \param assign   1: perform the assignment, 0: keep X's original value
+ *
+ * \return         0 if successful,
+ *                 MBEDTLS_ERR_MPI_ALLOC_FAILED if memory allocation failed,
+ *
+ * \note           This function is equivalent to
+ *                      if( assign ) mbedtls_mpi_copy( X, Y );
+ *                 except that it avoids leaking any information about whether
+ *                 the assignment was done or not (the above code may leak
+ *                 information through branch prediction and/or memory access
+ *                 patterns analysis).
+ */
+int mbedtls_mpi_safe_cond_assign( mbedtls_mpi *X, const mbedtls_mpi *Y, unsigned char assign );
+
+/**
+ * \brief          Safe conditional swap X <-> Y if swap is 1
+ *
+ * \param X        First mbedtls_mpi value
+ * \param Y        Second mbedtls_mpi value
+ * \param assign   1: perform the swap, 0: keep X and Y's original values
+ *
+ * \return         0 if successful,
+ *                 MBEDTLS_ERR_MPI_ALLOC_FAILED if memory allocation failed,
+ *
+ * \note           This function is equivalent to
+ *                      if( assign ) mbedtls_mpi_swap( X, Y );
+ *                 except that it avoids leaking any information about whether
+ *                 the assignment was done or not (the above code may leak
+ *                 information through branch prediction and/or memory access
+ *                 patterns analysis).
+ */
+int mbedtls_mpi_safe_cond_swap( mbedtls_mpi *X, mbedtls_mpi *Y, unsigned char assign );
+
+/**
+ * \brief          Set value from integer
+ *
+ * \param X        MPI to set
+ * \param z        Value to use
+ *
+ * \return         0 if successful,
+ *                 MBEDTLS_ERR_MPI_ALLOC_FAILED if memory allocation failed
+ */
+int mbedtls_mpi_lset( mbedtls_mpi *X, mbedtls_mpi_sint z );
+
+/**
+ * \brief          Get a specific bit from X
+ *
+ * \param X        MPI to use
+ * \param pos      Zero-based index of the bit in X
+ *
+ * \return         Either a 0 or a 1
+ */
+int mbedtls_mpi_get_bit( const mbedtls_mpi *X, size_t pos );
+
+/**
+ * \brief          Set a bit of X to a specific value of 0 or 1
+ *
+ * \note           Will grow X if necessary to set a bit to 1 in a not yet
+ *                 existing limb. Will not grow if bit should be set to 0
+ *
+ * \param X        MPI to use
+ * \param pos      Zero-based index of the bit in X
+ * \param val      The value to set the bit to (0 or 1)
+ *
+ * \return         0 if successful,
+ *                 MBEDTLS_ERR_MPI_ALLOC_FAILED if memory allocation failed,
+ *                 MBEDTLS_ERR_MPI_BAD_INPUT_DATA if val is not 0 or 1
+ */
+int mbedtls_mpi_set_bit( mbedtls_mpi *X, size_t pos, unsigned char val );
+
+/**
+ * \brief          Return the number of zero-bits before the least significant
+ *                 '1' bit
+ *
+ * Note: Thus also the zero-based index of the least significant '1' bit
+ *
+ * \param X        MPI to use
+ */
+size_t mbedtls_mpi_lsb( const mbedtls_mpi *X );
+
+/**
+ * \brief          Return the number of bits up to and including the most
+ *                 significant '1' bit'
+ *
+ * Note: Thus also the one-based index of the most significant '1' bit
+ *
+ * \param X        MPI to use
+ */
+size_t mbedtls_mpi_bitlen( const mbedtls_mpi *X );
+
+/**
+ * \brief          Return the total size in bytes
+ *
+ * \param X        MPI to use
+ */
+size_t mbedtls_mpi_size( const mbedtls_mpi *X );
+
+/**
+ * \brief          Import from an ASCII string
+ *
+ * \param X        Destination MPI
+ * \param radix    Input numeric base
+ * \param s        Null-terminated string buffer
+ *
+ * \return         0 if successful, or a MBEDTLS_ERR_MPI_XXX error code
+ */
+int mbedtls_mpi_read_string( mbedtls_mpi *X, int radix, const char *s );
+
+/**
+ * \brief          Export into an ASCII string
+ *
+ * \param X        Source MPI
+ * \param radix    Output numeric base
+ * \param buf      Buffer to write the string to
+ * \param buflen   Length of buf
+ * \param olen     Length of the string written, including final NUL byte
+ *
+ * \return         0 if successful, or a MBEDTLS_ERR_MPI_XXX error code.
+ *                 *olen is always updated to reflect the amount
+ *                 of data that has (or would have) been written.
+ *
+ * \note           Call this function with buflen = 0 to obtain the
+ *                 minimum required buffer size in *olen.
+ */
+int mbedtls_mpi_write_string( const mbedtls_mpi *X, int radix,
+                              char *buf, size_t buflen, size_t *olen );
+
+#if defined(MBEDTLS_FS_IO)
+/**
+ * \brief          Read X from an opened file
+ *
+ * \param X        Destination MPI
+ * \param radix    Input numeric base
+ * \param fin      Input file handle
+ *
+ * \return         0 if successful, MBEDTLS_ERR_MPI_BUFFER_TOO_SMALL if
+ *                 the file read buffer is too small or a
+ *                 MBEDTLS_ERR_MPI_XXX error code
+ */
+int mbedtls_mpi_read_file( mbedtls_mpi *X, int radix, FILE *fin );
+
+/**
+ * \brief          Write X into an opened file, or stdout if fout is NULL
+ *
+ * \param p        Prefix, can be NULL
+ * \param X        Source MPI
+ * \param radix    Output numeric base
+ * \param fout     Output file handle (can be NULL)
+ *
+ * \return         0 if successful, or a MBEDTLS_ERR_MPI_XXX error code
+ *
+ * \note           Set fout == NULL to print X on the console.
+ */
+int mbedtls_mpi_write_file( const char *p, const mbedtls_mpi *X, int radix, FILE *fout );
+#endif /* MBEDTLS_FS_IO */
+
+/**
+ * \brief          Import X from unsigned binary data, big endian
+ *
+ * \param X        Destination MPI
+ * \param buf      Input buffer
+ * \param buflen   Input buffer size
+ *
+ * \return         0 if successful,
+ *                 MBEDTLS_ERR_MPI_ALLOC_FAILED if memory allocation failed
+ */
+int mbedtls_mpi_read_binary( mbedtls_mpi *X, const unsigned char *buf, size_t buflen );
+
+/**
+ * \brief          Export X into unsigned binary data, big endian.
+ *                 Always fills the whole buffer, which will start with zeros
+ *                 if the number is smaller.
+ *
+ * \param X        Source MPI
+ * \param buf      Output buffer
+ * \param buflen   Output buffer size
+ *
+ * \return         0 if successful,
+ *                 MBEDTLS_ERR_MPI_BUFFER_TOO_SMALL if buf isn't large enough
+ */
+int mbedtls_mpi_write_binary( const mbedtls_mpi *X, unsigned char *buf, size_t buflen );
+
+/**
+ * \brief          Left-shift: X <<= count
+ *
+ * \param X        MPI to shift
+ * \param count    Amount to shift
+ *
+ * \return         0 if successful,
+ *                 MBEDTLS_ERR_MPI_ALLOC_FAILED if memory allocation failed
+ */
+int mbedtls_mpi_shift_l( mbedtls_mpi *X, size_t count );
+
+/**
+ * \brief          Right-shift: X >>= count
+ *
+ * \param X        MPI to shift
+ * \param count    Amount to shift
+ *
+ * \return         0 if successful,
+ *                 MBEDTLS_ERR_MPI_ALLOC_FAILED if memory allocation failed
+ */
+int mbedtls_mpi_shift_r( mbedtls_mpi *X, size_t count );
+
+/**
+ * \brief          Compare unsigned values
+ *
+ * \param X        Left-hand MPI
+ * \param Y        Right-hand MPI
+ *
+ * \return         1 if |X| is greater than |Y|,
+ *                -1 if |X| is lesser  than |Y| or
+ *                 0 if |X| is equal to |Y|
+ */
+int mbedtls_mpi_cmp_abs( const mbedtls_mpi *X, const mbedtls_mpi *Y );
+
+/**
+ * \brief          Compare signed values
+ *
+ * \param X        Left-hand MPI
+ * \param Y        Right-hand MPI
+ *
+ * \return         1 if X is greater than Y,
+ *                -1 if X is lesser  than Y or
+ *                 0 if X is equal to Y
+ */
+int mbedtls_mpi_cmp_mpi( const mbedtls_mpi *X, const mbedtls_mpi *Y );
+
+/**
+ * \brief          Compare signed values
+ *
+ * \param X        Left-hand MPI
+ * \param z        The integer value to compare to
+ *
+ * \return         1 if X is greater than z,
+ *                -1 if X is lesser  than z or
+ *                 0 if X is equal to z
+ */
+int mbedtls_mpi_cmp_int( const mbedtls_mpi *X, mbedtls_mpi_sint z );
+
+/**
+ * \brief          Unsigned addition: X = |A| + |B|
+ *
+ * \param X        Destination MPI
+ * \param A        Left-hand MPI
+ * \param B        Right-hand MPI
+ *
+ * \return         0 if successful,
+ *                 MBEDTLS_ERR_MPI_ALLOC_FAILED if memory allocation failed
+ */
+int mbedtls_mpi_add_abs( mbedtls_mpi *X, const mbedtls_mpi *A, const mbedtls_mpi *B );
+
+/**
+ * \brief          Unsigned subtraction: X = |A| - |B|
+ *
+ * \param X        Destination MPI
+ * \param A        Left-hand MPI
+ * \param B        Right-hand MPI
+ *
+ * \return         0 if successful,
+ *                 MBEDTLS_ERR_MPI_NEGATIVE_VALUE if B is greater than A
+ */
+int mbedtls_mpi_sub_abs( mbedtls_mpi *X, const mbedtls_mpi *A, const mbedtls_mpi *B );
+
+/**
+ * \brief          Signed addition: X = A + B
+ *
+ * \param X        Destination MPI
+ * \param A        Left-hand MPI
+ * \param B        Right-hand MPI
+ *
+ * \return         0 if successful,
+ *                 MBEDTLS_ERR_MPI_ALLOC_FAILED if memory allocation failed
+ */
+int mbedtls_mpi_add_mpi( mbedtls_mpi *X, const mbedtls_mpi *A, const mbedtls_mpi *B );
+
+/**
+ * \brief          Signed subtraction: X = A - B
+ *
+ * \param X        Destination MPI
+ * \param A        Left-hand MPI
+ * \param B        Right-hand MPI
+ *
+ * \return         0 if successful,
+ *                 MBEDTLS_ERR_MPI_ALLOC_FAILED if memory allocation failed
+ */
+int mbedtls_mpi_sub_mpi( mbedtls_mpi *X, const mbedtls_mpi *A, const mbedtls_mpi *B );
+
+/**
+ * \brief          Signed addition: X = A + b
+ *
+ * \param X        Destination MPI
+ * \param A        Left-hand MPI
+ * \param b        The integer value to add
+ *
+ * \return         0 if successful,
+ *                 MBEDTLS_ERR_MPI_ALLOC_FAILED if memory allocation failed
+ */
+int mbedtls_mpi_add_int( mbedtls_mpi *X, const mbedtls_mpi *A, mbedtls_mpi_sint b );
+
+/**
+ * \brief          Signed subtraction: X = A - b
+ *
+ * \param X        Destination MPI
+ * \param A        Left-hand MPI
+ * \param b        The integer value to subtract
+ *
+ * \return         0 if successful,
+ *                 MBEDTLS_ERR_MPI_ALLOC_FAILED if memory allocation failed
+ */
+int mbedtls_mpi_sub_int( mbedtls_mpi *X, const mbedtls_mpi *A, mbedtls_mpi_sint b );
+
+/**
+ * \brief          Baseline multiplication: X = A * B
+ *
+ * \param X        Destination MPI
+ * \param A        Left-hand MPI
+ * \param B        Right-hand MPI
+ *
+ * \return         0 if successful,
+ *                 MBEDTLS_ERR_MPI_ALLOC_FAILED if memory allocation failed
+ */
+int mbedtls_mpi_mul_mpi( mbedtls_mpi *X, const mbedtls_mpi *A, const mbedtls_mpi *B );
+
+/**
+ * \brief          Baseline multiplication: X = A * b
+ *
+ * \param X        Destination MPI
+ * \param A        Left-hand MPI
+ * \param b        The unsigned integer value to multiply with
+ *
+ * \note           b is unsigned
+ *
+ * \return         0 if successful,
+ *                 MBEDTLS_ERR_MPI_ALLOC_FAILED if memory allocation failed
+ */
+int mbedtls_mpi_mul_int( mbedtls_mpi *X, const mbedtls_mpi *A, mbedtls_mpi_uint b );
+
+/**
+ * \brief          Division by mbedtls_mpi: A = Q * B + R
+ *
+ * \param Q        Destination MPI for the quotient
+ * \param R        Destination MPI for the rest value
+ * \param A        Left-hand MPI
+ * \param B        Right-hand MPI
+ *
+ * \return         0 if successful,
+ *                 MBEDTLS_ERR_MPI_ALLOC_FAILED if memory allocation failed,
+ *                 MBEDTLS_ERR_MPI_DIVISION_BY_ZERO if B == 0
+ *
+ * \note           Either Q or R can be NULL.
+ */
+int mbedtls_mpi_div_mpi( mbedtls_mpi *Q, mbedtls_mpi *R, const mbedtls_mpi *A, const mbedtls_mpi *B );
+
+/**
+ * \brief          Division by int: A = Q * b + R
+ *
+ * \param Q        Destination MPI for the quotient
+ * \param R        Destination MPI for the rest value
+ * \param A        Left-hand MPI
+ * \param b        Integer to divide by
+ *
+ * \return         0 if successful,
+ *                 MBEDTLS_ERR_MPI_ALLOC_FAILED if memory allocation failed,
+ *                 MBEDTLS_ERR_MPI_DIVISION_BY_ZERO if b == 0
+ *
+ * \note           Either Q or R can be NULL.
+ */
+int mbedtls_mpi_div_int( mbedtls_mpi *Q, mbedtls_mpi *R, const mbedtls_mpi *A, mbedtls_mpi_sint b );
+
+/**
+ * \brief          Modulo: R = A mod B
+ *
+ * \param R        Destination MPI for the rest value
+ * \param A        Left-hand MPI
+ * \param B        Right-hand MPI
+ *
+ * \return         0 if successful,
+ *                 MBEDTLS_ERR_MPI_ALLOC_FAILED if memory allocation failed,
+ *                 MBEDTLS_ERR_MPI_DIVISION_BY_ZERO if B == 0,
+ *                 MBEDTLS_ERR_MPI_NEGATIVE_VALUE if B < 0
+ */
+int mbedtls_mpi_mod_mpi( mbedtls_mpi *R, const mbedtls_mpi *A, const mbedtls_mpi *B );
+
+/**
+ * \brief          Modulo: r = A mod b
+ *
+ * \param r        Destination mbedtls_mpi_uint
+ * \param A        Left-hand MPI
+ * \param b        Integer to divide by
+ *
+ * \return         0 if successful,
+ *                 MBEDTLS_ERR_MPI_ALLOC_FAILED if memory allocation failed,
+ *                 MBEDTLS_ERR_MPI_DIVISION_BY_ZERO if b == 0,
+ *                 MBEDTLS_ERR_MPI_NEGATIVE_VALUE if b < 0
+ */
+int mbedtls_mpi_mod_int( mbedtls_mpi_uint *r, const mbedtls_mpi *A, mbedtls_mpi_sint b );
+
+/**
+ * \brief          Sliding-window exponentiation: X = A^E mod N
+ *
+ * \param X        Destination MPI
+ * \param A        Left-hand MPI
+ * \param E        Exponent MPI
+ * \param N        Modular MPI
+ * \param _RR      Speed-up MPI used for recalculations
+ *
+ * \return         0 if successful,
+ *                 MBEDTLS_ERR_MPI_ALLOC_FAILED if memory allocation failed,
+ *                 MBEDTLS_ERR_MPI_BAD_INPUT_DATA if N is negative or even or
+ *                 if E is negative
+ *
+ * \note           _RR is used to avoid re-computing R*R mod N across
+ *                 multiple calls, which speeds up things a bit. It can
+ *                 be set to NULL if the extra performance is unneeded.
+ */
+int mbedtls_mpi_exp_mod( mbedtls_mpi *X, const mbedtls_mpi *A, const mbedtls_mpi *E, const mbedtls_mpi *N, mbedtls_mpi *_RR );
+
+/**
+ * \brief          Fill an MPI X with size bytes of random
+ *
+ * \param X        Destination MPI
+ * \param size     Size in bytes
+ * \param f_rng    RNG function
+ * \param p_rng    RNG parameter
+ *
+ * \return         0 if successful,
+ *                 MBEDTLS_ERR_MPI_ALLOC_FAILED if memory allocation failed
+ */
+int mbedtls_mpi_fill_random( mbedtls_mpi *X, size_t size,
+                     int (*f_rng)(void *, unsigned char *, size_t),
+                     void *p_rng );
+
+/**
+ * \brief          Greatest common divisor: G = gcd(A, B)
+ *
+ * \param G        Destination MPI
+ * \param A        Left-hand MPI
+ * \param B        Right-hand MPI
+ *
+ * \return         0 if successful,
+ *                 MBEDTLS_ERR_MPI_ALLOC_FAILED if memory allocation failed
+ */
+int mbedtls_mpi_gcd( mbedtls_mpi *G, const mbedtls_mpi *A, const mbedtls_mpi *B );
+
+/**
+ * \brief          Modular inverse: X = A^-1 mod N
+ *
+ * \param X        Destination MPI
+ * \param A        Left-hand MPI
+ * \param N        Right-hand MPI
+ *
+ * \return         0 if successful,
+ *                 MBEDTLS_ERR_MPI_ALLOC_FAILED if memory allocation failed,
+ *                 MBEDTLS_ERR_MPI_BAD_INPUT_DATA if N is negative or nil
+                   MBEDTLS_ERR_MPI_NOT_ACCEPTABLE if A has no inverse mod N
+ */
+int mbedtls_mpi_inv_mod( mbedtls_mpi *X, const mbedtls_mpi *A, const mbedtls_mpi *N );
+
+/**
+ * \brief          Miller-Rabin primality test
+ *
+ * \param X        MPI to check
+ * \param f_rng    RNG function
+ * \param p_rng    RNG parameter
+ *
+ * \return         0 if successful (probably prime),
+ *                 MBEDTLS_ERR_MPI_ALLOC_FAILED if memory allocation failed,
+ *                 MBEDTLS_ERR_MPI_NOT_ACCEPTABLE if X is not prime
+ */
+int mbedtls_mpi_is_prime( const mbedtls_mpi *X,
+                  int (*f_rng)(void *, unsigned char *, size_t),
+                  void *p_rng );
+
+/**
+ * \brief          Prime number generation
+ *
+ * \param X        Destination MPI
+ * \param nbits    Required size of X in bits
+ *                 ( 3 <= nbits <= MBEDTLS_MPI_MAX_BITS )
+ * \param dh_flag  If 1, then (X-1)/2 will be prime too
+ * \param f_rng    RNG function
+ * \param p_rng    RNG parameter
+ *
+ * \return         0 if successful (probably prime),
+ *                 MBEDTLS_ERR_MPI_ALLOC_FAILED if memory allocation failed,
+ *                 MBEDTLS_ERR_MPI_BAD_INPUT_DATA if nbits is < 3
+ */
+int mbedtls_mpi_gen_prime( mbedtls_mpi *X, size_t nbits, int dh_flag,
+                   int (*f_rng)(void *, unsigned char *, size_t),
+                   void *p_rng );
+
+/**
+ * \brief          Checkup routine
+ *
+ * \return         0 if successful, or 1 if the test failed
+ */
+int mbedtls_mpi_self_test( int verbose );
+
+#ifdef __cplusplus
+}
+#endif
+
+#endif /* bignum.h */
diff --git a/client/3rd/ShadowSocks/ShadowSocks/mbedtls/include/blowfish.h b/client/3rd/ShadowSocks/ShadowSocks/mbedtls/include/blowfish.h
new file mode 100644
index 00000000..34626eef
--- /dev/null
+++ b/client/3rd/ShadowSocks/ShadowSocks/mbedtls/include/blowfish.h
@@ -0,0 +1,203 @@
+/**
+ * \file blowfish.h
+ *
+ * \brief Blowfish block cipher
+ *
+ *  Copyright (C) 2006-2015, ARM Limited, All Rights Reserved
+ *  SPDX-License-Identifier: Apache-2.0
+ *
+ *  Licensed under the Apache License, Version 2.0 (the "License"); you may
+ *  not use this file except in compliance with the License.
+ *  You may obtain a copy of the License at
+ *
+ *  http://www.apache.org/licenses/LICENSE-2.0
+ *
+ *  Unless required by applicable law or agreed to in writing, software
+ *  distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
+ *  WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ *  See the License for the specific language governing permissions and
+ *  limitations under the License.
+ *
+ *  This file is part of mbed TLS (https://tls.mbed.org)
+ */
+#ifndef MBEDTLS_BLOWFISH_H
+#define MBEDTLS_BLOWFISH_H
+
+#if !defined(MBEDTLS_CONFIG_FILE)
+#include "config.h"
+#else
+#include MBEDTLS_CONFIG_FILE
+#endif
+
+#include <stddef.h>
+#include <stdint.h>
+
+#define MBEDTLS_BLOWFISH_ENCRYPT     1
+#define MBEDTLS_BLOWFISH_DECRYPT     0
+#define MBEDTLS_BLOWFISH_MAX_KEY_BITS     448
+#define MBEDTLS_BLOWFISH_MIN_KEY_BITS     32
+#define MBEDTLS_BLOWFISH_ROUNDS      16         /**< Rounds to use. When increasing this value, make sure to extend the initialisation vectors */
+#define MBEDTLS_BLOWFISH_BLOCKSIZE   8          /* Blowfish uses 64 bit blocks */
+
+#define MBEDTLS_ERR_BLOWFISH_INVALID_KEY_LENGTH                -0x0016  /**< Invalid key length. */
+#define MBEDTLS_ERR_BLOWFISH_INVALID_INPUT_LENGTH              -0x0018  /**< Invalid data input length. */
+
+#if !defined(MBEDTLS_BLOWFISH_ALT)
+// Regular implementation
+//
+
+#ifdef __cplusplus
+extern "C" {
+#endif
+
+/**
+ * \brief          Blowfish context structure
+ */
+typedef struct
+{
+    uint32_t P[MBEDTLS_BLOWFISH_ROUNDS + 2];    /*!<  Blowfish round keys    */
+    uint32_t S[4][256];                 /*!<  key dependent S-boxes  */
+}
+mbedtls_blowfish_context;
+
+/**
+ * \brief          Initialize Blowfish context
+ *
+ * \param ctx      Blowfish context to be initialized
+ */
+void mbedtls_blowfish_init( mbedtls_blowfish_context *ctx );
+
+/**
+ * \brief          Clear Blowfish context
+ *
+ * \param ctx      Blowfish context to be cleared
+ */
+void mbedtls_blowfish_free( mbedtls_blowfish_context *ctx );
+
+/**
+ * \brief          Blowfish key schedule
+ *
+ * \param ctx      Blowfish context to be initialized
+ * \param key      encryption key
+ * \param keybits  must be between 32 and 448 bits
+ *
+ * \return         0 if successful, or MBEDTLS_ERR_BLOWFISH_INVALID_KEY_LENGTH
+ */
+int mbedtls_blowfish_setkey( mbedtls_blowfish_context *ctx, const unsigned char *key,
+                     unsigned int keybits );
+
+/**
+ * \brief          Blowfish-ECB block encryption/decryption
+ *
+ * \param ctx      Blowfish context
+ * \param mode     MBEDTLS_BLOWFISH_ENCRYPT or MBEDTLS_BLOWFISH_DECRYPT
+ * \param input    8-byte input block
+ * \param output   8-byte output block
+ *
+ * \return         0 if successful
+ */
+int mbedtls_blowfish_crypt_ecb( mbedtls_blowfish_context *ctx,
+                        int mode,
+                        const unsigned char input[MBEDTLS_BLOWFISH_BLOCKSIZE],
+                        unsigned char output[MBEDTLS_BLOWFISH_BLOCKSIZE] );
+
+#if defined(MBEDTLS_CIPHER_MODE_CBC)
+/**
+ * \brief          Blowfish-CBC buffer encryption/decryption
+ *                 Length should be a multiple of the block
+ *                 size (8 bytes)
+ *
+ * \note           Upon exit, the content of the IV is updated so that you can
+ *                 call the function same function again on the following
+ *                 block(s) of data and get the same result as if it was
+ *                 encrypted in one call. This allows a "streaming" usage.
+ *                 If on the other hand you need to retain the contents of the
+ *                 IV, you should either save it manually or use the cipher
+ *                 module instead.
+ *
+ * \param ctx      Blowfish context
+ * \param mode     MBEDTLS_BLOWFISH_ENCRYPT or MBEDTLS_BLOWFISH_DECRYPT
+ * \param length   length of the input data
+ * \param iv       initialization vector (updated after use)
+ * \param input    buffer holding the input data
+ * \param output   buffer holding the output data
+ *
+ * \return         0 if successful, or
+ *                 MBEDTLS_ERR_BLOWFISH_INVALID_INPUT_LENGTH
+ */
+int mbedtls_blowfish_crypt_cbc( mbedtls_blowfish_context *ctx,
+                        int mode,
+                        size_t length,
+                        unsigned char iv[MBEDTLS_BLOWFISH_BLOCKSIZE],
+                        const unsigned char *input,
+                        unsigned char *output );
+#endif /* MBEDTLS_CIPHER_MODE_CBC */
+
+#if defined(MBEDTLS_CIPHER_MODE_CFB)
+/**
+ * \brief          Blowfish CFB buffer encryption/decryption.
+ *
+ * \note           Upon exit, the content of the IV is updated so that you can
+ *                 call the function same function again on the following
+ *                 block(s) of data and get the same result as if it was
+ *                 encrypted in one call. This allows a "streaming" usage.
+ *                 If on the other hand you need to retain the contents of the
+ *                 IV, you should either save it manually or use the cipher
+ *                 module instead.
+ *
+ * \param ctx      Blowfish context
+ * \param mode     MBEDTLS_BLOWFISH_ENCRYPT or MBEDTLS_BLOWFISH_DECRYPT
+ * \param length   length of the input data
+ * \param iv_off   offset in IV (updated after use)
+ * \param iv       initialization vector (updated after use)
+ * \param input    buffer holding the input data
+ * \param output   buffer holding the output data
+ *
+ * \return         0 if successful
+ */
+int mbedtls_blowfish_crypt_cfb64( mbedtls_blowfish_context *ctx,
+                          int mode,
+                          size_t length,
+                          size_t *iv_off,
+                          unsigned char iv[MBEDTLS_BLOWFISH_BLOCKSIZE],
+                          const unsigned char *input,
+                          unsigned char *output );
+#endif /*MBEDTLS_CIPHER_MODE_CFB */
+
+#if defined(MBEDTLS_CIPHER_MODE_CTR)
+/**
+ * \brief               Blowfish-CTR buffer encryption/decryption
+ *
+ * Warning: You have to keep the maximum use of your counter in mind!
+ *
+ * \param ctx           Blowfish context
+ * \param length        The length of the data
+ * \param nc_off        The offset in the current stream_block (for resuming
+ *                      within current cipher stream). The offset pointer to
+ *                      should be 0 at the start of a stream.
+ * \param nonce_counter The 64-bit nonce and counter.
+ * \param stream_block  The saved stream-block for resuming. Is overwritten
+ *                      by the function.
+ * \param input         The input data stream
+ * \param output        The output data stream
+ *
+ * \return         0 if successful
+ */
+int mbedtls_blowfish_crypt_ctr( mbedtls_blowfish_context *ctx,
+                        size_t length,
+                        size_t *nc_off,
+                        unsigned char nonce_counter[MBEDTLS_BLOWFISH_BLOCKSIZE],
+                        unsigned char stream_block[MBEDTLS_BLOWFISH_BLOCKSIZE],
+                        const unsigned char *input,
+                        unsigned char *output );
+#endif /* MBEDTLS_CIPHER_MODE_CTR */
+
+#ifdef __cplusplus
+}
+#endif
+
+#else  /* MBEDTLS_BLOWFISH_ALT */
+#include "blowfish_alt.h"
+#endif /* MBEDTLS_BLOWFISH_ALT */
+
+#endif /* blowfish.h */
diff --git a/client/3rd/ShadowSocks/ShadowSocks/mbedtls/include/bn_mul.h b/client/3rd/ShadowSocks/ShadowSocks/mbedtls/include/bn_mul.h
new file mode 100644
index 00000000..003f605b
--- /dev/null
+++ b/client/3rd/ShadowSocks/ShadowSocks/mbedtls/include/bn_mul.h
@@ -0,0 +1,875 @@
+/**
+ * \file bn_mul.h
+ *
+ * \brief  Multi-precision integer library
+ *
+ *  Copyright (C) 2006-2015, ARM Limited, All Rights Reserved
+ *  SPDX-License-Identifier: Apache-2.0
+ *
+ *  Licensed under the Apache License, Version 2.0 (the "License"); you may
+ *  not use this file except in compliance with the License.
+ *  You may obtain a copy of the License at
+ *
+ *  http://www.apache.org/licenses/LICENSE-2.0
+ *
+ *  Unless required by applicable law or agreed to in writing, software
+ *  distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
+ *  WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ *  See the License for the specific language governing permissions and
+ *  limitations under the License.
+ *
+ *  This file is part of mbed TLS (https://tls.mbed.org)
+ */
+/*
+ *      Multiply source vector [s] with b, add result
+ *       to destination vector [d] and set carry c.
+ *
+ *      Currently supports:
+ *
+ *         . IA-32 (386+)         . AMD64 / EM64T
+ *         . IA-32 (SSE2)         . Motorola 68000
+ *         . PowerPC, 32-bit      . MicroBlaze
+ *         . PowerPC, 64-bit      . TriCore
+ *         . SPARC v8             . ARM v3+
+ *         . Alpha                . MIPS32
+ *         . C, longlong          . C, generic
+ */
+#ifndef MBEDTLS_BN_MUL_H
+#define MBEDTLS_BN_MUL_H
+
+#include "bignum.h"
+
+#if defined(MBEDTLS_HAVE_ASM)
+
+#ifndef asm
+#define asm __asm
+#endif
+
+/* armcc5 --gnu defines __GNUC__ but doesn't support GNU's extended asm */
+#if defined(__GNUC__) && \
+    ( !defined(__ARMCC_VERSION) || __ARMCC_VERSION >= 6000000 )
+#if defined(__i386__)
+
+#define MULADDC_INIT                        \
+    asm(                                    \
+        "movl   %%ebx, %0           \n\t"   \
+        "movl   %5, %%esi           \n\t"   \
+        "movl   %6, %%edi           \n\t"   \
+        "movl   %7, %%ecx           \n\t"   \
+        "movl   %8, %%ebx           \n\t"
+
+#define MULADDC_CORE                        \
+        "lodsl                      \n\t"   \
+        "mull   %%ebx               \n\t"   \
+        "addl   %%ecx,   %%eax      \n\t"   \
+        "adcl   $0,      %%edx      \n\t"   \
+        "addl   (%%edi), %%eax      \n\t"   \
+        "adcl   $0,      %%edx      \n\t"   \
+        "movl   %%edx,   %%ecx      \n\t"   \
+        "stosl                      \n\t"
+
+#if defined(MBEDTLS_HAVE_SSE2)
+
+#define MULADDC_HUIT                            \
+        "movd     %%ecx,     %%mm1      \n\t"   \
+        "movd     %%ebx,     %%mm0      \n\t"   \
+        "movd     (%%edi),   %%mm3      \n\t"   \
+        "paddq    %%mm3,     %%mm1      \n\t"   \
+        "movd     (%%esi),   %%mm2      \n\t"   \
+        "pmuludq  %%mm0,     %%mm2      \n\t"   \
+        "movd     4(%%esi),  %%mm4      \n\t"   \
+        "pmuludq  %%mm0,     %%mm4      \n\t"   \
+        "movd     8(%%esi),  %%mm6      \n\t"   \
+        "pmuludq  %%mm0,     %%mm6      \n\t"   \
+        "movd     12(%%esi), %%mm7      \n\t"   \
+        "pmuludq  %%mm0,     %%mm7      \n\t"   \
+        "paddq    %%mm2,     %%mm1      \n\t"   \
+        "movd     4(%%edi),  %%mm3      \n\t"   \
+        "paddq    %%mm4,     %%mm3      \n\t"   \
+        "movd     8(%%edi),  %%mm5      \n\t"   \
+        "paddq    %%mm6,     %%mm5      \n\t"   \
+        "movd     12(%%edi), %%mm4      \n\t"   \
+        "paddq    %%mm4,     %%mm7      \n\t"   \
+        "movd     %%mm1,     (%%edi)    \n\t"   \
+        "movd     16(%%esi), %%mm2      \n\t"   \
+        "pmuludq  %%mm0,     %%mm2      \n\t"   \
+        "psrlq    $32,       %%mm1      \n\t"   \
+        "movd     20(%%esi), %%mm4      \n\t"   \
+        "pmuludq  %%mm0,     %%mm4      \n\t"   \
+        "paddq    %%mm3,     %%mm1      \n\t"   \
+        "movd     24(%%esi), %%mm6      \n\t"   \
+        "pmuludq  %%mm0,     %%mm6      \n\t"   \
+        "movd     %%mm1,     4(%%edi)   \n\t"   \
+        "psrlq    $32,       %%mm1      \n\t"   \
+        "movd     28(%%esi), %%mm3      \n\t"   \
+        "pmuludq  %%mm0,     %%mm3      \n\t"   \
+        "paddq    %%mm5,     %%mm1      \n\t"   \
+        "movd     16(%%edi), %%mm5      \n\t"   \
+        "paddq    %%mm5,     %%mm2      \n\t"   \
+        "movd     %%mm1,     8(%%edi)   \n\t"   \
+        "psrlq    $32,       %%mm1      \n\t"   \
+        "paddq    %%mm7,     %%mm1      \n\t"   \
+        "movd     20(%%edi), %%mm5      \n\t"   \
+        "paddq    %%mm5,     %%mm4      \n\t"   \
+        "movd     %%mm1,     12(%%edi)  \n\t"   \
+        "psrlq    $32,       %%mm1      \n\t"   \
+        "paddq    %%mm2,     %%mm1      \n\t"   \
+        "movd     24(%%edi), %%mm5      \n\t"   \
+        "paddq    %%mm5,     %%mm6      \n\t"   \
+        "movd     %%mm1,     16(%%edi)  \n\t"   \
+        "psrlq    $32,       %%mm1      \n\t"   \
+        "paddq    %%mm4,     %%mm1      \n\t"   \
+        "movd     28(%%edi), %%mm5      \n\t"   \
+        "paddq    %%mm5,     %%mm3      \n\t"   \
+        "movd     %%mm1,     20(%%edi)  \n\t"   \
+        "psrlq    $32,       %%mm1      \n\t"   \
+        "paddq    %%mm6,     %%mm1      \n\t"   \
+        "movd     %%mm1,     24(%%edi)  \n\t"   \
+        "psrlq    $32,       %%mm1      \n\t"   \
+        "paddq    %%mm3,     %%mm1      \n\t"   \
+        "movd     %%mm1,     28(%%edi)  \n\t"   \
+        "addl     $32,       %%edi      \n\t"   \
+        "addl     $32,       %%esi      \n\t"   \
+        "psrlq    $32,       %%mm1      \n\t"   \
+        "movd     %%mm1,     %%ecx      \n\t"
+
+#define MULADDC_STOP                    \
+        "emms                   \n\t"   \
+        "movl   %4, %%ebx       \n\t"   \
+        "movl   %%ecx, %1       \n\t"   \
+        "movl   %%edi, %2       \n\t"   \
+        "movl   %%esi, %3       \n\t"   \
+        : "=m" (t), "=m" (c), "=m" (d), "=m" (s)        \
+        : "m" (t), "m" (s), "m" (d), "m" (c), "m" (b)   \
+        : "eax", "ecx", "edx", "esi", "edi"             \
+    );
+
+#else
+
+#define MULADDC_STOP                    \
+        "movl   %4, %%ebx       \n\t"   \
+        "movl   %%ecx, %1       \n\t"   \
+        "movl   %%edi, %2       \n\t"   \
+        "movl   %%esi, %3       \n\t"   \
+        : "=m" (t), "=m" (c), "=m" (d), "=m" (s)        \
+        : "m" (t), "m" (s), "m" (d), "m" (c), "m" (b)   \
+        : "eax", "ecx", "edx", "esi", "edi"             \
+    );
+#endif /* SSE2 */
+#endif /* i386 */
+
+#if defined(__amd64__) || defined (__x86_64__)
+
+#define MULADDC_INIT                        \
+    asm(                                    \
+        "movq   %3, %%rsi           \n\t"   \
+        "movq   %4, %%rdi           \n\t"   \
+        "movq   %5, %%rcx           \n\t"   \
+        "movq   %6, %%rbx           \n\t"   \
+        "xorq   %%r8, %%r8          \n\t"
+
+#define MULADDC_CORE                        \
+        "movq   (%%rsi), %%rax      \n\t"   \
+        "mulq   %%rbx               \n\t"   \
+        "addq   $8,      %%rsi      \n\t"   \
+        "addq   %%rcx,   %%rax      \n\t"   \
+        "movq   %%r8,    %%rcx      \n\t"   \
+        "adcq   $0,      %%rdx      \n\t"   \
+        "nop                        \n\t"   \
+        "addq   %%rax,   (%%rdi)    \n\t"   \
+        "adcq   %%rdx,   %%rcx      \n\t"   \
+        "addq   $8,      %%rdi      \n\t"
+
+#define MULADDC_STOP                        \
+        "movq   %%rcx, %0           \n\t"   \
+        "movq   %%rdi, %1           \n\t"   \
+        "movq   %%rsi, %2           \n\t"   \
+        : "=m" (c), "=m" (d), "=m" (s)                      \
+        : "m" (s), "m" (d), "m" (c), "m" (b)                \
+        : "rax", "rcx", "rdx", "rbx", "rsi", "rdi", "r8"    \
+    );
+
+#endif /* AMD64 */
+
+#if defined(__mc68020__) || defined(__mcpu32__)
+
+#define MULADDC_INIT                    \
+    asm(                                \
+        "movl   %3, %%a2        \n\t"   \
+        "movl   %4, %%a3        \n\t"   \
+        "movl   %5, %%d3        \n\t"   \
+        "movl   %6, %%d2        \n\t"   \
+        "moveq  #0, %%d0        \n\t"
+
+#define MULADDC_CORE                    \
+        "movel  %%a2@+, %%d1    \n\t"   \
+        "mulul  %%d2, %%d4:%%d1 \n\t"   \
+        "addl   %%d3, %%d1      \n\t"   \
+        "addxl  %%d0, %%d4      \n\t"   \
+        "moveq  #0,   %%d3      \n\t"   \
+        "addl   %%d1, %%a3@+    \n\t"   \
+        "addxl  %%d4, %%d3      \n\t"
+
+#define MULADDC_STOP                    \
+        "movl   %%d3, %0        \n\t"   \
+        "movl   %%a3, %1        \n\t"   \
+        "movl   %%a2, %2        \n\t"   \
+        : "=m" (c), "=m" (d), "=m" (s)              \
+        : "m" (s), "m" (d), "m" (c), "m" (b)        \
+        : "d0", "d1", "d2", "d3", "d4", "a2", "a3"  \
+    );
+
+#define MULADDC_HUIT                        \
+        "movel  %%a2@+,  %%d1       \n\t"   \
+        "mulul  %%d2,    %%d4:%%d1  \n\t"   \
+        "addxl  %%d3,    %%d1       \n\t"   \
+        "addxl  %%d0,    %%d4       \n\t"   \
+        "addl   %%d1,    %%a3@+     \n\t"   \
+        "movel  %%a2@+,  %%d1       \n\t"   \
+        "mulul  %%d2,    %%d3:%%d1  \n\t"   \
+        "addxl  %%d4,    %%d1       \n\t"   \
+        "addxl  %%d0,    %%d3       \n\t"   \
+        "addl   %%d1,    %%a3@+     \n\t"   \
+        "movel  %%a2@+,  %%d1       \n\t"   \
+        "mulul  %%d2,    %%d4:%%d1  \n\t"   \
+        "addxl  %%d3,    %%d1       \n\t"   \
+        "addxl  %%d0,    %%d4       \n\t"   \
+        "addl   %%d1,    %%a3@+     \n\t"   \
+        "movel  %%a2@+,  %%d1       \n\t"   \
+        "mulul  %%d2,    %%d3:%%d1  \n\t"   \
+        "addxl  %%d4,    %%d1       \n\t"   \
+        "addxl  %%d0,    %%d3       \n\t"   \
+        "addl   %%d1,    %%a3@+     \n\t"   \
+        "movel  %%a2@+,  %%d1       \n\t"   \
+        "mulul  %%d2,    %%d4:%%d1  \n\t"   \
+        "addxl  %%d3,    %%d1       \n\t"   \
+        "addxl  %%d0,    %%d4       \n\t"   \
+        "addl   %%d1,    %%a3@+     \n\t"   \
+        "movel  %%a2@+,  %%d1       \n\t"   \
+        "mulul  %%d2,    %%d3:%%d1  \n\t"   \
+        "addxl  %%d4,    %%d1       \n\t"   \
+        "addxl  %%d0,    %%d3       \n\t"   \
+        "addl   %%d1,    %%a3@+     \n\t"   \
+        "movel  %%a2@+,  %%d1       \n\t"   \
+        "mulul  %%d2,    %%d4:%%d1  \n\t"   \
+        "addxl  %%d3,    %%d1       \n\t"   \
+        "addxl  %%d0,    %%d4       \n\t"   \
+        "addl   %%d1,    %%a3@+     \n\t"   \
+        "movel  %%a2@+,  %%d1       \n\t"   \
+        "mulul  %%d2,    %%d3:%%d1  \n\t"   \
+        "addxl  %%d4,    %%d1       \n\t"   \
+        "addxl  %%d0,    %%d3       \n\t"   \
+        "addl   %%d1,    %%a3@+     \n\t"   \
+        "addxl  %%d0,    %%d3       \n\t"
+
+#endif /* MC68000 */
+
+#if defined(__powerpc64__) || defined(__ppc64__)
+
+#if defined(__MACH__) && defined(__APPLE__)
+
+#define MULADDC_INIT                        \
+    asm(                                    \
+        "ld     r3, %3              \n\t"   \
+        "ld     r4, %4              \n\t"   \
+        "ld     r5, %5              \n\t"   \
+        "ld     r6, %6              \n\t"   \
+        "addi   r3, r3, -8          \n\t"   \
+        "addi   r4, r4, -8          \n\t"   \
+        "addic  r5, r5,  0          \n\t"
+
+#define MULADDC_CORE                        \
+        "ldu    r7, 8(r3)           \n\t"   \
+        "mulld  r8, r7, r6          \n\t"   \
+        "mulhdu r9, r7, r6          \n\t"   \
+        "adde   r8, r8, r5          \n\t"   \
+        "ld     r7, 8(r4)           \n\t"   \
+        "addze  r5, r9              \n\t"   \
+        "addc   r8, r8, r7          \n\t"   \
+        "stdu   r8, 8(r4)           \n\t"
+
+#define MULADDC_STOP                        \
+        "addze  r5, r5              \n\t"   \
+        "addi   r4, r4, 8           \n\t"   \
+        "addi   r3, r3, 8           \n\t"   \
+        "std    r5, %0              \n\t"   \
+        "std    r4, %1              \n\t"   \
+        "std    r3, %2              \n\t"   \
+        : "=m" (c), "=m" (d), "=m" (s)              \
+        : "m" (s), "m" (d), "m" (c), "m" (b)        \
+        : "r3", "r4", "r5", "r6", "r7", "r8", "r9"  \
+    );
+
+
+#else /* __MACH__ && __APPLE__ */
+
+#define MULADDC_INIT                        \
+    asm(                                    \
+        "ld     %%r3, %3            \n\t"   \
+        "ld     %%r4, %4            \n\t"   \
+        "ld     %%r5, %5            \n\t"   \
+        "ld     %%r6, %6            \n\t"   \
+        "addi   %%r3, %%r3, -8      \n\t"   \
+        "addi   %%r4, %%r4, -8      \n\t"   \
+        "addic  %%r5, %%r5,  0      \n\t"
+
+#define MULADDC_CORE                        \
+        "ldu    %%r7, 8(%%r3)       \n\t"   \
+        "mulld  %%r8, %%r7, %%r6    \n\t"   \
+        "mulhdu %%r9, %%r7, %%r6    \n\t"   \
+        "adde   %%r8, %%r8, %%r5    \n\t"   \
+        "ld     %%r7, 8(%%r4)       \n\t"   \
+        "addze  %%r5, %%r9          \n\t"   \
+        "addc   %%r8, %%r8, %%r7    \n\t"   \
+        "stdu   %%r8, 8(%%r4)       \n\t"
+
+#define MULADDC_STOP                        \
+        "addze  %%r5, %%r5          \n\t"   \
+        "addi   %%r4, %%r4, 8       \n\t"   \
+        "addi   %%r3, %%r3, 8       \n\t"   \
+        "std    %%r5, %0            \n\t"   \
+        "std    %%r4, %1            \n\t"   \
+        "std    %%r3, %2            \n\t"   \
+        : "=m" (c), "=m" (d), "=m" (s)              \
+        : "m" (s), "m" (d), "m" (c), "m" (b)        \
+        : "r3", "r4", "r5", "r6", "r7", "r8", "r9"  \
+    );
+
+#endif /* __MACH__ && __APPLE__ */
+
+#elif defined(__powerpc__) || defined(__ppc__) /* end PPC64/begin PPC32  */
+
+#if defined(__MACH__) && defined(__APPLE__)
+
+#define MULADDC_INIT                    \
+    asm(                                \
+        "lwz    r3, %3          \n\t"   \
+        "lwz    r4, %4          \n\t"   \
+        "lwz    r5, %5          \n\t"   \
+        "lwz    r6, %6          \n\t"   \
+        "addi   r3, r3, -4      \n\t"   \
+        "addi   r4, r4, -4      \n\t"   \
+        "addic  r5, r5,  0      \n\t"
+
+#define MULADDC_CORE                    \
+        "lwzu   r7, 4(r3)       \n\t"   \
+        "mullw  r8, r7, r6      \n\t"   \
+        "mulhwu r9, r7, r6      \n\t"   \
+        "adde   r8, r8, r5      \n\t"   \
+        "lwz    r7, 4(r4)       \n\t"   \
+        "addze  r5, r9          \n\t"   \
+        "addc   r8, r8, r7      \n\t"   \
+        "stwu   r8, 4(r4)       \n\t"
+
+#define MULADDC_STOP                    \
+        "addze  r5, r5          \n\t"   \
+        "addi   r4, r4, 4       \n\t"   \
+        "addi   r3, r3, 4       \n\t"   \
+        "stw    r5, %0          \n\t"   \
+        "stw    r4, %1          \n\t"   \
+        "stw    r3, %2          \n\t"   \
+        : "=m" (c), "=m" (d), "=m" (s)              \
+        : "m" (s), "m" (d), "m" (c), "m" (b)        \
+        : "r3", "r4", "r5", "r6", "r7", "r8", "r9"  \
+    );
+
+#else /* __MACH__ && __APPLE__ */
+
+#define MULADDC_INIT                        \
+    asm(                                    \
+        "lwz    %%r3, %3            \n\t"   \
+        "lwz    %%r4, %4            \n\t"   \
+        "lwz    %%r5, %5            \n\t"   \
+        "lwz    %%r6, %6            \n\t"   \
+        "addi   %%r3, %%r3, -4      \n\t"   \
+        "addi   %%r4, %%r4, -4      \n\t"   \
+        "addic  %%r5, %%r5,  0      \n\t"
+
+#define MULADDC_CORE                        \
+        "lwzu   %%r7, 4(%%r3)       \n\t"   \
+        "mullw  %%r8, %%r7, %%r6    \n\t"   \
+        "mulhwu %%r9, %%r7, %%r6    \n\t"   \
+        "adde   %%r8, %%r8, %%r5    \n\t"   \
+        "lwz    %%r7, 4(%%r4)       \n\t"   \
+        "addze  %%r5, %%r9          \n\t"   \
+        "addc   %%r8, %%r8, %%r7    \n\t"   \
+        "stwu   %%r8, 4(%%r4)       \n\t"
+
+#define MULADDC_STOP                        \
+        "addze  %%r5, %%r5          \n\t"   \
+        "addi   %%r4, %%r4, 4       \n\t"   \
+        "addi   %%r3, %%r3, 4       \n\t"   \
+        "stw    %%r5, %0            \n\t"   \
+        "stw    %%r4, %1            \n\t"   \
+        "stw    %%r3, %2            \n\t"   \
+        : "=m" (c), "=m" (d), "=m" (s)              \
+        : "m" (s), "m" (d), "m" (c), "m" (b)        \
+        : "r3", "r4", "r5", "r6", "r7", "r8", "r9"  \
+    );
+
+#endif /* __MACH__ && __APPLE__ */
+
+#endif /* PPC32 */
+
+/*
+ * The Sparc64 assembly is reported to be broken.
+ * Disable it for now, until we're able to fix it.
+ */
+#if 0 && defined(__sparc__) && defined(__sparc64__)
+
+#define MULADDC_INIT                                    \
+    asm(                                                \
+                "ldx     %3, %%o0               \n\t"   \
+                "ldx     %4, %%o1               \n\t"   \
+                "ld      %5, %%o2               \n\t"   \
+                "ld      %6, %%o3               \n\t"
+
+#define MULADDC_CORE                                    \
+                "ld      [%%o0], %%o4           \n\t"   \
+                "inc     4, %%o0                \n\t"   \
+                "ld      [%%o1], %%o5           \n\t"   \
+                "umul    %%o3, %%o4, %%o4       \n\t"   \
+                "addcc   %%o4, %%o2, %%o4       \n\t"   \
+                "rd      %%y, %%g1              \n\t"   \
+                "addx    %%g1, 0, %%g1          \n\t"   \
+                "addcc   %%o4, %%o5, %%o4       \n\t"   \
+                "st      %%o4, [%%o1]           \n\t"   \
+                "addx    %%g1, 0, %%o2          \n\t"   \
+                "inc     4, %%o1                \n\t"
+
+        #define MULADDC_STOP                            \
+                "st      %%o2, %0               \n\t"   \
+                "stx     %%o1, %1               \n\t"   \
+                "stx     %%o0, %2               \n\t"   \
+        : "=m" (c), "=m" (d), "=m" (s)          \
+        : "m" (s), "m" (d), "m" (c), "m" (b)    \
+        : "g1", "o0", "o1", "o2", "o3", "o4",   \
+          "o5"                                  \
+        );
+#endif /* SPARCv9 */
+
+#if defined(__sparc__) && !defined(__sparc64__)
+
+#define MULADDC_INIT                                    \
+    asm(                                                \
+                "ld      %3, %%o0               \n\t"   \
+                "ld      %4, %%o1               \n\t"   \
+                "ld      %5, %%o2               \n\t"   \
+                "ld      %6, %%o3               \n\t"
+
+#define MULADDC_CORE                                    \
+                "ld      [%%o0], %%o4           \n\t"   \
+                "inc     4, %%o0                \n\t"   \
+                "ld      [%%o1], %%o5           \n\t"   \
+                "umul    %%o3, %%o4, %%o4       \n\t"   \
+                "addcc   %%o4, %%o2, %%o4       \n\t"   \
+                "rd      %%y, %%g1              \n\t"   \
+                "addx    %%g1, 0, %%g1          \n\t"   \
+                "addcc   %%o4, %%o5, %%o4       \n\t"   \
+                "st      %%o4, [%%o1]           \n\t"   \
+                "addx    %%g1, 0, %%o2          \n\t"   \
+                "inc     4, %%o1                \n\t"
+
+#define MULADDC_STOP                                    \
+                "st      %%o2, %0               \n\t"   \
+                "st      %%o1, %1               \n\t"   \
+                "st      %%o0, %2               \n\t"   \
+        : "=m" (c), "=m" (d), "=m" (s)          \
+        : "m" (s), "m" (d), "m" (c), "m" (b)    \
+        : "g1", "o0", "o1", "o2", "o3", "o4",   \
+          "o5"                                  \
+        );
+
+#endif /* SPARCv8 */
+
+#if defined(__microblaze__) || defined(microblaze)
+
+#define MULADDC_INIT                    \
+    asm(                                \
+        "lwi   r3,   %3         \n\t"   \
+        "lwi   r4,   %4         \n\t"   \
+        "lwi   r5,   %5         \n\t"   \
+        "lwi   r6,   %6         \n\t"   \
+        "andi  r7,   r6, 0xffff \n\t"   \
+        "bsrli r6,   r6, 16     \n\t"
+
+#define MULADDC_CORE                    \
+        "lhui  r8,   r3,   0    \n\t"   \
+        "addi  r3,   r3,   2    \n\t"   \
+        "lhui  r9,   r3,   0    \n\t"   \
+        "addi  r3,   r3,   2    \n\t"   \
+        "mul   r10,  r9,  r6    \n\t"   \
+        "mul   r11,  r8,  r7    \n\t"   \
+        "mul   r12,  r9,  r7    \n\t"   \
+        "mul   r13,  r8,  r6    \n\t"   \
+        "bsrli  r8, r10,  16    \n\t"   \
+        "bsrli  r9, r11,  16    \n\t"   \
+        "add   r13, r13,  r8    \n\t"   \
+        "add   r13, r13,  r9    \n\t"   \
+        "bslli r10, r10,  16    \n\t"   \
+        "bslli r11, r11,  16    \n\t"   \
+        "add   r12, r12, r10    \n\t"   \
+        "addc  r13, r13,  r0    \n\t"   \
+        "add   r12, r12, r11    \n\t"   \
+        "addc  r13, r13,  r0    \n\t"   \
+        "lwi   r10,  r4,   0    \n\t"   \
+        "add   r12, r12, r10    \n\t"   \
+        "addc  r13, r13,  r0    \n\t"   \
+        "add   r12, r12,  r5    \n\t"   \
+        "addc   r5, r13,  r0    \n\t"   \
+        "swi   r12,  r4,   0    \n\t"   \
+        "addi   r4,  r4,   4    \n\t"
+
+#define MULADDC_STOP                    \
+        "swi   r5,   %0         \n\t"   \
+        "swi   r4,   %1         \n\t"   \
+        "swi   r3,   %2         \n\t"   \
+        : "=m" (c), "=m" (d), "=m" (s)              \
+        : "m" (s), "m" (d), "m" (c), "m" (b)        \
+        : "r3", "r4"  "r5", "r6", "r7", "r8",       \
+          "r9", "r10", "r11", "r12", "r13"          \
+    );
+
+#endif /* MicroBlaze */
+
+#if defined(__tricore__)
+
+#define MULADDC_INIT                            \
+    asm(                                        \
+        "ld.a   %%a2, %3                \n\t"   \
+        "ld.a   %%a3, %4                \n\t"   \
+        "ld.w   %%d4, %5                \n\t"   \
+        "ld.w   %%d1, %6                \n\t"   \
+        "xor    %%d5, %%d5              \n\t"
+
+#define MULADDC_CORE                            \
+        "ld.w   %%d0,   [%%a2+]         \n\t"   \
+        "madd.u %%e2, %%e4, %%d0, %%d1  \n\t"   \
+        "ld.w   %%d0,   [%%a3]          \n\t"   \
+        "addx   %%d2,    %%d2,  %%d0    \n\t"   \
+        "addc   %%d3,    %%d3,    0     \n\t"   \
+        "mov    %%d4,    %%d3           \n\t"   \
+        "st.w  [%%a3+],  %%d2           \n\t"
+
+#define MULADDC_STOP                            \
+        "st.w   %0, %%d4                \n\t"   \
+        "st.a   %1, %%a3                \n\t"   \
+        "st.a   %2, %%a2                \n\t"   \
+        : "=m" (c), "=m" (d), "=m" (s)          \
+        : "m" (s), "m" (d), "m" (c), "m" (b)    \
+        : "d0", "d1", "e2", "d4", "a2", "a3"    \
+    );
+
+#endif /* TriCore */
+
+#if defined(__arm__)
+
+#if defined(__thumb__) && !defined(__thumb2__)
+
+#define MULADDC_INIT                                    \
+    asm(                                                \
+            "ldr    r0, %3                      \n\t"   \
+            "ldr    r1, %4                      \n\t"   \
+            "ldr    r2, %5                      \n\t"   \
+            "ldr    r3, %6                      \n\t"   \
+            "lsr    r7, r3, #16                 \n\t"   \
+            "mov    r9, r7                      \n\t"   \
+            "lsl    r7, r3, #16                 \n\t"   \
+            "lsr    r7, r7, #16                 \n\t"   \
+            "mov    r8, r7                      \n\t"
+
+#define MULADDC_CORE                                    \
+            "ldmia  r0!, {r6}                   \n\t"   \
+            "lsr    r7, r6, #16                 \n\t"   \
+            "lsl    r6, r6, #16                 \n\t"   \
+            "lsr    r6, r6, #16                 \n\t"   \
+            "mov    r4, r8                      \n\t"   \
+            "mul    r4, r6                      \n\t"   \
+            "mov    r3, r9                      \n\t"   \
+            "mul    r6, r3                      \n\t"   \
+            "mov    r5, r9                      \n\t"   \
+            "mul    r5, r7                      \n\t"   \
+            "mov    r3, r8                      \n\t"   \
+            "mul    r7, r3                      \n\t"   \
+            "lsr    r3, r6, #16                 \n\t"   \
+            "add    r5, r5, r3                  \n\t"   \
+            "lsr    r3, r7, #16                 \n\t"   \
+            "add    r5, r5, r3                  \n\t"   \
+            "add    r4, r4, r2                  \n\t"   \
+            "mov    r2, #0                      \n\t"   \
+            "adc    r5, r2                      \n\t"   \
+            "lsl    r3, r6, #16                 \n\t"   \
+            "add    r4, r4, r3                  \n\t"   \
+            "adc    r5, r2                      \n\t"   \
+            "lsl    r3, r7, #16                 \n\t"   \
+            "add    r4, r4, r3                  \n\t"   \
+            "adc    r5, r2                      \n\t"   \
+            "ldr    r3, [r1]                    \n\t"   \
+            "add    r4, r4, r3                  \n\t"   \
+            "adc    r2, r5                      \n\t"   \
+            "stmia  r1!, {r4}                   \n\t"
+
+#define MULADDC_STOP                                    \
+            "str    r2, %0                      \n\t"   \
+            "str    r1, %1                      \n\t"   \
+            "str    r0, %2                      \n\t"   \
+         : "=m" (c),  "=m" (d), "=m" (s)        \
+         : "m" (s), "m" (d), "m" (c), "m" (b)   \
+         : "r0", "r1", "r2", "r3", "r4", "r5",  \
+           "r6", "r7", "r8", "r9", "cc"         \
+         );
+
+#else
+
+#define MULADDC_INIT                                    \
+    asm(                                                \
+            "ldr    r0, %3                      \n\t"   \
+            "ldr    r1, %4                      \n\t"   \
+            "ldr    r2, %5                      \n\t"   \
+            "ldr    r3, %6                      \n\t"
+
+#define MULADDC_CORE                                    \
+            "ldr    r4, [r0], #4                \n\t"   \
+            "mov    r5, #0                      \n\t"   \
+            "ldr    r6, [r1]                    \n\t"   \
+            "umlal  r2, r5, r3, r4              \n\t"   \
+            "adds   r7, r6, r2                  \n\t"   \
+            "adc    r2, r5, #0                  \n\t"   \
+            "str    r7, [r1], #4                \n\t"
+
+#define MULADDC_STOP                                    \
+            "str    r2, %0                      \n\t"   \
+            "str    r1, %1                      \n\t"   \
+            "str    r0, %2                      \n\t"   \
+         : "=m" (c),  "=m" (d), "=m" (s)        \
+         : "m" (s), "m" (d), "m" (c), "m" (b)   \
+         : "r0", "r1", "r2", "r3", "r4", "r5",  \
+           "r6", "r7", "cc"                     \
+         );
+
+#endif /* Thumb */
+
+#endif /* ARMv3 */
+
+#if defined(__alpha__)
+
+#define MULADDC_INIT                    \
+    asm(                                \
+        "ldq    $1, %3          \n\t"   \
+        "ldq    $2, %4          \n\t"   \
+        "ldq    $3, %5          \n\t"   \
+        "ldq    $4, %6          \n\t"
+
+#define MULADDC_CORE                    \
+        "ldq    $6,  0($1)      \n\t"   \
+        "addq   $1,  8, $1      \n\t"   \
+        "mulq   $6, $4, $7      \n\t"   \
+        "umulh  $6, $4, $6      \n\t"   \
+        "addq   $7, $3, $7      \n\t"   \
+        "cmpult $7, $3, $3      \n\t"   \
+        "ldq    $5,  0($2)      \n\t"   \
+        "addq   $7, $5, $7      \n\t"   \
+        "cmpult $7, $5, $5      \n\t"   \
+        "stq    $7,  0($2)      \n\t"   \
+        "addq   $2,  8, $2      \n\t"   \
+        "addq   $6, $3, $3      \n\t"   \
+        "addq   $5, $3, $3      \n\t"
+
+#define MULADDC_STOP                                    \
+        "stq    $3, %0          \n\t"   \
+        "stq    $2, %1          \n\t"   \
+        "stq    $1, %2          \n\t"   \
+        : "=m" (c), "=m" (d), "=m" (s)              \
+        : "m" (s), "m" (d), "m" (c), "m" (b)        \
+        : "$1", "$2", "$3", "$4", "$5", "$6", "$7"  \
+    );
+#endif /* Alpha */
+
+#if defined(__mips__) && !defined(__mips64)
+
+#define MULADDC_INIT                    \
+    asm(                                \
+        "lw     $10, %3         \n\t"   \
+        "lw     $11, %4         \n\t"   \
+        "lw     $12, %5         \n\t"   \
+        "lw     $13, %6         \n\t"
+
+#define MULADDC_CORE                    \
+        "lw     $14, 0($10)     \n\t"   \
+        "multu  $13, $14        \n\t"   \
+        "addi   $10, $10, 4     \n\t"   \
+        "mflo   $14             \n\t"   \
+        "mfhi   $9              \n\t"   \
+        "addu   $14, $12, $14   \n\t"   \
+        "lw     $15, 0($11)     \n\t"   \
+        "sltu   $12, $14, $12   \n\t"   \
+        "addu   $15, $14, $15   \n\t"   \
+        "sltu   $14, $15, $14   \n\t"   \
+        "addu   $12, $12, $9    \n\t"   \
+        "sw     $15, 0($11)     \n\t"   \
+        "addu   $12, $12, $14   \n\t"   \
+        "addi   $11, $11, 4     \n\t"
+
+#define MULADDC_STOP                    \
+        "sw     $12, %0         \n\t"   \
+        "sw     $11, %1         \n\t"   \
+        "sw     $10, %2         \n\t"   \
+        : "=m" (c), "=m" (d), "=m" (s)                      \
+        : "m" (s), "m" (d), "m" (c), "m" (b)                \
+        : "$9", "$10", "$11", "$12", "$13", "$14", "$15"    \
+    );
+
+#endif /* MIPS */
+#endif /* GNUC */
+
+#if (defined(_MSC_VER) && defined(_M_IX86)) || defined(__WATCOMC__)
+
+#define MULADDC_INIT                            \
+    __asm   mov     esi, s                      \
+    __asm   mov     edi, d                      \
+    __asm   mov     ecx, c                      \
+    __asm   mov     ebx, b
+
+#define MULADDC_CORE                            \
+    __asm   lodsd                               \
+    __asm   mul     ebx                         \
+    __asm   add     eax, ecx                    \
+    __asm   adc     edx, 0                      \
+    __asm   add     eax, [edi]                  \
+    __asm   adc     edx, 0                      \
+    __asm   mov     ecx, edx                    \
+    __asm   stosd
+
+#if defined(MBEDTLS_HAVE_SSE2)
+
+#define EMIT __asm _emit
+
+#define MULADDC_HUIT                            \
+    EMIT 0x0F  EMIT 0x6E  EMIT 0xC9             \
+    EMIT 0x0F  EMIT 0x6E  EMIT 0xC3             \
+    EMIT 0x0F  EMIT 0x6E  EMIT 0x1F             \
+    EMIT 0x0F  EMIT 0xD4  EMIT 0xCB             \
+    EMIT 0x0F  EMIT 0x6E  EMIT 0x16             \
+    EMIT 0x0F  EMIT 0xF4  EMIT 0xD0             \
+    EMIT 0x0F  EMIT 0x6E  EMIT 0x66  EMIT 0x04  \
+    EMIT 0x0F  EMIT 0xF4  EMIT 0xE0             \
+    EMIT 0x0F  EMIT 0x6E  EMIT 0x76  EMIT 0x08  \
+    EMIT 0x0F  EMIT 0xF4  EMIT 0xF0             \
+    EMIT 0x0F  EMIT 0x6E  EMIT 0x7E  EMIT 0x0C  \
+    EMIT 0x0F  EMIT 0xF4  EMIT 0xF8             \
+    EMIT 0x0F  EMIT 0xD4  EMIT 0xCA             \
+    EMIT 0x0F  EMIT 0x6E  EMIT 0x5F  EMIT 0x04  \
+    EMIT 0x0F  EMIT 0xD4  EMIT 0xDC             \
+    EMIT 0x0F  EMIT 0x6E  EMIT 0x6F  EMIT 0x08  \
+    EMIT 0x0F  EMIT 0xD4  EMIT 0xEE             \
+    EMIT 0x0F  EMIT 0x6E  EMIT 0x67  EMIT 0x0C  \
+    EMIT 0x0F  EMIT 0xD4  EMIT 0xFC             \
+    EMIT 0x0F  EMIT 0x7E  EMIT 0x0F             \
+    EMIT 0x0F  EMIT 0x6E  EMIT 0x56  EMIT 0x10  \
+    EMIT 0x0F  EMIT 0xF4  EMIT 0xD0             \
+    EMIT 0x0F  EMIT 0x73  EMIT 0xD1  EMIT 0x20  \
+    EMIT 0x0F  EMIT 0x6E  EMIT 0x66  EMIT 0x14  \
+    EMIT 0x0F  EMIT 0xF4  EMIT 0xE0             \
+    EMIT 0x0F  EMIT 0xD4  EMIT 0xCB             \
+    EMIT 0x0F  EMIT 0x6E  EMIT 0x76  EMIT 0x18  \
+    EMIT 0x0F  EMIT 0xF4  EMIT 0xF0             \
+    EMIT 0x0F  EMIT 0x7E  EMIT 0x4F  EMIT 0x04  \
+    EMIT 0x0F  EMIT 0x73  EMIT 0xD1  EMIT 0x20  \
+    EMIT 0x0F  EMIT 0x6E  EMIT 0x5E  EMIT 0x1C  \
+    EMIT 0x0F  EMIT 0xF4  EMIT 0xD8             \
+    EMIT 0x0F  EMIT 0xD4  EMIT 0xCD             \
+    EMIT 0x0F  EMIT 0x6E  EMIT 0x6F  EMIT 0x10  \
+    EMIT 0x0F  EMIT 0xD4  EMIT 0xD5             \
+    EMIT 0x0F  EMIT 0x7E  EMIT 0x4F  EMIT 0x08  \
+    EMIT 0x0F  EMIT 0x73  EMIT 0xD1  EMIT 0x20  \
+    EMIT 0x0F  EMIT 0xD4  EMIT 0xCF             \
+    EMIT 0x0F  EMIT 0x6E  EMIT 0x6F  EMIT 0x14  \
+    EMIT 0x0F  EMIT 0xD4  EMIT 0xE5             \
+    EMIT 0x0F  EMIT 0x7E  EMIT 0x4F  EMIT 0x0C  \
+    EMIT 0x0F  EMIT 0x73  EMIT 0xD1  EMIT 0x20  \
+    EMIT 0x0F  EMIT 0xD4  EMIT 0xCA             \
+    EMIT 0x0F  EMIT 0x6E  EMIT 0x6F  EMIT 0x18  \
+    EMIT 0x0F  EMIT 0xD4  EMIT 0xF5             \
+    EMIT 0x0F  EMIT 0x7E  EMIT 0x4F  EMIT 0x10  \
+    EMIT 0x0F  EMIT 0x73  EMIT 0xD1  EMIT 0x20  \
+    EMIT 0x0F  EMIT 0xD4  EMIT 0xCC             \
+    EMIT 0x0F  EMIT 0x6E  EMIT 0x6F  EMIT 0x1C  \
+    EMIT 0x0F  EMIT 0xD4  EMIT 0xDD             \
+    EMIT 0x0F  EMIT 0x7E  EMIT 0x4F  EMIT 0x14  \
+    EMIT 0x0F  EMIT 0x73  EMIT 0xD1  EMIT 0x20  \
+    EMIT 0x0F  EMIT 0xD4  EMIT 0xCE             \
+    EMIT 0x0F  EMIT 0x7E  EMIT 0x4F  EMIT 0x18  \
+    EMIT 0x0F  EMIT 0x73  EMIT 0xD1  EMIT 0x20  \
+    EMIT 0x0F  EMIT 0xD4  EMIT 0xCB             \
+    EMIT 0x0F  EMIT 0x7E  EMIT 0x4F  EMIT 0x1C  \
+    EMIT 0x83  EMIT 0xC7  EMIT 0x20             \
+    EMIT 0x83  EMIT 0xC6  EMIT 0x20             \
+    EMIT 0x0F  EMIT 0x73  EMIT 0xD1  EMIT 0x20  \
+    EMIT 0x0F  EMIT 0x7E  EMIT 0xC9
+
+#define MULADDC_STOP                            \
+    EMIT 0x0F  EMIT 0x77                        \
+    __asm   mov     c, ecx                      \
+    __asm   mov     d, edi                      \
+    __asm   mov     s, esi                      \
+
+#else
+
+#define MULADDC_STOP                            \
+    __asm   mov     c, ecx                      \
+    __asm   mov     d, edi                      \
+    __asm   mov     s, esi                      \
+
+#endif /* SSE2 */
+#endif /* MSVC */
+
+#endif /* MBEDTLS_HAVE_ASM */
+
+#if !defined(MULADDC_CORE)
+#if defined(MBEDTLS_HAVE_UDBL)
+
+#define MULADDC_INIT                    \
+{                                       \
+    mbedtls_t_udbl r;                           \
+    mbedtls_mpi_uint r0, r1;
+
+#define MULADDC_CORE                    \
+    r   = *(s++) * (mbedtls_t_udbl) b;          \
+    r0  = (mbedtls_mpi_uint) r;                   \
+    r1  = (mbedtls_mpi_uint)( r >> biL );         \
+    r0 += c;  r1 += (r0 <  c);          \
+    r0 += *d; r1 += (r0 < *d);          \
+    c = r1; *(d++) = r0;
+
+#define MULADDC_STOP                    \
+}
+
+#else
+#define MULADDC_INIT                    \
+{                                       \
+    mbedtls_mpi_uint s0, s1, b0, b1;              \
+    mbedtls_mpi_uint r0, r1, rx, ry;              \
+    b0 = ( b << biH ) >> biH;           \
+    b1 = ( b >> biH );
+
+#define MULADDC_CORE                    \
+    s0 = ( *s << biH ) >> biH;          \
+    s1 = ( *s >> biH ); s++;            \
+    rx = s0 * b1; r0 = s0 * b0;         \
+    ry = s1 * b0; r1 = s1 * b1;         \
+    r1 += ( rx >> biH );                \
+    r1 += ( ry >> biH );                \
+    rx <<= biH; ry <<= biH;             \
+    r0 += rx; r1 += (r0 < rx);          \
+    r0 += ry; r1 += (r0 < ry);          \
+    r0 +=  c; r1 += (r0 <  c);          \
+    r0 += *d; r1 += (r0 < *d);          \
+    c = r1; *(d++) = r0;
+
+#define MULADDC_STOP                    \
+}
+
+#endif /* C (generic)  */
+#endif /* C (longlong) */
+
+#endif /* bn_mul.h */
diff --git a/client/3rd/ShadowSocks/ShadowSocks/mbedtls/include/camellia.h b/client/3rd/ShadowSocks/ShadowSocks/mbedtls/include/camellia.h
new file mode 100644
index 00000000..0424d623
--- /dev/null
+++ b/client/3rd/ShadowSocks/ShadowSocks/mbedtls/include/camellia.h
@@ -0,0 +1,235 @@
+/**
+ * \file camellia.h
+ *
+ * \brief Camellia block cipher
+ *
+ *  Copyright (C) 2006-2015, ARM Limited, All Rights Reserved
+ *  SPDX-License-Identifier: Apache-2.0
+ *
+ *  Licensed under the Apache License, Version 2.0 (the "License"); you may
+ *  not use this file except in compliance with the License.
+ *  You may obtain a copy of the License at
+ *
+ *  http://www.apache.org/licenses/LICENSE-2.0
+ *
+ *  Unless required by applicable law or agreed to in writing, software
+ *  distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
+ *  WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ *  See the License for the specific language governing permissions and
+ *  limitations under the License.
+ *
+ *  This file is part of mbed TLS (https://tls.mbed.org)
+ */
+#ifndef MBEDTLS_CAMELLIA_H
+#define MBEDTLS_CAMELLIA_H
+
+#if !defined(MBEDTLS_CONFIG_FILE)
+#include "config.h"
+#else
+#include MBEDTLS_CONFIG_FILE
+#endif
+
+#include <stddef.h>
+#include <stdint.h>
+
+#define MBEDTLS_CAMELLIA_ENCRYPT     1
+#define MBEDTLS_CAMELLIA_DECRYPT     0
+
+#define MBEDTLS_ERR_CAMELLIA_INVALID_KEY_LENGTH           -0x0024  /**< Invalid key length. */
+#define MBEDTLS_ERR_CAMELLIA_INVALID_INPUT_LENGTH         -0x0026  /**< Invalid data input length. */
+
+#if !defined(MBEDTLS_CAMELLIA_ALT)
+// Regular implementation
+//
+
+#ifdef __cplusplus
+extern "C" {
+#endif
+
+/**
+ * \brief          CAMELLIA context structure
+ */
+typedef struct
+{
+    int nr;                     /*!<  number of rounds  */
+    uint32_t rk[68];            /*!<  CAMELLIA round keys    */
+}
+mbedtls_camellia_context;
+
+/**
+ * \brief          Initialize CAMELLIA context
+ *
+ * \param ctx      CAMELLIA context to be initialized
+ */
+void mbedtls_camellia_init( mbedtls_camellia_context *ctx );
+
+/**
+ * \brief          Clear CAMELLIA context
+ *
+ * \param ctx      CAMELLIA context to be cleared
+ */
+void mbedtls_camellia_free( mbedtls_camellia_context *ctx );
+
+/**
+ * \brief          CAMELLIA key schedule (encryption)
+ *
+ * \param ctx      CAMELLIA context to be initialized
+ * \param key      encryption key
+ * \param keybits  must be 128, 192 or 256
+ *
+ * \return         0 if successful, or MBEDTLS_ERR_CAMELLIA_INVALID_KEY_LENGTH
+ */
+int mbedtls_camellia_setkey_enc( mbedtls_camellia_context *ctx, const unsigned char *key,
+                         unsigned int keybits );
+
+/**
+ * \brief          CAMELLIA key schedule (decryption)
+ *
+ * \param ctx      CAMELLIA context to be initialized
+ * \param key      decryption key
+ * \param keybits  must be 128, 192 or 256
+ *
+ * \return         0 if successful, or MBEDTLS_ERR_CAMELLIA_INVALID_KEY_LENGTH
+ */
+int mbedtls_camellia_setkey_dec( mbedtls_camellia_context *ctx, const unsigned char *key,
+                         unsigned int keybits );
+
+/**
+ * \brief          CAMELLIA-ECB block encryption/decryption
+ *
+ * \param ctx      CAMELLIA context
+ * \param mode     MBEDTLS_CAMELLIA_ENCRYPT or MBEDTLS_CAMELLIA_DECRYPT
+ * \param input    16-byte input block
+ * \param output   16-byte output block
+ *
+ * \return         0 if successful
+ */
+int mbedtls_camellia_crypt_ecb( mbedtls_camellia_context *ctx,
+                    int mode,
+                    const unsigned char input[16],
+                    unsigned char output[16] );
+
+#if defined(MBEDTLS_CIPHER_MODE_CBC)
+/**
+ * \brief          CAMELLIA-CBC buffer encryption/decryption
+ *                 Length should be a multiple of the block
+ *                 size (16 bytes)
+ *
+ * \note           Upon exit, the content of the IV is updated so that you can
+ *                 call the function same function again on the following
+ *                 block(s) of data and get the same result as if it was
+ *                 encrypted in one call. This allows a "streaming" usage.
+ *                 If on the other hand you need to retain the contents of the
+ *                 IV, you should either save it manually or use the cipher
+ *                 module instead.
+ *
+ * \param ctx      CAMELLIA context
+ * \param mode     MBEDTLS_CAMELLIA_ENCRYPT or MBEDTLS_CAMELLIA_DECRYPT
+ * \param length   length of the input data
+ * \param iv       initialization vector (updated after use)
+ * \param input    buffer holding the input data
+ * \param output   buffer holding the output data
+ *
+ * \return         0 if successful, or
+ *                 MBEDTLS_ERR_CAMELLIA_INVALID_INPUT_LENGTH
+ */
+int mbedtls_camellia_crypt_cbc( mbedtls_camellia_context *ctx,
+                    int mode,
+                    size_t length,
+                    unsigned char iv[16],
+                    const unsigned char *input,
+                    unsigned char *output );
+#endif /* MBEDTLS_CIPHER_MODE_CBC */
+
+#if defined(MBEDTLS_CIPHER_MODE_CFB)
+/**
+ * \brief          CAMELLIA-CFB128 buffer encryption/decryption
+ *
+ * Note: Due to the nature of CFB you should use the same key schedule for
+ * both encryption and decryption. So a context initialized with
+ * mbedtls_camellia_setkey_enc() for both MBEDTLS_CAMELLIA_ENCRYPT and CAMELLIE_DECRYPT.
+ *
+ * \note           Upon exit, the content of the IV is updated so that you can
+ *                 call the function same function again on the following
+ *                 block(s) of data and get the same result as if it was
+ *                 encrypted in one call. This allows a "streaming" usage.
+ *                 If on the other hand you need to retain the contents of the
+ *                 IV, you should either save it manually or use the cipher
+ *                 module instead.
+ *
+ * \param ctx      CAMELLIA context
+ * \param mode     MBEDTLS_CAMELLIA_ENCRYPT or MBEDTLS_CAMELLIA_DECRYPT
+ * \param length   length of the input data
+ * \param iv_off   offset in IV (updated after use)
+ * \param iv       initialization vector (updated after use)
+ * \param input    buffer holding the input data
+ * \param output   buffer holding the output data
+ *
+ * \return         0 if successful, or
+ *                 MBEDTLS_ERR_CAMELLIA_INVALID_INPUT_LENGTH
+ */
+int mbedtls_camellia_crypt_cfb128( mbedtls_camellia_context *ctx,
+                       int mode,
+                       size_t length,
+                       size_t *iv_off,
+                       unsigned char iv[16],
+                       const unsigned char *input,
+                       unsigned char *output );
+#endif /* MBEDTLS_CIPHER_MODE_CFB */
+
+#if defined(MBEDTLS_CIPHER_MODE_CTR)
+/**
+ * \brief               CAMELLIA-CTR buffer encryption/decryption
+ *
+ * Warning: You have to keep the maximum use of your counter in mind!
+ *
+ * Note: Due to the nature of CTR you should use the same key schedule for
+ * both encryption and decryption. So a context initialized with
+ * mbedtls_camellia_setkey_enc() for both MBEDTLS_CAMELLIA_ENCRYPT and MBEDTLS_CAMELLIA_DECRYPT.
+ *
+ * \param ctx           CAMELLIA context
+ * \param length        The length of the data
+ * \param nc_off        The offset in the current stream_block (for resuming
+ *                      within current cipher stream). The offset pointer to
+ *                      should be 0 at the start of a stream.
+ * \param nonce_counter The 128-bit nonce and counter.
+ * \param stream_block  The saved stream-block for resuming. Is overwritten
+ *                      by the function.
+ * \param input         The input data stream
+ * \param output        The output data stream
+ *
+ * \return         0 if successful
+ */
+int mbedtls_camellia_crypt_ctr( mbedtls_camellia_context *ctx,
+                       size_t length,
+                       size_t *nc_off,
+                       unsigned char nonce_counter[16],
+                       unsigned char stream_block[16],
+                       const unsigned char *input,
+                       unsigned char *output );
+#endif /* MBEDTLS_CIPHER_MODE_CTR */
+
+#ifdef __cplusplus
+}
+#endif
+
+#else  /* MBEDTLS_CAMELLIA_ALT */
+#include "camellia_alt.h"
+#endif /* MBEDTLS_CAMELLIA_ALT */
+
+#ifdef __cplusplus
+extern "C" {
+#endif
+
+/**
+ * \brief          Checkup routine
+ *
+ * \return         0 if successful, or 1 if the test failed
+ */
+int mbedtls_camellia_self_test( int verbose );
+
+#ifdef __cplusplus
+}
+#endif
+
+#endif /* camellia.h */
diff --git a/client/3rd/ShadowSocks/ShadowSocks/mbedtls/include/ccm.h b/client/3rd/ShadowSocks/ShadowSocks/mbedtls/include/ccm.h
new file mode 100644
index 00000000..ef75839b
--- /dev/null
+++ b/client/3rd/ShadowSocks/ShadowSocks/mbedtls/include/ccm.h
@@ -0,0 +1,141 @@
+/**
+ * \file ccm.h
+ *
+ * \brief Counter with CBC-MAC (CCM) for 128-bit block ciphers
+ *
+ *  Copyright (C) 2006-2015, ARM Limited, All Rights Reserved
+ *  SPDX-License-Identifier: Apache-2.0
+ *
+ *  Licensed under the Apache License, Version 2.0 (the "License"); you may
+ *  not use this file except in compliance with the License.
+ *  You may obtain a copy of the License at
+ *
+ *  http://www.apache.org/licenses/LICENSE-2.0
+ *
+ *  Unless required by applicable law or agreed to in writing, software
+ *  distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
+ *  WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ *  See the License for the specific language governing permissions and
+ *  limitations under the License.
+ *
+ *  This file is part of mbed TLS (https://tls.mbed.org)
+ */
+#ifndef MBEDTLS_CCM_H
+#define MBEDTLS_CCM_H
+
+#include "cipher.h"
+
+#define MBEDTLS_ERR_CCM_BAD_INPUT      -0x000D /**< Bad input parameters to function. */
+#define MBEDTLS_ERR_CCM_AUTH_FAILED    -0x000F /**< Authenticated decryption failed. */
+
+#ifdef __cplusplus
+extern "C" {
+#endif
+
+/**
+ * \brief          CCM context structure
+ */
+typedef struct {
+    mbedtls_cipher_context_t cipher_ctx;    /*!< cipher context used */
+}
+mbedtls_ccm_context;
+
+/**
+ * \brief           Initialize CCM context (just makes references valid)
+ *                  Makes the context ready for mbedtls_ccm_setkey() or
+ *                  mbedtls_ccm_free().
+ *
+ * \param ctx       CCM context to initialize
+ */
+void mbedtls_ccm_init( mbedtls_ccm_context *ctx );
+
+/**
+ * \brief           CCM initialization (encryption and decryption)
+ *
+ * \param ctx       CCM context to be initialized
+ * \param cipher    cipher to use (a 128-bit block cipher)
+ * \param key       encryption key
+ * \param keybits   key size in bits (must be acceptable by the cipher)
+ *
+ * \return          0 if successful, or a cipher specific error code
+ */
+int mbedtls_ccm_setkey( mbedtls_ccm_context *ctx,
+                        mbedtls_cipher_id_t cipher,
+                        const unsigned char *key,
+                        unsigned int keybits );
+
+/**
+ * \brief           Free a CCM context and underlying cipher sub-context
+ *
+ * \param ctx       CCM context to free
+ */
+void mbedtls_ccm_free( mbedtls_ccm_context *ctx );
+
+/**
+ * \brief           CCM buffer encryption
+ *
+ * \param ctx       CCM context
+ * \param length    length of the input data in bytes
+ * \param iv        nonce (initialization vector)
+ * \param iv_len    length of IV in bytes
+ *                  must be 2, 3, 4, 5, 6, 7 or 8
+ * \param add       additional data
+ * \param add_len   length of additional data in bytes
+ *                  must be less than 2^16 - 2^8
+ * \param input     buffer holding the input data
+ * \param output    buffer for holding the output data
+ *                  must be at least 'length' bytes wide
+ * \param tag       buffer for holding the tag
+ * \param tag_len   length of the tag to generate in bytes
+ *                  must be 4, 6, 8, 10, 14 or 16
+ *
+ * \note            The tag is written to a separate buffer. To get the tag
+ *                  concatenated with the output as in the CCM spec, use
+ *                  tag = output + length and make sure the output buffer is
+ *                  at least length + tag_len wide.
+ *
+ * \return          0 if successful
+ */
+int mbedtls_ccm_encrypt_and_tag( mbedtls_ccm_context *ctx, size_t length,
+                         const unsigned char *iv, size_t iv_len,
+                         const unsigned char *add, size_t add_len,
+                         const unsigned char *input, unsigned char *output,
+                         unsigned char *tag, size_t tag_len );
+
+/**
+ * \brief           CCM buffer authenticated decryption
+ *
+ * \param ctx       CCM context
+ * \param length    length of the input data
+ * \param iv        initialization vector
+ * \param iv_len    length of IV
+ * \param add       additional data
+ * \param add_len   length of additional data
+ * \param input     buffer holding the input data
+ * \param output    buffer for holding the output data
+ * \param tag       buffer holding the tag
+ * \param tag_len   length of the tag
+ *
+ * \return         0 if successful and authenticated,
+ *                 MBEDTLS_ERR_CCM_AUTH_FAILED if tag does not match
+ */
+int mbedtls_ccm_auth_decrypt( mbedtls_ccm_context *ctx, size_t length,
+                      const unsigned char *iv, size_t iv_len,
+                      const unsigned char *add, size_t add_len,
+                      const unsigned char *input, unsigned char *output,
+                      const unsigned char *tag, size_t tag_len );
+
+#if defined(MBEDTLS_SELF_TEST) && defined(MBEDTLS_AES_C)
+/**
+ * \brief          Checkup routine
+ *
+ * \return         0 if successful, or 1 if the test failed
+ */
+int mbedtls_ccm_self_test( int verbose );
+#endif /* MBEDTLS_SELF_TEST && MBEDTLS_AES_C */
+
+#ifdef __cplusplus
+}
+#endif
+
+#endif /* MBEDTLS_CCM_H */
diff --git a/client/3rd/ShadowSocks/ShadowSocks/mbedtls/include/certs.h b/client/3rd/ShadowSocks/ShadowSocks/mbedtls/include/certs.h
new file mode 100644
index 00000000..ca49086e
--- /dev/null
+++ b/client/3rd/ShadowSocks/ShadowSocks/mbedtls/include/certs.h
@@ -0,0 +1,99 @@
+/**
+ * \file certs.h
+ *
+ * \brief Sample certificates and DHM parameters for testing
+ *
+ *  Copyright (C) 2006-2015, ARM Limited, All Rights Reserved
+ *  SPDX-License-Identifier: Apache-2.0
+ *
+ *  Licensed under the Apache License, Version 2.0 (the "License"); you may
+ *  not use this file except in compliance with the License.
+ *  You may obtain a copy of the License at
+ *
+ *  http://www.apache.org/licenses/LICENSE-2.0
+ *
+ *  Unless required by applicable law or agreed to in writing, software
+ *  distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
+ *  WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ *  See the License for the specific language governing permissions and
+ *  limitations under the License.
+ *
+ *  This file is part of mbed TLS (https://tls.mbed.org)
+ */
+#ifndef MBEDTLS_CERTS_H
+#define MBEDTLS_CERTS_H
+
+#include <stddef.h>
+
+#ifdef __cplusplus
+extern "C" {
+#endif
+
+#if defined(MBEDTLS_PEM_PARSE_C)
+/* Concatenation of all CA certificates in PEM format if available */
+extern const char   mbedtls_test_cas_pem[];
+extern const size_t mbedtls_test_cas_pem_len;
+#endif
+
+/* List of all CA certificates, terminated by NULL */
+extern const char * mbedtls_test_cas[];
+extern const size_t mbedtls_test_cas_len[];
+
+/*
+ * Convenience for users who just want a certificate:
+ * RSA by default, or ECDSA if RSA is not available
+ */
+extern const char * mbedtls_test_ca_crt;
+extern const size_t mbedtls_test_ca_crt_len;
+extern const char * mbedtls_test_ca_key;
+extern const size_t mbedtls_test_ca_key_len;
+extern const char * mbedtls_test_ca_pwd;
+extern const size_t mbedtls_test_ca_pwd_len;
+extern const char * mbedtls_test_srv_crt;
+extern const size_t mbedtls_test_srv_crt_len;
+extern const char * mbedtls_test_srv_key;
+extern const size_t mbedtls_test_srv_key_len;
+extern const char * mbedtls_test_cli_crt;
+extern const size_t mbedtls_test_cli_crt_len;
+extern const char * mbedtls_test_cli_key;
+extern const size_t mbedtls_test_cli_key_len;
+
+#if defined(MBEDTLS_ECDSA_C)
+extern const char   mbedtls_test_ca_crt_ec[];
+extern const size_t mbedtls_test_ca_crt_ec_len;
+extern const char   mbedtls_test_ca_key_ec[];
+extern const size_t mbedtls_test_ca_key_ec_len;
+extern const char   mbedtls_test_ca_pwd_ec[];
+extern const size_t mbedtls_test_ca_pwd_ec_len;
+extern const char   mbedtls_test_srv_crt_ec[];
+extern const size_t mbedtls_test_srv_crt_ec_len;
+extern const char   mbedtls_test_srv_key_ec[];
+extern const size_t mbedtls_test_srv_key_ec_len;
+extern const char   mbedtls_test_cli_crt_ec[];
+extern const size_t mbedtls_test_cli_crt_ec_len;
+extern const char   mbedtls_test_cli_key_ec[];
+extern const size_t mbedtls_test_cli_key_ec_len;
+#endif
+
+#if defined(MBEDTLS_RSA_C)
+extern const char   mbedtls_test_ca_crt_rsa[];
+extern const size_t mbedtls_test_ca_crt_rsa_len;
+extern const char   mbedtls_test_ca_key_rsa[];
+extern const size_t mbedtls_test_ca_key_rsa_len;
+extern const char   mbedtls_test_ca_pwd_rsa[];
+extern const size_t mbedtls_test_ca_pwd_rsa_len;
+extern const char   mbedtls_test_srv_crt_rsa[];
+extern const size_t mbedtls_test_srv_crt_rsa_len;
+extern const char   mbedtls_test_srv_key_rsa[];
+extern const size_t mbedtls_test_srv_key_rsa_len;
+extern const char   mbedtls_test_cli_crt_rsa[];
+extern const size_t mbedtls_test_cli_crt_rsa_len;
+extern const char   mbedtls_test_cli_key_rsa[];
+extern const size_t mbedtls_test_cli_key_rsa_len;
+#endif
+
+#ifdef __cplusplus
+}
+#endif
+
+#endif /* certs.h */
diff --git a/client/3rd/ShadowSocks/ShadowSocks/mbedtls/include/check_config.h b/client/3rd/ShadowSocks/ShadowSocks/mbedtls/include/check_config.h
new file mode 100644
index 00000000..8dadbe1c
--- /dev/null
+++ b/client/3rd/ShadowSocks/ShadowSocks/mbedtls/include/check_config.h
@@ -0,0 +1,529 @@
+/**
+ * \file check_config.h
+ *
+ * \brief Consistency checks for configuration options
+ *
+ *  Copyright (C) 2006-2015, ARM Limited, All Rights Reserved
+ *  SPDX-License-Identifier: Apache-2.0
+ *
+ *  Licensed under the Apache License, Version 2.0 (the "License"); you may
+ *  not use this file except in compliance with the License.
+ *  You may obtain a copy of the License at
+ *
+ *  http://www.apache.org/licenses/LICENSE-2.0
+ *
+ *  Unless required by applicable law or agreed to in writing, software
+ *  distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
+ *  WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ *  See the License for the specific language governing permissions and
+ *  limitations under the License.
+ *
+ *  This file is part of mbed TLS (https://tls.mbed.org)
+ */
+
+/*
+ * It is recommended to include this file from your config.h
+ * in order to catch dependency issues early.
+ */
+
+#ifndef MBEDTLS_CHECK_CONFIG_H
+#define MBEDTLS_CHECK_CONFIG_H
+
+/*
+ * We assume CHAR_BIT is 8 in many places. In practice, this is true on our
+ * target platforms, so not an issue, but let's just be extra sure.
+ */
+#include <limits.h>
+#if CHAR_BIT != 8
+#error "mbed TLS requires a platform with 8-bit chars"
+#endif
+
+#if defined(_WIN32)
+#if !defined(MBEDTLS_PLATFORM_C)
+#error "MBEDTLS_PLATFORM_C is required on Windows"
+#endif
+
+/* Fix the config here. Not convenient to put an #ifdef _WIN32 in config.h as
+ * it would confuse config.pl. */
+#if !defined(MBEDTLS_PLATFORM_SNPRINTF_ALT) && \
+    !defined(MBEDTLS_PLATFORM_SNPRINTF_MACRO)
+#define MBEDTLS_PLATFORM_SNPRINTF_ALT
+#endif
+#endif /* _WIN32 */
+
+#if defined(TARGET_LIKE_MBED) && \
+    ( defined(MBEDTLS_NET_C) || defined(MBEDTLS_TIMING_C) )
+#error "The NET and TIMING modules are not available for mbed OS - please use the network and timing functions provided by mbed OS"
+#endif
+
+#if defined(MBEDTLS_DEPRECATED_WARNING) && \
+    !defined(__GNUC__) && !defined(__clang__)
+#error "MBEDTLS_DEPRECATED_WARNING only works with GCC and Clang"
+#endif
+
+#if defined(MBEDTLS_HAVE_TIME_DATE) && !defined(MBEDTLS_HAVE_TIME)
+#error "MBEDTLS_HAVE_TIME_DATE without MBEDTLS_HAVE_TIME does not make sense"
+#endif
+
+#if defined(MBEDTLS_AESNI_C) && !defined(MBEDTLS_HAVE_ASM)
+#error "MBEDTLS_AESNI_C defined, but not all prerequisites"
+#endif
+
+#if defined(MBEDTLS_CTR_DRBG_C) && !defined(MBEDTLS_AES_C)
+#error "MBEDTLS_CTR_DRBG_C defined, but not all prerequisites"
+#endif
+
+#if defined(MBEDTLS_DHM_C) && !defined(MBEDTLS_BIGNUM_C)
+#error "MBEDTLS_DHM_C defined, but not all prerequisites"
+#endif
+
+#if defined(MBEDTLS_ECDH_C) && !defined(MBEDTLS_ECP_C)
+#error "MBEDTLS_ECDH_C defined, but not all prerequisites"
+#endif
+
+#if defined(MBEDTLS_ECDSA_C) &&            \
+    ( !defined(MBEDTLS_ECP_C) ||           \
+      !defined(MBEDTLS_ASN1_PARSE_C) ||    \
+      !defined(MBEDTLS_ASN1_WRITE_C) )
+#error "MBEDTLS_ECDSA_C defined, but not all prerequisites"
+#endif
+
+#if defined(MBEDTLS_ECDSA_DETERMINISTIC) && !defined(MBEDTLS_HMAC_DRBG_C)
+#error "MBEDTLS_ECDSA_DETERMINISTIC defined, but not all prerequisites"
+#endif
+
+#if defined(MBEDTLS_ECP_C) && ( !defined(MBEDTLS_BIGNUM_C) || (   \
+    !defined(MBEDTLS_ECP_DP_SECP192R1_ENABLED) &&                  \
+    !defined(MBEDTLS_ECP_DP_SECP224R1_ENABLED) &&                  \
+    !defined(MBEDTLS_ECP_DP_SECP256R1_ENABLED) &&                  \
+    !defined(MBEDTLS_ECP_DP_SECP384R1_ENABLED) &&                  \
+    !defined(MBEDTLS_ECP_DP_SECP521R1_ENABLED) &&                  \
+    !defined(MBEDTLS_ECP_DP_BP256R1_ENABLED)   &&                  \
+    !defined(MBEDTLS_ECP_DP_BP384R1_ENABLED)   &&                  \
+    !defined(MBEDTLS_ECP_DP_BP512R1_ENABLED)   &&                  \
+    !defined(MBEDTLS_ECP_DP_SECP192K1_ENABLED) &&                  \
+    !defined(MBEDTLS_ECP_DP_SECP224K1_ENABLED) &&                  \
+    !defined(MBEDTLS_ECP_DP_SECP256K1_ENABLED) ) )
+#error "MBEDTLS_ECP_C defined, but not all prerequisites"
+#endif
+
+#if defined(MBEDTLS_ENTROPY_C) && (!defined(MBEDTLS_SHA512_C) &&      \
+                                    !defined(MBEDTLS_SHA256_C))
+#error "MBEDTLS_ENTROPY_C defined, but not all prerequisites"
+#endif
+#if defined(MBEDTLS_ENTROPY_C) && defined(MBEDTLS_SHA512_C) &&         \
+    defined(MBEDTLS_CTR_DRBG_ENTROPY_LEN) && (MBEDTLS_CTR_DRBG_ENTROPY_LEN > 64)
+#error "MBEDTLS_CTR_DRBG_ENTROPY_LEN value too high"
+#endif
+#if defined(MBEDTLS_ENTROPY_C) &&                                            \
+    ( !defined(MBEDTLS_SHA512_C) || defined(MBEDTLS_ENTROPY_FORCE_SHA256) ) \
+    && defined(MBEDTLS_CTR_DRBG_ENTROPY_LEN) && (MBEDTLS_CTR_DRBG_ENTROPY_LEN > 32)
+#error "MBEDTLS_CTR_DRBG_ENTROPY_LEN value too high"
+#endif
+#if defined(MBEDTLS_ENTROPY_C) && \
+    defined(MBEDTLS_ENTROPY_FORCE_SHA256) && !defined(MBEDTLS_SHA256_C)
+#error "MBEDTLS_ENTROPY_FORCE_SHA256 defined, but not all prerequisites"
+#endif
+
+#if defined(MBEDTLS_GCM_C) && (                                        \
+        !defined(MBEDTLS_AES_C) && !defined(MBEDTLS_CAMELLIA_C) )
+#error "MBEDTLS_GCM_C defined, but not all prerequisites"
+#endif
+
+#if defined(MBEDTLS_HAVEGE_C) && !defined(MBEDTLS_TIMING_C)
+#error "MBEDTLS_HAVEGE_C defined, but not all prerequisites"
+#endif
+
+#if defined(MBEDTLS_HMAC_DRBG_C) && !defined(MBEDTLS_MD_C)
+#error "MBEDTLS_HMAC_DRBG_C defined, but not all prerequisites"
+#endif
+
+#if defined(MBEDTLS_KEY_EXCHANGE_ECDH_ECDSA_ENABLED) &&                 \
+    ( !defined(MBEDTLS_ECDH_C) || !defined(MBEDTLS_X509_CRT_PARSE_C) )
+#error "MBEDTLS_KEY_EXCHANGE_ECDH_ECDSA_ENABLED defined, but not all prerequisites"
+#endif
+
+#if defined(MBEDTLS_KEY_EXCHANGE_ECDH_RSA_ENABLED) &&                 \
+    ( !defined(MBEDTLS_ECDH_C) || !defined(MBEDTLS_X509_CRT_PARSE_C) )
+#error "MBEDTLS_KEY_EXCHANGE_ECDH_RSA_ENABLED defined, but not all prerequisites"
+#endif
+
+#if defined(MBEDTLS_KEY_EXCHANGE_DHE_PSK_ENABLED) && !defined(MBEDTLS_DHM_C)
+#error "MBEDTLS_KEY_EXCHANGE_DHE_PSK_ENABLED defined, but not all prerequisites"
+#endif
+
+#if defined(MBEDTLS_KEY_EXCHANGE_ECDHE_PSK_ENABLED) &&                     \
+    !defined(MBEDTLS_ECDH_C)
+#error "MBEDTLS_KEY_EXCHANGE_ECDHE_PSK_ENABLED defined, but not all prerequisites"
+#endif
+
+#if defined(MBEDTLS_KEY_EXCHANGE_DHE_RSA_ENABLED) &&                   \
+    ( !defined(MBEDTLS_DHM_C) || !defined(MBEDTLS_RSA_C) ||           \
+      !defined(MBEDTLS_X509_CRT_PARSE_C) || !defined(MBEDTLS_PKCS1_V15) )
+#error "MBEDTLS_KEY_EXCHANGE_DHE_RSA_ENABLED defined, but not all prerequisites"
+#endif
+
+#if defined(MBEDTLS_KEY_EXCHANGE_ECDHE_RSA_ENABLED) &&                 \
+    ( !defined(MBEDTLS_ECDH_C) || !defined(MBEDTLS_RSA_C) ||          \
+      !defined(MBEDTLS_X509_CRT_PARSE_C) || !defined(MBEDTLS_PKCS1_V15) )
+#error "MBEDTLS_KEY_EXCHANGE_ECDHE_RSA_ENABLED defined, but not all prerequisites"
+#endif
+
+#if defined(MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA_ENABLED) &&                 \
+    ( !defined(MBEDTLS_ECDH_C) || !defined(MBEDTLS_ECDSA_C) ||          \
+      !defined(MBEDTLS_X509_CRT_PARSE_C) )
+#error "MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA_ENABLED defined, but not all prerequisites"
+#endif
+
+#if defined(MBEDTLS_KEY_EXCHANGE_RSA_PSK_ENABLED) &&                   \
+    ( !defined(MBEDTLS_RSA_C) || !defined(MBEDTLS_X509_CRT_PARSE_C) || \
+      !defined(MBEDTLS_PKCS1_V15) )
+#error "MBEDTLS_KEY_EXCHANGE_RSA_PSK_ENABLED defined, but not all prerequisites"
+#endif
+
+#if defined(MBEDTLS_KEY_EXCHANGE_RSA_ENABLED) &&                       \
+    ( !defined(MBEDTLS_RSA_C) || !defined(MBEDTLS_X509_CRT_PARSE_C) || \
+      !defined(MBEDTLS_PKCS1_V15) )
+#error "MBEDTLS_KEY_EXCHANGE_RSA_ENABLED defined, but not all prerequisites"
+#endif
+
+#if defined(MBEDTLS_MEMORY_BUFFER_ALLOC_C) &&                          \
+    ( !defined(MBEDTLS_PLATFORM_C) || !defined(MBEDTLS_PLATFORM_MEMORY) )
+#error "MBEDTLS_MEMORY_BUFFER_ALLOC_C defined, but not all prerequisites"
+#endif
+
+#if defined(MBEDTLS_PADLOCK_C) && !defined(MBEDTLS_HAVE_ASM)
+#error "MBEDTLS_PADLOCK_C defined, but not all prerequisites"
+#endif
+
+#if defined(MBEDTLS_PEM_PARSE_C) && !defined(MBEDTLS_BASE64_C)
+#error "MBEDTLS_PEM_PARSE_C defined, but not all prerequisites"
+#endif
+
+#if defined(MBEDTLS_PEM_WRITE_C) && !defined(MBEDTLS_BASE64_C)
+#error "MBEDTLS_PEM_WRITE_C defined, but not all prerequisites"
+#endif
+
+#if defined(MBEDTLS_PK_C) && \
+    ( !defined(MBEDTLS_RSA_C) && !defined(MBEDTLS_ECP_C) )
+#error "MBEDTLS_PK_C defined, but not all prerequisites"
+#endif
+
+#if defined(MBEDTLS_PK_PARSE_C) && !defined(MBEDTLS_PK_C)
+#error "MBEDTLS_PK_PARSE_C defined, but not all prerequisites"
+#endif
+
+#if defined(MBEDTLS_PK_WRITE_C) && !defined(MBEDTLS_PK_C)
+#error "MBEDTLS_PK_WRITE_C defined, but not all prerequisites"
+#endif
+
+#if defined(MBEDTLS_PKCS11_C) && !defined(MBEDTLS_PK_C)
+#error "MBEDTLS_PKCS11_C defined, but not all prerequisites"
+#endif
+
+#if defined(MBEDTLS_PLATFORM_EXIT_ALT) && !defined(MBEDTLS_PLATFORM_C)
+#error "MBEDTLS_PLATFORM_EXIT_ALT defined, but not all prerequisites"
+#endif
+
+#if defined(MBEDTLS_PLATFORM_EXIT_MACRO) && !defined(MBEDTLS_PLATFORM_C)
+#error "MBEDTLS_PLATFORM_EXIT_MACRO defined, but not all prerequisites"
+#endif
+
+#if defined(MBEDTLS_PLATFORM_EXIT_MACRO) &&\
+    ( defined(MBEDTLS_PLATFORM_STD_EXIT) ||\
+        defined(MBEDTLS_PLATFORM_EXIT_ALT) )
+#error "MBEDTLS_PLATFORM_EXIT_MACRO and MBEDTLS_PLATFORM_STD_EXIT/MBEDTLS_PLATFORM_EXIT_ALT cannot be defined simultaneously"
+#endif
+
+#if defined(MBEDTLS_PLATFORM_FPRINTF_ALT) && !defined(MBEDTLS_PLATFORM_C)
+#error "MBEDTLS_PLATFORM_FPRINTF_ALT defined, but not all prerequisites"
+#endif
+
+#if defined(MBEDTLS_PLATFORM_FPRINTF_MACRO) && !defined(MBEDTLS_PLATFORM_C)
+#error "MBEDTLS_PLATFORM_FPRINTF_MACRO defined, but not all prerequisites"
+#endif
+
+#if defined(MBEDTLS_PLATFORM_FPRINTF_MACRO) &&\
+    ( defined(MBEDTLS_PLATFORM_STD_FPRINTF) ||\
+        defined(MBEDTLS_PLATFORM_FPRINTF_ALT) )
+#error "MBEDTLS_PLATFORM_FPRINTF_MACRO and MBEDTLS_PLATFORM_STD_FPRINTF/MBEDTLS_PLATFORM_FPRINTF_ALT cannot be defined simultaneously"
+#endif
+
+#if defined(MBEDTLS_PLATFORM_FREE_MACRO) &&\
+    ( !defined(MBEDTLS_PLATFORM_C) || !defined(MBEDTLS_PLATFORM_MEMORY) )
+#error "MBEDTLS_PLATFORM_FREE_MACRO defined, but not all prerequisites"
+#endif
+
+#if defined(MBEDTLS_PLATFORM_FREE_MACRO) &&\
+    defined(MBEDTLS_PLATFORM_STD_FREE)
+#error "MBEDTLS_PLATFORM_FREE_MACRO and MBEDTLS_PLATFORM_STD_FREE cannot be defined simultaneously"
+#endif
+
+#if defined(MBEDTLS_PLATFORM_FREE_MACRO) && !defined(MBEDTLS_PLATFORM_CALLOC_MACRO)
+#error "MBEDTLS_PLATFORM_CALLOC_MACRO must be defined if MBEDTLS_PLATFORM_FREE_MACRO is"
+#endif
+
+#if defined(MBEDTLS_PLATFORM_CALLOC_MACRO) &&\
+    ( !defined(MBEDTLS_PLATFORM_C) || !defined(MBEDTLS_PLATFORM_MEMORY) )
+#error "MBEDTLS_PLATFORM_CALLOC_MACRO defined, but not all prerequisites"
+#endif
+
+#if defined(MBEDTLS_PLATFORM_CALLOC_MACRO) &&\
+    defined(MBEDTLS_PLATFORM_STD_CALLOC)
+#error "MBEDTLS_PLATFORM_CALLOC_MACRO and MBEDTLS_PLATFORM_STD_CALLOC cannot be defined simultaneously"
+#endif
+
+#if defined(MBEDTLS_PLATFORM_CALLOC_MACRO) && !defined(MBEDTLS_PLATFORM_FREE_MACRO)
+#error "MBEDTLS_PLATFORM_FREE_MACRO must be defined if MBEDTLS_PLATFORM_CALLOC_MACRO is"
+#endif
+
+#if defined(MBEDTLS_PLATFORM_MEMORY) && !defined(MBEDTLS_PLATFORM_C)
+#error "MBEDTLS_PLATFORM_MEMORY defined, but not all prerequisites"
+#endif
+
+#if defined(MBEDTLS_PLATFORM_PRINTF_ALT) && !defined(MBEDTLS_PLATFORM_C)
+#error "MBEDTLS_PLATFORM_PRINTF_ALT defined, but not all prerequisites"
+#endif
+
+#if defined(MBEDTLS_PLATFORM_PRINTF_MACRO) && !defined(MBEDTLS_PLATFORM_C)
+#error "MBEDTLS_PLATFORM_PRINTF_MACRO defined, but not all prerequisites"
+#endif
+
+#if defined(MBEDTLS_PLATFORM_PRINTF_MACRO) &&\
+    ( defined(MBEDTLS_PLATFORM_STD_PRINTF) ||\
+        defined(MBEDTLS_PLATFORM_PRINTF_ALT) )
+#error "MBEDTLS_PLATFORM_PRINTF_MACRO and MBEDTLS_PLATFORM_STD_PRINTF/MBEDTLS_PLATFORM_PRINTF_ALT cannot be defined simultaneously"
+#endif
+
+#if defined(MBEDTLS_PLATFORM_SNPRINTF_ALT) && !defined(MBEDTLS_PLATFORM_C)
+#error "MBEDTLS_PLATFORM_SNPRINTF_ALT defined, but not all prerequisites"
+#endif
+
+#if defined(MBEDTLS_PLATFORM_SNPRINTF_MACRO) && !defined(MBEDTLS_PLATFORM_C)
+#error "MBEDTLS_PLATFORM_SNPRINTF_MACRO defined, but not all prerequisites"
+#endif
+
+#if defined(MBEDTLS_PLATFORM_SNPRINTF_MACRO) &&\
+    ( defined(MBEDTLS_PLATFORM_STD_SNPRINTF) ||\
+        defined(MBEDTLS_PLATFORM_SNPRINTF_ALT) )
+#error "MBEDTLS_PLATFORM_SNPRINTF_MACRO and MBEDTLS_PLATFORM_STD_SNPRINTF/MBEDTLS_PLATFORM_SNPRINTF_ALT cannot be defined simultaneously"
+#endif
+
+#if defined(MBEDTLS_PLATFORM_STD_MEM_HDR) &&\
+    !defined(MBEDTLS_PLATFORM_NO_STD_FUNCTIONS)
+#error "MBEDTLS_PLATFORM_STD_MEM_HDR defined, but not all prerequisites"
+#endif
+
+#if defined(MBEDTLS_PLATFORM_STD_CALLOC) && !defined(MBEDTLS_PLATFORM_MEMORY)
+#error "MBEDTLS_PLATFORM_STD_CALLOC defined, but not all prerequisites"
+#endif
+
+#if defined(MBEDTLS_PLATFORM_STD_CALLOC) && !defined(MBEDTLS_PLATFORM_MEMORY)
+#error "MBEDTLS_PLATFORM_STD_CALLOC defined, but not all prerequisites"
+#endif
+
+#if defined(MBEDTLS_PLATFORM_STD_FREE) && !defined(MBEDTLS_PLATFORM_MEMORY)
+#error "MBEDTLS_PLATFORM_STD_FREE defined, but not all prerequisites"
+#endif
+
+#if defined(MBEDTLS_PLATFORM_STD_EXIT) &&\
+    !defined(MBEDTLS_PLATFORM_EXIT_ALT)
+#error "MBEDTLS_PLATFORM_STD_EXIT defined, but not all prerequisites"
+#endif
+
+#if defined(MBEDTLS_PLATFORM_STD_FPRINTF) &&\
+    !defined(MBEDTLS_PLATFORM_FPRINTF_ALT)
+#error "MBEDTLS_PLATFORM_STD_FPRINTF defined, but not all prerequisites"
+#endif
+
+#if defined(MBEDTLS_PLATFORM_STD_PRINTF) &&\
+    !defined(MBEDTLS_PLATFORM_PRINTF_ALT)
+#error "MBEDTLS_PLATFORM_STD_PRINTF defined, but not all prerequisites"
+#endif
+
+#if defined(MBEDTLS_PLATFORM_STD_SNPRINTF) &&\
+    !defined(MBEDTLS_PLATFORM_SNPRINTF_ALT)
+#error "MBEDTLS_PLATFORM_STD_SNPRINTF defined, but not all prerequisites"
+#endif
+
+#if defined(MBEDTLS_RSA_C) && ( !defined(MBEDTLS_BIGNUM_C) ||         \
+    !defined(MBEDTLS_OID_C) )
+#error "MBEDTLS_RSA_C defined, but not all prerequisites"
+#endif
+
+#if defined(MBEDTLS_X509_RSASSA_PSS_SUPPORT) &&                        \
+    ( !defined(MBEDTLS_RSA_C) || !defined(MBEDTLS_PKCS1_V21) )
+#error "MBEDTLS_X509_RSASSA_PSS_SUPPORT defined, but not all prerequisites"
+#endif
+
+#if defined(MBEDTLS_SSL_PROTO_SSL3) && ( !defined(MBEDTLS_MD5_C) ||     \
+    !defined(MBEDTLS_SHA1_C) )
+#error "MBEDTLS_SSL_PROTO_SSL3 defined, but not all prerequisites"
+#endif
+
+#if defined(MBEDTLS_SSL_PROTO_TLS1) && ( !defined(MBEDTLS_MD5_C) ||     \
+    !defined(MBEDTLS_SHA1_C) )
+#error "MBEDTLS_SSL_PROTO_TLS1 defined, but not all prerequisites"
+#endif
+
+#if defined(MBEDTLS_SSL_PROTO_TLS1_1) && ( !defined(MBEDTLS_MD5_C) ||     \
+    !defined(MBEDTLS_SHA1_C) )
+#error "MBEDTLS_SSL_PROTO_TLS1_1 defined, but not all prerequisites"
+#endif
+
+#if defined(MBEDTLS_SSL_PROTO_TLS1_2) && ( !defined(MBEDTLS_SHA1_C) &&     \
+    !defined(MBEDTLS_SHA256_C) && !defined(MBEDTLS_SHA512_C) )
+#error "MBEDTLS_SSL_PROTO_TLS1_2 defined, but not all prerequisites"
+#endif
+
+#if defined(MBEDTLS_SSL_PROTO_DTLS)     && \
+    !defined(MBEDTLS_SSL_PROTO_TLS1_1)  && \
+    !defined(MBEDTLS_SSL_PROTO_TLS1_2)
+#error "MBEDTLS_SSL_PROTO_DTLS defined, but not all prerequisites"
+#endif
+
+#if defined(MBEDTLS_SSL_CLI_C) && !defined(MBEDTLS_SSL_TLS_C)
+#error "MBEDTLS_SSL_CLI_C defined, but not all prerequisites"
+#endif
+
+#if defined(MBEDTLS_SSL_TLS_C) && ( !defined(MBEDTLS_CIPHER_C) ||     \
+    !defined(MBEDTLS_MD_C) )
+#error "MBEDTLS_SSL_TLS_C defined, but not all prerequisites"
+#endif
+
+#if defined(MBEDTLS_SSL_SRV_C) && !defined(MBEDTLS_SSL_TLS_C)
+#error "MBEDTLS_SSL_SRV_C defined, but not all prerequisites"
+#endif
+
+#if defined(MBEDTLS_SSL_TLS_C) && (!defined(MBEDTLS_SSL_PROTO_SSL3) && \
+    !defined(MBEDTLS_SSL_PROTO_TLS1) && !defined(MBEDTLS_SSL_PROTO_TLS1_1) && \
+    !defined(MBEDTLS_SSL_PROTO_TLS1_2))
+#error "MBEDTLS_SSL_TLS_C defined, but no protocols are active"
+#endif
+
+#if defined(MBEDTLS_SSL_TLS_C) && (defined(MBEDTLS_SSL_PROTO_SSL3) && \
+    defined(MBEDTLS_SSL_PROTO_TLS1_1) && !defined(MBEDTLS_SSL_PROTO_TLS1))
+#error "Illegal protocol selection"
+#endif
+
+#if defined(MBEDTLS_SSL_TLS_C) && (defined(MBEDTLS_SSL_PROTO_TLS1) && \
+    defined(MBEDTLS_SSL_PROTO_TLS1_2) && !defined(MBEDTLS_SSL_PROTO_TLS1_1))
+#error "Illegal protocol selection"
+#endif
+
+#if defined(MBEDTLS_SSL_TLS_C) && (defined(MBEDTLS_SSL_PROTO_SSL3) && \
+    defined(MBEDTLS_SSL_PROTO_TLS1_2) && (!defined(MBEDTLS_SSL_PROTO_TLS1) || \
+    !defined(MBEDTLS_SSL_PROTO_TLS1_1)))
+#error "Illegal protocol selection"
+#endif
+
+#if defined(MBEDTLS_SSL_DTLS_HELLO_VERIFY) && !defined(MBEDTLS_SSL_PROTO_DTLS)
+#error "MBEDTLS_SSL_DTLS_HELLO_VERIFY  defined, but not all prerequisites"
+#endif
+
+#if defined(MBEDTLS_SSL_DTLS_CLIENT_PORT_REUSE) && \
+    !defined(MBEDTLS_SSL_DTLS_HELLO_VERIFY)
+#error "MBEDTLS_SSL_DTLS_CLIENT_PORT_REUSE  defined, but not all prerequisites"
+#endif
+
+#if defined(MBEDTLS_SSL_DTLS_ANTI_REPLAY) &&                              \
+    ( !defined(MBEDTLS_SSL_TLS_C) || !defined(MBEDTLS_SSL_PROTO_DTLS) )
+#error "MBEDTLS_SSL_DTLS_ANTI_REPLAY  defined, but not all prerequisites"
+#endif
+
+#if defined(MBEDTLS_SSL_DTLS_BADMAC_LIMIT) &&                              \
+    ( !defined(MBEDTLS_SSL_TLS_C) || !defined(MBEDTLS_SSL_PROTO_DTLS) )
+#error "MBEDTLS_SSL_DTLS_BADMAC_LIMIT  defined, but not all prerequisites"
+#endif
+
+#if defined(MBEDTLS_SSL_ENCRYPT_THEN_MAC) &&   \
+    !defined(MBEDTLS_SSL_PROTO_TLS1)   &&      \
+    !defined(MBEDTLS_SSL_PROTO_TLS1_1) &&      \
+    !defined(MBEDTLS_SSL_PROTO_TLS1_2)
+#error "MBEDTLS_SSL_ENCRYPT_THEN_MAC defined, but not all prerequsites"
+#endif
+
+#if defined(MBEDTLS_SSL_EXTENDED_MASTER_SECRET) && \
+    !defined(MBEDTLS_SSL_PROTO_TLS1)   &&          \
+    !defined(MBEDTLS_SSL_PROTO_TLS1_1) &&          \
+    !defined(MBEDTLS_SSL_PROTO_TLS1_2)
+#error "MBEDTLS_SSL_EXTENDED_MASTER_SECRET defined, but not all prerequsites"
+#endif
+
+#if defined(MBEDTLS_SSL_TICKET_C) && !defined(MBEDTLS_CIPHER_C)
+#error "MBEDTLS_SSL_TICKET_C defined, but not all prerequisites"
+#endif
+
+#if defined(MBEDTLS_SSL_CBC_RECORD_SPLITTING) && \
+    !defined(MBEDTLS_SSL_PROTO_SSL3) && !defined(MBEDTLS_SSL_PROTO_TLS1)
+#error "MBEDTLS_SSL_CBC_RECORD_SPLITTING defined, but not all prerequisites"
+#endif
+
+#if defined(MBEDTLS_SSL_SERVER_NAME_INDICATION) && \
+        !defined(MBEDTLS_X509_CRT_PARSE_C)
+#error "MBEDTLS_SSL_SERVER_NAME_INDICATION defined, but not all prerequisites"
+#endif
+
+#if defined(MBEDTLS_THREADING_PTHREAD)
+#if !defined(MBEDTLS_THREADING_C) || defined(MBEDTLS_THREADING_IMPL)
+#error "MBEDTLS_THREADING_PTHREAD defined, but not all prerequisites"
+#endif
+#define MBEDTLS_THREADING_IMPL
+#endif
+
+#if defined(MBEDTLS_THREADING_ALT)
+#if !defined(MBEDTLS_THREADING_C) || defined(MBEDTLS_THREADING_IMPL)
+#error "MBEDTLS_THREADING_ALT defined, but not all prerequisites"
+#endif
+#define MBEDTLS_THREADING_IMPL
+#endif
+
+#if defined(MBEDTLS_THREADING_C) && !defined(MBEDTLS_THREADING_IMPL)
+#error "MBEDTLS_THREADING_C defined, single threading implementation required"
+#endif
+#undef MBEDTLS_THREADING_IMPL
+
+#if defined(MBEDTLS_VERSION_FEATURES) && !defined(MBEDTLS_VERSION_C)
+#error "MBEDTLS_VERSION_FEATURES defined, but not all prerequisites"
+#endif
+
+#if defined(MBEDTLS_X509_USE_C) && ( !defined(MBEDTLS_BIGNUM_C) ||  \
+    !defined(MBEDTLS_OID_C) || !defined(MBEDTLS_ASN1_PARSE_C) ||      \
+    !defined(MBEDTLS_PK_PARSE_C) )
+#error "MBEDTLS_X509_USE_C defined, but not all prerequisites"
+#endif
+
+#if defined(MBEDTLS_X509_CREATE_C) && ( !defined(MBEDTLS_BIGNUM_C) ||  \
+    !defined(MBEDTLS_OID_C) || !defined(MBEDTLS_ASN1_WRITE_C) ||       \
+    !defined(MBEDTLS_PK_WRITE_C) )
+#error "MBEDTLS_X509_CREATE_C defined, but not all prerequisites"
+#endif
+
+#if defined(MBEDTLS_X509_CRT_PARSE_C) && ( !defined(MBEDTLS_X509_USE_C) )
+#error "MBEDTLS_X509_CRT_PARSE_C defined, but not all prerequisites"
+#endif
+
+#if defined(MBEDTLS_X509_CRL_PARSE_C) && ( !defined(MBEDTLS_X509_USE_C) )
+#error "MBEDTLS_X509_CRL_PARSE_C defined, but not all prerequisites"
+#endif
+
+#if defined(MBEDTLS_X509_CSR_PARSE_C) && ( !defined(MBEDTLS_X509_USE_C) )
+#error "MBEDTLS_X509_CSR_PARSE_C defined, but not all prerequisites"
+#endif
+
+#if defined(MBEDTLS_X509_CRT_WRITE_C) && ( !defined(MBEDTLS_X509_CREATE_C) )
+#error "MBEDTLS_X509_CRT_WRITE_C defined, but not all prerequisites"
+#endif
+
+#if defined(MBEDTLS_X509_CSR_WRITE_C) && ( !defined(MBEDTLS_X509_CREATE_C) )
+#error "MBEDTLS_X509_CSR_WRITE_C defined, but not all prerequisites"
+#endif
+
+/*
+ * Avoid warning from -pedantic. This is a convenient place for this
+ * workaround since this is included by every single file before the
+ * #if defined(MBEDTLS_xxx_C) that results in emtpy translation units.
+ */
+typedef int mbedtls_iso_c_forbids_empty_translation_units;
+
+#endif /* MBEDTLS_CHECK_CONFIG_H */
diff --git a/client/3rd/ShadowSocks/ShadowSocks/mbedtls/include/cipher.h b/client/3rd/ShadowSocks/ShadowSocks/mbedtls/include/cipher.h
new file mode 100644
index 00000000..70000f5e
--- /dev/null
+++ b/client/3rd/ShadowSocks/ShadowSocks/mbedtls/include/cipher.h
@@ -0,0 +1,698 @@
+/**
+ * \file cipher.h
+ *
+ * \brief Generic cipher wrapper.
+ *
+ * \author Adriaan de Jong <dejong@fox-it.com>
+ *
+ *  Copyright (C) 2006-2015, ARM Limited, All Rights Reserved
+ *  SPDX-License-Identifier: Apache-2.0
+ *
+ *  Licensed under the Apache License, Version 2.0 (the "License"); you may
+ *  not use this file except in compliance with the License.
+ *  You may obtain a copy of the License at
+ *
+ *  http://www.apache.org/licenses/LICENSE-2.0
+ *
+ *  Unless required by applicable law or agreed to in writing, software
+ *  distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
+ *  WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ *  See the License for the specific language governing permissions and
+ *  limitations under the License.
+ *
+ *  This file is part of mbed TLS (https://tls.mbed.org)
+ */
+
+#ifndef MBEDTLS_CIPHER_H
+#define MBEDTLS_CIPHER_H
+
+#if !defined(MBEDTLS_CONFIG_FILE)
+#include "config.h"
+#else
+#include MBEDTLS_CONFIG_FILE
+#endif
+
+#include <stddef.h>
+
+#if defined(MBEDTLS_GCM_C) || defined(MBEDTLS_CCM_C)
+#define MBEDTLS_CIPHER_MODE_AEAD
+#endif
+
+#if defined(MBEDTLS_CIPHER_MODE_CBC)
+#define MBEDTLS_CIPHER_MODE_WITH_PADDING
+#endif
+
+#if defined(MBEDTLS_ARC4_C)
+#define MBEDTLS_CIPHER_MODE_STREAM
+#endif
+
+#if ( defined(__ARMCC_VERSION) || defined(_MSC_VER) ) && \
+    !defined(inline) && !defined(__cplusplus)
+#define inline __inline
+#endif
+
+#define MBEDTLS_ERR_CIPHER_FEATURE_UNAVAILABLE            -0x6080  /**< The selected feature is not available. */
+#define MBEDTLS_ERR_CIPHER_BAD_INPUT_DATA                 -0x6100  /**< Bad input parameters to function. */
+#define MBEDTLS_ERR_CIPHER_ALLOC_FAILED                   -0x6180  /**< Failed to allocate memory. */
+#define MBEDTLS_ERR_CIPHER_INVALID_PADDING                -0x6200  /**< Input data contains invalid padding and is rejected. */
+#define MBEDTLS_ERR_CIPHER_FULL_BLOCK_EXPECTED            -0x6280  /**< Decryption of block requires a full block. */
+#define MBEDTLS_ERR_CIPHER_AUTH_FAILED                    -0x6300  /**< Authentication failed (for AEAD modes). */
+
+#define MBEDTLS_CIPHER_VARIABLE_IV_LEN     0x01    /**< Cipher accepts IVs of variable length */
+#define MBEDTLS_CIPHER_VARIABLE_KEY_LEN    0x02    /**< Cipher accepts keys of variable length */
+
+#ifdef __cplusplus
+extern "C" {
+#endif
+
+typedef enum {
+    MBEDTLS_CIPHER_ID_NONE = 0,
+    MBEDTLS_CIPHER_ID_NULL,
+    MBEDTLS_CIPHER_ID_AES,
+    MBEDTLS_CIPHER_ID_DES,
+    MBEDTLS_CIPHER_ID_3DES,
+    MBEDTLS_CIPHER_ID_CAMELLIA,
+    MBEDTLS_CIPHER_ID_BLOWFISH,
+    MBEDTLS_CIPHER_ID_ARC4,
+} mbedtls_cipher_id_t;
+
+typedef enum {
+    MBEDTLS_CIPHER_NONE = 0,
+    MBEDTLS_CIPHER_NULL,
+    MBEDTLS_CIPHER_AES_128_ECB,
+    MBEDTLS_CIPHER_AES_192_ECB,
+    MBEDTLS_CIPHER_AES_256_ECB,
+    MBEDTLS_CIPHER_AES_128_CBC,
+    MBEDTLS_CIPHER_AES_192_CBC,
+    MBEDTLS_CIPHER_AES_256_CBC,
+    MBEDTLS_CIPHER_AES_128_CFB128,
+    MBEDTLS_CIPHER_AES_192_CFB128,
+    MBEDTLS_CIPHER_AES_256_CFB128,
+    MBEDTLS_CIPHER_AES_128_CTR,
+    MBEDTLS_CIPHER_AES_192_CTR,
+    MBEDTLS_CIPHER_AES_256_CTR,
+    MBEDTLS_CIPHER_AES_128_GCM,
+    MBEDTLS_CIPHER_AES_192_GCM,
+    MBEDTLS_CIPHER_AES_256_GCM,
+    MBEDTLS_CIPHER_CAMELLIA_128_ECB,
+    MBEDTLS_CIPHER_CAMELLIA_192_ECB,
+    MBEDTLS_CIPHER_CAMELLIA_256_ECB,
+    MBEDTLS_CIPHER_CAMELLIA_128_CBC,
+    MBEDTLS_CIPHER_CAMELLIA_192_CBC,
+    MBEDTLS_CIPHER_CAMELLIA_256_CBC,
+    MBEDTLS_CIPHER_CAMELLIA_128_CFB128,
+    MBEDTLS_CIPHER_CAMELLIA_192_CFB128,
+    MBEDTLS_CIPHER_CAMELLIA_256_CFB128,
+    MBEDTLS_CIPHER_CAMELLIA_128_CTR,
+    MBEDTLS_CIPHER_CAMELLIA_192_CTR,
+    MBEDTLS_CIPHER_CAMELLIA_256_CTR,
+    MBEDTLS_CIPHER_CAMELLIA_128_GCM,
+    MBEDTLS_CIPHER_CAMELLIA_192_GCM,
+    MBEDTLS_CIPHER_CAMELLIA_256_GCM,
+    MBEDTLS_CIPHER_DES_ECB,
+    MBEDTLS_CIPHER_DES_CBC,
+    MBEDTLS_CIPHER_DES_EDE_ECB,
+    MBEDTLS_CIPHER_DES_EDE_CBC,
+    MBEDTLS_CIPHER_DES_EDE3_ECB,
+    MBEDTLS_CIPHER_DES_EDE3_CBC,
+    MBEDTLS_CIPHER_BLOWFISH_ECB,
+    MBEDTLS_CIPHER_BLOWFISH_CBC,
+    MBEDTLS_CIPHER_BLOWFISH_CFB64,
+    MBEDTLS_CIPHER_BLOWFISH_CTR,
+    MBEDTLS_CIPHER_ARC4_128,
+    MBEDTLS_CIPHER_AES_128_CCM,
+    MBEDTLS_CIPHER_AES_192_CCM,
+    MBEDTLS_CIPHER_AES_256_CCM,
+    MBEDTLS_CIPHER_CAMELLIA_128_CCM,
+    MBEDTLS_CIPHER_CAMELLIA_192_CCM,
+    MBEDTLS_CIPHER_CAMELLIA_256_CCM,
+} mbedtls_cipher_type_t;
+
+typedef enum {
+    MBEDTLS_MODE_NONE = 0,
+    MBEDTLS_MODE_ECB,
+    MBEDTLS_MODE_CBC,
+    MBEDTLS_MODE_CFB,
+    MBEDTLS_MODE_OFB, /* Unused! */
+    MBEDTLS_MODE_CTR,
+    MBEDTLS_MODE_GCM,
+    MBEDTLS_MODE_STREAM,
+    MBEDTLS_MODE_CCM,
+} mbedtls_cipher_mode_t;
+
+typedef enum {
+    MBEDTLS_PADDING_PKCS7 = 0,     /**< PKCS7 padding (default)        */
+    MBEDTLS_PADDING_ONE_AND_ZEROS, /**< ISO/IEC 7816-4 padding         */
+    MBEDTLS_PADDING_ZEROS_AND_LEN, /**< ANSI X.923 padding             */
+    MBEDTLS_PADDING_ZEROS,         /**< zero padding (not reversible!) */
+    MBEDTLS_PADDING_NONE,          /**< never pad (full blocks only)   */
+} mbedtls_cipher_padding_t;
+
+typedef enum {
+    MBEDTLS_OPERATION_NONE = -1,
+    MBEDTLS_DECRYPT = 0,
+    MBEDTLS_ENCRYPT,
+} mbedtls_operation_t;
+
+enum {
+    /** Undefined key length */
+    MBEDTLS_KEY_LENGTH_NONE = 0,
+    /** Key length, in bits (including parity), for DES keys */
+    MBEDTLS_KEY_LENGTH_DES  = 64,
+    /** Key length, in bits (including parity), for DES in two key EDE */
+    MBEDTLS_KEY_LENGTH_DES_EDE = 128,
+    /** Key length, in bits (including parity), for DES in three-key EDE */
+    MBEDTLS_KEY_LENGTH_DES_EDE3 = 192,
+};
+
+/** Maximum length of any IV, in bytes */
+#define MBEDTLS_MAX_IV_LENGTH      16
+/** Maximum block size of any cipher, in bytes */
+#define MBEDTLS_MAX_BLOCK_LENGTH   16
+
+/**
+ * Base cipher information (opaque struct).
+ */
+typedef struct mbedtls_cipher_base_t mbedtls_cipher_base_t;
+
+/**
+ * Cipher information. Allows cipher functions to be called in a generic way.
+ */
+typedef struct {
+    /** Full cipher identifier (e.g. MBEDTLS_CIPHER_AES_256_CBC) */
+    mbedtls_cipher_type_t type;
+
+    /** Cipher mode (e.g. MBEDTLS_MODE_CBC) */
+    mbedtls_cipher_mode_t mode;
+
+    /** Cipher key length, in bits (default length for variable sized ciphers)
+     *  (Includes parity bits for ciphers like DES) */
+    unsigned int key_bitlen;
+
+    /** Name of the cipher */
+    const char * name;
+
+    /** IV/NONCE size, in bytes.
+     *  For cipher that accept many sizes: recommended size */
+    unsigned int iv_size;
+
+    /** Flags for variable IV size, variable key size, etc. */
+    int flags;
+
+    /** block size, in bytes */
+    unsigned int block_size;
+
+    /** Base cipher information and functions */
+    const mbedtls_cipher_base_t *base;
+
+} mbedtls_cipher_info_t;
+
+/**
+ * Generic cipher context.
+ */
+typedef struct {
+    /** Information about the associated cipher */
+    const mbedtls_cipher_info_t *cipher_info;
+
+    /** Key length to use */
+    int key_bitlen;
+
+    /** Operation that the context's key has been initialised for */
+    mbedtls_operation_t operation;
+
+#if defined(MBEDTLS_CIPHER_MODE_WITH_PADDING)
+    /** Padding functions to use, if relevant for cipher mode */
+    void (*add_padding)( unsigned char *output, size_t olen, size_t data_len );
+    int (*get_padding)( unsigned char *input, size_t ilen, size_t *data_len );
+#endif
+
+    /** Buffer for data that hasn't been encrypted yet */
+    unsigned char unprocessed_data[MBEDTLS_MAX_BLOCK_LENGTH];
+
+    /** Number of bytes that still need processing */
+    size_t unprocessed_len;
+
+    /** Current IV or NONCE_COUNTER for CTR-mode */
+    unsigned char iv[MBEDTLS_MAX_IV_LENGTH];
+
+    /** IV size in bytes (for ciphers with variable-length IVs) */
+    size_t iv_size;
+
+    /** Cipher-specific context */
+    void *cipher_ctx;
+} mbedtls_cipher_context_t;
+
+/**
+ * \brief Returns the list of ciphers supported by the generic cipher module.
+ *
+ * \return              a statically allocated array of ciphers, the last entry
+ *                      is 0.
+ */
+const int *mbedtls_cipher_list( void );
+
+/**
+ * \brief               Returns the cipher information structure associated
+ *                      with the given cipher name.
+ *
+ * \param cipher_name   Name of the cipher to search for.
+ *
+ * \return              the cipher information structure associated with the
+ *                      given cipher_name, or NULL if not found.
+ */
+const mbedtls_cipher_info_t *mbedtls_cipher_info_from_string( const char *cipher_name );
+
+/**
+ * \brief               Returns the cipher information structure associated
+ *                      with the given cipher type.
+ *
+ * \param cipher_type   Type of the cipher to search for.
+ *
+ * \return              the cipher information structure associated with the
+ *                      given cipher_type, or NULL if not found.
+ */
+const mbedtls_cipher_info_t *mbedtls_cipher_info_from_type( const mbedtls_cipher_type_t cipher_type );
+
+/**
+ * \brief               Returns the cipher information structure associated
+ *                      with the given cipher id, key size and mode.
+ *
+ * \param cipher_id     Id of the cipher to search for
+ *                      (e.g. MBEDTLS_CIPHER_ID_AES)
+ * \param key_bitlen    Length of the key in bits
+ * \param mode          Cipher mode (e.g. MBEDTLS_MODE_CBC)
+ *
+ * \return              the cipher information structure associated with the
+ *                      given cipher_type, or NULL if not found.
+ */
+const mbedtls_cipher_info_t *mbedtls_cipher_info_from_values( const mbedtls_cipher_id_t cipher_id,
+                                              int key_bitlen,
+                                              const mbedtls_cipher_mode_t mode );
+
+/**
+ * \brief               Initialize a cipher_context (as NONE)
+ */
+void mbedtls_cipher_init( mbedtls_cipher_context_t *ctx );
+
+/**
+ * \brief               Free and clear the cipher-specific context of ctx.
+ *                      Freeing ctx itself remains the responsibility of the
+ *                      caller.
+ */
+void mbedtls_cipher_free( mbedtls_cipher_context_t *ctx );
+
+/**
+ * \brief               Initialises and fills the cipher context structure with
+ *                      the appropriate values.
+ *
+ * \note                Currently also clears structure. In future versions you
+ *                      will be required to call mbedtls_cipher_init() on the structure
+ *                      first.
+ *
+ * \param ctx           context to initialise. May not be NULL.
+ * \param cipher_info   cipher to use.
+ *
+ * \return              0 on success,
+ *                      MBEDTLS_ERR_CIPHER_BAD_INPUT_DATA on parameter failure,
+ *                      MBEDTLS_ERR_CIPHER_ALLOC_FAILED if allocation of the
+ *                      cipher-specific context failed.
+ */
+int mbedtls_cipher_setup( mbedtls_cipher_context_t *ctx, const mbedtls_cipher_info_t *cipher_info );
+
+/**
+ * \brief               Returns the block size of the given cipher.
+ *
+ * \param ctx           cipher's context. Must have been initialised.
+ *
+ * \return              size of the cipher's blocks, or 0 if ctx has not been
+ *                      initialised.
+ */
+static inline unsigned int mbedtls_cipher_get_block_size( const mbedtls_cipher_context_t *ctx )
+{
+    if( NULL == ctx || NULL == ctx->cipher_info )
+        return 0;
+
+    return ctx->cipher_info->block_size;
+}
+
+/**
+ * \brief               Returns the mode of operation for the cipher.
+ *                      (e.g. MBEDTLS_MODE_CBC)
+ *
+ * \param ctx           cipher's context. Must have been initialised.
+ *
+ * \return              mode of operation, or MBEDTLS_MODE_NONE if ctx
+ *                      has not been initialised.
+ */
+static inline mbedtls_cipher_mode_t mbedtls_cipher_get_cipher_mode( const mbedtls_cipher_context_t *ctx )
+{
+    if( NULL == ctx || NULL == ctx->cipher_info )
+        return MBEDTLS_MODE_NONE;
+
+    return ctx->cipher_info->mode;
+}
+
+/**
+ * \brief               Returns the size of the cipher's IV/NONCE in bytes.
+ *
+ * \param ctx           cipher's context. Must have been initialised.
+ *
+ * \return              If IV has not been set yet: (recommended) IV size
+ *                      (0 for ciphers not using IV/NONCE).
+ *                      If IV has already been set: actual size.
+ */
+static inline int mbedtls_cipher_get_iv_size( const mbedtls_cipher_context_t *ctx )
+{
+    if( NULL == ctx || NULL == ctx->cipher_info )
+        return 0;
+
+    if( ctx->iv_size != 0 )
+        return (int) ctx->iv_size;
+
+    return (int) ctx->cipher_info->iv_size;
+}
+
+/**
+ * \brief               Returns the type of the given cipher.
+ *
+ * \param ctx           cipher's context. Must have been initialised.
+ *
+ * \return              type of the cipher, or MBEDTLS_CIPHER_NONE if ctx has
+ *                      not been initialised.
+ */
+static inline mbedtls_cipher_type_t mbedtls_cipher_get_type( const mbedtls_cipher_context_t *ctx )
+{
+    if( NULL == ctx || NULL == ctx->cipher_info )
+        return MBEDTLS_CIPHER_NONE;
+
+    return ctx->cipher_info->type;
+}
+
+/**
+ * \brief               Returns the name of the given cipher, as a string.
+ *
+ * \param ctx           cipher's context. Must have been initialised.
+ *
+ * \return              name of the cipher, or NULL if ctx was not initialised.
+ */
+static inline const char *mbedtls_cipher_get_name( const mbedtls_cipher_context_t *ctx )
+{
+    if( NULL == ctx || NULL == ctx->cipher_info )
+        return 0;
+
+    return ctx->cipher_info->name;
+}
+
+/**
+ * \brief               Returns the key length of the cipher.
+ *
+ * \param ctx           cipher's context. Must have been initialised.
+ *
+ * \return              cipher's key length, in bits, or
+ *                      MBEDTLS_KEY_LENGTH_NONE if ctx has not been
+ *                      initialised.
+ */
+static inline int mbedtls_cipher_get_key_bitlen( const mbedtls_cipher_context_t *ctx )
+{
+    if( NULL == ctx || NULL == ctx->cipher_info )
+        return MBEDTLS_KEY_LENGTH_NONE;
+
+    return (int) ctx->cipher_info->key_bitlen;
+}
+
+/**
+ * \brief               Returns the operation of the given cipher.
+ *
+ * \param ctx           cipher's context. Must have been initialised.
+ *
+ * \return              operation (MBEDTLS_ENCRYPT or MBEDTLS_DECRYPT),
+ *                      or MBEDTLS_OPERATION_NONE if ctx has not been
+ *                      initialised.
+ */
+static inline mbedtls_operation_t mbedtls_cipher_get_operation( const mbedtls_cipher_context_t *ctx )
+{
+    if( NULL == ctx || NULL == ctx->cipher_info )
+        return MBEDTLS_OPERATION_NONE;
+
+    return ctx->operation;
+}
+
+/**
+ * \brief               Set the key to use with the given context.
+ *
+ * \param ctx           generic cipher context. May not be NULL. Must have been
+ *                      initialised using cipher_context_from_type or
+ *                      cipher_context_from_string.
+ * \param key           The key to use.
+ * \param key_bitlen    key length to use, in bits.
+ * \param operation     Operation that the key will be used for, either
+ *                      MBEDTLS_ENCRYPT or MBEDTLS_DECRYPT.
+ *
+ * \returns             0 on success, MBEDTLS_ERR_CIPHER_BAD_INPUT_DATA if
+ *                      parameter verification fails or a cipher specific
+ *                      error code.
+ */
+int mbedtls_cipher_setkey( mbedtls_cipher_context_t *ctx, const unsigned char *key,
+                   int key_bitlen, const mbedtls_operation_t operation );
+
+#if defined(MBEDTLS_CIPHER_MODE_WITH_PADDING)
+/**
+ * \brief               Set padding mode, for cipher modes that use padding.
+ *                      (Default: PKCS7 padding.)
+ *
+ * \param ctx           generic cipher context
+ * \param mode          padding mode
+ *
+ * \returns             0 on success, MBEDTLS_ERR_CIPHER_FEATURE_UNAVAILABLE
+ *                      if selected padding mode is not supported, or
+ *                      MBEDTLS_ERR_CIPHER_BAD_INPUT_DATA if the cipher mode
+ *                      does not support padding.
+ */
+int mbedtls_cipher_set_padding_mode( mbedtls_cipher_context_t *ctx, mbedtls_cipher_padding_t mode );
+#endif /* MBEDTLS_CIPHER_MODE_WITH_PADDING */
+
+/**
+ * \brief               Set the initialization vector (IV) or nonce
+ *
+ * \param ctx           generic cipher context
+ * \param iv            IV to use (or NONCE_COUNTER for CTR-mode ciphers)
+ * \param iv_len        IV length for ciphers with variable-size IV;
+ *                      discarded by ciphers with fixed-size IV.
+ *
+ * \returns             0 on success, or MBEDTLS_ERR_CIPHER_BAD_INPUT_DATA
+ *
+ * \note                Some ciphers don't use IVs nor NONCE. For these
+ *                      ciphers, this function has no effect.
+ */
+int mbedtls_cipher_set_iv( mbedtls_cipher_context_t *ctx,
+                   const unsigned char *iv, size_t iv_len );
+
+/**
+ * \brief               Finish preparation of the given context
+ *
+ * \param ctx           generic cipher context
+ *
+ * \returns             0 on success, MBEDTLS_ERR_CIPHER_BAD_INPUT_DATA
+ *                      if parameter verification fails.
+ */
+int mbedtls_cipher_reset( mbedtls_cipher_context_t *ctx );
+
+#if defined(MBEDTLS_GCM_C)
+/**
+ * \brief               Add additional data (for AEAD ciphers).
+ *                      Currently only supported with GCM.
+ *                      Must be called exactly once, after mbedtls_cipher_reset().
+ *
+ * \param ctx           generic cipher context
+ * \param ad            Additional data to use.
+ * \param ad_len        Length of ad.
+ *
+ * \return              0 on success, or a specific error code.
+ */
+int mbedtls_cipher_update_ad( mbedtls_cipher_context_t *ctx,
+                      const unsigned char *ad, size_t ad_len );
+#endif /* MBEDTLS_GCM_C */
+
+/**
+ * \brief               Generic cipher update function. Encrypts/decrypts
+ *                      using the given cipher context. Writes as many block
+ *                      size'd blocks of data as possible to output. Any data
+ *                      that cannot be written immediately will either be added
+ *                      to the next block, or flushed when cipher_final is
+ *                      called.
+ *                      Exception: for MBEDTLS_MODE_ECB, expects single block
+ *                                 in size (e.g. 16 bytes for AES)
+ *
+ * \param ctx           generic cipher context
+ * \param input         buffer holding the input data
+ * \param ilen          length of the input data
+ * \param output        buffer for the output data. Should be able to hold at
+ *                      least ilen + block_size. Cannot be the same buffer as
+ *                      input!
+ * \param olen          length of the output data, will be filled with the
+ *                      actual number of bytes written.
+ *
+ * \returns             0 on success, MBEDTLS_ERR_CIPHER_BAD_INPUT_DATA if
+ *                      parameter verification fails,
+ *                      MBEDTLS_ERR_CIPHER_FEATURE_UNAVAILABLE on an
+ *                      unsupported mode for a cipher or a cipher specific
+ *                      error code.
+ *
+ * \note                If the underlying cipher is GCM, all calls to this
+ *                      function, except the last one before mbedtls_cipher_finish(),
+ *                      must have ilen a multiple of the block size.
+ */
+int mbedtls_cipher_update( mbedtls_cipher_context_t *ctx, const unsigned char *input,
+                   size_t ilen, unsigned char *output, size_t *olen );
+
+/**
+ * \brief               Generic cipher finalisation function. If data still
+ *                      needs to be flushed from an incomplete block, data
+ *                      contained within it will be padded with the size of
+ *                      the last block, and written to the output buffer.
+ *
+ * \param ctx           Generic cipher context
+ * \param output        buffer to write data to. Needs block_size available.
+ * \param olen          length of the data written to the output buffer.
+ *
+ * \returns             0 on success, MBEDTLS_ERR_CIPHER_BAD_INPUT_DATA if
+ *                      parameter verification fails,
+ *                      MBEDTLS_ERR_CIPHER_FULL_BLOCK_EXPECTED if decryption
+ *                      expected a full block but was not provided one,
+ *                      MBEDTLS_ERR_CIPHER_INVALID_PADDING on invalid padding
+ *                      while decrypting or a cipher specific error code.
+ */
+int mbedtls_cipher_finish( mbedtls_cipher_context_t *ctx,
+                   unsigned char *output, size_t *olen );
+
+#if defined(MBEDTLS_GCM_C)
+/**
+ * \brief               Write tag for AEAD ciphers.
+ *                      Currently only supported with GCM.
+ *                      Must be called after mbedtls_cipher_finish().
+ *
+ * \param ctx           Generic cipher context
+ * \param tag           buffer to write the tag
+ * \param tag_len       Length of the tag to write
+ *
+ * \return              0 on success, or a specific error code.
+ */
+int mbedtls_cipher_write_tag( mbedtls_cipher_context_t *ctx,
+                      unsigned char *tag, size_t tag_len );
+
+/**
+ * \brief               Check tag for AEAD ciphers.
+ *                      Currently only supported with GCM.
+ *                      Must be called after mbedtls_cipher_finish().
+ *
+ * \param ctx           Generic cipher context
+ * \param tag           Buffer holding the tag
+ * \param tag_len       Length of the tag to check
+ *
+ * \return              0 on success, or a specific error code.
+ */
+int mbedtls_cipher_check_tag( mbedtls_cipher_context_t *ctx,
+                      const unsigned char *tag, size_t tag_len );
+#endif /* MBEDTLS_GCM_C */
+
+/**
+ * \brief               Generic all-in-one encryption/decryption
+ *                      (for all ciphers except AEAD constructs).
+ *
+ * \param ctx           generic cipher context
+ * \param iv            IV to use (or NONCE_COUNTER for CTR-mode ciphers)
+ * \param iv_len        IV length for ciphers with variable-size IV;
+ *                      discarded by ciphers with fixed-size IV.
+ * \param input         buffer holding the input data
+ * \param ilen          length of the input data
+ * \param output        buffer for the output data. Should be able to hold at
+ *                      least ilen + block_size. Cannot be the same buffer as
+ *                      input!
+ * \param olen          length of the output data, will be filled with the
+ *                      actual number of bytes written.
+ *
+ * \note                Some ciphers don't use IVs nor NONCE. For these
+ *                      ciphers, use iv = NULL and iv_len = 0.
+ *
+ * \returns             0 on success, or
+ *                      MBEDTLS_ERR_CIPHER_BAD_INPUT_DATA, or
+ *                      MBEDTLS_ERR_CIPHER_FULL_BLOCK_EXPECTED if decryption
+ *                      expected a full block but was not provided one, or
+ *                      MBEDTLS_ERR_CIPHER_INVALID_PADDING on invalid padding
+ *                      while decrypting, or
+ *                      a cipher specific error code.
+ */
+int mbedtls_cipher_crypt( mbedtls_cipher_context_t *ctx,
+                  const unsigned char *iv, size_t iv_len,
+                  const unsigned char *input, size_t ilen,
+                  unsigned char *output, size_t *olen );
+
+#if defined(MBEDTLS_CIPHER_MODE_AEAD)
+/**
+ * \brief               Generic autenticated encryption (AEAD ciphers).
+ *
+ * \param ctx           generic cipher context
+ * \param iv            IV to use (or NONCE_COUNTER for CTR-mode ciphers)
+ * \param iv_len        IV length for ciphers with variable-size IV;
+ *                      discarded by ciphers with fixed-size IV.
+ * \param ad            Additional data to authenticate.
+ * \param ad_len        Length of ad.
+ * \param input         buffer holding the input data
+ * \param ilen          length of the input data
+ * \param output        buffer for the output data.
+ *                      Should be able to hold at least ilen.
+ * \param olen          length of the output data, will be filled with the
+ *                      actual number of bytes written.
+ * \param tag           buffer for the authentication tag
+ * \param tag_len       desired tag length
+ *
+ * \returns             0 on success, or
+ *                      MBEDTLS_ERR_CIPHER_BAD_INPUT_DATA, or
+ *                      a cipher specific error code.
+ */
+int mbedtls_cipher_auth_encrypt( mbedtls_cipher_context_t *ctx,
+                         const unsigned char *iv, size_t iv_len,
+                         const unsigned char *ad, size_t ad_len,
+                         const unsigned char *input, size_t ilen,
+                         unsigned char *output, size_t *olen,
+                         unsigned char *tag, size_t tag_len );
+
+/**
+ * \brief               Generic autenticated decryption (AEAD ciphers).
+ *
+ * \param ctx           generic cipher context
+ * \param iv            IV to use (or NONCE_COUNTER for CTR-mode ciphers)
+ * \param iv_len        IV length for ciphers with variable-size IV;
+ *                      discarded by ciphers with fixed-size IV.
+ * \param ad            Additional data to be authenticated.
+ * \param ad_len        Length of ad.
+ * \param input         buffer holding the input data
+ * \param ilen          length of the input data
+ * \param output        buffer for the output data.
+ *                      Should be able to hold at least ilen.
+ * \param olen          length of the output data, will be filled with the
+ *                      actual number of bytes written.
+ * \param tag           buffer holding the authentication tag
+ * \param tag_len       length of the authentication tag
+ *
+ * \returns             0 on success, or
+ *                      MBEDTLS_ERR_CIPHER_BAD_INPUT_DATA, or
+ *                      MBEDTLS_ERR_CIPHER_AUTH_FAILED if data isn't authentic,
+ *                      or a cipher specific error code.
+ *
+ * \note                If the data is not authentic, then the output buffer
+ *                      is zeroed out to prevent the unauthentic plaintext to
+ *                      be used by mistake, making this interface safer.
+ */
+int mbedtls_cipher_auth_decrypt( mbedtls_cipher_context_t *ctx,
+                         const unsigned char *iv, size_t iv_len,
+                         const unsigned char *ad, size_t ad_len,
+                         const unsigned char *input, size_t ilen,
+                         unsigned char *output, size_t *olen,
+                         const unsigned char *tag, size_t tag_len );
+#endif /* MBEDTLS_CIPHER_MODE_AEAD */
+
+#ifdef __cplusplus
+}
+#endif
+
+#endif /* MBEDTLS_CIPHER_H */
diff --git a/client/3rd/ShadowSocks/ShadowSocks/mbedtls/include/cipher_internal.h b/client/3rd/ShadowSocks/ShadowSocks/mbedtls/include/cipher_internal.h
new file mode 100644
index 00000000..6c58bcc5
--- /dev/null
+++ b/client/3rd/ShadowSocks/ShadowSocks/mbedtls/include/cipher_internal.h
@@ -0,0 +1,109 @@
+/**
+ * \file cipher_internal.h
+ *
+ * \brief Cipher wrappers.
+ *
+ * \author Adriaan de Jong <dejong@fox-it.com>
+ *
+ *  Copyright (C) 2006-2015, ARM Limited, All Rights Reserved
+ *  SPDX-License-Identifier: Apache-2.0
+ *
+ *  Licensed under the Apache License, Version 2.0 (the "License"); you may
+ *  not use this file except in compliance with the License.
+ *  You may obtain a copy of the License at
+ *
+ *  http://www.apache.org/licenses/LICENSE-2.0
+ *
+ *  Unless required by applicable law or agreed to in writing, software
+ *  distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
+ *  WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ *  See the License for the specific language governing permissions and
+ *  limitations under the License.
+ *
+ *  This file is part of mbed TLS (https://tls.mbed.org)
+ */
+#ifndef MBEDTLS_CIPHER_WRAP_H
+#define MBEDTLS_CIPHER_WRAP_H
+
+#if !defined(MBEDTLS_CONFIG_FILE)
+#include "config.h"
+#else
+#include MBEDTLS_CONFIG_FILE
+#endif
+
+#include "cipher.h"
+
+#ifdef __cplusplus
+extern "C" {
+#endif
+
+/**
+ * Base cipher information. The non-mode specific functions and values.
+ */
+struct mbedtls_cipher_base_t
+{
+    /** Base Cipher type (e.g. MBEDTLS_CIPHER_ID_AES) */
+    mbedtls_cipher_id_t cipher;
+
+    /** Encrypt using ECB */
+    int (*ecb_func)( void *ctx, mbedtls_operation_t mode,
+                     const unsigned char *input, unsigned char *output );
+
+#if defined(MBEDTLS_CIPHER_MODE_CBC)
+    /** Encrypt using CBC */
+    int (*cbc_func)( void *ctx, mbedtls_operation_t mode, size_t length,
+                     unsigned char *iv, const unsigned char *input,
+                     unsigned char *output );
+#endif
+
+#if defined(MBEDTLS_CIPHER_MODE_CFB)
+    /** Encrypt using CFB (Full length) */
+    int (*cfb_func)( void *ctx, mbedtls_operation_t mode, size_t length, size_t *iv_off,
+                     unsigned char *iv, const unsigned char *input,
+                     unsigned char *output );
+#endif
+
+#if defined(MBEDTLS_CIPHER_MODE_CTR)
+    /** Encrypt using CTR */
+    int (*ctr_func)( void *ctx, size_t length, size_t *nc_off,
+                     unsigned char *nonce_counter, unsigned char *stream_block,
+                     const unsigned char *input, unsigned char *output );
+#endif
+
+#if defined(MBEDTLS_CIPHER_MODE_STREAM)
+    /** Encrypt using STREAM */
+    int (*stream_func)( void *ctx, size_t length,
+                        const unsigned char *input, unsigned char *output );
+#endif
+
+    /** Set key for encryption purposes */
+    int (*setkey_enc_func)( void *ctx, const unsigned char *key,
+                            unsigned int key_bitlen );
+
+    /** Set key for decryption purposes */
+    int (*setkey_dec_func)( void *ctx, const unsigned char *key,
+                            unsigned int key_bitlen);
+
+    /** Allocate a new context */
+    void * (*ctx_alloc_func)( void );
+
+    /** Free the given context */
+    void (*ctx_free_func)( void *ctx );
+
+};
+
+typedef struct
+{
+    mbedtls_cipher_type_t type;
+    const mbedtls_cipher_info_t *info;
+} mbedtls_cipher_definition_t;
+
+extern const mbedtls_cipher_definition_t mbedtls_cipher_definitions[];
+
+extern int mbedtls_cipher_supported[];
+
+#ifdef __cplusplus
+}
+#endif
+
+#endif /* MBEDTLS_CIPHER_WRAP_H */
diff --git a/client/3rd/ShadowSocks/ShadowSocks/mbedtls/include/compat-1.3.h b/client/3rd/ShadowSocks/ShadowSocks/mbedtls/include/compat-1.3.h
new file mode 100644
index 00000000..1ddfff8c
--- /dev/null
+++ b/client/3rd/ShadowSocks/ShadowSocks/mbedtls/include/compat-1.3.h
@@ -0,0 +1,2633 @@
+/**
+ * \file config.h
+ *
+ * \brief Compatibility names (set of defines)
+ *
+ * \deprecated Use the new names directly instead
+ *
+ *  Copyright (C) 2006-2015, ARM Limited, All Rights Reserved
+ *  SPDX-License-Identifier: Apache-2.0
+ *
+ *  Licensed under the Apache License, Version 2.0 (the "License"); you may
+ *  not use this file except in compliance with the License.
+ *  You may obtain a copy of the License at
+ *
+ *  http://www.apache.org/licenses/LICENSE-2.0
+ *
+ *  Unless required by applicable law or agreed to in writing, software
+ *  distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
+ *  WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ *  See the License for the specific language governing permissions and
+ *  limitations under the License.
+ *
+ *  This file is part of mbed TLS (https://tls.mbed.org)
+ */
+
+#if ! defined(MBEDTLS_DEPRECATED_REMOVED)
+
+#if defined(MBEDTLS_DEPRECATED_WARNING)
+#warning "Including compat-1.3.h is deprecated"
+#endif
+
+#ifndef MBEDTLS_COMPAT13_H
+#define MBEDTLS_COMPAT13_H
+
+/*
+ * config.h options
+ */
+#if defined MBEDTLS_AESNI_C
+#define POLARSSL_AESNI_C MBEDTLS_AESNI_C
+#endif
+#if defined MBEDTLS_AES_ALT
+#define POLARSSL_AES_ALT MBEDTLS_AES_ALT
+#endif
+#if defined MBEDTLS_AES_C
+#define POLARSSL_AES_C MBEDTLS_AES_C
+#endif
+#if defined MBEDTLS_AES_ROM_TABLES
+#define POLARSSL_AES_ROM_TABLES MBEDTLS_AES_ROM_TABLES
+#endif
+#if defined MBEDTLS_ARC4_ALT
+#define POLARSSL_ARC4_ALT MBEDTLS_ARC4_ALT
+#endif
+#if defined MBEDTLS_ARC4_C
+#define POLARSSL_ARC4_C MBEDTLS_ARC4_C
+#endif
+#if defined MBEDTLS_ASN1_PARSE_C
+#define POLARSSL_ASN1_PARSE_C MBEDTLS_ASN1_PARSE_C
+#endif
+#if defined MBEDTLS_ASN1_WRITE_C
+#define POLARSSL_ASN1_WRITE_C MBEDTLS_ASN1_WRITE_C
+#endif
+#if defined MBEDTLS_BASE64_C
+#define POLARSSL_BASE64_C MBEDTLS_BASE64_C
+#endif
+#if defined MBEDTLS_BIGNUM_C
+#define POLARSSL_BIGNUM_C MBEDTLS_BIGNUM_C
+#endif
+#if defined MBEDTLS_BLOWFISH_ALT
+#define POLARSSL_BLOWFISH_ALT MBEDTLS_BLOWFISH_ALT
+#endif
+#if defined MBEDTLS_BLOWFISH_C
+#define POLARSSL_BLOWFISH_C MBEDTLS_BLOWFISH_C
+#endif
+#if defined MBEDTLS_CAMELLIA_ALT
+#define POLARSSL_CAMELLIA_ALT MBEDTLS_CAMELLIA_ALT
+#endif
+#if defined MBEDTLS_CAMELLIA_C
+#define POLARSSL_CAMELLIA_C MBEDTLS_CAMELLIA_C
+#endif
+#if defined MBEDTLS_CAMELLIA_SMALL_MEMORY
+#define POLARSSL_CAMELLIA_SMALL_MEMORY MBEDTLS_CAMELLIA_SMALL_MEMORY
+#endif
+#if defined MBEDTLS_CCM_C
+#define POLARSSL_CCM_C MBEDTLS_CCM_C
+#endif
+#if defined MBEDTLS_CERTS_C
+#define POLARSSL_CERTS_C MBEDTLS_CERTS_C
+#endif
+#if defined MBEDTLS_CIPHER_C
+#define POLARSSL_CIPHER_C MBEDTLS_CIPHER_C
+#endif
+#if defined MBEDTLS_CIPHER_MODE_CBC
+#define POLARSSL_CIPHER_MODE_CBC MBEDTLS_CIPHER_MODE_CBC
+#endif
+#if defined MBEDTLS_CIPHER_MODE_CFB
+#define POLARSSL_CIPHER_MODE_CFB MBEDTLS_CIPHER_MODE_CFB
+#endif
+#if defined MBEDTLS_CIPHER_MODE_CTR
+#define POLARSSL_CIPHER_MODE_CTR MBEDTLS_CIPHER_MODE_CTR
+#endif
+#if defined MBEDTLS_CIPHER_NULL_CIPHER
+#define POLARSSL_CIPHER_NULL_CIPHER MBEDTLS_CIPHER_NULL_CIPHER
+#endif
+#if defined MBEDTLS_CIPHER_PADDING_ONE_AND_ZEROS
+#define POLARSSL_CIPHER_PADDING_ONE_AND_ZEROS MBEDTLS_CIPHER_PADDING_ONE_AND_ZEROS
+#endif
+#if defined MBEDTLS_CIPHER_PADDING_PKCS7
+#define POLARSSL_CIPHER_PADDING_PKCS7 MBEDTLS_CIPHER_PADDING_PKCS7
+#endif
+#if defined MBEDTLS_CIPHER_PADDING_ZEROS
+#define POLARSSL_CIPHER_PADDING_ZEROS MBEDTLS_CIPHER_PADDING_ZEROS
+#endif
+#if defined MBEDTLS_CIPHER_PADDING_ZEROS_AND_LEN
+#define POLARSSL_CIPHER_PADDING_ZEROS_AND_LEN MBEDTLS_CIPHER_PADDING_ZEROS_AND_LEN
+#endif
+#if defined MBEDTLS_CTR_DRBG_C
+#define POLARSSL_CTR_DRBG_C MBEDTLS_CTR_DRBG_C
+#endif
+#if defined MBEDTLS_DEBUG_C
+#define POLARSSL_DEBUG_C MBEDTLS_DEBUG_C
+#endif
+#if defined MBEDTLS_DEPRECATED_REMOVED
+#define POLARSSL_DEPRECATED_REMOVED MBEDTLS_DEPRECATED_REMOVED
+#endif
+#if defined MBEDTLS_DEPRECATED_WARNING
+#define POLARSSL_DEPRECATED_WARNING MBEDTLS_DEPRECATED_WARNING
+#endif
+#if defined MBEDTLS_DES_ALT
+#define POLARSSL_DES_ALT MBEDTLS_DES_ALT
+#endif
+#if defined MBEDTLS_DES_C
+#define POLARSSL_DES_C MBEDTLS_DES_C
+#endif
+#if defined MBEDTLS_DHM_C
+#define POLARSSL_DHM_C MBEDTLS_DHM_C
+#endif
+#if defined MBEDTLS_ECDH_C
+#define POLARSSL_ECDH_C MBEDTLS_ECDH_C
+#endif
+#if defined MBEDTLS_ECDSA_C
+#define POLARSSL_ECDSA_C MBEDTLS_ECDSA_C
+#endif
+#if defined MBEDTLS_ECDSA_DETERMINISTIC
+#define POLARSSL_ECDSA_DETERMINISTIC MBEDTLS_ECDSA_DETERMINISTIC
+#endif
+#if defined MBEDTLS_ECP_C
+#define POLARSSL_ECP_C MBEDTLS_ECP_C
+#endif
+#if defined MBEDTLS_ECP_DP_BP256R1_ENABLED
+#define POLARSSL_ECP_DP_BP256R1_ENABLED MBEDTLS_ECP_DP_BP256R1_ENABLED
+#endif
+#if defined MBEDTLS_ECP_DP_BP384R1_ENABLED
+#define POLARSSL_ECP_DP_BP384R1_ENABLED MBEDTLS_ECP_DP_BP384R1_ENABLED
+#endif
+#if defined MBEDTLS_ECP_DP_BP512R1_ENABLED
+#define POLARSSL_ECP_DP_BP512R1_ENABLED MBEDTLS_ECP_DP_BP512R1_ENABLED
+#endif
+#if defined MBEDTLS_ECP_DP_CURVE25519_ENABLED
+#define POLARSSL_ECP_DP_M255_ENABLED MBEDTLS_ECP_DP_CURVE25519_ENABLED
+#endif
+#if defined MBEDTLS_ECP_DP_SECP192K1_ENABLED
+#define POLARSSL_ECP_DP_SECP192K1_ENABLED MBEDTLS_ECP_DP_SECP192K1_ENABLED
+#endif
+#if defined MBEDTLS_ECP_DP_SECP192R1_ENABLED
+#define POLARSSL_ECP_DP_SECP192R1_ENABLED MBEDTLS_ECP_DP_SECP192R1_ENABLED
+#endif
+#if defined MBEDTLS_ECP_DP_SECP224K1_ENABLED
+#define POLARSSL_ECP_DP_SECP224K1_ENABLED MBEDTLS_ECP_DP_SECP224K1_ENABLED
+#endif
+#if defined MBEDTLS_ECP_DP_SECP224R1_ENABLED
+#define POLARSSL_ECP_DP_SECP224R1_ENABLED MBEDTLS_ECP_DP_SECP224R1_ENABLED
+#endif
+#if defined MBEDTLS_ECP_DP_SECP256K1_ENABLED
+#define POLARSSL_ECP_DP_SECP256K1_ENABLED MBEDTLS_ECP_DP_SECP256K1_ENABLED
+#endif
+#if defined MBEDTLS_ECP_DP_SECP256R1_ENABLED
+#define POLARSSL_ECP_DP_SECP256R1_ENABLED MBEDTLS_ECP_DP_SECP256R1_ENABLED
+#endif
+#if defined MBEDTLS_ECP_DP_SECP384R1_ENABLED
+#define POLARSSL_ECP_DP_SECP384R1_ENABLED MBEDTLS_ECP_DP_SECP384R1_ENABLED
+#endif
+#if defined MBEDTLS_ECP_DP_SECP521R1_ENABLED
+#define POLARSSL_ECP_DP_SECP521R1_ENABLED MBEDTLS_ECP_DP_SECP521R1_ENABLED
+#endif
+#if defined MBEDTLS_ECP_FIXED_POINT_OPTIM
+#define POLARSSL_ECP_FIXED_POINT_OPTIM MBEDTLS_ECP_FIXED_POINT_OPTIM
+#endif
+#if defined MBEDTLS_ECP_MAX_BITS
+#define POLARSSL_ECP_MAX_BITS MBEDTLS_ECP_MAX_BITS
+#endif
+#if defined MBEDTLS_ECP_NIST_OPTIM
+#define POLARSSL_ECP_NIST_OPTIM MBEDTLS_ECP_NIST_OPTIM
+#endif
+#if defined MBEDTLS_ECP_WINDOW_SIZE
+#define POLARSSL_ECP_WINDOW_SIZE MBEDTLS_ECP_WINDOW_SIZE
+#endif
+#if defined MBEDTLS_ENABLE_WEAK_CIPHERSUITES
+#define POLARSSL_ENABLE_WEAK_CIPHERSUITES MBEDTLS_ENABLE_WEAK_CIPHERSUITES
+#endif
+#if defined MBEDTLS_ENTROPY_C
+#define POLARSSL_ENTROPY_C MBEDTLS_ENTROPY_C
+#endif
+#if defined MBEDTLS_ENTROPY_FORCE_SHA256
+#define POLARSSL_ENTROPY_FORCE_SHA256 MBEDTLS_ENTROPY_FORCE_SHA256
+#endif
+#if defined MBEDTLS_ERROR_C
+#define POLARSSL_ERROR_C MBEDTLS_ERROR_C
+#endif
+#if defined MBEDTLS_ERROR_STRERROR_BC
+#define POLARSSL_ERROR_STRERROR_BC MBEDTLS_ERROR_STRERROR_BC
+#endif
+#if defined MBEDTLS_ERROR_STRERROR_DUMMY
+#define POLARSSL_ERROR_STRERROR_DUMMY MBEDTLS_ERROR_STRERROR_DUMMY
+#endif
+#if defined MBEDTLS_FS_IO
+#define POLARSSL_FS_IO MBEDTLS_FS_IO
+#endif
+#if defined MBEDTLS_GCM_C
+#define POLARSSL_GCM_C MBEDTLS_GCM_C
+#endif
+#if defined MBEDTLS_GENPRIME
+#define POLARSSL_GENPRIME MBEDTLS_GENPRIME
+#endif
+#if defined MBEDTLS_HAVEGE_C
+#define POLARSSL_HAVEGE_C MBEDTLS_HAVEGE_C
+#endif
+#if defined MBEDTLS_HAVE_ASM
+#define POLARSSL_HAVE_ASM MBEDTLS_HAVE_ASM
+#endif
+#if defined MBEDTLS_HAVE_SSE2
+#define POLARSSL_HAVE_SSE2 MBEDTLS_HAVE_SSE2
+#endif
+#if defined MBEDTLS_HAVE_TIME
+#define POLARSSL_HAVE_TIME MBEDTLS_HAVE_TIME
+#endif
+#if defined MBEDTLS_HMAC_DRBG_C
+#define POLARSSL_HMAC_DRBG_C MBEDTLS_HMAC_DRBG_C
+#endif
+#if defined MBEDTLS_HMAC_DRBG_MAX_INPUT
+#define POLARSSL_HMAC_DRBG_MAX_INPUT MBEDTLS_HMAC_DRBG_MAX_INPUT
+#endif
+#if defined MBEDTLS_HMAC_DRBG_MAX_REQUEST
+#define POLARSSL_HMAC_DRBG_MAX_REQUEST MBEDTLS_HMAC_DRBG_MAX_REQUEST
+#endif
+#if defined MBEDTLS_HMAC_DRBG_MAX_SEED_INPUT
+#define POLARSSL_HMAC_DRBG_MAX_SEED_INPUT MBEDTLS_HMAC_DRBG_MAX_SEED_INPUT
+#endif
+#if defined MBEDTLS_HMAC_DRBG_RESEED_INTERVAL
+#define POLARSSL_HMAC_DRBG_RESEED_INTERVAL MBEDTLS_HMAC_DRBG_RESEED_INTERVAL
+#endif
+#if defined MBEDTLS_KEY_EXCHANGE_DHE_PSK_ENABLED
+#define POLARSSL_KEY_EXCHANGE_DHE_PSK_ENABLED MBEDTLS_KEY_EXCHANGE_DHE_PSK_ENABLED
+#endif
+#if defined MBEDTLS_KEY_EXCHANGE_DHE_RSA_ENABLED
+#define POLARSSL_KEY_EXCHANGE_DHE_RSA_ENABLED MBEDTLS_KEY_EXCHANGE_DHE_RSA_ENABLED
+#endif
+#if defined MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA_ENABLED
+#define POLARSSL_KEY_EXCHANGE_ECDHE_ECDSA_ENABLED MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA_ENABLED
+#endif
+#if defined MBEDTLS_KEY_EXCHANGE_ECDHE_PSK_ENABLED
+#define POLARSSL_KEY_EXCHANGE_ECDHE_PSK_ENABLED MBEDTLS_KEY_EXCHANGE_ECDHE_PSK_ENABLED
+#endif
+#if defined MBEDTLS_KEY_EXCHANGE_ECDHE_RSA_ENABLED
+#define POLARSSL_KEY_EXCHANGE_ECDHE_RSA_ENABLED MBEDTLS_KEY_EXCHANGE_ECDHE_RSA_ENABLED
+#endif
+#if defined MBEDTLS_KEY_EXCHANGE_ECDH_ECDSA_ENABLED
+#define POLARSSL_KEY_EXCHANGE_ECDH_ECDSA_ENABLED MBEDTLS_KEY_EXCHANGE_ECDH_ECDSA_ENABLED
+#endif
+#if defined MBEDTLS_KEY_EXCHANGE_ECDH_RSA_ENABLED
+#define POLARSSL_KEY_EXCHANGE_ECDH_RSA_ENABLED MBEDTLS_KEY_EXCHANGE_ECDH_RSA_ENABLED
+#endif
+#if defined MBEDTLS_KEY_EXCHANGE_PSK_ENABLED
+#define POLARSSL_KEY_EXCHANGE_PSK_ENABLED MBEDTLS_KEY_EXCHANGE_PSK_ENABLED
+#endif
+#if defined MBEDTLS_KEY_EXCHANGE_RSA_ENABLED
+#define POLARSSL_KEY_EXCHANGE_RSA_ENABLED MBEDTLS_KEY_EXCHANGE_RSA_ENABLED
+#endif
+#if defined MBEDTLS_KEY_EXCHANGE_RSA_PSK_ENABLED
+#define POLARSSL_KEY_EXCHANGE_RSA_PSK_ENABLED MBEDTLS_KEY_EXCHANGE_RSA_PSK_ENABLED
+#endif
+#if defined MBEDTLS_MD2_ALT
+#define POLARSSL_MD2_ALT MBEDTLS_MD2_ALT
+#endif
+#if defined MBEDTLS_MD2_C
+#define POLARSSL_MD2_C MBEDTLS_MD2_C
+#endif
+#if defined MBEDTLS_MD2_PROCESS_ALT
+#define POLARSSL_MD2_PROCESS_ALT MBEDTLS_MD2_PROCESS_ALT
+#endif
+#if defined MBEDTLS_MD4_ALT
+#define POLARSSL_MD4_ALT MBEDTLS_MD4_ALT
+#endif
+#if defined MBEDTLS_MD4_C
+#define POLARSSL_MD4_C MBEDTLS_MD4_C
+#endif
+#if defined MBEDTLS_MD4_PROCESS_ALT
+#define POLARSSL_MD4_PROCESS_ALT MBEDTLS_MD4_PROCESS_ALT
+#endif
+#if defined MBEDTLS_MD5_ALT
+#define POLARSSL_MD5_ALT MBEDTLS_MD5_ALT
+#endif
+#if defined MBEDTLS_MD5_C
+#define POLARSSL_MD5_C MBEDTLS_MD5_C
+#endif
+#if defined MBEDTLS_MD5_PROCESS_ALT
+#define POLARSSL_MD5_PROCESS_ALT MBEDTLS_MD5_PROCESS_ALT
+#endif
+#if defined MBEDTLS_MD_C
+#define POLARSSL_MD_C MBEDTLS_MD_C
+#endif
+#if defined MBEDTLS_MEMORY_ALIGN_MULTIPLE
+#define POLARSSL_MEMORY_ALIGN_MULTIPLE MBEDTLS_MEMORY_ALIGN_MULTIPLE
+#endif
+#if defined MBEDTLS_MEMORY_BACKTRACE
+#define POLARSSL_MEMORY_BACKTRACE MBEDTLS_MEMORY_BACKTRACE
+#endif
+#if defined MBEDTLS_MEMORY_BUFFER_ALLOC_C
+#define POLARSSL_MEMORY_BUFFER_ALLOC_C MBEDTLS_MEMORY_BUFFER_ALLOC_C
+#endif
+#if defined MBEDTLS_MEMORY_C
+#define POLARSSL_MEMORY_C MBEDTLS_MEMORY_C
+#endif
+#if defined MBEDTLS_MEMORY_DEBUG
+#define POLARSSL_MEMORY_DEBUG MBEDTLS_MEMORY_DEBUG
+#endif
+#if defined MBEDTLS_MPI_MAX_SIZE
+#define POLARSSL_MPI_MAX_SIZE MBEDTLS_MPI_MAX_SIZE
+#endif
+#if defined MBEDTLS_MPI_WINDOW_SIZE
+#define POLARSSL_MPI_WINDOW_SIZE MBEDTLS_MPI_WINDOW_SIZE
+#endif
+#if defined MBEDTLS_NET_C
+#define POLARSSL_NET_C MBEDTLS_NET_C
+#endif
+#if defined MBEDTLS_NO_DEFAULT_ENTROPY_SOURCES
+#define POLARSSL_NO_DEFAULT_ENTROPY_SOURCES MBEDTLS_NO_DEFAULT_ENTROPY_SOURCES
+#endif
+#if defined MBEDTLS_NO_PLATFORM_ENTROPY
+#define POLARSSL_NO_PLATFORM_ENTROPY MBEDTLS_NO_PLATFORM_ENTROPY
+#endif
+#if defined MBEDTLS_OID_C
+#define POLARSSL_OID_C MBEDTLS_OID_C
+#endif
+#if defined MBEDTLS_PADLOCK_C
+#define POLARSSL_PADLOCK_C MBEDTLS_PADLOCK_C
+#endif
+#if defined MBEDTLS_PBKDF2_C
+#define POLARSSL_PBKDF2_C MBEDTLS_PBKDF2_C
+#endif
+#if defined MBEDTLS_PEM_PARSE_C
+#define POLARSSL_PEM_PARSE_C MBEDTLS_PEM_PARSE_C
+#endif
+#if defined MBEDTLS_PEM_WRITE_C
+#define POLARSSL_PEM_WRITE_C MBEDTLS_PEM_WRITE_C
+#endif
+#if defined MBEDTLS_PKCS11_C
+#define POLARSSL_PKCS11_C MBEDTLS_PKCS11_C
+#endif
+#if defined MBEDTLS_PKCS12_C
+#define POLARSSL_PKCS12_C MBEDTLS_PKCS12_C
+#endif
+#if defined MBEDTLS_PKCS1_V15
+#define POLARSSL_PKCS1_V15 MBEDTLS_PKCS1_V15
+#endif
+#if defined MBEDTLS_PKCS1_V21
+#define POLARSSL_PKCS1_V21 MBEDTLS_PKCS1_V21
+#endif
+#if defined MBEDTLS_PKCS5_C
+#define POLARSSL_PKCS5_C MBEDTLS_PKCS5_C
+#endif
+#if defined MBEDTLS_PK_C
+#define POLARSSL_PK_C MBEDTLS_PK_C
+#endif
+#if defined MBEDTLS_PK_PARSE_C
+#define POLARSSL_PK_PARSE_C MBEDTLS_PK_PARSE_C
+#endif
+#if defined MBEDTLS_PK_PARSE_EC_EXTENDED
+#define POLARSSL_PK_PARSE_EC_EXTENDED MBEDTLS_PK_PARSE_EC_EXTENDED
+#endif
+#if defined MBEDTLS_PK_RSA_ALT_SUPPORT
+#define POLARSSL_PK_RSA_ALT_SUPPORT MBEDTLS_PK_RSA_ALT_SUPPORT
+#endif
+#if defined MBEDTLS_PK_WRITE_C
+#define POLARSSL_PK_WRITE_C MBEDTLS_PK_WRITE_C
+#endif
+#if defined MBEDTLS_PLATFORM_C
+#define POLARSSL_PLATFORM_C MBEDTLS_PLATFORM_C
+#endif
+#if defined MBEDTLS_PLATFORM_EXIT_ALT
+#define POLARSSL_PLATFORM_EXIT_ALT MBEDTLS_PLATFORM_EXIT_ALT
+#endif
+#if defined MBEDTLS_PLATFORM_EXIT_MACRO
+#define POLARSSL_PLATFORM_EXIT_MACRO MBEDTLS_PLATFORM_EXIT_MACRO
+#endif
+#if defined MBEDTLS_PLATFORM_FPRINTF_ALT
+#define POLARSSL_PLATFORM_FPRINTF_ALT MBEDTLS_PLATFORM_FPRINTF_ALT
+#endif
+#if defined MBEDTLS_PLATFORM_FPRINTF_MACRO
+#define POLARSSL_PLATFORM_FPRINTF_MACRO MBEDTLS_PLATFORM_FPRINTF_MACRO
+#endif
+#if defined MBEDTLS_PLATFORM_FREE_MACRO
+#define POLARSSL_PLATFORM_FREE_MACRO MBEDTLS_PLATFORM_FREE_MACRO
+#endif
+#if defined MBEDTLS_PLATFORM_MEMORY
+#define POLARSSL_PLATFORM_MEMORY MBEDTLS_PLATFORM_MEMORY
+#endif
+#if defined MBEDTLS_PLATFORM_NO_STD_FUNCTIONS
+#define POLARSSL_PLATFORM_NO_STD_FUNCTIONS MBEDTLS_PLATFORM_NO_STD_FUNCTIONS
+#endif
+#if defined MBEDTLS_PLATFORM_PRINTF_ALT
+#define POLARSSL_PLATFORM_PRINTF_ALT MBEDTLS_PLATFORM_PRINTF_ALT
+#endif
+#if defined MBEDTLS_PLATFORM_PRINTF_MACRO
+#define POLARSSL_PLATFORM_PRINTF_MACRO MBEDTLS_PLATFORM_PRINTF_MACRO
+#endif
+#if defined MBEDTLS_PLATFORM_SNPRINTF_ALT
+#define POLARSSL_PLATFORM_SNPRINTF_ALT MBEDTLS_PLATFORM_SNPRINTF_ALT
+#endif
+#if defined MBEDTLS_PLATFORM_SNPRINTF_MACRO
+#define POLARSSL_PLATFORM_SNPRINTF_MACRO MBEDTLS_PLATFORM_SNPRINTF_MACRO
+#endif
+#if defined MBEDTLS_PLATFORM_STD_EXIT
+#define POLARSSL_PLATFORM_STD_EXIT MBEDTLS_PLATFORM_STD_EXIT
+#endif
+#if defined MBEDTLS_PLATFORM_STD_FPRINTF
+#define POLARSSL_PLATFORM_STD_FPRINTF MBEDTLS_PLATFORM_STD_FPRINTF
+#endif
+#if defined MBEDTLS_PLATFORM_STD_FREE
+#define POLARSSL_PLATFORM_STD_FREE MBEDTLS_PLATFORM_STD_FREE
+#endif
+#if defined MBEDTLS_PLATFORM_STD_MALLOC
+#define POLARSSL_PLATFORM_STD_MALLOC MBEDTLS_PLATFORM_STD_MALLOC
+#endif
+#if defined MBEDTLS_PLATFORM_STD_MEM_HDR
+#define POLARSSL_PLATFORM_STD_MEM_HDR MBEDTLS_PLATFORM_STD_MEM_HDR
+#endif
+#if defined MBEDTLS_PLATFORM_STD_PRINTF
+#define POLARSSL_PLATFORM_STD_PRINTF MBEDTLS_PLATFORM_STD_PRINTF
+#endif
+#if defined MBEDTLS_PLATFORM_STD_SNPRINTF
+#define POLARSSL_PLATFORM_STD_SNPRINTF MBEDTLS_PLATFORM_STD_SNPRINTF
+#endif
+#if defined MBEDTLS_PSK_MAX_LEN
+#define POLARSSL_PSK_MAX_LEN MBEDTLS_PSK_MAX_LEN
+#endif
+#if defined MBEDTLS_REMOVE_ARC4_CIPHERSUITES
+#define POLARSSL_REMOVE_ARC4_CIPHERSUITES MBEDTLS_REMOVE_ARC4_CIPHERSUITES
+#endif
+#if defined MBEDTLS_RIPEMD160_ALT
+#define POLARSSL_RIPEMD160_ALT MBEDTLS_RIPEMD160_ALT
+#endif
+#if defined MBEDTLS_RIPEMD160_C
+#define POLARSSL_RIPEMD160_C MBEDTLS_RIPEMD160_C
+#endif
+#if defined MBEDTLS_RIPEMD160_PROCESS_ALT
+#define POLARSSL_RIPEMD160_PROCESS_ALT MBEDTLS_RIPEMD160_PROCESS_ALT
+#endif
+#if defined MBEDTLS_RSA_C
+#define POLARSSL_RSA_C MBEDTLS_RSA_C
+#endif
+#if defined MBEDTLS_RSA_NO_CRT
+#define POLARSSL_RSA_NO_CRT MBEDTLS_RSA_NO_CRT
+#endif
+#if defined MBEDTLS_SELF_TEST
+#define POLARSSL_SELF_TEST MBEDTLS_SELF_TEST
+#endif
+#if defined MBEDTLS_SHA1_ALT
+#define POLARSSL_SHA1_ALT MBEDTLS_SHA1_ALT
+#endif
+#if defined MBEDTLS_SHA1_C
+#define POLARSSL_SHA1_C MBEDTLS_SHA1_C
+#endif
+#if defined MBEDTLS_SHA1_PROCESS_ALT
+#define POLARSSL_SHA1_PROCESS_ALT MBEDTLS_SHA1_PROCESS_ALT
+#endif
+#if defined MBEDTLS_SHA256_ALT
+#define POLARSSL_SHA256_ALT MBEDTLS_SHA256_ALT
+#endif
+#if defined MBEDTLS_SHA256_C
+#define POLARSSL_SHA256_C MBEDTLS_SHA256_C
+#endif
+#if defined MBEDTLS_SHA256_PROCESS_ALT
+#define POLARSSL_SHA256_PROCESS_ALT MBEDTLS_SHA256_PROCESS_ALT
+#endif
+#if defined MBEDTLS_SHA512_ALT
+#define POLARSSL_SHA512_ALT MBEDTLS_SHA512_ALT
+#endif
+#if defined MBEDTLS_SHA512_C
+#define POLARSSL_SHA512_C MBEDTLS_SHA512_C
+#endif
+#if defined MBEDTLS_SHA512_PROCESS_ALT
+#define POLARSSL_SHA512_PROCESS_ALT MBEDTLS_SHA512_PROCESS_ALT
+#endif
+#if defined MBEDTLS_SSL_AEAD_RANDOM_IV
+#define POLARSSL_SSL_AEAD_RANDOM_IV MBEDTLS_SSL_AEAD_RANDOM_IV
+#endif
+#if defined MBEDTLS_SSL_ALERT_MESSAGES
+#define POLARSSL_SSL_ALERT_MESSAGES MBEDTLS_SSL_ALERT_MESSAGES
+#endif
+#if defined MBEDTLS_SSL_ALL_ALERT_MESSAGES
+#define POLARSSL_SSL_ALL_ALERT_MESSAGES MBEDTLS_SSL_ALL_ALERT_MESSAGES
+#endif
+#if defined MBEDTLS_SSL_ALPN
+#define POLARSSL_SSL_ALPN MBEDTLS_SSL_ALPN
+#endif
+#if defined MBEDTLS_SSL_CACHE_C
+#define POLARSSL_SSL_CACHE_C MBEDTLS_SSL_CACHE_C
+#endif
+#if defined MBEDTLS_SSL_CBC_RECORD_SPLITTING
+#define POLARSSL_SSL_CBC_RECORD_SPLITTING MBEDTLS_SSL_CBC_RECORD_SPLITTING
+#endif
+#if defined MBEDTLS_SSL_CLI_C
+#define POLARSSL_SSL_CLI_C MBEDTLS_SSL_CLI_C
+#endif
+#if defined MBEDTLS_SSL_COOKIE_C
+#define POLARSSL_SSL_COOKIE_C MBEDTLS_SSL_COOKIE_C
+#endif
+#if defined MBEDTLS_SSL_COOKIE_TIMEOUT
+#define POLARSSL_SSL_COOKIE_TIMEOUT MBEDTLS_SSL_COOKIE_TIMEOUT
+#endif
+#if defined MBEDTLS_SSL_DEBUG_ALL
+#define POLARSSL_SSL_DEBUG_ALL MBEDTLS_SSL_DEBUG_ALL
+#endif
+#if defined MBEDTLS_SSL_DISABLE_RENEGOTIATION
+#define POLARSSL_SSL_DISABLE_RENEGOTIATION MBEDTLS_SSL_DISABLE_RENEGOTIATION
+#endif
+#if defined MBEDTLS_SSL_DTLS_ANTI_REPLAY
+#define POLARSSL_SSL_DTLS_ANTI_REPLAY MBEDTLS_SSL_DTLS_ANTI_REPLAY
+#endif
+#if defined MBEDTLS_SSL_DTLS_BADMAC_LIMIT
+#define POLARSSL_SSL_DTLS_BADMAC_LIMIT MBEDTLS_SSL_DTLS_BADMAC_LIMIT
+#endif
+#if defined MBEDTLS_SSL_DTLS_HELLO_VERIFY
+#define POLARSSL_SSL_DTLS_HELLO_VERIFY MBEDTLS_SSL_DTLS_HELLO_VERIFY
+#endif
+#if defined MBEDTLS_SSL_ENCRYPT_THEN_MAC
+#define POLARSSL_SSL_ENCRYPT_THEN_MAC MBEDTLS_SSL_ENCRYPT_THEN_MAC
+#endif
+#if defined MBEDTLS_SSL_EXTENDED_MASTER_SECRET
+#define POLARSSL_SSL_EXTENDED_MASTER_SECRET MBEDTLS_SSL_EXTENDED_MASTER_SECRET
+#endif
+#if defined MBEDTLS_SSL_FALLBACK_SCSV
+#define POLARSSL_SSL_FALLBACK_SCSV MBEDTLS_SSL_FALLBACK_SCSV
+#endif
+#if defined MBEDTLS_SSL_HW_RECORD_ACCEL
+#define POLARSSL_SSL_HW_RECORD_ACCEL MBEDTLS_SSL_HW_RECORD_ACCEL
+#endif
+#if defined MBEDTLS_SSL_MAX_FRAGMENT_LENGTH
+#define POLARSSL_SSL_MAX_FRAGMENT_LENGTH MBEDTLS_SSL_MAX_FRAGMENT_LENGTH
+#endif
+#if defined MBEDTLS_SSL_PROTO_DTLS
+#define POLARSSL_SSL_PROTO_DTLS MBEDTLS_SSL_PROTO_DTLS
+#endif
+#if defined MBEDTLS_SSL_PROTO_SSL3
+#define POLARSSL_SSL_PROTO_SSL3 MBEDTLS_SSL_PROTO_SSL3
+#endif
+#if defined MBEDTLS_SSL_PROTO_TLS1
+#define POLARSSL_SSL_PROTO_TLS1 MBEDTLS_SSL_PROTO_TLS1
+#endif
+#if defined MBEDTLS_SSL_PROTO_TLS1_1
+#define POLARSSL_SSL_PROTO_TLS1_1 MBEDTLS_SSL_PROTO_TLS1_1
+#endif
+#if defined MBEDTLS_SSL_PROTO_TLS1_2
+#define POLARSSL_SSL_PROTO_TLS1_2 MBEDTLS_SSL_PROTO_TLS1_2
+#endif
+#if defined MBEDTLS_SSL_RENEGOTIATION
+#define POLARSSL_SSL_RENEGOTIATION MBEDTLS_SSL_RENEGOTIATION
+#endif
+#if defined MBEDTLS_SSL_SERVER_NAME_INDICATION
+#define POLARSSL_SSL_SERVER_NAME_INDICATION MBEDTLS_SSL_SERVER_NAME_INDICATION
+#endif
+#if defined MBEDTLS_SSL_SESSION_TICKETS
+#define POLARSSL_SSL_SESSION_TICKETS MBEDTLS_SSL_SESSION_TICKETS
+#endif
+#if defined MBEDTLS_SSL_SRV_C
+#define POLARSSL_SSL_SRV_C MBEDTLS_SSL_SRV_C
+#endif
+#if defined MBEDTLS_SSL_SRV_RESPECT_CLIENT_PREFERENCE
+#define POLARSSL_SSL_SRV_RESPECT_CLIENT_PREFERENCE MBEDTLS_SSL_SRV_RESPECT_CLIENT_PREFERENCE
+#endif
+#if defined MBEDTLS_SSL_SRV_SUPPORT_SSLV2_CLIENT_HELLO
+#define POLARSSL_SSL_SRV_SUPPORT_SSLV2_CLIENT_HELLO MBEDTLS_SSL_SRV_SUPPORT_SSLV2_CLIENT_HELLO
+#endif
+#if defined MBEDTLS_SSL_TLS_C
+#define POLARSSL_SSL_TLS_C MBEDTLS_SSL_TLS_C
+#endif
+#if defined MBEDTLS_SSL_TRUNCATED_HMAC
+#define POLARSSL_SSL_TRUNCATED_HMAC MBEDTLS_SSL_TRUNCATED_HMAC
+#endif
+#if defined MBEDTLS_THREADING_ALT
+#define POLARSSL_THREADING_ALT MBEDTLS_THREADING_ALT
+#endif
+#if defined MBEDTLS_THREADING_C
+#define POLARSSL_THREADING_C MBEDTLS_THREADING_C
+#endif
+#if defined MBEDTLS_THREADING_PTHREAD
+#define POLARSSL_THREADING_PTHREAD MBEDTLS_THREADING_PTHREAD
+#endif
+#if defined MBEDTLS_TIMING_ALT
+#define POLARSSL_TIMING_ALT MBEDTLS_TIMING_ALT
+#endif
+#if defined MBEDTLS_TIMING_C
+#define POLARSSL_TIMING_C MBEDTLS_TIMING_C
+#endif
+#if defined MBEDTLS_VERSION_C
+#define POLARSSL_VERSION_C MBEDTLS_VERSION_C
+#endif
+#if defined MBEDTLS_VERSION_FEATURES
+#define POLARSSL_VERSION_FEATURES MBEDTLS_VERSION_FEATURES
+#endif
+#if defined MBEDTLS_X509_ALLOW_EXTENSIONS_NON_V3
+#define POLARSSL_X509_ALLOW_EXTENSIONS_NON_V3 MBEDTLS_X509_ALLOW_EXTENSIONS_NON_V3
+#endif
+#if defined MBEDTLS_X509_ALLOW_UNSUPPORTED_CRITICAL_EXTENSION
+#define POLARSSL_X509_ALLOW_UNSUPPORTED_CRITICAL_EXTENSION MBEDTLS_X509_ALLOW_UNSUPPORTED_CRITICAL_EXTENSION
+#endif
+#if defined MBEDTLS_X509_CHECK_EXTENDED_KEY_USAGE
+#define POLARSSL_X509_CHECK_EXTENDED_KEY_USAGE MBEDTLS_X509_CHECK_EXTENDED_KEY_USAGE
+#endif
+#if defined MBEDTLS_X509_CHECK_KEY_USAGE
+#define POLARSSL_X509_CHECK_KEY_USAGE MBEDTLS_X509_CHECK_KEY_USAGE
+#endif
+#if defined MBEDTLS_X509_CREATE_C
+#define POLARSSL_X509_CREATE_C MBEDTLS_X509_CREATE_C
+#endif
+#if defined MBEDTLS_X509_CRL_PARSE_C
+#define POLARSSL_X509_CRL_PARSE_C MBEDTLS_X509_CRL_PARSE_C
+#endif
+#if defined MBEDTLS_X509_CRT_PARSE_C
+#define POLARSSL_X509_CRT_PARSE_C MBEDTLS_X509_CRT_PARSE_C
+#endif
+#if defined MBEDTLS_X509_CRT_WRITE_C
+#define POLARSSL_X509_CRT_WRITE_C MBEDTLS_X509_CRT_WRITE_C
+#endif
+#if defined MBEDTLS_X509_CSR_PARSE_C
+#define POLARSSL_X509_CSR_PARSE_C MBEDTLS_X509_CSR_PARSE_C
+#endif
+#if defined MBEDTLS_X509_CSR_WRITE_C
+#define POLARSSL_X509_CSR_WRITE_C MBEDTLS_X509_CSR_WRITE_C
+#endif
+#if defined MBEDTLS_X509_MAX_INTERMEDIATE_CA
+#define POLARSSL_X509_MAX_INTERMEDIATE_CA MBEDTLS_X509_MAX_INTERMEDIATE_CA
+#endif
+#if defined MBEDTLS_X509_RSASSA_PSS_SUPPORT
+#define POLARSSL_X509_RSASSA_PSS_SUPPORT MBEDTLS_X509_RSASSA_PSS_SUPPORT
+#endif
+#if defined MBEDTLS_X509_USE_C
+#define POLARSSL_X509_USE_C MBEDTLS_X509_USE_C
+#endif
+#if defined MBEDTLS_XTEA_ALT
+#define POLARSSL_XTEA_ALT MBEDTLS_XTEA_ALT
+#endif
+#if defined MBEDTLS_XTEA_C
+#define POLARSSL_XTEA_C MBEDTLS_XTEA_C
+#endif
+#if defined MBEDTLS_ZLIB_SUPPORT
+#define POLARSSL_ZLIB_SUPPORT MBEDTLS_ZLIB_SUPPORT
+#endif
+
+/*
+ * Misc names (macros, types, functions, enum constants...)
+ */
+#define AES_DECRYPT MBEDTLS_AES_DECRYPT
+#define AES_ENCRYPT MBEDTLS_AES_ENCRYPT
+#define ASN1_BIT_STRING MBEDTLS_ASN1_BIT_STRING
+#define ASN1_BMP_STRING MBEDTLS_ASN1_BMP_STRING
+#define ASN1_BOOLEAN MBEDTLS_ASN1_BOOLEAN
+#define ASN1_CHK_ADD MBEDTLS_ASN1_CHK_ADD
+#define ASN1_CONSTRUCTED MBEDTLS_ASN1_CONSTRUCTED
+#define ASN1_CONTEXT_SPECIFIC MBEDTLS_ASN1_CONTEXT_SPECIFIC
+#define ASN1_GENERALIZED_TIME MBEDTLS_ASN1_GENERALIZED_TIME
+#define ASN1_IA5_STRING MBEDTLS_ASN1_IA5_STRING
+#define ASN1_INTEGER MBEDTLS_ASN1_INTEGER
+#define ASN1_NULL MBEDTLS_ASN1_NULL
+#define ASN1_OCTET_STRING MBEDTLS_ASN1_OCTET_STRING
+#define ASN1_OID MBEDTLS_ASN1_OID
+#define ASN1_PRIMITIVE MBEDTLS_ASN1_PRIMITIVE
+#define ASN1_PRINTABLE_STRING MBEDTLS_ASN1_PRINTABLE_STRING
+#define ASN1_SEQUENCE MBEDTLS_ASN1_SEQUENCE
+#define ASN1_SET MBEDTLS_ASN1_SET
+#define ASN1_T61_STRING MBEDTLS_ASN1_T61_STRING
+#define ASN1_UNIVERSAL_STRING MBEDTLS_ASN1_UNIVERSAL_STRING
+#define ASN1_UTC_TIME MBEDTLS_ASN1_UTC_TIME
+#define ASN1_UTF8_STRING MBEDTLS_ASN1_UTF8_STRING
+#define BADCERT_CN_MISMATCH MBEDTLS_X509_BADCERT_CN_MISMATCH
+#define BADCERT_EXPIRED MBEDTLS_X509_BADCERT_EXPIRED
+#define BADCERT_FUTURE MBEDTLS_X509_BADCERT_FUTURE
+#define BADCERT_MISSING MBEDTLS_X509_BADCERT_MISSING
+#define BADCERT_NOT_TRUSTED MBEDTLS_X509_BADCERT_NOT_TRUSTED
+#define BADCERT_OTHER MBEDTLS_X509_BADCERT_OTHER
+#define BADCERT_REVOKED MBEDTLS_X509_BADCERT_REVOKED
+#define BADCERT_SKIP_VERIFY MBEDTLS_X509_BADCERT_SKIP_VERIFY
+#define BADCRL_EXPIRED MBEDTLS_X509_BADCRL_EXPIRED
+#define BADCRL_FUTURE MBEDTLS_X509_BADCRL_FUTURE
+#define BADCRL_NOT_TRUSTED MBEDTLS_X509_BADCRL_NOT_TRUSTED
+#define BLOWFISH_BLOCKSIZE MBEDTLS_BLOWFISH_BLOCKSIZE
+#define BLOWFISH_DECRYPT MBEDTLS_BLOWFISH_DECRYPT
+#define BLOWFISH_ENCRYPT MBEDTLS_BLOWFISH_ENCRYPT
+#define BLOWFISH_MAX_KEY MBEDTLS_BLOWFISH_MAX_KEY_BITS
+#define BLOWFISH_MIN_KEY MBEDTLS_BLOWFISH_MIN_KEY_BITS
+#define BLOWFISH_ROUNDS MBEDTLS_BLOWFISH_ROUNDS
+#define CAMELLIA_DECRYPT MBEDTLS_CAMELLIA_DECRYPT
+#define CAMELLIA_ENCRYPT MBEDTLS_CAMELLIA_ENCRYPT
+#define COLLECT_SIZE MBEDTLS_HAVEGE_COLLECT_SIZE
+#define CTR_DRBG_BLOCKSIZE MBEDTLS_CTR_DRBG_BLOCKSIZE
+#define CTR_DRBG_ENTROPY_LEN MBEDTLS_CTR_DRBG_ENTROPY_LEN
+#define CTR_DRBG_KEYBITS MBEDTLS_CTR_DRBG_KEYBITS
+#define CTR_DRBG_KEYSIZE MBEDTLS_CTR_DRBG_KEYSIZE
+#define CTR_DRBG_MAX_INPUT MBEDTLS_CTR_DRBG_MAX_INPUT
+#define CTR_DRBG_MAX_REQUEST MBEDTLS_CTR_DRBG_MAX_REQUEST
+#define CTR_DRBG_MAX_SEED_INPUT MBEDTLS_CTR_DRBG_MAX_SEED_INPUT
+#define CTR_DRBG_PR_OFF MBEDTLS_CTR_DRBG_PR_OFF
+#define CTR_DRBG_PR_ON MBEDTLS_CTR_DRBG_PR_ON
+#define CTR_DRBG_RESEED_INTERVAL MBEDTLS_CTR_DRBG_RESEED_INTERVAL
+#define CTR_DRBG_SEEDLEN MBEDTLS_CTR_DRBG_SEEDLEN
+#define DEPRECATED MBEDTLS_DEPRECATED
+#define DES_DECRYPT MBEDTLS_DES_DECRYPT
+#define DES_ENCRYPT MBEDTLS_DES_ENCRYPT
+#define DES_KEY_SIZE MBEDTLS_DES_KEY_SIZE
+#define ENTROPY_BLOCK_SIZE MBEDTLS_ENTROPY_BLOCK_SIZE
+#define ENTROPY_MAX_GATHER MBEDTLS_ENTROPY_MAX_GATHER
+#define ENTROPY_MAX_SEED_SIZE MBEDTLS_ENTROPY_MAX_SEED_SIZE
+#define ENTROPY_MAX_SOURCES MBEDTLS_ENTROPY_MAX_SOURCES
+#define ENTROPY_MIN_HARDCLOCK MBEDTLS_ENTROPY_MIN_HARDCLOCK
+#define ENTROPY_MIN_HAVEGE MBEDTLS_ENTROPY_MIN_HAVEGE
+#define ENTROPY_MIN_PLATFORM MBEDTLS_ENTROPY_MIN_PLATFORM
+#define ENTROPY_SOURCE_MANUAL MBEDTLS_ENTROPY_SOURCE_MANUAL
+#define EXT_AUTHORITY_KEY_IDENTIFIER MBEDTLS_X509_EXT_AUTHORITY_KEY_IDENTIFIER
+#define EXT_BASIC_CONSTRAINTS MBEDTLS_X509_EXT_BASIC_CONSTRAINTS
+#define EXT_CERTIFICATE_POLICIES MBEDTLS_X509_EXT_CERTIFICATE_POLICIES
+#define EXT_CRL_DISTRIBUTION_POINTS MBEDTLS_X509_EXT_CRL_DISTRIBUTION_POINTS
+#define EXT_EXTENDED_KEY_USAGE MBEDTLS_X509_EXT_EXTENDED_KEY_USAGE
+#define EXT_FRESHEST_CRL MBEDTLS_X509_EXT_FRESHEST_CRL
+#define EXT_INIHIBIT_ANYPOLICY MBEDTLS_X509_EXT_INIHIBIT_ANYPOLICY
+#define EXT_ISSUER_ALT_NAME MBEDTLS_X509_EXT_ISSUER_ALT_NAME
+#define EXT_KEY_USAGE MBEDTLS_X509_EXT_KEY_USAGE
+#define EXT_NAME_CONSTRAINTS MBEDTLS_X509_EXT_NAME_CONSTRAINTS
+#define EXT_NS_CERT_TYPE MBEDTLS_X509_EXT_NS_CERT_TYPE
+#define EXT_POLICY_CONSTRAINTS MBEDTLS_X509_EXT_POLICY_CONSTRAINTS
+#define EXT_POLICY_MAPPINGS MBEDTLS_X509_EXT_POLICY_MAPPINGS
+#define EXT_SUBJECT_ALT_NAME MBEDTLS_X509_EXT_SUBJECT_ALT_NAME
+#define EXT_SUBJECT_DIRECTORY_ATTRS MBEDTLS_X509_EXT_SUBJECT_DIRECTORY_ATTRS
+#define EXT_SUBJECT_KEY_IDENTIFIER MBEDTLS_X509_EXT_SUBJECT_KEY_IDENTIFIER
+#define GCM_DECRYPT MBEDTLS_GCM_DECRYPT
+#define GCM_ENCRYPT MBEDTLS_GCM_ENCRYPT
+#define KU_CRL_SIGN MBEDTLS_X509_KU_CRL_SIGN
+#define KU_DATA_ENCIPHERMENT MBEDTLS_X509_KU_DATA_ENCIPHERMENT
+#define KU_DIGITAL_SIGNATURE MBEDTLS_X509_KU_DIGITAL_SIGNATURE
+#define KU_KEY_AGREEMENT MBEDTLS_X509_KU_KEY_AGREEMENT
+#define KU_KEY_CERT_SIGN MBEDTLS_X509_KU_KEY_CERT_SIGN
+#define KU_KEY_ENCIPHERMENT MBEDTLS_X509_KU_KEY_ENCIPHERMENT
+#define KU_NON_REPUDIATION MBEDTLS_X509_KU_NON_REPUDIATION
+#define LN_2_DIV_LN_10_SCALE100 MBEDTLS_LN_2_DIV_LN_10_SCALE100
+#define MD_CONTEXT_T_INIT MBEDTLS_MD_CONTEXT_T_INIT
+#define MEMORY_VERIFY_ALLOC MBEDTLS_MEMORY_VERIFY_ALLOC
+#define MEMORY_VERIFY_ALWAYS MBEDTLS_MEMORY_VERIFY_ALWAYS
+#define MEMORY_VERIFY_FREE MBEDTLS_MEMORY_VERIFY_FREE
+#define MEMORY_VERIFY_NONE MBEDTLS_MEMORY_VERIFY_NONE
+#define MPI_CHK MBEDTLS_MPI_CHK
+#define NET_PROTO_TCP MBEDTLS_NET_PROTO_TCP
+#define NET_PROTO_UDP MBEDTLS_NET_PROTO_UDP
+#define NS_CERT_TYPE_EMAIL MBEDTLS_X509_NS_CERT_TYPE_EMAIL
+#define NS_CERT_TYPE_EMAIL_CA MBEDTLS_X509_NS_CERT_TYPE_EMAIL_CA
+#define NS_CERT_TYPE_OBJECT_SIGNING MBEDTLS_X509_NS_CERT_TYPE_OBJECT_SIGNING
+#define NS_CERT_TYPE_OBJECT_SIGNING_CA MBEDTLS_X509_NS_CERT_TYPE_OBJECT_SIGNING_CA
+#define NS_CERT_TYPE_RESERVED MBEDTLS_X509_NS_CERT_TYPE_RESERVED
+#define NS_CERT_TYPE_SSL_CA MBEDTLS_X509_NS_CERT_TYPE_SSL_CA
+#define NS_CERT_TYPE_SSL_CLIENT MBEDTLS_X509_NS_CERT_TYPE_SSL_CLIENT
+#define NS_CERT_TYPE_SSL_SERVER MBEDTLS_X509_NS_CERT_TYPE_SSL_SERVER
+#define OID_ANSI_X9_62 MBEDTLS_OID_ANSI_X9_62
+#define OID_ANSI_X9_62_FIELD_TYPE MBEDTLS_OID_ANSI_X9_62_FIELD_TYPE
+#define OID_ANSI_X9_62_PRIME_FIELD MBEDTLS_OID_ANSI_X9_62_PRIME_FIELD
+#define OID_ANSI_X9_62_SIG MBEDTLS_OID_ANSI_X9_62_SIG
+#define OID_ANSI_X9_62_SIG_SHA2 MBEDTLS_OID_ANSI_X9_62_SIG_SHA2
+#define OID_ANY_EXTENDED_KEY_USAGE MBEDTLS_OID_ANY_EXTENDED_KEY_USAGE
+#define OID_AT MBEDTLS_OID_AT
+#define OID_AT_CN MBEDTLS_OID_AT_CN
+#define OID_AT_COUNTRY MBEDTLS_OID_AT_COUNTRY
+#define OID_AT_DN_QUALIFIER MBEDTLS_OID_AT_DN_QUALIFIER
+#define OID_AT_GENERATION_QUALIFIER MBEDTLS_OID_AT_GENERATION_QUALIFIER
+#define OID_AT_GIVEN_NAME MBEDTLS_OID_AT_GIVEN_NAME
+#define OID_AT_INITIALS MBEDTLS_OID_AT_INITIALS
+#define OID_AT_LOCALITY MBEDTLS_OID_AT_LOCALITY
+#define OID_AT_ORGANIZATION MBEDTLS_OID_AT_ORGANIZATION
+#define OID_AT_ORG_UNIT MBEDTLS_OID_AT_ORG_UNIT
+#define OID_AT_POSTAL_ADDRESS MBEDTLS_OID_AT_POSTAL_ADDRESS
+#define OID_AT_POSTAL_CODE MBEDTLS_OID_AT_POSTAL_CODE
+#define OID_AT_PSEUDONYM MBEDTLS_OID_AT_PSEUDONYM
+#define OID_AT_SERIAL_NUMBER MBEDTLS_OID_AT_SERIAL_NUMBER
+#define OID_AT_STATE MBEDTLS_OID_AT_STATE
+#define OID_AT_SUR_NAME MBEDTLS_OID_AT_SUR_NAME
+#define OID_AT_TITLE MBEDTLS_OID_AT_TITLE
+#define OID_AT_UNIQUE_IDENTIFIER MBEDTLS_OID_AT_UNIQUE_IDENTIFIER
+#define OID_AUTHORITY_KEY_IDENTIFIER MBEDTLS_OID_AUTHORITY_KEY_IDENTIFIER
+#define OID_BASIC_CONSTRAINTS MBEDTLS_OID_BASIC_CONSTRAINTS
+#define OID_CERTICOM MBEDTLS_OID_CERTICOM
+#define OID_CERTIFICATE_POLICIES MBEDTLS_OID_CERTIFICATE_POLICIES
+#define OID_CLIENT_AUTH MBEDTLS_OID_CLIENT_AUTH
+#define OID_CMP MBEDTLS_OID_CMP
+#define OID_CODE_SIGNING MBEDTLS_OID_CODE_SIGNING
+#define OID_COUNTRY_US MBEDTLS_OID_COUNTRY_US
+#define OID_CRL_DISTRIBUTION_POINTS MBEDTLS_OID_CRL_DISTRIBUTION_POINTS
+#define OID_CRL_NUMBER MBEDTLS_OID_CRL_NUMBER
+#define OID_DES_CBC MBEDTLS_OID_DES_CBC
+#define OID_DES_EDE3_CBC MBEDTLS_OID_DES_EDE3_CBC
+#define OID_DIGEST_ALG_MD2 MBEDTLS_OID_DIGEST_ALG_MD2
+#define OID_DIGEST_ALG_MD4 MBEDTLS_OID_DIGEST_ALG_MD4
+#define OID_DIGEST_ALG_MD5 MBEDTLS_OID_DIGEST_ALG_MD5
+#define OID_DIGEST_ALG_SHA1 MBEDTLS_OID_DIGEST_ALG_SHA1
+#define OID_DIGEST_ALG_SHA224 MBEDTLS_OID_DIGEST_ALG_SHA224
+#define OID_DIGEST_ALG_SHA256 MBEDTLS_OID_DIGEST_ALG_SHA256
+#define OID_DIGEST_ALG_SHA384 MBEDTLS_OID_DIGEST_ALG_SHA384
+#define OID_DIGEST_ALG_SHA512 MBEDTLS_OID_DIGEST_ALG_SHA512
+#define OID_DOMAIN_COMPONENT MBEDTLS_OID_DOMAIN_COMPONENT
+#define OID_ECDSA_SHA1 MBEDTLS_OID_ECDSA_SHA1
+#define OID_ECDSA_SHA224 MBEDTLS_OID_ECDSA_SHA224
+#define OID_ECDSA_SHA256 MBEDTLS_OID_ECDSA_SHA256
+#define OID_ECDSA_SHA384 MBEDTLS_OID_ECDSA_SHA384
+#define OID_ECDSA_SHA512 MBEDTLS_OID_ECDSA_SHA512
+#define OID_EC_ALG_ECDH MBEDTLS_OID_EC_ALG_ECDH
+#define OID_EC_ALG_UNRESTRICTED MBEDTLS_OID_EC_ALG_UNRESTRICTED
+#define OID_EC_BRAINPOOL_V1 MBEDTLS_OID_EC_BRAINPOOL_V1
+#define OID_EC_GRP_BP256R1 MBEDTLS_OID_EC_GRP_BP256R1
+#define OID_EC_GRP_BP384R1 MBEDTLS_OID_EC_GRP_BP384R1
+#define OID_EC_GRP_BP512R1 MBEDTLS_OID_EC_GRP_BP512R1
+#define OID_EC_GRP_SECP192K1 MBEDTLS_OID_EC_GRP_SECP192K1
+#define OID_EC_GRP_SECP192R1 MBEDTLS_OID_EC_GRP_SECP192R1
+#define OID_EC_GRP_SECP224K1 MBEDTLS_OID_EC_GRP_SECP224K1
+#define OID_EC_GRP_SECP224R1 MBEDTLS_OID_EC_GRP_SECP224R1
+#define OID_EC_GRP_SECP256K1 MBEDTLS_OID_EC_GRP_SECP256K1
+#define OID_EC_GRP_SECP256R1 MBEDTLS_OID_EC_GRP_SECP256R1
+#define OID_EC_GRP_SECP384R1 MBEDTLS_OID_EC_GRP_SECP384R1
+#define OID_EC_GRP_SECP521R1 MBEDTLS_OID_EC_GRP_SECP521R1
+#define OID_EMAIL_PROTECTION MBEDTLS_OID_EMAIL_PROTECTION
+#define OID_EXTENDED_KEY_USAGE MBEDTLS_OID_EXTENDED_KEY_USAGE
+#define OID_FRESHEST_CRL MBEDTLS_OID_FRESHEST_CRL
+#define OID_GOV MBEDTLS_OID_GOV
+#define OID_HMAC_SHA1 MBEDTLS_OID_HMAC_SHA1
+#define OID_ID_CE MBEDTLS_OID_ID_CE
+#define OID_INIHIBIT_ANYPOLICY MBEDTLS_OID_INIHIBIT_ANYPOLICY
+#define OID_ISO_CCITT_DS MBEDTLS_OID_ISO_CCITT_DS
+#define OID_ISO_IDENTIFIED_ORG MBEDTLS_OID_ISO_IDENTIFIED_ORG
+#define OID_ISO_ITU_COUNTRY MBEDTLS_OID_ISO_ITU_COUNTRY
+#define OID_ISO_ITU_US_ORG MBEDTLS_OID_ISO_ITU_US_ORG
+#define OID_ISO_MEMBER_BODIES MBEDTLS_OID_ISO_MEMBER_BODIES
+#define OID_ISSUER_ALT_NAME MBEDTLS_OID_ISSUER_ALT_NAME
+#define OID_KEY_USAGE MBEDTLS_OID_KEY_USAGE
+#define OID_KP MBEDTLS_OID_KP
+#define OID_MGF1 MBEDTLS_OID_MGF1
+#define OID_NAME_CONSTRAINTS MBEDTLS_OID_NAME_CONSTRAINTS
+#define OID_NETSCAPE MBEDTLS_OID_NETSCAPE
+#define OID_NS_BASE_URL MBEDTLS_OID_NS_BASE_URL
+#define OID_NS_CA_POLICY_URL MBEDTLS_OID_NS_CA_POLICY_URL
+#define OID_NS_CA_REVOCATION_URL MBEDTLS_OID_NS_CA_REVOCATION_URL
+#define OID_NS_CERT MBEDTLS_OID_NS_CERT
+#define OID_NS_CERT_SEQUENCE MBEDTLS_OID_NS_CERT_SEQUENCE
+#define OID_NS_CERT_TYPE MBEDTLS_OID_NS_CERT_TYPE
+#define OID_NS_COMMENT MBEDTLS_OID_NS_COMMENT
+#define OID_NS_DATA_TYPE MBEDTLS_OID_NS_DATA_TYPE
+#define OID_NS_RENEWAL_URL MBEDTLS_OID_NS_RENEWAL_URL
+#define OID_NS_REVOCATION_URL MBEDTLS_OID_NS_REVOCATION_URL
+#define OID_NS_SSL_SERVER_NAME MBEDTLS_OID_NS_SSL_SERVER_NAME
+#define OID_OCSP_SIGNING MBEDTLS_OID_OCSP_SIGNING
+#define OID_OIW_SECSIG MBEDTLS_OID_OIW_SECSIG
+#define OID_OIW_SECSIG_ALG MBEDTLS_OID_OIW_SECSIG_ALG
+#define OID_OIW_SECSIG_SHA1 MBEDTLS_OID_OIW_SECSIG_SHA1
+#define OID_ORGANIZATION MBEDTLS_OID_ORGANIZATION
+#define OID_ORG_ANSI_X9_62 MBEDTLS_OID_ORG_ANSI_X9_62
+#define OID_ORG_CERTICOM MBEDTLS_OID_ORG_CERTICOM
+#define OID_ORG_DOD MBEDTLS_OID_ORG_DOD
+#define OID_ORG_GOV MBEDTLS_OID_ORG_GOV
+#define OID_ORG_NETSCAPE MBEDTLS_OID_ORG_NETSCAPE
+#define OID_ORG_OIW MBEDTLS_OID_ORG_OIW
+#define OID_ORG_RSA_DATA_SECURITY MBEDTLS_OID_ORG_RSA_DATA_SECURITY
+#define OID_ORG_TELETRUST MBEDTLS_OID_ORG_TELETRUST
+#define OID_PKCS MBEDTLS_OID_PKCS
+#define OID_PKCS1 MBEDTLS_OID_PKCS1
+#define OID_PKCS12 MBEDTLS_OID_PKCS12
+#define OID_PKCS12_PBE MBEDTLS_OID_PKCS12_PBE
+#define OID_PKCS12_PBE_SHA1_DES2_EDE_CBC MBEDTLS_OID_PKCS12_PBE_SHA1_DES2_EDE_CBC
+#define OID_PKCS12_PBE_SHA1_DES3_EDE_CBC MBEDTLS_OID_PKCS12_PBE_SHA1_DES3_EDE_CBC
+#define OID_PKCS12_PBE_SHA1_RC2_128_CBC MBEDTLS_OID_PKCS12_PBE_SHA1_RC2_128_CBC
+#define OID_PKCS12_PBE_SHA1_RC2_40_CBC MBEDTLS_OID_PKCS12_PBE_SHA1_RC2_40_CBC
+#define OID_PKCS12_PBE_SHA1_RC4_128 MBEDTLS_OID_PKCS12_PBE_SHA1_RC4_128
+#define OID_PKCS12_PBE_SHA1_RC4_40 MBEDTLS_OID_PKCS12_PBE_SHA1_RC4_40
+#define OID_PKCS1_MD2 MBEDTLS_OID_PKCS1_MD2
+#define OID_PKCS1_MD4 MBEDTLS_OID_PKCS1_MD4
+#define OID_PKCS1_MD5 MBEDTLS_OID_PKCS1_MD5
+#define OID_PKCS1_RSA MBEDTLS_OID_PKCS1_RSA
+#define OID_PKCS1_SHA1 MBEDTLS_OID_PKCS1_SHA1
+#define OID_PKCS1_SHA224 MBEDTLS_OID_PKCS1_SHA224
+#define OID_PKCS1_SHA256 MBEDTLS_OID_PKCS1_SHA256
+#define OID_PKCS1_SHA384 MBEDTLS_OID_PKCS1_SHA384
+#define OID_PKCS1_SHA512 MBEDTLS_OID_PKCS1_SHA512
+#define OID_PKCS5 MBEDTLS_OID_PKCS5
+#define OID_PKCS5_PBES2 MBEDTLS_OID_PKCS5_PBES2
+#define OID_PKCS5_PBE_MD2_DES_CBC MBEDTLS_OID_PKCS5_PBE_MD2_DES_CBC
+#define OID_PKCS5_PBE_MD2_RC2_CBC MBEDTLS_OID_PKCS5_PBE_MD2_RC2_CBC
+#define OID_PKCS5_PBE_MD5_DES_CBC MBEDTLS_OID_PKCS5_PBE_MD5_DES_CBC
+#define OID_PKCS5_PBE_MD5_RC2_CBC MBEDTLS_OID_PKCS5_PBE_MD5_RC2_CBC
+#define OID_PKCS5_PBE_SHA1_DES_CBC MBEDTLS_OID_PKCS5_PBE_SHA1_DES_CBC
+#define OID_PKCS5_PBE_SHA1_RC2_CBC MBEDTLS_OID_PKCS5_PBE_SHA1_RC2_CBC
+#define OID_PKCS5_PBKDF2 MBEDTLS_OID_PKCS5_PBKDF2
+#define OID_PKCS5_PBMAC1 MBEDTLS_OID_PKCS5_PBMAC1
+#define OID_PKCS9 MBEDTLS_OID_PKCS9
+#define OID_PKCS9_CSR_EXT_REQ MBEDTLS_OID_PKCS9_CSR_EXT_REQ
+#define OID_PKCS9_EMAIL MBEDTLS_OID_PKCS9_EMAIL
+#define OID_PKIX MBEDTLS_OID_PKIX
+#define OID_POLICY_CONSTRAINTS MBEDTLS_OID_POLICY_CONSTRAINTS
+#define OID_POLICY_MAPPINGS MBEDTLS_OID_POLICY_MAPPINGS
+#define OID_PRIVATE_KEY_USAGE_PERIOD MBEDTLS_OID_PRIVATE_KEY_USAGE_PERIOD
+#define OID_RSASSA_PSS MBEDTLS_OID_RSASSA_PSS
+#define OID_RSA_COMPANY MBEDTLS_OID_RSA_COMPANY
+#define OID_RSA_SHA_OBS MBEDTLS_OID_RSA_SHA_OBS
+#define OID_SERVER_AUTH MBEDTLS_OID_SERVER_AUTH
+#define OID_SIZE MBEDTLS_OID_SIZE
+#define OID_SUBJECT_ALT_NAME MBEDTLS_OID_SUBJECT_ALT_NAME
+#define OID_SUBJECT_DIRECTORY_ATTRS MBEDTLS_OID_SUBJECT_DIRECTORY_ATTRS
+#define OID_SUBJECT_KEY_IDENTIFIER MBEDTLS_OID_SUBJECT_KEY_IDENTIFIER
+#define OID_TELETRUST MBEDTLS_OID_TELETRUST
+#define OID_TIME_STAMPING MBEDTLS_OID_TIME_STAMPING
+#define PADLOCK_ACE MBEDTLS_PADLOCK_ACE
+#define PADLOCK_ALIGN16 MBEDTLS_PADLOCK_ALIGN16
+#define PADLOCK_PHE MBEDTLS_PADLOCK_PHE
+#define PADLOCK_PMM MBEDTLS_PADLOCK_PMM
+#define PADLOCK_RNG MBEDTLS_PADLOCK_RNG
+#define PKCS12_DERIVE_IV MBEDTLS_PKCS12_DERIVE_IV
+#define PKCS12_DERIVE_KEY MBEDTLS_PKCS12_DERIVE_KEY
+#define PKCS12_DERIVE_MAC_KEY MBEDTLS_PKCS12_DERIVE_MAC_KEY
+#define PKCS12_PBE_DECRYPT MBEDTLS_PKCS12_PBE_DECRYPT
+#define PKCS12_PBE_ENCRYPT MBEDTLS_PKCS12_PBE_ENCRYPT
+#define PKCS5_DECRYPT MBEDTLS_PKCS5_DECRYPT
+#define PKCS5_ENCRYPT MBEDTLS_PKCS5_ENCRYPT
+#define POLARSSL_AESNI_AES MBEDTLS_AESNI_AES
+#define POLARSSL_AESNI_CLMUL MBEDTLS_AESNI_CLMUL
+#define POLARSSL_AESNI_H MBEDTLS_AESNI_H
+#define POLARSSL_AES_H MBEDTLS_AES_H
+#define POLARSSL_ARC4_H MBEDTLS_ARC4_H
+#define POLARSSL_ASN1_H MBEDTLS_ASN1_H
+#define POLARSSL_ASN1_WRITE_H MBEDTLS_ASN1_WRITE_H
+#define POLARSSL_BASE64_H MBEDTLS_BASE64_H
+#define POLARSSL_BIGNUM_H MBEDTLS_BIGNUM_H
+#define POLARSSL_BLOWFISH_H MBEDTLS_BLOWFISH_H
+#define POLARSSL_BN_MUL_H MBEDTLS_BN_MUL_H
+#define POLARSSL_CAMELLIA_H MBEDTLS_CAMELLIA_H
+#define POLARSSL_CCM_H MBEDTLS_CCM_H
+#define POLARSSL_CERTS_H MBEDTLS_CERTS_H
+#define POLARSSL_CHECK_CONFIG_H MBEDTLS_CHECK_CONFIG_H
+#define POLARSSL_CIPHERSUITE_NODTLS MBEDTLS_CIPHERSUITE_NODTLS
+#define POLARSSL_CIPHERSUITE_SHORT_TAG MBEDTLS_CIPHERSUITE_SHORT_TAG
+#define POLARSSL_CIPHERSUITE_WEAK MBEDTLS_CIPHERSUITE_WEAK
+#define POLARSSL_CIPHER_AES_128_CBC MBEDTLS_CIPHER_AES_128_CBC
+#define POLARSSL_CIPHER_AES_128_CCM MBEDTLS_CIPHER_AES_128_CCM
+#define POLARSSL_CIPHER_AES_128_CFB128 MBEDTLS_CIPHER_AES_128_CFB128
+#define POLARSSL_CIPHER_AES_128_CTR MBEDTLS_CIPHER_AES_128_CTR
+#define POLARSSL_CIPHER_AES_128_ECB MBEDTLS_CIPHER_AES_128_ECB
+#define POLARSSL_CIPHER_AES_128_GCM MBEDTLS_CIPHER_AES_128_GCM
+#define POLARSSL_CIPHER_AES_192_CBC MBEDTLS_CIPHER_AES_192_CBC
+#define POLARSSL_CIPHER_AES_192_CCM MBEDTLS_CIPHER_AES_192_CCM
+#define POLARSSL_CIPHER_AES_192_CFB128 MBEDTLS_CIPHER_AES_192_CFB128
+#define POLARSSL_CIPHER_AES_192_CTR MBEDTLS_CIPHER_AES_192_CTR
+#define POLARSSL_CIPHER_AES_192_ECB MBEDTLS_CIPHER_AES_192_ECB
+#define POLARSSL_CIPHER_AES_192_GCM MBEDTLS_CIPHER_AES_192_GCM
+#define POLARSSL_CIPHER_AES_256_CBC MBEDTLS_CIPHER_AES_256_CBC
+#define POLARSSL_CIPHER_AES_256_CCM MBEDTLS_CIPHER_AES_256_CCM
+#define POLARSSL_CIPHER_AES_256_CFB128 MBEDTLS_CIPHER_AES_256_CFB128
+#define POLARSSL_CIPHER_AES_256_CTR MBEDTLS_CIPHER_AES_256_CTR
+#define POLARSSL_CIPHER_AES_256_ECB MBEDTLS_CIPHER_AES_256_ECB
+#define POLARSSL_CIPHER_AES_256_GCM MBEDTLS_CIPHER_AES_256_GCM
+#define POLARSSL_CIPHER_ARC4_128 MBEDTLS_CIPHER_ARC4_128
+#define POLARSSL_CIPHER_BLOWFISH_CBC MBEDTLS_CIPHER_BLOWFISH_CBC
+#define POLARSSL_CIPHER_BLOWFISH_CFB64 MBEDTLS_CIPHER_BLOWFISH_CFB64
+#define POLARSSL_CIPHER_BLOWFISH_CTR MBEDTLS_CIPHER_BLOWFISH_CTR
+#define POLARSSL_CIPHER_BLOWFISH_ECB MBEDTLS_CIPHER_BLOWFISH_ECB
+#define POLARSSL_CIPHER_CAMELLIA_128_CBC MBEDTLS_CIPHER_CAMELLIA_128_CBC
+#define POLARSSL_CIPHER_CAMELLIA_128_CCM MBEDTLS_CIPHER_CAMELLIA_128_CCM
+#define POLARSSL_CIPHER_CAMELLIA_128_CFB128 MBEDTLS_CIPHER_CAMELLIA_128_CFB128
+#define POLARSSL_CIPHER_CAMELLIA_128_CTR MBEDTLS_CIPHER_CAMELLIA_128_CTR
+#define POLARSSL_CIPHER_CAMELLIA_128_ECB MBEDTLS_CIPHER_CAMELLIA_128_ECB
+#define POLARSSL_CIPHER_CAMELLIA_128_GCM MBEDTLS_CIPHER_CAMELLIA_128_GCM
+#define POLARSSL_CIPHER_CAMELLIA_192_CBC MBEDTLS_CIPHER_CAMELLIA_192_CBC
+#define POLARSSL_CIPHER_CAMELLIA_192_CCM MBEDTLS_CIPHER_CAMELLIA_192_CCM
+#define POLARSSL_CIPHER_CAMELLIA_192_CFB128 MBEDTLS_CIPHER_CAMELLIA_192_CFB128
+#define POLARSSL_CIPHER_CAMELLIA_192_CTR MBEDTLS_CIPHER_CAMELLIA_192_CTR
+#define POLARSSL_CIPHER_CAMELLIA_192_ECB MBEDTLS_CIPHER_CAMELLIA_192_ECB
+#define POLARSSL_CIPHER_CAMELLIA_192_GCM MBEDTLS_CIPHER_CAMELLIA_192_GCM
+#define POLARSSL_CIPHER_CAMELLIA_256_CBC MBEDTLS_CIPHER_CAMELLIA_256_CBC
+#define POLARSSL_CIPHER_CAMELLIA_256_CCM MBEDTLS_CIPHER_CAMELLIA_256_CCM
+#define POLARSSL_CIPHER_CAMELLIA_256_CFB128 MBEDTLS_CIPHER_CAMELLIA_256_CFB128
+#define POLARSSL_CIPHER_CAMELLIA_256_CTR MBEDTLS_CIPHER_CAMELLIA_256_CTR
+#define POLARSSL_CIPHER_CAMELLIA_256_ECB MBEDTLS_CIPHER_CAMELLIA_256_ECB
+#define POLARSSL_CIPHER_CAMELLIA_256_GCM MBEDTLS_CIPHER_CAMELLIA_256_GCM
+#define POLARSSL_CIPHER_DES_CBC MBEDTLS_CIPHER_DES_CBC
+#define POLARSSL_CIPHER_DES_ECB MBEDTLS_CIPHER_DES_ECB
+#define POLARSSL_CIPHER_DES_EDE3_CBC MBEDTLS_CIPHER_DES_EDE3_CBC
+#define POLARSSL_CIPHER_DES_EDE3_ECB MBEDTLS_CIPHER_DES_EDE3_ECB
+#define POLARSSL_CIPHER_DES_EDE_CBC MBEDTLS_CIPHER_DES_EDE_CBC
+#define POLARSSL_CIPHER_DES_EDE_ECB MBEDTLS_CIPHER_DES_EDE_ECB
+#define POLARSSL_CIPHER_H MBEDTLS_CIPHER_H
+#define POLARSSL_CIPHER_ID_3DES MBEDTLS_CIPHER_ID_3DES
+#define POLARSSL_CIPHER_ID_AES MBEDTLS_CIPHER_ID_AES
+#define POLARSSL_CIPHER_ID_ARC4 MBEDTLS_CIPHER_ID_ARC4
+#define POLARSSL_CIPHER_ID_BLOWFISH MBEDTLS_CIPHER_ID_BLOWFISH
+#define POLARSSL_CIPHER_ID_CAMELLIA MBEDTLS_CIPHER_ID_CAMELLIA
+#define POLARSSL_CIPHER_ID_DES MBEDTLS_CIPHER_ID_DES
+#define POLARSSL_CIPHER_ID_NONE MBEDTLS_CIPHER_ID_NONE
+#define POLARSSL_CIPHER_ID_NULL MBEDTLS_CIPHER_ID_NULL
+#define POLARSSL_CIPHER_MODE_AEAD MBEDTLS_CIPHER_MODE_AEAD
+#define POLARSSL_CIPHER_MODE_STREAM MBEDTLS_CIPHER_MODE_STREAM
+#define POLARSSL_CIPHER_MODE_WITH_PADDING MBEDTLS_CIPHER_MODE_WITH_PADDING
+#define POLARSSL_CIPHER_NONE MBEDTLS_CIPHER_NONE
+#define POLARSSL_CIPHER_NULL MBEDTLS_CIPHER_NULL
+#define POLARSSL_CIPHER_VARIABLE_IV_LEN MBEDTLS_CIPHER_VARIABLE_IV_LEN
+#define POLARSSL_CIPHER_VARIABLE_KEY_LEN MBEDTLS_CIPHER_VARIABLE_KEY_LEN
+#define POLARSSL_CIPHER_WRAP_H MBEDTLS_CIPHER_WRAP_H
+#define POLARSSL_CONFIG_H MBEDTLS_CONFIG_H
+#define POLARSSL_CTR_DRBG_H MBEDTLS_CTR_DRBG_H
+#define POLARSSL_DEBUG_H MBEDTLS_DEBUG_H
+#define POLARSSL_DEBUG_LOG_FULL MBEDTLS_DEBUG_LOG_FULL
+#define POLARSSL_DEBUG_LOG_RAW MBEDTLS_DEBUG_LOG_RAW
+#define POLARSSL_DECRYPT MBEDTLS_DECRYPT
+#define POLARSSL_DES_H MBEDTLS_DES_H
+#define POLARSSL_DHM_H MBEDTLS_DHM_H
+#define POLARSSL_DHM_RFC2409_MODP_1024_G MBEDTLS_DHM_RFC2409_MODP_1024_G
+#define POLARSSL_DHM_RFC2409_MODP_1024_P MBEDTLS_DHM_RFC2409_MODP_1024_P
+#define POLARSSL_DHM_RFC3526_MODP_2048_G MBEDTLS_DHM_RFC3526_MODP_2048_G
+#define POLARSSL_DHM_RFC3526_MODP_2048_P MBEDTLS_DHM_RFC3526_MODP_2048_P
+#define POLARSSL_DHM_RFC3526_MODP_3072_G MBEDTLS_DHM_RFC3526_MODP_3072_G
+#define POLARSSL_DHM_RFC3526_MODP_3072_P MBEDTLS_DHM_RFC3526_MODP_3072_P
+#define POLARSSL_DHM_RFC5114_MODP_1024_G MBEDTLS_DHM_RFC5114_MODP_1024_G
+#define POLARSSL_DHM_RFC5114_MODP_1024_P MBEDTLS_DHM_RFC5114_MODP_1024_P
+#define POLARSSL_DHM_RFC5114_MODP_2048_G MBEDTLS_DHM_RFC5114_MODP_2048_G
+#define POLARSSL_DHM_RFC5114_MODP_2048_P MBEDTLS_DHM_RFC5114_MODP_2048_P
+#define POLARSSL_ECDH_H MBEDTLS_ECDH_H
+#define POLARSSL_ECDH_OURS MBEDTLS_ECDH_OURS
+#define POLARSSL_ECDH_THEIRS MBEDTLS_ECDH_THEIRS
+#define POLARSSL_ECDSA_H MBEDTLS_ECDSA_H
+#define POLARSSL_ECP_DP_BP256R1 MBEDTLS_ECP_DP_BP256R1
+#define POLARSSL_ECP_DP_BP384R1 MBEDTLS_ECP_DP_BP384R1
+#define POLARSSL_ECP_DP_BP512R1 MBEDTLS_ECP_DP_BP512R1
+#define POLARSSL_ECP_DP_M255 MBEDTLS_ECP_DP_CURVE25519
+#define POLARSSL_ECP_DP_MAX MBEDTLS_ECP_DP_MAX
+#define POLARSSL_ECP_DP_NONE MBEDTLS_ECP_DP_NONE
+#define POLARSSL_ECP_DP_SECP192K1 MBEDTLS_ECP_DP_SECP192K1
+#define POLARSSL_ECP_DP_SECP192R1 MBEDTLS_ECP_DP_SECP192R1
+#define POLARSSL_ECP_DP_SECP224K1 MBEDTLS_ECP_DP_SECP224K1
+#define POLARSSL_ECP_DP_SECP224R1 MBEDTLS_ECP_DP_SECP224R1
+#define POLARSSL_ECP_DP_SECP256K1 MBEDTLS_ECP_DP_SECP256K1
+#define POLARSSL_ECP_DP_SECP256R1 MBEDTLS_ECP_DP_SECP256R1
+#define POLARSSL_ECP_DP_SECP384R1 MBEDTLS_ECP_DP_SECP384R1
+#define POLARSSL_ECP_DP_SECP521R1 MBEDTLS_ECP_DP_SECP521R1
+#define POLARSSL_ECP_H MBEDTLS_ECP_H
+#define POLARSSL_ECP_MAX_BYTES MBEDTLS_ECP_MAX_BYTES
+#define POLARSSL_ECP_MAX_PT_LEN MBEDTLS_ECP_MAX_PT_LEN
+#define POLARSSL_ECP_PF_COMPRESSED MBEDTLS_ECP_PF_COMPRESSED
+#define POLARSSL_ECP_PF_UNCOMPRESSED MBEDTLS_ECP_PF_UNCOMPRESSED
+#define POLARSSL_ECP_TLS_NAMED_CURVE MBEDTLS_ECP_TLS_NAMED_CURVE
+#define POLARSSL_ENCRYPT MBEDTLS_ENCRYPT
+#define POLARSSL_ENTROPY_H MBEDTLS_ENTROPY_H
+#define POLARSSL_ENTROPY_POLL_H MBEDTLS_ENTROPY_POLL_H
+#define POLARSSL_ENTROPY_SHA256_ACCUMULATOR MBEDTLS_ENTROPY_SHA256_ACCUMULATOR
+#define POLARSSL_ENTROPY_SHA512_ACCUMULATOR MBEDTLS_ENTROPY_SHA512_ACCUMULATOR
+#define POLARSSL_ERROR_H MBEDTLS_ERROR_H
+#define POLARSSL_ERR_AES_INVALID_INPUT_LENGTH MBEDTLS_ERR_AES_INVALID_INPUT_LENGTH
+#define POLARSSL_ERR_AES_INVALID_KEY_LENGTH MBEDTLS_ERR_AES_INVALID_KEY_LENGTH
+#define POLARSSL_ERR_ASN1_BUF_TOO_SMALL MBEDTLS_ERR_ASN1_BUF_TOO_SMALL
+#define POLARSSL_ERR_ASN1_INVALID_DATA MBEDTLS_ERR_ASN1_INVALID_DATA
+#define POLARSSL_ERR_ASN1_INVALID_LENGTH MBEDTLS_ERR_ASN1_INVALID_LENGTH
+#define POLARSSL_ERR_ASN1_LENGTH_MISMATCH MBEDTLS_ERR_ASN1_LENGTH_MISMATCH
+#define POLARSSL_ERR_ASN1_MALLOC_FAILED MBEDTLS_ERR_ASN1_ALLOC_FAILED
+#define POLARSSL_ERR_ASN1_OUT_OF_DATA MBEDTLS_ERR_ASN1_OUT_OF_DATA
+#define POLARSSL_ERR_ASN1_UNEXPECTED_TAG MBEDTLS_ERR_ASN1_UNEXPECTED_TAG
+#define POLARSSL_ERR_BASE64_BUFFER_TOO_SMALL MBEDTLS_ERR_BASE64_BUFFER_TOO_SMALL
+#define POLARSSL_ERR_BASE64_INVALID_CHARACTER MBEDTLS_ERR_BASE64_INVALID_CHARACTER
+#define POLARSSL_ERR_BLOWFISH_INVALID_INPUT_LENGTH MBEDTLS_ERR_BLOWFISH_INVALID_INPUT_LENGTH
+#define POLARSSL_ERR_BLOWFISH_INVALID_KEY_LENGTH MBEDTLS_ERR_BLOWFISH_INVALID_KEY_LENGTH
+#define POLARSSL_ERR_CAMELLIA_INVALID_INPUT_LENGTH MBEDTLS_ERR_CAMELLIA_INVALID_INPUT_LENGTH
+#define POLARSSL_ERR_CAMELLIA_INVALID_KEY_LENGTH MBEDTLS_ERR_CAMELLIA_INVALID_KEY_LENGTH
+#define POLARSSL_ERR_CCM_AUTH_FAILED MBEDTLS_ERR_CCM_AUTH_FAILED
+#define POLARSSL_ERR_CCM_BAD_INPUT MBEDTLS_ERR_CCM_BAD_INPUT
+#define POLARSSL_ERR_CIPHER_ALLOC_FAILED MBEDTLS_ERR_CIPHER_ALLOC_FAILED
+#define POLARSSL_ERR_CIPHER_AUTH_FAILED MBEDTLS_ERR_CIPHER_AUTH_FAILED
+#define POLARSSL_ERR_CIPHER_BAD_INPUT_DATA MBEDTLS_ERR_CIPHER_BAD_INPUT_DATA
+#define POLARSSL_ERR_CIPHER_FEATURE_UNAVAILABLE MBEDTLS_ERR_CIPHER_FEATURE_UNAVAILABLE
+#define POLARSSL_ERR_CIPHER_FULL_BLOCK_EXPECTED MBEDTLS_ERR_CIPHER_FULL_BLOCK_EXPECTED
+#define POLARSSL_ERR_CIPHER_INVALID_PADDING MBEDTLS_ERR_CIPHER_INVALID_PADDING
+#define POLARSSL_ERR_CTR_DRBG_ENTROPY_SOURCE_FAILED MBEDTLS_ERR_CTR_DRBG_ENTROPY_SOURCE_FAILED
+#define POLARSSL_ERR_CTR_DRBG_FILE_IO_ERROR MBEDTLS_ERR_CTR_DRBG_FILE_IO_ERROR
+#define POLARSSL_ERR_CTR_DRBG_INPUT_TOO_BIG MBEDTLS_ERR_CTR_DRBG_INPUT_TOO_BIG
+#define POLARSSL_ERR_CTR_DRBG_REQUEST_TOO_BIG MBEDTLS_ERR_CTR_DRBG_REQUEST_TOO_BIG
+#define POLARSSL_ERR_DES_INVALID_INPUT_LENGTH MBEDTLS_ERR_DES_INVALID_INPUT_LENGTH
+#define POLARSSL_ERR_DHM_BAD_INPUT_DATA MBEDTLS_ERR_DHM_BAD_INPUT_DATA
+#define POLARSSL_ERR_DHM_CALC_SECRET_FAILED MBEDTLS_ERR_DHM_CALC_SECRET_FAILED
+#define POLARSSL_ERR_DHM_FILE_IO_ERROR MBEDTLS_ERR_DHM_FILE_IO_ERROR
+#define POLARSSL_ERR_DHM_INVALID_FORMAT MBEDTLS_ERR_DHM_INVALID_FORMAT
+#define POLARSSL_ERR_DHM_MAKE_PARAMS_FAILED MBEDTLS_ERR_DHM_MAKE_PARAMS_FAILED
+#define POLARSSL_ERR_DHM_MAKE_PUBLIC_FAILED MBEDTLS_ERR_DHM_MAKE_PUBLIC_FAILED
+#define POLARSSL_ERR_DHM_MALLOC_FAILED MBEDTLS_ERR_DHM_ALLOC_FAILED
+#define POLARSSL_ERR_DHM_READ_PARAMS_FAILED MBEDTLS_ERR_DHM_READ_PARAMS_FAILED
+#define POLARSSL_ERR_DHM_READ_PUBLIC_FAILED MBEDTLS_ERR_DHM_READ_PUBLIC_FAILED
+#define POLARSSL_ERR_ECP_BAD_INPUT_DATA MBEDTLS_ERR_ECP_BAD_INPUT_DATA
+#define POLARSSL_ERR_ECP_BUFFER_TOO_SMALL MBEDTLS_ERR_ECP_BUFFER_TOO_SMALL
+#define POLARSSL_ERR_ECP_FEATURE_UNAVAILABLE MBEDTLS_ERR_ECP_FEATURE_UNAVAILABLE
+#define POLARSSL_ERR_ECP_INVALID_KEY MBEDTLS_ERR_ECP_INVALID_KEY
+#define POLARSSL_ERR_ECP_MALLOC_FAILED MBEDTLS_ERR_ECP_ALLOC_FAILED
+#define POLARSSL_ERR_ECP_RANDOM_FAILED MBEDTLS_ERR_ECP_RANDOM_FAILED
+#define POLARSSL_ERR_ECP_SIG_LEN_MISMATCH MBEDTLS_ERR_ECP_SIG_LEN_MISMATCH
+#define POLARSSL_ERR_ECP_VERIFY_FAILED MBEDTLS_ERR_ECP_VERIFY_FAILED
+#define POLARSSL_ERR_ENTROPY_FILE_IO_ERROR MBEDTLS_ERR_ENTROPY_FILE_IO_ERROR
+#define POLARSSL_ERR_ENTROPY_MAX_SOURCES MBEDTLS_ERR_ENTROPY_MAX_SOURCES
+#define POLARSSL_ERR_ENTROPY_NO_SOURCES_DEFINED MBEDTLS_ERR_ENTROPY_NO_SOURCES_DEFINED
+#define POLARSSL_ERR_ENTROPY_SOURCE_FAILED MBEDTLS_ERR_ENTROPY_SOURCE_FAILED
+#define POLARSSL_ERR_GCM_AUTH_FAILED MBEDTLS_ERR_GCM_AUTH_FAILED
+#define POLARSSL_ERR_GCM_BAD_INPUT MBEDTLS_ERR_GCM_BAD_INPUT
+#define POLARSSL_ERR_HMAC_DRBG_ENTROPY_SOURCE_FAILED MBEDTLS_ERR_HMAC_DRBG_ENTROPY_SOURCE_FAILED
+#define POLARSSL_ERR_HMAC_DRBG_FILE_IO_ERROR MBEDTLS_ERR_HMAC_DRBG_FILE_IO_ERROR
+#define POLARSSL_ERR_HMAC_DRBG_INPUT_TOO_BIG MBEDTLS_ERR_HMAC_DRBG_INPUT_TOO_BIG
+#define POLARSSL_ERR_HMAC_DRBG_REQUEST_TOO_BIG MBEDTLS_ERR_HMAC_DRBG_REQUEST_TOO_BIG
+#define POLARSSL_ERR_MD2_FILE_IO_ERROR MBEDTLS_ERR_MD2_FILE_IO_ERROR
+#define POLARSSL_ERR_MD4_FILE_IO_ERROR MBEDTLS_ERR_MD4_FILE_IO_ERROR
+#define POLARSSL_ERR_MD5_FILE_IO_ERROR MBEDTLS_ERR_MD5_FILE_IO_ERROR
+#define POLARSSL_ERR_MD_ALLOC_FAILED MBEDTLS_ERR_MD_ALLOC_FAILED
+#define POLARSSL_ERR_MD_BAD_INPUT_DATA MBEDTLS_ERR_MD_BAD_INPUT_DATA
+#define POLARSSL_ERR_MD_FEATURE_UNAVAILABLE MBEDTLS_ERR_MD_FEATURE_UNAVAILABLE
+#define POLARSSL_ERR_MD_FILE_IO_ERROR MBEDTLS_ERR_MD_FILE_IO_ERROR
+#define POLARSSL_ERR_MPI_BAD_INPUT_DATA MBEDTLS_ERR_MPI_BAD_INPUT_DATA
+#define POLARSSL_ERR_MPI_BUFFER_TOO_SMALL MBEDTLS_ERR_MPI_BUFFER_TOO_SMALL
+#define POLARSSL_ERR_MPI_DIVISION_BY_ZERO MBEDTLS_ERR_MPI_DIVISION_BY_ZERO
+#define POLARSSL_ERR_MPI_FILE_IO_ERROR MBEDTLS_ERR_MPI_FILE_IO_ERROR
+#define POLARSSL_ERR_MPI_INVALID_CHARACTER MBEDTLS_ERR_MPI_INVALID_CHARACTER
+#define POLARSSL_ERR_MPI_MALLOC_FAILED MBEDTLS_ERR_MPI_ALLOC_FAILED
+#define POLARSSL_ERR_MPI_NEGATIVE_VALUE MBEDTLS_ERR_MPI_NEGATIVE_VALUE
+#define POLARSSL_ERR_MPI_NOT_ACCEPTABLE MBEDTLS_ERR_MPI_NOT_ACCEPTABLE
+#define POLARSSL_ERR_NET_ACCEPT_FAILED MBEDTLS_ERR_NET_ACCEPT_FAILED
+#define POLARSSL_ERR_NET_BIND_FAILED MBEDTLS_ERR_NET_BIND_FAILED
+#define POLARSSL_ERR_NET_CONNECT_FAILED MBEDTLS_ERR_NET_CONNECT_FAILED
+#define POLARSSL_ERR_NET_CONN_RESET MBEDTLS_ERR_NET_CONN_RESET
+#define POLARSSL_ERR_NET_LISTEN_FAILED MBEDTLS_ERR_NET_LISTEN_FAILED
+#define POLARSSL_ERR_NET_RECV_FAILED MBEDTLS_ERR_NET_RECV_FAILED
+#define POLARSSL_ERR_NET_SEND_FAILED MBEDTLS_ERR_NET_SEND_FAILED
+#define POLARSSL_ERR_NET_SOCKET_FAILED MBEDTLS_ERR_NET_SOCKET_FAILED
+#define POLARSSL_ERR_NET_TIMEOUT MBEDTLS_ERR_SSL_TIMEOUT
+#define POLARSSL_ERR_NET_UNKNOWN_HOST MBEDTLS_ERR_NET_UNKNOWN_HOST
+#define POLARSSL_ERR_NET_WANT_READ MBEDTLS_ERR_SSL_WANT_READ
+#define POLARSSL_ERR_NET_WANT_WRITE MBEDTLS_ERR_SSL_WANT_WRITE
+#define POLARSSL_ERR_OID_BUF_TOO_SMALL MBEDTLS_ERR_OID_BUF_TOO_SMALL
+#define POLARSSL_ERR_OID_NOT_FOUND MBEDTLS_ERR_OID_NOT_FOUND
+#define POLARSSL_ERR_PADLOCK_DATA_MISALIGNED MBEDTLS_ERR_PADLOCK_DATA_MISALIGNED
+#define POLARSSL_ERR_PBKDF2_BAD_INPUT_DATA MBEDTLS_ERR_PBKDF2_BAD_INPUT_DATA
+#define POLARSSL_ERR_PEM_BAD_INPUT_DATA MBEDTLS_ERR_PEM_BAD_INPUT_DATA
+#define POLARSSL_ERR_PEM_FEATURE_UNAVAILABLE MBEDTLS_ERR_PEM_FEATURE_UNAVAILABLE
+#define POLARSSL_ERR_PEM_INVALID_DATA MBEDTLS_ERR_PEM_INVALID_DATA
+#define POLARSSL_ERR_PEM_INVALID_ENC_IV MBEDTLS_ERR_PEM_INVALID_ENC_IV
+#define POLARSSL_ERR_PEM_MALLOC_FAILED MBEDTLS_ERR_PEM_ALLOC_FAILED
+#define POLARSSL_ERR_PEM_NO_HEADER_FOOTER_PRESENT MBEDTLS_ERR_PEM_NO_HEADER_FOOTER_PRESENT
+#define POLARSSL_ERR_PEM_PASSWORD_MISMATCH MBEDTLS_ERR_PEM_PASSWORD_MISMATCH
+#define POLARSSL_ERR_PEM_PASSWORD_REQUIRED MBEDTLS_ERR_PEM_PASSWORD_REQUIRED
+#define POLARSSL_ERR_PEM_UNKNOWN_ENC_ALG MBEDTLS_ERR_PEM_UNKNOWN_ENC_ALG
+#define POLARSSL_ERR_PKCS12_BAD_INPUT_DATA MBEDTLS_ERR_PKCS12_BAD_INPUT_DATA
+#define POLARSSL_ERR_PKCS12_FEATURE_UNAVAILABLE MBEDTLS_ERR_PKCS12_FEATURE_UNAVAILABLE
+#define POLARSSL_ERR_PKCS12_PASSWORD_MISMATCH MBEDTLS_ERR_PKCS12_PASSWORD_MISMATCH
+#define POLARSSL_ERR_PKCS12_PBE_INVALID_FORMAT MBEDTLS_ERR_PKCS12_PBE_INVALID_FORMAT
+#define POLARSSL_ERR_PKCS5_BAD_INPUT_DATA MBEDTLS_ERR_PKCS5_BAD_INPUT_DATA
+#define POLARSSL_ERR_PKCS5_FEATURE_UNAVAILABLE MBEDTLS_ERR_PKCS5_FEATURE_UNAVAILABLE
+#define POLARSSL_ERR_PKCS5_INVALID_FORMAT MBEDTLS_ERR_PKCS5_INVALID_FORMAT
+#define POLARSSL_ERR_PKCS5_PASSWORD_MISMATCH MBEDTLS_ERR_PKCS5_PASSWORD_MISMATCH
+#define POLARSSL_ERR_PK_BAD_INPUT_DATA MBEDTLS_ERR_PK_BAD_INPUT_DATA
+#define POLARSSL_ERR_PK_FEATURE_UNAVAILABLE MBEDTLS_ERR_PK_FEATURE_UNAVAILABLE
+#define POLARSSL_ERR_PK_FILE_IO_ERROR MBEDTLS_ERR_PK_FILE_IO_ERROR
+#define POLARSSL_ERR_PK_INVALID_ALG MBEDTLS_ERR_PK_INVALID_ALG
+#define POLARSSL_ERR_PK_INVALID_PUBKEY MBEDTLS_ERR_PK_INVALID_PUBKEY
+#define POLARSSL_ERR_PK_KEY_INVALID_FORMAT MBEDTLS_ERR_PK_KEY_INVALID_FORMAT
+#define POLARSSL_ERR_PK_KEY_INVALID_VERSION MBEDTLS_ERR_PK_KEY_INVALID_VERSION
+#define POLARSSL_ERR_PK_MALLOC_FAILED MBEDTLS_ERR_PK_ALLOC_FAILED
+#define POLARSSL_ERR_PK_PASSWORD_MISMATCH MBEDTLS_ERR_PK_PASSWORD_MISMATCH
+#define POLARSSL_ERR_PK_PASSWORD_REQUIRED MBEDTLS_ERR_PK_PASSWORD_REQUIRED
+#define POLARSSL_ERR_PK_SIG_LEN_MISMATCH MBEDTLS_ERR_PK_SIG_LEN_MISMATCH
+#define POLARSSL_ERR_PK_TYPE_MISMATCH MBEDTLS_ERR_PK_TYPE_MISMATCH
+#define POLARSSL_ERR_PK_UNKNOWN_NAMED_CURVE MBEDTLS_ERR_PK_UNKNOWN_NAMED_CURVE
+#define POLARSSL_ERR_PK_UNKNOWN_PK_ALG MBEDTLS_ERR_PK_UNKNOWN_PK_ALG
+#define POLARSSL_ERR_RIPEMD160_FILE_IO_ERROR MBEDTLS_ERR_RIPEMD160_FILE_IO_ERROR
+#define POLARSSL_ERR_RSA_BAD_INPUT_DATA MBEDTLS_ERR_RSA_BAD_INPUT_DATA
+#define POLARSSL_ERR_RSA_INVALID_PADDING MBEDTLS_ERR_RSA_INVALID_PADDING
+#define POLARSSL_ERR_RSA_KEY_CHECK_FAILED MBEDTLS_ERR_RSA_KEY_CHECK_FAILED
+#define POLARSSL_ERR_RSA_KEY_GEN_FAILED MBEDTLS_ERR_RSA_KEY_GEN_FAILED
+#define POLARSSL_ERR_RSA_OUTPUT_TOO_LARGE MBEDTLS_ERR_RSA_OUTPUT_TOO_LARGE
+#define POLARSSL_ERR_RSA_PRIVATE_FAILED MBEDTLS_ERR_RSA_PRIVATE_FAILED
+#define POLARSSL_ERR_RSA_PUBLIC_FAILED MBEDTLS_ERR_RSA_PUBLIC_FAILED
+#define POLARSSL_ERR_RSA_RNG_FAILED MBEDTLS_ERR_RSA_RNG_FAILED
+#define POLARSSL_ERR_RSA_VERIFY_FAILED MBEDTLS_ERR_RSA_VERIFY_FAILED
+#define POLARSSL_ERR_SHA1_FILE_IO_ERROR MBEDTLS_ERR_SHA1_FILE_IO_ERROR
+#define POLARSSL_ERR_SHA256_FILE_IO_ERROR MBEDTLS_ERR_SHA256_FILE_IO_ERROR
+#define POLARSSL_ERR_SHA512_FILE_IO_ERROR MBEDTLS_ERR_SHA512_FILE_IO_ERROR
+#define POLARSSL_ERR_SSL_BAD_HS_CERTIFICATE MBEDTLS_ERR_SSL_BAD_HS_CERTIFICATE
+#define POLARSSL_ERR_SSL_BAD_HS_CERTIFICATE_REQUEST MBEDTLS_ERR_SSL_BAD_HS_CERTIFICATE_REQUEST
+#define POLARSSL_ERR_SSL_BAD_HS_CERTIFICATE_VERIFY MBEDTLS_ERR_SSL_BAD_HS_CERTIFICATE_VERIFY
+#define POLARSSL_ERR_SSL_BAD_HS_CHANGE_CIPHER_SPEC MBEDTLS_ERR_SSL_BAD_HS_CHANGE_CIPHER_SPEC
+#define POLARSSL_ERR_SSL_BAD_HS_CLIENT_HELLO MBEDTLS_ERR_SSL_BAD_HS_CLIENT_HELLO
+#define POLARSSL_ERR_SSL_BAD_HS_CLIENT_KEY_EXCHANGE MBEDTLS_ERR_SSL_BAD_HS_CLIENT_KEY_EXCHANGE
+#define POLARSSL_ERR_SSL_BAD_HS_CLIENT_KEY_EXCHANGE_CS MBEDTLS_ERR_SSL_BAD_HS_CLIENT_KEY_EXCHANGE_CS
+#define POLARSSL_ERR_SSL_BAD_HS_CLIENT_KEY_EXCHANGE_RP MBEDTLS_ERR_SSL_BAD_HS_CLIENT_KEY_EXCHANGE_RP
+#define POLARSSL_ERR_SSL_BAD_HS_FINISHED MBEDTLS_ERR_SSL_BAD_HS_FINISHED
+#define POLARSSL_ERR_SSL_BAD_HS_NEW_SESSION_TICKET MBEDTLS_ERR_SSL_BAD_HS_NEW_SESSION_TICKET
+#define POLARSSL_ERR_SSL_BAD_HS_PROTOCOL_VERSION MBEDTLS_ERR_SSL_BAD_HS_PROTOCOL_VERSION
+#define POLARSSL_ERR_SSL_BAD_HS_SERVER_HELLO MBEDTLS_ERR_SSL_BAD_HS_SERVER_HELLO
+#define POLARSSL_ERR_SSL_BAD_HS_SERVER_HELLO_DONE MBEDTLS_ERR_SSL_BAD_HS_SERVER_HELLO_DONE
+#define POLARSSL_ERR_SSL_BAD_HS_SERVER_KEY_EXCHANGE MBEDTLS_ERR_SSL_BAD_HS_SERVER_KEY_EXCHANGE
+#define POLARSSL_ERR_SSL_BAD_INPUT_DATA MBEDTLS_ERR_SSL_BAD_INPUT_DATA
+#define POLARSSL_ERR_SSL_BUFFER_TOO_SMALL MBEDTLS_ERR_SSL_BUFFER_TOO_SMALL
+#define POLARSSL_ERR_SSL_CA_CHAIN_REQUIRED MBEDTLS_ERR_SSL_CA_CHAIN_REQUIRED
+#define POLARSSL_ERR_SSL_CERTIFICATE_REQUIRED MBEDTLS_ERR_SSL_CERTIFICATE_REQUIRED
+#define POLARSSL_ERR_SSL_CERTIFICATE_TOO_LARGE MBEDTLS_ERR_SSL_CERTIFICATE_TOO_LARGE
+#define POLARSSL_ERR_SSL_COMPRESSION_FAILED MBEDTLS_ERR_SSL_COMPRESSION_FAILED
+#define POLARSSL_ERR_SSL_CONN_EOF MBEDTLS_ERR_SSL_CONN_EOF
+#define POLARSSL_ERR_SSL_COUNTER_WRAPPING MBEDTLS_ERR_SSL_COUNTER_WRAPPING
+#define POLARSSL_ERR_SSL_FATAL_ALERT_MESSAGE MBEDTLS_ERR_SSL_FATAL_ALERT_MESSAGE
+#define POLARSSL_ERR_SSL_FEATURE_UNAVAILABLE MBEDTLS_ERR_SSL_FEATURE_UNAVAILABLE
+#define POLARSSL_ERR_SSL_HELLO_VERIFY_REQUIRED MBEDTLS_ERR_SSL_HELLO_VERIFY_REQUIRED
+#define POLARSSL_ERR_SSL_HW_ACCEL_FAILED MBEDTLS_ERR_SSL_HW_ACCEL_FAILED
+#define POLARSSL_ERR_SSL_HW_ACCEL_FALLTHROUGH MBEDTLS_ERR_SSL_HW_ACCEL_FALLTHROUGH
+#define POLARSSL_ERR_SSL_INTERNAL_ERROR MBEDTLS_ERR_SSL_INTERNAL_ERROR
+#define POLARSSL_ERR_SSL_INVALID_MAC MBEDTLS_ERR_SSL_INVALID_MAC
+#define POLARSSL_ERR_SSL_INVALID_RECORD MBEDTLS_ERR_SSL_INVALID_RECORD
+#define POLARSSL_ERR_SSL_MALLOC_FAILED MBEDTLS_ERR_SSL_ALLOC_FAILED
+#define POLARSSL_ERR_SSL_NO_CIPHER_CHOSEN MBEDTLS_ERR_SSL_NO_CIPHER_CHOSEN
+#define POLARSSL_ERR_SSL_NO_CLIENT_CERTIFICATE MBEDTLS_ERR_SSL_NO_CLIENT_CERTIFICATE
+#define POLARSSL_ERR_SSL_NO_RNG MBEDTLS_ERR_SSL_NO_RNG
+#define POLARSSL_ERR_SSL_NO_USABLE_CIPHERSUITE MBEDTLS_ERR_SSL_NO_USABLE_CIPHERSUITE
+#define POLARSSL_ERR_SSL_PEER_CLOSE_NOTIFY MBEDTLS_ERR_SSL_PEER_CLOSE_NOTIFY
+#define POLARSSL_ERR_SSL_PEER_VERIFY_FAILED MBEDTLS_ERR_SSL_PEER_VERIFY_FAILED
+#define POLARSSL_ERR_SSL_PK_TYPE_MISMATCH MBEDTLS_ERR_SSL_PK_TYPE_MISMATCH
+#define POLARSSL_ERR_SSL_PRIVATE_KEY_REQUIRED MBEDTLS_ERR_SSL_PRIVATE_KEY_REQUIRED
+#define POLARSSL_ERR_SSL_SESSION_TICKET_EXPIRED MBEDTLS_ERR_SSL_SESSION_TICKET_EXPIRED
+#define POLARSSL_ERR_SSL_UNEXPECTED_MESSAGE MBEDTLS_ERR_SSL_UNEXPECTED_MESSAGE
+#define POLARSSL_ERR_SSL_UNKNOWN_CIPHER MBEDTLS_ERR_SSL_UNKNOWN_CIPHER
+#define POLARSSL_ERR_SSL_UNKNOWN_IDENTITY MBEDTLS_ERR_SSL_UNKNOWN_IDENTITY
+#define POLARSSL_ERR_SSL_WAITING_SERVER_HELLO_RENEGO MBEDTLS_ERR_SSL_WAITING_SERVER_HELLO_RENEGO
+#define POLARSSL_ERR_THREADING_BAD_INPUT_DATA MBEDTLS_ERR_THREADING_BAD_INPUT_DATA
+#define POLARSSL_ERR_THREADING_FEATURE_UNAVAILABLE MBEDTLS_ERR_THREADING_FEATURE_UNAVAILABLE
+#define POLARSSL_ERR_THREADING_MUTEX_ERROR MBEDTLS_ERR_THREADING_MUTEX_ERROR
+#define POLARSSL_ERR_X509_BAD_INPUT_DATA MBEDTLS_ERR_X509_BAD_INPUT_DATA
+#define POLARSSL_ERR_X509_CERT_UNKNOWN_FORMAT MBEDTLS_ERR_X509_CERT_UNKNOWN_FORMAT
+#define POLARSSL_ERR_X509_CERT_VERIFY_FAILED MBEDTLS_ERR_X509_CERT_VERIFY_FAILED
+#define POLARSSL_ERR_X509_FEATURE_UNAVAILABLE MBEDTLS_ERR_X509_FEATURE_UNAVAILABLE
+#define POLARSSL_ERR_X509_FILE_IO_ERROR MBEDTLS_ERR_X509_FILE_IO_ERROR
+#define POLARSSL_ERR_X509_INVALID_ALG MBEDTLS_ERR_X509_INVALID_ALG
+#define POLARSSL_ERR_X509_INVALID_DATE MBEDTLS_ERR_X509_INVALID_DATE
+#define POLARSSL_ERR_X509_INVALID_EXTENSIONS MBEDTLS_ERR_X509_INVALID_EXTENSIONS
+#define POLARSSL_ERR_X509_INVALID_FORMAT MBEDTLS_ERR_X509_INVALID_FORMAT
+#define POLARSSL_ERR_X509_INVALID_NAME MBEDTLS_ERR_X509_INVALID_NAME
+#define POLARSSL_ERR_X509_INVALID_SERIAL MBEDTLS_ERR_X509_INVALID_SERIAL
+#define POLARSSL_ERR_X509_INVALID_SIGNATURE MBEDTLS_ERR_X509_INVALID_SIGNATURE
+#define POLARSSL_ERR_X509_INVALID_VERSION MBEDTLS_ERR_X509_INVALID_VERSION
+#define POLARSSL_ERR_X509_MALLOC_FAILED MBEDTLS_ERR_X509_ALLOC_FAILED
+#define POLARSSL_ERR_X509_SIG_MISMATCH MBEDTLS_ERR_X509_SIG_MISMATCH
+#define POLARSSL_ERR_X509_UNKNOWN_OID MBEDTLS_ERR_X509_UNKNOWN_OID
+#define POLARSSL_ERR_X509_UNKNOWN_SIG_ALG MBEDTLS_ERR_X509_UNKNOWN_SIG_ALG
+#define POLARSSL_ERR_X509_UNKNOWN_VERSION MBEDTLS_ERR_X509_UNKNOWN_VERSION
+#define POLARSSL_ERR_XTEA_INVALID_INPUT_LENGTH MBEDTLS_ERR_XTEA_INVALID_INPUT_LENGTH
+#define POLARSSL_GCM_H MBEDTLS_GCM_H
+#define POLARSSL_HAVEGE_H MBEDTLS_HAVEGE_H
+#define POLARSSL_HAVE_INT32 MBEDTLS_HAVE_INT32
+#define POLARSSL_HAVE_INT64 MBEDTLS_HAVE_INT64
+#define POLARSSL_HAVE_UDBL MBEDTLS_HAVE_UDBL
+#define POLARSSL_HAVE_X86 MBEDTLS_HAVE_X86
+#define POLARSSL_HAVE_X86_64 MBEDTLS_HAVE_X86_64
+#define POLARSSL_HMAC_DRBG_H MBEDTLS_HMAC_DRBG_H
+#define POLARSSL_HMAC_DRBG_PR_OFF MBEDTLS_HMAC_DRBG_PR_OFF
+#define POLARSSL_HMAC_DRBG_PR_ON MBEDTLS_HMAC_DRBG_PR_ON
+#define POLARSSL_KEY_EXCHANGE_DHE_PSK MBEDTLS_KEY_EXCHANGE_DHE_PSK
+#define POLARSSL_KEY_EXCHANGE_DHE_RSA MBEDTLS_KEY_EXCHANGE_DHE_RSA
+#define POLARSSL_KEY_EXCHANGE_ECDHE_ECDSA MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA
+#define POLARSSL_KEY_EXCHANGE_ECDHE_PSK MBEDTLS_KEY_EXCHANGE_ECDHE_PSK
+#define POLARSSL_KEY_EXCHANGE_ECDHE_RSA MBEDTLS_KEY_EXCHANGE_ECDHE_RSA
+#define POLARSSL_KEY_EXCHANGE_ECDH_ECDSA MBEDTLS_KEY_EXCHANGE_ECDH_ECDSA
+#define POLARSSL_KEY_EXCHANGE_ECDH_RSA MBEDTLS_KEY_EXCHANGE_ECDH_RSA
+#define POLARSSL_KEY_EXCHANGE_NONE MBEDTLS_KEY_EXCHANGE_NONE
+#define POLARSSL_KEY_EXCHANGE_PSK MBEDTLS_KEY_EXCHANGE_PSK
+#define POLARSSL_KEY_EXCHANGE_RSA MBEDTLS_KEY_EXCHANGE_RSA
+#define POLARSSL_KEY_EXCHANGE_RSA_PSK MBEDTLS_KEY_EXCHANGE_RSA_PSK
+#define POLARSSL_KEY_EXCHANGE__SOME__ECDHE_ENABLED MBEDTLS_KEY_EXCHANGE__SOME__ECDHE_ENABLED
+#define POLARSSL_KEY_EXCHANGE__SOME__PSK_ENABLED MBEDTLS_KEY_EXCHANGE__SOME__PSK_ENABLED
+#define POLARSSL_KEY_EXCHANGE__WITH_CERT__ENABLED MBEDTLS_KEY_EXCHANGE__WITH_CERT__ENABLED
+#define POLARSSL_KEY_LENGTH_DES MBEDTLS_KEY_LENGTH_DES
+#define POLARSSL_KEY_LENGTH_DES_EDE MBEDTLS_KEY_LENGTH_DES_EDE
+#define POLARSSL_KEY_LENGTH_DES_EDE3 MBEDTLS_KEY_LENGTH_DES_EDE3
+#define POLARSSL_KEY_LENGTH_NONE MBEDTLS_KEY_LENGTH_NONE
+#define POLARSSL_MAX_BLOCK_LENGTH MBEDTLS_MAX_BLOCK_LENGTH
+#define POLARSSL_MAX_IV_LENGTH MBEDTLS_MAX_IV_LENGTH
+#define POLARSSL_MD2_H MBEDTLS_MD2_H
+#define POLARSSL_MD4_H MBEDTLS_MD4_H
+#define POLARSSL_MD5_H MBEDTLS_MD5_H
+#define POLARSSL_MD_H MBEDTLS_MD_H
+#define POLARSSL_MD_MAX_SIZE MBEDTLS_MD_MAX_SIZE
+#define POLARSSL_MD_MD2 MBEDTLS_MD_MD2
+#define POLARSSL_MD_MD4 MBEDTLS_MD_MD4
+#define POLARSSL_MD_MD5 MBEDTLS_MD_MD5
+#define POLARSSL_MD_NONE MBEDTLS_MD_NONE
+#define POLARSSL_MD_RIPEMD160 MBEDTLS_MD_RIPEMD160
+#define POLARSSL_MD_SHA1 MBEDTLS_MD_SHA1
+#define POLARSSL_MD_SHA224 MBEDTLS_MD_SHA224
+#define POLARSSL_MD_SHA256 MBEDTLS_MD_SHA256
+#define POLARSSL_MD_SHA384 MBEDTLS_MD_SHA384
+#define POLARSSL_MD_SHA512 MBEDTLS_MD_SHA512
+#define POLARSSL_MD_WRAP_H MBEDTLS_MD_WRAP_H
+#define POLARSSL_MEMORY_BUFFER_ALLOC_H MBEDTLS_MEMORY_BUFFER_ALLOC_H
+#define POLARSSL_MEMORY_H MBEDTLS_MEMORY_H
+#define POLARSSL_MODE_CBC MBEDTLS_MODE_CBC
+#define POLARSSL_MODE_CCM MBEDTLS_MODE_CCM
+#define POLARSSL_MODE_CFB MBEDTLS_MODE_CFB
+#define POLARSSL_MODE_CTR MBEDTLS_MODE_CTR
+#define POLARSSL_MODE_ECB MBEDTLS_MODE_ECB
+#define POLARSSL_MODE_GCM MBEDTLS_MODE_GCM
+#define POLARSSL_MODE_NONE MBEDTLS_MODE_NONE
+#define POLARSSL_MODE_OFB MBEDTLS_MODE_OFB
+#define POLARSSL_MODE_STREAM MBEDTLS_MODE_STREAM
+#define POLARSSL_MPI_MAX_BITS MBEDTLS_MPI_MAX_BITS
+#define POLARSSL_MPI_MAX_BITS_SCALE100 MBEDTLS_MPI_MAX_BITS_SCALE100
+#define POLARSSL_MPI_MAX_LIMBS MBEDTLS_MPI_MAX_LIMBS
+#define POLARSSL_MPI_RW_BUFFER_SIZE MBEDTLS_MPI_RW_BUFFER_SIZE
+#define POLARSSL_NET_H MBEDTLS_NET_H
+#define POLARSSL_NET_LISTEN_BACKLOG MBEDTLS_NET_LISTEN_BACKLOG
+#define POLARSSL_OID_H MBEDTLS_OID_H
+#define POLARSSL_OPERATION_NONE MBEDTLS_OPERATION_NONE
+#define POLARSSL_PADDING_NONE MBEDTLS_PADDING_NONE
+#define POLARSSL_PADDING_ONE_AND_ZEROS MBEDTLS_PADDING_ONE_AND_ZEROS
+#define POLARSSL_PADDING_PKCS7 MBEDTLS_PADDING_PKCS7
+#define POLARSSL_PADDING_ZEROS MBEDTLS_PADDING_ZEROS
+#define POLARSSL_PADDING_ZEROS_AND_LEN MBEDTLS_PADDING_ZEROS_AND_LEN
+#define POLARSSL_PADLOCK_H MBEDTLS_PADLOCK_H
+#define POLARSSL_PBKDF2_H MBEDTLS_PBKDF2_H
+#define POLARSSL_PEM_H MBEDTLS_PEM_H
+#define POLARSSL_PKCS11_H MBEDTLS_PKCS11_H
+#define POLARSSL_PKCS12_H MBEDTLS_PKCS12_H
+#define POLARSSL_PKCS5_H MBEDTLS_PKCS5_H
+#define POLARSSL_PK_DEBUG_ECP MBEDTLS_PK_DEBUG_ECP
+#define POLARSSL_PK_DEBUG_MAX_ITEMS MBEDTLS_PK_DEBUG_MAX_ITEMS
+#define POLARSSL_PK_DEBUG_MPI MBEDTLS_PK_DEBUG_MPI
+#define POLARSSL_PK_DEBUG_NONE MBEDTLS_PK_DEBUG_NONE
+#define POLARSSL_PK_ECDSA MBEDTLS_PK_ECDSA
+#define POLARSSL_PK_ECKEY MBEDTLS_PK_ECKEY
+#define POLARSSL_PK_ECKEY_DH MBEDTLS_PK_ECKEY_DH
+#define POLARSSL_PK_H MBEDTLS_PK_H
+#define POLARSSL_PK_NONE MBEDTLS_PK_NONE
+#define POLARSSL_PK_RSA MBEDTLS_PK_RSA
+#define POLARSSL_PK_RSASSA_PSS MBEDTLS_PK_RSASSA_PSS
+#define POLARSSL_PK_RSA_ALT MBEDTLS_PK_RSA_ALT
+#define POLARSSL_PK_WRAP_H MBEDTLS_PK_WRAP_H
+#define POLARSSL_PLATFORM_H MBEDTLS_PLATFORM_H
+#define POLARSSL_PREMASTER_SIZE MBEDTLS_PREMASTER_SIZE
+#define POLARSSL_RIPEMD160_H MBEDTLS_RIPEMD160_H
+#define POLARSSL_RSA_H MBEDTLS_RSA_H
+#define POLARSSL_SHA1_H MBEDTLS_SHA1_H
+#define POLARSSL_SHA256_H MBEDTLS_SHA256_H
+#define POLARSSL_SHA512_H MBEDTLS_SHA512_H
+#define POLARSSL_SSL_CACHE_H MBEDTLS_SSL_CACHE_H
+#define POLARSSL_SSL_CIPHERSUITES_H MBEDTLS_SSL_CIPHERSUITES_H
+#define POLARSSL_SSL_COOKIE_H MBEDTLS_SSL_COOKIE_H
+#define POLARSSL_SSL_H MBEDTLS_SSL_H
+#define POLARSSL_THREADING_H MBEDTLS_THREADING_H
+#define POLARSSL_THREADING_IMPL MBEDTLS_THREADING_IMPL
+#define POLARSSL_TIMING_H MBEDTLS_TIMING_H
+#define POLARSSL_VERSION_H MBEDTLS_VERSION_H
+#define POLARSSL_VERSION_MAJOR MBEDTLS_VERSION_MAJOR
+#define POLARSSL_VERSION_MINOR MBEDTLS_VERSION_MINOR
+#define POLARSSL_VERSION_NUMBER MBEDTLS_VERSION_NUMBER
+#define POLARSSL_VERSION_PATCH MBEDTLS_VERSION_PATCH
+#define POLARSSL_VERSION_STRING MBEDTLS_VERSION_STRING
+#define POLARSSL_VERSION_STRING_FULL MBEDTLS_VERSION_STRING_FULL
+#define POLARSSL_X509_CRL_H MBEDTLS_X509_CRL_H
+#define POLARSSL_X509_CRT_H MBEDTLS_X509_CRT_H
+#define POLARSSL_X509_CSR_H MBEDTLS_X509_CSR_H
+#define POLARSSL_X509_H MBEDTLS_X509_H
+#define POLARSSL_XTEA_H MBEDTLS_XTEA_H
+#define RSA_CRYPT MBEDTLS_RSA_CRYPT
+#define RSA_PKCS_V15 MBEDTLS_RSA_PKCS_V15
+#define RSA_PKCS_V21 MBEDTLS_RSA_PKCS_V21
+#define RSA_PRIVATE MBEDTLS_RSA_PRIVATE
+#define RSA_PUBLIC MBEDTLS_RSA_PUBLIC
+#define RSA_SALT_LEN_ANY MBEDTLS_RSA_SALT_LEN_ANY
+#define RSA_SIGN MBEDTLS_RSA_SIGN
+#define SSL_ALERT_LEVEL_FATAL MBEDTLS_SSL_ALERT_LEVEL_FATAL
+#define SSL_ALERT_LEVEL_WARNING MBEDTLS_SSL_ALERT_LEVEL_WARNING
+#define SSL_ALERT_MSG_ACCESS_DENIED MBEDTLS_SSL_ALERT_MSG_ACCESS_DENIED
+#define SSL_ALERT_MSG_BAD_CERT MBEDTLS_SSL_ALERT_MSG_BAD_CERT
+#define SSL_ALERT_MSG_BAD_RECORD_MAC MBEDTLS_SSL_ALERT_MSG_BAD_RECORD_MAC
+#define SSL_ALERT_MSG_CERT_EXPIRED MBEDTLS_SSL_ALERT_MSG_CERT_EXPIRED
+#define SSL_ALERT_MSG_CERT_REVOKED MBEDTLS_SSL_ALERT_MSG_CERT_REVOKED
+#define SSL_ALERT_MSG_CERT_UNKNOWN MBEDTLS_SSL_ALERT_MSG_CERT_UNKNOWN
+#define SSL_ALERT_MSG_CLOSE_NOTIFY MBEDTLS_SSL_ALERT_MSG_CLOSE_NOTIFY
+#define SSL_ALERT_MSG_DECODE_ERROR MBEDTLS_SSL_ALERT_MSG_DECODE_ERROR
+#define SSL_ALERT_MSG_DECOMPRESSION_FAILURE MBEDTLS_SSL_ALERT_MSG_DECOMPRESSION_FAILURE
+#define SSL_ALERT_MSG_DECRYPTION_FAILED MBEDTLS_SSL_ALERT_MSG_DECRYPTION_FAILED
+#define SSL_ALERT_MSG_DECRYPT_ERROR MBEDTLS_SSL_ALERT_MSG_DECRYPT_ERROR
+#define SSL_ALERT_MSG_EXPORT_RESTRICTION MBEDTLS_SSL_ALERT_MSG_EXPORT_RESTRICTION
+#define SSL_ALERT_MSG_HANDSHAKE_FAILURE MBEDTLS_SSL_ALERT_MSG_HANDSHAKE_FAILURE
+#define SSL_ALERT_MSG_ILLEGAL_PARAMETER MBEDTLS_SSL_ALERT_MSG_ILLEGAL_PARAMETER
+#define SSL_ALERT_MSG_INAPROPRIATE_FALLBACK MBEDTLS_SSL_ALERT_MSG_INAPROPRIATE_FALLBACK
+#define SSL_ALERT_MSG_INSUFFICIENT_SECURITY MBEDTLS_SSL_ALERT_MSG_INSUFFICIENT_SECURITY
+#define SSL_ALERT_MSG_INTERNAL_ERROR MBEDTLS_SSL_ALERT_MSG_INTERNAL_ERROR
+#define SSL_ALERT_MSG_NO_APPLICATION_PROTOCOL MBEDTLS_SSL_ALERT_MSG_NO_APPLICATION_PROTOCOL
+#define SSL_ALERT_MSG_NO_CERT MBEDTLS_SSL_ALERT_MSG_NO_CERT
+#define SSL_ALERT_MSG_NO_RENEGOTIATION MBEDTLS_SSL_ALERT_MSG_NO_RENEGOTIATION
+#define SSL_ALERT_MSG_PROTOCOL_VERSION MBEDTLS_SSL_ALERT_MSG_PROTOCOL_VERSION
+#define SSL_ALERT_MSG_RECORD_OVERFLOW MBEDTLS_SSL_ALERT_MSG_RECORD_OVERFLOW
+#define SSL_ALERT_MSG_UNEXPECTED_MESSAGE MBEDTLS_SSL_ALERT_MSG_UNEXPECTED_MESSAGE
+#define SSL_ALERT_MSG_UNKNOWN_CA MBEDTLS_SSL_ALERT_MSG_UNKNOWN_CA
+#define SSL_ALERT_MSG_UNKNOWN_PSK_IDENTITY MBEDTLS_SSL_ALERT_MSG_UNKNOWN_PSK_IDENTITY
+#define SSL_ALERT_MSG_UNRECOGNIZED_NAME MBEDTLS_SSL_ALERT_MSG_UNRECOGNIZED_NAME
+#define SSL_ALERT_MSG_UNSUPPORTED_CERT MBEDTLS_SSL_ALERT_MSG_UNSUPPORTED_CERT
+#define SSL_ALERT_MSG_UNSUPPORTED_EXT MBEDTLS_SSL_ALERT_MSG_UNSUPPORTED_EXT
+#define SSL_ALERT_MSG_USER_CANCELED MBEDTLS_SSL_ALERT_MSG_USER_CANCELED
+#define SSL_ANTI_REPLAY_DISABLED MBEDTLS_SSL_ANTI_REPLAY_DISABLED
+#define SSL_ANTI_REPLAY_ENABLED MBEDTLS_SSL_ANTI_REPLAY_ENABLED
+#define SSL_ARC4_DISABLED MBEDTLS_SSL_ARC4_DISABLED
+#define SSL_ARC4_ENABLED MBEDTLS_SSL_ARC4_ENABLED
+#define SSL_BUFFER_LEN MBEDTLS_SSL_BUFFER_LEN
+#define SSL_CACHE_DEFAULT_MAX_ENTRIES MBEDTLS_SSL_CACHE_DEFAULT_MAX_ENTRIES
+#define SSL_CACHE_DEFAULT_TIMEOUT MBEDTLS_SSL_CACHE_DEFAULT_TIMEOUT
+#define SSL_CBC_RECORD_SPLITTING_DISABLED MBEDTLS_SSL_CBC_RECORD_SPLITTING_DISABLED
+#define SSL_CBC_RECORD_SPLITTING_ENABLED MBEDTLS_SSL_CBC_RECORD_SPLITTING_ENABLED
+#define SSL_CERTIFICATE_REQUEST MBEDTLS_SSL_CERTIFICATE_REQUEST
+#define SSL_CERTIFICATE_VERIFY MBEDTLS_SSL_CERTIFICATE_VERIFY
+#define SSL_CERT_TYPE_ECDSA_SIGN MBEDTLS_SSL_CERT_TYPE_ECDSA_SIGN
+#define SSL_CERT_TYPE_RSA_SIGN MBEDTLS_SSL_CERT_TYPE_RSA_SIGN
+#define SSL_CHANNEL_INBOUND MBEDTLS_SSL_CHANNEL_INBOUND
+#define SSL_CHANNEL_OUTBOUND MBEDTLS_SSL_CHANNEL_OUTBOUND
+#define SSL_CIPHERSUITES MBEDTLS_SSL_CIPHERSUITES
+#define SSL_CLIENT_CERTIFICATE MBEDTLS_SSL_CLIENT_CERTIFICATE
+#define SSL_CLIENT_CHANGE_CIPHER_SPEC MBEDTLS_SSL_CLIENT_CHANGE_CIPHER_SPEC
+#define SSL_CLIENT_FINISHED MBEDTLS_SSL_CLIENT_FINISHED
+#define SSL_CLIENT_HELLO MBEDTLS_SSL_CLIENT_HELLO
+#define SSL_CLIENT_KEY_EXCHANGE MBEDTLS_SSL_CLIENT_KEY_EXCHANGE
+#define SSL_COMPRESSION_ADD MBEDTLS_SSL_COMPRESSION_ADD
+#define SSL_COMPRESS_DEFLATE MBEDTLS_SSL_COMPRESS_DEFLATE
+#define SSL_COMPRESS_NULL MBEDTLS_SSL_COMPRESS_NULL
+#define SSL_DEBUG_BUF MBEDTLS_SSL_DEBUG_BUF
+#define SSL_DEBUG_CRT MBEDTLS_SSL_DEBUG_CRT
+#define SSL_DEBUG_ECP MBEDTLS_SSL_DEBUG_ECP
+#define SSL_DEBUG_MPI MBEDTLS_SSL_DEBUG_MPI
+#define SSL_DEBUG_MSG MBEDTLS_SSL_DEBUG_MSG
+#define SSL_DEBUG_RET MBEDTLS_SSL_DEBUG_RET
+#define SSL_DEFAULT_TICKET_LIFETIME MBEDTLS_SSL_DEFAULT_TICKET_LIFETIME
+#define SSL_DTLS_TIMEOUT_DFL_MAX MBEDTLS_SSL_DTLS_TIMEOUT_DFL_MAX
+#define SSL_DTLS_TIMEOUT_DFL_MIN MBEDTLS_SSL_DTLS_TIMEOUT_DFL_MIN
+#define SSL_EMPTY_RENEGOTIATION_INFO MBEDTLS_SSL_EMPTY_RENEGOTIATION_INFO
+#define SSL_ETM_DISABLED MBEDTLS_SSL_ETM_DISABLED
+#define SSL_ETM_ENABLED MBEDTLS_SSL_ETM_ENABLED
+#define SSL_EXTENDED_MS_DISABLED MBEDTLS_SSL_EXTENDED_MS_DISABLED
+#define SSL_EXTENDED_MS_ENABLED MBEDTLS_SSL_EXTENDED_MS_ENABLED
+#define SSL_FALLBACK_SCSV MBEDTLS_SSL_FALLBACK_SCSV
+#define SSL_FLUSH_BUFFERS MBEDTLS_SSL_FLUSH_BUFFERS
+#define SSL_HANDSHAKE_OVER MBEDTLS_SSL_HANDSHAKE_OVER
+#define SSL_HANDSHAKE_WRAPUP MBEDTLS_SSL_HANDSHAKE_WRAPUP
+#define SSL_HASH_MD5 MBEDTLS_SSL_HASH_MD5
+#define SSL_HASH_NONE MBEDTLS_SSL_HASH_NONE
+#define SSL_HASH_SHA1 MBEDTLS_SSL_HASH_SHA1
+#define SSL_HASH_SHA224 MBEDTLS_SSL_HASH_SHA224
+#define SSL_HASH_SHA256 MBEDTLS_SSL_HASH_SHA256
+#define SSL_HASH_SHA384 MBEDTLS_SSL_HASH_SHA384
+#define SSL_HASH_SHA512 MBEDTLS_SSL_HASH_SHA512
+#define SSL_HELLO_REQUEST MBEDTLS_SSL_HELLO_REQUEST
+#define SSL_HS_CERTIFICATE MBEDTLS_SSL_HS_CERTIFICATE
+#define SSL_HS_CERTIFICATE_REQUEST MBEDTLS_SSL_HS_CERTIFICATE_REQUEST
+#define SSL_HS_CERTIFICATE_VERIFY MBEDTLS_SSL_HS_CERTIFICATE_VERIFY
+#define SSL_HS_CLIENT_HELLO MBEDTLS_SSL_HS_CLIENT_HELLO
+#define SSL_HS_CLIENT_KEY_EXCHANGE MBEDTLS_SSL_HS_CLIENT_KEY_EXCHANGE
+#define SSL_HS_FINISHED MBEDTLS_SSL_HS_FINISHED
+#define SSL_HS_HELLO_REQUEST MBEDTLS_SSL_HS_HELLO_REQUEST
+#define SSL_HS_HELLO_VERIFY_REQUEST MBEDTLS_SSL_HS_HELLO_VERIFY_REQUEST
+#define SSL_HS_NEW_SESSION_TICKET MBEDTLS_SSL_HS_NEW_SESSION_TICKET
+#define SSL_HS_SERVER_HELLO MBEDTLS_SSL_HS_SERVER_HELLO
+#define SSL_HS_SERVER_HELLO_DONE MBEDTLS_SSL_HS_SERVER_HELLO_DONE
+#define SSL_HS_SERVER_KEY_EXCHANGE MBEDTLS_SSL_HS_SERVER_KEY_EXCHANGE
+#define SSL_INITIAL_HANDSHAKE MBEDTLS_SSL_INITIAL_HANDSHAKE
+#define SSL_IS_CLIENT MBEDTLS_SSL_IS_CLIENT
+#define SSL_IS_FALLBACK MBEDTLS_SSL_IS_FALLBACK
+#define SSL_IS_NOT_FALLBACK MBEDTLS_SSL_IS_NOT_FALLBACK
+#define SSL_IS_SERVER MBEDTLS_SSL_IS_SERVER
+#define SSL_LEGACY_ALLOW_RENEGOTIATION MBEDTLS_SSL_LEGACY_ALLOW_RENEGOTIATION
+#define SSL_LEGACY_BREAK_HANDSHAKE MBEDTLS_SSL_LEGACY_BREAK_HANDSHAKE
+#define SSL_LEGACY_NO_RENEGOTIATION MBEDTLS_SSL_LEGACY_NO_RENEGOTIATION
+#define SSL_LEGACY_RENEGOTIATION MBEDTLS_SSL_LEGACY_RENEGOTIATION
+#define SSL_MAC_ADD MBEDTLS_SSL_MAC_ADD
+#define SSL_MAJOR_VERSION_3 MBEDTLS_SSL_MAJOR_VERSION_3
+#define SSL_MAX_CONTENT_LEN MBEDTLS_SSL_MAX_CONTENT_LEN
+#define SSL_MAX_FRAG_LEN_1024 MBEDTLS_SSL_MAX_FRAG_LEN_1024
+#define SSL_MAX_FRAG_LEN_2048 MBEDTLS_SSL_MAX_FRAG_LEN_2048
+#define SSL_MAX_FRAG_LEN_4096 MBEDTLS_SSL_MAX_FRAG_LEN_4096
+#define SSL_MAX_FRAG_LEN_512 MBEDTLS_SSL_MAX_FRAG_LEN_512
+#define SSL_MAX_FRAG_LEN_INVALID MBEDTLS_SSL_MAX_FRAG_LEN_INVALID
+#define SSL_MAX_FRAG_LEN_NONE MBEDTLS_SSL_MAX_FRAG_LEN_NONE
+#define SSL_MAX_MAJOR_VERSION MBEDTLS_SSL_MAX_MAJOR_VERSION
+#define SSL_MAX_MINOR_VERSION MBEDTLS_SSL_MAX_MINOR_VERSION
+#define SSL_MINOR_VERSION_0 MBEDTLS_SSL_MINOR_VERSION_0
+#define SSL_MINOR_VERSION_1 MBEDTLS_SSL_MINOR_VERSION_1
+#define SSL_MINOR_VERSION_2 MBEDTLS_SSL_MINOR_VERSION_2
+#define SSL_MINOR_VERSION_3 MBEDTLS_SSL_MINOR_VERSION_3
+#define SSL_MIN_MAJOR_VERSION MBEDTLS_SSL_MIN_MAJOR_VERSION
+#define SSL_MIN_MINOR_VERSION MBEDTLS_SSL_MIN_MINOR_VERSION
+#define SSL_MSG_ALERT MBEDTLS_SSL_MSG_ALERT
+#define SSL_MSG_APPLICATION_DATA MBEDTLS_SSL_MSG_APPLICATION_DATA
+#define SSL_MSG_CHANGE_CIPHER_SPEC MBEDTLS_SSL_MSG_CHANGE_CIPHER_SPEC
+#define SSL_MSG_HANDSHAKE MBEDTLS_SSL_MSG_HANDSHAKE
+#define SSL_PADDING_ADD MBEDTLS_SSL_PADDING_ADD
+#define SSL_RENEGOTIATION MBEDTLS_SSL_RENEGOTIATION
+#define SSL_RENEGOTIATION_DISABLED MBEDTLS_SSL_RENEGOTIATION_DISABLED
+#define SSL_RENEGOTIATION_DONE MBEDTLS_SSL_RENEGOTIATION_DONE
+#define SSL_RENEGOTIATION_ENABLED MBEDTLS_SSL_RENEGOTIATION_ENABLED
+#define SSL_RENEGOTIATION_NOT_ENFORCED MBEDTLS_SSL_RENEGOTIATION_NOT_ENFORCED
+#define SSL_RENEGOTIATION_PENDING MBEDTLS_SSL_RENEGOTIATION_PENDING
+#define SSL_RENEGO_MAX_RECORDS_DEFAULT MBEDTLS_SSL_RENEGO_MAX_RECORDS_DEFAULT
+#define SSL_RETRANS_FINISHED MBEDTLS_SSL_RETRANS_FINISHED
+#define SSL_RETRANS_PREPARING MBEDTLS_SSL_RETRANS_PREPARING
+#define SSL_RETRANS_SENDING MBEDTLS_SSL_RETRANS_SENDING
+#define SSL_RETRANS_WAITING MBEDTLS_SSL_RETRANS_WAITING
+#define SSL_SECURE_RENEGOTIATION MBEDTLS_SSL_SECURE_RENEGOTIATION
+#define SSL_SERVER_CERTIFICATE MBEDTLS_SSL_SERVER_CERTIFICATE
+#define SSL_SERVER_CHANGE_CIPHER_SPEC MBEDTLS_SSL_SERVER_CHANGE_CIPHER_SPEC
+#define SSL_SERVER_FINISHED MBEDTLS_SSL_SERVER_FINISHED
+#define SSL_SERVER_HELLO MBEDTLS_SSL_SERVER_HELLO
+#define SSL_SERVER_HELLO_DONE MBEDTLS_SSL_SERVER_HELLO_DONE
+#define SSL_SERVER_HELLO_VERIFY_REQUEST_SENT MBEDTLS_SSL_SERVER_HELLO_VERIFY_REQUEST_SENT
+#define SSL_SERVER_KEY_EXCHANGE MBEDTLS_SSL_SERVER_KEY_EXCHANGE
+#define SSL_SERVER_NEW_SESSION_TICKET MBEDTLS_SSL_SERVER_NEW_SESSION_TICKET
+#define SSL_SESSION_TICKETS_DISABLED MBEDTLS_SSL_SESSION_TICKETS_DISABLED
+#define SSL_SESSION_TICKETS_ENABLED MBEDTLS_SSL_SESSION_TICKETS_ENABLED
+#define SSL_SIG_ANON MBEDTLS_SSL_SIG_ANON
+#define SSL_SIG_ECDSA MBEDTLS_SSL_SIG_ECDSA
+#define SSL_SIG_RSA MBEDTLS_SSL_SIG_RSA
+#define SSL_TRANSPORT_DATAGRAM MBEDTLS_SSL_TRANSPORT_DATAGRAM
+#define SSL_TRANSPORT_STREAM MBEDTLS_SSL_TRANSPORT_STREAM
+#define SSL_TRUNCATED_HMAC_LEN MBEDTLS_SSL_TRUNCATED_HMAC_LEN
+#define SSL_TRUNC_HMAC_DISABLED MBEDTLS_SSL_TRUNC_HMAC_DISABLED
+#define SSL_TRUNC_HMAC_ENABLED MBEDTLS_SSL_TRUNC_HMAC_ENABLED
+#define SSL_VERIFY_DATA_MAX_LEN MBEDTLS_SSL_VERIFY_DATA_MAX_LEN
+#define SSL_VERIFY_NONE MBEDTLS_SSL_VERIFY_NONE
+#define SSL_VERIFY_OPTIONAL MBEDTLS_SSL_VERIFY_OPTIONAL
+#define SSL_VERIFY_REQUIRED MBEDTLS_SSL_VERIFY_REQUIRED
+#define TLS_DHE_PSK_WITH_3DES_EDE_CBC_SHA MBEDTLS_TLS_DHE_PSK_WITH_3DES_EDE_CBC_SHA
+#define TLS_DHE_PSK_WITH_AES_128_CBC_SHA MBEDTLS_TLS_DHE_PSK_WITH_AES_128_CBC_SHA
+#define TLS_DHE_PSK_WITH_AES_128_CBC_SHA256 MBEDTLS_TLS_DHE_PSK_WITH_AES_128_CBC_SHA256
+#define TLS_DHE_PSK_WITH_AES_128_CCM MBEDTLS_TLS_DHE_PSK_WITH_AES_128_CCM
+#define TLS_DHE_PSK_WITH_AES_128_CCM_8 MBEDTLS_TLS_DHE_PSK_WITH_AES_128_CCM_8
+#define TLS_DHE_PSK_WITH_AES_128_GCM_SHA256 MBEDTLS_TLS_DHE_PSK_WITH_AES_128_GCM_SHA256
+#define TLS_DHE_PSK_WITH_AES_256_CBC_SHA MBEDTLS_TLS_DHE_PSK_WITH_AES_256_CBC_SHA
+#define TLS_DHE_PSK_WITH_AES_256_CBC_SHA384 MBEDTLS_TLS_DHE_PSK_WITH_AES_256_CBC_SHA384
+#define TLS_DHE_PSK_WITH_AES_256_CCM MBEDTLS_TLS_DHE_PSK_WITH_AES_256_CCM
+#define TLS_DHE_PSK_WITH_AES_256_CCM_8 MBEDTLS_TLS_DHE_PSK_WITH_AES_256_CCM_8
+#define TLS_DHE_PSK_WITH_AES_256_GCM_SHA384 MBEDTLS_TLS_DHE_PSK_WITH_AES_256_GCM_SHA384
+#define TLS_DHE_PSK_WITH_CAMELLIA_128_CBC_SHA256 MBEDTLS_TLS_DHE_PSK_WITH_CAMELLIA_128_CBC_SHA256
+#define TLS_DHE_PSK_WITH_CAMELLIA_128_GCM_SHA256 MBEDTLS_TLS_DHE_PSK_WITH_CAMELLIA_128_GCM_SHA256
+#define TLS_DHE_PSK_WITH_CAMELLIA_256_CBC_SHA384 MBEDTLS_TLS_DHE_PSK_WITH_CAMELLIA_256_CBC_SHA384
+#define TLS_DHE_PSK_WITH_CAMELLIA_256_GCM_SHA384 MBEDTLS_TLS_DHE_PSK_WITH_CAMELLIA_256_GCM_SHA384
+#define TLS_DHE_PSK_WITH_NULL_SHA MBEDTLS_TLS_DHE_PSK_WITH_NULL_SHA
+#define TLS_DHE_PSK_WITH_NULL_SHA256 MBEDTLS_TLS_DHE_PSK_WITH_NULL_SHA256
+#define TLS_DHE_PSK_WITH_NULL_SHA384 MBEDTLS_TLS_DHE_PSK_WITH_NULL_SHA384
+#define TLS_DHE_PSK_WITH_RC4_128_SHA MBEDTLS_TLS_DHE_PSK_WITH_RC4_128_SHA
+#define TLS_DHE_RSA_WITH_3DES_EDE_CBC_SHA MBEDTLS_TLS_DHE_RSA_WITH_3DES_EDE_CBC_SHA
+#define TLS_DHE_RSA_WITH_AES_128_CBC_SHA MBEDTLS_TLS_DHE_RSA_WITH_AES_128_CBC_SHA
+#define TLS_DHE_RSA_WITH_AES_128_CBC_SHA256 MBEDTLS_TLS_DHE_RSA_WITH_AES_128_CBC_SHA256
+#define TLS_DHE_RSA_WITH_AES_128_CCM MBEDTLS_TLS_DHE_RSA_WITH_AES_128_CCM
+#define TLS_DHE_RSA_WITH_AES_128_CCM_8 MBEDTLS_TLS_DHE_RSA_WITH_AES_128_CCM_8
+#define TLS_DHE_RSA_WITH_AES_128_GCM_SHA256 MBEDTLS_TLS_DHE_RSA_WITH_AES_128_GCM_SHA256
+#define TLS_DHE_RSA_WITH_AES_256_CBC_SHA MBEDTLS_TLS_DHE_RSA_WITH_AES_256_CBC_SHA
+#define TLS_DHE_RSA_WITH_AES_256_CBC_SHA256 MBEDTLS_TLS_DHE_RSA_WITH_AES_256_CBC_SHA256
+#define TLS_DHE_RSA_WITH_AES_256_CCM MBEDTLS_TLS_DHE_RSA_WITH_AES_256_CCM
+#define TLS_DHE_RSA_WITH_AES_256_CCM_8 MBEDTLS_TLS_DHE_RSA_WITH_AES_256_CCM_8
+#define TLS_DHE_RSA_WITH_AES_256_GCM_SHA384 MBEDTLS_TLS_DHE_RSA_WITH_AES_256_GCM_SHA384
+#define TLS_DHE_RSA_WITH_CAMELLIA_128_CBC_SHA MBEDTLS_TLS_DHE_RSA_WITH_CAMELLIA_128_CBC_SHA
+#define TLS_DHE_RSA_WITH_CAMELLIA_128_CBC_SHA256 MBEDTLS_TLS_DHE_RSA_WITH_CAMELLIA_128_CBC_SHA256
+#define TLS_DHE_RSA_WITH_CAMELLIA_128_GCM_SHA256 MBEDTLS_TLS_DHE_RSA_WITH_CAMELLIA_128_GCM_SHA256
+#define TLS_DHE_RSA_WITH_CAMELLIA_256_CBC_SHA MBEDTLS_TLS_DHE_RSA_WITH_CAMELLIA_256_CBC_SHA
+#define TLS_DHE_RSA_WITH_CAMELLIA_256_CBC_SHA256 MBEDTLS_TLS_DHE_RSA_WITH_CAMELLIA_256_CBC_SHA256
+#define TLS_DHE_RSA_WITH_CAMELLIA_256_GCM_SHA384 MBEDTLS_TLS_DHE_RSA_WITH_CAMELLIA_256_GCM_SHA384
+#define TLS_DHE_RSA_WITH_DES_CBC_SHA MBEDTLS_TLS_DHE_RSA_WITH_DES_CBC_SHA
+#define TLS_ECDHE_ECDSA_WITH_3DES_EDE_CBC_SHA MBEDTLS_TLS_ECDHE_ECDSA_WITH_3DES_EDE_CBC_SHA
+#define TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA MBEDTLS_TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA
+#define TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256 MBEDTLS_TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256
+#define TLS_ECDHE_ECDSA_WITH_AES_128_CCM MBEDTLS_TLS_ECDHE_ECDSA_WITH_AES_128_CCM
+#define TLS_ECDHE_ECDSA_WITH_AES_128_CCM_8 MBEDTLS_TLS_ECDHE_ECDSA_WITH_AES_128_CCM_8
+#define TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256 MBEDTLS_TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256
+#define TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA MBEDTLS_TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA
+#define TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA384 MBEDTLS_TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA384
+#define TLS_ECDHE_ECDSA_WITH_AES_256_CCM MBEDTLS_TLS_ECDHE_ECDSA_WITH_AES_256_CCM
+#define TLS_ECDHE_ECDSA_WITH_AES_256_CCM_8 MBEDTLS_TLS_ECDHE_ECDSA_WITH_AES_256_CCM_8
+#define TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384 MBEDTLS_TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384
+#define TLS_ECDHE_ECDSA_WITH_CAMELLIA_128_CBC_SHA256 MBEDTLS_TLS_ECDHE_ECDSA_WITH_CAMELLIA_128_CBC_SHA256
+#define TLS_ECDHE_ECDSA_WITH_CAMELLIA_128_GCM_SHA256 MBEDTLS_TLS_ECDHE_ECDSA_WITH_CAMELLIA_128_GCM_SHA256
+#define TLS_ECDHE_ECDSA_WITH_CAMELLIA_256_CBC_SHA384 MBEDTLS_TLS_ECDHE_ECDSA_WITH_CAMELLIA_256_CBC_SHA384
+#define TLS_ECDHE_ECDSA_WITH_CAMELLIA_256_GCM_SHA384 MBEDTLS_TLS_ECDHE_ECDSA_WITH_CAMELLIA_256_GCM_SHA384
+#define TLS_ECDHE_ECDSA_WITH_NULL_SHA MBEDTLS_TLS_ECDHE_ECDSA_WITH_NULL_SHA
+#define TLS_ECDHE_ECDSA_WITH_RC4_128_SHA MBEDTLS_TLS_ECDHE_ECDSA_WITH_RC4_128_SHA
+#define TLS_ECDHE_PSK_WITH_3DES_EDE_CBC_SHA MBEDTLS_TLS_ECDHE_PSK_WITH_3DES_EDE_CBC_SHA
+#define TLS_ECDHE_PSK_WITH_AES_128_CBC_SHA MBEDTLS_TLS_ECDHE_PSK_WITH_AES_128_CBC_SHA
+#define TLS_ECDHE_PSK_WITH_AES_128_CBC_SHA256 MBEDTLS_TLS_ECDHE_PSK_WITH_AES_128_CBC_SHA256
+#define TLS_ECDHE_PSK_WITH_AES_256_CBC_SHA MBEDTLS_TLS_ECDHE_PSK_WITH_AES_256_CBC_SHA
+#define TLS_ECDHE_PSK_WITH_AES_256_CBC_SHA384 MBEDTLS_TLS_ECDHE_PSK_WITH_AES_256_CBC_SHA384
+#define TLS_ECDHE_PSK_WITH_CAMELLIA_128_CBC_SHA256 MBEDTLS_TLS_ECDHE_PSK_WITH_CAMELLIA_128_CBC_SHA256
+#define TLS_ECDHE_PSK_WITH_CAMELLIA_256_CBC_SHA384 MBEDTLS_TLS_ECDHE_PSK_WITH_CAMELLIA_256_CBC_SHA384
+#define TLS_ECDHE_PSK_WITH_NULL_SHA MBEDTLS_TLS_ECDHE_PSK_WITH_NULL_SHA
+#define TLS_ECDHE_PSK_WITH_NULL_SHA256 MBEDTLS_TLS_ECDHE_PSK_WITH_NULL_SHA256
+#define TLS_ECDHE_PSK_WITH_NULL_SHA384 MBEDTLS_TLS_ECDHE_PSK_WITH_NULL_SHA384
+#define TLS_ECDHE_PSK_WITH_RC4_128_SHA MBEDTLS_TLS_ECDHE_PSK_WITH_RC4_128_SHA
+#define TLS_ECDHE_RSA_WITH_3DES_EDE_CBC_SHA MBEDTLS_TLS_ECDHE_RSA_WITH_3DES_EDE_CBC_SHA
+#define TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA MBEDTLS_TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA
+#define TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256 MBEDTLS_TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256
+#define TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256 MBEDTLS_TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256
+#define TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA MBEDTLS_TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA
+#define TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384 MBEDTLS_TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384
+#define TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384 MBEDTLS_TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384
+#define TLS_ECDHE_RSA_WITH_CAMELLIA_128_CBC_SHA256 MBEDTLS_TLS_ECDHE_RSA_WITH_CAMELLIA_128_CBC_SHA256
+#define TLS_ECDHE_RSA_WITH_CAMELLIA_128_GCM_SHA256 MBEDTLS_TLS_ECDHE_RSA_WITH_CAMELLIA_128_GCM_SHA256
+#define TLS_ECDHE_RSA_WITH_CAMELLIA_256_CBC_SHA384 MBEDTLS_TLS_ECDHE_RSA_WITH_CAMELLIA_256_CBC_SHA384
+#define TLS_ECDHE_RSA_WITH_CAMELLIA_256_GCM_SHA384 MBEDTLS_TLS_ECDHE_RSA_WITH_CAMELLIA_256_GCM_SHA384
+#define TLS_ECDHE_RSA_WITH_NULL_SHA MBEDTLS_TLS_ECDHE_RSA_WITH_NULL_SHA
+#define TLS_ECDHE_RSA_WITH_RC4_128_SHA MBEDTLS_TLS_ECDHE_RSA_WITH_RC4_128_SHA
+#define TLS_ECDH_ECDSA_WITH_3DES_EDE_CBC_SHA MBEDTLS_TLS_ECDH_ECDSA_WITH_3DES_EDE_CBC_SHA
+#define TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA MBEDTLS_TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA
+#define TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA256 MBEDTLS_TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA256
+#define TLS_ECDH_ECDSA_WITH_AES_128_GCM_SHA256 MBEDTLS_TLS_ECDH_ECDSA_WITH_AES_128_GCM_SHA256
+#define TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA MBEDTLS_TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA
+#define TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA384 MBEDTLS_TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA384
+#define TLS_ECDH_ECDSA_WITH_AES_256_GCM_SHA384 MBEDTLS_TLS_ECDH_ECDSA_WITH_AES_256_GCM_SHA384
+#define TLS_ECDH_ECDSA_WITH_CAMELLIA_128_CBC_SHA256 MBEDTLS_TLS_ECDH_ECDSA_WITH_CAMELLIA_128_CBC_SHA256
+#define TLS_ECDH_ECDSA_WITH_CAMELLIA_128_GCM_SHA256 MBEDTLS_TLS_ECDH_ECDSA_WITH_CAMELLIA_128_GCM_SHA256
+#define TLS_ECDH_ECDSA_WITH_CAMELLIA_256_CBC_SHA384 MBEDTLS_TLS_ECDH_ECDSA_WITH_CAMELLIA_256_CBC_SHA384
+#define TLS_ECDH_ECDSA_WITH_CAMELLIA_256_GCM_SHA384 MBEDTLS_TLS_ECDH_ECDSA_WITH_CAMELLIA_256_GCM_SHA384
+#define TLS_ECDH_ECDSA_WITH_NULL_SHA MBEDTLS_TLS_ECDH_ECDSA_WITH_NULL_SHA
+#define TLS_ECDH_ECDSA_WITH_RC4_128_SHA MBEDTLS_TLS_ECDH_ECDSA_WITH_RC4_128_SHA
+#define TLS_ECDH_RSA_WITH_3DES_EDE_CBC_SHA MBEDTLS_TLS_ECDH_RSA_WITH_3DES_EDE_CBC_SHA
+#define TLS_ECDH_RSA_WITH_AES_128_CBC_SHA MBEDTLS_TLS_ECDH_RSA_WITH_AES_128_CBC_SHA
+#define TLS_ECDH_RSA_WITH_AES_128_CBC_SHA256 MBEDTLS_TLS_ECDH_RSA_WITH_AES_128_CBC_SHA256
+#define TLS_ECDH_RSA_WITH_AES_128_GCM_SHA256 MBEDTLS_TLS_ECDH_RSA_WITH_AES_128_GCM_SHA256
+#define TLS_ECDH_RSA_WITH_AES_256_CBC_SHA MBEDTLS_TLS_ECDH_RSA_WITH_AES_256_CBC_SHA
+#define TLS_ECDH_RSA_WITH_AES_256_CBC_SHA384 MBEDTLS_TLS_ECDH_RSA_WITH_AES_256_CBC_SHA384
+#define TLS_ECDH_RSA_WITH_AES_256_GCM_SHA384 MBEDTLS_TLS_ECDH_RSA_WITH_AES_256_GCM_SHA384
+#define TLS_ECDH_RSA_WITH_CAMELLIA_128_CBC_SHA256 MBEDTLS_TLS_ECDH_RSA_WITH_CAMELLIA_128_CBC_SHA256
+#define TLS_ECDH_RSA_WITH_CAMELLIA_128_GCM_SHA256 MBEDTLS_TLS_ECDH_RSA_WITH_CAMELLIA_128_GCM_SHA256
+#define TLS_ECDH_RSA_WITH_CAMELLIA_256_CBC_SHA384 MBEDTLS_TLS_ECDH_RSA_WITH_CAMELLIA_256_CBC_SHA384
+#define TLS_ECDH_RSA_WITH_CAMELLIA_256_GCM_SHA384 MBEDTLS_TLS_ECDH_RSA_WITH_CAMELLIA_256_GCM_SHA384
+#define TLS_ECDH_RSA_WITH_NULL_SHA MBEDTLS_TLS_ECDH_RSA_WITH_NULL_SHA
+#define TLS_ECDH_RSA_WITH_RC4_128_SHA MBEDTLS_TLS_ECDH_RSA_WITH_RC4_128_SHA
+#define TLS_EXT_ALPN MBEDTLS_TLS_EXT_ALPN
+#define TLS_EXT_ENCRYPT_THEN_MAC MBEDTLS_TLS_EXT_ENCRYPT_THEN_MAC
+#define TLS_EXT_EXTENDED_MASTER_SECRET MBEDTLS_TLS_EXT_EXTENDED_MASTER_SECRET
+#define TLS_EXT_MAX_FRAGMENT_LENGTH MBEDTLS_TLS_EXT_MAX_FRAGMENT_LENGTH
+#define TLS_EXT_RENEGOTIATION_INFO MBEDTLS_TLS_EXT_RENEGOTIATION_INFO
+#define TLS_EXT_SERVERNAME MBEDTLS_TLS_EXT_SERVERNAME
+#define TLS_EXT_SERVERNAME_HOSTNAME MBEDTLS_TLS_EXT_SERVERNAME_HOSTNAME
+#define TLS_EXT_SESSION_TICKET MBEDTLS_TLS_EXT_SESSION_TICKET
+#define TLS_EXT_SIG_ALG MBEDTLS_TLS_EXT_SIG_ALG
+#define TLS_EXT_SUPPORTED_ELLIPTIC_CURVES MBEDTLS_TLS_EXT_SUPPORTED_ELLIPTIC_CURVES
+#define TLS_EXT_SUPPORTED_POINT_FORMATS MBEDTLS_TLS_EXT_SUPPORTED_POINT_FORMATS
+#define TLS_EXT_SUPPORTED_POINT_FORMATS_PRESENT MBEDTLS_TLS_EXT_SUPPORTED_POINT_FORMATS_PRESENT
+#define TLS_EXT_TRUNCATED_HMAC MBEDTLS_TLS_EXT_TRUNCATED_HMAC
+#define TLS_PSK_WITH_3DES_EDE_CBC_SHA MBEDTLS_TLS_PSK_WITH_3DES_EDE_CBC_SHA
+#define TLS_PSK_WITH_AES_128_CBC_SHA MBEDTLS_TLS_PSK_WITH_AES_128_CBC_SHA
+#define TLS_PSK_WITH_AES_128_CBC_SHA256 MBEDTLS_TLS_PSK_WITH_AES_128_CBC_SHA256
+#define TLS_PSK_WITH_AES_128_CCM MBEDTLS_TLS_PSK_WITH_AES_128_CCM
+#define TLS_PSK_WITH_AES_128_CCM_8 MBEDTLS_TLS_PSK_WITH_AES_128_CCM_8
+#define TLS_PSK_WITH_AES_128_GCM_SHA256 MBEDTLS_TLS_PSK_WITH_AES_128_GCM_SHA256
+#define TLS_PSK_WITH_AES_256_CBC_SHA MBEDTLS_TLS_PSK_WITH_AES_256_CBC_SHA
+#define TLS_PSK_WITH_AES_256_CBC_SHA384 MBEDTLS_TLS_PSK_WITH_AES_256_CBC_SHA384
+#define TLS_PSK_WITH_AES_256_CCM MBEDTLS_TLS_PSK_WITH_AES_256_CCM
+#define TLS_PSK_WITH_AES_256_CCM_8 MBEDTLS_TLS_PSK_WITH_AES_256_CCM_8
+#define TLS_PSK_WITH_AES_256_GCM_SHA384 MBEDTLS_TLS_PSK_WITH_AES_256_GCM_SHA384
+#define TLS_PSK_WITH_CAMELLIA_128_CBC_SHA256 MBEDTLS_TLS_PSK_WITH_CAMELLIA_128_CBC_SHA256
+#define TLS_PSK_WITH_CAMELLIA_128_GCM_SHA256 MBEDTLS_TLS_PSK_WITH_CAMELLIA_128_GCM_SHA256
+#define TLS_PSK_WITH_CAMELLIA_256_CBC_SHA384 MBEDTLS_TLS_PSK_WITH_CAMELLIA_256_CBC_SHA384
+#define TLS_PSK_WITH_CAMELLIA_256_GCM_SHA384 MBEDTLS_TLS_PSK_WITH_CAMELLIA_256_GCM_SHA384
+#define TLS_PSK_WITH_NULL_SHA MBEDTLS_TLS_PSK_WITH_NULL_SHA
+#define TLS_PSK_WITH_NULL_SHA256 MBEDTLS_TLS_PSK_WITH_NULL_SHA256
+#define TLS_PSK_WITH_NULL_SHA384 MBEDTLS_TLS_PSK_WITH_NULL_SHA384
+#define TLS_PSK_WITH_RC4_128_SHA MBEDTLS_TLS_PSK_WITH_RC4_128_SHA
+#define TLS_RSA_PSK_WITH_3DES_EDE_CBC_SHA MBEDTLS_TLS_RSA_PSK_WITH_3DES_EDE_CBC_SHA
+#define TLS_RSA_PSK_WITH_AES_128_CBC_SHA MBEDTLS_TLS_RSA_PSK_WITH_AES_128_CBC_SHA
+#define TLS_RSA_PSK_WITH_AES_128_CBC_SHA256 MBEDTLS_TLS_RSA_PSK_WITH_AES_128_CBC_SHA256
+#define TLS_RSA_PSK_WITH_AES_128_GCM_SHA256 MBEDTLS_TLS_RSA_PSK_WITH_AES_128_GCM_SHA256
+#define TLS_RSA_PSK_WITH_AES_256_CBC_SHA MBEDTLS_TLS_RSA_PSK_WITH_AES_256_CBC_SHA
+#define TLS_RSA_PSK_WITH_AES_256_CBC_SHA384 MBEDTLS_TLS_RSA_PSK_WITH_AES_256_CBC_SHA384
+#define TLS_RSA_PSK_WITH_AES_256_GCM_SHA384 MBEDTLS_TLS_RSA_PSK_WITH_AES_256_GCM_SHA384
+#define TLS_RSA_PSK_WITH_CAMELLIA_128_CBC_SHA256 MBEDTLS_TLS_RSA_PSK_WITH_CAMELLIA_128_CBC_SHA256
+#define TLS_RSA_PSK_WITH_CAMELLIA_128_GCM_SHA256 MBEDTLS_TLS_RSA_PSK_WITH_CAMELLIA_128_GCM_SHA256
+#define TLS_RSA_PSK_WITH_CAMELLIA_256_CBC_SHA384 MBEDTLS_TLS_RSA_PSK_WITH_CAMELLIA_256_CBC_SHA384
+#define TLS_RSA_PSK_WITH_CAMELLIA_256_GCM_SHA384 MBEDTLS_TLS_RSA_PSK_WITH_CAMELLIA_256_GCM_SHA384
+#define TLS_RSA_PSK_WITH_NULL_SHA MBEDTLS_TLS_RSA_PSK_WITH_NULL_SHA
+#define TLS_RSA_PSK_WITH_NULL_SHA256 MBEDTLS_TLS_RSA_PSK_WITH_NULL_SHA256
+#define TLS_RSA_PSK_WITH_NULL_SHA384 MBEDTLS_TLS_RSA_PSK_WITH_NULL_SHA384
+#define TLS_RSA_PSK_WITH_RC4_128_SHA MBEDTLS_TLS_RSA_PSK_WITH_RC4_128_SHA
+#define TLS_RSA_WITH_3DES_EDE_CBC_SHA MBEDTLS_TLS_RSA_WITH_3DES_EDE_CBC_SHA
+#define TLS_RSA_WITH_AES_128_CBC_SHA MBEDTLS_TLS_RSA_WITH_AES_128_CBC_SHA
+#define TLS_RSA_WITH_AES_128_CBC_SHA256 MBEDTLS_TLS_RSA_WITH_AES_128_CBC_SHA256
+#define TLS_RSA_WITH_AES_128_CCM MBEDTLS_TLS_RSA_WITH_AES_128_CCM
+#define TLS_RSA_WITH_AES_128_CCM_8 MBEDTLS_TLS_RSA_WITH_AES_128_CCM_8
+#define TLS_RSA_WITH_AES_128_GCM_SHA256 MBEDTLS_TLS_RSA_WITH_AES_128_GCM_SHA256
+#define TLS_RSA_WITH_AES_256_CBC_SHA MBEDTLS_TLS_RSA_WITH_AES_256_CBC_SHA
+#define TLS_RSA_WITH_AES_256_CBC_SHA256 MBEDTLS_TLS_RSA_WITH_AES_256_CBC_SHA256
+#define TLS_RSA_WITH_AES_256_CCM MBEDTLS_TLS_RSA_WITH_AES_256_CCM
+#define TLS_RSA_WITH_AES_256_CCM_8 MBEDTLS_TLS_RSA_WITH_AES_256_CCM_8
+#define TLS_RSA_WITH_AES_256_GCM_SHA384 MBEDTLS_TLS_RSA_WITH_AES_256_GCM_SHA384
+#define TLS_RSA_WITH_CAMELLIA_128_CBC_SHA MBEDTLS_TLS_RSA_WITH_CAMELLIA_128_CBC_SHA
+#define TLS_RSA_WITH_CAMELLIA_128_CBC_SHA256 MBEDTLS_TLS_RSA_WITH_CAMELLIA_128_CBC_SHA256
+#define TLS_RSA_WITH_CAMELLIA_128_GCM_SHA256 MBEDTLS_TLS_RSA_WITH_CAMELLIA_128_GCM_SHA256
+#define TLS_RSA_WITH_CAMELLIA_256_CBC_SHA MBEDTLS_TLS_RSA_WITH_CAMELLIA_256_CBC_SHA
+#define TLS_RSA_WITH_CAMELLIA_256_CBC_SHA256 MBEDTLS_TLS_RSA_WITH_CAMELLIA_256_CBC_SHA256
+#define TLS_RSA_WITH_CAMELLIA_256_GCM_SHA384 MBEDTLS_TLS_RSA_WITH_CAMELLIA_256_GCM_SHA384
+#define TLS_RSA_WITH_DES_CBC_SHA MBEDTLS_TLS_RSA_WITH_DES_CBC_SHA
+#define TLS_RSA_WITH_NULL_MD5 MBEDTLS_TLS_RSA_WITH_NULL_MD5
+#define TLS_RSA_WITH_NULL_SHA MBEDTLS_TLS_RSA_WITH_NULL_SHA
+#define TLS_RSA_WITH_NULL_SHA256 MBEDTLS_TLS_RSA_WITH_NULL_SHA256
+#define TLS_RSA_WITH_RC4_128_MD5 MBEDTLS_TLS_RSA_WITH_RC4_128_MD5
+#define TLS_RSA_WITH_RC4_128_SHA MBEDTLS_TLS_RSA_WITH_RC4_128_SHA
+#define UL64 MBEDTLS_UL64
+#define X509_CRT_VERSION_1 MBEDTLS_X509_CRT_VERSION_1
+#define X509_CRT_VERSION_2 MBEDTLS_X509_CRT_VERSION_2
+#define X509_CRT_VERSION_3 MBEDTLS_X509_CRT_VERSION_3
+#define X509_FORMAT_DER MBEDTLS_X509_FORMAT_DER
+#define X509_FORMAT_PEM MBEDTLS_X509_FORMAT_PEM
+#define X509_MAX_DN_NAME_SIZE MBEDTLS_X509_MAX_DN_NAME_SIZE
+#define X509_RFC5280_MAX_SERIAL_LEN MBEDTLS_X509_RFC5280_MAX_SERIAL_LEN
+#define X509_RFC5280_UTC_TIME_LEN MBEDTLS_X509_RFC5280_UTC_TIME_LEN
+#define XTEA_DECRYPT MBEDTLS_XTEA_DECRYPT
+#define XTEA_ENCRYPT MBEDTLS_XTEA_ENCRYPT
+#define _asn1_bitstring mbedtls_asn1_bitstring
+#define _asn1_buf mbedtls_asn1_buf
+#define _asn1_named_data mbedtls_asn1_named_data
+#define _asn1_sequence mbedtls_asn1_sequence
+#define _ssl_cache_context mbedtls_ssl_cache_context
+#define _ssl_cache_entry mbedtls_ssl_cache_entry
+#define _ssl_ciphersuite_t mbedtls_ssl_ciphersuite_t
+#define _ssl_context mbedtls_ssl_context
+#define _ssl_flight_item mbedtls_ssl_flight_item
+#define _ssl_handshake_params mbedtls_ssl_handshake_params
+#define _ssl_key_cert mbedtls_ssl_key_cert
+#define _ssl_premaster_secret mbedtls_ssl_premaster_secret
+#define _ssl_session mbedtls_ssl_session
+#define _ssl_ticket_keys mbedtls_ssl_ticket_keys
+#define _ssl_transform mbedtls_ssl_transform
+#define _x509_crl mbedtls_x509_crl
+#define _x509_crl_entry mbedtls_x509_crl_entry
+#define _x509_crt mbedtls_x509_crt
+#define _x509_csr mbedtls_x509_csr
+#define _x509_time mbedtls_x509_time
+#define _x509write_cert mbedtls_x509write_cert
+#define _x509write_csr mbedtls_x509write_csr
+#define aes_context mbedtls_aes_context
+#define aes_crypt_cbc mbedtls_aes_crypt_cbc
+#define aes_crypt_cfb128 mbedtls_aes_crypt_cfb128
+#define aes_crypt_cfb8 mbedtls_aes_crypt_cfb8
+#define aes_crypt_ctr mbedtls_aes_crypt_ctr
+#define aes_crypt_ecb mbedtls_aes_crypt_ecb
+#define aes_free mbedtls_aes_free
+#define aes_init mbedtls_aes_init
+#define aes_self_test mbedtls_aes_self_test
+#define aes_setkey_dec mbedtls_aes_setkey_dec
+#define aes_setkey_enc mbedtls_aes_setkey_enc
+#define aesni_crypt_ecb mbedtls_aesni_crypt_ecb
+#define aesni_gcm_mult mbedtls_aesni_gcm_mult
+#define aesni_inverse_key mbedtls_aesni_inverse_key
+#define aesni_setkey_enc mbedtls_aesni_setkey_enc
+#define aesni_supports mbedtls_aesni_has_support
+#define alarmed mbedtls_timing_alarmed
+#define arc4_context mbedtls_arc4_context
+#define arc4_crypt mbedtls_arc4_crypt
+#define arc4_free mbedtls_arc4_free
+#define arc4_init mbedtls_arc4_init
+#define arc4_self_test mbedtls_arc4_self_test
+#define arc4_setup mbedtls_arc4_setup
+#define asn1_bitstring mbedtls_asn1_bitstring
+#define asn1_buf mbedtls_asn1_buf
+#define asn1_find_named_data mbedtls_asn1_find_named_data
+#define asn1_free_named_data mbedtls_asn1_free_named_data
+#define asn1_free_named_data_list mbedtls_asn1_free_named_data_list
+#define asn1_get_alg mbedtls_asn1_get_alg
+#define asn1_get_alg_null mbedtls_asn1_get_alg_null
+#define asn1_get_bitstring mbedtls_asn1_get_bitstring
+#define asn1_get_bitstring_null mbedtls_asn1_get_bitstring_null
+#define asn1_get_bool mbedtls_asn1_get_bool
+#define asn1_get_int mbedtls_asn1_get_int
+#define asn1_get_len mbedtls_asn1_get_len
+#define asn1_get_mpi mbedtls_asn1_get_mpi
+#define asn1_get_sequence_of mbedtls_asn1_get_sequence_of
+#define asn1_get_tag mbedtls_asn1_get_tag
+#define asn1_named_data mbedtls_asn1_named_data
+#define asn1_sequence mbedtls_asn1_sequence
+#define asn1_store_named_data mbedtls_asn1_store_named_data
+#define asn1_write_algorithm_identifier mbedtls_asn1_write_algorithm_identifier
+#define asn1_write_bitstring mbedtls_asn1_write_bitstring
+#define asn1_write_bool mbedtls_asn1_write_bool
+#define asn1_write_ia5_string mbedtls_asn1_write_ia5_string
+#define asn1_write_int mbedtls_asn1_write_int
+#define asn1_write_len mbedtls_asn1_write_len
+#define asn1_write_mpi mbedtls_asn1_write_mpi
+#define asn1_write_null mbedtls_asn1_write_null
+#define asn1_write_octet_string mbedtls_asn1_write_octet_string
+#define asn1_write_oid mbedtls_asn1_write_oid
+#define asn1_write_printable_string mbedtls_asn1_write_printable_string
+#define asn1_write_raw_buffer mbedtls_asn1_write_raw_buffer
+#define asn1_write_tag mbedtls_asn1_write_tag
+#define base64_decode mbedtls_base64_decode
+#define base64_encode mbedtls_base64_encode
+#define base64_self_test mbedtls_base64_self_test
+#define blowfish_context mbedtls_blowfish_context
+#define blowfish_crypt_cbc mbedtls_blowfish_crypt_cbc
+#define blowfish_crypt_cfb64 mbedtls_blowfish_crypt_cfb64
+#define blowfish_crypt_ctr mbedtls_blowfish_crypt_ctr
+#define blowfish_crypt_ecb mbedtls_blowfish_crypt_ecb
+#define blowfish_free mbedtls_blowfish_free
+#define blowfish_init mbedtls_blowfish_init
+#define blowfish_setkey mbedtls_blowfish_setkey
+#define camellia_context mbedtls_camellia_context
+#define camellia_crypt_cbc mbedtls_camellia_crypt_cbc
+#define camellia_crypt_cfb128 mbedtls_camellia_crypt_cfb128
+#define camellia_crypt_ctr mbedtls_camellia_crypt_ctr
+#define camellia_crypt_ecb mbedtls_camellia_crypt_ecb
+#define camellia_free mbedtls_camellia_free
+#define camellia_init mbedtls_camellia_init
+#define camellia_self_test mbedtls_camellia_self_test
+#define camellia_setkey_dec mbedtls_camellia_setkey_dec
+#define camellia_setkey_enc mbedtls_camellia_setkey_enc
+#define ccm_auth_decrypt mbedtls_ccm_auth_decrypt
+#define ccm_context mbedtls_ccm_context
+#define ccm_encrypt_and_tag mbedtls_ccm_encrypt_and_tag
+#define ccm_free mbedtls_ccm_free
+#define ccm_init mbedtls_ccm_init
+#define ccm_self_test mbedtls_ccm_self_test
+#define cipher_auth_decrypt mbedtls_cipher_auth_decrypt
+#define cipher_auth_encrypt mbedtls_cipher_auth_encrypt
+#define cipher_base_t mbedtls_cipher_base_t
+#define cipher_check_tag mbedtls_cipher_check_tag
+#define cipher_context_t mbedtls_cipher_context_t
+#define cipher_crypt mbedtls_cipher_crypt
+#define cipher_definition_t mbedtls_cipher_definition_t
+#define cipher_definitions mbedtls_cipher_definitions
+#define cipher_finish mbedtls_cipher_finish
+#define cipher_free mbedtls_cipher_free
+#define cipher_free_ctx mbedtls_cipher_free_ctx
+#define cipher_get_block_size mbedtls_cipher_get_block_size
+#define cipher_get_cipher_mode mbedtls_cipher_get_cipher_mode
+#define cipher_get_iv_size mbedtls_cipher_get_iv_size
+#define cipher_get_key_size mbedtls_cipher_get_key_bitlen
+#define cipher_get_name mbedtls_cipher_get_name
+#define cipher_get_operation mbedtls_cipher_get_operation
+#define cipher_get_type mbedtls_cipher_get_type
+#define cipher_id_t mbedtls_cipher_id_t
+#define cipher_info_from_string mbedtls_cipher_info_from_string
+#define cipher_info_from_type mbedtls_cipher_info_from_type
+#define cipher_info_from_values mbedtls_cipher_info_from_values
+#define cipher_info_t mbedtls_cipher_info_t
+#define cipher_init mbedtls_cipher_init
+#define cipher_init_ctx mbedtls_cipher_setup
+#define cipher_list mbedtls_cipher_list
+#define cipher_mode_t mbedtls_cipher_mode_t
+#define cipher_padding_t mbedtls_cipher_padding_t
+#define cipher_reset mbedtls_cipher_reset
+#define cipher_self_test mbedtls_cipher_self_test
+#define cipher_set_iv mbedtls_cipher_set_iv
+#define cipher_set_padding_mode mbedtls_cipher_set_padding_mode
+#define cipher_setkey mbedtls_cipher_setkey
+#define cipher_type_t mbedtls_cipher_type_t
+#define cipher_update mbedtls_cipher_update
+#define cipher_update_ad mbedtls_cipher_update_ad
+#define cipher_write_tag mbedtls_cipher_write_tag
+#define ctr_drbg_context mbedtls_ctr_drbg_context
+#define ctr_drbg_free mbedtls_ctr_drbg_free
+#define ctr_drbg_init mbedtls_ctr_drbg_init
+#define ctr_drbg_init_entropy_len mbedtls_ctr_drbg_init_entropy_len
+#define ctr_drbg_random mbedtls_ctr_drbg_random
+#define ctr_drbg_random_with_add mbedtls_ctr_drbg_random_with_add
+#define ctr_drbg_reseed mbedtls_ctr_drbg_reseed
+#define ctr_drbg_self_test mbedtls_ctr_drbg_self_test
+#define ctr_drbg_set_entropy_len mbedtls_ctr_drbg_set_entropy_len
+#define ctr_drbg_set_prediction_resistance mbedtls_ctr_drbg_set_prediction_resistance
+#define ctr_drbg_set_reseed_interval mbedtls_ctr_drbg_set_reseed_interval
+#define ctr_drbg_update mbedtls_ctr_drbg_update
+#define ctr_drbg_update_seed_file mbedtls_ctr_drbg_update_seed_file
+#define ctr_drbg_write_seed_file mbedtls_ctr_drbg_write_seed_file
+#define debug_fmt mbedtls_debug_fmt
+#define debug_print_buf mbedtls_debug_print_buf
+#define debug_print_crt mbedtls_debug_print_crt
+#define debug_print_ecp mbedtls_debug_print_ecp
+#define debug_print_mpi mbedtls_debug_print_mpi
+#define debug_print_msg mbedtls_debug_print_msg
+#define debug_print_ret mbedtls_debug_print_ret
+#define debug_set_log_mode mbedtls_debug_set_log_mode
+#define debug_set_threshold mbedtls_debug_set_threshold
+#define des3_context mbedtls_des3_context
+#define des3_crypt_cbc mbedtls_des3_crypt_cbc
+#define des3_crypt_ecb mbedtls_des3_crypt_ecb
+#define des3_free mbedtls_des3_free
+#define des3_init mbedtls_des3_init
+#define des3_set2key_dec mbedtls_des3_set2key_dec
+#define des3_set2key_enc mbedtls_des3_set2key_enc
+#define des3_set3key_dec mbedtls_des3_set3key_dec
+#define des3_set3key_enc mbedtls_des3_set3key_enc
+#define des_context mbedtls_des_context
+#define des_crypt_cbc mbedtls_des_crypt_cbc
+#define des_crypt_ecb mbedtls_des_crypt_ecb
+#define des_free mbedtls_des_free
+#define des_init mbedtls_des_init
+#define des_key_check_key_parity mbedtls_des_key_check_key_parity
+#define des_key_check_weak mbedtls_des_key_check_weak
+#define des_key_set_parity mbedtls_des_key_set_parity
+#define des_self_test mbedtls_des_self_test
+#define des_setkey_dec mbedtls_des_setkey_dec
+#define des_setkey_enc mbedtls_des_setkey_enc
+#define dhm_calc_secret mbedtls_dhm_calc_secret
+#define dhm_context mbedtls_dhm_context
+#define dhm_free mbedtls_dhm_free
+#define dhm_init mbedtls_dhm_init
+#define dhm_make_params mbedtls_dhm_make_params
+#define dhm_make_public mbedtls_dhm_make_public
+#define dhm_parse_dhm mbedtls_dhm_parse_dhm
+#define dhm_parse_dhmfile mbedtls_dhm_parse_dhmfile
+#define dhm_read_params mbedtls_dhm_read_params
+#define dhm_read_public mbedtls_dhm_read_public
+#define dhm_self_test mbedtls_dhm_self_test
+#define ecdh_calc_secret mbedtls_ecdh_calc_secret
+#define ecdh_compute_shared mbedtls_ecdh_compute_shared
+#define ecdh_context mbedtls_ecdh_context
+#define ecdh_free mbedtls_ecdh_free
+#define ecdh_gen_public mbedtls_ecdh_gen_public
+#define ecdh_get_params mbedtls_ecdh_get_params
+#define ecdh_init mbedtls_ecdh_init
+#define ecdh_make_params mbedtls_ecdh_make_params
+#define ecdh_make_public mbedtls_ecdh_make_public
+#define ecdh_read_params mbedtls_ecdh_read_params
+#define ecdh_read_public mbedtls_ecdh_read_public
+#define ecdh_self_test mbedtls_ecdh_self_test
+#define ecdh_side mbedtls_ecdh_side
+#define ecdsa_context mbedtls_ecdsa_context
+#define ecdsa_free mbedtls_ecdsa_free
+#define ecdsa_from_keypair mbedtls_ecdsa_from_keypair
+#define ecdsa_genkey mbedtls_ecdsa_genkey
+#define ecdsa_info mbedtls_ecdsa_info
+#define ecdsa_init mbedtls_ecdsa_init
+#define ecdsa_read_signature mbedtls_ecdsa_read_signature
+#define ecdsa_self_test mbedtls_ecdsa_self_test
+#define ecdsa_sign mbedtls_ecdsa_sign
+#define ecdsa_sign_det mbedtls_ecdsa_sign_det
+#define ecdsa_verify mbedtls_ecdsa_verify
+#define ecdsa_write_signature mbedtls_ecdsa_write_signature
+#define ecdsa_write_signature_det mbedtls_ecdsa_write_signature_det
+#define eckey_info mbedtls_eckey_info
+#define eckeydh_info mbedtls_eckeydh_info
+#define ecp_add mbedtls_ecp_add
+#define ecp_check_privkey mbedtls_ecp_check_privkey
+#define ecp_check_pub_priv mbedtls_ecp_check_pub_priv
+#define ecp_check_pubkey mbedtls_ecp_check_pubkey
+#define ecp_copy mbedtls_ecp_copy
+#define ecp_curve_info mbedtls_ecp_curve_info
+#define ecp_curve_info_from_grp_id mbedtls_ecp_curve_info_from_grp_id
+#define ecp_curve_info_from_name mbedtls_ecp_curve_info_from_name
+#define ecp_curve_info_from_tls_id mbedtls_ecp_curve_info_from_tls_id
+#define ecp_curve_list mbedtls_ecp_curve_list
+#define ecp_gen_key mbedtls_ecp_gen_key
+#define ecp_gen_keypair mbedtls_ecp_gen_keypair
+#define ecp_group mbedtls_ecp_group
+#define ecp_group_copy mbedtls_ecp_group_copy
+#define ecp_group_free mbedtls_ecp_group_free
+#define ecp_group_id mbedtls_ecp_group_id
+#define ecp_group_init mbedtls_ecp_group_init
+#define ecp_group_read_string mbedtls_ecp_group_read_string
+#define ecp_grp_id_list mbedtls_ecp_grp_id_list
+#define ecp_is_zero mbedtls_ecp_is_zero
+#define ecp_keypair mbedtls_ecp_keypair
+#define ecp_keypair_free mbedtls_ecp_keypair_free
+#define ecp_keypair_init mbedtls_ecp_keypair_init
+#define ecp_mul mbedtls_ecp_mul
+#define ecp_point mbedtls_ecp_point
+#define ecp_point_free mbedtls_ecp_point_free
+#define ecp_point_init mbedtls_ecp_point_init
+#define ecp_point_read_binary mbedtls_ecp_point_read_binary
+#define ecp_point_read_string mbedtls_ecp_point_read_string
+#define ecp_point_write_binary mbedtls_ecp_point_write_binary
+#define ecp_self_test mbedtls_ecp_self_test
+#define ecp_set_zero mbedtls_ecp_set_zero
+#define ecp_sub mbedtls_ecp_sub
+#define ecp_tls_read_group mbedtls_ecp_tls_read_group
+#define ecp_tls_read_point mbedtls_ecp_tls_read_point
+#define ecp_tls_write_group mbedtls_ecp_tls_write_group
+#define ecp_tls_write_point mbedtls_ecp_tls_write_point
+#define ecp_use_known_dp mbedtls_ecp_group_load
+#define entropy_add_source mbedtls_entropy_add_source
+#define entropy_context mbedtls_entropy_context
+#define entropy_free mbedtls_entropy_free
+#define entropy_func mbedtls_entropy_func
+#define entropy_gather mbedtls_entropy_gather
+#define entropy_init mbedtls_entropy_init
+#define entropy_self_test mbedtls_entropy_self_test
+#define entropy_update_manual mbedtls_entropy_update_manual
+#define entropy_update_seed_file mbedtls_entropy_update_seed_file
+#define entropy_write_seed_file mbedtls_entropy_write_seed_file
+#define error_strerror mbedtls_strerror
+#define f_source_ptr mbedtls_entropy_f_source_ptr
+#define gcm_auth_decrypt mbedtls_gcm_auth_decrypt
+#define gcm_context mbedtls_gcm_context
+#define gcm_crypt_and_tag mbedtls_gcm_crypt_and_tag
+#define gcm_finish mbedtls_gcm_finish
+#define gcm_free mbedtls_gcm_free
+#define gcm_init mbedtls_gcm_init
+#define gcm_self_test mbedtls_gcm_self_test
+#define gcm_starts mbedtls_gcm_starts
+#define gcm_update mbedtls_gcm_update
+#define get_timer mbedtls_timing_get_timer
+#define hardclock mbedtls_timing_hardclock
+#define hardclock_poll mbedtls_hardclock_poll
+#define havege_free mbedtls_havege_free
+#define havege_init mbedtls_havege_init
+#define havege_poll mbedtls_havege_poll
+#define havege_random mbedtls_havege_random
+#define havege_state mbedtls_havege_state
+#define hmac_drbg_context mbedtls_hmac_drbg_context
+#define hmac_drbg_free mbedtls_hmac_drbg_free
+#define hmac_drbg_init mbedtls_hmac_drbg_init
+#define hmac_drbg_init_buf mbedtls_hmac_drbg_init_buf
+#define hmac_drbg_random mbedtls_hmac_drbg_random
+#define hmac_drbg_random_with_add mbedtls_hmac_drbg_random_with_add
+#define hmac_drbg_reseed mbedtls_hmac_drbg_reseed
+#define hmac_drbg_self_test mbedtls_hmac_drbg_self_test
+#define hmac_drbg_set_entropy_len mbedtls_hmac_drbg_set_entropy_len
+#define hmac_drbg_set_prediction_resistance mbedtls_hmac_drbg_set_prediction_resistance
+#define hmac_drbg_set_reseed_interval mbedtls_hmac_drbg_set_reseed_interval
+#define hmac_drbg_update mbedtls_hmac_drbg_update
+#define hmac_drbg_update_seed_file mbedtls_hmac_drbg_update_seed_file
+#define hmac_drbg_write_seed_file mbedtls_hmac_drbg_write_seed_file
+#define hr_time mbedtls_timing_hr_time
+#define key_exchange_type_t mbedtls_key_exchange_type_t
+#define md mbedtls_md
+#define md2 mbedtls_md2
+#define md2_context mbedtls_md2_context
+#define md2_file mbedtls_md2_file
+#define md2_finish mbedtls_md2_finish
+#define md2_free mbedtls_md2_free
+#define md2_hmac mbedtls_md2_hmac
+#define md2_hmac_finish mbedtls_md2_hmac_finish
+#define md2_hmac_reset mbedtls_md2_hmac_reset
+#define md2_hmac_starts mbedtls_md2_hmac_starts
+#define md2_hmac_update mbedtls_md2_hmac_update
+#define md2_info mbedtls_md2_info
+#define md2_init mbedtls_md2_init
+#define md2_process mbedtls_md2_process
+#define md2_self_test mbedtls_md2_self_test
+#define md2_starts mbedtls_md2_starts
+#define md2_update mbedtls_md2_update
+#define md4 mbedtls_md4
+#define md4_context mbedtls_md4_context
+#define md4_file mbedtls_md4_file
+#define md4_finish mbedtls_md4_finish
+#define md4_free mbedtls_md4_free
+#define md4_hmac mbedtls_md4_hmac
+#define md4_hmac_finish mbedtls_md4_hmac_finish
+#define md4_hmac_reset mbedtls_md4_hmac_reset
+#define md4_hmac_starts mbedtls_md4_hmac_starts
+#define md4_hmac_update mbedtls_md4_hmac_update
+#define md4_info mbedtls_md4_info
+#define md4_init mbedtls_md4_init
+#define md4_process mbedtls_md4_process
+#define md4_self_test mbedtls_md4_self_test
+#define md4_starts mbedtls_md4_starts
+#define md4_update mbedtls_md4_update
+#define md5 mbedtls_md5
+#define md5_context mbedtls_md5_context
+#define md5_file mbedtls_md5_file
+#define md5_finish mbedtls_md5_finish
+#define md5_free mbedtls_md5_free
+#define md5_hmac mbedtls_md5_hmac
+#define md5_hmac_finish mbedtls_md5_hmac_finish
+#define md5_hmac_reset mbedtls_md5_hmac_reset
+#define md5_hmac_starts mbedtls_md5_hmac_starts
+#define md5_hmac_update mbedtls_md5_hmac_update
+#define md5_info mbedtls_md5_info
+#define md5_init mbedtls_md5_init
+#define md5_process mbedtls_md5_process
+#define md5_self_test mbedtls_md5_self_test
+#define md5_starts mbedtls_md5_starts
+#define md5_update mbedtls_md5_update
+#define md_context_t mbedtls_md_context_t
+#define md_file mbedtls_md_file
+#define md_finish mbedtls_md_finish
+#define md_free mbedtls_md_free
+#define md_free_ctx mbedtls_md_free_ctx
+#define md_get_name mbedtls_md_get_name
+#define md_get_size mbedtls_md_get_size
+#define md_get_type mbedtls_md_get_type
+#define md_hmac mbedtls_md_hmac
+#define md_hmac_finish mbedtls_md_hmac_finish
+#define md_hmac_reset mbedtls_md_hmac_reset
+#define md_hmac_starts mbedtls_md_hmac_starts
+#define md_hmac_update mbedtls_md_hmac_update
+#define md_info_from_string mbedtls_md_info_from_string
+#define md_info_from_type mbedtls_md_info_from_type
+#define md_info_t mbedtls_md_info_t
+#define md_init mbedtls_md_init
+#define md_init_ctx mbedtls_md_init_ctx
+#define md_list mbedtls_md_list
+#define md_process mbedtls_md_process
+#define md_starts mbedtls_md_starts
+#define md_type_t mbedtls_md_type_t
+#define md_update mbedtls_md_update
+#define memory_buffer_alloc_cur_get mbedtls_memory_buffer_alloc_cur_get
+#define memory_buffer_alloc_free mbedtls_memory_buffer_alloc_free
+#define memory_buffer_alloc_init mbedtls_memory_buffer_alloc_init
+#define memory_buffer_alloc_max_get mbedtls_memory_buffer_alloc_max_get
+#define memory_buffer_alloc_max_reset mbedtls_memory_buffer_alloc_max_reset
+#define memory_buffer_alloc_self_test mbedtls_memory_buffer_alloc_self_test
+#define memory_buffer_alloc_status mbedtls_memory_buffer_alloc_status
+#define memory_buffer_alloc_verify mbedtls_memory_buffer_alloc_verify
+#define memory_buffer_set_verify mbedtls_memory_buffer_set_verify
+#define memory_set_own mbedtls_memory_set_own
+#define mpi mbedtls_mpi
+#define mpi_add_abs mbedtls_mpi_add_abs
+#define mpi_add_int mbedtls_mpi_add_int
+#define mpi_add_mpi mbedtls_mpi_add_mpi
+#define mpi_cmp_abs mbedtls_mpi_cmp_abs
+#define mpi_cmp_int mbedtls_mpi_cmp_int
+#define mpi_cmp_mpi mbedtls_mpi_cmp_mpi
+#define mpi_copy mbedtls_mpi_copy
+#define mpi_div_int mbedtls_mpi_div_int
+#define mpi_div_mpi mbedtls_mpi_div_mpi
+#define mpi_exp_mod mbedtls_mpi_exp_mod
+#define mpi_fill_random mbedtls_mpi_fill_random
+#define mpi_free mbedtls_mpi_free
+#define mpi_gcd mbedtls_mpi_gcd
+#define mpi_gen_prime mbedtls_mpi_gen_prime
+#define mpi_get_bit mbedtls_mpi_get_bit
+#define mpi_grow mbedtls_mpi_grow
+#define mpi_init mbedtls_mpi_init
+#define mpi_inv_mod mbedtls_mpi_inv_mod
+#define mpi_is_prime mbedtls_mpi_is_prime
+#define mpi_lsb mbedtls_mpi_lsb
+#define mpi_lset mbedtls_mpi_lset
+#define mpi_mod_int mbedtls_mpi_mod_int
+#define mpi_mod_mpi mbedtls_mpi_mod_mpi
+#define mpi_msb mbedtls_mpi_bitlen
+#define mpi_mul_int mbedtls_mpi_mul_int
+#define mpi_mul_mpi mbedtls_mpi_mul_mpi
+#define mpi_read_binary mbedtls_mpi_read_binary
+#define mpi_read_file mbedtls_mpi_read_file
+#define mpi_read_string mbedtls_mpi_read_string
+#define mpi_safe_cond_assign mbedtls_mpi_safe_cond_assign
+#define mpi_safe_cond_swap mbedtls_mpi_safe_cond_swap
+#define mpi_self_test mbedtls_mpi_self_test
+#define mpi_set_bit mbedtls_mpi_set_bit
+#define mpi_shift_l mbedtls_mpi_shift_l
+#define mpi_shift_r mbedtls_mpi_shift_r
+#define mpi_shrink mbedtls_mpi_shrink
+#define mpi_size mbedtls_mpi_size
+#define mpi_sub_abs mbedtls_mpi_sub_abs
+#define mpi_sub_int mbedtls_mpi_sub_int
+#define mpi_sub_mpi mbedtls_mpi_sub_mpi
+#define mpi_swap mbedtls_mpi_swap
+#define mpi_write_binary mbedtls_mpi_write_binary
+#define mpi_write_file mbedtls_mpi_write_file
+#define mpi_write_string mbedtls_mpi_write_string
+#define net_accept mbedtls_net_accept
+#define net_bind mbedtls_net_bind
+#define net_close mbedtls_net_free
+#define net_connect mbedtls_net_connect
+#define net_recv mbedtls_net_recv
+#define net_recv_timeout mbedtls_net_recv_timeout
+#define net_send mbedtls_net_send
+#define net_set_block mbedtls_net_set_block
+#define net_set_nonblock mbedtls_net_set_nonblock
+#define net_usleep mbedtls_net_usleep
+#define oid_descriptor_t mbedtls_oid_descriptor_t
+#define oid_get_attr_short_name mbedtls_oid_get_attr_short_name
+#define oid_get_cipher_alg mbedtls_oid_get_cipher_alg
+#define oid_get_ec_grp mbedtls_oid_get_ec_grp
+#define oid_get_extended_key_usage mbedtls_oid_get_extended_key_usage
+#define oid_get_md_alg mbedtls_oid_get_md_alg
+#define oid_get_numeric_string mbedtls_oid_get_numeric_string
+#define oid_get_oid_by_ec_grp mbedtls_oid_get_oid_by_ec_grp
+#define oid_get_oid_by_md mbedtls_oid_get_oid_by_md
+#define oid_get_oid_by_pk_alg mbedtls_oid_get_oid_by_pk_alg
+#define oid_get_oid_by_sig_alg mbedtls_oid_get_oid_by_sig_alg
+#define oid_get_pk_alg mbedtls_oid_get_pk_alg
+#define oid_get_pkcs12_pbe_alg mbedtls_oid_get_pkcs12_pbe_alg
+#define oid_get_sig_alg mbedtls_oid_get_sig_alg
+#define oid_get_sig_alg_desc mbedtls_oid_get_sig_alg_desc
+#define oid_get_x509_ext_type mbedtls_oid_get_x509_ext_type
+#define operation_t mbedtls_operation_t
+#define padlock_supports mbedtls_padlock_has_support
+#define padlock_xcryptcbc mbedtls_padlock_xcryptcbc
+#define padlock_xcryptecb mbedtls_padlock_xcryptecb
+#define pbkdf2_hmac mbedtls_pbkdf2_hmac
+#define pbkdf2_self_test mbedtls_pbkdf2_self_test
+#define pem_context mbedtls_pem_context
+#define pem_free mbedtls_pem_free
+#define pem_init mbedtls_pem_init
+#define pem_read_buffer mbedtls_pem_read_buffer
+#define pem_write_buffer mbedtls_pem_write_buffer
+#define pk_can_do mbedtls_pk_can_do
+#define pk_check_pair mbedtls_pk_check_pair
+#define pk_context mbedtls_pk_context
+#define pk_debug mbedtls_pk_debug
+#define pk_debug_item mbedtls_pk_debug_item
+#define pk_debug_type mbedtls_pk_debug_type
+#define pk_decrypt mbedtls_pk_decrypt
+#define pk_ec mbedtls_pk_ec
+#define pk_encrypt mbedtls_pk_encrypt
+#define pk_free mbedtls_pk_free
+#define pk_get_len mbedtls_pk_get_len
+#define pk_get_name mbedtls_pk_get_name
+#define pk_get_size mbedtls_pk_get_bitlen
+#define pk_get_type mbedtls_pk_get_type
+#define pk_info_from_type mbedtls_pk_info_from_type
+#define pk_info_t mbedtls_pk_info_t
+#define pk_init mbedtls_pk_init
+#define pk_init_ctx mbedtls_pk_setup
+#define pk_init_ctx_rsa_alt mbedtls_pk_setup_rsa_alt
+#define pk_load_file mbedtls_pk_load_file
+#define pk_parse_key mbedtls_pk_parse_key
+#define pk_parse_keyfile mbedtls_pk_parse_keyfile
+#define pk_parse_public_key mbedtls_pk_parse_public_key
+#define pk_parse_public_keyfile mbedtls_pk_parse_public_keyfile
+#define pk_parse_subpubkey mbedtls_pk_parse_subpubkey
+#define pk_rsa mbedtls_pk_rsa
+#define pk_rsa_alt_decrypt_func mbedtls_pk_rsa_alt_decrypt_func
+#define pk_rsa_alt_key_len_func mbedtls_pk_rsa_alt_key_len_func
+#define pk_rsa_alt_sign_func mbedtls_pk_rsa_alt_sign_func
+#define pk_rsassa_pss_options mbedtls_pk_rsassa_pss_options
+#define pk_sign mbedtls_pk_sign
+#define pk_type_t mbedtls_pk_type_t
+#define pk_verify mbedtls_pk_verify
+#define pk_verify_ext mbedtls_pk_verify_ext
+#define pk_write_key_der mbedtls_pk_write_key_der
+#define pk_write_key_pem mbedtls_pk_write_key_pem
+#define pk_write_pubkey mbedtls_pk_write_pubkey
+#define pk_write_pubkey_der mbedtls_pk_write_pubkey_der
+#define pk_write_pubkey_pem mbedtls_pk_write_pubkey_pem
+#define pkcs11_context mbedtls_pkcs11_context
+#define pkcs11_decrypt mbedtls_pkcs11_decrypt
+#define pkcs11_priv_key_free mbedtls_pkcs11_priv_key_free
+#define pkcs11_priv_key_init mbedtls_pkcs11_priv_key_bind
+#define pkcs11_sign mbedtls_pkcs11_sign
+#define pkcs11_x509_cert_init mbedtls_pkcs11_x509_cert_bind
+#define pkcs12_derivation mbedtls_pkcs12_derivation
+#define pkcs12_pbe mbedtls_pkcs12_pbe
+#define pkcs12_pbe_sha1_rc4_128 mbedtls_pkcs12_pbe_sha1_rc4_128
+#define pkcs5_pbes2 mbedtls_pkcs5_pbes2
+#define pkcs5_pbkdf2_hmac mbedtls_pkcs5_pbkdf2_hmac
+#define pkcs5_self_test mbedtls_pkcs5_self_test
+#define platform_entropy_poll mbedtls_platform_entropy_poll
+#define platform_set_exit mbedtls_platform_set_exit
+#define platform_set_fprintf mbedtls_platform_set_fprintf
+#define platform_set_malloc_free mbedtls_platform_set_malloc_free
+#define platform_set_printf mbedtls_platform_set_printf
+#define platform_set_snprintf mbedtls_platform_set_snprintf
+#define polarssl_exit mbedtls_exit
+#define polarssl_fprintf mbedtls_fprintf
+#define polarssl_free mbedtls_free
+#define polarssl_malloc mbedtls_malloc
+#define polarssl_mutex_free mbedtls_mutex_free
+#define polarssl_mutex_init mbedtls_mutex_init
+#define polarssl_mutex_lock mbedtls_mutex_lock
+#define polarssl_mutex_unlock mbedtls_mutex_unlock
+#define polarssl_printf mbedtls_printf
+#define polarssl_snprintf mbedtls_snprintf
+#define polarssl_strerror mbedtls_strerror
+#define ripemd160 mbedtls_ripemd160
+#define ripemd160_context mbedtls_ripemd160_context
+#define ripemd160_file mbedtls_ripemd160_file
+#define ripemd160_finish mbedtls_ripemd160_finish
+#define ripemd160_free mbedtls_ripemd160_free
+#define ripemd160_hmac mbedtls_ripemd160_hmac
+#define ripemd160_hmac_finish mbedtls_ripemd160_hmac_finish
+#define ripemd160_hmac_reset mbedtls_ripemd160_hmac_reset
+#define ripemd160_hmac_starts mbedtls_ripemd160_hmac_starts
+#define ripemd160_hmac_update mbedtls_ripemd160_hmac_update
+#define ripemd160_info mbedtls_ripemd160_info
+#define ripemd160_init mbedtls_ripemd160_init
+#define ripemd160_process mbedtls_ripemd160_process
+#define ripemd160_self_test mbedtls_ripemd160_self_test
+#define ripemd160_starts mbedtls_ripemd160_starts
+#define ripemd160_update mbedtls_ripemd160_update
+#define rsa_alt_context mbedtls_rsa_alt_context
+#define rsa_alt_info mbedtls_rsa_alt_info
+#define rsa_check_privkey mbedtls_rsa_check_privkey
+#define rsa_check_pub_priv mbedtls_rsa_check_pub_priv
+#define rsa_check_pubkey mbedtls_rsa_check_pubkey
+#define rsa_context mbedtls_rsa_context
+#define rsa_copy mbedtls_rsa_copy
+#define rsa_decrypt_func mbedtls_rsa_decrypt_func
+#define rsa_free mbedtls_rsa_free
+#define rsa_gen_key mbedtls_rsa_gen_key
+#define rsa_info mbedtls_rsa_info
+#define rsa_init mbedtls_rsa_init
+#define rsa_key_len_func mbedtls_rsa_key_len_func
+#define rsa_pkcs1_decrypt mbedtls_rsa_pkcs1_decrypt
+#define rsa_pkcs1_encrypt mbedtls_rsa_pkcs1_encrypt
+#define rsa_pkcs1_sign mbedtls_rsa_pkcs1_sign
+#define rsa_pkcs1_verify mbedtls_rsa_pkcs1_verify
+#define rsa_private mbedtls_rsa_private
+#define rsa_public mbedtls_rsa_public
+#define rsa_rsaes_oaep_decrypt mbedtls_rsa_rsaes_oaep_decrypt
+#define rsa_rsaes_oaep_encrypt mbedtls_rsa_rsaes_oaep_encrypt
+#define rsa_rsaes_pkcs1_v15_decrypt mbedtls_rsa_rsaes_pkcs1_v15_decrypt
+#define rsa_rsaes_pkcs1_v15_encrypt mbedtls_rsa_rsaes_pkcs1_v15_encrypt
+#define rsa_rsassa_pkcs1_v15_sign mbedtls_rsa_rsassa_pkcs1_v15_sign
+#define rsa_rsassa_pkcs1_v15_verify mbedtls_rsa_rsassa_pkcs1_v15_verify
+#define rsa_rsassa_pss_sign mbedtls_rsa_rsassa_pss_sign
+#define rsa_rsassa_pss_verify mbedtls_rsa_rsassa_pss_verify
+#define rsa_rsassa_pss_verify_ext mbedtls_rsa_rsassa_pss_verify_ext
+#define rsa_self_test mbedtls_rsa_self_test
+#define rsa_set_padding mbedtls_rsa_set_padding
+#define rsa_sign_func mbedtls_rsa_sign_func
+#define safer_memcmp mbedtls_ssl_safer_memcmp
+#define set_alarm mbedtls_set_alarm
+#define sha1 mbedtls_sha1
+#define sha1_context mbedtls_sha1_context
+#define sha1_file mbedtls_sha1_file
+#define sha1_finish mbedtls_sha1_finish
+#define sha1_free mbedtls_sha1_free
+#define sha1_hmac mbedtls_sha1_hmac
+#define sha1_hmac_finish mbedtls_sha1_hmac_finish
+#define sha1_hmac_reset mbedtls_sha1_hmac_reset
+#define sha1_hmac_starts mbedtls_sha1_hmac_starts
+#define sha1_hmac_update mbedtls_sha1_hmac_update
+#define sha1_info mbedtls_sha1_info
+#define sha1_init mbedtls_sha1_init
+#define sha1_process mbedtls_sha1_process
+#define sha1_self_test mbedtls_sha1_self_test
+#define sha1_starts mbedtls_sha1_starts
+#define sha1_update mbedtls_sha1_update
+#define sha224_info mbedtls_sha224_info
+#define sha256 mbedtls_sha256
+#define sha256_context mbedtls_sha256_context
+#define sha256_file mbedtls_sha256_file
+#define sha256_finish mbedtls_sha256_finish
+#define sha256_free mbedtls_sha256_free
+#define sha256_hmac mbedtls_sha256_hmac
+#define sha256_hmac_finish mbedtls_sha256_hmac_finish
+#define sha256_hmac_reset mbedtls_sha256_hmac_reset
+#define sha256_hmac_starts mbedtls_sha256_hmac_starts
+#define sha256_hmac_update mbedtls_sha256_hmac_update
+#define sha256_info mbedtls_sha256_info
+#define sha256_init mbedtls_sha256_init
+#define sha256_process mbedtls_sha256_process
+#define sha256_self_test mbedtls_sha256_self_test
+#define sha256_starts mbedtls_sha256_starts
+#define sha256_update mbedtls_sha256_update
+#define sha384_info mbedtls_sha384_info
+#define sha512 mbedtls_sha512
+#define sha512_context mbedtls_sha512_context
+#define sha512_file mbedtls_sha512_file
+#define sha512_finish mbedtls_sha512_finish
+#define sha512_free mbedtls_sha512_free
+#define sha512_hmac mbedtls_sha512_hmac
+#define sha512_hmac_finish mbedtls_sha512_hmac_finish
+#define sha512_hmac_reset mbedtls_sha512_hmac_reset
+#define sha512_hmac_starts mbedtls_sha512_hmac_starts
+#define sha512_hmac_update mbedtls_sha512_hmac_update
+#define sha512_info mbedtls_sha512_info
+#define sha512_init mbedtls_sha512_init
+#define sha512_process mbedtls_sha512_process
+#define sha512_self_test mbedtls_sha512_self_test
+#define sha512_starts mbedtls_sha512_starts
+#define sha512_update mbedtls_sha512_update
+#define source_state mbedtls_entropy_source_state
+#define ssl_cache_context mbedtls_ssl_cache_context
+#define ssl_cache_entry mbedtls_ssl_cache_entry
+#define ssl_cache_free mbedtls_ssl_cache_free
+#define ssl_cache_get mbedtls_ssl_cache_get
+#define ssl_cache_init mbedtls_ssl_cache_init
+#define ssl_cache_set mbedtls_ssl_cache_set
+#define ssl_cache_set_max_entries mbedtls_ssl_cache_set_max_entries
+#define ssl_cache_set_timeout mbedtls_ssl_cache_set_timeout
+#define ssl_check_cert_usage mbedtls_ssl_check_cert_usage
+#define ssl_ciphersuite_from_id mbedtls_ssl_ciphersuite_from_id
+#define ssl_ciphersuite_from_string mbedtls_ssl_ciphersuite_from_string
+#define ssl_ciphersuite_t mbedtls_ssl_ciphersuite_t
+#define ssl_ciphersuite_uses_ec mbedtls_ssl_ciphersuite_uses_ec
+#define ssl_ciphersuite_uses_psk mbedtls_ssl_ciphersuite_uses_psk
+#define ssl_close_notify mbedtls_ssl_close_notify
+#define ssl_context mbedtls_ssl_context
+#define ssl_cookie_check mbedtls_ssl_cookie_check
+#define ssl_cookie_check_t mbedtls_ssl_cookie_check_t
+#define ssl_cookie_ctx mbedtls_ssl_cookie_ctx
+#define ssl_cookie_free mbedtls_ssl_cookie_free
+#define ssl_cookie_init mbedtls_ssl_cookie_init
+#define ssl_cookie_set_timeout mbedtls_ssl_cookie_set_timeout
+#define ssl_cookie_setup mbedtls_ssl_cookie_setup
+#define ssl_cookie_write mbedtls_ssl_cookie_write
+#define ssl_cookie_write_t mbedtls_ssl_cookie_write_t
+#define ssl_curve_is_acceptable mbedtls_ssl_curve_is_acceptable
+#define ssl_derive_keys mbedtls_ssl_derive_keys
+#define ssl_dtls_replay_check mbedtls_ssl_dtls_replay_check
+#define ssl_dtls_replay_update mbedtls_ssl_dtls_replay_update
+#define ssl_fetch_input mbedtls_ssl_fetch_input
+#define ssl_flight_item mbedtls_ssl_flight_item
+#define ssl_flush_output mbedtls_ssl_flush_output
+#define ssl_free mbedtls_ssl_free
+#define ssl_get_alpn_protocol mbedtls_ssl_get_alpn_protocol
+#define ssl_get_bytes_avail mbedtls_ssl_get_bytes_avail
+#define ssl_get_ciphersuite mbedtls_ssl_get_ciphersuite
+#define ssl_get_ciphersuite_id mbedtls_ssl_get_ciphersuite_id
+#define ssl_get_ciphersuite_name mbedtls_ssl_get_ciphersuite_name
+#define ssl_get_ciphersuite_sig_pk_alg mbedtls_ssl_get_ciphersuite_sig_pk_alg
+#define ssl_get_peer_cert mbedtls_ssl_get_peer_cert
+#define ssl_get_record_expansion mbedtls_ssl_get_record_expansion
+#define ssl_get_session mbedtls_ssl_get_session
+#define ssl_get_verify_result mbedtls_ssl_get_verify_result
+#define ssl_get_version mbedtls_ssl_get_version
+#define ssl_handshake mbedtls_ssl_handshake
+#define ssl_handshake_client_step mbedtls_ssl_handshake_client_step
+#define ssl_handshake_free mbedtls_ssl_handshake_free
+#define ssl_handshake_params mbedtls_ssl_handshake_params
+#define ssl_handshake_server_step mbedtls_ssl_handshake_server_step
+#define ssl_handshake_step mbedtls_ssl_handshake_step
+#define ssl_handshake_wrapup mbedtls_ssl_handshake_wrapup
+#define ssl_hdr_len mbedtls_ssl_hdr_len
+#define ssl_hs_hdr_len mbedtls_ssl_hs_hdr_len
+#define ssl_hw_record_activate mbedtls_ssl_hw_record_activate
+#define ssl_hw_record_finish mbedtls_ssl_hw_record_finish
+#define ssl_hw_record_init mbedtls_ssl_hw_record_init
+#define ssl_hw_record_read mbedtls_ssl_hw_record_read
+#define ssl_hw_record_reset mbedtls_ssl_hw_record_reset
+#define ssl_hw_record_write mbedtls_ssl_hw_record_write
+#define ssl_init mbedtls_ssl_init
+#define ssl_key_cert mbedtls_ssl_key_cert
+#define ssl_legacy_renegotiation mbedtls_ssl_conf_legacy_renegotiation
+#define ssl_list_ciphersuites mbedtls_ssl_list_ciphersuites
+#define ssl_md_alg_from_hash mbedtls_ssl_md_alg_from_hash
+#define ssl_optimize_checksum mbedtls_ssl_optimize_checksum
+#define ssl_own_cert mbedtls_ssl_own_cert
+#define ssl_own_key mbedtls_ssl_own_key
+#define ssl_parse_certificate mbedtls_ssl_parse_certificate
+#define ssl_parse_change_cipher_spec mbedtls_ssl_parse_change_cipher_spec
+#define ssl_parse_finished mbedtls_ssl_parse_finished
+#define ssl_pk_alg_from_sig mbedtls_ssl_pk_alg_from_sig
+#define ssl_pkcs11_decrypt mbedtls_ssl_pkcs11_decrypt
+#define ssl_pkcs11_key_len mbedtls_ssl_pkcs11_key_len
+#define ssl_pkcs11_sign mbedtls_ssl_pkcs11_sign
+#define ssl_psk_derive_premaster mbedtls_ssl_psk_derive_premaster
+#define ssl_read mbedtls_ssl_read
+#define ssl_read_record mbedtls_ssl_read_record
+#define ssl_read_version mbedtls_ssl_read_version
+#define ssl_recv_flight_completed mbedtls_ssl_recv_flight_completed
+#define ssl_renegotiate mbedtls_ssl_renegotiate
+#define ssl_resend mbedtls_ssl_resend
+#define ssl_reset_checksum mbedtls_ssl_reset_checksum
+#define ssl_send_alert_message mbedtls_ssl_send_alert_message
+#define ssl_send_fatal_handshake_failure mbedtls_ssl_send_fatal_handshake_failure
+#define ssl_send_flight_completed mbedtls_ssl_send_flight_completed
+#define ssl_session mbedtls_ssl_session
+#define ssl_session_free mbedtls_ssl_session_free
+#define ssl_session_init mbedtls_ssl_session_init
+#define ssl_session_reset mbedtls_ssl_session_reset
+#define ssl_set_alpn_protocols mbedtls_ssl_conf_alpn_protocols
+#define ssl_set_arc4_support mbedtls_ssl_conf_arc4_support
+#define ssl_set_authmode mbedtls_ssl_conf_authmode
+#define ssl_set_bio mbedtls_ssl_set_bio
+#define ssl_set_bio mbedtls_ssl_set_bio_timeout
+#define ssl_set_ca_chain mbedtls_ssl_conf_ca_chain
+#define ssl_set_cbc_record_splitting mbedtls_ssl_conf_cbc_record_splitting
+#define ssl_set_ciphersuites mbedtls_ssl_conf_ciphersuites
+#define ssl_set_ciphersuites_for_version mbedtls_ssl_conf_ciphersuites_for_version
+#define ssl_set_client_transport_id mbedtls_ssl_set_client_transport_id
+#define ssl_set_curves mbedtls_ssl_conf_curves
+#define ssl_set_dbg mbedtls_ssl_conf_dbg
+#define ssl_set_dh_param mbedtls_ssl_conf_dh_param
+#define ssl_set_dh_param_ctx mbedtls_ssl_conf_dh_param_ctx
+#define ssl_set_dtls_anti_replay mbedtls_ssl_conf_dtls_anti_replay
+#define ssl_set_dtls_badmac_limit mbedtls_ssl_conf_dtls_badmac_limit
+#define ssl_set_dtls_cookies mbedtls_ssl_conf_dtls_cookies
+#define ssl_set_encrypt_then_mac mbedtls_ssl_conf_encrypt_then_mac
+#define ssl_set_endpoint mbedtls_ssl_conf_endpoint
+#define ssl_set_extended_master_secret mbedtls_ssl_conf_extended_master_secret
+#define ssl_set_fallback mbedtls_ssl_conf_fallback
+#define ssl_set_handshake_timeout mbedtls_ssl_conf_handshake_timeout
+#define ssl_set_hostname mbedtls_ssl_set_hostname
+#define ssl_set_max_frag_len mbedtls_ssl_conf_max_frag_len
+#define ssl_set_max_version mbedtls_ssl_conf_max_version
+#define ssl_set_min_version mbedtls_ssl_conf_min_version
+#define ssl_set_own_cert mbedtls_ssl_conf_own_cert
+#define ssl_set_own_cert_alt mbedtls_ssl_set_own_cert_alt
+#define ssl_set_own_cert_rsa mbedtls_ssl_set_own_cert_rsa
+#define ssl_set_psk mbedtls_ssl_conf_psk
+#define ssl_set_psk_cb mbedtls_ssl_conf_psk_cb
+#define ssl_set_renegotiation mbedtls_ssl_conf_renegotiation
+#define ssl_set_renegotiation_enforced mbedtls_ssl_conf_renegotiation_enforced
+#define ssl_set_renegotiation_period mbedtls_ssl_conf_renegotiation_period
+#define ssl_set_rng mbedtls_ssl_conf_rng
+#define ssl_set_session mbedtls_ssl_set_session
+#define ssl_set_session_cache mbedtls_ssl_conf_session_cache
+#define ssl_set_session_ticket_lifetime mbedtls_ssl_conf_session_ticket_lifetime
+#define ssl_set_session_tickets mbedtls_ssl_conf_session_tickets
+#define ssl_set_sni mbedtls_ssl_conf_sni
+#define ssl_set_transport mbedtls_ssl_conf_transport
+#define ssl_set_truncated_hmac mbedtls_ssl_conf_truncated_hmac
+#define ssl_set_verify mbedtls_ssl_conf_verify
+#define ssl_sig_from_pk mbedtls_ssl_sig_from_pk
+#define ssl_states mbedtls_ssl_states
+#define ssl_ticket_keys mbedtls_ssl_ticket_keys
+#define ssl_transform mbedtls_ssl_transform
+#define ssl_transform_free mbedtls_ssl_transform_free
+#define ssl_write mbedtls_ssl_write
+#define ssl_write_certificate mbedtls_ssl_write_certificate
+#define ssl_write_change_cipher_spec mbedtls_ssl_write_change_cipher_spec
+#define ssl_write_finished mbedtls_ssl_write_finished
+#define ssl_write_record mbedtls_ssl_write_record
+#define ssl_write_version mbedtls_ssl_write_version
+#define supported_ciphers mbedtls_cipher_supported
+#define t_sint mbedtls_mpi_sint
+#define t_udbl mbedtls_t_udbl
+#define t_uint mbedtls_mpi_uint
+#define test_ca_crt mbedtls_test_ca_crt
+#define test_ca_crt_ec mbedtls_test_ca_crt_ec
+#define test_ca_crt_rsa mbedtls_test_ca_crt_rsa
+#define test_ca_key mbedtls_test_ca_key
+#define test_ca_key_ec mbedtls_test_ca_key_ec
+#define test_ca_key_rsa mbedtls_test_ca_key_rsa
+#define test_ca_list mbedtls_test_cas_pem
+#define test_ca_pwd mbedtls_test_ca_pwd
+#define test_ca_pwd_ec mbedtls_test_ca_pwd_ec
+#define test_ca_pwd_rsa mbedtls_test_ca_pwd_rsa
+#define test_cli_crt mbedtls_test_cli_crt
+#define test_cli_crt_ec mbedtls_test_cli_crt_ec
+#define test_cli_crt_rsa mbedtls_test_cli_crt_rsa
+#define test_cli_key mbedtls_test_cli_key
+#define test_cli_key_ec mbedtls_test_cli_key_ec
+#define test_cli_key_rsa mbedtls_test_cli_key_rsa
+#define test_dhm_params mbedtls_test_dhm_params
+#define test_srv_crt mbedtls_test_srv_crt
+#define test_srv_crt_ec mbedtls_test_srv_crt_ec
+#define test_srv_crt_rsa mbedtls_test_srv_crt_rsa
+#define test_srv_key mbedtls_test_srv_key
+#define test_srv_key_ec mbedtls_test_srv_key_ec
+#define test_srv_key_rsa mbedtls_test_srv_key_rsa
+#define threading_mutex_t mbedtls_threading_mutex_t
+#define threading_set_alt mbedtls_threading_set_alt
+#define timing_self_test mbedtls_timing_self_test
+#define version_check_feature mbedtls_version_check_feature
+#define version_get_number mbedtls_version_get_number
+#define version_get_string mbedtls_version_get_string
+#define version_get_string_full mbedtls_version_get_string_full
+#define x509_bitstring mbedtls_x509_bitstring
+#define x509_buf mbedtls_x509_buf
+#define x509_crl mbedtls_x509_crl
+#define x509_crl_entry mbedtls_x509_crl_entry
+#define x509_crl_free mbedtls_x509_crl_free
+#define x509_crl_info mbedtls_x509_crl_info
+#define x509_crl_init mbedtls_x509_crl_init
+#define x509_crl_parse mbedtls_x509_crl_parse
+#define x509_crl_parse_der mbedtls_x509_crl_parse_der
+#define x509_crl_parse_file mbedtls_x509_crl_parse_file
+#define x509_crt mbedtls_x509_crt
+#define x509_crt_check_extended_key_usage mbedtls_x509_crt_check_extended_key_usage
+#define x509_crt_check_key_usage mbedtls_x509_crt_check_key_usage
+#define x509_crt_free mbedtls_x509_crt_free
+#define x509_crt_info mbedtls_x509_crt_info
+#define x509_crt_init mbedtls_x509_crt_init
+#define x509_crt_parse mbedtls_x509_crt_parse
+#define x509_crt_parse_der mbedtls_x509_crt_parse_der
+#define x509_crt_parse_file mbedtls_x509_crt_parse_file
+#define x509_crt_parse_path mbedtls_x509_crt_parse_path
+#define x509_crt_revoked mbedtls_x509_crt_is_revoked
+#define x509_crt_verify mbedtls_x509_crt_verify
+#define x509_csr mbedtls_x509_csr
+#define x509_csr_free mbedtls_x509_csr_free
+#define x509_csr_info mbedtls_x509_csr_info
+#define x509_csr_init mbedtls_x509_csr_init
+#define x509_csr_parse mbedtls_x509_csr_parse
+#define x509_csr_parse_der mbedtls_x509_csr_parse_der
+#define x509_csr_parse_file mbedtls_x509_csr_parse_file
+#define x509_dn_gets mbedtls_x509_dn_gets
+#define x509_get_alg mbedtls_x509_get_alg
+#define x509_get_alg_null mbedtls_x509_get_alg_null
+#define x509_get_ext mbedtls_x509_get_ext
+#define x509_get_name mbedtls_x509_get_name
+#define x509_get_rsassa_pss_params mbedtls_x509_get_rsassa_pss_params
+#define x509_get_serial mbedtls_x509_get_serial
+#define x509_get_sig mbedtls_x509_get_sig
+#define x509_get_sig_alg mbedtls_x509_get_sig_alg
+#define x509_get_time mbedtls_x509_get_time
+#define x509_key_size_helper mbedtls_x509_key_size_helper
+#define x509_name mbedtls_x509_name
+#define x509_oid_get_description mbedtls_x509_oid_get_description
+#define x509_oid_get_numeric_string mbedtls_x509_oid_get_numeric_string
+#define x509_self_test mbedtls_x509_self_test
+#define x509_sequence mbedtls_x509_sequence
+#define x509_serial_gets mbedtls_x509_serial_gets
+#define x509_set_extension mbedtls_x509_set_extension
+#define x509_sig_alg_gets mbedtls_x509_sig_alg_gets
+#define x509_string_to_names mbedtls_x509_string_to_names
+#define x509_time mbedtls_x509_time
+#define x509_time_expired mbedtls_x509_time_is_past
+#define x509_time_future mbedtls_x509_time_is_future
+#define x509_write_extensions mbedtls_x509_write_extensions
+#define x509_write_names mbedtls_x509_write_names
+#define x509_write_sig mbedtls_x509_write_sig
+#define x509write_cert mbedtls_x509write_cert
+#define x509write_crt_der mbedtls_x509write_crt_der
+#define x509write_crt_free mbedtls_x509write_crt_free
+#define x509write_crt_init mbedtls_x509write_crt_init
+#define x509write_crt_pem mbedtls_x509write_crt_pem
+#define x509write_crt_set_authority_key_identifier mbedtls_x509write_crt_set_authority_key_identifier
+#define x509write_crt_set_basic_constraints mbedtls_x509write_crt_set_basic_constraints
+#define x509write_crt_set_extension mbedtls_x509write_crt_set_extension
+#define x509write_crt_set_issuer_key mbedtls_x509write_crt_set_issuer_key
+#define x509write_crt_set_issuer_name mbedtls_x509write_crt_set_issuer_name
+#define x509write_crt_set_key_usage mbedtls_x509write_crt_set_key_usage
+#define x509write_crt_set_md_alg mbedtls_x509write_crt_set_md_alg
+#define x509write_crt_set_ns_cert_type mbedtls_x509write_crt_set_ns_cert_type
+#define x509write_crt_set_serial mbedtls_x509write_crt_set_serial
+#define x509write_crt_set_subject_key mbedtls_x509write_crt_set_subject_key
+#define x509write_crt_set_subject_key_identifier mbedtls_x509write_crt_set_subject_key_identifier
+#define x509write_crt_set_subject_name mbedtls_x509write_crt_set_subject_name
+#define x509write_crt_set_validity mbedtls_x509write_crt_set_validity
+#define x509write_crt_set_version mbedtls_x509write_crt_set_version
+#define x509write_csr mbedtls_x509write_csr
+#define x509write_csr_der mbedtls_x509write_csr_der
+#define x509write_csr_free mbedtls_x509write_csr_free
+#define x509write_csr_init mbedtls_x509write_csr_init
+#define x509write_csr_pem mbedtls_x509write_csr_pem
+#define x509write_csr_set_extension mbedtls_x509write_csr_set_extension
+#define x509write_csr_set_key mbedtls_x509write_csr_set_key
+#define x509write_csr_set_key_usage mbedtls_x509write_csr_set_key_usage
+#define x509write_csr_set_md_alg mbedtls_x509write_csr_set_md_alg
+#define x509write_csr_set_ns_cert_type mbedtls_x509write_csr_set_ns_cert_type
+#define x509write_csr_set_subject_name mbedtls_x509write_csr_set_subject_name
+#define xtea_context mbedtls_xtea_context
+#define xtea_crypt_cbc mbedtls_xtea_crypt_cbc
+#define xtea_crypt_ecb mbedtls_xtea_crypt_ecb
+#define xtea_free mbedtls_xtea_free
+#define xtea_init mbedtls_xtea_init
+#define xtea_self_test mbedtls_xtea_self_test
+#define xtea_setup mbedtls_xtea_setup
+
+#endif /* compat-1.3.h */
+#endif /* MBEDTLS_DEPRECATED_REMOVED */
diff --git a/client/3rd/ShadowSocks/ShadowSocks/mbedtls/include/config.h b/client/3rd/ShadowSocks/ShadowSocks/mbedtls/include/config.h
new file mode 100644
index 00000000..68153efd
--- /dev/null
+++ b/client/3rd/ShadowSocks/ShadowSocks/mbedtls/include/config.h
@@ -0,0 +1,2462 @@
+/**
+ * \file config.h
+ *
+ * \brief Configuration options (set of defines)
+ *
+ *  Copyright (C) 2006-2015, ARM Limited, All Rights Reserved
+ *  SPDX-License-Identifier: Apache-2.0
+ *
+ *  Licensed under the Apache License, Version 2.0 (the "License"); you may
+ *  not use this file except in compliance with the License.
+ *  You may obtain a copy of the License at
+ *
+ *  http://www.apache.org/licenses/LICENSE-2.0
+ *
+ *  Unless required by applicable law or agreed to in writing, software
+ *  distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
+ *  WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ *  See the License for the specific language governing permissions and
+ *  limitations under the License.
+ *
+ *  This file is part of mbed TLS (https://tls.mbed.org)
+ */
+
+/*
+ * This set of compile-time options may be used to enable
+ * or disable features selectively, and reduce the global
+ * memory footprint.
+ */
+#ifndef MBEDTLS_CONFIG_H
+#define MBEDTLS_CONFIG_H
+
+#if defined(_MSC_VER) && !defined(_CRT_SECURE_NO_DEPRECATE)
+#define _CRT_SECURE_NO_DEPRECATE 1
+#endif
+
+/**
+ * \name SECTION: System support
+ *
+ * This section sets system specific settings.
+ * \{
+ */
+
+/**
+ * \def MBEDTLS_HAVE_ASM
+ *
+ * The compiler has support for asm().
+ *
+ * Requires support for asm() in compiler.
+ *
+ * Used in:
+ *      library/timing.c
+ *      library/padlock.c
+ *      include/mbedtls/bn_mul.h
+ *
+ * Comment to disable the use of assembly code.
+ */
+#define MBEDTLS_HAVE_ASM
+
+/**
+ * \def MBEDTLS_HAVE_SSE2
+ *
+ * CPU supports SSE2 instruction set.
+ *
+ * Uncomment if the CPU supports SSE2 (IA-32 specific).
+ */
+//#define MBEDTLS_HAVE_SSE2
+
+/**
+ * \def MBEDTLS_HAVE_TIME
+ *
+ * System has time.h and time().
+ * The time does not need to be correct, only time differences are used,
+ * by contrast with MBEDTLS_HAVE_TIME_DATE
+ *
+ * Comment if your system does not support time functions
+ */
+#define MBEDTLS_HAVE_TIME
+
+/**
+ * \def MBEDTLS_HAVE_TIME_DATE
+ *
+ * System has time.h and time(), gmtime() and the clock is correct.
+ * The time needs to be correct (not necesarily very accurate, but at least
+ * the date should be correct). This is used to verify the validity period of
+ * X.509 certificates.
+ *
+ * Comment if your system does not have a correct clock.
+ */
+#define MBEDTLS_HAVE_TIME_DATE
+
+/**
+ * \def MBEDTLS_PLATFORM_MEMORY
+ *
+ * Enable the memory allocation layer.
+ *
+ * By default mbed TLS uses the system-provided calloc() and free().
+ * This allows different allocators (self-implemented or provided) to be
+ * provided to the platform abstraction layer.
+ *
+ * Enabling MBEDTLS_PLATFORM_MEMORY without the
+ * MBEDTLS_PLATFORM_{FREE,CALLOC}_MACROs will provide
+ * "mbedtls_platform_set_calloc_free()" allowing you to set an alternative calloc() and
+ * free() function pointer at runtime.
+ *
+ * Enabling MBEDTLS_PLATFORM_MEMORY and specifying
+ * MBEDTLS_PLATFORM_{CALLOC,FREE}_MACROs will allow you to specify the
+ * alternate function at compile time.
+ *
+ * Requires: MBEDTLS_PLATFORM_C
+ *
+ * Enable this layer to allow use of alternative memory allocators.
+ */
+//#define MBEDTLS_PLATFORM_MEMORY
+
+/**
+ * \def MBEDTLS_PLATFORM_NO_STD_FUNCTIONS
+ *
+ * Do not assign standard functions in the platform layer (e.g. calloc() to
+ * MBEDTLS_PLATFORM_STD_CALLOC and printf() to MBEDTLS_PLATFORM_STD_PRINTF)
+ *
+ * This makes sure there are no linking errors on platforms that do not support
+ * these functions. You will HAVE to provide alternatives, either at runtime
+ * via the platform_set_xxx() functions or at compile time by setting
+ * the MBEDTLS_PLATFORM_STD_XXX defines, or enabling a
+ * MBEDTLS_PLATFORM_XXX_MACRO.
+ *
+ * Requires: MBEDTLS_PLATFORM_C
+ *
+ * Uncomment to prevent default assignment of standard functions in the
+ * platform layer.
+ */
+//#define MBEDTLS_PLATFORM_NO_STD_FUNCTIONS
+
+/**
+ * \def MBEDTLS_PLATFORM_XXX_ALT
+ *
+ * Uncomment a macro to let mbed TLS support the function in the platform
+ * abstraction layer.
+ *
+ * Example: In case you uncomment MBEDTLS_PLATFORM_PRINTF_ALT, mbed TLS will
+ * provide a function "mbedtls_platform_set_printf()" that allows you to set an
+ * alternative printf function pointer.
+ *
+ * All these define require MBEDTLS_PLATFORM_C to be defined!
+ *
+ * \note MBEDTLS_PLATFORM_SNPRINTF_ALT is required on Windows;
+ * it will be enabled automatically by check_config.h
+ *
+ * \warning MBEDTLS_PLATFORM_XXX_ALT cannot be defined at the same time as
+ * MBEDTLS_PLATFORM_XXX_MACRO!
+ *
+ * Uncomment a macro to enable alternate implementation of specific base
+ * platform function
+ */
+//#define MBEDTLS_PLATFORM_EXIT_ALT
+//#define MBEDTLS_PLATFORM_FPRINTF_ALT
+//#define MBEDTLS_PLATFORM_PRINTF_ALT
+//#define MBEDTLS_PLATFORM_SNPRINTF_ALT
+
+/**
+ * \def MBEDTLS_DEPRECATED_WARNING
+ *
+ * Mark deprecated functions so that they generate a warning if used.
+ * Functions deprecated in one version will usually be removed in the next
+ * version. You can enable this to help you prepare the transition to a new
+ * major version by making sure your code is not using these functions.
+ *
+ * This only works with GCC and Clang. With other compilers, you may want to
+ * use MBEDTLS_DEPRECATED_REMOVED
+ *
+ * Uncomment to get warnings on using deprecated functions.
+ */
+//#define MBEDTLS_DEPRECATED_WARNING
+
+/**
+ * \def MBEDTLS_DEPRECATED_REMOVED
+ *
+ * Remove deprecated functions so that they generate an error if used.
+ * Functions deprecated in one version will usually be removed in the next
+ * version. You can enable this to help you prepare the transition to a new
+ * major version by making sure your code is not using these functions.
+ *
+ * Uncomment to get errors on using deprecated functions.
+ */
+//#define MBEDTLS_DEPRECATED_REMOVED
+
+/* \} name SECTION: System support */
+
+/**
+ * \name SECTION: mbed TLS feature support
+ *
+ * This section sets support for features that are or are not needed
+ * within the modules that are enabled.
+ * \{
+ */
+
+/**
+ * \def MBEDTLS_TIMING_ALT
+ *
+ * Uncomment to provide your own alternate implementation for mbedtls_timing_hardclock(),
+ * mbedtls_timing_get_timer(), mbedtls_set_alarm(), mbedtls_set/get_delay()
+ *
+ * Only works if you have MBEDTLS_TIMING_C enabled.
+ *
+ * You will need to provide a header "timing_alt.h" and an implementation at
+ * compile time.
+ */
+//#define MBEDTLS_TIMING_ALT
+
+/**
+ * \def MBEDTLS__MODULE_NAME__ALT
+ *
+ * Uncomment a macro to let mbed TLS use your alternate core implementation of
+ * a symmetric crypto or hash module (e.g. platform specific assembly
+ * optimized implementations). Keep in mind that the function prototypes
+ * should remain the same.
+ *
+ * This replaces the whole module. If you only want to replace one of the
+ * functions, use one of the MBEDTLS__FUNCTION_NAME__ALT flags.
+ *
+ * Example: In case you uncomment MBEDTLS_AES_ALT, mbed TLS will no longer
+ * provide the "struct mbedtls_aes_context" definition and omit the base function
+ * declarations and implementations. "aes_alt.h" will be included from
+ * "aes.h" to include the new function definitions.
+ *
+ * Uncomment a macro to enable alternate implementation of the corresponding
+ * module.
+ */
+//#define MBEDTLS_AES_ALT
+//#define MBEDTLS_ARC4_ALT
+//#define MBEDTLS_BLOWFISH_ALT
+//#define MBEDTLS_CAMELLIA_ALT
+//#define MBEDTLS_DES_ALT
+//#define MBEDTLS_XTEA_ALT
+//#define MBEDTLS_MD2_ALT
+//#define MBEDTLS_MD4_ALT
+//#define MBEDTLS_MD5_ALT
+//#define MBEDTLS_RIPEMD160_ALT
+//#define MBEDTLS_SHA1_ALT
+//#define MBEDTLS_SHA256_ALT
+//#define MBEDTLS_SHA512_ALT
+
+/**
+ * \def MBEDTLS__FUNCTION_NAME__ALT
+ *
+ * Uncomment a macro to let mbed TLS use you alternate core implementation of
+ * symmetric crypto or hash function. Keep in mind that function prototypes
+ * should remain the same.
+ *
+ * This replaces only one function. The header file from mbed TLS is still
+ * used, in contrast to the MBEDTLS__MODULE_NAME__ALT flags.
+ *
+ * Example: In case you uncomment MBEDTLS_SHA256_PROCESS_ALT, mbed TLS will
+ * no longer provide the mbedtls_sha1_process() function, but it will still provide
+ * the other function (using your mbedtls_sha1_process() function) and the definition
+ * of mbedtls_sha1_context, so your implementation of mbedtls_sha1_process must be compatible
+ * with this definition.
+ *
+ * Note: if you use the AES_xxx_ALT macros, then is is recommended to also set
+ * MBEDTLS_AES_ROM_TABLES in order to help the linker garbage-collect the AES
+ * tables.
+ *
+ * Uncomment a macro to enable alternate implementation of the corresponding
+ * function.
+ */
+//#define MBEDTLS_MD2_PROCESS_ALT
+//#define MBEDTLS_MD4_PROCESS_ALT
+//#define MBEDTLS_MD5_PROCESS_ALT
+//#define MBEDTLS_RIPEMD160_PROCESS_ALT
+//#define MBEDTLS_SHA1_PROCESS_ALT
+//#define MBEDTLS_SHA256_PROCESS_ALT
+//#define MBEDTLS_SHA512_PROCESS_ALT
+//#define MBEDTLS_DES_SETKEY_ALT
+//#define MBEDTLS_DES_CRYPT_ECB_ALT
+//#define MBEDTLS_DES3_CRYPT_ECB_ALT
+//#define MBEDTLS_AES_SETKEY_ENC_ALT
+//#define MBEDTLS_AES_SETKEY_DEC_ALT
+//#define MBEDTLS_AES_ENCRYPT_ALT
+//#define MBEDTLS_AES_DECRYPT_ALT
+
+/**
+ * \def MBEDTLS_ENTROPY_HARDWARE_ALT
+ *
+ * Uncomment this macro to let mbed TLS use your own implementation of a
+ * hardware entropy collector.
+ *
+ * Your function must be called \c mbedtls_hardware_poll(), have the same
+ * prototype as declared in entropy_poll.h, and accept NULL as first argument.
+ *
+ * Uncomment to use your own hardware entropy collector.
+ */
+//#define MBEDTLS_ENTROPY_HARDWARE_ALT
+
+/**
+ * \def MBEDTLS_AES_ROM_TABLES
+ *
+ * Store the AES tables in ROM.
+ *
+ * Uncomment this macro to store the AES tables in ROM.
+ */
+//#define MBEDTLS_AES_ROM_TABLES
+
+/**
+ * \def MBEDTLS_CAMELLIA_SMALL_MEMORY
+ *
+ * Use less ROM for the Camellia implementation (saves about 768 bytes).
+ *
+ * Uncomment this macro to use less memory for Camellia.
+ */
+//#define MBEDTLS_CAMELLIA_SMALL_MEMORY
+
+/**
+ * \def MBEDTLS_CIPHER_MODE_CBC
+ *
+ * Enable Cipher Block Chaining mode (CBC) for symmetric ciphers.
+ */
+#define MBEDTLS_CIPHER_MODE_CBC
+
+/**
+ * \def MBEDTLS_CIPHER_MODE_CFB
+ *
+ * Enable Cipher Feedback mode (CFB) for symmetric ciphers.
+ */
+#define MBEDTLS_CIPHER_MODE_CFB
+
+/**
+ * \def MBEDTLS_CIPHER_MODE_CTR
+ *
+ * Enable Counter Block Cipher mode (CTR) for symmetric ciphers.
+ */
+#define MBEDTLS_CIPHER_MODE_CTR
+
+/**
+ * \def MBEDTLS_CIPHER_NULL_CIPHER
+ *
+ * Enable NULL cipher.
+ * Warning: Only do so when you know what you are doing. This allows for
+ * encryption or channels without any security!
+ *
+ * Requires MBEDTLS_ENABLE_WEAK_CIPHERSUITES as well to enable
+ * the following ciphersuites:
+ *      MBEDTLS_TLS_ECDH_ECDSA_WITH_NULL_SHA
+ *      MBEDTLS_TLS_ECDH_RSA_WITH_NULL_SHA
+ *      MBEDTLS_TLS_ECDHE_ECDSA_WITH_NULL_SHA
+ *      MBEDTLS_TLS_ECDHE_RSA_WITH_NULL_SHA
+ *      MBEDTLS_TLS_ECDHE_PSK_WITH_NULL_SHA384
+ *      MBEDTLS_TLS_ECDHE_PSK_WITH_NULL_SHA256
+ *      MBEDTLS_TLS_ECDHE_PSK_WITH_NULL_SHA
+ *      MBEDTLS_TLS_DHE_PSK_WITH_NULL_SHA384
+ *      MBEDTLS_TLS_DHE_PSK_WITH_NULL_SHA256
+ *      MBEDTLS_TLS_DHE_PSK_WITH_NULL_SHA
+ *      MBEDTLS_TLS_RSA_WITH_NULL_SHA256
+ *      MBEDTLS_TLS_RSA_WITH_NULL_SHA
+ *      MBEDTLS_TLS_RSA_WITH_NULL_MD5
+ *      MBEDTLS_TLS_RSA_PSK_WITH_NULL_SHA384
+ *      MBEDTLS_TLS_RSA_PSK_WITH_NULL_SHA256
+ *      MBEDTLS_TLS_RSA_PSK_WITH_NULL_SHA
+ *      MBEDTLS_TLS_PSK_WITH_NULL_SHA384
+ *      MBEDTLS_TLS_PSK_WITH_NULL_SHA256
+ *      MBEDTLS_TLS_PSK_WITH_NULL_SHA
+ *
+ * Uncomment this macro to enable the NULL cipher and ciphersuites
+ */
+//#define MBEDTLS_CIPHER_NULL_CIPHER
+
+/**
+ * \def MBEDTLS_CIPHER_PADDING_XXX
+ *
+ * Uncomment or comment macros to add support for specific padding modes
+ * in the cipher layer with cipher modes that support padding (e.g. CBC)
+ *
+ * If you disable all padding modes, only full blocks can be used with CBC.
+ *
+ * Enable padding modes in the cipher layer.
+ */
+#define MBEDTLS_CIPHER_PADDING_PKCS7
+#define MBEDTLS_CIPHER_PADDING_ONE_AND_ZEROS
+#define MBEDTLS_CIPHER_PADDING_ZEROS_AND_LEN
+#define MBEDTLS_CIPHER_PADDING_ZEROS
+
+/**
+ * \def MBEDTLS_ENABLE_WEAK_CIPHERSUITES
+ *
+ * Enable weak ciphersuites in SSL / TLS.
+ * Warning: Only do so when you know what you are doing. This allows for
+ * channels with virtually no security at all!
+ *
+ * This enables the following ciphersuites:
+ *      MBEDTLS_TLS_RSA_WITH_DES_CBC_SHA
+ *      MBEDTLS_TLS_DHE_RSA_WITH_DES_CBC_SHA
+ *
+ * Uncomment this macro to enable weak ciphersuites
+ */
+//#define MBEDTLS_ENABLE_WEAK_CIPHERSUITES
+
+/**
+ * \def MBEDTLS_REMOVE_ARC4_CIPHERSUITES
+ *
+ * Remove RC4 ciphersuites by default in SSL / TLS.
+ * This flag removes the ciphersuites based on RC4 from the default list as
+ * returned by mbedtls_ssl_list_ciphersuites(). However, it is still possible to
+ * enable (some of) them with mbedtls_ssl_conf_ciphersuites() by including them
+ * explicitly.
+ *
+ * Uncomment this macro to remove RC4 ciphersuites by default.
+ */
+#define MBEDTLS_REMOVE_ARC4_CIPHERSUITES
+
+/**
+ * \def MBEDTLS_ECP_XXXX_ENABLED
+ *
+ * Enables specific curves within the Elliptic Curve module.
+ * By default all supported curves are enabled.
+ *
+ * Comment macros to disable the curve and functions for it
+ */
+#define MBEDTLS_ECP_DP_SECP192R1_ENABLED
+#define MBEDTLS_ECP_DP_SECP224R1_ENABLED
+#define MBEDTLS_ECP_DP_SECP256R1_ENABLED
+#define MBEDTLS_ECP_DP_SECP384R1_ENABLED
+#define MBEDTLS_ECP_DP_SECP521R1_ENABLED
+#define MBEDTLS_ECP_DP_SECP192K1_ENABLED
+#define MBEDTLS_ECP_DP_SECP224K1_ENABLED
+#define MBEDTLS_ECP_DP_SECP256K1_ENABLED
+#define MBEDTLS_ECP_DP_BP256R1_ENABLED
+#define MBEDTLS_ECP_DP_BP384R1_ENABLED
+#define MBEDTLS_ECP_DP_BP512R1_ENABLED
+#define MBEDTLS_ECP_DP_CURVE25519_ENABLED
+
+/**
+ * \def MBEDTLS_ECP_NIST_OPTIM
+ *
+ * Enable specific 'modulo p' routines for each NIST prime.
+ * Depending on the prime and architecture, makes operations 4 to 8 times
+ * faster on the corresponding curve.
+ *
+ * Comment this macro to disable NIST curves optimisation.
+ */
+#define MBEDTLS_ECP_NIST_OPTIM
+
+/**
+ * \def MBEDTLS_ECDSA_DETERMINISTIC
+ *
+ * Enable deterministic ECDSA (RFC 6979).
+ * Standard ECDSA is "fragile" in the sense that lack of entropy when signing
+ * may result in a compromise of the long-term signing key. This is avoided by
+ * the deterministic variant.
+ *
+ * Requires: MBEDTLS_HMAC_DRBG_C
+ *
+ * Comment this macro to disable deterministic ECDSA.
+ */
+#define MBEDTLS_ECDSA_DETERMINISTIC
+
+/**
+ * \def MBEDTLS_KEY_EXCHANGE_PSK_ENABLED
+ *
+ * Enable the PSK based ciphersuite modes in SSL / TLS.
+ *
+ * This enables the following ciphersuites (if other requisites are
+ * enabled as well):
+ *      MBEDTLS_TLS_PSK_WITH_AES_256_GCM_SHA384
+ *      MBEDTLS_TLS_PSK_WITH_AES_256_CBC_SHA384
+ *      MBEDTLS_TLS_PSK_WITH_AES_256_CBC_SHA
+ *      MBEDTLS_TLS_PSK_WITH_CAMELLIA_256_GCM_SHA384
+ *      MBEDTLS_TLS_PSK_WITH_CAMELLIA_256_CBC_SHA384
+ *      MBEDTLS_TLS_PSK_WITH_AES_128_GCM_SHA256
+ *      MBEDTLS_TLS_PSK_WITH_AES_128_CBC_SHA256
+ *      MBEDTLS_TLS_PSK_WITH_AES_128_CBC_SHA
+ *      MBEDTLS_TLS_PSK_WITH_CAMELLIA_128_GCM_SHA256
+ *      MBEDTLS_TLS_PSK_WITH_CAMELLIA_128_CBC_SHA256
+ *      MBEDTLS_TLS_PSK_WITH_3DES_EDE_CBC_SHA
+ *      MBEDTLS_TLS_PSK_WITH_RC4_128_SHA
+ */
+#define MBEDTLS_KEY_EXCHANGE_PSK_ENABLED
+
+/**
+ * \def MBEDTLS_KEY_EXCHANGE_DHE_PSK_ENABLED
+ *
+ * Enable the DHE-PSK based ciphersuite modes in SSL / TLS.
+ *
+ * Requires: MBEDTLS_DHM_C
+ *
+ * This enables the following ciphersuites (if other requisites are
+ * enabled as well):
+ *      MBEDTLS_TLS_DHE_PSK_WITH_AES_256_GCM_SHA384
+ *      MBEDTLS_TLS_DHE_PSK_WITH_AES_256_CBC_SHA384
+ *      MBEDTLS_TLS_DHE_PSK_WITH_AES_256_CBC_SHA
+ *      MBEDTLS_TLS_DHE_PSK_WITH_CAMELLIA_256_GCM_SHA384
+ *      MBEDTLS_TLS_DHE_PSK_WITH_CAMELLIA_256_CBC_SHA384
+ *      MBEDTLS_TLS_DHE_PSK_WITH_AES_128_GCM_SHA256
+ *      MBEDTLS_TLS_DHE_PSK_WITH_AES_128_CBC_SHA256
+ *      MBEDTLS_TLS_DHE_PSK_WITH_AES_128_CBC_SHA
+ *      MBEDTLS_TLS_DHE_PSK_WITH_CAMELLIA_128_GCM_SHA256
+ *      MBEDTLS_TLS_DHE_PSK_WITH_CAMELLIA_128_CBC_SHA256
+ *      MBEDTLS_TLS_DHE_PSK_WITH_3DES_EDE_CBC_SHA
+ *      MBEDTLS_TLS_DHE_PSK_WITH_RC4_128_SHA
+ */
+#define MBEDTLS_KEY_EXCHANGE_DHE_PSK_ENABLED
+
+/**
+ * \def MBEDTLS_KEY_EXCHANGE_ECDHE_PSK_ENABLED
+ *
+ * Enable the ECDHE-PSK based ciphersuite modes in SSL / TLS.
+ *
+ * Requires: MBEDTLS_ECDH_C
+ *
+ * This enables the following ciphersuites (if other requisites are
+ * enabled as well):
+ *      MBEDTLS_TLS_ECDHE_PSK_WITH_AES_256_CBC_SHA384
+ *      MBEDTLS_TLS_ECDHE_PSK_WITH_AES_256_CBC_SHA
+ *      MBEDTLS_TLS_ECDHE_PSK_WITH_CAMELLIA_256_CBC_SHA384
+ *      MBEDTLS_TLS_ECDHE_PSK_WITH_AES_128_CBC_SHA256
+ *      MBEDTLS_TLS_ECDHE_PSK_WITH_AES_128_CBC_SHA
+ *      MBEDTLS_TLS_ECDHE_PSK_WITH_CAMELLIA_128_CBC_SHA256
+ *      MBEDTLS_TLS_ECDHE_PSK_WITH_3DES_EDE_CBC_SHA
+ *      MBEDTLS_TLS_ECDHE_PSK_WITH_RC4_128_SHA
+ */
+#define MBEDTLS_KEY_EXCHANGE_ECDHE_PSK_ENABLED
+
+/**
+ * \def MBEDTLS_KEY_EXCHANGE_RSA_PSK_ENABLED
+ *
+ * Enable the RSA-PSK based ciphersuite modes in SSL / TLS.
+ *
+ * Requires: MBEDTLS_RSA_C, MBEDTLS_PKCS1_V15,
+ *           MBEDTLS_X509_CRT_PARSE_C
+ *
+ * This enables the following ciphersuites (if other requisites are
+ * enabled as well):
+ *      MBEDTLS_TLS_RSA_PSK_WITH_AES_256_GCM_SHA384
+ *      MBEDTLS_TLS_RSA_PSK_WITH_AES_256_CBC_SHA384
+ *      MBEDTLS_TLS_RSA_PSK_WITH_AES_256_CBC_SHA
+ *      MBEDTLS_TLS_RSA_PSK_WITH_CAMELLIA_256_GCM_SHA384
+ *      MBEDTLS_TLS_RSA_PSK_WITH_CAMELLIA_256_CBC_SHA384
+ *      MBEDTLS_TLS_RSA_PSK_WITH_AES_128_GCM_SHA256
+ *      MBEDTLS_TLS_RSA_PSK_WITH_AES_128_CBC_SHA256
+ *      MBEDTLS_TLS_RSA_PSK_WITH_AES_128_CBC_SHA
+ *      MBEDTLS_TLS_RSA_PSK_WITH_CAMELLIA_128_GCM_SHA256
+ *      MBEDTLS_TLS_RSA_PSK_WITH_CAMELLIA_128_CBC_SHA256
+ *      MBEDTLS_TLS_RSA_PSK_WITH_3DES_EDE_CBC_SHA
+ *      MBEDTLS_TLS_RSA_PSK_WITH_RC4_128_SHA
+ */
+#define MBEDTLS_KEY_EXCHANGE_RSA_PSK_ENABLED
+
+/**
+ * \def MBEDTLS_KEY_EXCHANGE_RSA_ENABLED
+ *
+ * Enable the RSA-only based ciphersuite modes in SSL / TLS.
+ *
+ * Requires: MBEDTLS_RSA_C, MBEDTLS_PKCS1_V15,
+ *           MBEDTLS_X509_CRT_PARSE_C
+ *
+ * This enables the following ciphersuites (if other requisites are
+ * enabled as well):
+ *      MBEDTLS_TLS_RSA_WITH_AES_256_GCM_SHA384
+ *      MBEDTLS_TLS_RSA_WITH_AES_256_CBC_SHA256
+ *      MBEDTLS_TLS_RSA_WITH_AES_256_CBC_SHA
+ *      MBEDTLS_TLS_RSA_WITH_CAMELLIA_256_GCM_SHA384
+ *      MBEDTLS_TLS_RSA_WITH_CAMELLIA_256_CBC_SHA256
+ *      MBEDTLS_TLS_RSA_WITH_CAMELLIA_256_CBC_SHA
+ *      MBEDTLS_TLS_RSA_WITH_AES_128_GCM_SHA256
+ *      MBEDTLS_TLS_RSA_WITH_AES_128_CBC_SHA256
+ *      MBEDTLS_TLS_RSA_WITH_AES_128_CBC_SHA
+ *      MBEDTLS_TLS_RSA_WITH_CAMELLIA_128_GCM_SHA256
+ *      MBEDTLS_TLS_RSA_WITH_CAMELLIA_128_CBC_SHA256
+ *      MBEDTLS_TLS_RSA_WITH_CAMELLIA_128_CBC_SHA
+ *      MBEDTLS_TLS_RSA_WITH_3DES_EDE_CBC_SHA
+ *      MBEDTLS_TLS_RSA_WITH_RC4_128_SHA
+ *      MBEDTLS_TLS_RSA_WITH_RC4_128_MD5
+ */
+#define MBEDTLS_KEY_EXCHANGE_RSA_ENABLED
+
+/**
+ * \def MBEDTLS_KEY_EXCHANGE_DHE_RSA_ENABLED
+ *
+ * Enable the DHE-RSA based ciphersuite modes in SSL / TLS.
+ *
+ * Requires: MBEDTLS_DHM_C, MBEDTLS_RSA_C, MBEDTLS_PKCS1_V15,
+ *           MBEDTLS_X509_CRT_PARSE_C
+ *
+ * This enables the following ciphersuites (if other requisites are
+ * enabled as well):
+ *      MBEDTLS_TLS_DHE_RSA_WITH_AES_256_GCM_SHA384
+ *      MBEDTLS_TLS_DHE_RSA_WITH_AES_256_CBC_SHA256
+ *      MBEDTLS_TLS_DHE_RSA_WITH_AES_256_CBC_SHA
+ *      MBEDTLS_TLS_DHE_RSA_WITH_CAMELLIA_256_GCM_SHA384
+ *      MBEDTLS_TLS_DHE_RSA_WITH_CAMELLIA_256_CBC_SHA256
+ *      MBEDTLS_TLS_DHE_RSA_WITH_CAMELLIA_256_CBC_SHA
+ *      MBEDTLS_TLS_DHE_RSA_WITH_AES_128_GCM_SHA256
+ *      MBEDTLS_TLS_DHE_RSA_WITH_AES_128_CBC_SHA256
+ *      MBEDTLS_TLS_DHE_RSA_WITH_AES_128_CBC_SHA
+ *      MBEDTLS_TLS_DHE_RSA_WITH_CAMELLIA_128_GCM_SHA256
+ *      MBEDTLS_TLS_DHE_RSA_WITH_CAMELLIA_128_CBC_SHA256
+ *      MBEDTLS_TLS_DHE_RSA_WITH_CAMELLIA_128_CBC_SHA
+ *      MBEDTLS_TLS_DHE_RSA_WITH_3DES_EDE_CBC_SHA
+ */
+#define MBEDTLS_KEY_EXCHANGE_DHE_RSA_ENABLED
+
+/**
+ * \def MBEDTLS_KEY_EXCHANGE_ECDHE_RSA_ENABLED
+ *
+ * Enable the ECDHE-RSA based ciphersuite modes in SSL / TLS.
+ *
+ * Requires: MBEDTLS_ECDH_C, MBEDTLS_RSA_C, MBEDTLS_PKCS1_V15,
+ *           MBEDTLS_X509_CRT_PARSE_C
+ *
+ * This enables the following ciphersuites (if other requisites are
+ * enabled as well):
+ *      MBEDTLS_TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384
+ *      MBEDTLS_TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384
+ *      MBEDTLS_TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA
+ *      MBEDTLS_TLS_ECDHE_RSA_WITH_CAMELLIA_256_GCM_SHA384
+ *      MBEDTLS_TLS_ECDHE_RSA_WITH_CAMELLIA_256_CBC_SHA384
+ *      MBEDTLS_TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256
+ *      MBEDTLS_TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256
+ *      MBEDTLS_TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA
+ *      MBEDTLS_TLS_ECDHE_RSA_WITH_CAMELLIA_128_GCM_SHA256
+ *      MBEDTLS_TLS_ECDHE_RSA_WITH_CAMELLIA_128_CBC_SHA256
+ *      MBEDTLS_TLS_ECDHE_RSA_WITH_3DES_EDE_CBC_SHA
+ *      MBEDTLS_TLS_ECDHE_RSA_WITH_RC4_128_SHA
+ */
+#define MBEDTLS_KEY_EXCHANGE_ECDHE_RSA_ENABLED
+
+/**
+ * \def MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA_ENABLED
+ *
+ * Enable the ECDHE-ECDSA based ciphersuite modes in SSL / TLS.
+ *
+ * Requires: MBEDTLS_ECDH_C, MBEDTLS_ECDSA_C, MBEDTLS_X509_CRT_PARSE_C,
+ *
+ * This enables the following ciphersuites (if other requisites are
+ * enabled as well):
+ *      MBEDTLS_TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384
+ *      MBEDTLS_TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA384
+ *      MBEDTLS_TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA
+ *      MBEDTLS_TLS_ECDHE_ECDSA_WITH_CAMELLIA_256_GCM_SHA384
+ *      MBEDTLS_TLS_ECDHE_ECDSA_WITH_CAMELLIA_256_CBC_SHA384
+ *      MBEDTLS_TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256
+ *      MBEDTLS_TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256
+ *      MBEDTLS_TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA
+ *      MBEDTLS_TLS_ECDHE_ECDSA_WITH_CAMELLIA_128_GCM_SHA256
+ *      MBEDTLS_TLS_ECDHE_ECDSA_WITH_CAMELLIA_128_CBC_SHA256
+ *      MBEDTLS_TLS_ECDHE_ECDSA_WITH_3DES_EDE_CBC_SHA
+ *      MBEDTLS_TLS_ECDHE_ECDSA_WITH_RC4_128_SHA
+ */
+#define MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA_ENABLED
+
+/**
+ * \def MBEDTLS_KEY_EXCHANGE_ECDH_ECDSA_ENABLED
+ *
+ * Enable the ECDH-ECDSA based ciphersuite modes in SSL / TLS.
+ *
+ * Requires: MBEDTLS_ECDH_C, MBEDTLS_X509_CRT_PARSE_C
+ *
+ * This enables the following ciphersuites (if other requisites are
+ * enabled as well):
+ *      MBEDTLS_TLS_ECDH_ECDSA_WITH_RC4_128_SHA
+ *      MBEDTLS_TLS_ECDH_ECDSA_WITH_3DES_EDE_CBC_SHA
+ *      MBEDTLS_TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA
+ *      MBEDTLS_TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA
+ *      MBEDTLS_TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA256
+ *      MBEDTLS_TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA384
+ *      MBEDTLS_TLS_ECDH_ECDSA_WITH_AES_128_GCM_SHA256
+ *      MBEDTLS_TLS_ECDH_ECDSA_WITH_AES_256_GCM_SHA384
+ *      MBEDTLS_TLS_ECDH_ECDSA_WITH_CAMELLIA_128_CBC_SHA256
+ *      MBEDTLS_TLS_ECDH_ECDSA_WITH_CAMELLIA_256_CBC_SHA384
+ *      MBEDTLS_TLS_ECDH_ECDSA_WITH_CAMELLIA_128_GCM_SHA256
+ *      MBEDTLS_TLS_ECDH_ECDSA_WITH_CAMELLIA_256_GCM_SHA384
+ */
+#define MBEDTLS_KEY_EXCHANGE_ECDH_ECDSA_ENABLED
+
+/**
+ * \def MBEDTLS_KEY_EXCHANGE_ECDH_RSA_ENABLED
+ *
+ * Enable the ECDH-RSA based ciphersuite modes in SSL / TLS.
+ *
+ * Requires: MBEDTLS_ECDH_C, MBEDTLS_X509_CRT_PARSE_C
+ *
+ * This enables the following ciphersuites (if other requisites are
+ * enabled as well):
+ *      MBEDTLS_TLS_ECDH_RSA_WITH_RC4_128_SHA
+ *      MBEDTLS_TLS_ECDH_RSA_WITH_3DES_EDE_CBC_SHA
+ *      MBEDTLS_TLS_ECDH_RSA_WITH_AES_128_CBC_SHA
+ *      MBEDTLS_TLS_ECDH_RSA_WITH_AES_256_CBC_SHA
+ *      MBEDTLS_TLS_ECDH_RSA_WITH_AES_128_CBC_SHA256
+ *      MBEDTLS_TLS_ECDH_RSA_WITH_AES_256_CBC_SHA384
+ *      MBEDTLS_TLS_ECDH_RSA_WITH_AES_128_GCM_SHA256
+ *      MBEDTLS_TLS_ECDH_RSA_WITH_AES_256_GCM_SHA384
+ *      MBEDTLS_TLS_ECDH_RSA_WITH_CAMELLIA_128_CBC_SHA256
+ *      MBEDTLS_TLS_ECDH_RSA_WITH_CAMELLIA_256_CBC_SHA384
+ *      MBEDTLS_TLS_ECDH_RSA_WITH_CAMELLIA_128_GCM_SHA256
+ *      MBEDTLS_TLS_ECDH_RSA_WITH_CAMELLIA_256_GCM_SHA384
+ */
+#define MBEDTLS_KEY_EXCHANGE_ECDH_RSA_ENABLED
+
+/**
+ * \def MBEDTLS_PK_PARSE_EC_EXTENDED
+ *
+ * Enhance support for reading EC keys using variants of SEC1 not allowed by
+ * RFC 5915 and RFC 5480.
+ *
+ * Currently this means parsing the SpecifiedECDomain choice of EC
+ * parameters (only known groups are supported, not arbitrary domains, to
+ * avoid validation issues).
+ *
+ * Disable if you only need to support RFC 5915 + 5480 key formats.
+ */
+#define MBEDTLS_PK_PARSE_EC_EXTENDED
+
+/**
+ * \def MBEDTLS_ERROR_STRERROR_DUMMY
+ *
+ * Enable a dummy error function to make use of mbedtls_strerror() in
+ * third party libraries easier when MBEDTLS_ERROR_C is disabled
+ * (no effect when MBEDTLS_ERROR_C is enabled).
+ *
+ * You can safely disable this if MBEDTLS_ERROR_C is enabled, or if you're
+ * not using mbedtls_strerror() or error_strerror() in your application.
+ *
+ * Disable if you run into name conflicts and want to really remove the
+ * mbedtls_strerror()
+ */
+#define MBEDTLS_ERROR_STRERROR_DUMMY
+
+/**
+ * \def MBEDTLS_GENPRIME
+ *
+ * Enable the prime-number generation code.
+ *
+ * Requires: MBEDTLS_BIGNUM_C
+ */
+#define MBEDTLS_GENPRIME
+
+/**
+ * \def MBEDTLS_FS_IO
+ *
+ * Enable functions that use the filesystem.
+ */
+#define MBEDTLS_FS_IO
+
+/**
+ * \def MBEDTLS_NO_DEFAULT_ENTROPY_SOURCES
+ *
+ * Do not add default entropy sources. These are the platform specific,
+ * mbedtls_timing_hardclock and HAVEGE based poll functions.
+ *
+ * This is useful to have more control over the added entropy sources in an
+ * application.
+ *
+ * Uncomment this macro to prevent loading of default entropy functions.
+ */
+//#define MBEDTLS_NO_DEFAULT_ENTROPY_SOURCES
+
+/**
+ * \def MBEDTLS_NO_PLATFORM_ENTROPY
+ *
+ * Do not use built-in platform entropy functions.
+ * This is useful if your platform does not support
+ * standards like the /dev/urandom or Windows CryptoAPI.
+ *
+ * Uncomment this macro to disable the built-in platform entropy functions.
+ */
+//#define MBEDTLS_NO_PLATFORM_ENTROPY
+
+/**
+ * \def MBEDTLS_ENTROPY_FORCE_SHA256
+ *
+ * Force the entropy accumulator to use a SHA-256 accumulator instead of the
+ * default SHA-512 based one (if both are available).
+ *
+ * Requires: MBEDTLS_SHA256_C
+ *
+ * On 32-bit systems SHA-256 can be much faster than SHA-512. Use this option
+ * if you have performance concerns.
+ *
+ * This option is only useful if both MBEDTLS_SHA256_C and
+ * MBEDTLS_SHA512_C are defined. Otherwise the available hash module is used.
+ */
+//#define MBEDTLS_ENTROPY_FORCE_SHA256
+
+/**
+ * \def MBEDTLS_MEMORY_DEBUG
+ *
+ * Enable debugging of buffer allocator memory issues. Automatically prints
+ * (to stderr) all (fatal) messages on memory allocation issues. Enables
+ * function for 'debug output' of allocated memory.
+ *
+ * Requires: MBEDTLS_MEMORY_BUFFER_ALLOC_C
+ *
+ * Uncomment this macro to let the buffer allocator print out error messages.
+ */
+//#define MBEDTLS_MEMORY_DEBUG
+
+/**
+ * \def MBEDTLS_MEMORY_BACKTRACE
+ *
+ * Include backtrace information with each allocated block.
+ *
+ * Requires: MBEDTLS_MEMORY_BUFFER_ALLOC_C
+ *           GLIBC-compatible backtrace() an backtrace_symbols() support
+ *
+ * Uncomment this macro to include backtrace information
+ */
+//#define MBEDTLS_MEMORY_BACKTRACE
+
+/**
+ * \def MBEDTLS_PK_RSA_ALT_SUPPORT
+ *
+ * Support external private RSA keys (eg from a HSM) in the PK layer.
+ *
+ * Comment this macro to disable support for external private RSA keys.
+ */
+#define MBEDTLS_PK_RSA_ALT_SUPPORT
+
+/**
+ * \def MBEDTLS_PKCS1_V15
+ *
+ * Enable support for PKCS#1 v1.5 encoding.
+ *
+ * Requires: MBEDTLS_RSA_C
+ *
+ * This enables support for PKCS#1 v1.5 operations.
+ */
+#define MBEDTLS_PKCS1_V15
+
+/**
+ * \def MBEDTLS_PKCS1_V21
+ *
+ * Enable support for PKCS#1 v2.1 encoding.
+ *
+ * Requires: MBEDTLS_MD_C, MBEDTLS_RSA_C
+ *
+ * This enables support for RSAES-OAEP and RSASSA-PSS operations.
+ */
+#define MBEDTLS_PKCS1_V21
+
+/**
+ * \def MBEDTLS_RSA_NO_CRT
+ *
+ * Do not use the Chinese Remainder Theorem for the RSA private operation.
+ *
+ * Uncomment this macro to disable the use of CRT in RSA.
+ *
+ */
+//#define MBEDTLS_RSA_NO_CRT
+
+/**
+ * \def MBEDTLS_SELF_TEST
+ *
+ * Enable the checkup functions (*_self_test).
+ */
+#define MBEDTLS_SELF_TEST
+
+/**
+ * \def MBEDTLS_SHA256_SMALLER
+ *
+ * Enable an implementation of SHA-256 that has lower ROM footprint but also
+ * lower performance.
+ *
+ * The default implementation is meant to be a reasonnable compromise between
+ * performance and size. This version optimizes more aggressively for size at
+ * the expense of performance. Eg on Cortex-M4 it reduces the size of
+ * mbedtls_sha256_process() from ~2KB to ~0.5KB for a performance hit of about
+ * 30%.
+ *
+ * Uncomment to enable the smaller implementation of SHA256.
+ */
+//#define MBEDTLS_SHA256_SMALLER
+
+/**
+ * \def MBEDTLS_SSL_AEAD_RANDOM_IV
+ *
+ * Generate a random IV rather than using the record sequence number as a
+ * nonce for ciphersuites using and AEAD algorithm (GCM or CCM).
+ *
+ * Using the sequence number is generally recommended.
+ *
+ * Uncomment this macro to always use random IVs with AEAD ciphersuites.
+ */
+//#define MBEDTLS_SSL_AEAD_RANDOM_IV
+
+/**
+ * \def MBEDTLS_SSL_ALL_ALERT_MESSAGES
+ *
+ * Enable sending of alert messages in case of encountered errors as per RFC.
+ * If you choose not to send the alert messages, mbed TLS can still communicate
+ * with other servers, only debugging of failures is harder.
+ *
+ * The advantage of not sending alert messages, is that no information is given
+ * about reasons for failures thus preventing adversaries of gaining intel.
+ *
+ * Enable sending of all alert messages
+ */
+#define MBEDTLS_SSL_ALL_ALERT_MESSAGES
+
+/**
+ * \def MBEDTLS_SSL_DEBUG_ALL
+ *
+ * Enable the debug messages in SSL module for all issues.
+ * Debug messages have been disabled in some places to prevent timing
+ * attacks due to (unbalanced) debugging function calls.
+ *
+ * If you need all error reporting you should enable this during debugging,
+ * but remove this for production servers that should log as well.
+ *
+ * Uncomment this macro to report all debug messages on errors introducing
+ * a timing side-channel.
+ *
+ */
+//#define MBEDTLS_SSL_DEBUG_ALL
+
+/** \def MBEDTLS_SSL_ENCRYPT_THEN_MAC
+ *
+ * Enable support for Encrypt-then-MAC, RFC 7366.
+ *
+ * This allows peers that both support it to use a more robust protection for
+ * ciphersuites using CBC, providing deep resistance against timing attacks
+ * on the padding or underlying cipher.
+ *
+ * This only affects CBC ciphersuites, and is useless if none is defined.
+ *
+ * Requires: MBEDTLS_SSL_PROTO_TLS1    or
+ *           MBEDTLS_SSL_PROTO_TLS1_1  or
+ *           MBEDTLS_SSL_PROTO_TLS1_2
+ *
+ * Comment this macro to disable support for Encrypt-then-MAC
+ */
+#define MBEDTLS_SSL_ENCRYPT_THEN_MAC
+
+/** \def MBEDTLS_SSL_EXTENDED_MASTER_SECRET
+ *
+ * Enable support for Extended Master Secret, aka Session Hash
+ * (draft-ietf-tls-session-hash-02).
+ *
+ * This was introduced as "the proper fix" to the Triple Handshake familiy of
+ * attacks, but it is recommended to always use it (even if you disable
+ * renegotiation), since it actually fixes a more fundamental issue in the
+ * original SSL/TLS design, and has implications beyond Triple Handshake.
+ *
+ * Requires: MBEDTLS_SSL_PROTO_TLS1    or
+ *           MBEDTLS_SSL_PROTO_TLS1_1  or
+ *           MBEDTLS_SSL_PROTO_TLS1_2
+ *
+ * Comment this macro to disable support for Extended Master Secret.
+ */
+#define MBEDTLS_SSL_EXTENDED_MASTER_SECRET
+
+/**
+ * \def MBEDTLS_SSL_FALLBACK_SCSV
+ *
+ * Enable support for FALLBACK_SCSV (draft-ietf-tls-downgrade-scsv-00).
+ *
+ * For servers, it is recommended to always enable this, unless you support
+ * only one version of TLS, or know for sure that none of your clients
+ * implements a fallback strategy.
+ *
+ * For clients, you only need this if you're using a fallback strategy, which
+ * is not recommended in the first place, unless you absolutely need it to
+ * interoperate with buggy (version-intolerant) servers.
+ *
+ * Comment this macro to disable support for FALLBACK_SCSV
+ */
+#define MBEDTLS_SSL_FALLBACK_SCSV
+
+/**
+ * \def MBEDTLS_SSL_HW_RECORD_ACCEL
+ *
+ * Enable hooking functions in SSL module for hardware acceleration of
+ * individual records.
+ *
+ * Uncomment this macro to enable hooking functions.
+ */
+//#define MBEDTLS_SSL_HW_RECORD_ACCEL
+
+/**
+ * \def MBEDTLS_SSL_CBC_RECORD_SPLITTING
+ *
+ * Enable 1/n-1 record splitting for CBC mode in SSLv3 and TLS 1.0.
+ *
+ * This is a countermeasure to the BEAST attack, which also minimizes the risk
+ * of interoperability issues compared to sending 0-length records.
+ *
+ * Comment this macro to disable 1/n-1 record splitting.
+ */
+#define MBEDTLS_SSL_CBC_RECORD_SPLITTING
+
+/**
+ * \def MBEDTLS_SSL_RENEGOTIATION
+ *
+ * Disable support for TLS renegotiation.
+ *
+ * The two main uses of renegotiation are (1) refresh keys on long-lived
+ * connections and (2) client authentication after the initial handshake.
+ * If you don't need renegotiation, it's probably better to disable it, since
+ * it has been associated with security issues in the past and is easy to
+ * misuse/misunderstand.
+ *
+ * Comment this to disable support for renegotiation.
+ */
+#define MBEDTLS_SSL_RENEGOTIATION
+
+/**
+ * \def MBEDTLS_SSL_SRV_SUPPORT_SSLV2_CLIENT_HELLO
+ *
+ * Enable support for receiving and parsing SSLv2 Client Hello messages for the
+ * SSL Server module (MBEDTLS_SSL_SRV_C).
+ *
+ * Uncomment this macro to enable support for SSLv2 Client Hello messages.
+ */
+//#define MBEDTLS_SSL_SRV_SUPPORT_SSLV2_CLIENT_HELLO
+
+/**
+ * \def MBEDTLS_SSL_SRV_RESPECT_CLIENT_PREFERENCE
+ *
+ * Pick the ciphersuite according to the client's preferences rather than ours
+ * in the SSL Server module (MBEDTLS_SSL_SRV_C).
+ *
+ * Uncomment this macro to respect client's ciphersuite order
+ */
+//#define MBEDTLS_SSL_SRV_RESPECT_CLIENT_PREFERENCE
+
+/**
+ * \def MBEDTLS_SSL_MAX_FRAGMENT_LENGTH
+ *
+ * Enable support for RFC 6066 max_fragment_length extension in SSL.
+ *
+ * Comment this macro to disable support for the max_fragment_length extension
+ */
+#define MBEDTLS_SSL_MAX_FRAGMENT_LENGTH
+
+/**
+ * \def MBEDTLS_SSL_PROTO_SSL3
+ *
+ * Enable support for SSL 3.0.
+ *
+ * Requires: MBEDTLS_MD5_C
+ *           MBEDTLS_SHA1_C
+ *
+ * Comment this macro to disable support for SSL 3.0
+ */
+#define MBEDTLS_SSL_PROTO_SSL3
+
+/**
+ * \def MBEDTLS_SSL_PROTO_TLS1
+ *
+ * Enable support for TLS 1.0.
+ *
+ * Requires: MBEDTLS_MD5_C
+ *           MBEDTLS_SHA1_C
+ *
+ * Comment this macro to disable support for TLS 1.0
+ */
+#define MBEDTLS_SSL_PROTO_TLS1
+
+/**
+ * \def MBEDTLS_SSL_PROTO_TLS1_1
+ *
+ * Enable support for TLS 1.1 (and DTLS 1.0 if DTLS is enabled).
+ *
+ * Requires: MBEDTLS_MD5_C
+ *           MBEDTLS_SHA1_C
+ *
+ * Comment this macro to disable support for TLS 1.1 / DTLS 1.0
+ */
+#define MBEDTLS_SSL_PROTO_TLS1_1
+
+/**
+ * \def MBEDTLS_SSL_PROTO_TLS1_2
+ *
+ * Enable support for TLS 1.2 (and DTLS 1.2 if DTLS is enabled).
+ *
+ * Requires: MBEDTLS_SHA1_C or MBEDTLS_SHA256_C or MBEDTLS_SHA512_C
+ *           (Depends on ciphersuites)
+ *
+ * Comment this macro to disable support for TLS 1.2 / DTLS 1.2
+ */
+#define MBEDTLS_SSL_PROTO_TLS1_2
+
+/**
+ * \def MBEDTLS_SSL_PROTO_DTLS
+ *
+ * Enable support for DTLS (all available versions).
+ *
+ * Enable this and MBEDTLS_SSL_PROTO_TLS1_1 to enable DTLS 1.0,
+ * and/or this and MBEDTLS_SSL_PROTO_TLS1_2 to enable DTLS 1.2.
+ *
+ * Requires: MBEDTLS_SSL_PROTO_TLS1_1
+ *        or MBEDTLS_SSL_PROTO_TLS1_2
+ *
+ * Comment this macro to disable support for DTLS
+ */
+#define MBEDTLS_SSL_PROTO_DTLS
+
+/**
+ * \def MBEDTLS_SSL_ALPN
+ *
+ * Enable support for RFC 7301 Application Layer Protocol Negotiation.
+ *
+ * Comment this macro to disable support for ALPN.
+ */
+#define MBEDTLS_SSL_ALPN
+
+/**
+ * \def MBEDTLS_SSL_DTLS_ANTI_REPLAY
+ *
+ * Enable support for the anti-replay mechanism in DTLS.
+ *
+ * Requires: MBEDTLS_SSL_TLS_C
+ *           MBEDTLS_SSL_PROTO_DTLS
+ *
+ * \warning Disabling this is often a security risk!
+ * See mbedtls_ssl_conf_dtls_anti_replay() for details.
+ *
+ * Comment this to disable anti-replay in DTLS.
+ */
+#define MBEDTLS_SSL_DTLS_ANTI_REPLAY
+
+/**
+ * \def MBEDTLS_SSL_DTLS_HELLO_VERIFY
+ *
+ * Enable support for HelloVerifyRequest on DTLS servers.
+ *
+ * This feature is highly recommended to prevent DTLS servers being used as
+ * amplifiers in DoS attacks against other hosts. It should always be enabled
+ * unless you know for sure amplification cannot be a problem in the
+ * environment in which your server operates.
+ *
+ * \warning Disabling this can ba a security risk! (see above)
+ *
+ * Requires: MBEDTLS_SSL_PROTO_DTLS
+ *
+ * Comment this to disable support for HelloVerifyRequest.
+ */
+#define MBEDTLS_SSL_DTLS_HELLO_VERIFY
+
+/**
+ * \def MBEDTLS_SSL_DTLS_CLIENT_PORT_REUSE
+ *
+ * Enable server-side support for clients that reconnect from the same port.
+ *
+ * Some clients unexpectedly close the connection and try to reconnect using the
+ * same source port. This needs special support from the server to handle the
+ * new connection securely, as described in section 4.2.8 of RFC 6347. This
+ * flag enables that support.
+ *
+ * Requires: MBEDTLS_SSL_DTLS_HELLO_VERIFY
+ *
+ * Comment this to disable support for clients reusing the source port.
+ */
+#define MBEDTLS_SSL_DTLS_CLIENT_PORT_REUSE
+
+/**
+ * \def MBEDTLS_SSL_DTLS_BADMAC_LIMIT
+ *
+ * Enable support for a limit of records with bad MAC.
+ *
+ * See mbedtls_ssl_conf_dtls_badmac_limit().
+ *
+ * Requires: MBEDTLS_SSL_PROTO_DTLS
+ */
+#define MBEDTLS_SSL_DTLS_BADMAC_LIMIT
+
+/**
+ * \def MBEDTLS_SSL_SESSION_TICKETS
+ *
+ * Enable support for RFC 5077 session tickets in SSL.
+ * Client-side, provides full support for session tickets (maintainance of a
+ * session store remains the responsibility of the application, though).
+ * Server-side, you also need to provide callbacks for writing and parsing
+ * tickets, including authenticated encryption and key management. Example
+ * callbacks are provided by MBEDTLS_SSL_TICKET_C.
+ *
+ * Comment this macro to disable support for SSL session tickets
+ */
+#define MBEDTLS_SSL_SESSION_TICKETS
+
+/**
+ * \def MBEDTLS_SSL_SERVER_NAME_INDICATION
+ *
+ * Enable support for RFC 6066 server name indication (SNI) in SSL.
+ *
+ * Requires: MBEDTLS_X509_CRT_PARSE_C
+ *
+ * Comment this macro to disable support for server name indication in SSL
+ */
+#define MBEDTLS_SSL_SERVER_NAME_INDICATION
+
+/**
+ * \def MBEDTLS_SSL_TRUNCATED_HMAC
+ *
+ * Enable support for RFC 6066 truncated HMAC in SSL.
+ *
+ * Comment this macro to disable support for truncated HMAC in SSL
+ */
+#define MBEDTLS_SSL_TRUNCATED_HMAC
+
+/**
+ * \def MBEDTLS_THREADING_ALT
+ *
+ * Provide your own alternate threading implementation.
+ *
+ * Requires: MBEDTLS_THREADING_C
+ *
+ * Uncomment this to allow your own alternate threading implementation.
+ */
+//#define MBEDTLS_THREADING_ALT
+
+/**
+ * \def MBEDTLS_THREADING_PTHREAD
+ *
+ * Enable the pthread wrapper layer for the threading layer.
+ *
+ * Requires: MBEDTLS_THREADING_C
+ *
+ * Uncomment this to enable pthread mutexes.
+ */
+//#define MBEDTLS_THREADING_PTHREAD
+
+/**
+ * \def MBEDTLS_VERSION_FEATURES
+ *
+ * Allow run-time checking of compile-time enabled features. Thus allowing users
+ * to check at run-time if the library is for instance compiled with threading
+ * support via mbedtls_version_check_feature().
+ *
+ * Requires: MBEDTLS_VERSION_C
+ *
+ * Comment this to disable run-time checking and save ROM space
+ */
+#define MBEDTLS_VERSION_FEATURES
+
+/**
+ * \def MBEDTLS_X509_ALLOW_EXTENSIONS_NON_V3
+ *
+ * If set, the X509 parser will not break-off when parsing an X509 certificate
+ * and encountering an extension in a v1 or v2 certificate.
+ *
+ * Uncomment to prevent an error.
+ */
+//#define MBEDTLS_X509_ALLOW_EXTENSIONS_NON_V3
+
+/**
+ * \def MBEDTLS_X509_ALLOW_UNSUPPORTED_CRITICAL_EXTENSION
+ *
+ * If set, the X509 parser will not break-off when parsing an X509 certificate
+ * and encountering an unknown critical extension.
+ *
+ * \warning Depending on your PKI use, enabling this can be a security risk!
+ *
+ * Uncomment to prevent an error.
+ */
+//#define MBEDTLS_X509_ALLOW_UNSUPPORTED_CRITICAL_EXTENSION
+
+/**
+ * \def MBEDTLS_X509_CHECK_KEY_USAGE
+ *
+ * Enable verification of the keyUsage extension (CA and leaf certificates).
+ *
+ * Disabling this avoids problems with mis-issued and/or misused
+ * (intermediate) CA and leaf certificates.
+ *
+ * \warning Depending on your PKI use, disabling this can be a security risk!
+ *
+ * Comment to skip keyUsage checking for both CA and leaf certificates.
+ */
+#define MBEDTLS_X509_CHECK_KEY_USAGE
+
+/**
+ * \def MBEDTLS_X509_CHECK_EXTENDED_KEY_USAGE
+ *
+ * Enable verification of the extendedKeyUsage extension (leaf certificates).
+ *
+ * Disabling this avoids problems with mis-issued and/or misused certificates.
+ *
+ * \warning Depending on your PKI use, disabling this can be a security risk!
+ *
+ * Comment to skip extendedKeyUsage checking for certificates.
+ */
+#define MBEDTLS_X509_CHECK_EXTENDED_KEY_USAGE
+
+/**
+ * \def MBEDTLS_X509_RSASSA_PSS_SUPPORT
+ *
+ * Enable parsing and verification of X.509 certificates, CRLs and CSRS
+ * signed with RSASSA-PSS (aka PKCS#1 v2.1).
+ *
+ * Comment this macro to disallow using RSASSA-PSS in certificates.
+ */
+#define MBEDTLS_X509_RSASSA_PSS_SUPPORT
+
+/**
+ * \def MBEDTLS_ZLIB_SUPPORT
+ *
+ * If set, the SSL/TLS module uses ZLIB to support compression and
+ * decompression of packet data.
+ *
+ * \warning TLS-level compression MAY REDUCE SECURITY! See for example the
+ * CRIME attack. Before enabling this option, you should examine with care if
+ * CRIME or similar exploits may be a applicable to your use case.
+ *
+ * \note Currently compression can't be used with DTLS.
+ *
+ * Used in: library/ssl_tls.c
+ *          library/ssl_cli.c
+ *          library/ssl_srv.c
+ *
+ * This feature requires zlib library and headers to be present.
+ *
+ * Uncomment to enable use of ZLIB
+ */
+//#define MBEDTLS_ZLIB_SUPPORT
+/* \} name SECTION: mbed TLS feature support */
+
+/**
+ * \name SECTION: mbed TLS modules
+ *
+ * This section enables or disables entire modules in mbed TLS
+ * \{
+ */
+
+/**
+ * \def MBEDTLS_AESNI_C
+ *
+ * Enable AES-NI support on x86-64.
+ *
+ * Module:  library/aesni.c
+ * Caller:  library/aes.c
+ *
+ * Requires: MBEDTLS_HAVE_ASM
+ *
+ * This modules adds support for the AES-NI instructions on x86-64
+ */
+#define MBEDTLS_AESNI_C
+
+/**
+ * \def MBEDTLS_AES_C
+ *
+ * Enable the AES block cipher.
+ *
+ * Module:  library/aes.c
+ * Caller:  library/ssl_tls.c
+ *          library/pem.c
+ *          library/ctr_drbg.c
+ *
+ * This module enables the following ciphersuites (if other requisites are
+ * enabled as well):
+ *      MBEDTLS_TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA
+ *      MBEDTLS_TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA
+ *      MBEDTLS_TLS_ECDH_RSA_WITH_AES_128_CBC_SHA
+ *      MBEDTLS_TLS_ECDH_RSA_WITH_AES_256_CBC_SHA
+ *      MBEDTLS_TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA256
+ *      MBEDTLS_TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA384
+ *      MBEDTLS_TLS_ECDH_RSA_WITH_AES_128_CBC_SHA256
+ *      MBEDTLS_TLS_ECDH_RSA_WITH_AES_256_CBC_SHA384
+ *      MBEDTLS_TLS_ECDH_ECDSA_WITH_AES_128_GCM_SHA256
+ *      MBEDTLS_TLS_ECDH_ECDSA_WITH_AES_256_GCM_SHA384
+ *      MBEDTLS_TLS_ECDH_RSA_WITH_AES_128_GCM_SHA256
+ *      MBEDTLS_TLS_ECDH_RSA_WITH_AES_256_GCM_SHA384
+ *      MBEDTLS_TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384
+ *      MBEDTLS_TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384
+ *      MBEDTLS_TLS_DHE_RSA_WITH_AES_256_GCM_SHA384
+ *      MBEDTLS_TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA384
+ *      MBEDTLS_TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384
+ *      MBEDTLS_TLS_DHE_RSA_WITH_AES_256_CBC_SHA256
+ *      MBEDTLS_TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA
+ *      MBEDTLS_TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA
+ *      MBEDTLS_TLS_DHE_RSA_WITH_AES_256_CBC_SHA
+ *      MBEDTLS_TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256
+ *      MBEDTLS_TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256
+ *      MBEDTLS_TLS_DHE_RSA_WITH_AES_128_GCM_SHA256
+ *      MBEDTLS_TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256
+ *      MBEDTLS_TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256
+ *      MBEDTLS_TLS_DHE_RSA_WITH_AES_128_CBC_SHA256
+ *      MBEDTLS_TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA
+ *      MBEDTLS_TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA
+ *      MBEDTLS_TLS_DHE_RSA_WITH_AES_128_CBC_SHA
+ *      MBEDTLS_TLS_DHE_PSK_WITH_AES_256_GCM_SHA384
+ *      MBEDTLS_TLS_ECDHE_PSK_WITH_AES_256_CBC_SHA384
+ *      MBEDTLS_TLS_DHE_PSK_WITH_AES_256_CBC_SHA384
+ *      MBEDTLS_TLS_ECDHE_PSK_WITH_AES_256_CBC_SHA
+ *      MBEDTLS_TLS_DHE_PSK_WITH_AES_256_CBC_SHA
+ *      MBEDTLS_TLS_DHE_PSK_WITH_AES_128_GCM_SHA256
+ *      MBEDTLS_TLS_ECDHE_PSK_WITH_AES_128_CBC_SHA256
+ *      MBEDTLS_TLS_DHE_PSK_WITH_AES_128_CBC_SHA256
+ *      MBEDTLS_TLS_ECDHE_PSK_WITH_AES_128_CBC_SHA
+ *      MBEDTLS_TLS_DHE_PSK_WITH_AES_128_CBC_SHA
+ *      MBEDTLS_TLS_RSA_WITH_AES_256_GCM_SHA384
+ *      MBEDTLS_TLS_RSA_WITH_AES_256_CBC_SHA256
+ *      MBEDTLS_TLS_RSA_WITH_AES_256_CBC_SHA
+ *      MBEDTLS_TLS_RSA_WITH_AES_128_GCM_SHA256
+ *      MBEDTLS_TLS_RSA_WITH_AES_128_CBC_SHA256
+ *      MBEDTLS_TLS_RSA_WITH_AES_128_CBC_SHA
+ *      MBEDTLS_TLS_RSA_PSK_WITH_AES_256_GCM_SHA384
+ *      MBEDTLS_TLS_RSA_PSK_WITH_AES_256_CBC_SHA384
+ *      MBEDTLS_TLS_RSA_PSK_WITH_AES_256_CBC_SHA
+ *      MBEDTLS_TLS_RSA_PSK_WITH_AES_128_GCM_SHA256
+ *      MBEDTLS_TLS_RSA_PSK_WITH_AES_128_CBC_SHA256
+ *      MBEDTLS_TLS_RSA_PSK_WITH_AES_128_CBC_SHA
+ *      MBEDTLS_TLS_PSK_WITH_AES_256_GCM_SHA384
+ *      MBEDTLS_TLS_PSK_WITH_AES_256_CBC_SHA384
+ *      MBEDTLS_TLS_PSK_WITH_AES_256_CBC_SHA
+ *      MBEDTLS_TLS_PSK_WITH_AES_128_GCM_SHA256
+ *      MBEDTLS_TLS_PSK_WITH_AES_128_CBC_SHA256
+ *      MBEDTLS_TLS_PSK_WITH_AES_128_CBC_SHA
+ *
+ * PEM_PARSE uses AES for decrypting encrypted keys.
+ */
+#define MBEDTLS_AES_C
+
+/**
+ * \def MBEDTLS_ARC4_C
+ *
+ * Enable the ARCFOUR stream cipher.
+ *
+ * Module:  library/arc4.c
+ * Caller:  library/ssl_tls.c
+ *
+ * This module enables the following ciphersuites (if other requisites are
+ * enabled as well):
+ *      MBEDTLS_TLS_ECDH_ECDSA_WITH_RC4_128_SHA
+ *      MBEDTLS_TLS_ECDH_RSA_WITH_RC4_128_SHA
+ *      MBEDTLS_TLS_ECDHE_ECDSA_WITH_RC4_128_SHA
+ *      MBEDTLS_TLS_ECDHE_RSA_WITH_RC4_128_SHA
+ *      MBEDTLS_TLS_ECDHE_PSK_WITH_RC4_128_SHA
+ *      MBEDTLS_TLS_DHE_PSK_WITH_RC4_128_SHA
+ *      MBEDTLS_TLS_RSA_WITH_RC4_128_SHA
+ *      MBEDTLS_TLS_RSA_WITH_RC4_128_MD5
+ *      MBEDTLS_TLS_RSA_PSK_WITH_RC4_128_SHA
+ *      MBEDTLS_TLS_PSK_WITH_RC4_128_SHA
+ */
+#define MBEDTLS_ARC4_C
+
+/**
+ * \def MBEDTLS_ASN1_PARSE_C
+ *
+ * Enable the generic ASN1 parser.
+ *
+ * Module:  library/asn1.c
+ * Caller:  library/x509.c
+ *          library/dhm.c
+ *          library/pkcs12.c
+ *          library/pkcs5.c
+ *          library/pkparse.c
+ */
+#define MBEDTLS_ASN1_PARSE_C
+
+/**
+ * \def MBEDTLS_ASN1_WRITE_C
+ *
+ * Enable the generic ASN1 writer.
+ *
+ * Module:  library/asn1write.c
+ * Caller:  library/ecdsa.c
+ *          library/pkwrite.c
+ *          library/x509_create.c
+ *          library/x509write_crt.c
+ *          library/mbedtls_x509write_csr.c
+ */
+#define MBEDTLS_ASN1_WRITE_C
+
+/**
+ * \def MBEDTLS_BASE64_C
+ *
+ * Enable the Base64 module.
+ *
+ * Module:  library/base64.c
+ * Caller:  library/pem.c
+ *
+ * This module is required for PEM support (required by X.509).
+ */
+#define MBEDTLS_BASE64_C
+
+/**
+ * \def MBEDTLS_BIGNUM_C
+ *
+ * Enable the multi-precision integer library.
+ *
+ * Module:  library/bignum.c
+ * Caller:  library/dhm.c
+ *          library/ecp.c
+ *          library/ecdsa.c
+ *          library/rsa.c
+ *          library/ssl_tls.c
+ *
+ * This module is required for RSA, DHM and ECC (ECDH, ECDSA) support.
+ */
+#define MBEDTLS_BIGNUM_C
+
+/**
+ * \def MBEDTLS_BLOWFISH_C
+ *
+ * Enable the Blowfish block cipher.
+ *
+ * Module:  library/blowfish.c
+ */
+#define MBEDTLS_BLOWFISH_C
+
+/**
+ * \def MBEDTLS_CAMELLIA_C
+ *
+ * Enable the Camellia block cipher.
+ *
+ * Module:  library/camellia.c
+ * Caller:  library/ssl_tls.c
+ *
+ * This module enables the following ciphersuites (if other requisites are
+ * enabled as well):
+ *      MBEDTLS_TLS_ECDH_ECDSA_WITH_CAMELLIA_128_CBC_SHA256
+ *      MBEDTLS_TLS_ECDH_ECDSA_WITH_CAMELLIA_256_CBC_SHA384
+ *      MBEDTLS_TLS_ECDH_RSA_WITH_CAMELLIA_128_CBC_SHA256
+ *      MBEDTLS_TLS_ECDH_RSA_WITH_CAMELLIA_256_CBC_SHA384
+ *      MBEDTLS_TLS_ECDH_ECDSA_WITH_CAMELLIA_128_GCM_SHA256
+ *      MBEDTLS_TLS_ECDH_ECDSA_WITH_CAMELLIA_256_GCM_SHA384
+ *      MBEDTLS_TLS_ECDH_RSA_WITH_CAMELLIA_128_GCM_SHA256
+ *      MBEDTLS_TLS_ECDH_RSA_WITH_CAMELLIA_256_GCM_SHA384
+ *      MBEDTLS_TLS_ECDHE_ECDSA_WITH_CAMELLIA_256_GCM_SHA384
+ *      MBEDTLS_TLS_ECDHE_RSA_WITH_CAMELLIA_256_GCM_SHA384
+ *      MBEDTLS_TLS_DHE_RSA_WITH_CAMELLIA_256_GCM_SHA384
+ *      MBEDTLS_TLS_ECDHE_ECDSA_WITH_CAMELLIA_256_CBC_SHA384
+ *      MBEDTLS_TLS_ECDHE_RSA_WITH_CAMELLIA_256_CBC_SHA384
+ *      MBEDTLS_TLS_DHE_RSA_WITH_CAMELLIA_256_CBC_SHA256
+ *      MBEDTLS_TLS_DHE_RSA_WITH_CAMELLIA_256_CBC_SHA
+ *      MBEDTLS_TLS_ECDHE_ECDSA_WITH_CAMELLIA_128_GCM_SHA256
+ *      MBEDTLS_TLS_ECDHE_RSA_WITH_CAMELLIA_128_GCM_SHA256
+ *      MBEDTLS_TLS_DHE_RSA_WITH_CAMELLIA_128_GCM_SHA256
+ *      MBEDTLS_TLS_ECDHE_ECDSA_WITH_CAMELLIA_128_CBC_SHA256
+ *      MBEDTLS_TLS_ECDHE_RSA_WITH_CAMELLIA_128_CBC_SHA256
+ *      MBEDTLS_TLS_DHE_RSA_WITH_CAMELLIA_128_CBC_SHA256
+ *      MBEDTLS_TLS_DHE_RSA_WITH_CAMELLIA_128_CBC_SHA
+ *      MBEDTLS_TLS_DHE_PSK_WITH_CAMELLIA_256_GCM_SHA384
+ *      MBEDTLS_TLS_ECDHE_PSK_WITH_CAMELLIA_256_CBC_SHA384
+ *      MBEDTLS_TLS_DHE_PSK_WITH_CAMELLIA_256_CBC_SHA384
+ *      MBEDTLS_TLS_DHE_PSK_WITH_CAMELLIA_128_GCM_SHA256
+ *      MBEDTLS_TLS_DHE_PSK_WITH_CAMELLIA_128_CBC_SHA256
+ *      MBEDTLS_TLS_ECDHE_PSK_WITH_CAMELLIA_128_CBC_SHA256
+ *      MBEDTLS_TLS_RSA_WITH_CAMELLIA_256_GCM_SHA384
+ *      MBEDTLS_TLS_RSA_WITH_CAMELLIA_256_CBC_SHA256
+ *      MBEDTLS_TLS_RSA_WITH_CAMELLIA_256_CBC_SHA
+ *      MBEDTLS_TLS_RSA_WITH_CAMELLIA_128_GCM_SHA256
+ *      MBEDTLS_TLS_RSA_WITH_CAMELLIA_128_CBC_SHA256
+ *      MBEDTLS_TLS_RSA_WITH_CAMELLIA_128_CBC_SHA
+ *      MBEDTLS_TLS_RSA_PSK_WITH_CAMELLIA_256_GCM_SHA384
+ *      MBEDTLS_TLS_RSA_PSK_WITH_CAMELLIA_256_CBC_SHA384
+ *      MBEDTLS_TLS_RSA_PSK_WITH_CAMELLIA_128_GCM_SHA256
+ *      MBEDTLS_TLS_RSA_PSK_WITH_CAMELLIA_128_CBC_SHA256
+ *      MBEDTLS_TLS_PSK_WITH_CAMELLIA_256_GCM_SHA384
+ *      MBEDTLS_TLS_PSK_WITH_CAMELLIA_256_CBC_SHA384
+ *      MBEDTLS_TLS_PSK_WITH_CAMELLIA_128_GCM_SHA256
+ *      MBEDTLS_TLS_PSK_WITH_CAMELLIA_128_CBC_SHA256
+ */
+#define MBEDTLS_CAMELLIA_C
+
+/**
+ * \def MBEDTLS_CCM_C
+ *
+ * Enable the Counter with CBC-MAC (CCM) mode for 128-bit block cipher.
+ *
+ * Module:  library/ccm.c
+ *
+ * Requires: MBEDTLS_AES_C or MBEDTLS_CAMELLIA_C
+ *
+ * This module enables the AES-CCM ciphersuites, if other requisites are
+ * enabled as well.
+ */
+#define MBEDTLS_CCM_C
+
+/**
+ * \def MBEDTLS_CERTS_C
+ *
+ * Enable the test certificates.
+ *
+ * Module:  library/certs.c
+ * Caller:
+ *
+ * This module is used for testing (ssl_client/server).
+ */
+#define MBEDTLS_CERTS_C
+
+/**
+ * \def MBEDTLS_CIPHER_C
+ *
+ * Enable the generic cipher layer.
+ *
+ * Module:  library/cipher.c
+ * Caller:  library/ssl_tls.c
+ *
+ * Uncomment to enable generic cipher wrappers.
+ */
+#define MBEDTLS_CIPHER_C
+
+/**
+ * \def MBEDTLS_CTR_DRBG_C
+ *
+ * Enable the CTR_DRBG AES-256-based random generator.
+ *
+ * Module:  library/ctr_drbg.c
+ * Caller:
+ *
+ * Requires: MBEDTLS_AES_C
+ *
+ * This module provides the CTR_DRBG AES-256 random number generator.
+ */
+#define MBEDTLS_CTR_DRBG_C
+
+/**
+ * \def MBEDTLS_DEBUG_C
+ *
+ * Enable the debug functions.
+ *
+ * Module:  library/debug.c
+ * Caller:  library/ssl_cli.c
+ *          library/ssl_srv.c
+ *          library/ssl_tls.c
+ *
+ * This module provides debugging functions.
+ */
+#define MBEDTLS_DEBUG_C
+
+/**
+ * \def MBEDTLS_DES_C
+ *
+ * Enable the DES block cipher.
+ *
+ * Module:  library/des.c
+ * Caller:  library/pem.c
+ *          library/ssl_tls.c
+ *
+ * This module enables the following ciphersuites (if other requisites are
+ * enabled as well):
+ *      MBEDTLS_TLS_ECDH_ECDSA_WITH_3DES_EDE_CBC_SHA
+ *      MBEDTLS_TLS_ECDH_RSA_WITH_3DES_EDE_CBC_SHA
+ *      MBEDTLS_TLS_ECDHE_ECDSA_WITH_3DES_EDE_CBC_SHA
+ *      MBEDTLS_TLS_ECDHE_RSA_WITH_3DES_EDE_CBC_SHA
+ *      MBEDTLS_TLS_DHE_RSA_WITH_3DES_EDE_CBC_SHA
+ *      MBEDTLS_TLS_ECDHE_PSK_WITH_3DES_EDE_CBC_SHA
+ *      MBEDTLS_TLS_DHE_PSK_WITH_3DES_EDE_CBC_SHA
+ *      MBEDTLS_TLS_RSA_WITH_3DES_EDE_CBC_SHA
+ *      MBEDTLS_TLS_RSA_PSK_WITH_3DES_EDE_CBC_SHA
+ *      MBEDTLS_TLS_PSK_WITH_3DES_EDE_CBC_SHA
+ *
+ * PEM_PARSE uses DES/3DES for decrypting encrypted keys.
+ */
+#define MBEDTLS_DES_C
+
+/**
+ * \def MBEDTLS_DHM_C
+ *
+ * Enable the Diffie-Hellman-Merkle module.
+ *
+ * Module:  library/dhm.c
+ * Caller:  library/ssl_cli.c
+ *          library/ssl_srv.c
+ *
+ * This module is used by the following key exchanges:
+ *      DHE-RSA, DHE-PSK
+ */
+#define MBEDTLS_DHM_C
+
+/**
+ * \def MBEDTLS_ECDH_C
+ *
+ * Enable the elliptic curve Diffie-Hellman library.
+ *
+ * Module:  library/ecdh.c
+ * Caller:  library/ssl_cli.c
+ *          library/ssl_srv.c
+ *
+ * This module is used by the following key exchanges:
+ *      ECDHE-ECDSA, ECDHE-RSA, DHE-PSK
+ *
+ * Requires: MBEDTLS_ECP_C
+ */
+#define MBEDTLS_ECDH_C
+
+/**
+ * \def MBEDTLS_ECDSA_C
+ *
+ * Enable the elliptic curve DSA library.
+ *
+ * Module:  library/ecdsa.c
+ * Caller:
+ *
+ * This module is used by the following key exchanges:
+ *      ECDHE-ECDSA
+ *
+ * Requires: MBEDTLS_ECP_C, MBEDTLS_ASN1_WRITE_C, MBEDTLS_ASN1_PARSE_C
+ */
+#define MBEDTLS_ECDSA_C
+
+/**
+ * \def MBEDTLS_ECP_C
+ *
+ * Enable the elliptic curve over GF(p) library.
+ *
+ * Module:  library/ecp.c
+ * Caller:  library/ecdh.c
+ *          library/ecdsa.c
+ *
+ * Requires: MBEDTLS_BIGNUM_C and at least one MBEDTLS_ECP_DP_XXX_ENABLED
+ */
+#define MBEDTLS_ECP_C
+
+/**
+ * \def MBEDTLS_ENTROPY_C
+ *
+ * Enable the platform-specific entropy code.
+ *
+ * Module:  library/entropy.c
+ * Caller:
+ *
+ * Requires: MBEDTLS_SHA512_C or MBEDTLS_SHA256_C
+ *
+ * This module provides a generic entropy pool
+ */
+#define MBEDTLS_ENTROPY_C
+
+/**
+ * \def MBEDTLS_ERROR_C
+ *
+ * Enable error code to error string conversion.
+ *
+ * Module:  library/error.c
+ * Caller:
+ *
+ * This module enables mbedtls_strerror().
+ */
+#define MBEDTLS_ERROR_C
+
+/**
+ * \def MBEDTLS_GCM_C
+ *
+ * Enable the Galois/Counter Mode (GCM) for AES.
+ *
+ * Module:  library/gcm.c
+ *
+ * Requires: MBEDTLS_AES_C or MBEDTLS_CAMELLIA_C
+ *
+ * This module enables the AES-GCM and CAMELLIA-GCM ciphersuites, if other
+ * requisites are enabled as well.
+ */
+#define MBEDTLS_GCM_C
+
+/**
+ * \def MBEDTLS_HAVEGE_C
+ *
+ * Enable the HAVEGE random generator.
+ *
+ * Warning: the HAVEGE random generator is not suitable for virtualized
+ *          environments
+ *
+ * Warning: the HAVEGE random generator is dependent on timing and specific
+ *          processor traits. It is therefore not advised to use HAVEGE as
+ *          your applications primary random generator or primary entropy pool
+ *          input. As a secondary input to your entropy pool, it IS able add
+ *          the (limited) extra entropy it provides.
+ *
+ * Module:  library/havege.c
+ * Caller:
+ *
+ * Requires: MBEDTLS_TIMING_C
+ *
+ * Uncomment to enable the HAVEGE random generator.
+ */
+//#define MBEDTLS_HAVEGE_C
+
+/**
+ * \def MBEDTLS_HMAC_DRBG_C
+ *
+ * Enable the HMAC_DRBG random generator.
+ *
+ * Module:  library/hmac_drbg.c
+ * Caller:
+ *
+ * Requires: MBEDTLS_MD_C
+ *
+ * Uncomment to enable the HMAC_DRBG random number geerator.
+ */
+#define MBEDTLS_HMAC_DRBG_C
+
+/**
+ * \def MBEDTLS_MD_C
+ *
+ * Enable the generic message digest layer.
+ *
+ * Module:  library/mbedtls_md.c
+ * Caller:
+ *
+ * Uncomment to enable generic message digest wrappers.
+ */
+#define MBEDTLS_MD_C
+
+/**
+ * \def MBEDTLS_MD2_C
+ *
+ * Enable the MD2 hash algorithm.
+ *
+ * Module:  library/mbedtls_md2.c
+ * Caller:
+ *
+ * Uncomment to enable support for (rare) MD2-signed X.509 certs.
+ */
+//#define MBEDTLS_MD2_C
+
+/**
+ * \def MBEDTLS_MD4_C
+ *
+ * Enable the MD4 hash algorithm.
+ *
+ * Module:  library/mbedtls_md4.c
+ * Caller:
+ *
+ * Uncomment to enable support for (rare) MD4-signed X.509 certs.
+ */
+//#define MBEDTLS_MD4_C
+
+/**
+ * \def MBEDTLS_MD5_C
+ *
+ * Enable the MD5 hash algorithm.
+ *
+ * Module:  library/mbedtls_md5.c
+ * Caller:  library/mbedtls_md.c
+ *          library/pem.c
+ *          library/ssl_tls.c
+ *
+ * This module is required for SSL/TLS and X.509.
+ * PEM_PARSE uses MD5 for decrypting encrypted keys.
+ */
+#define MBEDTLS_MD5_C
+
+/**
+ * \def MBEDTLS_MEMORY_BUFFER_ALLOC_C
+ *
+ * Enable the buffer allocator implementation that makes use of a (stack)
+ * based buffer to 'allocate' dynamic memory. (replaces calloc() and free()
+ * calls)
+ *
+ * Module:  library/memory_buffer_alloc.c
+ *
+ * Requires: MBEDTLS_PLATFORM_C
+ *           MBEDTLS_PLATFORM_MEMORY (to use it within mbed TLS)
+ *
+ * Enable this module to enable the buffer memory allocator.
+ */
+//#define MBEDTLS_MEMORY_BUFFER_ALLOC_C
+
+/**
+ * \def MBEDTLS_NET_C
+ *
+ * Enable the TCP/IP networking routines.
+ *
+ * Module:  library/net.c
+ *
+ * This module provides TCP/IP networking routines.
+ */
+#define MBEDTLS_NET_C
+
+/**
+ * \def MBEDTLS_OID_C
+ *
+ * Enable the OID database.
+ *
+ * Module:  library/oid.c
+ * Caller:  library/asn1write.c
+ *          library/pkcs5.c
+ *          library/pkparse.c
+ *          library/pkwrite.c
+ *          library/rsa.c
+ *          library/x509.c
+ *          library/x509_create.c
+ *          library/mbedtls_x509_crl.c
+ *          library/mbedtls_x509_crt.c
+ *          library/mbedtls_x509_csr.c
+ *          library/x509write_crt.c
+ *          library/mbedtls_x509write_csr.c
+ *
+ * This modules translates between OIDs and internal values.
+ */
+#define MBEDTLS_OID_C
+
+/**
+ * \def MBEDTLS_PADLOCK_C
+ *
+ * Enable VIA Padlock support on x86.
+ *
+ * Module:  library/padlock.c
+ * Caller:  library/aes.c
+ *
+ * Requires: MBEDTLS_HAVE_ASM
+ *
+ * This modules adds support for the VIA PadLock on x86.
+ */
+#define MBEDTLS_PADLOCK_C
+
+/**
+ * \def MBEDTLS_PEM_PARSE_C
+ *
+ * Enable PEM decoding / parsing.
+ *
+ * Module:  library/pem.c
+ * Caller:  library/dhm.c
+ *          library/pkparse.c
+ *          library/mbedtls_x509_crl.c
+ *          library/mbedtls_x509_crt.c
+ *          library/mbedtls_x509_csr.c
+ *
+ * Requires: MBEDTLS_BASE64_C
+ *
+ * This modules adds support for decoding / parsing PEM files.
+ */
+#define MBEDTLS_PEM_PARSE_C
+
+/**
+ * \def MBEDTLS_PEM_WRITE_C
+ *
+ * Enable PEM encoding / writing.
+ *
+ * Module:  library/pem.c
+ * Caller:  library/pkwrite.c
+ *          library/x509write_crt.c
+ *          library/mbedtls_x509write_csr.c
+ *
+ * Requires: MBEDTLS_BASE64_C
+ *
+ * This modules adds support for encoding / writing PEM files.
+ */
+#define MBEDTLS_PEM_WRITE_C
+
+/**
+ * \def MBEDTLS_PK_C
+ *
+ * Enable the generic public (asymetric) key layer.
+ *
+ * Module:  library/pk.c
+ * Caller:  library/ssl_tls.c
+ *          library/ssl_cli.c
+ *          library/ssl_srv.c
+ *
+ * Requires: MBEDTLS_RSA_C or MBEDTLS_ECP_C
+ *
+ * Uncomment to enable generic public key wrappers.
+ */
+#define MBEDTLS_PK_C
+
+/**
+ * \def MBEDTLS_PK_PARSE_C
+ *
+ * Enable the generic public (asymetric) key parser.
+ *
+ * Module:  library/pkparse.c
+ * Caller:  library/mbedtls_x509_crt.c
+ *          library/mbedtls_x509_csr.c
+ *
+ * Requires: MBEDTLS_PK_C
+ *
+ * Uncomment to enable generic public key parse functions.
+ */
+#define MBEDTLS_PK_PARSE_C
+
+/**
+ * \def MBEDTLS_PK_WRITE_C
+ *
+ * Enable the generic public (asymetric) key writer.
+ *
+ * Module:  library/pkwrite.c
+ * Caller:  library/x509write.c
+ *
+ * Requires: MBEDTLS_PK_C
+ *
+ * Uncomment to enable generic public key write functions.
+ */
+#define MBEDTLS_PK_WRITE_C
+
+/**
+ * \def MBEDTLS_PKCS5_C
+ *
+ * Enable PKCS#5 functions.
+ *
+ * Module:  library/pkcs5.c
+ *
+ * Requires: MBEDTLS_MD_C
+ *
+ * This module adds support for the PKCS#5 functions.
+ */
+#define MBEDTLS_PKCS5_C
+
+/**
+ * \def MBEDTLS_PKCS11_C
+ *
+ * Enable wrapper for PKCS#11 smartcard support.
+ *
+ * Module:  library/pkcs11.c
+ * Caller:  library/pk.c
+ *
+ * Requires: MBEDTLS_PK_C
+ *
+ * This module enables SSL/TLS PKCS #11 smartcard support.
+ * Requires the presence of the PKCS#11 helper library (libpkcs11-helper)
+ */
+//#define MBEDTLS_PKCS11_C
+
+/**
+ * \def MBEDTLS_PKCS12_C
+ *
+ * Enable PKCS#12 PBE functions.
+ * Adds algorithms for parsing PKCS#8 encrypted private keys
+ *
+ * Module:  library/pkcs12.c
+ * Caller:  library/pkparse.c
+ *
+ * Requires: MBEDTLS_ASN1_PARSE_C, MBEDTLS_CIPHER_C, MBEDTLS_MD_C
+ * Can use:  MBEDTLS_ARC4_C
+ *
+ * This module enables PKCS#12 functions.
+ */
+#define MBEDTLS_PKCS12_C
+
+/**
+ * \def MBEDTLS_PLATFORM_C
+ *
+ * Enable the platform abstraction layer that allows you to re-assign
+ * functions like calloc(), free(), snprintf(), printf(), fprintf(), exit().
+ *
+ * Enabling MBEDTLS_PLATFORM_C enables to use of MBEDTLS_PLATFORM_XXX_ALT
+ * or MBEDTLS_PLATFORM_XXX_MACRO directives, allowing the functions mentioned
+ * above to be specified at runtime or compile time respectively.
+ *
+ * \note This abstraction layer must be enabled on Windows (including MSYS2)
+ * as other module rely on it for a fixed snprintf implementation.
+ *
+ * Module:  library/platform.c
+ * Caller:  Most other .c files
+ *
+ * This module enables abstraction of common (libc) functions.
+ */
+#define MBEDTLS_PLATFORM_C
+
+/**
+ * \def MBEDTLS_RIPEMD160_C
+ *
+ * Enable the RIPEMD-160 hash algorithm.
+ *
+ * Module:  library/mbedtls_ripemd160.c
+ * Caller:  library/mbedtls_md.c
+ *
+ */
+#define MBEDTLS_RIPEMD160_C
+
+/**
+ * \def MBEDTLS_RSA_C
+ *
+ * Enable the RSA public-key cryptosystem.
+ *
+ * Module:  library/rsa.c
+ * Caller:  library/ssl_cli.c
+ *          library/ssl_srv.c
+ *          library/ssl_tls.c
+ *          library/x509.c
+ *
+ * This module is used by the following key exchanges:
+ *      RSA, DHE-RSA, ECDHE-RSA, RSA-PSK
+ *
+ * Requires: MBEDTLS_BIGNUM_C, MBEDTLS_OID_C
+ */
+#define MBEDTLS_RSA_C
+
+/**
+ * \def MBEDTLS_SHA1_C
+ *
+ * Enable the SHA1 cryptographic hash algorithm.
+ *
+ * Module:  library/mbedtls_sha1.c
+ * Caller:  library/mbedtls_md.c
+ *          library/ssl_cli.c
+ *          library/ssl_srv.c
+ *          library/ssl_tls.c
+ *          library/x509write_crt.c
+ *
+ * This module is required for SSL/TLS and SHA1-signed certificates.
+ */
+#define MBEDTLS_SHA1_C
+
+/**
+ * \def MBEDTLS_SHA256_C
+ *
+ * Enable the SHA-224 and SHA-256 cryptographic hash algorithms.
+ *
+ * Module:  library/mbedtls_sha256.c
+ * Caller:  library/entropy.c
+ *          library/mbedtls_md.c
+ *          library/ssl_cli.c
+ *          library/ssl_srv.c
+ *          library/ssl_tls.c
+ *
+ * This module adds support for SHA-224 and SHA-256.
+ * This module is required for the SSL/TLS 1.2 PRF function.
+ */
+#define MBEDTLS_SHA256_C
+
+/**
+ * \def MBEDTLS_SHA512_C
+ *
+ * Enable the SHA-384 and SHA-512 cryptographic hash algorithms.
+ *
+ * Module:  library/mbedtls_sha512.c
+ * Caller:  library/entropy.c
+ *          library/mbedtls_md.c
+ *          library/ssl_cli.c
+ *          library/ssl_srv.c
+ *
+ * This module adds support for SHA-384 and SHA-512.
+ */
+#define MBEDTLS_SHA512_C
+
+/**
+ * \def MBEDTLS_SSL_CACHE_C
+ *
+ * Enable simple SSL cache implementation.
+ *
+ * Module:  library/ssl_cache.c
+ * Caller:
+ *
+ * Requires: MBEDTLS_SSL_CACHE_C
+ */
+#define MBEDTLS_SSL_CACHE_C
+
+/**
+ * \def MBEDTLS_SSL_COOKIE_C
+ *
+ * Enable basic implementation of DTLS cookies for hello verification.
+ *
+ * Module:  library/ssl_cookie.c
+ * Caller:
+ */
+#define MBEDTLS_SSL_COOKIE_C
+
+/**
+ * \def MBEDTLS_SSL_TICKET_C
+ *
+ * Enable an implementation of TLS server-side callbacks for session tickets.
+ *
+ * Module:  library/ssl_ticket.c
+ * Caller:
+ *
+ * Requires: MBEDTLS_CIPHER_C
+ */
+#define MBEDTLS_SSL_TICKET_C
+
+/**
+ * \def MBEDTLS_SSL_CLI_C
+ *
+ * Enable the SSL/TLS client code.
+ *
+ * Module:  library/ssl_cli.c
+ * Caller:
+ *
+ * Requires: MBEDTLS_SSL_TLS_C
+ *
+ * This module is required for SSL/TLS client support.
+ */
+#define MBEDTLS_SSL_CLI_C
+
+/**
+ * \def MBEDTLS_SSL_SRV_C
+ *
+ * Enable the SSL/TLS server code.
+ *
+ * Module:  library/ssl_srv.c
+ * Caller:
+ *
+ * Requires: MBEDTLS_SSL_TLS_C
+ *
+ * This module is required for SSL/TLS server support.
+ */
+#define MBEDTLS_SSL_SRV_C
+
+/**
+ * \def MBEDTLS_SSL_TLS_C
+ *
+ * Enable the generic SSL/TLS code.
+ *
+ * Module:  library/ssl_tls.c
+ * Caller:  library/ssl_cli.c
+ *          library/ssl_srv.c
+ *
+ * Requires: MBEDTLS_CIPHER_C, MBEDTLS_MD_C
+ *           and at least one of the MBEDTLS_SSL_PROTO_XXX defines
+ *
+ * This module is required for SSL/TLS.
+ */
+#define MBEDTLS_SSL_TLS_C
+
+/**
+ * \def MBEDTLS_THREADING_C
+ *
+ * Enable the threading abstraction layer.
+ * By default mbed TLS assumes it is used in a non-threaded environment or that
+ * contexts are not shared between threads. If you do intend to use contexts
+ * between threads, you will need to enable this layer to prevent race
+ * conditions.
+ *
+ * Module:  library/threading.c
+ *
+ * This allows different threading implementations (self-implemented or
+ * provided).
+ *
+ * You will have to enable either MBEDTLS_THREADING_ALT or
+ * MBEDTLS_THREADING_PTHREAD.
+ *
+ * Enable this layer to allow use of mutexes within mbed TLS
+ */
+//#define MBEDTLS_THREADING_C
+
+/**
+ * \def MBEDTLS_TIMING_C
+ *
+ * Enable the portable timing interface.
+ *
+ * Module:  library/timing.c
+ * Caller:  library/havege.c
+ *
+ * This module is used by the HAVEGE random number generator.
+ */
+#define MBEDTLS_TIMING_C
+
+/**
+ * \def MBEDTLS_VERSION_C
+ *
+ * Enable run-time version information.
+ *
+ * Module:  library/version.c
+ *
+ * This module provides run-time version information.
+ */
+#define MBEDTLS_VERSION_C
+
+/**
+ * \def MBEDTLS_X509_USE_C
+ *
+ * Enable X.509 core for using certificates.
+ *
+ * Module:  library/x509.c
+ * Caller:  library/mbedtls_x509_crl.c
+ *          library/mbedtls_x509_crt.c
+ *          library/mbedtls_x509_csr.c
+ *
+ * Requires: MBEDTLS_ASN1_PARSE_C, MBEDTLS_BIGNUM_C, MBEDTLS_OID_C,
+ *           MBEDTLS_PK_PARSE_C
+ *
+ * This module is required for the X.509 parsing modules.
+ */
+#define MBEDTLS_X509_USE_C
+
+/**
+ * \def MBEDTLS_X509_CRT_PARSE_C
+ *
+ * Enable X.509 certificate parsing.
+ *
+ * Module:  library/mbedtls_x509_crt.c
+ * Caller:  library/ssl_cli.c
+ *          library/ssl_srv.c
+ *          library/ssl_tls.c
+ *
+ * Requires: MBEDTLS_X509_USE_C
+ *
+ * This module is required for X.509 certificate parsing.
+ */
+#define MBEDTLS_X509_CRT_PARSE_C
+
+/**
+ * \def MBEDTLS_X509_CRL_PARSE_C
+ *
+ * Enable X.509 CRL parsing.
+ *
+ * Module:  library/mbedtls_x509_crl.c
+ * Caller:  library/mbedtls_x509_crt.c
+ *
+ * Requires: MBEDTLS_X509_USE_C
+ *
+ * This module is required for X.509 CRL parsing.
+ */
+#define MBEDTLS_X509_CRL_PARSE_C
+
+/**
+ * \def MBEDTLS_X509_CSR_PARSE_C
+ *
+ * Enable X.509 Certificate Signing Request (CSR) parsing.
+ *
+ * Module:  library/mbedtls_x509_csr.c
+ * Caller:  library/x509_crt_write.c
+ *
+ * Requires: MBEDTLS_X509_USE_C
+ *
+ * This module is used for reading X.509 certificate request.
+ */
+#define MBEDTLS_X509_CSR_PARSE_C
+
+/**
+ * \def MBEDTLS_X509_CREATE_C
+ *
+ * Enable X.509 core for creating certificates.
+ *
+ * Module:  library/x509_create.c
+ *
+ * Requires: MBEDTLS_BIGNUM_C, MBEDTLS_OID_C, MBEDTLS_PK_WRITE_C
+ *
+ * This module is the basis for creating X.509 certificates and CSRs.
+ */
+#define MBEDTLS_X509_CREATE_C
+
+/**
+ * \def MBEDTLS_X509_CRT_WRITE_C
+ *
+ * Enable creating X.509 certificates.
+ *
+ * Module:  library/x509_crt_write.c
+ *
+ * Requires: MBEDTLS_X509_CREATE_C
+ *
+ * This module is required for X.509 certificate creation.
+ */
+#define MBEDTLS_X509_CRT_WRITE_C
+
+/**
+ * \def MBEDTLS_X509_CSR_WRITE_C
+ *
+ * Enable creating X.509 Certificate Signing Requests (CSR).
+ *
+ * Module:  library/x509_csr_write.c
+ *
+ * Requires: MBEDTLS_X509_CREATE_C
+ *
+ * This module is required for X.509 certificate request writing.
+ */
+#define MBEDTLS_X509_CSR_WRITE_C
+
+/**
+ * \def MBEDTLS_XTEA_C
+ *
+ * Enable the XTEA block cipher.
+ *
+ * Module:  library/xtea.c
+ * Caller:
+ */
+#define MBEDTLS_XTEA_C
+
+/* \} name SECTION: mbed TLS modules */
+
+/**
+ * \name SECTION: Module configuration options
+ *
+ * This section allows for the setting of module specific sizes and
+ * configuration options. The default values are already present in the
+ * relevant header files and should suffice for the regular use cases.
+ *
+ * Our advice is to enable options and change their values here
+ * only if you have a good reason and know the consequences.
+ *
+ * Please check the respective header file for documentation on these
+ * parameters (to prevent duplicate documentation).
+ * \{
+ */
+
+/* MPI / BIGNUM options */
+//#define MBEDTLS_MPI_WINDOW_SIZE            6 /**< Maximum windows size used. */
+//#define MBEDTLS_MPI_MAX_SIZE            1024 /**< Maximum number of bytes for usable MPIs. */
+
+/* CTR_DRBG options */
+//#define MBEDTLS_CTR_DRBG_ENTROPY_LEN               48 /**< Amount of entropy used per seed by default (48 with SHA-512, 32 with SHA-256) */
+//#define MBEDTLS_CTR_DRBG_RESEED_INTERVAL        10000 /**< Interval before reseed is performed by default */
+//#define MBEDTLS_CTR_DRBG_MAX_INPUT                256 /**< Maximum number of additional input bytes */
+//#define MBEDTLS_CTR_DRBG_MAX_REQUEST             1024 /**< Maximum number of requested bytes per call */
+//#define MBEDTLS_CTR_DRBG_MAX_SEED_INPUT           384 /**< Maximum size of (re)seed buffer */
+
+/* HMAC_DRBG options */
+//#define MBEDTLS_HMAC_DRBG_RESEED_INTERVAL   10000 /**< Interval before reseed is performed by default */
+//#define MBEDTLS_HMAC_DRBG_MAX_INPUT           256 /**< Maximum number of additional input bytes */
+//#define MBEDTLS_HMAC_DRBG_MAX_REQUEST        1024 /**< Maximum number of requested bytes per call */
+//#define MBEDTLS_HMAC_DRBG_MAX_SEED_INPUT      384 /**< Maximum size of (re)seed buffer */
+
+/* ECP options */
+//#define MBEDTLS_ECP_MAX_BITS             521 /**< Maximum bit size of groups */
+//#define MBEDTLS_ECP_WINDOW_SIZE            6 /**< Maximum window size used */
+//#define MBEDTLS_ECP_FIXED_POINT_OPTIM      1 /**< Enable fixed-point speed-up */
+
+/* Entropy options */
+//#define MBEDTLS_ENTROPY_MAX_SOURCES                20 /**< Maximum number of sources supported */
+//#define MBEDTLS_ENTROPY_MAX_GATHER                128 /**< Maximum amount requested from entropy sources */
+
+/* Memory buffer allocator options */
+//#define MBEDTLS_MEMORY_ALIGN_MULTIPLE      4 /**< Align on multiples of this value */
+
+/* Platform options */
+//#define MBEDTLS_PLATFORM_STD_MEM_HDR   <stdlib.h> /**< Header to include if MBEDTLS_PLATFORM_NO_STD_FUNCTIONS is defined. Don't define if no header is needed. */
+//#define MBEDTLS_PLATFORM_STD_CALLOC        calloc /**< Default allocator to use, can be undefined */
+//#define MBEDTLS_PLATFORM_STD_FREE            free /**< Default free to use, can be undefined */
+//#define MBEDTLS_PLATFORM_STD_EXIT            exit /**< Default exit to use, can be undefined */
+//#define MBEDTLS_PLATFORM_STD_FPRINTF      fprintf /**< Default fprintf to use, can be undefined */
+//#define MBEDTLS_PLATFORM_STD_PRINTF        printf /**< Default printf to use, can be undefined */
+/* Note: your snprintf must correclty zero-terminate the buffer! */
+//#define MBEDTLS_PLATFORM_STD_SNPRINTF    snprintf /**< Default snprintf to use, can be undefined */
+
+/* To Use Function Macros MBEDTLS_PLATFORM_C must be enabled */
+/* MBEDTLS_PLATFORM_XXX_MACRO and MBEDTLS_PLATFORM_XXX_ALT cannot both be defined */
+//#define MBEDTLS_PLATFORM_CALLOC_MACRO        calloc /**< Default allocator macro to use, can be undefined */
+//#define MBEDTLS_PLATFORM_FREE_MACRO            free /**< Default free macro to use, can be undefined */
+//#define MBEDTLS_PLATFORM_EXIT_MACRO            exit /**< Default exit macro to use, can be undefined */
+//#define MBEDTLS_PLATFORM_FPRINTF_MACRO      fprintf /**< Default fprintf macro to use, can be undefined */
+//#define MBEDTLS_PLATFORM_PRINTF_MACRO        printf /**< Default printf macro to use, can be undefined */
+/* Note: your snprintf must correclty zero-terminate the buffer! */
+//#define MBEDTLS_PLATFORM_SNPRINTF_MACRO    snprintf /**< Default snprintf macro to use, can be undefined */
+
+/* SSL Cache options */
+//#define MBEDTLS_SSL_CACHE_DEFAULT_TIMEOUT       86400 /**< 1 day  */
+//#define MBEDTLS_SSL_CACHE_DEFAULT_MAX_ENTRIES      50 /**< Maximum entries in cache */
+
+/* SSL options */
+//#define MBEDTLS_SSL_MAX_CONTENT_LEN             16384 /**< Maxium fragment length in bytes, determines the size of each of the two internal I/O buffers */
+//#define MBEDTLS_SSL_DEFAULT_TICKET_LIFETIME     86400 /**< Lifetime of session tickets (if enabled) */
+//#define MBEDTLS_PSK_MAX_LEN               32 /**< Max size of TLS pre-shared keys, in bytes (default 256 bits) */
+//#define MBEDTLS_SSL_COOKIE_TIMEOUT        60 /**< Default expiration delay of DTLS cookies, in seconds if HAVE_TIME, or in number of cookies issued */
+
+/**
+ * Complete list of ciphersuites to use, in order of preference.
+ *
+ * \warning No dependency checking is done on that field! This option can only
+ * be used to restrict the set of available ciphersuites. It is your
+ * responsibility to make sure the needed modules are active.
+ *
+ * Use this to save a few hundred bytes of ROM (default ordering of all
+ * available ciphersuites) and a few to a few hundred bytes of RAM.
+ *
+ * The value below is only an example, not the default.
+ */
+//#define MBEDTLS_SSL_CIPHERSUITES MBEDTLS_TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384,MBEDTLS_TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256
+
+/* X509 options */
+//#define MBEDTLS_X509_MAX_INTERMEDIATE_CA   8   /**< Maximum number of intermediate CAs in a verification chain. */
+
+/* \} name SECTION: Module configuration options */
+
+#if defined(TARGET_LIKE_MBED)
+#include "mbedtls/target_config.h"
+#endif
+
+/*
+ * Allow user to override any previous default.
+ *
+ * Use two macro names for that, as:
+ * - with yotta the prefix YOTTA_CFG_ is forced
+ * - without yotta is looks weird to have a YOTTA prefix.
+ */
+#if defined(YOTTA_CFG_MBEDTLS_USER_CONFIG_FILE)
+#include YOTTA_CFG_MBEDTLS_USER_CONFIG_FILE
+#elif defined(MBEDTLS_USER_CONFIG_FILE)
+#include MBEDTLS_USER_CONFIG_FILE
+#endif
+
+#include "check_config.h"
+
+#endif /* MBEDTLS_CONFIG_H */
diff --git a/client/3rd/ShadowSocks/ShadowSocks/mbedtls/include/ctr_drbg.h b/client/3rd/ShadowSocks/ShadowSocks/mbedtls/include/ctr_drbg.h
new file mode 100644
index 00000000..059d3c5c
--- /dev/null
+++ b/client/3rd/ShadowSocks/ShadowSocks/mbedtls/include/ctr_drbg.h
@@ -0,0 +1,290 @@
+/**
+ * \file ctr_drbg.h
+ *
+ * \brief CTR_DRBG based on AES-256 (NIST SP 800-90)
+ *
+ *  Copyright (C) 2006-2015, ARM Limited, All Rights Reserved
+ *  SPDX-License-Identifier: Apache-2.0
+ *
+ *  Licensed under the Apache License, Version 2.0 (the "License"); you may
+ *  not use this file except in compliance with the License.
+ *  You may obtain a copy of the License at
+ *
+ *  http://www.apache.org/licenses/LICENSE-2.0
+ *
+ *  Unless required by applicable law or agreed to in writing, software
+ *  distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
+ *  WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ *  See the License for the specific language governing permissions and
+ *  limitations under the License.
+ *
+ *  This file is part of mbed TLS (https://tls.mbed.org)
+ */
+#ifndef MBEDTLS_CTR_DRBG_H
+#define MBEDTLS_CTR_DRBG_H
+
+#include "aes.h"
+
+#if defined(MBEDTLS_THREADING_C)
+#include "mbedtls/threading.h"
+#endif
+
+#define MBEDTLS_ERR_CTR_DRBG_ENTROPY_SOURCE_FAILED        -0x0034  /**< The entropy source failed. */
+#define MBEDTLS_ERR_CTR_DRBG_REQUEST_TOO_BIG              -0x0036  /**< Too many random requested in single call. */
+#define MBEDTLS_ERR_CTR_DRBG_INPUT_TOO_BIG                -0x0038  /**< Input too large (Entropy + additional). */
+#define MBEDTLS_ERR_CTR_DRBG_FILE_IO_ERROR                -0x003A  /**< Read/write error in file. */
+
+#define MBEDTLS_CTR_DRBG_BLOCKSIZE          16      /**< Block size used by the cipher                  */
+#define MBEDTLS_CTR_DRBG_KEYSIZE            32      /**< Key size used by the cipher                    */
+#define MBEDTLS_CTR_DRBG_KEYBITS            ( MBEDTLS_CTR_DRBG_KEYSIZE * 8 )
+#define MBEDTLS_CTR_DRBG_SEEDLEN            ( MBEDTLS_CTR_DRBG_KEYSIZE + MBEDTLS_CTR_DRBG_BLOCKSIZE )
+                                            /**< The seed length (counter + AES key)            */
+
+/**
+ * \name SECTION: Module settings
+ *
+ * The configuration options you can set for this module are in this section.
+ * Either change them in config.h or define them on the compiler command line.
+ * \{
+ */
+
+#if !defined(MBEDTLS_CTR_DRBG_ENTROPY_LEN)
+#if defined(MBEDTLS_SHA512_C) && !defined(MBEDTLS_ENTROPY_FORCE_SHA256)
+#define MBEDTLS_CTR_DRBG_ENTROPY_LEN        48      /**< Amount of entropy used per seed by default (48 with SHA-512, 32 with SHA-256) */
+#else
+#define MBEDTLS_CTR_DRBG_ENTROPY_LEN        32      /**< Amount of entropy used per seed by default (48 with SHA-512, 32 with SHA-256) */
+#endif
+#endif
+
+#if !defined(MBEDTLS_CTR_DRBG_RESEED_INTERVAL)
+#define MBEDTLS_CTR_DRBG_RESEED_INTERVAL    10000   /**< Interval before reseed is performed by default */
+#endif
+
+#if !defined(MBEDTLS_CTR_DRBG_MAX_INPUT)
+#define MBEDTLS_CTR_DRBG_MAX_INPUT          256     /**< Maximum number of additional input bytes */
+#endif
+
+#if !defined(MBEDTLS_CTR_DRBG_MAX_REQUEST)
+#define MBEDTLS_CTR_DRBG_MAX_REQUEST        1024    /**< Maximum number of requested bytes per call */
+#endif
+
+#if !defined(MBEDTLS_CTR_DRBG_MAX_SEED_INPUT)
+#define MBEDTLS_CTR_DRBG_MAX_SEED_INPUT     384     /**< Maximum size of (re)seed buffer */
+#endif
+
+/* \} name SECTION: Module settings */
+
+#define MBEDTLS_CTR_DRBG_PR_OFF             0       /**< No prediction resistance       */
+#define MBEDTLS_CTR_DRBG_PR_ON              1       /**< Prediction resistance enabled  */
+
+#ifdef __cplusplus
+extern "C" {
+#endif
+
+/**
+ * \brief          CTR_DRBG context structure
+ */
+typedef struct
+{
+    unsigned char counter[16];  /*!<  counter (V)       */
+    int reseed_counter;         /*!<  reseed counter    */
+    int prediction_resistance;  /*!<  enable prediction resistance (Automatic
+                                      reseed before every random generation)  */
+    size_t entropy_len;         /*!<  amount of entropy grabbed on each
+                                      (re)seed          */
+    int reseed_interval;        /*!<  reseed interval   */
+
+    mbedtls_aes_context aes_ctx;        /*!<  AES context       */
+
+    /*
+     * Callbacks (Entropy)
+     */
+    int (*f_entropy)(void *, unsigned char *, size_t);
+
+    void *p_entropy;            /*!<  context for the entropy function */
+
+#if defined(MBEDTLS_THREADING_C)
+    mbedtls_threading_mutex_t mutex;
+#endif
+}
+mbedtls_ctr_drbg_context;
+
+/**
+ * \brief               CTR_DRBG context initialization
+ *                      Makes the context ready for mbedtls_ctr_drbg_seed() or
+ *                      mbedtls_ctr_drbg_free().
+ *
+ * \param ctx           CTR_DRBG context to be initialized
+ */
+void mbedtls_ctr_drbg_init( mbedtls_ctr_drbg_context *ctx );
+
+/**
+ * \brief               CTR_DRBG initial seeding
+ *                      Seed and setup entropy source for future reseeds.
+ *
+ * Note: Personalization data can be provided in addition to the more generic
+ *       entropy source to make this instantiation as unique as possible.
+ *
+ * \param ctx           CTR_DRBG context to be seeded
+ * \param f_entropy     Entropy callback (p_entropy, buffer to fill, buffer
+ *                      length)
+ * \param p_entropy     Entropy context
+ * \param custom        Personalization data (Device specific identifiers)
+ *                      (Can be NULL)
+ * \param len           Length of personalization data
+ *
+ * \return              0 if successful, or
+ *                      MBEDTLS_ERR_CTR_DRBG_ENTROPY_SOURCE_FAILED
+ */
+int mbedtls_ctr_drbg_seed( mbedtls_ctr_drbg_context *ctx,
+                   int (*f_entropy)(void *, unsigned char *, size_t),
+                   void *p_entropy,
+                   const unsigned char *custom,
+                   size_t len );
+
+/**
+ * \brief               Clear CTR_CRBG context data
+ *
+ * \param ctx           CTR_DRBG context to clear
+ */
+void mbedtls_ctr_drbg_free( mbedtls_ctr_drbg_context *ctx );
+
+/**
+ * \brief               Enable / disable prediction resistance (Default: Off)
+ *
+ * Note: If enabled, entropy is used for ctx->entropy_len before each call!
+ *       Only use this if you have ample supply of good entropy!
+ *
+ * \param ctx           CTR_DRBG context
+ * \param resistance    MBEDTLS_CTR_DRBG_PR_ON or MBEDTLS_CTR_DRBG_PR_OFF
+ */
+void mbedtls_ctr_drbg_set_prediction_resistance( mbedtls_ctr_drbg_context *ctx,
+                                         int resistance );
+
+/**
+ * \brief               Set the amount of entropy grabbed on each (re)seed
+ *                      (Default: MBEDTLS_CTR_DRBG_ENTROPY_LEN)
+ *
+ * \param ctx           CTR_DRBG context
+ * \param len           Amount of entropy to grab
+ */
+void mbedtls_ctr_drbg_set_entropy_len( mbedtls_ctr_drbg_context *ctx,
+                               size_t len );
+
+/**
+ * \brief               Set the reseed interval
+ *                      (Default: MBEDTLS_CTR_DRBG_RESEED_INTERVAL)
+ *
+ * \param ctx           CTR_DRBG context
+ * \param interval      Reseed interval
+ */
+void mbedtls_ctr_drbg_set_reseed_interval( mbedtls_ctr_drbg_context *ctx,
+                                   int interval );
+
+/**
+ * \brief               CTR_DRBG reseeding (extracts data from entropy source)
+ *
+ * \param ctx           CTR_DRBG context
+ * \param additional    Additional data to add to state (Can be NULL)
+ * \param len           Length of additional data
+ *
+ * \return              0 if successful, or
+ *                      MBEDTLS_ERR_CTR_DRBG_ENTROPY_SOURCE_FAILED
+ */
+int mbedtls_ctr_drbg_reseed( mbedtls_ctr_drbg_context *ctx,
+                     const unsigned char *additional, size_t len );
+
+/**
+ * \brief               CTR_DRBG update state
+ *
+ * \param ctx           CTR_DRBG context
+ * \param additional    Additional data to update state with
+ * \param add_len       Length of additional data
+ *
+ * \note                If add_len is greater than MBEDTLS_CTR_DRBG_MAX_SEED_INPUT,
+ *                      only the first MBEDTLS_CTR_DRBG_MAX_SEED_INPUT bytes are used,
+ *                      the remaining ones are silently discarded.
+ */
+void mbedtls_ctr_drbg_update( mbedtls_ctr_drbg_context *ctx,
+                      const unsigned char *additional, size_t add_len );
+
+/**
+ * \brief               CTR_DRBG generate random with additional update input
+ *
+ * Note: Automatically reseeds if reseed_counter is reached.
+ *
+ * \param p_rng         CTR_DRBG context
+ * \param output        Buffer to fill
+ * \param output_len    Length of the buffer
+ * \param additional    Additional data to update with (Can be NULL)
+ * \param add_len       Length of additional data
+ *
+ * \return              0 if successful, or
+ *                      MBEDTLS_ERR_CTR_DRBG_ENTROPY_SOURCE_FAILED, or
+ *                      MBEDTLS_ERR_CTR_DRBG_REQUEST_TOO_BIG
+ */
+int mbedtls_ctr_drbg_random_with_add( void *p_rng,
+                              unsigned char *output, size_t output_len,
+                              const unsigned char *additional, size_t add_len );
+
+/**
+ * \brief               CTR_DRBG generate random
+ *
+ * Note: Automatically reseeds if reseed_counter is reached.
+ *
+ * \param p_rng         CTR_DRBG context
+ * \param output        Buffer to fill
+ * \param output_len    Length of the buffer
+ *
+ * \return              0 if successful, or
+ *                      MBEDTLS_ERR_CTR_DRBG_ENTROPY_SOURCE_FAILED, or
+ *                      MBEDTLS_ERR_CTR_DRBG_REQUEST_TOO_BIG
+ */
+int mbedtls_ctr_drbg_random( void *p_rng,
+                     unsigned char *output, size_t output_len );
+
+#if defined(MBEDTLS_FS_IO)
+/**
+ * \brief               Write a seed file
+ *
+ * \param ctx           CTR_DRBG context
+ * \param path          Name of the file
+ *
+ * \return              0 if successful,
+ *                      MBEDTLS_ERR_CTR_DRBG_FILE_IO_ERROR on file error, or
+ *                      MBEDTLS_ERR_CTR_DRBG_ENTROPY_SOURCE_FAILED
+ */
+int mbedtls_ctr_drbg_write_seed_file( mbedtls_ctr_drbg_context *ctx, const char *path );
+
+/**
+ * \brief               Read and update a seed file. Seed is added to this
+ *                      instance
+ *
+ * \param ctx           CTR_DRBG context
+ * \param path          Name of the file
+ *
+ * \return              0 if successful,
+ *                      MBEDTLS_ERR_CTR_DRBG_FILE_IO_ERROR on file error,
+ *                      MBEDTLS_ERR_CTR_DRBG_ENTROPY_SOURCE_FAILED or
+ *                      MBEDTLS_ERR_CTR_DRBG_INPUT_TOO_BIG
+ */
+int mbedtls_ctr_drbg_update_seed_file( mbedtls_ctr_drbg_context *ctx, const char *path );
+#endif /* MBEDTLS_FS_IO */
+
+/**
+ * \brief               Checkup routine
+ *
+ * \return              0 if successful, or 1 if the test failed
+ */
+int mbedtls_ctr_drbg_self_test( int verbose );
+
+/* Internal functions (do not call directly) */
+int mbedtls_ctr_drbg_seed_entropy_len( mbedtls_ctr_drbg_context *,
+                               int (*)(void *, unsigned char *, size_t), void *,
+                               const unsigned char *, size_t, size_t );
+
+#ifdef __cplusplus
+}
+#endif
+
+#endif /* ctr_drbg.h */
diff --git a/client/3rd/ShadowSocks/ShadowSocks/mbedtls/include/debug.h b/client/3rd/ShadowSocks/ShadowSocks/mbedtls/include/debug.h
new file mode 100644
index 00000000..d859dd5f
--- /dev/null
+++ b/client/3rd/ShadowSocks/ShadowSocks/mbedtls/include/debug.h
@@ -0,0 +1,125 @@
+/**
+ * \file debug.h
+ *
+ * \brief Debug functions
+ *
+ *  Copyright (C) 2006-2015, ARM Limited, All Rights Reserved
+ *  SPDX-License-Identifier: Apache-2.0
+ *
+ *  Licensed under the Apache License, Version 2.0 (the "License"); you may
+ *  not use this file except in compliance with the License.
+ *  You may obtain a copy of the License at
+ *
+ *  http://www.apache.org/licenses/LICENSE-2.0
+ *
+ *  Unless required by applicable law or agreed to in writing, software
+ *  distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
+ *  WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ *  See the License for the specific language governing permissions and
+ *  limitations under the License.
+ *
+ *  This file is part of mbed TLS (https://tls.mbed.org)
+ */
+#ifndef MBEDTLS_DEBUG_H
+#define MBEDTLS_DEBUG_H
+
+#if !defined(MBEDTLS_CONFIG_FILE)
+#include "config.h"
+#else
+#include MBEDTLS_CONFIG_FILE
+#endif
+
+#include "ssl.h"
+
+#if defined(MBEDTLS_ECP_C)
+#include "ecp.h"
+#endif
+
+#if defined(MBEDTLS_DEBUG_C)
+
+#define MBEDTLS_DEBUG_STRIP_PARENS( ... )   __VA_ARGS__
+
+#define MBEDTLS_SSL_DEBUG_MSG( level, args )                    \
+    mbedtls_debug_print_msg( ssl, level, __FILE__, __LINE__,    \
+                             MBEDTLS_DEBUG_STRIP_PARENS args )
+
+#define MBEDTLS_SSL_DEBUG_RET( level, text, ret )                \
+    mbedtls_debug_print_ret( ssl, level, __FILE__, __LINE__, text, ret )
+
+#define MBEDTLS_SSL_DEBUG_BUF( level, text, buf, len )           \
+    mbedtls_debug_print_buf( ssl, level, __FILE__, __LINE__, text, buf, len )
+
+#if defined(MBEDTLS_BIGNUM_C)
+#define MBEDTLS_SSL_DEBUG_MPI( level, text, X )                  \
+    mbedtls_debug_print_mpi( ssl, level, __FILE__, __LINE__, text, X )
+#endif
+
+#if defined(MBEDTLS_ECP_C)
+#define MBEDTLS_SSL_DEBUG_ECP( level, text, X )                  \
+    mbedtls_debug_print_ecp( ssl, level, __FILE__, __LINE__, text, X )
+#endif
+
+#if defined(MBEDTLS_X509_CRT_PARSE_C)
+#define MBEDTLS_SSL_DEBUG_CRT( level, text, crt )                \
+    mbedtls_debug_print_crt( ssl, level, __FILE__, __LINE__, text, crt )
+#endif
+
+#else /* MBEDTLS_DEBUG_C */
+
+#define MBEDTLS_SSL_DEBUG_MSG( level, args )            do { } while( 0 )
+#define MBEDTLS_SSL_DEBUG_RET( level, text, ret )       do { } while( 0 )
+#define MBEDTLS_SSL_DEBUG_BUF( level, text, buf, len )  do { } while( 0 )
+#define MBEDTLS_SSL_DEBUG_MPI( level, text, X )         do { } while( 0 )
+#define MBEDTLS_SSL_DEBUG_ECP( level, text, X )         do { } while( 0 )
+#define MBEDTLS_SSL_DEBUG_CRT( level, text, crt )       do { } while( 0 )
+
+#endif /* MBEDTLS_DEBUG_C */
+
+#ifdef __cplusplus
+extern "C" {
+#endif
+
+/**
+ * \brief   Set the level threshold to handle globally. Messages that have a
+ *          level over the threshold value are ignored.
+ *          (Default value: 0 (No debug))
+ *
+ * \param threshold     maximum level of messages to pass on
+ */
+void mbedtls_debug_set_threshold( int threshold );
+
+void mbedtls_debug_print_msg( const mbedtls_ssl_context *ssl, int level,
+                              const char *file, int line,
+                              const char *format, ... );
+
+void mbedtls_debug_print_ret( const mbedtls_ssl_context *ssl, int level,
+                      const char *file, int line,
+                      const char *text, int ret );
+
+void mbedtls_debug_print_buf( const mbedtls_ssl_context *ssl, int level,
+                      const char *file, int line, const char *text,
+                      const unsigned char *buf, size_t len );
+
+#if defined(MBEDTLS_BIGNUM_C)
+void mbedtls_debug_print_mpi( const mbedtls_ssl_context *ssl, int level,
+                      const char *file, int line,
+                      const char *text, const mbedtls_mpi *X );
+#endif
+
+#if defined(MBEDTLS_ECP_C)
+void mbedtls_debug_print_ecp( const mbedtls_ssl_context *ssl, int level,
+                      const char *file, int line,
+                      const char *text, const mbedtls_ecp_point *X );
+#endif
+
+#if defined(MBEDTLS_X509_CRT_PARSE_C)
+void mbedtls_debug_print_crt( const mbedtls_ssl_context *ssl, int level,
+                      const char *file, int line,
+                      const char *text, const mbedtls_x509_crt *crt );
+#endif
+
+#ifdef __cplusplus
+}
+#endif
+
+#endif /* debug.h */
diff --git a/client/3rd/ShadowSocks/ShadowSocks/mbedtls/include/des.h b/client/3rd/ShadowSocks/ShadowSocks/mbedtls/include/des.h
new file mode 100644
index 00000000..5ca2ecf2
--- /dev/null
+++ b/client/3rd/ShadowSocks/ShadowSocks/mbedtls/include/des.h
@@ -0,0 +1,306 @@
+/**
+ * \file des.h
+ *
+ * \brief DES block cipher
+ *
+ *  Copyright (C) 2006-2015, ARM Limited, All Rights Reserved
+ *  SPDX-License-Identifier: Apache-2.0
+ *
+ *  Licensed under the Apache License, Version 2.0 (the "License"); you may
+ *  not use this file except in compliance with the License.
+ *  You may obtain a copy of the License at
+ *
+ *  http://www.apache.org/licenses/LICENSE-2.0
+ *
+ *  Unless required by applicable law or agreed to in writing, software
+ *  distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
+ *  WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ *  See the License for the specific language governing permissions and
+ *  limitations under the License.
+ *
+ *  This file is part of mbed TLS (https://tls.mbed.org)
+ */
+#ifndef MBEDTLS_DES_H
+#define MBEDTLS_DES_H
+
+#if !defined(MBEDTLS_CONFIG_FILE)
+#include "config.h"
+#else
+#include MBEDTLS_CONFIG_FILE
+#endif
+
+#include <stddef.h>
+#include <stdint.h>
+
+#define MBEDTLS_DES_ENCRYPT     1
+#define MBEDTLS_DES_DECRYPT     0
+
+#define MBEDTLS_ERR_DES_INVALID_INPUT_LENGTH              -0x0032  /**< The data input has an invalid length. */
+
+#define MBEDTLS_DES_KEY_SIZE    8
+
+#if !defined(MBEDTLS_DES_ALT)
+// Regular implementation
+//
+
+#ifdef __cplusplus
+extern "C" {
+#endif
+
+/**
+ * \brief          DES context structure
+ */
+typedef struct
+{
+    uint32_t sk[32];            /*!<  DES subkeys       */
+}
+mbedtls_des_context;
+
+/**
+ * \brief          Triple-DES context structure
+ */
+typedef struct
+{
+    uint32_t sk[96];            /*!<  3DES subkeys      */
+}
+mbedtls_des3_context;
+
+/**
+ * \brief          Initialize DES context
+ *
+ * \param ctx      DES context to be initialized
+ */
+void mbedtls_des_init( mbedtls_des_context *ctx );
+
+/**
+ * \brief          Clear DES context
+ *
+ * \param ctx      DES context to be cleared
+ */
+void mbedtls_des_free( mbedtls_des_context *ctx );
+
+/**
+ * \brief          Initialize Triple-DES context
+ *
+ * \param ctx      DES3 context to be initialized
+ */
+void mbedtls_des3_init( mbedtls_des3_context *ctx );
+
+/**
+ * \brief          Clear Triple-DES context
+ *
+ * \param ctx      DES3 context to be cleared
+ */
+void mbedtls_des3_free( mbedtls_des3_context *ctx );
+
+/**
+ * \brief          Set key parity on the given key to odd.
+ *
+ *                 DES keys are 56 bits long, but each byte is padded with
+ *                 a parity bit to allow verification.
+ *
+ * \param key      8-byte secret key
+ */
+void mbedtls_des_key_set_parity( unsigned char key[MBEDTLS_DES_KEY_SIZE] );
+
+/**
+ * \brief          Check that key parity on the given key is odd.
+ *
+ *                 DES keys are 56 bits long, but each byte is padded with
+ *                 a parity bit to allow verification.
+ *
+ * \param key      8-byte secret key
+ *
+ * \return         0 is parity was ok, 1 if parity was not correct.
+ */
+int mbedtls_des_key_check_key_parity( const unsigned char key[MBEDTLS_DES_KEY_SIZE] );
+
+/**
+ * \brief          Check that key is not a weak or semi-weak DES key
+ *
+ * \param key      8-byte secret key
+ *
+ * \return         0 if no weak key was found, 1 if a weak key was identified.
+ */
+int mbedtls_des_key_check_weak( const unsigned char key[MBEDTLS_DES_KEY_SIZE] );
+
+/**
+ * \brief          DES key schedule (56-bit, encryption)
+ *
+ * \param ctx      DES context to be initialized
+ * \param key      8-byte secret key
+ *
+ * \return         0
+ */
+int mbedtls_des_setkey_enc( mbedtls_des_context *ctx, const unsigned char key[MBEDTLS_DES_KEY_SIZE] );
+
+/**
+ * \brief          DES key schedule (56-bit, decryption)
+ *
+ * \param ctx      DES context to be initialized
+ * \param key      8-byte secret key
+ *
+ * \return         0
+ */
+int mbedtls_des_setkey_dec( mbedtls_des_context *ctx, const unsigned char key[MBEDTLS_DES_KEY_SIZE] );
+
+/**
+ * \brief          Triple-DES key schedule (112-bit, encryption)
+ *
+ * \param ctx      3DES context to be initialized
+ * \param key      16-byte secret key
+ *
+ * \return         0
+ */
+int mbedtls_des3_set2key_enc( mbedtls_des3_context *ctx,
+                      const unsigned char key[MBEDTLS_DES_KEY_SIZE * 2] );
+
+/**
+ * \brief          Triple-DES key schedule (112-bit, decryption)
+ *
+ * \param ctx      3DES context to be initialized
+ * \param key      16-byte secret key
+ *
+ * \return         0
+ */
+int mbedtls_des3_set2key_dec( mbedtls_des3_context *ctx,
+                      const unsigned char key[MBEDTLS_DES_KEY_SIZE * 2] );
+
+/**
+ * \brief          Triple-DES key schedule (168-bit, encryption)
+ *
+ * \param ctx      3DES context to be initialized
+ * \param key      24-byte secret key
+ *
+ * \return         0
+ */
+int mbedtls_des3_set3key_enc( mbedtls_des3_context *ctx,
+                      const unsigned char key[MBEDTLS_DES_KEY_SIZE * 3] );
+
+/**
+ * \brief          Triple-DES key schedule (168-bit, decryption)
+ *
+ * \param ctx      3DES context to be initialized
+ * \param key      24-byte secret key
+ *
+ * \return         0
+ */
+int mbedtls_des3_set3key_dec( mbedtls_des3_context *ctx,
+                      const unsigned char key[MBEDTLS_DES_KEY_SIZE * 3] );
+
+/**
+ * \brief          DES-ECB block encryption/decryption
+ *
+ * \param ctx      DES context
+ * \param input    64-bit input block
+ * \param output   64-bit output block
+ *
+ * \return         0 if successful
+ */
+int mbedtls_des_crypt_ecb( mbedtls_des_context *ctx,
+                    const unsigned char input[8],
+                    unsigned char output[8] );
+
+#if defined(MBEDTLS_CIPHER_MODE_CBC)
+/**
+ * \brief          DES-CBC buffer encryption/decryption
+ *
+ * \note           Upon exit, the content of the IV is updated so that you can
+ *                 call the function same function again on the following
+ *                 block(s) of data and get the same result as if it was
+ *                 encrypted in one call. This allows a "streaming" usage.
+ *                 If on the other hand you need to retain the contents of the
+ *                 IV, you should either save it manually or use the cipher
+ *                 module instead.
+ *
+ * \param ctx      DES context
+ * \param mode     MBEDTLS_DES_ENCRYPT or MBEDTLS_DES_DECRYPT
+ * \param length   length of the input data
+ * \param iv       initialization vector (updated after use)
+ * \param input    buffer holding the input data
+ * \param output   buffer holding the output data
+ */
+int mbedtls_des_crypt_cbc( mbedtls_des_context *ctx,
+                    int mode,
+                    size_t length,
+                    unsigned char iv[8],
+                    const unsigned char *input,
+                    unsigned char *output );
+#endif /* MBEDTLS_CIPHER_MODE_CBC */
+
+/**
+ * \brief          3DES-ECB block encryption/decryption
+ *
+ * \param ctx      3DES context
+ * \param input    64-bit input block
+ * \param output   64-bit output block
+ *
+ * \return         0 if successful
+ */
+int mbedtls_des3_crypt_ecb( mbedtls_des3_context *ctx,
+                     const unsigned char input[8],
+                     unsigned char output[8] );
+
+#if defined(MBEDTLS_CIPHER_MODE_CBC)
+/**
+ * \brief          3DES-CBC buffer encryption/decryption
+ *
+ * \note           Upon exit, the content of the IV is updated so that you can
+ *                 call the function same function again on the following
+ *                 block(s) of data and get the same result as if it was
+ *                 encrypted in one call. This allows a "streaming" usage.
+ *                 If on the other hand you need to retain the contents of the
+ *                 IV, you should either save it manually or use the cipher
+ *                 module instead.
+ *
+ * \param ctx      3DES context
+ * \param mode     MBEDTLS_DES_ENCRYPT or MBEDTLS_DES_DECRYPT
+ * \param length   length of the input data
+ * \param iv       initialization vector (updated after use)
+ * \param input    buffer holding the input data
+ * \param output   buffer holding the output data
+ *
+ * \return         0 if successful, or MBEDTLS_ERR_DES_INVALID_INPUT_LENGTH
+ */
+int mbedtls_des3_crypt_cbc( mbedtls_des3_context *ctx,
+                     int mode,
+                     size_t length,
+                     unsigned char iv[8],
+                     const unsigned char *input,
+                     unsigned char *output );
+#endif /* MBEDTLS_CIPHER_MODE_CBC */
+
+/**
+ * \brief          Internal function for key expansion.
+ *                 (Only exposed to allow overriding it,
+ *                 see MBEDTLS_DES_SETKEY_ALT)
+ *
+ * \param SK       Round keys
+ * \param key      Base key
+ */
+void mbedtls_des_setkey( uint32_t SK[32],
+                         const unsigned char key[MBEDTLS_DES_KEY_SIZE] );
+#ifdef __cplusplus
+}
+#endif
+
+#else  /* MBEDTLS_DES_ALT */
+#include "des_alt.h"
+#endif /* MBEDTLS_DES_ALT */
+
+#ifdef __cplusplus
+extern "C" {
+#endif
+
+/**
+ * \brief          Checkup routine
+ *
+ * \return         0 if successful, or 1 if the test failed
+ */
+int mbedtls_des_self_test( int verbose );
+
+#ifdef __cplusplus
+}
+#endif
+
+#endif /* des.h */
diff --git a/client/3rd/ShadowSocks/ShadowSocks/mbedtls/include/dhm.h b/client/3rd/ShadowSocks/ShadowSocks/mbedtls/include/dhm.h
new file mode 100644
index 00000000..cd056d1b
--- /dev/null
+++ b/client/3rd/ShadowSocks/ShadowSocks/mbedtls/include/dhm.h
@@ -0,0 +1,305 @@
+/**
+ * \file dhm.h
+ *
+ * \brief Diffie-Hellman-Merkle key exchange
+ *
+ *  Copyright (C) 2006-2015, ARM Limited, All Rights Reserved
+ *  SPDX-License-Identifier: Apache-2.0
+ *
+ *  Licensed under the Apache License, Version 2.0 (the "License"); you may
+ *  not use this file except in compliance with the License.
+ *  You may obtain a copy of the License at
+ *
+ *  http://www.apache.org/licenses/LICENSE-2.0
+ *
+ *  Unless required by applicable law or agreed to in writing, software
+ *  distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
+ *  WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ *  See the License for the specific language governing permissions and
+ *  limitations under the License.
+ *
+ *  This file is part of mbed TLS (https://tls.mbed.org)
+ */
+#ifndef MBEDTLS_DHM_H
+#define MBEDTLS_DHM_H
+
+#include "bignum.h"
+
+/*
+ * DHM Error codes
+ */
+#define MBEDTLS_ERR_DHM_BAD_INPUT_DATA                    -0x3080  /**< Bad input parameters to function. */
+#define MBEDTLS_ERR_DHM_READ_PARAMS_FAILED                -0x3100  /**< Reading of the DHM parameters failed. */
+#define MBEDTLS_ERR_DHM_MAKE_PARAMS_FAILED                -0x3180  /**< Making of the DHM parameters failed. */
+#define MBEDTLS_ERR_DHM_READ_PUBLIC_FAILED                -0x3200  /**< Reading of the public values failed. */
+#define MBEDTLS_ERR_DHM_MAKE_PUBLIC_FAILED                -0x3280  /**< Making of the public value failed. */
+#define MBEDTLS_ERR_DHM_CALC_SECRET_FAILED                -0x3300  /**< Calculation of the DHM secret failed. */
+#define MBEDTLS_ERR_DHM_INVALID_FORMAT                    -0x3380  /**< The ASN.1 data is not formatted correctly. */
+#define MBEDTLS_ERR_DHM_ALLOC_FAILED                      -0x3400  /**< Allocation of memory failed. */
+#define MBEDTLS_ERR_DHM_FILE_IO_ERROR                     -0x3480  /**< Read/write of file failed. */
+
+/**
+ * RFC 3526 defines a number of standardized Diffie-Hellman groups
+ * for IKE.
+ * RFC 5114 defines a number of standardized Diffie-Hellman groups
+ * that can be used.
+ *
+ * Some are included here for convenience.
+ *
+ * Included are:
+ *  RFC 3526 3.    2048-bit MODP Group
+ *  RFC 3526 4.    3072-bit MODP Group
+ *  RFC 3526 5.    4096-bit MODP Group
+ *  RFC 5114 2.2.  2048-bit MODP Group with 224-bit Prime Order Subgroup
+ */
+#define MBEDTLS_DHM_RFC3526_MODP_2048_P               \
+    "FFFFFFFFFFFFFFFFC90FDAA22168C234C4C6628B80DC1CD1" \
+    "29024E088A67CC74020BBEA63B139B22514A08798E3404DD" \
+    "EF9519B3CD3A431B302B0A6DF25F14374FE1356D6D51C245" \
+    "E485B576625E7EC6F44C42E9A637ED6B0BFF5CB6F406B7ED" \
+    "EE386BFB5A899FA5AE9F24117C4B1FE649286651ECE45B3D" \
+    "C2007CB8A163BF0598DA48361C55D39A69163FA8FD24CF5F" \
+    "83655D23DCA3AD961C62F356208552BB9ED529077096966D" \
+    "670C354E4ABC9804F1746C08CA18217C32905E462E36CE3B" \
+    "E39E772C180E86039B2783A2EC07A28FB5C55DF06F4C52C9" \
+    "DE2BCBF6955817183995497CEA956AE515D2261898FA0510" \
+    "15728E5A8AACAA68FFFFFFFFFFFFFFFF"
+
+#define MBEDTLS_DHM_RFC3526_MODP_2048_G          "02"
+
+#define MBEDTLS_DHM_RFC3526_MODP_3072_P               \
+    "FFFFFFFFFFFFFFFFC90FDAA22168C234C4C6628B80DC1CD1" \
+    "29024E088A67CC74020BBEA63B139B22514A08798E3404DD" \
+    "EF9519B3CD3A431B302B0A6DF25F14374FE1356D6D51C245" \
+    "E485B576625E7EC6F44C42E9A637ED6B0BFF5CB6F406B7ED" \
+    "EE386BFB5A899FA5AE9F24117C4B1FE649286651ECE45B3D" \
+    "C2007CB8A163BF0598DA48361C55D39A69163FA8FD24CF5F" \
+    "83655D23DCA3AD961C62F356208552BB9ED529077096966D" \
+    "670C354E4ABC9804F1746C08CA18217C32905E462E36CE3B" \
+    "E39E772C180E86039B2783A2EC07A28FB5C55DF06F4C52C9" \
+    "DE2BCBF6955817183995497CEA956AE515D2261898FA0510" \
+    "15728E5A8AAAC42DAD33170D04507A33A85521ABDF1CBA64" \
+    "ECFB850458DBEF0A8AEA71575D060C7DB3970F85A6E1E4C7" \
+    "ABF5AE8CDB0933D71E8C94E04A25619DCEE3D2261AD2EE6B" \
+    "F12FFA06D98A0864D87602733EC86A64521F2B18177B200C" \
+    "BBE117577A615D6C770988C0BAD946E208E24FA074E5AB31" \
+    "43DB5BFCE0FD108E4B82D120A93AD2CAFFFFFFFFFFFFFFFF"
+
+#define MBEDTLS_DHM_RFC3526_MODP_3072_G          "02"
+
+#define MBEDTLS_DHM_RFC3526_MODP_4096_P                \
+    "FFFFFFFFFFFFFFFFC90FDAA22168C234C4C6628B80DC1CD1" \
+    "29024E088A67CC74020BBEA63B139B22514A08798E3404DD" \
+    "EF9519B3CD3A431B302B0A6DF25F14374FE1356D6D51C245" \
+    "E485B576625E7EC6F44C42E9A637ED6B0BFF5CB6F406B7ED" \
+    "EE386BFB5A899FA5AE9F24117C4B1FE649286651ECE45B3D" \
+    "C2007CB8A163BF0598DA48361C55D39A69163FA8FD24CF5F" \
+    "83655D23DCA3AD961C62F356208552BB9ED529077096966D" \
+    "670C354E4ABC9804F1746C08CA18217C32905E462E36CE3B" \
+    "E39E772C180E86039B2783A2EC07A28FB5C55DF06F4C52C9" \
+    "DE2BCBF6955817183995497CEA956AE515D2261898FA0510" \
+    "15728E5A8AAAC42DAD33170D04507A33A85521ABDF1CBA64" \
+    "ECFB850458DBEF0A8AEA71575D060C7DB3970F85A6E1E4C7" \
+    "ABF5AE8CDB0933D71E8C94E04A25619DCEE3D2261AD2EE6B" \
+    "F12FFA06D98A0864D87602733EC86A64521F2B18177B200C" \
+    "BBE117577A615D6C770988C0BAD946E208E24FA074E5AB31" \
+    "43DB5BFCE0FD108E4B82D120A92108011A723C12A787E6D7" \
+    "88719A10BDBA5B2699C327186AF4E23C1A946834B6150BDA" \
+    "2583E9CA2AD44CE8DBBBC2DB04DE8EF92E8EFC141FBECAA6" \
+    "287C59474E6BC05D99B2964FA090C3A2233BA186515BE7ED" \
+    "1F612970CEE2D7AFB81BDD762170481CD0069127D5B05AA9" \
+    "93B4EA988D8FDDC186FFB7DC90A6C08F4DF435C934063199" \
+    "FFFFFFFFFFFFFFFF"
+
+#define MBEDTLS_DHM_RFC3526_MODP_4096_G          "02"
+
+#define MBEDTLS_DHM_RFC5114_MODP_2048_P               \
+    "AD107E1E9123A9D0D660FAA79559C51FA20D64E5683B9FD1" \
+    "B54B1597B61D0A75E6FA141DF95A56DBAF9A3C407BA1DF15" \
+    "EB3D688A309C180E1DE6B85A1274A0A66D3F8152AD6AC212" \
+    "9037C9EDEFDA4DF8D91E8FEF55B7394B7AD5B7D0B6C12207" \
+    "C9F98D11ED34DBF6C6BA0B2C8BBC27BE6A00E0A0B9C49708" \
+    "B3BF8A317091883681286130BC8985DB1602E714415D9330" \
+    "278273C7DE31EFDC7310F7121FD5A07415987D9ADC0A486D" \
+    "CDF93ACC44328387315D75E198C641A480CD86A1B9E587E8" \
+    "BE60E69CC928B2B9C52172E413042E9B23F10B0E16E79763" \
+    "C9B53DCF4BA80A29E3FB73C16B8E75B97EF363E2FFA31F71" \
+    "CF9DE5384E71B81C0AC4DFFE0C10E64F"
+
+#define MBEDTLS_DHM_RFC5114_MODP_2048_G              \
+    "AC4032EF4F2D9AE39DF30B5C8FFDAC506CDEBE7B89998CAF"\
+    "74866A08CFE4FFE3A6824A4E10B9A6F0DD921F01A70C4AFA"\
+    "AB739D7700C29F52C57DB17C620A8652BE5E9001A8D66AD7"\
+    "C17669101999024AF4D027275AC1348BB8A762D0521BC98A"\
+    "E247150422EA1ED409939D54DA7460CDB5F6C6B250717CBE"\
+    "F180EB34118E98D119529A45D6F834566E3025E316A330EF"\
+    "BB77A86F0C1AB15B051AE3D428C8F8ACB70A8137150B8EEB"\
+    "10E183EDD19963DDD9E263E4770589EF6AA21E7F5F2FF381"\
+    "B539CCE3409D13CD566AFBB48D6C019181E1BCFE94B30269"\
+    "EDFE72FE9B6AA4BD7B5A0F1C71CFFF4C19C418E1F6EC0179"\
+    "81BC087F2A7065B384B890D3191F2BFA"
+
+#ifdef __cplusplus
+extern "C" {
+#endif
+
+/**
+ * \brief          DHM context structure
+ */
+typedef struct
+{
+    size_t len; /*!<  size(P) in chars  */
+    mbedtls_mpi P;      /*!<  prime modulus     */
+    mbedtls_mpi G;      /*!<  generator         */
+    mbedtls_mpi X;      /*!<  secret value      */
+    mbedtls_mpi GX;     /*!<  self = G^X mod P  */
+    mbedtls_mpi GY;     /*!<  peer = G^Y mod P  */
+    mbedtls_mpi K;      /*!<  key = GY^X mod P  */
+    mbedtls_mpi RP;     /*!<  cached R^2 mod P  */
+    mbedtls_mpi Vi;     /*!<  blinding value    */
+    mbedtls_mpi Vf;     /*!<  un-blinding value */
+    mbedtls_mpi pX;     /*!<  previous X        */
+}
+mbedtls_dhm_context;
+
+/**
+ * \brief          Initialize DHM context
+ *
+ * \param ctx      DHM context to be initialized
+ */
+void mbedtls_dhm_init( mbedtls_dhm_context *ctx );
+
+/**
+ * \brief          Parse the ServerKeyExchange parameters
+ *
+ * \param ctx      DHM context
+ * \param p        &(start of input buffer)
+ * \param end      end of buffer
+ *
+ * \return         0 if successful, or an MBEDTLS_ERR_DHM_XXX error code
+ */
+int mbedtls_dhm_read_params( mbedtls_dhm_context *ctx,
+                     unsigned char **p,
+                     const unsigned char *end );
+
+/**
+ * \brief          Setup and write the ServerKeyExchange parameters
+ *
+ * \param ctx      DHM context
+ * \param x_size   private value size in bytes
+ * \param output   destination buffer
+ * \param olen     number of chars written
+ * \param f_rng    RNG function
+ * \param p_rng    RNG parameter
+ *
+ * \note           This function assumes that ctx->P and ctx->G
+ *                 have already been properly set (for example
+ *                 using mbedtls_mpi_read_string or mbedtls_mpi_read_binary).
+ *
+ * \return         0 if successful, or an MBEDTLS_ERR_DHM_XXX error code
+ */
+int mbedtls_dhm_make_params( mbedtls_dhm_context *ctx, int x_size,
+                     unsigned char *output, size_t *olen,
+                     int (*f_rng)(void *, unsigned char *, size_t),
+                     void *p_rng );
+
+/**
+ * \brief          Import the peer's public value G^Y
+ *
+ * \param ctx      DHM context
+ * \param input    input buffer
+ * \param ilen     size of buffer
+ *
+ * \return         0 if successful, or an MBEDTLS_ERR_DHM_XXX error code
+ */
+int mbedtls_dhm_read_public( mbedtls_dhm_context *ctx,
+                     const unsigned char *input, size_t ilen );
+
+/**
+ * \brief          Create own private value X and export G^X
+ *
+ * \param ctx      DHM context
+ * \param x_size   private value size in bytes
+ * \param output   destination buffer
+ * \param olen     must be equal to ctx->P.len
+ * \param f_rng    RNG function
+ * \param p_rng    RNG parameter
+ *
+ * \return         0 if successful, or an MBEDTLS_ERR_DHM_XXX error code
+ */
+int mbedtls_dhm_make_public( mbedtls_dhm_context *ctx, int x_size,
+                     unsigned char *output, size_t olen,
+                     int (*f_rng)(void *, unsigned char *, size_t),
+                     void *p_rng );
+
+/**
+ * \brief          Derive and export the shared secret (G^Y)^X mod P
+ *
+ * \param ctx      DHM context
+ * \param output   destination buffer
+ * \param output_size   size of the destination buffer
+ * \param olen     on exit, holds the actual number of bytes written
+ * \param f_rng    RNG function, for blinding purposes
+ * \param p_rng    RNG parameter
+ *
+ * \return         0 if successful, or an MBEDTLS_ERR_DHM_XXX error code
+ *
+ * \note           If non-NULL, f_rng is used to blind the input as
+ *                 countermeasure against timing attacks. Blinding is
+ *                 automatically used if and only if our secret value X is
+ *                 re-used and costs nothing otherwise, so it is recommended
+ *                 to always pass a non-NULL f_rng argument.
+ */
+int mbedtls_dhm_calc_secret( mbedtls_dhm_context *ctx,
+                     unsigned char *output, size_t output_size, size_t *olen,
+                     int (*f_rng)(void *, unsigned char *, size_t),
+                     void *p_rng );
+
+/**
+ * \brief          Free and clear the components of a DHM key
+ *
+ * \param ctx      DHM context to free and clear
+ */
+void mbedtls_dhm_free( mbedtls_dhm_context *ctx );
+
+#if defined(MBEDTLS_ASN1_PARSE_C)
+/** \ingroup x509_module */
+/**
+ * \brief          Parse DHM parameters in PEM or DER format
+ *
+ * \param dhm      DHM context to be initialized
+ * \param dhmin    input buffer
+ * \param dhminlen size of the buffer
+ *                 (including the terminating null byte for PEM data)
+ *
+ * \return         0 if successful, or a specific DHM or PEM error code
+ */
+int mbedtls_dhm_parse_dhm( mbedtls_dhm_context *dhm, const unsigned char *dhmin,
+                   size_t dhminlen );
+
+#if defined(MBEDTLS_FS_IO)
+/** \ingroup x509_module */
+/**
+ * \brief          Load and parse DHM parameters
+ *
+ * \param dhm      DHM context to be initialized
+ * \param path     filename to read the DHM Parameters from
+ *
+ * \return         0 if successful, or a specific DHM or PEM error code
+ */
+int mbedtls_dhm_parse_dhmfile( mbedtls_dhm_context *dhm, const char *path );
+#endif /* MBEDTLS_FS_IO */
+#endif /* MBEDTLS_ASN1_PARSE_C */
+
+/**
+ * \brief          Checkup routine
+ *
+ * \return         0 if successful, or 1 if the test failed
+ */
+int mbedtls_dhm_self_test( int verbose );
+
+#ifdef __cplusplus
+}
+#endif
+
+#endif /* dhm.h */
diff --git a/client/3rd/ShadowSocks/ShadowSocks/mbedtls/include/ecdh.h b/client/3rd/ShadowSocks/ShadowSocks/mbedtls/include/ecdh.h
new file mode 100644
index 00000000..625a2819
--- /dev/null
+++ b/client/3rd/ShadowSocks/ShadowSocks/mbedtls/include/ecdh.h
@@ -0,0 +1,214 @@
+/**
+ * \file ecdh.h
+ *
+ * \brief Elliptic curve Diffie-Hellman
+ *
+ *  Copyright (C) 2006-2015, ARM Limited, All Rights Reserved
+ *  SPDX-License-Identifier: Apache-2.0
+ *
+ *  Licensed under the Apache License, Version 2.0 (the "License"); you may
+ *  not use this file except in compliance with the License.
+ *  You may obtain a copy of the License at
+ *
+ *  http://www.apache.org/licenses/LICENSE-2.0
+ *
+ *  Unless required by applicable law or agreed to in writing, software
+ *  distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
+ *  WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ *  See the License for the specific language governing permissions and
+ *  limitations under the License.
+ *
+ *  This file is part of mbed TLS (https://tls.mbed.org)
+ */
+#ifndef MBEDTLS_ECDH_H
+#define MBEDTLS_ECDH_H
+
+#include "ecp.h"
+
+#ifdef __cplusplus
+extern "C" {
+#endif
+
+/**
+ * When importing from an EC key, select if it is our key or the peer's key
+ */
+typedef enum
+{
+    MBEDTLS_ECDH_OURS,
+    MBEDTLS_ECDH_THEIRS,
+} mbedtls_ecdh_side;
+
+/**
+ * \brief           ECDH context structure
+ */
+typedef struct
+{
+    mbedtls_ecp_group grp;      /*!<  elliptic curve used                           */
+    mbedtls_mpi d;              /*!<  our secret value (private key)                */
+    mbedtls_ecp_point Q;        /*!<  our public value (public key)                 */
+    mbedtls_ecp_point Qp;       /*!<  peer's public value (public key)              */
+    mbedtls_mpi z;              /*!<  shared secret                                 */
+    int point_format;   /*!<  format for point export in TLS messages       */
+    mbedtls_ecp_point Vi;       /*!<  blinding value (for later)                    */
+    mbedtls_ecp_point Vf;       /*!<  un-blinding value (for later)                 */
+    mbedtls_mpi _d;             /*!<  previous d (for later)                        */
+}
+mbedtls_ecdh_context;
+
+/**
+ * \brief           Generate a public key.
+ *                  Raw function that only does the core computation.
+ *
+ * \param grp       ECP group
+ * \param d         Destination MPI (secret exponent, aka private key)
+ * \param Q         Destination point (public key)
+ * \param f_rng     RNG function
+ * \param p_rng     RNG parameter
+ *
+ * \return          0 if successful,
+ *                  or a MBEDTLS_ERR_ECP_XXX or MBEDTLS_MPI_XXX error code
+ */
+int mbedtls_ecdh_gen_public( mbedtls_ecp_group *grp, mbedtls_mpi *d, mbedtls_ecp_point *Q,
+                     int (*f_rng)(void *, unsigned char *, size_t),
+                     void *p_rng );
+
+/**
+ * \brief           Compute shared secret
+ *                  Raw function that only does the core computation.
+ *
+ * \param grp       ECP group
+ * \param z         Destination MPI (shared secret)
+ * \param Q         Public key from other party
+ * \param d         Our secret exponent (private key)
+ * \param f_rng     RNG function (see notes)
+ * \param p_rng     RNG parameter
+ *
+ * \return          0 if successful,
+ *                  or a MBEDTLS_ERR_ECP_XXX or MBEDTLS_MPI_XXX error code
+ *
+ * \note            If f_rng is not NULL, it is used to implement
+ *                  countermeasures against potential elaborate timing
+ *                  attacks, see \c mbedtls_ecp_mul() for details.
+ */
+int mbedtls_ecdh_compute_shared( mbedtls_ecp_group *grp, mbedtls_mpi *z,
+                         const mbedtls_ecp_point *Q, const mbedtls_mpi *d,
+                         int (*f_rng)(void *, unsigned char *, size_t),
+                         void *p_rng );
+
+/**
+ * \brief           Initialize context
+ *
+ * \param ctx       Context to initialize
+ */
+void mbedtls_ecdh_init( mbedtls_ecdh_context *ctx );
+
+/**
+ * \brief           Free context
+ *
+ * \param ctx       Context to free
+ */
+void mbedtls_ecdh_free( mbedtls_ecdh_context *ctx );
+
+/**
+ * \brief           Generate a public key and a TLS ServerKeyExchange payload.
+ *                  (First function used by a TLS server for ECDHE.)
+ *
+ * \param ctx       ECDH context
+ * \param olen      number of chars written
+ * \param buf       destination buffer
+ * \param blen      length of buffer
+ * \param f_rng     RNG function
+ * \param p_rng     RNG parameter
+ *
+ * \note            This function assumes that ctx->grp has already been
+ *                  properly set (for example using mbedtls_ecp_group_load).
+ *
+ * \return          0 if successful, or an MBEDTLS_ERR_ECP_XXX error code
+ */
+int mbedtls_ecdh_make_params( mbedtls_ecdh_context *ctx, size_t *olen,
+                      unsigned char *buf, size_t blen,
+                      int (*f_rng)(void *, unsigned char *, size_t),
+                      void *p_rng );
+
+/**
+ * \brief           Parse and procress a TLS ServerKeyExhange payload.
+ *                  (First function used by a TLS client for ECDHE.)
+ *
+ * \param ctx       ECDH context
+ * \param buf       pointer to start of input buffer
+ * \param end       one past end of buffer
+ *
+ * \return          0 if successful, or an MBEDTLS_ERR_ECP_XXX error code
+ */
+int mbedtls_ecdh_read_params( mbedtls_ecdh_context *ctx,
+                      const unsigned char **buf, const unsigned char *end );
+
+/**
+ * \brief           Setup an ECDH context from an EC key.
+ *                  (Used by clients and servers in place of the
+ *                  ServerKeyEchange for static ECDH: import ECDH parameters
+ *                  from a certificate's EC key information.)
+ *
+ * \param ctx       ECDH constext to set
+ * \param key       EC key to use
+ * \param side      Is it our key (1) or the peer's key (0) ?
+ *
+ * \return          0 if successful, or an MBEDTLS_ERR_ECP_XXX error code
+ */
+int mbedtls_ecdh_get_params( mbedtls_ecdh_context *ctx, const mbedtls_ecp_keypair *key,
+                     mbedtls_ecdh_side side );
+
+/**
+ * \brief           Generate a public key and a TLS ClientKeyExchange payload.
+ *                  (Second function used by a TLS client for ECDH(E).)
+ *
+ * \param ctx       ECDH context
+ * \param olen      number of bytes actually written
+ * \param buf       destination buffer
+ * \param blen      size of destination buffer
+ * \param f_rng     RNG function
+ * \param p_rng     RNG parameter
+ *
+ * \return          0 if successful, or an MBEDTLS_ERR_ECP_XXX error code
+ */
+int mbedtls_ecdh_make_public( mbedtls_ecdh_context *ctx, size_t *olen,
+                      unsigned char *buf, size_t blen,
+                      int (*f_rng)(void *, unsigned char *, size_t),
+                      void *p_rng );
+
+/**
+ * \brief           Parse and process a TLS ClientKeyExchange payload.
+ *                  (Second function used by a TLS server for ECDH(E).)
+ *
+ * \param ctx       ECDH context
+ * \param buf       start of input buffer
+ * \param blen      length of input buffer
+ *
+ * \return          0 if successful, or an MBEDTLS_ERR_ECP_XXX error code
+ */
+int mbedtls_ecdh_read_public( mbedtls_ecdh_context *ctx,
+                      const unsigned char *buf, size_t blen );
+
+/**
+ * \brief           Derive and export the shared secret.
+ *                  (Last function used by both TLS client en servers.)
+ *
+ * \param ctx       ECDH context
+ * \param olen      number of bytes written
+ * \param buf       destination buffer
+ * \param blen      buffer length
+ * \param f_rng     RNG function, see notes for \c mbedtls_ecdh_compute_shared()
+ * \param p_rng     RNG parameter
+ *
+ * \return          0 if successful, or an MBEDTLS_ERR_ECP_XXX error code
+ */
+int mbedtls_ecdh_calc_secret( mbedtls_ecdh_context *ctx, size_t *olen,
+                      unsigned char *buf, size_t blen,
+                      int (*f_rng)(void *, unsigned char *, size_t),
+                      void *p_rng );
+
+#ifdef __cplusplus
+}
+#endif
+
+#endif /* ecdh.h */
diff --git a/client/3rd/ShadowSocks/ShadowSocks/mbedtls/include/ecdsa.h b/client/3rd/ShadowSocks/ShadowSocks/mbedtls/include/ecdsa.h
new file mode 100644
index 00000000..52827d8d
--- /dev/null
+++ b/client/3rd/ShadowSocks/ShadowSocks/mbedtls/include/ecdsa.h
@@ -0,0 +1,248 @@
+/**
+ * \file ecdsa.h
+ *
+ * \brief Elliptic curve DSA
+ *
+ *  Copyright (C) 2006-2015, ARM Limited, All Rights Reserved
+ *  SPDX-License-Identifier: Apache-2.0
+ *
+ *  Licensed under the Apache License, Version 2.0 (the "License"); you may
+ *  not use this file except in compliance with the License.
+ *  You may obtain a copy of the License at
+ *
+ *  http://www.apache.org/licenses/LICENSE-2.0
+ *
+ *  Unless required by applicable law or agreed to in writing, software
+ *  distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
+ *  WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ *  See the License for the specific language governing permissions and
+ *  limitations under the License.
+ *
+ *  This file is part of mbed TLS (https://tls.mbed.org)
+ */
+#ifndef MBEDTLS_ECDSA_H
+#define MBEDTLS_ECDSA_H
+
+#include "ecp.h"
+#include "md.h"
+
+/*
+ * RFC 4492 page 20:
+ *
+ *     Ecdsa-Sig-Value ::= SEQUENCE {
+ *         r       INTEGER,
+ *         s       INTEGER
+ *     }
+ *
+ * Size is at most
+ *    1 (tag) + 1 (len) + 1 (initial 0) + ECP_MAX_BYTES for each of r and s,
+ *    twice that + 1 (tag) + 2 (len) for the sequence
+ * (assuming ECP_MAX_BYTES is less than 126 for r and s,
+ * and less than 124 (total len <= 255) for the sequence)
+ */
+#if MBEDTLS_ECP_MAX_BYTES > 124
+#error "MBEDTLS_ECP_MAX_BYTES bigger than expected, please fix MBEDTLS_ECDSA_MAX_LEN"
+#endif
+/** Maximum size of an ECDSA signature in bytes */
+#define MBEDTLS_ECDSA_MAX_LEN  ( 3 + 2 * ( 3 + MBEDTLS_ECP_MAX_BYTES ) )
+
+/**
+ * \brief           ECDSA context structure
+ */
+typedef mbedtls_ecp_keypair mbedtls_ecdsa_context;
+
+#ifdef __cplusplus
+extern "C" {
+#endif
+
+/**
+ * \brief           Compute ECDSA signature of a previously hashed message
+ *
+ * \note            The deterministic version is usually prefered.
+ *
+ * \param grp       ECP group
+ * \param r         First output integer
+ * \param s         Second output integer
+ * \param d         Private signing key
+ * \param buf       Message hash
+ * \param blen      Length of buf
+ * \param f_rng     RNG function
+ * \param p_rng     RNG parameter
+ *
+ * \return          0 if successful,
+ *                  or a MBEDTLS_ERR_ECP_XXX or MBEDTLS_MPI_XXX error code
+ */
+int mbedtls_ecdsa_sign( mbedtls_ecp_group *grp, mbedtls_mpi *r, mbedtls_mpi *s,
+                const mbedtls_mpi *d, const unsigned char *buf, size_t blen,
+                int (*f_rng)(void *, unsigned char *, size_t), void *p_rng );
+
+#if defined(MBEDTLS_ECDSA_DETERMINISTIC)
+/**
+ * \brief           Compute ECDSA signature of a previously hashed message,
+ *                  deterministic version (RFC 6979).
+ *
+ * \param grp       ECP group
+ * \param r         First output integer
+ * \param s         Second output integer
+ * \param d         Private signing key
+ * \param buf       Message hash
+ * \param blen      Length of buf
+ * \param md_alg    MD algorithm used to hash the message
+ *
+ * \return          0 if successful,
+ *                  or a MBEDTLS_ERR_ECP_XXX or MBEDTLS_MPI_XXX error code
+ */
+int mbedtls_ecdsa_sign_det( mbedtls_ecp_group *grp, mbedtls_mpi *r, mbedtls_mpi *s,
+                    const mbedtls_mpi *d, const unsigned char *buf, size_t blen,
+                    mbedtls_md_type_t md_alg );
+#endif /* MBEDTLS_ECDSA_DETERMINISTIC */
+
+/**
+ * \brief           Verify ECDSA signature of a previously hashed message
+ *
+ * \param grp       ECP group
+ * \param buf       Message hash
+ * \param blen      Length of buf
+ * \param Q         Public key to use for verification
+ * \param r         First integer of the signature
+ * \param s         Second integer of the signature
+ *
+ * \return          0 if successful,
+ *                  MBEDTLS_ERR_ECP_BAD_INPUT_DATA if signature is invalid
+ *                  or a MBEDTLS_ERR_ECP_XXX or MBEDTLS_MPI_XXX error code
+ */
+int mbedtls_ecdsa_verify( mbedtls_ecp_group *grp,
+                  const unsigned char *buf, size_t blen,
+                  const mbedtls_ecp_point *Q, const mbedtls_mpi *r, const mbedtls_mpi *s);
+
+/**
+ * \brief           Compute ECDSA signature and write it to buffer,
+ *                  serialized as defined in RFC 4492 page 20.
+ *                  (Not thread-safe to use same context in multiple threads)
+ *
+ * \note            The deterministice version (RFC 6979) is used if
+ *                  MBEDTLS_ECDSA_DETERMINISTIC is defined.
+ *
+ * \param ctx       ECDSA context
+ * \param md_alg    Algorithm that was used to hash the message
+ * \param hash      Message hash
+ * \param hlen      Length of hash
+ * \param sig       Buffer that will hold the signature
+ * \param slen      Length of the signature written
+ * \param f_rng     RNG function
+ * \param p_rng     RNG parameter
+ *
+ * \note            The "sig" buffer must be at least as large as twice the
+ *                  size of the curve used, plus 9 (eg. 73 bytes if a 256-bit
+ *                  curve is used). MBEDTLS_ECDSA_MAX_LEN is always safe.
+ *
+ * \return          0 if successful,
+ *                  or a MBEDTLS_ERR_ECP_XXX, MBEDTLS_ERR_MPI_XXX or
+ *                  MBEDTLS_ERR_ASN1_XXX error code
+ */
+int mbedtls_ecdsa_write_signature( mbedtls_ecdsa_context *ctx, mbedtls_md_type_t md_alg,
+                           const unsigned char *hash, size_t hlen,
+                           unsigned char *sig, size_t *slen,
+                           int (*f_rng)(void *, unsigned char *, size_t),
+                           void *p_rng );
+
+#if defined(MBEDTLS_ECDSA_DETERMINISTIC)
+#if ! defined(MBEDTLS_DEPRECATED_REMOVED)
+#if defined(MBEDTLS_DEPRECATED_WARNING)
+#define MBEDTLS_DEPRECATED    __attribute__((deprecated))
+#else
+#define MBEDTLS_DEPRECATED
+#endif
+/**
+ * \brief           Compute ECDSA signature and write it to buffer,
+ *                  serialized as defined in RFC 4492 page 20.
+ *                  Deterministic version, RFC 6979.
+ *                  (Not thread-safe to use same context in multiple threads)
+ *
+ * \deprecated      Superseded by mbedtls_ecdsa_write_signature() in 2.0.0
+ *
+ * \param ctx       ECDSA context
+ * \param hash      Message hash
+ * \param hlen      Length of hash
+ * \param sig       Buffer that will hold the signature
+ * \param slen      Length of the signature written
+ * \param md_alg    MD algorithm used to hash the message
+ *
+ * \note            The "sig" buffer must be at least as large as twice the
+ *                  size of the curve used, plus 9 (eg. 73 bytes if a 256-bit
+ *                  curve is used). MBEDTLS_ECDSA_MAX_LEN is always safe.
+ *
+ * \return          0 if successful,
+ *                  or a MBEDTLS_ERR_ECP_XXX, MBEDTLS_ERR_MPI_XXX or
+ *                  MBEDTLS_ERR_ASN1_XXX error code
+ */
+int mbedtls_ecdsa_write_signature_det( mbedtls_ecdsa_context *ctx,
+                               const unsigned char *hash, size_t hlen,
+                               unsigned char *sig, size_t *slen,
+                               mbedtls_md_type_t md_alg ) MBEDTLS_DEPRECATED;
+#undef MBEDTLS_DEPRECATED
+#endif /* MBEDTLS_DEPRECATED_REMOVED */
+#endif /* MBEDTLS_ECDSA_DETERMINISTIC */
+
+/**
+ * \brief           Read and verify an ECDSA signature
+ *
+ * \param ctx       ECDSA context
+ * \param hash      Message hash
+ * \param hlen      Size of hash
+ * \param sig       Signature to read and verify
+ * \param slen      Size of sig
+ *
+ * \return          0 if successful,
+ *                  MBEDTLS_ERR_ECP_BAD_INPUT_DATA if signature is invalid,
+ *                  MBEDTLS_ERR_ECP_SIG_LEN_MISMATCH if the signature is
+ *                  valid but its actual length is less than siglen,
+ *                  or a MBEDTLS_ERR_ECP_XXX or MBEDTLS_ERR_MPI_XXX error code
+ */
+int mbedtls_ecdsa_read_signature( mbedtls_ecdsa_context *ctx,
+                          const unsigned char *hash, size_t hlen,
+                          const unsigned char *sig, size_t slen );
+
+/**
+ * \brief           Generate an ECDSA keypair on the given curve
+ *
+ * \param ctx       ECDSA context in which the keypair should be stored
+ * \param gid       Group (elliptic curve) to use. One of the various
+ *                  MBEDTLS_ECP_DP_XXX macros depending on configuration.
+ * \param f_rng     RNG function
+ * \param p_rng     RNG parameter
+ *
+ * \return          0 on success, or a MBEDTLS_ERR_ECP_XXX code.
+ */
+int mbedtls_ecdsa_genkey( mbedtls_ecdsa_context *ctx, mbedtls_ecp_group_id gid,
+                  int (*f_rng)(void *, unsigned char *, size_t), void *p_rng );
+
+/**
+ * \brief           Set an ECDSA context from an EC key pair
+ *
+ * \param ctx       ECDSA context to set
+ * \param key       EC key to use
+ *
+ * \return          0 on success, or a MBEDTLS_ERR_ECP_XXX code.
+ */
+int mbedtls_ecdsa_from_keypair( mbedtls_ecdsa_context *ctx, const mbedtls_ecp_keypair *key );
+
+/**
+ * \brief           Initialize context
+ *
+ * \param ctx       Context to initialize
+ */
+void mbedtls_ecdsa_init( mbedtls_ecdsa_context *ctx );
+
+/**
+ * \brief           Free context
+ *
+ * \param ctx       Context to free
+ */
+void mbedtls_ecdsa_free( mbedtls_ecdsa_context *ctx );
+
+#ifdef __cplusplus
+}
+#endif
+
+#endif /* ecdsa.h */
diff --git a/client/3rd/ShadowSocks/ShadowSocks/mbedtls/include/ecp.h b/client/3rd/ShadowSocks/ShadowSocks/mbedtls/include/ecp.h
new file mode 100644
index 00000000..723e46c9
--- /dev/null
+++ b/client/3rd/ShadowSocks/ShadowSocks/mbedtls/include/ecp.h
@@ -0,0 +1,631 @@
+/**
+ * \file ecp.h
+ *
+ * \brief Elliptic curves over GF(p)
+ *
+ *  Copyright (C) 2006-2015, ARM Limited, All Rights Reserved
+ *  SPDX-License-Identifier: Apache-2.0
+ *
+ *  Licensed under the Apache License, Version 2.0 (the "License"); you may
+ *  not use this file except in compliance with the License.
+ *  You may obtain a copy of the License at
+ *
+ *  http://www.apache.org/licenses/LICENSE-2.0
+ *
+ *  Unless required by applicable law or agreed to in writing, software
+ *  distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
+ *  WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ *  See the License for the specific language governing permissions and
+ *  limitations under the License.
+ *
+ *  This file is part of mbed TLS (https://tls.mbed.org)
+ */
+#ifndef MBEDTLS_ECP_H
+#define MBEDTLS_ECP_H
+
+#include "bignum.h"
+
+/*
+ * ECP error codes
+ */
+#define MBEDTLS_ERR_ECP_BAD_INPUT_DATA                    -0x4F80  /**< Bad input parameters to function. */
+#define MBEDTLS_ERR_ECP_BUFFER_TOO_SMALL                  -0x4F00  /**< The buffer is too small to write to. */
+#define MBEDTLS_ERR_ECP_FEATURE_UNAVAILABLE               -0x4E80  /**< Requested curve not available. */
+#define MBEDTLS_ERR_ECP_VERIFY_FAILED                     -0x4E00  /**< The signature is not valid. */
+#define MBEDTLS_ERR_ECP_ALLOC_FAILED                      -0x4D80  /**< Memory allocation failed. */
+#define MBEDTLS_ERR_ECP_RANDOM_FAILED                     -0x4D00  /**< Generation of random value, such as (ephemeral) key, failed. */
+#define MBEDTLS_ERR_ECP_INVALID_KEY                       -0x4C80  /**< Invalid private or public key. */
+#define MBEDTLS_ERR_ECP_SIG_LEN_MISMATCH                  -0x4C00  /**< Signature is valid but shorter than the user-supplied length. */
+
+#ifdef __cplusplus
+extern "C" {
+#endif
+
+/**
+ * Domain parameters (curve, subgroup and generator) identifiers.
+ *
+ * Only curves over prime fields are supported.
+ *
+ * \warning This library does not support validation of arbitrary domain
+ * parameters. Therefore, only well-known domain parameters from trusted
+ * sources should be used. See mbedtls_ecp_group_load().
+ */
+typedef enum
+{
+    MBEDTLS_ECP_DP_NONE = 0,
+    MBEDTLS_ECP_DP_SECP192R1,      /*!< 192-bits NIST curve  */
+    MBEDTLS_ECP_DP_SECP224R1,      /*!< 224-bits NIST curve  */
+    MBEDTLS_ECP_DP_SECP256R1,      /*!< 256-bits NIST curve  */
+    MBEDTLS_ECP_DP_SECP384R1,      /*!< 384-bits NIST curve  */
+    MBEDTLS_ECP_DP_SECP521R1,      /*!< 521-bits NIST curve  */
+    MBEDTLS_ECP_DP_BP256R1,        /*!< 256-bits Brainpool curve */
+    MBEDTLS_ECP_DP_BP384R1,        /*!< 384-bits Brainpool curve */
+    MBEDTLS_ECP_DP_BP512R1,        /*!< 512-bits Brainpool curve */
+    MBEDTLS_ECP_DP_CURVE25519,           /*!< Curve25519               */
+    MBEDTLS_ECP_DP_SECP192K1,      /*!< 192-bits "Koblitz" curve */
+    MBEDTLS_ECP_DP_SECP224K1,      /*!< 224-bits "Koblitz" curve */
+    MBEDTLS_ECP_DP_SECP256K1,      /*!< 256-bits "Koblitz" curve */
+} mbedtls_ecp_group_id;
+
+/**
+ * Number of supported curves (plus one for NONE).
+ *
+ * (Montgomery curves excluded for now.)
+ */
+#define MBEDTLS_ECP_DP_MAX     12
+
+/**
+ * Curve information for use by other modules
+ */
+typedef struct
+{
+    mbedtls_ecp_group_id grp_id;    /*!< Internal identifier        */
+    uint16_t tls_id;                /*!< TLS NamedCurve identifier  */
+    uint16_t bit_size;              /*!< Curve size in bits         */
+    const char *name;               /*!< Human-friendly name        */
+} mbedtls_ecp_curve_info;
+
+/**
+ * \brief           ECP point structure (jacobian coordinates)
+ *
+ * \note            All functions expect and return points satisfying
+ *                  the following condition: Z == 0 or Z == 1. (Other
+ *                  values of Z are used by internal functions only.)
+ *                  The point is zero, or "at infinity", if Z == 0.
+ *                  Otherwise, X and Y are its standard (affine) coordinates.
+ */
+typedef struct
+{
+    mbedtls_mpi X;          /*!<  the point's X coordinate  */
+    mbedtls_mpi Y;          /*!<  the point's Y coordinate  */
+    mbedtls_mpi Z;          /*!<  the point's Z coordinate  */
+}
+mbedtls_ecp_point;
+
+/**
+ * \brief           ECP group structure
+ *
+ * We consider two types of curves equations:
+ * 1. Short Weierstrass y^2 = x^3 + A x + B     mod P   (SEC1 + RFC 4492)
+ * 2. Montgomery,       y^2 = x^3 + A x^2 + x   mod P   (Curve25519 + draft)
+ * In both cases, a generator G for a prime-order subgroup is fixed. In the
+ * short weierstrass, this subgroup is actually the whole curve, and its
+ * cardinal is denoted by N.
+ *
+ * In the case of Short Weierstrass curves, our code requires that N is an odd
+ * prime. (Use odd in mbedtls_ecp_mul() and prime in mbedtls_ecdsa_sign() for blinding.)
+ *
+ * In the case of Montgomery curves, we don't store A but (A + 2) / 4 which is
+ * the quantity actually used in the formulas. Also, nbits is not the size of N
+ * but the required size for private keys.
+ *
+ * If modp is NULL, reduction modulo P is done using a generic algorithm.
+ * Otherwise, it must point to a function that takes an mbedtls_mpi in the range
+ * 0..2^(2*pbits)-1 and transforms it in-place in an integer of little more
+ * than pbits, so that the integer may be efficiently brought in the 0..P-1
+ * range by a few additions or substractions. It must return 0 on success and
+ * non-zero on failure.
+ */
+typedef struct
+{
+    mbedtls_ecp_group_id id;    /*!<  internal group identifier                     */
+    mbedtls_mpi P;              /*!<  prime modulus of the base field               */
+    mbedtls_mpi A;              /*!<  1. A in the equation, or 2. (A + 2) / 4       */
+    mbedtls_mpi B;              /*!<  1. B in the equation, or 2. unused            */
+    mbedtls_ecp_point G;        /*!<  generator of the (sub)group used              */
+    mbedtls_mpi N;              /*!<  1. the order of G, or 2. unused               */
+    size_t pbits;       /*!<  number of bits in P                           */
+    size_t nbits;       /*!<  number of bits in 1. P, or 2. private keys    */
+    unsigned int h;     /*!<  internal: 1 if the constants are static       */
+    int (*modp)(mbedtls_mpi *); /*!<  function for fast reduction mod P             */
+    int (*t_pre)(mbedtls_ecp_point *, void *);  /*!< unused                         */
+    int (*t_post)(mbedtls_ecp_point *, void *); /*!< unused                         */
+    void *t_data;                       /*!< unused                         */
+    mbedtls_ecp_point *T;       /*!<  pre-computed points for ecp_mul_comb()        */
+    size_t T_size;      /*!<  number for pre-computed points                */
+}
+mbedtls_ecp_group;
+
+/**
+ * \brief           ECP key pair structure
+ *
+ * A generic key pair that could be used for ECDSA, fixed ECDH, etc.
+ *
+ * \note Members purposefully in the same order as struc mbedtls_ecdsa_context.
+ */
+typedef struct
+{
+    mbedtls_ecp_group grp;      /*!<  Elliptic curve and base point     */
+    mbedtls_mpi d;              /*!<  our secret value                  */
+    mbedtls_ecp_point Q;        /*!<  our public value                  */
+}
+mbedtls_ecp_keypair;
+
+/**
+ * \name SECTION: Module settings
+ *
+ * The configuration options you can set for this module are in this section.
+ * Either change them in config.h or define them on the compiler command line.
+ * \{
+ */
+
+#if !defined(MBEDTLS_ECP_MAX_BITS)
+/**
+ * Maximum size of the groups (that is, of N and P)
+ */
+#define MBEDTLS_ECP_MAX_BITS     521   /**< Maximum bit size of groups */
+#endif
+
+#define MBEDTLS_ECP_MAX_BYTES    ( ( MBEDTLS_ECP_MAX_BITS + 7 ) / 8 )
+#define MBEDTLS_ECP_MAX_PT_LEN   ( 2 * MBEDTLS_ECP_MAX_BYTES + 1 )
+
+#if !defined(MBEDTLS_ECP_WINDOW_SIZE)
+/*
+ * Maximum "window" size used for point multiplication.
+ * Default: 6.
+ * Minimum value: 2. Maximum value: 7.
+ *
+ * Result is an array of at most ( 1 << ( MBEDTLS_ECP_WINDOW_SIZE - 1 ) )
+ * points used for point multiplication. This value is directly tied to EC
+ * peak memory usage, so decreasing it by one should roughly cut memory usage
+ * by two (if large curves are in use).
+ *
+ * Reduction in size may reduce speed, but larger curves are impacted first.
+ * Sample performances (in ECDHE handshakes/s, with FIXED_POINT_OPTIM = 1):
+ *      w-size:     6       5       4       3       2
+ *      521       145     141     135     120      97
+ *      384       214     209     198     177     146
+ *      256       320     320     303     262     226
+
+ *      224       475     475     453     398     342
+ *      192       640     640     633     587     476
+ */
+#define MBEDTLS_ECP_WINDOW_SIZE    6   /**< Maximum window size used */
+#endif /* MBEDTLS_ECP_WINDOW_SIZE */
+
+#if !defined(MBEDTLS_ECP_FIXED_POINT_OPTIM)
+/*
+ * Trade memory for speed on fixed-point multiplication.
+ *
+ * This speeds up repeated multiplication of the generator (that is, the
+ * multiplication in ECDSA signatures, and half of the multiplications in
+ * ECDSA verification and ECDHE) by a factor roughly 3 to 4.
+ *
+ * The cost is increasing EC peak memory usage by a factor roughly 2.
+ *
+ * Change this value to 0 to reduce peak memory usage.
+ */
+#define MBEDTLS_ECP_FIXED_POINT_OPTIM  1   /**< Enable fixed-point speed-up */
+#endif /* MBEDTLS_ECP_FIXED_POINT_OPTIM */
+
+/* \} name SECTION: Module settings */
+
+/*
+ * Point formats, from RFC 4492's enum ECPointFormat
+ */
+#define MBEDTLS_ECP_PF_UNCOMPRESSED    0   /**< Uncompressed point format */
+#define MBEDTLS_ECP_PF_COMPRESSED      1   /**< Compressed point format */
+
+/*
+ * Some other constants from RFC 4492
+ */
+#define MBEDTLS_ECP_TLS_NAMED_CURVE    3   /**< ECCurveType's named_curve */
+
+/**
+ * \brief           Get the list of supported curves in order of preferrence
+ *                  (full information)
+ *
+ * \return          A statically allocated array, the last entry is 0.
+ */
+const mbedtls_ecp_curve_info *mbedtls_ecp_curve_list( void );
+
+/**
+ * \brief           Get the list of supported curves in order of preferrence
+ *                  (grp_id only)
+ *
+ * \return          A statically allocated array,
+ *                  terminated with MBEDTLS_ECP_DP_NONE.
+ */
+const mbedtls_ecp_group_id *mbedtls_ecp_grp_id_list( void );
+
+/**
+ * \brief           Get curve information from an internal group identifier
+ *
+ * \param grp_id    A MBEDTLS_ECP_DP_XXX value
+ *
+ * \return          The associated curve information or NULL
+ */
+const mbedtls_ecp_curve_info *mbedtls_ecp_curve_info_from_grp_id( mbedtls_ecp_group_id grp_id );
+
+/**
+ * \brief           Get curve information from a TLS NamedCurve value
+ *
+ * \param tls_id    A MBEDTLS_ECP_DP_XXX value
+ *
+ * \return          The associated curve information or NULL
+ */
+const mbedtls_ecp_curve_info *mbedtls_ecp_curve_info_from_tls_id( uint16_t tls_id );
+
+/**
+ * \brief           Get curve information from a human-readable name
+ *
+ * \param name      The name
+ *
+ * \return          The associated curve information or NULL
+ */
+const mbedtls_ecp_curve_info *mbedtls_ecp_curve_info_from_name( const char *name );
+
+/**
+ * \brief           Initialize a point (as zero)
+ */
+void mbedtls_ecp_point_init( mbedtls_ecp_point *pt );
+
+/**
+ * \brief           Initialize a group (to something meaningless)
+ */
+void mbedtls_ecp_group_init( mbedtls_ecp_group *grp );
+
+/**
+ * \brief           Initialize a key pair (as an invalid one)
+ */
+void mbedtls_ecp_keypair_init( mbedtls_ecp_keypair *key );
+
+/**
+ * \brief           Free the components of a point
+ */
+void mbedtls_ecp_point_free( mbedtls_ecp_point *pt );
+
+/**
+ * \brief           Free the components of an ECP group
+ */
+void mbedtls_ecp_group_free( mbedtls_ecp_group *grp );
+
+/**
+ * \brief           Free the components of a key pair
+ */
+void mbedtls_ecp_keypair_free( mbedtls_ecp_keypair *key );
+
+/**
+ * \brief           Copy the contents of point Q into P
+ *
+ * \param P         Destination point
+ * \param Q         Source point
+ *
+ * \return          0 if successful,
+ *                  MBEDTLS_ERR_MPI_ALLOC_FAILED if memory allocation failed
+ */
+int mbedtls_ecp_copy( mbedtls_ecp_point *P, const mbedtls_ecp_point *Q );
+
+/**
+ * \brief           Copy the contents of a group object
+ *
+ * \param dst       Destination group
+ * \param src       Source group
+ *
+ * \return          0 if successful,
+ *                  MBEDTLS_ERR_MPI_ALLOC_FAILED if memory allocation failed
+ */
+int mbedtls_ecp_group_copy( mbedtls_ecp_group *dst, const mbedtls_ecp_group *src );
+
+/**
+ * \brief           Set a point to zero
+ *
+ * \param pt        Destination point
+ *
+ * \return          0 if successful,
+ *                  MBEDTLS_ERR_MPI_ALLOC_FAILED if memory allocation failed
+ */
+int mbedtls_ecp_set_zero( mbedtls_ecp_point *pt );
+
+/**
+ * \brief           Tell if a point is zero
+ *
+ * \param pt        Point to test
+ *
+ * \return          1 if point is zero, 0 otherwise
+ */
+int mbedtls_ecp_is_zero( mbedtls_ecp_point *pt );
+
+/**
+ * \brief           Import a non-zero point from two ASCII strings
+ *
+ * \param P         Destination point
+ * \param radix     Input numeric base
+ * \param x         First affine coordinate as a null-terminated string
+ * \param y         Second affine coordinate as a null-terminated string
+ *
+ * \return          0 if successful, or a MBEDTLS_ERR_MPI_XXX error code
+ */
+int mbedtls_ecp_point_read_string( mbedtls_ecp_point *P, int radix,
+                           const char *x, const char *y );
+
+/**
+ * \brief           Export a point into unsigned binary data
+ *
+ * \param grp       Group to which the point should belong
+ * \param P         Point to export
+ * \param format    Point format, should be a MBEDTLS_ECP_PF_XXX macro
+ * \param olen      Length of the actual output
+ * \param buf       Output buffer
+ * \param buflen    Length of the output buffer
+ *
+ * \return          0 if successful,
+ *                  or MBEDTLS_ERR_ECP_BAD_INPUT_DATA
+ *                  or MBEDTLS_ERR_ECP_BUFFER_TOO_SMALL
+ */
+int mbedtls_ecp_point_write_binary( const mbedtls_ecp_group *grp, const mbedtls_ecp_point *P,
+                            int format, size_t *olen,
+                            unsigned char *buf, size_t buflen );
+
+/**
+ * \brief           Import a point from unsigned binary data
+ *
+ * \param grp       Group to which the point should belong
+ * \param P         Point to import
+ * \param buf       Input buffer
+ * \param ilen      Actual length of input
+ *
+ * \return          0 if successful,
+ *                  MBEDTLS_ERR_ECP_BAD_INPUT_DATA if input is invalid,
+ *                  MBEDTLS_ERR_MPI_ALLOC_FAILED if memory allocation failed,
+ *                  MBEDTLS_ERR_ECP_FEATURE_UNAVAILABLE if the point format
+ *                  is not implemented.
+ *
+ * \note            This function does NOT check that the point actually
+ *                  belongs to the given group, see mbedtls_ecp_check_pubkey() for
+ *                  that.
+ */
+int mbedtls_ecp_point_read_binary( const mbedtls_ecp_group *grp, mbedtls_ecp_point *P,
+                           const unsigned char *buf, size_t ilen );
+
+/**
+ * \brief           Import a point from a TLS ECPoint record
+ *
+ * \param grp       ECP group used
+ * \param pt        Destination point
+ * \param buf       $(Start of input buffer)
+ * \param len       Buffer length
+ *
+ * \note            buf is updated to point right after the ECPoint on exit
+ *
+ * \return          0 if successful,
+ *                  MBEDTLS_ERR_MPI_XXX if initialization failed
+ *                  MBEDTLS_ERR_ECP_BAD_INPUT_DATA if input is invalid
+ */
+int mbedtls_ecp_tls_read_point( const mbedtls_ecp_group *grp, mbedtls_ecp_point *pt,
+                        const unsigned char **buf, size_t len );
+
+/**
+ * \brief           Export a point as a TLS ECPoint record
+ *
+ * \param grp       ECP group used
+ * \param pt        Point to export
+ * \param format    Export format
+ * \param olen      length of data written
+ * \param buf       Buffer to write to
+ * \param blen      Buffer length
+ *
+ * \return          0 if successful,
+ *                  or MBEDTLS_ERR_ECP_BAD_INPUT_DATA
+ *                  or MBEDTLS_ERR_ECP_BUFFER_TOO_SMALL
+ */
+int mbedtls_ecp_tls_write_point( const mbedtls_ecp_group *grp, const mbedtls_ecp_point *pt,
+                         int format, size_t *olen,
+                         unsigned char *buf, size_t blen );
+
+/**
+ * \brief           Set a group using well-known domain parameters
+ *
+ * \param grp       Destination group
+ * \param index     Index in the list of well-known domain parameters
+ *
+ * \return          0 if successful,
+ *                  MBEDTLS_ERR_MPI_XXX if initialization failed
+ *                  MBEDTLS_ERR_ECP_FEATURE_UNAVAILABLE for unkownn groups
+ *
+ * \note            Index should be a value of RFC 4492's enum NamedCurve,
+ *                  usually in the form of a MBEDTLS_ECP_DP_XXX macro.
+ */
+int mbedtls_ecp_group_load( mbedtls_ecp_group *grp, mbedtls_ecp_group_id index );
+
+/**
+ * \brief           Set a group from a TLS ECParameters record
+ *
+ * \param grp       Destination group
+ * \param buf       &(Start of input buffer)
+ * \param len       Buffer length
+ *
+ * \note            buf is updated to point right after ECParameters on exit
+ *
+ * \return          0 if successful,
+ *                  MBEDTLS_ERR_MPI_XXX if initialization failed
+ *                  MBEDTLS_ERR_ECP_BAD_INPUT_DATA if input is invalid
+ */
+int mbedtls_ecp_tls_read_group( mbedtls_ecp_group *grp, const unsigned char **buf, size_t len );
+
+/**
+ * \brief           Write the TLS ECParameters record for a group
+ *
+ * \param grp       ECP group used
+ * \param olen      Number of bytes actually written
+ * \param buf       Buffer to write to
+ * \param blen      Buffer length
+ *
+ * \return          0 if successful,
+ *                  or MBEDTLS_ERR_ECP_BUFFER_TOO_SMALL
+ */
+int mbedtls_ecp_tls_write_group( const mbedtls_ecp_group *grp, size_t *olen,
+                         unsigned char *buf, size_t blen );
+
+/**
+ * \brief           Multiplication by an integer: R = m * P
+ *                  (Not thread-safe to use same group in multiple threads)
+ *
+ * \note            In order to prevent timing attacks, this function
+ *                  executes the exact same sequence of (base field)
+ *                  operations for any valid m. It avoids any if-branch or
+ *                  array index depending on the value of m.
+ *
+ * \note            If f_rng is not NULL, it is used to randomize intermediate
+ *                  results in order to prevent potential timing attacks
+ *                  targeting these results. It is recommended to always
+ *                  provide a non-NULL f_rng (the overhead is negligible).
+ *
+ * \param grp       ECP group
+ * \param R         Destination point
+ * \param m         Integer by which to multiply
+ * \param P         Point to multiply
+ * \param f_rng     RNG function (see notes)
+ * \param p_rng     RNG parameter
+ *
+ * \return          0 if successful,
+ *                  MBEDTLS_ERR_ECP_INVALID_KEY if m is not a valid privkey
+ *                  or P is not a valid pubkey,
+ *                  MBEDTLS_ERR_MPI_ALLOC_FAILED if memory allocation failed
+ */
+int mbedtls_ecp_mul( mbedtls_ecp_group *grp, mbedtls_ecp_point *R,
+             const mbedtls_mpi *m, const mbedtls_ecp_point *P,
+             int (*f_rng)(void *, unsigned char *, size_t), void *p_rng );
+
+/**
+ * \brief           Multiplication and addition of two points by integers:
+ *                  R = m * P + n * Q
+ *                  (Not thread-safe to use same group in multiple threads)
+ *
+ * \note            In contrast to mbedtls_ecp_mul(), this function does not guarantee
+ *                  a constant execution flow and timing.
+ *
+ * \param grp       ECP group
+ * \param R         Destination point
+ * \param m         Integer by which to multiply P
+ * \param P         Point to multiply by m
+ * \param n         Integer by which to multiply Q
+ * \param Q         Point to be multiplied by n
+ *
+ * \return          0 if successful,
+ *                  MBEDTLS_ERR_ECP_INVALID_KEY if m or n is not a valid privkey
+ *                  or P or Q is not a valid pubkey,
+ *                  MBEDTLS_ERR_MPI_ALLOC_FAILED if memory allocation failed
+ */
+int mbedtls_ecp_muladd( mbedtls_ecp_group *grp, mbedtls_ecp_point *R,
+             const mbedtls_mpi *m, const mbedtls_ecp_point *P,
+             const mbedtls_mpi *n, const mbedtls_ecp_point *Q );
+
+/**
+ * \brief           Check that a point is a valid public key on this curve
+ *
+ * \param grp       Curve/group the point should belong to
+ * \param pt        Point to check
+ *
+ * \return          0 if point is a valid public key,
+ *                  MBEDTLS_ERR_ECP_INVALID_KEY otherwise.
+ *
+ * \note            This function only checks the point is non-zero, has valid
+ *                  coordinates and lies on the curve, but not that it is
+ *                  indeed a multiple of G. This is additional check is more
+ *                  expensive, isn't required by standards, and shouldn't be
+ *                  necessary if the group used has a small cofactor. In
+ *                  particular, it is useless for the NIST groups which all
+ *                  have a cofactor of 1.
+ *
+ * \note            Uses bare components rather than an mbedtls_ecp_keypair structure
+ *                  in order to ease use with other structures such as
+ *                  mbedtls_ecdh_context of mbedtls_ecdsa_context.
+ */
+int mbedtls_ecp_check_pubkey( const mbedtls_ecp_group *grp, const mbedtls_ecp_point *pt );
+
+/**
+ * \brief           Check that an mbedtls_mpi is a valid private key for this curve
+ *
+ * \param grp       Group used
+ * \param d         Integer to check
+ *
+ * \return          0 if point is a valid private key,
+ *                  MBEDTLS_ERR_ECP_INVALID_KEY otherwise.
+ *
+ * \note            Uses bare components rather than an mbedtls_ecp_keypair structure
+ *                  in order to ease use with other structures such as
+ *                  mbedtls_ecdh_context of mbedtls_ecdsa_context.
+ */
+int mbedtls_ecp_check_privkey( const mbedtls_ecp_group *grp, const mbedtls_mpi *d );
+
+/**
+ * \brief           Generate a keypair
+ *
+ * \param grp       ECP group
+ * \param d         Destination MPI (secret part)
+ * \param Q         Destination point (public part)
+ * \param f_rng     RNG function
+ * \param p_rng     RNG parameter
+ *
+ * \return          0 if successful,
+ *                  or a MBEDTLS_ERR_ECP_XXX or MBEDTLS_MPI_XXX error code
+ *
+ * \note            Uses bare components rather than an mbedtls_ecp_keypair structure
+ *                  in order to ease use with other structures such as
+ *                  mbedtls_ecdh_context of mbedtls_ecdsa_context.
+ */
+int mbedtls_ecp_gen_keypair( mbedtls_ecp_group *grp, mbedtls_mpi *d, mbedtls_ecp_point *Q,
+                     int (*f_rng)(void *, unsigned char *, size_t),
+                     void *p_rng );
+
+/**
+ * \brief           Generate a keypair
+ *
+ * \param grp_id    ECP group identifier
+ * \param key       Destination keypair
+ * \param f_rng     RNG function
+ * \param p_rng     RNG parameter
+ *
+ * \return          0 if successful,
+ *                  or a MBEDTLS_ERR_ECP_XXX or MBEDTLS_MPI_XXX error code
+ */
+int mbedtls_ecp_gen_key( mbedtls_ecp_group_id grp_id, mbedtls_ecp_keypair *key,
+                int (*f_rng)(void *, unsigned char *, size_t), void *p_rng );
+
+/**
+ * \brief           Check a public-private key pair
+ *
+ * \param pub       Keypair structure holding a public key
+ * \param prv       Keypair structure holding a private (plus public) key
+ *
+ * \return          0 if successful (keys are valid and match), or
+ *                  MBEDTLS_ERR_ECP_BAD_INPUT_DATA, or
+ *                  a MBEDTLS_ERR_ECP_XXX or MBEDTLS_ERR_MPI_XXX code.
+ */
+int mbedtls_ecp_check_pub_priv( const mbedtls_ecp_keypair *pub, const mbedtls_ecp_keypair *prv );
+
+#if defined(MBEDTLS_SELF_TEST)
+/**
+ * \brief          Checkup routine
+ *
+ * \return         0 if successful, or 1 if a test failed
+ */
+int mbedtls_ecp_self_test( int verbose );
+#endif
+
+#ifdef __cplusplus
+}
+#endif
+
+#endif /* ecp.h */
diff --git a/client/3rd/ShadowSocks/ShadowSocks/mbedtls/include/entropy.h b/client/3rd/ShadowSocks/ShadowSocks/mbedtls/include/entropy.h
new file mode 100644
index 00000000..00de9a6e
--- /dev/null
+++ b/client/3rd/ShadowSocks/ShadowSocks/mbedtls/include/entropy.h
@@ -0,0 +1,252 @@
+/**
+ * \file entropy.h
+ *
+ * \brief Entropy accumulator implementation
+ *
+ *  Copyright (C) 2006-2015, ARM Limited, All Rights Reserved
+ *  SPDX-License-Identifier: Apache-2.0
+ *
+ *  Licensed under the Apache License, Version 2.0 (the "License"); you may
+ *  not use this file except in compliance with the License.
+ *  You may obtain a copy of the License at
+ *
+ *  http://www.apache.org/licenses/LICENSE-2.0
+ *
+ *  Unless required by applicable law or agreed to in writing, software
+ *  distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
+ *  WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ *  See the License for the specific language governing permissions and
+ *  limitations under the License.
+ *
+ *  This file is part of mbed TLS (https://tls.mbed.org)
+ */
+#ifndef MBEDTLS_ENTROPY_H
+#define MBEDTLS_ENTROPY_H
+
+#if !defined(MBEDTLS_CONFIG_FILE)
+#include "config.h"
+#else
+#include MBEDTLS_CONFIG_FILE
+#endif
+
+#include <stddef.h>
+
+#if defined(MBEDTLS_SHA512_C) && !defined(MBEDTLS_ENTROPY_FORCE_SHA256)
+#include "sha512.h"
+#define MBEDTLS_ENTROPY_SHA512_ACCUMULATOR
+#else
+#if defined(MBEDTLS_SHA256_C)
+#define MBEDTLS_ENTROPY_SHA256_ACCUMULATOR
+#include "sha256.h"
+#endif
+#endif
+
+#if defined(MBEDTLS_THREADING_C)
+#include "threading.h"
+#endif
+
+#if defined(MBEDTLS_HAVEGE_C)
+#include "havege.h"
+#endif
+
+#define MBEDTLS_ERR_ENTROPY_SOURCE_FAILED                 -0x003C  /**< Critical entropy source failure. */
+#define MBEDTLS_ERR_ENTROPY_MAX_SOURCES                   -0x003E  /**< No more sources can be added. */
+#define MBEDTLS_ERR_ENTROPY_NO_SOURCES_DEFINED            -0x0040  /**< No sources have been added to poll. */
+#define MBEDTLS_ERR_ENTROPY_NO_STRONG_SOURCE              -0x003D  /**< No strong sources have been added to poll. */
+#define MBEDTLS_ERR_ENTROPY_FILE_IO_ERROR                 -0x003F  /**< Read/write error in file. */
+
+/**
+ * \name SECTION: Module settings
+ *
+ * The configuration options you can set for this module are in this section.
+ * Either change them in config.h or define them on the compiler command line.
+ * \{
+ */
+
+#if !defined(MBEDTLS_ENTROPY_MAX_SOURCES)
+#define MBEDTLS_ENTROPY_MAX_SOURCES     20      /**< Maximum number of sources supported */
+#endif
+
+#if !defined(MBEDTLS_ENTROPY_MAX_GATHER)
+#define MBEDTLS_ENTROPY_MAX_GATHER      128     /**< Maximum amount requested from entropy sources */
+#endif
+
+/* \} name SECTION: Module settings */
+
+#if defined(MBEDTLS_ENTROPY_SHA512_ACCUMULATOR)
+#define MBEDTLS_ENTROPY_BLOCK_SIZE      64      /**< Block size of entropy accumulator (SHA-512) */
+#else
+#define MBEDTLS_ENTROPY_BLOCK_SIZE      32      /**< Block size of entropy accumulator (SHA-256) */
+#endif
+
+#define MBEDTLS_ENTROPY_MAX_SEED_SIZE   1024    /**< Maximum size of seed we read from seed file */
+#define MBEDTLS_ENTROPY_SOURCE_MANUAL   MBEDTLS_ENTROPY_MAX_SOURCES
+
+#define MBEDTLS_ENTROPY_SOURCE_STRONG   1       /**< Entropy source is strong   */
+#define MBEDTLS_ENTROPY_SOURCE_WEAK     0       /**< Entropy source is weak     */
+
+#ifdef __cplusplus
+extern "C" {
+#endif
+
+/**
+ * \brief           Entropy poll callback pointer
+ *
+ * \param data      Callback-specific data pointer
+ * \param output    Data to fill
+ * \param len       Maximum size to provide
+ * \param olen      The actual amount of bytes put into the buffer (Can be 0)
+ *
+ * \return          0 if no critical failures occurred,
+ *                  MBEDTLS_ERR_ENTROPY_SOURCE_FAILED otherwise
+ */
+typedef int (*mbedtls_entropy_f_source_ptr)(void *data, unsigned char *output, size_t len,
+                            size_t *olen);
+
+/**
+ * \brief           Entropy source state
+ */
+typedef struct
+{
+    mbedtls_entropy_f_source_ptr    f_source;   /**< The entropy source callback */
+    void *          p_source;   /**< The callback data pointer */
+    size_t          size;       /**< Amount received in bytes */
+    size_t          threshold;  /**< Minimum bytes required before release */
+    int             strong;     /**< Is the source strong? */
+}
+mbedtls_entropy_source_state;
+
+/**
+ * \brief           Entropy context structure
+ */
+typedef struct
+{
+#if defined(MBEDTLS_ENTROPY_SHA512_ACCUMULATOR)
+    mbedtls_sha512_context  accumulator;
+#else
+    mbedtls_sha256_context  accumulator;
+#endif
+    int             source_count;
+    mbedtls_entropy_source_state    source[MBEDTLS_ENTROPY_MAX_SOURCES];
+#if defined(MBEDTLS_HAVEGE_C)
+    mbedtls_havege_state    havege_data;
+#endif
+#if defined(MBEDTLS_THREADING_C)
+    mbedtls_threading_mutex_t mutex;    /*!< mutex                  */
+#endif
+}
+mbedtls_entropy_context;
+
+/**
+ * \brief           Initialize the context
+ *
+ * \param ctx       Entropy context to initialize
+ */
+void mbedtls_entropy_init( mbedtls_entropy_context *ctx );
+
+/**
+ * \brief           Free the data in the context
+ *
+ * \param ctx       Entropy context to free
+ */
+void mbedtls_entropy_free( mbedtls_entropy_context *ctx );
+
+/**
+ * \brief           Adds an entropy source to poll
+ *                  (Thread-safe if MBEDTLS_THREADING_C is enabled)
+ *
+ * \param ctx       Entropy context
+ * \param f_source  Entropy function
+ * \param p_source  Function data
+ * \param threshold Minimum required from source before entropy is released
+ *                  ( with mbedtls_entropy_func() ) (in bytes)
+ * \param strong    MBEDTLS_ENTROPY_SOURCE_STRONG or
+ *                  MBEDTSL_ENTROPY_SOURCE_WEAK.
+ *                  At least one strong source needs to be added.
+ *                  Weaker sources (such as the cycle counter) can be used as
+ *                  a complement.
+ *
+ * \return          0 if successful or MBEDTLS_ERR_ENTROPY_MAX_SOURCES
+ */
+int mbedtls_entropy_add_source( mbedtls_entropy_context *ctx,
+                        mbedtls_entropy_f_source_ptr f_source, void *p_source,
+                        size_t threshold, int strong );
+
+/**
+ * \brief           Trigger an extra gather poll for the accumulator
+ *                  (Thread-safe if MBEDTLS_THREADING_C is enabled)
+ *
+ * \param ctx       Entropy context
+ *
+ * \return          0 if successful, or MBEDTLS_ERR_ENTROPY_SOURCE_FAILED
+ */
+int mbedtls_entropy_gather( mbedtls_entropy_context *ctx );
+
+/**
+ * \brief           Retrieve entropy from the accumulator
+ *                  (Maximum length: MBEDTLS_ENTROPY_BLOCK_SIZE)
+ *                  (Thread-safe if MBEDTLS_THREADING_C is enabled)
+ *
+ * \param data      Entropy context
+ * \param output    Buffer to fill
+ * \param len       Number of bytes desired, must be at most MBEDTLS_ENTROPY_BLOCK_SIZE
+ *
+ * \return          0 if successful, or MBEDTLS_ERR_ENTROPY_SOURCE_FAILED
+ */
+int mbedtls_entropy_func( void *data, unsigned char *output, size_t len );
+
+/**
+ * \brief           Add data to the accumulator manually
+ *                  (Thread-safe if MBEDTLS_THREADING_C is enabled)
+ *
+ * \param ctx       Entropy context
+ * \param data      Data to add
+ * \param len       Length of data
+ *
+ * \return          0 if successful
+ */
+int mbedtls_entropy_update_manual( mbedtls_entropy_context *ctx,
+                           const unsigned char *data, size_t len );
+
+#if defined(MBEDTLS_FS_IO)
+/**
+ * \brief               Write a seed file
+ *
+ * \param ctx           Entropy context
+ * \param path          Name of the file
+ *
+ * \return              0 if successful,
+ *                      MBEDTLS_ERR_ENTROPY_FILE_IO_ERROR on file error, or
+ *                      MBEDTLS_ERR_ENTROPY_SOURCE_FAILED
+ */
+int mbedtls_entropy_write_seed_file( mbedtls_entropy_context *ctx, const char *path );
+
+/**
+ * \brief               Read and update a seed file. Seed is added to this
+ *                      instance. No more than MBEDTLS_ENTROPY_MAX_SEED_SIZE bytes are
+ *                      read from the seed file. The rest is ignored.
+ *
+ * \param ctx           Entropy context
+ * \param path          Name of the file
+ *
+ * \return              0 if successful,
+ *                      MBEDTLS_ERR_ENTROPY_FILE_IO_ERROR on file error,
+ *                      MBEDTLS_ERR_ENTROPY_SOURCE_FAILED
+ */
+int mbedtls_entropy_update_seed_file( mbedtls_entropy_context *ctx, const char *path );
+#endif /* MBEDTLS_FS_IO */
+
+#if defined(MBEDTLS_SELF_TEST)
+/**
+ * \brief          Checkup routine
+ *
+ * \return         0 if successful, or 1 if a test failed
+ */
+int mbedtls_entropy_self_test( int verbose );
+#endif /* MBEDTLS_SELF_TEST */
+
+#ifdef __cplusplus
+}
+#endif
+
+#endif /* entropy.h */
diff --git a/client/3rd/ShadowSocks/ShadowSocks/mbedtls/include/entropy_poll.h b/client/3rd/ShadowSocks/ShadowSocks/mbedtls/include/entropy_poll.h
new file mode 100644
index 00000000..dc119113
--- /dev/null
+++ b/client/3rd/ShadowSocks/ShadowSocks/mbedtls/include/entropy_poll.h
@@ -0,0 +1,89 @@
+/**
+ * \file entropy_poll.h
+ *
+ * \brief Platform-specific and custom entropy polling functions
+ *
+ *  Copyright (C) 2006-2015, ARM Limited, All Rights Reserved
+ *  SPDX-License-Identifier: Apache-2.0
+ *
+ *  Licensed under the Apache License, Version 2.0 (the "License"); you may
+ *  not use this file except in compliance with the License.
+ *  You may obtain a copy of the License at
+ *
+ *  http://www.apache.org/licenses/LICENSE-2.0
+ *
+ *  Unless required by applicable law or agreed to in writing, software
+ *  distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
+ *  WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ *  See the License for the specific language governing permissions and
+ *  limitations under the License.
+ *
+ *  This file is part of mbed TLS (https://tls.mbed.org)
+ */
+#ifndef MBEDTLS_ENTROPY_POLL_H
+#define MBEDTLS_ENTROPY_POLL_H
+
+#if !defined(MBEDTLS_CONFIG_FILE)
+#include "config.h"
+#else
+#include MBEDTLS_CONFIG_FILE
+#endif
+
+#include <stddef.h>
+
+#ifdef __cplusplus
+extern "C" {
+#endif
+
+/*
+ * Default thresholds for built-in sources, in bytes
+ */
+#define MBEDTLS_ENTROPY_MIN_PLATFORM     32     /**< Minimum for platform source    */
+#define MBEDTLS_ENTROPY_MIN_HAVEGE       32     /**< Minimum for HAVEGE             */
+#define MBEDTLS_ENTROPY_MIN_HARDCLOCK     4     /**< Minimum for mbedtls_timing_hardclock()        */
+#define MBEDTLS_ENTROPY_MIN_HARDWARE     32     /**< Minimum for the hardware source */
+
+#if !defined(MBEDTLS_NO_PLATFORM_ENTROPY)
+/**
+ * \brief           Platform-specific entropy poll callback
+ */
+int mbedtls_platform_entropy_poll( void *data,
+                           unsigned char *output, size_t len, size_t *olen );
+#endif
+
+#if defined(MBEDTLS_HAVEGE_C)
+/**
+ * \brief           HAVEGE based entropy poll callback
+ *
+ * Requires an HAVEGE state as its data pointer.
+ */
+int mbedtls_havege_poll( void *data,
+                 unsigned char *output, size_t len, size_t *olen );
+#endif
+
+#if defined(MBEDTLS_TIMING_C)
+/**
+ * \brief           mbedtls_timing_hardclock-based entropy poll callback
+ */
+int mbedtls_hardclock_poll( void *data,
+                    unsigned char *output, size_t len, size_t *olen );
+#endif
+
+#if defined(MBEDTLS_ENTROPY_HARDWARE_ALT)
+/**
+ * \brief           Entropy poll callback for a hardware source
+ *
+ * \warning         This is not provided by mbed TLS!
+ *                  See \c MBEDTLS_ENTROPY_HARDWARE_ALT in config.h.
+ *
+ * \note            This must accept NULL as its first argument.
+ */
+int mbedtls_hardware_poll( void *data,
+                           unsigned char *output, size_t len, size_t *olen );
+#endif
+
+#ifdef __cplusplus
+}
+#endif
+
+#endif /* entropy_poll.h */
diff --git a/client/3rd/ShadowSocks/ShadowSocks/mbedtls/include/error.h b/client/3rd/ShadowSocks/ShadowSocks/mbedtls/include/error.h
new file mode 100644
index 00000000..a182713d
--- /dev/null
+++ b/client/3rd/ShadowSocks/ShadowSocks/mbedtls/include/error.h
@@ -0,0 +1,107 @@
+/**
+ * \file error.h
+ *
+ * \brief Error to string translation
+ *
+ *  Copyright (C) 2006-2015, ARM Limited, All Rights Reserved
+ *  SPDX-License-Identifier: Apache-2.0
+ *
+ *  Licensed under the Apache License, Version 2.0 (the "License"); you may
+ *  not use this file except in compliance with the License.
+ *  You may obtain a copy of the License at
+ *
+ *  http://www.apache.org/licenses/LICENSE-2.0
+ *
+ *  Unless required by applicable law or agreed to in writing, software
+ *  distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
+ *  WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ *  See the License for the specific language governing permissions and
+ *  limitations under the License.
+ *
+ *  This file is part of mbed TLS (https://tls.mbed.org)
+ */
+#ifndef MBEDTLS_ERROR_H
+#define MBEDTLS_ERROR_H
+
+#include <stddef.h>
+
+/**
+ * Error code layout.
+ *
+ * Currently we try to keep all error codes within the negative space of 16
+ * bits signed integers to support all platforms (-0x0001 - -0x7FFF). In
+ * addition we'd like to give two layers of information on the error if
+ * possible.
+ *
+ * For that purpose the error codes are segmented in the following manner:
+ *
+ * 16 bit error code bit-segmentation
+ *
+ * 1 bit  - Unused (sign bit)
+ * 3 bits - High level module ID
+ * 5 bits - Module-dependent error code
+ * 7 bits - Low level module errors
+ *
+ * For historical reasons, low-level error codes are divided in even and odd,
+ * even codes were assigned first, and -1 is reserved for other errors.
+ *
+ * Low-level module errors (0x0002-0x007E, 0x0003-0x007F)
+ *
+ * Module   Nr  Codes assigned
+ * MPI       7  0x0002-0x0010
+ * GCM       2  0x0012-0x0014
+ * BLOWFISH  2  0x0016-0x0018
+ * THREADING 3  0x001A-0x001E
+ * AES       2  0x0020-0x0022
+ * CAMELLIA  2  0x0024-0x0026
+ * XTEA      1  0x0028-0x0028
+ * BASE64    2  0x002A-0x002C
+ * OID       1  0x002E-0x002E   0x000B-0x000B
+ * PADLOCK   1  0x0030-0x0030
+ * DES       1  0x0032-0x0032
+ * CTR_DBRG  4  0x0034-0x003A
+ * ENTROPY   3  0x003C-0x0040   0x003D-0x003F
+ * NET      11  0x0042-0x0052   0x0043-0x0045
+ * ASN1      7  0x0060-0x006C
+ * PBKDF2    1  0x007C-0x007C
+ * HMAC_DRBG 4  0x0003-0x0009
+ * CCM       2                  0x000D-0x000F
+ *
+ * High-level module nr (3 bits - 0x0...-0x7...)
+ * Name      ID  Nr of Errors
+ * PEM       1   9
+ * PKCS#12   1   4 (Started from top)
+ * X509      2   19
+ * PKCS5     2   4 (Started from top)
+ * DHM       3   9
+ * PK        3   14 (Started from top)
+ * RSA       4   9
+ * ECP       4   8 (Started from top)
+ * MD        5   4
+ * CIPHER    6   6
+ * SSL       6   16 (Started from top)
+ * SSL       7   31
+ *
+ * Module dependent error code (5 bits 0x.00.-0x.F8.)
+ */
+
+#ifdef __cplusplus
+extern "C" {
+#endif
+
+/**
+ * \brief Translate a mbed TLS error code into a string representation,
+ *        Result is truncated if necessary and always includes a terminating
+ *        null byte.
+ *
+ * \param errnum    error code
+ * \param buffer    buffer to place representation in
+ * \param buflen    length of the buffer
+ */
+void mbedtls_strerror( int errnum, char *buffer, size_t buflen );
+
+#ifdef __cplusplus
+}
+#endif
+
+#endif /* error.h */
diff --git a/client/3rd/ShadowSocks/ShadowSocks/mbedtls/include/gcm.h b/client/3rd/ShadowSocks/ShadowSocks/mbedtls/include/gcm.h
new file mode 100644
index 00000000..6743ac9a
--- /dev/null
+++ b/client/3rd/ShadowSocks/ShadowSocks/mbedtls/include/gcm.h
@@ -0,0 +1,220 @@
+/**
+ * \file gcm.h
+ *
+ * \brief Galois/Counter mode for 128-bit block ciphers
+ *
+ *  Copyright (C) 2006-2015, ARM Limited, All Rights Reserved
+ *  SPDX-License-Identifier: Apache-2.0
+ *
+ *  Licensed under the Apache License, Version 2.0 (the "License"); you may
+ *  not use this file except in compliance with the License.
+ *  You may obtain a copy of the License at
+ *
+ *  http://www.apache.org/licenses/LICENSE-2.0
+ *
+ *  Unless required by applicable law or agreed to in writing, software
+ *  distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
+ *  WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ *  See the License for the specific language governing permissions and
+ *  limitations under the License.
+ *
+ *  This file is part of mbed TLS (https://tls.mbed.org)
+ */
+#ifndef MBEDTLS_GCM_H
+#define MBEDTLS_GCM_H
+
+#include "cipher.h"
+
+#include <stdint.h>
+
+#define MBEDTLS_GCM_ENCRYPT     1
+#define MBEDTLS_GCM_DECRYPT     0
+
+#define MBEDTLS_ERR_GCM_AUTH_FAILED                       -0x0012  /**< Authenticated decryption failed. */
+#define MBEDTLS_ERR_GCM_BAD_INPUT                         -0x0014  /**< Bad input parameters to function. */
+
+#ifdef __cplusplus
+extern "C" {
+#endif
+
+/**
+ * \brief          GCM context structure
+ */
+typedef struct {
+    mbedtls_cipher_context_t cipher_ctx;/*!< cipher context used */
+    uint64_t HL[16];            /*!< Precalculated HTable */
+    uint64_t HH[16];            /*!< Precalculated HTable */
+    uint64_t len;               /*!< Total data length */
+    uint64_t add_len;           /*!< Total add length */
+    unsigned char base_ectr[16];/*!< First ECTR for tag */
+    unsigned char y[16];        /*!< Y working value */
+    unsigned char buf[16];      /*!< buf working value */
+    int mode;                   /*!< Encrypt or Decrypt */
+}
+mbedtls_gcm_context;
+
+/**
+ * \brief           Initialize GCM context (just makes references valid)
+ *                  Makes the context ready for mbedtls_gcm_setkey() or
+ *                  mbedtls_gcm_free().
+ *
+ * \param ctx       GCM context to initialize
+ */
+void mbedtls_gcm_init( mbedtls_gcm_context *ctx );
+
+/**
+ * \brief           GCM initialization (encryption)
+ *
+ * \param ctx       GCM context to be initialized
+ * \param cipher    cipher to use (a 128-bit block cipher)
+ * \param key       encryption key
+ * \param keybits   must be 128, 192 or 256
+ *
+ * \return          0 if successful, or a cipher specific error code
+ */
+int mbedtls_gcm_setkey( mbedtls_gcm_context *ctx,
+                        mbedtls_cipher_id_t cipher,
+                        const unsigned char *key,
+                        unsigned int keybits );
+
+/**
+ * \brief           GCM buffer encryption/decryption using a block cipher
+ *
+ * \note On encryption, the output buffer can be the same as the input buffer.
+ *       On decryption, the output buffer cannot be the same as input buffer.
+ *       If buffers overlap, the output buffer must trail at least 8 bytes
+ *       behind the input buffer.
+ *
+ * \param ctx       GCM context
+ * \param mode      MBEDTLS_GCM_ENCRYPT or MBEDTLS_GCM_DECRYPT
+ * \param length    length of the input data
+ * \param iv        initialization vector
+ * \param iv_len    length of IV
+ * \param add       additional data
+ * \param add_len   length of additional data
+ * \param input     buffer holding the input data
+ * \param output    buffer for holding the output data
+ * \param tag_len   length of the tag to generate
+ * \param tag       buffer for holding the tag
+ *
+ * \return         0 if successful
+ */
+int mbedtls_gcm_crypt_and_tag( mbedtls_gcm_context *ctx,
+                       int mode,
+                       size_t length,
+                       const unsigned char *iv,
+                       size_t iv_len,
+                       const unsigned char *add,
+                       size_t add_len,
+                       const unsigned char *input,
+                       unsigned char *output,
+                       size_t tag_len,
+                       unsigned char *tag );
+
+/**
+ * \brief           GCM buffer authenticated decryption using a block cipher
+ *
+ * \note On decryption, the output buffer cannot be the same as input buffer.
+ *       If buffers overlap, the output buffer must trail at least 8 bytes
+ *       behind the input buffer.
+ *
+ * \param ctx       GCM context
+ * \param length    length of the input data
+ * \param iv        initialization vector
+ * \param iv_len    length of IV
+ * \param add       additional data
+ * \param add_len   length of additional data
+ * \param tag       buffer holding the tag
+ * \param tag_len   length of the tag
+ * \param input     buffer holding the input data
+ * \param output    buffer for holding the output data
+ *
+ * \return         0 if successful and authenticated,
+ *                 MBEDTLS_ERR_GCM_AUTH_FAILED if tag does not match
+ */
+int mbedtls_gcm_auth_decrypt( mbedtls_gcm_context *ctx,
+                      size_t length,
+                      const unsigned char *iv,
+                      size_t iv_len,
+                      const unsigned char *add,
+                      size_t add_len,
+                      const unsigned char *tag,
+                      size_t tag_len,
+                      const unsigned char *input,
+                      unsigned char *output );
+
+/**
+ * \brief           Generic GCM stream start function
+ *
+ * \param ctx       GCM context
+ * \param mode      MBEDTLS_GCM_ENCRYPT or MBEDTLS_GCM_DECRYPT
+ * \param iv        initialization vector
+ * \param iv_len    length of IV
+ * \param add       additional data (or NULL if length is 0)
+ * \param add_len   length of additional data
+ *
+ * \return         0 if successful
+ */
+int mbedtls_gcm_starts( mbedtls_gcm_context *ctx,
+                int mode,
+                const unsigned char *iv,
+                size_t iv_len,
+                const unsigned char *add,
+                size_t add_len );
+
+/**
+ * \brief           Generic GCM update function. Encrypts/decrypts using the
+ *                  given GCM context. Expects input to be a multiple of 16
+ *                  bytes! Only the last call before mbedtls_gcm_finish() can be less
+ *                  than 16 bytes!
+ *
+ * \note On decryption, the output buffer cannot be the same as input buffer.
+ *       If buffers overlap, the output buffer must trail at least 8 bytes
+ *       behind the input buffer.
+ *
+ * \param ctx       GCM context
+ * \param length    length of the input data
+ * \param input     buffer holding the input data
+ * \param output    buffer for holding the output data
+ *
+ * \return         0 if successful or MBEDTLS_ERR_GCM_BAD_INPUT
+ */
+int mbedtls_gcm_update( mbedtls_gcm_context *ctx,
+                size_t length,
+                const unsigned char *input,
+                unsigned char *output );
+
+/**
+ * \brief           Generic GCM finalisation function. Wraps up the GCM stream
+ *                  and generates the tag. The tag can have a maximum length of
+ *                  16 bytes.
+ *
+ * \param ctx       GCM context
+ * \param tag       buffer for holding the tag (may be NULL if tag_len is 0)
+ * \param tag_len   length of the tag to generate
+ *
+ * \return          0 if successful or MBEDTLS_ERR_GCM_BAD_INPUT
+ */
+int mbedtls_gcm_finish( mbedtls_gcm_context *ctx,
+                unsigned char *tag,
+                size_t tag_len );
+
+/**
+ * \brief           Free a GCM context and underlying cipher sub-context
+ *
+ * \param ctx       GCM context to free
+ */
+void mbedtls_gcm_free( mbedtls_gcm_context *ctx );
+
+/**
+ * \brief          Checkup routine
+ *
+ * \return         0 if successful, or 1 if the test failed
+ */
+int mbedtls_gcm_self_test( int verbose );
+
+#ifdef __cplusplus
+}
+#endif
+
+#endif /* gcm.h */
diff --git a/client/3rd/ShadowSocks/ShadowSocks/mbedtls/include/havege.h b/client/3rd/ShadowSocks/ShadowSocks/mbedtls/include/havege.h
new file mode 100644
index 00000000..dac5d311
--- /dev/null
+++ b/client/3rd/ShadowSocks/ShadowSocks/mbedtls/include/havege.h
@@ -0,0 +1,74 @@
+/**
+ * \file havege.h
+ *
+ * \brief HAVEGE: HArdware Volatile Entropy Gathering and Expansion
+ *
+ *  Copyright (C) 2006-2015, ARM Limited, All Rights Reserved
+ *  SPDX-License-Identifier: Apache-2.0
+ *
+ *  Licensed under the Apache License, Version 2.0 (the "License"); you may
+ *  not use this file except in compliance with the License.
+ *  You may obtain a copy of the License at
+ *
+ *  http://www.apache.org/licenses/LICENSE-2.0
+ *
+ *  Unless required by applicable law or agreed to in writing, software
+ *  distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
+ *  WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ *  See the License for the specific language governing permissions and
+ *  limitations under the License.
+ *
+ *  This file is part of mbed TLS (https://tls.mbed.org)
+ */
+#ifndef MBEDTLS_HAVEGE_H
+#define MBEDTLS_HAVEGE_H
+
+#include <stddef.h>
+
+#define MBEDTLS_HAVEGE_COLLECT_SIZE 1024
+
+#ifdef __cplusplus
+extern "C" {
+#endif
+
+/**
+ * \brief          HAVEGE state structure
+ */
+typedef struct
+{
+    int PT1, PT2, offset[2];
+    int pool[MBEDTLS_HAVEGE_COLLECT_SIZE];
+    int WALK[8192];
+}
+mbedtls_havege_state;
+
+/**
+ * \brief          HAVEGE initialization
+ *
+ * \param hs       HAVEGE state to be initialized
+ */
+void mbedtls_havege_init( mbedtls_havege_state *hs );
+
+/**
+ * \brief          Clear HAVEGE state
+ *
+ * \param hs       HAVEGE state to be cleared
+ */
+void mbedtls_havege_free( mbedtls_havege_state *hs );
+
+/**
+ * \brief          HAVEGE rand function
+ *
+ * \param p_rng    A HAVEGE state
+ * \param output   Buffer to fill
+ * \param len      Length of buffer
+ *
+ * \return         0
+ */
+int mbedtls_havege_random( void *p_rng, unsigned char *output, size_t len );
+
+#ifdef __cplusplus
+}
+#endif
+
+#endif /* havege.h */
diff --git a/client/3rd/ShadowSocks/ShadowSocks/mbedtls/include/hmac_drbg.h b/client/3rd/ShadowSocks/ShadowSocks/mbedtls/include/hmac_drbg.h
new file mode 100644
index 00000000..e0105580
--- /dev/null
+++ b/client/3rd/ShadowSocks/ShadowSocks/mbedtls/include/hmac_drbg.h
@@ -0,0 +1,299 @@
+/**
+ * \file hmac_drbg.h
+ *
+ * \brief HMAC_DRBG (NIST SP 800-90A)
+ *
+ *  Copyright (C) 2006-2015, ARM Limited, All Rights Reserved
+ *  SPDX-License-Identifier: Apache-2.0
+ *
+ *  Licensed under the Apache License, Version 2.0 (the "License"); you may
+ *  not use this file except in compliance with the License.
+ *  You may obtain a copy of the License at
+ *
+ *  http://www.apache.org/licenses/LICENSE-2.0
+ *
+ *  Unless required by applicable law or agreed to in writing, software
+ *  distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
+ *  WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ *  See the License for the specific language governing permissions and
+ *  limitations under the License.
+ *
+ *  This file is part of mbed TLS (https://tls.mbed.org)
+ */
+#ifndef MBEDTLS_HMAC_DRBG_H
+#define MBEDTLS_HMAC_DRBG_H
+
+#include "md.h"
+
+#if defined(MBEDTLS_THREADING_C)
+#include "mbedtls/threading.h"
+#endif
+
+/*
+ * Error codes
+ */
+#define MBEDTLS_ERR_HMAC_DRBG_REQUEST_TOO_BIG              -0x0003  /**< Too many random requested in single call. */
+#define MBEDTLS_ERR_HMAC_DRBG_INPUT_TOO_BIG                -0x0005  /**< Input too large (Entropy + additional). */
+#define MBEDTLS_ERR_HMAC_DRBG_FILE_IO_ERROR                -0x0007  /**< Read/write error in file. */
+#define MBEDTLS_ERR_HMAC_DRBG_ENTROPY_SOURCE_FAILED        -0x0009  /**< The entropy source failed. */
+
+/**
+ * \name SECTION: Module settings
+ *
+ * The configuration options you can set for this module are in this section.
+ * Either change them in config.h or define them on the compiler command line.
+ * \{
+ */
+
+#if !defined(MBEDTLS_HMAC_DRBG_RESEED_INTERVAL)
+#define MBEDTLS_HMAC_DRBG_RESEED_INTERVAL   10000   /**< Interval before reseed is performed by default */
+#endif
+
+#if !defined(MBEDTLS_HMAC_DRBG_MAX_INPUT)
+#define MBEDTLS_HMAC_DRBG_MAX_INPUT         256     /**< Maximum number of additional input bytes */
+#endif
+
+#if !defined(MBEDTLS_HMAC_DRBG_MAX_REQUEST)
+#define MBEDTLS_HMAC_DRBG_MAX_REQUEST       1024    /**< Maximum number of requested bytes per call */
+#endif
+
+#if !defined(MBEDTLS_HMAC_DRBG_MAX_SEED_INPUT)
+#define MBEDTLS_HMAC_DRBG_MAX_SEED_INPUT    384     /**< Maximum size of (re)seed buffer */
+#endif
+
+/* \} name SECTION: Module settings */
+
+#define MBEDTLS_HMAC_DRBG_PR_OFF   0   /**< No prediction resistance       */
+#define MBEDTLS_HMAC_DRBG_PR_ON    1   /**< Prediction resistance enabled  */
+
+#ifdef __cplusplus
+extern "C" {
+#endif
+
+/**
+ * HMAC_DRBG context.
+ */
+typedef struct
+{
+    /* Working state: the key K is not stored explicitely,
+     * but is implied by the HMAC context */
+    mbedtls_md_context_t md_ctx;                    /*!< HMAC context (inc. K)  */
+    unsigned char V[MBEDTLS_MD_MAX_SIZE];  /*!< V in the spec          */
+    int reseed_counter;                     /*!< reseed counter         */
+
+    /* Administrative state */
+    size_t entropy_len;         /*!< entropy bytes grabbed on each (re)seed */
+    int prediction_resistance;  /*!< enable prediction resistance (Automatic
+                                     reseed before every random generation) */
+    int reseed_interval;        /*!< reseed interval   */
+
+    /* Callbacks */
+    int (*f_entropy)(void *, unsigned char *, size_t); /*!< entropy function */
+    void *p_entropy;            /*!< context for the entropy function        */
+
+#if defined(MBEDTLS_THREADING_C)
+    mbedtls_threading_mutex_t mutex;
+#endif
+} mbedtls_hmac_drbg_context;
+
+/**
+ * \brief               HMAC_DRBG context initialization
+ *                      Makes the context ready for mbedtls_hmac_drbg_seed(),
+ *                      mbedtls_hmac_drbg_seed_buf() or
+ *                      mbedtls_hmac_drbg_free().
+ *
+ * \param ctx           HMAC_DRBG context to be initialized
+ */
+void mbedtls_hmac_drbg_init( mbedtls_hmac_drbg_context *ctx );
+
+/**
+ * \brief               HMAC_DRBG initial seeding
+ *                      Seed and setup entropy source for future reseeds.
+ *
+ * \param ctx           HMAC_DRBG context to be seeded
+ * \param md_info       MD algorithm to use for HMAC_DRBG
+ * \param f_entropy     Entropy callback (p_entropy, buffer to fill, buffer
+ *                      length)
+ * \param p_entropy     Entropy context
+ * \param custom        Personalization data (Device specific identifiers)
+ *                      (Can be NULL)
+ * \param len           Length of personalization data
+ *
+ * \note                The "security strength" as defined by NIST is set to:
+ *                      128 bits if md_alg is SHA-1,
+ *                      192 bits if md_alg is SHA-224,
+ *                      256 bits if md_alg is SHA-256 or higher.
+ *                      Note that SHA-256 is just as efficient as SHA-224.
+ *
+ * \return              0 if successful, or
+ *                      MBEDTLS_ERR_MD_BAD_INPUT_DATA, or
+ *                      MBEDTLS_ERR_MD_ALLOC_FAILED, or
+ *                      MBEDTLS_ERR_HMAC_DRBG_ENTROPY_SOURCE_FAILED.
+ */
+int mbedtls_hmac_drbg_seed( mbedtls_hmac_drbg_context *ctx,
+                    const mbedtls_md_info_t * md_info,
+                    int (*f_entropy)(void *, unsigned char *, size_t),
+                    void *p_entropy,
+                    const unsigned char *custom,
+                    size_t len );
+
+/**
+ * \brief               Initilisation of simpified HMAC_DRBG (never reseeds).
+ *                      (For use with deterministic ECDSA.)
+ *
+ * \param ctx           HMAC_DRBG context to be initialised
+ * \param md_info       MD algorithm to use for HMAC_DRBG
+ * \param data          Concatenation of entropy string and additional data
+ * \param data_len      Length of data in bytes
+ *
+ * \return              0 if successful, or
+ *                      MBEDTLS_ERR_MD_BAD_INPUT_DATA, or
+ *                      MBEDTLS_ERR_MD_ALLOC_FAILED.
+ */
+int mbedtls_hmac_drbg_seed_buf( mbedtls_hmac_drbg_context *ctx,
+                        const mbedtls_md_info_t * md_info,
+                        const unsigned char *data, size_t data_len );
+
+/**
+ * \brief               Enable / disable prediction resistance (Default: Off)
+ *
+ * Note: If enabled, entropy is used for ctx->entropy_len before each call!
+ *       Only use this if you have ample supply of good entropy!
+ *
+ * \param ctx           HMAC_DRBG context
+ * \param resistance    MBEDTLS_HMAC_DRBG_PR_ON or MBEDTLS_HMAC_DRBG_PR_OFF
+ */
+void mbedtls_hmac_drbg_set_prediction_resistance( mbedtls_hmac_drbg_context *ctx,
+                                          int resistance );
+
+/**
+ * \brief               Set the amount of entropy grabbed on each reseed
+ *                      (Default: given by the security strength, which
+ *                      depends on the hash used, see \c mbedtls_hmac_drbg_init() )
+ *
+ * \param ctx           HMAC_DRBG context
+ * \param len           Amount of entropy to grab, in bytes
+ */
+void mbedtls_hmac_drbg_set_entropy_len( mbedtls_hmac_drbg_context *ctx,
+                                size_t len );
+
+/**
+ * \brief               Set the reseed interval
+ *                      (Default: MBEDTLS_HMAC_DRBG_RESEED_INTERVAL)
+ *
+ * \param ctx           HMAC_DRBG context
+ * \param interval      Reseed interval
+ */
+void mbedtls_hmac_drbg_set_reseed_interval( mbedtls_hmac_drbg_context *ctx,
+                                    int interval );
+
+/**
+ * \brief               HMAC_DRBG update state
+ *
+ * \param ctx           HMAC_DRBG context
+ * \param additional    Additional data to update state with, or NULL
+ * \param add_len       Length of additional data, or 0
+ *
+ * \note                Additional data is optional, pass NULL and 0 as second
+ *                      third argument if no additional data is being used.
+ */
+void mbedtls_hmac_drbg_update( mbedtls_hmac_drbg_context *ctx,
+                       const unsigned char *additional, size_t add_len );
+
+/**
+ * \brief               HMAC_DRBG reseeding (extracts data from entropy source)
+ *
+ * \param ctx           HMAC_DRBG context
+ * \param additional    Additional data to add to state (Can be NULL)
+ * \param len           Length of additional data
+ *
+ * \return              0 if successful, or
+ *                      MBEDTLS_ERR_HMAC_DRBG_ENTROPY_SOURCE_FAILED
+ */
+int mbedtls_hmac_drbg_reseed( mbedtls_hmac_drbg_context *ctx,
+                      const unsigned char *additional, size_t len );
+
+/**
+ * \brief               HMAC_DRBG generate random with additional update input
+ *
+ * Note: Automatically reseeds if reseed_counter is reached or PR is enabled.
+ *
+ * \param p_rng         HMAC_DRBG context
+ * \param output        Buffer to fill
+ * \param output_len    Length of the buffer
+ * \param additional    Additional data to update with (can be NULL)
+ * \param add_len       Length of additional data (can be 0)
+ *
+ * \return              0 if successful, or
+ *                      MBEDTLS_ERR_HMAC_DRBG_ENTROPY_SOURCE_FAILED, or
+ *                      MBEDTLS_ERR_HMAC_DRBG_REQUEST_TOO_BIG, or
+ *                      MBEDTLS_ERR_HMAC_DRBG_INPUT_TOO_BIG.
+ */
+int mbedtls_hmac_drbg_random_with_add( void *p_rng,
+                               unsigned char *output, size_t output_len,
+                               const unsigned char *additional,
+                               size_t add_len );
+
+/**
+ * \brief               HMAC_DRBG generate random
+ *
+ * Note: Automatically reseeds if reseed_counter is reached or PR is enabled.
+ *
+ * \param p_rng         HMAC_DRBG context
+ * \param output        Buffer to fill
+ * \param out_len       Length of the buffer
+ *
+ * \return              0 if successful, or
+ *                      MBEDTLS_ERR_HMAC_DRBG_ENTROPY_SOURCE_FAILED, or
+ *                      MBEDTLS_ERR_HMAC_DRBG_REQUEST_TOO_BIG
+ */
+int mbedtls_hmac_drbg_random( void *p_rng, unsigned char *output, size_t out_len );
+
+/**
+ * \brief               Free an HMAC_DRBG context
+ *
+ * \param ctx           HMAC_DRBG context to free.
+ */
+void mbedtls_hmac_drbg_free( mbedtls_hmac_drbg_context *ctx );
+
+#if defined(MBEDTLS_FS_IO)
+/**
+ * \brief               Write a seed file
+ *
+ * \param ctx           HMAC_DRBG context
+ * \param path          Name of the file
+ *
+ * \return              0 if successful, 1 on file error, or
+ *                      MBEDTLS_ERR_HMAC_DRBG_ENTROPY_SOURCE_FAILED
+ */
+int mbedtls_hmac_drbg_write_seed_file( mbedtls_hmac_drbg_context *ctx, const char *path );
+
+/**
+ * \brief               Read and update a seed file. Seed is added to this
+ *                      instance
+ *
+ * \param ctx           HMAC_DRBG context
+ * \param path          Name of the file
+ *
+ * \return              0 if successful, 1 on file error,
+ *                      MBEDTLS_ERR_HMAC_DRBG_ENTROPY_SOURCE_FAILED or
+ *                      MBEDTLS_ERR_HMAC_DRBG_INPUT_TOO_BIG
+ */
+int mbedtls_hmac_drbg_update_seed_file( mbedtls_hmac_drbg_context *ctx, const char *path );
+#endif /* MBEDTLS_FS_IO */
+
+
+#if defined(MBEDTLS_SELF_TEST)
+/**
+ * \brief               Checkup routine
+ *
+ * \return              0 if successful, or 1 if the test failed
+ */
+int mbedtls_hmac_drbg_self_test( int verbose );
+#endif
+
+#ifdef __cplusplus
+}
+#endif
+
+#endif /* hmac_drbg.h */
diff --git a/client/3rd/ShadowSocks/ShadowSocks/mbedtls/include/mbedtls/LICENSE b/client/3rd/ShadowSocks/ShadowSocks/mbedtls/include/mbedtls/LICENSE
new file mode 100644
index 00000000..546a8e63
--- /dev/null
+++ b/client/3rd/ShadowSocks/ShadowSocks/mbedtls/include/mbedtls/LICENSE
@@ -0,0 +1,2 @@
+Unless specifically indicated otherwise in a file, files are licensed
+under the Apache 2.0 license, as can be found in: apache-2.0.txt
diff --git a/client/3rd/ShadowSocks/ShadowSocks/mbedtls/include/mbedtls/aes.h b/client/3rd/ShadowSocks/ShadowSocks/mbedtls/include/mbedtls/aes.h
new file mode 100644
index 00000000..a36e825a
--- /dev/null
+++ b/client/3rd/ShadowSocks/ShadowSocks/mbedtls/include/mbedtls/aes.h
@@ -0,0 +1,297 @@
+/**
+ * \file aes.h
+ *
+ * \brief AES block cipher
+ *
+ *  Copyright (C) 2006-2015, ARM Limited, All Rights Reserved
+ *  SPDX-License-Identifier: Apache-2.0
+ *
+ *  Licensed under the Apache License, Version 2.0 (the "License"); you may
+ *  not use this file except in compliance with the License.
+ *  You may obtain a copy of the License at
+ *
+ *  http://www.apache.org/licenses/LICENSE-2.0
+ *
+ *  Unless required by applicable law or agreed to in writing, software
+ *  distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
+ *  WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ *  See the License for the specific language governing permissions and
+ *  limitations under the License.
+ *
+ *  This file is part of mbed TLS (https://tls.mbed.org)
+ */
+#ifndef MBEDTLS_AES_H
+#define MBEDTLS_AES_H
+
+#if !defined(MBEDTLS_CONFIG_FILE)
+#include "config.h"
+#else
+#include MBEDTLS_CONFIG_FILE
+#endif
+
+#include <stddef.h>
+#include <stdint.h>
+
+/* padlock.c and aesni.c rely on these values! */
+#define MBEDTLS_AES_ENCRYPT     1
+#define MBEDTLS_AES_DECRYPT     0
+
+#define MBEDTLS_ERR_AES_INVALID_KEY_LENGTH                -0x0020  /**< Invalid key length. */
+#define MBEDTLS_ERR_AES_INVALID_INPUT_LENGTH              -0x0022  /**< Invalid data input length. */
+
+#if !defined(MBEDTLS_AES_ALT)
+// Regular implementation
+//
+
+#ifdef __cplusplus
+extern "C" {
+#endif
+
+/**
+ * \brief          AES context structure
+ *
+ * \note           buf is able to hold 32 extra bytes, which can be used:
+ *                 - for alignment purposes if VIA padlock is used, and/or
+ *                 - to simplify key expansion in the 256-bit case by
+ *                 generating an extra round key
+ */
+typedef struct
+{
+    int nr;                     /*!<  number of rounds  */
+    uint32_t *rk;               /*!<  AES round keys    */
+    uint32_t buf[68];           /*!<  unaligned data    */
+}
+mbedtls_aes_context;
+
+/**
+ * \brief          Initialize AES context
+ *
+ * \param ctx      AES context to be initialized
+ */
+void mbedtls_aes_init( mbedtls_aes_context *ctx );
+
+/**
+ * \brief          Clear AES context
+ *
+ * \param ctx      AES context to be cleared
+ */
+void mbedtls_aes_free( mbedtls_aes_context *ctx );
+
+/**
+ * \brief          AES key schedule (encryption)
+ *
+ * \param ctx      AES context to be initialized
+ * \param key      encryption key
+ * \param keybits  must be 128, 192 or 256
+ *
+ * \return         0 if successful, or MBEDTLS_ERR_AES_INVALID_KEY_LENGTH
+ */
+int mbedtls_aes_setkey_enc( mbedtls_aes_context *ctx, const unsigned char *key,
+                    unsigned int keybits );
+
+/**
+ * \brief          AES key schedule (decryption)
+ *
+ * \param ctx      AES context to be initialized
+ * \param key      decryption key
+ * \param keybits  must be 128, 192 or 256
+ *
+ * \return         0 if successful, or MBEDTLS_ERR_AES_INVALID_KEY_LENGTH
+ */
+int mbedtls_aes_setkey_dec( mbedtls_aes_context *ctx, const unsigned char *key,
+                    unsigned int keybits );
+
+/**
+ * \brief          AES-ECB block encryption/decryption
+ *
+ * \param ctx      AES context
+ * \param mode     MBEDTLS_AES_ENCRYPT or MBEDTLS_AES_DECRYPT
+ * \param input    16-byte input block
+ * \param output   16-byte output block
+ *
+ * \return         0 if successful
+ */
+int mbedtls_aes_crypt_ecb( mbedtls_aes_context *ctx,
+                    int mode,
+                    const unsigned char input[16],
+                    unsigned char output[16] );
+
+#if defined(MBEDTLS_CIPHER_MODE_CBC)
+/**
+ * \brief          AES-CBC buffer encryption/decryption
+ *                 Length should be a multiple of the block
+ *                 size (16 bytes)
+ *
+ * \note           Upon exit, the content of the IV is updated so that you can
+ *                 call the function same function again on the following
+ *                 block(s) of data and get the same result as if it was
+ *                 encrypted in one call. This allows a "streaming" usage.
+ *                 If on the other hand you need to retain the contents of the
+ *                 IV, you should either save it manually or use the cipher
+ *                 module instead.
+ *
+ * \param ctx      AES context
+ * \param mode     MBEDTLS_AES_ENCRYPT or MBEDTLS_AES_DECRYPT
+ * \param length   length of the input data
+ * \param iv       initialization vector (updated after use)
+ * \param input    buffer holding the input data
+ * \param output   buffer holding the output data
+ *
+ * \return         0 if successful, or MBEDTLS_ERR_AES_INVALID_INPUT_LENGTH
+ */
+int mbedtls_aes_crypt_cbc( mbedtls_aes_context *ctx,
+                    int mode,
+                    size_t length,
+                    unsigned char iv[16],
+                    const unsigned char *input,
+                    unsigned char *output );
+#endif /* MBEDTLS_CIPHER_MODE_CBC */
+
+#if defined(MBEDTLS_CIPHER_MODE_CFB)
+/**
+ * \brief          AES-CFB128 buffer encryption/decryption.
+ *
+ * Note: Due to the nature of CFB you should use the same key schedule for
+ * both encryption and decryption. So a context initialized with
+ * mbedtls_aes_setkey_enc() for both MBEDTLS_AES_ENCRYPT and MBEDTLS_AES_DECRYPT.
+ *
+ * \note           Upon exit, the content of the IV is updated so that you can
+ *                 call the function same function again on the following
+ *                 block(s) of data and get the same result as if it was
+ *                 encrypted in one call. This allows a "streaming" usage.
+ *                 If on the other hand you need to retain the contents of the
+ *                 IV, you should either save it manually or use the cipher
+ *                 module instead.
+ *
+ * \param ctx      AES context
+ * \param mode     MBEDTLS_AES_ENCRYPT or MBEDTLS_AES_DECRYPT
+ * \param length   length of the input data
+ * \param iv_off   offset in IV (updated after use)
+ * \param iv       initialization vector (updated after use)
+ * \param input    buffer holding the input data
+ * \param output   buffer holding the output data
+ *
+ * \return         0 if successful
+ */
+int mbedtls_aes_crypt_cfb128( mbedtls_aes_context *ctx,
+                       int mode,
+                       size_t length,
+                       size_t *iv_off,
+                       unsigned char iv[16],
+                       const unsigned char *input,
+                       unsigned char *output );
+
+/**
+ * \brief          AES-CFB8 buffer encryption/decryption.
+ *
+ * Note: Due to the nature of CFB you should use the same key schedule for
+ * both encryption and decryption. So a context initialized with
+ * mbedtls_aes_setkey_enc() for both MBEDTLS_AES_ENCRYPT and MBEDTLS_AES_DECRYPT.
+ *
+ * \note           Upon exit, the content of the IV is updated so that you can
+ *                 call the function same function again on the following
+ *                 block(s) of data and get the same result as if it was
+ *                 encrypted in one call. This allows a "streaming" usage.
+ *                 If on the other hand you need to retain the contents of the
+ *                 IV, you should either save it manually or use the cipher
+ *                 module instead.
+ *
+ * \param ctx      AES context
+ * \param mode     MBEDTLS_AES_ENCRYPT or MBEDTLS_AES_DECRYPT
+ * \param length   length of the input data
+ * \param iv       initialization vector (updated after use)
+ * \param input    buffer holding the input data
+ * \param output   buffer holding the output data
+ *
+ * \return         0 if successful
+ */
+int mbedtls_aes_crypt_cfb8( mbedtls_aes_context *ctx,
+                    int mode,
+                    size_t length,
+                    unsigned char iv[16],
+                    const unsigned char *input,
+                    unsigned char *output );
+#endif /*MBEDTLS_CIPHER_MODE_CFB */
+
+#if defined(MBEDTLS_CIPHER_MODE_CTR)
+/**
+ * \brief               AES-CTR buffer encryption/decryption
+ *
+ * Warning: You have to keep the maximum use of your counter in mind!
+ *
+ * Note: Due to the nature of CTR you should use the same key schedule for
+ * both encryption and decryption. So a context initialized with
+ * mbedtls_aes_setkey_enc() for both MBEDTLS_AES_ENCRYPT and MBEDTLS_AES_DECRYPT.
+ *
+ * \param ctx           AES context
+ * \param length        The length of the data
+ * \param nc_off        The offset in the current stream_block (for resuming
+ *                      within current cipher stream). The offset pointer to
+ *                      should be 0 at the start of a stream.
+ * \param nonce_counter The 128-bit nonce and counter.
+ * \param stream_block  The saved stream-block for resuming. Is overwritten
+ *                      by the function.
+ * \param input         The input data stream
+ * \param output        The output data stream
+ *
+ * \return         0 if successful
+ */
+int mbedtls_aes_crypt_ctr( mbedtls_aes_context *ctx,
+                       size_t length,
+                       size_t *nc_off,
+                       unsigned char nonce_counter[16],
+                       unsigned char stream_block[16],
+                       const unsigned char *input,
+                       unsigned char *output );
+#endif /* MBEDTLS_CIPHER_MODE_CTR */
+
+/**
+ * \brief           Internal AES block encryption function
+ *                  (Only exposed to allow overriding it,
+ *                  see MBEDTLS_AES_ENCRYPT_ALT)
+ *
+ * \param ctx       AES context
+ * \param input     Plaintext block
+ * \param output    Output (ciphertext) block
+ */
+void mbedtls_aes_encrypt( mbedtls_aes_context *ctx,
+                          const unsigned char input[16],
+                          unsigned char output[16] );
+
+/**
+ * \brief           Internal AES block decryption function
+ *                  (Only exposed to allow overriding it,
+ *                  see MBEDTLS_AES_DECRYPT_ALT)
+ *
+ * \param ctx       AES context
+ * \param input     Ciphertext block
+ * \param output    Output (plaintext) block
+ */
+void mbedtls_aes_decrypt( mbedtls_aes_context *ctx,
+                          const unsigned char input[16],
+                          unsigned char output[16] );
+
+#ifdef __cplusplus
+}
+#endif
+
+#else  /* MBEDTLS_AES_ALT */
+#include "aes_alt.h"
+#endif /* MBEDTLS_AES_ALT */
+
+#ifdef __cplusplus
+extern "C" {
+#endif
+
+/**
+ * \brief          Checkup routine
+ *
+ * \return         0 if successful, or 1 if the test failed
+ */
+int mbedtls_aes_self_test( int verbose );
+
+#ifdef __cplusplus
+}
+#endif
+
+#endif /* aes.h */
diff --git a/client/3rd/ShadowSocks/ShadowSocks/mbedtls/include/mbedtls/aesni.h b/client/3rd/ShadowSocks/ShadowSocks/mbedtls/include/mbedtls/aesni.h
new file mode 100644
index 00000000..b1b7f1cd
--- /dev/null
+++ b/client/3rd/ShadowSocks/ShadowSocks/mbedtls/include/mbedtls/aesni.h
@@ -0,0 +1,111 @@
+/**
+ * \file aesni.h
+ *
+ * \brief AES-NI for hardware AES acceleration on some Intel processors
+ *
+ *  Copyright (C) 2006-2015, ARM Limited, All Rights Reserved
+ *  SPDX-License-Identifier: Apache-2.0
+ *
+ *  Licensed under the Apache License, Version 2.0 (the "License"); you may
+ *  not use this file except in compliance with the License.
+ *  You may obtain a copy of the License at
+ *
+ *  http://www.apache.org/licenses/LICENSE-2.0
+ *
+ *  Unless required by applicable law or agreed to in writing, software
+ *  distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
+ *  WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ *  See the License for the specific language governing permissions and
+ *  limitations under the License.
+ *
+ *  This file is part of mbed TLS (https://tls.mbed.org)
+ */
+#ifndef MBEDTLS_AESNI_H
+#define MBEDTLS_AESNI_H
+
+#include "aes.h"
+
+#define MBEDTLS_AESNI_AES      0x02000000u
+#define MBEDTLS_AESNI_CLMUL    0x00000002u
+
+#if defined(MBEDTLS_HAVE_ASM) && defined(__GNUC__) &&  \
+    ( defined(__amd64__) || defined(__x86_64__) )   &&  \
+    ! defined(MBEDTLS_HAVE_X86_64)
+#define MBEDTLS_HAVE_X86_64
+#endif
+
+#if defined(MBEDTLS_HAVE_X86_64)
+
+#ifdef __cplusplus
+extern "C" {
+#endif
+
+/**
+ * \brief          AES-NI features detection routine
+ *
+ * \param what     The feature to detect
+ *                 (MBEDTLS_AESNI_AES or MBEDTLS_AESNI_CLMUL)
+ *
+ * \return         1 if CPU has support for the feature, 0 otherwise
+ */
+int mbedtls_aesni_has_support( unsigned int what );
+
+/**
+ * \brief          AES-NI AES-ECB block en(de)cryption
+ *
+ * \param ctx      AES context
+ * \param mode     MBEDTLS_AES_ENCRYPT or MBEDTLS_AES_DECRYPT
+ * \param input    16-byte input block
+ * \param output   16-byte output block
+ *
+ * \return         0 on success (cannot fail)
+ */
+int mbedtls_aesni_crypt_ecb( mbedtls_aes_context *ctx,
+                     int mode,
+                     const unsigned char input[16],
+                     unsigned char output[16] );
+
+/**
+ * \brief          GCM multiplication: c = a * b in GF(2^128)
+ *
+ * \param c        Result
+ * \param a        First operand
+ * \param b        Second operand
+ *
+ * \note           Both operands and result are bit strings interpreted as
+ *                 elements of GF(2^128) as per the GCM spec.
+ */
+void mbedtls_aesni_gcm_mult( unsigned char c[16],
+                     const unsigned char a[16],
+                     const unsigned char b[16] );
+
+/**
+ * \brief           Compute decryption round keys from encryption round keys
+ *
+ * \param invkey    Round keys for the equivalent inverse cipher
+ * \param fwdkey    Original round keys (for encryption)
+ * \param nr        Number of rounds (that is, number of round keys minus one)
+ */
+void mbedtls_aesni_inverse_key( unsigned char *invkey,
+                        const unsigned char *fwdkey, int nr );
+
+/**
+ * \brief           Perform key expansion (for encryption)
+ *
+ * \param rk        Destination buffer where the round keys are written
+ * \param key       Encryption key
+ * \param bits      Key size in bits (must be 128, 192 or 256)
+ *
+ * \return          0 if successful, or MBEDTLS_ERR_AES_INVALID_KEY_LENGTH
+ */
+int mbedtls_aesni_setkey_enc( unsigned char *rk,
+                      const unsigned char *key,
+                      size_t bits );
+
+#ifdef __cplusplus
+}
+#endif
+
+#endif /* MBEDTLS_HAVE_X86_64 */
+
+#endif /* MBEDTLS_AESNI_H */
diff --git a/client/3rd/ShadowSocks/ShadowSocks/mbedtls/include/mbedtls/arc4.h b/client/3rd/ShadowSocks/ShadowSocks/mbedtls/include/mbedtls/arc4.h
new file mode 100644
index 00000000..5fc5395a
--- /dev/null
+++ b/client/3rd/ShadowSocks/ShadowSocks/mbedtls/include/mbedtls/arc4.h
@@ -0,0 +1,113 @@
+/**
+ * \file arc4.h
+ *
+ * \brief The ARCFOUR stream cipher
+ *
+ *  Copyright (C) 2006-2015, ARM Limited, All Rights Reserved
+ *  SPDX-License-Identifier: Apache-2.0
+ *
+ *  Licensed under the Apache License, Version 2.0 (the "License"); you may
+ *  not use this file except in compliance with the License.
+ *  You may obtain a copy of the License at
+ *
+ *  http://www.apache.org/licenses/LICENSE-2.0
+ *
+ *  Unless required by applicable law or agreed to in writing, software
+ *  distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
+ *  WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ *  See the License for the specific language governing permissions and
+ *  limitations under the License.
+ *
+ *  This file is part of mbed TLS (https://tls.mbed.org)
+ */
+#ifndef MBEDTLS_ARC4_H
+#define MBEDTLS_ARC4_H
+
+#if !defined(MBEDTLS_CONFIG_FILE)
+#include "config.h"
+#else
+#include MBEDTLS_CONFIG_FILE
+#endif
+
+#include <stddef.h>
+
+#if !defined(MBEDTLS_ARC4_ALT)
+// Regular implementation
+//
+
+#ifdef __cplusplus
+extern "C" {
+#endif
+
+/**
+ * \brief          ARC4 context structure
+ */
+typedef struct
+{
+    int x;                      /*!< permutation index */
+    int y;                      /*!< permutation index */
+    unsigned char m[256];       /*!< permutation table */
+}
+mbedtls_arc4_context;
+
+/**
+ * \brief          Initialize ARC4 context
+ *
+ * \param ctx      ARC4 context to be initialized
+ */
+void mbedtls_arc4_init( mbedtls_arc4_context *ctx );
+
+/**
+ * \brief          Clear ARC4 context
+ *
+ * \param ctx      ARC4 context to be cleared
+ */
+void mbedtls_arc4_free( mbedtls_arc4_context *ctx );
+
+/**
+ * \brief          ARC4 key schedule
+ *
+ * \param ctx      ARC4 context to be setup
+ * \param key      the secret key
+ * \param keylen   length of the key, in bytes
+ */
+void mbedtls_arc4_setup( mbedtls_arc4_context *ctx, const unsigned char *key,
+                 unsigned int keylen );
+
+/**
+ * \brief          ARC4 cipher function
+ *
+ * \param ctx      ARC4 context
+ * \param length   length of the input data
+ * \param input    buffer holding the input data
+ * \param output   buffer for the output data
+ *
+ * \return         0 if successful
+ */
+int mbedtls_arc4_crypt( mbedtls_arc4_context *ctx, size_t length, const unsigned char *input,
+                unsigned char *output );
+
+#ifdef __cplusplus
+}
+#endif
+
+#else  /* MBEDTLS_ARC4_ALT */
+#include "arc4_alt.h"
+#endif /* MBEDTLS_ARC4_ALT */
+
+#ifdef __cplusplus
+extern "C" {
+#endif
+
+/**
+ * \brief          Checkup routine
+ *
+ * \return         0 if successful, or 1 if the test failed
+ */
+int mbedtls_arc4_self_test( int verbose );
+
+#ifdef __cplusplus
+}
+#endif
+
+#endif /* arc4.h */
diff --git a/client/3rd/ShadowSocks/ShadowSocks/mbedtls/include/mbedtls/asn1.h b/client/3rd/ShadowSocks/ShadowSocks/mbedtls/include/mbedtls/asn1.h
new file mode 100644
index 00000000..082832c8
--- /dev/null
+++ b/client/3rd/ShadowSocks/ShadowSocks/mbedtls/include/mbedtls/asn1.h
@@ -0,0 +1,342 @@
+/**
+ * \file asn1.h
+ *
+ * \brief Generic ASN.1 parsing
+ *
+ *  Copyright (C) 2006-2015, ARM Limited, All Rights Reserved
+ *  SPDX-License-Identifier: Apache-2.0
+ *
+ *  Licensed under the Apache License, Version 2.0 (the "License"); you may
+ *  not use this file except in compliance with the License.
+ *  You may obtain a copy of the License at
+ *
+ *  http://www.apache.org/licenses/LICENSE-2.0
+ *
+ *  Unless required by applicable law or agreed to in writing, software
+ *  distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
+ *  WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ *  See the License for the specific language governing permissions and
+ *  limitations under the License.
+ *
+ *  This file is part of mbed TLS (https://tls.mbed.org)
+ */
+#ifndef MBEDTLS_ASN1_H
+#define MBEDTLS_ASN1_H
+
+#if !defined(MBEDTLS_CONFIG_FILE)
+#include "config.h"
+#else
+#include MBEDTLS_CONFIG_FILE
+#endif
+
+#include <stddef.h>
+
+#if defined(MBEDTLS_BIGNUM_C)
+#include "bignum.h"
+#endif
+
+/**
+ * \addtogroup asn1_module
+ * \{
+ */
+
+/**
+ * \name ASN1 Error codes
+ * These error codes are OR'ed to X509 error codes for
+ * higher error granularity.
+ * ASN1 is a standard to specify data structures.
+ * \{
+ */
+#define MBEDTLS_ERR_ASN1_OUT_OF_DATA                      -0x0060  /**< Out of data when parsing an ASN1 data structure. */
+#define MBEDTLS_ERR_ASN1_UNEXPECTED_TAG                   -0x0062  /**< ASN1 tag was of an unexpected value. */
+#define MBEDTLS_ERR_ASN1_INVALID_LENGTH                   -0x0064  /**< Error when trying to determine the length or invalid length. */
+#define MBEDTLS_ERR_ASN1_LENGTH_MISMATCH                  -0x0066  /**< Actual length differs from expected length. */
+#define MBEDTLS_ERR_ASN1_INVALID_DATA                     -0x0068  /**< Data is invalid. (not used) */
+#define MBEDTLS_ERR_ASN1_ALLOC_FAILED                     -0x006A  /**< Memory allocation failed */
+#define MBEDTLS_ERR_ASN1_BUF_TOO_SMALL                    -0x006C  /**< Buffer too small when writing ASN.1 data structure. */
+
+/* \} name */
+
+/**
+ * \name DER constants
+ * These constants comply with DER encoded the ANS1 type tags.
+ * DER encoding uses hexadecimal representation.
+ * An example DER sequence is:\n
+ * - 0x02 -- tag indicating INTEGER
+ * - 0x01 -- length in octets
+ * - 0x05 -- value
+ * Such sequences are typically read into \c ::mbedtls_x509_buf.
+ * \{
+ */
+#define MBEDTLS_ASN1_BOOLEAN                 0x01
+#define MBEDTLS_ASN1_INTEGER                 0x02
+#define MBEDTLS_ASN1_BIT_STRING              0x03
+#define MBEDTLS_ASN1_OCTET_STRING            0x04
+#define MBEDTLS_ASN1_NULL                    0x05
+#define MBEDTLS_ASN1_OID                     0x06
+#define MBEDTLS_ASN1_UTF8_STRING             0x0C
+#define MBEDTLS_ASN1_SEQUENCE                0x10
+#define MBEDTLS_ASN1_SET                     0x11
+#define MBEDTLS_ASN1_PRINTABLE_STRING        0x13
+#define MBEDTLS_ASN1_T61_STRING              0x14
+#define MBEDTLS_ASN1_IA5_STRING              0x16
+#define MBEDTLS_ASN1_UTC_TIME                0x17
+#define MBEDTLS_ASN1_GENERALIZED_TIME        0x18
+#define MBEDTLS_ASN1_UNIVERSAL_STRING        0x1C
+#define MBEDTLS_ASN1_BMP_STRING              0x1E
+#define MBEDTLS_ASN1_PRIMITIVE               0x00
+#define MBEDTLS_ASN1_CONSTRUCTED             0x20
+#define MBEDTLS_ASN1_CONTEXT_SPECIFIC        0x80
+/* \} name */
+/* \} addtogroup asn1_module */
+
+/** Returns the size of the binary string, without the trailing \\0 */
+#define MBEDTLS_OID_SIZE(x) (sizeof(x) - 1)
+
+/**
+ * Compares an mbedtls_asn1_buf structure to a reference OID.
+ *
+ * Only works for 'defined' oid_str values (MBEDTLS_OID_HMAC_SHA1), you cannot use a
+ * 'unsigned char *oid' here!
+ */
+#define MBEDTLS_OID_CMP(oid_str, oid_buf)                                   \
+        ( ( MBEDTLS_OID_SIZE(oid_str) != (oid_buf)->len ) ||                \
+          memcmp( (oid_str), (oid_buf)->p, (oid_buf)->len) != 0 )
+
+#ifdef __cplusplus
+extern "C" {
+#endif
+
+/**
+ * \name Functions to parse ASN.1 data structures
+ * \{
+ */
+
+/**
+ * Type-length-value structure that allows for ASN1 using DER.
+ */
+typedef struct mbedtls_asn1_buf
+{
+    int tag;                /**< ASN1 type, e.g. MBEDTLS_ASN1_UTF8_STRING. */
+    size_t len;             /**< ASN1 length, in octets. */
+    unsigned char *p;       /**< ASN1 data, e.g. in ASCII. */
+}
+mbedtls_asn1_buf;
+
+/**
+ * Container for ASN1 bit strings.
+ */
+typedef struct mbedtls_asn1_bitstring
+{
+    size_t len;                 /**< ASN1 length, in octets. */
+    unsigned char unused_bits;  /**< Number of unused bits at the end of the string */
+    unsigned char *p;           /**< Raw ASN1 data for the bit string */
+}
+mbedtls_asn1_bitstring;
+
+/**
+ * Container for a sequence of ASN.1 items
+ */
+typedef struct mbedtls_asn1_sequence
+{
+    mbedtls_asn1_buf buf;                   /**< Buffer containing the given ASN.1 item. */
+    struct mbedtls_asn1_sequence *next;    /**< The next entry in the sequence. */
+}
+mbedtls_asn1_sequence;
+
+/**
+ * Container for a sequence or list of 'named' ASN.1 data items
+ */
+typedef struct mbedtls_asn1_named_data
+{
+    mbedtls_asn1_buf oid;                   /**< The object identifier. */
+    mbedtls_asn1_buf val;                   /**< The named value. */
+    struct mbedtls_asn1_named_data *next;  /**< The next entry in the sequence. */
+    unsigned char next_merged;      /**< Merge next item into the current one? */
+}
+mbedtls_asn1_named_data;
+
+/**
+ * \brief       Get the length of an ASN.1 element.
+ *              Updates the pointer to immediately behind the length.
+ *
+ * \param p     The position in the ASN.1 data
+ * \param end   End of data
+ * \param len   The variable that will receive the value
+ *
+ * \return      0 if successful, MBEDTLS_ERR_ASN1_OUT_OF_DATA on reaching
+ *              end of data, MBEDTLS_ERR_ASN1_INVALID_LENGTH if length is
+ *              unparseable.
+ */
+int mbedtls_asn1_get_len( unsigned char **p,
+                  const unsigned char *end,
+                  size_t *len );
+
+/**
+ * \brief       Get the tag and length of the tag. Check for the requested tag.
+ *              Updates the pointer to immediately behind the tag and length.
+ *
+ * \param p     The position in the ASN.1 data
+ * \param end   End of data
+ * \param len   The variable that will receive the length
+ * \param tag   The expected tag
+ *
+ * \return      0 if successful, MBEDTLS_ERR_ASN1_UNEXPECTED_TAG if tag did
+ *              not match requested tag, or another specific ASN.1 error code.
+ */
+int mbedtls_asn1_get_tag( unsigned char **p,
+                  const unsigned char *end,
+                  size_t *len, int tag );
+
+/**
+ * \brief       Retrieve a boolean ASN.1 tag and its value.
+ *              Updates the pointer to immediately behind the full tag.
+ *
+ * \param p     The position in the ASN.1 data
+ * \param end   End of data
+ * \param val   The variable that will receive the value
+ *
+ * \return      0 if successful or a specific ASN.1 error code.
+ */
+int mbedtls_asn1_get_bool( unsigned char **p,
+                   const unsigned char *end,
+                   int *val );
+
+/**
+ * \brief       Retrieve an integer ASN.1 tag and its value.
+ *              Updates the pointer to immediately behind the full tag.
+ *
+ * \param p     The position in the ASN.1 data
+ * \param end   End of data
+ * \param val   The variable that will receive the value
+ *
+ * \return      0 if successful or a specific ASN.1 error code.
+ */
+int mbedtls_asn1_get_int( unsigned char **p,
+                  const unsigned char *end,
+                  int *val );
+
+/**
+ * \brief       Retrieve a bitstring ASN.1 tag and its value.
+ *              Updates the pointer to immediately behind the full tag.
+ *
+ * \param p     The position in the ASN.1 data
+ * \param end   End of data
+ * \param bs    The variable that will receive the value
+ *
+ * \return      0 if successful or a specific ASN.1 error code.
+ */
+int mbedtls_asn1_get_bitstring( unsigned char **p, const unsigned char *end,
+                        mbedtls_asn1_bitstring *bs);
+
+/**
+ * \brief       Retrieve a bitstring ASN.1 tag without unused bits and its
+ *              value.
+ *              Updates the pointer to the beginning of the bit/octet string.
+ *
+ * \param p     The position in the ASN.1 data
+ * \param end   End of data
+ * \param len   Length of the actual bit/octect string in bytes
+ *
+ * \return      0 if successful or a specific ASN.1 error code.
+ */
+int mbedtls_asn1_get_bitstring_null( unsigned char **p, const unsigned char *end,
+                             size_t *len );
+
+/**
+ * \brief       Parses and splits an ASN.1 "SEQUENCE OF <tag>"
+ *              Updated the pointer to immediately behind the full sequence tag.
+ *
+ * \param p     The position in the ASN.1 data
+ * \param end   End of data
+ * \param cur   First variable in the chain to fill
+ * \param tag   Type of sequence
+ *
+ * \return      0 if successful or a specific ASN.1 error code.
+ */
+int mbedtls_asn1_get_sequence_of( unsigned char **p,
+                          const unsigned char *end,
+                          mbedtls_asn1_sequence *cur,
+                          int tag);
+
+#if defined(MBEDTLS_BIGNUM_C)
+/**
+ * \brief       Retrieve a MPI value from an integer ASN.1 tag.
+ *              Updates the pointer to immediately behind the full tag.
+ *
+ * \param p     The position in the ASN.1 data
+ * \param end   End of data
+ * \param X     The MPI that will receive the value
+ *
+ * \return      0 if successful or a specific ASN.1 or MPI error code.
+ */
+int mbedtls_asn1_get_mpi( unsigned char **p,
+                  const unsigned char *end,
+                  mbedtls_mpi *X );
+#endif /* MBEDTLS_BIGNUM_C */
+
+/**
+ * \brief       Retrieve an AlgorithmIdentifier ASN.1 sequence.
+ *              Updates the pointer to immediately behind the full
+ *              AlgorithmIdentifier.
+ *
+ * \param p     The position in the ASN.1 data
+ * \param end   End of data
+ * \param alg   The buffer to receive the OID
+ * \param params The buffer to receive the params (if any)
+ *
+ * \return      0 if successful or a specific ASN.1 or MPI error code.
+ */
+int mbedtls_asn1_get_alg( unsigned char **p,
+                  const unsigned char *end,
+                  mbedtls_asn1_buf *alg, mbedtls_asn1_buf *params );
+
+/**
+ * \brief       Retrieve an AlgorithmIdentifier ASN.1 sequence with NULL or no
+ *              params.
+ *              Updates the pointer to immediately behind the full
+ *              AlgorithmIdentifier.
+ *
+ * \param p     The position in the ASN.1 data
+ * \param end   End of data
+ * \param alg   The buffer to receive the OID
+ *
+ * \return      0 if successful or a specific ASN.1 or MPI error code.
+ */
+int mbedtls_asn1_get_alg_null( unsigned char **p,
+                       const unsigned char *end,
+                       mbedtls_asn1_buf *alg );
+
+/**
+ * \brief       Find a specific named_data entry in a sequence or list based on
+ *              the OID.
+ *
+ * \param list  The list to seek through
+ * \param oid   The OID to look for
+ * \param len   Size of the OID
+ *
+ * \return      NULL if not found, or a pointer to the existing entry.
+ */
+mbedtls_asn1_named_data *mbedtls_asn1_find_named_data( mbedtls_asn1_named_data *list,
+                                       const char *oid, size_t len );
+
+/**
+ * \brief       Free a mbedtls_asn1_named_data entry
+ *
+ * \param entry The named data entry to free
+ */
+void mbedtls_asn1_free_named_data( mbedtls_asn1_named_data *entry );
+
+/**
+ * \brief       Free all entries in a mbedtls_asn1_named_data list
+ *              Head will be set to NULL
+ *
+ * \param head  Pointer to the head of the list of named data entries to free
+ */
+void mbedtls_asn1_free_named_data_list( mbedtls_asn1_named_data **head );
+
+#ifdef __cplusplus
+}
+#endif
+
+#endif /* asn1.h */
diff --git a/client/3rd/ShadowSocks/ShadowSocks/mbedtls/include/mbedtls/asn1write.h b/client/3rd/ShadowSocks/ShadowSocks/mbedtls/include/mbedtls/asn1write.h
new file mode 100644
index 00000000..73ff32b6
--- /dev/null
+++ b/client/3rd/ShadowSocks/ShadowSocks/mbedtls/include/mbedtls/asn1write.h
@@ -0,0 +1,239 @@
+/**
+ * \file asn1write.h
+ *
+ * \brief ASN.1 buffer writing functionality
+ *
+ *  Copyright (C) 2006-2015, ARM Limited, All Rights Reserved
+ *  SPDX-License-Identifier: Apache-2.0
+ *
+ *  Licensed under the Apache License, Version 2.0 (the "License"); you may
+ *  not use this file except in compliance with the License.
+ *  You may obtain a copy of the License at
+ *
+ *  http://www.apache.org/licenses/LICENSE-2.0
+ *
+ *  Unless required by applicable law or agreed to in writing, software
+ *  distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
+ *  WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ *  See the License for the specific language governing permissions and
+ *  limitations under the License.
+ *
+ *  This file is part of mbed TLS (https://tls.mbed.org)
+ */
+#ifndef MBEDTLS_ASN1_WRITE_H
+#define MBEDTLS_ASN1_WRITE_H
+
+#include "asn1.h"
+
+#define MBEDTLS_ASN1_CHK_ADD(g, f) do { if( ( ret = f ) < 0 ) return( ret ); else   \
+                                g += ret; } while( 0 )
+
+#ifdef __cplusplus
+extern "C" {
+#endif
+
+/**
+ * \brief           Write a length field in ASN.1 format
+ *                  Note: function works backwards in data buffer
+ *
+ * \param p         reference to current position pointer
+ * \param start     start of the buffer (for bounds-checking)
+ * \param len       the length to write
+ *
+ * \return          the length written or a negative error code
+ */
+int mbedtls_asn1_write_len( unsigned char **p, unsigned char *start, size_t len );
+
+/**
+ * \brief           Write a ASN.1 tag in ASN.1 format
+ *                  Note: function works backwards in data buffer
+ *
+ * \param p         reference to current position pointer
+ * \param start     start of the buffer (for bounds-checking)
+ * \param tag       the tag to write
+ *
+ * \return          the length written or a negative error code
+ */
+int mbedtls_asn1_write_tag( unsigned char **p, unsigned char *start,
+                    unsigned char tag );
+
+/**
+ * \brief           Write raw buffer data
+ *                  Note: function works backwards in data buffer
+ *
+ * \param p         reference to current position pointer
+ * \param start     start of the buffer (for bounds-checking)
+ * \param buf       data buffer to write
+ * \param size      length of the data buffer
+ *
+ * \return          the length written or a negative error code
+ */
+int mbedtls_asn1_write_raw_buffer( unsigned char **p, unsigned char *start,
+                           const unsigned char *buf, size_t size );
+
+#if defined(MBEDTLS_BIGNUM_C)
+/**
+ * \brief           Write a big number (MBEDTLS_ASN1_INTEGER) in ASN.1 format
+ *                  Note: function works backwards in data buffer
+ *
+ * \param p         reference to current position pointer
+ * \param start     start of the buffer (for bounds-checking)
+ * \param X         the MPI to write
+ *
+ * \return          the length written or a negative error code
+ */
+int mbedtls_asn1_write_mpi( unsigned char **p, unsigned char *start, const mbedtls_mpi *X );
+#endif /* MBEDTLS_BIGNUM_C */
+
+/**
+ * \brief           Write a NULL tag (MBEDTLS_ASN1_NULL) with zero data in ASN.1 format
+ *                  Note: function works backwards in data buffer
+ *
+ * \param p         reference to current position pointer
+ * \param start     start of the buffer (for bounds-checking)
+ *
+ * \return          the length written or a negative error code
+ */
+int mbedtls_asn1_write_null( unsigned char **p, unsigned char *start );
+
+/**
+ * \brief           Write an OID tag (MBEDTLS_ASN1_OID) and data in ASN.1 format
+ *                  Note: function works backwards in data buffer
+ *
+ * \param p         reference to current position pointer
+ * \param start     start of the buffer (for bounds-checking)
+ * \param oid       the OID to write
+ * \param oid_len   length of the OID
+ *
+ * \return          the length written or a negative error code
+ */
+int mbedtls_asn1_write_oid( unsigned char **p, unsigned char *start,
+                    const char *oid, size_t oid_len );
+
+/**
+ * \brief           Write an AlgorithmIdentifier sequence in ASN.1 format
+ *                  Note: function works backwards in data buffer
+ *
+ * \param p         reference to current position pointer
+ * \param start     start of the buffer (for bounds-checking)
+ * \param oid       the OID of the algorithm
+ * \param oid_len   length of the OID
+ * \param par_len   length of parameters, which must be already written.
+ *                  If 0, NULL parameters are added
+ *
+ * \return          the length written or a negative error code
+ */
+int mbedtls_asn1_write_algorithm_identifier( unsigned char **p, unsigned char *start,
+                                     const char *oid, size_t oid_len,
+                                     size_t par_len );
+
+/**
+ * \brief           Write a boolean tag (MBEDTLS_ASN1_BOOLEAN) and value in ASN.1 format
+ *                  Note: function works backwards in data buffer
+ *
+ * \param p         reference to current position pointer
+ * \param start     start of the buffer (for bounds-checking)
+ * \param boolean   0 or 1
+ *
+ * \return          the length written or a negative error code
+ */
+int mbedtls_asn1_write_bool( unsigned char **p, unsigned char *start, int boolean );
+
+/**
+ * \brief           Write an int tag (MBEDTLS_ASN1_INTEGER) and value in ASN.1 format
+ *                  Note: function works backwards in data buffer
+ *
+ * \param p         reference to current position pointer
+ * \param start     start of the buffer (for bounds-checking)
+ * \param val       the integer value
+ *
+ * \return          the length written or a negative error code
+ */
+int mbedtls_asn1_write_int( unsigned char **p, unsigned char *start, int val );
+
+/**
+ * \brief           Write a printable string tag (MBEDTLS_ASN1_PRINTABLE_STRING) and
+ *                  value in ASN.1 format
+ *                  Note: function works backwards in data buffer
+ *
+ * \param p         reference to current position pointer
+ * \param start     start of the buffer (for bounds-checking)
+ * \param text      the text to write
+ * \param text_len  length of the text
+ *
+ * \return          the length written or a negative error code
+ */
+int mbedtls_asn1_write_printable_string( unsigned char **p, unsigned char *start,
+                                 const char *text, size_t text_len );
+
+/**
+ * \brief           Write an IA5 string tag (MBEDTLS_ASN1_IA5_STRING) and
+ *                  value in ASN.1 format
+ *                  Note: function works backwards in data buffer
+ *
+ * \param p         reference to current position pointer
+ * \param start     start of the buffer (for bounds-checking)
+ * \param text      the text to write
+ * \param text_len  length of the text
+ *
+ * \return          the length written or a negative error code
+ */
+int mbedtls_asn1_write_ia5_string( unsigned char **p, unsigned char *start,
+                           const char *text, size_t text_len );
+
+/**
+ * \brief           Write a bitstring tag (MBEDTLS_ASN1_BIT_STRING) and
+ *                  value in ASN.1 format
+ *                  Note: function works backwards in data buffer
+ *
+ * \param p         reference to current position pointer
+ * \param start     start of the buffer (for bounds-checking)
+ * \param buf       the bitstring
+ * \param bits      the total number of bits in the bitstring
+ *
+ * \return          the length written or a negative error code
+ */
+int mbedtls_asn1_write_bitstring( unsigned char **p, unsigned char *start,
+                          const unsigned char *buf, size_t bits );
+
+/**
+ * \brief           Write an octet string tag (MBEDTLS_ASN1_OCTET_STRING) and
+ *                  value in ASN.1 format
+ *                  Note: function works backwards in data buffer
+ *
+ * \param p         reference to current position pointer
+ * \param start     start of the buffer (for bounds-checking)
+ * \param buf       data buffer to write
+ * \param size      length of the data buffer
+ *
+ * \return          the length written or a negative error code
+ */
+int mbedtls_asn1_write_octet_string( unsigned char **p, unsigned char *start,
+                             const unsigned char *buf, size_t size );
+
+/**
+ * \brief           Create or find a specific named_data entry for writing in a
+ *                  sequence or list based on the OID. If not already in there,
+ *                  a new entry is added to the head of the list.
+ *                  Warning: Destructive behaviour for the val data!
+ *
+ * \param list      Pointer to the location of the head of the list to seek
+ *                  through (will be updated in case of a new entry)
+ * \param oid       The OID to look for
+ * \param oid_len   Size of the OID
+ * \param val       Data to store (can be NULL if you want to fill it by hand)
+ * \param val_len   Minimum length of the data buffer needed
+ *
+ * \return      NULL if if there was a memory allocation error, or a pointer
+ *              to the new / existing entry.
+ */
+mbedtls_asn1_named_data *mbedtls_asn1_store_named_data( mbedtls_asn1_named_data **list,
+                                        const char *oid, size_t oid_len,
+                                        const unsigned char *val,
+                                        size_t val_len );
+
+#ifdef __cplusplus
+}
+#endif
+
+#endif /* MBEDTLS_ASN1_WRITE_H */
diff --git a/client/3rd/ShadowSocks/ShadowSocks/mbedtls/include/mbedtls/base64.h b/client/3rd/ShadowSocks/ShadowSocks/mbedtls/include/mbedtls/base64.h
new file mode 100644
index 00000000..352c652d
--- /dev/null
+++ b/client/3rd/ShadowSocks/ShadowSocks/mbedtls/include/mbedtls/base64.h
@@ -0,0 +1,88 @@
+/**
+ * \file base64.h
+ *
+ * \brief RFC 1521 base64 encoding/decoding
+ *
+ *  Copyright (C) 2006-2015, ARM Limited, All Rights Reserved
+ *  SPDX-License-Identifier: Apache-2.0
+ *
+ *  Licensed under the Apache License, Version 2.0 (the "License"); you may
+ *  not use this file except in compliance with the License.
+ *  You may obtain a copy of the License at
+ *
+ *  http://www.apache.org/licenses/LICENSE-2.0
+ *
+ *  Unless required by applicable law or agreed to in writing, software
+ *  distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
+ *  WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ *  See the License for the specific language governing permissions and
+ *  limitations under the License.
+ *
+ *  This file is part of mbed TLS (https://tls.mbed.org)
+ */
+#ifndef MBEDTLS_BASE64_H
+#define MBEDTLS_BASE64_H
+
+#include <stddef.h>
+
+#define MBEDTLS_ERR_BASE64_BUFFER_TOO_SMALL               -0x002A  /**< Output buffer too small. */
+#define MBEDTLS_ERR_BASE64_INVALID_CHARACTER              -0x002C  /**< Invalid character in input. */
+
+#ifdef __cplusplus
+extern "C" {
+#endif
+
+/**
+ * \brief          Encode a buffer into base64 format
+ *
+ * \param dst      destination buffer
+ * \param dlen     size of the destination buffer
+ * \param olen     number of bytes written
+ * \param src      source buffer
+ * \param slen     amount of data to be encoded
+ *
+ * \return         0 if successful, or MBEDTLS_ERR_BASE64_BUFFER_TOO_SMALL.
+ *                 *olen is always updated to reflect the amount
+ *                 of data that has (or would have) been written.
+ *                 If that length cannot be represented, then no data is
+ *                 written to the buffer and *olen is set to the maximum
+ *                 length representable as a size_t.
+ *
+ * \note           Call this function with dlen = 0 to obtain the
+ *                 required buffer size in *olen
+ */
+int mbedtls_base64_encode( unsigned char *dst, size_t dlen, size_t *olen,
+                   const unsigned char *src, size_t slen );
+
+/**
+ * \brief          Decode a base64-formatted buffer
+ *
+ * \param dst      destination buffer (can be NULL for checking size)
+ * \param dlen     size of the destination buffer
+ * \param olen     number of bytes written
+ * \param src      source buffer
+ * \param slen     amount of data to be decoded
+ *
+ * \return         0 if successful, MBEDTLS_ERR_BASE64_BUFFER_TOO_SMALL, or
+ *                 MBEDTLS_ERR_BASE64_INVALID_CHARACTER if the input data is
+ *                 not correct. *olen is always updated to reflect the amount
+ *                 of data that has (or would have) been written.
+ *
+ * \note           Call this function with *dst = NULL or dlen = 0 to obtain
+ *                 the required buffer size in *olen
+ */
+int mbedtls_base64_decode( unsigned char *dst, size_t dlen, size_t *olen,
+                   const unsigned char *src, size_t slen );
+
+/**
+ * \brief          Checkup routine
+ *
+ * \return         0 if successful, or 1 if the test failed
+ */
+int mbedtls_base64_self_test( int verbose );
+
+#ifdef __cplusplus
+}
+#endif
+
+#endif /* base64.h */
diff --git a/client/3rd/ShadowSocks/ShadowSocks/mbedtls/include/mbedtls/bignum.h b/client/3rd/ShadowSocks/ShadowSocks/mbedtls/include/mbedtls/bignum.h
new file mode 100644
index 00000000..146224a2
--- /dev/null
+++ b/client/3rd/ShadowSocks/ShadowSocks/mbedtls/include/mbedtls/bignum.h
@@ -0,0 +1,716 @@
+/**
+ * \file bignum.h
+ *
+ * \brief  Multi-precision integer library
+ *
+ *  Copyright (C) 2006-2015, ARM Limited, All Rights Reserved
+ *  SPDX-License-Identifier: Apache-2.0
+ *
+ *  Licensed under the Apache License, Version 2.0 (the "License"); you may
+ *  not use this file except in compliance with the License.
+ *  You may obtain a copy of the License at
+ *
+ *  http://www.apache.org/licenses/LICENSE-2.0
+ *
+ *  Unless required by applicable law or agreed to in writing, software
+ *  distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
+ *  WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ *  See the License for the specific language governing permissions and
+ *  limitations under the License.
+ *
+ *  This file is part of mbed TLS (https://tls.mbed.org)
+ */
+#ifndef MBEDTLS_BIGNUM_H
+#define MBEDTLS_BIGNUM_H
+
+#if !defined(MBEDTLS_CONFIG_FILE)
+#include "config.h"
+#else
+#include MBEDTLS_CONFIG_FILE
+#endif
+
+#include <stddef.h>
+#include <stdint.h>
+
+#if defined(MBEDTLS_FS_IO)
+#include <stdio.h>
+#endif
+
+#define MBEDTLS_ERR_MPI_FILE_IO_ERROR                     -0x0002  /**< An error occurred while reading from or writing to a file. */
+#define MBEDTLS_ERR_MPI_BAD_INPUT_DATA                    -0x0004  /**< Bad input parameters to function. */
+#define MBEDTLS_ERR_MPI_INVALID_CHARACTER                 -0x0006  /**< There is an invalid character in the digit string. */
+#define MBEDTLS_ERR_MPI_BUFFER_TOO_SMALL                  -0x0008  /**< The buffer is too small to write to. */
+#define MBEDTLS_ERR_MPI_NEGATIVE_VALUE                    -0x000A  /**< The input arguments are negative or result in illegal output. */
+#define MBEDTLS_ERR_MPI_DIVISION_BY_ZERO                  -0x000C  /**< The input argument for division is zero, which is not allowed. */
+#define MBEDTLS_ERR_MPI_NOT_ACCEPTABLE                    -0x000E  /**< The input arguments are not acceptable. */
+#define MBEDTLS_ERR_MPI_ALLOC_FAILED                      -0x0010  /**< Memory allocation failed. */
+
+#define MBEDTLS_MPI_CHK(f) do { if( ( ret = f ) != 0 ) goto cleanup; } while( 0 )
+
+/*
+ * Maximum size MPIs are allowed to grow to in number of limbs.
+ */
+#define MBEDTLS_MPI_MAX_LIMBS                             10000
+
+#if !defined(MBEDTLS_MPI_WINDOW_SIZE)
+/*
+ * Maximum window size used for modular exponentiation. Default: 6
+ * Minimum value: 1. Maximum value: 6.
+ *
+ * Result is an array of ( 2 << MBEDTLS_MPI_WINDOW_SIZE ) MPIs used
+ * for the sliding window calculation. (So 64 by default)
+ *
+ * Reduction in size, reduces speed.
+ */
+#define MBEDTLS_MPI_WINDOW_SIZE                           6        /**< Maximum windows size used. */
+#endif /* !MBEDTLS_MPI_WINDOW_SIZE */
+
+#if !defined(MBEDTLS_MPI_MAX_SIZE)
+/*
+ * Maximum size of MPIs allowed in bits and bytes for user-MPIs.
+ * ( Default: 512 bytes => 4096 bits, Maximum tested: 2048 bytes => 16384 bits )
+ *
+ * Note: Calculations can results temporarily in larger MPIs. So the number
+ * of limbs required (MBEDTLS_MPI_MAX_LIMBS) is higher.
+ */
+#define MBEDTLS_MPI_MAX_SIZE                              1024     /**< Maximum number of bytes for usable MPIs. */
+#endif /* !MBEDTLS_MPI_MAX_SIZE */
+
+#define MBEDTLS_MPI_MAX_BITS                              ( 8 * MBEDTLS_MPI_MAX_SIZE )    /**< Maximum number of bits for usable MPIs. */
+
+/*
+ * When reading from files with mbedtls_mpi_read_file() and writing to files with
+ * mbedtls_mpi_write_file() the buffer should have space
+ * for a (short) label, the MPI (in the provided radix), the newline
+ * characters and the '\0'.
+ *
+ * By default we assume at least a 10 char label, a minimum radix of 10
+ * (decimal) and a maximum of 4096 bit numbers (1234 decimal chars).
+ * Autosized at compile time for at least a 10 char label, a minimum radix
+ * of 10 (decimal) for a number of MBEDTLS_MPI_MAX_BITS size.
+ *
+ * This used to be statically sized to 1250 for a maximum of 4096 bit
+ * numbers (1234 decimal chars).
+ *
+ * Calculate using the formula:
+ *  MBEDTLS_MPI_RW_BUFFER_SIZE = ceil(MBEDTLS_MPI_MAX_BITS / ln(10) * ln(2)) +
+ *                                LabelSize + 6
+ */
+#define MBEDTLS_MPI_MAX_BITS_SCALE100          ( 100 * MBEDTLS_MPI_MAX_BITS )
+#define MBEDTLS_LN_2_DIV_LN_10_SCALE100                 332
+#define MBEDTLS_MPI_RW_BUFFER_SIZE             ( ((MBEDTLS_MPI_MAX_BITS_SCALE100 + MBEDTLS_LN_2_DIV_LN_10_SCALE100 - 1) / MBEDTLS_LN_2_DIV_LN_10_SCALE100) + 10 + 6 )
+
+/*
+ * Define the base integer type, architecture-wise.
+ *
+ * 32-bit integers can be forced on 64-bit arches (eg. for testing purposes)
+ * by defining MBEDTLS_HAVE_INT32 and undefining MBEDTLS_HAVE_ASM
+ */
+#if ( ! defined(MBEDTLS_HAVE_INT32) && \
+        defined(_MSC_VER) && defined(_M_AMD64) )
+  #define MBEDTLS_HAVE_INT64
+  typedef  int64_t mbedtls_mpi_sint;
+  typedef uint64_t mbedtls_mpi_uint;
+#else
+  #if ( ! defined(MBEDTLS_HAVE_INT32) &&               \
+        defined(__GNUC__) && (                          \
+        defined(__amd64__) || defined(__x86_64__)    || \
+        defined(__ppc64__) || defined(__powerpc64__) || \
+        defined(__ia64__)  || defined(__alpha__)     || \
+        (defined(__sparc__) && defined(__arch64__))  || \
+        defined(__s390x__) || defined(__mips64) ) )
+     #define MBEDTLS_HAVE_INT64
+     typedef  int64_t mbedtls_mpi_sint;
+     typedef uint64_t mbedtls_mpi_uint;
+     typedef unsigned int mbedtls_t_udbl __attribute__((mode(TI)));
+     #define MBEDTLS_HAVE_UDBL
+  #else
+     #define MBEDTLS_HAVE_INT32
+     typedef  int32_t mbedtls_mpi_sint;
+     typedef uint32_t mbedtls_mpi_uint;
+     typedef uint64_t mbedtls_t_udbl;
+     #define MBEDTLS_HAVE_UDBL
+  #endif /* !MBEDTLS_HAVE_INT32 && __GNUC__ && 64-bit platform */
+#endif /* !MBEDTLS_HAVE_INT32 && _MSC_VER && _M_AMD64 */
+
+#ifdef __cplusplus
+extern "C" {
+#endif
+
+/**
+ * \brief          MPI structure
+ */
+typedef struct
+{
+    int s;              /*!<  integer sign      */
+    size_t n;           /*!<  total # of limbs  */
+    mbedtls_mpi_uint *p;          /*!<  pointer to limbs  */
+}
+mbedtls_mpi;
+
+/**
+ * \brief           Initialize one MPI (make internal references valid)
+ *                  This just makes it ready to be set or freed,
+ *                  but does not define a value for the MPI.
+ *
+ * \param X         One MPI to initialize.
+ */
+void mbedtls_mpi_init( mbedtls_mpi *X );
+
+/**
+ * \brief          Unallocate one MPI
+ *
+ * \param X        One MPI to unallocate.
+ */
+void mbedtls_mpi_free( mbedtls_mpi *X );
+
+/**
+ * \brief          Enlarge to the specified number of limbs
+ *
+ * \param X        MPI to grow
+ * \param nblimbs  The target number of limbs
+ *
+ * \return         0 if successful,
+ *                 MBEDTLS_ERR_MPI_ALLOC_FAILED if memory allocation failed
+ */
+int mbedtls_mpi_grow( mbedtls_mpi *X, size_t nblimbs );
+
+/**
+ * \brief          Resize down, keeping at least the specified number of limbs
+ *
+ * \param X        MPI to shrink
+ * \param nblimbs  The minimum number of limbs to keep
+ *
+ * \return         0 if successful,
+ *                 MBEDTLS_ERR_MPI_ALLOC_FAILED if memory allocation failed
+ */
+int mbedtls_mpi_shrink( mbedtls_mpi *X, size_t nblimbs );
+
+/**
+ * \brief          Copy the contents of Y into X
+ *
+ * \param X        Destination MPI
+ * \param Y        Source MPI
+ *
+ * \return         0 if successful,
+ *                 MBEDTLS_ERR_MPI_ALLOC_FAILED if memory allocation failed
+ */
+int mbedtls_mpi_copy( mbedtls_mpi *X, const mbedtls_mpi *Y );
+
+/**
+ * \brief          Swap the contents of X and Y
+ *
+ * \param X        First MPI value
+ * \param Y        Second MPI value
+ */
+void mbedtls_mpi_swap( mbedtls_mpi *X, mbedtls_mpi *Y );
+
+/**
+ * \brief          Safe conditional assignement X = Y if assign is 1
+ *
+ * \param X        MPI to conditionally assign to
+ * \param Y        Value to be assigned
+ * \param assign   1: perform the assignment, 0: keep X's original value
+ *
+ * \return         0 if successful,
+ *                 MBEDTLS_ERR_MPI_ALLOC_FAILED if memory allocation failed,
+ *
+ * \note           This function is equivalent to
+ *                      if( assign ) mbedtls_mpi_copy( X, Y );
+ *                 except that it avoids leaking any information about whether
+ *                 the assignment was done or not (the above code may leak
+ *                 information through branch prediction and/or memory access
+ *                 patterns analysis).
+ */
+int mbedtls_mpi_safe_cond_assign( mbedtls_mpi *X, const mbedtls_mpi *Y, unsigned char assign );
+
+/**
+ * \brief          Safe conditional swap X <-> Y if swap is 1
+ *
+ * \param X        First mbedtls_mpi value
+ * \param Y        Second mbedtls_mpi value
+ * \param assign   1: perform the swap, 0: keep X and Y's original values
+ *
+ * \return         0 if successful,
+ *                 MBEDTLS_ERR_MPI_ALLOC_FAILED if memory allocation failed,
+ *
+ * \note           This function is equivalent to
+ *                      if( assign ) mbedtls_mpi_swap( X, Y );
+ *                 except that it avoids leaking any information about whether
+ *                 the assignment was done or not (the above code may leak
+ *                 information through branch prediction and/or memory access
+ *                 patterns analysis).
+ */
+int mbedtls_mpi_safe_cond_swap( mbedtls_mpi *X, mbedtls_mpi *Y, unsigned char assign );
+
+/**
+ * \brief          Set value from integer
+ *
+ * \param X        MPI to set
+ * \param z        Value to use
+ *
+ * \return         0 if successful,
+ *                 MBEDTLS_ERR_MPI_ALLOC_FAILED if memory allocation failed
+ */
+int mbedtls_mpi_lset( mbedtls_mpi *X, mbedtls_mpi_sint z );
+
+/**
+ * \brief          Get a specific bit from X
+ *
+ * \param X        MPI to use
+ * \param pos      Zero-based index of the bit in X
+ *
+ * \return         Either a 0 or a 1
+ */
+int mbedtls_mpi_get_bit( const mbedtls_mpi *X, size_t pos );
+
+/**
+ * \brief          Set a bit of X to a specific value of 0 or 1
+ *
+ * \note           Will grow X if necessary to set a bit to 1 in a not yet
+ *                 existing limb. Will not grow if bit should be set to 0
+ *
+ * \param X        MPI to use
+ * \param pos      Zero-based index of the bit in X
+ * \param val      The value to set the bit to (0 or 1)
+ *
+ * \return         0 if successful,
+ *                 MBEDTLS_ERR_MPI_ALLOC_FAILED if memory allocation failed,
+ *                 MBEDTLS_ERR_MPI_BAD_INPUT_DATA if val is not 0 or 1
+ */
+int mbedtls_mpi_set_bit( mbedtls_mpi *X, size_t pos, unsigned char val );
+
+/**
+ * \brief          Return the number of zero-bits before the least significant
+ *                 '1' bit
+ *
+ * Note: Thus also the zero-based index of the least significant '1' bit
+ *
+ * \param X        MPI to use
+ */
+size_t mbedtls_mpi_lsb( const mbedtls_mpi *X );
+
+/**
+ * \brief          Return the number of bits up to and including the most
+ *                 significant '1' bit'
+ *
+ * Note: Thus also the one-based index of the most significant '1' bit
+ *
+ * \param X        MPI to use
+ */
+size_t mbedtls_mpi_bitlen( const mbedtls_mpi *X );
+
+/**
+ * \brief          Return the total size in bytes
+ *
+ * \param X        MPI to use
+ */
+size_t mbedtls_mpi_size( const mbedtls_mpi *X );
+
+/**
+ * \brief          Import from an ASCII string
+ *
+ * \param X        Destination MPI
+ * \param radix    Input numeric base
+ * \param s        Null-terminated string buffer
+ *
+ * \return         0 if successful, or a MBEDTLS_ERR_MPI_XXX error code
+ */
+int mbedtls_mpi_read_string( mbedtls_mpi *X, int radix, const char *s );
+
+/**
+ * \brief          Export into an ASCII string
+ *
+ * \param X        Source MPI
+ * \param radix    Output numeric base
+ * \param buf      Buffer to write the string to
+ * \param buflen   Length of buf
+ * \param olen     Length of the string written, including final NUL byte
+ *
+ * \return         0 if successful, or a MBEDTLS_ERR_MPI_XXX error code.
+ *                 *olen is always updated to reflect the amount
+ *                 of data that has (or would have) been written.
+ *
+ * \note           Call this function with buflen = 0 to obtain the
+ *                 minimum required buffer size in *olen.
+ */
+int mbedtls_mpi_write_string( const mbedtls_mpi *X, int radix,
+                              char *buf, size_t buflen, size_t *olen );
+
+#if defined(MBEDTLS_FS_IO)
+/**
+ * \brief          Read X from an opened file
+ *
+ * \param X        Destination MPI
+ * \param radix    Input numeric base
+ * \param fin      Input file handle
+ *
+ * \return         0 if successful, MBEDTLS_ERR_MPI_BUFFER_TOO_SMALL if
+ *                 the file read buffer is too small or a
+ *                 MBEDTLS_ERR_MPI_XXX error code
+ */
+int mbedtls_mpi_read_file( mbedtls_mpi *X, int radix, FILE *fin );
+
+/**
+ * \brief          Write X into an opened file, or stdout if fout is NULL
+ *
+ * \param p        Prefix, can be NULL
+ * \param X        Source MPI
+ * \param radix    Output numeric base
+ * \param fout     Output file handle (can be NULL)
+ *
+ * \return         0 if successful, or a MBEDTLS_ERR_MPI_XXX error code
+ *
+ * \note           Set fout == NULL to print X on the console.
+ */
+int mbedtls_mpi_write_file( const char *p, const mbedtls_mpi *X, int radix, FILE *fout );
+#endif /* MBEDTLS_FS_IO */
+
+/**
+ * \brief          Import X from unsigned binary data, big endian
+ *
+ * \param X        Destination MPI
+ * \param buf      Input buffer
+ * \param buflen   Input buffer size
+ *
+ * \return         0 if successful,
+ *                 MBEDTLS_ERR_MPI_ALLOC_FAILED if memory allocation failed
+ */
+int mbedtls_mpi_read_binary( mbedtls_mpi *X, const unsigned char *buf, size_t buflen );
+
+/**
+ * \brief          Export X into unsigned binary data, big endian.
+ *                 Always fills the whole buffer, which will start with zeros
+ *                 if the number is smaller.
+ *
+ * \param X        Source MPI
+ * \param buf      Output buffer
+ * \param buflen   Output buffer size
+ *
+ * \return         0 if successful,
+ *                 MBEDTLS_ERR_MPI_BUFFER_TOO_SMALL if buf isn't large enough
+ */
+int mbedtls_mpi_write_binary( const mbedtls_mpi *X, unsigned char *buf, size_t buflen );
+
+/**
+ * \brief          Left-shift: X <<= count
+ *
+ * \param X        MPI to shift
+ * \param count    Amount to shift
+ *
+ * \return         0 if successful,
+ *                 MBEDTLS_ERR_MPI_ALLOC_FAILED if memory allocation failed
+ */
+int mbedtls_mpi_shift_l( mbedtls_mpi *X, size_t count );
+
+/**
+ * \brief          Right-shift: X >>= count
+ *
+ * \param X        MPI to shift
+ * \param count    Amount to shift
+ *
+ * \return         0 if successful,
+ *                 MBEDTLS_ERR_MPI_ALLOC_FAILED if memory allocation failed
+ */
+int mbedtls_mpi_shift_r( mbedtls_mpi *X, size_t count );
+
+/**
+ * \brief          Compare unsigned values
+ *
+ * \param X        Left-hand MPI
+ * \param Y        Right-hand MPI
+ *
+ * \return         1 if |X| is greater than |Y|,
+ *                -1 if |X| is lesser  than |Y| or
+ *                 0 if |X| is equal to |Y|
+ */
+int mbedtls_mpi_cmp_abs( const mbedtls_mpi *X, const mbedtls_mpi *Y );
+
+/**
+ * \brief          Compare signed values
+ *
+ * \param X        Left-hand MPI
+ * \param Y        Right-hand MPI
+ *
+ * \return         1 if X is greater than Y,
+ *                -1 if X is lesser  than Y or
+ *                 0 if X is equal to Y
+ */
+int mbedtls_mpi_cmp_mpi( const mbedtls_mpi *X, const mbedtls_mpi *Y );
+
+/**
+ * \brief          Compare signed values
+ *
+ * \param X        Left-hand MPI
+ * \param z        The integer value to compare to
+ *
+ * \return         1 if X is greater than z,
+ *                -1 if X is lesser  than z or
+ *                 0 if X is equal to z
+ */
+int mbedtls_mpi_cmp_int( const mbedtls_mpi *X, mbedtls_mpi_sint z );
+
+/**
+ * \brief          Unsigned addition: X = |A| + |B|
+ *
+ * \param X        Destination MPI
+ * \param A        Left-hand MPI
+ * \param B        Right-hand MPI
+ *
+ * \return         0 if successful,
+ *                 MBEDTLS_ERR_MPI_ALLOC_FAILED if memory allocation failed
+ */
+int mbedtls_mpi_add_abs( mbedtls_mpi *X, const mbedtls_mpi *A, const mbedtls_mpi *B );
+
+/**
+ * \brief          Unsigned subtraction: X = |A| - |B|
+ *
+ * \param X        Destination MPI
+ * \param A        Left-hand MPI
+ * \param B        Right-hand MPI
+ *
+ * \return         0 if successful,
+ *                 MBEDTLS_ERR_MPI_NEGATIVE_VALUE if B is greater than A
+ */
+int mbedtls_mpi_sub_abs( mbedtls_mpi *X, const mbedtls_mpi *A, const mbedtls_mpi *B );
+
+/**
+ * \brief          Signed addition: X = A + B
+ *
+ * \param X        Destination MPI
+ * \param A        Left-hand MPI
+ * \param B        Right-hand MPI
+ *
+ * \return         0 if successful,
+ *                 MBEDTLS_ERR_MPI_ALLOC_FAILED if memory allocation failed
+ */
+int mbedtls_mpi_add_mpi( mbedtls_mpi *X, const mbedtls_mpi *A, const mbedtls_mpi *B );
+
+/**
+ * \brief          Signed subtraction: X = A - B
+ *
+ * \param X        Destination MPI
+ * \param A        Left-hand MPI
+ * \param B        Right-hand MPI
+ *
+ * \return         0 if successful,
+ *                 MBEDTLS_ERR_MPI_ALLOC_FAILED if memory allocation failed
+ */
+int mbedtls_mpi_sub_mpi( mbedtls_mpi *X, const mbedtls_mpi *A, const mbedtls_mpi *B );
+
+/**
+ * \brief          Signed addition: X = A + b
+ *
+ * \param X        Destination MPI
+ * \param A        Left-hand MPI
+ * \param b        The integer value to add
+ *
+ * \return         0 if successful,
+ *                 MBEDTLS_ERR_MPI_ALLOC_FAILED if memory allocation failed
+ */
+int mbedtls_mpi_add_int( mbedtls_mpi *X, const mbedtls_mpi *A, mbedtls_mpi_sint b );
+
+/**
+ * \brief          Signed subtraction: X = A - b
+ *
+ * \param X        Destination MPI
+ * \param A        Left-hand MPI
+ * \param b        The integer value to subtract
+ *
+ * \return         0 if successful,
+ *                 MBEDTLS_ERR_MPI_ALLOC_FAILED if memory allocation failed
+ */
+int mbedtls_mpi_sub_int( mbedtls_mpi *X, const mbedtls_mpi *A, mbedtls_mpi_sint b );
+
+/**
+ * \brief          Baseline multiplication: X = A * B
+ *
+ * \param X        Destination MPI
+ * \param A        Left-hand MPI
+ * \param B        Right-hand MPI
+ *
+ * \return         0 if successful,
+ *                 MBEDTLS_ERR_MPI_ALLOC_FAILED if memory allocation failed
+ */
+int mbedtls_mpi_mul_mpi( mbedtls_mpi *X, const mbedtls_mpi *A, const mbedtls_mpi *B );
+
+/**
+ * \brief          Baseline multiplication: X = A * b
+ *
+ * \param X        Destination MPI
+ * \param A        Left-hand MPI
+ * \param b        The unsigned integer value to multiply with
+ *
+ * \note           b is unsigned
+ *
+ * \return         0 if successful,
+ *                 MBEDTLS_ERR_MPI_ALLOC_FAILED if memory allocation failed
+ */
+int mbedtls_mpi_mul_int( mbedtls_mpi *X, const mbedtls_mpi *A, mbedtls_mpi_uint b );
+
+/**
+ * \brief          Division by mbedtls_mpi: A = Q * B + R
+ *
+ * \param Q        Destination MPI for the quotient
+ * \param R        Destination MPI for the rest value
+ * \param A        Left-hand MPI
+ * \param B        Right-hand MPI
+ *
+ * \return         0 if successful,
+ *                 MBEDTLS_ERR_MPI_ALLOC_FAILED if memory allocation failed,
+ *                 MBEDTLS_ERR_MPI_DIVISION_BY_ZERO if B == 0
+ *
+ * \note           Either Q or R can be NULL.
+ */
+int mbedtls_mpi_div_mpi( mbedtls_mpi *Q, mbedtls_mpi *R, const mbedtls_mpi *A, const mbedtls_mpi *B );
+
+/**
+ * \brief          Division by int: A = Q * b + R
+ *
+ * \param Q        Destination MPI for the quotient
+ * \param R        Destination MPI for the rest value
+ * \param A        Left-hand MPI
+ * \param b        Integer to divide by
+ *
+ * \return         0 if successful,
+ *                 MBEDTLS_ERR_MPI_ALLOC_FAILED if memory allocation failed,
+ *                 MBEDTLS_ERR_MPI_DIVISION_BY_ZERO if b == 0
+ *
+ * \note           Either Q or R can be NULL.
+ */
+int mbedtls_mpi_div_int( mbedtls_mpi *Q, mbedtls_mpi *R, const mbedtls_mpi *A, mbedtls_mpi_sint b );
+
+/**
+ * \brief          Modulo: R = A mod B
+ *
+ * \param R        Destination MPI for the rest value
+ * \param A        Left-hand MPI
+ * \param B        Right-hand MPI
+ *
+ * \return         0 if successful,
+ *                 MBEDTLS_ERR_MPI_ALLOC_FAILED if memory allocation failed,
+ *                 MBEDTLS_ERR_MPI_DIVISION_BY_ZERO if B == 0,
+ *                 MBEDTLS_ERR_MPI_NEGATIVE_VALUE if B < 0
+ */
+int mbedtls_mpi_mod_mpi( mbedtls_mpi *R, const mbedtls_mpi *A, const mbedtls_mpi *B );
+
+/**
+ * \brief          Modulo: r = A mod b
+ *
+ * \param r        Destination mbedtls_mpi_uint
+ * \param A        Left-hand MPI
+ * \param b        Integer to divide by
+ *
+ * \return         0 if successful,
+ *                 MBEDTLS_ERR_MPI_ALLOC_FAILED if memory allocation failed,
+ *                 MBEDTLS_ERR_MPI_DIVISION_BY_ZERO if b == 0,
+ *                 MBEDTLS_ERR_MPI_NEGATIVE_VALUE if b < 0
+ */
+int mbedtls_mpi_mod_int( mbedtls_mpi_uint *r, const mbedtls_mpi *A, mbedtls_mpi_sint b );
+
+/**
+ * \brief          Sliding-window exponentiation: X = A^E mod N
+ *
+ * \param X        Destination MPI
+ * \param A        Left-hand MPI
+ * \param E        Exponent MPI
+ * \param N        Modular MPI
+ * \param _RR      Speed-up MPI used for recalculations
+ *
+ * \return         0 if successful,
+ *                 MBEDTLS_ERR_MPI_ALLOC_FAILED if memory allocation failed,
+ *                 MBEDTLS_ERR_MPI_BAD_INPUT_DATA if N is negative or even or
+ *                 if E is negative
+ *
+ * \note           _RR is used to avoid re-computing R*R mod N across
+ *                 multiple calls, which speeds up things a bit. It can
+ *                 be set to NULL if the extra performance is unneeded.
+ */
+int mbedtls_mpi_exp_mod( mbedtls_mpi *X, const mbedtls_mpi *A, const mbedtls_mpi *E, const mbedtls_mpi *N, mbedtls_mpi *_RR );
+
+/**
+ * \brief          Fill an MPI X with size bytes of random
+ *
+ * \param X        Destination MPI
+ * \param size     Size in bytes
+ * \param f_rng    RNG function
+ * \param p_rng    RNG parameter
+ *
+ * \return         0 if successful,
+ *                 MBEDTLS_ERR_MPI_ALLOC_FAILED if memory allocation failed
+ */
+int mbedtls_mpi_fill_random( mbedtls_mpi *X, size_t size,
+                     int (*f_rng)(void *, unsigned char *, size_t),
+                     void *p_rng );
+
+/**
+ * \brief          Greatest common divisor: G = gcd(A, B)
+ *
+ * \param G        Destination MPI
+ * \param A        Left-hand MPI
+ * \param B        Right-hand MPI
+ *
+ * \return         0 if successful,
+ *                 MBEDTLS_ERR_MPI_ALLOC_FAILED if memory allocation failed
+ */
+int mbedtls_mpi_gcd( mbedtls_mpi *G, const mbedtls_mpi *A, const mbedtls_mpi *B );
+
+/**
+ * \brief          Modular inverse: X = A^-1 mod N
+ *
+ * \param X        Destination MPI
+ * \param A        Left-hand MPI
+ * \param N        Right-hand MPI
+ *
+ * \return         0 if successful,
+ *                 MBEDTLS_ERR_MPI_ALLOC_FAILED if memory allocation failed,
+ *                 MBEDTLS_ERR_MPI_BAD_INPUT_DATA if N is negative or nil
+                   MBEDTLS_ERR_MPI_NOT_ACCEPTABLE if A has no inverse mod N
+ */
+int mbedtls_mpi_inv_mod( mbedtls_mpi *X, const mbedtls_mpi *A, const mbedtls_mpi *N );
+
+/**
+ * \brief          Miller-Rabin primality test
+ *
+ * \param X        MPI to check
+ * \param f_rng    RNG function
+ * \param p_rng    RNG parameter
+ *
+ * \return         0 if successful (probably prime),
+ *                 MBEDTLS_ERR_MPI_ALLOC_FAILED if memory allocation failed,
+ *                 MBEDTLS_ERR_MPI_NOT_ACCEPTABLE if X is not prime
+ */
+int mbedtls_mpi_is_prime( const mbedtls_mpi *X,
+                  int (*f_rng)(void *, unsigned char *, size_t),
+                  void *p_rng );
+
+/**
+ * \brief          Prime number generation
+ *
+ * \param X        Destination MPI
+ * \param nbits    Required size of X in bits
+ *                 ( 3 <= nbits <= MBEDTLS_MPI_MAX_BITS )
+ * \param dh_flag  If 1, then (X-1)/2 will be prime too
+ * \param f_rng    RNG function
+ * \param p_rng    RNG parameter
+ *
+ * \return         0 if successful (probably prime),
+ *                 MBEDTLS_ERR_MPI_ALLOC_FAILED if memory allocation failed,
+ *                 MBEDTLS_ERR_MPI_BAD_INPUT_DATA if nbits is < 3
+ */
+int mbedtls_mpi_gen_prime( mbedtls_mpi *X, size_t nbits, int dh_flag,
+                   int (*f_rng)(void *, unsigned char *, size_t),
+                   void *p_rng );
+
+/**
+ * \brief          Checkup routine
+ *
+ * \return         0 if successful, or 1 if the test failed
+ */
+int mbedtls_mpi_self_test( int verbose );
+
+#ifdef __cplusplus
+}
+#endif
+
+#endif /* bignum.h */
diff --git a/client/3rd/ShadowSocks/ShadowSocks/mbedtls/include/mbedtls/blowfish.h b/client/3rd/ShadowSocks/ShadowSocks/mbedtls/include/mbedtls/blowfish.h
new file mode 100644
index 00000000..34626eef
--- /dev/null
+++ b/client/3rd/ShadowSocks/ShadowSocks/mbedtls/include/mbedtls/blowfish.h
@@ -0,0 +1,203 @@
+/**
+ * \file blowfish.h
+ *
+ * \brief Blowfish block cipher
+ *
+ *  Copyright (C) 2006-2015, ARM Limited, All Rights Reserved
+ *  SPDX-License-Identifier: Apache-2.0
+ *
+ *  Licensed under the Apache License, Version 2.0 (the "License"); you may
+ *  not use this file except in compliance with the License.
+ *  You may obtain a copy of the License at
+ *
+ *  http://www.apache.org/licenses/LICENSE-2.0
+ *
+ *  Unless required by applicable law or agreed to in writing, software
+ *  distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
+ *  WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ *  See the License for the specific language governing permissions and
+ *  limitations under the License.
+ *
+ *  This file is part of mbed TLS (https://tls.mbed.org)
+ */
+#ifndef MBEDTLS_BLOWFISH_H
+#define MBEDTLS_BLOWFISH_H
+
+#if !defined(MBEDTLS_CONFIG_FILE)
+#include "config.h"
+#else
+#include MBEDTLS_CONFIG_FILE
+#endif
+
+#include <stddef.h>
+#include <stdint.h>
+
+#define MBEDTLS_BLOWFISH_ENCRYPT     1
+#define MBEDTLS_BLOWFISH_DECRYPT     0
+#define MBEDTLS_BLOWFISH_MAX_KEY_BITS     448
+#define MBEDTLS_BLOWFISH_MIN_KEY_BITS     32
+#define MBEDTLS_BLOWFISH_ROUNDS      16         /**< Rounds to use. When increasing this value, make sure to extend the initialisation vectors */
+#define MBEDTLS_BLOWFISH_BLOCKSIZE   8          /* Blowfish uses 64 bit blocks */
+
+#define MBEDTLS_ERR_BLOWFISH_INVALID_KEY_LENGTH                -0x0016  /**< Invalid key length. */
+#define MBEDTLS_ERR_BLOWFISH_INVALID_INPUT_LENGTH              -0x0018  /**< Invalid data input length. */
+
+#if !defined(MBEDTLS_BLOWFISH_ALT)
+// Regular implementation
+//
+
+#ifdef __cplusplus
+extern "C" {
+#endif
+
+/**
+ * \brief          Blowfish context structure
+ */
+typedef struct
+{
+    uint32_t P[MBEDTLS_BLOWFISH_ROUNDS + 2];    /*!<  Blowfish round keys    */
+    uint32_t S[4][256];                 /*!<  key dependent S-boxes  */
+}
+mbedtls_blowfish_context;
+
+/**
+ * \brief          Initialize Blowfish context
+ *
+ * \param ctx      Blowfish context to be initialized
+ */
+void mbedtls_blowfish_init( mbedtls_blowfish_context *ctx );
+
+/**
+ * \brief          Clear Blowfish context
+ *
+ * \param ctx      Blowfish context to be cleared
+ */
+void mbedtls_blowfish_free( mbedtls_blowfish_context *ctx );
+
+/**
+ * \brief          Blowfish key schedule
+ *
+ * \param ctx      Blowfish context to be initialized
+ * \param key      encryption key
+ * \param keybits  must be between 32 and 448 bits
+ *
+ * \return         0 if successful, or MBEDTLS_ERR_BLOWFISH_INVALID_KEY_LENGTH
+ */
+int mbedtls_blowfish_setkey( mbedtls_blowfish_context *ctx, const unsigned char *key,
+                     unsigned int keybits );
+
+/**
+ * \brief          Blowfish-ECB block encryption/decryption
+ *
+ * \param ctx      Blowfish context
+ * \param mode     MBEDTLS_BLOWFISH_ENCRYPT or MBEDTLS_BLOWFISH_DECRYPT
+ * \param input    8-byte input block
+ * \param output   8-byte output block
+ *
+ * \return         0 if successful
+ */
+int mbedtls_blowfish_crypt_ecb( mbedtls_blowfish_context *ctx,
+                        int mode,
+                        const unsigned char input[MBEDTLS_BLOWFISH_BLOCKSIZE],
+                        unsigned char output[MBEDTLS_BLOWFISH_BLOCKSIZE] );
+
+#if defined(MBEDTLS_CIPHER_MODE_CBC)
+/**
+ * \brief          Blowfish-CBC buffer encryption/decryption
+ *                 Length should be a multiple of the block
+ *                 size (8 bytes)
+ *
+ * \note           Upon exit, the content of the IV is updated so that you can
+ *                 call the function same function again on the following
+ *                 block(s) of data and get the same result as if it was
+ *                 encrypted in one call. This allows a "streaming" usage.
+ *                 If on the other hand you need to retain the contents of the
+ *                 IV, you should either save it manually or use the cipher
+ *                 module instead.
+ *
+ * \param ctx      Blowfish context
+ * \param mode     MBEDTLS_BLOWFISH_ENCRYPT or MBEDTLS_BLOWFISH_DECRYPT
+ * \param length   length of the input data
+ * \param iv       initialization vector (updated after use)
+ * \param input    buffer holding the input data
+ * \param output   buffer holding the output data
+ *
+ * \return         0 if successful, or
+ *                 MBEDTLS_ERR_BLOWFISH_INVALID_INPUT_LENGTH
+ */
+int mbedtls_blowfish_crypt_cbc( mbedtls_blowfish_context *ctx,
+                        int mode,
+                        size_t length,
+                        unsigned char iv[MBEDTLS_BLOWFISH_BLOCKSIZE],
+                        const unsigned char *input,
+                        unsigned char *output );
+#endif /* MBEDTLS_CIPHER_MODE_CBC */
+
+#if defined(MBEDTLS_CIPHER_MODE_CFB)
+/**
+ * \brief          Blowfish CFB buffer encryption/decryption.
+ *
+ * \note           Upon exit, the content of the IV is updated so that you can
+ *                 call the function same function again on the following
+ *                 block(s) of data and get the same result as if it was
+ *                 encrypted in one call. This allows a "streaming" usage.
+ *                 If on the other hand you need to retain the contents of the
+ *                 IV, you should either save it manually or use the cipher
+ *                 module instead.
+ *
+ * \param ctx      Blowfish context
+ * \param mode     MBEDTLS_BLOWFISH_ENCRYPT or MBEDTLS_BLOWFISH_DECRYPT
+ * \param length   length of the input data
+ * \param iv_off   offset in IV (updated after use)
+ * \param iv       initialization vector (updated after use)
+ * \param input    buffer holding the input data
+ * \param output   buffer holding the output data
+ *
+ * \return         0 if successful
+ */
+int mbedtls_blowfish_crypt_cfb64( mbedtls_blowfish_context *ctx,
+                          int mode,
+                          size_t length,
+                          size_t *iv_off,
+                          unsigned char iv[MBEDTLS_BLOWFISH_BLOCKSIZE],
+                          const unsigned char *input,
+                          unsigned char *output );
+#endif /*MBEDTLS_CIPHER_MODE_CFB */
+
+#if defined(MBEDTLS_CIPHER_MODE_CTR)
+/**
+ * \brief               Blowfish-CTR buffer encryption/decryption
+ *
+ * Warning: You have to keep the maximum use of your counter in mind!
+ *
+ * \param ctx           Blowfish context
+ * \param length        The length of the data
+ * \param nc_off        The offset in the current stream_block (for resuming
+ *                      within current cipher stream). The offset pointer to
+ *                      should be 0 at the start of a stream.
+ * \param nonce_counter The 64-bit nonce and counter.
+ * \param stream_block  The saved stream-block for resuming. Is overwritten
+ *                      by the function.
+ * \param input         The input data stream
+ * \param output        The output data stream
+ *
+ * \return         0 if successful
+ */
+int mbedtls_blowfish_crypt_ctr( mbedtls_blowfish_context *ctx,
+                        size_t length,
+                        size_t *nc_off,
+                        unsigned char nonce_counter[MBEDTLS_BLOWFISH_BLOCKSIZE],
+                        unsigned char stream_block[MBEDTLS_BLOWFISH_BLOCKSIZE],
+                        const unsigned char *input,
+                        unsigned char *output );
+#endif /* MBEDTLS_CIPHER_MODE_CTR */
+
+#ifdef __cplusplus
+}
+#endif
+
+#else  /* MBEDTLS_BLOWFISH_ALT */
+#include "blowfish_alt.h"
+#endif /* MBEDTLS_BLOWFISH_ALT */
+
+#endif /* blowfish.h */
diff --git a/client/3rd/ShadowSocks/ShadowSocks/mbedtls/include/mbedtls/bn_mul.h b/client/3rd/ShadowSocks/ShadowSocks/mbedtls/include/mbedtls/bn_mul.h
new file mode 100644
index 00000000..003f605b
--- /dev/null
+++ b/client/3rd/ShadowSocks/ShadowSocks/mbedtls/include/mbedtls/bn_mul.h
@@ -0,0 +1,875 @@
+/**
+ * \file bn_mul.h
+ *
+ * \brief  Multi-precision integer library
+ *
+ *  Copyright (C) 2006-2015, ARM Limited, All Rights Reserved
+ *  SPDX-License-Identifier: Apache-2.0
+ *
+ *  Licensed under the Apache License, Version 2.0 (the "License"); you may
+ *  not use this file except in compliance with the License.
+ *  You may obtain a copy of the License at
+ *
+ *  http://www.apache.org/licenses/LICENSE-2.0
+ *
+ *  Unless required by applicable law or agreed to in writing, software
+ *  distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
+ *  WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ *  See the License for the specific language governing permissions and
+ *  limitations under the License.
+ *
+ *  This file is part of mbed TLS (https://tls.mbed.org)
+ */
+/*
+ *      Multiply source vector [s] with b, add result
+ *       to destination vector [d] and set carry c.
+ *
+ *      Currently supports:
+ *
+ *         . IA-32 (386+)         . AMD64 / EM64T
+ *         . IA-32 (SSE2)         . Motorola 68000
+ *         . PowerPC, 32-bit      . MicroBlaze
+ *         . PowerPC, 64-bit      . TriCore
+ *         . SPARC v8             . ARM v3+
+ *         . Alpha                . MIPS32
+ *         . C, longlong          . C, generic
+ */
+#ifndef MBEDTLS_BN_MUL_H
+#define MBEDTLS_BN_MUL_H
+
+#include "bignum.h"
+
+#if defined(MBEDTLS_HAVE_ASM)
+
+#ifndef asm
+#define asm __asm
+#endif
+
+/* armcc5 --gnu defines __GNUC__ but doesn't support GNU's extended asm */
+#if defined(__GNUC__) && \
+    ( !defined(__ARMCC_VERSION) || __ARMCC_VERSION >= 6000000 )
+#if defined(__i386__)
+
+#define MULADDC_INIT                        \
+    asm(                                    \
+        "movl   %%ebx, %0           \n\t"   \
+        "movl   %5, %%esi           \n\t"   \
+        "movl   %6, %%edi           \n\t"   \
+        "movl   %7, %%ecx           \n\t"   \
+        "movl   %8, %%ebx           \n\t"
+
+#define MULADDC_CORE                        \
+        "lodsl                      \n\t"   \
+        "mull   %%ebx               \n\t"   \
+        "addl   %%ecx,   %%eax      \n\t"   \
+        "adcl   $0,      %%edx      \n\t"   \
+        "addl   (%%edi), %%eax      \n\t"   \
+        "adcl   $0,      %%edx      \n\t"   \
+        "movl   %%edx,   %%ecx      \n\t"   \
+        "stosl                      \n\t"
+
+#if defined(MBEDTLS_HAVE_SSE2)
+
+#define MULADDC_HUIT                            \
+        "movd     %%ecx,     %%mm1      \n\t"   \
+        "movd     %%ebx,     %%mm0      \n\t"   \
+        "movd     (%%edi),   %%mm3      \n\t"   \
+        "paddq    %%mm3,     %%mm1      \n\t"   \
+        "movd     (%%esi),   %%mm2      \n\t"   \
+        "pmuludq  %%mm0,     %%mm2      \n\t"   \
+        "movd     4(%%esi),  %%mm4      \n\t"   \
+        "pmuludq  %%mm0,     %%mm4      \n\t"   \
+        "movd     8(%%esi),  %%mm6      \n\t"   \
+        "pmuludq  %%mm0,     %%mm6      \n\t"   \
+        "movd     12(%%esi), %%mm7      \n\t"   \
+        "pmuludq  %%mm0,     %%mm7      \n\t"   \
+        "paddq    %%mm2,     %%mm1      \n\t"   \
+        "movd     4(%%edi),  %%mm3      \n\t"   \
+        "paddq    %%mm4,     %%mm3      \n\t"   \
+        "movd     8(%%edi),  %%mm5      \n\t"   \
+        "paddq    %%mm6,     %%mm5      \n\t"   \
+        "movd     12(%%edi), %%mm4      \n\t"   \
+        "paddq    %%mm4,     %%mm7      \n\t"   \
+        "movd     %%mm1,     (%%edi)    \n\t"   \
+        "movd     16(%%esi), %%mm2      \n\t"   \
+        "pmuludq  %%mm0,     %%mm2      \n\t"   \
+        "psrlq    $32,       %%mm1      \n\t"   \
+        "movd     20(%%esi), %%mm4      \n\t"   \
+        "pmuludq  %%mm0,     %%mm4      \n\t"   \
+        "paddq    %%mm3,     %%mm1      \n\t"   \
+        "movd     24(%%esi), %%mm6      \n\t"   \
+        "pmuludq  %%mm0,     %%mm6      \n\t"   \
+        "movd     %%mm1,     4(%%edi)   \n\t"   \
+        "psrlq    $32,       %%mm1      \n\t"   \
+        "movd     28(%%esi), %%mm3      \n\t"   \
+        "pmuludq  %%mm0,     %%mm3      \n\t"   \
+        "paddq    %%mm5,     %%mm1      \n\t"   \
+        "movd     16(%%edi), %%mm5      \n\t"   \
+        "paddq    %%mm5,     %%mm2      \n\t"   \
+        "movd     %%mm1,     8(%%edi)   \n\t"   \
+        "psrlq    $32,       %%mm1      \n\t"   \
+        "paddq    %%mm7,     %%mm1      \n\t"   \
+        "movd     20(%%edi), %%mm5      \n\t"   \
+        "paddq    %%mm5,     %%mm4      \n\t"   \
+        "movd     %%mm1,     12(%%edi)  \n\t"   \
+        "psrlq    $32,       %%mm1      \n\t"   \
+        "paddq    %%mm2,     %%mm1      \n\t"   \
+        "movd     24(%%edi), %%mm5      \n\t"   \
+        "paddq    %%mm5,     %%mm6      \n\t"   \
+        "movd     %%mm1,     16(%%edi)  \n\t"   \
+        "psrlq    $32,       %%mm1      \n\t"   \
+        "paddq    %%mm4,     %%mm1      \n\t"   \
+        "movd     28(%%edi), %%mm5      \n\t"   \
+        "paddq    %%mm5,     %%mm3      \n\t"   \
+        "movd     %%mm1,     20(%%edi)  \n\t"   \
+        "psrlq    $32,       %%mm1      \n\t"   \
+        "paddq    %%mm6,     %%mm1      \n\t"   \
+        "movd     %%mm1,     24(%%edi)  \n\t"   \
+        "psrlq    $32,       %%mm1      \n\t"   \
+        "paddq    %%mm3,     %%mm1      \n\t"   \
+        "movd     %%mm1,     28(%%edi)  \n\t"   \
+        "addl     $32,       %%edi      \n\t"   \
+        "addl     $32,       %%esi      \n\t"   \
+        "psrlq    $32,       %%mm1      \n\t"   \
+        "movd     %%mm1,     %%ecx      \n\t"
+
+#define MULADDC_STOP                    \
+        "emms                   \n\t"   \
+        "movl   %4, %%ebx       \n\t"   \
+        "movl   %%ecx, %1       \n\t"   \
+        "movl   %%edi, %2       \n\t"   \
+        "movl   %%esi, %3       \n\t"   \
+        : "=m" (t), "=m" (c), "=m" (d), "=m" (s)        \
+        : "m" (t), "m" (s), "m" (d), "m" (c), "m" (b)   \
+        : "eax", "ecx", "edx", "esi", "edi"             \
+    );
+
+#else
+
+#define MULADDC_STOP                    \
+        "movl   %4, %%ebx       \n\t"   \
+        "movl   %%ecx, %1       \n\t"   \
+        "movl   %%edi, %2       \n\t"   \
+        "movl   %%esi, %3       \n\t"   \
+        : "=m" (t), "=m" (c), "=m" (d), "=m" (s)        \
+        : "m" (t), "m" (s), "m" (d), "m" (c), "m" (b)   \
+        : "eax", "ecx", "edx", "esi", "edi"             \
+    );
+#endif /* SSE2 */
+#endif /* i386 */
+
+#if defined(__amd64__) || defined (__x86_64__)
+
+#define MULADDC_INIT                        \
+    asm(                                    \
+        "movq   %3, %%rsi           \n\t"   \
+        "movq   %4, %%rdi           \n\t"   \
+        "movq   %5, %%rcx           \n\t"   \
+        "movq   %6, %%rbx           \n\t"   \
+        "xorq   %%r8, %%r8          \n\t"
+
+#define MULADDC_CORE                        \
+        "movq   (%%rsi), %%rax      \n\t"   \
+        "mulq   %%rbx               \n\t"   \
+        "addq   $8,      %%rsi      \n\t"   \
+        "addq   %%rcx,   %%rax      \n\t"   \
+        "movq   %%r8,    %%rcx      \n\t"   \
+        "adcq   $0,      %%rdx      \n\t"   \
+        "nop                        \n\t"   \
+        "addq   %%rax,   (%%rdi)    \n\t"   \
+        "adcq   %%rdx,   %%rcx      \n\t"   \
+        "addq   $8,      %%rdi      \n\t"
+
+#define MULADDC_STOP                        \
+        "movq   %%rcx, %0           \n\t"   \
+        "movq   %%rdi, %1           \n\t"   \
+        "movq   %%rsi, %2           \n\t"   \
+        : "=m" (c), "=m" (d), "=m" (s)                      \
+        : "m" (s), "m" (d), "m" (c), "m" (b)                \
+        : "rax", "rcx", "rdx", "rbx", "rsi", "rdi", "r8"    \
+    );
+
+#endif /* AMD64 */
+
+#if defined(__mc68020__) || defined(__mcpu32__)
+
+#define MULADDC_INIT                    \
+    asm(                                \
+        "movl   %3, %%a2        \n\t"   \
+        "movl   %4, %%a3        \n\t"   \
+        "movl   %5, %%d3        \n\t"   \
+        "movl   %6, %%d2        \n\t"   \
+        "moveq  #0, %%d0        \n\t"
+
+#define MULADDC_CORE                    \
+        "movel  %%a2@+, %%d1    \n\t"   \
+        "mulul  %%d2, %%d4:%%d1 \n\t"   \
+        "addl   %%d3, %%d1      \n\t"   \
+        "addxl  %%d0, %%d4      \n\t"   \
+        "moveq  #0,   %%d3      \n\t"   \
+        "addl   %%d1, %%a3@+    \n\t"   \
+        "addxl  %%d4, %%d3      \n\t"
+
+#define MULADDC_STOP                    \
+        "movl   %%d3, %0        \n\t"   \
+        "movl   %%a3, %1        \n\t"   \
+        "movl   %%a2, %2        \n\t"   \
+        : "=m" (c), "=m" (d), "=m" (s)              \
+        : "m" (s), "m" (d), "m" (c), "m" (b)        \
+        : "d0", "d1", "d2", "d3", "d4", "a2", "a3"  \
+    );
+
+#define MULADDC_HUIT                        \
+        "movel  %%a2@+,  %%d1       \n\t"   \
+        "mulul  %%d2,    %%d4:%%d1  \n\t"   \
+        "addxl  %%d3,    %%d1       \n\t"   \
+        "addxl  %%d0,    %%d4       \n\t"   \
+        "addl   %%d1,    %%a3@+     \n\t"   \
+        "movel  %%a2@+,  %%d1       \n\t"   \
+        "mulul  %%d2,    %%d3:%%d1  \n\t"   \
+        "addxl  %%d4,    %%d1       \n\t"   \
+        "addxl  %%d0,    %%d3       \n\t"   \
+        "addl   %%d1,    %%a3@+     \n\t"   \
+        "movel  %%a2@+,  %%d1       \n\t"   \
+        "mulul  %%d2,    %%d4:%%d1  \n\t"   \
+        "addxl  %%d3,    %%d1       \n\t"   \
+        "addxl  %%d0,    %%d4       \n\t"   \
+        "addl   %%d1,    %%a3@+     \n\t"   \
+        "movel  %%a2@+,  %%d1       \n\t"   \
+        "mulul  %%d2,    %%d3:%%d1  \n\t"   \
+        "addxl  %%d4,    %%d1       \n\t"   \
+        "addxl  %%d0,    %%d3       \n\t"   \
+        "addl   %%d1,    %%a3@+     \n\t"   \
+        "movel  %%a2@+,  %%d1       \n\t"   \
+        "mulul  %%d2,    %%d4:%%d1  \n\t"   \
+        "addxl  %%d3,    %%d1       \n\t"   \
+        "addxl  %%d0,    %%d4       \n\t"   \
+        "addl   %%d1,    %%a3@+     \n\t"   \
+        "movel  %%a2@+,  %%d1       \n\t"   \
+        "mulul  %%d2,    %%d3:%%d1  \n\t"   \
+        "addxl  %%d4,    %%d1       \n\t"   \
+        "addxl  %%d0,    %%d3       \n\t"   \
+        "addl   %%d1,    %%a3@+     \n\t"   \
+        "movel  %%a2@+,  %%d1       \n\t"   \
+        "mulul  %%d2,    %%d4:%%d1  \n\t"   \
+        "addxl  %%d3,    %%d1       \n\t"   \
+        "addxl  %%d0,    %%d4       \n\t"   \
+        "addl   %%d1,    %%a3@+     \n\t"   \
+        "movel  %%a2@+,  %%d1       \n\t"   \
+        "mulul  %%d2,    %%d3:%%d1  \n\t"   \
+        "addxl  %%d4,    %%d1       \n\t"   \
+        "addxl  %%d0,    %%d3       \n\t"   \
+        "addl   %%d1,    %%a3@+     \n\t"   \
+        "addxl  %%d0,    %%d3       \n\t"
+
+#endif /* MC68000 */
+
+#if defined(__powerpc64__) || defined(__ppc64__)
+
+#if defined(__MACH__) && defined(__APPLE__)
+
+#define MULADDC_INIT                        \
+    asm(                                    \
+        "ld     r3, %3              \n\t"   \
+        "ld     r4, %4              \n\t"   \
+        "ld     r5, %5              \n\t"   \
+        "ld     r6, %6              \n\t"   \
+        "addi   r3, r3, -8          \n\t"   \
+        "addi   r4, r4, -8          \n\t"   \
+        "addic  r5, r5,  0          \n\t"
+
+#define MULADDC_CORE                        \
+        "ldu    r7, 8(r3)           \n\t"   \
+        "mulld  r8, r7, r6          \n\t"   \
+        "mulhdu r9, r7, r6          \n\t"   \
+        "adde   r8, r8, r5          \n\t"   \
+        "ld     r7, 8(r4)           \n\t"   \
+        "addze  r5, r9              \n\t"   \
+        "addc   r8, r8, r7          \n\t"   \
+        "stdu   r8, 8(r4)           \n\t"
+
+#define MULADDC_STOP                        \
+        "addze  r5, r5              \n\t"   \
+        "addi   r4, r4, 8           \n\t"   \
+        "addi   r3, r3, 8           \n\t"   \
+        "std    r5, %0              \n\t"   \
+        "std    r4, %1              \n\t"   \
+        "std    r3, %2              \n\t"   \
+        : "=m" (c), "=m" (d), "=m" (s)              \
+        : "m" (s), "m" (d), "m" (c), "m" (b)        \
+        : "r3", "r4", "r5", "r6", "r7", "r8", "r9"  \
+    );
+
+
+#else /* __MACH__ && __APPLE__ */
+
+#define MULADDC_INIT                        \
+    asm(                                    \
+        "ld     %%r3, %3            \n\t"   \
+        "ld     %%r4, %4            \n\t"   \
+        "ld     %%r5, %5            \n\t"   \
+        "ld     %%r6, %6            \n\t"   \
+        "addi   %%r3, %%r3, -8      \n\t"   \
+        "addi   %%r4, %%r4, -8      \n\t"   \
+        "addic  %%r5, %%r5,  0      \n\t"
+
+#define MULADDC_CORE                        \
+        "ldu    %%r7, 8(%%r3)       \n\t"   \
+        "mulld  %%r8, %%r7, %%r6    \n\t"   \
+        "mulhdu %%r9, %%r7, %%r6    \n\t"   \
+        "adde   %%r8, %%r8, %%r5    \n\t"   \
+        "ld     %%r7, 8(%%r4)       \n\t"   \
+        "addze  %%r5, %%r9          \n\t"   \
+        "addc   %%r8, %%r8, %%r7    \n\t"   \
+        "stdu   %%r8, 8(%%r4)       \n\t"
+
+#define MULADDC_STOP                        \
+        "addze  %%r5, %%r5          \n\t"   \
+        "addi   %%r4, %%r4, 8       \n\t"   \
+        "addi   %%r3, %%r3, 8       \n\t"   \
+        "std    %%r5, %0            \n\t"   \
+        "std    %%r4, %1            \n\t"   \
+        "std    %%r3, %2            \n\t"   \
+        : "=m" (c), "=m" (d), "=m" (s)              \
+        : "m" (s), "m" (d), "m" (c), "m" (b)        \
+        : "r3", "r4", "r5", "r6", "r7", "r8", "r9"  \
+    );
+
+#endif /* __MACH__ && __APPLE__ */
+
+#elif defined(__powerpc__) || defined(__ppc__) /* end PPC64/begin PPC32  */
+
+#if defined(__MACH__) && defined(__APPLE__)
+
+#define MULADDC_INIT                    \
+    asm(                                \
+        "lwz    r3, %3          \n\t"   \
+        "lwz    r4, %4          \n\t"   \
+        "lwz    r5, %5          \n\t"   \
+        "lwz    r6, %6          \n\t"   \
+        "addi   r3, r3, -4      \n\t"   \
+        "addi   r4, r4, -4      \n\t"   \
+        "addic  r5, r5,  0      \n\t"
+
+#define MULADDC_CORE                    \
+        "lwzu   r7, 4(r3)       \n\t"   \
+        "mullw  r8, r7, r6      \n\t"   \
+        "mulhwu r9, r7, r6      \n\t"   \
+        "adde   r8, r8, r5      \n\t"   \
+        "lwz    r7, 4(r4)       \n\t"   \
+        "addze  r5, r9          \n\t"   \
+        "addc   r8, r8, r7      \n\t"   \
+        "stwu   r8, 4(r4)       \n\t"
+
+#define MULADDC_STOP                    \
+        "addze  r5, r5          \n\t"   \
+        "addi   r4, r4, 4       \n\t"   \
+        "addi   r3, r3, 4       \n\t"   \
+        "stw    r5, %0          \n\t"   \
+        "stw    r4, %1          \n\t"   \
+        "stw    r3, %2          \n\t"   \
+        : "=m" (c), "=m" (d), "=m" (s)              \
+        : "m" (s), "m" (d), "m" (c), "m" (b)        \
+        : "r3", "r4", "r5", "r6", "r7", "r8", "r9"  \
+    );
+
+#else /* __MACH__ && __APPLE__ */
+
+#define MULADDC_INIT                        \
+    asm(                                    \
+        "lwz    %%r3, %3            \n\t"   \
+        "lwz    %%r4, %4            \n\t"   \
+        "lwz    %%r5, %5            \n\t"   \
+        "lwz    %%r6, %6            \n\t"   \
+        "addi   %%r3, %%r3, -4      \n\t"   \
+        "addi   %%r4, %%r4, -4      \n\t"   \
+        "addic  %%r5, %%r5,  0      \n\t"
+
+#define MULADDC_CORE                        \
+        "lwzu   %%r7, 4(%%r3)       \n\t"   \
+        "mullw  %%r8, %%r7, %%r6    \n\t"   \
+        "mulhwu %%r9, %%r7, %%r6    \n\t"   \
+        "adde   %%r8, %%r8, %%r5    \n\t"   \
+        "lwz    %%r7, 4(%%r4)       \n\t"   \
+        "addze  %%r5, %%r9          \n\t"   \
+        "addc   %%r8, %%r8, %%r7    \n\t"   \
+        "stwu   %%r8, 4(%%r4)       \n\t"
+
+#define MULADDC_STOP                        \
+        "addze  %%r5, %%r5          \n\t"   \
+        "addi   %%r4, %%r4, 4       \n\t"   \
+        "addi   %%r3, %%r3, 4       \n\t"   \
+        "stw    %%r5, %0            \n\t"   \
+        "stw    %%r4, %1            \n\t"   \
+        "stw    %%r3, %2            \n\t"   \
+        : "=m" (c), "=m" (d), "=m" (s)              \
+        : "m" (s), "m" (d), "m" (c), "m" (b)        \
+        : "r3", "r4", "r5", "r6", "r7", "r8", "r9"  \
+    );
+
+#endif /* __MACH__ && __APPLE__ */
+
+#endif /* PPC32 */
+
+/*
+ * The Sparc64 assembly is reported to be broken.
+ * Disable it for now, until we're able to fix it.
+ */
+#if 0 && defined(__sparc__) && defined(__sparc64__)
+
+#define MULADDC_INIT                                    \
+    asm(                                                \
+                "ldx     %3, %%o0               \n\t"   \
+                "ldx     %4, %%o1               \n\t"   \
+                "ld      %5, %%o2               \n\t"   \
+                "ld      %6, %%o3               \n\t"
+
+#define MULADDC_CORE                                    \
+                "ld      [%%o0], %%o4           \n\t"   \
+                "inc     4, %%o0                \n\t"   \
+                "ld      [%%o1], %%o5           \n\t"   \
+                "umul    %%o3, %%o4, %%o4       \n\t"   \
+                "addcc   %%o4, %%o2, %%o4       \n\t"   \
+                "rd      %%y, %%g1              \n\t"   \
+                "addx    %%g1, 0, %%g1          \n\t"   \
+                "addcc   %%o4, %%o5, %%o4       \n\t"   \
+                "st      %%o4, [%%o1]           \n\t"   \
+                "addx    %%g1, 0, %%o2          \n\t"   \
+                "inc     4, %%o1                \n\t"
+
+        #define MULADDC_STOP                            \
+                "st      %%o2, %0               \n\t"   \
+                "stx     %%o1, %1               \n\t"   \
+                "stx     %%o0, %2               \n\t"   \
+        : "=m" (c), "=m" (d), "=m" (s)          \
+        : "m" (s), "m" (d), "m" (c), "m" (b)    \
+        : "g1", "o0", "o1", "o2", "o3", "o4",   \
+          "o5"                                  \
+        );
+#endif /* SPARCv9 */
+
+#if defined(__sparc__) && !defined(__sparc64__)
+
+#define MULADDC_INIT                                    \
+    asm(                                                \
+                "ld      %3, %%o0               \n\t"   \
+                "ld      %4, %%o1               \n\t"   \
+                "ld      %5, %%o2               \n\t"   \
+                "ld      %6, %%o3               \n\t"
+
+#define MULADDC_CORE                                    \
+                "ld      [%%o0], %%o4           \n\t"   \
+                "inc     4, %%o0                \n\t"   \
+                "ld      [%%o1], %%o5           \n\t"   \
+                "umul    %%o3, %%o4, %%o4       \n\t"   \
+                "addcc   %%o4, %%o2, %%o4       \n\t"   \
+                "rd      %%y, %%g1              \n\t"   \
+                "addx    %%g1, 0, %%g1          \n\t"   \
+                "addcc   %%o4, %%o5, %%o4       \n\t"   \
+                "st      %%o4, [%%o1]           \n\t"   \
+                "addx    %%g1, 0, %%o2          \n\t"   \
+                "inc     4, %%o1                \n\t"
+
+#define MULADDC_STOP                                    \
+                "st      %%o2, %0               \n\t"   \
+                "st      %%o1, %1               \n\t"   \
+                "st      %%o0, %2               \n\t"   \
+        : "=m" (c), "=m" (d), "=m" (s)          \
+        : "m" (s), "m" (d), "m" (c), "m" (b)    \
+        : "g1", "o0", "o1", "o2", "o3", "o4",   \
+          "o5"                                  \
+        );
+
+#endif /* SPARCv8 */
+
+#if defined(__microblaze__) || defined(microblaze)
+
+#define MULADDC_INIT                    \
+    asm(                                \
+        "lwi   r3,   %3         \n\t"   \
+        "lwi   r4,   %4         \n\t"   \
+        "lwi   r5,   %5         \n\t"   \
+        "lwi   r6,   %6         \n\t"   \
+        "andi  r7,   r6, 0xffff \n\t"   \
+        "bsrli r6,   r6, 16     \n\t"
+
+#define MULADDC_CORE                    \
+        "lhui  r8,   r3,   0    \n\t"   \
+        "addi  r3,   r3,   2    \n\t"   \
+        "lhui  r9,   r3,   0    \n\t"   \
+        "addi  r3,   r3,   2    \n\t"   \
+        "mul   r10,  r9,  r6    \n\t"   \
+        "mul   r11,  r8,  r7    \n\t"   \
+        "mul   r12,  r9,  r7    \n\t"   \
+        "mul   r13,  r8,  r6    \n\t"   \
+        "bsrli  r8, r10,  16    \n\t"   \
+        "bsrli  r9, r11,  16    \n\t"   \
+        "add   r13, r13,  r8    \n\t"   \
+        "add   r13, r13,  r9    \n\t"   \
+        "bslli r10, r10,  16    \n\t"   \
+        "bslli r11, r11,  16    \n\t"   \
+        "add   r12, r12, r10    \n\t"   \
+        "addc  r13, r13,  r0    \n\t"   \
+        "add   r12, r12, r11    \n\t"   \
+        "addc  r13, r13,  r0    \n\t"   \
+        "lwi   r10,  r4,   0    \n\t"   \
+        "add   r12, r12, r10    \n\t"   \
+        "addc  r13, r13,  r0    \n\t"   \
+        "add   r12, r12,  r5    \n\t"   \
+        "addc   r5, r13,  r0    \n\t"   \
+        "swi   r12,  r4,   0    \n\t"   \
+        "addi   r4,  r4,   4    \n\t"
+
+#define MULADDC_STOP                    \
+        "swi   r5,   %0         \n\t"   \
+        "swi   r4,   %1         \n\t"   \
+        "swi   r3,   %2         \n\t"   \
+        : "=m" (c), "=m" (d), "=m" (s)              \
+        : "m" (s), "m" (d), "m" (c), "m" (b)        \
+        : "r3", "r4"  "r5", "r6", "r7", "r8",       \
+          "r9", "r10", "r11", "r12", "r13"          \
+    );
+
+#endif /* MicroBlaze */
+
+#if defined(__tricore__)
+
+#define MULADDC_INIT                            \
+    asm(                                        \
+        "ld.a   %%a2, %3                \n\t"   \
+        "ld.a   %%a3, %4                \n\t"   \
+        "ld.w   %%d4, %5                \n\t"   \
+        "ld.w   %%d1, %6                \n\t"   \
+        "xor    %%d5, %%d5              \n\t"
+
+#define MULADDC_CORE                            \
+        "ld.w   %%d0,   [%%a2+]         \n\t"   \
+        "madd.u %%e2, %%e4, %%d0, %%d1  \n\t"   \
+        "ld.w   %%d0,   [%%a3]          \n\t"   \
+        "addx   %%d2,    %%d2,  %%d0    \n\t"   \
+        "addc   %%d3,    %%d3,    0     \n\t"   \
+        "mov    %%d4,    %%d3           \n\t"   \
+        "st.w  [%%a3+],  %%d2           \n\t"
+
+#define MULADDC_STOP                            \
+        "st.w   %0, %%d4                \n\t"   \
+        "st.a   %1, %%a3                \n\t"   \
+        "st.a   %2, %%a2                \n\t"   \
+        : "=m" (c), "=m" (d), "=m" (s)          \
+        : "m" (s), "m" (d), "m" (c), "m" (b)    \
+        : "d0", "d1", "e2", "d4", "a2", "a3"    \
+    );
+
+#endif /* TriCore */
+
+#if defined(__arm__)
+
+#if defined(__thumb__) && !defined(__thumb2__)
+
+#define MULADDC_INIT                                    \
+    asm(                                                \
+            "ldr    r0, %3                      \n\t"   \
+            "ldr    r1, %4                      \n\t"   \
+            "ldr    r2, %5                      \n\t"   \
+            "ldr    r3, %6                      \n\t"   \
+            "lsr    r7, r3, #16                 \n\t"   \
+            "mov    r9, r7                      \n\t"   \
+            "lsl    r7, r3, #16                 \n\t"   \
+            "lsr    r7, r7, #16                 \n\t"   \
+            "mov    r8, r7                      \n\t"
+
+#define MULADDC_CORE                                    \
+            "ldmia  r0!, {r6}                   \n\t"   \
+            "lsr    r7, r6, #16                 \n\t"   \
+            "lsl    r6, r6, #16                 \n\t"   \
+            "lsr    r6, r6, #16                 \n\t"   \
+            "mov    r4, r8                      \n\t"   \
+            "mul    r4, r6                      \n\t"   \
+            "mov    r3, r9                      \n\t"   \
+            "mul    r6, r3                      \n\t"   \
+            "mov    r5, r9                      \n\t"   \
+            "mul    r5, r7                      \n\t"   \
+            "mov    r3, r8                      \n\t"   \
+            "mul    r7, r3                      \n\t"   \
+            "lsr    r3, r6, #16                 \n\t"   \
+            "add    r5, r5, r3                  \n\t"   \
+            "lsr    r3, r7, #16                 \n\t"   \
+            "add    r5, r5, r3                  \n\t"   \
+            "add    r4, r4, r2                  \n\t"   \
+            "mov    r2, #0                      \n\t"   \
+            "adc    r5, r2                      \n\t"   \
+            "lsl    r3, r6, #16                 \n\t"   \
+            "add    r4, r4, r3                  \n\t"   \
+            "adc    r5, r2                      \n\t"   \
+            "lsl    r3, r7, #16                 \n\t"   \
+            "add    r4, r4, r3                  \n\t"   \
+            "adc    r5, r2                      \n\t"   \
+            "ldr    r3, [r1]                    \n\t"   \
+            "add    r4, r4, r3                  \n\t"   \
+            "adc    r2, r5                      \n\t"   \
+            "stmia  r1!, {r4}                   \n\t"
+
+#define MULADDC_STOP                                    \
+            "str    r2, %0                      \n\t"   \
+            "str    r1, %1                      \n\t"   \
+            "str    r0, %2                      \n\t"   \
+         : "=m" (c),  "=m" (d), "=m" (s)        \
+         : "m" (s), "m" (d), "m" (c), "m" (b)   \
+         : "r0", "r1", "r2", "r3", "r4", "r5",  \
+           "r6", "r7", "r8", "r9", "cc"         \
+         );
+
+#else
+
+#define MULADDC_INIT                                    \
+    asm(                                                \
+            "ldr    r0, %3                      \n\t"   \
+            "ldr    r1, %4                      \n\t"   \
+            "ldr    r2, %5                      \n\t"   \
+            "ldr    r3, %6                      \n\t"
+
+#define MULADDC_CORE                                    \
+            "ldr    r4, [r0], #4                \n\t"   \
+            "mov    r5, #0                      \n\t"   \
+            "ldr    r6, [r1]                    \n\t"   \
+            "umlal  r2, r5, r3, r4              \n\t"   \
+            "adds   r7, r6, r2                  \n\t"   \
+            "adc    r2, r5, #0                  \n\t"   \
+            "str    r7, [r1], #4                \n\t"
+
+#define MULADDC_STOP                                    \
+            "str    r2, %0                      \n\t"   \
+            "str    r1, %1                      \n\t"   \
+            "str    r0, %2                      \n\t"   \
+         : "=m" (c),  "=m" (d), "=m" (s)        \
+         : "m" (s), "m" (d), "m" (c), "m" (b)   \
+         : "r0", "r1", "r2", "r3", "r4", "r5",  \
+           "r6", "r7", "cc"                     \
+         );
+
+#endif /* Thumb */
+
+#endif /* ARMv3 */
+
+#if defined(__alpha__)
+
+#define MULADDC_INIT                    \
+    asm(                                \
+        "ldq    $1, %3          \n\t"   \
+        "ldq    $2, %4          \n\t"   \
+        "ldq    $3, %5          \n\t"   \
+        "ldq    $4, %6          \n\t"
+
+#define MULADDC_CORE                    \
+        "ldq    $6,  0($1)      \n\t"   \
+        "addq   $1,  8, $1      \n\t"   \
+        "mulq   $6, $4, $7      \n\t"   \
+        "umulh  $6, $4, $6      \n\t"   \
+        "addq   $7, $3, $7      \n\t"   \
+        "cmpult $7, $3, $3      \n\t"   \
+        "ldq    $5,  0($2)      \n\t"   \
+        "addq   $7, $5, $7      \n\t"   \
+        "cmpult $7, $5, $5      \n\t"   \
+        "stq    $7,  0($2)      \n\t"   \
+        "addq   $2,  8, $2      \n\t"   \
+        "addq   $6, $3, $3      \n\t"   \
+        "addq   $5, $3, $3      \n\t"
+
+#define MULADDC_STOP                                    \
+        "stq    $3, %0          \n\t"   \
+        "stq    $2, %1          \n\t"   \
+        "stq    $1, %2          \n\t"   \
+        : "=m" (c), "=m" (d), "=m" (s)              \
+        : "m" (s), "m" (d), "m" (c), "m" (b)        \
+        : "$1", "$2", "$3", "$4", "$5", "$6", "$7"  \
+    );
+#endif /* Alpha */
+
+#if defined(__mips__) && !defined(__mips64)
+
+#define MULADDC_INIT                    \
+    asm(                                \
+        "lw     $10, %3         \n\t"   \
+        "lw     $11, %4         \n\t"   \
+        "lw     $12, %5         \n\t"   \
+        "lw     $13, %6         \n\t"
+
+#define MULADDC_CORE                    \
+        "lw     $14, 0($10)     \n\t"   \
+        "multu  $13, $14        \n\t"   \
+        "addi   $10, $10, 4     \n\t"   \
+        "mflo   $14             \n\t"   \
+        "mfhi   $9              \n\t"   \
+        "addu   $14, $12, $14   \n\t"   \
+        "lw     $15, 0($11)     \n\t"   \
+        "sltu   $12, $14, $12   \n\t"   \
+        "addu   $15, $14, $15   \n\t"   \
+        "sltu   $14, $15, $14   \n\t"   \
+        "addu   $12, $12, $9    \n\t"   \
+        "sw     $15, 0($11)     \n\t"   \
+        "addu   $12, $12, $14   \n\t"   \
+        "addi   $11, $11, 4     \n\t"
+
+#define MULADDC_STOP                    \
+        "sw     $12, %0         \n\t"   \
+        "sw     $11, %1         \n\t"   \
+        "sw     $10, %2         \n\t"   \
+        : "=m" (c), "=m" (d), "=m" (s)                      \
+        : "m" (s), "m" (d), "m" (c), "m" (b)                \
+        : "$9", "$10", "$11", "$12", "$13", "$14", "$15"    \
+    );
+
+#endif /* MIPS */
+#endif /* GNUC */
+
+#if (defined(_MSC_VER) && defined(_M_IX86)) || defined(__WATCOMC__)
+
+#define MULADDC_INIT                            \
+    __asm   mov     esi, s                      \
+    __asm   mov     edi, d                      \
+    __asm   mov     ecx, c                      \
+    __asm   mov     ebx, b
+
+#define MULADDC_CORE                            \
+    __asm   lodsd                               \
+    __asm   mul     ebx                         \
+    __asm   add     eax, ecx                    \
+    __asm   adc     edx, 0                      \
+    __asm   add     eax, [edi]                  \
+    __asm   adc     edx, 0                      \
+    __asm   mov     ecx, edx                    \
+    __asm   stosd
+
+#if defined(MBEDTLS_HAVE_SSE2)
+
+#define EMIT __asm _emit
+
+#define MULADDC_HUIT                            \
+    EMIT 0x0F  EMIT 0x6E  EMIT 0xC9             \
+    EMIT 0x0F  EMIT 0x6E  EMIT 0xC3             \
+    EMIT 0x0F  EMIT 0x6E  EMIT 0x1F             \
+    EMIT 0x0F  EMIT 0xD4  EMIT 0xCB             \
+    EMIT 0x0F  EMIT 0x6E  EMIT 0x16             \
+    EMIT 0x0F  EMIT 0xF4  EMIT 0xD0             \
+    EMIT 0x0F  EMIT 0x6E  EMIT 0x66  EMIT 0x04  \
+    EMIT 0x0F  EMIT 0xF4  EMIT 0xE0             \
+    EMIT 0x0F  EMIT 0x6E  EMIT 0x76  EMIT 0x08  \
+    EMIT 0x0F  EMIT 0xF4  EMIT 0xF0             \
+    EMIT 0x0F  EMIT 0x6E  EMIT 0x7E  EMIT 0x0C  \
+    EMIT 0x0F  EMIT 0xF4  EMIT 0xF8             \
+    EMIT 0x0F  EMIT 0xD4  EMIT 0xCA             \
+    EMIT 0x0F  EMIT 0x6E  EMIT 0x5F  EMIT 0x04  \
+    EMIT 0x0F  EMIT 0xD4  EMIT 0xDC             \
+    EMIT 0x0F  EMIT 0x6E  EMIT 0x6F  EMIT 0x08  \
+    EMIT 0x0F  EMIT 0xD4  EMIT 0xEE             \
+    EMIT 0x0F  EMIT 0x6E  EMIT 0x67  EMIT 0x0C  \
+    EMIT 0x0F  EMIT 0xD4  EMIT 0xFC             \
+    EMIT 0x0F  EMIT 0x7E  EMIT 0x0F             \
+    EMIT 0x0F  EMIT 0x6E  EMIT 0x56  EMIT 0x10  \
+    EMIT 0x0F  EMIT 0xF4  EMIT 0xD0             \
+    EMIT 0x0F  EMIT 0x73  EMIT 0xD1  EMIT 0x20  \
+    EMIT 0x0F  EMIT 0x6E  EMIT 0x66  EMIT 0x14  \
+    EMIT 0x0F  EMIT 0xF4  EMIT 0xE0             \
+    EMIT 0x0F  EMIT 0xD4  EMIT 0xCB             \
+    EMIT 0x0F  EMIT 0x6E  EMIT 0x76  EMIT 0x18  \
+    EMIT 0x0F  EMIT 0xF4  EMIT 0xF0             \
+    EMIT 0x0F  EMIT 0x7E  EMIT 0x4F  EMIT 0x04  \
+    EMIT 0x0F  EMIT 0x73  EMIT 0xD1  EMIT 0x20  \
+    EMIT 0x0F  EMIT 0x6E  EMIT 0x5E  EMIT 0x1C  \
+    EMIT 0x0F  EMIT 0xF4  EMIT 0xD8             \
+    EMIT 0x0F  EMIT 0xD4  EMIT 0xCD             \
+    EMIT 0x0F  EMIT 0x6E  EMIT 0x6F  EMIT 0x10  \
+    EMIT 0x0F  EMIT 0xD4  EMIT 0xD5             \
+    EMIT 0x0F  EMIT 0x7E  EMIT 0x4F  EMIT 0x08  \
+    EMIT 0x0F  EMIT 0x73  EMIT 0xD1  EMIT 0x20  \
+    EMIT 0x0F  EMIT 0xD4  EMIT 0xCF             \
+    EMIT 0x0F  EMIT 0x6E  EMIT 0x6F  EMIT 0x14  \
+    EMIT 0x0F  EMIT 0xD4  EMIT 0xE5             \
+    EMIT 0x0F  EMIT 0x7E  EMIT 0x4F  EMIT 0x0C  \
+    EMIT 0x0F  EMIT 0x73  EMIT 0xD1  EMIT 0x20  \
+    EMIT 0x0F  EMIT 0xD4  EMIT 0xCA             \
+    EMIT 0x0F  EMIT 0x6E  EMIT 0x6F  EMIT 0x18  \
+    EMIT 0x0F  EMIT 0xD4  EMIT 0xF5             \
+    EMIT 0x0F  EMIT 0x7E  EMIT 0x4F  EMIT 0x10  \
+    EMIT 0x0F  EMIT 0x73  EMIT 0xD1  EMIT 0x20  \
+    EMIT 0x0F  EMIT 0xD4  EMIT 0xCC             \
+    EMIT 0x0F  EMIT 0x6E  EMIT 0x6F  EMIT 0x1C  \
+    EMIT 0x0F  EMIT 0xD4  EMIT 0xDD             \
+    EMIT 0x0F  EMIT 0x7E  EMIT 0x4F  EMIT 0x14  \
+    EMIT 0x0F  EMIT 0x73  EMIT 0xD1  EMIT 0x20  \
+    EMIT 0x0F  EMIT 0xD4  EMIT 0xCE             \
+    EMIT 0x0F  EMIT 0x7E  EMIT 0x4F  EMIT 0x18  \
+    EMIT 0x0F  EMIT 0x73  EMIT 0xD1  EMIT 0x20  \
+    EMIT 0x0F  EMIT 0xD4  EMIT 0xCB             \
+    EMIT 0x0F  EMIT 0x7E  EMIT 0x4F  EMIT 0x1C  \
+    EMIT 0x83  EMIT 0xC7  EMIT 0x20             \
+    EMIT 0x83  EMIT 0xC6  EMIT 0x20             \
+    EMIT 0x0F  EMIT 0x73  EMIT 0xD1  EMIT 0x20  \
+    EMIT 0x0F  EMIT 0x7E  EMIT 0xC9
+
+#define MULADDC_STOP                            \
+    EMIT 0x0F  EMIT 0x77                        \
+    __asm   mov     c, ecx                      \
+    __asm   mov     d, edi                      \
+    __asm   mov     s, esi                      \
+
+#else
+
+#define MULADDC_STOP                            \
+    __asm   mov     c, ecx                      \
+    __asm   mov     d, edi                      \
+    __asm   mov     s, esi                      \
+
+#endif /* SSE2 */
+#endif /* MSVC */
+
+#endif /* MBEDTLS_HAVE_ASM */
+
+#if !defined(MULADDC_CORE)
+#if defined(MBEDTLS_HAVE_UDBL)
+
+#define MULADDC_INIT                    \
+{                                       \
+    mbedtls_t_udbl r;                           \
+    mbedtls_mpi_uint r0, r1;
+
+#define MULADDC_CORE                    \
+    r   = *(s++) * (mbedtls_t_udbl) b;          \
+    r0  = (mbedtls_mpi_uint) r;                   \
+    r1  = (mbedtls_mpi_uint)( r >> biL );         \
+    r0 += c;  r1 += (r0 <  c);          \
+    r0 += *d; r1 += (r0 < *d);          \
+    c = r1; *(d++) = r0;
+
+#define MULADDC_STOP                    \
+}
+
+#else
+#define MULADDC_INIT                    \
+{                                       \
+    mbedtls_mpi_uint s0, s1, b0, b1;              \
+    mbedtls_mpi_uint r0, r1, rx, ry;              \
+    b0 = ( b << biH ) >> biH;           \
+    b1 = ( b >> biH );
+
+#define MULADDC_CORE                    \
+    s0 = ( *s << biH ) >> biH;          \
+    s1 = ( *s >> biH ); s++;            \
+    rx = s0 * b1; r0 = s0 * b0;         \
+    ry = s1 * b0; r1 = s1 * b1;         \
+    r1 += ( rx >> biH );                \
+    r1 += ( ry >> biH );                \
+    rx <<= biH; ry <<= biH;             \
+    r0 += rx; r1 += (r0 < rx);          \
+    r0 += ry; r1 += (r0 < ry);          \
+    r0 +=  c; r1 += (r0 <  c);          \
+    r0 += *d; r1 += (r0 < *d);          \
+    c = r1; *(d++) = r0;
+
+#define MULADDC_STOP                    \
+}
+
+#endif /* C (generic)  */
+#endif /* C (longlong) */
+
+#endif /* bn_mul.h */
diff --git a/client/3rd/ShadowSocks/ShadowSocks/mbedtls/include/mbedtls/camellia.h b/client/3rd/ShadowSocks/ShadowSocks/mbedtls/include/mbedtls/camellia.h
new file mode 100644
index 00000000..0424d623
--- /dev/null
+++ b/client/3rd/ShadowSocks/ShadowSocks/mbedtls/include/mbedtls/camellia.h
@@ -0,0 +1,235 @@
+/**
+ * \file camellia.h
+ *
+ * \brief Camellia block cipher
+ *
+ *  Copyright (C) 2006-2015, ARM Limited, All Rights Reserved
+ *  SPDX-License-Identifier: Apache-2.0
+ *
+ *  Licensed under the Apache License, Version 2.0 (the "License"); you may
+ *  not use this file except in compliance with the License.
+ *  You may obtain a copy of the License at
+ *
+ *  http://www.apache.org/licenses/LICENSE-2.0
+ *
+ *  Unless required by applicable law or agreed to in writing, software
+ *  distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
+ *  WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ *  See the License for the specific language governing permissions and
+ *  limitations under the License.
+ *
+ *  This file is part of mbed TLS (https://tls.mbed.org)
+ */
+#ifndef MBEDTLS_CAMELLIA_H
+#define MBEDTLS_CAMELLIA_H
+
+#if !defined(MBEDTLS_CONFIG_FILE)
+#include "config.h"
+#else
+#include MBEDTLS_CONFIG_FILE
+#endif
+
+#include <stddef.h>
+#include <stdint.h>
+
+#define MBEDTLS_CAMELLIA_ENCRYPT     1
+#define MBEDTLS_CAMELLIA_DECRYPT     0
+
+#define MBEDTLS_ERR_CAMELLIA_INVALID_KEY_LENGTH           -0x0024  /**< Invalid key length. */
+#define MBEDTLS_ERR_CAMELLIA_INVALID_INPUT_LENGTH         -0x0026  /**< Invalid data input length. */
+
+#if !defined(MBEDTLS_CAMELLIA_ALT)
+// Regular implementation
+//
+
+#ifdef __cplusplus
+extern "C" {
+#endif
+
+/**
+ * \brief          CAMELLIA context structure
+ */
+typedef struct
+{
+    int nr;                     /*!<  number of rounds  */
+    uint32_t rk[68];            /*!<  CAMELLIA round keys    */
+}
+mbedtls_camellia_context;
+
+/**
+ * \brief          Initialize CAMELLIA context
+ *
+ * \param ctx      CAMELLIA context to be initialized
+ */
+void mbedtls_camellia_init( mbedtls_camellia_context *ctx );
+
+/**
+ * \brief          Clear CAMELLIA context
+ *
+ * \param ctx      CAMELLIA context to be cleared
+ */
+void mbedtls_camellia_free( mbedtls_camellia_context *ctx );
+
+/**
+ * \brief          CAMELLIA key schedule (encryption)
+ *
+ * \param ctx      CAMELLIA context to be initialized
+ * \param key      encryption key
+ * \param keybits  must be 128, 192 or 256
+ *
+ * \return         0 if successful, or MBEDTLS_ERR_CAMELLIA_INVALID_KEY_LENGTH
+ */
+int mbedtls_camellia_setkey_enc( mbedtls_camellia_context *ctx, const unsigned char *key,
+                         unsigned int keybits );
+
+/**
+ * \brief          CAMELLIA key schedule (decryption)
+ *
+ * \param ctx      CAMELLIA context to be initialized
+ * \param key      decryption key
+ * \param keybits  must be 128, 192 or 256
+ *
+ * \return         0 if successful, or MBEDTLS_ERR_CAMELLIA_INVALID_KEY_LENGTH
+ */
+int mbedtls_camellia_setkey_dec( mbedtls_camellia_context *ctx, const unsigned char *key,
+                         unsigned int keybits );
+
+/**
+ * \brief          CAMELLIA-ECB block encryption/decryption
+ *
+ * \param ctx      CAMELLIA context
+ * \param mode     MBEDTLS_CAMELLIA_ENCRYPT or MBEDTLS_CAMELLIA_DECRYPT
+ * \param input    16-byte input block
+ * \param output   16-byte output block
+ *
+ * \return         0 if successful
+ */
+int mbedtls_camellia_crypt_ecb( mbedtls_camellia_context *ctx,
+                    int mode,
+                    const unsigned char input[16],
+                    unsigned char output[16] );
+
+#if defined(MBEDTLS_CIPHER_MODE_CBC)
+/**
+ * \brief          CAMELLIA-CBC buffer encryption/decryption
+ *                 Length should be a multiple of the block
+ *                 size (16 bytes)
+ *
+ * \note           Upon exit, the content of the IV is updated so that you can
+ *                 call the function same function again on the following
+ *                 block(s) of data and get the same result as if it was
+ *                 encrypted in one call. This allows a "streaming" usage.
+ *                 If on the other hand you need to retain the contents of the
+ *                 IV, you should either save it manually or use the cipher
+ *                 module instead.
+ *
+ * \param ctx      CAMELLIA context
+ * \param mode     MBEDTLS_CAMELLIA_ENCRYPT or MBEDTLS_CAMELLIA_DECRYPT
+ * \param length   length of the input data
+ * \param iv       initialization vector (updated after use)
+ * \param input    buffer holding the input data
+ * \param output   buffer holding the output data
+ *
+ * \return         0 if successful, or
+ *                 MBEDTLS_ERR_CAMELLIA_INVALID_INPUT_LENGTH
+ */
+int mbedtls_camellia_crypt_cbc( mbedtls_camellia_context *ctx,
+                    int mode,
+                    size_t length,
+                    unsigned char iv[16],
+                    const unsigned char *input,
+                    unsigned char *output );
+#endif /* MBEDTLS_CIPHER_MODE_CBC */
+
+#if defined(MBEDTLS_CIPHER_MODE_CFB)
+/**
+ * \brief          CAMELLIA-CFB128 buffer encryption/decryption
+ *
+ * Note: Due to the nature of CFB you should use the same key schedule for
+ * both encryption and decryption. So a context initialized with
+ * mbedtls_camellia_setkey_enc() for both MBEDTLS_CAMELLIA_ENCRYPT and CAMELLIE_DECRYPT.
+ *
+ * \note           Upon exit, the content of the IV is updated so that you can
+ *                 call the function same function again on the following
+ *                 block(s) of data and get the same result as if it was
+ *                 encrypted in one call. This allows a "streaming" usage.
+ *                 If on the other hand you need to retain the contents of the
+ *                 IV, you should either save it manually or use the cipher
+ *                 module instead.
+ *
+ * \param ctx      CAMELLIA context
+ * \param mode     MBEDTLS_CAMELLIA_ENCRYPT or MBEDTLS_CAMELLIA_DECRYPT
+ * \param length   length of the input data
+ * \param iv_off   offset in IV (updated after use)
+ * \param iv       initialization vector (updated after use)
+ * \param input    buffer holding the input data
+ * \param output   buffer holding the output data
+ *
+ * \return         0 if successful, or
+ *                 MBEDTLS_ERR_CAMELLIA_INVALID_INPUT_LENGTH
+ */
+int mbedtls_camellia_crypt_cfb128( mbedtls_camellia_context *ctx,
+                       int mode,
+                       size_t length,
+                       size_t *iv_off,
+                       unsigned char iv[16],
+                       const unsigned char *input,
+                       unsigned char *output );
+#endif /* MBEDTLS_CIPHER_MODE_CFB */
+
+#if defined(MBEDTLS_CIPHER_MODE_CTR)
+/**
+ * \brief               CAMELLIA-CTR buffer encryption/decryption
+ *
+ * Warning: You have to keep the maximum use of your counter in mind!
+ *
+ * Note: Due to the nature of CTR you should use the same key schedule for
+ * both encryption and decryption. So a context initialized with
+ * mbedtls_camellia_setkey_enc() for both MBEDTLS_CAMELLIA_ENCRYPT and MBEDTLS_CAMELLIA_DECRYPT.
+ *
+ * \param ctx           CAMELLIA context
+ * \param length        The length of the data
+ * \param nc_off        The offset in the current stream_block (for resuming
+ *                      within current cipher stream). The offset pointer to
+ *                      should be 0 at the start of a stream.
+ * \param nonce_counter The 128-bit nonce and counter.
+ * \param stream_block  The saved stream-block for resuming. Is overwritten
+ *                      by the function.
+ * \param input         The input data stream
+ * \param output        The output data stream
+ *
+ * \return         0 if successful
+ */
+int mbedtls_camellia_crypt_ctr( mbedtls_camellia_context *ctx,
+                       size_t length,
+                       size_t *nc_off,
+                       unsigned char nonce_counter[16],
+                       unsigned char stream_block[16],
+                       const unsigned char *input,
+                       unsigned char *output );
+#endif /* MBEDTLS_CIPHER_MODE_CTR */
+
+#ifdef __cplusplus
+}
+#endif
+
+#else  /* MBEDTLS_CAMELLIA_ALT */
+#include "camellia_alt.h"
+#endif /* MBEDTLS_CAMELLIA_ALT */
+
+#ifdef __cplusplus
+extern "C" {
+#endif
+
+/**
+ * \brief          Checkup routine
+ *
+ * \return         0 if successful, or 1 if the test failed
+ */
+int mbedtls_camellia_self_test( int verbose );
+
+#ifdef __cplusplus
+}
+#endif
+
+#endif /* camellia.h */
diff --git a/client/3rd/ShadowSocks/ShadowSocks/mbedtls/include/mbedtls/ccm.h b/client/3rd/ShadowSocks/ShadowSocks/mbedtls/include/mbedtls/ccm.h
new file mode 100644
index 00000000..ef75839b
--- /dev/null
+++ b/client/3rd/ShadowSocks/ShadowSocks/mbedtls/include/mbedtls/ccm.h
@@ -0,0 +1,141 @@
+/**
+ * \file ccm.h
+ *
+ * \brief Counter with CBC-MAC (CCM) for 128-bit block ciphers
+ *
+ *  Copyright (C) 2006-2015, ARM Limited, All Rights Reserved
+ *  SPDX-License-Identifier: Apache-2.0
+ *
+ *  Licensed under the Apache License, Version 2.0 (the "License"); you may
+ *  not use this file except in compliance with the License.
+ *  You may obtain a copy of the License at
+ *
+ *  http://www.apache.org/licenses/LICENSE-2.0
+ *
+ *  Unless required by applicable law or agreed to in writing, software
+ *  distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
+ *  WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ *  See the License for the specific language governing permissions and
+ *  limitations under the License.
+ *
+ *  This file is part of mbed TLS (https://tls.mbed.org)
+ */
+#ifndef MBEDTLS_CCM_H
+#define MBEDTLS_CCM_H
+
+#include "cipher.h"
+
+#define MBEDTLS_ERR_CCM_BAD_INPUT      -0x000D /**< Bad input parameters to function. */
+#define MBEDTLS_ERR_CCM_AUTH_FAILED    -0x000F /**< Authenticated decryption failed. */
+
+#ifdef __cplusplus
+extern "C" {
+#endif
+
+/**
+ * \brief          CCM context structure
+ */
+typedef struct {
+    mbedtls_cipher_context_t cipher_ctx;    /*!< cipher context used */
+}
+mbedtls_ccm_context;
+
+/**
+ * \brief           Initialize CCM context (just makes references valid)
+ *                  Makes the context ready for mbedtls_ccm_setkey() or
+ *                  mbedtls_ccm_free().
+ *
+ * \param ctx       CCM context to initialize
+ */
+void mbedtls_ccm_init( mbedtls_ccm_context *ctx );
+
+/**
+ * \brief           CCM initialization (encryption and decryption)
+ *
+ * \param ctx       CCM context to be initialized
+ * \param cipher    cipher to use (a 128-bit block cipher)
+ * \param key       encryption key
+ * \param keybits   key size in bits (must be acceptable by the cipher)
+ *
+ * \return          0 if successful, or a cipher specific error code
+ */
+int mbedtls_ccm_setkey( mbedtls_ccm_context *ctx,
+                        mbedtls_cipher_id_t cipher,
+                        const unsigned char *key,
+                        unsigned int keybits );
+
+/**
+ * \brief           Free a CCM context and underlying cipher sub-context
+ *
+ * \param ctx       CCM context to free
+ */
+void mbedtls_ccm_free( mbedtls_ccm_context *ctx );
+
+/**
+ * \brief           CCM buffer encryption
+ *
+ * \param ctx       CCM context
+ * \param length    length of the input data in bytes
+ * \param iv        nonce (initialization vector)
+ * \param iv_len    length of IV in bytes
+ *                  must be 2, 3, 4, 5, 6, 7 or 8
+ * \param add       additional data
+ * \param add_len   length of additional data in bytes
+ *                  must be less than 2^16 - 2^8
+ * \param input     buffer holding the input data
+ * \param output    buffer for holding the output data
+ *                  must be at least 'length' bytes wide
+ * \param tag       buffer for holding the tag
+ * \param tag_len   length of the tag to generate in bytes
+ *                  must be 4, 6, 8, 10, 14 or 16
+ *
+ * \note            The tag is written to a separate buffer. To get the tag
+ *                  concatenated with the output as in the CCM spec, use
+ *                  tag = output + length and make sure the output buffer is
+ *                  at least length + tag_len wide.
+ *
+ * \return          0 if successful
+ */
+int mbedtls_ccm_encrypt_and_tag( mbedtls_ccm_context *ctx, size_t length,
+                         const unsigned char *iv, size_t iv_len,
+                         const unsigned char *add, size_t add_len,
+                         const unsigned char *input, unsigned char *output,
+                         unsigned char *tag, size_t tag_len );
+
+/**
+ * \brief           CCM buffer authenticated decryption
+ *
+ * \param ctx       CCM context
+ * \param length    length of the input data
+ * \param iv        initialization vector
+ * \param iv_len    length of IV
+ * \param add       additional data
+ * \param add_len   length of additional data
+ * \param input     buffer holding the input data
+ * \param output    buffer for holding the output data
+ * \param tag       buffer holding the tag
+ * \param tag_len   length of the tag
+ *
+ * \return         0 if successful and authenticated,
+ *                 MBEDTLS_ERR_CCM_AUTH_FAILED if tag does not match
+ */
+int mbedtls_ccm_auth_decrypt( mbedtls_ccm_context *ctx, size_t length,
+                      const unsigned char *iv, size_t iv_len,
+                      const unsigned char *add, size_t add_len,
+                      const unsigned char *input, unsigned char *output,
+                      const unsigned char *tag, size_t tag_len );
+
+#if defined(MBEDTLS_SELF_TEST) && defined(MBEDTLS_AES_C)
+/**
+ * \brief          Checkup routine
+ *
+ * \return         0 if successful, or 1 if the test failed
+ */
+int mbedtls_ccm_self_test( int verbose );
+#endif /* MBEDTLS_SELF_TEST && MBEDTLS_AES_C */
+
+#ifdef __cplusplus
+}
+#endif
+
+#endif /* MBEDTLS_CCM_H */
diff --git a/client/3rd/ShadowSocks/ShadowSocks/mbedtls/include/mbedtls/certs.h b/client/3rd/ShadowSocks/ShadowSocks/mbedtls/include/mbedtls/certs.h
new file mode 100644
index 00000000..ca49086e
--- /dev/null
+++ b/client/3rd/ShadowSocks/ShadowSocks/mbedtls/include/mbedtls/certs.h
@@ -0,0 +1,99 @@
+/**
+ * \file certs.h
+ *
+ * \brief Sample certificates and DHM parameters for testing
+ *
+ *  Copyright (C) 2006-2015, ARM Limited, All Rights Reserved
+ *  SPDX-License-Identifier: Apache-2.0
+ *
+ *  Licensed under the Apache License, Version 2.0 (the "License"); you may
+ *  not use this file except in compliance with the License.
+ *  You may obtain a copy of the License at
+ *
+ *  http://www.apache.org/licenses/LICENSE-2.0
+ *
+ *  Unless required by applicable law or agreed to in writing, software
+ *  distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
+ *  WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ *  See the License for the specific language governing permissions and
+ *  limitations under the License.
+ *
+ *  This file is part of mbed TLS (https://tls.mbed.org)
+ */
+#ifndef MBEDTLS_CERTS_H
+#define MBEDTLS_CERTS_H
+
+#include <stddef.h>
+
+#ifdef __cplusplus
+extern "C" {
+#endif
+
+#if defined(MBEDTLS_PEM_PARSE_C)
+/* Concatenation of all CA certificates in PEM format if available */
+extern const char   mbedtls_test_cas_pem[];
+extern const size_t mbedtls_test_cas_pem_len;
+#endif
+
+/* List of all CA certificates, terminated by NULL */
+extern const char * mbedtls_test_cas[];
+extern const size_t mbedtls_test_cas_len[];
+
+/*
+ * Convenience for users who just want a certificate:
+ * RSA by default, or ECDSA if RSA is not available
+ */
+extern const char * mbedtls_test_ca_crt;
+extern const size_t mbedtls_test_ca_crt_len;
+extern const char * mbedtls_test_ca_key;
+extern const size_t mbedtls_test_ca_key_len;
+extern const char * mbedtls_test_ca_pwd;
+extern const size_t mbedtls_test_ca_pwd_len;
+extern const char * mbedtls_test_srv_crt;
+extern const size_t mbedtls_test_srv_crt_len;
+extern const char * mbedtls_test_srv_key;
+extern const size_t mbedtls_test_srv_key_len;
+extern const char * mbedtls_test_cli_crt;
+extern const size_t mbedtls_test_cli_crt_len;
+extern const char * mbedtls_test_cli_key;
+extern const size_t mbedtls_test_cli_key_len;
+
+#if defined(MBEDTLS_ECDSA_C)
+extern const char   mbedtls_test_ca_crt_ec[];
+extern const size_t mbedtls_test_ca_crt_ec_len;
+extern const char   mbedtls_test_ca_key_ec[];
+extern const size_t mbedtls_test_ca_key_ec_len;
+extern const char   mbedtls_test_ca_pwd_ec[];
+extern const size_t mbedtls_test_ca_pwd_ec_len;
+extern const char   mbedtls_test_srv_crt_ec[];
+extern const size_t mbedtls_test_srv_crt_ec_len;
+extern const char   mbedtls_test_srv_key_ec[];
+extern const size_t mbedtls_test_srv_key_ec_len;
+extern const char   mbedtls_test_cli_crt_ec[];
+extern const size_t mbedtls_test_cli_crt_ec_len;
+extern const char   mbedtls_test_cli_key_ec[];
+extern const size_t mbedtls_test_cli_key_ec_len;
+#endif
+
+#if defined(MBEDTLS_RSA_C)
+extern const char   mbedtls_test_ca_crt_rsa[];
+extern const size_t mbedtls_test_ca_crt_rsa_len;
+extern const char   mbedtls_test_ca_key_rsa[];
+extern const size_t mbedtls_test_ca_key_rsa_len;
+extern const char   mbedtls_test_ca_pwd_rsa[];
+extern const size_t mbedtls_test_ca_pwd_rsa_len;
+extern const char   mbedtls_test_srv_crt_rsa[];
+extern const size_t mbedtls_test_srv_crt_rsa_len;
+extern const char   mbedtls_test_srv_key_rsa[];
+extern const size_t mbedtls_test_srv_key_rsa_len;
+extern const char   mbedtls_test_cli_crt_rsa[];
+extern const size_t mbedtls_test_cli_crt_rsa_len;
+extern const char   mbedtls_test_cli_key_rsa[];
+extern const size_t mbedtls_test_cli_key_rsa_len;
+#endif
+
+#ifdef __cplusplus
+}
+#endif
+
+#endif /* certs.h */
diff --git a/client/3rd/ShadowSocks/ShadowSocks/mbedtls/include/mbedtls/check_config.h b/client/3rd/ShadowSocks/ShadowSocks/mbedtls/include/mbedtls/check_config.h
new file mode 100644
index 00000000..8dadbe1c
--- /dev/null
+++ b/client/3rd/ShadowSocks/ShadowSocks/mbedtls/include/mbedtls/check_config.h
@@ -0,0 +1,529 @@
+/**
+ * \file check_config.h
+ *
+ * \brief Consistency checks for configuration options
+ *
+ *  Copyright (C) 2006-2015, ARM Limited, All Rights Reserved
+ *  SPDX-License-Identifier: Apache-2.0
+ *
+ *  Licensed under the Apache License, Version 2.0 (the "License"); you may
+ *  not use this file except in compliance with the License.
+ *  You may obtain a copy of the License at
+ *
+ *  http://www.apache.org/licenses/LICENSE-2.0
+ *
+ *  Unless required by applicable law or agreed to in writing, software
+ *  distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
+ *  WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ *  See the License for the specific language governing permissions and
+ *  limitations under the License.
+ *
+ *  This file is part of mbed TLS (https://tls.mbed.org)
+ */
+
+/*
+ * It is recommended to include this file from your config.h
+ * in order to catch dependency issues early.
+ */
+
+#ifndef MBEDTLS_CHECK_CONFIG_H
+#define MBEDTLS_CHECK_CONFIG_H
+
+/*
+ * We assume CHAR_BIT is 8 in many places. In practice, this is true on our
+ * target platforms, so not an issue, but let's just be extra sure.
+ */
+#include <limits.h>
+#if CHAR_BIT != 8
+#error "mbed TLS requires a platform with 8-bit chars"
+#endif
+
+#if defined(_WIN32)
+#if !defined(MBEDTLS_PLATFORM_C)
+#error "MBEDTLS_PLATFORM_C is required on Windows"
+#endif
+
+/* Fix the config here. Not convenient to put an #ifdef _WIN32 in config.h as
+ * it would confuse config.pl. */
+#if !defined(MBEDTLS_PLATFORM_SNPRINTF_ALT) && \
+    !defined(MBEDTLS_PLATFORM_SNPRINTF_MACRO)
+#define MBEDTLS_PLATFORM_SNPRINTF_ALT
+#endif
+#endif /* _WIN32 */
+
+#if defined(TARGET_LIKE_MBED) && \
+    ( defined(MBEDTLS_NET_C) || defined(MBEDTLS_TIMING_C) )
+#error "The NET and TIMING modules are not available for mbed OS - please use the network and timing functions provided by mbed OS"
+#endif
+
+#if defined(MBEDTLS_DEPRECATED_WARNING) && \
+    !defined(__GNUC__) && !defined(__clang__)
+#error "MBEDTLS_DEPRECATED_WARNING only works with GCC and Clang"
+#endif
+
+#if defined(MBEDTLS_HAVE_TIME_DATE) && !defined(MBEDTLS_HAVE_TIME)
+#error "MBEDTLS_HAVE_TIME_DATE without MBEDTLS_HAVE_TIME does not make sense"
+#endif
+
+#if defined(MBEDTLS_AESNI_C) && !defined(MBEDTLS_HAVE_ASM)
+#error "MBEDTLS_AESNI_C defined, but not all prerequisites"
+#endif
+
+#if defined(MBEDTLS_CTR_DRBG_C) && !defined(MBEDTLS_AES_C)
+#error "MBEDTLS_CTR_DRBG_C defined, but not all prerequisites"
+#endif
+
+#if defined(MBEDTLS_DHM_C) && !defined(MBEDTLS_BIGNUM_C)
+#error "MBEDTLS_DHM_C defined, but not all prerequisites"
+#endif
+
+#if defined(MBEDTLS_ECDH_C) && !defined(MBEDTLS_ECP_C)
+#error "MBEDTLS_ECDH_C defined, but not all prerequisites"
+#endif
+
+#if defined(MBEDTLS_ECDSA_C) &&            \
+    ( !defined(MBEDTLS_ECP_C) ||           \
+      !defined(MBEDTLS_ASN1_PARSE_C) ||    \
+      !defined(MBEDTLS_ASN1_WRITE_C) )
+#error "MBEDTLS_ECDSA_C defined, but not all prerequisites"
+#endif
+
+#if defined(MBEDTLS_ECDSA_DETERMINISTIC) && !defined(MBEDTLS_HMAC_DRBG_C)
+#error "MBEDTLS_ECDSA_DETERMINISTIC defined, but not all prerequisites"
+#endif
+
+#if defined(MBEDTLS_ECP_C) && ( !defined(MBEDTLS_BIGNUM_C) || (   \
+    !defined(MBEDTLS_ECP_DP_SECP192R1_ENABLED) &&                  \
+    !defined(MBEDTLS_ECP_DP_SECP224R1_ENABLED) &&                  \
+    !defined(MBEDTLS_ECP_DP_SECP256R1_ENABLED) &&                  \
+    !defined(MBEDTLS_ECP_DP_SECP384R1_ENABLED) &&                  \
+    !defined(MBEDTLS_ECP_DP_SECP521R1_ENABLED) &&                  \
+    !defined(MBEDTLS_ECP_DP_BP256R1_ENABLED)   &&                  \
+    !defined(MBEDTLS_ECP_DP_BP384R1_ENABLED)   &&                  \
+    !defined(MBEDTLS_ECP_DP_BP512R1_ENABLED)   &&                  \
+    !defined(MBEDTLS_ECP_DP_SECP192K1_ENABLED) &&                  \
+    !defined(MBEDTLS_ECP_DP_SECP224K1_ENABLED) &&                  \
+    !defined(MBEDTLS_ECP_DP_SECP256K1_ENABLED) ) )
+#error "MBEDTLS_ECP_C defined, but not all prerequisites"
+#endif
+
+#if defined(MBEDTLS_ENTROPY_C) && (!defined(MBEDTLS_SHA512_C) &&      \
+                                    !defined(MBEDTLS_SHA256_C))
+#error "MBEDTLS_ENTROPY_C defined, but not all prerequisites"
+#endif
+#if defined(MBEDTLS_ENTROPY_C) && defined(MBEDTLS_SHA512_C) &&         \
+    defined(MBEDTLS_CTR_DRBG_ENTROPY_LEN) && (MBEDTLS_CTR_DRBG_ENTROPY_LEN > 64)
+#error "MBEDTLS_CTR_DRBG_ENTROPY_LEN value too high"
+#endif
+#if defined(MBEDTLS_ENTROPY_C) &&                                            \
+    ( !defined(MBEDTLS_SHA512_C) || defined(MBEDTLS_ENTROPY_FORCE_SHA256) ) \
+    && defined(MBEDTLS_CTR_DRBG_ENTROPY_LEN) && (MBEDTLS_CTR_DRBG_ENTROPY_LEN > 32)
+#error "MBEDTLS_CTR_DRBG_ENTROPY_LEN value too high"
+#endif
+#if defined(MBEDTLS_ENTROPY_C) && \
+    defined(MBEDTLS_ENTROPY_FORCE_SHA256) && !defined(MBEDTLS_SHA256_C)
+#error "MBEDTLS_ENTROPY_FORCE_SHA256 defined, but not all prerequisites"
+#endif
+
+#if defined(MBEDTLS_GCM_C) && (                                        \
+        !defined(MBEDTLS_AES_C) && !defined(MBEDTLS_CAMELLIA_C) )
+#error "MBEDTLS_GCM_C defined, but not all prerequisites"
+#endif
+
+#if defined(MBEDTLS_HAVEGE_C) && !defined(MBEDTLS_TIMING_C)
+#error "MBEDTLS_HAVEGE_C defined, but not all prerequisites"
+#endif
+
+#if defined(MBEDTLS_HMAC_DRBG_C) && !defined(MBEDTLS_MD_C)
+#error "MBEDTLS_HMAC_DRBG_C defined, but not all prerequisites"
+#endif
+
+#if defined(MBEDTLS_KEY_EXCHANGE_ECDH_ECDSA_ENABLED) &&                 \
+    ( !defined(MBEDTLS_ECDH_C) || !defined(MBEDTLS_X509_CRT_PARSE_C) )
+#error "MBEDTLS_KEY_EXCHANGE_ECDH_ECDSA_ENABLED defined, but not all prerequisites"
+#endif
+
+#if defined(MBEDTLS_KEY_EXCHANGE_ECDH_RSA_ENABLED) &&                 \
+    ( !defined(MBEDTLS_ECDH_C) || !defined(MBEDTLS_X509_CRT_PARSE_C) )
+#error "MBEDTLS_KEY_EXCHANGE_ECDH_RSA_ENABLED defined, but not all prerequisites"
+#endif
+
+#if defined(MBEDTLS_KEY_EXCHANGE_DHE_PSK_ENABLED) && !defined(MBEDTLS_DHM_C)
+#error "MBEDTLS_KEY_EXCHANGE_DHE_PSK_ENABLED defined, but not all prerequisites"
+#endif
+
+#if defined(MBEDTLS_KEY_EXCHANGE_ECDHE_PSK_ENABLED) &&                     \
+    !defined(MBEDTLS_ECDH_C)
+#error "MBEDTLS_KEY_EXCHANGE_ECDHE_PSK_ENABLED defined, but not all prerequisites"
+#endif
+
+#if defined(MBEDTLS_KEY_EXCHANGE_DHE_RSA_ENABLED) &&                   \
+    ( !defined(MBEDTLS_DHM_C) || !defined(MBEDTLS_RSA_C) ||           \
+      !defined(MBEDTLS_X509_CRT_PARSE_C) || !defined(MBEDTLS_PKCS1_V15) )
+#error "MBEDTLS_KEY_EXCHANGE_DHE_RSA_ENABLED defined, but not all prerequisites"
+#endif
+
+#if defined(MBEDTLS_KEY_EXCHANGE_ECDHE_RSA_ENABLED) &&                 \
+    ( !defined(MBEDTLS_ECDH_C) || !defined(MBEDTLS_RSA_C) ||          \
+      !defined(MBEDTLS_X509_CRT_PARSE_C) || !defined(MBEDTLS_PKCS1_V15) )
+#error "MBEDTLS_KEY_EXCHANGE_ECDHE_RSA_ENABLED defined, but not all prerequisites"
+#endif
+
+#if defined(MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA_ENABLED) &&                 \
+    ( !defined(MBEDTLS_ECDH_C) || !defined(MBEDTLS_ECDSA_C) ||          \
+      !defined(MBEDTLS_X509_CRT_PARSE_C) )
+#error "MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA_ENABLED defined, but not all prerequisites"
+#endif
+
+#if defined(MBEDTLS_KEY_EXCHANGE_RSA_PSK_ENABLED) &&                   \
+    ( !defined(MBEDTLS_RSA_C) || !defined(MBEDTLS_X509_CRT_PARSE_C) || \
+      !defined(MBEDTLS_PKCS1_V15) )
+#error "MBEDTLS_KEY_EXCHANGE_RSA_PSK_ENABLED defined, but not all prerequisites"
+#endif
+
+#if defined(MBEDTLS_KEY_EXCHANGE_RSA_ENABLED) &&                       \
+    ( !defined(MBEDTLS_RSA_C) || !defined(MBEDTLS_X509_CRT_PARSE_C) || \
+      !defined(MBEDTLS_PKCS1_V15) )
+#error "MBEDTLS_KEY_EXCHANGE_RSA_ENABLED defined, but not all prerequisites"
+#endif
+
+#if defined(MBEDTLS_MEMORY_BUFFER_ALLOC_C) &&                          \
+    ( !defined(MBEDTLS_PLATFORM_C) || !defined(MBEDTLS_PLATFORM_MEMORY) )
+#error "MBEDTLS_MEMORY_BUFFER_ALLOC_C defined, but not all prerequisites"
+#endif
+
+#if defined(MBEDTLS_PADLOCK_C) && !defined(MBEDTLS_HAVE_ASM)
+#error "MBEDTLS_PADLOCK_C defined, but not all prerequisites"
+#endif
+
+#if defined(MBEDTLS_PEM_PARSE_C) && !defined(MBEDTLS_BASE64_C)
+#error "MBEDTLS_PEM_PARSE_C defined, but not all prerequisites"
+#endif
+
+#if defined(MBEDTLS_PEM_WRITE_C) && !defined(MBEDTLS_BASE64_C)
+#error "MBEDTLS_PEM_WRITE_C defined, but not all prerequisites"
+#endif
+
+#if defined(MBEDTLS_PK_C) && \
+    ( !defined(MBEDTLS_RSA_C) && !defined(MBEDTLS_ECP_C) )
+#error "MBEDTLS_PK_C defined, but not all prerequisites"
+#endif
+
+#if defined(MBEDTLS_PK_PARSE_C) && !defined(MBEDTLS_PK_C)
+#error "MBEDTLS_PK_PARSE_C defined, but not all prerequisites"
+#endif
+
+#if defined(MBEDTLS_PK_WRITE_C) && !defined(MBEDTLS_PK_C)
+#error "MBEDTLS_PK_WRITE_C defined, but not all prerequisites"
+#endif
+
+#if defined(MBEDTLS_PKCS11_C) && !defined(MBEDTLS_PK_C)
+#error "MBEDTLS_PKCS11_C defined, but not all prerequisites"
+#endif
+
+#if defined(MBEDTLS_PLATFORM_EXIT_ALT) && !defined(MBEDTLS_PLATFORM_C)
+#error "MBEDTLS_PLATFORM_EXIT_ALT defined, but not all prerequisites"
+#endif
+
+#if defined(MBEDTLS_PLATFORM_EXIT_MACRO) && !defined(MBEDTLS_PLATFORM_C)
+#error "MBEDTLS_PLATFORM_EXIT_MACRO defined, but not all prerequisites"
+#endif
+
+#if defined(MBEDTLS_PLATFORM_EXIT_MACRO) &&\
+    ( defined(MBEDTLS_PLATFORM_STD_EXIT) ||\
+        defined(MBEDTLS_PLATFORM_EXIT_ALT) )
+#error "MBEDTLS_PLATFORM_EXIT_MACRO and MBEDTLS_PLATFORM_STD_EXIT/MBEDTLS_PLATFORM_EXIT_ALT cannot be defined simultaneously"
+#endif
+
+#if defined(MBEDTLS_PLATFORM_FPRINTF_ALT) && !defined(MBEDTLS_PLATFORM_C)
+#error "MBEDTLS_PLATFORM_FPRINTF_ALT defined, but not all prerequisites"
+#endif
+
+#if defined(MBEDTLS_PLATFORM_FPRINTF_MACRO) && !defined(MBEDTLS_PLATFORM_C)
+#error "MBEDTLS_PLATFORM_FPRINTF_MACRO defined, but not all prerequisites"
+#endif
+
+#if defined(MBEDTLS_PLATFORM_FPRINTF_MACRO) &&\
+    ( defined(MBEDTLS_PLATFORM_STD_FPRINTF) ||\
+        defined(MBEDTLS_PLATFORM_FPRINTF_ALT) )
+#error "MBEDTLS_PLATFORM_FPRINTF_MACRO and MBEDTLS_PLATFORM_STD_FPRINTF/MBEDTLS_PLATFORM_FPRINTF_ALT cannot be defined simultaneously"
+#endif
+
+#if defined(MBEDTLS_PLATFORM_FREE_MACRO) &&\
+    ( !defined(MBEDTLS_PLATFORM_C) || !defined(MBEDTLS_PLATFORM_MEMORY) )
+#error "MBEDTLS_PLATFORM_FREE_MACRO defined, but not all prerequisites"
+#endif
+
+#if defined(MBEDTLS_PLATFORM_FREE_MACRO) &&\
+    defined(MBEDTLS_PLATFORM_STD_FREE)
+#error "MBEDTLS_PLATFORM_FREE_MACRO and MBEDTLS_PLATFORM_STD_FREE cannot be defined simultaneously"
+#endif
+
+#if defined(MBEDTLS_PLATFORM_FREE_MACRO) && !defined(MBEDTLS_PLATFORM_CALLOC_MACRO)
+#error "MBEDTLS_PLATFORM_CALLOC_MACRO must be defined if MBEDTLS_PLATFORM_FREE_MACRO is"
+#endif
+
+#if defined(MBEDTLS_PLATFORM_CALLOC_MACRO) &&\
+    ( !defined(MBEDTLS_PLATFORM_C) || !defined(MBEDTLS_PLATFORM_MEMORY) )
+#error "MBEDTLS_PLATFORM_CALLOC_MACRO defined, but not all prerequisites"
+#endif
+
+#if defined(MBEDTLS_PLATFORM_CALLOC_MACRO) &&\
+    defined(MBEDTLS_PLATFORM_STD_CALLOC)
+#error "MBEDTLS_PLATFORM_CALLOC_MACRO and MBEDTLS_PLATFORM_STD_CALLOC cannot be defined simultaneously"
+#endif
+
+#if defined(MBEDTLS_PLATFORM_CALLOC_MACRO) && !defined(MBEDTLS_PLATFORM_FREE_MACRO)
+#error "MBEDTLS_PLATFORM_FREE_MACRO must be defined if MBEDTLS_PLATFORM_CALLOC_MACRO is"
+#endif
+
+#if defined(MBEDTLS_PLATFORM_MEMORY) && !defined(MBEDTLS_PLATFORM_C)
+#error "MBEDTLS_PLATFORM_MEMORY defined, but not all prerequisites"
+#endif
+
+#if defined(MBEDTLS_PLATFORM_PRINTF_ALT) && !defined(MBEDTLS_PLATFORM_C)
+#error "MBEDTLS_PLATFORM_PRINTF_ALT defined, but not all prerequisites"
+#endif
+
+#if defined(MBEDTLS_PLATFORM_PRINTF_MACRO) && !defined(MBEDTLS_PLATFORM_C)
+#error "MBEDTLS_PLATFORM_PRINTF_MACRO defined, but not all prerequisites"
+#endif
+
+#if defined(MBEDTLS_PLATFORM_PRINTF_MACRO) &&\
+    ( defined(MBEDTLS_PLATFORM_STD_PRINTF) ||\
+        defined(MBEDTLS_PLATFORM_PRINTF_ALT) )
+#error "MBEDTLS_PLATFORM_PRINTF_MACRO and MBEDTLS_PLATFORM_STD_PRINTF/MBEDTLS_PLATFORM_PRINTF_ALT cannot be defined simultaneously"
+#endif
+
+#if defined(MBEDTLS_PLATFORM_SNPRINTF_ALT) && !defined(MBEDTLS_PLATFORM_C)
+#error "MBEDTLS_PLATFORM_SNPRINTF_ALT defined, but not all prerequisites"
+#endif
+
+#if defined(MBEDTLS_PLATFORM_SNPRINTF_MACRO) && !defined(MBEDTLS_PLATFORM_C)
+#error "MBEDTLS_PLATFORM_SNPRINTF_MACRO defined, but not all prerequisites"
+#endif
+
+#if defined(MBEDTLS_PLATFORM_SNPRINTF_MACRO) &&\
+    ( defined(MBEDTLS_PLATFORM_STD_SNPRINTF) ||\
+        defined(MBEDTLS_PLATFORM_SNPRINTF_ALT) )
+#error "MBEDTLS_PLATFORM_SNPRINTF_MACRO and MBEDTLS_PLATFORM_STD_SNPRINTF/MBEDTLS_PLATFORM_SNPRINTF_ALT cannot be defined simultaneously"
+#endif
+
+#if defined(MBEDTLS_PLATFORM_STD_MEM_HDR) &&\
+    !defined(MBEDTLS_PLATFORM_NO_STD_FUNCTIONS)
+#error "MBEDTLS_PLATFORM_STD_MEM_HDR defined, but not all prerequisites"
+#endif
+
+#if defined(MBEDTLS_PLATFORM_STD_CALLOC) && !defined(MBEDTLS_PLATFORM_MEMORY)
+#error "MBEDTLS_PLATFORM_STD_CALLOC defined, but not all prerequisites"
+#endif
+
+#if defined(MBEDTLS_PLATFORM_STD_CALLOC) && !defined(MBEDTLS_PLATFORM_MEMORY)
+#error "MBEDTLS_PLATFORM_STD_CALLOC defined, but not all prerequisites"
+#endif
+
+#if defined(MBEDTLS_PLATFORM_STD_FREE) && !defined(MBEDTLS_PLATFORM_MEMORY)
+#error "MBEDTLS_PLATFORM_STD_FREE defined, but not all prerequisites"
+#endif
+
+#if defined(MBEDTLS_PLATFORM_STD_EXIT) &&\
+    !defined(MBEDTLS_PLATFORM_EXIT_ALT)
+#error "MBEDTLS_PLATFORM_STD_EXIT defined, but not all prerequisites"
+#endif
+
+#if defined(MBEDTLS_PLATFORM_STD_FPRINTF) &&\
+    !defined(MBEDTLS_PLATFORM_FPRINTF_ALT)
+#error "MBEDTLS_PLATFORM_STD_FPRINTF defined, but not all prerequisites"
+#endif
+
+#if defined(MBEDTLS_PLATFORM_STD_PRINTF) &&\
+    !defined(MBEDTLS_PLATFORM_PRINTF_ALT)
+#error "MBEDTLS_PLATFORM_STD_PRINTF defined, but not all prerequisites"
+#endif
+
+#if defined(MBEDTLS_PLATFORM_STD_SNPRINTF) &&\
+    !defined(MBEDTLS_PLATFORM_SNPRINTF_ALT)
+#error "MBEDTLS_PLATFORM_STD_SNPRINTF defined, but not all prerequisites"
+#endif
+
+#if defined(MBEDTLS_RSA_C) && ( !defined(MBEDTLS_BIGNUM_C) ||         \
+    !defined(MBEDTLS_OID_C) )
+#error "MBEDTLS_RSA_C defined, but not all prerequisites"
+#endif
+
+#if defined(MBEDTLS_X509_RSASSA_PSS_SUPPORT) &&                        \
+    ( !defined(MBEDTLS_RSA_C) || !defined(MBEDTLS_PKCS1_V21) )
+#error "MBEDTLS_X509_RSASSA_PSS_SUPPORT defined, but not all prerequisites"
+#endif
+
+#if defined(MBEDTLS_SSL_PROTO_SSL3) && ( !defined(MBEDTLS_MD5_C) ||     \
+    !defined(MBEDTLS_SHA1_C) )
+#error "MBEDTLS_SSL_PROTO_SSL3 defined, but not all prerequisites"
+#endif
+
+#if defined(MBEDTLS_SSL_PROTO_TLS1) && ( !defined(MBEDTLS_MD5_C) ||     \
+    !defined(MBEDTLS_SHA1_C) )
+#error "MBEDTLS_SSL_PROTO_TLS1 defined, but not all prerequisites"
+#endif
+
+#if defined(MBEDTLS_SSL_PROTO_TLS1_1) && ( !defined(MBEDTLS_MD5_C) ||     \
+    !defined(MBEDTLS_SHA1_C) )
+#error "MBEDTLS_SSL_PROTO_TLS1_1 defined, but not all prerequisites"
+#endif
+
+#if defined(MBEDTLS_SSL_PROTO_TLS1_2) && ( !defined(MBEDTLS_SHA1_C) &&     \
+    !defined(MBEDTLS_SHA256_C) && !defined(MBEDTLS_SHA512_C) )
+#error "MBEDTLS_SSL_PROTO_TLS1_2 defined, but not all prerequisites"
+#endif
+
+#if defined(MBEDTLS_SSL_PROTO_DTLS)     && \
+    !defined(MBEDTLS_SSL_PROTO_TLS1_1)  && \
+    !defined(MBEDTLS_SSL_PROTO_TLS1_2)
+#error "MBEDTLS_SSL_PROTO_DTLS defined, but not all prerequisites"
+#endif
+
+#if defined(MBEDTLS_SSL_CLI_C) && !defined(MBEDTLS_SSL_TLS_C)
+#error "MBEDTLS_SSL_CLI_C defined, but not all prerequisites"
+#endif
+
+#if defined(MBEDTLS_SSL_TLS_C) && ( !defined(MBEDTLS_CIPHER_C) ||     \
+    !defined(MBEDTLS_MD_C) )
+#error "MBEDTLS_SSL_TLS_C defined, but not all prerequisites"
+#endif
+
+#if defined(MBEDTLS_SSL_SRV_C) && !defined(MBEDTLS_SSL_TLS_C)
+#error "MBEDTLS_SSL_SRV_C defined, but not all prerequisites"
+#endif
+
+#if defined(MBEDTLS_SSL_TLS_C) && (!defined(MBEDTLS_SSL_PROTO_SSL3) && \
+    !defined(MBEDTLS_SSL_PROTO_TLS1) && !defined(MBEDTLS_SSL_PROTO_TLS1_1) && \
+    !defined(MBEDTLS_SSL_PROTO_TLS1_2))
+#error "MBEDTLS_SSL_TLS_C defined, but no protocols are active"
+#endif
+
+#if defined(MBEDTLS_SSL_TLS_C) && (defined(MBEDTLS_SSL_PROTO_SSL3) && \
+    defined(MBEDTLS_SSL_PROTO_TLS1_1) && !defined(MBEDTLS_SSL_PROTO_TLS1))
+#error "Illegal protocol selection"
+#endif
+
+#if defined(MBEDTLS_SSL_TLS_C) && (defined(MBEDTLS_SSL_PROTO_TLS1) && \
+    defined(MBEDTLS_SSL_PROTO_TLS1_2) && !defined(MBEDTLS_SSL_PROTO_TLS1_1))
+#error "Illegal protocol selection"
+#endif
+
+#if defined(MBEDTLS_SSL_TLS_C) && (defined(MBEDTLS_SSL_PROTO_SSL3) && \
+    defined(MBEDTLS_SSL_PROTO_TLS1_2) && (!defined(MBEDTLS_SSL_PROTO_TLS1) || \
+    !defined(MBEDTLS_SSL_PROTO_TLS1_1)))
+#error "Illegal protocol selection"
+#endif
+
+#if defined(MBEDTLS_SSL_DTLS_HELLO_VERIFY) && !defined(MBEDTLS_SSL_PROTO_DTLS)
+#error "MBEDTLS_SSL_DTLS_HELLO_VERIFY  defined, but not all prerequisites"
+#endif
+
+#if defined(MBEDTLS_SSL_DTLS_CLIENT_PORT_REUSE) && \
+    !defined(MBEDTLS_SSL_DTLS_HELLO_VERIFY)
+#error "MBEDTLS_SSL_DTLS_CLIENT_PORT_REUSE  defined, but not all prerequisites"
+#endif
+
+#if defined(MBEDTLS_SSL_DTLS_ANTI_REPLAY) &&                              \
+    ( !defined(MBEDTLS_SSL_TLS_C) || !defined(MBEDTLS_SSL_PROTO_DTLS) )
+#error "MBEDTLS_SSL_DTLS_ANTI_REPLAY  defined, but not all prerequisites"
+#endif
+
+#if defined(MBEDTLS_SSL_DTLS_BADMAC_LIMIT) &&                              \
+    ( !defined(MBEDTLS_SSL_TLS_C) || !defined(MBEDTLS_SSL_PROTO_DTLS) )
+#error "MBEDTLS_SSL_DTLS_BADMAC_LIMIT  defined, but not all prerequisites"
+#endif
+
+#if defined(MBEDTLS_SSL_ENCRYPT_THEN_MAC) &&   \
+    !defined(MBEDTLS_SSL_PROTO_TLS1)   &&      \
+    !defined(MBEDTLS_SSL_PROTO_TLS1_1) &&      \
+    !defined(MBEDTLS_SSL_PROTO_TLS1_2)
+#error "MBEDTLS_SSL_ENCRYPT_THEN_MAC defined, but not all prerequsites"
+#endif
+
+#if defined(MBEDTLS_SSL_EXTENDED_MASTER_SECRET) && \
+    !defined(MBEDTLS_SSL_PROTO_TLS1)   &&          \
+    !defined(MBEDTLS_SSL_PROTO_TLS1_1) &&          \
+    !defined(MBEDTLS_SSL_PROTO_TLS1_2)
+#error "MBEDTLS_SSL_EXTENDED_MASTER_SECRET defined, but not all prerequsites"
+#endif
+
+#if defined(MBEDTLS_SSL_TICKET_C) && !defined(MBEDTLS_CIPHER_C)
+#error "MBEDTLS_SSL_TICKET_C defined, but not all prerequisites"
+#endif
+
+#if defined(MBEDTLS_SSL_CBC_RECORD_SPLITTING) && \
+    !defined(MBEDTLS_SSL_PROTO_SSL3) && !defined(MBEDTLS_SSL_PROTO_TLS1)
+#error "MBEDTLS_SSL_CBC_RECORD_SPLITTING defined, but not all prerequisites"
+#endif
+
+#if defined(MBEDTLS_SSL_SERVER_NAME_INDICATION) && \
+        !defined(MBEDTLS_X509_CRT_PARSE_C)
+#error "MBEDTLS_SSL_SERVER_NAME_INDICATION defined, but not all prerequisites"
+#endif
+
+#if defined(MBEDTLS_THREADING_PTHREAD)
+#if !defined(MBEDTLS_THREADING_C) || defined(MBEDTLS_THREADING_IMPL)
+#error "MBEDTLS_THREADING_PTHREAD defined, but not all prerequisites"
+#endif
+#define MBEDTLS_THREADING_IMPL
+#endif
+
+#if defined(MBEDTLS_THREADING_ALT)
+#if !defined(MBEDTLS_THREADING_C) || defined(MBEDTLS_THREADING_IMPL)
+#error "MBEDTLS_THREADING_ALT defined, but not all prerequisites"
+#endif
+#define MBEDTLS_THREADING_IMPL
+#endif
+
+#if defined(MBEDTLS_THREADING_C) && !defined(MBEDTLS_THREADING_IMPL)
+#error "MBEDTLS_THREADING_C defined, single threading implementation required"
+#endif
+#undef MBEDTLS_THREADING_IMPL
+
+#if defined(MBEDTLS_VERSION_FEATURES) && !defined(MBEDTLS_VERSION_C)
+#error "MBEDTLS_VERSION_FEATURES defined, but not all prerequisites"
+#endif
+
+#if defined(MBEDTLS_X509_USE_C) && ( !defined(MBEDTLS_BIGNUM_C) ||  \
+    !defined(MBEDTLS_OID_C) || !defined(MBEDTLS_ASN1_PARSE_C) ||      \
+    !defined(MBEDTLS_PK_PARSE_C) )
+#error "MBEDTLS_X509_USE_C defined, but not all prerequisites"
+#endif
+
+#if defined(MBEDTLS_X509_CREATE_C) && ( !defined(MBEDTLS_BIGNUM_C) ||  \
+    !defined(MBEDTLS_OID_C) || !defined(MBEDTLS_ASN1_WRITE_C) ||       \
+    !defined(MBEDTLS_PK_WRITE_C) )
+#error "MBEDTLS_X509_CREATE_C defined, but not all prerequisites"
+#endif
+
+#if defined(MBEDTLS_X509_CRT_PARSE_C) && ( !defined(MBEDTLS_X509_USE_C) )
+#error "MBEDTLS_X509_CRT_PARSE_C defined, but not all prerequisites"
+#endif
+
+#if defined(MBEDTLS_X509_CRL_PARSE_C) && ( !defined(MBEDTLS_X509_USE_C) )
+#error "MBEDTLS_X509_CRL_PARSE_C defined, but not all prerequisites"
+#endif
+
+#if defined(MBEDTLS_X509_CSR_PARSE_C) && ( !defined(MBEDTLS_X509_USE_C) )
+#error "MBEDTLS_X509_CSR_PARSE_C defined, but not all prerequisites"
+#endif
+
+#if defined(MBEDTLS_X509_CRT_WRITE_C) && ( !defined(MBEDTLS_X509_CREATE_C) )
+#error "MBEDTLS_X509_CRT_WRITE_C defined, but not all prerequisites"
+#endif
+
+#if defined(MBEDTLS_X509_CSR_WRITE_C) && ( !defined(MBEDTLS_X509_CREATE_C) )
+#error "MBEDTLS_X509_CSR_WRITE_C defined, but not all prerequisites"
+#endif
+
+/*
+ * Avoid warning from -pedantic. This is a convenient place for this
+ * workaround since this is included by every single file before the
+ * #if defined(MBEDTLS_xxx_C) that results in emtpy translation units.
+ */
+typedef int mbedtls_iso_c_forbids_empty_translation_units;
+
+#endif /* MBEDTLS_CHECK_CONFIG_H */
diff --git a/client/3rd/ShadowSocks/ShadowSocks/mbedtls/include/mbedtls/cipher.h b/client/3rd/ShadowSocks/ShadowSocks/mbedtls/include/mbedtls/cipher.h
new file mode 100644
index 00000000..70000f5e
--- /dev/null
+++ b/client/3rd/ShadowSocks/ShadowSocks/mbedtls/include/mbedtls/cipher.h
@@ -0,0 +1,698 @@
+/**
+ * \file cipher.h
+ *
+ * \brief Generic cipher wrapper.
+ *
+ * \author Adriaan de Jong <dejong@fox-it.com>
+ *
+ *  Copyright (C) 2006-2015, ARM Limited, All Rights Reserved
+ *  SPDX-License-Identifier: Apache-2.0
+ *
+ *  Licensed under the Apache License, Version 2.0 (the "License"); you may
+ *  not use this file except in compliance with the License.
+ *  You may obtain a copy of the License at
+ *
+ *  http://www.apache.org/licenses/LICENSE-2.0
+ *
+ *  Unless required by applicable law or agreed to in writing, software
+ *  distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
+ *  WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ *  See the License for the specific language governing permissions and
+ *  limitations under the License.
+ *
+ *  This file is part of mbed TLS (https://tls.mbed.org)
+ */
+
+#ifndef MBEDTLS_CIPHER_H
+#define MBEDTLS_CIPHER_H
+
+#if !defined(MBEDTLS_CONFIG_FILE)
+#include "config.h"
+#else
+#include MBEDTLS_CONFIG_FILE
+#endif
+
+#include <stddef.h>
+
+#if defined(MBEDTLS_GCM_C) || defined(MBEDTLS_CCM_C)
+#define MBEDTLS_CIPHER_MODE_AEAD
+#endif
+
+#if defined(MBEDTLS_CIPHER_MODE_CBC)
+#define MBEDTLS_CIPHER_MODE_WITH_PADDING
+#endif
+
+#if defined(MBEDTLS_ARC4_C)
+#define MBEDTLS_CIPHER_MODE_STREAM
+#endif
+
+#if ( defined(__ARMCC_VERSION) || defined(_MSC_VER) ) && \
+    !defined(inline) && !defined(__cplusplus)
+#define inline __inline
+#endif
+
+#define MBEDTLS_ERR_CIPHER_FEATURE_UNAVAILABLE            -0x6080  /**< The selected feature is not available. */
+#define MBEDTLS_ERR_CIPHER_BAD_INPUT_DATA                 -0x6100  /**< Bad input parameters to function. */
+#define MBEDTLS_ERR_CIPHER_ALLOC_FAILED                   -0x6180  /**< Failed to allocate memory. */
+#define MBEDTLS_ERR_CIPHER_INVALID_PADDING                -0x6200  /**< Input data contains invalid padding and is rejected. */
+#define MBEDTLS_ERR_CIPHER_FULL_BLOCK_EXPECTED            -0x6280  /**< Decryption of block requires a full block. */
+#define MBEDTLS_ERR_CIPHER_AUTH_FAILED                    -0x6300  /**< Authentication failed (for AEAD modes). */
+
+#define MBEDTLS_CIPHER_VARIABLE_IV_LEN     0x01    /**< Cipher accepts IVs of variable length */
+#define MBEDTLS_CIPHER_VARIABLE_KEY_LEN    0x02    /**< Cipher accepts keys of variable length */
+
+#ifdef __cplusplus
+extern "C" {
+#endif
+
+typedef enum {
+    MBEDTLS_CIPHER_ID_NONE = 0,
+    MBEDTLS_CIPHER_ID_NULL,
+    MBEDTLS_CIPHER_ID_AES,
+    MBEDTLS_CIPHER_ID_DES,
+    MBEDTLS_CIPHER_ID_3DES,
+    MBEDTLS_CIPHER_ID_CAMELLIA,
+    MBEDTLS_CIPHER_ID_BLOWFISH,
+    MBEDTLS_CIPHER_ID_ARC4,
+} mbedtls_cipher_id_t;
+
+typedef enum {
+    MBEDTLS_CIPHER_NONE = 0,
+    MBEDTLS_CIPHER_NULL,
+    MBEDTLS_CIPHER_AES_128_ECB,
+    MBEDTLS_CIPHER_AES_192_ECB,
+    MBEDTLS_CIPHER_AES_256_ECB,
+    MBEDTLS_CIPHER_AES_128_CBC,
+    MBEDTLS_CIPHER_AES_192_CBC,
+    MBEDTLS_CIPHER_AES_256_CBC,
+    MBEDTLS_CIPHER_AES_128_CFB128,
+    MBEDTLS_CIPHER_AES_192_CFB128,
+    MBEDTLS_CIPHER_AES_256_CFB128,
+    MBEDTLS_CIPHER_AES_128_CTR,
+    MBEDTLS_CIPHER_AES_192_CTR,
+    MBEDTLS_CIPHER_AES_256_CTR,
+    MBEDTLS_CIPHER_AES_128_GCM,
+    MBEDTLS_CIPHER_AES_192_GCM,
+    MBEDTLS_CIPHER_AES_256_GCM,
+    MBEDTLS_CIPHER_CAMELLIA_128_ECB,
+    MBEDTLS_CIPHER_CAMELLIA_192_ECB,
+    MBEDTLS_CIPHER_CAMELLIA_256_ECB,
+    MBEDTLS_CIPHER_CAMELLIA_128_CBC,
+    MBEDTLS_CIPHER_CAMELLIA_192_CBC,
+    MBEDTLS_CIPHER_CAMELLIA_256_CBC,
+    MBEDTLS_CIPHER_CAMELLIA_128_CFB128,
+    MBEDTLS_CIPHER_CAMELLIA_192_CFB128,
+    MBEDTLS_CIPHER_CAMELLIA_256_CFB128,
+    MBEDTLS_CIPHER_CAMELLIA_128_CTR,
+    MBEDTLS_CIPHER_CAMELLIA_192_CTR,
+    MBEDTLS_CIPHER_CAMELLIA_256_CTR,
+    MBEDTLS_CIPHER_CAMELLIA_128_GCM,
+    MBEDTLS_CIPHER_CAMELLIA_192_GCM,
+    MBEDTLS_CIPHER_CAMELLIA_256_GCM,
+    MBEDTLS_CIPHER_DES_ECB,
+    MBEDTLS_CIPHER_DES_CBC,
+    MBEDTLS_CIPHER_DES_EDE_ECB,
+    MBEDTLS_CIPHER_DES_EDE_CBC,
+    MBEDTLS_CIPHER_DES_EDE3_ECB,
+    MBEDTLS_CIPHER_DES_EDE3_CBC,
+    MBEDTLS_CIPHER_BLOWFISH_ECB,
+    MBEDTLS_CIPHER_BLOWFISH_CBC,
+    MBEDTLS_CIPHER_BLOWFISH_CFB64,
+    MBEDTLS_CIPHER_BLOWFISH_CTR,
+    MBEDTLS_CIPHER_ARC4_128,
+    MBEDTLS_CIPHER_AES_128_CCM,
+    MBEDTLS_CIPHER_AES_192_CCM,
+    MBEDTLS_CIPHER_AES_256_CCM,
+    MBEDTLS_CIPHER_CAMELLIA_128_CCM,
+    MBEDTLS_CIPHER_CAMELLIA_192_CCM,
+    MBEDTLS_CIPHER_CAMELLIA_256_CCM,
+} mbedtls_cipher_type_t;
+
+typedef enum {
+    MBEDTLS_MODE_NONE = 0,
+    MBEDTLS_MODE_ECB,
+    MBEDTLS_MODE_CBC,
+    MBEDTLS_MODE_CFB,
+    MBEDTLS_MODE_OFB, /* Unused! */
+    MBEDTLS_MODE_CTR,
+    MBEDTLS_MODE_GCM,
+    MBEDTLS_MODE_STREAM,
+    MBEDTLS_MODE_CCM,
+} mbedtls_cipher_mode_t;
+
+typedef enum {
+    MBEDTLS_PADDING_PKCS7 = 0,     /**< PKCS7 padding (default)        */
+    MBEDTLS_PADDING_ONE_AND_ZEROS, /**< ISO/IEC 7816-4 padding         */
+    MBEDTLS_PADDING_ZEROS_AND_LEN, /**< ANSI X.923 padding             */
+    MBEDTLS_PADDING_ZEROS,         /**< zero padding (not reversible!) */
+    MBEDTLS_PADDING_NONE,          /**< never pad (full blocks only)   */
+} mbedtls_cipher_padding_t;
+
+typedef enum {
+    MBEDTLS_OPERATION_NONE = -1,
+    MBEDTLS_DECRYPT = 0,
+    MBEDTLS_ENCRYPT,
+} mbedtls_operation_t;
+
+enum {
+    /** Undefined key length */
+    MBEDTLS_KEY_LENGTH_NONE = 0,
+    /** Key length, in bits (including parity), for DES keys */
+    MBEDTLS_KEY_LENGTH_DES  = 64,
+    /** Key length, in bits (including parity), for DES in two key EDE */
+    MBEDTLS_KEY_LENGTH_DES_EDE = 128,
+    /** Key length, in bits (including parity), for DES in three-key EDE */
+    MBEDTLS_KEY_LENGTH_DES_EDE3 = 192,
+};
+
+/** Maximum length of any IV, in bytes */
+#define MBEDTLS_MAX_IV_LENGTH      16
+/** Maximum block size of any cipher, in bytes */
+#define MBEDTLS_MAX_BLOCK_LENGTH   16
+
+/**
+ * Base cipher information (opaque struct).
+ */
+typedef struct mbedtls_cipher_base_t mbedtls_cipher_base_t;
+
+/**
+ * Cipher information. Allows cipher functions to be called in a generic way.
+ */
+typedef struct {
+    /** Full cipher identifier (e.g. MBEDTLS_CIPHER_AES_256_CBC) */
+    mbedtls_cipher_type_t type;
+
+    /** Cipher mode (e.g. MBEDTLS_MODE_CBC) */
+    mbedtls_cipher_mode_t mode;
+
+    /** Cipher key length, in bits (default length for variable sized ciphers)
+     *  (Includes parity bits for ciphers like DES) */
+    unsigned int key_bitlen;
+
+    /** Name of the cipher */
+    const char * name;
+
+    /** IV/NONCE size, in bytes.
+     *  For cipher that accept many sizes: recommended size */
+    unsigned int iv_size;
+
+    /** Flags for variable IV size, variable key size, etc. */
+    int flags;
+
+    /** block size, in bytes */
+    unsigned int block_size;
+
+    /** Base cipher information and functions */
+    const mbedtls_cipher_base_t *base;
+
+} mbedtls_cipher_info_t;
+
+/**
+ * Generic cipher context.
+ */
+typedef struct {
+    /** Information about the associated cipher */
+    const mbedtls_cipher_info_t *cipher_info;
+
+    /** Key length to use */
+    int key_bitlen;
+
+    /** Operation that the context's key has been initialised for */
+    mbedtls_operation_t operation;
+
+#if defined(MBEDTLS_CIPHER_MODE_WITH_PADDING)
+    /** Padding functions to use, if relevant for cipher mode */
+    void (*add_padding)( unsigned char *output, size_t olen, size_t data_len );
+    int (*get_padding)( unsigned char *input, size_t ilen, size_t *data_len );
+#endif
+
+    /** Buffer for data that hasn't been encrypted yet */
+    unsigned char unprocessed_data[MBEDTLS_MAX_BLOCK_LENGTH];
+
+    /** Number of bytes that still need processing */
+    size_t unprocessed_len;
+
+    /** Current IV or NONCE_COUNTER for CTR-mode */
+    unsigned char iv[MBEDTLS_MAX_IV_LENGTH];
+
+    /** IV size in bytes (for ciphers with variable-length IVs) */
+    size_t iv_size;
+
+    /** Cipher-specific context */
+    void *cipher_ctx;
+} mbedtls_cipher_context_t;
+
+/**
+ * \brief Returns the list of ciphers supported by the generic cipher module.
+ *
+ * \return              a statically allocated array of ciphers, the last entry
+ *                      is 0.
+ */
+const int *mbedtls_cipher_list( void );
+
+/**
+ * \brief               Returns the cipher information structure associated
+ *                      with the given cipher name.
+ *
+ * \param cipher_name   Name of the cipher to search for.
+ *
+ * \return              the cipher information structure associated with the
+ *                      given cipher_name, or NULL if not found.
+ */
+const mbedtls_cipher_info_t *mbedtls_cipher_info_from_string( const char *cipher_name );
+
+/**
+ * \brief               Returns the cipher information structure associated
+ *                      with the given cipher type.
+ *
+ * \param cipher_type   Type of the cipher to search for.
+ *
+ * \return              the cipher information structure associated with the
+ *                      given cipher_type, or NULL if not found.
+ */
+const mbedtls_cipher_info_t *mbedtls_cipher_info_from_type( const mbedtls_cipher_type_t cipher_type );
+
+/**
+ * \brief               Returns the cipher information structure associated
+ *                      with the given cipher id, key size and mode.
+ *
+ * \param cipher_id     Id of the cipher to search for
+ *                      (e.g. MBEDTLS_CIPHER_ID_AES)
+ * \param key_bitlen    Length of the key in bits
+ * \param mode          Cipher mode (e.g. MBEDTLS_MODE_CBC)
+ *
+ * \return              the cipher information structure associated with the
+ *                      given cipher_type, or NULL if not found.
+ */
+const mbedtls_cipher_info_t *mbedtls_cipher_info_from_values( const mbedtls_cipher_id_t cipher_id,
+                                              int key_bitlen,
+                                              const mbedtls_cipher_mode_t mode );
+
+/**
+ * \brief               Initialize a cipher_context (as NONE)
+ */
+void mbedtls_cipher_init( mbedtls_cipher_context_t *ctx );
+
+/**
+ * \brief               Free and clear the cipher-specific context of ctx.
+ *                      Freeing ctx itself remains the responsibility of the
+ *                      caller.
+ */
+void mbedtls_cipher_free( mbedtls_cipher_context_t *ctx );
+
+/**
+ * \brief               Initialises and fills the cipher context structure with
+ *                      the appropriate values.
+ *
+ * \note                Currently also clears structure. In future versions you
+ *                      will be required to call mbedtls_cipher_init() on the structure
+ *                      first.
+ *
+ * \param ctx           context to initialise. May not be NULL.
+ * \param cipher_info   cipher to use.
+ *
+ * \return              0 on success,
+ *                      MBEDTLS_ERR_CIPHER_BAD_INPUT_DATA on parameter failure,
+ *                      MBEDTLS_ERR_CIPHER_ALLOC_FAILED if allocation of the
+ *                      cipher-specific context failed.
+ */
+int mbedtls_cipher_setup( mbedtls_cipher_context_t *ctx, const mbedtls_cipher_info_t *cipher_info );
+
+/**
+ * \brief               Returns the block size of the given cipher.
+ *
+ * \param ctx           cipher's context. Must have been initialised.
+ *
+ * \return              size of the cipher's blocks, or 0 if ctx has not been
+ *                      initialised.
+ */
+static inline unsigned int mbedtls_cipher_get_block_size( const mbedtls_cipher_context_t *ctx )
+{
+    if( NULL == ctx || NULL == ctx->cipher_info )
+        return 0;
+
+    return ctx->cipher_info->block_size;
+}
+
+/**
+ * \brief               Returns the mode of operation for the cipher.
+ *                      (e.g. MBEDTLS_MODE_CBC)
+ *
+ * \param ctx           cipher's context. Must have been initialised.
+ *
+ * \return              mode of operation, or MBEDTLS_MODE_NONE if ctx
+ *                      has not been initialised.
+ */
+static inline mbedtls_cipher_mode_t mbedtls_cipher_get_cipher_mode( const mbedtls_cipher_context_t *ctx )
+{
+    if( NULL == ctx || NULL == ctx->cipher_info )
+        return MBEDTLS_MODE_NONE;
+
+    return ctx->cipher_info->mode;
+}
+
+/**
+ * \brief               Returns the size of the cipher's IV/NONCE in bytes.
+ *
+ * \param ctx           cipher's context. Must have been initialised.
+ *
+ * \return              If IV has not been set yet: (recommended) IV size
+ *                      (0 for ciphers not using IV/NONCE).
+ *                      If IV has already been set: actual size.
+ */
+static inline int mbedtls_cipher_get_iv_size( const mbedtls_cipher_context_t *ctx )
+{
+    if( NULL == ctx || NULL == ctx->cipher_info )
+        return 0;
+
+    if( ctx->iv_size != 0 )
+        return (int) ctx->iv_size;
+
+    return (int) ctx->cipher_info->iv_size;
+}
+
+/**
+ * \brief               Returns the type of the given cipher.
+ *
+ * \param ctx           cipher's context. Must have been initialised.
+ *
+ * \return              type of the cipher, or MBEDTLS_CIPHER_NONE if ctx has
+ *                      not been initialised.
+ */
+static inline mbedtls_cipher_type_t mbedtls_cipher_get_type( const mbedtls_cipher_context_t *ctx )
+{
+    if( NULL == ctx || NULL == ctx->cipher_info )
+        return MBEDTLS_CIPHER_NONE;
+
+    return ctx->cipher_info->type;
+}
+
+/**
+ * \brief               Returns the name of the given cipher, as a string.
+ *
+ * \param ctx           cipher's context. Must have been initialised.
+ *
+ * \return              name of the cipher, or NULL if ctx was not initialised.
+ */
+static inline const char *mbedtls_cipher_get_name( const mbedtls_cipher_context_t *ctx )
+{
+    if( NULL == ctx || NULL == ctx->cipher_info )
+        return 0;
+
+    return ctx->cipher_info->name;
+}
+
+/**
+ * \brief               Returns the key length of the cipher.
+ *
+ * \param ctx           cipher's context. Must have been initialised.
+ *
+ * \return              cipher's key length, in bits, or
+ *                      MBEDTLS_KEY_LENGTH_NONE if ctx has not been
+ *                      initialised.
+ */
+static inline int mbedtls_cipher_get_key_bitlen( const mbedtls_cipher_context_t *ctx )
+{
+    if( NULL == ctx || NULL == ctx->cipher_info )
+        return MBEDTLS_KEY_LENGTH_NONE;
+
+    return (int) ctx->cipher_info->key_bitlen;
+}
+
+/**
+ * \brief               Returns the operation of the given cipher.
+ *
+ * \param ctx           cipher's context. Must have been initialised.
+ *
+ * \return              operation (MBEDTLS_ENCRYPT or MBEDTLS_DECRYPT),
+ *                      or MBEDTLS_OPERATION_NONE if ctx has not been
+ *                      initialised.
+ */
+static inline mbedtls_operation_t mbedtls_cipher_get_operation( const mbedtls_cipher_context_t *ctx )
+{
+    if( NULL == ctx || NULL == ctx->cipher_info )
+        return MBEDTLS_OPERATION_NONE;
+
+    return ctx->operation;
+}
+
+/**
+ * \brief               Set the key to use with the given context.
+ *
+ * \param ctx           generic cipher context. May not be NULL. Must have been
+ *                      initialised using cipher_context_from_type or
+ *                      cipher_context_from_string.
+ * \param key           The key to use.
+ * \param key_bitlen    key length to use, in bits.
+ * \param operation     Operation that the key will be used for, either
+ *                      MBEDTLS_ENCRYPT or MBEDTLS_DECRYPT.
+ *
+ * \returns             0 on success, MBEDTLS_ERR_CIPHER_BAD_INPUT_DATA if
+ *                      parameter verification fails or a cipher specific
+ *                      error code.
+ */
+int mbedtls_cipher_setkey( mbedtls_cipher_context_t *ctx, const unsigned char *key,
+                   int key_bitlen, const mbedtls_operation_t operation );
+
+#if defined(MBEDTLS_CIPHER_MODE_WITH_PADDING)
+/**
+ * \brief               Set padding mode, for cipher modes that use padding.
+ *                      (Default: PKCS7 padding.)
+ *
+ * \param ctx           generic cipher context
+ * \param mode          padding mode
+ *
+ * \returns             0 on success, MBEDTLS_ERR_CIPHER_FEATURE_UNAVAILABLE
+ *                      if selected padding mode is not supported, or
+ *                      MBEDTLS_ERR_CIPHER_BAD_INPUT_DATA if the cipher mode
+ *                      does not support padding.
+ */
+int mbedtls_cipher_set_padding_mode( mbedtls_cipher_context_t *ctx, mbedtls_cipher_padding_t mode );
+#endif /* MBEDTLS_CIPHER_MODE_WITH_PADDING */
+
+/**
+ * \brief               Set the initialization vector (IV) or nonce
+ *
+ * \param ctx           generic cipher context
+ * \param iv            IV to use (or NONCE_COUNTER for CTR-mode ciphers)
+ * \param iv_len        IV length for ciphers with variable-size IV;
+ *                      discarded by ciphers with fixed-size IV.
+ *
+ * \returns             0 on success, or MBEDTLS_ERR_CIPHER_BAD_INPUT_DATA
+ *
+ * \note                Some ciphers don't use IVs nor NONCE. For these
+ *                      ciphers, this function has no effect.
+ */
+int mbedtls_cipher_set_iv( mbedtls_cipher_context_t *ctx,
+                   const unsigned char *iv, size_t iv_len );
+
+/**
+ * \brief               Finish preparation of the given context
+ *
+ * \param ctx           generic cipher context
+ *
+ * \returns             0 on success, MBEDTLS_ERR_CIPHER_BAD_INPUT_DATA
+ *                      if parameter verification fails.
+ */
+int mbedtls_cipher_reset( mbedtls_cipher_context_t *ctx );
+
+#if defined(MBEDTLS_GCM_C)
+/**
+ * \brief               Add additional data (for AEAD ciphers).
+ *                      Currently only supported with GCM.
+ *                      Must be called exactly once, after mbedtls_cipher_reset().
+ *
+ * \param ctx           generic cipher context
+ * \param ad            Additional data to use.
+ * \param ad_len        Length of ad.
+ *
+ * \return              0 on success, or a specific error code.
+ */
+int mbedtls_cipher_update_ad( mbedtls_cipher_context_t *ctx,
+                      const unsigned char *ad, size_t ad_len );
+#endif /* MBEDTLS_GCM_C */
+
+/**
+ * \brief               Generic cipher update function. Encrypts/decrypts
+ *                      using the given cipher context. Writes as many block
+ *                      size'd blocks of data as possible to output. Any data
+ *                      that cannot be written immediately will either be added
+ *                      to the next block, or flushed when cipher_final is
+ *                      called.
+ *                      Exception: for MBEDTLS_MODE_ECB, expects single block
+ *                                 in size (e.g. 16 bytes for AES)
+ *
+ * \param ctx           generic cipher context
+ * \param input         buffer holding the input data
+ * \param ilen          length of the input data
+ * \param output        buffer for the output data. Should be able to hold at
+ *                      least ilen + block_size. Cannot be the same buffer as
+ *                      input!
+ * \param olen          length of the output data, will be filled with the
+ *                      actual number of bytes written.
+ *
+ * \returns             0 on success, MBEDTLS_ERR_CIPHER_BAD_INPUT_DATA if
+ *                      parameter verification fails,
+ *                      MBEDTLS_ERR_CIPHER_FEATURE_UNAVAILABLE on an
+ *                      unsupported mode for a cipher or a cipher specific
+ *                      error code.
+ *
+ * \note                If the underlying cipher is GCM, all calls to this
+ *                      function, except the last one before mbedtls_cipher_finish(),
+ *                      must have ilen a multiple of the block size.
+ */
+int mbedtls_cipher_update( mbedtls_cipher_context_t *ctx, const unsigned char *input,
+                   size_t ilen, unsigned char *output, size_t *olen );
+
+/**
+ * \brief               Generic cipher finalisation function. If data still
+ *                      needs to be flushed from an incomplete block, data
+ *                      contained within it will be padded with the size of
+ *                      the last block, and written to the output buffer.
+ *
+ * \param ctx           Generic cipher context
+ * \param output        buffer to write data to. Needs block_size available.
+ * \param olen          length of the data written to the output buffer.
+ *
+ * \returns             0 on success, MBEDTLS_ERR_CIPHER_BAD_INPUT_DATA if
+ *                      parameter verification fails,
+ *                      MBEDTLS_ERR_CIPHER_FULL_BLOCK_EXPECTED if decryption
+ *                      expected a full block but was not provided one,
+ *                      MBEDTLS_ERR_CIPHER_INVALID_PADDING on invalid padding
+ *                      while decrypting or a cipher specific error code.
+ */
+int mbedtls_cipher_finish( mbedtls_cipher_context_t *ctx,
+                   unsigned char *output, size_t *olen );
+
+#if defined(MBEDTLS_GCM_C)
+/**
+ * \brief               Write tag for AEAD ciphers.
+ *                      Currently only supported with GCM.
+ *                      Must be called after mbedtls_cipher_finish().
+ *
+ * \param ctx           Generic cipher context
+ * \param tag           buffer to write the tag
+ * \param tag_len       Length of the tag to write
+ *
+ * \return              0 on success, or a specific error code.
+ */
+int mbedtls_cipher_write_tag( mbedtls_cipher_context_t *ctx,
+                      unsigned char *tag, size_t tag_len );
+
+/**
+ * \brief               Check tag for AEAD ciphers.
+ *                      Currently only supported with GCM.
+ *                      Must be called after mbedtls_cipher_finish().
+ *
+ * \param ctx           Generic cipher context
+ * \param tag           Buffer holding the tag
+ * \param tag_len       Length of the tag to check
+ *
+ * \return              0 on success, or a specific error code.
+ */
+int mbedtls_cipher_check_tag( mbedtls_cipher_context_t *ctx,
+                      const unsigned char *tag, size_t tag_len );
+#endif /* MBEDTLS_GCM_C */
+
+/**
+ * \brief               Generic all-in-one encryption/decryption
+ *                      (for all ciphers except AEAD constructs).
+ *
+ * \param ctx           generic cipher context
+ * \param iv            IV to use (or NONCE_COUNTER for CTR-mode ciphers)
+ * \param iv_len        IV length for ciphers with variable-size IV;
+ *                      discarded by ciphers with fixed-size IV.
+ * \param input         buffer holding the input data
+ * \param ilen          length of the input data
+ * \param output        buffer for the output data. Should be able to hold at
+ *                      least ilen + block_size. Cannot be the same buffer as
+ *                      input!
+ * \param olen          length of the output data, will be filled with the
+ *                      actual number of bytes written.
+ *
+ * \note                Some ciphers don't use IVs nor NONCE. For these
+ *                      ciphers, use iv = NULL and iv_len = 0.
+ *
+ * \returns             0 on success, or
+ *                      MBEDTLS_ERR_CIPHER_BAD_INPUT_DATA, or
+ *                      MBEDTLS_ERR_CIPHER_FULL_BLOCK_EXPECTED if decryption
+ *                      expected a full block but was not provided one, or
+ *                      MBEDTLS_ERR_CIPHER_INVALID_PADDING on invalid padding
+ *                      while decrypting, or
+ *                      a cipher specific error code.
+ */
+int mbedtls_cipher_crypt( mbedtls_cipher_context_t *ctx,
+                  const unsigned char *iv, size_t iv_len,
+                  const unsigned char *input, size_t ilen,
+                  unsigned char *output, size_t *olen );
+
+#if defined(MBEDTLS_CIPHER_MODE_AEAD)
+/**
+ * \brief               Generic autenticated encryption (AEAD ciphers).
+ *
+ * \param ctx           generic cipher context
+ * \param iv            IV to use (or NONCE_COUNTER for CTR-mode ciphers)
+ * \param iv_len        IV length for ciphers with variable-size IV;
+ *                      discarded by ciphers with fixed-size IV.
+ * \param ad            Additional data to authenticate.
+ * \param ad_len        Length of ad.
+ * \param input         buffer holding the input data
+ * \param ilen          length of the input data
+ * \param output        buffer for the output data.
+ *                      Should be able to hold at least ilen.
+ * \param olen          length of the output data, will be filled with the
+ *                      actual number of bytes written.
+ * \param tag           buffer for the authentication tag
+ * \param tag_len       desired tag length
+ *
+ * \returns             0 on success, or
+ *                      MBEDTLS_ERR_CIPHER_BAD_INPUT_DATA, or
+ *                      a cipher specific error code.
+ */
+int mbedtls_cipher_auth_encrypt( mbedtls_cipher_context_t *ctx,
+                         const unsigned char *iv, size_t iv_len,
+                         const unsigned char *ad, size_t ad_len,
+                         const unsigned char *input, size_t ilen,
+                         unsigned char *output, size_t *olen,
+                         unsigned char *tag, size_t tag_len );
+
+/**
+ * \brief               Generic autenticated decryption (AEAD ciphers).
+ *
+ * \param ctx           generic cipher context
+ * \param iv            IV to use (or NONCE_COUNTER for CTR-mode ciphers)
+ * \param iv_len        IV length for ciphers with variable-size IV;
+ *                      discarded by ciphers with fixed-size IV.
+ * \param ad            Additional data to be authenticated.
+ * \param ad_len        Length of ad.
+ * \param input         buffer holding the input data
+ * \param ilen          length of the input data
+ * \param output        buffer for the output data.
+ *                      Should be able to hold at least ilen.
+ * \param olen          length of the output data, will be filled with the
+ *                      actual number of bytes written.
+ * \param tag           buffer holding the authentication tag
+ * \param tag_len       length of the authentication tag
+ *
+ * \returns             0 on success, or
+ *                      MBEDTLS_ERR_CIPHER_BAD_INPUT_DATA, or
+ *                      MBEDTLS_ERR_CIPHER_AUTH_FAILED if data isn't authentic,
+ *                      or a cipher specific error code.
+ *
+ * \note                If the data is not authentic, then the output buffer
+ *                      is zeroed out to prevent the unauthentic plaintext to
+ *                      be used by mistake, making this interface safer.
+ */
+int mbedtls_cipher_auth_decrypt( mbedtls_cipher_context_t *ctx,
+                         const unsigned char *iv, size_t iv_len,
+                         const unsigned char *ad, size_t ad_len,
+                         const unsigned char *input, size_t ilen,
+                         unsigned char *output, size_t *olen,
+                         const unsigned char *tag, size_t tag_len );
+#endif /* MBEDTLS_CIPHER_MODE_AEAD */
+
+#ifdef __cplusplus
+}
+#endif
+
+#endif /* MBEDTLS_CIPHER_H */
diff --git a/client/3rd/ShadowSocks/ShadowSocks/mbedtls/include/mbedtls/cipher_internal.h b/client/3rd/ShadowSocks/ShadowSocks/mbedtls/include/mbedtls/cipher_internal.h
new file mode 100644
index 00000000..6c58bcc5
--- /dev/null
+++ b/client/3rd/ShadowSocks/ShadowSocks/mbedtls/include/mbedtls/cipher_internal.h
@@ -0,0 +1,109 @@
+/**
+ * \file cipher_internal.h
+ *
+ * \brief Cipher wrappers.
+ *
+ * \author Adriaan de Jong <dejong@fox-it.com>
+ *
+ *  Copyright (C) 2006-2015, ARM Limited, All Rights Reserved
+ *  SPDX-License-Identifier: Apache-2.0
+ *
+ *  Licensed under the Apache License, Version 2.0 (the "License"); you may
+ *  not use this file except in compliance with the License.
+ *  You may obtain a copy of the License at
+ *
+ *  http://www.apache.org/licenses/LICENSE-2.0
+ *
+ *  Unless required by applicable law or agreed to in writing, software
+ *  distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
+ *  WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ *  See the License for the specific language governing permissions and
+ *  limitations under the License.
+ *
+ *  This file is part of mbed TLS (https://tls.mbed.org)
+ */
+#ifndef MBEDTLS_CIPHER_WRAP_H
+#define MBEDTLS_CIPHER_WRAP_H
+
+#if !defined(MBEDTLS_CONFIG_FILE)
+#include "config.h"
+#else
+#include MBEDTLS_CONFIG_FILE
+#endif
+
+#include "cipher.h"
+
+#ifdef __cplusplus
+extern "C" {
+#endif
+
+/**
+ * Base cipher information. The non-mode specific functions and values.
+ */
+struct mbedtls_cipher_base_t
+{
+    /** Base Cipher type (e.g. MBEDTLS_CIPHER_ID_AES) */
+    mbedtls_cipher_id_t cipher;
+
+    /** Encrypt using ECB */
+    int (*ecb_func)( void *ctx, mbedtls_operation_t mode,
+                     const unsigned char *input, unsigned char *output );
+
+#if defined(MBEDTLS_CIPHER_MODE_CBC)
+    /** Encrypt using CBC */
+    int (*cbc_func)( void *ctx, mbedtls_operation_t mode, size_t length,
+                     unsigned char *iv, const unsigned char *input,
+                     unsigned char *output );
+#endif
+
+#if defined(MBEDTLS_CIPHER_MODE_CFB)
+    /** Encrypt using CFB (Full length) */
+    int (*cfb_func)( void *ctx, mbedtls_operation_t mode, size_t length, size_t *iv_off,
+                     unsigned char *iv, const unsigned char *input,
+                     unsigned char *output );
+#endif
+
+#if defined(MBEDTLS_CIPHER_MODE_CTR)
+    /** Encrypt using CTR */
+    int (*ctr_func)( void *ctx, size_t length, size_t *nc_off,
+                     unsigned char *nonce_counter, unsigned char *stream_block,
+                     const unsigned char *input, unsigned char *output );
+#endif
+
+#if defined(MBEDTLS_CIPHER_MODE_STREAM)
+    /** Encrypt using STREAM */
+    int (*stream_func)( void *ctx, size_t length,
+                        const unsigned char *input, unsigned char *output );
+#endif
+
+    /** Set key for encryption purposes */
+    int (*setkey_enc_func)( void *ctx, const unsigned char *key,
+                            unsigned int key_bitlen );
+
+    /** Set key for decryption purposes */
+    int (*setkey_dec_func)( void *ctx, const unsigned char *key,
+                            unsigned int key_bitlen);
+
+    /** Allocate a new context */
+    void * (*ctx_alloc_func)( void );
+
+    /** Free the given context */
+    void (*ctx_free_func)( void *ctx );
+
+};
+
+typedef struct
+{
+    mbedtls_cipher_type_t type;
+    const mbedtls_cipher_info_t *info;
+} mbedtls_cipher_definition_t;
+
+extern const mbedtls_cipher_definition_t mbedtls_cipher_definitions[];
+
+extern int mbedtls_cipher_supported[];
+
+#ifdef __cplusplus
+}
+#endif
+
+#endif /* MBEDTLS_CIPHER_WRAP_H */
diff --git a/client/3rd/ShadowSocks/ShadowSocks/mbedtls/include/mbedtls/compat-1.3.h b/client/3rd/ShadowSocks/ShadowSocks/mbedtls/include/mbedtls/compat-1.3.h
new file mode 100644
index 00000000..1ddfff8c
--- /dev/null
+++ b/client/3rd/ShadowSocks/ShadowSocks/mbedtls/include/mbedtls/compat-1.3.h
@@ -0,0 +1,2633 @@
+/**
+ * \file config.h
+ *
+ * \brief Compatibility names (set of defines)
+ *
+ * \deprecated Use the new names directly instead
+ *
+ *  Copyright (C) 2006-2015, ARM Limited, All Rights Reserved
+ *  SPDX-License-Identifier: Apache-2.0
+ *
+ *  Licensed under the Apache License, Version 2.0 (the "License"); you may
+ *  not use this file except in compliance with the License.
+ *  You may obtain a copy of the License at
+ *
+ *  http://www.apache.org/licenses/LICENSE-2.0
+ *
+ *  Unless required by applicable law or agreed to in writing, software
+ *  distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
+ *  WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ *  See the License for the specific language governing permissions and
+ *  limitations under the License.
+ *
+ *  This file is part of mbed TLS (https://tls.mbed.org)
+ */
+
+#if ! defined(MBEDTLS_DEPRECATED_REMOVED)
+
+#if defined(MBEDTLS_DEPRECATED_WARNING)
+#warning "Including compat-1.3.h is deprecated"
+#endif
+
+#ifndef MBEDTLS_COMPAT13_H
+#define MBEDTLS_COMPAT13_H
+
+/*
+ * config.h options
+ */
+#if defined MBEDTLS_AESNI_C
+#define POLARSSL_AESNI_C MBEDTLS_AESNI_C
+#endif
+#if defined MBEDTLS_AES_ALT
+#define POLARSSL_AES_ALT MBEDTLS_AES_ALT
+#endif
+#if defined MBEDTLS_AES_C
+#define POLARSSL_AES_C MBEDTLS_AES_C
+#endif
+#if defined MBEDTLS_AES_ROM_TABLES
+#define POLARSSL_AES_ROM_TABLES MBEDTLS_AES_ROM_TABLES
+#endif
+#if defined MBEDTLS_ARC4_ALT
+#define POLARSSL_ARC4_ALT MBEDTLS_ARC4_ALT
+#endif
+#if defined MBEDTLS_ARC4_C
+#define POLARSSL_ARC4_C MBEDTLS_ARC4_C
+#endif
+#if defined MBEDTLS_ASN1_PARSE_C
+#define POLARSSL_ASN1_PARSE_C MBEDTLS_ASN1_PARSE_C
+#endif
+#if defined MBEDTLS_ASN1_WRITE_C
+#define POLARSSL_ASN1_WRITE_C MBEDTLS_ASN1_WRITE_C
+#endif
+#if defined MBEDTLS_BASE64_C
+#define POLARSSL_BASE64_C MBEDTLS_BASE64_C
+#endif
+#if defined MBEDTLS_BIGNUM_C
+#define POLARSSL_BIGNUM_C MBEDTLS_BIGNUM_C
+#endif
+#if defined MBEDTLS_BLOWFISH_ALT
+#define POLARSSL_BLOWFISH_ALT MBEDTLS_BLOWFISH_ALT
+#endif
+#if defined MBEDTLS_BLOWFISH_C
+#define POLARSSL_BLOWFISH_C MBEDTLS_BLOWFISH_C
+#endif
+#if defined MBEDTLS_CAMELLIA_ALT
+#define POLARSSL_CAMELLIA_ALT MBEDTLS_CAMELLIA_ALT
+#endif
+#if defined MBEDTLS_CAMELLIA_C
+#define POLARSSL_CAMELLIA_C MBEDTLS_CAMELLIA_C
+#endif
+#if defined MBEDTLS_CAMELLIA_SMALL_MEMORY
+#define POLARSSL_CAMELLIA_SMALL_MEMORY MBEDTLS_CAMELLIA_SMALL_MEMORY
+#endif
+#if defined MBEDTLS_CCM_C
+#define POLARSSL_CCM_C MBEDTLS_CCM_C
+#endif
+#if defined MBEDTLS_CERTS_C
+#define POLARSSL_CERTS_C MBEDTLS_CERTS_C
+#endif
+#if defined MBEDTLS_CIPHER_C
+#define POLARSSL_CIPHER_C MBEDTLS_CIPHER_C
+#endif
+#if defined MBEDTLS_CIPHER_MODE_CBC
+#define POLARSSL_CIPHER_MODE_CBC MBEDTLS_CIPHER_MODE_CBC
+#endif
+#if defined MBEDTLS_CIPHER_MODE_CFB
+#define POLARSSL_CIPHER_MODE_CFB MBEDTLS_CIPHER_MODE_CFB
+#endif
+#if defined MBEDTLS_CIPHER_MODE_CTR
+#define POLARSSL_CIPHER_MODE_CTR MBEDTLS_CIPHER_MODE_CTR
+#endif
+#if defined MBEDTLS_CIPHER_NULL_CIPHER
+#define POLARSSL_CIPHER_NULL_CIPHER MBEDTLS_CIPHER_NULL_CIPHER
+#endif
+#if defined MBEDTLS_CIPHER_PADDING_ONE_AND_ZEROS
+#define POLARSSL_CIPHER_PADDING_ONE_AND_ZEROS MBEDTLS_CIPHER_PADDING_ONE_AND_ZEROS
+#endif
+#if defined MBEDTLS_CIPHER_PADDING_PKCS7
+#define POLARSSL_CIPHER_PADDING_PKCS7 MBEDTLS_CIPHER_PADDING_PKCS7
+#endif
+#if defined MBEDTLS_CIPHER_PADDING_ZEROS
+#define POLARSSL_CIPHER_PADDING_ZEROS MBEDTLS_CIPHER_PADDING_ZEROS
+#endif
+#if defined MBEDTLS_CIPHER_PADDING_ZEROS_AND_LEN
+#define POLARSSL_CIPHER_PADDING_ZEROS_AND_LEN MBEDTLS_CIPHER_PADDING_ZEROS_AND_LEN
+#endif
+#if defined MBEDTLS_CTR_DRBG_C
+#define POLARSSL_CTR_DRBG_C MBEDTLS_CTR_DRBG_C
+#endif
+#if defined MBEDTLS_DEBUG_C
+#define POLARSSL_DEBUG_C MBEDTLS_DEBUG_C
+#endif
+#if defined MBEDTLS_DEPRECATED_REMOVED
+#define POLARSSL_DEPRECATED_REMOVED MBEDTLS_DEPRECATED_REMOVED
+#endif
+#if defined MBEDTLS_DEPRECATED_WARNING
+#define POLARSSL_DEPRECATED_WARNING MBEDTLS_DEPRECATED_WARNING
+#endif
+#if defined MBEDTLS_DES_ALT
+#define POLARSSL_DES_ALT MBEDTLS_DES_ALT
+#endif
+#if defined MBEDTLS_DES_C
+#define POLARSSL_DES_C MBEDTLS_DES_C
+#endif
+#if defined MBEDTLS_DHM_C
+#define POLARSSL_DHM_C MBEDTLS_DHM_C
+#endif
+#if defined MBEDTLS_ECDH_C
+#define POLARSSL_ECDH_C MBEDTLS_ECDH_C
+#endif
+#if defined MBEDTLS_ECDSA_C
+#define POLARSSL_ECDSA_C MBEDTLS_ECDSA_C
+#endif
+#if defined MBEDTLS_ECDSA_DETERMINISTIC
+#define POLARSSL_ECDSA_DETERMINISTIC MBEDTLS_ECDSA_DETERMINISTIC
+#endif
+#if defined MBEDTLS_ECP_C
+#define POLARSSL_ECP_C MBEDTLS_ECP_C
+#endif
+#if defined MBEDTLS_ECP_DP_BP256R1_ENABLED
+#define POLARSSL_ECP_DP_BP256R1_ENABLED MBEDTLS_ECP_DP_BP256R1_ENABLED
+#endif
+#if defined MBEDTLS_ECP_DP_BP384R1_ENABLED
+#define POLARSSL_ECP_DP_BP384R1_ENABLED MBEDTLS_ECP_DP_BP384R1_ENABLED
+#endif
+#if defined MBEDTLS_ECP_DP_BP512R1_ENABLED
+#define POLARSSL_ECP_DP_BP512R1_ENABLED MBEDTLS_ECP_DP_BP512R1_ENABLED
+#endif
+#if defined MBEDTLS_ECP_DP_CURVE25519_ENABLED
+#define POLARSSL_ECP_DP_M255_ENABLED MBEDTLS_ECP_DP_CURVE25519_ENABLED
+#endif
+#if defined MBEDTLS_ECP_DP_SECP192K1_ENABLED
+#define POLARSSL_ECP_DP_SECP192K1_ENABLED MBEDTLS_ECP_DP_SECP192K1_ENABLED
+#endif
+#if defined MBEDTLS_ECP_DP_SECP192R1_ENABLED
+#define POLARSSL_ECP_DP_SECP192R1_ENABLED MBEDTLS_ECP_DP_SECP192R1_ENABLED
+#endif
+#if defined MBEDTLS_ECP_DP_SECP224K1_ENABLED
+#define POLARSSL_ECP_DP_SECP224K1_ENABLED MBEDTLS_ECP_DP_SECP224K1_ENABLED
+#endif
+#if defined MBEDTLS_ECP_DP_SECP224R1_ENABLED
+#define POLARSSL_ECP_DP_SECP224R1_ENABLED MBEDTLS_ECP_DP_SECP224R1_ENABLED
+#endif
+#if defined MBEDTLS_ECP_DP_SECP256K1_ENABLED
+#define POLARSSL_ECP_DP_SECP256K1_ENABLED MBEDTLS_ECP_DP_SECP256K1_ENABLED
+#endif
+#if defined MBEDTLS_ECP_DP_SECP256R1_ENABLED
+#define POLARSSL_ECP_DP_SECP256R1_ENABLED MBEDTLS_ECP_DP_SECP256R1_ENABLED
+#endif
+#if defined MBEDTLS_ECP_DP_SECP384R1_ENABLED
+#define POLARSSL_ECP_DP_SECP384R1_ENABLED MBEDTLS_ECP_DP_SECP384R1_ENABLED
+#endif
+#if defined MBEDTLS_ECP_DP_SECP521R1_ENABLED
+#define POLARSSL_ECP_DP_SECP521R1_ENABLED MBEDTLS_ECP_DP_SECP521R1_ENABLED
+#endif
+#if defined MBEDTLS_ECP_FIXED_POINT_OPTIM
+#define POLARSSL_ECP_FIXED_POINT_OPTIM MBEDTLS_ECP_FIXED_POINT_OPTIM
+#endif
+#if defined MBEDTLS_ECP_MAX_BITS
+#define POLARSSL_ECP_MAX_BITS MBEDTLS_ECP_MAX_BITS
+#endif
+#if defined MBEDTLS_ECP_NIST_OPTIM
+#define POLARSSL_ECP_NIST_OPTIM MBEDTLS_ECP_NIST_OPTIM
+#endif
+#if defined MBEDTLS_ECP_WINDOW_SIZE
+#define POLARSSL_ECP_WINDOW_SIZE MBEDTLS_ECP_WINDOW_SIZE
+#endif
+#if defined MBEDTLS_ENABLE_WEAK_CIPHERSUITES
+#define POLARSSL_ENABLE_WEAK_CIPHERSUITES MBEDTLS_ENABLE_WEAK_CIPHERSUITES
+#endif
+#if defined MBEDTLS_ENTROPY_C
+#define POLARSSL_ENTROPY_C MBEDTLS_ENTROPY_C
+#endif
+#if defined MBEDTLS_ENTROPY_FORCE_SHA256
+#define POLARSSL_ENTROPY_FORCE_SHA256 MBEDTLS_ENTROPY_FORCE_SHA256
+#endif
+#if defined MBEDTLS_ERROR_C
+#define POLARSSL_ERROR_C MBEDTLS_ERROR_C
+#endif
+#if defined MBEDTLS_ERROR_STRERROR_BC
+#define POLARSSL_ERROR_STRERROR_BC MBEDTLS_ERROR_STRERROR_BC
+#endif
+#if defined MBEDTLS_ERROR_STRERROR_DUMMY
+#define POLARSSL_ERROR_STRERROR_DUMMY MBEDTLS_ERROR_STRERROR_DUMMY
+#endif
+#if defined MBEDTLS_FS_IO
+#define POLARSSL_FS_IO MBEDTLS_FS_IO
+#endif
+#if defined MBEDTLS_GCM_C
+#define POLARSSL_GCM_C MBEDTLS_GCM_C
+#endif
+#if defined MBEDTLS_GENPRIME
+#define POLARSSL_GENPRIME MBEDTLS_GENPRIME
+#endif
+#if defined MBEDTLS_HAVEGE_C
+#define POLARSSL_HAVEGE_C MBEDTLS_HAVEGE_C
+#endif
+#if defined MBEDTLS_HAVE_ASM
+#define POLARSSL_HAVE_ASM MBEDTLS_HAVE_ASM
+#endif
+#if defined MBEDTLS_HAVE_SSE2
+#define POLARSSL_HAVE_SSE2 MBEDTLS_HAVE_SSE2
+#endif
+#if defined MBEDTLS_HAVE_TIME
+#define POLARSSL_HAVE_TIME MBEDTLS_HAVE_TIME
+#endif
+#if defined MBEDTLS_HMAC_DRBG_C
+#define POLARSSL_HMAC_DRBG_C MBEDTLS_HMAC_DRBG_C
+#endif
+#if defined MBEDTLS_HMAC_DRBG_MAX_INPUT
+#define POLARSSL_HMAC_DRBG_MAX_INPUT MBEDTLS_HMAC_DRBG_MAX_INPUT
+#endif
+#if defined MBEDTLS_HMAC_DRBG_MAX_REQUEST
+#define POLARSSL_HMAC_DRBG_MAX_REQUEST MBEDTLS_HMAC_DRBG_MAX_REQUEST
+#endif
+#if defined MBEDTLS_HMAC_DRBG_MAX_SEED_INPUT
+#define POLARSSL_HMAC_DRBG_MAX_SEED_INPUT MBEDTLS_HMAC_DRBG_MAX_SEED_INPUT
+#endif
+#if defined MBEDTLS_HMAC_DRBG_RESEED_INTERVAL
+#define POLARSSL_HMAC_DRBG_RESEED_INTERVAL MBEDTLS_HMAC_DRBG_RESEED_INTERVAL
+#endif
+#if defined MBEDTLS_KEY_EXCHANGE_DHE_PSK_ENABLED
+#define POLARSSL_KEY_EXCHANGE_DHE_PSK_ENABLED MBEDTLS_KEY_EXCHANGE_DHE_PSK_ENABLED
+#endif
+#if defined MBEDTLS_KEY_EXCHANGE_DHE_RSA_ENABLED
+#define POLARSSL_KEY_EXCHANGE_DHE_RSA_ENABLED MBEDTLS_KEY_EXCHANGE_DHE_RSA_ENABLED
+#endif
+#if defined MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA_ENABLED
+#define POLARSSL_KEY_EXCHANGE_ECDHE_ECDSA_ENABLED MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA_ENABLED
+#endif
+#if defined MBEDTLS_KEY_EXCHANGE_ECDHE_PSK_ENABLED
+#define POLARSSL_KEY_EXCHANGE_ECDHE_PSK_ENABLED MBEDTLS_KEY_EXCHANGE_ECDHE_PSK_ENABLED
+#endif
+#if defined MBEDTLS_KEY_EXCHANGE_ECDHE_RSA_ENABLED
+#define POLARSSL_KEY_EXCHANGE_ECDHE_RSA_ENABLED MBEDTLS_KEY_EXCHANGE_ECDHE_RSA_ENABLED
+#endif
+#if defined MBEDTLS_KEY_EXCHANGE_ECDH_ECDSA_ENABLED
+#define POLARSSL_KEY_EXCHANGE_ECDH_ECDSA_ENABLED MBEDTLS_KEY_EXCHANGE_ECDH_ECDSA_ENABLED
+#endif
+#if defined MBEDTLS_KEY_EXCHANGE_ECDH_RSA_ENABLED
+#define POLARSSL_KEY_EXCHANGE_ECDH_RSA_ENABLED MBEDTLS_KEY_EXCHANGE_ECDH_RSA_ENABLED
+#endif
+#if defined MBEDTLS_KEY_EXCHANGE_PSK_ENABLED
+#define POLARSSL_KEY_EXCHANGE_PSK_ENABLED MBEDTLS_KEY_EXCHANGE_PSK_ENABLED
+#endif
+#if defined MBEDTLS_KEY_EXCHANGE_RSA_ENABLED
+#define POLARSSL_KEY_EXCHANGE_RSA_ENABLED MBEDTLS_KEY_EXCHANGE_RSA_ENABLED
+#endif
+#if defined MBEDTLS_KEY_EXCHANGE_RSA_PSK_ENABLED
+#define POLARSSL_KEY_EXCHANGE_RSA_PSK_ENABLED MBEDTLS_KEY_EXCHANGE_RSA_PSK_ENABLED
+#endif
+#if defined MBEDTLS_MD2_ALT
+#define POLARSSL_MD2_ALT MBEDTLS_MD2_ALT
+#endif
+#if defined MBEDTLS_MD2_C
+#define POLARSSL_MD2_C MBEDTLS_MD2_C
+#endif
+#if defined MBEDTLS_MD2_PROCESS_ALT
+#define POLARSSL_MD2_PROCESS_ALT MBEDTLS_MD2_PROCESS_ALT
+#endif
+#if defined MBEDTLS_MD4_ALT
+#define POLARSSL_MD4_ALT MBEDTLS_MD4_ALT
+#endif
+#if defined MBEDTLS_MD4_C
+#define POLARSSL_MD4_C MBEDTLS_MD4_C
+#endif
+#if defined MBEDTLS_MD4_PROCESS_ALT
+#define POLARSSL_MD4_PROCESS_ALT MBEDTLS_MD4_PROCESS_ALT
+#endif
+#if defined MBEDTLS_MD5_ALT
+#define POLARSSL_MD5_ALT MBEDTLS_MD5_ALT
+#endif
+#if defined MBEDTLS_MD5_C
+#define POLARSSL_MD5_C MBEDTLS_MD5_C
+#endif
+#if defined MBEDTLS_MD5_PROCESS_ALT
+#define POLARSSL_MD5_PROCESS_ALT MBEDTLS_MD5_PROCESS_ALT
+#endif
+#if defined MBEDTLS_MD_C
+#define POLARSSL_MD_C MBEDTLS_MD_C
+#endif
+#if defined MBEDTLS_MEMORY_ALIGN_MULTIPLE
+#define POLARSSL_MEMORY_ALIGN_MULTIPLE MBEDTLS_MEMORY_ALIGN_MULTIPLE
+#endif
+#if defined MBEDTLS_MEMORY_BACKTRACE
+#define POLARSSL_MEMORY_BACKTRACE MBEDTLS_MEMORY_BACKTRACE
+#endif
+#if defined MBEDTLS_MEMORY_BUFFER_ALLOC_C
+#define POLARSSL_MEMORY_BUFFER_ALLOC_C MBEDTLS_MEMORY_BUFFER_ALLOC_C
+#endif
+#if defined MBEDTLS_MEMORY_C
+#define POLARSSL_MEMORY_C MBEDTLS_MEMORY_C
+#endif
+#if defined MBEDTLS_MEMORY_DEBUG
+#define POLARSSL_MEMORY_DEBUG MBEDTLS_MEMORY_DEBUG
+#endif
+#if defined MBEDTLS_MPI_MAX_SIZE
+#define POLARSSL_MPI_MAX_SIZE MBEDTLS_MPI_MAX_SIZE
+#endif
+#if defined MBEDTLS_MPI_WINDOW_SIZE
+#define POLARSSL_MPI_WINDOW_SIZE MBEDTLS_MPI_WINDOW_SIZE
+#endif
+#if defined MBEDTLS_NET_C
+#define POLARSSL_NET_C MBEDTLS_NET_C
+#endif
+#if defined MBEDTLS_NO_DEFAULT_ENTROPY_SOURCES
+#define POLARSSL_NO_DEFAULT_ENTROPY_SOURCES MBEDTLS_NO_DEFAULT_ENTROPY_SOURCES
+#endif
+#if defined MBEDTLS_NO_PLATFORM_ENTROPY
+#define POLARSSL_NO_PLATFORM_ENTROPY MBEDTLS_NO_PLATFORM_ENTROPY
+#endif
+#if defined MBEDTLS_OID_C
+#define POLARSSL_OID_C MBEDTLS_OID_C
+#endif
+#if defined MBEDTLS_PADLOCK_C
+#define POLARSSL_PADLOCK_C MBEDTLS_PADLOCK_C
+#endif
+#if defined MBEDTLS_PBKDF2_C
+#define POLARSSL_PBKDF2_C MBEDTLS_PBKDF2_C
+#endif
+#if defined MBEDTLS_PEM_PARSE_C
+#define POLARSSL_PEM_PARSE_C MBEDTLS_PEM_PARSE_C
+#endif
+#if defined MBEDTLS_PEM_WRITE_C
+#define POLARSSL_PEM_WRITE_C MBEDTLS_PEM_WRITE_C
+#endif
+#if defined MBEDTLS_PKCS11_C
+#define POLARSSL_PKCS11_C MBEDTLS_PKCS11_C
+#endif
+#if defined MBEDTLS_PKCS12_C
+#define POLARSSL_PKCS12_C MBEDTLS_PKCS12_C
+#endif
+#if defined MBEDTLS_PKCS1_V15
+#define POLARSSL_PKCS1_V15 MBEDTLS_PKCS1_V15
+#endif
+#if defined MBEDTLS_PKCS1_V21
+#define POLARSSL_PKCS1_V21 MBEDTLS_PKCS1_V21
+#endif
+#if defined MBEDTLS_PKCS5_C
+#define POLARSSL_PKCS5_C MBEDTLS_PKCS5_C
+#endif
+#if defined MBEDTLS_PK_C
+#define POLARSSL_PK_C MBEDTLS_PK_C
+#endif
+#if defined MBEDTLS_PK_PARSE_C
+#define POLARSSL_PK_PARSE_C MBEDTLS_PK_PARSE_C
+#endif
+#if defined MBEDTLS_PK_PARSE_EC_EXTENDED
+#define POLARSSL_PK_PARSE_EC_EXTENDED MBEDTLS_PK_PARSE_EC_EXTENDED
+#endif
+#if defined MBEDTLS_PK_RSA_ALT_SUPPORT
+#define POLARSSL_PK_RSA_ALT_SUPPORT MBEDTLS_PK_RSA_ALT_SUPPORT
+#endif
+#if defined MBEDTLS_PK_WRITE_C
+#define POLARSSL_PK_WRITE_C MBEDTLS_PK_WRITE_C
+#endif
+#if defined MBEDTLS_PLATFORM_C
+#define POLARSSL_PLATFORM_C MBEDTLS_PLATFORM_C
+#endif
+#if defined MBEDTLS_PLATFORM_EXIT_ALT
+#define POLARSSL_PLATFORM_EXIT_ALT MBEDTLS_PLATFORM_EXIT_ALT
+#endif
+#if defined MBEDTLS_PLATFORM_EXIT_MACRO
+#define POLARSSL_PLATFORM_EXIT_MACRO MBEDTLS_PLATFORM_EXIT_MACRO
+#endif
+#if defined MBEDTLS_PLATFORM_FPRINTF_ALT
+#define POLARSSL_PLATFORM_FPRINTF_ALT MBEDTLS_PLATFORM_FPRINTF_ALT
+#endif
+#if defined MBEDTLS_PLATFORM_FPRINTF_MACRO
+#define POLARSSL_PLATFORM_FPRINTF_MACRO MBEDTLS_PLATFORM_FPRINTF_MACRO
+#endif
+#if defined MBEDTLS_PLATFORM_FREE_MACRO
+#define POLARSSL_PLATFORM_FREE_MACRO MBEDTLS_PLATFORM_FREE_MACRO
+#endif
+#if defined MBEDTLS_PLATFORM_MEMORY
+#define POLARSSL_PLATFORM_MEMORY MBEDTLS_PLATFORM_MEMORY
+#endif
+#if defined MBEDTLS_PLATFORM_NO_STD_FUNCTIONS
+#define POLARSSL_PLATFORM_NO_STD_FUNCTIONS MBEDTLS_PLATFORM_NO_STD_FUNCTIONS
+#endif
+#if defined MBEDTLS_PLATFORM_PRINTF_ALT
+#define POLARSSL_PLATFORM_PRINTF_ALT MBEDTLS_PLATFORM_PRINTF_ALT
+#endif
+#if defined MBEDTLS_PLATFORM_PRINTF_MACRO
+#define POLARSSL_PLATFORM_PRINTF_MACRO MBEDTLS_PLATFORM_PRINTF_MACRO
+#endif
+#if defined MBEDTLS_PLATFORM_SNPRINTF_ALT
+#define POLARSSL_PLATFORM_SNPRINTF_ALT MBEDTLS_PLATFORM_SNPRINTF_ALT
+#endif
+#if defined MBEDTLS_PLATFORM_SNPRINTF_MACRO
+#define POLARSSL_PLATFORM_SNPRINTF_MACRO MBEDTLS_PLATFORM_SNPRINTF_MACRO
+#endif
+#if defined MBEDTLS_PLATFORM_STD_EXIT
+#define POLARSSL_PLATFORM_STD_EXIT MBEDTLS_PLATFORM_STD_EXIT
+#endif
+#if defined MBEDTLS_PLATFORM_STD_FPRINTF
+#define POLARSSL_PLATFORM_STD_FPRINTF MBEDTLS_PLATFORM_STD_FPRINTF
+#endif
+#if defined MBEDTLS_PLATFORM_STD_FREE
+#define POLARSSL_PLATFORM_STD_FREE MBEDTLS_PLATFORM_STD_FREE
+#endif
+#if defined MBEDTLS_PLATFORM_STD_MALLOC
+#define POLARSSL_PLATFORM_STD_MALLOC MBEDTLS_PLATFORM_STD_MALLOC
+#endif
+#if defined MBEDTLS_PLATFORM_STD_MEM_HDR
+#define POLARSSL_PLATFORM_STD_MEM_HDR MBEDTLS_PLATFORM_STD_MEM_HDR
+#endif
+#if defined MBEDTLS_PLATFORM_STD_PRINTF
+#define POLARSSL_PLATFORM_STD_PRINTF MBEDTLS_PLATFORM_STD_PRINTF
+#endif
+#if defined MBEDTLS_PLATFORM_STD_SNPRINTF
+#define POLARSSL_PLATFORM_STD_SNPRINTF MBEDTLS_PLATFORM_STD_SNPRINTF
+#endif
+#if defined MBEDTLS_PSK_MAX_LEN
+#define POLARSSL_PSK_MAX_LEN MBEDTLS_PSK_MAX_LEN
+#endif
+#if defined MBEDTLS_REMOVE_ARC4_CIPHERSUITES
+#define POLARSSL_REMOVE_ARC4_CIPHERSUITES MBEDTLS_REMOVE_ARC4_CIPHERSUITES
+#endif
+#if defined MBEDTLS_RIPEMD160_ALT
+#define POLARSSL_RIPEMD160_ALT MBEDTLS_RIPEMD160_ALT
+#endif
+#if defined MBEDTLS_RIPEMD160_C
+#define POLARSSL_RIPEMD160_C MBEDTLS_RIPEMD160_C
+#endif
+#if defined MBEDTLS_RIPEMD160_PROCESS_ALT
+#define POLARSSL_RIPEMD160_PROCESS_ALT MBEDTLS_RIPEMD160_PROCESS_ALT
+#endif
+#if defined MBEDTLS_RSA_C
+#define POLARSSL_RSA_C MBEDTLS_RSA_C
+#endif
+#if defined MBEDTLS_RSA_NO_CRT
+#define POLARSSL_RSA_NO_CRT MBEDTLS_RSA_NO_CRT
+#endif
+#if defined MBEDTLS_SELF_TEST
+#define POLARSSL_SELF_TEST MBEDTLS_SELF_TEST
+#endif
+#if defined MBEDTLS_SHA1_ALT
+#define POLARSSL_SHA1_ALT MBEDTLS_SHA1_ALT
+#endif
+#if defined MBEDTLS_SHA1_C
+#define POLARSSL_SHA1_C MBEDTLS_SHA1_C
+#endif
+#if defined MBEDTLS_SHA1_PROCESS_ALT
+#define POLARSSL_SHA1_PROCESS_ALT MBEDTLS_SHA1_PROCESS_ALT
+#endif
+#if defined MBEDTLS_SHA256_ALT
+#define POLARSSL_SHA256_ALT MBEDTLS_SHA256_ALT
+#endif
+#if defined MBEDTLS_SHA256_C
+#define POLARSSL_SHA256_C MBEDTLS_SHA256_C
+#endif
+#if defined MBEDTLS_SHA256_PROCESS_ALT
+#define POLARSSL_SHA256_PROCESS_ALT MBEDTLS_SHA256_PROCESS_ALT
+#endif
+#if defined MBEDTLS_SHA512_ALT
+#define POLARSSL_SHA512_ALT MBEDTLS_SHA512_ALT
+#endif
+#if defined MBEDTLS_SHA512_C
+#define POLARSSL_SHA512_C MBEDTLS_SHA512_C
+#endif
+#if defined MBEDTLS_SHA512_PROCESS_ALT
+#define POLARSSL_SHA512_PROCESS_ALT MBEDTLS_SHA512_PROCESS_ALT
+#endif
+#if defined MBEDTLS_SSL_AEAD_RANDOM_IV
+#define POLARSSL_SSL_AEAD_RANDOM_IV MBEDTLS_SSL_AEAD_RANDOM_IV
+#endif
+#if defined MBEDTLS_SSL_ALERT_MESSAGES
+#define POLARSSL_SSL_ALERT_MESSAGES MBEDTLS_SSL_ALERT_MESSAGES
+#endif
+#if defined MBEDTLS_SSL_ALL_ALERT_MESSAGES
+#define POLARSSL_SSL_ALL_ALERT_MESSAGES MBEDTLS_SSL_ALL_ALERT_MESSAGES
+#endif
+#if defined MBEDTLS_SSL_ALPN
+#define POLARSSL_SSL_ALPN MBEDTLS_SSL_ALPN
+#endif
+#if defined MBEDTLS_SSL_CACHE_C
+#define POLARSSL_SSL_CACHE_C MBEDTLS_SSL_CACHE_C
+#endif
+#if defined MBEDTLS_SSL_CBC_RECORD_SPLITTING
+#define POLARSSL_SSL_CBC_RECORD_SPLITTING MBEDTLS_SSL_CBC_RECORD_SPLITTING
+#endif
+#if defined MBEDTLS_SSL_CLI_C
+#define POLARSSL_SSL_CLI_C MBEDTLS_SSL_CLI_C
+#endif
+#if defined MBEDTLS_SSL_COOKIE_C
+#define POLARSSL_SSL_COOKIE_C MBEDTLS_SSL_COOKIE_C
+#endif
+#if defined MBEDTLS_SSL_COOKIE_TIMEOUT
+#define POLARSSL_SSL_COOKIE_TIMEOUT MBEDTLS_SSL_COOKIE_TIMEOUT
+#endif
+#if defined MBEDTLS_SSL_DEBUG_ALL
+#define POLARSSL_SSL_DEBUG_ALL MBEDTLS_SSL_DEBUG_ALL
+#endif
+#if defined MBEDTLS_SSL_DISABLE_RENEGOTIATION
+#define POLARSSL_SSL_DISABLE_RENEGOTIATION MBEDTLS_SSL_DISABLE_RENEGOTIATION
+#endif
+#if defined MBEDTLS_SSL_DTLS_ANTI_REPLAY
+#define POLARSSL_SSL_DTLS_ANTI_REPLAY MBEDTLS_SSL_DTLS_ANTI_REPLAY
+#endif
+#if defined MBEDTLS_SSL_DTLS_BADMAC_LIMIT
+#define POLARSSL_SSL_DTLS_BADMAC_LIMIT MBEDTLS_SSL_DTLS_BADMAC_LIMIT
+#endif
+#if defined MBEDTLS_SSL_DTLS_HELLO_VERIFY
+#define POLARSSL_SSL_DTLS_HELLO_VERIFY MBEDTLS_SSL_DTLS_HELLO_VERIFY
+#endif
+#if defined MBEDTLS_SSL_ENCRYPT_THEN_MAC
+#define POLARSSL_SSL_ENCRYPT_THEN_MAC MBEDTLS_SSL_ENCRYPT_THEN_MAC
+#endif
+#if defined MBEDTLS_SSL_EXTENDED_MASTER_SECRET
+#define POLARSSL_SSL_EXTENDED_MASTER_SECRET MBEDTLS_SSL_EXTENDED_MASTER_SECRET
+#endif
+#if defined MBEDTLS_SSL_FALLBACK_SCSV
+#define POLARSSL_SSL_FALLBACK_SCSV MBEDTLS_SSL_FALLBACK_SCSV
+#endif
+#if defined MBEDTLS_SSL_HW_RECORD_ACCEL
+#define POLARSSL_SSL_HW_RECORD_ACCEL MBEDTLS_SSL_HW_RECORD_ACCEL
+#endif
+#if defined MBEDTLS_SSL_MAX_FRAGMENT_LENGTH
+#define POLARSSL_SSL_MAX_FRAGMENT_LENGTH MBEDTLS_SSL_MAX_FRAGMENT_LENGTH
+#endif
+#if defined MBEDTLS_SSL_PROTO_DTLS
+#define POLARSSL_SSL_PROTO_DTLS MBEDTLS_SSL_PROTO_DTLS
+#endif
+#if defined MBEDTLS_SSL_PROTO_SSL3
+#define POLARSSL_SSL_PROTO_SSL3 MBEDTLS_SSL_PROTO_SSL3
+#endif
+#if defined MBEDTLS_SSL_PROTO_TLS1
+#define POLARSSL_SSL_PROTO_TLS1 MBEDTLS_SSL_PROTO_TLS1
+#endif
+#if defined MBEDTLS_SSL_PROTO_TLS1_1
+#define POLARSSL_SSL_PROTO_TLS1_1 MBEDTLS_SSL_PROTO_TLS1_1
+#endif
+#if defined MBEDTLS_SSL_PROTO_TLS1_2
+#define POLARSSL_SSL_PROTO_TLS1_2 MBEDTLS_SSL_PROTO_TLS1_2
+#endif
+#if defined MBEDTLS_SSL_RENEGOTIATION
+#define POLARSSL_SSL_RENEGOTIATION MBEDTLS_SSL_RENEGOTIATION
+#endif
+#if defined MBEDTLS_SSL_SERVER_NAME_INDICATION
+#define POLARSSL_SSL_SERVER_NAME_INDICATION MBEDTLS_SSL_SERVER_NAME_INDICATION
+#endif
+#if defined MBEDTLS_SSL_SESSION_TICKETS
+#define POLARSSL_SSL_SESSION_TICKETS MBEDTLS_SSL_SESSION_TICKETS
+#endif
+#if defined MBEDTLS_SSL_SRV_C
+#define POLARSSL_SSL_SRV_C MBEDTLS_SSL_SRV_C
+#endif
+#if defined MBEDTLS_SSL_SRV_RESPECT_CLIENT_PREFERENCE
+#define POLARSSL_SSL_SRV_RESPECT_CLIENT_PREFERENCE MBEDTLS_SSL_SRV_RESPECT_CLIENT_PREFERENCE
+#endif
+#if defined MBEDTLS_SSL_SRV_SUPPORT_SSLV2_CLIENT_HELLO
+#define POLARSSL_SSL_SRV_SUPPORT_SSLV2_CLIENT_HELLO MBEDTLS_SSL_SRV_SUPPORT_SSLV2_CLIENT_HELLO
+#endif
+#if defined MBEDTLS_SSL_TLS_C
+#define POLARSSL_SSL_TLS_C MBEDTLS_SSL_TLS_C
+#endif
+#if defined MBEDTLS_SSL_TRUNCATED_HMAC
+#define POLARSSL_SSL_TRUNCATED_HMAC MBEDTLS_SSL_TRUNCATED_HMAC
+#endif
+#if defined MBEDTLS_THREADING_ALT
+#define POLARSSL_THREADING_ALT MBEDTLS_THREADING_ALT
+#endif
+#if defined MBEDTLS_THREADING_C
+#define POLARSSL_THREADING_C MBEDTLS_THREADING_C
+#endif
+#if defined MBEDTLS_THREADING_PTHREAD
+#define POLARSSL_THREADING_PTHREAD MBEDTLS_THREADING_PTHREAD
+#endif
+#if defined MBEDTLS_TIMING_ALT
+#define POLARSSL_TIMING_ALT MBEDTLS_TIMING_ALT
+#endif
+#if defined MBEDTLS_TIMING_C
+#define POLARSSL_TIMING_C MBEDTLS_TIMING_C
+#endif
+#if defined MBEDTLS_VERSION_C
+#define POLARSSL_VERSION_C MBEDTLS_VERSION_C
+#endif
+#if defined MBEDTLS_VERSION_FEATURES
+#define POLARSSL_VERSION_FEATURES MBEDTLS_VERSION_FEATURES
+#endif
+#if defined MBEDTLS_X509_ALLOW_EXTENSIONS_NON_V3
+#define POLARSSL_X509_ALLOW_EXTENSIONS_NON_V3 MBEDTLS_X509_ALLOW_EXTENSIONS_NON_V3
+#endif
+#if defined MBEDTLS_X509_ALLOW_UNSUPPORTED_CRITICAL_EXTENSION
+#define POLARSSL_X509_ALLOW_UNSUPPORTED_CRITICAL_EXTENSION MBEDTLS_X509_ALLOW_UNSUPPORTED_CRITICAL_EXTENSION
+#endif
+#if defined MBEDTLS_X509_CHECK_EXTENDED_KEY_USAGE
+#define POLARSSL_X509_CHECK_EXTENDED_KEY_USAGE MBEDTLS_X509_CHECK_EXTENDED_KEY_USAGE
+#endif
+#if defined MBEDTLS_X509_CHECK_KEY_USAGE
+#define POLARSSL_X509_CHECK_KEY_USAGE MBEDTLS_X509_CHECK_KEY_USAGE
+#endif
+#if defined MBEDTLS_X509_CREATE_C
+#define POLARSSL_X509_CREATE_C MBEDTLS_X509_CREATE_C
+#endif
+#if defined MBEDTLS_X509_CRL_PARSE_C
+#define POLARSSL_X509_CRL_PARSE_C MBEDTLS_X509_CRL_PARSE_C
+#endif
+#if defined MBEDTLS_X509_CRT_PARSE_C
+#define POLARSSL_X509_CRT_PARSE_C MBEDTLS_X509_CRT_PARSE_C
+#endif
+#if defined MBEDTLS_X509_CRT_WRITE_C
+#define POLARSSL_X509_CRT_WRITE_C MBEDTLS_X509_CRT_WRITE_C
+#endif
+#if defined MBEDTLS_X509_CSR_PARSE_C
+#define POLARSSL_X509_CSR_PARSE_C MBEDTLS_X509_CSR_PARSE_C
+#endif
+#if defined MBEDTLS_X509_CSR_WRITE_C
+#define POLARSSL_X509_CSR_WRITE_C MBEDTLS_X509_CSR_WRITE_C
+#endif
+#if defined MBEDTLS_X509_MAX_INTERMEDIATE_CA
+#define POLARSSL_X509_MAX_INTERMEDIATE_CA MBEDTLS_X509_MAX_INTERMEDIATE_CA
+#endif
+#if defined MBEDTLS_X509_RSASSA_PSS_SUPPORT
+#define POLARSSL_X509_RSASSA_PSS_SUPPORT MBEDTLS_X509_RSASSA_PSS_SUPPORT
+#endif
+#if defined MBEDTLS_X509_USE_C
+#define POLARSSL_X509_USE_C MBEDTLS_X509_USE_C
+#endif
+#if defined MBEDTLS_XTEA_ALT
+#define POLARSSL_XTEA_ALT MBEDTLS_XTEA_ALT
+#endif
+#if defined MBEDTLS_XTEA_C
+#define POLARSSL_XTEA_C MBEDTLS_XTEA_C
+#endif
+#if defined MBEDTLS_ZLIB_SUPPORT
+#define POLARSSL_ZLIB_SUPPORT MBEDTLS_ZLIB_SUPPORT
+#endif
+
+/*
+ * Misc names (macros, types, functions, enum constants...)
+ */
+#define AES_DECRYPT MBEDTLS_AES_DECRYPT
+#define AES_ENCRYPT MBEDTLS_AES_ENCRYPT
+#define ASN1_BIT_STRING MBEDTLS_ASN1_BIT_STRING
+#define ASN1_BMP_STRING MBEDTLS_ASN1_BMP_STRING
+#define ASN1_BOOLEAN MBEDTLS_ASN1_BOOLEAN
+#define ASN1_CHK_ADD MBEDTLS_ASN1_CHK_ADD
+#define ASN1_CONSTRUCTED MBEDTLS_ASN1_CONSTRUCTED
+#define ASN1_CONTEXT_SPECIFIC MBEDTLS_ASN1_CONTEXT_SPECIFIC
+#define ASN1_GENERALIZED_TIME MBEDTLS_ASN1_GENERALIZED_TIME
+#define ASN1_IA5_STRING MBEDTLS_ASN1_IA5_STRING
+#define ASN1_INTEGER MBEDTLS_ASN1_INTEGER
+#define ASN1_NULL MBEDTLS_ASN1_NULL
+#define ASN1_OCTET_STRING MBEDTLS_ASN1_OCTET_STRING
+#define ASN1_OID MBEDTLS_ASN1_OID
+#define ASN1_PRIMITIVE MBEDTLS_ASN1_PRIMITIVE
+#define ASN1_PRINTABLE_STRING MBEDTLS_ASN1_PRINTABLE_STRING
+#define ASN1_SEQUENCE MBEDTLS_ASN1_SEQUENCE
+#define ASN1_SET MBEDTLS_ASN1_SET
+#define ASN1_T61_STRING MBEDTLS_ASN1_T61_STRING
+#define ASN1_UNIVERSAL_STRING MBEDTLS_ASN1_UNIVERSAL_STRING
+#define ASN1_UTC_TIME MBEDTLS_ASN1_UTC_TIME
+#define ASN1_UTF8_STRING MBEDTLS_ASN1_UTF8_STRING
+#define BADCERT_CN_MISMATCH MBEDTLS_X509_BADCERT_CN_MISMATCH
+#define BADCERT_EXPIRED MBEDTLS_X509_BADCERT_EXPIRED
+#define BADCERT_FUTURE MBEDTLS_X509_BADCERT_FUTURE
+#define BADCERT_MISSING MBEDTLS_X509_BADCERT_MISSING
+#define BADCERT_NOT_TRUSTED MBEDTLS_X509_BADCERT_NOT_TRUSTED
+#define BADCERT_OTHER MBEDTLS_X509_BADCERT_OTHER
+#define BADCERT_REVOKED MBEDTLS_X509_BADCERT_REVOKED
+#define BADCERT_SKIP_VERIFY MBEDTLS_X509_BADCERT_SKIP_VERIFY
+#define BADCRL_EXPIRED MBEDTLS_X509_BADCRL_EXPIRED
+#define BADCRL_FUTURE MBEDTLS_X509_BADCRL_FUTURE
+#define BADCRL_NOT_TRUSTED MBEDTLS_X509_BADCRL_NOT_TRUSTED
+#define BLOWFISH_BLOCKSIZE MBEDTLS_BLOWFISH_BLOCKSIZE
+#define BLOWFISH_DECRYPT MBEDTLS_BLOWFISH_DECRYPT
+#define BLOWFISH_ENCRYPT MBEDTLS_BLOWFISH_ENCRYPT
+#define BLOWFISH_MAX_KEY MBEDTLS_BLOWFISH_MAX_KEY_BITS
+#define BLOWFISH_MIN_KEY MBEDTLS_BLOWFISH_MIN_KEY_BITS
+#define BLOWFISH_ROUNDS MBEDTLS_BLOWFISH_ROUNDS
+#define CAMELLIA_DECRYPT MBEDTLS_CAMELLIA_DECRYPT
+#define CAMELLIA_ENCRYPT MBEDTLS_CAMELLIA_ENCRYPT
+#define COLLECT_SIZE MBEDTLS_HAVEGE_COLLECT_SIZE
+#define CTR_DRBG_BLOCKSIZE MBEDTLS_CTR_DRBG_BLOCKSIZE
+#define CTR_DRBG_ENTROPY_LEN MBEDTLS_CTR_DRBG_ENTROPY_LEN
+#define CTR_DRBG_KEYBITS MBEDTLS_CTR_DRBG_KEYBITS
+#define CTR_DRBG_KEYSIZE MBEDTLS_CTR_DRBG_KEYSIZE
+#define CTR_DRBG_MAX_INPUT MBEDTLS_CTR_DRBG_MAX_INPUT
+#define CTR_DRBG_MAX_REQUEST MBEDTLS_CTR_DRBG_MAX_REQUEST
+#define CTR_DRBG_MAX_SEED_INPUT MBEDTLS_CTR_DRBG_MAX_SEED_INPUT
+#define CTR_DRBG_PR_OFF MBEDTLS_CTR_DRBG_PR_OFF
+#define CTR_DRBG_PR_ON MBEDTLS_CTR_DRBG_PR_ON
+#define CTR_DRBG_RESEED_INTERVAL MBEDTLS_CTR_DRBG_RESEED_INTERVAL
+#define CTR_DRBG_SEEDLEN MBEDTLS_CTR_DRBG_SEEDLEN
+#define DEPRECATED MBEDTLS_DEPRECATED
+#define DES_DECRYPT MBEDTLS_DES_DECRYPT
+#define DES_ENCRYPT MBEDTLS_DES_ENCRYPT
+#define DES_KEY_SIZE MBEDTLS_DES_KEY_SIZE
+#define ENTROPY_BLOCK_SIZE MBEDTLS_ENTROPY_BLOCK_SIZE
+#define ENTROPY_MAX_GATHER MBEDTLS_ENTROPY_MAX_GATHER
+#define ENTROPY_MAX_SEED_SIZE MBEDTLS_ENTROPY_MAX_SEED_SIZE
+#define ENTROPY_MAX_SOURCES MBEDTLS_ENTROPY_MAX_SOURCES
+#define ENTROPY_MIN_HARDCLOCK MBEDTLS_ENTROPY_MIN_HARDCLOCK
+#define ENTROPY_MIN_HAVEGE MBEDTLS_ENTROPY_MIN_HAVEGE
+#define ENTROPY_MIN_PLATFORM MBEDTLS_ENTROPY_MIN_PLATFORM
+#define ENTROPY_SOURCE_MANUAL MBEDTLS_ENTROPY_SOURCE_MANUAL
+#define EXT_AUTHORITY_KEY_IDENTIFIER MBEDTLS_X509_EXT_AUTHORITY_KEY_IDENTIFIER
+#define EXT_BASIC_CONSTRAINTS MBEDTLS_X509_EXT_BASIC_CONSTRAINTS
+#define EXT_CERTIFICATE_POLICIES MBEDTLS_X509_EXT_CERTIFICATE_POLICIES
+#define EXT_CRL_DISTRIBUTION_POINTS MBEDTLS_X509_EXT_CRL_DISTRIBUTION_POINTS
+#define EXT_EXTENDED_KEY_USAGE MBEDTLS_X509_EXT_EXTENDED_KEY_USAGE
+#define EXT_FRESHEST_CRL MBEDTLS_X509_EXT_FRESHEST_CRL
+#define EXT_INIHIBIT_ANYPOLICY MBEDTLS_X509_EXT_INIHIBIT_ANYPOLICY
+#define EXT_ISSUER_ALT_NAME MBEDTLS_X509_EXT_ISSUER_ALT_NAME
+#define EXT_KEY_USAGE MBEDTLS_X509_EXT_KEY_USAGE
+#define EXT_NAME_CONSTRAINTS MBEDTLS_X509_EXT_NAME_CONSTRAINTS
+#define EXT_NS_CERT_TYPE MBEDTLS_X509_EXT_NS_CERT_TYPE
+#define EXT_POLICY_CONSTRAINTS MBEDTLS_X509_EXT_POLICY_CONSTRAINTS
+#define EXT_POLICY_MAPPINGS MBEDTLS_X509_EXT_POLICY_MAPPINGS
+#define EXT_SUBJECT_ALT_NAME MBEDTLS_X509_EXT_SUBJECT_ALT_NAME
+#define EXT_SUBJECT_DIRECTORY_ATTRS MBEDTLS_X509_EXT_SUBJECT_DIRECTORY_ATTRS
+#define EXT_SUBJECT_KEY_IDENTIFIER MBEDTLS_X509_EXT_SUBJECT_KEY_IDENTIFIER
+#define GCM_DECRYPT MBEDTLS_GCM_DECRYPT
+#define GCM_ENCRYPT MBEDTLS_GCM_ENCRYPT
+#define KU_CRL_SIGN MBEDTLS_X509_KU_CRL_SIGN
+#define KU_DATA_ENCIPHERMENT MBEDTLS_X509_KU_DATA_ENCIPHERMENT
+#define KU_DIGITAL_SIGNATURE MBEDTLS_X509_KU_DIGITAL_SIGNATURE
+#define KU_KEY_AGREEMENT MBEDTLS_X509_KU_KEY_AGREEMENT
+#define KU_KEY_CERT_SIGN MBEDTLS_X509_KU_KEY_CERT_SIGN
+#define KU_KEY_ENCIPHERMENT MBEDTLS_X509_KU_KEY_ENCIPHERMENT
+#define KU_NON_REPUDIATION MBEDTLS_X509_KU_NON_REPUDIATION
+#define LN_2_DIV_LN_10_SCALE100 MBEDTLS_LN_2_DIV_LN_10_SCALE100
+#define MD_CONTEXT_T_INIT MBEDTLS_MD_CONTEXT_T_INIT
+#define MEMORY_VERIFY_ALLOC MBEDTLS_MEMORY_VERIFY_ALLOC
+#define MEMORY_VERIFY_ALWAYS MBEDTLS_MEMORY_VERIFY_ALWAYS
+#define MEMORY_VERIFY_FREE MBEDTLS_MEMORY_VERIFY_FREE
+#define MEMORY_VERIFY_NONE MBEDTLS_MEMORY_VERIFY_NONE
+#define MPI_CHK MBEDTLS_MPI_CHK
+#define NET_PROTO_TCP MBEDTLS_NET_PROTO_TCP
+#define NET_PROTO_UDP MBEDTLS_NET_PROTO_UDP
+#define NS_CERT_TYPE_EMAIL MBEDTLS_X509_NS_CERT_TYPE_EMAIL
+#define NS_CERT_TYPE_EMAIL_CA MBEDTLS_X509_NS_CERT_TYPE_EMAIL_CA
+#define NS_CERT_TYPE_OBJECT_SIGNING MBEDTLS_X509_NS_CERT_TYPE_OBJECT_SIGNING
+#define NS_CERT_TYPE_OBJECT_SIGNING_CA MBEDTLS_X509_NS_CERT_TYPE_OBJECT_SIGNING_CA
+#define NS_CERT_TYPE_RESERVED MBEDTLS_X509_NS_CERT_TYPE_RESERVED
+#define NS_CERT_TYPE_SSL_CA MBEDTLS_X509_NS_CERT_TYPE_SSL_CA
+#define NS_CERT_TYPE_SSL_CLIENT MBEDTLS_X509_NS_CERT_TYPE_SSL_CLIENT
+#define NS_CERT_TYPE_SSL_SERVER MBEDTLS_X509_NS_CERT_TYPE_SSL_SERVER
+#define OID_ANSI_X9_62 MBEDTLS_OID_ANSI_X9_62
+#define OID_ANSI_X9_62_FIELD_TYPE MBEDTLS_OID_ANSI_X9_62_FIELD_TYPE
+#define OID_ANSI_X9_62_PRIME_FIELD MBEDTLS_OID_ANSI_X9_62_PRIME_FIELD
+#define OID_ANSI_X9_62_SIG MBEDTLS_OID_ANSI_X9_62_SIG
+#define OID_ANSI_X9_62_SIG_SHA2 MBEDTLS_OID_ANSI_X9_62_SIG_SHA2
+#define OID_ANY_EXTENDED_KEY_USAGE MBEDTLS_OID_ANY_EXTENDED_KEY_USAGE
+#define OID_AT MBEDTLS_OID_AT
+#define OID_AT_CN MBEDTLS_OID_AT_CN
+#define OID_AT_COUNTRY MBEDTLS_OID_AT_COUNTRY
+#define OID_AT_DN_QUALIFIER MBEDTLS_OID_AT_DN_QUALIFIER
+#define OID_AT_GENERATION_QUALIFIER MBEDTLS_OID_AT_GENERATION_QUALIFIER
+#define OID_AT_GIVEN_NAME MBEDTLS_OID_AT_GIVEN_NAME
+#define OID_AT_INITIALS MBEDTLS_OID_AT_INITIALS
+#define OID_AT_LOCALITY MBEDTLS_OID_AT_LOCALITY
+#define OID_AT_ORGANIZATION MBEDTLS_OID_AT_ORGANIZATION
+#define OID_AT_ORG_UNIT MBEDTLS_OID_AT_ORG_UNIT
+#define OID_AT_POSTAL_ADDRESS MBEDTLS_OID_AT_POSTAL_ADDRESS
+#define OID_AT_POSTAL_CODE MBEDTLS_OID_AT_POSTAL_CODE
+#define OID_AT_PSEUDONYM MBEDTLS_OID_AT_PSEUDONYM
+#define OID_AT_SERIAL_NUMBER MBEDTLS_OID_AT_SERIAL_NUMBER
+#define OID_AT_STATE MBEDTLS_OID_AT_STATE
+#define OID_AT_SUR_NAME MBEDTLS_OID_AT_SUR_NAME
+#define OID_AT_TITLE MBEDTLS_OID_AT_TITLE
+#define OID_AT_UNIQUE_IDENTIFIER MBEDTLS_OID_AT_UNIQUE_IDENTIFIER
+#define OID_AUTHORITY_KEY_IDENTIFIER MBEDTLS_OID_AUTHORITY_KEY_IDENTIFIER
+#define OID_BASIC_CONSTRAINTS MBEDTLS_OID_BASIC_CONSTRAINTS
+#define OID_CERTICOM MBEDTLS_OID_CERTICOM
+#define OID_CERTIFICATE_POLICIES MBEDTLS_OID_CERTIFICATE_POLICIES
+#define OID_CLIENT_AUTH MBEDTLS_OID_CLIENT_AUTH
+#define OID_CMP MBEDTLS_OID_CMP
+#define OID_CODE_SIGNING MBEDTLS_OID_CODE_SIGNING
+#define OID_COUNTRY_US MBEDTLS_OID_COUNTRY_US
+#define OID_CRL_DISTRIBUTION_POINTS MBEDTLS_OID_CRL_DISTRIBUTION_POINTS
+#define OID_CRL_NUMBER MBEDTLS_OID_CRL_NUMBER
+#define OID_DES_CBC MBEDTLS_OID_DES_CBC
+#define OID_DES_EDE3_CBC MBEDTLS_OID_DES_EDE3_CBC
+#define OID_DIGEST_ALG_MD2 MBEDTLS_OID_DIGEST_ALG_MD2
+#define OID_DIGEST_ALG_MD4 MBEDTLS_OID_DIGEST_ALG_MD4
+#define OID_DIGEST_ALG_MD5 MBEDTLS_OID_DIGEST_ALG_MD5
+#define OID_DIGEST_ALG_SHA1 MBEDTLS_OID_DIGEST_ALG_SHA1
+#define OID_DIGEST_ALG_SHA224 MBEDTLS_OID_DIGEST_ALG_SHA224
+#define OID_DIGEST_ALG_SHA256 MBEDTLS_OID_DIGEST_ALG_SHA256
+#define OID_DIGEST_ALG_SHA384 MBEDTLS_OID_DIGEST_ALG_SHA384
+#define OID_DIGEST_ALG_SHA512 MBEDTLS_OID_DIGEST_ALG_SHA512
+#define OID_DOMAIN_COMPONENT MBEDTLS_OID_DOMAIN_COMPONENT
+#define OID_ECDSA_SHA1 MBEDTLS_OID_ECDSA_SHA1
+#define OID_ECDSA_SHA224 MBEDTLS_OID_ECDSA_SHA224
+#define OID_ECDSA_SHA256 MBEDTLS_OID_ECDSA_SHA256
+#define OID_ECDSA_SHA384 MBEDTLS_OID_ECDSA_SHA384
+#define OID_ECDSA_SHA512 MBEDTLS_OID_ECDSA_SHA512
+#define OID_EC_ALG_ECDH MBEDTLS_OID_EC_ALG_ECDH
+#define OID_EC_ALG_UNRESTRICTED MBEDTLS_OID_EC_ALG_UNRESTRICTED
+#define OID_EC_BRAINPOOL_V1 MBEDTLS_OID_EC_BRAINPOOL_V1
+#define OID_EC_GRP_BP256R1 MBEDTLS_OID_EC_GRP_BP256R1
+#define OID_EC_GRP_BP384R1 MBEDTLS_OID_EC_GRP_BP384R1
+#define OID_EC_GRP_BP512R1 MBEDTLS_OID_EC_GRP_BP512R1
+#define OID_EC_GRP_SECP192K1 MBEDTLS_OID_EC_GRP_SECP192K1
+#define OID_EC_GRP_SECP192R1 MBEDTLS_OID_EC_GRP_SECP192R1
+#define OID_EC_GRP_SECP224K1 MBEDTLS_OID_EC_GRP_SECP224K1
+#define OID_EC_GRP_SECP224R1 MBEDTLS_OID_EC_GRP_SECP224R1
+#define OID_EC_GRP_SECP256K1 MBEDTLS_OID_EC_GRP_SECP256K1
+#define OID_EC_GRP_SECP256R1 MBEDTLS_OID_EC_GRP_SECP256R1
+#define OID_EC_GRP_SECP384R1 MBEDTLS_OID_EC_GRP_SECP384R1
+#define OID_EC_GRP_SECP521R1 MBEDTLS_OID_EC_GRP_SECP521R1
+#define OID_EMAIL_PROTECTION MBEDTLS_OID_EMAIL_PROTECTION
+#define OID_EXTENDED_KEY_USAGE MBEDTLS_OID_EXTENDED_KEY_USAGE
+#define OID_FRESHEST_CRL MBEDTLS_OID_FRESHEST_CRL
+#define OID_GOV MBEDTLS_OID_GOV
+#define OID_HMAC_SHA1 MBEDTLS_OID_HMAC_SHA1
+#define OID_ID_CE MBEDTLS_OID_ID_CE
+#define OID_INIHIBIT_ANYPOLICY MBEDTLS_OID_INIHIBIT_ANYPOLICY
+#define OID_ISO_CCITT_DS MBEDTLS_OID_ISO_CCITT_DS
+#define OID_ISO_IDENTIFIED_ORG MBEDTLS_OID_ISO_IDENTIFIED_ORG
+#define OID_ISO_ITU_COUNTRY MBEDTLS_OID_ISO_ITU_COUNTRY
+#define OID_ISO_ITU_US_ORG MBEDTLS_OID_ISO_ITU_US_ORG
+#define OID_ISO_MEMBER_BODIES MBEDTLS_OID_ISO_MEMBER_BODIES
+#define OID_ISSUER_ALT_NAME MBEDTLS_OID_ISSUER_ALT_NAME
+#define OID_KEY_USAGE MBEDTLS_OID_KEY_USAGE
+#define OID_KP MBEDTLS_OID_KP
+#define OID_MGF1 MBEDTLS_OID_MGF1
+#define OID_NAME_CONSTRAINTS MBEDTLS_OID_NAME_CONSTRAINTS
+#define OID_NETSCAPE MBEDTLS_OID_NETSCAPE
+#define OID_NS_BASE_URL MBEDTLS_OID_NS_BASE_URL
+#define OID_NS_CA_POLICY_URL MBEDTLS_OID_NS_CA_POLICY_URL
+#define OID_NS_CA_REVOCATION_URL MBEDTLS_OID_NS_CA_REVOCATION_URL
+#define OID_NS_CERT MBEDTLS_OID_NS_CERT
+#define OID_NS_CERT_SEQUENCE MBEDTLS_OID_NS_CERT_SEQUENCE
+#define OID_NS_CERT_TYPE MBEDTLS_OID_NS_CERT_TYPE
+#define OID_NS_COMMENT MBEDTLS_OID_NS_COMMENT
+#define OID_NS_DATA_TYPE MBEDTLS_OID_NS_DATA_TYPE
+#define OID_NS_RENEWAL_URL MBEDTLS_OID_NS_RENEWAL_URL
+#define OID_NS_REVOCATION_URL MBEDTLS_OID_NS_REVOCATION_URL
+#define OID_NS_SSL_SERVER_NAME MBEDTLS_OID_NS_SSL_SERVER_NAME
+#define OID_OCSP_SIGNING MBEDTLS_OID_OCSP_SIGNING
+#define OID_OIW_SECSIG MBEDTLS_OID_OIW_SECSIG
+#define OID_OIW_SECSIG_ALG MBEDTLS_OID_OIW_SECSIG_ALG
+#define OID_OIW_SECSIG_SHA1 MBEDTLS_OID_OIW_SECSIG_SHA1
+#define OID_ORGANIZATION MBEDTLS_OID_ORGANIZATION
+#define OID_ORG_ANSI_X9_62 MBEDTLS_OID_ORG_ANSI_X9_62
+#define OID_ORG_CERTICOM MBEDTLS_OID_ORG_CERTICOM
+#define OID_ORG_DOD MBEDTLS_OID_ORG_DOD
+#define OID_ORG_GOV MBEDTLS_OID_ORG_GOV
+#define OID_ORG_NETSCAPE MBEDTLS_OID_ORG_NETSCAPE
+#define OID_ORG_OIW MBEDTLS_OID_ORG_OIW
+#define OID_ORG_RSA_DATA_SECURITY MBEDTLS_OID_ORG_RSA_DATA_SECURITY
+#define OID_ORG_TELETRUST MBEDTLS_OID_ORG_TELETRUST
+#define OID_PKCS MBEDTLS_OID_PKCS
+#define OID_PKCS1 MBEDTLS_OID_PKCS1
+#define OID_PKCS12 MBEDTLS_OID_PKCS12
+#define OID_PKCS12_PBE MBEDTLS_OID_PKCS12_PBE
+#define OID_PKCS12_PBE_SHA1_DES2_EDE_CBC MBEDTLS_OID_PKCS12_PBE_SHA1_DES2_EDE_CBC
+#define OID_PKCS12_PBE_SHA1_DES3_EDE_CBC MBEDTLS_OID_PKCS12_PBE_SHA1_DES3_EDE_CBC
+#define OID_PKCS12_PBE_SHA1_RC2_128_CBC MBEDTLS_OID_PKCS12_PBE_SHA1_RC2_128_CBC
+#define OID_PKCS12_PBE_SHA1_RC2_40_CBC MBEDTLS_OID_PKCS12_PBE_SHA1_RC2_40_CBC
+#define OID_PKCS12_PBE_SHA1_RC4_128 MBEDTLS_OID_PKCS12_PBE_SHA1_RC4_128
+#define OID_PKCS12_PBE_SHA1_RC4_40 MBEDTLS_OID_PKCS12_PBE_SHA1_RC4_40
+#define OID_PKCS1_MD2 MBEDTLS_OID_PKCS1_MD2
+#define OID_PKCS1_MD4 MBEDTLS_OID_PKCS1_MD4
+#define OID_PKCS1_MD5 MBEDTLS_OID_PKCS1_MD5
+#define OID_PKCS1_RSA MBEDTLS_OID_PKCS1_RSA
+#define OID_PKCS1_SHA1 MBEDTLS_OID_PKCS1_SHA1
+#define OID_PKCS1_SHA224 MBEDTLS_OID_PKCS1_SHA224
+#define OID_PKCS1_SHA256 MBEDTLS_OID_PKCS1_SHA256
+#define OID_PKCS1_SHA384 MBEDTLS_OID_PKCS1_SHA384
+#define OID_PKCS1_SHA512 MBEDTLS_OID_PKCS1_SHA512
+#define OID_PKCS5 MBEDTLS_OID_PKCS5
+#define OID_PKCS5_PBES2 MBEDTLS_OID_PKCS5_PBES2
+#define OID_PKCS5_PBE_MD2_DES_CBC MBEDTLS_OID_PKCS5_PBE_MD2_DES_CBC
+#define OID_PKCS5_PBE_MD2_RC2_CBC MBEDTLS_OID_PKCS5_PBE_MD2_RC2_CBC
+#define OID_PKCS5_PBE_MD5_DES_CBC MBEDTLS_OID_PKCS5_PBE_MD5_DES_CBC
+#define OID_PKCS5_PBE_MD5_RC2_CBC MBEDTLS_OID_PKCS5_PBE_MD5_RC2_CBC
+#define OID_PKCS5_PBE_SHA1_DES_CBC MBEDTLS_OID_PKCS5_PBE_SHA1_DES_CBC
+#define OID_PKCS5_PBE_SHA1_RC2_CBC MBEDTLS_OID_PKCS5_PBE_SHA1_RC2_CBC
+#define OID_PKCS5_PBKDF2 MBEDTLS_OID_PKCS5_PBKDF2
+#define OID_PKCS5_PBMAC1 MBEDTLS_OID_PKCS5_PBMAC1
+#define OID_PKCS9 MBEDTLS_OID_PKCS9
+#define OID_PKCS9_CSR_EXT_REQ MBEDTLS_OID_PKCS9_CSR_EXT_REQ
+#define OID_PKCS9_EMAIL MBEDTLS_OID_PKCS9_EMAIL
+#define OID_PKIX MBEDTLS_OID_PKIX
+#define OID_POLICY_CONSTRAINTS MBEDTLS_OID_POLICY_CONSTRAINTS
+#define OID_POLICY_MAPPINGS MBEDTLS_OID_POLICY_MAPPINGS
+#define OID_PRIVATE_KEY_USAGE_PERIOD MBEDTLS_OID_PRIVATE_KEY_USAGE_PERIOD
+#define OID_RSASSA_PSS MBEDTLS_OID_RSASSA_PSS
+#define OID_RSA_COMPANY MBEDTLS_OID_RSA_COMPANY
+#define OID_RSA_SHA_OBS MBEDTLS_OID_RSA_SHA_OBS
+#define OID_SERVER_AUTH MBEDTLS_OID_SERVER_AUTH
+#define OID_SIZE MBEDTLS_OID_SIZE
+#define OID_SUBJECT_ALT_NAME MBEDTLS_OID_SUBJECT_ALT_NAME
+#define OID_SUBJECT_DIRECTORY_ATTRS MBEDTLS_OID_SUBJECT_DIRECTORY_ATTRS
+#define OID_SUBJECT_KEY_IDENTIFIER MBEDTLS_OID_SUBJECT_KEY_IDENTIFIER
+#define OID_TELETRUST MBEDTLS_OID_TELETRUST
+#define OID_TIME_STAMPING MBEDTLS_OID_TIME_STAMPING
+#define PADLOCK_ACE MBEDTLS_PADLOCK_ACE
+#define PADLOCK_ALIGN16 MBEDTLS_PADLOCK_ALIGN16
+#define PADLOCK_PHE MBEDTLS_PADLOCK_PHE
+#define PADLOCK_PMM MBEDTLS_PADLOCK_PMM
+#define PADLOCK_RNG MBEDTLS_PADLOCK_RNG
+#define PKCS12_DERIVE_IV MBEDTLS_PKCS12_DERIVE_IV
+#define PKCS12_DERIVE_KEY MBEDTLS_PKCS12_DERIVE_KEY
+#define PKCS12_DERIVE_MAC_KEY MBEDTLS_PKCS12_DERIVE_MAC_KEY
+#define PKCS12_PBE_DECRYPT MBEDTLS_PKCS12_PBE_DECRYPT
+#define PKCS12_PBE_ENCRYPT MBEDTLS_PKCS12_PBE_ENCRYPT
+#define PKCS5_DECRYPT MBEDTLS_PKCS5_DECRYPT
+#define PKCS5_ENCRYPT MBEDTLS_PKCS5_ENCRYPT
+#define POLARSSL_AESNI_AES MBEDTLS_AESNI_AES
+#define POLARSSL_AESNI_CLMUL MBEDTLS_AESNI_CLMUL
+#define POLARSSL_AESNI_H MBEDTLS_AESNI_H
+#define POLARSSL_AES_H MBEDTLS_AES_H
+#define POLARSSL_ARC4_H MBEDTLS_ARC4_H
+#define POLARSSL_ASN1_H MBEDTLS_ASN1_H
+#define POLARSSL_ASN1_WRITE_H MBEDTLS_ASN1_WRITE_H
+#define POLARSSL_BASE64_H MBEDTLS_BASE64_H
+#define POLARSSL_BIGNUM_H MBEDTLS_BIGNUM_H
+#define POLARSSL_BLOWFISH_H MBEDTLS_BLOWFISH_H
+#define POLARSSL_BN_MUL_H MBEDTLS_BN_MUL_H
+#define POLARSSL_CAMELLIA_H MBEDTLS_CAMELLIA_H
+#define POLARSSL_CCM_H MBEDTLS_CCM_H
+#define POLARSSL_CERTS_H MBEDTLS_CERTS_H
+#define POLARSSL_CHECK_CONFIG_H MBEDTLS_CHECK_CONFIG_H
+#define POLARSSL_CIPHERSUITE_NODTLS MBEDTLS_CIPHERSUITE_NODTLS
+#define POLARSSL_CIPHERSUITE_SHORT_TAG MBEDTLS_CIPHERSUITE_SHORT_TAG
+#define POLARSSL_CIPHERSUITE_WEAK MBEDTLS_CIPHERSUITE_WEAK
+#define POLARSSL_CIPHER_AES_128_CBC MBEDTLS_CIPHER_AES_128_CBC
+#define POLARSSL_CIPHER_AES_128_CCM MBEDTLS_CIPHER_AES_128_CCM
+#define POLARSSL_CIPHER_AES_128_CFB128 MBEDTLS_CIPHER_AES_128_CFB128
+#define POLARSSL_CIPHER_AES_128_CTR MBEDTLS_CIPHER_AES_128_CTR
+#define POLARSSL_CIPHER_AES_128_ECB MBEDTLS_CIPHER_AES_128_ECB
+#define POLARSSL_CIPHER_AES_128_GCM MBEDTLS_CIPHER_AES_128_GCM
+#define POLARSSL_CIPHER_AES_192_CBC MBEDTLS_CIPHER_AES_192_CBC
+#define POLARSSL_CIPHER_AES_192_CCM MBEDTLS_CIPHER_AES_192_CCM
+#define POLARSSL_CIPHER_AES_192_CFB128 MBEDTLS_CIPHER_AES_192_CFB128
+#define POLARSSL_CIPHER_AES_192_CTR MBEDTLS_CIPHER_AES_192_CTR
+#define POLARSSL_CIPHER_AES_192_ECB MBEDTLS_CIPHER_AES_192_ECB
+#define POLARSSL_CIPHER_AES_192_GCM MBEDTLS_CIPHER_AES_192_GCM
+#define POLARSSL_CIPHER_AES_256_CBC MBEDTLS_CIPHER_AES_256_CBC
+#define POLARSSL_CIPHER_AES_256_CCM MBEDTLS_CIPHER_AES_256_CCM
+#define POLARSSL_CIPHER_AES_256_CFB128 MBEDTLS_CIPHER_AES_256_CFB128
+#define POLARSSL_CIPHER_AES_256_CTR MBEDTLS_CIPHER_AES_256_CTR
+#define POLARSSL_CIPHER_AES_256_ECB MBEDTLS_CIPHER_AES_256_ECB
+#define POLARSSL_CIPHER_AES_256_GCM MBEDTLS_CIPHER_AES_256_GCM
+#define POLARSSL_CIPHER_ARC4_128 MBEDTLS_CIPHER_ARC4_128
+#define POLARSSL_CIPHER_BLOWFISH_CBC MBEDTLS_CIPHER_BLOWFISH_CBC
+#define POLARSSL_CIPHER_BLOWFISH_CFB64 MBEDTLS_CIPHER_BLOWFISH_CFB64
+#define POLARSSL_CIPHER_BLOWFISH_CTR MBEDTLS_CIPHER_BLOWFISH_CTR
+#define POLARSSL_CIPHER_BLOWFISH_ECB MBEDTLS_CIPHER_BLOWFISH_ECB
+#define POLARSSL_CIPHER_CAMELLIA_128_CBC MBEDTLS_CIPHER_CAMELLIA_128_CBC
+#define POLARSSL_CIPHER_CAMELLIA_128_CCM MBEDTLS_CIPHER_CAMELLIA_128_CCM
+#define POLARSSL_CIPHER_CAMELLIA_128_CFB128 MBEDTLS_CIPHER_CAMELLIA_128_CFB128
+#define POLARSSL_CIPHER_CAMELLIA_128_CTR MBEDTLS_CIPHER_CAMELLIA_128_CTR
+#define POLARSSL_CIPHER_CAMELLIA_128_ECB MBEDTLS_CIPHER_CAMELLIA_128_ECB
+#define POLARSSL_CIPHER_CAMELLIA_128_GCM MBEDTLS_CIPHER_CAMELLIA_128_GCM
+#define POLARSSL_CIPHER_CAMELLIA_192_CBC MBEDTLS_CIPHER_CAMELLIA_192_CBC
+#define POLARSSL_CIPHER_CAMELLIA_192_CCM MBEDTLS_CIPHER_CAMELLIA_192_CCM
+#define POLARSSL_CIPHER_CAMELLIA_192_CFB128 MBEDTLS_CIPHER_CAMELLIA_192_CFB128
+#define POLARSSL_CIPHER_CAMELLIA_192_CTR MBEDTLS_CIPHER_CAMELLIA_192_CTR
+#define POLARSSL_CIPHER_CAMELLIA_192_ECB MBEDTLS_CIPHER_CAMELLIA_192_ECB
+#define POLARSSL_CIPHER_CAMELLIA_192_GCM MBEDTLS_CIPHER_CAMELLIA_192_GCM
+#define POLARSSL_CIPHER_CAMELLIA_256_CBC MBEDTLS_CIPHER_CAMELLIA_256_CBC
+#define POLARSSL_CIPHER_CAMELLIA_256_CCM MBEDTLS_CIPHER_CAMELLIA_256_CCM
+#define POLARSSL_CIPHER_CAMELLIA_256_CFB128 MBEDTLS_CIPHER_CAMELLIA_256_CFB128
+#define POLARSSL_CIPHER_CAMELLIA_256_CTR MBEDTLS_CIPHER_CAMELLIA_256_CTR
+#define POLARSSL_CIPHER_CAMELLIA_256_ECB MBEDTLS_CIPHER_CAMELLIA_256_ECB
+#define POLARSSL_CIPHER_CAMELLIA_256_GCM MBEDTLS_CIPHER_CAMELLIA_256_GCM
+#define POLARSSL_CIPHER_DES_CBC MBEDTLS_CIPHER_DES_CBC
+#define POLARSSL_CIPHER_DES_ECB MBEDTLS_CIPHER_DES_ECB
+#define POLARSSL_CIPHER_DES_EDE3_CBC MBEDTLS_CIPHER_DES_EDE3_CBC
+#define POLARSSL_CIPHER_DES_EDE3_ECB MBEDTLS_CIPHER_DES_EDE3_ECB
+#define POLARSSL_CIPHER_DES_EDE_CBC MBEDTLS_CIPHER_DES_EDE_CBC
+#define POLARSSL_CIPHER_DES_EDE_ECB MBEDTLS_CIPHER_DES_EDE_ECB
+#define POLARSSL_CIPHER_H MBEDTLS_CIPHER_H
+#define POLARSSL_CIPHER_ID_3DES MBEDTLS_CIPHER_ID_3DES
+#define POLARSSL_CIPHER_ID_AES MBEDTLS_CIPHER_ID_AES
+#define POLARSSL_CIPHER_ID_ARC4 MBEDTLS_CIPHER_ID_ARC4
+#define POLARSSL_CIPHER_ID_BLOWFISH MBEDTLS_CIPHER_ID_BLOWFISH
+#define POLARSSL_CIPHER_ID_CAMELLIA MBEDTLS_CIPHER_ID_CAMELLIA
+#define POLARSSL_CIPHER_ID_DES MBEDTLS_CIPHER_ID_DES
+#define POLARSSL_CIPHER_ID_NONE MBEDTLS_CIPHER_ID_NONE
+#define POLARSSL_CIPHER_ID_NULL MBEDTLS_CIPHER_ID_NULL
+#define POLARSSL_CIPHER_MODE_AEAD MBEDTLS_CIPHER_MODE_AEAD
+#define POLARSSL_CIPHER_MODE_STREAM MBEDTLS_CIPHER_MODE_STREAM
+#define POLARSSL_CIPHER_MODE_WITH_PADDING MBEDTLS_CIPHER_MODE_WITH_PADDING
+#define POLARSSL_CIPHER_NONE MBEDTLS_CIPHER_NONE
+#define POLARSSL_CIPHER_NULL MBEDTLS_CIPHER_NULL
+#define POLARSSL_CIPHER_VARIABLE_IV_LEN MBEDTLS_CIPHER_VARIABLE_IV_LEN
+#define POLARSSL_CIPHER_VARIABLE_KEY_LEN MBEDTLS_CIPHER_VARIABLE_KEY_LEN
+#define POLARSSL_CIPHER_WRAP_H MBEDTLS_CIPHER_WRAP_H
+#define POLARSSL_CONFIG_H MBEDTLS_CONFIG_H
+#define POLARSSL_CTR_DRBG_H MBEDTLS_CTR_DRBG_H
+#define POLARSSL_DEBUG_H MBEDTLS_DEBUG_H
+#define POLARSSL_DEBUG_LOG_FULL MBEDTLS_DEBUG_LOG_FULL
+#define POLARSSL_DEBUG_LOG_RAW MBEDTLS_DEBUG_LOG_RAW
+#define POLARSSL_DECRYPT MBEDTLS_DECRYPT
+#define POLARSSL_DES_H MBEDTLS_DES_H
+#define POLARSSL_DHM_H MBEDTLS_DHM_H
+#define POLARSSL_DHM_RFC2409_MODP_1024_G MBEDTLS_DHM_RFC2409_MODP_1024_G
+#define POLARSSL_DHM_RFC2409_MODP_1024_P MBEDTLS_DHM_RFC2409_MODP_1024_P
+#define POLARSSL_DHM_RFC3526_MODP_2048_G MBEDTLS_DHM_RFC3526_MODP_2048_G
+#define POLARSSL_DHM_RFC3526_MODP_2048_P MBEDTLS_DHM_RFC3526_MODP_2048_P
+#define POLARSSL_DHM_RFC3526_MODP_3072_G MBEDTLS_DHM_RFC3526_MODP_3072_G
+#define POLARSSL_DHM_RFC3526_MODP_3072_P MBEDTLS_DHM_RFC3526_MODP_3072_P
+#define POLARSSL_DHM_RFC5114_MODP_1024_G MBEDTLS_DHM_RFC5114_MODP_1024_G
+#define POLARSSL_DHM_RFC5114_MODP_1024_P MBEDTLS_DHM_RFC5114_MODP_1024_P
+#define POLARSSL_DHM_RFC5114_MODP_2048_G MBEDTLS_DHM_RFC5114_MODP_2048_G
+#define POLARSSL_DHM_RFC5114_MODP_2048_P MBEDTLS_DHM_RFC5114_MODP_2048_P
+#define POLARSSL_ECDH_H MBEDTLS_ECDH_H
+#define POLARSSL_ECDH_OURS MBEDTLS_ECDH_OURS
+#define POLARSSL_ECDH_THEIRS MBEDTLS_ECDH_THEIRS
+#define POLARSSL_ECDSA_H MBEDTLS_ECDSA_H
+#define POLARSSL_ECP_DP_BP256R1 MBEDTLS_ECP_DP_BP256R1
+#define POLARSSL_ECP_DP_BP384R1 MBEDTLS_ECP_DP_BP384R1
+#define POLARSSL_ECP_DP_BP512R1 MBEDTLS_ECP_DP_BP512R1
+#define POLARSSL_ECP_DP_M255 MBEDTLS_ECP_DP_CURVE25519
+#define POLARSSL_ECP_DP_MAX MBEDTLS_ECP_DP_MAX
+#define POLARSSL_ECP_DP_NONE MBEDTLS_ECP_DP_NONE
+#define POLARSSL_ECP_DP_SECP192K1 MBEDTLS_ECP_DP_SECP192K1
+#define POLARSSL_ECP_DP_SECP192R1 MBEDTLS_ECP_DP_SECP192R1
+#define POLARSSL_ECP_DP_SECP224K1 MBEDTLS_ECP_DP_SECP224K1
+#define POLARSSL_ECP_DP_SECP224R1 MBEDTLS_ECP_DP_SECP224R1
+#define POLARSSL_ECP_DP_SECP256K1 MBEDTLS_ECP_DP_SECP256K1
+#define POLARSSL_ECP_DP_SECP256R1 MBEDTLS_ECP_DP_SECP256R1
+#define POLARSSL_ECP_DP_SECP384R1 MBEDTLS_ECP_DP_SECP384R1
+#define POLARSSL_ECP_DP_SECP521R1 MBEDTLS_ECP_DP_SECP521R1
+#define POLARSSL_ECP_H MBEDTLS_ECP_H
+#define POLARSSL_ECP_MAX_BYTES MBEDTLS_ECP_MAX_BYTES
+#define POLARSSL_ECP_MAX_PT_LEN MBEDTLS_ECP_MAX_PT_LEN
+#define POLARSSL_ECP_PF_COMPRESSED MBEDTLS_ECP_PF_COMPRESSED
+#define POLARSSL_ECP_PF_UNCOMPRESSED MBEDTLS_ECP_PF_UNCOMPRESSED
+#define POLARSSL_ECP_TLS_NAMED_CURVE MBEDTLS_ECP_TLS_NAMED_CURVE
+#define POLARSSL_ENCRYPT MBEDTLS_ENCRYPT
+#define POLARSSL_ENTROPY_H MBEDTLS_ENTROPY_H
+#define POLARSSL_ENTROPY_POLL_H MBEDTLS_ENTROPY_POLL_H
+#define POLARSSL_ENTROPY_SHA256_ACCUMULATOR MBEDTLS_ENTROPY_SHA256_ACCUMULATOR
+#define POLARSSL_ENTROPY_SHA512_ACCUMULATOR MBEDTLS_ENTROPY_SHA512_ACCUMULATOR
+#define POLARSSL_ERROR_H MBEDTLS_ERROR_H
+#define POLARSSL_ERR_AES_INVALID_INPUT_LENGTH MBEDTLS_ERR_AES_INVALID_INPUT_LENGTH
+#define POLARSSL_ERR_AES_INVALID_KEY_LENGTH MBEDTLS_ERR_AES_INVALID_KEY_LENGTH
+#define POLARSSL_ERR_ASN1_BUF_TOO_SMALL MBEDTLS_ERR_ASN1_BUF_TOO_SMALL
+#define POLARSSL_ERR_ASN1_INVALID_DATA MBEDTLS_ERR_ASN1_INVALID_DATA
+#define POLARSSL_ERR_ASN1_INVALID_LENGTH MBEDTLS_ERR_ASN1_INVALID_LENGTH
+#define POLARSSL_ERR_ASN1_LENGTH_MISMATCH MBEDTLS_ERR_ASN1_LENGTH_MISMATCH
+#define POLARSSL_ERR_ASN1_MALLOC_FAILED MBEDTLS_ERR_ASN1_ALLOC_FAILED
+#define POLARSSL_ERR_ASN1_OUT_OF_DATA MBEDTLS_ERR_ASN1_OUT_OF_DATA
+#define POLARSSL_ERR_ASN1_UNEXPECTED_TAG MBEDTLS_ERR_ASN1_UNEXPECTED_TAG
+#define POLARSSL_ERR_BASE64_BUFFER_TOO_SMALL MBEDTLS_ERR_BASE64_BUFFER_TOO_SMALL
+#define POLARSSL_ERR_BASE64_INVALID_CHARACTER MBEDTLS_ERR_BASE64_INVALID_CHARACTER
+#define POLARSSL_ERR_BLOWFISH_INVALID_INPUT_LENGTH MBEDTLS_ERR_BLOWFISH_INVALID_INPUT_LENGTH
+#define POLARSSL_ERR_BLOWFISH_INVALID_KEY_LENGTH MBEDTLS_ERR_BLOWFISH_INVALID_KEY_LENGTH
+#define POLARSSL_ERR_CAMELLIA_INVALID_INPUT_LENGTH MBEDTLS_ERR_CAMELLIA_INVALID_INPUT_LENGTH
+#define POLARSSL_ERR_CAMELLIA_INVALID_KEY_LENGTH MBEDTLS_ERR_CAMELLIA_INVALID_KEY_LENGTH
+#define POLARSSL_ERR_CCM_AUTH_FAILED MBEDTLS_ERR_CCM_AUTH_FAILED
+#define POLARSSL_ERR_CCM_BAD_INPUT MBEDTLS_ERR_CCM_BAD_INPUT
+#define POLARSSL_ERR_CIPHER_ALLOC_FAILED MBEDTLS_ERR_CIPHER_ALLOC_FAILED
+#define POLARSSL_ERR_CIPHER_AUTH_FAILED MBEDTLS_ERR_CIPHER_AUTH_FAILED
+#define POLARSSL_ERR_CIPHER_BAD_INPUT_DATA MBEDTLS_ERR_CIPHER_BAD_INPUT_DATA
+#define POLARSSL_ERR_CIPHER_FEATURE_UNAVAILABLE MBEDTLS_ERR_CIPHER_FEATURE_UNAVAILABLE
+#define POLARSSL_ERR_CIPHER_FULL_BLOCK_EXPECTED MBEDTLS_ERR_CIPHER_FULL_BLOCK_EXPECTED
+#define POLARSSL_ERR_CIPHER_INVALID_PADDING MBEDTLS_ERR_CIPHER_INVALID_PADDING
+#define POLARSSL_ERR_CTR_DRBG_ENTROPY_SOURCE_FAILED MBEDTLS_ERR_CTR_DRBG_ENTROPY_SOURCE_FAILED
+#define POLARSSL_ERR_CTR_DRBG_FILE_IO_ERROR MBEDTLS_ERR_CTR_DRBG_FILE_IO_ERROR
+#define POLARSSL_ERR_CTR_DRBG_INPUT_TOO_BIG MBEDTLS_ERR_CTR_DRBG_INPUT_TOO_BIG
+#define POLARSSL_ERR_CTR_DRBG_REQUEST_TOO_BIG MBEDTLS_ERR_CTR_DRBG_REQUEST_TOO_BIG
+#define POLARSSL_ERR_DES_INVALID_INPUT_LENGTH MBEDTLS_ERR_DES_INVALID_INPUT_LENGTH
+#define POLARSSL_ERR_DHM_BAD_INPUT_DATA MBEDTLS_ERR_DHM_BAD_INPUT_DATA
+#define POLARSSL_ERR_DHM_CALC_SECRET_FAILED MBEDTLS_ERR_DHM_CALC_SECRET_FAILED
+#define POLARSSL_ERR_DHM_FILE_IO_ERROR MBEDTLS_ERR_DHM_FILE_IO_ERROR
+#define POLARSSL_ERR_DHM_INVALID_FORMAT MBEDTLS_ERR_DHM_INVALID_FORMAT
+#define POLARSSL_ERR_DHM_MAKE_PARAMS_FAILED MBEDTLS_ERR_DHM_MAKE_PARAMS_FAILED
+#define POLARSSL_ERR_DHM_MAKE_PUBLIC_FAILED MBEDTLS_ERR_DHM_MAKE_PUBLIC_FAILED
+#define POLARSSL_ERR_DHM_MALLOC_FAILED MBEDTLS_ERR_DHM_ALLOC_FAILED
+#define POLARSSL_ERR_DHM_READ_PARAMS_FAILED MBEDTLS_ERR_DHM_READ_PARAMS_FAILED
+#define POLARSSL_ERR_DHM_READ_PUBLIC_FAILED MBEDTLS_ERR_DHM_READ_PUBLIC_FAILED
+#define POLARSSL_ERR_ECP_BAD_INPUT_DATA MBEDTLS_ERR_ECP_BAD_INPUT_DATA
+#define POLARSSL_ERR_ECP_BUFFER_TOO_SMALL MBEDTLS_ERR_ECP_BUFFER_TOO_SMALL
+#define POLARSSL_ERR_ECP_FEATURE_UNAVAILABLE MBEDTLS_ERR_ECP_FEATURE_UNAVAILABLE
+#define POLARSSL_ERR_ECP_INVALID_KEY MBEDTLS_ERR_ECP_INVALID_KEY
+#define POLARSSL_ERR_ECP_MALLOC_FAILED MBEDTLS_ERR_ECP_ALLOC_FAILED
+#define POLARSSL_ERR_ECP_RANDOM_FAILED MBEDTLS_ERR_ECP_RANDOM_FAILED
+#define POLARSSL_ERR_ECP_SIG_LEN_MISMATCH MBEDTLS_ERR_ECP_SIG_LEN_MISMATCH
+#define POLARSSL_ERR_ECP_VERIFY_FAILED MBEDTLS_ERR_ECP_VERIFY_FAILED
+#define POLARSSL_ERR_ENTROPY_FILE_IO_ERROR MBEDTLS_ERR_ENTROPY_FILE_IO_ERROR
+#define POLARSSL_ERR_ENTROPY_MAX_SOURCES MBEDTLS_ERR_ENTROPY_MAX_SOURCES
+#define POLARSSL_ERR_ENTROPY_NO_SOURCES_DEFINED MBEDTLS_ERR_ENTROPY_NO_SOURCES_DEFINED
+#define POLARSSL_ERR_ENTROPY_SOURCE_FAILED MBEDTLS_ERR_ENTROPY_SOURCE_FAILED
+#define POLARSSL_ERR_GCM_AUTH_FAILED MBEDTLS_ERR_GCM_AUTH_FAILED
+#define POLARSSL_ERR_GCM_BAD_INPUT MBEDTLS_ERR_GCM_BAD_INPUT
+#define POLARSSL_ERR_HMAC_DRBG_ENTROPY_SOURCE_FAILED MBEDTLS_ERR_HMAC_DRBG_ENTROPY_SOURCE_FAILED
+#define POLARSSL_ERR_HMAC_DRBG_FILE_IO_ERROR MBEDTLS_ERR_HMAC_DRBG_FILE_IO_ERROR
+#define POLARSSL_ERR_HMAC_DRBG_INPUT_TOO_BIG MBEDTLS_ERR_HMAC_DRBG_INPUT_TOO_BIG
+#define POLARSSL_ERR_HMAC_DRBG_REQUEST_TOO_BIG MBEDTLS_ERR_HMAC_DRBG_REQUEST_TOO_BIG
+#define POLARSSL_ERR_MD2_FILE_IO_ERROR MBEDTLS_ERR_MD2_FILE_IO_ERROR
+#define POLARSSL_ERR_MD4_FILE_IO_ERROR MBEDTLS_ERR_MD4_FILE_IO_ERROR
+#define POLARSSL_ERR_MD5_FILE_IO_ERROR MBEDTLS_ERR_MD5_FILE_IO_ERROR
+#define POLARSSL_ERR_MD_ALLOC_FAILED MBEDTLS_ERR_MD_ALLOC_FAILED
+#define POLARSSL_ERR_MD_BAD_INPUT_DATA MBEDTLS_ERR_MD_BAD_INPUT_DATA
+#define POLARSSL_ERR_MD_FEATURE_UNAVAILABLE MBEDTLS_ERR_MD_FEATURE_UNAVAILABLE
+#define POLARSSL_ERR_MD_FILE_IO_ERROR MBEDTLS_ERR_MD_FILE_IO_ERROR
+#define POLARSSL_ERR_MPI_BAD_INPUT_DATA MBEDTLS_ERR_MPI_BAD_INPUT_DATA
+#define POLARSSL_ERR_MPI_BUFFER_TOO_SMALL MBEDTLS_ERR_MPI_BUFFER_TOO_SMALL
+#define POLARSSL_ERR_MPI_DIVISION_BY_ZERO MBEDTLS_ERR_MPI_DIVISION_BY_ZERO
+#define POLARSSL_ERR_MPI_FILE_IO_ERROR MBEDTLS_ERR_MPI_FILE_IO_ERROR
+#define POLARSSL_ERR_MPI_INVALID_CHARACTER MBEDTLS_ERR_MPI_INVALID_CHARACTER
+#define POLARSSL_ERR_MPI_MALLOC_FAILED MBEDTLS_ERR_MPI_ALLOC_FAILED
+#define POLARSSL_ERR_MPI_NEGATIVE_VALUE MBEDTLS_ERR_MPI_NEGATIVE_VALUE
+#define POLARSSL_ERR_MPI_NOT_ACCEPTABLE MBEDTLS_ERR_MPI_NOT_ACCEPTABLE
+#define POLARSSL_ERR_NET_ACCEPT_FAILED MBEDTLS_ERR_NET_ACCEPT_FAILED
+#define POLARSSL_ERR_NET_BIND_FAILED MBEDTLS_ERR_NET_BIND_FAILED
+#define POLARSSL_ERR_NET_CONNECT_FAILED MBEDTLS_ERR_NET_CONNECT_FAILED
+#define POLARSSL_ERR_NET_CONN_RESET MBEDTLS_ERR_NET_CONN_RESET
+#define POLARSSL_ERR_NET_LISTEN_FAILED MBEDTLS_ERR_NET_LISTEN_FAILED
+#define POLARSSL_ERR_NET_RECV_FAILED MBEDTLS_ERR_NET_RECV_FAILED
+#define POLARSSL_ERR_NET_SEND_FAILED MBEDTLS_ERR_NET_SEND_FAILED
+#define POLARSSL_ERR_NET_SOCKET_FAILED MBEDTLS_ERR_NET_SOCKET_FAILED
+#define POLARSSL_ERR_NET_TIMEOUT MBEDTLS_ERR_SSL_TIMEOUT
+#define POLARSSL_ERR_NET_UNKNOWN_HOST MBEDTLS_ERR_NET_UNKNOWN_HOST
+#define POLARSSL_ERR_NET_WANT_READ MBEDTLS_ERR_SSL_WANT_READ
+#define POLARSSL_ERR_NET_WANT_WRITE MBEDTLS_ERR_SSL_WANT_WRITE
+#define POLARSSL_ERR_OID_BUF_TOO_SMALL MBEDTLS_ERR_OID_BUF_TOO_SMALL
+#define POLARSSL_ERR_OID_NOT_FOUND MBEDTLS_ERR_OID_NOT_FOUND
+#define POLARSSL_ERR_PADLOCK_DATA_MISALIGNED MBEDTLS_ERR_PADLOCK_DATA_MISALIGNED
+#define POLARSSL_ERR_PBKDF2_BAD_INPUT_DATA MBEDTLS_ERR_PBKDF2_BAD_INPUT_DATA
+#define POLARSSL_ERR_PEM_BAD_INPUT_DATA MBEDTLS_ERR_PEM_BAD_INPUT_DATA
+#define POLARSSL_ERR_PEM_FEATURE_UNAVAILABLE MBEDTLS_ERR_PEM_FEATURE_UNAVAILABLE
+#define POLARSSL_ERR_PEM_INVALID_DATA MBEDTLS_ERR_PEM_INVALID_DATA
+#define POLARSSL_ERR_PEM_INVALID_ENC_IV MBEDTLS_ERR_PEM_INVALID_ENC_IV
+#define POLARSSL_ERR_PEM_MALLOC_FAILED MBEDTLS_ERR_PEM_ALLOC_FAILED
+#define POLARSSL_ERR_PEM_NO_HEADER_FOOTER_PRESENT MBEDTLS_ERR_PEM_NO_HEADER_FOOTER_PRESENT
+#define POLARSSL_ERR_PEM_PASSWORD_MISMATCH MBEDTLS_ERR_PEM_PASSWORD_MISMATCH
+#define POLARSSL_ERR_PEM_PASSWORD_REQUIRED MBEDTLS_ERR_PEM_PASSWORD_REQUIRED
+#define POLARSSL_ERR_PEM_UNKNOWN_ENC_ALG MBEDTLS_ERR_PEM_UNKNOWN_ENC_ALG
+#define POLARSSL_ERR_PKCS12_BAD_INPUT_DATA MBEDTLS_ERR_PKCS12_BAD_INPUT_DATA
+#define POLARSSL_ERR_PKCS12_FEATURE_UNAVAILABLE MBEDTLS_ERR_PKCS12_FEATURE_UNAVAILABLE
+#define POLARSSL_ERR_PKCS12_PASSWORD_MISMATCH MBEDTLS_ERR_PKCS12_PASSWORD_MISMATCH
+#define POLARSSL_ERR_PKCS12_PBE_INVALID_FORMAT MBEDTLS_ERR_PKCS12_PBE_INVALID_FORMAT
+#define POLARSSL_ERR_PKCS5_BAD_INPUT_DATA MBEDTLS_ERR_PKCS5_BAD_INPUT_DATA
+#define POLARSSL_ERR_PKCS5_FEATURE_UNAVAILABLE MBEDTLS_ERR_PKCS5_FEATURE_UNAVAILABLE
+#define POLARSSL_ERR_PKCS5_INVALID_FORMAT MBEDTLS_ERR_PKCS5_INVALID_FORMAT
+#define POLARSSL_ERR_PKCS5_PASSWORD_MISMATCH MBEDTLS_ERR_PKCS5_PASSWORD_MISMATCH
+#define POLARSSL_ERR_PK_BAD_INPUT_DATA MBEDTLS_ERR_PK_BAD_INPUT_DATA
+#define POLARSSL_ERR_PK_FEATURE_UNAVAILABLE MBEDTLS_ERR_PK_FEATURE_UNAVAILABLE
+#define POLARSSL_ERR_PK_FILE_IO_ERROR MBEDTLS_ERR_PK_FILE_IO_ERROR
+#define POLARSSL_ERR_PK_INVALID_ALG MBEDTLS_ERR_PK_INVALID_ALG
+#define POLARSSL_ERR_PK_INVALID_PUBKEY MBEDTLS_ERR_PK_INVALID_PUBKEY
+#define POLARSSL_ERR_PK_KEY_INVALID_FORMAT MBEDTLS_ERR_PK_KEY_INVALID_FORMAT
+#define POLARSSL_ERR_PK_KEY_INVALID_VERSION MBEDTLS_ERR_PK_KEY_INVALID_VERSION
+#define POLARSSL_ERR_PK_MALLOC_FAILED MBEDTLS_ERR_PK_ALLOC_FAILED
+#define POLARSSL_ERR_PK_PASSWORD_MISMATCH MBEDTLS_ERR_PK_PASSWORD_MISMATCH
+#define POLARSSL_ERR_PK_PASSWORD_REQUIRED MBEDTLS_ERR_PK_PASSWORD_REQUIRED
+#define POLARSSL_ERR_PK_SIG_LEN_MISMATCH MBEDTLS_ERR_PK_SIG_LEN_MISMATCH
+#define POLARSSL_ERR_PK_TYPE_MISMATCH MBEDTLS_ERR_PK_TYPE_MISMATCH
+#define POLARSSL_ERR_PK_UNKNOWN_NAMED_CURVE MBEDTLS_ERR_PK_UNKNOWN_NAMED_CURVE
+#define POLARSSL_ERR_PK_UNKNOWN_PK_ALG MBEDTLS_ERR_PK_UNKNOWN_PK_ALG
+#define POLARSSL_ERR_RIPEMD160_FILE_IO_ERROR MBEDTLS_ERR_RIPEMD160_FILE_IO_ERROR
+#define POLARSSL_ERR_RSA_BAD_INPUT_DATA MBEDTLS_ERR_RSA_BAD_INPUT_DATA
+#define POLARSSL_ERR_RSA_INVALID_PADDING MBEDTLS_ERR_RSA_INVALID_PADDING
+#define POLARSSL_ERR_RSA_KEY_CHECK_FAILED MBEDTLS_ERR_RSA_KEY_CHECK_FAILED
+#define POLARSSL_ERR_RSA_KEY_GEN_FAILED MBEDTLS_ERR_RSA_KEY_GEN_FAILED
+#define POLARSSL_ERR_RSA_OUTPUT_TOO_LARGE MBEDTLS_ERR_RSA_OUTPUT_TOO_LARGE
+#define POLARSSL_ERR_RSA_PRIVATE_FAILED MBEDTLS_ERR_RSA_PRIVATE_FAILED
+#define POLARSSL_ERR_RSA_PUBLIC_FAILED MBEDTLS_ERR_RSA_PUBLIC_FAILED
+#define POLARSSL_ERR_RSA_RNG_FAILED MBEDTLS_ERR_RSA_RNG_FAILED
+#define POLARSSL_ERR_RSA_VERIFY_FAILED MBEDTLS_ERR_RSA_VERIFY_FAILED
+#define POLARSSL_ERR_SHA1_FILE_IO_ERROR MBEDTLS_ERR_SHA1_FILE_IO_ERROR
+#define POLARSSL_ERR_SHA256_FILE_IO_ERROR MBEDTLS_ERR_SHA256_FILE_IO_ERROR
+#define POLARSSL_ERR_SHA512_FILE_IO_ERROR MBEDTLS_ERR_SHA512_FILE_IO_ERROR
+#define POLARSSL_ERR_SSL_BAD_HS_CERTIFICATE MBEDTLS_ERR_SSL_BAD_HS_CERTIFICATE
+#define POLARSSL_ERR_SSL_BAD_HS_CERTIFICATE_REQUEST MBEDTLS_ERR_SSL_BAD_HS_CERTIFICATE_REQUEST
+#define POLARSSL_ERR_SSL_BAD_HS_CERTIFICATE_VERIFY MBEDTLS_ERR_SSL_BAD_HS_CERTIFICATE_VERIFY
+#define POLARSSL_ERR_SSL_BAD_HS_CHANGE_CIPHER_SPEC MBEDTLS_ERR_SSL_BAD_HS_CHANGE_CIPHER_SPEC
+#define POLARSSL_ERR_SSL_BAD_HS_CLIENT_HELLO MBEDTLS_ERR_SSL_BAD_HS_CLIENT_HELLO
+#define POLARSSL_ERR_SSL_BAD_HS_CLIENT_KEY_EXCHANGE MBEDTLS_ERR_SSL_BAD_HS_CLIENT_KEY_EXCHANGE
+#define POLARSSL_ERR_SSL_BAD_HS_CLIENT_KEY_EXCHANGE_CS MBEDTLS_ERR_SSL_BAD_HS_CLIENT_KEY_EXCHANGE_CS
+#define POLARSSL_ERR_SSL_BAD_HS_CLIENT_KEY_EXCHANGE_RP MBEDTLS_ERR_SSL_BAD_HS_CLIENT_KEY_EXCHANGE_RP
+#define POLARSSL_ERR_SSL_BAD_HS_FINISHED MBEDTLS_ERR_SSL_BAD_HS_FINISHED
+#define POLARSSL_ERR_SSL_BAD_HS_NEW_SESSION_TICKET MBEDTLS_ERR_SSL_BAD_HS_NEW_SESSION_TICKET
+#define POLARSSL_ERR_SSL_BAD_HS_PROTOCOL_VERSION MBEDTLS_ERR_SSL_BAD_HS_PROTOCOL_VERSION
+#define POLARSSL_ERR_SSL_BAD_HS_SERVER_HELLO MBEDTLS_ERR_SSL_BAD_HS_SERVER_HELLO
+#define POLARSSL_ERR_SSL_BAD_HS_SERVER_HELLO_DONE MBEDTLS_ERR_SSL_BAD_HS_SERVER_HELLO_DONE
+#define POLARSSL_ERR_SSL_BAD_HS_SERVER_KEY_EXCHANGE MBEDTLS_ERR_SSL_BAD_HS_SERVER_KEY_EXCHANGE
+#define POLARSSL_ERR_SSL_BAD_INPUT_DATA MBEDTLS_ERR_SSL_BAD_INPUT_DATA
+#define POLARSSL_ERR_SSL_BUFFER_TOO_SMALL MBEDTLS_ERR_SSL_BUFFER_TOO_SMALL
+#define POLARSSL_ERR_SSL_CA_CHAIN_REQUIRED MBEDTLS_ERR_SSL_CA_CHAIN_REQUIRED
+#define POLARSSL_ERR_SSL_CERTIFICATE_REQUIRED MBEDTLS_ERR_SSL_CERTIFICATE_REQUIRED
+#define POLARSSL_ERR_SSL_CERTIFICATE_TOO_LARGE MBEDTLS_ERR_SSL_CERTIFICATE_TOO_LARGE
+#define POLARSSL_ERR_SSL_COMPRESSION_FAILED MBEDTLS_ERR_SSL_COMPRESSION_FAILED
+#define POLARSSL_ERR_SSL_CONN_EOF MBEDTLS_ERR_SSL_CONN_EOF
+#define POLARSSL_ERR_SSL_COUNTER_WRAPPING MBEDTLS_ERR_SSL_COUNTER_WRAPPING
+#define POLARSSL_ERR_SSL_FATAL_ALERT_MESSAGE MBEDTLS_ERR_SSL_FATAL_ALERT_MESSAGE
+#define POLARSSL_ERR_SSL_FEATURE_UNAVAILABLE MBEDTLS_ERR_SSL_FEATURE_UNAVAILABLE
+#define POLARSSL_ERR_SSL_HELLO_VERIFY_REQUIRED MBEDTLS_ERR_SSL_HELLO_VERIFY_REQUIRED
+#define POLARSSL_ERR_SSL_HW_ACCEL_FAILED MBEDTLS_ERR_SSL_HW_ACCEL_FAILED
+#define POLARSSL_ERR_SSL_HW_ACCEL_FALLTHROUGH MBEDTLS_ERR_SSL_HW_ACCEL_FALLTHROUGH
+#define POLARSSL_ERR_SSL_INTERNAL_ERROR MBEDTLS_ERR_SSL_INTERNAL_ERROR
+#define POLARSSL_ERR_SSL_INVALID_MAC MBEDTLS_ERR_SSL_INVALID_MAC
+#define POLARSSL_ERR_SSL_INVALID_RECORD MBEDTLS_ERR_SSL_INVALID_RECORD
+#define POLARSSL_ERR_SSL_MALLOC_FAILED MBEDTLS_ERR_SSL_ALLOC_FAILED
+#define POLARSSL_ERR_SSL_NO_CIPHER_CHOSEN MBEDTLS_ERR_SSL_NO_CIPHER_CHOSEN
+#define POLARSSL_ERR_SSL_NO_CLIENT_CERTIFICATE MBEDTLS_ERR_SSL_NO_CLIENT_CERTIFICATE
+#define POLARSSL_ERR_SSL_NO_RNG MBEDTLS_ERR_SSL_NO_RNG
+#define POLARSSL_ERR_SSL_NO_USABLE_CIPHERSUITE MBEDTLS_ERR_SSL_NO_USABLE_CIPHERSUITE
+#define POLARSSL_ERR_SSL_PEER_CLOSE_NOTIFY MBEDTLS_ERR_SSL_PEER_CLOSE_NOTIFY
+#define POLARSSL_ERR_SSL_PEER_VERIFY_FAILED MBEDTLS_ERR_SSL_PEER_VERIFY_FAILED
+#define POLARSSL_ERR_SSL_PK_TYPE_MISMATCH MBEDTLS_ERR_SSL_PK_TYPE_MISMATCH
+#define POLARSSL_ERR_SSL_PRIVATE_KEY_REQUIRED MBEDTLS_ERR_SSL_PRIVATE_KEY_REQUIRED
+#define POLARSSL_ERR_SSL_SESSION_TICKET_EXPIRED MBEDTLS_ERR_SSL_SESSION_TICKET_EXPIRED
+#define POLARSSL_ERR_SSL_UNEXPECTED_MESSAGE MBEDTLS_ERR_SSL_UNEXPECTED_MESSAGE
+#define POLARSSL_ERR_SSL_UNKNOWN_CIPHER MBEDTLS_ERR_SSL_UNKNOWN_CIPHER
+#define POLARSSL_ERR_SSL_UNKNOWN_IDENTITY MBEDTLS_ERR_SSL_UNKNOWN_IDENTITY
+#define POLARSSL_ERR_SSL_WAITING_SERVER_HELLO_RENEGO MBEDTLS_ERR_SSL_WAITING_SERVER_HELLO_RENEGO
+#define POLARSSL_ERR_THREADING_BAD_INPUT_DATA MBEDTLS_ERR_THREADING_BAD_INPUT_DATA
+#define POLARSSL_ERR_THREADING_FEATURE_UNAVAILABLE MBEDTLS_ERR_THREADING_FEATURE_UNAVAILABLE
+#define POLARSSL_ERR_THREADING_MUTEX_ERROR MBEDTLS_ERR_THREADING_MUTEX_ERROR
+#define POLARSSL_ERR_X509_BAD_INPUT_DATA MBEDTLS_ERR_X509_BAD_INPUT_DATA
+#define POLARSSL_ERR_X509_CERT_UNKNOWN_FORMAT MBEDTLS_ERR_X509_CERT_UNKNOWN_FORMAT
+#define POLARSSL_ERR_X509_CERT_VERIFY_FAILED MBEDTLS_ERR_X509_CERT_VERIFY_FAILED
+#define POLARSSL_ERR_X509_FEATURE_UNAVAILABLE MBEDTLS_ERR_X509_FEATURE_UNAVAILABLE
+#define POLARSSL_ERR_X509_FILE_IO_ERROR MBEDTLS_ERR_X509_FILE_IO_ERROR
+#define POLARSSL_ERR_X509_INVALID_ALG MBEDTLS_ERR_X509_INVALID_ALG
+#define POLARSSL_ERR_X509_INVALID_DATE MBEDTLS_ERR_X509_INVALID_DATE
+#define POLARSSL_ERR_X509_INVALID_EXTENSIONS MBEDTLS_ERR_X509_INVALID_EXTENSIONS
+#define POLARSSL_ERR_X509_INVALID_FORMAT MBEDTLS_ERR_X509_INVALID_FORMAT
+#define POLARSSL_ERR_X509_INVALID_NAME MBEDTLS_ERR_X509_INVALID_NAME
+#define POLARSSL_ERR_X509_INVALID_SERIAL MBEDTLS_ERR_X509_INVALID_SERIAL
+#define POLARSSL_ERR_X509_INVALID_SIGNATURE MBEDTLS_ERR_X509_INVALID_SIGNATURE
+#define POLARSSL_ERR_X509_INVALID_VERSION MBEDTLS_ERR_X509_INVALID_VERSION
+#define POLARSSL_ERR_X509_MALLOC_FAILED MBEDTLS_ERR_X509_ALLOC_FAILED
+#define POLARSSL_ERR_X509_SIG_MISMATCH MBEDTLS_ERR_X509_SIG_MISMATCH
+#define POLARSSL_ERR_X509_UNKNOWN_OID MBEDTLS_ERR_X509_UNKNOWN_OID
+#define POLARSSL_ERR_X509_UNKNOWN_SIG_ALG MBEDTLS_ERR_X509_UNKNOWN_SIG_ALG
+#define POLARSSL_ERR_X509_UNKNOWN_VERSION MBEDTLS_ERR_X509_UNKNOWN_VERSION
+#define POLARSSL_ERR_XTEA_INVALID_INPUT_LENGTH MBEDTLS_ERR_XTEA_INVALID_INPUT_LENGTH
+#define POLARSSL_GCM_H MBEDTLS_GCM_H
+#define POLARSSL_HAVEGE_H MBEDTLS_HAVEGE_H
+#define POLARSSL_HAVE_INT32 MBEDTLS_HAVE_INT32
+#define POLARSSL_HAVE_INT64 MBEDTLS_HAVE_INT64
+#define POLARSSL_HAVE_UDBL MBEDTLS_HAVE_UDBL
+#define POLARSSL_HAVE_X86 MBEDTLS_HAVE_X86
+#define POLARSSL_HAVE_X86_64 MBEDTLS_HAVE_X86_64
+#define POLARSSL_HMAC_DRBG_H MBEDTLS_HMAC_DRBG_H
+#define POLARSSL_HMAC_DRBG_PR_OFF MBEDTLS_HMAC_DRBG_PR_OFF
+#define POLARSSL_HMAC_DRBG_PR_ON MBEDTLS_HMAC_DRBG_PR_ON
+#define POLARSSL_KEY_EXCHANGE_DHE_PSK MBEDTLS_KEY_EXCHANGE_DHE_PSK
+#define POLARSSL_KEY_EXCHANGE_DHE_RSA MBEDTLS_KEY_EXCHANGE_DHE_RSA
+#define POLARSSL_KEY_EXCHANGE_ECDHE_ECDSA MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA
+#define POLARSSL_KEY_EXCHANGE_ECDHE_PSK MBEDTLS_KEY_EXCHANGE_ECDHE_PSK
+#define POLARSSL_KEY_EXCHANGE_ECDHE_RSA MBEDTLS_KEY_EXCHANGE_ECDHE_RSA
+#define POLARSSL_KEY_EXCHANGE_ECDH_ECDSA MBEDTLS_KEY_EXCHANGE_ECDH_ECDSA
+#define POLARSSL_KEY_EXCHANGE_ECDH_RSA MBEDTLS_KEY_EXCHANGE_ECDH_RSA
+#define POLARSSL_KEY_EXCHANGE_NONE MBEDTLS_KEY_EXCHANGE_NONE
+#define POLARSSL_KEY_EXCHANGE_PSK MBEDTLS_KEY_EXCHANGE_PSK
+#define POLARSSL_KEY_EXCHANGE_RSA MBEDTLS_KEY_EXCHANGE_RSA
+#define POLARSSL_KEY_EXCHANGE_RSA_PSK MBEDTLS_KEY_EXCHANGE_RSA_PSK
+#define POLARSSL_KEY_EXCHANGE__SOME__ECDHE_ENABLED MBEDTLS_KEY_EXCHANGE__SOME__ECDHE_ENABLED
+#define POLARSSL_KEY_EXCHANGE__SOME__PSK_ENABLED MBEDTLS_KEY_EXCHANGE__SOME__PSK_ENABLED
+#define POLARSSL_KEY_EXCHANGE__WITH_CERT__ENABLED MBEDTLS_KEY_EXCHANGE__WITH_CERT__ENABLED
+#define POLARSSL_KEY_LENGTH_DES MBEDTLS_KEY_LENGTH_DES
+#define POLARSSL_KEY_LENGTH_DES_EDE MBEDTLS_KEY_LENGTH_DES_EDE
+#define POLARSSL_KEY_LENGTH_DES_EDE3 MBEDTLS_KEY_LENGTH_DES_EDE3
+#define POLARSSL_KEY_LENGTH_NONE MBEDTLS_KEY_LENGTH_NONE
+#define POLARSSL_MAX_BLOCK_LENGTH MBEDTLS_MAX_BLOCK_LENGTH
+#define POLARSSL_MAX_IV_LENGTH MBEDTLS_MAX_IV_LENGTH
+#define POLARSSL_MD2_H MBEDTLS_MD2_H
+#define POLARSSL_MD4_H MBEDTLS_MD4_H
+#define POLARSSL_MD5_H MBEDTLS_MD5_H
+#define POLARSSL_MD_H MBEDTLS_MD_H
+#define POLARSSL_MD_MAX_SIZE MBEDTLS_MD_MAX_SIZE
+#define POLARSSL_MD_MD2 MBEDTLS_MD_MD2
+#define POLARSSL_MD_MD4 MBEDTLS_MD_MD4
+#define POLARSSL_MD_MD5 MBEDTLS_MD_MD5
+#define POLARSSL_MD_NONE MBEDTLS_MD_NONE
+#define POLARSSL_MD_RIPEMD160 MBEDTLS_MD_RIPEMD160
+#define POLARSSL_MD_SHA1 MBEDTLS_MD_SHA1
+#define POLARSSL_MD_SHA224 MBEDTLS_MD_SHA224
+#define POLARSSL_MD_SHA256 MBEDTLS_MD_SHA256
+#define POLARSSL_MD_SHA384 MBEDTLS_MD_SHA384
+#define POLARSSL_MD_SHA512 MBEDTLS_MD_SHA512
+#define POLARSSL_MD_WRAP_H MBEDTLS_MD_WRAP_H
+#define POLARSSL_MEMORY_BUFFER_ALLOC_H MBEDTLS_MEMORY_BUFFER_ALLOC_H
+#define POLARSSL_MEMORY_H MBEDTLS_MEMORY_H
+#define POLARSSL_MODE_CBC MBEDTLS_MODE_CBC
+#define POLARSSL_MODE_CCM MBEDTLS_MODE_CCM
+#define POLARSSL_MODE_CFB MBEDTLS_MODE_CFB
+#define POLARSSL_MODE_CTR MBEDTLS_MODE_CTR
+#define POLARSSL_MODE_ECB MBEDTLS_MODE_ECB
+#define POLARSSL_MODE_GCM MBEDTLS_MODE_GCM
+#define POLARSSL_MODE_NONE MBEDTLS_MODE_NONE
+#define POLARSSL_MODE_OFB MBEDTLS_MODE_OFB
+#define POLARSSL_MODE_STREAM MBEDTLS_MODE_STREAM
+#define POLARSSL_MPI_MAX_BITS MBEDTLS_MPI_MAX_BITS
+#define POLARSSL_MPI_MAX_BITS_SCALE100 MBEDTLS_MPI_MAX_BITS_SCALE100
+#define POLARSSL_MPI_MAX_LIMBS MBEDTLS_MPI_MAX_LIMBS
+#define POLARSSL_MPI_RW_BUFFER_SIZE MBEDTLS_MPI_RW_BUFFER_SIZE
+#define POLARSSL_NET_H MBEDTLS_NET_H
+#define POLARSSL_NET_LISTEN_BACKLOG MBEDTLS_NET_LISTEN_BACKLOG
+#define POLARSSL_OID_H MBEDTLS_OID_H
+#define POLARSSL_OPERATION_NONE MBEDTLS_OPERATION_NONE
+#define POLARSSL_PADDING_NONE MBEDTLS_PADDING_NONE
+#define POLARSSL_PADDING_ONE_AND_ZEROS MBEDTLS_PADDING_ONE_AND_ZEROS
+#define POLARSSL_PADDING_PKCS7 MBEDTLS_PADDING_PKCS7
+#define POLARSSL_PADDING_ZEROS MBEDTLS_PADDING_ZEROS
+#define POLARSSL_PADDING_ZEROS_AND_LEN MBEDTLS_PADDING_ZEROS_AND_LEN
+#define POLARSSL_PADLOCK_H MBEDTLS_PADLOCK_H
+#define POLARSSL_PBKDF2_H MBEDTLS_PBKDF2_H
+#define POLARSSL_PEM_H MBEDTLS_PEM_H
+#define POLARSSL_PKCS11_H MBEDTLS_PKCS11_H
+#define POLARSSL_PKCS12_H MBEDTLS_PKCS12_H
+#define POLARSSL_PKCS5_H MBEDTLS_PKCS5_H
+#define POLARSSL_PK_DEBUG_ECP MBEDTLS_PK_DEBUG_ECP
+#define POLARSSL_PK_DEBUG_MAX_ITEMS MBEDTLS_PK_DEBUG_MAX_ITEMS
+#define POLARSSL_PK_DEBUG_MPI MBEDTLS_PK_DEBUG_MPI
+#define POLARSSL_PK_DEBUG_NONE MBEDTLS_PK_DEBUG_NONE
+#define POLARSSL_PK_ECDSA MBEDTLS_PK_ECDSA
+#define POLARSSL_PK_ECKEY MBEDTLS_PK_ECKEY
+#define POLARSSL_PK_ECKEY_DH MBEDTLS_PK_ECKEY_DH
+#define POLARSSL_PK_H MBEDTLS_PK_H
+#define POLARSSL_PK_NONE MBEDTLS_PK_NONE
+#define POLARSSL_PK_RSA MBEDTLS_PK_RSA
+#define POLARSSL_PK_RSASSA_PSS MBEDTLS_PK_RSASSA_PSS
+#define POLARSSL_PK_RSA_ALT MBEDTLS_PK_RSA_ALT
+#define POLARSSL_PK_WRAP_H MBEDTLS_PK_WRAP_H
+#define POLARSSL_PLATFORM_H MBEDTLS_PLATFORM_H
+#define POLARSSL_PREMASTER_SIZE MBEDTLS_PREMASTER_SIZE
+#define POLARSSL_RIPEMD160_H MBEDTLS_RIPEMD160_H
+#define POLARSSL_RSA_H MBEDTLS_RSA_H
+#define POLARSSL_SHA1_H MBEDTLS_SHA1_H
+#define POLARSSL_SHA256_H MBEDTLS_SHA256_H
+#define POLARSSL_SHA512_H MBEDTLS_SHA512_H
+#define POLARSSL_SSL_CACHE_H MBEDTLS_SSL_CACHE_H
+#define POLARSSL_SSL_CIPHERSUITES_H MBEDTLS_SSL_CIPHERSUITES_H
+#define POLARSSL_SSL_COOKIE_H MBEDTLS_SSL_COOKIE_H
+#define POLARSSL_SSL_H MBEDTLS_SSL_H
+#define POLARSSL_THREADING_H MBEDTLS_THREADING_H
+#define POLARSSL_THREADING_IMPL MBEDTLS_THREADING_IMPL
+#define POLARSSL_TIMING_H MBEDTLS_TIMING_H
+#define POLARSSL_VERSION_H MBEDTLS_VERSION_H
+#define POLARSSL_VERSION_MAJOR MBEDTLS_VERSION_MAJOR
+#define POLARSSL_VERSION_MINOR MBEDTLS_VERSION_MINOR
+#define POLARSSL_VERSION_NUMBER MBEDTLS_VERSION_NUMBER
+#define POLARSSL_VERSION_PATCH MBEDTLS_VERSION_PATCH
+#define POLARSSL_VERSION_STRING MBEDTLS_VERSION_STRING
+#define POLARSSL_VERSION_STRING_FULL MBEDTLS_VERSION_STRING_FULL
+#define POLARSSL_X509_CRL_H MBEDTLS_X509_CRL_H
+#define POLARSSL_X509_CRT_H MBEDTLS_X509_CRT_H
+#define POLARSSL_X509_CSR_H MBEDTLS_X509_CSR_H
+#define POLARSSL_X509_H MBEDTLS_X509_H
+#define POLARSSL_XTEA_H MBEDTLS_XTEA_H
+#define RSA_CRYPT MBEDTLS_RSA_CRYPT
+#define RSA_PKCS_V15 MBEDTLS_RSA_PKCS_V15
+#define RSA_PKCS_V21 MBEDTLS_RSA_PKCS_V21
+#define RSA_PRIVATE MBEDTLS_RSA_PRIVATE
+#define RSA_PUBLIC MBEDTLS_RSA_PUBLIC
+#define RSA_SALT_LEN_ANY MBEDTLS_RSA_SALT_LEN_ANY
+#define RSA_SIGN MBEDTLS_RSA_SIGN
+#define SSL_ALERT_LEVEL_FATAL MBEDTLS_SSL_ALERT_LEVEL_FATAL
+#define SSL_ALERT_LEVEL_WARNING MBEDTLS_SSL_ALERT_LEVEL_WARNING
+#define SSL_ALERT_MSG_ACCESS_DENIED MBEDTLS_SSL_ALERT_MSG_ACCESS_DENIED
+#define SSL_ALERT_MSG_BAD_CERT MBEDTLS_SSL_ALERT_MSG_BAD_CERT
+#define SSL_ALERT_MSG_BAD_RECORD_MAC MBEDTLS_SSL_ALERT_MSG_BAD_RECORD_MAC
+#define SSL_ALERT_MSG_CERT_EXPIRED MBEDTLS_SSL_ALERT_MSG_CERT_EXPIRED
+#define SSL_ALERT_MSG_CERT_REVOKED MBEDTLS_SSL_ALERT_MSG_CERT_REVOKED
+#define SSL_ALERT_MSG_CERT_UNKNOWN MBEDTLS_SSL_ALERT_MSG_CERT_UNKNOWN
+#define SSL_ALERT_MSG_CLOSE_NOTIFY MBEDTLS_SSL_ALERT_MSG_CLOSE_NOTIFY
+#define SSL_ALERT_MSG_DECODE_ERROR MBEDTLS_SSL_ALERT_MSG_DECODE_ERROR
+#define SSL_ALERT_MSG_DECOMPRESSION_FAILURE MBEDTLS_SSL_ALERT_MSG_DECOMPRESSION_FAILURE
+#define SSL_ALERT_MSG_DECRYPTION_FAILED MBEDTLS_SSL_ALERT_MSG_DECRYPTION_FAILED
+#define SSL_ALERT_MSG_DECRYPT_ERROR MBEDTLS_SSL_ALERT_MSG_DECRYPT_ERROR
+#define SSL_ALERT_MSG_EXPORT_RESTRICTION MBEDTLS_SSL_ALERT_MSG_EXPORT_RESTRICTION
+#define SSL_ALERT_MSG_HANDSHAKE_FAILURE MBEDTLS_SSL_ALERT_MSG_HANDSHAKE_FAILURE
+#define SSL_ALERT_MSG_ILLEGAL_PARAMETER MBEDTLS_SSL_ALERT_MSG_ILLEGAL_PARAMETER
+#define SSL_ALERT_MSG_INAPROPRIATE_FALLBACK MBEDTLS_SSL_ALERT_MSG_INAPROPRIATE_FALLBACK
+#define SSL_ALERT_MSG_INSUFFICIENT_SECURITY MBEDTLS_SSL_ALERT_MSG_INSUFFICIENT_SECURITY
+#define SSL_ALERT_MSG_INTERNAL_ERROR MBEDTLS_SSL_ALERT_MSG_INTERNAL_ERROR
+#define SSL_ALERT_MSG_NO_APPLICATION_PROTOCOL MBEDTLS_SSL_ALERT_MSG_NO_APPLICATION_PROTOCOL
+#define SSL_ALERT_MSG_NO_CERT MBEDTLS_SSL_ALERT_MSG_NO_CERT
+#define SSL_ALERT_MSG_NO_RENEGOTIATION MBEDTLS_SSL_ALERT_MSG_NO_RENEGOTIATION
+#define SSL_ALERT_MSG_PROTOCOL_VERSION MBEDTLS_SSL_ALERT_MSG_PROTOCOL_VERSION
+#define SSL_ALERT_MSG_RECORD_OVERFLOW MBEDTLS_SSL_ALERT_MSG_RECORD_OVERFLOW
+#define SSL_ALERT_MSG_UNEXPECTED_MESSAGE MBEDTLS_SSL_ALERT_MSG_UNEXPECTED_MESSAGE
+#define SSL_ALERT_MSG_UNKNOWN_CA MBEDTLS_SSL_ALERT_MSG_UNKNOWN_CA
+#define SSL_ALERT_MSG_UNKNOWN_PSK_IDENTITY MBEDTLS_SSL_ALERT_MSG_UNKNOWN_PSK_IDENTITY
+#define SSL_ALERT_MSG_UNRECOGNIZED_NAME MBEDTLS_SSL_ALERT_MSG_UNRECOGNIZED_NAME
+#define SSL_ALERT_MSG_UNSUPPORTED_CERT MBEDTLS_SSL_ALERT_MSG_UNSUPPORTED_CERT
+#define SSL_ALERT_MSG_UNSUPPORTED_EXT MBEDTLS_SSL_ALERT_MSG_UNSUPPORTED_EXT
+#define SSL_ALERT_MSG_USER_CANCELED MBEDTLS_SSL_ALERT_MSG_USER_CANCELED
+#define SSL_ANTI_REPLAY_DISABLED MBEDTLS_SSL_ANTI_REPLAY_DISABLED
+#define SSL_ANTI_REPLAY_ENABLED MBEDTLS_SSL_ANTI_REPLAY_ENABLED
+#define SSL_ARC4_DISABLED MBEDTLS_SSL_ARC4_DISABLED
+#define SSL_ARC4_ENABLED MBEDTLS_SSL_ARC4_ENABLED
+#define SSL_BUFFER_LEN MBEDTLS_SSL_BUFFER_LEN
+#define SSL_CACHE_DEFAULT_MAX_ENTRIES MBEDTLS_SSL_CACHE_DEFAULT_MAX_ENTRIES
+#define SSL_CACHE_DEFAULT_TIMEOUT MBEDTLS_SSL_CACHE_DEFAULT_TIMEOUT
+#define SSL_CBC_RECORD_SPLITTING_DISABLED MBEDTLS_SSL_CBC_RECORD_SPLITTING_DISABLED
+#define SSL_CBC_RECORD_SPLITTING_ENABLED MBEDTLS_SSL_CBC_RECORD_SPLITTING_ENABLED
+#define SSL_CERTIFICATE_REQUEST MBEDTLS_SSL_CERTIFICATE_REQUEST
+#define SSL_CERTIFICATE_VERIFY MBEDTLS_SSL_CERTIFICATE_VERIFY
+#define SSL_CERT_TYPE_ECDSA_SIGN MBEDTLS_SSL_CERT_TYPE_ECDSA_SIGN
+#define SSL_CERT_TYPE_RSA_SIGN MBEDTLS_SSL_CERT_TYPE_RSA_SIGN
+#define SSL_CHANNEL_INBOUND MBEDTLS_SSL_CHANNEL_INBOUND
+#define SSL_CHANNEL_OUTBOUND MBEDTLS_SSL_CHANNEL_OUTBOUND
+#define SSL_CIPHERSUITES MBEDTLS_SSL_CIPHERSUITES
+#define SSL_CLIENT_CERTIFICATE MBEDTLS_SSL_CLIENT_CERTIFICATE
+#define SSL_CLIENT_CHANGE_CIPHER_SPEC MBEDTLS_SSL_CLIENT_CHANGE_CIPHER_SPEC
+#define SSL_CLIENT_FINISHED MBEDTLS_SSL_CLIENT_FINISHED
+#define SSL_CLIENT_HELLO MBEDTLS_SSL_CLIENT_HELLO
+#define SSL_CLIENT_KEY_EXCHANGE MBEDTLS_SSL_CLIENT_KEY_EXCHANGE
+#define SSL_COMPRESSION_ADD MBEDTLS_SSL_COMPRESSION_ADD
+#define SSL_COMPRESS_DEFLATE MBEDTLS_SSL_COMPRESS_DEFLATE
+#define SSL_COMPRESS_NULL MBEDTLS_SSL_COMPRESS_NULL
+#define SSL_DEBUG_BUF MBEDTLS_SSL_DEBUG_BUF
+#define SSL_DEBUG_CRT MBEDTLS_SSL_DEBUG_CRT
+#define SSL_DEBUG_ECP MBEDTLS_SSL_DEBUG_ECP
+#define SSL_DEBUG_MPI MBEDTLS_SSL_DEBUG_MPI
+#define SSL_DEBUG_MSG MBEDTLS_SSL_DEBUG_MSG
+#define SSL_DEBUG_RET MBEDTLS_SSL_DEBUG_RET
+#define SSL_DEFAULT_TICKET_LIFETIME MBEDTLS_SSL_DEFAULT_TICKET_LIFETIME
+#define SSL_DTLS_TIMEOUT_DFL_MAX MBEDTLS_SSL_DTLS_TIMEOUT_DFL_MAX
+#define SSL_DTLS_TIMEOUT_DFL_MIN MBEDTLS_SSL_DTLS_TIMEOUT_DFL_MIN
+#define SSL_EMPTY_RENEGOTIATION_INFO MBEDTLS_SSL_EMPTY_RENEGOTIATION_INFO
+#define SSL_ETM_DISABLED MBEDTLS_SSL_ETM_DISABLED
+#define SSL_ETM_ENABLED MBEDTLS_SSL_ETM_ENABLED
+#define SSL_EXTENDED_MS_DISABLED MBEDTLS_SSL_EXTENDED_MS_DISABLED
+#define SSL_EXTENDED_MS_ENABLED MBEDTLS_SSL_EXTENDED_MS_ENABLED
+#define SSL_FALLBACK_SCSV MBEDTLS_SSL_FALLBACK_SCSV
+#define SSL_FLUSH_BUFFERS MBEDTLS_SSL_FLUSH_BUFFERS
+#define SSL_HANDSHAKE_OVER MBEDTLS_SSL_HANDSHAKE_OVER
+#define SSL_HANDSHAKE_WRAPUP MBEDTLS_SSL_HANDSHAKE_WRAPUP
+#define SSL_HASH_MD5 MBEDTLS_SSL_HASH_MD5
+#define SSL_HASH_NONE MBEDTLS_SSL_HASH_NONE
+#define SSL_HASH_SHA1 MBEDTLS_SSL_HASH_SHA1
+#define SSL_HASH_SHA224 MBEDTLS_SSL_HASH_SHA224
+#define SSL_HASH_SHA256 MBEDTLS_SSL_HASH_SHA256
+#define SSL_HASH_SHA384 MBEDTLS_SSL_HASH_SHA384
+#define SSL_HASH_SHA512 MBEDTLS_SSL_HASH_SHA512
+#define SSL_HELLO_REQUEST MBEDTLS_SSL_HELLO_REQUEST
+#define SSL_HS_CERTIFICATE MBEDTLS_SSL_HS_CERTIFICATE
+#define SSL_HS_CERTIFICATE_REQUEST MBEDTLS_SSL_HS_CERTIFICATE_REQUEST
+#define SSL_HS_CERTIFICATE_VERIFY MBEDTLS_SSL_HS_CERTIFICATE_VERIFY
+#define SSL_HS_CLIENT_HELLO MBEDTLS_SSL_HS_CLIENT_HELLO
+#define SSL_HS_CLIENT_KEY_EXCHANGE MBEDTLS_SSL_HS_CLIENT_KEY_EXCHANGE
+#define SSL_HS_FINISHED MBEDTLS_SSL_HS_FINISHED
+#define SSL_HS_HELLO_REQUEST MBEDTLS_SSL_HS_HELLO_REQUEST
+#define SSL_HS_HELLO_VERIFY_REQUEST MBEDTLS_SSL_HS_HELLO_VERIFY_REQUEST
+#define SSL_HS_NEW_SESSION_TICKET MBEDTLS_SSL_HS_NEW_SESSION_TICKET
+#define SSL_HS_SERVER_HELLO MBEDTLS_SSL_HS_SERVER_HELLO
+#define SSL_HS_SERVER_HELLO_DONE MBEDTLS_SSL_HS_SERVER_HELLO_DONE
+#define SSL_HS_SERVER_KEY_EXCHANGE MBEDTLS_SSL_HS_SERVER_KEY_EXCHANGE
+#define SSL_INITIAL_HANDSHAKE MBEDTLS_SSL_INITIAL_HANDSHAKE
+#define SSL_IS_CLIENT MBEDTLS_SSL_IS_CLIENT
+#define SSL_IS_FALLBACK MBEDTLS_SSL_IS_FALLBACK
+#define SSL_IS_NOT_FALLBACK MBEDTLS_SSL_IS_NOT_FALLBACK
+#define SSL_IS_SERVER MBEDTLS_SSL_IS_SERVER
+#define SSL_LEGACY_ALLOW_RENEGOTIATION MBEDTLS_SSL_LEGACY_ALLOW_RENEGOTIATION
+#define SSL_LEGACY_BREAK_HANDSHAKE MBEDTLS_SSL_LEGACY_BREAK_HANDSHAKE
+#define SSL_LEGACY_NO_RENEGOTIATION MBEDTLS_SSL_LEGACY_NO_RENEGOTIATION
+#define SSL_LEGACY_RENEGOTIATION MBEDTLS_SSL_LEGACY_RENEGOTIATION
+#define SSL_MAC_ADD MBEDTLS_SSL_MAC_ADD
+#define SSL_MAJOR_VERSION_3 MBEDTLS_SSL_MAJOR_VERSION_3
+#define SSL_MAX_CONTENT_LEN MBEDTLS_SSL_MAX_CONTENT_LEN
+#define SSL_MAX_FRAG_LEN_1024 MBEDTLS_SSL_MAX_FRAG_LEN_1024
+#define SSL_MAX_FRAG_LEN_2048 MBEDTLS_SSL_MAX_FRAG_LEN_2048
+#define SSL_MAX_FRAG_LEN_4096 MBEDTLS_SSL_MAX_FRAG_LEN_4096
+#define SSL_MAX_FRAG_LEN_512 MBEDTLS_SSL_MAX_FRAG_LEN_512
+#define SSL_MAX_FRAG_LEN_INVALID MBEDTLS_SSL_MAX_FRAG_LEN_INVALID
+#define SSL_MAX_FRAG_LEN_NONE MBEDTLS_SSL_MAX_FRAG_LEN_NONE
+#define SSL_MAX_MAJOR_VERSION MBEDTLS_SSL_MAX_MAJOR_VERSION
+#define SSL_MAX_MINOR_VERSION MBEDTLS_SSL_MAX_MINOR_VERSION
+#define SSL_MINOR_VERSION_0 MBEDTLS_SSL_MINOR_VERSION_0
+#define SSL_MINOR_VERSION_1 MBEDTLS_SSL_MINOR_VERSION_1
+#define SSL_MINOR_VERSION_2 MBEDTLS_SSL_MINOR_VERSION_2
+#define SSL_MINOR_VERSION_3 MBEDTLS_SSL_MINOR_VERSION_3
+#define SSL_MIN_MAJOR_VERSION MBEDTLS_SSL_MIN_MAJOR_VERSION
+#define SSL_MIN_MINOR_VERSION MBEDTLS_SSL_MIN_MINOR_VERSION
+#define SSL_MSG_ALERT MBEDTLS_SSL_MSG_ALERT
+#define SSL_MSG_APPLICATION_DATA MBEDTLS_SSL_MSG_APPLICATION_DATA
+#define SSL_MSG_CHANGE_CIPHER_SPEC MBEDTLS_SSL_MSG_CHANGE_CIPHER_SPEC
+#define SSL_MSG_HANDSHAKE MBEDTLS_SSL_MSG_HANDSHAKE
+#define SSL_PADDING_ADD MBEDTLS_SSL_PADDING_ADD
+#define SSL_RENEGOTIATION MBEDTLS_SSL_RENEGOTIATION
+#define SSL_RENEGOTIATION_DISABLED MBEDTLS_SSL_RENEGOTIATION_DISABLED
+#define SSL_RENEGOTIATION_DONE MBEDTLS_SSL_RENEGOTIATION_DONE
+#define SSL_RENEGOTIATION_ENABLED MBEDTLS_SSL_RENEGOTIATION_ENABLED
+#define SSL_RENEGOTIATION_NOT_ENFORCED MBEDTLS_SSL_RENEGOTIATION_NOT_ENFORCED
+#define SSL_RENEGOTIATION_PENDING MBEDTLS_SSL_RENEGOTIATION_PENDING
+#define SSL_RENEGO_MAX_RECORDS_DEFAULT MBEDTLS_SSL_RENEGO_MAX_RECORDS_DEFAULT
+#define SSL_RETRANS_FINISHED MBEDTLS_SSL_RETRANS_FINISHED
+#define SSL_RETRANS_PREPARING MBEDTLS_SSL_RETRANS_PREPARING
+#define SSL_RETRANS_SENDING MBEDTLS_SSL_RETRANS_SENDING
+#define SSL_RETRANS_WAITING MBEDTLS_SSL_RETRANS_WAITING
+#define SSL_SECURE_RENEGOTIATION MBEDTLS_SSL_SECURE_RENEGOTIATION
+#define SSL_SERVER_CERTIFICATE MBEDTLS_SSL_SERVER_CERTIFICATE
+#define SSL_SERVER_CHANGE_CIPHER_SPEC MBEDTLS_SSL_SERVER_CHANGE_CIPHER_SPEC
+#define SSL_SERVER_FINISHED MBEDTLS_SSL_SERVER_FINISHED
+#define SSL_SERVER_HELLO MBEDTLS_SSL_SERVER_HELLO
+#define SSL_SERVER_HELLO_DONE MBEDTLS_SSL_SERVER_HELLO_DONE
+#define SSL_SERVER_HELLO_VERIFY_REQUEST_SENT MBEDTLS_SSL_SERVER_HELLO_VERIFY_REQUEST_SENT
+#define SSL_SERVER_KEY_EXCHANGE MBEDTLS_SSL_SERVER_KEY_EXCHANGE
+#define SSL_SERVER_NEW_SESSION_TICKET MBEDTLS_SSL_SERVER_NEW_SESSION_TICKET
+#define SSL_SESSION_TICKETS_DISABLED MBEDTLS_SSL_SESSION_TICKETS_DISABLED
+#define SSL_SESSION_TICKETS_ENABLED MBEDTLS_SSL_SESSION_TICKETS_ENABLED
+#define SSL_SIG_ANON MBEDTLS_SSL_SIG_ANON
+#define SSL_SIG_ECDSA MBEDTLS_SSL_SIG_ECDSA
+#define SSL_SIG_RSA MBEDTLS_SSL_SIG_RSA
+#define SSL_TRANSPORT_DATAGRAM MBEDTLS_SSL_TRANSPORT_DATAGRAM
+#define SSL_TRANSPORT_STREAM MBEDTLS_SSL_TRANSPORT_STREAM
+#define SSL_TRUNCATED_HMAC_LEN MBEDTLS_SSL_TRUNCATED_HMAC_LEN
+#define SSL_TRUNC_HMAC_DISABLED MBEDTLS_SSL_TRUNC_HMAC_DISABLED
+#define SSL_TRUNC_HMAC_ENABLED MBEDTLS_SSL_TRUNC_HMAC_ENABLED
+#define SSL_VERIFY_DATA_MAX_LEN MBEDTLS_SSL_VERIFY_DATA_MAX_LEN
+#define SSL_VERIFY_NONE MBEDTLS_SSL_VERIFY_NONE
+#define SSL_VERIFY_OPTIONAL MBEDTLS_SSL_VERIFY_OPTIONAL
+#define SSL_VERIFY_REQUIRED MBEDTLS_SSL_VERIFY_REQUIRED
+#define TLS_DHE_PSK_WITH_3DES_EDE_CBC_SHA MBEDTLS_TLS_DHE_PSK_WITH_3DES_EDE_CBC_SHA
+#define TLS_DHE_PSK_WITH_AES_128_CBC_SHA MBEDTLS_TLS_DHE_PSK_WITH_AES_128_CBC_SHA
+#define TLS_DHE_PSK_WITH_AES_128_CBC_SHA256 MBEDTLS_TLS_DHE_PSK_WITH_AES_128_CBC_SHA256
+#define TLS_DHE_PSK_WITH_AES_128_CCM MBEDTLS_TLS_DHE_PSK_WITH_AES_128_CCM
+#define TLS_DHE_PSK_WITH_AES_128_CCM_8 MBEDTLS_TLS_DHE_PSK_WITH_AES_128_CCM_8
+#define TLS_DHE_PSK_WITH_AES_128_GCM_SHA256 MBEDTLS_TLS_DHE_PSK_WITH_AES_128_GCM_SHA256
+#define TLS_DHE_PSK_WITH_AES_256_CBC_SHA MBEDTLS_TLS_DHE_PSK_WITH_AES_256_CBC_SHA
+#define TLS_DHE_PSK_WITH_AES_256_CBC_SHA384 MBEDTLS_TLS_DHE_PSK_WITH_AES_256_CBC_SHA384
+#define TLS_DHE_PSK_WITH_AES_256_CCM MBEDTLS_TLS_DHE_PSK_WITH_AES_256_CCM
+#define TLS_DHE_PSK_WITH_AES_256_CCM_8 MBEDTLS_TLS_DHE_PSK_WITH_AES_256_CCM_8
+#define TLS_DHE_PSK_WITH_AES_256_GCM_SHA384 MBEDTLS_TLS_DHE_PSK_WITH_AES_256_GCM_SHA384
+#define TLS_DHE_PSK_WITH_CAMELLIA_128_CBC_SHA256 MBEDTLS_TLS_DHE_PSK_WITH_CAMELLIA_128_CBC_SHA256
+#define TLS_DHE_PSK_WITH_CAMELLIA_128_GCM_SHA256 MBEDTLS_TLS_DHE_PSK_WITH_CAMELLIA_128_GCM_SHA256
+#define TLS_DHE_PSK_WITH_CAMELLIA_256_CBC_SHA384 MBEDTLS_TLS_DHE_PSK_WITH_CAMELLIA_256_CBC_SHA384
+#define TLS_DHE_PSK_WITH_CAMELLIA_256_GCM_SHA384 MBEDTLS_TLS_DHE_PSK_WITH_CAMELLIA_256_GCM_SHA384
+#define TLS_DHE_PSK_WITH_NULL_SHA MBEDTLS_TLS_DHE_PSK_WITH_NULL_SHA
+#define TLS_DHE_PSK_WITH_NULL_SHA256 MBEDTLS_TLS_DHE_PSK_WITH_NULL_SHA256
+#define TLS_DHE_PSK_WITH_NULL_SHA384 MBEDTLS_TLS_DHE_PSK_WITH_NULL_SHA384
+#define TLS_DHE_PSK_WITH_RC4_128_SHA MBEDTLS_TLS_DHE_PSK_WITH_RC4_128_SHA
+#define TLS_DHE_RSA_WITH_3DES_EDE_CBC_SHA MBEDTLS_TLS_DHE_RSA_WITH_3DES_EDE_CBC_SHA
+#define TLS_DHE_RSA_WITH_AES_128_CBC_SHA MBEDTLS_TLS_DHE_RSA_WITH_AES_128_CBC_SHA
+#define TLS_DHE_RSA_WITH_AES_128_CBC_SHA256 MBEDTLS_TLS_DHE_RSA_WITH_AES_128_CBC_SHA256
+#define TLS_DHE_RSA_WITH_AES_128_CCM MBEDTLS_TLS_DHE_RSA_WITH_AES_128_CCM
+#define TLS_DHE_RSA_WITH_AES_128_CCM_8 MBEDTLS_TLS_DHE_RSA_WITH_AES_128_CCM_8
+#define TLS_DHE_RSA_WITH_AES_128_GCM_SHA256 MBEDTLS_TLS_DHE_RSA_WITH_AES_128_GCM_SHA256
+#define TLS_DHE_RSA_WITH_AES_256_CBC_SHA MBEDTLS_TLS_DHE_RSA_WITH_AES_256_CBC_SHA
+#define TLS_DHE_RSA_WITH_AES_256_CBC_SHA256 MBEDTLS_TLS_DHE_RSA_WITH_AES_256_CBC_SHA256
+#define TLS_DHE_RSA_WITH_AES_256_CCM MBEDTLS_TLS_DHE_RSA_WITH_AES_256_CCM
+#define TLS_DHE_RSA_WITH_AES_256_CCM_8 MBEDTLS_TLS_DHE_RSA_WITH_AES_256_CCM_8
+#define TLS_DHE_RSA_WITH_AES_256_GCM_SHA384 MBEDTLS_TLS_DHE_RSA_WITH_AES_256_GCM_SHA384
+#define TLS_DHE_RSA_WITH_CAMELLIA_128_CBC_SHA MBEDTLS_TLS_DHE_RSA_WITH_CAMELLIA_128_CBC_SHA
+#define TLS_DHE_RSA_WITH_CAMELLIA_128_CBC_SHA256 MBEDTLS_TLS_DHE_RSA_WITH_CAMELLIA_128_CBC_SHA256
+#define TLS_DHE_RSA_WITH_CAMELLIA_128_GCM_SHA256 MBEDTLS_TLS_DHE_RSA_WITH_CAMELLIA_128_GCM_SHA256
+#define TLS_DHE_RSA_WITH_CAMELLIA_256_CBC_SHA MBEDTLS_TLS_DHE_RSA_WITH_CAMELLIA_256_CBC_SHA
+#define TLS_DHE_RSA_WITH_CAMELLIA_256_CBC_SHA256 MBEDTLS_TLS_DHE_RSA_WITH_CAMELLIA_256_CBC_SHA256
+#define TLS_DHE_RSA_WITH_CAMELLIA_256_GCM_SHA384 MBEDTLS_TLS_DHE_RSA_WITH_CAMELLIA_256_GCM_SHA384
+#define TLS_DHE_RSA_WITH_DES_CBC_SHA MBEDTLS_TLS_DHE_RSA_WITH_DES_CBC_SHA
+#define TLS_ECDHE_ECDSA_WITH_3DES_EDE_CBC_SHA MBEDTLS_TLS_ECDHE_ECDSA_WITH_3DES_EDE_CBC_SHA
+#define TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA MBEDTLS_TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA
+#define TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256 MBEDTLS_TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256
+#define TLS_ECDHE_ECDSA_WITH_AES_128_CCM MBEDTLS_TLS_ECDHE_ECDSA_WITH_AES_128_CCM
+#define TLS_ECDHE_ECDSA_WITH_AES_128_CCM_8 MBEDTLS_TLS_ECDHE_ECDSA_WITH_AES_128_CCM_8
+#define TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256 MBEDTLS_TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256
+#define TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA MBEDTLS_TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA
+#define TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA384 MBEDTLS_TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA384
+#define TLS_ECDHE_ECDSA_WITH_AES_256_CCM MBEDTLS_TLS_ECDHE_ECDSA_WITH_AES_256_CCM
+#define TLS_ECDHE_ECDSA_WITH_AES_256_CCM_8 MBEDTLS_TLS_ECDHE_ECDSA_WITH_AES_256_CCM_8
+#define TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384 MBEDTLS_TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384
+#define TLS_ECDHE_ECDSA_WITH_CAMELLIA_128_CBC_SHA256 MBEDTLS_TLS_ECDHE_ECDSA_WITH_CAMELLIA_128_CBC_SHA256
+#define TLS_ECDHE_ECDSA_WITH_CAMELLIA_128_GCM_SHA256 MBEDTLS_TLS_ECDHE_ECDSA_WITH_CAMELLIA_128_GCM_SHA256
+#define TLS_ECDHE_ECDSA_WITH_CAMELLIA_256_CBC_SHA384 MBEDTLS_TLS_ECDHE_ECDSA_WITH_CAMELLIA_256_CBC_SHA384
+#define TLS_ECDHE_ECDSA_WITH_CAMELLIA_256_GCM_SHA384 MBEDTLS_TLS_ECDHE_ECDSA_WITH_CAMELLIA_256_GCM_SHA384
+#define TLS_ECDHE_ECDSA_WITH_NULL_SHA MBEDTLS_TLS_ECDHE_ECDSA_WITH_NULL_SHA
+#define TLS_ECDHE_ECDSA_WITH_RC4_128_SHA MBEDTLS_TLS_ECDHE_ECDSA_WITH_RC4_128_SHA
+#define TLS_ECDHE_PSK_WITH_3DES_EDE_CBC_SHA MBEDTLS_TLS_ECDHE_PSK_WITH_3DES_EDE_CBC_SHA
+#define TLS_ECDHE_PSK_WITH_AES_128_CBC_SHA MBEDTLS_TLS_ECDHE_PSK_WITH_AES_128_CBC_SHA
+#define TLS_ECDHE_PSK_WITH_AES_128_CBC_SHA256 MBEDTLS_TLS_ECDHE_PSK_WITH_AES_128_CBC_SHA256
+#define TLS_ECDHE_PSK_WITH_AES_256_CBC_SHA MBEDTLS_TLS_ECDHE_PSK_WITH_AES_256_CBC_SHA
+#define TLS_ECDHE_PSK_WITH_AES_256_CBC_SHA384 MBEDTLS_TLS_ECDHE_PSK_WITH_AES_256_CBC_SHA384
+#define TLS_ECDHE_PSK_WITH_CAMELLIA_128_CBC_SHA256 MBEDTLS_TLS_ECDHE_PSK_WITH_CAMELLIA_128_CBC_SHA256
+#define TLS_ECDHE_PSK_WITH_CAMELLIA_256_CBC_SHA384 MBEDTLS_TLS_ECDHE_PSK_WITH_CAMELLIA_256_CBC_SHA384
+#define TLS_ECDHE_PSK_WITH_NULL_SHA MBEDTLS_TLS_ECDHE_PSK_WITH_NULL_SHA
+#define TLS_ECDHE_PSK_WITH_NULL_SHA256 MBEDTLS_TLS_ECDHE_PSK_WITH_NULL_SHA256
+#define TLS_ECDHE_PSK_WITH_NULL_SHA384 MBEDTLS_TLS_ECDHE_PSK_WITH_NULL_SHA384
+#define TLS_ECDHE_PSK_WITH_RC4_128_SHA MBEDTLS_TLS_ECDHE_PSK_WITH_RC4_128_SHA
+#define TLS_ECDHE_RSA_WITH_3DES_EDE_CBC_SHA MBEDTLS_TLS_ECDHE_RSA_WITH_3DES_EDE_CBC_SHA
+#define TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA MBEDTLS_TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA
+#define TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256 MBEDTLS_TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256
+#define TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256 MBEDTLS_TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256
+#define TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA MBEDTLS_TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA
+#define TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384 MBEDTLS_TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384
+#define TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384 MBEDTLS_TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384
+#define TLS_ECDHE_RSA_WITH_CAMELLIA_128_CBC_SHA256 MBEDTLS_TLS_ECDHE_RSA_WITH_CAMELLIA_128_CBC_SHA256
+#define TLS_ECDHE_RSA_WITH_CAMELLIA_128_GCM_SHA256 MBEDTLS_TLS_ECDHE_RSA_WITH_CAMELLIA_128_GCM_SHA256
+#define TLS_ECDHE_RSA_WITH_CAMELLIA_256_CBC_SHA384 MBEDTLS_TLS_ECDHE_RSA_WITH_CAMELLIA_256_CBC_SHA384
+#define TLS_ECDHE_RSA_WITH_CAMELLIA_256_GCM_SHA384 MBEDTLS_TLS_ECDHE_RSA_WITH_CAMELLIA_256_GCM_SHA384
+#define TLS_ECDHE_RSA_WITH_NULL_SHA MBEDTLS_TLS_ECDHE_RSA_WITH_NULL_SHA
+#define TLS_ECDHE_RSA_WITH_RC4_128_SHA MBEDTLS_TLS_ECDHE_RSA_WITH_RC4_128_SHA
+#define TLS_ECDH_ECDSA_WITH_3DES_EDE_CBC_SHA MBEDTLS_TLS_ECDH_ECDSA_WITH_3DES_EDE_CBC_SHA
+#define TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA MBEDTLS_TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA
+#define TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA256 MBEDTLS_TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA256
+#define TLS_ECDH_ECDSA_WITH_AES_128_GCM_SHA256 MBEDTLS_TLS_ECDH_ECDSA_WITH_AES_128_GCM_SHA256
+#define TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA MBEDTLS_TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA
+#define TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA384 MBEDTLS_TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA384
+#define TLS_ECDH_ECDSA_WITH_AES_256_GCM_SHA384 MBEDTLS_TLS_ECDH_ECDSA_WITH_AES_256_GCM_SHA384
+#define TLS_ECDH_ECDSA_WITH_CAMELLIA_128_CBC_SHA256 MBEDTLS_TLS_ECDH_ECDSA_WITH_CAMELLIA_128_CBC_SHA256
+#define TLS_ECDH_ECDSA_WITH_CAMELLIA_128_GCM_SHA256 MBEDTLS_TLS_ECDH_ECDSA_WITH_CAMELLIA_128_GCM_SHA256
+#define TLS_ECDH_ECDSA_WITH_CAMELLIA_256_CBC_SHA384 MBEDTLS_TLS_ECDH_ECDSA_WITH_CAMELLIA_256_CBC_SHA384
+#define TLS_ECDH_ECDSA_WITH_CAMELLIA_256_GCM_SHA384 MBEDTLS_TLS_ECDH_ECDSA_WITH_CAMELLIA_256_GCM_SHA384
+#define TLS_ECDH_ECDSA_WITH_NULL_SHA MBEDTLS_TLS_ECDH_ECDSA_WITH_NULL_SHA
+#define TLS_ECDH_ECDSA_WITH_RC4_128_SHA MBEDTLS_TLS_ECDH_ECDSA_WITH_RC4_128_SHA
+#define TLS_ECDH_RSA_WITH_3DES_EDE_CBC_SHA MBEDTLS_TLS_ECDH_RSA_WITH_3DES_EDE_CBC_SHA
+#define TLS_ECDH_RSA_WITH_AES_128_CBC_SHA MBEDTLS_TLS_ECDH_RSA_WITH_AES_128_CBC_SHA
+#define TLS_ECDH_RSA_WITH_AES_128_CBC_SHA256 MBEDTLS_TLS_ECDH_RSA_WITH_AES_128_CBC_SHA256
+#define TLS_ECDH_RSA_WITH_AES_128_GCM_SHA256 MBEDTLS_TLS_ECDH_RSA_WITH_AES_128_GCM_SHA256
+#define TLS_ECDH_RSA_WITH_AES_256_CBC_SHA MBEDTLS_TLS_ECDH_RSA_WITH_AES_256_CBC_SHA
+#define TLS_ECDH_RSA_WITH_AES_256_CBC_SHA384 MBEDTLS_TLS_ECDH_RSA_WITH_AES_256_CBC_SHA384
+#define TLS_ECDH_RSA_WITH_AES_256_GCM_SHA384 MBEDTLS_TLS_ECDH_RSA_WITH_AES_256_GCM_SHA384
+#define TLS_ECDH_RSA_WITH_CAMELLIA_128_CBC_SHA256 MBEDTLS_TLS_ECDH_RSA_WITH_CAMELLIA_128_CBC_SHA256
+#define TLS_ECDH_RSA_WITH_CAMELLIA_128_GCM_SHA256 MBEDTLS_TLS_ECDH_RSA_WITH_CAMELLIA_128_GCM_SHA256
+#define TLS_ECDH_RSA_WITH_CAMELLIA_256_CBC_SHA384 MBEDTLS_TLS_ECDH_RSA_WITH_CAMELLIA_256_CBC_SHA384
+#define TLS_ECDH_RSA_WITH_CAMELLIA_256_GCM_SHA384 MBEDTLS_TLS_ECDH_RSA_WITH_CAMELLIA_256_GCM_SHA384
+#define TLS_ECDH_RSA_WITH_NULL_SHA MBEDTLS_TLS_ECDH_RSA_WITH_NULL_SHA
+#define TLS_ECDH_RSA_WITH_RC4_128_SHA MBEDTLS_TLS_ECDH_RSA_WITH_RC4_128_SHA
+#define TLS_EXT_ALPN MBEDTLS_TLS_EXT_ALPN
+#define TLS_EXT_ENCRYPT_THEN_MAC MBEDTLS_TLS_EXT_ENCRYPT_THEN_MAC
+#define TLS_EXT_EXTENDED_MASTER_SECRET MBEDTLS_TLS_EXT_EXTENDED_MASTER_SECRET
+#define TLS_EXT_MAX_FRAGMENT_LENGTH MBEDTLS_TLS_EXT_MAX_FRAGMENT_LENGTH
+#define TLS_EXT_RENEGOTIATION_INFO MBEDTLS_TLS_EXT_RENEGOTIATION_INFO
+#define TLS_EXT_SERVERNAME MBEDTLS_TLS_EXT_SERVERNAME
+#define TLS_EXT_SERVERNAME_HOSTNAME MBEDTLS_TLS_EXT_SERVERNAME_HOSTNAME
+#define TLS_EXT_SESSION_TICKET MBEDTLS_TLS_EXT_SESSION_TICKET
+#define TLS_EXT_SIG_ALG MBEDTLS_TLS_EXT_SIG_ALG
+#define TLS_EXT_SUPPORTED_ELLIPTIC_CURVES MBEDTLS_TLS_EXT_SUPPORTED_ELLIPTIC_CURVES
+#define TLS_EXT_SUPPORTED_POINT_FORMATS MBEDTLS_TLS_EXT_SUPPORTED_POINT_FORMATS
+#define TLS_EXT_SUPPORTED_POINT_FORMATS_PRESENT MBEDTLS_TLS_EXT_SUPPORTED_POINT_FORMATS_PRESENT
+#define TLS_EXT_TRUNCATED_HMAC MBEDTLS_TLS_EXT_TRUNCATED_HMAC
+#define TLS_PSK_WITH_3DES_EDE_CBC_SHA MBEDTLS_TLS_PSK_WITH_3DES_EDE_CBC_SHA
+#define TLS_PSK_WITH_AES_128_CBC_SHA MBEDTLS_TLS_PSK_WITH_AES_128_CBC_SHA
+#define TLS_PSK_WITH_AES_128_CBC_SHA256 MBEDTLS_TLS_PSK_WITH_AES_128_CBC_SHA256
+#define TLS_PSK_WITH_AES_128_CCM MBEDTLS_TLS_PSK_WITH_AES_128_CCM
+#define TLS_PSK_WITH_AES_128_CCM_8 MBEDTLS_TLS_PSK_WITH_AES_128_CCM_8
+#define TLS_PSK_WITH_AES_128_GCM_SHA256 MBEDTLS_TLS_PSK_WITH_AES_128_GCM_SHA256
+#define TLS_PSK_WITH_AES_256_CBC_SHA MBEDTLS_TLS_PSK_WITH_AES_256_CBC_SHA
+#define TLS_PSK_WITH_AES_256_CBC_SHA384 MBEDTLS_TLS_PSK_WITH_AES_256_CBC_SHA384
+#define TLS_PSK_WITH_AES_256_CCM MBEDTLS_TLS_PSK_WITH_AES_256_CCM
+#define TLS_PSK_WITH_AES_256_CCM_8 MBEDTLS_TLS_PSK_WITH_AES_256_CCM_8
+#define TLS_PSK_WITH_AES_256_GCM_SHA384 MBEDTLS_TLS_PSK_WITH_AES_256_GCM_SHA384
+#define TLS_PSK_WITH_CAMELLIA_128_CBC_SHA256 MBEDTLS_TLS_PSK_WITH_CAMELLIA_128_CBC_SHA256
+#define TLS_PSK_WITH_CAMELLIA_128_GCM_SHA256 MBEDTLS_TLS_PSK_WITH_CAMELLIA_128_GCM_SHA256
+#define TLS_PSK_WITH_CAMELLIA_256_CBC_SHA384 MBEDTLS_TLS_PSK_WITH_CAMELLIA_256_CBC_SHA384
+#define TLS_PSK_WITH_CAMELLIA_256_GCM_SHA384 MBEDTLS_TLS_PSK_WITH_CAMELLIA_256_GCM_SHA384
+#define TLS_PSK_WITH_NULL_SHA MBEDTLS_TLS_PSK_WITH_NULL_SHA
+#define TLS_PSK_WITH_NULL_SHA256 MBEDTLS_TLS_PSK_WITH_NULL_SHA256
+#define TLS_PSK_WITH_NULL_SHA384 MBEDTLS_TLS_PSK_WITH_NULL_SHA384
+#define TLS_PSK_WITH_RC4_128_SHA MBEDTLS_TLS_PSK_WITH_RC4_128_SHA
+#define TLS_RSA_PSK_WITH_3DES_EDE_CBC_SHA MBEDTLS_TLS_RSA_PSK_WITH_3DES_EDE_CBC_SHA
+#define TLS_RSA_PSK_WITH_AES_128_CBC_SHA MBEDTLS_TLS_RSA_PSK_WITH_AES_128_CBC_SHA
+#define TLS_RSA_PSK_WITH_AES_128_CBC_SHA256 MBEDTLS_TLS_RSA_PSK_WITH_AES_128_CBC_SHA256
+#define TLS_RSA_PSK_WITH_AES_128_GCM_SHA256 MBEDTLS_TLS_RSA_PSK_WITH_AES_128_GCM_SHA256
+#define TLS_RSA_PSK_WITH_AES_256_CBC_SHA MBEDTLS_TLS_RSA_PSK_WITH_AES_256_CBC_SHA
+#define TLS_RSA_PSK_WITH_AES_256_CBC_SHA384 MBEDTLS_TLS_RSA_PSK_WITH_AES_256_CBC_SHA384
+#define TLS_RSA_PSK_WITH_AES_256_GCM_SHA384 MBEDTLS_TLS_RSA_PSK_WITH_AES_256_GCM_SHA384
+#define TLS_RSA_PSK_WITH_CAMELLIA_128_CBC_SHA256 MBEDTLS_TLS_RSA_PSK_WITH_CAMELLIA_128_CBC_SHA256
+#define TLS_RSA_PSK_WITH_CAMELLIA_128_GCM_SHA256 MBEDTLS_TLS_RSA_PSK_WITH_CAMELLIA_128_GCM_SHA256
+#define TLS_RSA_PSK_WITH_CAMELLIA_256_CBC_SHA384 MBEDTLS_TLS_RSA_PSK_WITH_CAMELLIA_256_CBC_SHA384
+#define TLS_RSA_PSK_WITH_CAMELLIA_256_GCM_SHA384 MBEDTLS_TLS_RSA_PSK_WITH_CAMELLIA_256_GCM_SHA384
+#define TLS_RSA_PSK_WITH_NULL_SHA MBEDTLS_TLS_RSA_PSK_WITH_NULL_SHA
+#define TLS_RSA_PSK_WITH_NULL_SHA256 MBEDTLS_TLS_RSA_PSK_WITH_NULL_SHA256
+#define TLS_RSA_PSK_WITH_NULL_SHA384 MBEDTLS_TLS_RSA_PSK_WITH_NULL_SHA384
+#define TLS_RSA_PSK_WITH_RC4_128_SHA MBEDTLS_TLS_RSA_PSK_WITH_RC4_128_SHA
+#define TLS_RSA_WITH_3DES_EDE_CBC_SHA MBEDTLS_TLS_RSA_WITH_3DES_EDE_CBC_SHA
+#define TLS_RSA_WITH_AES_128_CBC_SHA MBEDTLS_TLS_RSA_WITH_AES_128_CBC_SHA
+#define TLS_RSA_WITH_AES_128_CBC_SHA256 MBEDTLS_TLS_RSA_WITH_AES_128_CBC_SHA256
+#define TLS_RSA_WITH_AES_128_CCM MBEDTLS_TLS_RSA_WITH_AES_128_CCM
+#define TLS_RSA_WITH_AES_128_CCM_8 MBEDTLS_TLS_RSA_WITH_AES_128_CCM_8
+#define TLS_RSA_WITH_AES_128_GCM_SHA256 MBEDTLS_TLS_RSA_WITH_AES_128_GCM_SHA256
+#define TLS_RSA_WITH_AES_256_CBC_SHA MBEDTLS_TLS_RSA_WITH_AES_256_CBC_SHA
+#define TLS_RSA_WITH_AES_256_CBC_SHA256 MBEDTLS_TLS_RSA_WITH_AES_256_CBC_SHA256
+#define TLS_RSA_WITH_AES_256_CCM MBEDTLS_TLS_RSA_WITH_AES_256_CCM
+#define TLS_RSA_WITH_AES_256_CCM_8 MBEDTLS_TLS_RSA_WITH_AES_256_CCM_8
+#define TLS_RSA_WITH_AES_256_GCM_SHA384 MBEDTLS_TLS_RSA_WITH_AES_256_GCM_SHA384
+#define TLS_RSA_WITH_CAMELLIA_128_CBC_SHA MBEDTLS_TLS_RSA_WITH_CAMELLIA_128_CBC_SHA
+#define TLS_RSA_WITH_CAMELLIA_128_CBC_SHA256 MBEDTLS_TLS_RSA_WITH_CAMELLIA_128_CBC_SHA256
+#define TLS_RSA_WITH_CAMELLIA_128_GCM_SHA256 MBEDTLS_TLS_RSA_WITH_CAMELLIA_128_GCM_SHA256
+#define TLS_RSA_WITH_CAMELLIA_256_CBC_SHA MBEDTLS_TLS_RSA_WITH_CAMELLIA_256_CBC_SHA
+#define TLS_RSA_WITH_CAMELLIA_256_CBC_SHA256 MBEDTLS_TLS_RSA_WITH_CAMELLIA_256_CBC_SHA256
+#define TLS_RSA_WITH_CAMELLIA_256_GCM_SHA384 MBEDTLS_TLS_RSA_WITH_CAMELLIA_256_GCM_SHA384
+#define TLS_RSA_WITH_DES_CBC_SHA MBEDTLS_TLS_RSA_WITH_DES_CBC_SHA
+#define TLS_RSA_WITH_NULL_MD5 MBEDTLS_TLS_RSA_WITH_NULL_MD5
+#define TLS_RSA_WITH_NULL_SHA MBEDTLS_TLS_RSA_WITH_NULL_SHA
+#define TLS_RSA_WITH_NULL_SHA256 MBEDTLS_TLS_RSA_WITH_NULL_SHA256
+#define TLS_RSA_WITH_RC4_128_MD5 MBEDTLS_TLS_RSA_WITH_RC4_128_MD5
+#define TLS_RSA_WITH_RC4_128_SHA MBEDTLS_TLS_RSA_WITH_RC4_128_SHA
+#define UL64 MBEDTLS_UL64
+#define X509_CRT_VERSION_1 MBEDTLS_X509_CRT_VERSION_1
+#define X509_CRT_VERSION_2 MBEDTLS_X509_CRT_VERSION_2
+#define X509_CRT_VERSION_3 MBEDTLS_X509_CRT_VERSION_3
+#define X509_FORMAT_DER MBEDTLS_X509_FORMAT_DER
+#define X509_FORMAT_PEM MBEDTLS_X509_FORMAT_PEM
+#define X509_MAX_DN_NAME_SIZE MBEDTLS_X509_MAX_DN_NAME_SIZE
+#define X509_RFC5280_MAX_SERIAL_LEN MBEDTLS_X509_RFC5280_MAX_SERIAL_LEN
+#define X509_RFC5280_UTC_TIME_LEN MBEDTLS_X509_RFC5280_UTC_TIME_LEN
+#define XTEA_DECRYPT MBEDTLS_XTEA_DECRYPT
+#define XTEA_ENCRYPT MBEDTLS_XTEA_ENCRYPT
+#define _asn1_bitstring mbedtls_asn1_bitstring
+#define _asn1_buf mbedtls_asn1_buf
+#define _asn1_named_data mbedtls_asn1_named_data
+#define _asn1_sequence mbedtls_asn1_sequence
+#define _ssl_cache_context mbedtls_ssl_cache_context
+#define _ssl_cache_entry mbedtls_ssl_cache_entry
+#define _ssl_ciphersuite_t mbedtls_ssl_ciphersuite_t
+#define _ssl_context mbedtls_ssl_context
+#define _ssl_flight_item mbedtls_ssl_flight_item
+#define _ssl_handshake_params mbedtls_ssl_handshake_params
+#define _ssl_key_cert mbedtls_ssl_key_cert
+#define _ssl_premaster_secret mbedtls_ssl_premaster_secret
+#define _ssl_session mbedtls_ssl_session
+#define _ssl_ticket_keys mbedtls_ssl_ticket_keys
+#define _ssl_transform mbedtls_ssl_transform
+#define _x509_crl mbedtls_x509_crl
+#define _x509_crl_entry mbedtls_x509_crl_entry
+#define _x509_crt mbedtls_x509_crt
+#define _x509_csr mbedtls_x509_csr
+#define _x509_time mbedtls_x509_time
+#define _x509write_cert mbedtls_x509write_cert
+#define _x509write_csr mbedtls_x509write_csr
+#define aes_context mbedtls_aes_context
+#define aes_crypt_cbc mbedtls_aes_crypt_cbc
+#define aes_crypt_cfb128 mbedtls_aes_crypt_cfb128
+#define aes_crypt_cfb8 mbedtls_aes_crypt_cfb8
+#define aes_crypt_ctr mbedtls_aes_crypt_ctr
+#define aes_crypt_ecb mbedtls_aes_crypt_ecb
+#define aes_free mbedtls_aes_free
+#define aes_init mbedtls_aes_init
+#define aes_self_test mbedtls_aes_self_test
+#define aes_setkey_dec mbedtls_aes_setkey_dec
+#define aes_setkey_enc mbedtls_aes_setkey_enc
+#define aesni_crypt_ecb mbedtls_aesni_crypt_ecb
+#define aesni_gcm_mult mbedtls_aesni_gcm_mult
+#define aesni_inverse_key mbedtls_aesni_inverse_key
+#define aesni_setkey_enc mbedtls_aesni_setkey_enc
+#define aesni_supports mbedtls_aesni_has_support
+#define alarmed mbedtls_timing_alarmed
+#define arc4_context mbedtls_arc4_context
+#define arc4_crypt mbedtls_arc4_crypt
+#define arc4_free mbedtls_arc4_free
+#define arc4_init mbedtls_arc4_init
+#define arc4_self_test mbedtls_arc4_self_test
+#define arc4_setup mbedtls_arc4_setup
+#define asn1_bitstring mbedtls_asn1_bitstring
+#define asn1_buf mbedtls_asn1_buf
+#define asn1_find_named_data mbedtls_asn1_find_named_data
+#define asn1_free_named_data mbedtls_asn1_free_named_data
+#define asn1_free_named_data_list mbedtls_asn1_free_named_data_list
+#define asn1_get_alg mbedtls_asn1_get_alg
+#define asn1_get_alg_null mbedtls_asn1_get_alg_null
+#define asn1_get_bitstring mbedtls_asn1_get_bitstring
+#define asn1_get_bitstring_null mbedtls_asn1_get_bitstring_null
+#define asn1_get_bool mbedtls_asn1_get_bool
+#define asn1_get_int mbedtls_asn1_get_int
+#define asn1_get_len mbedtls_asn1_get_len
+#define asn1_get_mpi mbedtls_asn1_get_mpi
+#define asn1_get_sequence_of mbedtls_asn1_get_sequence_of
+#define asn1_get_tag mbedtls_asn1_get_tag
+#define asn1_named_data mbedtls_asn1_named_data
+#define asn1_sequence mbedtls_asn1_sequence
+#define asn1_store_named_data mbedtls_asn1_store_named_data
+#define asn1_write_algorithm_identifier mbedtls_asn1_write_algorithm_identifier
+#define asn1_write_bitstring mbedtls_asn1_write_bitstring
+#define asn1_write_bool mbedtls_asn1_write_bool
+#define asn1_write_ia5_string mbedtls_asn1_write_ia5_string
+#define asn1_write_int mbedtls_asn1_write_int
+#define asn1_write_len mbedtls_asn1_write_len
+#define asn1_write_mpi mbedtls_asn1_write_mpi
+#define asn1_write_null mbedtls_asn1_write_null
+#define asn1_write_octet_string mbedtls_asn1_write_octet_string
+#define asn1_write_oid mbedtls_asn1_write_oid
+#define asn1_write_printable_string mbedtls_asn1_write_printable_string
+#define asn1_write_raw_buffer mbedtls_asn1_write_raw_buffer
+#define asn1_write_tag mbedtls_asn1_write_tag
+#define base64_decode mbedtls_base64_decode
+#define base64_encode mbedtls_base64_encode
+#define base64_self_test mbedtls_base64_self_test
+#define blowfish_context mbedtls_blowfish_context
+#define blowfish_crypt_cbc mbedtls_blowfish_crypt_cbc
+#define blowfish_crypt_cfb64 mbedtls_blowfish_crypt_cfb64
+#define blowfish_crypt_ctr mbedtls_blowfish_crypt_ctr
+#define blowfish_crypt_ecb mbedtls_blowfish_crypt_ecb
+#define blowfish_free mbedtls_blowfish_free
+#define blowfish_init mbedtls_blowfish_init
+#define blowfish_setkey mbedtls_blowfish_setkey
+#define camellia_context mbedtls_camellia_context
+#define camellia_crypt_cbc mbedtls_camellia_crypt_cbc
+#define camellia_crypt_cfb128 mbedtls_camellia_crypt_cfb128
+#define camellia_crypt_ctr mbedtls_camellia_crypt_ctr
+#define camellia_crypt_ecb mbedtls_camellia_crypt_ecb
+#define camellia_free mbedtls_camellia_free
+#define camellia_init mbedtls_camellia_init
+#define camellia_self_test mbedtls_camellia_self_test
+#define camellia_setkey_dec mbedtls_camellia_setkey_dec
+#define camellia_setkey_enc mbedtls_camellia_setkey_enc
+#define ccm_auth_decrypt mbedtls_ccm_auth_decrypt
+#define ccm_context mbedtls_ccm_context
+#define ccm_encrypt_and_tag mbedtls_ccm_encrypt_and_tag
+#define ccm_free mbedtls_ccm_free
+#define ccm_init mbedtls_ccm_init
+#define ccm_self_test mbedtls_ccm_self_test
+#define cipher_auth_decrypt mbedtls_cipher_auth_decrypt
+#define cipher_auth_encrypt mbedtls_cipher_auth_encrypt
+#define cipher_base_t mbedtls_cipher_base_t
+#define cipher_check_tag mbedtls_cipher_check_tag
+#define cipher_context_t mbedtls_cipher_context_t
+#define cipher_crypt mbedtls_cipher_crypt
+#define cipher_definition_t mbedtls_cipher_definition_t
+#define cipher_definitions mbedtls_cipher_definitions
+#define cipher_finish mbedtls_cipher_finish
+#define cipher_free mbedtls_cipher_free
+#define cipher_free_ctx mbedtls_cipher_free_ctx
+#define cipher_get_block_size mbedtls_cipher_get_block_size
+#define cipher_get_cipher_mode mbedtls_cipher_get_cipher_mode
+#define cipher_get_iv_size mbedtls_cipher_get_iv_size
+#define cipher_get_key_size mbedtls_cipher_get_key_bitlen
+#define cipher_get_name mbedtls_cipher_get_name
+#define cipher_get_operation mbedtls_cipher_get_operation
+#define cipher_get_type mbedtls_cipher_get_type
+#define cipher_id_t mbedtls_cipher_id_t
+#define cipher_info_from_string mbedtls_cipher_info_from_string
+#define cipher_info_from_type mbedtls_cipher_info_from_type
+#define cipher_info_from_values mbedtls_cipher_info_from_values
+#define cipher_info_t mbedtls_cipher_info_t
+#define cipher_init mbedtls_cipher_init
+#define cipher_init_ctx mbedtls_cipher_setup
+#define cipher_list mbedtls_cipher_list
+#define cipher_mode_t mbedtls_cipher_mode_t
+#define cipher_padding_t mbedtls_cipher_padding_t
+#define cipher_reset mbedtls_cipher_reset
+#define cipher_self_test mbedtls_cipher_self_test
+#define cipher_set_iv mbedtls_cipher_set_iv
+#define cipher_set_padding_mode mbedtls_cipher_set_padding_mode
+#define cipher_setkey mbedtls_cipher_setkey
+#define cipher_type_t mbedtls_cipher_type_t
+#define cipher_update mbedtls_cipher_update
+#define cipher_update_ad mbedtls_cipher_update_ad
+#define cipher_write_tag mbedtls_cipher_write_tag
+#define ctr_drbg_context mbedtls_ctr_drbg_context
+#define ctr_drbg_free mbedtls_ctr_drbg_free
+#define ctr_drbg_init mbedtls_ctr_drbg_init
+#define ctr_drbg_init_entropy_len mbedtls_ctr_drbg_init_entropy_len
+#define ctr_drbg_random mbedtls_ctr_drbg_random
+#define ctr_drbg_random_with_add mbedtls_ctr_drbg_random_with_add
+#define ctr_drbg_reseed mbedtls_ctr_drbg_reseed
+#define ctr_drbg_self_test mbedtls_ctr_drbg_self_test
+#define ctr_drbg_set_entropy_len mbedtls_ctr_drbg_set_entropy_len
+#define ctr_drbg_set_prediction_resistance mbedtls_ctr_drbg_set_prediction_resistance
+#define ctr_drbg_set_reseed_interval mbedtls_ctr_drbg_set_reseed_interval
+#define ctr_drbg_update mbedtls_ctr_drbg_update
+#define ctr_drbg_update_seed_file mbedtls_ctr_drbg_update_seed_file
+#define ctr_drbg_write_seed_file mbedtls_ctr_drbg_write_seed_file
+#define debug_fmt mbedtls_debug_fmt
+#define debug_print_buf mbedtls_debug_print_buf
+#define debug_print_crt mbedtls_debug_print_crt
+#define debug_print_ecp mbedtls_debug_print_ecp
+#define debug_print_mpi mbedtls_debug_print_mpi
+#define debug_print_msg mbedtls_debug_print_msg
+#define debug_print_ret mbedtls_debug_print_ret
+#define debug_set_log_mode mbedtls_debug_set_log_mode
+#define debug_set_threshold mbedtls_debug_set_threshold
+#define des3_context mbedtls_des3_context
+#define des3_crypt_cbc mbedtls_des3_crypt_cbc
+#define des3_crypt_ecb mbedtls_des3_crypt_ecb
+#define des3_free mbedtls_des3_free
+#define des3_init mbedtls_des3_init
+#define des3_set2key_dec mbedtls_des3_set2key_dec
+#define des3_set2key_enc mbedtls_des3_set2key_enc
+#define des3_set3key_dec mbedtls_des3_set3key_dec
+#define des3_set3key_enc mbedtls_des3_set3key_enc
+#define des_context mbedtls_des_context
+#define des_crypt_cbc mbedtls_des_crypt_cbc
+#define des_crypt_ecb mbedtls_des_crypt_ecb
+#define des_free mbedtls_des_free
+#define des_init mbedtls_des_init
+#define des_key_check_key_parity mbedtls_des_key_check_key_parity
+#define des_key_check_weak mbedtls_des_key_check_weak
+#define des_key_set_parity mbedtls_des_key_set_parity
+#define des_self_test mbedtls_des_self_test
+#define des_setkey_dec mbedtls_des_setkey_dec
+#define des_setkey_enc mbedtls_des_setkey_enc
+#define dhm_calc_secret mbedtls_dhm_calc_secret
+#define dhm_context mbedtls_dhm_context
+#define dhm_free mbedtls_dhm_free
+#define dhm_init mbedtls_dhm_init
+#define dhm_make_params mbedtls_dhm_make_params
+#define dhm_make_public mbedtls_dhm_make_public
+#define dhm_parse_dhm mbedtls_dhm_parse_dhm
+#define dhm_parse_dhmfile mbedtls_dhm_parse_dhmfile
+#define dhm_read_params mbedtls_dhm_read_params
+#define dhm_read_public mbedtls_dhm_read_public
+#define dhm_self_test mbedtls_dhm_self_test
+#define ecdh_calc_secret mbedtls_ecdh_calc_secret
+#define ecdh_compute_shared mbedtls_ecdh_compute_shared
+#define ecdh_context mbedtls_ecdh_context
+#define ecdh_free mbedtls_ecdh_free
+#define ecdh_gen_public mbedtls_ecdh_gen_public
+#define ecdh_get_params mbedtls_ecdh_get_params
+#define ecdh_init mbedtls_ecdh_init
+#define ecdh_make_params mbedtls_ecdh_make_params
+#define ecdh_make_public mbedtls_ecdh_make_public
+#define ecdh_read_params mbedtls_ecdh_read_params
+#define ecdh_read_public mbedtls_ecdh_read_public
+#define ecdh_self_test mbedtls_ecdh_self_test
+#define ecdh_side mbedtls_ecdh_side
+#define ecdsa_context mbedtls_ecdsa_context
+#define ecdsa_free mbedtls_ecdsa_free
+#define ecdsa_from_keypair mbedtls_ecdsa_from_keypair
+#define ecdsa_genkey mbedtls_ecdsa_genkey
+#define ecdsa_info mbedtls_ecdsa_info
+#define ecdsa_init mbedtls_ecdsa_init
+#define ecdsa_read_signature mbedtls_ecdsa_read_signature
+#define ecdsa_self_test mbedtls_ecdsa_self_test
+#define ecdsa_sign mbedtls_ecdsa_sign
+#define ecdsa_sign_det mbedtls_ecdsa_sign_det
+#define ecdsa_verify mbedtls_ecdsa_verify
+#define ecdsa_write_signature mbedtls_ecdsa_write_signature
+#define ecdsa_write_signature_det mbedtls_ecdsa_write_signature_det
+#define eckey_info mbedtls_eckey_info
+#define eckeydh_info mbedtls_eckeydh_info
+#define ecp_add mbedtls_ecp_add
+#define ecp_check_privkey mbedtls_ecp_check_privkey
+#define ecp_check_pub_priv mbedtls_ecp_check_pub_priv
+#define ecp_check_pubkey mbedtls_ecp_check_pubkey
+#define ecp_copy mbedtls_ecp_copy
+#define ecp_curve_info mbedtls_ecp_curve_info
+#define ecp_curve_info_from_grp_id mbedtls_ecp_curve_info_from_grp_id
+#define ecp_curve_info_from_name mbedtls_ecp_curve_info_from_name
+#define ecp_curve_info_from_tls_id mbedtls_ecp_curve_info_from_tls_id
+#define ecp_curve_list mbedtls_ecp_curve_list
+#define ecp_gen_key mbedtls_ecp_gen_key
+#define ecp_gen_keypair mbedtls_ecp_gen_keypair
+#define ecp_group mbedtls_ecp_group
+#define ecp_group_copy mbedtls_ecp_group_copy
+#define ecp_group_free mbedtls_ecp_group_free
+#define ecp_group_id mbedtls_ecp_group_id
+#define ecp_group_init mbedtls_ecp_group_init
+#define ecp_group_read_string mbedtls_ecp_group_read_string
+#define ecp_grp_id_list mbedtls_ecp_grp_id_list
+#define ecp_is_zero mbedtls_ecp_is_zero
+#define ecp_keypair mbedtls_ecp_keypair
+#define ecp_keypair_free mbedtls_ecp_keypair_free
+#define ecp_keypair_init mbedtls_ecp_keypair_init
+#define ecp_mul mbedtls_ecp_mul
+#define ecp_point mbedtls_ecp_point
+#define ecp_point_free mbedtls_ecp_point_free
+#define ecp_point_init mbedtls_ecp_point_init
+#define ecp_point_read_binary mbedtls_ecp_point_read_binary
+#define ecp_point_read_string mbedtls_ecp_point_read_string
+#define ecp_point_write_binary mbedtls_ecp_point_write_binary
+#define ecp_self_test mbedtls_ecp_self_test
+#define ecp_set_zero mbedtls_ecp_set_zero
+#define ecp_sub mbedtls_ecp_sub
+#define ecp_tls_read_group mbedtls_ecp_tls_read_group
+#define ecp_tls_read_point mbedtls_ecp_tls_read_point
+#define ecp_tls_write_group mbedtls_ecp_tls_write_group
+#define ecp_tls_write_point mbedtls_ecp_tls_write_point
+#define ecp_use_known_dp mbedtls_ecp_group_load
+#define entropy_add_source mbedtls_entropy_add_source
+#define entropy_context mbedtls_entropy_context
+#define entropy_free mbedtls_entropy_free
+#define entropy_func mbedtls_entropy_func
+#define entropy_gather mbedtls_entropy_gather
+#define entropy_init mbedtls_entropy_init
+#define entropy_self_test mbedtls_entropy_self_test
+#define entropy_update_manual mbedtls_entropy_update_manual
+#define entropy_update_seed_file mbedtls_entropy_update_seed_file
+#define entropy_write_seed_file mbedtls_entropy_write_seed_file
+#define error_strerror mbedtls_strerror
+#define f_source_ptr mbedtls_entropy_f_source_ptr
+#define gcm_auth_decrypt mbedtls_gcm_auth_decrypt
+#define gcm_context mbedtls_gcm_context
+#define gcm_crypt_and_tag mbedtls_gcm_crypt_and_tag
+#define gcm_finish mbedtls_gcm_finish
+#define gcm_free mbedtls_gcm_free
+#define gcm_init mbedtls_gcm_init
+#define gcm_self_test mbedtls_gcm_self_test
+#define gcm_starts mbedtls_gcm_starts
+#define gcm_update mbedtls_gcm_update
+#define get_timer mbedtls_timing_get_timer
+#define hardclock mbedtls_timing_hardclock
+#define hardclock_poll mbedtls_hardclock_poll
+#define havege_free mbedtls_havege_free
+#define havege_init mbedtls_havege_init
+#define havege_poll mbedtls_havege_poll
+#define havege_random mbedtls_havege_random
+#define havege_state mbedtls_havege_state
+#define hmac_drbg_context mbedtls_hmac_drbg_context
+#define hmac_drbg_free mbedtls_hmac_drbg_free
+#define hmac_drbg_init mbedtls_hmac_drbg_init
+#define hmac_drbg_init_buf mbedtls_hmac_drbg_init_buf
+#define hmac_drbg_random mbedtls_hmac_drbg_random
+#define hmac_drbg_random_with_add mbedtls_hmac_drbg_random_with_add
+#define hmac_drbg_reseed mbedtls_hmac_drbg_reseed
+#define hmac_drbg_self_test mbedtls_hmac_drbg_self_test
+#define hmac_drbg_set_entropy_len mbedtls_hmac_drbg_set_entropy_len
+#define hmac_drbg_set_prediction_resistance mbedtls_hmac_drbg_set_prediction_resistance
+#define hmac_drbg_set_reseed_interval mbedtls_hmac_drbg_set_reseed_interval
+#define hmac_drbg_update mbedtls_hmac_drbg_update
+#define hmac_drbg_update_seed_file mbedtls_hmac_drbg_update_seed_file
+#define hmac_drbg_write_seed_file mbedtls_hmac_drbg_write_seed_file
+#define hr_time mbedtls_timing_hr_time
+#define key_exchange_type_t mbedtls_key_exchange_type_t
+#define md mbedtls_md
+#define md2 mbedtls_md2
+#define md2_context mbedtls_md2_context
+#define md2_file mbedtls_md2_file
+#define md2_finish mbedtls_md2_finish
+#define md2_free mbedtls_md2_free
+#define md2_hmac mbedtls_md2_hmac
+#define md2_hmac_finish mbedtls_md2_hmac_finish
+#define md2_hmac_reset mbedtls_md2_hmac_reset
+#define md2_hmac_starts mbedtls_md2_hmac_starts
+#define md2_hmac_update mbedtls_md2_hmac_update
+#define md2_info mbedtls_md2_info
+#define md2_init mbedtls_md2_init
+#define md2_process mbedtls_md2_process
+#define md2_self_test mbedtls_md2_self_test
+#define md2_starts mbedtls_md2_starts
+#define md2_update mbedtls_md2_update
+#define md4 mbedtls_md4
+#define md4_context mbedtls_md4_context
+#define md4_file mbedtls_md4_file
+#define md4_finish mbedtls_md4_finish
+#define md4_free mbedtls_md4_free
+#define md4_hmac mbedtls_md4_hmac
+#define md4_hmac_finish mbedtls_md4_hmac_finish
+#define md4_hmac_reset mbedtls_md4_hmac_reset
+#define md4_hmac_starts mbedtls_md4_hmac_starts
+#define md4_hmac_update mbedtls_md4_hmac_update
+#define md4_info mbedtls_md4_info
+#define md4_init mbedtls_md4_init
+#define md4_process mbedtls_md4_process
+#define md4_self_test mbedtls_md4_self_test
+#define md4_starts mbedtls_md4_starts
+#define md4_update mbedtls_md4_update
+#define md5 mbedtls_md5
+#define md5_context mbedtls_md5_context
+#define md5_file mbedtls_md5_file
+#define md5_finish mbedtls_md5_finish
+#define md5_free mbedtls_md5_free
+#define md5_hmac mbedtls_md5_hmac
+#define md5_hmac_finish mbedtls_md5_hmac_finish
+#define md5_hmac_reset mbedtls_md5_hmac_reset
+#define md5_hmac_starts mbedtls_md5_hmac_starts
+#define md5_hmac_update mbedtls_md5_hmac_update
+#define md5_info mbedtls_md5_info
+#define md5_init mbedtls_md5_init
+#define md5_process mbedtls_md5_process
+#define md5_self_test mbedtls_md5_self_test
+#define md5_starts mbedtls_md5_starts
+#define md5_update mbedtls_md5_update
+#define md_context_t mbedtls_md_context_t
+#define md_file mbedtls_md_file
+#define md_finish mbedtls_md_finish
+#define md_free mbedtls_md_free
+#define md_free_ctx mbedtls_md_free_ctx
+#define md_get_name mbedtls_md_get_name
+#define md_get_size mbedtls_md_get_size
+#define md_get_type mbedtls_md_get_type
+#define md_hmac mbedtls_md_hmac
+#define md_hmac_finish mbedtls_md_hmac_finish
+#define md_hmac_reset mbedtls_md_hmac_reset
+#define md_hmac_starts mbedtls_md_hmac_starts
+#define md_hmac_update mbedtls_md_hmac_update
+#define md_info_from_string mbedtls_md_info_from_string
+#define md_info_from_type mbedtls_md_info_from_type
+#define md_info_t mbedtls_md_info_t
+#define md_init mbedtls_md_init
+#define md_init_ctx mbedtls_md_init_ctx
+#define md_list mbedtls_md_list
+#define md_process mbedtls_md_process
+#define md_starts mbedtls_md_starts
+#define md_type_t mbedtls_md_type_t
+#define md_update mbedtls_md_update
+#define memory_buffer_alloc_cur_get mbedtls_memory_buffer_alloc_cur_get
+#define memory_buffer_alloc_free mbedtls_memory_buffer_alloc_free
+#define memory_buffer_alloc_init mbedtls_memory_buffer_alloc_init
+#define memory_buffer_alloc_max_get mbedtls_memory_buffer_alloc_max_get
+#define memory_buffer_alloc_max_reset mbedtls_memory_buffer_alloc_max_reset
+#define memory_buffer_alloc_self_test mbedtls_memory_buffer_alloc_self_test
+#define memory_buffer_alloc_status mbedtls_memory_buffer_alloc_status
+#define memory_buffer_alloc_verify mbedtls_memory_buffer_alloc_verify
+#define memory_buffer_set_verify mbedtls_memory_buffer_set_verify
+#define memory_set_own mbedtls_memory_set_own
+#define mpi mbedtls_mpi
+#define mpi_add_abs mbedtls_mpi_add_abs
+#define mpi_add_int mbedtls_mpi_add_int
+#define mpi_add_mpi mbedtls_mpi_add_mpi
+#define mpi_cmp_abs mbedtls_mpi_cmp_abs
+#define mpi_cmp_int mbedtls_mpi_cmp_int
+#define mpi_cmp_mpi mbedtls_mpi_cmp_mpi
+#define mpi_copy mbedtls_mpi_copy
+#define mpi_div_int mbedtls_mpi_div_int
+#define mpi_div_mpi mbedtls_mpi_div_mpi
+#define mpi_exp_mod mbedtls_mpi_exp_mod
+#define mpi_fill_random mbedtls_mpi_fill_random
+#define mpi_free mbedtls_mpi_free
+#define mpi_gcd mbedtls_mpi_gcd
+#define mpi_gen_prime mbedtls_mpi_gen_prime
+#define mpi_get_bit mbedtls_mpi_get_bit
+#define mpi_grow mbedtls_mpi_grow
+#define mpi_init mbedtls_mpi_init
+#define mpi_inv_mod mbedtls_mpi_inv_mod
+#define mpi_is_prime mbedtls_mpi_is_prime
+#define mpi_lsb mbedtls_mpi_lsb
+#define mpi_lset mbedtls_mpi_lset
+#define mpi_mod_int mbedtls_mpi_mod_int
+#define mpi_mod_mpi mbedtls_mpi_mod_mpi
+#define mpi_msb mbedtls_mpi_bitlen
+#define mpi_mul_int mbedtls_mpi_mul_int
+#define mpi_mul_mpi mbedtls_mpi_mul_mpi
+#define mpi_read_binary mbedtls_mpi_read_binary
+#define mpi_read_file mbedtls_mpi_read_file
+#define mpi_read_string mbedtls_mpi_read_string
+#define mpi_safe_cond_assign mbedtls_mpi_safe_cond_assign
+#define mpi_safe_cond_swap mbedtls_mpi_safe_cond_swap
+#define mpi_self_test mbedtls_mpi_self_test
+#define mpi_set_bit mbedtls_mpi_set_bit
+#define mpi_shift_l mbedtls_mpi_shift_l
+#define mpi_shift_r mbedtls_mpi_shift_r
+#define mpi_shrink mbedtls_mpi_shrink
+#define mpi_size mbedtls_mpi_size
+#define mpi_sub_abs mbedtls_mpi_sub_abs
+#define mpi_sub_int mbedtls_mpi_sub_int
+#define mpi_sub_mpi mbedtls_mpi_sub_mpi
+#define mpi_swap mbedtls_mpi_swap
+#define mpi_write_binary mbedtls_mpi_write_binary
+#define mpi_write_file mbedtls_mpi_write_file
+#define mpi_write_string mbedtls_mpi_write_string
+#define net_accept mbedtls_net_accept
+#define net_bind mbedtls_net_bind
+#define net_close mbedtls_net_free
+#define net_connect mbedtls_net_connect
+#define net_recv mbedtls_net_recv
+#define net_recv_timeout mbedtls_net_recv_timeout
+#define net_send mbedtls_net_send
+#define net_set_block mbedtls_net_set_block
+#define net_set_nonblock mbedtls_net_set_nonblock
+#define net_usleep mbedtls_net_usleep
+#define oid_descriptor_t mbedtls_oid_descriptor_t
+#define oid_get_attr_short_name mbedtls_oid_get_attr_short_name
+#define oid_get_cipher_alg mbedtls_oid_get_cipher_alg
+#define oid_get_ec_grp mbedtls_oid_get_ec_grp
+#define oid_get_extended_key_usage mbedtls_oid_get_extended_key_usage
+#define oid_get_md_alg mbedtls_oid_get_md_alg
+#define oid_get_numeric_string mbedtls_oid_get_numeric_string
+#define oid_get_oid_by_ec_grp mbedtls_oid_get_oid_by_ec_grp
+#define oid_get_oid_by_md mbedtls_oid_get_oid_by_md
+#define oid_get_oid_by_pk_alg mbedtls_oid_get_oid_by_pk_alg
+#define oid_get_oid_by_sig_alg mbedtls_oid_get_oid_by_sig_alg
+#define oid_get_pk_alg mbedtls_oid_get_pk_alg
+#define oid_get_pkcs12_pbe_alg mbedtls_oid_get_pkcs12_pbe_alg
+#define oid_get_sig_alg mbedtls_oid_get_sig_alg
+#define oid_get_sig_alg_desc mbedtls_oid_get_sig_alg_desc
+#define oid_get_x509_ext_type mbedtls_oid_get_x509_ext_type
+#define operation_t mbedtls_operation_t
+#define padlock_supports mbedtls_padlock_has_support
+#define padlock_xcryptcbc mbedtls_padlock_xcryptcbc
+#define padlock_xcryptecb mbedtls_padlock_xcryptecb
+#define pbkdf2_hmac mbedtls_pbkdf2_hmac
+#define pbkdf2_self_test mbedtls_pbkdf2_self_test
+#define pem_context mbedtls_pem_context
+#define pem_free mbedtls_pem_free
+#define pem_init mbedtls_pem_init
+#define pem_read_buffer mbedtls_pem_read_buffer
+#define pem_write_buffer mbedtls_pem_write_buffer
+#define pk_can_do mbedtls_pk_can_do
+#define pk_check_pair mbedtls_pk_check_pair
+#define pk_context mbedtls_pk_context
+#define pk_debug mbedtls_pk_debug
+#define pk_debug_item mbedtls_pk_debug_item
+#define pk_debug_type mbedtls_pk_debug_type
+#define pk_decrypt mbedtls_pk_decrypt
+#define pk_ec mbedtls_pk_ec
+#define pk_encrypt mbedtls_pk_encrypt
+#define pk_free mbedtls_pk_free
+#define pk_get_len mbedtls_pk_get_len
+#define pk_get_name mbedtls_pk_get_name
+#define pk_get_size mbedtls_pk_get_bitlen
+#define pk_get_type mbedtls_pk_get_type
+#define pk_info_from_type mbedtls_pk_info_from_type
+#define pk_info_t mbedtls_pk_info_t
+#define pk_init mbedtls_pk_init
+#define pk_init_ctx mbedtls_pk_setup
+#define pk_init_ctx_rsa_alt mbedtls_pk_setup_rsa_alt
+#define pk_load_file mbedtls_pk_load_file
+#define pk_parse_key mbedtls_pk_parse_key
+#define pk_parse_keyfile mbedtls_pk_parse_keyfile
+#define pk_parse_public_key mbedtls_pk_parse_public_key
+#define pk_parse_public_keyfile mbedtls_pk_parse_public_keyfile
+#define pk_parse_subpubkey mbedtls_pk_parse_subpubkey
+#define pk_rsa mbedtls_pk_rsa
+#define pk_rsa_alt_decrypt_func mbedtls_pk_rsa_alt_decrypt_func
+#define pk_rsa_alt_key_len_func mbedtls_pk_rsa_alt_key_len_func
+#define pk_rsa_alt_sign_func mbedtls_pk_rsa_alt_sign_func
+#define pk_rsassa_pss_options mbedtls_pk_rsassa_pss_options
+#define pk_sign mbedtls_pk_sign
+#define pk_type_t mbedtls_pk_type_t
+#define pk_verify mbedtls_pk_verify
+#define pk_verify_ext mbedtls_pk_verify_ext
+#define pk_write_key_der mbedtls_pk_write_key_der
+#define pk_write_key_pem mbedtls_pk_write_key_pem
+#define pk_write_pubkey mbedtls_pk_write_pubkey
+#define pk_write_pubkey_der mbedtls_pk_write_pubkey_der
+#define pk_write_pubkey_pem mbedtls_pk_write_pubkey_pem
+#define pkcs11_context mbedtls_pkcs11_context
+#define pkcs11_decrypt mbedtls_pkcs11_decrypt
+#define pkcs11_priv_key_free mbedtls_pkcs11_priv_key_free
+#define pkcs11_priv_key_init mbedtls_pkcs11_priv_key_bind
+#define pkcs11_sign mbedtls_pkcs11_sign
+#define pkcs11_x509_cert_init mbedtls_pkcs11_x509_cert_bind
+#define pkcs12_derivation mbedtls_pkcs12_derivation
+#define pkcs12_pbe mbedtls_pkcs12_pbe
+#define pkcs12_pbe_sha1_rc4_128 mbedtls_pkcs12_pbe_sha1_rc4_128
+#define pkcs5_pbes2 mbedtls_pkcs5_pbes2
+#define pkcs5_pbkdf2_hmac mbedtls_pkcs5_pbkdf2_hmac
+#define pkcs5_self_test mbedtls_pkcs5_self_test
+#define platform_entropy_poll mbedtls_platform_entropy_poll
+#define platform_set_exit mbedtls_platform_set_exit
+#define platform_set_fprintf mbedtls_platform_set_fprintf
+#define platform_set_malloc_free mbedtls_platform_set_malloc_free
+#define platform_set_printf mbedtls_platform_set_printf
+#define platform_set_snprintf mbedtls_platform_set_snprintf
+#define polarssl_exit mbedtls_exit
+#define polarssl_fprintf mbedtls_fprintf
+#define polarssl_free mbedtls_free
+#define polarssl_malloc mbedtls_malloc
+#define polarssl_mutex_free mbedtls_mutex_free
+#define polarssl_mutex_init mbedtls_mutex_init
+#define polarssl_mutex_lock mbedtls_mutex_lock
+#define polarssl_mutex_unlock mbedtls_mutex_unlock
+#define polarssl_printf mbedtls_printf
+#define polarssl_snprintf mbedtls_snprintf
+#define polarssl_strerror mbedtls_strerror
+#define ripemd160 mbedtls_ripemd160
+#define ripemd160_context mbedtls_ripemd160_context
+#define ripemd160_file mbedtls_ripemd160_file
+#define ripemd160_finish mbedtls_ripemd160_finish
+#define ripemd160_free mbedtls_ripemd160_free
+#define ripemd160_hmac mbedtls_ripemd160_hmac
+#define ripemd160_hmac_finish mbedtls_ripemd160_hmac_finish
+#define ripemd160_hmac_reset mbedtls_ripemd160_hmac_reset
+#define ripemd160_hmac_starts mbedtls_ripemd160_hmac_starts
+#define ripemd160_hmac_update mbedtls_ripemd160_hmac_update
+#define ripemd160_info mbedtls_ripemd160_info
+#define ripemd160_init mbedtls_ripemd160_init
+#define ripemd160_process mbedtls_ripemd160_process
+#define ripemd160_self_test mbedtls_ripemd160_self_test
+#define ripemd160_starts mbedtls_ripemd160_starts
+#define ripemd160_update mbedtls_ripemd160_update
+#define rsa_alt_context mbedtls_rsa_alt_context
+#define rsa_alt_info mbedtls_rsa_alt_info
+#define rsa_check_privkey mbedtls_rsa_check_privkey
+#define rsa_check_pub_priv mbedtls_rsa_check_pub_priv
+#define rsa_check_pubkey mbedtls_rsa_check_pubkey
+#define rsa_context mbedtls_rsa_context
+#define rsa_copy mbedtls_rsa_copy
+#define rsa_decrypt_func mbedtls_rsa_decrypt_func
+#define rsa_free mbedtls_rsa_free
+#define rsa_gen_key mbedtls_rsa_gen_key
+#define rsa_info mbedtls_rsa_info
+#define rsa_init mbedtls_rsa_init
+#define rsa_key_len_func mbedtls_rsa_key_len_func
+#define rsa_pkcs1_decrypt mbedtls_rsa_pkcs1_decrypt
+#define rsa_pkcs1_encrypt mbedtls_rsa_pkcs1_encrypt
+#define rsa_pkcs1_sign mbedtls_rsa_pkcs1_sign
+#define rsa_pkcs1_verify mbedtls_rsa_pkcs1_verify
+#define rsa_private mbedtls_rsa_private
+#define rsa_public mbedtls_rsa_public
+#define rsa_rsaes_oaep_decrypt mbedtls_rsa_rsaes_oaep_decrypt
+#define rsa_rsaes_oaep_encrypt mbedtls_rsa_rsaes_oaep_encrypt
+#define rsa_rsaes_pkcs1_v15_decrypt mbedtls_rsa_rsaes_pkcs1_v15_decrypt
+#define rsa_rsaes_pkcs1_v15_encrypt mbedtls_rsa_rsaes_pkcs1_v15_encrypt
+#define rsa_rsassa_pkcs1_v15_sign mbedtls_rsa_rsassa_pkcs1_v15_sign
+#define rsa_rsassa_pkcs1_v15_verify mbedtls_rsa_rsassa_pkcs1_v15_verify
+#define rsa_rsassa_pss_sign mbedtls_rsa_rsassa_pss_sign
+#define rsa_rsassa_pss_verify mbedtls_rsa_rsassa_pss_verify
+#define rsa_rsassa_pss_verify_ext mbedtls_rsa_rsassa_pss_verify_ext
+#define rsa_self_test mbedtls_rsa_self_test
+#define rsa_set_padding mbedtls_rsa_set_padding
+#define rsa_sign_func mbedtls_rsa_sign_func
+#define safer_memcmp mbedtls_ssl_safer_memcmp
+#define set_alarm mbedtls_set_alarm
+#define sha1 mbedtls_sha1
+#define sha1_context mbedtls_sha1_context
+#define sha1_file mbedtls_sha1_file
+#define sha1_finish mbedtls_sha1_finish
+#define sha1_free mbedtls_sha1_free
+#define sha1_hmac mbedtls_sha1_hmac
+#define sha1_hmac_finish mbedtls_sha1_hmac_finish
+#define sha1_hmac_reset mbedtls_sha1_hmac_reset
+#define sha1_hmac_starts mbedtls_sha1_hmac_starts
+#define sha1_hmac_update mbedtls_sha1_hmac_update
+#define sha1_info mbedtls_sha1_info
+#define sha1_init mbedtls_sha1_init
+#define sha1_process mbedtls_sha1_process
+#define sha1_self_test mbedtls_sha1_self_test
+#define sha1_starts mbedtls_sha1_starts
+#define sha1_update mbedtls_sha1_update
+#define sha224_info mbedtls_sha224_info
+#define sha256 mbedtls_sha256
+#define sha256_context mbedtls_sha256_context
+#define sha256_file mbedtls_sha256_file
+#define sha256_finish mbedtls_sha256_finish
+#define sha256_free mbedtls_sha256_free
+#define sha256_hmac mbedtls_sha256_hmac
+#define sha256_hmac_finish mbedtls_sha256_hmac_finish
+#define sha256_hmac_reset mbedtls_sha256_hmac_reset
+#define sha256_hmac_starts mbedtls_sha256_hmac_starts
+#define sha256_hmac_update mbedtls_sha256_hmac_update
+#define sha256_info mbedtls_sha256_info
+#define sha256_init mbedtls_sha256_init
+#define sha256_process mbedtls_sha256_process
+#define sha256_self_test mbedtls_sha256_self_test
+#define sha256_starts mbedtls_sha256_starts
+#define sha256_update mbedtls_sha256_update
+#define sha384_info mbedtls_sha384_info
+#define sha512 mbedtls_sha512
+#define sha512_context mbedtls_sha512_context
+#define sha512_file mbedtls_sha512_file
+#define sha512_finish mbedtls_sha512_finish
+#define sha512_free mbedtls_sha512_free
+#define sha512_hmac mbedtls_sha512_hmac
+#define sha512_hmac_finish mbedtls_sha512_hmac_finish
+#define sha512_hmac_reset mbedtls_sha512_hmac_reset
+#define sha512_hmac_starts mbedtls_sha512_hmac_starts
+#define sha512_hmac_update mbedtls_sha512_hmac_update
+#define sha512_info mbedtls_sha512_info
+#define sha512_init mbedtls_sha512_init
+#define sha512_process mbedtls_sha512_process
+#define sha512_self_test mbedtls_sha512_self_test
+#define sha512_starts mbedtls_sha512_starts
+#define sha512_update mbedtls_sha512_update
+#define source_state mbedtls_entropy_source_state
+#define ssl_cache_context mbedtls_ssl_cache_context
+#define ssl_cache_entry mbedtls_ssl_cache_entry
+#define ssl_cache_free mbedtls_ssl_cache_free
+#define ssl_cache_get mbedtls_ssl_cache_get
+#define ssl_cache_init mbedtls_ssl_cache_init
+#define ssl_cache_set mbedtls_ssl_cache_set
+#define ssl_cache_set_max_entries mbedtls_ssl_cache_set_max_entries
+#define ssl_cache_set_timeout mbedtls_ssl_cache_set_timeout
+#define ssl_check_cert_usage mbedtls_ssl_check_cert_usage
+#define ssl_ciphersuite_from_id mbedtls_ssl_ciphersuite_from_id
+#define ssl_ciphersuite_from_string mbedtls_ssl_ciphersuite_from_string
+#define ssl_ciphersuite_t mbedtls_ssl_ciphersuite_t
+#define ssl_ciphersuite_uses_ec mbedtls_ssl_ciphersuite_uses_ec
+#define ssl_ciphersuite_uses_psk mbedtls_ssl_ciphersuite_uses_psk
+#define ssl_close_notify mbedtls_ssl_close_notify
+#define ssl_context mbedtls_ssl_context
+#define ssl_cookie_check mbedtls_ssl_cookie_check
+#define ssl_cookie_check_t mbedtls_ssl_cookie_check_t
+#define ssl_cookie_ctx mbedtls_ssl_cookie_ctx
+#define ssl_cookie_free mbedtls_ssl_cookie_free
+#define ssl_cookie_init mbedtls_ssl_cookie_init
+#define ssl_cookie_set_timeout mbedtls_ssl_cookie_set_timeout
+#define ssl_cookie_setup mbedtls_ssl_cookie_setup
+#define ssl_cookie_write mbedtls_ssl_cookie_write
+#define ssl_cookie_write_t mbedtls_ssl_cookie_write_t
+#define ssl_curve_is_acceptable mbedtls_ssl_curve_is_acceptable
+#define ssl_derive_keys mbedtls_ssl_derive_keys
+#define ssl_dtls_replay_check mbedtls_ssl_dtls_replay_check
+#define ssl_dtls_replay_update mbedtls_ssl_dtls_replay_update
+#define ssl_fetch_input mbedtls_ssl_fetch_input
+#define ssl_flight_item mbedtls_ssl_flight_item
+#define ssl_flush_output mbedtls_ssl_flush_output
+#define ssl_free mbedtls_ssl_free
+#define ssl_get_alpn_protocol mbedtls_ssl_get_alpn_protocol
+#define ssl_get_bytes_avail mbedtls_ssl_get_bytes_avail
+#define ssl_get_ciphersuite mbedtls_ssl_get_ciphersuite
+#define ssl_get_ciphersuite_id mbedtls_ssl_get_ciphersuite_id
+#define ssl_get_ciphersuite_name mbedtls_ssl_get_ciphersuite_name
+#define ssl_get_ciphersuite_sig_pk_alg mbedtls_ssl_get_ciphersuite_sig_pk_alg
+#define ssl_get_peer_cert mbedtls_ssl_get_peer_cert
+#define ssl_get_record_expansion mbedtls_ssl_get_record_expansion
+#define ssl_get_session mbedtls_ssl_get_session
+#define ssl_get_verify_result mbedtls_ssl_get_verify_result
+#define ssl_get_version mbedtls_ssl_get_version
+#define ssl_handshake mbedtls_ssl_handshake
+#define ssl_handshake_client_step mbedtls_ssl_handshake_client_step
+#define ssl_handshake_free mbedtls_ssl_handshake_free
+#define ssl_handshake_params mbedtls_ssl_handshake_params
+#define ssl_handshake_server_step mbedtls_ssl_handshake_server_step
+#define ssl_handshake_step mbedtls_ssl_handshake_step
+#define ssl_handshake_wrapup mbedtls_ssl_handshake_wrapup
+#define ssl_hdr_len mbedtls_ssl_hdr_len
+#define ssl_hs_hdr_len mbedtls_ssl_hs_hdr_len
+#define ssl_hw_record_activate mbedtls_ssl_hw_record_activate
+#define ssl_hw_record_finish mbedtls_ssl_hw_record_finish
+#define ssl_hw_record_init mbedtls_ssl_hw_record_init
+#define ssl_hw_record_read mbedtls_ssl_hw_record_read
+#define ssl_hw_record_reset mbedtls_ssl_hw_record_reset
+#define ssl_hw_record_write mbedtls_ssl_hw_record_write
+#define ssl_init mbedtls_ssl_init
+#define ssl_key_cert mbedtls_ssl_key_cert
+#define ssl_legacy_renegotiation mbedtls_ssl_conf_legacy_renegotiation
+#define ssl_list_ciphersuites mbedtls_ssl_list_ciphersuites
+#define ssl_md_alg_from_hash mbedtls_ssl_md_alg_from_hash
+#define ssl_optimize_checksum mbedtls_ssl_optimize_checksum
+#define ssl_own_cert mbedtls_ssl_own_cert
+#define ssl_own_key mbedtls_ssl_own_key
+#define ssl_parse_certificate mbedtls_ssl_parse_certificate
+#define ssl_parse_change_cipher_spec mbedtls_ssl_parse_change_cipher_spec
+#define ssl_parse_finished mbedtls_ssl_parse_finished
+#define ssl_pk_alg_from_sig mbedtls_ssl_pk_alg_from_sig
+#define ssl_pkcs11_decrypt mbedtls_ssl_pkcs11_decrypt
+#define ssl_pkcs11_key_len mbedtls_ssl_pkcs11_key_len
+#define ssl_pkcs11_sign mbedtls_ssl_pkcs11_sign
+#define ssl_psk_derive_premaster mbedtls_ssl_psk_derive_premaster
+#define ssl_read mbedtls_ssl_read
+#define ssl_read_record mbedtls_ssl_read_record
+#define ssl_read_version mbedtls_ssl_read_version
+#define ssl_recv_flight_completed mbedtls_ssl_recv_flight_completed
+#define ssl_renegotiate mbedtls_ssl_renegotiate
+#define ssl_resend mbedtls_ssl_resend
+#define ssl_reset_checksum mbedtls_ssl_reset_checksum
+#define ssl_send_alert_message mbedtls_ssl_send_alert_message
+#define ssl_send_fatal_handshake_failure mbedtls_ssl_send_fatal_handshake_failure
+#define ssl_send_flight_completed mbedtls_ssl_send_flight_completed
+#define ssl_session mbedtls_ssl_session
+#define ssl_session_free mbedtls_ssl_session_free
+#define ssl_session_init mbedtls_ssl_session_init
+#define ssl_session_reset mbedtls_ssl_session_reset
+#define ssl_set_alpn_protocols mbedtls_ssl_conf_alpn_protocols
+#define ssl_set_arc4_support mbedtls_ssl_conf_arc4_support
+#define ssl_set_authmode mbedtls_ssl_conf_authmode
+#define ssl_set_bio mbedtls_ssl_set_bio
+#define ssl_set_bio mbedtls_ssl_set_bio_timeout
+#define ssl_set_ca_chain mbedtls_ssl_conf_ca_chain
+#define ssl_set_cbc_record_splitting mbedtls_ssl_conf_cbc_record_splitting
+#define ssl_set_ciphersuites mbedtls_ssl_conf_ciphersuites
+#define ssl_set_ciphersuites_for_version mbedtls_ssl_conf_ciphersuites_for_version
+#define ssl_set_client_transport_id mbedtls_ssl_set_client_transport_id
+#define ssl_set_curves mbedtls_ssl_conf_curves
+#define ssl_set_dbg mbedtls_ssl_conf_dbg
+#define ssl_set_dh_param mbedtls_ssl_conf_dh_param
+#define ssl_set_dh_param_ctx mbedtls_ssl_conf_dh_param_ctx
+#define ssl_set_dtls_anti_replay mbedtls_ssl_conf_dtls_anti_replay
+#define ssl_set_dtls_badmac_limit mbedtls_ssl_conf_dtls_badmac_limit
+#define ssl_set_dtls_cookies mbedtls_ssl_conf_dtls_cookies
+#define ssl_set_encrypt_then_mac mbedtls_ssl_conf_encrypt_then_mac
+#define ssl_set_endpoint mbedtls_ssl_conf_endpoint
+#define ssl_set_extended_master_secret mbedtls_ssl_conf_extended_master_secret
+#define ssl_set_fallback mbedtls_ssl_conf_fallback
+#define ssl_set_handshake_timeout mbedtls_ssl_conf_handshake_timeout
+#define ssl_set_hostname mbedtls_ssl_set_hostname
+#define ssl_set_max_frag_len mbedtls_ssl_conf_max_frag_len
+#define ssl_set_max_version mbedtls_ssl_conf_max_version
+#define ssl_set_min_version mbedtls_ssl_conf_min_version
+#define ssl_set_own_cert mbedtls_ssl_conf_own_cert
+#define ssl_set_own_cert_alt mbedtls_ssl_set_own_cert_alt
+#define ssl_set_own_cert_rsa mbedtls_ssl_set_own_cert_rsa
+#define ssl_set_psk mbedtls_ssl_conf_psk
+#define ssl_set_psk_cb mbedtls_ssl_conf_psk_cb
+#define ssl_set_renegotiation mbedtls_ssl_conf_renegotiation
+#define ssl_set_renegotiation_enforced mbedtls_ssl_conf_renegotiation_enforced
+#define ssl_set_renegotiation_period mbedtls_ssl_conf_renegotiation_period
+#define ssl_set_rng mbedtls_ssl_conf_rng
+#define ssl_set_session mbedtls_ssl_set_session
+#define ssl_set_session_cache mbedtls_ssl_conf_session_cache
+#define ssl_set_session_ticket_lifetime mbedtls_ssl_conf_session_ticket_lifetime
+#define ssl_set_session_tickets mbedtls_ssl_conf_session_tickets
+#define ssl_set_sni mbedtls_ssl_conf_sni
+#define ssl_set_transport mbedtls_ssl_conf_transport
+#define ssl_set_truncated_hmac mbedtls_ssl_conf_truncated_hmac
+#define ssl_set_verify mbedtls_ssl_conf_verify
+#define ssl_sig_from_pk mbedtls_ssl_sig_from_pk
+#define ssl_states mbedtls_ssl_states
+#define ssl_ticket_keys mbedtls_ssl_ticket_keys
+#define ssl_transform mbedtls_ssl_transform
+#define ssl_transform_free mbedtls_ssl_transform_free
+#define ssl_write mbedtls_ssl_write
+#define ssl_write_certificate mbedtls_ssl_write_certificate
+#define ssl_write_change_cipher_spec mbedtls_ssl_write_change_cipher_spec
+#define ssl_write_finished mbedtls_ssl_write_finished
+#define ssl_write_record mbedtls_ssl_write_record
+#define ssl_write_version mbedtls_ssl_write_version
+#define supported_ciphers mbedtls_cipher_supported
+#define t_sint mbedtls_mpi_sint
+#define t_udbl mbedtls_t_udbl
+#define t_uint mbedtls_mpi_uint
+#define test_ca_crt mbedtls_test_ca_crt
+#define test_ca_crt_ec mbedtls_test_ca_crt_ec
+#define test_ca_crt_rsa mbedtls_test_ca_crt_rsa
+#define test_ca_key mbedtls_test_ca_key
+#define test_ca_key_ec mbedtls_test_ca_key_ec
+#define test_ca_key_rsa mbedtls_test_ca_key_rsa
+#define test_ca_list mbedtls_test_cas_pem
+#define test_ca_pwd mbedtls_test_ca_pwd
+#define test_ca_pwd_ec mbedtls_test_ca_pwd_ec
+#define test_ca_pwd_rsa mbedtls_test_ca_pwd_rsa
+#define test_cli_crt mbedtls_test_cli_crt
+#define test_cli_crt_ec mbedtls_test_cli_crt_ec
+#define test_cli_crt_rsa mbedtls_test_cli_crt_rsa
+#define test_cli_key mbedtls_test_cli_key
+#define test_cli_key_ec mbedtls_test_cli_key_ec
+#define test_cli_key_rsa mbedtls_test_cli_key_rsa
+#define test_dhm_params mbedtls_test_dhm_params
+#define test_srv_crt mbedtls_test_srv_crt
+#define test_srv_crt_ec mbedtls_test_srv_crt_ec
+#define test_srv_crt_rsa mbedtls_test_srv_crt_rsa
+#define test_srv_key mbedtls_test_srv_key
+#define test_srv_key_ec mbedtls_test_srv_key_ec
+#define test_srv_key_rsa mbedtls_test_srv_key_rsa
+#define threading_mutex_t mbedtls_threading_mutex_t
+#define threading_set_alt mbedtls_threading_set_alt
+#define timing_self_test mbedtls_timing_self_test
+#define version_check_feature mbedtls_version_check_feature
+#define version_get_number mbedtls_version_get_number
+#define version_get_string mbedtls_version_get_string
+#define version_get_string_full mbedtls_version_get_string_full
+#define x509_bitstring mbedtls_x509_bitstring
+#define x509_buf mbedtls_x509_buf
+#define x509_crl mbedtls_x509_crl
+#define x509_crl_entry mbedtls_x509_crl_entry
+#define x509_crl_free mbedtls_x509_crl_free
+#define x509_crl_info mbedtls_x509_crl_info
+#define x509_crl_init mbedtls_x509_crl_init
+#define x509_crl_parse mbedtls_x509_crl_parse
+#define x509_crl_parse_der mbedtls_x509_crl_parse_der
+#define x509_crl_parse_file mbedtls_x509_crl_parse_file
+#define x509_crt mbedtls_x509_crt
+#define x509_crt_check_extended_key_usage mbedtls_x509_crt_check_extended_key_usage
+#define x509_crt_check_key_usage mbedtls_x509_crt_check_key_usage
+#define x509_crt_free mbedtls_x509_crt_free
+#define x509_crt_info mbedtls_x509_crt_info
+#define x509_crt_init mbedtls_x509_crt_init
+#define x509_crt_parse mbedtls_x509_crt_parse
+#define x509_crt_parse_der mbedtls_x509_crt_parse_der
+#define x509_crt_parse_file mbedtls_x509_crt_parse_file
+#define x509_crt_parse_path mbedtls_x509_crt_parse_path
+#define x509_crt_revoked mbedtls_x509_crt_is_revoked
+#define x509_crt_verify mbedtls_x509_crt_verify
+#define x509_csr mbedtls_x509_csr
+#define x509_csr_free mbedtls_x509_csr_free
+#define x509_csr_info mbedtls_x509_csr_info
+#define x509_csr_init mbedtls_x509_csr_init
+#define x509_csr_parse mbedtls_x509_csr_parse
+#define x509_csr_parse_der mbedtls_x509_csr_parse_der
+#define x509_csr_parse_file mbedtls_x509_csr_parse_file
+#define x509_dn_gets mbedtls_x509_dn_gets
+#define x509_get_alg mbedtls_x509_get_alg
+#define x509_get_alg_null mbedtls_x509_get_alg_null
+#define x509_get_ext mbedtls_x509_get_ext
+#define x509_get_name mbedtls_x509_get_name
+#define x509_get_rsassa_pss_params mbedtls_x509_get_rsassa_pss_params
+#define x509_get_serial mbedtls_x509_get_serial
+#define x509_get_sig mbedtls_x509_get_sig
+#define x509_get_sig_alg mbedtls_x509_get_sig_alg
+#define x509_get_time mbedtls_x509_get_time
+#define x509_key_size_helper mbedtls_x509_key_size_helper
+#define x509_name mbedtls_x509_name
+#define x509_oid_get_description mbedtls_x509_oid_get_description
+#define x509_oid_get_numeric_string mbedtls_x509_oid_get_numeric_string
+#define x509_self_test mbedtls_x509_self_test
+#define x509_sequence mbedtls_x509_sequence
+#define x509_serial_gets mbedtls_x509_serial_gets
+#define x509_set_extension mbedtls_x509_set_extension
+#define x509_sig_alg_gets mbedtls_x509_sig_alg_gets
+#define x509_string_to_names mbedtls_x509_string_to_names
+#define x509_time mbedtls_x509_time
+#define x509_time_expired mbedtls_x509_time_is_past
+#define x509_time_future mbedtls_x509_time_is_future
+#define x509_write_extensions mbedtls_x509_write_extensions
+#define x509_write_names mbedtls_x509_write_names
+#define x509_write_sig mbedtls_x509_write_sig
+#define x509write_cert mbedtls_x509write_cert
+#define x509write_crt_der mbedtls_x509write_crt_der
+#define x509write_crt_free mbedtls_x509write_crt_free
+#define x509write_crt_init mbedtls_x509write_crt_init
+#define x509write_crt_pem mbedtls_x509write_crt_pem
+#define x509write_crt_set_authority_key_identifier mbedtls_x509write_crt_set_authority_key_identifier
+#define x509write_crt_set_basic_constraints mbedtls_x509write_crt_set_basic_constraints
+#define x509write_crt_set_extension mbedtls_x509write_crt_set_extension
+#define x509write_crt_set_issuer_key mbedtls_x509write_crt_set_issuer_key
+#define x509write_crt_set_issuer_name mbedtls_x509write_crt_set_issuer_name
+#define x509write_crt_set_key_usage mbedtls_x509write_crt_set_key_usage
+#define x509write_crt_set_md_alg mbedtls_x509write_crt_set_md_alg
+#define x509write_crt_set_ns_cert_type mbedtls_x509write_crt_set_ns_cert_type
+#define x509write_crt_set_serial mbedtls_x509write_crt_set_serial
+#define x509write_crt_set_subject_key mbedtls_x509write_crt_set_subject_key
+#define x509write_crt_set_subject_key_identifier mbedtls_x509write_crt_set_subject_key_identifier
+#define x509write_crt_set_subject_name mbedtls_x509write_crt_set_subject_name
+#define x509write_crt_set_validity mbedtls_x509write_crt_set_validity
+#define x509write_crt_set_version mbedtls_x509write_crt_set_version
+#define x509write_csr mbedtls_x509write_csr
+#define x509write_csr_der mbedtls_x509write_csr_der
+#define x509write_csr_free mbedtls_x509write_csr_free
+#define x509write_csr_init mbedtls_x509write_csr_init
+#define x509write_csr_pem mbedtls_x509write_csr_pem
+#define x509write_csr_set_extension mbedtls_x509write_csr_set_extension
+#define x509write_csr_set_key mbedtls_x509write_csr_set_key
+#define x509write_csr_set_key_usage mbedtls_x509write_csr_set_key_usage
+#define x509write_csr_set_md_alg mbedtls_x509write_csr_set_md_alg
+#define x509write_csr_set_ns_cert_type mbedtls_x509write_csr_set_ns_cert_type
+#define x509write_csr_set_subject_name mbedtls_x509write_csr_set_subject_name
+#define xtea_context mbedtls_xtea_context
+#define xtea_crypt_cbc mbedtls_xtea_crypt_cbc
+#define xtea_crypt_ecb mbedtls_xtea_crypt_ecb
+#define xtea_free mbedtls_xtea_free
+#define xtea_init mbedtls_xtea_init
+#define xtea_self_test mbedtls_xtea_self_test
+#define xtea_setup mbedtls_xtea_setup
+
+#endif /* compat-1.3.h */
+#endif /* MBEDTLS_DEPRECATED_REMOVED */
diff --git a/client/3rd/ShadowSocks/ShadowSocks/mbedtls/include/mbedtls/config.h b/client/3rd/ShadowSocks/ShadowSocks/mbedtls/include/mbedtls/config.h
new file mode 100644
index 00000000..68153efd
--- /dev/null
+++ b/client/3rd/ShadowSocks/ShadowSocks/mbedtls/include/mbedtls/config.h
@@ -0,0 +1,2462 @@
+/**
+ * \file config.h
+ *
+ * \brief Configuration options (set of defines)
+ *
+ *  Copyright (C) 2006-2015, ARM Limited, All Rights Reserved
+ *  SPDX-License-Identifier: Apache-2.0
+ *
+ *  Licensed under the Apache License, Version 2.0 (the "License"); you may
+ *  not use this file except in compliance with the License.
+ *  You may obtain a copy of the License at
+ *
+ *  http://www.apache.org/licenses/LICENSE-2.0
+ *
+ *  Unless required by applicable law or agreed to in writing, software
+ *  distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
+ *  WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ *  See the License for the specific language governing permissions and
+ *  limitations under the License.
+ *
+ *  This file is part of mbed TLS (https://tls.mbed.org)
+ */
+
+/*
+ * This set of compile-time options may be used to enable
+ * or disable features selectively, and reduce the global
+ * memory footprint.
+ */
+#ifndef MBEDTLS_CONFIG_H
+#define MBEDTLS_CONFIG_H
+
+#if defined(_MSC_VER) && !defined(_CRT_SECURE_NO_DEPRECATE)
+#define _CRT_SECURE_NO_DEPRECATE 1
+#endif
+
+/**
+ * \name SECTION: System support
+ *
+ * This section sets system specific settings.
+ * \{
+ */
+
+/**
+ * \def MBEDTLS_HAVE_ASM
+ *
+ * The compiler has support for asm().
+ *
+ * Requires support for asm() in compiler.
+ *
+ * Used in:
+ *      library/timing.c
+ *      library/padlock.c
+ *      include/mbedtls/bn_mul.h
+ *
+ * Comment to disable the use of assembly code.
+ */
+#define MBEDTLS_HAVE_ASM
+
+/**
+ * \def MBEDTLS_HAVE_SSE2
+ *
+ * CPU supports SSE2 instruction set.
+ *
+ * Uncomment if the CPU supports SSE2 (IA-32 specific).
+ */
+//#define MBEDTLS_HAVE_SSE2
+
+/**
+ * \def MBEDTLS_HAVE_TIME
+ *
+ * System has time.h and time().
+ * The time does not need to be correct, only time differences are used,
+ * by contrast with MBEDTLS_HAVE_TIME_DATE
+ *
+ * Comment if your system does not support time functions
+ */
+#define MBEDTLS_HAVE_TIME
+
+/**
+ * \def MBEDTLS_HAVE_TIME_DATE
+ *
+ * System has time.h and time(), gmtime() and the clock is correct.
+ * The time needs to be correct (not necesarily very accurate, but at least
+ * the date should be correct). This is used to verify the validity period of
+ * X.509 certificates.
+ *
+ * Comment if your system does not have a correct clock.
+ */
+#define MBEDTLS_HAVE_TIME_DATE
+
+/**
+ * \def MBEDTLS_PLATFORM_MEMORY
+ *
+ * Enable the memory allocation layer.
+ *
+ * By default mbed TLS uses the system-provided calloc() and free().
+ * This allows different allocators (self-implemented or provided) to be
+ * provided to the platform abstraction layer.
+ *
+ * Enabling MBEDTLS_PLATFORM_MEMORY without the
+ * MBEDTLS_PLATFORM_{FREE,CALLOC}_MACROs will provide
+ * "mbedtls_platform_set_calloc_free()" allowing you to set an alternative calloc() and
+ * free() function pointer at runtime.
+ *
+ * Enabling MBEDTLS_PLATFORM_MEMORY and specifying
+ * MBEDTLS_PLATFORM_{CALLOC,FREE}_MACROs will allow you to specify the
+ * alternate function at compile time.
+ *
+ * Requires: MBEDTLS_PLATFORM_C
+ *
+ * Enable this layer to allow use of alternative memory allocators.
+ */
+//#define MBEDTLS_PLATFORM_MEMORY
+
+/**
+ * \def MBEDTLS_PLATFORM_NO_STD_FUNCTIONS
+ *
+ * Do not assign standard functions in the platform layer (e.g. calloc() to
+ * MBEDTLS_PLATFORM_STD_CALLOC and printf() to MBEDTLS_PLATFORM_STD_PRINTF)
+ *
+ * This makes sure there are no linking errors on platforms that do not support
+ * these functions. You will HAVE to provide alternatives, either at runtime
+ * via the platform_set_xxx() functions or at compile time by setting
+ * the MBEDTLS_PLATFORM_STD_XXX defines, or enabling a
+ * MBEDTLS_PLATFORM_XXX_MACRO.
+ *
+ * Requires: MBEDTLS_PLATFORM_C
+ *
+ * Uncomment to prevent default assignment of standard functions in the
+ * platform layer.
+ */
+//#define MBEDTLS_PLATFORM_NO_STD_FUNCTIONS
+
+/**
+ * \def MBEDTLS_PLATFORM_XXX_ALT
+ *
+ * Uncomment a macro to let mbed TLS support the function in the platform
+ * abstraction layer.
+ *
+ * Example: In case you uncomment MBEDTLS_PLATFORM_PRINTF_ALT, mbed TLS will
+ * provide a function "mbedtls_platform_set_printf()" that allows you to set an
+ * alternative printf function pointer.
+ *
+ * All these define require MBEDTLS_PLATFORM_C to be defined!
+ *
+ * \note MBEDTLS_PLATFORM_SNPRINTF_ALT is required on Windows;
+ * it will be enabled automatically by check_config.h
+ *
+ * \warning MBEDTLS_PLATFORM_XXX_ALT cannot be defined at the same time as
+ * MBEDTLS_PLATFORM_XXX_MACRO!
+ *
+ * Uncomment a macro to enable alternate implementation of specific base
+ * platform function
+ */
+//#define MBEDTLS_PLATFORM_EXIT_ALT
+//#define MBEDTLS_PLATFORM_FPRINTF_ALT
+//#define MBEDTLS_PLATFORM_PRINTF_ALT
+//#define MBEDTLS_PLATFORM_SNPRINTF_ALT
+
+/**
+ * \def MBEDTLS_DEPRECATED_WARNING
+ *
+ * Mark deprecated functions so that they generate a warning if used.
+ * Functions deprecated in one version will usually be removed in the next
+ * version. You can enable this to help you prepare the transition to a new
+ * major version by making sure your code is not using these functions.
+ *
+ * This only works with GCC and Clang. With other compilers, you may want to
+ * use MBEDTLS_DEPRECATED_REMOVED
+ *
+ * Uncomment to get warnings on using deprecated functions.
+ */
+//#define MBEDTLS_DEPRECATED_WARNING
+
+/**
+ * \def MBEDTLS_DEPRECATED_REMOVED
+ *
+ * Remove deprecated functions so that they generate an error if used.
+ * Functions deprecated in one version will usually be removed in the next
+ * version. You can enable this to help you prepare the transition to a new
+ * major version by making sure your code is not using these functions.
+ *
+ * Uncomment to get errors on using deprecated functions.
+ */
+//#define MBEDTLS_DEPRECATED_REMOVED
+
+/* \} name SECTION: System support */
+
+/**
+ * \name SECTION: mbed TLS feature support
+ *
+ * This section sets support for features that are or are not needed
+ * within the modules that are enabled.
+ * \{
+ */
+
+/**
+ * \def MBEDTLS_TIMING_ALT
+ *
+ * Uncomment to provide your own alternate implementation for mbedtls_timing_hardclock(),
+ * mbedtls_timing_get_timer(), mbedtls_set_alarm(), mbedtls_set/get_delay()
+ *
+ * Only works if you have MBEDTLS_TIMING_C enabled.
+ *
+ * You will need to provide a header "timing_alt.h" and an implementation at
+ * compile time.
+ */
+//#define MBEDTLS_TIMING_ALT
+
+/**
+ * \def MBEDTLS__MODULE_NAME__ALT
+ *
+ * Uncomment a macro to let mbed TLS use your alternate core implementation of
+ * a symmetric crypto or hash module (e.g. platform specific assembly
+ * optimized implementations). Keep in mind that the function prototypes
+ * should remain the same.
+ *
+ * This replaces the whole module. If you only want to replace one of the
+ * functions, use one of the MBEDTLS__FUNCTION_NAME__ALT flags.
+ *
+ * Example: In case you uncomment MBEDTLS_AES_ALT, mbed TLS will no longer
+ * provide the "struct mbedtls_aes_context" definition and omit the base function
+ * declarations and implementations. "aes_alt.h" will be included from
+ * "aes.h" to include the new function definitions.
+ *
+ * Uncomment a macro to enable alternate implementation of the corresponding
+ * module.
+ */
+//#define MBEDTLS_AES_ALT
+//#define MBEDTLS_ARC4_ALT
+//#define MBEDTLS_BLOWFISH_ALT
+//#define MBEDTLS_CAMELLIA_ALT
+//#define MBEDTLS_DES_ALT
+//#define MBEDTLS_XTEA_ALT
+//#define MBEDTLS_MD2_ALT
+//#define MBEDTLS_MD4_ALT
+//#define MBEDTLS_MD5_ALT
+//#define MBEDTLS_RIPEMD160_ALT
+//#define MBEDTLS_SHA1_ALT
+//#define MBEDTLS_SHA256_ALT
+//#define MBEDTLS_SHA512_ALT
+
+/**
+ * \def MBEDTLS__FUNCTION_NAME__ALT
+ *
+ * Uncomment a macro to let mbed TLS use you alternate core implementation of
+ * symmetric crypto or hash function. Keep in mind that function prototypes
+ * should remain the same.
+ *
+ * This replaces only one function. The header file from mbed TLS is still
+ * used, in contrast to the MBEDTLS__MODULE_NAME__ALT flags.
+ *
+ * Example: In case you uncomment MBEDTLS_SHA256_PROCESS_ALT, mbed TLS will
+ * no longer provide the mbedtls_sha1_process() function, but it will still provide
+ * the other function (using your mbedtls_sha1_process() function) and the definition
+ * of mbedtls_sha1_context, so your implementation of mbedtls_sha1_process must be compatible
+ * with this definition.
+ *
+ * Note: if you use the AES_xxx_ALT macros, then is is recommended to also set
+ * MBEDTLS_AES_ROM_TABLES in order to help the linker garbage-collect the AES
+ * tables.
+ *
+ * Uncomment a macro to enable alternate implementation of the corresponding
+ * function.
+ */
+//#define MBEDTLS_MD2_PROCESS_ALT
+//#define MBEDTLS_MD4_PROCESS_ALT
+//#define MBEDTLS_MD5_PROCESS_ALT
+//#define MBEDTLS_RIPEMD160_PROCESS_ALT
+//#define MBEDTLS_SHA1_PROCESS_ALT
+//#define MBEDTLS_SHA256_PROCESS_ALT
+//#define MBEDTLS_SHA512_PROCESS_ALT
+//#define MBEDTLS_DES_SETKEY_ALT
+//#define MBEDTLS_DES_CRYPT_ECB_ALT
+//#define MBEDTLS_DES3_CRYPT_ECB_ALT
+//#define MBEDTLS_AES_SETKEY_ENC_ALT
+//#define MBEDTLS_AES_SETKEY_DEC_ALT
+//#define MBEDTLS_AES_ENCRYPT_ALT
+//#define MBEDTLS_AES_DECRYPT_ALT
+
+/**
+ * \def MBEDTLS_ENTROPY_HARDWARE_ALT
+ *
+ * Uncomment this macro to let mbed TLS use your own implementation of a
+ * hardware entropy collector.
+ *
+ * Your function must be called \c mbedtls_hardware_poll(), have the same
+ * prototype as declared in entropy_poll.h, and accept NULL as first argument.
+ *
+ * Uncomment to use your own hardware entropy collector.
+ */
+//#define MBEDTLS_ENTROPY_HARDWARE_ALT
+
+/**
+ * \def MBEDTLS_AES_ROM_TABLES
+ *
+ * Store the AES tables in ROM.
+ *
+ * Uncomment this macro to store the AES tables in ROM.
+ */
+//#define MBEDTLS_AES_ROM_TABLES
+
+/**
+ * \def MBEDTLS_CAMELLIA_SMALL_MEMORY
+ *
+ * Use less ROM for the Camellia implementation (saves about 768 bytes).
+ *
+ * Uncomment this macro to use less memory for Camellia.
+ */
+//#define MBEDTLS_CAMELLIA_SMALL_MEMORY
+
+/**
+ * \def MBEDTLS_CIPHER_MODE_CBC
+ *
+ * Enable Cipher Block Chaining mode (CBC) for symmetric ciphers.
+ */
+#define MBEDTLS_CIPHER_MODE_CBC
+
+/**
+ * \def MBEDTLS_CIPHER_MODE_CFB
+ *
+ * Enable Cipher Feedback mode (CFB) for symmetric ciphers.
+ */
+#define MBEDTLS_CIPHER_MODE_CFB
+
+/**
+ * \def MBEDTLS_CIPHER_MODE_CTR
+ *
+ * Enable Counter Block Cipher mode (CTR) for symmetric ciphers.
+ */
+#define MBEDTLS_CIPHER_MODE_CTR
+
+/**
+ * \def MBEDTLS_CIPHER_NULL_CIPHER
+ *
+ * Enable NULL cipher.
+ * Warning: Only do so when you know what you are doing. This allows for
+ * encryption or channels without any security!
+ *
+ * Requires MBEDTLS_ENABLE_WEAK_CIPHERSUITES as well to enable
+ * the following ciphersuites:
+ *      MBEDTLS_TLS_ECDH_ECDSA_WITH_NULL_SHA
+ *      MBEDTLS_TLS_ECDH_RSA_WITH_NULL_SHA
+ *      MBEDTLS_TLS_ECDHE_ECDSA_WITH_NULL_SHA
+ *      MBEDTLS_TLS_ECDHE_RSA_WITH_NULL_SHA
+ *      MBEDTLS_TLS_ECDHE_PSK_WITH_NULL_SHA384
+ *      MBEDTLS_TLS_ECDHE_PSK_WITH_NULL_SHA256
+ *      MBEDTLS_TLS_ECDHE_PSK_WITH_NULL_SHA
+ *      MBEDTLS_TLS_DHE_PSK_WITH_NULL_SHA384
+ *      MBEDTLS_TLS_DHE_PSK_WITH_NULL_SHA256
+ *      MBEDTLS_TLS_DHE_PSK_WITH_NULL_SHA
+ *      MBEDTLS_TLS_RSA_WITH_NULL_SHA256
+ *      MBEDTLS_TLS_RSA_WITH_NULL_SHA
+ *      MBEDTLS_TLS_RSA_WITH_NULL_MD5
+ *      MBEDTLS_TLS_RSA_PSK_WITH_NULL_SHA384
+ *      MBEDTLS_TLS_RSA_PSK_WITH_NULL_SHA256
+ *      MBEDTLS_TLS_RSA_PSK_WITH_NULL_SHA
+ *      MBEDTLS_TLS_PSK_WITH_NULL_SHA384
+ *      MBEDTLS_TLS_PSK_WITH_NULL_SHA256
+ *      MBEDTLS_TLS_PSK_WITH_NULL_SHA
+ *
+ * Uncomment this macro to enable the NULL cipher and ciphersuites
+ */
+//#define MBEDTLS_CIPHER_NULL_CIPHER
+
+/**
+ * \def MBEDTLS_CIPHER_PADDING_XXX
+ *
+ * Uncomment or comment macros to add support for specific padding modes
+ * in the cipher layer with cipher modes that support padding (e.g. CBC)
+ *
+ * If you disable all padding modes, only full blocks can be used with CBC.
+ *
+ * Enable padding modes in the cipher layer.
+ */
+#define MBEDTLS_CIPHER_PADDING_PKCS7
+#define MBEDTLS_CIPHER_PADDING_ONE_AND_ZEROS
+#define MBEDTLS_CIPHER_PADDING_ZEROS_AND_LEN
+#define MBEDTLS_CIPHER_PADDING_ZEROS
+
+/**
+ * \def MBEDTLS_ENABLE_WEAK_CIPHERSUITES
+ *
+ * Enable weak ciphersuites in SSL / TLS.
+ * Warning: Only do so when you know what you are doing. This allows for
+ * channels with virtually no security at all!
+ *
+ * This enables the following ciphersuites:
+ *      MBEDTLS_TLS_RSA_WITH_DES_CBC_SHA
+ *      MBEDTLS_TLS_DHE_RSA_WITH_DES_CBC_SHA
+ *
+ * Uncomment this macro to enable weak ciphersuites
+ */
+//#define MBEDTLS_ENABLE_WEAK_CIPHERSUITES
+
+/**
+ * \def MBEDTLS_REMOVE_ARC4_CIPHERSUITES
+ *
+ * Remove RC4 ciphersuites by default in SSL / TLS.
+ * This flag removes the ciphersuites based on RC4 from the default list as
+ * returned by mbedtls_ssl_list_ciphersuites(). However, it is still possible to
+ * enable (some of) them with mbedtls_ssl_conf_ciphersuites() by including them
+ * explicitly.
+ *
+ * Uncomment this macro to remove RC4 ciphersuites by default.
+ */
+#define MBEDTLS_REMOVE_ARC4_CIPHERSUITES
+
+/**
+ * \def MBEDTLS_ECP_XXXX_ENABLED
+ *
+ * Enables specific curves within the Elliptic Curve module.
+ * By default all supported curves are enabled.
+ *
+ * Comment macros to disable the curve and functions for it
+ */
+#define MBEDTLS_ECP_DP_SECP192R1_ENABLED
+#define MBEDTLS_ECP_DP_SECP224R1_ENABLED
+#define MBEDTLS_ECP_DP_SECP256R1_ENABLED
+#define MBEDTLS_ECP_DP_SECP384R1_ENABLED
+#define MBEDTLS_ECP_DP_SECP521R1_ENABLED
+#define MBEDTLS_ECP_DP_SECP192K1_ENABLED
+#define MBEDTLS_ECP_DP_SECP224K1_ENABLED
+#define MBEDTLS_ECP_DP_SECP256K1_ENABLED
+#define MBEDTLS_ECP_DP_BP256R1_ENABLED
+#define MBEDTLS_ECP_DP_BP384R1_ENABLED
+#define MBEDTLS_ECP_DP_BP512R1_ENABLED
+#define MBEDTLS_ECP_DP_CURVE25519_ENABLED
+
+/**
+ * \def MBEDTLS_ECP_NIST_OPTIM
+ *
+ * Enable specific 'modulo p' routines for each NIST prime.
+ * Depending on the prime and architecture, makes operations 4 to 8 times
+ * faster on the corresponding curve.
+ *
+ * Comment this macro to disable NIST curves optimisation.
+ */
+#define MBEDTLS_ECP_NIST_OPTIM
+
+/**
+ * \def MBEDTLS_ECDSA_DETERMINISTIC
+ *
+ * Enable deterministic ECDSA (RFC 6979).
+ * Standard ECDSA is "fragile" in the sense that lack of entropy when signing
+ * may result in a compromise of the long-term signing key. This is avoided by
+ * the deterministic variant.
+ *
+ * Requires: MBEDTLS_HMAC_DRBG_C
+ *
+ * Comment this macro to disable deterministic ECDSA.
+ */
+#define MBEDTLS_ECDSA_DETERMINISTIC
+
+/**
+ * \def MBEDTLS_KEY_EXCHANGE_PSK_ENABLED
+ *
+ * Enable the PSK based ciphersuite modes in SSL / TLS.
+ *
+ * This enables the following ciphersuites (if other requisites are
+ * enabled as well):
+ *      MBEDTLS_TLS_PSK_WITH_AES_256_GCM_SHA384
+ *      MBEDTLS_TLS_PSK_WITH_AES_256_CBC_SHA384
+ *      MBEDTLS_TLS_PSK_WITH_AES_256_CBC_SHA
+ *      MBEDTLS_TLS_PSK_WITH_CAMELLIA_256_GCM_SHA384
+ *      MBEDTLS_TLS_PSK_WITH_CAMELLIA_256_CBC_SHA384
+ *      MBEDTLS_TLS_PSK_WITH_AES_128_GCM_SHA256
+ *      MBEDTLS_TLS_PSK_WITH_AES_128_CBC_SHA256
+ *      MBEDTLS_TLS_PSK_WITH_AES_128_CBC_SHA
+ *      MBEDTLS_TLS_PSK_WITH_CAMELLIA_128_GCM_SHA256
+ *      MBEDTLS_TLS_PSK_WITH_CAMELLIA_128_CBC_SHA256
+ *      MBEDTLS_TLS_PSK_WITH_3DES_EDE_CBC_SHA
+ *      MBEDTLS_TLS_PSK_WITH_RC4_128_SHA
+ */
+#define MBEDTLS_KEY_EXCHANGE_PSK_ENABLED
+
+/**
+ * \def MBEDTLS_KEY_EXCHANGE_DHE_PSK_ENABLED
+ *
+ * Enable the DHE-PSK based ciphersuite modes in SSL / TLS.
+ *
+ * Requires: MBEDTLS_DHM_C
+ *
+ * This enables the following ciphersuites (if other requisites are
+ * enabled as well):
+ *      MBEDTLS_TLS_DHE_PSK_WITH_AES_256_GCM_SHA384
+ *      MBEDTLS_TLS_DHE_PSK_WITH_AES_256_CBC_SHA384
+ *      MBEDTLS_TLS_DHE_PSK_WITH_AES_256_CBC_SHA
+ *      MBEDTLS_TLS_DHE_PSK_WITH_CAMELLIA_256_GCM_SHA384
+ *      MBEDTLS_TLS_DHE_PSK_WITH_CAMELLIA_256_CBC_SHA384
+ *      MBEDTLS_TLS_DHE_PSK_WITH_AES_128_GCM_SHA256
+ *      MBEDTLS_TLS_DHE_PSK_WITH_AES_128_CBC_SHA256
+ *      MBEDTLS_TLS_DHE_PSK_WITH_AES_128_CBC_SHA
+ *      MBEDTLS_TLS_DHE_PSK_WITH_CAMELLIA_128_GCM_SHA256
+ *      MBEDTLS_TLS_DHE_PSK_WITH_CAMELLIA_128_CBC_SHA256
+ *      MBEDTLS_TLS_DHE_PSK_WITH_3DES_EDE_CBC_SHA
+ *      MBEDTLS_TLS_DHE_PSK_WITH_RC4_128_SHA
+ */
+#define MBEDTLS_KEY_EXCHANGE_DHE_PSK_ENABLED
+
+/**
+ * \def MBEDTLS_KEY_EXCHANGE_ECDHE_PSK_ENABLED
+ *
+ * Enable the ECDHE-PSK based ciphersuite modes in SSL / TLS.
+ *
+ * Requires: MBEDTLS_ECDH_C
+ *
+ * This enables the following ciphersuites (if other requisites are
+ * enabled as well):
+ *      MBEDTLS_TLS_ECDHE_PSK_WITH_AES_256_CBC_SHA384
+ *      MBEDTLS_TLS_ECDHE_PSK_WITH_AES_256_CBC_SHA
+ *      MBEDTLS_TLS_ECDHE_PSK_WITH_CAMELLIA_256_CBC_SHA384
+ *      MBEDTLS_TLS_ECDHE_PSK_WITH_AES_128_CBC_SHA256
+ *      MBEDTLS_TLS_ECDHE_PSK_WITH_AES_128_CBC_SHA
+ *      MBEDTLS_TLS_ECDHE_PSK_WITH_CAMELLIA_128_CBC_SHA256
+ *      MBEDTLS_TLS_ECDHE_PSK_WITH_3DES_EDE_CBC_SHA
+ *      MBEDTLS_TLS_ECDHE_PSK_WITH_RC4_128_SHA
+ */
+#define MBEDTLS_KEY_EXCHANGE_ECDHE_PSK_ENABLED
+
+/**
+ * \def MBEDTLS_KEY_EXCHANGE_RSA_PSK_ENABLED
+ *
+ * Enable the RSA-PSK based ciphersuite modes in SSL / TLS.
+ *
+ * Requires: MBEDTLS_RSA_C, MBEDTLS_PKCS1_V15,
+ *           MBEDTLS_X509_CRT_PARSE_C
+ *
+ * This enables the following ciphersuites (if other requisites are
+ * enabled as well):
+ *      MBEDTLS_TLS_RSA_PSK_WITH_AES_256_GCM_SHA384
+ *      MBEDTLS_TLS_RSA_PSK_WITH_AES_256_CBC_SHA384
+ *      MBEDTLS_TLS_RSA_PSK_WITH_AES_256_CBC_SHA
+ *      MBEDTLS_TLS_RSA_PSK_WITH_CAMELLIA_256_GCM_SHA384
+ *      MBEDTLS_TLS_RSA_PSK_WITH_CAMELLIA_256_CBC_SHA384
+ *      MBEDTLS_TLS_RSA_PSK_WITH_AES_128_GCM_SHA256
+ *      MBEDTLS_TLS_RSA_PSK_WITH_AES_128_CBC_SHA256
+ *      MBEDTLS_TLS_RSA_PSK_WITH_AES_128_CBC_SHA
+ *      MBEDTLS_TLS_RSA_PSK_WITH_CAMELLIA_128_GCM_SHA256
+ *      MBEDTLS_TLS_RSA_PSK_WITH_CAMELLIA_128_CBC_SHA256
+ *      MBEDTLS_TLS_RSA_PSK_WITH_3DES_EDE_CBC_SHA
+ *      MBEDTLS_TLS_RSA_PSK_WITH_RC4_128_SHA
+ */
+#define MBEDTLS_KEY_EXCHANGE_RSA_PSK_ENABLED
+
+/**
+ * \def MBEDTLS_KEY_EXCHANGE_RSA_ENABLED
+ *
+ * Enable the RSA-only based ciphersuite modes in SSL / TLS.
+ *
+ * Requires: MBEDTLS_RSA_C, MBEDTLS_PKCS1_V15,
+ *           MBEDTLS_X509_CRT_PARSE_C
+ *
+ * This enables the following ciphersuites (if other requisites are
+ * enabled as well):
+ *      MBEDTLS_TLS_RSA_WITH_AES_256_GCM_SHA384
+ *      MBEDTLS_TLS_RSA_WITH_AES_256_CBC_SHA256
+ *      MBEDTLS_TLS_RSA_WITH_AES_256_CBC_SHA
+ *      MBEDTLS_TLS_RSA_WITH_CAMELLIA_256_GCM_SHA384
+ *      MBEDTLS_TLS_RSA_WITH_CAMELLIA_256_CBC_SHA256
+ *      MBEDTLS_TLS_RSA_WITH_CAMELLIA_256_CBC_SHA
+ *      MBEDTLS_TLS_RSA_WITH_AES_128_GCM_SHA256
+ *      MBEDTLS_TLS_RSA_WITH_AES_128_CBC_SHA256
+ *      MBEDTLS_TLS_RSA_WITH_AES_128_CBC_SHA
+ *      MBEDTLS_TLS_RSA_WITH_CAMELLIA_128_GCM_SHA256
+ *      MBEDTLS_TLS_RSA_WITH_CAMELLIA_128_CBC_SHA256
+ *      MBEDTLS_TLS_RSA_WITH_CAMELLIA_128_CBC_SHA
+ *      MBEDTLS_TLS_RSA_WITH_3DES_EDE_CBC_SHA
+ *      MBEDTLS_TLS_RSA_WITH_RC4_128_SHA
+ *      MBEDTLS_TLS_RSA_WITH_RC4_128_MD5
+ */
+#define MBEDTLS_KEY_EXCHANGE_RSA_ENABLED
+
+/**
+ * \def MBEDTLS_KEY_EXCHANGE_DHE_RSA_ENABLED
+ *
+ * Enable the DHE-RSA based ciphersuite modes in SSL / TLS.
+ *
+ * Requires: MBEDTLS_DHM_C, MBEDTLS_RSA_C, MBEDTLS_PKCS1_V15,
+ *           MBEDTLS_X509_CRT_PARSE_C
+ *
+ * This enables the following ciphersuites (if other requisites are
+ * enabled as well):
+ *      MBEDTLS_TLS_DHE_RSA_WITH_AES_256_GCM_SHA384
+ *      MBEDTLS_TLS_DHE_RSA_WITH_AES_256_CBC_SHA256
+ *      MBEDTLS_TLS_DHE_RSA_WITH_AES_256_CBC_SHA
+ *      MBEDTLS_TLS_DHE_RSA_WITH_CAMELLIA_256_GCM_SHA384
+ *      MBEDTLS_TLS_DHE_RSA_WITH_CAMELLIA_256_CBC_SHA256
+ *      MBEDTLS_TLS_DHE_RSA_WITH_CAMELLIA_256_CBC_SHA
+ *      MBEDTLS_TLS_DHE_RSA_WITH_AES_128_GCM_SHA256
+ *      MBEDTLS_TLS_DHE_RSA_WITH_AES_128_CBC_SHA256
+ *      MBEDTLS_TLS_DHE_RSA_WITH_AES_128_CBC_SHA
+ *      MBEDTLS_TLS_DHE_RSA_WITH_CAMELLIA_128_GCM_SHA256
+ *      MBEDTLS_TLS_DHE_RSA_WITH_CAMELLIA_128_CBC_SHA256
+ *      MBEDTLS_TLS_DHE_RSA_WITH_CAMELLIA_128_CBC_SHA
+ *      MBEDTLS_TLS_DHE_RSA_WITH_3DES_EDE_CBC_SHA
+ */
+#define MBEDTLS_KEY_EXCHANGE_DHE_RSA_ENABLED
+
+/**
+ * \def MBEDTLS_KEY_EXCHANGE_ECDHE_RSA_ENABLED
+ *
+ * Enable the ECDHE-RSA based ciphersuite modes in SSL / TLS.
+ *
+ * Requires: MBEDTLS_ECDH_C, MBEDTLS_RSA_C, MBEDTLS_PKCS1_V15,
+ *           MBEDTLS_X509_CRT_PARSE_C
+ *
+ * This enables the following ciphersuites (if other requisites are
+ * enabled as well):
+ *      MBEDTLS_TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384
+ *      MBEDTLS_TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384
+ *      MBEDTLS_TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA
+ *      MBEDTLS_TLS_ECDHE_RSA_WITH_CAMELLIA_256_GCM_SHA384
+ *      MBEDTLS_TLS_ECDHE_RSA_WITH_CAMELLIA_256_CBC_SHA384
+ *      MBEDTLS_TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256
+ *      MBEDTLS_TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256
+ *      MBEDTLS_TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA
+ *      MBEDTLS_TLS_ECDHE_RSA_WITH_CAMELLIA_128_GCM_SHA256
+ *      MBEDTLS_TLS_ECDHE_RSA_WITH_CAMELLIA_128_CBC_SHA256
+ *      MBEDTLS_TLS_ECDHE_RSA_WITH_3DES_EDE_CBC_SHA
+ *      MBEDTLS_TLS_ECDHE_RSA_WITH_RC4_128_SHA
+ */
+#define MBEDTLS_KEY_EXCHANGE_ECDHE_RSA_ENABLED
+
+/**
+ * \def MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA_ENABLED
+ *
+ * Enable the ECDHE-ECDSA based ciphersuite modes in SSL / TLS.
+ *
+ * Requires: MBEDTLS_ECDH_C, MBEDTLS_ECDSA_C, MBEDTLS_X509_CRT_PARSE_C,
+ *
+ * This enables the following ciphersuites (if other requisites are
+ * enabled as well):
+ *      MBEDTLS_TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384
+ *      MBEDTLS_TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA384
+ *      MBEDTLS_TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA
+ *      MBEDTLS_TLS_ECDHE_ECDSA_WITH_CAMELLIA_256_GCM_SHA384
+ *      MBEDTLS_TLS_ECDHE_ECDSA_WITH_CAMELLIA_256_CBC_SHA384
+ *      MBEDTLS_TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256
+ *      MBEDTLS_TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256
+ *      MBEDTLS_TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA
+ *      MBEDTLS_TLS_ECDHE_ECDSA_WITH_CAMELLIA_128_GCM_SHA256
+ *      MBEDTLS_TLS_ECDHE_ECDSA_WITH_CAMELLIA_128_CBC_SHA256
+ *      MBEDTLS_TLS_ECDHE_ECDSA_WITH_3DES_EDE_CBC_SHA
+ *      MBEDTLS_TLS_ECDHE_ECDSA_WITH_RC4_128_SHA
+ */
+#define MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA_ENABLED
+
+/**
+ * \def MBEDTLS_KEY_EXCHANGE_ECDH_ECDSA_ENABLED
+ *
+ * Enable the ECDH-ECDSA based ciphersuite modes in SSL / TLS.
+ *
+ * Requires: MBEDTLS_ECDH_C, MBEDTLS_X509_CRT_PARSE_C
+ *
+ * This enables the following ciphersuites (if other requisites are
+ * enabled as well):
+ *      MBEDTLS_TLS_ECDH_ECDSA_WITH_RC4_128_SHA
+ *      MBEDTLS_TLS_ECDH_ECDSA_WITH_3DES_EDE_CBC_SHA
+ *      MBEDTLS_TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA
+ *      MBEDTLS_TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA
+ *      MBEDTLS_TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA256
+ *      MBEDTLS_TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA384
+ *      MBEDTLS_TLS_ECDH_ECDSA_WITH_AES_128_GCM_SHA256
+ *      MBEDTLS_TLS_ECDH_ECDSA_WITH_AES_256_GCM_SHA384
+ *      MBEDTLS_TLS_ECDH_ECDSA_WITH_CAMELLIA_128_CBC_SHA256
+ *      MBEDTLS_TLS_ECDH_ECDSA_WITH_CAMELLIA_256_CBC_SHA384
+ *      MBEDTLS_TLS_ECDH_ECDSA_WITH_CAMELLIA_128_GCM_SHA256
+ *      MBEDTLS_TLS_ECDH_ECDSA_WITH_CAMELLIA_256_GCM_SHA384
+ */
+#define MBEDTLS_KEY_EXCHANGE_ECDH_ECDSA_ENABLED
+
+/**
+ * \def MBEDTLS_KEY_EXCHANGE_ECDH_RSA_ENABLED
+ *
+ * Enable the ECDH-RSA based ciphersuite modes in SSL / TLS.
+ *
+ * Requires: MBEDTLS_ECDH_C, MBEDTLS_X509_CRT_PARSE_C
+ *
+ * This enables the following ciphersuites (if other requisites are
+ * enabled as well):
+ *      MBEDTLS_TLS_ECDH_RSA_WITH_RC4_128_SHA
+ *      MBEDTLS_TLS_ECDH_RSA_WITH_3DES_EDE_CBC_SHA
+ *      MBEDTLS_TLS_ECDH_RSA_WITH_AES_128_CBC_SHA
+ *      MBEDTLS_TLS_ECDH_RSA_WITH_AES_256_CBC_SHA
+ *      MBEDTLS_TLS_ECDH_RSA_WITH_AES_128_CBC_SHA256
+ *      MBEDTLS_TLS_ECDH_RSA_WITH_AES_256_CBC_SHA384
+ *      MBEDTLS_TLS_ECDH_RSA_WITH_AES_128_GCM_SHA256
+ *      MBEDTLS_TLS_ECDH_RSA_WITH_AES_256_GCM_SHA384
+ *      MBEDTLS_TLS_ECDH_RSA_WITH_CAMELLIA_128_CBC_SHA256
+ *      MBEDTLS_TLS_ECDH_RSA_WITH_CAMELLIA_256_CBC_SHA384
+ *      MBEDTLS_TLS_ECDH_RSA_WITH_CAMELLIA_128_GCM_SHA256
+ *      MBEDTLS_TLS_ECDH_RSA_WITH_CAMELLIA_256_GCM_SHA384
+ */
+#define MBEDTLS_KEY_EXCHANGE_ECDH_RSA_ENABLED
+
+/**
+ * \def MBEDTLS_PK_PARSE_EC_EXTENDED
+ *
+ * Enhance support for reading EC keys using variants of SEC1 not allowed by
+ * RFC 5915 and RFC 5480.
+ *
+ * Currently this means parsing the SpecifiedECDomain choice of EC
+ * parameters (only known groups are supported, not arbitrary domains, to
+ * avoid validation issues).
+ *
+ * Disable if you only need to support RFC 5915 + 5480 key formats.
+ */
+#define MBEDTLS_PK_PARSE_EC_EXTENDED
+
+/**
+ * \def MBEDTLS_ERROR_STRERROR_DUMMY
+ *
+ * Enable a dummy error function to make use of mbedtls_strerror() in
+ * third party libraries easier when MBEDTLS_ERROR_C is disabled
+ * (no effect when MBEDTLS_ERROR_C is enabled).
+ *
+ * You can safely disable this if MBEDTLS_ERROR_C is enabled, or if you're
+ * not using mbedtls_strerror() or error_strerror() in your application.
+ *
+ * Disable if you run into name conflicts and want to really remove the
+ * mbedtls_strerror()
+ */
+#define MBEDTLS_ERROR_STRERROR_DUMMY
+
+/**
+ * \def MBEDTLS_GENPRIME
+ *
+ * Enable the prime-number generation code.
+ *
+ * Requires: MBEDTLS_BIGNUM_C
+ */
+#define MBEDTLS_GENPRIME
+
+/**
+ * \def MBEDTLS_FS_IO
+ *
+ * Enable functions that use the filesystem.
+ */
+#define MBEDTLS_FS_IO
+
+/**
+ * \def MBEDTLS_NO_DEFAULT_ENTROPY_SOURCES
+ *
+ * Do not add default entropy sources. These are the platform specific,
+ * mbedtls_timing_hardclock and HAVEGE based poll functions.
+ *
+ * This is useful to have more control over the added entropy sources in an
+ * application.
+ *
+ * Uncomment this macro to prevent loading of default entropy functions.
+ */
+//#define MBEDTLS_NO_DEFAULT_ENTROPY_SOURCES
+
+/**
+ * \def MBEDTLS_NO_PLATFORM_ENTROPY
+ *
+ * Do not use built-in platform entropy functions.
+ * This is useful if your platform does not support
+ * standards like the /dev/urandom or Windows CryptoAPI.
+ *
+ * Uncomment this macro to disable the built-in platform entropy functions.
+ */
+//#define MBEDTLS_NO_PLATFORM_ENTROPY
+
+/**
+ * \def MBEDTLS_ENTROPY_FORCE_SHA256
+ *
+ * Force the entropy accumulator to use a SHA-256 accumulator instead of the
+ * default SHA-512 based one (if both are available).
+ *
+ * Requires: MBEDTLS_SHA256_C
+ *
+ * On 32-bit systems SHA-256 can be much faster than SHA-512. Use this option
+ * if you have performance concerns.
+ *
+ * This option is only useful if both MBEDTLS_SHA256_C and
+ * MBEDTLS_SHA512_C are defined. Otherwise the available hash module is used.
+ */
+//#define MBEDTLS_ENTROPY_FORCE_SHA256
+
+/**
+ * \def MBEDTLS_MEMORY_DEBUG
+ *
+ * Enable debugging of buffer allocator memory issues. Automatically prints
+ * (to stderr) all (fatal) messages on memory allocation issues. Enables
+ * function for 'debug output' of allocated memory.
+ *
+ * Requires: MBEDTLS_MEMORY_BUFFER_ALLOC_C
+ *
+ * Uncomment this macro to let the buffer allocator print out error messages.
+ */
+//#define MBEDTLS_MEMORY_DEBUG
+
+/**
+ * \def MBEDTLS_MEMORY_BACKTRACE
+ *
+ * Include backtrace information with each allocated block.
+ *
+ * Requires: MBEDTLS_MEMORY_BUFFER_ALLOC_C
+ *           GLIBC-compatible backtrace() an backtrace_symbols() support
+ *
+ * Uncomment this macro to include backtrace information
+ */
+//#define MBEDTLS_MEMORY_BACKTRACE
+
+/**
+ * \def MBEDTLS_PK_RSA_ALT_SUPPORT
+ *
+ * Support external private RSA keys (eg from a HSM) in the PK layer.
+ *
+ * Comment this macro to disable support for external private RSA keys.
+ */
+#define MBEDTLS_PK_RSA_ALT_SUPPORT
+
+/**
+ * \def MBEDTLS_PKCS1_V15
+ *
+ * Enable support for PKCS#1 v1.5 encoding.
+ *
+ * Requires: MBEDTLS_RSA_C
+ *
+ * This enables support for PKCS#1 v1.5 operations.
+ */
+#define MBEDTLS_PKCS1_V15
+
+/**
+ * \def MBEDTLS_PKCS1_V21
+ *
+ * Enable support for PKCS#1 v2.1 encoding.
+ *
+ * Requires: MBEDTLS_MD_C, MBEDTLS_RSA_C
+ *
+ * This enables support for RSAES-OAEP and RSASSA-PSS operations.
+ */
+#define MBEDTLS_PKCS1_V21
+
+/**
+ * \def MBEDTLS_RSA_NO_CRT
+ *
+ * Do not use the Chinese Remainder Theorem for the RSA private operation.
+ *
+ * Uncomment this macro to disable the use of CRT in RSA.
+ *
+ */
+//#define MBEDTLS_RSA_NO_CRT
+
+/**
+ * \def MBEDTLS_SELF_TEST
+ *
+ * Enable the checkup functions (*_self_test).
+ */
+#define MBEDTLS_SELF_TEST
+
+/**
+ * \def MBEDTLS_SHA256_SMALLER
+ *
+ * Enable an implementation of SHA-256 that has lower ROM footprint but also
+ * lower performance.
+ *
+ * The default implementation is meant to be a reasonnable compromise between
+ * performance and size. This version optimizes more aggressively for size at
+ * the expense of performance. Eg on Cortex-M4 it reduces the size of
+ * mbedtls_sha256_process() from ~2KB to ~0.5KB for a performance hit of about
+ * 30%.
+ *
+ * Uncomment to enable the smaller implementation of SHA256.
+ */
+//#define MBEDTLS_SHA256_SMALLER
+
+/**
+ * \def MBEDTLS_SSL_AEAD_RANDOM_IV
+ *
+ * Generate a random IV rather than using the record sequence number as a
+ * nonce for ciphersuites using and AEAD algorithm (GCM or CCM).
+ *
+ * Using the sequence number is generally recommended.
+ *
+ * Uncomment this macro to always use random IVs with AEAD ciphersuites.
+ */
+//#define MBEDTLS_SSL_AEAD_RANDOM_IV
+
+/**
+ * \def MBEDTLS_SSL_ALL_ALERT_MESSAGES
+ *
+ * Enable sending of alert messages in case of encountered errors as per RFC.
+ * If you choose not to send the alert messages, mbed TLS can still communicate
+ * with other servers, only debugging of failures is harder.
+ *
+ * The advantage of not sending alert messages, is that no information is given
+ * about reasons for failures thus preventing adversaries of gaining intel.
+ *
+ * Enable sending of all alert messages
+ */
+#define MBEDTLS_SSL_ALL_ALERT_MESSAGES
+
+/**
+ * \def MBEDTLS_SSL_DEBUG_ALL
+ *
+ * Enable the debug messages in SSL module for all issues.
+ * Debug messages have been disabled in some places to prevent timing
+ * attacks due to (unbalanced) debugging function calls.
+ *
+ * If you need all error reporting you should enable this during debugging,
+ * but remove this for production servers that should log as well.
+ *
+ * Uncomment this macro to report all debug messages on errors introducing
+ * a timing side-channel.
+ *
+ */
+//#define MBEDTLS_SSL_DEBUG_ALL
+
+/** \def MBEDTLS_SSL_ENCRYPT_THEN_MAC
+ *
+ * Enable support for Encrypt-then-MAC, RFC 7366.
+ *
+ * This allows peers that both support it to use a more robust protection for
+ * ciphersuites using CBC, providing deep resistance against timing attacks
+ * on the padding or underlying cipher.
+ *
+ * This only affects CBC ciphersuites, and is useless if none is defined.
+ *
+ * Requires: MBEDTLS_SSL_PROTO_TLS1    or
+ *           MBEDTLS_SSL_PROTO_TLS1_1  or
+ *           MBEDTLS_SSL_PROTO_TLS1_2
+ *
+ * Comment this macro to disable support for Encrypt-then-MAC
+ */
+#define MBEDTLS_SSL_ENCRYPT_THEN_MAC
+
+/** \def MBEDTLS_SSL_EXTENDED_MASTER_SECRET
+ *
+ * Enable support for Extended Master Secret, aka Session Hash
+ * (draft-ietf-tls-session-hash-02).
+ *
+ * This was introduced as "the proper fix" to the Triple Handshake familiy of
+ * attacks, but it is recommended to always use it (even if you disable
+ * renegotiation), since it actually fixes a more fundamental issue in the
+ * original SSL/TLS design, and has implications beyond Triple Handshake.
+ *
+ * Requires: MBEDTLS_SSL_PROTO_TLS1    or
+ *           MBEDTLS_SSL_PROTO_TLS1_1  or
+ *           MBEDTLS_SSL_PROTO_TLS1_2
+ *
+ * Comment this macro to disable support for Extended Master Secret.
+ */
+#define MBEDTLS_SSL_EXTENDED_MASTER_SECRET
+
+/**
+ * \def MBEDTLS_SSL_FALLBACK_SCSV
+ *
+ * Enable support for FALLBACK_SCSV (draft-ietf-tls-downgrade-scsv-00).
+ *
+ * For servers, it is recommended to always enable this, unless you support
+ * only one version of TLS, or know for sure that none of your clients
+ * implements a fallback strategy.
+ *
+ * For clients, you only need this if you're using a fallback strategy, which
+ * is not recommended in the first place, unless you absolutely need it to
+ * interoperate with buggy (version-intolerant) servers.
+ *
+ * Comment this macro to disable support for FALLBACK_SCSV
+ */
+#define MBEDTLS_SSL_FALLBACK_SCSV
+
+/**
+ * \def MBEDTLS_SSL_HW_RECORD_ACCEL
+ *
+ * Enable hooking functions in SSL module for hardware acceleration of
+ * individual records.
+ *
+ * Uncomment this macro to enable hooking functions.
+ */
+//#define MBEDTLS_SSL_HW_RECORD_ACCEL
+
+/**
+ * \def MBEDTLS_SSL_CBC_RECORD_SPLITTING
+ *
+ * Enable 1/n-1 record splitting for CBC mode in SSLv3 and TLS 1.0.
+ *
+ * This is a countermeasure to the BEAST attack, which also minimizes the risk
+ * of interoperability issues compared to sending 0-length records.
+ *
+ * Comment this macro to disable 1/n-1 record splitting.
+ */
+#define MBEDTLS_SSL_CBC_RECORD_SPLITTING
+
+/**
+ * \def MBEDTLS_SSL_RENEGOTIATION
+ *
+ * Disable support for TLS renegotiation.
+ *
+ * The two main uses of renegotiation are (1) refresh keys on long-lived
+ * connections and (2) client authentication after the initial handshake.
+ * If you don't need renegotiation, it's probably better to disable it, since
+ * it has been associated with security issues in the past and is easy to
+ * misuse/misunderstand.
+ *
+ * Comment this to disable support for renegotiation.
+ */
+#define MBEDTLS_SSL_RENEGOTIATION
+
+/**
+ * \def MBEDTLS_SSL_SRV_SUPPORT_SSLV2_CLIENT_HELLO
+ *
+ * Enable support for receiving and parsing SSLv2 Client Hello messages for the
+ * SSL Server module (MBEDTLS_SSL_SRV_C).
+ *
+ * Uncomment this macro to enable support for SSLv2 Client Hello messages.
+ */
+//#define MBEDTLS_SSL_SRV_SUPPORT_SSLV2_CLIENT_HELLO
+
+/**
+ * \def MBEDTLS_SSL_SRV_RESPECT_CLIENT_PREFERENCE
+ *
+ * Pick the ciphersuite according to the client's preferences rather than ours
+ * in the SSL Server module (MBEDTLS_SSL_SRV_C).
+ *
+ * Uncomment this macro to respect client's ciphersuite order
+ */
+//#define MBEDTLS_SSL_SRV_RESPECT_CLIENT_PREFERENCE
+
+/**
+ * \def MBEDTLS_SSL_MAX_FRAGMENT_LENGTH
+ *
+ * Enable support for RFC 6066 max_fragment_length extension in SSL.
+ *
+ * Comment this macro to disable support for the max_fragment_length extension
+ */
+#define MBEDTLS_SSL_MAX_FRAGMENT_LENGTH
+
+/**
+ * \def MBEDTLS_SSL_PROTO_SSL3
+ *
+ * Enable support for SSL 3.0.
+ *
+ * Requires: MBEDTLS_MD5_C
+ *           MBEDTLS_SHA1_C
+ *
+ * Comment this macro to disable support for SSL 3.0
+ */
+#define MBEDTLS_SSL_PROTO_SSL3
+
+/**
+ * \def MBEDTLS_SSL_PROTO_TLS1
+ *
+ * Enable support for TLS 1.0.
+ *
+ * Requires: MBEDTLS_MD5_C
+ *           MBEDTLS_SHA1_C
+ *
+ * Comment this macro to disable support for TLS 1.0
+ */
+#define MBEDTLS_SSL_PROTO_TLS1
+
+/**
+ * \def MBEDTLS_SSL_PROTO_TLS1_1
+ *
+ * Enable support for TLS 1.1 (and DTLS 1.0 if DTLS is enabled).
+ *
+ * Requires: MBEDTLS_MD5_C
+ *           MBEDTLS_SHA1_C
+ *
+ * Comment this macro to disable support for TLS 1.1 / DTLS 1.0
+ */
+#define MBEDTLS_SSL_PROTO_TLS1_1
+
+/**
+ * \def MBEDTLS_SSL_PROTO_TLS1_2
+ *
+ * Enable support for TLS 1.2 (and DTLS 1.2 if DTLS is enabled).
+ *
+ * Requires: MBEDTLS_SHA1_C or MBEDTLS_SHA256_C or MBEDTLS_SHA512_C
+ *           (Depends on ciphersuites)
+ *
+ * Comment this macro to disable support for TLS 1.2 / DTLS 1.2
+ */
+#define MBEDTLS_SSL_PROTO_TLS1_2
+
+/**
+ * \def MBEDTLS_SSL_PROTO_DTLS
+ *
+ * Enable support for DTLS (all available versions).
+ *
+ * Enable this and MBEDTLS_SSL_PROTO_TLS1_1 to enable DTLS 1.0,
+ * and/or this and MBEDTLS_SSL_PROTO_TLS1_2 to enable DTLS 1.2.
+ *
+ * Requires: MBEDTLS_SSL_PROTO_TLS1_1
+ *        or MBEDTLS_SSL_PROTO_TLS1_2
+ *
+ * Comment this macro to disable support for DTLS
+ */
+#define MBEDTLS_SSL_PROTO_DTLS
+
+/**
+ * \def MBEDTLS_SSL_ALPN
+ *
+ * Enable support for RFC 7301 Application Layer Protocol Negotiation.
+ *
+ * Comment this macro to disable support for ALPN.
+ */
+#define MBEDTLS_SSL_ALPN
+
+/**
+ * \def MBEDTLS_SSL_DTLS_ANTI_REPLAY
+ *
+ * Enable support for the anti-replay mechanism in DTLS.
+ *
+ * Requires: MBEDTLS_SSL_TLS_C
+ *           MBEDTLS_SSL_PROTO_DTLS
+ *
+ * \warning Disabling this is often a security risk!
+ * See mbedtls_ssl_conf_dtls_anti_replay() for details.
+ *
+ * Comment this to disable anti-replay in DTLS.
+ */
+#define MBEDTLS_SSL_DTLS_ANTI_REPLAY
+
+/**
+ * \def MBEDTLS_SSL_DTLS_HELLO_VERIFY
+ *
+ * Enable support for HelloVerifyRequest on DTLS servers.
+ *
+ * This feature is highly recommended to prevent DTLS servers being used as
+ * amplifiers in DoS attacks against other hosts. It should always be enabled
+ * unless you know for sure amplification cannot be a problem in the
+ * environment in which your server operates.
+ *
+ * \warning Disabling this can ba a security risk! (see above)
+ *
+ * Requires: MBEDTLS_SSL_PROTO_DTLS
+ *
+ * Comment this to disable support for HelloVerifyRequest.
+ */
+#define MBEDTLS_SSL_DTLS_HELLO_VERIFY
+
+/**
+ * \def MBEDTLS_SSL_DTLS_CLIENT_PORT_REUSE
+ *
+ * Enable server-side support for clients that reconnect from the same port.
+ *
+ * Some clients unexpectedly close the connection and try to reconnect using the
+ * same source port. This needs special support from the server to handle the
+ * new connection securely, as described in section 4.2.8 of RFC 6347. This
+ * flag enables that support.
+ *
+ * Requires: MBEDTLS_SSL_DTLS_HELLO_VERIFY
+ *
+ * Comment this to disable support for clients reusing the source port.
+ */
+#define MBEDTLS_SSL_DTLS_CLIENT_PORT_REUSE
+
+/**
+ * \def MBEDTLS_SSL_DTLS_BADMAC_LIMIT
+ *
+ * Enable support for a limit of records with bad MAC.
+ *
+ * See mbedtls_ssl_conf_dtls_badmac_limit().
+ *
+ * Requires: MBEDTLS_SSL_PROTO_DTLS
+ */
+#define MBEDTLS_SSL_DTLS_BADMAC_LIMIT
+
+/**
+ * \def MBEDTLS_SSL_SESSION_TICKETS
+ *
+ * Enable support for RFC 5077 session tickets in SSL.
+ * Client-side, provides full support for session tickets (maintainance of a
+ * session store remains the responsibility of the application, though).
+ * Server-side, you also need to provide callbacks for writing and parsing
+ * tickets, including authenticated encryption and key management. Example
+ * callbacks are provided by MBEDTLS_SSL_TICKET_C.
+ *
+ * Comment this macro to disable support for SSL session tickets
+ */
+#define MBEDTLS_SSL_SESSION_TICKETS
+
+/**
+ * \def MBEDTLS_SSL_SERVER_NAME_INDICATION
+ *
+ * Enable support for RFC 6066 server name indication (SNI) in SSL.
+ *
+ * Requires: MBEDTLS_X509_CRT_PARSE_C
+ *
+ * Comment this macro to disable support for server name indication in SSL
+ */
+#define MBEDTLS_SSL_SERVER_NAME_INDICATION
+
+/**
+ * \def MBEDTLS_SSL_TRUNCATED_HMAC
+ *
+ * Enable support for RFC 6066 truncated HMAC in SSL.
+ *
+ * Comment this macro to disable support for truncated HMAC in SSL
+ */
+#define MBEDTLS_SSL_TRUNCATED_HMAC
+
+/**
+ * \def MBEDTLS_THREADING_ALT
+ *
+ * Provide your own alternate threading implementation.
+ *
+ * Requires: MBEDTLS_THREADING_C
+ *
+ * Uncomment this to allow your own alternate threading implementation.
+ */
+//#define MBEDTLS_THREADING_ALT
+
+/**
+ * \def MBEDTLS_THREADING_PTHREAD
+ *
+ * Enable the pthread wrapper layer for the threading layer.
+ *
+ * Requires: MBEDTLS_THREADING_C
+ *
+ * Uncomment this to enable pthread mutexes.
+ */
+//#define MBEDTLS_THREADING_PTHREAD
+
+/**
+ * \def MBEDTLS_VERSION_FEATURES
+ *
+ * Allow run-time checking of compile-time enabled features. Thus allowing users
+ * to check at run-time if the library is for instance compiled with threading
+ * support via mbedtls_version_check_feature().
+ *
+ * Requires: MBEDTLS_VERSION_C
+ *
+ * Comment this to disable run-time checking and save ROM space
+ */
+#define MBEDTLS_VERSION_FEATURES
+
+/**
+ * \def MBEDTLS_X509_ALLOW_EXTENSIONS_NON_V3
+ *
+ * If set, the X509 parser will not break-off when parsing an X509 certificate
+ * and encountering an extension in a v1 or v2 certificate.
+ *
+ * Uncomment to prevent an error.
+ */
+//#define MBEDTLS_X509_ALLOW_EXTENSIONS_NON_V3
+
+/**
+ * \def MBEDTLS_X509_ALLOW_UNSUPPORTED_CRITICAL_EXTENSION
+ *
+ * If set, the X509 parser will not break-off when parsing an X509 certificate
+ * and encountering an unknown critical extension.
+ *
+ * \warning Depending on your PKI use, enabling this can be a security risk!
+ *
+ * Uncomment to prevent an error.
+ */
+//#define MBEDTLS_X509_ALLOW_UNSUPPORTED_CRITICAL_EXTENSION
+
+/**
+ * \def MBEDTLS_X509_CHECK_KEY_USAGE
+ *
+ * Enable verification of the keyUsage extension (CA and leaf certificates).
+ *
+ * Disabling this avoids problems with mis-issued and/or misused
+ * (intermediate) CA and leaf certificates.
+ *
+ * \warning Depending on your PKI use, disabling this can be a security risk!
+ *
+ * Comment to skip keyUsage checking for both CA and leaf certificates.
+ */
+#define MBEDTLS_X509_CHECK_KEY_USAGE
+
+/**
+ * \def MBEDTLS_X509_CHECK_EXTENDED_KEY_USAGE
+ *
+ * Enable verification of the extendedKeyUsage extension (leaf certificates).
+ *
+ * Disabling this avoids problems with mis-issued and/or misused certificates.
+ *
+ * \warning Depending on your PKI use, disabling this can be a security risk!
+ *
+ * Comment to skip extendedKeyUsage checking for certificates.
+ */
+#define MBEDTLS_X509_CHECK_EXTENDED_KEY_USAGE
+
+/**
+ * \def MBEDTLS_X509_RSASSA_PSS_SUPPORT
+ *
+ * Enable parsing and verification of X.509 certificates, CRLs and CSRS
+ * signed with RSASSA-PSS (aka PKCS#1 v2.1).
+ *
+ * Comment this macro to disallow using RSASSA-PSS in certificates.
+ */
+#define MBEDTLS_X509_RSASSA_PSS_SUPPORT
+
+/**
+ * \def MBEDTLS_ZLIB_SUPPORT
+ *
+ * If set, the SSL/TLS module uses ZLIB to support compression and
+ * decompression of packet data.
+ *
+ * \warning TLS-level compression MAY REDUCE SECURITY! See for example the
+ * CRIME attack. Before enabling this option, you should examine with care if
+ * CRIME or similar exploits may be a applicable to your use case.
+ *
+ * \note Currently compression can't be used with DTLS.
+ *
+ * Used in: library/ssl_tls.c
+ *          library/ssl_cli.c
+ *          library/ssl_srv.c
+ *
+ * This feature requires zlib library and headers to be present.
+ *
+ * Uncomment to enable use of ZLIB
+ */
+//#define MBEDTLS_ZLIB_SUPPORT
+/* \} name SECTION: mbed TLS feature support */
+
+/**
+ * \name SECTION: mbed TLS modules
+ *
+ * This section enables or disables entire modules in mbed TLS
+ * \{
+ */
+
+/**
+ * \def MBEDTLS_AESNI_C
+ *
+ * Enable AES-NI support on x86-64.
+ *
+ * Module:  library/aesni.c
+ * Caller:  library/aes.c
+ *
+ * Requires: MBEDTLS_HAVE_ASM
+ *
+ * This modules adds support for the AES-NI instructions on x86-64
+ */
+#define MBEDTLS_AESNI_C
+
+/**
+ * \def MBEDTLS_AES_C
+ *
+ * Enable the AES block cipher.
+ *
+ * Module:  library/aes.c
+ * Caller:  library/ssl_tls.c
+ *          library/pem.c
+ *          library/ctr_drbg.c
+ *
+ * This module enables the following ciphersuites (if other requisites are
+ * enabled as well):
+ *      MBEDTLS_TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA
+ *      MBEDTLS_TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA
+ *      MBEDTLS_TLS_ECDH_RSA_WITH_AES_128_CBC_SHA
+ *      MBEDTLS_TLS_ECDH_RSA_WITH_AES_256_CBC_SHA
+ *      MBEDTLS_TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA256
+ *      MBEDTLS_TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA384
+ *      MBEDTLS_TLS_ECDH_RSA_WITH_AES_128_CBC_SHA256
+ *      MBEDTLS_TLS_ECDH_RSA_WITH_AES_256_CBC_SHA384
+ *      MBEDTLS_TLS_ECDH_ECDSA_WITH_AES_128_GCM_SHA256
+ *      MBEDTLS_TLS_ECDH_ECDSA_WITH_AES_256_GCM_SHA384
+ *      MBEDTLS_TLS_ECDH_RSA_WITH_AES_128_GCM_SHA256
+ *      MBEDTLS_TLS_ECDH_RSA_WITH_AES_256_GCM_SHA384
+ *      MBEDTLS_TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384
+ *      MBEDTLS_TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384
+ *      MBEDTLS_TLS_DHE_RSA_WITH_AES_256_GCM_SHA384
+ *      MBEDTLS_TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA384
+ *      MBEDTLS_TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384
+ *      MBEDTLS_TLS_DHE_RSA_WITH_AES_256_CBC_SHA256
+ *      MBEDTLS_TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA
+ *      MBEDTLS_TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA
+ *      MBEDTLS_TLS_DHE_RSA_WITH_AES_256_CBC_SHA
+ *      MBEDTLS_TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256
+ *      MBEDTLS_TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256
+ *      MBEDTLS_TLS_DHE_RSA_WITH_AES_128_GCM_SHA256
+ *      MBEDTLS_TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256
+ *      MBEDTLS_TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256
+ *      MBEDTLS_TLS_DHE_RSA_WITH_AES_128_CBC_SHA256
+ *      MBEDTLS_TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA
+ *      MBEDTLS_TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA
+ *      MBEDTLS_TLS_DHE_RSA_WITH_AES_128_CBC_SHA
+ *      MBEDTLS_TLS_DHE_PSK_WITH_AES_256_GCM_SHA384
+ *      MBEDTLS_TLS_ECDHE_PSK_WITH_AES_256_CBC_SHA384
+ *      MBEDTLS_TLS_DHE_PSK_WITH_AES_256_CBC_SHA384
+ *      MBEDTLS_TLS_ECDHE_PSK_WITH_AES_256_CBC_SHA
+ *      MBEDTLS_TLS_DHE_PSK_WITH_AES_256_CBC_SHA
+ *      MBEDTLS_TLS_DHE_PSK_WITH_AES_128_GCM_SHA256
+ *      MBEDTLS_TLS_ECDHE_PSK_WITH_AES_128_CBC_SHA256
+ *      MBEDTLS_TLS_DHE_PSK_WITH_AES_128_CBC_SHA256
+ *      MBEDTLS_TLS_ECDHE_PSK_WITH_AES_128_CBC_SHA
+ *      MBEDTLS_TLS_DHE_PSK_WITH_AES_128_CBC_SHA
+ *      MBEDTLS_TLS_RSA_WITH_AES_256_GCM_SHA384
+ *      MBEDTLS_TLS_RSA_WITH_AES_256_CBC_SHA256
+ *      MBEDTLS_TLS_RSA_WITH_AES_256_CBC_SHA
+ *      MBEDTLS_TLS_RSA_WITH_AES_128_GCM_SHA256
+ *      MBEDTLS_TLS_RSA_WITH_AES_128_CBC_SHA256
+ *      MBEDTLS_TLS_RSA_WITH_AES_128_CBC_SHA
+ *      MBEDTLS_TLS_RSA_PSK_WITH_AES_256_GCM_SHA384
+ *      MBEDTLS_TLS_RSA_PSK_WITH_AES_256_CBC_SHA384
+ *      MBEDTLS_TLS_RSA_PSK_WITH_AES_256_CBC_SHA
+ *      MBEDTLS_TLS_RSA_PSK_WITH_AES_128_GCM_SHA256
+ *      MBEDTLS_TLS_RSA_PSK_WITH_AES_128_CBC_SHA256
+ *      MBEDTLS_TLS_RSA_PSK_WITH_AES_128_CBC_SHA
+ *      MBEDTLS_TLS_PSK_WITH_AES_256_GCM_SHA384
+ *      MBEDTLS_TLS_PSK_WITH_AES_256_CBC_SHA384
+ *      MBEDTLS_TLS_PSK_WITH_AES_256_CBC_SHA
+ *      MBEDTLS_TLS_PSK_WITH_AES_128_GCM_SHA256
+ *      MBEDTLS_TLS_PSK_WITH_AES_128_CBC_SHA256
+ *      MBEDTLS_TLS_PSK_WITH_AES_128_CBC_SHA
+ *
+ * PEM_PARSE uses AES for decrypting encrypted keys.
+ */
+#define MBEDTLS_AES_C
+
+/**
+ * \def MBEDTLS_ARC4_C
+ *
+ * Enable the ARCFOUR stream cipher.
+ *
+ * Module:  library/arc4.c
+ * Caller:  library/ssl_tls.c
+ *
+ * This module enables the following ciphersuites (if other requisites are
+ * enabled as well):
+ *      MBEDTLS_TLS_ECDH_ECDSA_WITH_RC4_128_SHA
+ *      MBEDTLS_TLS_ECDH_RSA_WITH_RC4_128_SHA
+ *      MBEDTLS_TLS_ECDHE_ECDSA_WITH_RC4_128_SHA
+ *      MBEDTLS_TLS_ECDHE_RSA_WITH_RC4_128_SHA
+ *      MBEDTLS_TLS_ECDHE_PSK_WITH_RC4_128_SHA
+ *      MBEDTLS_TLS_DHE_PSK_WITH_RC4_128_SHA
+ *      MBEDTLS_TLS_RSA_WITH_RC4_128_SHA
+ *      MBEDTLS_TLS_RSA_WITH_RC4_128_MD5
+ *      MBEDTLS_TLS_RSA_PSK_WITH_RC4_128_SHA
+ *      MBEDTLS_TLS_PSK_WITH_RC4_128_SHA
+ */
+#define MBEDTLS_ARC4_C
+
+/**
+ * \def MBEDTLS_ASN1_PARSE_C
+ *
+ * Enable the generic ASN1 parser.
+ *
+ * Module:  library/asn1.c
+ * Caller:  library/x509.c
+ *          library/dhm.c
+ *          library/pkcs12.c
+ *          library/pkcs5.c
+ *          library/pkparse.c
+ */
+#define MBEDTLS_ASN1_PARSE_C
+
+/**
+ * \def MBEDTLS_ASN1_WRITE_C
+ *
+ * Enable the generic ASN1 writer.
+ *
+ * Module:  library/asn1write.c
+ * Caller:  library/ecdsa.c
+ *          library/pkwrite.c
+ *          library/x509_create.c
+ *          library/x509write_crt.c
+ *          library/mbedtls_x509write_csr.c
+ */
+#define MBEDTLS_ASN1_WRITE_C
+
+/**
+ * \def MBEDTLS_BASE64_C
+ *
+ * Enable the Base64 module.
+ *
+ * Module:  library/base64.c
+ * Caller:  library/pem.c
+ *
+ * This module is required for PEM support (required by X.509).
+ */
+#define MBEDTLS_BASE64_C
+
+/**
+ * \def MBEDTLS_BIGNUM_C
+ *
+ * Enable the multi-precision integer library.
+ *
+ * Module:  library/bignum.c
+ * Caller:  library/dhm.c
+ *          library/ecp.c
+ *          library/ecdsa.c
+ *          library/rsa.c
+ *          library/ssl_tls.c
+ *
+ * This module is required for RSA, DHM and ECC (ECDH, ECDSA) support.
+ */
+#define MBEDTLS_BIGNUM_C
+
+/**
+ * \def MBEDTLS_BLOWFISH_C
+ *
+ * Enable the Blowfish block cipher.
+ *
+ * Module:  library/blowfish.c
+ */
+#define MBEDTLS_BLOWFISH_C
+
+/**
+ * \def MBEDTLS_CAMELLIA_C
+ *
+ * Enable the Camellia block cipher.
+ *
+ * Module:  library/camellia.c
+ * Caller:  library/ssl_tls.c
+ *
+ * This module enables the following ciphersuites (if other requisites are
+ * enabled as well):
+ *      MBEDTLS_TLS_ECDH_ECDSA_WITH_CAMELLIA_128_CBC_SHA256
+ *      MBEDTLS_TLS_ECDH_ECDSA_WITH_CAMELLIA_256_CBC_SHA384
+ *      MBEDTLS_TLS_ECDH_RSA_WITH_CAMELLIA_128_CBC_SHA256
+ *      MBEDTLS_TLS_ECDH_RSA_WITH_CAMELLIA_256_CBC_SHA384
+ *      MBEDTLS_TLS_ECDH_ECDSA_WITH_CAMELLIA_128_GCM_SHA256
+ *      MBEDTLS_TLS_ECDH_ECDSA_WITH_CAMELLIA_256_GCM_SHA384
+ *      MBEDTLS_TLS_ECDH_RSA_WITH_CAMELLIA_128_GCM_SHA256
+ *      MBEDTLS_TLS_ECDH_RSA_WITH_CAMELLIA_256_GCM_SHA384
+ *      MBEDTLS_TLS_ECDHE_ECDSA_WITH_CAMELLIA_256_GCM_SHA384
+ *      MBEDTLS_TLS_ECDHE_RSA_WITH_CAMELLIA_256_GCM_SHA384
+ *      MBEDTLS_TLS_DHE_RSA_WITH_CAMELLIA_256_GCM_SHA384
+ *      MBEDTLS_TLS_ECDHE_ECDSA_WITH_CAMELLIA_256_CBC_SHA384
+ *      MBEDTLS_TLS_ECDHE_RSA_WITH_CAMELLIA_256_CBC_SHA384
+ *      MBEDTLS_TLS_DHE_RSA_WITH_CAMELLIA_256_CBC_SHA256
+ *      MBEDTLS_TLS_DHE_RSA_WITH_CAMELLIA_256_CBC_SHA
+ *      MBEDTLS_TLS_ECDHE_ECDSA_WITH_CAMELLIA_128_GCM_SHA256
+ *      MBEDTLS_TLS_ECDHE_RSA_WITH_CAMELLIA_128_GCM_SHA256
+ *      MBEDTLS_TLS_DHE_RSA_WITH_CAMELLIA_128_GCM_SHA256
+ *      MBEDTLS_TLS_ECDHE_ECDSA_WITH_CAMELLIA_128_CBC_SHA256
+ *      MBEDTLS_TLS_ECDHE_RSA_WITH_CAMELLIA_128_CBC_SHA256
+ *      MBEDTLS_TLS_DHE_RSA_WITH_CAMELLIA_128_CBC_SHA256
+ *      MBEDTLS_TLS_DHE_RSA_WITH_CAMELLIA_128_CBC_SHA
+ *      MBEDTLS_TLS_DHE_PSK_WITH_CAMELLIA_256_GCM_SHA384
+ *      MBEDTLS_TLS_ECDHE_PSK_WITH_CAMELLIA_256_CBC_SHA384
+ *      MBEDTLS_TLS_DHE_PSK_WITH_CAMELLIA_256_CBC_SHA384
+ *      MBEDTLS_TLS_DHE_PSK_WITH_CAMELLIA_128_GCM_SHA256
+ *      MBEDTLS_TLS_DHE_PSK_WITH_CAMELLIA_128_CBC_SHA256
+ *      MBEDTLS_TLS_ECDHE_PSK_WITH_CAMELLIA_128_CBC_SHA256
+ *      MBEDTLS_TLS_RSA_WITH_CAMELLIA_256_GCM_SHA384
+ *      MBEDTLS_TLS_RSA_WITH_CAMELLIA_256_CBC_SHA256
+ *      MBEDTLS_TLS_RSA_WITH_CAMELLIA_256_CBC_SHA
+ *      MBEDTLS_TLS_RSA_WITH_CAMELLIA_128_GCM_SHA256
+ *      MBEDTLS_TLS_RSA_WITH_CAMELLIA_128_CBC_SHA256
+ *      MBEDTLS_TLS_RSA_WITH_CAMELLIA_128_CBC_SHA
+ *      MBEDTLS_TLS_RSA_PSK_WITH_CAMELLIA_256_GCM_SHA384
+ *      MBEDTLS_TLS_RSA_PSK_WITH_CAMELLIA_256_CBC_SHA384
+ *      MBEDTLS_TLS_RSA_PSK_WITH_CAMELLIA_128_GCM_SHA256
+ *      MBEDTLS_TLS_RSA_PSK_WITH_CAMELLIA_128_CBC_SHA256
+ *      MBEDTLS_TLS_PSK_WITH_CAMELLIA_256_GCM_SHA384
+ *      MBEDTLS_TLS_PSK_WITH_CAMELLIA_256_CBC_SHA384
+ *      MBEDTLS_TLS_PSK_WITH_CAMELLIA_128_GCM_SHA256
+ *      MBEDTLS_TLS_PSK_WITH_CAMELLIA_128_CBC_SHA256
+ */
+#define MBEDTLS_CAMELLIA_C
+
+/**
+ * \def MBEDTLS_CCM_C
+ *
+ * Enable the Counter with CBC-MAC (CCM) mode for 128-bit block cipher.
+ *
+ * Module:  library/ccm.c
+ *
+ * Requires: MBEDTLS_AES_C or MBEDTLS_CAMELLIA_C
+ *
+ * This module enables the AES-CCM ciphersuites, if other requisites are
+ * enabled as well.
+ */
+#define MBEDTLS_CCM_C
+
+/**
+ * \def MBEDTLS_CERTS_C
+ *
+ * Enable the test certificates.
+ *
+ * Module:  library/certs.c
+ * Caller:
+ *
+ * This module is used for testing (ssl_client/server).
+ */
+#define MBEDTLS_CERTS_C
+
+/**
+ * \def MBEDTLS_CIPHER_C
+ *
+ * Enable the generic cipher layer.
+ *
+ * Module:  library/cipher.c
+ * Caller:  library/ssl_tls.c
+ *
+ * Uncomment to enable generic cipher wrappers.
+ */
+#define MBEDTLS_CIPHER_C
+
+/**
+ * \def MBEDTLS_CTR_DRBG_C
+ *
+ * Enable the CTR_DRBG AES-256-based random generator.
+ *
+ * Module:  library/ctr_drbg.c
+ * Caller:
+ *
+ * Requires: MBEDTLS_AES_C
+ *
+ * This module provides the CTR_DRBG AES-256 random number generator.
+ */
+#define MBEDTLS_CTR_DRBG_C
+
+/**
+ * \def MBEDTLS_DEBUG_C
+ *
+ * Enable the debug functions.
+ *
+ * Module:  library/debug.c
+ * Caller:  library/ssl_cli.c
+ *          library/ssl_srv.c
+ *          library/ssl_tls.c
+ *
+ * This module provides debugging functions.
+ */
+#define MBEDTLS_DEBUG_C
+
+/**
+ * \def MBEDTLS_DES_C
+ *
+ * Enable the DES block cipher.
+ *
+ * Module:  library/des.c
+ * Caller:  library/pem.c
+ *          library/ssl_tls.c
+ *
+ * This module enables the following ciphersuites (if other requisites are
+ * enabled as well):
+ *      MBEDTLS_TLS_ECDH_ECDSA_WITH_3DES_EDE_CBC_SHA
+ *      MBEDTLS_TLS_ECDH_RSA_WITH_3DES_EDE_CBC_SHA
+ *      MBEDTLS_TLS_ECDHE_ECDSA_WITH_3DES_EDE_CBC_SHA
+ *      MBEDTLS_TLS_ECDHE_RSA_WITH_3DES_EDE_CBC_SHA
+ *      MBEDTLS_TLS_DHE_RSA_WITH_3DES_EDE_CBC_SHA
+ *      MBEDTLS_TLS_ECDHE_PSK_WITH_3DES_EDE_CBC_SHA
+ *      MBEDTLS_TLS_DHE_PSK_WITH_3DES_EDE_CBC_SHA
+ *      MBEDTLS_TLS_RSA_WITH_3DES_EDE_CBC_SHA
+ *      MBEDTLS_TLS_RSA_PSK_WITH_3DES_EDE_CBC_SHA
+ *      MBEDTLS_TLS_PSK_WITH_3DES_EDE_CBC_SHA
+ *
+ * PEM_PARSE uses DES/3DES for decrypting encrypted keys.
+ */
+#define MBEDTLS_DES_C
+
+/**
+ * \def MBEDTLS_DHM_C
+ *
+ * Enable the Diffie-Hellman-Merkle module.
+ *
+ * Module:  library/dhm.c
+ * Caller:  library/ssl_cli.c
+ *          library/ssl_srv.c
+ *
+ * This module is used by the following key exchanges:
+ *      DHE-RSA, DHE-PSK
+ */
+#define MBEDTLS_DHM_C
+
+/**
+ * \def MBEDTLS_ECDH_C
+ *
+ * Enable the elliptic curve Diffie-Hellman library.
+ *
+ * Module:  library/ecdh.c
+ * Caller:  library/ssl_cli.c
+ *          library/ssl_srv.c
+ *
+ * This module is used by the following key exchanges:
+ *      ECDHE-ECDSA, ECDHE-RSA, DHE-PSK
+ *
+ * Requires: MBEDTLS_ECP_C
+ */
+#define MBEDTLS_ECDH_C
+
+/**
+ * \def MBEDTLS_ECDSA_C
+ *
+ * Enable the elliptic curve DSA library.
+ *
+ * Module:  library/ecdsa.c
+ * Caller:
+ *
+ * This module is used by the following key exchanges:
+ *      ECDHE-ECDSA
+ *
+ * Requires: MBEDTLS_ECP_C, MBEDTLS_ASN1_WRITE_C, MBEDTLS_ASN1_PARSE_C
+ */
+#define MBEDTLS_ECDSA_C
+
+/**
+ * \def MBEDTLS_ECP_C
+ *
+ * Enable the elliptic curve over GF(p) library.
+ *
+ * Module:  library/ecp.c
+ * Caller:  library/ecdh.c
+ *          library/ecdsa.c
+ *
+ * Requires: MBEDTLS_BIGNUM_C and at least one MBEDTLS_ECP_DP_XXX_ENABLED
+ */
+#define MBEDTLS_ECP_C
+
+/**
+ * \def MBEDTLS_ENTROPY_C
+ *
+ * Enable the platform-specific entropy code.
+ *
+ * Module:  library/entropy.c
+ * Caller:
+ *
+ * Requires: MBEDTLS_SHA512_C or MBEDTLS_SHA256_C
+ *
+ * This module provides a generic entropy pool
+ */
+#define MBEDTLS_ENTROPY_C
+
+/**
+ * \def MBEDTLS_ERROR_C
+ *
+ * Enable error code to error string conversion.
+ *
+ * Module:  library/error.c
+ * Caller:
+ *
+ * This module enables mbedtls_strerror().
+ */
+#define MBEDTLS_ERROR_C
+
+/**
+ * \def MBEDTLS_GCM_C
+ *
+ * Enable the Galois/Counter Mode (GCM) for AES.
+ *
+ * Module:  library/gcm.c
+ *
+ * Requires: MBEDTLS_AES_C or MBEDTLS_CAMELLIA_C
+ *
+ * This module enables the AES-GCM and CAMELLIA-GCM ciphersuites, if other
+ * requisites are enabled as well.
+ */
+#define MBEDTLS_GCM_C
+
+/**
+ * \def MBEDTLS_HAVEGE_C
+ *
+ * Enable the HAVEGE random generator.
+ *
+ * Warning: the HAVEGE random generator is not suitable for virtualized
+ *          environments
+ *
+ * Warning: the HAVEGE random generator is dependent on timing and specific
+ *          processor traits. It is therefore not advised to use HAVEGE as
+ *          your applications primary random generator or primary entropy pool
+ *          input. As a secondary input to your entropy pool, it IS able add
+ *          the (limited) extra entropy it provides.
+ *
+ * Module:  library/havege.c
+ * Caller:
+ *
+ * Requires: MBEDTLS_TIMING_C
+ *
+ * Uncomment to enable the HAVEGE random generator.
+ */
+//#define MBEDTLS_HAVEGE_C
+
+/**
+ * \def MBEDTLS_HMAC_DRBG_C
+ *
+ * Enable the HMAC_DRBG random generator.
+ *
+ * Module:  library/hmac_drbg.c
+ * Caller:
+ *
+ * Requires: MBEDTLS_MD_C
+ *
+ * Uncomment to enable the HMAC_DRBG random number geerator.
+ */
+#define MBEDTLS_HMAC_DRBG_C
+
+/**
+ * \def MBEDTLS_MD_C
+ *
+ * Enable the generic message digest layer.
+ *
+ * Module:  library/mbedtls_md.c
+ * Caller:
+ *
+ * Uncomment to enable generic message digest wrappers.
+ */
+#define MBEDTLS_MD_C
+
+/**
+ * \def MBEDTLS_MD2_C
+ *
+ * Enable the MD2 hash algorithm.
+ *
+ * Module:  library/mbedtls_md2.c
+ * Caller:
+ *
+ * Uncomment to enable support for (rare) MD2-signed X.509 certs.
+ */
+//#define MBEDTLS_MD2_C
+
+/**
+ * \def MBEDTLS_MD4_C
+ *
+ * Enable the MD4 hash algorithm.
+ *
+ * Module:  library/mbedtls_md4.c
+ * Caller:
+ *
+ * Uncomment to enable support for (rare) MD4-signed X.509 certs.
+ */
+//#define MBEDTLS_MD4_C
+
+/**
+ * \def MBEDTLS_MD5_C
+ *
+ * Enable the MD5 hash algorithm.
+ *
+ * Module:  library/mbedtls_md5.c
+ * Caller:  library/mbedtls_md.c
+ *          library/pem.c
+ *          library/ssl_tls.c
+ *
+ * This module is required for SSL/TLS and X.509.
+ * PEM_PARSE uses MD5 for decrypting encrypted keys.
+ */
+#define MBEDTLS_MD5_C
+
+/**
+ * \def MBEDTLS_MEMORY_BUFFER_ALLOC_C
+ *
+ * Enable the buffer allocator implementation that makes use of a (stack)
+ * based buffer to 'allocate' dynamic memory. (replaces calloc() and free()
+ * calls)
+ *
+ * Module:  library/memory_buffer_alloc.c
+ *
+ * Requires: MBEDTLS_PLATFORM_C
+ *           MBEDTLS_PLATFORM_MEMORY (to use it within mbed TLS)
+ *
+ * Enable this module to enable the buffer memory allocator.
+ */
+//#define MBEDTLS_MEMORY_BUFFER_ALLOC_C
+
+/**
+ * \def MBEDTLS_NET_C
+ *
+ * Enable the TCP/IP networking routines.
+ *
+ * Module:  library/net.c
+ *
+ * This module provides TCP/IP networking routines.
+ */
+#define MBEDTLS_NET_C
+
+/**
+ * \def MBEDTLS_OID_C
+ *
+ * Enable the OID database.
+ *
+ * Module:  library/oid.c
+ * Caller:  library/asn1write.c
+ *          library/pkcs5.c
+ *          library/pkparse.c
+ *          library/pkwrite.c
+ *          library/rsa.c
+ *          library/x509.c
+ *          library/x509_create.c
+ *          library/mbedtls_x509_crl.c
+ *          library/mbedtls_x509_crt.c
+ *          library/mbedtls_x509_csr.c
+ *          library/x509write_crt.c
+ *          library/mbedtls_x509write_csr.c
+ *
+ * This modules translates between OIDs and internal values.
+ */
+#define MBEDTLS_OID_C
+
+/**
+ * \def MBEDTLS_PADLOCK_C
+ *
+ * Enable VIA Padlock support on x86.
+ *
+ * Module:  library/padlock.c
+ * Caller:  library/aes.c
+ *
+ * Requires: MBEDTLS_HAVE_ASM
+ *
+ * This modules adds support for the VIA PadLock on x86.
+ */
+#define MBEDTLS_PADLOCK_C
+
+/**
+ * \def MBEDTLS_PEM_PARSE_C
+ *
+ * Enable PEM decoding / parsing.
+ *
+ * Module:  library/pem.c
+ * Caller:  library/dhm.c
+ *          library/pkparse.c
+ *          library/mbedtls_x509_crl.c
+ *          library/mbedtls_x509_crt.c
+ *          library/mbedtls_x509_csr.c
+ *
+ * Requires: MBEDTLS_BASE64_C
+ *
+ * This modules adds support for decoding / parsing PEM files.
+ */
+#define MBEDTLS_PEM_PARSE_C
+
+/**
+ * \def MBEDTLS_PEM_WRITE_C
+ *
+ * Enable PEM encoding / writing.
+ *
+ * Module:  library/pem.c
+ * Caller:  library/pkwrite.c
+ *          library/x509write_crt.c
+ *          library/mbedtls_x509write_csr.c
+ *
+ * Requires: MBEDTLS_BASE64_C
+ *
+ * This modules adds support for encoding / writing PEM files.
+ */
+#define MBEDTLS_PEM_WRITE_C
+
+/**
+ * \def MBEDTLS_PK_C
+ *
+ * Enable the generic public (asymetric) key layer.
+ *
+ * Module:  library/pk.c
+ * Caller:  library/ssl_tls.c
+ *          library/ssl_cli.c
+ *          library/ssl_srv.c
+ *
+ * Requires: MBEDTLS_RSA_C or MBEDTLS_ECP_C
+ *
+ * Uncomment to enable generic public key wrappers.
+ */
+#define MBEDTLS_PK_C
+
+/**
+ * \def MBEDTLS_PK_PARSE_C
+ *
+ * Enable the generic public (asymetric) key parser.
+ *
+ * Module:  library/pkparse.c
+ * Caller:  library/mbedtls_x509_crt.c
+ *          library/mbedtls_x509_csr.c
+ *
+ * Requires: MBEDTLS_PK_C
+ *
+ * Uncomment to enable generic public key parse functions.
+ */
+#define MBEDTLS_PK_PARSE_C
+
+/**
+ * \def MBEDTLS_PK_WRITE_C
+ *
+ * Enable the generic public (asymetric) key writer.
+ *
+ * Module:  library/pkwrite.c
+ * Caller:  library/x509write.c
+ *
+ * Requires: MBEDTLS_PK_C
+ *
+ * Uncomment to enable generic public key write functions.
+ */
+#define MBEDTLS_PK_WRITE_C
+
+/**
+ * \def MBEDTLS_PKCS5_C
+ *
+ * Enable PKCS#5 functions.
+ *
+ * Module:  library/pkcs5.c
+ *
+ * Requires: MBEDTLS_MD_C
+ *
+ * This module adds support for the PKCS#5 functions.
+ */
+#define MBEDTLS_PKCS5_C
+
+/**
+ * \def MBEDTLS_PKCS11_C
+ *
+ * Enable wrapper for PKCS#11 smartcard support.
+ *
+ * Module:  library/pkcs11.c
+ * Caller:  library/pk.c
+ *
+ * Requires: MBEDTLS_PK_C
+ *
+ * This module enables SSL/TLS PKCS #11 smartcard support.
+ * Requires the presence of the PKCS#11 helper library (libpkcs11-helper)
+ */
+//#define MBEDTLS_PKCS11_C
+
+/**
+ * \def MBEDTLS_PKCS12_C
+ *
+ * Enable PKCS#12 PBE functions.
+ * Adds algorithms for parsing PKCS#8 encrypted private keys
+ *
+ * Module:  library/pkcs12.c
+ * Caller:  library/pkparse.c
+ *
+ * Requires: MBEDTLS_ASN1_PARSE_C, MBEDTLS_CIPHER_C, MBEDTLS_MD_C
+ * Can use:  MBEDTLS_ARC4_C
+ *
+ * This module enables PKCS#12 functions.
+ */
+#define MBEDTLS_PKCS12_C
+
+/**
+ * \def MBEDTLS_PLATFORM_C
+ *
+ * Enable the platform abstraction layer that allows you to re-assign
+ * functions like calloc(), free(), snprintf(), printf(), fprintf(), exit().
+ *
+ * Enabling MBEDTLS_PLATFORM_C enables to use of MBEDTLS_PLATFORM_XXX_ALT
+ * or MBEDTLS_PLATFORM_XXX_MACRO directives, allowing the functions mentioned
+ * above to be specified at runtime or compile time respectively.
+ *
+ * \note This abstraction layer must be enabled on Windows (including MSYS2)
+ * as other module rely on it for a fixed snprintf implementation.
+ *
+ * Module:  library/platform.c
+ * Caller:  Most other .c files
+ *
+ * This module enables abstraction of common (libc) functions.
+ */
+#define MBEDTLS_PLATFORM_C
+
+/**
+ * \def MBEDTLS_RIPEMD160_C
+ *
+ * Enable the RIPEMD-160 hash algorithm.
+ *
+ * Module:  library/mbedtls_ripemd160.c
+ * Caller:  library/mbedtls_md.c
+ *
+ */
+#define MBEDTLS_RIPEMD160_C
+
+/**
+ * \def MBEDTLS_RSA_C
+ *
+ * Enable the RSA public-key cryptosystem.
+ *
+ * Module:  library/rsa.c
+ * Caller:  library/ssl_cli.c
+ *          library/ssl_srv.c
+ *          library/ssl_tls.c
+ *          library/x509.c
+ *
+ * This module is used by the following key exchanges:
+ *      RSA, DHE-RSA, ECDHE-RSA, RSA-PSK
+ *
+ * Requires: MBEDTLS_BIGNUM_C, MBEDTLS_OID_C
+ */
+#define MBEDTLS_RSA_C
+
+/**
+ * \def MBEDTLS_SHA1_C
+ *
+ * Enable the SHA1 cryptographic hash algorithm.
+ *
+ * Module:  library/mbedtls_sha1.c
+ * Caller:  library/mbedtls_md.c
+ *          library/ssl_cli.c
+ *          library/ssl_srv.c
+ *          library/ssl_tls.c
+ *          library/x509write_crt.c
+ *
+ * This module is required for SSL/TLS and SHA1-signed certificates.
+ */
+#define MBEDTLS_SHA1_C
+
+/**
+ * \def MBEDTLS_SHA256_C
+ *
+ * Enable the SHA-224 and SHA-256 cryptographic hash algorithms.
+ *
+ * Module:  library/mbedtls_sha256.c
+ * Caller:  library/entropy.c
+ *          library/mbedtls_md.c
+ *          library/ssl_cli.c
+ *          library/ssl_srv.c
+ *          library/ssl_tls.c
+ *
+ * This module adds support for SHA-224 and SHA-256.
+ * This module is required for the SSL/TLS 1.2 PRF function.
+ */
+#define MBEDTLS_SHA256_C
+
+/**
+ * \def MBEDTLS_SHA512_C
+ *
+ * Enable the SHA-384 and SHA-512 cryptographic hash algorithms.
+ *
+ * Module:  library/mbedtls_sha512.c
+ * Caller:  library/entropy.c
+ *          library/mbedtls_md.c
+ *          library/ssl_cli.c
+ *          library/ssl_srv.c
+ *
+ * This module adds support for SHA-384 and SHA-512.
+ */
+#define MBEDTLS_SHA512_C
+
+/**
+ * \def MBEDTLS_SSL_CACHE_C
+ *
+ * Enable simple SSL cache implementation.
+ *
+ * Module:  library/ssl_cache.c
+ * Caller:
+ *
+ * Requires: MBEDTLS_SSL_CACHE_C
+ */
+#define MBEDTLS_SSL_CACHE_C
+
+/**
+ * \def MBEDTLS_SSL_COOKIE_C
+ *
+ * Enable basic implementation of DTLS cookies for hello verification.
+ *
+ * Module:  library/ssl_cookie.c
+ * Caller:
+ */
+#define MBEDTLS_SSL_COOKIE_C
+
+/**
+ * \def MBEDTLS_SSL_TICKET_C
+ *
+ * Enable an implementation of TLS server-side callbacks for session tickets.
+ *
+ * Module:  library/ssl_ticket.c
+ * Caller:
+ *
+ * Requires: MBEDTLS_CIPHER_C
+ */
+#define MBEDTLS_SSL_TICKET_C
+
+/**
+ * \def MBEDTLS_SSL_CLI_C
+ *
+ * Enable the SSL/TLS client code.
+ *
+ * Module:  library/ssl_cli.c
+ * Caller:
+ *
+ * Requires: MBEDTLS_SSL_TLS_C
+ *
+ * This module is required for SSL/TLS client support.
+ */
+#define MBEDTLS_SSL_CLI_C
+
+/**
+ * \def MBEDTLS_SSL_SRV_C
+ *
+ * Enable the SSL/TLS server code.
+ *
+ * Module:  library/ssl_srv.c
+ * Caller:
+ *
+ * Requires: MBEDTLS_SSL_TLS_C
+ *
+ * This module is required for SSL/TLS server support.
+ */
+#define MBEDTLS_SSL_SRV_C
+
+/**
+ * \def MBEDTLS_SSL_TLS_C
+ *
+ * Enable the generic SSL/TLS code.
+ *
+ * Module:  library/ssl_tls.c
+ * Caller:  library/ssl_cli.c
+ *          library/ssl_srv.c
+ *
+ * Requires: MBEDTLS_CIPHER_C, MBEDTLS_MD_C
+ *           and at least one of the MBEDTLS_SSL_PROTO_XXX defines
+ *
+ * This module is required for SSL/TLS.
+ */
+#define MBEDTLS_SSL_TLS_C
+
+/**
+ * \def MBEDTLS_THREADING_C
+ *
+ * Enable the threading abstraction layer.
+ * By default mbed TLS assumes it is used in a non-threaded environment or that
+ * contexts are not shared between threads. If you do intend to use contexts
+ * between threads, you will need to enable this layer to prevent race
+ * conditions.
+ *
+ * Module:  library/threading.c
+ *
+ * This allows different threading implementations (self-implemented or
+ * provided).
+ *
+ * You will have to enable either MBEDTLS_THREADING_ALT or
+ * MBEDTLS_THREADING_PTHREAD.
+ *
+ * Enable this layer to allow use of mutexes within mbed TLS
+ */
+//#define MBEDTLS_THREADING_C
+
+/**
+ * \def MBEDTLS_TIMING_C
+ *
+ * Enable the portable timing interface.
+ *
+ * Module:  library/timing.c
+ * Caller:  library/havege.c
+ *
+ * This module is used by the HAVEGE random number generator.
+ */
+#define MBEDTLS_TIMING_C
+
+/**
+ * \def MBEDTLS_VERSION_C
+ *
+ * Enable run-time version information.
+ *
+ * Module:  library/version.c
+ *
+ * This module provides run-time version information.
+ */
+#define MBEDTLS_VERSION_C
+
+/**
+ * \def MBEDTLS_X509_USE_C
+ *
+ * Enable X.509 core for using certificates.
+ *
+ * Module:  library/x509.c
+ * Caller:  library/mbedtls_x509_crl.c
+ *          library/mbedtls_x509_crt.c
+ *          library/mbedtls_x509_csr.c
+ *
+ * Requires: MBEDTLS_ASN1_PARSE_C, MBEDTLS_BIGNUM_C, MBEDTLS_OID_C,
+ *           MBEDTLS_PK_PARSE_C
+ *
+ * This module is required for the X.509 parsing modules.
+ */
+#define MBEDTLS_X509_USE_C
+
+/**
+ * \def MBEDTLS_X509_CRT_PARSE_C
+ *
+ * Enable X.509 certificate parsing.
+ *
+ * Module:  library/mbedtls_x509_crt.c
+ * Caller:  library/ssl_cli.c
+ *          library/ssl_srv.c
+ *          library/ssl_tls.c
+ *
+ * Requires: MBEDTLS_X509_USE_C
+ *
+ * This module is required for X.509 certificate parsing.
+ */
+#define MBEDTLS_X509_CRT_PARSE_C
+
+/**
+ * \def MBEDTLS_X509_CRL_PARSE_C
+ *
+ * Enable X.509 CRL parsing.
+ *
+ * Module:  library/mbedtls_x509_crl.c
+ * Caller:  library/mbedtls_x509_crt.c
+ *
+ * Requires: MBEDTLS_X509_USE_C
+ *
+ * This module is required for X.509 CRL parsing.
+ */
+#define MBEDTLS_X509_CRL_PARSE_C
+
+/**
+ * \def MBEDTLS_X509_CSR_PARSE_C
+ *
+ * Enable X.509 Certificate Signing Request (CSR) parsing.
+ *
+ * Module:  library/mbedtls_x509_csr.c
+ * Caller:  library/x509_crt_write.c
+ *
+ * Requires: MBEDTLS_X509_USE_C
+ *
+ * This module is used for reading X.509 certificate request.
+ */
+#define MBEDTLS_X509_CSR_PARSE_C
+
+/**
+ * \def MBEDTLS_X509_CREATE_C
+ *
+ * Enable X.509 core for creating certificates.
+ *
+ * Module:  library/x509_create.c
+ *
+ * Requires: MBEDTLS_BIGNUM_C, MBEDTLS_OID_C, MBEDTLS_PK_WRITE_C
+ *
+ * This module is the basis for creating X.509 certificates and CSRs.
+ */
+#define MBEDTLS_X509_CREATE_C
+
+/**
+ * \def MBEDTLS_X509_CRT_WRITE_C
+ *
+ * Enable creating X.509 certificates.
+ *
+ * Module:  library/x509_crt_write.c
+ *
+ * Requires: MBEDTLS_X509_CREATE_C
+ *
+ * This module is required for X.509 certificate creation.
+ */
+#define MBEDTLS_X509_CRT_WRITE_C
+
+/**
+ * \def MBEDTLS_X509_CSR_WRITE_C
+ *
+ * Enable creating X.509 Certificate Signing Requests (CSR).
+ *
+ * Module:  library/x509_csr_write.c
+ *
+ * Requires: MBEDTLS_X509_CREATE_C
+ *
+ * This module is required for X.509 certificate request writing.
+ */
+#define MBEDTLS_X509_CSR_WRITE_C
+
+/**
+ * \def MBEDTLS_XTEA_C
+ *
+ * Enable the XTEA block cipher.
+ *
+ * Module:  library/xtea.c
+ * Caller:
+ */
+#define MBEDTLS_XTEA_C
+
+/* \} name SECTION: mbed TLS modules */
+
+/**
+ * \name SECTION: Module configuration options
+ *
+ * This section allows for the setting of module specific sizes and
+ * configuration options. The default values are already present in the
+ * relevant header files and should suffice for the regular use cases.
+ *
+ * Our advice is to enable options and change their values here
+ * only if you have a good reason and know the consequences.
+ *
+ * Please check the respective header file for documentation on these
+ * parameters (to prevent duplicate documentation).
+ * \{
+ */
+
+/* MPI / BIGNUM options */
+//#define MBEDTLS_MPI_WINDOW_SIZE            6 /**< Maximum windows size used. */
+//#define MBEDTLS_MPI_MAX_SIZE            1024 /**< Maximum number of bytes for usable MPIs. */
+
+/* CTR_DRBG options */
+//#define MBEDTLS_CTR_DRBG_ENTROPY_LEN               48 /**< Amount of entropy used per seed by default (48 with SHA-512, 32 with SHA-256) */
+//#define MBEDTLS_CTR_DRBG_RESEED_INTERVAL        10000 /**< Interval before reseed is performed by default */
+//#define MBEDTLS_CTR_DRBG_MAX_INPUT                256 /**< Maximum number of additional input bytes */
+//#define MBEDTLS_CTR_DRBG_MAX_REQUEST             1024 /**< Maximum number of requested bytes per call */
+//#define MBEDTLS_CTR_DRBG_MAX_SEED_INPUT           384 /**< Maximum size of (re)seed buffer */
+
+/* HMAC_DRBG options */
+//#define MBEDTLS_HMAC_DRBG_RESEED_INTERVAL   10000 /**< Interval before reseed is performed by default */
+//#define MBEDTLS_HMAC_DRBG_MAX_INPUT           256 /**< Maximum number of additional input bytes */
+//#define MBEDTLS_HMAC_DRBG_MAX_REQUEST        1024 /**< Maximum number of requested bytes per call */
+//#define MBEDTLS_HMAC_DRBG_MAX_SEED_INPUT      384 /**< Maximum size of (re)seed buffer */
+
+/* ECP options */
+//#define MBEDTLS_ECP_MAX_BITS             521 /**< Maximum bit size of groups */
+//#define MBEDTLS_ECP_WINDOW_SIZE            6 /**< Maximum window size used */
+//#define MBEDTLS_ECP_FIXED_POINT_OPTIM      1 /**< Enable fixed-point speed-up */
+
+/* Entropy options */
+//#define MBEDTLS_ENTROPY_MAX_SOURCES                20 /**< Maximum number of sources supported */
+//#define MBEDTLS_ENTROPY_MAX_GATHER                128 /**< Maximum amount requested from entropy sources */
+
+/* Memory buffer allocator options */
+//#define MBEDTLS_MEMORY_ALIGN_MULTIPLE      4 /**< Align on multiples of this value */
+
+/* Platform options */
+//#define MBEDTLS_PLATFORM_STD_MEM_HDR   <stdlib.h> /**< Header to include if MBEDTLS_PLATFORM_NO_STD_FUNCTIONS is defined. Don't define if no header is needed. */
+//#define MBEDTLS_PLATFORM_STD_CALLOC        calloc /**< Default allocator to use, can be undefined */
+//#define MBEDTLS_PLATFORM_STD_FREE            free /**< Default free to use, can be undefined */
+//#define MBEDTLS_PLATFORM_STD_EXIT            exit /**< Default exit to use, can be undefined */
+//#define MBEDTLS_PLATFORM_STD_FPRINTF      fprintf /**< Default fprintf to use, can be undefined */
+//#define MBEDTLS_PLATFORM_STD_PRINTF        printf /**< Default printf to use, can be undefined */
+/* Note: your snprintf must correclty zero-terminate the buffer! */
+//#define MBEDTLS_PLATFORM_STD_SNPRINTF    snprintf /**< Default snprintf to use, can be undefined */
+
+/* To Use Function Macros MBEDTLS_PLATFORM_C must be enabled */
+/* MBEDTLS_PLATFORM_XXX_MACRO and MBEDTLS_PLATFORM_XXX_ALT cannot both be defined */
+//#define MBEDTLS_PLATFORM_CALLOC_MACRO        calloc /**< Default allocator macro to use, can be undefined */
+//#define MBEDTLS_PLATFORM_FREE_MACRO            free /**< Default free macro to use, can be undefined */
+//#define MBEDTLS_PLATFORM_EXIT_MACRO            exit /**< Default exit macro to use, can be undefined */
+//#define MBEDTLS_PLATFORM_FPRINTF_MACRO      fprintf /**< Default fprintf macro to use, can be undefined */
+//#define MBEDTLS_PLATFORM_PRINTF_MACRO        printf /**< Default printf macro to use, can be undefined */
+/* Note: your snprintf must correclty zero-terminate the buffer! */
+//#define MBEDTLS_PLATFORM_SNPRINTF_MACRO    snprintf /**< Default snprintf macro to use, can be undefined */
+
+/* SSL Cache options */
+//#define MBEDTLS_SSL_CACHE_DEFAULT_TIMEOUT       86400 /**< 1 day  */
+//#define MBEDTLS_SSL_CACHE_DEFAULT_MAX_ENTRIES      50 /**< Maximum entries in cache */
+
+/* SSL options */
+//#define MBEDTLS_SSL_MAX_CONTENT_LEN             16384 /**< Maxium fragment length in bytes, determines the size of each of the two internal I/O buffers */
+//#define MBEDTLS_SSL_DEFAULT_TICKET_LIFETIME     86400 /**< Lifetime of session tickets (if enabled) */
+//#define MBEDTLS_PSK_MAX_LEN               32 /**< Max size of TLS pre-shared keys, in bytes (default 256 bits) */
+//#define MBEDTLS_SSL_COOKIE_TIMEOUT        60 /**< Default expiration delay of DTLS cookies, in seconds if HAVE_TIME, or in number of cookies issued */
+
+/**
+ * Complete list of ciphersuites to use, in order of preference.
+ *
+ * \warning No dependency checking is done on that field! This option can only
+ * be used to restrict the set of available ciphersuites. It is your
+ * responsibility to make sure the needed modules are active.
+ *
+ * Use this to save a few hundred bytes of ROM (default ordering of all
+ * available ciphersuites) and a few to a few hundred bytes of RAM.
+ *
+ * The value below is only an example, not the default.
+ */
+//#define MBEDTLS_SSL_CIPHERSUITES MBEDTLS_TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384,MBEDTLS_TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256
+
+/* X509 options */
+//#define MBEDTLS_X509_MAX_INTERMEDIATE_CA   8   /**< Maximum number of intermediate CAs in a verification chain. */
+
+/* \} name SECTION: Module configuration options */
+
+#if defined(TARGET_LIKE_MBED)
+#include "mbedtls/target_config.h"
+#endif
+
+/*
+ * Allow user to override any previous default.
+ *
+ * Use two macro names for that, as:
+ * - with yotta the prefix YOTTA_CFG_ is forced
+ * - without yotta is looks weird to have a YOTTA prefix.
+ */
+#if defined(YOTTA_CFG_MBEDTLS_USER_CONFIG_FILE)
+#include YOTTA_CFG_MBEDTLS_USER_CONFIG_FILE
+#elif defined(MBEDTLS_USER_CONFIG_FILE)
+#include MBEDTLS_USER_CONFIG_FILE
+#endif
+
+#include "check_config.h"
+
+#endif /* MBEDTLS_CONFIG_H */
diff --git a/client/3rd/ShadowSocks/ShadowSocks/mbedtls/include/mbedtls/ctr_drbg.h b/client/3rd/ShadowSocks/ShadowSocks/mbedtls/include/mbedtls/ctr_drbg.h
new file mode 100644
index 00000000..059d3c5c
--- /dev/null
+++ b/client/3rd/ShadowSocks/ShadowSocks/mbedtls/include/mbedtls/ctr_drbg.h
@@ -0,0 +1,290 @@
+/**
+ * \file ctr_drbg.h
+ *
+ * \brief CTR_DRBG based on AES-256 (NIST SP 800-90)
+ *
+ *  Copyright (C) 2006-2015, ARM Limited, All Rights Reserved
+ *  SPDX-License-Identifier: Apache-2.0
+ *
+ *  Licensed under the Apache License, Version 2.0 (the "License"); you may
+ *  not use this file except in compliance with the License.
+ *  You may obtain a copy of the License at
+ *
+ *  http://www.apache.org/licenses/LICENSE-2.0
+ *
+ *  Unless required by applicable law or agreed to in writing, software
+ *  distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
+ *  WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ *  See the License for the specific language governing permissions and
+ *  limitations under the License.
+ *
+ *  This file is part of mbed TLS (https://tls.mbed.org)
+ */
+#ifndef MBEDTLS_CTR_DRBG_H
+#define MBEDTLS_CTR_DRBG_H
+
+#include "aes.h"
+
+#if defined(MBEDTLS_THREADING_C)
+#include "mbedtls/threading.h"
+#endif
+
+#define MBEDTLS_ERR_CTR_DRBG_ENTROPY_SOURCE_FAILED        -0x0034  /**< The entropy source failed. */
+#define MBEDTLS_ERR_CTR_DRBG_REQUEST_TOO_BIG              -0x0036  /**< Too many random requested in single call. */
+#define MBEDTLS_ERR_CTR_DRBG_INPUT_TOO_BIG                -0x0038  /**< Input too large (Entropy + additional). */
+#define MBEDTLS_ERR_CTR_DRBG_FILE_IO_ERROR                -0x003A  /**< Read/write error in file. */
+
+#define MBEDTLS_CTR_DRBG_BLOCKSIZE          16      /**< Block size used by the cipher                  */
+#define MBEDTLS_CTR_DRBG_KEYSIZE            32      /**< Key size used by the cipher                    */
+#define MBEDTLS_CTR_DRBG_KEYBITS            ( MBEDTLS_CTR_DRBG_KEYSIZE * 8 )
+#define MBEDTLS_CTR_DRBG_SEEDLEN            ( MBEDTLS_CTR_DRBG_KEYSIZE + MBEDTLS_CTR_DRBG_BLOCKSIZE )
+                                            /**< The seed length (counter + AES key)            */
+
+/**
+ * \name SECTION: Module settings
+ *
+ * The configuration options you can set for this module are in this section.
+ * Either change them in config.h or define them on the compiler command line.
+ * \{
+ */
+
+#if !defined(MBEDTLS_CTR_DRBG_ENTROPY_LEN)
+#if defined(MBEDTLS_SHA512_C) && !defined(MBEDTLS_ENTROPY_FORCE_SHA256)
+#define MBEDTLS_CTR_DRBG_ENTROPY_LEN        48      /**< Amount of entropy used per seed by default (48 with SHA-512, 32 with SHA-256) */
+#else
+#define MBEDTLS_CTR_DRBG_ENTROPY_LEN        32      /**< Amount of entropy used per seed by default (48 with SHA-512, 32 with SHA-256) */
+#endif
+#endif
+
+#if !defined(MBEDTLS_CTR_DRBG_RESEED_INTERVAL)
+#define MBEDTLS_CTR_DRBG_RESEED_INTERVAL    10000   /**< Interval before reseed is performed by default */
+#endif
+
+#if !defined(MBEDTLS_CTR_DRBG_MAX_INPUT)
+#define MBEDTLS_CTR_DRBG_MAX_INPUT          256     /**< Maximum number of additional input bytes */
+#endif
+
+#if !defined(MBEDTLS_CTR_DRBG_MAX_REQUEST)
+#define MBEDTLS_CTR_DRBG_MAX_REQUEST        1024    /**< Maximum number of requested bytes per call */
+#endif
+
+#if !defined(MBEDTLS_CTR_DRBG_MAX_SEED_INPUT)
+#define MBEDTLS_CTR_DRBG_MAX_SEED_INPUT     384     /**< Maximum size of (re)seed buffer */
+#endif
+
+/* \} name SECTION: Module settings */
+
+#define MBEDTLS_CTR_DRBG_PR_OFF             0       /**< No prediction resistance       */
+#define MBEDTLS_CTR_DRBG_PR_ON              1       /**< Prediction resistance enabled  */
+
+#ifdef __cplusplus
+extern "C" {
+#endif
+
+/**
+ * \brief          CTR_DRBG context structure
+ */
+typedef struct
+{
+    unsigned char counter[16];  /*!<  counter (V)       */
+    int reseed_counter;         /*!<  reseed counter    */
+    int prediction_resistance;  /*!<  enable prediction resistance (Automatic
+                                      reseed before every random generation)  */
+    size_t entropy_len;         /*!<  amount of entropy grabbed on each
+                                      (re)seed          */
+    int reseed_interval;        /*!<  reseed interval   */
+
+    mbedtls_aes_context aes_ctx;        /*!<  AES context       */
+
+    /*
+     * Callbacks (Entropy)
+     */
+    int (*f_entropy)(void *, unsigned char *, size_t);
+
+    void *p_entropy;            /*!<  context for the entropy function */
+
+#if defined(MBEDTLS_THREADING_C)
+    mbedtls_threading_mutex_t mutex;
+#endif
+}
+mbedtls_ctr_drbg_context;
+
+/**
+ * \brief               CTR_DRBG context initialization
+ *                      Makes the context ready for mbedtls_ctr_drbg_seed() or
+ *                      mbedtls_ctr_drbg_free().
+ *
+ * \param ctx           CTR_DRBG context to be initialized
+ */
+void mbedtls_ctr_drbg_init( mbedtls_ctr_drbg_context *ctx );
+
+/**
+ * \brief               CTR_DRBG initial seeding
+ *                      Seed and setup entropy source for future reseeds.
+ *
+ * Note: Personalization data can be provided in addition to the more generic
+ *       entropy source to make this instantiation as unique as possible.
+ *
+ * \param ctx           CTR_DRBG context to be seeded
+ * \param f_entropy     Entropy callback (p_entropy, buffer to fill, buffer
+ *                      length)
+ * \param p_entropy     Entropy context
+ * \param custom        Personalization data (Device specific identifiers)
+ *                      (Can be NULL)
+ * \param len           Length of personalization data
+ *
+ * \return              0 if successful, or
+ *                      MBEDTLS_ERR_CTR_DRBG_ENTROPY_SOURCE_FAILED
+ */
+int mbedtls_ctr_drbg_seed( mbedtls_ctr_drbg_context *ctx,
+                   int (*f_entropy)(void *, unsigned char *, size_t),
+                   void *p_entropy,
+                   const unsigned char *custom,
+                   size_t len );
+
+/**
+ * \brief               Clear CTR_CRBG context data
+ *
+ * \param ctx           CTR_DRBG context to clear
+ */
+void mbedtls_ctr_drbg_free( mbedtls_ctr_drbg_context *ctx );
+
+/**
+ * \brief               Enable / disable prediction resistance (Default: Off)
+ *
+ * Note: If enabled, entropy is used for ctx->entropy_len before each call!
+ *       Only use this if you have ample supply of good entropy!
+ *
+ * \param ctx           CTR_DRBG context
+ * \param resistance    MBEDTLS_CTR_DRBG_PR_ON or MBEDTLS_CTR_DRBG_PR_OFF
+ */
+void mbedtls_ctr_drbg_set_prediction_resistance( mbedtls_ctr_drbg_context *ctx,
+                                         int resistance );
+
+/**
+ * \brief               Set the amount of entropy grabbed on each (re)seed
+ *                      (Default: MBEDTLS_CTR_DRBG_ENTROPY_LEN)
+ *
+ * \param ctx           CTR_DRBG context
+ * \param len           Amount of entropy to grab
+ */
+void mbedtls_ctr_drbg_set_entropy_len( mbedtls_ctr_drbg_context *ctx,
+                               size_t len );
+
+/**
+ * \brief               Set the reseed interval
+ *                      (Default: MBEDTLS_CTR_DRBG_RESEED_INTERVAL)
+ *
+ * \param ctx           CTR_DRBG context
+ * \param interval      Reseed interval
+ */
+void mbedtls_ctr_drbg_set_reseed_interval( mbedtls_ctr_drbg_context *ctx,
+                                   int interval );
+
+/**
+ * \brief               CTR_DRBG reseeding (extracts data from entropy source)
+ *
+ * \param ctx           CTR_DRBG context
+ * \param additional    Additional data to add to state (Can be NULL)
+ * \param len           Length of additional data
+ *
+ * \return              0 if successful, or
+ *                      MBEDTLS_ERR_CTR_DRBG_ENTROPY_SOURCE_FAILED
+ */
+int mbedtls_ctr_drbg_reseed( mbedtls_ctr_drbg_context *ctx,
+                     const unsigned char *additional, size_t len );
+
+/**
+ * \brief               CTR_DRBG update state
+ *
+ * \param ctx           CTR_DRBG context
+ * \param additional    Additional data to update state with
+ * \param add_len       Length of additional data
+ *
+ * \note                If add_len is greater than MBEDTLS_CTR_DRBG_MAX_SEED_INPUT,
+ *                      only the first MBEDTLS_CTR_DRBG_MAX_SEED_INPUT bytes are used,
+ *                      the remaining ones are silently discarded.
+ */
+void mbedtls_ctr_drbg_update( mbedtls_ctr_drbg_context *ctx,
+                      const unsigned char *additional, size_t add_len );
+
+/**
+ * \brief               CTR_DRBG generate random with additional update input
+ *
+ * Note: Automatically reseeds if reseed_counter is reached.
+ *
+ * \param p_rng         CTR_DRBG context
+ * \param output        Buffer to fill
+ * \param output_len    Length of the buffer
+ * \param additional    Additional data to update with (Can be NULL)
+ * \param add_len       Length of additional data
+ *
+ * \return              0 if successful, or
+ *                      MBEDTLS_ERR_CTR_DRBG_ENTROPY_SOURCE_FAILED, or
+ *                      MBEDTLS_ERR_CTR_DRBG_REQUEST_TOO_BIG
+ */
+int mbedtls_ctr_drbg_random_with_add( void *p_rng,
+                              unsigned char *output, size_t output_len,
+                              const unsigned char *additional, size_t add_len );
+
+/**
+ * \brief               CTR_DRBG generate random
+ *
+ * Note: Automatically reseeds if reseed_counter is reached.
+ *
+ * \param p_rng         CTR_DRBG context
+ * \param output        Buffer to fill
+ * \param output_len    Length of the buffer
+ *
+ * \return              0 if successful, or
+ *                      MBEDTLS_ERR_CTR_DRBG_ENTROPY_SOURCE_FAILED, or
+ *                      MBEDTLS_ERR_CTR_DRBG_REQUEST_TOO_BIG
+ */
+int mbedtls_ctr_drbg_random( void *p_rng,
+                     unsigned char *output, size_t output_len );
+
+#if defined(MBEDTLS_FS_IO)
+/**
+ * \brief               Write a seed file
+ *
+ * \param ctx           CTR_DRBG context
+ * \param path          Name of the file
+ *
+ * \return              0 if successful,
+ *                      MBEDTLS_ERR_CTR_DRBG_FILE_IO_ERROR on file error, or
+ *                      MBEDTLS_ERR_CTR_DRBG_ENTROPY_SOURCE_FAILED
+ */
+int mbedtls_ctr_drbg_write_seed_file( mbedtls_ctr_drbg_context *ctx, const char *path );
+
+/**
+ * \brief               Read and update a seed file. Seed is added to this
+ *                      instance
+ *
+ * \param ctx           CTR_DRBG context
+ * \param path          Name of the file
+ *
+ * \return              0 if successful,
+ *                      MBEDTLS_ERR_CTR_DRBG_FILE_IO_ERROR on file error,
+ *                      MBEDTLS_ERR_CTR_DRBG_ENTROPY_SOURCE_FAILED or
+ *                      MBEDTLS_ERR_CTR_DRBG_INPUT_TOO_BIG
+ */
+int mbedtls_ctr_drbg_update_seed_file( mbedtls_ctr_drbg_context *ctx, const char *path );
+#endif /* MBEDTLS_FS_IO */
+
+/**
+ * \brief               Checkup routine
+ *
+ * \return              0 if successful, or 1 if the test failed
+ */
+int mbedtls_ctr_drbg_self_test( int verbose );
+
+/* Internal functions (do not call directly) */
+int mbedtls_ctr_drbg_seed_entropy_len( mbedtls_ctr_drbg_context *,
+                               int (*)(void *, unsigned char *, size_t), void *,
+                               const unsigned char *, size_t, size_t );
+
+#ifdef __cplusplus
+}
+#endif
+
+#endif /* ctr_drbg.h */
diff --git a/client/3rd/ShadowSocks/ShadowSocks/mbedtls/include/mbedtls/debug.h b/client/3rd/ShadowSocks/ShadowSocks/mbedtls/include/mbedtls/debug.h
new file mode 100644
index 00000000..d859dd5f
--- /dev/null
+++ b/client/3rd/ShadowSocks/ShadowSocks/mbedtls/include/mbedtls/debug.h
@@ -0,0 +1,125 @@
+/**
+ * \file debug.h
+ *
+ * \brief Debug functions
+ *
+ *  Copyright (C) 2006-2015, ARM Limited, All Rights Reserved
+ *  SPDX-License-Identifier: Apache-2.0
+ *
+ *  Licensed under the Apache License, Version 2.0 (the "License"); you may
+ *  not use this file except in compliance with the License.
+ *  You may obtain a copy of the License at
+ *
+ *  http://www.apache.org/licenses/LICENSE-2.0
+ *
+ *  Unless required by applicable law or agreed to in writing, software
+ *  distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
+ *  WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ *  See the License for the specific language governing permissions and
+ *  limitations under the License.
+ *
+ *  This file is part of mbed TLS (https://tls.mbed.org)
+ */
+#ifndef MBEDTLS_DEBUG_H
+#define MBEDTLS_DEBUG_H
+
+#if !defined(MBEDTLS_CONFIG_FILE)
+#include "config.h"
+#else
+#include MBEDTLS_CONFIG_FILE
+#endif
+
+#include "ssl.h"
+
+#if defined(MBEDTLS_ECP_C)
+#include "ecp.h"
+#endif
+
+#if defined(MBEDTLS_DEBUG_C)
+
+#define MBEDTLS_DEBUG_STRIP_PARENS( ... )   __VA_ARGS__
+
+#define MBEDTLS_SSL_DEBUG_MSG( level, args )                    \
+    mbedtls_debug_print_msg( ssl, level, __FILE__, __LINE__,    \
+                             MBEDTLS_DEBUG_STRIP_PARENS args )
+
+#define MBEDTLS_SSL_DEBUG_RET( level, text, ret )                \
+    mbedtls_debug_print_ret( ssl, level, __FILE__, __LINE__, text, ret )
+
+#define MBEDTLS_SSL_DEBUG_BUF( level, text, buf, len )           \
+    mbedtls_debug_print_buf( ssl, level, __FILE__, __LINE__, text, buf, len )
+
+#if defined(MBEDTLS_BIGNUM_C)
+#define MBEDTLS_SSL_DEBUG_MPI( level, text, X )                  \
+    mbedtls_debug_print_mpi( ssl, level, __FILE__, __LINE__, text, X )
+#endif
+
+#if defined(MBEDTLS_ECP_C)
+#define MBEDTLS_SSL_DEBUG_ECP( level, text, X )                  \
+    mbedtls_debug_print_ecp( ssl, level, __FILE__, __LINE__, text, X )
+#endif
+
+#if defined(MBEDTLS_X509_CRT_PARSE_C)
+#define MBEDTLS_SSL_DEBUG_CRT( level, text, crt )                \
+    mbedtls_debug_print_crt( ssl, level, __FILE__, __LINE__, text, crt )
+#endif
+
+#else /* MBEDTLS_DEBUG_C */
+
+#define MBEDTLS_SSL_DEBUG_MSG( level, args )            do { } while( 0 )
+#define MBEDTLS_SSL_DEBUG_RET( level, text, ret )       do { } while( 0 )
+#define MBEDTLS_SSL_DEBUG_BUF( level, text, buf, len )  do { } while( 0 )
+#define MBEDTLS_SSL_DEBUG_MPI( level, text, X )         do { } while( 0 )
+#define MBEDTLS_SSL_DEBUG_ECP( level, text, X )         do { } while( 0 )
+#define MBEDTLS_SSL_DEBUG_CRT( level, text, crt )       do { } while( 0 )
+
+#endif /* MBEDTLS_DEBUG_C */
+
+#ifdef __cplusplus
+extern "C" {
+#endif
+
+/**
+ * \brief   Set the level threshold to handle globally. Messages that have a
+ *          level over the threshold value are ignored.
+ *          (Default value: 0 (No debug))
+ *
+ * \param threshold     maximum level of messages to pass on
+ */
+void mbedtls_debug_set_threshold( int threshold );
+
+void mbedtls_debug_print_msg( const mbedtls_ssl_context *ssl, int level,
+                              const char *file, int line,
+                              const char *format, ... );
+
+void mbedtls_debug_print_ret( const mbedtls_ssl_context *ssl, int level,
+                      const char *file, int line,
+                      const char *text, int ret );
+
+void mbedtls_debug_print_buf( const mbedtls_ssl_context *ssl, int level,
+                      const char *file, int line, const char *text,
+                      const unsigned char *buf, size_t len );
+
+#if defined(MBEDTLS_BIGNUM_C)
+void mbedtls_debug_print_mpi( const mbedtls_ssl_context *ssl, int level,
+                      const char *file, int line,
+                      const char *text, const mbedtls_mpi *X );
+#endif
+
+#if defined(MBEDTLS_ECP_C)
+void mbedtls_debug_print_ecp( const mbedtls_ssl_context *ssl, int level,
+                      const char *file, int line,
+                      const char *text, const mbedtls_ecp_point *X );
+#endif
+
+#if defined(MBEDTLS_X509_CRT_PARSE_C)
+void mbedtls_debug_print_crt( const mbedtls_ssl_context *ssl, int level,
+                      const char *file, int line,
+                      const char *text, const mbedtls_x509_crt *crt );
+#endif
+
+#ifdef __cplusplus
+}
+#endif
+
+#endif /* debug.h */
diff --git a/client/3rd/ShadowSocks/ShadowSocks/mbedtls/include/mbedtls/des.h b/client/3rd/ShadowSocks/ShadowSocks/mbedtls/include/mbedtls/des.h
new file mode 100644
index 00000000..5ca2ecf2
--- /dev/null
+++ b/client/3rd/ShadowSocks/ShadowSocks/mbedtls/include/mbedtls/des.h
@@ -0,0 +1,306 @@
+/**
+ * \file des.h
+ *
+ * \brief DES block cipher
+ *
+ *  Copyright (C) 2006-2015, ARM Limited, All Rights Reserved
+ *  SPDX-License-Identifier: Apache-2.0
+ *
+ *  Licensed under the Apache License, Version 2.0 (the "License"); you may
+ *  not use this file except in compliance with the License.
+ *  You may obtain a copy of the License at
+ *
+ *  http://www.apache.org/licenses/LICENSE-2.0
+ *
+ *  Unless required by applicable law or agreed to in writing, software
+ *  distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
+ *  WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ *  See the License for the specific language governing permissions and
+ *  limitations under the License.
+ *
+ *  This file is part of mbed TLS (https://tls.mbed.org)
+ */
+#ifndef MBEDTLS_DES_H
+#define MBEDTLS_DES_H
+
+#if !defined(MBEDTLS_CONFIG_FILE)
+#include "config.h"
+#else
+#include MBEDTLS_CONFIG_FILE
+#endif
+
+#include <stddef.h>
+#include <stdint.h>
+
+#define MBEDTLS_DES_ENCRYPT     1
+#define MBEDTLS_DES_DECRYPT     0
+
+#define MBEDTLS_ERR_DES_INVALID_INPUT_LENGTH              -0x0032  /**< The data input has an invalid length. */
+
+#define MBEDTLS_DES_KEY_SIZE    8
+
+#if !defined(MBEDTLS_DES_ALT)
+// Regular implementation
+//
+
+#ifdef __cplusplus
+extern "C" {
+#endif
+
+/**
+ * \brief          DES context structure
+ */
+typedef struct
+{
+    uint32_t sk[32];            /*!<  DES subkeys       */
+}
+mbedtls_des_context;
+
+/**
+ * \brief          Triple-DES context structure
+ */
+typedef struct
+{
+    uint32_t sk[96];            /*!<  3DES subkeys      */
+}
+mbedtls_des3_context;
+
+/**
+ * \brief          Initialize DES context
+ *
+ * \param ctx      DES context to be initialized
+ */
+void mbedtls_des_init( mbedtls_des_context *ctx );
+
+/**
+ * \brief          Clear DES context
+ *
+ * \param ctx      DES context to be cleared
+ */
+void mbedtls_des_free( mbedtls_des_context *ctx );
+
+/**
+ * \brief          Initialize Triple-DES context
+ *
+ * \param ctx      DES3 context to be initialized
+ */
+void mbedtls_des3_init( mbedtls_des3_context *ctx );
+
+/**
+ * \brief          Clear Triple-DES context
+ *
+ * \param ctx      DES3 context to be cleared
+ */
+void mbedtls_des3_free( mbedtls_des3_context *ctx );
+
+/**
+ * \brief          Set key parity on the given key to odd.
+ *
+ *                 DES keys are 56 bits long, but each byte is padded with
+ *                 a parity bit to allow verification.
+ *
+ * \param key      8-byte secret key
+ */
+void mbedtls_des_key_set_parity( unsigned char key[MBEDTLS_DES_KEY_SIZE] );
+
+/**
+ * \brief          Check that key parity on the given key is odd.
+ *
+ *                 DES keys are 56 bits long, but each byte is padded with
+ *                 a parity bit to allow verification.
+ *
+ * \param key      8-byte secret key
+ *
+ * \return         0 is parity was ok, 1 if parity was not correct.
+ */
+int mbedtls_des_key_check_key_parity( const unsigned char key[MBEDTLS_DES_KEY_SIZE] );
+
+/**
+ * \brief          Check that key is not a weak or semi-weak DES key
+ *
+ * \param key      8-byte secret key
+ *
+ * \return         0 if no weak key was found, 1 if a weak key was identified.
+ */
+int mbedtls_des_key_check_weak( const unsigned char key[MBEDTLS_DES_KEY_SIZE] );
+
+/**
+ * \brief          DES key schedule (56-bit, encryption)
+ *
+ * \param ctx      DES context to be initialized
+ * \param key      8-byte secret key
+ *
+ * \return         0
+ */
+int mbedtls_des_setkey_enc( mbedtls_des_context *ctx, const unsigned char key[MBEDTLS_DES_KEY_SIZE] );
+
+/**
+ * \brief          DES key schedule (56-bit, decryption)
+ *
+ * \param ctx      DES context to be initialized
+ * \param key      8-byte secret key
+ *
+ * \return         0
+ */
+int mbedtls_des_setkey_dec( mbedtls_des_context *ctx, const unsigned char key[MBEDTLS_DES_KEY_SIZE] );
+
+/**
+ * \brief          Triple-DES key schedule (112-bit, encryption)
+ *
+ * \param ctx      3DES context to be initialized
+ * \param key      16-byte secret key
+ *
+ * \return         0
+ */
+int mbedtls_des3_set2key_enc( mbedtls_des3_context *ctx,
+                      const unsigned char key[MBEDTLS_DES_KEY_SIZE * 2] );
+
+/**
+ * \brief          Triple-DES key schedule (112-bit, decryption)
+ *
+ * \param ctx      3DES context to be initialized
+ * \param key      16-byte secret key
+ *
+ * \return         0
+ */
+int mbedtls_des3_set2key_dec( mbedtls_des3_context *ctx,
+                      const unsigned char key[MBEDTLS_DES_KEY_SIZE * 2] );
+
+/**
+ * \brief          Triple-DES key schedule (168-bit, encryption)
+ *
+ * \param ctx      3DES context to be initialized
+ * \param key      24-byte secret key
+ *
+ * \return         0
+ */
+int mbedtls_des3_set3key_enc( mbedtls_des3_context *ctx,
+                      const unsigned char key[MBEDTLS_DES_KEY_SIZE * 3] );
+
+/**
+ * \brief          Triple-DES key schedule (168-bit, decryption)
+ *
+ * \param ctx      3DES context to be initialized
+ * \param key      24-byte secret key
+ *
+ * \return         0
+ */
+int mbedtls_des3_set3key_dec( mbedtls_des3_context *ctx,
+                      const unsigned char key[MBEDTLS_DES_KEY_SIZE * 3] );
+
+/**
+ * \brief          DES-ECB block encryption/decryption
+ *
+ * \param ctx      DES context
+ * \param input    64-bit input block
+ * \param output   64-bit output block
+ *
+ * \return         0 if successful
+ */
+int mbedtls_des_crypt_ecb( mbedtls_des_context *ctx,
+                    const unsigned char input[8],
+                    unsigned char output[8] );
+
+#if defined(MBEDTLS_CIPHER_MODE_CBC)
+/**
+ * \brief          DES-CBC buffer encryption/decryption
+ *
+ * \note           Upon exit, the content of the IV is updated so that you can
+ *                 call the function same function again on the following
+ *                 block(s) of data and get the same result as if it was
+ *                 encrypted in one call. This allows a "streaming" usage.
+ *                 If on the other hand you need to retain the contents of the
+ *                 IV, you should either save it manually or use the cipher
+ *                 module instead.
+ *
+ * \param ctx      DES context
+ * \param mode     MBEDTLS_DES_ENCRYPT or MBEDTLS_DES_DECRYPT
+ * \param length   length of the input data
+ * \param iv       initialization vector (updated after use)
+ * \param input    buffer holding the input data
+ * \param output   buffer holding the output data
+ */
+int mbedtls_des_crypt_cbc( mbedtls_des_context *ctx,
+                    int mode,
+                    size_t length,
+                    unsigned char iv[8],
+                    const unsigned char *input,
+                    unsigned char *output );
+#endif /* MBEDTLS_CIPHER_MODE_CBC */
+
+/**
+ * \brief          3DES-ECB block encryption/decryption
+ *
+ * \param ctx      3DES context
+ * \param input    64-bit input block
+ * \param output   64-bit output block
+ *
+ * \return         0 if successful
+ */
+int mbedtls_des3_crypt_ecb( mbedtls_des3_context *ctx,
+                     const unsigned char input[8],
+                     unsigned char output[8] );
+
+#if defined(MBEDTLS_CIPHER_MODE_CBC)
+/**
+ * \brief          3DES-CBC buffer encryption/decryption
+ *
+ * \note           Upon exit, the content of the IV is updated so that you can
+ *                 call the function same function again on the following
+ *                 block(s) of data and get the same result as if it was
+ *                 encrypted in one call. This allows a "streaming" usage.
+ *                 If on the other hand you need to retain the contents of the
+ *                 IV, you should either save it manually or use the cipher
+ *                 module instead.
+ *
+ * \param ctx      3DES context
+ * \param mode     MBEDTLS_DES_ENCRYPT or MBEDTLS_DES_DECRYPT
+ * \param length   length of the input data
+ * \param iv       initialization vector (updated after use)
+ * \param input    buffer holding the input data
+ * \param output   buffer holding the output data
+ *
+ * \return         0 if successful, or MBEDTLS_ERR_DES_INVALID_INPUT_LENGTH
+ */
+int mbedtls_des3_crypt_cbc( mbedtls_des3_context *ctx,
+                     int mode,
+                     size_t length,
+                     unsigned char iv[8],
+                     const unsigned char *input,
+                     unsigned char *output );
+#endif /* MBEDTLS_CIPHER_MODE_CBC */
+
+/**
+ * \brief          Internal function for key expansion.
+ *                 (Only exposed to allow overriding it,
+ *                 see MBEDTLS_DES_SETKEY_ALT)
+ *
+ * \param SK       Round keys
+ * \param key      Base key
+ */
+void mbedtls_des_setkey( uint32_t SK[32],
+                         const unsigned char key[MBEDTLS_DES_KEY_SIZE] );
+#ifdef __cplusplus
+}
+#endif
+
+#else  /* MBEDTLS_DES_ALT */
+#include "des_alt.h"
+#endif /* MBEDTLS_DES_ALT */
+
+#ifdef __cplusplus
+extern "C" {
+#endif
+
+/**
+ * \brief          Checkup routine
+ *
+ * \return         0 if successful, or 1 if the test failed
+ */
+int mbedtls_des_self_test( int verbose );
+
+#ifdef __cplusplus
+}
+#endif
+
+#endif /* des.h */
diff --git a/client/3rd/ShadowSocks/ShadowSocks/mbedtls/include/mbedtls/dhm.h b/client/3rd/ShadowSocks/ShadowSocks/mbedtls/include/mbedtls/dhm.h
new file mode 100644
index 00000000..cd056d1b
--- /dev/null
+++ b/client/3rd/ShadowSocks/ShadowSocks/mbedtls/include/mbedtls/dhm.h
@@ -0,0 +1,305 @@
+/**
+ * \file dhm.h
+ *
+ * \brief Diffie-Hellman-Merkle key exchange
+ *
+ *  Copyright (C) 2006-2015, ARM Limited, All Rights Reserved
+ *  SPDX-License-Identifier: Apache-2.0
+ *
+ *  Licensed under the Apache License, Version 2.0 (the "License"); you may
+ *  not use this file except in compliance with the License.
+ *  You may obtain a copy of the License at
+ *
+ *  http://www.apache.org/licenses/LICENSE-2.0
+ *
+ *  Unless required by applicable law or agreed to in writing, software
+ *  distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
+ *  WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ *  See the License for the specific language governing permissions and
+ *  limitations under the License.
+ *
+ *  This file is part of mbed TLS (https://tls.mbed.org)
+ */
+#ifndef MBEDTLS_DHM_H
+#define MBEDTLS_DHM_H
+
+#include "bignum.h"
+
+/*
+ * DHM Error codes
+ */
+#define MBEDTLS_ERR_DHM_BAD_INPUT_DATA                    -0x3080  /**< Bad input parameters to function. */
+#define MBEDTLS_ERR_DHM_READ_PARAMS_FAILED                -0x3100  /**< Reading of the DHM parameters failed. */
+#define MBEDTLS_ERR_DHM_MAKE_PARAMS_FAILED                -0x3180  /**< Making of the DHM parameters failed. */
+#define MBEDTLS_ERR_DHM_READ_PUBLIC_FAILED                -0x3200  /**< Reading of the public values failed. */
+#define MBEDTLS_ERR_DHM_MAKE_PUBLIC_FAILED                -0x3280  /**< Making of the public value failed. */
+#define MBEDTLS_ERR_DHM_CALC_SECRET_FAILED                -0x3300  /**< Calculation of the DHM secret failed. */
+#define MBEDTLS_ERR_DHM_INVALID_FORMAT                    -0x3380  /**< The ASN.1 data is not formatted correctly. */
+#define MBEDTLS_ERR_DHM_ALLOC_FAILED                      -0x3400  /**< Allocation of memory failed. */
+#define MBEDTLS_ERR_DHM_FILE_IO_ERROR                     -0x3480  /**< Read/write of file failed. */
+
+/**
+ * RFC 3526 defines a number of standardized Diffie-Hellman groups
+ * for IKE.
+ * RFC 5114 defines a number of standardized Diffie-Hellman groups
+ * that can be used.
+ *
+ * Some are included here for convenience.
+ *
+ * Included are:
+ *  RFC 3526 3.    2048-bit MODP Group
+ *  RFC 3526 4.    3072-bit MODP Group
+ *  RFC 3526 5.    4096-bit MODP Group
+ *  RFC 5114 2.2.  2048-bit MODP Group with 224-bit Prime Order Subgroup
+ */
+#define MBEDTLS_DHM_RFC3526_MODP_2048_P               \
+    "FFFFFFFFFFFFFFFFC90FDAA22168C234C4C6628B80DC1CD1" \
+    "29024E088A67CC74020BBEA63B139B22514A08798E3404DD" \
+    "EF9519B3CD3A431B302B0A6DF25F14374FE1356D6D51C245" \
+    "E485B576625E7EC6F44C42E9A637ED6B0BFF5CB6F406B7ED" \
+    "EE386BFB5A899FA5AE9F24117C4B1FE649286651ECE45B3D" \
+    "C2007CB8A163BF0598DA48361C55D39A69163FA8FD24CF5F" \
+    "83655D23DCA3AD961C62F356208552BB9ED529077096966D" \
+    "670C354E4ABC9804F1746C08CA18217C32905E462E36CE3B" \
+    "E39E772C180E86039B2783A2EC07A28FB5C55DF06F4C52C9" \
+    "DE2BCBF6955817183995497CEA956AE515D2261898FA0510" \
+    "15728E5A8AACAA68FFFFFFFFFFFFFFFF"
+
+#define MBEDTLS_DHM_RFC3526_MODP_2048_G          "02"
+
+#define MBEDTLS_DHM_RFC3526_MODP_3072_P               \
+    "FFFFFFFFFFFFFFFFC90FDAA22168C234C4C6628B80DC1CD1" \
+    "29024E088A67CC74020BBEA63B139B22514A08798E3404DD" \
+    "EF9519B3CD3A431B302B0A6DF25F14374FE1356D6D51C245" \
+    "E485B576625E7EC6F44C42E9A637ED6B0BFF5CB6F406B7ED" \
+    "EE386BFB5A899FA5AE9F24117C4B1FE649286651ECE45B3D" \
+    "C2007CB8A163BF0598DA48361C55D39A69163FA8FD24CF5F" \
+    "83655D23DCA3AD961C62F356208552BB9ED529077096966D" \
+    "670C354E4ABC9804F1746C08CA18217C32905E462E36CE3B" \
+    "E39E772C180E86039B2783A2EC07A28FB5C55DF06F4C52C9" \
+    "DE2BCBF6955817183995497CEA956AE515D2261898FA0510" \
+    "15728E5A8AAAC42DAD33170D04507A33A85521ABDF1CBA64" \
+    "ECFB850458DBEF0A8AEA71575D060C7DB3970F85A6E1E4C7" \
+    "ABF5AE8CDB0933D71E8C94E04A25619DCEE3D2261AD2EE6B" \
+    "F12FFA06D98A0864D87602733EC86A64521F2B18177B200C" \
+    "BBE117577A615D6C770988C0BAD946E208E24FA074E5AB31" \
+    "43DB5BFCE0FD108E4B82D120A93AD2CAFFFFFFFFFFFFFFFF"
+
+#define MBEDTLS_DHM_RFC3526_MODP_3072_G          "02"
+
+#define MBEDTLS_DHM_RFC3526_MODP_4096_P                \
+    "FFFFFFFFFFFFFFFFC90FDAA22168C234C4C6628B80DC1CD1" \
+    "29024E088A67CC74020BBEA63B139B22514A08798E3404DD" \
+    "EF9519B3CD3A431B302B0A6DF25F14374FE1356D6D51C245" \
+    "E485B576625E7EC6F44C42E9A637ED6B0BFF5CB6F406B7ED" \
+    "EE386BFB5A899FA5AE9F24117C4B1FE649286651ECE45B3D" \
+    "C2007CB8A163BF0598DA48361C55D39A69163FA8FD24CF5F" \
+    "83655D23DCA3AD961C62F356208552BB9ED529077096966D" \
+    "670C354E4ABC9804F1746C08CA18217C32905E462E36CE3B" \
+    "E39E772C180E86039B2783A2EC07A28FB5C55DF06F4C52C9" \
+    "DE2BCBF6955817183995497CEA956AE515D2261898FA0510" \
+    "15728E5A8AAAC42DAD33170D04507A33A85521ABDF1CBA64" \
+    "ECFB850458DBEF0A8AEA71575D060C7DB3970F85A6E1E4C7" \
+    "ABF5AE8CDB0933D71E8C94E04A25619DCEE3D2261AD2EE6B" \
+    "F12FFA06D98A0864D87602733EC86A64521F2B18177B200C" \
+    "BBE117577A615D6C770988C0BAD946E208E24FA074E5AB31" \
+    "43DB5BFCE0FD108E4B82D120A92108011A723C12A787E6D7" \
+    "88719A10BDBA5B2699C327186AF4E23C1A946834B6150BDA" \
+    "2583E9CA2AD44CE8DBBBC2DB04DE8EF92E8EFC141FBECAA6" \
+    "287C59474E6BC05D99B2964FA090C3A2233BA186515BE7ED" \
+    "1F612970CEE2D7AFB81BDD762170481CD0069127D5B05AA9" \
+    "93B4EA988D8FDDC186FFB7DC90A6C08F4DF435C934063199" \
+    "FFFFFFFFFFFFFFFF"
+
+#define MBEDTLS_DHM_RFC3526_MODP_4096_G          "02"
+
+#define MBEDTLS_DHM_RFC5114_MODP_2048_P               \
+    "AD107E1E9123A9D0D660FAA79559C51FA20D64E5683B9FD1" \
+    "B54B1597B61D0A75E6FA141DF95A56DBAF9A3C407BA1DF15" \
+    "EB3D688A309C180E1DE6B85A1274A0A66D3F8152AD6AC212" \
+    "9037C9EDEFDA4DF8D91E8FEF55B7394B7AD5B7D0B6C12207" \
+    "C9F98D11ED34DBF6C6BA0B2C8BBC27BE6A00E0A0B9C49708" \
+    "B3BF8A317091883681286130BC8985DB1602E714415D9330" \
+    "278273C7DE31EFDC7310F7121FD5A07415987D9ADC0A486D" \
+    "CDF93ACC44328387315D75E198C641A480CD86A1B9E587E8" \
+    "BE60E69CC928B2B9C52172E413042E9B23F10B0E16E79763" \
+    "C9B53DCF4BA80A29E3FB73C16B8E75B97EF363E2FFA31F71" \
+    "CF9DE5384E71B81C0AC4DFFE0C10E64F"
+
+#define MBEDTLS_DHM_RFC5114_MODP_2048_G              \
+    "AC4032EF4F2D9AE39DF30B5C8FFDAC506CDEBE7B89998CAF"\
+    "74866A08CFE4FFE3A6824A4E10B9A6F0DD921F01A70C4AFA"\
+    "AB739D7700C29F52C57DB17C620A8652BE5E9001A8D66AD7"\
+    "C17669101999024AF4D027275AC1348BB8A762D0521BC98A"\
+    "E247150422EA1ED409939D54DA7460CDB5F6C6B250717CBE"\
+    "F180EB34118E98D119529A45D6F834566E3025E316A330EF"\
+    "BB77A86F0C1AB15B051AE3D428C8F8ACB70A8137150B8EEB"\
+    "10E183EDD19963DDD9E263E4770589EF6AA21E7F5F2FF381"\
+    "B539CCE3409D13CD566AFBB48D6C019181E1BCFE94B30269"\
+    "EDFE72FE9B6AA4BD7B5A0F1C71CFFF4C19C418E1F6EC0179"\
+    "81BC087F2A7065B384B890D3191F2BFA"
+
+#ifdef __cplusplus
+extern "C" {
+#endif
+
+/**
+ * \brief          DHM context structure
+ */
+typedef struct
+{
+    size_t len; /*!<  size(P) in chars  */
+    mbedtls_mpi P;      /*!<  prime modulus     */
+    mbedtls_mpi G;      /*!<  generator         */
+    mbedtls_mpi X;      /*!<  secret value      */
+    mbedtls_mpi GX;     /*!<  self = G^X mod P  */
+    mbedtls_mpi GY;     /*!<  peer = G^Y mod P  */
+    mbedtls_mpi K;      /*!<  key = GY^X mod P  */
+    mbedtls_mpi RP;     /*!<  cached R^2 mod P  */
+    mbedtls_mpi Vi;     /*!<  blinding value    */
+    mbedtls_mpi Vf;     /*!<  un-blinding value */
+    mbedtls_mpi pX;     /*!<  previous X        */
+}
+mbedtls_dhm_context;
+
+/**
+ * \brief          Initialize DHM context
+ *
+ * \param ctx      DHM context to be initialized
+ */
+void mbedtls_dhm_init( mbedtls_dhm_context *ctx );
+
+/**
+ * \brief          Parse the ServerKeyExchange parameters
+ *
+ * \param ctx      DHM context
+ * \param p        &(start of input buffer)
+ * \param end      end of buffer
+ *
+ * \return         0 if successful, or an MBEDTLS_ERR_DHM_XXX error code
+ */
+int mbedtls_dhm_read_params( mbedtls_dhm_context *ctx,
+                     unsigned char **p,
+                     const unsigned char *end );
+
+/**
+ * \brief          Setup and write the ServerKeyExchange parameters
+ *
+ * \param ctx      DHM context
+ * \param x_size   private value size in bytes
+ * \param output   destination buffer
+ * \param olen     number of chars written
+ * \param f_rng    RNG function
+ * \param p_rng    RNG parameter
+ *
+ * \note           This function assumes that ctx->P and ctx->G
+ *                 have already been properly set (for example
+ *                 using mbedtls_mpi_read_string or mbedtls_mpi_read_binary).
+ *
+ * \return         0 if successful, or an MBEDTLS_ERR_DHM_XXX error code
+ */
+int mbedtls_dhm_make_params( mbedtls_dhm_context *ctx, int x_size,
+                     unsigned char *output, size_t *olen,
+                     int (*f_rng)(void *, unsigned char *, size_t),
+                     void *p_rng );
+
+/**
+ * \brief          Import the peer's public value G^Y
+ *
+ * \param ctx      DHM context
+ * \param input    input buffer
+ * \param ilen     size of buffer
+ *
+ * \return         0 if successful, or an MBEDTLS_ERR_DHM_XXX error code
+ */
+int mbedtls_dhm_read_public( mbedtls_dhm_context *ctx,
+                     const unsigned char *input, size_t ilen );
+
+/**
+ * \brief          Create own private value X and export G^X
+ *
+ * \param ctx      DHM context
+ * \param x_size   private value size in bytes
+ * \param output   destination buffer
+ * \param olen     must be equal to ctx->P.len
+ * \param f_rng    RNG function
+ * \param p_rng    RNG parameter
+ *
+ * \return         0 if successful, or an MBEDTLS_ERR_DHM_XXX error code
+ */
+int mbedtls_dhm_make_public( mbedtls_dhm_context *ctx, int x_size,
+                     unsigned char *output, size_t olen,
+                     int (*f_rng)(void *, unsigned char *, size_t),
+                     void *p_rng );
+
+/**
+ * \brief          Derive and export the shared secret (G^Y)^X mod P
+ *
+ * \param ctx      DHM context
+ * \param output   destination buffer
+ * \param output_size   size of the destination buffer
+ * \param olen     on exit, holds the actual number of bytes written
+ * \param f_rng    RNG function, for blinding purposes
+ * \param p_rng    RNG parameter
+ *
+ * \return         0 if successful, or an MBEDTLS_ERR_DHM_XXX error code
+ *
+ * \note           If non-NULL, f_rng is used to blind the input as
+ *                 countermeasure against timing attacks. Blinding is
+ *                 automatically used if and only if our secret value X is
+ *                 re-used and costs nothing otherwise, so it is recommended
+ *                 to always pass a non-NULL f_rng argument.
+ */
+int mbedtls_dhm_calc_secret( mbedtls_dhm_context *ctx,
+                     unsigned char *output, size_t output_size, size_t *olen,
+                     int (*f_rng)(void *, unsigned char *, size_t),
+                     void *p_rng );
+
+/**
+ * \brief          Free and clear the components of a DHM key
+ *
+ * \param ctx      DHM context to free and clear
+ */
+void mbedtls_dhm_free( mbedtls_dhm_context *ctx );
+
+#if defined(MBEDTLS_ASN1_PARSE_C)
+/** \ingroup x509_module */
+/**
+ * \brief          Parse DHM parameters in PEM or DER format
+ *
+ * \param dhm      DHM context to be initialized
+ * \param dhmin    input buffer
+ * \param dhminlen size of the buffer
+ *                 (including the terminating null byte for PEM data)
+ *
+ * \return         0 if successful, or a specific DHM or PEM error code
+ */
+int mbedtls_dhm_parse_dhm( mbedtls_dhm_context *dhm, const unsigned char *dhmin,
+                   size_t dhminlen );
+
+#if defined(MBEDTLS_FS_IO)
+/** \ingroup x509_module */
+/**
+ * \brief          Load and parse DHM parameters
+ *
+ * \param dhm      DHM context to be initialized
+ * \param path     filename to read the DHM Parameters from
+ *
+ * \return         0 if successful, or a specific DHM or PEM error code
+ */
+int mbedtls_dhm_parse_dhmfile( mbedtls_dhm_context *dhm, const char *path );
+#endif /* MBEDTLS_FS_IO */
+#endif /* MBEDTLS_ASN1_PARSE_C */
+
+/**
+ * \brief          Checkup routine
+ *
+ * \return         0 if successful, or 1 if the test failed
+ */
+int mbedtls_dhm_self_test( int verbose );
+
+#ifdef __cplusplus
+}
+#endif
+
+#endif /* dhm.h */
diff --git a/client/3rd/ShadowSocks/ShadowSocks/mbedtls/include/mbedtls/ecdh.h b/client/3rd/ShadowSocks/ShadowSocks/mbedtls/include/mbedtls/ecdh.h
new file mode 100644
index 00000000..625a2819
--- /dev/null
+++ b/client/3rd/ShadowSocks/ShadowSocks/mbedtls/include/mbedtls/ecdh.h
@@ -0,0 +1,214 @@
+/**
+ * \file ecdh.h
+ *
+ * \brief Elliptic curve Diffie-Hellman
+ *
+ *  Copyright (C) 2006-2015, ARM Limited, All Rights Reserved
+ *  SPDX-License-Identifier: Apache-2.0
+ *
+ *  Licensed under the Apache License, Version 2.0 (the "License"); you may
+ *  not use this file except in compliance with the License.
+ *  You may obtain a copy of the License at
+ *
+ *  http://www.apache.org/licenses/LICENSE-2.0
+ *
+ *  Unless required by applicable law or agreed to in writing, software
+ *  distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
+ *  WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ *  See the License for the specific language governing permissions and
+ *  limitations under the License.
+ *
+ *  This file is part of mbed TLS (https://tls.mbed.org)
+ */
+#ifndef MBEDTLS_ECDH_H
+#define MBEDTLS_ECDH_H
+
+#include "ecp.h"
+
+#ifdef __cplusplus
+extern "C" {
+#endif
+
+/**
+ * When importing from an EC key, select if it is our key or the peer's key
+ */
+typedef enum
+{
+    MBEDTLS_ECDH_OURS,
+    MBEDTLS_ECDH_THEIRS,
+} mbedtls_ecdh_side;
+
+/**
+ * \brief           ECDH context structure
+ */
+typedef struct
+{
+    mbedtls_ecp_group grp;      /*!<  elliptic curve used                           */
+    mbedtls_mpi d;              /*!<  our secret value (private key)                */
+    mbedtls_ecp_point Q;        /*!<  our public value (public key)                 */
+    mbedtls_ecp_point Qp;       /*!<  peer's public value (public key)              */
+    mbedtls_mpi z;              /*!<  shared secret                                 */
+    int point_format;   /*!<  format for point export in TLS messages       */
+    mbedtls_ecp_point Vi;       /*!<  blinding value (for later)                    */
+    mbedtls_ecp_point Vf;       /*!<  un-blinding value (for later)                 */
+    mbedtls_mpi _d;             /*!<  previous d (for later)                        */
+}
+mbedtls_ecdh_context;
+
+/**
+ * \brief           Generate a public key.
+ *                  Raw function that only does the core computation.
+ *
+ * \param grp       ECP group
+ * \param d         Destination MPI (secret exponent, aka private key)
+ * \param Q         Destination point (public key)
+ * \param f_rng     RNG function
+ * \param p_rng     RNG parameter
+ *
+ * \return          0 if successful,
+ *                  or a MBEDTLS_ERR_ECP_XXX or MBEDTLS_MPI_XXX error code
+ */
+int mbedtls_ecdh_gen_public( mbedtls_ecp_group *grp, mbedtls_mpi *d, mbedtls_ecp_point *Q,
+                     int (*f_rng)(void *, unsigned char *, size_t),
+                     void *p_rng );
+
+/**
+ * \brief           Compute shared secret
+ *                  Raw function that only does the core computation.
+ *
+ * \param grp       ECP group
+ * \param z         Destination MPI (shared secret)
+ * \param Q         Public key from other party
+ * \param d         Our secret exponent (private key)
+ * \param f_rng     RNG function (see notes)
+ * \param p_rng     RNG parameter
+ *
+ * \return          0 if successful,
+ *                  or a MBEDTLS_ERR_ECP_XXX or MBEDTLS_MPI_XXX error code
+ *
+ * \note            If f_rng is not NULL, it is used to implement
+ *                  countermeasures against potential elaborate timing
+ *                  attacks, see \c mbedtls_ecp_mul() for details.
+ */
+int mbedtls_ecdh_compute_shared( mbedtls_ecp_group *grp, mbedtls_mpi *z,
+                         const mbedtls_ecp_point *Q, const mbedtls_mpi *d,
+                         int (*f_rng)(void *, unsigned char *, size_t),
+                         void *p_rng );
+
+/**
+ * \brief           Initialize context
+ *
+ * \param ctx       Context to initialize
+ */
+void mbedtls_ecdh_init( mbedtls_ecdh_context *ctx );
+
+/**
+ * \brief           Free context
+ *
+ * \param ctx       Context to free
+ */
+void mbedtls_ecdh_free( mbedtls_ecdh_context *ctx );
+
+/**
+ * \brief           Generate a public key and a TLS ServerKeyExchange payload.
+ *                  (First function used by a TLS server for ECDHE.)
+ *
+ * \param ctx       ECDH context
+ * \param olen      number of chars written
+ * \param buf       destination buffer
+ * \param blen      length of buffer
+ * \param f_rng     RNG function
+ * \param p_rng     RNG parameter
+ *
+ * \note            This function assumes that ctx->grp has already been
+ *                  properly set (for example using mbedtls_ecp_group_load).
+ *
+ * \return          0 if successful, or an MBEDTLS_ERR_ECP_XXX error code
+ */
+int mbedtls_ecdh_make_params( mbedtls_ecdh_context *ctx, size_t *olen,
+                      unsigned char *buf, size_t blen,
+                      int (*f_rng)(void *, unsigned char *, size_t),
+                      void *p_rng );
+
+/**
+ * \brief           Parse and procress a TLS ServerKeyExhange payload.
+ *                  (First function used by a TLS client for ECDHE.)
+ *
+ * \param ctx       ECDH context
+ * \param buf       pointer to start of input buffer
+ * \param end       one past end of buffer
+ *
+ * \return          0 if successful, or an MBEDTLS_ERR_ECP_XXX error code
+ */
+int mbedtls_ecdh_read_params( mbedtls_ecdh_context *ctx,
+                      const unsigned char **buf, const unsigned char *end );
+
+/**
+ * \brief           Setup an ECDH context from an EC key.
+ *                  (Used by clients and servers in place of the
+ *                  ServerKeyEchange for static ECDH: import ECDH parameters
+ *                  from a certificate's EC key information.)
+ *
+ * \param ctx       ECDH constext to set
+ * \param key       EC key to use
+ * \param side      Is it our key (1) or the peer's key (0) ?
+ *
+ * \return          0 if successful, or an MBEDTLS_ERR_ECP_XXX error code
+ */
+int mbedtls_ecdh_get_params( mbedtls_ecdh_context *ctx, const mbedtls_ecp_keypair *key,
+                     mbedtls_ecdh_side side );
+
+/**
+ * \brief           Generate a public key and a TLS ClientKeyExchange payload.
+ *                  (Second function used by a TLS client for ECDH(E).)
+ *
+ * \param ctx       ECDH context
+ * \param olen      number of bytes actually written
+ * \param buf       destination buffer
+ * \param blen      size of destination buffer
+ * \param f_rng     RNG function
+ * \param p_rng     RNG parameter
+ *
+ * \return          0 if successful, or an MBEDTLS_ERR_ECP_XXX error code
+ */
+int mbedtls_ecdh_make_public( mbedtls_ecdh_context *ctx, size_t *olen,
+                      unsigned char *buf, size_t blen,
+                      int (*f_rng)(void *, unsigned char *, size_t),
+                      void *p_rng );
+
+/**
+ * \brief           Parse and process a TLS ClientKeyExchange payload.
+ *                  (Second function used by a TLS server for ECDH(E).)
+ *
+ * \param ctx       ECDH context
+ * \param buf       start of input buffer
+ * \param blen      length of input buffer
+ *
+ * \return          0 if successful, or an MBEDTLS_ERR_ECP_XXX error code
+ */
+int mbedtls_ecdh_read_public( mbedtls_ecdh_context *ctx,
+                      const unsigned char *buf, size_t blen );
+
+/**
+ * \brief           Derive and export the shared secret.
+ *                  (Last function used by both TLS client en servers.)
+ *
+ * \param ctx       ECDH context
+ * \param olen      number of bytes written
+ * \param buf       destination buffer
+ * \param blen      buffer length
+ * \param f_rng     RNG function, see notes for \c mbedtls_ecdh_compute_shared()
+ * \param p_rng     RNG parameter
+ *
+ * \return          0 if successful, or an MBEDTLS_ERR_ECP_XXX error code
+ */
+int mbedtls_ecdh_calc_secret( mbedtls_ecdh_context *ctx, size_t *olen,
+                      unsigned char *buf, size_t blen,
+                      int (*f_rng)(void *, unsigned char *, size_t),
+                      void *p_rng );
+
+#ifdef __cplusplus
+}
+#endif
+
+#endif /* ecdh.h */
diff --git a/client/3rd/ShadowSocks/ShadowSocks/mbedtls/include/mbedtls/ecdsa.h b/client/3rd/ShadowSocks/ShadowSocks/mbedtls/include/mbedtls/ecdsa.h
new file mode 100644
index 00000000..52827d8d
--- /dev/null
+++ b/client/3rd/ShadowSocks/ShadowSocks/mbedtls/include/mbedtls/ecdsa.h
@@ -0,0 +1,248 @@
+/**
+ * \file ecdsa.h
+ *
+ * \brief Elliptic curve DSA
+ *
+ *  Copyright (C) 2006-2015, ARM Limited, All Rights Reserved
+ *  SPDX-License-Identifier: Apache-2.0
+ *
+ *  Licensed under the Apache License, Version 2.0 (the "License"); you may
+ *  not use this file except in compliance with the License.
+ *  You may obtain a copy of the License at
+ *
+ *  http://www.apache.org/licenses/LICENSE-2.0
+ *
+ *  Unless required by applicable law or agreed to in writing, software
+ *  distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
+ *  WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ *  See the License for the specific language governing permissions and
+ *  limitations under the License.
+ *
+ *  This file is part of mbed TLS (https://tls.mbed.org)
+ */
+#ifndef MBEDTLS_ECDSA_H
+#define MBEDTLS_ECDSA_H
+
+#include "ecp.h"
+#include "md.h"
+
+/*
+ * RFC 4492 page 20:
+ *
+ *     Ecdsa-Sig-Value ::= SEQUENCE {
+ *         r       INTEGER,
+ *         s       INTEGER
+ *     }
+ *
+ * Size is at most
+ *    1 (tag) + 1 (len) + 1 (initial 0) + ECP_MAX_BYTES for each of r and s,
+ *    twice that + 1 (tag) + 2 (len) for the sequence
+ * (assuming ECP_MAX_BYTES is less than 126 for r and s,
+ * and less than 124 (total len <= 255) for the sequence)
+ */
+#if MBEDTLS_ECP_MAX_BYTES > 124
+#error "MBEDTLS_ECP_MAX_BYTES bigger than expected, please fix MBEDTLS_ECDSA_MAX_LEN"
+#endif
+/** Maximum size of an ECDSA signature in bytes */
+#define MBEDTLS_ECDSA_MAX_LEN  ( 3 + 2 * ( 3 + MBEDTLS_ECP_MAX_BYTES ) )
+
+/**
+ * \brief           ECDSA context structure
+ */
+typedef mbedtls_ecp_keypair mbedtls_ecdsa_context;
+
+#ifdef __cplusplus
+extern "C" {
+#endif
+
+/**
+ * \brief           Compute ECDSA signature of a previously hashed message
+ *
+ * \note            The deterministic version is usually prefered.
+ *
+ * \param grp       ECP group
+ * \param r         First output integer
+ * \param s         Second output integer
+ * \param d         Private signing key
+ * \param buf       Message hash
+ * \param blen      Length of buf
+ * \param f_rng     RNG function
+ * \param p_rng     RNG parameter
+ *
+ * \return          0 if successful,
+ *                  or a MBEDTLS_ERR_ECP_XXX or MBEDTLS_MPI_XXX error code
+ */
+int mbedtls_ecdsa_sign( mbedtls_ecp_group *grp, mbedtls_mpi *r, mbedtls_mpi *s,
+                const mbedtls_mpi *d, const unsigned char *buf, size_t blen,
+                int (*f_rng)(void *, unsigned char *, size_t), void *p_rng );
+
+#if defined(MBEDTLS_ECDSA_DETERMINISTIC)
+/**
+ * \brief           Compute ECDSA signature of a previously hashed message,
+ *                  deterministic version (RFC 6979).
+ *
+ * \param grp       ECP group
+ * \param r         First output integer
+ * \param s         Second output integer
+ * \param d         Private signing key
+ * \param buf       Message hash
+ * \param blen      Length of buf
+ * \param md_alg    MD algorithm used to hash the message
+ *
+ * \return          0 if successful,
+ *                  or a MBEDTLS_ERR_ECP_XXX or MBEDTLS_MPI_XXX error code
+ */
+int mbedtls_ecdsa_sign_det( mbedtls_ecp_group *grp, mbedtls_mpi *r, mbedtls_mpi *s,
+                    const mbedtls_mpi *d, const unsigned char *buf, size_t blen,
+                    mbedtls_md_type_t md_alg );
+#endif /* MBEDTLS_ECDSA_DETERMINISTIC */
+
+/**
+ * \brief           Verify ECDSA signature of a previously hashed message
+ *
+ * \param grp       ECP group
+ * \param buf       Message hash
+ * \param blen      Length of buf
+ * \param Q         Public key to use for verification
+ * \param r         First integer of the signature
+ * \param s         Second integer of the signature
+ *
+ * \return          0 if successful,
+ *                  MBEDTLS_ERR_ECP_BAD_INPUT_DATA if signature is invalid
+ *                  or a MBEDTLS_ERR_ECP_XXX or MBEDTLS_MPI_XXX error code
+ */
+int mbedtls_ecdsa_verify( mbedtls_ecp_group *grp,
+                  const unsigned char *buf, size_t blen,
+                  const mbedtls_ecp_point *Q, const mbedtls_mpi *r, const mbedtls_mpi *s);
+
+/**
+ * \brief           Compute ECDSA signature and write it to buffer,
+ *                  serialized as defined in RFC 4492 page 20.
+ *                  (Not thread-safe to use same context in multiple threads)
+ *
+ * \note            The deterministice version (RFC 6979) is used if
+ *                  MBEDTLS_ECDSA_DETERMINISTIC is defined.
+ *
+ * \param ctx       ECDSA context
+ * \param md_alg    Algorithm that was used to hash the message
+ * \param hash      Message hash
+ * \param hlen      Length of hash
+ * \param sig       Buffer that will hold the signature
+ * \param slen      Length of the signature written
+ * \param f_rng     RNG function
+ * \param p_rng     RNG parameter
+ *
+ * \note            The "sig" buffer must be at least as large as twice the
+ *                  size of the curve used, plus 9 (eg. 73 bytes if a 256-bit
+ *                  curve is used). MBEDTLS_ECDSA_MAX_LEN is always safe.
+ *
+ * \return          0 if successful,
+ *                  or a MBEDTLS_ERR_ECP_XXX, MBEDTLS_ERR_MPI_XXX or
+ *                  MBEDTLS_ERR_ASN1_XXX error code
+ */
+int mbedtls_ecdsa_write_signature( mbedtls_ecdsa_context *ctx, mbedtls_md_type_t md_alg,
+                           const unsigned char *hash, size_t hlen,
+                           unsigned char *sig, size_t *slen,
+                           int (*f_rng)(void *, unsigned char *, size_t),
+                           void *p_rng );
+
+#if defined(MBEDTLS_ECDSA_DETERMINISTIC)
+#if ! defined(MBEDTLS_DEPRECATED_REMOVED)
+#if defined(MBEDTLS_DEPRECATED_WARNING)
+#define MBEDTLS_DEPRECATED    __attribute__((deprecated))
+#else
+#define MBEDTLS_DEPRECATED
+#endif
+/**
+ * \brief           Compute ECDSA signature and write it to buffer,
+ *                  serialized as defined in RFC 4492 page 20.
+ *                  Deterministic version, RFC 6979.
+ *                  (Not thread-safe to use same context in multiple threads)
+ *
+ * \deprecated      Superseded by mbedtls_ecdsa_write_signature() in 2.0.0
+ *
+ * \param ctx       ECDSA context
+ * \param hash      Message hash
+ * \param hlen      Length of hash
+ * \param sig       Buffer that will hold the signature
+ * \param slen      Length of the signature written
+ * \param md_alg    MD algorithm used to hash the message
+ *
+ * \note            The "sig" buffer must be at least as large as twice the
+ *                  size of the curve used, plus 9 (eg. 73 bytes if a 256-bit
+ *                  curve is used). MBEDTLS_ECDSA_MAX_LEN is always safe.
+ *
+ * \return          0 if successful,
+ *                  or a MBEDTLS_ERR_ECP_XXX, MBEDTLS_ERR_MPI_XXX or
+ *                  MBEDTLS_ERR_ASN1_XXX error code
+ */
+int mbedtls_ecdsa_write_signature_det( mbedtls_ecdsa_context *ctx,
+                               const unsigned char *hash, size_t hlen,
+                               unsigned char *sig, size_t *slen,
+                               mbedtls_md_type_t md_alg ) MBEDTLS_DEPRECATED;
+#undef MBEDTLS_DEPRECATED
+#endif /* MBEDTLS_DEPRECATED_REMOVED */
+#endif /* MBEDTLS_ECDSA_DETERMINISTIC */
+
+/**
+ * \brief           Read and verify an ECDSA signature
+ *
+ * \param ctx       ECDSA context
+ * \param hash      Message hash
+ * \param hlen      Size of hash
+ * \param sig       Signature to read and verify
+ * \param slen      Size of sig
+ *
+ * \return          0 if successful,
+ *                  MBEDTLS_ERR_ECP_BAD_INPUT_DATA if signature is invalid,
+ *                  MBEDTLS_ERR_ECP_SIG_LEN_MISMATCH if the signature is
+ *                  valid but its actual length is less than siglen,
+ *                  or a MBEDTLS_ERR_ECP_XXX or MBEDTLS_ERR_MPI_XXX error code
+ */
+int mbedtls_ecdsa_read_signature( mbedtls_ecdsa_context *ctx,
+                          const unsigned char *hash, size_t hlen,
+                          const unsigned char *sig, size_t slen );
+
+/**
+ * \brief           Generate an ECDSA keypair on the given curve
+ *
+ * \param ctx       ECDSA context in which the keypair should be stored
+ * \param gid       Group (elliptic curve) to use. One of the various
+ *                  MBEDTLS_ECP_DP_XXX macros depending on configuration.
+ * \param f_rng     RNG function
+ * \param p_rng     RNG parameter
+ *
+ * \return          0 on success, or a MBEDTLS_ERR_ECP_XXX code.
+ */
+int mbedtls_ecdsa_genkey( mbedtls_ecdsa_context *ctx, mbedtls_ecp_group_id gid,
+                  int (*f_rng)(void *, unsigned char *, size_t), void *p_rng );
+
+/**
+ * \brief           Set an ECDSA context from an EC key pair
+ *
+ * \param ctx       ECDSA context to set
+ * \param key       EC key to use
+ *
+ * \return          0 on success, or a MBEDTLS_ERR_ECP_XXX code.
+ */
+int mbedtls_ecdsa_from_keypair( mbedtls_ecdsa_context *ctx, const mbedtls_ecp_keypair *key );
+
+/**
+ * \brief           Initialize context
+ *
+ * \param ctx       Context to initialize
+ */
+void mbedtls_ecdsa_init( mbedtls_ecdsa_context *ctx );
+
+/**
+ * \brief           Free context
+ *
+ * \param ctx       Context to free
+ */
+void mbedtls_ecdsa_free( mbedtls_ecdsa_context *ctx );
+
+#ifdef __cplusplus
+}
+#endif
+
+#endif /* ecdsa.h */
diff --git a/client/3rd/ShadowSocks/ShadowSocks/mbedtls/include/mbedtls/ecp.h b/client/3rd/ShadowSocks/ShadowSocks/mbedtls/include/mbedtls/ecp.h
new file mode 100644
index 00000000..723e46c9
--- /dev/null
+++ b/client/3rd/ShadowSocks/ShadowSocks/mbedtls/include/mbedtls/ecp.h
@@ -0,0 +1,631 @@
+/**
+ * \file ecp.h
+ *
+ * \brief Elliptic curves over GF(p)
+ *
+ *  Copyright (C) 2006-2015, ARM Limited, All Rights Reserved
+ *  SPDX-License-Identifier: Apache-2.0
+ *
+ *  Licensed under the Apache License, Version 2.0 (the "License"); you may
+ *  not use this file except in compliance with the License.
+ *  You may obtain a copy of the License at
+ *
+ *  http://www.apache.org/licenses/LICENSE-2.0
+ *
+ *  Unless required by applicable law or agreed to in writing, software
+ *  distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
+ *  WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ *  See the License for the specific language governing permissions and
+ *  limitations under the License.
+ *
+ *  This file is part of mbed TLS (https://tls.mbed.org)
+ */
+#ifndef MBEDTLS_ECP_H
+#define MBEDTLS_ECP_H
+
+#include "bignum.h"
+
+/*
+ * ECP error codes
+ */
+#define MBEDTLS_ERR_ECP_BAD_INPUT_DATA                    -0x4F80  /**< Bad input parameters to function. */
+#define MBEDTLS_ERR_ECP_BUFFER_TOO_SMALL                  -0x4F00  /**< The buffer is too small to write to. */
+#define MBEDTLS_ERR_ECP_FEATURE_UNAVAILABLE               -0x4E80  /**< Requested curve not available. */
+#define MBEDTLS_ERR_ECP_VERIFY_FAILED                     -0x4E00  /**< The signature is not valid. */
+#define MBEDTLS_ERR_ECP_ALLOC_FAILED                      -0x4D80  /**< Memory allocation failed. */
+#define MBEDTLS_ERR_ECP_RANDOM_FAILED                     -0x4D00  /**< Generation of random value, such as (ephemeral) key, failed. */
+#define MBEDTLS_ERR_ECP_INVALID_KEY                       -0x4C80  /**< Invalid private or public key. */
+#define MBEDTLS_ERR_ECP_SIG_LEN_MISMATCH                  -0x4C00  /**< Signature is valid but shorter than the user-supplied length. */
+
+#ifdef __cplusplus
+extern "C" {
+#endif
+
+/**
+ * Domain parameters (curve, subgroup and generator) identifiers.
+ *
+ * Only curves over prime fields are supported.
+ *
+ * \warning This library does not support validation of arbitrary domain
+ * parameters. Therefore, only well-known domain parameters from trusted
+ * sources should be used. See mbedtls_ecp_group_load().
+ */
+typedef enum
+{
+    MBEDTLS_ECP_DP_NONE = 0,
+    MBEDTLS_ECP_DP_SECP192R1,      /*!< 192-bits NIST curve  */
+    MBEDTLS_ECP_DP_SECP224R1,      /*!< 224-bits NIST curve  */
+    MBEDTLS_ECP_DP_SECP256R1,      /*!< 256-bits NIST curve  */
+    MBEDTLS_ECP_DP_SECP384R1,      /*!< 384-bits NIST curve  */
+    MBEDTLS_ECP_DP_SECP521R1,      /*!< 521-bits NIST curve  */
+    MBEDTLS_ECP_DP_BP256R1,        /*!< 256-bits Brainpool curve */
+    MBEDTLS_ECP_DP_BP384R1,        /*!< 384-bits Brainpool curve */
+    MBEDTLS_ECP_DP_BP512R1,        /*!< 512-bits Brainpool curve */
+    MBEDTLS_ECP_DP_CURVE25519,           /*!< Curve25519               */
+    MBEDTLS_ECP_DP_SECP192K1,      /*!< 192-bits "Koblitz" curve */
+    MBEDTLS_ECP_DP_SECP224K1,      /*!< 224-bits "Koblitz" curve */
+    MBEDTLS_ECP_DP_SECP256K1,      /*!< 256-bits "Koblitz" curve */
+} mbedtls_ecp_group_id;
+
+/**
+ * Number of supported curves (plus one for NONE).
+ *
+ * (Montgomery curves excluded for now.)
+ */
+#define MBEDTLS_ECP_DP_MAX     12
+
+/**
+ * Curve information for use by other modules
+ */
+typedef struct
+{
+    mbedtls_ecp_group_id grp_id;    /*!< Internal identifier        */
+    uint16_t tls_id;                /*!< TLS NamedCurve identifier  */
+    uint16_t bit_size;              /*!< Curve size in bits         */
+    const char *name;               /*!< Human-friendly name        */
+} mbedtls_ecp_curve_info;
+
+/**
+ * \brief           ECP point structure (jacobian coordinates)
+ *
+ * \note            All functions expect and return points satisfying
+ *                  the following condition: Z == 0 or Z == 1. (Other
+ *                  values of Z are used by internal functions only.)
+ *                  The point is zero, or "at infinity", if Z == 0.
+ *                  Otherwise, X and Y are its standard (affine) coordinates.
+ */
+typedef struct
+{
+    mbedtls_mpi X;          /*!<  the point's X coordinate  */
+    mbedtls_mpi Y;          /*!<  the point's Y coordinate  */
+    mbedtls_mpi Z;          /*!<  the point's Z coordinate  */
+}
+mbedtls_ecp_point;
+
+/**
+ * \brief           ECP group structure
+ *
+ * We consider two types of curves equations:
+ * 1. Short Weierstrass y^2 = x^3 + A x + B     mod P   (SEC1 + RFC 4492)
+ * 2. Montgomery,       y^2 = x^3 + A x^2 + x   mod P   (Curve25519 + draft)
+ * In both cases, a generator G for a prime-order subgroup is fixed. In the
+ * short weierstrass, this subgroup is actually the whole curve, and its
+ * cardinal is denoted by N.
+ *
+ * In the case of Short Weierstrass curves, our code requires that N is an odd
+ * prime. (Use odd in mbedtls_ecp_mul() and prime in mbedtls_ecdsa_sign() for blinding.)
+ *
+ * In the case of Montgomery curves, we don't store A but (A + 2) / 4 which is
+ * the quantity actually used in the formulas. Also, nbits is not the size of N
+ * but the required size for private keys.
+ *
+ * If modp is NULL, reduction modulo P is done using a generic algorithm.
+ * Otherwise, it must point to a function that takes an mbedtls_mpi in the range
+ * 0..2^(2*pbits)-1 and transforms it in-place in an integer of little more
+ * than pbits, so that the integer may be efficiently brought in the 0..P-1
+ * range by a few additions or substractions. It must return 0 on success and
+ * non-zero on failure.
+ */
+typedef struct
+{
+    mbedtls_ecp_group_id id;    /*!<  internal group identifier                     */
+    mbedtls_mpi P;              /*!<  prime modulus of the base field               */
+    mbedtls_mpi A;              /*!<  1. A in the equation, or 2. (A + 2) / 4       */
+    mbedtls_mpi B;              /*!<  1. B in the equation, or 2. unused            */
+    mbedtls_ecp_point G;        /*!<  generator of the (sub)group used              */
+    mbedtls_mpi N;              /*!<  1. the order of G, or 2. unused               */
+    size_t pbits;       /*!<  number of bits in P                           */
+    size_t nbits;       /*!<  number of bits in 1. P, or 2. private keys    */
+    unsigned int h;     /*!<  internal: 1 if the constants are static       */
+    int (*modp)(mbedtls_mpi *); /*!<  function for fast reduction mod P             */
+    int (*t_pre)(mbedtls_ecp_point *, void *);  /*!< unused                         */
+    int (*t_post)(mbedtls_ecp_point *, void *); /*!< unused                         */
+    void *t_data;                       /*!< unused                         */
+    mbedtls_ecp_point *T;       /*!<  pre-computed points for ecp_mul_comb()        */
+    size_t T_size;      /*!<  number for pre-computed points                */
+}
+mbedtls_ecp_group;
+
+/**
+ * \brief           ECP key pair structure
+ *
+ * A generic key pair that could be used for ECDSA, fixed ECDH, etc.
+ *
+ * \note Members purposefully in the same order as struc mbedtls_ecdsa_context.
+ */
+typedef struct
+{
+    mbedtls_ecp_group grp;      /*!<  Elliptic curve and base point     */
+    mbedtls_mpi d;              /*!<  our secret value                  */
+    mbedtls_ecp_point Q;        /*!<  our public value                  */
+}
+mbedtls_ecp_keypair;
+
+/**
+ * \name SECTION: Module settings
+ *
+ * The configuration options you can set for this module are in this section.
+ * Either change them in config.h or define them on the compiler command line.
+ * \{
+ */
+
+#if !defined(MBEDTLS_ECP_MAX_BITS)
+/**
+ * Maximum size of the groups (that is, of N and P)
+ */
+#define MBEDTLS_ECP_MAX_BITS     521   /**< Maximum bit size of groups */
+#endif
+
+#define MBEDTLS_ECP_MAX_BYTES    ( ( MBEDTLS_ECP_MAX_BITS + 7 ) / 8 )
+#define MBEDTLS_ECP_MAX_PT_LEN   ( 2 * MBEDTLS_ECP_MAX_BYTES + 1 )
+
+#if !defined(MBEDTLS_ECP_WINDOW_SIZE)
+/*
+ * Maximum "window" size used for point multiplication.
+ * Default: 6.
+ * Minimum value: 2. Maximum value: 7.
+ *
+ * Result is an array of at most ( 1 << ( MBEDTLS_ECP_WINDOW_SIZE - 1 ) )
+ * points used for point multiplication. This value is directly tied to EC
+ * peak memory usage, so decreasing it by one should roughly cut memory usage
+ * by two (if large curves are in use).
+ *
+ * Reduction in size may reduce speed, but larger curves are impacted first.
+ * Sample performances (in ECDHE handshakes/s, with FIXED_POINT_OPTIM = 1):
+ *      w-size:     6       5       4       3       2
+ *      521       145     141     135     120      97
+ *      384       214     209     198     177     146
+ *      256       320     320     303     262     226
+
+ *      224       475     475     453     398     342
+ *      192       640     640     633     587     476
+ */
+#define MBEDTLS_ECP_WINDOW_SIZE    6   /**< Maximum window size used */
+#endif /* MBEDTLS_ECP_WINDOW_SIZE */
+
+#if !defined(MBEDTLS_ECP_FIXED_POINT_OPTIM)
+/*
+ * Trade memory for speed on fixed-point multiplication.
+ *
+ * This speeds up repeated multiplication of the generator (that is, the
+ * multiplication in ECDSA signatures, and half of the multiplications in
+ * ECDSA verification and ECDHE) by a factor roughly 3 to 4.
+ *
+ * The cost is increasing EC peak memory usage by a factor roughly 2.
+ *
+ * Change this value to 0 to reduce peak memory usage.
+ */
+#define MBEDTLS_ECP_FIXED_POINT_OPTIM  1   /**< Enable fixed-point speed-up */
+#endif /* MBEDTLS_ECP_FIXED_POINT_OPTIM */
+
+/* \} name SECTION: Module settings */
+
+/*
+ * Point formats, from RFC 4492's enum ECPointFormat
+ */
+#define MBEDTLS_ECP_PF_UNCOMPRESSED    0   /**< Uncompressed point format */
+#define MBEDTLS_ECP_PF_COMPRESSED      1   /**< Compressed point format */
+
+/*
+ * Some other constants from RFC 4492
+ */
+#define MBEDTLS_ECP_TLS_NAMED_CURVE    3   /**< ECCurveType's named_curve */
+
+/**
+ * \brief           Get the list of supported curves in order of preferrence
+ *                  (full information)
+ *
+ * \return          A statically allocated array, the last entry is 0.
+ */
+const mbedtls_ecp_curve_info *mbedtls_ecp_curve_list( void );
+
+/**
+ * \brief           Get the list of supported curves in order of preferrence
+ *                  (grp_id only)
+ *
+ * \return          A statically allocated array,
+ *                  terminated with MBEDTLS_ECP_DP_NONE.
+ */
+const mbedtls_ecp_group_id *mbedtls_ecp_grp_id_list( void );
+
+/**
+ * \brief           Get curve information from an internal group identifier
+ *
+ * \param grp_id    A MBEDTLS_ECP_DP_XXX value
+ *
+ * \return          The associated curve information or NULL
+ */
+const mbedtls_ecp_curve_info *mbedtls_ecp_curve_info_from_grp_id( mbedtls_ecp_group_id grp_id );
+
+/**
+ * \brief           Get curve information from a TLS NamedCurve value
+ *
+ * \param tls_id    A MBEDTLS_ECP_DP_XXX value
+ *
+ * \return          The associated curve information or NULL
+ */
+const mbedtls_ecp_curve_info *mbedtls_ecp_curve_info_from_tls_id( uint16_t tls_id );
+
+/**
+ * \brief           Get curve information from a human-readable name
+ *
+ * \param name      The name
+ *
+ * \return          The associated curve information or NULL
+ */
+const mbedtls_ecp_curve_info *mbedtls_ecp_curve_info_from_name( const char *name );
+
+/**
+ * \brief           Initialize a point (as zero)
+ */
+void mbedtls_ecp_point_init( mbedtls_ecp_point *pt );
+
+/**
+ * \brief           Initialize a group (to something meaningless)
+ */
+void mbedtls_ecp_group_init( mbedtls_ecp_group *grp );
+
+/**
+ * \brief           Initialize a key pair (as an invalid one)
+ */
+void mbedtls_ecp_keypair_init( mbedtls_ecp_keypair *key );
+
+/**
+ * \brief           Free the components of a point
+ */
+void mbedtls_ecp_point_free( mbedtls_ecp_point *pt );
+
+/**
+ * \brief           Free the components of an ECP group
+ */
+void mbedtls_ecp_group_free( mbedtls_ecp_group *grp );
+
+/**
+ * \brief           Free the components of a key pair
+ */
+void mbedtls_ecp_keypair_free( mbedtls_ecp_keypair *key );
+
+/**
+ * \brief           Copy the contents of point Q into P
+ *
+ * \param P         Destination point
+ * \param Q         Source point
+ *
+ * \return          0 if successful,
+ *                  MBEDTLS_ERR_MPI_ALLOC_FAILED if memory allocation failed
+ */
+int mbedtls_ecp_copy( mbedtls_ecp_point *P, const mbedtls_ecp_point *Q );
+
+/**
+ * \brief           Copy the contents of a group object
+ *
+ * \param dst       Destination group
+ * \param src       Source group
+ *
+ * \return          0 if successful,
+ *                  MBEDTLS_ERR_MPI_ALLOC_FAILED if memory allocation failed
+ */
+int mbedtls_ecp_group_copy( mbedtls_ecp_group *dst, const mbedtls_ecp_group *src );
+
+/**
+ * \brief           Set a point to zero
+ *
+ * \param pt        Destination point
+ *
+ * \return          0 if successful,
+ *                  MBEDTLS_ERR_MPI_ALLOC_FAILED if memory allocation failed
+ */
+int mbedtls_ecp_set_zero( mbedtls_ecp_point *pt );
+
+/**
+ * \brief           Tell if a point is zero
+ *
+ * \param pt        Point to test
+ *
+ * \return          1 if point is zero, 0 otherwise
+ */
+int mbedtls_ecp_is_zero( mbedtls_ecp_point *pt );
+
+/**
+ * \brief           Import a non-zero point from two ASCII strings
+ *
+ * \param P         Destination point
+ * \param radix     Input numeric base
+ * \param x         First affine coordinate as a null-terminated string
+ * \param y         Second affine coordinate as a null-terminated string
+ *
+ * \return          0 if successful, or a MBEDTLS_ERR_MPI_XXX error code
+ */
+int mbedtls_ecp_point_read_string( mbedtls_ecp_point *P, int radix,
+                           const char *x, const char *y );
+
+/**
+ * \brief           Export a point into unsigned binary data
+ *
+ * \param grp       Group to which the point should belong
+ * \param P         Point to export
+ * \param format    Point format, should be a MBEDTLS_ECP_PF_XXX macro
+ * \param olen      Length of the actual output
+ * \param buf       Output buffer
+ * \param buflen    Length of the output buffer
+ *
+ * \return          0 if successful,
+ *                  or MBEDTLS_ERR_ECP_BAD_INPUT_DATA
+ *                  or MBEDTLS_ERR_ECP_BUFFER_TOO_SMALL
+ */
+int mbedtls_ecp_point_write_binary( const mbedtls_ecp_group *grp, const mbedtls_ecp_point *P,
+                            int format, size_t *olen,
+                            unsigned char *buf, size_t buflen );
+
+/**
+ * \brief           Import a point from unsigned binary data
+ *
+ * \param grp       Group to which the point should belong
+ * \param P         Point to import
+ * \param buf       Input buffer
+ * \param ilen      Actual length of input
+ *
+ * \return          0 if successful,
+ *                  MBEDTLS_ERR_ECP_BAD_INPUT_DATA if input is invalid,
+ *                  MBEDTLS_ERR_MPI_ALLOC_FAILED if memory allocation failed,
+ *                  MBEDTLS_ERR_ECP_FEATURE_UNAVAILABLE if the point format
+ *                  is not implemented.
+ *
+ * \note            This function does NOT check that the point actually
+ *                  belongs to the given group, see mbedtls_ecp_check_pubkey() for
+ *                  that.
+ */
+int mbedtls_ecp_point_read_binary( const mbedtls_ecp_group *grp, mbedtls_ecp_point *P,
+                           const unsigned char *buf, size_t ilen );
+
+/**
+ * \brief           Import a point from a TLS ECPoint record
+ *
+ * \param grp       ECP group used
+ * \param pt        Destination point
+ * \param buf       $(Start of input buffer)
+ * \param len       Buffer length
+ *
+ * \note            buf is updated to point right after the ECPoint on exit
+ *
+ * \return          0 if successful,
+ *                  MBEDTLS_ERR_MPI_XXX if initialization failed
+ *                  MBEDTLS_ERR_ECP_BAD_INPUT_DATA if input is invalid
+ */
+int mbedtls_ecp_tls_read_point( const mbedtls_ecp_group *grp, mbedtls_ecp_point *pt,
+                        const unsigned char **buf, size_t len );
+
+/**
+ * \brief           Export a point as a TLS ECPoint record
+ *
+ * \param grp       ECP group used
+ * \param pt        Point to export
+ * \param format    Export format
+ * \param olen      length of data written
+ * \param buf       Buffer to write to
+ * \param blen      Buffer length
+ *
+ * \return          0 if successful,
+ *                  or MBEDTLS_ERR_ECP_BAD_INPUT_DATA
+ *                  or MBEDTLS_ERR_ECP_BUFFER_TOO_SMALL
+ */
+int mbedtls_ecp_tls_write_point( const mbedtls_ecp_group *grp, const mbedtls_ecp_point *pt,
+                         int format, size_t *olen,
+                         unsigned char *buf, size_t blen );
+
+/**
+ * \brief           Set a group using well-known domain parameters
+ *
+ * \param grp       Destination group
+ * \param index     Index in the list of well-known domain parameters
+ *
+ * \return          0 if successful,
+ *                  MBEDTLS_ERR_MPI_XXX if initialization failed
+ *                  MBEDTLS_ERR_ECP_FEATURE_UNAVAILABLE for unkownn groups
+ *
+ * \note            Index should be a value of RFC 4492's enum NamedCurve,
+ *                  usually in the form of a MBEDTLS_ECP_DP_XXX macro.
+ */
+int mbedtls_ecp_group_load( mbedtls_ecp_group *grp, mbedtls_ecp_group_id index );
+
+/**
+ * \brief           Set a group from a TLS ECParameters record
+ *
+ * \param grp       Destination group
+ * \param buf       &(Start of input buffer)
+ * \param len       Buffer length
+ *
+ * \note            buf is updated to point right after ECParameters on exit
+ *
+ * \return          0 if successful,
+ *                  MBEDTLS_ERR_MPI_XXX if initialization failed
+ *                  MBEDTLS_ERR_ECP_BAD_INPUT_DATA if input is invalid
+ */
+int mbedtls_ecp_tls_read_group( mbedtls_ecp_group *grp, const unsigned char **buf, size_t len );
+
+/**
+ * \brief           Write the TLS ECParameters record for a group
+ *
+ * \param grp       ECP group used
+ * \param olen      Number of bytes actually written
+ * \param buf       Buffer to write to
+ * \param blen      Buffer length
+ *
+ * \return          0 if successful,
+ *                  or MBEDTLS_ERR_ECP_BUFFER_TOO_SMALL
+ */
+int mbedtls_ecp_tls_write_group( const mbedtls_ecp_group *grp, size_t *olen,
+                         unsigned char *buf, size_t blen );
+
+/**
+ * \brief           Multiplication by an integer: R = m * P
+ *                  (Not thread-safe to use same group in multiple threads)
+ *
+ * \note            In order to prevent timing attacks, this function
+ *                  executes the exact same sequence of (base field)
+ *                  operations for any valid m. It avoids any if-branch or
+ *                  array index depending on the value of m.
+ *
+ * \note            If f_rng is not NULL, it is used to randomize intermediate
+ *                  results in order to prevent potential timing attacks
+ *                  targeting these results. It is recommended to always
+ *                  provide a non-NULL f_rng (the overhead is negligible).
+ *
+ * \param grp       ECP group
+ * \param R         Destination point
+ * \param m         Integer by which to multiply
+ * \param P         Point to multiply
+ * \param f_rng     RNG function (see notes)
+ * \param p_rng     RNG parameter
+ *
+ * \return          0 if successful,
+ *                  MBEDTLS_ERR_ECP_INVALID_KEY if m is not a valid privkey
+ *                  or P is not a valid pubkey,
+ *                  MBEDTLS_ERR_MPI_ALLOC_FAILED if memory allocation failed
+ */
+int mbedtls_ecp_mul( mbedtls_ecp_group *grp, mbedtls_ecp_point *R,
+             const mbedtls_mpi *m, const mbedtls_ecp_point *P,
+             int (*f_rng)(void *, unsigned char *, size_t), void *p_rng );
+
+/**
+ * \brief           Multiplication and addition of two points by integers:
+ *                  R = m * P + n * Q
+ *                  (Not thread-safe to use same group in multiple threads)
+ *
+ * \note            In contrast to mbedtls_ecp_mul(), this function does not guarantee
+ *                  a constant execution flow and timing.
+ *
+ * \param grp       ECP group
+ * \param R         Destination point
+ * \param m         Integer by which to multiply P
+ * \param P         Point to multiply by m
+ * \param n         Integer by which to multiply Q
+ * \param Q         Point to be multiplied by n
+ *
+ * \return          0 if successful,
+ *                  MBEDTLS_ERR_ECP_INVALID_KEY if m or n is not a valid privkey
+ *                  or P or Q is not a valid pubkey,
+ *                  MBEDTLS_ERR_MPI_ALLOC_FAILED if memory allocation failed
+ */
+int mbedtls_ecp_muladd( mbedtls_ecp_group *grp, mbedtls_ecp_point *R,
+             const mbedtls_mpi *m, const mbedtls_ecp_point *P,
+             const mbedtls_mpi *n, const mbedtls_ecp_point *Q );
+
+/**
+ * \brief           Check that a point is a valid public key on this curve
+ *
+ * \param grp       Curve/group the point should belong to
+ * \param pt        Point to check
+ *
+ * \return          0 if point is a valid public key,
+ *                  MBEDTLS_ERR_ECP_INVALID_KEY otherwise.
+ *
+ * \note            This function only checks the point is non-zero, has valid
+ *                  coordinates and lies on the curve, but not that it is
+ *                  indeed a multiple of G. This is additional check is more
+ *                  expensive, isn't required by standards, and shouldn't be
+ *                  necessary if the group used has a small cofactor. In
+ *                  particular, it is useless for the NIST groups which all
+ *                  have a cofactor of 1.
+ *
+ * \note            Uses bare components rather than an mbedtls_ecp_keypair structure
+ *                  in order to ease use with other structures such as
+ *                  mbedtls_ecdh_context of mbedtls_ecdsa_context.
+ */
+int mbedtls_ecp_check_pubkey( const mbedtls_ecp_group *grp, const mbedtls_ecp_point *pt );
+
+/**
+ * \brief           Check that an mbedtls_mpi is a valid private key for this curve
+ *
+ * \param grp       Group used
+ * \param d         Integer to check
+ *
+ * \return          0 if point is a valid private key,
+ *                  MBEDTLS_ERR_ECP_INVALID_KEY otherwise.
+ *
+ * \note            Uses bare components rather than an mbedtls_ecp_keypair structure
+ *                  in order to ease use with other structures such as
+ *                  mbedtls_ecdh_context of mbedtls_ecdsa_context.
+ */
+int mbedtls_ecp_check_privkey( const mbedtls_ecp_group *grp, const mbedtls_mpi *d );
+
+/**
+ * \brief           Generate a keypair
+ *
+ * \param grp       ECP group
+ * \param d         Destination MPI (secret part)
+ * \param Q         Destination point (public part)
+ * \param f_rng     RNG function
+ * \param p_rng     RNG parameter
+ *
+ * \return          0 if successful,
+ *                  or a MBEDTLS_ERR_ECP_XXX or MBEDTLS_MPI_XXX error code
+ *
+ * \note            Uses bare components rather than an mbedtls_ecp_keypair structure
+ *                  in order to ease use with other structures such as
+ *                  mbedtls_ecdh_context of mbedtls_ecdsa_context.
+ */
+int mbedtls_ecp_gen_keypair( mbedtls_ecp_group *grp, mbedtls_mpi *d, mbedtls_ecp_point *Q,
+                     int (*f_rng)(void *, unsigned char *, size_t),
+                     void *p_rng );
+
+/**
+ * \brief           Generate a keypair
+ *
+ * \param grp_id    ECP group identifier
+ * \param key       Destination keypair
+ * \param f_rng     RNG function
+ * \param p_rng     RNG parameter
+ *
+ * \return          0 if successful,
+ *                  or a MBEDTLS_ERR_ECP_XXX or MBEDTLS_MPI_XXX error code
+ */
+int mbedtls_ecp_gen_key( mbedtls_ecp_group_id grp_id, mbedtls_ecp_keypair *key,
+                int (*f_rng)(void *, unsigned char *, size_t), void *p_rng );
+
+/**
+ * \brief           Check a public-private key pair
+ *
+ * \param pub       Keypair structure holding a public key
+ * \param prv       Keypair structure holding a private (plus public) key
+ *
+ * \return          0 if successful (keys are valid and match), or
+ *                  MBEDTLS_ERR_ECP_BAD_INPUT_DATA, or
+ *                  a MBEDTLS_ERR_ECP_XXX or MBEDTLS_ERR_MPI_XXX code.
+ */
+int mbedtls_ecp_check_pub_priv( const mbedtls_ecp_keypair *pub, const mbedtls_ecp_keypair *prv );
+
+#if defined(MBEDTLS_SELF_TEST)
+/**
+ * \brief          Checkup routine
+ *
+ * \return         0 if successful, or 1 if a test failed
+ */
+int mbedtls_ecp_self_test( int verbose );
+#endif
+
+#ifdef __cplusplus
+}
+#endif
+
+#endif /* ecp.h */
diff --git a/client/3rd/ShadowSocks/ShadowSocks/mbedtls/include/mbedtls/entropy.h b/client/3rd/ShadowSocks/ShadowSocks/mbedtls/include/mbedtls/entropy.h
new file mode 100644
index 00000000..00de9a6e
--- /dev/null
+++ b/client/3rd/ShadowSocks/ShadowSocks/mbedtls/include/mbedtls/entropy.h
@@ -0,0 +1,252 @@
+/**
+ * \file entropy.h
+ *
+ * \brief Entropy accumulator implementation
+ *
+ *  Copyright (C) 2006-2015, ARM Limited, All Rights Reserved
+ *  SPDX-License-Identifier: Apache-2.0
+ *
+ *  Licensed under the Apache License, Version 2.0 (the "License"); you may
+ *  not use this file except in compliance with the License.
+ *  You may obtain a copy of the License at
+ *
+ *  http://www.apache.org/licenses/LICENSE-2.0
+ *
+ *  Unless required by applicable law or agreed to in writing, software
+ *  distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
+ *  WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ *  See the License for the specific language governing permissions and
+ *  limitations under the License.
+ *
+ *  This file is part of mbed TLS (https://tls.mbed.org)
+ */
+#ifndef MBEDTLS_ENTROPY_H
+#define MBEDTLS_ENTROPY_H
+
+#if !defined(MBEDTLS_CONFIG_FILE)
+#include "config.h"
+#else
+#include MBEDTLS_CONFIG_FILE
+#endif
+
+#include <stddef.h>
+
+#if defined(MBEDTLS_SHA512_C) && !defined(MBEDTLS_ENTROPY_FORCE_SHA256)
+#include "sha512.h"
+#define MBEDTLS_ENTROPY_SHA512_ACCUMULATOR
+#else
+#if defined(MBEDTLS_SHA256_C)
+#define MBEDTLS_ENTROPY_SHA256_ACCUMULATOR
+#include "sha256.h"
+#endif
+#endif
+
+#if defined(MBEDTLS_THREADING_C)
+#include "threading.h"
+#endif
+
+#if defined(MBEDTLS_HAVEGE_C)
+#include "havege.h"
+#endif
+
+#define MBEDTLS_ERR_ENTROPY_SOURCE_FAILED                 -0x003C  /**< Critical entropy source failure. */
+#define MBEDTLS_ERR_ENTROPY_MAX_SOURCES                   -0x003E  /**< No more sources can be added. */
+#define MBEDTLS_ERR_ENTROPY_NO_SOURCES_DEFINED            -0x0040  /**< No sources have been added to poll. */
+#define MBEDTLS_ERR_ENTROPY_NO_STRONG_SOURCE              -0x003D  /**< No strong sources have been added to poll. */
+#define MBEDTLS_ERR_ENTROPY_FILE_IO_ERROR                 -0x003F  /**< Read/write error in file. */
+
+/**
+ * \name SECTION: Module settings
+ *
+ * The configuration options you can set for this module are in this section.
+ * Either change them in config.h or define them on the compiler command line.
+ * \{
+ */
+
+#if !defined(MBEDTLS_ENTROPY_MAX_SOURCES)
+#define MBEDTLS_ENTROPY_MAX_SOURCES     20      /**< Maximum number of sources supported */
+#endif
+
+#if !defined(MBEDTLS_ENTROPY_MAX_GATHER)
+#define MBEDTLS_ENTROPY_MAX_GATHER      128     /**< Maximum amount requested from entropy sources */
+#endif
+
+/* \} name SECTION: Module settings */
+
+#if defined(MBEDTLS_ENTROPY_SHA512_ACCUMULATOR)
+#define MBEDTLS_ENTROPY_BLOCK_SIZE      64      /**< Block size of entropy accumulator (SHA-512) */
+#else
+#define MBEDTLS_ENTROPY_BLOCK_SIZE      32      /**< Block size of entropy accumulator (SHA-256) */
+#endif
+
+#define MBEDTLS_ENTROPY_MAX_SEED_SIZE   1024    /**< Maximum size of seed we read from seed file */
+#define MBEDTLS_ENTROPY_SOURCE_MANUAL   MBEDTLS_ENTROPY_MAX_SOURCES
+
+#define MBEDTLS_ENTROPY_SOURCE_STRONG   1       /**< Entropy source is strong   */
+#define MBEDTLS_ENTROPY_SOURCE_WEAK     0       /**< Entropy source is weak     */
+
+#ifdef __cplusplus
+extern "C" {
+#endif
+
+/**
+ * \brief           Entropy poll callback pointer
+ *
+ * \param data      Callback-specific data pointer
+ * \param output    Data to fill
+ * \param len       Maximum size to provide
+ * \param olen      The actual amount of bytes put into the buffer (Can be 0)
+ *
+ * \return          0 if no critical failures occurred,
+ *                  MBEDTLS_ERR_ENTROPY_SOURCE_FAILED otherwise
+ */
+typedef int (*mbedtls_entropy_f_source_ptr)(void *data, unsigned char *output, size_t len,
+                            size_t *olen);
+
+/**
+ * \brief           Entropy source state
+ */
+typedef struct
+{
+    mbedtls_entropy_f_source_ptr    f_source;   /**< The entropy source callback */
+    void *          p_source;   /**< The callback data pointer */
+    size_t          size;       /**< Amount received in bytes */
+    size_t          threshold;  /**< Minimum bytes required before release */
+    int             strong;     /**< Is the source strong? */
+}
+mbedtls_entropy_source_state;
+
+/**
+ * \brief           Entropy context structure
+ */
+typedef struct
+{
+#if defined(MBEDTLS_ENTROPY_SHA512_ACCUMULATOR)
+    mbedtls_sha512_context  accumulator;
+#else
+    mbedtls_sha256_context  accumulator;
+#endif
+    int             source_count;
+    mbedtls_entropy_source_state    source[MBEDTLS_ENTROPY_MAX_SOURCES];
+#if defined(MBEDTLS_HAVEGE_C)
+    mbedtls_havege_state    havege_data;
+#endif
+#if defined(MBEDTLS_THREADING_C)
+    mbedtls_threading_mutex_t mutex;    /*!< mutex                  */
+#endif
+}
+mbedtls_entropy_context;
+
+/**
+ * \brief           Initialize the context
+ *
+ * \param ctx       Entropy context to initialize
+ */
+void mbedtls_entropy_init( mbedtls_entropy_context *ctx );
+
+/**
+ * \brief           Free the data in the context
+ *
+ * \param ctx       Entropy context to free
+ */
+void mbedtls_entropy_free( mbedtls_entropy_context *ctx );
+
+/**
+ * \brief           Adds an entropy source to poll
+ *                  (Thread-safe if MBEDTLS_THREADING_C is enabled)
+ *
+ * \param ctx       Entropy context
+ * \param f_source  Entropy function
+ * \param p_source  Function data
+ * \param threshold Minimum required from source before entropy is released
+ *                  ( with mbedtls_entropy_func() ) (in bytes)
+ * \param strong    MBEDTLS_ENTROPY_SOURCE_STRONG or
+ *                  MBEDTSL_ENTROPY_SOURCE_WEAK.
+ *                  At least one strong source needs to be added.
+ *                  Weaker sources (such as the cycle counter) can be used as
+ *                  a complement.
+ *
+ * \return          0 if successful or MBEDTLS_ERR_ENTROPY_MAX_SOURCES
+ */
+int mbedtls_entropy_add_source( mbedtls_entropy_context *ctx,
+                        mbedtls_entropy_f_source_ptr f_source, void *p_source,
+                        size_t threshold, int strong );
+
+/**
+ * \brief           Trigger an extra gather poll for the accumulator
+ *                  (Thread-safe if MBEDTLS_THREADING_C is enabled)
+ *
+ * \param ctx       Entropy context
+ *
+ * \return          0 if successful, or MBEDTLS_ERR_ENTROPY_SOURCE_FAILED
+ */
+int mbedtls_entropy_gather( mbedtls_entropy_context *ctx );
+
+/**
+ * \brief           Retrieve entropy from the accumulator
+ *                  (Maximum length: MBEDTLS_ENTROPY_BLOCK_SIZE)
+ *                  (Thread-safe if MBEDTLS_THREADING_C is enabled)
+ *
+ * \param data      Entropy context
+ * \param output    Buffer to fill
+ * \param len       Number of bytes desired, must be at most MBEDTLS_ENTROPY_BLOCK_SIZE
+ *
+ * \return          0 if successful, or MBEDTLS_ERR_ENTROPY_SOURCE_FAILED
+ */
+int mbedtls_entropy_func( void *data, unsigned char *output, size_t len );
+
+/**
+ * \brief           Add data to the accumulator manually
+ *                  (Thread-safe if MBEDTLS_THREADING_C is enabled)
+ *
+ * \param ctx       Entropy context
+ * \param data      Data to add
+ * \param len       Length of data
+ *
+ * \return          0 if successful
+ */
+int mbedtls_entropy_update_manual( mbedtls_entropy_context *ctx,
+                           const unsigned char *data, size_t len );
+
+#if defined(MBEDTLS_FS_IO)
+/**
+ * \brief               Write a seed file
+ *
+ * \param ctx           Entropy context
+ * \param path          Name of the file
+ *
+ * \return              0 if successful,
+ *                      MBEDTLS_ERR_ENTROPY_FILE_IO_ERROR on file error, or
+ *                      MBEDTLS_ERR_ENTROPY_SOURCE_FAILED
+ */
+int mbedtls_entropy_write_seed_file( mbedtls_entropy_context *ctx, const char *path );
+
+/**
+ * \brief               Read and update a seed file. Seed is added to this
+ *                      instance. No more than MBEDTLS_ENTROPY_MAX_SEED_SIZE bytes are
+ *                      read from the seed file. The rest is ignored.
+ *
+ * \param ctx           Entropy context
+ * \param path          Name of the file
+ *
+ * \return              0 if successful,
+ *                      MBEDTLS_ERR_ENTROPY_FILE_IO_ERROR on file error,
+ *                      MBEDTLS_ERR_ENTROPY_SOURCE_FAILED
+ */
+int mbedtls_entropy_update_seed_file( mbedtls_entropy_context *ctx, const char *path );
+#endif /* MBEDTLS_FS_IO */
+
+#if defined(MBEDTLS_SELF_TEST)
+/**
+ * \brief          Checkup routine
+ *
+ * \return         0 if successful, or 1 if a test failed
+ */
+int mbedtls_entropy_self_test( int verbose );
+#endif /* MBEDTLS_SELF_TEST */
+
+#ifdef __cplusplus
+}
+#endif
+
+#endif /* entropy.h */
diff --git a/client/3rd/ShadowSocks/ShadowSocks/mbedtls/include/mbedtls/entropy_poll.h b/client/3rd/ShadowSocks/ShadowSocks/mbedtls/include/mbedtls/entropy_poll.h
new file mode 100644
index 00000000..dc119113
--- /dev/null
+++ b/client/3rd/ShadowSocks/ShadowSocks/mbedtls/include/mbedtls/entropy_poll.h
@@ -0,0 +1,89 @@
+/**
+ * \file entropy_poll.h
+ *
+ * \brief Platform-specific and custom entropy polling functions
+ *
+ *  Copyright (C) 2006-2015, ARM Limited, All Rights Reserved
+ *  SPDX-License-Identifier: Apache-2.0
+ *
+ *  Licensed under the Apache License, Version 2.0 (the "License"); you may
+ *  not use this file except in compliance with the License.
+ *  You may obtain a copy of the License at
+ *
+ *  http://www.apache.org/licenses/LICENSE-2.0
+ *
+ *  Unless required by applicable law or agreed to in writing, software
+ *  distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
+ *  WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ *  See the License for the specific language governing permissions and
+ *  limitations under the License.
+ *
+ *  This file is part of mbed TLS (https://tls.mbed.org)
+ */
+#ifndef MBEDTLS_ENTROPY_POLL_H
+#define MBEDTLS_ENTROPY_POLL_H
+
+#if !defined(MBEDTLS_CONFIG_FILE)
+#include "config.h"
+#else
+#include MBEDTLS_CONFIG_FILE
+#endif
+
+#include <stddef.h>
+
+#ifdef __cplusplus
+extern "C" {
+#endif
+
+/*
+ * Default thresholds for built-in sources, in bytes
+ */
+#define MBEDTLS_ENTROPY_MIN_PLATFORM     32     /**< Minimum for platform source    */
+#define MBEDTLS_ENTROPY_MIN_HAVEGE       32     /**< Minimum for HAVEGE             */
+#define MBEDTLS_ENTROPY_MIN_HARDCLOCK     4     /**< Minimum for mbedtls_timing_hardclock()        */
+#define MBEDTLS_ENTROPY_MIN_HARDWARE     32     /**< Minimum for the hardware source */
+
+#if !defined(MBEDTLS_NO_PLATFORM_ENTROPY)
+/**
+ * \brief           Platform-specific entropy poll callback
+ */
+int mbedtls_platform_entropy_poll( void *data,
+                           unsigned char *output, size_t len, size_t *olen );
+#endif
+
+#if defined(MBEDTLS_HAVEGE_C)
+/**
+ * \brief           HAVEGE based entropy poll callback
+ *
+ * Requires an HAVEGE state as its data pointer.
+ */
+int mbedtls_havege_poll( void *data,
+                 unsigned char *output, size_t len, size_t *olen );
+#endif
+
+#if defined(MBEDTLS_TIMING_C)
+/**
+ * \brief           mbedtls_timing_hardclock-based entropy poll callback
+ */
+int mbedtls_hardclock_poll( void *data,
+                    unsigned char *output, size_t len, size_t *olen );
+#endif
+
+#if defined(MBEDTLS_ENTROPY_HARDWARE_ALT)
+/**
+ * \brief           Entropy poll callback for a hardware source
+ *
+ * \warning         This is not provided by mbed TLS!
+ *                  See \c MBEDTLS_ENTROPY_HARDWARE_ALT in config.h.
+ *
+ * \note            This must accept NULL as its first argument.
+ */
+int mbedtls_hardware_poll( void *data,
+                           unsigned char *output, size_t len, size_t *olen );
+#endif
+
+#ifdef __cplusplus
+}
+#endif
+
+#endif /* entropy_poll.h */
diff --git a/client/3rd/ShadowSocks/ShadowSocks/mbedtls/include/mbedtls/error.h b/client/3rd/ShadowSocks/ShadowSocks/mbedtls/include/mbedtls/error.h
new file mode 100644
index 00000000..a182713d
--- /dev/null
+++ b/client/3rd/ShadowSocks/ShadowSocks/mbedtls/include/mbedtls/error.h
@@ -0,0 +1,107 @@
+/**
+ * \file error.h
+ *
+ * \brief Error to string translation
+ *
+ *  Copyright (C) 2006-2015, ARM Limited, All Rights Reserved
+ *  SPDX-License-Identifier: Apache-2.0
+ *
+ *  Licensed under the Apache License, Version 2.0 (the "License"); you may
+ *  not use this file except in compliance with the License.
+ *  You may obtain a copy of the License at
+ *
+ *  http://www.apache.org/licenses/LICENSE-2.0
+ *
+ *  Unless required by applicable law or agreed to in writing, software
+ *  distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
+ *  WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ *  See the License for the specific language governing permissions and
+ *  limitations under the License.
+ *
+ *  This file is part of mbed TLS (https://tls.mbed.org)
+ */
+#ifndef MBEDTLS_ERROR_H
+#define MBEDTLS_ERROR_H
+
+#include <stddef.h>
+
+/**
+ * Error code layout.
+ *
+ * Currently we try to keep all error codes within the negative space of 16
+ * bits signed integers to support all platforms (-0x0001 - -0x7FFF). In
+ * addition we'd like to give two layers of information on the error if
+ * possible.
+ *
+ * For that purpose the error codes are segmented in the following manner:
+ *
+ * 16 bit error code bit-segmentation
+ *
+ * 1 bit  - Unused (sign bit)
+ * 3 bits - High level module ID
+ * 5 bits - Module-dependent error code
+ * 7 bits - Low level module errors
+ *
+ * For historical reasons, low-level error codes are divided in even and odd,
+ * even codes were assigned first, and -1 is reserved for other errors.
+ *
+ * Low-level module errors (0x0002-0x007E, 0x0003-0x007F)
+ *
+ * Module   Nr  Codes assigned
+ * MPI       7  0x0002-0x0010
+ * GCM       2  0x0012-0x0014
+ * BLOWFISH  2  0x0016-0x0018
+ * THREADING 3  0x001A-0x001E
+ * AES       2  0x0020-0x0022
+ * CAMELLIA  2  0x0024-0x0026
+ * XTEA      1  0x0028-0x0028
+ * BASE64    2  0x002A-0x002C
+ * OID       1  0x002E-0x002E   0x000B-0x000B
+ * PADLOCK   1  0x0030-0x0030
+ * DES       1  0x0032-0x0032
+ * CTR_DBRG  4  0x0034-0x003A
+ * ENTROPY   3  0x003C-0x0040   0x003D-0x003F
+ * NET      11  0x0042-0x0052   0x0043-0x0045
+ * ASN1      7  0x0060-0x006C
+ * PBKDF2    1  0x007C-0x007C
+ * HMAC_DRBG 4  0x0003-0x0009
+ * CCM       2                  0x000D-0x000F
+ *
+ * High-level module nr (3 bits - 0x0...-0x7...)
+ * Name      ID  Nr of Errors
+ * PEM       1   9
+ * PKCS#12   1   4 (Started from top)
+ * X509      2   19
+ * PKCS5     2   4 (Started from top)
+ * DHM       3   9
+ * PK        3   14 (Started from top)
+ * RSA       4   9
+ * ECP       4   8 (Started from top)
+ * MD        5   4
+ * CIPHER    6   6
+ * SSL       6   16 (Started from top)
+ * SSL       7   31
+ *
+ * Module dependent error code (5 bits 0x.00.-0x.F8.)
+ */
+
+#ifdef __cplusplus
+extern "C" {
+#endif
+
+/**
+ * \brief Translate a mbed TLS error code into a string representation,
+ *        Result is truncated if necessary and always includes a terminating
+ *        null byte.
+ *
+ * \param errnum    error code
+ * \param buffer    buffer to place representation in
+ * \param buflen    length of the buffer
+ */
+void mbedtls_strerror( int errnum, char *buffer, size_t buflen );
+
+#ifdef __cplusplus
+}
+#endif
+
+#endif /* error.h */
diff --git a/client/3rd/ShadowSocks/ShadowSocks/mbedtls/include/mbedtls/gcm.h b/client/3rd/ShadowSocks/ShadowSocks/mbedtls/include/mbedtls/gcm.h
new file mode 100644
index 00000000..6743ac9a
--- /dev/null
+++ b/client/3rd/ShadowSocks/ShadowSocks/mbedtls/include/mbedtls/gcm.h
@@ -0,0 +1,220 @@
+/**
+ * \file gcm.h
+ *
+ * \brief Galois/Counter mode for 128-bit block ciphers
+ *
+ *  Copyright (C) 2006-2015, ARM Limited, All Rights Reserved
+ *  SPDX-License-Identifier: Apache-2.0
+ *
+ *  Licensed under the Apache License, Version 2.0 (the "License"); you may
+ *  not use this file except in compliance with the License.
+ *  You may obtain a copy of the License at
+ *
+ *  http://www.apache.org/licenses/LICENSE-2.0
+ *
+ *  Unless required by applicable law or agreed to in writing, software
+ *  distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
+ *  WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ *  See the License for the specific language governing permissions and
+ *  limitations under the License.
+ *
+ *  This file is part of mbed TLS (https://tls.mbed.org)
+ */
+#ifndef MBEDTLS_GCM_H
+#define MBEDTLS_GCM_H
+
+#include "cipher.h"
+
+#include <stdint.h>
+
+#define MBEDTLS_GCM_ENCRYPT     1
+#define MBEDTLS_GCM_DECRYPT     0
+
+#define MBEDTLS_ERR_GCM_AUTH_FAILED                       -0x0012  /**< Authenticated decryption failed. */
+#define MBEDTLS_ERR_GCM_BAD_INPUT                         -0x0014  /**< Bad input parameters to function. */
+
+#ifdef __cplusplus
+extern "C" {
+#endif
+
+/**
+ * \brief          GCM context structure
+ */
+typedef struct {
+    mbedtls_cipher_context_t cipher_ctx;/*!< cipher context used */
+    uint64_t HL[16];            /*!< Precalculated HTable */
+    uint64_t HH[16];            /*!< Precalculated HTable */
+    uint64_t len;               /*!< Total data length */
+    uint64_t add_len;           /*!< Total add length */
+    unsigned char base_ectr[16];/*!< First ECTR for tag */
+    unsigned char y[16];        /*!< Y working value */
+    unsigned char buf[16];      /*!< buf working value */
+    int mode;                   /*!< Encrypt or Decrypt */
+}
+mbedtls_gcm_context;
+
+/**
+ * \brief           Initialize GCM context (just makes references valid)
+ *                  Makes the context ready for mbedtls_gcm_setkey() or
+ *                  mbedtls_gcm_free().
+ *
+ * \param ctx       GCM context to initialize
+ */
+void mbedtls_gcm_init( mbedtls_gcm_context *ctx );
+
+/**
+ * \brief           GCM initialization (encryption)
+ *
+ * \param ctx       GCM context to be initialized
+ * \param cipher    cipher to use (a 128-bit block cipher)
+ * \param key       encryption key
+ * \param keybits   must be 128, 192 or 256
+ *
+ * \return          0 if successful, or a cipher specific error code
+ */
+int mbedtls_gcm_setkey( mbedtls_gcm_context *ctx,
+                        mbedtls_cipher_id_t cipher,
+                        const unsigned char *key,
+                        unsigned int keybits );
+
+/**
+ * \brief           GCM buffer encryption/decryption using a block cipher
+ *
+ * \note On encryption, the output buffer can be the same as the input buffer.
+ *       On decryption, the output buffer cannot be the same as input buffer.
+ *       If buffers overlap, the output buffer must trail at least 8 bytes
+ *       behind the input buffer.
+ *
+ * \param ctx       GCM context
+ * \param mode      MBEDTLS_GCM_ENCRYPT or MBEDTLS_GCM_DECRYPT
+ * \param length    length of the input data
+ * \param iv        initialization vector
+ * \param iv_len    length of IV
+ * \param add       additional data
+ * \param add_len   length of additional data
+ * \param input     buffer holding the input data
+ * \param output    buffer for holding the output data
+ * \param tag_len   length of the tag to generate
+ * \param tag       buffer for holding the tag
+ *
+ * \return         0 if successful
+ */
+int mbedtls_gcm_crypt_and_tag( mbedtls_gcm_context *ctx,
+                       int mode,
+                       size_t length,
+                       const unsigned char *iv,
+                       size_t iv_len,
+                       const unsigned char *add,
+                       size_t add_len,
+                       const unsigned char *input,
+                       unsigned char *output,
+                       size_t tag_len,
+                       unsigned char *tag );
+
+/**
+ * \brief           GCM buffer authenticated decryption using a block cipher
+ *
+ * \note On decryption, the output buffer cannot be the same as input buffer.
+ *       If buffers overlap, the output buffer must trail at least 8 bytes
+ *       behind the input buffer.
+ *
+ * \param ctx       GCM context
+ * \param length    length of the input data
+ * \param iv        initialization vector
+ * \param iv_len    length of IV
+ * \param add       additional data
+ * \param add_len   length of additional data
+ * \param tag       buffer holding the tag
+ * \param tag_len   length of the tag
+ * \param input     buffer holding the input data
+ * \param output    buffer for holding the output data
+ *
+ * \return         0 if successful and authenticated,
+ *                 MBEDTLS_ERR_GCM_AUTH_FAILED if tag does not match
+ */
+int mbedtls_gcm_auth_decrypt( mbedtls_gcm_context *ctx,
+                      size_t length,
+                      const unsigned char *iv,
+                      size_t iv_len,
+                      const unsigned char *add,
+                      size_t add_len,
+                      const unsigned char *tag,
+                      size_t tag_len,
+                      const unsigned char *input,
+                      unsigned char *output );
+
+/**
+ * \brief           Generic GCM stream start function
+ *
+ * \param ctx       GCM context
+ * \param mode      MBEDTLS_GCM_ENCRYPT or MBEDTLS_GCM_DECRYPT
+ * \param iv        initialization vector
+ * \param iv_len    length of IV
+ * \param add       additional data (or NULL if length is 0)
+ * \param add_len   length of additional data
+ *
+ * \return         0 if successful
+ */
+int mbedtls_gcm_starts( mbedtls_gcm_context *ctx,
+                int mode,
+                const unsigned char *iv,
+                size_t iv_len,
+                const unsigned char *add,
+                size_t add_len );
+
+/**
+ * \brief           Generic GCM update function. Encrypts/decrypts using the
+ *                  given GCM context. Expects input to be a multiple of 16
+ *                  bytes! Only the last call before mbedtls_gcm_finish() can be less
+ *                  than 16 bytes!
+ *
+ * \note On decryption, the output buffer cannot be the same as input buffer.
+ *       If buffers overlap, the output buffer must trail at least 8 bytes
+ *       behind the input buffer.
+ *
+ * \param ctx       GCM context
+ * \param length    length of the input data
+ * \param input     buffer holding the input data
+ * \param output    buffer for holding the output data
+ *
+ * \return         0 if successful or MBEDTLS_ERR_GCM_BAD_INPUT
+ */
+int mbedtls_gcm_update( mbedtls_gcm_context *ctx,
+                size_t length,
+                const unsigned char *input,
+                unsigned char *output );
+
+/**
+ * \brief           Generic GCM finalisation function. Wraps up the GCM stream
+ *                  and generates the tag. The tag can have a maximum length of
+ *                  16 bytes.
+ *
+ * \param ctx       GCM context
+ * \param tag       buffer for holding the tag (may be NULL if tag_len is 0)
+ * \param tag_len   length of the tag to generate
+ *
+ * \return          0 if successful or MBEDTLS_ERR_GCM_BAD_INPUT
+ */
+int mbedtls_gcm_finish( mbedtls_gcm_context *ctx,
+                unsigned char *tag,
+                size_t tag_len );
+
+/**
+ * \brief           Free a GCM context and underlying cipher sub-context
+ *
+ * \param ctx       GCM context to free
+ */
+void mbedtls_gcm_free( mbedtls_gcm_context *ctx );
+
+/**
+ * \brief          Checkup routine
+ *
+ * \return         0 if successful, or 1 if the test failed
+ */
+int mbedtls_gcm_self_test( int verbose );
+
+#ifdef __cplusplus
+}
+#endif
+
+#endif /* gcm.h */
diff --git a/client/3rd/ShadowSocks/ShadowSocks/mbedtls/include/mbedtls/havege.h b/client/3rd/ShadowSocks/ShadowSocks/mbedtls/include/mbedtls/havege.h
new file mode 100644
index 00000000..dac5d311
--- /dev/null
+++ b/client/3rd/ShadowSocks/ShadowSocks/mbedtls/include/mbedtls/havege.h
@@ -0,0 +1,74 @@
+/**
+ * \file havege.h
+ *
+ * \brief HAVEGE: HArdware Volatile Entropy Gathering and Expansion
+ *
+ *  Copyright (C) 2006-2015, ARM Limited, All Rights Reserved
+ *  SPDX-License-Identifier: Apache-2.0
+ *
+ *  Licensed under the Apache License, Version 2.0 (the "License"); you may
+ *  not use this file except in compliance with the License.
+ *  You may obtain a copy of the License at
+ *
+ *  http://www.apache.org/licenses/LICENSE-2.0
+ *
+ *  Unless required by applicable law or agreed to in writing, software
+ *  distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
+ *  WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ *  See the License for the specific language governing permissions and
+ *  limitations under the License.
+ *
+ *  This file is part of mbed TLS (https://tls.mbed.org)
+ */
+#ifndef MBEDTLS_HAVEGE_H
+#define MBEDTLS_HAVEGE_H
+
+#include <stddef.h>
+
+#define MBEDTLS_HAVEGE_COLLECT_SIZE 1024
+
+#ifdef __cplusplus
+extern "C" {
+#endif
+
+/**
+ * \brief          HAVEGE state structure
+ */
+typedef struct
+{
+    int PT1, PT2, offset[2];
+    int pool[MBEDTLS_HAVEGE_COLLECT_SIZE];
+    int WALK[8192];
+}
+mbedtls_havege_state;
+
+/**
+ * \brief          HAVEGE initialization
+ *
+ * \param hs       HAVEGE state to be initialized
+ */
+void mbedtls_havege_init( mbedtls_havege_state *hs );
+
+/**
+ * \brief          Clear HAVEGE state
+ *
+ * \param hs       HAVEGE state to be cleared
+ */
+void mbedtls_havege_free( mbedtls_havege_state *hs );
+
+/**
+ * \brief          HAVEGE rand function
+ *
+ * \param p_rng    A HAVEGE state
+ * \param output   Buffer to fill
+ * \param len      Length of buffer
+ *
+ * \return         0
+ */
+int mbedtls_havege_random( void *p_rng, unsigned char *output, size_t len );
+
+#ifdef __cplusplus
+}
+#endif
+
+#endif /* havege.h */
diff --git a/client/3rd/ShadowSocks/ShadowSocks/mbedtls/include/mbedtls/hmac_drbg.h b/client/3rd/ShadowSocks/ShadowSocks/mbedtls/include/mbedtls/hmac_drbg.h
new file mode 100644
index 00000000..e0105580
--- /dev/null
+++ b/client/3rd/ShadowSocks/ShadowSocks/mbedtls/include/mbedtls/hmac_drbg.h
@@ -0,0 +1,299 @@
+/**
+ * \file hmac_drbg.h
+ *
+ * \brief HMAC_DRBG (NIST SP 800-90A)
+ *
+ *  Copyright (C) 2006-2015, ARM Limited, All Rights Reserved
+ *  SPDX-License-Identifier: Apache-2.0
+ *
+ *  Licensed under the Apache License, Version 2.0 (the "License"); you may
+ *  not use this file except in compliance with the License.
+ *  You may obtain a copy of the License at
+ *
+ *  http://www.apache.org/licenses/LICENSE-2.0
+ *
+ *  Unless required by applicable law or agreed to in writing, software
+ *  distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
+ *  WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ *  See the License for the specific language governing permissions and
+ *  limitations under the License.
+ *
+ *  This file is part of mbed TLS (https://tls.mbed.org)
+ */
+#ifndef MBEDTLS_HMAC_DRBG_H
+#define MBEDTLS_HMAC_DRBG_H
+
+#include "md.h"
+
+#if defined(MBEDTLS_THREADING_C)
+#include "mbedtls/threading.h"
+#endif
+
+/*
+ * Error codes
+ */
+#define MBEDTLS_ERR_HMAC_DRBG_REQUEST_TOO_BIG              -0x0003  /**< Too many random requested in single call. */
+#define MBEDTLS_ERR_HMAC_DRBG_INPUT_TOO_BIG                -0x0005  /**< Input too large (Entropy + additional). */
+#define MBEDTLS_ERR_HMAC_DRBG_FILE_IO_ERROR                -0x0007  /**< Read/write error in file. */
+#define MBEDTLS_ERR_HMAC_DRBG_ENTROPY_SOURCE_FAILED        -0x0009  /**< The entropy source failed. */
+
+/**
+ * \name SECTION: Module settings
+ *
+ * The configuration options you can set for this module are in this section.
+ * Either change them in config.h or define them on the compiler command line.
+ * \{
+ */
+
+#if !defined(MBEDTLS_HMAC_DRBG_RESEED_INTERVAL)
+#define MBEDTLS_HMAC_DRBG_RESEED_INTERVAL   10000   /**< Interval before reseed is performed by default */
+#endif
+
+#if !defined(MBEDTLS_HMAC_DRBG_MAX_INPUT)
+#define MBEDTLS_HMAC_DRBG_MAX_INPUT         256     /**< Maximum number of additional input bytes */
+#endif
+
+#if !defined(MBEDTLS_HMAC_DRBG_MAX_REQUEST)
+#define MBEDTLS_HMAC_DRBG_MAX_REQUEST       1024    /**< Maximum number of requested bytes per call */
+#endif
+
+#if !defined(MBEDTLS_HMAC_DRBG_MAX_SEED_INPUT)
+#define MBEDTLS_HMAC_DRBG_MAX_SEED_INPUT    384     /**< Maximum size of (re)seed buffer */
+#endif
+
+/* \} name SECTION: Module settings */
+
+#define MBEDTLS_HMAC_DRBG_PR_OFF   0   /**< No prediction resistance       */
+#define MBEDTLS_HMAC_DRBG_PR_ON    1   /**< Prediction resistance enabled  */
+
+#ifdef __cplusplus
+extern "C" {
+#endif
+
+/**
+ * HMAC_DRBG context.
+ */
+typedef struct
+{
+    /* Working state: the key K is not stored explicitely,
+     * but is implied by the HMAC context */
+    mbedtls_md_context_t md_ctx;                    /*!< HMAC context (inc. K)  */
+    unsigned char V[MBEDTLS_MD_MAX_SIZE];  /*!< V in the spec          */
+    int reseed_counter;                     /*!< reseed counter         */
+
+    /* Administrative state */
+    size_t entropy_len;         /*!< entropy bytes grabbed on each (re)seed */
+    int prediction_resistance;  /*!< enable prediction resistance (Automatic
+                                     reseed before every random generation) */
+    int reseed_interval;        /*!< reseed interval   */
+
+    /* Callbacks */
+    int (*f_entropy)(void *, unsigned char *, size_t); /*!< entropy function */
+    void *p_entropy;            /*!< context for the entropy function        */
+
+#if defined(MBEDTLS_THREADING_C)
+    mbedtls_threading_mutex_t mutex;
+#endif
+} mbedtls_hmac_drbg_context;
+
+/**
+ * \brief               HMAC_DRBG context initialization
+ *                      Makes the context ready for mbedtls_hmac_drbg_seed(),
+ *                      mbedtls_hmac_drbg_seed_buf() or
+ *                      mbedtls_hmac_drbg_free().
+ *
+ * \param ctx           HMAC_DRBG context to be initialized
+ */
+void mbedtls_hmac_drbg_init( mbedtls_hmac_drbg_context *ctx );
+
+/**
+ * \brief               HMAC_DRBG initial seeding
+ *                      Seed and setup entropy source for future reseeds.
+ *
+ * \param ctx           HMAC_DRBG context to be seeded
+ * \param md_info       MD algorithm to use for HMAC_DRBG
+ * \param f_entropy     Entropy callback (p_entropy, buffer to fill, buffer
+ *                      length)
+ * \param p_entropy     Entropy context
+ * \param custom        Personalization data (Device specific identifiers)
+ *                      (Can be NULL)
+ * \param len           Length of personalization data
+ *
+ * \note                The "security strength" as defined by NIST is set to:
+ *                      128 bits if md_alg is SHA-1,
+ *                      192 bits if md_alg is SHA-224,
+ *                      256 bits if md_alg is SHA-256 or higher.
+ *                      Note that SHA-256 is just as efficient as SHA-224.
+ *
+ * \return              0 if successful, or
+ *                      MBEDTLS_ERR_MD_BAD_INPUT_DATA, or
+ *                      MBEDTLS_ERR_MD_ALLOC_FAILED, or
+ *                      MBEDTLS_ERR_HMAC_DRBG_ENTROPY_SOURCE_FAILED.
+ */
+int mbedtls_hmac_drbg_seed( mbedtls_hmac_drbg_context *ctx,
+                    const mbedtls_md_info_t * md_info,
+                    int (*f_entropy)(void *, unsigned char *, size_t),
+                    void *p_entropy,
+                    const unsigned char *custom,
+                    size_t len );
+
+/**
+ * \brief               Initilisation of simpified HMAC_DRBG (never reseeds).
+ *                      (For use with deterministic ECDSA.)
+ *
+ * \param ctx           HMAC_DRBG context to be initialised
+ * \param md_info       MD algorithm to use for HMAC_DRBG
+ * \param data          Concatenation of entropy string and additional data
+ * \param data_len      Length of data in bytes
+ *
+ * \return              0 if successful, or
+ *                      MBEDTLS_ERR_MD_BAD_INPUT_DATA, or
+ *                      MBEDTLS_ERR_MD_ALLOC_FAILED.
+ */
+int mbedtls_hmac_drbg_seed_buf( mbedtls_hmac_drbg_context *ctx,
+                        const mbedtls_md_info_t * md_info,
+                        const unsigned char *data, size_t data_len );
+
+/**
+ * \brief               Enable / disable prediction resistance (Default: Off)
+ *
+ * Note: If enabled, entropy is used for ctx->entropy_len before each call!
+ *       Only use this if you have ample supply of good entropy!
+ *
+ * \param ctx           HMAC_DRBG context
+ * \param resistance    MBEDTLS_HMAC_DRBG_PR_ON or MBEDTLS_HMAC_DRBG_PR_OFF
+ */
+void mbedtls_hmac_drbg_set_prediction_resistance( mbedtls_hmac_drbg_context *ctx,
+                                          int resistance );
+
+/**
+ * \brief               Set the amount of entropy grabbed on each reseed
+ *                      (Default: given by the security strength, which
+ *                      depends on the hash used, see \c mbedtls_hmac_drbg_init() )
+ *
+ * \param ctx           HMAC_DRBG context
+ * \param len           Amount of entropy to grab, in bytes
+ */
+void mbedtls_hmac_drbg_set_entropy_len( mbedtls_hmac_drbg_context *ctx,
+                                size_t len );
+
+/**
+ * \brief               Set the reseed interval
+ *                      (Default: MBEDTLS_HMAC_DRBG_RESEED_INTERVAL)
+ *
+ * \param ctx           HMAC_DRBG context
+ * \param interval      Reseed interval
+ */
+void mbedtls_hmac_drbg_set_reseed_interval( mbedtls_hmac_drbg_context *ctx,
+                                    int interval );
+
+/**
+ * \brief               HMAC_DRBG update state
+ *
+ * \param ctx           HMAC_DRBG context
+ * \param additional    Additional data to update state with, or NULL
+ * \param add_len       Length of additional data, or 0
+ *
+ * \note                Additional data is optional, pass NULL and 0 as second
+ *                      third argument if no additional data is being used.
+ */
+void mbedtls_hmac_drbg_update( mbedtls_hmac_drbg_context *ctx,
+                       const unsigned char *additional, size_t add_len );
+
+/**
+ * \brief               HMAC_DRBG reseeding (extracts data from entropy source)
+ *
+ * \param ctx           HMAC_DRBG context
+ * \param additional    Additional data to add to state (Can be NULL)
+ * \param len           Length of additional data
+ *
+ * \return              0 if successful, or
+ *                      MBEDTLS_ERR_HMAC_DRBG_ENTROPY_SOURCE_FAILED
+ */
+int mbedtls_hmac_drbg_reseed( mbedtls_hmac_drbg_context *ctx,
+                      const unsigned char *additional, size_t len );
+
+/**
+ * \brief               HMAC_DRBG generate random with additional update input
+ *
+ * Note: Automatically reseeds if reseed_counter is reached or PR is enabled.
+ *
+ * \param p_rng         HMAC_DRBG context
+ * \param output        Buffer to fill
+ * \param output_len    Length of the buffer
+ * \param additional    Additional data to update with (can be NULL)
+ * \param add_len       Length of additional data (can be 0)
+ *
+ * \return              0 if successful, or
+ *                      MBEDTLS_ERR_HMAC_DRBG_ENTROPY_SOURCE_FAILED, or
+ *                      MBEDTLS_ERR_HMAC_DRBG_REQUEST_TOO_BIG, or
+ *                      MBEDTLS_ERR_HMAC_DRBG_INPUT_TOO_BIG.
+ */
+int mbedtls_hmac_drbg_random_with_add( void *p_rng,
+                               unsigned char *output, size_t output_len,
+                               const unsigned char *additional,
+                               size_t add_len );
+
+/**
+ * \brief               HMAC_DRBG generate random
+ *
+ * Note: Automatically reseeds if reseed_counter is reached or PR is enabled.
+ *
+ * \param p_rng         HMAC_DRBG context
+ * \param output        Buffer to fill
+ * \param out_len       Length of the buffer
+ *
+ * \return              0 if successful, or
+ *                      MBEDTLS_ERR_HMAC_DRBG_ENTROPY_SOURCE_FAILED, or
+ *                      MBEDTLS_ERR_HMAC_DRBG_REQUEST_TOO_BIG
+ */
+int mbedtls_hmac_drbg_random( void *p_rng, unsigned char *output, size_t out_len );
+
+/**
+ * \brief               Free an HMAC_DRBG context
+ *
+ * \param ctx           HMAC_DRBG context to free.
+ */
+void mbedtls_hmac_drbg_free( mbedtls_hmac_drbg_context *ctx );
+
+#if defined(MBEDTLS_FS_IO)
+/**
+ * \brief               Write a seed file
+ *
+ * \param ctx           HMAC_DRBG context
+ * \param path          Name of the file
+ *
+ * \return              0 if successful, 1 on file error, or
+ *                      MBEDTLS_ERR_HMAC_DRBG_ENTROPY_SOURCE_FAILED
+ */
+int mbedtls_hmac_drbg_write_seed_file( mbedtls_hmac_drbg_context *ctx, const char *path );
+
+/**
+ * \brief               Read and update a seed file. Seed is added to this
+ *                      instance
+ *
+ * \param ctx           HMAC_DRBG context
+ * \param path          Name of the file
+ *
+ * \return              0 if successful, 1 on file error,
+ *                      MBEDTLS_ERR_HMAC_DRBG_ENTROPY_SOURCE_FAILED or
+ *                      MBEDTLS_ERR_HMAC_DRBG_INPUT_TOO_BIG
+ */
+int mbedtls_hmac_drbg_update_seed_file( mbedtls_hmac_drbg_context *ctx, const char *path );
+#endif /* MBEDTLS_FS_IO */
+
+
+#if defined(MBEDTLS_SELF_TEST)
+/**
+ * \brief               Checkup routine
+ *
+ * \return              0 if successful, or 1 if the test failed
+ */
+int mbedtls_hmac_drbg_self_test( int verbose );
+#endif
+
+#ifdef __cplusplus
+}
+#endif
+
+#endif /* hmac_drbg.h */
diff --git a/client/3rd/ShadowSocks/ShadowSocks/mbedtls/include/mbedtls/md.h b/client/3rd/ShadowSocks/ShadowSocks/mbedtls/include/mbedtls/md.h
new file mode 100644
index 00000000..77c2c6f6
--- /dev/null
+++ b/client/3rd/ShadowSocks/ShadowSocks/mbedtls/include/mbedtls/md.h
@@ -0,0 +1,353 @@
+/**
+ * \file mbedtls_md.h
+ *
+ * \brief Generic message digest wrapper
+ *
+ * \author Adriaan de Jong <dejong@fox-it.com>
+ *
+ *  Copyright (C) 2006-2015, ARM Limited, All Rights Reserved
+ *  SPDX-License-Identifier: Apache-2.0
+ *
+ *  Licensed under the Apache License, Version 2.0 (the "License"); you may
+ *  not use this file except in compliance with the License.
+ *  You may obtain a copy of the License at
+ *
+ *  http://www.apache.org/licenses/LICENSE-2.0
+ *
+ *  Unless required by applicable law or agreed to in writing, software
+ *  distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
+ *  WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ *  See the License for the specific language governing permissions and
+ *  limitations under the License.
+ *
+ *  This file is part of mbed TLS (https://tls.mbed.org)
+ */
+#ifndef MBEDTLS_MD_H
+#define MBEDTLS_MD_H
+
+#include <stddef.h>
+
+#define MBEDTLS_ERR_MD_FEATURE_UNAVAILABLE                -0x5080  /**< The selected feature is not available. */
+#define MBEDTLS_ERR_MD_BAD_INPUT_DATA                     -0x5100  /**< Bad input parameters to function. */
+#define MBEDTLS_ERR_MD_ALLOC_FAILED                       -0x5180  /**< Failed to allocate memory. */
+#define MBEDTLS_ERR_MD_FILE_IO_ERROR                      -0x5200  /**< Opening or reading of file failed. */
+
+#ifdef __cplusplus
+extern "C" {
+#endif
+
+typedef enum {
+    MBEDTLS_MD_NONE=0,
+    MBEDTLS_MD_MD2,
+    MBEDTLS_MD_MD4,
+    MBEDTLS_MD_MD5,
+    MBEDTLS_MD_SHA1,
+    MBEDTLS_MD_SHA224,
+    MBEDTLS_MD_SHA256,
+    MBEDTLS_MD_SHA384,
+    MBEDTLS_MD_SHA512,
+    MBEDTLS_MD_RIPEMD160,
+} mbedtls_md_type_t;
+
+#if defined(MBEDTLS_SHA512_C)
+#define MBEDTLS_MD_MAX_SIZE         64  /* longest known is SHA512 */
+#else
+#define MBEDTLS_MD_MAX_SIZE         32  /* longest known is SHA256 or less */
+#endif
+
+/**
+ * Opaque struct defined in md_internal.h
+ */
+typedef struct mbedtls_md_info_t mbedtls_md_info_t;
+
+/**
+ * Generic message digest context.
+ */
+typedef struct {
+    /** Information about the associated message digest */
+    const mbedtls_md_info_t *md_info;
+
+    /** Digest-specific context */
+    void *md_ctx;
+
+    /** HMAC part of the context */
+    void *hmac_ctx;
+} mbedtls_md_context_t;
+
+/**
+ * \brief Returns the list of digests supported by the generic digest module.
+ *
+ * \return          a statically allocated array of digests, the last entry
+ *                  is 0.
+ */
+const int *mbedtls_md_list( void );
+
+/**
+ * \brief           Returns the message digest information associated with the
+ *                  given digest name.
+ *
+ * \param md_name   Name of the digest to search for.
+ *
+ * \return          The message digest information associated with md_name or
+ *                  NULL if not found.
+ */
+const mbedtls_md_info_t *mbedtls_md_info_from_string( const char *md_name );
+
+/**
+ * \brief           Returns the message digest information associated with the
+ *                  given digest type.
+ *
+ * \param md_type   type of digest to search for.
+ *
+ * \return          The message digest information associated with md_type or
+ *                  NULL if not found.
+ */
+const mbedtls_md_info_t *mbedtls_md_info_from_type( mbedtls_md_type_t md_type );
+
+/**
+ * \brief           Initialize a md_context (as NONE)
+ *                  This should always be called first.
+ *                  Prepares the context for mbedtls_md_setup() or mbedtls_md_free().
+ */
+void mbedtls_md_init( mbedtls_md_context_t *ctx );
+
+/**
+ * \brief           Free and clear the internal structures of ctx.
+ *                  Can be called at any time after mbedtls_md_init().
+ *                  Mandatory once mbedtls_md_setup() has been called.
+ */
+void mbedtls_md_free( mbedtls_md_context_t *ctx );
+
+#if ! defined(MBEDTLS_DEPRECATED_REMOVED)
+#if defined(MBEDTLS_DEPRECATED_WARNING)
+#define MBEDTLS_DEPRECATED    __attribute__((deprecated))
+#else
+#define MBEDTLS_DEPRECATED
+#endif
+/**
+ * \brief           Select MD to use and allocate internal structures.
+ *                  Should be called after mbedtls_md_init() or mbedtls_md_free().
+ *                  Makes it necessary to call mbedtls_md_free() later.
+ *
+ * \deprecated      Superseded by mbedtls_md_setup() in 2.0.0
+ *
+ * \param ctx       Context to set up.
+ * \param md_info   Message digest to use.
+ *
+ * \returns         \c 0 on success,
+ *                  \c MBEDTLS_ERR_MD_BAD_INPUT_DATA on parameter failure,
+ *                  \c MBEDTLS_ERR_MD_ALLOC_FAILED memory allocation failure.
+ */
+int mbedtls_md_init_ctx( mbedtls_md_context_t *ctx, const mbedtls_md_info_t *md_info ) MBEDTLS_DEPRECATED;
+#undef MBEDTLS_DEPRECATED
+#endif /* MBEDTLS_DEPRECATED_REMOVED */
+
+/**
+ * \brief           Select MD to use and allocate internal structures.
+ *                  Should be called after mbedtls_md_init() or mbedtls_md_free().
+ *                  Makes it necessary to call mbedtls_md_free() later.
+ *
+ * \param ctx       Context to set up.
+ * \param md_info   Message digest to use.
+ * \param hmac      0 to save some memory if HMAC will not be used,
+ *                  non-zero is HMAC is going to be used with this context.
+ *
+ * \returns         \c 0 on success,
+ *                  \c MBEDTLS_ERR_MD_BAD_INPUT_DATA on parameter failure,
+ *                  \c MBEDTLS_ERR_MD_ALLOC_FAILED memory allocation failure.
+ */
+int mbedtls_md_setup( mbedtls_md_context_t *ctx, const mbedtls_md_info_t *md_info, int hmac );
+
+/**
+ * \brief           Clone the state of an MD context
+ *
+ * \note            The two contexts must have been setup to the same type
+ *                  (cloning from SHA-256 to SHA-512 make no sense).
+ *
+ * \warning         Only clones the MD state, not the HMAC state! (for now)
+ *
+ * \param dst       The destination context
+ * \param src       The context to be cloned
+ *
+ * \return          \c 0 on success,
+ *                  \c MBEDTLS_ERR_MD_BAD_INPUT_DATA on parameter failure.
+ */
+int mbedtls_md_clone( mbedtls_md_context_t *dst,
+                      const mbedtls_md_context_t *src );
+
+/**
+ * \brief           Returns the size of the message digest output.
+ *
+ * \param md_info   message digest info
+ *
+ * \return          size of the message digest output in bytes.
+ */
+unsigned char mbedtls_md_get_size( const mbedtls_md_info_t *md_info );
+
+/**
+ * \brief           Returns the type of the message digest output.
+ *
+ * \param md_info   message digest info
+ *
+ * \return          type of the message digest output.
+ */
+mbedtls_md_type_t mbedtls_md_get_type( const mbedtls_md_info_t *md_info );
+
+/**
+ * \brief           Returns the name of the message digest output.
+ *
+ * \param md_info   message digest info
+ *
+ * \return          name of the message digest output.
+ */
+const char *mbedtls_md_get_name( const mbedtls_md_info_t *md_info );
+
+/**
+ * \brief           Prepare the context to digest a new message.
+ *                  Generally called after mbedtls_md_setup() or mbedtls_md_finish().
+ *                  Followed by mbedtls_md_update().
+ *
+ * \param ctx       generic message digest context.
+ *
+ * \returns         0 on success, MBEDTLS_ERR_MD_BAD_INPUT_DATA if parameter
+ *                  verification fails.
+ */
+int mbedtls_md_starts( mbedtls_md_context_t *ctx );
+
+/**
+ * \brief           Generic message digest process buffer
+ *                  Called between mbedtls_md_starts() and mbedtls_md_finish().
+ *                  May be called repeatedly.
+ *
+ * \param ctx       Generic message digest context
+ * \param input     buffer holding the  datal
+ * \param ilen      length of the input data
+ *
+ * \returns         0 on success, MBEDTLS_ERR_MD_BAD_INPUT_DATA if parameter
+ *                  verification fails.
+ */
+int mbedtls_md_update( mbedtls_md_context_t *ctx, const unsigned char *input, size_t ilen );
+
+/**
+ * \brief           Generic message digest final digest
+ *                  Called after mbedtls_md_update().
+ *                  Usually followed by mbedtls_md_free() or mbedtls_md_starts().
+ *
+ * \param ctx       Generic message digest context
+ * \param output    Generic message digest checksum result
+ *
+ * \returns         0 on success, MBEDTLS_ERR_MD_BAD_INPUT_DATA if parameter
+ *                  verification fails.
+ */
+int mbedtls_md_finish( mbedtls_md_context_t *ctx, unsigned char *output );
+
+/**
+ * \brief          Output = message_digest( input buffer )
+ *
+ * \param md_info  message digest info
+ * \param input    buffer holding the  data
+ * \param ilen     length of the input data
+ * \param output   Generic message digest checksum result
+ *
+ * \returns        0 on success, MBEDTLS_ERR_MD_BAD_INPUT_DATA if parameter
+ *                 verification fails.
+ */
+int mbedtls_md( const mbedtls_md_info_t *md_info, const unsigned char *input, size_t ilen,
+        unsigned char *output );
+
+#if defined(MBEDTLS_FS_IO)
+/**
+ * \brief          Output = message_digest( file contents )
+ *
+ * \param md_info  message digest info
+ * \param path     input file name
+ * \param output   generic message digest checksum result
+ *
+ * \return         0 if successful,
+ *                 MBEDTLS_ERR_MD_FILE_IO_ERROR if file input failed,
+ *                 MBEDTLS_ERR_MD_BAD_INPUT_DATA if md_info was NULL.
+ */
+int mbedtls_md_file( const mbedtls_md_info_t *md_info, const char *path,
+                     unsigned char *output );
+#endif /* MBEDTLS_FS_IO */
+
+/**
+ * \brief           Set HMAC key and prepare to authenticate a new message.
+ *                  Usually called after mbedtls_md_setup() or mbedtls_md_hmac_finish().
+ *
+ * \param ctx       HMAC context
+ * \param key       HMAC secret key
+ * \param keylen    length of the HMAC key in bytes
+ *
+ * \returns         0 on success, MBEDTLS_ERR_MD_BAD_INPUT_DATA if parameter
+ *                  verification fails.
+ */
+int mbedtls_md_hmac_starts( mbedtls_md_context_t *ctx, const unsigned char *key,
+                    size_t keylen );
+
+/**
+ * \brief           Generic HMAC process buffer.
+ *                  Called between mbedtls_md_hmac_starts() or mbedtls_md_hmac_reset()
+ *                  and mbedtls_md_hmac_finish().
+ *                  May be called repeatedly.
+ *
+ * \param ctx       HMAC context
+ * \param input     buffer holding the  data
+ * \param ilen      length of the input data
+ *
+ * \returns         0 on success, MBEDTLS_ERR_MD_BAD_INPUT_DATA if parameter
+ *                  verification fails.
+ */
+int mbedtls_md_hmac_update( mbedtls_md_context_t *ctx, const unsigned char *input,
+                    size_t ilen );
+
+/**
+ * \brief           Output HMAC.
+ *                  Called after mbedtls_md_hmac_update().
+ *                  Usually followed my mbedtls_md_hmac_reset(), mbedtls_md_hmac_starts(),
+ *                  or mbedtls_md_free().
+ *
+ * \param ctx       HMAC context
+ * \param output    Generic HMAC checksum result
+ *
+ * \returns         0 on success, MBEDTLS_ERR_MD_BAD_INPUT_DATA if parameter
+ *                  verification fails.
+ */
+int mbedtls_md_hmac_finish( mbedtls_md_context_t *ctx, unsigned char *output);
+
+/**
+ * \brief           Prepare to authenticate a new message with the same key.
+ *                  Called after mbedtls_md_hmac_finish() and before mbedtls_md_hmac_update().
+ *
+ * \param ctx       HMAC context to be reset
+ *
+ * \returns         0 on success, MBEDTLS_ERR_MD_BAD_INPUT_DATA if parameter
+ *                  verification fails.
+ */
+int mbedtls_md_hmac_reset( mbedtls_md_context_t *ctx );
+
+/**
+ * \brief          Output = Generic_HMAC( hmac key, input buffer )
+ *
+ * \param md_info  message digest info
+ * \param key      HMAC secret key
+ * \param keylen   length of the HMAC key in bytes
+ * \param input    buffer holding the  data
+ * \param ilen     length of the input data
+ * \param output   Generic HMAC-result
+ *
+ * \returns        0 on success, MBEDTLS_ERR_MD_BAD_INPUT_DATA if parameter
+ *                 verification fails.
+ */
+int mbedtls_md_hmac( const mbedtls_md_info_t *md_info, const unsigned char *key, size_t keylen,
+                const unsigned char *input, size_t ilen,
+                unsigned char *output );
+
+/* Internal use */
+int mbedtls_md_process( mbedtls_md_context_t *ctx, const unsigned char *data );
+
+#ifdef __cplusplus
+}
+#endif
+
+#endif /* MBEDTLS_MD_H */
diff --git a/client/3rd/ShadowSocks/ShadowSocks/mbedtls/include/mbedtls/md2.h b/client/3rd/ShadowSocks/ShadowSocks/mbedtls/include/mbedtls/md2.h
new file mode 100644
index 00000000..51d79486
--- /dev/null
+++ b/client/3rd/ShadowSocks/ShadowSocks/mbedtls/include/mbedtls/md2.h
@@ -0,0 +1,136 @@
+/**
+ * \file mbedtls_md2.h
+ *
+ * \brief MD2 message digest algorithm (hash function)
+ *
+ *  Copyright (C) 2006-2015, ARM Limited, All Rights Reserved
+ *  SPDX-License-Identifier: Apache-2.0
+ *
+ *  Licensed under the Apache License, Version 2.0 (the "License"); you may
+ *  not use this file except in compliance with the License.
+ *  You may obtain a copy of the License at
+ *
+ *  http://www.apache.org/licenses/LICENSE-2.0
+ *
+ *  Unless required by applicable law or agreed to in writing, software
+ *  distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
+ *  WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ *  See the License for the specific language governing permissions and
+ *  limitations under the License.
+ *
+ *  This file is part of mbed TLS (https://tls.mbed.org)
+ */
+#ifndef MBEDTLS_MD2_H
+#define MBEDTLS_MD2_H
+
+#if !defined(MBEDTLS_CONFIG_FILE)
+#include "config.h"
+#else
+#include MBEDTLS_CONFIG_FILE
+#endif
+
+#include <stddef.h>
+
+#if !defined(MBEDTLS_MD2_ALT)
+// Regular implementation
+//
+
+#ifdef __cplusplus
+extern "C" {
+#endif
+
+/**
+ * \brief          MD2 context structure
+ */
+typedef struct
+{
+    unsigned char cksum[16];    /*!< checksum of the data block */
+    unsigned char state[48];    /*!< intermediate digest state  */
+    unsigned char buffer[16];   /*!< data block being processed */
+    size_t left;                /*!< amount of data in buffer   */
+}
+mbedtls_md2_context;
+
+/**
+ * \brief          Initialize MD2 context
+ *
+ * \param ctx      MD2 context to be initialized
+ */
+void mbedtls_md2_init( mbedtls_md2_context *ctx );
+
+/**
+ * \brief          Clear MD2 context
+ *
+ * \param ctx      MD2 context to be cleared
+ */
+void mbedtls_md2_free( mbedtls_md2_context *ctx );
+
+/**
+ * \brief          Clone (the state of) an MD2 context
+ *
+ * \param dst      The destination context
+ * \param src      The context to be cloned
+ */
+void mbedtls_md2_clone( mbedtls_md2_context *dst,
+                        const mbedtls_md2_context *src );
+
+/**
+ * \brief          MD2 context setup
+ *
+ * \param ctx      context to be initialized
+ */
+void mbedtls_md2_starts( mbedtls_md2_context *ctx );
+
+/**
+ * \brief          MD2 process buffer
+ *
+ * \param ctx      MD2 context
+ * \param input    buffer holding the  data
+ * \param ilen     length of the input data
+ */
+void mbedtls_md2_update( mbedtls_md2_context *ctx, const unsigned char *input, size_t ilen );
+
+/**
+ * \brief          MD2 final digest
+ *
+ * \param ctx      MD2 context
+ * \param output   MD2 checksum result
+ */
+void mbedtls_md2_finish( mbedtls_md2_context *ctx, unsigned char output[16] );
+
+#ifdef __cplusplus
+}
+#endif
+
+#else  /* MBEDTLS_MD2_ALT */
+#include "md2_alt.h"
+#endif /* MBEDTLS_MD2_ALT */
+
+#ifdef __cplusplus
+extern "C" {
+#endif
+
+/**
+ * \brief          Output = MD2( input buffer )
+ *
+ * \param input    buffer holding the  data
+ * \param ilen     length of the input data
+ * \param output   MD2 checksum result
+ */
+void mbedtls_md2( const unsigned char *input, size_t ilen, unsigned char output[16] );
+
+/**
+ * \brief          Checkup routine
+ *
+ * \return         0 if successful, or 1 if the test failed
+ */
+int mbedtls_md2_self_test( int verbose );
+
+/* Internal use */
+void mbedtls_md2_process( mbedtls_md2_context *ctx );
+
+#ifdef __cplusplus
+}
+#endif
+
+#endif /* mbedtls_md2.h */
diff --git a/client/3rd/ShadowSocks/ShadowSocks/mbedtls/include/mbedtls/md4.h b/client/3rd/ShadowSocks/ShadowSocks/mbedtls/include/mbedtls/md4.h
new file mode 100644
index 00000000..12cb81dc
--- /dev/null
+++ b/client/3rd/ShadowSocks/ShadowSocks/mbedtls/include/mbedtls/md4.h
@@ -0,0 +1,136 @@
+/**
+ * \file mbedtls_md4.h
+ *
+ * \brief MD4 message digest algorithm (hash function)
+ *
+ *  Copyright (C) 2006-2015, ARM Limited, All Rights Reserved
+ *  SPDX-License-Identifier: Apache-2.0
+ *
+ *  Licensed under the Apache License, Version 2.0 (the "License"); you may
+ *  not use this file except in compliance with the License.
+ *  You may obtain a copy of the License at
+ *
+ *  http://www.apache.org/licenses/LICENSE-2.0
+ *
+ *  Unless required by applicable law or agreed to in writing, software
+ *  distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
+ *  WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ *  See the License for the specific language governing permissions and
+ *  limitations under the License.
+ *
+ *  This file is part of mbed TLS (https://tls.mbed.org)
+ */
+#ifndef MBEDTLS_MD4_H
+#define MBEDTLS_MD4_H
+
+#if !defined(MBEDTLS_CONFIG_FILE)
+#include "config.h"
+#else
+#include MBEDTLS_CONFIG_FILE
+#endif
+
+#include <stddef.h>
+#include <stdint.h>
+
+#if !defined(MBEDTLS_MD4_ALT)
+// Regular implementation
+//
+
+#ifdef __cplusplus
+extern "C" {
+#endif
+
+/**
+ * \brief          MD4 context structure
+ */
+typedef struct
+{
+    uint32_t total[2];          /*!< number of bytes processed  */
+    uint32_t state[4];          /*!< intermediate digest state  */
+    unsigned char buffer[64];   /*!< data block being processed */
+}
+mbedtls_md4_context;
+
+/**
+ * \brief          Initialize MD4 context
+ *
+ * \param ctx      MD4 context to be initialized
+ */
+void mbedtls_md4_init( mbedtls_md4_context *ctx );
+
+/**
+ * \brief          Clear MD4 context
+ *
+ * \param ctx      MD4 context to be cleared
+ */
+void mbedtls_md4_free( mbedtls_md4_context *ctx );
+
+/**
+ * \brief          Clone (the state of) an MD4 context
+ *
+ * \param dst      The destination context
+ * \param src      The context to be cloned
+ */
+void mbedtls_md4_clone( mbedtls_md4_context *dst,
+                        const mbedtls_md4_context *src );
+
+/**
+ * \brief          MD4 context setup
+ *
+ * \param ctx      context to be initialized
+ */
+void mbedtls_md4_starts( mbedtls_md4_context *ctx );
+
+/**
+ * \brief          MD4 process buffer
+ *
+ * \param ctx      MD4 context
+ * \param input    buffer holding the  data
+ * \param ilen     length of the input data
+ */
+void mbedtls_md4_update( mbedtls_md4_context *ctx, const unsigned char *input, size_t ilen );
+
+/**
+ * \brief          MD4 final digest
+ *
+ * \param ctx      MD4 context
+ * \param output   MD4 checksum result
+ */
+void mbedtls_md4_finish( mbedtls_md4_context *ctx, unsigned char output[16] );
+
+#ifdef __cplusplus
+}
+#endif
+
+#else  /* MBEDTLS_MD4_ALT */
+#include "md4_alt.h"
+#endif /* MBEDTLS_MD4_ALT */
+
+#ifdef __cplusplus
+extern "C" {
+#endif
+
+/**
+ * \brief          Output = MD4( input buffer )
+ *
+ * \param input    buffer holding the  data
+ * \param ilen     length of the input data
+ * \param output   MD4 checksum result
+ */
+void mbedtls_md4( const unsigned char *input, size_t ilen, unsigned char output[16] );
+
+/**
+ * \brief          Checkup routine
+ *
+ * \return         0 if successful, or 1 if the test failed
+ */
+int mbedtls_md4_self_test( int verbose );
+
+/* Internal use */
+void mbedtls_md4_process( mbedtls_md4_context *ctx, const unsigned char data[64] );
+
+#ifdef __cplusplus
+}
+#endif
+
+#endif /* mbedtls_md4.h */
diff --git a/client/3rd/ShadowSocks/ShadowSocks/mbedtls/include/mbedtls/md5.h b/client/3rd/ShadowSocks/ShadowSocks/mbedtls/include/mbedtls/md5.h
new file mode 100644
index 00000000..09d8a947
--- /dev/null
+++ b/client/3rd/ShadowSocks/ShadowSocks/mbedtls/include/mbedtls/md5.h
@@ -0,0 +1,136 @@
+/**
+ * \file mbedtls_md5.h
+ *
+ * \brief MD5 message digest algorithm (hash function)
+ *
+ *  Copyright (C) 2006-2015, ARM Limited, All Rights Reserved
+ *  SPDX-License-Identifier: Apache-2.0
+ *
+ *  Licensed under the Apache License, Version 2.0 (the "License"); you may
+ *  not use this file except in compliance with the License.
+ *  You may obtain a copy of the License at
+ *
+ *  http://www.apache.org/licenses/LICENSE-2.0
+ *
+ *  Unless required by applicable law or agreed to in writing, software
+ *  distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
+ *  WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ *  See the License for the specific language governing permissions and
+ *  limitations under the License.
+ *
+ *  This file is part of mbed TLS (https://tls.mbed.org)
+ */
+#ifndef MBEDTLS_MD5_H
+#define MBEDTLS_MD5_H
+
+#if !defined(MBEDTLS_CONFIG_FILE)
+#include "config.h"
+#else
+#include MBEDTLS_CONFIG_FILE
+#endif
+
+#include <stddef.h>
+#include <stdint.h>
+
+#if !defined(MBEDTLS_MD5_ALT)
+// Regular implementation
+//
+
+#ifdef __cplusplus
+extern "C" {
+#endif
+
+/**
+ * \brief          MD5 context structure
+ */
+typedef struct
+{
+    uint32_t total[2];          /*!< number of bytes processed  */
+    uint32_t state[4];          /*!< intermediate digest state  */
+    unsigned char buffer[64];   /*!< data block being processed */
+}
+mbedtls_md5_context;
+
+/**
+ * \brief          Initialize MD5 context
+ *
+ * \param ctx      MD5 context to be initialized
+ */
+void mbedtls_md5_init( mbedtls_md5_context *ctx );
+
+/**
+ * \brief          Clear MD5 context
+ *
+ * \param ctx      MD5 context to be cleared
+ */
+void mbedtls_md5_free( mbedtls_md5_context *ctx );
+
+/**
+ * \brief          Clone (the state of) an MD5 context
+ *
+ * \param dst      The destination context
+ * \param src      The context to be cloned
+ */
+void mbedtls_md5_clone( mbedtls_md5_context *dst,
+                        const mbedtls_md5_context *src );
+
+/**
+ * \brief          MD5 context setup
+ *
+ * \param ctx      context to be initialized
+ */
+void mbedtls_md5_starts( mbedtls_md5_context *ctx );
+
+/**
+ * \brief          MD5 process buffer
+ *
+ * \param ctx      MD5 context
+ * \param input    buffer holding the  data
+ * \param ilen     length of the input data
+ */
+void mbedtls_md5_update( mbedtls_md5_context *ctx, const unsigned char *input, size_t ilen );
+
+/**
+ * \brief          MD5 final digest
+ *
+ * \param ctx      MD5 context
+ * \param output   MD5 checksum result
+ */
+void mbedtls_md5_finish( mbedtls_md5_context *ctx, unsigned char output[16] );
+
+/* Internal use */
+void mbedtls_md5_process( mbedtls_md5_context *ctx, const unsigned char data[64] );
+
+#ifdef __cplusplus
+}
+#endif
+
+#else  /* MBEDTLS_MD5_ALT */
+#include "md5_alt.h"
+#endif /* MBEDTLS_MD5_ALT */
+
+#ifdef __cplusplus
+extern "C" {
+#endif
+
+/**
+ * \brief          Output = MD5( input buffer )
+ *
+ * \param input    buffer holding the  data
+ * \param ilen     length of the input data
+ * \param output   MD5 checksum result
+ */
+void mbedtls_md5( const unsigned char *input, size_t ilen, unsigned char output[16] );
+
+/**
+ * \brief          Checkup routine
+ *
+ * \return         0 if successful, or 1 if the test failed
+ */
+int mbedtls_md5_self_test( int verbose );
+
+#ifdef __cplusplus
+}
+#endif
+
+#endif /* mbedtls_md5.h */
diff --git a/client/3rd/ShadowSocks/ShadowSocks/mbedtls/include/mbedtls/md_internal.h b/client/3rd/ShadowSocks/ShadowSocks/mbedtls/include/mbedtls/md_internal.h
new file mode 100644
index 00000000..e2441bbc
--- /dev/null
+++ b/client/3rd/ShadowSocks/ShadowSocks/mbedtls/include/mbedtls/md_internal.h
@@ -0,0 +1,114 @@
+/**
+ * \file md_internal.h
+ *
+ * \brief Message digest wrappers.
+ *
+ * \warning This in an internal header. Do not include directly.
+ *
+ * \author Adriaan de Jong <dejong@fox-it.com>
+ *
+ *  Copyright (C) 2006-2015, ARM Limited, All Rights Reserved
+ *  SPDX-License-Identifier: Apache-2.0
+ *
+ *  Licensed under the Apache License, Version 2.0 (the "License"); you may
+ *  not use this file except in compliance with the License.
+ *  You may obtain a copy of the License at
+ *
+ *  http://www.apache.org/licenses/LICENSE-2.0
+ *
+ *  Unless required by applicable law or agreed to in writing, software
+ *  distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
+ *  WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ *  See the License for the specific language governing permissions and
+ *  limitations under the License.
+ *
+ *  This file is part of mbed TLS (https://tls.mbed.org)
+ */
+#ifndef MBEDTLS_MD_WRAP_H
+#define MBEDTLS_MD_WRAP_H
+
+#if !defined(MBEDTLS_CONFIG_FILE)
+#include "config.h"
+#else
+#include MBEDTLS_CONFIG_FILE
+#endif
+
+#include "md.h"
+
+#ifdef __cplusplus
+extern "C" {
+#endif
+
+/**
+ * Message digest information.
+ * Allows message digest functions to be called in a generic way.
+ */
+struct mbedtls_md_info_t
+{
+    /** Digest identifier */
+    mbedtls_md_type_t type;
+
+    /** Name of the message digest */
+    const char * name;
+
+    /** Output length of the digest function in bytes */
+    int size;
+
+    /** Block length of the digest function in bytes */
+    int block_size;
+
+    /** Digest initialisation function */
+    void (*starts_func)( void *ctx );
+
+    /** Digest update function */
+    void (*update_func)( void *ctx, const unsigned char *input, size_t ilen );
+
+    /** Digest finalisation function */
+    void (*finish_func)( void *ctx, unsigned char *output );
+
+    /** Generic digest function */
+    void (*digest_func)( const unsigned char *input, size_t ilen,
+                         unsigned char *output );
+
+    /** Allocate a new context */
+    void * (*ctx_alloc_func)( void );
+
+    /** Free the given context */
+    void (*ctx_free_func)( void *ctx );
+
+    /** Clone state from a context */
+    void (*clone_func)( void *dst, const void *src );
+
+    /** Internal use only */
+    void (*process_func)( void *ctx, const unsigned char *input );
+};
+
+#if defined(MBEDTLS_MD2_C)
+extern const mbedtls_md_info_t mbedtls_md2_info;
+#endif
+#if defined(MBEDTLS_MD4_C)
+extern const mbedtls_md_info_t mbedtls_md4_info;
+#endif
+#if defined(MBEDTLS_MD5_C)
+extern const mbedtls_md_info_t mbedtls_md5_info;
+#endif
+#if defined(MBEDTLS_RIPEMD160_C)
+extern const mbedtls_md_info_t mbedtls_ripemd160_info;
+#endif
+#if defined(MBEDTLS_SHA1_C)
+extern const mbedtls_md_info_t mbedtls_sha1_info;
+#endif
+#if defined(MBEDTLS_SHA256_C)
+extern const mbedtls_md_info_t mbedtls_sha224_info;
+extern const mbedtls_md_info_t mbedtls_sha256_info;
+#endif
+#if defined(MBEDTLS_SHA512_C)
+extern const mbedtls_md_info_t mbedtls_sha384_info;
+extern const mbedtls_md_info_t mbedtls_sha512_info;
+#endif
+
+#ifdef __cplusplus
+}
+#endif
+
+#endif /* MBEDTLS_MD_WRAP_H */
diff --git a/client/3rd/ShadowSocks/ShadowSocks/mbedtls/include/mbedtls/memory_buffer_alloc.h b/client/3rd/ShadowSocks/ShadowSocks/mbedtls/include/mbedtls/memory_buffer_alloc.h
new file mode 100644
index 00000000..661bc08d
--- /dev/null
+++ b/client/3rd/ShadowSocks/ShadowSocks/mbedtls/include/mbedtls/memory_buffer_alloc.h
@@ -0,0 +1,146 @@
+/**
+ * \file memory_buffer_alloc.h
+ *
+ * \brief Buffer-based memory allocator
+ *
+ *  Copyright (C) 2006-2015, ARM Limited, All Rights Reserved
+ *  SPDX-License-Identifier: Apache-2.0
+ *
+ *  Licensed under the Apache License, Version 2.0 (the "License"); you may
+ *  not use this file except in compliance with the License.
+ *  You may obtain a copy of the License at
+ *
+ *  http://www.apache.org/licenses/LICENSE-2.0
+ *
+ *  Unless required by applicable law or agreed to in writing, software
+ *  distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
+ *  WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ *  See the License for the specific language governing permissions and
+ *  limitations under the License.
+ *
+ *  This file is part of mbed TLS (https://tls.mbed.org)
+ */
+#ifndef MBEDTLS_MEMORY_BUFFER_ALLOC_H
+#define MBEDTLS_MEMORY_BUFFER_ALLOC_H
+
+#if !defined(MBEDTLS_CONFIG_FILE)
+#include "config.h"
+#else
+#include MBEDTLS_CONFIG_FILE
+#endif
+
+#include <stddef.h>
+
+/**
+ * \name SECTION: Module settings
+ *
+ * The configuration options you can set for this module are in this section.
+ * Either change them in config.h or define them on the compiler command line.
+ * \{
+ */
+
+#if !defined(MBEDTLS_MEMORY_ALIGN_MULTIPLE)
+#define MBEDTLS_MEMORY_ALIGN_MULTIPLE       4 /**< Align on multiples of this value */
+#endif
+
+/* \} name SECTION: Module settings */
+
+#define MBEDTLS_MEMORY_VERIFY_NONE         0
+#define MBEDTLS_MEMORY_VERIFY_ALLOC        (1 << 0)
+#define MBEDTLS_MEMORY_VERIFY_FREE         (1 << 1)
+#define MBEDTLS_MEMORY_VERIFY_ALWAYS       (MBEDTLS_MEMORY_VERIFY_ALLOC | MBEDTLS_MEMORY_VERIFY_FREE)
+
+#ifdef __cplusplus
+extern "C" {
+#endif
+
+/**
+ * \brief   Initialize use of stack-based memory allocator.
+ *          The stack-based allocator does memory management inside the
+ *          presented buffer and does not call calloc() and free().
+ *          It sets the global mbedtls_calloc() and mbedtls_free() pointers
+ *          to its own functions.
+ *          (Provided mbedtls_calloc() and mbedtls_free() are thread-safe if
+ *           MBEDTLS_THREADING_C is defined)
+ *
+ * \note    This code is not optimized and provides a straight-forward
+ *          implementation of a stack-based memory allocator.
+ *
+ * \param buf   buffer to use as heap
+ * \param len   size of the buffer
+ */
+void mbedtls_memory_buffer_alloc_init( unsigned char *buf, size_t len );
+
+/**
+ * \brief   Free the mutex for thread-safety and clear remaining memory
+ */
+void mbedtls_memory_buffer_alloc_free( void );
+
+/**
+ * \brief   Determine when the allocator should automatically verify the state
+ *          of the entire chain of headers / meta-data.
+ *          (Default: MBEDTLS_MEMORY_VERIFY_NONE)
+ *
+ * \param verify    One of MBEDTLS_MEMORY_VERIFY_NONE, MBEDTLS_MEMORY_VERIFY_ALLOC,
+ *                  MBEDTLS_MEMORY_VERIFY_FREE or MBEDTLS_MEMORY_VERIFY_ALWAYS
+ */
+void mbedtls_memory_buffer_set_verify( int verify );
+
+#if defined(MBEDTLS_MEMORY_DEBUG)
+/**
+ * \brief   Print out the status of the allocated memory (primarily for use
+ *          after a program should have de-allocated all memory)
+ *          Prints out a list of 'still allocated' blocks and their stack
+ *          trace if MBEDTLS_MEMORY_BACKTRACE is defined.
+ */
+void mbedtls_memory_buffer_alloc_status( void );
+
+/**
+ * \brief   Get the peak heap usage so far
+ *
+ * \param max_used      Peak number of bytes reauested by the application
+ * \param max_blocks    Peak number of blocks reauested by the application
+ */
+void mbedtls_memory_buffer_alloc_max_get( size_t *max_used, size_t *max_blocks );
+
+/**
+ * \brief   Reset peak statistics
+ */
+void mbedtls_memory_buffer_alloc_max_reset( void );
+
+/**
+ * \brief   Get the current heap usage
+ *
+ * \param cur_used      Number of bytes reauested by the application
+ * \param cur_blocks    Number of blocks reauested by the application
+ */
+void mbedtls_memory_buffer_alloc_cur_get( size_t *cur_used, size_t *cur_blocks );
+#endif /* MBEDTLS_MEMORY_DEBUG */
+
+/**
+ * \brief   Verifies that all headers in the memory buffer are correct
+ *          and contain sane values. Helps debug buffer-overflow errors.
+ *
+ *          Prints out first failure if MBEDTLS_MEMORY_DEBUG is defined.
+ *          Prints out full header information if MBEDTLS_MEMORY_DEBUG
+ *          is defined. (Includes stack trace information for each block if
+ *          MBEDTLS_MEMORY_BACKTRACE is defined as well).
+ *
+ * \return             0 if verified, 1 otherwise
+ */
+int mbedtls_memory_buffer_alloc_verify( void );
+
+#if defined(MBEDTLS_SELF_TEST)
+/**
+ * \brief          Checkup routine
+ *
+ * \return         0 if successful, or 1 if a test failed
+ */
+int mbedtls_memory_buffer_alloc_self_test( int verbose );
+#endif
+
+#ifdef __cplusplus
+}
+#endif
+
+#endif /* memory_buffer_alloc.h */
diff --git a/client/3rd/ShadowSocks/ShadowSocks/mbedtls/include/mbedtls/net.h b/client/3rd/ShadowSocks/ShadowSocks/mbedtls/include/mbedtls/net.h
new file mode 100644
index 00000000..8c6534cf
--- /dev/null
+++ b/client/3rd/ShadowSocks/ShadowSocks/mbedtls/include/mbedtls/net.h
@@ -0,0 +1,225 @@
+/**
+ * \file net.h
+ *
+ * \brief Network communication functions
+ *
+ *  Copyright (C) 2006-2015, ARM Limited, All Rights Reserved
+ *  SPDX-License-Identifier: Apache-2.0
+ *
+ *  Licensed under the Apache License, Version 2.0 (the "License"); you may
+ *  not use this file except in compliance with the License.
+ *  You may obtain a copy of the License at
+ *
+ *  http://www.apache.org/licenses/LICENSE-2.0
+ *
+ *  Unless required by applicable law or agreed to in writing, software
+ *  distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
+ *  WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ *  See the License for the specific language governing permissions and
+ *  limitations under the License.
+ *
+ *  This file is part of mbed TLS (https://tls.mbed.org)
+ */
+#ifndef MBEDTLS_NET_H
+#define MBEDTLS_NET_H
+
+#if !defined(MBEDTLS_CONFIG_FILE)
+#include "config.h"
+#else
+#include MBEDTLS_CONFIG_FILE
+#endif
+
+#include "ssl.h"
+
+#include <stddef.h>
+#include <stdint.h>
+
+#define MBEDTLS_ERR_NET_SOCKET_FAILED                     -0x0042  /**< Failed to open a socket. */
+#define MBEDTLS_ERR_NET_CONNECT_FAILED                    -0x0044  /**< The connection to the given server / port failed. */
+#define MBEDTLS_ERR_NET_BIND_FAILED                       -0x0046  /**< Binding of the socket failed. */
+#define MBEDTLS_ERR_NET_LISTEN_FAILED                     -0x0048  /**< Could not listen on the socket. */
+#define MBEDTLS_ERR_NET_ACCEPT_FAILED                     -0x004A  /**< Could not accept the incoming connection. */
+#define MBEDTLS_ERR_NET_RECV_FAILED                       -0x004C  /**< Reading information from the socket failed. */
+#define MBEDTLS_ERR_NET_SEND_FAILED                       -0x004E  /**< Sending information through the socket failed. */
+#define MBEDTLS_ERR_NET_CONN_RESET                        -0x0050  /**< Connection was reset by peer. */
+#define MBEDTLS_ERR_NET_UNKNOWN_HOST                      -0x0052  /**< Failed to get an IP address for the given hostname. */
+#define MBEDTLS_ERR_NET_BUFFER_TOO_SMALL                  -0x0043  /**< Buffer is too small to hold the data. */
+#define MBEDTLS_ERR_NET_INVALID_CONTEXT                   -0x0045  /**< The context is invalid, eg because it was free()ed. */
+
+#define MBEDTLS_NET_LISTEN_BACKLOG         10 /**< The backlog that listen() should use. */
+
+#define MBEDTLS_NET_PROTO_TCP 0 /**< The TCP transport protocol */
+#define MBEDTLS_NET_PROTO_UDP 1 /**< The UDP transport protocol */
+
+#ifdef __cplusplus
+extern "C" {
+#endif
+
+/**
+ * Wrapper type for sockets.
+ *
+ * Currently backed by just a file descriptor, but might be more in the future
+ * (eg two file descriptors for combined IPv4 + IPv6 support, or additional
+ * structures for hand-made UDP demultiplexing).
+ */
+typedef struct
+{
+    int fd;             /**< The underlying file descriptor                 */
+}
+mbedtls_net_context;
+
+/**
+ * \brief          Initialize a context
+ *                 Just makes the context ready to be used or freed safely.
+ *
+ * \param ctx      Context to initialize
+ */
+void mbedtls_net_init( mbedtls_net_context *ctx );
+
+/**
+ * \brief          Initiate a connection with host:port in the given protocol
+ *
+ * \param ctx      Socket to use
+ * \param host     Host to connect to
+ * \param port     Port to connect to
+ * \param proto    Protocol: MBEDTLS_NET_PROTO_TCP or MBEDTLS_NET_PROTO_UDP
+ *
+ * \return         0 if successful, or one of:
+ *                      MBEDTLS_ERR_NET_SOCKET_FAILED,
+ *                      MBEDTLS_ERR_NET_UNKNOWN_HOST,
+ *                      MBEDTLS_ERR_NET_CONNECT_FAILED
+ *
+ * \note           Sets the socket in connected mode even with UDP.
+ */
+int mbedtls_net_connect( mbedtls_net_context *ctx, const char *host, const char *port, int proto );
+
+/**
+ * \brief          Create a receiving socket on bind_ip:port in the chosen
+ *                 protocol. If bind_ip == NULL, all interfaces are bound.
+ *
+ * \param ctx      Socket to use
+ * \param bind_ip  IP to bind to, can be NULL
+ * \param port     Port number to use
+ * \param proto    Protocol: MBEDTLS_NET_PROTO_TCP or MBEDTLS_NET_PROTO_UDP
+ *
+ * \return         0 if successful, or one of:
+ *                      MBEDTLS_ERR_NET_SOCKET_FAILED,
+ *                      MBEDTLS_ERR_NET_BIND_FAILED,
+ *                      MBEDTLS_ERR_NET_LISTEN_FAILED
+ *
+ * \note           Regardless of the protocol, opens the sockets and binds it.
+ *                 In addition, make the socket listening if protocol is TCP.
+ */
+int mbedtls_net_bind( mbedtls_net_context *ctx, const char *bind_ip, const char *port, int proto );
+
+/**
+ * \brief           Accept a connection from a remote client
+ *
+ * \param bind_ctx  Relevant socket
+ * \param client_ctx Will contain the connected client socket
+ * \param client_ip Will contain the client IP address
+ * \param buf_size  Size of the client_ip buffer
+ * \param ip_len    Will receive the size of the client IP written
+ *
+ * \return          0 if successful, or
+ *                  MBEDTLS_ERR_NET_ACCEPT_FAILED, or
+ *                  MBEDTLS_ERR_NET_BUFFER_TOO_SMALL if buf_size is too small,
+ *                  MBEDTLS_ERR_SSL_WANT_READ if bind_fd was set to
+ *                  non-blocking and accept() would block.
+ */
+int mbedtls_net_accept( mbedtls_net_context *bind_ctx,
+                        mbedtls_net_context *client_ctx,
+                        void *client_ip, size_t buf_size, size_t *ip_len );
+
+/**
+ * \brief          Set the socket blocking
+ *
+ * \param ctx      Socket to set
+ *
+ * \return         0 if successful, or a non-zero error code
+ */
+int mbedtls_net_set_block( mbedtls_net_context *ctx );
+
+/**
+ * \brief          Set the socket non-blocking
+ *
+ * \param ctx      Socket to set
+ *
+ * \return         0 if successful, or a non-zero error code
+ */
+int mbedtls_net_set_nonblock( mbedtls_net_context *ctx );
+
+/**
+ * \brief          Portable usleep helper
+ *
+ * \param usec     Amount of microseconds to sleep
+ *
+ * \note           Real amount of time slept will not be less than
+ *                 select()'s timeout granularity (typically, 10ms).
+ */
+void mbedtls_net_usleep( unsigned long usec );
+
+/**
+ * \brief          Read at most 'len' characters. If no error occurs,
+ *                 the actual amount read is returned.
+ *
+ * \param ctx      Socket
+ * \param buf      The buffer to write to
+ * \param len      Maximum length of the buffer
+ *
+ * \return         the number of bytes received,
+ *                 or a non-zero error code; with a non-blocking socket,
+ *                 MBEDTLS_ERR_SSL_WANT_READ indicates read() would block.
+ */
+int mbedtls_net_recv( void *ctx, unsigned char *buf, size_t len );
+
+/**
+ * \brief          Write at most 'len' characters. If no error occurs,
+ *                 the actual amount read is returned.
+ *
+ * \param ctx      Socket
+ * \param buf      The buffer to read from
+ * \param len      The length of the buffer
+ *
+ * \return         the number of bytes sent,
+ *                 or a non-zero error code; with a non-blocking socket,
+ *                 MBEDTLS_ERR_SSL_WANT_WRITE indicates write() would block.
+ */
+int mbedtls_net_send( void *ctx, const unsigned char *buf, size_t len );
+
+/**
+ * \brief          Read at most 'len' characters, blocking for at most
+ *                 'timeout' seconds. If no error occurs, the actual amount
+ *                 read is returned.
+ *
+ * \param ctx      Socket
+ * \param buf      The buffer to write to
+ * \param len      Maximum length of the buffer
+ * \param timeout  Maximum number of milliseconds to wait for data
+ *                 0 means no timeout (wait forever)
+ *
+ * \return         the number of bytes received,
+ *                 or a non-zero error code:
+ *                 MBEDTLS_ERR_SSL_TIMEOUT if the operation timed out,
+ *                 MBEDTLS_ERR_SSL_WANT_READ if interrupted by a signal.
+ *
+ * \note           This function will block (until data becomes available or
+ *                 timeout is reached) even if the socket is set to
+ *                 non-blocking. Handling timeouts with non-blocking reads
+ *                 requires a different strategy.
+ */
+int mbedtls_net_recv_timeout( void *ctx, unsigned char *buf, size_t len,
+                      uint32_t timeout );
+
+/**
+ * \brief          Gracefully shutdown the connection and free associated data
+ *
+ * \param ctx      The context to free
+ */
+void mbedtls_net_free( mbedtls_net_context *ctx );
+
+#ifdef __cplusplus
+}
+#endif
+
+#endif /* net.h */
diff --git a/client/3rd/ShadowSocks/ShadowSocks/mbedtls/include/mbedtls/oid.h b/client/3rd/ShadowSocks/ShadowSocks/mbedtls/include/mbedtls/oid.h
new file mode 100644
index 00000000..fcecdafd
--- /dev/null
+++ b/client/3rd/ShadowSocks/ShadowSocks/mbedtls/include/mbedtls/oid.h
@@ -0,0 +1,570 @@
+/**
+ * \file oid.h
+ *
+ * \brief Object Identifier (OID) database
+ *
+ *  Copyright (C) 2006-2015, ARM Limited, All Rights Reserved
+ *  SPDX-License-Identifier: Apache-2.0
+ *
+ *  Licensed under the Apache License, Version 2.0 (the "License"); you may
+ *  not use this file except in compliance with the License.
+ *  You may obtain a copy of the License at
+ *
+ *  http://www.apache.org/licenses/LICENSE-2.0
+ *
+ *  Unless required by applicable law or agreed to in writing, software
+ *  distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
+ *  WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ *  See the License for the specific language governing permissions and
+ *  limitations under the License.
+ *
+ *  This file is part of mbed TLS (https://tls.mbed.org)
+ */
+#ifndef MBEDTLS_OID_H
+#define MBEDTLS_OID_H
+
+#if !defined(MBEDTLS_CONFIG_FILE)
+#include "config.h"
+#else
+#include MBEDTLS_CONFIG_FILE
+#endif
+
+#include "asn1.h"
+#include "pk.h"
+
+#include <stddef.h>
+
+#if defined(MBEDTLS_CIPHER_C)
+#include "cipher.h"
+#endif
+
+#if defined(MBEDTLS_MD_C)
+#include "md.h"
+#endif
+
+#if defined(MBEDTLS_X509_USE_C) || defined(MBEDTLS_X509_CREATE_C)
+#include "x509.h"
+#endif
+
+#define MBEDTLS_ERR_OID_NOT_FOUND                         -0x002E  /**< OID is not found. */
+#define MBEDTLS_ERR_OID_BUF_TOO_SMALL                     -0x000B  /**< output buffer is too small */
+
+/*
+ * Top level OID tuples
+ */
+#define MBEDTLS_OID_ISO_MEMBER_BODIES           "\x2a"          /* {iso(1) member-body(2)} */
+#define MBEDTLS_OID_ISO_IDENTIFIED_ORG          "\x2b"          /* {iso(1) identified-organization(3)} */
+#define MBEDTLS_OID_ISO_CCITT_DS                "\x55"          /* {joint-iso-ccitt(2) ds(5)} */
+#define MBEDTLS_OID_ISO_ITU_COUNTRY             "\x60"          /* {joint-iso-itu-t(2) country(16)} */
+
+/*
+ * ISO Member bodies OID parts
+ */
+#define MBEDTLS_OID_COUNTRY_US                  "\x86\x48"      /* {us(840)} */
+#define MBEDTLS_OID_ORG_RSA_DATA_SECURITY       "\x86\xf7\x0d"  /* {rsadsi(113549)} */
+#define MBEDTLS_OID_RSA_COMPANY                 MBEDTLS_OID_ISO_MEMBER_BODIES MBEDTLS_OID_COUNTRY_US \
+                                        MBEDTLS_OID_ORG_RSA_DATA_SECURITY /* {iso(1) member-body(2) us(840) rsadsi(113549)} */
+#define MBEDTLS_OID_ORG_ANSI_X9_62              "\xce\x3d" /* ansi-X9-62(10045) */
+#define MBEDTLS_OID_ANSI_X9_62                  MBEDTLS_OID_ISO_MEMBER_BODIES MBEDTLS_OID_COUNTRY_US \
+                                        MBEDTLS_OID_ORG_ANSI_X9_62
+
+/*
+ * ISO Identified organization OID parts
+ */
+#define MBEDTLS_OID_ORG_DOD                     "\x06"          /* {dod(6)} */
+#define MBEDTLS_OID_ORG_OIW                     "\x0e"
+#define MBEDTLS_OID_OIW_SECSIG                  MBEDTLS_OID_ORG_OIW "\x03"
+#define MBEDTLS_OID_OIW_SECSIG_ALG              MBEDTLS_OID_OIW_SECSIG "\x02"
+#define MBEDTLS_OID_OIW_SECSIG_SHA1             MBEDTLS_OID_OIW_SECSIG_ALG "\x1a"
+#define MBEDTLS_OID_ORG_CERTICOM                "\x81\x04"  /* certicom(132) */
+#define MBEDTLS_OID_CERTICOM                    MBEDTLS_OID_ISO_IDENTIFIED_ORG MBEDTLS_OID_ORG_CERTICOM
+#define MBEDTLS_OID_ORG_TELETRUST               "\x24" /* teletrust(36) */
+#define MBEDTLS_OID_TELETRUST                   MBEDTLS_OID_ISO_IDENTIFIED_ORG MBEDTLS_OID_ORG_TELETRUST
+
+/*
+ * ISO ITU OID parts
+ */
+#define MBEDTLS_OID_ORGANIZATION                "\x01"          /* {organization(1)} */
+#define MBEDTLS_OID_ISO_ITU_US_ORG              MBEDTLS_OID_ISO_ITU_COUNTRY MBEDTLS_OID_COUNTRY_US MBEDTLS_OID_ORGANIZATION /* {joint-iso-itu-t(2) country(16) us(840) organization(1)} */
+
+#define MBEDTLS_OID_ORG_GOV                     "\x65"          /* {gov(101)} */
+#define MBEDTLS_OID_GOV                         MBEDTLS_OID_ISO_ITU_US_ORG MBEDTLS_OID_ORG_GOV /* {joint-iso-itu-t(2) country(16) us(840) organization(1) gov(101)} */
+
+#define MBEDTLS_OID_ORG_NETSCAPE                "\x86\xF8\x42"  /* {netscape(113730)} */
+#define MBEDTLS_OID_NETSCAPE                    MBEDTLS_OID_ISO_ITU_US_ORG MBEDTLS_OID_ORG_NETSCAPE /* Netscape OID {joint-iso-itu-t(2) country(16) us(840) organization(1) netscape(113730)} */
+
+/* ISO arc for standard certificate and CRL extensions */
+#define MBEDTLS_OID_ID_CE                       MBEDTLS_OID_ISO_CCITT_DS "\x1D" /**< id-ce OBJECT IDENTIFIER  ::=  {joint-iso-ccitt(2) ds(5) 29} */
+
+/**
+ * Private Internet Extensions
+ * { iso(1) identified-organization(3) dod(6) internet(1)
+ *                      security(5) mechanisms(5) pkix(7) }
+ */
+#define MBEDTLS_OID_PKIX                        MBEDTLS_OID_ISO_IDENTIFIED_ORG MBEDTLS_OID_ORG_DOD "\x01\x05\x05\x07"
+
+/*
+ * Arc for standard naming attributes
+ */
+#define MBEDTLS_OID_AT                          MBEDTLS_OID_ISO_CCITT_DS "\x04" /**< id-at OBJECT IDENTIFIER ::= {joint-iso-ccitt(2) ds(5) 4} */
+#define MBEDTLS_OID_AT_CN                       MBEDTLS_OID_AT "\x03" /**< id-at-commonName AttributeType:= {id-at 3} */
+#define MBEDTLS_OID_AT_SUR_NAME                 MBEDTLS_OID_AT "\x04" /**< id-at-surName AttributeType:= {id-at 4} */
+#define MBEDTLS_OID_AT_SERIAL_NUMBER            MBEDTLS_OID_AT "\x05" /**< id-at-serialNumber AttributeType:= {id-at 5} */
+#define MBEDTLS_OID_AT_COUNTRY                  MBEDTLS_OID_AT "\x06" /**< id-at-countryName AttributeType:= {id-at 6} */
+#define MBEDTLS_OID_AT_LOCALITY                 MBEDTLS_OID_AT "\x07" /**< id-at-locality AttributeType:= {id-at 7} */
+#define MBEDTLS_OID_AT_STATE                    MBEDTLS_OID_AT "\x08" /**< id-at-state AttributeType:= {id-at 8} */
+#define MBEDTLS_OID_AT_ORGANIZATION             MBEDTLS_OID_AT "\x0A" /**< id-at-organizationName AttributeType:= {id-at 10} */
+#define MBEDTLS_OID_AT_ORG_UNIT                 MBEDTLS_OID_AT "\x0B" /**< id-at-organizationalUnitName AttributeType:= {id-at 11} */
+#define MBEDTLS_OID_AT_TITLE                    MBEDTLS_OID_AT "\x0C" /**< id-at-title AttributeType:= {id-at 12} */
+#define MBEDTLS_OID_AT_POSTAL_ADDRESS           MBEDTLS_OID_AT "\x10" /**< id-at-postalAddress AttributeType:= {id-at 16} */
+#define MBEDTLS_OID_AT_POSTAL_CODE              MBEDTLS_OID_AT "\x11" /**< id-at-postalCode AttributeType:= {id-at 17} */
+#define MBEDTLS_OID_AT_GIVEN_NAME               MBEDTLS_OID_AT "\x2A" /**< id-at-givenName AttributeType:= {id-at 42} */
+#define MBEDTLS_OID_AT_INITIALS                 MBEDTLS_OID_AT "\x2B" /**< id-at-initials AttributeType:= {id-at 43} */
+#define MBEDTLS_OID_AT_GENERATION_QUALIFIER     MBEDTLS_OID_AT "\x2C" /**< id-at-generationQualifier AttributeType:= {id-at 44} */
+#define MBEDTLS_OID_AT_UNIQUE_IDENTIFIER        MBEDTLS_OID_AT "\x2D" /**< id-at-uniqueIdentifier AttributType:= {id-at 45} */
+#define MBEDTLS_OID_AT_DN_QUALIFIER             MBEDTLS_OID_AT "\x2E" /**< id-at-dnQualifier AttributeType:= {id-at 46} */
+#define MBEDTLS_OID_AT_PSEUDONYM                MBEDTLS_OID_AT "\x41" /**< id-at-pseudonym AttributeType:= {id-at 65} */
+
+#define MBEDTLS_OID_DOMAIN_COMPONENT            "\x09\x92\x26\x89\x93\xF2\x2C\x64\x01\x19" /** id-domainComponent AttributeType:= {itu-t(0) data(9) pss(2342) ucl(19200300) pilot(100) pilotAttributeType(1) domainComponent(25)} */
+
+/*
+ * OIDs for standard certificate extensions
+ */
+#define MBEDTLS_OID_AUTHORITY_KEY_IDENTIFIER    MBEDTLS_OID_ID_CE "\x23" /**< id-ce-authorityKeyIdentifier OBJECT IDENTIFIER ::=  { id-ce 35 } */
+#define MBEDTLS_OID_SUBJECT_KEY_IDENTIFIER      MBEDTLS_OID_ID_CE "\x0E" /**< id-ce-subjectKeyIdentifier OBJECT IDENTIFIER ::=  { id-ce 14 } */
+#define MBEDTLS_OID_KEY_USAGE                   MBEDTLS_OID_ID_CE "\x0F" /**< id-ce-keyUsage OBJECT IDENTIFIER ::=  { id-ce 15 } */
+#define MBEDTLS_OID_CERTIFICATE_POLICIES        MBEDTLS_OID_ID_CE "\x20" /**< id-ce-certificatePolicies OBJECT IDENTIFIER ::=  { id-ce 32 } */
+#define MBEDTLS_OID_POLICY_MAPPINGS             MBEDTLS_OID_ID_CE "\x21" /**< id-ce-policyMappings OBJECT IDENTIFIER ::=  { id-ce 33 } */
+#define MBEDTLS_OID_SUBJECT_ALT_NAME            MBEDTLS_OID_ID_CE "\x11" /**< id-ce-subjectAltName OBJECT IDENTIFIER ::=  { id-ce 17 } */
+#define MBEDTLS_OID_ISSUER_ALT_NAME             MBEDTLS_OID_ID_CE "\x12" /**< id-ce-issuerAltName OBJECT IDENTIFIER ::=  { id-ce 18 } */
+#define MBEDTLS_OID_SUBJECT_DIRECTORY_ATTRS     MBEDTLS_OID_ID_CE "\x09" /**< id-ce-subjectDirectoryAttributes OBJECT IDENTIFIER ::=  { id-ce 9 } */
+#define MBEDTLS_OID_BASIC_CONSTRAINTS           MBEDTLS_OID_ID_CE "\x13" /**< id-ce-basicConstraints OBJECT IDENTIFIER ::=  { id-ce 19 } */
+#define MBEDTLS_OID_NAME_CONSTRAINTS            MBEDTLS_OID_ID_CE "\x1E" /**< id-ce-nameConstraints OBJECT IDENTIFIER ::=  { id-ce 30 } */
+#define MBEDTLS_OID_POLICY_CONSTRAINTS          MBEDTLS_OID_ID_CE "\x24" /**< id-ce-policyConstraints OBJECT IDENTIFIER ::=  { id-ce 36 } */
+#define MBEDTLS_OID_EXTENDED_KEY_USAGE          MBEDTLS_OID_ID_CE "\x25" /**< id-ce-extKeyUsage OBJECT IDENTIFIER ::= { id-ce 37 } */
+#define MBEDTLS_OID_CRL_DISTRIBUTION_POINTS     MBEDTLS_OID_ID_CE "\x1F" /**< id-ce-cRLDistributionPoints OBJECT IDENTIFIER ::=  { id-ce 31 } */
+#define MBEDTLS_OID_INIHIBIT_ANYPOLICY          MBEDTLS_OID_ID_CE "\x36" /**< id-ce-inhibitAnyPolicy OBJECT IDENTIFIER ::=  { id-ce 54 } */
+#define MBEDTLS_OID_FRESHEST_CRL                MBEDTLS_OID_ID_CE "\x2E" /**< id-ce-freshestCRL OBJECT IDENTIFIER ::=  { id-ce 46 } */
+
+/*
+ * Netscape certificate extensions
+ */
+#define MBEDTLS_OID_NS_CERT                 MBEDTLS_OID_NETSCAPE "\x01"
+#define MBEDTLS_OID_NS_CERT_TYPE            MBEDTLS_OID_NS_CERT  "\x01"
+#define MBEDTLS_OID_NS_BASE_URL             MBEDTLS_OID_NS_CERT  "\x02"
+#define MBEDTLS_OID_NS_REVOCATION_URL       MBEDTLS_OID_NS_CERT  "\x03"
+#define MBEDTLS_OID_NS_CA_REVOCATION_URL    MBEDTLS_OID_NS_CERT  "\x04"
+#define MBEDTLS_OID_NS_RENEWAL_URL          MBEDTLS_OID_NS_CERT  "\x07"
+#define MBEDTLS_OID_NS_CA_POLICY_URL        MBEDTLS_OID_NS_CERT  "\x08"
+#define MBEDTLS_OID_NS_SSL_SERVER_NAME      MBEDTLS_OID_NS_CERT  "\x0C"
+#define MBEDTLS_OID_NS_COMMENT              MBEDTLS_OID_NS_CERT  "\x0D"
+#define MBEDTLS_OID_NS_DATA_TYPE            MBEDTLS_OID_NETSCAPE "\x02"
+#define MBEDTLS_OID_NS_CERT_SEQUENCE        MBEDTLS_OID_NS_DATA_TYPE "\x05"
+
+/*
+ * OIDs for CRL extensions
+ */
+#define MBEDTLS_OID_PRIVATE_KEY_USAGE_PERIOD    MBEDTLS_OID_ID_CE "\x10"
+#define MBEDTLS_OID_CRL_NUMBER                  MBEDTLS_OID_ID_CE "\x14" /**< id-ce-cRLNumber OBJECT IDENTIFIER ::= { id-ce 20 } */
+
+/*
+ * X.509 v3 Extended key usage OIDs
+ */
+#define MBEDTLS_OID_ANY_EXTENDED_KEY_USAGE      MBEDTLS_OID_EXTENDED_KEY_USAGE "\x00" /**< anyExtendedKeyUsage OBJECT IDENTIFIER ::= { id-ce-extKeyUsage 0 } */
+
+#define MBEDTLS_OID_KP                          MBEDTLS_OID_PKIX "\x03" /**< id-kp OBJECT IDENTIFIER ::= { id-pkix 3 } */
+#define MBEDTLS_OID_SERVER_AUTH                 MBEDTLS_OID_KP "\x01" /**< id-kp-serverAuth OBJECT IDENTIFIER ::= { id-kp 1 } */
+#define MBEDTLS_OID_CLIENT_AUTH                 MBEDTLS_OID_KP "\x02" /**< id-kp-clientAuth OBJECT IDENTIFIER ::= { id-kp 2 } */
+#define MBEDTLS_OID_CODE_SIGNING                MBEDTLS_OID_KP "\x03" /**< id-kp-codeSigning OBJECT IDENTIFIER ::= { id-kp 3 } */
+#define MBEDTLS_OID_EMAIL_PROTECTION            MBEDTLS_OID_KP "\x04" /**< id-kp-emailProtection OBJECT IDENTIFIER ::= { id-kp 4 } */
+#define MBEDTLS_OID_TIME_STAMPING               MBEDTLS_OID_KP "\x08" /**< id-kp-timeStamping OBJECT IDENTIFIER ::= { id-kp 8 } */
+#define MBEDTLS_OID_OCSP_SIGNING                MBEDTLS_OID_KP "\x09" /**< id-kp-OCSPSigning OBJECT IDENTIFIER ::= { id-kp 9 } */
+
+/*
+ * PKCS definition OIDs
+ */
+
+#define MBEDTLS_OID_PKCS                MBEDTLS_OID_RSA_COMPANY "\x01" /**< pkcs OBJECT IDENTIFIER ::= { iso(1) member-body(2) us(840) rsadsi(113549) 1 } */
+#define MBEDTLS_OID_PKCS1               MBEDTLS_OID_PKCS "\x01" /**< pkcs-1 OBJECT IDENTIFIER ::= { iso(1) member-body(2) us(840) rsadsi(113549) pkcs(1) 1 } */
+#define MBEDTLS_OID_PKCS5               MBEDTLS_OID_PKCS "\x05" /**< pkcs-5 OBJECT IDENTIFIER ::= { iso(1) member-body(2) us(840) rsadsi(113549) pkcs(1) 5 } */
+#define MBEDTLS_OID_PKCS9               MBEDTLS_OID_PKCS "\x09" /**< pkcs-9 OBJECT IDENTIFIER ::= { iso(1) member-body(2) us(840) rsadsi(113549) pkcs(1) 9 } */
+#define MBEDTLS_OID_PKCS12              MBEDTLS_OID_PKCS "\x0c" /**< pkcs-12 OBJECT IDENTIFIER ::= { iso(1) member-body(2) us(840) rsadsi(113549) pkcs(1) 12 } */
+
+/*
+ * PKCS#1 OIDs
+ */
+#define MBEDTLS_OID_PKCS1_RSA           MBEDTLS_OID_PKCS1 "\x01" /**< rsaEncryption OBJECT IDENTIFIER ::= { pkcs-1 1 } */
+#define MBEDTLS_OID_PKCS1_MD2           MBEDTLS_OID_PKCS1 "\x02" /**< md2WithRSAEncryption ::= { pkcs-1 2 } */
+#define MBEDTLS_OID_PKCS1_MD4           MBEDTLS_OID_PKCS1 "\x03" /**< md4WithRSAEncryption ::= { pkcs-1 3 } */
+#define MBEDTLS_OID_PKCS1_MD5           MBEDTLS_OID_PKCS1 "\x04" /**< md5WithRSAEncryption ::= { pkcs-1 4 } */
+#define MBEDTLS_OID_PKCS1_SHA1          MBEDTLS_OID_PKCS1 "\x05" /**< sha1WithRSAEncryption ::= { pkcs-1 5 } */
+#define MBEDTLS_OID_PKCS1_SHA224        MBEDTLS_OID_PKCS1 "\x0e" /**< sha224WithRSAEncryption ::= { pkcs-1 14 } */
+#define MBEDTLS_OID_PKCS1_SHA256        MBEDTLS_OID_PKCS1 "\x0b" /**< sha256WithRSAEncryption ::= { pkcs-1 11 } */
+#define MBEDTLS_OID_PKCS1_SHA384        MBEDTLS_OID_PKCS1 "\x0c" /**< sha384WithRSAEncryption ::= { pkcs-1 12 } */
+#define MBEDTLS_OID_PKCS1_SHA512        MBEDTLS_OID_PKCS1 "\x0d" /**< sha512WithRSAEncryption ::= { pkcs-1 13 } */
+
+#define MBEDTLS_OID_RSA_SHA_OBS         "\x2B\x0E\x03\x02\x1D"
+
+#define MBEDTLS_OID_PKCS9_EMAIL         MBEDTLS_OID_PKCS9 "\x01" /**< emailAddress AttributeType ::= { pkcs-9 1 } */
+
+/* RFC 4055 */
+#define MBEDTLS_OID_RSASSA_PSS          MBEDTLS_OID_PKCS1 "\x0a" /**< id-RSASSA-PSS ::= { pkcs-1 10 } */
+#define MBEDTLS_OID_MGF1                MBEDTLS_OID_PKCS1 "\x08" /**< id-mgf1 ::= { pkcs-1 8 } */
+
+/*
+ * Digest algorithms
+ */
+#define MBEDTLS_OID_DIGEST_ALG_MD2              MBEDTLS_OID_RSA_COMPANY "\x02\x02" /**< id-mbedtls_md2 OBJECT IDENTIFIER ::= { iso(1) member-body(2) us(840) rsadsi(113549) digestAlgorithm(2) 2 } */
+#define MBEDTLS_OID_DIGEST_ALG_MD4              MBEDTLS_OID_RSA_COMPANY "\x02\x04" /**< id-mbedtls_md4 OBJECT IDENTIFIER ::= { iso(1) member-body(2) us(840) rsadsi(113549) digestAlgorithm(2) 4 } */
+#define MBEDTLS_OID_DIGEST_ALG_MD5              MBEDTLS_OID_RSA_COMPANY "\x02\x05" /**< id-mbedtls_md5 OBJECT IDENTIFIER ::= { iso(1) member-body(2) us(840) rsadsi(113549) digestAlgorithm(2) 5 } */
+#define MBEDTLS_OID_DIGEST_ALG_SHA1             MBEDTLS_OID_ISO_IDENTIFIED_ORG MBEDTLS_OID_OIW_SECSIG_SHA1 /**< id-mbedtls_sha1 OBJECT IDENTIFIER ::= { iso(1) identified-organization(3) oiw(14) secsig(3) algorithms(2) 26 } */
+#define MBEDTLS_OID_DIGEST_ALG_SHA224           MBEDTLS_OID_GOV "\x03\x04\x02\x04" /**< id-sha224 OBJECT IDENTIFIER ::= { joint-iso-itu-t(2) country(16) us(840) organization(1) gov(101) csor(3) nistalgorithm(4) hashalgs(2) 4 } */
+#define MBEDTLS_OID_DIGEST_ALG_SHA256           MBEDTLS_OID_GOV "\x03\x04\x02\x01" /**< id-mbedtls_sha256 OBJECT IDENTIFIER ::= { joint-iso-itu-t(2) country(16) us(840) organization(1) gov(101) csor(3) nistalgorithm(4) hashalgs(2) 1 } */
+
+#define MBEDTLS_OID_DIGEST_ALG_SHA384           MBEDTLS_OID_GOV "\x03\x04\x02\x02" /**< id-sha384 OBJECT IDENTIFIER ::= { joint-iso-itu-t(2) country(16) us(840) organization(1) gov(101) csor(3) nistalgorithm(4) hashalgs(2) 2 } */
+
+#define MBEDTLS_OID_DIGEST_ALG_SHA512           MBEDTLS_OID_GOV "\x03\x04\x02\x03" /**< id-mbedtls_sha512 OBJECT IDENTIFIER ::= { joint-iso-itu-t(2) country(16) us(840) organization(1) gov(101) csor(3) nistalgorithm(4) hashalgs(2) 3 } */
+
+#define MBEDTLS_OID_HMAC_SHA1                   MBEDTLS_OID_RSA_COMPANY "\x02\x07" /**< id-hmacWithSHA1 OBJECT IDENTIFIER ::= { iso(1) member-body(2) us(840) rsadsi(113549) digestAlgorithm(2) 7 } */
+
+/*
+ * Encryption algorithms
+ */
+#define MBEDTLS_OID_DES_CBC                     MBEDTLS_OID_ISO_IDENTIFIED_ORG MBEDTLS_OID_OIW_SECSIG_ALG "\x07" /**< desCBC OBJECT IDENTIFIER ::= { iso(1) identified-organization(3) oiw(14) secsig(3) algorithms(2) 7 } */
+#define MBEDTLS_OID_DES_EDE3_CBC                MBEDTLS_OID_RSA_COMPANY "\x03\x07" /**< des-ede3-cbc OBJECT IDENTIFIER ::= { iso(1) member-body(2) -- us(840) rsadsi(113549) encryptionAlgorithm(3) 7 } */
+
+/*
+ * PKCS#5 OIDs
+ */
+#define MBEDTLS_OID_PKCS5_PBKDF2                MBEDTLS_OID_PKCS5 "\x0c" /**< id-PBKDF2 OBJECT IDENTIFIER ::= {pkcs-5 12} */
+#define MBEDTLS_OID_PKCS5_PBES2                 MBEDTLS_OID_PKCS5 "\x0d" /**< id-PBES2 OBJECT IDENTIFIER ::= {pkcs-5 13} */
+#define MBEDTLS_OID_PKCS5_PBMAC1                MBEDTLS_OID_PKCS5 "\x0e" /**< id-PBMAC1 OBJECT IDENTIFIER ::= {pkcs-5 14} */
+
+/*
+ * PKCS#5 PBES1 algorithms
+ */
+#define MBEDTLS_OID_PKCS5_PBE_MD2_DES_CBC       MBEDTLS_OID_PKCS5 "\x01" /**< pbeWithMD2AndDES-CBC OBJECT IDENTIFIER ::= {pkcs-5 1} */
+#define MBEDTLS_OID_PKCS5_PBE_MD2_RC2_CBC       MBEDTLS_OID_PKCS5 "\x04" /**< pbeWithMD2AndRC2-CBC OBJECT IDENTIFIER ::= {pkcs-5 4} */
+#define MBEDTLS_OID_PKCS5_PBE_MD5_DES_CBC       MBEDTLS_OID_PKCS5 "\x03" /**< pbeWithMD5AndDES-CBC OBJECT IDENTIFIER ::= {pkcs-5 3} */
+#define MBEDTLS_OID_PKCS5_PBE_MD5_RC2_CBC       MBEDTLS_OID_PKCS5 "\x06" /**< pbeWithMD5AndRC2-CBC OBJECT IDENTIFIER ::= {pkcs-5 6} */
+#define MBEDTLS_OID_PKCS5_PBE_SHA1_DES_CBC      MBEDTLS_OID_PKCS5 "\x0a" /**< pbeWithSHA1AndDES-CBC OBJECT IDENTIFIER ::= {pkcs-5 10} */
+#define MBEDTLS_OID_PKCS5_PBE_SHA1_RC2_CBC      MBEDTLS_OID_PKCS5 "\x0b" /**< pbeWithSHA1AndRC2-CBC OBJECT IDENTIFIER ::= {pkcs-5 11} */
+
+/*
+ * PKCS#8 OIDs
+ */
+#define MBEDTLS_OID_PKCS9_CSR_EXT_REQ           MBEDTLS_OID_PKCS9 "\x0e" /**< extensionRequest OBJECT IDENTIFIER ::= {pkcs-9 14} */
+
+/*
+ * PKCS#12 PBE OIDs
+ */
+#define MBEDTLS_OID_PKCS12_PBE                      MBEDTLS_OID_PKCS12 "\x01" /**< pkcs-12PbeIds OBJECT IDENTIFIER ::= {pkcs-12 1} */
+
+#define MBEDTLS_OID_PKCS12_PBE_SHA1_RC4_128         MBEDTLS_OID_PKCS12_PBE "\x01" /**< pbeWithSHAAnd128BitRC4 OBJECT IDENTIFIER ::= {pkcs-12PbeIds 1} */
+#define MBEDTLS_OID_PKCS12_PBE_SHA1_RC4_40          MBEDTLS_OID_PKCS12_PBE "\x02" /**< pbeWithSHAAnd40BitRC4 OBJECT IDENTIFIER ::= {pkcs-12PbeIds 2} */
+#define MBEDTLS_OID_PKCS12_PBE_SHA1_DES3_EDE_CBC    MBEDTLS_OID_PKCS12_PBE "\x03" /**< pbeWithSHAAnd3-KeyTripleDES-CBC OBJECT IDENTIFIER ::= {pkcs-12PbeIds 3} */
+#define MBEDTLS_OID_PKCS12_PBE_SHA1_DES2_EDE_CBC    MBEDTLS_OID_PKCS12_PBE "\x04" /**< pbeWithSHAAnd2-KeyTripleDES-CBC OBJECT IDENTIFIER ::= {pkcs-12PbeIds 4} */
+#define MBEDTLS_OID_PKCS12_PBE_SHA1_RC2_128_CBC     MBEDTLS_OID_PKCS12_PBE "\x05" /**< pbeWithSHAAnd128BitRC2-CBC OBJECT IDENTIFIER ::= {pkcs-12PbeIds 5} */
+#define MBEDTLS_OID_PKCS12_PBE_SHA1_RC2_40_CBC      MBEDTLS_OID_PKCS12_PBE "\x06" /**< pbeWithSHAAnd40BitRC2-CBC OBJECT IDENTIFIER ::= {pkcs-12PbeIds 6} */
+
+/*
+ * EC key algorithms from RFC 5480
+ */
+
+/* id-ecPublicKey OBJECT IDENTIFIER ::= {
+ *       iso(1) member-body(2) us(840) ansi-X9-62(10045) keyType(2) 1 } */
+#define MBEDTLS_OID_EC_ALG_UNRESTRICTED         MBEDTLS_OID_ANSI_X9_62 "\x02\01"
+
+/*   id-ecDH OBJECT IDENTIFIER ::= {
+ *     iso(1) identified-organization(3) certicom(132)
+ *     schemes(1) ecdh(12) } */
+#define MBEDTLS_OID_EC_ALG_ECDH                 MBEDTLS_OID_CERTICOM "\x01\x0c"
+
+/*
+ * ECParameters namedCurve identifiers, from RFC 5480, RFC 5639, and SEC2
+ */
+
+/* secp192r1 OBJECT IDENTIFIER ::= {
+ *   iso(1) member-body(2) us(840) ansi-X9-62(10045) curves(3) prime(1) 1 } */
+#define MBEDTLS_OID_EC_GRP_SECP192R1        MBEDTLS_OID_ANSI_X9_62 "\x03\x01\x01"
+
+/* secp224r1 OBJECT IDENTIFIER ::= {
+ *   iso(1) identified-organization(3) certicom(132) curve(0) 33 } */
+#define MBEDTLS_OID_EC_GRP_SECP224R1        MBEDTLS_OID_CERTICOM "\x00\x21"
+
+/* secp256r1 OBJECT IDENTIFIER ::= {
+ *   iso(1) member-body(2) us(840) ansi-X9-62(10045) curves(3) prime(1) 7 } */
+#define MBEDTLS_OID_EC_GRP_SECP256R1        MBEDTLS_OID_ANSI_X9_62 "\x03\x01\x07"
+
+/* secp384r1 OBJECT IDENTIFIER ::= {
+ *   iso(1) identified-organization(3) certicom(132) curve(0) 34 } */
+#define MBEDTLS_OID_EC_GRP_SECP384R1        MBEDTLS_OID_CERTICOM "\x00\x22"
+
+/* secp521r1 OBJECT IDENTIFIER ::= {
+ *   iso(1) identified-organization(3) certicom(132) curve(0) 35 } */
+#define MBEDTLS_OID_EC_GRP_SECP521R1        MBEDTLS_OID_CERTICOM "\x00\x23"
+
+/* secp192k1 OBJECT IDENTIFIER ::= {
+ *   iso(1) identified-organization(3) certicom(132) curve(0) 31 } */
+#define MBEDTLS_OID_EC_GRP_SECP192K1        MBEDTLS_OID_CERTICOM "\x00\x1f"
+
+/* secp224k1 OBJECT IDENTIFIER ::= {
+ *   iso(1) identified-organization(3) certicom(132) curve(0) 32 } */
+#define MBEDTLS_OID_EC_GRP_SECP224K1        MBEDTLS_OID_CERTICOM "\x00\x20"
+
+/* secp256k1 OBJECT IDENTIFIER ::= {
+ *   iso(1) identified-organization(3) certicom(132) curve(0) 10 } */
+#define MBEDTLS_OID_EC_GRP_SECP256K1        MBEDTLS_OID_CERTICOM "\x00\x0a"
+
+/* RFC 5639 4.1
+ * ecStdCurvesAndGeneration OBJECT IDENTIFIER::= {iso(1)
+ * identified-organization(3) teletrust(36) algorithm(3) signature-
+ * algorithm(3) ecSign(2) 8}
+ * ellipticCurve OBJECT IDENTIFIER ::= {ecStdCurvesAndGeneration 1}
+ * versionOne OBJECT IDENTIFIER ::= {ellipticCurve 1} */
+#define MBEDTLS_OID_EC_BRAINPOOL_V1         MBEDTLS_OID_TELETRUST "\x03\x03\x02\x08\x01\x01"
+
+/* brainpoolP256r1 OBJECT IDENTIFIER ::= {versionOne 7} */
+#define MBEDTLS_OID_EC_GRP_BP256R1          MBEDTLS_OID_EC_BRAINPOOL_V1 "\x07"
+
+/* brainpoolP384r1 OBJECT IDENTIFIER ::= {versionOne 11} */
+#define MBEDTLS_OID_EC_GRP_BP384R1          MBEDTLS_OID_EC_BRAINPOOL_V1 "\x0B"
+
+/* brainpoolP512r1 OBJECT IDENTIFIER ::= {versionOne 13} */
+#define MBEDTLS_OID_EC_GRP_BP512R1          MBEDTLS_OID_EC_BRAINPOOL_V1 "\x0D"
+
+/*
+ * SEC1 C.1
+ *
+ * prime-field OBJECT IDENTIFIER ::= { id-fieldType 1 }
+ * id-fieldType OBJECT IDENTIFIER ::= { ansi-X9-62 fieldType(1)}
+ */
+#define MBEDTLS_OID_ANSI_X9_62_FIELD_TYPE   MBEDTLS_OID_ANSI_X9_62 "\x01"
+#define MBEDTLS_OID_ANSI_X9_62_PRIME_FIELD  MBEDTLS_OID_ANSI_X9_62_FIELD_TYPE "\x01"
+
+/*
+ * ECDSA signature identifiers, from RFC 5480
+ */
+#define MBEDTLS_OID_ANSI_X9_62_SIG          MBEDTLS_OID_ANSI_X9_62 "\x04" /* signatures(4) */
+#define MBEDTLS_OID_ANSI_X9_62_SIG_SHA2     MBEDTLS_OID_ANSI_X9_62_SIG "\x03" /* ecdsa-with-SHA2(3) */
+
+/* ecdsa-with-SHA1 OBJECT IDENTIFIER ::= {
+ *   iso(1) member-body(2) us(840) ansi-X9-62(10045) signatures(4) 1 } */
+#define MBEDTLS_OID_ECDSA_SHA1              MBEDTLS_OID_ANSI_X9_62_SIG "\x01"
+
+/* ecdsa-with-SHA224 OBJECT IDENTIFIER ::= {
+ *   iso(1) member-body(2) us(840) ansi-X9-62(10045) signatures(4)
+ *   ecdsa-with-SHA2(3) 1 } */
+#define MBEDTLS_OID_ECDSA_SHA224            MBEDTLS_OID_ANSI_X9_62_SIG_SHA2 "\x01"
+
+/* ecdsa-with-SHA256 OBJECT IDENTIFIER ::= {
+ *   iso(1) member-body(2) us(840) ansi-X9-62(10045) signatures(4)
+ *   ecdsa-with-SHA2(3) 2 } */
+#define MBEDTLS_OID_ECDSA_SHA256            MBEDTLS_OID_ANSI_X9_62_SIG_SHA2 "\x02"
+
+/* ecdsa-with-SHA384 OBJECT IDENTIFIER ::= {
+ *   iso(1) member-body(2) us(840) ansi-X9-62(10045) signatures(4)
+ *   ecdsa-with-SHA2(3) 3 } */
+#define MBEDTLS_OID_ECDSA_SHA384            MBEDTLS_OID_ANSI_X9_62_SIG_SHA2 "\x03"
+
+/* ecdsa-with-SHA512 OBJECT IDENTIFIER ::= {
+ *   iso(1) member-body(2) us(840) ansi-X9-62(10045) signatures(4)
+ *   ecdsa-with-SHA2(3) 4 } */
+#define MBEDTLS_OID_ECDSA_SHA512            MBEDTLS_OID_ANSI_X9_62_SIG_SHA2 "\x04"
+
+#ifdef __cplusplus
+extern "C" {
+#endif
+
+/**
+ * \brief Base OID descriptor structure
+ */
+typedef struct {
+    const char *asn1;               /*!< OID ASN.1 representation       */
+    size_t asn1_len;                /*!< length of asn1                 */
+    const char *name;               /*!< official name (e.g. from RFC)  */
+    const char *description;        /*!< human friendly description     */
+} mbedtls_oid_descriptor_t;
+
+/**
+ * \brief           Translate an ASN.1 OID into its numeric representation
+ *                  (e.g. "\x2A\x86\x48\x86\xF7\x0D" into "1.2.840.113549")
+ *
+ * \param buf       buffer to put representation in
+ * \param size      size of the buffer
+ * \param oid       OID to translate
+ *
+ * \return          Length of the string written (excluding final NULL) or
+ *                  MBEDTLS_ERR_OID_BUF_TOO_SMALL in case of error
+ */
+int mbedtls_oid_get_numeric_string( char *buf, size_t size, const mbedtls_asn1_buf *oid );
+
+#if defined(MBEDTLS_X509_USE_C) || defined(MBEDTLS_X509_CREATE_C)
+/**
+ * \brief          Translate an X.509 extension OID into local values
+ *
+ * \param oid      OID to use
+ * \param ext_type place to store the extension type
+ *
+ * \return         0 if successful, or MBEDTLS_ERR_OID_NOT_FOUND
+ */
+int mbedtls_oid_get_x509_ext_type( const mbedtls_asn1_buf *oid, int *ext_type );
+#endif
+
+/**
+ * \brief          Translate an X.509 attribute type OID into the short name
+ *                 (e.g. the OID for an X520 Common Name into "CN")
+ *
+ * \param oid      OID to use
+ * \param short_name    place to store the string pointer
+ *
+ * \return         0 if successful, or MBEDTLS_ERR_OID_NOT_FOUND
+ */
+int mbedtls_oid_get_attr_short_name( const mbedtls_asn1_buf *oid, const char **short_name );
+
+/**
+ * \brief          Translate PublicKeyAlgorithm OID into pk_type
+ *
+ * \param oid      OID to use
+ * \param pk_alg   place to store public key algorithm
+ *
+ * \return         0 if successful, or MBEDTLS_ERR_OID_NOT_FOUND
+ */
+int mbedtls_oid_get_pk_alg( const mbedtls_asn1_buf *oid, mbedtls_pk_type_t *pk_alg );
+
+/**
+ * \brief          Translate pk_type into PublicKeyAlgorithm OID
+ *
+ * \param pk_alg   Public key type to look for
+ * \param oid      place to store ASN.1 OID string pointer
+ * \param olen     length of the OID
+ *
+ * \return         0 if successful, or MBEDTLS_ERR_OID_NOT_FOUND
+ */
+int mbedtls_oid_get_oid_by_pk_alg( mbedtls_pk_type_t pk_alg,
+                           const char **oid, size_t *olen );
+
+#if defined(MBEDTLS_ECP_C)
+/**
+ * \brief          Translate NamedCurve OID into an EC group identifier
+ *
+ * \param oid      OID to use
+ * \param grp_id   place to store group id
+ *
+ * \return         0 if successful, or MBEDTLS_ERR_OID_NOT_FOUND
+ */
+int mbedtls_oid_get_ec_grp( const mbedtls_asn1_buf *oid, mbedtls_ecp_group_id *grp_id );
+
+/**
+ * \brief          Translate EC group identifier into NamedCurve OID
+ *
+ * \param grp_id   EC group identifier
+ * \param oid      place to store ASN.1 OID string pointer
+ * \param olen     length of the OID
+ *
+ * \return         0 if successful, or MBEDTLS_ERR_OID_NOT_FOUND
+ */
+int mbedtls_oid_get_oid_by_ec_grp( mbedtls_ecp_group_id grp_id,
+                           const char **oid, size_t *olen );
+#endif /* MBEDTLS_ECP_C */
+
+#if defined(MBEDTLS_MD_C)
+/**
+ * \brief          Translate SignatureAlgorithm OID into md_type and pk_type
+ *
+ * \param oid      OID to use
+ * \param md_alg   place to store message digest algorithm
+ * \param pk_alg   place to store public key algorithm
+ *
+ * \return         0 if successful, or MBEDTLS_ERR_OID_NOT_FOUND
+ */
+int mbedtls_oid_get_sig_alg( const mbedtls_asn1_buf *oid,
+                     mbedtls_md_type_t *md_alg, mbedtls_pk_type_t *pk_alg );
+
+/**
+ * \brief          Translate SignatureAlgorithm OID into description
+ *
+ * \param oid      OID to use
+ * \param desc     place to store string pointer
+ *
+ * \return         0 if successful, or MBEDTLS_ERR_OID_NOT_FOUND
+ */
+int mbedtls_oid_get_sig_alg_desc( const mbedtls_asn1_buf *oid, const char **desc );
+
+/**
+ * \brief          Translate md_type and pk_type into SignatureAlgorithm OID
+ *
+ * \param md_alg   message digest algorithm
+ * \param pk_alg   public key algorithm
+ * \param oid      place to store ASN.1 OID string pointer
+ * \param olen     length of the OID
+ *
+ * \return         0 if successful, or MBEDTLS_ERR_OID_NOT_FOUND
+ */
+int mbedtls_oid_get_oid_by_sig_alg( mbedtls_pk_type_t pk_alg, mbedtls_md_type_t md_alg,
+                            const char **oid, size_t *olen );
+
+/**
+ * \brief          Translate hash algorithm OID into md_type
+ *
+ * \param oid      OID to use
+ * \param md_alg   place to store message digest algorithm
+ *
+ * \return         0 if successful, or MBEDTLS_ERR_OID_NOT_FOUND
+ */
+int mbedtls_oid_get_md_alg( const mbedtls_asn1_buf *oid, mbedtls_md_type_t *md_alg );
+#endif /* MBEDTLS_MD_C */
+
+/**
+ * \brief          Translate Extended Key Usage OID into description
+ *
+ * \param oid      OID to use
+ * \param desc     place to store string pointer
+ *
+ * \return         0 if successful, or MBEDTLS_ERR_OID_NOT_FOUND
+ */
+int mbedtls_oid_get_extended_key_usage( const mbedtls_asn1_buf *oid, const char **desc );
+
+/**
+ * \brief          Translate md_type into hash algorithm OID
+ *
+ * \param md_alg   message digest algorithm
+ * \param oid      place to store ASN.1 OID string pointer
+ * \param olen     length of the OID
+ *
+ * \return         0 if successful, or MBEDTLS_ERR_OID_NOT_FOUND
+ */
+int mbedtls_oid_get_oid_by_md( mbedtls_md_type_t md_alg, const char **oid, size_t *olen );
+
+#if defined(MBEDTLS_CIPHER_C)
+/**
+ * \brief          Translate encryption algorithm OID into cipher_type
+ *
+ * \param oid           OID to use
+ * \param cipher_alg    place to store cipher algorithm
+ *
+ * \return         0 if successful, or MBEDTLS_ERR_OID_NOT_FOUND
+ */
+int mbedtls_oid_get_cipher_alg( const mbedtls_asn1_buf *oid, mbedtls_cipher_type_t *cipher_alg );
+#endif /* MBEDTLS_CIPHER_C */
+
+#if defined(MBEDTLS_PKCS12_C)
+/**
+ * \brief          Translate PKCS#12 PBE algorithm OID into md_type and
+ *                 cipher_type
+ *
+ * \param oid           OID to use
+ * \param md_alg        place to store message digest algorithm
+ * \param cipher_alg    place to store cipher algorithm
+ *
+ * \return         0 if successful, or MBEDTLS_ERR_OID_NOT_FOUND
+ */
+int mbedtls_oid_get_pkcs12_pbe_alg( const mbedtls_asn1_buf *oid, mbedtls_md_type_t *md_alg,
+                            mbedtls_cipher_type_t *cipher_alg );
+#endif /* MBEDTLS_PKCS12_C */
+
+#ifdef __cplusplus
+}
+#endif
+
+#endif /* oid.h */
diff --git a/client/3rd/ShadowSocks/ShadowSocks/mbedtls/include/mbedtls/padlock.h b/client/3rd/ShadowSocks/ShadowSocks/mbedtls/include/mbedtls/padlock.h
new file mode 100644
index 00000000..2045a5ab
--- /dev/null
+++ b/client/3rd/ShadowSocks/ShadowSocks/mbedtls/include/mbedtls/padlock.h
@@ -0,0 +1,107 @@
+/**
+ * \file padlock.h
+ *
+ * \brief VIA PadLock ACE for HW encryption/decryption supported by some
+ *        processors
+ *
+ *  Copyright (C) 2006-2015, ARM Limited, All Rights Reserved
+ *  SPDX-License-Identifier: Apache-2.0
+ *
+ *  Licensed under the Apache License, Version 2.0 (the "License"); you may
+ *  not use this file except in compliance with the License.
+ *  You may obtain a copy of the License at
+ *
+ *  http://www.apache.org/licenses/LICENSE-2.0
+ *
+ *  Unless required by applicable law or agreed to in writing, software
+ *  distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
+ *  WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ *  See the License for the specific language governing permissions and
+ *  limitations under the License.
+ *
+ *  This file is part of mbed TLS (https://tls.mbed.org)
+ */
+#ifndef MBEDTLS_PADLOCK_H
+#define MBEDTLS_PADLOCK_H
+
+#include "aes.h"
+
+#define MBEDTLS_ERR_PADLOCK_DATA_MISALIGNED               -0x0030  /**< Input data should be aligned. */
+
+#if defined(__has_feature)
+#if __has_feature(address_sanitizer)
+#define MBEDTLS_HAVE_ASAN
+#endif
+#endif
+
+/* Some versions of ASan result in errors about not enough registers */
+#if defined(MBEDTLS_HAVE_ASM) && defined(__GNUC__) && defined(__i386__) && \
+    !defined(MBEDTLS_HAVE_ASAN)
+
+#ifndef MBEDTLS_HAVE_X86
+#define MBEDTLS_HAVE_X86
+#endif
+
+#include <stdint.h>
+
+#define MBEDTLS_PADLOCK_RNG 0x000C
+#define MBEDTLS_PADLOCK_ACE 0x00C0
+#define MBEDTLS_PADLOCK_PHE 0x0C00
+#define MBEDTLS_PADLOCK_PMM 0x3000
+
+#define MBEDTLS_PADLOCK_ALIGN16(x) (uint32_t *) (16 + ((int32_t) x & ~15))
+
+#ifdef __cplusplus
+extern "C" {
+#endif
+
+/**
+ * \brief          PadLock detection routine
+ *
+ * \param feature  The feature to detect
+ *
+ * \return         1 if CPU has support for the feature, 0 otherwise
+ */
+int mbedtls_padlock_has_support( int feature );
+
+/**
+ * \brief          PadLock AES-ECB block en(de)cryption
+ *
+ * \param ctx      AES context
+ * \param mode     MBEDTLS_AES_ENCRYPT or MBEDTLS_AES_DECRYPT
+ * \param input    16-byte input block
+ * \param output   16-byte output block
+ *
+ * \return         0 if success, 1 if operation failed
+ */
+int mbedtls_padlock_xcryptecb( mbedtls_aes_context *ctx,
+                       int mode,
+                       const unsigned char input[16],
+                       unsigned char output[16] );
+
+/**
+ * \brief          PadLock AES-CBC buffer en(de)cryption
+ *
+ * \param ctx      AES context
+ * \param mode     MBEDTLS_AES_ENCRYPT or MBEDTLS_AES_DECRYPT
+ * \param length   length of the input data
+ * \param iv       initialization vector (updated after use)
+ * \param input    buffer holding the input data
+ * \param output   buffer holding the output data
+ *
+ * \return         0 if success, 1 if operation failed
+ */
+int mbedtls_padlock_xcryptcbc( mbedtls_aes_context *ctx,
+                       int mode,
+                       size_t length,
+                       unsigned char iv[16],
+                       const unsigned char *input,
+                       unsigned char *output );
+
+#ifdef __cplusplus
+}
+#endif
+
+#endif /* HAVE_X86  */
+
+#endif /* padlock.h */
diff --git a/client/3rd/ShadowSocks/ShadowSocks/mbedtls/include/mbedtls/pem.h b/client/3rd/ShadowSocks/ShadowSocks/mbedtls/include/mbedtls/pem.h
new file mode 100644
index 00000000..54dc02d7
--- /dev/null
+++ b/client/3rd/ShadowSocks/ShadowSocks/mbedtls/include/mbedtls/pem.h
@@ -0,0 +1,129 @@
+/**
+ * \file pem.h
+ *
+ * \brief Privacy Enhanced Mail (PEM) decoding
+ *
+ *  Copyright (C) 2006-2015, ARM Limited, All Rights Reserved
+ *  SPDX-License-Identifier: Apache-2.0
+ *
+ *  Licensed under the Apache License, Version 2.0 (the "License"); you may
+ *  not use this file except in compliance with the License.
+ *  You may obtain a copy of the License at
+ *
+ *  http://www.apache.org/licenses/LICENSE-2.0
+ *
+ *  Unless required by applicable law or agreed to in writing, software
+ *  distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
+ *  WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ *  See the License for the specific language governing permissions and
+ *  limitations under the License.
+ *
+ *  This file is part of mbed TLS (https://tls.mbed.org)
+ */
+#ifndef MBEDTLS_PEM_H
+#define MBEDTLS_PEM_H
+
+#include <stddef.h>
+
+/**
+ * \name PEM Error codes
+ * These error codes are returned in case of errors reading the
+ * PEM data.
+ * \{
+ */
+#define MBEDTLS_ERR_PEM_NO_HEADER_FOOTER_PRESENT          -0x1080  /**< No PEM header or footer found. */
+#define MBEDTLS_ERR_PEM_INVALID_DATA                      -0x1100  /**< PEM string is not as expected. */
+#define MBEDTLS_ERR_PEM_ALLOC_FAILED                      -0x1180  /**< Failed to allocate memory. */
+#define MBEDTLS_ERR_PEM_INVALID_ENC_IV                    -0x1200  /**< RSA IV is not in hex-format. */
+#define MBEDTLS_ERR_PEM_UNKNOWN_ENC_ALG                   -0x1280  /**< Unsupported key encryption algorithm. */
+#define MBEDTLS_ERR_PEM_PASSWORD_REQUIRED                 -0x1300  /**< Private key password can't be empty. */
+#define MBEDTLS_ERR_PEM_PASSWORD_MISMATCH                 -0x1380  /**< Given private key password does not allow for correct decryption. */
+#define MBEDTLS_ERR_PEM_FEATURE_UNAVAILABLE               -0x1400  /**< Unavailable feature, e.g. hashing/encryption combination. */
+#define MBEDTLS_ERR_PEM_BAD_INPUT_DATA                    -0x1480  /**< Bad input parameters to function. */
+/* \} name */
+
+#ifdef __cplusplus
+extern "C" {
+#endif
+
+#if defined(MBEDTLS_PEM_PARSE_C)
+/**
+ * \brief       PEM context structure
+ */
+typedef struct
+{
+    unsigned char *buf;     /*!< buffer for decoded data             */
+    size_t buflen;          /*!< length of the buffer                */
+    unsigned char *info;    /*!< buffer for extra header information */
+}
+mbedtls_pem_context;
+
+/**
+ * \brief       PEM context setup
+ *
+ * \param ctx   context to be initialized
+ */
+void mbedtls_pem_init( mbedtls_pem_context *ctx );
+
+/**
+ * \brief       Read a buffer for PEM information and store the resulting
+ *              data into the specified context buffers.
+ *
+ * \param ctx       context to use
+ * \param header    header string to seek and expect
+ * \param footer    footer string to seek and expect
+ * \param data      source data to look in (must be nul-terminated)
+ * \param pwd       password for decryption (can be NULL)
+ * \param pwdlen    length of password
+ * \param use_len   destination for total length used (set after header is
+ *                  correctly read, so unless you get
+ *                  MBEDTLS_ERR_PEM_BAD_INPUT_DATA or
+ *                  MBEDTLS_ERR_PEM_NO_HEADER_FOOTER_PRESENT, use_len is
+ *                  the length to skip)
+ *
+ * \note            Attempts to check password correctness by verifying if
+ *                  the decrypted text starts with an ASN.1 sequence of
+ *                  appropriate length
+ *
+ * \return          0 on success, or a specific PEM error code
+ */
+int mbedtls_pem_read_buffer( mbedtls_pem_context *ctx, const char *header, const char *footer,
+                     const unsigned char *data,
+                     const unsigned char *pwd,
+                     size_t pwdlen, size_t *use_len );
+
+/**
+ * \brief       PEM context memory freeing
+ *
+ * \param ctx   context to be freed
+ */
+void mbedtls_pem_free( mbedtls_pem_context *ctx );
+#endif /* MBEDTLS_PEM_PARSE_C */
+
+#if defined(MBEDTLS_PEM_WRITE_C)
+/**
+ * \brief           Write a buffer of PEM information from a DER encoded
+ *                  buffer.
+ *
+ * \param header    header string to write
+ * \param footer    footer string to write
+ * \param der_data  DER data to write
+ * \param der_len   length of the DER data
+ * \param buf       buffer to write to
+ * \param buf_len   length of output buffer
+ * \param olen      total length written / required (if buf_len is not enough)
+ *
+ * \return          0 on success, or a specific PEM or BASE64 error code. On
+ *                  MBEDTLS_ERR_BASE64_BUFFER_TOO_SMALL olen is the required
+ *                  size.
+ */
+int mbedtls_pem_write_buffer( const char *header, const char *footer,
+                      const unsigned char *der_data, size_t der_len,
+                      unsigned char *buf, size_t buf_len, size_t *olen );
+#endif /* MBEDTLS_PEM_WRITE_C */
+
+#ifdef __cplusplus
+}
+#endif
+
+#endif /* pem.h */
diff --git a/client/3rd/ShadowSocks/ShadowSocks/mbedtls/include/mbedtls/pk.h b/client/3rd/ShadowSocks/ShadowSocks/mbedtls/include/mbedtls/pk.h
new file mode 100644
index 00000000..e5e78fba
--- /dev/null
+++ b/client/3rd/ShadowSocks/ShadowSocks/mbedtls/include/mbedtls/pk.h
@@ -0,0 +1,615 @@
+/**
+ * \file pk.h
+ *
+ * \brief Public Key abstraction layer
+ *
+ *  Copyright (C) 2006-2015, ARM Limited, All Rights Reserved
+ *  SPDX-License-Identifier: Apache-2.0
+ *
+ *  Licensed under the Apache License, Version 2.0 (the "License"); you may
+ *  not use this file except in compliance with the License.
+ *  You may obtain a copy of the License at
+ *
+ *  http://www.apache.org/licenses/LICENSE-2.0
+ *
+ *  Unless required by applicable law or agreed to in writing, software
+ *  distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
+ *  WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ *  See the License for the specific language governing permissions and
+ *  limitations under the License.
+ *
+ *  This file is part of mbed TLS (https://tls.mbed.org)
+ */
+
+#ifndef MBEDTLS_PK_H
+#define MBEDTLS_PK_H
+
+#if !defined(MBEDTLS_CONFIG_FILE)
+#include "config.h"
+#else
+#include MBEDTLS_CONFIG_FILE
+#endif
+
+#include "md.h"
+
+#if defined(MBEDTLS_RSA_C)
+#include "rsa.h"
+#endif
+
+#if defined(MBEDTLS_ECP_C)
+#include "ecp.h"
+#endif
+
+#if defined(MBEDTLS_ECDSA_C)
+#include "ecdsa.h"
+#endif
+
+#if ( defined(__ARMCC_VERSION) || defined(_MSC_VER) ) && \
+    !defined(inline) && !defined(__cplusplus)
+#define inline __inline
+#endif
+
+#define MBEDTLS_ERR_PK_ALLOC_FAILED        -0x3F80  /**< Memory allocation failed. */
+#define MBEDTLS_ERR_PK_TYPE_MISMATCH       -0x3F00  /**< Type mismatch, eg attempt to encrypt with an ECDSA key */
+#define MBEDTLS_ERR_PK_BAD_INPUT_DATA      -0x3E80  /**< Bad input parameters to function. */
+#define MBEDTLS_ERR_PK_FILE_IO_ERROR       -0x3E00  /**< Read/write of file failed. */
+#define MBEDTLS_ERR_PK_KEY_INVALID_VERSION -0x3D80  /**< Unsupported key version */
+#define MBEDTLS_ERR_PK_KEY_INVALID_FORMAT  -0x3D00  /**< Invalid key tag or value. */
+#define MBEDTLS_ERR_PK_UNKNOWN_PK_ALG      -0x3C80  /**< Key algorithm is unsupported (only RSA and EC are supported). */
+#define MBEDTLS_ERR_PK_PASSWORD_REQUIRED   -0x3C00  /**< Private key password can't be empty. */
+#define MBEDTLS_ERR_PK_PASSWORD_MISMATCH   -0x3B80  /**< Given private key password does not allow for correct decryption. */
+#define MBEDTLS_ERR_PK_INVALID_PUBKEY      -0x3B00  /**< The pubkey tag or value is invalid (only RSA and EC are supported). */
+#define MBEDTLS_ERR_PK_INVALID_ALG         -0x3A80  /**< The algorithm tag or value is invalid. */
+#define MBEDTLS_ERR_PK_UNKNOWN_NAMED_CURVE -0x3A00  /**< Elliptic curve is unsupported (only NIST curves are supported). */
+#define MBEDTLS_ERR_PK_FEATURE_UNAVAILABLE -0x3980  /**< Unavailable feature, e.g. RSA disabled for RSA key. */
+#define MBEDTLS_ERR_PK_SIG_LEN_MISMATCH    -0x3900  /**< The signature is valid but its length is less than expected. */
+
+#ifdef __cplusplus
+extern "C" {
+#endif
+
+/**
+ * \brief          Public key types
+ */
+typedef enum {
+    MBEDTLS_PK_NONE=0,
+    MBEDTLS_PK_RSA,
+    MBEDTLS_PK_ECKEY,
+    MBEDTLS_PK_ECKEY_DH,
+    MBEDTLS_PK_ECDSA,
+    MBEDTLS_PK_RSA_ALT,
+    MBEDTLS_PK_RSASSA_PSS,
+} mbedtls_pk_type_t;
+
+/**
+ * \brief           Options for RSASSA-PSS signature verification.
+ *                  See \c mbedtls_rsa_rsassa_pss_verify_ext()
+ */
+typedef struct
+{
+    mbedtls_md_type_t mgf1_hash_id;
+    int expected_salt_len;
+
+} mbedtls_pk_rsassa_pss_options;
+
+/**
+ * \brief           Types for interfacing with the debug module
+ */
+typedef enum
+{
+    MBEDTLS_PK_DEBUG_NONE = 0,
+    MBEDTLS_PK_DEBUG_MPI,
+    MBEDTLS_PK_DEBUG_ECP,
+} mbedtls_pk_debug_type;
+
+/**
+ * \brief           Item to send to the debug module
+ */
+typedef struct
+{
+    mbedtls_pk_debug_type type;
+    const char *name;
+    void *value;
+} mbedtls_pk_debug_item;
+
+/** Maximum number of item send for debugging, plus 1 */
+#define MBEDTLS_PK_DEBUG_MAX_ITEMS 3
+
+/**
+ * \brief           Public key information and operations
+ */
+typedef struct mbedtls_pk_info_t mbedtls_pk_info_t;
+
+/**
+ * \brief           Public key container
+ */
+typedef struct
+{
+    const mbedtls_pk_info_t *   pk_info; /**< Public key informations        */
+    void *                      pk_ctx;  /**< Underlying public key context  */
+} mbedtls_pk_context;
+
+#if defined(MBEDTLS_RSA_C)
+/**
+ * Quick access to an RSA context inside a PK context.
+ *
+ * \warning You must make sure the PK context actually holds an RSA context
+ * before using this function!
+ */
+static inline mbedtls_rsa_context *mbedtls_pk_rsa( const mbedtls_pk_context pk )
+{
+    return( (mbedtls_rsa_context *) (pk).pk_ctx );
+}
+#endif /* MBEDTLS_RSA_C */
+
+#if defined(MBEDTLS_ECP_C)
+/**
+ * Quick access to an EC context inside a PK context.
+ *
+ * \warning You must make sure the PK context actually holds an EC context
+ * before using this function!
+ */
+static inline mbedtls_ecp_keypair *mbedtls_pk_ec( const mbedtls_pk_context pk )
+{
+    return( (mbedtls_ecp_keypair *) (pk).pk_ctx );
+}
+#endif /* MBEDTLS_ECP_C */
+
+#if defined(MBEDTLS_PK_RSA_ALT_SUPPORT)
+/**
+ * \brief           Types for RSA-alt abstraction
+ */
+typedef int (*mbedtls_pk_rsa_alt_decrypt_func)( void *ctx, int mode, size_t *olen,
+                    const unsigned char *input, unsigned char *output,
+                    size_t output_max_len );
+typedef int (*mbedtls_pk_rsa_alt_sign_func)( void *ctx,
+                    int (*f_rng)(void *, unsigned char *, size_t), void *p_rng,
+                    int mode, mbedtls_md_type_t md_alg, unsigned int hashlen,
+                    const unsigned char *hash, unsigned char *sig );
+typedef size_t (*mbedtls_pk_rsa_alt_key_len_func)( void *ctx );
+#endif /* MBEDTLS_PK_RSA_ALT_SUPPORT */
+
+/**
+ * \brief           Return information associated with the given PK type
+ *
+ * \param pk_type   PK type to search for.
+ *
+ * \return          The PK info associated with the type or NULL if not found.
+ */
+const mbedtls_pk_info_t *mbedtls_pk_info_from_type( mbedtls_pk_type_t pk_type );
+
+/**
+ * \brief           Initialize a mbedtls_pk_context (as NONE)
+ */
+void mbedtls_pk_init( mbedtls_pk_context *ctx );
+
+/**
+ * \brief           Free a mbedtls_pk_context
+ */
+void mbedtls_pk_free( mbedtls_pk_context *ctx );
+
+/**
+ * \brief           Initialize a PK context with the information given
+ *                  and allocates the type-specific PK subcontext.
+ *
+ * \param ctx       Context to initialize. Must be empty (type NONE).
+ * \param info      Information to use
+ *
+ * \return          0 on success,
+ *                  MBEDTLS_ERR_PK_BAD_INPUT_DATA on invalid input,
+ *                  MBEDTLS_ERR_PK_ALLOC_FAILED on allocation failure.
+ *
+ * \note            For contexts holding an RSA-alt key, use
+ *                  \c mbedtls_pk_setup_rsa_alt() instead.
+ */
+int mbedtls_pk_setup( mbedtls_pk_context *ctx, const mbedtls_pk_info_t *info );
+
+#if defined(MBEDTLS_PK_RSA_ALT_SUPPORT)
+/**
+ * \brief           Initialize an RSA-alt context
+ *
+ * \param ctx       Context to initialize. Must be empty (type NONE).
+ * \param key       RSA key pointer
+ * \param decrypt_func  Decryption function
+ * \param sign_func     Signing function
+ * \param key_len_func  Function returning key length in bytes
+ *
+ * \return          0 on success, or MBEDTLS_ERR_PK_BAD_INPUT_DATA if the
+ *                  context wasn't already initialized as RSA_ALT.
+ *
+ * \note            This function replaces \c mbedtls_pk_setup() for RSA-alt.
+ */
+int mbedtls_pk_setup_rsa_alt( mbedtls_pk_context *ctx, void * key,
+                         mbedtls_pk_rsa_alt_decrypt_func decrypt_func,
+                         mbedtls_pk_rsa_alt_sign_func sign_func,
+                         mbedtls_pk_rsa_alt_key_len_func key_len_func );
+#endif /* MBEDTLS_PK_RSA_ALT_SUPPORT */
+
+/**
+ * \brief           Get the size in bits of the underlying key
+ *
+ * \param ctx       Context to use
+ *
+ * \return          Key size in bits, or 0 on error
+ */
+size_t mbedtls_pk_get_bitlen( const mbedtls_pk_context *ctx );
+
+/**
+ * \brief           Get the length in bytes of the underlying key
+ * \param ctx       Context to use
+ *
+ * \return          Key length in bytes, or 0 on error
+ */
+static inline size_t mbedtls_pk_get_len( const mbedtls_pk_context *ctx )
+{
+    return( ( mbedtls_pk_get_bitlen( ctx ) + 7 ) / 8 );
+}
+
+/**
+ * \brief           Tell if a context can do the operation given by type
+ *
+ * \param ctx       Context to test
+ * \param type      Target type
+ *
+ * \return          0 if context can't do the operations,
+ *                  1 otherwise.
+ */
+int mbedtls_pk_can_do( const mbedtls_pk_context *ctx, mbedtls_pk_type_t type );
+
+/**
+ * \brief           Verify signature (including padding if relevant).
+ *
+ * \param ctx       PK context to use
+ * \param md_alg    Hash algorithm used (see notes)
+ * \param hash      Hash of the message to sign
+ * \param hash_len  Hash length or 0 (see notes)
+ * \param sig       Signature to verify
+ * \param sig_len   Signature length
+ *
+ * \return          0 on success (signature is valid),
+ *                  MBEDTLS_ERR_PK_SIG_LEN_MISMATCH if the signature is
+ *                  valid but its actual length is less than sig_len,
+ *                  or a specific error code.
+ *
+ * \note            For RSA keys, the default padding type is PKCS#1 v1.5.
+ *                  Use \c mbedtls_pk_verify_ext( MBEDTLS_PK_RSASSA_PSS, ... )
+ *                  to verify RSASSA_PSS signatures.
+ *
+ * \note            If hash_len is 0, then the length associated with md_alg
+ *                  is used instead, or an error returned if it is invalid.
+ *
+ * \note            md_alg may be MBEDTLS_MD_NONE, only if hash_len != 0
+ */
+int mbedtls_pk_verify( mbedtls_pk_context *ctx, mbedtls_md_type_t md_alg,
+               const unsigned char *hash, size_t hash_len,
+               const unsigned char *sig, size_t sig_len );
+
+/**
+ * \brief           Verify signature, with options.
+ *                  (Includes verification of the padding depending on type.)
+ *
+ * \param type      Signature type (inc. possible padding type) to verify
+ * \param options   Pointer to type-specific options, or NULL
+ * \param ctx       PK context to use
+ * \param md_alg    Hash algorithm used (see notes)
+ * \param hash      Hash of the message to sign
+ * \param hash_len  Hash length or 0 (see notes)
+ * \param sig       Signature to verify
+ * \param sig_len   Signature length
+ *
+ * \return          0 on success (signature is valid),
+ *                  MBEDTLS_ERR_PK_TYPE_MISMATCH if the PK context can't be
+ *                  used for this type of signatures,
+ *                  MBEDTLS_ERR_PK_SIG_LEN_MISMATCH if the signature is
+ *                  valid but its actual length is less than sig_len,
+ *                  or a specific error code.
+ *
+ * \note            If hash_len is 0, then the length associated with md_alg
+ *                  is used instead, or an error returned if it is invalid.
+ *
+ * \note            md_alg may be MBEDTLS_MD_NONE, only if hash_len != 0
+ *
+ * \note            If type is MBEDTLS_PK_RSASSA_PSS, then options must point
+ *                  to a mbedtls_pk_rsassa_pss_options structure,
+ *                  otherwise it must be NULL.
+ */
+int mbedtls_pk_verify_ext( mbedtls_pk_type_t type, const void *options,
+                   mbedtls_pk_context *ctx, mbedtls_md_type_t md_alg,
+                   const unsigned char *hash, size_t hash_len,
+                   const unsigned char *sig, size_t sig_len );
+
+/**
+ * \brief           Make signature, including padding if relevant.
+ *
+ * \param ctx       PK context to use
+ * \param md_alg    Hash algorithm used (see notes)
+ * \param hash      Hash of the message to sign
+ * \param hash_len  Hash length or 0 (see notes)
+ * \param sig       Place to write the signature
+ * \param sig_len   Number of bytes written
+ * \param f_rng     RNG function
+ * \param p_rng     RNG parameter
+ *
+ * \return          0 on success, or a specific error code.
+ *
+ * \note            For RSA keys, the default padding type is PKCS#1 v1.5.
+ *                  There is no interface in the PK module to make RSASSA-PSS
+ *                  signatures yet.
+ *
+ * \note            If hash_len is 0, then the length associated with md_alg
+ *                  is used instead, or an error returned if it is invalid.
+ *
+ * \note            For RSA, md_alg may be MBEDTLS_MD_NONE if hash_len != 0.
+ *                  For ECDSA, md_alg may never be MBEDTLS_MD_NONE.
+ */
+int mbedtls_pk_sign( mbedtls_pk_context *ctx, mbedtls_md_type_t md_alg,
+             const unsigned char *hash, size_t hash_len,
+             unsigned char *sig, size_t *sig_len,
+             int (*f_rng)(void *, unsigned char *, size_t), void *p_rng );
+
+/**
+ * \brief           Decrypt message (including padding if relevant).
+ *
+ * \param ctx       PK context to use
+ * \param input     Input to decrypt
+ * \param ilen      Input size
+ * \param output    Decrypted output
+ * \param olen      Decrypted message length
+ * \param osize     Size of the output buffer
+ * \param f_rng     RNG function
+ * \param p_rng     RNG parameter
+ *
+ * \note            For RSA keys, the default padding type is PKCS#1 v1.5.
+ *
+ * \return          0 on success, or a specific error code.
+ */
+int mbedtls_pk_decrypt( mbedtls_pk_context *ctx,
+                const unsigned char *input, size_t ilen,
+                unsigned char *output, size_t *olen, size_t osize,
+                int (*f_rng)(void *, unsigned char *, size_t), void *p_rng );
+
+/**
+ * \brief           Encrypt message (including padding if relevant).
+ *
+ * \param ctx       PK context to use
+ * \param input     Message to encrypt
+ * \param ilen      Message size
+ * \param output    Encrypted output
+ * \param olen      Encrypted output length
+ * \param osize     Size of the output buffer
+ * \param f_rng     RNG function
+ * \param p_rng     RNG parameter
+ *
+ * \note            For RSA keys, the default padding type is PKCS#1 v1.5.
+ *
+ * \return          0 on success, or a specific error code.
+ */
+int mbedtls_pk_encrypt( mbedtls_pk_context *ctx,
+                const unsigned char *input, size_t ilen,
+                unsigned char *output, size_t *olen, size_t osize,
+                int (*f_rng)(void *, unsigned char *, size_t), void *p_rng );
+
+/**
+ * \brief           Check if a public-private pair of keys matches.
+ *
+ * \param pub       Context holding a public key.
+ * \param prv       Context holding a private (and public) key.
+ *
+ * \return          0 on success or MBEDTLS_ERR_PK_BAD_INPUT_DATA
+ */
+int mbedtls_pk_check_pair( const mbedtls_pk_context *pub, const mbedtls_pk_context *prv );
+
+/**
+ * \brief           Export debug information
+ *
+ * \param ctx       Context to use
+ * \param items     Place to write debug items
+ *
+ * \return          0 on success or MBEDTLS_ERR_PK_BAD_INPUT_DATA
+ */
+int mbedtls_pk_debug( const mbedtls_pk_context *ctx, mbedtls_pk_debug_item *items );
+
+/**
+ * \brief           Access the type name
+ *
+ * \param ctx       Context to use
+ *
+ * \return          Type name on success, or "invalid PK"
+ */
+const char * mbedtls_pk_get_name( const mbedtls_pk_context *ctx );
+
+/**
+ * \brief           Get the key type
+ *
+ * \param ctx       Context to use
+ *
+ * \return          Type on success, or MBEDTLS_PK_NONE
+ */
+mbedtls_pk_type_t mbedtls_pk_get_type( const mbedtls_pk_context *ctx );
+
+#if defined(MBEDTLS_PK_PARSE_C)
+/** \ingroup pk_module */
+/**
+ * \brief           Parse a private key in PEM or DER format
+ *
+ * \param ctx       key to be initialized
+ * \param key       input buffer
+ * \param keylen    size of the buffer
+ *                  (including the terminating null byte for PEM data)
+ * \param pwd       password for decryption (optional)
+ * \param pwdlen    size of the password
+ *
+ * \note            On entry, ctx must be empty, either freshly initialised
+ *                  with mbedtls_pk_init() or reset with mbedtls_pk_free(). If you need a
+ *                  specific key type, check the result with mbedtls_pk_can_do().
+ *
+ * \note            The key is also checked for correctness.
+ *
+ * \return          0 if successful, or a specific PK or PEM error code
+ */
+int mbedtls_pk_parse_key( mbedtls_pk_context *ctx,
+                  const unsigned char *key, size_t keylen,
+                  const unsigned char *pwd, size_t pwdlen );
+
+/** \ingroup pk_module */
+/**
+ * \brief           Parse a public key in PEM or DER format
+ *
+ * \param ctx       key to be initialized
+ * \param key       input buffer
+ * \param keylen    size of the buffer
+ *                  (including the terminating null byte for PEM data)
+ *
+ * \note            On entry, ctx must be empty, either freshly initialised
+ *                  with mbedtls_pk_init() or reset with mbedtls_pk_free(). If you need a
+ *                  specific key type, check the result with mbedtls_pk_can_do().
+ *
+ * \note            The key is also checked for correctness.
+ *
+ * \return          0 if successful, or a specific PK or PEM error code
+ */
+int mbedtls_pk_parse_public_key( mbedtls_pk_context *ctx,
+                         const unsigned char *key, size_t keylen );
+
+#if defined(MBEDTLS_FS_IO)
+/** \ingroup pk_module */
+/**
+ * \brief           Load and parse a private key
+ *
+ * \param ctx       key to be initialized
+ * \param path      filename to read the private key from
+ * \param password  password to decrypt the file (can be NULL)
+ *
+ * \note            On entry, ctx must be empty, either freshly initialised
+ *                  with mbedtls_pk_init() or reset with mbedtls_pk_free(). If you need a
+ *                  specific key type, check the result with mbedtls_pk_can_do().
+ *
+ * \note            The key is also checked for correctness.
+ *
+ * \return          0 if successful, or a specific PK or PEM error code
+ */
+int mbedtls_pk_parse_keyfile( mbedtls_pk_context *ctx,
+                      const char *path, const char *password );
+
+/** \ingroup pk_module */
+/**
+ * \brief           Load and parse a public key
+ *
+ * \param ctx       key to be initialized
+ * \param path      filename to read the private key from
+ *
+ * \note            On entry, ctx must be empty, either freshly initialised
+ *                  with mbedtls_pk_init() or reset with mbedtls_pk_free(). If you need a
+ *                  specific key type, check the result with mbedtls_pk_can_do().
+ *
+ * \note            The key is also checked for correctness.
+ *
+ * \return          0 if successful, or a specific PK or PEM error code
+ */
+int mbedtls_pk_parse_public_keyfile( mbedtls_pk_context *ctx, const char *path );
+#endif /* MBEDTLS_FS_IO */
+#endif /* MBEDTLS_PK_PARSE_C */
+
+#if defined(MBEDTLS_PK_WRITE_C)
+/**
+ * \brief           Write a private key to a PKCS#1 or SEC1 DER structure
+ *                  Note: data is written at the end of the buffer! Use the
+ *                        return value to determine where you should start
+ *                        using the buffer
+ *
+ * \param ctx       private to write away
+ * \param buf       buffer to write to
+ * \param size      size of the buffer
+ *
+ * \return          length of data written if successful, or a specific
+ *                  error code
+ */
+int mbedtls_pk_write_key_der( mbedtls_pk_context *ctx, unsigned char *buf, size_t size );
+
+/**
+ * \brief           Write a public key to a SubjectPublicKeyInfo DER structure
+ *                  Note: data is written at the end of the buffer! Use the
+ *                        return value to determine where you should start
+ *                        using the buffer
+ *
+ * \param ctx       public key to write away
+ * \param buf       buffer to write to
+ * \param size      size of the buffer
+ *
+ * \return          length of data written if successful, or a specific
+ *                  error code
+ */
+int mbedtls_pk_write_pubkey_der( mbedtls_pk_context *ctx, unsigned char *buf, size_t size );
+
+#if defined(MBEDTLS_PEM_WRITE_C)
+/**
+ * \brief           Write a public key to a PEM string
+ *
+ * \param ctx       public key to write away
+ * \param buf       buffer to write to
+ * \param size      size of the buffer
+ *
+ * \return          0 if successful, or a specific error code
+ */
+int mbedtls_pk_write_pubkey_pem( mbedtls_pk_context *ctx, unsigned char *buf, size_t size );
+
+/**
+ * \brief           Write a private key to a PKCS#1 or SEC1 PEM string
+ *
+ * \param ctx       private to write away
+ * \param buf       buffer to write to
+ * \param size      size of the buffer
+ *
+ * \return          0 if successful, or a specific error code
+ */
+int mbedtls_pk_write_key_pem( mbedtls_pk_context *ctx, unsigned char *buf, size_t size );
+#endif /* MBEDTLS_PEM_WRITE_C */
+#endif /* MBEDTLS_PK_WRITE_C */
+
+/*
+ * WARNING: Low-level functions. You probably do not want to use these unless
+ *          you are certain you do ;)
+ */
+
+#if defined(MBEDTLS_PK_PARSE_C)
+/**
+ * \brief           Parse a SubjectPublicKeyInfo DER structure
+ *
+ * \param p         the position in the ASN.1 data
+ * \param end       end of the buffer
+ * \param pk        the key to fill
+ *
+ * \return          0 if successful, or a specific PK error code
+ */
+int mbedtls_pk_parse_subpubkey( unsigned char **p, const unsigned char *end,
+                        mbedtls_pk_context *pk );
+#endif /* MBEDTLS_PK_PARSE_C */
+
+#if defined(MBEDTLS_PK_WRITE_C)
+/**
+ * \brief           Write a subjectPublicKey to ASN.1 data
+ *                  Note: function works backwards in data buffer
+ *
+ * \param p         reference to current position pointer
+ * \param start     start of the buffer (for bounds-checking)
+ * \param key       public key to write away
+ *
+ * \return          the length written or a negative error code
+ */
+int mbedtls_pk_write_pubkey( unsigned char **p, unsigned char *start,
+                     const mbedtls_pk_context *key );
+#endif /* MBEDTLS_PK_WRITE_C */
+
+/*
+ * Internal module functions. You probably do not want to use these unless you
+ * know you do.
+ */
+#if defined(MBEDTLS_FS_IO)
+int mbedtls_pk_load_file( const char *path, unsigned char **buf, size_t *n );
+#endif
+
+#ifdef __cplusplus
+}
+#endif
+
+#endif /* MBEDTLS_PK_H */
diff --git a/client/3rd/ShadowSocks/ShadowSocks/mbedtls/include/mbedtls/pk_internal.h b/client/3rd/ShadowSocks/ShadowSocks/mbedtls/include/mbedtls/pk_internal.h
new file mode 100644
index 00000000..01d0f214
--- /dev/null
+++ b/client/3rd/ShadowSocks/ShadowSocks/mbedtls/include/mbedtls/pk_internal.h
@@ -0,0 +1,114 @@
+/**
+ * \file pk.h
+ *
+ * \brief Public Key abstraction layer: wrapper functions
+ *
+ *  Copyright (C) 2006-2015, ARM Limited, All Rights Reserved
+ *  SPDX-License-Identifier: Apache-2.0
+ *
+ *  Licensed under the Apache License, Version 2.0 (the "License"); you may
+ *  not use this file except in compliance with the License.
+ *  You may obtain a copy of the License at
+ *
+ *  http://www.apache.org/licenses/LICENSE-2.0
+ *
+ *  Unless required by applicable law or agreed to in writing, software
+ *  distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
+ *  WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ *  See the License for the specific language governing permissions and
+ *  limitations under the License.
+ *
+ *  This file is part of mbed TLS (https://tls.mbed.org)
+ */
+
+#ifndef MBEDTLS_PK_WRAP_H
+#define MBEDTLS_PK_WRAP_H
+
+#if !defined(MBEDTLS_CONFIG_FILE)
+#include "config.h"
+#else
+#include MBEDTLS_CONFIG_FILE
+#endif
+
+#include "pk.h"
+
+struct mbedtls_pk_info_t
+{
+    /** Public key type */
+    mbedtls_pk_type_t type;
+
+    /** Type name */
+    const char *name;
+
+    /** Get key size in bits */
+    size_t (*get_bitlen)( const void * );
+
+    /** Tell if the context implements this type (e.g. ECKEY can do ECDSA) */
+    int (*can_do)( mbedtls_pk_type_t type );
+
+    /** Verify signature */
+    int (*verify_func)( void *ctx, mbedtls_md_type_t md_alg,
+                        const unsigned char *hash, size_t hash_len,
+                        const unsigned char *sig, size_t sig_len );
+
+    /** Make signature */
+    int (*sign_func)( void *ctx, mbedtls_md_type_t md_alg,
+                      const unsigned char *hash, size_t hash_len,
+                      unsigned char *sig, size_t *sig_len,
+                      int (*f_rng)(void *, unsigned char *, size_t),
+                      void *p_rng );
+
+    /** Decrypt message */
+    int (*decrypt_func)( void *ctx, const unsigned char *input, size_t ilen,
+                         unsigned char *output, size_t *olen, size_t osize,
+                         int (*f_rng)(void *, unsigned char *, size_t),
+                         void *p_rng );
+
+    /** Encrypt message */
+    int (*encrypt_func)( void *ctx, const unsigned char *input, size_t ilen,
+                         unsigned char *output, size_t *olen, size_t osize,
+                         int (*f_rng)(void *, unsigned char *, size_t),
+                         void *p_rng );
+
+    /** Check public-private key pair */
+    int (*check_pair_func)( const void *pub, const void *prv );
+
+    /** Allocate a new context */
+    void * (*ctx_alloc_func)( void );
+
+    /** Free the given context */
+    void (*ctx_free_func)( void *ctx );
+
+    /** Interface with the debug module */
+    void (*debug_func)( const void *ctx, mbedtls_pk_debug_item *items );
+
+};
+#if defined(MBEDTLS_PK_RSA_ALT_SUPPORT)
+/* Container for RSA-alt */
+typedef struct
+{
+    void *key;
+    mbedtls_pk_rsa_alt_decrypt_func decrypt_func;
+    mbedtls_pk_rsa_alt_sign_func sign_func;
+    mbedtls_pk_rsa_alt_key_len_func key_len_func;
+} mbedtls_rsa_alt_context;
+#endif
+
+#if defined(MBEDTLS_RSA_C)
+extern const mbedtls_pk_info_t mbedtls_rsa_info;
+#endif
+
+#if defined(MBEDTLS_ECP_C)
+extern const mbedtls_pk_info_t mbedtls_eckey_info;
+extern const mbedtls_pk_info_t mbedtls_eckeydh_info;
+#endif
+
+#if defined(MBEDTLS_ECDSA_C)
+extern const mbedtls_pk_info_t mbedtls_ecdsa_info;
+#endif
+
+#if defined(MBEDTLS_PK_RSA_ALT_SUPPORT)
+extern const mbedtls_pk_info_t mbedtls_rsa_alt_info;
+#endif
+
+#endif /* MBEDTLS_PK_WRAP_H */
diff --git a/client/3rd/ShadowSocks/ShadowSocks/mbedtls/include/mbedtls/pkcs11.h b/client/3rd/ShadowSocks/ShadowSocks/mbedtls/include/mbedtls/pkcs11.h
new file mode 100644
index 00000000..2e889281
--- /dev/null
+++ b/client/3rd/ShadowSocks/ShadowSocks/mbedtls/include/mbedtls/pkcs11.h
@@ -0,0 +1,173 @@
+/**
+ * \file pkcs11.h
+ *
+ * \brief Wrapper for PKCS#11 library libpkcs11-helper
+ *
+ * \author Adriaan de Jong <dejong@fox-it.com>
+ *
+ *  Copyright (C) 2006-2015, ARM Limited, All Rights Reserved
+ *  SPDX-License-Identifier: Apache-2.0
+ *
+ *  Licensed under the Apache License, Version 2.0 (the "License"); you may
+ *  not use this file except in compliance with the License.
+ *  You may obtain a copy of the License at
+ *
+ *  http://www.apache.org/licenses/LICENSE-2.0
+ *
+ *  Unless required by applicable law or agreed to in writing, software
+ *  distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
+ *  WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ *  See the License for the specific language governing permissions and
+ *  limitations under the License.
+ *
+ *  This file is part of mbed TLS (https://tls.mbed.org)
+ */
+#ifndef MBEDTLS_PKCS11_H
+#define MBEDTLS_PKCS11_H
+
+#if !defined(MBEDTLS_CONFIG_FILE)
+#include "config.h"
+#else
+#include MBEDTLS_CONFIG_FILE
+#endif
+
+#if defined(MBEDTLS_PKCS11_C)
+
+#include "x509_crt.h"
+
+#include <pkcs11-helper-1.0/pkcs11h-certificate.h>
+
+#if ( defined(__ARMCC_VERSION) || defined(_MSC_VER) ) && \
+    !defined(inline) && !defined(__cplusplus)
+#define inline __inline
+#endif
+
+#ifdef __cplusplus
+extern "C" {
+#endif
+
+/**
+ * Context for PKCS #11 private keys.
+ */
+typedef struct {
+        pkcs11h_certificate_t pkcs11h_cert;
+        int len;
+} mbedtls_pkcs11_context;
+
+/**
+ * Initialize a mbedtls_pkcs11_context.
+ * (Just making memory references valid.)
+ */
+void mbedtls_pkcs11_init( mbedtls_pkcs11_context *ctx );
+
+/**
+ * Fill in a mbed TLS certificate, based on the given PKCS11 helper certificate.
+ *
+ * \param cert          X.509 certificate to fill
+ * \param pkcs11h_cert  PKCS #11 helper certificate
+ *
+ * \return              0 on success.
+ */
+int mbedtls_pkcs11_x509_cert_bind( mbedtls_x509_crt *cert, pkcs11h_certificate_t pkcs11h_cert );
+
+/**
+ * Set up a mbedtls_pkcs11_context storing the given certificate. Note that the
+ * mbedtls_pkcs11_context will take over control of the certificate, freeing it when
+ * done.
+ *
+ * \param priv_key      Private key structure to fill.
+ * \param pkcs11_cert   PKCS #11 helper certificate
+ *
+ * \return              0 on success
+ */
+int mbedtls_pkcs11_priv_key_bind( mbedtls_pkcs11_context *priv_key,
+        pkcs11h_certificate_t pkcs11_cert );
+
+/**
+ * Free the contents of the given private key context. Note that the structure
+ * itself is not freed.
+ *
+ * \param priv_key      Private key structure to cleanup
+ */
+void mbedtls_pkcs11_priv_key_free( mbedtls_pkcs11_context *priv_key );
+
+/**
+ * \brief          Do an RSA private key decrypt, then remove the message
+ *                 padding
+ *
+ * \param ctx      PKCS #11 context
+ * \param mode     must be MBEDTLS_RSA_PRIVATE, for compatibility with rsa.c's signature
+ * \param input    buffer holding the encrypted data
+ * \param output   buffer that will hold the plaintext
+ * \param olen     will contain the plaintext length
+ * \param output_max_len    maximum length of the output buffer
+ *
+ * \return         0 if successful, or an MBEDTLS_ERR_RSA_XXX error code
+ *
+ * \note           The output buffer must be as large as the size
+ *                 of ctx->N (eg. 128 bytes if RSA-1024 is used) otherwise
+ *                 an error is thrown.
+ */
+int mbedtls_pkcs11_decrypt( mbedtls_pkcs11_context *ctx,
+                       int mode, size_t *olen,
+                       const unsigned char *input,
+                       unsigned char *output,
+                       size_t output_max_len );
+
+/**
+ * \brief          Do a private RSA to sign a message digest
+ *
+ * \param ctx      PKCS #11 context
+ * \param mode     must be MBEDTLS_RSA_PRIVATE, for compatibility with rsa.c's signature
+ * \param md_alg   a MBEDTLS_MD_XXX (use MBEDTLS_MD_NONE for signing raw data)
+ * \param hashlen  message digest length (for MBEDTLS_MD_NONE only)
+ * \param hash     buffer holding the message digest
+ * \param sig      buffer that will hold the ciphertext
+ *
+ * \return         0 if the signing operation was successful,
+ *                 or an MBEDTLS_ERR_RSA_XXX error code
+ *
+ * \note           The "sig" buffer must be as large as the size
+ *                 of ctx->N (eg. 128 bytes if RSA-1024 is used).
+ */
+int mbedtls_pkcs11_sign( mbedtls_pkcs11_context *ctx,
+                    int mode,
+                    mbedtls_md_type_t md_alg,
+                    unsigned int hashlen,
+                    const unsigned char *hash,
+                    unsigned char *sig );
+
+/**
+ * SSL/TLS wrappers for PKCS#11 functions
+ */
+static inline int mbedtls_ssl_pkcs11_decrypt( void *ctx, int mode, size_t *olen,
+                        const unsigned char *input, unsigned char *output,
+                        size_t output_max_len )
+{
+    return mbedtls_pkcs11_decrypt( (mbedtls_pkcs11_context *) ctx, mode, olen, input, output,
+                           output_max_len );
+}
+
+static inline int mbedtls_ssl_pkcs11_sign( void *ctx,
+                     int (*f_rng)(void *, unsigned char *, size_t), void *p_rng,
+                     int mode, mbedtls_md_type_t md_alg, unsigned int hashlen,
+                     const unsigned char *hash, unsigned char *sig )
+{
+    ((void) f_rng);
+    ((void) p_rng);
+    return mbedtls_pkcs11_sign( (mbedtls_pkcs11_context *) ctx, mode, md_alg,
+                        hashlen, hash, sig );
+}
+
+static inline size_t mbedtls_ssl_pkcs11_key_len( void *ctx )
+{
+    return ( (mbedtls_pkcs11_context *) ctx )->len;
+}
+
+#ifdef __cplusplus
+}
+#endif
+
+#endif /* MBEDTLS_PKCS11_C */
+
+#endif /* MBEDTLS_PKCS11_H */
diff --git a/client/3rd/ShadowSocks/ShadowSocks/mbedtls/include/mbedtls/pkcs12.h b/client/3rd/ShadowSocks/ShadowSocks/mbedtls/include/mbedtls/pkcs12.h
new file mode 100644
index 00000000..9b2d9045
--- /dev/null
+++ b/client/3rd/ShadowSocks/ShadowSocks/mbedtls/include/mbedtls/pkcs12.h
@@ -0,0 +1,119 @@
+/**
+ * \file pkcs12.h
+ *
+ * \brief PKCS#12 Personal Information Exchange Syntax
+ *
+ *  Copyright (C) 2006-2015, ARM Limited, All Rights Reserved
+ *  SPDX-License-Identifier: Apache-2.0
+ *
+ *  Licensed under the Apache License, Version 2.0 (the "License"); you may
+ *  not use this file except in compliance with the License.
+ *  You may obtain a copy of the License at
+ *
+ *  http://www.apache.org/licenses/LICENSE-2.0
+ *
+ *  Unless required by applicable law or agreed to in writing, software
+ *  distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
+ *  WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ *  See the License for the specific language governing permissions and
+ *  limitations under the License.
+ *
+ *  This file is part of mbed TLS (https://tls.mbed.org)
+ */
+#ifndef MBEDTLS_PKCS12_H
+#define MBEDTLS_PKCS12_H
+
+#include "md.h"
+#include "cipher.h"
+#include "asn1.h"
+
+#include <stddef.h>
+
+#define MBEDTLS_ERR_PKCS12_BAD_INPUT_DATA                 -0x1F80  /**< Bad input parameters to function. */
+#define MBEDTLS_ERR_PKCS12_FEATURE_UNAVAILABLE            -0x1F00  /**< Feature not available, e.g. unsupported encryption scheme. */
+#define MBEDTLS_ERR_PKCS12_PBE_INVALID_FORMAT             -0x1E80  /**< PBE ASN.1 data not as expected. */
+#define MBEDTLS_ERR_PKCS12_PASSWORD_MISMATCH              -0x1E00  /**< Given private key password does not allow for correct decryption. */
+
+#define MBEDTLS_PKCS12_DERIVE_KEY       1   /**< encryption/decryption key */
+#define MBEDTLS_PKCS12_DERIVE_IV        2   /**< initialization vector     */
+#define MBEDTLS_PKCS12_DERIVE_MAC_KEY   3   /**< integrity / MAC key       */
+
+#define MBEDTLS_PKCS12_PBE_DECRYPT      0
+#define MBEDTLS_PKCS12_PBE_ENCRYPT      1
+
+#ifdef __cplusplus
+extern "C" {
+#endif
+
+/**
+ * \brief            PKCS12 Password Based function (encryption / decryption)
+ *                   for pbeWithSHAAnd128BitRC4
+ *
+ * \param pbe_params an ASN1 buffer containing the pkcs-12PbeParams structure
+ * \param mode       either MBEDTLS_PKCS12_PBE_ENCRYPT or MBEDTLS_PKCS12_PBE_DECRYPT
+ * \param pwd        the password used (may be NULL if no password is used)
+ * \param pwdlen     length of the password (may be 0)
+ * \param input      the input data
+ * \param len        data length
+ * \param output     the output buffer
+ *
+ * \return           0 if successful, or a MBEDTLS_ERR_XXX code
+ */
+int mbedtls_pkcs12_pbe_sha1_rc4_128( mbedtls_asn1_buf *pbe_params, int mode,
+                             const unsigned char *pwd,  size_t pwdlen,
+                             const unsigned char *input, size_t len,
+                             unsigned char *output );
+
+/**
+ * \brief            PKCS12 Password Based function (encryption / decryption)
+ *                   for cipher-based and mbedtls_md-based PBE's
+ *
+ * \param pbe_params an ASN1 buffer containing the pkcs-12PbeParams structure
+ * \param mode       either MBEDTLS_PKCS12_PBE_ENCRYPT or MBEDTLS_PKCS12_PBE_DECRYPT
+ * \param cipher_type the cipher used
+ * \param md_type     the mbedtls_md used
+ * \param pwd        the password used (may be NULL if no password is used)
+ * \param pwdlen     length of the password (may be 0)
+ * \param input      the input data
+ * \param len        data length
+ * \param output     the output buffer
+ *
+ * \return           0 if successful, or a MBEDTLS_ERR_XXX code
+ */
+int mbedtls_pkcs12_pbe( mbedtls_asn1_buf *pbe_params, int mode,
+                mbedtls_cipher_type_t cipher_type, mbedtls_md_type_t md_type,
+                const unsigned char *pwd,  size_t pwdlen,
+                const unsigned char *input, size_t len,
+                unsigned char *output );
+
+/**
+ * \brief            The PKCS#12 derivation function uses a password and a salt
+ *                   to produce pseudo-random bits for a particular "purpose".
+ *
+ *                   Depending on the given id, this function can produce an
+ *                   encryption/decryption key, an nitialization vector or an
+ *                   integrity key.
+ *
+ * \param data       buffer to store the derived data in
+ * \param datalen    length to fill
+ * \param pwd        password to use (may be NULL if no password is used)
+ * \param pwdlen     length of the password (may be 0)
+ * \param salt       salt buffer to use
+ * \param saltlen    length of the salt
+ * \param mbedtls_md         mbedtls_md type to use during the derivation
+ * \param id         id that describes the purpose (can be MBEDTLS_PKCS12_DERIVE_KEY,
+ *                   MBEDTLS_PKCS12_DERIVE_IV or MBEDTLS_PKCS12_DERIVE_MAC_KEY)
+ * \param iterations number of iterations
+ *
+ * \return          0 if successful, or a MD, BIGNUM type error.
+ */
+int mbedtls_pkcs12_derivation( unsigned char *data, size_t datalen,
+                       const unsigned char *pwd, size_t pwdlen,
+                       const unsigned char *salt, size_t saltlen,
+                       mbedtls_md_type_t mbedtls_md, int id, int iterations );
+
+#ifdef __cplusplus
+}
+#endif
+
+#endif /* pkcs12.h */
diff --git a/client/3rd/ShadowSocks/ShadowSocks/mbedtls/include/mbedtls/pkcs5.h b/client/3rd/ShadowSocks/ShadowSocks/mbedtls/include/mbedtls/pkcs5.h
new file mode 100644
index 00000000..ec5cb9e7
--- /dev/null
+++ b/client/3rd/ShadowSocks/ShadowSocks/mbedtls/include/mbedtls/pkcs5.h
@@ -0,0 +1,94 @@
+/**
+ * \file pkcs5.h
+ *
+ * \brief PKCS#5 functions
+ *
+ * \author Mathias Olsson <mathias@kompetensum.com>
+ *
+ *  Copyright (C) 2006-2015, ARM Limited, All Rights Reserved
+ *  SPDX-License-Identifier: Apache-2.0
+ *
+ *  Licensed under the Apache License, Version 2.0 (the "License"); you may
+ *  not use this file except in compliance with the License.
+ *  You may obtain a copy of the License at
+ *
+ *  http://www.apache.org/licenses/LICENSE-2.0
+ *
+ *  Unless required by applicable law or agreed to in writing, software
+ *  distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
+ *  WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ *  See the License for the specific language governing permissions and
+ *  limitations under the License.
+ *
+ *  This file is part of mbed TLS (https://tls.mbed.org)
+ */
+#ifndef MBEDTLS_PKCS5_H
+#define MBEDTLS_PKCS5_H
+
+#include "asn1.h"
+#include "md.h"
+
+#include <stddef.h>
+#include <stdint.h>
+
+#define MBEDTLS_ERR_PKCS5_BAD_INPUT_DATA                  -0x2f80  /**< Bad input parameters to function. */
+#define MBEDTLS_ERR_PKCS5_INVALID_FORMAT                  -0x2f00  /**< Unexpected ASN.1 data. */
+#define MBEDTLS_ERR_PKCS5_FEATURE_UNAVAILABLE             -0x2e80  /**< Requested encryption or digest alg not available. */
+#define MBEDTLS_ERR_PKCS5_PASSWORD_MISMATCH               -0x2e00  /**< Given private key password does not allow for correct decryption. */
+
+#define MBEDTLS_PKCS5_DECRYPT      0
+#define MBEDTLS_PKCS5_ENCRYPT      1
+
+#ifdef __cplusplus
+extern "C" {
+#endif
+
+/**
+ * \brief          PKCS#5 PBES2 function
+ *
+ * \param pbe_params the ASN.1 algorithm parameters
+ * \param mode       either MBEDTLS_PKCS5_DECRYPT or MBEDTLS_PKCS5_ENCRYPT
+ * \param pwd        password to use when generating key
+ * \param pwdlen     length of password
+ * \param data       data to process
+ * \param datalen    length of data
+ * \param output     output buffer
+ *
+ * \returns        0 on success, or a MBEDTLS_ERR_XXX code if verification fails.
+ */
+int mbedtls_pkcs5_pbes2( const mbedtls_asn1_buf *pbe_params, int mode,
+                 const unsigned char *pwd,  size_t pwdlen,
+                 const unsigned char *data, size_t datalen,
+                 unsigned char *output );
+
+/**
+ * \brief          PKCS#5 PBKDF2 using HMAC
+ *
+ * \param ctx      Generic HMAC context
+ * \param password Password to use when generating key
+ * \param plen     Length of password
+ * \param salt     Salt to use when generating key
+ * \param slen     Length of salt
+ * \param iteration_count       Iteration count
+ * \param key_length            Length of generated key in bytes
+ * \param output   Generated key. Must be at least as big as key_length
+ *
+ * \returns        0 on success, or a MBEDTLS_ERR_XXX code if verification fails.
+ */
+int mbedtls_pkcs5_pbkdf2_hmac( mbedtls_md_context_t *ctx, const unsigned char *password,
+                       size_t plen, const unsigned char *salt, size_t slen,
+                       unsigned int iteration_count,
+                       uint32_t key_length, unsigned char *output );
+
+/**
+ * \brief          Checkup routine
+ *
+ * \return         0 if successful, or 1 if the test failed
+ */
+int mbedtls_pkcs5_self_test( int verbose );
+
+#ifdef __cplusplus
+}
+#endif
+
+#endif /* pkcs5.h */
diff --git a/client/3rd/ShadowSocks/ShadowSocks/mbedtls/include/mbedtls/platform.h b/client/3rd/ShadowSocks/ShadowSocks/mbedtls/include/mbedtls/platform.h
new file mode 100644
index 00000000..f71f1b64
--- /dev/null
+++ b/client/3rd/ShadowSocks/ShadowSocks/mbedtls/include/mbedtls/platform.h
@@ -0,0 +1,214 @@
+/**
+ * \file platform.h
+ *
+ * \brief mbed TLS Platform abstraction layer
+ *
+ *  Copyright (C) 2006-2015, ARM Limited, All Rights Reserved
+ *  SPDX-License-Identifier: Apache-2.0
+ *
+ *  Licensed under the Apache License, Version 2.0 (the "License"); you may
+ *  not use this file except in compliance with the License.
+ *  You may obtain a copy of the License at
+ *
+ *  http://www.apache.org/licenses/LICENSE-2.0
+ *
+ *  Unless required by applicable law or agreed to in writing, software
+ *  distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
+ *  WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ *  See the License for the specific language governing permissions and
+ *  limitations under the License.
+ *
+ *  This file is part of mbed TLS (https://tls.mbed.org)
+ */
+#ifndef MBEDTLS_PLATFORM_H
+#define MBEDTLS_PLATFORM_H
+
+#if !defined(MBEDTLS_CONFIG_FILE)
+#include "config.h"
+#else
+#include MBEDTLS_CONFIG_FILE
+#endif
+
+#ifdef __cplusplus
+extern "C" {
+#endif
+
+/**
+ * \name SECTION: Module settings
+ *
+ * The configuration options you can set for this module are in this section.
+ * Either change them in config.h or define them on the compiler command line.
+ * \{
+ */
+
+#if !defined(MBEDTLS_PLATFORM_NO_STD_FUNCTIONS)
+#include <stdio.h>
+#include <stdlib.h>
+#if !defined(MBEDTLS_PLATFORM_STD_SNPRINTF)
+#if defined(_WIN32)
+#define MBEDTLS_PLATFORM_STD_SNPRINTF   mbedtls_platform_win32_snprintf /**< Default snprintf to use  */
+#else
+#define MBEDTLS_PLATFORM_STD_SNPRINTF   snprintf /**< Default snprintf to use  */
+#endif
+#endif
+#if !defined(MBEDTLS_PLATFORM_STD_PRINTF)
+#define MBEDTLS_PLATFORM_STD_PRINTF   printf /**< Default printf to use  */
+#endif
+#if !defined(MBEDTLS_PLATFORM_STD_FPRINTF)
+#define MBEDTLS_PLATFORM_STD_FPRINTF fprintf /**< Default fprintf to use */
+#endif
+#if !defined(MBEDTLS_PLATFORM_STD_CALLOC)
+#define MBEDTLS_PLATFORM_STD_CALLOC   calloc /**< Default allocator to use */
+#endif
+#if !defined(MBEDTLS_PLATFORM_STD_FREE)
+#define MBEDTLS_PLATFORM_STD_FREE       free /**< Default free to use */
+#endif
+#if !defined(MBEDTLS_PLATFORM_STD_EXIT)
+#define MBEDTLS_PLATFORM_STD_EXIT      exit /**< Default free to use */
+#endif
+#else /* MBEDTLS_PLATFORM_NO_STD_FUNCTIONS */
+#if defined(MBEDTLS_PLATFORM_STD_MEM_HDR)
+#include MBEDTLS_PLATFORM_STD_MEM_HDR
+#endif
+#endif /* MBEDTLS_PLATFORM_NO_STD_FUNCTIONS */
+
+/* \} name SECTION: Module settings */
+
+/*
+ * The function pointers for calloc and free
+ */
+#if defined(MBEDTLS_PLATFORM_MEMORY)
+#if defined(MBEDTLS_PLATFORM_FREE_MACRO) && \
+    defined(MBEDTLS_PLATFORM_CALLOC_MACRO)
+#define mbedtls_free       MBEDTLS_PLATFORM_FREE_MACRO
+#define mbedtls_calloc     MBEDTLS_PLATFORM_CALLOC_MACRO
+#else
+/* For size_t */
+#include <stddef.h>
+extern void * (*mbedtls_calloc)( size_t n, size_t size );
+extern void (*mbedtls_free)( void *ptr );
+
+/**
+ * \brief   Set your own memory implementation function pointers
+ *
+ * \param calloc_func   the calloc function implementation
+ * \param free_func     the free function implementation
+ *
+ * \return              0 if successful
+ */
+int mbedtls_platform_set_calloc_free( void * (*calloc_func)( size_t, size_t ),
+                              void (*free_func)( void * ) );
+#endif /* MBEDTLS_PLATFORM_FREE_MACRO && MBEDTLS_PLATFORM_CALLOC_MACRO */
+#else /* !MBEDTLS_PLATFORM_MEMORY */
+#define mbedtls_free       free
+#define mbedtls_calloc     calloc
+#endif /* MBEDTLS_PLATFORM_MEMORY && !MBEDTLS_PLATFORM_{FREE,CALLOC}_MACRO */
+
+/*
+ * The function pointers for fprintf
+ */
+#if defined(MBEDTLS_PLATFORM_FPRINTF_ALT)
+/* We need FILE * */
+#include <stdio.h>
+extern int (*mbedtls_fprintf)( FILE *stream, const char *format, ... );
+
+/**
+ * \brief   Set your own fprintf function pointer
+ *
+ * \param fprintf_func   the fprintf function implementation
+ *
+ * \return              0
+ */
+int mbedtls_platform_set_fprintf( int (*fprintf_func)( FILE *stream, const char *,
+                                               ... ) );
+#else
+#if defined(MBEDTLS_PLATFORM_FPRINTF_MACRO)
+#define mbedtls_fprintf    MBEDTLS_PLATFORM_FPRINTF_MACRO
+#else
+#define mbedtls_fprintf    fprintf
+#endif /* MBEDTLS_PLATFORM_FPRINTF_MACRO */
+#endif /* MBEDTLS_PLATFORM_FPRINTF_ALT */
+
+/*
+ * The function pointers for printf
+ */
+#if defined(MBEDTLS_PLATFORM_PRINTF_ALT)
+extern int (*mbedtls_printf)( const char *format, ... );
+
+/**
+ * \brief   Set your own printf function pointer
+ *
+ * \param printf_func   the printf function implementation
+ *
+ * \return              0
+ */
+int mbedtls_platform_set_printf( int (*printf_func)( const char *, ... ) );
+#else /* !MBEDTLS_PLATFORM_PRINTF_ALT */
+#if defined(MBEDTLS_PLATFORM_PRINTF_MACRO)
+#define mbedtls_printf     MBEDTLS_PLATFORM_PRINTF_MACRO
+#else
+#define mbedtls_printf     printf
+#endif /* MBEDTLS_PLATFORM_PRINTF_MACRO */
+#endif /* MBEDTLS_PLATFORM_PRINTF_ALT */
+
+/*
+ * The function pointers for snprintf
+ *
+ * The snprintf implementation should conform to C99:
+ * - it *must* always correctly zero-terminate the buffer
+ *   (except when n == 0, then it must leave the buffer untouched)
+ * - however it is acceptable to return -1 instead of the required length when
+ *   the destination buffer is too short.
+ */
+#if defined(_WIN32)
+/* For Windows (inc. MSYS2), we provide our own fixed implementation */
+int mbedtls_platform_win32_snprintf( char *s, size_t n, const char *fmt, ... );
+#endif
+
+#if defined(MBEDTLS_PLATFORM_SNPRINTF_ALT)
+extern int (*mbedtls_snprintf)( char * s, size_t n, const char * format, ... );
+
+/**
+ * \brief   Set your own snprintf function pointer
+ *
+ * \param snprintf_func   the snprintf function implementation
+ *
+ * \return              0
+ */
+int mbedtls_platform_set_snprintf( int (*snprintf_func)( char * s, size_t n,
+                                                 const char * format, ... ) );
+#else /* MBEDTLS_PLATFORM_SNPRINTF_ALT */
+#if defined(MBEDTLS_PLATFORM_SNPRINTF_MACRO)
+#define mbedtls_snprintf   MBEDTLS_PLATFORM_SNPRINTF_MACRO
+#else
+#define mbedtls_snprintf   snprintf
+#endif /* MBEDTLS_PLATFORM_SNPRINTF_MACRO */
+#endif /* MBEDTLS_PLATFORM_SNPRINTF_ALT */
+
+/*
+ * The function pointers for exit
+ */
+#if defined(MBEDTLS_PLATFORM_EXIT_ALT)
+extern void (*mbedtls_exit)( int status );
+
+/**
+ * \brief   Set your own exit function pointer
+ *
+ * \param exit_func   the exit function implementation
+ *
+ * \return              0
+ */
+int mbedtls_platform_set_exit( void (*exit_func)( int status ) );
+#else
+#if defined(MBEDTLS_PLATFORM_EXIT_MACRO)
+#define mbedtls_exit   MBEDTLS_PLATFORM_EXIT_MACRO
+#else
+#define mbedtls_exit   exit
+#endif /* MBEDTLS_PLATFORM_EXIT_MACRO */
+#endif /* MBEDTLS_PLATFORM_EXIT_ALT */
+
+#ifdef __cplusplus
+}
+#endif
+
+#endif /* platform.h */
diff --git a/client/3rd/ShadowSocks/ShadowSocks/mbedtls/include/mbedtls/ripemd160.h b/client/3rd/ShadowSocks/ShadowSocks/mbedtls/include/mbedtls/ripemd160.h
new file mode 100644
index 00000000..a92d3844
--- /dev/null
+++ b/client/3rd/ShadowSocks/ShadowSocks/mbedtls/include/mbedtls/ripemd160.h
@@ -0,0 +1,138 @@
+/**
+ * \file mbedtls_ripemd160.h
+ *
+ * \brief RIPE MD-160 message digest
+ *
+ *  Copyright (C) 2006-2015, ARM Limited, All Rights Reserved
+ *  SPDX-License-Identifier: Apache-2.0
+ *
+ *  Licensed under the Apache License, Version 2.0 (the "License"); you may
+ *  not use this file except in compliance with the License.
+ *  You may obtain a copy of the License at
+ *
+ *  http://www.apache.org/licenses/LICENSE-2.0
+ *
+ *  Unless required by applicable law or agreed to in writing, software
+ *  distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
+ *  WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ *  See the License for the specific language governing permissions and
+ *  limitations under the License.
+ *
+ *  This file is part of mbed TLS (https://tls.mbed.org)
+ */
+#ifndef MBEDTLS_RIPEMD160_H
+#define MBEDTLS_RIPEMD160_H
+
+#if !defined(MBEDTLS_CONFIG_FILE)
+#include "config.h"
+#else
+#include MBEDTLS_CONFIG_FILE
+#endif
+
+#include <stddef.h>
+#include <stdint.h>
+
+#if !defined(MBEDTLS_RIPEMD160_ALT)
+// Regular implementation
+//
+
+#ifdef __cplusplus
+extern "C" {
+#endif
+
+/**
+ * \brief          RIPEMD-160 context structure
+ */
+typedef struct
+{
+    uint32_t total[2];          /*!< number of bytes processed  */
+    uint32_t state[5];          /*!< intermediate digest state  */
+    unsigned char buffer[64];   /*!< data block being processed */
+}
+mbedtls_ripemd160_context;
+
+/**
+ * \brief          Initialize RIPEMD-160 context
+ *
+ * \param ctx      RIPEMD-160 context to be initialized
+ */
+void mbedtls_ripemd160_init( mbedtls_ripemd160_context *ctx );
+
+/**
+ * \brief          Clear RIPEMD-160 context
+ *
+ * \param ctx      RIPEMD-160 context to be cleared
+ */
+void mbedtls_ripemd160_free( mbedtls_ripemd160_context *ctx );
+
+/**
+ * \brief          Clone (the state of) an RIPEMD-160 context
+ *
+ * \param dst      The destination context
+ * \param src      The context to be cloned
+ */
+void mbedtls_ripemd160_clone( mbedtls_ripemd160_context *dst,
+                        const mbedtls_ripemd160_context *src );
+
+/**
+ * \brief          RIPEMD-160 context setup
+ *
+ * \param ctx      context to be initialized
+ */
+void mbedtls_ripemd160_starts( mbedtls_ripemd160_context *ctx );
+
+/**
+ * \brief          RIPEMD-160 process buffer
+ *
+ * \param ctx      RIPEMD-160 context
+ * \param input    buffer holding the  data
+ * \param ilen     length of the input data
+ */
+void mbedtls_ripemd160_update( mbedtls_ripemd160_context *ctx,
+                       const unsigned char *input, size_t ilen );
+
+/**
+ * \brief          RIPEMD-160 final digest
+ *
+ * \param ctx      RIPEMD-160 context
+ * \param output   RIPEMD-160 checksum result
+ */
+void mbedtls_ripemd160_finish( mbedtls_ripemd160_context *ctx, unsigned char output[20] );
+
+/* Internal use */
+void mbedtls_ripemd160_process( mbedtls_ripemd160_context *ctx, const unsigned char data[64] );
+
+#ifdef __cplusplus
+}
+#endif
+
+#else  /* MBEDTLS_RIPEMD160_ALT */
+#include "ripemd160.h"
+#endif /* MBEDTLS_RIPEMD160_ALT */
+
+#ifdef __cplusplus
+extern "C" {
+#endif
+
+/**
+ * \brief          Output = RIPEMD-160( input buffer )
+ *
+ * \param input    buffer holding the  data
+ * \param ilen     length of the input data
+ * \param output   RIPEMD-160 checksum result
+ */
+void mbedtls_ripemd160( const unsigned char *input, size_t ilen,
+                unsigned char output[20] );
+
+/**
+ * \brief          Checkup routine
+ *
+ * \return         0 if successful, or 1 if the test failed
+ */
+int mbedtls_ripemd160_self_test( int verbose );
+
+#ifdef __cplusplus
+}
+#endif
+
+#endif /* mbedtls_ripemd160.h */
diff --git a/client/3rd/ShadowSocks/ShadowSocks/mbedtls/include/mbedtls/rsa.h b/client/3rd/ShadowSocks/ShadowSocks/mbedtls/include/mbedtls/rsa.h
new file mode 100644
index 00000000..9c8645df
--- /dev/null
+++ b/client/3rd/ShadowSocks/ShadowSocks/mbedtls/include/mbedtls/rsa.h
@@ -0,0 +1,652 @@
+/**
+ * \file rsa.h
+ *
+ * \brief The RSA public-key cryptosystem
+ *
+ *  Copyright (C) 2006-2015, ARM Limited, All Rights Reserved
+ *  SPDX-License-Identifier: Apache-2.0
+ *
+ *  Licensed under the Apache License, Version 2.0 (the "License"); you may
+ *  not use this file except in compliance with the License.
+ *  You may obtain a copy of the License at
+ *
+ *  http://www.apache.org/licenses/LICENSE-2.0
+ *
+ *  Unless required by applicable law or agreed to in writing, software
+ *  distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
+ *  WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ *  See the License for the specific language governing permissions and
+ *  limitations under the License.
+ *
+ *  This file is part of mbed TLS (https://tls.mbed.org)
+ */
+#ifndef MBEDTLS_RSA_H
+#define MBEDTLS_RSA_H
+
+#if !defined(MBEDTLS_CONFIG_FILE)
+#include "config.h"
+#else
+#include MBEDTLS_CONFIG_FILE
+#endif
+
+#include "bignum.h"
+#include "md.h"
+
+#if defined(MBEDTLS_THREADING_C)
+#include "threading.h"
+#endif
+
+/*
+ * RSA Error codes
+ */
+#define MBEDTLS_ERR_RSA_BAD_INPUT_DATA                    -0x4080  /**< Bad input parameters to function. */
+#define MBEDTLS_ERR_RSA_INVALID_PADDING                   -0x4100  /**< Input data contains invalid padding and is rejected. */
+#define MBEDTLS_ERR_RSA_KEY_GEN_FAILED                    -0x4180  /**< Something failed during generation of a key. */
+#define MBEDTLS_ERR_RSA_KEY_CHECK_FAILED                  -0x4200  /**< Key failed to pass the library's validity check. */
+#define MBEDTLS_ERR_RSA_PUBLIC_FAILED                     -0x4280  /**< The public key operation failed. */
+#define MBEDTLS_ERR_RSA_PRIVATE_FAILED                    -0x4300  /**< The private key operation failed. */
+#define MBEDTLS_ERR_RSA_VERIFY_FAILED                     -0x4380  /**< The PKCS#1 verification failed. */
+#define MBEDTLS_ERR_RSA_OUTPUT_TOO_LARGE                  -0x4400  /**< The output buffer for decryption is not large enough. */
+#define MBEDTLS_ERR_RSA_RNG_FAILED                        -0x4480  /**< The random generator failed to generate non-zeros. */
+
+/*
+ * RSA constants
+ */
+#define MBEDTLS_RSA_PUBLIC      0
+#define MBEDTLS_RSA_PRIVATE     1
+
+#define MBEDTLS_RSA_PKCS_V15    0
+#define MBEDTLS_RSA_PKCS_V21    1
+
+#define MBEDTLS_RSA_SIGN        1
+#define MBEDTLS_RSA_CRYPT       2
+
+#define MBEDTLS_RSA_SALT_LEN_ANY    -1
+
+/*
+ * The above constants may be used even if the RSA module is compile out,
+ * eg for alternative (PKCS#11) RSA implemenations in the PK layers.
+ */
+#if defined(MBEDTLS_RSA_C)
+
+#ifdef __cplusplus
+extern "C" {
+#endif
+
+/**
+ * \brief          RSA context structure
+ */
+typedef struct
+{
+    int ver;                    /*!<  always 0          */
+    size_t len;                 /*!<  size(N) in chars  */
+
+    mbedtls_mpi N;                      /*!<  public modulus    */
+    mbedtls_mpi E;                      /*!<  public exponent   */
+
+    mbedtls_mpi D;                      /*!<  private exponent  */
+    mbedtls_mpi P;                      /*!<  1st prime factor  */
+    mbedtls_mpi Q;                      /*!<  2nd prime factor  */
+    mbedtls_mpi DP;                     /*!<  D % (P - 1)       */
+    mbedtls_mpi DQ;                     /*!<  D % (Q - 1)       */
+    mbedtls_mpi QP;                     /*!<  1 / (Q % P)       */
+
+    mbedtls_mpi RN;                     /*!<  cached R^2 mod N  */
+    mbedtls_mpi RP;                     /*!<  cached R^2 mod P  */
+    mbedtls_mpi RQ;                     /*!<  cached R^2 mod Q  */
+
+    mbedtls_mpi Vi;                     /*!<  cached blinding value     */
+    mbedtls_mpi Vf;                     /*!<  cached un-blinding value  */
+
+    int padding;                /*!<  MBEDTLS_RSA_PKCS_V15 for 1.5 padding and
+                                      RSA_PKCS_v21 for OAEP/PSS         */
+    int hash_id;                /*!<  Hash identifier of mbedtls_md_type_t as
+                                      specified in the mbedtls_md.h header file
+                                      for the EME-OAEP and EMSA-PSS
+                                      encoding                          */
+#if defined(MBEDTLS_THREADING_C)
+    mbedtls_threading_mutex_t mutex;    /*!<  Thread-safety mutex       */
+#endif
+}
+mbedtls_rsa_context;
+
+/**
+ * \brief          Initialize an RSA context
+ *
+ *                 Note: Set padding to MBEDTLS_RSA_PKCS_V21 for the RSAES-OAEP
+ *                 encryption scheme and the RSASSA-PSS signature scheme.
+ *
+ * \param ctx      RSA context to be initialized
+ * \param padding  MBEDTLS_RSA_PKCS_V15 or MBEDTLS_RSA_PKCS_V21
+ * \param hash_id  MBEDTLS_RSA_PKCS_V21 hash identifier
+ *
+ * \note           The hash_id parameter is actually ignored
+ *                 when using MBEDTLS_RSA_PKCS_V15 padding.
+ *
+ * \note           Choice of padding mode is strictly enforced for private key
+ *                 operations, since there might be security concerns in
+ *                 mixing padding modes. For public key operations it's merely
+ *                 a default value, which can be overriden by calling specific
+ *                 rsa_rsaes_xxx or rsa_rsassa_xxx functions.
+ *
+ * \note           The chosen hash is always used for OEAP encryption.
+ *                 For PSS signatures, it's always used for making signatures,
+ *                 but can be overriden (and always is, if set to
+ *                 MBEDTLS_MD_NONE) for verifying them.
+ */
+void mbedtls_rsa_init( mbedtls_rsa_context *ctx,
+               int padding,
+               int hash_id);
+
+/**
+ * \brief          Set padding for an already initialized RSA context
+ *                 See \c mbedtls_rsa_init() for details.
+ *
+ * \param ctx      RSA context to be set
+ * \param padding  MBEDTLS_RSA_PKCS_V15 or MBEDTLS_RSA_PKCS_V21
+ * \param hash_id  MBEDTLS_RSA_PKCS_V21 hash identifier
+ */
+void mbedtls_rsa_set_padding( mbedtls_rsa_context *ctx, int padding, int hash_id);
+
+/**
+ * \brief          Generate an RSA keypair
+ *
+ * \param ctx      RSA context that will hold the key
+ * \param f_rng    RNG function
+ * \param p_rng    RNG parameter
+ * \param nbits    size of the public key in bits
+ * \param exponent public exponent (e.g., 65537)
+ *
+ * \note           mbedtls_rsa_init() must be called beforehand to setup
+ *                 the RSA context.
+ *
+ * \return         0 if successful, or an MBEDTLS_ERR_RSA_XXX error code
+ */
+int mbedtls_rsa_gen_key( mbedtls_rsa_context *ctx,
+                 int (*f_rng)(void *, unsigned char *, size_t),
+                 void *p_rng,
+                 unsigned int nbits, int exponent );
+
+/**
+ * \brief          Check a public RSA key
+ *
+ * \param ctx      RSA context to be checked
+ *
+ * \return         0 if successful, or an MBEDTLS_ERR_RSA_XXX error code
+ */
+int mbedtls_rsa_check_pubkey( const mbedtls_rsa_context *ctx );
+
+/**
+ * \brief          Check a private RSA key
+ *
+ * \param ctx      RSA context to be checked
+ *
+ * \return         0 if successful, or an MBEDTLS_ERR_RSA_XXX error code
+ */
+int mbedtls_rsa_check_privkey( const mbedtls_rsa_context *ctx );
+
+/**
+ * \brief          Check a public-private RSA key pair.
+ *                 Check each of the contexts, and make sure they match.
+ *
+ * \param pub      RSA context holding the public key
+ * \param prv      RSA context holding the private key
+ *
+ * \return         0 if successful, or an MBEDTLS_ERR_RSA_XXX error code
+ */
+int mbedtls_rsa_check_pub_priv( const mbedtls_rsa_context *pub, const mbedtls_rsa_context *prv );
+
+/**
+ * \brief          Do an RSA public key operation
+ *
+ * \param ctx      RSA context
+ * \param input    input buffer
+ * \param output   output buffer
+ *
+ * \return         0 if successful, or an MBEDTLS_ERR_RSA_XXX error code
+ *
+ * \note           This function does NOT take care of message
+ *                 padding. Also, be sure to set input[0] = 0 or assure that
+ *                 input is smaller than N.
+ *
+ * \note           The input and output buffers must be large
+ *                 enough (eg. 128 bytes if RSA-1024 is used).
+ */
+int mbedtls_rsa_public( mbedtls_rsa_context *ctx,
+                const unsigned char *input,
+                unsigned char *output );
+
+/**
+ * \brief          Do an RSA private key operation
+ *
+ * \param ctx      RSA context
+ * \param f_rng    RNG function (Needed for blinding)
+ * \param p_rng    RNG parameter
+ * \param input    input buffer
+ * \param output   output buffer
+ *
+ * \return         0 if successful, or an MBEDTLS_ERR_RSA_XXX error code
+ *
+ * \note           The input and output buffers must be large
+ *                 enough (eg. 128 bytes if RSA-1024 is used).
+ */
+int mbedtls_rsa_private( mbedtls_rsa_context *ctx,
+                 int (*f_rng)(void *, unsigned char *, size_t),
+                 void *p_rng,
+                 const unsigned char *input,
+                 unsigned char *output );
+
+/**
+ * \brief          Generic wrapper to perform a PKCS#1 encryption using the
+ *                 mode from the context. Add the message padding, then do an
+ *                 RSA operation.
+ *
+ * \param ctx      RSA context
+ * \param f_rng    RNG function (Needed for padding and PKCS#1 v2.1 encoding
+ *                               and MBEDTLS_RSA_PRIVATE)
+ * \param p_rng    RNG parameter
+ * \param mode     MBEDTLS_RSA_PUBLIC or MBEDTLS_RSA_PRIVATE
+ * \param ilen     contains the plaintext length
+ * \param input    buffer holding the data to be encrypted
+ * \param output   buffer that will hold the ciphertext
+ *
+ * \return         0 if successful, or an MBEDTLS_ERR_RSA_XXX error code
+ *
+ * \note           The output buffer must be as large as the size
+ *                 of ctx->N (eg. 128 bytes if RSA-1024 is used).
+ */
+int mbedtls_rsa_pkcs1_encrypt( mbedtls_rsa_context *ctx,
+                       int (*f_rng)(void *, unsigned char *, size_t),
+                       void *p_rng,
+                       int mode, size_t ilen,
+                       const unsigned char *input,
+                       unsigned char *output );
+
+/**
+ * \brief          Perform a PKCS#1 v1.5 encryption (RSAES-PKCS1-v1_5-ENCRYPT)
+ *
+ * \param ctx      RSA context
+ * \param f_rng    RNG function (Needed for padding and MBEDTLS_RSA_PRIVATE)
+ * \param p_rng    RNG parameter
+ * \param mode     MBEDTLS_RSA_PUBLIC or MBEDTLS_RSA_PRIVATE
+ * \param ilen     contains the plaintext length
+ * \param input    buffer holding the data to be encrypted
+ * \param output   buffer that will hold the ciphertext
+ *
+ * \return         0 if successful, or an MBEDTLS_ERR_RSA_XXX error code
+ *
+ * \note           The output buffer must be as large as the size
+ *                 of ctx->N (eg. 128 bytes if RSA-1024 is used).
+ */
+int mbedtls_rsa_rsaes_pkcs1_v15_encrypt( mbedtls_rsa_context *ctx,
+                                 int (*f_rng)(void *, unsigned char *, size_t),
+                                 void *p_rng,
+                                 int mode, size_t ilen,
+                                 const unsigned char *input,
+                                 unsigned char *output );
+
+/**
+ * \brief          Perform a PKCS#1 v2.1 OAEP encryption (RSAES-OAEP-ENCRYPT)
+ *
+ * \param ctx      RSA context
+ * \param f_rng    RNG function (Needed for padding and PKCS#1 v2.1 encoding
+ *                               and MBEDTLS_RSA_PRIVATE)
+ * \param p_rng    RNG parameter
+ * \param mode     MBEDTLS_RSA_PUBLIC or MBEDTLS_RSA_PRIVATE
+ * \param label    buffer holding the custom label to use
+ * \param label_len contains the label length
+ * \param ilen     contains the plaintext length
+ * \param input    buffer holding the data to be encrypted
+ * \param output   buffer that will hold the ciphertext
+ *
+ * \return         0 if successful, or an MBEDTLS_ERR_RSA_XXX error code
+ *
+ * \note           The output buffer must be as large as the size
+ *                 of ctx->N (eg. 128 bytes if RSA-1024 is used).
+ */
+int mbedtls_rsa_rsaes_oaep_encrypt( mbedtls_rsa_context *ctx,
+                            int (*f_rng)(void *, unsigned char *, size_t),
+                            void *p_rng,
+                            int mode,
+                            const unsigned char *label, size_t label_len,
+                            size_t ilen,
+                            const unsigned char *input,
+                            unsigned char *output );
+
+/**
+ * \brief          Generic wrapper to perform a PKCS#1 decryption using the
+ *                 mode from the context. Do an RSA operation, then remove
+ *                 the message padding
+ *
+ * \param ctx      RSA context
+ * \param f_rng    RNG function (Only needed for MBEDTLS_RSA_PRIVATE)
+ * \param p_rng    RNG parameter
+ * \param mode     MBEDTLS_RSA_PUBLIC or MBEDTLS_RSA_PRIVATE
+ * \param olen     will contain the plaintext length
+ * \param input    buffer holding the encrypted data
+ * \param output   buffer that will hold the plaintext
+ * \param output_max_len    maximum length of the output buffer
+ *
+ * \return         0 if successful, or an MBEDTLS_ERR_RSA_XXX error code
+ *
+ * \note           The output buffer must be as large as the size
+ *                 of ctx->N (eg. 128 bytes if RSA-1024 is used) otherwise
+ *                 an error is thrown.
+ */
+int mbedtls_rsa_pkcs1_decrypt( mbedtls_rsa_context *ctx,
+                       int (*f_rng)(void *, unsigned char *, size_t),
+                       void *p_rng,
+                       int mode, size_t *olen,
+                       const unsigned char *input,
+                       unsigned char *output,
+                       size_t output_max_len );
+
+/**
+ * \brief          Perform a PKCS#1 v1.5 decryption (RSAES-PKCS1-v1_5-DECRYPT)
+ *
+ * \param ctx      RSA context
+ * \param f_rng    RNG function (Only needed for MBEDTLS_RSA_PRIVATE)
+ * \param p_rng    RNG parameter
+ * \param mode     MBEDTLS_RSA_PUBLIC or MBEDTLS_RSA_PRIVATE
+ * \param olen     will contain the plaintext length
+ * \param input    buffer holding the encrypted data
+ * \param output   buffer that will hold the plaintext
+ * \param output_max_len    maximum length of the output buffer
+ *
+ * \return         0 if successful, or an MBEDTLS_ERR_RSA_XXX error code
+ *
+ * \note           The output buffer must be as large as the size
+ *                 of ctx->N (eg. 128 bytes if RSA-1024 is used) otherwise
+ *                 an error is thrown.
+ */
+int mbedtls_rsa_rsaes_pkcs1_v15_decrypt( mbedtls_rsa_context *ctx,
+                                 int (*f_rng)(void *, unsigned char *, size_t),
+                                 void *p_rng,
+                                 int mode, size_t *olen,
+                                 const unsigned char *input,
+                                 unsigned char *output,
+                                 size_t output_max_len );
+
+/**
+ * \brief          Perform a PKCS#1 v2.1 OAEP decryption (RSAES-OAEP-DECRYPT)
+ *
+ * \param ctx      RSA context
+ * \param f_rng    RNG function (Only needed for MBEDTLS_RSA_PRIVATE)
+ * \param p_rng    RNG parameter
+ * \param mode     MBEDTLS_RSA_PUBLIC or MBEDTLS_RSA_PRIVATE
+ * \param label    buffer holding the custom label to use
+ * \param label_len contains the label length
+ * \param olen     will contain the plaintext length
+ * \param input    buffer holding the encrypted data
+ * \param output   buffer that will hold the plaintext
+ * \param output_max_len    maximum length of the output buffer
+ *
+ * \return         0 if successful, or an MBEDTLS_ERR_RSA_XXX error code
+ *
+ * \note           The output buffer must be as large as the size
+ *                 of ctx->N (eg. 128 bytes if RSA-1024 is used) otherwise
+ *                 an error is thrown.
+ */
+int mbedtls_rsa_rsaes_oaep_decrypt( mbedtls_rsa_context *ctx,
+                            int (*f_rng)(void *, unsigned char *, size_t),
+                            void *p_rng,
+                            int mode,
+                            const unsigned char *label, size_t label_len,
+                            size_t *olen,
+                            const unsigned char *input,
+                            unsigned char *output,
+                            size_t output_max_len );
+
+/**
+ * \brief          Generic wrapper to perform a PKCS#1 signature using the
+ *                 mode from the context. Do a private RSA operation to sign
+ *                 a message digest
+ *
+ * \param ctx      RSA context
+ * \param f_rng    RNG function (Needed for PKCS#1 v2.1 encoding and for
+ *                               MBEDTLS_RSA_PRIVATE)
+ * \param p_rng    RNG parameter
+ * \param mode     MBEDTLS_RSA_PUBLIC or MBEDTLS_RSA_PRIVATE
+ * \param md_alg   a MBEDTLS_MD_XXX (use MBEDTLS_MD_NONE for signing raw data)
+ * \param hashlen  message digest length (for MBEDTLS_MD_NONE only)
+ * \param hash     buffer holding the message digest
+ * \param sig      buffer that will hold the ciphertext
+ *
+ * \return         0 if the signing operation was successful,
+ *                 or an MBEDTLS_ERR_RSA_XXX error code
+ *
+ * \note           The "sig" buffer must be as large as the size
+ *                 of ctx->N (eg. 128 bytes if RSA-1024 is used).
+ *
+ * \note           In case of PKCS#1 v2.1 encoding, see comments on
+ * \note           \c mbedtls_rsa_rsassa_pss_sign() for details on md_alg and hash_id.
+ */
+int mbedtls_rsa_pkcs1_sign( mbedtls_rsa_context *ctx,
+                    int (*f_rng)(void *, unsigned char *, size_t),
+                    void *p_rng,
+                    int mode,
+                    mbedtls_md_type_t md_alg,
+                    unsigned int hashlen,
+                    const unsigned char *hash,
+                    unsigned char *sig );
+
+/**
+ * \brief          Perform a PKCS#1 v1.5 signature (RSASSA-PKCS1-v1_5-SIGN)
+ *
+ * \param ctx      RSA context
+ * \param f_rng    RNG function (Only needed for MBEDTLS_RSA_PRIVATE)
+ * \param p_rng    RNG parameter
+ * \param mode     MBEDTLS_RSA_PUBLIC or MBEDTLS_RSA_PRIVATE
+ * \param md_alg   a MBEDTLS_MD_XXX (use MBEDTLS_MD_NONE for signing raw data)
+ * \param hashlen  message digest length (for MBEDTLS_MD_NONE only)
+ * \param hash     buffer holding the message digest
+ * \param sig      buffer that will hold the ciphertext
+ *
+ * \return         0 if the signing operation was successful,
+ *                 or an MBEDTLS_ERR_RSA_XXX error code
+ *
+ * \note           The "sig" buffer must be as large as the size
+ *                 of ctx->N (eg. 128 bytes if RSA-1024 is used).
+ */
+int mbedtls_rsa_rsassa_pkcs1_v15_sign( mbedtls_rsa_context *ctx,
+                               int (*f_rng)(void *, unsigned char *, size_t),
+                               void *p_rng,
+                               int mode,
+                               mbedtls_md_type_t md_alg,
+                               unsigned int hashlen,
+                               const unsigned char *hash,
+                               unsigned char *sig );
+
+/**
+ * \brief          Perform a PKCS#1 v2.1 PSS signature (RSASSA-PSS-SIGN)
+ *
+ * \param ctx      RSA context
+ * \param f_rng    RNG function (Needed for PKCS#1 v2.1 encoding and for
+ *                               MBEDTLS_RSA_PRIVATE)
+ * \param p_rng    RNG parameter
+ * \param mode     MBEDTLS_RSA_PUBLIC or MBEDTLS_RSA_PRIVATE
+ * \param md_alg   a MBEDTLS_MD_XXX (use MBEDTLS_MD_NONE for signing raw data)
+ * \param hashlen  message digest length (for MBEDTLS_MD_NONE only)
+ * \param hash     buffer holding the message digest
+ * \param sig      buffer that will hold the ciphertext
+ *
+ * \return         0 if the signing operation was successful,
+ *                 or an MBEDTLS_ERR_RSA_XXX error code
+ *
+ * \note           The "sig" buffer must be as large as the size
+ *                 of ctx->N (eg. 128 bytes if RSA-1024 is used).
+ *
+ * \note           The hash_id in the RSA context is the one used for the
+ *                 encoding. md_alg in the function call is the type of hash
+ *                 that is encoded. According to RFC 3447 it is advised to
+ *                 keep both hashes the same.
+ */
+int mbedtls_rsa_rsassa_pss_sign( mbedtls_rsa_context *ctx,
+                         int (*f_rng)(void *, unsigned char *, size_t),
+                         void *p_rng,
+                         int mode,
+                         mbedtls_md_type_t md_alg,
+                         unsigned int hashlen,
+                         const unsigned char *hash,
+                         unsigned char *sig );
+
+/**
+ * \brief          Generic wrapper to perform a PKCS#1 verification using the
+ *                 mode from the context. Do a public RSA operation and check
+ *                 the message digest
+ *
+ * \param ctx      points to an RSA public key
+ * \param f_rng    RNG function (Only needed for MBEDTLS_RSA_PRIVATE)
+ * \param p_rng    RNG parameter
+ * \param mode     MBEDTLS_RSA_PUBLIC or MBEDTLS_RSA_PRIVATE
+ * \param md_alg   a MBEDTLS_MD_XXX (use MBEDTLS_MD_NONE for signing raw data)
+ * \param hashlen  message digest length (for MBEDTLS_MD_NONE only)
+ * \param hash     buffer holding the message digest
+ * \param sig      buffer holding the ciphertext
+ *
+ * \return         0 if the verify operation was successful,
+ *                 or an MBEDTLS_ERR_RSA_XXX error code
+ *
+ * \note           The "sig" buffer must be as large as the size
+ *                 of ctx->N (eg. 128 bytes if RSA-1024 is used).
+ *
+ * \note           In case of PKCS#1 v2.1 encoding, see comments on
+ *                 \c mbedtls_rsa_rsassa_pss_verify() about md_alg and hash_id.
+ */
+int mbedtls_rsa_pkcs1_verify( mbedtls_rsa_context *ctx,
+                      int (*f_rng)(void *, unsigned char *, size_t),
+                      void *p_rng,
+                      int mode,
+                      mbedtls_md_type_t md_alg,
+                      unsigned int hashlen,
+                      const unsigned char *hash,
+                      const unsigned char *sig );
+
+/**
+ * \brief          Perform a PKCS#1 v1.5 verification (RSASSA-PKCS1-v1_5-VERIFY)
+ *
+ * \param ctx      points to an RSA public key
+ * \param f_rng    RNG function (Only needed for MBEDTLS_RSA_PRIVATE)
+ * \param p_rng    RNG parameter
+ * \param mode     MBEDTLS_RSA_PUBLIC or MBEDTLS_RSA_PRIVATE
+ * \param md_alg   a MBEDTLS_MD_XXX (use MBEDTLS_MD_NONE for signing raw data)
+ * \param hashlen  message digest length (for MBEDTLS_MD_NONE only)
+ * \param hash     buffer holding the message digest
+ * \param sig      buffer holding the ciphertext
+ *
+ * \return         0 if the verify operation was successful,
+ *                 or an MBEDTLS_ERR_RSA_XXX error code
+ *
+ * \note           The "sig" buffer must be as large as the size
+ *                 of ctx->N (eg. 128 bytes if RSA-1024 is used).
+ */
+int mbedtls_rsa_rsassa_pkcs1_v15_verify( mbedtls_rsa_context *ctx,
+                                 int (*f_rng)(void *, unsigned char *, size_t),
+                                 void *p_rng,
+                                 int mode,
+                                 mbedtls_md_type_t md_alg,
+                                 unsigned int hashlen,
+                                 const unsigned char *hash,
+                                 const unsigned char *sig );
+
+/**
+ * \brief          Perform a PKCS#1 v2.1 PSS verification (RSASSA-PSS-VERIFY)
+ *                 (This is the "simple" version.)
+ *
+ * \param ctx      points to an RSA public key
+ * \param f_rng    RNG function (Only needed for MBEDTLS_RSA_PRIVATE)
+ * \param p_rng    RNG parameter
+ * \param mode     MBEDTLS_RSA_PUBLIC or MBEDTLS_RSA_PRIVATE
+ * \param md_alg   a MBEDTLS_MD_XXX (use MBEDTLS_MD_NONE for signing raw data)
+ * \param hashlen  message digest length (for MBEDTLS_MD_NONE only)
+ * \param hash     buffer holding the message digest
+ * \param sig      buffer holding the ciphertext
+ *
+ * \return         0 if the verify operation was successful,
+ *                 or an MBEDTLS_ERR_RSA_XXX error code
+ *
+ * \note           The "sig" buffer must be as large as the size
+ *                 of ctx->N (eg. 128 bytes if RSA-1024 is used).
+ *
+ * \note           The hash_id in the RSA context is the one used for the
+ *                 verification. md_alg in the function call is the type of
+ *                 hash that is verified. According to RFC 3447 it is advised to
+ *                 keep both hashes the same. If hash_id in the RSA context is
+ *                 unset, the md_alg from the function call is used.
+ */
+int mbedtls_rsa_rsassa_pss_verify( mbedtls_rsa_context *ctx,
+                           int (*f_rng)(void *, unsigned char *, size_t),
+                           void *p_rng,
+                           int mode,
+                           mbedtls_md_type_t md_alg,
+                           unsigned int hashlen,
+                           const unsigned char *hash,
+                           const unsigned char *sig );
+
+/**
+ * \brief          Perform a PKCS#1 v2.1 PSS verification (RSASSA-PSS-VERIFY)
+ *                 (This is the version with "full" options.)
+ *
+ * \param ctx      points to an RSA public key
+ * \param f_rng    RNG function (Only needed for MBEDTLS_RSA_PRIVATE)
+ * \param p_rng    RNG parameter
+ * \param mode     MBEDTLS_RSA_PUBLIC or MBEDTLS_RSA_PRIVATE
+ * \param md_alg   a MBEDTLS_MD_XXX (use MBEDTLS_MD_NONE for signing raw data)
+ * \param hashlen  message digest length (for MBEDTLS_MD_NONE only)
+ * \param hash     buffer holding the message digest
+ * \param mgf1_hash_id message digest used for mask generation
+ * \param expected_salt_len Length of the salt used in padding, use
+ *                 MBEDTLS_RSA_SALT_LEN_ANY to accept any salt length
+ * \param sig      buffer holding the ciphertext
+ *
+ * \return         0 if the verify operation was successful,
+ *                 or an MBEDTLS_ERR_RSA_XXX error code
+ *
+ * \note           The "sig" buffer must be as large as the size
+ *                 of ctx->N (eg. 128 bytes if RSA-1024 is used).
+ *
+ * \note           The hash_id in the RSA context is ignored.
+ */
+int mbedtls_rsa_rsassa_pss_verify_ext( mbedtls_rsa_context *ctx,
+                               int (*f_rng)(void *, unsigned char *, size_t),
+                               void *p_rng,
+                               int mode,
+                               mbedtls_md_type_t md_alg,
+                               unsigned int hashlen,
+                               const unsigned char *hash,
+                               mbedtls_md_type_t mgf1_hash_id,
+                               int expected_salt_len,
+                               const unsigned char *sig );
+
+/**
+ * \brief          Copy the components of an RSA context
+ *
+ * \param dst      Destination context
+ * \param src      Source context
+ *
+ * \return         0 on success,
+ *                 MBEDTLS_ERR_MPI_ALLOC_FAILED on memory allocation failure
+ */
+int mbedtls_rsa_copy( mbedtls_rsa_context *dst, const mbedtls_rsa_context *src );
+
+/**
+ * \brief          Free the components of an RSA key
+ *
+ * \param ctx      RSA Context to free
+ */
+void mbedtls_rsa_free( mbedtls_rsa_context *ctx );
+
+/**
+ * \brief          Checkup routine
+ *
+ * \return         0 if successful, or 1 if the test failed
+ */
+int mbedtls_rsa_self_test( int verbose );
+
+#ifdef __cplusplus
+}
+#endif
+
+#endif /* MBEDTLS_RSA_C */
+
+#endif /* rsa.h */
diff --git a/client/3rd/ShadowSocks/ShadowSocks/mbedtls/include/mbedtls/sha1.h b/client/3rd/ShadowSocks/ShadowSocks/mbedtls/include/mbedtls/sha1.h
new file mode 100644
index 00000000..2b74d06d
--- /dev/null
+++ b/client/3rd/ShadowSocks/ShadowSocks/mbedtls/include/mbedtls/sha1.h
@@ -0,0 +1,136 @@
+/**
+ * \file mbedtls_sha1.h
+ *
+ * \brief SHA-1 cryptographic hash function
+ *
+ *  Copyright (C) 2006-2015, ARM Limited, All Rights Reserved
+ *  SPDX-License-Identifier: Apache-2.0
+ *
+ *  Licensed under the Apache License, Version 2.0 (the "License"); you may
+ *  not use this file except in compliance with the License.
+ *  You may obtain a copy of the License at
+ *
+ *  http://www.apache.org/licenses/LICENSE-2.0
+ *
+ *  Unless required by applicable law or agreed to in writing, software
+ *  distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
+ *  WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ *  See the License for the specific language governing permissions and
+ *  limitations under the License.
+ *
+ *  This file is part of mbed TLS (https://tls.mbed.org)
+ */
+#ifndef MBEDTLS_SHA1_H
+#define MBEDTLS_SHA1_H
+
+#if !defined(MBEDTLS_CONFIG_FILE)
+#include "config.h"
+#else
+#include MBEDTLS_CONFIG_FILE
+#endif
+
+#include <stddef.h>
+#include <stdint.h>
+
+#if !defined(MBEDTLS_SHA1_ALT)
+// Regular implementation
+//
+
+#ifdef __cplusplus
+extern "C" {
+#endif
+
+/**
+ * \brief          SHA-1 context structure
+ */
+typedef struct
+{
+    uint32_t total[2];          /*!< number of bytes processed  */
+    uint32_t state[5];          /*!< intermediate digest state  */
+    unsigned char buffer[64];   /*!< data block being processed */
+}
+mbedtls_sha1_context;
+
+/**
+ * \brief          Initialize SHA-1 context
+ *
+ * \param ctx      SHA-1 context to be initialized
+ */
+void mbedtls_sha1_init( mbedtls_sha1_context *ctx );
+
+/**
+ * \brief          Clear SHA-1 context
+ *
+ * \param ctx      SHA-1 context to be cleared
+ */
+void mbedtls_sha1_free( mbedtls_sha1_context *ctx );
+
+/**
+ * \brief          Clone (the state of) a SHA-1 context
+ *
+ * \param dst      The destination context
+ * \param src      The context to be cloned
+ */
+void mbedtls_sha1_clone( mbedtls_sha1_context *dst,
+                         const mbedtls_sha1_context *src );
+
+/**
+ * \brief          SHA-1 context setup
+ *
+ * \param ctx      context to be initialized
+ */
+void mbedtls_sha1_starts( mbedtls_sha1_context *ctx );
+
+/**
+ * \brief          SHA-1 process buffer
+ *
+ * \param ctx      SHA-1 context
+ * \param input    buffer holding the  data
+ * \param ilen     length of the input data
+ */
+void mbedtls_sha1_update( mbedtls_sha1_context *ctx, const unsigned char *input, size_t ilen );
+
+/**
+ * \brief          SHA-1 final digest
+ *
+ * \param ctx      SHA-1 context
+ * \param output   SHA-1 checksum result
+ */
+void mbedtls_sha1_finish( mbedtls_sha1_context *ctx, unsigned char output[20] );
+
+/* Internal use */
+void mbedtls_sha1_process( mbedtls_sha1_context *ctx, const unsigned char data[64] );
+
+#ifdef __cplusplus
+}
+#endif
+
+#else  /* MBEDTLS_SHA1_ALT */
+#include "sha1_alt.h"
+#endif /* MBEDTLS_SHA1_ALT */
+
+#ifdef __cplusplus
+extern "C" {
+#endif
+
+/**
+ * \brief          Output = SHA-1( input buffer )
+ *
+ * \param input    buffer holding the  data
+ * \param ilen     length of the input data
+ * \param output   SHA-1 checksum result
+ */
+void mbedtls_sha1( const unsigned char *input, size_t ilen, unsigned char output[20] );
+
+/**
+ * \brief          Checkup routine
+ *
+ * \return         0 if successful, or 1 if the test failed
+ */
+int mbedtls_sha1_self_test( int verbose );
+
+#ifdef __cplusplus
+}
+#endif
+
+#endif /* mbedtls_sha1.h */
diff --git a/client/3rd/ShadowSocks/ShadowSocks/mbedtls/include/mbedtls/sha256.h b/client/3rd/ShadowSocks/ShadowSocks/mbedtls/include/mbedtls/sha256.h
new file mode 100644
index 00000000..bc8b226e
--- /dev/null
+++ b/client/3rd/ShadowSocks/ShadowSocks/mbedtls/include/mbedtls/sha256.h
@@ -0,0 +1,141 @@
+/**
+ * \file mbedtls_sha256.h
+ *
+ * \brief SHA-224 and SHA-256 cryptographic hash function
+ *
+ *  Copyright (C) 2006-2015, ARM Limited, All Rights Reserved
+ *  SPDX-License-Identifier: Apache-2.0
+ *
+ *  Licensed under the Apache License, Version 2.0 (the "License"); you may
+ *  not use this file except in compliance with the License.
+ *  You may obtain a copy of the License at
+ *
+ *  http://www.apache.org/licenses/LICENSE-2.0
+ *
+ *  Unless required by applicable law or agreed to in writing, software
+ *  distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
+ *  WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ *  See the License for the specific language governing permissions and
+ *  limitations under the License.
+ *
+ *  This file is part of mbed TLS (https://tls.mbed.org)
+ */
+#ifndef MBEDTLS_SHA256_H
+#define MBEDTLS_SHA256_H
+
+#if !defined(MBEDTLS_CONFIG_FILE)
+#include "config.h"
+#else
+#include MBEDTLS_CONFIG_FILE
+#endif
+
+#include <stddef.h>
+#include <stdint.h>
+
+#if !defined(MBEDTLS_SHA256_ALT)
+// Regular implementation
+//
+
+#ifdef __cplusplus
+extern "C" {
+#endif
+
+/**
+ * \brief          SHA-256 context structure
+ */
+typedef struct
+{
+    uint32_t total[2];          /*!< number of bytes processed  */
+    uint32_t state[8];          /*!< intermediate digest state  */
+    unsigned char buffer[64];   /*!< data block being processed */
+    int is224;                  /*!< 0 => SHA-256, else SHA-224 */
+}
+mbedtls_sha256_context;
+
+/**
+ * \brief          Initialize SHA-256 context
+ *
+ * \param ctx      SHA-256 context to be initialized
+ */
+void mbedtls_sha256_init( mbedtls_sha256_context *ctx );
+
+/**
+ * \brief          Clear SHA-256 context
+ *
+ * \param ctx      SHA-256 context to be cleared
+ */
+void mbedtls_sha256_free( mbedtls_sha256_context *ctx );
+
+/**
+ * \brief          Clone (the state of) a SHA-256 context
+ *
+ * \param dst      The destination context
+ * \param src      The context to be cloned
+ */
+void mbedtls_sha256_clone( mbedtls_sha256_context *dst,
+                           const mbedtls_sha256_context *src );
+
+/**
+ * \brief          SHA-256 context setup
+ *
+ * \param ctx      context to be initialized
+ * \param is224    0 = use SHA256, 1 = use SHA224
+ */
+void mbedtls_sha256_starts( mbedtls_sha256_context *ctx, int is224 );
+
+/**
+ * \brief          SHA-256 process buffer
+ *
+ * \param ctx      SHA-256 context
+ * \param input    buffer holding the  data
+ * \param ilen     length of the input data
+ */
+void mbedtls_sha256_update( mbedtls_sha256_context *ctx, const unsigned char *input,
+                    size_t ilen );
+
+/**
+ * \brief          SHA-256 final digest
+ *
+ * \param ctx      SHA-256 context
+ * \param output   SHA-224/256 checksum result
+ */
+void mbedtls_sha256_finish( mbedtls_sha256_context *ctx, unsigned char output[32] );
+
+/* Internal use */
+void mbedtls_sha256_process( mbedtls_sha256_context *ctx, const unsigned char data[64] );
+
+#ifdef __cplusplus
+}
+#endif
+
+#else  /* MBEDTLS_SHA256_ALT */
+#include "sha256_alt.h"
+#endif /* MBEDTLS_SHA256_ALT */
+
+#ifdef __cplusplus
+extern "C" {
+#endif
+
+/**
+ * \brief          Output = SHA-256( input buffer )
+ *
+ * \param input    buffer holding the  data
+ * \param ilen     length of the input data
+ * \param output   SHA-224/256 checksum result
+ * \param is224    0 = use SHA256, 1 = use SHA224
+ */
+void mbedtls_sha256( const unsigned char *input, size_t ilen,
+           unsigned char output[32], int is224 );
+
+/**
+ * \brief          Checkup routine
+ *
+ * \return         0 if successful, or 1 if the test failed
+ */
+int mbedtls_sha256_self_test( int verbose );
+
+#ifdef __cplusplus
+}
+#endif
+
+#endif /* mbedtls_sha256.h */
diff --git a/client/3rd/ShadowSocks/ShadowSocks/mbedtls/include/mbedtls/sha512.h b/client/3rd/ShadowSocks/ShadowSocks/mbedtls/include/mbedtls/sha512.h
new file mode 100644
index 00000000..9462764f
--- /dev/null
+++ b/client/3rd/ShadowSocks/ShadowSocks/mbedtls/include/mbedtls/sha512.h
@@ -0,0 +1,141 @@
+/**
+ * \file mbedtls_sha512.h
+ *
+ * \brief SHA-384 and SHA-512 cryptographic hash function
+ *
+ *  Copyright (C) 2006-2015, ARM Limited, All Rights Reserved
+ *  SPDX-License-Identifier: Apache-2.0
+ *
+ *  Licensed under the Apache License, Version 2.0 (the "License"); you may
+ *  not use this file except in compliance with the License.
+ *  You may obtain a copy of the License at
+ *
+ *  http://www.apache.org/licenses/LICENSE-2.0
+ *
+ *  Unless required by applicable law or agreed to in writing, software
+ *  distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
+ *  WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ *  See the License for the specific language governing permissions and
+ *  limitations under the License.
+ *
+ *  This file is part of mbed TLS (https://tls.mbed.org)
+ */
+#ifndef MBEDTLS_SHA512_H
+#define MBEDTLS_SHA512_H
+
+#if !defined(MBEDTLS_CONFIG_FILE)
+#include "config.h"
+#else
+#include MBEDTLS_CONFIG_FILE
+#endif
+
+#include <stddef.h>
+#include <stdint.h>
+
+#if !defined(MBEDTLS_SHA512_ALT)
+// Regular implementation
+//
+
+#ifdef __cplusplus
+extern "C" {
+#endif
+
+/**
+ * \brief          SHA-512 context structure
+ */
+typedef struct
+{
+    uint64_t total[2];          /*!< number of bytes processed  */
+    uint64_t state[8];          /*!< intermediate digest state  */
+    unsigned char buffer[128];  /*!< data block being processed */
+    int is384;                  /*!< 0 => SHA-512, else SHA-384 */
+}
+mbedtls_sha512_context;
+
+/**
+ * \brief          Initialize SHA-512 context
+ *
+ * \param ctx      SHA-512 context to be initialized
+ */
+void mbedtls_sha512_init( mbedtls_sha512_context *ctx );
+
+/**
+ * \brief          Clear SHA-512 context
+ *
+ * \param ctx      SHA-512 context to be cleared
+ */
+void mbedtls_sha512_free( mbedtls_sha512_context *ctx );
+
+/**
+ * \brief          Clone (the state of) a SHA-512 context
+ *
+ * \param dst      The destination context
+ * \param src      The context to be cloned
+ */
+void mbedtls_sha512_clone( mbedtls_sha512_context *dst,
+                           const mbedtls_sha512_context *src );
+
+/**
+ * \brief          SHA-512 context setup
+ *
+ * \param ctx      context to be initialized
+ * \param is384    0 = use SHA512, 1 = use SHA384
+ */
+void mbedtls_sha512_starts( mbedtls_sha512_context *ctx, int is384 );
+
+/**
+ * \brief          SHA-512 process buffer
+ *
+ * \param ctx      SHA-512 context
+ * \param input    buffer holding the  data
+ * \param ilen     length of the input data
+ */
+void mbedtls_sha512_update( mbedtls_sha512_context *ctx, const unsigned char *input,
+                    size_t ilen );
+
+/**
+ * \brief          SHA-512 final digest
+ *
+ * \param ctx      SHA-512 context
+ * \param output   SHA-384/512 checksum result
+ */
+void mbedtls_sha512_finish( mbedtls_sha512_context *ctx, unsigned char output[64] );
+
+#ifdef __cplusplus
+}
+#endif
+
+#else  /* MBEDTLS_SHA512_ALT */
+#include "sha512_alt.h"
+#endif /* MBEDTLS_SHA512_ALT */
+
+#ifdef __cplusplus
+extern "C" {
+#endif
+
+/**
+ * \brief          Output = SHA-512( input buffer )
+ *
+ * \param input    buffer holding the  data
+ * \param ilen     length of the input data
+ * \param output   SHA-384/512 checksum result
+ * \param is384    0 = use SHA512, 1 = use SHA384
+ */
+void mbedtls_sha512( const unsigned char *input, size_t ilen,
+             unsigned char output[64], int is384 );
+
+/**
+ * \brief          Checkup routine
+ *
+ * \return         0 if successful, or 1 if the test failed
+ */
+int mbedtls_sha512_self_test( int verbose );
+
+/* Internal use */
+void mbedtls_sha512_process( mbedtls_sha512_context *ctx, const unsigned char data[128] );
+
+#ifdef __cplusplus
+}
+#endif
+
+#endif /* mbedtls_sha512.h */
diff --git a/client/3rd/ShadowSocks/ShadowSocks/mbedtls/include/mbedtls/ssl.h b/client/3rd/ShadowSocks/ShadowSocks/mbedtls/include/mbedtls/ssl.h
new file mode 100644
index 00000000..a017ec0b
--- /dev/null
+++ b/client/3rd/ShadowSocks/ShadowSocks/mbedtls/include/mbedtls/ssl.h
@@ -0,0 +1,2290 @@
+/**
+ * \file ssl.h
+ *
+ * \brief SSL/TLS functions.
+ *
+ *  Copyright (C) 2006-2015, ARM Limited, All Rights Reserved
+ *  SPDX-License-Identifier: Apache-2.0
+ *
+ *  Licensed under the Apache License, Version 2.0 (the "License"); you may
+ *  not use this file except in compliance with the License.
+ *  You may obtain a copy of the License at
+ *
+ *  http://www.apache.org/licenses/LICENSE-2.0
+ *
+ *  Unless required by applicable law or agreed to in writing, software
+ *  distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
+ *  WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ *  See the License for the specific language governing permissions and
+ *  limitations under the License.
+ *
+ *  This file is part of mbed TLS (https://tls.mbed.org)
+ */
+#ifndef MBEDTLS_SSL_H
+#define MBEDTLS_SSL_H
+
+#if !defined(MBEDTLS_CONFIG_FILE)
+#include "config.h"
+#else
+#include MBEDTLS_CONFIG_FILE
+#endif
+
+#include "bignum.h"
+#include "ecp.h"
+
+#include "ssl_ciphersuites.h"
+
+#if defined(MBEDTLS_X509_CRT_PARSE_C)
+#include "x509_crt.h"
+#include "x509_crl.h"
+#endif
+
+#if defined(MBEDTLS_DHM_C)
+#include "dhm.h"
+#endif
+
+#if defined(MBEDTLS_ECDH_C)
+#include "ecdh.h"
+#endif
+
+#if defined(MBEDTLS_ZLIB_SUPPORT)
+#include "zlib.h"
+#endif
+
+#if defined(MBEDTLS_HAVE_TIME)
+#include <time.h>
+#endif
+
+/* For convenience below and in programs */
+#if defined(MBEDTLS_KEY_EXCHANGE_PSK_ENABLED) ||                           \
+    defined(MBEDTLS_KEY_EXCHANGE_RSA_PSK_ENABLED) ||                       \
+    defined(MBEDTLS_KEY_EXCHANGE_DHE_PSK_ENABLED) ||                       \
+    defined(MBEDTLS_KEY_EXCHANGE_ECDHE_PSK_ENABLED)
+#define MBEDTLS_KEY_EXCHANGE__SOME__PSK_ENABLED
+#endif
+
+#if defined(MBEDTLS_KEY_EXCHANGE_ECDHE_RSA_ENABLED) ||                     \
+    defined(MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA_ENABLED) ||                   \
+    defined(MBEDTLS_KEY_EXCHANGE_ECDHE_PSK_ENABLED)
+#define MBEDTLS_KEY_EXCHANGE__SOME__ECDHE_ENABLED
+#endif
+
+#if defined(MBEDTLS_KEY_EXCHANGE_DHE_RSA_ENABLED) ||                       \
+    defined(MBEDTLS_KEY_EXCHANGE_ECDHE_RSA_ENABLED) ||                     \
+    defined(MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA_ENABLED)
+#define MBEDTLS_KEY_EXCHANGE__SOME__SIGNATURE_ENABLED
+#endif
+
+/*
+ * SSL Error codes
+ */
+#define MBEDTLS_ERR_SSL_FEATURE_UNAVAILABLE               -0x7080  /**< The requested feature is not available. */
+#define MBEDTLS_ERR_SSL_BAD_INPUT_DATA                    -0x7100  /**< Bad input parameters to function. */
+#define MBEDTLS_ERR_SSL_INVALID_MAC                       -0x7180  /**< Verification of the message MAC failed. */
+#define MBEDTLS_ERR_SSL_INVALID_RECORD                    -0x7200  /**< An invalid SSL record was received. */
+#define MBEDTLS_ERR_SSL_CONN_EOF                          -0x7280  /**< The connection indicated an EOF. */
+#define MBEDTLS_ERR_SSL_UNKNOWN_CIPHER                    -0x7300  /**< An unknown cipher was received. */
+#define MBEDTLS_ERR_SSL_NO_CIPHER_CHOSEN                  -0x7380  /**< The server has no ciphersuites in common with the client. */
+#define MBEDTLS_ERR_SSL_NO_RNG                            -0x7400  /**< No RNG was provided to the SSL module. */
+#define MBEDTLS_ERR_SSL_NO_CLIENT_CERTIFICATE             -0x7480  /**< No client certification received from the client, but required by the authentication mode. */
+#define MBEDTLS_ERR_SSL_CERTIFICATE_TOO_LARGE             -0x7500  /**< Our own certificate(s) is/are too large to send in an SSL message. */
+#define MBEDTLS_ERR_SSL_CERTIFICATE_REQUIRED              -0x7580  /**< The own certificate is not set, but needed by the server. */
+#define MBEDTLS_ERR_SSL_PRIVATE_KEY_REQUIRED              -0x7600  /**< The own private key or pre-shared key is not set, but needed. */
+#define MBEDTLS_ERR_SSL_CA_CHAIN_REQUIRED                 -0x7680  /**< No CA Chain is set, but required to operate. */
+#define MBEDTLS_ERR_SSL_UNEXPECTED_MESSAGE                -0x7700  /**< An unexpected message was received from our peer. */
+#define MBEDTLS_ERR_SSL_FATAL_ALERT_MESSAGE               -0x7780  /**< A fatal alert message was received from our peer. */
+#define MBEDTLS_ERR_SSL_PEER_VERIFY_FAILED                -0x7800  /**< Verification of our peer failed. */
+#define MBEDTLS_ERR_SSL_PEER_CLOSE_NOTIFY                 -0x7880  /**< The peer notified us that the connection is going to be closed. */
+#define MBEDTLS_ERR_SSL_BAD_HS_CLIENT_HELLO               -0x7900  /**< Processing of the ClientHello handshake message failed. */
+#define MBEDTLS_ERR_SSL_BAD_HS_SERVER_HELLO               -0x7980  /**< Processing of the ServerHello handshake message failed. */
+#define MBEDTLS_ERR_SSL_BAD_HS_CERTIFICATE                -0x7A00  /**< Processing of the Certificate handshake message failed. */
+#define MBEDTLS_ERR_SSL_BAD_HS_CERTIFICATE_REQUEST        -0x7A80  /**< Processing of the CertificateRequest handshake message failed. */
+#define MBEDTLS_ERR_SSL_BAD_HS_SERVER_KEY_EXCHANGE        -0x7B00  /**< Processing of the ServerKeyExchange handshake message failed. */
+#define MBEDTLS_ERR_SSL_BAD_HS_SERVER_HELLO_DONE          -0x7B80  /**< Processing of the ServerHelloDone handshake message failed. */
+#define MBEDTLS_ERR_SSL_BAD_HS_CLIENT_KEY_EXCHANGE        -0x7C00  /**< Processing of the ClientKeyExchange handshake message failed. */
+#define MBEDTLS_ERR_SSL_BAD_HS_CLIENT_KEY_EXCHANGE_RP     -0x7C80  /**< Processing of the ClientKeyExchange handshake message failed in DHM / ECDH Read Public. */
+#define MBEDTLS_ERR_SSL_BAD_HS_CLIENT_KEY_EXCHANGE_CS     -0x7D00  /**< Processing of the ClientKeyExchange handshake message failed in DHM / ECDH Calculate Secret. */
+#define MBEDTLS_ERR_SSL_BAD_HS_CERTIFICATE_VERIFY         -0x7D80  /**< Processing of the CertificateVerify handshake message failed. */
+#define MBEDTLS_ERR_SSL_BAD_HS_CHANGE_CIPHER_SPEC         -0x7E00  /**< Processing of the ChangeCipherSpec handshake message failed. */
+#define MBEDTLS_ERR_SSL_BAD_HS_FINISHED                   -0x7E80  /**< Processing of the Finished handshake message failed. */
+#define MBEDTLS_ERR_SSL_ALLOC_FAILED                      -0x7F00  /**< Memory allocation failed */
+#define MBEDTLS_ERR_SSL_HW_ACCEL_FAILED                   -0x7F80  /**< Hardware acceleration function returned with error */
+#define MBEDTLS_ERR_SSL_HW_ACCEL_FALLTHROUGH              -0x6F80  /**< Hardware acceleration function skipped / left alone data */
+#define MBEDTLS_ERR_SSL_COMPRESSION_FAILED                -0x6F00  /**< Processing of the compression / decompression failed */
+#define MBEDTLS_ERR_SSL_BAD_HS_PROTOCOL_VERSION           -0x6E80  /**< Handshake protocol not within min/max boundaries */
+#define MBEDTLS_ERR_SSL_BAD_HS_NEW_SESSION_TICKET         -0x6E00  /**< Processing of the NewSessionTicket handshake message failed. */
+#define MBEDTLS_ERR_SSL_SESSION_TICKET_EXPIRED            -0x6D80  /**< Session ticket has expired. */
+#define MBEDTLS_ERR_SSL_PK_TYPE_MISMATCH                  -0x6D00  /**< Public key type mismatch (eg, asked for RSA key exchange and presented EC key) */
+#define MBEDTLS_ERR_SSL_UNKNOWN_IDENTITY                  -0x6C80  /**< Unknown identity received (eg, PSK identity) */
+#define MBEDTLS_ERR_SSL_INTERNAL_ERROR                    -0x6C00  /**< Internal error (eg, unexpected failure in lower-level module) */
+#define MBEDTLS_ERR_SSL_COUNTER_WRAPPING                  -0x6B80  /**< A counter would wrap (eg, too many messages exchanged). */
+#define MBEDTLS_ERR_SSL_WAITING_SERVER_HELLO_RENEGO       -0x6B00  /**< Unexpected message at ServerHello in renegotiation. */
+#define MBEDTLS_ERR_SSL_HELLO_VERIFY_REQUIRED             -0x6A80  /**< DTLS client must retry for hello verification */
+#define MBEDTLS_ERR_SSL_BUFFER_TOO_SMALL                  -0x6A00  /**< A buffer is too small to receive or write a message */
+#define MBEDTLS_ERR_SSL_NO_USABLE_CIPHERSUITE             -0x6980  /**< None of the common ciphersuites is usable (eg, no suitable certificate, see debug messages). */
+#define MBEDTLS_ERR_SSL_WANT_READ                         -0x6900  /**< Connection requires a read call. */
+#define MBEDTLS_ERR_SSL_WANT_WRITE                        -0x6880  /**< Connection requires a write call. */
+#define MBEDTLS_ERR_SSL_TIMEOUT                           -0x6800  /**< The operation timed out. */
+#define MBEDTLS_ERR_SSL_CLIENT_RECONNECT                  -0x6780  /**< The client initiated a reconnect from the same port. */
+
+/*
+ * Various constants
+ */
+#define MBEDTLS_SSL_MAJOR_VERSION_3             3
+#define MBEDTLS_SSL_MINOR_VERSION_0             0   /*!< SSL v3.0 */
+#define MBEDTLS_SSL_MINOR_VERSION_1             1   /*!< TLS v1.0 */
+#define MBEDTLS_SSL_MINOR_VERSION_2             2   /*!< TLS v1.1 */
+#define MBEDTLS_SSL_MINOR_VERSION_3             3   /*!< TLS v1.2 */
+
+#define MBEDTLS_SSL_TRANSPORT_STREAM            0   /*!< TLS      */
+#define MBEDTLS_SSL_TRANSPORT_DATAGRAM          1   /*!< DTLS     */
+
+#define MBEDTLS_SSL_MAX_HOST_NAME_LEN           255 /*!< Maximum host name defined in RFC 1035 */
+
+/* RFC 6066 section 4, see also mfl_code_to_length in ssl_tls.c
+ * NONE must be zero so that memset()ing structure to zero works */
+#define MBEDTLS_SSL_MAX_FRAG_LEN_NONE           0   /*!< don't use this extension   */
+#define MBEDTLS_SSL_MAX_FRAG_LEN_512            1   /*!< MaxFragmentLength 2^9      */
+#define MBEDTLS_SSL_MAX_FRAG_LEN_1024           2   /*!< MaxFragmentLength 2^10     */
+#define MBEDTLS_SSL_MAX_FRAG_LEN_2048           3   /*!< MaxFragmentLength 2^11     */
+#define MBEDTLS_SSL_MAX_FRAG_LEN_4096           4   /*!< MaxFragmentLength 2^12     */
+#define MBEDTLS_SSL_MAX_FRAG_LEN_INVALID        5   /*!< first invalid value        */
+
+#define MBEDTLS_SSL_IS_CLIENT                   0
+#define MBEDTLS_SSL_IS_SERVER                   1
+
+#define MBEDTLS_SSL_IS_NOT_FALLBACK             0
+#define MBEDTLS_SSL_IS_FALLBACK                 1
+
+#define MBEDTLS_SSL_EXTENDED_MS_DISABLED        0
+#define MBEDTLS_SSL_EXTENDED_MS_ENABLED         1
+
+#define MBEDTLS_SSL_ETM_DISABLED                0
+#define MBEDTLS_SSL_ETM_ENABLED                 1
+
+#define MBEDTLS_SSL_COMPRESS_NULL               0
+#define MBEDTLS_SSL_COMPRESS_DEFLATE            1
+
+#define MBEDTLS_SSL_VERIFY_NONE                 0
+#define MBEDTLS_SSL_VERIFY_OPTIONAL             1
+#define MBEDTLS_SSL_VERIFY_REQUIRED             2
+#define MBEDTLS_SSL_VERIFY_UNSET                3 /* Used only for sni_authmode */
+
+#define MBEDTLS_SSL_LEGACY_RENEGOTIATION        0
+#define MBEDTLS_SSL_SECURE_RENEGOTIATION        1
+
+#define MBEDTLS_SSL_RENEGOTIATION_DISABLED      0
+#define MBEDTLS_SSL_RENEGOTIATION_ENABLED       1
+
+#define MBEDTLS_SSL_ANTI_REPLAY_DISABLED        0
+#define MBEDTLS_SSL_ANTI_REPLAY_ENABLED         1
+
+#define MBEDTLS_SSL_RENEGOTIATION_NOT_ENFORCED  -1
+#define MBEDTLS_SSL_RENEGO_MAX_RECORDS_DEFAULT  16
+
+#define MBEDTLS_SSL_LEGACY_NO_RENEGOTIATION     0
+#define MBEDTLS_SSL_LEGACY_ALLOW_RENEGOTIATION  1
+#define MBEDTLS_SSL_LEGACY_BREAK_HANDSHAKE      2
+
+#define MBEDTLS_SSL_TRUNC_HMAC_DISABLED         0
+#define MBEDTLS_SSL_TRUNC_HMAC_ENABLED          1
+#define MBEDTLS_SSL_TRUNCATED_HMAC_LEN          10  /* 80 bits, rfc 6066 section 7 */
+
+#define MBEDTLS_SSL_SESSION_TICKETS_DISABLED     0
+#define MBEDTLS_SSL_SESSION_TICKETS_ENABLED      1
+
+#define MBEDTLS_SSL_CBC_RECORD_SPLITTING_DISABLED    0
+#define MBEDTLS_SSL_CBC_RECORD_SPLITTING_ENABLED     1
+
+#define MBEDTLS_SSL_ARC4_ENABLED                0
+#define MBEDTLS_SSL_ARC4_DISABLED               1
+
+#define MBEDTLS_SSL_PRESET_DEFAULT              0
+#define MBEDTLS_SSL_PRESET_SUITEB               2
+
+/*
+ * Default range for DTLS retransmission timer value, in milliseconds.
+ * RFC 6347 4.2.4.1 says from 1 second to 60 seconds.
+ */
+#define MBEDTLS_SSL_DTLS_TIMEOUT_DFL_MIN    1000
+#define MBEDTLS_SSL_DTLS_TIMEOUT_DFL_MAX   60000
+
+/**
+ * \name SECTION: Module settings
+ *
+ * The configuration options you can set for this module are in this section.
+ * Either change them in config.h or define them on the compiler command line.
+ * \{
+ */
+
+#if !defined(MBEDTLS_SSL_DEFAULT_TICKET_LIFETIME)
+#define MBEDTLS_SSL_DEFAULT_TICKET_LIFETIME     86400 /**< Lifetime of session tickets (if enabled) */
+#endif
+
+/*
+ * Maxium fragment length in bytes,
+ * determines the size of each of the two internal I/O buffers.
+ *
+ * Note: the RFC defines the default size of SSL / TLS messages. If you
+ * change the value here, other clients / servers may not be able to
+ * communicate with you anymore. Only change this value if you control
+ * both sides of the connection and have it reduced at both sides, or
+ * if you're using the Max Fragment Length extension and you know all your
+ * peers are using it too!
+ */
+#if !defined(MBEDTLS_SSL_MAX_CONTENT_LEN)
+#define MBEDTLS_SSL_MAX_CONTENT_LEN         16384   /**< Size of the input / output buffer */
+#endif
+
+/* \} name SECTION: Module settings */
+
+/*
+ * Length of the verify data for secure renegotiation
+ */
+#if defined(MBEDTLS_SSL_PROTO_SSL3)
+#define MBEDTLS_SSL_VERIFY_DATA_MAX_LEN 36
+#else
+#define MBEDTLS_SSL_VERIFY_DATA_MAX_LEN 12
+#endif
+
+/*
+ * Signaling ciphersuite values (SCSV)
+ */
+#define MBEDTLS_SSL_EMPTY_RENEGOTIATION_INFO    0xFF   /**< renegotiation info ext */
+#define MBEDTLS_SSL_FALLBACK_SCSV_VALUE         0x5600 /**< draft-ietf-tls-downgrade-scsv-00 */
+
+/*
+ * Supported Signature and Hash algorithms (For TLS 1.2)
+ * RFC 5246 section 7.4.1.4.1
+ */
+#define MBEDTLS_SSL_HASH_NONE                0
+#define MBEDTLS_SSL_HASH_MD5                 1
+#define MBEDTLS_SSL_HASH_SHA1                2
+#define MBEDTLS_SSL_HASH_SHA224              3
+#define MBEDTLS_SSL_HASH_SHA256              4
+#define MBEDTLS_SSL_HASH_SHA384              5
+#define MBEDTLS_SSL_HASH_SHA512              6
+
+#define MBEDTLS_SSL_SIG_ANON                 0
+#define MBEDTLS_SSL_SIG_RSA                  1
+#define MBEDTLS_SSL_SIG_ECDSA                3
+
+/*
+ * Client Certificate Types
+ * RFC 5246 section 7.4.4 plus RFC 4492 section 5.5
+ */
+#define MBEDTLS_SSL_CERT_TYPE_RSA_SIGN       1
+#define MBEDTLS_SSL_CERT_TYPE_ECDSA_SIGN    64
+
+/*
+ * Message, alert and handshake types
+ */
+#define MBEDTLS_SSL_MSG_CHANGE_CIPHER_SPEC     20
+#define MBEDTLS_SSL_MSG_ALERT                  21
+#define MBEDTLS_SSL_MSG_HANDSHAKE              22
+#define MBEDTLS_SSL_MSG_APPLICATION_DATA       23
+
+#define MBEDTLS_SSL_ALERT_LEVEL_WARNING         1
+#define MBEDTLS_SSL_ALERT_LEVEL_FATAL           2
+
+#define MBEDTLS_SSL_ALERT_MSG_CLOSE_NOTIFY           0  /* 0x00 */
+#define MBEDTLS_SSL_ALERT_MSG_UNEXPECTED_MESSAGE    10  /* 0x0A */
+#define MBEDTLS_SSL_ALERT_MSG_BAD_RECORD_MAC        20  /* 0x14 */
+#define MBEDTLS_SSL_ALERT_MSG_DECRYPTION_FAILED     21  /* 0x15 */
+#define MBEDTLS_SSL_ALERT_MSG_RECORD_OVERFLOW       22  /* 0x16 */
+#define MBEDTLS_SSL_ALERT_MSG_DECOMPRESSION_FAILURE 30  /* 0x1E */
+#define MBEDTLS_SSL_ALERT_MSG_HANDSHAKE_FAILURE     40  /* 0x28 */
+#define MBEDTLS_SSL_ALERT_MSG_NO_CERT               41  /* 0x29 */
+#define MBEDTLS_SSL_ALERT_MSG_BAD_CERT              42  /* 0x2A */
+#define MBEDTLS_SSL_ALERT_MSG_UNSUPPORTED_CERT      43  /* 0x2B */
+#define MBEDTLS_SSL_ALERT_MSG_CERT_REVOKED          44  /* 0x2C */
+#define MBEDTLS_SSL_ALERT_MSG_CERT_EXPIRED          45  /* 0x2D */
+#define MBEDTLS_SSL_ALERT_MSG_CERT_UNKNOWN          46  /* 0x2E */
+#define MBEDTLS_SSL_ALERT_MSG_ILLEGAL_PARAMETER     47  /* 0x2F */
+#define MBEDTLS_SSL_ALERT_MSG_UNKNOWN_CA            48  /* 0x30 */
+#define MBEDTLS_SSL_ALERT_MSG_ACCESS_DENIED         49  /* 0x31 */
+#define MBEDTLS_SSL_ALERT_MSG_DECODE_ERROR          50  /* 0x32 */
+#define MBEDTLS_SSL_ALERT_MSG_DECRYPT_ERROR         51  /* 0x33 */
+#define MBEDTLS_SSL_ALERT_MSG_EXPORT_RESTRICTION    60  /* 0x3C */
+#define MBEDTLS_SSL_ALERT_MSG_PROTOCOL_VERSION      70  /* 0x46 */
+#define MBEDTLS_SSL_ALERT_MSG_INSUFFICIENT_SECURITY 71  /* 0x47 */
+#define MBEDTLS_SSL_ALERT_MSG_INTERNAL_ERROR        80  /* 0x50 */
+#define MBEDTLS_SSL_ALERT_MSG_INAPROPRIATE_FALLBACK 86  /* 0x56 */
+#define MBEDTLS_SSL_ALERT_MSG_USER_CANCELED         90  /* 0x5A */
+#define MBEDTLS_SSL_ALERT_MSG_NO_RENEGOTIATION     100  /* 0x64 */
+#define MBEDTLS_SSL_ALERT_MSG_UNSUPPORTED_EXT      110  /* 0x6E */
+#define MBEDTLS_SSL_ALERT_MSG_UNRECOGNIZED_NAME    112  /* 0x70 */
+#define MBEDTLS_SSL_ALERT_MSG_UNKNOWN_PSK_IDENTITY 115  /* 0x73 */
+#define MBEDTLS_SSL_ALERT_MSG_NO_APPLICATION_PROTOCOL 120 /* 0x78 */
+
+#define MBEDTLS_SSL_HS_HELLO_REQUEST            0
+#define MBEDTLS_SSL_HS_CLIENT_HELLO             1
+#define MBEDTLS_SSL_HS_SERVER_HELLO             2
+#define MBEDTLS_SSL_HS_HELLO_VERIFY_REQUEST     3
+#define MBEDTLS_SSL_HS_NEW_SESSION_TICKET       4
+#define MBEDTLS_SSL_HS_CERTIFICATE             11
+#define MBEDTLS_SSL_HS_SERVER_KEY_EXCHANGE     12
+#define MBEDTLS_SSL_HS_CERTIFICATE_REQUEST     13
+#define MBEDTLS_SSL_HS_SERVER_HELLO_DONE       14
+#define MBEDTLS_SSL_HS_CERTIFICATE_VERIFY      15
+#define MBEDTLS_SSL_HS_CLIENT_KEY_EXCHANGE     16
+#define MBEDTLS_SSL_HS_FINISHED                20
+
+/*
+ * TLS extensions
+ */
+#define MBEDTLS_TLS_EXT_SERVERNAME                   0
+#define MBEDTLS_TLS_EXT_SERVERNAME_HOSTNAME          0
+
+#define MBEDTLS_TLS_EXT_MAX_FRAGMENT_LENGTH          1
+
+#define MBEDTLS_TLS_EXT_TRUNCATED_HMAC               4
+
+#define MBEDTLS_TLS_EXT_SUPPORTED_ELLIPTIC_CURVES   10
+#define MBEDTLS_TLS_EXT_SUPPORTED_POINT_FORMATS     11
+
+#define MBEDTLS_TLS_EXT_SIG_ALG                     13
+
+#define MBEDTLS_TLS_EXT_ALPN                        16
+
+#define MBEDTLS_TLS_EXT_ENCRYPT_THEN_MAC            22 /* 0x16 */
+#define MBEDTLS_TLS_EXT_EXTENDED_MASTER_SECRET  0x0017 /* 23 */
+
+#define MBEDTLS_TLS_EXT_SESSION_TICKET              35
+
+#define MBEDTLS_TLS_EXT_RENEGOTIATION_INFO      0xFF01
+
+/*
+ * Size defines
+ */
+#if !defined(MBEDTLS_PSK_MAX_LEN)
+#define MBEDTLS_PSK_MAX_LEN            32 /* 256 bits */
+#endif
+
+/* Dummy type used only for its size */
+union mbedtls_ssl_premaster_secret
+{
+#if defined(MBEDTLS_KEY_EXCHANGE_RSA_ENABLED)
+    unsigned char _pms_rsa[48];                         /* RFC 5246 8.1.1 */
+#endif
+#if defined(MBEDTLS_KEY_EXCHANGE_DHE_RSA_ENABLED)
+    unsigned char _pms_dhm[MBEDTLS_MPI_MAX_SIZE];      /* RFC 5246 8.1.2 */
+#endif
+#if defined(MBEDTLS_KEY_EXCHANGE_ECDHE_RSA_ENABLED)    || \
+    defined(MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA_ENABLED)  || \
+    defined(MBEDTLS_KEY_EXCHANGE_ECDH_RSA_ENABLED)     || \
+    defined(MBEDTLS_KEY_EXCHANGE_ECDH_ECDSA_ENABLED)
+    unsigned char _pms_ecdh[MBEDTLS_ECP_MAX_BYTES];    /* RFC 4492 5.10 */
+#endif
+#if defined(MBEDTLS_KEY_EXCHANGE_PSK_ENABLED)
+    unsigned char _pms_psk[4 + 2 * MBEDTLS_PSK_MAX_LEN];       /* RFC 4279 2 */
+#endif
+#if defined(MBEDTLS_KEY_EXCHANGE_DHE_PSK_ENABLED)
+    unsigned char _pms_dhe_psk[4 + MBEDTLS_MPI_MAX_SIZE
+                                 + MBEDTLS_PSK_MAX_LEN];       /* RFC 4279 3 */
+#endif
+#if defined(MBEDTLS_KEY_EXCHANGE_RSA_PSK_ENABLED)
+    unsigned char _pms_rsa_psk[52 + MBEDTLS_PSK_MAX_LEN];      /* RFC 4279 4 */
+#endif
+#if defined(MBEDTLS_KEY_EXCHANGE_ECDHE_PSK_ENABLED)
+    unsigned char _pms_ecdhe_psk[4 + MBEDTLS_ECP_MAX_BYTES
+                                   + MBEDTLS_PSK_MAX_LEN];     /* RFC 5489 2 */
+#endif
+};
+
+#define MBEDTLS_PREMASTER_SIZE     sizeof( union mbedtls_ssl_premaster_secret )
+
+#ifdef __cplusplus
+extern "C" {
+#endif
+
+/*
+ * SSL state machine
+ */
+typedef enum
+{
+    MBEDTLS_SSL_HELLO_REQUEST,
+    MBEDTLS_SSL_CLIENT_HELLO,
+    MBEDTLS_SSL_SERVER_HELLO,
+    MBEDTLS_SSL_SERVER_CERTIFICATE,
+    MBEDTLS_SSL_SERVER_KEY_EXCHANGE,
+    MBEDTLS_SSL_CERTIFICATE_REQUEST,
+    MBEDTLS_SSL_SERVER_HELLO_DONE,
+    MBEDTLS_SSL_CLIENT_CERTIFICATE,
+    MBEDTLS_SSL_CLIENT_KEY_EXCHANGE,
+    MBEDTLS_SSL_CERTIFICATE_VERIFY,
+    MBEDTLS_SSL_CLIENT_CHANGE_CIPHER_SPEC,
+    MBEDTLS_SSL_CLIENT_FINISHED,
+    MBEDTLS_SSL_SERVER_CHANGE_CIPHER_SPEC,
+    MBEDTLS_SSL_SERVER_FINISHED,
+    MBEDTLS_SSL_FLUSH_BUFFERS,
+    MBEDTLS_SSL_HANDSHAKE_WRAPUP,
+    MBEDTLS_SSL_HANDSHAKE_OVER,
+    MBEDTLS_SSL_SERVER_NEW_SESSION_TICKET,
+    MBEDTLS_SSL_SERVER_HELLO_VERIFY_REQUEST_SENT,
+}
+mbedtls_ssl_states;
+
+/* Defined below */
+typedef struct mbedtls_ssl_session mbedtls_ssl_session;
+typedef struct mbedtls_ssl_context mbedtls_ssl_context;
+typedef struct mbedtls_ssl_config  mbedtls_ssl_config;
+
+/* Defined in ssl_internal.h */
+typedef struct mbedtls_ssl_transform mbedtls_ssl_transform;
+typedef struct mbedtls_ssl_handshake_params mbedtls_ssl_handshake_params;
+#if defined(MBEDTLS_X509_CRT_PARSE_C)
+typedef struct mbedtls_ssl_key_cert mbedtls_ssl_key_cert;
+#endif
+#if defined(MBEDTLS_SSL_PROTO_DTLS)
+typedef struct mbedtls_ssl_flight_item mbedtls_ssl_flight_item;
+#endif
+
+/*
+ * This structure is used for storing current session data.
+ */
+struct mbedtls_ssl_session
+{
+#if defined(MBEDTLS_HAVE_TIME)
+    time_t start;               /*!< starting time      */
+#endif
+    int ciphersuite;            /*!< chosen ciphersuite */
+    int compression;            /*!< chosen compression */
+    size_t id_len;              /*!< session id length  */
+    unsigned char id[32];       /*!< session identifier */
+    unsigned char master[48];   /*!< the master secret  */
+
+#if defined(MBEDTLS_X509_CRT_PARSE_C)
+    mbedtls_x509_crt *peer_cert;        /*!< peer X.509 cert chain */
+#endif /* MBEDTLS_X509_CRT_PARSE_C */
+    uint32_t verify_result;          /*!<  verification result     */
+
+#if defined(MBEDTLS_SSL_SESSION_TICKETS) && defined(MBEDTLS_SSL_CLI_C)
+    unsigned char *ticket;      /*!< RFC 5077 session ticket */
+    size_t ticket_len;          /*!< session ticket length   */
+    uint32_t ticket_lifetime;   /*!< ticket lifetime hint    */
+#endif /* MBEDTLS_SSL_SESSION_TICKETS && MBEDTLS_SSL_CLI_C */
+
+#if defined(MBEDTLS_SSL_MAX_FRAGMENT_LENGTH)
+    unsigned char mfl_code;     /*!< MaxFragmentLength negotiated by peer */
+#endif /* MBEDTLS_SSL_MAX_FRAGMENT_LENGTH */
+
+#if defined(MBEDTLS_SSL_TRUNCATED_HMAC)
+    int trunc_hmac;             /*!< flag for truncated hmac activation   */
+#endif /* MBEDTLS_SSL_TRUNCATED_HMAC */
+
+#if defined(MBEDTLS_SSL_ENCRYPT_THEN_MAC)
+    int encrypt_then_mac;       /*!< flag for EtM activation                */
+#endif
+};
+
+/**
+ * SSL/TLS configuration to be shared between mbedtls_ssl_context structures.
+ */
+struct mbedtls_ssl_config
+{
+    /* Group items by size (largest first) to minimize padding overhead */
+
+    /*
+     * Pointers
+     */
+
+    const int *ciphersuite_list[4]; /*!< allowed ciphersuites per version   */
+
+    /** Callback for printing debug output                                  */
+    void (*f_dbg)(void *, int, const char *, int, const char *);
+    void *p_dbg;                    /*!< context for the debug function     */
+
+    /** Callback for getting (pseudo-)random numbers                        */
+    int  (*f_rng)(void *, unsigned char *, size_t);
+    void *p_rng;                    /*!< context for the RNG function       */
+
+    /** Callback to retrieve a session from the cache                       */
+    int (*f_get_cache)(void *, mbedtls_ssl_session *);
+    /** Callback to store a session into the cache                          */
+    int (*f_set_cache)(void *, const mbedtls_ssl_session *);
+    void *p_cache;                  /*!< context for cache callbacks        */
+
+#if defined(MBEDTLS_SSL_SERVER_NAME_INDICATION)
+    /** Callback for setting cert according to SNI extension                */
+    int (*f_sni)(void *, mbedtls_ssl_context *, const unsigned char *, size_t);
+    void *p_sni;                    /*!< context for SNI callback           */
+#endif
+
+#if defined(MBEDTLS_X509_CRT_PARSE_C)
+    /** Callback to customize X.509 certificate chain verification          */
+    int (*f_vrfy)(void *, mbedtls_x509_crt *, int, uint32_t *);
+    void *p_vrfy;                   /*!< context for X.509 verify calllback */
+#endif
+
+#if defined(MBEDTLS_KEY_EXCHANGE__SOME__PSK_ENABLED)
+    /** Callback to retrieve PSK key from identity                          */
+    int (*f_psk)(void *, mbedtls_ssl_context *, const unsigned char *, size_t);
+    void *p_psk;                    /*!< context for PSK callback           */
+#endif
+
+#if defined(MBEDTLS_SSL_DTLS_HELLO_VERIFY) && defined(MBEDTLS_SSL_SRV_C)
+    /** Callback to create & write a cookie for ClientHello veirifcation    */
+    int (*f_cookie_write)( void *, unsigned char **, unsigned char *,
+                           const unsigned char *, size_t );
+    /** Callback to verify validity of a ClientHello cookie                 */
+    int (*f_cookie_check)( void *, const unsigned char *, size_t,
+                           const unsigned char *, size_t );
+    void *p_cookie;                 /*!< context for the cookie callbacks   */
+#endif
+
+#if defined(MBEDTLS_SSL_SESSION_TICKETS) && defined(MBEDTLS_SSL_SRV_C)
+    /** Callback to create & write a session ticket                         */
+    int (*f_ticket_write)( void *, const mbedtls_ssl_session *,
+            unsigned char *, const unsigned char *, size_t *, uint32_t * );
+    /** Callback to parse a session ticket into a session structure         */
+    int (*f_ticket_parse)( void *, mbedtls_ssl_session *, unsigned char *, size_t);
+    void *p_ticket;                 /*!< context for the ticket callbacks   */
+#endif /* MBEDTLS_SSL_SESSION_TICKETS && MBEDTLS_SSL_SRV_C */
+
+#if defined(MBEDTLS_X509_CRT_PARSE_C)
+    const mbedtls_x509_crt_profile *cert_profile; /*!< verification profile */
+    mbedtls_ssl_key_cert *key_cert; /*!< own certificate/key pair(s)        */
+    mbedtls_x509_crt *ca_chain;     /*!< trusted CAs                        */
+    mbedtls_x509_crl *ca_crl;       /*!< trusted CAs CRLs                   */
+#endif /* MBEDTLS_X509_CRT_PARSE_C */
+
+#if defined(MBEDTLS_KEY_EXCHANGE__SOME__SIGNATURE_ENABLED)
+    const int *sig_hashes;          /*!< allowed signature hashes           */
+#endif
+
+#if defined(MBEDTLS_ECP_C)
+    const mbedtls_ecp_group_id *curve_list; /*!< allowed curves             */
+#endif
+
+#if defined(MBEDTLS_DHM_C)
+    mbedtls_mpi dhm_P;              /*!< prime modulus for DHM              */
+    mbedtls_mpi dhm_G;              /*!< generator for DHM                  */
+#endif
+
+#if defined(MBEDTLS_KEY_EXCHANGE__SOME__PSK_ENABLED)
+    unsigned char *psk;             /*!< pre-shared key                     */
+    size_t         psk_len;         /*!< length of the pre-shared key       */
+    unsigned char *psk_identity;    /*!< identity for PSK negotiation       */
+    size_t         psk_identity_len;/*!< length of identity                 */
+#endif
+
+#if defined(MBEDTLS_SSL_ALPN)
+    const char **alpn_list;         /*!< ordered list of protocols          */
+#endif
+
+    /*
+     * Numerical settings (int then char)
+     */
+
+    uint32_t read_timeout;          /*!< timeout for mbedtls_ssl_read (ms)  */
+
+#if defined(MBEDTLS_SSL_PROTO_DTLS)
+    uint32_t hs_timeout_min;        /*!< initial value of the handshake
+                                         retransmission timeout (ms)        */
+    uint32_t hs_timeout_max;        /*!< maximum value of the handshake
+                                         retransmission timeout (ms)        */
+#endif
+
+#if defined(MBEDTLS_SSL_RENEGOTIATION)
+    int renego_max_records;         /*!< grace period for renegotiation     */
+    unsigned char renego_period[8]; /*!< value of the record counters
+                                         that triggers renegotiation        */
+#endif
+
+#if defined(MBEDTLS_SSL_DTLS_BADMAC_LIMIT)
+    unsigned int badmac_limit;      /*!< limit of records with a bad MAC    */
+#endif
+
+#if defined(MBEDTLS_DHM_C) && defined(MBEDTLS_SSL_CLI_C)
+    unsigned int dhm_min_bitlen;    /*!< min. bit length of the DHM prime   */
+#endif
+
+    unsigned char max_major_ver;    /*!< max. major version used            */
+    unsigned char max_minor_ver;    /*!< max. minor version used            */
+    unsigned char min_major_ver;    /*!< min. major version used            */
+    unsigned char min_minor_ver;    /*!< min. minor version used            */
+
+    /*
+     * Flags (bitfields)
+     */
+
+    unsigned int endpoint : 1;      /*!< 0: client, 1: server               */
+    unsigned int transport : 1;     /*!< stream (TLS) or datagram (DTLS)    */
+    unsigned int authmode : 2;      /*!< MBEDTLS_SSL_VERIFY_XXX             */
+    /* needed even with renego disabled for LEGACY_BREAK_HANDSHAKE          */
+    unsigned int allow_legacy_renegotiation : 2 ; /*!< MBEDTLS_LEGACY_XXX   */
+#if defined(MBEDTLS_ARC4_C)
+    unsigned int arc4_disabled : 1; /*!< blacklist RC4 ciphersuites?        */
+#endif
+#if defined(MBEDTLS_SSL_MAX_FRAGMENT_LENGTH)
+    unsigned int mfl_code : 3;      /*!< desired fragment length            */
+#endif
+#if defined(MBEDTLS_SSL_ENCRYPT_THEN_MAC)
+    unsigned int encrypt_then_mac : 1 ; /*!< negotiate encrypt-then-mac?    */
+#endif
+#if defined(MBEDTLS_SSL_EXTENDED_MASTER_SECRET)
+    unsigned int extended_ms : 1;   /*!< negotiate extended master secret?  */
+#endif
+#if defined(MBEDTLS_SSL_DTLS_ANTI_REPLAY)
+    unsigned int anti_replay : 1;   /*!< detect and prevent replay?         */
+#endif
+#if defined(MBEDTLS_SSL_CBC_RECORD_SPLITTING)
+    unsigned int cbc_record_splitting : 1;  /*!< do cbc record splitting    */
+#endif
+#if defined(MBEDTLS_SSL_RENEGOTIATION)
+    unsigned int disable_renegotiation : 1; /*!< disable renegotiation?     */
+#endif
+#if defined(MBEDTLS_SSL_TRUNCATED_HMAC)
+    unsigned int trunc_hmac : 1;    /*!< negotiate truncated hmac?          */
+#endif
+#if defined(MBEDTLS_SSL_SESSION_TICKETS)
+    unsigned int session_tickets : 1;   /*!< use session tickets?           */
+#endif
+#if defined(MBEDTLS_SSL_FALLBACK_SCSV) && defined(MBEDTLS_SSL_CLI_C)
+    unsigned int fallback : 1;      /*!< is this a fallback?                */
+#endif
+};
+
+
+struct mbedtls_ssl_context
+{
+    const mbedtls_ssl_config *conf; /*!< configuration information          */
+
+    /*
+     * Miscellaneous
+     */
+    int state;                  /*!< SSL handshake: current state     */
+#if defined(MBEDTLS_SSL_RENEGOTIATION)
+    int renego_status;          /*!< Initial, in progress, pending?   */
+    int renego_records_seen;    /*!< Records since renego request, or with DTLS,
+                                  number of retransmissions of request if
+                                  renego_max_records is < 0           */
+#endif
+
+    int major_ver;              /*!< equal to  MBEDTLS_SSL_MAJOR_VERSION_3    */
+    int minor_ver;              /*!< either 0 (SSL3) or 1 (TLS1.0)    */
+
+#if defined(MBEDTLS_SSL_DTLS_BADMAC_LIMIT)
+    unsigned badmac_seen;       /*!< records with a bad MAC received    */
+#endif
+
+    /*
+     * Callbacks
+     */
+    int (*f_send)(void *, const unsigned char *, size_t);
+    int (*f_recv)(void *, unsigned char *, size_t);
+    int (*f_recv_timeout)(void *, unsigned char *, size_t, uint32_t);
+    void *p_bio;                /*!< context for I/O operations   */
+
+    /*
+     * Session layer
+     */
+    mbedtls_ssl_session *session_in;            /*!<  current session data (in)   */
+    mbedtls_ssl_session *session_out;           /*!<  current session data (out)  */
+    mbedtls_ssl_session *session;               /*!<  negotiated session data     */
+    mbedtls_ssl_session *session_negotiate;     /*!<  session data in negotiation */
+
+    mbedtls_ssl_handshake_params *handshake;    /*!<  params required only during
+                                              the handshake process        */
+
+    /*
+     * Record layer transformations
+     */
+    mbedtls_ssl_transform *transform_in;        /*!<  current transform params (in)   */
+    mbedtls_ssl_transform *transform_out;       /*!<  current transform params (in)   */
+    mbedtls_ssl_transform *transform;           /*!<  negotiated transform params     */
+    mbedtls_ssl_transform *transform_negotiate; /*!<  transform params in negotiation */
+
+    /*
+     * Timers
+     */
+    void *p_timer;              /*!< context for the timer callbacks */
+    void (*f_set_timer)(void *, uint32_t, uint32_t); /*!< set timer callback */
+    int (*f_get_timer)(void *); /*!< get timer callback             */
+
+    /*
+     * Record layer (incoming data)
+     */
+    unsigned char *in_buf;      /*!< input buffer                     */
+    unsigned char *in_ctr;      /*!< 64-bit incoming message counter
+                                     TLS: maintained by us
+                                     DTLS: read from peer             */
+    unsigned char *in_hdr;      /*!< start of record header           */
+    unsigned char *in_len;      /*!< two-bytes message length field   */
+    unsigned char *in_iv;       /*!< ivlen-byte IV                    */
+    unsigned char *in_msg;      /*!< message contents (in_iv+ivlen)   */
+    unsigned char *in_offt;     /*!< read offset in application data  */
+
+    int in_msgtype;             /*!< record header: message type      */
+    size_t in_msglen;           /*!< record header: message length    */
+    size_t in_left;             /*!< amount of data read so far       */
+#if defined(MBEDTLS_SSL_PROTO_DTLS)
+    uint16_t in_epoch;          /*!< DTLS epoch for incoming records  */
+    size_t next_record_offset;  /*!< offset of the next record in datagram
+                                     (equal to in_left if none)       */
+#endif
+#if defined(MBEDTLS_SSL_DTLS_ANTI_REPLAY)
+    uint64_t in_window_top;     /*!< last validated record seq_num    */
+    uint64_t in_window;         /*!< bitmask for replay detection     */
+#endif
+
+    size_t in_hslen;            /*!< current handshake message length,
+                                     including the handshake header   */
+    int nb_zero;                /*!< # of 0-length encrypted messages */
+    int record_read;            /*!< record is already present        */
+
+    /*
+     * Record layer (outgoing data)
+     */
+    unsigned char *out_buf;     /*!< output buffer                    */
+    unsigned char *out_ctr;     /*!< 64-bit outgoing message counter  */
+    unsigned char *out_hdr;     /*!< start of record header           */
+    unsigned char *out_len;     /*!< two-bytes message length field   */
+    unsigned char *out_iv;      /*!< ivlen-byte IV                    */
+    unsigned char *out_msg;     /*!< message contents (out_iv+ivlen)  */
+
+    int out_msgtype;            /*!< record header: message type      */
+    size_t out_msglen;          /*!< record header: message length    */
+    size_t out_left;            /*!< amount of data not yet written   */
+
+#if defined(MBEDTLS_ZLIB_SUPPORT)
+    unsigned char *compress_buf;        /*!<  zlib data buffer        */
+#endif
+#if defined(MBEDTLS_SSL_CBC_RECORD_SPLITTING)
+    signed char split_done;     /*!< current record already splitted? */
+#endif
+
+    /*
+     * PKI layer
+     */
+    int client_auth;                    /*!<  flag for client auth.   */
+
+    /*
+     * User settings
+     */
+#if defined(MBEDTLS_X509_CRT_PARSE_C)
+    char *hostname;             /*!< expected peer CN for verification
+                                     (and SNI if available)                 */
+#endif
+
+#if defined(MBEDTLS_SSL_ALPN)
+    const char *alpn_chosen;    /*!<  negotiated protocol                   */
+#endif
+
+    /*
+     * Information for DTLS hello verify
+     */
+#if defined(MBEDTLS_SSL_DTLS_HELLO_VERIFY) && defined(MBEDTLS_SSL_SRV_C)
+    unsigned char  *cli_id;         /*!<  transport-level ID of the client  */
+    size_t          cli_id_len;     /*!<  length of cli_id                  */
+#endif
+
+    /*
+     * Secure renegotiation
+     */
+    /* needed to know when to send extension on server */
+    int secure_renegotiation;           /*!<  does peer support legacy or
+                                              secure renegotiation           */
+#if defined(MBEDTLS_SSL_RENEGOTIATION)
+    size_t verify_data_len;             /*!<  length of verify data stored   */
+    char own_verify_data[MBEDTLS_SSL_VERIFY_DATA_MAX_LEN]; /*!<  previous handshake verify data */
+    char peer_verify_data[MBEDTLS_SSL_VERIFY_DATA_MAX_LEN]; /*!<  previous handshake verify data */
+#endif
+};
+
+#if defined(MBEDTLS_SSL_HW_RECORD_ACCEL)
+
+#define MBEDTLS_SSL_CHANNEL_OUTBOUND    0
+#define MBEDTLS_SSL_CHANNEL_INBOUND     1
+
+extern int (*mbedtls_ssl_hw_record_init)(mbedtls_ssl_context *ssl,
+                const unsigned char *key_enc, const unsigned char *key_dec,
+                size_t keylen,
+                const unsigned char *iv_enc,  const unsigned char *iv_dec,
+                size_t ivlen,
+                const unsigned char *mac_enc, const unsigned char *mac_dec,
+                size_t maclen);
+extern int (*mbedtls_ssl_hw_record_activate)(mbedtls_ssl_context *ssl, int direction);
+extern int (*mbedtls_ssl_hw_record_reset)(mbedtls_ssl_context *ssl);
+extern int (*mbedtls_ssl_hw_record_write)(mbedtls_ssl_context *ssl);
+extern int (*mbedtls_ssl_hw_record_read)(mbedtls_ssl_context *ssl);
+extern int (*mbedtls_ssl_hw_record_finish)(mbedtls_ssl_context *ssl);
+#endif /* MBEDTLS_SSL_HW_RECORD_ACCEL */
+
+/**
+ * \brief Returns the list of ciphersuites supported by the SSL/TLS module.
+ *
+ * \return              a statically allocated array of ciphersuites, the last
+ *                      entry is 0.
+ */
+const int *mbedtls_ssl_list_ciphersuites( void );
+
+/**
+ * \brief               Return the name of the ciphersuite associated with the
+ *                      given ID
+ *
+ * \param ciphersuite_id SSL ciphersuite ID
+ *
+ * \return              a string containing the ciphersuite name
+ */
+const char *mbedtls_ssl_get_ciphersuite_name( const int ciphersuite_id );
+
+/**
+ * \brief               Return the ID of the ciphersuite associated with the
+ *                      given name
+ *
+ * \param ciphersuite_name SSL ciphersuite name
+ *
+ * \return              the ID with the ciphersuite or 0 if not found
+ */
+int mbedtls_ssl_get_ciphersuite_id( const char *ciphersuite_name );
+
+/**
+ * \brief          Initialize an SSL context
+ *                 Just makes the context ready for mbedtls_ssl_setup() or
+ *                 mbedtls_ssl_free()
+ *
+ * \param ssl      SSL context
+ */
+void mbedtls_ssl_init( mbedtls_ssl_context *ssl );
+
+/**
+ * \brief          Set up an SSL context for use
+ *
+ * \note           No copy of the configuration context is made, it can be
+ *                 shared by many mbedtls_ssl_context structures.
+ *
+ * \warning        Modifying the conf structure after is has been used in this
+ *                 function is unsupported!
+ *
+ * \param ssl      SSL context
+ * \param conf     SSL configuration to use
+ *
+ * \return         0 if successful, or MBEDTLS_ERR_SSL_ALLOC_FAILED if
+ *                 memory allocation failed
+ */
+int mbedtls_ssl_setup( mbedtls_ssl_context *ssl,
+                       const mbedtls_ssl_config *conf );
+
+/**
+ * \brief          Reset an already initialized SSL context for re-use
+ *                 while retaining application-set variables, function
+ *                 pointers and data.
+ *
+ * \param ssl      SSL context
+ * \return         0 if successful, or POLASSL_ERR_SSL_MALLOC_FAILED,
+                   MBEDTLS_ERR_SSL_HW_ACCEL_FAILED or
+ *                 MBEDTLS_ERR_SSL_COMPRESSION_FAILED
+ */
+int mbedtls_ssl_session_reset( mbedtls_ssl_context *ssl );
+
+/**
+ * \brief          Set the current endpoint type
+ *
+ * \param conf     SSL configuration
+ * \param endpoint must be MBEDTLS_SSL_IS_CLIENT or MBEDTLS_SSL_IS_SERVER
+ */
+void mbedtls_ssl_conf_endpoint( mbedtls_ssl_config *conf, int endpoint );
+
+/**
+ * \brief           Set the transport type (TLS or DTLS).
+ *                  Default: TLS
+ *
+ * \note            For DTLS, you must either provide a recv callback that
+ *                  doesn't block, or one that handles timeouts, see
+ *                  \c mbedtls_ssl_set_bio(). You also need to provide timer
+ *                  callbacks with \c mbedtls_ssl_set_timer_cb().
+ *
+ * \param conf      SSL configuration
+ * \param transport transport type:
+ *                  MBEDTLS_SSL_TRANSPORT_STREAM for TLS,
+ *                  MBEDTLS_SSL_TRANSPORT_DATAGRAM for DTLS.
+ */
+void mbedtls_ssl_conf_transport( mbedtls_ssl_config *conf, int transport );
+
+/**
+ * \brief          Set the certificate verification mode
+ *                 Default: NONE on server, REQUIRED on client
+ *
+ * \param conf     SSL configuration
+ * \param authmode can be:
+ *
+ *  MBEDTLS_SSL_VERIFY_NONE:      peer certificate is not checked
+ *                        (default on server)
+ *                        (insecure on client)
+ *
+ *  MBEDTLS_SSL_VERIFY_OPTIONAL:  peer certificate is checked, however the
+ *                        handshake continues even if verification failed;
+ *                        mbedtls_ssl_get_verify_result() can be called after the
+ *                        handshake is complete.
+ *
+ *  MBEDTLS_SSL_VERIFY_REQUIRED:  peer *must* present a valid certificate,
+ *                        handshake is aborted if verification failed.
+ *
+ * \note On client, MBEDTLS_SSL_VERIFY_REQUIRED is the recommended mode.
+ * With MBEDTLS_SSL_VERIFY_OPTIONAL, the user needs to call mbedtls_ssl_get_verify_result() at
+ * the right time(s), which may not be obvious, while REQUIRED always perform
+ * the verification as soon as possible. For example, REQUIRED was protecting
+ * against the "triple handshake" attack even before it was found.
+ */
+void mbedtls_ssl_conf_authmode( mbedtls_ssl_config *conf, int authmode );
+
+#if defined(MBEDTLS_X509_CRT_PARSE_C)
+/**
+ * \brief          Set the verification callback (Optional).
+ *
+ *                 If set, the verify callback is called for each
+ *                 certificate in the chain. For implementation
+ *                 information, please see \c x509parse_verify()
+ *
+ * \param conf     SSL configuration
+ * \param f_vrfy   verification function
+ * \param p_vrfy   verification parameter
+ */
+void mbedtls_ssl_conf_verify( mbedtls_ssl_config *conf,
+                     int (*f_vrfy)(void *, mbedtls_x509_crt *, int, uint32_t *),
+                     void *p_vrfy );
+#endif /* MBEDTLS_X509_CRT_PARSE_C */
+
+/**
+ * \brief          Set the random number generator callback
+ *
+ * \param conf     SSL configuration
+ * \param f_rng    RNG function
+ * \param p_rng    RNG parameter
+ */
+void mbedtls_ssl_conf_rng( mbedtls_ssl_config *conf,
+                  int (*f_rng)(void *, unsigned char *, size_t),
+                  void *p_rng );
+
+/**
+ * \brief          Set the debug callback
+ *
+ *                 The callback has the following argument:
+ *                 void *           opaque context for the callback
+ *                 int              debug level
+ *                 const char *     file name
+ *                 int              line number
+ *                 const char *     message
+ *
+ * \param conf     SSL configuration
+ * \param f_dbg    debug function
+ * \param p_dbg    debug parameter
+ */
+void mbedtls_ssl_conf_dbg( mbedtls_ssl_config *conf,
+                  void (*f_dbg)(void *, int, const char *, int, const char *),
+                  void  *p_dbg );
+
+/**
+ * \brief          Set the underlying BIO callbacks for write, read and
+ *                 read-with-timeout.
+ *
+ * \param ssl      SSL context
+ * \param p_bio    parameter (context) shared by BIO callbacks
+ * \param f_send   write callback
+ * \param f_recv   read callback
+ * \param f_recv_timeout blocking read callback with timeout.
+ *                 The last argument is the timeout in milliseconds,
+ *                 0 means no timeout (block forever until a message comes)
+ *
+ * \note           One of f_recv or f_recv_timeout can be NULL, in which case
+ *                 the other is used. If both are non-NULL, f_recv_timeout is
+ *                 used and f_recv is ignored (as if it were NULL).
+ *
+ * \note           The two most common use cases are:
+ *                 - non-blocking I/O, f_recv != NULL, f_recv_timeout == NULL
+ *                 - blocking I/O, f_recv == NULL, f_recv_timout != NULL
+ *
+ * \note           For DTLS, you need to provide either a non-NULL
+ *                 f_recv_timeout callback, or a f_recv that doesn't block.
+ */
+void mbedtls_ssl_set_bio( mbedtls_ssl_context *ssl,
+        void *p_bio,
+        int (*f_send)(void *, const unsigned char *, size_t),
+        int (*f_recv)(void *, unsigned char *, size_t),
+        int (*f_recv_timeout)(void *, unsigned char *, size_t, uint32_t) );
+
+/**
+ * \brief          Set the timeout period for mbedtls_ssl_read()
+ *                 (Default: no timeout.)
+ *
+ * \param conf     SSL configuration context
+ * \param timeout  Timeout value in milliseconds.
+ *                 Use 0 for no timeout (default).
+ *
+ * \note           With blocking I/O, this will only work if a non-NULL
+ *                 \c f_recv_timeout was set with \c mbedtls_ssl_set_bio().
+ *                 With non-blocking I/O, this will only work if timer
+ *                 callbacks were set with \c mbedtls_ssl_set_timer_cb().
+ *
+ * \note           With non-blocking I/O, you may also skip this function
+ *                 altogether and handle timeouts at the application layer.
+ */
+void mbedtls_ssl_conf_read_timeout( mbedtls_ssl_config *conf, uint32_t timeout );
+
+/**
+ * \brief          Set the timer callbacks
+ *                 (Mandatory for DTLS.)
+ *
+ * \param ssl      SSL context
+ * \param p_timer  parameter (context) shared by timer callback
+ * \param f_set_timer   set timer callback
+ *                 Accepts an intermediate and a final delay in milliseconcs
+ *                 If the final delay is 0, cancels the running timer.
+ * \param f_get_timer   get timer callback. Must return:
+ *                 -1 if cancelled
+ *                 0 if none of the delays is expired
+ *                 1 if the intermediate delay only is expired
+ *                 2 if the final delay is expired
+ */
+void mbedtls_ssl_set_timer_cb( mbedtls_ssl_context *ssl,
+                               void *p_timer,
+                               void (*f_set_timer)(void *, uint32_t int_ms, uint32_t fin_ms),
+                               int (*f_get_timer)(void *) );
+
+/**
+ * \brief           Callback type: generate and write session ticket
+ *
+ * \note            This describes what a callback implementation should do.
+ *                  This callback should generate and encrypted and
+ *                  authenticated ticket for the session and write it to the
+ *                  output buffer. Here, ticket means the opaque ticket part
+ *                  of the NewSessionTicket structure of RFC 5077.
+ *
+ * \param p_ticket  Context for the callback
+ * \param session   SSL session to bo written in the ticket
+ * \param start     Start of the outpur buffer
+ * \param end       End of the output buffer
+ * \param tlen      On exit, holds the length written
+ * \param lifetime  On exit, holds the lifetime of the ticket in seconds
+ *
+ * \return          0 if successful, or
+ *                  a specific MBEDTLS_ERR_XXX code.
+ */
+typedef int mbedtls_ssl_ticket_write_t( void *p_ticket,
+                                        const mbedtls_ssl_session *session,
+                                        unsigned char *start,
+                                        const unsigned char *end,
+                                        size_t *tlen,
+                                        uint32_t *lifetime );
+
+/**
+ * \brief           Callback type: parse and load session ticket
+ *
+ * \note            This describes what a callback implementation should do.
+ *                  This callback should parse a session ticket as generated
+ *                  by the corresponding mbedtls_ssl_ticket_write_t function,
+ *                  and, if the ticket is authentic and valid, load the
+ *                  session.
+ *
+ * \note            The implementation is allowed to modify the first len
+ *                  bytes of the input buffer, eg to use it as a temporary
+ *                  area for the decrypted ticket contents.
+ *
+ * \param p_ticket  Context for the callback
+ * \param session   SSL session to be loaded
+ * \param buf       Start of the buffer containing the ticket
+ * \param len       Length of the ticket.
+ *
+ * \return          0 if successful, or
+ *                  MBEDTLS_ERR_SSL_INVALID_MAC if not authentic, or
+ *                  MBEDTLS_ERR_SSL_SESSION_TICKET_EXPIRED if expired, or
+ *                  any other non-zero code for other failures.
+ */
+typedef int mbedtls_ssl_ticket_parse_t( void *p_ticket,
+                                        mbedtls_ssl_session *session,
+                                        unsigned char *buf,
+                                        size_t len );
+
+#if defined(MBEDTLS_SSL_SESSION_TICKETS) && defined(MBEDTLS_SSL_SRV_C)
+/**
+ * \brief           Configure SSL session ticket callbacks (server only).
+ *                  (Default: none.)
+ *
+ * \note            On server, session tickets are enabled by providing
+ *                  non-NULL callbacks.
+ *
+ * \note            On client, use \c mbedtls_ssl_conf_session_tickets().
+ *
+ * \param conf      SSL configuration context
+ * \param f_ticket_write    Callback for writing a ticket
+ * \param f_ticket_parse    Callback for parsing a ticket
+ * \param p_ticket          Context shared by the two callbacks
+ */
+void mbedtls_ssl_conf_session_tickets_cb( mbedtls_ssl_config *conf,
+        mbedtls_ssl_ticket_write_t *f_ticket_write,
+        mbedtls_ssl_ticket_parse_t *f_ticket_parse,
+        void *p_ticket );
+#endif /* MBEDTLS_SSL_SESSION_TICKETS && MBEDTLS_SSL_SRV_C */
+
+/**
+ * \brief          Callback type: generate a cookie
+ *
+ * \param ctx      Context for the callback
+ * \param p        Buffer to write to,
+ *                 must be updated to point right after the cookie
+ * \param end      Pointer to one past the end of the output buffer
+ * \param info     Client ID info that was passed to
+ *                 \c mbedtls_ssl_set_client_transport_id()
+ * \param ilen     Length of info in bytes
+ *
+ * \return         The callback must return 0 on success,
+ *                 or a negative error code.
+ */
+typedef int mbedtls_ssl_cookie_write_t( void *ctx,
+                                unsigned char **p, unsigned char *end,
+                                const unsigned char *info, size_t ilen );
+
+/**
+ * \brief          Callback type: verify a cookie
+ *
+ * \param ctx      Context for the callback
+ * \param cookie   Cookie to verify
+ * \param clen     Length of cookie
+ * \param info     Client ID info that was passed to
+ *                 \c mbedtls_ssl_set_client_transport_id()
+ * \param ilen     Length of info in bytes
+ *
+ * \return         The callback must return 0 if cookie is valid,
+ *                 or a negative error code.
+ */
+typedef int mbedtls_ssl_cookie_check_t( void *ctx,
+                                const unsigned char *cookie, size_t clen,
+                                const unsigned char *info, size_t ilen );
+
+#if defined(MBEDTLS_SSL_DTLS_HELLO_VERIFY) && defined(MBEDTLS_SSL_SRV_C)
+/**
+ * \brief           Register callbacks for DTLS cookies
+ *                  (Server only. DTLS only.)
+ *
+ *                  Default: dummy callbacks that fail, in order to force you to
+ *                  register working callbacks (and initialize their context).
+ *
+ *                  To disable HelloVerifyRequest, register NULL callbacks.
+ *
+ * \warning         Disabling hello verification allows your server to be used
+ *                  for amplification in DoS attacks against other hosts.
+ *                  Only disable if you known this can't happen in your
+ *                  particular environment.
+ *
+ * \note            See comments on \c mbedtls_ssl_handshake() about handling
+ *                  the MBEDTLS_ERR_SSL_HELLO_VERIFY_REQUIRED that is expected
+ *                  on the first handshake attempt when this is enabled.
+ *
+ * \note            This is also necessary to handle client reconnection from
+ *                  the same port as described in RFC 6347 section 4.2.8 (only
+ *                  the variant with cookies is supported currently). See
+ *                  comments on \c mbedtls_ssl_read() for details.
+ *
+ * \param conf              SSL configuration
+ * \param f_cookie_write    Cookie write callback
+ * \param f_cookie_check    Cookie check callback
+ * \param p_cookie          Context for both callbacks
+ */
+void mbedtls_ssl_conf_dtls_cookies( mbedtls_ssl_config *conf,
+                           mbedtls_ssl_cookie_write_t *f_cookie_write,
+                           mbedtls_ssl_cookie_check_t *f_cookie_check,
+                           void *p_cookie );
+
+/**
+ * \brief          Set client's transport-level identification info.
+ *                 (Server only. DTLS only.)
+ *
+ *                 This is usually the IP address (and port), but could be
+ *                 anything identify the client depending on the underlying
+ *                 network stack. Used for HelloVerifyRequest with DTLS.
+ *                 This is *not* used to route the actual packets.
+ *
+ * \param ssl      SSL context
+ * \param info     Transport-level info identifying the client (eg IP + port)
+ * \param ilen     Length of info in bytes
+ *
+ * \note           An internal copy is made, so the info buffer can be reused.
+ *
+ * \return         0 on success,
+ *                 MBEDTLS_ERR_SSL_BAD_INPUT_DATA if used on client,
+ *                 MBEDTLS_ERR_SSL_ALLOC_FAILED if out of memory.
+ */
+int mbedtls_ssl_set_client_transport_id( mbedtls_ssl_context *ssl,
+                                 const unsigned char *info,
+                                 size_t ilen );
+
+#endif /* MBEDTLS_SSL_DTLS_HELLO_VERIFY && MBEDTLS_SSL_SRV_C */
+
+#if defined(MBEDTLS_SSL_DTLS_ANTI_REPLAY)
+/**
+ * \brief          Enable or disable anti-replay protection for DTLS.
+ *                 (DTLS only, no effect on TLS.)
+ *                 Default: enabled.
+ *
+ * \param conf     SSL configuration
+ * \param mode     MBEDTLS_SSL_ANTI_REPLAY_ENABLED or MBEDTLS_SSL_ANTI_REPLAY_DISABLED.
+ *
+ * \warning        Disabling this is a security risk unless the application
+ *                 protocol handles duplicated packets in a safe way. You
+ *                 should not disable this without careful consideration.
+ *                 However, if your application already detects duplicated
+ *                 packets and needs information about them to adjust its
+ *                 transmission strategy, then you'll want to disable this.
+ */
+void mbedtls_ssl_conf_dtls_anti_replay( mbedtls_ssl_config *conf, char mode );
+#endif /* MBEDTLS_SSL_DTLS_ANTI_REPLAY */
+
+#if defined(MBEDTLS_SSL_DTLS_BADMAC_LIMIT)
+/**
+ * \brief          Set a limit on the number of records with a bad MAC
+ *                 before terminating the connection.
+ *                 (DTLS only, no effect on TLS.)
+ *                 Default: 0 (disabled).
+ *
+ * \param conf     SSL configuration
+ * \param limit    Limit, or 0 to disable.
+ *
+ * \note           If the limit is N, then the connection is terminated when
+ *                 the Nth non-authentic record is seen.
+ *
+ * \note           Records with an invalid header are not counted, only the
+ *                 ones going through the authentication-decryption phase.
+ *
+ * \note           This is a security trade-off related to the fact that it's
+ *                 often relatively easy for an active attacker ot inject UDP
+ *                 datagrams. On one hand, setting a low limit here makes it
+ *                 easier for such an attacker to forcibly terminated a
+ *                 connection. On the other hand, a high limit or no limit
+ *                 might make us waste resources checking authentication on
+ *                 many bogus packets.
+ */
+void mbedtls_ssl_conf_dtls_badmac_limit( mbedtls_ssl_config *conf, unsigned limit );
+#endif /* MBEDTLS_SSL_DTLS_BADMAC_LIMIT */
+
+#if defined(MBEDTLS_SSL_PROTO_DTLS)
+/**
+ * \brief          Set retransmit timeout values for the DTLS handshale.
+ *                 (DTLS only, no effect on TLS.)
+ *
+ * \param conf     SSL configuration
+ * \param min      Initial timeout value in milliseconds.
+ *                 Default: 1000 (1 second).
+ * \param max      Maximum timeout value in milliseconds.
+ *                 Default: 60000 (60 seconds).
+ *
+ * \note           Default values are from RFC 6347 section 4.2.4.1.
+ *
+ * \note           Higher values for initial timeout may increase average
+ *                 handshake latency. Lower values may increase the risk of
+ *                 network congestion by causing more retransmissions.
+ */
+void mbedtls_ssl_conf_handshake_timeout( mbedtls_ssl_config *conf, uint32_t min, uint32_t max );
+#endif /* MBEDTLS_SSL_PROTO_DTLS */
+
+#if defined(MBEDTLS_SSL_SRV_C)
+/**
+ * \brief          Set the session cache callbacks (server-side only)
+ *                 If not set, no session resuming is done (except if session
+ *                 tickets are enabled too).
+ *
+ *                 The session cache has the responsibility to check for stale
+ *                 entries based on timeout. See RFC 5246 for recommendations.
+ *
+ *                 Warning: session.peer_cert is cleared by the SSL/TLS layer on
+ *                 connection shutdown, so do not cache the pointer! Either set
+ *                 it to NULL or make a full copy of the certificate.
+ *
+ *                 The get callback is called once during the initial handshake
+ *                 to enable session resuming. The get function has the
+ *                 following parameters: (void *parameter, mbedtls_ssl_session *session)
+ *                 If a valid entry is found, it should fill the master of
+ *                 the session object with the cached values and return 0,
+ *                 return 1 otherwise. Optionally peer_cert can be set as well
+ *                 if it is properly present in cache entry.
+ *
+ *                 The set callback is called once during the initial handshake
+ *                 to enable session resuming after the entire handshake has
+ *                 been finished. The set function has the following parameters:
+ *                 (void *parameter, const mbedtls_ssl_session *session). The function
+ *                 should create a cache entry for future retrieval based on
+ *                 the data in the session structure and should keep in mind
+ *                 that the mbedtls_ssl_session object presented (and all its referenced
+ *                 data) is cleared by the SSL/TLS layer when the connection is
+ *                 terminated. It is recommended to add metadata to determine if
+ *                 an entry is still valid in the future. Return 0 if
+ *                 successfully cached, return 1 otherwise.
+ *
+ * \param conf           SSL configuration
+ * \param p_cache        parmater (context) for both callbacks
+ * \param f_get_cache    session get callback
+ * \param f_set_cache    session set callback
+ */
+void mbedtls_ssl_conf_session_cache( mbedtls_ssl_config *conf,
+        void *p_cache,
+        int (*f_get_cache)(void *, mbedtls_ssl_session *),
+        int (*f_set_cache)(void *, const mbedtls_ssl_session *) );
+#endif /* MBEDTLS_SSL_SRV_C */
+
+#if defined(MBEDTLS_SSL_CLI_C)
+/**
+ * \brief          Request resumption of session (client-side only)
+ *                 Session data is copied from presented session structure.
+ *
+ * \param ssl      SSL context
+ * \param session  session context
+ *
+ * \return         0 if successful,
+ *                 MBEDTLS_ERR_SSL_ALLOC_FAILED if memory allocation failed,
+ *                 MBEDTLS_ERR_SSL_BAD_INPUT_DATA if used server-side or
+ *                 arguments are otherwise invalid
+ *
+ * \sa             mbedtls_ssl_get_session()
+ */
+int mbedtls_ssl_set_session( mbedtls_ssl_context *ssl, const mbedtls_ssl_session *session );
+#endif /* MBEDTLS_SSL_CLI_C */
+
+/**
+ * \brief               Set the list of allowed ciphersuites and the preference
+ *                      order. First in the list has the highest preference.
+ *                      (Overrides all version specific lists)
+ *
+ *                      The ciphersuites array is not copied, and must remain
+ *                      valid for the lifetime of the ssl_config.
+ *
+ *                      Note: The server uses its own preferences
+ *                      over the preference of the client unless
+ *                      MBEDTLS_SSL_SRV_RESPECT_CLIENT_PREFERENCE is defined!
+ *
+ * \param conf          SSL configuration
+ * \param ciphersuites  0-terminated list of allowed ciphersuites
+ */
+void mbedtls_ssl_conf_ciphersuites( mbedtls_ssl_config *conf,
+                                   const int *ciphersuites );
+
+/**
+ * \brief               Set the list of allowed ciphersuites and the
+ *                      preference order for a specific version of the protocol.
+ *                      (Only useful on the server side)
+ *
+ *                      The ciphersuites array is not copied, and must remain
+ *                      valid for the lifetime of the ssl_config.
+ *
+ * \param conf          SSL configuration
+ * \param ciphersuites  0-terminated list of allowed ciphersuites
+ * \param major         Major version number (only MBEDTLS_SSL_MAJOR_VERSION_3
+ *                      supported)
+ * \param minor         Minor version number (MBEDTLS_SSL_MINOR_VERSION_0,
+ *                      MBEDTLS_SSL_MINOR_VERSION_1 and MBEDTLS_SSL_MINOR_VERSION_2,
+ *                      MBEDTLS_SSL_MINOR_VERSION_3 supported)
+ *
+ * \note                With DTLS, use MBEDTLS_SSL_MINOR_VERSION_2 for DTLS 1.0
+ *                      and MBEDTLS_SSL_MINOR_VERSION_3 for DTLS 1.2
+ */
+void mbedtls_ssl_conf_ciphersuites_for_version( mbedtls_ssl_config *conf,
+                                       const int *ciphersuites,
+                                       int major, int minor );
+
+#if defined(MBEDTLS_X509_CRT_PARSE_C)
+/**
+ * \brief          Set the X.509 security profile used for verification
+ *
+ * \param conf     SSL configuration
+ * \param profile  Profile to use
+ */
+void mbedtls_ssl_conf_cert_profile( mbedtls_ssl_config *conf,
+                                    const mbedtls_x509_crt_profile *profile );
+
+/**
+ * \brief          Set the data required to verify peer certificate
+ *
+ * \param conf     SSL configuration
+ * \param ca_chain trusted CA chain (meaning all fully trusted top-level CAs)
+ * \param ca_crl   trusted CA CRLs
+ */
+void mbedtls_ssl_conf_ca_chain( mbedtls_ssl_config *conf,
+                               mbedtls_x509_crt *ca_chain,
+                               mbedtls_x509_crl *ca_crl );
+
+/**
+ * \brief          Set own certificate chain and private key
+ *
+ * \note           own_cert should contain in order from the bottom up your
+ *                 certificate chain. The top certificate (self-signed)
+ *                 can be omitted.
+ *
+ * \note           On server, this function can be called multiple times to
+ *                 provision more than one cert/key pair (eg one ECDSA, one
+ *                 RSA with SHA-256, one RSA with SHA-1). An adequate
+ *                 certificate will be selected according to the client's
+ *                 advertised capabilities. In case mutliple certificates are
+ *                 adequate, preference is given to the one set by the first
+ *                 call to this function, then second, etc.
+ *
+ * \note           On client, only the first call has any effect.
+ *
+ * \param conf     SSL configuration
+ * \param own_cert own public certificate chain
+ * \param pk_key   own private key
+ *
+ * \return         0 on success or MBEDTLS_ERR_SSL_ALLOC_FAILED
+ */
+int mbedtls_ssl_conf_own_cert( mbedtls_ssl_config *conf,
+                              mbedtls_x509_crt *own_cert,
+                              mbedtls_pk_context *pk_key );
+#endif /* MBEDTLS_X509_CRT_PARSE_C */
+
+#if defined(MBEDTLS_KEY_EXCHANGE__SOME__PSK_ENABLED)
+/**
+ * \brief          Set the Pre Shared Key (PSK) and the expected identity name
+ *
+ * \note           This is mainly useful for clients. Servers will usually
+ *                 want to use \c mbedtls_ssl_conf_psk_cb() instead.
+ *
+ * \param conf     SSL configuration
+ * \param psk      pointer to the pre-shared key
+ * \param psk_len  pre-shared key length
+ * \param psk_identity      pointer to the pre-shared key identity
+ * \param psk_identity_len  identity key length
+ *
+ * \return         0 if successful or MBEDTLS_ERR_SSL_ALLOC_FAILED
+ */
+int mbedtls_ssl_conf_psk( mbedtls_ssl_config *conf,
+                const unsigned char *psk, size_t psk_len,
+                const unsigned char *psk_identity, size_t psk_identity_len );
+
+
+/**
+ * \brief          Set the Pre Shared Key (PSK) for the current handshake
+ *
+ * \note           This should only be called inside the PSK callback,
+ *                 ie the function passed to \c mbedtls_ssl_conf_psk_cb().
+ *
+ * \param ssl      SSL context
+ * \param psk      pointer to the pre-shared key
+ * \param psk_len  pre-shared key length
+ *
+ * \return         0 if successful or MBEDTLS_ERR_SSL_ALLOC_FAILED
+ */
+int mbedtls_ssl_set_hs_psk( mbedtls_ssl_context *ssl,
+                            const unsigned char *psk, size_t psk_len );
+
+/**
+ * \brief          Set the PSK callback (server-side only).
+ *
+ *                 If set, the PSK callback is called for each
+ *                 handshake where a PSK ciphersuite was negotiated.
+ *                 The caller provides the identity received and wants to
+ *                 receive the actual PSK data and length.
+ *
+ *                 The callback has the following parameters: (void *parameter,
+ *                 mbedtls_ssl_context *ssl, const unsigned char *psk_identity,
+ *                 size_t identity_len)
+ *                 If a valid PSK identity is found, the callback should use
+ *                 \c mbedtls_ssl_set_hs_psk() on the ssl context to set the
+ *                 correct PSK and return 0.
+ *                 Any other return value will result in a denied PSK identity.
+ *
+ * \note           If you set a PSK callback using this function, then you
+ *                 don't need to set a PSK key and identity using
+ *                 \c mbedtls_ssl_conf_psk().
+ *
+ * \param conf     SSL configuration
+ * \param f_psk    PSK identity function
+ * \param p_psk    PSK identity parameter
+ */
+void mbedtls_ssl_conf_psk_cb( mbedtls_ssl_config *conf,
+                     int (*f_psk)(void *, mbedtls_ssl_context *, const unsigned char *,
+                                  size_t),
+                     void *p_psk );
+#endif /* MBEDTLS_KEY_EXCHANGE__SOME__PSK_ENABLED */
+
+#if defined(MBEDTLS_DHM_C) && defined(MBEDTLS_SSL_SRV_C)
+/**
+ * \brief          Set the Diffie-Hellman public P and G values,
+ *                 read as hexadecimal strings (server-side only)
+ *                 (Default: MBEDTLS_DHM_RFC5114_MODP_2048_[PG])
+ *
+ * \param conf     SSL configuration
+ * \param dhm_P    Diffie-Hellman-Merkle modulus
+ * \param dhm_G    Diffie-Hellman-Merkle generator
+ *
+ * \return         0 if successful
+ */
+int mbedtls_ssl_conf_dh_param( mbedtls_ssl_config *conf, const char *dhm_P, const char *dhm_G );
+
+/**
+ * \brief          Set the Diffie-Hellman public P and G values,
+ *                 read from existing context (server-side only)
+ *
+ * \param conf     SSL configuration
+ * \param dhm_ctx  Diffie-Hellman-Merkle context
+ *
+ * \return         0 if successful
+ */
+int mbedtls_ssl_conf_dh_param_ctx( mbedtls_ssl_config *conf, mbedtls_dhm_context *dhm_ctx );
+#endif /* MBEDTLS_DHM_C && defined(MBEDTLS_SSL_SRV_C) */
+
+#if defined(MBEDTLS_DHM_C) && defined(MBEDTLS_SSL_CLI_C)
+/**
+ * \brief          Set the minimum length for Diffie-Hellman parameters.
+ *                 (Client-side only.)
+ *                 (Default: 1024 bits.)
+ *
+ * \param conf     SSL configuration
+ * \param bitlen   Minimum bit length of the DHM prime
+ */
+void mbedtls_ssl_conf_dhm_min_bitlen( mbedtls_ssl_config *conf,
+                                      unsigned int bitlen );
+#endif /* MBEDTLS_DHM_C && MBEDTLS_SSL_CLI_C */
+
+#if defined(MBEDTLS_ECP_C)
+/**
+ * \brief          Set the allowed curves in order of preference.
+ *                 (Default: all defined curves.)
+ *
+ *                 On server: this only affects selection of the ECDHE curve;
+ *                 the curves used for ECDH and ECDSA are determined by the
+ *                 list of available certificates instead.
+ *
+ *                 On client: this affects the list of curves offered for any
+ *                 use. The server can override our preference order.
+ *
+ *                 Both sides: limits the set of curves used by peer to the
+ *                 listed curves for any use ECDHE and the end-entity
+ *                 certificate.
+ *
+ * \note           This has no influence on which curve are allowed inside the
+ *                 certificate chains, see \c mbedtls_ssl_conf_cert_profile()
+ *                 for that. For example, if the peer's certificate chain is
+ *                 EE -> CA_int -> CA_root, then the allowed curves for EE are
+ *                 controlled by \c mbedtls_ssl_conf_curves() but for CA_int
+ *                 and CA_root it's \c mbedtls_ssl_conf_cert_profile().
+ *
+ * \note           This list should be ordered by decreasing preference
+ *                 (preferred curve first).
+ *
+ * \param conf     SSL configuration
+ * \param curves   Ordered list of allowed curves,
+ *                 terminated by MBEDTLS_ECP_DP_NONE.
+ */
+void mbedtls_ssl_conf_curves( mbedtls_ssl_config *conf,
+                              const mbedtls_ecp_group_id *curves );
+#endif /* MBEDTLS_ECP_C */
+
+#if defined(MBEDTLS_KEY_EXCHANGE__SOME__SIGNATURE_ENABLED)
+/**
+ * \brief          Set the allowed hashes for signatures during the handshake.
+ *                 (Default: all available hashes.)
+ *
+ * \note           This only affects which hashes are offered and can be used
+ *                 for signatures during the handshake. Hashes for message
+ *                 authentication and the TLS PRF are controlled by the
+ *                 ciphersuite, see \c mbedtls_ssl_conf_ciphersuites(). Hashes
+ *                 used for certificate signature are controlled by the
+ *                 verification profile, see \c mbedtls_ssl_conf_cert_profile().
+ *
+ * \note           This list should be ordered by decreasing preference
+ *                 (preferred hash first).
+ *
+ * \param conf     SSL configuration
+ * \param hashes   Ordered list of allowed signature hashes,
+ *                 terminated by \c MBEDTLS_MD_NONE.
+ */
+void mbedtls_ssl_conf_sig_hashes( mbedtls_ssl_config *conf,
+                                  const int *hashes );
+#endif /* MBEDTLS_KEY_EXCHANGE__SOME__SIGNATURE_ENABLED */
+
+#if defined(MBEDTLS_X509_CRT_PARSE_C)
+/**
+ * \brief          Set hostname for ServerName TLS extension
+ *                 (client-side only)
+ *
+ *
+ * \param ssl      SSL context
+ * \param hostname the server hostname
+ *
+ * \return         0 if successful or MBEDTLS_ERR_SSL_ALLOC_FAILED
+ */
+int mbedtls_ssl_set_hostname( mbedtls_ssl_context *ssl, const char *hostname );
+#endif /* MBEDTLS_X509_CRT_PARSE_C */
+
+#if defined(MBEDTLS_SSL_SERVER_NAME_INDICATION)
+/**
+ * \brief          Set own certificate and key for the current handshake
+ *
+ * \note           Same as \c mbedtls_ssl_conf_own_cert() but for use within
+ *                 the SNI callback.
+ *
+ * \param ssl      SSL context
+ * \param own_cert own public certificate chain
+ * \param pk_key   own private key
+ *
+ * \return         0 on success or MBEDTLS_ERR_SSL_ALLOC_FAILED
+ */
+int mbedtls_ssl_set_hs_own_cert( mbedtls_ssl_context *ssl,
+                                 mbedtls_x509_crt *own_cert,
+                                 mbedtls_pk_context *pk_key );
+
+/**
+ * \brief          Set the data required to verify peer certificate for the
+ *                 current handshake
+ *
+ * \note           Same as \c mbedtls_ssl_conf_ca_chain() but for use within
+ *                 the SNI callback.
+ *
+ * \param ssl      SSL context
+ * \param ca_chain trusted CA chain (meaning all fully trusted top-level CAs)
+ * \param ca_crl   trusted CA CRLs
+ */
+void mbedtls_ssl_set_hs_ca_chain( mbedtls_ssl_context *ssl,
+                                  mbedtls_x509_crt *ca_chain,
+                                  mbedtls_x509_crl *ca_crl );
+
+/**
+ * \brief          Set authmode for the current handshake.
+ *
+ * \note           Same as \c mbedtls_ssl_conf_authmode() but for use within
+ *                 the SNI callback.
+ *
+ * \param ssl      SSL context
+ * \param authmode MBEDTLS_SSL_VERIFY_NONE, MBEDTLS_SSL_VERIFY_OPTIONAL or
+ *                 MBEDTLS_SSL_VERIFY_REQUIRED
+ */
+void mbedtls_ssl_set_hs_authmode( mbedtls_ssl_context *ssl,
+                                  int authmode );
+
+/**
+ * \brief          Set server side ServerName TLS extension callback
+ *                 (optional, server-side only).
+ *
+ *                 If set, the ServerName callback is called whenever the
+ *                 server receives a ServerName TLS extension from the client
+ *                 during a handshake. The ServerName callback has the
+ *                 following parameters: (void *parameter, mbedtls_ssl_context *ssl,
+ *                 const unsigned char *hostname, size_t len). If a suitable
+ *                 certificate is found, the callback must set the
+ *                 certificate(s) and key(s) to use with \c
+ *                 mbedtls_ssl_set_hs_own_cert() (can be called repeatedly),
+ *                 and may optionally adjust the CA and associated CRL with \c
+ *                 mbedtls_ssl_set_hs_ca_chain() as well as the client
+ *                 authentication mode with \c mbedtls_ssl_set_hs_authmode(),
+ *                 then must return 0. If no matching name is found, the
+ *                 callback must either set a default cert, or
+ *                 return non-zero to abort the handshake at this point.
+ *
+ * \param conf     SSL configuration
+ * \param f_sni    verification function
+ * \param p_sni    verification parameter
+ */
+void mbedtls_ssl_conf_sni( mbedtls_ssl_config *conf,
+                  int (*f_sni)(void *, mbedtls_ssl_context *, const unsigned char *,
+                               size_t),
+                  void *p_sni );
+#endif /* MBEDTLS_SSL_SERVER_NAME_INDICATION */
+
+#if defined(MBEDTLS_SSL_ALPN)
+/**
+ * \brief          Set the supported Application Layer Protocols.
+ *
+ * \param conf     SSL configuration
+ * \param protos   NULL-terminated list of supported protocols,
+ *                 in decreasing preference order.
+ *
+ * \return         0 on success, or MBEDTLS_ERR_SSL_BAD_INPUT_DATA.
+ */
+int mbedtls_ssl_conf_alpn_protocols( mbedtls_ssl_config *conf, const char **protos );
+
+/**
+ * \brief          Get the name of the negotiated Application Layer Protocol.
+ *                 This function should be called after the handshake is
+ *                 completed.
+ *
+ * \param ssl      SSL context
+ *
+ * \return         Protcol name, or NULL if no protocol was negotiated.
+ */
+const char *mbedtls_ssl_get_alpn_protocol( const mbedtls_ssl_context *ssl );
+#endif /* MBEDTLS_SSL_ALPN */
+
+/**
+ * \brief          Set the maximum supported version sent from the client side
+ *                 and/or accepted at the server side
+ *                 (Default: MBEDTLS_SSL_MAX_MAJOR_VERSION, MBEDTLS_SSL_MAX_MINOR_VERSION)
+ *
+ * \note           This ignores ciphersuites from higher versions.
+ *
+ * \note           With DTLS, use MBEDTLS_SSL_MINOR_VERSION_2 for DTLS 1.0 and
+ *                 MBEDTLS_SSL_MINOR_VERSION_3 for DTLS 1.2
+ *
+ * \param conf     SSL configuration
+ * \param major    Major version number (only MBEDTLS_SSL_MAJOR_VERSION_3 supported)
+ * \param minor    Minor version number (MBEDTLS_SSL_MINOR_VERSION_0,
+ *                 MBEDTLS_SSL_MINOR_VERSION_1 and MBEDTLS_SSL_MINOR_VERSION_2,
+ *                 MBEDTLS_SSL_MINOR_VERSION_3 supported)
+ */
+void mbedtls_ssl_conf_max_version( mbedtls_ssl_config *conf, int major, int minor );
+
+/**
+ * \brief          Set the minimum accepted SSL/TLS protocol version
+ *                 (Default: TLS 1.0)
+ *
+ * \note           Input outside of the SSL_MAX_XXXXX_VERSION and
+ *                 SSL_MIN_XXXXX_VERSION range is ignored.
+ *
+ * \note           MBEDTLS_SSL_MINOR_VERSION_0 (SSL v3) should be avoided.
+ *
+ * \note           With DTLS, use MBEDTLS_SSL_MINOR_VERSION_2 for DTLS 1.0 and
+ *                 MBEDTLS_SSL_MINOR_VERSION_3 for DTLS 1.2
+ *
+ * \param conf     SSL configuration
+ * \param major    Major version number (only MBEDTLS_SSL_MAJOR_VERSION_3 supported)
+ * \param minor    Minor version number (MBEDTLS_SSL_MINOR_VERSION_0,
+ *                 MBEDTLS_SSL_MINOR_VERSION_1 and MBEDTLS_SSL_MINOR_VERSION_2,
+ *                 MBEDTLS_SSL_MINOR_VERSION_3 supported)
+ */
+void mbedtls_ssl_conf_min_version( mbedtls_ssl_config *conf, int major, int minor );
+
+#if defined(MBEDTLS_SSL_FALLBACK_SCSV) && defined(MBEDTLS_SSL_CLI_C)
+/**
+ * \brief          Set the fallback flag (client-side only).
+ *                 (Default: MBEDTLS_SSL_IS_NOT_FALLBACK).
+ *
+ * \note           Set to MBEDTLS_SSL_IS_FALLBACK when preparing a fallback
+ *                 connection, that is a connection with max_version set to a
+ *                 lower value than the value you're willing to use. Such
+ *                 fallback connections are not recommended but are sometimes
+ *                 necessary to interoperate with buggy (version-intolerant)
+ *                 servers.
+ *
+ * \warning        You should NOT set this to MBEDTLS_SSL_IS_FALLBACK for
+ *                 non-fallback connections! This would appear to work for a
+ *                 while, then cause failures when the server is upgraded to
+ *                 support a newer TLS version.
+ *
+ * \param conf     SSL configuration
+ * \param fallback MBEDTLS_SSL_IS_NOT_FALLBACK or MBEDTLS_SSL_IS_FALLBACK
+ */
+void mbedtls_ssl_conf_fallback( mbedtls_ssl_config *conf, char fallback );
+#endif /* MBEDTLS_SSL_FALLBACK_SCSV && MBEDTLS_SSL_CLI_C */
+
+#if defined(MBEDTLS_SSL_ENCRYPT_THEN_MAC)
+/**
+ * \brief           Enable or disable Encrypt-then-MAC
+ *                  (Default: MBEDTLS_SSL_ETM_ENABLED)
+ *
+ * \note            This should always be enabled, it is a security
+ *                  improvement, and should not cause any interoperability
+ *                  issue (used only if the peer supports it too).
+ *
+ * \param conf      SSL configuration
+ * \param etm       MBEDTLS_SSL_ETM_ENABLED or MBEDTLS_SSL_ETM_DISABLED
+ */
+void mbedtls_ssl_conf_encrypt_then_mac( mbedtls_ssl_config *conf, char etm );
+#endif /* MBEDTLS_SSL_ENCRYPT_THEN_MAC */
+
+#if defined(MBEDTLS_SSL_EXTENDED_MASTER_SECRET)
+/**
+ * \brief           Enable or disable Extended Master Secret negotiation.
+ *                  (Default: MBEDTLS_SSL_EXTENDED_MS_ENABLED)
+ *
+ * \note            This should always be enabled, it is a security fix to the
+ *                  protocol, and should not cause any interoperability issue
+ *                  (used only if the peer supports it too).
+ *
+ * \param conf      SSL configuration
+ * \param ems       MBEDTLS_SSL_EXTENDED_MS_ENABLED or MBEDTLS_SSL_EXTENDED_MS_DISABLED
+ */
+void mbedtls_ssl_conf_extended_master_secret( mbedtls_ssl_config *conf, char ems );
+#endif /* MBEDTLS_SSL_EXTENDED_MASTER_SECRET */
+
+#if defined(MBEDTLS_ARC4_C)
+/**
+ * \brief          Disable or enable support for RC4
+ *                 (Default: MBEDTLS_SSL_ARC4_DISABLED)
+ *
+ * \warning        Use of RC4 in (D)TLS has been prohibited by RFC ????
+ *                 for security reasons. Use at your own risks.
+ *
+ * \note           This function will likely be removed in future versions as
+ *                 RC4 will then be disabled by default at compile time.
+ *
+ * \param conf     SSL configuration
+ * \param arc4     MBEDTLS_SSL_ARC4_ENABLED or MBEDTLS_SSL_ARC4_DISABLED
+ */
+void mbedtls_ssl_conf_arc4_support( mbedtls_ssl_config *conf, char arc4 );
+#endif /* MBEDTLS_ARC4_C */
+
+#if defined(MBEDTLS_SSL_MAX_FRAGMENT_LENGTH)
+/**
+ * \brief          Set the maximum fragment length to emit and/or negotiate
+ *                 (Default: MBEDTLS_SSL_MAX_CONTENT_LEN, usually 2^14 bytes)
+ *                 (Server: set maximum fragment length to emit,
+ *                 usually negotiated by the client during handshake
+ *                 (Client: set maximum fragment length to emit *and*
+ *                 negotiate with the server during handshake)
+ *
+ * \param conf     SSL configuration
+ * \param mfl_code Code for maximum fragment length (allowed values:
+ *                 MBEDTLS_SSL_MAX_FRAG_LEN_512,  MBEDTLS_SSL_MAX_FRAG_LEN_1024,
+ *                 MBEDTLS_SSL_MAX_FRAG_LEN_2048, MBEDTLS_SSL_MAX_FRAG_LEN_4096)
+ *
+ * \return         0 if successful or MBEDTLS_ERR_SSL_BAD_INPUT_DATA
+ */
+int mbedtls_ssl_conf_max_frag_len( mbedtls_ssl_config *conf, unsigned char mfl_code );
+#endif /* MBEDTLS_SSL_MAX_FRAGMENT_LENGTH */
+
+#if defined(MBEDTLS_SSL_TRUNCATED_HMAC)
+/**
+ * \brief          Activate negotiation of truncated HMAC
+ *                 (Default: MBEDTLS_SSL_TRUNC_HMAC_DISABLED)
+ *
+ * \param conf     SSL configuration
+ * \param truncate Enable or disable (MBEDTLS_SSL_TRUNC_HMAC_ENABLED or
+ *                                    MBEDTLS_SSL_TRUNC_HMAC_DISABLED)
+ */
+void mbedtls_ssl_conf_truncated_hmac( mbedtls_ssl_config *conf, int truncate );
+#endif /* MBEDTLS_SSL_TRUNCATED_HMAC */
+
+#if defined(MBEDTLS_SSL_CBC_RECORD_SPLITTING)
+/**
+ * \brief          Enable / Disable 1/n-1 record splitting
+ *                 (Default: MBEDTLS_SSL_CBC_RECORD_SPLITTING_ENABLED)
+ *
+ * \note           Only affects SSLv3 and TLS 1.0, not higher versions.
+ *                 Does not affect non-CBC ciphersuites in any version.
+ *
+ * \param conf     SSL configuration
+ * \param split    MBEDTLS_SSL_CBC_RECORD_SPLITTING_ENABLED or
+ *                 MBEDTLS_SSL_CBC_RECORD_SPLITTING_DISABLED
+ */
+void mbedtls_ssl_conf_cbc_record_splitting( mbedtls_ssl_config *conf, char split );
+#endif /* MBEDTLS_SSL_CBC_RECORD_SPLITTING */
+
+#if defined(MBEDTLS_SSL_SESSION_TICKETS) && defined(MBEDTLS_SSL_CLI_C)
+/**
+ * \brief          Enable / Disable session tickets (client only).
+ *                 (Default: MBEDTLS_SSL_SESSION_TICKETS_ENABLED.)
+ *
+ * \note           On server, use \c mbedtls_ssl_conf_session_tickets_cb().
+ *
+ * \param conf     SSL configuration
+ * \param use_tickets   Enable or disable (MBEDTLS_SSL_SESSION_TICKETS_ENABLED or
+ *                                         MBEDTLS_SSL_SESSION_TICKETS_DISABLED)
+ */
+void mbedtls_ssl_conf_session_tickets( mbedtls_ssl_config *conf, int use_tickets );
+#endif /* MBEDTLS_SSL_SESSION_TICKETS && MBEDTLS_SSL_CLI_C */
+
+#if defined(MBEDTLS_SSL_RENEGOTIATION)
+/**
+ * \brief          Enable / Disable renegotiation support for connection when
+ *                 initiated by peer
+ *                 (Default: MBEDTLS_SSL_RENEGOTIATION_DISABLED)
+ *
+ * \warning        It is recommended to always disable renegotation unless you
+ *                 know you need it and you know what you're doing. In the
+ *                 past, there has been several issues associated with
+ *                 renegotiation or a poor understanding of its properties.
+ *
+ * \note           Server-side, enabling renegotiation also makes the server
+ *                 susceptible to a resource DoS by a malicious client.
+ *
+ * \param conf    SSL configuration
+ * \param renegotiation     Enable or disable (MBEDTLS_SSL_RENEGOTIATION_ENABLED or
+ *                                             MBEDTLS_SSL_RENEGOTIATION_DISABLED)
+ */
+void mbedtls_ssl_conf_renegotiation( mbedtls_ssl_config *conf, int renegotiation );
+#endif /* MBEDTLS_SSL_RENEGOTIATION */
+
+/**
+ * \brief          Prevent or allow legacy renegotiation.
+ *                 (Default: MBEDTLS_SSL_LEGACY_NO_RENEGOTIATION)
+ *
+ *                 MBEDTLS_SSL_LEGACY_NO_RENEGOTIATION allows connections to
+ *                 be established even if the peer does not support
+ *                 secure renegotiation, but does not allow renegotiation
+ *                 to take place if not secure.
+ *                 (Interoperable and secure option)
+ *
+ *                 MBEDTLS_SSL_LEGACY_ALLOW_RENEGOTIATION allows renegotiations
+ *                 with non-upgraded peers. Allowing legacy renegotiation
+ *                 makes the connection vulnerable to specific man in the
+ *                 middle attacks. (See RFC 5746)
+ *                 (Most interoperable and least secure option)
+ *
+ *                 MBEDTLS_SSL_LEGACY_BREAK_HANDSHAKE breaks off connections
+ *                 if peer does not support secure renegotiation. Results
+ *                 in interoperability issues with non-upgraded peers
+ *                 that do not support renegotiation altogether.
+ *                 (Most secure option, interoperability issues)
+ *
+ * \param conf     SSL configuration
+ * \param allow_legacy  Prevent or allow (SSL_NO_LEGACY_RENEGOTIATION,
+ *                                        SSL_ALLOW_LEGACY_RENEGOTIATION or
+ *                                        MBEDTLS_SSL_LEGACY_BREAK_HANDSHAKE)
+ */
+void mbedtls_ssl_conf_legacy_renegotiation( mbedtls_ssl_config *conf, int allow_legacy );
+
+#if defined(MBEDTLS_SSL_RENEGOTIATION)
+/**
+ * \brief          Enforce renegotiation requests.
+ *                 (Default: enforced, max_records = 16)
+ *
+ *                 When we request a renegotiation, the peer can comply or
+ *                 ignore the request. This function allows us to decide
+ *                 whether to enforce our renegotiation requests by closing
+ *                 the connection if the peer doesn't comply.
+ *
+ *                 However, records could already be in transit from the peer
+ *                 when the request is emitted. In order to increase
+ *                 reliability, we can accept a number of records before the
+ *                 expected handshake records.
+ *
+ *                 The optimal value is highly dependent on the specific usage
+ *                 scenario.
+ *
+ * \note           With DTLS and server-initiated renegotiation, the
+ *                 HelloRequest is retransmited every time mbedtls_ssl_read() times
+ *                 out or receives Application Data, until:
+ *                 - max_records records have beens seen, if it is >= 0, or
+ *                 - the number of retransmits that would happen during an
+ *                 actual handshake has been reached.
+ *                 Please remember the request might be lost a few times
+ *                 if you consider setting max_records to a really low value.
+ *
+ * \warning        On client, the grace period can only happen during
+ *                 mbedtls_ssl_read(), as opposed to mbedtls_ssl_write() and mbedtls_ssl_renegotiate()
+ *                 which always behave as if max_record was 0. The reason is,
+ *                 if we receive application data from the server, we need a
+ *                 place to write it, which only happens during mbedtls_ssl_read().
+ *
+ * \param conf     SSL configuration
+ * \param max_records Use MBEDTLS_SSL_RENEGOTIATION_NOT_ENFORCED if you don't want to
+ *                 enforce renegotiation, or a non-negative value to enforce
+ *                 it but allow for a grace period of max_records records.
+ */
+void mbedtls_ssl_conf_renegotiation_enforced( mbedtls_ssl_config *conf, int max_records );
+
+/**
+ * \brief          Set record counter threshold for periodic renegotiation.
+ *                 (Default: 2^64 - 256.)
+ *
+ *                 Renegotiation is automatically triggered when a record
+ *                 counter (outgoing or ingoing) crosses the defined
+ *                 threshold. The default value is meant to prevent the
+ *                 connection from being closed when the counter is about to
+ *                 reached its maximal value (it is not allowed to wrap).
+ *
+ *                 Lower values can be used to enforce policies such as "keys
+ *                 must be refreshed every N packets with cipher X".
+ *
+ * \param conf     SSL configuration
+ * \param period   The threshold value: a big-endian 64-bit number.
+ *                 Set to 2^64 - 1 to disable periodic renegotiation
+ */
+void mbedtls_ssl_conf_renegotiation_period( mbedtls_ssl_config *conf,
+                                   const unsigned char period[8] );
+#endif /* MBEDTLS_SSL_RENEGOTIATION */
+
+/**
+ * \brief          Return the number of data bytes available to read
+ *
+ * \param ssl      SSL context
+ *
+ * \return         how many bytes are available in the read buffer
+ */
+size_t mbedtls_ssl_get_bytes_avail( const mbedtls_ssl_context *ssl );
+
+/**
+ * \brief          Return the result of the certificate verification
+ *
+ * \param ssl      SSL context
+ *
+ * \return         0 if successful,
+ *                 -1 if result is not available (eg because the handshake was
+ *                 aborted too early), or
+ *                 a combination of BADCERT_xxx and BADCRL_xxx flags, see
+ *                 x509.h
+ */
+uint32_t mbedtls_ssl_get_verify_result( const mbedtls_ssl_context *ssl );
+
+/**
+ * \brief          Return the name of the current ciphersuite
+ *
+ * \param ssl      SSL context
+ *
+ * \return         a string containing the ciphersuite name
+ */
+const char *mbedtls_ssl_get_ciphersuite( const mbedtls_ssl_context *ssl );
+
+/**
+ * \brief          Return the current SSL version (SSLv3/TLSv1/etc)
+ *
+ * \param ssl      SSL context
+ *
+ * \return         a string containing the SSL version
+ */
+const char *mbedtls_ssl_get_version( const mbedtls_ssl_context *ssl );
+
+/**
+ * \brief          Return the (maximum) number of bytes added by the record
+ *                 layer: header + encryption/MAC overhead (inc. padding)
+ *
+ * \param ssl      SSL context
+ *
+ * \return         Current maximum record expansion in bytes, or
+ *                 MBEDTLS_ERR_SSL_FEATURE_UNAVAILABLE if compression is
+ *                 enabled, which makes expansion much less predictable
+ */
+int mbedtls_ssl_get_record_expansion( const mbedtls_ssl_context *ssl );
+
+#if defined(MBEDTLS_SSL_MAX_FRAGMENT_LENGTH)
+/**
+ * \brief          Return the maximum fragment length (payload, in bytes).
+ *                 This is the value negotiated with peer if any,
+ *                 or the locally configured value.
+ *
+ * \note           With DTLS, \c mbedtls_ssl_write() will return an error if
+ *                 called with a larger length value.
+ *                 With TLS, \c mbedtls_ssl_write() will fragment the input if
+ *                 necessary and return the number of bytes written; it is up
+ *                 to the caller to call \c mbedtls_ssl_write() again in
+ *                 order to send the remaining bytes if any.
+ *
+ * \param ssl      SSL context
+ *
+ * \return         Current maximum fragment length.
+ */
+size_t mbedtls_ssl_get_max_frag_len( const mbedtls_ssl_context *ssl );
+#endif /* MBEDTLS_SSL_MAX_FRAGMENT_LENGTH */
+
+#if defined(MBEDTLS_X509_CRT_PARSE_C)
+/**
+ * \brief          Return the peer certificate from the current connection
+ *
+ *                 Note: Can be NULL in case no certificate was sent during
+ *                 the handshake. Different calls for the same connection can
+ *                 return the same or different pointers for the same
+ *                 certificate and even a different certificate altogether.
+ *                 The peer cert CAN change in a single connection if
+ *                 renegotiation is performed.
+ *
+ * \param ssl      SSL context
+ *
+ * \return         the current peer certificate
+ */
+const mbedtls_x509_crt *mbedtls_ssl_get_peer_cert( const mbedtls_ssl_context *ssl );
+#endif /* MBEDTLS_X509_CRT_PARSE_C */
+
+#if defined(MBEDTLS_SSL_CLI_C)
+/**
+ * \brief          Save session in order to resume it later (client-side only)
+ *                 Session data is copied to presented session structure.
+ *
+ * \warning        Currently, peer certificate is lost in the operation.
+ *
+ * \param ssl      SSL context
+ * \param session  session context
+ *
+ * \return         0 if successful,
+ *                 MBEDTLS_ERR_SSL_ALLOC_FAILED if memory allocation failed,
+ *                 MBEDTLS_ERR_SSL_BAD_INPUT_DATA if used server-side or
+ *                 arguments are otherwise invalid
+ *
+ * \sa             mbedtls_ssl_set_session()
+ */
+int mbedtls_ssl_get_session( const mbedtls_ssl_context *ssl, mbedtls_ssl_session *session );
+#endif /* MBEDTLS_SSL_CLI_C */
+
+/**
+ * \brief          Perform the SSL handshake
+ *
+ * \param ssl      SSL context
+ *
+ * \return         0 if successful, or
+ *                 MBEDTLS_ERR_SSL_WANT_READ or MBEDTLS_ERR_SSL_WANT_WRITE, or
+ *                 MBEDTLS_ERR_SSL_HELLO_VERIFY_REQUIRED (see below), or
+ *                 a specific SSL error code.
+ *
+ * \note           If this function returns something other than 0 or
+ *                 MBEDTLS_ERR_SSL_WANT_READ/WRITE, then the ssl context
+ *                 becomes unusable, and you should either free it or call
+ *                 \c mbedtls_ssl_session_reset() on it before re-using it.
+ *
+ * \note           If DTLS is in use, then you may choose to handle
+ *                 MBEDTLS_ERR_SSL_HELLO_VERIFY_REQUIRED specially for logging
+ *                 purposes, as it is an expected return value rather than an
+ *                 actual error, but you still need to reset/free the context.
+ */
+int mbedtls_ssl_handshake( mbedtls_ssl_context *ssl );
+
+/**
+ * \brief          Perform a single step of the SSL handshake
+ *
+ * \note           The state of the context (ssl->state) will be at
+ *                 the following state after execution of this function.
+ *                 Do not call this function if state is MBEDTLS_SSL_HANDSHAKE_OVER.
+ *
+ * \param ssl      SSL context
+ *
+ * \return         0 if successful, or
+ *                 MBEDTLS_ERR_SSL_WANT_READ or MBEDTLS_ERR_SSL_WANT_WRITE, or
+ *                 a specific SSL error code.
+ */
+int mbedtls_ssl_handshake_step( mbedtls_ssl_context *ssl );
+
+#if defined(MBEDTLS_SSL_RENEGOTIATION)
+/**
+ * \brief          Initiate an SSL renegotiation on the running connection.
+ *                 Client: perform the renegotiation right now.
+ *                 Server: request renegotiation, which will be performed
+ *                 during the next call to mbedtls_ssl_read() if honored by client.
+ *
+ * \param ssl      SSL context
+ *
+ * \return         0 if successful, or any mbedtls_ssl_handshake() return value.
+ */
+int mbedtls_ssl_renegotiate( mbedtls_ssl_context *ssl );
+#endif /* MBEDTLS_SSL_RENEGOTIATION */
+
+/**
+ * \brief          Read at most 'len' application data bytes
+ *
+ * \param ssl      SSL context
+ * \param buf      buffer that will hold the data
+ * \param len      maximum number of bytes to read
+ *
+ * \return         the number of bytes read, or
+ *                 0 for EOF, or
+ *                 MBEDTLS_ERR_SSL_WANT_READ or MBEDTLS_ERR_SSL_WANT_WRITE, or
+ *                 MBEDTLS_ERR_SSL_CLIENT_RECONNECT (see below), or
+ *                 another negative error code.
+ *
+ * \note           When this function return MBEDTLS_ERR_SSL_CLIENT_RECONNECT
+ *                 (which can only happen server-side), it means that a client
+ *                 is initiating a new connection using the same source port.
+ *                 You can either treat that as a connection close and wait
+ *                 for the client to resend a ClientHello, or directly
+ *                 continue with \c mbedtls_ssl_handshake() with the same
+ *                 context (as it has beeen reset internally). Either way, you
+ *                 should make sure this is seen by the application as a new
+ *                 connection: application state, if any, should be reset, and
+ *                 most importantly the identity of the client must be checked
+ *                 again. WARNING: not validating the identity of the client
+ *                 again, or not transmitting the new identity to the
+ *                 application layer, would allow authentication bypass!
+ */
+int mbedtls_ssl_read( mbedtls_ssl_context *ssl, unsigned char *buf, size_t len );
+
+/**
+ * \brief          Try to write exactly 'len' application data bytes
+ *
+ * \warning        This function will do partial writes in some cases. If the
+ *                 return value is non-negative but less than length, the
+ *                 function must be called again with updated arguments:
+ *                 buf + ret, len - ret (if ret is the return value) until
+ *                 it returns a value equal to the last 'len' argument.
+ *
+ * \param ssl      SSL context
+ * \param buf      buffer holding the data
+ * \param len      how many bytes must be written
+ *
+ * \return         the number of bytes actually written (may be less than len),
+ *                 or MBEDTLS_ERR_SSL_WANT_WRITE of MBEDTLS_ERR_SSL_WANT_READ,
+ *                 or another negative error code.
+ *
+ * \note           When this function returns MBEDTLS_ERR_SSL_WANT_WRITE/READ,
+ *                 it must be called later with the *same* arguments,
+ *                 until it returns a positive value.
+ *
+ * \note           If the requested length is greater than the maximum
+ *                 fragment length (either the built-in limit or the one set
+ *                 or negotiated with the peer), then:
+ *                 - with TLS, less bytes than requested are written.
+ *                 - with DTLS, MBEDTLS_ERR_SSL_BAD_INPUT_DATA is returned.
+ *                 \c mbedtls_ssl_get_max_frag_len() may be used to query the
+ *                 active maximum fragment length.
+ */
+int mbedtls_ssl_write( mbedtls_ssl_context *ssl, const unsigned char *buf, size_t len );
+
+/**
+ * \brief           Send an alert message
+ *
+ * \param ssl       SSL context
+ * \param level     The alert level of the message
+ *                  (MBEDTLS_SSL_ALERT_LEVEL_WARNING or MBEDTLS_SSL_ALERT_LEVEL_FATAL)
+ * \param message   The alert message (SSL_ALERT_MSG_*)
+ *
+ * \return          0 if successful, or a specific SSL error code.
+ */
+int mbedtls_ssl_send_alert_message( mbedtls_ssl_context *ssl,
+                            unsigned char level,
+                            unsigned char message );
+/**
+ * \brief          Notify the peer that the connection is being closed
+ *
+ * \param ssl      SSL context
+ */
+int mbedtls_ssl_close_notify( mbedtls_ssl_context *ssl );
+
+/**
+ * \brief          Free referenced items in an SSL context and clear memory
+ *
+ * \param ssl      SSL context
+ */
+void mbedtls_ssl_free( mbedtls_ssl_context *ssl );
+
+/**
+ * \brief          Initialize an SSL configuration context
+ *                 Just makes the context ready for
+ *                 mbedtls_ssl_config_defaults() or mbedtls_ssl_config_free().
+ *
+ * \note           You need to call mbedtls_ssl_config_defaults() unless you
+ *                 manually set all of the relevent fields yourself.
+ *
+ * \param conf     SSL configuration context
+ */
+void mbedtls_ssl_config_init( mbedtls_ssl_config *conf );
+
+/**
+ * \brief          Load reasonnable default SSL configuration values.
+ *                 (You need to call mbedtls_ssl_config_init() first.)
+ *
+ * \param conf     SSL configuration context
+ * \param endpoint MBEDTLS_SSL_IS_CLIENT or MBEDTLS_SSL_IS_SERVER
+ * \param transport MBEDTLS_SSL_TRANSPORT_STREAM for TLS, or
+ *                  MBEDTLS_SSL_TRANSPORT_DATAGRAM for DTLS
+ * \param preset   a MBEDTLS_SSL_PRESET_XXX value
+ *                 (currently unused).
+ *
+ * \note           See \c mbedtls_ssl_conf_transport() for notes on DTLS.
+ *
+ * \return         0 if successful, or
+ *                 MBEDTLS_ERR_XXX_ALLOC_FAILED on memory allocation error.
+ */
+int mbedtls_ssl_config_defaults( mbedtls_ssl_config *conf,
+                                 int endpoint, int transport, int preset );
+
+/**
+ * \brief          Free an SSL configuration context
+ *
+ * \param conf     SSL configuration context
+ */
+void mbedtls_ssl_config_free( mbedtls_ssl_config *conf );
+
+/**
+ * \brief          Initialize SSL session structure
+ *
+ * \param session  SSL session
+ */
+void mbedtls_ssl_session_init( mbedtls_ssl_session *session );
+
+/**
+ * \brief          Free referenced items in an SSL session including the
+ *                 peer certificate and clear memory
+ *
+ * \param session  SSL session
+ */
+void mbedtls_ssl_session_free( mbedtls_ssl_session *session );
+
+#ifdef __cplusplus
+}
+#endif
+
+#endif /* ssl.h */
diff --git a/client/3rd/ShadowSocks/ShadowSocks/mbedtls/include/mbedtls/ssl_cache.h b/client/3rd/ShadowSocks/ShadowSocks/mbedtls/include/mbedtls/ssl_cache.h
new file mode 100644
index 00000000..53f043e9
--- /dev/null
+++ b/client/3rd/ShadowSocks/ShadowSocks/mbedtls/include/mbedtls/ssl_cache.h
@@ -0,0 +1,143 @@
+/**
+ * \file ssl_cache.h
+ *
+ * \brief SSL session cache implementation
+ *
+ *  Copyright (C) 2006-2015, ARM Limited, All Rights Reserved
+ *  SPDX-License-Identifier: Apache-2.0
+ *
+ *  Licensed under the Apache License, Version 2.0 (the "License"); you may
+ *  not use this file except in compliance with the License.
+ *  You may obtain a copy of the License at
+ *
+ *  http://www.apache.org/licenses/LICENSE-2.0
+ *
+ *  Unless required by applicable law or agreed to in writing, software
+ *  distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
+ *  WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ *  See the License for the specific language governing permissions and
+ *  limitations under the License.
+ *
+ *  This file is part of mbed TLS (https://tls.mbed.org)
+ */
+#ifndef MBEDTLS_SSL_CACHE_H
+#define MBEDTLS_SSL_CACHE_H
+
+#include "ssl.h"
+
+#if defined(MBEDTLS_THREADING_C)
+#include "threading.h"
+#endif
+
+/**
+ * \name SECTION: Module settings
+ *
+ * The configuration options you can set for this module are in this section.
+ * Either change them in config.h or define them on the compiler command line.
+ * \{
+ */
+
+#if !defined(MBEDTLS_SSL_CACHE_DEFAULT_TIMEOUT)
+#define MBEDTLS_SSL_CACHE_DEFAULT_TIMEOUT       86400   /*!< 1 day  */
+#endif
+
+#if !defined(MBEDTLS_SSL_CACHE_DEFAULT_MAX_ENTRIES)
+#define MBEDTLS_SSL_CACHE_DEFAULT_MAX_ENTRIES      50   /*!< Maximum entries in cache */
+#endif
+
+/* \} name SECTION: Module settings */
+
+#ifdef __cplusplus
+extern "C" {
+#endif
+
+typedef struct mbedtls_ssl_cache_context mbedtls_ssl_cache_context;
+typedef struct mbedtls_ssl_cache_entry mbedtls_ssl_cache_entry;
+
+/**
+ * \brief   This structure is used for storing cache entries
+ */
+struct mbedtls_ssl_cache_entry
+{
+#if defined(MBEDTLS_HAVE_TIME)
+    time_t timestamp;           /*!< entry timestamp    */
+#endif
+    mbedtls_ssl_session session;        /*!< entry session      */
+#if defined(MBEDTLS_X509_CRT_PARSE_C)
+    mbedtls_x509_buf peer_cert;         /*!< entry peer_cert    */
+#endif
+    mbedtls_ssl_cache_entry *next;      /*!< chain pointer      */
+};
+
+/**
+ * \brief Cache context
+ */
+struct mbedtls_ssl_cache_context
+{
+    mbedtls_ssl_cache_entry *chain;     /*!< start of the chain     */
+    int timeout;                /*!< cache entry timeout    */
+    int max_entries;            /*!< maximum entries        */
+#if defined(MBEDTLS_THREADING_C)
+    mbedtls_threading_mutex_t mutex;    /*!< mutex                  */
+#endif
+};
+
+/**
+ * \brief          Initialize an SSL cache context
+ *
+ * \param cache    SSL cache context
+ */
+void mbedtls_ssl_cache_init( mbedtls_ssl_cache_context *cache );
+
+/**
+ * \brief          Cache get callback implementation
+ *                 (Thread-safe if MBEDTLS_THREADING_C is enabled)
+ *
+ * \param data     SSL cache context
+ * \param session  session to retrieve entry for
+ */
+int mbedtls_ssl_cache_get( void *data, mbedtls_ssl_session *session );
+
+/**
+ * \brief          Cache set callback implementation
+ *                 (Thread-safe if MBEDTLS_THREADING_C is enabled)
+ *
+ * \param data     SSL cache context
+ * \param session  session to store entry for
+ */
+int mbedtls_ssl_cache_set( void *data, const mbedtls_ssl_session *session );
+
+#if defined(MBEDTLS_HAVE_TIME)
+/**
+ * \brief          Set the cache timeout
+ *                 (Default: MBEDTLS_SSL_CACHE_DEFAULT_TIMEOUT (1 day))
+ *
+ *                 A timeout of 0 indicates no timeout.
+ *
+ * \param cache    SSL cache context
+ * \param timeout  cache entry timeout in seconds
+ */
+void mbedtls_ssl_cache_set_timeout( mbedtls_ssl_cache_context *cache, int timeout );
+#endif /* MBEDTLS_HAVE_TIME */
+
+/**
+ * \brief          Set the cache timeout
+ *                 (Default: MBEDTLS_SSL_CACHE_DEFAULT_MAX_ENTRIES (50))
+ *
+ * \param cache    SSL cache context
+ * \param max      cache entry maximum
+ */
+void mbedtls_ssl_cache_set_max_entries( mbedtls_ssl_cache_context *cache, int max );
+
+/**
+ * \brief          Free referenced items in a cache context and clear memory
+ *
+ * \param cache    SSL cache context
+ */
+void mbedtls_ssl_cache_free( mbedtls_ssl_cache_context *cache );
+
+#ifdef __cplusplus
+}
+#endif
+
+#endif /* ssl_cache.h */
diff --git a/client/3rd/ShadowSocks/ShadowSocks/mbedtls/include/mbedtls/ssl_ciphersuites.h b/client/3rd/ShadowSocks/ShadowSocks/mbedtls/include/mbedtls/ssl_ciphersuites.h
new file mode 100644
index 00000000..75d4a8a0
--- /dev/null
+++ b/client/3rd/ShadowSocks/ShadowSocks/mbedtls/include/mbedtls/ssl_ciphersuites.h
@@ -0,0 +1,303 @@
+/**
+ * \file ssl_ciphersuites.h
+ *
+ * \brief SSL Ciphersuites for mbed TLS
+ *
+ *  Copyright (C) 2006-2015, ARM Limited, All Rights Reserved
+ *  SPDX-License-Identifier: Apache-2.0
+ *
+ *  Licensed under the Apache License, Version 2.0 (the "License"); you may
+ *  not use this file except in compliance with the License.
+ *  You may obtain a copy of the License at
+ *
+ *  http://www.apache.org/licenses/LICENSE-2.0
+ *
+ *  Unless required by applicable law or agreed to in writing, software
+ *  distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
+ *  WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ *  See the License for the specific language governing permissions and
+ *  limitations under the License.
+ *
+ *  This file is part of mbed TLS (https://tls.mbed.org)
+ */
+#ifndef MBEDTLS_SSL_CIPHERSUITES_H
+#define MBEDTLS_SSL_CIPHERSUITES_H
+
+#include "pk.h"
+#include "cipher.h"
+#include "md.h"
+
+#ifdef __cplusplus
+extern "C" {
+#endif
+
+/*
+ * Supported ciphersuites (Official IANA names)
+ */
+#define MBEDTLS_TLS_RSA_WITH_NULL_MD5                    0x01   /**< Weak! */
+#define MBEDTLS_TLS_RSA_WITH_NULL_SHA                    0x02   /**< Weak! */
+
+#define MBEDTLS_TLS_RSA_WITH_RC4_128_MD5                 0x04
+#define MBEDTLS_TLS_RSA_WITH_RC4_128_SHA                 0x05
+#define MBEDTLS_TLS_RSA_WITH_DES_CBC_SHA                 0x09   /**< Weak! Not in TLS 1.2 */
+
+#define MBEDTLS_TLS_RSA_WITH_3DES_EDE_CBC_SHA            0x0A
+
+#define MBEDTLS_TLS_DHE_RSA_WITH_DES_CBC_SHA             0x15   /**< Weak! Not in TLS 1.2 */
+#define MBEDTLS_TLS_DHE_RSA_WITH_3DES_EDE_CBC_SHA        0x16
+
+#define MBEDTLS_TLS_PSK_WITH_NULL_SHA                    0x2C   /**< Weak! */
+#define MBEDTLS_TLS_DHE_PSK_WITH_NULL_SHA                0x2D   /**< Weak! */
+#define MBEDTLS_TLS_RSA_PSK_WITH_NULL_SHA                0x2E   /**< Weak! */
+#define MBEDTLS_TLS_RSA_WITH_AES_128_CBC_SHA             0x2F
+
+#define MBEDTLS_TLS_DHE_RSA_WITH_AES_128_CBC_SHA         0x33
+#define MBEDTLS_TLS_RSA_WITH_AES_256_CBC_SHA             0x35
+#define MBEDTLS_TLS_DHE_RSA_WITH_AES_256_CBC_SHA         0x39
+
+#define MBEDTLS_TLS_RSA_WITH_NULL_SHA256                 0x3B   /**< Weak! */
+#define MBEDTLS_TLS_RSA_WITH_AES_128_CBC_SHA256          0x3C   /**< TLS 1.2 */
+#define MBEDTLS_TLS_RSA_WITH_AES_256_CBC_SHA256          0x3D   /**< TLS 1.2 */
+
+#define MBEDTLS_TLS_RSA_WITH_CAMELLIA_128_CBC_SHA        0x41
+#define MBEDTLS_TLS_DHE_RSA_WITH_CAMELLIA_128_CBC_SHA    0x45
+
+#define MBEDTLS_TLS_DHE_RSA_WITH_AES_128_CBC_SHA256      0x67   /**< TLS 1.2 */
+#define MBEDTLS_TLS_DHE_RSA_WITH_AES_256_CBC_SHA256      0x6B   /**< TLS 1.2 */
+
+#define MBEDTLS_TLS_RSA_WITH_CAMELLIA_256_CBC_SHA        0x84
+#define MBEDTLS_TLS_DHE_RSA_WITH_CAMELLIA_256_CBC_SHA    0x88
+
+#define MBEDTLS_TLS_PSK_WITH_RC4_128_SHA                 0x8A
+#define MBEDTLS_TLS_PSK_WITH_3DES_EDE_CBC_SHA            0x8B
+#define MBEDTLS_TLS_PSK_WITH_AES_128_CBC_SHA             0x8C
+#define MBEDTLS_TLS_PSK_WITH_AES_256_CBC_SHA             0x8D
+
+#define MBEDTLS_TLS_DHE_PSK_WITH_RC4_128_SHA             0x8E
+#define MBEDTLS_TLS_DHE_PSK_WITH_3DES_EDE_CBC_SHA        0x8F
+#define MBEDTLS_TLS_DHE_PSK_WITH_AES_128_CBC_SHA         0x90
+#define MBEDTLS_TLS_DHE_PSK_WITH_AES_256_CBC_SHA         0x91
+
+#define MBEDTLS_TLS_RSA_PSK_WITH_RC4_128_SHA             0x92
+#define MBEDTLS_TLS_RSA_PSK_WITH_3DES_EDE_CBC_SHA        0x93
+#define MBEDTLS_TLS_RSA_PSK_WITH_AES_128_CBC_SHA         0x94
+#define MBEDTLS_TLS_RSA_PSK_WITH_AES_256_CBC_SHA         0x95
+
+#define MBEDTLS_TLS_RSA_WITH_AES_128_GCM_SHA256          0x9C   /**< TLS 1.2 */
+#define MBEDTLS_TLS_RSA_WITH_AES_256_GCM_SHA384          0x9D   /**< TLS 1.2 */
+#define MBEDTLS_TLS_DHE_RSA_WITH_AES_128_GCM_SHA256      0x9E   /**< TLS 1.2 */
+#define MBEDTLS_TLS_DHE_RSA_WITH_AES_256_GCM_SHA384      0x9F   /**< TLS 1.2 */
+
+#define MBEDTLS_TLS_PSK_WITH_AES_128_GCM_SHA256          0xA8   /**< TLS 1.2 */
+#define MBEDTLS_TLS_PSK_WITH_AES_256_GCM_SHA384          0xA9   /**< TLS 1.2 */
+#define MBEDTLS_TLS_DHE_PSK_WITH_AES_128_GCM_SHA256      0xAA   /**< TLS 1.2 */
+#define MBEDTLS_TLS_DHE_PSK_WITH_AES_256_GCM_SHA384      0xAB   /**< TLS 1.2 */
+#define MBEDTLS_TLS_RSA_PSK_WITH_AES_128_GCM_SHA256      0xAC   /**< TLS 1.2 */
+#define MBEDTLS_TLS_RSA_PSK_WITH_AES_256_GCM_SHA384      0xAD   /**< TLS 1.2 */
+
+#define MBEDTLS_TLS_PSK_WITH_AES_128_CBC_SHA256          0xAE
+#define MBEDTLS_TLS_PSK_WITH_AES_256_CBC_SHA384          0xAF
+#define MBEDTLS_TLS_PSK_WITH_NULL_SHA256                 0xB0   /**< Weak! */
+#define MBEDTLS_TLS_PSK_WITH_NULL_SHA384                 0xB1   /**< Weak! */
+
+#define MBEDTLS_TLS_DHE_PSK_WITH_AES_128_CBC_SHA256      0xB2
+#define MBEDTLS_TLS_DHE_PSK_WITH_AES_256_CBC_SHA384      0xB3
+#define MBEDTLS_TLS_DHE_PSK_WITH_NULL_SHA256             0xB4   /**< Weak! */
+#define MBEDTLS_TLS_DHE_PSK_WITH_NULL_SHA384             0xB5   /**< Weak! */
+
+#define MBEDTLS_TLS_RSA_PSK_WITH_AES_128_CBC_SHA256      0xB6
+#define MBEDTLS_TLS_RSA_PSK_WITH_AES_256_CBC_SHA384      0xB7
+#define MBEDTLS_TLS_RSA_PSK_WITH_NULL_SHA256             0xB8   /**< Weak! */
+#define MBEDTLS_TLS_RSA_PSK_WITH_NULL_SHA384             0xB9   /**< Weak! */
+
+#define MBEDTLS_TLS_RSA_WITH_CAMELLIA_128_CBC_SHA256     0xBA   /**< TLS 1.2 */
+#define MBEDTLS_TLS_DHE_RSA_WITH_CAMELLIA_128_CBC_SHA256 0xBE   /**< TLS 1.2 */
+
+#define MBEDTLS_TLS_RSA_WITH_CAMELLIA_256_CBC_SHA256     0xC0   /**< TLS 1.2 */
+#define MBEDTLS_TLS_DHE_RSA_WITH_CAMELLIA_256_CBC_SHA256 0xC4   /**< TLS 1.2 */
+
+#define MBEDTLS_TLS_ECDH_ECDSA_WITH_NULL_SHA             0xC001 /**< Weak! */
+#define MBEDTLS_TLS_ECDH_ECDSA_WITH_RC4_128_SHA          0xC002 /**< Not in SSL3! */
+#define MBEDTLS_TLS_ECDH_ECDSA_WITH_3DES_EDE_CBC_SHA     0xC003 /**< Not in SSL3! */
+#define MBEDTLS_TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA      0xC004 /**< Not in SSL3! */
+#define MBEDTLS_TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA      0xC005 /**< Not in SSL3! */
+
+#define MBEDTLS_TLS_ECDHE_ECDSA_WITH_NULL_SHA            0xC006 /**< Weak! */
+#define MBEDTLS_TLS_ECDHE_ECDSA_WITH_RC4_128_SHA         0xC007 /**< Not in SSL3! */
+#define MBEDTLS_TLS_ECDHE_ECDSA_WITH_3DES_EDE_CBC_SHA    0xC008 /**< Not in SSL3! */
+#define MBEDTLS_TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA     0xC009 /**< Not in SSL3! */
+#define MBEDTLS_TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA     0xC00A /**< Not in SSL3! */
+
+#define MBEDTLS_TLS_ECDH_RSA_WITH_NULL_SHA               0xC00B /**< Weak! */
+#define MBEDTLS_TLS_ECDH_RSA_WITH_RC4_128_SHA            0xC00C /**< Not in SSL3! */
+#define MBEDTLS_TLS_ECDH_RSA_WITH_3DES_EDE_CBC_SHA       0xC00D /**< Not in SSL3! */
+#define MBEDTLS_TLS_ECDH_RSA_WITH_AES_128_CBC_SHA        0xC00E /**< Not in SSL3! */
+#define MBEDTLS_TLS_ECDH_RSA_WITH_AES_256_CBC_SHA        0xC00F /**< Not in SSL3! */
+
+#define MBEDTLS_TLS_ECDHE_RSA_WITH_NULL_SHA              0xC010 /**< Weak! */
+#define MBEDTLS_TLS_ECDHE_RSA_WITH_RC4_128_SHA           0xC011 /**< Not in SSL3! */
+#define MBEDTLS_TLS_ECDHE_RSA_WITH_3DES_EDE_CBC_SHA      0xC012 /**< Not in SSL3! */
+#define MBEDTLS_TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA       0xC013 /**< Not in SSL3! */
+#define MBEDTLS_TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA       0xC014 /**< Not in SSL3! */
+
+#define MBEDTLS_TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256  0xC023 /**< TLS 1.2 */
+#define MBEDTLS_TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA384  0xC024 /**< TLS 1.2 */
+#define MBEDTLS_TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA256   0xC025 /**< TLS 1.2 */
+#define MBEDTLS_TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA384   0xC026 /**< TLS 1.2 */
+#define MBEDTLS_TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256    0xC027 /**< TLS 1.2 */
+#define MBEDTLS_TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384    0xC028 /**< TLS 1.2 */
+#define MBEDTLS_TLS_ECDH_RSA_WITH_AES_128_CBC_SHA256     0xC029 /**< TLS 1.2 */
+#define MBEDTLS_TLS_ECDH_RSA_WITH_AES_256_CBC_SHA384     0xC02A /**< TLS 1.2 */
+
+#define MBEDTLS_TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256  0xC02B /**< TLS 1.2 */
+#define MBEDTLS_TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384  0xC02C /**< TLS 1.2 */
+#define MBEDTLS_TLS_ECDH_ECDSA_WITH_AES_128_GCM_SHA256   0xC02D /**< TLS 1.2 */
+#define MBEDTLS_TLS_ECDH_ECDSA_WITH_AES_256_GCM_SHA384   0xC02E /**< TLS 1.2 */
+#define MBEDTLS_TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256    0xC02F /**< TLS 1.2 */
+#define MBEDTLS_TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384    0xC030 /**< TLS 1.2 */
+#define MBEDTLS_TLS_ECDH_RSA_WITH_AES_128_GCM_SHA256     0xC031 /**< TLS 1.2 */
+#define MBEDTLS_TLS_ECDH_RSA_WITH_AES_256_GCM_SHA384     0xC032 /**< TLS 1.2 */
+
+#define MBEDTLS_TLS_ECDHE_PSK_WITH_RC4_128_SHA           0xC033 /**< Not in SSL3! */
+#define MBEDTLS_TLS_ECDHE_PSK_WITH_3DES_EDE_CBC_SHA      0xC034 /**< Not in SSL3! */
+#define MBEDTLS_TLS_ECDHE_PSK_WITH_AES_128_CBC_SHA       0xC035 /**< Not in SSL3! */
+#define MBEDTLS_TLS_ECDHE_PSK_WITH_AES_256_CBC_SHA       0xC036 /**< Not in SSL3! */
+#define MBEDTLS_TLS_ECDHE_PSK_WITH_AES_128_CBC_SHA256    0xC037 /**< Not in SSL3! */
+#define MBEDTLS_TLS_ECDHE_PSK_WITH_AES_256_CBC_SHA384    0xC038 /**< Not in SSL3! */
+#define MBEDTLS_TLS_ECDHE_PSK_WITH_NULL_SHA              0xC039 /**< Weak! No SSL3! */
+#define MBEDTLS_TLS_ECDHE_PSK_WITH_NULL_SHA256           0xC03A /**< Weak! No SSL3! */
+#define MBEDTLS_TLS_ECDHE_PSK_WITH_NULL_SHA384           0xC03B /**< Weak! No SSL3! */
+
+#define MBEDTLS_TLS_ECDHE_ECDSA_WITH_CAMELLIA_128_CBC_SHA256 0xC072 /**< Not in SSL3! */
+#define MBEDTLS_TLS_ECDHE_ECDSA_WITH_CAMELLIA_256_CBC_SHA384 0xC073 /**< Not in SSL3! */
+#define MBEDTLS_TLS_ECDH_ECDSA_WITH_CAMELLIA_128_CBC_SHA256  0xC074 /**< Not in SSL3! */
+#define MBEDTLS_TLS_ECDH_ECDSA_WITH_CAMELLIA_256_CBC_SHA384  0xC075 /**< Not in SSL3! */
+#define MBEDTLS_TLS_ECDHE_RSA_WITH_CAMELLIA_128_CBC_SHA256   0xC076 /**< Not in SSL3! */
+#define MBEDTLS_TLS_ECDHE_RSA_WITH_CAMELLIA_256_CBC_SHA384   0xC077 /**< Not in SSL3! */
+#define MBEDTLS_TLS_ECDH_RSA_WITH_CAMELLIA_128_CBC_SHA256    0xC078 /**< Not in SSL3! */
+#define MBEDTLS_TLS_ECDH_RSA_WITH_CAMELLIA_256_CBC_SHA384    0xC079 /**< Not in SSL3! */
+
+#define MBEDTLS_TLS_RSA_WITH_CAMELLIA_128_GCM_SHA256         0xC07A /**< TLS 1.2 */
+#define MBEDTLS_TLS_RSA_WITH_CAMELLIA_256_GCM_SHA384         0xC07B /**< TLS 1.2 */
+#define MBEDTLS_TLS_DHE_RSA_WITH_CAMELLIA_128_GCM_SHA256     0xC07C /**< TLS 1.2 */
+#define MBEDTLS_TLS_DHE_RSA_WITH_CAMELLIA_256_GCM_SHA384     0xC07D /**< TLS 1.2 */
+#define MBEDTLS_TLS_ECDHE_ECDSA_WITH_CAMELLIA_128_GCM_SHA256 0xC086 /**< TLS 1.2 */
+#define MBEDTLS_TLS_ECDHE_ECDSA_WITH_CAMELLIA_256_GCM_SHA384 0xC087 /**< TLS 1.2 */
+#define MBEDTLS_TLS_ECDH_ECDSA_WITH_CAMELLIA_128_GCM_SHA256  0xC088 /**< TLS 1.2 */
+#define MBEDTLS_TLS_ECDH_ECDSA_WITH_CAMELLIA_256_GCM_SHA384  0xC089 /**< TLS 1.2 */
+#define MBEDTLS_TLS_ECDHE_RSA_WITH_CAMELLIA_128_GCM_SHA256   0xC08A /**< TLS 1.2 */
+#define MBEDTLS_TLS_ECDHE_RSA_WITH_CAMELLIA_256_GCM_SHA384   0xC08B /**< TLS 1.2 */
+#define MBEDTLS_TLS_ECDH_RSA_WITH_CAMELLIA_128_GCM_SHA256    0xC08C /**< TLS 1.2 */
+#define MBEDTLS_TLS_ECDH_RSA_WITH_CAMELLIA_256_GCM_SHA384    0xC08D /**< TLS 1.2 */
+
+#define MBEDTLS_TLS_PSK_WITH_CAMELLIA_128_GCM_SHA256       0xC08E /**< TLS 1.2 */
+#define MBEDTLS_TLS_PSK_WITH_CAMELLIA_256_GCM_SHA384       0xC08F /**< TLS 1.2 */
+#define MBEDTLS_TLS_DHE_PSK_WITH_CAMELLIA_128_GCM_SHA256   0xC090 /**< TLS 1.2 */
+#define MBEDTLS_TLS_DHE_PSK_WITH_CAMELLIA_256_GCM_SHA384   0xC091 /**< TLS 1.2 */
+#define MBEDTLS_TLS_RSA_PSK_WITH_CAMELLIA_128_GCM_SHA256   0xC092 /**< TLS 1.2 */
+#define MBEDTLS_TLS_RSA_PSK_WITH_CAMELLIA_256_GCM_SHA384   0xC093 /**< TLS 1.2 */
+
+#define MBEDTLS_TLS_PSK_WITH_CAMELLIA_128_CBC_SHA256       0xC094
+#define MBEDTLS_TLS_PSK_WITH_CAMELLIA_256_CBC_SHA384       0xC095
+#define MBEDTLS_TLS_DHE_PSK_WITH_CAMELLIA_128_CBC_SHA256   0xC096
+#define MBEDTLS_TLS_DHE_PSK_WITH_CAMELLIA_256_CBC_SHA384   0xC097
+#define MBEDTLS_TLS_RSA_PSK_WITH_CAMELLIA_128_CBC_SHA256   0xC098
+#define MBEDTLS_TLS_RSA_PSK_WITH_CAMELLIA_256_CBC_SHA384   0xC099
+#define MBEDTLS_TLS_ECDHE_PSK_WITH_CAMELLIA_128_CBC_SHA256 0xC09A /**< Not in SSL3! */
+#define MBEDTLS_TLS_ECDHE_PSK_WITH_CAMELLIA_256_CBC_SHA384 0xC09B /**< Not in SSL3! */
+
+#define MBEDTLS_TLS_RSA_WITH_AES_128_CCM                0xC09C  /**< TLS 1.2 */
+#define MBEDTLS_TLS_RSA_WITH_AES_256_CCM                0xC09D  /**< TLS 1.2 */
+#define MBEDTLS_TLS_DHE_RSA_WITH_AES_128_CCM            0xC09E  /**< TLS 1.2 */
+#define MBEDTLS_TLS_DHE_RSA_WITH_AES_256_CCM            0xC09F  /**< TLS 1.2 */
+#define MBEDTLS_TLS_RSA_WITH_AES_128_CCM_8              0xC0A0  /**< TLS 1.2 */
+#define MBEDTLS_TLS_RSA_WITH_AES_256_CCM_8              0xC0A1  /**< TLS 1.2 */
+#define MBEDTLS_TLS_DHE_RSA_WITH_AES_128_CCM_8          0xC0A2  /**< TLS 1.2 */
+#define MBEDTLS_TLS_DHE_RSA_WITH_AES_256_CCM_8          0xC0A3  /**< TLS 1.2 */
+#define MBEDTLS_TLS_PSK_WITH_AES_128_CCM                0xC0A4  /**< TLS 1.2 */
+#define MBEDTLS_TLS_PSK_WITH_AES_256_CCM                0xC0A5  /**< TLS 1.2 */
+#define MBEDTLS_TLS_DHE_PSK_WITH_AES_128_CCM            0xC0A6  /**< TLS 1.2 */
+#define MBEDTLS_TLS_DHE_PSK_WITH_AES_256_CCM            0xC0A7  /**< TLS 1.2 */
+#define MBEDTLS_TLS_PSK_WITH_AES_128_CCM_8              0xC0A8  /**< TLS 1.2 */
+#define MBEDTLS_TLS_PSK_WITH_AES_256_CCM_8              0xC0A9  /**< TLS 1.2 */
+#define MBEDTLS_TLS_DHE_PSK_WITH_AES_128_CCM_8          0xC0AA  /**< TLS 1.2 */
+#define MBEDTLS_TLS_DHE_PSK_WITH_AES_256_CCM_8          0xC0AB  /**< TLS 1.2 */
+/* The last two are named with PSK_DHE in the RFC, which looks like a typo */
+
+#define MBEDTLS_TLS_ECDHE_ECDSA_WITH_AES_128_CCM        0xC0AC  /**< TLS 1.2 */
+#define MBEDTLS_TLS_ECDHE_ECDSA_WITH_AES_256_CCM        0xC0AD  /**< TLS 1.2 */
+#define MBEDTLS_TLS_ECDHE_ECDSA_WITH_AES_128_CCM_8      0xC0AE  /**< TLS 1.2 */
+#define MBEDTLS_TLS_ECDHE_ECDSA_WITH_AES_256_CCM_8      0xC0AF  /**< TLS 1.2 */
+
+/* Reminder: update mbedtls_ssl_premaster_secret when adding a new key exchange.
+ * Reminder: update MBEDTLS_KEY_EXCHANGE__WITH_CERT__ENABLED below.
+ */
+typedef enum {
+    MBEDTLS_KEY_EXCHANGE_NONE = 0,
+    MBEDTLS_KEY_EXCHANGE_RSA,
+    MBEDTLS_KEY_EXCHANGE_DHE_RSA,
+    MBEDTLS_KEY_EXCHANGE_ECDHE_RSA,
+    MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA,
+    MBEDTLS_KEY_EXCHANGE_PSK,
+    MBEDTLS_KEY_EXCHANGE_DHE_PSK,
+    MBEDTLS_KEY_EXCHANGE_RSA_PSK,
+    MBEDTLS_KEY_EXCHANGE_ECDHE_PSK,
+    MBEDTLS_KEY_EXCHANGE_ECDH_RSA,
+    MBEDTLS_KEY_EXCHANGE_ECDH_ECDSA,
+} mbedtls_key_exchange_type_t;
+
+#if defined(MBEDTLS_KEY_EXCHANGE_RSA_ENABLED)          || \
+    defined(MBEDTLS_KEY_EXCHANGE_DHE_RSA_ENABLED)      || \
+    defined(MBEDTLS_KEY_EXCHANGE_ECDHE_RSA_ENABLED)    || \
+    defined(MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA_ENABLED)  || \
+    defined(MBEDTLS_KEY_EXCHANGE_RSA_PSK_ENABLED)      || \
+    defined(MBEDTLS_KEY_EXCHANGE_ECDHE_PSK_ENABLED)    || \
+    defined(MBEDTLS_KEY_EXCHANGE_ECDH_RSA_ENABLED)     || \
+    defined(MBEDTLS_KEY_EXCHANGE_ECDH_ECDSA_ENABLED)
+#define MBEDTLS_KEY_EXCHANGE__WITH_CERT__ENABLED
+#endif
+
+typedef struct mbedtls_ssl_ciphersuite_t mbedtls_ssl_ciphersuite_t;
+
+#define MBEDTLS_CIPHERSUITE_WEAK       0x01    /**< Weak ciphersuite flag  */
+#define MBEDTLS_CIPHERSUITE_SHORT_TAG  0x02    /**< Short authentication tag,
+                                                     eg for CCM_8 */
+#define MBEDTLS_CIPHERSUITE_NODTLS     0x04    /**< Can't be used with DTLS */
+
+/**
+ * \brief   This structure is used for storing ciphersuite information
+ */
+struct mbedtls_ssl_ciphersuite_t
+{
+    int id;
+    const char * name;
+
+    mbedtls_cipher_type_t cipher;
+    mbedtls_md_type_t mac;
+    mbedtls_key_exchange_type_t key_exchange;
+
+    int min_major_ver;
+    int min_minor_ver;
+    int max_major_ver;
+    int max_minor_ver;
+
+    unsigned char flags;
+};
+
+const int *mbedtls_ssl_list_ciphersuites( void );
+
+const mbedtls_ssl_ciphersuite_t *mbedtls_ssl_ciphersuite_from_string( const char *ciphersuite_name );
+const mbedtls_ssl_ciphersuite_t *mbedtls_ssl_ciphersuite_from_id( int ciphersuite_id );
+
+#if defined(MBEDTLS_PK_C)
+mbedtls_pk_type_t mbedtls_ssl_get_ciphersuite_sig_pk_alg( const mbedtls_ssl_ciphersuite_t *info );
+#endif
+
+int mbedtls_ssl_ciphersuite_uses_ec( const mbedtls_ssl_ciphersuite_t *info );
+int mbedtls_ssl_ciphersuite_uses_psk( const mbedtls_ssl_ciphersuite_t *info );
+
+#ifdef __cplusplus
+}
+#endif
+
+#endif /* ssl_ciphersuites.h */
diff --git a/client/3rd/ShadowSocks/ShadowSocks/mbedtls/include/mbedtls/ssl_cookie.h b/client/3rd/ShadowSocks/ShadowSocks/mbedtls/include/mbedtls/ssl_cookie.h
new file mode 100644
index 00000000..037e1c31
--- /dev/null
+++ b/client/3rd/ShadowSocks/ShadowSocks/mbedtls/include/mbedtls/ssl_cookie.h
@@ -0,0 +1,108 @@
+/**
+ * \file ssl_cookie.h
+ *
+ * \brief DTLS cookie callbacks implementation
+ *
+ *  Copyright (C) 2006-2015, ARM Limited, All Rights Reserved
+ *  SPDX-License-Identifier: Apache-2.0
+ *
+ *  Licensed under the Apache License, Version 2.0 (the "License"); you may
+ *  not use this file except in compliance with the License.
+ *  You may obtain a copy of the License at
+ *
+ *  http://www.apache.org/licenses/LICENSE-2.0
+ *
+ *  Unless required by applicable law or agreed to in writing, software
+ *  distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
+ *  WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ *  See the License for the specific language governing permissions and
+ *  limitations under the License.
+ *
+ *  This file is part of mbed TLS (https://tls.mbed.org)
+ */
+#ifndef MBEDTLS_SSL_COOKIE_H
+#define MBEDTLS_SSL_COOKIE_H
+
+#include "ssl.h"
+
+#if defined(MBEDTLS_THREADING_C)
+#include "threading.h"
+#endif
+
+/**
+ * \name SECTION: Module settings
+ *
+ * The configuration options you can set for this module are in this section.
+ * Either change them in config.h or define them on the compiler command line.
+ * \{
+ */
+#ifndef MBEDTLS_SSL_COOKIE_TIMEOUT
+#define MBEDTLS_SSL_COOKIE_TIMEOUT     60 /**< Default expiration delay of DTLS cookies, in seconds if HAVE_TIME, or in number of cookies issued */
+#endif
+
+/* \} name SECTION: Module settings */
+
+#ifdef __cplusplus
+extern "C" {
+#endif
+
+/**
+ * \brief          Context for the default cookie functions.
+ */
+typedef struct
+{
+    mbedtls_md_context_t    hmac_ctx;   /*!< context for the HMAC portion   */
+#if !defined(MBEDTLS_HAVE_TIME)
+    unsigned long   serial;     /*!< serial number for expiration   */
+#endif
+    unsigned long   timeout;    /*!< timeout delay, in seconds if HAVE_TIME,
+                                     or in number of tickets issued */
+
+#if defined(MBEDTLS_THREADING_C)
+    mbedtls_threading_mutex_t mutex;
+#endif
+} mbedtls_ssl_cookie_ctx;
+
+/**
+ * \brief          Initialize cookie context
+ */
+void mbedtls_ssl_cookie_init( mbedtls_ssl_cookie_ctx *ctx );
+
+/**
+ * \brief          Setup cookie context (generate keys)
+ */
+int mbedtls_ssl_cookie_setup( mbedtls_ssl_cookie_ctx *ctx,
+                      int (*f_rng)(void *, unsigned char *, size_t),
+                      void *p_rng );
+
+/**
+ * \brief          Set expiration delay for cookies
+ *                 (Default MBEDTLS_SSL_COOKIE_TIMEOUT)
+ *
+ * \param ctx      Cookie contex
+ * \param delay    Delay, in seconds if HAVE_TIME, or in number of cookies
+ *                 issued in the meantime.
+ *                 0 to disable expiration (NOT recommended)
+ */
+void mbedtls_ssl_cookie_set_timeout( mbedtls_ssl_cookie_ctx *ctx, unsigned long delay );
+
+/**
+ * \brief          Free cookie context
+ */
+void mbedtls_ssl_cookie_free( mbedtls_ssl_cookie_ctx *ctx );
+
+/**
+ * \brief          Generate cookie, see \c mbedtls_ssl_cookie_write_t
+ */
+mbedtls_ssl_cookie_write_t mbedtls_ssl_cookie_write;
+
+/**
+ * \brief          Verify cookie, see \c mbedtls_ssl_cookie_write_t
+ */
+mbedtls_ssl_cookie_check_t mbedtls_ssl_cookie_check;
+
+#ifdef __cplusplus
+}
+#endif
+
+#endif /* ssl_cookie.h */
diff --git a/client/3rd/ShadowSocks/ShadowSocks/mbedtls/include/mbedtls/ssl_internal.h b/client/3rd/ShadowSocks/ShadowSocks/mbedtls/include/mbedtls/ssl_internal.h
new file mode 100644
index 00000000..78c748cf
--- /dev/null
+++ b/client/3rd/ShadowSocks/ShadowSocks/mbedtls/include/mbedtls/ssl_internal.h
@@ -0,0 +1,482 @@
+/**
+ * \file ssl_ticket.h
+ *
+ * \brief Internal functions shared by the SSL modules
+ *
+ *  Copyright (C) 2006-2015, ARM Limited, All Rights Reserved
+ *  SPDX-License-Identifier: Apache-2.0
+ *
+ *  Licensed under the Apache License, Version 2.0 (the "License"); you may
+ *  not use this file except in compliance with the License.
+ *  You may obtain a copy of the License at
+ *
+ *  http://www.apache.org/licenses/LICENSE-2.0
+ *
+ *  Unless required by applicable law or agreed to in writing, software
+ *  distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
+ *  WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ *  See the License for the specific language governing permissions and
+ *  limitations under the License.
+ *
+ *  This file is part of mbed TLS (https://tls.mbed.org)
+ */
+#ifndef MBEDTLS_SSL_INTERNAL_H
+#define MBEDTLS_SSL_INTERNAL_H
+
+#include "ssl.h"
+
+#if defined(MBEDTLS_MD5_C)
+#include "md5.h"
+#endif
+
+#if defined(MBEDTLS_SHA1_C)
+#include "sha1.h"
+#endif
+
+#if defined(MBEDTLS_SHA256_C)
+#include "sha256.h"
+#endif
+
+#if defined(MBEDTLS_SHA512_C)
+#include "sha512.h"
+#endif
+
+#if ( defined(__ARMCC_VERSION) || defined(_MSC_VER) ) && \
+    !defined(inline) && !defined(__cplusplus)
+#define inline __inline
+#endif
+
+/* Determine minimum supported version */
+#define MBEDTLS_SSL_MIN_MAJOR_VERSION           MBEDTLS_SSL_MAJOR_VERSION_3
+
+#if defined(MBEDTLS_SSL_PROTO_SSL3)
+#define MBEDTLS_SSL_MIN_MINOR_VERSION           MBEDTLS_SSL_MINOR_VERSION_0
+#else
+#if defined(MBEDTLS_SSL_PROTO_TLS1)
+#define MBEDTLS_SSL_MIN_MINOR_VERSION           MBEDTLS_SSL_MINOR_VERSION_1
+#else
+#if defined(MBEDTLS_SSL_PROTO_TLS1_1)
+#define MBEDTLS_SSL_MIN_MINOR_VERSION           MBEDTLS_SSL_MINOR_VERSION_2
+#else
+#if defined(MBEDTLS_SSL_PROTO_TLS1_2)
+#define MBEDTLS_SSL_MIN_MINOR_VERSION           MBEDTLS_SSL_MINOR_VERSION_3
+#endif /* MBEDTLS_SSL_PROTO_TLS1_2 */
+#endif /* MBEDTLS_SSL_PROTO_TLS1_1 */
+#endif /* MBEDTLS_SSL_PROTO_TLS1   */
+#endif /* MBEDTLS_SSL_PROTO_SSL3   */
+
+/* Determine maximum supported version */
+#define MBEDTLS_SSL_MAX_MAJOR_VERSION           MBEDTLS_SSL_MAJOR_VERSION_3
+
+#if defined(MBEDTLS_SSL_PROTO_TLS1_2)
+#define MBEDTLS_SSL_MAX_MINOR_VERSION           MBEDTLS_SSL_MINOR_VERSION_3
+#else
+#if defined(MBEDTLS_SSL_PROTO_TLS1_1)
+#define MBEDTLS_SSL_MAX_MINOR_VERSION           MBEDTLS_SSL_MINOR_VERSION_2
+#else
+#if defined(MBEDTLS_SSL_PROTO_TLS1)
+#define MBEDTLS_SSL_MAX_MINOR_VERSION           MBEDTLS_SSL_MINOR_VERSION_1
+#else
+#if defined(MBEDTLS_SSL_PROTO_SSL3)
+#define MBEDTLS_SSL_MAX_MINOR_VERSION           MBEDTLS_SSL_MINOR_VERSION_0
+#endif /* MBEDTLS_SSL_PROTO_SSL3   */
+#endif /* MBEDTLS_SSL_PROTO_TLS1   */
+#endif /* MBEDTLS_SSL_PROTO_TLS1_1 */
+#endif /* MBEDTLS_SSL_PROTO_TLS1_2 */
+
+#define MBEDTLS_SSL_INITIAL_HANDSHAKE           0
+#define MBEDTLS_SSL_RENEGOTIATION_IN_PROGRESS   1   /* In progress */
+#define MBEDTLS_SSL_RENEGOTIATION_DONE          2   /* Done or aborted */
+#define MBEDTLS_SSL_RENEGOTIATION_PENDING       3   /* Requested (server only) */
+
+/*
+ * DTLS retransmission states, see RFC 6347 4.2.4
+ *
+ * The SENDING state is merged in PREPARING for initial sends,
+ * but is distinct for resends.
+ *
+ * Note: initial state is wrong for server, but is not used anyway.
+ */
+#define MBEDTLS_SSL_RETRANS_PREPARING       0
+#define MBEDTLS_SSL_RETRANS_SENDING         1
+#define MBEDTLS_SSL_RETRANS_WAITING         2
+#define MBEDTLS_SSL_RETRANS_FINISHED        3
+
+/*
+ * Allow extra bytes for record, authentication and encryption overhead:
+ * counter (8) + header (5) + IV(16) + MAC (16-48) + padding (0-256)
+ * and allow for a maximum of 1024 of compression expansion if
+ * enabled.
+ */
+#if defined(MBEDTLS_ZLIB_SUPPORT)
+#define MBEDTLS_SSL_COMPRESSION_ADD          1024
+#else
+#define MBEDTLS_SSL_COMPRESSION_ADD             0
+#endif
+
+#if defined(MBEDTLS_ARC4_C) || defined(MBEDTLS_CIPHER_MODE_CBC)
+/* Ciphersuites using HMAC */
+#if defined(MBEDTLS_SHA512_C)
+#define MBEDTLS_SSL_MAC_ADD                 48  /* SHA-384 used for HMAC */
+#elif defined(MBEDTLS_SHA256_C)
+#define MBEDTLS_SSL_MAC_ADD                 32  /* SHA-256 used for HMAC */
+#else
+#define MBEDTLS_SSL_MAC_ADD                 20  /* SHA-1   used for HMAC */
+#endif
+#else
+/* AEAD ciphersuites: GCM and CCM use a 128 bits tag */
+#define MBEDTLS_SSL_MAC_ADD                 16
+#endif
+
+#if defined(MBEDTLS_CIPHER_MODE_CBC)
+#define MBEDTLS_SSL_PADDING_ADD            256
+#else
+#define MBEDTLS_SSL_PADDING_ADD              0
+#endif
+
+#define MBEDTLS_SSL_BUFFER_LEN  ( MBEDTLS_SSL_MAX_CONTENT_LEN               \
+                        + MBEDTLS_SSL_COMPRESSION_ADD               \
+                        + 29 /* counter + header + IV */    \
+                        + MBEDTLS_SSL_MAC_ADD                       \
+                        + MBEDTLS_SSL_PADDING_ADD                   \
+                        )
+
+/*
+ * TLS extension flags (for extensions with outgoing ServerHello content
+ * that need it (e.g. for RENEGOTIATION_INFO the server already knows because
+ * of state of the renegotiation flag, so no indicator is required)
+ */
+#define MBEDTLS_TLS_EXT_SUPPORTED_POINT_FORMATS_PRESENT (1 << 0)
+
+#ifdef __cplusplus
+extern "C" {
+#endif
+
+/*
+ * This structure contains the parameters only needed during handshake.
+ */
+struct mbedtls_ssl_handshake_params
+{
+    /*
+     * Handshake specific crypto variables
+     */
+    int sig_alg;                        /*!<  Hash algorithm for signature   */
+    int cert_type;                      /*!<  Requested cert type            */
+    int verify_sig_alg;                 /*!<  Signature algorithm for verify */
+#if defined(MBEDTLS_DHM_C)
+    mbedtls_dhm_context dhm_ctx;                /*!<  DHM key exchange        */
+#endif
+#if defined(MBEDTLS_ECDH_C)
+    mbedtls_ecdh_context ecdh_ctx;              /*!<  ECDH key exchange       */
+#endif
+#if defined(MBEDTLS_ECDH_C) || defined(MBEDTLS_ECDSA_C)
+    const mbedtls_ecp_curve_info **curves;      /*!<  Supported elliptic curves */
+#endif
+#if defined(MBEDTLS_KEY_EXCHANGE__SOME__PSK_ENABLED)
+    unsigned char *psk;                 /*!<  PSK from the callback         */
+    size_t psk_len;                     /*!<  Length of PSK from callback   */
+#endif
+#if defined(MBEDTLS_X509_CRT_PARSE_C)
+    mbedtls_ssl_key_cert *key_cert;     /*!< chosen key/cert pair (server)  */
+#if defined(MBEDTLS_SSL_SERVER_NAME_INDICATION)
+    int sni_authmode;                   /*!< authmode from SNI callback     */
+    mbedtls_ssl_key_cert *sni_key_cert; /*!< key/cert list from SNI         */
+    mbedtls_x509_crt *sni_ca_chain;     /*!< trusted CAs from SNI callback  */
+    mbedtls_x509_crl *sni_ca_crl;       /*!< trusted CAs CRLs from SNI      */
+#endif
+#endif /* MBEDTLS_X509_CRT_PARSE_C */
+#if defined(MBEDTLS_SSL_PROTO_DTLS)
+    unsigned int out_msg_seq;           /*!<  Outgoing handshake sequence number */
+    unsigned int in_msg_seq;            /*!<  Incoming handshake sequence number */
+
+    unsigned char *verify_cookie;       /*!<  Cli: HelloVerifyRequest cookie
+                                              Srv: unused                    */
+    unsigned char verify_cookie_len;    /*!<  Cli: cookie length
+                                              Srv: flag for sending a cookie */
+
+    unsigned char *hs_msg;              /*!<  Reassembled handshake message  */
+
+    uint32_t retransmit_timeout;        /*!<  Current value of timeout       */
+    unsigned char retransmit_state;     /*!<  Retransmission state           */
+    mbedtls_ssl_flight_item *flight;            /*!<  Current outgoing flight        */
+    mbedtls_ssl_flight_item *cur_msg;           /*!<  Current message in flight      */
+    unsigned int in_flight_start_seq;   /*!<  Minimum message sequence in the
+                                              flight being received          */
+    mbedtls_ssl_transform *alt_transform_out;   /*!<  Alternative transform for
+                                              resending messages             */
+    unsigned char alt_out_ctr[8];       /*!<  Alternative record epoch/counter
+                                              for resending messages         */
+#endif
+
+    /*
+     * Checksum contexts
+     */
+#if defined(MBEDTLS_SSL_PROTO_SSL3) || defined(MBEDTLS_SSL_PROTO_TLS1) || \
+    defined(MBEDTLS_SSL_PROTO_TLS1_1)
+       mbedtls_md5_context fin_md5;
+      mbedtls_sha1_context fin_sha1;
+#endif
+#if defined(MBEDTLS_SSL_PROTO_TLS1_2)
+#if defined(MBEDTLS_SHA256_C)
+    mbedtls_sha256_context fin_sha256;
+#endif
+#if defined(MBEDTLS_SHA512_C)
+    mbedtls_sha512_context fin_sha512;
+#endif
+#endif /* MBEDTLS_SSL_PROTO_TLS1_2 */
+
+    void (*update_checksum)(mbedtls_ssl_context *, const unsigned char *, size_t);
+    void (*calc_verify)(mbedtls_ssl_context *, unsigned char *);
+    void (*calc_finished)(mbedtls_ssl_context *, unsigned char *, int);
+    int  (*tls_prf)(const unsigned char *, size_t, const char *,
+                    const unsigned char *, size_t,
+                    unsigned char *, size_t);
+
+    size_t pmslen;                      /*!<  premaster length        */
+
+    unsigned char randbytes[64];        /*!<  random bytes            */
+    unsigned char premaster[MBEDTLS_PREMASTER_SIZE];
+                                        /*!<  premaster secret        */
+
+    int resume;                         /*!<  session resume indicator*/
+    int max_major_ver;                  /*!< max. major version client*/
+    int max_minor_ver;                  /*!< max. minor version client*/
+    int cli_exts;                       /*!< client extension presence*/
+
+#if defined(MBEDTLS_SSL_SESSION_TICKETS)
+    int new_session_ticket;             /*!< use NewSessionTicket?    */
+#endif /* MBEDTLS_SSL_SESSION_TICKETS */
+#if defined(MBEDTLS_SSL_EXTENDED_MASTER_SECRET)
+    int extended_ms;                    /*!< use Extended Master Secret? */
+#endif
+};
+
+/*
+ * This structure contains a full set of runtime transform parameters
+ * either in negotiation or active.
+ */
+struct mbedtls_ssl_transform
+{
+    /*
+     * Session specific crypto layer
+     */
+    const mbedtls_ssl_ciphersuite_t *ciphersuite_info;
+                                        /*!<  Chosen cipersuite_info  */
+    unsigned int keylen;                /*!<  symmetric key length (bytes)  */
+    size_t minlen;                      /*!<  min. ciphertext length  */
+    size_t ivlen;                       /*!<  IV length               */
+    size_t fixed_ivlen;                 /*!<  Fixed part of IV (AEAD) */
+    size_t maclen;                      /*!<  MAC length              */
+
+    unsigned char iv_enc[16];           /*!<  IV (encryption)         */
+    unsigned char iv_dec[16];           /*!<  IV (decryption)         */
+
+#if defined(MBEDTLS_SSL_PROTO_SSL3)
+    /* Needed only for SSL v3.0 secret */
+    unsigned char mac_enc[20];          /*!<  SSL v3.0 secret (enc)   */
+    unsigned char mac_dec[20];          /*!<  SSL v3.0 secret (dec)   */
+#endif /* MBEDTLS_SSL_PROTO_SSL3 */
+
+    mbedtls_md_context_t md_ctx_enc;            /*!<  MAC (encryption)        */
+    mbedtls_md_context_t md_ctx_dec;            /*!<  MAC (decryption)        */
+
+    mbedtls_cipher_context_t cipher_ctx_enc;    /*!<  encryption context      */
+    mbedtls_cipher_context_t cipher_ctx_dec;    /*!<  decryption context      */
+
+    /*
+     * Session specific compression layer
+     */
+#if defined(MBEDTLS_ZLIB_SUPPORT)
+    z_stream ctx_deflate;               /*!<  compression context     */
+    z_stream ctx_inflate;               /*!<  decompression context   */
+#endif
+};
+
+#if defined(MBEDTLS_X509_CRT_PARSE_C)
+/*
+ * List of certificate + private key pairs
+ */
+struct mbedtls_ssl_key_cert
+{
+    mbedtls_x509_crt *cert;                 /*!< cert                       */
+    mbedtls_pk_context *key;                /*!< private key                */
+    mbedtls_ssl_key_cert *next;             /*!< next key/cert pair         */
+};
+#endif /* MBEDTLS_X509_CRT_PARSE_C */
+
+#if defined(MBEDTLS_SSL_PROTO_DTLS)
+/*
+ * List of handshake messages kept around for resending
+ */
+struct mbedtls_ssl_flight_item
+{
+    unsigned char *p;       /*!< message, including handshake headers   */
+    size_t len;             /*!< length of p                            */
+    unsigned char type;     /*!< type of the message: handshake or CCS  */
+    mbedtls_ssl_flight_item *next;  /*!< next handshake message(s)              */
+};
+#endif /* MBEDTLS_SSL_PROTO_DTLS */
+
+
+/**
+ * \brief           Free referenced items in an SSL transform context and clear
+ *                  memory
+ *
+ * \param transform SSL transform context
+ */
+void mbedtls_ssl_transform_free( mbedtls_ssl_transform *transform );
+
+/**
+ * \brief           Free referenced items in an SSL handshake context and clear
+ *                  memory
+ *
+ * \param handshake SSL handshake context
+ */
+void mbedtls_ssl_handshake_free( mbedtls_ssl_handshake_params *handshake );
+
+int mbedtls_ssl_handshake_client_step( mbedtls_ssl_context *ssl );
+int mbedtls_ssl_handshake_server_step( mbedtls_ssl_context *ssl );
+void mbedtls_ssl_handshake_wrapup( mbedtls_ssl_context *ssl );
+
+int mbedtls_ssl_send_fatal_handshake_failure( mbedtls_ssl_context *ssl );
+
+void mbedtls_ssl_reset_checksum( mbedtls_ssl_context *ssl );
+int mbedtls_ssl_derive_keys( mbedtls_ssl_context *ssl );
+
+int mbedtls_ssl_read_record( mbedtls_ssl_context *ssl );
+int mbedtls_ssl_fetch_input( mbedtls_ssl_context *ssl, size_t nb_want );
+
+int mbedtls_ssl_write_record( mbedtls_ssl_context *ssl );
+int mbedtls_ssl_flush_output( mbedtls_ssl_context *ssl );
+
+int mbedtls_ssl_parse_certificate( mbedtls_ssl_context *ssl );
+int mbedtls_ssl_write_certificate( mbedtls_ssl_context *ssl );
+
+int mbedtls_ssl_parse_change_cipher_spec( mbedtls_ssl_context *ssl );
+int mbedtls_ssl_write_change_cipher_spec( mbedtls_ssl_context *ssl );
+
+int mbedtls_ssl_parse_finished( mbedtls_ssl_context *ssl );
+int mbedtls_ssl_write_finished( mbedtls_ssl_context *ssl );
+
+void mbedtls_ssl_optimize_checksum( mbedtls_ssl_context *ssl,
+                            const mbedtls_ssl_ciphersuite_t *ciphersuite_info );
+
+#if defined(MBEDTLS_KEY_EXCHANGE__SOME__PSK_ENABLED)
+int mbedtls_ssl_psk_derive_premaster( mbedtls_ssl_context *ssl, mbedtls_key_exchange_type_t key_ex );
+#endif
+
+#if defined(MBEDTLS_PK_C)
+unsigned char mbedtls_ssl_sig_from_pk( mbedtls_pk_context *pk );
+mbedtls_pk_type_t mbedtls_ssl_pk_alg_from_sig( unsigned char sig );
+#endif
+
+mbedtls_md_type_t mbedtls_ssl_md_alg_from_hash( unsigned char hash );
+unsigned char mbedtls_ssl_hash_from_md_alg( int md );
+
+#if defined(MBEDTLS_ECP_C)
+int mbedtls_ssl_check_curve( const mbedtls_ssl_context *ssl, mbedtls_ecp_group_id grp_id );
+#endif
+
+#if defined(MBEDTLS_KEY_EXCHANGE__SOME__SIGNATURE_ENABLED)
+int mbedtls_ssl_check_sig_hash( const mbedtls_ssl_context *ssl,
+                                mbedtls_md_type_t md );
+#endif
+
+#if defined(MBEDTLS_X509_CRT_PARSE_C)
+static inline mbedtls_pk_context *mbedtls_ssl_own_key( mbedtls_ssl_context *ssl )
+{
+    mbedtls_ssl_key_cert *key_cert;
+
+    if( ssl->handshake != NULL && ssl->handshake->key_cert != NULL )
+        key_cert = ssl->handshake->key_cert;
+    else
+        key_cert = ssl->conf->key_cert;
+
+    return( key_cert == NULL ? NULL : key_cert->key );
+}
+
+static inline mbedtls_x509_crt *mbedtls_ssl_own_cert( mbedtls_ssl_context *ssl )
+{
+    mbedtls_ssl_key_cert *key_cert;
+
+    if( ssl->handshake != NULL && ssl->handshake->key_cert != NULL )
+        key_cert = ssl->handshake->key_cert;
+    else
+        key_cert = ssl->conf->key_cert;
+
+    return( key_cert == NULL ? NULL : key_cert->cert );
+}
+
+/*
+ * Check usage of a certificate wrt extensions:
+ * keyUsage, extendedKeyUsage (later), and nSCertType (later).
+ *
+ * Warning: cert_endpoint is the endpoint of the cert (ie, of our peer when we
+ * check a cert we received from them)!
+ *
+ * Return 0 if everything is OK, -1 if not.
+ */
+int mbedtls_ssl_check_cert_usage( const mbedtls_x509_crt *cert,
+                          const mbedtls_ssl_ciphersuite_t *ciphersuite,
+                          int cert_endpoint,
+                          uint32_t *flags );
+#endif /* MBEDTLS_X509_CRT_PARSE_C */
+
+void mbedtls_ssl_write_version( int major, int minor, int transport,
+                        unsigned char ver[2] );
+void mbedtls_ssl_read_version( int *major, int *minor, int transport,
+                       const unsigned char ver[2] );
+
+static inline size_t mbedtls_ssl_hdr_len( const mbedtls_ssl_context *ssl )
+{
+#if defined(MBEDTLS_SSL_PROTO_DTLS)
+    if( ssl->conf->transport == MBEDTLS_SSL_TRANSPORT_DATAGRAM )
+        return( 13 );
+#else
+    ((void) ssl);
+#endif
+    return( 5 );
+}
+
+static inline size_t mbedtls_ssl_hs_hdr_len( const mbedtls_ssl_context *ssl )
+{
+#if defined(MBEDTLS_SSL_PROTO_DTLS)
+    if( ssl->conf->transport == MBEDTLS_SSL_TRANSPORT_DATAGRAM )
+        return( 12 );
+#else
+    ((void) ssl);
+#endif
+    return( 4 );
+}
+
+#if defined(MBEDTLS_SSL_PROTO_DTLS)
+void mbedtls_ssl_send_flight_completed( mbedtls_ssl_context *ssl );
+void mbedtls_ssl_recv_flight_completed( mbedtls_ssl_context *ssl );
+int mbedtls_ssl_resend( mbedtls_ssl_context *ssl );
+#endif
+
+/* Visible for testing purposes only */
+#if defined(MBEDTLS_SSL_DTLS_ANTI_REPLAY)
+int mbedtls_ssl_dtls_replay_check( mbedtls_ssl_context *ssl );
+void mbedtls_ssl_dtls_replay_update( mbedtls_ssl_context *ssl );
+#endif
+
+/* constant-time buffer comparison */
+static inline int mbedtls_ssl_safer_memcmp( const void *a, const void *b, size_t n )
+{
+    size_t i;
+    const unsigned char *A = (const unsigned char *) a;
+    const unsigned char *B = (const unsigned char *) b;
+    unsigned char diff = 0;
+
+    for( i = 0; i < n; i++ )
+        diff |= A[i] ^ B[i];
+
+    return( diff );
+}
+
+#ifdef __cplusplus
+}
+#endif
+
+#endif /* ssl_internal.h */
diff --git a/client/3rd/ShadowSocks/ShadowSocks/mbedtls/include/mbedtls/ssl_ticket.h b/client/3rd/ShadowSocks/ShadowSocks/mbedtls/include/mbedtls/ssl_ticket.h
new file mode 100644
index 00000000..7c6bc61b
--- /dev/null
+++ b/client/3rd/ShadowSocks/ShadowSocks/mbedtls/include/mbedtls/ssl_ticket.h
@@ -0,0 +1,135 @@
+/**
+ * \file ssl_ticket.h
+ *
+ * \brief TLS server ticket callbacks implementation
+ *
+ *  Copyright (C) 2006-2015, ARM Limited, All Rights Reserved
+ *  SPDX-License-Identifier: Apache-2.0
+ *
+ *  Licensed under the Apache License, Version 2.0 (the "License"); you may
+ *  not use this file except in compliance with the License.
+ *  You may obtain a copy of the License at
+ *
+ *  http://www.apache.org/licenses/LICENSE-2.0
+ *
+ *  Unless required by applicable law or agreed to in writing, software
+ *  distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
+ *  WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ *  See the License for the specific language governing permissions and
+ *  limitations under the License.
+ *
+ *  This file is part of mbed TLS (https://tls.mbed.org)
+ */
+#ifndef MBEDTLS_SSL_TICKET_H
+#define MBEDTLS_SSL_TICKET_H
+
+/*
+ * This implementation of the session ticket callbacks includes key
+ * management, rotating the keys periodically in order to preserve forward
+ * secrecy, when MBEDTLS_HAVE_TIME is defined.
+ */
+
+#include "ssl.h"
+#include "cipher.h"
+
+#if defined(MBEDTLS_THREADING_C)
+#include "threading.h"
+#endif
+
+#ifdef __cplusplus
+extern "C" {
+#endif
+
+/**
+ * \brief   Information for session ticket protection
+ */
+typedef struct
+{
+    unsigned char name[4];          /*!< random key identifier              */
+    uint32_t generation_time;       /*!< key generation timestamp (seconds) */
+    mbedtls_cipher_context_t ctx;   /*!< context for auth enc/decryption    */
+}
+mbedtls_ssl_ticket_key;
+
+/**
+ * \brief   Context for session ticket handling functions
+ */
+typedef struct
+{
+    mbedtls_ssl_ticket_key keys[2]; /*!< ticket protection keys             */
+    unsigned char active;           /*!< index of the currently active key  */
+
+    uint32_t ticket_lifetime;       /*!< lifetime of tickets in seconds     */
+
+    /** Callback for getting (pseudo-)random numbers                        */
+    int  (*f_rng)(void *, unsigned char *, size_t);
+    void *p_rng;                    /*!< context for the RNG function       */
+
+#if defined(MBEDTLS_THREADING_C)
+    mbedtls_threading_mutex_t mutex;
+#endif
+}
+mbedtls_ssl_ticket_context;
+
+/**
+ * \brief           Initialize a ticket context.
+ *                  (Just make it ready for mbedtls_ssl_ticket_setup()
+ *                  or mbedtls_ssl_ticket_free().)
+ *
+ * \param ctx       Context to be initialized
+ */
+void mbedtls_ssl_ticket_init( mbedtls_ssl_ticket_context *ctx );
+
+/**
+ * \brief           Prepare context to be actually used
+ *
+ * \param ctx       Context to be set up
+ * \param f_rng     RNG callback function
+ * \param p_rng     RNG callback context
+ * \param cipher    AEAD cipher to use for ticket protection.
+ *                  Recommended value: MBEDTLS_CIPHER_AES_256_GCM.
+ * \param lifetime  Tickets lifetime in seconds
+ *                  Recommended value: 86400 (one day).
+ *
+ * \note            It is highly recommended to select a cipher that is at
+ *                  least as strong as the the strongest ciphersuite
+ *                  supported. Usually that means a 256-bit key.
+ *
+ * \note            The lifetime of the keys is twice the lifetime of tickets.
+ *                  It is recommended to pick a reasonnable lifetime so as not
+ *                  to negate the benefits of forward secrecy.
+ *
+ * \return          0 if successful,
+ *                  or a specific MBEDTLS_ERR_XXX error code
+ */
+int mbedtls_ssl_ticket_setup( mbedtls_ssl_ticket_context *ctx,
+    int (*f_rng)(void *, unsigned char *, size_t), void *p_rng,
+    mbedtls_cipher_type_t cipher,
+    uint32_t lifetime );
+
+/**
+ * \brief           Implementation of the ticket write callback
+ *
+ * \note            See \c mbedlts_ssl_ticket_write_t for description
+ */
+mbedtls_ssl_ticket_write_t mbedtls_ssl_ticket_write;
+
+/**
+ * \brief           Implementation of the ticket parse callback
+ *
+ * \note            See \c mbedlts_ssl_ticket_parse_t for description
+ */
+mbedtls_ssl_ticket_parse_t mbedtls_ssl_ticket_parse;
+
+/**
+ * \brief           Free a context's content and zeroize it.
+ *
+ * \param ctx       Context to be cleaned up
+ */
+void mbedtls_ssl_ticket_free( mbedtls_ssl_ticket_context *ctx );
+
+#ifdef __cplusplus
+}
+#endif
+
+#endif /* ssl_ticket.h */
diff --git a/client/3rd/ShadowSocks/ShadowSocks/mbedtls/include/mbedtls/threading.h b/client/3rd/ShadowSocks/ShadowSocks/mbedtls/include/mbedtls/threading.h
new file mode 100644
index 00000000..c39cbf24
--- /dev/null
+++ b/client/3rd/ShadowSocks/ShadowSocks/mbedtls/include/mbedtls/threading.h
@@ -0,0 +1,104 @@
+/**
+ * \file threading.h
+ *
+ * \brief Threading abstraction layer
+ *
+ *  Copyright (C) 2006-2015, ARM Limited, All Rights Reserved
+ *  SPDX-License-Identifier: Apache-2.0
+ *
+ *  Licensed under the Apache License, Version 2.0 (the "License"); you may
+ *  not use this file except in compliance with the License.
+ *  You may obtain a copy of the License at
+ *
+ *  http://www.apache.org/licenses/LICENSE-2.0
+ *
+ *  Unless required by applicable law or agreed to in writing, software
+ *  distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
+ *  WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ *  See the License for the specific language governing permissions and
+ *  limitations under the License.
+ *
+ *  This file is part of mbed TLS (https://tls.mbed.org)
+ */
+#ifndef MBEDTLS_THREADING_H
+#define MBEDTLS_THREADING_H
+
+#if !defined(MBEDTLS_CONFIG_FILE)
+#include "config.h"
+#else
+#include MBEDTLS_CONFIG_FILE
+#endif
+
+#include <stdlib.h>
+
+#ifdef __cplusplus
+extern "C" {
+#endif
+
+#define MBEDTLS_ERR_THREADING_FEATURE_UNAVAILABLE         -0x001A  /**< The selected feature is not available. */
+#define MBEDTLS_ERR_THREADING_BAD_INPUT_DATA              -0x001C  /**< Bad input parameters to function. */
+#define MBEDTLS_ERR_THREADING_MUTEX_ERROR                 -0x001E  /**< Locking / unlocking / free failed with error code. */
+
+#if defined(MBEDTLS_THREADING_PTHREAD)
+#include <pthread.h>
+typedef struct
+{
+    pthread_mutex_t mutex;
+    char is_valid;
+} mbedtls_threading_mutex_t;
+#endif
+
+#if defined(MBEDTLS_THREADING_ALT)
+/* You should define the mbedtls_threading_mutex_t type in your header */
+#include "threading_alt.h"
+
+/**
+ * \brief           Set your alternate threading implementation function
+ *                  pointers and initialize global mutexes. If used, this
+ *                  function must be called once in the main thread before any
+ *                  other mbed TLS function is called, and
+ *                  mbedtls_threading_free_alt() must be called once in the main
+ *                  thread after all other mbed TLS functions.
+ *
+ * \note            mutex_init() and mutex_free() don't return a status code.
+ *                  If mutex_init() fails, it should leave its argument (the
+ *                  mutex) in a state such that mutex_lock() will fail when
+ *                  called with this argument.
+ *
+ * \param mutex_init    the init function implementation
+ * \param mutex_free    the free function implementation
+ * \param mutex_lock    the lock function implementation
+ * \param mutex_unlock  the unlock function implementation
+ */
+void mbedtls_threading_set_alt( void (*mutex_init)( mbedtls_threading_mutex_t * ),
+                       void (*mutex_free)( mbedtls_threading_mutex_t * ),
+                       int (*mutex_lock)( mbedtls_threading_mutex_t * ),
+                       int (*mutex_unlock)( mbedtls_threading_mutex_t * ) );
+
+/**
+ * \brief               Free global mutexes.
+ */
+void mbedtls_threading_free_alt( void );
+#endif /* MBEDTLS_THREADING_ALT */
+
+/*
+ * The function pointers for mutex_init, mutex_free, mutex_ and mutex_unlock
+ *
+ * All these functions are expected to work or the result will be undefined.
+ */
+extern void (*mbedtls_mutex_init)( mbedtls_threading_mutex_t *mutex );
+extern void (*mbedtls_mutex_free)( mbedtls_threading_mutex_t *mutex );
+extern int (*mbedtls_mutex_lock)( mbedtls_threading_mutex_t *mutex );
+extern int (*mbedtls_mutex_unlock)( mbedtls_threading_mutex_t *mutex );
+
+/*
+ * Global mutexes
+ */
+extern mbedtls_threading_mutex_t mbedtls_threading_readdir_mutex;
+extern mbedtls_threading_mutex_t mbedtls_threading_gmtime_mutex;
+
+#ifdef __cplusplus
+}
+#endif
+
+#endif /* threading.h */
diff --git a/client/3rd/ShadowSocks/ShadowSocks/mbedtls/include/mbedtls/timing.h b/client/3rd/ShadowSocks/ShadowSocks/mbedtls/include/mbedtls/timing.h
new file mode 100644
index 00000000..ae7a713e
--- /dev/null
+++ b/client/3rd/ShadowSocks/ShadowSocks/mbedtls/include/mbedtls/timing.h
@@ -0,0 +1,141 @@
+/**
+ * \file timing.h
+ *
+ * \brief Portable interface to the CPU cycle counter
+ *
+ *  Copyright (C) 2006-2015, ARM Limited, All Rights Reserved
+ *  SPDX-License-Identifier: Apache-2.0
+ *
+ *  Licensed under the Apache License, Version 2.0 (the "License"); you may
+ *  not use this file except in compliance with the License.
+ *  You may obtain a copy of the License at
+ *
+ *  http://www.apache.org/licenses/LICENSE-2.0
+ *
+ *  Unless required by applicable law or agreed to in writing, software
+ *  distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
+ *  WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ *  See the License for the specific language governing permissions and
+ *  limitations under the License.
+ *
+ *  This file is part of mbed TLS (https://tls.mbed.org)
+ */
+#ifndef MBEDTLS_TIMING_H
+#define MBEDTLS_TIMING_H
+
+#if !defined(MBEDTLS_CONFIG_FILE)
+#include "config.h"
+#else
+#include MBEDTLS_CONFIG_FILE
+#endif
+
+#if !defined(MBEDTLS_TIMING_ALT)
+// Regular implementation
+//
+
+#include <stdint.h>
+
+#ifdef __cplusplus
+extern "C" {
+#endif
+
+/**
+ * \brief          timer structure
+ */
+struct mbedtls_timing_hr_time
+{
+    unsigned char opaque[32];
+};
+
+/**
+ * \brief          Context for mbedtls_timing_set/get_delay()
+ */
+typedef struct
+{
+    struct mbedtls_timing_hr_time   timer;
+    uint32_t                        int_ms;
+    uint32_t                        fin_ms;
+} mbedtls_timing_delay_context;
+
+extern volatile int mbedtls_timing_alarmed;
+
+/**
+ * \brief          Return the CPU cycle counter value
+ *
+ * \warning        This is only a best effort! Do not rely on this!
+ *                 In particular, it is known to be unreliable on virtual
+ *                 machines.
+ */
+unsigned long mbedtls_timing_hardclock( void );
+
+/**
+ * \brief          Return the elapsed time in milliseconds
+ *
+ * \param val      points to a timer structure
+ * \param reset    if set to 1, the timer is restarted
+ */
+unsigned long mbedtls_timing_get_timer( struct mbedtls_timing_hr_time *val, int reset );
+
+/**
+ * \brief          Setup an alarm clock
+ *
+ * \param seconds  delay before the "mbedtls_timing_alarmed" flag is set
+ *
+ * \warning        Only one alarm at a time  is supported. In a threaded
+ *                 context, this means one for the whole process, not one per
+ *                 thread.
+ */
+void mbedtls_set_alarm( int seconds );
+
+/**
+ * \brief          Set a pair of delays to watch
+ *                 (See \c mbedtls_timing_get_delay().)
+ *
+ * \param data     Pointer to timing data
+ *                 Must point to a valid \c mbedtls_timing_delay_context struct.
+ * \param int_ms   First (intermediate) delay in milliseconds.
+ * \param fin_ms   Second (final) delay in milliseconds.
+ *                 Pass 0 to cancel the current delay.
+ */
+void mbedtls_timing_set_delay( void *data, uint32_t int_ms, uint32_t fin_ms );
+
+/**
+ * \brief          Get the status of delays
+ *                 (Memory helper: number of delays passed.)
+ *
+ * \param data     Pointer to timing data
+ *                 Must point to a valid \c mbedtls_timing_delay_context struct.
+ *
+ * \return         -1 if cancelled (fin_ms = 0)
+ *                  0 if none of the delays are passed,
+ *                  1 if only the intermediate delay is passed,
+ *                  2 if the final delay is passed.
+ */
+int mbedtls_timing_get_delay( void *data );
+
+#ifdef __cplusplus
+}
+#endif
+
+#else  /* MBEDTLS_TIMING_ALT */
+#include "timing_alt.h"
+#endif /* MBEDTLS_TIMING_ALT */
+
+#ifdef __cplusplus
+extern "C" {
+#endif
+
+#if defined(MBEDTLS_SELF_TEST)
+/**
+ * \brief          Checkup routine
+ *
+ * \return         0 if successful, or 1 if a test failed
+ */
+int mbedtls_timing_self_test( int verbose );
+#endif
+
+#ifdef __cplusplus
+}
+#endif
+
+#endif /* timing.h */
diff --git a/client/3rd/ShadowSocks/ShadowSocks/mbedtls/include/mbedtls/version.h b/client/3rd/ShadowSocks/ShadowSocks/mbedtls/include/mbedtls/version.h
new file mode 100644
index 00000000..8bc2708e
--- /dev/null
+++ b/client/3rd/ShadowSocks/ShadowSocks/mbedtls/include/mbedtls/version.h
@@ -0,0 +1,111 @@
+/**
+ * \file version.h
+ *
+ * \brief Run-time version information
+ *
+ *  Copyright (C) 2006-2015, ARM Limited, All Rights Reserved
+ *  SPDX-License-Identifier: Apache-2.0
+ *
+ *  Licensed under the Apache License, Version 2.0 (the "License"); you may
+ *  not use this file except in compliance with the License.
+ *  You may obtain a copy of the License at
+ *
+ *  http://www.apache.org/licenses/LICENSE-2.0
+ *
+ *  Unless required by applicable law or agreed to in writing, software
+ *  distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
+ *  WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ *  See the License for the specific language governing permissions and
+ *  limitations under the License.
+ *
+ *  This file is part of mbed TLS (https://tls.mbed.org)
+ */
+/*
+ * This set of compile-time defines and run-time variables can be used to
+ * determine the version number of the mbed TLS library used.
+ */
+#ifndef MBEDTLS_VERSION_H
+#define MBEDTLS_VERSION_H
+
+#if !defined(MBEDTLS_CONFIG_FILE)
+#include "config.h"
+#else
+#include MBEDTLS_CONFIG_FILE
+#endif
+
+/**
+ * The version number x.y.z is split into three parts.
+ * Major, Minor, Patchlevel
+ */
+#define MBEDTLS_VERSION_MAJOR  2
+#define MBEDTLS_VERSION_MINOR  1
+#define MBEDTLS_VERSION_PATCH  2
+
+/**
+ * The single version number has the following structure:
+ *    MMNNPP00
+ *    Major version | Minor version | Patch version
+ */
+#define MBEDTLS_VERSION_NUMBER         0x02010200
+#define MBEDTLS_VERSION_STRING         "2.1.2"
+#define MBEDTLS_VERSION_STRING_FULL    "mbed TLS 2.1.2"
+
+#if defined(MBEDTLS_VERSION_C)
+
+#ifdef __cplusplus
+extern "C" {
+#endif
+
+/**
+ * Get the version number.
+ *
+ * \return          The constructed version number in the format
+ *                  MMNNPP00 (Major, Minor, Patch).
+ */
+unsigned int mbedtls_version_get_number( void );
+
+/**
+ * Get the version string ("x.y.z").
+ *
+ * \param string    The string that will receive the value.
+ *                  (Should be at least 9 bytes in size)
+ */
+void mbedtls_version_get_string( char *string );
+
+/**
+ * Get the full version string ("mbed TLS x.y.z").
+ *
+ * \param string    The string that will receive the value. The mbed TLS version
+ *                  string will use 18 bytes AT MOST including a terminating
+ *                  null byte.
+ *                  (So the buffer should be at least 18 bytes to receive this
+ *                  version string).
+ */
+void mbedtls_version_get_string_full( char *string );
+
+/**
+ * \brief           Check if support for a feature was compiled into this
+ *                  mbed TLS binary. This allows you to see at runtime if the
+ *                  library was for instance compiled with or without
+ *                  Multi-threading support.
+ *
+ * \note            only checks against defines in the sections "System
+ *                  support", "mbed TLS modules" and "mbed TLS feature
+ *                  support" in config.h
+ *
+ * \param feature   The string for the define to check (e.g. "MBEDTLS_AES_C")
+ *
+ * \return          0 if the feature is present,
+ *                  -1 if the feature is not present and
+ *                  -2 if support for feature checking as a whole was not
+ *                  compiled in.
+ */
+int mbedtls_version_check_feature( const char *feature );
+
+#ifdef __cplusplus
+}
+#endif
+
+#endif /* MBEDTLS_VERSION_C */
+
+#endif /* version.h */
diff --git a/client/3rd/ShadowSocks/ShadowSocks/mbedtls/include/mbedtls/x509.h b/client/3rd/ShadowSocks/ShadowSocks/mbedtls/include/mbedtls/x509.h
new file mode 100644
index 00000000..54dac166
--- /dev/null
+++ b/client/3rd/ShadowSocks/ShadowSocks/mbedtls/include/mbedtls/x509.h
@@ -0,0 +1,331 @@
+/**
+ * \file x509.h
+ *
+ * \brief X.509 generic defines and structures
+ *
+ *  Copyright (C) 2006-2015, ARM Limited, All Rights Reserved
+ *  SPDX-License-Identifier: Apache-2.0
+ *
+ *  Licensed under the Apache License, Version 2.0 (the "License"); you may
+ *  not use this file except in compliance with the License.
+ *  You may obtain a copy of the License at
+ *
+ *  http://www.apache.org/licenses/LICENSE-2.0
+ *
+ *  Unless required by applicable law or agreed to in writing, software
+ *  distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
+ *  WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ *  See the License for the specific language governing permissions and
+ *  limitations under the License.
+ *
+ *  This file is part of mbed TLS (https://tls.mbed.org)
+ */
+#ifndef MBEDTLS_X509_H
+#define MBEDTLS_X509_H
+
+#if !defined(MBEDTLS_CONFIG_FILE)
+#include "config.h"
+#else
+#include MBEDTLS_CONFIG_FILE
+#endif
+
+#include "asn1.h"
+#include "pk.h"
+
+#if defined(MBEDTLS_RSA_C)
+#include "rsa.h"
+#endif
+
+/**
+ * \addtogroup x509_module
+ * \{
+ */
+
+#if !defined(MBEDTLS_X509_MAX_INTERMEDIATE_CA)
+/**
+ * Maximum number of intermediate CAs in a verification chain.
+ * That is, maximum length of the chain, excluding the end-entity certificate
+ * and the trusted root certificate.
+ *
+ * Set this to a low value to prevent an adversary from making you waste
+ * resources verifying an overlong certificate chain.
+ */
+#define MBEDTLS_X509_MAX_INTERMEDIATE_CA   8
+#endif
+
+/**
+ * \name X509 Error codes
+ * \{
+ */
+#define MBEDTLS_ERR_X509_FEATURE_UNAVAILABLE              -0x2080  /**< Unavailable feature, e.g. RSA hashing/encryption combination. */
+#define MBEDTLS_ERR_X509_UNKNOWN_OID                      -0x2100  /**< Requested OID is unknown. */
+#define MBEDTLS_ERR_X509_INVALID_FORMAT                   -0x2180  /**< The CRT/CRL/CSR format is invalid, e.g. different type expected. */
+#define MBEDTLS_ERR_X509_INVALID_VERSION                  -0x2200  /**< The CRT/CRL/CSR version element is invalid. */
+#define MBEDTLS_ERR_X509_INVALID_SERIAL                   -0x2280  /**< The serial tag or value is invalid. */
+#define MBEDTLS_ERR_X509_INVALID_ALG                      -0x2300  /**< The algorithm tag or value is invalid. */
+#define MBEDTLS_ERR_X509_INVALID_NAME                     -0x2380  /**< The name tag or value is invalid. */
+#define MBEDTLS_ERR_X509_INVALID_DATE                     -0x2400  /**< The date tag or value is invalid. */
+#define MBEDTLS_ERR_X509_INVALID_SIGNATURE                -0x2480  /**< The signature tag or value invalid. */
+#define MBEDTLS_ERR_X509_INVALID_EXTENSIONS               -0x2500  /**< The extension tag or value is invalid. */
+#define MBEDTLS_ERR_X509_UNKNOWN_VERSION                  -0x2580  /**< CRT/CRL/CSR has an unsupported version number. */
+#define MBEDTLS_ERR_X509_UNKNOWN_SIG_ALG                  -0x2600  /**< Signature algorithm (oid) is unsupported. */
+#define MBEDTLS_ERR_X509_SIG_MISMATCH                     -0x2680  /**< Signature algorithms do not match. (see \c ::mbedtls_x509_crt sig_oid) */
+#define MBEDTLS_ERR_X509_CERT_VERIFY_FAILED               -0x2700  /**< Certificate verification failed, e.g. CRL, CA or signature check failed. */
+#define MBEDTLS_ERR_X509_CERT_UNKNOWN_FORMAT              -0x2780  /**< Format not recognized as DER or PEM. */
+#define MBEDTLS_ERR_X509_BAD_INPUT_DATA                   -0x2800  /**< Input invalid. */
+#define MBEDTLS_ERR_X509_ALLOC_FAILED                     -0x2880  /**< Allocation of memory failed. */
+#define MBEDTLS_ERR_X509_FILE_IO_ERROR                    -0x2900  /**< Read/write of file failed. */
+#define MBEDTLS_ERR_X509_BUFFER_TOO_SMALL                 -0x2980  /**< Destination buffer is too small. */
+/* \} name */
+
+/**
+ * \name X509 Verify codes
+ * \{
+ */
+/* Reminder: update x509_crt_verify_strings[] in library/x509_crt.c */
+#define MBEDTLS_X509_BADCERT_EXPIRED             0x01  /**< The certificate validity has expired. */
+#define MBEDTLS_X509_BADCERT_REVOKED             0x02  /**< The certificate has been revoked (is on a CRL). */
+#define MBEDTLS_X509_BADCERT_CN_MISMATCH         0x04  /**< The certificate Common Name (CN) does not match with the expected CN. */
+#define MBEDTLS_X509_BADCERT_NOT_TRUSTED         0x08  /**< The certificate is not correctly signed by the trusted CA. */
+#define MBEDTLS_X509_BADCRL_NOT_TRUSTED          0x10  /**< The CRL is not correctly signed by the trusted CA. */
+#define MBEDTLS_X509_BADCRL_EXPIRED              0x20  /**< The CRL is expired. */
+#define MBEDTLS_X509_BADCERT_MISSING             0x40  /**< Certificate was missing. */
+#define MBEDTLS_X509_BADCERT_SKIP_VERIFY         0x80  /**< Certificate verification was skipped. */
+#define MBEDTLS_X509_BADCERT_OTHER             0x0100  /**< Other reason (can be used by verify callback) */
+#define MBEDTLS_X509_BADCERT_FUTURE            0x0200  /**< The certificate validity starts in the future. */
+#define MBEDTLS_X509_BADCRL_FUTURE             0x0400  /**< The CRL is from the future */
+#define MBEDTLS_X509_BADCERT_KEY_USAGE         0x0800  /**< Usage does not match the keyUsage extension. */
+#define MBEDTLS_X509_BADCERT_EXT_KEY_USAGE     0x1000  /**< Usage does not match the extendedKeyUsage extension. */
+#define MBEDTLS_X509_BADCERT_NS_CERT_TYPE      0x2000  /**< Usage does not match the nsCertType extension. */
+#define MBEDTLS_X509_BADCERT_BAD_MD            0x4000  /**< The certificate is signed with an unacceptable hash. */
+#define MBEDTLS_X509_BADCERT_BAD_PK            0x8000  /**< The certificate is signed with an unacceptable PK alg (eg RSA vs ECDSA). */
+#define MBEDTLS_X509_BADCERT_BAD_KEY         0x010000  /**< The certificate is signed with an unacceptable key (eg bad curve, RSA too short). */
+#define MBEDTLS_X509_BADCRL_BAD_MD           0x020000  /**< The CRL is signed with an unacceptable hash. */
+#define MBEDTLS_X509_BADCRL_BAD_PK           0x040000  /**< The CRL is signed with an unacceptable PK alg (eg RSA vs ECDSA). */
+#define MBEDTLS_X509_BADCRL_BAD_KEY          0x080000  /**< The CRL is signed with an unacceptable key (eg bad curve, RSA too short). */
+
+/* \} name */
+/* \} addtogroup x509_module */
+
+/*
+ * X.509 v3 Key Usage Extension flags
+ * Reminder: update x509_info_key_usage() when adding new flags.
+ */
+#define MBEDTLS_X509_KU_DIGITAL_SIGNATURE            (0x80)  /* bit 0 */
+#define MBEDTLS_X509_KU_NON_REPUDIATION              (0x40)  /* bit 1 */
+#define MBEDTLS_X509_KU_KEY_ENCIPHERMENT             (0x20)  /* bit 2 */
+#define MBEDTLS_X509_KU_DATA_ENCIPHERMENT            (0x10)  /* bit 3 */
+#define MBEDTLS_X509_KU_KEY_AGREEMENT                (0x08)  /* bit 4 */
+#define MBEDTLS_X509_KU_KEY_CERT_SIGN                (0x04)  /* bit 5 */
+#define MBEDTLS_X509_KU_CRL_SIGN                     (0x02)  /* bit 6 */
+#define MBEDTLS_X509_KU_ENCIPHER_ONLY                (0x01)  /* bit 7 */
+#define MBEDTLS_X509_KU_DECIPHER_ONLY              (0x8000)  /* bit 8 */
+
+/*
+ * Netscape certificate types
+ * (http://www.mozilla.org/projects/security/pki/nss/tech-notes/tn3.html)
+ */
+
+#define MBEDTLS_X509_NS_CERT_TYPE_SSL_CLIENT         (0x80)  /* bit 0 */
+#define MBEDTLS_X509_NS_CERT_TYPE_SSL_SERVER         (0x40)  /* bit 1 */
+#define MBEDTLS_X509_NS_CERT_TYPE_EMAIL              (0x20)  /* bit 2 */
+#define MBEDTLS_X509_NS_CERT_TYPE_OBJECT_SIGNING     (0x10)  /* bit 3 */
+#define MBEDTLS_X509_NS_CERT_TYPE_RESERVED           (0x08)  /* bit 4 */
+#define MBEDTLS_X509_NS_CERT_TYPE_SSL_CA             (0x04)  /* bit 5 */
+#define MBEDTLS_X509_NS_CERT_TYPE_EMAIL_CA           (0x02)  /* bit 6 */
+#define MBEDTLS_X509_NS_CERT_TYPE_OBJECT_SIGNING_CA  (0x01)  /* bit 7 */
+
+/*
+ * X.509 extension types
+ *
+ * Comments refer to the status for using certificates. Status can be
+ * different for writing certificates or reading CRLs or CSRs.
+ */
+#define MBEDTLS_X509_EXT_AUTHORITY_KEY_IDENTIFIER    (1 << 0)
+#define MBEDTLS_X509_EXT_SUBJECT_KEY_IDENTIFIER      (1 << 1)
+#define MBEDTLS_X509_EXT_KEY_USAGE                   (1 << 2)
+#define MBEDTLS_X509_EXT_CERTIFICATE_POLICIES        (1 << 3)
+#define MBEDTLS_X509_EXT_POLICY_MAPPINGS             (1 << 4)
+#define MBEDTLS_X509_EXT_SUBJECT_ALT_NAME            (1 << 5)    /* Supported (DNS) */
+#define MBEDTLS_X509_EXT_ISSUER_ALT_NAME             (1 << 6)
+#define MBEDTLS_X509_EXT_SUBJECT_DIRECTORY_ATTRS     (1 << 7)
+#define MBEDTLS_X509_EXT_BASIC_CONSTRAINTS           (1 << 8)    /* Supported */
+#define MBEDTLS_X509_EXT_NAME_CONSTRAINTS            (1 << 9)
+#define MBEDTLS_X509_EXT_POLICY_CONSTRAINTS          (1 << 10)
+#define MBEDTLS_X509_EXT_EXTENDED_KEY_USAGE          (1 << 11)
+#define MBEDTLS_X509_EXT_CRL_DISTRIBUTION_POINTS     (1 << 12)
+#define MBEDTLS_X509_EXT_INIHIBIT_ANYPOLICY          (1 << 13)
+#define MBEDTLS_X509_EXT_FRESHEST_CRL                (1 << 14)
+
+#define MBEDTLS_X509_EXT_NS_CERT_TYPE                (1 << 16)   /* Parsed (and then ?) */
+
+/*
+ * Storage format identifiers
+ * Recognized formats: PEM and DER
+ */
+#define MBEDTLS_X509_FORMAT_DER                 1
+#define MBEDTLS_X509_FORMAT_PEM                 2
+
+#define MBEDTLS_X509_MAX_DN_NAME_SIZE         256 /**< Maximum value size of a DN entry */
+
+#ifdef __cplusplus
+extern "C" {
+#endif
+
+/**
+ * \addtogroup x509_module
+ * \{ */
+
+/**
+ * \name Structures for parsing X.509 certificates, CRLs and CSRs
+ * \{
+ */
+
+/**
+ * Type-length-value structure that allows for ASN1 using DER.
+ */
+typedef mbedtls_asn1_buf mbedtls_x509_buf;
+
+/**
+ * Container for ASN1 bit strings.
+ */
+typedef mbedtls_asn1_bitstring mbedtls_x509_bitstring;
+
+/**
+ * Container for ASN1 named information objects.
+ * It allows for Relative Distinguished Names (e.g. cn=localhost,ou=code,etc.).
+ */
+typedef mbedtls_asn1_named_data mbedtls_x509_name;
+
+/**
+ * Container for a sequence of ASN.1 items
+ */
+typedef mbedtls_asn1_sequence mbedtls_x509_sequence;
+
+/** Container for date and time (precision in seconds). */
+typedef struct mbedtls_x509_time
+{
+    int year, mon, day;         /**< Date. */
+    int hour, min, sec;         /**< Time. */
+}
+mbedtls_x509_time;
+
+/** \} name Structures for parsing X.509 certificates, CRLs and CSRs */
+/** \} addtogroup x509_module */
+
+/**
+ * \brief          Store the certificate DN in printable form into buf;
+ *                 no more than size characters will be written.
+ *
+ * \param buf      Buffer to write to
+ * \param size     Maximum size of buffer
+ * \param dn       The X509 name to represent
+ *
+ * \return         The length of the string written (not including the
+ *                 terminated nul byte), or a negative error code.
+ */
+int mbedtls_x509_dn_gets( char *buf, size_t size, const mbedtls_x509_name *dn );
+
+/**
+ * \brief          Store the certificate serial in printable form into buf;
+ *                 no more than size characters will be written.
+ *
+ * \param buf      Buffer to write to
+ * \param size     Maximum size of buffer
+ * \param serial   The X509 serial to represent
+ *
+ * \return         The length of the string written (not including the
+ *                 terminated nul byte), or a negative error code.
+ */
+int mbedtls_x509_serial_gets( char *buf, size_t size, const mbedtls_x509_buf *serial );
+
+/**
+ * \brief          Check a given mbedtls_x509_time against the system time
+ *                 and tell if it's in the past.
+ *
+ * \note           Intended usage is "if( is_past( valid_to ) ) ERROR".
+ *                 Hence the return value of 1 if on internal errors.
+ *
+ * \param time     mbedtls_x509_time to check
+ *
+ * \return         1 if the given time is in the past or an error occured,
+ *                 0 otherwise.
+ */
+int mbedtls_x509_time_is_past( const mbedtls_x509_time *time );
+
+/**
+ * \brief          Check a given mbedtls_x509_time against the system time
+ *                 and tell if it's in the future.
+ *
+ * \note           Intended usage is "if( is_future( valid_from ) ) ERROR".
+ *                 Hence the return value of 1 if on internal errors.
+ *
+ * \param time     mbedtls_x509_time to check
+ *
+ * \return         1 if the given time is in the future or an error occured,
+ *                 0 otherwise.
+ */
+int mbedtls_x509_time_is_future( const mbedtls_x509_time *time );
+
+/**
+ * \brief          Checkup routine
+ *
+ * \return         0 if successful, or 1 if the test failed
+ */
+int mbedtls_x509_self_test( int verbose );
+
+/*
+ * Internal module functions. You probably do not want to use these unless you
+ * know you do.
+ */
+int mbedtls_x509_get_name( unsigned char **p, const unsigned char *end,
+                   mbedtls_x509_name *cur );
+int mbedtls_x509_get_alg_null( unsigned char **p, const unsigned char *end,
+                       mbedtls_x509_buf *alg );
+int mbedtls_x509_get_alg( unsigned char **p, const unsigned char *end,
+                  mbedtls_x509_buf *alg, mbedtls_x509_buf *params );
+#if defined(MBEDTLS_X509_RSASSA_PSS_SUPPORT)
+int mbedtls_x509_get_rsassa_pss_params( const mbedtls_x509_buf *params,
+                                mbedtls_md_type_t *md_alg, mbedtls_md_type_t *mgf_md,
+                                int *salt_len );
+#endif
+int mbedtls_x509_get_sig( unsigned char **p, const unsigned char *end, mbedtls_x509_buf *sig );
+int mbedtls_x509_get_sig_alg( const mbedtls_x509_buf *sig_oid, const mbedtls_x509_buf *sig_params,
+                      mbedtls_md_type_t *md_alg, mbedtls_pk_type_t *pk_alg,
+                      void **sig_opts );
+int mbedtls_x509_get_time( unsigned char **p, const unsigned char *end,
+                   mbedtls_x509_time *time );
+int mbedtls_x509_get_serial( unsigned char **p, const unsigned char *end,
+                     mbedtls_x509_buf *serial );
+int mbedtls_x509_get_ext( unsigned char **p, const unsigned char *end,
+                  mbedtls_x509_buf *ext, int tag );
+int mbedtls_x509_sig_alg_gets( char *buf, size_t size, const mbedtls_x509_buf *sig_oid,
+                       mbedtls_pk_type_t pk_alg, mbedtls_md_type_t md_alg,
+                       const void *sig_opts );
+int mbedtls_x509_key_size_helper( char *buf, size_t buf_size, const char *name );
+int mbedtls_x509_string_to_names( mbedtls_asn1_named_data **head, const char *name );
+int mbedtls_x509_set_extension( mbedtls_asn1_named_data **head, const char *oid, size_t oid_len,
+                        int critical, const unsigned char *val,
+                        size_t val_len );
+int mbedtls_x509_write_extensions( unsigned char **p, unsigned char *start,
+                           mbedtls_asn1_named_data *first );
+int mbedtls_x509_write_names( unsigned char **p, unsigned char *start,
+                      mbedtls_asn1_named_data *first );
+int mbedtls_x509_write_sig( unsigned char **p, unsigned char *start,
+                    const char *oid, size_t oid_len,
+                    unsigned char *sig, size_t size );
+
+#define MBEDTLS_X509_SAFE_SNPRINTF                          \
+    do {                                                    \
+        if( ret < 0 || (size_t) ret >= n )                  \
+            return( MBEDTLS_ERR_X509_BUFFER_TOO_SMALL );    \
+                                                            \
+        n -= (size_t) ret;                                  \
+        p += (size_t) ret;                                  \
+    } while( 0 )
+
+#ifdef __cplusplus
+}
+#endif
+
+#endif /* x509.h */
diff --git a/client/3rd/ShadowSocks/ShadowSocks/mbedtls/include/mbedtls/x509_crl.h b/client/3rd/ShadowSocks/ShadowSocks/mbedtls/include/mbedtls/x509_crl.h
new file mode 100644
index 00000000..c50c4efc
--- /dev/null
+++ b/client/3rd/ShadowSocks/ShadowSocks/mbedtls/include/mbedtls/x509_crl.h
@@ -0,0 +1,172 @@
+/**
+ * \file mbedtls_x509_crl.h
+ *
+ * \brief X.509 certificate revocation list parsing
+ *
+ *  Copyright (C) 2006-2015, ARM Limited, All Rights Reserved
+ *  SPDX-License-Identifier: Apache-2.0
+ *
+ *  Licensed under the Apache License, Version 2.0 (the "License"); you may
+ *  not use this file except in compliance with the License.
+ *  You may obtain a copy of the License at
+ *
+ *  http://www.apache.org/licenses/LICENSE-2.0
+ *
+ *  Unless required by applicable law or agreed to in writing, software
+ *  distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
+ *  WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ *  See the License for the specific language governing permissions and
+ *  limitations under the License.
+ *
+ *  This file is part of mbed TLS (https://tls.mbed.org)
+ */
+#ifndef MBEDTLS_X509_CRL_H
+#define MBEDTLS_X509_CRL_H
+
+#if !defined(MBEDTLS_CONFIG_FILE)
+#include "config.h"
+#else
+#include MBEDTLS_CONFIG_FILE
+#endif
+
+#include "x509.h"
+
+#ifdef __cplusplus
+extern "C" {
+#endif
+
+/**
+ * \addtogroup x509_module
+ * \{ */
+
+/**
+ * \name Structures and functions for parsing CRLs
+ * \{
+ */
+
+/**
+ * Certificate revocation list entry.
+ * Contains the CA-specific serial numbers and revocation dates.
+ */
+typedef struct mbedtls_x509_crl_entry
+{
+    mbedtls_x509_buf raw;
+
+    mbedtls_x509_buf serial;
+
+    mbedtls_x509_time revocation_date;
+
+    mbedtls_x509_buf entry_ext;
+
+    struct mbedtls_x509_crl_entry *next;
+}
+mbedtls_x509_crl_entry;
+
+/**
+ * Certificate revocation list structure.
+ * Every CRL may have multiple entries.
+ */
+typedef struct mbedtls_x509_crl
+{
+    mbedtls_x509_buf raw;           /**< The raw certificate data (DER). */
+    mbedtls_x509_buf tbs;           /**< The raw certificate body (DER). The part that is To Be Signed. */
+
+    int version;            /**< CRL version (1=v1, 2=v2) */
+    mbedtls_x509_buf sig_oid;       /**< CRL signature type identifier */
+
+    mbedtls_x509_buf issuer_raw;    /**< The raw issuer data (DER). */
+
+    mbedtls_x509_name issuer;       /**< The parsed issuer data (named information object). */
+
+    mbedtls_x509_time this_update;
+    mbedtls_x509_time next_update;
+
+    mbedtls_x509_crl_entry entry;   /**< The CRL entries containing the certificate revocation times for this CA. */
+
+    mbedtls_x509_buf crl_ext;
+
+    mbedtls_x509_buf sig_oid2;
+    mbedtls_x509_buf sig;
+    mbedtls_md_type_t sig_md;           /**< Internal representation of the MD algorithm of the signature algorithm, e.g. MBEDTLS_MD_SHA256 */
+    mbedtls_pk_type_t sig_pk;           /**< Internal representation of the Public Key algorithm of the signature algorithm, e.g. MBEDTLS_PK_RSA */
+    void *sig_opts;             /**< Signature options to be passed to mbedtls_pk_verify_ext(), e.g. for RSASSA-PSS */
+
+    struct mbedtls_x509_crl *next;
+}
+mbedtls_x509_crl;
+
+/**
+ * \brief          Parse a DER-encoded CRL and append it to the chained list
+ *
+ * \param chain    points to the start of the chain
+ * \param buf      buffer holding the CRL data in DER format
+ *                 (including the terminating null byte for PEM data)
+ *
+ * \return         0 if successful, or a specific X509 or PEM error code
+ */
+int mbedtls_x509_crl_parse_der( mbedtls_x509_crl *chain,
+                        const unsigned char *buf, size_t buflen );
+/**
+ * \brief          Parse one or more CRLs and append them to the chained list
+ *
+ * \note           Mutliple CRLs are accepted only if using PEM format
+ *
+ * \param chain    points to the start of the chain
+ * \param buf      buffer holding the CRL data in PEM or DER format
+ * \param buflen   size of the buffer
+ *                 (including the terminating null byte for PEM data)
+ *
+ * \return         0 if successful, or a specific X509 or PEM error code
+ */
+int mbedtls_x509_crl_parse( mbedtls_x509_crl *chain, const unsigned char *buf, size_t buflen );
+
+#if defined(MBEDTLS_FS_IO)
+/**
+ * \brief          Load one or more CRLs and append them to the chained list
+ *
+ * \note           Mutliple CRLs are accepted only if using PEM format
+ *
+ * \param chain    points to the start of the chain
+ * \param path     filename to read the CRLs from (in PEM or DER encoding)
+ *
+ * \return         0 if successful, or a specific X509 or PEM error code
+ */
+int mbedtls_x509_crl_parse_file( mbedtls_x509_crl *chain, const char *path );
+#endif /* MBEDTLS_FS_IO */
+
+/**
+ * \brief          Returns an informational string about the CRL.
+ *
+ * \param buf      Buffer to write to
+ * \param size     Maximum size of buffer
+ * \param prefix   A line prefix
+ * \param crl      The X509 CRL to represent
+ *
+ * \return         The length of the string written (not including the
+ *                 terminated nul byte), or a negative error code.
+ */
+int mbedtls_x509_crl_info( char *buf, size_t size, const char *prefix,
+                   const mbedtls_x509_crl *crl );
+
+/**
+ * \brief          Initialize a CRL (chain)
+ *
+ * \param crl      CRL chain to initialize
+ */
+void mbedtls_x509_crl_init( mbedtls_x509_crl *crl );
+
+/**
+ * \brief          Unallocate all CRL data
+ *
+ * \param crl      CRL chain to free
+ */
+void mbedtls_x509_crl_free( mbedtls_x509_crl *crl );
+
+/* \} name */
+/* \} addtogroup x509_module */
+
+#ifdef __cplusplus
+}
+#endif
+
+#endif /* mbedtls_x509_crl.h */
diff --git a/client/3rd/ShadowSocks/ShadowSocks/mbedtls/include/mbedtls/x509_crt.h b/client/3rd/ShadowSocks/ShadowSocks/mbedtls/include/mbedtls/x509_crt.h
new file mode 100644
index 00000000..72b02ffd
--- /dev/null
+++ b/client/3rd/ShadowSocks/ShadowSocks/mbedtls/include/mbedtls/x509_crt.h
@@ -0,0 +1,645 @@
+/**
+ * \file mbedtls_x509_crt.h
+ *
+ * \brief X.509 certificate parsing and writing
+ *
+ *  Copyright (C) 2006-2015, ARM Limited, All Rights Reserved
+ *  SPDX-License-Identifier: Apache-2.0
+ *
+ *  Licensed under the Apache License, Version 2.0 (the "License"); you may
+ *  not use this file except in compliance with the License.
+ *  You may obtain a copy of the License at
+ *
+ *  http://www.apache.org/licenses/LICENSE-2.0
+ *
+ *  Unless required by applicable law or agreed to in writing, software
+ *  distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
+ *  WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ *  See the License for the specific language governing permissions and
+ *  limitations under the License.
+ *
+ *  This file is part of mbed TLS (https://tls.mbed.org)
+ */
+#ifndef MBEDTLS_X509_CRT_H
+#define MBEDTLS_X509_CRT_H
+
+#if !defined(MBEDTLS_CONFIG_FILE)
+#include "config.h"
+#else
+#include MBEDTLS_CONFIG_FILE
+#endif
+
+#include "x509.h"
+#include "x509_crl.h"
+
+/**
+ * \addtogroup x509_module
+ * \{
+ */
+
+#ifdef __cplusplus
+extern "C" {
+#endif
+
+/**
+ * \name Structures and functions for parsing and writing X.509 certificates
+ * \{
+ */
+
+/**
+ * Container for an X.509 certificate. The certificate may be chained.
+ */
+typedef struct mbedtls_x509_crt
+{
+    mbedtls_x509_buf raw;               /**< The raw certificate data (DER). */
+    mbedtls_x509_buf tbs;               /**< The raw certificate body (DER). The part that is To Be Signed. */
+
+    int version;                /**< The X.509 version. (1=v1, 2=v2, 3=v3) */
+    mbedtls_x509_buf serial;            /**< Unique id for certificate issued by a specific CA. */
+    mbedtls_x509_buf sig_oid;           /**< Signature algorithm, e.g. sha1RSA */
+
+    mbedtls_x509_buf issuer_raw;        /**< The raw issuer data (DER). Used for quick comparison. */
+    mbedtls_x509_buf subject_raw;       /**< The raw subject data (DER). Used for quick comparison. */
+
+    mbedtls_x509_name issuer;           /**< The parsed issuer data (named information object). */
+    mbedtls_x509_name subject;          /**< The parsed subject data (named information object). */
+
+    mbedtls_x509_time valid_from;       /**< Start time of certificate validity. */
+    mbedtls_x509_time valid_to;         /**< End time of certificate validity. */
+
+    mbedtls_pk_context pk;              /**< Container for the public key context. */
+
+    mbedtls_x509_buf issuer_id;         /**< Optional X.509 v2/v3 issuer unique identifier. */
+    mbedtls_x509_buf subject_id;        /**< Optional X.509 v2/v3 subject unique identifier. */
+    mbedtls_x509_buf v3_ext;            /**< Optional X.509 v3 extensions.  */
+    mbedtls_x509_sequence subject_alt_names;    /**< Optional list of Subject Alternative Names (Only dNSName supported). */
+
+    int ext_types;              /**< Bit string containing detected and parsed extensions */
+    int ca_istrue;              /**< Optional Basic Constraint extension value: 1 if this certificate belongs to a CA, 0 otherwise. */
+    int max_pathlen;            /**< Optional Basic Constraint extension value: The maximum path length to the root certificate. Path length is 1 higher than RFC 5280 'meaning', so 1+ */
+
+    unsigned int key_usage;     /**< Optional key usage extension value: See the values in x509.h */
+
+    mbedtls_x509_sequence ext_key_usage; /**< Optional list of extended key usage OIDs. */
+
+    unsigned char ns_cert_type; /**< Optional Netscape certificate type extension value: See the values in x509.h */
+
+    mbedtls_x509_buf sig;               /**< Signature: hash of the tbs part signed with the private key. */
+    mbedtls_md_type_t sig_md;           /**< Internal representation of the MD algorithm of the signature algorithm, e.g. MBEDTLS_MD_SHA256 */
+    mbedtls_pk_type_t sig_pk;           /**< Internal representation of the Public Key algorithm of the signature algorithm, e.g. MBEDTLS_PK_RSA */
+    void *sig_opts;             /**< Signature options to be passed to mbedtls_pk_verify_ext(), e.g. for RSASSA-PSS */
+
+    struct mbedtls_x509_crt *next;     /**< Next certificate in the CA-chain. */
+}
+mbedtls_x509_crt;
+
+/**
+ * Build flag from an algorithm/curve identifier (pk, md, ecp)
+ * Since 0 is always XXX_NONE, ignore it.
+ */
+#define MBEDTLS_X509_ID_FLAG( id )   ( 1 << ( id - 1 ) )
+
+/**
+ * Security profile for certificate verification.
+ *
+ * All lists are bitfields, built by ORing flags from MBEDTLS_X509_ID_FLAG().
+ */
+typedef struct
+{
+    uint32_t allowed_mds;       /**< MDs for signatures         */
+    uint32_t allowed_pks;       /**< PK algs for signatures     */
+    uint32_t allowed_curves;    /**< Elliptic curves for ECDSA  */
+    uint32_t rsa_min_bitlen;    /**< Minimum size for RSA keys  */
+}
+mbedtls_x509_crt_profile;
+
+#define MBEDTLS_X509_CRT_VERSION_1              0
+#define MBEDTLS_X509_CRT_VERSION_2              1
+#define MBEDTLS_X509_CRT_VERSION_3              2
+
+#define MBEDTLS_X509_RFC5280_MAX_SERIAL_LEN 32
+#define MBEDTLS_X509_RFC5280_UTC_TIME_LEN   15
+
+/**
+ * Container for writing a certificate (CRT)
+ */
+typedef struct mbedtls_x509write_cert
+{
+    int version;
+    mbedtls_mpi serial;
+    mbedtls_pk_context *subject_key;
+    mbedtls_pk_context *issuer_key;
+    mbedtls_asn1_named_data *subject;
+    mbedtls_asn1_named_data *issuer;
+    mbedtls_md_type_t md_alg;
+    char not_before[MBEDTLS_X509_RFC5280_UTC_TIME_LEN + 1];
+    char not_after[MBEDTLS_X509_RFC5280_UTC_TIME_LEN + 1];
+    mbedtls_asn1_named_data *extensions;
+}
+mbedtls_x509write_cert;
+
+#if defined(MBEDTLS_X509_CRT_PARSE_C)
+/**
+ * Default security profile. Should provide a good balance between security
+ * and compatibility with current deployments.
+ */
+extern const mbedtls_x509_crt_profile mbedtls_x509_crt_profile_default;
+
+/**
+ * Expected next default profile. Recommended for new deployments.
+ * Currently targets a 128-bit security level, except for RSA-2048.
+ */
+extern const mbedtls_x509_crt_profile mbedtls_x509_crt_profile_next;
+
+/**
+ * NSA Suite B profile.
+ */
+extern const mbedtls_x509_crt_profile mbedtls_x509_crt_profile_suiteb;
+
+/**
+ * \brief          Parse a single DER formatted certificate and add it
+ *                 to the chained list.
+ *
+ * \param chain    points to the start of the chain
+ * \param buf      buffer holding the certificate DER data
+ * \param buflen   size of the buffer
+ *
+ * \return         0 if successful, or a specific X509 or PEM error code
+ */
+int mbedtls_x509_crt_parse_der( mbedtls_x509_crt *chain, const unsigned char *buf,
+                        size_t buflen );
+
+/**
+ * \brief          Parse one or more certificates and add them
+ *                 to the chained list. Parses permissively. If some
+ *                 certificates can be parsed, the result is the number
+ *                 of failed certificates it encountered. If none complete
+ *                 correctly, the first error is returned.
+ *
+ * \param chain    points to the start of the chain
+ * \param buf      buffer holding the certificate data in PEM or DER format
+ * \param buflen   size of the buffer
+ *                 (including the terminating null byte for PEM data)
+ *
+ * \return         0 if all certificates parsed successfully, a positive number
+ *                 if partly successful or a specific X509 or PEM error code
+ */
+int mbedtls_x509_crt_parse( mbedtls_x509_crt *chain, const unsigned char *buf, size_t buflen );
+
+#if defined(MBEDTLS_FS_IO)
+/**
+ * \brief          Load one or more certificates and add them
+ *                 to the chained list. Parses permissively. If some
+ *                 certificates can be parsed, the result is the number
+ *                 of failed certificates it encountered. If none complete
+ *                 correctly, the first error is returned.
+ *
+ * \param chain    points to the start of the chain
+ * \param path     filename to read the certificates from
+ *
+ * \return         0 if all certificates parsed successfully, a positive number
+ *                 if partly successful or a specific X509 or PEM error code
+ */
+int mbedtls_x509_crt_parse_file( mbedtls_x509_crt *chain, const char *path );
+
+/**
+ * \brief          Load one or more certificate files from a path and add them
+ *                 to the chained list. Parses permissively. If some
+ *                 certificates can be parsed, the result is the number
+ *                 of failed certificates it encountered. If none complete
+ *                 correctly, the first error is returned.
+ *
+ * \param chain    points to the start of the chain
+ * \param path     directory / folder to read the certificate files from
+ *
+ * \return         0 if all certificates parsed successfully, a positive number
+ *                 if partly successful or a specific X509 or PEM error code
+ */
+int mbedtls_x509_crt_parse_path( mbedtls_x509_crt *chain, const char *path );
+#endif /* MBEDTLS_FS_IO */
+
+/**
+ * \brief          Returns an informational string about the
+ *                 certificate.
+ *
+ * \param buf      Buffer to write to
+ * \param size     Maximum size of buffer
+ * \param prefix   A line prefix
+ * \param crt      The X509 certificate to represent
+ *
+ * \return         The length of the string written (not including the
+ *                 terminated nul byte), or a negative error code.
+ */
+int mbedtls_x509_crt_info( char *buf, size_t size, const char *prefix,
+                   const mbedtls_x509_crt *crt );
+
+/**
+ * \brief          Returns an informational string about the
+ *                 verification status of a certificate.
+ *
+ * \param buf      Buffer to write to
+ * \param size     Maximum size of buffer
+ * \param prefix   A line prefix
+ * \param flags    Verification flags created by mbedtls_x509_crt_verify()
+ *
+ * \return         The length of the string written (not including the
+ *                 terminated nul byte), or a negative error code.
+ */
+int mbedtls_x509_crt_verify_info( char *buf, size_t size, const char *prefix,
+                          uint32_t flags );
+
+/**
+ * \brief          Verify the certificate signature
+ *
+ *                 The verify callback is a user-supplied callback that
+ *                 can clear / modify / add flags for a certificate. If set,
+ *                 the verification callback is called for each
+ *                 certificate in the chain (from the trust-ca down to the
+ *                 presented crt). The parameters for the callback are:
+ *                 (void *parameter, mbedtls_x509_crt *crt, int certificate_depth,
+ *                 int *flags). With the flags representing current flags for
+ *                 that specific certificate and the certificate depth from
+ *                 the bottom (Peer cert depth = 0).
+ *
+ *                 All flags left after returning from the callback
+ *                 are also returned to the application. The function should
+ *                 return 0 for anything but a fatal error.
+ *
+ * \note           In case verification failed, the results can be displayed
+ *                 using \c mbedtls_x509_crt_verify_info()
+ *
+ * \note           Same as \c mbedtls_x509_crt_verify_with_profile() with the
+ *                 default security profile.
+ *
+ * \param crt      a certificate to be verified
+ * \param trust_ca the trusted CA chain
+ * \param ca_crl   the CRL chain for trusted CA's
+ * \param cn       expected Common Name (can be set to
+ *                 NULL if the CN must not be verified)
+ * \param flags    result of the verification
+ * \param f_vrfy   verification function
+ * \param p_vrfy   verification parameter
+ *
+ * \return         0 if successful or MBEDTLS_ERR_X509_CERT_VERIFY_FAILED
+ *                 in which case *flags will have one or more
+ *                 MBEDTLS_X509_BADCERT_XXX or MBEDTLS_X509_BADCRL_XXX flags
+ *                 set,
+ *                 or another error in case of a fatal error encountered
+ *                 during the verification process.
+ */
+int mbedtls_x509_crt_verify( mbedtls_x509_crt *crt,
+                     mbedtls_x509_crt *trust_ca,
+                     mbedtls_x509_crl *ca_crl,
+                     const char *cn, uint32_t *flags,
+                     int (*f_vrfy)(void *, mbedtls_x509_crt *, int, uint32_t *),
+                     void *p_vrfy );
+
+/**
+ * \brief          Verify the certificate signature according to profile
+ *
+ * \note           Same as \c mbedtls_x509_crt_verify(), but with explicit
+ *                 security profile.
+ *
+ * \note           The restrictions on keys (RSA minimum size, allowed curves
+ *                 for ECDSA) only applys to (intermediate) CAs, not to the
+ *                 end-entity certificate.
+ *
+ * \param crt      a certificate to be verified
+ * \param trust_ca the trusted CA chain
+ * \param ca_crl   the CRL chain for trusted CA's
+ * \param profile  security profile for verification
+ * \param cn       expected Common Name (can be set to
+ *                 NULL if the CN must not be verified)
+ * \param flags    result of the verification
+ * \param f_vrfy   verification function
+ * \param p_vrfy   verification parameter
+ *
+ * \return         0 if successful or MBEDTLS_ERR_X509_CERT_VERIFY_FAILED
+ *                 in which case *flags will have one or more
+ *                 MBEDTLS_X509_BADCERT_XXX or MBEDTLS_X509_BADCRL_XXX flags
+ *                 set,
+ *                 or another error in case of a fatal error encountered
+ *                 during the verification process.
+ */
+int mbedtls_x509_crt_verify_with_profile( mbedtls_x509_crt *crt,
+                     mbedtls_x509_crt *trust_ca,
+                     mbedtls_x509_crl *ca_crl,
+                     const mbedtls_x509_crt_profile *profile,
+                     const char *cn, uint32_t *flags,
+                     int (*f_vrfy)(void *, mbedtls_x509_crt *, int, uint32_t *),
+                     void *p_vrfy );
+
+#if defined(MBEDTLS_X509_CHECK_KEY_USAGE)
+/**
+ * \brief          Check usage of certificate against keyUsage extension.
+ *
+ * \param crt      Leaf certificate used.
+ * \param usage    Intended usage(s) (eg MBEDTLS_X509_KU_KEY_ENCIPHERMENT
+ *                 before using the certificate to perform an RSA key
+ *                 exchange).
+ *
+ * \note           Except for decipherOnly and encipherOnly, a bit set in the
+ *                 usage argument means this bit MUST be set in the
+ *                 certificate. For decipherOnly and encipherOnly, it means
+ *                 that bit MAY be set.
+ *
+ * \return         0 is these uses of the certificate are allowed,
+ *                 MBEDTLS_ERR_X509_BAD_INPUT_DATA if the keyUsage extension
+ *                 is present but does not match the usage argument.
+ *
+ * \note           You should only call this function on leaf certificates, on
+ *                 (intermediate) CAs the keyUsage extension is automatically
+ *                 checked by \c mbedtls_x509_crt_verify().
+ */
+int mbedtls_x509_crt_check_key_usage( const mbedtls_x509_crt *crt,
+                                      unsigned int usage );
+#endif /* MBEDTLS_X509_CHECK_KEY_USAGE) */
+
+#if defined(MBEDTLS_X509_CHECK_EXTENDED_KEY_USAGE)
+/**
+ * \brief          Check usage of certificate against extentedJeyUsage.
+ *
+ * \param crt      Leaf certificate used.
+ * \param usage_oid Intended usage (eg MBEDTLS_OID_SERVER_AUTH or MBEDTLS_OID_CLIENT_AUTH).
+ * \param usage_len Length of usage_oid (eg given by MBEDTLS_OID_SIZE()).
+ *
+ * \return         0 if this use of the certificate is allowed,
+ *                 MBEDTLS_ERR_X509_BAD_INPUT_DATA if not.
+ *
+ * \note           Usually only makes sense on leaf certificates.
+ */
+int mbedtls_x509_crt_check_extended_key_usage( const mbedtls_x509_crt *crt,
+                                       const char *usage_oid,
+                                       size_t usage_len );
+#endif /* MBEDTLS_X509_CHECK_EXTENDED_KEY_USAGE) */
+
+#if defined(MBEDTLS_X509_CRL_PARSE_C)
+/**
+ * \brief          Verify the certificate revocation status
+ *
+ * \param crt      a certificate to be verified
+ * \param crl      the CRL to verify against
+ *
+ * \return         1 if the certificate is revoked, 0 otherwise
+ *
+ */
+int mbedtls_x509_crt_is_revoked( const mbedtls_x509_crt *crt, const mbedtls_x509_crl *crl );
+#endif /* MBEDTLS_X509_CRL_PARSE_C */
+
+/**
+ * \brief          Initialize a certificate (chain)
+ *
+ * \param crt      Certificate chain to initialize
+ */
+void mbedtls_x509_crt_init( mbedtls_x509_crt *crt );
+
+/**
+ * \brief          Unallocate all certificate data
+ *
+ * \param crt      Certificate chain to free
+ */
+void mbedtls_x509_crt_free( mbedtls_x509_crt *crt );
+#endif /* MBEDTLS_X509_CRT_PARSE_C */
+
+/* \} name */
+/* \} addtogroup x509_module */
+
+#if defined(MBEDTLS_X509_CRT_WRITE_C)
+/**
+ * \brief           Initialize a CRT writing context
+ *
+ * \param ctx       CRT context to initialize
+ */
+void mbedtls_x509write_crt_init( mbedtls_x509write_cert *ctx );
+
+/**
+ * \brief           Set the verion for a Certificate
+ *                  Default: MBEDTLS_X509_CRT_VERSION_3
+ *
+ * \param ctx       CRT context to use
+ * \param version   version to set (MBEDTLS_X509_CRT_VERSION_1, MBEDTLS_X509_CRT_VERSION_2 or
+ *                                  MBEDTLS_X509_CRT_VERSION_3)
+ */
+void mbedtls_x509write_crt_set_version( mbedtls_x509write_cert *ctx, int version );
+
+/**
+ * \brief           Set the serial number for a Certificate.
+ *
+ * \param ctx       CRT context to use
+ * \param serial    serial number to set
+ *
+ * \return          0 if successful
+ */
+int mbedtls_x509write_crt_set_serial( mbedtls_x509write_cert *ctx, const mbedtls_mpi *serial );
+
+/**
+ * \brief           Set the validity period for a Certificate
+ *                  Timestamps should be in string format for UTC timezone
+ *                  i.e. "YYYYMMDDhhmmss"
+ *                  e.g. "20131231235959" for December 31st 2013
+ *                       at 23:59:59
+ *
+ * \param ctx       CRT context to use
+ * \param not_before    not_before timestamp
+ * \param not_after     not_after timestamp
+ *
+ * \return          0 if timestamp was parsed successfully, or
+ *                  a specific error code
+ */
+int mbedtls_x509write_crt_set_validity( mbedtls_x509write_cert *ctx, const char *not_before,
+                                const char *not_after );
+
+/**
+ * \brief           Set the issuer name for a Certificate
+ *                  Issuer names should contain a comma-separated list
+ *                  of OID types and values:
+ *                  e.g. "C=UK,O=ARM,CN=mbed TLS CA"
+ *
+ * \param ctx           CRT context to use
+ * \param issuer_name   issuer name to set
+ *
+ * \return          0 if issuer name was parsed successfully, or
+ *                  a specific error code
+ */
+int mbedtls_x509write_crt_set_issuer_name( mbedtls_x509write_cert *ctx,
+                                   const char *issuer_name );
+
+/**
+ * \brief           Set the subject name for a Certificate
+ *                  Subject names should contain a comma-separated list
+ *                  of OID types and values:
+ *                  e.g. "C=UK,O=ARM,CN=mbed TLS Server 1"
+ *
+ * \param ctx           CRT context to use
+ * \param subject_name  subject name to set
+ *
+ * \return          0 if subject name was parsed successfully, or
+ *                  a specific error code
+ */
+int mbedtls_x509write_crt_set_subject_name( mbedtls_x509write_cert *ctx,
+                                    const char *subject_name );
+
+/**
+ * \brief           Set the subject public key for the certificate
+ *
+ * \param ctx       CRT context to use
+ * \param key       public key to include
+ */
+void mbedtls_x509write_crt_set_subject_key( mbedtls_x509write_cert *ctx, mbedtls_pk_context *key );
+
+/**
+ * \brief           Set the issuer key used for signing the certificate
+ *
+ * \param ctx       CRT context to use
+ * \param key       private key to sign with
+ */
+void mbedtls_x509write_crt_set_issuer_key( mbedtls_x509write_cert *ctx, mbedtls_pk_context *key );
+
+/**
+ * \brief           Set the MD algorithm to use for the signature
+ *                  (e.g. MBEDTLS_MD_SHA1)
+ *
+ * \param ctx       CRT context to use
+ * \param md_alg    MD algorithm to use
+ */
+void mbedtls_x509write_crt_set_md_alg( mbedtls_x509write_cert *ctx, mbedtls_md_type_t md_alg );
+
+/**
+ * \brief           Generic function to add to or replace an extension in the
+ *                  CRT
+ *
+ * \param ctx       CRT context to use
+ * \param oid       OID of the extension
+ * \param oid_len   length of the OID
+ * \param critical  if the extension is critical (per the RFC's definition)
+ * \param val       value of the extension OCTET STRING
+ * \param val_len   length of the value data
+ *
+ * \return          0 if successful, or a MBEDTLS_ERR_X509_ALLOC_FAILED
+ */
+int mbedtls_x509write_crt_set_extension( mbedtls_x509write_cert *ctx,
+                                 const char *oid, size_t oid_len,
+                                 int critical,
+                                 const unsigned char *val, size_t val_len );
+
+/**
+ * \brief           Set the basicConstraints extension for a CRT
+ *
+ * \param ctx       CRT context to use
+ * \param is_ca     is this a CA certificate
+ * \param max_pathlen   maximum length of certificate chains below this
+ *                      certificate (only for CA certificates, -1 is
+ *                      inlimited)
+ *
+ * \return          0 if successful, or a MBEDTLS_ERR_X509_ALLOC_FAILED
+ */
+int mbedtls_x509write_crt_set_basic_constraints( mbedtls_x509write_cert *ctx,
+                                         int is_ca, int max_pathlen );
+
+#if defined(MBEDTLS_SHA1_C)
+/**
+ * \brief           Set the subjectKeyIdentifier extension for a CRT
+ *                  Requires that mbedtls_x509write_crt_set_subject_key() has been
+ *                  called before
+ *
+ * \param ctx       CRT context to use
+ *
+ * \return          0 if successful, or a MBEDTLS_ERR_X509_ALLOC_FAILED
+ */
+int mbedtls_x509write_crt_set_subject_key_identifier( mbedtls_x509write_cert *ctx );
+
+/**
+ * \brief           Set the authorityKeyIdentifier extension for a CRT
+ *                  Requires that mbedtls_x509write_crt_set_issuer_key() has been
+ *                  called before
+ *
+ * \param ctx       CRT context to use
+ *
+ * \return          0 if successful, or a MBEDTLS_ERR_X509_ALLOC_FAILED
+ */
+int mbedtls_x509write_crt_set_authority_key_identifier( mbedtls_x509write_cert *ctx );
+#endif /* MBEDTLS_SHA1_C */
+
+/**
+ * \brief           Set the Key Usage Extension flags
+ *                  (e.g. MBEDTLS_X509_KU_DIGITAL_SIGNATURE | MBEDTLS_X509_KU_KEY_CERT_SIGN)
+ *
+ * \param ctx       CRT context to use
+ * \param key_usage key usage flags to set
+ *
+ * \return          0 if successful, or MBEDTLS_ERR_X509_ALLOC_FAILED
+ */
+int mbedtls_x509write_crt_set_key_usage( mbedtls_x509write_cert *ctx,
+                                         unsigned int key_usage );
+
+/**
+ * \brief           Set the Netscape Cert Type flags
+ *                  (e.g. MBEDTLS_X509_NS_CERT_TYPE_SSL_CLIENT | MBEDTLS_X509_NS_CERT_TYPE_EMAIL)
+ *
+ * \param ctx           CRT context to use
+ * \param ns_cert_type  Netscape Cert Type flags to set
+ *
+ * \return          0 if successful, or MBEDTLS_ERR_X509_ALLOC_FAILED
+ */
+int mbedtls_x509write_crt_set_ns_cert_type( mbedtls_x509write_cert *ctx,
+                                    unsigned char ns_cert_type );
+
+/**
+ * \brief           Free the contents of a CRT write context
+ *
+ * \param ctx       CRT context to free
+ */
+void mbedtls_x509write_crt_free( mbedtls_x509write_cert *ctx );
+
+/**
+ * \brief           Write a built up certificate to a X509 DER structure
+ *                  Note: data is written at the end of the buffer! Use the
+ *                        return value to determine where you should start
+ *                        using the buffer
+ *
+ * \param ctx       certificate to write away
+ * \param buf       buffer to write to
+ * \param size      size of the buffer
+ * \param f_rng     RNG function (for signature, see note)
+ * \param p_rng     RNG parameter
+ *
+ * \return          length of data written if successful, or a specific
+ *                  error code
+ *
+ * \note            f_rng may be NULL if RSA is used for signature and the
+ *                  signature is made offline (otherwise f_rng is desirable
+ *                  for countermeasures against timing attacks).
+ *                  ECDSA signatures always require a non-NULL f_rng.
+ */
+int mbedtls_x509write_crt_der( mbedtls_x509write_cert *ctx, unsigned char *buf, size_t size,
+                       int (*f_rng)(void *, unsigned char *, size_t),
+                       void *p_rng );
+
+#if defined(MBEDTLS_PEM_WRITE_C)
+/**
+ * \brief           Write a built up certificate to a X509 PEM string
+ *
+ * \param ctx       certificate to write away
+ * \param buf       buffer to write to
+ * \param size      size of the buffer
+ * \param f_rng     RNG function (for signature, see note)
+ * \param p_rng     RNG parameter
+ *
+ * \return          0 if successful, or a specific error code
+ *
+ * \note            f_rng may be NULL if RSA is used for signature and the
+ *                  signature is made offline (otherwise f_rng is desirable
+ *                  for countermeasures against timing attacks).
+ *                  ECDSA signatures always require a non-NULL f_rng.
+ */
+int mbedtls_x509write_crt_pem( mbedtls_x509write_cert *ctx, unsigned char *buf, size_t size,
+                       int (*f_rng)(void *, unsigned char *, size_t),
+                       void *p_rng );
+#endif /* MBEDTLS_PEM_WRITE_C */
+#endif /* MBEDTLS_X509_CRT_WRITE_C */
+
+#ifdef __cplusplus
+}
+#endif
+
+#endif /* mbedtls_x509_crt.h */
diff --git a/client/3rd/ShadowSocks/ShadowSocks/mbedtls/include/mbedtls/x509_csr.h b/client/3rd/ShadowSocks/ShadowSocks/mbedtls/include/mbedtls/x509_csr.h
new file mode 100644
index 00000000..98c75bcf
--- /dev/null
+++ b/client/3rd/ShadowSocks/ShadowSocks/mbedtls/include/mbedtls/x509_csr.h
@@ -0,0 +1,292 @@
+/**
+ * \file mbedtls_x509_csr.h
+ *
+ * \brief X.509 certificate signing request parsing and writing
+ *
+ *  Copyright (C) 2006-2015, ARM Limited, All Rights Reserved
+ *  SPDX-License-Identifier: Apache-2.0
+ *
+ *  Licensed under the Apache License, Version 2.0 (the "License"); you may
+ *  not use this file except in compliance with the License.
+ *  You may obtain a copy of the License at
+ *
+ *  http://www.apache.org/licenses/LICENSE-2.0
+ *
+ *  Unless required by applicable law or agreed to in writing, software
+ *  distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
+ *  WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ *  See the License for the specific language governing permissions and
+ *  limitations under the License.
+ *
+ *  This file is part of mbed TLS (https://tls.mbed.org)
+ */
+#ifndef MBEDTLS_X509_CSR_H
+#define MBEDTLS_X509_CSR_H
+
+#if !defined(MBEDTLS_CONFIG_FILE)
+#include "config.h"
+#else
+#include MBEDTLS_CONFIG_FILE
+#endif
+
+#include "x509.h"
+
+#ifdef __cplusplus
+extern "C" {
+#endif
+
+/**
+ * \addtogroup x509_module
+ * \{ */
+
+/**
+ * \name Structures and functions for X.509 Certificate Signing Requests (CSR)
+ * \{
+ */
+
+/**
+ * Certificate Signing Request (CSR) structure.
+ */
+typedef struct mbedtls_x509_csr
+{
+    mbedtls_x509_buf raw;           /**< The raw CSR data (DER). */
+    mbedtls_x509_buf cri;           /**< The raw CertificateRequestInfo body (DER). */
+
+    int version;            /**< CSR version (1=v1). */
+
+    mbedtls_x509_buf  subject_raw;  /**< The raw subject data (DER). */
+    mbedtls_x509_name subject;      /**< The parsed subject data (named information object). */
+
+    mbedtls_pk_context pk;          /**< Container for the public key context. */
+
+    mbedtls_x509_buf sig_oid;
+    mbedtls_x509_buf sig;
+    mbedtls_md_type_t sig_md;       /**< Internal representation of the MD algorithm of the signature algorithm, e.g. MBEDTLS_MD_SHA256 */
+    mbedtls_pk_type_t sig_pk;       /**< Internal representation of the Public Key algorithm of the signature algorithm, e.g. MBEDTLS_PK_RSA */
+    void *sig_opts;         /**< Signature options to be passed to mbedtls_pk_verify_ext(), e.g. for RSASSA-PSS */
+}
+mbedtls_x509_csr;
+
+/**
+ * Container for writing a CSR
+ */
+typedef struct mbedtls_x509write_csr
+{
+    mbedtls_pk_context *key;
+    mbedtls_asn1_named_data *subject;
+    mbedtls_md_type_t md_alg;
+    mbedtls_asn1_named_data *extensions;
+}
+mbedtls_x509write_csr;
+
+#if defined(MBEDTLS_X509_CSR_PARSE_C)
+/**
+ * \brief          Load a Certificate Signing Request (CSR) in DER format
+ *
+ * \param csr      CSR context to fill
+ * \param buf      buffer holding the CRL data
+ * \param buflen   size of the buffer
+ *
+ * \return         0 if successful, or a specific X509 error code
+ */
+int mbedtls_x509_csr_parse_der( mbedtls_x509_csr *csr,
+                        const unsigned char *buf, size_t buflen );
+
+/**
+ * \brief          Load a Certificate Signing Request (CSR), DER or PEM format
+ *
+ * \param csr      CSR context to fill
+ * \param buf      buffer holding the CRL data
+ * \param buflen   size of the buffer
+ *                 (including the terminating null byte for PEM data)
+ *
+ * \return         0 if successful, or a specific X509 or PEM error code
+ */
+int mbedtls_x509_csr_parse( mbedtls_x509_csr *csr, const unsigned char *buf, size_t buflen );
+
+#if defined(MBEDTLS_FS_IO)
+/**
+ * \brief          Load a Certificate Signing Request (CSR)
+ *
+ * \param csr      CSR context to fill
+ * \param path     filename to read the CSR from
+ *
+ * \return         0 if successful, or a specific X509 or PEM error code
+ */
+int mbedtls_x509_csr_parse_file( mbedtls_x509_csr *csr, const char *path );
+#endif /* MBEDTLS_FS_IO */
+
+/**
+ * \brief          Returns an informational string about the
+ *                 CSR.
+ *
+ * \param buf      Buffer to write to
+ * \param size     Maximum size of buffer
+ * \param prefix   A line prefix
+ * \param csr      The X509 CSR to represent
+ *
+ * \return         The length of the string written (not including the
+ *                 terminated nul byte), or a negative error code.
+ */
+int mbedtls_x509_csr_info( char *buf, size_t size, const char *prefix,
+                   const mbedtls_x509_csr *csr );
+
+/**
+ * \brief          Initialize a CSR
+ *
+ * \param csr      CSR to initialize
+ */
+void mbedtls_x509_csr_init( mbedtls_x509_csr *csr );
+
+/**
+ * \brief          Unallocate all CSR data
+ *
+ * \param csr      CSR to free
+ */
+void mbedtls_x509_csr_free( mbedtls_x509_csr *csr );
+#endif /* MBEDTLS_X509_CSR_PARSE_C */
+
+/* \} name */
+/* \} addtogroup x509_module */
+
+#if defined(MBEDTLS_X509_CSR_WRITE_C)
+/**
+ * \brief           Initialize a CSR context
+ *
+ * \param ctx       CSR context to initialize
+ */
+void mbedtls_x509write_csr_init( mbedtls_x509write_csr *ctx );
+
+/**
+ * \brief           Set the subject name for a CSR
+ *                  Subject names should contain a comma-separated list
+ *                  of OID types and values:
+ *                  e.g. "C=UK,O=ARM,CN=mbed TLS Server 1"
+ *
+ * \param ctx           CSR context to use
+ * \param subject_name  subject name to set
+ *
+ * \return          0 if subject name was parsed successfully, or
+ *                  a specific error code
+ */
+int mbedtls_x509write_csr_set_subject_name( mbedtls_x509write_csr *ctx,
+                                    const char *subject_name );
+
+/**
+ * \brief           Set the key for a CSR (public key will be included,
+ *                  private key used to sign the CSR when writing it)
+ *
+ * \param ctx       CSR context to use
+ * \param key       Asymetric key to include
+ */
+void mbedtls_x509write_csr_set_key( mbedtls_x509write_csr *ctx, mbedtls_pk_context *key );
+
+/**
+ * \brief           Set the MD algorithm to use for the signature
+ *                  (e.g. MBEDTLS_MD_SHA1)
+ *
+ * \param ctx       CSR context to use
+ * \param md_alg    MD algorithm to use
+ */
+void mbedtls_x509write_csr_set_md_alg( mbedtls_x509write_csr *ctx, mbedtls_md_type_t md_alg );
+
+/**
+ * \brief           Set the Key Usage Extension flags
+ *                  (e.g. MBEDTLS_X509_KU_DIGITAL_SIGNATURE | MBEDTLS_X509_KU_KEY_CERT_SIGN)
+ *
+ * \param ctx       CSR context to use
+ * \param key_usage key usage flags to set
+ *
+ * \return          0 if successful, or MBEDTLS_ERR_X509_ALLOC_FAILED
+ */
+int mbedtls_x509write_csr_set_key_usage( mbedtls_x509write_csr *ctx, unsigned char key_usage );
+
+/**
+ * \brief           Set the Netscape Cert Type flags
+ *                  (e.g. MBEDTLS_X509_NS_CERT_TYPE_SSL_CLIENT | MBEDTLS_X509_NS_CERT_TYPE_EMAIL)
+ *
+ * \param ctx           CSR context to use
+ * \param ns_cert_type  Netscape Cert Type flags to set
+ *
+ * \return          0 if successful, or MBEDTLS_ERR_X509_ALLOC_FAILED
+ */
+int mbedtls_x509write_csr_set_ns_cert_type( mbedtls_x509write_csr *ctx,
+                                    unsigned char ns_cert_type );
+
+/**
+ * \brief           Generic function to add to or replace an extension in the
+ *                  CSR
+ *
+ * \param ctx       CSR context to use
+ * \param oid       OID of the extension
+ * \param oid_len   length of the OID
+ * \param val       value of the extension OCTET STRING
+ * \param val_len   length of the value data
+ *
+ * \return          0 if successful, or a MBEDTLS_ERR_X509_ALLOC_FAILED
+ */
+int mbedtls_x509write_csr_set_extension( mbedtls_x509write_csr *ctx,
+                                 const char *oid, size_t oid_len,
+                                 const unsigned char *val, size_t val_len );
+
+/**
+ * \brief           Free the contents of a CSR context
+ *
+ * \param ctx       CSR context to free
+ */
+void mbedtls_x509write_csr_free( mbedtls_x509write_csr *ctx );
+
+/**
+ * \brief           Write a CSR (Certificate Signing Request) to a
+ *                  DER structure
+ *                  Note: data is written at the end of the buffer! Use the
+ *                        return value to determine where you should start
+ *                        using the buffer
+ *
+ * \param ctx       CSR to write away
+ * \param buf       buffer to write to
+ * \param size      size of the buffer
+ * \param f_rng     RNG function (for signature, see note)
+ * \param p_rng     RNG parameter
+ *
+ * \return          length of data written if successful, or a specific
+ *                  error code
+ *
+ * \note            f_rng may be NULL if RSA is used for signature and the
+ *                  signature is made offline (otherwise f_rng is desirable
+ *                  for countermeasures against timing attacks).
+ *                  ECDSA signatures always require a non-NULL f_rng.
+ */
+int mbedtls_x509write_csr_der( mbedtls_x509write_csr *ctx, unsigned char *buf, size_t size,
+                       int (*f_rng)(void *, unsigned char *, size_t),
+                       void *p_rng );
+
+#if defined(MBEDTLS_PEM_WRITE_C)
+/**
+ * \brief           Write a CSR (Certificate Signing Request) to a
+ *                  PEM string
+ *
+ * \param ctx       CSR to write away
+ * \param buf       buffer to write to
+ * \param size      size of the buffer
+ * \param f_rng     RNG function (for signature, see note)
+ * \param p_rng     RNG parameter
+ *
+ * \return          0 if successful, or a specific error code
+ *
+ * \note            f_rng may be NULL if RSA is used for signature and the
+ *                  signature is made offline (otherwise f_rng is desirable
+ *                  for couermeasures against timing attacks).
+ *                  ECDSA signatures always require a non-NULL f_rng.
+ */
+int mbedtls_x509write_csr_pem( mbedtls_x509write_csr *ctx, unsigned char *buf, size_t size,
+                       int (*f_rng)(void *, unsigned char *, size_t),
+                       void *p_rng );
+#endif /* MBEDTLS_PEM_WRITE_C */
+#endif /* MBEDTLS_X509_CSR_WRITE_C */
+
+#ifdef __cplusplus
+}
+#endif
+
+#endif /* mbedtls_x509_csr.h */
diff --git a/client/3rd/ShadowSocks/ShadowSocks/mbedtls/include/mbedtls/xtea.h b/client/3rd/ShadowSocks/ShadowSocks/mbedtls/include/mbedtls/xtea.h
new file mode 100644
index 00000000..b073f84e
--- /dev/null
+++ b/client/3rd/ShadowSocks/ShadowSocks/mbedtls/include/mbedtls/xtea.h
@@ -0,0 +1,139 @@
+/**
+ * \file xtea.h
+ *
+ * \brief XTEA block cipher (32-bit)
+ *
+ *  Copyright (C) 2006-2015, ARM Limited, All Rights Reserved
+ *  SPDX-License-Identifier: Apache-2.0
+ *
+ *  Licensed under the Apache License, Version 2.0 (the "License"); you may
+ *  not use this file except in compliance with the License.
+ *  You may obtain a copy of the License at
+ *
+ *  http://www.apache.org/licenses/LICENSE-2.0
+ *
+ *  Unless required by applicable law or agreed to in writing, software
+ *  distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
+ *  WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ *  See the License for the specific language governing permissions and
+ *  limitations under the License.
+ *
+ *  This file is part of mbed TLS (https://tls.mbed.org)
+ */
+#ifndef MBEDTLS_XTEA_H
+#define MBEDTLS_XTEA_H
+
+#if !defined(MBEDTLS_CONFIG_FILE)
+#include "config.h"
+#else
+#include MBEDTLS_CONFIG_FILE
+#endif
+
+#include <stddef.h>
+#include <stdint.h>
+
+#define MBEDTLS_XTEA_ENCRYPT     1
+#define MBEDTLS_XTEA_DECRYPT     0
+
+#define MBEDTLS_ERR_XTEA_INVALID_INPUT_LENGTH             -0x0028  /**< The data input has an invalid length. */
+
+#if !defined(MBEDTLS_XTEA_ALT)
+// Regular implementation
+//
+
+#ifdef __cplusplus
+extern "C" {
+#endif
+
+/**
+ * \brief          XTEA context structure
+ */
+typedef struct
+{
+    uint32_t k[4];       /*!< key */
+}
+mbedtls_xtea_context;
+
+/**
+ * \brief          Initialize XTEA context
+ *
+ * \param ctx      XTEA context to be initialized
+ */
+void mbedtls_xtea_init( mbedtls_xtea_context *ctx );
+
+/**
+ * \brief          Clear XTEA context
+ *
+ * \param ctx      XTEA context to be cleared
+ */
+void mbedtls_xtea_free( mbedtls_xtea_context *ctx );
+
+/**
+ * \brief          XTEA key schedule
+ *
+ * \param ctx      XTEA context to be initialized
+ * \param key      the secret key
+ */
+void mbedtls_xtea_setup( mbedtls_xtea_context *ctx, const unsigned char key[16] );
+
+/**
+ * \brief          XTEA cipher function
+ *
+ * \param ctx      XTEA context
+ * \param mode     MBEDTLS_XTEA_ENCRYPT or MBEDTLS_XTEA_DECRYPT
+ * \param input    8-byte input block
+ * \param output   8-byte output block
+ *
+ * \return         0 if successful
+ */
+int mbedtls_xtea_crypt_ecb( mbedtls_xtea_context *ctx,
+                    int mode,
+                    const unsigned char input[8],
+                    unsigned char output[8] );
+
+#if defined(MBEDTLS_CIPHER_MODE_CBC)
+/**
+ * \brief          XTEA CBC cipher function
+ *
+ * \param ctx      XTEA context
+ * \param mode     MBEDTLS_XTEA_ENCRYPT or MBEDTLS_XTEA_DECRYPT
+ * \param length   the length of input, multiple of 8
+ * \param iv       initialization vector for CBC mode
+ * \param input    input block
+ * \param output   output block
+ *
+ * \return         0 if successful,
+ *                 MBEDTLS_ERR_XTEA_INVALID_INPUT_LENGTH if the length % 8 != 0
+ */
+int mbedtls_xtea_crypt_cbc( mbedtls_xtea_context *ctx,
+                    int mode,
+                    size_t length,
+                    unsigned char iv[8],
+                    const unsigned char *input,
+                    unsigned char *output);
+#endif /* MBEDTLS_CIPHER_MODE_CBC */
+
+#ifdef __cplusplus
+}
+#endif
+
+#else  /* MBEDTLS_XTEA_ALT */
+#include "xtea_alt.h"
+#endif /* MBEDTLS_XTEA_ALT */
+
+#ifdef __cplusplus
+extern "C" {
+#endif
+
+/**
+ * \brief          Checkup routine
+ *
+ * \return         0 if successful, or 1 if the test failed
+ */
+int mbedtls_xtea_self_test( int verbose );
+
+#ifdef __cplusplus
+}
+#endif
+
+#endif /* xtea.h */
diff --git a/client/3rd/ShadowSocks/ShadowSocks/mbedtls/include/md.h b/client/3rd/ShadowSocks/ShadowSocks/mbedtls/include/md.h
new file mode 100644
index 00000000..77c2c6f6
--- /dev/null
+++ b/client/3rd/ShadowSocks/ShadowSocks/mbedtls/include/md.h
@@ -0,0 +1,353 @@
+/**
+ * \file mbedtls_md.h
+ *
+ * \brief Generic message digest wrapper
+ *
+ * \author Adriaan de Jong <dejong@fox-it.com>
+ *
+ *  Copyright (C) 2006-2015, ARM Limited, All Rights Reserved
+ *  SPDX-License-Identifier: Apache-2.0
+ *
+ *  Licensed under the Apache License, Version 2.0 (the "License"); you may
+ *  not use this file except in compliance with the License.
+ *  You may obtain a copy of the License at
+ *
+ *  http://www.apache.org/licenses/LICENSE-2.0
+ *
+ *  Unless required by applicable law or agreed to in writing, software
+ *  distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
+ *  WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ *  See the License for the specific language governing permissions and
+ *  limitations under the License.
+ *
+ *  This file is part of mbed TLS (https://tls.mbed.org)
+ */
+#ifndef MBEDTLS_MD_H
+#define MBEDTLS_MD_H
+
+#include <stddef.h>
+
+#define MBEDTLS_ERR_MD_FEATURE_UNAVAILABLE                -0x5080  /**< The selected feature is not available. */
+#define MBEDTLS_ERR_MD_BAD_INPUT_DATA                     -0x5100  /**< Bad input parameters to function. */
+#define MBEDTLS_ERR_MD_ALLOC_FAILED                       -0x5180  /**< Failed to allocate memory. */
+#define MBEDTLS_ERR_MD_FILE_IO_ERROR                      -0x5200  /**< Opening or reading of file failed. */
+
+#ifdef __cplusplus
+extern "C" {
+#endif
+
+typedef enum {
+    MBEDTLS_MD_NONE=0,
+    MBEDTLS_MD_MD2,
+    MBEDTLS_MD_MD4,
+    MBEDTLS_MD_MD5,
+    MBEDTLS_MD_SHA1,
+    MBEDTLS_MD_SHA224,
+    MBEDTLS_MD_SHA256,
+    MBEDTLS_MD_SHA384,
+    MBEDTLS_MD_SHA512,
+    MBEDTLS_MD_RIPEMD160,
+} mbedtls_md_type_t;
+
+#if defined(MBEDTLS_SHA512_C)
+#define MBEDTLS_MD_MAX_SIZE         64  /* longest known is SHA512 */
+#else
+#define MBEDTLS_MD_MAX_SIZE         32  /* longest known is SHA256 or less */
+#endif
+
+/**
+ * Opaque struct defined in md_internal.h
+ */
+typedef struct mbedtls_md_info_t mbedtls_md_info_t;
+
+/**
+ * Generic message digest context.
+ */
+typedef struct {
+    /** Information about the associated message digest */
+    const mbedtls_md_info_t *md_info;
+
+    /** Digest-specific context */
+    void *md_ctx;
+
+    /** HMAC part of the context */
+    void *hmac_ctx;
+} mbedtls_md_context_t;
+
+/**
+ * \brief Returns the list of digests supported by the generic digest module.
+ *
+ * \return          a statically allocated array of digests, the last entry
+ *                  is 0.
+ */
+const int *mbedtls_md_list( void );
+
+/**
+ * \brief           Returns the message digest information associated with the
+ *                  given digest name.
+ *
+ * \param md_name   Name of the digest to search for.
+ *
+ * \return          The message digest information associated with md_name or
+ *                  NULL if not found.
+ */
+const mbedtls_md_info_t *mbedtls_md_info_from_string( const char *md_name );
+
+/**
+ * \brief           Returns the message digest information associated with the
+ *                  given digest type.
+ *
+ * \param md_type   type of digest to search for.
+ *
+ * \return          The message digest information associated with md_type or
+ *                  NULL if not found.
+ */
+const mbedtls_md_info_t *mbedtls_md_info_from_type( mbedtls_md_type_t md_type );
+
+/**
+ * \brief           Initialize a md_context (as NONE)
+ *                  This should always be called first.
+ *                  Prepares the context for mbedtls_md_setup() or mbedtls_md_free().
+ */
+void mbedtls_md_init( mbedtls_md_context_t *ctx );
+
+/**
+ * \brief           Free and clear the internal structures of ctx.
+ *                  Can be called at any time after mbedtls_md_init().
+ *                  Mandatory once mbedtls_md_setup() has been called.
+ */
+void mbedtls_md_free( mbedtls_md_context_t *ctx );
+
+#if ! defined(MBEDTLS_DEPRECATED_REMOVED)
+#if defined(MBEDTLS_DEPRECATED_WARNING)
+#define MBEDTLS_DEPRECATED    __attribute__((deprecated))
+#else
+#define MBEDTLS_DEPRECATED
+#endif
+/**
+ * \brief           Select MD to use and allocate internal structures.
+ *                  Should be called after mbedtls_md_init() or mbedtls_md_free().
+ *                  Makes it necessary to call mbedtls_md_free() later.
+ *
+ * \deprecated      Superseded by mbedtls_md_setup() in 2.0.0
+ *
+ * \param ctx       Context to set up.
+ * \param md_info   Message digest to use.
+ *
+ * \returns         \c 0 on success,
+ *                  \c MBEDTLS_ERR_MD_BAD_INPUT_DATA on parameter failure,
+ *                  \c MBEDTLS_ERR_MD_ALLOC_FAILED memory allocation failure.
+ */
+int mbedtls_md_init_ctx( mbedtls_md_context_t *ctx, const mbedtls_md_info_t *md_info ) MBEDTLS_DEPRECATED;
+#undef MBEDTLS_DEPRECATED
+#endif /* MBEDTLS_DEPRECATED_REMOVED */
+
+/**
+ * \brief           Select MD to use and allocate internal structures.
+ *                  Should be called after mbedtls_md_init() or mbedtls_md_free().
+ *                  Makes it necessary to call mbedtls_md_free() later.
+ *
+ * \param ctx       Context to set up.
+ * \param md_info   Message digest to use.
+ * \param hmac      0 to save some memory if HMAC will not be used,
+ *                  non-zero is HMAC is going to be used with this context.
+ *
+ * \returns         \c 0 on success,
+ *                  \c MBEDTLS_ERR_MD_BAD_INPUT_DATA on parameter failure,
+ *                  \c MBEDTLS_ERR_MD_ALLOC_FAILED memory allocation failure.
+ */
+int mbedtls_md_setup( mbedtls_md_context_t *ctx, const mbedtls_md_info_t *md_info, int hmac );
+
+/**
+ * \brief           Clone the state of an MD context
+ *
+ * \note            The two contexts must have been setup to the same type
+ *                  (cloning from SHA-256 to SHA-512 make no sense).
+ *
+ * \warning         Only clones the MD state, not the HMAC state! (for now)
+ *
+ * \param dst       The destination context
+ * \param src       The context to be cloned
+ *
+ * \return          \c 0 on success,
+ *                  \c MBEDTLS_ERR_MD_BAD_INPUT_DATA on parameter failure.
+ */
+int mbedtls_md_clone( mbedtls_md_context_t *dst,
+                      const mbedtls_md_context_t *src );
+
+/**
+ * \brief           Returns the size of the message digest output.
+ *
+ * \param md_info   message digest info
+ *
+ * \return          size of the message digest output in bytes.
+ */
+unsigned char mbedtls_md_get_size( const mbedtls_md_info_t *md_info );
+
+/**
+ * \brief           Returns the type of the message digest output.
+ *
+ * \param md_info   message digest info
+ *
+ * \return          type of the message digest output.
+ */
+mbedtls_md_type_t mbedtls_md_get_type( const mbedtls_md_info_t *md_info );
+
+/**
+ * \brief           Returns the name of the message digest output.
+ *
+ * \param md_info   message digest info
+ *
+ * \return          name of the message digest output.
+ */
+const char *mbedtls_md_get_name( const mbedtls_md_info_t *md_info );
+
+/**
+ * \brief           Prepare the context to digest a new message.
+ *                  Generally called after mbedtls_md_setup() or mbedtls_md_finish().
+ *                  Followed by mbedtls_md_update().
+ *
+ * \param ctx       generic message digest context.
+ *
+ * \returns         0 on success, MBEDTLS_ERR_MD_BAD_INPUT_DATA if parameter
+ *                  verification fails.
+ */
+int mbedtls_md_starts( mbedtls_md_context_t *ctx );
+
+/**
+ * \brief           Generic message digest process buffer
+ *                  Called between mbedtls_md_starts() and mbedtls_md_finish().
+ *                  May be called repeatedly.
+ *
+ * \param ctx       Generic message digest context
+ * \param input     buffer holding the  datal
+ * \param ilen      length of the input data
+ *
+ * \returns         0 on success, MBEDTLS_ERR_MD_BAD_INPUT_DATA if parameter
+ *                  verification fails.
+ */
+int mbedtls_md_update( mbedtls_md_context_t *ctx, const unsigned char *input, size_t ilen );
+
+/**
+ * \brief           Generic message digest final digest
+ *                  Called after mbedtls_md_update().
+ *                  Usually followed by mbedtls_md_free() or mbedtls_md_starts().
+ *
+ * \param ctx       Generic message digest context
+ * \param output    Generic message digest checksum result
+ *
+ * \returns         0 on success, MBEDTLS_ERR_MD_BAD_INPUT_DATA if parameter
+ *                  verification fails.
+ */
+int mbedtls_md_finish( mbedtls_md_context_t *ctx, unsigned char *output );
+
+/**
+ * \brief          Output = message_digest( input buffer )
+ *
+ * \param md_info  message digest info
+ * \param input    buffer holding the  data
+ * \param ilen     length of the input data
+ * \param output   Generic message digest checksum result
+ *
+ * \returns        0 on success, MBEDTLS_ERR_MD_BAD_INPUT_DATA if parameter
+ *                 verification fails.
+ */
+int mbedtls_md( const mbedtls_md_info_t *md_info, const unsigned char *input, size_t ilen,
+        unsigned char *output );
+
+#if defined(MBEDTLS_FS_IO)
+/**
+ * \brief          Output = message_digest( file contents )
+ *
+ * \param md_info  message digest info
+ * \param path     input file name
+ * \param output   generic message digest checksum result
+ *
+ * \return         0 if successful,
+ *                 MBEDTLS_ERR_MD_FILE_IO_ERROR if file input failed,
+ *                 MBEDTLS_ERR_MD_BAD_INPUT_DATA if md_info was NULL.
+ */
+int mbedtls_md_file( const mbedtls_md_info_t *md_info, const char *path,
+                     unsigned char *output );
+#endif /* MBEDTLS_FS_IO */
+
+/**
+ * \brief           Set HMAC key and prepare to authenticate a new message.
+ *                  Usually called after mbedtls_md_setup() or mbedtls_md_hmac_finish().
+ *
+ * \param ctx       HMAC context
+ * \param key       HMAC secret key
+ * \param keylen    length of the HMAC key in bytes
+ *
+ * \returns         0 on success, MBEDTLS_ERR_MD_BAD_INPUT_DATA if parameter
+ *                  verification fails.
+ */
+int mbedtls_md_hmac_starts( mbedtls_md_context_t *ctx, const unsigned char *key,
+                    size_t keylen );
+
+/**
+ * \brief           Generic HMAC process buffer.
+ *                  Called between mbedtls_md_hmac_starts() or mbedtls_md_hmac_reset()
+ *                  and mbedtls_md_hmac_finish().
+ *                  May be called repeatedly.
+ *
+ * \param ctx       HMAC context
+ * \param input     buffer holding the  data
+ * \param ilen      length of the input data
+ *
+ * \returns         0 on success, MBEDTLS_ERR_MD_BAD_INPUT_DATA if parameter
+ *                  verification fails.
+ */
+int mbedtls_md_hmac_update( mbedtls_md_context_t *ctx, const unsigned char *input,
+                    size_t ilen );
+
+/**
+ * \brief           Output HMAC.
+ *                  Called after mbedtls_md_hmac_update().
+ *                  Usually followed my mbedtls_md_hmac_reset(), mbedtls_md_hmac_starts(),
+ *                  or mbedtls_md_free().
+ *
+ * \param ctx       HMAC context
+ * \param output    Generic HMAC checksum result
+ *
+ * \returns         0 on success, MBEDTLS_ERR_MD_BAD_INPUT_DATA if parameter
+ *                  verification fails.
+ */
+int mbedtls_md_hmac_finish( mbedtls_md_context_t *ctx, unsigned char *output);
+
+/**
+ * \brief           Prepare to authenticate a new message with the same key.
+ *                  Called after mbedtls_md_hmac_finish() and before mbedtls_md_hmac_update().
+ *
+ * \param ctx       HMAC context to be reset
+ *
+ * \returns         0 on success, MBEDTLS_ERR_MD_BAD_INPUT_DATA if parameter
+ *                  verification fails.
+ */
+int mbedtls_md_hmac_reset( mbedtls_md_context_t *ctx );
+
+/**
+ * \brief          Output = Generic_HMAC( hmac key, input buffer )
+ *
+ * \param md_info  message digest info
+ * \param key      HMAC secret key
+ * \param keylen   length of the HMAC key in bytes
+ * \param input    buffer holding the  data
+ * \param ilen     length of the input data
+ * \param output   Generic HMAC-result
+ *
+ * \returns        0 on success, MBEDTLS_ERR_MD_BAD_INPUT_DATA if parameter
+ *                 verification fails.
+ */
+int mbedtls_md_hmac( const mbedtls_md_info_t *md_info, const unsigned char *key, size_t keylen,
+                const unsigned char *input, size_t ilen,
+                unsigned char *output );
+
+/* Internal use */
+int mbedtls_md_process( mbedtls_md_context_t *ctx, const unsigned char *data );
+
+#ifdef __cplusplus
+}
+#endif
+
+#endif /* MBEDTLS_MD_H */
diff --git a/client/3rd/ShadowSocks/ShadowSocks/mbedtls/include/md2.h b/client/3rd/ShadowSocks/ShadowSocks/mbedtls/include/md2.h
new file mode 100644
index 00000000..51d79486
--- /dev/null
+++ b/client/3rd/ShadowSocks/ShadowSocks/mbedtls/include/md2.h
@@ -0,0 +1,136 @@
+/**
+ * \file mbedtls_md2.h
+ *
+ * \brief MD2 message digest algorithm (hash function)
+ *
+ *  Copyright (C) 2006-2015, ARM Limited, All Rights Reserved
+ *  SPDX-License-Identifier: Apache-2.0
+ *
+ *  Licensed under the Apache License, Version 2.0 (the "License"); you may
+ *  not use this file except in compliance with the License.
+ *  You may obtain a copy of the License at
+ *
+ *  http://www.apache.org/licenses/LICENSE-2.0
+ *
+ *  Unless required by applicable law or agreed to in writing, software
+ *  distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
+ *  WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ *  See the License for the specific language governing permissions and
+ *  limitations under the License.
+ *
+ *  This file is part of mbed TLS (https://tls.mbed.org)
+ */
+#ifndef MBEDTLS_MD2_H
+#define MBEDTLS_MD2_H
+
+#if !defined(MBEDTLS_CONFIG_FILE)
+#include "config.h"
+#else
+#include MBEDTLS_CONFIG_FILE
+#endif
+
+#include <stddef.h>
+
+#if !defined(MBEDTLS_MD2_ALT)
+// Regular implementation
+//
+
+#ifdef __cplusplus
+extern "C" {
+#endif
+
+/**
+ * \brief          MD2 context structure
+ */
+typedef struct
+{
+    unsigned char cksum[16];    /*!< checksum of the data block */
+    unsigned char state[48];    /*!< intermediate digest state  */
+    unsigned char buffer[16];   /*!< data block being processed */
+    size_t left;                /*!< amount of data in buffer   */
+}
+mbedtls_md2_context;
+
+/**
+ * \brief          Initialize MD2 context
+ *
+ * \param ctx      MD2 context to be initialized
+ */
+void mbedtls_md2_init( mbedtls_md2_context *ctx );
+
+/**
+ * \brief          Clear MD2 context
+ *
+ * \param ctx      MD2 context to be cleared
+ */
+void mbedtls_md2_free( mbedtls_md2_context *ctx );
+
+/**
+ * \brief          Clone (the state of) an MD2 context
+ *
+ * \param dst      The destination context
+ * \param src      The context to be cloned
+ */
+void mbedtls_md2_clone( mbedtls_md2_context *dst,
+                        const mbedtls_md2_context *src );
+
+/**
+ * \brief          MD2 context setup
+ *
+ * \param ctx      context to be initialized
+ */
+void mbedtls_md2_starts( mbedtls_md2_context *ctx );
+
+/**
+ * \brief          MD2 process buffer
+ *
+ * \param ctx      MD2 context
+ * \param input    buffer holding the  data
+ * \param ilen     length of the input data
+ */
+void mbedtls_md2_update( mbedtls_md2_context *ctx, const unsigned char *input, size_t ilen );
+
+/**
+ * \brief          MD2 final digest
+ *
+ * \param ctx      MD2 context
+ * \param output   MD2 checksum result
+ */
+void mbedtls_md2_finish( mbedtls_md2_context *ctx, unsigned char output[16] );
+
+#ifdef __cplusplus
+}
+#endif
+
+#else  /* MBEDTLS_MD2_ALT */
+#include "md2_alt.h"
+#endif /* MBEDTLS_MD2_ALT */
+
+#ifdef __cplusplus
+extern "C" {
+#endif
+
+/**
+ * \brief          Output = MD2( input buffer )
+ *
+ * \param input    buffer holding the  data
+ * \param ilen     length of the input data
+ * \param output   MD2 checksum result
+ */
+void mbedtls_md2( const unsigned char *input, size_t ilen, unsigned char output[16] );
+
+/**
+ * \brief          Checkup routine
+ *
+ * \return         0 if successful, or 1 if the test failed
+ */
+int mbedtls_md2_self_test( int verbose );
+
+/* Internal use */
+void mbedtls_md2_process( mbedtls_md2_context *ctx );
+
+#ifdef __cplusplus
+}
+#endif
+
+#endif /* mbedtls_md2.h */
diff --git a/client/3rd/ShadowSocks/ShadowSocks/mbedtls/include/md4.h b/client/3rd/ShadowSocks/ShadowSocks/mbedtls/include/md4.h
new file mode 100644
index 00000000..12cb81dc
--- /dev/null
+++ b/client/3rd/ShadowSocks/ShadowSocks/mbedtls/include/md4.h
@@ -0,0 +1,136 @@
+/**
+ * \file mbedtls_md4.h
+ *
+ * \brief MD4 message digest algorithm (hash function)
+ *
+ *  Copyright (C) 2006-2015, ARM Limited, All Rights Reserved
+ *  SPDX-License-Identifier: Apache-2.0
+ *
+ *  Licensed under the Apache License, Version 2.0 (the "License"); you may
+ *  not use this file except in compliance with the License.
+ *  You may obtain a copy of the License at
+ *
+ *  http://www.apache.org/licenses/LICENSE-2.0
+ *
+ *  Unless required by applicable law or agreed to in writing, software
+ *  distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
+ *  WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ *  See the License for the specific language governing permissions and
+ *  limitations under the License.
+ *
+ *  This file is part of mbed TLS (https://tls.mbed.org)
+ */
+#ifndef MBEDTLS_MD4_H
+#define MBEDTLS_MD4_H
+
+#if !defined(MBEDTLS_CONFIG_FILE)
+#include "config.h"
+#else
+#include MBEDTLS_CONFIG_FILE
+#endif
+
+#include <stddef.h>
+#include <stdint.h>
+
+#if !defined(MBEDTLS_MD4_ALT)
+// Regular implementation
+//
+
+#ifdef __cplusplus
+extern "C" {
+#endif
+
+/**
+ * \brief          MD4 context structure
+ */
+typedef struct
+{
+    uint32_t total[2];          /*!< number of bytes processed  */
+    uint32_t state[4];          /*!< intermediate digest state  */
+    unsigned char buffer[64];   /*!< data block being processed */
+}
+mbedtls_md4_context;
+
+/**
+ * \brief          Initialize MD4 context
+ *
+ * \param ctx      MD4 context to be initialized
+ */
+void mbedtls_md4_init( mbedtls_md4_context *ctx );
+
+/**
+ * \brief          Clear MD4 context
+ *
+ * \param ctx      MD4 context to be cleared
+ */
+void mbedtls_md4_free( mbedtls_md4_context *ctx );
+
+/**
+ * \brief          Clone (the state of) an MD4 context
+ *
+ * \param dst      The destination context
+ * \param src      The context to be cloned
+ */
+void mbedtls_md4_clone( mbedtls_md4_context *dst,
+                        const mbedtls_md4_context *src );
+
+/**
+ * \brief          MD4 context setup
+ *
+ * \param ctx      context to be initialized
+ */
+void mbedtls_md4_starts( mbedtls_md4_context *ctx );
+
+/**
+ * \brief          MD4 process buffer
+ *
+ * \param ctx      MD4 context
+ * \param input    buffer holding the  data
+ * \param ilen     length of the input data
+ */
+void mbedtls_md4_update( mbedtls_md4_context *ctx, const unsigned char *input, size_t ilen );
+
+/**
+ * \brief          MD4 final digest
+ *
+ * \param ctx      MD4 context
+ * \param output   MD4 checksum result
+ */
+void mbedtls_md4_finish( mbedtls_md4_context *ctx, unsigned char output[16] );
+
+#ifdef __cplusplus
+}
+#endif
+
+#else  /* MBEDTLS_MD4_ALT */
+#include "md4_alt.h"
+#endif /* MBEDTLS_MD4_ALT */
+
+#ifdef __cplusplus
+extern "C" {
+#endif
+
+/**
+ * \brief          Output = MD4( input buffer )
+ *
+ * \param input    buffer holding the  data
+ * \param ilen     length of the input data
+ * \param output   MD4 checksum result
+ */
+void mbedtls_md4( const unsigned char *input, size_t ilen, unsigned char output[16] );
+
+/**
+ * \brief          Checkup routine
+ *
+ * \return         0 if successful, or 1 if the test failed
+ */
+int mbedtls_md4_self_test( int verbose );
+
+/* Internal use */
+void mbedtls_md4_process( mbedtls_md4_context *ctx, const unsigned char data[64] );
+
+#ifdef __cplusplus
+}
+#endif
+
+#endif /* mbedtls_md4.h */
diff --git a/client/3rd/ShadowSocks/ShadowSocks/mbedtls/include/md5.h b/client/3rd/ShadowSocks/ShadowSocks/mbedtls/include/md5.h
new file mode 100644
index 00000000..09d8a947
--- /dev/null
+++ b/client/3rd/ShadowSocks/ShadowSocks/mbedtls/include/md5.h
@@ -0,0 +1,136 @@
+/**
+ * \file mbedtls_md5.h
+ *
+ * \brief MD5 message digest algorithm (hash function)
+ *
+ *  Copyright (C) 2006-2015, ARM Limited, All Rights Reserved
+ *  SPDX-License-Identifier: Apache-2.0
+ *
+ *  Licensed under the Apache License, Version 2.0 (the "License"); you may
+ *  not use this file except in compliance with the License.
+ *  You may obtain a copy of the License at
+ *
+ *  http://www.apache.org/licenses/LICENSE-2.0
+ *
+ *  Unless required by applicable law or agreed to in writing, software
+ *  distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
+ *  WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ *  See the License for the specific language governing permissions and
+ *  limitations under the License.
+ *
+ *  This file is part of mbed TLS (https://tls.mbed.org)
+ */
+#ifndef MBEDTLS_MD5_H
+#define MBEDTLS_MD5_H
+
+#if !defined(MBEDTLS_CONFIG_FILE)
+#include "config.h"
+#else
+#include MBEDTLS_CONFIG_FILE
+#endif
+
+#include <stddef.h>
+#include <stdint.h>
+
+#if !defined(MBEDTLS_MD5_ALT)
+// Regular implementation
+//
+
+#ifdef __cplusplus
+extern "C" {
+#endif
+
+/**
+ * \brief          MD5 context structure
+ */
+typedef struct
+{
+    uint32_t total[2];          /*!< number of bytes processed  */
+    uint32_t state[4];          /*!< intermediate digest state  */
+    unsigned char buffer[64];   /*!< data block being processed */
+}
+mbedtls_md5_context;
+
+/**
+ * \brief          Initialize MD5 context
+ *
+ * \param ctx      MD5 context to be initialized
+ */
+void mbedtls_md5_init( mbedtls_md5_context *ctx );
+
+/**
+ * \brief          Clear MD5 context
+ *
+ * \param ctx      MD5 context to be cleared
+ */
+void mbedtls_md5_free( mbedtls_md5_context *ctx );
+
+/**
+ * \brief          Clone (the state of) an MD5 context
+ *
+ * \param dst      The destination context
+ * \param src      The context to be cloned
+ */
+void mbedtls_md5_clone( mbedtls_md5_context *dst,
+                        const mbedtls_md5_context *src );
+
+/**
+ * \brief          MD5 context setup
+ *
+ * \param ctx      context to be initialized
+ */
+void mbedtls_md5_starts( mbedtls_md5_context *ctx );
+
+/**
+ * \brief          MD5 process buffer
+ *
+ * \param ctx      MD5 context
+ * \param input    buffer holding the  data
+ * \param ilen     length of the input data
+ */
+void mbedtls_md5_update( mbedtls_md5_context *ctx, const unsigned char *input, size_t ilen );
+
+/**
+ * \brief          MD5 final digest
+ *
+ * \param ctx      MD5 context
+ * \param output   MD5 checksum result
+ */
+void mbedtls_md5_finish( mbedtls_md5_context *ctx, unsigned char output[16] );
+
+/* Internal use */
+void mbedtls_md5_process( mbedtls_md5_context *ctx, const unsigned char data[64] );
+
+#ifdef __cplusplus
+}
+#endif
+
+#else  /* MBEDTLS_MD5_ALT */
+#include "md5_alt.h"
+#endif /* MBEDTLS_MD5_ALT */
+
+#ifdef __cplusplus
+extern "C" {
+#endif
+
+/**
+ * \brief          Output = MD5( input buffer )
+ *
+ * \param input    buffer holding the  data
+ * \param ilen     length of the input data
+ * \param output   MD5 checksum result
+ */
+void mbedtls_md5( const unsigned char *input, size_t ilen, unsigned char output[16] );
+
+/**
+ * \brief          Checkup routine
+ *
+ * \return         0 if successful, or 1 if the test failed
+ */
+int mbedtls_md5_self_test( int verbose );
+
+#ifdef __cplusplus
+}
+#endif
+
+#endif /* mbedtls_md5.h */
diff --git a/client/3rd/ShadowSocks/ShadowSocks/mbedtls/include/md_internal.h b/client/3rd/ShadowSocks/ShadowSocks/mbedtls/include/md_internal.h
new file mode 100644
index 00000000..e2441bbc
--- /dev/null
+++ b/client/3rd/ShadowSocks/ShadowSocks/mbedtls/include/md_internal.h
@@ -0,0 +1,114 @@
+/**
+ * \file md_internal.h
+ *
+ * \brief Message digest wrappers.
+ *
+ * \warning This in an internal header. Do not include directly.
+ *
+ * \author Adriaan de Jong <dejong@fox-it.com>
+ *
+ *  Copyright (C) 2006-2015, ARM Limited, All Rights Reserved
+ *  SPDX-License-Identifier: Apache-2.0
+ *
+ *  Licensed under the Apache License, Version 2.0 (the "License"); you may
+ *  not use this file except in compliance with the License.
+ *  You may obtain a copy of the License at
+ *
+ *  http://www.apache.org/licenses/LICENSE-2.0
+ *
+ *  Unless required by applicable law or agreed to in writing, software
+ *  distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
+ *  WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ *  See the License for the specific language governing permissions and
+ *  limitations under the License.
+ *
+ *  This file is part of mbed TLS (https://tls.mbed.org)
+ */
+#ifndef MBEDTLS_MD_WRAP_H
+#define MBEDTLS_MD_WRAP_H
+
+#if !defined(MBEDTLS_CONFIG_FILE)
+#include "config.h"
+#else
+#include MBEDTLS_CONFIG_FILE
+#endif
+
+#include "md.h"
+
+#ifdef __cplusplus
+extern "C" {
+#endif
+
+/**
+ * Message digest information.
+ * Allows message digest functions to be called in a generic way.
+ */
+struct mbedtls_md_info_t
+{
+    /** Digest identifier */
+    mbedtls_md_type_t type;
+
+    /** Name of the message digest */
+    const char * name;
+
+    /** Output length of the digest function in bytes */
+    int size;
+
+    /** Block length of the digest function in bytes */
+    int block_size;
+
+    /** Digest initialisation function */
+    void (*starts_func)( void *ctx );
+
+    /** Digest update function */
+    void (*update_func)( void *ctx, const unsigned char *input, size_t ilen );
+
+    /** Digest finalisation function */
+    void (*finish_func)( void *ctx, unsigned char *output );
+
+    /** Generic digest function */
+    void (*digest_func)( const unsigned char *input, size_t ilen,
+                         unsigned char *output );
+
+    /** Allocate a new context */
+    void * (*ctx_alloc_func)( void );
+
+    /** Free the given context */
+    void (*ctx_free_func)( void *ctx );
+
+    /** Clone state from a context */
+    void (*clone_func)( void *dst, const void *src );
+
+    /** Internal use only */
+    void (*process_func)( void *ctx, const unsigned char *input );
+};
+
+#if defined(MBEDTLS_MD2_C)
+extern const mbedtls_md_info_t mbedtls_md2_info;
+#endif
+#if defined(MBEDTLS_MD4_C)
+extern const mbedtls_md_info_t mbedtls_md4_info;
+#endif
+#if defined(MBEDTLS_MD5_C)
+extern const mbedtls_md_info_t mbedtls_md5_info;
+#endif
+#if defined(MBEDTLS_RIPEMD160_C)
+extern const mbedtls_md_info_t mbedtls_ripemd160_info;
+#endif
+#if defined(MBEDTLS_SHA1_C)
+extern const mbedtls_md_info_t mbedtls_sha1_info;
+#endif
+#if defined(MBEDTLS_SHA256_C)
+extern const mbedtls_md_info_t mbedtls_sha224_info;
+extern const mbedtls_md_info_t mbedtls_sha256_info;
+#endif
+#if defined(MBEDTLS_SHA512_C)
+extern const mbedtls_md_info_t mbedtls_sha384_info;
+extern const mbedtls_md_info_t mbedtls_sha512_info;
+#endif
+
+#ifdef __cplusplus
+}
+#endif
+
+#endif /* MBEDTLS_MD_WRAP_H */
diff --git a/client/3rd/ShadowSocks/ShadowSocks/mbedtls/include/memory_buffer_alloc.h b/client/3rd/ShadowSocks/ShadowSocks/mbedtls/include/memory_buffer_alloc.h
new file mode 100644
index 00000000..661bc08d
--- /dev/null
+++ b/client/3rd/ShadowSocks/ShadowSocks/mbedtls/include/memory_buffer_alloc.h
@@ -0,0 +1,146 @@
+/**
+ * \file memory_buffer_alloc.h
+ *
+ * \brief Buffer-based memory allocator
+ *
+ *  Copyright (C) 2006-2015, ARM Limited, All Rights Reserved
+ *  SPDX-License-Identifier: Apache-2.0
+ *
+ *  Licensed under the Apache License, Version 2.0 (the "License"); you may
+ *  not use this file except in compliance with the License.
+ *  You may obtain a copy of the License at
+ *
+ *  http://www.apache.org/licenses/LICENSE-2.0
+ *
+ *  Unless required by applicable law or agreed to in writing, software
+ *  distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
+ *  WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ *  See the License for the specific language governing permissions and
+ *  limitations under the License.
+ *
+ *  This file is part of mbed TLS (https://tls.mbed.org)
+ */
+#ifndef MBEDTLS_MEMORY_BUFFER_ALLOC_H
+#define MBEDTLS_MEMORY_BUFFER_ALLOC_H
+
+#if !defined(MBEDTLS_CONFIG_FILE)
+#include "config.h"
+#else
+#include MBEDTLS_CONFIG_FILE
+#endif
+
+#include <stddef.h>
+
+/**
+ * \name SECTION: Module settings
+ *
+ * The configuration options you can set for this module are in this section.
+ * Either change them in config.h or define them on the compiler command line.
+ * \{
+ */
+
+#if !defined(MBEDTLS_MEMORY_ALIGN_MULTIPLE)
+#define MBEDTLS_MEMORY_ALIGN_MULTIPLE       4 /**< Align on multiples of this value */
+#endif
+
+/* \} name SECTION: Module settings */
+
+#define MBEDTLS_MEMORY_VERIFY_NONE         0
+#define MBEDTLS_MEMORY_VERIFY_ALLOC        (1 << 0)
+#define MBEDTLS_MEMORY_VERIFY_FREE         (1 << 1)
+#define MBEDTLS_MEMORY_VERIFY_ALWAYS       (MBEDTLS_MEMORY_VERIFY_ALLOC | MBEDTLS_MEMORY_VERIFY_FREE)
+
+#ifdef __cplusplus
+extern "C" {
+#endif
+
+/**
+ * \brief   Initialize use of stack-based memory allocator.
+ *          The stack-based allocator does memory management inside the
+ *          presented buffer and does not call calloc() and free().
+ *          It sets the global mbedtls_calloc() and mbedtls_free() pointers
+ *          to its own functions.
+ *          (Provided mbedtls_calloc() and mbedtls_free() are thread-safe if
+ *           MBEDTLS_THREADING_C is defined)
+ *
+ * \note    This code is not optimized and provides a straight-forward
+ *          implementation of a stack-based memory allocator.
+ *
+ * \param buf   buffer to use as heap
+ * \param len   size of the buffer
+ */
+void mbedtls_memory_buffer_alloc_init( unsigned char *buf, size_t len );
+
+/**
+ * \brief   Free the mutex for thread-safety and clear remaining memory
+ */
+void mbedtls_memory_buffer_alloc_free( void );
+
+/**
+ * \brief   Determine when the allocator should automatically verify the state
+ *          of the entire chain of headers / meta-data.
+ *          (Default: MBEDTLS_MEMORY_VERIFY_NONE)
+ *
+ * \param verify    One of MBEDTLS_MEMORY_VERIFY_NONE, MBEDTLS_MEMORY_VERIFY_ALLOC,
+ *                  MBEDTLS_MEMORY_VERIFY_FREE or MBEDTLS_MEMORY_VERIFY_ALWAYS
+ */
+void mbedtls_memory_buffer_set_verify( int verify );
+
+#if defined(MBEDTLS_MEMORY_DEBUG)
+/**
+ * \brief   Print out the status of the allocated memory (primarily for use
+ *          after a program should have de-allocated all memory)
+ *          Prints out a list of 'still allocated' blocks and their stack
+ *          trace if MBEDTLS_MEMORY_BACKTRACE is defined.
+ */
+void mbedtls_memory_buffer_alloc_status( void );
+
+/**
+ * \brief   Get the peak heap usage so far
+ *
+ * \param max_used      Peak number of bytes reauested by the application
+ * \param max_blocks    Peak number of blocks reauested by the application
+ */
+void mbedtls_memory_buffer_alloc_max_get( size_t *max_used, size_t *max_blocks );
+
+/**
+ * \brief   Reset peak statistics
+ */
+void mbedtls_memory_buffer_alloc_max_reset( void );
+
+/**
+ * \brief   Get the current heap usage
+ *
+ * \param cur_used      Number of bytes reauested by the application
+ * \param cur_blocks    Number of blocks reauested by the application
+ */
+void mbedtls_memory_buffer_alloc_cur_get( size_t *cur_used, size_t *cur_blocks );
+#endif /* MBEDTLS_MEMORY_DEBUG */
+
+/**
+ * \brief   Verifies that all headers in the memory buffer are correct
+ *          and contain sane values. Helps debug buffer-overflow errors.
+ *
+ *          Prints out first failure if MBEDTLS_MEMORY_DEBUG is defined.
+ *          Prints out full header information if MBEDTLS_MEMORY_DEBUG
+ *          is defined. (Includes stack trace information for each block if
+ *          MBEDTLS_MEMORY_BACKTRACE is defined as well).
+ *
+ * \return             0 if verified, 1 otherwise
+ */
+int mbedtls_memory_buffer_alloc_verify( void );
+
+#if defined(MBEDTLS_SELF_TEST)
+/**
+ * \brief          Checkup routine
+ *
+ * \return         0 if successful, or 1 if a test failed
+ */
+int mbedtls_memory_buffer_alloc_self_test( int verbose );
+#endif
+
+#ifdef __cplusplus
+}
+#endif
+
+#endif /* memory_buffer_alloc.h */
diff --git a/client/3rd/ShadowSocks/ShadowSocks/mbedtls/include/net.h b/client/3rd/ShadowSocks/ShadowSocks/mbedtls/include/net.h
new file mode 100644
index 00000000..8c6534cf
--- /dev/null
+++ b/client/3rd/ShadowSocks/ShadowSocks/mbedtls/include/net.h
@@ -0,0 +1,225 @@
+/**
+ * \file net.h
+ *
+ * \brief Network communication functions
+ *
+ *  Copyright (C) 2006-2015, ARM Limited, All Rights Reserved
+ *  SPDX-License-Identifier: Apache-2.0
+ *
+ *  Licensed under the Apache License, Version 2.0 (the "License"); you may
+ *  not use this file except in compliance with the License.
+ *  You may obtain a copy of the License at
+ *
+ *  http://www.apache.org/licenses/LICENSE-2.0
+ *
+ *  Unless required by applicable law or agreed to in writing, software
+ *  distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
+ *  WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ *  See the License for the specific language governing permissions and
+ *  limitations under the License.
+ *
+ *  This file is part of mbed TLS (https://tls.mbed.org)
+ */
+#ifndef MBEDTLS_NET_H
+#define MBEDTLS_NET_H
+
+#if !defined(MBEDTLS_CONFIG_FILE)
+#include "config.h"
+#else
+#include MBEDTLS_CONFIG_FILE
+#endif
+
+#include "ssl.h"
+
+#include <stddef.h>
+#include <stdint.h>
+
+#define MBEDTLS_ERR_NET_SOCKET_FAILED                     -0x0042  /**< Failed to open a socket. */
+#define MBEDTLS_ERR_NET_CONNECT_FAILED                    -0x0044  /**< The connection to the given server / port failed. */
+#define MBEDTLS_ERR_NET_BIND_FAILED                       -0x0046  /**< Binding of the socket failed. */
+#define MBEDTLS_ERR_NET_LISTEN_FAILED                     -0x0048  /**< Could not listen on the socket. */
+#define MBEDTLS_ERR_NET_ACCEPT_FAILED                     -0x004A  /**< Could not accept the incoming connection. */
+#define MBEDTLS_ERR_NET_RECV_FAILED                       -0x004C  /**< Reading information from the socket failed. */
+#define MBEDTLS_ERR_NET_SEND_FAILED                       -0x004E  /**< Sending information through the socket failed. */
+#define MBEDTLS_ERR_NET_CONN_RESET                        -0x0050  /**< Connection was reset by peer. */
+#define MBEDTLS_ERR_NET_UNKNOWN_HOST                      -0x0052  /**< Failed to get an IP address for the given hostname. */
+#define MBEDTLS_ERR_NET_BUFFER_TOO_SMALL                  -0x0043  /**< Buffer is too small to hold the data. */
+#define MBEDTLS_ERR_NET_INVALID_CONTEXT                   -0x0045  /**< The context is invalid, eg because it was free()ed. */
+
+#define MBEDTLS_NET_LISTEN_BACKLOG         10 /**< The backlog that listen() should use. */
+
+#define MBEDTLS_NET_PROTO_TCP 0 /**< The TCP transport protocol */
+#define MBEDTLS_NET_PROTO_UDP 1 /**< The UDP transport protocol */
+
+#ifdef __cplusplus
+extern "C" {
+#endif
+
+/**
+ * Wrapper type for sockets.
+ *
+ * Currently backed by just a file descriptor, but might be more in the future
+ * (eg two file descriptors for combined IPv4 + IPv6 support, or additional
+ * structures for hand-made UDP demultiplexing).
+ */
+typedef struct
+{
+    int fd;             /**< The underlying file descriptor                 */
+}
+mbedtls_net_context;
+
+/**
+ * \brief          Initialize a context
+ *                 Just makes the context ready to be used or freed safely.
+ *
+ * \param ctx      Context to initialize
+ */
+void mbedtls_net_init( mbedtls_net_context *ctx );
+
+/**
+ * \brief          Initiate a connection with host:port in the given protocol
+ *
+ * \param ctx      Socket to use
+ * \param host     Host to connect to
+ * \param port     Port to connect to
+ * \param proto    Protocol: MBEDTLS_NET_PROTO_TCP or MBEDTLS_NET_PROTO_UDP
+ *
+ * \return         0 if successful, or one of:
+ *                      MBEDTLS_ERR_NET_SOCKET_FAILED,
+ *                      MBEDTLS_ERR_NET_UNKNOWN_HOST,
+ *                      MBEDTLS_ERR_NET_CONNECT_FAILED
+ *
+ * \note           Sets the socket in connected mode even with UDP.
+ */
+int mbedtls_net_connect( mbedtls_net_context *ctx, const char *host, const char *port, int proto );
+
+/**
+ * \brief          Create a receiving socket on bind_ip:port in the chosen
+ *                 protocol. If bind_ip == NULL, all interfaces are bound.
+ *
+ * \param ctx      Socket to use
+ * \param bind_ip  IP to bind to, can be NULL
+ * \param port     Port number to use
+ * \param proto    Protocol: MBEDTLS_NET_PROTO_TCP or MBEDTLS_NET_PROTO_UDP
+ *
+ * \return         0 if successful, or one of:
+ *                      MBEDTLS_ERR_NET_SOCKET_FAILED,
+ *                      MBEDTLS_ERR_NET_BIND_FAILED,
+ *                      MBEDTLS_ERR_NET_LISTEN_FAILED
+ *
+ * \note           Regardless of the protocol, opens the sockets and binds it.
+ *                 In addition, make the socket listening if protocol is TCP.
+ */
+int mbedtls_net_bind( mbedtls_net_context *ctx, const char *bind_ip, const char *port, int proto );
+
+/**
+ * \brief           Accept a connection from a remote client
+ *
+ * \param bind_ctx  Relevant socket
+ * \param client_ctx Will contain the connected client socket
+ * \param client_ip Will contain the client IP address
+ * \param buf_size  Size of the client_ip buffer
+ * \param ip_len    Will receive the size of the client IP written
+ *
+ * \return          0 if successful, or
+ *                  MBEDTLS_ERR_NET_ACCEPT_FAILED, or
+ *                  MBEDTLS_ERR_NET_BUFFER_TOO_SMALL if buf_size is too small,
+ *                  MBEDTLS_ERR_SSL_WANT_READ if bind_fd was set to
+ *                  non-blocking and accept() would block.
+ */
+int mbedtls_net_accept( mbedtls_net_context *bind_ctx,
+                        mbedtls_net_context *client_ctx,
+                        void *client_ip, size_t buf_size, size_t *ip_len );
+
+/**
+ * \brief          Set the socket blocking
+ *
+ * \param ctx      Socket to set
+ *
+ * \return         0 if successful, or a non-zero error code
+ */
+int mbedtls_net_set_block( mbedtls_net_context *ctx );
+
+/**
+ * \brief          Set the socket non-blocking
+ *
+ * \param ctx      Socket to set
+ *
+ * \return         0 if successful, or a non-zero error code
+ */
+int mbedtls_net_set_nonblock( mbedtls_net_context *ctx );
+
+/**
+ * \brief          Portable usleep helper
+ *
+ * \param usec     Amount of microseconds to sleep
+ *
+ * \note           Real amount of time slept will not be less than
+ *                 select()'s timeout granularity (typically, 10ms).
+ */
+void mbedtls_net_usleep( unsigned long usec );
+
+/**
+ * \brief          Read at most 'len' characters. If no error occurs,
+ *                 the actual amount read is returned.
+ *
+ * \param ctx      Socket
+ * \param buf      The buffer to write to
+ * \param len      Maximum length of the buffer
+ *
+ * \return         the number of bytes received,
+ *                 or a non-zero error code; with a non-blocking socket,
+ *                 MBEDTLS_ERR_SSL_WANT_READ indicates read() would block.
+ */
+int mbedtls_net_recv( void *ctx, unsigned char *buf, size_t len );
+
+/**
+ * \brief          Write at most 'len' characters. If no error occurs,
+ *                 the actual amount read is returned.
+ *
+ * \param ctx      Socket
+ * \param buf      The buffer to read from
+ * \param len      The length of the buffer
+ *
+ * \return         the number of bytes sent,
+ *                 or a non-zero error code; with a non-blocking socket,
+ *                 MBEDTLS_ERR_SSL_WANT_WRITE indicates write() would block.
+ */
+int mbedtls_net_send( void *ctx, const unsigned char *buf, size_t len );
+
+/**
+ * \brief          Read at most 'len' characters, blocking for at most
+ *                 'timeout' seconds. If no error occurs, the actual amount
+ *                 read is returned.
+ *
+ * \param ctx      Socket
+ * \param buf      The buffer to write to
+ * \param len      Maximum length of the buffer
+ * \param timeout  Maximum number of milliseconds to wait for data
+ *                 0 means no timeout (wait forever)
+ *
+ * \return         the number of bytes received,
+ *                 or a non-zero error code:
+ *                 MBEDTLS_ERR_SSL_TIMEOUT if the operation timed out,
+ *                 MBEDTLS_ERR_SSL_WANT_READ if interrupted by a signal.
+ *
+ * \note           This function will block (until data becomes available or
+ *                 timeout is reached) even if the socket is set to
+ *                 non-blocking. Handling timeouts with non-blocking reads
+ *                 requires a different strategy.
+ */
+int mbedtls_net_recv_timeout( void *ctx, unsigned char *buf, size_t len,
+                      uint32_t timeout );
+
+/**
+ * \brief          Gracefully shutdown the connection and free associated data
+ *
+ * \param ctx      The context to free
+ */
+void mbedtls_net_free( mbedtls_net_context *ctx );
+
+#ifdef __cplusplus
+}
+#endif
+
+#endif /* net.h */
diff --git a/client/3rd/ShadowSocks/ShadowSocks/mbedtls/include/oid.h b/client/3rd/ShadowSocks/ShadowSocks/mbedtls/include/oid.h
new file mode 100644
index 00000000..fcecdafd
--- /dev/null
+++ b/client/3rd/ShadowSocks/ShadowSocks/mbedtls/include/oid.h
@@ -0,0 +1,570 @@
+/**
+ * \file oid.h
+ *
+ * \brief Object Identifier (OID) database
+ *
+ *  Copyright (C) 2006-2015, ARM Limited, All Rights Reserved
+ *  SPDX-License-Identifier: Apache-2.0
+ *
+ *  Licensed under the Apache License, Version 2.0 (the "License"); you may
+ *  not use this file except in compliance with the License.
+ *  You may obtain a copy of the License at
+ *
+ *  http://www.apache.org/licenses/LICENSE-2.0
+ *
+ *  Unless required by applicable law or agreed to in writing, software
+ *  distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
+ *  WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ *  See the License for the specific language governing permissions and
+ *  limitations under the License.
+ *
+ *  This file is part of mbed TLS (https://tls.mbed.org)
+ */
+#ifndef MBEDTLS_OID_H
+#define MBEDTLS_OID_H
+
+#if !defined(MBEDTLS_CONFIG_FILE)
+#include "config.h"
+#else
+#include MBEDTLS_CONFIG_FILE
+#endif
+
+#include "asn1.h"
+#include "pk.h"
+
+#include <stddef.h>
+
+#if defined(MBEDTLS_CIPHER_C)
+#include "cipher.h"
+#endif
+
+#if defined(MBEDTLS_MD_C)
+#include "md.h"
+#endif
+
+#if defined(MBEDTLS_X509_USE_C) || defined(MBEDTLS_X509_CREATE_C)
+#include "x509.h"
+#endif
+
+#define MBEDTLS_ERR_OID_NOT_FOUND                         -0x002E  /**< OID is not found. */
+#define MBEDTLS_ERR_OID_BUF_TOO_SMALL                     -0x000B  /**< output buffer is too small */
+
+/*
+ * Top level OID tuples
+ */
+#define MBEDTLS_OID_ISO_MEMBER_BODIES           "\x2a"          /* {iso(1) member-body(2)} */
+#define MBEDTLS_OID_ISO_IDENTIFIED_ORG          "\x2b"          /* {iso(1) identified-organization(3)} */
+#define MBEDTLS_OID_ISO_CCITT_DS                "\x55"          /* {joint-iso-ccitt(2) ds(5)} */
+#define MBEDTLS_OID_ISO_ITU_COUNTRY             "\x60"          /* {joint-iso-itu-t(2) country(16)} */
+
+/*
+ * ISO Member bodies OID parts
+ */
+#define MBEDTLS_OID_COUNTRY_US                  "\x86\x48"      /* {us(840)} */
+#define MBEDTLS_OID_ORG_RSA_DATA_SECURITY       "\x86\xf7\x0d"  /* {rsadsi(113549)} */
+#define MBEDTLS_OID_RSA_COMPANY                 MBEDTLS_OID_ISO_MEMBER_BODIES MBEDTLS_OID_COUNTRY_US \
+                                        MBEDTLS_OID_ORG_RSA_DATA_SECURITY /* {iso(1) member-body(2) us(840) rsadsi(113549)} */
+#define MBEDTLS_OID_ORG_ANSI_X9_62              "\xce\x3d" /* ansi-X9-62(10045) */
+#define MBEDTLS_OID_ANSI_X9_62                  MBEDTLS_OID_ISO_MEMBER_BODIES MBEDTLS_OID_COUNTRY_US \
+                                        MBEDTLS_OID_ORG_ANSI_X9_62
+
+/*
+ * ISO Identified organization OID parts
+ */
+#define MBEDTLS_OID_ORG_DOD                     "\x06"          /* {dod(6)} */
+#define MBEDTLS_OID_ORG_OIW                     "\x0e"
+#define MBEDTLS_OID_OIW_SECSIG                  MBEDTLS_OID_ORG_OIW "\x03"
+#define MBEDTLS_OID_OIW_SECSIG_ALG              MBEDTLS_OID_OIW_SECSIG "\x02"
+#define MBEDTLS_OID_OIW_SECSIG_SHA1             MBEDTLS_OID_OIW_SECSIG_ALG "\x1a"
+#define MBEDTLS_OID_ORG_CERTICOM                "\x81\x04"  /* certicom(132) */
+#define MBEDTLS_OID_CERTICOM                    MBEDTLS_OID_ISO_IDENTIFIED_ORG MBEDTLS_OID_ORG_CERTICOM
+#define MBEDTLS_OID_ORG_TELETRUST               "\x24" /* teletrust(36) */
+#define MBEDTLS_OID_TELETRUST                   MBEDTLS_OID_ISO_IDENTIFIED_ORG MBEDTLS_OID_ORG_TELETRUST
+
+/*
+ * ISO ITU OID parts
+ */
+#define MBEDTLS_OID_ORGANIZATION                "\x01"          /* {organization(1)} */
+#define MBEDTLS_OID_ISO_ITU_US_ORG              MBEDTLS_OID_ISO_ITU_COUNTRY MBEDTLS_OID_COUNTRY_US MBEDTLS_OID_ORGANIZATION /* {joint-iso-itu-t(2) country(16) us(840) organization(1)} */
+
+#define MBEDTLS_OID_ORG_GOV                     "\x65"          /* {gov(101)} */
+#define MBEDTLS_OID_GOV                         MBEDTLS_OID_ISO_ITU_US_ORG MBEDTLS_OID_ORG_GOV /* {joint-iso-itu-t(2) country(16) us(840) organization(1) gov(101)} */
+
+#define MBEDTLS_OID_ORG_NETSCAPE                "\x86\xF8\x42"  /* {netscape(113730)} */
+#define MBEDTLS_OID_NETSCAPE                    MBEDTLS_OID_ISO_ITU_US_ORG MBEDTLS_OID_ORG_NETSCAPE /* Netscape OID {joint-iso-itu-t(2) country(16) us(840) organization(1) netscape(113730)} */
+
+/* ISO arc for standard certificate and CRL extensions */
+#define MBEDTLS_OID_ID_CE                       MBEDTLS_OID_ISO_CCITT_DS "\x1D" /**< id-ce OBJECT IDENTIFIER  ::=  {joint-iso-ccitt(2) ds(5) 29} */
+
+/**
+ * Private Internet Extensions
+ * { iso(1) identified-organization(3) dod(6) internet(1)
+ *                      security(5) mechanisms(5) pkix(7) }
+ */
+#define MBEDTLS_OID_PKIX                        MBEDTLS_OID_ISO_IDENTIFIED_ORG MBEDTLS_OID_ORG_DOD "\x01\x05\x05\x07"
+
+/*
+ * Arc for standard naming attributes
+ */
+#define MBEDTLS_OID_AT                          MBEDTLS_OID_ISO_CCITT_DS "\x04" /**< id-at OBJECT IDENTIFIER ::= {joint-iso-ccitt(2) ds(5) 4} */
+#define MBEDTLS_OID_AT_CN                       MBEDTLS_OID_AT "\x03" /**< id-at-commonName AttributeType:= {id-at 3} */
+#define MBEDTLS_OID_AT_SUR_NAME                 MBEDTLS_OID_AT "\x04" /**< id-at-surName AttributeType:= {id-at 4} */
+#define MBEDTLS_OID_AT_SERIAL_NUMBER            MBEDTLS_OID_AT "\x05" /**< id-at-serialNumber AttributeType:= {id-at 5} */
+#define MBEDTLS_OID_AT_COUNTRY                  MBEDTLS_OID_AT "\x06" /**< id-at-countryName AttributeType:= {id-at 6} */
+#define MBEDTLS_OID_AT_LOCALITY                 MBEDTLS_OID_AT "\x07" /**< id-at-locality AttributeType:= {id-at 7} */
+#define MBEDTLS_OID_AT_STATE                    MBEDTLS_OID_AT "\x08" /**< id-at-state AttributeType:= {id-at 8} */
+#define MBEDTLS_OID_AT_ORGANIZATION             MBEDTLS_OID_AT "\x0A" /**< id-at-organizationName AttributeType:= {id-at 10} */
+#define MBEDTLS_OID_AT_ORG_UNIT                 MBEDTLS_OID_AT "\x0B" /**< id-at-organizationalUnitName AttributeType:= {id-at 11} */
+#define MBEDTLS_OID_AT_TITLE                    MBEDTLS_OID_AT "\x0C" /**< id-at-title AttributeType:= {id-at 12} */
+#define MBEDTLS_OID_AT_POSTAL_ADDRESS           MBEDTLS_OID_AT "\x10" /**< id-at-postalAddress AttributeType:= {id-at 16} */
+#define MBEDTLS_OID_AT_POSTAL_CODE              MBEDTLS_OID_AT "\x11" /**< id-at-postalCode AttributeType:= {id-at 17} */
+#define MBEDTLS_OID_AT_GIVEN_NAME               MBEDTLS_OID_AT "\x2A" /**< id-at-givenName AttributeType:= {id-at 42} */
+#define MBEDTLS_OID_AT_INITIALS                 MBEDTLS_OID_AT "\x2B" /**< id-at-initials AttributeType:= {id-at 43} */
+#define MBEDTLS_OID_AT_GENERATION_QUALIFIER     MBEDTLS_OID_AT "\x2C" /**< id-at-generationQualifier AttributeType:= {id-at 44} */
+#define MBEDTLS_OID_AT_UNIQUE_IDENTIFIER        MBEDTLS_OID_AT "\x2D" /**< id-at-uniqueIdentifier AttributType:= {id-at 45} */
+#define MBEDTLS_OID_AT_DN_QUALIFIER             MBEDTLS_OID_AT "\x2E" /**< id-at-dnQualifier AttributeType:= {id-at 46} */
+#define MBEDTLS_OID_AT_PSEUDONYM                MBEDTLS_OID_AT "\x41" /**< id-at-pseudonym AttributeType:= {id-at 65} */
+
+#define MBEDTLS_OID_DOMAIN_COMPONENT            "\x09\x92\x26\x89\x93\xF2\x2C\x64\x01\x19" /** id-domainComponent AttributeType:= {itu-t(0) data(9) pss(2342) ucl(19200300) pilot(100) pilotAttributeType(1) domainComponent(25)} */
+
+/*
+ * OIDs for standard certificate extensions
+ */
+#define MBEDTLS_OID_AUTHORITY_KEY_IDENTIFIER    MBEDTLS_OID_ID_CE "\x23" /**< id-ce-authorityKeyIdentifier OBJECT IDENTIFIER ::=  { id-ce 35 } */
+#define MBEDTLS_OID_SUBJECT_KEY_IDENTIFIER      MBEDTLS_OID_ID_CE "\x0E" /**< id-ce-subjectKeyIdentifier OBJECT IDENTIFIER ::=  { id-ce 14 } */
+#define MBEDTLS_OID_KEY_USAGE                   MBEDTLS_OID_ID_CE "\x0F" /**< id-ce-keyUsage OBJECT IDENTIFIER ::=  { id-ce 15 } */
+#define MBEDTLS_OID_CERTIFICATE_POLICIES        MBEDTLS_OID_ID_CE "\x20" /**< id-ce-certificatePolicies OBJECT IDENTIFIER ::=  { id-ce 32 } */
+#define MBEDTLS_OID_POLICY_MAPPINGS             MBEDTLS_OID_ID_CE "\x21" /**< id-ce-policyMappings OBJECT IDENTIFIER ::=  { id-ce 33 } */
+#define MBEDTLS_OID_SUBJECT_ALT_NAME            MBEDTLS_OID_ID_CE "\x11" /**< id-ce-subjectAltName OBJECT IDENTIFIER ::=  { id-ce 17 } */
+#define MBEDTLS_OID_ISSUER_ALT_NAME             MBEDTLS_OID_ID_CE "\x12" /**< id-ce-issuerAltName OBJECT IDENTIFIER ::=  { id-ce 18 } */
+#define MBEDTLS_OID_SUBJECT_DIRECTORY_ATTRS     MBEDTLS_OID_ID_CE "\x09" /**< id-ce-subjectDirectoryAttributes OBJECT IDENTIFIER ::=  { id-ce 9 } */
+#define MBEDTLS_OID_BASIC_CONSTRAINTS           MBEDTLS_OID_ID_CE "\x13" /**< id-ce-basicConstraints OBJECT IDENTIFIER ::=  { id-ce 19 } */
+#define MBEDTLS_OID_NAME_CONSTRAINTS            MBEDTLS_OID_ID_CE "\x1E" /**< id-ce-nameConstraints OBJECT IDENTIFIER ::=  { id-ce 30 } */
+#define MBEDTLS_OID_POLICY_CONSTRAINTS          MBEDTLS_OID_ID_CE "\x24" /**< id-ce-policyConstraints OBJECT IDENTIFIER ::=  { id-ce 36 } */
+#define MBEDTLS_OID_EXTENDED_KEY_USAGE          MBEDTLS_OID_ID_CE "\x25" /**< id-ce-extKeyUsage OBJECT IDENTIFIER ::= { id-ce 37 } */
+#define MBEDTLS_OID_CRL_DISTRIBUTION_POINTS     MBEDTLS_OID_ID_CE "\x1F" /**< id-ce-cRLDistributionPoints OBJECT IDENTIFIER ::=  { id-ce 31 } */
+#define MBEDTLS_OID_INIHIBIT_ANYPOLICY          MBEDTLS_OID_ID_CE "\x36" /**< id-ce-inhibitAnyPolicy OBJECT IDENTIFIER ::=  { id-ce 54 } */
+#define MBEDTLS_OID_FRESHEST_CRL                MBEDTLS_OID_ID_CE "\x2E" /**< id-ce-freshestCRL OBJECT IDENTIFIER ::=  { id-ce 46 } */
+
+/*
+ * Netscape certificate extensions
+ */
+#define MBEDTLS_OID_NS_CERT                 MBEDTLS_OID_NETSCAPE "\x01"
+#define MBEDTLS_OID_NS_CERT_TYPE            MBEDTLS_OID_NS_CERT  "\x01"
+#define MBEDTLS_OID_NS_BASE_URL             MBEDTLS_OID_NS_CERT  "\x02"
+#define MBEDTLS_OID_NS_REVOCATION_URL       MBEDTLS_OID_NS_CERT  "\x03"
+#define MBEDTLS_OID_NS_CA_REVOCATION_URL    MBEDTLS_OID_NS_CERT  "\x04"
+#define MBEDTLS_OID_NS_RENEWAL_URL          MBEDTLS_OID_NS_CERT  "\x07"
+#define MBEDTLS_OID_NS_CA_POLICY_URL        MBEDTLS_OID_NS_CERT  "\x08"
+#define MBEDTLS_OID_NS_SSL_SERVER_NAME      MBEDTLS_OID_NS_CERT  "\x0C"
+#define MBEDTLS_OID_NS_COMMENT              MBEDTLS_OID_NS_CERT  "\x0D"
+#define MBEDTLS_OID_NS_DATA_TYPE            MBEDTLS_OID_NETSCAPE "\x02"
+#define MBEDTLS_OID_NS_CERT_SEQUENCE        MBEDTLS_OID_NS_DATA_TYPE "\x05"
+
+/*
+ * OIDs for CRL extensions
+ */
+#define MBEDTLS_OID_PRIVATE_KEY_USAGE_PERIOD    MBEDTLS_OID_ID_CE "\x10"
+#define MBEDTLS_OID_CRL_NUMBER                  MBEDTLS_OID_ID_CE "\x14" /**< id-ce-cRLNumber OBJECT IDENTIFIER ::= { id-ce 20 } */
+
+/*
+ * X.509 v3 Extended key usage OIDs
+ */
+#define MBEDTLS_OID_ANY_EXTENDED_KEY_USAGE      MBEDTLS_OID_EXTENDED_KEY_USAGE "\x00" /**< anyExtendedKeyUsage OBJECT IDENTIFIER ::= { id-ce-extKeyUsage 0 } */
+
+#define MBEDTLS_OID_KP                          MBEDTLS_OID_PKIX "\x03" /**< id-kp OBJECT IDENTIFIER ::= { id-pkix 3 } */
+#define MBEDTLS_OID_SERVER_AUTH                 MBEDTLS_OID_KP "\x01" /**< id-kp-serverAuth OBJECT IDENTIFIER ::= { id-kp 1 } */
+#define MBEDTLS_OID_CLIENT_AUTH                 MBEDTLS_OID_KP "\x02" /**< id-kp-clientAuth OBJECT IDENTIFIER ::= { id-kp 2 } */
+#define MBEDTLS_OID_CODE_SIGNING                MBEDTLS_OID_KP "\x03" /**< id-kp-codeSigning OBJECT IDENTIFIER ::= { id-kp 3 } */
+#define MBEDTLS_OID_EMAIL_PROTECTION            MBEDTLS_OID_KP "\x04" /**< id-kp-emailProtection OBJECT IDENTIFIER ::= { id-kp 4 } */
+#define MBEDTLS_OID_TIME_STAMPING               MBEDTLS_OID_KP "\x08" /**< id-kp-timeStamping OBJECT IDENTIFIER ::= { id-kp 8 } */
+#define MBEDTLS_OID_OCSP_SIGNING                MBEDTLS_OID_KP "\x09" /**< id-kp-OCSPSigning OBJECT IDENTIFIER ::= { id-kp 9 } */
+
+/*
+ * PKCS definition OIDs
+ */
+
+#define MBEDTLS_OID_PKCS                MBEDTLS_OID_RSA_COMPANY "\x01" /**< pkcs OBJECT IDENTIFIER ::= { iso(1) member-body(2) us(840) rsadsi(113549) 1 } */
+#define MBEDTLS_OID_PKCS1               MBEDTLS_OID_PKCS "\x01" /**< pkcs-1 OBJECT IDENTIFIER ::= { iso(1) member-body(2) us(840) rsadsi(113549) pkcs(1) 1 } */
+#define MBEDTLS_OID_PKCS5               MBEDTLS_OID_PKCS "\x05" /**< pkcs-5 OBJECT IDENTIFIER ::= { iso(1) member-body(2) us(840) rsadsi(113549) pkcs(1) 5 } */
+#define MBEDTLS_OID_PKCS9               MBEDTLS_OID_PKCS "\x09" /**< pkcs-9 OBJECT IDENTIFIER ::= { iso(1) member-body(2) us(840) rsadsi(113549) pkcs(1) 9 } */
+#define MBEDTLS_OID_PKCS12              MBEDTLS_OID_PKCS "\x0c" /**< pkcs-12 OBJECT IDENTIFIER ::= { iso(1) member-body(2) us(840) rsadsi(113549) pkcs(1) 12 } */
+
+/*
+ * PKCS#1 OIDs
+ */
+#define MBEDTLS_OID_PKCS1_RSA           MBEDTLS_OID_PKCS1 "\x01" /**< rsaEncryption OBJECT IDENTIFIER ::= { pkcs-1 1 } */
+#define MBEDTLS_OID_PKCS1_MD2           MBEDTLS_OID_PKCS1 "\x02" /**< md2WithRSAEncryption ::= { pkcs-1 2 } */
+#define MBEDTLS_OID_PKCS1_MD4           MBEDTLS_OID_PKCS1 "\x03" /**< md4WithRSAEncryption ::= { pkcs-1 3 } */
+#define MBEDTLS_OID_PKCS1_MD5           MBEDTLS_OID_PKCS1 "\x04" /**< md5WithRSAEncryption ::= { pkcs-1 4 } */
+#define MBEDTLS_OID_PKCS1_SHA1          MBEDTLS_OID_PKCS1 "\x05" /**< sha1WithRSAEncryption ::= { pkcs-1 5 } */
+#define MBEDTLS_OID_PKCS1_SHA224        MBEDTLS_OID_PKCS1 "\x0e" /**< sha224WithRSAEncryption ::= { pkcs-1 14 } */
+#define MBEDTLS_OID_PKCS1_SHA256        MBEDTLS_OID_PKCS1 "\x0b" /**< sha256WithRSAEncryption ::= { pkcs-1 11 } */
+#define MBEDTLS_OID_PKCS1_SHA384        MBEDTLS_OID_PKCS1 "\x0c" /**< sha384WithRSAEncryption ::= { pkcs-1 12 } */
+#define MBEDTLS_OID_PKCS1_SHA512        MBEDTLS_OID_PKCS1 "\x0d" /**< sha512WithRSAEncryption ::= { pkcs-1 13 } */
+
+#define MBEDTLS_OID_RSA_SHA_OBS         "\x2B\x0E\x03\x02\x1D"
+
+#define MBEDTLS_OID_PKCS9_EMAIL         MBEDTLS_OID_PKCS9 "\x01" /**< emailAddress AttributeType ::= { pkcs-9 1 } */
+
+/* RFC 4055 */
+#define MBEDTLS_OID_RSASSA_PSS          MBEDTLS_OID_PKCS1 "\x0a" /**< id-RSASSA-PSS ::= { pkcs-1 10 } */
+#define MBEDTLS_OID_MGF1                MBEDTLS_OID_PKCS1 "\x08" /**< id-mgf1 ::= { pkcs-1 8 } */
+
+/*
+ * Digest algorithms
+ */
+#define MBEDTLS_OID_DIGEST_ALG_MD2              MBEDTLS_OID_RSA_COMPANY "\x02\x02" /**< id-mbedtls_md2 OBJECT IDENTIFIER ::= { iso(1) member-body(2) us(840) rsadsi(113549) digestAlgorithm(2) 2 } */
+#define MBEDTLS_OID_DIGEST_ALG_MD4              MBEDTLS_OID_RSA_COMPANY "\x02\x04" /**< id-mbedtls_md4 OBJECT IDENTIFIER ::= { iso(1) member-body(2) us(840) rsadsi(113549) digestAlgorithm(2) 4 } */
+#define MBEDTLS_OID_DIGEST_ALG_MD5              MBEDTLS_OID_RSA_COMPANY "\x02\x05" /**< id-mbedtls_md5 OBJECT IDENTIFIER ::= { iso(1) member-body(2) us(840) rsadsi(113549) digestAlgorithm(2) 5 } */
+#define MBEDTLS_OID_DIGEST_ALG_SHA1             MBEDTLS_OID_ISO_IDENTIFIED_ORG MBEDTLS_OID_OIW_SECSIG_SHA1 /**< id-mbedtls_sha1 OBJECT IDENTIFIER ::= { iso(1) identified-organization(3) oiw(14) secsig(3) algorithms(2) 26 } */
+#define MBEDTLS_OID_DIGEST_ALG_SHA224           MBEDTLS_OID_GOV "\x03\x04\x02\x04" /**< id-sha224 OBJECT IDENTIFIER ::= { joint-iso-itu-t(2) country(16) us(840) organization(1) gov(101) csor(3) nistalgorithm(4) hashalgs(2) 4 } */
+#define MBEDTLS_OID_DIGEST_ALG_SHA256           MBEDTLS_OID_GOV "\x03\x04\x02\x01" /**< id-mbedtls_sha256 OBJECT IDENTIFIER ::= { joint-iso-itu-t(2) country(16) us(840) organization(1) gov(101) csor(3) nistalgorithm(4) hashalgs(2) 1 } */
+
+#define MBEDTLS_OID_DIGEST_ALG_SHA384           MBEDTLS_OID_GOV "\x03\x04\x02\x02" /**< id-sha384 OBJECT IDENTIFIER ::= { joint-iso-itu-t(2) country(16) us(840) organization(1) gov(101) csor(3) nistalgorithm(4) hashalgs(2) 2 } */
+
+#define MBEDTLS_OID_DIGEST_ALG_SHA512           MBEDTLS_OID_GOV "\x03\x04\x02\x03" /**< id-mbedtls_sha512 OBJECT IDENTIFIER ::= { joint-iso-itu-t(2) country(16) us(840) organization(1) gov(101) csor(3) nistalgorithm(4) hashalgs(2) 3 } */
+
+#define MBEDTLS_OID_HMAC_SHA1                   MBEDTLS_OID_RSA_COMPANY "\x02\x07" /**< id-hmacWithSHA1 OBJECT IDENTIFIER ::= { iso(1) member-body(2) us(840) rsadsi(113549) digestAlgorithm(2) 7 } */
+
+/*
+ * Encryption algorithms
+ */
+#define MBEDTLS_OID_DES_CBC                     MBEDTLS_OID_ISO_IDENTIFIED_ORG MBEDTLS_OID_OIW_SECSIG_ALG "\x07" /**< desCBC OBJECT IDENTIFIER ::= { iso(1) identified-organization(3) oiw(14) secsig(3) algorithms(2) 7 } */
+#define MBEDTLS_OID_DES_EDE3_CBC                MBEDTLS_OID_RSA_COMPANY "\x03\x07" /**< des-ede3-cbc OBJECT IDENTIFIER ::= { iso(1) member-body(2) -- us(840) rsadsi(113549) encryptionAlgorithm(3) 7 } */
+
+/*
+ * PKCS#5 OIDs
+ */
+#define MBEDTLS_OID_PKCS5_PBKDF2                MBEDTLS_OID_PKCS5 "\x0c" /**< id-PBKDF2 OBJECT IDENTIFIER ::= {pkcs-5 12} */
+#define MBEDTLS_OID_PKCS5_PBES2                 MBEDTLS_OID_PKCS5 "\x0d" /**< id-PBES2 OBJECT IDENTIFIER ::= {pkcs-5 13} */
+#define MBEDTLS_OID_PKCS5_PBMAC1                MBEDTLS_OID_PKCS5 "\x0e" /**< id-PBMAC1 OBJECT IDENTIFIER ::= {pkcs-5 14} */
+
+/*
+ * PKCS#5 PBES1 algorithms
+ */
+#define MBEDTLS_OID_PKCS5_PBE_MD2_DES_CBC       MBEDTLS_OID_PKCS5 "\x01" /**< pbeWithMD2AndDES-CBC OBJECT IDENTIFIER ::= {pkcs-5 1} */
+#define MBEDTLS_OID_PKCS5_PBE_MD2_RC2_CBC       MBEDTLS_OID_PKCS5 "\x04" /**< pbeWithMD2AndRC2-CBC OBJECT IDENTIFIER ::= {pkcs-5 4} */
+#define MBEDTLS_OID_PKCS5_PBE_MD5_DES_CBC       MBEDTLS_OID_PKCS5 "\x03" /**< pbeWithMD5AndDES-CBC OBJECT IDENTIFIER ::= {pkcs-5 3} */
+#define MBEDTLS_OID_PKCS5_PBE_MD5_RC2_CBC       MBEDTLS_OID_PKCS5 "\x06" /**< pbeWithMD5AndRC2-CBC OBJECT IDENTIFIER ::= {pkcs-5 6} */
+#define MBEDTLS_OID_PKCS5_PBE_SHA1_DES_CBC      MBEDTLS_OID_PKCS5 "\x0a" /**< pbeWithSHA1AndDES-CBC OBJECT IDENTIFIER ::= {pkcs-5 10} */
+#define MBEDTLS_OID_PKCS5_PBE_SHA1_RC2_CBC      MBEDTLS_OID_PKCS5 "\x0b" /**< pbeWithSHA1AndRC2-CBC OBJECT IDENTIFIER ::= {pkcs-5 11} */
+
+/*
+ * PKCS#8 OIDs
+ */
+#define MBEDTLS_OID_PKCS9_CSR_EXT_REQ           MBEDTLS_OID_PKCS9 "\x0e" /**< extensionRequest OBJECT IDENTIFIER ::= {pkcs-9 14} */
+
+/*
+ * PKCS#12 PBE OIDs
+ */
+#define MBEDTLS_OID_PKCS12_PBE                      MBEDTLS_OID_PKCS12 "\x01" /**< pkcs-12PbeIds OBJECT IDENTIFIER ::= {pkcs-12 1} */
+
+#define MBEDTLS_OID_PKCS12_PBE_SHA1_RC4_128         MBEDTLS_OID_PKCS12_PBE "\x01" /**< pbeWithSHAAnd128BitRC4 OBJECT IDENTIFIER ::= {pkcs-12PbeIds 1} */
+#define MBEDTLS_OID_PKCS12_PBE_SHA1_RC4_40          MBEDTLS_OID_PKCS12_PBE "\x02" /**< pbeWithSHAAnd40BitRC4 OBJECT IDENTIFIER ::= {pkcs-12PbeIds 2} */
+#define MBEDTLS_OID_PKCS12_PBE_SHA1_DES3_EDE_CBC    MBEDTLS_OID_PKCS12_PBE "\x03" /**< pbeWithSHAAnd3-KeyTripleDES-CBC OBJECT IDENTIFIER ::= {pkcs-12PbeIds 3} */
+#define MBEDTLS_OID_PKCS12_PBE_SHA1_DES2_EDE_CBC    MBEDTLS_OID_PKCS12_PBE "\x04" /**< pbeWithSHAAnd2-KeyTripleDES-CBC OBJECT IDENTIFIER ::= {pkcs-12PbeIds 4} */
+#define MBEDTLS_OID_PKCS12_PBE_SHA1_RC2_128_CBC     MBEDTLS_OID_PKCS12_PBE "\x05" /**< pbeWithSHAAnd128BitRC2-CBC OBJECT IDENTIFIER ::= {pkcs-12PbeIds 5} */
+#define MBEDTLS_OID_PKCS12_PBE_SHA1_RC2_40_CBC      MBEDTLS_OID_PKCS12_PBE "\x06" /**< pbeWithSHAAnd40BitRC2-CBC OBJECT IDENTIFIER ::= {pkcs-12PbeIds 6} */
+
+/*
+ * EC key algorithms from RFC 5480
+ */
+
+/* id-ecPublicKey OBJECT IDENTIFIER ::= {
+ *       iso(1) member-body(2) us(840) ansi-X9-62(10045) keyType(2) 1 } */
+#define MBEDTLS_OID_EC_ALG_UNRESTRICTED         MBEDTLS_OID_ANSI_X9_62 "\x02\01"
+
+/*   id-ecDH OBJECT IDENTIFIER ::= {
+ *     iso(1) identified-organization(3) certicom(132)
+ *     schemes(1) ecdh(12) } */
+#define MBEDTLS_OID_EC_ALG_ECDH                 MBEDTLS_OID_CERTICOM "\x01\x0c"
+
+/*
+ * ECParameters namedCurve identifiers, from RFC 5480, RFC 5639, and SEC2
+ */
+
+/* secp192r1 OBJECT IDENTIFIER ::= {
+ *   iso(1) member-body(2) us(840) ansi-X9-62(10045) curves(3) prime(1) 1 } */
+#define MBEDTLS_OID_EC_GRP_SECP192R1        MBEDTLS_OID_ANSI_X9_62 "\x03\x01\x01"
+
+/* secp224r1 OBJECT IDENTIFIER ::= {
+ *   iso(1) identified-organization(3) certicom(132) curve(0) 33 } */
+#define MBEDTLS_OID_EC_GRP_SECP224R1        MBEDTLS_OID_CERTICOM "\x00\x21"
+
+/* secp256r1 OBJECT IDENTIFIER ::= {
+ *   iso(1) member-body(2) us(840) ansi-X9-62(10045) curves(3) prime(1) 7 } */
+#define MBEDTLS_OID_EC_GRP_SECP256R1        MBEDTLS_OID_ANSI_X9_62 "\x03\x01\x07"
+
+/* secp384r1 OBJECT IDENTIFIER ::= {
+ *   iso(1) identified-organization(3) certicom(132) curve(0) 34 } */
+#define MBEDTLS_OID_EC_GRP_SECP384R1        MBEDTLS_OID_CERTICOM "\x00\x22"
+
+/* secp521r1 OBJECT IDENTIFIER ::= {
+ *   iso(1) identified-organization(3) certicom(132) curve(0) 35 } */
+#define MBEDTLS_OID_EC_GRP_SECP521R1        MBEDTLS_OID_CERTICOM "\x00\x23"
+
+/* secp192k1 OBJECT IDENTIFIER ::= {
+ *   iso(1) identified-organization(3) certicom(132) curve(0) 31 } */
+#define MBEDTLS_OID_EC_GRP_SECP192K1        MBEDTLS_OID_CERTICOM "\x00\x1f"
+
+/* secp224k1 OBJECT IDENTIFIER ::= {
+ *   iso(1) identified-organization(3) certicom(132) curve(0) 32 } */
+#define MBEDTLS_OID_EC_GRP_SECP224K1        MBEDTLS_OID_CERTICOM "\x00\x20"
+
+/* secp256k1 OBJECT IDENTIFIER ::= {
+ *   iso(1) identified-organization(3) certicom(132) curve(0) 10 } */
+#define MBEDTLS_OID_EC_GRP_SECP256K1        MBEDTLS_OID_CERTICOM "\x00\x0a"
+
+/* RFC 5639 4.1
+ * ecStdCurvesAndGeneration OBJECT IDENTIFIER::= {iso(1)
+ * identified-organization(3) teletrust(36) algorithm(3) signature-
+ * algorithm(3) ecSign(2) 8}
+ * ellipticCurve OBJECT IDENTIFIER ::= {ecStdCurvesAndGeneration 1}
+ * versionOne OBJECT IDENTIFIER ::= {ellipticCurve 1} */
+#define MBEDTLS_OID_EC_BRAINPOOL_V1         MBEDTLS_OID_TELETRUST "\x03\x03\x02\x08\x01\x01"
+
+/* brainpoolP256r1 OBJECT IDENTIFIER ::= {versionOne 7} */
+#define MBEDTLS_OID_EC_GRP_BP256R1          MBEDTLS_OID_EC_BRAINPOOL_V1 "\x07"
+
+/* brainpoolP384r1 OBJECT IDENTIFIER ::= {versionOne 11} */
+#define MBEDTLS_OID_EC_GRP_BP384R1          MBEDTLS_OID_EC_BRAINPOOL_V1 "\x0B"
+
+/* brainpoolP512r1 OBJECT IDENTIFIER ::= {versionOne 13} */
+#define MBEDTLS_OID_EC_GRP_BP512R1          MBEDTLS_OID_EC_BRAINPOOL_V1 "\x0D"
+
+/*
+ * SEC1 C.1
+ *
+ * prime-field OBJECT IDENTIFIER ::= { id-fieldType 1 }
+ * id-fieldType OBJECT IDENTIFIER ::= { ansi-X9-62 fieldType(1)}
+ */
+#define MBEDTLS_OID_ANSI_X9_62_FIELD_TYPE   MBEDTLS_OID_ANSI_X9_62 "\x01"
+#define MBEDTLS_OID_ANSI_X9_62_PRIME_FIELD  MBEDTLS_OID_ANSI_X9_62_FIELD_TYPE "\x01"
+
+/*
+ * ECDSA signature identifiers, from RFC 5480
+ */
+#define MBEDTLS_OID_ANSI_X9_62_SIG          MBEDTLS_OID_ANSI_X9_62 "\x04" /* signatures(4) */
+#define MBEDTLS_OID_ANSI_X9_62_SIG_SHA2     MBEDTLS_OID_ANSI_X9_62_SIG "\x03" /* ecdsa-with-SHA2(3) */
+
+/* ecdsa-with-SHA1 OBJECT IDENTIFIER ::= {
+ *   iso(1) member-body(2) us(840) ansi-X9-62(10045) signatures(4) 1 } */
+#define MBEDTLS_OID_ECDSA_SHA1              MBEDTLS_OID_ANSI_X9_62_SIG "\x01"
+
+/* ecdsa-with-SHA224 OBJECT IDENTIFIER ::= {
+ *   iso(1) member-body(2) us(840) ansi-X9-62(10045) signatures(4)
+ *   ecdsa-with-SHA2(3) 1 } */
+#define MBEDTLS_OID_ECDSA_SHA224            MBEDTLS_OID_ANSI_X9_62_SIG_SHA2 "\x01"
+
+/* ecdsa-with-SHA256 OBJECT IDENTIFIER ::= {
+ *   iso(1) member-body(2) us(840) ansi-X9-62(10045) signatures(4)
+ *   ecdsa-with-SHA2(3) 2 } */
+#define MBEDTLS_OID_ECDSA_SHA256            MBEDTLS_OID_ANSI_X9_62_SIG_SHA2 "\x02"
+
+/* ecdsa-with-SHA384 OBJECT IDENTIFIER ::= {
+ *   iso(1) member-body(2) us(840) ansi-X9-62(10045) signatures(4)
+ *   ecdsa-with-SHA2(3) 3 } */
+#define MBEDTLS_OID_ECDSA_SHA384            MBEDTLS_OID_ANSI_X9_62_SIG_SHA2 "\x03"
+
+/* ecdsa-with-SHA512 OBJECT IDENTIFIER ::= {
+ *   iso(1) member-body(2) us(840) ansi-X9-62(10045) signatures(4)
+ *   ecdsa-with-SHA2(3) 4 } */
+#define MBEDTLS_OID_ECDSA_SHA512            MBEDTLS_OID_ANSI_X9_62_SIG_SHA2 "\x04"
+
+#ifdef __cplusplus
+extern "C" {
+#endif
+
+/**
+ * \brief Base OID descriptor structure
+ */
+typedef struct {
+    const char *asn1;               /*!< OID ASN.1 representation       */
+    size_t asn1_len;                /*!< length of asn1                 */
+    const char *name;               /*!< official name (e.g. from RFC)  */
+    const char *description;        /*!< human friendly description     */
+} mbedtls_oid_descriptor_t;
+
+/**
+ * \brief           Translate an ASN.1 OID into its numeric representation
+ *                  (e.g. "\x2A\x86\x48\x86\xF7\x0D" into "1.2.840.113549")
+ *
+ * \param buf       buffer to put representation in
+ * \param size      size of the buffer
+ * \param oid       OID to translate
+ *
+ * \return          Length of the string written (excluding final NULL) or
+ *                  MBEDTLS_ERR_OID_BUF_TOO_SMALL in case of error
+ */
+int mbedtls_oid_get_numeric_string( char *buf, size_t size, const mbedtls_asn1_buf *oid );
+
+#if defined(MBEDTLS_X509_USE_C) || defined(MBEDTLS_X509_CREATE_C)
+/**
+ * \brief          Translate an X.509 extension OID into local values
+ *
+ * \param oid      OID to use
+ * \param ext_type place to store the extension type
+ *
+ * \return         0 if successful, or MBEDTLS_ERR_OID_NOT_FOUND
+ */
+int mbedtls_oid_get_x509_ext_type( const mbedtls_asn1_buf *oid, int *ext_type );
+#endif
+
+/**
+ * \brief          Translate an X.509 attribute type OID into the short name
+ *                 (e.g. the OID for an X520 Common Name into "CN")
+ *
+ * \param oid      OID to use
+ * \param short_name    place to store the string pointer
+ *
+ * \return         0 if successful, or MBEDTLS_ERR_OID_NOT_FOUND
+ */
+int mbedtls_oid_get_attr_short_name( const mbedtls_asn1_buf *oid, const char **short_name );
+
+/**
+ * \brief          Translate PublicKeyAlgorithm OID into pk_type
+ *
+ * \param oid      OID to use
+ * \param pk_alg   place to store public key algorithm
+ *
+ * \return         0 if successful, or MBEDTLS_ERR_OID_NOT_FOUND
+ */
+int mbedtls_oid_get_pk_alg( const mbedtls_asn1_buf *oid, mbedtls_pk_type_t *pk_alg );
+
+/**
+ * \brief          Translate pk_type into PublicKeyAlgorithm OID
+ *
+ * \param pk_alg   Public key type to look for
+ * \param oid      place to store ASN.1 OID string pointer
+ * \param olen     length of the OID
+ *
+ * \return         0 if successful, or MBEDTLS_ERR_OID_NOT_FOUND
+ */
+int mbedtls_oid_get_oid_by_pk_alg( mbedtls_pk_type_t pk_alg,
+                           const char **oid, size_t *olen );
+
+#if defined(MBEDTLS_ECP_C)
+/**
+ * \brief          Translate NamedCurve OID into an EC group identifier
+ *
+ * \param oid      OID to use
+ * \param grp_id   place to store group id
+ *
+ * \return         0 if successful, or MBEDTLS_ERR_OID_NOT_FOUND
+ */
+int mbedtls_oid_get_ec_grp( const mbedtls_asn1_buf *oid, mbedtls_ecp_group_id *grp_id );
+
+/**
+ * \brief          Translate EC group identifier into NamedCurve OID
+ *
+ * \param grp_id   EC group identifier
+ * \param oid      place to store ASN.1 OID string pointer
+ * \param olen     length of the OID
+ *
+ * \return         0 if successful, or MBEDTLS_ERR_OID_NOT_FOUND
+ */
+int mbedtls_oid_get_oid_by_ec_grp( mbedtls_ecp_group_id grp_id,
+                           const char **oid, size_t *olen );
+#endif /* MBEDTLS_ECP_C */
+
+#if defined(MBEDTLS_MD_C)
+/**
+ * \brief          Translate SignatureAlgorithm OID into md_type and pk_type
+ *
+ * \param oid      OID to use
+ * \param md_alg   place to store message digest algorithm
+ * \param pk_alg   place to store public key algorithm
+ *
+ * \return         0 if successful, or MBEDTLS_ERR_OID_NOT_FOUND
+ */
+int mbedtls_oid_get_sig_alg( const mbedtls_asn1_buf *oid,
+                     mbedtls_md_type_t *md_alg, mbedtls_pk_type_t *pk_alg );
+
+/**
+ * \brief          Translate SignatureAlgorithm OID into description
+ *
+ * \param oid      OID to use
+ * \param desc     place to store string pointer
+ *
+ * \return         0 if successful, or MBEDTLS_ERR_OID_NOT_FOUND
+ */
+int mbedtls_oid_get_sig_alg_desc( const mbedtls_asn1_buf *oid, const char **desc );
+
+/**
+ * \brief          Translate md_type and pk_type into SignatureAlgorithm OID
+ *
+ * \param md_alg   message digest algorithm
+ * \param pk_alg   public key algorithm
+ * \param oid      place to store ASN.1 OID string pointer
+ * \param olen     length of the OID
+ *
+ * \return         0 if successful, or MBEDTLS_ERR_OID_NOT_FOUND
+ */
+int mbedtls_oid_get_oid_by_sig_alg( mbedtls_pk_type_t pk_alg, mbedtls_md_type_t md_alg,
+                            const char **oid, size_t *olen );
+
+/**
+ * \brief          Translate hash algorithm OID into md_type
+ *
+ * \param oid      OID to use
+ * \param md_alg   place to store message digest algorithm
+ *
+ * \return         0 if successful, or MBEDTLS_ERR_OID_NOT_FOUND
+ */
+int mbedtls_oid_get_md_alg( const mbedtls_asn1_buf *oid, mbedtls_md_type_t *md_alg );
+#endif /* MBEDTLS_MD_C */
+
+/**
+ * \brief          Translate Extended Key Usage OID into description
+ *
+ * \param oid      OID to use
+ * \param desc     place to store string pointer
+ *
+ * \return         0 if successful, or MBEDTLS_ERR_OID_NOT_FOUND
+ */
+int mbedtls_oid_get_extended_key_usage( const mbedtls_asn1_buf *oid, const char **desc );
+
+/**
+ * \brief          Translate md_type into hash algorithm OID
+ *
+ * \param md_alg   message digest algorithm
+ * \param oid      place to store ASN.1 OID string pointer
+ * \param olen     length of the OID
+ *
+ * \return         0 if successful, or MBEDTLS_ERR_OID_NOT_FOUND
+ */
+int mbedtls_oid_get_oid_by_md( mbedtls_md_type_t md_alg, const char **oid, size_t *olen );
+
+#if defined(MBEDTLS_CIPHER_C)
+/**
+ * \brief          Translate encryption algorithm OID into cipher_type
+ *
+ * \param oid           OID to use
+ * \param cipher_alg    place to store cipher algorithm
+ *
+ * \return         0 if successful, or MBEDTLS_ERR_OID_NOT_FOUND
+ */
+int mbedtls_oid_get_cipher_alg( const mbedtls_asn1_buf *oid, mbedtls_cipher_type_t *cipher_alg );
+#endif /* MBEDTLS_CIPHER_C */
+
+#if defined(MBEDTLS_PKCS12_C)
+/**
+ * \brief          Translate PKCS#12 PBE algorithm OID into md_type and
+ *                 cipher_type
+ *
+ * \param oid           OID to use
+ * \param md_alg        place to store message digest algorithm
+ * \param cipher_alg    place to store cipher algorithm
+ *
+ * \return         0 if successful, or MBEDTLS_ERR_OID_NOT_FOUND
+ */
+int mbedtls_oid_get_pkcs12_pbe_alg( const mbedtls_asn1_buf *oid, mbedtls_md_type_t *md_alg,
+                            mbedtls_cipher_type_t *cipher_alg );
+#endif /* MBEDTLS_PKCS12_C */
+
+#ifdef __cplusplus
+}
+#endif
+
+#endif /* oid.h */
diff --git a/client/3rd/ShadowSocks/ShadowSocks/mbedtls/include/padlock.h b/client/3rd/ShadowSocks/ShadowSocks/mbedtls/include/padlock.h
new file mode 100644
index 00000000..2045a5ab
--- /dev/null
+++ b/client/3rd/ShadowSocks/ShadowSocks/mbedtls/include/padlock.h
@@ -0,0 +1,107 @@
+/**
+ * \file padlock.h
+ *
+ * \brief VIA PadLock ACE for HW encryption/decryption supported by some
+ *        processors
+ *
+ *  Copyright (C) 2006-2015, ARM Limited, All Rights Reserved
+ *  SPDX-License-Identifier: Apache-2.0
+ *
+ *  Licensed under the Apache License, Version 2.0 (the "License"); you may
+ *  not use this file except in compliance with the License.
+ *  You may obtain a copy of the License at
+ *
+ *  http://www.apache.org/licenses/LICENSE-2.0
+ *
+ *  Unless required by applicable law or agreed to in writing, software
+ *  distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
+ *  WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ *  See the License for the specific language governing permissions and
+ *  limitations under the License.
+ *
+ *  This file is part of mbed TLS (https://tls.mbed.org)
+ */
+#ifndef MBEDTLS_PADLOCK_H
+#define MBEDTLS_PADLOCK_H
+
+#include "aes.h"
+
+#define MBEDTLS_ERR_PADLOCK_DATA_MISALIGNED               -0x0030  /**< Input data should be aligned. */
+
+#if defined(__has_feature)
+#if __has_feature(address_sanitizer)
+#define MBEDTLS_HAVE_ASAN
+#endif
+#endif
+
+/* Some versions of ASan result in errors about not enough registers */
+#if defined(MBEDTLS_HAVE_ASM) && defined(__GNUC__) && defined(__i386__) && \
+    !defined(MBEDTLS_HAVE_ASAN)
+
+#ifndef MBEDTLS_HAVE_X86
+#define MBEDTLS_HAVE_X86
+#endif
+
+#include <stdint.h>
+
+#define MBEDTLS_PADLOCK_RNG 0x000C
+#define MBEDTLS_PADLOCK_ACE 0x00C0
+#define MBEDTLS_PADLOCK_PHE 0x0C00
+#define MBEDTLS_PADLOCK_PMM 0x3000
+
+#define MBEDTLS_PADLOCK_ALIGN16(x) (uint32_t *) (16 + ((int32_t) x & ~15))
+
+#ifdef __cplusplus
+extern "C" {
+#endif
+
+/**
+ * \brief          PadLock detection routine
+ *
+ * \param feature  The feature to detect
+ *
+ * \return         1 if CPU has support for the feature, 0 otherwise
+ */
+int mbedtls_padlock_has_support( int feature );
+
+/**
+ * \brief          PadLock AES-ECB block en(de)cryption
+ *
+ * \param ctx      AES context
+ * \param mode     MBEDTLS_AES_ENCRYPT or MBEDTLS_AES_DECRYPT
+ * \param input    16-byte input block
+ * \param output   16-byte output block
+ *
+ * \return         0 if success, 1 if operation failed
+ */
+int mbedtls_padlock_xcryptecb( mbedtls_aes_context *ctx,
+                       int mode,
+                       const unsigned char input[16],
+                       unsigned char output[16] );
+
+/**
+ * \brief          PadLock AES-CBC buffer en(de)cryption
+ *
+ * \param ctx      AES context
+ * \param mode     MBEDTLS_AES_ENCRYPT or MBEDTLS_AES_DECRYPT
+ * \param length   length of the input data
+ * \param iv       initialization vector (updated after use)
+ * \param input    buffer holding the input data
+ * \param output   buffer holding the output data
+ *
+ * \return         0 if success, 1 if operation failed
+ */
+int mbedtls_padlock_xcryptcbc( mbedtls_aes_context *ctx,
+                       int mode,
+                       size_t length,
+                       unsigned char iv[16],
+                       const unsigned char *input,
+                       unsigned char *output );
+
+#ifdef __cplusplus
+}
+#endif
+
+#endif /* HAVE_X86  */
+
+#endif /* padlock.h */
diff --git a/client/3rd/ShadowSocks/ShadowSocks/mbedtls/include/pem.h b/client/3rd/ShadowSocks/ShadowSocks/mbedtls/include/pem.h
new file mode 100644
index 00000000..54dc02d7
--- /dev/null
+++ b/client/3rd/ShadowSocks/ShadowSocks/mbedtls/include/pem.h
@@ -0,0 +1,129 @@
+/**
+ * \file pem.h
+ *
+ * \brief Privacy Enhanced Mail (PEM) decoding
+ *
+ *  Copyright (C) 2006-2015, ARM Limited, All Rights Reserved
+ *  SPDX-License-Identifier: Apache-2.0
+ *
+ *  Licensed under the Apache License, Version 2.0 (the "License"); you may
+ *  not use this file except in compliance with the License.
+ *  You may obtain a copy of the License at
+ *
+ *  http://www.apache.org/licenses/LICENSE-2.0
+ *
+ *  Unless required by applicable law or agreed to in writing, software
+ *  distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
+ *  WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ *  See the License for the specific language governing permissions and
+ *  limitations under the License.
+ *
+ *  This file is part of mbed TLS (https://tls.mbed.org)
+ */
+#ifndef MBEDTLS_PEM_H
+#define MBEDTLS_PEM_H
+
+#include <stddef.h>
+
+/**
+ * \name PEM Error codes
+ * These error codes are returned in case of errors reading the
+ * PEM data.
+ * \{
+ */
+#define MBEDTLS_ERR_PEM_NO_HEADER_FOOTER_PRESENT          -0x1080  /**< No PEM header or footer found. */
+#define MBEDTLS_ERR_PEM_INVALID_DATA                      -0x1100  /**< PEM string is not as expected. */
+#define MBEDTLS_ERR_PEM_ALLOC_FAILED                      -0x1180  /**< Failed to allocate memory. */
+#define MBEDTLS_ERR_PEM_INVALID_ENC_IV                    -0x1200  /**< RSA IV is not in hex-format. */
+#define MBEDTLS_ERR_PEM_UNKNOWN_ENC_ALG                   -0x1280  /**< Unsupported key encryption algorithm. */
+#define MBEDTLS_ERR_PEM_PASSWORD_REQUIRED                 -0x1300  /**< Private key password can't be empty. */
+#define MBEDTLS_ERR_PEM_PASSWORD_MISMATCH                 -0x1380  /**< Given private key password does not allow for correct decryption. */
+#define MBEDTLS_ERR_PEM_FEATURE_UNAVAILABLE               -0x1400  /**< Unavailable feature, e.g. hashing/encryption combination. */
+#define MBEDTLS_ERR_PEM_BAD_INPUT_DATA                    -0x1480  /**< Bad input parameters to function. */
+/* \} name */
+
+#ifdef __cplusplus
+extern "C" {
+#endif
+
+#if defined(MBEDTLS_PEM_PARSE_C)
+/**
+ * \brief       PEM context structure
+ */
+typedef struct
+{
+    unsigned char *buf;     /*!< buffer for decoded data             */
+    size_t buflen;          /*!< length of the buffer                */
+    unsigned char *info;    /*!< buffer for extra header information */
+}
+mbedtls_pem_context;
+
+/**
+ * \brief       PEM context setup
+ *
+ * \param ctx   context to be initialized
+ */
+void mbedtls_pem_init( mbedtls_pem_context *ctx );
+
+/**
+ * \brief       Read a buffer for PEM information and store the resulting
+ *              data into the specified context buffers.
+ *
+ * \param ctx       context to use
+ * \param header    header string to seek and expect
+ * \param footer    footer string to seek and expect
+ * \param data      source data to look in (must be nul-terminated)
+ * \param pwd       password for decryption (can be NULL)
+ * \param pwdlen    length of password
+ * \param use_len   destination for total length used (set after header is
+ *                  correctly read, so unless you get
+ *                  MBEDTLS_ERR_PEM_BAD_INPUT_DATA or
+ *                  MBEDTLS_ERR_PEM_NO_HEADER_FOOTER_PRESENT, use_len is
+ *                  the length to skip)
+ *
+ * \note            Attempts to check password correctness by verifying if
+ *                  the decrypted text starts with an ASN.1 sequence of
+ *                  appropriate length
+ *
+ * \return          0 on success, or a specific PEM error code
+ */
+int mbedtls_pem_read_buffer( mbedtls_pem_context *ctx, const char *header, const char *footer,
+                     const unsigned char *data,
+                     const unsigned char *pwd,
+                     size_t pwdlen, size_t *use_len );
+
+/**
+ * \brief       PEM context memory freeing
+ *
+ * \param ctx   context to be freed
+ */
+void mbedtls_pem_free( mbedtls_pem_context *ctx );
+#endif /* MBEDTLS_PEM_PARSE_C */
+
+#if defined(MBEDTLS_PEM_WRITE_C)
+/**
+ * \brief           Write a buffer of PEM information from a DER encoded
+ *                  buffer.
+ *
+ * \param header    header string to write
+ * \param footer    footer string to write
+ * \param der_data  DER data to write
+ * \param der_len   length of the DER data
+ * \param buf       buffer to write to
+ * \param buf_len   length of output buffer
+ * \param olen      total length written / required (if buf_len is not enough)
+ *
+ * \return          0 on success, or a specific PEM or BASE64 error code. On
+ *                  MBEDTLS_ERR_BASE64_BUFFER_TOO_SMALL olen is the required
+ *                  size.
+ */
+int mbedtls_pem_write_buffer( const char *header, const char *footer,
+                      const unsigned char *der_data, size_t der_len,
+                      unsigned char *buf, size_t buf_len, size_t *olen );
+#endif /* MBEDTLS_PEM_WRITE_C */
+
+#ifdef __cplusplus
+}
+#endif
+
+#endif /* pem.h */
diff --git a/client/3rd/ShadowSocks/ShadowSocks/mbedtls/include/pk.h b/client/3rd/ShadowSocks/ShadowSocks/mbedtls/include/pk.h
new file mode 100644
index 00000000..e5e78fba
--- /dev/null
+++ b/client/3rd/ShadowSocks/ShadowSocks/mbedtls/include/pk.h
@@ -0,0 +1,615 @@
+/**
+ * \file pk.h
+ *
+ * \brief Public Key abstraction layer
+ *
+ *  Copyright (C) 2006-2015, ARM Limited, All Rights Reserved
+ *  SPDX-License-Identifier: Apache-2.0
+ *
+ *  Licensed under the Apache License, Version 2.0 (the "License"); you may
+ *  not use this file except in compliance with the License.
+ *  You may obtain a copy of the License at
+ *
+ *  http://www.apache.org/licenses/LICENSE-2.0
+ *
+ *  Unless required by applicable law or agreed to in writing, software
+ *  distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
+ *  WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ *  See the License for the specific language governing permissions and
+ *  limitations under the License.
+ *
+ *  This file is part of mbed TLS (https://tls.mbed.org)
+ */
+
+#ifndef MBEDTLS_PK_H
+#define MBEDTLS_PK_H
+
+#if !defined(MBEDTLS_CONFIG_FILE)
+#include "config.h"
+#else
+#include MBEDTLS_CONFIG_FILE
+#endif
+
+#include "md.h"
+
+#if defined(MBEDTLS_RSA_C)
+#include "rsa.h"
+#endif
+
+#if defined(MBEDTLS_ECP_C)
+#include "ecp.h"
+#endif
+
+#if defined(MBEDTLS_ECDSA_C)
+#include "ecdsa.h"
+#endif
+
+#if ( defined(__ARMCC_VERSION) || defined(_MSC_VER) ) && \
+    !defined(inline) && !defined(__cplusplus)
+#define inline __inline
+#endif
+
+#define MBEDTLS_ERR_PK_ALLOC_FAILED        -0x3F80  /**< Memory allocation failed. */
+#define MBEDTLS_ERR_PK_TYPE_MISMATCH       -0x3F00  /**< Type mismatch, eg attempt to encrypt with an ECDSA key */
+#define MBEDTLS_ERR_PK_BAD_INPUT_DATA      -0x3E80  /**< Bad input parameters to function. */
+#define MBEDTLS_ERR_PK_FILE_IO_ERROR       -0x3E00  /**< Read/write of file failed. */
+#define MBEDTLS_ERR_PK_KEY_INVALID_VERSION -0x3D80  /**< Unsupported key version */
+#define MBEDTLS_ERR_PK_KEY_INVALID_FORMAT  -0x3D00  /**< Invalid key tag or value. */
+#define MBEDTLS_ERR_PK_UNKNOWN_PK_ALG      -0x3C80  /**< Key algorithm is unsupported (only RSA and EC are supported). */
+#define MBEDTLS_ERR_PK_PASSWORD_REQUIRED   -0x3C00  /**< Private key password can't be empty. */
+#define MBEDTLS_ERR_PK_PASSWORD_MISMATCH   -0x3B80  /**< Given private key password does not allow for correct decryption. */
+#define MBEDTLS_ERR_PK_INVALID_PUBKEY      -0x3B00  /**< The pubkey tag or value is invalid (only RSA and EC are supported). */
+#define MBEDTLS_ERR_PK_INVALID_ALG         -0x3A80  /**< The algorithm tag or value is invalid. */
+#define MBEDTLS_ERR_PK_UNKNOWN_NAMED_CURVE -0x3A00  /**< Elliptic curve is unsupported (only NIST curves are supported). */
+#define MBEDTLS_ERR_PK_FEATURE_UNAVAILABLE -0x3980  /**< Unavailable feature, e.g. RSA disabled for RSA key. */
+#define MBEDTLS_ERR_PK_SIG_LEN_MISMATCH    -0x3900  /**< The signature is valid but its length is less than expected. */
+
+#ifdef __cplusplus
+extern "C" {
+#endif
+
+/**
+ * \brief          Public key types
+ */
+typedef enum {
+    MBEDTLS_PK_NONE=0,
+    MBEDTLS_PK_RSA,
+    MBEDTLS_PK_ECKEY,
+    MBEDTLS_PK_ECKEY_DH,
+    MBEDTLS_PK_ECDSA,
+    MBEDTLS_PK_RSA_ALT,
+    MBEDTLS_PK_RSASSA_PSS,
+} mbedtls_pk_type_t;
+
+/**
+ * \brief           Options for RSASSA-PSS signature verification.
+ *                  See \c mbedtls_rsa_rsassa_pss_verify_ext()
+ */
+typedef struct
+{
+    mbedtls_md_type_t mgf1_hash_id;
+    int expected_salt_len;
+
+} mbedtls_pk_rsassa_pss_options;
+
+/**
+ * \brief           Types for interfacing with the debug module
+ */
+typedef enum
+{
+    MBEDTLS_PK_DEBUG_NONE = 0,
+    MBEDTLS_PK_DEBUG_MPI,
+    MBEDTLS_PK_DEBUG_ECP,
+} mbedtls_pk_debug_type;
+
+/**
+ * \brief           Item to send to the debug module
+ */
+typedef struct
+{
+    mbedtls_pk_debug_type type;
+    const char *name;
+    void *value;
+} mbedtls_pk_debug_item;
+
+/** Maximum number of item send for debugging, plus 1 */
+#define MBEDTLS_PK_DEBUG_MAX_ITEMS 3
+
+/**
+ * \brief           Public key information and operations
+ */
+typedef struct mbedtls_pk_info_t mbedtls_pk_info_t;
+
+/**
+ * \brief           Public key container
+ */
+typedef struct
+{
+    const mbedtls_pk_info_t *   pk_info; /**< Public key informations        */
+    void *                      pk_ctx;  /**< Underlying public key context  */
+} mbedtls_pk_context;
+
+#if defined(MBEDTLS_RSA_C)
+/**
+ * Quick access to an RSA context inside a PK context.
+ *
+ * \warning You must make sure the PK context actually holds an RSA context
+ * before using this function!
+ */
+static inline mbedtls_rsa_context *mbedtls_pk_rsa( const mbedtls_pk_context pk )
+{
+    return( (mbedtls_rsa_context *) (pk).pk_ctx );
+}
+#endif /* MBEDTLS_RSA_C */
+
+#if defined(MBEDTLS_ECP_C)
+/**
+ * Quick access to an EC context inside a PK context.
+ *
+ * \warning You must make sure the PK context actually holds an EC context
+ * before using this function!
+ */
+static inline mbedtls_ecp_keypair *mbedtls_pk_ec( const mbedtls_pk_context pk )
+{
+    return( (mbedtls_ecp_keypair *) (pk).pk_ctx );
+}
+#endif /* MBEDTLS_ECP_C */
+
+#if defined(MBEDTLS_PK_RSA_ALT_SUPPORT)
+/**
+ * \brief           Types for RSA-alt abstraction
+ */
+typedef int (*mbedtls_pk_rsa_alt_decrypt_func)( void *ctx, int mode, size_t *olen,
+                    const unsigned char *input, unsigned char *output,
+                    size_t output_max_len );
+typedef int (*mbedtls_pk_rsa_alt_sign_func)( void *ctx,
+                    int (*f_rng)(void *, unsigned char *, size_t), void *p_rng,
+                    int mode, mbedtls_md_type_t md_alg, unsigned int hashlen,
+                    const unsigned char *hash, unsigned char *sig );
+typedef size_t (*mbedtls_pk_rsa_alt_key_len_func)( void *ctx );
+#endif /* MBEDTLS_PK_RSA_ALT_SUPPORT */
+
+/**
+ * \brief           Return information associated with the given PK type
+ *
+ * \param pk_type   PK type to search for.
+ *
+ * \return          The PK info associated with the type or NULL if not found.
+ */
+const mbedtls_pk_info_t *mbedtls_pk_info_from_type( mbedtls_pk_type_t pk_type );
+
+/**
+ * \brief           Initialize a mbedtls_pk_context (as NONE)
+ */
+void mbedtls_pk_init( mbedtls_pk_context *ctx );
+
+/**
+ * \brief           Free a mbedtls_pk_context
+ */
+void mbedtls_pk_free( mbedtls_pk_context *ctx );
+
+/**
+ * \brief           Initialize a PK context with the information given
+ *                  and allocates the type-specific PK subcontext.
+ *
+ * \param ctx       Context to initialize. Must be empty (type NONE).
+ * \param info      Information to use
+ *
+ * \return          0 on success,
+ *                  MBEDTLS_ERR_PK_BAD_INPUT_DATA on invalid input,
+ *                  MBEDTLS_ERR_PK_ALLOC_FAILED on allocation failure.
+ *
+ * \note            For contexts holding an RSA-alt key, use
+ *                  \c mbedtls_pk_setup_rsa_alt() instead.
+ */
+int mbedtls_pk_setup( mbedtls_pk_context *ctx, const mbedtls_pk_info_t *info );
+
+#if defined(MBEDTLS_PK_RSA_ALT_SUPPORT)
+/**
+ * \brief           Initialize an RSA-alt context
+ *
+ * \param ctx       Context to initialize. Must be empty (type NONE).
+ * \param key       RSA key pointer
+ * \param decrypt_func  Decryption function
+ * \param sign_func     Signing function
+ * \param key_len_func  Function returning key length in bytes
+ *
+ * \return          0 on success, or MBEDTLS_ERR_PK_BAD_INPUT_DATA if the
+ *                  context wasn't already initialized as RSA_ALT.
+ *
+ * \note            This function replaces \c mbedtls_pk_setup() for RSA-alt.
+ */
+int mbedtls_pk_setup_rsa_alt( mbedtls_pk_context *ctx, void * key,
+                         mbedtls_pk_rsa_alt_decrypt_func decrypt_func,
+                         mbedtls_pk_rsa_alt_sign_func sign_func,
+                         mbedtls_pk_rsa_alt_key_len_func key_len_func );
+#endif /* MBEDTLS_PK_RSA_ALT_SUPPORT */
+
+/**
+ * \brief           Get the size in bits of the underlying key
+ *
+ * \param ctx       Context to use
+ *
+ * \return          Key size in bits, or 0 on error
+ */
+size_t mbedtls_pk_get_bitlen( const mbedtls_pk_context *ctx );
+
+/**
+ * \brief           Get the length in bytes of the underlying key
+ * \param ctx       Context to use
+ *
+ * \return          Key length in bytes, or 0 on error
+ */
+static inline size_t mbedtls_pk_get_len( const mbedtls_pk_context *ctx )
+{
+    return( ( mbedtls_pk_get_bitlen( ctx ) + 7 ) / 8 );
+}
+
+/**
+ * \brief           Tell if a context can do the operation given by type
+ *
+ * \param ctx       Context to test
+ * \param type      Target type
+ *
+ * \return          0 if context can't do the operations,
+ *                  1 otherwise.
+ */
+int mbedtls_pk_can_do( const mbedtls_pk_context *ctx, mbedtls_pk_type_t type );
+
+/**
+ * \brief           Verify signature (including padding if relevant).
+ *
+ * \param ctx       PK context to use
+ * \param md_alg    Hash algorithm used (see notes)
+ * \param hash      Hash of the message to sign
+ * \param hash_len  Hash length or 0 (see notes)
+ * \param sig       Signature to verify
+ * \param sig_len   Signature length
+ *
+ * \return          0 on success (signature is valid),
+ *                  MBEDTLS_ERR_PK_SIG_LEN_MISMATCH if the signature is
+ *                  valid but its actual length is less than sig_len,
+ *                  or a specific error code.
+ *
+ * \note            For RSA keys, the default padding type is PKCS#1 v1.5.
+ *                  Use \c mbedtls_pk_verify_ext( MBEDTLS_PK_RSASSA_PSS, ... )
+ *                  to verify RSASSA_PSS signatures.
+ *
+ * \note            If hash_len is 0, then the length associated with md_alg
+ *                  is used instead, or an error returned if it is invalid.
+ *
+ * \note            md_alg may be MBEDTLS_MD_NONE, only if hash_len != 0
+ */
+int mbedtls_pk_verify( mbedtls_pk_context *ctx, mbedtls_md_type_t md_alg,
+               const unsigned char *hash, size_t hash_len,
+               const unsigned char *sig, size_t sig_len );
+
+/**
+ * \brief           Verify signature, with options.
+ *                  (Includes verification of the padding depending on type.)
+ *
+ * \param type      Signature type (inc. possible padding type) to verify
+ * \param options   Pointer to type-specific options, or NULL
+ * \param ctx       PK context to use
+ * \param md_alg    Hash algorithm used (see notes)
+ * \param hash      Hash of the message to sign
+ * \param hash_len  Hash length or 0 (see notes)
+ * \param sig       Signature to verify
+ * \param sig_len   Signature length
+ *
+ * \return          0 on success (signature is valid),
+ *                  MBEDTLS_ERR_PK_TYPE_MISMATCH if the PK context can't be
+ *                  used for this type of signatures,
+ *                  MBEDTLS_ERR_PK_SIG_LEN_MISMATCH if the signature is
+ *                  valid but its actual length is less than sig_len,
+ *                  or a specific error code.
+ *
+ * \note            If hash_len is 0, then the length associated with md_alg
+ *                  is used instead, or an error returned if it is invalid.
+ *
+ * \note            md_alg may be MBEDTLS_MD_NONE, only if hash_len != 0
+ *
+ * \note            If type is MBEDTLS_PK_RSASSA_PSS, then options must point
+ *                  to a mbedtls_pk_rsassa_pss_options structure,
+ *                  otherwise it must be NULL.
+ */
+int mbedtls_pk_verify_ext( mbedtls_pk_type_t type, const void *options,
+                   mbedtls_pk_context *ctx, mbedtls_md_type_t md_alg,
+                   const unsigned char *hash, size_t hash_len,
+                   const unsigned char *sig, size_t sig_len );
+
+/**
+ * \brief           Make signature, including padding if relevant.
+ *
+ * \param ctx       PK context to use
+ * \param md_alg    Hash algorithm used (see notes)
+ * \param hash      Hash of the message to sign
+ * \param hash_len  Hash length or 0 (see notes)
+ * \param sig       Place to write the signature
+ * \param sig_len   Number of bytes written
+ * \param f_rng     RNG function
+ * \param p_rng     RNG parameter
+ *
+ * \return          0 on success, or a specific error code.
+ *
+ * \note            For RSA keys, the default padding type is PKCS#1 v1.5.
+ *                  There is no interface in the PK module to make RSASSA-PSS
+ *                  signatures yet.
+ *
+ * \note            If hash_len is 0, then the length associated with md_alg
+ *                  is used instead, or an error returned if it is invalid.
+ *
+ * \note            For RSA, md_alg may be MBEDTLS_MD_NONE if hash_len != 0.
+ *                  For ECDSA, md_alg may never be MBEDTLS_MD_NONE.
+ */
+int mbedtls_pk_sign( mbedtls_pk_context *ctx, mbedtls_md_type_t md_alg,
+             const unsigned char *hash, size_t hash_len,
+             unsigned char *sig, size_t *sig_len,
+             int (*f_rng)(void *, unsigned char *, size_t), void *p_rng );
+
+/**
+ * \brief           Decrypt message (including padding if relevant).
+ *
+ * \param ctx       PK context to use
+ * \param input     Input to decrypt
+ * \param ilen      Input size
+ * \param output    Decrypted output
+ * \param olen      Decrypted message length
+ * \param osize     Size of the output buffer
+ * \param f_rng     RNG function
+ * \param p_rng     RNG parameter
+ *
+ * \note            For RSA keys, the default padding type is PKCS#1 v1.5.
+ *
+ * \return          0 on success, or a specific error code.
+ */
+int mbedtls_pk_decrypt( mbedtls_pk_context *ctx,
+                const unsigned char *input, size_t ilen,
+                unsigned char *output, size_t *olen, size_t osize,
+                int (*f_rng)(void *, unsigned char *, size_t), void *p_rng );
+
+/**
+ * \brief           Encrypt message (including padding if relevant).
+ *
+ * \param ctx       PK context to use
+ * \param input     Message to encrypt
+ * \param ilen      Message size
+ * \param output    Encrypted output
+ * \param olen      Encrypted output length
+ * \param osize     Size of the output buffer
+ * \param f_rng     RNG function
+ * \param p_rng     RNG parameter
+ *
+ * \note            For RSA keys, the default padding type is PKCS#1 v1.5.
+ *
+ * \return          0 on success, or a specific error code.
+ */
+int mbedtls_pk_encrypt( mbedtls_pk_context *ctx,
+                const unsigned char *input, size_t ilen,
+                unsigned char *output, size_t *olen, size_t osize,
+                int (*f_rng)(void *, unsigned char *, size_t), void *p_rng );
+
+/**
+ * \brief           Check if a public-private pair of keys matches.
+ *
+ * \param pub       Context holding a public key.
+ * \param prv       Context holding a private (and public) key.
+ *
+ * \return          0 on success or MBEDTLS_ERR_PK_BAD_INPUT_DATA
+ */
+int mbedtls_pk_check_pair( const mbedtls_pk_context *pub, const mbedtls_pk_context *prv );
+
+/**
+ * \brief           Export debug information
+ *
+ * \param ctx       Context to use
+ * \param items     Place to write debug items
+ *
+ * \return          0 on success or MBEDTLS_ERR_PK_BAD_INPUT_DATA
+ */
+int mbedtls_pk_debug( const mbedtls_pk_context *ctx, mbedtls_pk_debug_item *items );
+
+/**
+ * \brief           Access the type name
+ *
+ * \param ctx       Context to use
+ *
+ * \return          Type name on success, or "invalid PK"
+ */
+const char * mbedtls_pk_get_name( const mbedtls_pk_context *ctx );
+
+/**
+ * \brief           Get the key type
+ *
+ * \param ctx       Context to use
+ *
+ * \return          Type on success, or MBEDTLS_PK_NONE
+ */
+mbedtls_pk_type_t mbedtls_pk_get_type( const mbedtls_pk_context *ctx );
+
+#if defined(MBEDTLS_PK_PARSE_C)
+/** \ingroup pk_module */
+/**
+ * \brief           Parse a private key in PEM or DER format
+ *
+ * \param ctx       key to be initialized
+ * \param key       input buffer
+ * \param keylen    size of the buffer
+ *                  (including the terminating null byte for PEM data)
+ * \param pwd       password for decryption (optional)
+ * \param pwdlen    size of the password
+ *
+ * \note            On entry, ctx must be empty, either freshly initialised
+ *                  with mbedtls_pk_init() or reset with mbedtls_pk_free(). If you need a
+ *                  specific key type, check the result with mbedtls_pk_can_do().
+ *
+ * \note            The key is also checked for correctness.
+ *
+ * \return          0 if successful, or a specific PK or PEM error code
+ */
+int mbedtls_pk_parse_key( mbedtls_pk_context *ctx,
+                  const unsigned char *key, size_t keylen,
+                  const unsigned char *pwd, size_t pwdlen );
+
+/** \ingroup pk_module */
+/**
+ * \brief           Parse a public key in PEM or DER format
+ *
+ * \param ctx       key to be initialized
+ * \param key       input buffer
+ * \param keylen    size of the buffer
+ *                  (including the terminating null byte for PEM data)
+ *
+ * \note            On entry, ctx must be empty, either freshly initialised
+ *                  with mbedtls_pk_init() or reset with mbedtls_pk_free(). If you need a
+ *                  specific key type, check the result with mbedtls_pk_can_do().
+ *
+ * \note            The key is also checked for correctness.
+ *
+ * \return          0 if successful, or a specific PK or PEM error code
+ */
+int mbedtls_pk_parse_public_key( mbedtls_pk_context *ctx,
+                         const unsigned char *key, size_t keylen );
+
+#if defined(MBEDTLS_FS_IO)
+/** \ingroup pk_module */
+/**
+ * \brief           Load and parse a private key
+ *
+ * \param ctx       key to be initialized
+ * \param path      filename to read the private key from
+ * \param password  password to decrypt the file (can be NULL)
+ *
+ * \note            On entry, ctx must be empty, either freshly initialised
+ *                  with mbedtls_pk_init() or reset with mbedtls_pk_free(). If you need a
+ *                  specific key type, check the result with mbedtls_pk_can_do().
+ *
+ * \note            The key is also checked for correctness.
+ *
+ * \return          0 if successful, or a specific PK or PEM error code
+ */
+int mbedtls_pk_parse_keyfile( mbedtls_pk_context *ctx,
+                      const char *path, const char *password );
+
+/** \ingroup pk_module */
+/**
+ * \brief           Load and parse a public key
+ *
+ * \param ctx       key to be initialized
+ * \param path      filename to read the private key from
+ *
+ * \note            On entry, ctx must be empty, either freshly initialised
+ *                  with mbedtls_pk_init() or reset with mbedtls_pk_free(). If you need a
+ *                  specific key type, check the result with mbedtls_pk_can_do().
+ *
+ * \note            The key is also checked for correctness.
+ *
+ * \return          0 if successful, or a specific PK or PEM error code
+ */
+int mbedtls_pk_parse_public_keyfile( mbedtls_pk_context *ctx, const char *path );
+#endif /* MBEDTLS_FS_IO */
+#endif /* MBEDTLS_PK_PARSE_C */
+
+#if defined(MBEDTLS_PK_WRITE_C)
+/**
+ * \brief           Write a private key to a PKCS#1 or SEC1 DER structure
+ *                  Note: data is written at the end of the buffer! Use the
+ *                        return value to determine where you should start
+ *                        using the buffer
+ *
+ * \param ctx       private to write away
+ * \param buf       buffer to write to
+ * \param size      size of the buffer
+ *
+ * \return          length of data written if successful, or a specific
+ *                  error code
+ */
+int mbedtls_pk_write_key_der( mbedtls_pk_context *ctx, unsigned char *buf, size_t size );
+
+/**
+ * \brief           Write a public key to a SubjectPublicKeyInfo DER structure
+ *                  Note: data is written at the end of the buffer! Use the
+ *                        return value to determine where you should start
+ *                        using the buffer
+ *
+ * \param ctx       public key to write away
+ * \param buf       buffer to write to
+ * \param size      size of the buffer
+ *
+ * \return          length of data written if successful, or a specific
+ *                  error code
+ */
+int mbedtls_pk_write_pubkey_der( mbedtls_pk_context *ctx, unsigned char *buf, size_t size );
+
+#if defined(MBEDTLS_PEM_WRITE_C)
+/**
+ * \brief           Write a public key to a PEM string
+ *
+ * \param ctx       public key to write away
+ * \param buf       buffer to write to
+ * \param size      size of the buffer
+ *
+ * \return          0 if successful, or a specific error code
+ */
+int mbedtls_pk_write_pubkey_pem( mbedtls_pk_context *ctx, unsigned char *buf, size_t size );
+
+/**
+ * \brief           Write a private key to a PKCS#1 or SEC1 PEM string
+ *
+ * \param ctx       private to write away
+ * \param buf       buffer to write to
+ * \param size      size of the buffer
+ *
+ * \return          0 if successful, or a specific error code
+ */
+int mbedtls_pk_write_key_pem( mbedtls_pk_context *ctx, unsigned char *buf, size_t size );
+#endif /* MBEDTLS_PEM_WRITE_C */
+#endif /* MBEDTLS_PK_WRITE_C */
+
+/*
+ * WARNING: Low-level functions. You probably do not want to use these unless
+ *          you are certain you do ;)
+ */
+
+#if defined(MBEDTLS_PK_PARSE_C)
+/**
+ * \brief           Parse a SubjectPublicKeyInfo DER structure
+ *
+ * \param p         the position in the ASN.1 data
+ * \param end       end of the buffer
+ * \param pk        the key to fill
+ *
+ * \return          0 if successful, or a specific PK error code
+ */
+int mbedtls_pk_parse_subpubkey( unsigned char **p, const unsigned char *end,
+                        mbedtls_pk_context *pk );
+#endif /* MBEDTLS_PK_PARSE_C */
+
+#if defined(MBEDTLS_PK_WRITE_C)
+/**
+ * \brief           Write a subjectPublicKey to ASN.1 data
+ *                  Note: function works backwards in data buffer
+ *
+ * \param p         reference to current position pointer
+ * \param start     start of the buffer (for bounds-checking)
+ * \param key       public key to write away
+ *
+ * \return          the length written or a negative error code
+ */
+int mbedtls_pk_write_pubkey( unsigned char **p, unsigned char *start,
+                     const mbedtls_pk_context *key );
+#endif /* MBEDTLS_PK_WRITE_C */
+
+/*
+ * Internal module functions. You probably do not want to use these unless you
+ * know you do.
+ */
+#if defined(MBEDTLS_FS_IO)
+int mbedtls_pk_load_file( const char *path, unsigned char **buf, size_t *n );
+#endif
+
+#ifdef __cplusplus
+}
+#endif
+
+#endif /* MBEDTLS_PK_H */
diff --git a/client/3rd/ShadowSocks/ShadowSocks/mbedtls/include/pk_internal.h b/client/3rd/ShadowSocks/ShadowSocks/mbedtls/include/pk_internal.h
new file mode 100644
index 00000000..01d0f214
--- /dev/null
+++ b/client/3rd/ShadowSocks/ShadowSocks/mbedtls/include/pk_internal.h
@@ -0,0 +1,114 @@
+/**
+ * \file pk.h
+ *
+ * \brief Public Key abstraction layer: wrapper functions
+ *
+ *  Copyright (C) 2006-2015, ARM Limited, All Rights Reserved
+ *  SPDX-License-Identifier: Apache-2.0
+ *
+ *  Licensed under the Apache License, Version 2.0 (the "License"); you may
+ *  not use this file except in compliance with the License.
+ *  You may obtain a copy of the License at
+ *
+ *  http://www.apache.org/licenses/LICENSE-2.0
+ *
+ *  Unless required by applicable law or agreed to in writing, software
+ *  distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
+ *  WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ *  See the License for the specific language governing permissions and
+ *  limitations under the License.
+ *
+ *  This file is part of mbed TLS (https://tls.mbed.org)
+ */
+
+#ifndef MBEDTLS_PK_WRAP_H
+#define MBEDTLS_PK_WRAP_H
+
+#if !defined(MBEDTLS_CONFIG_FILE)
+#include "config.h"
+#else
+#include MBEDTLS_CONFIG_FILE
+#endif
+
+#include "pk.h"
+
+struct mbedtls_pk_info_t
+{
+    /** Public key type */
+    mbedtls_pk_type_t type;
+
+    /** Type name */
+    const char *name;
+
+    /** Get key size in bits */
+    size_t (*get_bitlen)( const void * );
+
+    /** Tell if the context implements this type (e.g. ECKEY can do ECDSA) */
+    int (*can_do)( mbedtls_pk_type_t type );
+
+    /** Verify signature */
+    int (*verify_func)( void *ctx, mbedtls_md_type_t md_alg,
+                        const unsigned char *hash, size_t hash_len,
+                        const unsigned char *sig, size_t sig_len );
+
+    /** Make signature */
+    int (*sign_func)( void *ctx, mbedtls_md_type_t md_alg,
+                      const unsigned char *hash, size_t hash_len,
+                      unsigned char *sig, size_t *sig_len,
+                      int (*f_rng)(void *, unsigned char *, size_t),
+                      void *p_rng );
+
+    /** Decrypt message */
+    int (*decrypt_func)( void *ctx, const unsigned char *input, size_t ilen,
+                         unsigned char *output, size_t *olen, size_t osize,
+                         int (*f_rng)(void *, unsigned char *, size_t),
+                         void *p_rng );
+
+    /** Encrypt message */
+    int (*encrypt_func)( void *ctx, const unsigned char *input, size_t ilen,
+                         unsigned char *output, size_t *olen, size_t osize,
+                         int (*f_rng)(void *, unsigned char *, size_t),
+                         void *p_rng );
+
+    /** Check public-private key pair */
+    int (*check_pair_func)( const void *pub, const void *prv );
+
+    /** Allocate a new context */
+    void * (*ctx_alloc_func)( void );
+
+    /** Free the given context */
+    void (*ctx_free_func)( void *ctx );
+
+    /** Interface with the debug module */
+    void (*debug_func)( const void *ctx, mbedtls_pk_debug_item *items );
+
+};
+#if defined(MBEDTLS_PK_RSA_ALT_SUPPORT)
+/* Container for RSA-alt */
+typedef struct
+{
+    void *key;
+    mbedtls_pk_rsa_alt_decrypt_func decrypt_func;
+    mbedtls_pk_rsa_alt_sign_func sign_func;
+    mbedtls_pk_rsa_alt_key_len_func key_len_func;
+} mbedtls_rsa_alt_context;
+#endif
+
+#if defined(MBEDTLS_RSA_C)
+extern const mbedtls_pk_info_t mbedtls_rsa_info;
+#endif
+
+#if defined(MBEDTLS_ECP_C)
+extern const mbedtls_pk_info_t mbedtls_eckey_info;
+extern const mbedtls_pk_info_t mbedtls_eckeydh_info;
+#endif
+
+#if defined(MBEDTLS_ECDSA_C)
+extern const mbedtls_pk_info_t mbedtls_ecdsa_info;
+#endif
+
+#if defined(MBEDTLS_PK_RSA_ALT_SUPPORT)
+extern const mbedtls_pk_info_t mbedtls_rsa_alt_info;
+#endif
+
+#endif /* MBEDTLS_PK_WRAP_H */
diff --git a/client/3rd/ShadowSocks/ShadowSocks/mbedtls/include/pkcs11.h b/client/3rd/ShadowSocks/ShadowSocks/mbedtls/include/pkcs11.h
new file mode 100644
index 00000000..2e889281
--- /dev/null
+++ b/client/3rd/ShadowSocks/ShadowSocks/mbedtls/include/pkcs11.h
@@ -0,0 +1,173 @@
+/**
+ * \file pkcs11.h
+ *
+ * \brief Wrapper for PKCS#11 library libpkcs11-helper
+ *
+ * \author Adriaan de Jong <dejong@fox-it.com>
+ *
+ *  Copyright (C) 2006-2015, ARM Limited, All Rights Reserved
+ *  SPDX-License-Identifier: Apache-2.0
+ *
+ *  Licensed under the Apache License, Version 2.0 (the "License"); you may
+ *  not use this file except in compliance with the License.
+ *  You may obtain a copy of the License at
+ *
+ *  http://www.apache.org/licenses/LICENSE-2.0
+ *
+ *  Unless required by applicable law or agreed to in writing, software
+ *  distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
+ *  WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ *  See the License for the specific language governing permissions and
+ *  limitations under the License.
+ *
+ *  This file is part of mbed TLS (https://tls.mbed.org)
+ */
+#ifndef MBEDTLS_PKCS11_H
+#define MBEDTLS_PKCS11_H
+
+#if !defined(MBEDTLS_CONFIG_FILE)
+#include "config.h"
+#else
+#include MBEDTLS_CONFIG_FILE
+#endif
+
+#if defined(MBEDTLS_PKCS11_C)
+
+#include "x509_crt.h"
+
+#include <pkcs11-helper-1.0/pkcs11h-certificate.h>
+
+#if ( defined(__ARMCC_VERSION) || defined(_MSC_VER) ) && \
+    !defined(inline) && !defined(__cplusplus)
+#define inline __inline
+#endif
+
+#ifdef __cplusplus
+extern "C" {
+#endif
+
+/**
+ * Context for PKCS #11 private keys.
+ */
+typedef struct {
+        pkcs11h_certificate_t pkcs11h_cert;
+        int len;
+} mbedtls_pkcs11_context;
+
+/**
+ * Initialize a mbedtls_pkcs11_context.
+ * (Just making memory references valid.)
+ */
+void mbedtls_pkcs11_init( mbedtls_pkcs11_context *ctx );
+
+/**
+ * Fill in a mbed TLS certificate, based on the given PKCS11 helper certificate.
+ *
+ * \param cert          X.509 certificate to fill
+ * \param pkcs11h_cert  PKCS #11 helper certificate
+ *
+ * \return              0 on success.
+ */
+int mbedtls_pkcs11_x509_cert_bind( mbedtls_x509_crt *cert, pkcs11h_certificate_t pkcs11h_cert );
+
+/**
+ * Set up a mbedtls_pkcs11_context storing the given certificate. Note that the
+ * mbedtls_pkcs11_context will take over control of the certificate, freeing it when
+ * done.
+ *
+ * \param priv_key      Private key structure to fill.
+ * \param pkcs11_cert   PKCS #11 helper certificate
+ *
+ * \return              0 on success
+ */
+int mbedtls_pkcs11_priv_key_bind( mbedtls_pkcs11_context *priv_key,
+        pkcs11h_certificate_t pkcs11_cert );
+
+/**
+ * Free the contents of the given private key context. Note that the structure
+ * itself is not freed.
+ *
+ * \param priv_key      Private key structure to cleanup
+ */
+void mbedtls_pkcs11_priv_key_free( mbedtls_pkcs11_context *priv_key );
+
+/**
+ * \brief          Do an RSA private key decrypt, then remove the message
+ *                 padding
+ *
+ * \param ctx      PKCS #11 context
+ * \param mode     must be MBEDTLS_RSA_PRIVATE, for compatibility with rsa.c's signature
+ * \param input    buffer holding the encrypted data
+ * \param output   buffer that will hold the plaintext
+ * \param olen     will contain the plaintext length
+ * \param output_max_len    maximum length of the output buffer
+ *
+ * \return         0 if successful, or an MBEDTLS_ERR_RSA_XXX error code
+ *
+ * \note           The output buffer must be as large as the size
+ *                 of ctx->N (eg. 128 bytes if RSA-1024 is used) otherwise
+ *                 an error is thrown.
+ */
+int mbedtls_pkcs11_decrypt( mbedtls_pkcs11_context *ctx,
+                       int mode, size_t *olen,
+                       const unsigned char *input,
+                       unsigned char *output,
+                       size_t output_max_len );
+
+/**
+ * \brief          Do a private RSA to sign a message digest
+ *
+ * \param ctx      PKCS #11 context
+ * \param mode     must be MBEDTLS_RSA_PRIVATE, for compatibility with rsa.c's signature
+ * \param md_alg   a MBEDTLS_MD_XXX (use MBEDTLS_MD_NONE for signing raw data)
+ * \param hashlen  message digest length (for MBEDTLS_MD_NONE only)
+ * \param hash     buffer holding the message digest
+ * \param sig      buffer that will hold the ciphertext
+ *
+ * \return         0 if the signing operation was successful,
+ *                 or an MBEDTLS_ERR_RSA_XXX error code
+ *
+ * \note           The "sig" buffer must be as large as the size
+ *                 of ctx->N (eg. 128 bytes if RSA-1024 is used).
+ */
+int mbedtls_pkcs11_sign( mbedtls_pkcs11_context *ctx,
+                    int mode,
+                    mbedtls_md_type_t md_alg,
+                    unsigned int hashlen,
+                    const unsigned char *hash,
+                    unsigned char *sig );
+
+/**
+ * SSL/TLS wrappers for PKCS#11 functions
+ */
+static inline int mbedtls_ssl_pkcs11_decrypt( void *ctx, int mode, size_t *olen,
+                        const unsigned char *input, unsigned char *output,
+                        size_t output_max_len )
+{
+    return mbedtls_pkcs11_decrypt( (mbedtls_pkcs11_context *) ctx, mode, olen, input, output,
+                           output_max_len );
+}
+
+static inline int mbedtls_ssl_pkcs11_sign( void *ctx,
+                     int (*f_rng)(void *, unsigned char *, size_t), void *p_rng,
+                     int mode, mbedtls_md_type_t md_alg, unsigned int hashlen,
+                     const unsigned char *hash, unsigned char *sig )
+{
+    ((void) f_rng);
+    ((void) p_rng);
+    return mbedtls_pkcs11_sign( (mbedtls_pkcs11_context *) ctx, mode, md_alg,
+                        hashlen, hash, sig );
+}
+
+static inline size_t mbedtls_ssl_pkcs11_key_len( void *ctx )
+{
+    return ( (mbedtls_pkcs11_context *) ctx )->len;
+}
+
+#ifdef __cplusplus
+}
+#endif
+
+#endif /* MBEDTLS_PKCS11_C */
+
+#endif /* MBEDTLS_PKCS11_H */
diff --git a/client/3rd/ShadowSocks/ShadowSocks/mbedtls/include/pkcs12.h b/client/3rd/ShadowSocks/ShadowSocks/mbedtls/include/pkcs12.h
new file mode 100644
index 00000000..9b2d9045
--- /dev/null
+++ b/client/3rd/ShadowSocks/ShadowSocks/mbedtls/include/pkcs12.h
@@ -0,0 +1,119 @@
+/**
+ * \file pkcs12.h
+ *
+ * \brief PKCS#12 Personal Information Exchange Syntax
+ *
+ *  Copyright (C) 2006-2015, ARM Limited, All Rights Reserved
+ *  SPDX-License-Identifier: Apache-2.0
+ *
+ *  Licensed under the Apache License, Version 2.0 (the "License"); you may
+ *  not use this file except in compliance with the License.
+ *  You may obtain a copy of the License at
+ *
+ *  http://www.apache.org/licenses/LICENSE-2.0
+ *
+ *  Unless required by applicable law or agreed to in writing, software
+ *  distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
+ *  WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ *  See the License for the specific language governing permissions and
+ *  limitations under the License.
+ *
+ *  This file is part of mbed TLS (https://tls.mbed.org)
+ */
+#ifndef MBEDTLS_PKCS12_H
+#define MBEDTLS_PKCS12_H
+
+#include "md.h"
+#include "cipher.h"
+#include "asn1.h"
+
+#include <stddef.h>
+
+#define MBEDTLS_ERR_PKCS12_BAD_INPUT_DATA                 -0x1F80  /**< Bad input parameters to function. */
+#define MBEDTLS_ERR_PKCS12_FEATURE_UNAVAILABLE            -0x1F00  /**< Feature not available, e.g. unsupported encryption scheme. */
+#define MBEDTLS_ERR_PKCS12_PBE_INVALID_FORMAT             -0x1E80  /**< PBE ASN.1 data not as expected. */
+#define MBEDTLS_ERR_PKCS12_PASSWORD_MISMATCH              -0x1E00  /**< Given private key password does not allow for correct decryption. */
+
+#define MBEDTLS_PKCS12_DERIVE_KEY       1   /**< encryption/decryption key */
+#define MBEDTLS_PKCS12_DERIVE_IV        2   /**< initialization vector     */
+#define MBEDTLS_PKCS12_DERIVE_MAC_KEY   3   /**< integrity / MAC key       */
+
+#define MBEDTLS_PKCS12_PBE_DECRYPT      0
+#define MBEDTLS_PKCS12_PBE_ENCRYPT      1
+
+#ifdef __cplusplus
+extern "C" {
+#endif
+
+/**
+ * \brief            PKCS12 Password Based function (encryption / decryption)
+ *                   for pbeWithSHAAnd128BitRC4
+ *
+ * \param pbe_params an ASN1 buffer containing the pkcs-12PbeParams structure
+ * \param mode       either MBEDTLS_PKCS12_PBE_ENCRYPT or MBEDTLS_PKCS12_PBE_DECRYPT
+ * \param pwd        the password used (may be NULL if no password is used)
+ * \param pwdlen     length of the password (may be 0)
+ * \param input      the input data
+ * \param len        data length
+ * \param output     the output buffer
+ *
+ * \return           0 if successful, or a MBEDTLS_ERR_XXX code
+ */
+int mbedtls_pkcs12_pbe_sha1_rc4_128( mbedtls_asn1_buf *pbe_params, int mode,
+                             const unsigned char *pwd,  size_t pwdlen,
+                             const unsigned char *input, size_t len,
+                             unsigned char *output );
+
+/**
+ * \brief            PKCS12 Password Based function (encryption / decryption)
+ *                   for cipher-based and mbedtls_md-based PBE's
+ *
+ * \param pbe_params an ASN1 buffer containing the pkcs-12PbeParams structure
+ * \param mode       either MBEDTLS_PKCS12_PBE_ENCRYPT or MBEDTLS_PKCS12_PBE_DECRYPT
+ * \param cipher_type the cipher used
+ * \param md_type     the mbedtls_md used
+ * \param pwd        the password used (may be NULL if no password is used)
+ * \param pwdlen     length of the password (may be 0)
+ * \param input      the input data
+ * \param len        data length
+ * \param output     the output buffer
+ *
+ * \return           0 if successful, or a MBEDTLS_ERR_XXX code
+ */
+int mbedtls_pkcs12_pbe( mbedtls_asn1_buf *pbe_params, int mode,
+                mbedtls_cipher_type_t cipher_type, mbedtls_md_type_t md_type,
+                const unsigned char *pwd,  size_t pwdlen,
+                const unsigned char *input, size_t len,
+                unsigned char *output );
+
+/**
+ * \brief            The PKCS#12 derivation function uses a password and a salt
+ *                   to produce pseudo-random bits for a particular "purpose".
+ *
+ *                   Depending on the given id, this function can produce an
+ *                   encryption/decryption key, an nitialization vector or an
+ *                   integrity key.
+ *
+ * \param data       buffer to store the derived data in
+ * \param datalen    length to fill
+ * \param pwd        password to use (may be NULL if no password is used)
+ * \param pwdlen     length of the password (may be 0)
+ * \param salt       salt buffer to use
+ * \param saltlen    length of the salt
+ * \param mbedtls_md         mbedtls_md type to use during the derivation
+ * \param id         id that describes the purpose (can be MBEDTLS_PKCS12_DERIVE_KEY,
+ *                   MBEDTLS_PKCS12_DERIVE_IV or MBEDTLS_PKCS12_DERIVE_MAC_KEY)
+ * \param iterations number of iterations
+ *
+ * \return          0 if successful, or a MD, BIGNUM type error.
+ */
+int mbedtls_pkcs12_derivation( unsigned char *data, size_t datalen,
+                       const unsigned char *pwd, size_t pwdlen,
+                       const unsigned char *salt, size_t saltlen,
+                       mbedtls_md_type_t mbedtls_md, int id, int iterations );
+
+#ifdef __cplusplus
+}
+#endif
+
+#endif /* pkcs12.h */
diff --git a/client/3rd/ShadowSocks/ShadowSocks/mbedtls/include/pkcs5.h b/client/3rd/ShadowSocks/ShadowSocks/mbedtls/include/pkcs5.h
new file mode 100644
index 00000000..ec5cb9e7
--- /dev/null
+++ b/client/3rd/ShadowSocks/ShadowSocks/mbedtls/include/pkcs5.h
@@ -0,0 +1,94 @@
+/**
+ * \file pkcs5.h
+ *
+ * \brief PKCS#5 functions
+ *
+ * \author Mathias Olsson <mathias@kompetensum.com>
+ *
+ *  Copyright (C) 2006-2015, ARM Limited, All Rights Reserved
+ *  SPDX-License-Identifier: Apache-2.0
+ *
+ *  Licensed under the Apache License, Version 2.0 (the "License"); you may
+ *  not use this file except in compliance with the License.
+ *  You may obtain a copy of the License at
+ *
+ *  http://www.apache.org/licenses/LICENSE-2.0
+ *
+ *  Unless required by applicable law or agreed to in writing, software
+ *  distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
+ *  WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ *  See the License for the specific language governing permissions and
+ *  limitations under the License.
+ *
+ *  This file is part of mbed TLS (https://tls.mbed.org)
+ */
+#ifndef MBEDTLS_PKCS5_H
+#define MBEDTLS_PKCS5_H
+
+#include "asn1.h"
+#include "md.h"
+
+#include <stddef.h>
+#include <stdint.h>
+
+#define MBEDTLS_ERR_PKCS5_BAD_INPUT_DATA                  -0x2f80  /**< Bad input parameters to function. */
+#define MBEDTLS_ERR_PKCS5_INVALID_FORMAT                  -0x2f00  /**< Unexpected ASN.1 data. */
+#define MBEDTLS_ERR_PKCS5_FEATURE_UNAVAILABLE             -0x2e80  /**< Requested encryption or digest alg not available. */
+#define MBEDTLS_ERR_PKCS5_PASSWORD_MISMATCH               -0x2e00  /**< Given private key password does not allow for correct decryption. */
+
+#define MBEDTLS_PKCS5_DECRYPT      0
+#define MBEDTLS_PKCS5_ENCRYPT      1
+
+#ifdef __cplusplus
+extern "C" {
+#endif
+
+/**
+ * \brief          PKCS#5 PBES2 function
+ *
+ * \param pbe_params the ASN.1 algorithm parameters
+ * \param mode       either MBEDTLS_PKCS5_DECRYPT or MBEDTLS_PKCS5_ENCRYPT
+ * \param pwd        password to use when generating key
+ * \param pwdlen     length of password
+ * \param data       data to process
+ * \param datalen    length of data
+ * \param output     output buffer
+ *
+ * \returns        0 on success, or a MBEDTLS_ERR_XXX code if verification fails.
+ */
+int mbedtls_pkcs5_pbes2( const mbedtls_asn1_buf *pbe_params, int mode,
+                 const unsigned char *pwd,  size_t pwdlen,
+                 const unsigned char *data, size_t datalen,
+                 unsigned char *output );
+
+/**
+ * \brief          PKCS#5 PBKDF2 using HMAC
+ *
+ * \param ctx      Generic HMAC context
+ * \param password Password to use when generating key
+ * \param plen     Length of password
+ * \param salt     Salt to use when generating key
+ * \param slen     Length of salt
+ * \param iteration_count       Iteration count
+ * \param key_length            Length of generated key in bytes
+ * \param output   Generated key. Must be at least as big as key_length
+ *
+ * \returns        0 on success, or a MBEDTLS_ERR_XXX code if verification fails.
+ */
+int mbedtls_pkcs5_pbkdf2_hmac( mbedtls_md_context_t *ctx, const unsigned char *password,
+                       size_t plen, const unsigned char *salt, size_t slen,
+                       unsigned int iteration_count,
+                       uint32_t key_length, unsigned char *output );
+
+/**
+ * \brief          Checkup routine
+ *
+ * \return         0 if successful, or 1 if the test failed
+ */
+int mbedtls_pkcs5_self_test( int verbose );
+
+#ifdef __cplusplus
+}
+#endif
+
+#endif /* pkcs5.h */
diff --git a/client/3rd/ShadowSocks/ShadowSocks/mbedtls/include/platform.h b/client/3rd/ShadowSocks/ShadowSocks/mbedtls/include/platform.h
new file mode 100644
index 00000000..f71f1b64
--- /dev/null
+++ b/client/3rd/ShadowSocks/ShadowSocks/mbedtls/include/platform.h
@@ -0,0 +1,214 @@
+/**
+ * \file platform.h
+ *
+ * \brief mbed TLS Platform abstraction layer
+ *
+ *  Copyright (C) 2006-2015, ARM Limited, All Rights Reserved
+ *  SPDX-License-Identifier: Apache-2.0
+ *
+ *  Licensed under the Apache License, Version 2.0 (the "License"); you may
+ *  not use this file except in compliance with the License.
+ *  You may obtain a copy of the License at
+ *
+ *  http://www.apache.org/licenses/LICENSE-2.0
+ *
+ *  Unless required by applicable law or agreed to in writing, software
+ *  distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
+ *  WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ *  See the License for the specific language governing permissions and
+ *  limitations under the License.
+ *
+ *  This file is part of mbed TLS (https://tls.mbed.org)
+ */
+#ifndef MBEDTLS_PLATFORM_H
+#define MBEDTLS_PLATFORM_H
+
+#if !defined(MBEDTLS_CONFIG_FILE)
+#include "config.h"
+#else
+#include MBEDTLS_CONFIG_FILE
+#endif
+
+#ifdef __cplusplus
+extern "C" {
+#endif
+
+/**
+ * \name SECTION: Module settings
+ *
+ * The configuration options you can set for this module are in this section.
+ * Either change them in config.h or define them on the compiler command line.
+ * \{
+ */
+
+#if !defined(MBEDTLS_PLATFORM_NO_STD_FUNCTIONS)
+#include <stdio.h>
+#include <stdlib.h>
+#if !defined(MBEDTLS_PLATFORM_STD_SNPRINTF)
+#if defined(_WIN32)
+#define MBEDTLS_PLATFORM_STD_SNPRINTF   mbedtls_platform_win32_snprintf /**< Default snprintf to use  */
+#else
+#define MBEDTLS_PLATFORM_STD_SNPRINTF   snprintf /**< Default snprintf to use  */
+#endif
+#endif
+#if !defined(MBEDTLS_PLATFORM_STD_PRINTF)
+#define MBEDTLS_PLATFORM_STD_PRINTF   printf /**< Default printf to use  */
+#endif
+#if !defined(MBEDTLS_PLATFORM_STD_FPRINTF)
+#define MBEDTLS_PLATFORM_STD_FPRINTF fprintf /**< Default fprintf to use */
+#endif
+#if !defined(MBEDTLS_PLATFORM_STD_CALLOC)
+#define MBEDTLS_PLATFORM_STD_CALLOC   calloc /**< Default allocator to use */
+#endif
+#if !defined(MBEDTLS_PLATFORM_STD_FREE)
+#define MBEDTLS_PLATFORM_STD_FREE       free /**< Default free to use */
+#endif
+#if !defined(MBEDTLS_PLATFORM_STD_EXIT)
+#define MBEDTLS_PLATFORM_STD_EXIT      exit /**< Default free to use */
+#endif
+#else /* MBEDTLS_PLATFORM_NO_STD_FUNCTIONS */
+#if defined(MBEDTLS_PLATFORM_STD_MEM_HDR)
+#include MBEDTLS_PLATFORM_STD_MEM_HDR
+#endif
+#endif /* MBEDTLS_PLATFORM_NO_STD_FUNCTIONS */
+
+/* \} name SECTION: Module settings */
+
+/*
+ * The function pointers for calloc and free
+ */
+#if defined(MBEDTLS_PLATFORM_MEMORY)
+#if defined(MBEDTLS_PLATFORM_FREE_MACRO) && \
+    defined(MBEDTLS_PLATFORM_CALLOC_MACRO)
+#define mbedtls_free       MBEDTLS_PLATFORM_FREE_MACRO
+#define mbedtls_calloc     MBEDTLS_PLATFORM_CALLOC_MACRO
+#else
+/* For size_t */
+#include <stddef.h>
+extern void * (*mbedtls_calloc)( size_t n, size_t size );
+extern void (*mbedtls_free)( void *ptr );
+
+/**
+ * \brief   Set your own memory implementation function pointers
+ *
+ * \param calloc_func   the calloc function implementation
+ * \param free_func     the free function implementation
+ *
+ * \return              0 if successful
+ */
+int mbedtls_platform_set_calloc_free( void * (*calloc_func)( size_t, size_t ),
+                              void (*free_func)( void * ) );
+#endif /* MBEDTLS_PLATFORM_FREE_MACRO && MBEDTLS_PLATFORM_CALLOC_MACRO */
+#else /* !MBEDTLS_PLATFORM_MEMORY */
+#define mbedtls_free       free
+#define mbedtls_calloc     calloc
+#endif /* MBEDTLS_PLATFORM_MEMORY && !MBEDTLS_PLATFORM_{FREE,CALLOC}_MACRO */
+
+/*
+ * The function pointers for fprintf
+ */
+#if defined(MBEDTLS_PLATFORM_FPRINTF_ALT)
+/* We need FILE * */
+#include <stdio.h>
+extern int (*mbedtls_fprintf)( FILE *stream, const char *format, ... );
+
+/**
+ * \brief   Set your own fprintf function pointer
+ *
+ * \param fprintf_func   the fprintf function implementation
+ *
+ * \return              0
+ */
+int mbedtls_platform_set_fprintf( int (*fprintf_func)( FILE *stream, const char *,
+                                               ... ) );
+#else
+#if defined(MBEDTLS_PLATFORM_FPRINTF_MACRO)
+#define mbedtls_fprintf    MBEDTLS_PLATFORM_FPRINTF_MACRO
+#else
+#define mbedtls_fprintf    fprintf
+#endif /* MBEDTLS_PLATFORM_FPRINTF_MACRO */
+#endif /* MBEDTLS_PLATFORM_FPRINTF_ALT */
+
+/*
+ * The function pointers for printf
+ */
+#if defined(MBEDTLS_PLATFORM_PRINTF_ALT)
+extern int (*mbedtls_printf)( const char *format, ... );
+
+/**
+ * \brief   Set your own printf function pointer
+ *
+ * \param printf_func   the printf function implementation
+ *
+ * \return              0
+ */
+int mbedtls_platform_set_printf( int (*printf_func)( const char *, ... ) );
+#else /* !MBEDTLS_PLATFORM_PRINTF_ALT */
+#if defined(MBEDTLS_PLATFORM_PRINTF_MACRO)
+#define mbedtls_printf     MBEDTLS_PLATFORM_PRINTF_MACRO
+#else
+#define mbedtls_printf     printf
+#endif /* MBEDTLS_PLATFORM_PRINTF_MACRO */
+#endif /* MBEDTLS_PLATFORM_PRINTF_ALT */
+
+/*
+ * The function pointers for snprintf
+ *
+ * The snprintf implementation should conform to C99:
+ * - it *must* always correctly zero-terminate the buffer
+ *   (except when n == 0, then it must leave the buffer untouched)
+ * - however it is acceptable to return -1 instead of the required length when
+ *   the destination buffer is too short.
+ */
+#if defined(_WIN32)
+/* For Windows (inc. MSYS2), we provide our own fixed implementation */
+int mbedtls_platform_win32_snprintf( char *s, size_t n, const char *fmt, ... );
+#endif
+
+#if defined(MBEDTLS_PLATFORM_SNPRINTF_ALT)
+extern int (*mbedtls_snprintf)( char * s, size_t n, const char * format, ... );
+
+/**
+ * \brief   Set your own snprintf function pointer
+ *
+ * \param snprintf_func   the snprintf function implementation
+ *
+ * \return              0
+ */
+int mbedtls_platform_set_snprintf( int (*snprintf_func)( char * s, size_t n,
+                                                 const char * format, ... ) );
+#else /* MBEDTLS_PLATFORM_SNPRINTF_ALT */
+#if defined(MBEDTLS_PLATFORM_SNPRINTF_MACRO)
+#define mbedtls_snprintf   MBEDTLS_PLATFORM_SNPRINTF_MACRO
+#else
+#define mbedtls_snprintf   snprintf
+#endif /* MBEDTLS_PLATFORM_SNPRINTF_MACRO */
+#endif /* MBEDTLS_PLATFORM_SNPRINTF_ALT */
+
+/*
+ * The function pointers for exit
+ */
+#if defined(MBEDTLS_PLATFORM_EXIT_ALT)
+extern void (*mbedtls_exit)( int status );
+
+/**
+ * \brief   Set your own exit function pointer
+ *
+ * \param exit_func   the exit function implementation
+ *
+ * \return              0
+ */
+int mbedtls_platform_set_exit( void (*exit_func)( int status ) );
+#else
+#if defined(MBEDTLS_PLATFORM_EXIT_MACRO)
+#define mbedtls_exit   MBEDTLS_PLATFORM_EXIT_MACRO
+#else
+#define mbedtls_exit   exit
+#endif /* MBEDTLS_PLATFORM_EXIT_MACRO */
+#endif /* MBEDTLS_PLATFORM_EXIT_ALT */
+
+#ifdef __cplusplus
+}
+#endif
+
+#endif /* platform.h */
diff --git a/client/3rd/ShadowSocks/ShadowSocks/mbedtls/include/ripemd160.h b/client/3rd/ShadowSocks/ShadowSocks/mbedtls/include/ripemd160.h
new file mode 100644
index 00000000..a92d3844
--- /dev/null
+++ b/client/3rd/ShadowSocks/ShadowSocks/mbedtls/include/ripemd160.h
@@ -0,0 +1,138 @@
+/**
+ * \file mbedtls_ripemd160.h
+ *
+ * \brief RIPE MD-160 message digest
+ *
+ *  Copyright (C) 2006-2015, ARM Limited, All Rights Reserved
+ *  SPDX-License-Identifier: Apache-2.0
+ *
+ *  Licensed under the Apache License, Version 2.0 (the "License"); you may
+ *  not use this file except in compliance with the License.
+ *  You may obtain a copy of the License at
+ *
+ *  http://www.apache.org/licenses/LICENSE-2.0
+ *
+ *  Unless required by applicable law or agreed to in writing, software
+ *  distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
+ *  WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ *  See the License for the specific language governing permissions and
+ *  limitations under the License.
+ *
+ *  This file is part of mbed TLS (https://tls.mbed.org)
+ */
+#ifndef MBEDTLS_RIPEMD160_H
+#define MBEDTLS_RIPEMD160_H
+
+#if !defined(MBEDTLS_CONFIG_FILE)
+#include "config.h"
+#else
+#include MBEDTLS_CONFIG_FILE
+#endif
+
+#include <stddef.h>
+#include <stdint.h>
+
+#if !defined(MBEDTLS_RIPEMD160_ALT)
+// Regular implementation
+//
+
+#ifdef __cplusplus
+extern "C" {
+#endif
+
+/**
+ * \brief          RIPEMD-160 context structure
+ */
+typedef struct
+{
+    uint32_t total[2];          /*!< number of bytes processed  */
+    uint32_t state[5];          /*!< intermediate digest state  */
+    unsigned char buffer[64];   /*!< data block being processed */
+}
+mbedtls_ripemd160_context;
+
+/**
+ * \brief          Initialize RIPEMD-160 context
+ *
+ * \param ctx      RIPEMD-160 context to be initialized
+ */
+void mbedtls_ripemd160_init( mbedtls_ripemd160_context *ctx );
+
+/**
+ * \brief          Clear RIPEMD-160 context
+ *
+ * \param ctx      RIPEMD-160 context to be cleared
+ */
+void mbedtls_ripemd160_free( mbedtls_ripemd160_context *ctx );
+
+/**
+ * \brief          Clone (the state of) an RIPEMD-160 context
+ *
+ * \param dst      The destination context
+ * \param src      The context to be cloned
+ */
+void mbedtls_ripemd160_clone( mbedtls_ripemd160_context *dst,
+                        const mbedtls_ripemd160_context *src );
+
+/**
+ * \brief          RIPEMD-160 context setup
+ *
+ * \param ctx      context to be initialized
+ */
+void mbedtls_ripemd160_starts( mbedtls_ripemd160_context *ctx );
+
+/**
+ * \brief          RIPEMD-160 process buffer
+ *
+ * \param ctx      RIPEMD-160 context
+ * \param input    buffer holding the  data
+ * \param ilen     length of the input data
+ */
+void mbedtls_ripemd160_update( mbedtls_ripemd160_context *ctx,
+                       const unsigned char *input, size_t ilen );
+
+/**
+ * \brief          RIPEMD-160 final digest
+ *
+ * \param ctx      RIPEMD-160 context
+ * \param output   RIPEMD-160 checksum result
+ */
+void mbedtls_ripemd160_finish( mbedtls_ripemd160_context *ctx, unsigned char output[20] );
+
+/* Internal use */
+void mbedtls_ripemd160_process( mbedtls_ripemd160_context *ctx, const unsigned char data[64] );
+
+#ifdef __cplusplus
+}
+#endif
+
+#else  /* MBEDTLS_RIPEMD160_ALT */
+#include "ripemd160.h"
+#endif /* MBEDTLS_RIPEMD160_ALT */
+
+#ifdef __cplusplus
+extern "C" {
+#endif
+
+/**
+ * \brief          Output = RIPEMD-160( input buffer )
+ *
+ * \param input    buffer holding the  data
+ * \param ilen     length of the input data
+ * \param output   RIPEMD-160 checksum result
+ */
+void mbedtls_ripemd160( const unsigned char *input, size_t ilen,
+                unsigned char output[20] );
+
+/**
+ * \brief          Checkup routine
+ *
+ * \return         0 if successful, or 1 if the test failed
+ */
+int mbedtls_ripemd160_self_test( int verbose );
+
+#ifdef __cplusplus
+}
+#endif
+
+#endif /* mbedtls_ripemd160.h */
diff --git a/client/3rd/ShadowSocks/ShadowSocks/mbedtls/include/rsa.h b/client/3rd/ShadowSocks/ShadowSocks/mbedtls/include/rsa.h
new file mode 100644
index 00000000..9c8645df
--- /dev/null
+++ b/client/3rd/ShadowSocks/ShadowSocks/mbedtls/include/rsa.h
@@ -0,0 +1,652 @@
+/**
+ * \file rsa.h
+ *
+ * \brief The RSA public-key cryptosystem
+ *
+ *  Copyright (C) 2006-2015, ARM Limited, All Rights Reserved
+ *  SPDX-License-Identifier: Apache-2.0
+ *
+ *  Licensed under the Apache License, Version 2.0 (the "License"); you may
+ *  not use this file except in compliance with the License.
+ *  You may obtain a copy of the License at
+ *
+ *  http://www.apache.org/licenses/LICENSE-2.0
+ *
+ *  Unless required by applicable law or agreed to in writing, software
+ *  distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
+ *  WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ *  See the License for the specific language governing permissions and
+ *  limitations under the License.
+ *
+ *  This file is part of mbed TLS (https://tls.mbed.org)
+ */
+#ifndef MBEDTLS_RSA_H
+#define MBEDTLS_RSA_H
+
+#if !defined(MBEDTLS_CONFIG_FILE)
+#include "config.h"
+#else
+#include MBEDTLS_CONFIG_FILE
+#endif
+
+#include "bignum.h"
+#include "md.h"
+
+#if defined(MBEDTLS_THREADING_C)
+#include "threading.h"
+#endif
+
+/*
+ * RSA Error codes
+ */
+#define MBEDTLS_ERR_RSA_BAD_INPUT_DATA                    -0x4080  /**< Bad input parameters to function. */
+#define MBEDTLS_ERR_RSA_INVALID_PADDING                   -0x4100  /**< Input data contains invalid padding and is rejected. */
+#define MBEDTLS_ERR_RSA_KEY_GEN_FAILED                    -0x4180  /**< Something failed during generation of a key. */
+#define MBEDTLS_ERR_RSA_KEY_CHECK_FAILED                  -0x4200  /**< Key failed to pass the library's validity check. */
+#define MBEDTLS_ERR_RSA_PUBLIC_FAILED                     -0x4280  /**< The public key operation failed. */
+#define MBEDTLS_ERR_RSA_PRIVATE_FAILED                    -0x4300  /**< The private key operation failed. */
+#define MBEDTLS_ERR_RSA_VERIFY_FAILED                     -0x4380  /**< The PKCS#1 verification failed. */
+#define MBEDTLS_ERR_RSA_OUTPUT_TOO_LARGE                  -0x4400  /**< The output buffer for decryption is not large enough. */
+#define MBEDTLS_ERR_RSA_RNG_FAILED                        -0x4480  /**< The random generator failed to generate non-zeros. */
+
+/*
+ * RSA constants
+ */
+#define MBEDTLS_RSA_PUBLIC      0
+#define MBEDTLS_RSA_PRIVATE     1
+
+#define MBEDTLS_RSA_PKCS_V15    0
+#define MBEDTLS_RSA_PKCS_V21    1
+
+#define MBEDTLS_RSA_SIGN        1
+#define MBEDTLS_RSA_CRYPT       2
+
+#define MBEDTLS_RSA_SALT_LEN_ANY    -1
+
+/*
+ * The above constants may be used even if the RSA module is compile out,
+ * eg for alternative (PKCS#11) RSA implemenations in the PK layers.
+ */
+#if defined(MBEDTLS_RSA_C)
+
+#ifdef __cplusplus
+extern "C" {
+#endif
+
+/**
+ * \brief          RSA context structure
+ */
+typedef struct
+{
+    int ver;                    /*!<  always 0          */
+    size_t len;                 /*!<  size(N) in chars  */
+
+    mbedtls_mpi N;                      /*!<  public modulus    */
+    mbedtls_mpi E;                      /*!<  public exponent   */
+
+    mbedtls_mpi D;                      /*!<  private exponent  */
+    mbedtls_mpi P;                      /*!<  1st prime factor  */
+    mbedtls_mpi Q;                      /*!<  2nd prime factor  */
+    mbedtls_mpi DP;                     /*!<  D % (P - 1)       */
+    mbedtls_mpi DQ;                     /*!<  D % (Q - 1)       */
+    mbedtls_mpi QP;                     /*!<  1 / (Q % P)       */
+
+    mbedtls_mpi RN;                     /*!<  cached R^2 mod N  */
+    mbedtls_mpi RP;                     /*!<  cached R^2 mod P  */
+    mbedtls_mpi RQ;                     /*!<  cached R^2 mod Q  */
+
+    mbedtls_mpi Vi;                     /*!<  cached blinding value     */
+    mbedtls_mpi Vf;                     /*!<  cached un-blinding value  */
+
+    int padding;                /*!<  MBEDTLS_RSA_PKCS_V15 for 1.5 padding and
+                                      RSA_PKCS_v21 for OAEP/PSS         */
+    int hash_id;                /*!<  Hash identifier of mbedtls_md_type_t as
+                                      specified in the mbedtls_md.h header file
+                                      for the EME-OAEP and EMSA-PSS
+                                      encoding                          */
+#if defined(MBEDTLS_THREADING_C)
+    mbedtls_threading_mutex_t mutex;    /*!<  Thread-safety mutex       */
+#endif
+}
+mbedtls_rsa_context;
+
+/**
+ * \brief          Initialize an RSA context
+ *
+ *                 Note: Set padding to MBEDTLS_RSA_PKCS_V21 for the RSAES-OAEP
+ *                 encryption scheme and the RSASSA-PSS signature scheme.
+ *
+ * \param ctx      RSA context to be initialized
+ * \param padding  MBEDTLS_RSA_PKCS_V15 or MBEDTLS_RSA_PKCS_V21
+ * \param hash_id  MBEDTLS_RSA_PKCS_V21 hash identifier
+ *
+ * \note           The hash_id parameter is actually ignored
+ *                 when using MBEDTLS_RSA_PKCS_V15 padding.
+ *
+ * \note           Choice of padding mode is strictly enforced for private key
+ *                 operations, since there might be security concerns in
+ *                 mixing padding modes. For public key operations it's merely
+ *                 a default value, which can be overriden by calling specific
+ *                 rsa_rsaes_xxx or rsa_rsassa_xxx functions.
+ *
+ * \note           The chosen hash is always used for OEAP encryption.
+ *                 For PSS signatures, it's always used for making signatures,
+ *                 but can be overriden (and always is, if set to
+ *                 MBEDTLS_MD_NONE) for verifying them.
+ */
+void mbedtls_rsa_init( mbedtls_rsa_context *ctx,
+               int padding,
+               int hash_id);
+
+/**
+ * \brief          Set padding for an already initialized RSA context
+ *                 See \c mbedtls_rsa_init() for details.
+ *
+ * \param ctx      RSA context to be set
+ * \param padding  MBEDTLS_RSA_PKCS_V15 or MBEDTLS_RSA_PKCS_V21
+ * \param hash_id  MBEDTLS_RSA_PKCS_V21 hash identifier
+ */
+void mbedtls_rsa_set_padding( mbedtls_rsa_context *ctx, int padding, int hash_id);
+
+/**
+ * \brief          Generate an RSA keypair
+ *
+ * \param ctx      RSA context that will hold the key
+ * \param f_rng    RNG function
+ * \param p_rng    RNG parameter
+ * \param nbits    size of the public key in bits
+ * \param exponent public exponent (e.g., 65537)
+ *
+ * \note           mbedtls_rsa_init() must be called beforehand to setup
+ *                 the RSA context.
+ *
+ * \return         0 if successful, or an MBEDTLS_ERR_RSA_XXX error code
+ */
+int mbedtls_rsa_gen_key( mbedtls_rsa_context *ctx,
+                 int (*f_rng)(void *, unsigned char *, size_t),
+                 void *p_rng,
+                 unsigned int nbits, int exponent );
+
+/**
+ * \brief          Check a public RSA key
+ *
+ * \param ctx      RSA context to be checked
+ *
+ * \return         0 if successful, or an MBEDTLS_ERR_RSA_XXX error code
+ */
+int mbedtls_rsa_check_pubkey( const mbedtls_rsa_context *ctx );
+
+/**
+ * \brief          Check a private RSA key
+ *
+ * \param ctx      RSA context to be checked
+ *
+ * \return         0 if successful, or an MBEDTLS_ERR_RSA_XXX error code
+ */
+int mbedtls_rsa_check_privkey( const mbedtls_rsa_context *ctx );
+
+/**
+ * \brief          Check a public-private RSA key pair.
+ *                 Check each of the contexts, and make sure they match.
+ *
+ * \param pub      RSA context holding the public key
+ * \param prv      RSA context holding the private key
+ *
+ * \return         0 if successful, or an MBEDTLS_ERR_RSA_XXX error code
+ */
+int mbedtls_rsa_check_pub_priv( const mbedtls_rsa_context *pub, const mbedtls_rsa_context *prv );
+
+/**
+ * \brief          Do an RSA public key operation
+ *
+ * \param ctx      RSA context
+ * \param input    input buffer
+ * \param output   output buffer
+ *
+ * \return         0 if successful, or an MBEDTLS_ERR_RSA_XXX error code
+ *
+ * \note           This function does NOT take care of message
+ *                 padding. Also, be sure to set input[0] = 0 or assure that
+ *                 input is smaller than N.
+ *
+ * \note           The input and output buffers must be large
+ *                 enough (eg. 128 bytes if RSA-1024 is used).
+ */
+int mbedtls_rsa_public( mbedtls_rsa_context *ctx,
+                const unsigned char *input,
+                unsigned char *output );
+
+/**
+ * \brief          Do an RSA private key operation
+ *
+ * \param ctx      RSA context
+ * \param f_rng    RNG function (Needed for blinding)
+ * \param p_rng    RNG parameter
+ * \param input    input buffer
+ * \param output   output buffer
+ *
+ * \return         0 if successful, or an MBEDTLS_ERR_RSA_XXX error code
+ *
+ * \note           The input and output buffers must be large
+ *                 enough (eg. 128 bytes if RSA-1024 is used).
+ */
+int mbedtls_rsa_private( mbedtls_rsa_context *ctx,
+                 int (*f_rng)(void *, unsigned char *, size_t),
+                 void *p_rng,
+                 const unsigned char *input,
+                 unsigned char *output );
+
+/**
+ * \brief          Generic wrapper to perform a PKCS#1 encryption using the
+ *                 mode from the context. Add the message padding, then do an
+ *                 RSA operation.
+ *
+ * \param ctx      RSA context
+ * \param f_rng    RNG function (Needed for padding and PKCS#1 v2.1 encoding
+ *                               and MBEDTLS_RSA_PRIVATE)
+ * \param p_rng    RNG parameter
+ * \param mode     MBEDTLS_RSA_PUBLIC or MBEDTLS_RSA_PRIVATE
+ * \param ilen     contains the plaintext length
+ * \param input    buffer holding the data to be encrypted
+ * \param output   buffer that will hold the ciphertext
+ *
+ * \return         0 if successful, or an MBEDTLS_ERR_RSA_XXX error code
+ *
+ * \note           The output buffer must be as large as the size
+ *                 of ctx->N (eg. 128 bytes if RSA-1024 is used).
+ */
+int mbedtls_rsa_pkcs1_encrypt( mbedtls_rsa_context *ctx,
+                       int (*f_rng)(void *, unsigned char *, size_t),
+                       void *p_rng,
+                       int mode, size_t ilen,
+                       const unsigned char *input,
+                       unsigned char *output );
+
+/**
+ * \brief          Perform a PKCS#1 v1.5 encryption (RSAES-PKCS1-v1_5-ENCRYPT)
+ *
+ * \param ctx      RSA context
+ * \param f_rng    RNG function (Needed for padding and MBEDTLS_RSA_PRIVATE)
+ * \param p_rng    RNG parameter
+ * \param mode     MBEDTLS_RSA_PUBLIC or MBEDTLS_RSA_PRIVATE
+ * \param ilen     contains the plaintext length
+ * \param input    buffer holding the data to be encrypted
+ * \param output   buffer that will hold the ciphertext
+ *
+ * \return         0 if successful, or an MBEDTLS_ERR_RSA_XXX error code
+ *
+ * \note           The output buffer must be as large as the size
+ *                 of ctx->N (eg. 128 bytes if RSA-1024 is used).
+ */
+int mbedtls_rsa_rsaes_pkcs1_v15_encrypt( mbedtls_rsa_context *ctx,
+                                 int (*f_rng)(void *, unsigned char *, size_t),
+                                 void *p_rng,
+                                 int mode, size_t ilen,
+                                 const unsigned char *input,
+                                 unsigned char *output );
+
+/**
+ * \brief          Perform a PKCS#1 v2.1 OAEP encryption (RSAES-OAEP-ENCRYPT)
+ *
+ * \param ctx      RSA context
+ * \param f_rng    RNG function (Needed for padding and PKCS#1 v2.1 encoding
+ *                               and MBEDTLS_RSA_PRIVATE)
+ * \param p_rng    RNG parameter
+ * \param mode     MBEDTLS_RSA_PUBLIC or MBEDTLS_RSA_PRIVATE
+ * \param label    buffer holding the custom label to use
+ * \param label_len contains the label length
+ * \param ilen     contains the plaintext length
+ * \param input    buffer holding the data to be encrypted
+ * \param output   buffer that will hold the ciphertext
+ *
+ * \return         0 if successful, or an MBEDTLS_ERR_RSA_XXX error code
+ *
+ * \note           The output buffer must be as large as the size
+ *                 of ctx->N (eg. 128 bytes if RSA-1024 is used).
+ */
+int mbedtls_rsa_rsaes_oaep_encrypt( mbedtls_rsa_context *ctx,
+                            int (*f_rng)(void *, unsigned char *, size_t),
+                            void *p_rng,
+                            int mode,
+                            const unsigned char *label, size_t label_len,
+                            size_t ilen,
+                            const unsigned char *input,
+                            unsigned char *output );
+
+/**
+ * \brief          Generic wrapper to perform a PKCS#1 decryption using the
+ *                 mode from the context. Do an RSA operation, then remove
+ *                 the message padding
+ *
+ * \param ctx      RSA context
+ * \param f_rng    RNG function (Only needed for MBEDTLS_RSA_PRIVATE)
+ * \param p_rng    RNG parameter
+ * \param mode     MBEDTLS_RSA_PUBLIC or MBEDTLS_RSA_PRIVATE
+ * \param olen     will contain the plaintext length
+ * \param input    buffer holding the encrypted data
+ * \param output   buffer that will hold the plaintext
+ * \param output_max_len    maximum length of the output buffer
+ *
+ * \return         0 if successful, or an MBEDTLS_ERR_RSA_XXX error code
+ *
+ * \note           The output buffer must be as large as the size
+ *                 of ctx->N (eg. 128 bytes if RSA-1024 is used) otherwise
+ *                 an error is thrown.
+ */
+int mbedtls_rsa_pkcs1_decrypt( mbedtls_rsa_context *ctx,
+                       int (*f_rng)(void *, unsigned char *, size_t),
+                       void *p_rng,
+                       int mode, size_t *olen,
+                       const unsigned char *input,
+                       unsigned char *output,
+                       size_t output_max_len );
+
+/**
+ * \brief          Perform a PKCS#1 v1.5 decryption (RSAES-PKCS1-v1_5-DECRYPT)
+ *
+ * \param ctx      RSA context
+ * \param f_rng    RNG function (Only needed for MBEDTLS_RSA_PRIVATE)
+ * \param p_rng    RNG parameter
+ * \param mode     MBEDTLS_RSA_PUBLIC or MBEDTLS_RSA_PRIVATE
+ * \param olen     will contain the plaintext length
+ * \param input    buffer holding the encrypted data
+ * \param output   buffer that will hold the plaintext
+ * \param output_max_len    maximum length of the output buffer
+ *
+ * \return         0 if successful, or an MBEDTLS_ERR_RSA_XXX error code
+ *
+ * \note           The output buffer must be as large as the size
+ *                 of ctx->N (eg. 128 bytes if RSA-1024 is used) otherwise
+ *                 an error is thrown.
+ */
+int mbedtls_rsa_rsaes_pkcs1_v15_decrypt( mbedtls_rsa_context *ctx,
+                                 int (*f_rng)(void *, unsigned char *, size_t),
+                                 void *p_rng,
+                                 int mode, size_t *olen,
+                                 const unsigned char *input,
+                                 unsigned char *output,
+                                 size_t output_max_len );
+
+/**
+ * \brief          Perform a PKCS#1 v2.1 OAEP decryption (RSAES-OAEP-DECRYPT)
+ *
+ * \param ctx      RSA context
+ * \param f_rng    RNG function (Only needed for MBEDTLS_RSA_PRIVATE)
+ * \param p_rng    RNG parameter
+ * \param mode     MBEDTLS_RSA_PUBLIC or MBEDTLS_RSA_PRIVATE
+ * \param label    buffer holding the custom label to use
+ * \param label_len contains the label length
+ * \param olen     will contain the plaintext length
+ * \param input    buffer holding the encrypted data
+ * \param output   buffer that will hold the plaintext
+ * \param output_max_len    maximum length of the output buffer
+ *
+ * \return         0 if successful, or an MBEDTLS_ERR_RSA_XXX error code
+ *
+ * \note           The output buffer must be as large as the size
+ *                 of ctx->N (eg. 128 bytes if RSA-1024 is used) otherwise
+ *                 an error is thrown.
+ */
+int mbedtls_rsa_rsaes_oaep_decrypt( mbedtls_rsa_context *ctx,
+                            int (*f_rng)(void *, unsigned char *, size_t),
+                            void *p_rng,
+                            int mode,
+                            const unsigned char *label, size_t label_len,
+                            size_t *olen,
+                            const unsigned char *input,
+                            unsigned char *output,
+                            size_t output_max_len );
+
+/**
+ * \brief          Generic wrapper to perform a PKCS#1 signature using the
+ *                 mode from the context. Do a private RSA operation to sign
+ *                 a message digest
+ *
+ * \param ctx      RSA context
+ * \param f_rng    RNG function (Needed for PKCS#1 v2.1 encoding and for
+ *                               MBEDTLS_RSA_PRIVATE)
+ * \param p_rng    RNG parameter
+ * \param mode     MBEDTLS_RSA_PUBLIC or MBEDTLS_RSA_PRIVATE
+ * \param md_alg   a MBEDTLS_MD_XXX (use MBEDTLS_MD_NONE for signing raw data)
+ * \param hashlen  message digest length (for MBEDTLS_MD_NONE only)
+ * \param hash     buffer holding the message digest
+ * \param sig      buffer that will hold the ciphertext
+ *
+ * \return         0 if the signing operation was successful,
+ *                 or an MBEDTLS_ERR_RSA_XXX error code
+ *
+ * \note           The "sig" buffer must be as large as the size
+ *                 of ctx->N (eg. 128 bytes if RSA-1024 is used).
+ *
+ * \note           In case of PKCS#1 v2.1 encoding, see comments on
+ * \note           \c mbedtls_rsa_rsassa_pss_sign() for details on md_alg and hash_id.
+ */
+int mbedtls_rsa_pkcs1_sign( mbedtls_rsa_context *ctx,
+                    int (*f_rng)(void *, unsigned char *, size_t),
+                    void *p_rng,
+                    int mode,
+                    mbedtls_md_type_t md_alg,
+                    unsigned int hashlen,
+                    const unsigned char *hash,
+                    unsigned char *sig );
+
+/**
+ * \brief          Perform a PKCS#1 v1.5 signature (RSASSA-PKCS1-v1_5-SIGN)
+ *
+ * \param ctx      RSA context
+ * \param f_rng    RNG function (Only needed for MBEDTLS_RSA_PRIVATE)
+ * \param p_rng    RNG parameter
+ * \param mode     MBEDTLS_RSA_PUBLIC or MBEDTLS_RSA_PRIVATE
+ * \param md_alg   a MBEDTLS_MD_XXX (use MBEDTLS_MD_NONE for signing raw data)
+ * \param hashlen  message digest length (for MBEDTLS_MD_NONE only)
+ * \param hash     buffer holding the message digest
+ * \param sig      buffer that will hold the ciphertext
+ *
+ * \return         0 if the signing operation was successful,
+ *                 or an MBEDTLS_ERR_RSA_XXX error code
+ *
+ * \note           The "sig" buffer must be as large as the size
+ *                 of ctx->N (eg. 128 bytes if RSA-1024 is used).
+ */
+int mbedtls_rsa_rsassa_pkcs1_v15_sign( mbedtls_rsa_context *ctx,
+                               int (*f_rng)(void *, unsigned char *, size_t),
+                               void *p_rng,
+                               int mode,
+                               mbedtls_md_type_t md_alg,
+                               unsigned int hashlen,
+                               const unsigned char *hash,
+                               unsigned char *sig );
+
+/**
+ * \brief          Perform a PKCS#1 v2.1 PSS signature (RSASSA-PSS-SIGN)
+ *
+ * \param ctx      RSA context
+ * \param f_rng    RNG function (Needed for PKCS#1 v2.1 encoding and for
+ *                               MBEDTLS_RSA_PRIVATE)
+ * \param p_rng    RNG parameter
+ * \param mode     MBEDTLS_RSA_PUBLIC or MBEDTLS_RSA_PRIVATE
+ * \param md_alg   a MBEDTLS_MD_XXX (use MBEDTLS_MD_NONE for signing raw data)
+ * \param hashlen  message digest length (for MBEDTLS_MD_NONE only)
+ * \param hash     buffer holding the message digest
+ * \param sig      buffer that will hold the ciphertext
+ *
+ * \return         0 if the signing operation was successful,
+ *                 or an MBEDTLS_ERR_RSA_XXX error code
+ *
+ * \note           The "sig" buffer must be as large as the size
+ *                 of ctx->N (eg. 128 bytes if RSA-1024 is used).
+ *
+ * \note           The hash_id in the RSA context is the one used for the
+ *                 encoding. md_alg in the function call is the type of hash
+ *                 that is encoded. According to RFC 3447 it is advised to
+ *                 keep both hashes the same.
+ */
+int mbedtls_rsa_rsassa_pss_sign( mbedtls_rsa_context *ctx,
+                         int (*f_rng)(void *, unsigned char *, size_t),
+                         void *p_rng,
+                         int mode,
+                         mbedtls_md_type_t md_alg,
+                         unsigned int hashlen,
+                         const unsigned char *hash,
+                         unsigned char *sig );
+
+/**
+ * \brief          Generic wrapper to perform a PKCS#1 verification using the
+ *                 mode from the context. Do a public RSA operation and check
+ *                 the message digest
+ *
+ * \param ctx      points to an RSA public key
+ * \param f_rng    RNG function (Only needed for MBEDTLS_RSA_PRIVATE)
+ * \param p_rng    RNG parameter
+ * \param mode     MBEDTLS_RSA_PUBLIC or MBEDTLS_RSA_PRIVATE
+ * \param md_alg   a MBEDTLS_MD_XXX (use MBEDTLS_MD_NONE for signing raw data)
+ * \param hashlen  message digest length (for MBEDTLS_MD_NONE only)
+ * \param hash     buffer holding the message digest
+ * \param sig      buffer holding the ciphertext
+ *
+ * \return         0 if the verify operation was successful,
+ *                 or an MBEDTLS_ERR_RSA_XXX error code
+ *
+ * \note           The "sig" buffer must be as large as the size
+ *                 of ctx->N (eg. 128 bytes if RSA-1024 is used).
+ *
+ * \note           In case of PKCS#1 v2.1 encoding, see comments on
+ *                 \c mbedtls_rsa_rsassa_pss_verify() about md_alg and hash_id.
+ */
+int mbedtls_rsa_pkcs1_verify( mbedtls_rsa_context *ctx,
+                      int (*f_rng)(void *, unsigned char *, size_t),
+                      void *p_rng,
+                      int mode,
+                      mbedtls_md_type_t md_alg,
+                      unsigned int hashlen,
+                      const unsigned char *hash,
+                      const unsigned char *sig );
+
+/**
+ * \brief          Perform a PKCS#1 v1.5 verification (RSASSA-PKCS1-v1_5-VERIFY)
+ *
+ * \param ctx      points to an RSA public key
+ * \param f_rng    RNG function (Only needed for MBEDTLS_RSA_PRIVATE)
+ * \param p_rng    RNG parameter
+ * \param mode     MBEDTLS_RSA_PUBLIC or MBEDTLS_RSA_PRIVATE
+ * \param md_alg   a MBEDTLS_MD_XXX (use MBEDTLS_MD_NONE for signing raw data)
+ * \param hashlen  message digest length (for MBEDTLS_MD_NONE only)
+ * \param hash     buffer holding the message digest
+ * \param sig      buffer holding the ciphertext
+ *
+ * \return         0 if the verify operation was successful,
+ *                 or an MBEDTLS_ERR_RSA_XXX error code
+ *
+ * \note           The "sig" buffer must be as large as the size
+ *                 of ctx->N (eg. 128 bytes if RSA-1024 is used).
+ */
+int mbedtls_rsa_rsassa_pkcs1_v15_verify( mbedtls_rsa_context *ctx,
+                                 int (*f_rng)(void *, unsigned char *, size_t),
+                                 void *p_rng,
+                                 int mode,
+                                 mbedtls_md_type_t md_alg,
+                                 unsigned int hashlen,
+                                 const unsigned char *hash,
+                                 const unsigned char *sig );
+
+/**
+ * \brief          Perform a PKCS#1 v2.1 PSS verification (RSASSA-PSS-VERIFY)
+ *                 (This is the "simple" version.)
+ *
+ * \param ctx      points to an RSA public key
+ * \param f_rng    RNG function (Only needed for MBEDTLS_RSA_PRIVATE)
+ * \param p_rng    RNG parameter
+ * \param mode     MBEDTLS_RSA_PUBLIC or MBEDTLS_RSA_PRIVATE
+ * \param md_alg   a MBEDTLS_MD_XXX (use MBEDTLS_MD_NONE for signing raw data)
+ * \param hashlen  message digest length (for MBEDTLS_MD_NONE only)
+ * \param hash     buffer holding the message digest
+ * \param sig      buffer holding the ciphertext
+ *
+ * \return         0 if the verify operation was successful,
+ *                 or an MBEDTLS_ERR_RSA_XXX error code
+ *
+ * \note           The "sig" buffer must be as large as the size
+ *                 of ctx->N (eg. 128 bytes if RSA-1024 is used).
+ *
+ * \note           The hash_id in the RSA context is the one used for the
+ *                 verification. md_alg in the function call is the type of
+ *                 hash that is verified. According to RFC 3447 it is advised to
+ *                 keep both hashes the same. If hash_id in the RSA context is
+ *                 unset, the md_alg from the function call is used.
+ */
+int mbedtls_rsa_rsassa_pss_verify( mbedtls_rsa_context *ctx,
+                           int (*f_rng)(void *, unsigned char *, size_t),
+                           void *p_rng,
+                           int mode,
+                           mbedtls_md_type_t md_alg,
+                           unsigned int hashlen,
+                           const unsigned char *hash,
+                           const unsigned char *sig );
+
+/**
+ * \brief          Perform a PKCS#1 v2.1 PSS verification (RSASSA-PSS-VERIFY)
+ *                 (This is the version with "full" options.)
+ *
+ * \param ctx      points to an RSA public key
+ * \param f_rng    RNG function (Only needed for MBEDTLS_RSA_PRIVATE)
+ * \param p_rng    RNG parameter
+ * \param mode     MBEDTLS_RSA_PUBLIC or MBEDTLS_RSA_PRIVATE
+ * \param md_alg   a MBEDTLS_MD_XXX (use MBEDTLS_MD_NONE for signing raw data)
+ * \param hashlen  message digest length (for MBEDTLS_MD_NONE only)
+ * \param hash     buffer holding the message digest
+ * \param mgf1_hash_id message digest used for mask generation
+ * \param expected_salt_len Length of the salt used in padding, use
+ *                 MBEDTLS_RSA_SALT_LEN_ANY to accept any salt length
+ * \param sig      buffer holding the ciphertext
+ *
+ * \return         0 if the verify operation was successful,
+ *                 or an MBEDTLS_ERR_RSA_XXX error code
+ *
+ * \note           The "sig" buffer must be as large as the size
+ *                 of ctx->N (eg. 128 bytes if RSA-1024 is used).
+ *
+ * \note           The hash_id in the RSA context is ignored.
+ */
+int mbedtls_rsa_rsassa_pss_verify_ext( mbedtls_rsa_context *ctx,
+                               int (*f_rng)(void *, unsigned char *, size_t),
+                               void *p_rng,
+                               int mode,
+                               mbedtls_md_type_t md_alg,
+                               unsigned int hashlen,
+                               const unsigned char *hash,
+                               mbedtls_md_type_t mgf1_hash_id,
+                               int expected_salt_len,
+                               const unsigned char *sig );
+
+/**
+ * \brief          Copy the components of an RSA context
+ *
+ * \param dst      Destination context
+ * \param src      Source context
+ *
+ * \return         0 on success,
+ *                 MBEDTLS_ERR_MPI_ALLOC_FAILED on memory allocation failure
+ */
+int mbedtls_rsa_copy( mbedtls_rsa_context *dst, const mbedtls_rsa_context *src );
+
+/**
+ * \brief          Free the components of an RSA key
+ *
+ * \param ctx      RSA Context to free
+ */
+void mbedtls_rsa_free( mbedtls_rsa_context *ctx );
+
+/**
+ * \brief          Checkup routine
+ *
+ * \return         0 if successful, or 1 if the test failed
+ */
+int mbedtls_rsa_self_test( int verbose );
+
+#ifdef __cplusplus
+}
+#endif
+
+#endif /* MBEDTLS_RSA_C */
+
+#endif /* rsa.h */
diff --git a/client/3rd/ShadowSocks/ShadowSocks/mbedtls/include/sha1.h b/client/3rd/ShadowSocks/ShadowSocks/mbedtls/include/sha1.h
new file mode 100644
index 00000000..2b74d06d
--- /dev/null
+++ b/client/3rd/ShadowSocks/ShadowSocks/mbedtls/include/sha1.h
@@ -0,0 +1,136 @@
+/**
+ * \file mbedtls_sha1.h
+ *
+ * \brief SHA-1 cryptographic hash function
+ *
+ *  Copyright (C) 2006-2015, ARM Limited, All Rights Reserved
+ *  SPDX-License-Identifier: Apache-2.0
+ *
+ *  Licensed under the Apache License, Version 2.0 (the "License"); you may
+ *  not use this file except in compliance with the License.
+ *  You may obtain a copy of the License at
+ *
+ *  http://www.apache.org/licenses/LICENSE-2.0
+ *
+ *  Unless required by applicable law or agreed to in writing, software
+ *  distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
+ *  WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ *  See the License for the specific language governing permissions and
+ *  limitations under the License.
+ *
+ *  This file is part of mbed TLS (https://tls.mbed.org)
+ */
+#ifndef MBEDTLS_SHA1_H
+#define MBEDTLS_SHA1_H
+
+#if !defined(MBEDTLS_CONFIG_FILE)
+#include "config.h"
+#else
+#include MBEDTLS_CONFIG_FILE
+#endif
+
+#include <stddef.h>
+#include <stdint.h>
+
+#if !defined(MBEDTLS_SHA1_ALT)
+// Regular implementation
+//
+
+#ifdef __cplusplus
+extern "C" {
+#endif
+
+/**
+ * \brief          SHA-1 context structure
+ */
+typedef struct
+{
+    uint32_t total[2];          /*!< number of bytes processed  */
+    uint32_t state[5];          /*!< intermediate digest state  */
+    unsigned char buffer[64];   /*!< data block being processed */
+}
+mbedtls_sha1_context;
+
+/**
+ * \brief          Initialize SHA-1 context
+ *
+ * \param ctx      SHA-1 context to be initialized
+ */
+void mbedtls_sha1_init( mbedtls_sha1_context *ctx );
+
+/**
+ * \brief          Clear SHA-1 context
+ *
+ * \param ctx      SHA-1 context to be cleared
+ */
+void mbedtls_sha1_free( mbedtls_sha1_context *ctx );
+
+/**
+ * \brief          Clone (the state of) a SHA-1 context
+ *
+ * \param dst      The destination context
+ * \param src      The context to be cloned
+ */
+void mbedtls_sha1_clone( mbedtls_sha1_context *dst,
+                         const mbedtls_sha1_context *src );
+
+/**
+ * \brief          SHA-1 context setup
+ *
+ * \param ctx      context to be initialized
+ */
+void mbedtls_sha1_starts( mbedtls_sha1_context *ctx );
+
+/**
+ * \brief          SHA-1 process buffer
+ *
+ * \param ctx      SHA-1 context
+ * \param input    buffer holding the  data
+ * \param ilen     length of the input data
+ */
+void mbedtls_sha1_update( mbedtls_sha1_context *ctx, const unsigned char *input, size_t ilen );
+
+/**
+ * \brief          SHA-1 final digest
+ *
+ * \param ctx      SHA-1 context
+ * \param output   SHA-1 checksum result
+ */
+void mbedtls_sha1_finish( mbedtls_sha1_context *ctx, unsigned char output[20] );
+
+/* Internal use */
+void mbedtls_sha1_process( mbedtls_sha1_context *ctx, const unsigned char data[64] );
+
+#ifdef __cplusplus
+}
+#endif
+
+#else  /* MBEDTLS_SHA1_ALT */
+#include "sha1_alt.h"
+#endif /* MBEDTLS_SHA1_ALT */
+
+#ifdef __cplusplus
+extern "C" {
+#endif
+
+/**
+ * \brief          Output = SHA-1( input buffer )
+ *
+ * \param input    buffer holding the  data
+ * \param ilen     length of the input data
+ * \param output   SHA-1 checksum result
+ */
+void mbedtls_sha1( const unsigned char *input, size_t ilen, unsigned char output[20] );
+
+/**
+ * \brief          Checkup routine
+ *
+ * \return         0 if successful, or 1 if the test failed
+ */
+int mbedtls_sha1_self_test( int verbose );
+
+#ifdef __cplusplus
+}
+#endif
+
+#endif /* mbedtls_sha1.h */
diff --git a/client/3rd/ShadowSocks/ShadowSocks/mbedtls/include/sha256.h b/client/3rd/ShadowSocks/ShadowSocks/mbedtls/include/sha256.h
new file mode 100644
index 00000000..bc8b226e
--- /dev/null
+++ b/client/3rd/ShadowSocks/ShadowSocks/mbedtls/include/sha256.h
@@ -0,0 +1,141 @@
+/**
+ * \file mbedtls_sha256.h
+ *
+ * \brief SHA-224 and SHA-256 cryptographic hash function
+ *
+ *  Copyright (C) 2006-2015, ARM Limited, All Rights Reserved
+ *  SPDX-License-Identifier: Apache-2.0
+ *
+ *  Licensed under the Apache License, Version 2.0 (the "License"); you may
+ *  not use this file except in compliance with the License.
+ *  You may obtain a copy of the License at
+ *
+ *  http://www.apache.org/licenses/LICENSE-2.0
+ *
+ *  Unless required by applicable law or agreed to in writing, software
+ *  distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
+ *  WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ *  See the License for the specific language governing permissions and
+ *  limitations under the License.
+ *
+ *  This file is part of mbed TLS (https://tls.mbed.org)
+ */
+#ifndef MBEDTLS_SHA256_H
+#define MBEDTLS_SHA256_H
+
+#if !defined(MBEDTLS_CONFIG_FILE)
+#include "config.h"
+#else
+#include MBEDTLS_CONFIG_FILE
+#endif
+
+#include <stddef.h>
+#include <stdint.h>
+
+#if !defined(MBEDTLS_SHA256_ALT)
+// Regular implementation
+//
+
+#ifdef __cplusplus
+extern "C" {
+#endif
+
+/**
+ * \brief          SHA-256 context structure
+ */
+typedef struct
+{
+    uint32_t total[2];          /*!< number of bytes processed  */
+    uint32_t state[8];          /*!< intermediate digest state  */
+    unsigned char buffer[64];   /*!< data block being processed */
+    int is224;                  /*!< 0 => SHA-256, else SHA-224 */
+}
+mbedtls_sha256_context;
+
+/**
+ * \brief          Initialize SHA-256 context
+ *
+ * \param ctx      SHA-256 context to be initialized
+ */
+void mbedtls_sha256_init( mbedtls_sha256_context *ctx );
+
+/**
+ * \brief          Clear SHA-256 context
+ *
+ * \param ctx      SHA-256 context to be cleared
+ */
+void mbedtls_sha256_free( mbedtls_sha256_context *ctx );
+
+/**
+ * \brief          Clone (the state of) a SHA-256 context
+ *
+ * \param dst      The destination context
+ * \param src      The context to be cloned
+ */
+void mbedtls_sha256_clone( mbedtls_sha256_context *dst,
+                           const mbedtls_sha256_context *src );
+
+/**
+ * \brief          SHA-256 context setup
+ *
+ * \param ctx      context to be initialized
+ * \param is224    0 = use SHA256, 1 = use SHA224
+ */
+void mbedtls_sha256_starts( mbedtls_sha256_context *ctx, int is224 );
+
+/**
+ * \brief          SHA-256 process buffer
+ *
+ * \param ctx      SHA-256 context
+ * \param input    buffer holding the  data
+ * \param ilen     length of the input data
+ */
+void mbedtls_sha256_update( mbedtls_sha256_context *ctx, const unsigned char *input,
+                    size_t ilen );
+
+/**
+ * \brief          SHA-256 final digest
+ *
+ * \param ctx      SHA-256 context
+ * \param output   SHA-224/256 checksum result
+ */
+void mbedtls_sha256_finish( mbedtls_sha256_context *ctx, unsigned char output[32] );
+
+/* Internal use */
+void mbedtls_sha256_process( mbedtls_sha256_context *ctx, const unsigned char data[64] );
+
+#ifdef __cplusplus
+}
+#endif
+
+#else  /* MBEDTLS_SHA256_ALT */
+#include "sha256_alt.h"
+#endif /* MBEDTLS_SHA256_ALT */
+
+#ifdef __cplusplus
+extern "C" {
+#endif
+
+/**
+ * \brief          Output = SHA-256( input buffer )
+ *
+ * \param input    buffer holding the  data
+ * \param ilen     length of the input data
+ * \param output   SHA-224/256 checksum result
+ * \param is224    0 = use SHA256, 1 = use SHA224
+ */
+void mbedtls_sha256( const unsigned char *input, size_t ilen,
+           unsigned char output[32], int is224 );
+
+/**
+ * \brief          Checkup routine
+ *
+ * \return         0 if successful, or 1 if the test failed
+ */
+int mbedtls_sha256_self_test( int verbose );
+
+#ifdef __cplusplus
+}
+#endif
+
+#endif /* mbedtls_sha256.h */
diff --git a/client/3rd/ShadowSocks/ShadowSocks/mbedtls/include/sha512.h b/client/3rd/ShadowSocks/ShadowSocks/mbedtls/include/sha512.h
new file mode 100644
index 00000000..9462764f
--- /dev/null
+++ b/client/3rd/ShadowSocks/ShadowSocks/mbedtls/include/sha512.h
@@ -0,0 +1,141 @@
+/**
+ * \file mbedtls_sha512.h
+ *
+ * \brief SHA-384 and SHA-512 cryptographic hash function
+ *
+ *  Copyright (C) 2006-2015, ARM Limited, All Rights Reserved
+ *  SPDX-License-Identifier: Apache-2.0
+ *
+ *  Licensed under the Apache License, Version 2.0 (the "License"); you may
+ *  not use this file except in compliance with the License.
+ *  You may obtain a copy of the License at
+ *
+ *  http://www.apache.org/licenses/LICENSE-2.0
+ *
+ *  Unless required by applicable law or agreed to in writing, software
+ *  distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
+ *  WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ *  See the License for the specific language governing permissions and
+ *  limitations under the License.
+ *
+ *  This file is part of mbed TLS (https://tls.mbed.org)
+ */
+#ifndef MBEDTLS_SHA512_H
+#define MBEDTLS_SHA512_H
+
+#if !defined(MBEDTLS_CONFIG_FILE)
+#include "config.h"
+#else
+#include MBEDTLS_CONFIG_FILE
+#endif
+
+#include <stddef.h>
+#include <stdint.h>
+
+#if !defined(MBEDTLS_SHA512_ALT)
+// Regular implementation
+//
+
+#ifdef __cplusplus
+extern "C" {
+#endif
+
+/**
+ * \brief          SHA-512 context structure
+ */
+typedef struct
+{
+    uint64_t total[2];          /*!< number of bytes processed  */
+    uint64_t state[8];          /*!< intermediate digest state  */
+    unsigned char buffer[128];  /*!< data block being processed */
+    int is384;                  /*!< 0 => SHA-512, else SHA-384 */
+}
+mbedtls_sha512_context;
+
+/**
+ * \brief          Initialize SHA-512 context
+ *
+ * \param ctx      SHA-512 context to be initialized
+ */
+void mbedtls_sha512_init( mbedtls_sha512_context *ctx );
+
+/**
+ * \brief          Clear SHA-512 context
+ *
+ * \param ctx      SHA-512 context to be cleared
+ */
+void mbedtls_sha512_free( mbedtls_sha512_context *ctx );
+
+/**
+ * \brief          Clone (the state of) a SHA-512 context
+ *
+ * \param dst      The destination context
+ * \param src      The context to be cloned
+ */
+void mbedtls_sha512_clone( mbedtls_sha512_context *dst,
+                           const mbedtls_sha512_context *src );
+
+/**
+ * \brief          SHA-512 context setup
+ *
+ * \param ctx      context to be initialized
+ * \param is384    0 = use SHA512, 1 = use SHA384
+ */
+void mbedtls_sha512_starts( mbedtls_sha512_context *ctx, int is384 );
+
+/**
+ * \brief          SHA-512 process buffer
+ *
+ * \param ctx      SHA-512 context
+ * \param input    buffer holding the  data
+ * \param ilen     length of the input data
+ */
+void mbedtls_sha512_update( mbedtls_sha512_context *ctx, const unsigned char *input,
+                    size_t ilen );
+
+/**
+ * \brief          SHA-512 final digest
+ *
+ * \param ctx      SHA-512 context
+ * \param output   SHA-384/512 checksum result
+ */
+void mbedtls_sha512_finish( mbedtls_sha512_context *ctx, unsigned char output[64] );
+
+#ifdef __cplusplus
+}
+#endif
+
+#else  /* MBEDTLS_SHA512_ALT */
+#include "sha512_alt.h"
+#endif /* MBEDTLS_SHA512_ALT */
+
+#ifdef __cplusplus
+extern "C" {
+#endif
+
+/**
+ * \brief          Output = SHA-512( input buffer )
+ *
+ * \param input    buffer holding the  data
+ * \param ilen     length of the input data
+ * \param output   SHA-384/512 checksum result
+ * \param is384    0 = use SHA512, 1 = use SHA384
+ */
+void mbedtls_sha512( const unsigned char *input, size_t ilen,
+             unsigned char output[64], int is384 );
+
+/**
+ * \brief          Checkup routine
+ *
+ * \return         0 if successful, or 1 if the test failed
+ */
+int mbedtls_sha512_self_test( int verbose );
+
+/* Internal use */
+void mbedtls_sha512_process( mbedtls_sha512_context *ctx, const unsigned char data[128] );
+
+#ifdef __cplusplus
+}
+#endif
+
+#endif /* mbedtls_sha512.h */
diff --git a/client/3rd/ShadowSocks/ShadowSocks/mbedtls/include/ssl.h b/client/3rd/ShadowSocks/ShadowSocks/mbedtls/include/ssl.h
new file mode 100644
index 00000000..a017ec0b
--- /dev/null
+++ b/client/3rd/ShadowSocks/ShadowSocks/mbedtls/include/ssl.h
@@ -0,0 +1,2290 @@
+/**
+ * \file ssl.h
+ *
+ * \brief SSL/TLS functions.
+ *
+ *  Copyright (C) 2006-2015, ARM Limited, All Rights Reserved
+ *  SPDX-License-Identifier: Apache-2.0
+ *
+ *  Licensed under the Apache License, Version 2.0 (the "License"); you may
+ *  not use this file except in compliance with the License.
+ *  You may obtain a copy of the License at
+ *
+ *  http://www.apache.org/licenses/LICENSE-2.0
+ *
+ *  Unless required by applicable law or agreed to in writing, software
+ *  distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
+ *  WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ *  See the License for the specific language governing permissions and
+ *  limitations under the License.
+ *
+ *  This file is part of mbed TLS (https://tls.mbed.org)
+ */
+#ifndef MBEDTLS_SSL_H
+#define MBEDTLS_SSL_H
+
+#if !defined(MBEDTLS_CONFIG_FILE)
+#include "config.h"
+#else
+#include MBEDTLS_CONFIG_FILE
+#endif
+
+#include "bignum.h"
+#include "ecp.h"
+
+#include "ssl_ciphersuites.h"
+
+#if defined(MBEDTLS_X509_CRT_PARSE_C)
+#include "x509_crt.h"
+#include "x509_crl.h"
+#endif
+
+#if defined(MBEDTLS_DHM_C)
+#include "dhm.h"
+#endif
+
+#if defined(MBEDTLS_ECDH_C)
+#include "ecdh.h"
+#endif
+
+#if defined(MBEDTLS_ZLIB_SUPPORT)
+#include "zlib.h"
+#endif
+
+#if defined(MBEDTLS_HAVE_TIME)
+#include <time.h>
+#endif
+
+/* For convenience below and in programs */
+#if defined(MBEDTLS_KEY_EXCHANGE_PSK_ENABLED) ||                           \
+    defined(MBEDTLS_KEY_EXCHANGE_RSA_PSK_ENABLED) ||                       \
+    defined(MBEDTLS_KEY_EXCHANGE_DHE_PSK_ENABLED) ||                       \
+    defined(MBEDTLS_KEY_EXCHANGE_ECDHE_PSK_ENABLED)
+#define MBEDTLS_KEY_EXCHANGE__SOME__PSK_ENABLED
+#endif
+
+#if defined(MBEDTLS_KEY_EXCHANGE_ECDHE_RSA_ENABLED) ||                     \
+    defined(MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA_ENABLED) ||                   \
+    defined(MBEDTLS_KEY_EXCHANGE_ECDHE_PSK_ENABLED)
+#define MBEDTLS_KEY_EXCHANGE__SOME__ECDHE_ENABLED
+#endif
+
+#if defined(MBEDTLS_KEY_EXCHANGE_DHE_RSA_ENABLED) ||                       \
+    defined(MBEDTLS_KEY_EXCHANGE_ECDHE_RSA_ENABLED) ||                     \
+    defined(MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA_ENABLED)
+#define MBEDTLS_KEY_EXCHANGE__SOME__SIGNATURE_ENABLED
+#endif
+
+/*
+ * SSL Error codes
+ */
+#define MBEDTLS_ERR_SSL_FEATURE_UNAVAILABLE               -0x7080  /**< The requested feature is not available. */
+#define MBEDTLS_ERR_SSL_BAD_INPUT_DATA                    -0x7100  /**< Bad input parameters to function. */
+#define MBEDTLS_ERR_SSL_INVALID_MAC                       -0x7180  /**< Verification of the message MAC failed. */
+#define MBEDTLS_ERR_SSL_INVALID_RECORD                    -0x7200  /**< An invalid SSL record was received. */
+#define MBEDTLS_ERR_SSL_CONN_EOF                          -0x7280  /**< The connection indicated an EOF. */
+#define MBEDTLS_ERR_SSL_UNKNOWN_CIPHER                    -0x7300  /**< An unknown cipher was received. */
+#define MBEDTLS_ERR_SSL_NO_CIPHER_CHOSEN                  -0x7380  /**< The server has no ciphersuites in common with the client. */
+#define MBEDTLS_ERR_SSL_NO_RNG                            -0x7400  /**< No RNG was provided to the SSL module. */
+#define MBEDTLS_ERR_SSL_NO_CLIENT_CERTIFICATE             -0x7480  /**< No client certification received from the client, but required by the authentication mode. */
+#define MBEDTLS_ERR_SSL_CERTIFICATE_TOO_LARGE             -0x7500  /**< Our own certificate(s) is/are too large to send in an SSL message. */
+#define MBEDTLS_ERR_SSL_CERTIFICATE_REQUIRED              -0x7580  /**< The own certificate is not set, but needed by the server. */
+#define MBEDTLS_ERR_SSL_PRIVATE_KEY_REQUIRED              -0x7600  /**< The own private key or pre-shared key is not set, but needed. */
+#define MBEDTLS_ERR_SSL_CA_CHAIN_REQUIRED                 -0x7680  /**< No CA Chain is set, but required to operate. */
+#define MBEDTLS_ERR_SSL_UNEXPECTED_MESSAGE                -0x7700  /**< An unexpected message was received from our peer. */
+#define MBEDTLS_ERR_SSL_FATAL_ALERT_MESSAGE               -0x7780  /**< A fatal alert message was received from our peer. */
+#define MBEDTLS_ERR_SSL_PEER_VERIFY_FAILED                -0x7800  /**< Verification of our peer failed. */
+#define MBEDTLS_ERR_SSL_PEER_CLOSE_NOTIFY                 -0x7880  /**< The peer notified us that the connection is going to be closed. */
+#define MBEDTLS_ERR_SSL_BAD_HS_CLIENT_HELLO               -0x7900  /**< Processing of the ClientHello handshake message failed. */
+#define MBEDTLS_ERR_SSL_BAD_HS_SERVER_HELLO               -0x7980  /**< Processing of the ServerHello handshake message failed. */
+#define MBEDTLS_ERR_SSL_BAD_HS_CERTIFICATE                -0x7A00  /**< Processing of the Certificate handshake message failed. */
+#define MBEDTLS_ERR_SSL_BAD_HS_CERTIFICATE_REQUEST        -0x7A80  /**< Processing of the CertificateRequest handshake message failed. */
+#define MBEDTLS_ERR_SSL_BAD_HS_SERVER_KEY_EXCHANGE        -0x7B00  /**< Processing of the ServerKeyExchange handshake message failed. */
+#define MBEDTLS_ERR_SSL_BAD_HS_SERVER_HELLO_DONE          -0x7B80  /**< Processing of the ServerHelloDone handshake message failed. */
+#define MBEDTLS_ERR_SSL_BAD_HS_CLIENT_KEY_EXCHANGE        -0x7C00  /**< Processing of the ClientKeyExchange handshake message failed. */
+#define MBEDTLS_ERR_SSL_BAD_HS_CLIENT_KEY_EXCHANGE_RP     -0x7C80  /**< Processing of the ClientKeyExchange handshake message failed in DHM / ECDH Read Public. */
+#define MBEDTLS_ERR_SSL_BAD_HS_CLIENT_KEY_EXCHANGE_CS     -0x7D00  /**< Processing of the ClientKeyExchange handshake message failed in DHM / ECDH Calculate Secret. */
+#define MBEDTLS_ERR_SSL_BAD_HS_CERTIFICATE_VERIFY         -0x7D80  /**< Processing of the CertificateVerify handshake message failed. */
+#define MBEDTLS_ERR_SSL_BAD_HS_CHANGE_CIPHER_SPEC         -0x7E00  /**< Processing of the ChangeCipherSpec handshake message failed. */
+#define MBEDTLS_ERR_SSL_BAD_HS_FINISHED                   -0x7E80  /**< Processing of the Finished handshake message failed. */
+#define MBEDTLS_ERR_SSL_ALLOC_FAILED                      -0x7F00  /**< Memory allocation failed */
+#define MBEDTLS_ERR_SSL_HW_ACCEL_FAILED                   -0x7F80  /**< Hardware acceleration function returned with error */
+#define MBEDTLS_ERR_SSL_HW_ACCEL_FALLTHROUGH              -0x6F80  /**< Hardware acceleration function skipped / left alone data */
+#define MBEDTLS_ERR_SSL_COMPRESSION_FAILED                -0x6F00  /**< Processing of the compression / decompression failed */
+#define MBEDTLS_ERR_SSL_BAD_HS_PROTOCOL_VERSION           -0x6E80  /**< Handshake protocol not within min/max boundaries */
+#define MBEDTLS_ERR_SSL_BAD_HS_NEW_SESSION_TICKET         -0x6E00  /**< Processing of the NewSessionTicket handshake message failed. */
+#define MBEDTLS_ERR_SSL_SESSION_TICKET_EXPIRED            -0x6D80  /**< Session ticket has expired. */
+#define MBEDTLS_ERR_SSL_PK_TYPE_MISMATCH                  -0x6D00  /**< Public key type mismatch (eg, asked for RSA key exchange and presented EC key) */
+#define MBEDTLS_ERR_SSL_UNKNOWN_IDENTITY                  -0x6C80  /**< Unknown identity received (eg, PSK identity) */
+#define MBEDTLS_ERR_SSL_INTERNAL_ERROR                    -0x6C00  /**< Internal error (eg, unexpected failure in lower-level module) */
+#define MBEDTLS_ERR_SSL_COUNTER_WRAPPING                  -0x6B80  /**< A counter would wrap (eg, too many messages exchanged). */
+#define MBEDTLS_ERR_SSL_WAITING_SERVER_HELLO_RENEGO       -0x6B00  /**< Unexpected message at ServerHello in renegotiation. */
+#define MBEDTLS_ERR_SSL_HELLO_VERIFY_REQUIRED             -0x6A80  /**< DTLS client must retry for hello verification */
+#define MBEDTLS_ERR_SSL_BUFFER_TOO_SMALL                  -0x6A00  /**< A buffer is too small to receive or write a message */
+#define MBEDTLS_ERR_SSL_NO_USABLE_CIPHERSUITE             -0x6980  /**< None of the common ciphersuites is usable (eg, no suitable certificate, see debug messages). */
+#define MBEDTLS_ERR_SSL_WANT_READ                         -0x6900  /**< Connection requires a read call. */
+#define MBEDTLS_ERR_SSL_WANT_WRITE                        -0x6880  /**< Connection requires a write call. */
+#define MBEDTLS_ERR_SSL_TIMEOUT                           -0x6800  /**< The operation timed out. */
+#define MBEDTLS_ERR_SSL_CLIENT_RECONNECT                  -0x6780  /**< The client initiated a reconnect from the same port. */
+
+/*
+ * Various constants
+ */
+#define MBEDTLS_SSL_MAJOR_VERSION_3             3
+#define MBEDTLS_SSL_MINOR_VERSION_0             0   /*!< SSL v3.0 */
+#define MBEDTLS_SSL_MINOR_VERSION_1             1   /*!< TLS v1.0 */
+#define MBEDTLS_SSL_MINOR_VERSION_2             2   /*!< TLS v1.1 */
+#define MBEDTLS_SSL_MINOR_VERSION_3             3   /*!< TLS v1.2 */
+
+#define MBEDTLS_SSL_TRANSPORT_STREAM            0   /*!< TLS      */
+#define MBEDTLS_SSL_TRANSPORT_DATAGRAM          1   /*!< DTLS     */
+
+#define MBEDTLS_SSL_MAX_HOST_NAME_LEN           255 /*!< Maximum host name defined in RFC 1035 */
+
+/* RFC 6066 section 4, see also mfl_code_to_length in ssl_tls.c
+ * NONE must be zero so that memset()ing structure to zero works */
+#define MBEDTLS_SSL_MAX_FRAG_LEN_NONE           0   /*!< don't use this extension   */
+#define MBEDTLS_SSL_MAX_FRAG_LEN_512            1   /*!< MaxFragmentLength 2^9      */
+#define MBEDTLS_SSL_MAX_FRAG_LEN_1024           2   /*!< MaxFragmentLength 2^10     */
+#define MBEDTLS_SSL_MAX_FRAG_LEN_2048           3   /*!< MaxFragmentLength 2^11     */
+#define MBEDTLS_SSL_MAX_FRAG_LEN_4096           4   /*!< MaxFragmentLength 2^12     */
+#define MBEDTLS_SSL_MAX_FRAG_LEN_INVALID        5   /*!< first invalid value        */
+
+#define MBEDTLS_SSL_IS_CLIENT                   0
+#define MBEDTLS_SSL_IS_SERVER                   1
+
+#define MBEDTLS_SSL_IS_NOT_FALLBACK             0
+#define MBEDTLS_SSL_IS_FALLBACK                 1
+
+#define MBEDTLS_SSL_EXTENDED_MS_DISABLED        0
+#define MBEDTLS_SSL_EXTENDED_MS_ENABLED         1
+
+#define MBEDTLS_SSL_ETM_DISABLED                0
+#define MBEDTLS_SSL_ETM_ENABLED                 1
+
+#define MBEDTLS_SSL_COMPRESS_NULL               0
+#define MBEDTLS_SSL_COMPRESS_DEFLATE            1
+
+#define MBEDTLS_SSL_VERIFY_NONE                 0
+#define MBEDTLS_SSL_VERIFY_OPTIONAL             1
+#define MBEDTLS_SSL_VERIFY_REQUIRED             2
+#define MBEDTLS_SSL_VERIFY_UNSET                3 /* Used only for sni_authmode */
+
+#define MBEDTLS_SSL_LEGACY_RENEGOTIATION        0
+#define MBEDTLS_SSL_SECURE_RENEGOTIATION        1
+
+#define MBEDTLS_SSL_RENEGOTIATION_DISABLED      0
+#define MBEDTLS_SSL_RENEGOTIATION_ENABLED       1
+
+#define MBEDTLS_SSL_ANTI_REPLAY_DISABLED        0
+#define MBEDTLS_SSL_ANTI_REPLAY_ENABLED         1
+
+#define MBEDTLS_SSL_RENEGOTIATION_NOT_ENFORCED  -1
+#define MBEDTLS_SSL_RENEGO_MAX_RECORDS_DEFAULT  16
+
+#define MBEDTLS_SSL_LEGACY_NO_RENEGOTIATION     0
+#define MBEDTLS_SSL_LEGACY_ALLOW_RENEGOTIATION  1
+#define MBEDTLS_SSL_LEGACY_BREAK_HANDSHAKE      2
+
+#define MBEDTLS_SSL_TRUNC_HMAC_DISABLED         0
+#define MBEDTLS_SSL_TRUNC_HMAC_ENABLED          1
+#define MBEDTLS_SSL_TRUNCATED_HMAC_LEN          10  /* 80 bits, rfc 6066 section 7 */
+
+#define MBEDTLS_SSL_SESSION_TICKETS_DISABLED     0
+#define MBEDTLS_SSL_SESSION_TICKETS_ENABLED      1
+
+#define MBEDTLS_SSL_CBC_RECORD_SPLITTING_DISABLED    0
+#define MBEDTLS_SSL_CBC_RECORD_SPLITTING_ENABLED     1
+
+#define MBEDTLS_SSL_ARC4_ENABLED                0
+#define MBEDTLS_SSL_ARC4_DISABLED               1
+
+#define MBEDTLS_SSL_PRESET_DEFAULT              0
+#define MBEDTLS_SSL_PRESET_SUITEB               2
+
+/*
+ * Default range for DTLS retransmission timer value, in milliseconds.
+ * RFC 6347 4.2.4.1 says from 1 second to 60 seconds.
+ */
+#define MBEDTLS_SSL_DTLS_TIMEOUT_DFL_MIN    1000
+#define MBEDTLS_SSL_DTLS_TIMEOUT_DFL_MAX   60000
+
+/**
+ * \name SECTION: Module settings
+ *
+ * The configuration options you can set for this module are in this section.
+ * Either change them in config.h or define them on the compiler command line.
+ * \{
+ */
+
+#if !defined(MBEDTLS_SSL_DEFAULT_TICKET_LIFETIME)
+#define MBEDTLS_SSL_DEFAULT_TICKET_LIFETIME     86400 /**< Lifetime of session tickets (if enabled) */
+#endif
+
+/*
+ * Maxium fragment length in bytes,
+ * determines the size of each of the two internal I/O buffers.
+ *
+ * Note: the RFC defines the default size of SSL / TLS messages. If you
+ * change the value here, other clients / servers may not be able to
+ * communicate with you anymore. Only change this value if you control
+ * both sides of the connection and have it reduced at both sides, or
+ * if you're using the Max Fragment Length extension and you know all your
+ * peers are using it too!
+ */
+#if !defined(MBEDTLS_SSL_MAX_CONTENT_LEN)
+#define MBEDTLS_SSL_MAX_CONTENT_LEN         16384   /**< Size of the input / output buffer */
+#endif
+
+/* \} name SECTION: Module settings */
+
+/*
+ * Length of the verify data for secure renegotiation
+ */
+#if defined(MBEDTLS_SSL_PROTO_SSL3)
+#define MBEDTLS_SSL_VERIFY_DATA_MAX_LEN 36
+#else
+#define MBEDTLS_SSL_VERIFY_DATA_MAX_LEN 12
+#endif
+
+/*
+ * Signaling ciphersuite values (SCSV)
+ */
+#define MBEDTLS_SSL_EMPTY_RENEGOTIATION_INFO    0xFF   /**< renegotiation info ext */
+#define MBEDTLS_SSL_FALLBACK_SCSV_VALUE         0x5600 /**< draft-ietf-tls-downgrade-scsv-00 */
+
+/*
+ * Supported Signature and Hash algorithms (For TLS 1.2)
+ * RFC 5246 section 7.4.1.4.1
+ */
+#define MBEDTLS_SSL_HASH_NONE                0
+#define MBEDTLS_SSL_HASH_MD5                 1
+#define MBEDTLS_SSL_HASH_SHA1                2
+#define MBEDTLS_SSL_HASH_SHA224              3
+#define MBEDTLS_SSL_HASH_SHA256              4
+#define MBEDTLS_SSL_HASH_SHA384              5
+#define MBEDTLS_SSL_HASH_SHA512              6
+
+#define MBEDTLS_SSL_SIG_ANON                 0
+#define MBEDTLS_SSL_SIG_RSA                  1
+#define MBEDTLS_SSL_SIG_ECDSA                3
+
+/*
+ * Client Certificate Types
+ * RFC 5246 section 7.4.4 plus RFC 4492 section 5.5
+ */
+#define MBEDTLS_SSL_CERT_TYPE_RSA_SIGN       1
+#define MBEDTLS_SSL_CERT_TYPE_ECDSA_SIGN    64
+
+/*
+ * Message, alert and handshake types
+ */
+#define MBEDTLS_SSL_MSG_CHANGE_CIPHER_SPEC     20
+#define MBEDTLS_SSL_MSG_ALERT                  21
+#define MBEDTLS_SSL_MSG_HANDSHAKE              22
+#define MBEDTLS_SSL_MSG_APPLICATION_DATA       23
+
+#define MBEDTLS_SSL_ALERT_LEVEL_WARNING         1
+#define MBEDTLS_SSL_ALERT_LEVEL_FATAL           2
+
+#define MBEDTLS_SSL_ALERT_MSG_CLOSE_NOTIFY           0  /* 0x00 */
+#define MBEDTLS_SSL_ALERT_MSG_UNEXPECTED_MESSAGE    10  /* 0x0A */
+#define MBEDTLS_SSL_ALERT_MSG_BAD_RECORD_MAC        20  /* 0x14 */
+#define MBEDTLS_SSL_ALERT_MSG_DECRYPTION_FAILED     21  /* 0x15 */
+#define MBEDTLS_SSL_ALERT_MSG_RECORD_OVERFLOW       22  /* 0x16 */
+#define MBEDTLS_SSL_ALERT_MSG_DECOMPRESSION_FAILURE 30  /* 0x1E */
+#define MBEDTLS_SSL_ALERT_MSG_HANDSHAKE_FAILURE     40  /* 0x28 */
+#define MBEDTLS_SSL_ALERT_MSG_NO_CERT               41  /* 0x29 */
+#define MBEDTLS_SSL_ALERT_MSG_BAD_CERT              42  /* 0x2A */
+#define MBEDTLS_SSL_ALERT_MSG_UNSUPPORTED_CERT      43  /* 0x2B */
+#define MBEDTLS_SSL_ALERT_MSG_CERT_REVOKED          44  /* 0x2C */
+#define MBEDTLS_SSL_ALERT_MSG_CERT_EXPIRED          45  /* 0x2D */
+#define MBEDTLS_SSL_ALERT_MSG_CERT_UNKNOWN          46  /* 0x2E */
+#define MBEDTLS_SSL_ALERT_MSG_ILLEGAL_PARAMETER     47  /* 0x2F */
+#define MBEDTLS_SSL_ALERT_MSG_UNKNOWN_CA            48  /* 0x30 */
+#define MBEDTLS_SSL_ALERT_MSG_ACCESS_DENIED         49  /* 0x31 */
+#define MBEDTLS_SSL_ALERT_MSG_DECODE_ERROR          50  /* 0x32 */
+#define MBEDTLS_SSL_ALERT_MSG_DECRYPT_ERROR         51  /* 0x33 */
+#define MBEDTLS_SSL_ALERT_MSG_EXPORT_RESTRICTION    60  /* 0x3C */
+#define MBEDTLS_SSL_ALERT_MSG_PROTOCOL_VERSION      70  /* 0x46 */
+#define MBEDTLS_SSL_ALERT_MSG_INSUFFICIENT_SECURITY 71  /* 0x47 */
+#define MBEDTLS_SSL_ALERT_MSG_INTERNAL_ERROR        80  /* 0x50 */
+#define MBEDTLS_SSL_ALERT_MSG_INAPROPRIATE_FALLBACK 86  /* 0x56 */
+#define MBEDTLS_SSL_ALERT_MSG_USER_CANCELED         90  /* 0x5A */
+#define MBEDTLS_SSL_ALERT_MSG_NO_RENEGOTIATION     100  /* 0x64 */
+#define MBEDTLS_SSL_ALERT_MSG_UNSUPPORTED_EXT      110  /* 0x6E */
+#define MBEDTLS_SSL_ALERT_MSG_UNRECOGNIZED_NAME    112  /* 0x70 */
+#define MBEDTLS_SSL_ALERT_MSG_UNKNOWN_PSK_IDENTITY 115  /* 0x73 */
+#define MBEDTLS_SSL_ALERT_MSG_NO_APPLICATION_PROTOCOL 120 /* 0x78 */
+
+#define MBEDTLS_SSL_HS_HELLO_REQUEST            0
+#define MBEDTLS_SSL_HS_CLIENT_HELLO             1
+#define MBEDTLS_SSL_HS_SERVER_HELLO             2
+#define MBEDTLS_SSL_HS_HELLO_VERIFY_REQUEST     3
+#define MBEDTLS_SSL_HS_NEW_SESSION_TICKET       4
+#define MBEDTLS_SSL_HS_CERTIFICATE             11
+#define MBEDTLS_SSL_HS_SERVER_KEY_EXCHANGE     12
+#define MBEDTLS_SSL_HS_CERTIFICATE_REQUEST     13
+#define MBEDTLS_SSL_HS_SERVER_HELLO_DONE       14
+#define MBEDTLS_SSL_HS_CERTIFICATE_VERIFY      15
+#define MBEDTLS_SSL_HS_CLIENT_KEY_EXCHANGE     16
+#define MBEDTLS_SSL_HS_FINISHED                20
+
+/*
+ * TLS extensions
+ */
+#define MBEDTLS_TLS_EXT_SERVERNAME                   0
+#define MBEDTLS_TLS_EXT_SERVERNAME_HOSTNAME          0
+
+#define MBEDTLS_TLS_EXT_MAX_FRAGMENT_LENGTH          1
+
+#define MBEDTLS_TLS_EXT_TRUNCATED_HMAC               4
+
+#define MBEDTLS_TLS_EXT_SUPPORTED_ELLIPTIC_CURVES   10
+#define MBEDTLS_TLS_EXT_SUPPORTED_POINT_FORMATS     11
+
+#define MBEDTLS_TLS_EXT_SIG_ALG                     13
+
+#define MBEDTLS_TLS_EXT_ALPN                        16
+
+#define MBEDTLS_TLS_EXT_ENCRYPT_THEN_MAC            22 /* 0x16 */
+#define MBEDTLS_TLS_EXT_EXTENDED_MASTER_SECRET  0x0017 /* 23 */
+
+#define MBEDTLS_TLS_EXT_SESSION_TICKET              35
+
+#define MBEDTLS_TLS_EXT_RENEGOTIATION_INFO      0xFF01
+
+/*
+ * Size defines
+ */
+#if !defined(MBEDTLS_PSK_MAX_LEN)
+#define MBEDTLS_PSK_MAX_LEN            32 /* 256 bits */
+#endif
+
+/* Dummy type used only for its size */
+union mbedtls_ssl_premaster_secret
+{
+#if defined(MBEDTLS_KEY_EXCHANGE_RSA_ENABLED)
+    unsigned char _pms_rsa[48];                         /* RFC 5246 8.1.1 */
+#endif
+#if defined(MBEDTLS_KEY_EXCHANGE_DHE_RSA_ENABLED)
+    unsigned char _pms_dhm[MBEDTLS_MPI_MAX_SIZE];      /* RFC 5246 8.1.2 */
+#endif
+#if defined(MBEDTLS_KEY_EXCHANGE_ECDHE_RSA_ENABLED)    || \
+    defined(MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA_ENABLED)  || \
+    defined(MBEDTLS_KEY_EXCHANGE_ECDH_RSA_ENABLED)     || \
+    defined(MBEDTLS_KEY_EXCHANGE_ECDH_ECDSA_ENABLED)
+    unsigned char _pms_ecdh[MBEDTLS_ECP_MAX_BYTES];    /* RFC 4492 5.10 */
+#endif
+#if defined(MBEDTLS_KEY_EXCHANGE_PSK_ENABLED)
+    unsigned char _pms_psk[4 + 2 * MBEDTLS_PSK_MAX_LEN];       /* RFC 4279 2 */
+#endif
+#if defined(MBEDTLS_KEY_EXCHANGE_DHE_PSK_ENABLED)
+    unsigned char _pms_dhe_psk[4 + MBEDTLS_MPI_MAX_SIZE
+                                 + MBEDTLS_PSK_MAX_LEN];       /* RFC 4279 3 */
+#endif
+#if defined(MBEDTLS_KEY_EXCHANGE_RSA_PSK_ENABLED)
+    unsigned char _pms_rsa_psk[52 + MBEDTLS_PSK_MAX_LEN];      /* RFC 4279 4 */
+#endif
+#if defined(MBEDTLS_KEY_EXCHANGE_ECDHE_PSK_ENABLED)
+    unsigned char _pms_ecdhe_psk[4 + MBEDTLS_ECP_MAX_BYTES
+                                   + MBEDTLS_PSK_MAX_LEN];     /* RFC 5489 2 */
+#endif
+};
+
+#define MBEDTLS_PREMASTER_SIZE     sizeof( union mbedtls_ssl_premaster_secret )
+
+#ifdef __cplusplus
+extern "C" {
+#endif
+
+/*
+ * SSL state machine
+ */
+typedef enum
+{
+    MBEDTLS_SSL_HELLO_REQUEST,
+    MBEDTLS_SSL_CLIENT_HELLO,
+    MBEDTLS_SSL_SERVER_HELLO,
+    MBEDTLS_SSL_SERVER_CERTIFICATE,
+    MBEDTLS_SSL_SERVER_KEY_EXCHANGE,
+    MBEDTLS_SSL_CERTIFICATE_REQUEST,
+    MBEDTLS_SSL_SERVER_HELLO_DONE,
+    MBEDTLS_SSL_CLIENT_CERTIFICATE,
+    MBEDTLS_SSL_CLIENT_KEY_EXCHANGE,
+    MBEDTLS_SSL_CERTIFICATE_VERIFY,
+    MBEDTLS_SSL_CLIENT_CHANGE_CIPHER_SPEC,
+    MBEDTLS_SSL_CLIENT_FINISHED,
+    MBEDTLS_SSL_SERVER_CHANGE_CIPHER_SPEC,
+    MBEDTLS_SSL_SERVER_FINISHED,
+    MBEDTLS_SSL_FLUSH_BUFFERS,
+    MBEDTLS_SSL_HANDSHAKE_WRAPUP,
+    MBEDTLS_SSL_HANDSHAKE_OVER,
+    MBEDTLS_SSL_SERVER_NEW_SESSION_TICKET,
+    MBEDTLS_SSL_SERVER_HELLO_VERIFY_REQUEST_SENT,
+}
+mbedtls_ssl_states;
+
+/* Defined below */
+typedef struct mbedtls_ssl_session mbedtls_ssl_session;
+typedef struct mbedtls_ssl_context mbedtls_ssl_context;
+typedef struct mbedtls_ssl_config  mbedtls_ssl_config;
+
+/* Defined in ssl_internal.h */
+typedef struct mbedtls_ssl_transform mbedtls_ssl_transform;
+typedef struct mbedtls_ssl_handshake_params mbedtls_ssl_handshake_params;
+#if defined(MBEDTLS_X509_CRT_PARSE_C)
+typedef struct mbedtls_ssl_key_cert mbedtls_ssl_key_cert;
+#endif
+#if defined(MBEDTLS_SSL_PROTO_DTLS)
+typedef struct mbedtls_ssl_flight_item mbedtls_ssl_flight_item;
+#endif
+
+/*
+ * This structure is used for storing current session data.
+ */
+struct mbedtls_ssl_session
+{
+#if defined(MBEDTLS_HAVE_TIME)
+    time_t start;               /*!< starting time      */
+#endif
+    int ciphersuite;            /*!< chosen ciphersuite */
+    int compression;            /*!< chosen compression */
+    size_t id_len;              /*!< session id length  */
+    unsigned char id[32];       /*!< session identifier */
+    unsigned char master[48];   /*!< the master secret  */
+
+#if defined(MBEDTLS_X509_CRT_PARSE_C)
+    mbedtls_x509_crt *peer_cert;        /*!< peer X.509 cert chain */
+#endif /* MBEDTLS_X509_CRT_PARSE_C */
+    uint32_t verify_result;          /*!<  verification result     */
+
+#if defined(MBEDTLS_SSL_SESSION_TICKETS) && defined(MBEDTLS_SSL_CLI_C)
+    unsigned char *ticket;      /*!< RFC 5077 session ticket */
+    size_t ticket_len;          /*!< session ticket length   */
+    uint32_t ticket_lifetime;   /*!< ticket lifetime hint    */
+#endif /* MBEDTLS_SSL_SESSION_TICKETS && MBEDTLS_SSL_CLI_C */
+
+#if defined(MBEDTLS_SSL_MAX_FRAGMENT_LENGTH)
+    unsigned char mfl_code;     /*!< MaxFragmentLength negotiated by peer */
+#endif /* MBEDTLS_SSL_MAX_FRAGMENT_LENGTH */
+
+#if defined(MBEDTLS_SSL_TRUNCATED_HMAC)
+    int trunc_hmac;             /*!< flag for truncated hmac activation   */
+#endif /* MBEDTLS_SSL_TRUNCATED_HMAC */
+
+#if defined(MBEDTLS_SSL_ENCRYPT_THEN_MAC)
+    int encrypt_then_mac;       /*!< flag for EtM activation                */
+#endif
+};
+
+/**
+ * SSL/TLS configuration to be shared between mbedtls_ssl_context structures.
+ */
+struct mbedtls_ssl_config
+{
+    /* Group items by size (largest first) to minimize padding overhead */
+
+    /*
+     * Pointers
+     */
+
+    const int *ciphersuite_list[4]; /*!< allowed ciphersuites per version   */
+
+    /** Callback for printing debug output                                  */
+    void (*f_dbg)(void *, int, const char *, int, const char *);
+    void *p_dbg;                    /*!< context for the debug function     */
+
+    /** Callback for getting (pseudo-)random numbers                        */
+    int  (*f_rng)(void *, unsigned char *, size_t);
+    void *p_rng;                    /*!< context for the RNG function       */
+
+    /** Callback to retrieve a session from the cache                       */
+    int (*f_get_cache)(void *, mbedtls_ssl_session *);
+    /** Callback to store a session into the cache                          */
+    int (*f_set_cache)(void *, const mbedtls_ssl_session *);
+    void *p_cache;                  /*!< context for cache callbacks        */
+
+#if defined(MBEDTLS_SSL_SERVER_NAME_INDICATION)
+    /** Callback for setting cert according to SNI extension                */
+    int (*f_sni)(void *, mbedtls_ssl_context *, const unsigned char *, size_t);
+    void *p_sni;                    /*!< context for SNI callback           */
+#endif
+
+#if defined(MBEDTLS_X509_CRT_PARSE_C)
+    /** Callback to customize X.509 certificate chain verification          */
+    int (*f_vrfy)(void *, mbedtls_x509_crt *, int, uint32_t *);
+    void *p_vrfy;                   /*!< context for X.509 verify calllback */
+#endif
+
+#if defined(MBEDTLS_KEY_EXCHANGE__SOME__PSK_ENABLED)
+    /** Callback to retrieve PSK key from identity                          */
+    int (*f_psk)(void *, mbedtls_ssl_context *, const unsigned char *, size_t);
+    void *p_psk;                    /*!< context for PSK callback           */
+#endif
+
+#if defined(MBEDTLS_SSL_DTLS_HELLO_VERIFY) && defined(MBEDTLS_SSL_SRV_C)
+    /** Callback to create & write a cookie for ClientHello veirifcation    */
+    int (*f_cookie_write)( void *, unsigned char **, unsigned char *,
+                           const unsigned char *, size_t );
+    /** Callback to verify validity of a ClientHello cookie                 */
+    int (*f_cookie_check)( void *, const unsigned char *, size_t,
+                           const unsigned char *, size_t );
+    void *p_cookie;                 /*!< context for the cookie callbacks   */
+#endif
+
+#if defined(MBEDTLS_SSL_SESSION_TICKETS) && defined(MBEDTLS_SSL_SRV_C)
+    /** Callback to create & write a session ticket                         */
+    int (*f_ticket_write)( void *, const mbedtls_ssl_session *,
+            unsigned char *, const unsigned char *, size_t *, uint32_t * );
+    /** Callback to parse a session ticket into a session structure         */
+    int (*f_ticket_parse)( void *, mbedtls_ssl_session *, unsigned char *, size_t);
+    void *p_ticket;                 /*!< context for the ticket callbacks   */
+#endif /* MBEDTLS_SSL_SESSION_TICKETS && MBEDTLS_SSL_SRV_C */
+
+#if defined(MBEDTLS_X509_CRT_PARSE_C)
+    const mbedtls_x509_crt_profile *cert_profile; /*!< verification profile */
+    mbedtls_ssl_key_cert *key_cert; /*!< own certificate/key pair(s)        */
+    mbedtls_x509_crt *ca_chain;     /*!< trusted CAs                        */
+    mbedtls_x509_crl *ca_crl;       /*!< trusted CAs CRLs                   */
+#endif /* MBEDTLS_X509_CRT_PARSE_C */
+
+#if defined(MBEDTLS_KEY_EXCHANGE__SOME__SIGNATURE_ENABLED)
+    const int *sig_hashes;          /*!< allowed signature hashes           */
+#endif
+
+#if defined(MBEDTLS_ECP_C)
+    const mbedtls_ecp_group_id *curve_list; /*!< allowed curves             */
+#endif
+
+#if defined(MBEDTLS_DHM_C)
+    mbedtls_mpi dhm_P;              /*!< prime modulus for DHM              */
+    mbedtls_mpi dhm_G;              /*!< generator for DHM                  */
+#endif
+
+#if defined(MBEDTLS_KEY_EXCHANGE__SOME__PSK_ENABLED)
+    unsigned char *psk;             /*!< pre-shared key                     */
+    size_t         psk_len;         /*!< length of the pre-shared key       */
+    unsigned char *psk_identity;    /*!< identity for PSK negotiation       */
+    size_t         psk_identity_len;/*!< length of identity                 */
+#endif
+
+#if defined(MBEDTLS_SSL_ALPN)
+    const char **alpn_list;         /*!< ordered list of protocols          */
+#endif
+
+    /*
+     * Numerical settings (int then char)
+     */
+
+    uint32_t read_timeout;          /*!< timeout for mbedtls_ssl_read (ms)  */
+
+#if defined(MBEDTLS_SSL_PROTO_DTLS)
+    uint32_t hs_timeout_min;        /*!< initial value of the handshake
+                                         retransmission timeout (ms)        */
+    uint32_t hs_timeout_max;        /*!< maximum value of the handshake
+                                         retransmission timeout (ms)        */
+#endif
+
+#if defined(MBEDTLS_SSL_RENEGOTIATION)
+    int renego_max_records;         /*!< grace period for renegotiation     */
+    unsigned char renego_period[8]; /*!< value of the record counters
+                                         that triggers renegotiation        */
+#endif
+
+#if defined(MBEDTLS_SSL_DTLS_BADMAC_LIMIT)
+    unsigned int badmac_limit;      /*!< limit of records with a bad MAC    */
+#endif
+
+#if defined(MBEDTLS_DHM_C) && defined(MBEDTLS_SSL_CLI_C)
+    unsigned int dhm_min_bitlen;    /*!< min. bit length of the DHM prime   */
+#endif
+
+    unsigned char max_major_ver;    /*!< max. major version used            */
+    unsigned char max_minor_ver;    /*!< max. minor version used            */
+    unsigned char min_major_ver;    /*!< min. major version used            */
+    unsigned char min_minor_ver;    /*!< min. minor version used            */
+
+    /*
+     * Flags (bitfields)
+     */
+
+    unsigned int endpoint : 1;      /*!< 0: client, 1: server               */
+    unsigned int transport : 1;     /*!< stream (TLS) or datagram (DTLS)    */
+    unsigned int authmode : 2;      /*!< MBEDTLS_SSL_VERIFY_XXX             */
+    /* needed even with renego disabled for LEGACY_BREAK_HANDSHAKE          */
+    unsigned int allow_legacy_renegotiation : 2 ; /*!< MBEDTLS_LEGACY_XXX   */
+#if defined(MBEDTLS_ARC4_C)
+    unsigned int arc4_disabled : 1; /*!< blacklist RC4 ciphersuites?        */
+#endif
+#if defined(MBEDTLS_SSL_MAX_FRAGMENT_LENGTH)
+    unsigned int mfl_code : 3;      /*!< desired fragment length            */
+#endif
+#if defined(MBEDTLS_SSL_ENCRYPT_THEN_MAC)
+    unsigned int encrypt_then_mac : 1 ; /*!< negotiate encrypt-then-mac?    */
+#endif
+#if defined(MBEDTLS_SSL_EXTENDED_MASTER_SECRET)
+    unsigned int extended_ms : 1;   /*!< negotiate extended master secret?  */
+#endif
+#if defined(MBEDTLS_SSL_DTLS_ANTI_REPLAY)
+    unsigned int anti_replay : 1;   /*!< detect and prevent replay?         */
+#endif
+#if defined(MBEDTLS_SSL_CBC_RECORD_SPLITTING)
+    unsigned int cbc_record_splitting : 1;  /*!< do cbc record splitting    */
+#endif
+#if defined(MBEDTLS_SSL_RENEGOTIATION)
+    unsigned int disable_renegotiation : 1; /*!< disable renegotiation?     */
+#endif
+#if defined(MBEDTLS_SSL_TRUNCATED_HMAC)
+    unsigned int trunc_hmac : 1;    /*!< negotiate truncated hmac?          */
+#endif
+#if defined(MBEDTLS_SSL_SESSION_TICKETS)
+    unsigned int session_tickets : 1;   /*!< use session tickets?           */
+#endif
+#if defined(MBEDTLS_SSL_FALLBACK_SCSV) && defined(MBEDTLS_SSL_CLI_C)
+    unsigned int fallback : 1;      /*!< is this a fallback?                */
+#endif
+};
+
+
+struct mbedtls_ssl_context
+{
+    const mbedtls_ssl_config *conf; /*!< configuration information          */
+
+    /*
+     * Miscellaneous
+     */
+    int state;                  /*!< SSL handshake: current state     */
+#if defined(MBEDTLS_SSL_RENEGOTIATION)
+    int renego_status;          /*!< Initial, in progress, pending?   */
+    int renego_records_seen;    /*!< Records since renego request, or with DTLS,
+                                  number of retransmissions of request if
+                                  renego_max_records is < 0           */
+#endif
+
+    int major_ver;              /*!< equal to  MBEDTLS_SSL_MAJOR_VERSION_3    */
+    int minor_ver;              /*!< either 0 (SSL3) or 1 (TLS1.0)    */
+
+#if defined(MBEDTLS_SSL_DTLS_BADMAC_LIMIT)
+    unsigned badmac_seen;       /*!< records with a bad MAC received    */
+#endif
+
+    /*
+     * Callbacks
+     */
+    int (*f_send)(void *, const unsigned char *, size_t);
+    int (*f_recv)(void *, unsigned char *, size_t);
+    int (*f_recv_timeout)(void *, unsigned char *, size_t, uint32_t);
+    void *p_bio;                /*!< context for I/O operations   */
+
+    /*
+     * Session layer
+     */
+    mbedtls_ssl_session *session_in;            /*!<  current session data (in)   */
+    mbedtls_ssl_session *session_out;           /*!<  current session data (out)  */
+    mbedtls_ssl_session *session;               /*!<  negotiated session data     */
+    mbedtls_ssl_session *session_negotiate;     /*!<  session data in negotiation */
+
+    mbedtls_ssl_handshake_params *handshake;    /*!<  params required only during
+                                              the handshake process        */
+
+    /*
+     * Record layer transformations
+     */
+    mbedtls_ssl_transform *transform_in;        /*!<  current transform params (in)   */
+    mbedtls_ssl_transform *transform_out;       /*!<  current transform params (in)   */
+    mbedtls_ssl_transform *transform;           /*!<  negotiated transform params     */
+    mbedtls_ssl_transform *transform_negotiate; /*!<  transform params in negotiation */
+
+    /*
+     * Timers
+     */
+    void *p_timer;              /*!< context for the timer callbacks */
+    void (*f_set_timer)(void *, uint32_t, uint32_t); /*!< set timer callback */
+    int (*f_get_timer)(void *); /*!< get timer callback             */
+
+    /*
+     * Record layer (incoming data)
+     */
+    unsigned char *in_buf;      /*!< input buffer                     */
+    unsigned char *in_ctr;      /*!< 64-bit incoming message counter
+                                     TLS: maintained by us
+                                     DTLS: read from peer             */
+    unsigned char *in_hdr;      /*!< start of record header           */
+    unsigned char *in_len;      /*!< two-bytes message length field   */
+    unsigned char *in_iv;       /*!< ivlen-byte IV                    */
+    unsigned char *in_msg;      /*!< message contents (in_iv+ivlen)   */
+    unsigned char *in_offt;     /*!< read offset in application data  */
+
+    int in_msgtype;             /*!< record header: message type      */
+    size_t in_msglen;           /*!< record header: message length    */
+    size_t in_left;             /*!< amount of data read so far       */
+#if defined(MBEDTLS_SSL_PROTO_DTLS)
+    uint16_t in_epoch;          /*!< DTLS epoch for incoming records  */
+    size_t next_record_offset;  /*!< offset of the next record in datagram
+                                     (equal to in_left if none)       */
+#endif
+#if defined(MBEDTLS_SSL_DTLS_ANTI_REPLAY)
+    uint64_t in_window_top;     /*!< last validated record seq_num    */
+    uint64_t in_window;         /*!< bitmask for replay detection     */
+#endif
+
+    size_t in_hslen;            /*!< current handshake message length,
+                                     including the handshake header   */
+    int nb_zero;                /*!< # of 0-length encrypted messages */
+    int record_read;            /*!< record is already present        */
+
+    /*
+     * Record layer (outgoing data)
+     */
+    unsigned char *out_buf;     /*!< output buffer                    */
+    unsigned char *out_ctr;     /*!< 64-bit outgoing message counter  */
+    unsigned char *out_hdr;     /*!< start of record header           */
+    unsigned char *out_len;     /*!< two-bytes message length field   */
+    unsigned char *out_iv;      /*!< ivlen-byte IV                    */
+    unsigned char *out_msg;     /*!< message contents (out_iv+ivlen)  */
+
+    int out_msgtype;            /*!< record header: message type      */
+    size_t out_msglen;          /*!< record header: message length    */
+    size_t out_left;            /*!< amount of data not yet written   */
+
+#if defined(MBEDTLS_ZLIB_SUPPORT)
+    unsigned char *compress_buf;        /*!<  zlib data buffer        */
+#endif
+#if defined(MBEDTLS_SSL_CBC_RECORD_SPLITTING)
+    signed char split_done;     /*!< current record already splitted? */
+#endif
+
+    /*
+     * PKI layer
+     */
+    int client_auth;                    /*!<  flag for client auth.   */
+
+    /*
+     * User settings
+     */
+#if defined(MBEDTLS_X509_CRT_PARSE_C)
+    char *hostname;             /*!< expected peer CN for verification
+                                     (and SNI if available)                 */
+#endif
+
+#if defined(MBEDTLS_SSL_ALPN)
+    const char *alpn_chosen;    /*!<  negotiated protocol                   */
+#endif
+
+    /*
+     * Information for DTLS hello verify
+     */
+#if defined(MBEDTLS_SSL_DTLS_HELLO_VERIFY) && defined(MBEDTLS_SSL_SRV_C)
+    unsigned char  *cli_id;         /*!<  transport-level ID of the client  */
+    size_t          cli_id_len;     /*!<  length of cli_id                  */
+#endif
+
+    /*
+     * Secure renegotiation
+     */
+    /* needed to know when to send extension on server */
+    int secure_renegotiation;           /*!<  does peer support legacy or
+                                              secure renegotiation           */
+#if defined(MBEDTLS_SSL_RENEGOTIATION)
+    size_t verify_data_len;             /*!<  length of verify data stored   */
+    char own_verify_data[MBEDTLS_SSL_VERIFY_DATA_MAX_LEN]; /*!<  previous handshake verify data */
+    char peer_verify_data[MBEDTLS_SSL_VERIFY_DATA_MAX_LEN]; /*!<  previous handshake verify data */
+#endif
+};
+
+#if defined(MBEDTLS_SSL_HW_RECORD_ACCEL)
+
+#define MBEDTLS_SSL_CHANNEL_OUTBOUND    0
+#define MBEDTLS_SSL_CHANNEL_INBOUND     1
+
+extern int (*mbedtls_ssl_hw_record_init)(mbedtls_ssl_context *ssl,
+                const unsigned char *key_enc, const unsigned char *key_dec,
+                size_t keylen,
+                const unsigned char *iv_enc,  const unsigned char *iv_dec,
+                size_t ivlen,
+                const unsigned char *mac_enc, const unsigned char *mac_dec,
+                size_t maclen);
+extern int (*mbedtls_ssl_hw_record_activate)(mbedtls_ssl_context *ssl, int direction);
+extern int (*mbedtls_ssl_hw_record_reset)(mbedtls_ssl_context *ssl);
+extern int (*mbedtls_ssl_hw_record_write)(mbedtls_ssl_context *ssl);
+extern int (*mbedtls_ssl_hw_record_read)(mbedtls_ssl_context *ssl);
+extern int (*mbedtls_ssl_hw_record_finish)(mbedtls_ssl_context *ssl);
+#endif /* MBEDTLS_SSL_HW_RECORD_ACCEL */
+
+/**
+ * \brief Returns the list of ciphersuites supported by the SSL/TLS module.
+ *
+ * \return              a statically allocated array of ciphersuites, the last
+ *                      entry is 0.
+ */
+const int *mbedtls_ssl_list_ciphersuites( void );
+
+/**
+ * \brief               Return the name of the ciphersuite associated with the
+ *                      given ID
+ *
+ * \param ciphersuite_id SSL ciphersuite ID
+ *
+ * \return              a string containing the ciphersuite name
+ */
+const char *mbedtls_ssl_get_ciphersuite_name( const int ciphersuite_id );
+
+/**
+ * \brief               Return the ID of the ciphersuite associated with the
+ *                      given name
+ *
+ * \param ciphersuite_name SSL ciphersuite name
+ *
+ * \return              the ID with the ciphersuite or 0 if not found
+ */
+int mbedtls_ssl_get_ciphersuite_id( const char *ciphersuite_name );
+
+/**
+ * \brief          Initialize an SSL context
+ *                 Just makes the context ready for mbedtls_ssl_setup() or
+ *                 mbedtls_ssl_free()
+ *
+ * \param ssl      SSL context
+ */
+void mbedtls_ssl_init( mbedtls_ssl_context *ssl );
+
+/**
+ * \brief          Set up an SSL context for use
+ *
+ * \note           No copy of the configuration context is made, it can be
+ *                 shared by many mbedtls_ssl_context structures.
+ *
+ * \warning        Modifying the conf structure after is has been used in this
+ *                 function is unsupported!
+ *
+ * \param ssl      SSL context
+ * \param conf     SSL configuration to use
+ *
+ * \return         0 if successful, or MBEDTLS_ERR_SSL_ALLOC_FAILED if
+ *                 memory allocation failed
+ */
+int mbedtls_ssl_setup( mbedtls_ssl_context *ssl,
+                       const mbedtls_ssl_config *conf );
+
+/**
+ * \brief          Reset an already initialized SSL context for re-use
+ *                 while retaining application-set variables, function
+ *                 pointers and data.
+ *
+ * \param ssl      SSL context
+ * \return         0 if successful, or POLASSL_ERR_SSL_MALLOC_FAILED,
+                   MBEDTLS_ERR_SSL_HW_ACCEL_FAILED or
+ *                 MBEDTLS_ERR_SSL_COMPRESSION_FAILED
+ */
+int mbedtls_ssl_session_reset( mbedtls_ssl_context *ssl );
+
+/**
+ * \brief          Set the current endpoint type
+ *
+ * \param conf     SSL configuration
+ * \param endpoint must be MBEDTLS_SSL_IS_CLIENT or MBEDTLS_SSL_IS_SERVER
+ */
+void mbedtls_ssl_conf_endpoint( mbedtls_ssl_config *conf, int endpoint );
+
+/**
+ * \brief           Set the transport type (TLS or DTLS).
+ *                  Default: TLS
+ *
+ * \note            For DTLS, you must either provide a recv callback that
+ *                  doesn't block, or one that handles timeouts, see
+ *                  \c mbedtls_ssl_set_bio(). You also need to provide timer
+ *                  callbacks with \c mbedtls_ssl_set_timer_cb().
+ *
+ * \param conf      SSL configuration
+ * \param transport transport type:
+ *                  MBEDTLS_SSL_TRANSPORT_STREAM for TLS,
+ *                  MBEDTLS_SSL_TRANSPORT_DATAGRAM for DTLS.
+ */
+void mbedtls_ssl_conf_transport( mbedtls_ssl_config *conf, int transport );
+
+/**
+ * \brief          Set the certificate verification mode
+ *                 Default: NONE on server, REQUIRED on client
+ *
+ * \param conf     SSL configuration
+ * \param authmode can be:
+ *
+ *  MBEDTLS_SSL_VERIFY_NONE:      peer certificate is not checked
+ *                        (default on server)
+ *                        (insecure on client)
+ *
+ *  MBEDTLS_SSL_VERIFY_OPTIONAL:  peer certificate is checked, however the
+ *                        handshake continues even if verification failed;
+ *                        mbedtls_ssl_get_verify_result() can be called after the
+ *                        handshake is complete.
+ *
+ *  MBEDTLS_SSL_VERIFY_REQUIRED:  peer *must* present a valid certificate,
+ *                        handshake is aborted if verification failed.
+ *
+ * \note On client, MBEDTLS_SSL_VERIFY_REQUIRED is the recommended mode.
+ * With MBEDTLS_SSL_VERIFY_OPTIONAL, the user needs to call mbedtls_ssl_get_verify_result() at
+ * the right time(s), which may not be obvious, while REQUIRED always perform
+ * the verification as soon as possible. For example, REQUIRED was protecting
+ * against the "triple handshake" attack even before it was found.
+ */
+void mbedtls_ssl_conf_authmode( mbedtls_ssl_config *conf, int authmode );
+
+#if defined(MBEDTLS_X509_CRT_PARSE_C)
+/**
+ * \brief          Set the verification callback (Optional).
+ *
+ *                 If set, the verify callback is called for each
+ *                 certificate in the chain. For implementation
+ *                 information, please see \c x509parse_verify()
+ *
+ * \param conf     SSL configuration
+ * \param f_vrfy   verification function
+ * \param p_vrfy   verification parameter
+ */
+void mbedtls_ssl_conf_verify( mbedtls_ssl_config *conf,
+                     int (*f_vrfy)(void *, mbedtls_x509_crt *, int, uint32_t *),
+                     void *p_vrfy );
+#endif /* MBEDTLS_X509_CRT_PARSE_C */
+
+/**
+ * \brief          Set the random number generator callback
+ *
+ * \param conf     SSL configuration
+ * \param f_rng    RNG function
+ * \param p_rng    RNG parameter
+ */
+void mbedtls_ssl_conf_rng( mbedtls_ssl_config *conf,
+                  int (*f_rng)(void *, unsigned char *, size_t),
+                  void *p_rng );
+
+/**
+ * \brief          Set the debug callback
+ *
+ *                 The callback has the following argument:
+ *                 void *           opaque context for the callback
+ *                 int              debug level
+ *                 const char *     file name
+ *                 int              line number
+ *                 const char *     message
+ *
+ * \param conf     SSL configuration
+ * \param f_dbg    debug function
+ * \param p_dbg    debug parameter
+ */
+void mbedtls_ssl_conf_dbg( mbedtls_ssl_config *conf,
+                  void (*f_dbg)(void *, int, const char *, int, const char *),
+                  void  *p_dbg );
+
+/**
+ * \brief          Set the underlying BIO callbacks for write, read and
+ *                 read-with-timeout.
+ *
+ * \param ssl      SSL context
+ * \param p_bio    parameter (context) shared by BIO callbacks
+ * \param f_send   write callback
+ * \param f_recv   read callback
+ * \param f_recv_timeout blocking read callback with timeout.
+ *                 The last argument is the timeout in milliseconds,
+ *                 0 means no timeout (block forever until a message comes)
+ *
+ * \note           One of f_recv or f_recv_timeout can be NULL, in which case
+ *                 the other is used. If both are non-NULL, f_recv_timeout is
+ *                 used and f_recv is ignored (as if it were NULL).
+ *
+ * \note           The two most common use cases are:
+ *                 - non-blocking I/O, f_recv != NULL, f_recv_timeout == NULL
+ *                 - blocking I/O, f_recv == NULL, f_recv_timout != NULL
+ *
+ * \note           For DTLS, you need to provide either a non-NULL
+ *                 f_recv_timeout callback, or a f_recv that doesn't block.
+ */
+void mbedtls_ssl_set_bio( mbedtls_ssl_context *ssl,
+        void *p_bio,
+        int (*f_send)(void *, const unsigned char *, size_t),
+        int (*f_recv)(void *, unsigned char *, size_t),
+        int (*f_recv_timeout)(void *, unsigned char *, size_t, uint32_t) );
+
+/**
+ * \brief          Set the timeout period for mbedtls_ssl_read()
+ *                 (Default: no timeout.)
+ *
+ * \param conf     SSL configuration context
+ * \param timeout  Timeout value in milliseconds.
+ *                 Use 0 for no timeout (default).
+ *
+ * \note           With blocking I/O, this will only work if a non-NULL
+ *                 \c f_recv_timeout was set with \c mbedtls_ssl_set_bio().
+ *                 With non-blocking I/O, this will only work if timer
+ *                 callbacks were set with \c mbedtls_ssl_set_timer_cb().
+ *
+ * \note           With non-blocking I/O, you may also skip this function
+ *                 altogether and handle timeouts at the application layer.
+ */
+void mbedtls_ssl_conf_read_timeout( mbedtls_ssl_config *conf, uint32_t timeout );
+
+/**
+ * \brief          Set the timer callbacks
+ *                 (Mandatory for DTLS.)
+ *
+ * \param ssl      SSL context
+ * \param p_timer  parameter (context) shared by timer callback
+ * \param f_set_timer   set timer callback
+ *                 Accepts an intermediate and a final delay in milliseconcs
+ *                 If the final delay is 0, cancels the running timer.
+ * \param f_get_timer   get timer callback. Must return:
+ *                 -1 if cancelled
+ *                 0 if none of the delays is expired
+ *                 1 if the intermediate delay only is expired
+ *                 2 if the final delay is expired
+ */
+void mbedtls_ssl_set_timer_cb( mbedtls_ssl_context *ssl,
+                               void *p_timer,
+                               void (*f_set_timer)(void *, uint32_t int_ms, uint32_t fin_ms),
+                               int (*f_get_timer)(void *) );
+
+/**
+ * \brief           Callback type: generate and write session ticket
+ *
+ * \note            This describes what a callback implementation should do.
+ *                  This callback should generate and encrypted and
+ *                  authenticated ticket for the session and write it to the
+ *                  output buffer. Here, ticket means the opaque ticket part
+ *                  of the NewSessionTicket structure of RFC 5077.
+ *
+ * \param p_ticket  Context for the callback
+ * \param session   SSL session to bo written in the ticket
+ * \param start     Start of the outpur buffer
+ * \param end       End of the output buffer
+ * \param tlen      On exit, holds the length written
+ * \param lifetime  On exit, holds the lifetime of the ticket in seconds
+ *
+ * \return          0 if successful, or
+ *                  a specific MBEDTLS_ERR_XXX code.
+ */
+typedef int mbedtls_ssl_ticket_write_t( void *p_ticket,
+                                        const mbedtls_ssl_session *session,
+                                        unsigned char *start,
+                                        const unsigned char *end,
+                                        size_t *tlen,
+                                        uint32_t *lifetime );
+
+/**
+ * \brief           Callback type: parse and load session ticket
+ *
+ * \note            This describes what a callback implementation should do.
+ *                  This callback should parse a session ticket as generated
+ *                  by the corresponding mbedtls_ssl_ticket_write_t function,
+ *                  and, if the ticket is authentic and valid, load the
+ *                  session.
+ *
+ * \note            The implementation is allowed to modify the first len
+ *                  bytes of the input buffer, eg to use it as a temporary
+ *                  area for the decrypted ticket contents.
+ *
+ * \param p_ticket  Context for the callback
+ * \param session   SSL session to be loaded
+ * \param buf       Start of the buffer containing the ticket
+ * \param len       Length of the ticket.
+ *
+ * \return          0 if successful, or
+ *                  MBEDTLS_ERR_SSL_INVALID_MAC if not authentic, or
+ *                  MBEDTLS_ERR_SSL_SESSION_TICKET_EXPIRED if expired, or
+ *                  any other non-zero code for other failures.
+ */
+typedef int mbedtls_ssl_ticket_parse_t( void *p_ticket,
+                                        mbedtls_ssl_session *session,
+                                        unsigned char *buf,
+                                        size_t len );
+
+#if defined(MBEDTLS_SSL_SESSION_TICKETS) && defined(MBEDTLS_SSL_SRV_C)
+/**
+ * \brief           Configure SSL session ticket callbacks (server only).
+ *                  (Default: none.)
+ *
+ * \note            On server, session tickets are enabled by providing
+ *                  non-NULL callbacks.
+ *
+ * \note            On client, use \c mbedtls_ssl_conf_session_tickets().
+ *
+ * \param conf      SSL configuration context
+ * \param f_ticket_write    Callback for writing a ticket
+ * \param f_ticket_parse    Callback for parsing a ticket
+ * \param p_ticket          Context shared by the two callbacks
+ */
+void mbedtls_ssl_conf_session_tickets_cb( mbedtls_ssl_config *conf,
+        mbedtls_ssl_ticket_write_t *f_ticket_write,
+        mbedtls_ssl_ticket_parse_t *f_ticket_parse,
+        void *p_ticket );
+#endif /* MBEDTLS_SSL_SESSION_TICKETS && MBEDTLS_SSL_SRV_C */
+
+/**
+ * \brief          Callback type: generate a cookie
+ *
+ * \param ctx      Context for the callback
+ * \param p        Buffer to write to,
+ *                 must be updated to point right after the cookie
+ * \param end      Pointer to one past the end of the output buffer
+ * \param info     Client ID info that was passed to
+ *                 \c mbedtls_ssl_set_client_transport_id()
+ * \param ilen     Length of info in bytes
+ *
+ * \return         The callback must return 0 on success,
+ *                 or a negative error code.
+ */
+typedef int mbedtls_ssl_cookie_write_t( void *ctx,
+                                unsigned char **p, unsigned char *end,
+                                const unsigned char *info, size_t ilen );
+
+/**
+ * \brief          Callback type: verify a cookie
+ *
+ * \param ctx      Context for the callback
+ * \param cookie   Cookie to verify
+ * \param clen     Length of cookie
+ * \param info     Client ID info that was passed to
+ *                 \c mbedtls_ssl_set_client_transport_id()
+ * \param ilen     Length of info in bytes
+ *
+ * \return         The callback must return 0 if cookie is valid,
+ *                 or a negative error code.
+ */
+typedef int mbedtls_ssl_cookie_check_t( void *ctx,
+                                const unsigned char *cookie, size_t clen,
+                                const unsigned char *info, size_t ilen );
+
+#if defined(MBEDTLS_SSL_DTLS_HELLO_VERIFY) && defined(MBEDTLS_SSL_SRV_C)
+/**
+ * \brief           Register callbacks for DTLS cookies
+ *                  (Server only. DTLS only.)
+ *
+ *                  Default: dummy callbacks that fail, in order to force you to
+ *                  register working callbacks (and initialize their context).
+ *
+ *                  To disable HelloVerifyRequest, register NULL callbacks.
+ *
+ * \warning         Disabling hello verification allows your server to be used
+ *                  for amplification in DoS attacks against other hosts.
+ *                  Only disable if you known this can't happen in your
+ *                  particular environment.
+ *
+ * \note            See comments on \c mbedtls_ssl_handshake() about handling
+ *                  the MBEDTLS_ERR_SSL_HELLO_VERIFY_REQUIRED that is expected
+ *                  on the first handshake attempt when this is enabled.
+ *
+ * \note            This is also necessary to handle client reconnection from
+ *                  the same port as described in RFC 6347 section 4.2.8 (only
+ *                  the variant with cookies is supported currently). See
+ *                  comments on \c mbedtls_ssl_read() for details.
+ *
+ * \param conf              SSL configuration
+ * \param f_cookie_write    Cookie write callback
+ * \param f_cookie_check    Cookie check callback
+ * \param p_cookie          Context for both callbacks
+ */
+void mbedtls_ssl_conf_dtls_cookies( mbedtls_ssl_config *conf,
+                           mbedtls_ssl_cookie_write_t *f_cookie_write,
+                           mbedtls_ssl_cookie_check_t *f_cookie_check,
+                           void *p_cookie );
+
+/**
+ * \brief          Set client's transport-level identification info.
+ *                 (Server only. DTLS only.)
+ *
+ *                 This is usually the IP address (and port), but could be
+ *                 anything identify the client depending on the underlying
+ *                 network stack. Used for HelloVerifyRequest with DTLS.
+ *                 This is *not* used to route the actual packets.
+ *
+ * \param ssl      SSL context
+ * \param info     Transport-level info identifying the client (eg IP + port)
+ * \param ilen     Length of info in bytes
+ *
+ * \note           An internal copy is made, so the info buffer can be reused.
+ *
+ * \return         0 on success,
+ *                 MBEDTLS_ERR_SSL_BAD_INPUT_DATA if used on client,
+ *                 MBEDTLS_ERR_SSL_ALLOC_FAILED if out of memory.
+ */
+int mbedtls_ssl_set_client_transport_id( mbedtls_ssl_context *ssl,
+                                 const unsigned char *info,
+                                 size_t ilen );
+
+#endif /* MBEDTLS_SSL_DTLS_HELLO_VERIFY && MBEDTLS_SSL_SRV_C */
+
+#if defined(MBEDTLS_SSL_DTLS_ANTI_REPLAY)
+/**
+ * \brief          Enable or disable anti-replay protection for DTLS.
+ *                 (DTLS only, no effect on TLS.)
+ *                 Default: enabled.
+ *
+ * \param conf     SSL configuration
+ * \param mode     MBEDTLS_SSL_ANTI_REPLAY_ENABLED or MBEDTLS_SSL_ANTI_REPLAY_DISABLED.
+ *
+ * \warning        Disabling this is a security risk unless the application
+ *                 protocol handles duplicated packets in a safe way. You
+ *                 should not disable this without careful consideration.
+ *                 However, if your application already detects duplicated
+ *                 packets and needs information about them to adjust its
+ *                 transmission strategy, then you'll want to disable this.
+ */
+void mbedtls_ssl_conf_dtls_anti_replay( mbedtls_ssl_config *conf, char mode );
+#endif /* MBEDTLS_SSL_DTLS_ANTI_REPLAY */
+
+#if defined(MBEDTLS_SSL_DTLS_BADMAC_LIMIT)
+/**
+ * \brief          Set a limit on the number of records with a bad MAC
+ *                 before terminating the connection.
+ *                 (DTLS only, no effect on TLS.)
+ *                 Default: 0 (disabled).
+ *
+ * \param conf     SSL configuration
+ * \param limit    Limit, or 0 to disable.
+ *
+ * \note           If the limit is N, then the connection is terminated when
+ *                 the Nth non-authentic record is seen.
+ *
+ * \note           Records with an invalid header are not counted, only the
+ *                 ones going through the authentication-decryption phase.
+ *
+ * \note           This is a security trade-off related to the fact that it's
+ *                 often relatively easy for an active attacker ot inject UDP
+ *                 datagrams. On one hand, setting a low limit here makes it
+ *                 easier for such an attacker to forcibly terminated a
+ *                 connection. On the other hand, a high limit or no limit
+ *                 might make us waste resources checking authentication on
+ *                 many bogus packets.
+ */
+void mbedtls_ssl_conf_dtls_badmac_limit( mbedtls_ssl_config *conf, unsigned limit );
+#endif /* MBEDTLS_SSL_DTLS_BADMAC_LIMIT */
+
+#if defined(MBEDTLS_SSL_PROTO_DTLS)
+/**
+ * \brief          Set retransmit timeout values for the DTLS handshale.
+ *                 (DTLS only, no effect on TLS.)
+ *
+ * \param conf     SSL configuration
+ * \param min      Initial timeout value in milliseconds.
+ *                 Default: 1000 (1 second).
+ * \param max      Maximum timeout value in milliseconds.
+ *                 Default: 60000 (60 seconds).
+ *
+ * \note           Default values are from RFC 6347 section 4.2.4.1.
+ *
+ * \note           Higher values for initial timeout may increase average
+ *                 handshake latency. Lower values may increase the risk of
+ *                 network congestion by causing more retransmissions.
+ */
+void mbedtls_ssl_conf_handshake_timeout( mbedtls_ssl_config *conf, uint32_t min, uint32_t max );
+#endif /* MBEDTLS_SSL_PROTO_DTLS */
+
+#if defined(MBEDTLS_SSL_SRV_C)
+/**
+ * \brief          Set the session cache callbacks (server-side only)
+ *                 If not set, no session resuming is done (except if session
+ *                 tickets are enabled too).
+ *
+ *                 The session cache has the responsibility to check for stale
+ *                 entries based on timeout. See RFC 5246 for recommendations.
+ *
+ *                 Warning: session.peer_cert is cleared by the SSL/TLS layer on
+ *                 connection shutdown, so do not cache the pointer! Either set
+ *                 it to NULL or make a full copy of the certificate.
+ *
+ *                 The get callback is called once during the initial handshake
+ *                 to enable session resuming. The get function has the
+ *                 following parameters: (void *parameter, mbedtls_ssl_session *session)
+ *                 If a valid entry is found, it should fill the master of
+ *                 the session object with the cached values and return 0,
+ *                 return 1 otherwise. Optionally peer_cert can be set as well
+ *                 if it is properly present in cache entry.
+ *
+ *                 The set callback is called once during the initial handshake
+ *                 to enable session resuming after the entire handshake has
+ *                 been finished. The set function has the following parameters:
+ *                 (void *parameter, const mbedtls_ssl_session *session). The function
+ *                 should create a cache entry for future retrieval based on
+ *                 the data in the session structure and should keep in mind
+ *                 that the mbedtls_ssl_session object presented (and all its referenced
+ *                 data) is cleared by the SSL/TLS layer when the connection is
+ *                 terminated. It is recommended to add metadata to determine if
+ *                 an entry is still valid in the future. Return 0 if
+ *                 successfully cached, return 1 otherwise.
+ *
+ * \param conf           SSL configuration
+ * \param p_cache        parmater (context) for both callbacks
+ * \param f_get_cache    session get callback
+ * \param f_set_cache    session set callback
+ */
+void mbedtls_ssl_conf_session_cache( mbedtls_ssl_config *conf,
+        void *p_cache,
+        int (*f_get_cache)(void *, mbedtls_ssl_session *),
+        int (*f_set_cache)(void *, const mbedtls_ssl_session *) );
+#endif /* MBEDTLS_SSL_SRV_C */
+
+#if defined(MBEDTLS_SSL_CLI_C)
+/**
+ * \brief          Request resumption of session (client-side only)
+ *                 Session data is copied from presented session structure.
+ *
+ * \param ssl      SSL context
+ * \param session  session context
+ *
+ * \return         0 if successful,
+ *                 MBEDTLS_ERR_SSL_ALLOC_FAILED if memory allocation failed,
+ *                 MBEDTLS_ERR_SSL_BAD_INPUT_DATA if used server-side or
+ *                 arguments are otherwise invalid
+ *
+ * \sa             mbedtls_ssl_get_session()
+ */
+int mbedtls_ssl_set_session( mbedtls_ssl_context *ssl, const mbedtls_ssl_session *session );
+#endif /* MBEDTLS_SSL_CLI_C */
+
+/**
+ * \brief               Set the list of allowed ciphersuites and the preference
+ *                      order. First in the list has the highest preference.
+ *                      (Overrides all version specific lists)
+ *
+ *                      The ciphersuites array is not copied, and must remain
+ *                      valid for the lifetime of the ssl_config.
+ *
+ *                      Note: The server uses its own preferences
+ *                      over the preference of the client unless
+ *                      MBEDTLS_SSL_SRV_RESPECT_CLIENT_PREFERENCE is defined!
+ *
+ * \param conf          SSL configuration
+ * \param ciphersuites  0-terminated list of allowed ciphersuites
+ */
+void mbedtls_ssl_conf_ciphersuites( mbedtls_ssl_config *conf,
+                                   const int *ciphersuites );
+
+/**
+ * \brief               Set the list of allowed ciphersuites and the
+ *                      preference order for a specific version of the protocol.
+ *                      (Only useful on the server side)
+ *
+ *                      The ciphersuites array is not copied, and must remain
+ *                      valid for the lifetime of the ssl_config.
+ *
+ * \param conf          SSL configuration
+ * \param ciphersuites  0-terminated list of allowed ciphersuites
+ * \param major         Major version number (only MBEDTLS_SSL_MAJOR_VERSION_3
+ *                      supported)
+ * \param minor         Minor version number (MBEDTLS_SSL_MINOR_VERSION_0,
+ *                      MBEDTLS_SSL_MINOR_VERSION_1 and MBEDTLS_SSL_MINOR_VERSION_2,
+ *                      MBEDTLS_SSL_MINOR_VERSION_3 supported)
+ *
+ * \note                With DTLS, use MBEDTLS_SSL_MINOR_VERSION_2 for DTLS 1.0
+ *                      and MBEDTLS_SSL_MINOR_VERSION_3 for DTLS 1.2
+ */
+void mbedtls_ssl_conf_ciphersuites_for_version( mbedtls_ssl_config *conf,
+                                       const int *ciphersuites,
+                                       int major, int minor );
+
+#if defined(MBEDTLS_X509_CRT_PARSE_C)
+/**
+ * \brief          Set the X.509 security profile used for verification
+ *
+ * \param conf     SSL configuration
+ * \param profile  Profile to use
+ */
+void mbedtls_ssl_conf_cert_profile( mbedtls_ssl_config *conf,
+                                    const mbedtls_x509_crt_profile *profile );
+
+/**
+ * \brief          Set the data required to verify peer certificate
+ *
+ * \param conf     SSL configuration
+ * \param ca_chain trusted CA chain (meaning all fully trusted top-level CAs)
+ * \param ca_crl   trusted CA CRLs
+ */
+void mbedtls_ssl_conf_ca_chain( mbedtls_ssl_config *conf,
+                               mbedtls_x509_crt *ca_chain,
+                               mbedtls_x509_crl *ca_crl );
+
+/**
+ * \brief          Set own certificate chain and private key
+ *
+ * \note           own_cert should contain in order from the bottom up your
+ *                 certificate chain. The top certificate (self-signed)
+ *                 can be omitted.
+ *
+ * \note           On server, this function can be called multiple times to
+ *                 provision more than one cert/key pair (eg one ECDSA, one
+ *                 RSA with SHA-256, one RSA with SHA-1). An adequate
+ *                 certificate will be selected according to the client's
+ *                 advertised capabilities. In case mutliple certificates are
+ *                 adequate, preference is given to the one set by the first
+ *                 call to this function, then second, etc.
+ *
+ * \note           On client, only the first call has any effect.
+ *
+ * \param conf     SSL configuration
+ * \param own_cert own public certificate chain
+ * \param pk_key   own private key
+ *
+ * \return         0 on success or MBEDTLS_ERR_SSL_ALLOC_FAILED
+ */
+int mbedtls_ssl_conf_own_cert( mbedtls_ssl_config *conf,
+                              mbedtls_x509_crt *own_cert,
+                              mbedtls_pk_context *pk_key );
+#endif /* MBEDTLS_X509_CRT_PARSE_C */
+
+#if defined(MBEDTLS_KEY_EXCHANGE__SOME__PSK_ENABLED)
+/**
+ * \brief          Set the Pre Shared Key (PSK) and the expected identity name
+ *
+ * \note           This is mainly useful for clients. Servers will usually
+ *                 want to use \c mbedtls_ssl_conf_psk_cb() instead.
+ *
+ * \param conf     SSL configuration
+ * \param psk      pointer to the pre-shared key
+ * \param psk_len  pre-shared key length
+ * \param psk_identity      pointer to the pre-shared key identity
+ * \param psk_identity_len  identity key length
+ *
+ * \return         0 if successful or MBEDTLS_ERR_SSL_ALLOC_FAILED
+ */
+int mbedtls_ssl_conf_psk( mbedtls_ssl_config *conf,
+                const unsigned char *psk, size_t psk_len,
+                const unsigned char *psk_identity, size_t psk_identity_len );
+
+
+/**
+ * \brief          Set the Pre Shared Key (PSK) for the current handshake
+ *
+ * \note           This should only be called inside the PSK callback,
+ *                 ie the function passed to \c mbedtls_ssl_conf_psk_cb().
+ *
+ * \param ssl      SSL context
+ * \param psk      pointer to the pre-shared key
+ * \param psk_len  pre-shared key length
+ *
+ * \return         0 if successful or MBEDTLS_ERR_SSL_ALLOC_FAILED
+ */
+int mbedtls_ssl_set_hs_psk( mbedtls_ssl_context *ssl,
+                            const unsigned char *psk, size_t psk_len );
+
+/**
+ * \brief          Set the PSK callback (server-side only).
+ *
+ *                 If set, the PSK callback is called for each
+ *                 handshake where a PSK ciphersuite was negotiated.
+ *                 The caller provides the identity received and wants to
+ *                 receive the actual PSK data and length.
+ *
+ *                 The callback has the following parameters: (void *parameter,
+ *                 mbedtls_ssl_context *ssl, const unsigned char *psk_identity,
+ *                 size_t identity_len)
+ *                 If a valid PSK identity is found, the callback should use
+ *                 \c mbedtls_ssl_set_hs_psk() on the ssl context to set the
+ *                 correct PSK and return 0.
+ *                 Any other return value will result in a denied PSK identity.
+ *
+ * \note           If you set a PSK callback using this function, then you
+ *                 don't need to set a PSK key and identity using
+ *                 \c mbedtls_ssl_conf_psk().
+ *
+ * \param conf     SSL configuration
+ * \param f_psk    PSK identity function
+ * \param p_psk    PSK identity parameter
+ */
+void mbedtls_ssl_conf_psk_cb( mbedtls_ssl_config *conf,
+                     int (*f_psk)(void *, mbedtls_ssl_context *, const unsigned char *,
+                                  size_t),
+                     void *p_psk );
+#endif /* MBEDTLS_KEY_EXCHANGE__SOME__PSK_ENABLED */
+
+#if defined(MBEDTLS_DHM_C) && defined(MBEDTLS_SSL_SRV_C)
+/**
+ * \brief          Set the Diffie-Hellman public P and G values,
+ *                 read as hexadecimal strings (server-side only)
+ *                 (Default: MBEDTLS_DHM_RFC5114_MODP_2048_[PG])
+ *
+ * \param conf     SSL configuration
+ * \param dhm_P    Diffie-Hellman-Merkle modulus
+ * \param dhm_G    Diffie-Hellman-Merkle generator
+ *
+ * \return         0 if successful
+ */
+int mbedtls_ssl_conf_dh_param( mbedtls_ssl_config *conf, const char *dhm_P, const char *dhm_G );
+
+/**
+ * \brief          Set the Diffie-Hellman public P and G values,
+ *                 read from existing context (server-side only)
+ *
+ * \param conf     SSL configuration
+ * \param dhm_ctx  Diffie-Hellman-Merkle context
+ *
+ * \return         0 if successful
+ */
+int mbedtls_ssl_conf_dh_param_ctx( mbedtls_ssl_config *conf, mbedtls_dhm_context *dhm_ctx );
+#endif /* MBEDTLS_DHM_C && defined(MBEDTLS_SSL_SRV_C) */
+
+#if defined(MBEDTLS_DHM_C) && defined(MBEDTLS_SSL_CLI_C)
+/**
+ * \brief          Set the minimum length for Diffie-Hellman parameters.
+ *                 (Client-side only.)
+ *                 (Default: 1024 bits.)
+ *
+ * \param conf     SSL configuration
+ * \param bitlen   Minimum bit length of the DHM prime
+ */
+void mbedtls_ssl_conf_dhm_min_bitlen( mbedtls_ssl_config *conf,
+                                      unsigned int bitlen );
+#endif /* MBEDTLS_DHM_C && MBEDTLS_SSL_CLI_C */
+
+#if defined(MBEDTLS_ECP_C)
+/**
+ * \brief          Set the allowed curves in order of preference.
+ *                 (Default: all defined curves.)
+ *
+ *                 On server: this only affects selection of the ECDHE curve;
+ *                 the curves used for ECDH and ECDSA are determined by the
+ *                 list of available certificates instead.
+ *
+ *                 On client: this affects the list of curves offered for any
+ *                 use. The server can override our preference order.
+ *
+ *                 Both sides: limits the set of curves used by peer to the
+ *                 listed curves for any use ECDHE and the end-entity
+ *                 certificate.
+ *
+ * \note           This has no influence on which curve are allowed inside the
+ *                 certificate chains, see \c mbedtls_ssl_conf_cert_profile()
+ *                 for that. For example, if the peer's certificate chain is
+ *                 EE -> CA_int -> CA_root, then the allowed curves for EE are
+ *                 controlled by \c mbedtls_ssl_conf_curves() but for CA_int
+ *                 and CA_root it's \c mbedtls_ssl_conf_cert_profile().
+ *
+ * \note           This list should be ordered by decreasing preference
+ *                 (preferred curve first).
+ *
+ * \param conf     SSL configuration
+ * \param curves   Ordered list of allowed curves,
+ *                 terminated by MBEDTLS_ECP_DP_NONE.
+ */
+void mbedtls_ssl_conf_curves( mbedtls_ssl_config *conf,
+                              const mbedtls_ecp_group_id *curves );
+#endif /* MBEDTLS_ECP_C */
+
+#if defined(MBEDTLS_KEY_EXCHANGE__SOME__SIGNATURE_ENABLED)
+/**
+ * \brief          Set the allowed hashes for signatures during the handshake.
+ *                 (Default: all available hashes.)
+ *
+ * \note           This only affects which hashes are offered and can be used
+ *                 for signatures during the handshake. Hashes for message
+ *                 authentication and the TLS PRF are controlled by the
+ *                 ciphersuite, see \c mbedtls_ssl_conf_ciphersuites(). Hashes
+ *                 used for certificate signature are controlled by the
+ *                 verification profile, see \c mbedtls_ssl_conf_cert_profile().
+ *
+ * \note           This list should be ordered by decreasing preference
+ *                 (preferred hash first).
+ *
+ * \param conf     SSL configuration
+ * \param hashes   Ordered list of allowed signature hashes,
+ *                 terminated by \c MBEDTLS_MD_NONE.
+ */
+void mbedtls_ssl_conf_sig_hashes( mbedtls_ssl_config *conf,
+                                  const int *hashes );
+#endif /* MBEDTLS_KEY_EXCHANGE__SOME__SIGNATURE_ENABLED */
+
+#if defined(MBEDTLS_X509_CRT_PARSE_C)
+/**
+ * \brief          Set hostname for ServerName TLS extension
+ *                 (client-side only)
+ *
+ *
+ * \param ssl      SSL context
+ * \param hostname the server hostname
+ *
+ * \return         0 if successful or MBEDTLS_ERR_SSL_ALLOC_FAILED
+ */
+int mbedtls_ssl_set_hostname( mbedtls_ssl_context *ssl, const char *hostname );
+#endif /* MBEDTLS_X509_CRT_PARSE_C */
+
+#if defined(MBEDTLS_SSL_SERVER_NAME_INDICATION)
+/**
+ * \brief          Set own certificate and key for the current handshake
+ *
+ * \note           Same as \c mbedtls_ssl_conf_own_cert() but for use within
+ *                 the SNI callback.
+ *
+ * \param ssl      SSL context
+ * \param own_cert own public certificate chain
+ * \param pk_key   own private key
+ *
+ * \return         0 on success or MBEDTLS_ERR_SSL_ALLOC_FAILED
+ */
+int mbedtls_ssl_set_hs_own_cert( mbedtls_ssl_context *ssl,
+                                 mbedtls_x509_crt *own_cert,
+                                 mbedtls_pk_context *pk_key );
+
+/**
+ * \brief          Set the data required to verify peer certificate for the
+ *                 current handshake
+ *
+ * \note           Same as \c mbedtls_ssl_conf_ca_chain() but for use within
+ *                 the SNI callback.
+ *
+ * \param ssl      SSL context
+ * \param ca_chain trusted CA chain (meaning all fully trusted top-level CAs)
+ * \param ca_crl   trusted CA CRLs
+ */
+void mbedtls_ssl_set_hs_ca_chain( mbedtls_ssl_context *ssl,
+                                  mbedtls_x509_crt *ca_chain,
+                                  mbedtls_x509_crl *ca_crl );
+
+/**
+ * \brief          Set authmode for the current handshake.
+ *
+ * \note           Same as \c mbedtls_ssl_conf_authmode() but for use within
+ *                 the SNI callback.
+ *
+ * \param ssl      SSL context
+ * \param authmode MBEDTLS_SSL_VERIFY_NONE, MBEDTLS_SSL_VERIFY_OPTIONAL or
+ *                 MBEDTLS_SSL_VERIFY_REQUIRED
+ */
+void mbedtls_ssl_set_hs_authmode( mbedtls_ssl_context *ssl,
+                                  int authmode );
+
+/**
+ * \brief          Set server side ServerName TLS extension callback
+ *                 (optional, server-side only).
+ *
+ *                 If set, the ServerName callback is called whenever the
+ *                 server receives a ServerName TLS extension from the client
+ *                 during a handshake. The ServerName callback has the
+ *                 following parameters: (void *parameter, mbedtls_ssl_context *ssl,
+ *                 const unsigned char *hostname, size_t len). If a suitable
+ *                 certificate is found, the callback must set the
+ *                 certificate(s) and key(s) to use with \c
+ *                 mbedtls_ssl_set_hs_own_cert() (can be called repeatedly),
+ *                 and may optionally adjust the CA and associated CRL with \c
+ *                 mbedtls_ssl_set_hs_ca_chain() as well as the client
+ *                 authentication mode with \c mbedtls_ssl_set_hs_authmode(),
+ *                 then must return 0. If no matching name is found, the
+ *                 callback must either set a default cert, or
+ *                 return non-zero to abort the handshake at this point.
+ *
+ * \param conf     SSL configuration
+ * \param f_sni    verification function
+ * \param p_sni    verification parameter
+ */
+void mbedtls_ssl_conf_sni( mbedtls_ssl_config *conf,
+                  int (*f_sni)(void *, mbedtls_ssl_context *, const unsigned char *,
+                               size_t),
+                  void *p_sni );
+#endif /* MBEDTLS_SSL_SERVER_NAME_INDICATION */
+
+#if defined(MBEDTLS_SSL_ALPN)
+/**
+ * \brief          Set the supported Application Layer Protocols.
+ *
+ * \param conf     SSL configuration
+ * \param protos   NULL-terminated list of supported protocols,
+ *                 in decreasing preference order.
+ *
+ * \return         0 on success, or MBEDTLS_ERR_SSL_BAD_INPUT_DATA.
+ */
+int mbedtls_ssl_conf_alpn_protocols( mbedtls_ssl_config *conf, const char **protos );
+
+/**
+ * \brief          Get the name of the negotiated Application Layer Protocol.
+ *                 This function should be called after the handshake is
+ *                 completed.
+ *
+ * \param ssl      SSL context
+ *
+ * \return         Protcol name, or NULL if no protocol was negotiated.
+ */
+const char *mbedtls_ssl_get_alpn_protocol( const mbedtls_ssl_context *ssl );
+#endif /* MBEDTLS_SSL_ALPN */
+
+/**
+ * \brief          Set the maximum supported version sent from the client side
+ *                 and/or accepted at the server side
+ *                 (Default: MBEDTLS_SSL_MAX_MAJOR_VERSION, MBEDTLS_SSL_MAX_MINOR_VERSION)
+ *
+ * \note           This ignores ciphersuites from higher versions.
+ *
+ * \note           With DTLS, use MBEDTLS_SSL_MINOR_VERSION_2 for DTLS 1.0 and
+ *                 MBEDTLS_SSL_MINOR_VERSION_3 for DTLS 1.2
+ *
+ * \param conf     SSL configuration
+ * \param major    Major version number (only MBEDTLS_SSL_MAJOR_VERSION_3 supported)
+ * \param minor    Minor version number (MBEDTLS_SSL_MINOR_VERSION_0,
+ *                 MBEDTLS_SSL_MINOR_VERSION_1 and MBEDTLS_SSL_MINOR_VERSION_2,
+ *                 MBEDTLS_SSL_MINOR_VERSION_3 supported)
+ */
+void mbedtls_ssl_conf_max_version( mbedtls_ssl_config *conf, int major, int minor );
+
+/**
+ * \brief          Set the minimum accepted SSL/TLS protocol version
+ *                 (Default: TLS 1.0)
+ *
+ * \note           Input outside of the SSL_MAX_XXXXX_VERSION and
+ *                 SSL_MIN_XXXXX_VERSION range is ignored.
+ *
+ * \note           MBEDTLS_SSL_MINOR_VERSION_0 (SSL v3) should be avoided.
+ *
+ * \note           With DTLS, use MBEDTLS_SSL_MINOR_VERSION_2 for DTLS 1.0 and
+ *                 MBEDTLS_SSL_MINOR_VERSION_3 for DTLS 1.2
+ *
+ * \param conf     SSL configuration
+ * \param major    Major version number (only MBEDTLS_SSL_MAJOR_VERSION_3 supported)
+ * \param minor    Minor version number (MBEDTLS_SSL_MINOR_VERSION_0,
+ *                 MBEDTLS_SSL_MINOR_VERSION_1 and MBEDTLS_SSL_MINOR_VERSION_2,
+ *                 MBEDTLS_SSL_MINOR_VERSION_3 supported)
+ */
+void mbedtls_ssl_conf_min_version( mbedtls_ssl_config *conf, int major, int minor );
+
+#if defined(MBEDTLS_SSL_FALLBACK_SCSV) && defined(MBEDTLS_SSL_CLI_C)
+/**
+ * \brief          Set the fallback flag (client-side only).
+ *                 (Default: MBEDTLS_SSL_IS_NOT_FALLBACK).
+ *
+ * \note           Set to MBEDTLS_SSL_IS_FALLBACK when preparing a fallback
+ *                 connection, that is a connection with max_version set to a
+ *                 lower value than the value you're willing to use. Such
+ *                 fallback connections are not recommended but are sometimes
+ *                 necessary to interoperate with buggy (version-intolerant)
+ *                 servers.
+ *
+ * \warning        You should NOT set this to MBEDTLS_SSL_IS_FALLBACK for
+ *                 non-fallback connections! This would appear to work for a
+ *                 while, then cause failures when the server is upgraded to
+ *                 support a newer TLS version.
+ *
+ * \param conf     SSL configuration
+ * \param fallback MBEDTLS_SSL_IS_NOT_FALLBACK or MBEDTLS_SSL_IS_FALLBACK
+ */
+void mbedtls_ssl_conf_fallback( mbedtls_ssl_config *conf, char fallback );
+#endif /* MBEDTLS_SSL_FALLBACK_SCSV && MBEDTLS_SSL_CLI_C */
+
+#if defined(MBEDTLS_SSL_ENCRYPT_THEN_MAC)
+/**
+ * \brief           Enable or disable Encrypt-then-MAC
+ *                  (Default: MBEDTLS_SSL_ETM_ENABLED)
+ *
+ * \note            This should always be enabled, it is a security
+ *                  improvement, and should not cause any interoperability
+ *                  issue (used only if the peer supports it too).
+ *
+ * \param conf      SSL configuration
+ * \param etm       MBEDTLS_SSL_ETM_ENABLED or MBEDTLS_SSL_ETM_DISABLED
+ */
+void mbedtls_ssl_conf_encrypt_then_mac( mbedtls_ssl_config *conf, char etm );
+#endif /* MBEDTLS_SSL_ENCRYPT_THEN_MAC */
+
+#if defined(MBEDTLS_SSL_EXTENDED_MASTER_SECRET)
+/**
+ * \brief           Enable or disable Extended Master Secret negotiation.
+ *                  (Default: MBEDTLS_SSL_EXTENDED_MS_ENABLED)
+ *
+ * \note            This should always be enabled, it is a security fix to the
+ *                  protocol, and should not cause any interoperability issue
+ *                  (used only if the peer supports it too).
+ *
+ * \param conf      SSL configuration
+ * \param ems       MBEDTLS_SSL_EXTENDED_MS_ENABLED or MBEDTLS_SSL_EXTENDED_MS_DISABLED
+ */
+void mbedtls_ssl_conf_extended_master_secret( mbedtls_ssl_config *conf, char ems );
+#endif /* MBEDTLS_SSL_EXTENDED_MASTER_SECRET */
+
+#if defined(MBEDTLS_ARC4_C)
+/**
+ * \brief          Disable or enable support for RC4
+ *                 (Default: MBEDTLS_SSL_ARC4_DISABLED)
+ *
+ * \warning        Use of RC4 in (D)TLS has been prohibited by RFC ????
+ *                 for security reasons. Use at your own risks.
+ *
+ * \note           This function will likely be removed in future versions as
+ *                 RC4 will then be disabled by default at compile time.
+ *
+ * \param conf     SSL configuration
+ * \param arc4     MBEDTLS_SSL_ARC4_ENABLED or MBEDTLS_SSL_ARC4_DISABLED
+ */
+void mbedtls_ssl_conf_arc4_support( mbedtls_ssl_config *conf, char arc4 );
+#endif /* MBEDTLS_ARC4_C */
+
+#if defined(MBEDTLS_SSL_MAX_FRAGMENT_LENGTH)
+/**
+ * \brief          Set the maximum fragment length to emit and/or negotiate
+ *                 (Default: MBEDTLS_SSL_MAX_CONTENT_LEN, usually 2^14 bytes)
+ *                 (Server: set maximum fragment length to emit,
+ *                 usually negotiated by the client during handshake
+ *                 (Client: set maximum fragment length to emit *and*
+ *                 negotiate with the server during handshake)
+ *
+ * \param conf     SSL configuration
+ * \param mfl_code Code for maximum fragment length (allowed values:
+ *                 MBEDTLS_SSL_MAX_FRAG_LEN_512,  MBEDTLS_SSL_MAX_FRAG_LEN_1024,
+ *                 MBEDTLS_SSL_MAX_FRAG_LEN_2048, MBEDTLS_SSL_MAX_FRAG_LEN_4096)
+ *
+ * \return         0 if successful or MBEDTLS_ERR_SSL_BAD_INPUT_DATA
+ */
+int mbedtls_ssl_conf_max_frag_len( mbedtls_ssl_config *conf, unsigned char mfl_code );
+#endif /* MBEDTLS_SSL_MAX_FRAGMENT_LENGTH */
+
+#if defined(MBEDTLS_SSL_TRUNCATED_HMAC)
+/**
+ * \brief          Activate negotiation of truncated HMAC
+ *                 (Default: MBEDTLS_SSL_TRUNC_HMAC_DISABLED)
+ *
+ * \param conf     SSL configuration
+ * \param truncate Enable or disable (MBEDTLS_SSL_TRUNC_HMAC_ENABLED or
+ *                                    MBEDTLS_SSL_TRUNC_HMAC_DISABLED)
+ */
+void mbedtls_ssl_conf_truncated_hmac( mbedtls_ssl_config *conf, int truncate );
+#endif /* MBEDTLS_SSL_TRUNCATED_HMAC */
+
+#if defined(MBEDTLS_SSL_CBC_RECORD_SPLITTING)
+/**
+ * \brief          Enable / Disable 1/n-1 record splitting
+ *                 (Default: MBEDTLS_SSL_CBC_RECORD_SPLITTING_ENABLED)
+ *
+ * \note           Only affects SSLv3 and TLS 1.0, not higher versions.
+ *                 Does not affect non-CBC ciphersuites in any version.
+ *
+ * \param conf     SSL configuration
+ * \param split    MBEDTLS_SSL_CBC_RECORD_SPLITTING_ENABLED or
+ *                 MBEDTLS_SSL_CBC_RECORD_SPLITTING_DISABLED
+ */
+void mbedtls_ssl_conf_cbc_record_splitting( mbedtls_ssl_config *conf, char split );
+#endif /* MBEDTLS_SSL_CBC_RECORD_SPLITTING */
+
+#if defined(MBEDTLS_SSL_SESSION_TICKETS) && defined(MBEDTLS_SSL_CLI_C)
+/**
+ * \brief          Enable / Disable session tickets (client only).
+ *                 (Default: MBEDTLS_SSL_SESSION_TICKETS_ENABLED.)
+ *
+ * \note           On server, use \c mbedtls_ssl_conf_session_tickets_cb().
+ *
+ * \param conf     SSL configuration
+ * \param use_tickets   Enable or disable (MBEDTLS_SSL_SESSION_TICKETS_ENABLED or
+ *                                         MBEDTLS_SSL_SESSION_TICKETS_DISABLED)
+ */
+void mbedtls_ssl_conf_session_tickets( mbedtls_ssl_config *conf, int use_tickets );
+#endif /* MBEDTLS_SSL_SESSION_TICKETS && MBEDTLS_SSL_CLI_C */
+
+#if defined(MBEDTLS_SSL_RENEGOTIATION)
+/**
+ * \brief          Enable / Disable renegotiation support for connection when
+ *                 initiated by peer
+ *                 (Default: MBEDTLS_SSL_RENEGOTIATION_DISABLED)
+ *
+ * \warning        It is recommended to always disable renegotation unless you
+ *                 know you need it and you know what you're doing. In the
+ *                 past, there has been several issues associated with
+ *                 renegotiation or a poor understanding of its properties.
+ *
+ * \note           Server-side, enabling renegotiation also makes the server
+ *                 susceptible to a resource DoS by a malicious client.
+ *
+ * \param conf    SSL configuration
+ * \param renegotiation     Enable or disable (MBEDTLS_SSL_RENEGOTIATION_ENABLED or
+ *                                             MBEDTLS_SSL_RENEGOTIATION_DISABLED)
+ */
+void mbedtls_ssl_conf_renegotiation( mbedtls_ssl_config *conf, int renegotiation );
+#endif /* MBEDTLS_SSL_RENEGOTIATION */
+
+/**
+ * \brief          Prevent or allow legacy renegotiation.
+ *                 (Default: MBEDTLS_SSL_LEGACY_NO_RENEGOTIATION)
+ *
+ *                 MBEDTLS_SSL_LEGACY_NO_RENEGOTIATION allows connections to
+ *                 be established even if the peer does not support
+ *                 secure renegotiation, but does not allow renegotiation
+ *                 to take place if not secure.
+ *                 (Interoperable and secure option)
+ *
+ *                 MBEDTLS_SSL_LEGACY_ALLOW_RENEGOTIATION allows renegotiations
+ *                 with non-upgraded peers. Allowing legacy renegotiation
+ *                 makes the connection vulnerable to specific man in the
+ *                 middle attacks. (See RFC 5746)
+ *                 (Most interoperable and least secure option)
+ *
+ *                 MBEDTLS_SSL_LEGACY_BREAK_HANDSHAKE breaks off connections
+ *                 if peer does not support secure renegotiation. Results
+ *                 in interoperability issues with non-upgraded peers
+ *                 that do not support renegotiation altogether.
+ *                 (Most secure option, interoperability issues)
+ *
+ * \param conf     SSL configuration
+ * \param allow_legacy  Prevent or allow (SSL_NO_LEGACY_RENEGOTIATION,
+ *                                        SSL_ALLOW_LEGACY_RENEGOTIATION or
+ *                                        MBEDTLS_SSL_LEGACY_BREAK_HANDSHAKE)
+ */
+void mbedtls_ssl_conf_legacy_renegotiation( mbedtls_ssl_config *conf, int allow_legacy );
+
+#if defined(MBEDTLS_SSL_RENEGOTIATION)
+/**
+ * \brief          Enforce renegotiation requests.
+ *                 (Default: enforced, max_records = 16)
+ *
+ *                 When we request a renegotiation, the peer can comply or
+ *                 ignore the request. This function allows us to decide
+ *                 whether to enforce our renegotiation requests by closing
+ *                 the connection if the peer doesn't comply.
+ *
+ *                 However, records could already be in transit from the peer
+ *                 when the request is emitted. In order to increase
+ *                 reliability, we can accept a number of records before the
+ *                 expected handshake records.
+ *
+ *                 The optimal value is highly dependent on the specific usage
+ *                 scenario.
+ *
+ * \note           With DTLS and server-initiated renegotiation, the
+ *                 HelloRequest is retransmited every time mbedtls_ssl_read() times
+ *                 out or receives Application Data, until:
+ *                 - max_records records have beens seen, if it is >= 0, or
+ *                 - the number of retransmits that would happen during an
+ *                 actual handshake has been reached.
+ *                 Please remember the request might be lost a few times
+ *                 if you consider setting max_records to a really low value.
+ *
+ * \warning        On client, the grace period can only happen during
+ *                 mbedtls_ssl_read(), as opposed to mbedtls_ssl_write() and mbedtls_ssl_renegotiate()
+ *                 which always behave as if max_record was 0. The reason is,
+ *                 if we receive application data from the server, we need a
+ *                 place to write it, which only happens during mbedtls_ssl_read().
+ *
+ * \param conf     SSL configuration
+ * \param max_records Use MBEDTLS_SSL_RENEGOTIATION_NOT_ENFORCED if you don't want to
+ *                 enforce renegotiation, or a non-negative value to enforce
+ *                 it but allow for a grace period of max_records records.
+ */
+void mbedtls_ssl_conf_renegotiation_enforced( mbedtls_ssl_config *conf, int max_records );
+
+/**
+ * \brief          Set record counter threshold for periodic renegotiation.
+ *                 (Default: 2^64 - 256.)
+ *
+ *                 Renegotiation is automatically triggered when a record
+ *                 counter (outgoing or ingoing) crosses the defined
+ *                 threshold. The default value is meant to prevent the
+ *                 connection from being closed when the counter is about to
+ *                 reached its maximal value (it is not allowed to wrap).
+ *
+ *                 Lower values can be used to enforce policies such as "keys
+ *                 must be refreshed every N packets with cipher X".
+ *
+ * \param conf     SSL configuration
+ * \param period   The threshold value: a big-endian 64-bit number.
+ *                 Set to 2^64 - 1 to disable periodic renegotiation
+ */
+void mbedtls_ssl_conf_renegotiation_period( mbedtls_ssl_config *conf,
+                                   const unsigned char period[8] );
+#endif /* MBEDTLS_SSL_RENEGOTIATION */
+
+/**
+ * \brief          Return the number of data bytes available to read
+ *
+ * \param ssl      SSL context
+ *
+ * \return         how many bytes are available in the read buffer
+ */
+size_t mbedtls_ssl_get_bytes_avail( const mbedtls_ssl_context *ssl );
+
+/**
+ * \brief          Return the result of the certificate verification
+ *
+ * \param ssl      SSL context
+ *
+ * \return         0 if successful,
+ *                 -1 if result is not available (eg because the handshake was
+ *                 aborted too early), or
+ *                 a combination of BADCERT_xxx and BADCRL_xxx flags, see
+ *                 x509.h
+ */
+uint32_t mbedtls_ssl_get_verify_result( const mbedtls_ssl_context *ssl );
+
+/**
+ * \brief          Return the name of the current ciphersuite
+ *
+ * \param ssl      SSL context
+ *
+ * \return         a string containing the ciphersuite name
+ */
+const char *mbedtls_ssl_get_ciphersuite( const mbedtls_ssl_context *ssl );
+
+/**
+ * \brief          Return the current SSL version (SSLv3/TLSv1/etc)
+ *
+ * \param ssl      SSL context
+ *
+ * \return         a string containing the SSL version
+ */
+const char *mbedtls_ssl_get_version( const mbedtls_ssl_context *ssl );
+
+/**
+ * \brief          Return the (maximum) number of bytes added by the record
+ *                 layer: header + encryption/MAC overhead (inc. padding)
+ *
+ * \param ssl      SSL context
+ *
+ * \return         Current maximum record expansion in bytes, or
+ *                 MBEDTLS_ERR_SSL_FEATURE_UNAVAILABLE if compression is
+ *                 enabled, which makes expansion much less predictable
+ */
+int mbedtls_ssl_get_record_expansion( const mbedtls_ssl_context *ssl );
+
+#if defined(MBEDTLS_SSL_MAX_FRAGMENT_LENGTH)
+/**
+ * \brief          Return the maximum fragment length (payload, in bytes).
+ *                 This is the value negotiated with peer if any,
+ *                 or the locally configured value.
+ *
+ * \note           With DTLS, \c mbedtls_ssl_write() will return an error if
+ *                 called with a larger length value.
+ *                 With TLS, \c mbedtls_ssl_write() will fragment the input if
+ *                 necessary and return the number of bytes written; it is up
+ *                 to the caller to call \c mbedtls_ssl_write() again in
+ *                 order to send the remaining bytes if any.
+ *
+ * \param ssl      SSL context
+ *
+ * \return         Current maximum fragment length.
+ */
+size_t mbedtls_ssl_get_max_frag_len( const mbedtls_ssl_context *ssl );
+#endif /* MBEDTLS_SSL_MAX_FRAGMENT_LENGTH */
+
+#if defined(MBEDTLS_X509_CRT_PARSE_C)
+/**
+ * \brief          Return the peer certificate from the current connection
+ *
+ *                 Note: Can be NULL in case no certificate was sent during
+ *                 the handshake. Different calls for the same connection can
+ *                 return the same or different pointers for the same
+ *                 certificate and even a different certificate altogether.
+ *                 The peer cert CAN change in a single connection if
+ *                 renegotiation is performed.
+ *
+ * \param ssl      SSL context
+ *
+ * \return         the current peer certificate
+ */
+const mbedtls_x509_crt *mbedtls_ssl_get_peer_cert( const mbedtls_ssl_context *ssl );
+#endif /* MBEDTLS_X509_CRT_PARSE_C */
+
+#if defined(MBEDTLS_SSL_CLI_C)
+/**
+ * \brief          Save session in order to resume it later (client-side only)
+ *                 Session data is copied to presented session structure.
+ *
+ * \warning        Currently, peer certificate is lost in the operation.
+ *
+ * \param ssl      SSL context
+ * \param session  session context
+ *
+ * \return         0 if successful,
+ *                 MBEDTLS_ERR_SSL_ALLOC_FAILED if memory allocation failed,
+ *                 MBEDTLS_ERR_SSL_BAD_INPUT_DATA if used server-side or
+ *                 arguments are otherwise invalid
+ *
+ * \sa             mbedtls_ssl_set_session()
+ */
+int mbedtls_ssl_get_session( const mbedtls_ssl_context *ssl, mbedtls_ssl_session *session );
+#endif /* MBEDTLS_SSL_CLI_C */
+
+/**
+ * \brief          Perform the SSL handshake
+ *
+ * \param ssl      SSL context
+ *
+ * \return         0 if successful, or
+ *                 MBEDTLS_ERR_SSL_WANT_READ or MBEDTLS_ERR_SSL_WANT_WRITE, or
+ *                 MBEDTLS_ERR_SSL_HELLO_VERIFY_REQUIRED (see below), or
+ *                 a specific SSL error code.
+ *
+ * \note           If this function returns something other than 0 or
+ *                 MBEDTLS_ERR_SSL_WANT_READ/WRITE, then the ssl context
+ *                 becomes unusable, and you should either free it or call
+ *                 \c mbedtls_ssl_session_reset() on it before re-using it.
+ *
+ * \note           If DTLS is in use, then you may choose to handle
+ *                 MBEDTLS_ERR_SSL_HELLO_VERIFY_REQUIRED specially for logging
+ *                 purposes, as it is an expected return value rather than an
+ *                 actual error, but you still need to reset/free the context.
+ */
+int mbedtls_ssl_handshake( mbedtls_ssl_context *ssl );
+
+/**
+ * \brief          Perform a single step of the SSL handshake
+ *
+ * \note           The state of the context (ssl->state) will be at
+ *                 the following state after execution of this function.
+ *                 Do not call this function if state is MBEDTLS_SSL_HANDSHAKE_OVER.
+ *
+ * \param ssl      SSL context
+ *
+ * \return         0 if successful, or
+ *                 MBEDTLS_ERR_SSL_WANT_READ or MBEDTLS_ERR_SSL_WANT_WRITE, or
+ *                 a specific SSL error code.
+ */
+int mbedtls_ssl_handshake_step( mbedtls_ssl_context *ssl );
+
+#if defined(MBEDTLS_SSL_RENEGOTIATION)
+/**
+ * \brief          Initiate an SSL renegotiation on the running connection.
+ *                 Client: perform the renegotiation right now.
+ *                 Server: request renegotiation, which will be performed
+ *                 during the next call to mbedtls_ssl_read() if honored by client.
+ *
+ * \param ssl      SSL context
+ *
+ * \return         0 if successful, or any mbedtls_ssl_handshake() return value.
+ */
+int mbedtls_ssl_renegotiate( mbedtls_ssl_context *ssl );
+#endif /* MBEDTLS_SSL_RENEGOTIATION */
+
+/**
+ * \brief          Read at most 'len' application data bytes
+ *
+ * \param ssl      SSL context
+ * \param buf      buffer that will hold the data
+ * \param len      maximum number of bytes to read
+ *
+ * \return         the number of bytes read, or
+ *                 0 for EOF, or
+ *                 MBEDTLS_ERR_SSL_WANT_READ or MBEDTLS_ERR_SSL_WANT_WRITE, or
+ *                 MBEDTLS_ERR_SSL_CLIENT_RECONNECT (see below), or
+ *                 another negative error code.
+ *
+ * \note           When this function return MBEDTLS_ERR_SSL_CLIENT_RECONNECT
+ *                 (which can only happen server-side), it means that a client
+ *                 is initiating a new connection using the same source port.
+ *                 You can either treat that as a connection close and wait
+ *                 for the client to resend a ClientHello, or directly
+ *                 continue with \c mbedtls_ssl_handshake() with the same
+ *                 context (as it has beeen reset internally). Either way, you
+ *                 should make sure this is seen by the application as a new
+ *                 connection: application state, if any, should be reset, and
+ *                 most importantly the identity of the client must be checked
+ *                 again. WARNING: not validating the identity of the client
+ *                 again, or not transmitting the new identity to the
+ *                 application layer, would allow authentication bypass!
+ */
+int mbedtls_ssl_read( mbedtls_ssl_context *ssl, unsigned char *buf, size_t len );
+
+/**
+ * \brief          Try to write exactly 'len' application data bytes
+ *
+ * \warning        This function will do partial writes in some cases. If the
+ *                 return value is non-negative but less than length, the
+ *                 function must be called again with updated arguments:
+ *                 buf + ret, len - ret (if ret is the return value) until
+ *                 it returns a value equal to the last 'len' argument.
+ *
+ * \param ssl      SSL context
+ * \param buf      buffer holding the data
+ * \param len      how many bytes must be written
+ *
+ * \return         the number of bytes actually written (may be less than len),
+ *                 or MBEDTLS_ERR_SSL_WANT_WRITE of MBEDTLS_ERR_SSL_WANT_READ,
+ *                 or another negative error code.
+ *
+ * \note           When this function returns MBEDTLS_ERR_SSL_WANT_WRITE/READ,
+ *                 it must be called later with the *same* arguments,
+ *                 until it returns a positive value.
+ *
+ * \note           If the requested length is greater than the maximum
+ *                 fragment length (either the built-in limit or the one set
+ *                 or negotiated with the peer), then:
+ *                 - with TLS, less bytes than requested are written.
+ *                 - with DTLS, MBEDTLS_ERR_SSL_BAD_INPUT_DATA is returned.
+ *                 \c mbedtls_ssl_get_max_frag_len() may be used to query the
+ *                 active maximum fragment length.
+ */
+int mbedtls_ssl_write( mbedtls_ssl_context *ssl, const unsigned char *buf, size_t len );
+
+/**
+ * \brief           Send an alert message
+ *
+ * \param ssl       SSL context
+ * \param level     The alert level of the message
+ *                  (MBEDTLS_SSL_ALERT_LEVEL_WARNING or MBEDTLS_SSL_ALERT_LEVEL_FATAL)
+ * \param message   The alert message (SSL_ALERT_MSG_*)
+ *
+ * \return          0 if successful, or a specific SSL error code.
+ */
+int mbedtls_ssl_send_alert_message( mbedtls_ssl_context *ssl,
+                            unsigned char level,
+                            unsigned char message );
+/**
+ * \brief          Notify the peer that the connection is being closed
+ *
+ * \param ssl      SSL context
+ */
+int mbedtls_ssl_close_notify( mbedtls_ssl_context *ssl );
+
+/**
+ * \brief          Free referenced items in an SSL context and clear memory
+ *
+ * \param ssl      SSL context
+ */
+void mbedtls_ssl_free( mbedtls_ssl_context *ssl );
+
+/**
+ * \brief          Initialize an SSL configuration context
+ *                 Just makes the context ready for
+ *                 mbedtls_ssl_config_defaults() or mbedtls_ssl_config_free().
+ *
+ * \note           You need to call mbedtls_ssl_config_defaults() unless you
+ *                 manually set all of the relevent fields yourself.
+ *
+ * \param conf     SSL configuration context
+ */
+void mbedtls_ssl_config_init( mbedtls_ssl_config *conf );
+
+/**
+ * \brief          Load reasonnable default SSL configuration values.
+ *                 (You need to call mbedtls_ssl_config_init() first.)
+ *
+ * \param conf     SSL configuration context
+ * \param endpoint MBEDTLS_SSL_IS_CLIENT or MBEDTLS_SSL_IS_SERVER
+ * \param transport MBEDTLS_SSL_TRANSPORT_STREAM for TLS, or
+ *                  MBEDTLS_SSL_TRANSPORT_DATAGRAM for DTLS
+ * \param preset   a MBEDTLS_SSL_PRESET_XXX value
+ *                 (currently unused).
+ *
+ * \note           See \c mbedtls_ssl_conf_transport() for notes on DTLS.
+ *
+ * \return         0 if successful, or
+ *                 MBEDTLS_ERR_XXX_ALLOC_FAILED on memory allocation error.
+ */
+int mbedtls_ssl_config_defaults( mbedtls_ssl_config *conf,
+                                 int endpoint, int transport, int preset );
+
+/**
+ * \brief          Free an SSL configuration context
+ *
+ * \param conf     SSL configuration context
+ */
+void mbedtls_ssl_config_free( mbedtls_ssl_config *conf );
+
+/**
+ * \brief          Initialize SSL session structure
+ *
+ * \param session  SSL session
+ */
+void mbedtls_ssl_session_init( mbedtls_ssl_session *session );
+
+/**
+ * \brief          Free referenced items in an SSL session including the
+ *                 peer certificate and clear memory
+ *
+ * \param session  SSL session
+ */
+void mbedtls_ssl_session_free( mbedtls_ssl_session *session );
+
+#ifdef __cplusplus
+}
+#endif
+
+#endif /* ssl.h */
diff --git a/client/3rd/ShadowSocks/ShadowSocks/mbedtls/include/ssl_cache.h b/client/3rd/ShadowSocks/ShadowSocks/mbedtls/include/ssl_cache.h
new file mode 100644
index 00000000..53f043e9
--- /dev/null
+++ b/client/3rd/ShadowSocks/ShadowSocks/mbedtls/include/ssl_cache.h
@@ -0,0 +1,143 @@
+/**
+ * \file ssl_cache.h
+ *
+ * \brief SSL session cache implementation
+ *
+ *  Copyright (C) 2006-2015, ARM Limited, All Rights Reserved
+ *  SPDX-License-Identifier: Apache-2.0
+ *
+ *  Licensed under the Apache License, Version 2.0 (the "License"); you may
+ *  not use this file except in compliance with the License.
+ *  You may obtain a copy of the License at
+ *
+ *  http://www.apache.org/licenses/LICENSE-2.0
+ *
+ *  Unless required by applicable law or agreed to in writing, software
+ *  distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
+ *  WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ *  See the License for the specific language governing permissions and
+ *  limitations under the License.
+ *
+ *  This file is part of mbed TLS (https://tls.mbed.org)
+ */
+#ifndef MBEDTLS_SSL_CACHE_H
+#define MBEDTLS_SSL_CACHE_H
+
+#include "ssl.h"
+
+#if defined(MBEDTLS_THREADING_C)
+#include "threading.h"
+#endif
+
+/**
+ * \name SECTION: Module settings
+ *
+ * The configuration options you can set for this module are in this section.
+ * Either change them in config.h or define them on the compiler command line.
+ * \{
+ */
+
+#if !defined(MBEDTLS_SSL_CACHE_DEFAULT_TIMEOUT)
+#define MBEDTLS_SSL_CACHE_DEFAULT_TIMEOUT       86400   /*!< 1 day  */
+#endif
+
+#if !defined(MBEDTLS_SSL_CACHE_DEFAULT_MAX_ENTRIES)
+#define MBEDTLS_SSL_CACHE_DEFAULT_MAX_ENTRIES      50   /*!< Maximum entries in cache */
+#endif
+
+/* \} name SECTION: Module settings */
+
+#ifdef __cplusplus
+extern "C" {
+#endif
+
+typedef struct mbedtls_ssl_cache_context mbedtls_ssl_cache_context;
+typedef struct mbedtls_ssl_cache_entry mbedtls_ssl_cache_entry;
+
+/**
+ * \brief   This structure is used for storing cache entries
+ */
+struct mbedtls_ssl_cache_entry
+{
+#if defined(MBEDTLS_HAVE_TIME)
+    time_t timestamp;           /*!< entry timestamp    */
+#endif
+    mbedtls_ssl_session session;        /*!< entry session      */
+#if defined(MBEDTLS_X509_CRT_PARSE_C)
+    mbedtls_x509_buf peer_cert;         /*!< entry peer_cert    */
+#endif
+    mbedtls_ssl_cache_entry *next;      /*!< chain pointer      */
+};
+
+/**
+ * \brief Cache context
+ */
+struct mbedtls_ssl_cache_context
+{
+    mbedtls_ssl_cache_entry *chain;     /*!< start of the chain     */
+    int timeout;                /*!< cache entry timeout    */
+    int max_entries;            /*!< maximum entries        */
+#if defined(MBEDTLS_THREADING_C)
+    mbedtls_threading_mutex_t mutex;    /*!< mutex                  */
+#endif
+};
+
+/**
+ * \brief          Initialize an SSL cache context
+ *
+ * \param cache    SSL cache context
+ */
+void mbedtls_ssl_cache_init( mbedtls_ssl_cache_context *cache );
+
+/**
+ * \brief          Cache get callback implementation
+ *                 (Thread-safe if MBEDTLS_THREADING_C is enabled)
+ *
+ * \param data     SSL cache context
+ * \param session  session to retrieve entry for
+ */
+int mbedtls_ssl_cache_get( void *data, mbedtls_ssl_session *session );
+
+/**
+ * \brief          Cache set callback implementation
+ *                 (Thread-safe if MBEDTLS_THREADING_C is enabled)
+ *
+ * \param data     SSL cache context
+ * \param session  session to store entry for
+ */
+int mbedtls_ssl_cache_set( void *data, const mbedtls_ssl_session *session );
+
+#if defined(MBEDTLS_HAVE_TIME)
+/**
+ * \brief          Set the cache timeout
+ *                 (Default: MBEDTLS_SSL_CACHE_DEFAULT_TIMEOUT (1 day))
+ *
+ *                 A timeout of 0 indicates no timeout.
+ *
+ * \param cache    SSL cache context
+ * \param timeout  cache entry timeout in seconds
+ */
+void mbedtls_ssl_cache_set_timeout( mbedtls_ssl_cache_context *cache, int timeout );
+#endif /* MBEDTLS_HAVE_TIME */
+
+/**
+ * \brief          Set the cache timeout
+ *                 (Default: MBEDTLS_SSL_CACHE_DEFAULT_MAX_ENTRIES (50))
+ *
+ * \param cache    SSL cache context
+ * \param max      cache entry maximum
+ */
+void mbedtls_ssl_cache_set_max_entries( mbedtls_ssl_cache_context *cache, int max );
+
+/**
+ * \brief          Free referenced items in a cache context and clear memory
+ *
+ * \param cache    SSL cache context
+ */
+void mbedtls_ssl_cache_free( mbedtls_ssl_cache_context *cache );
+
+#ifdef __cplusplus
+}
+#endif
+
+#endif /* ssl_cache.h */
diff --git a/client/3rd/ShadowSocks/ShadowSocks/mbedtls/include/ssl_ciphersuites.h b/client/3rd/ShadowSocks/ShadowSocks/mbedtls/include/ssl_ciphersuites.h
new file mode 100644
index 00000000..75d4a8a0
--- /dev/null
+++ b/client/3rd/ShadowSocks/ShadowSocks/mbedtls/include/ssl_ciphersuites.h
@@ -0,0 +1,303 @@
+/**
+ * \file ssl_ciphersuites.h
+ *
+ * \brief SSL Ciphersuites for mbed TLS
+ *
+ *  Copyright (C) 2006-2015, ARM Limited, All Rights Reserved
+ *  SPDX-License-Identifier: Apache-2.0
+ *
+ *  Licensed under the Apache License, Version 2.0 (the "License"); you may
+ *  not use this file except in compliance with the License.
+ *  You may obtain a copy of the License at
+ *
+ *  http://www.apache.org/licenses/LICENSE-2.0
+ *
+ *  Unless required by applicable law or agreed to in writing, software
+ *  distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
+ *  WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ *  See the License for the specific language governing permissions and
+ *  limitations under the License.
+ *
+ *  This file is part of mbed TLS (https://tls.mbed.org)
+ */
+#ifndef MBEDTLS_SSL_CIPHERSUITES_H
+#define MBEDTLS_SSL_CIPHERSUITES_H
+
+#include "pk.h"
+#include "cipher.h"
+#include "md.h"
+
+#ifdef __cplusplus
+extern "C" {
+#endif
+
+/*
+ * Supported ciphersuites (Official IANA names)
+ */
+#define MBEDTLS_TLS_RSA_WITH_NULL_MD5                    0x01   /**< Weak! */
+#define MBEDTLS_TLS_RSA_WITH_NULL_SHA                    0x02   /**< Weak! */
+
+#define MBEDTLS_TLS_RSA_WITH_RC4_128_MD5                 0x04
+#define MBEDTLS_TLS_RSA_WITH_RC4_128_SHA                 0x05
+#define MBEDTLS_TLS_RSA_WITH_DES_CBC_SHA                 0x09   /**< Weak! Not in TLS 1.2 */
+
+#define MBEDTLS_TLS_RSA_WITH_3DES_EDE_CBC_SHA            0x0A
+
+#define MBEDTLS_TLS_DHE_RSA_WITH_DES_CBC_SHA             0x15   /**< Weak! Not in TLS 1.2 */
+#define MBEDTLS_TLS_DHE_RSA_WITH_3DES_EDE_CBC_SHA        0x16
+
+#define MBEDTLS_TLS_PSK_WITH_NULL_SHA                    0x2C   /**< Weak! */
+#define MBEDTLS_TLS_DHE_PSK_WITH_NULL_SHA                0x2D   /**< Weak! */
+#define MBEDTLS_TLS_RSA_PSK_WITH_NULL_SHA                0x2E   /**< Weak! */
+#define MBEDTLS_TLS_RSA_WITH_AES_128_CBC_SHA             0x2F
+
+#define MBEDTLS_TLS_DHE_RSA_WITH_AES_128_CBC_SHA         0x33
+#define MBEDTLS_TLS_RSA_WITH_AES_256_CBC_SHA             0x35
+#define MBEDTLS_TLS_DHE_RSA_WITH_AES_256_CBC_SHA         0x39
+
+#define MBEDTLS_TLS_RSA_WITH_NULL_SHA256                 0x3B   /**< Weak! */
+#define MBEDTLS_TLS_RSA_WITH_AES_128_CBC_SHA256          0x3C   /**< TLS 1.2 */
+#define MBEDTLS_TLS_RSA_WITH_AES_256_CBC_SHA256          0x3D   /**< TLS 1.2 */
+
+#define MBEDTLS_TLS_RSA_WITH_CAMELLIA_128_CBC_SHA        0x41
+#define MBEDTLS_TLS_DHE_RSA_WITH_CAMELLIA_128_CBC_SHA    0x45
+
+#define MBEDTLS_TLS_DHE_RSA_WITH_AES_128_CBC_SHA256      0x67   /**< TLS 1.2 */
+#define MBEDTLS_TLS_DHE_RSA_WITH_AES_256_CBC_SHA256      0x6B   /**< TLS 1.2 */
+
+#define MBEDTLS_TLS_RSA_WITH_CAMELLIA_256_CBC_SHA        0x84
+#define MBEDTLS_TLS_DHE_RSA_WITH_CAMELLIA_256_CBC_SHA    0x88
+
+#define MBEDTLS_TLS_PSK_WITH_RC4_128_SHA                 0x8A
+#define MBEDTLS_TLS_PSK_WITH_3DES_EDE_CBC_SHA            0x8B
+#define MBEDTLS_TLS_PSK_WITH_AES_128_CBC_SHA             0x8C
+#define MBEDTLS_TLS_PSK_WITH_AES_256_CBC_SHA             0x8D
+
+#define MBEDTLS_TLS_DHE_PSK_WITH_RC4_128_SHA             0x8E
+#define MBEDTLS_TLS_DHE_PSK_WITH_3DES_EDE_CBC_SHA        0x8F
+#define MBEDTLS_TLS_DHE_PSK_WITH_AES_128_CBC_SHA         0x90
+#define MBEDTLS_TLS_DHE_PSK_WITH_AES_256_CBC_SHA         0x91
+
+#define MBEDTLS_TLS_RSA_PSK_WITH_RC4_128_SHA             0x92
+#define MBEDTLS_TLS_RSA_PSK_WITH_3DES_EDE_CBC_SHA        0x93
+#define MBEDTLS_TLS_RSA_PSK_WITH_AES_128_CBC_SHA         0x94
+#define MBEDTLS_TLS_RSA_PSK_WITH_AES_256_CBC_SHA         0x95
+
+#define MBEDTLS_TLS_RSA_WITH_AES_128_GCM_SHA256          0x9C   /**< TLS 1.2 */
+#define MBEDTLS_TLS_RSA_WITH_AES_256_GCM_SHA384          0x9D   /**< TLS 1.2 */
+#define MBEDTLS_TLS_DHE_RSA_WITH_AES_128_GCM_SHA256      0x9E   /**< TLS 1.2 */
+#define MBEDTLS_TLS_DHE_RSA_WITH_AES_256_GCM_SHA384      0x9F   /**< TLS 1.2 */
+
+#define MBEDTLS_TLS_PSK_WITH_AES_128_GCM_SHA256          0xA8   /**< TLS 1.2 */
+#define MBEDTLS_TLS_PSK_WITH_AES_256_GCM_SHA384          0xA9   /**< TLS 1.2 */
+#define MBEDTLS_TLS_DHE_PSK_WITH_AES_128_GCM_SHA256      0xAA   /**< TLS 1.2 */
+#define MBEDTLS_TLS_DHE_PSK_WITH_AES_256_GCM_SHA384      0xAB   /**< TLS 1.2 */
+#define MBEDTLS_TLS_RSA_PSK_WITH_AES_128_GCM_SHA256      0xAC   /**< TLS 1.2 */
+#define MBEDTLS_TLS_RSA_PSK_WITH_AES_256_GCM_SHA384      0xAD   /**< TLS 1.2 */
+
+#define MBEDTLS_TLS_PSK_WITH_AES_128_CBC_SHA256          0xAE
+#define MBEDTLS_TLS_PSK_WITH_AES_256_CBC_SHA384          0xAF
+#define MBEDTLS_TLS_PSK_WITH_NULL_SHA256                 0xB0   /**< Weak! */
+#define MBEDTLS_TLS_PSK_WITH_NULL_SHA384                 0xB1   /**< Weak! */
+
+#define MBEDTLS_TLS_DHE_PSK_WITH_AES_128_CBC_SHA256      0xB2
+#define MBEDTLS_TLS_DHE_PSK_WITH_AES_256_CBC_SHA384      0xB3
+#define MBEDTLS_TLS_DHE_PSK_WITH_NULL_SHA256             0xB4   /**< Weak! */
+#define MBEDTLS_TLS_DHE_PSK_WITH_NULL_SHA384             0xB5   /**< Weak! */
+
+#define MBEDTLS_TLS_RSA_PSK_WITH_AES_128_CBC_SHA256      0xB6
+#define MBEDTLS_TLS_RSA_PSK_WITH_AES_256_CBC_SHA384      0xB7
+#define MBEDTLS_TLS_RSA_PSK_WITH_NULL_SHA256             0xB8   /**< Weak! */
+#define MBEDTLS_TLS_RSA_PSK_WITH_NULL_SHA384             0xB9   /**< Weak! */
+
+#define MBEDTLS_TLS_RSA_WITH_CAMELLIA_128_CBC_SHA256     0xBA   /**< TLS 1.2 */
+#define MBEDTLS_TLS_DHE_RSA_WITH_CAMELLIA_128_CBC_SHA256 0xBE   /**< TLS 1.2 */
+
+#define MBEDTLS_TLS_RSA_WITH_CAMELLIA_256_CBC_SHA256     0xC0   /**< TLS 1.2 */
+#define MBEDTLS_TLS_DHE_RSA_WITH_CAMELLIA_256_CBC_SHA256 0xC4   /**< TLS 1.2 */
+
+#define MBEDTLS_TLS_ECDH_ECDSA_WITH_NULL_SHA             0xC001 /**< Weak! */
+#define MBEDTLS_TLS_ECDH_ECDSA_WITH_RC4_128_SHA          0xC002 /**< Not in SSL3! */
+#define MBEDTLS_TLS_ECDH_ECDSA_WITH_3DES_EDE_CBC_SHA     0xC003 /**< Not in SSL3! */
+#define MBEDTLS_TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA      0xC004 /**< Not in SSL3! */
+#define MBEDTLS_TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA      0xC005 /**< Not in SSL3! */
+
+#define MBEDTLS_TLS_ECDHE_ECDSA_WITH_NULL_SHA            0xC006 /**< Weak! */
+#define MBEDTLS_TLS_ECDHE_ECDSA_WITH_RC4_128_SHA         0xC007 /**< Not in SSL3! */
+#define MBEDTLS_TLS_ECDHE_ECDSA_WITH_3DES_EDE_CBC_SHA    0xC008 /**< Not in SSL3! */
+#define MBEDTLS_TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA     0xC009 /**< Not in SSL3! */
+#define MBEDTLS_TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA     0xC00A /**< Not in SSL3! */
+
+#define MBEDTLS_TLS_ECDH_RSA_WITH_NULL_SHA               0xC00B /**< Weak! */
+#define MBEDTLS_TLS_ECDH_RSA_WITH_RC4_128_SHA            0xC00C /**< Not in SSL3! */
+#define MBEDTLS_TLS_ECDH_RSA_WITH_3DES_EDE_CBC_SHA       0xC00D /**< Not in SSL3! */
+#define MBEDTLS_TLS_ECDH_RSA_WITH_AES_128_CBC_SHA        0xC00E /**< Not in SSL3! */
+#define MBEDTLS_TLS_ECDH_RSA_WITH_AES_256_CBC_SHA        0xC00F /**< Not in SSL3! */
+
+#define MBEDTLS_TLS_ECDHE_RSA_WITH_NULL_SHA              0xC010 /**< Weak! */
+#define MBEDTLS_TLS_ECDHE_RSA_WITH_RC4_128_SHA           0xC011 /**< Not in SSL3! */
+#define MBEDTLS_TLS_ECDHE_RSA_WITH_3DES_EDE_CBC_SHA      0xC012 /**< Not in SSL3! */
+#define MBEDTLS_TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA       0xC013 /**< Not in SSL3! */
+#define MBEDTLS_TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA       0xC014 /**< Not in SSL3! */
+
+#define MBEDTLS_TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256  0xC023 /**< TLS 1.2 */
+#define MBEDTLS_TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA384  0xC024 /**< TLS 1.2 */
+#define MBEDTLS_TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA256   0xC025 /**< TLS 1.2 */
+#define MBEDTLS_TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA384   0xC026 /**< TLS 1.2 */
+#define MBEDTLS_TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256    0xC027 /**< TLS 1.2 */
+#define MBEDTLS_TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384    0xC028 /**< TLS 1.2 */
+#define MBEDTLS_TLS_ECDH_RSA_WITH_AES_128_CBC_SHA256     0xC029 /**< TLS 1.2 */
+#define MBEDTLS_TLS_ECDH_RSA_WITH_AES_256_CBC_SHA384     0xC02A /**< TLS 1.2 */
+
+#define MBEDTLS_TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256  0xC02B /**< TLS 1.2 */
+#define MBEDTLS_TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384  0xC02C /**< TLS 1.2 */
+#define MBEDTLS_TLS_ECDH_ECDSA_WITH_AES_128_GCM_SHA256   0xC02D /**< TLS 1.2 */
+#define MBEDTLS_TLS_ECDH_ECDSA_WITH_AES_256_GCM_SHA384   0xC02E /**< TLS 1.2 */
+#define MBEDTLS_TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256    0xC02F /**< TLS 1.2 */
+#define MBEDTLS_TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384    0xC030 /**< TLS 1.2 */
+#define MBEDTLS_TLS_ECDH_RSA_WITH_AES_128_GCM_SHA256     0xC031 /**< TLS 1.2 */
+#define MBEDTLS_TLS_ECDH_RSA_WITH_AES_256_GCM_SHA384     0xC032 /**< TLS 1.2 */
+
+#define MBEDTLS_TLS_ECDHE_PSK_WITH_RC4_128_SHA           0xC033 /**< Not in SSL3! */
+#define MBEDTLS_TLS_ECDHE_PSK_WITH_3DES_EDE_CBC_SHA      0xC034 /**< Not in SSL3! */
+#define MBEDTLS_TLS_ECDHE_PSK_WITH_AES_128_CBC_SHA       0xC035 /**< Not in SSL3! */
+#define MBEDTLS_TLS_ECDHE_PSK_WITH_AES_256_CBC_SHA       0xC036 /**< Not in SSL3! */
+#define MBEDTLS_TLS_ECDHE_PSK_WITH_AES_128_CBC_SHA256    0xC037 /**< Not in SSL3! */
+#define MBEDTLS_TLS_ECDHE_PSK_WITH_AES_256_CBC_SHA384    0xC038 /**< Not in SSL3! */
+#define MBEDTLS_TLS_ECDHE_PSK_WITH_NULL_SHA              0xC039 /**< Weak! No SSL3! */
+#define MBEDTLS_TLS_ECDHE_PSK_WITH_NULL_SHA256           0xC03A /**< Weak! No SSL3! */
+#define MBEDTLS_TLS_ECDHE_PSK_WITH_NULL_SHA384           0xC03B /**< Weak! No SSL3! */
+
+#define MBEDTLS_TLS_ECDHE_ECDSA_WITH_CAMELLIA_128_CBC_SHA256 0xC072 /**< Not in SSL3! */
+#define MBEDTLS_TLS_ECDHE_ECDSA_WITH_CAMELLIA_256_CBC_SHA384 0xC073 /**< Not in SSL3! */
+#define MBEDTLS_TLS_ECDH_ECDSA_WITH_CAMELLIA_128_CBC_SHA256  0xC074 /**< Not in SSL3! */
+#define MBEDTLS_TLS_ECDH_ECDSA_WITH_CAMELLIA_256_CBC_SHA384  0xC075 /**< Not in SSL3! */
+#define MBEDTLS_TLS_ECDHE_RSA_WITH_CAMELLIA_128_CBC_SHA256   0xC076 /**< Not in SSL3! */
+#define MBEDTLS_TLS_ECDHE_RSA_WITH_CAMELLIA_256_CBC_SHA384   0xC077 /**< Not in SSL3! */
+#define MBEDTLS_TLS_ECDH_RSA_WITH_CAMELLIA_128_CBC_SHA256    0xC078 /**< Not in SSL3! */
+#define MBEDTLS_TLS_ECDH_RSA_WITH_CAMELLIA_256_CBC_SHA384    0xC079 /**< Not in SSL3! */
+
+#define MBEDTLS_TLS_RSA_WITH_CAMELLIA_128_GCM_SHA256         0xC07A /**< TLS 1.2 */
+#define MBEDTLS_TLS_RSA_WITH_CAMELLIA_256_GCM_SHA384         0xC07B /**< TLS 1.2 */
+#define MBEDTLS_TLS_DHE_RSA_WITH_CAMELLIA_128_GCM_SHA256     0xC07C /**< TLS 1.2 */
+#define MBEDTLS_TLS_DHE_RSA_WITH_CAMELLIA_256_GCM_SHA384     0xC07D /**< TLS 1.2 */
+#define MBEDTLS_TLS_ECDHE_ECDSA_WITH_CAMELLIA_128_GCM_SHA256 0xC086 /**< TLS 1.2 */
+#define MBEDTLS_TLS_ECDHE_ECDSA_WITH_CAMELLIA_256_GCM_SHA384 0xC087 /**< TLS 1.2 */
+#define MBEDTLS_TLS_ECDH_ECDSA_WITH_CAMELLIA_128_GCM_SHA256  0xC088 /**< TLS 1.2 */
+#define MBEDTLS_TLS_ECDH_ECDSA_WITH_CAMELLIA_256_GCM_SHA384  0xC089 /**< TLS 1.2 */
+#define MBEDTLS_TLS_ECDHE_RSA_WITH_CAMELLIA_128_GCM_SHA256   0xC08A /**< TLS 1.2 */
+#define MBEDTLS_TLS_ECDHE_RSA_WITH_CAMELLIA_256_GCM_SHA384   0xC08B /**< TLS 1.2 */
+#define MBEDTLS_TLS_ECDH_RSA_WITH_CAMELLIA_128_GCM_SHA256    0xC08C /**< TLS 1.2 */
+#define MBEDTLS_TLS_ECDH_RSA_WITH_CAMELLIA_256_GCM_SHA384    0xC08D /**< TLS 1.2 */
+
+#define MBEDTLS_TLS_PSK_WITH_CAMELLIA_128_GCM_SHA256       0xC08E /**< TLS 1.2 */
+#define MBEDTLS_TLS_PSK_WITH_CAMELLIA_256_GCM_SHA384       0xC08F /**< TLS 1.2 */
+#define MBEDTLS_TLS_DHE_PSK_WITH_CAMELLIA_128_GCM_SHA256   0xC090 /**< TLS 1.2 */
+#define MBEDTLS_TLS_DHE_PSK_WITH_CAMELLIA_256_GCM_SHA384   0xC091 /**< TLS 1.2 */
+#define MBEDTLS_TLS_RSA_PSK_WITH_CAMELLIA_128_GCM_SHA256   0xC092 /**< TLS 1.2 */
+#define MBEDTLS_TLS_RSA_PSK_WITH_CAMELLIA_256_GCM_SHA384   0xC093 /**< TLS 1.2 */
+
+#define MBEDTLS_TLS_PSK_WITH_CAMELLIA_128_CBC_SHA256       0xC094
+#define MBEDTLS_TLS_PSK_WITH_CAMELLIA_256_CBC_SHA384       0xC095
+#define MBEDTLS_TLS_DHE_PSK_WITH_CAMELLIA_128_CBC_SHA256   0xC096
+#define MBEDTLS_TLS_DHE_PSK_WITH_CAMELLIA_256_CBC_SHA384   0xC097
+#define MBEDTLS_TLS_RSA_PSK_WITH_CAMELLIA_128_CBC_SHA256   0xC098
+#define MBEDTLS_TLS_RSA_PSK_WITH_CAMELLIA_256_CBC_SHA384   0xC099
+#define MBEDTLS_TLS_ECDHE_PSK_WITH_CAMELLIA_128_CBC_SHA256 0xC09A /**< Not in SSL3! */
+#define MBEDTLS_TLS_ECDHE_PSK_WITH_CAMELLIA_256_CBC_SHA384 0xC09B /**< Not in SSL3! */
+
+#define MBEDTLS_TLS_RSA_WITH_AES_128_CCM                0xC09C  /**< TLS 1.2 */
+#define MBEDTLS_TLS_RSA_WITH_AES_256_CCM                0xC09D  /**< TLS 1.2 */
+#define MBEDTLS_TLS_DHE_RSA_WITH_AES_128_CCM            0xC09E  /**< TLS 1.2 */
+#define MBEDTLS_TLS_DHE_RSA_WITH_AES_256_CCM            0xC09F  /**< TLS 1.2 */
+#define MBEDTLS_TLS_RSA_WITH_AES_128_CCM_8              0xC0A0  /**< TLS 1.2 */
+#define MBEDTLS_TLS_RSA_WITH_AES_256_CCM_8              0xC0A1  /**< TLS 1.2 */
+#define MBEDTLS_TLS_DHE_RSA_WITH_AES_128_CCM_8          0xC0A2  /**< TLS 1.2 */
+#define MBEDTLS_TLS_DHE_RSA_WITH_AES_256_CCM_8          0xC0A3  /**< TLS 1.2 */
+#define MBEDTLS_TLS_PSK_WITH_AES_128_CCM                0xC0A4  /**< TLS 1.2 */
+#define MBEDTLS_TLS_PSK_WITH_AES_256_CCM                0xC0A5  /**< TLS 1.2 */
+#define MBEDTLS_TLS_DHE_PSK_WITH_AES_128_CCM            0xC0A6  /**< TLS 1.2 */
+#define MBEDTLS_TLS_DHE_PSK_WITH_AES_256_CCM            0xC0A7  /**< TLS 1.2 */
+#define MBEDTLS_TLS_PSK_WITH_AES_128_CCM_8              0xC0A8  /**< TLS 1.2 */
+#define MBEDTLS_TLS_PSK_WITH_AES_256_CCM_8              0xC0A9  /**< TLS 1.2 */
+#define MBEDTLS_TLS_DHE_PSK_WITH_AES_128_CCM_8          0xC0AA  /**< TLS 1.2 */
+#define MBEDTLS_TLS_DHE_PSK_WITH_AES_256_CCM_8          0xC0AB  /**< TLS 1.2 */
+/* The last two are named with PSK_DHE in the RFC, which looks like a typo */
+
+#define MBEDTLS_TLS_ECDHE_ECDSA_WITH_AES_128_CCM        0xC0AC  /**< TLS 1.2 */
+#define MBEDTLS_TLS_ECDHE_ECDSA_WITH_AES_256_CCM        0xC0AD  /**< TLS 1.2 */
+#define MBEDTLS_TLS_ECDHE_ECDSA_WITH_AES_128_CCM_8      0xC0AE  /**< TLS 1.2 */
+#define MBEDTLS_TLS_ECDHE_ECDSA_WITH_AES_256_CCM_8      0xC0AF  /**< TLS 1.2 */
+
+/* Reminder: update mbedtls_ssl_premaster_secret when adding a new key exchange.
+ * Reminder: update MBEDTLS_KEY_EXCHANGE__WITH_CERT__ENABLED below.
+ */
+typedef enum {
+    MBEDTLS_KEY_EXCHANGE_NONE = 0,
+    MBEDTLS_KEY_EXCHANGE_RSA,
+    MBEDTLS_KEY_EXCHANGE_DHE_RSA,
+    MBEDTLS_KEY_EXCHANGE_ECDHE_RSA,
+    MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA,
+    MBEDTLS_KEY_EXCHANGE_PSK,
+    MBEDTLS_KEY_EXCHANGE_DHE_PSK,
+    MBEDTLS_KEY_EXCHANGE_RSA_PSK,
+    MBEDTLS_KEY_EXCHANGE_ECDHE_PSK,
+    MBEDTLS_KEY_EXCHANGE_ECDH_RSA,
+    MBEDTLS_KEY_EXCHANGE_ECDH_ECDSA,
+} mbedtls_key_exchange_type_t;
+
+#if defined(MBEDTLS_KEY_EXCHANGE_RSA_ENABLED)          || \
+    defined(MBEDTLS_KEY_EXCHANGE_DHE_RSA_ENABLED)      || \
+    defined(MBEDTLS_KEY_EXCHANGE_ECDHE_RSA_ENABLED)    || \
+    defined(MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA_ENABLED)  || \
+    defined(MBEDTLS_KEY_EXCHANGE_RSA_PSK_ENABLED)      || \
+    defined(MBEDTLS_KEY_EXCHANGE_ECDHE_PSK_ENABLED)    || \
+    defined(MBEDTLS_KEY_EXCHANGE_ECDH_RSA_ENABLED)     || \
+    defined(MBEDTLS_KEY_EXCHANGE_ECDH_ECDSA_ENABLED)
+#define MBEDTLS_KEY_EXCHANGE__WITH_CERT__ENABLED
+#endif
+
+typedef struct mbedtls_ssl_ciphersuite_t mbedtls_ssl_ciphersuite_t;
+
+#define MBEDTLS_CIPHERSUITE_WEAK       0x01    /**< Weak ciphersuite flag  */
+#define MBEDTLS_CIPHERSUITE_SHORT_TAG  0x02    /**< Short authentication tag,
+                                                     eg for CCM_8 */
+#define MBEDTLS_CIPHERSUITE_NODTLS     0x04    /**< Can't be used with DTLS */
+
+/**
+ * \brief   This structure is used for storing ciphersuite information
+ */
+struct mbedtls_ssl_ciphersuite_t
+{
+    int id;
+    const char * name;
+
+    mbedtls_cipher_type_t cipher;
+    mbedtls_md_type_t mac;
+    mbedtls_key_exchange_type_t key_exchange;
+
+    int min_major_ver;
+    int min_minor_ver;
+    int max_major_ver;
+    int max_minor_ver;
+
+    unsigned char flags;
+};
+
+const int *mbedtls_ssl_list_ciphersuites( void );
+
+const mbedtls_ssl_ciphersuite_t *mbedtls_ssl_ciphersuite_from_string( const char *ciphersuite_name );
+const mbedtls_ssl_ciphersuite_t *mbedtls_ssl_ciphersuite_from_id( int ciphersuite_id );
+
+#if defined(MBEDTLS_PK_C)
+mbedtls_pk_type_t mbedtls_ssl_get_ciphersuite_sig_pk_alg( const mbedtls_ssl_ciphersuite_t *info );
+#endif
+
+int mbedtls_ssl_ciphersuite_uses_ec( const mbedtls_ssl_ciphersuite_t *info );
+int mbedtls_ssl_ciphersuite_uses_psk( const mbedtls_ssl_ciphersuite_t *info );
+
+#ifdef __cplusplus
+}
+#endif
+
+#endif /* ssl_ciphersuites.h */
diff --git a/client/3rd/ShadowSocks/ShadowSocks/mbedtls/include/ssl_cookie.h b/client/3rd/ShadowSocks/ShadowSocks/mbedtls/include/ssl_cookie.h
new file mode 100644
index 00000000..037e1c31
--- /dev/null
+++ b/client/3rd/ShadowSocks/ShadowSocks/mbedtls/include/ssl_cookie.h
@@ -0,0 +1,108 @@
+/**
+ * \file ssl_cookie.h
+ *
+ * \brief DTLS cookie callbacks implementation
+ *
+ *  Copyright (C) 2006-2015, ARM Limited, All Rights Reserved
+ *  SPDX-License-Identifier: Apache-2.0
+ *
+ *  Licensed under the Apache License, Version 2.0 (the "License"); you may
+ *  not use this file except in compliance with the License.
+ *  You may obtain a copy of the License at
+ *
+ *  http://www.apache.org/licenses/LICENSE-2.0
+ *
+ *  Unless required by applicable law or agreed to in writing, software
+ *  distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
+ *  WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ *  See the License for the specific language governing permissions and
+ *  limitations under the License.
+ *
+ *  This file is part of mbed TLS (https://tls.mbed.org)
+ */
+#ifndef MBEDTLS_SSL_COOKIE_H
+#define MBEDTLS_SSL_COOKIE_H
+
+#include "ssl.h"
+
+#if defined(MBEDTLS_THREADING_C)
+#include "threading.h"
+#endif
+
+/**
+ * \name SECTION: Module settings
+ *
+ * The configuration options you can set for this module are in this section.
+ * Either change them in config.h or define them on the compiler command line.
+ * \{
+ */
+#ifndef MBEDTLS_SSL_COOKIE_TIMEOUT
+#define MBEDTLS_SSL_COOKIE_TIMEOUT     60 /**< Default expiration delay of DTLS cookies, in seconds if HAVE_TIME, or in number of cookies issued */
+#endif
+
+/* \} name SECTION: Module settings */
+
+#ifdef __cplusplus
+extern "C" {
+#endif
+
+/**
+ * \brief          Context for the default cookie functions.
+ */
+typedef struct
+{
+    mbedtls_md_context_t    hmac_ctx;   /*!< context for the HMAC portion   */
+#if !defined(MBEDTLS_HAVE_TIME)
+    unsigned long   serial;     /*!< serial number for expiration   */
+#endif
+    unsigned long   timeout;    /*!< timeout delay, in seconds if HAVE_TIME,
+                                     or in number of tickets issued */
+
+#if defined(MBEDTLS_THREADING_C)
+    mbedtls_threading_mutex_t mutex;
+#endif
+} mbedtls_ssl_cookie_ctx;
+
+/**
+ * \brief          Initialize cookie context
+ */
+void mbedtls_ssl_cookie_init( mbedtls_ssl_cookie_ctx *ctx );
+
+/**
+ * \brief          Setup cookie context (generate keys)
+ */
+int mbedtls_ssl_cookie_setup( mbedtls_ssl_cookie_ctx *ctx,
+                      int (*f_rng)(void *, unsigned char *, size_t),
+                      void *p_rng );
+
+/**
+ * \brief          Set expiration delay for cookies
+ *                 (Default MBEDTLS_SSL_COOKIE_TIMEOUT)
+ *
+ * \param ctx      Cookie contex
+ * \param delay    Delay, in seconds if HAVE_TIME, or in number of cookies
+ *                 issued in the meantime.
+ *                 0 to disable expiration (NOT recommended)
+ */
+void mbedtls_ssl_cookie_set_timeout( mbedtls_ssl_cookie_ctx *ctx, unsigned long delay );
+
+/**
+ * \brief          Free cookie context
+ */
+void mbedtls_ssl_cookie_free( mbedtls_ssl_cookie_ctx *ctx );
+
+/**
+ * \brief          Generate cookie, see \c mbedtls_ssl_cookie_write_t
+ */
+mbedtls_ssl_cookie_write_t mbedtls_ssl_cookie_write;
+
+/**
+ * \brief          Verify cookie, see \c mbedtls_ssl_cookie_write_t
+ */
+mbedtls_ssl_cookie_check_t mbedtls_ssl_cookie_check;
+
+#ifdef __cplusplus
+}
+#endif
+
+#endif /* ssl_cookie.h */
diff --git a/client/3rd/ShadowSocks/ShadowSocks/mbedtls/include/ssl_internal.h b/client/3rd/ShadowSocks/ShadowSocks/mbedtls/include/ssl_internal.h
new file mode 100644
index 00000000..78c748cf
--- /dev/null
+++ b/client/3rd/ShadowSocks/ShadowSocks/mbedtls/include/ssl_internal.h
@@ -0,0 +1,482 @@
+/**
+ * \file ssl_ticket.h
+ *
+ * \brief Internal functions shared by the SSL modules
+ *
+ *  Copyright (C) 2006-2015, ARM Limited, All Rights Reserved
+ *  SPDX-License-Identifier: Apache-2.0
+ *
+ *  Licensed under the Apache License, Version 2.0 (the "License"); you may
+ *  not use this file except in compliance with the License.
+ *  You may obtain a copy of the License at
+ *
+ *  http://www.apache.org/licenses/LICENSE-2.0
+ *
+ *  Unless required by applicable law or agreed to in writing, software
+ *  distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
+ *  WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ *  See the License for the specific language governing permissions and
+ *  limitations under the License.
+ *
+ *  This file is part of mbed TLS (https://tls.mbed.org)
+ */
+#ifndef MBEDTLS_SSL_INTERNAL_H
+#define MBEDTLS_SSL_INTERNAL_H
+
+#include "ssl.h"
+
+#if defined(MBEDTLS_MD5_C)
+#include "md5.h"
+#endif
+
+#if defined(MBEDTLS_SHA1_C)
+#include "sha1.h"
+#endif
+
+#if defined(MBEDTLS_SHA256_C)
+#include "sha256.h"
+#endif
+
+#if defined(MBEDTLS_SHA512_C)
+#include "sha512.h"
+#endif
+
+#if ( defined(__ARMCC_VERSION) || defined(_MSC_VER) ) && \
+    !defined(inline) && !defined(__cplusplus)
+#define inline __inline
+#endif
+
+/* Determine minimum supported version */
+#define MBEDTLS_SSL_MIN_MAJOR_VERSION           MBEDTLS_SSL_MAJOR_VERSION_3
+
+#if defined(MBEDTLS_SSL_PROTO_SSL3)
+#define MBEDTLS_SSL_MIN_MINOR_VERSION           MBEDTLS_SSL_MINOR_VERSION_0
+#else
+#if defined(MBEDTLS_SSL_PROTO_TLS1)
+#define MBEDTLS_SSL_MIN_MINOR_VERSION           MBEDTLS_SSL_MINOR_VERSION_1
+#else
+#if defined(MBEDTLS_SSL_PROTO_TLS1_1)
+#define MBEDTLS_SSL_MIN_MINOR_VERSION           MBEDTLS_SSL_MINOR_VERSION_2
+#else
+#if defined(MBEDTLS_SSL_PROTO_TLS1_2)
+#define MBEDTLS_SSL_MIN_MINOR_VERSION           MBEDTLS_SSL_MINOR_VERSION_3
+#endif /* MBEDTLS_SSL_PROTO_TLS1_2 */
+#endif /* MBEDTLS_SSL_PROTO_TLS1_1 */
+#endif /* MBEDTLS_SSL_PROTO_TLS1   */
+#endif /* MBEDTLS_SSL_PROTO_SSL3   */
+
+/* Determine maximum supported version */
+#define MBEDTLS_SSL_MAX_MAJOR_VERSION           MBEDTLS_SSL_MAJOR_VERSION_3
+
+#if defined(MBEDTLS_SSL_PROTO_TLS1_2)
+#define MBEDTLS_SSL_MAX_MINOR_VERSION           MBEDTLS_SSL_MINOR_VERSION_3
+#else
+#if defined(MBEDTLS_SSL_PROTO_TLS1_1)
+#define MBEDTLS_SSL_MAX_MINOR_VERSION           MBEDTLS_SSL_MINOR_VERSION_2
+#else
+#if defined(MBEDTLS_SSL_PROTO_TLS1)
+#define MBEDTLS_SSL_MAX_MINOR_VERSION           MBEDTLS_SSL_MINOR_VERSION_1
+#else
+#if defined(MBEDTLS_SSL_PROTO_SSL3)
+#define MBEDTLS_SSL_MAX_MINOR_VERSION           MBEDTLS_SSL_MINOR_VERSION_0
+#endif /* MBEDTLS_SSL_PROTO_SSL3   */
+#endif /* MBEDTLS_SSL_PROTO_TLS1   */
+#endif /* MBEDTLS_SSL_PROTO_TLS1_1 */
+#endif /* MBEDTLS_SSL_PROTO_TLS1_2 */
+
+#define MBEDTLS_SSL_INITIAL_HANDSHAKE           0
+#define MBEDTLS_SSL_RENEGOTIATION_IN_PROGRESS   1   /* In progress */
+#define MBEDTLS_SSL_RENEGOTIATION_DONE          2   /* Done or aborted */
+#define MBEDTLS_SSL_RENEGOTIATION_PENDING       3   /* Requested (server only) */
+
+/*
+ * DTLS retransmission states, see RFC 6347 4.2.4
+ *
+ * The SENDING state is merged in PREPARING for initial sends,
+ * but is distinct for resends.
+ *
+ * Note: initial state is wrong for server, but is not used anyway.
+ */
+#define MBEDTLS_SSL_RETRANS_PREPARING       0
+#define MBEDTLS_SSL_RETRANS_SENDING         1
+#define MBEDTLS_SSL_RETRANS_WAITING         2
+#define MBEDTLS_SSL_RETRANS_FINISHED        3
+
+/*
+ * Allow extra bytes for record, authentication and encryption overhead:
+ * counter (8) + header (5) + IV(16) + MAC (16-48) + padding (0-256)
+ * and allow for a maximum of 1024 of compression expansion if
+ * enabled.
+ */
+#if defined(MBEDTLS_ZLIB_SUPPORT)
+#define MBEDTLS_SSL_COMPRESSION_ADD          1024
+#else
+#define MBEDTLS_SSL_COMPRESSION_ADD             0
+#endif
+
+#if defined(MBEDTLS_ARC4_C) || defined(MBEDTLS_CIPHER_MODE_CBC)
+/* Ciphersuites using HMAC */
+#if defined(MBEDTLS_SHA512_C)
+#define MBEDTLS_SSL_MAC_ADD                 48  /* SHA-384 used for HMAC */
+#elif defined(MBEDTLS_SHA256_C)
+#define MBEDTLS_SSL_MAC_ADD                 32  /* SHA-256 used for HMAC */
+#else
+#define MBEDTLS_SSL_MAC_ADD                 20  /* SHA-1   used for HMAC */
+#endif
+#else
+/* AEAD ciphersuites: GCM and CCM use a 128 bits tag */
+#define MBEDTLS_SSL_MAC_ADD                 16
+#endif
+
+#if defined(MBEDTLS_CIPHER_MODE_CBC)
+#define MBEDTLS_SSL_PADDING_ADD            256
+#else
+#define MBEDTLS_SSL_PADDING_ADD              0
+#endif
+
+#define MBEDTLS_SSL_BUFFER_LEN  ( MBEDTLS_SSL_MAX_CONTENT_LEN               \
+                        + MBEDTLS_SSL_COMPRESSION_ADD               \
+                        + 29 /* counter + header + IV */    \
+                        + MBEDTLS_SSL_MAC_ADD                       \
+                        + MBEDTLS_SSL_PADDING_ADD                   \
+                        )
+
+/*
+ * TLS extension flags (for extensions with outgoing ServerHello content
+ * that need it (e.g. for RENEGOTIATION_INFO the server already knows because
+ * of state of the renegotiation flag, so no indicator is required)
+ */
+#define MBEDTLS_TLS_EXT_SUPPORTED_POINT_FORMATS_PRESENT (1 << 0)
+
+#ifdef __cplusplus
+extern "C" {
+#endif
+
+/*
+ * This structure contains the parameters only needed during handshake.
+ */
+struct mbedtls_ssl_handshake_params
+{
+    /*
+     * Handshake specific crypto variables
+     */
+    int sig_alg;                        /*!<  Hash algorithm for signature   */
+    int cert_type;                      /*!<  Requested cert type            */
+    int verify_sig_alg;                 /*!<  Signature algorithm for verify */
+#if defined(MBEDTLS_DHM_C)
+    mbedtls_dhm_context dhm_ctx;                /*!<  DHM key exchange        */
+#endif
+#if defined(MBEDTLS_ECDH_C)
+    mbedtls_ecdh_context ecdh_ctx;              /*!<  ECDH key exchange       */
+#endif
+#if defined(MBEDTLS_ECDH_C) || defined(MBEDTLS_ECDSA_C)
+    const mbedtls_ecp_curve_info **curves;      /*!<  Supported elliptic curves */
+#endif
+#if defined(MBEDTLS_KEY_EXCHANGE__SOME__PSK_ENABLED)
+    unsigned char *psk;                 /*!<  PSK from the callback         */
+    size_t psk_len;                     /*!<  Length of PSK from callback   */
+#endif
+#if defined(MBEDTLS_X509_CRT_PARSE_C)
+    mbedtls_ssl_key_cert *key_cert;     /*!< chosen key/cert pair (server)  */
+#if defined(MBEDTLS_SSL_SERVER_NAME_INDICATION)
+    int sni_authmode;                   /*!< authmode from SNI callback     */
+    mbedtls_ssl_key_cert *sni_key_cert; /*!< key/cert list from SNI         */
+    mbedtls_x509_crt *sni_ca_chain;     /*!< trusted CAs from SNI callback  */
+    mbedtls_x509_crl *sni_ca_crl;       /*!< trusted CAs CRLs from SNI      */
+#endif
+#endif /* MBEDTLS_X509_CRT_PARSE_C */
+#if defined(MBEDTLS_SSL_PROTO_DTLS)
+    unsigned int out_msg_seq;           /*!<  Outgoing handshake sequence number */
+    unsigned int in_msg_seq;            /*!<  Incoming handshake sequence number */
+
+    unsigned char *verify_cookie;       /*!<  Cli: HelloVerifyRequest cookie
+                                              Srv: unused                    */
+    unsigned char verify_cookie_len;    /*!<  Cli: cookie length
+                                              Srv: flag for sending a cookie */
+
+    unsigned char *hs_msg;              /*!<  Reassembled handshake message  */
+
+    uint32_t retransmit_timeout;        /*!<  Current value of timeout       */
+    unsigned char retransmit_state;     /*!<  Retransmission state           */
+    mbedtls_ssl_flight_item *flight;            /*!<  Current outgoing flight        */
+    mbedtls_ssl_flight_item *cur_msg;           /*!<  Current message in flight      */
+    unsigned int in_flight_start_seq;   /*!<  Minimum message sequence in the
+                                              flight being received          */
+    mbedtls_ssl_transform *alt_transform_out;   /*!<  Alternative transform for
+                                              resending messages             */
+    unsigned char alt_out_ctr[8];       /*!<  Alternative record epoch/counter
+                                              for resending messages         */
+#endif
+
+    /*
+     * Checksum contexts
+     */
+#if defined(MBEDTLS_SSL_PROTO_SSL3) || defined(MBEDTLS_SSL_PROTO_TLS1) || \
+    defined(MBEDTLS_SSL_PROTO_TLS1_1)
+       mbedtls_md5_context fin_md5;
+      mbedtls_sha1_context fin_sha1;
+#endif
+#if defined(MBEDTLS_SSL_PROTO_TLS1_2)
+#if defined(MBEDTLS_SHA256_C)
+    mbedtls_sha256_context fin_sha256;
+#endif
+#if defined(MBEDTLS_SHA512_C)
+    mbedtls_sha512_context fin_sha512;
+#endif
+#endif /* MBEDTLS_SSL_PROTO_TLS1_2 */
+
+    void (*update_checksum)(mbedtls_ssl_context *, const unsigned char *, size_t);
+    void (*calc_verify)(mbedtls_ssl_context *, unsigned char *);
+    void (*calc_finished)(mbedtls_ssl_context *, unsigned char *, int);
+    int  (*tls_prf)(const unsigned char *, size_t, const char *,
+                    const unsigned char *, size_t,
+                    unsigned char *, size_t);
+
+    size_t pmslen;                      /*!<  premaster length        */
+
+    unsigned char randbytes[64];        /*!<  random bytes            */
+    unsigned char premaster[MBEDTLS_PREMASTER_SIZE];
+                                        /*!<  premaster secret        */
+
+    int resume;                         /*!<  session resume indicator*/
+    int max_major_ver;                  /*!< max. major version client*/
+    int max_minor_ver;                  /*!< max. minor version client*/
+    int cli_exts;                       /*!< client extension presence*/
+
+#if defined(MBEDTLS_SSL_SESSION_TICKETS)
+    int new_session_ticket;             /*!< use NewSessionTicket?    */
+#endif /* MBEDTLS_SSL_SESSION_TICKETS */
+#if defined(MBEDTLS_SSL_EXTENDED_MASTER_SECRET)
+    int extended_ms;                    /*!< use Extended Master Secret? */
+#endif
+};
+
+/*
+ * This structure contains a full set of runtime transform parameters
+ * either in negotiation or active.
+ */
+struct mbedtls_ssl_transform
+{
+    /*
+     * Session specific crypto layer
+     */
+    const mbedtls_ssl_ciphersuite_t *ciphersuite_info;
+                                        /*!<  Chosen cipersuite_info  */
+    unsigned int keylen;                /*!<  symmetric key length (bytes)  */
+    size_t minlen;                      /*!<  min. ciphertext length  */
+    size_t ivlen;                       /*!<  IV length               */
+    size_t fixed_ivlen;                 /*!<  Fixed part of IV (AEAD) */
+    size_t maclen;                      /*!<  MAC length              */
+
+    unsigned char iv_enc[16];           /*!<  IV (encryption)         */
+    unsigned char iv_dec[16];           /*!<  IV (decryption)         */
+
+#if defined(MBEDTLS_SSL_PROTO_SSL3)
+    /* Needed only for SSL v3.0 secret */
+    unsigned char mac_enc[20];          /*!<  SSL v3.0 secret (enc)   */
+    unsigned char mac_dec[20];          /*!<  SSL v3.0 secret (dec)   */
+#endif /* MBEDTLS_SSL_PROTO_SSL3 */
+
+    mbedtls_md_context_t md_ctx_enc;            /*!<  MAC (encryption)        */
+    mbedtls_md_context_t md_ctx_dec;            /*!<  MAC (decryption)        */
+
+    mbedtls_cipher_context_t cipher_ctx_enc;    /*!<  encryption context      */
+    mbedtls_cipher_context_t cipher_ctx_dec;    /*!<  decryption context      */
+
+    /*
+     * Session specific compression layer
+     */
+#if defined(MBEDTLS_ZLIB_SUPPORT)
+    z_stream ctx_deflate;               /*!<  compression context     */
+    z_stream ctx_inflate;               /*!<  decompression context   */
+#endif
+};
+
+#if defined(MBEDTLS_X509_CRT_PARSE_C)
+/*
+ * List of certificate + private key pairs
+ */
+struct mbedtls_ssl_key_cert
+{
+    mbedtls_x509_crt *cert;                 /*!< cert                       */
+    mbedtls_pk_context *key;                /*!< private key                */
+    mbedtls_ssl_key_cert *next;             /*!< next key/cert pair         */
+};
+#endif /* MBEDTLS_X509_CRT_PARSE_C */
+
+#if defined(MBEDTLS_SSL_PROTO_DTLS)
+/*
+ * List of handshake messages kept around for resending
+ */
+struct mbedtls_ssl_flight_item
+{
+    unsigned char *p;       /*!< message, including handshake headers   */
+    size_t len;             /*!< length of p                            */
+    unsigned char type;     /*!< type of the message: handshake or CCS  */
+    mbedtls_ssl_flight_item *next;  /*!< next handshake message(s)              */
+};
+#endif /* MBEDTLS_SSL_PROTO_DTLS */
+
+
+/**
+ * \brief           Free referenced items in an SSL transform context and clear
+ *                  memory
+ *
+ * \param transform SSL transform context
+ */
+void mbedtls_ssl_transform_free( mbedtls_ssl_transform *transform );
+
+/**
+ * \brief           Free referenced items in an SSL handshake context and clear
+ *                  memory
+ *
+ * \param handshake SSL handshake context
+ */
+void mbedtls_ssl_handshake_free( mbedtls_ssl_handshake_params *handshake );
+
+int mbedtls_ssl_handshake_client_step( mbedtls_ssl_context *ssl );
+int mbedtls_ssl_handshake_server_step( mbedtls_ssl_context *ssl );
+void mbedtls_ssl_handshake_wrapup( mbedtls_ssl_context *ssl );
+
+int mbedtls_ssl_send_fatal_handshake_failure( mbedtls_ssl_context *ssl );
+
+void mbedtls_ssl_reset_checksum( mbedtls_ssl_context *ssl );
+int mbedtls_ssl_derive_keys( mbedtls_ssl_context *ssl );
+
+int mbedtls_ssl_read_record( mbedtls_ssl_context *ssl );
+int mbedtls_ssl_fetch_input( mbedtls_ssl_context *ssl, size_t nb_want );
+
+int mbedtls_ssl_write_record( mbedtls_ssl_context *ssl );
+int mbedtls_ssl_flush_output( mbedtls_ssl_context *ssl );
+
+int mbedtls_ssl_parse_certificate( mbedtls_ssl_context *ssl );
+int mbedtls_ssl_write_certificate( mbedtls_ssl_context *ssl );
+
+int mbedtls_ssl_parse_change_cipher_spec( mbedtls_ssl_context *ssl );
+int mbedtls_ssl_write_change_cipher_spec( mbedtls_ssl_context *ssl );
+
+int mbedtls_ssl_parse_finished( mbedtls_ssl_context *ssl );
+int mbedtls_ssl_write_finished( mbedtls_ssl_context *ssl );
+
+void mbedtls_ssl_optimize_checksum( mbedtls_ssl_context *ssl,
+                            const mbedtls_ssl_ciphersuite_t *ciphersuite_info );
+
+#if defined(MBEDTLS_KEY_EXCHANGE__SOME__PSK_ENABLED)
+int mbedtls_ssl_psk_derive_premaster( mbedtls_ssl_context *ssl, mbedtls_key_exchange_type_t key_ex );
+#endif
+
+#if defined(MBEDTLS_PK_C)
+unsigned char mbedtls_ssl_sig_from_pk( mbedtls_pk_context *pk );
+mbedtls_pk_type_t mbedtls_ssl_pk_alg_from_sig( unsigned char sig );
+#endif
+
+mbedtls_md_type_t mbedtls_ssl_md_alg_from_hash( unsigned char hash );
+unsigned char mbedtls_ssl_hash_from_md_alg( int md );
+
+#if defined(MBEDTLS_ECP_C)
+int mbedtls_ssl_check_curve( const mbedtls_ssl_context *ssl, mbedtls_ecp_group_id grp_id );
+#endif
+
+#if defined(MBEDTLS_KEY_EXCHANGE__SOME__SIGNATURE_ENABLED)
+int mbedtls_ssl_check_sig_hash( const mbedtls_ssl_context *ssl,
+                                mbedtls_md_type_t md );
+#endif
+
+#if defined(MBEDTLS_X509_CRT_PARSE_C)
+static inline mbedtls_pk_context *mbedtls_ssl_own_key( mbedtls_ssl_context *ssl )
+{
+    mbedtls_ssl_key_cert *key_cert;
+
+    if( ssl->handshake != NULL && ssl->handshake->key_cert != NULL )
+        key_cert = ssl->handshake->key_cert;
+    else
+        key_cert = ssl->conf->key_cert;
+
+    return( key_cert == NULL ? NULL : key_cert->key );
+}
+
+static inline mbedtls_x509_crt *mbedtls_ssl_own_cert( mbedtls_ssl_context *ssl )
+{
+    mbedtls_ssl_key_cert *key_cert;
+
+    if( ssl->handshake != NULL && ssl->handshake->key_cert != NULL )
+        key_cert = ssl->handshake->key_cert;
+    else
+        key_cert = ssl->conf->key_cert;
+
+    return( key_cert == NULL ? NULL : key_cert->cert );
+}
+
+/*
+ * Check usage of a certificate wrt extensions:
+ * keyUsage, extendedKeyUsage (later), and nSCertType (later).
+ *
+ * Warning: cert_endpoint is the endpoint of the cert (ie, of our peer when we
+ * check a cert we received from them)!
+ *
+ * Return 0 if everything is OK, -1 if not.
+ */
+int mbedtls_ssl_check_cert_usage( const mbedtls_x509_crt *cert,
+                          const mbedtls_ssl_ciphersuite_t *ciphersuite,
+                          int cert_endpoint,
+                          uint32_t *flags );
+#endif /* MBEDTLS_X509_CRT_PARSE_C */
+
+void mbedtls_ssl_write_version( int major, int minor, int transport,
+                        unsigned char ver[2] );
+void mbedtls_ssl_read_version( int *major, int *minor, int transport,
+                       const unsigned char ver[2] );
+
+static inline size_t mbedtls_ssl_hdr_len( const mbedtls_ssl_context *ssl )
+{
+#if defined(MBEDTLS_SSL_PROTO_DTLS)
+    if( ssl->conf->transport == MBEDTLS_SSL_TRANSPORT_DATAGRAM )
+        return( 13 );
+#else
+    ((void) ssl);
+#endif
+    return( 5 );
+}
+
+static inline size_t mbedtls_ssl_hs_hdr_len( const mbedtls_ssl_context *ssl )
+{
+#if defined(MBEDTLS_SSL_PROTO_DTLS)
+    if( ssl->conf->transport == MBEDTLS_SSL_TRANSPORT_DATAGRAM )
+        return( 12 );
+#else
+    ((void) ssl);
+#endif
+    return( 4 );
+}
+
+#if defined(MBEDTLS_SSL_PROTO_DTLS)
+void mbedtls_ssl_send_flight_completed( mbedtls_ssl_context *ssl );
+void mbedtls_ssl_recv_flight_completed( mbedtls_ssl_context *ssl );
+int mbedtls_ssl_resend( mbedtls_ssl_context *ssl );
+#endif
+
+/* Visible for testing purposes only */
+#if defined(MBEDTLS_SSL_DTLS_ANTI_REPLAY)
+int mbedtls_ssl_dtls_replay_check( mbedtls_ssl_context *ssl );
+void mbedtls_ssl_dtls_replay_update( mbedtls_ssl_context *ssl );
+#endif
+
+/* constant-time buffer comparison */
+static inline int mbedtls_ssl_safer_memcmp( const void *a, const void *b, size_t n )
+{
+    size_t i;
+    const unsigned char *A = (const unsigned char *) a;
+    const unsigned char *B = (const unsigned char *) b;
+    unsigned char diff = 0;
+
+    for( i = 0; i < n; i++ )
+        diff |= A[i] ^ B[i];
+
+    return( diff );
+}
+
+#ifdef __cplusplus
+}
+#endif
+
+#endif /* ssl_internal.h */
diff --git a/client/3rd/ShadowSocks/ShadowSocks/mbedtls/include/ssl_ticket.h b/client/3rd/ShadowSocks/ShadowSocks/mbedtls/include/ssl_ticket.h
new file mode 100644
index 00000000..7c6bc61b
--- /dev/null
+++ b/client/3rd/ShadowSocks/ShadowSocks/mbedtls/include/ssl_ticket.h
@@ -0,0 +1,135 @@
+/**
+ * \file ssl_ticket.h
+ *
+ * \brief TLS server ticket callbacks implementation
+ *
+ *  Copyright (C) 2006-2015, ARM Limited, All Rights Reserved
+ *  SPDX-License-Identifier: Apache-2.0
+ *
+ *  Licensed under the Apache License, Version 2.0 (the "License"); you may
+ *  not use this file except in compliance with the License.
+ *  You may obtain a copy of the License at
+ *
+ *  http://www.apache.org/licenses/LICENSE-2.0
+ *
+ *  Unless required by applicable law or agreed to in writing, software
+ *  distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
+ *  WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ *  See the License for the specific language governing permissions and
+ *  limitations under the License.
+ *
+ *  This file is part of mbed TLS (https://tls.mbed.org)
+ */
+#ifndef MBEDTLS_SSL_TICKET_H
+#define MBEDTLS_SSL_TICKET_H
+
+/*
+ * This implementation of the session ticket callbacks includes key
+ * management, rotating the keys periodically in order to preserve forward
+ * secrecy, when MBEDTLS_HAVE_TIME is defined.
+ */
+
+#include "ssl.h"
+#include "cipher.h"
+
+#if defined(MBEDTLS_THREADING_C)
+#include "threading.h"
+#endif
+
+#ifdef __cplusplus
+extern "C" {
+#endif
+
+/**
+ * \brief   Information for session ticket protection
+ */
+typedef struct
+{
+    unsigned char name[4];          /*!< random key identifier              */
+    uint32_t generation_time;       /*!< key generation timestamp (seconds) */
+    mbedtls_cipher_context_t ctx;   /*!< context for auth enc/decryption    */
+}
+mbedtls_ssl_ticket_key;
+
+/**
+ * \brief   Context for session ticket handling functions
+ */
+typedef struct
+{
+    mbedtls_ssl_ticket_key keys[2]; /*!< ticket protection keys             */
+    unsigned char active;           /*!< index of the currently active key  */
+
+    uint32_t ticket_lifetime;       /*!< lifetime of tickets in seconds     */
+
+    /** Callback for getting (pseudo-)random numbers                        */
+    int  (*f_rng)(void *, unsigned char *, size_t);
+    void *p_rng;                    /*!< context for the RNG function       */
+
+#if defined(MBEDTLS_THREADING_C)
+    mbedtls_threading_mutex_t mutex;
+#endif
+}
+mbedtls_ssl_ticket_context;
+
+/**
+ * \brief           Initialize a ticket context.
+ *                  (Just make it ready for mbedtls_ssl_ticket_setup()
+ *                  or mbedtls_ssl_ticket_free().)
+ *
+ * \param ctx       Context to be initialized
+ */
+void mbedtls_ssl_ticket_init( mbedtls_ssl_ticket_context *ctx );
+
+/**
+ * \brief           Prepare context to be actually used
+ *
+ * \param ctx       Context to be set up
+ * \param f_rng     RNG callback function
+ * \param p_rng     RNG callback context
+ * \param cipher    AEAD cipher to use for ticket protection.
+ *                  Recommended value: MBEDTLS_CIPHER_AES_256_GCM.
+ * \param lifetime  Tickets lifetime in seconds
+ *                  Recommended value: 86400 (one day).
+ *
+ * \note            It is highly recommended to select a cipher that is at
+ *                  least as strong as the the strongest ciphersuite
+ *                  supported. Usually that means a 256-bit key.
+ *
+ * \note            The lifetime of the keys is twice the lifetime of tickets.
+ *                  It is recommended to pick a reasonnable lifetime so as not
+ *                  to negate the benefits of forward secrecy.
+ *
+ * \return          0 if successful,
+ *                  or a specific MBEDTLS_ERR_XXX error code
+ */
+int mbedtls_ssl_ticket_setup( mbedtls_ssl_ticket_context *ctx,
+    int (*f_rng)(void *, unsigned char *, size_t), void *p_rng,
+    mbedtls_cipher_type_t cipher,
+    uint32_t lifetime );
+
+/**
+ * \brief           Implementation of the ticket write callback
+ *
+ * \note            See \c mbedlts_ssl_ticket_write_t for description
+ */
+mbedtls_ssl_ticket_write_t mbedtls_ssl_ticket_write;
+
+/**
+ * \brief           Implementation of the ticket parse callback
+ *
+ * \note            See \c mbedlts_ssl_ticket_parse_t for description
+ */
+mbedtls_ssl_ticket_parse_t mbedtls_ssl_ticket_parse;
+
+/**
+ * \brief           Free a context's content and zeroize it.
+ *
+ * \param ctx       Context to be cleaned up
+ */
+void mbedtls_ssl_ticket_free( mbedtls_ssl_ticket_context *ctx );
+
+#ifdef __cplusplus
+}
+#endif
+
+#endif /* ssl_ticket.h */
diff --git a/client/3rd/ShadowSocks/ShadowSocks/mbedtls/include/threading.h b/client/3rd/ShadowSocks/ShadowSocks/mbedtls/include/threading.h
new file mode 100644
index 00000000..c39cbf24
--- /dev/null
+++ b/client/3rd/ShadowSocks/ShadowSocks/mbedtls/include/threading.h
@@ -0,0 +1,104 @@
+/**
+ * \file threading.h
+ *
+ * \brief Threading abstraction layer
+ *
+ *  Copyright (C) 2006-2015, ARM Limited, All Rights Reserved
+ *  SPDX-License-Identifier: Apache-2.0
+ *
+ *  Licensed under the Apache License, Version 2.0 (the "License"); you may
+ *  not use this file except in compliance with the License.
+ *  You may obtain a copy of the License at
+ *
+ *  http://www.apache.org/licenses/LICENSE-2.0
+ *
+ *  Unless required by applicable law or agreed to in writing, software
+ *  distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
+ *  WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ *  See the License for the specific language governing permissions and
+ *  limitations under the License.
+ *
+ *  This file is part of mbed TLS (https://tls.mbed.org)
+ */
+#ifndef MBEDTLS_THREADING_H
+#define MBEDTLS_THREADING_H
+
+#if !defined(MBEDTLS_CONFIG_FILE)
+#include "config.h"
+#else
+#include MBEDTLS_CONFIG_FILE
+#endif
+
+#include <stdlib.h>
+
+#ifdef __cplusplus
+extern "C" {
+#endif
+
+#define MBEDTLS_ERR_THREADING_FEATURE_UNAVAILABLE         -0x001A  /**< The selected feature is not available. */
+#define MBEDTLS_ERR_THREADING_BAD_INPUT_DATA              -0x001C  /**< Bad input parameters to function. */
+#define MBEDTLS_ERR_THREADING_MUTEX_ERROR                 -0x001E  /**< Locking / unlocking / free failed with error code. */
+
+#if defined(MBEDTLS_THREADING_PTHREAD)
+#include <pthread.h>
+typedef struct
+{
+    pthread_mutex_t mutex;
+    char is_valid;
+} mbedtls_threading_mutex_t;
+#endif
+
+#if defined(MBEDTLS_THREADING_ALT)
+/* You should define the mbedtls_threading_mutex_t type in your header */
+#include "threading_alt.h"
+
+/**
+ * \brief           Set your alternate threading implementation function
+ *                  pointers and initialize global mutexes. If used, this
+ *                  function must be called once in the main thread before any
+ *                  other mbed TLS function is called, and
+ *                  mbedtls_threading_free_alt() must be called once in the main
+ *                  thread after all other mbed TLS functions.
+ *
+ * \note            mutex_init() and mutex_free() don't return a status code.
+ *                  If mutex_init() fails, it should leave its argument (the
+ *                  mutex) in a state such that mutex_lock() will fail when
+ *                  called with this argument.
+ *
+ * \param mutex_init    the init function implementation
+ * \param mutex_free    the free function implementation
+ * \param mutex_lock    the lock function implementation
+ * \param mutex_unlock  the unlock function implementation
+ */
+void mbedtls_threading_set_alt( void (*mutex_init)( mbedtls_threading_mutex_t * ),
+                       void (*mutex_free)( mbedtls_threading_mutex_t * ),
+                       int (*mutex_lock)( mbedtls_threading_mutex_t * ),
+                       int (*mutex_unlock)( mbedtls_threading_mutex_t * ) );
+
+/**
+ * \brief               Free global mutexes.
+ */
+void mbedtls_threading_free_alt( void );
+#endif /* MBEDTLS_THREADING_ALT */
+
+/*
+ * The function pointers for mutex_init, mutex_free, mutex_ and mutex_unlock
+ *
+ * All these functions are expected to work or the result will be undefined.
+ */
+extern void (*mbedtls_mutex_init)( mbedtls_threading_mutex_t *mutex );
+extern void (*mbedtls_mutex_free)( mbedtls_threading_mutex_t *mutex );
+extern int (*mbedtls_mutex_lock)( mbedtls_threading_mutex_t *mutex );
+extern int (*mbedtls_mutex_unlock)( mbedtls_threading_mutex_t *mutex );
+
+/*
+ * Global mutexes
+ */
+extern mbedtls_threading_mutex_t mbedtls_threading_readdir_mutex;
+extern mbedtls_threading_mutex_t mbedtls_threading_gmtime_mutex;
+
+#ifdef __cplusplus
+}
+#endif
+
+#endif /* threading.h */
diff --git a/client/3rd/ShadowSocks/ShadowSocks/mbedtls/include/timing.h b/client/3rd/ShadowSocks/ShadowSocks/mbedtls/include/timing.h
new file mode 100644
index 00000000..ae7a713e
--- /dev/null
+++ b/client/3rd/ShadowSocks/ShadowSocks/mbedtls/include/timing.h
@@ -0,0 +1,141 @@
+/**
+ * \file timing.h
+ *
+ * \brief Portable interface to the CPU cycle counter
+ *
+ *  Copyright (C) 2006-2015, ARM Limited, All Rights Reserved
+ *  SPDX-License-Identifier: Apache-2.0
+ *
+ *  Licensed under the Apache License, Version 2.0 (the "License"); you may
+ *  not use this file except in compliance with the License.
+ *  You may obtain a copy of the License at
+ *
+ *  http://www.apache.org/licenses/LICENSE-2.0
+ *
+ *  Unless required by applicable law or agreed to in writing, software
+ *  distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
+ *  WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ *  See the License for the specific language governing permissions and
+ *  limitations under the License.
+ *
+ *  This file is part of mbed TLS (https://tls.mbed.org)
+ */
+#ifndef MBEDTLS_TIMING_H
+#define MBEDTLS_TIMING_H
+
+#if !defined(MBEDTLS_CONFIG_FILE)
+#include "config.h"
+#else
+#include MBEDTLS_CONFIG_FILE
+#endif
+
+#if !defined(MBEDTLS_TIMING_ALT)
+// Regular implementation
+//
+
+#include <stdint.h>
+
+#ifdef __cplusplus
+extern "C" {
+#endif
+
+/**
+ * \brief          timer structure
+ */
+struct mbedtls_timing_hr_time
+{
+    unsigned char opaque[32];
+};
+
+/**
+ * \brief          Context for mbedtls_timing_set/get_delay()
+ */
+typedef struct
+{
+    struct mbedtls_timing_hr_time   timer;
+    uint32_t                        int_ms;
+    uint32_t                        fin_ms;
+} mbedtls_timing_delay_context;
+
+extern volatile int mbedtls_timing_alarmed;
+
+/**
+ * \brief          Return the CPU cycle counter value
+ *
+ * \warning        This is only a best effort! Do not rely on this!
+ *                 In particular, it is known to be unreliable on virtual
+ *                 machines.
+ */
+unsigned long mbedtls_timing_hardclock( void );
+
+/**
+ * \brief          Return the elapsed time in milliseconds
+ *
+ * \param val      points to a timer structure
+ * \param reset    if set to 1, the timer is restarted
+ */
+unsigned long mbedtls_timing_get_timer( struct mbedtls_timing_hr_time *val, int reset );
+
+/**
+ * \brief          Setup an alarm clock
+ *
+ * \param seconds  delay before the "mbedtls_timing_alarmed" flag is set
+ *
+ * \warning        Only one alarm at a time  is supported. In a threaded
+ *                 context, this means one for the whole process, not one per
+ *                 thread.
+ */
+void mbedtls_set_alarm( int seconds );
+
+/**
+ * \brief          Set a pair of delays to watch
+ *                 (See \c mbedtls_timing_get_delay().)
+ *
+ * \param data     Pointer to timing data
+ *                 Must point to a valid \c mbedtls_timing_delay_context struct.
+ * \param int_ms   First (intermediate) delay in milliseconds.
+ * \param fin_ms   Second (final) delay in milliseconds.
+ *                 Pass 0 to cancel the current delay.
+ */
+void mbedtls_timing_set_delay( void *data, uint32_t int_ms, uint32_t fin_ms );
+
+/**
+ * \brief          Get the status of delays
+ *                 (Memory helper: number of delays passed.)
+ *
+ * \param data     Pointer to timing data
+ *                 Must point to a valid \c mbedtls_timing_delay_context struct.
+ *
+ * \return         -1 if cancelled (fin_ms = 0)
+ *                  0 if none of the delays are passed,
+ *                  1 if only the intermediate delay is passed,
+ *                  2 if the final delay is passed.
+ */
+int mbedtls_timing_get_delay( void *data );
+
+#ifdef __cplusplus
+}
+#endif
+
+#else  /* MBEDTLS_TIMING_ALT */
+#include "timing_alt.h"
+#endif /* MBEDTLS_TIMING_ALT */
+
+#ifdef __cplusplus
+extern "C" {
+#endif
+
+#if defined(MBEDTLS_SELF_TEST)
+/**
+ * \brief          Checkup routine
+ *
+ * \return         0 if successful, or 1 if a test failed
+ */
+int mbedtls_timing_self_test( int verbose );
+#endif
+
+#ifdef __cplusplus
+}
+#endif
+
+#endif /* timing.h */
diff --git a/client/3rd/ShadowSocks/ShadowSocks/mbedtls/include/version.h b/client/3rd/ShadowSocks/ShadowSocks/mbedtls/include/version.h
new file mode 100644
index 00000000..8bc2708e
--- /dev/null
+++ b/client/3rd/ShadowSocks/ShadowSocks/mbedtls/include/version.h
@@ -0,0 +1,111 @@
+/**
+ * \file version.h
+ *
+ * \brief Run-time version information
+ *
+ *  Copyright (C) 2006-2015, ARM Limited, All Rights Reserved
+ *  SPDX-License-Identifier: Apache-2.0
+ *
+ *  Licensed under the Apache License, Version 2.0 (the "License"); you may
+ *  not use this file except in compliance with the License.
+ *  You may obtain a copy of the License at
+ *
+ *  http://www.apache.org/licenses/LICENSE-2.0
+ *
+ *  Unless required by applicable law or agreed to in writing, software
+ *  distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
+ *  WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ *  See the License for the specific language governing permissions and
+ *  limitations under the License.
+ *
+ *  This file is part of mbed TLS (https://tls.mbed.org)
+ */
+/*
+ * This set of compile-time defines and run-time variables can be used to
+ * determine the version number of the mbed TLS library used.
+ */
+#ifndef MBEDTLS_VERSION_H
+#define MBEDTLS_VERSION_H
+
+#if !defined(MBEDTLS_CONFIG_FILE)
+#include "config.h"
+#else
+#include MBEDTLS_CONFIG_FILE
+#endif
+
+/**
+ * The version number x.y.z is split into three parts.
+ * Major, Minor, Patchlevel
+ */
+#define MBEDTLS_VERSION_MAJOR  2
+#define MBEDTLS_VERSION_MINOR  1
+#define MBEDTLS_VERSION_PATCH  2
+
+/**
+ * The single version number has the following structure:
+ *    MMNNPP00
+ *    Major version | Minor version | Patch version
+ */
+#define MBEDTLS_VERSION_NUMBER         0x02010200
+#define MBEDTLS_VERSION_STRING         "2.1.2"
+#define MBEDTLS_VERSION_STRING_FULL    "mbed TLS 2.1.2"
+
+#if defined(MBEDTLS_VERSION_C)
+
+#ifdef __cplusplus
+extern "C" {
+#endif
+
+/**
+ * Get the version number.
+ *
+ * \return          The constructed version number in the format
+ *                  MMNNPP00 (Major, Minor, Patch).
+ */
+unsigned int mbedtls_version_get_number( void );
+
+/**
+ * Get the version string ("x.y.z").
+ *
+ * \param string    The string that will receive the value.
+ *                  (Should be at least 9 bytes in size)
+ */
+void mbedtls_version_get_string( char *string );
+
+/**
+ * Get the full version string ("mbed TLS x.y.z").
+ *
+ * \param string    The string that will receive the value. The mbed TLS version
+ *                  string will use 18 bytes AT MOST including a terminating
+ *                  null byte.
+ *                  (So the buffer should be at least 18 bytes to receive this
+ *                  version string).
+ */
+void mbedtls_version_get_string_full( char *string );
+
+/**
+ * \brief           Check if support for a feature was compiled into this
+ *                  mbed TLS binary. This allows you to see at runtime if the
+ *                  library was for instance compiled with or without
+ *                  Multi-threading support.
+ *
+ * \note            only checks against defines in the sections "System
+ *                  support", "mbed TLS modules" and "mbed TLS feature
+ *                  support" in config.h
+ *
+ * \param feature   The string for the define to check (e.g. "MBEDTLS_AES_C")
+ *
+ * \return          0 if the feature is present,
+ *                  -1 if the feature is not present and
+ *                  -2 if support for feature checking as a whole was not
+ *                  compiled in.
+ */
+int mbedtls_version_check_feature( const char *feature );
+
+#ifdef __cplusplus
+}
+#endif
+
+#endif /* MBEDTLS_VERSION_C */
+
+#endif /* version.h */
diff --git a/client/3rd/ShadowSocks/ShadowSocks/mbedtls/include/x509.h b/client/3rd/ShadowSocks/ShadowSocks/mbedtls/include/x509.h
new file mode 100644
index 00000000..54dac166
--- /dev/null
+++ b/client/3rd/ShadowSocks/ShadowSocks/mbedtls/include/x509.h
@@ -0,0 +1,331 @@
+/**
+ * \file x509.h
+ *
+ * \brief X.509 generic defines and structures
+ *
+ *  Copyright (C) 2006-2015, ARM Limited, All Rights Reserved
+ *  SPDX-License-Identifier: Apache-2.0
+ *
+ *  Licensed under the Apache License, Version 2.0 (the "License"); you may
+ *  not use this file except in compliance with the License.
+ *  You may obtain a copy of the License at
+ *
+ *  http://www.apache.org/licenses/LICENSE-2.0
+ *
+ *  Unless required by applicable law or agreed to in writing, software
+ *  distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
+ *  WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ *  See the License for the specific language governing permissions and
+ *  limitations under the License.
+ *
+ *  This file is part of mbed TLS (https://tls.mbed.org)
+ */
+#ifndef MBEDTLS_X509_H
+#define MBEDTLS_X509_H
+
+#if !defined(MBEDTLS_CONFIG_FILE)
+#include "config.h"
+#else
+#include MBEDTLS_CONFIG_FILE
+#endif
+
+#include "asn1.h"
+#include "pk.h"
+
+#if defined(MBEDTLS_RSA_C)
+#include "rsa.h"
+#endif
+
+/**
+ * \addtogroup x509_module
+ * \{
+ */
+
+#if !defined(MBEDTLS_X509_MAX_INTERMEDIATE_CA)
+/**
+ * Maximum number of intermediate CAs in a verification chain.
+ * That is, maximum length of the chain, excluding the end-entity certificate
+ * and the trusted root certificate.
+ *
+ * Set this to a low value to prevent an adversary from making you waste
+ * resources verifying an overlong certificate chain.
+ */
+#define MBEDTLS_X509_MAX_INTERMEDIATE_CA   8
+#endif
+
+/**
+ * \name X509 Error codes
+ * \{
+ */
+#define MBEDTLS_ERR_X509_FEATURE_UNAVAILABLE              -0x2080  /**< Unavailable feature, e.g. RSA hashing/encryption combination. */
+#define MBEDTLS_ERR_X509_UNKNOWN_OID                      -0x2100  /**< Requested OID is unknown. */
+#define MBEDTLS_ERR_X509_INVALID_FORMAT                   -0x2180  /**< The CRT/CRL/CSR format is invalid, e.g. different type expected. */
+#define MBEDTLS_ERR_X509_INVALID_VERSION                  -0x2200  /**< The CRT/CRL/CSR version element is invalid. */
+#define MBEDTLS_ERR_X509_INVALID_SERIAL                   -0x2280  /**< The serial tag or value is invalid. */
+#define MBEDTLS_ERR_X509_INVALID_ALG                      -0x2300  /**< The algorithm tag or value is invalid. */
+#define MBEDTLS_ERR_X509_INVALID_NAME                     -0x2380  /**< The name tag or value is invalid. */
+#define MBEDTLS_ERR_X509_INVALID_DATE                     -0x2400  /**< The date tag or value is invalid. */
+#define MBEDTLS_ERR_X509_INVALID_SIGNATURE                -0x2480  /**< The signature tag or value invalid. */
+#define MBEDTLS_ERR_X509_INVALID_EXTENSIONS               -0x2500  /**< The extension tag or value is invalid. */
+#define MBEDTLS_ERR_X509_UNKNOWN_VERSION                  -0x2580  /**< CRT/CRL/CSR has an unsupported version number. */
+#define MBEDTLS_ERR_X509_UNKNOWN_SIG_ALG                  -0x2600  /**< Signature algorithm (oid) is unsupported. */
+#define MBEDTLS_ERR_X509_SIG_MISMATCH                     -0x2680  /**< Signature algorithms do not match. (see \c ::mbedtls_x509_crt sig_oid) */
+#define MBEDTLS_ERR_X509_CERT_VERIFY_FAILED               -0x2700  /**< Certificate verification failed, e.g. CRL, CA or signature check failed. */
+#define MBEDTLS_ERR_X509_CERT_UNKNOWN_FORMAT              -0x2780  /**< Format not recognized as DER or PEM. */
+#define MBEDTLS_ERR_X509_BAD_INPUT_DATA                   -0x2800  /**< Input invalid. */
+#define MBEDTLS_ERR_X509_ALLOC_FAILED                     -0x2880  /**< Allocation of memory failed. */
+#define MBEDTLS_ERR_X509_FILE_IO_ERROR                    -0x2900  /**< Read/write of file failed. */
+#define MBEDTLS_ERR_X509_BUFFER_TOO_SMALL                 -0x2980  /**< Destination buffer is too small. */
+/* \} name */
+
+/**
+ * \name X509 Verify codes
+ * \{
+ */
+/* Reminder: update x509_crt_verify_strings[] in library/x509_crt.c */
+#define MBEDTLS_X509_BADCERT_EXPIRED             0x01  /**< The certificate validity has expired. */
+#define MBEDTLS_X509_BADCERT_REVOKED             0x02  /**< The certificate has been revoked (is on a CRL). */
+#define MBEDTLS_X509_BADCERT_CN_MISMATCH         0x04  /**< The certificate Common Name (CN) does not match with the expected CN. */
+#define MBEDTLS_X509_BADCERT_NOT_TRUSTED         0x08  /**< The certificate is not correctly signed by the trusted CA. */
+#define MBEDTLS_X509_BADCRL_NOT_TRUSTED          0x10  /**< The CRL is not correctly signed by the trusted CA. */
+#define MBEDTLS_X509_BADCRL_EXPIRED              0x20  /**< The CRL is expired. */
+#define MBEDTLS_X509_BADCERT_MISSING             0x40  /**< Certificate was missing. */
+#define MBEDTLS_X509_BADCERT_SKIP_VERIFY         0x80  /**< Certificate verification was skipped. */
+#define MBEDTLS_X509_BADCERT_OTHER             0x0100  /**< Other reason (can be used by verify callback) */
+#define MBEDTLS_X509_BADCERT_FUTURE            0x0200  /**< The certificate validity starts in the future. */
+#define MBEDTLS_X509_BADCRL_FUTURE             0x0400  /**< The CRL is from the future */
+#define MBEDTLS_X509_BADCERT_KEY_USAGE         0x0800  /**< Usage does not match the keyUsage extension. */
+#define MBEDTLS_X509_BADCERT_EXT_KEY_USAGE     0x1000  /**< Usage does not match the extendedKeyUsage extension. */
+#define MBEDTLS_X509_BADCERT_NS_CERT_TYPE      0x2000  /**< Usage does not match the nsCertType extension. */
+#define MBEDTLS_X509_BADCERT_BAD_MD            0x4000  /**< The certificate is signed with an unacceptable hash. */
+#define MBEDTLS_X509_BADCERT_BAD_PK            0x8000  /**< The certificate is signed with an unacceptable PK alg (eg RSA vs ECDSA). */
+#define MBEDTLS_X509_BADCERT_BAD_KEY         0x010000  /**< The certificate is signed with an unacceptable key (eg bad curve, RSA too short). */
+#define MBEDTLS_X509_BADCRL_BAD_MD           0x020000  /**< The CRL is signed with an unacceptable hash. */
+#define MBEDTLS_X509_BADCRL_BAD_PK           0x040000  /**< The CRL is signed with an unacceptable PK alg (eg RSA vs ECDSA). */
+#define MBEDTLS_X509_BADCRL_BAD_KEY          0x080000  /**< The CRL is signed with an unacceptable key (eg bad curve, RSA too short). */
+
+/* \} name */
+/* \} addtogroup x509_module */
+
+/*
+ * X.509 v3 Key Usage Extension flags
+ * Reminder: update x509_info_key_usage() when adding new flags.
+ */
+#define MBEDTLS_X509_KU_DIGITAL_SIGNATURE            (0x80)  /* bit 0 */
+#define MBEDTLS_X509_KU_NON_REPUDIATION              (0x40)  /* bit 1 */
+#define MBEDTLS_X509_KU_KEY_ENCIPHERMENT             (0x20)  /* bit 2 */
+#define MBEDTLS_X509_KU_DATA_ENCIPHERMENT            (0x10)  /* bit 3 */
+#define MBEDTLS_X509_KU_KEY_AGREEMENT                (0x08)  /* bit 4 */
+#define MBEDTLS_X509_KU_KEY_CERT_SIGN                (0x04)  /* bit 5 */
+#define MBEDTLS_X509_KU_CRL_SIGN                     (0x02)  /* bit 6 */
+#define MBEDTLS_X509_KU_ENCIPHER_ONLY                (0x01)  /* bit 7 */
+#define MBEDTLS_X509_KU_DECIPHER_ONLY              (0x8000)  /* bit 8 */
+
+/*
+ * Netscape certificate types
+ * (http://www.mozilla.org/projects/security/pki/nss/tech-notes/tn3.html)
+ */
+
+#define MBEDTLS_X509_NS_CERT_TYPE_SSL_CLIENT         (0x80)  /* bit 0 */
+#define MBEDTLS_X509_NS_CERT_TYPE_SSL_SERVER         (0x40)  /* bit 1 */
+#define MBEDTLS_X509_NS_CERT_TYPE_EMAIL              (0x20)  /* bit 2 */
+#define MBEDTLS_X509_NS_CERT_TYPE_OBJECT_SIGNING     (0x10)  /* bit 3 */
+#define MBEDTLS_X509_NS_CERT_TYPE_RESERVED           (0x08)  /* bit 4 */
+#define MBEDTLS_X509_NS_CERT_TYPE_SSL_CA             (0x04)  /* bit 5 */
+#define MBEDTLS_X509_NS_CERT_TYPE_EMAIL_CA           (0x02)  /* bit 6 */
+#define MBEDTLS_X509_NS_CERT_TYPE_OBJECT_SIGNING_CA  (0x01)  /* bit 7 */
+
+/*
+ * X.509 extension types
+ *
+ * Comments refer to the status for using certificates. Status can be
+ * different for writing certificates or reading CRLs or CSRs.
+ */
+#define MBEDTLS_X509_EXT_AUTHORITY_KEY_IDENTIFIER    (1 << 0)
+#define MBEDTLS_X509_EXT_SUBJECT_KEY_IDENTIFIER      (1 << 1)
+#define MBEDTLS_X509_EXT_KEY_USAGE                   (1 << 2)
+#define MBEDTLS_X509_EXT_CERTIFICATE_POLICIES        (1 << 3)
+#define MBEDTLS_X509_EXT_POLICY_MAPPINGS             (1 << 4)
+#define MBEDTLS_X509_EXT_SUBJECT_ALT_NAME            (1 << 5)    /* Supported (DNS) */
+#define MBEDTLS_X509_EXT_ISSUER_ALT_NAME             (1 << 6)
+#define MBEDTLS_X509_EXT_SUBJECT_DIRECTORY_ATTRS     (1 << 7)
+#define MBEDTLS_X509_EXT_BASIC_CONSTRAINTS           (1 << 8)    /* Supported */
+#define MBEDTLS_X509_EXT_NAME_CONSTRAINTS            (1 << 9)
+#define MBEDTLS_X509_EXT_POLICY_CONSTRAINTS          (1 << 10)
+#define MBEDTLS_X509_EXT_EXTENDED_KEY_USAGE          (1 << 11)
+#define MBEDTLS_X509_EXT_CRL_DISTRIBUTION_POINTS     (1 << 12)
+#define MBEDTLS_X509_EXT_INIHIBIT_ANYPOLICY          (1 << 13)
+#define MBEDTLS_X509_EXT_FRESHEST_CRL                (1 << 14)
+
+#define MBEDTLS_X509_EXT_NS_CERT_TYPE                (1 << 16)   /* Parsed (and then ?) */
+
+/*
+ * Storage format identifiers
+ * Recognized formats: PEM and DER
+ */
+#define MBEDTLS_X509_FORMAT_DER                 1
+#define MBEDTLS_X509_FORMAT_PEM                 2
+
+#define MBEDTLS_X509_MAX_DN_NAME_SIZE         256 /**< Maximum value size of a DN entry */
+
+#ifdef __cplusplus
+extern "C" {
+#endif
+
+/**
+ * \addtogroup x509_module
+ * \{ */
+
+/**
+ * \name Structures for parsing X.509 certificates, CRLs and CSRs
+ * \{
+ */
+
+/**
+ * Type-length-value structure that allows for ASN1 using DER.
+ */
+typedef mbedtls_asn1_buf mbedtls_x509_buf;
+
+/**
+ * Container for ASN1 bit strings.
+ */
+typedef mbedtls_asn1_bitstring mbedtls_x509_bitstring;
+
+/**
+ * Container for ASN1 named information objects.
+ * It allows for Relative Distinguished Names (e.g. cn=localhost,ou=code,etc.).
+ */
+typedef mbedtls_asn1_named_data mbedtls_x509_name;
+
+/**
+ * Container for a sequence of ASN.1 items
+ */
+typedef mbedtls_asn1_sequence mbedtls_x509_sequence;
+
+/** Container for date and time (precision in seconds). */
+typedef struct mbedtls_x509_time
+{
+    int year, mon, day;         /**< Date. */
+    int hour, min, sec;         /**< Time. */
+}
+mbedtls_x509_time;
+
+/** \} name Structures for parsing X.509 certificates, CRLs and CSRs */
+/** \} addtogroup x509_module */
+
+/**
+ * \brief          Store the certificate DN in printable form into buf;
+ *                 no more than size characters will be written.
+ *
+ * \param buf      Buffer to write to
+ * \param size     Maximum size of buffer
+ * \param dn       The X509 name to represent
+ *
+ * \return         The length of the string written (not including the
+ *                 terminated nul byte), or a negative error code.
+ */
+int mbedtls_x509_dn_gets( char *buf, size_t size, const mbedtls_x509_name *dn );
+
+/**
+ * \brief          Store the certificate serial in printable form into buf;
+ *                 no more than size characters will be written.
+ *
+ * \param buf      Buffer to write to
+ * \param size     Maximum size of buffer
+ * \param serial   The X509 serial to represent
+ *
+ * \return         The length of the string written (not including the
+ *                 terminated nul byte), or a negative error code.
+ */
+int mbedtls_x509_serial_gets( char *buf, size_t size, const mbedtls_x509_buf *serial );
+
+/**
+ * \brief          Check a given mbedtls_x509_time against the system time
+ *                 and tell if it's in the past.
+ *
+ * \note           Intended usage is "if( is_past( valid_to ) ) ERROR".
+ *                 Hence the return value of 1 if on internal errors.
+ *
+ * \param time     mbedtls_x509_time to check
+ *
+ * \return         1 if the given time is in the past or an error occured,
+ *                 0 otherwise.
+ */
+int mbedtls_x509_time_is_past( const mbedtls_x509_time *time );
+
+/**
+ * \brief          Check a given mbedtls_x509_time against the system time
+ *                 and tell if it's in the future.
+ *
+ * \note           Intended usage is "if( is_future( valid_from ) ) ERROR".
+ *                 Hence the return value of 1 if on internal errors.
+ *
+ * \param time     mbedtls_x509_time to check
+ *
+ * \return         1 if the given time is in the future or an error occured,
+ *                 0 otherwise.
+ */
+int mbedtls_x509_time_is_future( const mbedtls_x509_time *time );
+
+/**
+ * \brief          Checkup routine
+ *
+ * \return         0 if successful, or 1 if the test failed
+ */
+int mbedtls_x509_self_test( int verbose );
+
+/*
+ * Internal module functions. You probably do not want to use these unless you
+ * know you do.
+ */
+int mbedtls_x509_get_name( unsigned char **p, const unsigned char *end,
+                   mbedtls_x509_name *cur );
+int mbedtls_x509_get_alg_null( unsigned char **p, const unsigned char *end,
+                       mbedtls_x509_buf *alg );
+int mbedtls_x509_get_alg( unsigned char **p, const unsigned char *end,
+                  mbedtls_x509_buf *alg, mbedtls_x509_buf *params );
+#if defined(MBEDTLS_X509_RSASSA_PSS_SUPPORT)
+int mbedtls_x509_get_rsassa_pss_params( const mbedtls_x509_buf *params,
+                                mbedtls_md_type_t *md_alg, mbedtls_md_type_t *mgf_md,
+                                int *salt_len );
+#endif
+int mbedtls_x509_get_sig( unsigned char **p, const unsigned char *end, mbedtls_x509_buf *sig );
+int mbedtls_x509_get_sig_alg( const mbedtls_x509_buf *sig_oid, const mbedtls_x509_buf *sig_params,
+                      mbedtls_md_type_t *md_alg, mbedtls_pk_type_t *pk_alg,
+                      void **sig_opts );
+int mbedtls_x509_get_time( unsigned char **p, const unsigned char *end,
+                   mbedtls_x509_time *time );
+int mbedtls_x509_get_serial( unsigned char **p, const unsigned char *end,
+                     mbedtls_x509_buf *serial );
+int mbedtls_x509_get_ext( unsigned char **p, const unsigned char *end,
+                  mbedtls_x509_buf *ext, int tag );
+int mbedtls_x509_sig_alg_gets( char *buf, size_t size, const mbedtls_x509_buf *sig_oid,
+                       mbedtls_pk_type_t pk_alg, mbedtls_md_type_t md_alg,
+                       const void *sig_opts );
+int mbedtls_x509_key_size_helper( char *buf, size_t buf_size, const char *name );
+int mbedtls_x509_string_to_names( mbedtls_asn1_named_data **head, const char *name );
+int mbedtls_x509_set_extension( mbedtls_asn1_named_data **head, const char *oid, size_t oid_len,
+                        int critical, const unsigned char *val,
+                        size_t val_len );
+int mbedtls_x509_write_extensions( unsigned char **p, unsigned char *start,
+                           mbedtls_asn1_named_data *first );
+int mbedtls_x509_write_names( unsigned char **p, unsigned char *start,
+                      mbedtls_asn1_named_data *first );
+int mbedtls_x509_write_sig( unsigned char **p, unsigned char *start,
+                    const char *oid, size_t oid_len,
+                    unsigned char *sig, size_t size );
+
+#define MBEDTLS_X509_SAFE_SNPRINTF                          \
+    do {                                                    \
+        if( ret < 0 || (size_t) ret >= n )                  \
+            return( MBEDTLS_ERR_X509_BUFFER_TOO_SMALL );    \
+                                                            \
+        n -= (size_t) ret;                                  \
+        p += (size_t) ret;                                  \
+    } while( 0 )
+
+#ifdef __cplusplus
+}
+#endif
+
+#endif /* x509.h */
diff --git a/client/3rd/ShadowSocks/ShadowSocks/mbedtls/include/x509_crl.h b/client/3rd/ShadowSocks/ShadowSocks/mbedtls/include/x509_crl.h
new file mode 100644
index 00000000..c50c4efc
--- /dev/null
+++ b/client/3rd/ShadowSocks/ShadowSocks/mbedtls/include/x509_crl.h
@@ -0,0 +1,172 @@
+/**
+ * \file mbedtls_x509_crl.h
+ *
+ * \brief X.509 certificate revocation list parsing
+ *
+ *  Copyright (C) 2006-2015, ARM Limited, All Rights Reserved
+ *  SPDX-License-Identifier: Apache-2.0
+ *
+ *  Licensed under the Apache License, Version 2.0 (the "License"); you may
+ *  not use this file except in compliance with the License.
+ *  You may obtain a copy of the License at
+ *
+ *  http://www.apache.org/licenses/LICENSE-2.0
+ *
+ *  Unless required by applicable law or agreed to in writing, software
+ *  distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
+ *  WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ *  See the License for the specific language governing permissions and
+ *  limitations under the License.
+ *
+ *  This file is part of mbed TLS (https://tls.mbed.org)
+ */
+#ifndef MBEDTLS_X509_CRL_H
+#define MBEDTLS_X509_CRL_H
+
+#if !defined(MBEDTLS_CONFIG_FILE)
+#include "config.h"
+#else
+#include MBEDTLS_CONFIG_FILE
+#endif
+
+#include "x509.h"
+
+#ifdef __cplusplus
+extern "C" {
+#endif
+
+/**
+ * \addtogroup x509_module
+ * \{ */
+
+/**
+ * \name Structures and functions for parsing CRLs
+ * \{
+ */
+
+/**
+ * Certificate revocation list entry.
+ * Contains the CA-specific serial numbers and revocation dates.
+ */
+typedef struct mbedtls_x509_crl_entry
+{
+    mbedtls_x509_buf raw;
+
+    mbedtls_x509_buf serial;
+
+    mbedtls_x509_time revocation_date;
+
+    mbedtls_x509_buf entry_ext;
+
+    struct mbedtls_x509_crl_entry *next;
+}
+mbedtls_x509_crl_entry;
+
+/**
+ * Certificate revocation list structure.
+ * Every CRL may have multiple entries.
+ */
+typedef struct mbedtls_x509_crl
+{
+    mbedtls_x509_buf raw;           /**< The raw certificate data (DER). */
+    mbedtls_x509_buf tbs;           /**< The raw certificate body (DER). The part that is To Be Signed. */
+
+    int version;            /**< CRL version (1=v1, 2=v2) */
+    mbedtls_x509_buf sig_oid;       /**< CRL signature type identifier */
+
+    mbedtls_x509_buf issuer_raw;    /**< The raw issuer data (DER). */
+
+    mbedtls_x509_name issuer;       /**< The parsed issuer data (named information object). */
+
+    mbedtls_x509_time this_update;
+    mbedtls_x509_time next_update;
+
+    mbedtls_x509_crl_entry entry;   /**< The CRL entries containing the certificate revocation times for this CA. */
+
+    mbedtls_x509_buf crl_ext;
+
+    mbedtls_x509_buf sig_oid2;
+    mbedtls_x509_buf sig;
+    mbedtls_md_type_t sig_md;           /**< Internal representation of the MD algorithm of the signature algorithm, e.g. MBEDTLS_MD_SHA256 */
+    mbedtls_pk_type_t sig_pk;           /**< Internal representation of the Public Key algorithm of the signature algorithm, e.g. MBEDTLS_PK_RSA */
+    void *sig_opts;             /**< Signature options to be passed to mbedtls_pk_verify_ext(), e.g. for RSASSA-PSS */
+
+    struct mbedtls_x509_crl *next;
+}
+mbedtls_x509_crl;
+
+/**
+ * \brief          Parse a DER-encoded CRL and append it to the chained list
+ *
+ * \param chain    points to the start of the chain
+ * \param buf      buffer holding the CRL data in DER format
+ *                 (including the terminating null byte for PEM data)
+ *
+ * \return         0 if successful, or a specific X509 or PEM error code
+ */
+int mbedtls_x509_crl_parse_der( mbedtls_x509_crl *chain,
+                        const unsigned char *buf, size_t buflen );
+/**
+ * \brief          Parse one or more CRLs and append them to the chained list
+ *
+ * \note           Mutliple CRLs are accepted only if using PEM format
+ *
+ * \param chain    points to the start of the chain
+ * \param buf      buffer holding the CRL data in PEM or DER format
+ * \param buflen   size of the buffer
+ *                 (including the terminating null byte for PEM data)
+ *
+ * \return         0 if successful, or a specific X509 or PEM error code
+ */
+int mbedtls_x509_crl_parse( mbedtls_x509_crl *chain, const unsigned char *buf, size_t buflen );
+
+#if defined(MBEDTLS_FS_IO)
+/**
+ * \brief          Load one or more CRLs and append them to the chained list
+ *
+ * \note           Mutliple CRLs are accepted only if using PEM format
+ *
+ * \param chain    points to the start of the chain
+ * \param path     filename to read the CRLs from (in PEM or DER encoding)
+ *
+ * \return         0 if successful, or a specific X509 or PEM error code
+ */
+int mbedtls_x509_crl_parse_file( mbedtls_x509_crl *chain, const char *path );
+#endif /* MBEDTLS_FS_IO */
+
+/**
+ * \brief          Returns an informational string about the CRL.
+ *
+ * \param buf      Buffer to write to
+ * \param size     Maximum size of buffer
+ * \param prefix   A line prefix
+ * \param crl      The X509 CRL to represent
+ *
+ * \return         The length of the string written (not including the
+ *                 terminated nul byte), or a negative error code.
+ */
+int mbedtls_x509_crl_info( char *buf, size_t size, const char *prefix,
+                   const mbedtls_x509_crl *crl );
+
+/**
+ * \brief          Initialize a CRL (chain)
+ *
+ * \param crl      CRL chain to initialize
+ */
+void mbedtls_x509_crl_init( mbedtls_x509_crl *crl );
+
+/**
+ * \brief          Unallocate all CRL data
+ *
+ * \param crl      CRL chain to free
+ */
+void mbedtls_x509_crl_free( mbedtls_x509_crl *crl );
+
+/* \} name */
+/* \} addtogroup x509_module */
+
+#ifdef __cplusplus
+}
+#endif
+
+#endif /* mbedtls_x509_crl.h */
diff --git a/client/3rd/ShadowSocks/ShadowSocks/mbedtls/include/x509_crt.h b/client/3rd/ShadowSocks/ShadowSocks/mbedtls/include/x509_crt.h
new file mode 100644
index 00000000..72b02ffd
--- /dev/null
+++ b/client/3rd/ShadowSocks/ShadowSocks/mbedtls/include/x509_crt.h
@@ -0,0 +1,645 @@
+/**
+ * \file mbedtls_x509_crt.h
+ *
+ * \brief X.509 certificate parsing and writing
+ *
+ *  Copyright (C) 2006-2015, ARM Limited, All Rights Reserved
+ *  SPDX-License-Identifier: Apache-2.0
+ *
+ *  Licensed under the Apache License, Version 2.0 (the "License"); you may
+ *  not use this file except in compliance with the License.
+ *  You may obtain a copy of the License at
+ *
+ *  http://www.apache.org/licenses/LICENSE-2.0
+ *
+ *  Unless required by applicable law or agreed to in writing, software
+ *  distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
+ *  WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ *  See the License for the specific language governing permissions and
+ *  limitations under the License.
+ *
+ *  This file is part of mbed TLS (https://tls.mbed.org)
+ */
+#ifndef MBEDTLS_X509_CRT_H
+#define MBEDTLS_X509_CRT_H
+
+#if !defined(MBEDTLS_CONFIG_FILE)
+#include "config.h"
+#else
+#include MBEDTLS_CONFIG_FILE
+#endif
+
+#include "x509.h"
+#include "x509_crl.h"
+
+/**
+ * \addtogroup x509_module
+ * \{
+ */
+
+#ifdef __cplusplus
+extern "C" {
+#endif
+
+/**
+ * \name Structures and functions for parsing and writing X.509 certificates
+ * \{
+ */
+
+/**
+ * Container for an X.509 certificate. The certificate may be chained.
+ */
+typedef struct mbedtls_x509_crt
+{
+    mbedtls_x509_buf raw;               /**< The raw certificate data (DER). */
+    mbedtls_x509_buf tbs;               /**< The raw certificate body (DER). The part that is To Be Signed. */
+
+    int version;                /**< The X.509 version. (1=v1, 2=v2, 3=v3) */
+    mbedtls_x509_buf serial;            /**< Unique id for certificate issued by a specific CA. */
+    mbedtls_x509_buf sig_oid;           /**< Signature algorithm, e.g. sha1RSA */
+
+    mbedtls_x509_buf issuer_raw;        /**< The raw issuer data (DER). Used for quick comparison. */
+    mbedtls_x509_buf subject_raw;       /**< The raw subject data (DER). Used for quick comparison. */
+
+    mbedtls_x509_name issuer;           /**< The parsed issuer data (named information object). */
+    mbedtls_x509_name subject;          /**< The parsed subject data (named information object). */
+
+    mbedtls_x509_time valid_from;       /**< Start time of certificate validity. */
+    mbedtls_x509_time valid_to;         /**< End time of certificate validity. */
+
+    mbedtls_pk_context pk;              /**< Container for the public key context. */
+
+    mbedtls_x509_buf issuer_id;         /**< Optional X.509 v2/v3 issuer unique identifier. */
+    mbedtls_x509_buf subject_id;        /**< Optional X.509 v2/v3 subject unique identifier. */
+    mbedtls_x509_buf v3_ext;            /**< Optional X.509 v3 extensions.  */
+    mbedtls_x509_sequence subject_alt_names;    /**< Optional list of Subject Alternative Names (Only dNSName supported). */
+
+    int ext_types;              /**< Bit string containing detected and parsed extensions */
+    int ca_istrue;              /**< Optional Basic Constraint extension value: 1 if this certificate belongs to a CA, 0 otherwise. */
+    int max_pathlen;            /**< Optional Basic Constraint extension value: The maximum path length to the root certificate. Path length is 1 higher than RFC 5280 'meaning', so 1+ */
+
+    unsigned int key_usage;     /**< Optional key usage extension value: See the values in x509.h */
+
+    mbedtls_x509_sequence ext_key_usage; /**< Optional list of extended key usage OIDs. */
+
+    unsigned char ns_cert_type; /**< Optional Netscape certificate type extension value: See the values in x509.h */
+
+    mbedtls_x509_buf sig;               /**< Signature: hash of the tbs part signed with the private key. */
+    mbedtls_md_type_t sig_md;           /**< Internal representation of the MD algorithm of the signature algorithm, e.g. MBEDTLS_MD_SHA256 */
+    mbedtls_pk_type_t sig_pk;           /**< Internal representation of the Public Key algorithm of the signature algorithm, e.g. MBEDTLS_PK_RSA */
+    void *sig_opts;             /**< Signature options to be passed to mbedtls_pk_verify_ext(), e.g. for RSASSA-PSS */
+
+    struct mbedtls_x509_crt *next;     /**< Next certificate in the CA-chain. */
+}
+mbedtls_x509_crt;
+
+/**
+ * Build flag from an algorithm/curve identifier (pk, md, ecp)
+ * Since 0 is always XXX_NONE, ignore it.
+ */
+#define MBEDTLS_X509_ID_FLAG( id )   ( 1 << ( id - 1 ) )
+
+/**
+ * Security profile for certificate verification.
+ *
+ * All lists are bitfields, built by ORing flags from MBEDTLS_X509_ID_FLAG().
+ */
+typedef struct
+{
+    uint32_t allowed_mds;       /**< MDs for signatures         */
+    uint32_t allowed_pks;       /**< PK algs for signatures     */
+    uint32_t allowed_curves;    /**< Elliptic curves for ECDSA  */
+    uint32_t rsa_min_bitlen;    /**< Minimum size for RSA keys  */
+}
+mbedtls_x509_crt_profile;
+
+#define MBEDTLS_X509_CRT_VERSION_1              0
+#define MBEDTLS_X509_CRT_VERSION_2              1
+#define MBEDTLS_X509_CRT_VERSION_3              2
+
+#define MBEDTLS_X509_RFC5280_MAX_SERIAL_LEN 32
+#define MBEDTLS_X509_RFC5280_UTC_TIME_LEN   15
+
+/**
+ * Container for writing a certificate (CRT)
+ */
+typedef struct mbedtls_x509write_cert
+{
+    int version;
+    mbedtls_mpi serial;
+    mbedtls_pk_context *subject_key;
+    mbedtls_pk_context *issuer_key;
+    mbedtls_asn1_named_data *subject;
+    mbedtls_asn1_named_data *issuer;
+    mbedtls_md_type_t md_alg;
+    char not_before[MBEDTLS_X509_RFC5280_UTC_TIME_LEN + 1];
+    char not_after[MBEDTLS_X509_RFC5280_UTC_TIME_LEN + 1];
+    mbedtls_asn1_named_data *extensions;
+}
+mbedtls_x509write_cert;
+
+#if defined(MBEDTLS_X509_CRT_PARSE_C)
+/**
+ * Default security profile. Should provide a good balance between security
+ * and compatibility with current deployments.
+ */
+extern const mbedtls_x509_crt_profile mbedtls_x509_crt_profile_default;
+
+/**
+ * Expected next default profile. Recommended for new deployments.
+ * Currently targets a 128-bit security level, except for RSA-2048.
+ */
+extern const mbedtls_x509_crt_profile mbedtls_x509_crt_profile_next;
+
+/**
+ * NSA Suite B profile.
+ */
+extern const mbedtls_x509_crt_profile mbedtls_x509_crt_profile_suiteb;
+
+/**
+ * \brief          Parse a single DER formatted certificate and add it
+ *                 to the chained list.
+ *
+ * \param chain    points to the start of the chain
+ * \param buf      buffer holding the certificate DER data
+ * \param buflen   size of the buffer
+ *
+ * \return         0 if successful, or a specific X509 or PEM error code
+ */
+int mbedtls_x509_crt_parse_der( mbedtls_x509_crt *chain, const unsigned char *buf,
+                        size_t buflen );
+
+/**
+ * \brief          Parse one or more certificates and add them
+ *                 to the chained list. Parses permissively. If some
+ *                 certificates can be parsed, the result is the number
+ *                 of failed certificates it encountered. If none complete
+ *                 correctly, the first error is returned.
+ *
+ * \param chain    points to the start of the chain
+ * \param buf      buffer holding the certificate data in PEM or DER format
+ * \param buflen   size of the buffer
+ *                 (including the terminating null byte for PEM data)
+ *
+ * \return         0 if all certificates parsed successfully, a positive number
+ *                 if partly successful or a specific X509 or PEM error code
+ */
+int mbedtls_x509_crt_parse( mbedtls_x509_crt *chain, const unsigned char *buf, size_t buflen );
+
+#if defined(MBEDTLS_FS_IO)
+/**
+ * \brief          Load one or more certificates and add them
+ *                 to the chained list. Parses permissively. If some
+ *                 certificates can be parsed, the result is the number
+ *                 of failed certificates it encountered. If none complete
+ *                 correctly, the first error is returned.
+ *
+ * \param chain    points to the start of the chain
+ * \param path     filename to read the certificates from
+ *
+ * \return         0 if all certificates parsed successfully, a positive number
+ *                 if partly successful or a specific X509 or PEM error code
+ */
+int mbedtls_x509_crt_parse_file( mbedtls_x509_crt *chain, const char *path );
+
+/**
+ * \brief          Load one or more certificate files from a path and add them
+ *                 to the chained list. Parses permissively. If some
+ *                 certificates can be parsed, the result is the number
+ *                 of failed certificates it encountered. If none complete
+ *                 correctly, the first error is returned.
+ *
+ * \param chain    points to the start of the chain
+ * \param path     directory / folder to read the certificate files from
+ *
+ * \return         0 if all certificates parsed successfully, a positive number
+ *                 if partly successful or a specific X509 or PEM error code
+ */
+int mbedtls_x509_crt_parse_path( mbedtls_x509_crt *chain, const char *path );
+#endif /* MBEDTLS_FS_IO */
+
+/**
+ * \brief          Returns an informational string about the
+ *                 certificate.
+ *
+ * \param buf      Buffer to write to
+ * \param size     Maximum size of buffer
+ * \param prefix   A line prefix
+ * \param crt      The X509 certificate to represent
+ *
+ * \return         The length of the string written (not including the
+ *                 terminated nul byte), or a negative error code.
+ */
+int mbedtls_x509_crt_info( char *buf, size_t size, const char *prefix,
+                   const mbedtls_x509_crt *crt );
+
+/**
+ * \brief          Returns an informational string about the
+ *                 verification status of a certificate.
+ *
+ * \param buf      Buffer to write to
+ * \param size     Maximum size of buffer
+ * \param prefix   A line prefix
+ * \param flags    Verification flags created by mbedtls_x509_crt_verify()
+ *
+ * \return         The length of the string written (not including the
+ *                 terminated nul byte), or a negative error code.
+ */
+int mbedtls_x509_crt_verify_info( char *buf, size_t size, const char *prefix,
+                          uint32_t flags );
+
+/**
+ * \brief          Verify the certificate signature
+ *
+ *                 The verify callback is a user-supplied callback that
+ *                 can clear / modify / add flags for a certificate. If set,
+ *                 the verification callback is called for each
+ *                 certificate in the chain (from the trust-ca down to the
+ *                 presented crt). The parameters for the callback are:
+ *                 (void *parameter, mbedtls_x509_crt *crt, int certificate_depth,
+ *                 int *flags). With the flags representing current flags for
+ *                 that specific certificate and the certificate depth from
+ *                 the bottom (Peer cert depth = 0).
+ *
+ *                 All flags left after returning from the callback
+ *                 are also returned to the application. The function should
+ *                 return 0 for anything but a fatal error.
+ *
+ * \note           In case verification failed, the results can be displayed
+ *                 using \c mbedtls_x509_crt_verify_info()
+ *
+ * \note           Same as \c mbedtls_x509_crt_verify_with_profile() with the
+ *                 default security profile.
+ *
+ * \param crt      a certificate to be verified
+ * \param trust_ca the trusted CA chain
+ * \param ca_crl   the CRL chain for trusted CA's
+ * \param cn       expected Common Name (can be set to
+ *                 NULL if the CN must not be verified)
+ * \param flags    result of the verification
+ * \param f_vrfy   verification function
+ * \param p_vrfy   verification parameter
+ *
+ * \return         0 if successful or MBEDTLS_ERR_X509_CERT_VERIFY_FAILED
+ *                 in which case *flags will have one or more
+ *                 MBEDTLS_X509_BADCERT_XXX or MBEDTLS_X509_BADCRL_XXX flags
+ *                 set,
+ *                 or another error in case of a fatal error encountered
+ *                 during the verification process.
+ */
+int mbedtls_x509_crt_verify( mbedtls_x509_crt *crt,
+                     mbedtls_x509_crt *trust_ca,
+                     mbedtls_x509_crl *ca_crl,
+                     const char *cn, uint32_t *flags,
+                     int (*f_vrfy)(void *, mbedtls_x509_crt *, int, uint32_t *),
+                     void *p_vrfy );
+
+/**
+ * \brief          Verify the certificate signature according to profile
+ *
+ * \note           Same as \c mbedtls_x509_crt_verify(), but with explicit
+ *                 security profile.
+ *
+ * \note           The restrictions on keys (RSA minimum size, allowed curves
+ *                 for ECDSA) only applys to (intermediate) CAs, not to the
+ *                 end-entity certificate.
+ *
+ * \param crt      a certificate to be verified
+ * \param trust_ca the trusted CA chain
+ * \param ca_crl   the CRL chain for trusted CA's
+ * \param profile  security profile for verification
+ * \param cn       expected Common Name (can be set to
+ *                 NULL if the CN must not be verified)
+ * \param flags    result of the verification
+ * \param f_vrfy   verification function
+ * \param p_vrfy   verification parameter
+ *
+ * \return         0 if successful or MBEDTLS_ERR_X509_CERT_VERIFY_FAILED
+ *                 in which case *flags will have one or more
+ *                 MBEDTLS_X509_BADCERT_XXX or MBEDTLS_X509_BADCRL_XXX flags
+ *                 set,
+ *                 or another error in case of a fatal error encountered
+ *                 during the verification process.
+ */
+int mbedtls_x509_crt_verify_with_profile( mbedtls_x509_crt *crt,
+                     mbedtls_x509_crt *trust_ca,
+                     mbedtls_x509_crl *ca_crl,
+                     const mbedtls_x509_crt_profile *profile,
+                     const char *cn, uint32_t *flags,
+                     int (*f_vrfy)(void *, mbedtls_x509_crt *, int, uint32_t *),
+                     void *p_vrfy );
+
+#if defined(MBEDTLS_X509_CHECK_KEY_USAGE)
+/**
+ * \brief          Check usage of certificate against keyUsage extension.
+ *
+ * \param crt      Leaf certificate used.
+ * \param usage    Intended usage(s) (eg MBEDTLS_X509_KU_KEY_ENCIPHERMENT
+ *                 before using the certificate to perform an RSA key
+ *                 exchange).
+ *
+ * \note           Except for decipherOnly and encipherOnly, a bit set in the
+ *                 usage argument means this bit MUST be set in the
+ *                 certificate. For decipherOnly and encipherOnly, it means
+ *                 that bit MAY be set.
+ *
+ * \return         0 is these uses of the certificate are allowed,
+ *                 MBEDTLS_ERR_X509_BAD_INPUT_DATA if the keyUsage extension
+ *                 is present but does not match the usage argument.
+ *
+ * \note           You should only call this function on leaf certificates, on
+ *                 (intermediate) CAs the keyUsage extension is automatically
+ *                 checked by \c mbedtls_x509_crt_verify().
+ */
+int mbedtls_x509_crt_check_key_usage( const mbedtls_x509_crt *crt,
+                                      unsigned int usage );
+#endif /* MBEDTLS_X509_CHECK_KEY_USAGE) */
+
+#if defined(MBEDTLS_X509_CHECK_EXTENDED_KEY_USAGE)
+/**
+ * \brief          Check usage of certificate against extentedJeyUsage.
+ *
+ * \param crt      Leaf certificate used.
+ * \param usage_oid Intended usage (eg MBEDTLS_OID_SERVER_AUTH or MBEDTLS_OID_CLIENT_AUTH).
+ * \param usage_len Length of usage_oid (eg given by MBEDTLS_OID_SIZE()).
+ *
+ * \return         0 if this use of the certificate is allowed,
+ *                 MBEDTLS_ERR_X509_BAD_INPUT_DATA if not.
+ *
+ * \note           Usually only makes sense on leaf certificates.
+ */
+int mbedtls_x509_crt_check_extended_key_usage( const mbedtls_x509_crt *crt,
+                                       const char *usage_oid,
+                                       size_t usage_len );
+#endif /* MBEDTLS_X509_CHECK_EXTENDED_KEY_USAGE) */
+
+#if defined(MBEDTLS_X509_CRL_PARSE_C)
+/**
+ * \brief          Verify the certificate revocation status
+ *
+ * \param crt      a certificate to be verified
+ * \param crl      the CRL to verify against
+ *
+ * \return         1 if the certificate is revoked, 0 otherwise
+ *
+ */
+int mbedtls_x509_crt_is_revoked( const mbedtls_x509_crt *crt, const mbedtls_x509_crl *crl );
+#endif /* MBEDTLS_X509_CRL_PARSE_C */
+
+/**
+ * \brief          Initialize a certificate (chain)
+ *
+ * \param crt      Certificate chain to initialize
+ */
+void mbedtls_x509_crt_init( mbedtls_x509_crt *crt );
+
+/**
+ * \brief          Unallocate all certificate data
+ *
+ * \param crt      Certificate chain to free
+ */
+void mbedtls_x509_crt_free( mbedtls_x509_crt *crt );
+#endif /* MBEDTLS_X509_CRT_PARSE_C */
+
+/* \} name */
+/* \} addtogroup x509_module */
+
+#if defined(MBEDTLS_X509_CRT_WRITE_C)
+/**
+ * \brief           Initialize a CRT writing context
+ *
+ * \param ctx       CRT context to initialize
+ */
+void mbedtls_x509write_crt_init( mbedtls_x509write_cert *ctx );
+
+/**
+ * \brief           Set the verion for a Certificate
+ *                  Default: MBEDTLS_X509_CRT_VERSION_3
+ *
+ * \param ctx       CRT context to use
+ * \param version   version to set (MBEDTLS_X509_CRT_VERSION_1, MBEDTLS_X509_CRT_VERSION_2 or
+ *                                  MBEDTLS_X509_CRT_VERSION_3)
+ */
+void mbedtls_x509write_crt_set_version( mbedtls_x509write_cert *ctx, int version );
+
+/**
+ * \brief           Set the serial number for a Certificate.
+ *
+ * \param ctx       CRT context to use
+ * \param serial    serial number to set
+ *
+ * \return          0 if successful
+ */
+int mbedtls_x509write_crt_set_serial( mbedtls_x509write_cert *ctx, const mbedtls_mpi *serial );
+
+/**
+ * \brief           Set the validity period for a Certificate
+ *                  Timestamps should be in string format for UTC timezone
+ *                  i.e. "YYYYMMDDhhmmss"
+ *                  e.g. "20131231235959" for December 31st 2013
+ *                       at 23:59:59
+ *
+ * \param ctx       CRT context to use
+ * \param not_before    not_before timestamp
+ * \param not_after     not_after timestamp
+ *
+ * \return          0 if timestamp was parsed successfully, or
+ *                  a specific error code
+ */
+int mbedtls_x509write_crt_set_validity( mbedtls_x509write_cert *ctx, const char *not_before,
+                                const char *not_after );
+
+/**
+ * \brief           Set the issuer name for a Certificate
+ *                  Issuer names should contain a comma-separated list
+ *                  of OID types and values:
+ *                  e.g. "C=UK,O=ARM,CN=mbed TLS CA"
+ *
+ * \param ctx           CRT context to use
+ * \param issuer_name   issuer name to set
+ *
+ * \return          0 if issuer name was parsed successfully, or
+ *                  a specific error code
+ */
+int mbedtls_x509write_crt_set_issuer_name( mbedtls_x509write_cert *ctx,
+                                   const char *issuer_name );
+
+/**
+ * \brief           Set the subject name for a Certificate
+ *                  Subject names should contain a comma-separated list
+ *                  of OID types and values:
+ *                  e.g. "C=UK,O=ARM,CN=mbed TLS Server 1"
+ *
+ * \param ctx           CRT context to use
+ * \param subject_name  subject name to set
+ *
+ * \return          0 if subject name was parsed successfully, or
+ *                  a specific error code
+ */
+int mbedtls_x509write_crt_set_subject_name( mbedtls_x509write_cert *ctx,
+                                    const char *subject_name );
+
+/**
+ * \brief           Set the subject public key for the certificate
+ *
+ * \param ctx       CRT context to use
+ * \param key       public key to include
+ */
+void mbedtls_x509write_crt_set_subject_key( mbedtls_x509write_cert *ctx, mbedtls_pk_context *key );
+
+/**
+ * \brief           Set the issuer key used for signing the certificate
+ *
+ * \param ctx       CRT context to use
+ * \param key       private key to sign with
+ */
+void mbedtls_x509write_crt_set_issuer_key( mbedtls_x509write_cert *ctx, mbedtls_pk_context *key );
+
+/**
+ * \brief           Set the MD algorithm to use for the signature
+ *                  (e.g. MBEDTLS_MD_SHA1)
+ *
+ * \param ctx       CRT context to use
+ * \param md_alg    MD algorithm to use
+ */
+void mbedtls_x509write_crt_set_md_alg( mbedtls_x509write_cert *ctx, mbedtls_md_type_t md_alg );
+
+/**
+ * \brief           Generic function to add to or replace an extension in the
+ *                  CRT
+ *
+ * \param ctx       CRT context to use
+ * \param oid       OID of the extension
+ * \param oid_len   length of the OID
+ * \param critical  if the extension is critical (per the RFC's definition)
+ * \param val       value of the extension OCTET STRING
+ * \param val_len   length of the value data
+ *
+ * \return          0 if successful, or a MBEDTLS_ERR_X509_ALLOC_FAILED
+ */
+int mbedtls_x509write_crt_set_extension( mbedtls_x509write_cert *ctx,
+                                 const char *oid, size_t oid_len,
+                                 int critical,
+                                 const unsigned char *val, size_t val_len );
+
+/**
+ * \brief           Set the basicConstraints extension for a CRT
+ *
+ * \param ctx       CRT context to use
+ * \param is_ca     is this a CA certificate
+ * \param max_pathlen   maximum length of certificate chains below this
+ *                      certificate (only for CA certificates, -1 is
+ *                      inlimited)
+ *
+ * \return          0 if successful, or a MBEDTLS_ERR_X509_ALLOC_FAILED
+ */
+int mbedtls_x509write_crt_set_basic_constraints( mbedtls_x509write_cert *ctx,
+                                         int is_ca, int max_pathlen );
+
+#if defined(MBEDTLS_SHA1_C)
+/**
+ * \brief           Set the subjectKeyIdentifier extension for a CRT
+ *                  Requires that mbedtls_x509write_crt_set_subject_key() has been
+ *                  called before
+ *
+ * \param ctx       CRT context to use
+ *
+ * \return          0 if successful, or a MBEDTLS_ERR_X509_ALLOC_FAILED
+ */
+int mbedtls_x509write_crt_set_subject_key_identifier( mbedtls_x509write_cert *ctx );
+
+/**
+ * \brief           Set the authorityKeyIdentifier extension for a CRT
+ *                  Requires that mbedtls_x509write_crt_set_issuer_key() has been
+ *                  called before
+ *
+ * \param ctx       CRT context to use
+ *
+ * \return          0 if successful, or a MBEDTLS_ERR_X509_ALLOC_FAILED
+ */
+int mbedtls_x509write_crt_set_authority_key_identifier( mbedtls_x509write_cert *ctx );
+#endif /* MBEDTLS_SHA1_C */
+
+/**
+ * \brief           Set the Key Usage Extension flags
+ *                  (e.g. MBEDTLS_X509_KU_DIGITAL_SIGNATURE | MBEDTLS_X509_KU_KEY_CERT_SIGN)
+ *
+ * \param ctx       CRT context to use
+ * \param key_usage key usage flags to set
+ *
+ * \return          0 if successful, or MBEDTLS_ERR_X509_ALLOC_FAILED
+ */
+int mbedtls_x509write_crt_set_key_usage( mbedtls_x509write_cert *ctx,
+                                         unsigned int key_usage );
+
+/**
+ * \brief           Set the Netscape Cert Type flags
+ *                  (e.g. MBEDTLS_X509_NS_CERT_TYPE_SSL_CLIENT | MBEDTLS_X509_NS_CERT_TYPE_EMAIL)
+ *
+ * \param ctx           CRT context to use
+ * \param ns_cert_type  Netscape Cert Type flags to set
+ *
+ * \return          0 if successful, or MBEDTLS_ERR_X509_ALLOC_FAILED
+ */
+int mbedtls_x509write_crt_set_ns_cert_type( mbedtls_x509write_cert *ctx,
+                                    unsigned char ns_cert_type );
+
+/**
+ * \brief           Free the contents of a CRT write context
+ *
+ * \param ctx       CRT context to free
+ */
+void mbedtls_x509write_crt_free( mbedtls_x509write_cert *ctx );
+
+/**
+ * \brief           Write a built up certificate to a X509 DER structure
+ *                  Note: data is written at the end of the buffer! Use the
+ *                        return value to determine where you should start
+ *                        using the buffer
+ *
+ * \param ctx       certificate to write away
+ * \param buf       buffer to write to
+ * \param size      size of the buffer
+ * \param f_rng     RNG function (for signature, see note)
+ * \param p_rng     RNG parameter
+ *
+ * \return          length of data written if successful, or a specific
+ *                  error code
+ *
+ * \note            f_rng may be NULL if RSA is used for signature and the
+ *                  signature is made offline (otherwise f_rng is desirable
+ *                  for countermeasures against timing attacks).
+ *                  ECDSA signatures always require a non-NULL f_rng.
+ */
+int mbedtls_x509write_crt_der( mbedtls_x509write_cert *ctx, unsigned char *buf, size_t size,
+                       int (*f_rng)(void *, unsigned char *, size_t),
+                       void *p_rng );
+
+#if defined(MBEDTLS_PEM_WRITE_C)
+/**
+ * \brief           Write a built up certificate to a X509 PEM string
+ *
+ * \param ctx       certificate to write away
+ * \param buf       buffer to write to
+ * \param size      size of the buffer
+ * \param f_rng     RNG function (for signature, see note)
+ * \param p_rng     RNG parameter
+ *
+ * \return          0 if successful, or a specific error code
+ *
+ * \note            f_rng may be NULL if RSA is used for signature and the
+ *                  signature is made offline (otherwise f_rng is desirable
+ *                  for countermeasures against timing attacks).
+ *                  ECDSA signatures always require a non-NULL f_rng.
+ */
+int mbedtls_x509write_crt_pem( mbedtls_x509write_cert *ctx, unsigned char *buf, size_t size,
+                       int (*f_rng)(void *, unsigned char *, size_t),
+                       void *p_rng );
+#endif /* MBEDTLS_PEM_WRITE_C */
+#endif /* MBEDTLS_X509_CRT_WRITE_C */
+
+#ifdef __cplusplus
+}
+#endif
+
+#endif /* mbedtls_x509_crt.h */
diff --git a/client/3rd/ShadowSocks/ShadowSocks/mbedtls/include/x509_csr.h b/client/3rd/ShadowSocks/ShadowSocks/mbedtls/include/x509_csr.h
new file mode 100644
index 00000000..98c75bcf
--- /dev/null
+++ b/client/3rd/ShadowSocks/ShadowSocks/mbedtls/include/x509_csr.h
@@ -0,0 +1,292 @@
+/**
+ * \file mbedtls_x509_csr.h
+ *
+ * \brief X.509 certificate signing request parsing and writing
+ *
+ *  Copyright (C) 2006-2015, ARM Limited, All Rights Reserved
+ *  SPDX-License-Identifier: Apache-2.0
+ *
+ *  Licensed under the Apache License, Version 2.0 (the "License"); you may
+ *  not use this file except in compliance with the License.
+ *  You may obtain a copy of the License at
+ *
+ *  http://www.apache.org/licenses/LICENSE-2.0
+ *
+ *  Unless required by applicable law or agreed to in writing, software
+ *  distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
+ *  WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ *  See the License for the specific language governing permissions and
+ *  limitations under the License.
+ *
+ *  This file is part of mbed TLS (https://tls.mbed.org)
+ */
+#ifndef MBEDTLS_X509_CSR_H
+#define MBEDTLS_X509_CSR_H
+
+#if !defined(MBEDTLS_CONFIG_FILE)
+#include "config.h"
+#else
+#include MBEDTLS_CONFIG_FILE
+#endif
+
+#include "x509.h"
+
+#ifdef __cplusplus
+extern "C" {
+#endif
+
+/**
+ * \addtogroup x509_module
+ * \{ */
+
+/**
+ * \name Structures and functions for X.509 Certificate Signing Requests (CSR)
+ * \{
+ */
+
+/**
+ * Certificate Signing Request (CSR) structure.
+ */
+typedef struct mbedtls_x509_csr
+{
+    mbedtls_x509_buf raw;           /**< The raw CSR data (DER). */
+    mbedtls_x509_buf cri;           /**< The raw CertificateRequestInfo body (DER). */
+
+    int version;            /**< CSR version (1=v1). */
+
+    mbedtls_x509_buf  subject_raw;  /**< The raw subject data (DER). */
+    mbedtls_x509_name subject;      /**< The parsed subject data (named information object). */
+
+    mbedtls_pk_context pk;          /**< Container for the public key context. */
+
+    mbedtls_x509_buf sig_oid;
+    mbedtls_x509_buf sig;
+    mbedtls_md_type_t sig_md;       /**< Internal representation of the MD algorithm of the signature algorithm, e.g. MBEDTLS_MD_SHA256 */
+    mbedtls_pk_type_t sig_pk;       /**< Internal representation of the Public Key algorithm of the signature algorithm, e.g. MBEDTLS_PK_RSA */
+    void *sig_opts;         /**< Signature options to be passed to mbedtls_pk_verify_ext(), e.g. for RSASSA-PSS */
+}
+mbedtls_x509_csr;
+
+/**
+ * Container for writing a CSR
+ */
+typedef struct mbedtls_x509write_csr
+{
+    mbedtls_pk_context *key;
+    mbedtls_asn1_named_data *subject;
+    mbedtls_md_type_t md_alg;
+    mbedtls_asn1_named_data *extensions;
+}
+mbedtls_x509write_csr;
+
+#if defined(MBEDTLS_X509_CSR_PARSE_C)
+/**
+ * \brief          Load a Certificate Signing Request (CSR) in DER format
+ *
+ * \param csr      CSR context to fill
+ * \param buf      buffer holding the CRL data
+ * \param buflen   size of the buffer
+ *
+ * \return         0 if successful, or a specific X509 error code
+ */
+int mbedtls_x509_csr_parse_der( mbedtls_x509_csr *csr,
+                        const unsigned char *buf, size_t buflen );
+
+/**
+ * \brief          Load a Certificate Signing Request (CSR), DER or PEM format
+ *
+ * \param csr      CSR context to fill
+ * \param buf      buffer holding the CRL data
+ * \param buflen   size of the buffer
+ *                 (including the terminating null byte for PEM data)
+ *
+ * \return         0 if successful, or a specific X509 or PEM error code
+ */
+int mbedtls_x509_csr_parse( mbedtls_x509_csr *csr, const unsigned char *buf, size_t buflen );
+
+#if defined(MBEDTLS_FS_IO)
+/**
+ * \brief          Load a Certificate Signing Request (CSR)
+ *
+ * \param csr      CSR context to fill
+ * \param path     filename to read the CSR from
+ *
+ * \return         0 if successful, or a specific X509 or PEM error code
+ */
+int mbedtls_x509_csr_parse_file( mbedtls_x509_csr *csr, const char *path );
+#endif /* MBEDTLS_FS_IO */
+
+/**
+ * \brief          Returns an informational string about the
+ *                 CSR.
+ *
+ * \param buf      Buffer to write to
+ * \param size     Maximum size of buffer
+ * \param prefix   A line prefix
+ * \param csr      The X509 CSR to represent
+ *
+ * \return         The length of the string written (not including the
+ *                 terminated nul byte), or a negative error code.
+ */
+int mbedtls_x509_csr_info( char *buf, size_t size, const char *prefix,
+                   const mbedtls_x509_csr *csr );
+
+/**
+ * \brief          Initialize a CSR
+ *
+ * \param csr      CSR to initialize
+ */
+void mbedtls_x509_csr_init( mbedtls_x509_csr *csr );
+
+/**
+ * \brief          Unallocate all CSR data
+ *
+ * \param csr      CSR to free
+ */
+void mbedtls_x509_csr_free( mbedtls_x509_csr *csr );
+#endif /* MBEDTLS_X509_CSR_PARSE_C */
+
+/* \} name */
+/* \} addtogroup x509_module */
+
+#if defined(MBEDTLS_X509_CSR_WRITE_C)
+/**
+ * \brief           Initialize a CSR context
+ *
+ * \param ctx       CSR context to initialize
+ */
+void mbedtls_x509write_csr_init( mbedtls_x509write_csr *ctx );
+
+/**
+ * \brief           Set the subject name for a CSR
+ *                  Subject names should contain a comma-separated list
+ *                  of OID types and values:
+ *                  e.g. "C=UK,O=ARM,CN=mbed TLS Server 1"
+ *
+ * \param ctx           CSR context to use
+ * \param subject_name  subject name to set
+ *
+ * \return          0 if subject name was parsed successfully, or
+ *                  a specific error code
+ */
+int mbedtls_x509write_csr_set_subject_name( mbedtls_x509write_csr *ctx,
+                                    const char *subject_name );
+
+/**
+ * \brief           Set the key for a CSR (public key will be included,
+ *                  private key used to sign the CSR when writing it)
+ *
+ * \param ctx       CSR context to use
+ * \param key       Asymetric key to include
+ */
+void mbedtls_x509write_csr_set_key( mbedtls_x509write_csr *ctx, mbedtls_pk_context *key );
+
+/**
+ * \brief           Set the MD algorithm to use for the signature
+ *                  (e.g. MBEDTLS_MD_SHA1)
+ *
+ * \param ctx       CSR context to use
+ * \param md_alg    MD algorithm to use
+ */
+void mbedtls_x509write_csr_set_md_alg( mbedtls_x509write_csr *ctx, mbedtls_md_type_t md_alg );
+
+/**
+ * \brief           Set the Key Usage Extension flags
+ *                  (e.g. MBEDTLS_X509_KU_DIGITAL_SIGNATURE | MBEDTLS_X509_KU_KEY_CERT_SIGN)
+ *
+ * \param ctx       CSR context to use
+ * \param key_usage key usage flags to set
+ *
+ * \return          0 if successful, or MBEDTLS_ERR_X509_ALLOC_FAILED
+ */
+int mbedtls_x509write_csr_set_key_usage( mbedtls_x509write_csr *ctx, unsigned char key_usage );
+
+/**
+ * \brief           Set the Netscape Cert Type flags
+ *                  (e.g. MBEDTLS_X509_NS_CERT_TYPE_SSL_CLIENT | MBEDTLS_X509_NS_CERT_TYPE_EMAIL)
+ *
+ * \param ctx           CSR context to use
+ * \param ns_cert_type  Netscape Cert Type flags to set
+ *
+ * \return          0 if successful, or MBEDTLS_ERR_X509_ALLOC_FAILED
+ */
+int mbedtls_x509write_csr_set_ns_cert_type( mbedtls_x509write_csr *ctx,
+                                    unsigned char ns_cert_type );
+
+/**
+ * \brief           Generic function to add to or replace an extension in the
+ *                  CSR
+ *
+ * \param ctx       CSR context to use
+ * \param oid       OID of the extension
+ * \param oid_len   length of the OID
+ * \param val       value of the extension OCTET STRING
+ * \param val_len   length of the value data
+ *
+ * \return          0 if successful, or a MBEDTLS_ERR_X509_ALLOC_FAILED
+ */
+int mbedtls_x509write_csr_set_extension( mbedtls_x509write_csr *ctx,
+                                 const char *oid, size_t oid_len,
+                                 const unsigned char *val, size_t val_len );
+
+/**
+ * \brief           Free the contents of a CSR context
+ *
+ * \param ctx       CSR context to free
+ */
+void mbedtls_x509write_csr_free( mbedtls_x509write_csr *ctx );
+
+/**
+ * \brief           Write a CSR (Certificate Signing Request) to a
+ *                  DER structure
+ *                  Note: data is written at the end of the buffer! Use the
+ *                        return value to determine where you should start
+ *                        using the buffer
+ *
+ * \param ctx       CSR to write away
+ * \param buf       buffer to write to
+ * \param size      size of the buffer
+ * \param f_rng     RNG function (for signature, see note)
+ * \param p_rng     RNG parameter
+ *
+ * \return          length of data written if successful, or a specific
+ *                  error code
+ *
+ * \note            f_rng may be NULL if RSA is used for signature and the
+ *                  signature is made offline (otherwise f_rng is desirable
+ *                  for countermeasures against timing attacks).
+ *                  ECDSA signatures always require a non-NULL f_rng.
+ */
+int mbedtls_x509write_csr_der( mbedtls_x509write_csr *ctx, unsigned char *buf, size_t size,
+                       int (*f_rng)(void *, unsigned char *, size_t),
+                       void *p_rng );
+
+#if defined(MBEDTLS_PEM_WRITE_C)
+/**
+ * \brief           Write a CSR (Certificate Signing Request) to a
+ *                  PEM string
+ *
+ * \param ctx       CSR to write away
+ * \param buf       buffer to write to
+ * \param size      size of the buffer
+ * \param f_rng     RNG function (for signature, see note)
+ * \param p_rng     RNG parameter
+ *
+ * \return          0 if successful, or a specific error code
+ *
+ * \note            f_rng may be NULL if RSA is used for signature and the
+ *                  signature is made offline (otherwise f_rng is desirable
+ *                  for couermeasures against timing attacks).
+ *                  ECDSA signatures always require a non-NULL f_rng.
+ */
+int mbedtls_x509write_csr_pem( mbedtls_x509write_csr *ctx, unsigned char *buf, size_t size,
+                       int (*f_rng)(void *, unsigned char *, size_t),
+                       void *p_rng );
+#endif /* MBEDTLS_PEM_WRITE_C */
+#endif /* MBEDTLS_X509_CSR_WRITE_C */
+
+#ifdef __cplusplus
+}
+#endif
+
+#endif /* mbedtls_x509_csr.h */
diff --git a/client/3rd/ShadowSocks/ShadowSocks/mbedtls/include/xtea.h b/client/3rd/ShadowSocks/ShadowSocks/mbedtls/include/xtea.h
new file mode 100644
index 00000000..b073f84e
--- /dev/null
+++ b/client/3rd/ShadowSocks/ShadowSocks/mbedtls/include/xtea.h
@@ -0,0 +1,139 @@
+/**
+ * \file xtea.h
+ *
+ * \brief XTEA block cipher (32-bit)
+ *
+ *  Copyright (C) 2006-2015, ARM Limited, All Rights Reserved
+ *  SPDX-License-Identifier: Apache-2.0
+ *
+ *  Licensed under the Apache License, Version 2.0 (the "License"); you may
+ *  not use this file except in compliance with the License.
+ *  You may obtain a copy of the License at
+ *
+ *  http://www.apache.org/licenses/LICENSE-2.0
+ *
+ *  Unless required by applicable law or agreed to in writing, software
+ *  distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
+ *  WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ *  See the License for the specific language governing permissions and
+ *  limitations under the License.
+ *
+ *  This file is part of mbed TLS (https://tls.mbed.org)
+ */
+#ifndef MBEDTLS_XTEA_H
+#define MBEDTLS_XTEA_H
+
+#if !defined(MBEDTLS_CONFIG_FILE)
+#include "config.h"
+#else
+#include MBEDTLS_CONFIG_FILE
+#endif
+
+#include <stddef.h>
+#include <stdint.h>
+
+#define MBEDTLS_XTEA_ENCRYPT     1
+#define MBEDTLS_XTEA_DECRYPT     0
+
+#define MBEDTLS_ERR_XTEA_INVALID_INPUT_LENGTH             -0x0028  /**< The data input has an invalid length. */
+
+#if !defined(MBEDTLS_XTEA_ALT)
+// Regular implementation
+//
+
+#ifdef __cplusplus
+extern "C" {
+#endif
+
+/**
+ * \brief          XTEA context structure
+ */
+typedef struct
+{
+    uint32_t k[4];       /*!< key */
+}
+mbedtls_xtea_context;
+
+/**
+ * \brief          Initialize XTEA context
+ *
+ * \param ctx      XTEA context to be initialized
+ */
+void mbedtls_xtea_init( mbedtls_xtea_context *ctx );
+
+/**
+ * \brief          Clear XTEA context
+ *
+ * \param ctx      XTEA context to be cleared
+ */
+void mbedtls_xtea_free( mbedtls_xtea_context *ctx );
+
+/**
+ * \brief          XTEA key schedule
+ *
+ * \param ctx      XTEA context to be initialized
+ * \param key      the secret key
+ */
+void mbedtls_xtea_setup( mbedtls_xtea_context *ctx, const unsigned char key[16] );
+
+/**
+ * \brief          XTEA cipher function
+ *
+ * \param ctx      XTEA context
+ * \param mode     MBEDTLS_XTEA_ENCRYPT or MBEDTLS_XTEA_DECRYPT
+ * \param input    8-byte input block
+ * \param output   8-byte output block
+ *
+ * \return         0 if successful
+ */
+int mbedtls_xtea_crypt_ecb( mbedtls_xtea_context *ctx,
+                    int mode,
+                    const unsigned char input[8],
+                    unsigned char output[8] );
+
+#if defined(MBEDTLS_CIPHER_MODE_CBC)
+/**
+ * \brief          XTEA CBC cipher function
+ *
+ * \param ctx      XTEA context
+ * \param mode     MBEDTLS_XTEA_ENCRYPT or MBEDTLS_XTEA_DECRYPT
+ * \param length   the length of input, multiple of 8
+ * \param iv       initialization vector for CBC mode
+ * \param input    input block
+ * \param output   output block
+ *
+ * \return         0 if successful,
+ *                 MBEDTLS_ERR_XTEA_INVALID_INPUT_LENGTH if the length % 8 != 0
+ */
+int mbedtls_xtea_crypt_cbc( mbedtls_xtea_context *ctx,
+                    int mode,
+                    size_t length,
+                    unsigned char iv[8],
+                    const unsigned char *input,
+                    unsigned char *output);
+#endif /* MBEDTLS_CIPHER_MODE_CBC */
+
+#ifdef __cplusplus
+}
+#endif
+
+#else  /* MBEDTLS_XTEA_ALT */
+#include "xtea_alt.h"
+#endif /* MBEDTLS_XTEA_ALT */
+
+#ifdef __cplusplus
+extern "C" {
+#endif
+
+/**
+ * \brief          Checkup routine
+ *
+ * \return         0 if successful, or 1 if the test failed
+ */
+int mbedtls_xtea_self_test( int verbose );
+
+#ifdef __cplusplus
+}
+#endif
+
+#endif /* xtea.h */
diff --git a/client/3rd/ShadowSocks/ShadowSocks/mbedtls/lib/libmbedcrypto.a b/client/3rd/ShadowSocks/ShadowSocks/mbedtls/lib/libmbedcrypto.a
new file mode 100644
index 00000000..720f8d17
Binary files /dev/null and b/client/3rd/ShadowSocks/ShadowSocks/mbedtls/lib/libmbedcrypto.a differ
diff --git a/client/3rd/ShadowSocks/ShadowSocks/mbedtls/lib/libmbedtls.a b/client/3rd/ShadowSocks/ShadowSocks/mbedtls/lib/libmbedtls.a
new file mode 100644
index 00000000..2d4517c1
Binary files /dev/null and b/client/3rd/ShadowSocks/ShadowSocks/mbedtls/lib/libmbedtls.a differ
diff --git a/client/3rd/ShadowSocks/ShadowSocks/mbedtls/lib/libmbedx509.a b/client/3rd/ShadowSocks/ShadowSocks/mbedtls/lib/libmbedx509.a
new file mode 100644
index 00000000..98c956ce
Binary files /dev/null and b/client/3rd/ShadowSocks/ShadowSocks/mbedtls/lib/libmbedx509.a differ
diff --git a/client/3rd/ShadowSocks/ShadowSocks/pcre/arm64/bin/pcre-config b/client/3rd/ShadowSocks/ShadowSocks/pcre/arm64/bin/pcre-config
new file mode 100755
index 00000000..adfbabda
--- /dev/null
+++ b/client/3rd/ShadowSocks/ShadowSocks/pcre/arm64/bin/pcre-config
@@ -0,0 +1,133 @@
+#!/bin/sh
+
+prefix=/Users/sanchez/work/vied/ios/vpn/playground/ss-libev-build/ShadowSocks-libev-iOS/ShadowSocks-libev-iOS/pcre/pcre/arm64
+exec_prefix=${prefix}
+exec_prefix_set=no
+
+cflags="[--cflags]"
+
+if test yes = yes ; then
+  libs="[--libs-cpp]"
+else
+  libs=
+fi
+
+if test no = yes ; then
+  libs="[--libs16] $libs"
+fi
+
+if test no = yes ; then
+  libs="[--libs32] $libs"
+fi
+
+if test yes = yes ; then
+  libs="[--libs] [--libs-posix] $libs"
+  cflags="$cflags [--cflags-posix]"
+fi
+
+usage="Usage: pcre-config [--prefix] [--exec-prefix] [--version] $libs $cflags"
+
+if test $# -eq 0; then
+      echo "${usage}" 1>&2
+      exit 1
+fi
+
+libR=
+case `uname -s` in
+  *SunOS*)
+  libR=" -R${exec_prefix}/lib"
+  ;;
+  *BSD*)
+  libR=" -Wl,-R${exec_prefix}/lib"
+  ;;
+esac
+
+libS=
+if test ${exec_prefix}/lib != /usr/lib ; then
+  libS=-L${exec_prefix}/lib
+fi
+
+while test $# -gt 0; do
+  case "$1" in
+  -*=*) optarg=`echo "$1" | sed 's/[-_a-zA-Z0-9]*=//'` ;;
+  *) optarg= ;;
+  esac
+
+  case $1 in
+    --prefix=*)
+      prefix=$optarg
+      if test $exec_prefix_set = no ; then
+        exec_prefix=$optarg
+      fi
+      ;;
+    --prefix)
+      echo $prefix
+      ;;
+    --exec-prefix=*)
+      exec_prefix=$optarg
+      exec_prefix_set=yes
+      ;;
+    --exec-prefix)
+      echo $exec_prefix
+      ;;
+    --version)
+      echo 8.41
+      ;;
+    --cflags)
+      if test ${prefix}/include != /usr/include ; then
+        includes=-I${prefix}/include
+      fi
+      echo $includes -DPCRE_STATIC
+      ;;
+    --cflags-posix)
+      if test yes = yes ; then
+        if test ${prefix}/include != /usr/include ; then
+          includes=-I${prefix}/include
+        fi
+        echo $includes -DPCRE_STATIC
+      else
+        echo "${usage}" 1>&2
+      fi
+      ;;
+    --libs-posix)
+      if test yes = yes ; then
+        echo $libS$libR -lpcreposix -lpcre
+      else
+        echo "${usage}" 1>&2
+      fi
+      ;;
+    --libs)
+      if test yes = yes ; then
+        echo $libS$libR -lpcre
+      else
+        echo "${usage}" 1>&2
+      fi
+      ;;
+    --libs16)
+      if test no = yes ; then
+        echo $libS$libR -lpcre16
+      else
+        echo "${usage}" 1>&2
+      fi
+      ;;
+    --libs32)
+      if test no = yes ; then
+        echo $libS$libR -lpcre32
+      else
+        echo "${usage}" 1>&2
+      fi
+      ;;
+    --libs-cpp)
+      if test yes = yes ; then
+        echo $libS$libR -lpcrecpp -lpcre
+      else
+        echo "${usage}" 1>&2
+      fi
+      ;;
+    *)
+      echo "${usage}" 1>&2
+      exit 1
+      ;;
+  esac
+  shift
+done
diff --git a/client/3rd/ShadowSocks/ShadowSocks/pcre/arm64/bin/pcregrep b/client/3rd/ShadowSocks/ShadowSocks/pcre/arm64/bin/pcregrep
new file mode 100755
index 00000000..66ec29a7
Binary files /dev/null and b/client/3rd/ShadowSocks/ShadowSocks/pcre/arm64/bin/pcregrep differ
diff --git a/client/3rd/ShadowSocks/ShadowSocks/pcre/arm64/bin/pcretest b/client/3rd/ShadowSocks/ShadowSocks/pcre/arm64/bin/pcretest
new file mode 100755
index 00000000..d64a816f
Binary files /dev/null and b/client/3rd/ShadowSocks/ShadowSocks/pcre/arm64/bin/pcretest differ
diff --git a/client/3rd/ShadowSocks/ShadowSocks/pcre/arm64/share/doc/pcre/AUTHORS b/client/3rd/ShadowSocks/ShadowSocks/pcre/arm64/share/doc/pcre/AUTHORS
new file mode 100644
index 00000000..291657ca
--- /dev/null
+++ b/client/3rd/ShadowSocks/ShadowSocks/pcre/arm64/share/doc/pcre/AUTHORS
@@ -0,0 +1,45 @@
+THE MAIN PCRE LIBRARY
+---------------------
+
+Written by:       Philip Hazel
+Email local part: ph10
+Email domain:     cam.ac.uk
+
+University of Cambridge Computing Service,
+Cambridge, England.
+
+Copyright (c) 1997-2017 University of Cambridge
+All rights reserved
+
+
+PCRE JUST-IN-TIME COMPILATION SUPPORT
+-------------------------------------
+
+Written by:       Zoltan Herczeg
+Email local part: hzmester
+Emain domain:     freemail.hu
+
+Copyright(c) 2010-2017 Zoltan Herczeg
+All rights reserved.
+
+
+STACK-LESS JUST-IN-TIME COMPILER
+--------------------------------
+
+Written by:       Zoltan Herczeg
+Email local part: hzmester
+Emain domain:     freemail.hu
+
+Copyright(c) 2009-2017 Zoltan Herczeg
+All rights reserved.
+
+
+THE C++ WRAPPER LIBRARY
+-----------------------
+
+Written by:       Google Inc.
+
+Copyright (c) 2007-2012 Google Inc
+All rights reserved
+
+####
diff --git a/client/3rd/ShadowSocks/ShadowSocks/pcre/arm64/share/doc/pcre/COPYING b/client/3rd/ShadowSocks/ShadowSocks/pcre/arm64/share/doc/pcre/COPYING
new file mode 100644
index 00000000..58eed01b
--- /dev/null
+++ b/client/3rd/ShadowSocks/ShadowSocks/pcre/arm64/share/doc/pcre/COPYING
@@ -0,0 +1,5 @@
+PCRE LICENCE
+
+Please see the file LICENCE in the PCRE distribution for licensing details.
+
+End
diff --git a/client/3rd/ShadowSocks/ShadowSocks/pcre/arm64/share/doc/pcre/ChangeLog b/client/3rd/ShadowSocks/ShadowSocks/pcre/arm64/share/doc/pcre/ChangeLog
new file mode 100644
index 00000000..590a7542
--- /dev/null
+++ b/client/3rd/ShadowSocks/ShadowSocks/pcre/arm64/share/doc/pcre/ChangeLog
@@ -0,0 +1,6104 @@
+ChangeLog for PCRE
+------------------
+
+Note that the PCRE 8.xx series (PCRE1) is now in a bugfix-only state. All
+development is happening in the PCRE2 10.xx series.
+
+Version 8.41 05-July-2017
+-------------------------
+
+1.  Fixed typo in CMakeLists.txt (wrong number of arguments for
+PCRE_STATIC_RUNTIME (affects MSVC only).
+
+2.  Issue 1 for 8.40 below was not correctly fixed. If pcregrep in multiline
+mode with --only-matching matched several lines, it restarted scanning at the
+next line instead of moving on to the end of the matched string, which can be
+several lines after the start.
+
+3.  Fix a missing else in the JIT compiler reported by 'idaifish'.
+
+4.  A (?# style comment is now ignored between a basic quantifier and a
+following '+' or '?' (example: /X+(?#comment)?Y/.
+
+5.  Avoid use of a potentially overflowing buffer in pcregrep (patch by Petr
+Pisar).
+
+6.  Fuzzers have reported issues in pcretest. These are NOT serious (it is,
+after all, just a test program). However, to stop the reports, some easy ones
+are fixed:
+
+    (a) Check for values < 256 when calling isprint() in pcretest.
+    (b) Give an error for too big a number after \O.
+
+7.  In the 32-bit library in non-UTF mode, an attempt to find a Unicode
+property for a character with a code point greater than 0x10ffff (the Unicode
+maximum) caused a crash.
+
+8. The alternative matching function, pcre_dfa_exec() misbehaved if it
+encountered a character class with a possessive repeat, for example [a-f]{3}+.
+
+9. When pcretest called pcre_copy_substring() in 32-bit mode, it set the buffer
+length incorrectly, which could result in buffer overflow.
+
+10. Remove redundant line of code (accidentally left in ages ago).
+
+11. Applied C++ patch from Irfan Adilovic to guard 'using std::' directives
+with namespace pcrecpp (Bugzilla #2084).
+
+12. Remove a duplication typo in pcre_tables.c.
+
+13. Fix returned offsets from regexec() when REG_STARTEND is used with a
+starting offset greater than zero.
+
+
+Version 8.40 11-January-2017
+----------------------------
+
+1.  Using -o with -M in pcregrep could cause unnecessary repeated output when
+    the match extended over a line boundary.
+
+2.  Applied Chris Wilson's second patch (Bugzilla #1681) to CMakeLists.txt for
+    MSVC static compilation, putting the first patch under a new option.
+
+3.  Fix register overwite in JIT when SSE2 acceleration is enabled.
+
+4.  Ignore "show all captures" (/=) for DFA matching.
+
+5.  Fix JIT unaligned accesses on x86. Patch by Marc Mutz.
+
+6.  In any wide-character mode (8-bit UTF or any 16-bit or 32-bit mode),
+    without PCRE_UCP set, a negative character type such as \D in a positive
+    class should cause all characters greater than 255 to match, whatever else
+    is in the class. There was a bug that caused this not to happen if a
+    Unicode property item was added to such a class, for example [\D\P{Nd}] or
+    [\W\pL].
+
+7.  When pcretest was outputing information from a callout, the caret indicator
+    for the current position in the subject line was incorrect if it was after
+    an escape sequence for a character whose code point was greater than
+    \x{ff}.
+
+8.  A pattern such as (?<RA>abc)(?(R)xyz) was incorrectly compiled such that
+    the conditional was interpreted as a reference to capturing group 1 instead
+    of a test for recursion. Any group whose name began with R was
+    misinterpreted in this way. (The reference interpretation should only
+    happen if the group's name is precisely "R".)
+
+9.  A number of bugs have been mended relating to match start-up optimizations
+    when the first thing in a pattern is a positive lookahead. These all
+    applied only when PCRE_NO_START_OPTIMIZE was *not* set:
+
+    (a) A pattern such as (?=.*X)X$ was incorrectly optimized as if it needed
+        both an initial 'X' and a following 'X'.
+    (b) Some patterns starting with an assertion that started with .* were
+        incorrectly optimized as having to match at the start of the subject or
+        after a newline. There are cases where this is not true, for example,
+        (?=.*[A-Z])(?=.{8,16})(?!.*[\s]) matches after the start in lines that
+        start with spaces. Starting .* in an assertion is no longer taken as an
+        indication of matching at the start (or after a newline).
+
+
+Version 8.39 14-June-2016
+-------------------------
+
+1.  If PCRE_AUTO_CALLOUT was set on a pattern that had a (?# comment between
+    an item and its qualifier (for example, A(?#comment)?B) pcre_compile()
+    misbehaved. This bug was found by the LLVM fuzzer.
+
+2.  Similar to the above, if an isolated \E was present between an item and its
+    qualifier when PCRE_AUTO_CALLOUT was set, pcre_compile() misbehaved. This
+    bug was found by the LLVM fuzzer.
+
+3.  Further to 8.38/46, negated classes such as [^[:^ascii:]\d] were also not
+    working correctly in UCP mode.
+
+4.  The POSIX wrapper function regexec() crashed if the option REG_STARTEND
+    was set when the pmatch argument was NULL. It now returns REG_INVARG.
+
+5.  Allow for up to 32-bit numbers in the ordin() function in pcregrep.
+
+6.  An empty \Q\E sequence between an item and its qualifier caused
+    pcre_compile() to misbehave when auto callouts were enabled. This bug was
+    found by the LLVM fuzzer.
+
+7.  If a pattern that was compiled with PCRE_EXTENDED started with white
+    space or a #-type comment that was followed by (?-x), which turns off
+    PCRE_EXTENDED, and there was no subsequent (?x) to turn it on again,
+    pcre_compile() assumed that (?-x) applied to the whole pattern and
+    consequently mis-compiled it. This bug was found by the LLVM fuzzer.
+
+8.  A call of pcre_copy_named_substring() for a named substring whose number
+    was greater than the space in the ovector could cause a crash.
+
+9.  Yet another buffer overflow bug involved duplicate named groups with a
+    group that reset capture numbers (compare 8.38/7 below). Once again, I have
+    just allowed for more memory, even if not needed. (A proper fix is
+    implemented in PCRE2, but it involves a lot of refactoring.)
+
+10. pcre_get_substring_list() crashed if the use of \K in a match caused the
+    start of the match to be earlier than the end.
+
+11. Migrating appropriate PCRE2 JIT improvements to PCRE.
+
+12. A pattern such as /(?<=((?C)0))/, which has a callout inside a lookbehind
+    assertion, caused pcretest to generate incorrect output, and also to read
+    uninitialized memory (detected by ASAN or valgrind).
+
+13. A pattern that included (*ACCEPT) in the middle of a sufficiently deeply
+    nested set of parentheses of sufficient size caused an overflow of the
+    compiling workspace (which was diagnosed, but of course is not desirable).
+
+14. And yet another buffer overflow bug involving duplicate named groups, this
+    time nested, with a nested back reference. Yet again, I have just allowed
+    for more memory, because anything more needs all the refactoring that has
+    been done for PCRE2. An example pattern that provoked this bug is:
+    /((?J)(?'R'(?'R'(?'R'(?'R'(?'R'(?|(\k'R'))))))))/ and the bug was
+    registered as CVE-2016-1283.
+
+15. pcretest went into a loop if global matching was requested with an ovector
+    size less than 2. It now gives an error message. This bug was found by
+    afl-fuzz.
+
+16. An invalid pattern fragment such as (?(?C)0 was not diagnosing an error
+    ("assertion expected") when (?(?C) was not followed by an opening
+    parenthesis.
+
+17. Fixed typo ("&&" for "&") in pcre_study(). Fortunately, this could not
+    actually affect anything, by sheer luck.
+
+18. Applied Chris Wilson's patch (Bugzilla #1681) to CMakeLists.txt for MSVC
+    static compilation.
+
+19. Modified the RunTest script to incorporate a valgrind suppressions file so
+    that certain errors, provoked by the SSE2 instruction set when JIT is used,
+    are ignored.
+
+20. A racing condition is fixed in JIT reported by Mozilla.
+
+21. Minor code refactor to avoid "array subscript is below array bounds"
+    compiler warning.
+
+22. Minor code refactor to avoid "left shift of negative number" warning.
+
+23. Fix typo causing compile error when 16- or 32-bit JIT is compiled without
+    UCP support.
+
+24. Refactor to avoid compiler warnings in pcrecpp.cc.
+
+25. Refactor to fix a typo in pcre_jit_test.c
+
+26. Patch to support compiling pcrecpp.cc with Intel compiler.
+
+
+Version 8.38 23-November-2015
+-----------------------------
+
+1.  If a group that contained a recursive back reference also contained a
+    forward reference subroutine call followed by a non-forward-reference
+    subroutine call, for example /.((?2)(?R)\1)()/, pcre_compile() failed to
+    compile correct code, leading to undefined behaviour or an internally
+    detected error. This bug was discovered by the LLVM fuzzer.
+
+2.  Quantification of certain items (e.g. atomic back references) could cause
+    incorrect code to be compiled when recursive forward references were
+    involved. For example, in this pattern: /(?1)()((((((\1++))\x85)+)|))/.
+    This bug was discovered by the LLVM fuzzer.
+
+3.  A repeated conditional group whose condition was a reference by name caused
+    a buffer overflow if there was more than one group with the given name.
+    This bug was discovered by the LLVM fuzzer.
+
+4.  A recursive back reference by name within a group that had the same name as
+    another group caused a buffer overflow. For example:
+    /(?J)(?'d'(?'d'\g{d}))/. This bug was discovered by the LLVM fuzzer.
+
+5.  A forward reference by name to a group whose number is the same as the
+    current group, for example in this pattern: /(?|(\k'Pm')|(?'Pm'))/, caused
+    a buffer overflow at compile time. This bug was discovered by the LLVM
+    fuzzer.
+
+6.  A lookbehind assertion within a set of mutually recursive subpatterns could
+    provoke a buffer overflow. This bug was discovered by the LLVM fuzzer.
+
+7.  Another buffer overflow bug involved duplicate named groups with a
+    reference between their definition, with a group that reset capture
+    numbers, for example: /(?J:(?|(?'R')(\k'R')|((?'R'))))/. This has been
+    fixed by always allowing for more memory, even if not needed. (A proper fix
+    is implemented in PCRE2, but it involves more refactoring.)
+
+8.  There was no check for integer overflow in subroutine calls such as (?123).
+
+9.  The table entry for \l in EBCDIC environments was incorrect, leading to its
+    being treated as a literal 'l' instead of causing an error.
+
+10. There was a buffer overflow if pcre_exec() was called with an ovector of
+    size 1. This bug was found by american fuzzy lop.
+
+11. If a non-capturing group containing a conditional group that could match
+    an empty string was repeated, it was not identified as matching an empty
+    string itself. For example: /^(?:(?(1)x|)+)+$()/.
+
+12. In an EBCDIC environment, pcretest was mishandling the escape sequences
+    \a and \e in test subject lines.
+
+13. In an EBCDIC environment, \a in a pattern was converted to the ASCII
+    instead of the EBCDIC value.
+
+14. The handling of \c in an EBCDIC environment has been revised so that it is
+    now compatible with the specification in Perl's perlebcdic page.
+
+15. The EBCDIC character 0x41 is a non-breaking space, equivalent to 0xa0 in
+    ASCII/Unicode. This has now been added to the list of characters that are
+    recognized as white space in EBCDIC.
+
+16. When PCRE was compiled without UCP support, the use of \p and \P gave an
+    error (correctly) when used outside a class, but did not give an error
+    within a class.
+
+17. \h within a class was incorrectly compiled in EBCDIC environments.
+
+18. A pattern with an unmatched closing parenthesis that contained a backward
+    assertion which itself contained a forward reference caused buffer
+    overflow. And example pattern is: /(?=di(?<=(?1))|(?=(.))))/.
+
+19. JIT should return with error when the compiled pattern requires more stack
+    space than the maximum.
+
+20. A possessively repeated conditional group that could match an empty string,
+    for example, /(?(R))*+/, was incorrectly compiled.
+
+21. Fix infinite recursion in the JIT compiler when certain patterns such as
+    /(?:|a|){100}x/ are analysed.
+
+22. Some patterns with character classes involving [: and \\ were incorrectly
+    compiled and could cause reading from uninitialized memory or an incorrect
+    error diagnosis.
+
+23. Pathological patterns containing many nested occurrences of [: caused
+    pcre_compile() to run for a very long time.
+
+24. A conditional group with only one branch has an implicit empty alternative
+    branch and must therefore be treated as potentially matching an empty
+    string.
+
+25. If (?R was followed by - or + incorrect behaviour happened instead of a
+    diagnostic.
+
+26. Arrange to give up on finding the minimum matching length for overly
+    complex patterns.
+
+27. Similar to (4) above: in a pattern with duplicated named groups and an
+    occurrence of (?| it is possible for an apparently non-recursive back
+    reference to become recursive if a later named group with the relevant
+    number is encountered. This could lead to a buffer overflow. Wen Guanxing
+    from Venustech ADLAB discovered this bug.
+
+28. If pcregrep was given the -q option with -c or -l, or when handling a
+    binary file, it incorrectly wrote output to stdout.
+
+29. The JIT compiler did not restore the control verb head in case of *THEN
+    control verbs. This issue was found by Karl Skomski with a custom LLVM
+    fuzzer.
+
+30. Error messages for syntax errors following \g and \k were giving inaccurate
+    offsets in the pattern.
+
+31. Added a check for integer overflow in conditions (?(<digits>) and
+    (?(R<digits>). This omission was discovered by Karl Skomski with the LLVM
+    fuzzer.
+
+32. Handling recursive references such as (?2) when the reference is to a group
+    later in the pattern uses code that is very hacked about and error-prone.
+    It has been re-written for PCRE2. Here in PCRE1, a check has been added to
+    give an internal error if it is obvious that compiling has gone wrong.
+
+33. The JIT compiler should not check repeats after a {0,1} repeat byte code.
+    This issue was found by Karl Skomski with a custom LLVM fuzzer.
+
+34. The JIT compiler should restore the control chain for empty possessive
+    repeats. This issue was found by Karl Skomski with a custom LLVM fuzzer.
+
+35. Match limit check added to JIT recursion. This issue was found by Karl
+    Skomski with a custom LLVM fuzzer.
+
+36. Yet another case similar to 27 above has been circumvented by an
+    unconditional allocation of extra memory. This issue is fixed "properly" in
+    PCRE2 by refactoring the way references are handled. Wen Guanxing
+    from Venustech ADLAB discovered this bug.
+
+37. Fix two assertion fails in JIT. These issues were found by Karl Skomski
+    with a custom LLVM fuzzer.
+
+38. Fixed a corner case of range optimization in JIT.
+
+39. An incorrect error "overran compiling workspace" was given if there were
+    exactly enough group forward references such that the last one extended
+    into the workspace safety margin. The next one would have expanded the
+    workspace. The test for overflow was not including the safety margin.
+
+40. A match limit issue is fixed in JIT which was found by Karl Skomski
+    with a custom LLVM fuzzer.
+
+41. Remove the use of /dev/null in testdata/testinput2, because it doesn't
+    work under Windows. (Why has it taken so long for anyone to notice?)
+
+42. In a character class such as [\W\p{Any}] where both a negative-type escape
+    ("not a word character") and a property escape were present, the property
+    escape was being ignored.
+
+43. Fix crash caused by very long (*MARK) or (*THEN) names.
+
+44. A sequence such as [[:punct:]b] that is, a POSIX character class followed
+    by a single ASCII character in a class item, was incorrectly compiled in
+    UCP mode. The POSIX class got lost, but only if the single character
+    followed it.
+
+45. [:punct:] in UCP mode was matching some characters in the range 128-255
+    that should not have been matched.
+
+46. If [:^ascii:] or [:^xdigit:] or [:^cntrl:] are present in a non-negated
+    class, all characters with code points greater than 255 are in the class.
+    When a Unicode property was also in the class (if PCRE_UCP is set, escapes
+    such as \w are turned into Unicode properties), wide characters were not
+    correctly handled, and could fail to match.
+
+
+Version 8.37 28-April-2015
+--------------------------
+
+1.  When an (*ACCEPT) is triggered inside capturing parentheses, it arranges
+    for those parentheses to be closed with whatever has been captured so far.
+    However, it was failing to mark any other groups between the hightest
+    capture so far and the currrent group as "unset". Thus, the ovector for
+    those groups contained whatever was previously there. An example is the
+    pattern /(x)|((*ACCEPT))/ when matched against "abcd".
+
+2.  If an assertion condition was quantified with a minimum of zero (an odd
+    thing to do, but it happened), SIGSEGV or other misbehaviour could occur.
+
+3.  If a pattern in pcretest input had the P (POSIX) modifier followed by an
+    unrecognized modifier, a crash could occur.
+
+4.  An attempt to do global matching in pcretest with a zero-length ovector
+    caused a crash.
+
+5.  Fixed a memory leak during matching that could occur for a subpattern
+    subroutine call (recursive or otherwise) if the number of captured groups
+    that had to be saved was greater than ten.
+
+6.  Catch a bad opcode during auto-possessification after compiling a bad UTF
+    string with NO_UTF_CHECK. This is a tidyup, not a bug fix, as passing bad
+    UTF with NO_UTF_CHECK is documented as having an undefined outcome.
+
+7.  A UTF pattern containing a "not" match of a non-ASCII character and a
+    subroutine reference could loop at compile time. Example: /[^\xff]((?1))/.
+
+8. When a pattern is compiled, it remembers the highest back reference so that
+   when matching, if the ovector is too small, extra memory can be obtained to
+   use instead. A conditional subpattern whose condition is a check on a
+   capture having happened, such as, for example in the pattern
+   /^(?:(a)|b)(?(1)A|B)/, is another kind of back reference, but it was not
+   setting the highest backreference number. This mattered only if pcre_exec()
+   was called with an ovector that was too small to hold the capture, and there
+   was no other kind of back reference (a situation which is probably quite
+   rare). The effect of the bug was that the condition was always treated as
+   FALSE when the capture could not be consulted, leading to a incorrect
+   behaviour by pcre_exec(). This bug has been fixed.
+
+9. A reference to a duplicated named group (either a back reference or a test
+   for being set in a conditional) that occurred in a part of the pattern where
+   PCRE_DUPNAMES was not set caused the amount of memory needed for the pattern
+   to be incorrectly calculated, leading to overwriting.
+
+10. A mutually recursive set of back references such as (\2)(\1) caused a
+    segfault at study time (while trying to find the minimum matching length).
+    The infinite loop is now broken (with the minimum length unset, that is,
+    zero).
+
+11. If an assertion that was used as a condition was quantified with a minimum
+    of zero, matching went wrong. In particular, if the whole group had
+    unlimited repetition and could match an empty string, a segfault was
+    likely. The pattern (?(?=0)?)+ is an example that caused this. Perl allows
+    assertions to be quantified, but not if they are being used as conditions,
+    so the above pattern is faulted by Perl. PCRE has now been changed so that
+    it also rejects such patterns.
+
+12. A possessive capturing group such as (a)*+ with a minimum repeat of zero
+    failed to allow the zero-repeat case if pcre2_exec() was called with an
+    ovector too small to capture the group.
+
+13. Fixed two bugs in pcretest that were discovered by fuzzing and reported by
+    Red Hat Product Security:
+
+    (a) A crash if /K and /F were both set with the option to save the compiled
+    pattern.
+
+    (b) Another crash if the option to print captured substrings in a callout
+    was combined with setting a null ovector, for example \O\C+ as a subject
+    string.
+
+14. A pattern such as "((?2){0,1999}())?", which has a group containing a
+    forward reference repeated a large (but limited) number of times within a
+    repeated outer group that has a zero minimum quantifier, caused incorrect
+    code to be compiled, leading to the error "internal error:
+    previously-checked referenced subpattern not found" when an incorrect
+    memory address was read. This bug was reported as "heap overflow",
+    discovered by Kai Lu of Fortinet's FortiGuard Labs and given the CVE number
+    CVE-2015-2325.
+
+23. A pattern such as "((?+1)(\1))/" containing a forward reference subroutine
+    call within a group that also contained a recursive back reference caused
+    incorrect code to be compiled. This bug was reported as "heap overflow",
+    discovered by Kai Lu of Fortinet's FortiGuard Labs, and given the CVE
+    number CVE-2015-2326.
+
+24. Computing the size of the JIT read-only data in advance has been a source
+    of various issues, and new ones are still appear unfortunately. To fix
+    existing and future issues, size computation is eliminated from the code,
+    and replaced by on-demand memory allocation.
+
+25. A pattern such as /(?i)[A-`]/, where characters in the other case are
+    adjacent to the end of the range, and the range contained characters with
+    more than one other case, caused incorrect behaviour when compiled in UTF
+    mode. In that example, the range a-j was left out of the class.
+
+26. Fix JIT compilation of conditional blocks, which assertion
+    is converted to (*FAIL). E.g: /(?(?!))/.
+
+27. The pattern /(?(?!)^)/ caused references to random memory. This bug was
+    discovered by the LLVM fuzzer.
+
+28. The assertion (?!) is optimized to (*FAIL). This was not handled correctly
+    when this assertion was used as a condition, for example (?(?!)a|b). In
+    pcre2_match() it worked by luck; in pcre2_dfa_match() it gave an incorrect
+    error about an unsupported item.
+
+29. For some types of pattern, for example /Z*(|d*){216}/, the auto-
+    possessification code could take exponential time to complete. A recursion
+    depth limit of 1000 has been imposed to limit the resources used by this
+    optimization.
+
+30. A pattern such as /(*UTF)[\S\V\H]/, which contains a negated special class
+    such as \S in non-UCP mode, explicit wide characters (> 255) can be ignored
+    because \S ensures they are all in the class. The code for doing this was
+    interacting badly with the code for computing the amount of space needed to
+    compile the pattern, leading to a buffer overflow. This bug was discovered
+    by the LLVM fuzzer.
+
+31. A pattern such as /((?2)+)((?1))/ which has mutual recursion nested inside
+    other kinds of group caused stack overflow at compile time. This bug was
+    discovered by the LLVM fuzzer.
+
+32. A pattern such as /(?1)(?#?'){8}(a)/ which had a parenthesized comment
+    between a subroutine call and its quantifier was incorrectly compiled,
+    leading to buffer overflow or other errors. This bug was discovered by the
+    LLVM fuzzer.
+
+33. The illegal pattern /(?(?<E>.*!.*)?)/ was not being diagnosed as missing an
+    assertion after (?(. The code was failing to check the character after
+    (?(?< for the ! or = that would indicate a lookbehind assertion. This bug
+    was discovered by the LLVM fuzzer.
+
+34. A pattern such as /X((?2)()*+){2}+/ which has a possessive quantifier with
+    a fixed maximum following a group that contains a subroutine reference was
+    incorrectly compiled and could trigger buffer overflow. This bug was
+    discovered by the LLVM fuzzer.
+
+35. A mutual recursion within a lookbehind assertion such as (?<=((?2))((?1)))
+    caused a stack overflow instead of the diagnosis of a non-fixed length
+    lookbehind assertion. This bug was discovered by the LLVM fuzzer.
+
+36. The use of \K in a positive lookbehind assertion in a non-anchored pattern
+    (e.g. /(?<=\Ka)/) could make pcregrep loop.
+
+37. There was a similar problem to 36 in pcretest for global matches.
+
+38. If a greedy quantified \X was preceded by \C in UTF mode (e.g. \C\X*),
+    and a subsequent item in the pattern caused a non-match, backtracking over
+    the repeated \X did not stop, but carried on past the start of the subject,
+    causing reference to random memory and/or a segfault. There were also some
+    other cases where backtracking after \C could crash. This set of bugs was
+    discovered by the LLVM fuzzer.
+
+39. The function for finding the minimum length of a matching string could take
+    a very long time if mutual recursion was present many times in a pattern,
+    for example, /((?2){73}(?2))((?1))/. A better mutual recursion detection
+    method has been implemented. This infelicity was discovered by the LLVM
+    fuzzer.
+
+40. Static linking against the PCRE library using the pkg-config module was
+    failing on missing pthread symbols.
+
+
+Version 8.36 26-September-2014
+------------------------------
+
+1.  Got rid of some compiler warnings in the C++ modules that were shown up by
+    -Wmissing-field-initializers and -Wunused-parameter.
+
+2.  The tests for quantifiers being too big (greater than 65535) were being
+    applied after reading the number, and stupidly assuming that integer
+    overflow would give a negative number. The tests are now applied as the
+    numbers are read.
+
+3.  Tidy code in pcre_exec.c where two branches that used to be different are
+    now the same.
+
+4.  The JIT compiler did not generate match limit checks for certain
+    bracketed expressions with quantifiers. This may lead to exponential
+    backtracking, instead of returning with PCRE_ERROR_MATCHLIMIT. This
+    issue should be resolved now.
+
+5.  Fixed an issue, which occures when nested alternatives are optimized
+    with table jumps.
+
+6.  Inserted two casts and changed some ints to size_t in the light of some
+    reported 64-bit compiler warnings (Bugzilla 1477).
+
+7.  Fixed a bug concerned with zero-minimum possessive groups that could match
+    an empty string, which sometimes were behaving incorrectly in the
+    interpreter (though correctly in the JIT matcher). This pcretest input is
+    an example:
+
+      '\A(?:[^"]++|"(?:[^"]*+|"")*+")++'
+      NON QUOTED "QUOT""ED" AFTER "NOT MATCHED
+
+    the interpreter was reporting a match of 'NON QUOTED ' only, whereas the
+    JIT matcher and Perl both matched 'NON QUOTED "QUOT""ED" AFTER '. The test
+    for an empty string was breaking the inner loop and carrying on at a lower
+    level, when possessive repeated groups should always return to a higher
+    level as they have no backtrack points in them. The empty string test now
+    occurs at the outer level.
+
+8.  Fixed a bug that was incorrectly auto-possessifying \w+ in the pattern
+    ^\w+(?>\s*)(?<=\w) which caused it not to match "test test".
+
+9.  Give a compile-time error for \o{} (as Perl does) and for \x{} (which Perl
+    doesn't).
+
+10. Change 8.34/15 introduced a bug that caused the amount of memory needed
+    to hold a pattern to be incorrectly computed (too small) when there were
+    named back references to duplicated names. This could cause "internal
+    error: code overflow" or "double free or corruption" or other memory
+    handling errors.
+
+11. When named subpatterns had the same prefixes, back references could be
+    confused. For example, in this pattern:
+
+      /(?P<Name>a)?(?P<Name2>b)?(?(<Name>)c|d)*l/
+
+    the reference to 'Name' was incorrectly treated as a reference to a
+    duplicate name.
+
+12. A pattern such as /^s?c/mi8 where the optional character has more than
+    one "other case" was incorrectly compiled such that it would only try to
+    match starting at "c".
+
+13. When a pattern starting with \s was studied, VT was not included in the
+    list of possible starting characters; this should have been part of the
+    8.34/18 patch.
+
+14. If a character class started [\Qx]... where x is any character, the class
+    was incorrectly terminated at the ].
+
+15. If a pattern that started with a caseless match for a character with more
+    than one "other case" was studied, PCRE did not set up the starting code
+    unit bit map for the list of possible characters. Now it does. This is an
+    optimization improvement, not a bug fix.
+
+16. The Unicode data tables have been updated to Unicode 7.0.0.
+
+17. Fixed a number of memory leaks in pcregrep.
+
+18. Avoid a compiler warning (from some compilers) for a function call with
+    a cast that removes "const" from an lvalue by using an intermediate
+    variable (to which the compiler does not object).
+
+19. Incorrect code was compiled if a group that contained an internal recursive
+    back reference was optional (had quantifier with a minimum of zero). This
+    example compiled incorrect code: /(((a\2)|(a*)\g<-1>))*/ and other examples
+    caused segmentation faults because of stack overflows at compile time.
+
+20. A pattern such as /((?(R)a|(?1)))+/, which contains a recursion within a
+    group that is quantified with an indefinite repeat, caused a compile-time
+    loop which used up all the system stack and provoked a segmentation fault.
+    This was not the same bug as 19 above.
+
+21. Add PCRECPP_EXP_DECL declaration to operator<< in pcre_stringpiece.h.
+    Patch by Mike Frysinger.
+
+
+Version 8.35 04-April-2014
+--------------------------
+
+1.  A new flag is set, when property checks are present in an XCLASS.
+    When this flag is not set, PCRE can perform certain optimizations
+    such as studying these XCLASS-es.
+
+2.  The auto-possessification of character sets were improved: a normal
+    and an extended character set can be compared now. Furthermore
+    the JIT compiler optimizes more character set checks.
+
+3.  Got rid of some compiler warnings for potentially uninitialized variables
+    that show up only when compiled with -O2.
+
+4.  A pattern such as (?=ab\K) that uses \K in an assertion can set the start
+    of a match later then the end of the match. The pcretest program was not
+    handling the case sensibly - it was outputting from the start to the next
+    binary zero. It now reports this situation in a message, and outputs the
+    text from the end to the start.
+
+5.  Fast forward search is improved in JIT. Instead of the first three
+    characters, any three characters with fixed position can be searched.
+    Search order: first, last, middle.
+
+6.  Improve character range checks in JIT. Characters are read by an inprecise
+    function now, which returns with an unknown value if the character code is
+    above a certain threshold (e.g: 256). The only limitation is that the value
+    must be bigger than the threshold as well. This function is useful when
+    the characters above the threshold are handled in the same way.
+
+7.  The macros whose names start with RAWUCHAR are placeholders for a future
+    mode in which only the bottom 21 bits of 32-bit data items are used. To
+    make this more memorable for those maintaining the code, the names have
+    been changed to start with UCHAR21, and an extensive comment has been added
+    to their definition.
+
+8.  Add missing (new) files sljitNativeTILEGX.c and sljitNativeTILEGX-encoder.c
+    to the export list in Makefile.am (they were accidentally omitted from the
+    8.34 tarball).
+
+9.  The informational output from pcretest used the phrase "starting byte set"
+    which is inappropriate for the 16-bit and 32-bit libraries. As the output
+    for "first char" and "need char" really means "non-UTF-char", I've changed
+    "byte" to "char", and slightly reworded the output. The documentation about
+    these values has also been (I hope) clarified.
+
+10. Another JIT related optimization: use table jumps for selecting the correct
+    backtracking path, when more than four alternatives are present inside a
+    bracket.
+
+11. Empty match is not possible, when the minimum length is greater than zero,
+    and there is no \K in the pattern. JIT should avoid empty match checks in
+    such cases.
+
+12. In a caseless character class with UCP support, when a character with more
+    than one alternative case was not the first character of a range, not all
+    the alternative cases were added to the class. For example, s and \x{17f}
+    are both alternative cases for S: the class [RST] was handled correctly,
+    but [R-T] was not.
+
+13. The configure.ac file always checked for pthread support when JIT was
+    enabled. This is not used in Windows, so I have put this test inside a
+    check for the presence of windows.h (which was already tested for).
+
+14. Improve pattern prefix search by a simplified Boyer-Moore algorithm in JIT.
+    The algorithm provides a way to skip certain starting offsets, and usually
+    faster than linear prefix searches.
+
+15. Change 13 for 8.20 updated RunTest to check for the 'fr' locale as well
+    as for 'fr_FR' and 'french'. For some reason, however, it then used the
+    Windows-specific input and output files, which have 'french' screwed in.
+    So this could never have worked. One of the problems with locales is that
+    they aren't always the same. I have now updated RunTest so that it checks
+    the output of the locale test (test 3) against three different output
+    files, and it allows the test to pass if any one of them matches. With luck
+    this should make the test pass on some versions of Solaris where it was
+    failing. Because of the uncertainty, the script did not used to stop if
+    test 3 failed; it now does. If further versions of a French locale ever
+    come to light, they can now easily be added.
+
+16. If --with-pcregrep-bufsize was given a non-integer value such as "50K",
+    there was a message during ./configure, but it did not stop. This now
+    provokes an error. The invalid example in README has been corrected.
+    If a value less than the minimum is given, the minimum value has always
+    been used, but now a warning is given.
+
+17. If --enable-bsr-anycrlf was set, the special 16/32-bit test failed. This
+    was a bug in the test system, which is now fixed. Also, the list of various
+    configurations that are tested for each release did not have one with both
+    16/32 bits and --enable-bar-anycrlf. It now does.
+
+18. pcretest was missing "-C bsr" for displaying the \R default setting.
+
+19. Little endian PowerPC systems are supported now by the JIT compiler.
+
+20. The fast forward newline mechanism could enter to an infinite loop on
+    certain invalid UTF-8 input. Although we don't support these cases
+    this issue can be fixed by a performance optimization.
+
+21. Change 33 of 8.34 is not sufficient to ensure stack safety because it does
+    not take account if existing stack usage. There is now a new global
+    variable called pcre_stack_guard that can be set to point to an external
+    function to check stack availability. It is called at the start of
+    processing every parenthesized group.
+
+22. A typo in the code meant that in ungreedy mode the max/min qualifier
+    behaved like a min-possessive qualifier, and, for example, /a{1,3}b/U did
+    not match "ab".
+
+23. When UTF was disabled, the JIT program reported some incorrect compile
+    errors. These messages are silenced now.
+
+24. Experimental support for ARM-64 and MIPS-64 has been added to the JIT
+    compiler.
+
+25. Change all the temporary files used in RunGrepTest to be different to those
+    used by RunTest so that the tests can be run simultaneously, for example by
+    "make -j check".
+
+
+Version 8.34 15-December-2013
+-----------------------------
+
+1.  Add pcre[16|32]_jit_free_unused_memory to forcibly free unused JIT
+    executable memory. Patch inspired by Carsten Klein.
+
+2.  ./configure --enable-coverage defined SUPPORT_GCOV in config.h, although
+    this macro is never tested and has no effect, because the work to support
+    coverage involves only compiling and linking options and special targets in
+    the Makefile. The comment in config.h implied that defining the macro would
+    enable coverage support, which is totally false. There was also support for
+    setting this macro in the CMake files (my fault, I just copied it from
+    configure). SUPPORT_GCOV has now been removed.
+
+3.  Make a small performance improvement in strlen16() and strlen32() in
+    pcretest.
+
+4.  Change 36 for 8.33 left some unreachable statements in pcre_exec.c,
+    detected by the Solaris compiler (gcc doesn't seem to be able to diagnose
+    these cases). There was also one in pcretest.c.
+
+5.  Cleaned up a "may be uninitialized" compiler warning in pcre_exec.c.
+
+6.  In UTF mode, the code for checking whether a group could match an empty
+    string (which is used for indefinitely repeated groups to allow for
+    breaking an infinite loop) was broken when the group contained a repeated
+    negated single-character class with a character that occupied more than one
+    data item and had a minimum repetition of zero (for example, [^\x{100}]* in
+    UTF-8 mode). The effect was undefined: the group might or might not be
+    deemed as matching an empty string, or the program might have crashed.
+
+7.  The code for checking whether a group could match an empty string was not
+    recognizing that \h, \H, \v, \V, and \R must match a character.
+
+8.  Implemented PCRE_INFO_MATCH_EMPTY, which yields 1 if the pattern can match
+    an empty string. If it can, pcretest shows this in its information output.
+
+9.  Fixed two related bugs that applied to Unicode extended grapheme clusters
+    that were repeated with a maximizing qualifier (e.g. \X* or \X{2,5}) when
+    matched by pcre_exec() without using JIT:
+
+    (a) If the rest of the pattern did not match after a maximal run of
+        grapheme clusters, the code for backing up to try with fewer of them
+        did not always back up over a full grapheme when characters that do not
+        have the modifier quality were involved, e.g. Hangul syllables.
+
+    (b) If the match point in a subject started with modifier character, and
+        there was no match, the code could incorrectly back up beyond the match
+        point, and potentially beyond the first character in the subject,
+        leading to a segfault or an incorrect match result.
+
+10. A conditional group with an assertion condition could lead to PCRE
+    recording an incorrect first data item for a match if no other first data
+    item was recorded. For example, the pattern (?(?=ab)ab) recorded "a" as a
+    first data item, and therefore matched "ca" after "c" instead of at the
+    start.
+
+11. Change 40 for 8.33 (allowing pcregrep to find empty strings) showed up a
+    bug that caused the command "echo a | ./pcregrep -M '|a'" to loop.
+
+12. The source of pcregrep now includes z/OS-specific code so that it can be
+    compiled for z/OS as part of the special z/OS distribution.
+
+13. Added the -T and -TM options to pcretest.
+
+14. The code in pcre_compile.c for creating the table of named capturing groups
+    has been refactored. Instead of creating the table dynamically during the
+    actual compiling pass, the information is remembered during the pre-compile
+    pass (on the stack unless there are more than 20 named groups, in which
+    case malloc() is used) and the whole table is created before the actual
+    compile happens. This has simplified the code (it is now nearly 150 lines
+    shorter) and prepared the way for better handling of references to groups
+    with duplicate names.
+
+15. A back reference to a named subpattern when there is more than one of the
+    same name now checks them in the order in which they appear in the pattern.
+    The first one that is set is used for the reference. Previously only the
+    first one was inspected. This change makes PCRE more compatible with Perl.
+
+16. Unicode character properties were updated from Unicode 6.3.0.
+
+17. The compile-time code for auto-possessification has been refactored, based
+    on a patch by Zoltan Herczeg. It now happens after instead of during
+    compilation. The code is cleaner, and more cases are handled. The option
+    PCRE_NO_AUTO_POSSESS is added for testing purposes, and the -O and /O
+    options in pcretest are provided to set it. It can also be set by
+    (*NO_AUTO_POSSESS) at the start of a pattern.
+
+18. The character VT has been added to the default ("C" locale) set of
+    characters that match \s and are generally treated as white space,
+    following this same change in Perl 5.18. There is now no difference between
+    "Perl space" and "POSIX space". Whether VT is treated as white space in
+    other locales depends on the locale.
+
+19. The code for checking named groups as conditions, either for being set or
+    for being recursed, has been refactored (this is related to 14 and 15
+    above). Processing unduplicated named groups should now be as fast at
+    numerical groups, and processing duplicated groups should be faster than
+    before.
+
+20. Two patches to the CMake build system, by Alexander Barkov:
+
+      (1) Replace the "source" command by "." in CMakeLists.txt because
+          "source" is a bash-ism.
+
+      (2) Add missing HAVE_STDINT_H and HAVE_INTTYPES_H to config-cmake.h.in;
+          without these the CMake build does not work on Solaris.
+
+21. Perl has changed its handling of \8 and \9. If there is no previously
+    encountered capturing group of those numbers, they are treated as the
+    literal characters 8 and 9 instead of a binary zero followed by the
+    literals. PCRE now does the same.
+
+22. Following Perl, added \o{} to specify codepoints in octal, making it
+    possible to specify values greater than 0777 and also making them
+    unambiguous.
+
+23. Perl now gives an error for missing closing braces after \x{... instead of
+    treating the string as literal. PCRE now does the same.
+
+24. RunTest used to grumble if an inappropriate test was selected explicitly,
+    but just skip it when running all tests. This make it awkward to run ranges
+    of tests when one of them was inappropriate. Now it just skips any
+    inappropriate tests, as it always did when running all tests.
+
+25. If PCRE_AUTO_CALLOUT and PCRE_UCP were set for a pattern that contained
+    character types such as \d or \w, too many callouts were inserted, and the
+    data that they returned was rubbish.
+
+26. In UCP mode, \s was not matching two of the characters that Perl matches,
+    namely NEL (U+0085) and MONGOLIAN VOWEL SEPARATOR (U+180E), though they
+    were matched by \h. The code has now been refactored so that the lists of
+    the horizontal and vertical whitespace characters used for \h and \v (which
+    are defined only in one place) are now also used for \s.
+
+27. Add JIT support for the 64 bit TileGX architecture.
+    Patch by Jiong Wang (Tilera Corporation).
+
+28. Possessive quantifiers for classes (both explicit and automatically
+    generated) now use special opcodes instead of wrapping in ONCE brackets.
+
+29. Whereas an item such as A{4}+ ignored the possessivenes of the quantifier
+    (because it's meaningless), this was not happening when PCRE_CASELESS was
+    set. Not wrong, but inefficient.
+
+30. Updated perltest.pl to add /u (force Unicode mode) when /W (use Unicode
+    properties for \w, \d, etc) is present in a test regex. Otherwise if the
+    test contains no characters greater than 255, Perl doesn't realise it
+    should be using Unicode semantics.
+
+31. Upgraded the handling of the POSIX classes [:graph:], [:print:], and
+    [:punct:] when PCRE_UCP is set so as to include the same characters as Perl
+    does in Unicode mode.
+
+32. Added the "forbid" facility to pcretest so that putting tests into the
+    wrong test files can sometimes be quickly detected.
+
+33. There is now a limit (default 250) on the depth of nesting of parentheses.
+    This limit is imposed to control the amount of system stack used at compile
+    time. It can be changed at build time by --with-parens-nest-limit=xxx or
+    the equivalent in CMake.
+
+34. Character classes such as [A-\d] or [a-[:digit:]] now cause compile-time
+    errors. Perl warns for these when in warning mode, but PCRE has no facility
+    for giving warnings.
+
+35. Change 34 for 8.13 allowed quantifiers on assertions, because Perl does.
+    However, this was not working for (?!) because it is optimized to (*FAIL),
+    for which PCRE does not allow quantifiers. The optimization is now disabled
+    when a quantifier follows (?!). I can't see any use for this, but it makes
+    things uniform.
+
+36. Perl no longer allows group names to start with digits, so I have made this
+    change also in PCRE. It simplifies the code a bit.
+
+37. In extended mode, Perl ignores spaces before a + that indicates a
+    possessive quantifier. PCRE allowed a space before the quantifier, but not
+    before the possessive +. It now does.
+
+38. The use of \K (reset reported match start) within a repeated possessive
+    group such as (a\Kb)*+ was not working.
+
+40. Document that the same character tables must be used at compile time and
+    run time, and that the facility to pass tables to pcre_exec() and
+    pcre_dfa_exec() is for use only with saved/restored patterns.
+
+41. Applied Jeff Trawick's patch CMakeLists.txt, which "provides two new
+    features for Builds with MSVC:
+
+    1. Support pcre.rc and/or pcreposix.rc (as is already done for MinGW
+       builds). The .rc files can be used to set FileDescription and many other
+       attributes.
+
+    2. Add an option (-DINSTALL_MSVC_PDB) to enable installation of .pdb files.
+       This allows higher-level build scripts which want .pdb files to avoid
+       hard-coding the exact files needed."
+
+42. Added support for [[:<:]] and [[:>:]] as used in the BSD POSIX library to
+    mean "start of word" and "end of word", respectively, as a transition aid.
+
+43. A minimizing repeat of a class containing codepoints greater than 255 in
+    non-UTF 16-bit or 32-bit modes caused an internal error when PCRE was
+    compiled to use the heap for recursion.
+
+44. Got rid of some compiler warnings for unused variables when UTF but not UCP
+    is configured.
+
+
+Version 8.33 28-May-2013
+------------------------
+
+1.  Added 'U' to some constants that are compared to unsigned integers, to
+    avoid compiler signed/unsigned warnings. Added (int) casts to unsigned
+    variables that are added to signed variables, to ensure the result is
+    signed and can be negated.
+
+2.  Applied patch by Daniel Richard G for quashing MSVC warnings to the
+    CMake config files.
+
+3.  Revise the creation of config.h.generic so that all boolean macros are
+    #undefined, whereas non-boolean macros are #ifndef/#endif-ed. This makes
+    overriding via -D on the command line possible.
+
+4.  Changing the definition of the variable "op" in pcre_exec.c from pcre_uchar
+    to unsigned int is reported to make a quite noticeable speed difference in
+    a specific Windows environment. Testing on Linux did also appear to show
+    some benefit (and it is clearly not harmful). Also fixed the definition of
+    Xop which should be unsigned.
+
+5.  Related to (4), changing the definition of the intermediate variable cc
+    in repeated character loops from pcre_uchar to pcre_uint32 also gave speed
+    improvements.
+
+6.  Fix forward search in JIT when link size is 3 or greater. Also removed some
+    unnecessary spaces.
+
+7.  Adjust autogen.sh and configure.ac to lose warnings given by automake 1.12
+    and later.
+
+8.  Fix two buffer over read issues in 16 and 32 bit modes. Affects JIT only.
+
+9.  Optimizing fast_forward_start_bits in JIT.
+
+10. Adding support for callouts in JIT, and fixing some issues revealed
+    during this work. Namely:
+
+    (a) Unoptimized capturing brackets incorrectly reset on backtrack.
+
+    (b) Minimum length was not checked before the matching is started.
+
+11. The value of capture_last that is passed to callouts was incorrect in some
+    cases when there was a capture on one path that was subsequently abandoned
+    after a backtrack. Also, the capture_last value is now reset after a
+    recursion, since all captures are also reset in this case.
+
+12. The interpreter no longer returns the "too many substrings" error in the
+    case when an overflowing capture is in a branch that is subsequently
+    abandoned after a backtrack.
+
+13. In the pathological case when an offset vector of size 2 is used, pcretest
+    now prints out the matched string after a yield of 0 or 1.
+
+14. Inlining subpatterns in recursions, when certain conditions are fulfilled.
+    Only supported by the JIT compiler at the moment.
+
+15. JIT compiler now supports 32 bit Macs thanks to Lawrence Velazquez.
+
+16. Partial matches now set offsets[2] to the "bumpalong" value, that is, the
+    offset of the starting point of the matching process, provided the offsets
+    vector is large enough.
+
+17. The \A escape now records a lookbehind value of 1, though its execution
+    does not actually inspect the previous character. This is to ensure that,
+    in partial multi-segment matching, at least one character from the old
+    segment is retained when a new segment is processed. Otherwise, if there
+    are no lookbehinds in the pattern, \A might match incorrectly at the start
+    of a new segment.
+
+18. Added some #ifdef __VMS code into pcretest.c to help VMS implementations.
+
+19. Redefined some pcre_uchar variables in pcre_exec.c as pcre_uint32; this
+    gives some modest performance improvement in 8-bit mode.
+
+20. Added the PCRE-specific property \p{Xuc} for matching characters that can
+    be expressed in certain programming languages using Universal Character
+    Names.
+
+21. Unicode validation has been updated in the light of Unicode Corrigendum #9,
+    which points out that "non characters" are not "characters that may not
+    appear in Unicode strings" but rather "characters that are reserved for
+    internal use and have only local meaning".
+
+22. When a pattern was compiled with automatic callouts (PCRE_AUTO_CALLOUT) and
+    there was a conditional group that depended on an assertion, if the
+    assertion was false, the callout that immediately followed the alternation
+    in the condition was skipped when pcre_exec() was used for matching.
+
+23. Allow an explicit callout to be inserted before an assertion that is the
+    condition for a conditional group, for compatibility with automatic
+    callouts, which always insert a callout at this point.
+
+24. In 8.31, (*COMMIT) was confined to within a recursive subpattern. Perl also
+    confines (*SKIP) and (*PRUNE) in the same way, and this has now been done.
+
+25. (*PRUNE) is now supported by the JIT compiler.
+
+26. Fix infinite loop when /(?<=(*SKIP)ac)a/ is matched against aa.
+
+27. Fix the case where there are two or more SKIPs with arguments that may be
+    ignored.
+
+28. (*SKIP) is now supported by the JIT compiler.
+
+29. (*THEN) is now supported by the JIT compiler.
+
+30. Update RunTest with additional test selector options.
+
+31. The way PCRE handles backtracking verbs has been changed in two ways.
+
+    (1) Previously, in something like (*COMMIT)(*SKIP), COMMIT would override
+    SKIP. Now, PCRE acts on whichever backtracking verb is reached first by
+    backtracking. In some cases this makes it more Perl-compatible, but Perl's
+    rather obscure rules do not always do the same thing.
+
+    (2) Previously, backtracking verbs were confined within assertions. This is
+    no longer the case for positive assertions, except for (*ACCEPT). Again,
+    this sometimes improves Perl compatibility, and sometimes does not.
+
+32. A number of tests that were in test 2 because Perl did things differently
+    have been moved to test 1, because either Perl or PCRE has changed, and
+    these tests are now compatible.
+
+32. Backtracking control verbs are now handled in the same way in JIT and
+    interpreter.
+
+33. An opening parenthesis in a MARK/PRUNE/SKIP/THEN name in a pattern that
+    contained a forward subroutine reference caused a compile error.
+
+34. Auto-detect and optimize limited repetitions in JIT.
+
+35. Implement PCRE_NEVER_UTF to lock out the use of UTF, in particular,
+    blocking (*UTF) etc.
+
+36. In the interpreter, maximizing pattern repetitions for characters and
+    character types now use tail recursion, which reduces stack usage.
+
+37. The value of the max lookbehind was not correctly preserved if a compiled
+    and saved regex was reloaded on a host of different endianness.
+
+38. Implemented (*LIMIT_MATCH) and (*LIMIT_RECURSION). As part of the extension
+    of the compiled pattern block, expand the flags field from 16 to 32 bits
+    because it was almost full.
+
+39. Try madvise first before posix_madvise.
+
+40. Change 7 for PCRE 7.9 made it impossible for pcregrep to find empty lines
+    with a pattern such as ^$. It has taken 4 years for anybody to notice! The
+    original change locked out all matches of empty strings. This has been
+    changed so that one match of an empty string per line is recognized.
+    Subsequent searches on the same line (for colouring or for --only-matching,
+    for example) do not recognize empty strings.
+
+41. Applied a user patch to fix a number of spelling mistakes in comments.
+
+42. Data lines longer than 65536 caused pcretest to crash.
+
+43. Clarified the data type for length and startoffset arguments for pcre_exec
+    and pcre_dfa_exec in the function-specific man pages, where they were
+    explicitly stated to be in bytes, never having been updated. I also added
+    some clarification to the pcreapi man page.
+
+44. A call to pcre_dfa_exec() with an output vector size less than 2 caused
+    a segmentation fault.
+
+
+Version 8.32 30-November-2012
+-----------------------------
+
+1.  Improved JIT compiler optimizations for first character search and single
+    character iterators.
+
+2.  Supporting IBM XL C compilers for PPC architectures in the JIT compiler.
+    Patch by Daniel Richard G.
+
+3.  Single character iterator optimizations in the JIT compiler.
+
+4.  Improved JIT compiler optimizations for character ranges.
+
+5.  Rename the "leave" variable names to "quit" to improve WinCE compatibility.
+    Reported by Giuseppe D'Angelo.
+
+6.  The PCRE_STARTLINE bit, indicating that a match can occur only at the start
+    of a line, was being set incorrectly in cases where .* appeared inside
+    atomic brackets at the start of a pattern, or where there was a subsequent
+    *PRUNE or *SKIP.
+
+7.  Improved instruction cache flush for POWER/PowerPC.
+    Patch by Daniel Richard G.
+
+8.  Fixed a number of issues in pcregrep, making it more compatible with GNU
+    grep:
+
+    (a) There is now no limit to the number of patterns to be matched.
+
+    (b) An error is given if a pattern is too long.
+
+    (c) Multiple uses of --exclude, --exclude-dir, --include, and --include-dir
+        are now supported.
+
+    (d) --exclude-from and --include-from (multiple use) have been added.
+
+    (e) Exclusions and inclusions now apply to all files and directories, not
+        just to those obtained from scanning a directory recursively.
+
+    (f) Multiple uses of -f and --file-list are now supported.
+
+    (g) In a Windows environment, the default for -d has been changed from
+        "read" (the GNU grep default) to "skip", because otherwise the presence
+        of a directory in the file list provokes an error.
+
+    (h) The documentation has been revised and clarified in places.
+
+9.  Improve the matching speed of capturing brackets.
+
+10. Changed the meaning of \X so that it now matches a Unicode extended
+    grapheme cluster.
+
+11. Patch by Daniel Richard G to the autoconf files to add a macro for sorting
+    out POSIX threads when JIT support is configured.
+
+12. Added support for PCRE_STUDY_EXTRA_NEEDED.
+
+13. In the POSIX wrapper regcomp() function, setting re_nsub field in the preg
+    structure could go wrong in environments where size_t is not the same size
+    as int.
+
+14. Applied user-supplied patch to pcrecpp.cc to allow PCRE_NO_UTF8_CHECK to be
+    set.
+
+15. The EBCDIC support had decayed; later updates to the code had included
+    explicit references to (e.g.) \x0a instead of CHAR_LF. There has been a
+    general tidy up of EBCDIC-related issues, and the documentation was also
+    not quite right. There is now a test that can be run on ASCII systems to
+    check some of the EBCDIC-related things (but is it not a full test).
+
+16. The new PCRE_STUDY_EXTRA_NEEDED option is now used by pcregrep, resulting
+    in a small tidy to the code.
+
+17. Fix JIT tests when UTF is disabled and both 8 and 16 bit mode are enabled.
+
+18. If the --only-matching (-o) option in pcregrep is specified multiple
+    times, each one causes appropriate output. For example, -o1 -o2 outputs the
+    substrings matched by the 1st and 2nd capturing parentheses. A separating
+    string can be specified by --om-separator (default empty).
+
+19. Improving the first n character searches.
+
+20. Turn case lists for horizontal and vertical white space into macros so that
+    they are defined only once.
+
+21. This set of changes together give more compatible Unicode case-folding
+    behaviour for characters that have more than one other case when UCP
+    support is available.
+
+    (a) The Unicode property table now has offsets into a new table of sets of
+        three or more characters that are case-equivalent. The MultiStage2.py
+        script that generates these tables (the pcre_ucd.c file) now scans
+        CaseFolding.txt instead of UnicodeData.txt for character case
+        information.
+
+    (b) The code for adding characters or ranges of characters to a character
+        class has been abstracted into a generalized function that also handles
+        case-independence. In UTF-mode with UCP support, this uses the new data
+        to handle characters with more than one other case.
+
+    (c) A bug that is fixed as a result of (b) is that codepoints less than 256
+        whose other case is greater than 256 are now correctly matched
+        caselessly. Previously, the high codepoint matched the low one, but not
+        vice versa.
+
+    (d) The processing of \h, \H, \v, and \ in character classes now makes use
+        of the new class addition function, using character lists defined as
+        macros alongside the case definitions of 20 above.
+
+    (e) Caseless back references now work with characters that have more than
+        one other case.
+
+    (f) General caseless matching of characters with more than one other case
+        is supported.
+
+22. Unicode character properties were updated from Unicode 6.2.0
+
+23. Improved CMake support under Windows. Patch by Daniel Richard G.
+
+24. Add support for 32-bit character strings, and UTF-32
+
+25. Major JIT compiler update (code refactoring and bugfixing).
+    Experimental Sparc 32 support is added.
+
+26. Applied a modified version of Daniel Richard G's patch to create
+    pcre.h.generic and config.h.generic by "make" instead of in the
+    PrepareRelease script.
+
+27. Added a definition for CHAR_NULL (helpful for the z/OS port), and use it in
+    pcre_compile.c when checking for a zero character.
+
+28. Introducing a native interface for JIT. Through this interface, the compiled
+    machine code can be directly executed. The purpose of this interface is to
+    provide fast pattern matching, so several sanity checks are not performed.
+    However, feature tests are still performed. The new interface provides
+    1.4x speedup compared to the old one.
+
+29. If pcre_exec() or pcre_dfa_exec() was called with a negative value for
+    the subject string length, the error given was PCRE_ERROR_BADOFFSET, which
+    was confusing. There is now a new error PCRE_ERROR_BADLENGTH for this case.
+
+30. In 8-bit UTF-8 mode, pcretest failed to give an error for data codepoints
+    greater than 0x7fffffff (which cannot be represented in UTF-8, even under
+    the "old" RFC 2279). Instead, it ended up passing a negative length to
+    pcre_exec().
+
+31. Add support for GCC's visibility feature to hide internal functions.
+
+32. Running "pcretest -C pcre8" or "pcretest -C pcre16" gave a spurious error
+    "unknown -C option" after outputting 0 or 1.
+
+33. There is now support for generating a code coverage report for the test
+    suite in environments where gcc is the compiler and lcov is installed. This
+    is mainly for the benefit of the developers.
+
+34. If PCRE is built with --enable-valgrind, certain memory regions are marked
+    unaddressable using valgrind annotations, allowing valgrind to detect
+    invalid memory accesses. This is mainly for the benefit of the developers.
+
+25. (*UTF) can now be used to start a pattern in any of the three libraries.
+
+26. Give configure error if --enable-cpp but no C++ compiler found.
+
+
+Version 8.31 06-July-2012
+-------------------------
+
+1.  Fixing a wrong JIT test case and some compiler warnings.
+
+2.  Removed a bashism from the RunTest script.
+
+3.  Add a cast to pcre_exec.c to fix the warning "unary minus operator applied
+    to unsigned type, result still unsigned" that was given by an MS compiler
+    on encountering the code "-sizeof(xxx)".
+
+4.  Partial matching support is added to the JIT compiler.
+
+5.  Fixed several bugs concerned with partial matching of items that consist
+    of more than one character:
+
+    (a) /^(..)\1/ did not partially match "aba" because checking references was
+        done on an "all or nothing" basis. This also applied to repeated
+        references.
+
+    (b) \R did not give a hard partial match if \r was found at the end of the
+        subject.
+
+    (c) \X did not give a hard partial match after matching one or more
+        characters at the end of the subject.
+
+    (d) When newline was set to CRLF, a pattern such as /a$/ did not recognize
+        a partial match for the string "\r".
+
+    (e) When newline was set to CRLF, the metacharacter "." did not recognize
+        a partial match for a CR character at the end of the subject string.
+
+6.  If JIT is requested using /S++ or -s++ (instead of just /S+ or -s+) when
+    running pcretest, the text "(JIT)" added to the output whenever JIT is
+    actually used to run the match.
+
+7.  Individual JIT compile options can be set in pcretest by following -s+[+]
+    or /S+[+] with a digit between 1 and 7.
+
+8.  OP_NOT now supports any UTF character not just single-byte ones.
+
+9.  (*MARK) control verb is now supported by the JIT compiler.
+
+10. The command "./RunTest list" lists the available tests without actually
+    running any of them. (Because I keep forgetting what they all are.)
+
+11. Add PCRE_INFO_MAXLOOKBEHIND.
+
+12. Applied a (slightly modified) user-supplied patch that improves performance
+    when the heap is used for recursion (compiled with --disable-stack-for-
+    recursion). Instead of malloc and free for each heap frame each time a
+    logical recursion happens, frames are retained on a chain and re-used where
+    possible. This sometimes gives as much as 30% improvement.
+
+13. As documented, (*COMMIT) is now confined to within a recursive subpattern
+    call.
+
+14. As documented, (*COMMIT) is now confined to within a positive assertion.
+
+15. It is now possible to link pcretest with libedit as an alternative to
+    libreadline.
+
+16. (*COMMIT) control verb is now supported by the JIT compiler.
+
+17. The Unicode data tables have been updated to Unicode 6.1.0.
+
+18. Added --file-list option to pcregrep.
+
+19. Added binary file support to pcregrep, including the -a, --binary-files,
+    -I, and --text options.
+
+20. The madvise function is renamed for posix_madvise for QNX compatibility
+    reasons. Fixed by Giuseppe D'Angelo.
+
+21. Fixed a bug for backward assertions with REVERSE 0 in the JIT compiler.
+
+22. Changed the option for creating symbolic links for 16-bit man pages from
+    -s to -sf so that re-installing does not cause issues.
+
+23. Support PCRE_NO_START_OPTIMIZE in JIT as (*MARK) support requires it.
+
+24. Fixed a very old bug in pcretest that caused errors with restarted DFA
+    matches in certain environments (the workspace was not being correctly
+    retained). Also added to pcre_dfa_exec() a simple plausibility check on
+    some of the workspace data at the beginning of a restart.
+
+25. \s*\R was auto-possessifying the \s* when it should not, whereas \S*\R
+    was not doing so when it should - probably a typo introduced by SVN 528
+    (change 8.10/14).
+
+26. When PCRE_UCP was not set, \w+\x{c4} was incorrectly auto-possessifying the
+    \w+ when the character tables indicated that \x{c4} was a word character.
+    There were several related cases, all because the tests for doing a table
+    lookup were testing for characters less than 127 instead of 255.
+
+27. If a pattern contains capturing parentheses that are not used in a match,
+    their slots in the ovector are set to -1. For those that are higher than
+    any matched groups, this happens at the end of processing. In the case when
+    there were back references that the ovector was too small to contain
+    (causing temporary malloc'd memory to be used during matching), and the
+    highest capturing number was not used, memory off the end of the ovector
+    was incorrectly being set to -1. (It was using the size of the temporary
+    memory instead of the true size.)
+
+28. To catch bugs like 27 using valgrind, when pcretest is asked to specify an
+    ovector size, it uses memory at the end of the block that it has got.
+
+29. Check for an overlong MARK name and give an error at compile time. The
+    limit is 255 for the 8-bit library and 65535 for the 16-bit library.
+
+30. JIT compiler update.
+
+31. JIT is now supported on jailbroken iOS devices. Thanks for Ruiger
+    Rill for the patch.
+
+32. Put spaces around SLJIT_PRINT_D in the JIT compiler. Required by CXX11.
+
+33. Variable renamings in the PCRE-JIT compiler. No functionality change.
+
+34. Fixed typos in pcregrep: in two places there was SUPPORT_LIBZ2 instead of
+    SUPPORT_LIBBZ2. This caused a build problem when bzip2 but not gzip (zlib)
+    was enabled.
+
+35. Improve JIT code generation for greedy plus quantifier.
+
+36. When /((?:a?)*)*c/ or /((?>a?)*)*c/ was matched against "aac", it set group
+    1 to "aa" instead of to an empty string. The bug affected repeated groups
+    that could potentially match an empty string.
+
+37. Optimizing single character iterators in JIT.
+
+38. Wide characters specified with \uxxxx in JavaScript mode are now subject to
+    the same checks as \x{...} characters in non-JavaScript mode. Specifically,
+    codepoints that are too big for the mode are faulted, and in a UTF mode,
+    disallowed codepoints are also faulted.
+
+39. If PCRE was compiled with UTF support, in three places in the DFA
+    matcher there was code that should only have been obeyed in UTF mode, but
+    was being obeyed unconditionally. In 8-bit mode this could cause incorrect
+    processing when bytes with values greater than 127 were present. In 16-bit
+    mode the bug would be provoked by values in the range 0xfc00 to 0xdc00. In
+    both cases the values are those that cannot be the first data item in a UTF
+    character. The three items that might have provoked this were recursions,
+    possessively repeated groups, and atomic groups.
+
+40. Ensure that libpcre is explicitly listed in the link commands for pcretest
+    and pcregrep, because some OS require shared objects to be explicitly
+    passed to ld, causing the link step to fail if they are not.
+
+41. There were two incorrect #ifdefs in pcre_study.c, meaning that, in 16-bit
+    mode, patterns that started with \h* or \R* might be incorrectly matched.
+
+
+Version 8.30 04-February-2012
+-----------------------------
+
+1.  Renamed "isnumber" as "is_a_number" because in some Mac environments this
+    name is defined in ctype.h.
+
+2.  Fixed a bug in fixed-length calculation for lookbehinds that would show up
+    only in quite long subpatterns.
+
+3.  Removed the function pcre_info(), which has been obsolete and deprecated
+    since it was replaced by pcre_fullinfo() in February 2000.
+
+4.  For a non-anchored pattern, if (*SKIP) was given with a name that did not
+    match a (*MARK), and the match failed at the start of the subject, a
+    reference to memory before the start of the subject could occur. This bug
+    was introduced by fix 17 of release 8.21.
+
+5.  A reference to an unset group with zero minimum repetition was giving
+    totally wrong answers (in non-JavaScript-compatibility mode). For example,
+    /(another)?(\1?)test/ matched against "hello world test". This bug was
+    introduced in release 8.13.
+
+6.  Add support for 16-bit character strings (a large amount of work involving
+    many changes and refactorings).
+
+7.  RunGrepTest failed on msys because \r\n was replaced by whitespace when the
+    command "pattern=`printf 'xxx\r\njkl'`" was run. The pattern is now taken
+    from a file.
+
+8.  Ovector size of 2 is also supported by JIT based pcre_exec (the ovector size
+    rounding is not applied in this particular case).
+
+9.  The invalid Unicode surrogate codepoints U+D800 to U+DFFF are now rejected
+    if they appear, or are escaped, in patterns.
+
+10. Get rid of a number of -Wunused-but-set-variable warnings.
+
+11. The pattern /(?=(*:x))(q|)/ matches an empty string, and returns the mark
+    "x". The similar pattern /(?=(*:x))((*:y)q|)/ did not return a mark at all.
+    Oddly, Perl behaves the same way. PCRE has been fixed so that this pattern
+    also returns the mark "x". This bug applied to capturing parentheses,
+    non-capturing parentheses, and atomic parentheses. It also applied to some
+    assertions.
+
+12. Stephen Kelly's patch to CMakeLists.txt allows it to parse the version
+    information out of configure.ac instead of relying on pcre.h.generic, which
+    is not stored in the repository.
+
+13. Applied Dmitry V. Levin's patch for a more portable method for linking with
+    -lreadline.
+
+14. ZH added PCRE_CONFIG_JITTARGET; added its output to pcretest -C.
+
+15. Applied Graycode's patch to put the top-level frame on the stack rather
+    than the heap when not using the stack for recursion. This gives a
+    performance improvement in many cases when recursion is not deep.
+
+16. Experimental code added to "pcretest -C" to output the stack frame size.
+
+
+Version 8.21 12-Dec-2011
+------------------------
+
+1.  Updating the JIT compiler.
+
+2.  JIT compiler now supports OP_NCREF, OP_RREF and OP_NRREF. New test cases
+    are added as well.
+
+3.  Fix cache-flush issue on PowerPC (It is still an experimental JIT port).
+    PCRE_EXTRA_TABLES is not suported by JIT, and should be checked before
+    calling _pcre_jit_exec. Some extra comments are added.
+
+4.  (*MARK) settings inside atomic groups that do not contain any capturing
+    parentheses, for example, (?>a(*:m)), were not being passed out. This bug
+    was introduced by change 18 for 8.20.
+
+5.  Supporting of \x, \U and \u in JavaScript compatibility mode based on the
+    ECMA-262 standard.
+
+6.  Lookbehinds such as (?<=a{2}b) that contained a fixed repetition were
+    erroneously being rejected as "not fixed length" if PCRE_CASELESS was set.
+    This bug was probably introduced by change 9 of 8.13.
+
+7.  While fixing 6 above, I noticed that a number of other items were being
+    incorrectly rejected as "not fixed length". This arose partly because newer
+    opcodes had not been added to the fixed-length checking code. I have (a)
+    corrected the bug and added tests for these items, and (b) arranged for an
+    error to occur if an unknown opcode is encountered while checking for fixed
+    length instead of just assuming "not fixed length". The items that were
+    rejected were: (*ACCEPT), (*COMMIT), (*FAIL), (*MARK), (*PRUNE), (*SKIP),
+    (*THEN), \h, \H, \v, \V, and single character negative classes with fixed
+    repetitions, e.g. [^a]{3}, with and without PCRE_CASELESS.
+
+8.  A possessively repeated conditional subpattern such as (?(?=c)c|d)++ was
+    being incorrectly compiled and would have given unpredicatble results.
+
+9.  A possessively repeated subpattern with minimum repeat count greater than
+    one behaved incorrectly. For example, (A){2,}+ behaved as if it was
+    (A)(A)++ which meant that, after a subsequent mismatch, backtracking into
+    the first (A) could occur when it should not.
+
+10. Add a cast and remove a redundant test from the code.
+
+11. JIT should use pcre_malloc/pcre_free for allocation.
+
+12. Updated pcre-config so that it no longer shows -L/usr/lib, which seems
+    best practice nowadays, and helps with cross-compiling. (If the exec_prefix
+    is anything other than /usr, -L is still shown).
+
+13. In non-UTF-8 mode, \C is now supported in lookbehinds and DFA matching.
+
+14. Perl does not support \N without a following name in a [] class; PCRE now
+    also gives an error.
+
+15. If a forward reference was repeated with an upper limit of around 2000,
+    it caused the error "internal error: overran compiling workspace". The
+    maximum number of forward references (including repeats) was limited by the
+    internal workspace, and dependent on the LINK_SIZE. The code has been
+    rewritten so that the workspace expands (via pcre_malloc) if necessary, and
+    the default depends on LINK_SIZE. There is a new upper limit (for safety)
+    of around 200,000 forward references. While doing this, I also speeded up
+    the filling in of repeated forward references.
+
+16. A repeated forward reference in a pattern such as (a)(?2){2}(.) was
+    incorrectly expecting the subject to contain another "a" after the start.
+
+17. When (*SKIP:name) is activated without a corresponding (*MARK:name) earlier
+    in the match, the SKIP should be ignored. This was not happening; instead
+    the SKIP was being treated as NOMATCH. For patterns such as
+    /A(*MARK:A)A+(*SKIP:B)Z|AAC/ this meant that the AAC branch was never
+    tested.
+
+18. The behaviour of (*MARK), (*PRUNE), and (*THEN) has been reworked and is
+    now much more compatible with Perl, in particular in cases where the result
+    is a non-match for a non-anchored pattern. For example, if
+    /b(*:m)f|a(*:n)w/ is matched against "abc", the non-match returns the name
+    "m", where previously it did not return a name. A side effect of this
+    change is that for partial matches, the last encountered mark name is
+    returned, as for non matches. A number of tests that were previously not
+    Perl-compatible have been moved into the Perl-compatible test files. The
+    refactoring has had the pleasing side effect of removing one argument from
+    the match() function, thus reducing its stack requirements.
+
+19. If the /S+ option was used in pcretest to study a pattern using JIT,
+    subsequent uses of /S (without +) incorrectly behaved like /S+.
+
+21. Retrieve executable code size support for the JIT compiler and fixing
+    some warnings.
+
+22. A caseless match of a UTF-8 character whose other case uses fewer bytes did
+    not work when the shorter character appeared right at the end of the
+    subject string.
+
+23. Added some (int) casts to non-JIT modules to reduce warnings on 64-bit
+    systems.
+
+24. Added PCRE_INFO_JITSIZE to pass on the value from (21) above, and also
+    output it when the /M option is used in pcretest.
+
+25. The CheckMan script was not being included in the distribution. Also, added
+    an explicit "perl" to run Perl scripts from the PrepareRelease script
+    because this is reportedly needed in Windows.
+
+26. If study data was being save in a file and studying had not found a set of
+    "starts with" bytes for the pattern, the data written to the file (though
+    never used) was taken from uninitialized memory and so caused valgrind to
+    complain.
+
+27. Updated RunTest.bat as provided by Sheri Pierce.
+
+28. Fixed a possible uninitialized memory bug in pcre_jit_compile.c.
+
+29. Computation of memory usage for the table of capturing group names was
+    giving an unnecessarily large value.
+
+
+Version 8.20 21-Oct-2011
+------------------------
+
+1.  Change 37 of 8.13 broke patterns like [:a]...[b:] because it thought it had
+    a POSIX class. After further experiments with Perl, which convinced me that
+    Perl has bugs and confusions, a closing square bracket is no longer allowed
+    in a POSIX name. This bug also affected patterns with classes that started
+    with full stops.
+
+2.  If a pattern such as /(a)b|ac/ is matched against "ac", there is no
+    captured substring, but while checking the failing first alternative,
+    substring 1 is temporarily captured. If the output vector supplied to
+    pcre_exec() was not big enough for this capture, the yield of the function
+    was still zero ("insufficient space for captured substrings"). This cannot
+    be totally fixed without adding another stack variable, which seems a lot
+    of expense for a edge case. However, I have improved the situation in cases
+    such as /(a)(b)x|abc/ matched against "abc", where the return code
+    indicates that fewer than the maximum number of slots in the ovector have
+    been set.
+
+3.  Related to (2) above: when there are more back references in a pattern than
+    slots in the output vector, pcre_exec() uses temporary memory during
+    matching, and copies in the captures as far as possible afterwards. It was
+    using the entire output vector, but this conflicts with the specification
+    that only 2/3 is used for passing back captured substrings. Now it uses
+    only the first 2/3, for compatibility. This is, of course, another edge
+    case.
+
+4.  Zoltan Herczeg's just-in-time compiler support has been integrated into the
+    main code base, and can be used by building with --enable-jit. When this is
+    done, pcregrep automatically uses it unless --disable-pcregrep-jit or the
+    runtime --no-jit option is given.
+
+5.  When the number of matches in a pcre_dfa_exec() run exactly filled the
+    ovector, the return from the function was zero, implying that there were
+    other matches that did not fit. The correct "exactly full" value is now
+    returned.
+
+6.  If a subpattern that was called recursively or as a subroutine contained
+    (*PRUNE) or any other control that caused it to give a non-standard return,
+    invalid errors such as "Error -26 (nested recursion at the same subject
+    position)" or even infinite loops could occur.
+
+7.  If a pattern such as /a(*SKIP)c|b(*ACCEPT)|/ was studied, it stopped
+    computing the minimum length on reaching *ACCEPT, and so ended up with the
+    wrong value of 1 rather than 0. Further investigation indicates that
+    computing a minimum subject length in the presence of *ACCEPT is difficult
+    (think back references, subroutine calls), and so I have changed the code
+    so that no minimum is registered for a pattern that contains *ACCEPT.
+
+8.  If (*THEN) was present in the first (true) branch of a conditional group,
+    it was not handled as intended. [But see 16 below.]
+
+9.  Replaced RunTest.bat and CMakeLists.txt with improved versions provided by
+    Sheri Pierce.
+
+10. A pathological pattern such as /(*ACCEPT)a/ was miscompiled, thinking that
+    the first byte in a match must be "a".
+
+11. Change 17 for 8.13 increased the recursion depth for patterns like
+    /a(?:.)*?a/ drastically. I've improved things by remembering whether a
+    pattern contains any instances of (*THEN). If it does not, the old
+    optimizations are restored. It would be nice to do this on a per-group
+    basis, but at the moment that is not feasible.
+
+12. In some environments, the output of pcretest -C is CRLF terminated. This
+    broke RunTest's code that checks for the link size. A single white space
+    character after the value is now allowed for.
+
+13. RunTest now checks for the "fr" locale as well as for "fr_FR" and "french".
+    For "fr", it uses the Windows-specific input and output files.
+
+14. If (*THEN) appeared in a group that was called recursively or as a
+    subroutine, it did not work as intended. [But see next item.]
+
+15. Consider the pattern /A (B(*THEN)C) | D/ where A, B, C, and D are complex
+    pattern fragments (but not containing any | characters). If A and B are
+    matched, but there is a failure in C so that it backtracks to (*THEN), PCRE
+    was behaving differently to Perl. PCRE backtracked into A, but Perl goes to
+    D. In other words, Perl considers parentheses that do not contain any |
+    characters to be part of a surrounding alternative, whereas PCRE was
+    treading (B(*THEN)C) the same as (B(*THEN)C|(*FAIL)) -- which Perl handles
+    differently. PCRE now behaves in the same way as Perl, except in the case
+    of subroutine/recursion calls such as (?1) which have in any case always
+    been different (but PCRE had them first :-).
+
+16. Related to 15 above: Perl does not treat the | in a conditional group as
+    creating alternatives. Such a group is treated in the same way as an
+    ordinary group without any | characters when processing (*THEN). PCRE has
+    been changed to match Perl's behaviour.
+
+17. If a user had set PCREGREP_COLO(U)R to something other than 1:31, the
+    RunGrepTest script failed.
+
+18. Change 22 for version 13 caused atomic groups to use more stack. This is
+    inevitable for groups that contain captures, but it can lead to a lot of
+    stack use in large patterns. The old behaviour has been restored for atomic
+    groups that do not contain any capturing parentheses.
+
+19. If the PCRE_NO_START_OPTIMIZE option was set for pcre_compile(), it did not
+    suppress the check for a minimum subject length at run time. (If it was
+    given to pcre_exec() or pcre_dfa_exec() it did work.)
+
+20. Fixed an ASCII-dependent infelicity in pcretest that would have made it
+    fail to work when decoding hex characters in data strings in EBCDIC
+    environments.
+
+21. It appears that in at least one Mac OS environment, the isxdigit() function
+    is implemented as a macro that evaluates to its argument more than once,
+    contravening the C 90 Standard (I haven't checked a later standard). There
+    was an instance in pcretest which caused it to go wrong when processing
+    \x{...} escapes in subject strings. The has been rewritten to avoid using
+    things like p++ in the argument of isxdigit().
+
+
+Version 8.13 16-Aug-2011
+------------------------
+
+1.  The Unicode data tables have been updated to Unicode 6.0.0.
+
+2.  Two minor typos in pcre_internal.h have been fixed.
+
+3.  Added #include <string.h> to pcre_scanner_unittest.cc, pcrecpp.cc, and
+    pcrecpp_unittest.cc. They are needed for strcmp(), memset(), and strchr()
+    in some environments (e.g. Solaris 10/SPARC using Sun Studio 12U2).
+
+4.  There were a number of related bugs in the code for matching backrefences
+    caselessly in UTF-8 mode when codes for the characters concerned were
+    different numbers of bytes. For example, U+023A and U+2C65 are an upper
+    and lower case pair, using 2 and 3 bytes, respectively. The main bugs were:
+    (a) A reference to 3 copies of a 2-byte code matched only 2 of a 3-byte
+    code. (b) A reference to 2 copies of a 3-byte code would not match 2 of a
+    2-byte code at the end of the subject (it thought there wasn't enough data
+    left).
+
+5.  Comprehensive information about what went wrong is now returned by
+    pcre_exec() and pcre_dfa_exec() when the UTF-8 string check fails, as long
+    as the output vector has at least 2 elements. The offset of the start of
+    the failing character and a reason code are placed in the vector.
+
+6.  When the UTF-8 string check fails for pcre_compile(), the offset that is
+    now returned is for the first byte of the failing character, instead of the
+    last byte inspected. This is an incompatible change, but I hope it is small
+    enough not to be a problem. It makes the returned offset consistent with
+    pcre_exec() and pcre_dfa_exec().
+
+7.  pcretest now gives a text phrase as well as the error number when
+    pcre_exec() or pcre_dfa_exec() fails; if the error is a UTF-8 check
+    failure, the offset and reason code are output.
+
+8.  When \R was used with a maximizing quantifier it failed to skip backwards
+    over a \r\n pair if the subsequent match failed. Instead, it just skipped
+    back over a single character (\n). This seems wrong (because it treated the
+    two characters as a single entity when going forwards), conflicts with the
+    documentation that \R is equivalent to (?>\r\n|\n|...etc), and makes the
+    behaviour of \R* different to (\R)*, which also seems wrong. The behaviour
+    has been changed.
+
+9.  Some internal refactoring has changed the processing so that the handling
+    of the PCRE_CASELESS and PCRE_MULTILINE options is done entirely at compile
+    time (the PCRE_DOTALL option was changed this way some time ago: version
+    7.7 change 16). This has made it possible to abolish the OP_OPT op code,
+    which was always a bit of a fudge. It also means that there is one less
+    argument for the match() function, which reduces its stack requirements
+    slightly. This change also fixes an incompatibility with Perl: the pattern
+    (?i:([^b]))(?1) should not match "ab", but previously PCRE gave a match.
+
+10. More internal refactoring has drastically reduced the number of recursive
+    calls to match() for possessively repeated groups such as (abc)++ when
+    using pcre_exec().
+
+11. While implementing 10, a number of bugs in the handling of groups were
+    discovered and fixed:
+
+    (?<=(a)+) was not diagnosed as invalid (non-fixed-length lookbehind).
+    (a|)*(?1) gave a compile-time internal error.
+    ((a|)+)+  did not notice that the outer group could match an empty string.
+    (^a|^)+   was not marked as anchored.
+    (.*a|.*)+ was not marked as matching at start or after a newline.
+
+12. Yet more internal refactoring has removed another argument from the match()
+    function. Special calls to this function are now indicated by setting a
+    value in a variable in the "match data" data block.
+
+13. Be more explicit in pcre_study() instead of relying on "default" for
+    opcodes that mean there is no starting character; this means that when new
+    ones are added and accidentally left out of pcre_study(), testing should
+    pick them up.
+
+14. The -s option of pcretest has been documented for ages as being an old
+    synonym of -m (show memory usage). I have changed it to mean "force study
+    for every regex", that is, assume /S for every regex. This is similar to -i
+    and -d etc. It's slightly incompatible, but I'm hoping nobody is still
+    using it. It makes it easier to run collections of tests with and without
+    study enabled, and thereby test pcre_study() more easily. All the standard
+    tests are now run with and without -s (but some patterns can be marked as
+    "never study" - see 20 below).
+
+15. When (*ACCEPT) was used in a subpattern that was called recursively, the
+    restoration of the capturing data to the outer values was not happening
+    correctly.
+
+16. If a recursively called subpattern ended with (*ACCEPT) and matched an
+    empty string, and PCRE_NOTEMPTY was set, pcre_exec() thought the whole
+    pattern had matched an empty string, and so incorrectly returned a no
+    match.
+
+17. There was optimizing code for the last branch of non-capturing parentheses,
+    and also for the obeyed branch of a conditional subexpression, which used
+    tail recursion to cut down on stack usage. Unfortunately, now that there is
+    the possibility of (*THEN) occurring in these branches, tail recursion is
+    no longer possible because the return has to be checked for (*THEN). These
+    two optimizations have therefore been removed. [But see 8.20/11 above.]
+
+18. If a pattern containing \R was studied, it was assumed that \R always
+    matched two bytes, thus causing the minimum subject length to be
+    incorrectly computed because \R can also match just one byte.
+
+19. If a pattern containing (*ACCEPT) was studied, the minimum subject length
+    was incorrectly computed.
+
+20. If /S is present twice on a test pattern in pcretest input, it now
+    *disables* studying, thereby overriding the use of -s on the command line
+    (see 14 above). This is necessary for one or two tests to keep the output
+    identical in both cases.
+
+21. When (*ACCEPT) was used in an assertion that matched an empty string and
+    PCRE_NOTEMPTY was set, PCRE applied the non-empty test to the assertion.
+
+22. When an atomic group that contained a capturing parenthesis was
+    successfully matched, but the branch in which it appeared failed, the
+    capturing was not being forgotten if a higher numbered group was later
+    captured. For example, /(?>(a))b|(a)c/ when matching "ac" set capturing
+    group 1 to "a", when in fact it should be unset. This applied to multi-
+    branched capturing and non-capturing groups, repeated or not, and also to
+    positive assertions (capturing in negative assertions does not happen
+    in PCRE) and also to nested atomic groups.
+
+23. Add the ++ qualifier feature to pcretest, to show the remainder of the
+    subject after a captured substring, to make it easier to tell which of a
+    number of identical substrings has been captured.
+
+24. The way atomic groups are processed by pcre_exec() has been changed so that
+    if they are repeated, backtracking one repetition now resets captured
+    values correctly. For example, if ((?>(a+)b)+aabab) is matched against
+    "aaaabaaabaabab" the value of captured group 2 is now correctly recorded as
+    "aaa". Previously, it would have been "a". As part of this code
+    refactoring, the way recursive calls are handled has also been changed.
+
+25. If an assertion condition captured any substrings, they were not passed
+    back unless some other capturing happened later. For example, if
+    (?(?=(a))a) was matched against "a", no capturing was returned.
+
+26. When studying a pattern that contained subroutine calls or assertions,
+    the code for finding the minimum length of a possible match was handling
+    direct recursions such as (xxx(?1)|yyy) but not mutual recursions (where
+    group 1 called group 2 while simultaneously a separate group 2 called group
+    1). A stack overflow occurred in this case. I have fixed this by limiting
+    the recursion depth to 10.
+
+27. Updated RunTest.bat in the distribution to the version supplied by Tom
+    Fortmann. This supports explicit test numbers on the command line, and has
+    argument validation and error reporting.
+
+28. An instance of \X with an unlimited repeat could fail if at any point the
+    first character it looked at was a mark character.
+
+29. Some minor code refactoring concerning Unicode properties and scripts
+    should reduce the stack requirement of match() slightly.
+
+30. Added the '=' option to pcretest to check the setting of unused capturing
+    slots at the end of the pattern, which are documented as being -1, but are
+    not included in the return count.
+
+31. If \k was not followed by a braced, angle-bracketed, or quoted name, PCRE
+    compiled something random. Now it gives a compile-time error (as does
+    Perl).
+
+32. A *MARK encountered during the processing of a positive assertion is now
+    recorded and passed back (compatible with Perl).
+
+33. If --only-matching or --colour was set on a pcregrep call whose pattern
+    had alternative anchored branches, the search for a second match in a line
+    was done as if at the line start. Thus, for example, /^01|^02/ incorrectly
+    matched the line "0102" twice. The same bug affected patterns that started
+    with a backwards assertion. For example /\b01|\b02/ also matched "0102"
+    twice.
+
+34. Previously, PCRE did not allow quantification of assertions. However, Perl
+    does, and because of capturing effects, quantifying parenthesized
+    assertions may at times be useful. Quantifiers are now allowed for
+    parenthesized assertions.
+
+35. A minor code tidy in pcre_compile() when checking options for \R usage.
+
+36. \g was being checked for fancy things in a character class, when it should
+    just be a literal "g".
+
+37. PCRE was rejecting [:a[:digit:]] whereas Perl was not. It seems that the
+    appearance of a nested POSIX class supersedes an apparent external class.
+    For example, [:a[:digit:]b:] matches "a", "b", ":", or a digit. Also,
+    unescaped square brackets may also appear as part of class names. For
+    example, [:a[:abc]b:] gives unknown class "[:abc]b:]". PCRE now behaves
+    more like Perl. (But see 8.20/1 above.)
+
+38. PCRE was giving an error for \N with a braced quantifier such as {1,} (this
+    was because it thought it was \N{name}, which is not supported).
+
+39. Add minix to OS list not supporting the -S option in pcretest.
+
+40. PCRE tries to detect cases of infinite recursion at compile time, but it
+    cannot analyze patterns in sufficient detail to catch mutual recursions
+    such as ((?1))((?2)). There is now a runtime test that gives an error if a
+    subgroup is called recursively as a subpattern for a second time at the
+    same position in the subject string. In previous releases this might have
+    been caught by the recursion limit, or it might have run out of stack.
+
+41. A pattern such as /(?(R)a+|(?R)b)/ is quite safe, as the recursion can
+    happen only once. PCRE was, however incorrectly giving a compile time error
+    "recursive call could loop indefinitely" because it cannot analyze the
+    pattern in sufficient detail. The compile time test no longer happens when
+    PCRE is compiling a conditional subpattern, but actual runaway loops are
+    now caught at runtime (see 40 above).
+
+42. It seems that Perl allows any characters other than a closing parenthesis
+    to be part of the NAME in (*MARK:NAME) and other backtracking verbs. PCRE
+    has been changed to be the same.
+
+43. Updated configure.ac to put in more quoting round AC_LANG_PROGRAM etc. so
+    as not to get warnings when autogen.sh is called. Also changed
+    AC_PROG_LIBTOOL (deprecated) to LT_INIT (the current macro).
+
+44. To help people who use pcregrep to scan files containing exceedingly long
+    lines, the following changes have been made:
+
+    (a) The default value of the buffer size parameter has been increased from
+        8K to 20K. (The actual buffer used is three times this size.)
+
+    (b) The default can be changed by ./configure --with-pcregrep-bufsize when
+        PCRE is built.
+
+    (c) A --buffer-size=n option has been added to pcregrep, to allow the size
+        to be set at run time.
+
+    (d) Numerical values in pcregrep options can be followed by K or M, for
+        example --buffer-size=50K.
+
+    (e) If a line being scanned overflows pcregrep's buffer, an error is now
+        given and the return code is set to 2.
+
+45. Add a pointer to the latest mark to the callout data block.
+
+46. The pattern /.(*F)/, when applied to "abc" with PCRE_PARTIAL_HARD, gave a
+    partial match of an empty string instead of no match. This was specific to
+    the use of ".".
+
+47. The pattern /f.*/8s, when applied to "for" with PCRE_PARTIAL_HARD, gave a
+    complete match instead of a partial match. This bug was dependent on both
+    the PCRE_UTF8 and PCRE_DOTALL options being set.
+
+48. For a pattern such as /\babc|\bdef/ pcre_study() was failing to set up the
+    starting byte set, because \b was not being ignored.
+
+
+Version 8.12 15-Jan-2011
+------------------------
+
+1.  Fixed some typos in the markup of the man pages, and wrote a script that
+    checks for such things as part of the documentation building process.
+
+2.  On a big-endian 64-bit system, pcregrep did not correctly process the
+    --match-limit and --recursion-limit options (added for 8.11). In
+    particular, this made one of the standard tests fail. (The integer value
+    went into the wrong half of a long int.)
+
+3.  If the --colour option was given to pcregrep with -v (invert match), it
+    did strange things, either producing crazy output, or crashing. It should,
+    of course, ignore a request for colour when reporting lines that do not
+    match.
+
+4.  Another pcregrep bug caused similar problems if --colour was specified with
+    -M (multiline) and the pattern match finished with a line ending.
+
+5.  In pcregrep, when a pattern that ended with a literal newline sequence was
+    matched in multiline mode, the following line was shown as part of the
+    match. This seems wrong, so I have changed it.
+
+6.  Another pcregrep bug in multiline mode, when --colour was specified, caused
+    the check for further matches in the same line (so they could be coloured)
+    to overrun the end of the current line. If another match was found, it was
+    incorrectly shown (and then shown again when found in the next line).
+
+7.  If pcregrep was compiled under Windows, there was a reference to the
+    function pcregrep_exit() before it was defined. I am assuming this was
+    the cause of the "error C2371: 'pcregrep_exit' : redefinition;" that was
+    reported by a user. I've moved the definition above the reference.
+
+
+Version 8.11 10-Dec-2010
+------------------------
+
+1.  (*THEN) was not working properly if there were untried alternatives prior
+    to it in the current branch. For example, in ((a|b)(*THEN)(*F)|c..) it
+    backtracked to try for "b" instead of moving to the next alternative branch
+    at the same level (in this case, to look for "c"). The Perl documentation
+    is clear that when (*THEN) is backtracked onto, it goes to the "next
+    alternative in the innermost enclosing group".
+
+2.  (*COMMIT) was not overriding (*THEN), as it does in Perl. In a pattern
+    such as   (A(*COMMIT)B(*THEN)C|D)  any failure after matching A should
+    result in overall failure. Similarly, (*COMMIT) now overrides (*PRUNE) and
+    (*SKIP), (*SKIP) overrides (*PRUNE) and (*THEN), and (*PRUNE) overrides
+    (*THEN).
+
+3.  If \s appeared in a character class, it removed the VT character from
+    the class, even if it had been included by some previous item, for example
+    in [\x00-\xff\s]. (This was a bug related to the fact that VT is not part
+    of \s, but is part of the POSIX "space" class.)
+
+4.  A partial match never returns an empty string (because you can always
+    match an empty string at the end of the subject); however the checking for
+    an empty string was starting at the "start of match" point. This has been
+    changed to the "earliest inspected character" point, because the returned
+    data for a partial match starts at this character. This means that, for
+    example, /(?<=abc)def/ gives a partial match for the subject "abc"
+    (previously it gave "no match").
+
+5.  Changes have been made to the way PCRE_PARTIAL_HARD affects the matching
+    of $, \z, \Z, \b, and \B. If the match point is at the end of the string,
+    previously a full match would be given. However, setting PCRE_PARTIAL_HARD
+    has an implication that the given string is incomplete (because a partial
+    match is preferred over a full match). For this reason, these items now
+    give a partial match in this situation. [Aside: previously, the one case
+    /t\b/ matched against "cat" with PCRE_PARTIAL_HARD set did return a partial
+    match rather than a full match, which was wrong by the old rules, but is
+    now correct.]
+
+6.  There was a bug in the handling of #-introduced comments, recognized when
+    PCRE_EXTENDED is set, when PCRE_NEWLINE_ANY and PCRE_UTF8 were also set.
+    If a UTF-8 multi-byte character included the byte 0x85 (e.g. +U0445, whose
+    UTF-8 encoding is 0xd1,0x85), this was misinterpreted as a newline when
+    scanning for the end of the comment. (*Character* 0x85 is an "any" newline,
+    but *byte* 0x85 is not, in UTF-8 mode). This bug was present in several
+    places in pcre_compile().
+
+7.  Related to (6) above, when pcre_compile() was skipping #-introduced
+    comments when looking ahead for named forward references to subpatterns,
+    the only newline sequence it recognized was NL. It now handles newlines
+    according to the set newline convention.
+
+8.  SunOS4 doesn't have strerror() or strtoul(); pcregrep dealt with the
+    former, but used strtoul(), whereas pcretest avoided strtoul() but did not
+    cater for a lack of strerror(). These oversights have been fixed.
+
+9.  Added --match-limit and --recursion-limit to pcregrep.
+
+10. Added two casts needed to build with Visual Studio when NO_RECURSE is set.
+
+11. When the -o option was used, pcregrep was setting a return code of 1, even
+    when matches were found, and --line-buffered was not being honoured.
+
+12. Added an optional parentheses number to the -o and --only-matching options
+    of pcregrep.
+
+13. Imitating Perl's /g action for multiple matches is tricky when the pattern
+    can match an empty string. The code to do it in pcretest and pcredemo
+    needed fixing:
+
+    (a) When the newline convention was "crlf", pcretest got it wrong, skipping
+        only one byte after an empty string match just before CRLF (this case
+        just got forgotten; "any" and "anycrlf" were OK).
+
+    (b) The pcretest code also had a bug, causing it to loop forever in UTF-8
+        mode when an empty string match preceded an ASCII character followed by
+        a non-ASCII character. (The code for advancing by one character rather
+        than one byte was nonsense.)
+
+    (c) The pcredemo.c sample program did not have any code at all to handle
+        the cases when CRLF is a valid newline sequence.
+
+14. Neither pcre_exec() nor pcre_dfa_exec() was checking that the value given
+    as a starting offset was within the subject string. There is now a new
+    error, PCRE_ERROR_BADOFFSET, which is returned if the starting offset is
+    negative or greater than the length of the string. In order to test this,
+    pcretest is extended to allow the setting of negative starting offsets.
+
+15. In both pcre_exec() and pcre_dfa_exec() the code for checking that the
+    starting offset points to the beginning of a UTF-8 character was
+    unnecessarily clumsy. I tidied it up.
+
+16. Added PCRE_ERROR_SHORTUTF8 to make it possible to distinguish between a
+    bad UTF-8 sequence and one that is incomplete when using PCRE_PARTIAL_HARD.
+
+17. Nobody had reported that the --include_dir option, which was added in
+    release 7.7 should have been called --include-dir (hyphen, not underscore)
+    for compatibility with GNU grep. I have changed it to --include-dir, but
+    left --include_dir as an undocumented synonym, and the same for
+    --exclude-dir, though that is not available in GNU grep, at least as of
+    release 2.5.4.
+
+18. At a user's suggestion, the macros GETCHAR and friends (which pick up UTF-8
+    characters from a string of bytes) have been redefined so as not to use
+    loops, in order to improve performance in some environments. At the same
+    time, I abstracted some of the common code into auxiliary macros to save
+    repetition (this should not affect the compiled code).
+
+19. If \c was followed by a multibyte UTF-8 character, bad things happened. A
+    compile-time error is now given if \c is not followed by an ASCII
+    character, that is, a byte less than 128. (In EBCDIC mode, the code is
+    different, and any byte value is allowed.)
+
+20. Recognize (*NO_START_OPT) at the start of a pattern to set the PCRE_NO_
+    START_OPTIMIZE option, which is now allowed at compile time - but just
+    passed through to pcre_exec() or pcre_dfa_exec(). This makes it available
+    to pcregrep and other applications that have no direct access to PCRE
+    options. The new /Y option in pcretest sets this option when calling
+    pcre_compile().
+
+21. Change 18 of release 8.01 broke the use of named subpatterns for recursive
+    back references. Groups containing recursive back references were forced to
+    be atomic by that change, but in the case of named groups, the amount of
+    memory required was incorrectly computed, leading to "Failed: internal
+    error: code overflow". This has been fixed.
+
+22. Some patches to pcre_stringpiece.h, pcre_stringpiece_unittest.cc, and
+    pcretest.c, to avoid build problems in some Borland environments.
+
+
+Version 8.10 25-Jun-2010
+------------------------
+
+1.  Added support for (*MARK:ARG) and for ARG additions to PRUNE, SKIP, and
+    THEN.
+
+2.  (*ACCEPT) was not working when inside an atomic group.
+
+3.  Inside a character class, \B is treated as a literal by default, but
+    faulted if PCRE_EXTRA is set. This mimics Perl's behaviour (the -w option
+    causes the error). The code is unchanged, but I tidied the documentation.
+
+4.  Inside a character class, PCRE always treated \R and \X as literals,
+    whereas Perl faults them if its -w option is set. I have changed PCRE so
+    that it faults them when PCRE_EXTRA is set.
+
+5.  Added support for \N, which always matches any character other than
+    newline. (It is the same as "." when PCRE_DOTALL is not set.)
+
+6.  When compiling pcregrep with newer versions of gcc which may have
+    FORTIFY_SOURCE set, several warnings "ignoring return value of 'fwrite',
+    declared with attribute warn_unused_result" were given. Just casting the
+    result to (void) does not stop the warnings; a more elaborate fudge is
+    needed. I've used a macro to implement this.
+
+7.  Minor change to pcretest.c to avoid a compiler warning.
+
+8.  Added four artifical Unicode properties to help with an option to make
+    \s etc use properties (see next item). The new properties are: Xan
+    (alphanumeric), Xsp (Perl space), Xps (POSIX space), and Xwd (word).
+
+9.  Added PCRE_UCP to make \b, \d, \s, \w, and certain POSIX character classes
+    use Unicode properties. (*UCP) at the start of a pattern can be used to set
+    this option. Modified pcretest to add /W to test this facility. Added
+    REG_UCP to make it available via the POSIX interface.
+
+10. Added --line-buffered to pcregrep.
+
+11. In UTF-8 mode, if a pattern that was compiled with PCRE_CASELESS was
+    studied, and the match started with a letter with a code point greater than
+    127 whose first byte was different to the first byte of the other case of
+    the letter, the other case of this starting letter was not recognized
+    (#976).
+
+12. If a pattern that was studied started with a repeated Unicode property
+    test, for example, \p{Nd}+, there was the theoretical possibility of
+    setting up an incorrect bitmap of starting bytes, but fortunately it could
+    not have actually happened in practice until change 8 above was made (it
+    added property types that matched character-matching opcodes).
+
+13. pcre_study() now recognizes \h, \v, and \R when constructing a bit map of
+    possible starting bytes for non-anchored patterns.
+
+14. Extended the "auto-possessify" feature of pcre_compile(). It now recognizes
+    \R, and also a number of cases that involve Unicode properties, both
+    explicit and implicit when PCRE_UCP is set.
+
+15. If a repeated Unicode property match (e.g. \p{Lu}*) was used with non-UTF-8
+    input, it could crash or give wrong results if characters with values
+    greater than 0xc0 were present in the subject string. (Detail: it assumed
+    UTF-8 input when processing these items.)
+
+16. Added a lot of (int) casts to avoid compiler warnings in systems where
+    size_t is 64-bit (#991).
+
+17. Added a check for running out of memory when PCRE is compiled with
+    --disable-stack-for-recursion (#990).
+
+18. If the last data line in a file for pcretest does not have a newline on
+    the end, a newline was missing in the output.
+
+19. The default pcre_chartables.c file recognizes only ASCII characters (values
+    less than 128) in its various bitmaps. However, there is a facility for
+    generating tables according to the current locale when PCRE is compiled. It
+    turns out that in some environments, 0x85 and 0xa0, which are Unicode space
+    characters, are recognized by isspace() and therefore were getting set in
+    these tables, and indeed these tables seem to approximate to ISO 8859. This
+    caused a problem in UTF-8 mode when pcre_study() was used to create a list
+    of bytes that can start a match. For \s, it was including 0x85 and 0xa0,
+    which of course cannot start UTF-8 characters. I have changed the code so
+    that only real ASCII characters (less than 128) and the correct starting
+    bytes for UTF-8 encodings are set for characters greater than 127 when in
+    UTF-8 mode. (When PCRE_UCP is set - see 9 above - the code is different
+    altogether.)
+
+20. Added the /T option to pcretest so as to be able to run tests with non-
+    standard character tables, thus making it possible to include the tests
+    used for 19 above in the standard set of tests.
+
+21. A pattern such as (?&t)(?#()(?(DEFINE)(?<t>a)) which has a forward
+    reference to a subpattern the other side of a comment that contains an
+    opening parenthesis caused either an internal compiling error, or a
+    reference to the wrong subpattern.
+
+
+Version 8.02 19-Mar-2010
+------------------------
+
+1.  The Unicode data tables have been updated to Unicode 5.2.0.
+
+2.  Added the option --libs-cpp to pcre-config, but only when C++ support is
+    configured.
+
+3.  Updated the licensing terms in the pcregexp.pas file, as agreed with the
+    original author of that file, following a query about its status.
+
+4.  On systems that do not have stdint.h (e.g. Solaris), check for and include
+    inttypes.h instead. This fixes a bug that was introduced by change 8.01/8.
+
+5.  A pattern such as (?&t)*+(?(DEFINE)(?<t>.)) which has a possessive
+    quantifier applied to a forward-referencing subroutine call, could compile
+    incorrect code or give the error "internal error: previously-checked
+    referenced subpattern not found".
+
+6.  Both MS Visual Studio and Symbian OS have problems with initializing
+    variables to point to external functions. For these systems, therefore,
+    pcre_malloc etc. are now initialized to local functions that call the
+    relevant global functions.
+
+7.  There were two entries missing in the vectors called coptable and poptable
+    in pcre_dfa_exec.c. This could lead to memory accesses outsize the vectors.
+    I've fixed the data, and added a kludgy way of testing at compile time that
+    the lengths are correct (equal to the number of opcodes).
+
+8.  Following on from 7, I added a similar kludge to check the length of the
+    eint vector in pcreposix.c.
+
+9.  Error texts for pcre_compile() are held as one long string to avoid too
+    much relocation at load time. To find a text, the string is searched,
+    counting zeros. There was no check for running off the end of the string,
+    which could happen if a new error number was added without updating the
+    string.
+
+10. \K gave a compile-time error if it appeared in a lookbehind assersion.
+
+11. \K was not working if it appeared in an atomic group or in a group that
+    was called as a "subroutine", or in an assertion. Perl 5.11 documents that
+    \K is "not well defined" if used in an assertion. PCRE now accepts it if
+    the assertion is positive, but not if it is negative.
+
+12. Change 11 fortuitously reduced the size of the stack frame used in the
+    "match()" function of pcre_exec.c by one pointer. Forthcoming
+    implementation of support for (*MARK) will need an extra pointer on the
+    stack; I have reserved it now, so that the stack frame size does not
+    decrease.
+
+13. A pattern such as (?P<L1>(?P<L2>0)|(?P>L2)(?P>L1)) in which the only other
+    item in branch that calls a recursion is a subroutine call - as in the
+    second branch in the above example - was incorrectly given the compile-
+    time error "recursive call could loop indefinitely" because pcre_compile()
+    was not correctly checking the subroutine for matching a non-empty string.
+
+14. The checks for overrunning compiling workspace could trigger after an
+    overrun had occurred. This is a "should never occur" error, but it can be
+    triggered by pathological patterns such as hundreds of nested parentheses.
+    The checks now trigger 100 bytes before the end of the workspace.
+
+15. Fix typo in configure.ac: "srtoq" should be "strtoq".
+
+
+Version 8.01 19-Jan-2010
+------------------------
+
+1.  If a pattern contained a conditional subpattern with only one branch (in
+    particular, this includes all (*DEFINE) patterns), a call to pcre_study()
+    computed the wrong minimum data length (which is of course zero for such
+    subpatterns). This could cause incorrect "no match" results.
+
+2.  For patterns such as (?i)a(?-i)b|c where an option setting at the start of
+    the pattern is reset in the first branch, pcre_compile() failed with
+    "internal error: code overflow at offset...". This happened only when
+    the reset was to the original external option setting. (An optimization
+    abstracts leading options settings into an external setting, which was the
+    cause of this.)
+
+3.  A pattern such as ^(?!a(*SKIP)b) where a negative assertion contained one
+    of the verbs SKIP, PRUNE, or COMMIT, did not work correctly. When the
+    assertion pattern did not match (meaning that the assertion was true), it
+    was incorrectly treated as false if the SKIP had been reached during the
+    matching. This also applied to assertions used as conditions.
+
+4.  If an item that is not supported by pcre_dfa_exec() was encountered in an
+    assertion subpattern, including such a pattern used as a condition,
+    unpredictable results occurred, instead of the error return
+    PCRE_ERROR_DFA_UITEM.
+
+5.  The C++ GlobalReplace function was not working like Perl for the special
+    situation when an empty string is matched. It now does the fancy magic
+    stuff that is necessary.
+
+6.  In pcre_internal.h, obsolete includes to setjmp.h and stdarg.h have been
+    removed. (These were left over from very, very early versions of PCRE.)
+
+7.  Some cosmetic changes to the code to make life easier when compiling it
+    as part of something else:
+
+    (a) Change DEBUG to PCRE_DEBUG.
+
+    (b) In pcre_compile(), rename the member of the "branch_chain" structure
+        called "current" as "current_branch", to prevent a collision with the
+        Linux macro when compiled as a kernel module.
+
+    (c) In pcre_study(), rename the function set_bit() as set_table_bit(), to
+        prevent a collision with the Linux macro when compiled as a kernel
+        module.
+
+8.  In pcre_compile() there are some checks for integer overflows that used to
+    cast potentially large values to (double). This has been changed to that
+    when building, a check for int64_t is made, and if it is found, it is used
+    instead, thus avoiding the use of floating point arithmetic. (There is no
+    other use of FP in PCRE.) If int64_t is not found, the fallback is to
+    double.
+
+9.  Added two casts to avoid signed/unsigned warnings from VS Studio Express
+    2005 (difference between two addresses compared to an unsigned value).
+
+10. Change the standard AC_CHECK_LIB test for libbz2 in configure.ac to a
+    custom one, because of the following reported problem in Windows:
+
+      - libbz2 uses the Pascal calling convention (WINAPI) for the functions
+          under Win32.
+      - The standard autoconf AC_CHECK_LIB fails to include "bzlib.h",
+          therefore missing the function definition.
+      - The compiler thus generates a "C" signature for the test function.
+      - The linker fails to find the "C" function.
+      - PCRE fails to configure if asked to do so against libbz2.
+
+11. When running libtoolize from libtool-2.2.6b as part of autogen.sh, these
+    messages were output:
+
+      Consider adding `AC_CONFIG_MACRO_DIR([m4])' to configure.ac and
+      rerunning libtoolize, to keep the correct libtool macros in-tree.
+      Consider adding `-I m4' to ACLOCAL_AMFLAGS in Makefile.am.
+
+    I have done both of these things.
+
+12. Although pcre_dfa_exec() does not use nearly as much stack as pcre_exec()
+    most of the time, it *can* run out if it is given a pattern that contains a
+    runaway infinite recursion. I updated the discussion in the pcrestack man
+    page.
+
+13. Now that we have gone to the x.xx style of version numbers, the minor
+    version may start with zero. Using 08 or 09 is a bad idea because users
+    might check the value of PCRE_MINOR in their code, and 08 or 09 may be
+    interpreted as invalid octal numbers. I've updated the previous comment in
+    configure.ac, and also added a check that gives an error if 08 or 09 are
+    used.
+
+14. Change 8.00/11 was not quite complete: code had been accidentally omitted,
+    causing partial matching to fail when the end of the subject matched \W
+    in a UTF-8 pattern where \W was quantified with a minimum of 3.
+
+15. There were some discrepancies between the declarations in pcre_internal.h
+    of _pcre_is_newline(), _pcre_was_newline(), and _pcre_valid_utf8() and
+    their definitions. The declarations used "const uschar *" and the
+    definitions used USPTR. Even though USPTR is normally defined as "const
+    unsigned char *" (and uschar is typedeffed as "unsigned char"), it was
+    reported that: "This difference in casting confuses some C++ compilers, for
+    example, SunCC recognizes above declarations as different functions and
+    generates broken code for hbpcre." I have changed the declarations to use
+    USPTR.
+
+16. GNU libtool is named differently on some systems. The autogen.sh script now
+    tries several variants such as glibtoolize (MacOSX) and libtoolize1x
+    (FreeBSD).
+
+17. Applied Craig's patch that fixes an HP aCC compile error in pcre 8.00
+    (strtoXX undefined when compiling pcrecpp.cc). The patch contains this
+    comment: "Figure out how to create a longlong from a string: strtoll and
+    equivalent. It's not enough to call AC_CHECK_FUNCS: hpux has a strtoll, for
+    instance, but it only takes 2 args instead of 3!"
+
+18. A subtle bug concerned with back references has been fixed by a change of
+    specification, with a corresponding code fix. A pattern such as
+    ^(xa|=?\1a)+$ which contains a back reference inside the group to which it
+    refers, was giving matches when it shouldn't. For example, xa=xaaa would
+    match that pattern. Interestingly, Perl (at least up to 5.11.3) has the
+    same bug. Such groups have to be quantified to be useful, or contained
+    inside another quantified group. (If there's no repetition, the reference
+    can never match.) The problem arises because, having left the group and
+    moved on to the rest of the pattern, a later failure that backtracks into
+    the group uses the captured value from the final iteration of the group
+    rather than the correct earlier one. I have fixed this in PCRE by forcing
+    any group that contains a reference to itself to be an atomic group; that
+    is, there cannot be any backtracking into it once it has completed. This is
+    similar to recursive and subroutine calls.
+
+
+Version 8.00 19-Oct-09
+----------------------
+
+1.  The table for translating pcre_compile() error codes into POSIX error codes
+    was out-of-date, and there was no check on the pcre_compile() error code
+    being within the table. This could lead to an OK return being given in
+    error.
+
+2.  Changed the call to open a subject file in pcregrep from fopen(pathname,
+    "r") to fopen(pathname, "rb"), which fixed a problem with some of the tests
+    in a Windows environment.
+
+3.  The pcregrep --count option prints the count for each file even when it is
+    zero, as does GNU grep. However, pcregrep was also printing all files when
+    --files-with-matches was added. Now, when both options are given, it prints
+    counts only for those files that have at least one match. (GNU grep just
+    prints the file name in this circumstance, but including the count seems
+    more useful - otherwise, why use --count?) Also ensured that the
+    combination -clh just lists non-zero counts, with no names.
+
+4.  The long form of the pcregrep -F option was incorrectly implemented as
+    --fixed_strings instead of --fixed-strings. This is an incompatible change,
+    but it seems right to fix it, and I didn't think it was worth preserving
+    the old behaviour.
+
+5.  The command line items --regex=pattern and --regexp=pattern were not
+    recognized by pcregrep, which required --regex pattern or --regexp pattern
+    (with a space rather than an '='). The man page documented the '=' forms,
+    which are compatible with GNU grep; these now work.
+
+6.  No libpcreposix.pc file was created for pkg-config; there was just
+    libpcre.pc and libpcrecpp.pc. The omission has been rectified.
+
+7.  Added #ifndef SUPPORT_UCP into the pcre_ucd.c module, to reduce its size
+    when UCP support is not needed, by modifying the Python script that
+    generates it from Unicode data files. This should not matter if the module
+    is correctly used as a library, but I received one complaint about 50K of
+    unwanted data. My guess is that the person linked everything into his
+    program rather than using a library. Anyway, it does no harm.
+
+8.  A pattern such as /\x{123}{2,2}+/8 was incorrectly compiled; the trigger
+    was a minimum greater than 1 for a wide character in a possessive
+    repetition. The same bug could also affect patterns like /(\x{ff}{0,2})*/8
+    which had an unlimited repeat of a nested, fixed maximum repeat of a wide
+    character. Chaos in the form of incorrect output or a compiling loop could
+    result.
+
+9.  The restrictions on what a pattern can contain when partial matching is
+    requested for pcre_exec() have been removed. All patterns can now be
+    partially matched by this function. In addition, if there are at least two
+    slots in the offset vector, the offset of the earliest inspected character
+    for the match and the offset of the end of the subject are set in them when
+    PCRE_ERROR_PARTIAL is returned.
+
+10. Partial matching has been split into two forms: PCRE_PARTIAL_SOFT, which is
+    synonymous with PCRE_PARTIAL, for backwards compatibility, and
+    PCRE_PARTIAL_HARD, which causes a partial match to supersede a full match,
+    and may be more useful for multi-segment matching.
+
+11. Partial matching with pcre_exec() is now more intuitive. A partial match
+    used to be given if ever the end of the subject was reached; now it is
+    given only if matching could not proceed because another character was
+    needed. This makes a difference in some odd cases such as Z(*FAIL) with the
+    string "Z", which now yields "no match" instead of "partial match". In the
+    case of pcre_dfa_exec(), "no match" is given if every matching path for the
+    final character ended with (*FAIL).
+
+12. Restarting a match using pcre_dfa_exec() after a partial match did not work
+    if the pattern had a "must contain" character that was already found in the
+    earlier partial match, unless partial matching was again requested. For
+    example, with the pattern /dog.(body)?/, the "must contain" character is
+    "g". If the first part-match was for the string "dog", restarting with
+    "sbody" failed. This bug has been fixed.
+
+13. The string returned by pcre_dfa_exec() after a partial match has been
+    changed so that it starts at the first inspected character rather than the
+    first character of the match. This makes a difference only if the pattern
+    starts with a lookbehind assertion or \b or \B (\K is not supported by
+    pcre_dfa_exec()). It's an incompatible change, but it makes the two
+    matching functions compatible, and I think it's the right thing to do.
+
+14. Added a pcredemo man page, created automatically from the pcredemo.c file,
+    so that the demonstration program is easily available in environments where
+    PCRE has not been installed from source.
+
+15. Arranged to add -DPCRE_STATIC to cflags in libpcre.pc, libpcreposix.cp,
+    libpcrecpp.pc and pcre-config when PCRE is not compiled as a shared
+    library.
+
+16. Added REG_UNGREEDY to the pcreposix interface, at the request of a user.
+    It maps to PCRE_UNGREEDY. It is not, of course, POSIX-compatible, but it
+    is not the first non-POSIX option to be added. Clearly some people find
+    these options useful.
+
+17. If a caller to the POSIX matching function regexec() passes a non-zero
+    value for nmatch with a NULL value for pmatch, the value of
+    nmatch is forced to zero.
+
+18. RunGrepTest did not have a test for the availability of the -u option of
+    the diff command, as RunTest does. It now checks in the same way as
+    RunTest, and also checks for the -b option.
+
+19. If an odd number of negated classes containing just a single character
+    interposed, within parentheses, between a forward reference to a named
+    subpattern and the definition of the subpattern, compilation crashed with
+    an internal error, complaining that it could not find the referenced
+    subpattern. An example of a crashing pattern is /(?&A)(([^m])(?<A>))/.
+    [The bug was that it was starting one character too far in when skipping
+    over the character class, thus treating the ] as data rather than
+    terminating the class. This meant it could skip too much.]
+
+20. Added PCRE_NOTEMPTY_ATSTART in order to be able to correctly implement the
+    /g option in pcretest when the pattern contains \K, which makes it possible
+    to have an empty string match not at the start, even when the pattern is
+    anchored. Updated pcretest and pcredemo to use this option.
+
+21. If the maximum number of capturing subpatterns in a recursion was greater
+    than the maximum at the outer level, the higher number was returned, but
+    with unset values at the outer level. The correct (outer level) value is
+    now given.
+
+22. If (*ACCEPT) appeared inside capturing parentheses, previous releases of
+    PCRE did not set those parentheses (unlike Perl). I have now found a way to
+    make it do so. The string so far is captured, making this feature
+    compatible with Perl.
+
+23. The tests have been re-organized, adding tests 11 and 12, to make it
+    possible to check the Perl 5.10 features against Perl 5.10.
+
+24. Perl 5.10 allows subroutine calls in lookbehinds, as long as the subroutine
+    pattern matches a fixed length string. PCRE did not allow this; now it
+    does. Neither allows recursion.
+
+25. I finally figured out how to implement a request to provide the minimum
+    length of subject string that was needed in order to match a given pattern.
+    (It was back references and recursion that I had previously got hung up
+    on.) This code has now been added to pcre_study(); it finds a lower bound
+    to the length of subject needed. It is not necessarily the greatest lower
+    bound, but using it to avoid searching strings that are too short does give
+    some useful speed-ups. The value is available to calling programs via
+    pcre_fullinfo().
+
+26. While implementing 25, I discovered to my embarrassment that pcretest had
+    not been passing the result of pcre_study() to pcre_dfa_exec(), so the
+    study optimizations had never been tested with that matching function.
+    Oops. What is worse, even when it was passed study data, there was a bug in
+    pcre_dfa_exec() that meant it never actually used it. Double oops. There
+    were also very few tests of studied patterns with pcre_dfa_exec().
+
+27. If (?| is used to create subpatterns with duplicate numbers, they are now
+    allowed to have the same name, even if PCRE_DUPNAMES is not set. However,
+    on the other side of the coin, they are no longer allowed to have different
+    names, because these cannot be distinguished in PCRE, and this has caused
+    confusion. (This is a difference from Perl.)
+
+28. When duplicate subpattern names are present (necessarily with different
+    numbers, as required by 27 above), and a test is made by name in a
+    conditional pattern, either for a subpattern having been matched, or for
+    recursion in such a pattern, all the associated numbered subpatterns are
+    tested, and the overall condition is true if the condition is true for any
+    one of them. This is the way Perl works, and is also more like the way
+    testing by number works.
+
+
+Version 7.9 11-Apr-09
+---------------------
+
+1.  When building with support for bzlib/zlib (pcregrep) and/or readline
+    (pcretest), all targets were linked against these libraries. This included
+    libpcre, libpcreposix, and libpcrecpp, even though they do not use these
+    libraries. This caused unwanted dependencies to be created. This problem
+    has been fixed, and now only pcregrep is linked with bzlib/zlib and only
+    pcretest is linked with readline.
+
+2.  The "typedef int BOOL" in pcre_internal.h that was included inside the
+    "#ifndef FALSE" condition by an earlier change (probably 7.8/18) has been
+    moved outside it again, because FALSE and TRUE are already defined in AIX,
+    but BOOL is not.
+
+3.  The pcre_config() function was treating the PCRE_MATCH_LIMIT and
+    PCRE_MATCH_LIMIT_RECURSION values as ints, when they should be long ints.
+
+4.  The pcregrep documentation said spaces were inserted as well as colons (or
+    hyphens) following file names and line numbers when outputting matching
+    lines. This is not true; no spaces are inserted. I have also clarified the
+    wording for the --colour (or --color) option.
+
+5.  In pcregrep, when --colour was used with -o, the list of matching strings
+    was not coloured; this is different to GNU grep, so I have changed it to be
+    the same.
+
+6.  When --colo(u)r was used in pcregrep, only the first matching substring in
+    each matching line was coloured. Now it goes on to look for further matches
+    of any of the test patterns, which is the same behaviour as GNU grep.
+
+7.  A pattern that could match an empty string could cause pcregrep to loop; it
+    doesn't make sense to accept an empty string match in pcregrep, so I have
+    locked it out (using PCRE's PCRE_NOTEMPTY option). By experiment, this
+    seems to be how GNU grep behaves. [But see later change 40 for release
+    8.33.]
+
+8.  The pattern (?(?=.*b)b|^) was incorrectly compiled as "match must be at
+    start or after a newline", because the conditional assertion was not being
+    correctly handled. The rule now is that both the assertion and what follows
+    in the first alternative must satisfy the test.
+
+9.  If auto-callout was enabled in a pattern with a conditional group whose
+    condition was an assertion, PCRE could crash during matching, both with
+    pcre_exec() and pcre_dfa_exec().
+
+10. The PCRE_DOLLAR_ENDONLY option was not working when pcre_dfa_exec() was
+    used for matching.
+
+11. Unicode property support in character classes was not working for
+    characters (bytes) greater than 127 when not in UTF-8 mode.
+
+12. Added the -M command line option to pcretest.
+
+14. Added the non-standard REG_NOTEMPTY option to the POSIX interface.
+
+15. Added the PCRE_NO_START_OPTIMIZE match-time option.
+
+16. Added comments and documentation about mis-use of no_arg in the C++
+    wrapper.
+
+17. Implemented support for UTF-8 encoding in EBCDIC environments, a patch
+    from Martin Jerabek that uses macro names for all relevant character and
+    string constants.
+
+18. Added to pcre_internal.h two configuration checks: (a) If both EBCDIC and
+    SUPPORT_UTF8 are set, give an error; (b) If SUPPORT_UCP is set without
+    SUPPORT_UTF8, define SUPPORT_UTF8. The "configure" script handles both of
+    these, but not everybody uses configure.
+
+19. A conditional group that had only one branch was not being correctly
+    recognized as an item that could match an empty string. This meant that an
+    enclosing group might also not be so recognized, causing infinite looping
+    (and probably a segfault) for patterns such as ^"((?(?=[a])[^"])|b)*"$
+    with the subject "ab", where knowledge that the repeated group can match
+    nothing is needed in order to break the loop.
+
+20. If a pattern that was compiled with callouts was matched using pcre_dfa_
+    exec(), but without supplying a callout function, matching went wrong.
+
+21. If PCRE_ERROR_MATCHLIMIT occurred during a recursion, there was a memory
+    leak if the size of the offset vector was greater than 30. When the vector
+    is smaller, the saved offsets during recursion go onto a local stack
+    vector, but for larger vectors malloc() is used. It was failing to free
+    when the recursion yielded PCRE_ERROR_MATCH_LIMIT (or any other "abnormal"
+    error, in fact).
+
+22. There was a missing #ifdef SUPPORT_UTF8 round one of the variables in the
+    heapframe that is used only when UTF-8 support is enabled. This caused no
+    problem, but was untidy.
+
+23. Steven Van Ingelgem's patch to CMakeLists.txt to change the name
+    CMAKE_BINARY_DIR to PROJECT_BINARY_DIR so that it works when PCRE is
+    included within another project.
+
+24. Steven Van Ingelgem's patches to add more options to the CMake support,
+    slightly modified by me:
+
+      (a) PCRE_BUILD_TESTS can be set OFF not to build the tests, including
+          not building pcregrep.
+
+      (b) PCRE_BUILD_PCREGREP can be see OFF not to build pcregrep, but only
+          if PCRE_BUILD_TESTS is also set OFF, because the tests use pcregrep.
+
+25. Forward references, both numeric and by name, in patterns that made use of
+    duplicate group numbers, could behave incorrectly or give incorrect errors,
+    because when scanning forward to find the reference group, PCRE was not
+    taking into account the duplicate group numbers. A pattern such as
+    ^X(?3)(a)(?|(b)|(q))(Y) is an example.
+
+26. Changed a few more instances of "const unsigned char *" to USPTR, making
+    the feature of a custom pointer more persuasive (as requested by a user).
+
+27. Wrapped the definitions of fileno and isatty for Windows, which appear in
+    pcretest.c, inside #ifndefs, because it seems they are sometimes already
+    pre-defined.
+
+28. Added support for (*UTF8) at the start of a pattern.
+
+29. Arrange for flags added by the "release type" setting in CMake to be shown
+    in the configuration summary.
+
+
+Version 7.8 05-Sep-08
+---------------------
+
+1.  Replaced UCP searching code with optimized version as implemented for Ad
+    Muncher (http://www.admuncher.com/) by Peter Kankowski. This uses a two-
+    stage table and inline lookup instead of a function, giving speed ups of 2
+    to 5 times on some simple patterns that I tested. Permission was given to
+    distribute the MultiStage2.py script that generates the tables (it's not in
+    the tarball, but is in the Subversion repository).
+
+2.  Updated the Unicode datatables to Unicode 5.1.0. This adds yet more
+    scripts.
+
+3.  Change 12 for 7.7 introduced a bug in pcre_study() when a pattern contained
+    a group with a zero qualifier. The result of the study could be incorrect,
+    or the function might crash, depending on the pattern.
+
+4.  Caseless matching was not working for non-ASCII characters in back
+    references. For example, /(\x{de})\1/8i was not matching \x{de}\x{fe}.
+    It now works when Unicode Property Support is available.
+
+5.  In pcretest, an escape such as \x{de} in the data was always generating
+    a UTF-8 string, even in non-UTF-8 mode. Now it generates a single byte in
+    non-UTF-8 mode. If the value is greater than 255, it gives a warning about
+    truncation.
+
+6.  Minor bugfix in pcrecpp.cc (change "" == ... to NULL == ...).
+
+7.  Added two (int) casts to pcregrep when printing the difference of two
+    pointers, in case they are 64-bit values.
+
+8.  Added comments about Mac OS X stack usage to the pcrestack man page and to
+    test 2 if it fails.
+
+9.  Added PCRE_CALL_CONVENTION just before the names of all exported functions,
+    and a #define of that name to empty if it is not externally set. This is to
+    allow users of MSVC to set it if necessary.
+
+10. The PCRE_EXP_DEFN macro which precedes exported functions was missing from
+    the convenience functions in the pcre_get.c source file.
+
+11. An option change at the start of a pattern that had top-level alternatives
+    could cause overwriting and/or a crash. This command provoked a crash in
+    some environments:
+
+      printf "/(?i)[\xc3\xa9\xc3\xbd]|[\xc3\xa9\xc3\xbdA]/8\n" | pcretest
+
+    This potential security problem was recorded as CVE-2008-2371.
+
+12. For a pattern where the match had to start at the beginning or immediately
+    after a newline (e.g /.*anything/ without the DOTALL flag), pcre_exec() and
+    pcre_dfa_exec() could read past the end of the passed subject if there was
+    no match. To help with detecting such bugs (e.g. with valgrind), I modified
+    pcretest so that it places the subject at the end of its malloc-ed buffer.
+
+13. The change to pcretest in 12 above threw up a couple more cases when pcre_
+    exec() might read past the end of the data buffer in UTF-8 mode.
+
+14. A similar bug to 7.3/2 existed when the PCRE_FIRSTLINE option was set and
+    the data contained the byte 0x85 as part of a UTF-8 character within its
+    first line. This applied both to normal and DFA matching.
+
+15. Lazy qualifiers were not working in some cases in UTF-8 mode. For example,
+    /^[^d]*?$/8 failed to match "abc".
+
+16. Added a missing copyright notice to pcrecpp_internal.h.
+
+17. Make it more clear in the documentation that values returned from
+    pcre_exec() in ovector are byte offsets, not character counts.
+
+18. Tidied a few places to stop certain compilers from issuing warnings.
+
+19. Updated the Virtual Pascal + BCC files to compile the latest v7.7, as
+    supplied by Stefan Weber. I made a further small update for 7.8 because
+    there is a change of source arrangements: the pcre_searchfuncs.c module is
+    replaced by pcre_ucd.c.
+
+
+Version 7.7 07-May-08
+---------------------
+
+1.  Applied Craig's patch to sort out a long long problem: "If we can't convert
+    a string to a long long, pretend we don't even have a long long." This is
+    done by checking for the strtoq, strtoll, and _strtoi64 functions.
+
+2.  Applied Craig's patch to pcrecpp.cc to restore ABI compatibility with
+    pre-7.6 versions, which defined a global no_arg variable instead of putting
+    it in the RE class. (See also #8 below.)
+
+3.  Remove a line of dead code, identified by coverity and reported by Nuno
+    Lopes.
+
+4.  Fixed two related pcregrep bugs involving -r with --include or --exclude:
+
+    (1) The include/exclude patterns were being applied to the whole pathnames
+        of files, instead of just to the final components.
+
+    (2) If there was more than one level of directory, the subdirectories were
+        skipped unless they satisfied the include/exclude conditions. This is
+        inconsistent with GNU grep (and could even be seen as contrary to the
+        pcregrep specification - which I improved to make it absolutely clear).
+        The action now is always to scan all levels of directory, and just
+        apply the include/exclude patterns to regular files.
+
+5.  Added the --include_dir and --exclude_dir patterns to pcregrep, and used
+    --exclude_dir in the tests to avoid scanning .svn directories.
+
+6.  Applied Craig's patch to the QuoteMeta function so that it escapes the
+    NUL character as backslash + 0 rather than backslash + NUL, because PCRE
+    doesn't support NULs in patterns.
+
+7.  Added some missing "const"s to declarations of static tables in
+    pcre_compile.c and pcre_dfa_exec.c.
+
+8.  Applied Craig's patch to pcrecpp.cc to fix a problem in OS X that was
+    caused by fix #2  above. (Subsequently also a second patch to fix the
+    first patch. And a third patch - this was a messy problem.)
+
+9.  Applied Craig's patch to remove the use of push_back().
+
+10. Applied Alan Lehotsky's patch to add REG_STARTEND support to the POSIX
+    matching function regexec().
+
+11. Added support for the Oniguruma syntax \g<name>, \g<n>, \g'name', \g'n',
+    which, however, unlike Perl's \g{...}, are subroutine calls, not back
+    references. PCRE supports relative numbers with this syntax (I don't think
+    Oniguruma does).
+
+12. Previously, a group with a zero repeat such as (...){0} was completely
+    omitted from the compiled regex. However, this means that if the group
+    was called as a subroutine from elsewhere in the pattern, things went wrong
+    (an internal error was given). Such groups are now left in the compiled
+    pattern, with a new opcode that causes them to be skipped at execution
+    time.
+
+13. Added the PCRE_JAVASCRIPT_COMPAT option. This makes the following changes
+    to the way PCRE behaves:
+
+    (a) A lone ] character is dis-allowed (Perl treats it as data).
+
+    (b) A back reference to an unmatched subpattern matches an empty string
+        (Perl fails the current match path).
+
+    (c) A data ] in a character class must be notated as \] because if the
+        first data character in a class is ], it defines an empty class. (In
+        Perl it is not possible to have an empty class.) The empty class []
+        never matches; it forces failure and is equivalent to (*FAIL) or (?!).
+        The negative empty class [^] matches any one character, independently
+        of the DOTALL setting.
+
+14. A pattern such as /(?2)[]a()b](abc)/ which had a forward reference to a
+    non-existent subpattern following a character class starting with ']' and
+    containing () gave an internal compiling error instead of "reference to
+    non-existent subpattern". Fortunately, when the pattern did exist, the
+    compiled code was correct. (When scanning forwards to check for the
+    existence of the subpattern, it was treating the data ']' as terminating
+    the class, so got the count wrong. When actually compiling, the reference
+    was subsequently set up correctly.)
+
+15. The "always fail" assertion (?!) is optimzed to (*FAIL) by pcre_compile;
+    it was being rejected as not supported by pcre_dfa_exec(), even though
+    other assertions are supported. I have made pcre_dfa_exec() support
+    (*FAIL).
+
+16. The implementation of 13c above involved the invention of a new opcode,
+    OP_ALLANY, which is like OP_ANY but doesn't check the /s flag. Since /s
+    cannot be changed at match time, I realized I could make a small
+    improvement to matching performance by compiling OP_ALLANY instead of
+    OP_ANY for "." when DOTALL was set, and then removing the runtime tests
+    on the OP_ANY path.
+
+17. Compiling pcretest on Windows with readline support failed without the
+    following two fixes: (1) Make the unistd.h include conditional on
+    HAVE_UNISTD_H; (2) #define isatty and fileno as _isatty and _fileno.
+
+18. Changed CMakeLists.txt and cmake/FindReadline.cmake to arrange for the
+    ncurses library to be included for pcretest when ReadLine support is
+    requested, but also to allow for it to be overridden. This patch came from
+    Daniel Bergstr�m.
+
+19. There was a typo in the file ucpinternal.h where f0_rangeflag was defined
+    as 0x00f00000 instead of 0x00800000. Luckily, this would not have caused
+    any errors with the current Unicode tables. Thanks to Peter Kankowski for
+    spotting this.
+
+
+Version 7.6 28-Jan-08
+---------------------
+
+1.  A character class containing a very large number of characters with
+    codepoints greater than 255 (in UTF-8 mode, of course) caused a buffer
+    overflow.
+
+2.  Patch to cut out the "long long" test in pcrecpp_unittest when
+    HAVE_LONG_LONG is not defined.
+
+3.  Applied Christian Ehrlicher's patch to update the CMake build files to
+    bring them up to date and include new features. This patch includes:
+
+    - Fixed PH's badly added libz and libbz2 support.
+    - Fixed a problem with static linking.
+    - Added pcredemo. [But later removed - see 7 below.]
+    - Fixed dftables problem and added an option.
+    - Added a number of HAVE_XXX tests, including HAVE_WINDOWS_H and
+        HAVE_LONG_LONG.
+    - Added readline support for pcretest.
+    - Added an listing of the option settings after cmake has run.
+
+4.  A user submitted a patch to Makefile that makes it easy to create
+    "pcre.dll" under mingw when using Configure/Make. I added stuff to
+    Makefile.am that cause it to include this special target, without
+    affecting anything else. Note that the same mingw target plus all
+    the other distribution libraries and programs are now supported
+    when configuring with CMake (see 6 below) instead of with
+    Configure/Make.
+
+5.  Applied Craig's patch that moves no_arg into the RE class in the C++ code.
+    This is an attempt to solve the reported problem "pcrecpp::no_arg is not
+    exported in the Windows port". It has not yet been confirmed that the patch
+    solves the problem, but it does no harm.
+
+6.  Applied Sheri's patch to CMakeLists.txt to add NON_STANDARD_LIB_PREFIX and
+    NON_STANDARD_LIB_SUFFIX for dll names built with mingw when configured
+    with CMake, and also correct the comment about stack recursion.
+
+7.  Remove the automatic building of pcredemo from the ./configure system and
+    from CMakeLists.txt. The whole idea of pcredemo.c is that it is an example
+    of a program that users should build themselves after PCRE is installed, so
+    building it automatically is not really right. What is more, it gave
+    trouble in some build environments.
+
+8.  Further tidies to CMakeLists.txt from Sheri and Christian.
+
+
+Version 7.5 10-Jan-08
+---------------------
+
+1.  Applied a patch from Craig: "This patch makes it possible to 'ignore'
+    values in parens when parsing an RE using the C++ wrapper."
+
+2.  Negative specials like \S did not work in character classes in UTF-8 mode.
+    Characters greater than 255 were excluded from the class instead of being
+    included.
+
+3.  The same bug as (2) above applied to negated POSIX classes such as
+    [:^space:].
+
+4.  PCRECPP_STATIC was referenced in pcrecpp_internal.h, but nowhere was it
+    defined or documented. It seems to have been a typo for PCRE_STATIC, so
+    I have changed it.
+
+5.  The construct (?&) was not diagnosed as a syntax error (it referenced the
+    first named subpattern) and a construct such as (?&a) would reference the
+    first named subpattern whose name started with "a" (in other words, the
+    length check was missing). Both these problems are fixed. "Subpattern name
+    expected" is now given for (?&) (a zero-length name), and this patch also
+    makes it give the same error for \k'' (previously it complained that that
+    was a reference to a non-existent subpattern).
+
+6.  The erroneous patterns (?+-a) and (?-+a) give different error messages;
+    this is right because (?- can be followed by option settings as well as by
+    digits. I have, however, made the messages clearer.
+
+7.  Patterns such as (?(1)a|b) (a pattern that contains fewer subpatterns
+    than the number used in the conditional) now cause a compile-time error.
+    This is actually not compatible with Perl, which accepts such patterns, but
+    treats the conditional as always being FALSE (as PCRE used to), but it
+    seems to me that giving a diagnostic is better.
+
+8.  Change "alphameric" to the more common word "alphanumeric" in comments
+    and messages.
+
+9.  Fix two occurrences of "backslash" in comments that should have been
+    "backspace".
+
+10. Remove two redundant lines of code that can never be obeyed (their function
+    was moved elsewhere).
+
+11. The program that makes PCRE's Unicode character property table had a bug
+    which caused it to generate incorrect table entries for sequences of
+    characters that have the same character type, but are in different scripts.
+    It amalgamated them into a single range, with the script of the first of
+    them. In other words, some characters were in the wrong script. There were
+    thirteen such cases, affecting characters in the following ranges:
+
+      U+002b0 - U+002c1
+      U+0060c - U+0060d
+      U+0061e - U+00612
+      U+0064b - U+0065e
+      U+0074d - U+0076d
+      U+01800 - U+01805
+      U+01d00 - U+01d77
+      U+01d9b - U+01dbf
+      U+0200b - U+0200f
+      U+030fc - U+030fe
+      U+03260 - U+0327f
+      U+0fb46 - U+0fbb1
+      U+10450 - U+1049d
+
+12. The -o option (show only the matching part of a line) for pcregrep was not
+    compatible with GNU grep in that, if there was more than one match in a
+    line, it showed only the first of them. It now behaves in the same way as
+    GNU grep.
+
+13. If the -o and -v options were combined for pcregrep, it printed a blank
+    line for every non-matching line. GNU grep prints nothing, and pcregrep now
+    does the same. The return code can be used to tell if there were any
+    non-matching lines.
+
+14. Added --file-offsets and --line-offsets to pcregrep.
+
+15. The pattern (?=something)(?R) was not being diagnosed as a potentially
+    infinitely looping recursion. The bug was that positive lookaheads were not
+    being skipped when checking for a possible empty match (negative lookaheads
+    and both kinds of lookbehind were skipped).
+
+16. Fixed two typos in the Windows-only code in pcregrep.c, and moved the
+    inclusion of <windows.h> to before rather than after the definition of
+    INVALID_FILE_ATTRIBUTES (patch from David Byron).
+
+17. Specifying a possessive quantifier with a specific limit for a Unicode
+    character property caused pcre_compile() to compile bad code, which led at
+    runtime to PCRE_ERROR_INTERNAL (-14). Examples of patterns that caused this
+    are: /\p{Zl}{2,3}+/8 and /\p{Cc}{2}+/8. It was the possessive "+" that
+    caused the error; without that there was no problem.
+
+18. Added --enable-pcregrep-libz and --enable-pcregrep-libbz2.
+
+19. Added --enable-pcretest-libreadline.
+
+20. In pcrecpp.cc, the variable 'count' was incremented twice in
+    RE::GlobalReplace(). As a result, the number of replacements returned was
+    double what it should be. I removed one of the increments, but Craig sent a
+    later patch that removed the other one (the right fix) and added unit tests
+    that check the return values (which was not done before).
+
+21. Several CMake things:
+
+    (1) Arranged that, when cmake is used on Unix, the libraries end up with
+        the names libpcre and libpcreposix, not just pcre and pcreposix.
+
+    (2) The above change means that pcretest and pcregrep are now correctly
+        linked with the newly-built libraries, not previously installed ones.
+
+    (3) Added PCRE_SUPPORT_LIBREADLINE, PCRE_SUPPORT_LIBZ, PCRE_SUPPORT_LIBBZ2.
+
+22. In UTF-8 mode, with newline set to "any", a pattern such as .*a.*=.b.*
+    crashed when matching a string such as a\x{2029}b (note that \x{2029} is a
+    UTF-8 newline character). The key issue is that the pattern starts .*;
+    this means that the match must be either at the beginning, or after a
+    newline. The bug was in the code for advancing after a failed match and
+    checking that the new position followed a newline. It was not taking
+    account of UTF-8 characters correctly.
+
+23. PCRE was behaving differently from Perl in the way it recognized POSIX
+    character classes. PCRE was not treating the sequence [:...:] as a
+    character class unless the ... were all letters. Perl, however, seems to
+    allow any characters between [: and :], though of course it rejects as
+    unknown any "names" that contain non-letters, because all the known class
+    names consist only of letters. Thus, Perl gives an error for [[:1234:]],
+    for example, whereas PCRE did not - it did not recognize a POSIX character
+    class. This seemed a bit dangerous, so the code has been changed to be
+    closer to Perl. The behaviour is not identical to Perl, because PCRE will
+    diagnose an unknown class for, for example, [[:l\ower:]] where Perl will
+    treat it as [[:lower:]]. However, PCRE does now give "unknown" errors where
+    Perl does, and where it didn't before.
+
+24. Rewrite so as to remove the single use of %n from pcregrep because in some
+    Windows environments %n is disabled by default.
+
+
+Version 7.4 21-Sep-07
+---------------------
+
+1.  Change 7.3/28 was implemented for classes by looking at the bitmap. This
+    means that a class such as [\s] counted as "explicit reference to CR or
+    LF". That isn't really right - the whole point of the change was to try to
+    help when there was an actual mention of one of the two characters. So now
+    the change happens only if \r or \n (or a literal CR or LF) character is
+    encountered.
+
+2.  The 32-bit options word was also used for 6 internal flags, but the numbers
+    of both had grown to the point where there were only 3 bits left.
+    Fortunately, there was spare space in the data structure, and so I have
+    moved the internal flags into a new 16-bit field to free up more option
+    bits.
+
+3.  The appearance of (?J) at the start of a pattern set the DUPNAMES option,
+    but did not set the internal JCHANGED flag - either of these is enough to
+    control the way the "get" function works - but the PCRE_INFO_JCHANGED
+    facility is supposed to tell if (?J) was ever used, so now (?J) at the
+    start sets both bits.
+
+4.  Added options (at build time, compile time, exec time) to change \R from
+    matching any Unicode line ending sequence to just matching CR, LF, or CRLF.
+
+5.  doc/pcresyntax.html was missing from the distribution.
+
+6.  Put back the definition of PCRE_ERROR_NULLWSLIMIT, for backward
+    compatibility, even though it is no longer used.
+
+7.  Added macro for snprintf to pcrecpp_unittest.cc and also for strtoll and
+    strtoull to pcrecpp.cc to select the available functions in WIN32 when the
+    windows.h file is present (where different names are used). [This was
+    reversed later after testing - see 16 below.]
+
+8.  Changed all #include <config.h> to #include "config.h". There were also
+    some further <pcre.h> cases that I changed to "pcre.h".
+
+9.  When pcregrep was used with the --colour option, it missed the line ending
+    sequence off the lines that it output.
+
+10. It was pointed out to me that arrays of string pointers cause lots of
+    relocations when a shared library is dynamically loaded. A technique of
+    using a single long string with a table of offsets can drastically reduce
+    these. I have refactored PCRE in four places to do this. The result is
+    dramatic:
+
+      Originally:                          290
+      After changing UCP table:            187
+      After changing error message table:   43
+      After changing table of "verbs"       36
+      After changing table of Posix names   22
+
+    Thanks to the folks working on Gregex for glib for this insight.
+
+11. --disable-stack-for-recursion caused compiling to fail unless -enable-
+    unicode-properties was also set.
+
+12. Updated the tests so that they work when \R is defaulted to ANYCRLF.
+
+13. Added checks for ANY and ANYCRLF to pcrecpp.cc where it previously
+    checked only for CRLF.
+
+14. Added casts to pcretest.c to avoid compiler warnings.
+
+15. Added Craig's patch to various pcrecpp modules to avoid compiler warnings.
+
+16. Added Craig's patch to remove the WINDOWS_H tests, that were not working,
+    and instead check for _strtoi64 explicitly, and avoid the use of snprintf()
+    entirely. This removes changes made in 7 above.
+
+17. The CMake files have been updated, and there is now more information about
+    building with CMake in the NON-UNIX-USE document.
+
+
+Version 7.3 28-Aug-07
+---------------------
+
+ 1. In the rejigging of the build system that eventually resulted in 7.1, the
+    line "#include <pcre.h>" was included in pcre_internal.h. The use of angle
+    brackets there is not right, since it causes compilers to look for an
+    installed pcre.h, not the version that is in the source that is being
+    compiled (which of course may be different). I have changed it back to:
+
+      #include "pcre.h"
+
+    I have a vague recollection that the change was concerned with compiling in
+    different directories, but in the new build system, that is taken care of
+    by the VPATH setting the Makefile.
+
+ 2. The pattern .*$ when run in not-DOTALL UTF-8 mode with newline=any failed
+    when the subject happened to end in the byte 0x85 (e.g. if the last
+    character was \x{1ec5}). *Character* 0x85 is one of the "any" newline
+    characters but of course it shouldn't be taken as a newline when it is part
+    of another character. The bug was that, for an unlimited repeat of . in
+    not-DOTALL UTF-8 mode, PCRE was advancing by bytes rather than by
+    characters when looking for a newline.
+
+ 3. A small performance improvement in the DOTALL UTF-8 mode .* case.
+
+ 4. Debugging: adjusted the names of opcodes for different kinds of parentheses
+    in debug output.
+
+ 5. Arrange to use "%I64d" instead of "%lld" and "%I64u" instead of "%llu" for
+    long printing in the pcrecpp unittest when running under MinGW.
+
+ 6. ESC_K was left out of the EBCDIC table.
+
+ 7. Change 7.0/38 introduced a new limit on the number of nested non-capturing
+    parentheses; I made it 1000, which seemed large enough. Unfortunately, the
+    limit also applies to "virtual nesting" when a pattern is recursive, and in
+    this case 1000 isn't so big. I have been able to remove this limit at the
+    expense of backing off one optimization in certain circumstances. Normally,
+    when pcre_exec() would call its internal match() function recursively and
+    immediately return the result unconditionally, it uses a "tail recursion"
+    feature to save stack. However, when a subpattern that can match an empty
+    string has an unlimited repetition quantifier, it no longer makes this
+    optimization. That gives it a stack frame in which to save the data for
+    checking that an empty string has been matched. Previously this was taken
+    from the 1000-entry workspace that had been reserved. So now there is no
+    explicit limit, but more stack is used.
+
+ 8. Applied Daniel's patches to solve problems with the import/export magic
+    syntax that is required for Windows, and which was going wrong for the
+    pcreposix and pcrecpp parts of the library. These were overlooked when this
+    problem was solved for the main library.
+
+ 9. There were some crude static tests to avoid integer overflow when computing
+    the size of patterns that contain repeated groups with explicit upper
+    limits. As the maximum quantifier is 65535, the maximum group length was
+    set at 30,000 so that the product of these two numbers did not overflow a
+    32-bit integer. However, it turns out that people want to use groups that
+    are longer than 30,000 bytes (though not repeat them that many times).
+    Change 7.0/17 (the refactoring of the way the pattern size is computed) has
+    made it possible to implement the integer overflow checks in a much more
+    dynamic way, which I have now done. The artificial limitation on group
+    length has been removed - we now have only the limit on the total length of
+    the compiled pattern, which depends on the LINK_SIZE setting.
+
+10. Fixed a bug in the documentation for get/copy named substring when
+    duplicate names are permitted. If none of the named substrings are set, the
+    functions return PCRE_ERROR_NOSUBSTRING (7); the doc said they returned an
+    empty string.
+
+11. Because Perl interprets \Q...\E at a high level, and ignores orphan \E
+    instances, patterns such as [\Q\E] or [\E] or even [^\E] cause an error,
+    because the ] is interpreted as the first data character and the
+    terminating ] is not found. PCRE has been made compatible with Perl in this
+    regard. Previously, it interpreted [\Q\E] as an empty class, and [\E] could
+    cause memory overwriting.
+
+10. Like Perl, PCRE automatically breaks an unlimited repeat after an empty
+    string has been matched (to stop an infinite loop). It was not recognizing
+    a conditional subpattern that could match an empty string if that
+    subpattern was within another subpattern. For example, it looped when
+    trying to match  (((?(1)X|))*)  but it was OK with  ((?(1)X|)*)  where the
+    condition was not nested. This bug has been fixed.
+
+12. A pattern like \X?\d or \P{L}?\d in non-UTF-8 mode could cause a backtrack
+    past the start of the subject in the presence of bytes with the top bit
+    set, for example "\x8aBCD".
+
+13. Added Perl 5.10 experimental backtracking controls (*FAIL), (*F), (*PRUNE),
+    (*SKIP), (*THEN), (*COMMIT), and (*ACCEPT).
+
+14. Optimized (?!) to (*FAIL).
+
+15. Updated the test for a valid UTF-8 string to conform to the later RFC 3629.
+    This restricts code points to be within the range 0 to 0x10FFFF, excluding
+    the "low surrogate" sequence 0xD800 to 0xDFFF. Previously, PCRE allowed the
+    full range 0 to 0x7FFFFFFF, as defined by RFC 2279. Internally, it still
+    does: it's just the validity check that is more restrictive.
+
+16. Inserted checks for integer overflows during escape sequence (backslash)
+    processing, and also fixed erroneous offset values for syntax errors during
+    backslash processing.
+
+17. Fixed another case of looking too far back in non-UTF-8 mode (cf 12 above)
+    for patterns like [\PPP\x8a]{1,}\x80 with the subject "A\x80".
+
+18. An unterminated class in a pattern like (?1)\c[ with a "forward reference"
+    caused an overrun.
+
+19. A pattern like (?:[\PPa*]*){8,} which had an "extended class" (one with
+    something other than just ASCII characters) inside a group that had an
+    unlimited repeat caused a loop at compile time (while checking to see
+    whether the group could match an empty string).
+
+20. Debugging a pattern containing \p or \P could cause a crash. For example,
+    [\P{Any}] did so. (Error in the code for printing property names.)
+
+21. An orphan \E inside a character class could cause a crash.
+
+22. A repeated capturing bracket such as (A)? could cause a wild memory
+    reference during compilation.
+
+23. There are several functions in pcre_compile() that scan along a compiled
+    expression for various reasons (e.g. to see if it's fixed length for look
+    behind). There were bugs in these functions when a repeated \p or \P was
+    present in the pattern. These operators have additional parameters compared
+    with \d, etc, and these were not being taken into account when moving along
+    the compiled data. Specifically:
+
+    (a) A item such as \p{Yi}{3} in a lookbehind was not treated as fixed
+        length.
+
+    (b) An item such as \pL+ within a repeated group could cause crashes or
+        loops.
+
+    (c) A pattern such as \p{Yi}+(\P{Yi}+)(?1) could give an incorrect
+        "reference to non-existent subpattern" error.
+
+    (d) A pattern like (\P{Yi}{2}\277)? could loop at compile time.
+
+24. A repeated \S or \W in UTF-8 mode could give wrong answers when multibyte
+    characters were involved (for example /\S{2}/8g with "A\x{a3}BC").
+
+25. Using pcregrep in multiline, inverted mode (-Mv) caused it to loop.
+
+26. Patterns such as [\P{Yi}A] which include \p or \P and just one other
+    character were causing crashes (broken optimization).
+
+27. Patterns such as (\P{Yi}*\277)* (group with possible zero repeat containing
+    \p or \P) caused a compile-time loop.
+
+28. More problems have arisen in unanchored patterns when CRLF is a valid line
+    break. For example, the unstudied pattern [\r\n]A does not match the string
+    "\r\nA" because change 7.0/46 below moves the current point on by two
+    characters after failing to match at the start. However, the pattern \nA
+    *does* match, because it doesn't start till \n, and if [\r\n]A is studied,
+    the same is true. There doesn't seem any very clean way out of this, but
+    what I have chosen to do makes the common cases work: PCRE now takes note
+    of whether there can be an explicit match for \r or \n anywhere in the
+    pattern, and if so, 7.0/46 no longer applies. As part of this change,
+    there's a new PCRE_INFO_HASCRORLF option for finding out whether a compiled
+    pattern has explicit CR or LF references.
+
+29. Added (*CR) etc for changing newline setting at start of pattern.
+
+
+Version 7.2 19-Jun-07
+---------------------
+
+ 1. If the fr_FR locale cannot be found for test 3, try the "french" locale,
+    which is apparently normally available under Windows.
+
+ 2. Re-jig the pcregrep tests with different newline settings in an attempt
+    to make them independent of the local environment's newline setting.
+
+ 3. Add code to configure.ac to remove -g from the CFLAGS default settings.
+
+ 4. Some of the "internals" tests were previously cut out when the link size
+    was not 2, because the output contained actual offsets. The recent new
+    "Z" feature of pcretest means that these can be cut out, making the tests
+    usable with all link sizes.
+
+ 5. Implemented Stan Switzer's goto replacement for longjmp() when not using
+    stack recursion. This gives a massive performance boost under BSD, but just
+    a small improvement under Linux. However, it saves one field in the frame
+    in all cases.
+
+ 6. Added more features from the forthcoming Perl 5.10:
+
+    (a) (?-n) (where n is a string of digits) is a relative subroutine or
+        recursion call. It refers to the nth most recently opened parentheses.
+
+    (b) (?+n) is also a relative subroutine call; it refers to the nth next
+        to be opened parentheses.
+
+    (c) Conditions that refer to capturing parentheses can be specified
+        relatively, for example, (?(-2)... or (?(+3)...
+
+    (d) \K resets the start of the current match so that everything before
+        is not part of it.
+
+    (e) \k{name} is synonymous with \k<name> and \k'name' (.NET compatible).
+
+    (f) \g{name} is another synonym - part of Perl 5.10's unification of
+        reference syntax.
+
+    (g) (?| introduces a group in which the numbering of parentheses in each
+        alternative starts with the same number.
+
+    (h) \h, \H, \v, and \V match horizontal and vertical whitespace.
+
+ 7. Added two new calls to pcre_fullinfo(): PCRE_INFO_OKPARTIAL and
+    PCRE_INFO_JCHANGED.
+
+ 8. A pattern such as  (.*(.)?)*  caused pcre_exec() to fail by either not
+    terminating or by crashing. Diagnosed by Viktor Griph; it was in the code
+    for detecting groups that can match an empty string.
+
+ 9. A pattern with a very large number of alternatives (more than several
+    hundred) was running out of internal workspace during the pre-compile
+    phase, where pcre_compile() figures out how much memory will be needed. A
+    bit of new cunning has reduced the workspace needed for groups with
+    alternatives. The 1000-alternative test pattern now uses 12 bytes of
+    workspace instead of running out of the 4096 that are available.
+
+10. Inserted some missing (unsigned int) casts to get rid of compiler warnings.
+
+11. Applied patch from Google to remove an optimization that didn't quite work.
+    The report of the bug said:
+
+      pcrecpp::RE("a*").FullMatch("aaa") matches, while
+      pcrecpp::RE("a*?").FullMatch("aaa") does not, and
+      pcrecpp::RE("a*?\\z").FullMatch("aaa") does again.
+
+12. If \p or \P was used in non-UTF-8 mode on a character greater than 127
+    it matched the wrong number of bytes.
+
+
+Version 7.1 24-Apr-07
+---------------------
+
+ 1. Applied Bob Rossi and Daniel G's patches to convert the build system to one
+    that is more "standard", making use of automake and other Autotools. There
+    is some re-arrangement of the files and adjustment of comments consequent
+    on this.
+
+ 2. Part of the patch fixed a problem with the pcregrep tests. The test of -r
+    for recursive directory scanning broke on some systems because the files
+    are not scanned in any specific order and on different systems the order
+    was different. A call to "sort" has been inserted into RunGrepTest for the
+    approprate test as a short-term fix. In the longer term there may be an
+    alternative.
+
+ 3. I had an email from Eric Raymond about problems translating some of PCRE's
+    man pages to HTML (despite the fact that I distribute HTML pages, some
+    people do their own conversions for various reasons). The problems
+    concerned the use of low-level troff macros .br and .in. I have therefore
+    removed all such uses from the man pages (some were redundant, some could
+    be replaced by .nf/.fi pairs). The 132html script that I use to generate
+    HTML has been updated to handle .nf/.fi and to complain if it encounters
+    .br or .in.
+
+ 4. Updated comments in configure.ac that get placed in config.h.in and also
+    arranged for config.h to be included in the distribution, with the name
+    config.h.generic, for the benefit of those who have to compile without
+    Autotools (compare pcre.h, which is now distributed as pcre.h.generic).
+
+ 5. Updated the support (such as it is) for Virtual Pascal, thanks to Stefan
+    Weber: (1) pcre_internal.h was missing some function renames; (2) updated
+    makevp.bat for the current PCRE, using the additional files
+    makevp_c.txt, makevp_l.txt, and pcregexp.pas.
+
+ 6. A Windows user reported a minor discrepancy with test 2, which turned out
+    to be caused by a trailing space on an input line that had got lost in his
+    copy. The trailing space was an accident, so I've just removed it.
+
+ 7. Add -Wl,-R... flags in pcre-config.in for *BSD* systems, as I'm told
+    that is needed.
+
+ 8. Mark ucp_table (in ucptable.h) and ucp_gentype (in pcre_ucp_searchfuncs.c)
+    as "const" (a) because they are and (b) because it helps the PHP
+    maintainers who have recently made a script to detect big data structures
+    in the php code that should be moved to the .rodata section. I remembered
+    to update Builducptable as well, so it won't revert if ucptable.h is ever
+    re-created.
+
+ 9. Added some extra #ifdef SUPPORT_UTF8 conditionals into pcretest.c,
+    pcre_printint.src, pcre_compile.c, pcre_study.c, and pcre_tables.c, in
+    order to be able to cut out the UTF-8 tables in the latter when UTF-8
+    support is not required. This saves 1.5-2K of code, which is important in
+    some applications.
+
+    Later: more #ifdefs are needed in pcre_ord2utf8.c and pcre_valid_utf8.c
+    so as not to refer to the tables, even though these functions will never be
+    called when UTF-8 support is disabled. Otherwise there are problems with a
+    shared library.
+
+10. Fixed two bugs in the emulated memmove() function in pcre_internal.h:
+
+    (a) It was defining its arguments as char * instead of void *.
+
+    (b) It was assuming that all moves were upwards in memory; this was true
+        a long time ago when I wrote it, but is no longer the case.
+
+    The emulated memove() is provided for those environments that have neither
+    memmove() nor bcopy(). I didn't think anyone used it these days, but that
+    is clearly not the case, as these two bugs were recently reported.
+
+11. The script PrepareRelease is now distributed: it calls 132html, CleanTxt,
+    and Detrail to create the HTML documentation, the .txt form of the man
+    pages, and it removes trailing spaces from listed files. It also creates
+    pcre.h.generic and config.h.generic from pcre.h and config.h. In the latter
+    case, it wraps all the #defines with #ifndefs. This script should be run
+    before "make dist".
+
+12. Fixed two fairly obscure bugs concerned with quantified caseless matching
+    with Unicode property support.
+
+    (a) For a maximizing quantifier, if the two different cases of the
+        character were of different lengths in their UTF-8 codings (there are
+        some cases like this - I found 11), and the matching function had to
+        back up over a mixture of the two cases, it incorrectly assumed they
+        were both the same length.
+
+    (b) When PCRE was configured to use the heap rather than the stack for
+        recursion during matching, it was not correctly preserving the data for
+        the other case of a UTF-8 character when checking ahead for a match
+        while processing a minimizing repeat. If the check also involved
+        matching a wide character, but failed, corruption could cause an
+        erroneous result when trying to check for a repeat of the original
+        character.
+
+13. Some tidying changes to the testing mechanism:
+
+    (a) The RunTest script now detects the internal link size and whether there
+        is UTF-8 and UCP support by running ./pcretest -C instead of relying on
+        values substituted by "configure". (The RunGrepTest script already did
+        this for UTF-8.) The configure.ac script no longer substitutes the
+        relevant variables.
+
+    (b) The debugging options /B and /D in pcretest show the compiled bytecode
+        with length and offset values. This means that the output is different
+        for different internal link sizes. Test 2 is skipped for link sizes
+        other than 2 because of this, bypassing the problem. Unfortunately,
+        there was also a test in test 3 (the locale tests) that used /B and
+        failed for link sizes other than 2. Rather than cut the whole test out,
+        I have added a new /Z option to pcretest that replaces the length and
+        offset values with spaces. This is now used to make test 3 independent
+        of link size. (Test 2 will be tidied up later.)
+
+14. If erroroffset was passed as NULL to pcre_compile, it provoked a
+    segmentation fault instead of returning the appropriate error message.
+
+15. In multiline mode when the newline sequence was set to "any", the pattern
+    ^$ would give a match between the \r and \n of a subject such as "A\r\nB".
+    This doesn't seem right; it now treats the CRLF combination as the line
+    ending, and so does not match in that case. It's only a pattern such as ^$
+    that would hit this one: something like ^ABC$ would have failed after \r
+    and then tried again after \r\n.
+
+16. Changed the comparison command for RunGrepTest from "diff -u" to "diff -ub"
+    in an attempt to make files that differ only in their line terminators
+    compare equal. This works on Linux.
+
+17. Under certain error circumstances pcregrep might try to free random memory
+    as it exited. This is now fixed, thanks to valgrind.
+
+19. In pcretest, if the pattern /(?m)^$/g<any> was matched against the string
+    "abc\r\n\r\n", it found an unwanted second match after the second \r. This
+    was because its rules for how to advance for /g after matching an empty
+    string at the end of a line did not allow for this case. They now check for
+    it specially.
+
+20. pcretest is supposed to handle patterns and data of any length, by
+    extending its buffers when necessary. It was getting this wrong when the
+    buffer for a data line had to be extended.
+
+21. Added PCRE_NEWLINE_ANYCRLF which is like ANY, but matches only CR, LF, or
+    CRLF as a newline sequence.
+
+22. Code for handling Unicode properties in pcre_dfa_exec() wasn't being cut
+    out by #ifdef SUPPORT_UCP. This did no harm, as it could never be used, but
+    I have nevertheless tidied it up.
+
+23. Added some casts to kill warnings from HP-UX ia64 compiler.
+
+24. Added a man page for pcre-config.
+
+
+Version 7.0 19-Dec-06
+---------------------
+
+ 1. Fixed a signed/unsigned compiler warning in pcre_compile.c, shown up by
+    moving to gcc 4.1.1.
+
+ 2. The -S option for pcretest uses setrlimit(); I had omitted to #include
+    sys/time.h, which is documented as needed for this function. It doesn't
+    seem to matter on Linux, but it showed up on some releases of OS X.
+
+ 3. It seems that there are systems where bytes whose values are greater than
+    127 match isprint() in the "C" locale. The "C" locale should be the
+    default when a C program starts up. In most systems, only ASCII printing
+    characters match isprint(). This difference caused the output from pcretest
+    to vary, making some of the tests fail. I have changed pcretest so that:
+
+    (a) When it is outputting text in the compiled version of a pattern, bytes
+        other than 32-126 are always shown as hex escapes.
+
+    (b) When it is outputting text that is a matched part of a subject string,
+        it does the same, unless a different locale has been set for the match
+        (using the /L modifier). In this case, it uses isprint() to decide.
+
+ 4. Fixed a major bug that caused incorrect computation of the amount of memory
+    required for a compiled pattern when options that changed within the
+    pattern affected the logic of the preliminary scan that determines the
+    length. The relevant options are -x, and -i in UTF-8 mode. The result was
+    that the computed length was too small. The symptoms of this bug were
+    either the PCRE error "internal error: code overflow" from pcre_compile(),
+    or a glibc crash with a message such as "pcretest: free(): invalid next
+    size (fast)". Examples of patterns that provoked this bug (shown in
+    pcretest format) are:
+
+      /(?-x: )/x
+      /(?x)(?-x: \s*#\s*)/
+      /((?i)[\x{c0}])/8
+      /(?i:[\x{c0}])/8
+
+    HOWEVER: Change 17 below makes this fix obsolete as the memory computation
+    is now done differently.
+
+ 5. Applied patches from Google to: (a) add a QuoteMeta function to the C++
+    wrapper classes; (b) implement a new function in the C++ scanner that is
+    more efficient than the old way of doing things because it avoids levels of
+    recursion in the regex matching; (c) add a paragraph to the documentation
+    for the FullMatch() function.
+
+ 6. The escape sequence \n was being treated as whatever was defined as
+    "newline". Not only was this contrary to the documentation, which states
+    that \n is character 10 (hex 0A), but it also went horribly wrong when
+    "newline" was defined as CRLF. This has been fixed.
+
+ 7. In pcre_dfa_exec.c the value of an unsigned integer (the variable called c)
+    was being set to -1 for the "end of line" case (supposedly a value that no
+    character can have). Though this value is never used (the check for end of
+    line is "zero bytes in current character"), it caused compiler complaints.
+    I've changed it to 0xffffffff.
+
+ 8. In pcre_version.c, the version string was being built by a sequence of
+    C macros that, in the event of PCRE_PRERELEASE being defined as an empty
+    string (as it is for production releases) called a macro with an empty
+    argument. The C standard says the result of this is undefined. The gcc
+    compiler treats it as an empty string (which was what was wanted) but it is
+    reported that Visual C gives an error. The source has been hacked around to
+    avoid this problem.
+
+ 9. On the advice of a Windows user, included <io.h> and <fcntl.h> in Windows
+    builds of pcretest, and changed the call to _setmode() to use _O_BINARY
+    instead of 0x8000. Made all the #ifdefs test both _WIN32 and WIN32 (not all
+    of them did).
+
+10. Originally, pcretest opened its input and output without "b"; then I was
+    told that "b" was needed in some environments, so it was added for release
+    5.0 to both the input and output. (It makes no difference on Unix-like
+    systems.) Later I was told that it is wrong for the input on Windows. I've
+    now abstracted the modes into two macros, to make it easier to fiddle with
+    them, and removed "b" from the input mode under Windows.
+
+11. Added pkgconfig support for the C++ wrapper library, libpcrecpp.
+
+12. Added -help and --help to pcretest as an official way of being reminded
+    of the options.
+
+13. Removed some redundant semicolons after macro calls in pcrecpparg.h.in
+    and pcrecpp.cc because they annoy compilers at high warning levels.
+
+14. A bit of tidying/refactoring in pcre_exec.c in the main bumpalong loop.
+
+15. Fixed an occurrence of == in configure.ac that should have been = (shell
+    scripts are not C programs :-) and which was not noticed because it works
+    on Linux.
+
+16. pcretest is supposed to handle any length of pattern and data line (as one
+    line or as a continued sequence of lines) by extending its input buffer if
+    necessary. This feature was broken for very long pattern lines, leading to
+    a string of junk being passed to pcre_compile() if the pattern was longer
+    than about 50K.
+
+17. I have done a major re-factoring of the way pcre_compile() computes the
+    amount of memory needed for a compiled pattern. Previously, there was code
+    that made a preliminary scan of the pattern in order to do this. That was
+    OK when PCRE was new, but as the facilities have expanded, it has become
+    harder and harder to keep it in step with the real compile phase, and there
+    have been a number of bugs (see for example, 4 above). I have now found a
+    cunning way of running the real compile function in a "fake" mode that
+    enables it to compute how much memory it would need, while actually only
+    ever using a few hundred bytes of working memory and without too many
+    tests of the mode. This should make future maintenance and development
+    easier. A side effect of this work is that the limit of 200 on the nesting
+    depth of parentheses has been removed (though this was never a serious
+    limitation, I suspect). However, there is a downside: pcre_compile() now
+    runs more slowly than before (30% or more, depending on the pattern). I
+    hope this isn't a big issue. There is no effect on runtime performance.
+
+18. Fixed a minor bug in pcretest: if a pattern line was not terminated by a
+    newline (only possible for the last line of a file) and it was a
+    pattern that set a locale (followed by /Lsomething), pcretest crashed.
+
+19. Added additional timing features to pcretest. (1) The -tm option now times
+    matching only, not compiling. (2) Both -t and -tm can be followed, as a
+    separate command line item, by a number that specifies the number of
+    repeats to use when timing. The default is 50000; this gives better
+    precision, but takes uncomfortably long for very large patterns.
+
+20. Extended pcre_study() to be more clever in cases where a branch of a
+    subpattern has no definite first character. For example, (a*|b*)[cd] would
+    previously give no result from pcre_study(). Now it recognizes that the
+    first character must be a, b, c, or d.
+
+21. There was an incorrect error "recursive call could loop indefinitely" if
+    a subpattern (or the entire pattern) that was being tested for matching an
+    empty string contained only one non-empty item after a nested subpattern.
+    For example, the pattern (?>\x{100}*)\d(?R) provoked this error
+    incorrectly, because the \d was being skipped in the check.
+
+22. The pcretest program now has a new pattern option /B and a command line
+    option -b, which is equivalent to adding /B to every pattern. This causes
+    it to show the compiled bytecode, without the additional information that
+    -d shows. The effect of -d is now the same as -b with -i (and similarly, /D
+    is the same as /B/I).
+
+23. A new optimization is now able automatically to treat some sequences such
+    as a*b as a*+b. More specifically, if something simple (such as a character
+    or a simple class like \d) has an unlimited quantifier, and is followed by
+    something that cannot possibly match the quantified thing, the quantifier
+    is automatically "possessified".
+
+24. A recursive reference to a subpattern whose number was greater than 39
+    went wrong under certain circumstances in UTF-8 mode. This bug could also
+    have affected the operation of pcre_study().
+
+25. Realized that a little bit of performance could be had by replacing
+    (c & 0xc0) == 0xc0 with c >= 0xc0 when processing UTF-8 characters.
+
+26. Timing data from pcretest is now shown to 4 decimal places instead of 3.
+
+27. Possessive quantifiers such as a++ were previously implemented by turning
+    them into atomic groups such as ($>a+). Now they have their own opcodes,
+    which improves performance. This includes the automatically created ones
+    from 23 above.
+
+28. A pattern such as (?=(\w+))\1: which simulates an atomic group using a
+    lookahead was broken if it was not anchored. PCRE was mistakenly expecting
+    the first matched character to be a colon. This applied both to named and
+    numbered groups.
+
+29. The ucpinternal.h header file was missing its idempotency #ifdef.
+
+30. I was sent a "project" file called libpcre.a.dev which I understand makes
+    building PCRE on Windows easier, so I have included it in the distribution.
+
+31. There is now a check in pcretest against a ridiculously large number being
+    returned by pcre_exec() or pcre_dfa_exec(). If this happens in a /g or /G
+    loop, the loop is abandoned.
+
+32. Forward references to subpatterns in conditions such as (?(2)...) where
+    subpattern 2 is defined later cause pcre_compile() to search forwards in
+    the pattern for the relevant set of parentheses. This search went wrong
+    when there were unescaped parentheses in a character class, parentheses
+    escaped with \Q...\E, or parentheses in a #-comment in /x mode.
+
+33. "Subroutine" calls and backreferences were previously restricted to
+    referencing subpatterns earlier in the regex. This restriction has now
+    been removed.
+
+34. Added a number of extra features that are going to be in Perl 5.10. On the
+    whole, these are just syntactic alternatives for features that PCRE had
+    previously implemented using the Python syntax or my own invention. The
+    other formats are all retained for compatibility.
+
+    (a) Named groups can now be defined as (?<name>...) or (?'name'...) as well
+        as (?P<name>...). The new forms, as well as being in Perl 5.10, are
+        also .NET compatible.
+
+    (b) A recursion or subroutine call to a named group can now be defined as
+        (?&name) as well as (?P>name).
+
+    (c) A backreference to a named group can now be defined as \k<name> or
+        \k'name' as well as (?P=name). The new forms, as well as being in Perl
+        5.10, are also .NET compatible.
+
+    (d) A conditional reference to a named group can now use the syntax
+        (?(<name>) or (?('name') as well as (?(name).
+
+    (e) A "conditional group" of the form (?(DEFINE)...) can be used to define
+        groups (named and numbered) that are never evaluated inline, but can be
+        called as "subroutines" from elsewhere. In effect, the DEFINE condition
+        is always false. There may be only one alternative in such a group.
+
+    (f) A test for recursion can be given as (?(R1).. or (?(R&name)... as well
+        as the simple (?(R). The condition is true only if the most recent
+        recursion is that of the given number or name. It does not search out
+        through the entire recursion stack.
+
+    (g) The escape \gN or \g{N} has been added, where N is a positive or
+        negative number, specifying an absolute or relative reference.
+
+35. Tidied to get rid of some further signed/unsigned compiler warnings and
+    some "unreachable code" warnings.
+
+36. Updated the Unicode property tables to Unicode version 5.0.0. Amongst other
+    things, this adds five new scripts.
+
+37. Perl ignores orphaned \E escapes completely. PCRE now does the same.
+    There were also incompatibilities regarding the handling of \Q..\E inside
+    character classes, for example with patterns like [\Qa\E-\Qz\E] where the
+    hyphen was adjacent to \Q or \E. I hope I've cleared all this up now.
+
+38. Like Perl, PCRE detects when an indefinitely repeated parenthesized group
+    matches an empty string, and forcibly breaks the loop. There were bugs in
+    this code in non-simple cases. For a pattern such as  ^(a()*)*  matched
+    against  aaaa  the result was just "a" rather than "aaaa", for example. Two
+    separate and independent bugs (that affected different cases) have been
+    fixed.
+
+39. Refactored the code to abolish the use of different opcodes for small
+    capturing bracket numbers. This is a tidy that I avoided doing when I
+    removed the limit on the number of capturing brackets for 3.5 back in 2001.
+    The new approach is not only tidier, it makes it possible to reduce the
+    memory needed to fix the previous bug (38).
+
+40. Implemented PCRE_NEWLINE_ANY to recognize any of the Unicode newline
+    sequences (http://unicode.org/unicode/reports/tr18/) as "newline" when
+    processing dot, circumflex, or dollar metacharacters, or #-comments in /x
+    mode.
+
+41. Add \R to match any Unicode newline sequence, as suggested in the Unicode
+    report.
+
+42. Applied patch, originally from Ari Pollak, modified by Google, to allow
+    copy construction and assignment in the C++ wrapper.
+
+43. Updated pcregrep to support "--newline=any". In the process, I fixed a
+    couple of bugs that could have given wrong results in the "--newline=crlf"
+    case.
+
+44. Added a number of casts and did some reorganization of signed/unsigned int
+    variables following suggestions from Dair Grant. Also renamed the variable
+    "this" as "item" because it is a C++ keyword.
+
+45. Arranged for dftables to add
+
+      #include "pcre_internal.h"
+
+    to pcre_chartables.c because without it, gcc 4.x may remove the array
+    definition from the final binary if PCRE is built into a static library and
+    dead code stripping is activated.
+
+46. For an unanchored pattern, if a match attempt fails at the start of a
+    newline sequence, and the newline setting is CRLF or ANY, and the next two
+    characters are CRLF, advance by two characters instead of one.
+
+
+Version 6.7 04-Jul-06
+---------------------
+
+ 1. In order to handle tests when input lines are enormously long, pcretest has
+    been re-factored so that it automatically extends its buffers when
+    necessary. The code is crude, but this _is_ just a test program. The
+    default size has been increased from 32K to 50K.
+
+ 2. The code in pcre_study() was using the value of the re argument before
+    testing it for NULL. (Of course, in any sensible call of the function, it
+    won't be NULL.)
+
+ 3. The memmove() emulation function in pcre_internal.h, which is used on
+    systems that lack both memmove() and bcopy() - that is, hardly ever -
+    was missing a "static" storage class specifier.
+
+ 4. When UTF-8 mode was not set, PCRE looped when compiling certain patterns
+    containing an extended class (one that cannot be represented by a bitmap
+    because it contains high-valued characters or Unicode property items, e.g.
+    [\pZ]). Almost always one would set UTF-8 mode when processing such a
+    pattern, but PCRE should not loop if you do not (it no longer does).
+    [Detail: two cases were found: (a) a repeated subpattern containing an
+    extended class; (b) a recursive reference to a subpattern that followed a
+    previous extended class. It wasn't skipping over the extended class
+    correctly when UTF-8 mode was not set.]
+
+ 5. A negated single-character class was not being recognized as fixed-length
+    in lookbehind assertions such as (?<=[^f]), leading to an incorrect
+    compile error "lookbehind assertion is not fixed length".
+
+ 6. The RunPerlTest auxiliary script was showing an unexpected difference
+    between PCRE and Perl for UTF-8 tests. It turns out that it is hard to
+    write a Perl script that can interpret lines of an input file either as
+    byte characters or as UTF-8, which is what "perltest" was being required to
+    do for the non-UTF-8 and UTF-8 tests, respectively. Essentially what you
+    can't do is switch easily at run time between having the "use utf8;" pragma
+    or not. In the end, I fudged it by using the RunPerlTest script to insert
+    "use utf8;" explicitly for the UTF-8 tests.
+
+ 7. In multiline (/m) mode, PCRE was matching ^ after a terminating newline at
+    the end of the subject string, contrary to the documentation and to what
+    Perl does. This was true of both matching functions. Now it matches only at
+    the start of the subject and immediately after *internal* newlines.
+
+ 8. A call of pcre_fullinfo() from pcretest to get the option bits was passing
+    a pointer to an int instead of a pointer to an unsigned long int. This
+    caused problems on 64-bit systems.
+
+ 9. Applied a patch from the folks at Google to pcrecpp.cc, to fix "another
+    instance of the 'standard' template library not being so standard".
+
+10. There was no check on the number of named subpatterns nor the maximum
+    length of a subpattern name. The product of these values is used to compute
+    the size of the memory block for a compiled pattern. By supplying a very
+    long subpattern name and a large number of named subpatterns, the size
+    computation could be caused to overflow. This is now prevented by limiting
+    the length of names to 32 characters, and the number of named subpatterns
+    to 10,000.
+
+11. Subpatterns that are repeated with specific counts have to be replicated in
+    the compiled pattern. The size of memory for this was computed from the
+    length of the subpattern and the repeat count. The latter is limited to
+    65535, but there was no limit on the former, meaning that integer overflow
+    could in principle occur. The compiled length of a repeated subpattern is
+    now limited to 30,000 bytes in order to prevent this.
+
+12. Added the optional facility to have named substrings with the same name.
+
+13. Added the ability to use a named substring as a condition, using the
+    Python syntax: (?(name)yes|no). This overloads (?(R)... and names that
+    are numbers (not recommended). Forward references are permitted.
+
+14. Added forward references in named backreferences (if you see what I mean).
+
+15. In UTF-8 mode, with the PCRE_DOTALL option set, a quantified dot in the
+    pattern could run off the end of the subject. For example, the pattern
+    "(?s)(.{1,5})"8 did this with the subject "ab".
+
+16. If PCRE_DOTALL or PCRE_MULTILINE were set, pcre_dfa_exec() behaved as if
+    PCRE_CASELESS was set when matching characters that were quantified with ?
+    or *.
+
+17. A character class other than a single negated character that had a minimum
+    but no maximum quantifier - for example [ab]{6,} - was not handled
+    correctly by pce_dfa_exec(). It would match only one character.
+
+18. A valid (though odd) pattern that looked like a POSIX character
+    class but used an invalid character after [ (for example [[,abc,]]) caused
+    pcre_compile() to give the error "Failed: internal error: code overflow" or
+    in some cases to crash with a glibc free() error. This could even happen if
+    the pattern terminated after [[ but there just happened to be a sequence of
+    letters, a binary zero, and a closing ] in the memory that followed.
+
+19. Perl's treatment of octal escapes in the range \400 to \777 has changed
+    over the years. Originally (before any Unicode support), just the bottom 8
+    bits were taken. Thus, for example, \500 really meant \100. Nowadays the
+    output from "man perlunicode" includes this:
+
+      The regular expression compiler produces polymorphic opcodes.  That
+      is, the pattern adapts to the data and automatically switches to
+      the Unicode character scheme when presented with Unicode data--or
+      instead uses a traditional byte scheme when presented with byte
+      data.
+
+    Sadly, a wide octal escape does not cause a switch, and in a string with
+    no other multibyte characters, these octal escapes are treated as before.
+    Thus, in Perl, the pattern  /\500/ actually matches \100 but the pattern
+    /\500|\x{1ff}/ matches \500 or \777 because the whole thing is treated as a
+    Unicode string.
+
+    I have not perpetrated such confusion in PCRE. Up till now, it took just
+    the bottom 8 bits, as in old Perl. I have now made octal escapes with
+    values greater than \377 illegal in non-UTF-8 mode. In UTF-8 mode they
+    translate to the appropriate multibyte character.
+
+29. Applied some refactoring to reduce the number of warnings from Microsoft
+    and Borland compilers. This has included removing the fudge introduced
+    seven years ago for the OS/2 compiler (see 2.02/2 below) because it caused
+    a warning about an unused variable.
+
+21. PCRE has not included VT (character 0x0b) in the set of whitespace
+    characters since release 4.0, because Perl (from release 5.004) does not.
+    [Or at least, is documented not to: some releases seem to be in conflict
+    with the documentation.] However, when a pattern was studied with
+    pcre_study() and all its branches started with \s, PCRE still included VT
+    as a possible starting character. Of course, this did no harm; it just
+    caused an unnecessary match attempt.
+
+22. Removed a now-redundant internal flag bit that recorded the fact that case
+    dependency changed within the pattern. This was once needed for "required
+    byte" processing, but is no longer used. This recovers a now-scarce options
+    bit. Also moved the least significant internal flag bit to the most-
+    significant bit of the word, which was not previously used (hangover from
+    the days when it was an int rather than a uint) to free up another bit for
+    the future.
+
+23. Added support for CRLF line endings as well as CR and LF. As well as the
+    default being selectable at build time, it can now be changed at runtime
+    via the PCRE_NEWLINE_xxx flags. There are now options for pcregrep to
+    specify that it is scanning data with non-default line endings.
+
+24. Changed the definition of CXXLINK to make it agree with the definition of
+    LINK in the Makefile, by replacing LDFLAGS to CXXFLAGS.
+
+25. Applied Ian Taylor's patches to avoid using another stack frame for tail
+    recursions. This makes a big different to stack usage for some patterns.
+
+26. If a subpattern containing a named recursion or subroutine reference such
+    as (?P>B) was quantified, for example (xxx(?P>B)){3}, the calculation of
+    the space required for the compiled pattern went wrong and gave too small a
+    value. Depending on the environment, this could lead to "Failed: internal
+    error: code overflow at offset 49" or "glibc detected double free or
+    corruption" errors.
+
+27. Applied patches from Google (a) to support the new newline modes and (b) to
+    advance over multibyte UTF-8 characters in GlobalReplace.
+
+28. Change free() to pcre_free() in pcredemo.c. Apparently this makes a
+    difference for some implementation of PCRE in some Windows version.
+
+29. Added some extra testing facilities to pcretest:
+
+    \q<number>   in a data line sets the "match limit" value
+    \Q<number>   in a data line sets the "match recursion limt" value
+    -S <number>  sets the stack size, where <number> is in megabytes
+
+    The -S option isn't available for Windows.
+
+
+Version 6.6 06-Feb-06
+---------------------
+
+ 1. Change 16(a) for 6.5 broke things, because PCRE_DATA_SCOPE was not defined
+    in pcreposix.h. I have copied the definition from pcre.h.
+
+ 2. Change 25 for 6.5 broke compilation in a build directory out-of-tree
+    because pcre.h is no longer a built file.
+
+ 3. Added Jeff Friedl's additional debugging patches to pcregrep. These are
+    not normally included in the compiled code.
+
+
+Version 6.5 01-Feb-06
+---------------------
+
+ 1. When using the partial match feature with pcre_dfa_exec(), it was not
+    anchoring the second and subsequent partial matches at the new starting
+    point. This could lead to incorrect results. For example, with the pattern
+    /1234/, partially matching against "123" and then "a4" gave a match.
+
+ 2. Changes to pcregrep:
+
+    (a) All non-match returns from pcre_exec() were being treated as failures
+        to match the line. Now, unless the error is PCRE_ERROR_NOMATCH, an
+        error message is output. Some extra information is given for the
+        PCRE_ERROR_MATCHLIMIT and PCRE_ERROR_RECURSIONLIMIT errors, which are
+        probably the only errors that are likely to be caused by users (by
+        specifying a regex that has nested indefinite repeats, for instance).
+        If there are more than 20 of these errors, pcregrep is abandoned.
+
+    (b) A binary zero was treated as data while matching, but terminated the
+        output line if it was written out. This has been fixed: binary zeroes
+        are now no different to any other data bytes.
+
+    (c) Whichever of the LC_ALL or LC_CTYPE environment variables is set is
+        used to set a locale for matching. The --locale=xxxx long option has
+        been added (no short equivalent) to specify a locale explicitly on the
+        pcregrep command, overriding the environment variables.
+
+    (d) When -B was used with -n, some line numbers in the output were one less
+        than they should have been.
+
+    (e) Added the -o (--only-matching) option.
+
+    (f) If -A or -C was used with -c (count only), some lines of context were
+        accidentally printed for the final match.
+
+    (g) Added the -H (--with-filename) option.
+
+    (h) The combination of options -rh failed to suppress file names for files
+        that were found from directory arguments.
+
+    (i) Added the -D (--devices) and -d (--directories) options.
+
+    (j) Added the -F (--fixed-strings) option.
+
+    (k) Allow "-" to be used as a file name for -f as well as for a data file.
+
+    (l) Added the --colo(u)r option.
+
+    (m) Added Jeffrey Friedl's -S testing option, but within #ifdefs so that it
+        is not present by default.
+
+ 3. A nasty bug was discovered in the handling of recursive patterns, that is,
+    items such as (?R) or (?1), when the recursion could match a number of
+    alternatives. If it matched one of the alternatives, but subsequently,
+    outside the recursion, there was a failure, the code tried to back up into
+    the recursion. However, because of the way PCRE is implemented, this is not
+    possible, and the result was an incorrect result from the match.
+
+    In order to prevent this happening, the specification of recursion has
+    been changed so that all such subpatterns are automatically treated as
+    atomic groups. Thus, for example, (?R) is treated as if it were (?>(?R)).
+
+ 4. I had overlooked the fact that, in some locales, there are characters for
+    which isalpha() is true but neither isupper() nor islower() are true. In
+    the fr_FR locale, for instance, the \xAA and \xBA characters (ordmasculine
+    and ordfeminine) are like this. This affected the treatment of \w and \W
+    when they appeared in character classes, but not when they appeared outside
+    a character class. The bit map for "word" characters is now created
+    separately from the results of isalnum() instead of just taking it from the
+    upper, lower, and digit maps. (Plus the underscore character, of course.)
+
+ 5. The above bug also affected the handling of POSIX character classes such as
+    [[:alpha:]] and [[:alnum:]]. These do not have their own bit maps in PCRE's
+    permanent tables. Instead, the bit maps for such a class were previously
+    created as the appropriate unions of the upper, lower, and digit bitmaps.
+    Now they are created by subtraction from the [[:word:]] class, which has
+    its own bitmap.
+
+ 6. The [[:blank:]] character class matches horizontal, but not vertical space.
+    It is created by subtracting the vertical space characters (\x09, \x0a,
+    \x0b, \x0c) from the [[:space:]] bitmap. Previously, however, the
+    subtraction was done in the overall bitmap for a character class, meaning
+    that a class such as [\x0c[:blank:]] was incorrect because \x0c would not
+    be recognized. This bug has been fixed.
+
+ 7. Patches from the folks at Google:
+
+      (a) pcrecpp.cc: "to handle a corner case that may or may not happen in
+      real life, but is still worth protecting against".
+
+      (b) pcrecpp.cc: "corrects a bug when negative radixes are used with
+      regular expressions".
+
+      (c) pcre_scanner.cc: avoid use of std::count() because not all systems
+      have it.
+
+      (d) Split off pcrecpparg.h from pcrecpp.h and had the former built by
+      "configure" and the latter not, in order to fix a problem somebody had
+      with compiling the Arg class on HP-UX.
+
+      (e) Improve the error-handling of the C++ wrapper a little bit.
+
+      (f) New tests for checking recursion limiting.
+
+ 8. The pcre_memmove() function, which is used only if the environment does not
+    have a standard memmove() function (and is therefore rarely compiled),
+    contained two bugs: (a) use of int instead of size_t, and (b) it was not
+    returning a result (though PCRE never actually uses the result).
+
+ 9. In the POSIX regexec() interface, if nmatch is specified as a ridiculously
+    large number - greater than INT_MAX/(3*sizeof(int)) - REG_ESPACE is
+    returned instead of calling malloc() with an overflowing number that would
+    most likely cause subsequent chaos.
+
+10. The debugging option of pcretest was not showing the NO_AUTO_CAPTURE flag.
+
+11. The POSIX flag REG_NOSUB is now supported. When a pattern that was compiled
+    with this option is matched, the nmatch and pmatch options of regexec() are
+    ignored.
+
+12. Added REG_UTF8 to the POSIX interface. This is not defined by POSIX, but is
+    provided in case anyone wants to the the POSIX interface with UTF-8
+    strings.
+
+13. Added CXXLDFLAGS to the Makefile parameters to provide settings only on the
+    C++ linking (needed for some HP-UX environments).
+
+14. Avoid compiler warnings in get_ucpname() when compiled without UCP support
+    (unused parameter) and in the pcre_printint() function (omitted "default"
+    switch label when the default is to do nothing).
+
+15. Added some code to make it possible, when PCRE is compiled as a C++
+    library, to replace subject pointers for pcre_exec() with a smart pointer
+    class, thus making it possible to process discontinuous strings.
+
+16. The two macros PCRE_EXPORT and PCRE_DATA_SCOPE are confusing, and perform
+    much the same function. They were added by different people who were trying
+    to make PCRE easy to compile on non-Unix systems. It has been suggested
+    that PCRE_EXPORT be abolished now that there is more automatic apparatus
+    for compiling on Windows systems. I have therefore replaced it with
+    PCRE_DATA_SCOPE. This is set automatically for Windows; if not set it
+    defaults to "extern" for C or "extern C" for C++, which works fine on
+    Unix-like systems. It is now possible to override the value of PCRE_DATA_
+    SCOPE with something explicit in config.h. In addition:
+
+    (a) pcreposix.h still had just "extern" instead of either of these macros;
+        I have replaced it with PCRE_DATA_SCOPE.
+
+    (b) Functions such as _pcre_xclass(), which are internal to the library,
+        but external in the C sense, all had PCRE_EXPORT in their definitions.
+        This is apparently wrong for the Windows case, so I have removed it.
+        (It makes no difference on Unix-like systems.)
+
+17. Added a new limit, MATCH_LIMIT_RECURSION, which limits the depth of nesting
+    of recursive calls to match(). This is different to MATCH_LIMIT because
+    that limits the total number of calls to match(), not all of which increase
+    the depth of recursion. Limiting the recursion depth limits the amount of
+    stack (or heap if NO_RECURSE is set) that is used. The default can be set
+    when PCRE is compiled, and changed at run time. A patch from Google adds
+    this functionality to the C++ interface.
+
+18. Changes to the handling of Unicode character properties:
+
+    (a) Updated the table to Unicode 4.1.0.
+
+    (b) Recognize characters that are not in the table as "Cn" (undefined).
+
+    (c) I revised the way the table is implemented to a much improved format
+        which includes recognition of ranges. It now supports the ranges that
+        are defined in UnicodeData.txt, and it also amalgamates other
+        characters into ranges. This has reduced the number of entries in the
+        table from around 16,000 to around 3,000, thus reducing its size
+        considerably. I realized I did not need to use a tree structure after
+        all - a binary chop search is just as efficient. Having reduced the
+        number of entries, I extended their size from 6 bytes to 8 bytes to
+        allow for more data.
+
+    (d) Added support for Unicode script names via properties such as \p{Han}.
+
+19. In UTF-8 mode, a backslash followed by a non-Ascii character was not
+    matching that character.
+
+20. When matching a repeated Unicode property with a minimum greater than zero,
+    (for example \pL{2,}), PCRE could look past the end of the subject if it
+    reached it while seeking the minimum number of characters. This could
+    happen only if some of the characters were more than one byte long, because
+    there is a check for at least the minimum number of bytes.
+
+21. Refactored the implementation of \p and \P so as to be more general, to
+    allow for more different types of property in future. This has changed the
+    compiled form incompatibly. Anybody with saved compiled patterns that use
+    \p or \P will have to recompile them.
+
+22. Added "Any" and "L&" to the supported property types.
+
+23. Recognize \x{...} as a code point specifier, even when not in UTF-8 mode,
+    but give a compile time error if the value is greater than 0xff.
+
+24. The man pages for pcrepartial, pcreprecompile, and pcre_compile2 were
+    accidentally not being installed or uninstalled.
+
+25. The pcre.h file was built from pcre.h.in, but the only changes that were
+    made were to insert the current release number. This seemed silly, because
+    it made things harder for people building PCRE on systems that don't run
+    "configure". I have turned pcre.h into a distributed file, no longer built
+    by "configure", with the version identification directly included. There is
+    no longer a pcre.h.in file.
+
+    However, this change necessitated a change to the pcre-config script as
+    well. It is built from pcre-config.in, and one of the substitutions was the
+    release number. I have updated configure.ac so that ./configure now finds
+    the release number by grepping pcre.h.
+
+26. Added the ability to run the tests under valgrind.
+
+
+Version 6.4 05-Sep-05
+---------------------
+
+ 1. Change 6.0/10/(l) to pcregrep introduced a bug that caused separator lines
+    "--" to be printed when multiple files were scanned, even when none of the
+    -A, -B, or -C options were used. This is not compatible with Gnu grep, so I
+    consider it to be a bug, and have restored the previous behaviour.
+
+ 2. A couple of code tidies to get rid of compiler warnings.
+
+ 3. The pcretest program used to cheat by referring to symbols in the library
+    whose names begin with _pcre_. These are internal symbols that are not
+    really supposed to be visible externally, and in some environments it is
+    possible to suppress them. The cheating is now confined to including
+    certain files from the library's source, which is a bit cleaner.
+
+ 4. Renamed pcre.in as pcre.h.in to go with pcrecpp.h.in; it also makes the
+    file's purpose clearer.
+
+ 5. Reorganized pcre_ucp_findchar().
+
+
+Version 6.3 15-Aug-05
+---------------------
+
+ 1. The file libpcre.pc.in did not have general read permission in the tarball.
+
+ 2. There were some problems when building without C++ support:
+
+    (a) If C++ support was not built, "make install" and "make test" still
+        tried to test it.
+
+    (b) There were problems when the value of CXX was explicitly set. Some
+        changes have been made to try to fix these, and ...
+
+    (c) --disable-cpp can now be used to explicitly disable C++ support.
+
+    (d) The use of @CPP_OBJ@ directly caused a blank line preceded by a
+        backslash in a target when C++ was disabled. This confuses some
+        versions of "make", apparently. Using an intermediate variable solves
+        this. (Same for CPP_LOBJ.)
+
+ 3. $(LINK_FOR_BUILD) now includes $(CFLAGS_FOR_BUILD) and $(LINK)
+    (non-Windows) now includes $(CFLAGS) because these flags are sometimes
+    necessary on certain architectures.
+
+ 4. Added a setting of -export-symbols-regex to the link command to remove
+    those symbols that are exported in the C sense, but actually are local
+    within the library, and not documented. Their names all begin with
+    "_pcre_". This is not a perfect job, because (a) we have to except some
+    symbols that pcretest ("illegally") uses, and (b) the facility isn't always
+    available (and never for static libraries). I have made a note to try to
+    find a way round (a) in the future.
+
+
+Version 6.2 01-Aug-05
+---------------------
+
+ 1. There was no test for integer overflow of quantifier values. A construction
+    such as {1111111111111111} would give undefined results. What is worse, if
+    a minimum quantifier for a parenthesized subpattern overflowed and became
+    negative, the calculation of the memory size went wrong. This could have
+    led to memory overwriting.
+
+ 2. Building PCRE using VPATH was broken. Hopefully it is now fixed.
+
+ 3. Added "b" to the 2nd argument of fopen() in dftables.c, for non-Unix-like
+    operating environments where this matters.
+
+ 4. Applied Giuseppe Maxia's patch to add additional features for controlling
+    PCRE options from within the C++ wrapper.
+
+ 5. Named capturing subpatterns were not being correctly counted when a pattern
+    was compiled. This caused two problems: (a) If there were more than 100
+    such subpatterns, the calculation of the memory needed for the whole
+    compiled pattern went wrong, leading to an overflow error. (b) Numerical
+    back references of the form \12, where the number was greater than 9, were
+    not recognized as back references, even though there were sufficient
+    previous subpatterns.
+
+ 6. Two minor patches to pcrecpp.cc in order to allow it to compile on older
+    versions of gcc, e.g. 2.95.4.
+
+
+Version 6.1 21-Jun-05
+---------------------
+
+ 1. There was one reference to the variable "posix" in pcretest.c that was not
+    surrounded by "#if !defined NOPOSIX".
+
+ 2. Make it possible to compile pcretest without DFA support, UTF8 support, or
+    the cross-check on the old pcre_info() function, for the benefit of the
+    cut-down version of PCRE that is currently imported into Exim.
+
+ 3. A (silly) pattern starting with (?i)(?-i) caused an internal space
+    allocation error. I've done the easy fix, which wastes 2 bytes for sensible
+    patterns that start (?i) but I don't think that matters. The use of (?i) is
+    just an example; this all applies to the other options as well.
+
+ 4. Since libtool seems to echo the compile commands it is issuing, the output
+    from "make" can be reduced a bit by putting "@" in front of each libtool
+    compile command.
+
+ 5. Patch from the folks at Google for configure.in to be a bit more thorough
+    in checking for a suitable C++ installation before trying to compile the
+    C++ stuff. This should fix a reported problem when a compiler was present,
+    but no suitable headers.
+
+ 6. The man pages all had just "PCRE" as their title. I have changed them to
+    be the relevant file name. I have also arranged that these names are
+    retained in the file doc/pcre.txt, which is a concatenation in text format
+    of all the man pages except the little individual ones for each function.
+
+ 7. The NON-UNIX-USE file had not been updated for the different set of source
+    files that come with release 6. I also added a few comments about the C++
+    wrapper.
+
+
+Version 6.0 07-Jun-05
+---------------------
+
+ 1. Some minor internal re-organization to help with my DFA experiments.
+
+ 2. Some missing #ifdef SUPPORT_UCP conditionals in pcretest and printint that
+    didn't matter for the library itself when fully configured, but did matter
+    when compiling without UCP support, or within Exim, where the ucp files are
+    not imported.
+
+ 3. Refactoring of the library code to split up the various functions into
+    different source modules. The addition of the new DFA matching code (see
+    below) to a single monolithic source would have made it really too
+    unwieldy, quite apart from causing all the code to be include in a
+    statically linked application, when only some functions are used. This is
+    relevant even without the DFA addition now that patterns can be compiled in
+    one application and matched in another.
+
+    The downside of splitting up is that there have to be some external
+    functions and data tables that are used internally in different modules of
+    the library but which are not part of the API. These have all had their
+    names changed to start with "_pcre_" so that they are unlikely to clash
+    with other external names.
+
+ 4. Added an alternate matching function, pcre_dfa_exec(), which matches using
+    a different (DFA) algorithm. Although it is slower than the original
+    function, it does have some advantages for certain types of matching
+    problem.
+
+ 5. Upgrades to pcretest in order to test the features of pcre_dfa_exec(),
+    including restarting after a partial match.
+
+ 6. A patch for pcregrep that defines INVALID_FILE_ATTRIBUTES if it is not
+    defined when compiling for Windows was sent to me. I have put it into the
+    code, though I have no means of testing or verifying it.
+
+ 7. Added the pcre_refcount() auxiliary function.
+
+ 8. Added the PCRE_FIRSTLINE option. This constrains an unanchored pattern to
+    match before or at the first newline in the subject string. In pcretest,
+    the /f option on a pattern can be used to set this.
+
+ 9. A repeated \w when used in UTF-8 mode with characters greater than 256
+    would behave wrongly. This has been present in PCRE since release 4.0.
+
+10. A number of changes to the pcregrep command:
+
+    (a) Refactored how -x works; insert ^(...)$ instead of setting
+        PCRE_ANCHORED and checking the length, in preparation for adding
+        something similar for -w.
+
+    (b) Added the -w (match as a word) option.
+
+    (c) Refactored the way lines are read and buffered so as to have more
+        than one at a time available.
+
+    (d) Implemented a pcregrep test script.
+
+    (e) Added the -M (multiline match) option. This allows patterns to match
+        over several lines of the subject. The buffering ensures that at least
+        8K, or the rest of the document (whichever is the shorter) is available
+        for matching (and similarly the previous 8K for lookbehind assertions).
+
+    (f) Changed the --help output so that it now says
+
+          -w, --word-regex(p)
+
+        instead of two lines, one with "regex" and the other with "regexp"
+        because that confused at least one person since the short forms are the
+        same. (This required a bit of code, as the output is generated
+        automatically from a table. It wasn't just a text change.)
+
+    (g) -- can be used to terminate pcregrep options if the next thing isn't an
+        option but starts with a hyphen. Could be a pattern or a path name
+        starting with a hyphen, for instance.
+
+    (h) "-" can be given as a file name to represent stdin.
+
+    (i) When file names are being printed, "(standard input)" is used for
+        the standard input, for compatibility with GNU grep. Previously
+        "<stdin>" was used.
+
+    (j) The option --label=xxx can be used to supply a name to be used for
+        stdin when file names are being printed. There is no short form.
+
+    (k) Re-factored the options decoding logic because we are going to add
+        two more options that take data. Such options can now be given in four
+        different ways, e.g. "-fname", "-f name", "--file=name", "--file name".
+
+    (l) Added the -A, -B, and -C options for requesting that lines of context
+        around matches be printed.
+
+    (m) Added the -L option to print the names of files that do not contain
+        any matching lines, that is, the complement of -l.
+
+    (n) The return code is 2 if any file cannot be opened, but pcregrep does
+        continue to scan other files.
+
+    (o) The -s option was incorrectly implemented. For compatibility with other
+        greps, it now suppresses the error message for a non-existent or non-
+        accessible file (but not the return code). There is a new option called
+        -q that suppresses the output of matching lines, which was what -s was
+        previously doing.
+
+    (p) Added --include and --exclude options to specify files for inclusion
+        and exclusion when recursing.
+
+11. The Makefile was not using the Autoconf-supported LDFLAGS macro properly.
+    Hopefully, it now does.
+
+12. Missing cast in pcre_study().
+
+13. Added an "uninstall" target to the makefile.
+
+14. Replaced "extern" in the function prototypes in Makefile.in with
+    "PCRE_DATA_SCOPE", which defaults to 'extern' or 'extern "C"' in the Unix
+    world, but is set differently for Windows.
+
+15. Added a second compiling function called pcre_compile2(). The only
+    difference is that it has an extra argument, which is a pointer to an
+    integer error code. When there is a compile-time failure, this is set
+    non-zero, in addition to the error test pointer being set to point to an
+    error message. The new argument may be NULL if no error number is required
+    (but then you may as well call pcre_compile(), which is now just a
+    wrapper). This facility is provided because some applications need a
+    numeric error indication, but it has also enabled me to tidy up the way
+    compile-time errors are handled in the POSIX wrapper.
+
+16. Added VPATH=.libs to the makefile; this should help when building with one
+    prefix path and installing with another. (Or so I'm told by someone who
+    knows more about this stuff than I do.)
+
+17. Added a new option, REG_DOTALL, to the POSIX function regcomp(). This
+    passes PCRE_DOTALL to the pcre_compile() function, making the "." character
+    match everything, including newlines. This is not POSIX-compatible, but
+    somebody wanted the feature. From pcretest it can be activated by using
+    both the P and the s flags.
+
+18. AC_PROG_LIBTOOL appeared twice in Makefile.in. Removed one.
+
+19. libpcre.pc was being incorrectly installed as executable.
+
+20. A couple of places in pcretest check for end-of-line by looking for '\n';
+    it now also looks for '\r' so that it will work unmodified on Windows.
+
+21. Added Google's contributed C++ wrapper to the distribution.
+
+22. Added some untidy missing memory free() calls in pcretest, to keep
+    Electric Fence happy when testing.
+
+
+
+Version 5.0 13-Sep-04
+---------------------
+
+ 1. Internal change: literal characters are no longer packed up into items
+    containing multiple characters in a single byte-string. Each character
+    is now matched using a separate opcode. However, there may be more than one
+    byte in the character in UTF-8 mode.
+
+ 2. The pcre_callout_block structure has two new fields: pattern_position and
+    next_item_length. These contain the offset in the pattern to the next match
+    item, and its length, respectively.
+
+ 3. The PCRE_AUTO_CALLOUT option for pcre_compile() requests the automatic
+    insertion of callouts before each pattern item. Added the /C option to
+    pcretest to make use of this.
+
+ 4. On the advice of a Windows user, the lines
+
+      #if defined(_WIN32) || defined(WIN32)
+      _setmode( _fileno( stdout ), 0x8000 );
+      #endif  /* defined(_WIN32) || defined(WIN32) */
+
+    have been added to the source of pcretest. This apparently does useful
+    magic in relation to line terminators.
+
+ 5. Changed "r" and "w" in the calls to fopen() in pcretest to "rb" and "wb"
+    for the benefit of those environments where the "b" makes a difference.
+
+ 6. The icc compiler has the same options as gcc, but "configure" doesn't seem
+    to know about it. I have put a hack into configure.in that adds in code
+    to set GCC=yes if CC=icc. This seems to end up at a point in the
+    generated configure script that is early enough to affect the setting of
+    compiler options, which is what is needed, but I have no means of testing
+    whether it really works. (The user who reported this had patched the
+    generated configure script, which of course I cannot do.)
+
+    LATER: After change 22 below (new libtool files), the configure script
+    seems to know about icc (and also ecc). Therefore, I have commented out
+    this hack in configure.in.
+
+ 7. Added support for pkg-config (2 patches were sent in).
+
+ 8. Negated POSIX character classes that used a combination of internal tables
+    were completely broken. These were [[:^alpha:]], [[:^alnum:]], and
+    [[:^ascii]]. Typically, they would match almost any characters. The other
+    POSIX classes were not broken in this way.
+
+ 9. Matching the pattern "\b.*?" against "ab cd", starting at offset 1, failed
+    to find the match, as PCRE was deluded into thinking that the match had to
+    start at the start point or following a newline. The same bug applied to
+    patterns with negative forward assertions or any backward assertions
+    preceding ".*" at the start, unless the pattern required a fixed first
+    character. This was a failing pattern: "(?!.bcd).*". The bug is now fixed.
+
+10. In UTF-8 mode, when moving forwards in the subject after a failed match
+    starting at the last subject character, bytes beyond the end of the subject
+    string were read.
+
+11. Renamed the variable "class" as "classbits" to make life easier for C++
+    users. (Previously there was a macro definition, but it apparently wasn't
+    enough.)
+
+12. Added the new field "tables" to the extra data so that tables can be passed
+    in at exec time, or the internal tables can be re-selected. This allows
+    a compiled regex to be saved and re-used at a later time by a different
+    program that might have everything at different addresses.
+
+13. Modified the pcre-config script so that, when run on Solaris, it shows a
+    -R library as well as a -L library.
+
+14. The debugging options of pcretest (-d on the command line or D on a
+    pattern) showed incorrect output for anything following an extended class
+    that contained multibyte characters and which was followed by a quantifier.
+
+15. Added optional support for general category Unicode character properties
+    via the \p, \P, and \X escapes. Unicode property support implies UTF-8
+    support. It adds about 90K to the size of the library. The meanings of the
+    inbuilt class escapes such as \d and \s have NOT been changed.
+
+16. Updated pcredemo.c to include calls to free() to release the memory for the
+    compiled pattern.
+
+17. The generated file chartables.c was being created in the source directory
+    instead of in the building directory. This caused the build to fail if the
+    source directory was different from the building directory, and was
+    read-only.
+
+18. Added some sample Win commands from Mark Tetrode into the NON-UNIX-USE
+    file. No doubt somebody will tell me if they don't make sense... Also added
+    Dan Mooney's comments about building on OpenVMS.
+
+19. Added support for partial matching via the PCRE_PARTIAL option for
+    pcre_exec() and the \P data escape in pcretest.
+
+20. Extended pcretest with 3 new pattern features:
+
+    (i)   A pattern option of the form ">rest-of-line" causes pcretest to
+          write the compiled pattern to the file whose name is "rest-of-line".
+          This is a straight binary dump of the data, with the saved pointer to
+          the character tables forced to be NULL. The study data, if any, is
+          written too. After writing, pcretest reads a new pattern.
+
+    (ii)  If, instead of a pattern, "<rest-of-line" is given, pcretest reads a
+          compiled pattern from the given file. There must not be any
+          occurrences of "<" in the file name (pretty unlikely); if there are,
+          pcretest will instead treat the initial "<" as a pattern delimiter.
+          After reading in the pattern, pcretest goes on to read data lines as
+          usual.
+
+    (iii) The F pattern option causes pcretest to flip the bytes in the 32-bit
+          and 16-bit fields in a compiled pattern, to simulate a pattern that
+          was compiled on a host of opposite endianness.
+
+21. The pcre-exec() function can now cope with patterns that were compiled on
+    hosts of opposite endianness, with this restriction:
+
+      As for any compiled expression that is saved and used later, the tables
+      pointer field cannot be preserved; the extra_data field in the arguments
+      to pcre_exec() should be used to pass in a tables address if a value
+      other than the default internal tables were used at compile time.
+
+22. Calling pcre_exec() with a negative value of the "ovecsize" parameter is
+    now diagnosed as an error. Previously, most of the time, a negative number
+    would have been treated as zero, but if in addition "ovector" was passed as
+    NULL, a crash could occur.
+
+23. Updated the files ltmain.sh, config.sub, config.guess, and aclocal.m4 with
+    new versions from the libtool 1.5 distribution (the last one is a copy of
+    a file called libtool.m4). This seems to have fixed the need to patch
+    "configure" to support Darwin 1.3 (which I used to do). However, I still
+    had to patch ltmain.sh to ensure that ${SED} is set (it isn't on my
+    workstation).
+
+24. Changed the PCRE licence to be the more standard "BSD" licence.
+
+
+Version 4.5 01-Dec-03
+---------------------
+
+ 1. There has been some re-arrangement of the code for the match() function so
+    that it can be compiled in a version that does not call itself recursively.
+    Instead, it keeps those local variables that need separate instances for
+    each "recursion" in a frame on the heap, and gets/frees frames whenever it
+    needs to "recurse". Keeping track of where control must go is done by means
+    of setjmp/longjmp. The whole thing is implemented by a set of macros that
+    hide most of the details from the main code, and operates only if
+    NO_RECURSE is defined while compiling pcre.c. If PCRE is built using the
+    "configure" mechanism, "--disable-stack-for-recursion" turns on this way of
+    operating.
+
+    To make it easier for callers to provide specially tailored get/free
+    functions for this usage, two new functions, pcre_stack_malloc, and
+    pcre_stack_free, are used. They are always called in strict stacking order,
+    and the size of block requested is always the same.
+
+    The PCRE_CONFIG_STACKRECURSE info parameter can be used to find out whether
+    PCRE has been compiled to use the stack or the heap for recursion. The
+    -C option of pcretest uses this to show which version is compiled.
+
+    A new data escape \S, is added to pcretest; it causes the amounts of store
+    obtained and freed by both kinds of malloc/free at match time to be added
+    to the output.
+
+ 2. Changed the locale test to use "fr_FR" instead of "fr" because that's
+    what's available on my current Linux desktop machine.
+
+ 3. When matching a UTF-8 string, the test for a valid string at the start has
+    been extended. If start_offset is not zero, PCRE now checks that it points
+    to a byte that is the start of a UTF-8 character. If not, it returns
+    PCRE_ERROR_BADUTF8_OFFSET (-11). Note: the whole string is still checked;
+    this is necessary because there may be backward assertions in the pattern.
+    When matching the same subject several times, it may save resources to use
+    PCRE_NO_UTF8_CHECK on all but the first call if the string is long.
+
+ 4. The code for checking the validity of UTF-8 strings has been tightened so
+    that it rejects (a) strings containing 0xfe or 0xff bytes and (b) strings
+    containing "overlong sequences".
+
+ 5. Fixed a bug (appearing twice) that I could not find any way of exploiting!
+    I had written "if ((digitab[*p++] && chtab_digit) == 0)" where the "&&"
+    should have been "&", but it just so happened that all the cases this let
+    through by mistake were picked up later in the function.
+
+ 6. I had used a variable called "isblank" - this is a C99 function, causing
+    some compilers to warn. To avoid this, I renamed it (as "blankclass").
+
+ 7. Cosmetic: (a) only output another newline at the end of pcretest if it is
+    prompting; (b) run "./pcretest /dev/null" at the start of the test script
+    so the version is shown; (c) stop "make test" echoing "./RunTest".
+
+ 8. Added patches from David Burgess to enable PCRE to run on EBCDIC systems.
+
+ 9. The prototype for memmove() for systems that don't have it was using
+    size_t, but the inclusion of the header that defines size_t was later. I've
+    moved the #includes for the C headers earlier to avoid this.
+
+10. Added some adjustments to the code to make it easier to compiler on certain
+    special systems:
+
+      (a) Some "const" qualifiers were missing.
+      (b) Added the macro EXPORT before all exported functions; by default this
+          is defined to be empty.
+      (c) Changed the dftables auxiliary program (that builds chartables.c) so
+          that it reads its output file name as an argument instead of writing
+          to the standard output and assuming this can be redirected.
+
+11. In UTF-8 mode, if a recursive reference (e.g. (?1)) followed a character
+    class containing characters with values greater than 255, PCRE compilation
+    went into a loop.
+
+12. A recursive reference to a subpattern that was within another subpattern
+    that had a minimum quantifier of zero caused PCRE to crash. For example,
+    (x(y(?2))z)? provoked this bug with a subject that got as far as the
+    recursion. If the recursively-called subpattern itself had a zero repeat,
+    that was OK.
+
+13. In pcretest, the buffer for reading a data line was set at 30K, but the
+    buffer into which it was copied (for escape processing) was still set at
+    1024, so long lines caused crashes.
+
+14. A pattern such as /[ab]{1,3}+/ failed to compile, giving the error
+    "internal error: code overflow...". This applied to any character class
+    that was followed by a possessive quantifier.
+
+15. Modified the Makefile to add libpcre.la as a prerequisite for
+    libpcreposix.la because I was told this is needed for a parallel build to
+    work.
+
+16. If a pattern that contained .* following optional items at the start was
+    studied, the wrong optimizing data was generated, leading to matching
+    errors. For example, studying /[ab]*.*c/ concluded, erroneously, that any
+    matching string must start with a or b or c. The correct conclusion for
+    this pattern is that a match can start with any character.
+
+
+Version 4.4 13-Aug-03
+---------------------
+
+ 1. In UTF-8 mode, a character class containing characters with values between
+    127 and 255 was not handled correctly if the compiled pattern was studied.
+    In fixing this, I have also improved the studying algorithm for such
+    classes (slightly).
+
+ 2. Three internal functions had redundant arguments passed to them. Removal
+    might give a very teeny performance improvement.
+
+ 3. Documentation bug: the value of the capture_top field in a callout is *one
+    more than* the number of the hightest numbered captured substring.
+
+ 4. The Makefile linked pcretest and pcregrep with -lpcre, which could result
+    in incorrectly linking with a previously installed version. They now link
+    explicitly with libpcre.la.
+
+ 5. configure.in no longer needs to recognize Cygwin specially.
+
+ 6. A problem in pcre.in for Windows platforms is fixed.
+
+ 7. If a pattern was successfully studied, and the -d (or /D) flag was given to
+    pcretest, it used to include the size of the study block as part of its
+    output. Unfortunately, the structure contains a field that has a different
+    size on different hardware architectures. This meant that the tests that
+    showed this size failed. As the block is currently always of a fixed size,
+    this information isn't actually particularly useful in pcretest output, so
+    I have just removed it.
+
+ 8. Three pre-processor statements accidentally did not start in column 1.
+    Sadly, there are *still* compilers around that complain, even though
+    standard C has not required this for well over a decade. Sigh.
+
+ 9. In pcretest, the code for checking callouts passed small integers in the
+    callout_data field, which is a void * field. However, some picky compilers
+    complained about the casts involved for this on 64-bit systems. Now
+    pcretest passes the address of the small integer instead, which should get
+    rid of the warnings.
+
+10. By default, when in UTF-8 mode, PCRE now checks for valid UTF-8 strings at
+    both compile and run time, and gives an error if an invalid UTF-8 sequence
+    is found. There is a option for disabling this check in cases where the
+    string is known to be correct and/or the maximum performance is wanted.
+
+11. In response to a bug report, I changed one line in Makefile.in from
+
+        -Wl,--out-implib,.libs/lib@WIN_PREFIX@pcreposix.dll.a \
+    to
+        -Wl,--out-implib,.libs/@WIN_PREFIX@libpcreposix.dll.a \
+
+    to look similar to other lines, but I have no way of telling whether this
+    is the right thing to do, as I do not use Windows. No doubt I'll get told
+    if it's wrong...
+
+
+Version 4.3 21-May-03
+---------------------
+
+1. Two instances of @WIN_PREFIX@ omitted from the Windows targets in the
+   Makefile.
+
+2. Some refactoring to improve the quality of the code:
+
+   (i)   The utf8_table... variables are now declared "const".
+
+   (ii)  The code for \cx, which used the "case flipping" table to upper case
+         lower case letters, now just substracts 32. This is ASCII-specific,
+         but the whole concept of \cx is ASCII-specific, so it seems
+         reasonable.
+
+   (iii) PCRE was using its character types table to recognize decimal and
+         hexadecimal digits in the pattern. This is silly, because it handles
+         only 0-9, a-f, and A-F, but the character types table is locale-
+         specific, which means strange things might happen. A private
+         table is now used for this - though it costs 256 bytes, a table is
+         much faster than multiple explicit tests. Of course, the standard
+         character types table is still used for matching digits in subject
+         strings against \d.
+
+   (iv)  Strictly, the identifier ESC_t is reserved by POSIX (all identifiers
+         ending in _t are). So I've renamed it as ESC_tee.
+
+3. The first argument for regexec() in the POSIX wrapper should have been
+   defined as "const".
+
+4. Changed pcretest to use malloc() for its buffers so that they can be
+   Electric Fenced for debugging.
+
+5. There were several places in the code where, in UTF-8 mode, PCRE would try
+   to read one or more bytes before the start of the subject string. Often this
+   had no effect on PCRE's behaviour, but in some circumstances it could
+   provoke a segmentation fault.
+
+6. A lookbehind at the start of a pattern in UTF-8 mode could also cause PCRE
+   to try to read one or more bytes before the start of the subject string.
+
+7. A lookbehind in a pattern matched in non-UTF-8 mode on a PCRE compiled with
+   UTF-8 support could misbehave in various ways if the subject string
+   contained bytes with the 0x80 bit set and the 0x40 bit unset in a lookbehind
+   area. (PCRE was not checking for the UTF-8 mode flag, and trying to move
+   back over UTF-8 characters.)
+
+
+Version 4.2 14-Apr-03
+---------------------
+
+1. Typo "#if SUPPORT_UTF8" instead of "#ifdef SUPPORT_UTF8" fixed.
+
+2. Changes to the building process, supplied by Ronald Landheer-Cieslak
+     [ON_WINDOWS]: new variable, "#" on non-Windows platforms
+     [NOT_ON_WINDOWS]: new variable, "#" on Windows platforms
+     [WIN_PREFIX]: new variable, "cyg" for Cygwin
+     * Makefile.in: use autoconf substitution for OBJEXT, EXEEXT, BUILD_OBJEXT
+       and BUILD_EXEEXT
+     Note: automatic setting of the BUILD variables is not yet working
+     set CPPFLAGS and BUILD_CPPFLAGS (but don't use yet) - should be used at
+       compile-time but not at link-time
+     [LINK]: use for linking executables only
+     make different versions for Windows and non-Windows
+     [LINKLIB]: new variable, copy of UNIX-style LINK, used for linking
+       libraries
+     [LINK_FOR_BUILD]: new variable
+     [OBJEXT]: use throughout
+     [EXEEXT]: use throughout
+     <winshared>: new target
+     <wininstall>: new target
+     <dftables.o>: use native compiler
+     <dftables>: use native linker
+     <install>: handle Windows platform correctly
+     <clean>: ditto
+     <check>: ditto
+     copy DLL to top builddir before testing
+
+   As part of these changes, -no-undefined was removed again. This was reported
+   to give trouble on HP-UX 11.0, so getting rid of it seems like a good idea
+   in any case.
+
+3. Some tidies to get rid of compiler warnings:
+
+   . In the match_data structure, match_limit was an unsigned long int, whereas
+     match_call_count was an int. I've made them both unsigned long ints.
+
+   . In pcretest the fact that a const uschar * doesn't automatically cast to
+     a void * provoked a warning.
+
+   . Turning on some more compiler warnings threw up some "shadow" variables
+     and a few more missing casts.
+
+4. If PCRE was complied with UTF-8 support, but called without the PCRE_UTF8
+   option, a class that contained a single character with a value between 128
+   and 255 (e.g. /[\xFF]/) caused PCRE to crash.
+
+5. If PCRE was compiled with UTF-8 support, but called without the PCRE_UTF8
+   option, a class that contained several characters, but with at least one
+   whose value was between 128 and 255 caused PCRE to crash.
+
+
+Version 4.1 12-Mar-03
+---------------------
+
+1. Compiling with gcc -pedantic found a couple of places where casts were
+needed, and a string in dftables.c that was longer than standard compilers are
+required to support.
+
+2. Compiling with Sun's compiler found a few more places where the code could
+be tidied up in order to avoid warnings.
+
+3. The variables for cross-compiling were called HOST_CC and HOST_CFLAGS; the
+first of these names is deprecated in the latest Autoconf in favour of the name
+CC_FOR_BUILD, because "host" is typically used to mean the system on which the
+compiled code will be run. I can't find a reference for HOST_CFLAGS, but by
+analogy I have changed it to CFLAGS_FOR_BUILD.
+
+4. Added -no-undefined to the linking command in the Makefile, because this is
+apparently helpful for Windows. To make it work, also added "-L. -lpcre" to the
+linking step for the pcreposix library.
+
+5. PCRE was failing to diagnose the case of two named groups with the same
+name.
+
+6. A problem with one of PCRE's optimizations was discovered. PCRE remembers a
+literal character that is needed in the subject for a match, and scans along to
+ensure that it is present before embarking on the full matching process. This
+saves time in cases of nested unlimited repeats that are never going to match.
+Problem: the scan can take a lot of time if the subject is very long (e.g.
+megabytes), thus penalizing straightforward matches. It is now done only if the
+amount of subject to be scanned is less than 1000 bytes.
+
+7. A lesser problem with the same optimization is that it was recording the
+first character of an anchored pattern as "needed", thus provoking a search
+right along the subject, even when the first match of the pattern was going to
+fail. The "needed" character is now not set for anchored patterns, unless it
+follows something in the pattern that is of non-fixed length. Thus, it still
+fulfils its original purpose of finding quick non-matches in cases of nested
+unlimited repeats, but isn't used for simple anchored patterns such as /^abc/.
+
+
+Version 4.0 17-Feb-03
+---------------------
+
+1. If a comment in an extended regex that started immediately after a meta-item
+extended to the end of string, PCRE compiled incorrect data. This could lead to
+all kinds of weird effects. Example: /#/ was bad; /()#/ was bad; /a#/ was not.
+
+2. Moved to autoconf 2.53 and libtool 1.4.2.
+
+3. Perl 5.8 no longer needs "use utf8" for doing UTF-8 things. Consequently,
+the special perltest8 script is no longer needed - all the tests can be run
+from a single perltest script.
+
+4. From 5.004, Perl has not included the VT character (0x0b) in the set defined
+by \s. It has now been removed in PCRE. This means it isn't recognized as
+whitespace in /x regexes too, which is the same as Perl. Note that the POSIX
+class [:space:] *does* include VT, thereby creating a mess.
+
+5. Added the class [:blank:] (a GNU extension from Perl 5.8) to match only
+space and tab.
+
+6. Perl 5.005 was a long time ago. It's time to amalgamate the tests that use
+its new features into the main test script, reducing the number of scripts.
+
+7. Perl 5.8 has changed the meaning of patterns like /a(?i)b/. Earlier versions
+were backward compatible, and made the (?i) apply to the whole pattern, as if
+/i were given. Now it behaves more logically, and applies the option setting
+only to what follows. PCRE has been changed to follow suit. However, if it
+finds options settings right at the start of the pattern, it extracts them into
+the global options, as before. Thus, they show up in the info data.
+
+8. Added support for the \Q...\E escape sequence. Characters in between are
+treated as literals. This is slightly different from Perl in that $ and @ are
+also handled as literals inside the quotes. In Perl, they will cause variable
+interpolation. Note the following examples:
+
+    Pattern            PCRE matches      Perl matches
+
+    \Qabc$xyz\E        abc$xyz           abc followed by the contents of $xyz
+    \Qabc\$xyz\E       abc\$xyz          abc\$xyz
+    \Qabc\E\$\Qxyz\E   abc$xyz           abc$xyz
+
+For compatibility with Perl, \Q...\E sequences are recognized inside character
+classes as well as outside them.
+
+9. Re-organized 3 code statements in pcretest to avoid "overflow in
+floating-point constant arithmetic" warnings from a Microsoft compiler. Added a
+(size_t) cast to one statement in pcretest and one in pcreposix to avoid
+signed/unsigned warnings.
+
+10. SunOS4 doesn't have strtoul(). This was used only for unpicking the -o
+option for pcretest, so I've replaced it by a simple function that does just
+that job.
+
+11. pcregrep was ending with code 0 instead of 2 for the commands "pcregrep" or
+"pcregrep -".
+
+12. Added "possessive quantifiers" ?+, *+, ++, and {,}+ which come from Sun's
+Java package. This provides some syntactic sugar for simple cases of what my
+documentation calls "once-only subpatterns". A pattern such as x*+ is the same
+as (?>x*). In other words, if what is inside (?>...) is just a single repeated
+item, you can use this simplified notation. Note that only makes sense with
+greedy quantifiers. Consequently, the use of the possessive quantifier forces
+greediness, whatever the setting of the PCRE_UNGREEDY option.
+
+13. A change of greediness default within a pattern was not taking effect at
+the current level for patterns like /(b+(?U)a+)/. It did apply to parenthesized
+subpatterns that followed. Patterns like /b+(?U)a+/ worked because the option
+was abstracted outside.
+
+14. PCRE now supports the \G assertion. It is true when the current matching
+position is at the start point of the match. This differs from \A when the
+starting offset is non-zero. Used with the /g option of pcretest (or similar
+code), it works in the same way as it does for Perl's /g option. If all
+alternatives of a regex begin with \G, the expression is anchored to the start
+match position, and the "anchored" flag is set in the compiled expression.
+
+15. Some bugs concerning the handling of certain option changes within patterns
+have been fixed. These applied to options other than (?ims). For example,
+"a(?x: b c )d" did not match "XabcdY" but did match "Xa b c dY". It should have
+been the other way round. Some of this was related to change 7 above.
+
+16. PCRE now gives errors for /[.x.]/ and /[=x=]/ as unsupported POSIX
+features, as Perl does. Previously, PCRE gave the warnings only for /[[.x.]]/
+and /[[=x=]]/. PCRE now also gives an error for /[:name:]/ because it supports
+POSIX classes only within a class (e.g. /[[:alpha:]]/).
+
+17. Added support for Perl's \C escape. This matches one byte, even in UTF8
+mode. Unlike ".", it always matches newline, whatever the setting of
+PCRE_DOTALL. However, PCRE does not permit \C to appear in lookbehind
+assertions. Perl allows it, but it doesn't (in general) work because it can't
+calculate the length of the lookbehind. At least, that's the case for Perl
+5.8.0 - I've been told they are going to document that it doesn't work in
+future.
+
+18. Added an error diagnosis for escapes that PCRE does not support: these are
+\L, \l, \N, \P, \p, \U, \u, and \X.
+
+19. Although correctly diagnosing a missing ']' in a character class, PCRE was
+reading past the end of the pattern in cases such as /[abcd/.
+
+20. PCRE was getting more memory than necessary for patterns with classes that
+contained both POSIX named classes and other characters, e.g. /[[:space:]abc/.
+
+21. Added some code, conditional on #ifdef VPCOMPAT, to make life easier for
+compiling PCRE for use with Virtual Pascal.
+
+22. Small fix to the Makefile to make it work properly if the build is done
+outside the source tree.
+
+23. Added a new extension: a condition to go with recursion. If a conditional
+subpattern starts with (?(R) the "true" branch is used if recursion has
+happened, whereas the "false" branch is used only at the top level.
+
+24. When there was a very long string of literal characters (over 255 bytes
+without UTF support, over 250 bytes with UTF support), the computation of how
+much memory was required could be incorrect, leading to segfaults or other
+strange effects.
+
+25. PCRE was incorrectly assuming anchoring (either to start of subject or to
+start of line for a non-DOTALL pattern) when a pattern started with (.*) and
+there was a subsequent back reference to those brackets. This meant that, for
+example, /(.*)\d+\1/ failed to match "abc123bc". Unfortunately, it isn't
+possible to check for precisely this case. All we can do is abandon the
+optimization if .* occurs inside capturing brackets when there are any back
+references whatsoever. (See below for a better fix that came later.)
+
+26. The handling of the optimization for finding the first character of a
+non-anchored pattern, and for finding a character that is required later in the
+match were failing in some cases. This didn't break the matching; it just
+failed to optimize when it could. The way this is done has been re-implemented.
+
+27. Fixed typo in error message for invalid (?R item (it said "(?p").
+
+28. Added a new feature that provides some of the functionality that Perl
+provides with (?{...}). The facility is termed a "callout". The way it is done
+in PCRE is for the caller to provide an optional function, by setting
+pcre_callout to its entry point. Like pcre_malloc and pcre_free, this is a
+global variable. By default it is unset, which disables all calling out. To get
+the function called, the regex must include (?C) at appropriate points. This
+is, in fact, equivalent to (?C0), and any number <= 255 may be given with (?C).
+This provides a means of identifying different callout points. When PCRE
+reaches such a point in the regex, if pcre_callout has been set, the external
+function is called. It is provided with data in a structure called
+pcre_callout_block, which is defined in pcre.h. If the function returns 0,
+matching continues; if it returns a non-zero value, the match at the current
+point fails. However, backtracking will occur if possible. [This was changed
+later and other features added - see item 49 below.]
+
+29. pcretest is upgraded to test the callout functionality. It provides a
+callout function that displays information. By default, it shows the start of
+the match and the current position in the text. There are some new data escapes
+to vary what happens:
+
+    \C+         in addition, show current contents of captured substrings
+    \C-         do not supply a callout function
+    \C!n        return 1 when callout number n is reached
+    \C!n!m      return 1 when callout number n is reached for the mth time
+
+30. If pcregrep was called with the -l option and just a single file name, it
+output "<stdin>" if a match was found, instead of the file name.
+
+31. Improve the efficiency of the POSIX API to PCRE. If the number of capturing
+slots is less than POSIX_MALLOC_THRESHOLD, use a block on the stack to pass to
+pcre_exec(). This saves a malloc/free per call. The default value of
+POSIX_MALLOC_THRESHOLD is 10; it can be changed by --with-posix-malloc-threshold
+when configuring.
+
+32. The default maximum size of a compiled pattern is 64K. There have been a
+few cases of people hitting this limit. The code now uses macros to handle the
+storing of links as offsets within the compiled pattern. It defaults to 2-byte
+links, but this can be changed to 3 or 4 bytes by --with-link-size when
+configuring. Tests 2 and 5 work only with 2-byte links because they output
+debugging information about compiled patterns.
+
+33. Internal code re-arrangements:
+
+(a) Moved the debugging function for printing out a compiled regex into
+    its own source file (printint.c) and used #include to pull it into
+    pcretest.c and, when DEBUG is defined, into pcre.c, instead of having two
+    separate copies.
+
+(b) Defined the list of op-code names for debugging as a macro in
+    internal.h so that it is next to the definition of the opcodes.
+
+(c) Defined a table of op-code lengths for simpler skipping along compiled
+    code. This is again a macro in internal.h so that it is next to the
+    definition of the opcodes.
+
+34. Added support for recursive calls to individual subpatterns, along the
+lines of Robin Houston's patch (but implemented somewhat differently).
+
+35. Further mods to the Makefile to help Win32. Also, added code to pcregrep to
+allow it to read and process whole directories in Win32. This code was
+contributed by Lionel Fourquaux; it has not been tested by me.
+
+36. Added support for named subpatterns. The Python syntax (?P<name>...) is
+used to name a group. Names consist of alphanumerics and underscores, and must
+be unique. Back references use the syntax (?P=name) and recursive calls use
+(?P>name) which is a PCRE extension to the Python extension. Groups still have
+numbers. The function pcre_fullinfo() can be used after compilation to extract
+a name/number map. There are three relevant calls:
+
+  PCRE_INFO_NAMEENTRYSIZE        yields the size of each entry in the map
+  PCRE_INFO_NAMECOUNT            yields the number of entries
+  PCRE_INFO_NAMETABLE            yields a pointer to the map.
+
+The map is a vector of fixed-size entries. The size of each entry depends on
+the length of the longest name used. The first two bytes of each entry are the
+group number, most significant byte first. There follows the corresponding
+name, zero terminated. The names are in alphabetical order.
+
+37. Make the maximum literal string in the compiled code 250 for the non-UTF-8
+case instead of 255. Making it the same both with and without UTF-8 support
+means that the same test output works with both.
+
+38. There was a case of malloc(0) in the POSIX testing code in pcretest. Avoid
+calling malloc() with a zero argument.
+
+39. Change 25 above had to resort to a heavy-handed test for the .* anchoring
+optimization. I've improved things by keeping a bitmap of backreferences with
+numbers 1-31 so that if .* occurs inside capturing brackets that are not in
+fact referenced, the optimization can be applied. It is unlikely that a
+relevant occurrence of .* (i.e. one which might indicate anchoring or forcing
+the match to follow \n) will appear inside brackets with a number greater than
+31, but if it does, any back reference > 31 suppresses the optimization.
+
+40. Added a new compile-time option PCRE_NO_AUTO_CAPTURE. This has the effect
+of disabling numbered capturing parentheses. Any opening parenthesis that is
+not followed by ? behaves as if it were followed by ?: but named parentheses
+can still be used for capturing (and they will acquire numbers in the usual
+way).
+
+41. Redesigned the return codes from the match() function into yes/no/error so
+that errors can be passed back from deep inside the nested calls. A malloc
+failure while inside a recursive subpattern call now causes the
+PCRE_ERROR_NOMEMORY return instead of quietly going wrong.
+
+42. It is now possible to set a limit on the number of times the match()
+function is called in a call to pcre_exec(). This facility makes it possible to
+limit the amount of recursion and backtracking, though not in a directly
+obvious way, because the match() function is used in a number of different
+circumstances. The count starts from zero for each position in the subject
+string (for non-anchored patterns). The default limit is, for compatibility, a
+large number, namely 10 000 000. You can change this in two ways:
+
+(a) When configuring PCRE before making, you can use --with-match-limit=n
+    to set a default value for the compiled library.
+
+(b) For each call to pcre_exec(), you can pass a pcre_extra block in which
+    a different value is set. See 45 below.
+
+If the limit is exceeded, pcre_exec() returns PCRE_ERROR_MATCHLIMIT.
+
+43. Added a new function pcre_config(int, void *) to enable run-time extraction
+of things that can be changed at compile time. The first argument specifies
+what is wanted and the second points to where the information is to be placed.
+The current list of available information is:
+
+  PCRE_CONFIG_UTF8
+
+The output is an integer that is set to one if UTF-8 support is available;
+otherwise it is set to zero.
+
+  PCRE_CONFIG_NEWLINE
+
+The output is an integer that it set to the value of the code that is used for
+newline. It is either LF (10) or CR (13).
+
+  PCRE_CONFIG_LINK_SIZE
+
+The output is an integer that contains the number of bytes used for internal
+linkage in compiled expressions. The value is 2, 3, or 4. See item 32 above.
+
+  PCRE_CONFIG_POSIX_MALLOC_THRESHOLD
+
+The output is an integer that contains the threshold above which the POSIX
+interface uses malloc() for output vectors. See item 31 above.
+
+  PCRE_CONFIG_MATCH_LIMIT
+
+The output is an unsigned integer that contains the default limit of the number
+of match() calls in a pcre_exec() execution. See 42 above.
+
+44. pcretest has been upgraded by the addition of the -C option. This causes it
+to extract all the available output from the new pcre_config() function, and to
+output it. The program then exits immediately.
+
+45. A need has arisen to pass over additional data with calls to pcre_exec() in
+order to support additional features. One way would have been to define
+pcre_exec2() (for example) with extra arguments, but this would not have been
+extensible, and would also have required all calls to the original function to
+be mapped to the new one. Instead, I have chosen to extend the mechanism that
+is used for passing in "extra" data from pcre_study().
+
+The pcre_extra structure is now exposed and defined in pcre.h. It currently
+contains the following fields:
+
+  flags         a bitmap indicating which of the following fields are set
+  study_data    opaque data from pcre_study()
+  match_limit   a way of specifying a limit on match() calls for a specific
+                  call to pcre_exec()
+  callout_data  data for callouts (see 49 below)
+
+The flag bits are also defined in pcre.h, and are
+
+  PCRE_EXTRA_STUDY_DATA
+  PCRE_EXTRA_MATCH_LIMIT
+  PCRE_EXTRA_CALLOUT_DATA
+
+The pcre_study() function now returns one of these new pcre_extra blocks, with
+the actual study data pointed to by the study_data field, and the
+PCRE_EXTRA_STUDY_DATA flag set. This can be passed directly to pcre_exec() as
+before. That is, this change is entirely upwards-compatible and requires no
+change to existing code.
+
+If you want to pass in additional data to pcre_exec(), you can either place it
+in a pcre_extra block provided by pcre_study(), or create your own pcre_extra
+block.
+
+46. pcretest has been extended to test the PCRE_EXTRA_MATCH_LIMIT feature. If a
+data string contains the escape sequence \M, pcretest calls pcre_exec() several
+times with different match limits, until it finds the minimum value needed for
+pcre_exec() to complete. The value is then output. This can be instructive; for
+most simple matches the number is quite small, but for pathological cases it
+gets very large very quickly.
+
+47. There's a new option for pcre_fullinfo() called PCRE_INFO_STUDYSIZE. It
+returns the size of the data block pointed to by the study_data field in a
+pcre_extra block, that is, the value that was passed as the argument to
+pcre_malloc() when PCRE was getting memory in which to place the information
+created by pcre_study(). The fourth argument should point to a size_t variable.
+pcretest has been extended so that this information is shown after a successful
+pcre_study() call when information about the compiled regex is being displayed.
+
+48. Cosmetic change to Makefile: there's no need to have / after $(DESTDIR)
+because what follows is always an absolute path. (Later: it turns out that this
+is more than cosmetic for MinGW, because it doesn't like empty path
+components.)
+
+49. Some changes have been made to the callout feature (see 28 above):
+
+(i)  A callout function now has three choices for what it returns:
+
+       0  =>  success, carry on matching
+     > 0  =>  failure at this point, but backtrack if possible
+     < 0  =>  serious error, return this value from pcre_exec()
+
+     Negative values should normally be chosen from the set of PCRE_ERROR_xxx
+     values. In particular, returning PCRE_ERROR_NOMATCH forces a standard
+     "match failed" error. The error number PCRE_ERROR_CALLOUT is reserved for
+     use by callout functions. It will never be used by PCRE itself.
+
+(ii) The pcre_extra structure (see 45 above) has a void * field called
+     callout_data, with corresponding flag bit PCRE_EXTRA_CALLOUT_DATA. The
+     pcre_callout_block structure has a field of the same name. The contents of
+     the field passed in the pcre_extra structure are passed to the callout
+     function in the corresponding field in the callout block. This makes it
+     easier to use the same callout-containing regex from multiple threads. For
+     testing, the pcretest program has a new data escape
+
+       \C*n        pass the number n (may be negative) as callout_data
+
+     If the callout function in pcretest receives a non-zero value as
+     callout_data, it returns that value.
+
+50. Makefile wasn't handling CFLAGS properly when compiling dftables. Also,
+there were some redundant $(CFLAGS) in commands that are now specified as
+$(LINK), which already includes $(CFLAGS).
+
+51. Extensions to UTF-8 support are listed below. These all apply when (a) PCRE
+has been compiled with UTF-8 support *and* pcre_compile() has been compiled
+with the PCRE_UTF8 flag. Patterns that are compiled without that flag assume
+one-byte characters throughout. Note that case-insensitive matching applies
+only to characters whose values are less than 256. PCRE doesn't support the
+notion of cases for higher-valued characters.
+
+(i)   A character class whose characters are all within 0-255 is handled as
+      a bit map, and the map is inverted for negative classes. Previously, a
+      character > 255 always failed to match such a class; however it should
+      match if the class was a negative one (e.g. [^ab]). This has been fixed.
+
+(ii)  A negated character class with a single character < 255 is coded as
+      "not this character" (OP_NOT). This wasn't working properly when the test
+      character was multibyte, either singly or repeated.
+
+(iii) Repeats of multibyte characters are now handled correctly in UTF-8
+      mode, for example: \x{100}{2,3}.
+
+(iv)  The character escapes \b, \B, \d, \D, \s, \S, \w, and \W (either
+      singly or repeated) now correctly test multibyte characters. However,
+      PCRE doesn't recognize any characters with values greater than 255 as
+      digits, spaces, or word characters. Such characters always match \D, \S,
+      and \W, and never match \d, \s, or \w.
+
+(v)   Classes may now contain characters and character ranges with values
+      greater than 255. For example: [ab\x{100}-\x{400}].
+
+(vi)  pcregrep now has a --utf-8 option (synonym -u) which makes it call
+      PCRE in UTF-8 mode.
+
+52. The info request value PCRE_INFO_FIRSTCHAR has been renamed
+PCRE_INFO_FIRSTBYTE because it is a byte value. However, the old name is
+retained for backwards compatibility. (Note that LASTLITERAL is also a byte
+value.)
+
+53. The single man page has become too large. I have therefore split it up into
+a number of separate man pages. These also give rise to individual HTML pages;
+these are now put in a separate directory, and there is an index.html page that
+lists them all. Some hyperlinking between the pages has been installed.
+
+54. Added convenience functions for handling named capturing parentheses.
+
+55. Unknown escapes inside character classes (e.g. [\M]) and escapes that
+aren't interpreted therein (e.g. [\C]) are literals in Perl. This is now also
+true in PCRE, except when the PCRE_EXTENDED option is set, in which case they
+are faulted.
+
+56. Introduced HOST_CC and HOST_CFLAGS which can be set in the environment when
+calling configure. These values are used when compiling the dftables.c program
+which is run to generate the source of the default character tables. They
+default to the values of CC and CFLAGS. If you are cross-compiling PCRE,
+you will need to set these values.
+
+57. Updated the building process for Windows DLL, as provided by Fred Cox.
+
+
+Version 3.9 02-Jan-02
+---------------------
+
+1. A bit of extraneous text had somehow crept into the pcregrep documentation.
+
+2. If --disable-static was given, the building process failed when trying to
+build pcretest and pcregrep. (For some reason it was using libtool to compile
+them, which is not right, as they aren't part of the library.)
+
+
+Version 3.8 18-Dec-01
+---------------------
+
+1. The experimental UTF-8 code was completely screwed up. It was packing the
+bytes in the wrong order. How dumb can you get?
+
+
+Version 3.7 29-Oct-01
+---------------------
+
+1. In updating pcretest to check change 1 of version 3.6, I screwed up.
+This caused pcretest, when used on the test data, to segfault. Unfortunately,
+this didn't happen under Solaris 8, where I normally test things.
+
+2. The Makefile had to be changed to make it work on BSD systems, where 'make'
+doesn't seem to recognize that ./xxx and xxx are the same file. (This entry
+isn't in ChangeLog distributed with 3.7 because I forgot when I hastily made
+this fix an hour or so after the initial 3.7 release.)
+
+
+Version 3.6 23-Oct-01
+---------------------
+
+1. Crashed with /(sens|respons)e and \1ibility/ and "sense and sensibility" if
+offsets passed as NULL with zero offset count.
+
+2. The config.guess and config.sub files had not been updated when I moved to
+the latest autoconf.
+
+
+Version 3.5 15-Aug-01
+---------------------
+
+1. Added some missing #if !defined NOPOSIX conditionals in pcretest.c that
+had been forgotten.
+
+2. By using declared but undefined structures, we can avoid using "void"
+definitions in pcre.h while keeping the internal definitions of the structures
+private.
+
+3. The distribution is now built using autoconf 2.50 and libtool 1.4. From a
+user point of view, this means that both static and shared libraries are built
+by default, but this can be individually controlled. More of the work of
+handling this static/shared cases is now inside libtool instead of PCRE's make
+file.
+
+4. The pcretest utility is now installed along with pcregrep because it is
+useful for users (to test regexs) and by doing this, it automatically gets
+relinked by libtool. The documentation has been turned into a man page, so
+there are now .1, .txt, and .html versions in /doc.
+
+5. Upgrades to pcregrep:
+   (i)   Added long-form option names like gnu grep.
+   (ii)  Added --help to list all options with an explanatory phrase.
+   (iii) Added -r, --recursive to recurse into sub-directories.
+   (iv)  Added -f, --file to read patterns from a file.
+
+6. pcre_exec() was referring to its "code" argument before testing that
+argument for NULL (and giving an error if it was NULL).
+
+7. Upgraded Makefile.in to allow for compiling in a different directory from
+the source directory.
+
+8. Tiny buglet in pcretest: when pcre_fullinfo() was called to retrieve the
+options bits, the pointer it was passed was to an int instead of to an unsigned
+long int. This mattered only on 64-bit systems.
+
+9. Fixed typo (3.4/1) in pcre.h again. Sigh. I had changed pcre.h (which is
+generated) instead of pcre.in, which it its source. Also made the same change
+in several of the .c files.
+
+10. A new release of gcc defines printf() as a macro, which broke pcretest
+because it had an ifdef in the middle of a string argument for printf(). Fixed
+by using separate calls to printf().
+
+11. Added --enable-newline-is-cr and --enable-newline-is-lf to the configure
+script, to force use of CR or LF instead of \n in the source. On non-Unix
+systems, the value can be set in config.h.
+
+12. The limit of 200 on non-capturing parentheses is a _nesting_ limit, not an
+absolute limit. Changed the text of the error message to make this clear, and
+likewise updated the man page.
+
+13. The limit of 99 on the number of capturing subpatterns has been removed.
+The new limit is 65535, which I hope will not be a "real" limit.
+
+
+Version 3.4 22-Aug-00
+---------------------
+
+1. Fixed typo in pcre.h: unsigned const char * changed to const unsigned char *.
+
+2. Diagnose condition (?(0) as an error instead of crashing on matching.
+
+
+Version 3.3 01-Aug-00
+---------------------
+
+1. If an octal character was given, but the value was greater than \377, it
+was not getting masked to the least significant bits, as documented. This could
+lead to crashes in some systems.
+
+2. Perl 5.6 (if not earlier versions) accepts classes like [a-\d] and treats
+the hyphen as a literal. PCRE used to give an error; it now behaves like Perl.
+
+3. Added the functions pcre_free_substring() and pcre_free_substring_list().
+These just pass their arguments on to (pcre_free)(), but they are provided
+because some uses of PCRE bind it to non-C systems that can call its functions,
+but cannot call free() or pcre_free() directly.
+
+4. Add "make test" as a synonym for "make check". Corrected some comments in
+the Makefile.
+
+5. Add $(DESTDIR)/ in front of all the paths in the "install" target in the
+Makefile.
+
+6. Changed the name of pgrep to pcregrep, because Solaris has introduced a
+command called pgrep for grepping around the active processes.
+
+7. Added the beginnings of support for UTF-8 character strings.
+
+8. Arranged for the Makefile to pass over the settings of CC, CFLAGS, and
+RANLIB to ./ltconfig so that they are used by libtool. I think these are all
+the relevant ones. (AR is not passed because ./ltconfig does its own figuring
+out for the ar command.)
+
+
+Version 3.2 12-May-00
+---------------------
+
+This is purely a bug fixing release.
+
+1. If the pattern /((Z)+|A)*/ was matched agained ZABCDEFG it matched Z instead
+of ZA. This was just one example of several cases that could provoke this bug,
+which was introduced by change 9 of version 2.00. The code for breaking
+infinite loops after an iteration that matches an empty string was't working
+correctly.
+
+2. The pcretest program was not imitating Perl correctly for the pattern /a*/g
+when matched against abbab (for example). After matching an empty string, it
+wasn't forcing anchoring when setting PCRE_NOTEMPTY for the next attempt; this
+caused it to match further down the string than it should.
+
+3. The code contained an inclusion of sys/types.h. It isn't clear why this
+was there because it doesn't seem to be needed, and it causes trouble on some
+systems, as it is not a Standard C header. It has been removed.
+
+4. Made 4 silly changes to the source to avoid stupid compiler warnings that
+were reported on the Macintosh. The changes were from
+
+  while ((c = *(++ptr)) != 0 && c != '\n');
+to
+  while ((c = *(++ptr)) != 0 && c != '\n') ;
+
+Totally extraordinary, but if that's what it takes...
+
+5. PCRE is being used in one environment where neither memmove() nor bcopy() is
+available. Added HAVE_BCOPY and an autoconf test for it; if neither
+HAVE_MEMMOVE nor HAVE_BCOPY is set, use a built-in emulation function which
+assumes the way PCRE uses memmove() (always moving upwards).
+
+6. PCRE is being used in one environment where strchr() is not available. There
+was only one use in pcre.c, and writing it out to avoid strchr() probably gives
+faster code anyway.
+
+
+Version 3.1 09-Feb-00
+---------------------
+
+The only change in this release is the fixing of some bugs in Makefile.in for
+the "install" target:
+
+(1) It was failing to install pcreposix.h.
+
+(2) It was overwriting the pcre.3 man page with the pcreposix.3 man page.
+
+
+Version 3.0 01-Feb-00
+---------------------
+
+1. Add support for the /+ modifier to perltest (to output $` like it does in
+pcretest).
+
+2. Add support for the /g modifier to perltest.
+
+3. Fix pcretest so that it behaves even more like Perl for /g when the pattern
+matches null strings.
+
+4. Fix perltest so that it doesn't do unwanted things when fed an empty
+pattern. Perl treats empty patterns specially - it reuses the most recent
+pattern, which is not what we want. Replace // by /(?#)/ in order to avoid this
+effect.
+
+5. The POSIX interface was broken in that it was just handing over the POSIX
+captured string vector to pcre_exec(), but (since release 2.00) PCRE has
+required a bigger vector, with some working space on the end. This means that
+the POSIX wrapper now has to get and free some memory, and copy the results.
+
+6. Added some simple autoconf support, placing the test data and the
+documentation in separate directories, re-organizing some of the
+information files, and making it build pcre-config (a GNU standard). Also added
+libtool support for building PCRE as a shared library, which is now the
+default.
+
+7. Got rid of the leading zero in the definition of PCRE_MINOR because 08 and
+09 are not valid octal constants. Single digits will be used for minor values
+less than 10.
+
+8. Defined REG_EXTENDED and REG_NOSUB as zero in the POSIX header, so that
+existing programs that set these in the POSIX interface can use PCRE without
+modification.
+
+9. Added a new function, pcre_fullinfo() with an extensible interface. It can
+return all that pcre_info() returns, plus additional data. The pcre_info()
+function is retained for compatibility, but is considered to be obsolete.
+
+10. Added experimental recursion feature (?R) to handle one common case that
+Perl 5.6 will be able to do with (?p{...}).
+
+11. Added support for POSIX character classes like [:alpha:], which Perl is
+adopting.
+
+
+Version 2.08 31-Aug-99
+----------------------
+
+1. When startoffset was not zero and the pattern began with ".*", PCRE was not
+trying to match at the startoffset position, but instead was moving forward to
+the next newline as if a previous match had failed.
+
+2. pcretest was not making use of PCRE_NOTEMPTY when repeating for /g and /G,
+and could get into a loop if a null string was matched other than at the start
+of the subject.
+
+3. Added definitions of PCRE_MAJOR and PCRE_MINOR to pcre.h so the version can
+be distinguished at compile time, and for completeness also added PCRE_DATE.
+
+5. Added Paul Sokolovsky's minor changes to make it easy to compile a Win32 DLL
+in GnuWin32 environments.
+
+
+Version 2.07 29-Jul-99
+----------------------
+
+1. The documentation is now supplied in plain text form and HTML as well as in
+the form of man page sources.
+
+2. C++ compilers don't like assigning (void *) values to other pointer types.
+In particular this affects malloc(). Although there is no problem in Standard
+C, I've put in casts to keep C++ compilers happy.
+
+3. Typo on pcretest.c; a cast of (unsigned char *) in the POSIX regexec() call
+should be (const char *).
+
+4. If NOPOSIX is defined, pcretest.c compiles without POSIX support. This may
+be useful for non-Unix systems who don't want to bother with the POSIX stuff.
+However, I haven't made this a standard facility. The documentation doesn't
+mention it, and the Makefile doesn't support it.
+
+5. The Makefile now contains an "install" target, with editable destinations at
+the top of the file. The pcretest program is not installed.
+
+6. pgrep -V now gives the PCRE version number and date.
+
+7. Fixed bug: a zero repetition after a literal string (e.g. /abcde{0}/) was
+causing the entire string to be ignored, instead of just the last character.
+
+8. If a pattern like /"([^\\"]+|\\.)*"/ is applied in the normal way to a
+non-matching string, it can take a very, very long time, even for strings of
+quite modest length, because of the nested recursion. PCRE now does better in
+some of these cases. It does this by remembering the last required literal
+character in the pattern, and pre-searching the subject to ensure it is present
+before running the real match. In other words, it applies a heuristic to detect
+some types of certain failure quickly, and in the above example, if presented
+with a string that has no trailing " it gives "no match" very quickly.
+
+9. A new runtime option PCRE_NOTEMPTY causes null string matches to be ignored;
+other alternatives are tried instead.
+
+
+Version 2.06 09-Jun-99
+----------------------
+
+1. Change pcretest's output for amount of store used to show just the code
+space, because the remainder (the data block) varies in size between 32-bit and
+64-bit systems.
+
+2. Added an extra argument to pcre_exec() to supply an offset in the subject to
+start matching at. This allows lookbehinds to work when searching for multiple
+occurrences in a string.
+
+3. Added additional options to pcretest for testing multiple occurrences:
+
+   /+   outputs the rest of the string that follows a match
+   /g   loops for multiple occurrences, using the new startoffset argument
+   /G   loops for multiple occurrences by passing an incremented pointer
+
+4. PCRE wasn't doing the "first character" optimization for patterns starting
+with \b or \B, though it was doing it for other lookbehind assertions. That is,
+it wasn't noticing that a match for a pattern such as /\bxyz/ has to start with
+the letter 'x'. On long subject strings, this gives a significant speed-up.
+
+
+Version 2.05 21-Apr-99
+----------------------
+
+1. Changed the type of magic_number from int to long int so that it works
+properly on 16-bit systems.
+
+2. Fixed a bug which caused patterns starting with .* not to work correctly
+when the subject string contained newline characters. PCRE was assuming
+anchoring for such patterns in all cases, which is not correct because .* will
+not pass a newline unless PCRE_DOTALL is set. It now assumes anchoring only if
+DOTALL is set at top level; otherwise it knows that patterns starting with .*
+must be retried after every newline in the subject.
+
+
+Version 2.04 18-Feb-99
+----------------------
+
+1. For parenthesized subpatterns with repeats whose minimum was zero, the
+computation of the store needed to hold the pattern was incorrect (too large).
+If such patterns were nested a few deep, this could multiply and become a real
+problem.
+
+2. Added /M option to pcretest to show the memory requirement of a specific
+pattern. Made -m a synonym of -s (which does this globally) for compatibility.
+
+3. Subpatterns of the form (regex){n,m} (i.e. limited maximum) were being
+compiled in such a way that the backtracking after subsequent failure was
+pessimal. Something like (a){0,3} was compiled as (a)?(a)?(a)? instead of
+((a)((a)(a)?)?)? with disastrous performance if the maximum was of any size.
+
+
+Version 2.03 02-Feb-99
+----------------------
+
+1. Fixed typo and small mistake in man page.
+
+2. Added 4th condition (GPL supersedes if conflict) and created separate
+LICENCE file containing the conditions.
+
+3. Updated pcretest so that patterns such as /abc\/def/ work like they do in
+Perl, that is the internal \ allows the delimiter to be included in the
+pattern. Locked out the use of \ as a delimiter. If \ immediately follows
+the final delimiter, add \ to the end of the pattern (to test the error).
+
+4. Added the convenience functions for extracting substrings after a successful
+match. Updated pcretest to make it able to test these functions.
+
+
+Version 2.02 14-Jan-99
+----------------------
+
+1. Initialized the working variables associated with each extraction so that
+their saving and restoring doesn't refer to uninitialized store.
+
+2. Put dummy code into study.c in order to trick the optimizer of the IBM C
+compiler for OS/2 into generating correct code. Apparently IBM isn't going to
+fix the problem.
+
+3. Pcretest: the timing code wasn't using LOOPREPEAT for timing execution
+calls, and wasn't printing the correct value for compiling calls. Increased the
+default value of LOOPREPEAT, and the number of significant figures in the
+times.
+
+4. Changed "/bin/rm" in the Makefile to "-rm" so it works on Windows NT.
+
+5. Renamed "deftables" as "dftables" to get it down to 8 characters, to avoid
+a building problem on Windows NT with a FAT file system.
+
+
+Version 2.01 21-Oct-98
+----------------------
+
+1. Changed the API for pcre_compile() to allow for the provision of a pointer
+to character tables built by pcre_maketables() in the current locale. If NULL
+is passed, the default tables are used.
+
+
+Version 2.00 24-Sep-98
+----------------------
+
+1. Since the (>?) facility is in Perl 5.005, don't require PCRE_EXTRA to enable
+it any more.
+
+2. Allow quantification of (?>) groups, and make it work correctly.
+
+3. The first character computation wasn't working for (?>) groups.
+
+4. Correct the implementation of \Z (it is permitted to match on the \n at the
+end of the subject) and add 5.005's \z, which really does match only at the
+very end of the subject.
+
+5. Remove the \X "cut" facility; Perl doesn't have it, and (?> is neater.
+
+6. Remove the ability to specify CASELESS, MULTILINE, DOTALL, and
+DOLLAR_END_ONLY at runtime, to make it possible to implement the Perl 5.005
+localized options. All options to pcre_study() were also removed.
+
+7. Add other new features from 5.005:
+
+   $(?<=           positive lookbehind
+   $(?<!           negative lookbehind
+   (?imsx-imsx)    added the unsetting capability
+                   such a setting is global if at outer level; local otherwise
+   (?imsx-imsx:)   non-capturing groups with option setting
+   (?(cond)re|re)  conditional pattern matching
+
+   A backreference to itself in a repeated group matches the previous
+   captured string.
+
+8. General tidying up of studying (both automatic and via "study")
+consequential on the addition of new assertions.
+
+9. As in 5.005, unlimited repeated groups that could match an empty substring
+are no longer faulted at compile time. Instead, the loop is forcibly broken at
+runtime if any iteration does actually match an empty substring.
+
+10. Include the RunTest script in the distribution.
+
+11. Added tests from the Perl 5.005_02 distribution. This showed up a few
+discrepancies, some of which were old and were also with respect to 5.004. They
+have now been fixed.
+
+
+Version 1.09 28-Apr-98
+----------------------
+
+1. A negated single character class followed by a quantifier with a minimum
+value of one (e.g.  [^x]{1,6}  ) was not compiled correctly. This could lead to
+program crashes, or just wrong answers. This did not apply to negated classes
+containing more than one character, or to minima other than one.
+
+
+Version 1.08 27-Mar-98
+----------------------
+
+1. Add PCRE_UNGREEDY to invert the greediness of quantifiers.
+
+2. Add (?U) and (?X) to set PCRE_UNGREEDY and PCRE_EXTRA respectively. The
+latter must appear before anything that relies on it in the pattern.
+
+
+Version 1.07 16-Feb-98
+----------------------
+
+1. A pattern such as /((a)*)*/ was not being diagnosed as in error (unlimited
+repeat of a potentially empty string).
+
+
+Version 1.06 23-Jan-98
+----------------------
+
+1. Added Markus Oberhumer's little patches for C++.
+
+2. Literal strings longer than 255 characters were broken.
+
+
+Version 1.05 23-Dec-97
+----------------------
+
+1. Negated character classes containing more than one character were failing if
+PCRE_CASELESS was set at run time.
+
+
+Version 1.04 19-Dec-97
+----------------------
+
+1. Corrected the man page, where some "const" qualifiers had been omitted.
+
+2. Made debugging output print "{0,xxx}" instead of just "{,xxx}" to agree with
+input syntax.
+
+3. Fixed memory leak which occurred when a regex with back references was
+matched with an offsets vector that wasn't big enough. The temporary memory
+that is used in this case wasn't being freed if the match failed.
+
+4. Tidied pcretest to ensure it frees memory that it gets.
+
+5. Temporary memory was being obtained in the case where the passed offsets
+vector was exactly big enough.
+
+6. Corrected definition of offsetof() from change 5 below.
+
+7. I had screwed up change 6 below and broken the rules for the use of
+setjmp(). Now fixed.
+
+
+Version 1.03 18-Dec-97
+----------------------
+
+1. A erroneous regex with a missing opening parenthesis was correctly
+diagnosed, but PCRE attempted to access brastack[-1], which could cause crashes
+on some systems.
+
+2. Replaced offsetof(real_pcre, code) by offsetof(real_pcre, code[0]) because
+it was reported that one broken compiler failed on the former because "code" is
+also an independent variable.
+
+3. The erroneous regex a[]b caused an array overrun reference.
+
+4. A regex ending with a one-character negative class (e.g. /[^k]$/) did not
+fail on data ending with that character. (It was going on too far, and checking
+the next character, typically a binary zero.) This was specific to the
+optimized code for single-character negative classes.
+
+5. Added a contributed patch from the TIN world which does the following:
+
+  + Add an undef for memmove, in case the the system defines a macro for it.
+
+  + Add a definition of offsetof(), in case there isn't one. (I don't know
+    the reason behind this - offsetof() is part of the ANSI standard - but
+    it does no harm).
+
+  + Reduce the ifdef's in pcre.c using macro DPRINTF, thereby eliminating
+    most of the places where whitespace preceded '#'. I have given up and
+    allowed the remaining 2 cases to be at the margin.
+
+  + Rename some variables in pcre to eliminate shadowing. This seems very
+    pedantic, but does no harm, of course.
+
+6. Moved the call to setjmp() into its own function, to get rid of warnings
+from gcc -Wall, and avoided calling it at all unless PCRE_EXTRA is used.
+
+7. Constructs such as \d{8,} were compiling into the equivalent of
+\d{8}\d{0,65527} instead of \d{8}\d* which didn't make much difference to the
+outcome, but in this particular case used more store than had been allocated,
+which caused the bug to be discovered because it threw up an internal error.
+
+8. The debugging code in both pcre and pcretest for outputting the compiled
+form of a regex was going wrong in the case of back references followed by
+curly-bracketed repeats.
+
+
+Version 1.02 12-Dec-97
+----------------------
+
+1. Typos in pcre.3 and comments in the source fixed.
+
+2. Applied a contributed patch to get rid of places where it used to remove
+'const' from variables, and fixed some signed/unsigned and uninitialized
+variable warnings.
+
+3. Added the "runtest" target to Makefile.
+
+4. Set default compiler flag to -O2 rather than just -O.
+
+
+Version 1.01 19-Nov-97
+----------------------
+
+1. PCRE was failing to diagnose unlimited repeat of empty string for patterns
+like /([ab]*)*/, that is, for classes with more than one character in them.
+
+2. Likewise, it wasn't diagnosing patterns with "once-only" subpatterns, such
+as /((?>a*))*/ (a PCRE_EXTRA facility).
+
+
+Version 1.00 18-Nov-97
+----------------------
+
+1. Added compile-time macros to support systems such as SunOS4 which don't have
+memmove() or strerror() but have other things that can be used instead.
+
+2. Arranged that "make clean" removes the executables.
+
+
+Version 0.99 27-Oct-97
+----------------------
+
+1. Fixed bug in code for optimizing classes with only one character. It was
+initializing a 32-byte map regardless, which could cause it to run off the end
+of the memory it had got.
+
+2. Added, conditional on PCRE_EXTRA, the proposed (?>REGEX) construction.
+
+
+Version 0.98 22-Oct-97
+----------------------
+
+1. Fixed bug in code for handling temporary memory usage when there are more
+back references than supplied space in the ovector. This could cause segfaults.
+
+
+Version 0.97 21-Oct-97
+----------------------
+
+1. Added the \X "cut" facility, conditional on PCRE_EXTRA.
+
+2. Optimized negated single characters not to use a bit map.
+
+3. Brought error texts together as macro definitions; clarified some of them;
+fixed one that was wrong - it said "range out of order" when it meant "invalid
+escape sequence".
+
+4. Changed some char * arguments to const char *.
+
+5. Added PCRE_NOTBOL and PCRE_NOTEOL (from POSIX).
+
+6. Added the POSIX-style API wrapper in pcreposix.a and testing facilities in
+pcretest.
+
+
+Version 0.96 16-Oct-97
+----------------------
+
+1. Added a simple "pgrep" utility to the distribution.
+
+2. Fixed an incompatibility with Perl: "{" is now treated as a normal character
+unless it appears in one of the precise forms "{ddd}", "{ddd,}", or "{ddd,ddd}"
+where "ddd" means "one or more decimal digits".
+
+3. Fixed serious bug. If a pattern had a back reference, but the call to
+pcre_exec() didn't supply a large enough ovector to record the related
+identifying subpattern, the match always failed. PCRE now remembers the number
+of the largest back reference, and gets some temporary memory in which to save
+the offsets during matching if necessary, in order to ensure that
+backreferences always work.
+
+4. Increased the compatibility with Perl in a number of ways:
+
+  (a) . no longer matches \n by default; an option PCRE_DOTALL is provided
+      to request this handling. The option can be set at compile or exec time.
+
+  (b) $ matches before a terminating newline by default; an option
+      PCRE_DOLLAR_ENDONLY is provided to override this (but not in multiline
+      mode). The option can be set at compile or exec time.
+
+  (c) The handling of \ followed by a digit other than 0 is now supposed to be
+      the same as Perl's. If the decimal number it represents is less than 10
+      or there aren't that many previous left capturing parentheses, an octal
+      escape is read. Inside a character class, it's always an octal escape,
+      even if it is a single digit.
+
+  (d) An escaped but undefined alphabetic character is taken as a literal,
+      unless PCRE_EXTRA is set. Currently this just reserves the remaining
+      escapes.
+
+  (e) {0} is now permitted. (The previous item is removed from the compiled
+      pattern).
+
+5. Changed all the names of code files so that the basic parts are no longer
+than 10 characters, and abolished the teeny "globals.c" file.
+
+6. Changed the handling of character classes; they are now done with a 32-byte
+bit map always.
+
+7. Added the -d and /D options to pcretest to make it possible to look at the
+internals of compilation without having to recompile pcre.
+
+
+Version 0.95 23-Sep-97
+----------------------
+
+1. Fixed bug in pre-pass concerning escaped "normal" characters such as \x5c or
+\x20 at the start of a run of normal characters. These were being treated as
+real characters, instead of the source characters being re-checked.
+
+
+Version 0.94 18-Sep-97
+----------------------
+
+1. The functions are now thread-safe, with the caveat that the global variables
+containing pointers to malloc() and free() or alternative functions are the
+same for all threads.
+
+2. Get pcre_study() to generate a bitmap of initial characters for non-
+anchored patterns when this is possible, and use it if passed to pcre_exec().
+
+
+Version 0.93 15-Sep-97
+----------------------
+
+1. /(b)|(:+)/ was computing an incorrect first character.
+
+2. Add pcre_study() to the API and the passing of pcre_extra to pcre_exec(),
+but not actually doing anything yet.
+
+3. Treat "-" characters in classes that cannot be part of ranges as literals,
+as Perl does (e.g. [-az] or [az-]).
+
+4. Set the anchored flag if a branch starts with .* or .*? because that tests
+all possible positions.
+
+5. Split up into different modules to avoid including unneeded functions in a
+compiled binary. However, compile and exec are still in one module. The "study"
+function is split off.
+
+6. The character tables are now in a separate module whose source is generated
+by an auxiliary program - but can then be edited by hand if required. There are
+now no calls to isalnum(), isspace(), isdigit(), isxdigit(), tolower() or
+toupper() in the code.
+
+7. Turn the malloc/free funtions variables into pcre_malloc and pcre_free and
+make them global. Abolish the function for setting them, as the caller can now
+set them directly.
+
+
+Version 0.92 11-Sep-97
+----------------------
+
+1. A repeat with a fixed maximum and a minimum of 1 for an ordinary character
+(e.g. /a{1,3}/) was broken (I mis-optimized it).
+
+2. Caseless matching was not working in character classes if the characters in
+the pattern were in upper case.
+
+3. Make ranges like [W-c] work in the same way as Perl for caseless matching.
+
+4. Make PCRE_ANCHORED public and accept as a compile option.
+
+5. Add an options word to pcre_exec() and accept PCRE_ANCHORED and
+PCRE_CASELESS at run time. Add escapes \A and \I to pcretest to cause it to
+pass them.
+
+6. Give an error if bad option bits passed at compile or run time.
+
+7. Add PCRE_MULTILINE at compile and exec time, and (?m) as well. Add \M to
+pcretest to cause it to pass that flag.
+
+8. Add pcre_info(), to get the number of identifying subpatterns, the stored
+options, and the first character, if set.
+
+9. Recognize C+ or C{n,m} where n >= 1 as providing a fixed starting character.
+
+
+Version 0.91 10-Sep-97
+----------------------
+
+1. PCRE was failing to diagnose unlimited repeats of subpatterns that could
+match the empty string as in /(a*)*/. It was looping and ultimately crashing.
+
+2. PCRE was looping on encountering an indefinitely repeated back reference to
+a subpattern that had matched an empty string, e.g. /(a|)\1*/. It now does what
+Perl does - treats the match as successful.
+
+****
diff --git a/client/3rd/ShadowSocks/ShadowSocks/pcre/arm64/share/doc/pcre/LICENCE b/client/3rd/ShadowSocks/ShadowSocks/pcre/arm64/share/doc/pcre/LICENCE
new file mode 100644
index 00000000..dd9071a8
--- /dev/null
+++ b/client/3rd/ShadowSocks/ShadowSocks/pcre/arm64/share/doc/pcre/LICENCE
@@ -0,0 +1,93 @@
+PCRE LICENCE
+------------
+
+PCRE is a library of functions to support regular expressions whose syntax
+and semantics are as close as possible to those of the Perl 5 language.
+
+Release 8 of PCRE is distributed under the terms of the "BSD" licence, as
+specified below. The documentation for PCRE, supplied in the "doc"
+directory, is distributed under the same terms as the software itself. The data
+in the testdata directory is not copyrighted and is in the public domain.
+
+The basic library functions are written in C and are freestanding. Also
+included in the distribution is a set of C++ wrapper functions, and a
+just-in-time compiler that can be used to optimize pattern matching. These
+are both optional features that can be omitted when the library is built.
+
+
+THE BASIC LIBRARY FUNCTIONS
+---------------------------
+
+Written by:       Philip Hazel
+Email local part: ph10
+Email domain:     cam.ac.uk
+
+University of Cambridge Computing Service,
+Cambridge, England.
+
+Copyright (c) 1997-2017 University of Cambridge
+All rights reserved.
+
+
+PCRE JUST-IN-TIME COMPILATION SUPPORT
+-------------------------------------
+
+Written by:       Zoltan Herczeg
+Email local part: hzmester
+Emain domain:     freemail.hu
+
+Copyright(c) 2010-2017 Zoltan Herczeg
+All rights reserved.
+
+
+STACK-LESS JUST-IN-TIME COMPILER
+--------------------------------
+
+Written by:       Zoltan Herczeg
+Email local part: hzmester
+Emain domain:     freemail.hu
+
+Copyright(c) 2009-2017 Zoltan Herczeg
+All rights reserved.
+
+
+THE C++ WRAPPER FUNCTIONS
+-------------------------
+
+Contributed by:   Google Inc.
+
+Copyright (c) 2007-2012, Google Inc.
+All rights reserved.
+
+
+THE "BSD" LICENCE
+-----------------
+
+Redistribution and use in source and binary forms, with or without
+modification, are permitted provided that the following conditions are met:
+
+    * Redistributions of source code must retain the above copyright notice,
+      this list of conditions and the following disclaimer.
+
+    * Redistributions in binary form must reproduce the above copyright
+      notice, this list of conditions and the following disclaimer in the
+      documentation and/or other materials provided with the distribution.
+
+    * Neither the name of the University of Cambridge nor the name of Google
+      Inc. nor the names of their contributors may be used to endorse or
+      promote products derived from this software without specific prior
+      written permission.
+
+THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS"
+AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT OWNER OR CONTRIBUTORS BE
+LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR
+CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF
+SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS
+INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN
+CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
+ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE
+POSSIBILITY OF SUCH DAMAGE.
+
+End
diff --git a/client/3rd/ShadowSocks/ShadowSocks/pcre/arm64/share/doc/pcre/NEWS b/client/3rd/ShadowSocks/ShadowSocks/pcre/arm64/share/doc/pcre/NEWS
new file mode 100644
index 00000000..36be07cb
--- /dev/null
+++ b/client/3rd/ShadowSocks/ShadowSocks/pcre/arm64/share/doc/pcre/NEWS
@@ -0,0 +1,737 @@
+News about PCRE releases
+------------------------
+
+Release 8.41 13-June-2017
+-------------------------
+
+This is a bug-fix release.
+
+
+Release 8.40 11-January-2017
+----------------------------
+
+This is a bug-fix release.
+
+
+Release 8.39 14-June-2016
+-------------------------
+
+Some appropriate PCRE2 JIT improvements have been retro-fitted to PCRE1. Apart
+from that, this is another bug-fix release. Note that this library (now called
+PCRE1) is now being maintained for bug fixes only. New projects are advised to
+use the new PCRE2 libraries.
+
+
+Release 8.38 23-November-2015
+-----------------------------
+
+This is bug-fix release. Note that this library (now called PCRE1) is now being
+maintained for bug fixes only. New projects are advised to use the new PCRE2
+libraries.
+
+
+Release 8.37 28-April-2015
+--------------------------
+
+This is bug-fix release. Note that this library (now called PCRE1) is now being
+maintained for bug fixes only. New projects are advised to use the new PCRE2
+libraries.
+
+
+Release 8.36 26-September-2014
+------------------------------
+
+This is primarily a bug-fix release. However, in addition, the Unicode data
+tables have been updated to Unicode 7.0.0.
+
+
+Release 8.35 04-April-2014
+--------------------------
+
+There have been performance improvements for classes containing non-ASCII
+characters and the "auto-possessification" feature has been extended. Other
+minor improvements have been implemented and bugs fixed. There is a new callout
+feature to enable applications to do detailed stack checks at compile time, to
+avoid running out of stack for deeply nested parentheses. The JIT compiler has
+been extended with experimental support for ARM-64, MIPS-64, and PPC-LE.
+
+
+Release 8.34 15-December-2013
+-----------------------------
+
+As well as fixing the inevitable bugs, performance has been improved by
+refactoring and extending the amount of "auto-possessification" that PCRE does.
+Other notable changes:
+
+.  Implemented PCRE_INFO_MATCH_EMPTY, which yields 1 if the pattern can match
+   an empty string. If it can, pcretest shows this in its information output.
+
+.  A back reference to a named subpattern when there is more than one of the
+   same name now checks them in the order in which they appear in the pattern.
+   The first one that is set is used for the reference. Previously only the
+   first one was inspected. This change makes PCRE more compatible with Perl.
+
+.  Unicode character properties were updated from Unicode 6.3.0.
+
+.  The character VT has been added to the set of characters that match \s and
+   are generally treated as white space, following this same change in Perl
+   5.18. There is now no difference between "Perl space" and "POSIX space".
+
+.  Perl has changed its handling of \8 and \9. If there is no previously
+   encountered capturing group of those numbers, they are treated as the
+   literal characters 8 and 9 instead of a binary zero followed by the
+   literals. PCRE now does the same.
+
+.  Following Perl, added \o{} to specify codepoints in octal, making it
+   possible to specify values greater than 0777 and also making them
+   unambiguous.
+
+.  In UCP mode, \s was not matching two of the characters that Perl matches,
+   namely NEL (U+0085) and MONGOLIAN VOWEL SEPARATOR (U+180E), though they
+   were matched by \h.
+
+.  Add JIT support for the 64 bit TileGX architecture.
+
+.  Upgraded the handling of the POSIX classes [:graph:], [:print:], and
+   [:punct:] when PCRE_UCP is set so as to include the same characters as Perl
+   does in Unicode mode.
+
+.  Perl no longer allows group names to start with digits, so I have made this
+   change also in PCRE.
+
+.  Added support for [[:<:]] and [[:>:]] as used in the BSD POSIX library to
+   mean "start of word" and "end of word", respectively, as a transition aid.
+
+
+Release 8.33 28-May-2013
+--------------------------
+
+A number of bugs are fixed, and some performance improvements have been made.
+There are also some new features, of which these are the most important:
+
+.  The behaviour of the backtracking verbs has been rationalized and
+   documented in more detail.
+
+.  JIT now supports callouts and all of the backtracking verbs.
+
+.  Unicode validation has been updated in the light of Unicode Corrigendum #9,
+   which points out that "non characters" are not "characters that may not
+   appear in Unicode strings" but rather "characters that are reserved for
+   internal use and have only local meaning".
+
+.  (*LIMIT_MATCH=d) and (*LIMIT_RECURSION=d) have been added so that the
+   creator of a pattern can specify lower (but not higher) limits for the
+   matching process.
+
+.  The PCRE_NEVER_UTF option is available to prevent pattern-writers from using
+   the (*UTF) feature, as this could be a security issue.
+
+
+Release 8.32 30-November-2012
+-----------------------------
+
+This release fixes a number of bugs, but also has some new features. These are
+the highlights:
+
+.  There is now support for 32-bit character strings and UTF-32. Like the
+   16-bit support, this is done by compiling a separate 32-bit library.
+
+.  \X now matches a Unicode extended grapheme cluster.
+
+.  Case-independent matching of Unicode characters that have more than one
+   "other case" now makes all three (or more) characters equivalent. This
+   applies, for example, to Greek Sigma, which has two lowercase versions.
+
+.  Unicode character properties are updated to Unicode 6.2.0.
+
+.  The EBCDIC support, which had decayed, has had a spring clean.
+
+.  A number of JIT optimizations have been added, which give faster JIT
+   execution speed. In addition, a new direct interface to JIT execution is
+   available. This bypasses some of the sanity checks of pcre_exec() to give a
+   noticeable speed-up.
+
+.  A number of issues in pcregrep have been fixed, making it more compatible
+   with GNU grep. In particular, --exclude and --include (and variants) apply
+   to all files now, not just those obtained from scanning a directory
+   recursively. In Windows environments, the default action for directories is
+   now "skip" instead of "read" (which provokes an error).
+
+.  If the --only-matching (-o) option in pcregrep is specified multiple
+   times, each one causes appropriate output. For example, -o1 -o2 outputs the
+   substrings matched by the 1st and 2nd capturing parentheses. A separating
+   string can be specified by --om-separator (default empty).
+
+.  When PCRE is built via Autotools using a version of gcc that has the
+   "visibility" feature, it is used to hide internal library functions that are
+   not part of the public API.
+
+
+Release 8.31 06-July-2012
+-------------------------
+
+This is mainly a bug-fixing release, with a small number of developments:
+
+. The JIT compiler now supports partial matching and the (*MARK) and
+  (*COMMIT) verbs.
+
+. PCRE_INFO_MAXLOOKBEHIND can be used to find the longest lookbehind in a
+  pattern.
+
+. There should be a performance improvement when using the heap instead of the
+  stack for recursion.
+
+. pcregrep can now be linked with libedit as an alternative to libreadline.
+
+. pcregrep now has a --file-list option where the list of files to scan is
+  given as a file.
+
+. pcregrep now recognizes binary files and there are related options.
+
+. The Unicode tables have been updated to 6.1.0.
+
+As always, the full list of changes is in the ChangeLog file.
+
+
+Release 8.30 04-February-2012
+-----------------------------
+
+Release 8.30 introduces a major new feature: support for 16-bit character
+strings, compiled as a separate library. There are a few changes to the
+8-bit library, in addition to some bug fixes.
+
+. The pcre_info() function, which has been obsolete for over 10 years, has
+  been removed.
+
+. When a compiled pattern was saved to a file and later reloaded on a host
+  with different endianness, PCRE used automatically to swap the bytes in some
+  of the data fields. With the advent of the 16-bit library, where more of this
+  swapping is needed, it is no longer done automatically. Instead, the bad
+  endianness is detected and a specific error is given. The user can then call
+  a new function called pcre_pattern_to_host_byte_order() (or an equivalent
+  16-bit function) to do the swap.
+
+. In UTF-8 mode, the values 0xd800 to 0xdfff are not legal Unicode
+  code points and are now faulted. (They are the so-called "surrogates"
+  that are reserved for coding high values in UTF-16.)
+
+
+Release 8.21 12-Dec-2011
+------------------------
+
+This is almost entirely a bug-fix release. The only new feature is the ability
+to obtain the size of the memory used by the JIT compiler.
+
+
+Release 8.20 21-Oct-2011
+------------------------
+
+The main change in this release is the inclusion of Zoltan Herczeg's
+just-in-time compiler support, which can be accessed by building PCRE with
+--enable-jit. Large performance benefits can be had in many situations. 8.20
+also fixes an unfortunate bug that was introduced in 8.13 as well as tidying up
+a number of infelicities and differences from Perl.
+
+
+Release 8.13 16-Aug-2011
+------------------------
+
+This is mainly a bug-fix release. There has been a lot of internal refactoring.
+The Unicode tables have been updated. The only new feature in the library is
+the passing of *MARK information to callouts. Some additions have been made to
+pcretest to make testing easier and more comprehensive. There is a new option
+for pcregrep to adjust its internal buffer size.
+
+
+Release 8.12 15-Jan-2011
+------------------------
+
+This release fixes some bugs in pcregrep, one of which caused the tests to fail
+on 64-bit big-endian systems. There are no changes to the code of the library.
+
+
+Release 8.11 10-Dec-2010
+------------------------
+
+A number of bugs in the library and in pcregrep have been fixed. As always, see
+ChangeLog for details. The following are the non-bug-fix changes:
+
+. Added --match-limit and --recursion-limit to pcregrep.
+
+. Added an optional parentheses number to the -o and --only-matching options
+  of pcregrep.
+
+. Changed the way PCRE_PARTIAL_HARD affects the matching of $, \z, \Z, \b, and
+  \B.
+
+. Added PCRE_ERROR_SHORTUTF8 to make it possible to distinguish between a
+  bad UTF-8 sequence and one that is incomplete when using PCRE_PARTIAL_HARD.
+
+. Recognize (*NO_START_OPT) at the start of a pattern to set the PCRE_NO_
+  START_OPTIMIZE option, which is now allowed at compile time
+
+
+Release 8.10 25-Jun-2010
+------------------------
+
+There are two major additions: support for (*MARK) and friends, and the option
+PCRE_UCP, which changes the behaviour of \b, \d, \s, and \w (and their
+opposites) so that they make use of Unicode properties. There are also a number
+of lesser new features, and several bugs have been fixed. A new option,
+--line-buffered, has been added to pcregrep, for use when it is connected to
+pipes.
+
+
+Release 8.02 19-Mar-2010
+------------------------
+
+Another bug-fix release.
+
+
+Release 8.01 19-Jan-2010
+------------------------
+
+This is a bug-fix release. Several bugs in the code itself and some bugs and
+infelicities in the build system have been fixed.
+
+
+Release 8.00 19-Oct-09
+----------------------
+
+Bugs have been fixed in the library and in pcregrep. There are also some
+enhancements. Restrictions on patterns used for partial matching have been
+removed, extra information is given for partial matches, the partial matching
+process has been improved, and an option to make a partial match override a
+full match is available. The "study" process has been enhanced by finding a
+lower bound matching length. Groups with duplicate numbers may now have
+duplicated names without the use of PCRE_DUPNAMES. However, they may not have
+different names. The documentation has been revised to reflect these changes.
+The version number has been expanded to 3 digits as it is clear that the rate
+of change is not slowing down.
+
+
+Release 7.9 11-Apr-09
+---------------------
+
+Mostly bugfixes and tidies with just a couple of minor functional additions.
+
+
+Release 7.8 05-Sep-08
+---------------------
+
+More bug fixes, plus a performance improvement in Unicode character property
+lookup.
+
+
+Release 7.7 07-May-08
+---------------------
+
+This is once again mainly a bug-fix release, but there are a couple of new
+features.
+
+
+Release 7.6 28-Jan-08
+---------------------
+
+The main reason for having this release so soon after 7.5 is because it fixes a
+potential buffer overflow problem in pcre_compile() when run in UTF-8 mode. In
+addition, the CMake configuration files have been brought up to date.
+
+
+Release 7.5 10-Jan-08
+---------------------
+
+This is mainly a bug-fix release. However the ability to link pcregrep with
+libz or libbz2 and the ability to link pcretest with libreadline have been
+added. Also the --line-offsets and --file-offsets options were added to
+pcregrep.
+
+
+Release 7.4 21-Sep-07
+---------------------
+
+The only change of specification is the addition of options to control whether
+\R matches any Unicode line ending (the default) or just CR, LF, and CRLF.
+Otherwise, the changes are bug fixes and a refactoring to reduce the number of
+relocations needed in a shared library. There have also been some documentation
+updates, in particular, some more information about using CMake to build PCRE
+has been added to the NON-UNIX-USE file.
+
+
+Release 7.3 28-Aug-07
+---------------------
+
+Most changes are bug fixes. Some that are not:
+
+1. There is some support for Perl 5.10's experimental "backtracking control
+   verbs" such as (*PRUNE).
+
+2. UTF-8 checking is now as per RFC 3629 instead of RFC 2279; this is more
+   restrictive in the strings it accepts.
+
+3. Checking for potential integer overflow has been made more dynamic, and as a
+   consequence there is no longer a hard limit on the size of a subpattern that
+   has a limited repeat count.
+
+4. When CRLF is a valid line-ending sequence, pcre_exec() and pcre_dfa_exec()
+   no longer advance by two characters instead of one when an unanchored match
+   fails at CRLF if there are explicit CR or LF matches within the pattern.
+   This gets rid of some anomalous effects that previously occurred.
+
+5. Some PCRE-specific settings for varying the newline options at the start of
+   a pattern have been added.
+
+
+Release 7.2 19-Jun-07
+---------------------
+
+WARNING: saved patterns that were compiled by earlier versions of PCRE must be
+recompiled for use with 7.2 (necessitated by the addition of \K, \h, \H, \v,
+and \V).
+
+Correction to the notes for 7.1: the note about shared libraries for Windows is
+wrong. Previously, three libraries were built, but each could function
+independently. For example, the pcreposix library also included all the
+functions from the basic pcre library. The change is that the three libraries
+are no longer independent. They are like the Unix libraries. To use the
+pcreposix functions, for example, you need to link with both the pcreposix and
+the basic pcre library.
+
+Some more features from Perl 5.10 have been added:
+
+  (?-n) and (?+n) relative references for recursion and subroutines.
+
+  (?(-n) and (?(+n) relative references as conditions.
+
+  \k{name} and \g{name} are synonyms for \k<name>.
+
+  \K to reset the start of the matched string; for example, (foo)\Kbar
+  matches bar preceded by foo, but only sets bar as the matched string.
+
+  (?| introduces a group where the capturing parentheses in each alternative
+  start from the same number; for example, (?|(abc)|(xyz)) sets capturing
+  parentheses number 1 in both cases.
+
+  \h, \H, \v, \V match horizontal and vertical whitespace, respectively.
+
+
+Release 7.1 24-Apr-07
+---------------------
+
+There is only one new feature in this release: a linebreak setting of
+PCRE_NEWLINE_ANYCRLF. It is a cut-down version of PCRE_NEWLINE_ANY, which
+recognizes only CRLF, CR, and LF as linebreaks.
+
+A few bugs are fixed (see ChangeLog for details), but the major change is a
+complete re-implementation of the build system. This now has full Autotools
+support and so is now "standard" in some sense. It should help with compiling
+PCRE in a wide variety of environments.
+
+NOTE: when building shared libraries for Windows, three dlls are now built,
+called libpcre, libpcreposix, and libpcrecpp. Previously, everything was
+included in a single dll.
+
+Another important change is that the dftables auxiliary program is no longer
+compiled and run at "make" time by default. Instead, a default set of character
+tables (assuming ASCII coding) is used. If you want to use dftables to generate
+the character tables as previously, add --enable-rebuild-chartables to the
+"configure" command. You must do this if you are compiling PCRE to run on a
+system that uses EBCDIC code.
+
+There is a discussion about character tables in the README file. The default is
+not to use dftables so that that there is no problem when cross-compiling.
+
+
+Release 7.0 19-Dec-06
+---------------------
+
+This release has a new major number because there have been some internal
+upheavals to facilitate the addition of new optimizations and other facilities,
+and to make subsequent maintenance and extension easier. Compilation is likely
+to be a bit slower, but there should be no major effect on runtime performance.
+Previously compiled patterns are NOT upwards compatible with this release. If
+you have saved compiled patterns from a previous release, you will have to
+re-compile them. Important changes that are visible to users are:
+
+1. The Unicode property tables have been updated to Unicode 5.0.0, which adds
+   some more scripts.
+
+2. The option PCRE_NEWLINE_ANY causes PCRE to recognize any Unicode newline
+   sequence as a newline.
+
+3. The \R escape matches a single Unicode newline sequence as a single unit.
+
+4. New features that will appear in Perl 5.10 are now in PCRE. These include
+   alternative Perl syntax for named parentheses, and Perl syntax for
+   recursion.
+
+5. The C++ wrapper interface has been extended by the addition of a
+   QuoteMeta function and the ability to allow copy construction and
+   assignment.
+
+For a complete list of changes, see the ChangeLog file.
+
+
+Release 6.7 04-Jul-06
+---------------------
+
+The main additions to this release are the ability to use the same name for
+multiple sets of parentheses, and support for CRLF line endings in both the
+library and pcregrep (and in pcretest for testing).
+
+Thanks to Ian Taylor, the stack usage for many kinds of pattern has been
+significantly reduced for certain subject strings.
+
+
+Release 6.5 01-Feb-06
+---------------------
+
+Important changes in this release:
+
+1. A number of new features have been added to pcregrep.
+
+2. The Unicode property tables have been updated to Unicode 4.1.0, and the
+   supported properties have been extended with script names such as "Arabic",
+   and the derived properties "Any" and "L&". This has necessitated a change to
+   the interal format of compiled patterns. Any saved compiled patterns that
+   use \p or \P must be recompiled.
+
+3. The specification of recursion in patterns has been changed so that all
+   recursive subpatterns are automatically treated as atomic groups. Thus, for
+   example, (?R) is treated as if it were (?>(?R)). This is necessary because
+   otherwise there are situations where recursion does not work.
+
+See the ChangeLog for a complete list of changes, which include a number of bug
+fixes and tidies.
+
+
+Release 6.0 07-Jun-05
+---------------------
+
+The release number has been increased to 6.0 because of the addition of several
+major new pieces of functionality.
+
+A new function, pcre_dfa_exec(), which implements pattern matching using a DFA
+algorithm, has been added. This has a number of advantages for certain cases,
+though it does run more slowly, and lacks the ability to capture substrings. On
+the other hand, it does find all matches, not just the first, and it works
+better for partial matching. The pcrematching man page discusses the
+differences.
+
+The pcretest program has been enhanced so that it can make use of the new
+pcre_dfa_exec() matching function and the extra features it provides.
+
+The distribution now includes a C++ wrapper library. This is built
+automatically if a C++ compiler is found. The pcrecpp man page discusses this
+interface.
+
+The code itself has been re-organized into many more files, one for each
+function, so it no longer requires everything to be linked in when static
+linkage is used. As a consequence, some internal functions have had to have
+their names exposed. These functions all have names starting with _pcre_. They
+are undocumented, and are not intended for use by outside callers.
+
+The pcregrep program has been enhanced with new functionality such as
+multiline-matching and options for output more matching context. See the
+ChangeLog for a complete list of changes to the library and the utility
+programs.
+
+
+Release 5.0 13-Sep-04
+---------------------
+
+The licence under which PCRE is released has been changed to the more
+conventional "BSD" licence.
+
+In the code, some bugs have been fixed, and there are also some major changes
+in this release (which is why I've increased the number to 5.0). Some changes
+are internal rearrangements, and some provide a number of new facilities. The
+new features are:
+
+1. There's an "automatic callout" feature that inserts callouts before every
+   item in the regex, and there's a new callout field that gives the position
+   in the pattern - useful for debugging and tracing.
+
+2. The extra_data structure can now be used to pass in a set of character
+   tables at exec time. This is useful if compiled regex are saved and re-used
+   at a later time when the tables may not be at the same address. If the
+   default internal tables are used, the pointer saved with the compiled
+   pattern is now set to NULL, which means that you don't need to do anything
+   special unless you are using custom tables.
+
+3. It is possible, with some restrictions on the content of the regex, to
+   request "partial" matching. A special return code is given if all of the
+   subject string matched part of the regex. This could be useful for testing
+   an input field as it is being typed.
+
+4. There is now some optional support for Unicode character properties, which
+   means that the patterns items such as \p{Lu} and \X can now be used. Only
+   the general category properties are supported. If PCRE is compiled with this
+   support, an additional 90K data structure is include, which increases the
+   size of the library dramatically.
+
+5. There is support for saving compiled patterns and re-using them later.
+
+6. There is support for running regular expressions that were compiled on a
+   different host with the opposite endianness.
+
+7. The pcretest program has been extended to accommodate the new features.
+
+The main internal rearrangement is that sequences of literal characters are no
+longer handled as strings. Instead, each character is handled on its own. This
+makes some UTF-8 handling easier, and makes the support of partial matching
+possible. Compiled patterns containing long literal strings will be larger as a
+result of this change; I hope that performance will not be much affected.
+
+
+Release 4.5 01-Dec-03
+---------------------
+
+Again mainly a bug-fix and tidying release, with only a couple of new features:
+
+1. It's possible now to compile PCRE so that it does not use recursive
+function calls when matching. Instead it gets memory from the heap. This slows
+things down, but may be necessary on systems with limited stacks.
+
+2. UTF-8 string checking has been tightened to reject overlong sequences and to
+check that a starting offset points to the start of a character. Failure of the
+latter returns a new error code: PCRE_ERROR_BADUTF8_OFFSET.
+
+3. PCRE can now be compiled for systems that use EBCDIC code.
+
+
+Release 4.4 21-Aug-03
+---------------------
+
+This is mainly a bug-fix and tidying release. The only new feature is that PCRE
+checks UTF-8 strings for validity by default. There is an option to suppress
+this, just in case anybody wants that teeny extra bit of performance.
+
+
+Releases 4.1 - 4.3
+------------------
+
+Sorry, I forgot about updating the NEWS file for these releases. Please take a
+look at ChangeLog.
+
+
+Release 4.0 17-Feb-03
+---------------------
+
+There have been a lot of changes for the 4.0 release, adding additional
+functionality and mending bugs. Below is a list of the highlights of the new
+functionality. For full details of these features, please consult the
+documentation. For a complete list of changes, see the ChangeLog file.
+
+1. Support for Perl's \Q...\E escapes.
+
+2. "Possessive quantifiers" ?+, *+, ++, and {,}+ which come from Sun's Java
+package. They provide some syntactic sugar for simple cases of "atomic
+grouping".
+
+3. Support for the \G assertion. It is true when the current matching position
+is at the start point of the match.
+
+4. A new feature that provides some of the functionality that Perl provides
+with (?{...}). The facility is termed a "callout". The way it is done in PCRE
+is for the caller to provide an optional function, by setting pcre_callout to
+its entry point. To get the function called, the regex must include (?C) at
+appropriate points.
+
+5. Support for recursive calls to individual subpatterns. This makes it really
+easy to get totally confused.
+
+6. Support for named subpatterns. The Python syntax (?P<name>...) is used to
+name a group.
+
+7. Several extensions to UTF-8 support; it is now fairly complete. There is an
+option for pcregrep to make it operate in UTF-8 mode.
+
+8. The single man page has been split into a number of separate man pages.
+These also give rise to individual HTML pages which are put in a separate
+directory. There is an index.html page that lists them all. Some hyperlinking
+between the pages has been installed.
+
+
+Release 3.5 15-Aug-01
+---------------------
+
+1. The configuring system has been upgraded to use later versions of autoconf
+and libtool. By default it builds both a shared and a static library if the OS
+supports it. You can use --disable-shared or --disable-static on the configure
+command if you want only one of them.
+
+2. The pcretest utility is now installed along with pcregrep because it is
+useful for users (to test regexs) and by doing this, it automatically gets
+relinked by libtool. The documentation has been turned into a man page, so
+there are now .1, .txt, and .html versions in /doc.
+
+3. Upgrades to pcregrep:
+   (i)   Added long-form option names like gnu grep.
+   (ii)  Added --help to list all options with an explanatory phrase.
+   (iii) Added -r, --recursive to recurse into sub-directories.
+   (iv)  Added -f, --file to read patterns from a file.
+
+4. Added --enable-newline-is-cr and --enable-newline-is-lf to the configure
+script, to force use of CR or LF instead of \n in the source. On non-Unix
+systems, the value can be set in config.h.
+
+5. The limit of 200 on non-capturing parentheses is a _nesting_ limit, not an
+absolute limit. Changed the text of the error message to make this clear, and
+likewise updated the man page.
+
+6. The limit of 99 on the number of capturing subpatterns has been removed.
+The new limit is 65535, which I hope will not be a "real" limit.
+
+
+Release 3.3 01-Aug-00
+---------------------
+
+There is some support for UTF-8 character strings. This is incomplete and
+experimental. The documentation describes what is and what is not implemented.
+Otherwise, this is just a bug-fixing release.
+
+
+Release 3.0 01-Feb-00
+---------------------
+
+1. A "configure" script is now used to configure PCRE for Unix systems. It
+builds a Makefile, a config.h file, and the pcre-config script.
+
+2. PCRE is built as a shared library by default.
+
+3. There is support for POSIX classes such as [:alpha:].
+
+5. There is an experimental recursion feature.
+
+----------------------------------------------------------------------------
+          IMPORTANT FOR THOSE UPGRADING FROM VERSIONS BEFORE 2.00
+
+Please note that there has been a change in the API such that a larger
+ovector is required at matching time, to provide some additional workspace.
+The new man page has details. This change was necessary in order to support
+some of the new functionality in Perl 5.005.
+
+          IMPORTANT FOR THOSE UPGRADING FROM VERSION 2.00
+
+Another (I hope this is the last!) change has been made to the API for the
+pcre_compile() function. An additional argument has been added to make it
+possible to pass over a pointer to character tables built in the current
+locale by pcre_maketables(). To use the default tables, this new argument
+should be passed as NULL.
+
+          IMPORTANT FOR THOSE UPGRADING FROM VERSION 2.05
+
+Yet another (and again I hope this really is the last) change has been made
+to the API for the pcre_exec() function. An additional argument has been
+added to make it possible to start the match other than at the start of the
+subject string. This is important if there are lookbehinds. The new man
+page has the details, but you just want to convert existing programs, all
+you need to do is to stick in a new fifth argument to pcre_exec(), with a
+value of zero. For example, change
+
+  pcre_exec(pattern, extra, subject, length, options, ovec, ovecsize)
+to
+  pcre_exec(pattern, extra, subject, length, 0, options, ovec, ovecsize)
+
+****
diff --git a/client/3rd/ShadowSocks/ShadowSocks/pcre/arm64/share/doc/pcre/README b/client/3rd/ShadowSocks/ShadowSocks/pcre/arm64/share/doc/pcre/README
new file mode 100644
index 00000000..4887ebf3
--- /dev/null
+++ b/client/3rd/ShadowSocks/ShadowSocks/pcre/arm64/share/doc/pcre/README
@@ -0,0 +1,1002 @@
+README file for PCRE (Perl-compatible regular expression library)
+-----------------------------------------------------------------
+
+NOTE: This set of files relates to PCRE releases that use the original API,
+with library names libpcre, libpcre16, and libpcre32. January 2015 saw the
+first release of a new API, known as PCRE2, with release numbers starting at
+10.00 and library names libpcre2-8, libpcre2-16, and libpcre2-32. The old
+libraries (now called PCRE1) are still being maintained for bug fixes, but
+there will be no new development. New projects are advised to use the new PCRE2
+libraries.
+
+
+The latest release of PCRE1 is always available in three alternative formats
+from:
+
+  ftp://ftp.csx.cam.ac.uk/pub/software/programming/pcre/pcre-xxx.tar.gz
+  ftp://ftp.csx.cam.ac.uk/pub/software/programming/pcre/pcre-xxx.tar.bz2
+  ftp://ftp.csx.cam.ac.uk/pub/software/programming/pcre/pcre-xxx.zip
+
+There is a mailing list for discussion about the development of PCRE at
+pcre-dev@exim.org. You can access the archives and subscribe or manage your
+subscription here:
+
+   https://lists.exim.org/mailman/listinfo/pcre-dev
+
+Please read the NEWS file if you are upgrading from a previous release.
+The contents of this README file are:
+
+  The PCRE APIs
+  Documentation for PCRE
+  Contributions by users of PCRE
+  Building PCRE on non-Unix-like systems
+  Building PCRE without using autotools
+  Building PCRE using autotools
+  Retrieving configuration information
+  Shared libraries
+  Cross-compiling using autotools
+  Using HP's ANSI C++ compiler (aCC)
+  Compiling in Tru64 using native compilers
+  Using Sun's compilers for Solaris
+  Using PCRE from MySQL
+  Making new tarballs
+  Testing PCRE
+  Character tables
+  File manifest
+
+
+The PCRE APIs
+-------------
+
+PCRE is written in C, and it has its own API. There are three sets of
+functions, one for the 8-bit library, which processes strings of bytes, one for
+the 16-bit library, which processes strings of 16-bit values, and one for the
+32-bit library, which processes strings of 32-bit values. The distribution also
+includes a set of C++ wrapper functions (see the pcrecpp man page for details),
+courtesy of Google Inc., which can be used to call the 8-bit PCRE library from
+C++. Other C++ wrappers have been created from time to time. See, for example:
+https://github.com/YasserAsmi/regexp, which aims to be simple and similar in
+style to the C API.
+
+The distribution also contains a set of C wrapper functions (again, just for
+the 8-bit library) that are based on the POSIX regular expression API (see the
+pcreposix man page). These end up in the library called libpcreposix. Note that
+this just provides a POSIX calling interface to PCRE; the regular expressions
+themselves still follow Perl syntax and semantics. The POSIX API is restricted,
+and does not give full access to all of PCRE's facilities.
+
+The header file for the POSIX-style functions is called pcreposix.h. The
+official POSIX name is regex.h, but I did not want to risk possible problems
+with existing files of that name by distributing it that way. To use PCRE with
+an existing program that uses the POSIX API, pcreposix.h will have to be
+renamed or pointed at by a link.
+
+If you are using the POSIX interface to PCRE and there is already a POSIX regex
+library installed on your system, as well as worrying about the regex.h header
+file (as mentioned above), you must also take care when linking programs to
+ensure that they link with PCRE's libpcreposix library. Otherwise they may pick
+up the POSIX functions of the same name from the other library.
+
+One way of avoiding this confusion is to compile PCRE with the addition of
+-Dregcomp=PCREregcomp (and similarly for the other POSIX functions) to the
+compiler flags (CFLAGS if you are using "configure" -- see below). This has the
+effect of renaming the functions so that the names no longer clash. Of course,
+you have to do the same thing for your applications, or write them using the
+new names.
+
+
+Documentation for PCRE
+----------------------
+
+If you install PCRE in the normal way on a Unix-like system, you will end up
+with a set of man pages whose names all start with "pcre". The one that is just
+called "pcre" lists all the others. In addition to these man pages, the PCRE
+documentation is supplied in two other forms:
+
+  1. There are files called doc/pcre.txt, doc/pcregrep.txt, and
+     doc/pcretest.txt in the source distribution. The first of these is a
+     concatenation of the text forms of all the section 3 man pages except
+     the listing of pcredemo.c and those that summarize individual functions.
+     The other two are the text forms of the section 1 man pages for the
+     pcregrep and pcretest commands. These text forms are provided for ease of
+     scanning with text editors or similar tools. They are installed in
+     <prefix>/share/doc/pcre, where <prefix> is the installation prefix
+     (defaulting to /usr/local).
+
+  2. A set of files containing all the documentation in HTML form, hyperlinked
+     in various ways, and rooted in a file called index.html, is distributed in
+     doc/html and installed in <prefix>/share/doc/pcre/html.
+
+Users of PCRE have contributed files containing the documentation for various
+releases in CHM format. These can be found in the Contrib directory of the FTP
+site (see next section).
+
+
+Contributions by users of PCRE
+------------------------------
+
+You can find contributions from PCRE users in the directory
+
+  ftp://ftp.csx.cam.ac.uk/pub/software/programming/pcre/Contrib
+
+There is a README file giving brief descriptions of what they are. Some are
+complete in themselves; others are pointers to URLs containing relevant files.
+Some of this material is likely to be well out-of-date. Several of the earlier
+contributions provided support for compiling PCRE on various flavours of
+Windows (I myself do not use Windows). Nowadays there is more Windows support
+in the standard distribution, so these contibutions have been archived.
+
+A PCRE user maintains downloadable Windows binaries of the pcregrep and
+pcretest programs here:
+
+  http://www.rexegg.com/pcregrep-pcretest.html
+
+
+Building PCRE on non-Unix-like systems
+--------------------------------------
+
+For a non-Unix-like system, please read the comments in the file
+NON-AUTOTOOLS-BUILD, though if your system supports the use of "configure" and
+"make" you may be able to build PCRE using autotools in the same way as for
+many Unix-like systems.
+
+PCRE can also be configured using the GUI facility provided by CMake's
+cmake-gui command. This creates Makefiles, solution files, etc. The file
+NON-AUTOTOOLS-BUILD has information about CMake.
+
+PCRE has been compiled on many different operating systems. It should be
+straightforward to build PCRE on any system that has a Standard C compiler and
+library, because it uses only Standard C functions.
+
+
+Building PCRE without using autotools
+-------------------------------------
+
+The use of autotools (in particular, libtool) is problematic in some
+environments, even some that are Unix or Unix-like. See the NON-AUTOTOOLS-BUILD
+file for ways of building PCRE without using autotools.
+
+
+Building PCRE using autotools
+-----------------------------
+
+If you are using HP's ANSI C++ compiler (aCC), please see the special note
+in the section entitled "Using HP's ANSI C++ compiler (aCC)" below.
+
+The following instructions assume the use of the widely used "configure; make;
+make install" (autotools) process.
+
+To build PCRE on system that supports autotools, first run the "configure"
+command from the PCRE distribution directory, with your current directory set
+to the directory where you want the files to be created. This command is a
+standard GNU "autoconf" configuration script, for which generic instructions
+are supplied in the file INSTALL.
+
+Most commonly, people build PCRE within its own distribution directory, and in
+this case, on many systems, just running "./configure" is sufficient. However,
+the usual methods of changing standard defaults are available. For example:
+
+CFLAGS='-O2 -Wall' ./configure --prefix=/opt/local
+
+This command specifies that the C compiler should be run with the flags '-O2
+-Wall' instead of the default, and that "make install" should install PCRE
+under /opt/local instead of the default /usr/local.
+
+If you want to build in a different directory, just run "configure" with that
+directory as current. For example, suppose you have unpacked the PCRE source
+into /source/pcre/pcre-xxx, but you want to build it in /build/pcre/pcre-xxx:
+
+cd /build/pcre/pcre-xxx
+/source/pcre/pcre-xxx/configure
+
+PCRE is written in C and is normally compiled as a C library. However, it is
+possible to build it as a C++ library, though the provided building apparatus
+does not have any features to support this.
+
+There are some optional features that can be included or omitted from the PCRE
+library. They are also documented in the pcrebuild man page.
+
+. By default, both shared and static libraries are built. You can change this
+  by adding one of these options to the "configure" command:
+
+  --disable-shared
+  --disable-static
+
+  (See also "Shared libraries on Unix-like systems" below.)
+
+. By default, only the 8-bit library is built. If you add --enable-pcre16 to
+  the "configure" command, the 16-bit library is also built. If you add
+  --enable-pcre32 to the "configure" command, the 32-bit library is also built.
+  If you want only the 16-bit or 32-bit library, use --disable-pcre8 to disable
+  building the 8-bit library.
+
+. If you are building the 8-bit library and want to suppress the building of
+  the C++ wrapper library, you can add --disable-cpp to the "configure"
+  command. Otherwise, when "configure" is run without --disable-pcre8, it will
+  try to find a C++ compiler and C++ header files, and if it succeeds, it will
+  try to build the C++ wrapper.
+
+. If you want to include support for just-in-time compiling, which can give
+  large performance improvements on certain platforms, add --enable-jit to the
+  "configure" command. This support is available only for certain hardware
+  architectures. If you try to enable it on an unsupported architecture, there
+  will be a compile time error.
+
+. When JIT support is enabled, pcregrep automatically makes use of it, unless
+  you add --disable-pcregrep-jit to the "configure" command.
+
+. If you want to make use of the support for UTF-8 Unicode character strings in
+  the 8-bit library, or UTF-16 Unicode character strings in the 16-bit library,
+  or UTF-32 Unicode character strings in the 32-bit library, you must add
+  --enable-utf to the "configure" command. Without it, the code for handling
+  UTF-8, UTF-16 and UTF-8 is not included in the relevant library. Even
+  when --enable-utf is included, the use of a UTF encoding still has to be
+  enabled by an option at run time. When PCRE is compiled with this option, its
+  input can only either be ASCII or UTF-8/16/32, even when running on EBCDIC
+  platforms. It is not possible to use both --enable-utf and --enable-ebcdic at
+  the same time.
+
+. There are no separate options for enabling UTF-8, UTF-16 and UTF-32
+  independently because that would allow ridiculous settings such as requesting
+  UTF-16 support while building only the 8-bit library. However, the option
+  --enable-utf8 is retained for backwards compatibility with earlier releases
+  that did not support 16-bit or 32-bit character strings. It is synonymous with
+  --enable-utf. It is not possible to configure one library with UTF support
+  and the other without in the same configuration.
+
+. If, in addition to support for UTF-8/16/32 character strings, you want to
+  include support for the \P, \p, and \X sequences that recognize Unicode
+  character properties, you must add --enable-unicode-properties to the
+  "configure" command. This adds about 30K to the size of the library (in the
+  form of a property table); only the basic two-letter properties such as Lu
+  are supported.
+
+. You can build PCRE to recognize either CR or LF or the sequence CRLF or any
+  of the preceding, or any of the Unicode newline sequences as indicating the
+  end of a line. Whatever you specify at build time is the default; the caller
+  of PCRE can change the selection at run time. The default newline indicator
+  is a single LF character (the Unix standard). You can specify the default
+  newline indicator by adding --enable-newline-is-cr or --enable-newline-is-lf
+  or --enable-newline-is-crlf or --enable-newline-is-anycrlf or
+  --enable-newline-is-any to the "configure" command, respectively.
+
+  If you specify --enable-newline-is-cr or --enable-newline-is-crlf, some of
+  the standard tests will fail, because the lines in the test files end with
+  LF. Even if the files are edited to change the line endings, there are likely
+  to be some failures. With --enable-newline-is-anycrlf or
+  --enable-newline-is-any, many tests should succeed, but there may be some
+  failures.
+
+. By default, the sequence \R in a pattern matches any Unicode line ending
+  sequence. This is independent of the option specifying what PCRE considers to
+  be the end of a line (see above). However, the caller of PCRE can restrict \R
+  to match only CR, LF, or CRLF. You can make this the default by adding
+  --enable-bsr-anycrlf to the "configure" command (bsr = "backslash R").
+
+. When called via the POSIX interface, PCRE uses malloc() to get additional
+  storage for processing capturing parentheses if there are more than 10 of
+  them in a pattern. You can increase this threshold by setting, for example,
+
+  --with-posix-malloc-threshold=20
+
+  on the "configure" command.
+
+. PCRE has a counter that limits the depth of nesting of parentheses in a
+  pattern. This limits the amount of system stack that a pattern uses when it
+  is compiled. The default is 250, but you can change it by setting, for
+  example,
+
+  --with-parens-nest-limit=500
+
+. PCRE has a counter that can be set to limit the amount of resources it uses
+  when matching a pattern. If the limit is exceeded during a match, the match
+  fails. The default is ten million. You can change the default by setting, for
+  example,
+
+  --with-match-limit=500000
+
+  on the "configure" command. This is just the default; individual calls to
+  pcre_exec() can supply their own value. There is more discussion on the
+  pcreapi man page.
+
+. There is a separate counter that limits the depth of recursive function calls
+  during a matching process. This also has a default of ten million, which is
+  essentially "unlimited". You can change the default by setting, for example,
+
+  --with-match-limit-recursion=500000
+
+  Recursive function calls use up the runtime stack; running out of stack can
+  cause programs to crash in strange ways. There is a discussion about stack
+  sizes in the pcrestack man page.
+
+. The default maximum compiled pattern size is around 64K. You can increase
+  this by adding --with-link-size=3 to the "configure" command. In the 8-bit
+  library, PCRE then uses three bytes instead of two for offsets to different
+  parts of the compiled pattern. In the 16-bit library, --with-link-size=3 is
+  the same as --with-link-size=4, which (in both libraries) uses four-byte
+  offsets. Increasing the internal link size reduces performance. In the 32-bit
+  library, the only supported link size is 4.
+
+. You can build PCRE so that its internal match() function that is called from
+  pcre_exec() does not call itself recursively. Instead, it uses memory blocks
+  obtained from the heap via the special functions pcre_stack_malloc() and
+  pcre_stack_free() to save data that would otherwise be saved on the stack. To
+  build PCRE like this, use
+
+  --disable-stack-for-recursion
+
+  on the "configure" command. PCRE runs more slowly in this mode, but it may be
+  necessary in environments with limited stack sizes. This applies only to the
+  normal execution of the pcre_exec() function; if JIT support is being
+  successfully used, it is not relevant. Equally, it does not apply to
+  pcre_dfa_exec(), which does not use deeply nested recursion. There is a
+  discussion about stack sizes in the pcrestack man page.
+
+. For speed, PCRE uses four tables for manipulating and identifying characters
+  whose code point values are less than 256. By default, it uses a set of
+  tables for ASCII encoding that is part of the distribution. If you specify
+
+  --enable-rebuild-chartables
+
+  a program called dftables is compiled and run in the default C locale when
+  you obey "make". It builds a source file called pcre_chartables.c. If you do
+  not specify this option, pcre_chartables.c is created as a copy of
+  pcre_chartables.c.dist. See "Character tables" below for further information.
+
+. It is possible to compile PCRE for use on systems that use EBCDIC as their
+  character code (as opposed to ASCII/Unicode) by specifying
+
+  --enable-ebcdic
+
+  This automatically implies --enable-rebuild-chartables (see above). However,
+  when PCRE is built this way, it always operates in EBCDIC. It cannot support
+  both EBCDIC and UTF-8/16/32. There is a second option, --enable-ebcdic-nl25,
+  which specifies that the code value for the EBCDIC NL character is 0x25
+  instead of the default 0x15.
+
+. In environments where valgrind is installed, if you specify
+
+  --enable-valgrind
+
+  PCRE will use valgrind annotations to mark certain memory regions as
+  unaddressable. This allows it to detect invalid memory accesses, and is
+  mostly useful for debugging PCRE itself.
+
+. In environments where the gcc compiler is used and lcov version 1.6 or above
+  is installed, if you specify
+
+  --enable-coverage
+
+  the build process implements a code coverage report for the test suite. The
+  report is generated by running "make coverage". If ccache is installed on
+  your system, it must be disabled when building PCRE for coverage reporting.
+  You can do this by setting the environment variable CCACHE_DISABLE=1 before
+  running "make" to build PCRE. There is more information about coverage
+  reporting in the "pcrebuild" documentation.
+
+. The pcregrep program currently supports only 8-bit data files, and so
+  requires the 8-bit PCRE library. It is possible to compile pcregrep to use
+  libz and/or libbz2, in order to read .gz and .bz2 files (respectively), by
+  specifying one or both of
+
+  --enable-pcregrep-libz
+  --enable-pcregrep-libbz2
+
+  Of course, the relevant libraries must be installed on your system.
+
+. The default size (in bytes) of the internal buffer used by pcregrep can be
+  set by, for example:
+
+  --with-pcregrep-bufsize=51200
+
+  The value must be a plain integer. The default is 20480.
+
+. It is possible to compile pcretest so that it links with the libreadline
+  or libedit libraries, by specifying, respectively,
+
+  --enable-pcretest-libreadline or --enable-pcretest-libedit
+
+  If this is done, when pcretest's input is from a terminal, it reads it using
+  the readline() function. This provides line-editing and history facilities.
+  Note that libreadline is GPL-licenced, so if you distribute a binary of
+  pcretest linked in this way, there may be licensing issues. These can be
+  avoided by linking with libedit (which has a BSD licence) instead.
+
+  Enabling libreadline causes the -lreadline option to be added to the pcretest
+  build. In many operating environments with a sytem-installed readline
+  library this is sufficient. However, in some environments (e.g. if an
+  unmodified distribution version of readline is in use), it may be necessary
+  to specify something like LIBS="-lncurses" as well. This is because, to quote
+  the readline INSTALL, "Readline uses the termcap functions, but does not link
+  with the termcap or curses library itself, allowing applications which link
+  with readline the to choose an appropriate library." If you get error
+  messages about missing functions tgetstr, tgetent, tputs, tgetflag, or tgoto,
+  this is the problem, and linking with the ncurses library should fix it.
+
+The "configure" script builds the following files for the basic C library:
+
+. Makefile             the makefile that builds the library
+. config.h             build-time configuration options for the library
+. pcre.h               the public PCRE header file
+. pcre-config          script that shows the building settings such as CFLAGS
+                         that were set for "configure"
+. libpcre.pc         ) data for the pkg-config command
+. libpcre16.pc       )
+. libpcre32.pc       )
+. libpcreposix.pc    )
+. libtool              script that builds shared and/or static libraries
+
+Versions of config.h and pcre.h are distributed in the PCRE tarballs under the
+names config.h.generic and pcre.h.generic. These are provided for those who
+have to built PCRE without using "configure" or CMake. If you use "configure"
+or CMake, the .generic versions are not used.
+
+When building the 8-bit library, if a C++ compiler is found, the following
+files are also built:
+
+. libpcrecpp.pc        data for the pkg-config command
+. pcrecpparg.h         header file for calling PCRE via the C++ wrapper
+. pcre_stringpiece.h   header for the C++ "stringpiece" functions
+
+The "configure" script also creates config.status, which is an executable
+script that can be run to recreate the configuration, and config.log, which
+contains compiler output from tests that "configure" runs.
+
+Once "configure" has run, you can run "make". This builds the the libraries
+libpcre, libpcre16 and/or libpcre32, and a test program called pcretest. If you
+enabled JIT support with --enable-jit, a test program called pcre_jit_test is
+built as well.
+
+If the 8-bit library is built, libpcreposix and the pcregrep command are also
+built, and if a C++ compiler was found on your system, and you did not disable
+it with --disable-cpp, "make" builds the C++ wrapper library, which is called
+libpcrecpp, as well as some test programs called pcrecpp_unittest,
+pcre_scanner_unittest, and pcre_stringpiece_unittest.
+
+The command "make check" runs all the appropriate tests. Details of the PCRE
+tests are given below in a separate section of this document.
+
+You can use "make install" to install PCRE into live directories on your
+system. The following are installed (file names are all relative to the
+<prefix> that is set when "configure" is run):
+
+  Commands (bin):
+    pcretest
+    pcregrep (if 8-bit support is enabled)
+    pcre-config
+
+  Libraries (lib):
+    libpcre16     (if 16-bit support is enabled)
+    libpcre32     (if 32-bit support is enabled)
+    libpcre       (if 8-bit support is enabled)
+    libpcreposix  (if 8-bit support is enabled)
+    libpcrecpp    (if 8-bit and C++ support is enabled)
+
+  Configuration information (lib/pkgconfig):
+    libpcre16.pc
+    libpcre32.pc
+    libpcre.pc
+    libpcreposix.pc
+    libpcrecpp.pc (if C++ support is enabled)
+
+  Header files (include):
+    pcre.h
+    pcreposix.h
+    pcre_scanner.h      )
+    pcre_stringpiece.h  ) if C++ support is enabled
+    pcrecpp.h           )
+    pcrecpparg.h        )
+
+  Man pages (share/man/man{1,3}):
+    pcregrep.1
+    pcretest.1
+    pcre-config.1
+    pcre.3
+    pcre*.3 (lots more pages, all starting "pcre")
+
+  HTML documentation (share/doc/pcre/html):
+    index.html
+    *.html (lots more pages, hyperlinked from index.html)
+
+  Text file documentation (share/doc/pcre):
+    AUTHORS
+    COPYING
+    ChangeLog
+    LICENCE
+    NEWS
+    README
+    pcre.txt         (a concatenation of the man(3) pages)
+    pcretest.txt     the pcretest man page
+    pcregrep.txt     the pcregrep man page
+    pcre-config.txt  the pcre-config man page
+
+If you want to remove PCRE from your system, you can run "make uninstall".
+This removes all the files that "make install" installed. However, it does not
+remove any directories, because these are often shared with other programs.
+
+
+Retrieving configuration information
+------------------------------------
+
+Running "make install" installs the command pcre-config, which can be used to
+recall information about the PCRE configuration and installation. For example:
+
+  pcre-config --version
+
+prints the version number, and
+
+  pcre-config --libs
+
+outputs information about where the library is installed. This command can be
+included in makefiles for programs that use PCRE, saving the programmer from
+having to remember too many details.
+
+The pkg-config command is another system for saving and retrieving information
+about installed libraries. Instead of separate commands for each library, a
+single command is used. For example:
+
+  pkg-config --cflags pcre
+
+The data is held in *.pc files that are installed in a directory called
+<prefix>/lib/pkgconfig.
+
+
+Shared libraries
+----------------
+
+The default distribution builds PCRE as shared libraries and static libraries,
+as long as the operating system supports shared libraries. Shared library
+support relies on the "libtool" script which is built as part of the
+"configure" process.
+
+The libtool script is used to compile and link both shared and static
+libraries. They are placed in a subdirectory called .libs when they are newly
+built. The programs pcretest and pcregrep are built to use these uninstalled
+libraries (by means of wrapper scripts in the case of shared libraries). When
+you use "make install" to install shared libraries, pcregrep and pcretest are
+automatically re-built to use the newly installed shared libraries before being
+installed themselves. However, the versions left in the build directory still
+use the uninstalled libraries.
+
+To build PCRE using static libraries only you must use --disable-shared when
+configuring it. For example:
+
+./configure --prefix=/usr/gnu --disable-shared
+
+Then run "make" in the usual way. Similarly, you can use --disable-static to
+build only shared libraries.
+
+
+Cross-compiling using autotools
+-------------------------------
+
+You can specify CC and CFLAGS in the normal way to the "configure" command, in
+order to cross-compile PCRE for some other host. However, you should NOT
+specify --enable-rebuild-chartables, because if you do, the dftables.c source
+file is compiled and run on the local host, in order to generate the inbuilt
+character tables (the pcre_chartables.c file). This will probably not work,
+because dftables.c needs to be compiled with the local compiler, not the cross
+compiler.
+
+When --enable-rebuild-chartables is not specified, pcre_chartables.c is created
+by making a copy of pcre_chartables.c.dist, which is a default set of tables
+that assumes ASCII code. Cross-compiling with the default tables should not be
+a problem.
+
+If you need to modify the character tables when cross-compiling, you should
+move pcre_chartables.c.dist out of the way, then compile dftables.c by hand and
+run it on the local host to make a new version of pcre_chartables.c.dist.
+Then when you cross-compile PCRE this new version of the tables will be used.
+
+
+Using HP's ANSI C++ compiler (aCC)
+----------------------------------
+
+Unless C++ support is disabled by specifying the "--disable-cpp" option of the
+"configure" script, you must include the "-AA" option in the CXXFLAGS
+environment variable in order for the C++ components to compile correctly.
+
+Also, note that the aCC compiler on PA-RISC platforms may have a defect whereby
+needed libraries fail to get included when specifying the "-AA" compiler
+option. If you experience unresolved symbols when linking the C++ programs,
+use the workaround of specifying the following environment variable prior to
+running the "configure" script:
+
+  CXXLDFLAGS="-lstd_v2 -lCsup_v2"
+
+
+Compiling in Tru64 using native compilers
+-----------------------------------------
+
+The following error may occur when compiling with native compilers in the Tru64
+operating system:
+
+  CXX    libpcrecpp_la-pcrecpp.lo
+cxx: Error: /usr/lib/cmplrs/cxx/V7.1-006/include/cxx/iosfwd, line 58: #error
+          directive: "cannot include iosfwd -- define __USE_STD_IOSTREAM to
+          override default - see section 7.1.2 of the C++ Using Guide"
+#error "cannot include iosfwd -- define __USE_STD_IOSTREAM to override default
+- see section 7.1.2 of the C++ Using Guide"
+
+This may be followed by other errors, complaining that 'namespace "std" has no
+member'. The solution to this is to add the line
+
+#define __USE_STD_IOSTREAM 1
+
+to the config.h file.
+
+
+Using Sun's compilers for Solaris
+---------------------------------
+
+A user reports that the following configurations work on Solaris 9 sparcv9 and
+Solaris 9 x86 (32-bit):
+
+  Solaris 9 sparcv9: ./configure --disable-cpp CC=/bin/cc CFLAGS="-m64 -g"
+  Solaris 9 x86:     ./configure --disable-cpp CC=/bin/cc CFLAGS="-g"
+
+
+Using PCRE from MySQL
+---------------------
+
+On systems where both PCRE and MySQL are installed, it is possible to make use
+of PCRE from within MySQL, as an alternative to the built-in pattern matching.
+There is a web page that tells you how to do this:
+
+  http://www.mysqludf.org/lib_mysqludf_preg/index.php
+
+
+Making new tarballs
+-------------------
+
+The command "make dist" creates three PCRE tarballs, in tar.gz, tar.bz2, and
+zip formats. The command "make distcheck" does the same, but then does a trial
+build of the new distribution to ensure that it works.
+
+If you have modified any of the man page sources in the doc directory, you
+should first run the PrepareRelease script before making a distribution. This
+script creates the .txt and HTML forms of the documentation from the man pages.
+
+
+Testing PCRE
+------------
+
+To test the basic PCRE library on a Unix-like system, run the RunTest script.
+There is another script called RunGrepTest that tests the options of the
+pcregrep command. If the C++ wrapper library is built, three test programs
+called pcrecpp_unittest, pcre_scanner_unittest, and pcre_stringpiece_unittest
+are also built. When JIT support is enabled, another test program called
+pcre_jit_test is built.
+
+Both the scripts and all the program tests are run if you obey "make check" or
+"make test". For other environments, see the instructions in
+NON-AUTOTOOLS-BUILD.
+
+The RunTest script runs the pcretest test program (which is documented in its
+own man page) on each of the relevant testinput files in the testdata
+directory, and compares the output with the contents of the corresponding
+testoutput files. RunTest uses a file called testtry to hold the main output
+from pcretest. Other files whose names begin with "test" are used as working
+files in some tests.
+
+Some tests are relevant only when certain build-time options were selected. For
+example, the tests for UTF-8/16/32 support are run only if --enable-utf was
+used. RunTest outputs a comment when it skips a test.
+
+Many of the tests that are not skipped are run up to three times. The second
+run forces pcre_study() to be called for all patterns except for a few in some
+tests that are marked "never study" (see the pcretest program for how this is
+done). If JIT support is available, the non-DFA tests are run a third time,
+this time with a forced pcre_study() with the PCRE_STUDY_JIT_COMPILE option.
+This testing can be suppressed by putting "nojit" on the RunTest command line.
+
+The entire set of tests is run once for each of the 8-bit, 16-bit and 32-bit
+libraries that are enabled. If you want to run just one set of tests, call
+RunTest with either the -8, -16 or -32 option.
+
+If valgrind is installed, you can run the tests under it by putting "valgrind"
+on the RunTest command line. To run pcretest on just one or more specific test
+files, give their numbers as arguments to RunTest, for example:
+
+  RunTest 2 7 11
+
+You can also specify ranges of tests such as 3-6 or 3- (meaning 3 to the
+end), or a number preceded by ~ to exclude a test. For example:
+
+  Runtest 3-15 ~10
+
+This runs tests 3 to 15, excluding test 10, and just ~13 runs all the tests
+except test 13. Whatever order the arguments are in, the tests are always run
+in numerical order.
+
+You can also call RunTest with the single argument "list" to cause it to output
+a list of tests.
+
+The first test file can be fed directly into the perltest.pl script to check
+that Perl gives the same results. The only difference you should see is in the
+first few lines, where the Perl version is given instead of the PCRE version.
+
+The second set of tests check pcre_fullinfo(), pcre_study(),
+pcre_copy_substring(), pcre_get_substring(), pcre_get_substring_list(), error
+detection, and run-time flags that are specific to PCRE, as well as the POSIX
+wrapper API. It also uses the debugging flags to check some of the internals of
+pcre_compile().
+
+If you build PCRE with a locale setting that is not the standard C locale, the
+character tables may be different (see next paragraph). In some cases, this may
+cause failures in the second set of tests. For example, in a locale where the
+isprint() function yields TRUE for characters in the range 128-255, the use of
+[:isascii:] inside a character class defines a different set of characters, and
+this shows up in this test as a difference in the compiled code, which is being
+listed for checking. Where the comparison test output contains [\x00-\x7f] the
+test will contain [\x00-\xff], and similarly in some other cases. This is not a
+bug in PCRE.
+
+The third set of tests checks pcre_maketables(), the facility for building a
+set of character tables for a specific locale and using them instead of the
+default tables. The tests make use of the "fr_FR" (French) locale. Before
+running the test, the script checks for the presence of this locale by running
+the "locale" command. If that command fails, or if it doesn't include "fr_FR"
+in the list of available locales, the third test cannot be run, and a comment
+is output to say why. If running this test produces instances of the error
+
+  ** Failed to set locale "fr_FR"
+
+in the comparison output, it means that locale is not available on your system,
+despite being listed by "locale". This does not mean that PCRE is broken.
+
+[If you are trying to run this test on Windows, you may be able to get it to
+work by changing "fr_FR" to "french" everywhere it occurs. Alternatively, use
+RunTest.bat. The version of RunTest.bat included with PCRE 7.4 and above uses
+Windows versions of test 2. More info on using RunTest.bat is included in the
+document entitled NON-UNIX-USE.]
+
+The fourth and fifth tests check the UTF-8/16/32 support and error handling and
+internal UTF features of PCRE that are not relevant to Perl, respectively. The
+sixth and seventh tests do the same for Unicode character properties support.
+
+The eighth, ninth, and tenth tests check the pcre_dfa_exec() alternative
+matching function, in non-UTF-8/16/32 mode, UTF-8/16/32 mode, and UTF-8/16/32
+mode with Unicode property support, respectively.
+
+The eleventh test checks some internal offsets and code size features; it is
+run only when the default "link size" of 2 is set (in other cases the sizes
+change) and when Unicode property support is enabled.
+
+The twelfth test is run only when JIT support is available, and the thirteenth
+test is run only when JIT support is not available. They test some JIT-specific
+features such as information output from pcretest about JIT compilation.
+
+The fourteenth, fifteenth, and sixteenth tests are run only in 8-bit mode, and
+the seventeenth, eighteenth, and nineteenth tests are run only in 16/32-bit
+mode. These are tests that generate different output in the two modes. They are
+for general cases, UTF-8/16/32 support, and Unicode property support,
+respectively.
+
+The twentieth test is run only in 16/32-bit mode. It tests some specific
+16/32-bit features of the DFA matching engine.
+
+The twenty-first and twenty-second tests are run only in 16/32-bit mode, when
+the link size is set to 2 for the 16-bit library. They test reloading
+pre-compiled patterns.
+
+The twenty-third and twenty-fourth tests are run only in 16-bit mode. They are
+for general cases, and UTF-16 support, respectively.
+
+The twenty-fifth and twenty-sixth tests are run only in 32-bit mode. They are
+for general cases, and UTF-32 support, respectively.
+
+
+Character tables
+----------------
+
+For speed, PCRE uses four tables for manipulating and identifying characters
+whose code point values are less than 256. The final argument of the
+pcre_compile() function is a pointer to a block of memory containing the
+concatenated tables. A call to pcre_maketables() can be used to generate a set
+of tables in the current locale. If the final argument for pcre_compile() is
+passed as NULL, a set of default tables that is built into the binary is used.
+
+The source file called pcre_chartables.c contains the default set of tables. By
+default, this is created as a copy of pcre_chartables.c.dist, which contains
+tables for ASCII coding. However, if --enable-rebuild-chartables is specified
+for ./configure, a different version of pcre_chartables.c is built by the
+program dftables (compiled from dftables.c), which uses the ANSI C character
+handling functions such as isalnum(), isalpha(), isupper(), islower(), etc. to
+build the table sources. This means that the default C locale which is set for
+your system will control the contents of these default tables. You can change
+the default tables by editing pcre_chartables.c and then re-building PCRE. If
+you do this, you should take care to ensure that the file does not get
+automatically re-generated. The best way to do this is to move
+pcre_chartables.c.dist out of the way and replace it with your customized
+tables.
+
+When the dftables program is run as a result of --enable-rebuild-chartables,
+it uses the default C locale that is set on your system. It does not pay
+attention to the LC_xxx environment variables. In other words, it uses the
+system's default locale rather than whatever the compiling user happens to have
+set. If you really do want to build a source set of character tables in a
+locale that is specified by the LC_xxx variables, you can run the dftables
+program by hand with the -L option. For example:
+
+  ./dftables -L pcre_chartables.c.special
+
+The first two 256-byte tables provide lower casing and case flipping functions,
+respectively. The next table consists of three 32-byte bit maps which identify
+digits, "word" characters, and white space, respectively. These are used when
+building 32-byte bit maps that represent character classes for code points less
+than 256.
+
+The final 256-byte table has bits indicating various character types, as
+follows:
+
+    1   white space character
+    2   letter
+    4   decimal digit
+    8   hexadecimal digit
+   16   alphanumeric or '_'
+  128   regular expression metacharacter or binary zero
+
+You should not alter the set of characters that contain the 128 bit, as that
+will cause PCRE to malfunction.
+
+
+File manifest
+-------------
+
+The distribution should contain the files listed below. Where a file name is
+given as pcre[16|32]_xxx it means that there are three files, one with the name
+pcre_xxx, one with the name pcre16_xx, and a third with the name pcre32_xxx.
+
+(A) Source files of the PCRE library functions and their headers:
+
+  dftables.c              auxiliary program for building pcre_chartables.c
+                          when --enable-rebuild-chartables is specified
+
+  pcre_chartables.c.dist  a default set of character tables that assume ASCII
+                          coding; used, unless --enable-rebuild-chartables is
+                          specified, by copying to pcre[16]_chartables.c
+
+  pcreposix.c                )
+  pcre[16|32]_byte_order.c   )
+  pcre[16|32]_compile.c      )
+  pcre[16|32]_config.c       )
+  pcre[16|32]_dfa_exec.c     )
+  pcre[16|32]_exec.c         )
+  pcre[16|32]_fullinfo.c     )
+  pcre[16|32]_get.c          ) sources for the functions in the library,
+  pcre[16|32]_globals.c      )   and some internal functions that they use
+  pcre[16|32]_jit_compile.c  )
+  pcre[16|32]_maketables.c   )
+  pcre[16|32]_newline.c      )
+  pcre[16|32]_refcount.c     )
+  pcre[16|32]_string_utils.c )
+  pcre[16|32]_study.c        )
+  pcre[16|32]_tables.c       )
+  pcre[16|32]_ucd.c          )
+  pcre[16|32]_version.c      )
+  pcre[16|32]_xclass.c       )
+  pcre_ord2utf8.c            )
+  pcre_valid_utf8.c          )
+  pcre16_ord2utf16.c         )
+  pcre16_utf16_utils.c       )
+  pcre16_valid_utf16.c       )
+  pcre32_utf32_utils.c       )
+  pcre32_valid_utf32.c       )
+
+  pcre[16|32]_printint.c     ) debugging function that is used by pcretest,
+                             )   and can also be #included in pcre_compile()
+
+  pcre.h.in               template for pcre.h when built by "configure"
+  pcreposix.h             header for the external POSIX wrapper API
+  pcre_internal.h         header for internal use
+  sljit/*                 16 files that make up the JIT compiler
+  ucp.h                   header for Unicode property handling
+
+  config.h.in             template for config.h, which is built by "configure"
+
+  pcrecpp.h               public header file for the C++ wrapper
+  pcrecpparg.h.in         template for another C++ header file
+  pcre_scanner.h          public header file for C++ scanner functions
+  pcrecpp.cc              )
+  pcre_scanner.cc         ) source for the C++ wrapper library
+
+  pcre_stringpiece.h.in   template for pcre_stringpiece.h, the header for the
+                            C++ stringpiece functions
+  pcre_stringpiece.cc     source for the C++ stringpiece functions
+
+(B) Source files for programs that use PCRE:
+
+  pcredemo.c              simple demonstration of coding calls to PCRE
+  pcregrep.c              source of a grep utility that uses PCRE
+  pcretest.c              comprehensive test program
+
+(C) Auxiliary files:
+
+  132html                 script to turn "man" pages into HTML
+  AUTHORS                 information about the author of PCRE
+  ChangeLog               log of changes to the code
+  CleanTxt                script to clean nroff output for txt man pages
+  Detrail                 script to remove trailing spaces
+  HACKING                 some notes about the internals of PCRE
+  INSTALL                 generic installation instructions
+  LICENCE                 conditions for the use of PCRE
+  COPYING                 the same, using GNU's standard name
+  Makefile.in             ) template for Unix Makefile, which is built by
+                          )   "configure"
+  Makefile.am             ) the automake input that was used to create
+                          )   Makefile.in
+  NEWS                    important changes in this release
+  NON-UNIX-USE            the previous name for NON-AUTOTOOLS-BUILD
+  NON-AUTOTOOLS-BUILD     notes on building PCRE without using autotools
+  PrepareRelease          script to make preparations for "make dist"
+  README                  this file
+  RunTest                 a Unix shell script for running tests
+  RunGrepTest             a Unix shell script for pcregrep tests
+  aclocal.m4              m4 macros (generated by "aclocal")
+  config.guess            ) files used by libtool,
+  config.sub              )   used only when building a shared library
+  configure               a configuring shell script (built by autoconf)
+  configure.ac            ) the autoconf input that was used to build
+                          )   "configure" and config.h
+  depcomp                 ) script to find program dependencies, generated by
+                          )   automake
+  doc/*.3                 man page sources for PCRE
+  doc/*.1                 man page sources for pcregrep and pcretest
+  doc/index.html.src      the base HTML page
+  doc/html/*              HTML documentation
+  doc/pcre.txt            plain text version of the man pages
+  doc/pcretest.txt        plain text documentation of test program
+  doc/perltest.txt        plain text documentation of Perl test program
+  install-sh              a shell script for installing files
+  libpcre16.pc.in         template for libpcre16.pc for pkg-config
+  libpcre32.pc.in         template for libpcre32.pc for pkg-config
+  libpcre.pc.in           template for libpcre.pc for pkg-config
+  libpcreposix.pc.in      template for libpcreposix.pc for pkg-config
+  libpcrecpp.pc.in        template for libpcrecpp.pc for pkg-config
+  ltmain.sh               file used to build a libtool script
+  missing                 ) common stub for a few missing GNU programs while
+                          )   installing, generated by automake
+  mkinstalldirs           script for making install directories
+  perltest.pl             Perl test program
+  pcre-config.in          source of script which retains PCRE information
+  pcre_jit_test.c         test program for the JIT compiler
+  pcrecpp_unittest.cc          )
+  pcre_scanner_unittest.cc     ) test programs for the C++ wrapper
+  pcre_stringpiece_unittest.cc )
+  testdata/testinput*     test data for main library tests
+  testdata/testoutput*    expected test results
+  testdata/grep*          input and output for pcregrep tests
+  testdata/*              other supporting test files
+
+(D) Auxiliary files for cmake support
+
+  cmake/COPYING-CMAKE-SCRIPTS
+  cmake/FindPackageHandleStandardArgs.cmake
+  cmake/FindEditline.cmake
+  cmake/FindReadline.cmake
+  CMakeLists.txt
+  config-cmake.h.in
+
+(E) Auxiliary files for VPASCAL
+
+  makevp.bat
+  makevp_c.txt
+  makevp_l.txt
+  pcregexp.pas
+
+(F) Auxiliary files for building PCRE "by hand"
+
+  pcre.h.generic          ) a version of the public PCRE header file
+                          )   for use in non-"configure" environments
+  config.h.generic        ) a version of config.h for use in non-"configure"
+                          )   environments
+
+(F) Miscellaneous
+
+  RunTest.bat            a script for running tests under Windows
+
+Philip Hazel
+Email local part: ph10
+Email domain: cam.ac.uk
+Last updated: 10 February 2015
diff --git a/client/3rd/ShadowSocks/ShadowSocks/pcre/arm64/share/doc/pcre/html/NON-AUTOTOOLS-BUILD.txt b/client/3rd/ShadowSocks/ShadowSocks/pcre/arm64/share/doc/pcre/html/NON-AUTOTOOLS-BUILD.txt
new file mode 100644
index 00000000..39100591
--- /dev/null
+++ b/client/3rd/ShadowSocks/ShadowSocks/pcre/arm64/share/doc/pcre/html/NON-AUTOTOOLS-BUILD.txt
@@ -0,0 +1,772 @@
+Building PCRE without using autotools
+-------------------------------------
+
+NOTE: This document relates to PCRE releases that use the original API, with
+library names libpcre, libpcre16, and libpcre32. January 2015 saw the first
+release of a new API, known as PCRE2, with release numbers starting at 10.00
+and library names libpcre2-8, libpcre2-16, and libpcre2-32. The old libraries
+(now called PCRE1) are still being maintained for bug fixes, but there will be
+no new development. New projects are advised to use the new PCRE2 libraries.
+
+
+This document contains the following sections:
+
+  General
+  Generic instructions for the PCRE C library
+  The C++ wrapper functions
+  Building for virtual Pascal
+  Stack size in Windows environments
+  Linking programs in Windows environments
+  Calling conventions in Windows environments
+  Comments about Win32 builds
+  Building PCRE on Windows with CMake
+  Use of relative paths with CMake on Windows
+  Testing with RunTest.bat
+  Building under Windows CE with Visual Studio 200x
+  Building under Windows with BCC5.5
+  Building using Borland C++ Builder 2007 (CB2007) and higher
+  Building PCRE on OpenVMS
+  Building PCRE on Stratus OpenVOS
+  Building PCRE on native z/OS and z/VM
+
+
+GENERAL
+
+I (Philip Hazel) have no experience of Windows or VMS sytems and how their
+libraries work. The items in the PCRE distribution and Makefile that relate to
+anything other than Linux systems are untested by me.
+
+There are some other comments and files (including some documentation in CHM
+format) in the Contrib directory on the FTP site:
+
+  ftp://ftp.csx.cam.ac.uk/pub/software/programming/pcre/Contrib
+
+The basic PCRE library consists entirely of code written in Standard C, and so
+should compile successfully on any system that has a Standard C compiler and
+library. The C++ wrapper functions are a separate issue (see below).
+
+The PCRE distribution includes a "configure" file for use by the configure/make
+(autotools) build system, as found in many Unix-like environments. The README
+file contains information about the options for "configure".
+
+There is also support for CMake, which some users prefer, especially in Windows
+environments, though it can also be run in Unix-like environments. See the
+section entitled "Building PCRE on Windows with CMake" below.
+
+Versions of config.h and pcre.h are distributed in the PCRE tarballs under the
+names config.h.generic and pcre.h.generic. These are provided for those who
+build PCRE without using "configure" or CMake. If you use "configure" or CMake,
+the .generic versions are not used.
+
+
+GENERIC INSTRUCTIONS FOR THE PCRE C LIBRARY
+
+The following are generic instructions for building the PCRE C library "by
+hand". If you are going to use CMake, this section does not apply to you; you
+can skip ahead to the CMake section.
+
+ (1) Copy or rename the file config.h.generic as config.h, and edit the macro
+     settings that it contains to whatever is appropriate for your environment.
+
+     In particular, you can alter the definition of the NEWLINE macro to
+     specify what character(s) you want to be interpreted as line terminators.
+     In an EBCDIC environment, you MUST change NEWLINE, because its default
+     value is 10, an ASCII LF. The usual EBCDIC newline character is 21 (0x15,
+     NL), though in some cases it may be 37 (0x25).
+
+     When you compile any of the PCRE modules, you must specify -DHAVE_CONFIG_H
+     to your compiler so that config.h is included in the sources.
+
+     An alternative approach is not to edit config.h, but to use -D on the
+     compiler command line to make any changes that you need to the
+     configuration options. In this case -DHAVE_CONFIG_H must not be set.
+
+     NOTE: There have been occasions when the way in which certain parameters
+     in config.h are used has changed between releases. (In the configure/make
+     world, this is handled automatically.) When upgrading to a new release,
+     you are strongly advised to review config.h.generic before re-using what
+     you had previously.
+
+ (2) Copy or rename the file pcre.h.generic as pcre.h.
+
+ (3) EITHER:
+       Copy or rename file pcre_chartables.c.dist as pcre_chartables.c.
+
+     OR:
+       Compile dftables.c as a stand-alone program (using -DHAVE_CONFIG_H if
+       you have set up config.h), and then run it with the single argument
+       "pcre_chartables.c". This generates a set of standard character tables
+       and writes them to that file. The tables are generated using the default
+       C locale for your system. If you want to use a locale that is specified
+       by LC_xxx environment variables, add the -L option to the dftables
+       command. You must use this method if you are building on a system that
+       uses EBCDIC code.
+
+     The tables in pcre_chartables.c are defaults. The caller of PCRE can
+     specify alternative tables at run time.
+
+ (4) Ensure that you have the following header files:
+
+       pcre_internal.h
+       ucp.h
+
+ (5) For an 8-bit library, compile the following source files, setting
+     -DHAVE_CONFIG_H as a compiler option if you have set up config.h with your
+     configuration, or else use other -D settings to change the configuration
+     as required.
+
+       pcre_byte_order.c
+       pcre_chartables.c
+       pcre_compile.c
+       pcre_config.c
+       pcre_dfa_exec.c
+       pcre_exec.c
+       pcre_fullinfo.c
+       pcre_get.c
+       pcre_globals.c
+       pcre_jit_compile.c
+       pcre_maketables.c
+       pcre_newline.c
+       pcre_ord2utf8.c
+       pcre_refcount.c
+       pcre_string_utils.c
+       pcre_study.c
+       pcre_tables.c
+       pcre_ucd.c
+       pcre_valid_utf8.c
+       pcre_version.c
+       pcre_xclass.c
+
+     Make sure that you include -I. in the compiler command (or equivalent for
+     an unusual compiler) so that all included PCRE header files are first
+     sought in the current directory. Otherwise you run the risk of picking up
+     a previously-installed file from somewhere else.
+
+     Note that you must still compile pcre_jit_compile.c, even if you have not
+     defined SUPPORT_JIT in config.h, because when JIT support is not
+     configured, dummy functions are compiled. When JIT support IS configured,
+     pcre_jit_compile.c #includes sources from the sljit subdirectory, where
+     there should be 16 files, all of whose names begin with "sljit".
+
+ (6) Now link all the compiled code into an object library in whichever form
+     your system keeps such libraries. This is the basic PCRE C 8-bit library.
+     If your system has static and shared libraries, you may have to do this
+     once for each type.
+
+ (7) If you want to build a 16-bit library (as well as, or instead of the 8-bit
+     or 32-bit libraries) repeat steps 5-6 with the following files:
+
+       pcre16_byte_order.c
+       pcre16_chartables.c
+       pcre16_compile.c
+       pcre16_config.c
+       pcre16_dfa_exec.c
+       pcre16_exec.c
+       pcre16_fullinfo.c
+       pcre16_get.c
+       pcre16_globals.c
+       pcre16_jit_compile.c
+       pcre16_maketables.c
+       pcre16_newline.c
+       pcre16_ord2utf16.c
+       pcre16_refcount.c
+       pcre16_string_utils.c
+       pcre16_study.c
+       pcre16_tables.c
+       pcre16_ucd.c
+       pcre16_utf16_utils.c
+       pcre16_valid_utf16.c
+       pcre16_version.c
+       pcre16_xclass.c
+
+ (8) If you want to build a 32-bit library (as well as, or instead of the 8-bit
+     or 16-bit libraries) repeat steps 5-6 with the following files:
+
+       pcre32_byte_order.c
+       pcre32_chartables.c
+       pcre32_compile.c
+       pcre32_config.c
+       pcre32_dfa_exec.c
+       pcre32_exec.c
+       pcre32_fullinfo.c
+       pcre32_get.c
+       pcre32_globals.c
+       pcre32_jit_compile.c
+       pcre32_maketables.c
+       pcre32_newline.c
+       pcre32_ord2utf32.c
+       pcre32_refcount.c
+       pcre32_string_utils.c
+       pcre32_study.c
+       pcre32_tables.c
+       pcre32_ucd.c
+       pcre32_utf32_utils.c
+       pcre32_valid_utf32.c
+       pcre32_version.c
+       pcre32_xclass.c
+
+ (9) If you want to build the POSIX wrapper functions (which apply only to the
+     8-bit library), ensure that you have the pcreposix.h file and then compile
+     pcreposix.c (remembering -DHAVE_CONFIG_H if necessary). Link the result
+     (on its own) as the pcreposix library.
+
+(10) The pcretest program can be linked with any combination of the 8-bit,
+     16-bit and 32-bit libraries (depending on what you selected in config.h).
+     Compile pcretest.c and pcre_printint.c (again, don't forget
+     -DHAVE_CONFIG_H) and link them together with the appropriate library/ies.
+     If you compiled an 8-bit library, pcretest also needs the pcreposix
+     wrapper library unless you compiled it with -DNOPOSIX.
+
+(11) Run pcretest on the testinput files in the testdata directory, and check
+     that the output matches the corresponding testoutput files. There are
+     comments about what each test does in the section entitled "Testing PCRE"
+     in the README file. If you compiled more than one of the 8-bit, 16-bit and
+     32-bit libraries, you need to run pcretest with the -16 option to do
+     16-bit tests and with the -32 option to do 32-bit tests.
+
+     Some tests are relevant only when certain build-time options are selected.
+     For example, test 4 is for UTF-8/UTF-16/UTF-32 support, and will not run
+     if you have built PCRE without it. See the comments at the start of each
+     testinput file. If you have a suitable Unix-like shell, the RunTest script
+     will run the appropriate tests for you. The command "RunTest list" will
+     output a list of all the tests.
+
+     Note that the supplied files are in Unix format, with just LF characters
+     as line terminators. You may need to edit them to change this if your
+     system uses a different convention. If you are using Windows, you probably
+     should use the wintestinput3 file instead of testinput3 (and the
+     corresponding output file). This is a locale test; wintestinput3 sets the
+     locale to "french" rather than "fr_FR", and there some minor output
+     differences.
+
+(12) If you have built PCRE with SUPPORT_JIT, the JIT features will be tested
+     by the testdata files. However, you might also like to build and run
+     the freestanding JIT test program, pcre_jit_test.c.
+
+(13) If you want to use the pcregrep command, compile and link pcregrep.c; it
+     uses only the basic 8-bit PCRE library (it does not need the pcreposix
+     library).
+
+
+THE C++ WRAPPER FUNCTIONS
+
+The PCRE distribution also contains some C++ wrapper functions and tests,
+applicable to the 8-bit library, which were contributed by Google Inc. On a
+system that can use "configure" and "make", the functions are automatically
+built into a library called pcrecpp. It should be straightforward to compile
+the .cc files manually on other systems. The files called xxx_unittest.cc are
+test programs for each of the corresponding xxx.cc files.
+
+
+BUILDING FOR VIRTUAL PASCAL
+
+A script for building PCRE using Borland's C++ compiler for use with VPASCAL
+was contributed by Alexander Tokarev. Stefan Weber updated the script and added
+additional files. The following files in the distribution are for building PCRE
+for use with VP/Borland: makevp_c.txt, makevp_l.txt, makevp.bat, pcregexp.pas.
+
+
+STACK SIZE IN WINDOWS ENVIRONMENTS
+
+The default processor stack size of 1Mb in some Windows environments is too
+small for matching patterns that need much recursion. In particular, test 2 may
+fail because of this. Normally, running out of stack causes a crash, but there
+have been cases where the test program has just died silently. See your linker
+documentation for how to increase stack size if you experience problems. The
+Linux default of 8Mb is a reasonable choice for the stack, though even that can
+be too small for some pattern/subject combinations.
+
+PCRE has a compile configuration option to disable the use of stack for
+recursion so that heap is used instead. However, pattern matching is
+significantly slower when this is done. There is more about stack usage in the
+"pcrestack" documentation.
+
+
+LINKING PROGRAMS IN WINDOWS ENVIRONMENTS
+
+If you want to statically link a program against a PCRE library in the form of
+a non-dll .a file, you must define PCRE_STATIC before including pcre.h or
+pcrecpp.h, otherwise the pcre_malloc() and pcre_free() exported functions will
+be declared __declspec(dllimport), with unwanted results.
+
+
+CALLING CONVENTIONS IN WINDOWS ENVIRONMENTS
+
+It is possible to compile programs to use different calling conventions using
+MSVC. Search the web for "calling conventions" for more information. To make it
+easier to change the calling convention for the exported functions in the
+PCRE library, the macro PCRE_CALL_CONVENTION is present in all the external
+definitions. It can be set externally when compiling (e.g. in CFLAGS). If it is
+not set, it defaults to empty; the default calling convention is then used
+(which is what is wanted most of the time).
+
+
+COMMENTS ABOUT WIN32 BUILDS (see also "BUILDING PCRE ON WINDOWS WITH CMAKE")
+
+There are two ways of building PCRE using the "configure, make, make install"
+paradigm on Windows systems: using MinGW or using Cygwin. These are not at all
+the same thing; they are completely different from each other. There is also
+support for building using CMake, which some users find a more straightforward
+way of building PCRE under Windows.
+
+The MinGW home page (http://www.mingw.org/) says this:
+
+  MinGW: A collection of freely available and freely distributable Windows
+  specific header files and import libraries combined with GNU toolsets that
+  allow one to produce native Windows programs that do not rely on any
+  3rd-party C runtime DLLs.
+
+The Cygwin home page (http://www.cygwin.com/) says this:
+
+  Cygwin is a Linux-like environment for Windows. It consists of two parts:
+
+  . A DLL (cygwin1.dll) which acts as a Linux API emulation layer providing
+    substantial Linux API functionality
+
+  . A collection of tools which provide Linux look and feel.
+
+  The Cygwin DLL currently works with all recent, commercially released x86 32
+  bit and 64 bit versions of Windows, with the exception of Windows CE.
+
+On both MinGW and Cygwin, PCRE should build correctly using:
+
+  ./configure && make && make install
+
+This should create two libraries called libpcre and libpcreposix, and, if you
+have enabled building the C++ wrapper, a third one called libpcrecpp. These are
+independent libraries: when you link with libpcreposix or libpcrecpp you must
+also link with libpcre, which contains the basic functions. (Some earlier
+releases of PCRE included the basic libpcre functions in libpcreposix. This no
+longer happens.)
+
+A user submitted a special-purpose patch that makes it easy to create
+"pcre.dll" under mingw32 using the "msys" environment. It provides "pcre.dll"
+as a special target. If you use this target, no other files are built, and in
+particular, the pcretest and pcregrep programs are not built. An example of how
+this might be used is:
+
+  ./configure --enable-utf --disable-cpp CFLAGS="-03 -s"; make pcre.dll
+
+Using Cygwin's compiler generates libraries and executables that depend on
+cygwin1.dll. If a library that is generated this way is distributed,
+cygwin1.dll has to be distributed as well. Since cygwin1.dll is under the GPL
+licence, this forces not only PCRE to be under the GPL, but also the entire
+application. A distributor who wants to keep their own code proprietary must
+purchase an appropriate Cygwin licence.
+
+MinGW has no such restrictions. The MinGW compiler generates a library or
+executable that can run standalone on Windows without any third party dll or
+licensing issues.
+
+But there is more complication:
+
+If a Cygwin user uses the -mno-cygwin Cygwin gcc flag, what that really does is
+to tell Cygwin's gcc to use the MinGW gcc. Cygwin's gcc is only acting as a
+front end to MinGW's gcc (if you install Cygwin's gcc, you get both Cygwin's
+gcc and MinGW's gcc). So, a user can:
+
+. Build native binaries by using MinGW or by getting Cygwin and using
+  -mno-cygwin.
+
+. Build binaries that depend on cygwin1.dll by using Cygwin with the normal
+  compiler flags.
+
+The test files that are supplied with PCRE are in UNIX format, with LF
+characters as line terminators. Unless your PCRE library uses a default newline
+option that includes LF as a valid newline, it may be necessary to change the
+line terminators in the test files to get some of the tests to work.
+
+
+BUILDING PCRE ON WINDOWS WITH CMAKE
+
+CMake is an alternative configuration facility that can be used instead of
+"configure". CMake creates project files (make files, solution files, etc.)
+tailored to numerous development environments, including Visual Studio,
+Borland, Msys, MinGW, NMake, and Unix. If possible, use short paths with no
+spaces in the names for your CMake installation and your PCRE source and build
+directories.
+
+The following instructions were contributed by a PCRE user. If they are not
+followed exactly, errors may occur. In the event that errors do occur, it is
+recommended that you delete the CMake cache before attempting to repeat the
+CMake build process. In the CMake GUI, the cache can be deleted by selecting
+"File > Delete Cache".
+
+1.  Install the latest CMake version available from http://www.cmake.org/, and
+    ensure that cmake\bin is on your path.
+
+2.  Unzip (retaining folder structure) the PCRE source tree into a source
+    directory such as C:\pcre. You should ensure your local date and time
+    is not earlier than the file dates in your source dir if the release is
+    very new.
+
+3.  Create a new, empty build directory, preferably a subdirectory of the
+    source dir. For example, C:\pcre\pcre-xx\build.
+
+4.  Run cmake-gui from the Shell envirornment of your build tool, for example,
+    Msys for Msys/MinGW or Visual Studio Command Prompt for VC/VC++. Do not try
+    to start Cmake from the Windows Start menu, as this can lead to errors.
+
+5.  Enter C:\pcre\pcre-xx and C:\pcre\pcre-xx\build for the source and build
+    directories, respectively.
+
+6.  Hit the "Configure" button.
+
+7.  Select the particular IDE / build tool that you are using (Visual
+    Studio, MSYS makefiles, MinGW makefiles, etc.)
+
+8.  The GUI will then list several configuration options. This is where
+    you can enable UTF-8 support or other PCRE optional features.
+
+9.  Hit "Configure" again. The adjacent "Generate" button should now be
+    active.
+
+10. Hit "Generate".
+
+11. The build directory should now contain a usable build system, be it a
+    solution file for Visual Studio, makefiles for MinGW, etc. Exit from
+    cmake-gui and use the generated build system with your compiler or IDE.
+    E.g., for MinGW you can run "make", or for Visual Studio, open the PCRE
+    solution, select the desired configuration (Debug, or Release, etc.) and
+    build the ALL_BUILD project.
+
+12. If during configuration with cmake-gui you've elected to build the test
+    programs, you can execute them by building the test project. E.g., for
+    MinGW: "make test"; for Visual Studio build the RUN_TESTS project. The
+    most recent build configuration is targeted by the tests. A summary of
+    test results is presented. Complete test output is subsequently
+    available for review in Testing\Temporary under your build dir.
+
+
+USE OF RELATIVE PATHS WITH CMAKE ON WINDOWS
+
+A PCRE user comments as follows: I thought that others may want to know the
+current state of CMAKE_USE_RELATIVE_PATHS support on Windows. Here it is:
+
+-- AdditionalIncludeDirectories is only partially modified (only the
+   first path - see below)
+-- Only some of the contained file paths are modified - shown below for
+   pcre.vcproj
+-- It properly modifies
+
+I am sure CMake people can fix that if they want to. Until then one will
+need to replace existing absolute paths in project files with relative
+paths manually (e.g. from VS) - relative to project file location. I did
+just that before being told to try CMAKE_USE_RELATIVE_PATHS. Not a big
+deal.
+
+AdditionalIncludeDirectories="E:\builds\pcre\build;E:\builds\pcre\pcre-7.5;"
+AdditionalIncludeDirectories=".;E:\builds\pcre\pcre-7.5;"
+
+RelativePath="pcre.h"
+RelativePath="pcre_chartables.c"
+RelativePath="pcre_chartables.c.rule"
+
+
+TESTING WITH RUNTEST.BAT
+
+If configured with CMake, building the test project ("make test" or building
+ALL_TESTS in Visual Studio) creates (and runs) pcre_test.bat (and depending
+on your configuration options, possibly other test programs) in the build
+directory. Pcre_test.bat runs RunTest.Bat with correct source and exe paths.
+
+For manual testing with RunTest.bat, provided the build dir is a subdirectory
+of the source directory: Open command shell window. Chdir to the location
+of your pcretest.exe and pcregrep.exe programs. Call RunTest.bat with
+"..\RunTest.Bat" or "..\..\RunTest.bat" as appropriate.
+
+To run only a particular test with RunTest.Bat provide a test number argument.
+
+Otherwise:
+
+1. Copy RunTest.bat into the directory where pcretest.exe and pcregrep.exe
+   have been created.
+
+2. Edit RunTest.bat to indentify the full or relative location of
+   the pcre source (wherein which the testdata folder resides), e.g.:
+
+   set srcdir=C:\pcre\pcre-8.20
+
+3. In a Windows command environment, chdir to the location of your bat and
+   exe programs.
+
+4. Run RunTest.bat. Test outputs will automatically be compared to expected
+   results, and discrepancies will be identified in the console output.
+
+To independently test the just-in-time compiler, run pcre_jit_test.exe.
+To test pcrecpp, run pcrecpp_unittest.exe, pcre_stringpiece_unittest.exe and
+pcre_scanner_unittest.exe.
+
+
+BUILDING UNDER WINDOWS CE WITH VISUAL STUDIO 200x
+
+Vincent Richomme sent a zip archive of files to help with this process. They
+can be found in the file "pcre-vsbuild.zip" in the Contrib directory of the FTP
+site.
+
+
+BUILDING UNDER WINDOWS WITH BCC5.5
+
+Michael Roy sent these comments about building PCRE under Windows with BCC5.5:
+
+Some of the core BCC libraries have a version of PCRE from 1998 built in, which
+can lead to pcre_exec() giving an erroneous PCRE_ERROR_NULL from a version
+mismatch. I'm including an easy workaround below, if you'd like to include it
+in the non-unix instructions:
+
+When linking a project with BCC5.5, pcre.lib must be included before any of the
+libraries cw32.lib, cw32i.lib, cw32mt.lib, and cw32mti.lib on the command line.
+
+
+BUILDING USING BORLAND C++ BUILDER 2007 (CB2007) AND HIGHER
+
+A PCRE user sent these comments about this environment (see also the comment
+from another user that follows them):
+
+The XE versions of C++ Builder come with a RegularExpressionsCore class which
+contain a version of TPerlRegEx. However, direct use of the C PCRE library may
+be desirable.
+
+The default makevp.bat, however, supplied with PCRE builds a version of PCRE
+that is not usable with any version of C++ Builder because the compiler ships
+with an embedded version of PCRE, version 2.01 from 1998! [See also the note
+about BCC5.5 above.] If you want to use PCRE you'll need to rename the
+functions (pcre_compile to pcre_compile_bcc, etc) or do as I have done and just
+use the 16 bit versions. I'm using std::wstring everywhere anyway. Since the
+embedded version of PCRE does not have the 16 bit function names, there is no
+conflict.
+
+Building PCRE using a C++ Builder static library project file (recommended):
+
+1. Rename or remove pcre.h, pcreposi.h, and pcreposix.h from your C++ Builder
+original include path.
+
+2. Download PCRE from pcre.org and extract to a directory.
+
+3. Rename pcre_chartables.c.dist to pcre_chartables.c, pcre.h.generic to
+pcre.h, and config.h.generic to config.h.
+
+4. Edit pcre.h and pcre_config.c so that they include config.h.
+
+5. Edit config.h like so:
+
+Comment out the following lines:
+#define PACKAGE "pcre"
+#define PACKAGE_BUGREPORT ""
+#define PACKAGE_NAME "PCRE"
+#define PACKAGE_STRING "PCRE 8.32"
+#define PACKAGE_TARNAME "pcre"
+#define PACKAGE_URL ""
+#define PACKAGE_VERSION "8.32"
+
+Add the following lines:
+#ifndef SUPPORT_UTF
+#define SUPPORT_UTF 100 // any value is fine
+#endif
+
+#ifndef SUPPORT_UCP
+#define SUPPORT_UCP 101 // any value is fine
+#endif
+
+#ifndef SUPPORT_UCP
+#define SUPPORT_PCRE16 102 // any value is fine
+#endif
+
+#ifndef SUPPORT_UTF8
+#define SUPPORT_UTF8 103 // any value is fine
+#endif
+
+6. Build a C++ Builder project using the IDE. Go to File / New / Other and
+choose Static Library. You can name it pcre.cbproj or whatever. Now set your
+paths by going to Project / Options. Set the Include path. Do this from the
+"Base" option to apply to both Release and Debug builds. Now add the following
+files to the project:
+
+pcre.h
+pcre16_byte_order.c
+pcre16_chartables.c
+pcre16_compile.c
+pcre16_config.c
+pcre16_dfa_exec.c
+pcre16_exec.c
+pcre16_fullinfo.c
+pcre16_get.c
+pcre16_globals.c
+pcre16_maketables.c
+pcre16_newline.c
+pcre16_ord2utf16.c
+pcre16_printint.c
+pcre16_refcount.c
+pcre16_string_utils.c
+pcre16_study.c
+pcre16_tables.c
+pcre16_ucd.c
+pcre16_utf16_utils.c
+pcre16_valid_utf16.c
+pcre16_version.c
+pcre16_xclass.c
+
+//Optional
+pcre_version.c
+
+7. After compiling the .lib file, copy the .lib and header files to a project
+you want to use PCRE with. Enjoy.
+
+Optional ... Building PCRE using the makevp.bat file:
+
+1. Edit makevp_c.txt and makevp_l.txt and change all the names to the 16 bit
+versions.
+
+2. Edit makevp.bat and set the path to C++ Builder. Run makevp.bat.
+
+Another PCRE user added this comment:
+
+Another approach I successfully used for some years with BCB 5 and 6 was to
+make sure that include and library paths of PCRE are configured before the
+default paths of the IDE in the dialogs where one can manage those paths.
+Afterwards one can open the project files using a text editor and manually add
+the self created library for pcre itself, pcrecpp doesn't ship with the IDE, in
+the library nodes where the IDE manages its own libraries to link against in
+front of the IDE-own libraries. This way one can use the default PCRE function
+names without getting access violations on runtime.
+
+  <ALLLIB value="libpcre.lib $(LIBFILES) $(LIBRARIES) import32.lib cp32mt.lib"/>
+
+
+BUILDING PCRE ON OPENVMS
+
+Stephen Hoffman sent the following, in December 2012:
+
+"Here <http://labs.hoffmanlabs.com/node/1847> is a very short write-up on the
+OpenVMS port and here
+
+<http://labs.hoffmanlabs.com/labsnotes/pcre-vms-8_32.zip>
+
+is a zip with the OpenVMS files, and with one modified testing-related PCRE
+file." This is a port of PCRE 8.32.
+
+Earlier, Dan Mooney sent the following comments about building PCRE on OpenVMS.
+They relate to an older version of PCRE that used fewer source files, so the
+exact commands will need changing. See the current list of source files above.
+
+"It was quite easy to compile and link the library. I don't have a formal
+make file but the attached file [reproduced below] contains the OpenVMS DCL
+commands I used to build the library. I had to add #define
+POSIX_MALLOC_THRESHOLD 10 to pcre.h since it was not defined anywhere.
+
+The library was built on:
+O/S: HP OpenVMS v7.3-1
+Compiler: Compaq C v6.5-001-48BCD
+Linker: vA13-01
+
+The test results did not match 100% due to the issues you mention in your
+documentation regarding isprint(), iscntrl(), isgraph() and ispunct(). I
+modified some of the character tables temporarily and was able to get the
+results to match. Tests using the fr locale did not match since I don't have
+that locale loaded. The study size was always reported to be 3 less than the
+value in the standard test output files."
+
+=========================
+$! This DCL procedure builds PCRE on OpenVMS
+$!
+$! I followed the instructions in the non-unix-use file in the distribution.
+$!
+$ COMPILE == "CC/LIST/NOMEMBER_ALIGNMENT/PREFIX_LIBRARY_ENTRIES=ALL_ENTRIES
+$ COMPILE DFTABLES.C
+$ LINK/EXE=DFTABLES.EXE DFTABLES.OBJ
+$ RUN DFTABLES.EXE/OUTPUT=CHARTABLES.C
+$ COMPILE MAKETABLES.C
+$ COMPILE GET.C
+$ COMPILE STUDY.C
+$! I had to set POSIX_MALLOC_THRESHOLD to 10 in PCRE.H since the symbol
+$! did not seem to be defined anywhere.
+$! I edited pcre.h and added #DEFINE SUPPORT_UTF8 to enable UTF8 support.
+$ COMPILE PCRE.C
+$ LIB/CREATE PCRE MAKETABLES.OBJ, GET.OBJ, STUDY.OBJ, PCRE.OBJ
+$! I had to set POSIX_MALLOC_THRESHOLD to 10 in PCRE.H since the symbol
+$! did not seem to be defined anywhere.
+$ COMPILE PCREPOSIX.C
+$ LIB/CREATE PCREPOSIX PCREPOSIX.OBJ
+$ COMPILE PCRETEST.C
+$ LINK/EXE=PCRETEST.EXE PCRETEST.OBJ, PCRE/LIB, PCREPOSIX/LIB
+$! C programs that want access to command line arguments must be
+$! defined as a symbol
+$ PCRETEST :== "$ SYS$ROADSUSERS:[DMOONEY.REGEXP]PCRETEST.EXE"
+$! Arguments must be enclosed in quotes.
+$ PCRETEST "-C"
+$! Test results:
+$!
+$!   The test results did not match 100%. The functions isprint(), iscntrl(),
+$!   isgraph() and ispunct() on OpenVMS must not produce the same results
+$!   as the system that built the test output files provided with the
+$!   distribution.
+$!
+$!   The study size did not match and was always 3 less on OpenVMS.
+$!
+$!   Locale could not be set to fr
+$!
+=========================
+
+
+BUILDING PCRE ON STRATUS OPENVOS
+
+These notes on the port of PCRE to VOS (lightly edited) were supplied by
+Ashutosh Warikoo, whose email address has the local part awarikoo and the
+domain nse.co.in. The port was for version 7.9 in August 2009.
+
+1.   Building PCRE
+
+I built pcre on OpenVOS Release 17.0.1at using GNU Tools 3.4a without any
+problems. I used the following packages to build PCRE:
+
+  ftp://ftp.stratus.com/pub/vos/posix/ga/posix.save.evf.gz
+
+Please read and follow the instructions that come with these packages. To start
+the build of pcre, from the root of the package type:
+
+  ./build.sh
+
+2. Installing PCRE
+
+Once you have successfully built PCRE, login to the SysAdmin group, switch to
+the root user, and type
+
+  [ !create_dir (master_disk)>usr   --if needed ]
+  [ !create_dir (master_disk)>usr>local   --if needed ]
+    !gmake install
+
+This installs PCRE and its man pages into /usr/local. You can add
+(master_disk)>usr>local>bin to your command search paths, or if you are in
+BASH, add /usr/local/bin to the PATH environment variable.
+
+4. Restrictions
+
+This port requires readline library optionally. However during the build I
+faced some yet unexplored errors while linking with readline. As it was an
+optional component I chose to disable it.
+
+5. Known Problems
+
+I ran the test suite, but you will have to be your own judge of whether this
+command, and this port, suits your purposes. If you find any problems that
+appear to be related to the port itself, please let me know. Please see the
+build.log file in the root of the package also.
+
+
+BUILDING PCRE ON NATIVE Z/OS AND Z/VM
+
+z/OS and z/VM are operating systems for mainframe computers, produced by IBM.
+The character code used is EBCDIC, not ASCII or Unicode. In z/OS, UNIX APIs and
+applications can be supported through UNIX System Services, and in such an
+environment PCRE can be built in the same way as in other systems. However, in
+native z/OS (without UNIX System Services) and in z/VM, special ports are
+required. For details, please see this web site:
+
+  http://www.zaconsultants.net
+
+You may download PCRE from WWW.CBTTAPE.ORG, file 882.  Everything, source and
+executable, is in EBCDIC and native z/OS file formats and this is the
+recommended download site.
+
+==========================
+Last Updated: 25 June 2015
diff --git a/client/3rd/ShadowSocks/ShadowSocks/pcre/arm64/share/doc/pcre/html/README.txt b/client/3rd/ShadowSocks/ShadowSocks/pcre/arm64/share/doc/pcre/html/README.txt
new file mode 100644
index 00000000..4887ebf3
--- /dev/null
+++ b/client/3rd/ShadowSocks/ShadowSocks/pcre/arm64/share/doc/pcre/html/README.txt
@@ -0,0 +1,1002 @@
+README file for PCRE (Perl-compatible regular expression library)
+-----------------------------------------------------------------
+
+NOTE: This set of files relates to PCRE releases that use the original API,
+with library names libpcre, libpcre16, and libpcre32. January 2015 saw the
+first release of a new API, known as PCRE2, with release numbers starting at
+10.00 and library names libpcre2-8, libpcre2-16, and libpcre2-32. The old
+libraries (now called PCRE1) are still being maintained for bug fixes, but
+there will be no new development. New projects are advised to use the new PCRE2
+libraries.
+
+
+The latest release of PCRE1 is always available in three alternative formats
+from:
+
+  ftp://ftp.csx.cam.ac.uk/pub/software/programming/pcre/pcre-xxx.tar.gz
+  ftp://ftp.csx.cam.ac.uk/pub/software/programming/pcre/pcre-xxx.tar.bz2
+  ftp://ftp.csx.cam.ac.uk/pub/software/programming/pcre/pcre-xxx.zip
+
+There is a mailing list for discussion about the development of PCRE at
+pcre-dev@exim.org. You can access the archives and subscribe or manage your
+subscription here:
+
+   https://lists.exim.org/mailman/listinfo/pcre-dev
+
+Please read the NEWS file if you are upgrading from a previous release.
+The contents of this README file are:
+
+  The PCRE APIs
+  Documentation for PCRE
+  Contributions by users of PCRE
+  Building PCRE on non-Unix-like systems
+  Building PCRE without using autotools
+  Building PCRE using autotools
+  Retrieving configuration information
+  Shared libraries
+  Cross-compiling using autotools
+  Using HP's ANSI C++ compiler (aCC)
+  Compiling in Tru64 using native compilers
+  Using Sun's compilers for Solaris
+  Using PCRE from MySQL
+  Making new tarballs
+  Testing PCRE
+  Character tables
+  File manifest
+
+
+The PCRE APIs
+-------------
+
+PCRE is written in C, and it has its own API. There are three sets of
+functions, one for the 8-bit library, which processes strings of bytes, one for
+the 16-bit library, which processes strings of 16-bit values, and one for the
+32-bit library, which processes strings of 32-bit values. The distribution also
+includes a set of C++ wrapper functions (see the pcrecpp man page for details),
+courtesy of Google Inc., which can be used to call the 8-bit PCRE library from
+C++. Other C++ wrappers have been created from time to time. See, for example:
+https://github.com/YasserAsmi/regexp, which aims to be simple and similar in
+style to the C API.
+
+The distribution also contains a set of C wrapper functions (again, just for
+the 8-bit library) that are based on the POSIX regular expression API (see the
+pcreposix man page). These end up in the library called libpcreposix. Note that
+this just provides a POSIX calling interface to PCRE; the regular expressions
+themselves still follow Perl syntax and semantics. The POSIX API is restricted,
+and does not give full access to all of PCRE's facilities.
+
+The header file for the POSIX-style functions is called pcreposix.h. The
+official POSIX name is regex.h, but I did not want to risk possible problems
+with existing files of that name by distributing it that way. To use PCRE with
+an existing program that uses the POSIX API, pcreposix.h will have to be
+renamed or pointed at by a link.
+
+If you are using the POSIX interface to PCRE and there is already a POSIX regex
+library installed on your system, as well as worrying about the regex.h header
+file (as mentioned above), you must also take care when linking programs to
+ensure that they link with PCRE's libpcreposix library. Otherwise they may pick
+up the POSIX functions of the same name from the other library.
+
+One way of avoiding this confusion is to compile PCRE with the addition of
+-Dregcomp=PCREregcomp (and similarly for the other POSIX functions) to the
+compiler flags (CFLAGS if you are using "configure" -- see below). This has the
+effect of renaming the functions so that the names no longer clash. Of course,
+you have to do the same thing for your applications, or write them using the
+new names.
+
+
+Documentation for PCRE
+----------------------
+
+If you install PCRE in the normal way on a Unix-like system, you will end up
+with a set of man pages whose names all start with "pcre". The one that is just
+called "pcre" lists all the others. In addition to these man pages, the PCRE
+documentation is supplied in two other forms:
+
+  1. There are files called doc/pcre.txt, doc/pcregrep.txt, and
+     doc/pcretest.txt in the source distribution. The first of these is a
+     concatenation of the text forms of all the section 3 man pages except
+     the listing of pcredemo.c and those that summarize individual functions.
+     The other two are the text forms of the section 1 man pages for the
+     pcregrep and pcretest commands. These text forms are provided for ease of
+     scanning with text editors or similar tools. They are installed in
+     <prefix>/share/doc/pcre, where <prefix> is the installation prefix
+     (defaulting to /usr/local).
+
+  2. A set of files containing all the documentation in HTML form, hyperlinked
+     in various ways, and rooted in a file called index.html, is distributed in
+     doc/html and installed in <prefix>/share/doc/pcre/html.
+
+Users of PCRE have contributed files containing the documentation for various
+releases in CHM format. These can be found in the Contrib directory of the FTP
+site (see next section).
+
+
+Contributions by users of PCRE
+------------------------------
+
+You can find contributions from PCRE users in the directory
+
+  ftp://ftp.csx.cam.ac.uk/pub/software/programming/pcre/Contrib
+
+There is a README file giving brief descriptions of what they are. Some are
+complete in themselves; others are pointers to URLs containing relevant files.
+Some of this material is likely to be well out-of-date. Several of the earlier
+contributions provided support for compiling PCRE on various flavours of
+Windows (I myself do not use Windows). Nowadays there is more Windows support
+in the standard distribution, so these contibutions have been archived.
+
+A PCRE user maintains downloadable Windows binaries of the pcregrep and
+pcretest programs here:
+
+  http://www.rexegg.com/pcregrep-pcretest.html
+
+
+Building PCRE on non-Unix-like systems
+--------------------------------------
+
+For a non-Unix-like system, please read the comments in the file
+NON-AUTOTOOLS-BUILD, though if your system supports the use of "configure" and
+"make" you may be able to build PCRE using autotools in the same way as for
+many Unix-like systems.
+
+PCRE can also be configured using the GUI facility provided by CMake's
+cmake-gui command. This creates Makefiles, solution files, etc. The file
+NON-AUTOTOOLS-BUILD has information about CMake.
+
+PCRE has been compiled on many different operating systems. It should be
+straightforward to build PCRE on any system that has a Standard C compiler and
+library, because it uses only Standard C functions.
+
+
+Building PCRE without using autotools
+-------------------------------------
+
+The use of autotools (in particular, libtool) is problematic in some
+environments, even some that are Unix or Unix-like. See the NON-AUTOTOOLS-BUILD
+file for ways of building PCRE without using autotools.
+
+
+Building PCRE using autotools
+-----------------------------
+
+If you are using HP's ANSI C++ compiler (aCC), please see the special note
+in the section entitled "Using HP's ANSI C++ compiler (aCC)" below.
+
+The following instructions assume the use of the widely used "configure; make;
+make install" (autotools) process.
+
+To build PCRE on system that supports autotools, first run the "configure"
+command from the PCRE distribution directory, with your current directory set
+to the directory where you want the files to be created. This command is a
+standard GNU "autoconf" configuration script, for which generic instructions
+are supplied in the file INSTALL.
+
+Most commonly, people build PCRE within its own distribution directory, and in
+this case, on many systems, just running "./configure" is sufficient. However,
+the usual methods of changing standard defaults are available. For example:
+
+CFLAGS='-O2 -Wall' ./configure --prefix=/opt/local
+
+This command specifies that the C compiler should be run with the flags '-O2
+-Wall' instead of the default, and that "make install" should install PCRE
+under /opt/local instead of the default /usr/local.
+
+If you want to build in a different directory, just run "configure" with that
+directory as current. For example, suppose you have unpacked the PCRE source
+into /source/pcre/pcre-xxx, but you want to build it in /build/pcre/pcre-xxx:
+
+cd /build/pcre/pcre-xxx
+/source/pcre/pcre-xxx/configure
+
+PCRE is written in C and is normally compiled as a C library. However, it is
+possible to build it as a C++ library, though the provided building apparatus
+does not have any features to support this.
+
+There are some optional features that can be included or omitted from the PCRE
+library. They are also documented in the pcrebuild man page.
+
+. By default, both shared and static libraries are built. You can change this
+  by adding one of these options to the "configure" command:
+
+  --disable-shared
+  --disable-static
+
+  (See also "Shared libraries on Unix-like systems" below.)
+
+. By default, only the 8-bit library is built. If you add --enable-pcre16 to
+  the "configure" command, the 16-bit library is also built. If you add
+  --enable-pcre32 to the "configure" command, the 32-bit library is also built.
+  If you want only the 16-bit or 32-bit library, use --disable-pcre8 to disable
+  building the 8-bit library.
+
+. If you are building the 8-bit library and want to suppress the building of
+  the C++ wrapper library, you can add --disable-cpp to the "configure"
+  command. Otherwise, when "configure" is run without --disable-pcre8, it will
+  try to find a C++ compiler and C++ header files, and if it succeeds, it will
+  try to build the C++ wrapper.
+
+. If you want to include support for just-in-time compiling, which can give
+  large performance improvements on certain platforms, add --enable-jit to the
+  "configure" command. This support is available only for certain hardware
+  architectures. If you try to enable it on an unsupported architecture, there
+  will be a compile time error.
+
+. When JIT support is enabled, pcregrep automatically makes use of it, unless
+  you add --disable-pcregrep-jit to the "configure" command.
+
+. If you want to make use of the support for UTF-8 Unicode character strings in
+  the 8-bit library, or UTF-16 Unicode character strings in the 16-bit library,
+  or UTF-32 Unicode character strings in the 32-bit library, you must add
+  --enable-utf to the "configure" command. Without it, the code for handling
+  UTF-8, UTF-16 and UTF-8 is not included in the relevant library. Even
+  when --enable-utf is included, the use of a UTF encoding still has to be
+  enabled by an option at run time. When PCRE is compiled with this option, its
+  input can only either be ASCII or UTF-8/16/32, even when running on EBCDIC
+  platforms. It is not possible to use both --enable-utf and --enable-ebcdic at
+  the same time.
+
+. There are no separate options for enabling UTF-8, UTF-16 and UTF-32
+  independently because that would allow ridiculous settings such as requesting
+  UTF-16 support while building only the 8-bit library. However, the option
+  --enable-utf8 is retained for backwards compatibility with earlier releases
+  that did not support 16-bit or 32-bit character strings. It is synonymous with
+  --enable-utf. It is not possible to configure one library with UTF support
+  and the other without in the same configuration.
+
+. If, in addition to support for UTF-8/16/32 character strings, you want to
+  include support for the \P, \p, and \X sequences that recognize Unicode
+  character properties, you must add --enable-unicode-properties to the
+  "configure" command. This adds about 30K to the size of the library (in the
+  form of a property table); only the basic two-letter properties such as Lu
+  are supported.
+
+. You can build PCRE to recognize either CR or LF or the sequence CRLF or any
+  of the preceding, or any of the Unicode newline sequences as indicating the
+  end of a line. Whatever you specify at build time is the default; the caller
+  of PCRE can change the selection at run time. The default newline indicator
+  is a single LF character (the Unix standard). You can specify the default
+  newline indicator by adding --enable-newline-is-cr or --enable-newline-is-lf
+  or --enable-newline-is-crlf or --enable-newline-is-anycrlf or
+  --enable-newline-is-any to the "configure" command, respectively.
+
+  If you specify --enable-newline-is-cr or --enable-newline-is-crlf, some of
+  the standard tests will fail, because the lines in the test files end with
+  LF. Even if the files are edited to change the line endings, there are likely
+  to be some failures. With --enable-newline-is-anycrlf or
+  --enable-newline-is-any, many tests should succeed, but there may be some
+  failures.
+
+. By default, the sequence \R in a pattern matches any Unicode line ending
+  sequence. This is independent of the option specifying what PCRE considers to
+  be the end of a line (see above). However, the caller of PCRE can restrict \R
+  to match only CR, LF, or CRLF. You can make this the default by adding
+  --enable-bsr-anycrlf to the "configure" command (bsr = "backslash R").
+
+. When called via the POSIX interface, PCRE uses malloc() to get additional
+  storage for processing capturing parentheses if there are more than 10 of
+  them in a pattern. You can increase this threshold by setting, for example,
+
+  --with-posix-malloc-threshold=20
+
+  on the "configure" command.
+
+. PCRE has a counter that limits the depth of nesting of parentheses in a
+  pattern. This limits the amount of system stack that a pattern uses when it
+  is compiled. The default is 250, but you can change it by setting, for
+  example,
+
+  --with-parens-nest-limit=500
+
+. PCRE has a counter that can be set to limit the amount of resources it uses
+  when matching a pattern. If the limit is exceeded during a match, the match
+  fails. The default is ten million. You can change the default by setting, for
+  example,
+
+  --with-match-limit=500000
+
+  on the "configure" command. This is just the default; individual calls to
+  pcre_exec() can supply their own value. There is more discussion on the
+  pcreapi man page.
+
+. There is a separate counter that limits the depth of recursive function calls
+  during a matching process. This also has a default of ten million, which is
+  essentially "unlimited". You can change the default by setting, for example,
+
+  --with-match-limit-recursion=500000
+
+  Recursive function calls use up the runtime stack; running out of stack can
+  cause programs to crash in strange ways. There is a discussion about stack
+  sizes in the pcrestack man page.
+
+. The default maximum compiled pattern size is around 64K. You can increase
+  this by adding --with-link-size=3 to the "configure" command. In the 8-bit
+  library, PCRE then uses three bytes instead of two for offsets to different
+  parts of the compiled pattern. In the 16-bit library, --with-link-size=3 is
+  the same as --with-link-size=4, which (in both libraries) uses four-byte
+  offsets. Increasing the internal link size reduces performance. In the 32-bit
+  library, the only supported link size is 4.
+
+. You can build PCRE so that its internal match() function that is called from
+  pcre_exec() does not call itself recursively. Instead, it uses memory blocks
+  obtained from the heap via the special functions pcre_stack_malloc() and
+  pcre_stack_free() to save data that would otherwise be saved on the stack. To
+  build PCRE like this, use
+
+  --disable-stack-for-recursion
+
+  on the "configure" command. PCRE runs more slowly in this mode, but it may be
+  necessary in environments with limited stack sizes. This applies only to the
+  normal execution of the pcre_exec() function; if JIT support is being
+  successfully used, it is not relevant. Equally, it does not apply to
+  pcre_dfa_exec(), which does not use deeply nested recursion. There is a
+  discussion about stack sizes in the pcrestack man page.
+
+. For speed, PCRE uses four tables for manipulating and identifying characters
+  whose code point values are less than 256. By default, it uses a set of
+  tables for ASCII encoding that is part of the distribution. If you specify
+
+  --enable-rebuild-chartables
+
+  a program called dftables is compiled and run in the default C locale when
+  you obey "make". It builds a source file called pcre_chartables.c. If you do
+  not specify this option, pcre_chartables.c is created as a copy of
+  pcre_chartables.c.dist. See "Character tables" below for further information.
+
+. It is possible to compile PCRE for use on systems that use EBCDIC as their
+  character code (as opposed to ASCII/Unicode) by specifying
+
+  --enable-ebcdic
+
+  This automatically implies --enable-rebuild-chartables (see above). However,
+  when PCRE is built this way, it always operates in EBCDIC. It cannot support
+  both EBCDIC and UTF-8/16/32. There is a second option, --enable-ebcdic-nl25,
+  which specifies that the code value for the EBCDIC NL character is 0x25
+  instead of the default 0x15.
+
+. In environments where valgrind is installed, if you specify
+
+  --enable-valgrind
+
+  PCRE will use valgrind annotations to mark certain memory regions as
+  unaddressable. This allows it to detect invalid memory accesses, and is
+  mostly useful for debugging PCRE itself.
+
+. In environments where the gcc compiler is used and lcov version 1.6 or above
+  is installed, if you specify
+
+  --enable-coverage
+
+  the build process implements a code coverage report for the test suite. The
+  report is generated by running "make coverage". If ccache is installed on
+  your system, it must be disabled when building PCRE for coverage reporting.
+  You can do this by setting the environment variable CCACHE_DISABLE=1 before
+  running "make" to build PCRE. There is more information about coverage
+  reporting in the "pcrebuild" documentation.
+
+. The pcregrep program currently supports only 8-bit data files, and so
+  requires the 8-bit PCRE library. It is possible to compile pcregrep to use
+  libz and/or libbz2, in order to read .gz and .bz2 files (respectively), by
+  specifying one or both of
+
+  --enable-pcregrep-libz
+  --enable-pcregrep-libbz2
+
+  Of course, the relevant libraries must be installed on your system.
+
+. The default size (in bytes) of the internal buffer used by pcregrep can be
+  set by, for example:
+
+  --with-pcregrep-bufsize=51200
+
+  The value must be a plain integer. The default is 20480.
+
+. It is possible to compile pcretest so that it links with the libreadline
+  or libedit libraries, by specifying, respectively,
+
+  --enable-pcretest-libreadline or --enable-pcretest-libedit
+
+  If this is done, when pcretest's input is from a terminal, it reads it using
+  the readline() function. This provides line-editing and history facilities.
+  Note that libreadline is GPL-licenced, so if you distribute a binary of
+  pcretest linked in this way, there may be licensing issues. These can be
+  avoided by linking with libedit (which has a BSD licence) instead.
+
+  Enabling libreadline causes the -lreadline option to be added to the pcretest
+  build. In many operating environments with a sytem-installed readline
+  library this is sufficient. However, in some environments (e.g. if an
+  unmodified distribution version of readline is in use), it may be necessary
+  to specify something like LIBS="-lncurses" as well. This is because, to quote
+  the readline INSTALL, "Readline uses the termcap functions, but does not link
+  with the termcap or curses library itself, allowing applications which link
+  with readline the to choose an appropriate library." If you get error
+  messages about missing functions tgetstr, tgetent, tputs, tgetflag, or tgoto,
+  this is the problem, and linking with the ncurses library should fix it.
+
+The "configure" script builds the following files for the basic C library:
+
+. Makefile             the makefile that builds the library
+. config.h             build-time configuration options for the library
+. pcre.h               the public PCRE header file
+. pcre-config          script that shows the building settings such as CFLAGS
+                         that were set for "configure"
+. libpcre.pc         ) data for the pkg-config command
+. libpcre16.pc       )
+. libpcre32.pc       )
+. libpcreposix.pc    )
+. libtool              script that builds shared and/or static libraries
+
+Versions of config.h and pcre.h are distributed in the PCRE tarballs under the
+names config.h.generic and pcre.h.generic. These are provided for those who
+have to built PCRE without using "configure" or CMake. If you use "configure"
+or CMake, the .generic versions are not used.
+
+When building the 8-bit library, if a C++ compiler is found, the following
+files are also built:
+
+. libpcrecpp.pc        data for the pkg-config command
+. pcrecpparg.h         header file for calling PCRE via the C++ wrapper
+. pcre_stringpiece.h   header for the C++ "stringpiece" functions
+
+The "configure" script also creates config.status, which is an executable
+script that can be run to recreate the configuration, and config.log, which
+contains compiler output from tests that "configure" runs.
+
+Once "configure" has run, you can run "make". This builds the the libraries
+libpcre, libpcre16 and/or libpcre32, and a test program called pcretest. If you
+enabled JIT support with --enable-jit, a test program called pcre_jit_test is
+built as well.
+
+If the 8-bit library is built, libpcreposix and the pcregrep command are also
+built, and if a C++ compiler was found on your system, and you did not disable
+it with --disable-cpp, "make" builds the C++ wrapper library, which is called
+libpcrecpp, as well as some test programs called pcrecpp_unittest,
+pcre_scanner_unittest, and pcre_stringpiece_unittest.
+
+The command "make check" runs all the appropriate tests. Details of the PCRE
+tests are given below in a separate section of this document.
+
+You can use "make install" to install PCRE into live directories on your
+system. The following are installed (file names are all relative to the
+<prefix> that is set when "configure" is run):
+
+  Commands (bin):
+    pcretest
+    pcregrep (if 8-bit support is enabled)
+    pcre-config
+
+  Libraries (lib):
+    libpcre16     (if 16-bit support is enabled)
+    libpcre32     (if 32-bit support is enabled)
+    libpcre       (if 8-bit support is enabled)
+    libpcreposix  (if 8-bit support is enabled)
+    libpcrecpp    (if 8-bit and C++ support is enabled)
+
+  Configuration information (lib/pkgconfig):
+    libpcre16.pc
+    libpcre32.pc
+    libpcre.pc
+    libpcreposix.pc
+    libpcrecpp.pc (if C++ support is enabled)
+
+  Header files (include):
+    pcre.h
+    pcreposix.h
+    pcre_scanner.h      )
+    pcre_stringpiece.h  ) if C++ support is enabled
+    pcrecpp.h           )
+    pcrecpparg.h        )
+
+  Man pages (share/man/man{1,3}):
+    pcregrep.1
+    pcretest.1
+    pcre-config.1
+    pcre.3
+    pcre*.3 (lots more pages, all starting "pcre")
+
+  HTML documentation (share/doc/pcre/html):
+    index.html
+    *.html (lots more pages, hyperlinked from index.html)
+
+  Text file documentation (share/doc/pcre):
+    AUTHORS
+    COPYING
+    ChangeLog
+    LICENCE
+    NEWS
+    README
+    pcre.txt         (a concatenation of the man(3) pages)
+    pcretest.txt     the pcretest man page
+    pcregrep.txt     the pcregrep man page
+    pcre-config.txt  the pcre-config man page
+
+If you want to remove PCRE from your system, you can run "make uninstall".
+This removes all the files that "make install" installed. However, it does not
+remove any directories, because these are often shared with other programs.
+
+
+Retrieving configuration information
+------------------------------------
+
+Running "make install" installs the command pcre-config, which can be used to
+recall information about the PCRE configuration and installation. For example:
+
+  pcre-config --version
+
+prints the version number, and
+
+  pcre-config --libs
+
+outputs information about where the library is installed. This command can be
+included in makefiles for programs that use PCRE, saving the programmer from
+having to remember too many details.
+
+The pkg-config command is another system for saving and retrieving information
+about installed libraries. Instead of separate commands for each library, a
+single command is used. For example:
+
+  pkg-config --cflags pcre
+
+The data is held in *.pc files that are installed in a directory called
+<prefix>/lib/pkgconfig.
+
+
+Shared libraries
+----------------
+
+The default distribution builds PCRE as shared libraries and static libraries,
+as long as the operating system supports shared libraries. Shared library
+support relies on the "libtool" script which is built as part of the
+"configure" process.
+
+The libtool script is used to compile and link both shared and static
+libraries. They are placed in a subdirectory called .libs when they are newly
+built. The programs pcretest and pcregrep are built to use these uninstalled
+libraries (by means of wrapper scripts in the case of shared libraries). When
+you use "make install" to install shared libraries, pcregrep and pcretest are
+automatically re-built to use the newly installed shared libraries before being
+installed themselves. However, the versions left in the build directory still
+use the uninstalled libraries.
+
+To build PCRE using static libraries only you must use --disable-shared when
+configuring it. For example:
+
+./configure --prefix=/usr/gnu --disable-shared
+
+Then run "make" in the usual way. Similarly, you can use --disable-static to
+build only shared libraries.
+
+
+Cross-compiling using autotools
+-------------------------------
+
+You can specify CC and CFLAGS in the normal way to the "configure" command, in
+order to cross-compile PCRE for some other host. However, you should NOT
+specify --enable-rebuild-chartables, because if you do, the dftables.c source
+file is compiled and run on the local host, in order to generate the inbuilt
+character tables (the pcre_chartables.c file). This will probably not work,
+because dftables.c needs to be compiled with the local compiler, not the cross
+compiler.
+
+When --enable-rebuild-chartables is not specified, pcre_chartables.c is created
+by making a copy of pcre_chartables.c.dist, which is a default set of tables
+that assumes ASCII code. Cross-compiling with the default tables should not be
+a problem.
+
+If you need to modify the character tables when cross-compiling, you should
+move pcre_chartables.c.dist out of the way, then compile dftables.c by hand and
+run it on the local host to make a new version of pcre_chartables.c.dist.
+Then when you cross-compile PCRE this new version of the tables will be used.
+
+
+Using HP's ANSI C++ compiler (aCC)
+----------------------------------
+
+Unless C++ support is disabled by specifying the "--disable-cpp" option of the
+"configure" script, you must include the "-AA" option in the CXXFLAGS
+environment variable in order for the C++ components to compile correctly.
+
+Also, note that the aCC compiler on PA-RISC platforms may have a defect whereby
+needed libraries fail to get included when specifying the "-AA" compiler
+option. If you experience unresolved symbols when linking the C++ programs,
+use the workaround of specifying the following environment variable prior to
+running the "configure" script:
+
+  CXXLDFLAGS="-lstd_v2 -lCsup_v2"
+
+
+Compiling in Tru64 using native compilers
+-----------------------------------------
+
+The following error may occur when compiling with native compilers in the Tru64
+operating system:
+
+  CXX    libpcrecpp_la-pcrecpp.lo
+cxx: Error: /usr/lib/cmplrs/cxx/V7.1-006/include/cxx/iosfwd, line 58: #error
+          directive: "cannot include iosfwd -- define __USE_STD_IOSTREAM to
+          override default - see section 7.1.2 of the C++ Using Guide"
+#error "cannot include iosfwd -- define __USE_STD_IOSTREAM to override default
+- see section 7.1.2 of the C++ Using Guide"
+
+This may be followed by other errors, complaining that 'namespace "std" has no
+member'. The solution to this is to add the line
+
+#define __USE_STD_IOSTREAM 1
+
+to the config.h file.
+
+
+Using Sun's compilers for Solaris
+---------------------------------
+
+A user reports that the following configurations work on Solaris 9 sparcv9 and
+Solaris 9 x86 (32-bit):
+
+  Solaris 9 sparcv9: ./configure --disable-cpp CC=/bin/cc CFLAGS="-m64 -g"
+  Solaris 9 x86:     ./configure --disable-cpp CC=/bin/cc CFLAGS="-g"
+
+
+Using PCRE from MySQL
+---------------------
+
+On systems where both PCRE and MySQL are installed, it is possible to make use
+of PCRE from within MySQL, as an alternative to the built-in pattern matching.
+There is a web page that tells you how to do this:
+
+  http://www.mysqludf.org/lib_mysqludf_preg/index.php
+
+
+Making new tarballs
+-------------------
+
+The command "make dist" creates three PCRE tarballs, in tar.gz, tar.bz2, and
+zip formats. The command "make distcheck" does the same, but then does a trial
+build of the new distribution to ensure that it works.
+
+If you have modified any of the man page sources in the doc directory, you
+should first run the PrepareRelease script before making a distribution. This
+script creates the .txt and HTML forms of the documentation from the man pages.
+
+
+Testing PCRE
+------------
+
+To test the basic PCRE library on a Unix-like system, run the RunTest script.
+There is another script called RunGrepTest that tests the options of the
+pcregrep command. If the C++ wrapper library is built, three test programs
+called pcrecpp_unittest, pcre_scanner_unittest, and pcre_stringpiece_unittest
+are also built. When JIT support is enabled, another test program called
+pcre_jit_test is built.
+
+Both the scripts and all the program tests are run if you obey "make check" or
+"make test". For other environments, see the instructions in
+NON-AUTOTOOLS-BUILD.
+
+The RunTest script runs the pcretest test program (which is documented in its
+own man page) on each of the relevant testinput files in the testdata
+directory, and compares the output with the contents of the corresponding
+testoutput files. RunTest uses a file called testtry to hold the main output
+from pcretest. Other files whose names begin with "test" are used as working
+files in some tests.
+
+Some tests are relevant only when certain build-time options were selected. For
+example, the tests for UTF-8/16/32 support are run only if --enable-utf was
+used. RunTest outputs a comment when it skips a test.
+
+Many of the tests that are not skipped are run up to three times. The second
+run forces pcre_study() to be called for all patterns except for a few in some
+tests that are marked "never study" (see the pcretest program for how this is
+done). If JIT support is available, the non-DFA tests are run a third time,
+this time with a forced pcre_study() with the PCRE_STUDY_JIT_COMPILE option.
+This testing can be suppressed by putting "nojit" on the RunTest command line.
+
+The entire set of tests is run once for each of the 8-bit, 16-bit and 32-bit
+libraries that are enabled. If you want to run just one set of tests, call
+RunTest with either the -8, -16 or -32 option.
+
+If valgrind is installed, you can run the tests under it by putting "valgrind"
+on the RunTest command line. To run pcretest on just one or more specific test
+files, give their numbers as arguments to RunTest, for example:
+
+  RunTest 2 7 11
+
+You can also specify ranges of tests such as 3-6 or 3- (meaning 3 to the
+end), or a number preceded by ~ to exclude a test. For example:
+
+  Runtest 3-15 ~10
+
+This runs tests 3 to 15, excluding test 10, and just ~13 runs all the tests
+except test 13. Whatever order the arguments are in, the tests are always run
+in numerical order.
+
+You can also call RunTest with the single argument "list" to cause it to output
+a list of tests.
+
+The first test file can be fed directly into the perltest.pl script to check
+that Perl gives the same results. The only difference you should see is in the
+first few lines, where the Perl version is given instead of the PCRE version.
+
+The second set of tests check pcre_fullinfo(), pcre_study(),
+pcre_copy_substring(), pcre_get_substring(), pcre_get_substring_list(), error
+detection, and run-time flags that are specific to PCRE, as well as the POSIX
+wrapper API. It also uses the debugging flags to check some of the internals of
+pcre_compile().
+
+If you build PCRE with a locale setting that is not the standard C locale, the
+character tables may be different (see next paragraph). In some cases, this may
+cause failures in the second set of tests. For example, in a locale where the
+isprint() function yields TRUE for characters in the range 128-255, the use of
+[:isascii:] inside a character class defines a different set of characters, and
+this shows up in this test as a difference in the compiled code, which is being
+listed for checking. Where the comparison test output contains [\x00-\x7f] the
+test will contain [\x00-\xff], and similarly in some other cases. This is not a
+bug in PCRE.
+
+The third set of tests checks pcre_maketables(), the facility for building a
+set of character tables for a specific locale and using them instead of the
+default tables. The tests make use of the "fr_FR" (French) locale. Before
+running the test, the script checks for the presence of this locale by running
+the "locale" command. If that command fails, or if it doesn't include "fr_FR"
+in the list of available locales, the third test cannot be run, and a comment
+is output to say why. If running this test produces instances of the error
+
+  ** Failed to set locale "fr_FR"
+
+in the comparison output, it means that locale is not available on your system,
+despite being listed by "locale". This does not mean that PCRE is broken.
+
+[If you are trying to run this test on Windows, you may be able to get it to
+work by changing "fr_FR" to "french" everywhere it occurs. Alternatively, use
+RunTest.bat. The version of RunTest.bat included with PCRE 7.4 and above uses
+Windows versions of test 2. More info on using RunTest.bat is included in the
+document entitled NON-UNIX-USE.]
+
+The fourth and fifth tests check the UTF-8/16/32 support and error handling and
+internal UTF features of PCRE that are not relevant to Perl, respectively. The
+sixth and seventh tests do the same for Unicode character properties support.
+
+The eighth, ninth, and tenth tests check the pcre_dfa_exec() alternative
+matching function, in non-UTF-8/16/32 mode, UTF-8/16/32 mode, and UTF-8/16/32
+mode with Unicode property support, respectively.
+
+The eleventh test checks some internal offsets and code size features; it is
+run only when the default "link size" of 2 is set (in other cases the sizes
+change) and when Unicode property support is enabled.
+
+The twelfth test is run only when JIT support is available, and the thirteenth
+test is run only when JIT support is not available. They test some JIT-specific
+features such as information output from pcretest about JIT compilation.
+
+The fourteenth, fifteenth, and sixteenth tests are run only in 8-bit mode, and
+the seventeenth, eighteenth, and nineteenth tests are run only in 16/32-bit
+mode. These are tests that generate different output in the two modes. They are
+for general cases, UTF-8/16/32 support, and Unicode property support,
+respectively.
+
+The twentieth test is run only in 16/32-bit mode. It tests some specific
+16/32-bit features of the DFA matching engine.
+
+The twenty-first and twenty-second tests are run only in 16/32-bit mode, when
+the link size is set to 2 for the 16-bit library. They test reloading
+pre-compiled patterns.
+
+The twenty-third and twenty-fourth tests are run only in 16-bit mode. They are
+for general cases, and UTF-16 support, respectively.
+
+The twenty-fifth and twenty-sixth tests are run only in 32-bit mode. They are
+for general cases, and UTF-32 support, respectively.
+
+
+Character tables
+----------------
+
+For speed, PCRE uses four tables for manipulating and identifying characters
+whose code point values are less than 256. The final argument of the
+pcre_compile() function is a pointer to a block of memory containing the
+concatenated tables. A call to pcre_maketables() can be used to generate a set
+of tables in the current locale. If the final argument for pcre_compile() is
+passed as NULL, a set of default tables that is built into the binary is used.
+
+The source file called pcre_chartables.c contains the default set of tables. By
+default, this is created as a copy of pcre_chartables.c.dist, which contains
+tables for ASCII coding. However, if --enable-rebuild-chartables is specified
+for ./configure, a different version of pcre_chartables.c is built by the
+program dftables (compiled from dftables.c), which uses the ANSI C character
+handling functions such as isalnum(), isalpha(), isupper(), islower(), etc. to
+build the table sources. This means that the default C locale which is set for
+your system will control the contents of these default tables. You can change
+the default tables by editing pcre_chartables.c and then re-building PCRE. If
+you do this, you should take care to ensure that the file does not get
+automatically re-generated. The best way to do this is to move
+pcre_chartables.c.dist out of the way and replace it with your customized
+tables.
+
+When the dftables program is run as a result of --enable-rebuild-chartables,
+it uses the default C locale that is set on your system. It does not pay
+attention to the LC_xxx environment variables. In other words, it uses the
+system's default locale rather than whatever the compiling user happens to have
+set. If you really do want to build a source set of character tables in a
+locale that is specified by the LC_xxx variables, you can run the dftables
+program by hand with the -L option. For example:
+
+  ./dftables -L pcre_chartables.c.special
+
+The first two 256-byte tables provide lower casing and case flipping functions,
+respectively. The next table consists of three 32-byte bit maps which identify
+digits, "word" characters, and white space, respectively. These are used when
+building 32-byte bit maps that represent character classes for code points less
+than 256.
+
+The final 256-byte table has bits indicating various character types, as
+follows:
+
+    1   white space character
+    2   letter
+    4   decimal digit
+    8   hexadecimal digit
+   16   alphanumeric or '_'
+  128   regular expression metacharacter or binary zero
+
+You should not alter the set of characters that contain the 128 bit, as that
+will cause PCRE to malfunction.
+
+
+File manifest
+-------------
+
+The distribution should contain the files listed below. Where a file name is
+given as pcre[16|32]_xxx it means that there are three files, one with the name
+pcre_xxx, one with the name pcre16_xx, and a third with the name pcre32_xxx.
+
+(A) Source files of the PCRE library functions and their headers:
+
+  dftables.c              auxiliary program for building pcre_chartables.c
+                          when --enable-rebuild-chartables is specified
+
+  pcre_chartables.c.dist  a default set of character tables that assume ASCII
+                          coding; used, unless --enable-rebuild-chartables is
+                          specified, by copying to pcre[16]_chartables.c
+
+  pcreposix.c                )
+  pcre[16|32]_byte_order.c   )
+  pcre[16|32]_compile.c      )
+  pcre[16|32]_config.c       )
+  pcre[16|32]_dfa_exec.c     )
+  pcre[16|32]_exec.c         )
+  pcre[16|32]_fullinfo.c     )
+  pcre[16|32]_get.c          ) sources for the functions in the library,
+  pcre[16|32]_globals.c      )   and some internal functions that they use
+  pcre[16|32]_jit_compile.c  )
+  pcre[16|32]_maketables.c   )
+  pcre[16|32]_newline.c      )
+  pcre[16|32]_refcount.c     )
+  pcre[16|32]_string_utils.c )
+  pcre[16|32]_study.c        )
+  pcre[16|32]_tables.c       )
+  pcre[16|32]_ucd.c          )
+  pcre[16|32]_version.c      )
+  pcre[16|32]_xclass.c       )
+  pcre_ord2utf8.c            )
+  pcre_valid_utf8.c          )
+  pcre16_ord2utf16.c         )
+  pcre16_utf16_utils.c       )
+  pcre16_valid_utf16.c       )
+  pcre32_utf32_utils.c       )
+  pcre32_valid_utf32.c       )
+
+  pcre[16|32]_printint.c     ) debugging function that is used by pcretest,
+                             )   and can also be #included in pcre_compile()
+
+  pcre.h.in               template for pcre.h when built by "configure"
+  pcreposix.h             header for the external POSIX wrapper API
+  pcre_internal.h         header for internal use
+  sljit/*                 16 files that make up the JIT compiler
+  ucp.h                   header for Unicode property handling
+
+  config.h.in             template for config.h, which is built by "configure"
+
+  pcrecpp.h               public header file for the C++ wrapper
+  pcrecpparg.h.in         template for another C++ header file
+  pcre_scanner.h          public header file for C++ scanner functions
+  pcrecpp.cc              )
+  pcre_scanner.cc         ) source for the C++ wrapper library
+
+  pcre_stringpiece.h.in   template for pcre_stringpiece.h, the header for the
+                            C++ stringpiece functions
+  pcre_stringpiece.cc     source for the C++ stringpiece functions
+
+(B) Source files for programs that use PCRE:
+
+  pcredemo.c              simple demonstration of coding calls to PCRE
+  pcregrep.c              source of a grep utility that uses PCRE
+  pcretest.c              comprehensive test program
+
+(C) Auxiliary files:
+
+  132html                 script to turn "man" pages into HTML
+  AUTHORS                 information about the author of PCRE
+  ChangeLog               log of changes to the code
+  CleanTxt                script to clean nroff output for txt man pages
+  Detrail                 script to remove trailing spaces
+  HACKING                 some notes about the internals of PCRE
+  INSTALL                 generic installation instructions
+  LICENCE                 conditions for the use of PCRE
+  COPYING                 the same, using GNU's standard name
+  Makefile.in             ) template for Unix Makefile, which is built by
+                          )   "configure"
+  Makefile.am             ) the automake input that was used to create
+                          )   Makefile.in
+  NEWS                    important changes in this release
+  NON-UNIX-USE            the previous name for NON-AUTOTOOLS-BUILD
+  NON-AUTOTOOLS-BUILD     notes on building PCRE without using autotools
+  PrepareRelease          script to make preparations for "make dist"
+  README                  this file
+  RunTest                 a Unix shell script for running tests
+  RunGrepTest             a Unix shell script for pcregrep tests
+  aclocal.m4              m4 macros (generated by "aclocal")
+  config.guess            ) files used by libtool,
+  config.sub              )   used only when building a shared library
+  configure               a configuring shell script (built by autoconf)
+  configure.ac            ) the autoconf input that was used to build
+                          )   "configure" and config.h
+  depcomp                 ) script to find program dependencies, generated by
+                          )   automake
+  doc/*.3                 man page sources for PCRE
+  doc/*.1                 man page sources for pcregrep and pcretest
+  doc/index.html.src      the base HTML page
+  doc/html/*              HTML documentation
+  doc/pcre.txt            plain text version of the man pages
+  doc/pcretest.txt        plain text documentation of test program
+  doc/perltest.txt        plain text documentation of Perl test program
+  install-sh              a shell script for installing files
+  libpcre16.pc.in         template for libpcre16.pc for pkg-config
+  libpcre32.pc.in         template for libpcre32.pc for pkg-config
+  libpcre.pc.in           template for libpcre.pc for pkg-config
+  libpcreposix.pc.in      template for libpcreposix.pc for pkg-config
+  libpcrecpp.pc.in        template for libpcrecpp.pc for pkg-config
+  ltmain.sh               file used to build a libtool script
+  missing                 ) common stub for a few missing GNU programs while
+                          )   installing, generated by automake
+  mkinstalldirs           script for making install directories
+  perltest.pl             Perl test program
+  pcre-config.in          source of script which retains PCRE information
+  pcre_jit_test.c         test program for the JIT compiler
+  pcrecpp_unittest.cc          )
+  pcre_scanner_unittest.cc     ) test programs for the C++ wrapper
+  pcre_stringpiece_unittest.cc )
+  testdata/testinput*     test data for main library tests
+  testdata/testoutput*    expected test results
+  testdata/grep*          input and output for pcregrep tests
+  testdata/*              other supporting test files
+
+(D) Auxiliary files for cmake support
+
+  cmake/COPYING-CMAKE-SCRIPTS
+  cmake/FindPackageHandleStandardArgs.cmake
+  cmake/FindEditline.cmake
+  cmake/FindReadline.cmake
+  CMakeLists.txt
+  config-cmake.h.in
+
+(E) Auxiliary files for VPASCAL
+
+  makevp.bat
+  makevp_c.txt
+  makevp_l.txt
+  pcregexp.pas
+
+(F) Auxiliary files for building PCRE "by hand"
+
+  pcre.h.generic          ) a version of the public PCRE header file
+                          )   for use in non-"configure" environments
+  config.h.generic        ) a version of config.h for use in non-"configure"
+                          )   environments
+
+(F) Miscellaneous
+
+  RunTest.bat            a script for running tests under Windows
+
+Philip Hazel
+Email local part: ph10
+Email domain: cam.ac.uk
+Last updated: 10 February 2015
diff --git a/client/3rd/ShadowSocks/ShadowSocks/pcre/arm64/share/doc/pcre/html/index.html b/client/3rd/ShadowSocks/ShadowSocks/pcre/arm64/share/doc/pcre/html/index.html
new file mode 100644
index 00000000..352c55df
--- /dev/null
+++ b/client/3rd/ShadowSocks/ShadowSocks/pcre/arm64/share/doc/pcre/html/index.html
@@ -0,0 +1,185 @@
+<html>
+<!-- This is a manually maintained file that is the root of the HTML version of
+     the PCRE documentation. When the HTML documents are built from the man
+     page versions, the entire doc/html directory is emptied, this file is then
+     copied into doc/html/index.html, and the remaining files therein are
+     created by the 132html script.
+-->
+<head>
+<title>PCRE specification</title>
+</head>
+<body bgcolor="#FFFFFF" text="#00005A" link="#0066FF" alink="#3399FF" vlink="#2222BB">
+<h1>Perl-compatible Regular Expressions (PCRE)</h1>
+<p>
+The HTML documentation for PCRE consists of a number of pages that are listed
+below in alphabetical order. If you are new to PCRE, please read the first one
+first.
+</p>
+
+<table>
+<tr><td><a href="pcre.html">pcre</a></td>
+    <td>&nbsp;&nbsp;Introductory page</td></tr>
+
+<tr><td><a href="pcre-config.html">pcre-config</a></td>
+    <td>&nbsp;&nbsp;Information about the installation configuration</td></tr>
+
+<tr><td><a href="pcre16.html">pcre16</a></td>
+    <td>&nbsp;&nbsp;Discussion of the 16-bit PCRE library</td></tr>
+
+<tr><td><a href="pcre32.html">pcre32</a></td>
+    <td>&nbsp;&nbsp;Discussion of the 32-bit PCRE library</td></tr>
+
+<tr><td><a href="pcreapi.html">pcreapi</a></td>
+    <td>&nbsp;&nbsp;PCRE's native API</td></tr>
+
+<tr><td><a href="pcrebuild.html">pcrebuild</a></td>
+    <td>&nbsp;&nbsp;Building PCRE</td></tr>
+
+<tr><td><a href="pcrecallout.html">pcrecallout</a></td>
+    <td>&nbsp;&nbsp;The <i>callout</i> facility</td></tr>
+
+<tr><td><a href="pcrecompat.html">pcrecompat</a></td>
+    <td>&nbsp;&nbsp;Compability with Perl</td></tr>
+
+<tr><td><a href="pcrecpp.html">pcrecpp</a></td>
+    <td>&nbsp;&nbsp;The C++ wrapper for the PCRE library</td></tr>
+
+<tr><td><a href="pcredemo.html">pcredemo</a></td>
+    <td>&nbsp;&nbsp;A demonstration C program that uses the PCRE library</td></tr>
+
+<tr><td><a href="pcregrep.html">pcregrep</a></td>
+    <td>&nbsp;&nbsp;The <b>pcregrep</b> command</td></tr>
+
+<tr><td><a href="pcrejit.html">pcrejit</a></td>
+    <td>&nbsp;&nbsp;Discussion of the just-in-time optimization support</td></tr>
+
+<tr><td><a href="pcrelimits.html">pcrelimits</a></td>
+    <td>&nbsp;&nbsp;Details of size and other limits</td></tr>
+
+<tr><td><a href="pcrematching.html">pcrematching</a></td>
+    <td>&nbsp;&nbsp;Discussion of the two matching algorithms</td></tr>
+
+<tr><td><a href="pcrepartial.html">pcrepartial</a></td>
+    <td>&nbsp;&nbsp;Using PCRE for partial matching</td></tr>
+
+<tr><td><a href="pcrepattern.html">pcrepattern</a></td>
+    <td>&nbsp;&nbsp;Specification of the regular expressions supported by PCRE</td></tr>
+
+<tr><td><a href="pcreperform.html">pcreperform</a></td>
+    <td>&nbsp;&nbsp;Some comments on performance</td></tr>
+
+<tr><td><a href="pcreposix.html">pcreposix</a></td>
+    <td>&nbsp;&nbsp;The POSIX API to the PCRE 8-bit library</td></tr>
+
+<tr><td><a href="pcreprecompile.html">pcreprecompile</a></td>
+    <td>&nbsp;&nbsp;How to save and re-use compiled patterns</td></tr>
+
+<tr><td><a href="pcresample.html">pcresample</a></td>
+    <td>&nbsp;&nbsp;Discussion of the pcredemo program</td></tr>
+
+<tr><td><a href="pcrestack.html">pcrestack</a></td>
+    <td>&nbsp;&nbsp;Discussion of PCRE's stack usage</td></tr>
+
+<tr><td><a href="pcresyntax.html">pcresyntax</a></td>
+    <td>&nbsp;&nbsp;Syntax quick-reference summary</td></tr>
+
+<tr><td><a href="pcretest.html">pcretest</a></td>
+    <td>&nbsp;&nbsp;The <b>pcretest</b> command for testing PCRE</td></tr>
+
+<tr><td><a href="pcreunicode.html">pcreunicode</a></td>
+    <td>&nbsp;&nbsp;Discussion of Unicode and UTF-8/UTF-16/UTF-32 support</td></tr>
+</table>
+
+<p>
+There are also individual pages that summarize the interface for each function
+in the library. There is a single page for each triple of 8-bit/16-bit/32-bit
+functions.
+</p>
+
+<table>
+
+<tr><td><a href="pcre_assign_jit_stack.html">pcre_assign_jit_stack</a></td>
+    <td>&nbsp;&nbsp;Assign stack for JIT matching</td></tr>
+
+<tr><td><a href="pcre_compile.html">pcre_compile</a></td>
+    <td>&nbsp;&nbsp;Compile a regular expression</td></tr>
+
+<tr><td><a href="pcre_compile2.html">pcre_compile2</a></td>
+    <td>&nbsp;&nbsp;Compile a regular expression (alternate interface)</td></tr>
+
+<tr><td><a href="pcre_config.html">pcre_config</a></td>
+    <td>&nbsp;&nbsp;Show build-time configuration options</td></tr>
+
+<tr><td><a href="pcre_copy_named_substring.html">pcre_copy_named_substring</a></td>
+    <td>&nbsp;&nbsp;Extract named substring into given buffer</td></tr>
+
+<tr><td><a href="pcre_copy_substring.html">pcre_copy_substring</a></td>
+    <td>&nbsp;&nbsp;Extract numbered substring into given buffer</td></tr>
+
+<tr><td><a href="pcre_dfa_exec.html">pcre_dfa_exec</a></td>
+    <td>&nbsp;&nbsp;Match a compiled pattern to a subject string
+    (DFA algorithm; <i>not</i> Perl compatible)</td></tr>
+
+<tr><td><a href="pcre_exec.html">pcre_exec</a></td>
+    <td>&nbsp;&nbsp;Match a compiled pattern to a subject string
+    (Perl compatible)</td></tr>
+
+<tr><td><a href="pcre_free_study.html">pcre_free_study</a></td>
+    <td>&nbsp;&nbsp;Free study data</td></tr>
+
+<tr><td><a href="pcre_free_substring.html">pcre_free_substring</a></td>
+    <td>&nbsp;&nbsp;Free extracted substring</td></tr>
+
+<tr><td><a href="pcre_free_substring_list.html">pcre_free_substring_list</a></td>
+    <td>&nbsp;&nbsp;Free list of extracted substrings</td></tr>
+
+<tr><td><a href="pcre_fullinfo.html">pcre_fullinfo</a></td>
+    <td>&nbsp;&nbsp;Extract information about a pattern</td></tr>
+
+<tr><td><a href="pcre_get_named_substring.html">pcre_get_named_substring</a></td>
+    <td>&nbsp;&nbsp;Extract named substring into new memory</td></tr>
+
+<tr><td><a href="pcre_get_stringnumber.html">pcre_get_stringnumber</a></td>
+    <td>&nbsp;&nbsp;Convert captured string name to number</td></tr>
+
+<tr><td><a href="pcre_get_stringtable_entries.html">pcre_get_stringtable_entries</a></td>
+    <td>&nbsp;&nbsp;Find table entries for given string name</td></tr>
+
+<tr><td><a href="pcre_get_substring.html">pcre_get_substring</a></td>
+    <td>&nbsp;&nbsp;Extract numbered substring into new memory</td></tr>
+
+<tr><td><a href="pcre_get_substring_list.html">pcre_get_substring_list</a></td>
+    <td>&nbsp;&nbsp;Extract all substrings into new memory</td></tr>
+
+<tr><td><a href="pcre_jit_exec.html">pcre_jit_exec</a></td>
+    <td>&nbsp;&nbsp;Fast path interface to JIT matching</td></tr>
+
+<tr><td><a href="pcre_jit_stack_alloc.html">pcre_jit_stack_alloc</a></td>
+    <td>&nbsp;&nbsp;Create a stack for JIT matching</td></tr>
+
+<tr><td><a href="pcre_jit_stack_free.html">pcre_jit_stack_free</a></td>
+    <td>&nbsp;&nbsp;Free a JIT matching stack</td></tr>
+
+<tr><td><a href="pcre_maketables.html">pcre_maketables</a></td>
+    <td>&nbsp;&nbsp;Build character tables in current locale</td></tr>
+
+<tr><td><a href="pcre_pattern_to_host_byte_order.html">pcre_pattern_to_host_byte_order</a></td>
+    <td>&nbsp;&nbsp;Convert compiled pattern to host byte order if necessary</td></tr>
+
+<tr><td><a href="pcre_refcount.html">pcre_refcount</a></td>
+    <td>&nbsp;&nbsp;Maintain reference count in compiled pattern</td></tr>
+
+<tr><td><a href="pcre_study.html">pcre_study</a></td>
+    <td>&nbsp;&nbsp;Study a compiled pattern</td></tr>
+
+<tr><td><a href="pcre_utf16_to_host_byte_order.html">pcre_utf16_to_host_byte_order</a></td>
+    <td>&nbsp;&nbsp;Convert UTF-16 string to host byte order if necessary</td></tr>
+
+<tr><td><a href="pcre_utf32_to_host_byte_order.html">pcre_utf32_to_host_byte_order</a></td>
+    <td>&nbsp;&nbsp;Convert UTF-32 string to host byte order if necessary</td></tr>
+
+<tr><td><a href="pcre_version.html">pcre_version</a></td>
+    <td>&nbsp;&nbsp;Return PCRE version and release date</td></tr>
+</table>
+
+</html>
diff --git a/client/3rd/ShadowSocks/ShadowSocks/pcre/arm64/share/doc/pcre/html/pcre-config.html b/client/3rd/ShadowSocks/ShadowSocks/pcre/arm64/share/doc/pcre/html/pcre-config.html
new file mode 100644
index 00000000..56a80604
--- /dev/null
+++ b/client/3rd/ShadowSocks/ShadowSocks/pcre/arm64/share/doc/pcre/html/pcre-config.html
@@ -0,0 +1,109 @@
+<html>
+<head>
+<title>pcre-config specification</title>
+</head>
+<body bgcolor="#FFFFFF" text="#00005A" link="#0066FF" alink="#3399FF" vlink="#2222BB">
+<h1>pcre-config man page</h1>
+<p>
+Return to the <a href="index.html">PCRE index page</a>.
+</p>
+<p>
+This page is part of the PCRE HTML documentation. It was generated automatically
+from the original man page. If there is any nonsense in it, please consult the
+man page, in case the conversion went wrong.
+<br>
+<ul>
+<li><a name="TOC1" href="#SEC1">SYNOPSIS</a>
+<li><a name="TOC2" href="#SEC2">DESCRIPTION</a>
+<li><a name="TOC3" href="#SEC3">OPTIONS</a>
+<li><a name="TOC4" href="#SEC4">SEE ALSO</a>
+<li><a name="TOC5" href="#SEC5">AUTHOR</a>
+<li><a name="TOC6" href="#SEC6">REVISION</a>
+</ul>
+<br><a name="SEC1" href="#TOC1">SYNOPSIS</a><br>
+<P>
+<b>pcre-config  [--prefix] [--exec-prefix] [--version] [--libs]</b>
+<b>            [--libs16] [--libs32] [--libs-cpp] [--libs-posix]</b>
+<b>            [--cflags] [--cflags-posix]</b>
+</P>
+<br><a name="SEC2" href="#TOC1">DESCRIPTION</a><br>
+<P>
+<b>pcre-config</b> returns the configuration of the installed PCRE
+libraries and the options required to compile a program to use them. Some of
+the options apply only to the 8-bit, or 16-bit, or 32-bit libraries,
+respectively, and are
+not available if only one of those libraries has been built. If an unavailable
+option is encountered, the "usage" information is output.
+</P>
+<br><a name="SEC3" href="#TOC1">OPTIONS</a><br>
+<P>
+<b>--prefix</b>
+Writes the directory prefix used in the PCRE installation for architecture
+independent files (<i>/usr</i> on many systems, <i>/usr/local</i> on some
+systems) to the standard output.
+</P>
+<P>
+<b>--exec-prefix</b>
+Writes the directory prefix used in the PCRE installation for architecture
+dependent files (normally the same as <b>--prefix</b>) to the standard output.
+</P>
+<P>
+<b>--version</b>
+Writes the version number of the installed PCRE libraries to the standard
+output.
+</P>
+<P>
+<b>--libs</b>
+Writes to the standard output the command line options required to link
+with the 8-bit PCRE library (<b>-lpcre</b> on many systems).
+</P>
+<P>
+<b>--libs16</b>
+Writes to the standard output the command line options required to link
+with the 16-bit PCRE library (<b>-lpcre16</b> on many systems).
+</P>
+<P>
+<b>--libs32</b>
+Writes to the standard output the command line options required to link
+with the 32-bit PCRE library (<b>-lpcre32</b> on many systems).
+</P>
+<P>
+<b>--libs-cpp</b>
+Writes to the standard output the command line options required to link with
+PCRE's C++ wrapper library (<b>-lpcrecpp</b> <b>-lpcre</b> on many
+systems).
+</P>
+<P>
+<b>--libs-posix</b>
+Writes to the standard output the command line options required to link with
+PCRE's POSIX API wrapper library (<b>-lpcreposix</b> <b>-lpcre</b> on many
+systems).
+</P>
+<P>
+<b>--cflags</b>
+Writes to the standard output the command line options required to compile
+files that use PCRE (this may include some <b>-I</b> options, but is blank on
+many systems).
+</P>
+<P>
+<b>--cflags-posix</b>
+Writes to the standard output the command line options required to compile
+files that use PCRE's POSIX API wrapper library (this may include some <b>-I</b>
+options, but is blank on many systems).
+</P>
+<br><a name="SEC4" href="#TOC1">SEE ALSO</a><br>
+<P>
+<b>pcre(3)</b>
+</P>
+<br><a name="SEC5" href="#TOC1">AUTHOR</a><br>
+<P>
+This manual page was originally written by Mark Baker for the Debian GNU/Linux
+system. It has been subsequently revised as a generic PCRE man page.
+</P>
+<br><a name="SEC6" href="#TOC1">REVISION</a><br>
+<P>
+Last updated: 24 June 2012
+<br>
+<p>
+Return to the <a href="index.html">PCRE index page</a>.
+</p>
diff --git a/client/3rd/ShadowSocks/ShadowSocks/pcre/arm64/share/doc/pcre/html/pcre.html b/client/3rd/ShadowSocks/ShadowSocks/pcre/arm64/share/doc/pcre/html/pcre.html
new file mode 100644
index 00000000..c87b1066
--- /dev/null
+++ b/client/3rd/ShadowSocks/ShadowSocks/pcre/arm64/share/doc/pcre/html/pcre.html
@@ -0,0 +1,224 @@
+<html>
+<head>
+<title>pcre specification</title>
+</head>
+<body bgcolor="#FFFFFF" text="#00005A" link="#0066FF" alink="#3399FF" vlink="#2222BB">
+<h1>pcre man page</h1>
+<p>
+Return to the <a href="index.html">PCRE index page</a>.
+</p>
+<p>
+This page is part of the PCRE HTML documentation. It was generated automatically
+from the original man page. If there is any nonsense in it, please consult the
+man page, in case the conversion went wrong.
+<br>
+<ul>
+<li><a name="TOC1" href="#SEC1">PLEASE TAKE NOTE</a>
+<li><a name="TOC2" href="#SEC2">INTRODUCTION</a>
+<li><a name="TOC3" href="#SEC3">SECURITY CONSIDERATIONS</a>
+<li><a name="TOC4" href="#SEC4">USER DOCUMENTATION</a>
+<li><a name="TOC5" href="#SEC5">AUTHOR</a>
+<li><a name="TOC6" href="#SEC6">REVISION</a>
+</ul>
+<br><a name="SEC1" href="#TOC1">PLEASE TAKE NOTE</a><br>
+<P>
+This document relates to PCRE releases that use the original API,
+with library names libpcre, libpcre16, and libpcre32. January 2015 saw the
+first release of a new API, known as PCRE2, with release numbers starting at
+10.00 and library names libpcre2-8, libpcre2-16, and libpcre2-32. The old
+libraries (now called PCRE1) are still being maintained for bug fixes, but
+there will be no new development. New projects are advised to use the new PCRE2
+libraries.
+</P>
+<br><a name="SEC2" href="#TOC1">INTRODUCTION</a><br>
+<P>
+The PCRE library is a set of functions that implement regular expression
+pattern matching using the same syntax and semantics as Perl, with just a few
+differences. Some features that appeared in Python and PCRE before they
+appeared in Perl are also available using the Python syntax, there is some
+support for one or two .NET and Oniguruma syntax items, and there is an option
+for requesting some minor changes that give better JavaScript compatibility.
+</P>
+<P>
+Starting with release 8.30, it is possible to compile two separate PCRE
+libraries: the original, which supports 8-bit character strings (including
+UTF-8 strings), and a second library that supports 16-bit character strings
+(including UTF-16 strings). The build process allows either one or both to be
+built. The majority of the work to make this possible was done by Zoltan
+Herczeg.
+</P>
+<P>
+Starting with release 8.32 it is possible to compile a third separate PCRE
+library that supports 32-bit character strings (including UTF-32 strings). The
+build process allows any combination of the 8-, 16- and 32-bit libraries. The
+work to make this possible was done by Christian Persch.
+</P>
+<P>
+The three libraries contain identical sets of functions, except that the names
+in the 16-bit library start with <b>pcre16_</b> instead of <b>pcre_</b>, and the
+names in the 32-bit library start with <b>pcre32_</b> instead of <b>pcre_</b>. To
+avoid over-complication and reduce the documentation maintenance load, most of
+the documentation describes the 8-bit library, with the differences for the
+16-bit and 32-bit libraries described separately in the
+<a href="pcre16.html"><b>pcre16</b></a>
+and
+<a href="pcre32.html"><b>pcre32</b></a>
+pages. References to functions or structures of the form <i>pcre[16|32]_xxx</i>
+should be read as meaning "<i>pcre_xxx</i> when using the 8-bit library,
+<i>pcre16_xxx</i> when using the 16-bit library, or <i>pcre32_xxx</i> when using
+the 32-bit library".
+</P>
+<P>
+The current implementation of PCRE corresponds approximately with Perl 5.12,
+including support for UTF-8/16/32 encoded strings and Unicode general category
+properties. However, UTF-8/16/32 and Unicode support has to be explicitly
+enabled; it is not the default. The Unicode tables correspond to Unicode
+release 6.3.0.
+</P>
+<P>
+In addition to the Perl-compatible matching function, PCRE contains an
+alternative function that matches the same compiled patterns in a different
+way. In certain circumstances, the alternative function has some advantages.
+For a discussion of the two matching algorithms, see the
+<a href="pcrematching.html"><b>pcrematching</b></a>
+page.
+</P>
+<P>
+PCRE is written in C and released as a C library. A number of people have
+written wrappers and interfaces of various kinds. In particular, Google Inc.
+have provided a comprehensive C++ wrapper for the 8-bit library. This is now
+included as part of the PCRE distribution. The
+<a href="pcrecpp.html"><b>pcrecpp</b></a>
+page has details of this interface. Other people's contributions can be found
+in the <i>Contrib</i> directory at the primary FTP site, which is:
+<a href="ftp://ftp.csx.cam.ac.uk/pub/software/programming/pcre">ftp://ftp.csx.cam.ac.uk/pub/software/programming/pcre</a>
+</P>
+<P>
+Details of exactly which Perl regular expression features are and are not
+supported by PCRE are given in separate documents. See the
+<a href="pcrepattern.html"><b>pcrepattern</b></a>
+and
+<a href="pcrecompat.html"><b>pcrecompat</b></a>
+pages. There is a syntax summary in the
+<a href="pcresyntax.html"><b>pcresyntax</b></a>
+page.
+</P>
+<P>
+Some features of PCRE can be included, excluded, or changed when the library is
+built. The
+<a href="pcre_config.html"><b>pcre_config()</b></a>
+function makes it possible for a client to discover which features are
+available. The features themselves are described in the
+<a href="pcrebuild.html"><b>pcrebuild</b></a>
+page. Documentation about building PCRE for various operating systems can be
+found in the
+<a href="README.txt"><b>README</b></a>
+and
+<a href="NON-AUTOTOOLS-BUILD.txt"><b>NON-AUTOTOOLS_BUILD</b></a>
+files in the source distribution.
+</P>
+<P>
+The libraries contains a number of undocumented internal functions and data
+tables that are used by more than one of the exported external functions, but
+which are not intended for use by external callers. Their names all begin with
+"_pcre_" or "_pcre16_" or "_pcre32_", which hopefully will not provoke any name
+clashes. In some environments, it is possible to control which external symbols
+are exported when a shared library is built, and in these cases the
+undocumented symbols are not exported.
+</P>
+<br><a name="SEC3" href="#TOC1">SECURITY CONSIDERATIONS</a><br>
+<P>
+If you are using PCRE in a non-UTF application that permits users to supply
+arbitrary patterns for compilation, you should be aware of a feature that
+allows users to turn on UTF support from within a pattern, provided that PCRE
+was built with UTF support. For example, an 8-bit pattern that begins with
+"(*UTF8)" or "(*UTF)" turns on UTF-8 mode, which interprets patterns and
+subjects as strings of UTF-8 characters instead of individual 8-bit characters.
+This causes both the pattern and any data against which it is matched to be
+checked for UTF-8 validity. If the data string is very long, such a check might
+use sufficiently many resources as to cause your application to lose
+performance.
+</P>
+<P>
+One way of guarding against this possibility is to use the
+<b>pcre_fullinfo()</b> function to check the compiled pattern's options for UTF.
+Alternatively, from release 8.33, you can set the PCRE_NEVER_UTF option at
+compile time. This causes an compile time error if a pattern contains a
+UTF-setting sequence.
+</P>
+<P>
+If your application is one that supports UTF, be aware that validity checking
+can take time. If the same data string is to be matched many times, you can use
+the PCRE_NO_UTF[8|16|32]_CHECK option for the second and subsequent matches to
+save redundant checks.
+</P>
+<P>
+Another way that performance can be hit is by running a pattern that has a very
+large search tree against a string that will never match. Nested unlimited
+repeats in a pattern are a common example. PCRE provides some protection
+against this: see the PCRE_EXTRA_MATCH_LIMIT feature in the
+<a href="pcreapi.html"><b>pcreapi</b></a>
+page.
+</P>
+<br><a name="SEC4" href="#TOC1">USER DOCUMENTATION</a><br>
+<P>
+The user documentation for PCRE comprises a number of different sections. In
+the "man" format, each of these is a separate "man page". In the HTML format,
+each is a separate page, linked from the index page. In the plain text format,
+the descriptions of the <b>pcregrep</b> and <b>pcretest</b> programs are in files
+called <b>pcregrep.txt</b> and <b>pcretest.txt</b>, respectively. The remaining
+sections, except for the <b>pcredemo</b> section (which is a program listing),
+are concatenated in <b>pcre.txt</b>, for ease of searching. The sections are as
+follows:
+<pre>
+  pcre              this document
+  pcre-config       show PCRE installation configuration information
+  pcre16            details of the 16-bit library
+  pcre32            details of the 32-bit library
+  pcreapi           details of PCRE's native C API
+  pcrebuild         building PCRE
+  pcrecallout       details of the callout feature
+  pcrecompat        discussion of Perl compatibility
+  pcrecpp           details of the C++ wrapper for the 8-bit library
+  pcredemo          a demonstration C program that uses PCRE
+  pcregrep          description of the <b>pcregrep</b> command (8-bit only)
+  pcrejit           discussion of the just-in-time optimization support
+  pcrelimits        details of size and other limits
+  pcrematching      discussion of the two matching algorithms
+  pcrepartial       details of the partial matching facility
+  pcrepattern       syntax and semantics of supported regular expressions
+  pcreperform       discussion of performance issues
+  pcreposix         the POSIX-compatible C API for the 8-bit library
+  pcreprecompile    details of saving and re-using precompiled patterns
+  pcresample        discussion of the pcredemo program
+  pcrestack         discussion of stack usage
+  pcresyntax        quick syntax reference
+  pcretest          description of the <b>pcretest</b> testing command
+  pcreunicode       discussion of Unicode and UTF-8/16/32 support
+</pre>
+In the "man" and HTML formats, there is also a short page for each C library
+function, listing its arguments and results.
+</P>
+<br><a name="SEC5" href="#TOC1">AUTHOR</a><br>
+<P>
+Philip Hazel
+<br>
+University Computing Service
+<br>
+Cambridge CB2 3QH, England.
+<br>
+</P>
+<P>
+Putting an actual email address here seems to have been a spam magnet, so I've
+taken it away. If you want to email me, use my two initials, followed by the
+two digits 10, at the domain cam.ac.uk.
+</P>
+<br><a name="SEC6" href="#TOC1">REVISION</a><br>
+<P>
+Last updated: 10 February 2015
+<br>
+Copyright &copy; 1997-2015 University of Cambridge.
+<br>
+<p>
+Return to the <a href="index.html">PCRE index page</a>.
+</p>
diff --git a/client/3rd/ShadowSocks/ShadowSocks/pcre/arm64/share/doc/pcre/html/pcre16.html b/client/3rd/ShadowSocks/ShadowSocks/pcre/arm64/share/doc/pcre/html/pcre16.html
new file mode 100644
index 00000000..f00859f0
--- /dev/null
+++ b/client/3rd/ShadowSocks/ShadowSocks/pcre/arm64/share/doc/pcre/html/pcre16.html
@@ -0,0 +1,384 @@
+<html>
+<head>
+<title>pcre16 specification</title>
+</head>
+<body bgcolor="#FFFFFF" text="#00005A" link="#0066FF" alink="#3399FF" vlink="#2222BB">
+<h1>pcre16 man page</h1>
+<p>
+Return to the <a href="index.html">PCRE index page</a>.
+</p>
+<p>
+This page is part of the PCRE HTML documentation. It was generated automatically
+from the original man page. If there is any nonsense in it, please consult the
+man page, in case the conversion went wrong.
+<br>
+<ul>
+<li><a name="TOC1" href="#SEC1">PCRE 16-BIT API BASIC FUNCTIONS</a>
+<li><a name="TOC2" href="#SEC2">PCRE 16-BIT API STRING EXTRACTION FUNCTIONS</a>
+<li><a name="TOC3" href="#SEC3">PCRE 16-BIT API AUXILIARY FUNCTIONS</a>
+<li><a name="TOC4" href="#SEC4">PCRE 16-BIT API INDIRECTED FUNCTIONS</a>
+<li><a name="TOC5" href="#SEC5">PCRE 16-BIT API 16-BIT-ONLY FUNCTION</a>
+<li><a name="TOC6" href="#SEC6">THE PCRE 16-BIT LIBRARY</a>
+<li><a name="TOC7" href="#SEC7">THE HEADER FILE</a>
+<li><a name="TOC8" href="#SEC8">THE LIBRARY NAME</a>
+<li><a name="TOC9" href="#SEC9">STRING TYPES</a>
+<li><a name="TOC10" href="#SEC10">STRUCTURE TYPES</a>
+<li><a name="TOC11" href="#SEC11">16-BIT FUNCTIONS</a>
+<li><a name="TOC12" href="#SEC12">SUBJECT STRING OFFSETS</a>
+<li><a name="TOC13" href="#SEC13">NAMED SUBPATTERNS</a>
+<li><a name="TOC14" href="#SEC14">OPTION NAMES</a>
+<li><a name="TOC15" href="#SEC15">CHARACTER CODES</a>
+<li><a name="TOC16" href="#SEC16">ERROR NAMES</a>
+<li><a name="TOC17" href="#SEC17">ERROR TEXTS</a>
+<li><a name="TOC18" href="#SEC18">CALLOUTS</a>
+<li><a name="TOC19" href="#SEC19">TESTING</a>
+<li><a name="TOC20" href="#SEC20">NOT SUPPORTED IN 16-BIT MODE</a>
+<li><a name="TOC21" href="#SEC21">AUTHOR</a>
+<li><a name="TOC22" href="#SEC22">REVISION</a>
+</ul>
+<P>
+<b>#include &#60;pcre.h&#62;</b>
+</P>
+<br><a name="SEC1" href="#TOC1">PCRE 16-BIT API BASIC FUNCTIONS</a><br>
+<P>
+<b>pcre16 *pcre16_compile(PCRE_SPTR16 <i>pattern</i>, int <i>options</i>,</b>
+<b>     const char **<i>errptr</i>, int *<i>erroffset</i>,</b>
+<b>     const unsigned char *<i>tableptr</i>);</b>
+<br>
+<br>
+<b>pcre16 *pcre16_compile2(PCRE_SPTR16 <i>pattern</i>, int <i>options</i>,</b>
+<b>     int *<i>errorcodeptr</i>,</b>
+<b>     const char **<i>errptr</i>, int *<i>erroffset</i>,</b>
+<b>     const unsigned char *<i>tableptr</i>);</b>
+<br>
+<br>
+<b>pcre16_extra *pcre16_study(const pcre16 *<i>code</i>, int <i>options</i>,</b>
+<b>     const char **<i>errptr</i>);</b>
+<br>
+<br>
+<b>void pcre16_free_study(pcre16_extra *<i>extra</i>);</b>
+<br>
+<br>
+<b>int pcre16_exec(const pcre16 *<i>code</i>, const pcre16_extra *<i>extra</i>,</b>
+<b>     PCRE_SPTR16 <i>subject</i>, int <i>length</i>, int <i>startoffset</i>,</b>
+<b>     int <i>options</i>, int *<i>ovector</i>, int <i>ovecsize</i>);</b>
+<br>
+<br>
+<b>int pcre16_dfa_exec(const pcre16 *<i>code</i>, const pcre16_extra *<i>extra</i>,</b>
+<b>     PCRE_SPTR16 <i>subject</i>, int <i>length</i>, int <i>startoffset</i>,</b>
+<b>     int <i>options</i>, int *<i>ovector</i>, int <i>ovecsize</i>,</b>
+<b>     int *<i>workspace</i>, int <i>wscount</i>);</b>
+</P>
+<br><a name="SEC2" href="#TOC1">PCRE 16-BIT API STRING EXTRACTION FUNCTIONS</a><br>
+<P>
+<b>int pcre16_copy_named_substring(const pcre16 *<i>code</i>,</b>
+<b>     PCRE_SPTR16 <i>subject</i>, int *<i>ovector</i>,</b>
+<b>     int <i>stringcount</i>, PCRE_SPTR16 <i>stringname</i>,</b>
+<b>     PCRE_UCHAR16 *<i>buffer</i>, int <i>buffersize</i>);</b>
+<br>
+<br>
+<b>int pcre16_copy_substring(PCRE_SPTR16 <i>subject</i>, int *<i>ovector</i>,</b>
+<b>     int <i>stringcount</i>, int <i>stringnumber</i>, PCRE_UCHAR16 *<i>buffer</i>,</b>
+<b>     int <i>buffersize</i>);</b>
+<br>
+<br>
+<b>int pcre16_get_named_substring(const pcre16 *<i>code</i>,</b>
+<b>     PCRE_SPTR16 <i>subject</i>, int *<i>ovector</i>,</b>
+<b>     int <i>stringcount</i>, PCRE_SPTR16 <i>stringname</i>,</b>
+<b>     PCRE_SPTR16 *<i>stringptr</i>);</b>
+<br>
+<br>
+<b>int pcre16_get_stringnumber(const pcre16 *<i>code</i>,</b>
+<b>"     PCRE_SPTR16 <i>name</i>);</b>
+<br>
+<br>
+<b>int pcre16_get_stringtable_entries(const pcre16 *<i>code</i>,</b>
+<b>     PCRE_SPTR16 <i>name</i>, PCRE_UCHAR16 **<i>first</i>, PCRE_UCHAR16 **<i>last</i>);</b>
+<br>
+<br>
+<b>int pcre16_get_substring(PCRE_SPTR16 <i>subject</i>, int *<i>ovector</i>,</b>
+<b>     int <i>stringcount</i>, int <i>stringnumber</i>,</b>
+<b>     PCRE_SPTR16 *<i>stringptr</i>);</b>
+<br>
+<br>
+<b>int pcre16_get_substring_list(PCRE_SPTR16 <i>subject</i>,</b>
+<b>     int *<i>ovector</i>, int <i>stringcount</i>, PCRE_SPTR16 **<i>listptr</i>);</b>
+<br>
+<br>
+<b>void pcre16_free_substring(PCRE_SPTR16 <i>stringptr</i>);</b>
+<br>
+<br>
+<b>void pcre16_free_substring_list(PCRE_SPTR16 *<i>stringptr</i>);</b>
+</P>
+<br><a name="SEC3" href="#TOC1">PCRE 16-BIT API AUXILIARY FUNCTIONS</a><br>
+<P>
+<b>pcre16_jit_stack *pcre16_jit_stack_alloc(int <i>startsize</i>, int <i>maxsize</i>);</b>
+<br>
+<br>
+<b>void pcre16_jit_stack_free(pcre16_jit_stack *<i>stack</i>);</b>
+<br>
+<br>
+<b>void pcre16_assign_jit_stack(pcre16_extra *<i>extra</i>,</b>
+<b>     pcre16_jit_callback <i>callback</i>, void *<i>data</i>);</b>
+<br>
+<br>
+<b>const unsigned char *pcre16_maketables(void);</b>
+<br>
+<br>
+<b>int pcre16_fullinfo(const pcre16 *<i>code</i>, const pcre16_extra *<i>extra</i>,</b>
+<b>     int <i>what</i>, void *<i>where</i>);</b>
+<br>
+<br>
+<b>int pcre16_refcount(pcre16 *<i>code</i>, int <i>adjust</i>);</b>
+<br>
+<br>
+<b>int pcre16_config(int <i>what</i>, void *<i>where</i>);</b>
+<br>
+<br>
+<b>const char *pcre16_version(void);</b>
+<br>
+<br>
+<b>int pcre16_pattern_to_host_byte_order(pcre16 *<i>code</i>,</b>
+<b>     pcre16_extra *<i>extra</i>, const unsigned char *<i>tables</i>);</b>
+</P>
+<br><a name="SEC4" href="#TOC1">PCRE 16-BIT API INDIRECTED FUNCTIONS</a><br>
+<P>
+<b>void *(*pcre16_malloc)(size_t);</b>
+<br>
+<br>
+<b>void (*pcre16_free)(void *);</b>
+<br>
+<br>
+<b>void *(*pcre16_stack_malloc)(size_t);</b>
+<br>
+<br>
+<b>void (*pcre16_stack_free)(void *);</b>
+<br>
+<br>
+<b>int (*pcre16_callout)(pcre16_callout_block *);</b>
+</P>
+<br><a name="SEC5" href="#TOC1">PCRE 16-BIT API 16-BIT-ONLY FUNCTION</a><br>
+<P>
+<b>int pcre16_utf16_to_host_byte_order(PCRE_UCHAR16 *<i>output</i>,</b>
+<b>     PCRE_SPTR16 <i>input</i>, int <i>length</i>, int *<i>byte_order</i>,</b>
+<b>     int <i>keep_boms</i>);</b>
+</P>
+<br><a name="SEC6" href="#TOC1">THE PCRE 16-BIT LIBRARY</a><br>
+<P>
+Starting with release 8.30, it is possible to compile a PCRE library that
+supports 16-bit character strings, including UTF-16 strings, as well as or
+instead of the original 8-bit library. The majority of the work to make this
+possible was done by Zoltan Herczeg. The two libraries contain identical sets
+of functions, used in exactly the same way. Only the names of the functions and
+the data types of their arguments and results are different. To avoid
+over-complication and reduce the documentation maintenance load, most of the
+PCRE documentation describes the 8-bit library, with only occasional references
+to the 16-bit library. This page describes what is different when you use the
+16-bit library.
+</P>
+<P>
+WARNING: A single application can be linked with both libraries, but you must
+take care when processing any particular pattern to use functions from just one
+library. For example, if you want to study a pattern that was compiled with
+<b>pcre16_compile()</b>, you must do so with <b>pcre16_study()</b>, not
+<b>pcre_study()</b>, and you must free the study data with
+<b>pcre16_free_study()</b>.
+</P>
+<br><a name="SEC7" href="#TOC1">THE HEADER FILE</a><br>
+<P>
+There is only one header file, <b>pcre.h</b>. It contains prototypes for all the
+functions in all libraries, as well as definitions of flags, structures, error
+codes, etc.
+</P>
+<br><a name="SEC8" href="#TOC1">THE LIBRARY NAME</a><br>
+<P>
+In Unix-like systems, the 16-bit library is called <b>libpcre16</b>, and can
+normally be accesss by adding <b>-lpcre16</b> to the command for linking an
+application that uses PCRE.
+</P>
+<br><a name="SEC9" href="#TOC1">STRING TYPES</a><br>
+<P>
+In the 8-bit library, strings are passed to PCRE library functions as vectors
+of bytes with the C type "char *". In the 16-bit library, strings are passed as
+vectors of unsigned 16-bit quantities. The macro PCRE_UCHAR16 specifies an
+appropriate data type, and PCRE_SPTR16 is defined as "const PCRE_UCHAR16 *". In
+very many environments, "short int" is a 16-bit data type. When PCRE is built,
+it defines PCRE_UCHAR16 as "unsigned short int", but checks that it really is a
+16-bit data type. If it is not, the build fails with an error message telling
+the maintainer to modify the definition appropriately.
+</P>
+<br><a name="SEC10" href="#TOC1">STRUCTURE TYPES</a><br>
+<P>
+The types of the opaque structures that are used for compiled 16-bit patterns
+and JIT stacks are <b>pcre16</b> and <b>pcre16_jit_stack</b> respectively. The
+type of the user-accessible structure that is returned by <b>pcre16_study()</b>
+is <b>pcre16_extra</b>, and the type of the structure that is used for passing
+data to a callout function is <b>pcre16_callout_block</b>. These structures
+contain the same fields, with the same names, as their 8-bit counterparts. The
+only difference is that pointers to character strings are 16-bit instead of
+8-bit types.
+</P>
+<br><a name="SEC11" href="#TOC1">16-BIT FUNCTIONS</a><br>
+<P>
+For every function in the 8-bit library there is a corresponding function in
+the 16-bit library with a name that starts with <b>pcre16_</b> instead of
+<b>pcre_</b>. The prototypes are listed above. In addition, there is one extra
+function, <b>pcre16_utf16_to_host_byte_order()</b>. This is a utility function
+that converts a UTF-16 character string to host byte order if necessary. The
+other 16-bit functions expect the strings they are passed to be in host byte
+order.
+</P>
+<P>
+The <i>input</i> and <i>output</i> arguments of
+<b>pcre16_utf16_to_host_byte_order()</b> may point to the same address, that is,
+conversion in place is supported. The output buffer must be at least as long as
+the input.
+</P>
+<P>
+The <i>length</i> argument specifies the number of 16-bit data units in the
+input string; a negative value specifies a zero-terminated string.
+</P>
+<P>
+If <i>byte_order</i> is NULL, it is assumed that the string starts off in host
+byte order. This may be changed by byte-order marks (BOMs) anywhere in the
+string (commonly as the first character).
+</P>
+<P>
+If <i>byte_order</i> is not NULL, a non-zero value of the integer to which it
+points means that the input starts off in host byte order, otherwise the
+opposite order is assumed. Again, BOMs in the string can change this. The final
+byte order is passed back at the end of processing.
+</P>
+<P>
+If <i>keep_boms</i> is not zero, byte-order mark characters (0xfeff) are copied
+into the output string. Otherwise they are discarded.
+</P>
+<P>
+The result of the function is the number of 16-bit units placed into the output
+buffer, including the zero terminator if the string was zero-terminated.
+</P>
+<br><a name="SEC12" href="#TOC1">SUBJECT STRING OFFSETS</a><br>
+<P>
+The lengths and starting offsets of subject strings must be specified in 16-bit
+data units, and the offsets within subject strings that are returned by the
+matching functions are in also 16-bit units rather than bytes.
+</P>
+<br><a name="SEC13" href="#TOC1">NAMED SUBPATTERNS</a><br>
+<P>
+The name-to-number translation table that is maintained for named subpatterns
+uses 16-bit characters. The <b>pcre16_get_stringtable_entries()</b> function
+returns the length of each entry in the table as the number of 16-bit data
+units.
+</P>
+<br><a name="SEC14" href="#TOC1">OPTION NAMES</a><br>
+<P>
+There are two new general option names, PCRE_UTF16 and PCRE_NO_UTF16_CHECK,
+which correspond to PCRE_UTF8 and PCRE_NO_UTF8_CHECK in the 8-bit library. In
+fact, these new options define the same bits in the options word. There is a
+discussion about the
+<a href="pcreunicode.html#utf16strings">validity of UTF-16 strings</a>
+in the
+<a href="pcreunicode.html"><b>pcreunicode</b></a>
+page.
+</P>
+<P>
+For the <b>pcre16_config()</b> function there is an option PCRE_CONFIG_UTF16
+that returns 1 if UTF-16 support is configured, otherwise 0. If this option is
+given to <b>pcre_config()</b> or <b>pcre32_config()</b>, or if the
+PCRE_CONFIG_UTF8 or PCRE_CONFIG_UTF32 option is given to <b>pcre16_config()</b>,
+the result is the PCRE_ERROR_BADOPTION error.
+</P>
+<br><a name="SEC15" href="#TOC1">CHARACTER CODES</a><br>
+<P>
+In 16-bit mode, when PCRE_UTF16 is not set, character values are treated in the
+same way as in 8-bit, non UTF-8 mode, except, of course, that they can range
+from 0 to 0xffff instead of 0 to 0xff. Character types for characters less than
+0xff can therefore be influenced by the locale in the same way as before.
+Characters greater than 0xff have only one case, and no "type" (such as letter
+or digit).
+</P>
+<P>
+In UTF-16 mode, the character code is Unicode, in the range 0 to 0x10ffff, with
+the exception of values in the range 0xd800 to 0xdfff because those are
+"surrogate" values that are used in pairs to encode values greater than 0xffff.
+</P>
+<P>
+A UTF-16 string can indicate its endianness by special code knows as a
+byte-order mark (BOM). The PCRE functions do not handle this, expecting strings
+to be in host byte order. A utility function called
+<b>pcre16_utf16_to_host_byte_order()</b> is provided to help with this (see
+above).
+</P>
+<br><a name="SEC16" href="#TOC1">ERROR NAMES</a><br>
+<P>
+The errors PCRE_ERROR_BADUTF16_OFFSET and PCRE_ERROR_SHORTUTF16 correspond to
+their 8-bit counterparts. The error PCRE_ERROR_BADMODE is given when a compiled
+pattern is passed to a function that processes patterns in the other
+mode, for example, if a pattern compiled with <b>pcre_compile()</b> is passed to
+<b>pcre16_exec()</b>.
+</P>
+<P>
+There are new error codes whose names begin with PCRE_UTF16_ERR for invalid
+UTF-16 strings, corresponding to the PCRE_UTF8_ERR codes for UTF-8 strings that
+are described in the section entitled
+<a href="pcreapi.html#badutf8reasons">"Reason codes for invalid UTF-8 strings"</a>
+in the main
+<a href="pcreapi.html"><b>pcreapi</b></a>
+page. The UTF-16 errors are:
+<pre>
+  PCRE_UTF16_ERR1  Missing low surrogate at end of string
+  PCRE_UTF16_ERR2  Invalid low surrogate follows high surrogate
+  PCRE_UTF16_ERR3  Isolated low surrogate
+  PCRE_UTF16_ERR4  Non-character
+</PRE>
+</P>
+<br><a name="SEC17" href="#TOC1">ERROR TEXTS</a><br>
+<P>
+If there is an error while compiling a pattern, the error text that is passed
+back by <b>pcre16_compile()</b> or <b>pcre16_compile2()</b> is still an 8-bit
+character string, zero-terminated.
+</P>
+<br><a name="SEC18" href="#TOC1">CALLOUTS</a><br>
+<P>
+The <i>subject</i> and <i>mark</i> fields in the callout block that is passed to
+a callout function point to 16-bit vectors.
+</P>
+<br><a name="SEC19" href="#TOC1">TESTING</a><br>
+<P>
+The <b>pcretest</b> program continues to operate with 8-bit input and output
+files, but it can be used for testing the 16-bit library. If it is run with the
+command line option <b>-16</b>, patterns and subject strings are converted from
+8-bit to 16-bit before being passed to PCRE, and the 16-bit library functions
+are used instead of the 8-bit ones. Returned 16-bit strings are converted to
+8-bit for output. If both the 8-bit and the 32-bit libraries were not compiled,
+<b>pcretest</b> defaults to 16-bit and the <b>-16</b> option is ignored.
+</P>
+<P>
+When PCRE is being built, the <b>RunTest</b> script that is called by "make
+check" uses the <b>pcretest</b> <b>-C</b> option to discover which of the 8-bit,
+16-bit and 32-bit libraries has been built, and runs the tests appropriately.
+</P>
+<br><a name="SEC20" href="#TOC1">NOT SUPPORTED IN 16-BIT MODE</a><br>
+<P>
+Not all the features of the 8-bit library are available with the 16-bit
+library. The C++ and POSIX wrapper functions support only the 8-bit library,
+and the <b>pcregrep</b> program is at present 8-bit only.
+</P>
+<br><a name="SEC21" href="#TOC1">AUTHOR</a><br>
+<P>
+Philip Hazel
+<br>
+University Computing Service
+<br>
+Cambridge CB2 3QH, England.
+<br>
+</P>
+<br><a name="SEC22" href="#TOC1">REVISION</a><br>
+<P>
+Last updated: 12 May 2013
+<br>
+Copyright &copy; 1997-2013 University of Cambridge.
+<br>
+<p>
+Return to the <a href="index.html">PCRE index page</a>.
+</p>
diff --git a/client/3rd/ShadowSocks/ShadowSocks/pcre/arm64/share/doc/pcre/html/pcre32.html b/client/3rd/ShadowSocks/ShadowSocks/pcre/arm64/share/doc/pcre/html/pcre32.html
new file mode 100644
index 00000000..f96876e7
--- /dev/null
+++ b/client/3rd/ShadowSocks/ShadowSocks/pcre/arm64/share/doc/pcre/html/pcre32.html
@@ -0,0 +1,382 @@
+<html>
+<head>
+<title>pcre32 specification</title>
+</head>
+<body bgcolor="#FFFFFF" text="#00005A" link="#0066FF" alink="#3399FF" vlink="#2222BB">
+<h1>pcre32 man page</h1>
+<p>
+Return to the <a href="index.html">PCRE index page</a>.
+</p>
+<p>
+This page is part of the PCRE HTML documentation. It was generated automatically
+from the original man page. If there is any nonsense in it, please consult the
+man page, in case the conversion went wrong.
+<br>
+<ul>
+<li><a name="TOC1" href="#SEC1">PCRE 32-BIT API BASIC FUNCTIONS</a>
+<li><a name="TOC2" href="#SEC2">PCRE 32-BIT API STRING EXTRACTION FUNCTIONS</a>
+<li><a name="TOC3" href="#SEC3">PCRE 32-BIT API AUXILIARY FUNCTIONS</a>
+<li><a name="TOC4" href="#SEC4">PCRE 32-BIT API INDIRECTED FUNCTIONS</a>
+<li><a name="TOC5" href="#SEC5">PCRE 32-BIT API 32-BIT-ONLY FUNCTION</a>
+<li><a name="TOC6" href="#SEC6">THE PCRE 32-BIT LIBRARY</a>
+<li><a name="TOC7" href="#SEC7">THE HEADER FILE</a>
+<li><a name="TOC8" href="#SEC8">THE LIBRARY NAME</a>
+<li><a name="TOC9" href="#SEC9">STRING TYPES</a>
+<li><a name="TOC10" href="#SEC10">STRUCTURE TYPES</a>
+<li><a name="TOC11" href="#SEC11">32-BIT FUNCTIONS</a>
+<li><a name="TOC12" href="#SEC12">SUBJECT STRING OFFSETS</a>
+<li><a name="TOC13" href="#SEC13">NAMED SUBPATTERNS</a>
+<li><a name="TOC14" href="#SEC14">OPTION NAMES</a>
+<li><a name="TOC15" href="#SEC15">CHARACTER CODES</a>
+<li><a name="TOC16" href="#SEC16">ERROR NAMES</a>
+<li><a name="TOC17" href="#SEC17">ERROR TEXTS</a>
+<li><a name="TOC18" href="#SEC18">CALLOUTS</a>
+<li><a name="TOC19" href="#SEC19">TESTING</a>
+<li><a name="TOC20" href="#SEC20">NOT SUPPORTED IN 32-BIT MODE</a>
+<li><a name="TOC21" href="#SEC21">AUTHOR</a>
+<li><a name="TOC22" href="#SEC22">REVISION</a>
+</ul>
+<P>
+<b>#include &#60;pcre.h&#62;</b>
+</P>
+<br><a name="SEC1" href="#TOC1">PCRE 32-BIT API BASIC FUNCTIONS</a><br>
+<P>
+<b>pcre32 *pcre32_compile(PCRE_SPTR32 <i>pattern</i>, int <i>options</i>,</b>
+<b>     const char **<i>errptr</i>, int *<i>erroffset</i>,</b>
+<b>     const unsigned char *<i>tableptr</i>);</b>
+<br>
+<br>
+<b>pcre32 *pcre32_compile2(PCRE_SPTR32 <i>pattern</i>, int <i>options</i>,</b>
+<b>     int *<i>errorcodeptr</i>,</b>
+<b>     const unsigned char *<i>tableptr</i>);</b>
+<br>
+<br>
+<b>pcre32_extra *pcre32_study(const pcre32 *<i>code</i>, int <i>options</i>,</b>
+<b>     const char **<i>errptr</i>);</b>
+<br>
+<br>
+<b>void pcre32_free_study(pcre32_extra *<i>extra</i>);</b>
+<br>
+<br>
+<b>int pcre32_exec(const pcre32 *<i>code</i>, const pcre32_extra *<i>extra</i>,</b>
+<b>     PCRE_SPTR32 <i>subject</i>, int <i>length</i>, int <i>startoffset</i>,</b>
+<b>     int <i>options</i>, int *<i>ovector</i>, int <i>ovecsize</i>);</b>
+<br>
+<br>
+<b>int pcre32_dfa_exec(const pcre32 *<i>code</i>, const pcre32_extra *<i>extra</i>,</b>
+<b>     PCRE_SPTR32 <i>subject</i>, int <i>length</i>, int <i>startoffset</i>,</b>
+<b>     int <i>options</i>, int *<i>ovector</i>, int <i>ovecsize</i>,</b>
+<b>     int *<i>workspace</i>, int <i>wscount</i>);</b>
+</P>
+<br><a name="SEC2" href="#TOC1">PCRE 32-BIT API STRING EXTRACTION FUNCTIONS</a><br>
+<P>
+<b>int pcre32_copy_named_substring(const pcre32 *<i>code</i>,</b>
+<b>     PCRE_SPTR32 <i>subject</i>, int *<i>ovector</i>,</b>
+<b>     int <i>stringcount</i>, PCRE_SPTR32 <i>stringname</i>,</b>
+<b>     PCRE_UCHAR32 *<i>buffer</i>, int <i>buffersize</i>);</b>
+<br>
+<br>
+<b>int pcre32_copy_substring(PCRE_SPTR32 <i>subject</i>, int *<i>ovector</i>,</b>
+<b>     int <i>stringcount</i>, int <i>stringnumber</i>, PCRE_UCHAR32 *<i>buffer</i>,</b>
+<b>     int <i>buffersize</i>);</b>
+<br>
+<br>
+<b>int pcre32_get_named_substring(const pcre32 *<i>code</i>,</b>
+<b>     PCRE_SPTR32 <i>subject</i>, int *<i>ovector</i>,</b>
+<b>     int <i>stringcount</i>, PCRE_SPTR32 <i>stringname</i>,</b>
+<b>     PCRE_SPTR32 *<i>stringptr</i>);</b>
+<br>
+<br>
+<b>int pcre32_get_stringnumber(const pcre32 *<i>code</i>,</b>
+<b>     PCRE_SPTR32 <i>name</i>);</b>
+<br>
+<br>
+<b>int pcre32_get_stringtable_entries(const pcre32 *<i>code</i>,</b>
+<b>     PCRE_SPTR32 <i>name</i>, PCRE_UCHAR32 **<i>first</i>, PCRE_UCHAR32 **<i>last</i>);</b>
+<br>
+<br>
+<b>int pcre32_get_substring(PCRE_SPTR32 <i>subject</i>, int *<i>ovector</i>,</b>
+<b>     int <i>stringcount</i>, int <i>stringnumber</i>,</b>
+<b>     PCRE_SPTR32 *<i>stringptr</i>);</b>
+<br>
+<br>
+<b>int pcre32_get_substring_list(PCRE_SPTR32 <i>subject</i>,</b>
+<b>     int *<i>ovector</i>, int <i>stringcount</i>, PCRE_SPTR32 **<i>listptr</i>);</b>
+<br>
+<br>
+<b>void pcre32_free_substring(PCRE_SPTR32 <i>stringptr</i>);</b>
+<br>
+<br>
+<b>void pcre32_free_substring_list(PCRE_SPTR32 *<i>stringptr</i>);</b>
+</P>
+<br><a name="SEC3" href="#TOC1">PCRE 32-BIT API AUXILIARY FUNCTIONS</a><br>
+<P>
+<b>pcre32_jit_stack *pcre32_jit_stack_alloc(int <i>startsize</i>, int <i>maxsize</i>);</b>
+<br>
+<br>
+<b>void pcre32_jit_stack_free(pcre32_jit_stack *<i>stack</i>);</b>
+<br>
+<br>
+<b>void pcre32_assign_jit_stack(pcre32_extra *<i>extra</i>,</b>
+<b>     pcre32_jit_callback <i>callback</i>, void *<i>data</i>);</b>
+<br>
+<br>
+<b>const unsigned char *pcre32_maketables(void);</b>
+<br>
+<br>
+<b>int pcre32_fullinfo(const pcre32 *<i>code</i>, const pcre32_extra *<i>extra</i>,</b>
+<b>     int <i>what</i>, void *<i>where</i>);</b>
+<br>
+<br>
+<b>int pcre32_refcount(pcre32 *<i>code</i>, int <i>adjust</i>);</b>
+<br>
+<br>
+<b>int pcre32_config(int <i>what</i>, void *<i>where</i>);</b>
+<br>
+<br>
+<b>const char *pcre32_version(void);</b>
+<br>
+<br>
+<b>int pcre32_pattern_to_host_byte_order(pcre32 *<i>code</i>,</b>
+<b>     pcre32_extra *<i>extra</i>, const unsigned char *<i>tables</i>);</b>
+</P>
+<br><a name="SEC4" href="#TOC1">PCRE 32-BIT API INDIRECTED FUNCTIONS</a><br>
+<P>
+<b>void *(*pcre32_malloc)(size_t);</b>
+<br>
+<br>
+<b>void (*pcre32_free)(void *);</b>
+<br>
+<br>
+<b>void *(*pcre32_stack_malloc)(size_t);</b>
+<br>
+<br>
+<b>void (*pcre32_stack_free)(void *);</b>
+<br>
+<br>
+<b>int (*pcre32_callout)(pcre32_callout_block *);</b>
+</P>
+<br><a name="SEC5" href="#TOC1">PCRE 32-BIT API 32-BIT-ONLY FUNCTION</a><br>
+<P>
+<b>int pcre32_utf32_to_host_byte_order(PCRE_UCHAR32 *<i>output</i>,</b>
+<b>     PCRE_SPTR32 <i>input</i>, int <i>length</i>, int *<i>byte_order</i>,</b>
+<b>     int <i>keep_boms</i>);</b>
+</P>
+<br><a name="SEC6" href="#TOC1">THE PCRE 32-BIT LIBRARY</a><br>
+<P>
+Starting with release 8.32, it is possible to compile a PCRE library that
+supports 32-bit character strings, including UTF-32 strings, as well as or
+instead of the original 8-bit library. This work was done by Christian Persch,
+based on the work done by Zoltan Herczeg for the 16-bit library. All three
+libraries contain identical sets of functions, used in exactly the same way.
+Only the names of the functions and the data types of their arguments and
+results are different. To avoid over-complication and reduce the documentation
+maintenance load, most of the PCRE documentation describes the 8-bit library,
+with only occasional references to the 16-bit and 32-bit libraries. This page
+describes what is different when you use the 32-bit library.
+</P>
+<P>
+WARNING: A single application can be linked with all or any of the three
+libraries, but you must take care when processing any particular pattern
+to use functions from just one library. For example, if you want to study
+a pattern that was compiled with <b>pcre32_compile()</b>, you must do so
+with <b>pcre32_study()</b>, not <b>pcre_study()</b>, and you must free the
+study data with <b>pcre32_free_study()</b>.
+</P>
+<br><a name="SEC7" href="#TOC1">THE HEADER FILE</a><br>
+<P>
+There is only one header file, <b>pcre.h</b>. It contains prototypes for all the
+functions in all libraries, as well as definitions of flags, structures, error
+codes, etc.
+</P>
+<br><a name="SEC8" href="#TOC1">THE LIBRARY NAME</a><br>
+<P>
+In Unix-like systems, the 32-bit library is called <b>libpcre32</b>, and can
+normally be accesss by adding <b>-lpcre32</b> to the command for linking an
+application that uses PCRE.
+</P>
+<br><a name="SEC9" href="#TOC1">STRING TYPES</a><br>
+<P>
+In the 8-bit library, strings are passed to PCRE library functions as vectors
+of bytes with the C type "char *". In the 32-bit library, strings are passed as
+vectors of unsigned 32-bit quantities. The macro PCRE_UCHAR32 specifies an
+appropriate data type, and PCRE_SPTR32 is defined as "const PCRE_UCHAR32 *". In
+very many environments, "unsigned int" is a 32-bit data type. When PCRE is
+built, it defines PCRE_UCHAR32 as "unsigned int", but checks that it really is
+a 32-bit data type. If it is not, the build fails with an error message telling
+the maintainer to modify the definition appropriately.
+</P>
+<br><a name="SEC10" href="#TOC1">STRUCTURE TYPES</a><br>
+<P>
+The types of the opaque structures that are used for compiled 32-bit patterns
+and JIT stacks are <b>pcre32</b> and <b>pcre32_jit_stack</b> respectively. The
+type of the user-accessible structure that is returned by <b>pcre32_study()</b>
+is <b>pcre32_extra</b>, and the type of the structure that is used for passing
+data to a callout function is <b>pcre32_callout_block</b>. These structures
+contain the same fields, with the same names, as their 8-bit counterparts. The
+only difference is that pointers to character strings are 32-bit instead of
+8-bit types.
+</P>
+<br><a name="SEC11" href="#TOC1">32-BIT FUNCTIONS</a><br>
+<P>
+For every function in the 8-bit library there is a corresponding function in
+the 32-bit library with a name that starts with <b>pcre32_</b> instead of
+<b>pcre_</b>. The prototypes are listed above. In addition, there is one extra
+function, <b>pcre32_utf32_to_host_byte_order()</b>. This is a utility function
+that converts a UTF-32 character string to host byte order if necessary. The
+other 32-bit functions expect the strings they are passed to be in host byte
+order.
+</P>
+<P>
+The <i>input</i> and <i>output</i> arguments of
+<b>pcre32_utf32_to_host_byte_order()</b> may point to the same address, that is,
+conversion in place is supported. The output buffer must be at least as long as
+the input.
+</P>
+<P>
+The <i>length</i> argument specifies the number of 32-bit data units in the
+input string; a negative value specifies a zero-terminated string.
+</P>
+<P>
+If <i>byte_order</i> is NULL, it is assumed that the string starts off in host
+byte order. This may be changed by byte-order marks (BOMs) anywhere in the
+string (commonly as the first character).
+</P>
+<P>
+If <i>byte_order</i> is not NULL, a non-zero value of the integer to which it
+points means that the input starts off in host byte order, otherwise the
+opposite order is assumed. Again, BOMs in the string can change this. The final
+byte order is passed back at the end of processing.
+</P>
+<P>
+If <i>keep_boms</i> is not zero, byte-order mark characters (0xfeff) are copied
+into the output string. Otherwise they are discarded.
+</P>
+<P>
+The result of the function is the number of 32-bit units placed into the output
+buffer, including the zero terminator if the string was zero-terminated.
+</P>
+<br><a name="SEC12" href="#TOC1">SUBJECT STRING OFFSETS</a><br>
+<P>
+The lengths and starting offsets of subject strings must be specified in 32-bit
+data units, and the offsets within subject strings that are returned by the
+matching functions are in also 32-bit units rather than bytes.
+</P>
+<br><a name="SEC13" href="#TOC1">NAMED SUBPATTERNS</a><br>
+<P>
+The name-to-number translation table that is maintained for named subpatterns
+uses 32-bit characters. The <b>pcre32_get_stringtable_entries()</b> function
+returns the length of each entry in the table as the number of 32-bit data
+units.
+</P>
+<br><a name="SEC14" href="#TOC1">OPTION NAMES</a><br>
+<P>
+There are two new general option names, PCRE_UTF32 and PCRE_NO_UTF32_CHECK,
+which correspond to PCRE_UTF8 and PCRE_NO_UTF8_CHECK in the 8-bit library. In
+fact, these new options define the same bits in the options word. There is a
+discussion about the
+<a href="pcreunicode.html#utf32strings">validity of UTF-32 strings</a>
+in the
+<a href="pcreunicode.html"><b>pcreunicode</b></a>
+page.
+</P>
+<P>
+For the <b>pcre32_config()</b> function there is an option PCRE_CONFIG_UTF32
+that returns 1 if UTF-32 support is configured, otherwise 0. If this option is
+given to <b>pcre_config()</b> or <b>pcre16_config()</b>, or if the
+PCRE_CONFIG_UTF8 or PCRE_CONFIG_UTF16 option is given to <b>pcre32_config()</b>,
+the result is the PCRE_ERROR_BADOPTION error.
+</P>
+<br><a name="SEC15" href="#TOC1">CHARACTER CODES</a><br>
+<P>
+In 32-bit mode, when PCRE_UTF32 is not set, character values are treated in the
+same way as in 8-bit, non UTF-8 mode, except, of course, that they can range
+from 0 to 0x7fffffff instead of 0 to 0xff. Character types for characters less
+than 0xff can therefore be influenced by the locale in the same way as before.
+Characters greater than 0xff have only one case, and no "type" (such as letter
+or digit).
+</P>
+<P>
+In UTF-32 mode, the character code is Unicode, in the range 0 to 0x10ffff, with
+the exception of values in the range 0xd800 to 0xdfff because those are
+"surrogate" values that are ill-formed in UTF-32.
+</P>
+<P>
+A UTF-32 string can indicate its endianness by special code knows as a
+byte-order mark (BOM). The PCRE functions do not handle this, expecting strings
+to be in host byte order. A utility function called
+<b>pcre32_utf32_to_host_byte_order()</b> is provided to help with this (see
+above).
+</P>
+<br><a name="SEC16" href="#TOC1">ERROR NAMES</a><br>
+<P>
+The error PCRE_ERROR_BADUTF32 corresponds to its 8-bit counterpart.
+The error PCRE_ERROR_BADMODE is given when a compiled
+pattern is passed to a function that processes patterns in the other
+mode, for example, if a pattern compiled with <b>pcre_compile()</b> is passed to
+<b>pcre32_exec()</b>.
+</P>
+<P>
+There are new error codes whose names begin with PCRE_UTF32_ERR for invalid
+UTF-32 strings, corresponding to the PCRE_UTF8_ERR codes for UTF-8 strings that
+are described in the section entitled
+<a href="pcreapi.html#badutf8reasons">"Reason codes for invalid UTF-8 strings"</a>
+in the main
+<a href="pcreapi.html"><b>pcreapi</b></a>
+page. The UTF-32 errors are:
+<pre>
+  PCRE_UTF32_ERR1  Surrogate character (range from 0xd800 to 0xdfff)
+  PCRE_UTF32_ERR2  Non-character
+  PCRE_UTF32_ERR3  Character &#62; 0x10ffff
+</PRE>
+</P>
+<br><a name="SEC17" href="#TOC1">ERROR TEXTS</a><br>
+<P>
+If there is an error while compiling a pattern, the error text that is passed
+back by <b>pcre32_compile()</b> or <b>pcre32_compile2()</b> is still an 8-bit
+character string, zero-terminated.
+</P>
+<br><a name="SEC18" href="#TOC1">CALLOUTS</a><br>
+<P>
+The <i>subject</i> and <i>mark</i> fields in the callout block that is passed to
+a callout function point to 32-bit vectors.
+</P>
+<br><a name="SEC19" href="#TOC1">TESTING</a><br>
+<P>
+The <b>pcretest</b> program continues to operate with 8-bit input and output
+files, but it can be used for testing the 32-bit library. If it is run with the
+command line option <b>-32</b>, patterns and subject strings are converted from
+8-bit to 32-bit before being passed to PCRE, and the 32-bit library functions
+are used instead of the 8-bit ones. Returned 32-bit strings are converted to
+8-bit for output. If both the 8-bit and the 16-bit libraries were not compiled,
+<b>pcretest</b> defaults to 32-bit and the <b>-32</b> option is ignored.
+</P>
+<P>
+When PCRE is being built, the <b>RunTest</b> script that is called by "make
+check" uses the <b>pcretest</b> <b>-C</b> option to discover which of the 8-bit,
+16-bit and 32-bit libraries has been built, and runs the tests appropriately.
+</P>
+<br><a name="SEC20" href="#TOC1">NOT SUPPORTED IN 32-BIT MODE</a><br>
+<P>
+Not all the features of the 8-bit library are available with the 32-bit
+library. The C++ and POSIX wrapper functions support only the 8-bit library,
+and the <b>pcregrep</b> program is at present 8-bit only.
+</P>
+<br><a name="SEC21" href="#TOC1">AUTHOR</a><br>
+<P>
+Philip Hazel
+<br>
+University Computing Service
+<br>
+Cambridge CB2 3QH, England.
+<br>
+</P>
+<br><a name="SEC22" href="#TOC1">REVISION</a><br>
+<P>
+Last updated: 12 May 2013
+<br>
+Copyright &copy; 1997-2013 University of Cambridge.
+<br>
+<p>
+Return to the <a href="index.html">PCRE index page</a>.
+</p>
diff --git a/client/3rd/ShadowSocks/ShadowSocks/pcre/arm64/share/doc/pcre/html/pcre_assign_jit_stack.html b/client/3rd/ShadowSocks/ShadowSocks/pcre/arm64/share/doc/pcre/html/pcre_assign_jit_stack.html
new file mode 100644
index 00000000..b2eef704
--- /dev/null
+++ b/client/3rd/ShadowSocks/ShadowSocks/pcre/arm64/share/doc/pcre/html/pcre_assign_jit_stack.html
@@ -0,0 +1,76 @@
+<html>
+<head>
+<title>pcre_assign_jit_stack specification</title>
+</head>
+<body bgcolor="#FFFFFF" text="#00005A" link="#0066FF" alink="#3399FF" vlink="#2222BB">
+<h1>pcre_assign_jit_stack man page</h1>
+<p>
+Return to the <a href="index.html">PCRE index page</a>.
+</p>
+<p>
+This page is part of the PCRE HTML documentation. It was generated automatically
+from the original man page. If there is any nonsense in it, please consult the
+man page, in case the conversion went wrong.
+<br>
+<br><b>
+SYNOPSIS
+</b><br>
+<P>
+<b>#include &#60;pcre.h&#62;</b>
+</P>
+<P>
+<b>void pcre_assign_jit_stack(pcre_extra *<i>extra</i>,</b>
+<b>     pcre_jit_callback <i>callback</i>, void *<i>data</i>);</b>
+<br>
+<br>
+<b>void pcre16_assign_jit_stack(pcre16_extra *<i>extra</i>,</b>
+<b>     pcre16_jit_callback <i>callback</i>, void *<i>data</i>);</b>
+<br>
+<br>
+<b>void pcre32_assign_jit_stack(pcre32_extra *<i>extra</i>,</b>
+<b>     pcre32_jit_callback <i>callback</i>, void *<i>data</i>);</b>
+</P>
+<br><b>
+DESCRIPTION
+</b><br>
+<P>
+This function provides control over the memory used as a stack at run-time by a
+call to <b>pcre[16|32]_exec()</b> with a pattern that has been successfully
+compiled with JIT optimization. The arguments are:
+<pre>
+  extra     the data pointer returned by <b>pcre[16|32]_study()</b>
+  callback  a callback function
+  data      a JIT stack or a value to be passed to the callback
+              function
+</PRE>
+</P>
+<P>
+If <i>callback</i> is NULL and <i>data</i> is NULL, an internal 32K block on
+the machine stack is used.
+</P>
+<P>
+If <i>callback</i> is NULL and <i>data</i> is not NULL, <i>data</i> must
+be a valid JIT stack, the result of calling <b>pcre[16|32]_jit_stack_alloc()</b>.
+</P>
+<P>
+If <i>callback</i> not NULL, it is called with <i>data</i> as an argument at
+the start of matching, in order to set up a JIT stack. If the result is NULL,
+the internal 32K stack is used; otherwise the return value must be a valid JIT
+stack, the result of calling <b>pcre[16|32]_jit_stack_alloc()</b>.
+</P>
+<P>
+You may safely assign the same JIT stack to multiple patterns, as long as they
+are all matched in the same thread. In a multithread application, each thread
+must use its own JIT stack. For more details, see the
+<a href="pcrejit.html"><b>pcrejit</b></a>
+page.
+</P>
+<P>
+There is a complete description of the PCRE native API in the
+<a href="pcreapi.html"><b>pcreapi</b></a>
+page and a description of the POSIX API in the
+<a href="pcreposix.html"><b>pcreposix</b></a>
+page.
+<p>
+Return to the <a href="index.html">PCRE index page</a>.
+</p>
diff --git a/client/3rd/ShadowSocks/ShadowSocks/pcre/arm64/share/doc/pcre/html/pcre_compile.html b/client/3rd/ShadowSocks/ShadowSocks/pcre/arm64/share/doc/pcre/html/pcre_compile.html
new file mode 100644
index 00000000..95b4bec6
--- /dev/null
+++ b/client/3rd/ShadowSocks/ShadowSocks/pcre/arm64/share/doc/pcre/html/pcre_compile.html
@@ -0,0 +1,111 @@
+<html>
+<head>
+<title>pcre_compile specification</title>
+</head>
+<body bgcolor="#FFFFFF" text="#00005A" link="#0066FF" alink="#3399FF" vlink="#2222BB">
+<h1>pcre_compile man page</h1>
+<p>
+Return to the <a href="index.html">PCRE index page</a>.
+</p>
+<p>
+This page is part of the PCRE HTML documentation. It was generated automatically
+from the original man page. If there is any nonsense in it, please consult the
+man page, in case the conversion went wrong.
+<br>
+<br><b>
+SYNOPSIS
+</b><br>
+<P>
+<b>#include &#60;pcre.h&#62;</b>
+</P>
+<P>
+<b>pcre *pcre_compile(const char *<i>pattern</i>, int <i>options</i>,</b>
+<b>     const char **<i>errptr</i>, int *<i>erroffset</i>,</b>
+<b>     const unsigned char *<i>tableptr</i>);</b>
+<br>
+<br>
+<b>pcre16 *pcre16_compile(PCRE_SPTR16 <i>pattern</i>, int <i>options</i>,</b>
+<b>     const char **<i>errptr</i>, int *<i>erroffset</i>,</b>
+<b>     const unsigned char *<i>tableptr</i>);</b>
+<br>
+<br>
+<b>pcre32 *pcre32_compile(PCRE_SPTR32 <i>pattern</i>, int <i>options</i>,</b>
+<b>     const char **<i>errptr</i>, int *<i>erroffset</i>,</b>
+<b>     const unsigned char *<i>tableptr</i>);</b>
+</P>
+<br><b>
+DESCRIPTION
+</b><br>
+<P>
+This function compiles a regular expression into an internal form. It is the
+same as <b>pcre[16|32]_compile2()</b>, except for the absence of the
+<i>errorcodeptr</i> argument. Its arguments are:
+<pre>
+  <i>pattern</i>       A zero-terminated string containing the
+                  regular expression to be compiled
+  <i>options</i>       Zero or more option bits
+  <i>errptr</i>        Where to put an error message
+  <i>erroffset</i>     Offset in pattern where error was found
+  <i>tableptr</i>      Pointer to character tables, or NULL to
+                  use the built-in default
+</pre>
+The option bits are:
+<pre>
+  PCRE_ANCHORED           Force pattern anchoring
+  PCRE_AUTO_CALLOUT       Compile automatic callouts
+  PCRE_BSR_ANYCRLF        \R matches only CR, LF, or CRLF
+  PCRE_BSR_UNICODE        \R matches all Unicode line endings
+  PCRE_CASELESS           Do caseless matching
+  PCRE_DOLLAR_ENDONLY     $ not to match newline at end
+  PCRE_DOTALL             . matches anything including NL
+  PCRE_DUPNAMES           Allow duplicate names for subpatterns
+  PCRE_EXTENDED           Ignore white space and # comments
+  PCRE_EXTRA              PCRE extra features
+                            (not much use currently)
+  PCRE_FIRSTLINE          Force matching to be before newline
+  PCRE_JAVASCRIPT_COMPAT  JavaScript compatibility
+  PCRE_MULTILINE          ^ and $ match newlines within data
+  PCRE_NEVER_UTF          Lock out UTF, e.g. via (*UTF)
+  PCRE_NEWLINE_ANY        Recognize any Unicode newline sequence
+  PCRE_NEWLINE_ANYCRLF    Recognize CR, LF, and CRLF as newline
+                            sequences
+  PCRE_NEWLINE_CR         Set CR as the newline sequence
+  PCRE_NEWLINE_CRLF       Set CRLF as the newline sequence
+  PCRE_NEWLINE_LF         Set LF as the newline sequence
+  PCRE_NO_AUTO_CAPTURE    Disable numbered capturing paren-
+                            theses (named ones available)
+  PCRE_NO_AUTO_POSSESS    Disable auto-possessification
+  PCRE_NO_START_OPTIMIZE  Disable match-time start optimizations
+  PCRE_NO_UTF16_CHECK     Do not check the pattern for UTF-16
+                            validity (only relevant if
+                            PCRE_UTF16 is set)
+  PCRE_NO_UTF32_CHECK     Do not check the pattern for UTF-32
+                            validity (only relevant if
+                            PCRE_UTF32 is set)
+  PCRE_NO_UTF8_CHECK      Do not check the pattern for UTF-8
+                            validity (only relevant if
+                            PCRE_UTF8 is set)
+  PCRE_UCP                Use Unicode properties for \d, \w, etc.
+  PCRE_UNGREEDY           Invert greediness of quantifiers
+  PCRE_UTF16              Run in <b>pcre16_compile()</b> UTF-16 mode
+  PCRE_UTF32              Run in <b>pcre32_compile()</b> UTF-32 mode
+  PCRE_UTF8               Run in <b>pcre_compile()</b> UTF-8 mode
+</pre>
+PCRE must be built with UTF support in order to use PCRE_UTF8/16/32 and
+PCRE_NO_UTF8/16/32_CHECK, and with UCP support if PCRE_UCP is used.
+</P>
+<P>
+The yield of the function is a pointer to a private data structure that
+contains the compiled pattern, or NULL if an error was detected. Note that
+compiling regular expressions with one version of PCRE for use with a different
+version is not guaranteed to work and may cause crashes.
+</P>
+<P>
+There is a complete description of the PCRE native API in the
+<a href="pcreapi.html"><b>pcreapi</b></a>
+page and a description of the POSIX API in the
+<a href="pcreposix.html"><b>pcreposix</b></a>
+page.
+<p>
+Return to the <a href="index.html">PCRE index page</a>.
+</p>
diff --git a/client/3rd/ShadowSocks/ShadowSocks/pcre/arm64/share/doc/pcre/html/pcre_compile2.html b/client/3rd/ShadowSocks/ShadowSocks/pcre/arm64/share/doc/pcre/html/pcre_compile2.html
new file mode 100644
index 00000000..9cd56a23
--- /dev/null
+++ b/client/3rd/ShadowSocks/ShadowSocks/pcre/arm64/share/doc/pcre/html/pcre_compile2.html
@@ -0,0 +1,115 @@
+<html>
+<head>
+<title>pcre_compile2 specification</title>
+</head>
+<body bgcolor="#FFFFFF" text="#00005A" link="#0066FF" alink="#3399FF" vlink="#2222BB">
+<h1>pcre_compile2 man page</h1>
+<p>
+Return to the <a href="index.html">PCRE index page</a>.
+</p>
+<p>
+This page is part of the PCRE HTML documentation. It was generated automatically
+from the original man page. If there is any nonsense in it, please consult the
+man page, in case the conversion went wrong.
+<br>
+<br><b>
+SYNOPSIS
+</b><br>
+<P>
+<b>#include &#60;pcre.h&#62;</b>
+</P>
+<P>
+<b>pcre *pcre_compile2(const char *<i>pattern</i>, int <i>options</i>,</b>
+<b>     int *<i>errorcodeptr</i>,</b>
+<b>     const char **<i>errptr</i>, int *<i>erroffset</i>,</b>
+<b>     const unsigned char *<i>tableptr</i>);</b>
+<br>
+<br>
+<b>pcre16 *pcre16_compile2(PCRE_SPTR16 <i>pattern</i>, int <i>options</i>,</b>
+<b>     int *<i>errorcodeptr</i>,</b>
+<b>     const char **<i>errptr</i>, int *<i>erroffset</i>,</b>
+<b>     const unsigned char *<i>tableptr</i>);</b>
+<br>
+<br>
+<b>pcre32 *pcre32_compile2(PCRE_SPTR32 <i>pattern</i>, int <i>options</i>,</b>
+<b>"     int *<i>errorcodeptr</i>,£</b>
+<b>     const char **<i>errptr</i>, int *<i>erroffset</i>,</b>
+<b>     const unsigned char *<i>tableptr</i>);</b>
+</P>
+<br><b>
+DESCRIPTION
+</b><br>
+<P>
+This function compiles a regular expression into an internal form. It is the
+same as <b>pcre[16|32]_compile()</b>, except for the addition of the
+<i>errorcodeptr</i> argument. The arguments are:
+<pre>
+  <i>pattern</i>       A zero-terminated string containing the
+                  regular expression to be compiled
+  <i>options</i>       Zero or more option bits
+  <i>errorcodeptr</i>  Where to put an error code
+  <i>errptr</i>        Where to put an error message
+  <i>erroffset</i>     Offset in pattern where error was found
+  <i>tableptr</i>      Pointer to character tables, or NULL to
+                  use the built-in default
+</pre>
+The option bits are:
+<pre>
+  PCRE_ANCHORED           Force pattern anchoring
+  PCRE_AUTO_CALLOUT       Compile automatic callouts
+  PCRE_BSR_ANYCRLF        \R matches only CR, LF, or CRLF
+  PCRE_BSR_UNICODE        \R matches all Unicode line endings
+  PCRE_CASELESS           Do caseless matching
+  PCRE_DOLLAR_ENDONLY     $ not to match newline at end
+  PCRE_DOTALL             . matches anything including NL
+  PCRE_DUPNAMES           Allow duplicate names for subpatterns
+  PCRE_EXTENDED           Ignore white space and # comments
+  PCRE_EXTRA              PCRE extra features
+                            (not much use currently)
+  PCRE_FIRSTLINE          Force matching to be before newline
+  PCRE_JAVASCRIPT_COMPAT  JavaScript compatibility
+  PCRE_MULTILINE          ^ and $ match newlines within data
+  PCRE_NEVER_UTF          Lock out UTF, e.g. via (*UTF)
+  PCRE_NEWLINE_ANY        Recognize any Unicode newline sequence
+  PCRE_NEWLINE_ANYCRLF    Recognize CR, LF, and CRLF as newline
+                            sequences
+  PCRE_NEWLINE_CR         Set CR as the newline sequence
+  PCRE_NEWLINE_CRLF       Set CRLF as the newline sequence
+  PCRE_NEWLINE_LF         Set LF as the newline sequence
+  PCRE_NO_AUTO_CAPTURE    Disable numbered capturing paren-
+                            theses (named ones available)
+  PCRE_NO_AUTO_POSSESS    Disable auto-possessification
+  PCRE_NO_START_OPTIMIZE  Disable match-time start optimizations
+  PCRE_NO_UTF16_CHECK     Do not check the pattern for UTF-16
+                            validity (only relevant if
+                            PCRE_UTF16 is set)
+  PCRE_NO_UTF32_CHECK     Do not check the pattern for UTF-32
+                            validity (only relevant if
+                            PCRE_UTF32 is set)
+  PCRE_NO_UTF8_CHECK      Do not check the pattern for UTF-8
+                            validity (only relevant if
+                            PCRE_UTF8 is set)
+  PCRE_UCP                Use Unicode properties for \d, \w, etc.
+  PCRE_UNGREEDY           Invert greediness of quantifiers
+  PCRE_UTF16              Run <b>pcre16_compile()</b> in UTF-16 mode
+  PCRE_UTF32              Run <b>pcre32_compile()</b> in UTF-32 mode
+  PCRE_UTF8               Run <b>pcre_compile()</b> in UTF-8 mode
+</pre>
+PCRE must be built with UTF support in order to use PCRE_UTF8/16/32 and
+PCRE_NO_UTF8/16/32_CHECK, and with UCP support if PCRE_UCP is used.
+</P>
+<P>
+The yield of the function is a pointer to a private data structure that
+contains the compiled pattern, or NULL if an error was detected. Note that
+compiling regular expressions with one version of PCRE for use with a different
+version is not guaranteed to work and may cause crashes.
+</P>
+<P>
+There is a complete description of the PCRE native API in the
+<a href="pcreapi.html"><b>pcreapi</b></a>
+page and a description of the POSIX API in the
+<a href="pcreposix.html"><b>pcreposix</b></a>
+page.
+<p>
+Return to the <a href="index.html">PCRE index page</a>.
+</p>
diff --git a/client/3rd/ShadowSocks/ShadowSocks/pcre/arm64/share/doc/pcre/html/pcre_config.html b/client/3rd/ShadowSocks/ShadowSocks/pcre/arm64/share/doc/pcre/html/pcre_config.html
new file mode 100644
index 00000000..72fb9caa
--- /dev/null
+++ b/client/3rd/ShadowSocks/ShadowSocks/pcre/arm64/share/doc/pcre/html/pcre_config.html
@@ -0,0 +1,94 @@
+<html>
+<head>
+<title>pcre_config specification</title>
+</head>
+<body bgcolor="#FFFFFF" text="#00005A" link="#0066FF" alink="#3399FF" vlink="#2222BB">
+<h1>pcre_config man page</h1>
+<p>
+Return to the <a href="index.html">PCRE index page</a>.
+</p>
+<p>
+This page is part of the PCRE HTML documentation. It was generated automatically
+from the original man page. If there is any nonsense in it, please consult the
+man page, in case the conversion went wrong.
+<br>
+<br><b>
+SYNOPSIS
+</b><br>
+<P>
+<b>#include &#60;pcre.h&#62;</b>
+</P>
+<P>
+<b>int pcre_config(int <i>what</i>, void *<i>where</i>);</b>
+</P>
+<P>
+<b>int pcre16_config(int <i>what</i>, void *<i>where</i>);</b>
+</P>
+<P>
+<b>int pcre32_config(int <i>what</i>, void *<i>where</i>);</b>
+</P>
+<br><b>
+DESCRIPTION
+</b><br>
+<P>
+This function makes it possible for a client program to find out which optional
+features are available in the version of the PCRE library it is using. The
+arguments are as follows:
+<pre>
+  <i>what</i>     A code specifying what information is required
+  <i>where</i>    Points to where to put the data
+</pre>
+The <i>where</i> argument must point to an integer variable, except for
+PCRE_CONFIG_MATCH_LIMIT, PCRE_CONFIG_MATCH_LIMIT_RECURSION, and
+PCRE_CONFIG_PARENS_LIMIT, when it must point to an unsigned long integer,
+and for PCRE_CONFIG_JITTARGET, when it must point to a const char*.
+The available codes are:
+<pre>
+  PCRE_CONFIG_JIT           Availability of just-in-time compiler
+                              support (1=yes 0=no)
+  PCRE_CONFIG_JITTARGET     String containing information about the
+                              target architecture for the JIT compiler,
+                              or NULL if there is no JIT support
+  PCRE_CONFIG_LINK_SIZE     Internal link size: 2, 3, or 4
+  PCRE_CONFIG_PARENS_LIMIT  Parentheses nesting limit
+  PCRE_CONFIG_MATCH_LIMIT   Internal resource limit
+  PCRE_CONFIG_MATCH_LIMIT_RECURSION
+                            Internal recursion depth limit
+  PCRE_CONFIG_NEWLINE       Value of the default newline sequence:
+                                13 (0x000d)    for CR
+                                10 (0x000a)    for LF
+                              3338 (0x0d0a)    for CRLF
+                                -2             for ANYCRLF
+                                -1             for ANY
+  PCRE_CONFIG_BSR           Indicates what \R matches by default:
+                                 0             all Unicode line endings
+                                 1             CR, LF, or CRLF only
+  PCRE_CONFIG_POSIX_MALLOC_THRESHOLD
+                            Threshold of return slots, above which
+                              <b>malloc()</b> is used by the POSIX API
+  PCRE_CONFIG_STACKRECURSE  Recursion implementation (1=stack 0=heap)
+  PCRE_CONFIG_UTF16         Availability of UTF-16 support (1=yes
+                               0=no); option for <b>pcre16_config()</b>
+  PCRE_CONFIG_UTF32         Availability of UTF-32 support (1=yes
+                               0=no); option for <b>pcre32_config()</b>
+  PCRE_CONFIG_UTF8          Availability of UTF-8 support (1=yes 0=no);
+                              option for <b>pcre_config()</b>
+  PCRE_CONFIG_UNICODE_PROPERTIES
+                            Availability of Unicode property support
+                              (1=yes 0=no)
+</pre>
+The function yields 0 on success or PCRE_ERROR_BADOPTION otherwise. That error
+is also given if PCRE_CONFIG_UTF16 or PCRE_CONFIG_UTF32 is passed to
+<b>pcre_config()</b>, if PCRE_CONFIG_UTF8 or PCRE_CONFIG_UTF32 is passed to
+<b>pcre16_config()</b>, or if PCRE_CONFIG_UTF8 or PCRE_CONFIG_UTF16 is passed to
+<b>pcre32_config()</b>.
+</P>
+<P>
+There is a complete description of the PCRE native API in the
+<a href="pcreapi.html"><b>pcreapi</b></a>
+page and a description of the POSIX API in the
+<a href="pcreposix.html"><b>pcreposix</b></a>
+page.
+<p>
+Return to the <a href="index.html">PCRE index page</a>.
+</p>
diff --git a/client/3rd/ShadowSocks/ShadowSocks/pcre/arm64/share/doc/pcre/html/pcre_copy_named_substring.html b/client/3rd/ShadowSocks/ShadowSocks/pcre/arm64/share/doc/pcre/html/pcre_copy_named_substring.html
new file mode 100644
index 00000000..77b48043
--- /dev/null
+++ b/client/3rd/ShadowSocks/ShadowSocks/pcre/arm64/share/doc/pcre/html/pcre_copy_named_substring.html
@@ -0,0 +1,65 @@
+<html>
+<head>
+<title>pcre_copy_named_substring specification</title>
+</head>
+<body bgcolor="#FFFFFF" text="#00005A" link="#0066FF" alink="#3399FF" vlink="#2222BB">
+<h1>pcre_copy_named_substring man page</h1>
+<p>
+Return to the <a href="index.html">PCRE index page</a>.
+</p>
+<p>
+This page is part of the PCRE HTML documentation. It was generated automatically
+from the original man page. If there is any nonsense in it, please consult the
+man page, in case the conversion went wrong.
+<br>
+<br><b>
+SYNOPSIS
+</b><br>
+<P>
+<b>#include &#60;pcre.h&#62;</b>
+</P>
+<P>
+<b>int pcre_copy_named_substring(const pcre *<i>code</i>,</b>
+<b>     const char *<i>subject</i>, int *<i>ovector</i>,</b>
+<b>     int <i>stringcount</i>, const char *<i>stringname</i>,</b>
+<b>     char *<i>buffer</i>, int <i>buffersize</i>);</b>
+<br>
+<br>
+<b>int pcre16_copy_named_substring(const pcre16 *<i>code</i>,</b>
+<b>     PCRE_SPTR16 <i>subject</i>, int *<i>ovector</i>,</b>
+<b>     int <i>stringcount</i>, PCRE_SPTR16 <i>stringname</i>,</b>
+<b>     PCRE_UCHAR16 *<i>buffer</i>, int <i>buffersize</i>);</b>
+<br>
+<br>
+<b>int pcre32_copy_named_substring(const pcre32 *<i>code</i>,</b>
+<b>     PCRE_SPTR32 <i>subject</i>, int *<i>ovector</i>,</b>
+<b>     int <i>stringcount</i>, PCRE_SPTR32 <i>stringname</i>,</b>
+<b>     PCRE_UCHAR32 *<i>buffer</i>, int <i>buffersize</i>);</b>
+</P>
+<br><b>
+DESCRIPTION
+</b><br>
+<P>
+This is a convenience function for extracting a captured substring, identified
+by name, into a given buffer. The arguments are:
+<pre>
+  <i>code</i>          Pattern that was successfully matched
+  <i>subject</i>       Subject that has been successfully matched
+  <i>ovector</i>       Offset vector that <b>pcre[16|32]_exec()</b> used
+  <i>stringcount</i>   Value returned by <b>pcre[16|32]_exec()</b>
+  <i>stringname</i>    Name of the required substring
+  <i>buffer</i>        Buffer to receive the string
+  <i>buffersize</i>    Size of buffer
+</pre>
+The yield is the length of the substring, PCRE_ERROR_NOMEMORY if the buffer was
+too small, or PCRE_ERROR_NOSUBSTRING if the string name is invalid.
+</P>
+<P>
+There is a complete description of the PCRE native API in the
+<a href="pcreapi.html"><b>pcreapi</b></a>
+page and a description of the POSIX API in the
+<a href="pcreposix.html"><b>pcreposix</b></a>
+page.
+<p>
+Return to the <a href="index.html">PCRE index page</a>.
+</p>
diff --git a/client/3rd/ShadowSocks/ShadowSocks/pcre/arm64/share/doc/pcre/html/pcre_copy_substring.html b/client/3rd/ShadowSocks/ShadowSocks/pcre/arm64/share/doc/pcre/html/pcre_copy_substring.html
new file mode 100644
index 00000000..ecaebe85
--- /dev/null
+++ b/client/3rd/ShadowSocks/ShadowSocks/pcre/arm64/share/doc/pcre/html/pcre_copy_substring.html
@@ -0,0 +1,61 @@
+<html>
+<head>
+<title>pcre_copy_substring specification</title>
+</head>
+<body bgcolor="#FFFFFF" text="#00005A" link="#0066FF" alink="#3399FF" vlink="#2222BB">
+<h1>pcre_copy_substring man page</h1>
+<p>
+Return to the <a href="index.html">PCRE index page</a>.
+</p>
+<p>
+This page is part of the PCRE HTML documentation. It was generated automatically
+from the original man page. If there is any nonsense in it, please consult the
+man page, in case the conversion went wrong.
+<br>
+<br><b>
+SYNOPSIS
+</b><br>
+<P>
+<b>#include &#60;pcre.h&#62;</b>
+</P>
+<P>
+<b>int pcre_copy_substring(const char *<i>subject</i>, int *<i>ovector</i>,</b>
+<b>     int <i>stringcount</i>, int <i>stringnumber</i>, char *<i>buffer</i>,</b>
+<b>     int <i>buffersize</i>);</b>
+<br>
+<br>
+<b>int pcre16_copy_substring(PCRE_SPTR16 <i>subject</i>, int *<i>ovector</i>,</b>
+<b>     int <i>stringcount</i>, int <i>stringnumber</i>, PCRE_UCHAR16 *<i>buffer</i>,</b>
+<b>     int <i>buffersize</i>);</b>
+<br>
+<br>
+<b>int pcre32_copy_substring(PCRE_SPTR32 <i>subject</i>, int *<i>ovector</i>,</b>
+<b>     int <i>stringcount</i>, int <i>stringnumber</i>, PCRE_UCHAR32 *<i>buffer</i>,</b>
+<b>     int <i>buffersize</i>);</b>
+</P>
+<br><b>
+DESCRIPTION
+</b><br>
+<P>
+This is a convenience function for extracting a captured substring into a given
+buffer. The arguments are:
+<pre>
+  <i>subject</i>       Subject that has been successfully matched
+  <i>ovector</i>       Offset vector that <b>pcre[16|32]_exec()</b> used
+  <i>stringcount</i>   Value returned by <b>pcre[16|32]_exec()</b>
+  <i>stringnumber</i>  Number of the required substring
+  <i>buffer</i>        Buffer to receive the string
+  <i>buffersize</i>    Size of buffer
+</pre>
+The yield is the length of the string, PCRE_ERROR_NOMEMORY if the buffer was
+too small, or PCRE_ERROR_NOSUBSTRING if the string number is invalid.
+</P>
+<P>
+There is a complete description of the PCRE native API in the
+<a href="pcreapi.html"><b>pcreapi</b></a>
+page and a description of the POSIX API in the
+<a href="pcreposix.html"><b>pcreposix</b></a>
+page.
+<p>
+Return to the <a href="index.html">PCRE index page</a>.
+</p>
diff --git a/client/3rd/ShadowSocks/ShadowSocks/pcre/arm64/share/doc/pcre/html/pcre_dfa_exec.html b/client/3rd/ShadowSocks/ShadowSocks/pcre/arm64/share/doc/pcre/html/pcre_dfa_exec.html
new file mode 100644
index 00000000..5fff6a7e
--- /dev/null
+++ b/client/3rd/ShadowSocks/ShadowSocks/pcre/arm64/share/doc/pcre/html/pcre_dfa_exec.html
@@ -0,0 +1,129 @@
+<html>
+<head>
+<title>pcre_dfa_exec specification</title>
+</head>
+<body bgcolor="#FFFFFF" text="#00005A" link="#0066FF" alink="#3399FF" vlink="#2222BB">
+<h1>pcre_dfa_exec man page</h1>
+<p>
+Return to the <a href="index.html">PCRE index page</a>.
+</p>
+<p>
+This page is part of the PCRE HTML documentation. It was generated automatically
+from the original man page. If there is any nonsense in it, please consult the
+man page, in case the conversion went wrong.
+<br>
+<br><b>
+SYNOPSIS
+</b><br>
+<P>
+<b>#include &#60;pcre.h&#62;</b>
+</P>
+<P>
+<b>int pcre_dfa_exec(const pcre *<i>code</i>, const pcre_extra *<i>extra</i>,</b>
+<b>     const char *<i>subject</i>, int <i>length</i>, int <i>startoffset</i>,</b>
+<b>     int <i>options</i>, int *<i>ovector</i>, int <i>ovecsize</i>,</b>
+<b>     int *<i>workspace</i>, int <i>wscount</i>);</b>
+<br>
+<br>
+<b>int pcre16_dfa_exec(const pcre16 *<i>code</i>, const pcre16_extra *<i>extra</i>,</b>
+<b>     PCRE_SPTR16 <i>subject</i>, int <i>length</i>, int <i>startoffset</i>,</b>
+<b>     int <i>options</i>, int *<i>ovector</i>, int <i>ovecsize</i>,</b>
+<b>     int *<i>workspace</i>, int <i>wscount</i>);</b>
+<br>
+<br>
+<b>int pcre32_dfa_exec(const pcre32 *<i>code</i>, const pcre32_extra *<i>extra</i>,</b>
+<b>     PCRE_SPTR32 <i>subject</i>, int <i>length</i>, int <i>startoffset</i>,</b>
+<b>     int <i>options</i>, int *<i>ovector</i>, int <i>ovecsize</i>,</b>
+<b>     int *<i>workspace</i>, int <i>wscount</i>);</b>
+</P>
+<br><b>
+DESCRIPTION
+</b><br>
+<P>
+This function matches a compiled regular expression against a given subject
+string, using an alternative matching algorithm that scans the subject string
+just once (<i>not</i> Perl-compatible). Note that the main, Perl-compatible,
+matching function is <b>pcre[16|32]_exec()</b>. The arguments for this function
+are:
+<pre>
+  <i>code</i>         Points to the compiled pattern
+  <i>extra</i>        Points to an associated <b>pcre[16|32]_extra</b> structure,
+                 or is NULL
+  <i>subject</i>      Points to the subject string
+  <i>length</i>       Length of the subject string
+  <i>startoffset</i>  Offset in the subject at which to start matching
+  <i>options</i>      Option bits
+  <i>ovector</i>      Points to a vector of ints for result offsets
+  <i>ovecsize</i>     Number of elements in the vector
+  <i>workspace</i>    Points to a vector of ints used as working space
+  <i>wscount</i>      Number of elements in the vector
+</pre>
+The units for <i>length</i> and <i>startoffset</i> are bytes for
+<b>pcre_exec()</b>, 16-bit data items for <b>pcre16_exec()</b>, and 32-bit items
+for <b>pcre32_exec()</b>. The options are:
+<pre>
+  PCRE_ANCHORED          Match only at the first position
+  PCRE_BSR_ANYCRLF       \R matches only CR, LF, or CRLF
+  PCRE_BSR_UNICODE       \R matches all Unicode line endings
+  PCRE_NEWLINE_ANY       Recognize any Unicode newline sequence
+  PCRE_NEWLINE_ANYCRLF   Recognize CR, LF, & CRLF as newline sequences
+  PCRE_NEWLINE_CR        Recognize CR as the only newline sequence
+  PCRE_NEWLINE_CRLF      Recognize CRLF as the only newline sequence
+  PCRE_NEWLINE_LF        Recognize LF as the only newline sequence
+  PCRE_NOTBOL            Subject is not the beginning of a line
+  PCRE_NOTEOL            Subject is not the end of a line
+  PCRE_NOTEMPTY          An empty string is not a valid match
+  PCRE_NOTEMPTY_ATSTART  An empty string at the start of the subject
+                           is not a valid match
+  PCRE_NO_START_OPTIMIZE Do not do "start-match" optimizations
+  PCRE_NO_UTF16_CHECK    Do not check the subject for UTF-16
+                           validity (only relevant if PCRE_UTF16
+                           was set at compile time)
+  PCRE_NO_UTF32_CHECK    Do not check the subject for UTF-32
+                           validity (only relevant if PCRE_UTF32
+                           was set at compile time)
+  PCRE_NO_UTF8_CHECK     Do not check the subject for UTF-8
+                           validity (only relevant if PCRE_UTF8
+                           was set at compile time)
+  PCRE_PARTIAL           ) Return PCRE_ERROR_PARTIAL for a partial
+  PCRE_PARTIAL_SOFT      )   match if no full matches are found
+  PCRE_PARTIAL_HARD      Return PCRE_ERROR_PARTIAL for a partial match
+                           even if there is a full match as well
+  PCRE_DFA_SHORTEST      Return only the shortest match
+  PCRE_DFA_RESTART       Restart after a partial match
+</pre>
+There are restrictions on what may appear in a pattern when using this matching
+function. Details are given in the
+<a href="pcrematching.html"><b>pcrematching</b></a>
+documentation. For details of partial matching, see the
+<a href="pcrepartial.html"><b>pcrepartial</b></a>
+page.
+</P>
+<P>
+A <b>pcre[16|32]_extra</b> structure contains the following fields:
+<pre>
+  <i>flags</i>            Bits indicating which fields are set
+  <i>study_data</i>       Opaque data from <b>pcre[16|32]_study()</b>
+  <i>match_limit</i>      Limit on internal resource use
+  <i>match_limit_recursion</i>  Limit on internal recursion depth
+  <i>callout_data</i>     Opaque data passed back to callouts
+  <i>tables</i>           Points to character tables or is NULL
+  <i>mark</i>             For passing back a *MARK pointer
+  <i>executable_jit</i>   Opaque data from JIT compilation
+</pre>
+The flag bits are PCRE_EXTRA_STUDY_DATA, PCRE_EXTRA_MATCH_LIMIT,
+PCRE_EXTRA_MATCH_LIMIT_RECURSION, PCRE_EXTRA_CALLOUT_DATA,
+PCRE_EXTRA_TABLES, PCRE_EXTRA_MARK and PCRE_EXTRA_EXECUTABLE_JIT. For this
+matching function, the <i>match_limit</i> and <i>match_limit_recursion</i> fields
+are not used, and must not be set. The PCRE_EXTRA_EXECUTABLE_JIT flag and
+the corresponding variable are ignored.
+</P>
+<P>
+There is a complete description of the PCRE native API in the
+<a href="pcreapi.html"><b>pcreapi</b></a>
+page and a description of the POSIX API in the
+<a href="pcreposix.html"><b>pcreposix</b></a>
+page.
+<p>
+Return to the <a href="index.html">PCRE index page</a>.
+</p>
diff --git a/client/3rd/ShadowSocks/ShadowSocks/pcre/arm64/share/doc/pcre/html/pcre_exec.html b/client/3rd/ShadowSocks/ShadowSocks/pcre/arm64/share/doc/pcre/html/pcre_exec.html
new file mode 100644
index 00000000..18e1a13f
--- /dev/null
+++ b/client/3rd/ShadowSocks/ShadowSocks/pcre/arm64/share/doc/pcre/html/pcre_exec.html
@@ -0,0 +1,111 @@
+<html>
+<head>
+<title>pcre_exec specification</title>
+</head>
+<body bgcolor="#FFFFFF" text="#00005A" link="#0066FF" alink="#3399FF" vlink="#2222BB">
+<h1>pcre_exec man page</h1>
+<p>
+Return to the <a href="index.html">PCRE index page</a>.
+</p>
+<p>
+This page is part of the PCRE HTML documentation. It was generated automatically
+from the original man page. If there is any nonsense in it, please consult the
+man page, in case the conversion went wrong.
+<br>
+<br><b>
+SYNOPSIS
+</b><br>
+<P>
+<b>#include &#60;pcre.h&#62;</b>
+</P>
+<P>
+<b>int pcre_exec(const pcre *<i>code</i>, const pcre_extra *<i>extra</i>,</b>
+<b>     const char *<i>subject</i>, int <i>length</i>, int <i>startoffset</i>,</b>
+<b>     int <i>options</i>, int *<i>ovector</i>, int <i>ovecsize</i>);</b>
+<br>
+<br>
+<b>int pcre16_exec(const pcre16 *<i>code</i>, const pcre16_extra *<i>extra</i>,</b>
+<b>     PCRE_SPTR16 <i>subject</i>, int <i>length</i>, int <i>startoffset</i>,</b>
+<b>     int <i>options</i>, int *<i>ovector</i>, int <i>ovecsize</i>);</b>
+<br>
+<br>
+<b>int pcre32_exec(const pcre32 *<i>code</i>, const pcre32_extra *<i>extra</i>,</b>
+<b>     PCRE_SPTR32 <i>subject</i>, int <i>length</i>, int <i>startoffset</i>,</b>
+<b>     int <i>options</i>, int *<i>ovector</i>, int <i>ovecsize</i>);</b>
+</P>
+<br><b>
+DESCRIPTION
+</b><br>
+<P>
+This function matches a compiled regular expression against a given subject
+string, using a matching algorithm that is similar to Perl's. It returns
+offsets to captured substrings. Its arguments are:
+<pre>
+  <i>code</i>         Points to the compiled pattern
+  <i>extra</i>        Points to an associated <b>pcre[16|32]_extra</b> structure,
+                 or is NULL
+  <i>subject</i>      Points to the subject string
+  <i>length</i>       Length of the subject string
+  <i>startoffset</i>  Offset in the subject at which to start matching
+  <i>options</i>      Option bits
+  <i>ovector</i>      Points to a vector of ints for result offsets
+  <i>ovecsize</i>     Number of elements in the vector (a multiple of 3)
+</pre>
+The units for <i>length</i> and <i>startoffset</i> are bytes for
+<b>pcre_exec()</b>, 16-bit data items for <b>pcre16_exec()</b>, and 32-bit items
+for <b>pcre32_exec()</b>. The options are:
+<pre>
+  PCRE_ANCHORED          Match only at the first position
+  PCRE_BSR_ANYCRLF       \R matches only CR, LF, or CRLF
+  PCRE_BSR_UNICODE       \R matches all Unicode line endings
+  PCRE_NEWLINE_ANY       Recognize any Unicode newline sequence
+  PCRE_NEWLINE_ANYCRLF   Recognize CR, LF, & CRLF as newline sequences
+  PCRE_NEWLINE_CR        Recognize CR as the only newline sequence
+  PCRE_NEWLINE_CRLF      Recognize CRLF as the only newline sequence
+  PCRE_NEWLINE_LF        Recognize LF as the only newline sequence
+  PCRE_NOTBOL            Subject string is not the beginning of a line
+  PCRE_NOTEOL            Subject string is not the end of a line
+  PCRE_NOTEMPTY          An empty string is not a valid match
+  PCRE_NOTEMPTY_ATSTART  An empty string at the start of the subject
+                           is not a valid match
+  PCRE_NO_START_OPTIMIZE Do not do "start-match" optimizations
+  PCRE_NO_UTF16_CHECK    Do not check the subject for UTF-16
+                           validity (only relevant if PCRE_UTF16
+                           was set at compile time)
+  PCRE_NO_UTF32_CHECK    Do not check the subject for UTF-32
+                           validity (only relevant if PCRE_UTF32
+                           was set at compile time)
+  PCRE_NO_UTF8_CHECK     Do not check the subject for UTF-8
+                           validity (only relevant if PCRE_UTF8
+                           was set at compile time)
+  PCRE_PARTIAL           ) Return PCRE_ERROR_PARTIAL for a partial
+  PCRE_PARTIAL_SOFT      )   match if no full matches are found
+  PCRE_PARTIAL_HARD      Return PCRE_ERROR_PARTIAL for a partial match
+                           if that is found before a full match
+</pre>
+For details of partial matching, see the
+<a href="pcrepartial.html"><b>pcrepartial</b></a>
+page. A <b>pcre_extra</b> structure contains the following fields:
+<pre>
+  <i>flags</i>            Bits indicating which fields are set
+  <i>study_data</i>       Opaque data from <b>pcre[16|32]_study()</b>
+  <i>match_limit</i>      Limit on internal resource use
+  <i>match_limit_recursion</i>  Limit on internal recursion depth
+  <i>callout_data</i>     Opaque data passed back to callouts
+  <i>tables</i>           Points to character tables or is NULL
+  <i>mark</i>             For passing back a *MARK pointer
+  <i>executable_jit</i>   Opaque data from JIT compilation
+</pre>
+The flag bits are PCRE_EXTRA_STUDY_DATA, PCRE_EXTRA_MATCH_LIMIT,
+PCRE_EXTRA_MATCH_LIMIT_RECURSION, PCRE_EXTRA_CALLOUT_DATA,
+PCRE_EXTRA_TABLES, PCRE_EXTRA_MARK and PCRE_EXTRA_EXECUTABLE_JIT.
+</P>
+<P>
+There is a complete description of the PCRE native API in the
+<a href="pcreapi.html"><b>pcreapi</b></a>
+page and a description of the POSIX API in the
+<a href="pcreposix.html"><b>pcreposix</b></a>
+page.
+<p>
+Return to the <a href="index.html">PCRE index page</a>.
+</p>
diff --git a/client/3rd/ShadowSocks/ShadowSocks/pcre/arm64/share/doc/pcre/html/pcre_free_study.html b/client/3rd/ShadowSocks/ShadowSocks/pcre/arm64/share/doc/pcre/html/pcre_free_study.html
new file mode 100644
index 00000000..7f9e10e8
--- /dev/null
+++ b/client/3rd/ShadowSocks/ShadowSocks/pcre/arm64/share/doc/pcre/html/pcre_free_study.html
@@ -0,0 +1,46 @@
+<html>
+<head>
+<title>pcre_free_study specification</title>
+</head>
+<body bgcolor="#FFFFFF" text="#00005A" link="#0066FF" alink="#3399FF" vlink="#2222BB">
+<h1>pcre_free_study man page</h1>
+<p>
+Return to the <a href="index.html">PCRE index page</a>.
+</p>
+<p>
+This page is part of the PCRE HTML documentation. It was generated automatically
+from the original man page. If there is any nonsense in it, please consult the
+man page, in case the conversion went wrong.
+<br>
+<br><b>
+SYNOPSIS
+</b><br>
+<P>
+<b>#include &#60;pcre.h&#62;</b>
+</P>
+<P>
+<b>void pcre_free_study(pcre_extra *<i>extra</i>);</b>
+</P>
+<P>
+<b>void pcre16_free_study(pcre16_extra *<i>extra</i>);</b>
+</P>
+<P>
+<b>void pcre32_free_study(pcre32_extra *<i>extra</i>);</b>
+</P>
+<br><b>
+DESCRIPTION
+</b><br>
+<P>
+This function is used to free the memory used for the data generated by a call
+to <b>pcre[16|32]_study()</b> when it is no longer needed. The argument must be the
+result of such a call.
+</P>
+<P>
+There is a complete description of the PCRE native API in the
+<a href="pcreapi.html"><b>pcreapi</b></a>
+page and a description of the POSIX API in the
+<a href="pcreposix.html"><b>pcreposix</b></a>
+page.
+<p>
+Return to the <a href="index.html">PCRE index page</a>.
+</p>
diff --git a/client/3rd/ShadowSocks/ShadowSocks/pcre/arm64/share/doc/pcre/html/pcre_free_substring.html b/client/3rd/ShadowSocks/ShadowSocks/pcre/arm64/share/doc/pcre/html/pcre_free_substring.html
new file mode 100644
index 00000000..1fe66107
--- /dev/null
+++ b/client/3rd/ShadowSocks/ShadowSocks/pcre/arm64/share/doc/pcre/html/pcre_free_substring.html
@@ -0,0 +1,46 @@
+<html>
+<head>
+<title>pcre_free_substring specification</title>
+</head>
+<body bgcolor="#FFFFFF" text="#00005A" link="#0066FF" alink="#3399FF" vlink="#2222BB">
+<h1>pcre_free_substring man page</h1>
+<p>
+Return to the <a href="index.html">PCRE index page</a>.
+</p>
+<p>
+This page is part of the PCRE HTML documentation. It was generated automatically
+from the original man page. If there is any nonsense in it, please consult the
+man page, in case the conversion went wrong.
+<br>
+<br><b>
+SYNOPSIS
+</b><br>
+<P>
+<b>#include &#60;pcre.h&#62;</b>
+</P>
+<P>
+<b>void pcre_free_substring(const char *<i>stringptr</i>);</b>
+</P>
+<P>
+<b>void pcre16_free_substring(PCRE_SPTR16 <i>stringptr</i>);</b>
+</P>
+<P>
+<b>void pcre32_free_substring(PCRE_SPTR32 <i>stringptr</i>);</b>
+</P>
+<br><b>
+DESCRIPTION
+</b><br>
+<P>
+This is a convenience function for freeing the store obtained by a previous
+call to <b>pcre[16|32]_get_substring()</b> or <b>pcre[16|32]_get_named_substring()</b>.
+Its only argument is a pointer to the string.
+</P>
+<P>
+There is a complete description of the PCRE native API in the
+<a href="pcreapi.html"><b>pcreapi</b></a>
+page and a description of the POSIX API in the
+<a href="pcreposix.html"><b>pcreposix</b></a>
+page.
+<p>
+Return to the <a href="index.html">PCRE index page</a>.
+</p>
diff --git a/client/3rd/ShadowSocks/ShadowSocks/pcre/arm64/share/doc/pcre/html/pcre_free_substring_list.html b/client/3rd/ShadowSocks/ShadowSocks/pcre/arm64/share/doc/pcre/html/pcre_free_substring_list.html
new file mode 100644
index 00000000..c0861780
--- /dev/null
+++ b/client/3rd/ShadowSocks/ShadowSocks/pcre/arm64/share/doc/pcre/html/pcre_free_substring_list.html
@@ -0,0 +1,46 @@
+<html>
+<head>
+<title>pcre_free_substring_list specification</title>
+</head>
+<body bgcolor="#FFFFFF" text="#00005A" link="#0066FF" alink="#3399FF" vlink="#2222BB">
+<h1>pcre_free_substring_list man page</h1>
+<p>
+Return to the <a href="index.html">PCRE index page</a>.
+</p>
+<p>
+This page is part of the PCRE HTML documentation. It was generated automatically
+from the original man page. If there is any nonsense in it, please consult the
+man page, in case the conversion went wrong.
+<br>
+<br><b>
+SYNOPSIS
+</b><br>
+<P>
+<b>#include &#60;pcre.h&#62;</b>
+</P>
+<P>
+<b>void pcre_free_substring_list(const char **<i>stringptr</i>);</b>
+</P>
+<P>
+<b>void pcre16_free_substring_list(PCRE_SPTR16 *<i>stringptr</i>);</b>
+</P>
+<P>
+<b>void pcre32_free_substring_list(PCRE_SPTR32 *<i>stringptr</i>);</b>
+</P>
+<br><b>
+DESCRIPTION
+</b><br>
+<P>
+This is a convenience function for freeing the store obtained by a previous
+call to <b>pcre[16|32]_get_substring_list()</b>. Its only argument is a pointer to
+the list of string pointers.
+</P>
+<P>
+There is a complete description of the PCRE native API in the
+<a href="pcreapi.html"><b>pcreapi</b></a>
+page and a description of the POSIX API in the
+<a href="pcreposix.html"><b>pcreposix</b></a>
+page.
+<p>
+Return to the <a href="index.html">PCRE index page</a>.
+</p>
diff --git a/client/3rd/ShadowSocks/ShadowSocks/pcre/arm64/share/doc/pcre/html/pcre_fullinfo.html b/client/3rd/ShadowSocks/ShadowSocks/pcre/arm64/share/doc/pcre/html/pcre_fullinfo.html
new file mode 100644
index 00000000..2b7c72b3
--- /dev/null
+++ b/client/3rd/ShadowSocks/ShadowSocks/pcre/arm64/share/doc/pcre/html/pcre_fullinfo.html
@@ -0,0 +1,118 @@
+<html>
+<head>
+<title>pcre_fullinfo specification</title>
+</head>
+<body bgcolor="#FFFFFF" text="#00005A" link="#0066FF" alink="#3399FF" vlink="#2222BB">
+<h1>pcre_fullinfo man page</h1>
+<p>
+Return to the <a href="index.html">PCRE index page</a>.
+</p>
+<p>
+This page is part of the PCRE HTML documentation. It was generated automatically
+from the original man page. If there is any nonsense in it, please consult the
+man page, in case the conversion went wrong.
+<br>
+<br><b>
+SYNOPSIS
+</b><br>
+<P>
+<b>#include &#60;pcre.h&#62;</b>
+</P>
+<P>
+<b>int pcre_fullinfo(const pcre *<i>code</i>, const pcre_extra *<i>extra</i>,</b>
+<b>     int <i>what</i>, void *<i>where</i>);</b>
+<br>
+<br>
+<b>int pcre16_fullinfo(const pcre16 *<i>code</i>, const pcre16_extra *<i>extra</i>,</b>
+<b>     int <i>what</i>, void *<i>where</i>);</b>
+<br>
+<br>
+<b>int pcre32_fullinfo(const pcre32 *<i>code</i>, const pcre32_extra *<i>extra</i>,</b>
+<b>     int <i>what</i>, void *<i>where</i>);</b>
+</P>
+<br><b>
+DESCRIPTION
+</b><br>
+<P>
+This function returns information about a compiled pattern. Its arguments are:
+<pre>
+  <i>code</i>                      Compiled regular expression
+  <i>extra</i>                     Result of <b>pcre[16|32]_study()</b> or NULL
+  <i>what</i>                      What information is required
+  <i>where</i>                     Where to put the information
+</pre>
+The following information is available:
+<pre>
+  PCRE_INFO_BACKREFMAX      Number of highest back reference
+  PCRE_INFO_CAPTURECOUNT    Number of capturing subpatterns
+  PCRE_INFO_DEFAULT_TABLES  Pointer to default tables
+  PCRE_INFO_FIRSTBYTE       Fixed first data unit for a match, or
+                              -1 for start of string
+                                 or after newline, or
+                              -2 otherwise
+  PCRE_INFO_FIRSTTABLE      Table of first data units (after studying)
+  PCRE_INFO_HASCRORLF       Return 1 if explicit CR or LF matches exist
+  PCRE_INFO_JCHANGED        Return 1 if (?J) or (?-J) was used
+  PCRE_INFO_JIT             Return 1 after successful JIT compilation
+  PCRE_INFO_JITSIZE         Size of JIT compiled code
+  PCRE_INFO_LASTLITERAL     Literal last data unit required
+  PCRE_INFO_MINLENGTH       Lower bound length of matching strings
+  PCRE_INFO_MATCHEMPTY      Return 1 if the pattern can match an empty string,
+                               0 otherwise
+  PCRE_INFO_MATCHLIMIT      Match limit if set, otherwise PCRE_RROR_UNSET
+  PCRE_INFO_MAXLOOKBEHIND   Length (in characters) of the longest lookbehind assertion
+  PCRE_INFO_NAMECOUNT       Number of named subpatterns
+  PCRE_INFO_NAMEENTRYSIZE   Size of name table entry
+  PCRE_INFO_NAMETABLE       Pointer to name table
+  PCRE_INFO_OKPARTIAL       Return 1 if partial matching can be tried
+                              (always returns 1 after release 8.00)
+  PCRE_INFO_OPTIONS         Option bits used for compilation
+  PCRE_INFO_SIZE            Size of compiled pattern
+  PCRE_INFO_STUDYSIZE       Size of study data
+  PCRE_INFO_FIRSTCHARACTER      Fixed first data unit for a match
+  PCRE_INFO_FIRSTCHARACTERFLAGS Returns
+                                  1 if there is a first data character set, which can
+                                    then be retrieved using PCRE_INFO_FIRSTCHARACTER,
+                                  2 if the first character is at the start of the data
+                                    string or after a newline, and
+                                  0 otherwise
+  PCRE_INFO_RECURSIONLIMIT    Recursion limit if set, otherwise PCRE_ERROR_UNSET
+  PCRE_INFO_REQUIREDCHAR      Literal last data unit required
+  PCRE_INFO_REQUIREDCHARFLAGS Returns 1 if the last data character is set (which can then
+                              be retrieved using PCRE_INFO_REQUIREDCHAR); 0 otherwise
+</pre>
+The <i>where</i> argument must point to an integer variable, except for the
+following <i>what</i> values:
+<pre>
+  PCRE_INFO_DEFAULT_TABLES  const uint8_t *
+  PCRE_INFO_FIRSTCHARACTER  uint32_t
+  PCRE_INFO_FIRSTTABLE      const uint8_t *
+  PCRE_INFO_JITSIZE         size_t
+  PCRE_INFO_MATCHLIMIT      uint32_t
+  PCRE_INFO_NAMETABLE       PCRE_SPTR16           (16-bit library)
+  PCRE_INFO_NAMETABLE       PCRE_SPTR32           (32-bit library)
+  PCRE_INFO_NAMETABLE       const unsigned char * (8-bit library)
+  PCRE_INFO_OPTIONS         unsigned long int
+  PCRE_INFO_SIZE            size_t
+  PCRE_INFO_STUDYSIZE       size_t
+  PCRE_INFO_RECURSIONLIMIT  uint32_t
+  PCRE_INFO_REQUIREDCHAR    uint32_t
+</pre>
+The yield of the function is zero on success or:
+<pre>
+  PCRE_ERROR_NULL           the argument <i>code</i> was NULL
+                            the argument <i>where</i> was NULL
+  PCRE_ERROR_BADMAGIC       the "magic number" was not found
+  PCRE_ERROR_BADOPTION      the value of <i>what</i> was invalid
+  PCRE_ERROR_UNSET          the option was not set
+</PRE>
+</P>
+<P>
+There is a complete description of the PCRE native API in the
+<a href="pcreapi.html"><b>pcreapi</b></a>
+page and a description of the POSIX API in the
+<a href="pcreposix.html"><b>pcreposix</b></a>
+page.
+<p>
+Return to the <a href="index.html">PCRE index page</a>.
+</p>
diff --git a/client/3rd/ShadowSocks/ShadowSocks/pcre/arm64/share/doc/pcre/html/pcre_get_named_substring.html b/client/3rd/ShadowSocks/ShadowSocks/pcre/arm64/share/doc/pcre/html/pcre_get_named_substring.html
new file mode 100644
index 00000000..72924d9b
--- /dev/null
+++ b/client/3rd/ShadowSocks/ShadowSocks/pcre/arm64/share/doc/pcre/html/pcre_get_named_substring.html
@@ -0,0 +1,68 @@
+<html>
+<head>
+<title>pcre_get_named_substring specification</title>
+</head>
+<body bgcolor="#FFFFFF" text="#00005A" link="#0066FF" alink="#3399FF" vlink="#2222BB">
+<h1>pcre_get_named_substring man page</h1>
+<p>
+Return to the <a href="index.html">PCRE index page</a>.
+</p>
+<p>
+This page is part of the PCRE HTML documentation. It was generated automatically
+from the original man page. If there is any nonsense in it, please consult the
+man page, in case the conversion went wrong.
+<br>
+<br><b>
+SYNOPSIS
+</b><br>
+<P>
+<b>#include &#60;pcre.h&#62;</b>
+</P>
+<P>
+<b>int pcre_get_named_substring(const pcre *<i>code</i>,</b>
+<b>     const char *<i>subject</i>, int *<i>ovector</i>,</b>
+<b>     int <i>stringcount</i>, const char *<i>stringname</i>,</b>
+<b>     const char **<i>stringptr</i>);</b>
+<br>
+<br>
+<b>int pcre16_get_named_substring(const pcre16 *<i>code</i>,</b>
+<b>     PCRE_SPTR16 <i>subject</i>, int *<i>ovector</i>,</b>
+<b>     int <i>stringcount</i>, PCRE_SPTR16 <i>stringname</i>,</b>
+<b>     PCRE_SPTR16 *<i>stringptr</i>);</b>
+<br>
+<br>
+<b>int pcre32_get_named_substring(const pcre32 *<i>code</i>,</b>
+<b>     PCRE_SPTR32 <i>subject</i>, int *<i>ovector</i>,</b>
+<b>     int <i>stringcount</i>, PCRE_SPTR32 <i>stringname</i>,</b>
+<b>     PCRE_SPTR32 *<i>stringptr</i>);</b>
+</P>
+<br><b>
+DESCRIPTION
+</b><br>
+<P>
+This is a convenience function for extracting a captured substring by name. The
+arguments are:
+<pre>
+  <i>code</i>          Compiled pattern
+  <i>subject</i>       Subject that has been successfully matched
+  <i>ovector</i>       Offset vector that <b>pcre[16|32]_exec()</b> used
+  <i>stringcount</i>   Value returned by <b>pcre[16|32]_exec()</b>
+  <i>stringname</i>    Name of the required substring
+  <i>stringptr</i>     Where to put the string pointer
+</pre>
+The memory in which the substring is placed is obtained by calling
+<b>pcre[16|32]_malloc()</b>. The convenience function
+<b>pcre[16|32]_free_substring()</b> can be used to free it when it is no longer
+needed. The yield of the function is the length of the extracted substring,
+PCRE_ERROR_NOMEMORY if sufficient memory could not be obtained, or
+PCRE_ERROR_NOSUBSTRING if the string name is invalid.
+</P>
+<P>
+There is a complete description of the PCRE native API in the
+<a href="pcreapi.html"><b>pcreapi</b></a>
+page and a description of the POSIX API in the
+<a href="pcreposix.html"><b>pcreposix</b></a>
+page.
+<p>
+Return to the <a href="index.html">PCRE index page</a>.
+</p>
diff --git a/client/3rd/ShadowSocks/ShadowSocks/pcre/arm64/share/doc/pcre/html/pcre_get_stringnumber.html b/client/3rd/ShadowSocks/ShadowSocks/pcre/arm64/share/doc/pcre/html/pcre_get_stringnumber.html
new file mode 100644
index 00000000..7324d782
--- /dev/null
+++ b/client/3rd/ShadowSocks/ShadowSocks/pcre/arm64/share/doc/pcre/html/pcre_get_stringnumber.html
@@ -0,0 +1,57 @@
+<html>
+<head>
+<title>pcre_get_stringnumber specification</title>
+</head>
+<body bgcolor="#FFFFFF" text="#00005A" link="#0066FF" alink="#3399FF" vlink="#2222BB">
+<h1>pcre_get_stringnumber man page</h1>
+<p>
+Return to the <a href="index.html">PCRE index page</a>.
+</p>
+<p>
+This page is part of the PCRE HTML documentation. It was generated automatically
+from the original man page. If there is any nonsense in it, please consult the
+man page, in case the conversion went wrong.
+<br>
+<br><b>
+SYNOPSIS
+</b><br>
+<P>
+<b>#include &#60;pcre.h&#62;</b>
+</P>
+<P>
+<b>int pcre_get_stringnumber(const pcre *<i>code</i>,</b>
+<b>     const char *<i>name</i>);</b>
+<br>
+<br>
+<b>int pcre16_get_stringnumber(const pcre16 *<i>code</i>,</b>
+<b>     PCRE_SPTR16 <i>name</i>);</b>
+<br>
+<br>
+<b>int pcre32_get_stringnumber(const pcre32 *<i>code</i>,</b>
+<b>     PCRE_SPTR32 <i>name</i>);</b>
+</P>
+<br><b>
+DESCRIPTION
+</b><br>
+<P>
+This convenience function finds the number of a named substring capturing
+parenthesis in a compiled pattern. Its arguments are:
+<pre>
+  <i>code</i>    Compiled regular expression
+  <i>name</i>    Name whose number is required
+</pre>
+The yield of the function is the number of the parenthesis if the name is
+found, or PCRE_ERROR_NOSUBSTRING otherwise. When duplicate names are allowed
+(PCRE_DUPNAMES is set), it is not defined which of the numbers is returned by
+<b>pcre[16|32]_get_stringnumber()</b>. You can obtain the complete list by calling
+<b>pcre[16|32]_get_stringtable_entries()</b>.
+</P>
+<P>
+There is a complete description of the PCRE native API in the
+<a href="pcreapi.html"><b>pcreapi</b></a>
+page and a description of the POSIX API in the
+<a href="pcreposix.html"><b>pcreposix</b></a>
+page.
+<p>
+Return to the <a href="index.html">PCRE index page</a>.
+</p>
diff --git a/client/3rd/ShadowSocks/ShadowSocks/pcre/arm64/share/doc/pcre/html/pcre_get_stringtable_entries.html b/client/3rd/ShadowSocks/ShadowSocks/pcre/arm64/share/doc/pcre/html/pcre_get_stringtable_entries.html
new file mode 100644
index 00000000..79906798
--- /dev/null
+++ b/client/3rd/ShadowSocks/ShadowSocks/pcre/arm64/share/doc/pcre/html/pcre_get_stringtable_entries.html
@@ -0,0 +1,60 @@
+<html>
+<head>
+<title>pcre_get_stringtable_entries specification</title>
+</head>
+<body bgcolor="#FFFFFF" text="#00005A" link="#0066FF" alink="#3399FF" vlink="#2222BB">
+<h1>pcre_get_stringtable_entries man page</h1>
+<p>
+Return to the <a href="index.html">PCRE index page</a>.
+</p>
+<p>
+This page is part of the PCRE HTML documentation. It was generated automatically
+from the original man page. If there is any nonsense in it, please consult the
+man page, in case the conversion went wrong.
+<br>
+<br><b>
+SYNOPSIS
+</b><br>
+<P>
+<b>#include &#60;pcre.h&#62;</b>
+</P>
+<P>
+<b>int pcre_get_stringtable_entries(const pcre *<i>code</i>,</b>
+<b>     const char *<i>name</i>, char **<i>first</i>, char **<i>last</i>);</b>
+<br>
+<br>
+<b>int pcre16_get_stringtable_entries(const pcre16 *<i>code</i>,</b>
+<b>     PCRE_SPTR16 <i>name</i>, PCRE_UCHAR16 **<i>first</i>, PCRE_UCHAR16 **<i>last</i>);</b>
+<br>
+<br>
+<b>int pcre32_get_stringtable_entries(const pcre32 *<i>code</i>,</b>
+<b>     PCRE_SPTR32 <i>name</i>, PCRE_UCHAR32 **<i>first</i>, PCRE_UCHAR32 **<i>last</i>);</b>
+</P>
+<br><b>
+DESCRIPTION
+</b><br>
+<P>
+This convenience function finds, for a compiled pattern, the first and last
+entries for a given name in the table that translates capturing parenthesis
+names into numbers. When names are required to be unique (PCRE_DUPNAMES is
+<i>not</i> set), it is usually easier to use <b>pcre[16|32]_get_stringnumber()</b>
+instead.
+<pre>
+  <i>code</i>    Compiled regular expression
+  <i>name</i>    Name whose entries required
+  <i>first</i>   Where to return a pointer to the first entry
+  <i>last</i>    Where to return a pointer to the last entry
+</pre>
+The yield of the function is the length of each entry, or
+PCRE_ERROR_NOSUBSTRING if none are found.
+</P>
+<P>
+There is a complete description of the PCRE native API, including the format of
+the table entries, in the
+<a href="pcreapi.html"><b>pcreapi</b></a>
+page, and a description of the POSIX API in the
+<a href="pcreposix.html"><b>pcreposix</b></a>
+page.
+<p>
+Return to the <a href="index.html">PCRE index page</a>.
+</p>
diff --git a/client/3rd/ShadowSocks/ShadowSocks/pcre/arm64/share/doc/pcre/html/pcre_get_substring.html b/client/3rd/ShadowSocks/ShadowSocks/pcre/arm64/share/doc/pcre/html/pcre_get_substring.html
new file mode 100644
index 00000000..1a8e4f5a
--- /dev/null
+++ b/client/3rd/ShadowSocks/ShadowSocks/pcre/arm64/share/doc/pcre/html/pcre_get_substring.html
@@ -0,0 +1,64 @@
+<html>
+<head>
+<title>pcre_get_substring specification</title>
+</head>
+<body bgcolor="#FFFFFF" text="#00005A" link="#0066FF" alink="#3399FF" vlink="#2222BB">
+<h1>pcre_get_substring man page</h1>
+<p>
+Return to the <a href="index.html">PCRE index page</a>.
+</p>
+<p>
+This page is part of the PCRE HTML documentation. It was generated automatically
+from the original man page. If there is any nonsense in it, please consult the
+man page, in case the conversion went wrong.
+<br>
+<br><b>
+SYNOPSIS
+</b><br>
+<P>
+<b>#include &#60;pcre.h&#62;</b>
+</P>
+<P>
+<b>int pcre_get_substring(const char *<i>subject</i>, int *<i>ovector</i>,</b>
+<b>     int <i>stringcount</i>, int <i>stringnumber</i>,</b>
+<b>     const char **<i>stringptr</i>);</b>
+<br>
+<br>
+<b>int pcre16_get_substring(PCRE_SPTR16 <i>subject</i>, int *<i>ovector</i>,</b>
+<b>     int <i>stringcount</i>, int <i>stringnumber</i>,</b>
+<b>     PCRE_SPTR16 *<i>stringptr</i>);</b>
+<br>
+<br>
+<b>int pcre32_get_substring(PCRE_SPTR32 <i>subject</i>, int *<i>ovector</i>,</b>
+<b>     int <i>stringcount</i>, int <i>stringnumber</i>,</b>
+<b>     PCRE_SPTR32 *<i>stringptr</i>);</b>
+</P>
+<br><b>
+DESCRIPTION
+</b><br>
+<P>
+This is a convenience function for extracting a captured substring. The
+arguments are:
+<pre>
+  <i>subject</i>       Subject that has been successfully matched
+  <i>ovector</i>       Offset vector that <b>pcre[16|32]_exec()</b> used
+  <i>stringcount</i>   Value returned by <b>pcre[16|32]_exec()</b>
+  <i>stringnumber</i>  Number of the required substring
+  <i>stringptr</i>     Where to put the string pointer
+</pre>
+The memory in which the substring is placed is obtained by calling
+<b>pcre[16|32]_malloc()</b>. The convenience function
+<b>pcre[16|32]_free_substring()</b> can be used to free it when it is no longer
+needed. The yield of the function is the length of the substring,
+PCRE_ERROR_NOMEMORY if sufficient memory could not be obtained, or
+PCRE_ERROR_NOSUBSTRING if the string number is invalid.
+</P>
+<P>
+There is a complete description of the PCRE native API in the
+<a href="pcreapi.html"><b>pcreapi</b></a>
+page and a description of the POSIX API in the
+<a href="pcreposix.html"><b>pcreposix</b></a>
+page.
+<p>
+Return to the <a href="index.html">PCRE index page</a>.
+</p>
diff --git a/client/3rd/ShadowSocks/ShadowSocks/pcre/arm64/share/doc/pcre/html/pcre_get_substring_list.html b/client/3rd/ShadowSocks/ShadowSocks/pcre/arm64/share/doc/pcre/html/pcre_get_substring_list.html
new file mode 100644
index 00000000..7e8c6bc8
--- /dev/null
+++ b/client/3rd/ShadowSocks/ShadowSocks/pcre/arm64/share/doc/pcre/html/pcre_get_substring_list.html
@@ -0,0 +1,61 @@
+<html>
+<head>
+<title>pcre_get_substring_list specification</title>
+</head>
+<body bgcolor="#FFFFFF" text="#00005A" link="#0066FF" alink="#3399FF" vlink="#2222BB">
+<h1>pcre_get_substring_list man page</h1>
+<p>
+Return to the <a href="index.html">PCRE index page</a>.
+</p>
+<p>
+This page is part of the PCRE HTML documentation. It was generated automatically
+from the original man page. If there is any nonsense in it, please consult the
+man page, in case the conversion went wrong.
+<br>
+<br><b>
+SYNOPSIS
+</b><br>
+<P>
+<b>#include &#60;pcre.h&#62;</b>
+</P>
+<P>
+<b>int pcre_get_substring_list(const char *<i>subject</i>,</b>
+<b>     int *<i>ovector</i>, int <i>stringcount</i>, const char ***<i>listptr</i>);</b>
+<br>
+<br>
+<b>int pcre16_get_substring_list(PCRE_SPTR16 <i>subject</i>,</b>
+<b>     int *<i>ovector</i>, int <i>stringcount</i>, PCRE_SPTR16 **<i>listptr</i>);</b>
+<br>
+<br>
+<b>int pcre32_get_substring_list(PCRE_SPTR32 <i>subject</i>,</b>
+<b>     int *<i>ovector</i>, int <i>stringcount</i>, PCRE_SPTR32 **<i>listptr</i>);</b>
+</P>
+<br><b>
+DESCRIPTION
+</b><br>
+<P>
+This is a convenience function for extracting a list of all the captured
+substrings. The arguments are:
+<pre>
+  <i>subject</i>       Subject that has been successfully matched
+  <i>ovector</i>       Offset vector that <b>pcre[16|32]_exec</b> used
+  <i>stringcount</i>   Value returned by <b>pcre[16|32]_exec</b>
+  <i>listptr</i>       Where to put a pointer to the list
+</pre>
+The memory in which the substrings and the list are placed is obtained by
+calling <b>pcre[16|32]_malloc()</b>. The convenience function
+<b>pcre[16|32]_free_substring_list()</b> can be used to free it when it is no
+longer needed. A pointer to a list of pointers is put in the variable whose
+address is in <i>listptr</i>. The list is terminated by a NULL pointer. The
+yield of the function is zero on success or PCRE_ERROR_NOMEMORY if sufficient
+memory could not be obtained.
+</P>
+<P>
+There is a complete description of the PCRE native API in the
+<a href="pcreapi.html"><b>pcreapi</b></a>
+page and a description of the POSIX API in the
+<a href="pcreposix.html"><b>pcreposix</b></a>
+page.
+<p>
+Return to the <a href="index.html">PCRE index page</a>.
+</p>
diff --git a/client/3rd/ShadowSocks/ShadowSocks/pcre/arm64/share/doc/pcre/html/pcre_jit_exec.html b/client/3rd/ShadowSocks/ShadowSocks/pcre/arm64/share/doc/pcre/html/pcre_jit_exec.html
new file mode 100644
index 00000000..4ebb0cbc
--- /dev/null
+++ b/client/3rd/ShadowSocks/ShadowSocks/pcre/arm64/share/doc/pcre/html/pcre_jit_exec.html
@@ -0,0 +1,108 @@
+<html>
+<head>
+<title>pcre_jit_exec specification</title>
+</head>
+<body bgcolor="#FFFFFF" text="#00005A" link="#0066FF" alink="#3399FF" vlink="#2222BB">
+<h1>pcre_jit_exec man page</h1>
+<p>
+Return to the <a href="index.html">PCRE index page</a>.
+</p>
+<p>
+This page is part of the PCRE HTML documentation. It was generated automatically
+from the original man page. If there is any nonsense in it, please consult the
+man page, in case the conversion went wrong.
+<br>
+<br><b>
+SYNOPSIS
+</b><br>
+<P>
+<b>#include &#60;pcre.h&#62;</b>
+</P>
+<P>
+<b>int pcre_jit_exec(const pcre *<i>code</i>, const pcre_extra *<i>extra</i>,</b>
+<b>     const char *<i>subject</i>, int <i>length</i>, int <i>startoffset</i>,</b>
+<b>     int <i>options</i>, int *<i>ovector</i>, int <i>ovecsize</i>,</b>
+<b>     pcre_jit_stack *<i>jstack</i>);</b>
+<br>
+<br>
+<b>int pcre16_jit_exec(const pcre16 *<i>code</i>, const pcre16_extra *<i>extra</i>,</b>
+<b>     PCRE_SPTR16 <i>subject</i>, int <i>length</i>, int <i>startoffset</i>,</b>
+<b>     int <i>options</i>, int *<i>ovector</i>, int <i>ovecsize</i>,</b>
+<b>     pcre_jit_stack *<i>jstack</i>);</b>
+<br>
+<br>
+<b>int pcre32_jit_exec(const pcre32 *<i>code</i>, const pcre32_extra *<i>extra</i>,</b>
+<b>     PCRE_SPTR32 <i>subject</i>, int <i>length</i>, int <i>startoffset</i>,</b>
+<b>     int <i>options</i>, int *<i>ovector</i>, int <i>ovecsize</i>,</b>
+<b>     pcre_jit_stack *<i>jstack</i>);</b>
+</P>
+<br><b>
+DESCRIPTION
+</b><br>
+<P>
+This function matches a compiled regular expression that has been successfully
+studied with one of the JIT options against a given subject string, using a
+matching algorithm that is similar to Perl's. It is a "fast path" interface to
+JIT, and it bypasses some of the sanity checks that <b>pcre_exec()</b> applies.
+It returns offsets to captured substrings. Its arguments are:
+<pre>
+  <i>code</i>         Points to the compiled pattern
+  <i>extra</i>        Points to an associated <b>pcre[16|32]_extra</b> structure,
+                 or is NULL
+  <i>subject</i>      Points to the subject string
+  <i>length</i>       Length of the subject string, in bytes
+  <i>startoffset</i>  Offset in bytes in the subject at which to
+                 start matching
+  <i>options</i>      Option bits
+  <i>ovector</i>      Points to a vector of ints for result offsets
+  <i>ovecsize</i>     Number of elements in the vector (a multiple of 3)
+  <i>jstack</i>       Pointer to a JIT stack
+</pre>
+The allowed options are:
+<pre>
+  PCRE_NOTBOL            Subject string is not the beginning of a line
+  PCRE_NOTEOL            Subject string is not the end of a line
+  PCRE_NOTEMPTY          An empty string is not a valid match
+  PCRE_NOTEMPTY_ATSTART  An empty string at the start of the subject
+                           is not a valid match
+  PCRE_NO_UTF16_CHECK    Do not check the subject for UTF-16
+                           validity (only relevant if PCRE_UTF16
+                           was set at compile time)
+  PCRE_NO_UTF32_CHECK    Do not check the subject for UTF-32
+                           validity (only relevant if PCRE_UTF32
+                           was set at compile time)
+  PCRE_NO_UTF8_CHECK     Do not check the subject for UTF-8
+                           validity (only relevant if PCRE_UTF8
+                           was set at compile time)
+  PCRE_PARTIAL           ) Return PCRE_ERROR_PARTIAL for a partial
+  PCRE_PARTIAL_SOFT      )   match if no full matches are found
+  PCRE_PARTIAL_HARD      Return PCRE_ERROR_PARTIAL for a partial match
+                           if that is found before a full match
+</pre>
+However, the PCRE_NO_UTF[8|16|32]_CHECK options have no effect, as this check
+is never applied. For details of partial matching, see the
+<a href="pcrepartial.html"><b>pcrepartial</b></a>
+page. A <b>pcre_extra</b> structure contains the following fields:
+<pre>
+  <i>flags</i>            Bits indicating which fields are set
+  <i>study_data</i>       Opaque data from <b>pcre[16|32]_study()</b>
+  <i>match_limit</i>      Limit on internal resource use
+  <i>match_limit_recursion</i>  Limit on internal recursion depth
+  <i>callout_data</i>     Opaque data passed back to callouts
+  <i>tables</i>           Points to character tables or is NULL
+  <i>mark</i>             For passing back a *MARK pointer
+  <i>executable_jit</i>   Opaque data from JIT compilation
+</pre>
+The flag bits are PCRE_EXTRA_STUDY_DATA, PCRE_EXTRA_MATCH_LIMIT,
+PCRE_EXTRA_MATCH_LIMIT_RECURSION, PCRE_EXTRA_CALLOUT_DATA,
+PCRE_EXTRA_TABLES, PCRE_EXTRA_MARK and PCRE_EXTRA_EXECUTABLE_JIT.
+</P>
+<P>
+There is a complete description of the PCRE native API in the
+<a href="pcreapi.html"><b>pcreapi</b></a>
+page and a description of the JIT API in the
+<a href="pcrejit.html"><b>pcrejit</b></a>
+page.
+<p>
+Return to the <a href="index.html">PCRE index page</a>.
+</p>
diff --git a/client/3rd/ShadowSocks/ShadowSocks/pcre/arm64/share/doc/pcre/html/pcre_jit_stack_alloc.html b/client/3rd/ShadowSocks/ShadowSocks/pcre/arm64/share/doc/pcre/html/pcre_jit_stack_alloc.html
new file mode 100644
index 00000000..23ba4507
--- /dev/null
+++ b/client/3rd/ShadowSocks/ShadowSocks/pcre/arm64/share/doc/pcre/html/pcre_jit_stack_alloc.html
@@ -0,0 +1,55 @@
+<html>
+<head>
+<title>pcre_jit_stack_alloc specification</title>
+</head>
+<body bgcolor="#FFFFFF" text="#00005A" link="#0066FF" alink="#3399FF" vlink="#2222BB">
+<h1>pcre_jit_stack_alloc man page</h1>
+<p>
+Return to the <a href="index.html">PCRE index page</a>.
+</p>
+<p>
+This page is part of the PCRE HTML documentation. It was generated automatically
+from the original man page. If there is any nonsense in it, please consult the
+man page, in case the conversion went wrong.
+<br>
+<br><b>
+SYNOPSIS
+</b><br>
+<P>
+<b>#include &#60;pcre.h&#62;</b>
+</P>
+<P>
+<b>pcre_jit_stack *pcre_jit_stack_alloc(int <i>startsize</i>,</b>
+<b>     int <i>maxsize</i>);</b>
+<br>
+<br>
+<b>pcre16_jit_stack *pcre16_jit_stack_alloc(int <i>startsize</i>,</b>
+<b>     int <i>maxsize</i>);</b>
+<br>
+<br>
+<b>pcre32_jit_stack *pcre32_jit_stack_alloc(int <i>startsize</i>,</b>
+<b>     int <i>maxsize</i>);</b>
+</P>
+<br><b>
+DESCRIPTION
+</b><br>
+<P>
+This function is used to create a stack for use by the code compiled by the JIT
+optimization of <b>pcre[16|32]_study()</b>. The arguments are a starting size for
+the stack, and a maximum size to which it is allowed to grow. The result can be
+passed to the JIT run-time code by <b>pcre[16|32]_assign_jit_stack()</b>, or that
+function can set up a callback for obtaining a stack. A maximum stack size of
+512K to 1M should be more than enough for any pattern. For more details, see
+the
+<a href="pcrejit.html"><b>pcrejit</b></a>
+page.
+</P>
+<P>
+There is a complete description of the PCRE native API in the
+<a href="pcreapi.html"><b>pcreapi</b></a>
+page and a description of the POSIX API in the
+<a href="pcreposix.html"><b>pcreposix</b></a>
+page.
+<p>
+Return to the <a href="index.html">PCRE index page</a>.
+</p>
diff --git a/client/3rd/ShadowSocks/ShadowSocks/pcre/arm64/share/doc/pcre/html/pcre_jit_stack_free.html b/client/3rd/ShadowSocks/ShadowSocks/pcre/arm64/share/doc/pcre/html/pcre_jit_stack_free.html
new file mode 100644
index 00000000..8bd06e46
--- /dev/null
+++ b/client/3rd/ShadowSocks/ShadowSocks/pcre/arm64/share/doc/pcre/html/pcre_jit_stack_free.html
@@ -0,0 +1,48 @@
+<html>
+<head>
+<title>pcre_jit_stack_free specification</title>
+</head>
+<body bgcolor="#FFFFFF" text="#00005A" link="#0066FF" alink="#3399FF" vlink="#2222BB">
+<h1>pcre_jit_stack_free man page</h1>
+<p>
+Return to the <a href="index.html">PCRE index page</a>.
+</p>
+<p>
+This page is part of the PCRE HTML documentation. It was generated automatically
+from the original man page. If there is any nonsense in it, please consult the
+man page, in case the conversion went wrong.
+<br>
+<br><b>
+SYNOPSIS
+</b><br>
+<P>
+<b>#include &#60;pcre.h&#62;</b>
+</P>
+<P>
+<b>void pcre_jit_stack_free(pcre_jit_stack *<i>stack</i>);</b>
+</P>
+<P>
+<b>void pcre16_jit_stack_free(pcre16_jit_stack *<i>stack</i>);</b>
+</P>
+<P>
+<b>void pcre32_jit_stack_free(pcre32_jit_stack *<i>stack</i>);</b>
+</P>
+<br><b>
+DESCRIPTION
+</b><br>
+<P>
+This function is used to free a JIT stack that was created by
+<b>pcre[16|32]_jit_stack_alloc()</b> when it is no longer needed. For more details,
+see the
+<a href="pcrejit.html"><b>pcrejit</b></a>
+page.
+</P>
+<P>
+There is a complete description of the PCRE native API in the
+<a href="pcreapi.html"><b>pcreapi</b></a>
+page and a description of the POSIX API in the
+<a href="pcreposix.html"><b>pcreposix</b></a>
+page.
+<p>
+Return to the <a href="index.html">PCRE index page</a>.
+</p>
diff --git a/client/3rd/ShadowSocks/ShadowSocks/pcre/arm64/share/doc/pcre/html/pcre_maketables.html b/client/3rd/ShadowSocks/ShadowSocks/pcre/arm64/share/doc/pcre/html/pcre_maketables.html
new file mode 100644
index 00000000..3a7b5ebc
--- /dev/null
+++ b/client/3rd/ShadowSocks/ShadowSocks/pcre/arm64/share/doc/pcre/html/pcre_maketables.html
@@ -0,0 +1,48 @@
+<html>
+<head>
+<title>pcre_maketables specification</title>
+</head>
+<body bgcolor="#FFFFFF" text="#00005A" link="#0066FF" alink="#3399FF" vlink="#2222BB">
+<h1>pcre_maketables man page</h1>
+<p>
+Return to the <a href="index.html">PCRE index page</a>.
+</p>
+<p>
+This page is part of the PCRE HTML documentation. It was generated automatically
+from the original man page. If there is any nonsense in it, please consult the
+man page, in case the conversion went wrong.
+<br>
+<br><b>
+SYNOPSIS
+</b><br>
+<P>
+<b>#include &#60;pcre.h&#62;</b>
+</P>
+<P>
+<b>const unsigned char *pcre_maketables(void);</b>
+</P>
+<P>
+<b>const unsigned char *pcre16_maketables(void);</b>
+</P>
+<P>
+<b>const unsigned char *pcre32_maketables(void);</b>
+</P>
+<br><b>
+DESCRIPTION
+</b><br>
+<P>
+This function builds a set of character tables for character values less than
+256. These can be passed to <b>pcre[16|32]_compile()</b> to override PCRE's
+internal, built-in tables (which were made by <b>pcre[16|32]_maketables()</b> when
+PCRE was compiled). You might want to do this if you are using a non-standard
+locale. The function yields a pointer to the tables.
+</P>
+<P>
+There is a complete description of the PCRE native API in the
+<a href="pcreapi.html"><b>pcreapi</b></a>
+page and a description of the POSIX API in the
+<a href="pcreposix.html"><b>pcreposix</b></a>
+page.
+<p>
+Return to the <a href="index.html">PCRE index page</a>.
+</p>
diff --git a/client/3rd/ShadowSocks/ShadowSocks/pcre/arm64/share/doc/pcre/html/pcre_pattern_to_host_byte_order.html b/client/3rd/ShadowSocks/ShadowSocks/pcre/arm64/share/doc/pcre/html/pcre_pattern_to_host_byte_order.html
new file mode 100644
index 00000000..1b1c8037
--- /dev/null
+++ b/client/3rd/ShadowSocks/ShadowSocks/pcre/arm64/share/doc/pcre/html/pcre_pattern_to_host_byte_order.html
@@ -0,0 +1,58 @@
+<html>
+<head>
+<title>pcre_pattern_to_host_byte_order specification</title>
+</head>
+<body bgcolor="#FFFFFF" text="#00005A" link="#0066FF" alink="#3399FF" vlink="#2222BB">
+<h1>pcre_pattern_to_host_byte_order man page</h1>
+<p>
+Return to the <a href="index.html">PCRE index page</a>.
+</p>
+<p>
+This page is part of the PCRE HTML documentation. It was generated automatically
+from the original man page. If there is any nonsense in it, please consult the
+man page, in case the conversion went wrong.
+<br>
+<br><b>
+SYNOPSIS
+</b><br>
+<P>
+<b>#include &#60;pcre.h&#62;</b>
+</P>
+<P>
+<b>int pcre_pattern_to_host_byte_order(pcre *<i>code</i>,</b>
+<b>     pcre_extra *<i>extra</i>, const unsigned char *<i>tables</i>);</b>
+<br>
+<br>
+<b>int pcre16_pattern_to_host_byte_order(pcre16 *<i>code</i>,</b>
+<b>     pcre16_extra *<i>extra</i>, const unsigned char *<i>tables</i>);</b>
+<br>
+<br>
+<b>int pcre32_pattern_to_host_byte_order(pcre32 *<i>code</i>,</b>
+<b>     pcre32_extra *<i>extra</i>, const unsigned char *<i>tables</i>);</b>
+</P>
+<br><b>
+DESCRIPTION
+</b><br>
+<P>
+This function ensures that the bytes in 2-byte and 4-byte values in a compiled
+pattern are in the correct order for the current host. It is useful when a
+pattern that has been compiled on one host is transferred to another that might
+have different endianness. The arguments are:
+<pre>
+  <i>code</i>         A compiled regular expression
+  <i>extra</i>        Points to an associated <b>pcre[16|32]_extra</b> structure,
+                 or is NULL
+  <i>tables</i>       Pointer to character tables, or NULL to
+                 set the built-in default
+</pre>
+The result is 0 for success, a negative PCRE_ERROR_xxx value otherwise.
+</P>
+<P>
+There is a complete description of the PCRE native API in the
+<a href="pcreapi.html"><b>pcreapi</b></a>
+page and a description of the POSIX API in the
+<a href="pcreposix.html"><b>pcreposix</b></a>
+page.
+<p>
+Return to the <a href="index.html">PCRE index page</a>.
+</p>
diff --git a/client/3rd/ShadowSocks/ShadowSocks/pcre/arm64/share/doc/pcre/html/pcre_refcount.html b/client/3rd/ShadowSocks/ShadowSocks/pcre/arm64/share/doc/pcre/html/pcre_refcount.html
new file mode 100644
index 00000000..bfb92e6d
--- /dev/null
+++ b/client/3rd/ShadowSocks/ShadowSocks/pcre/arm64/share/doc/pcre/html/pcre_refcount.html
@@ -0,0 +1,51 @@
+<html>
+<head>
+<title>pcre_refcount specification</title>
+</head>
+<body bgcolor="#FFFFFF" text="#00005A" link="#0066FF" alink="#3399FF" vlink="#2222BB">
+<h1>pcre_refcount man page</h1>
+<p>
+Return to the <a href="index.html">PCRE index page</a>.
+</p>
+<p>
+This page is part of the PCRE HTML documentation. It was generated automatically
+from the original man page. If there is any nonsense in it, please consult the
+man page, in case the conversion went wrong.
+<br>
+<br><b>
+SYNOPSIS
+</b><br>
+<P>
+<b>#include &#60;pcre.h&#62;</b>
+</P>
+<P>
+<b>int pcre_refcount(pcre *<i>code</i>, int <i>adjust</i>);</b>
+</P>
+<P>
+<b>int pcre16_refcount(pcre16 *<i>code</i>, int <i>adjust</i>);</b>
+</P>
+<P>
+<b>int pcre32_refcount(pcre32 *<i>code</i>, int <i>adjust</i>);</b>
+</P>
+<br><b>
+DESCRIPTION
+</b><br>
+<P>
+This function is used to maintain a reference count inside a data block that
+contains a compiled pattern. Its arguments are:
+<pre>
+  <i>code</i>                      Compiled regular expression
+  <i>adjust</i>                    Adjustment to reference value
+</pre>
+The yield of the function is the adjusted reference value, which is constrained
+to lie between 0 and 65535.
+</P>
+<P>
+There is a complete description of the PCRE native API in the
+<a href="pcreapi.html"><b>pcreapi</b></a>
+page and a description of the POSIX API in the
+<a href="pcreposix.html"><b>pcreposix</b></a>
+page.
+<p>
+Return to the <a href="index.html">PCRE index page</a>.
+</p>
diff --git a/client/3rd/ShadowSocks/ShadowSocks/pcre/arm64/share/doc/pcre/html/pcre_study.html b/client/3rd/ShadowSocks/ShadowSocks/pcre/arm64/share/doc/pcre/html/pcre_study.html
new file mode 100644
index 00000000..af82f114
--- /dev/null
+++ b/client/3rd/ShadowSocks/ShadowSocks/pcre/arm64/share/doc/pcre/html/pcre_study.html
@@ -0,0 +1,68 @@
+<html>
+<head>
+<title>pcre_study specification</title>
+</head>
+<body bgcolor="#FFFFFF" text="#00005A" link="#0066FF" alink="#3399FF" vlink="#2222BB">
+<h1>pcre_study man page</h1>
+<p>
+Return to the <a href="index.html">PCRE index page</a>.
+</p>
+<p>
+This page is part of the PCRE HTML documentation. It was generated automatically
+from the original man page. If there is any nonsense in it, please consult the
+man page, in case the conversion went wrong.
+<br>
+<br><b>
+SYNOPSIS
+</b><br>
+<P>
+<b>#include &#60;pcre.h&#62;</b>
+</P>
+<P>
+<b>pcre_extra *pcre_study(const pcre *<i>code</i>, int <i>options</i>,</b>
+<b>     const char **<i>errptr</i>);</b>
+<br>
+<br>
+<b>pcre16_extra *pcre16_study(const pcre16 *<i>code</i>, int <i>options</i>,</b>
+<b>     const char **<i>errptr</i>);</b>
+<br>
+<br>
+<b>pcre32_extra *pcre32_study(const pcre32 *<i>code</i>, int <i>options</i>,</b>
+<b>     const char **<i>errptr</i>);</b>
+</P>
+<br><b>
+DESCRIPTION
+</b><br>
+<P>
+This function studies a compiled pattern, to see if additional information can
+be extracted that might speed up matching. Its arguments are:
+<pre>
+  <i>code</i>       A compiled regular expression
+  <i>options</i>    Options for <b>pcre[16|32]_study()</b>
+  <i>errptr</i>     Where to put an error message
+</pre>
+If the function succeeds, it returns a value that can be passed to
+<b>pcre[16|32]_exec()</b> or <b>pcre[16|32]_dfa_exec()</b> via their <i>extra</i>
+arguments.
+</P>
+<P>
+If the function returns NULL, either it could not find any additional
+information, or there was an error. You can tell the difference by looking at
+the error value. It is NULL in first case.
+</P>
+<P>
+The only option is PCRE_STUDY_JIT_COMPILE. It requests just-in-time compilation
+if possible. If PCRE has been compiled without JIT support, this option is
+ignored. See the
+<a href="pcrejit.html"><b>pcrejit</b></a>
+page for further details.
+</P>
+<P>
+There is a complete description of the PCRE native API in the
+<a href="pcreapi.html"><b>pcreapi</b></a>
+page and a description of the POSIX API in the
+<a href="pcreposix.html"><b>pcreposix</b></a>
+page.
+<p>
+Return to the <a href="index.html">PCRE index page</a>.
+</p>
diff --git a/client/3rd/ShadowSocks/ShadowSocks/pcre/arm64/share/doc/pcre/html/pcre_utf16_to_host_byte_order.html b/client/3rd/ShadowSocks/ShadowSocks/pcre/arm64/share/doc/pcre/html/pcre_utf16_to_host_byte_order.html
new file mode 100644
index 00000000..18e7788f
--- /dev/null
+++ b/client/3rd/ShadowSocks/ShadowSocks/pcre/arm64/share/doc/pcre/html/pcre_utf16_to_host_byte_order.html
@@ -0,0 +1,57 @@
+<html>
+<head>
+<title>pcre_utf16_to_host_byte_order specification</title>
+</head>
+<body bgcolor="#FFFFFF" text="#00005A" link="#0066FF" alink="#3399FF" vlink="#2222BB">
+<h1>pcre_utf16_to_host_byte_order man page</h1>
+<p>
+Return to the <a href="index.html">PCRE index page</a>.
+</p>
+<p>
+This page is part of the PCRE HTML documentation. It was generated automatically
+from the original man page. If there is any nonsense in it, please consult the
+man page, in case the conversion went wrong.
+<br>
+<br><b>
+SYNOPSIS
+</b><br>
+<P>
+<b>#include &#60;pcre.h&#62;</b>
+</P>
+<P>
+<b>int pcre16_utf16_to_host_byte_order(PCRE_UCHAR16 *<i>output</i>,</b>
+<b>     PCRE_SPTR16 <i>input</i>, int <i>length</i>, int *<i>host_byte_order</i>,</b>
+<b>     int <i>keep_boms</i>);</b>
+</P>
+<br><b>
+DESCRIPTION
+</b><br>
+<P>
+This function, which exists only in the 16-bit library, converts a UTF-16
+string to the correct order for the current host, taking account of any byte
+order marks (BOMs) within the string. Its arguments are:
+<pre>
+  <i>output</i>           pointer to output buffer, may be the same as <i>input</i>
+  <i>input</i>            pointer to input buffer
+  <i>length</i>           number of 16-bit units in the input, or negative for
+                     a zero-terminated string
+  <i>host_byte_order</i>  a NULL value or a non-zero value pointed to means
+                     start in host byte order
+  <i>keep_boms</i>        if non-zero, BOMs are copied to the output string
+</pre>
+The result of the function is the number of 16-bit units placed into the output
+buffer, including the zero terminator if the string was zero-terminated.
+</P>
+<P>
+If <i>host_byte_order</i> is not NULL, it is set to indicate the byte order that
+is current at the end of the string.
+</P>
+<P>
+There is a complete description of the PCRE native API in the
+<a href="pcreapi.html"><b>pcreapi</b></a>
+page and a description of the POSIX API in the
+<a href="pcreposix.html"><b>pcreposix</b></a>
+page.
+<p>
+Return to the <a href="index.html">PCRE index page</a>.
+</p>
diff --git a/client/3rd/ShadowSocks/ShadowSocks/pcre/arm64/share/doc/pcre/html/pcre_utf32_to_host_byte_order.html b/client/3rd/ShadowSocks/ShadowSocks/pcre/arm64/share/doc/pcre/html/pcre_utf32_to_host_byte_order.html
new file mode 100644
index 00000000..772ae40c
--- /dev/null
+++ b/client/3rd/ShadowSocks/ShadowSocks/pcre/arm64/share/doc/pcre/html/pcre_utf32_to_host_byte_order.html
@@ -0,0 +1,57 @@
+<html>
+<head>
+<title>pcre_utf32_to_host_byte_order specification</title>
+</head>
+<body bgcolor="#FFFFFF" text="#00005A" link="#0066FF" alink="#3399FF" vlink="#2222BB">
+<h1>pcre_utf32_to_host_byte_order man page</h1>
+<p>
+Return to the <a href="index.html">PCRE index page</a>.
+</p>
+<p>
+This page is part of the PCRE HTML documentation. It was generated automatically
+from the original man page. If there is any nonsense in it, please consult the
+man page, in case the conversion went wrong.
+<br>
+<br><b>
+SYNOPSIS
+</b><br>
+<P>
+<b>#include &#60;pcre.h&#62;</b>
+</P>
+<P>
+<b>int pcre32_utf32_to_host_byte_order(PCRE_UCHAR32 *<i>output</i>,</b>
+<b>     PCRE_SPTR32 <i>input</i>, int <i>length</i>, int *<i>host_byte_order</i>,</b>
+<b>     int <i>keep_boms</i>);</b>
+</P>
+<br><b>
+DESCRIPTION
+</b><br>
+<P>
+This function, which exists only in the 32-bit library, converts a UTF-32
+string to the correct order for the current host, taking account of any byte
+order marks (BOMs) within the string. Its arguments are:
+<pre>
+  <i>output</i>           pointer to output buffer, may be the same as <i>input</i>
+  <i>input</i>            pointer to input buffer
+  <i>length</i>           number of 32-bit units in the input, or negative for
+                     a zero-terminated string
+  <i>host_byte_order</i>  a NULL value or a non-zero value pointed to means
+                     start in host byte order
+  <i>keep_boms</i>        if non-zero, BOMs are copied to the output string
+</pre>
+The result of the function is the number of 32-bit units placed into the output
+buffer, including the zero terminator if the string was zero-terminated.
+</P>
+<P>
+If <i>host_byte_order</i> is not NULL, it is set to indicate the byte order that
+is current at the end of the string.
+</P>
+<P>
+There is a complete description of the PCRE native API in the
+<a href="pcreapi.html"><b>pcreapi</b></a>
+page and a description of the POSIX API in the
+<a href="pcreposix.html"><b>pcreposix</b></a>
+page.
+<p>
+Return to the <a href="index.html">PCRE index page</a>.
+</p>
diff --git a/client/3rd/ShadowSocks/ShadowSocks/pcre/arm64/share/doc/pcre/html/pcre_version.html b/client/3rd/ShadowSocks/ShadowSocks/pcre/arm64/share/doc/pcre/html/pcre_version.html
new file mode 100644
index 00000000..d33e7189
--- /dev/null
+++ b/client/3rd/ShadowSocks/ShadowSocks/pcre/arm64/share/doc/pcre/html/pcre_version.html
@@ -0,0 +1,46 @@
+<html>
+<head>
+<title>pcre_version specification</title>
+</head>
+<body bgcolor="#FFFFFF" text="#00005A" link="#0066FF" alink="#3399FF" vlink="#2222BB">
+<h1>pcre_version man page</h1>
+<p>
+Return to the <a href="index.html">PCRE index page</a>.
+</p>
+<p>
+This page is part of the PCRE HTML documentation. It was generated automatically
+from the original man page. If there is any nonsense in it, please consult the
+man page, in case the conversion went wrong.
+<br>
+<br><b>
+SYNOPSIS
+</b><br>
+<P>
+<b>#include &#60;pcre.h&#62;</b>
+</P>
+<P>
+<b>const char *pcre_version(void);</b>
+</P>
+<P>
+<b>const char *pcre16_version(void);</b>
+</P>
+<P>
+<b>const char *pcre32_version(void);</b>
+</P>
+<br><b>
+DESCRIPTION
+</b><br>
+<P>
+This function (even in the 16-bit and 32-bit libraries) returns a
+zero-terminated, 8-bit character string that gives the version number of the
+PCRE library and the date of its release.
+</P>
+<P>
+There is a complete description of the PCRE native API in the
+<a href="pcreapi.html"><b>pcreapi</b></a>
+page and a description of the POSIX API in the
+<a href="pcreposix.html"><b>pcreposix</b></a>
+page.
+<p>
+Return to the <a href="index.html">PCRE index page</a>.
+</p>
diff --git a/client/3rd/ShadowSocks/ShadowSocks/pcre/arm64/share/doc/pcre/html/pcreapi.html b/client/3rd/ShadowSocks/ShadowSocks/pcre/arm64/share/doc/pcre/html/pcreapi.html
new file mode 100644
index 00000000..2d7adf18
--- /dev/null
+++ b/client/3rd/ShadowSocks/ShadowSocks/pcre/arm64/share/doc/pcre/html/pcreapi.html
@@ -0,0 +1,2921 @@
+<html>
+<head>
+<title>pcreapi specification</title>
+</head>
+<body bgcolor="#FFFFFF" text="#00005A" link="#0066FF" alink="#3399FF" vlink="#2222BB">
+<h1>pcreapi man page</h1>
+<p>
+Return to the <a href="index.html">PCRE index page</a>.
+</p>
+<p>
+This page is part of the PCRE HTML documentation. It was generated automatically
+from the original man page. If there is any nonsense in it, please consult the
+man page, in case the conversion went wrong.
+<br>
+<ul>
+<li><a name="TOC1" href="#SEC1">PCRE NATIVE API BASIC FUNCTIONS</a>
+<li><a name="TOC2" href="#SEC2">PCRE NATIVE API STRING EXTRACTION FUNCTIONS</a>
+<li><a name="TOC3" href="#SEC3">PCRE NATIVE API AUXILIARY FUNCTIONS</a>
+<li><a name="TOC4" href="#SEC4">PCRE NATIVE API INDIRECTED FUNCTIONS</a>
+<li><a name="TOC5" href="#SEC5">PCRE 8-BIT, 16-BIT, AND 32-BIT LIBRARIES</a>
+<li><a name="TOC6" href="#SEC6">PCRE API OVERVIEW</a>
+<li><a name="TOC7" href="#SEC7">NEWLINES</a>
+<li><a name="TOC8" href="#SEC8">MULTITHREADING</a>
+<li><a name="TOC9" href="#SEC9">SAVING PRECOMPILED PATTERNS FOR LATER USE</a>
+<li><a name="TOC10" href="#SEC10">CHECKING BUILD-TIME OPTIONS</a>
+<li><a name="TOC11" href="#SEC11">COMPILING A PATTERN</a>
+<li><a name="TOC12" href="#SEC12">COMPILATION ERROR CODES</a>
+<li><a name="TOC13" href="#SEC13">STUDYING A PATTERN</a>
+<li><a name="TOC14" href="#SEC14">LOCALE SUPPORT</a>
+<li><a name="TOC15" href="#SEC15">INFORMATION ABOUT A PATTERN</a>
+<li><a name="TOC16" href="#SEC16">REFERENCE COUNTS</a>
+<li><a name="TOC17" href="#SEC17">MATCHING A PATTERN: THE TRADITIONAL FUNCTION</a>
+<li><a name="TOC18" href="#SEC18">EXTRACTING CAPTURED SUBSTRINGS BY NUMBER</a>
+<li><a name="TOC19" href="#SEC19">EXTRACTING CAPTURED SUBSTRINGS BY NAME</a>
+<li><a name="TOC20" href="#SEC20">DUPLICATE SUBPATTERN NAMES</a>
+<li><a name="TOC21" href="#SEC21">FINDING ALL POSSIBLE MATCHES</a>
+<li><a name="TOC22" href="#SEC22">OBTAINING AN ESTIMATE OF STACK USAGE</a>
+<li><a name="TOC23" href="#SEC23">MATCHING A PATTERN: THE ALTERNATIVE FUNCTION</a>
+<li><a name="TOC24" href="#SEC24">SEE ALSO</a>
+<li><a name="TOC25" href="#SEC25">AUTHOR</a>
+<li><a name="TOC26" href="#SEC26">REVISION</a>
+</ul>
+<P>
+<b>#include &#60;pcre.h&#62;</b>
+</P>
+<br><a name="SEC1" href="#TOC1">PCRE NATIVE API BASIC FUNCTIONS</a><br>
+<P>
+<b>pcre *pcre_compile(const char *<i>pattern</i>, int <i>options</i>,</b>
+<b>     const char **<i>errptr</i>, int *<i>erroffset</i>,</b>
+<b>     const unsigned char *<i>tableptr</i>);</b>
+<br>
+<br>
+<b>pcre *pcre_compile2(const char *<i>pattern</i>, int <i>options</i>,</b>
+<b>     int *<i>errorcodeptr</i>,</b>
+<b>     const char **<i>errptr</i>, int *<i>erroffset</i>,</b>
+<b>     const unsigned char *<i>tableptr</i>);</b>
+<br>
+<br>
+<b>pcre_extra *pcre_study(const pcre *<i>code</i>, int <i>options</i>,</b>
+<b>     const char **<i>errptr</i>);</b>
+<br>
+<br>
+<b>void pcre_free_study(pcre_extra *<i>extra</i>);</b>
+<br>
+<br>
+<b>int pcre_exec(const pcre *<i>code</i>, const pcre_extra *<i>extra</i>,</b>
+<b>     const char *<i>subject</i>, int <i>length</i>, int <i>startoffset</i>,</b>
+<b>     int <i>options</i>, int *<i>ovector</i>, int <i>ovecsize</i>);</b>
+<br>
+<br>
+<b>int pcre_dfa_exec(const pcre *<i>code</i>, const pcre_extra *<i>extra</i>,</b>
+<b>     const char *<i>subject</i>, int <i>length</i>, int <i>startoffset</i>,</b>
+<b>     int <i>options</i>, int *<i>ovector</i>, int <i>ovecsize</i>,</b>
+<b>     int *<i>workspace</i>, int <i>wscount</i>);</b>
+</P>
+<br><a name="SEC2" href="#TOC1">PCRE NATIVE API STRING EXTRACTION FUNCTIONS</a><br>
+<P>
+<b>int pcre_copy_named_substring(const pcre *<i>code</i>,</b>
+<b>     const char *<i>subject</i>, int *<i>ovector</i>,</b>
+<b>     int <i>stringcount</i>, const char *<i>stringname</i>,</b>
+<b>     char *<i>buffer</i>, int <i>buffersize</i>);</b>
+<br>
+<br>
+<b>int pcre_copy_substring(const char *<i>subject</i>, int *<i>ovector</i>,</b>
+<b>     int <i>stringcount</i>, int <i>stringnumber</i>, char *<i>buffer</i>,</b>
+<b>     int <i>buffersize</i>);</b>
+<br>
+<br>
+<b>int pcre_get_named_substring(const pcre *<i>code</i>,</b>
+<b>     const char *<i>subject</i>, int *<i>ovector</i>,</b>
+<b>     int <i>stringcount</i>, const char *<i>stringname</i>,</b>
+<b>     const char **<i>stringptr</i>);</b>
+<br>
+<br>
+<b>int pcre_get_stringnumber(const pcre *<i>code</i>,</b>
+<b>     const char *<i>name</i>);</b>
+<br>
+<br>
+<b>int pcre_get_stringtable_entries(const pcre *<i>code</i>,</b>
+<b>     const char *<i>name</i>, char **<i>first</i>, char **<i>last</i>);</b>
+<br>
+<br>
+<b>int pcre_get_substring(const char *<i>subject</i>, int *<i>ovector</i>,</b>
+<b>     int <i>stringcount</i>, int <i>stringnumber</i>,</b>
+<b>     const char **<i>stringptr</i>);</b>
+<br>
+<br>
+<b>int pcre_get_substring_list(const char *<i>subject</i>,</b>
+<b>     int *<i>ovector</i>, int <i>stringcount</i>, const char ***<i>listptr</i>);</b>
+<br>
+<br>
+<b>void pcre_free_substring(const char *<i>stringptr</i>);</b>
+<br>
+<br>
+<b>void pcre_free_substring_list(const char **<i>stringptr</i>);</b>
+</P>
+<br><a name="SEC3" href="#TOC1">PCRE NATIVE API AUXILIARY FUNCTIONS</a><br>
+<P>
+<b>int pcre_jit_exec(const pcre *<i>code</i>, const pcre_extra *<i>extra</i>,</b>
+<b>     const char *<i>subject</i>, int <i>length</i>, int <i>startoffset</i>,</b>
+<b>     int <i>options</i>, int *<i>ovector</i>, int <i>ovecsize</i>,</b>
+<b>     pcre_jit_stack *<i>jstack</i>);</b>
+<br>
+<br>
+<b>pcre_jit_stack *pcre_jit_stack_alloc(int <i>startsize</i>, int <i>maxsize</i>);</b>
+<br>
+<br>
+<b>void pcre_jit_stack_free(pcre_jit_stack *<i>stack</i>);</b>
+<br>
+<br>
+<b>void pcre_assign_jit_stack(pcre_extra *<i>extra</i>,</b>
+<b>     pcre_jit_callback <i>callback</i>, void *<i>data</i>);</b>
+<br>
+<br>
+<b>const unsigned char *pcre_maketables(void);</b>
+<br>
+<br>
+<b>int pcre_fullinfo(const pcre *<i>code</i>, const pcre_extra *<i>extra</i>,</b>
+<b>     int <i>what</i>, void *<i>where</i>);</b>
+<br>
+<br>
+<b>int pcre_refcount(pcre *<i>code</i>, int <i>adjust</i>);</b>
+<br>
+<br>
+<b>int pcre_config(int <i>what</i>, void *<i>where</i>);</b>
+<br>
+<br>
+<b>const char *pcre_version(void);</b>
+<br>
+<br>
+<b>int pcre_pattern_to_host_byte_order(pcre *<i>code</i>,</b>
+<b>     pcre_extra *<i>extra</i>, const unsigned char *<i>tables</i>);</b>
+</P>
+<br><a name="SEC4" href="#TOC1">PCRE NATIVE API INDIRECTED FUNCTIONS</a><br>
+<P>
+<b>void *(*pcre_malloc)(size_t);</b>
+<br>
+<br>
+<b>void (*pcre_free)(void *);</b>
+<br>
+<br>
+<b>void *(*pcre_stack_malloc)(size_t);</b>
+<br>
+<br>
+<b>void (*pcre_stack_free)(void *);</b>
+<br>
+<br>
+<b>int (*pcre_callout)(pcre_callout_block *);</b>
+<br>
+<br>
+<b>int (*pcre_stack_guard)(void);</b>
+</P>
+<br><a name="SEC5" href="#TOC1">PCRE 8-BIT, 16-BIT, AND 32-BIT LIBRARIES</a><br>
+<P>
+As well as support for 8-bit character strings, PCRE also supports 16-bit
+strings (from release 8.30) and 32-bit strings (from release 8.32), by means of
+two additional libraries. They can be built as well as, or instead of, the
+8-bit library. To avoid too much complication, this document describes the
+8-bit versions of the functions, with only occasional references to the 16-bit
+and 32-bit libraries.
+</P>
+<P>
+The 16-bit and 32-bit functions operate in the same way as their 8-bit
+counterparts; they just use different data types for their arguments and
+results, and their names start with <b>pcre16_</b> or <b>pcre32_</b> instead of
+<b>pcre_</b>. For every option that has UTF8 in its name (for example,
+PCRE_UTF8), there are corresponding 16-bit and 32-bit names with UTF8 replaced
+by UTF16 or UTF32, respectively. This facility is in fact just cosmetic; the
+16-bit and 32-bit option names define the same bit values.
+</P>
+<P>
+References to bytes and UTF-8 in this document should be read as references to
+16-bit data units and UTF-16 when using the 16-bit library, or 32-bit data
+units and UTF-32 when using the 32-bit library, unless specified otherwise.
+More details of the specific differences for the 16-bit and 32-bit libraries
+are given in the
+<a href="pcre16.html"><b>pcre16</b></a>
+and
+<a href="pcre32.html"><b>pcre32</b></a>
+pages.
+</P>
+<br><a name="SEC6" href="#TOC1">PCRE API OVERVIEW</a><br>
+<P>
+PCRE has its own native API, which is described in this document. There are
+also some wrapper functions (for the 8-bit library only) that correspond to the
+POSIX regular expression API, but they do not give access to all the
+functionality. They are described in the
+<a href="pcreposix.html"><b>pcreposix</b></a>
+documentation. Both of these APIs define a set of C function calls. A C++
+wrapper (again for the 8-bit library only) is also distributed with PCRE. It is
+documented in the
+<a href="pcrecpp.html"><b>pcrecpp</b></a>
+page.
+</P>
+<P>
+The native API C function prototypes are defined in the header file
+<b>pcre.h</b>, and on Unix-like systems the (8-bit) library itself is called
+<b>libpcre</b>. It can normally be accessed by adding <b>-lpcre</b> to the
+command for linking an application that uses PCRE. The header file defines the
+macros PCRE_MAJOR and PCRE_MINOR to contain the major and minor release numbers
+for the library. Applications can use these to include support for different
+releases of PCRE.
+</P>
+<P>
+In a Windows environment, if you want to statically link an application program
+against a non-dll <b>pcre.a</b> file, you must define PCRE_STATIC before
+including <b>pcre.h</b> or <b>pcrecpp.h</b>, because otherwise the
+<b>pcre_malloc()</b> and <b>pcre_free()</b> exported functions will be declared
+<b>__declspec(dllimport)</b>, with unwanted results.
+</P>
+<P>
+The functions <b>pcre_compile()</b>, <b>pcre_compile2()</b>, <b>pcre_study()</b>,
+and <b>pcre_exec()</b> are used for compiling and matching regular expressions
+in a Perl-compatible manner. A sample program that demonstrates the simplest
+way of using them is provided in the file called <i>pcredemo.c</i> in the PCRE
+source distribution. A listing of this program is given in the
+<a href="pcredemo.html"><b>pcredemo</b></a>
+documentation, and the
+<a href="pcresample.html"><b>pcresample</b></a>
+documentation describes how to compile and run it.
+</P>
+<P>
+Just-in-time compiler support is an optional feature of PCRE that can be built
+in appropriate hardware environments. It greatly speeds up the matching
+performance of many patterns. Simple programs can easily request that it be
+used if available, by setting an option that is ignored when it is not
+relevant. More complicated programs might need to make use of the functions
+<b>pcre_jit_stack_alloc()</b>, <b>pcre_jit_stack_free()</b>, and
+<b>pcre_assign_jit_stack()</b> in order to control the JIT code's memory usage.
+</P>
+<P>
+From release 8.32 there is also a direct interface for JIT execution, which
+gives improved performance. The JIT-specific functions are discussed in the
+<a href="pcrejit.html"><b>pcrejit</b></a>
+documentation.
+</P>
+<P>
+A second matching function, <b>pcre_dfa_exec()</b>, which is not
+Perl-compatible, is also provided. This uses a different algorithm for the
+matching. The alternative algorithm finds all possible matches (at a given
+point in the subject), and scans the subject just once (unless there are
+lookbehind assertions). However, this algorithm does not return captured
+substrings. A description of the two matching algorithms and their advantages
+and disadvantages is given in the
+<a href="pcrematching.html"><b>pcrematching</b></a>
+documentation.
+</P>
+<P>
+In addition to the main compiling and matching functions, there are convenience
+functions for extracting captured substrings from a subject string that is
+matched by <b>pcre_exec()</b>. They are:
+<pre>
+  <b>pcre_copy_substring()</b>
+  <b>pcre_copy_named_substring()</b>
+  <b>pcre_get_substring()</b>
+  <b>pcre_get_named_substring()</b>
+  <b>pcre_get_substring_list()</b>
+  <b>pcre_get_stringnumber()</b>
+  <b>pcre_get_stringtable_entries()</b>
+</pre>
+<b>pcre_free_substring()</b> and <b>pcre_free_substring_list()</b> are also
+provided, to free the memory used for extracted strings.
+</P>
+<P>
+The function <b>pcre_maketables()</b> is used to build a set of character tables
+in the current locale for passing to <b>pcre_compile()</b>, <b>pcre_exec()</b>,
+or <b>pcre_dfa_exec()</b>. This is an optional facility that is provided for
+specialist use. Most commonly, no special tables are passed, in which case
+internal tables that are generated when PCRE is built are used.
+</P>
+<P>
+The function <b>pcre_fullinfo()</b> is used to find out information about a
+compiled pattern. The function <b>pcre_version()</b> returns a pointer to a
+string containing the version of PCRE and its date of release.
+</P>
+<P>
+The function <b>pcre_refcount()</b> maintains a reference count in a data block
+containing a compiled pattern. This is provided for the benefit of
+object-oriented applications.
+</P>
+<P>
+The global variables <b>pcre_malloc</b> and <b>pcre_free</b> initially contain
+the entry points of the standard <b>malloc()</b> and <b>free()</b> functions,
+respectively. PCRE calls the memory management functions via these variables,
+so a calling program can replace them if it wishes to intercept the calls. This
+should be done before calling any PCRE functions.
+</P>
+<P>
+The global variables <b>pcre_stack_malloc</b> and <b>pcre_stack_free</b> are also
+indirections to memory management functions. These special functions are used
+only when PCRE is compiled to use the heap for remembering data, instead of
+recursive function calls, when running the <b>pcre_exec()</b> function. See the
+<a href="pcrebuild.html"><b>pcrebuild</b></a>
+documentation for details of how to do this. It is a non-standard way of
+building PCRE, for use in environments that have limited stacks. Because of the
+greater use of memory management, it runs more slowly. Separate functions are
+provided so that special-purpose external code can be used for this case. When
+used, these functions always allocate memory blocks of the same size. There is
+a discussion about PCRE's stack usage in the
+<a href="pcrestack.html"><b>pcrestack</b></a>
+documentation.
+</P>
+<P>
+The global variable <b>pcre_callout</b> initially contains NULL. It can be set
+by the caller to a "callout" function, which PCRE will then call at specified
+points during a matching operation. Details are given in the
+<a href="pcrecallout.html"><b>pcrecallout</b></a>
+documentation.
+</P>
+<P>
+The global variable <b>pcre_stack_guard</b> initially contains NULL. It can be
+set by the caller to a function that is called by PCRE whenever it starts
+to compile a parenthesized part of a pattern. When parentheses are nested, PCRE
+uses recursive function calls, which use up the system stack. This function is
+provided so that applications with restricted stacks can force a compilation
+error if the stack runs out. The function should return zero if all is well, or
+non-zero to force an error.
+<a name="newlines"></a></P>
+<br><a name="SEC7" href="#TOC1">NEWLINES</a><br>
+<P>
+PCRE supports five different conventions for indicating line breaks in
+strings: a single CR (carriage return) character, a single LF (linefeed)
+character, the two-character sequence CRLF, any of the three preceding, or any
+Unicode newline sequence. The Unicode newline sequences are the three just
+mentioned, plus the single characters VT (vertical tab, U+000B), FF (form feed,
+U+000C), NEL (next line, U+0085), LS (line separator, U+2028), and PS
+(paragraph separator, U+2029).
+</P>
+<P>
+Each of the first three conventions is used by at least one operating system as
+its standard newline sequence. When PCRE is built, a default can be specified.
+The default default is LF, which is the Unix standard. When PCRE is run, the
+default can be overridden, either when a pattern is compiled, or when it is
+matched.
+</P>
+<P>
+At compile time, the newline convention can be specified by the <i>options</i>
+argument of <b>pcre_compile()</b>, or it can be specified by special text at the
+start of the pattern itself; this overrides any other settings. See the
+<a href="pcrepattern.html"><b>pcrepattern</b></a>
+page for details of the special character sequences.
+</P>
+<P>
+In the PCRE documentation the word "newline" is used to mean "the character or
+pair of characters that indicate a line break". The choice of newline
+convention affects the handling of the dot, circumflex, and dollar
+metacharacters, the handling of #-comments in /x mode, and, when CRLF is a
+recognized line ending sequence, the match position advancement for a
+non-anchored pattern. There is more detail about this in the
+<a href="#execoptions">section on <b>pcre_exec()</b> options</a>
+below.
+</P>
+<P>
+The choice of newline convention does not affect the interpretation of
+the \n or \r escape sequences, nor does it affect what \R matches, which is
+controlled in a similar way, but by separate options.
+</P>
+<br><a name="SEC8" href="#TOC1">MULTITHREADING</a><br>
+<P>
+The PCRE functions can be used in multi-threading applications, with the
+proviso that the memory management functions pointed to by <b>pcre_malloc</b>,
+<b>pcre_free</b>, <b>pcre_stack_malloc</b>, and <b>pcre_stack_free</b>, and the
+callout and stack-checking functions pointed to by <b>pcre_callout</b> and
+<b>pcre_stack_guard</b>, are shared by all threads.
+</P>
+<P>
+The compiled form of a regular expression is not altered during matching, so
+the same compiled pattern can safely be used by several threads at once.
+</P>
+<P>
+If the just-in-time optimization feature is being used, it needs separate
+memory stack areas for each thread. See the
+<a href="pcrejit.html"><b>pcrejit</b></a>
+documentation for more details.
+</P>
+<br><a name="SEC9" href="#TOC1">SAVING PRECOMPILED PATTERNS FOR LATER USE</a><br>
+<P>
+The compiled form of a regular expression can be saved and re-used at a later
+time, possibly by a different program, and even on a host other than the one on
+which it was compiled. Details are given in the
+<a href="pcreprecompile.html"><b>pcreprecompile</b></a>
+documentation, which includes a description of the
+<b>pcre_pattern_to_host_byte_order()</b> function. However, compiling a regular
+expression with one version of PCRE for use with a different version is not
+guaranteed to work and may cause crashes.
+</P>
+<br><a name="SEC10" href="#TOC1">CHECKING BUILD-TIME OPTIONS</a><br>
+<P>
+<b>int pcre_config(int <i>what</i>, void *<i>where</i>);</b>
+</P>
+<P>
+The function <b>pcre_config()</b> makes it possible for a PCRE client to
+discover which optional features have been compiled into the PCRE library. The
+<a href="pcrebuild.html"><b>pcrebuild</b></a>
+documentation has more details about these optional features.
+</P>
+<P>
+The first argument for <b>pcre_config()</b> is an integer, specifying which
+information is required; the second argument is a pointer to a variable into
+which the information is placed. The returned value is zero on success, or the
+negative error code PCRE_ERROR_BADOPTION if the value in the first argument is
+not recognized. The following information is available:
+<pre>
+  PCRE_CONFIG_UTF8
+</pre>
+The output is an integer that is set to one if UTF-8 support is available;
+otherwise it is set to zero. This value should normally be given to the 8-bit
+version of this function, <b>pcre_config()</b>. If it is given to the 16-bit
+or 32-bit version of this function, the result is PCRE_ERROR_BADOPTION.
+<pre>
+  PCRE_CONFIG_UTF16
+</pre>
+The output is an integer that is set to one if UTF-16 support is available;
+otherwise it is set to zero. This value should normally be given to the 16-bit
+version of this function, <b>pcre16_config()</b>. If it is given to the 8-bit
+or 32-bit version of this function, the result is PCRE_ERROR_BADOPTION.
+<pre>
+  PCRE_CONFIG_UTF32
+</pre>
+The output is an integer that is set to one if UTF-32 support is available;
+otherwise it is set to zero. This value should normally be given to the 32-bit
+version of this function, <b>pcre32_config()</b>. If it is given to the 8-bit
+or 16-bit version of this function, the result is PCRE_ERROR_BADOPTION.
+<pre>
+  PCRE_CONFIG_UNICODE_PROPERTIES
+</pre>
+The output is an integer that is set to one if support for Unicode character
+properties is available; otherwise it is set to zero.
+<pre>
+  PCRE_CONFIG_JIT
+</pre>
+The output is an integer that is set to one if support for just-in-time
+compiling is available; otherwise it is set to zero.
+<pre>
+  PCRE_CONFIG_JITTARGET
+</pre>
+The output is a pointer to a zero-terminated "const char *" string. If JIT
+support is available, the string contains the name of the architecture for
+which the JIT compiler is configured, for example "x86 32bit (little endian +
+unaligned)". If JIT support is not available, the result is NULL.
+<pre>
+  PCRE_CONFIG_NEWLINE
+</pre>
+The output is an integer whose value specifies the default character sequence
+that is recognized as meaning "newline". The values that are supported in
+ASCII/Unicode environments are: 10 for LF, 13 for CR, 3338 for CRLF, -2 for
+ANYCRLF, and -1 for ANY. In EBCDIC environments, CR, ANYCRLF, and ANY yield the
+same values. However, the value for LF is normally 21, though some EBCDIC
+environments use 37. The corresponding values for CRLF are 3349 and 3365. The
+default should normally correspond to the standard sequence for your operating
+system.
+<pre>
+  PCRE_CONFIG_BSR
+</pre>
+The output is an integer whose value indicates what character sequences the \R
+escape sequence matches by default. A value of 0 means that \R matches any
+Unicode line ending sequence; a value of 1 means that \R matches only CR, LF,
+or CRLF. The default can be overridden when a pattern is compiled or matched.
+<pre>
+  PCRE_CONFIG_LINK_SIZE
+</pre>
+The output is an integer that contains the number of bytes used for internal
+linkage in compiled regular expressions. For the 8-bit library, the value can
+be 2, 3, or 4. For the 16-bit library, the value is either 2 or 4 and is still
+a number of bytes. For the 32-bit library, the value is either 2 or 4 and is
+still a number of bytes. The default value of 2 is sufficient for all but the
+most massive patterns, since it allows the compiled pattern to be up to 64K in
+size. Larger values allow larger regular expressions to be compiled, at the
+expense of slower matching.
+<pre>
+  PCRE_CONFIG_POSIX_MALLOC_THRESHOLD
+</pre>
+The output is an integer that contains the threshold above which the POSIX
+interface uses <b>malloc()</b> for output vectors. Further details are given in
+the
+<a href="pcreposix.html"><b>pcreposix</b></a>
+documentation.
+<pre>
+  PCRE_CONFIG_PARENS_LIMIT
+</pre>
+The output is a long integer that gives the maximum depth of nesting of
+parentheses (of any kind) in a pattern. This limit is imposed to cap the amount
+of system stack used when a pattern is compiled. It is specified when PCRE is
+built; the default is 250. This limit does not take into account the stack that
+may already be used by the calling application. For finer control over
+compilation stack usage, you can set a pointer to an external checking function
+in <b>pcre_stack_guard</b>.
+<pre>
+  PCRE_CONFIG_MATCH_LIMIT
+</pre>
+The output is a long integer that gives the default limit for the number of
+internal matching function calls in a <b>pcre_exec()</b> execution. Further
+details are given with <b>pcre_exec()</b> below.
+<pre>
+  PCRE_CONFIG_MATCH_LIMIT_RECURSION
+</pre>
+The output is a long integer that gives the default limit for the depth of
+recursion when calling the internal matching function in a <b>pcre_exec()</b>
+execution. Further details are given with <b>pcre_exec()</b> below.
+<pre>
+  PCRE_CONFIG_STACKRECURSE
+</pre>
+The output is an integer that is set to one if internal recursion when running
+<b>pcre_exec()</b> is implemented by recursive function calls that use the stack
+to remember their state. This is the usual way that PCRE is compiled. The
+output is zero if PCRE was compiled to use blocks of data on the heap instead
+of recursive function calls. In this case, <b>pcre_stack_malloc</b> and
+<b>pcre_stack_free</b> are called to manage memory blocks on the heap, thus
+avoiding the use of the stack.
+</P>
+<br><a name="SEC11" href="#TOC1">COMPILING A PATTERN</a><br>
+<P>
+<b>pcre *pcre_compile(const char *<i>pattern</i>, int <i>options</i>,</b>
+<b>     const char **<i>errptr</i>, int *<i>erroffset</i>,</b>
+<b>     const unsigned char *<i>tableptr</i>);</b>
+<br>
+<br>
+<b>pcre *pcre_compile2(const char *<i>pattern</i>, int <i>options</i>,</b>
+<b>     int *<i>errorcodeptr</i>,</b>
+<b>     const char **<i>errptr</i>, int *<i>erroffset</i>,</b>
+<b>     const unsigned char *<i>tableptr</i>);</b>
+</P>
+<P>
+Either of the functions <b>pcre_compile()</b> or <b>pcre_compile2()</b> can be
+called to compile a pattern into an internal form. The only difference between
+the two interfaces is that <b>pcre_compile2()</b> has an additional argument,
+<i>errorcodeptr</i>, via which a numerical error code can be returned. To avoid
+too much repetition, we refer just to <b>pcre_compile()</b> below, but the
+information applies equally to <b>pcre_compile2()</b>.
+</P>
+<P>
+The pattern is a C string terminated by a binary zero, and is passed in the
+<i>pattern</i> argument. A pointer to a single block of memory that is obtained
+via <b>pcre_malloc</b> is returned. This contains the compiled code and related
+data. The <b>pcre</b> type is defined for the returned block; this is a typedef
+for a structure whose contents are not externally defined. It is up to the
+caller to free the memory (via <b>pcre_free</b>) when it is no longer required.
+</P>
+<P>
+Although the compiled code of a PCRE regex is relocatable, that is, it does not
+depend on memory location, the complete <b>pcre</b> data block is not
+fully relocatable, because it may contain a copy of the <i>tableptr</i>
+argument, which is an address (see below).
+</P>
+<P>
+The <i>options</i> argument contains various bit settings that affect the
+compilation. It should be zero if no options are required. The available
+options are described below. Some of them (in particular, those that are
+compatible with Perl, but some others as well) can also be set and unset from
+within the pattern (see the detailed description in the
+<a href="pcrepattern.html"><b>pcrepattern</b></a>
+documentation). For those options that can be different in different parts of
+the pattern, the contents of the <i>options</i> argument specifies their
+settings at the start of compilation and execution. The PCRE_ANCHORED,
+PCRE_BSR_<i>xxx</i>, PCRE_NEWLINE_<i>xxx</i>, PCRE_NO_UTF8_CHECK, and
+PCRE_NO_START_OPTIMIZE options can be set at the time of matching as well as at
+compile time.
+</P>
+<P>
+If <i>errptr</i> is NULL, <b>pcre_compile()</b> returns NULL immediately.
+Otherwise, if compilation of a pattern fails, <b>pcre_compile()</b> returns
+NULL, and sets the variable pointed to by <i>errptr</i> to point to a textual
+error message. This is a static string that is part of the library. You must
+not try to free it. Normally, the offset from the start of the pattern to the
+data unit that was being processed when the error was discovered is placed in
+the variable pointed to by <i>erroffset</i>, which must not be NULL (if it is,
+an immediate error is given). However, for an invalid UTF-8 or UTF-16 string,
+the offset is that of the first data unit of the failing character.
+</P>
+<P>
+Some errors are not detected until the whole pattern has been scanned; in these
+cases, the offset passed back is the length of the pattern. Note that the
+offset is in data units, not characters, even in a UTF mode. It may sometimes
+point into the middle of a UTF-8 or UTF-16 character.
+</P>
+<P>
+If <b>pcre_compile2()</b> is used instead of <b>pcre_compile()</b>, and the
+<i>errorcodeptr</i> argument is not NULL, a non-zero error code number is
+returned via this argument in the event of an error. This is in addition to the
+textual error message. Error codes and messages are listed below.
+</P>
+<P>
+If the final argument, <i>tableptr</i>, is NULL, PCRE uses a default set of
+character tables that are built when PCRE is compiled, using the default C
+locale. Otherwise, <i>tableptr</i> must be an address that is the result of a
+call to <b>pcre_maketables()</b>. This value is stored with the compiled
+pattern, and used again by <b>pcre_exec()</b> and <b>pcre_dfa_exec()</b> when the
+pattern is matched. For more discussion, see the section on locale support
+below.
+</P>
+<P>
+This code fragment shows a typical straightforward call to <b>pcre_compile()</b>:
+<pre>
+  pcre *re;
+  const char *error;
+  int erroffset;
+  re = pcre_compile(
+    "^A.*Z",          /* the pattern */
+    0,                /* default options */
+    &error,           /* for error message */
+    &erroffset,       /* for error offset */
+    NULL);            /* use default character tables */
+</pre>
+The following names for option bits are defined in the <b>pcre.h</b> header
+file:
+<pre>
+  PCRE_ANCHORED
+</pre>
+If this bit is set, the pattern is forced to be "anchored", that is, it is
+constrained to match only at the first matching point in the string that is
+being searched (the "subject string"). This effect can also be achieved by
+appropriate constructs in the pattern itself, which is the only way to do it in
+Perl.
+<pre>
+  PCRE_AUTO_CALLOUT
+</pre>
+If this bit is set, <b>pcre_compile()</b> automatically inserts callout items,
+all with number 255, before each pattern item. For discussion of the callout
+facility, see the
+<a href="pcrecallout.html"><b>pcrecallout</b></a>
+documentation.
+<pre>
+  PCRE_BSR_ANYCRLF
+  PCRE_BSR_UNICODE
+</pre>
+These options (which are mutually exclusive) control what the \R escape
+sequence matches. The choice is either to match only CR, LF, or CRLF, or to
+match any Unicode newline sequence. The default is specified when PCRE is
+built. It can be overridden from within the pattern, or by setting an option
+when a compiled pattern is matched.
+<pre>
+  PCRE_CASELESS
+</pre>
+If this bit is set, letters in the pattern match both upper and lower case
+letters. It is equivalent to Perl's /i option, and it can be changed within a
+pattern by a (?i) option setting. In UTF-8 mode, PCRE always understands the
+concept of case for characters whose values are less than 128, so caseless
+matching is always possible. For characters with higher values, the concept of
+case is supported if PCRE is compiled with Unicode property support, but not
+otherwise. If you want to use caseless matching for characters 128 and above,
+you must ensure that PCRE is compiled with Unicode property support as well as
+with UTF-8 support.
+<pre>
+  PCRE_DOLLAR_ENDONLY
+</pre>
+If this bit is set, a dollar metacharacter in the pattern matches only at the
+end of the subject string. Without this option, a dollar also matches
+immediately before a newline at the end of the string (but not before any other
+newlines). The PCRE_DOLLAR_ENDONLY option is ignored if PCRE_MULTILINE is set.
+There is no equivalent to this option in Perl, and no way to set it within a
+pattern.
+<pre>
+  PCRE_DOTALL
+</pre>
+If this bit is set, a dot metacharacter in the pattern matches a character of
+any value, including one that indicates a newline. However, it only ever
+matches one character, even if newlines are coded as CRLF. Without this option,
+a dot does not match when the current position is at a newline. This option is
+equivalent to Perl's /s option, and it can be changed within a pattern by a
+(?s) option setting. A negative class such as [^a] always matches newline
+characters, independent of the setting of this option.
+<pre>
+  PCRE_DUPNAMES
+</pre>
+If this bit is set, names used to identify capturing subpatterns need not be
+unique. This can be helpful for certain types of pattern when it is known that
+only one instance of the named subpattern can ever be matched. There are more
+details of named subpatterns below; see also the
+<a href="pcrepattern.html"><b>pcrepattern</b></a>
+documentation.
+<pre>
+  PCRE_EXTENDED
+</pre>
+If this bit is set, most white space characters in the pattern are totally
+ignored except when escaped or inside a character class. However, white space
+is not allowed within sequences such as (?&#62; that introduce various
+parenthesized subpatterns, nor within a numerical quantifier such as {1,3}.
+However, ignorable white space is permitted between an item and a following
+quantifier and between a quantifier and a following + that indicates
+possessiveness.
+</P>
+<P>
+White space did not used to include the VT character (code 11), because Perl
+did not treat this character as white space. However, Perl changed at release
+5.18, so PCRE followed at release 8.34, and VT is now treated as white space.
+</P>
+<P>
+PCRE_EXTENDED also causes characters between an unescaped # outside a character
+class and the next newline, inclusive, to be ignored. PCRE_EXTENDED is
+equivalent to Perl's /x option, and it can be changed within a pattern by a
+(?x) option setting.
+</P>
+<P>
+Which characters are interpreted as newlines is controlled by the options
+passed to <b>pcre_compile()</b> or by a special sequence at the start of the
+pattern, as described in the section entitled
+<a href="pcrepattern.html#newlines">"Newline conventions"</a>
+in the <b>pcrepattern</b> documentation. Note that the end of this type of
+comment is a literal newline sequence in the pattern; escape sequences that
+happen to represent a newline do not count.
+</P>
+<P>
+This option makes it possible to include comments inside complicated patterns.
+Note, however, that this applies only to data characters. White space characters
+may never appear within special character sequences in a pattern, for example
+within the sequence (?( that introduces a conditional subpattern.
+<pre>
+  PCRE_EXTRA
+</pre>
+This option was invented in order to turn on additional functionality of PCRE
+that is incompatible with Perl, but it is currently of very little use. When
+set, any backslash in a pattern that is followed by a letter that has no
+special meaning causes an error, thus reserving these combinations for future
+expansion. By default, as in Perl, a backslash followed by a letter with no
+special meaning is treated as a literal. (Perl can, however, be persuaded to
+give an error for this, by running it with the -w option.) There are at present
+no other features controlled by this option. It can also be set by a (?X)
+option setting within a pattern.
+<pre>
+  PCRE_FIRSTLINE
+</pre>
+If this option is set, an unanchored pattern is required to match before or at
+the first newline in the subject string, though the matched text may continue
+over the newline.
+<pre>
+  PCRE_JAVASCRIPT_COMPAT
+</pre>
+If this option is set, PCRE's behaviour is changed in some ways so that it is
+compatible with JavaScript rather than Perl. The changes are as follows:
+</P>
+<P>
+(1) A lone closing square bracket in a pattern causes a compile-time error,
+because this is illegal in JavaScript (by default it is treated as a data
+character). Thus, the pattern AB]CD becomes illegal when this option is set.
+</P>
+<P>
+(2) At run time, a back reference to an unset subpattern group matches an empty
+string (by default this causes the current matching alternative to fail). A
+pattern such as (\1)(a) succeeds when this option is set (assuming it can find
+an "a" in the subject), whereas it fails by default, for Perl compatibility.
+</P>
+<P>
+(3) \U matches an upper case "U" character; by default \U causes a compile
+time error (Perl uses \U to upper case subsequent characters).
+</P>
+<P>
+(4) \u matches a lower case "u" character unless it is followed by four
+hexadecimal digits, in which case the hexadecimal number defines the code point
+to match. By default, \u causes a compile time error (Perl uses it to upper
+case the following character).
+</P>
+<P>
+(5) \x matches a lower case "x" character unless it is followed by two
+hexadecimal digits, in which case the hexadecimal number defines the code point
+to match. By default, as in Perl, a hexadecimal number is always expected after
+\x, but it may have zero, one, or two digits (so, for example, \xz matches a
+binary zero character followed by z).
+<pre>
+  PCRE_MULTILINE
+</pre>
+By default, for the purposes of matching "start of line" and "end of line",
+PCRE treats the subject string as consisting of a single line of characters,
+even if it actually contains newlines. The "start of line" metacharacter (^)
+matches only at the start of the string, and the "end of line" metacharacter
+($) matches only at the end of the string, or before a terminating newline
+(except when PCRE_DOLLAR_ENDONLY is set). Note, however, that unless
+PCRE_DOTALL is set, the "any character" metacharacter (.) does not match at a
+newline. This behaviour (for ^, $, and dot) is the same as Perl.
+</P>
+<P>
+When PCRE_MULTILINE it is set, the "start of line" and "end of line" constructs
+match immediately following or immediately before internal newlines in the
+subject string, respectively, as well as at the very start and end. This is
+equivalent to Perl's /m option, and it can be changed within a pattern by a
+(?m) option setting. If there are no newlines in a subject string, or no
+occurrences of ^ or $ in a pattern, setting PCRE_MULTILINE has no effect.
+<pre>
+  PCRE_NEVER_UTF
+</pre>
+This option locks out interpretation of the pattern as UTF-8 (or UTF-16 or
+UTF-32 in the 16-bit and 32-bit libraries). In particular, it prevents the
+creator of the pattern from switching to UTF interpretation by starting the
+pattern with (*UTF). This may be useful in applications that process patterns
+from external sources. The combination of PCRE_UTF8 and PCRE_NEVER_UTF also
+causes an error.
+<pre>
+  PCRE_NEWLINE_CR
+  PCRE_NEWLINE_LF
+  PCRE_NEWLINE_CRLF
+  PCRE_NEWLINE_ANYCRLF
+  PCRE_NEWLINE_ANY
+</pre>
+These options override the default newline definition that was chosen when PCRE
+was built. Setting the first or the second specifies that a newline is
+indicated by a single character (CR or LF, respectively). Setting
+PCRE_NEWLINE_CRLF specifies that a newline is indicated by the two-character
+CRLF sequence. Setting PCRE_NEWLINE_ANYCRLF specifies that any of the three
+preceding sequences should be recognized. Setting PCRE_NEWLINE_ANY specifies
+that any Unicode newline sequence should be recognized.
+</P>
+<P>
+In an ASCII/Unicode environment, the Unicode newline sequences are the three
+just mentioned, plus the single characters VT (vertical tab, U+000B), FF (form
+feed, U+000C), NEL (next line, U+0085), LS (line separator, U+2028), and PS
+(paragraph separator, U+2029). For the 8-bit library, the last two are
+recognized only in UTF-8 mode.
+</P>
+<P>
+When PCRE is compiled to run in an EBCDIC (mainframe) environment, the code for
+CR is 0x0d, the same as ASCII. However, the character code for LF is normally
+0x15, though in some EBCDIC environments 0x25 is used. Whichever of these is
+not LF is made to correspond to Unicode's NEL character. EBCDIC codes are all
+less than 256. For more details, see the
+<a href="pcrebuild.html"><b>pcrebuild</b></a>
+documentation.
+</P>
+<P>
+The newline setting in the options word uses three bits that are treated
+as a number, giving eight possibilities. Currently only six are used (default
+plus the five values above). This means that if you set more than one newline
+option, the combination may or may not be sensible. For example,
+PCRE_NEWLINE_CR with PCRE_NEWLINE_LF is equivalent to PCRE_NEWLINE_CRLF, but
+other combinations may yield unused numbers and cause an error.
+</P>
+<P>
+The only time that a line break in a pattern is specially recognized when
+compiling is when PCRE_EXTENDED is set. CR and LF are white space characters,
+and so are ignored in this mode. Also, an unescaped # outside a character class
+indicates a comment that lasts until after the next line break sequence. In
+other circumstances, line break sequences in patterns are treated as literal
+data.
+</P>
+<P>
+The newline option that is set at compile time becomes the default that is used
+for <b>pcre_exec()</b> and <b>pcre_dfa_exec()</b>, but it can be overridden.
+<pre>
+  PCRE_NO_AUTO_CAPTURE
+</pre>
+If this option is set, it disables the use of numbered capturing parentheses in
+the pattern. Any opening parenthesis that is not followed by ? behaves as if it
+were followed by ?: but named parentheses can still be used for capturing (and
+they acquire numbers in the usual way). There is no equivalent of this option
+in Perl.
+<pre>
+  PCRE_NO_AUTO_POSSESS
+</pre>
+If this option is set, it disables "auto-possessification". This is an
+optimization that, for example, turns a+b into a++b in order to avoid
+backtracks into a+ that can never be successful. However, if callouts are in
+use, auto-possessification means that some of them are never taken. You can set
+this option if you want the matching functions to do a full unoptimized search
+and run all the callouts, but it is mainly provided for testing purposes.
+<pre>
+  PCRE_NO_START_OPTIMIZE
+</pre>
+This is an option that acts at matching time; that is, it is really an option
+for <b>pcre_exec()</b> or <b>pcre_dfa_exec()</b>. If it is set at compile time,
+it is remembered with the compiled pattern and assumed at matching time. This
+is necessary if you want to use JIT execution, because the JIT compiler needs
+to know whether or not this option is set. For details see the discussion of
+PCRE_NO_START_OPTIMIZE
+<a href="#execoptions">below.</a>
+<pre>
+  PCRE_UCP
+</pre>
+This option changes the way PCRE processes \B, \b, \D, \d, \S, \s, \W,
+\w, and some of the POSIX character classes. By default, only ASCII characters
+are recognized, but if PCRE_UCP is set, Unicode properties are used instead to
+classify characters. More details are given in the section on
+<a href="pcre.html#genericchartypes">generic character types</a>
+in the
+<a href="pcrepattern.html"><b>pcrepattern</b></a>
+page. If you set PCRE_UCP, matching one of the items it affects takes much
+longer. The option is available only if PCRE has been compiled with Unicode
+property support.
+<pre>
+  PCRE_UNGREEDY
+</pre>
+This option inverts the "greediness" of the quantifiers so that they are not
+greedy by default, but become greedy if followed by "?". It is not compatible
+with Perl. It can also be set by a (?U) option setting within the pattern.
+<pre>
+  PCRE_UTF8
+</pre>
+This option causes PCRE to regard both the pattern and the subject as strings
+of UTF-8 characters instead of single-byte strings. However, it is available
+only when PCRE is built to include UTF support. If not, the use of this option
+provokes an error. Details of how this option changes the behaviour of PCRE are
+given in the
+<a href="pcreunicode.html"><b>pcreunicode</b></a>
+page.
+<pre>
+  PCRE_NO_UTF8_CHECK
+</pre>
+When PCRE_UTF8 is set, the validity of the pattern as a UTF-8 string is
+automatically checked. There is a discussion about the
+<a href="pcreunicode.html#utf8strings">validity of UTF-8 strings</a>
+in the
+<a href="pcreunicode.html"><b>pcreunicode</b></a>
+page. If an invalid UTF-8 sequence is found, <b>pcre_compile()</b> returns an
+error. If you already know that your pattern is valid, and you want to skip
+this check for performance reasons, you can set the PCRE_NO_UTF8_CHECK option.
+When it is set, the effect of passing an invalid UTF-8 string as a pattern is
+undefined. It may cause your program to crash or loop. Note that this option
+can also be passed to <b>pcre_exec()</b> and <b>pcre_dfa_exec()</b>, to suppress
+the validity checking of subject strings only. If the same string is being
+matched many times, the option can be safely set for the second and subsequent
+matchings to improve performance.
+</P>
+<br><a name="SEC12" href="#TOC1">COMPILATION ERROR CODES</a><br>
+<P>
+The following table lists the error codes than may be returned by
+<b>pcre_compile2()</b>, along with the error messages that may be returned by
+both compiling functions. Note that error messages are always 8-bit ASCII
+strings, even in 16-bit or 32-bit mode. As PCRE has developed, some error codes
+have fallen out of use. To avoid confusion, they have not been re-used.
+<pre>
+   0  no error
+   1  \ at end of pattern
+   2  \c at end of pattern
+   3  unrecognized character follows \
+   4  numbers out of order in {} quantifier
+   5  number too big in {} quantifier
+   6  missing terminating ] for character class
+   7  invalid escape sequence in character class
+   8  range out of order in character class
+   9  nothing to repeat
+  10  [this code is not in use]
+  11  internal error: unexpected repeat
+  12  unrecognized character after (? or (?-
+  13  POSIX named classes are supported only within a class
+  14  missing )
+  15  reference to non-existent subpattern
+  16  erroffset passed as NULL
+  17  unknown option bit(s) set
+  18  missing ) after comment
+  19  [this code is not in use]
+  20  regular expression is too large
+  21  failed to get memory
+  22  unmatched parentheses
+  23  internal error: code overflow
+  24  unrecognized character after (?&#60;
+  25  lookbehind assertion is not fixed length
+  26  malformed number or name after (?(
+  27  conditional group contains more than two branches
+  28  assertion expected after (?(
+  29  (?R or (?[+-]digits must be followed by )
+  30  unknown POSIX class name
+  31  POSIX collating elements are not supported
+  32  this version of PCRE is compiled without UTF support
+  33  [this code is not in use]
+  34  character value in \x{} or \o{} is too large
+  35  invalid condition (?(0)
+  36  \C not allowed in lookbehind assertion
+  37  PCRE does not support \L, \l, \N{name}, \U, or \u
+  38  number after (?C is &#62; 255
+  39  closing ) for (?C expected
+  40  recursive call could loop indefinitely
+  41  unrecognized character after (?P
+  42  syntax error in subpattern name (missing terminator)
+  43  two named subpatterns have the same name
+  44  invalid UTF-8 string (specifically UTF-8)
+  45  support for \P, \p, and \X has not been compiled
+  46  malformed \P or \p sequence
+  47  unknown property name after \P or \p
+  48  subpattern name is too long (maximum 32 characters)
+  49  too many named subpatterns (maximum 10000)
+  50  [this code is not in use]
+  51  octal value is greater than \377 in 8-bit non-UTF-8 mode
+  52  internal error: overran compiling workspace
+  53  internal error: previously-checked referenced subpattern
+        not found
+  54  DEFINE group contains more than one branch
+  55  repeating a DEFINE group is not allowed
+  56  inconsistent NEWLINE options
+  57  \g is not followed by a braced, angle-bracketed, or quoted
+        name/number or by a plain number
+  58  a numbered reference must not be zero
+  59  an argument is not allowed for (*ACCEPT), (*FAIL), or (*COMMIT)
+  60  (*VERB) not recognized or malformed
+  61  number is too big
+  62  subpattern name expected
+  63  digit expected after (?+
+  64  ] is an invalid data character in JavaScript compatibility mode
+  65  different names for subpatterns of the same number are
+        not allowed
+  66  (*MARK) must have an argument
+  67  this version of PCRE is not compiled with Unicode property
+        support
+  68  \c must be followed by an ASCII character
+  69  \k is not followed by a braced, angle-bracketed, or quoted name
+  70  internal error: unknown opcode in find_fixedlength()
+  71  \N is not supported in a class
+  72  too many forward references
+  73  disallowed Unicode code point (&#62;= 0xd800 && &#60;= 0xdfff)
+  74  invalid UTF-16 string (specifically UTF-16)
+  75  name is too long in (*MARK), (*PRUNE), (*SKIP), or (*THEN)
+  76  character value in \u.... sequence is too large
+  77  invalid UTF-32 string (specifically UTF-32)
+  78  setting UTF is disabled by the application
+  79  non-hex character in \x{} (closing brace missing?)
+  80  non-octal character in \o{} (closing brace missing?)
+  81  missing opening brace after \o
+  82  parentheses are too deeply nested
+  83  invalid range in character class
+  84  group name must start with a non-digit
+  85  parentheses are too deeply nested (stack check)
+</pre>
+The numbers 32 and 10000 in errors 48 and 49 are defaults; different values may
+be used if the limits were changed when PCRE was built.
+<a name="studyingapattern"></a></P>
+<br><a name="SEC13" href="#TOC1">STUDYING A PATTERN</a><br>
+<P>
+<b>pcre_extra *pcre_study(const pcre *<i>code</i>, int <i>options</i>,</b>
+<b>     const char **<i>errptr</i>);</b>
+</P>
+<P>
+If a compiled pattern is going to be used several times, it is worth spending
+more time analyzing it in order to speed up the time taken for matching. The
+function <b>pcre_study()</b> takes a pointer to a compiled pattern as its first
+argument. If studying the pattern produces additional information that will
+help speed up matching, <b>pcre_study()</b> returns a pointer to a
+<b>pcre_extra</b> block, in which the <i>study_data</i> field points to the
+results of the study.
+</P>
+<P>
+The returned value from <b>pcre_study()</b> can be passed directly to
+<b>pcre_exec()</b> or <b>pcre_dfa_exec()</b>. However, a <b>pcre_extra</b> block
+also contains other fields that can be set by the caller before the block is
+passed; these are described
+<a href="#extradata">below</a>
+in the section on matching a pattern.
+</P>
+<P>
+If studying the pattern does not produce any useful information,
+<b>pcre_study()</b> returns NULL by default. In that circumstance, if the
+calling program wants to pass any of the other fields to <b>pcre_exec()</b> or
+<b>pcre_dfa_exec()</b>, it must set up its own <b>pcre_extra</b> block. However,
+if <b>pcre_study()</b> is called with the PCRE_STUDY_EXTRA_NEEDED option, it
+returns a <b>pcre_extra</b> block even if studying did not find any additional
+information. It may still return NULL, however, if an error occurs in
+<b>pcre_study()</b>.
+</P>
+<P>
+The second argument of <b>pcre_study()</b> contains option bits. There are three
+further options in addition to PCRE_STUDY_EXTRA_NEEDED:
+<pre>
+  PCRE_STUDY_JIT_COMPILE
+  PCRE_STUDY_JIT_PARTIAL_HARD_COMPILE
+  PCRE_STUDY_JIT_PARTIAL_SOFT_COMPILE
+</pre>
+If any of these are set, and the just-in-time compiler is available, the
+pattern is further compiled into machine code that executes much faster than
+the <b>pcre_exec()</b> interpretive matching function. If the just-in-time
+compiler is not available, these options are ignored. All undefined bits in the
+<i>options</i> argument must be zero.
+</P>
+<P>
+JIT compilation is a heavyweight optimization. It can take some time for
+patterns to be analyzed, and for one-off matches and simple patterns the
+benefit of faster execution might be offset by a much slower study time.
+Not all patterns can be optimized by the JIT compiler. For those that cannot be
+handled, matching automatically falls back to the <b>pcre_exec()</b>
+interpreter. For more details, see the
+<a href="pcrejit.html"><b>pcrejit</b></a>
+documentation.
+</P>
+<P>
+The third argument for <b>pcre_study()</b> is a pointer for an error message. If
+studying succeeds (even if no data is returned), the variable it points to is
+set to NULL. Otherwise it is set to point to a textual error message. This is a
+static string that is part of the library. You must not try to free it. You
+should test the error pointer for NULL after calling <b>pcre_study()</b>, to be
+sure that it has run successfully.
+</P>
+<P>
+When you are finished with a pattern, you can free the memory used for the
+study data by calling <b>pcre_free_study()</b>. This function was added to the
+API for release 8.20. For earlier versions, the memory could be freed with
+<b>pcre_free()</b>, just like the pattern itself. This will still work in cases
+where JIT optimization is not used, but it is advisable to change to the new
+function when convenient.
+</P>
+<P>
+This is a typical way in which <b>pcre_study</b>() is used (except that in a
+real application there should be tests for errors):
+<pre>
+  int rc;
+  pcre *re;
+  pcre_extra *sd;
+  re = pcre_compile("pattern", 0, &error, &erroroffset, NULL);
+  sd = pcre_study(
+    re,             /* result of pcre_compile() */
+    0,              /* no options */
+    &error);        /* set to NULL or points to a message */
+  rc = pcre_exec(   /* see below for details of pcre_exec() options */
+    re, sd, "subject", 7, 0, 0, ovector, 30);
+  ...
+  pcre_free_study(sd);
+  pcre_free(re);
+</pre>
+Studying a pattern does two things: first, a lower bound for the length of
+subject string that is needed to match the pattern is computed. This does not
+mean that there are any strings of that length that match, but it does
+guarantee that no shorter strings match. The value is used to avoid wasting
+time by trying to match strings that are shorter than the lower bound. You can
+find out the value in a calling program via the <b>pcre_fullinfo()</b> function.
+</P>
+<P>
+Studying a pattern is also useful for non-anchored patterns that do not have a
+single fixed starting character. A bitmap of possible starting bytes is
+created. This speeds up finding a position in the subject at which to start
+matching. (In 16-bit mode, the bitmap is used for 16-bit values less than 256.
+In 32-bit mode, the bitmap is used for 32-bit values less than 256.)
+</P>
+<P>
+These two optimizations apply to both <b>pcre_exec()</b> and
+<b>pcre_dfa_exec()</b>, and the information is also used by the JIT compiler.
+The optimizations can be disabled by setting the PCRE_NO_START_OPTIMIZE option.
+You might want to do this if your pattern contains callouts or (*MARK) and you
+want to make use of these facilities in cases where matching fails.
+</P>
+<P>
+PCRE_NO_START_OPTIMIZE can be specified at either compile time or execution
+time. However, if PCRE_NO_START_OPTIMIZE is passed to <b>pcre_exec()</b>, (that
+is, after any JIT compilation has happened) JIT execution is disabled. For JIT
+execution to work with PCRE_NO_START_OPTIMIZE, the option must be set at
+compile time.
+</P>
+<P>
+There is a longer discussion of PCRE_NO_START_OPTIMIZE
+<a href="#execoptions">below.</a>
+<a name="localesupport"></a></P>
+<br><a name="SEC14" href="#TOC1">LOCALE SUPPORT</a><br>
+<P>
+PCRE handles caseless matching, and determines whether characters are letters,
+digits, or whatever, by reference to a set of tables, indexed by character
+code point. When running in UTF-8 mode, or in the 16- or 32-bit libraries, this
+applies only to characters with code points less than 256. By default,
+higher-valued code points never match escapes such as \w or \d. However, if
+PCRE is built with Unicode property support, all characters can be tested with
+\p and \P, or, alternatively, the PCRE_UCP option can be set when a pattern
+is compiled; this causes \w and friends to use Unicode property support
+instead of the built-in tables.
+</P>
+<P>
+The use of locales with Unicode is discouraged. If you are handling characters
+with code points greater than 128, you should either use Unicode support, or
+use locales, but not try to mix the two.
+</P>
+<P>
+PCRE contains an internal set of tables that are used when the final argument
+of <b>pcre_compile()</b> is NULL. These are sufficient for many applications.
+Normally, the internal tables recognize only ASCII characters. However, when
+PCRE is built, it is possible to cause the internal tables to be rebuilt in the
+default "C" locale of the local system, which may cause them to be different.
+</P>
+<P>
+The internal tables can always be overridden by tables supplied by the
+application that calls PCRE. These may be created in a different locale from
+the default. As more and more applications change to using Unicode, the need
+for this locale support is expected to die away.
+</P>
+<P>
+External tables are built by calling the <b>pcre_maketables()</b> function,
+which has no arguments, in the relevant locale. The result can then be passed
+to <b>pcre_compile()</b> as often as necessary. For example, to build and use
+tables that are appropriate for the French locale (where accented characters
+with values greater than 128 are treated as letters), the following code could
+be used:
+<pre>
+  setlocale(LC_CTYPE, "fr_FR");
+  tables = pcre_maketables();
+  re = pcre_compile(..., tables);
+</pre>
+The locale name "fr_FR" is used on Linux and other Unix-like systems; if you
+are using Windows, the name for the French locale is "french".
+</P>
+<P>
+When <b>pcre_maketables()</b> runs, the tables are built in memory that is
+obtained via <b>pcre_malloc</b>. It is the caller's responsibility to ensure
+that the memory containing the tables remains available for as long as it is
+needed.
+</P>
+<P>
+The pointer that is passed to <b>pcre_compile()</b> is saved with the compiled
+pattern, and the same tables are used via this pointer by <b>pcre_study()</b>
+and also by <b>pcre_exec()</b> and <b>pcre_dfa_exec()</b>. Thus, for any single
+pattern, compilation, studying and matching all happen in the same locale, but
+different patterns can be processed in different locales.
+</P>
+<P>
+It is possible to pass a table pointer or NULL (indicating the use of the
+internal tables) to <b>pcre_exec()</b> or <b>pcre_dfa_exec()</b> (see the
+discussion below in the section on matching a pattern). This facility is
+provided for use with pre-compiled patterns that have been saved and reloaded.
+Character tables are not saved with patterns, so if a non-standard table was
+used at compile time, it must be provided again when the reloaded pattern is
+matched. Attempting to use this facility to match a pattern in a different
+locale from the one in which it was compiled is likely to lead to anomalous
+(usually incorrect) results.
+<a name="infoaboutpattern"></a></P>
+<br><a name="SEC15" href="#TOC1">INFORMATION ABOUT A PATTERN</a><br>
+<P>
+<b>int pcre_fullinfo(const pcre *<i>code</i>, const pcre_extra *<i>extra</i>,</b>
+<b>     int <i>what</i>, void *<i>where</i>);</b>
+</P>
+<P>
+The <b>pcre_fullinfo()</b> function returns information about a compiled
+pattern. It replaces the <b>pcre_info()</b> function, which was removed from the
+library at version 8.30, after more than 10 years of obsolescence.
+</P>
+<P>
+The first argument for <b>pcre_fullinfo()</b> is a pointer to the compiled
+pattern. The second argument is the result of <b>pcre_study()</b>, or NULL if
+the pattern was not studied. The third argument specifies which piece of
+information is required, and the fourth argument is a pointer to a variable
+to receive the data. The yield of the function is zero for success, or one of
+the following negative numbers:
+<pre>
+  PCRE_ERROR_NULL           the argument <i>code</i> was NULL
+                            the argument <i>where</i> was NULL
+  PCRE_ERROR_BADMAGIC       the "magic number" was not found
+  PCRE_ERROR_BADENDIANNESS  the pattern was compiled with different
+                            endianness
+  PCRE_ERROR_BADOPTION      the value of <i>what</i> was invalid
+  PCRE_ERROR_UNSET          the requested field is not set
+</pre>
+The "magic number" is placed at the start of each compiled pattern as an simple
+check against passing an arbitrary memory pointer. The endianness error can
+occur if a compiled pattern is saved and reloaded on a different host. Here is
+a typical call of <b>pcre_fullinfo()</b>, to obtain the length of the compiled
+pattern:
+<pre>
+  int rc;
+  size_t length;
+  rc = pcre_fullinfo(
+    re,               /* result of pcre_compile() */
+    sd,               /* result of pcre_study(), or NULL */
+    PCRE_INFO_SIZE,   /* what is required */
+    &length);         /* where to put the data */
+</pre>
+The possible values for the third argument are defined in <b>pcre.h</b>, and are
+as follows:
+<pre>
+  PCRE_INFO_BACKREFMAX
+</pre>
+Return the number of the highest back reference in the pattern. The fourth
+argument should point to an <b>int</b> variable. Zero is returned if there are
+no back references.
+<pre>
+  PCRE_INFO_CAPTURECOUNT
+</pre>
+Return the number of capturing subpatterns in the pattern. The fourth argument
+should point to an <b>int</b> variable.
+<pre>
+  PCRE_INFO_DEFAULT_TABLES
+</pre>
+Return a pointer to the internal default character tables within PCRE. The
+fourth argument should point to an <b>unsigned char *</b> variable. This
+information call is provided for internal use by the <b>pcre_study()</b>
+function. External callers can cause PCRE to use its internal tables by passing
+a NULL table pointer.
+<pre>
+  PCRE_INFO_FIRSTBYTE (deprecated)
+</pre>
+Return information about the first data unit of any matched string, for a
+non-anchored pattern. The name of this option refers to the 8-bit library,
+where data units are bytes. The fourth argument should point to an <b>int</b>
+variable. Negative values are used for special cases. However, this means that
+when the 32-bit library is in non-UTF-32 mode, the full 32-bit range of
+characters cannot be returned. For this reason, this value is deprecated; use
+PCRE_INFO_FIRSTCHARACTERFLAGS and PCRE_INFO_FIRSTCHARACTER instead.
+</P>
+<P>
+If there is a fixed first value, for example, the letter "c" from a pattern
+such as (cat|cow|coyote), its value is returned. In the 8-bit library, the
+value is always less than 256. In the 16-bit library the value can be up to
+0xffff. In the 32-bit library the value can be up to 0x10ffff.
+</P>
+<P>
+If there is no fixed first value, and if either
+<br>
+<br>
+(a) the pattern was compiled with the PCRE_MULTILINE option, and every branch
+starts with "^", or
+<br>
+<br>
+(b) every branch of the pattern starts with ".*" and PCRE_DOTALL is not set
+(if it were set, the pattern would be anchored),
+<br>
+<br>
+-1 is returned, indicating that the pattern matches only at the start of a
+subject string or after any newline within the string. Otherwise -2 is
+returned. For anchored patterns, -2 is returned.
+<pre>
+  PCRE_INFO_FIRSTCHARACTER
+</pre>
+Return the value of the first data unit (non-UTF character) of any matched
+string in the situation where PCRE_INFO_FIRSTCHARACTERFLAGS returns 1;
+otherwise return 0. The fourth argument should point to an <b>uint_t</b>
+variable.
+</P>
+<P>
+In the 8-bit library, the value is always less than 256. In the 16-bit library
+the value can be up to 0xffff. In the 32-bit library in UTF-32 mode the value
+can be up to 0x10ffff, and up to 0xffffffff when not using UTF-32 mode.
+<pre>
+  PCRE_INFO_FIRSTCHARACTERFLAGS
+</pre>
+Return information about the first data unit of any matched string, for a
+non-anchored pattern. The fourth argument should point to an <b>int</b>
+variable.
+</P>
+<P>
+If there is a fixed first value, for example, the letter "c" from a pattern
+such as (cat|cow|coyote), 1 is returned, and the character value can be
+retrieved using PCRE_INFO_FIRSTCHARACTER. If there is no fixed first value, and
+if either
+<br>
+<br>
+(a) the pattern was compiled with the PCRE_MULTILINE option, and every branch
+starts with "^", or
+<br>
+<br>
+(b) every branch of the pattern starts with ".*" and PCRE_DOTALL is not set
+(if it were set, the pattern would be anchored),
+<br>
+<br>
+2 is returned, indicating that the pattern matches only at the start of a
+subject string or after any newline within the string. Otherwise 0 is
+returned. For anchored patterns, 0 is returned.
+<pre>
+  PCRE_INFO_FIRSTTABLE
+</pre>
+If the pattern was studied, and this resulted in the construction of a 256-bit
+table indicating a fixed set of values for the first data unit in any matching
+string, a pointer to the table is returned. Otherwise NULL is returned. The
+fourth argument should point to an <b>unsigned char *</b> variable.
+<pre>
+  PCRE_INFO_HASCRORLF
+</pre>
+Return 1 if the pattern contains any explicit matches for CR or LF characters,
+otherwise 0. The fourth argument should point to an <b>int</b> variable. An
+explicit match is either a literal CR or LF character, or \r or \n.
+<pre>
+  PCRE_INFO_JCHANGED
+</pre>
+Return 1 if the (?J) or (?-J) option setting is used in the pattern, otherwise
+0. The fourth argument should point to an <b>int</b> variable. (?J) and
+(?-J) set and unset the local PCRE_DUPNAMES option, respectively.
+<pre>
+  PCRE_INFO_JIT
+</pre>
+Return 1 if the pattern was studied with one of the JIT options, and
+just-in-time compiling was successful. The fourth argument should point to an
+<b>int</b> variable. A return value of 0 means that JIT support is not available
+in this version of PCRE, or that the pattern was not studied with a JIT option,
+or that the JIT compiler could not handle this particular pattern. See the
+<a href="pcrejit.html"><b>pcrejit</b></a>
+documentation for details of what can and cannot be handled.
+<pre>
+  PCRE_INFO_JITSIZE
+</pre>
+If the pattern was successfully studied with a JIT option, return the size of
+the JIT compiled code, otherwise return zero. The fourth argument should point
+to a <b>size_t</b> variable.
+<pre>
+  PCRE_INFO_LASTLITERAL
+</pre>
+Return the value of the rightmost literal data unit that must exist in any
+matched string, other than at its start, if such a value has been recorded. The
+fourth argument should point to an <b>int</b> variable. If there is no such
+value, -1 is returned. For anchored patterns, a last literal value is recorded
+only if it follows something of variable length. For example, for the pattern
+/^a\d+z\d+/ the returned value is "z", but for /^a\dz\d/ the returned value
+is -1.
+</P>
+<P>
+Since for the 32-bit library using the non-UTF-32 mode, this function is unable
+to return the full 32-bit range of characters, this value is deprecated;
+instead the PCRE_INFO_REQUIREDCHARFLAGS and PCRE_INFO_REQUIREDCHAR values should
+be used.
+<pre>
+  PCRE_INFO_MATCH_EMPTY
+</pre>
+Return 1 if the pattern can match an empty string, otherwise 0. The fourth
+argument should point to an <b>int</b> variable.
+<pre>
+  PCRE_INFO_MATCHLIMIT
+</pre>
+If the pattern set a match limit by including an item of the form
+(*LIMIT_MATCH=nnnn) at the start, the value is returned. The fourth argument
+should point to an unsigned 32-bit integer. If no such value has been set, the
+call to <b>pcre_fullinfo()</b> returns the error PCRE_ERROR_UNSET.
+<pre>
+  PCRE_INFO_MAXLOOKBEHIND
+</pre>
+Return the number of characters (NB not data units) in the longest lookbehind
+assertion in the pattern. This information is useful when doing multi-segment
+matching using the partial matching facilities. Note that the simple assertions
+\b and \B require a one-character lookbehind. \A also registers a
+one-character lookbehind, though it does not actually inspect the previous
+character. This is to ensure that at least one character from the old segment
+is retained when a new segment is processed. Otherwise, if there are no
+lookbehinds in the pattern, \A might match incorrectly at the start of a new
+segment.
+<pre>
+  PCRE_INFO_MINLENGTH
+</pre>
+If the pattern was studied and a minimum length for matching subject strings
+was computed, its value is returned. Otherwise the returned value is -1. The
+value is a number of characters, which in UTF mode may be different from the
+number of data units. The fourth argument should point to an <b>int</b>
+variable. A non-negative value is a lower bound to the length of any matching
+string. There may not be any strings of that length that do actually match, but
+every string that does match is at least that long.
+<pre>
+  PCRE_INFO_NAMECOUNT
+  PCRE_INFO_NAMEENTRYSIZE
+  PCRE_INFO_NAMETABLE
+</pre>
+PCRE supports the use of named as well as numbered capturing parentheses. The
+names are just an additional way of identifying the parentheses, which still
+acquire numbers. Several convenience functions such as
+<b>pcre_get_named_substring()</b> are provided for extracting captured
+substrings by name. It is also possible to extract the data directly, by first
+converting the name to a number in order to access the correct pointers in the
+output vector (described with <b>pcre_exec()</b> below). To do the conversion,
+you need to use the name-to-number map, which is described by these three
+values.
+</P>
+<P>
+The map consists of a number of fixed-size entries. PCRE_INFO_NAMECOUNT gives
+the number of entries, and PCRE_INFO_NAMEENTRYSIZE gives the size of each
+entry; both of these return an <b>int</b> value. The entry size depends on the
+length of the longest name. PCRE_INFO_NAMETABLE returns a pointer to the first
+entry of the table. This is a pointer to <b>char</b> in the 8-bit library, where
+the first two bytes of each entry are the number of the capturing parenthesis,
+most significant byte first. In the 16-bit library, the pointer points to
+16-bit data units, the first of which contains the parenthesis number. In the
+32-bit library, the pointer points to 32-bit data units, the first of which
+contains the parenthesis number. The rest of the entry is the corresponding
+name, zero terminated.
+</P>
+<P>
+The names are in alphabetical order. If (?| is used to create multiple groups
+with the same number, as described in the
+<a href="pcrepattern.html#dupsubpatternnumber">section on duplicate subpattern numbers</a>
+in the
+<a href="pcrepattern.html"><b>pcrepattern</b></a>
+page, the groups may be given the same name, but there is only one entry in the
+table. Different names for groups of the same number are not permitted.
+Duplicate names for subpatterns with different numbers are permitted,
+but only if PCRE_DUPNAMES is set. They appear in the table in the order in
+which they were found in the pattern. In the absence of (?| this is the order
+of increasing number; when (?| is used this is not necessarily the case because
+later subpatterns may have lower numbers.
+</P>
+<P>
+As a simple example of the name/number table, consider the following pattern
+after compilation by the 8-bit library (assume PCRE_EXTENDED is set, so white
+space - including newlines - is ignored):
+<pre>
+  (?&#60;date&#62; (?&#60;year&#62;(\d\d)?\d\d) - (?&#60;month&#62;\d\d) - (?&#60;day&#62;\d\d) )
+</pre>
+There are four named subpatterns, so the table has four entries, and each entry
+in the table is eight bytes long. The table is as follows, with non-printing
+bytes shows in hexadecimal, and undefined bytes shown as ??:
+<pre>
+  00 01 d  a  t  e  00 ??
+  00 05 d  a  y  00 ?? ??
+  00 04 m  o  n  t  h  00
+  00 02 y  e  a  r  00 ??
+</pre>
+When writing code to extract data from named subpatterns using the
+name-to-number map, remember that the length of the entries is likely to be
+different for each compiled pattern.
+<pre>
+  PCRE_INFO_OKPARTIAL
+</pre>
+Return 1 if the pattern can be used for partial matching with
+<b>pcre_exec()</b>, otherwise 0. The fourth argument should point to an
+<b>int</b> variable. From release 8.00, this always returns 1, because the
+restrictions that previously applied to partial matching have been lifted. The
+<a href="pcrepartial.html"><b>pcrepartial</b></a>
+documentation gives details of partial matching.
+<pre>
+  PCRE_INFO_OPTIONS
+</pre>
+Return a copy of the options with which the pattern was compiled. The fourth
+argument should point to an <b>unsigned long int</b> variable. These option bits
+are those specified in the call to <b>pcre_compile()</b>, modified by any
+top-level option settings at the start of the pattern itself. In other words,
+they are the options that will be in force when matching starts. For example,
+if the pattern /(?im)abc(?-i)d/ is compiled with the PCRE_EXTENDED option, the
+result is PCRE_CASELESS, PCRE_MULTILINE, and PCRE_EXTENDED.
+</P>
+<P>
+A pattern is automatically anchored by PCRE if all of its top-level
+alternatives begin with one of the following:
+<pre>
+  ^     unless PCRE_MULTILINE is set
+  \A    always
+  \G    always
+  .*    if PCRE_DOTALL is set and there are no back references to the subpattern in which .* appears
+</pre>
+For such patterns, the PCRE_ANCHORED bit is set in the options returned by
+<b>pcre_fullinfo()</b>.
+<pre>
+  PCRE_INFO_RECURSIONLIMIT
+</pre>
+If the pattern set a recursion limit by including an item of the form
+(*LIMIT_RECURSION=nnnn) at the start, the value is returned. The fourth
+argument should point to an unsigned 32-bit integer. If no such value has been
+set, the call to <b>pcre_fullinfo()</b> returns the error PCRE_ERROR_UNSET.
+<pre>
+  PCRE_INFO_SIZE
+</pre>
+Return the size of the compiled pattern in bytes (for all three libraries). The
+fourth argument should point to a <b>size_t</b> variable. This value does not
+include the size of the <b>pcre</b> structure that is returned by
+<b>pcre_compile()</b>. The value that is passed as the argument to
+<b>pcre_malloc()</b> when <b>pcre_compile()</b> is getting memory in which to
+place the compiled data is the value returned by this option plus the size of
+the <b>pcre</b> structure. Studying a compiled pattern, with or without JIT,
+does not alter the value returned by this option.
+<pre>
+  PCRE_INFO_STUDYSIZE
+</pre>
+Return the size in bytes (for all three libraries) of the data block pointed to
+by the <i>study_data</i> field in a <b>pcre_extra</b> block. If <b>pcre_extra</b>
+is NULL, or there is no study data, zero is returned. The fourth argument
+should point to a <b>size_t</b> variable. The <i>study_data</i> field is set by
+<b>pcre_study()</b> to record information that will speed up matching (see the
+section entitled
+<a href="#studyingapattern">"Studying a pattern"</a>
+above). The format of the <i>study_data</i> block is private, but its length
+is made available via this option so that it can be saved and restored (see the
+<a href="pcreprecompile.html"><b>pcreprecompile</b></a>
+documentation for details).
+<pre>
+  PCRE_INFO_REQUIREDCHARFLAGS
+</pre>
+Returns 1 if there is a rightmost literal data unit that must exist in any
+matched string, other than at its start. The fourth argument should  point to
+an <b>int</b> variable. If there is no such value, 0 is returned. If returning
+1, the character value itself can be retrieved using PCRE_INFO_REQUIREDCHAR.
+</P>
+<P>
+For anchored patterns, a last literal value is recorded only if it follows
+something of variable length. For example, for the pattern /^a\d+z\d+/ the
+returned value 1 (with "z" returned from PCRE_INFO_REQUIREDCHAR), but for
+/^a\dz\d/ the returned value is 0.
+<pre>
+  PCRE_INFO_REQUIREDCHAR
+</pre>
+Return the value of the rightmost literal data unit that must exist in any
+matched string, other than at its start, if such a value has been recorded. The
+fourth argument should point to an <b>uint32_t</b> variable. If there is no such
+value, 0 is returned.
+</P>
+<br><a name="SEC16" href="#TOC1">REFERENCE COUNTS</a><br>
+<P>
+<b>int pcre_refcount(pcre *<i>code</i>, int <i>adjust</i>);</b>
+</P>
+<P>
+The <b>pcre_refcount()</b> function is used to maintain a reference count in the
+data block that contains a compiled pattern. It is provided for the benefit of
+applications that operate in an object-oriented manner, where different parts
+of the application may be using the same compiled pattern, but you want to free
+the block when they are all done.
+</P>
+<P>
+When a pattern is compiled, the reference count field is initialized to zero.
+It is changed only by calling this function, whose action is to add the
+<i>adjust</i> value (which may be positive or negative) to it. The yield of the
+function is the new value. However, the value of the count is constrained to
+lie between 0 and 65535, inclusive. If the new value is outside these limits,
+it is forced to the appropriate limit value.
+</P>
+<P>
+Except when it is zero, the reference count is not correctly preserved if a
+pattern is compiled on one host and then transferred to a host whose byte-order
+is different. (This seems a highly unlikely scenario.)
+</P>
+<br><a name="SEC17" href="#TOC1">MATCHING A PATTERN: THE TRADITIONAL FUNCTION</a><br>
+<P>
+<b>int pcre_exec(const pcre *<i>code</i>, const pcre_extra *<i>extra</i>,</b>
+<b>     const char *<i>subject</i>, int <i>length</i>, int <i>startoffset</i>,</b>
+<b>     int <i>options</i>, int *<i>ovector</i>, int <i>ovecsize</i>);</b>
+</P>
+<P>
+The function <b>pcre_exec()</b> is called to match a subject string against a
+compiled pattern, which is passed in the <i>code</i> argument. If the
+pattern was studied, the result of the study should be passed in the
+<i>extra</i> argument. You can call <b>pcre_exec()</b> with the same <i>code</i>
+and <i>extra</i> arguments as many times as you like, in order to match
+different subject strings with the same pattern.
+</P>
+<P>
+This function is the main matching facility of the library, and it operates in
+a Perl-like manner. For specialist use there is also an alternative matching
+function, which is described
+<a href="#dfamatch">below</a>
+in the section about the <b>pcre_dfa_exec()</b> function.
+</P>
+<P>
+In most applications, the pattern will have been compiled (and optionally
+studied) in the same process that calls <b>pcre_exec()</b>. However, it is
+possible to save compiled patterns and study data, and then use them later
+in different processes, possibly even on different hosts. For a discussion
+about this, see the
+<a href="pcreprecompile.html"><b>pcreprecompile</b></a>
+documentation.
+</P>
+<P>
+Here is an example of a simple call to <b>pcre_exec()</b>:
+<pre>
+  int rc;
+  int ovector[30];
+  rc = pcre_exec(
+    re,             /* result of pcre_compile() */
+    NULL,           /* we didn't study the pattern */
+    "some string",  /* the subject string */
+    11,             /* the length of the subject string */
+    0,              /* start at offset 0 in the subject */
+    0,              /* default options */
+    ovector,        /* vector of integers for substring information */
+    30);            /* number of elements (NOT size in bytes) */
+<a name="extradata"></a></PRE>
+</P>
+<br><b>
+Extra data for <b>pcre_exec()</b>
+</b><br>
+<P>
+If the <i>extra</i> argument is not NULL, it must point to a <b>pcre_extra</b>
+data block. The <b>pcre_study()</b> function returns such a block (when it
+doesn't return NULL), but you can also create one for yourself, and pass
+additional information in it. The <b>pcre_extra</b> block contains the following
+fields (not necessarily in this order):
+<pre>
+  unsigned long int <i>flags</i>;
+  void *<i>study_data</i>;
+  void *<i>executable_jit</i>;
+  unsigned long int <i>match_limit</i>;
+  unsigned long int <i>match_limit_recursion</i>;
+  void *<i>callout_data</i>;
+  const unsigned char *<i>tables</i>;
+  unsigned char **<i>mark</i>;
+</pre>
+In the 16-bit version of this structure, the <i>mark</i> field has type
+"PCRE_UCHAR16 **".
+<br>
+<br>
+In the 32-bit version of this structure, the <i>mark</i> field has type
+"PCRE_UCHAR32 **".
+</P>
+<P>
+The <i>flags</i> field is used to specify which of the other fields are set. The
+flag bits are:
+<pre>
+  PCRE_EXTRA_CALLOUT_DATA
+  PCRE_EXTRA_EXECUTABLE_JIT
+  PCRE_EXTRA_MARK
+  PCRE_EXTRA_MATCH_LIMIT
+  PCRE_EXTRA_MATCH_LIMIT_RECURSION
+  PCRE_EXTRA_STUDY_DATA
+  PCRE_EXTRA_TABLES
+</pre>
+Other flag bits should be set to zero. The <i>study_data</i> field and sometimes
+the <i>executable_jit</i> field are set in the <b>pcre_extra</b> block that is
+returned by <b>pcre_study()</b>, together with the appropriate flag bits. You
+should not set these yourself, but you may add to the block by setting other
+fields and their corresponding flag bits.
+</P>
+<P>
+The <i>match_limit</i> field provides a means of preventing PCRE from using up a
+vast amount of resources when running patterns that are not going to match,
+but which have a very large number of possibilities in their search trees. The
+classic example is a pattern that uses nested unlimited repeats.
+</P>
+<P>
+Internally, <b>pcre_exec()</b> uses a function called <b>match()</b>, which it
+calls repeatedly (sometimes recursively). The limit set by <i>match_limit</i> is
+imposed on the number of times this function is called during a match, which
+has the effect of limiting the amount of backtracking that can take place. For
+patterns that are not anchored, the count restarts from zero for each position
+in the subject string.
+</P>
+<P>
+When <b>pcre_exec()</b> is called with a pattern that was successfully studied
+with a JIT option, the way that the matching is executed is entirely different.
+However, there is still the possibility of runaway matching that goes on for a
+very long time, and so the <i>match_limit</i> value is also used in this case
+(but in a different way) to limit how long the matching can continue.
+</P>
+<P>
+The default value for the limit can be set when PCRE is built; the default
+default is 10 million, which handles all but the most extreme cases. You can
+override the default by suppling <b>pcre_exec()</b> with a <b>pcre_extra</b>
+block in which <i>match_limit</i> is set, and PCRE_EXTRA_MATCH_LIMIT is set in
+the <i>flags</i> field. If the limit is exceeded, <b>pcre_exec()</b> returns
+PCRE_ERROR_MATCHLIMIT.
+</P>
+<P>
+A value for the match limit may also be supplied by an item at the start of a
+pattern of the form
+<pre>
+  (*LIMIT_MATCH=d)
+</pre>
+where d is a decimal number. However, such a setting is ignored unless d is
+less than the limit set by the caller of <b>pcre_exec()</b> or, if no such limit
+is set, less than the default.
+</P>
+<P>
+The <i>match_limit_recursion</i> field is similar to <i>match_limit</i>, but
+instead of limiting the total number of times that <b>match()</b> is called, it
+limits the depth of recursion. The recursion depth is a smaller number than the
+total number of calls, because not all calls to <b>match()</b> are recursive.
+This limit is of use only if it is set smaller than <i>match_limit</i>.
+</P>
+<P>
+Limiting the recursion depth limits the amount of machine stack that can be
+used, or, when PCRE has been compiled to use memory on the heap instead of the
+stack, the amount of heap memory that can be used. This limit is not relevant,
+and is ignored, when matching is done using JIT compiled code.
+</P>
+<P>
+The default value for <i>match_limit_recursion</i> can be set when PCRE is
+built; the default default is the same value as the default for
+<i>match_limit</i>. You can override the default by suppling <b>pcre_exec()</b>
+with a <b>pcre_extra</b> block in which <i>match_limit_recursion</i> is set, and
+PCRE_EXTRA_MATCH_LIMIT_RECURSION is set in the <i>flags</i> field. If the limit
+is exceeded, <b>pcre_exec()</b> returns PCRE_ERROR_RECURSIONLIMIT.
+</P>
+<P>
+A value for the recursion limit may also be supplied by an item at the start of
+a pattern of the form
+<pre>
+  (*LIMIT_RECURSION=d)
+</pre>
+where d is a decimal number. However, such a setting is ignored unless d is
+less than the limit set by the caller of <b>pcre_exec()</b> or, if no such limit
+is set, less than the default.
+</P>
+<P>
+The <i>callout_data</i> field is used in conjunction with the "callout" feature,
+and is described in the
+<a href="pcrecallout.html"><b>pcrecallout</b></a>
+documentation.
+</P>
+<P>
+The <i>tables</i> field is provided for use with patterns that have been
+pre-compiled using custom character tables, saved to disc or elsewhere, and
+then reloaded, because the tables that were used to compile a pattern are not
+saved with it. See the
+<a href="pcreprecompile.html"><b>pcreprecompile</b></a>
+documentation for a discussion of saving compiled patterns for later use. If
+NULL is passed using this mechanism, it forces PCRE's internal tables to be
+used.
+</P>
+<P>
+<b>Warning:</b> The tables that <b>pcre_exec()</b> uses must be the same as those
+that were used when the pattern was compiled. If this is not the case, the
+behaviour of <b>pcre_exec()</b> is undefined. Therefore, when a pattern is
+compiled and matched in the same process, this field should never be set. In
+this (the most common) case, the correct table pointer is automatically passed
+with the compiled pattern from <b>pcre_compile()</b> to <b>pcre_exec()</b>.
+</P>
+<P>
+If PCRE_EXTRA_MARK is set in the <i>flags</i> field, the <i>mark</i> field must
+be set to point to a suitable variable. If the pattern contains any
+backtracking control verbs such as (*MARK:NAME), and the execution ends up with
+a name to pass back, a pointer to the name string (zero terminated) is placed
+in the variable pointed to by the <i>mark</i> field. The names are within the
+compiled pattern; if you wish to retain such a name you must copy it before
+freeing the memory of a compiled pattern. If there is no name to pass back, the
+variable pointed to by the <i>mark</i> field is set to NULL. For details of the
+backtracking control verbs, see the section entitled
+<a href="pcrepattern#backtrackcontrol">"Backtracking control"</a>
+in the
+<a href="pcrepattern.html"><b>pcrepattern</b></a>
+documentation.
+<a name="execoptions"></a></P>
+<br><b>
+Option bits for <b>pcre_exec()</b>
+</b><br>
+<P>
+The unused bits of the <i>options</i> argument for <b>pcre_exec()</b> must be
+zero. The only bits that may be set are PCRE_ANCHORED, PCRE_NEWLINE_<i>xxx</i>,
+PCRE_NOTBOL, PCRE_NOTEOL, PCRE_NOTEMPTY, PCRE_NOTEMPTY_ATSTART,
+PCRE_NO_START_OPTIMIZE, PCRE_NO_UTF8_CHECK, PCRE_PARTIAL_HARD, and
+PCRE_PARTIAL_SOFT.
+</P>
+<P>
+If the pattern was successfully studied with one of the just-in-time (JIT)
+compile options, the only supported options for JIT execution are
+PCRE_NO_UTF8_CHECK, PCRE_NOTBOL, PCRE_NOTEOL, PCRE_NOTEMPTY,
+PCRE_NOTEMPTY_ATSTART, PCRE_PARTIAL_HARD, and PCRE_PARTIAL_SOFT. If an
+unsupported option is used, JIT execution is disabled and the normal
+interpretive code in <b>pcre_exec()</b> is run.
+<pre>
+  PCRE_ANCHORED
+</pre>
+The PCRE_ANCHORED option limits <b>pcre_exec()</b> to matching at the first
+matching position. If a pattern was compiled with PCRE_ANCHORED, or turned out
+to be anchored by virtue of its contents, it cannot be made unachored at
+matching time.
+<pre>
+  PCRE_BSR_ANYCRLF
+  PCRE_BSR_UNICODE
+</pre>
+These options (which are mutually exclusive) control what the \R escape
+sequence matches. The choice is either to match only CR, LF, or CRLF, or to
+match any Unicode newline sequence. These options override the choice that was
+made or defaulted when the pattern was compiled.
+<pre>
+  PCRE_NEWLINE_CR
+  PCRE_NEWLINE_LF
+  PCRE_NEWLINE_CRLF
+  PCRE_NEWLINE_ANYCRLF
+  PCRE_NEWLINE_ANY
+</pre>
+These options override the newline definition that was chosen or defaulted when
+the pattern was compiled. For details, see the description of
+<b>pcre_compile()</b> above. During matching, the newline choice affects the
+behaviour of the dot, circumflex, and dollar metacharacters. It may also alter
+the way the match position is advanced after a match failure for an unanchored
+pattern.
+</P>
+<P>
+When PCRE_NEWLINE_CRLF, PCRE_NEWLINE_ANYCRLF, or PCRE_NEWLINE_ANY is set, and a
+match attempt for an unanchored pattern fails when the current position is at a
+CRLF sequence, and the pattern contains no explicit matches for CR or LF
+characters, the match position is advanced by two characters instead of one, in
+other words, to after the CRLF.
+</P>
+<P>
+The above rule is a compromise that makes the most common cases work as
+expected. For example, if the pattern is .+A (and the PCRE_DOTALL option is not
+set), it does not match the string "\r\nA" because, after failing at the
+start, it skips both the CR and the LF before retrying. However, the pattern
+[\r\n]A does match that string, because it contains an explicit CR or LF
+reference, and so advances only by one character after the first failure.
+</P>
+<P>
+An explicit match for CR of LF is either a literal appearance of one of those
+characters, or one of the \r or \n escape sequences. Implicit matches such as
+[^X] do not count, nor does \s (which includes CR and LF in the characters
+that it matches).
+</P>
+<P>
+Notwithstanding the above, anomalous effects may still occur when CRLF is a
+valid newline sequence and explicit \r or \n escapes appear in the pattern.
+<pre>
+  PCRE_NOTBOL
+</pre>
+This option specifies that first character of the subject string is not the
+beginning of a line, so the circumflex metacharacter should not match before
+it. Setting this without PCRE_MULTILINE (at compile time) causes circumflex
+never to match. This option affects only the behaviour of the circumflex
+metacharacter. It does not affect \A.
+<pre>
+  PCRE_NOTEOL
+</pre>
+This option specifies that the end of the subject string is not the end of a
+line, so the dollar metacharacter should not match it nor (except in multiline
+mode) a newline immediately before it. Setting this without PCRE_MULTILINE (at
+compile time) causes dollar never to match. This option affects only the
+behaviour of the dollar metacharacter. It does not affect \Z or \z.
+<pre>
+  PCRE_NOTEMPTY
+</pre>
+An empty string is not considered to be a valid match if this option is set. If
+there are alternatives in the pattern, they are tried. If all the alternatives
+match the empty string, the entire match fails. For example, if the pattern
+<pre>
+  a?b?
+</pre>
+is applied to a string not beginning with "a" or "b", it matches an empty
+string at the start of the subject. With PCRE_NOTEMPTY set, this match is not
+valid, so PCRE searches further into the string for occurrences of "a" or "b".
+<pre>
+  PCRE_NOTEMPTY_ATSTART
+</pre>
+This is like PCRE_NOTEMPTY, except that an empty string match that is not at
+the start of the subject is permitted. If the pattern is anchored, such a match
+can occur only if the pattern contains \K.
+</P>
+<P>
+Perl has no direct equivalent of PCRE_NOTEMPTY or PCRE_NOTEMPTY_ATSTART, but it
+does make a special case of a pattern match of the empty string within its
+<b>split()</b> function, and when using the /g modifier. It is possible to
+emulate Perl's behaviour after matching a null string by first trying the match
+again at the same offset with PCRE_NOTEMPTY_ATSTART and PCRE_ANCHORED, and then
+if that fails, by advancing the starting offset (see below) and trying an
+ordinary match again. There is some code that demonstrates how to do this in
+the
+<a href="pcredemo.html"><b>pcredemo</b></a>
+sample program. In the most general case, you have to check to see if the
+newline convention recognizes CRLF as a newline, and if so, and the current
+character is CR followed by LF, advance the starting offset by two characters
+instead of one.
+<pre>
+  PCRE_NO_START_OPTIMIZE
+</pre>
+There are a number of optimizations that <b>pcre_exec()</b> uses at the start of
+a match, in order to speed up the process. For example, if it is known that an
+unanchored match must start with a specific character, it searches the subject
+for that character, and fails immediately if it cannot find it, without
+actually running the main matching function. This means that a special item
+such as (*COMMIT) at the start of a pattern is not considered until after a
+suitable starting point for the match has been found. Also, when callouts or
+(*MARK) items are in use, these "start-up" optimizations can cause them to be
+skipped if the pattern is never actually used. The start-up optimizations are
+in effect a pre-scan of the subject that takes place before the pattern is run.
+</P>
+<P>
+The PCRE_NO_START_OPTIMIZE option disables the start-up optimizations, possibly
+causing performance to suffer, but ensuring that in cases where the result is
+"no match", the callouts do occur, and that items such as (*COMMIT) and (*MARK)
+are considered at every possible starting position in the subject string. If
+PCRE_NO_START_OPTIMIZE is set at compile time, it cannot be unset at matching
+time. The use of PCRE_NO_START_OPTIMIZE at matching time (that is, passing it
+to <b>pcre_exec()</b>) disables JIT execution; in this situation, matching is
+always done using interpretively.
+</P>
+<P>
+Setting PCRE_NO_START_OPTIMIZE can change the outcome of a matching operation.
+Consider the pattern
+<pre>
+  (*COMMIT)ABC
+</pre>
+When this is compiled, PCRE records the fact that a match must start with the
+character "A". Suppose the subject string is "DEFABC". The start-up
+optimization scans along the subject, finds "A" and runs the first match
+attempt from there. The (*COMMIT) item means that the pattern must match the
+current starting position, which in this case, it does. However, if the same
+match is run with PCRE_NO_START_OPTIMIZE set, the initial scan along the
+subject string does not happen. The first match attempt is run starting from
+"D" and when this fails, (*COMMIT) prevents any further matches being tried, so
+the overall result is "no match". If the pattern is studied, more start-up
+optimizations may be used. For example, a minimum length for the subject may be
+recorded. Consider the pattern
+<pre>
+  (*MARK:A)(X|Y)
+</pre>
+The minimum length for a match is one character. If the subject is "ABC", there
+will be attempts to match "ABC", "BC", "C", and then finally an empty string.
+If the pattern is studied, the final attempt does not take place, because PCRE
+knows that the subject is too short, and so the (*MARK) is never encountered.
+In this case, studying the pattern does not affect the overall match result,
+which is still "no match", but it does affect the auxiliary information that is
+returned.
+<pre>
+  PCRE_NO_UTF8_CHECK
+</pre>
+When PCRE_UTF8 is set at compile time, the validity of the subject as a UTF-8
+string is automatically checked when <b>pcre_exec()</b> is subsequently called.
+The entire string is checked before any other processing takes place. The value
+of <i>startoffset</i> is also checked to ensure that it points to the start of a
+UTF-8 character. There is a discussion about the
+<a href="pcreunicode.html#utf8strings">validity of UTF-8 strings</a>
+in the
+<a href="pcreunicode.html"><b>pcreunicode</b></a>
+page. If an invalid sequence of bytes is found, <b>pcre_exec()</b> returns the
+error PCRE_ERROR_BADUTF8 or, if PCRE_PARTIAL_HARD is set and the problem is a
+truncated character at the end of the subject, PCRE_ERROR_SHORTUTF8. In both
+cases, information about the precise nature of the error may also be returned
+(see the descriptions of these errors in the section entitled \fIError return
+values from\fP <b>pcre_exec()</b>
+<a href="#errorlist">below).</a>
+If <i>startoffset</i> contains a value that does not point to the start of a
+UTF-8 character (or to the end of the subject), PCRE_ERROR_BADUTF8_OFFSET is
+returned.
+</P>
+<P>
+If you already know that your subject is valid, and you want to skip these
+checks for performance reasons, you can set the PCRE_NO_UTF8_CHECK option when
+calling <b>pcre_exec()</b>. You might want to do this for the second and
+subsequent calls to <b>pcre_exec()</b> if you are making repeated calls to find
+all the matches in a single subject string. However, you should be sure that
+the value of <i>startoffset</i> points to the start of a character (or the end
+of the subject). When PCRE_NO_UTF8_CHECK is set, the effect of passing an
+invalid string as a subject or an invalid value of <i>startoffset</i> is
+undefined. Your program may crash or loop.
+<pre>
+  PCRE_PARTIAL_HARD
+  PCRE_PARTIAL_SOFT
+</pre>
+These options turn on the partial matching feature. For backwards
+compatibility, PCRE_PARTIAL is a synonym for PCRE_PARTIAL_SOFT. A partial match
+occurs if the end of the subject string is reached successfully, but there are
+not enough subject characters to complete the match. If this happens when
+PCRE_PARTIAL_SOFT (but not PCRE_PARTIAL_HARD) is set, matching continues by
+testing any remaining alternatives. Only if no complete match can be found is
+PCRE_ERROR_PARTIAL returned instead of PCRE_ERROR_NOMATCH. In other words,
+PCRE_PARTIAL_SOFT says that the caller is prepared to handle a partial match,
+but only if no complete match can be found.
+</P>
+<P>
+If PCRE_PARTIAL_HARD is set, it overrides PCRE_PARTIAL_SOFT. In this case, if a
+partial match is found, <b>pcre_exec()</b> immediately returns
+PCRE_ERROR_PARTIAL, without considering any other alternatives. In other words,
+when PCRE_PARTIAL_HARD is set, a partial match is considered to be more
+important that an alternative complete match.
+</P>
+<P>
+In both cases, the portion of the string that was inspected when the partial
+match was found is set as the first matching string. There is a more detailed
+discussion of partial and multi-segment matching, with examples, in the
+<a href="pcrepartial.html"><b>pcrepartial</b></a>
+documentation.
+</P>
+<br><b>
+The string to be matched by <b>pcre_exec()</b>
+</b><br>
+<P>
+The subject string is passed to <b>pcre_exec()</b> as a pointer in
+<i>subject</i>, a length in <i>length</i>, and a starting offset in
+<i>startoffset</i>. The units for <i>length</i> and <i>startoffset</i> are bytes
+for the 8-bit library, 16-bit data items for the 16-bit library, and 32-bit
+data items for the 32-bit library.
+</P>
+<P>
+If <i>startoffset</i> is negative or greater than the length of the subject,
+<b>pcre_exec()</b> returns PCRE_ERROR_BADOFFSET. When the starting offset is
+zero, the search for a match starts at the beginning of the subject, and this
+is by far the most common case. In UTF-8 or UTF-16 mode, the offset must point
+to the start of a character, or the end of the subject (in UTF-32 mode, one
+data unit equals one character, so all offsets are valid). Unlike the pattern
+string, the subject may contain binary zeroes.
+</P>
+<P>
+A non-zero starting offset is useful when searching for another match in the
+same subject by calling <b>pcre_exec()</b> again after a previous success.
+Setting <i>startoffset</i> differs from just passing over a shortened string and
+setting PCRE_NOTBOL in the case of a pattern that begins with any kind of
+lookbehind. For example, consider the pattern
+<pre>
+  \Biss\B
+</pre>
+which finds occurrences of "iss" in the middle of words. (\B matches only if
+the current position in the subject is not a word boundary.) When applied to
+the string "Mississipi" the first call to <b>pcre_exec()</b> finds the first
+occurrence. If <b>pcre_exec()</b> is called again with just the remainder of the
+subject, namely "issipi", it does not match, because \B is always false at the
+start of the subject, which is deemed to be a word boundary. However, if
+<b>pcre_exec()</b> is passed the entire string again, but with <i>startoffset</i>
+set to 4, it finds the second occurrence of "iss" because it is able to look
+behind the starting point to discover that it is preceded by a letter.
+</P>
+<P>
+Finding all the matches in a subject is tricky when the pattern can match an
+empty string. It is possible to emulate Perl's /g behaviour by first trying the
+match again at the same offset, with the PCRE_NOTEMPTY_ATSTART and
+PCRE_ANCHORED options, and then if that fails, advancing the starting offset
+and trying an ordinary match again. There is some code that demonstrates how to
+do this in the
+<a href="pcredemo.html"><b>pcredemo</b></a>
+sample program. In the most general case, you have to check to see if the
+newline convention recognizes CRLF as a newline, and if so, and the current
+character is CR followed by LF, advance the starting offset by two characters
+instead of one.
+</P>
+<P>
+If a non-zero starting offset is passed when the pattern is anchored, one
+attempt to match at the given offset is made. This can only succeed if the
+pattern does not require the match to be at the start of the subject.
+</P>
+<br><b>
+How <b>pcre_exec()</b> returns captured substrings
+</b><br>
+<P>
+In general, a pattern matches a certain portion of the subject, and in
+addition, further substrings from the subject may be picked out by parts of the
+pattern. Following the usage in Jeffrey Friedl's book, this is called
+"capturing" in what follows, and the phrase "capturing subpattern" is used for
+a fragment of a pattern that picks out a substring. PCRE supports several other
+kinds of parenthesized subpattern that do not cause substrings to be captured.
+</P>
+<P>
+Captured substrings are returned to the caller via a vector of integers whose
+address is passed in <i>ovector</i>. The number of elements in the vector is
+passed in <i>ovecsize</i>, which must be a non-negative number. <b>Note</b>: this
+argument is NOT the size of <i>ovector</i> in bytes.
+</P>
+<P>
+The first two-thirds of the vector is used to pass back captured substrings,
+each substring using a pair of integers. The remaining third of the vector is
+used as workspace by <b>pcre_exec()</b> while matching capturing subpatterns,
+and is not available for passing back information. The number passed in
+<i>ovecsize</i> should always be a multiple of three. If it is not, it is
+rounded down.
+</P>
+<P>
+When a match is successful, information about captured substrings is returned
+in pairs of integers, starting at the beginning of <i>ovector</i>, and
+continuing up to two-thirds of its length at the most. The first element of
+each pair is set to the offset of the first character in a substring, and the
+second is set to the offset of the first character after the end of a
+substring. These values are always data unit offsets, even in UTF mode. They
+are byte offsets in the 8-bit library, 16-bit data item offsets in the 16-bit
+library, and 32-bit data item offsets in the 32-bit library. <b>Note</b>: they
+are not character counts.
+</P>
+<P>
+The first pair of integers, <i>ovector[0]</i> and <i>ovector[1]</i>, identify the
+portion of the subject string matched by the entire pattern. The next pair is
+used for the first capturing subpattern, and so on. The value returned by
+<b>pcre_exec()</b> is one more than the highest numbered pair that has been set.
+For example, if two substrings have been captured, the returned value is 3. If
+there are no capturing subpatterns, the return value from a successful match is
+1, indicating that just the first pair of offsets has been set.
+</P>
+<P>
+If a capturing subpattern is matched repeatedly, it is the last portion of the
+string that it matched that is returned.
+</P>
+<P>
+If the vector is too small to hold all the captured substring offsets, it is
+used as far as possible (up to two-thirds of its length), and the function
+returns a value of zero. If neither the actual string matched nor any captured
+substrings are of interest, <b>pcre_exec()</b> may be called with <i>ovector</i>
+passed as NULL and <i>ovecsize</i> as zero. However, if the pattern contains
+back references and the <i>ovector</i> is not big enough to remember the related
+substrings, PCRE has to get additional memory for use during matching. Thus it
+is usually advisable to supply an <i>ovector</i> of reasonable size.
+</P>
+<P>
+There are some cases where zero is returned (indicating vector overflow) when
+in fact the vector is exactly the right size for the final match. For example,
+consider the pattern
+<pre>
+  (a)(?:(b)c|bd)
+</pre>
+If a vector of 6 elements (allowing for only 1 captured substring) is given
+with subject string "abd", <b>pcre_exec()</b> will try to set the second
+captured string, thereby recording a vector overflow, before failing to match
+"c" and backing up to try the second alternative. The zero return, however,
+does correctly indicate that the maximum number of slots (namely 2) have been
+filled. In similar cases where there is temporary overflow, but the final
+number of used slots is actually less than the maximum, a non-zero value is
+returned.
+</P>
+<P>
+The <b>pcre_fullinfo()</b> function can be used to find out how many capturing
+subpatterns there are in a compiled pattern. The smallest size for
+<i>ovector</i> that will allow for <i>n</i> captured substrings, in addition to
+the offsets of the substring matched by the whole pattern, is (<i>n</i>+1)*3.
+</P>
+<P>
+It is possible for capturing subpattern number <i>n+1</i> to match some part of
+the subject when subpattern <i>n</i> has not been used at all. For example, if
+the string "abc" is matched against the pattern (a|(z))(bc) the return from the
+function is 4, and subpatterns 1 and 3 are matched, but 2 is not. When this
+happens, both values in the offset pairs corresponding to unused subpatterns
+are set to -1.
+</P>
+<P>
+Offset values that correspond to unused subpatterns at the end of the
+expression are also set to -1. For example, if the string "abc" is matched
+against the pattern (abc)(x(yz)?)? subpatterns 2 and 3 are not matched. The
+return from the function is 2, because the highest used capturing subpattern
+number is 1, and the offsets for for the second and third capturing subpatterns
+(assuming the vector is large enough, of course) are set to -1.
+</P>
+<P>
+<b>Note</b>: Elements in the first two-thirds of <i>ovector</i> that do not
+correspond to capturing parentheses in the pattern are never changed. That is,
+if a pattern contains <i>n</i> capturing parentheses, no more than
+<i>ovector[0]</i> to <i>ovector[2n+1]</i> are set by <b>pcre_exec()</b>. The other
+elements (in the first two-thirds) retain whatever values they previously had.
+</P>
+<P>
+Some convenience functions are provided for extracting the captured substrings
+as separate strings. These are described below.
+<a name="errorlist"></a></P>
+<br><b>
+Error return values from <b>pcre_exec()</b>
+</b><br>
+<P>
+If <b>pcre_exec()</b> fails, it returns a negative number. The following are
+defined in the header file:
+<pre>
+  PCRE_ERROR_NOMATCH        (-1)
+</pre>
+The subject string did not match the pattern.
+<pre>
+  PCRE_ERROR_NULL           (-2)
+</pre>
+Either <i>code</i> or <i>subject</i> was passed as NULL, or <i>ovector</i> was
+NULL and <i>ovecsize</i> was not zero.
+<pre>
+  PCRE_ERROR_BADOPTION      (-3)
+</pre>
+An unrecognized bit was set in the <i>options</i> argument.
+<pre>
+  PCRE_ERROR_BADMAGIC       (-4)
+</pre>
+PCRE stores a 4-byte "magic number" at the start of the compiled code, to catch
+the case when it is passed a junk pointer and to detect when a pattern that was
+compiled in an environment of one endianness is run in an environment with the
+other endianness. This is the error that PCRE gives when the magic number is
+not present.
+<pre>
+  PCRE_ERROR_UNKNOWN_OPCODE (-5)
+</pre>
+While running the pattern match, an unknown item was encountered in the
+compiled pattern. This error could be caused by a bug in PCRE or by overwriting
+of the compiled pattern.
+<pre>
+  PCRE_ERROR_NOMEMORY       (-6)
+</pre>
+If a pattern contains back references, but the <i>ovector</i> that is passed to
+<b>pcre_exec()</b> is not big enough to remember the referenced substrings, PCRE
+gets a block of memory at the start of matching to use for this purpose. If the
+call via <b>pcre_malloc()</b> fails, this error is given. The memory is
+automatically freed at the end of matching.
+</P>
+<P>
+This error is also given if <b>pcre_stack_malloc()</b> fails in
+<b>pcre_exec()</b>. This can happen only when PCRE has been compiled with
+<b>--disable-stack-for-recursion</b>.
+<pre>
+  PCRE_ERROR_NOSUBSTRING    (-7)
+</pre>
+This error is used by the <b>pcre_copy_substring()</b>,
+<b>pcre_get_substring()</b>, and <b>pcre_get_substring_list()</b> functions (see
+below). It is never returned by <b>pcre_exec()</b>.
+<pre>
+  PCRE_ERROR_MATCHLIMIT     (-8)
+</pre>
+The backtracking limit, as specified by the <i>match_limit</i> field in a
+<b>pcre_extra</b> structure (or defaulted) was reached. See the description
+above.
+<pre>
+  PCRE_ERROR_CALLOUT        (-9)
+</pre>
+This error is never generated by <b>pcre_exec()</b> itself. It is provided for
+use by callout functions that want to yield a distinctive error code. See the
+<a href="pcrecallout.html"><b>pcrecallout</b></a>
+documentation for details.
+<pre>
+  PCRE_ERROR_BADUTF8        (-10)
+</pre>
+A string that contains an invalid UTF-8 byte sequence was passed as a subject,
+and the PCRE_NO_UTF8_CHECK option was not set. If the size of the output vector
+(<i>ovecsize</i>) is at least 2, the byte offset to the start of the the invalid
+UTF-8 character is placed in the first element, and a reason code is placed in
+the second element. The reason codes are listed in the
+<a href="#badutf8reasons">following section.</a>
+For backward compatibility, if PCRE_PARTIAL_HARD is set and the problem is a
+truncated UTF-8 character at the end of the subject (reason codes 1 to 5),
+PCRE_ERROR_SHORTUTF8 is returned instead of PCRE_ERROR_BADUTF8.
+<pre>
+  PCRE_ERROR_BADUTF8_OFFSET (-11)
+</pre>
+The UTF-8 byte sequence that was passed as a subject was checked and found to
+be valid (the PCRE_NO_UTF8_CHECK option was not set), but the value of
+<i>startoffset</i> did not point to the beginning of a UTF-8 character or the
+end of the subject.
+<pre>
+  PCRE_ERROR_PARTIAL        (-12)
+</pre>
+The subject string did not match, but it did match partially. See the
+<a href="pcrepartial.html"><b>pcrepartial</b></a>
+documentation for details of partial matching.
+<pre>
+  PCRE_ERROR_BADPARTIAL     (-13)
+</pre>
+This code is no longer in use. It was formerly returned when the PCRE_PARTIAL
+option was used with a compiled pattern containing items that were not
+supported for partial matching. From release 8.00 onwards, there are no
+restrictions on partial matching.
+<pre>
+  PCRE_ERROR_INTERNAL       (-14)
+</pre>
+An unexpected internal error has occurred. This error could be caused by a bug
+in PCRE or by overwriting of the compiled pattern.
+<pre>
+  PCRE_ERROR_BADCOUNT       (-15)
+</pre>
+This error is given if the value of the <i>ovecsize</i> argument is negative.
+<pre>
+  PCRE_ERROR_RECURSIONLIMIT (-21)
+</pre>
+The internal recursion limit, as specified by the <i>match_limit_recursion</i>
+field in a <b>pcre_extra</b> structure (or defaulted) was reached. See the
+description above.
+<pre>
+  PCRE_ERROR_BADNEWLINE     (-23)
+</pre>
+An invalid combination of PCRE_NEWLINE_<i>xxx</i> options was given.
+<pre>
+  PCRE_ERROR_BADOFFSET      (-24)
+</pre>
+The value of <i>startoffset</i> was negative or greater than the length of the
+subject, that is, the value in <i>length</i>.
+<pre>
+  PCRE_ERROR_SHORTUTF8      (-25)
+</pre>
+This error is returned instead of PCRE_ERROR_BADUTF8 when the subject string
+ends with a truncated UTF-8 character and the PCRE_PARTIAL_HARD option is set.
+Information about the failure is returned as for PCRE_ERROR_BADUTF8. It is in
+fact sufficient to detect this case, but this special error code for
+PCRE_PARTIAL_HARD precedes the implementation of returned information; it is
+retained for backwards compatibility.
+<pre>
+  PCRE_ERROR_RECURSELOOP    (-26)
+</pre>
+This error is returned when <b>pcre_exec()</b> detects a recursion loop within
+the pattern. Specifically, it means that either the whole pattern or a
+subpattern has been called recursively for the second time at the same position
+in the subject string. Some simple patterns that might do this are detected and
+faulted at compile time, but more complicated cases, in particular mutual
+recursions between two different subpatterns, cannot be detected until run
+time.
+<pre>
+  PCRE_ERROR_JIT_STACKLIMIT (-27)
+</pre>
+This error is returned when a pattern that was successfully studied using a
+JIT compile option is being matched, but the memory available for the
+just-in-time processing stack is not large enough. See the
+<a href="pcrejit.html"><b>pcrejit</b></a>
+documentation for more details.
+<pre>
+  PCRE_ERROR_BADMODE        (-28)
+</pre>
+This error is given if a pattern that was compiled by the 8-bit library is
+passed to a 16-bit or 32-bit library function, or vice versa.
+<pre>
+  PCRE_ERROR_BADENDIANNESS  (-29)
+</pre>
+This error is given if a pattern that was compiled and saved is reloaded on a
+host with different endianness. The utility function
+<b>pcre_pattern_to_host_byte_order()</b> can be used to convert such a pattern
+so that it runs on the new host.
+<pre>
+  PCRE_ERROR_JIT_BADOPTION
+</pre>
+This error is returned when a pattern that was successfully studied using a JIT
+compile option is being matched, but the matching mode (partial or complete
+match) does not correspond to any JIT compilation mode. When the JIT fast path
+function is used, this error may be also given for invalid options. See the
+<a href="pcrejit.html"><b>pcrejit</b></a>
+documentation for more details.
+<pre>
+  PCRE_ERROR_BADLENGTH      (-32)
+</pre>
+This error is given if <b>pcre_exec()</b> is called with a negative value for
+the <i>length</i> argument.
+</P>
+<P>
+Error numbers -16 to -20, -22, and 30 are not used by <b>pcre_exec()</b>.
+<a name="badutf8reasons"></a></P>
+<br><b>
+Reason codes for invalid UTF-8 strings
+</b><br>
+<P>
+This section applies only to the 8-bit library. The corresponding information
+for the 16-bit and 32-bit libraries is given in the
+<a href="pcre16.html"><b>pcre16</b></a>
+and
+<a href="pcre32.html"><b>pcre32</b></a>
+pages.
+</P>
+<P>
+When <b>pcre_exec()</b> returns either PCRE_ERROR_BADUTF8 or
+PCRE_ERROR_SHORTUTF8, and the size of the output vector (<i>ovecsize</i>) is at
+least 2, the offset of the start of the invalid UTF-8 character is placed in
+the first output vector element (<i>ovector[0]</i>) and a reason code is placed
+in the second element (<i>ovector[1]</i>). The reason codes are given names in
+the <b>pcre.h</b> header file:
+<pre>
+  PCRE_UTF8_ERR1
+  PCRE_UTF8_ERR2
+  PCRE_UTF8_ERR3
+  PCRE_UTF8_ERR4
+  PCRE_UTF8_ERR5
+</pre>
+The string ends with a truncated UTF-8 character; the code specifies how many
+bytes are missing (1 to 5). Although RFC 3629 restricts UTF-8 characters to be
+no longer than 4 bytes, the encoding scheme (originally defined by RFC 2279)
+allows for up to 6 bytes, and this is checked first; hence the possibility of
+4 or 5 missing bytes.
+<pre>
+  PCRE_UTF8_ERR6
+  PCRE_UTF8_ERR7
+  PCRE_UTF8_ERR8
+  PCRE_UTF8_ERR9
+  PCRE_UTF8_ERR10
+</pre>
+The two most significant bits of the 2nd, 3rd, 4th, 5th, or 6th byte of the
+character do not have the binary value 0b10 (that is, either the most
+significant bit is 0, or the next bit is 1).
+<pre>
+  PCRE_UTF8_ERR11
+  PCRE_UTF8_ERR12
+</pre>
+A character that is valid by the RFC 2279 rules is either 5 or 6 bytes long;
+these code points are excluded by RFC 3629.
+<pre>
+  PCRE_UTF8_ERR13
+</pre>
+A 4-byte character has a value greater than 0x10fff; these code points are
+excluded by RFC 3629.
+<pre>
+  PCRE_UTF8_ERR14
+</pre>
+A 3-byte character has a value in the range 0xd800 to 0xdfff; this range of
+code points are reserved by RFC 3629 for use with UTF-16, and so are excluded
+from UTF-8.
+<pre>
+  PCRE_UTF8_ERR15
+  PCRE_UTF8_ERR16
+  PCRE_UTF8_ERR17
+  PCRE_UTF8_ERR18
+  PCRE_UTF8_ERR19
+</pre>
+A 2-, 3-, 4-, 5-, or 6-byte character is "overlong", that is, it codes for a
+value that can be represented by fewer bytes, which is invalid. For example,
+the two bytes 0xc0, 0xae give the value 0x2e, whose correct coding uses just
+one byte.
+<pre>
+  PCRE_UTF8_ERR20
+</pre>
+The two most significant bits of the first byte of a character have the binary
+value 0b10 (that is, the most significant bit is 1 and the second is 0). Such a
+byte can only validly occur as the second or subsequent byte of a multi-byte
+character.
+<pre>
+  PCRE_UTF8_ERR21
+</pre>
+The first byte of a character has the value 0xfe or 0xff. These values can
+never occur in a valid UTF-8 string.
+<pre>
+  PCRE_UTF8_ERR22
+</pre>
+This error code was formerly used when the presence of a so-called
+"non-character" caused an error. Unicode corrigendum #9 makes it clear that
+such characters should not cause a string to be rejected, and so this code is
+no longer in use and is never returned.
+</P>
+<br><a name="SEC18" href="#TOC1">EXTRACTING CAPTURED SUBSTRINGS BY NUMBER</a><br>
+<P>
+<b>int pcre_copy_substring(const char *<i>subject</i>, int *<i>ovector</i>,</b>
+<b>     int <i>stringcount</i>, int <i>stringnumber</i>, char *<i>buffer</i>,</b>
+<b>     int <i>buffersize</i>);</b>
+<br>
+<br>
+<b>int pcre_get_substring(const char *<i>subject</i>, int *<i>ovector</i>,</b>
+<b>     int <i>stringcount</i>, int <i>stringnumber</i>,</b>
+<b>     const char **<i>stringptr</i>);</b>
+<br>
+<br>
+<b>int pcre_get_substring_list(const char *<i>subject</i>,</b>
+<b>     int *<i>ovector</i>, int <i>stringcount</i>, const char ***<i>listptr</i>);</b>
+</P>
+<P>
+Captured substrings can be accessed directly by using the offsets returned by
+<b>pcre_exec()</b> in <i>ovector</i>. For convenience, the functions
+<b>pcre_copy_substring()</b>, <b>pcre_get_substring()</b>, and
+<b>pcre_get_substring_list()</b> are provided for extracting captured substrings
+as new, separate, zero-terminated strings. These functions identify substrings
+by number. The next section describes functions for extracting named
+substrings.
+</P>
+<P>
+A substring that contains a binary zero is correctly extracted and has a
+further zero added on the end, but the result is not, of course, a C string.
+However, you can process such a string by referring to the length that is
+returned by <b>pcre_copy_substring()</b> and <b>pcre_get_substring()</b>.
+Unfortunately, the interface to <b>pcre_get_substring_list()</b> is not adequate
+for handling strings containing binary zeros, because the end of the final
+string is not independently indicated.
+</P>
+<P>
+The first three arguments are the same for all three of these functions:
+<i>subject</i> is the subject string that has just been successfully matched,
+<i>ovector</i> is a pointer to the vector of integer offsets that was passed to
+<b>pcre_exec()</b>, and <i>stringcount</i> is the number of substrings that were
+captured by the match, including the substring that matched the entire regular
+expression. This is the value returned by <b>pcre_exec()</b> if it is greater
+than zero. If <b>pcre_exec()</b> returned zero, indicating that it ran out of
+space in <i>ovector</i>, the value passed as <i>stringcount</i> should be the
+number of elements in the vector divided by three.
+</P>
+<P>
+The functions <b>pcre_copy_substring()</b> and <b>pcre_get_substring()</b>
+extract a single substring, whose number is given as <i>stringnumber</i>. A
+value of zero extracts the substring that matched the entire pattern, whereas
+higher values extract the captured substrings. For <b>pcre_copy_substring()</b>,
+the string is placed in <i>buffer</i>, whose length is given by
+<i>buffersize</i>, while for <b>pcre_get_substring()</b> a new block of memory is
+obtained via <b>pcre_malloc</b>, and its address is returned via
+<i>stringptr</i>. The yield of the function is the length of the string, not
+including the terminating zero, or one of these error codes:
+<pre>
+  PCRE_ERROR_NOMEMORY       (-6)
+</pre>
+The buffer was too small for <b>pcre_copy_substring()</b>, or the attempt to get
+memory failed for <b>pcre_get_substring()</b>.
+<pre>
+  PCRE_ERROR_NOSUBSTRING    (-7)
+</pre>
+There is no substring whose number is <i>stringnumber</i>.
+</P>
+<P>
+The <b>pcre_get_substring_list()</b> function extracts all available substrings
+and builds a list of pointers to them. All this is done in a single block of
+memory that is obtained via <b>pcre_malloc</b>. The address of the memory block
+is returned via <i>listptr</i>, which is also the start of the list of string
+pointers. The end of the list is marked by a NULL pointer. The yield of the
+function is zero if all went well, or the error code
+<pre>
+  PCRE_ERROR_NOMEMORY       (-6)
+</pre>
+if the attempt to get the memory block failed.
+</P>
+<P>
+When any of these functions encounter a substring that is unset, which can
+happen when capturing subpattern number <i>n+1</i> matches some part of the
+subject, but subpattern <i>n</i> has not been used at all, they return an empty
+string. This can be distinguished from a genuine zero-length substring by
+inspecting the appropriate offset in <i>ovector</i>, which is negative for unset
+substrings.
+</P>
+<P>
+The two convenience functions <b>pcre_free_substring()</b> and
+<b>pcre_free_substring_list()</b> can be used to free the memory returned by
+a previous call of <b>pcre_get_substring()</b> or
+<b>pcre_get_substring_list()</b>, respectively. They do nothing more than call
+the function pointed to by <b>pcre_free</b>, which of course could be called
+directly from a C program. However, PCRE is used in some situations where it is
+linked via a special interface to another programming language that cannot use
+<b>pcre_free</b> directly; it is for these cases that the functions are
+provided.
+</P>
+<br><a name="SEC19" href="#TOC1">EXTRACTING CAPTURED SUBSTRINGS BY NAME</a><br>
+<P>
+<b>int pcre_get_stringnumber(const pcre *<i>code</i>,</b>
+<b>     const char *<i>name</i>);</b>
+<br>
+<br>
+<b>int pcre_copy_named_substring(const pcre *<i>code</i>,</b>
+<b>     const char *<i>subject</i>, int *<i>ovector</i>,</b>
+<b>     int <i>stringcount</i>, const char *<i>stringname</i>,</b>
+<b>     char *<i>buffer</i>, int <i>buffersize</i>);</b>
+<br>
+<br>
+<b>int pcre_get_named_substring(const pcre *<i>code</i>,</b>
+<b>     const char *<i>subject</i>, int *<i>ovector</i>,</b>
+<b>     int <i>stringcount</i>, const char *<i>stringname</i>,</b>
+<b>     const char **<i>stringptr</i>);</b>
+</P>
+<P>
+To extract a substring by name, you first have to find associated number.
+For example, for this pattern
+<pre>
+  (a+)b(?&#60;xxx&#62;\d+)...
+</pre>
+the number of the subpattern called "xxx" is 2. If the name is known to be
+unique (PCRE_DUPNAMES was not set), you can find the number from the name by
+calling <b>pcre_get_stringnumber()</b>. The first argument is the compiled
+pattern, and the second is the name. The yield of the function is the
+subpattern number, or PCRE_ERROR_NOSUBSTRING (-7) if there is no subpattern of
+that name.
+</P>
+<P>
+Given the number, you can extract the substring directly, or use one of the
+functions described in the previous section. For convenience, there are also
+two functions that do the whole job.
+</P>
+<P>
+Most of the arguments of <b>pcre_copy_named_substring()</b> and
+<b>pcre_get_named_substring()</b> are the same as those for the similarly named
+functions that extract by number. As these are described in the previous
+section, they are not re-described here. There are just two differences:
+</P>
+<P>
+First, instead of a substring number, a substring name is given. Second, there
+is an extra argument, given at the start, which is a pointer to the compiled
+pattern. This is needed in order to gain access to the name-to-number
+translation table.
+</P>
+<P>
+These functions call <b>pcre_get_stringnumber()</b>, and if it succeeds, they
+then call <b>pcre_copy_substring()</b> or <b>pcre_get_substring()</b>, as
+appropriate. <b>NOTE:</b> If PCRE_DUPNAMES is set and there are duplicate names,
+the behaviour may not be what you want (see the next section).
+</P>
+<P>
+<b>Warning:</b> If the pattern uses the (?| feature to set up multiple
+subpatterns with the same number, as described in the
+<a href="pcrepattern.html#dupsubpatternnumber">section on duplicate subpattern numbers</a>
+in the
+<a href="pcrepattern.html"><b>pcrepattern</b></a>
+page, you cannot use names to distinguish the different subpatterns, because
+names are not included in the compiled code. The matching process uses only
+numbers. For this reason, the use of different names for subpatterns of the
+same number causes an error at compile time.
+</P>
+<br><a name="SEC20" href="#TOC1">DUPLICATE SUBPATTERN NAMES</a><br>
+<P>
+<b>int pcre_get_stringtable_entries(const pcre *<i>code</i>,</b>
+<b>     const char *<i>name</i>, char **<i>first</i>, char **<i>last</i>);</b>
+</P>
+<P>
+When a pattern is compiled with the PCRE_DUPNAMES option, names for subpatterns
+are not required to be unique. (Duplicate names are always allowed for
+subpatterns with the same number, created by using the (?| feature. Indeed, if
+such subpatterns are named, they are required to use the same names.)
+</P>
+<P>
+Normally, patterns with duplicate names are such that in any one match, only
+one of the named subpatterns participates. An example is shown in the
+<a href="pcrepattern.html"><b>pcrepattern</b></a>
+documentation.
+</P>
+<P>
+When duplicates are present, <b>pcre_copy_named_substring()</b> and
+<b>pcre_get_named_substring()</b> return the first substring corresponding to
+the given name that is set. If none are set, PCRE_ERROR_NOSUBSTRING (-7) is
+returned; no data is returned. The <b>pcre_get_stringnumber()</b> function
+returns one of the numbers that are associated with the name, but it is not
+defined which it is.
+</P>
+<P>
+If you want to get full details of all captured substrings for a given name,
+you must use the <b>pcre_get_stringtable_entries()</b> function. The first
+argument is the compiled pattern, and the second is the name. The third and
+fourth are pointers to variables which are updated by the function. After it
+has run, they point to the first and last entries in the name-to-number table
+for the given name. The function itself returns the length of each entry, or
+PCRE_ERROR_NOSUBSTRING (-7) if there are none. The format of the table is
+described above in the section entitled <i>Information about a pattern</i>
+<a href="#infoaboutpattern">above.</a>
+Given all the relevant entries for the name, you can extract each of their
+numbers, and hence the captured data, if any.
+</P>
+<br><a name="SEC21" href="#TOC1">FINDING ALL POSSIBLE MATCHES</a><br>
+<P>
+The traditional matching function uses a similar algorithm to Perl, which stops
+when it finds the first match, starting at a given point in the subject. If you
+want to find all possible matches, or the longest possible match, consider
+using the alternative matching function (see below) instead. If you cannot use
+the alternative function, but still need to find all possible matches, you
+can kludge it up by making use of the callout facility, which is described in
+the
+<a href="pcrecallout.html"><b>pcrecallout</b></a>
+documentation.
+</P>
+<P>
+What you have to do is to insert a callout right at the end of the pattern.
+When your callout function is called, extract and save the current matched
+substring. Then return 1, which forces <b>pcre_exec()</b> to backtrack and try
+other alternatives. Ultimately, when it runs out of matches, <b>pcre_exec()</b>
+will yield PCRE_ERROR_NOMATCH.
+</P>
+<br><a name="SEC22" href="#TOC1">OBTAINING AN ESTIMATE OF STACK USAGE</a><br>
+<P>
+Matching certain patterns using <b>pcre_exec()</b> can use a lot of process
+stack, which in certain environments can be rather limited in size. Some users
+find it helpful to have an estimate of the amount of stack that is used by
+<b>pcre_exec()</b>, to help them set recursion limits, as described in the
+<a href="pcrestack.html"><b>pcrestack</b></a>
+documentation. The estimate that is output by <b>pcretest</b> when called with
+the <b>-m</b> and <b>-C</b> options is obtained by calling <b>pcre_exec</b> with
+the values NULL, NULL, NULL, -999, and -999 for its first five arguments.
+</P>
+<P>
+Normally, if its first argument is NULL, <b>pcre_exec()</b> immediately returns
+the negative error code PCRE_ERROR_NULL, but with this special combination of
+arguments, it returns instead a negative number whose absolute value is the
+approximate stack frame size in bytes. (A negative number is used so that it is
+clear that no match has happened.) The value is approximate because in some
+cases, recursive calls to <b>pcre_exec()</b> occur when there are one or two
+additional variables on the stack.
+</P>
+<P>
+If PCRE has been compiled to use the heap instead of the stack for recursion,
+the value returned is the size of each block that is obtained from the heap.
+<a name="dfamatch"></a></P>
+<br><a name="SEC23" href="#TOC1">MATCHING A PATTERN: THE ALTERNATIVE FUNCTION</a><br>
+<P>
+<b>int pcre_dfa_exec(const pcre *<i>code</i>, const pcre_extra *<i>extra</i>,</b>
+<b>     const char *<i>subject</i>, int <i>length</i>, int <i>startoffset</i>,</b>
+<b>     int <i>options</i>, int *<i>ovector</i>, int <i>ovecsize</i>,</b>
+<b>     int *<i>workspace</i>, int <i>wscount</i>);</b>
+</P>
+<P>
+The function <b>pcre_dfa_exec()</b> is called to match a subject string against
+a compiled pattern, using a matching algorithm that scans the subject string
+just once, and does not backtrack. This has different characteristics to the
+normal algorithm, and is not compatible with Perl. Some of the features of PCRE
+patterns are not supported. Nevertheless, there are times when this kind of
+matching can be useful. For a discussion of the two matching algorithms, and a
+list of features that <b>pcre_dfa_exec()</b> does not support, see the
+<a href="pcrematching.html"><b>pcrematching</b></a>
+documentation.
+</P>
+<P>
+The arguments for the <b>pcre_dfa_exec()</b> function are the same as for
+<b>pcre_exec()</b>, plus two extras. The <i>ovector</i> argument is used in a
+different way, and this is described below. The other common arguments are used
+in the same way as for <b>pcre_exec()</b>, so their description is not repeated
+here.
+</P>
+<P>
+The two additional arguments provide workspace for the function. The workspace
+vector should contain at least 20 elements. It is used for keeping track of
+multiple paths through the pattern tree. More workspace will be needed for
+patterns and subjects where there are a lot of potential matches.
+</P>
+<P>
+Here is an example of a simple call to <b>pcre_dfa_exec()</b>:
+<pre>
+  int rc;
+  int ovector[10];
+  int wspace[20];
+  rc = pcre_dfa_exec(
+    re,             /* result of pcre_compile() */
+    NULL,           /* we didn't study the pattern */
+    "some string",  /* the subject string */
+    11,             /* the length of the subject string */
+    0,              /* start at offset 0 in the subject */
+    0,              /* default options */
+    ovector,        /* vector of integers for substring information */
+    10,             /* number of elements (NOT size in bytes) */
+    wspace,         /* working space vector */
+    20);            /* number of elements (NOT size in bytes) */
+</PRE>
+</P>
+<br><b>
+Option bits for <b>pcre_dfa_exec()</b>
+</b><br>
+<P>
+The unused bits of the <i>options</i> argument for <b>pcre_dfa_exec()</b> must be
+zero. The only bits that may be set are PCRE_ANCHORED, PCRE_NEWLINE_<i>xxx</i>,
+PCRE_NOTBOL, PCRE_NOTEOL, PCRE_NOTEMPTY, PCRE_NOTEMPTY_ATSTART,
+PCRE_NO_UTF8_CHECK, PCRE_BSR_ANYCRLF, PCRE_BSR_UNICODE, PCRE_NO_START_OPTIMIZE,
+PCRE_PARTIAL_HARD, PCRE_PARTIAL_SOFT, PCRE_DFA_SHORTEST, and PCRE_DFA_RESTART.
+All but the last four of these are exactly the same as for <b>pcre_exec()</b>,
+so their description is not repeated here.
+<pre>
+  PCRE_PARTIAL_HARD
+  PCRE_PARTIAL_SOFT
+</pre>
+These have the same general effect as they do for <b>pcre_exec()</b>, but the
+details are slightly different. When PCRE_PARTIAL_HARD is set for
+<b>pcre_dfa_exec()</b>, it returns PCRE_ERROR_PARTIAL if the end of the subject
+is reached and there is still at least one matching possibility that requires
+additional characters. This happens even if some complete matches have also
+been found. When PCRE_PARTIAL_SOFT is set, the return code PCRE_ERROR_NOMATCH
+is converted into PCRE_ERROR_PARTIAL if the end of the subject is reached,
+there have been no complete matches, but there is still at least one matching
+possibility. The portion of the string that was inspected when the longest
+partial match was found is set as the first matching string in both cases.
+There is a more detailed discussion of partial and multi-segment matching, with
+examples, in the
+<a href="pcrepartial.html"><b>pcrepartial</b></a>
+documentation.
+<pre>
+  PCRE_DFA_SHORTEST
+</pre>
+Setting the PCRE_DFA_SHORTEST option causes the matching algorithm to stop as
+soon as it has found one match. Because of the way the alternative algorithm
+works, this is necessarily the shortest possible match at the first possible
+matching point in the subject string.
+<pre>
+  PCRE_DFA_RESTART
+</pre>
+When <b>pcre_dfa_exec()</b> returns a partial match, it is possible to call it
+again, with additional subject characters, and have it continue with the same
+match. The PCRE_DFA_RESTART option requests this action; when it is set, the
+<i>workspace</i> and <i>wscount</i> options must reference the same vector as
+before because data about the match so far is left in them after a partial
+match. There is more discussion of this facility in the
+<a href="pcrepartial.html"><b>pcrepartial</b></a>
+documentation.
+</P>
+<br><b>
+Successful returns from <b>pcre_dfa_exec()</b>
+</b><br>
+<P>
+When <b>pcre_dfa_exec()</b> succeeds, it may have matched more than one
+substring in the subject. Note, however, that all the matches from one run of
+the function start at the same point in the subject. The shorter matches are
+all initial substrings of the longer matches. For example, if the pattern
+<pre>
+  &#60;.*&#62;
+</pre>
+is matched against the string
+<pre>
+  This is &#60;something&#62; &#60;something else&#62; &#60;something further&#62; no more
+</pre>
+the three matched strings are
+<pre>
+  &#60;something&#62;
+  &#60;something&#62; &#60;something else&#62;
+  &#60;something&#62; &#60;something else&#62; &#60;something further&#62;
+</pre>
+On success, the yield of the function is a number greater than zero, which is
+the number of matched substrings. The substrings themselves are returned in
+<i>ovector</i>. Each string uses two elements; the first is the offset to the
+start, and the second is the offset to the end. In fact, all the strings have
+the same start offset. (Space could have been saved by giving this only once,
+but it was decided to retain some compatibility with the way <b>pcre_exec()</b>
+returns data, even though the meaning of the strings is different.)
+</P>
+<P>
+The strings are returned in reverse order of length; that is, the longest
+matching string is given first. If there were too many matches to fit into
+<i>ovector</i>, the yield of the function is zero, and the vector is filled with
+the longest matches. Unlike <b>pcre_exec()</b>, <b>pcre_dfa_exec()</b> can use
+the entire <i>ovector</i> for returning matched strings.
+</P>
+<P>
+NOTE: PCRE's "auto-possessification" optimization usually applies to character
+repeats at the end of a pattern (as well as internally). For example, the
+pattern "a\d+" is compiled as if it were "a\d++" because there is no point
+even considering the possibility of backtracking into the repeated digits. For
+DFA matching, this means that only one possible match is found. If you really
+do want multiple matches in such cases, either use an ungreedy repeat
+("a\d+?") or set the PCRE_NO_AUTO_POSSESS option when compiling.
+</P>
+<br><b>
+Error returns from <b>pcre_dfa_exec()</b>
+</b><br>
+<P>
+The <b>pcre_dfa_exec()</b> function returns a negative number when it fails.
+Many of the errors are the same as for <b>pcre_exec()</b>, and these are
+described
+<a href="#errorlist">above.</a>
+There are in addition the following errors that are specific to
+<b>pcre_dfa_exec()</b>:
+<pre>
+  PCRE_ERROR_DFA_UITEM      (-16)
+</pre>
+This return is given if <b>pcre_dfa_exec()</b> encounters an item in the pattern
+that it does not support, for instance, the use of \C or a back reference.
+<pre>
+  PCRE_ERROR_DFA_UCOND      (-17)
+</pre>
+This return is given if <b>pcre_dfa_exec()</b> encounters a condition item that
+uses a back reference for the condition, or a test for recursion in a specific
+group. These are not supported.
+<pre>
+  PCRE_ERROR_DFA_UMLIMIT    (-18)
+</pre>
+This return is given if <b>pcre_dfa_exec()</b> is called with an <i>extra</i>
+block that contains a setting of the <i>match_limit</i> or
+<i>match_limit_recursion</i> fields. This is not supported (these fields are
+meaningless for DFA matching).
+<pre>
+  PCRE_ERROR_DFA_WSSIZE     (-19)
+</pre>
+This return is given if <b>pcre_dfa_exec()</b> runs out of space in the
+<i>workspace</i> vector.
+<pre>
+  PCRE_ERROR_DFA_RECURSE    (-20)
+</pre>
+When a recursive subpattern is processed, the matching function calls itself
+recursively, using private vectors for <i>ovector</i> and <i>workspace</i>. This
+error is given if the output vector is not large enough. This should be
+extremely rare, as a vector of size 1000 is used.
+<pre>
+  PCRE_ERROR_DFA_BADRESTART (-30)
+</pre>
+When <b>pcre_dfa_exec()</b> is called with the <b>PCRE_DFA_RESTART</b> option,
+some plausibility checks are made on the contents of the workspace, which
+should contain data about the previous partial match. If any of these checks
+fail, this error is given.
+</P>
+<br><a name="SEC24" href="#TOC1">SEE ALSO</a><br>
+<P>
+<b>pcre16</b>(3), <b>pcre32</b>(3), <b>pcrebuild</b>(3), <b>pcrecallout</b>(3),
+<b>pcrecpp(3)</b>(3), <b>pcrematching</b>(3), <b>pcrepartial</b>(3),
+<b>pcreposix</b>(3), <b>pcreprecompile</b>(3), <b>pcresample</b>(3),
+<b>pcrestack</b>(3).
+</P>
+<br><a name="SEC25" href="#TOC1">AUTHOR</a><br>
+<P>
+Philip Hazel
+<br>
+University Computing Service
+<br>
+Cambridge CB2 3QH, England.
+<br>
+</P>
+<br><a name="SEC26" href="#TOC1">REVISION</a><br>
+<P>
+Last updated: 18 December 2015
+<br>
+Copyright &copy; 1997-2015 University of Cambridge.
+<br>
+<p>
+Return to the <a href="index.html">PCRE index page</a>.
+</p>
diff --git a/client/3rd/ShadowSocks/ShadowSocks/pcre/arm64/share/doc/pcre/html/pcrebuild.html b/client/3rd/ShadowSocks/ShadowSocks/pcre/arm64/share/doc/pcre/html/pcrebuild.html
new file mode 100644
index 00000000..03c8cbe0
--- /dev/null
+++ b/client/3rd/ShadowSocks/ShadowSocks/pcre/arm64/share/doc/pcre/html/pcrebuild.html
@@ -0,0 +1,534 @@
+<html>
+<head>
+<title>pcrebuild specification</title>
+</head>
+<body bgcolor="#FFFFFF" text="#00005A" link="#0066FF" alink="#3399FF" vlink="#2222BB">
+<h1>pcrebuild man page</h1>
+<p>
+Return to the <a href="index.html">PCRE index page</a>.
+</p>
+<p>
+This page is part of the PCRE HTML documentation. It was generated automatically
+from the original man page. If there is any nonsense in it, please consult the
+man page, in case the conversion went wrong.
+<br>
+<ul>
+<li><a name="TOC1" href="#SEC1">BUILDING PCRE</a>
+<li><a name="TOC2" href="#SEC2">PCRE BUILD-TIME OPTIONS</a>
+<li><a name="TOC3" href="#SEC3">BUILDING 8-BIT, 16-BIT AND 32-BIT LIBRARIES</a>
+<li><a name="TOC4" href="#SEC4">BUILDING SHARED AND STATIC LIBRARIES</a>
+<li><a name="TOC5" href="#SEC5">C++ SUPPORT</a>
+<li><a name="TOC6" href="#SEC6">UTF-8, UTF-16 AND UTF-32 SUPPORT</a>
+<li><a name="TOC7" href="#SEC7">UNICODE CHARACTER PROPERTY SUPPORT</a>
+<li><a name="TOC8" href="#SEC8">JUST-IN-TIME COMPILER SUPPORT</a>
+<li><a name="TOC9" href="#SEC9">CODE VALUE OF NEWLINE</a>
+<li><a name="TOC10" href="#SEC10">WHAT \R MATCHES</a>
+<li><a name="TOC11" href="#SEC11">POSIX MALLOC USAGE</a>
+<li><a name="TOC12" href="#SEC12">HANDLING VERY LARGE PATTERNS</a>
+<li><a name="TOC13" href="#SEC13">AVOIDING EXCESSIVE STACK USAGE</a>
+<li><a name="TOC14" href="#SEC14">LIMITING PCRE RESOURCE USAGE</a>
+<li><a name="TOC15" href="#SEC15">CREATING CHARACTER TABLES AT BUILD TIME</a>
+<li><a name="TOC16" href="#SEC16">USING EBCDIC CODE</a>
+<li><a name="TOC17" href="#SEC17">PCREGREP OPTIONS FOR COMPRESSED FILE SUPPORT</a>
+<li><a name="TOC18" href="#SEC18">PCREGREP BUFFER SIZE</a>
+<li><a name="TOC19" href="#SEC19">PCRETEST OPTION FOR LIBREADLINE SUPPORT</a>
+<li><a name="TOC20" href="#SEC20">DEBUGGING WITH VALGRIND SUPPORT</a>
+<li><a name="TOC21" href="#SEC21">CODE COVERAGE REPORTING</a>
+<li><a name="TOC22" href="#SEC22">SEE ALSO</a>
+<li><a name="TOC23" href="#SEC23">AUTHOR</a>
+<li><a name="TOC24" href="#SEC24">REVISION</a>
+</ul>
+<br><a name="SEC1" href="#TOC1">BUILDING PCRE</a><br>
+<P>
+PCRE is distributed with a <b>configure</b> script that can be used to build the
+library in Unix-like environments using the applications known as Autotools.
+Also in the distribution are files to support building using <b>CMake</b>
+instead of <b>configure</b>. The text file
+<a href="README.txt"><b>README</b></a>
+contains general information about building with Autotools (some of which is
+repeated below), and also has some comments about building on various operating
+systems. There is a lot more information about building PCRE without using
+Autotools (including information about using <b>CMake</b> and building "by
+hand") in the text file called
+<a href="NON-AUTOTOOLS-BUILD.txt"><b>NON-AUTOTOOLS-BUILD</b>.</a>
+You should consult this file as well as the
+<a href="README.txt"><b>README</b></a>
+file if you are building in a non-Unix-like environment.
+</P>
+<br><a name="SEC2" href="#TOC1">PCRE BUILD-TIME OPTIONS</a><br>
+<P>
+The rest of this document describes the optional features of PCRE that can be
+selected when the library is compiled. It assumes use of the <b>configure</b>
+script, where the optional features are selected or deselected by providing
+options to <b>configure</b> before running the <b>make</b> command. However, the
+same options can be selected in both Unix-like and non-Unix-like environments
+using the GUI facility of <b>cmake-gui</b> if you are using <b>CMake</b> instead
+of <b>configure</b> to build PCRE.
+</P>
+<P>
+If you are not using Autotools or <b>CMake</b>, option selection can be done by
+editing the <b>config.h</b> file, or by passing parameter settings to the
+compiler, as described in
+<a href="NON-AUTOTOOLS-BUILD.txt"><b>NON-AUTOTOOLS-BUILD</b>.</a>
+</P>
+<P>
+The complete list of options for <b>configure</b> (which includes the standard
+ones such as the selection of the installation directory) can be obtained by
+running
+<pre>
+  ./configure --help
+</pre>
+The following sections include descriptions of options whose names begin with
+--enable or --disable. These settings specify changes to the defaults for the
+<b>configure</b> command. Because of the way that <b>configure</b> works,
+--enable and --disable always come in pairs, so the complementary option always
+exists as well, but as it specifies the default, it is not described.
+</P>
+<br><a name="SEC3" href="#TOC1">BUILDING 8-BIT, 16-BIT AND 32-BIT LIBRARIES</a><br>
+<P>
+By default, a library called <b>libpcre</b> is built, containing functions that
+take string arguments contained in vectors of bytes, either as single-byte
+characters, or interpreted as UTF-8 strings. You can also build a separate
+library, called <b>libpcre16</b>, in which strings are contained in vectors of
+16-bit data units and interpreted either as single-unit characters or UTF-16
+strings, by adding
+<pre>
+  --enable-pcre16
+</pre>
+to the <b>configure</b> command. You can also build yet another separate
+library, called <b>libpcre32</b>, in which strings are contained in vectors of
+32-bit data units and interpreted either as single-unit characters or UTF-32
+strings, by adding
+<pre>
+  --enable-pcre32
+</pre>
+to the <b>configure</b> command. If you do not want the 8-bit library, add
+<pre>
+  --disable-pcre8
+</pre>
+as well. At least one of the three libraries must be built. Note that the C++
+and POSIX wrappers are for the 8-bit library only, and that <b>pcregrep</b> is
+an 8-bit program. None of these are built if you select only the 16-bit or
+32-bit libraries.
+</P>
+<br><a name="SEC4" href="#TOC1">BUILDING SHARED AND STATIC LIBRARIES</a><br>
+<P>
+The Autotools PCRE building process uses <b>libtool</b> to build both shared and
+static libraries by default. You can suppress one of these by adding one of
+<pre>
+  --disable-shared
+  --disable-static
+</pre>
+to the <b>configure</b> command, as required.
+</P>
+<br><a name="SEC5" href="#TOC1">C++ SUPPORT</a><br>
+<P>
+By default, if the 8-bit library is being built, the <b>configure</b> script
+will search for a C++ compiler and C++ header files. If it finds them, it
+automatically builds the C++ wrapper library (which supports only 8-bit
+strings). You can disable this by adding
+<pre>
+  --disable-cpp
+</pre>
+to the <b>configure</b> command.
+</P>
+<br><a name="SEC6" href="#TOC1">UTF-8, UTF-16 AND UTF-32 SUPPORT</a><br>
+<P>
+To build PCRE with support for UTF Unicode character strings, add
+<pre>
+  --enable-utf
+</pre>
+to the <b>configure</b> command. This setting applies to all three libraries,
+adding support for UTF-8 to the 8-bit library, support for UTF-16 to the 16-bit
+library, and support for UTF-32 to the to the 32-bit library. There are no
+separate options for enabling UTF-8, UTF-16 and UTF-32 independently because
+that would allow ridiculous settings such as requesting UTF-16 support while
+building only the 8-bit library. It is not possible to build one library with
+UTF support and another without in the same configuration. (For backwards
+compatibility, --enable-utf8 is a synonym of --enable-utf.)
+</P>
+<P>
+Of itself, this setting does not make PCRE treat strings as UTF-8, UTF-16 or
+UTF-32. As well as compiling PCRE with this option, you also have have to set
+the PCRE_UTF8, PCRE_UTF16 or PCRE_UTF32 option (as appropriate) when you call
+one of the pattern compiling functions.
+</P>
+<P>
+If you set --enable-utf when compiling in an EBCDIC environment, PCRE expects
+its input to be either ASCII or UTF-8 (depending on the run-time option). It is
+not possible to support both EBCDIC and UTF-8 codes in the same version of the
+library. Consequently, --enable-utf and --enable-ebcdic are mutually
+exclusive.
+</P>
+<br><a name="SEC7" href="#TOC1">UNICODE CHARACTER PROPERTY SUPPORT</a><br>
+<P>
+UTF support allows the libraries to process character codepoints up to 0x10ffff
+in the strings that they handle. On its own, however, it does not provide any
+facilities for accessing the properties of such characters. If you want to be
+able to use the pattern escapes \P, \p, and \X, which refer to Unicode
+character properties, you must add
+<pre>
+  --enable-unicode-properties
+</pre>
+to the <b>configure</b> command. This implies UTF support, even if you have
+not explicitly requested it.
+</P>
+<P>
+Including Unicode property support adds around 30K of tables to the PCRE
+library. Only the general category properties such as <i>Lu</i> and <i>Nd</i> are
+supported. Details are given in the
+<a href="pcrepattern.html"><b>pcrepattern</b></a>
+documentation.
+</P>
+<br><a name="SEC8" href="#TOC1">JUST-IN-TIME COMPILER SUPPORT</a><br>
+<P>
+Just-in-time compiler support is included in the build by specifying
+<pre>
+  --enable-jit
+</pre>
+This support is available only for certain hardware architectures. If this
+option is set for an unsupported architecture, a compile time error occurs.
+See the
+<a href="pcrejit.html"><b>pcrejit</b></a>
+documentation for a discussion of JIT usage. When JIT support is enabled,
+pcregrep automatically makes use of it, unless you add
+<pre>
+  --disable-pcregrep-jit
+</pre>
+to the "configure" command.
+</P>
+<br><a name="SEC9" href="#TOC1">CODE VALUE OF NEWLINE</a><br>
+<P>
+By default, PCRE interprets the linefeed (LF) character as indicating the end
+of a line. This is the normal newline character on Unix-like systems. You can
+compile PCRE to use carriage return (CR) instead, by adding
+<pre>
+  --enable-newline-is-cr
+</pre>
+to the <b>configure</b> command. There is also a --enable-newline-is-lf option,
+which explicitly specifies linefeed as the newline character.
+<br>
+<br>
+Alternatively, you can specify that line endings are to be indicated by the two
+character sequence CRLF. If you want this, add
+<pre>
+  --enable-newline-is-crlf
+</pre>
+to the <b>configure</b> command. There is a fourth option, specified by
+<pre>
+  --enable-newline-is-anycrlf
+</pre>
+which causes PCRE to recognize any of the three sequences CR, LF, or CRLF as
+indicating a line ending. Finally, a fifth option, specified by
+<pre>
+  --enable-newline-is-any
+</pre>
+causes PCRE to recognize any Unicode newline sequence.
+</P>
+<P>
+Whatever line ending convention is selected when PCRE is built can be
+overridden when the library functions are called. At build time it is
+conventional to use the standard for your operating system.
+</P>
+<br><a name="SEC10" href="#TOC1">WHAT \R MATCHES</a><br>
+<P>
+By default, the sequence \R in a pattern matches any Unicode newline sequence,
+whatever has been selected as the line ending sequence. If you specify
+<pre>
+  --enable-bsr-anycrlf
+</pre>
+the default is changed so that \R matches only CR, LF, or CRLF. Whatever is
+selected when PCRE is built can be overridden when the library functions are
+called.
+</P>
+<br><a name="SEC11" href="#TOC1">POSIX MALLOC USAGE</a><br>
+<P>
+When the 8-bit library is called through the POSIX interface (see the
+<a href="pcreposix.html"><b>pcreposix</b></a>
+documentation), additional working storage is required for holding the pointers
+to capturing substrings, because PCRE requires three integers per substring,
+whereas the POSIX interface provides only two. If the number of expected
+substrings is small, the wrapper function uses space on the stack, because this
+is faster than using <b>malloc()</b> for each call. The default threshold above
+which the stack is no longer used is 10; it can be changed by adding a setting
+such as
+<pre>
+  --with-posix-malloc-threshold=20
+</pre>
+to the <b>configure</b> command.
+</P>
+<br><a name="SEC12" href="#TOC1">HANDLING VERY LARGE PATTERNS</a><br>
+<P>
+Within a compiled pattern, offset values are used to point from one part to
+another (for example, from an opening parenthesis to an alternation
+metacharacter). By default, in the 8-bit and 16-bit libraries, two-byte values
+are used for these offsets, leading to a maximum size for a compiled pattern of
+around 64K. This is sufficient to handle all but the most gigantic patterns.
+Nevertheless, some people do want to process truly enormous patterns, so it is
+possible to compile PCRE to use three-byte or four-byte offsets by adding a
+setting such as
+<pre>
+  --with-link-size=3
+</pre>
+to the <b>configure</b> command. The value given must be 2, 3, or 4. For the
+16-bit library, a value of 3 is rounded up to 4. In these libraries, using
+longer offsets slows down the operation of PCRE because it has to load
+additional data when handling them. For the 32-bit library the value is always
+4 and cannot be overridden; the value of --with-link-size is ignored.
+</P>
+<br><a name="SEC13" href="#TOC1">AVOIDING EXCESSIVE STACK USAGE</a><br>
+<P>
+When matching with the <b>pcre_exec()</b> function, PCRE implements backtracking
+by making recursive calls to an internal function called <b>match()</b>. In
+environments where the size of the stack is limited, this can severely limit
+PCRE's operation. (The Unix environment does not usually suffer from this
+problem, but it may sometimes be necessary to increase the maximum stack size.
+There is a discussion in the
+<a href="pcrestack.html"><b>pcrestack</b></a>
+documentation.) An alternative approach to recursion that uses memory from the
+heap to remember data, instead of using recursive function calls, has been
+implemented to work round the problem of limited stack size. If you want to
+build a version of PCRE that works this way, add
+<pre>
+  --disable-stack-for-recursion
+</pre>
+to the <b>configure</b> command. With this configuration, PCRE will use the
+<b>pcre_stack_malloc</b> and <b>pcre_stack_free</b> variables to call memory
+management functions. By default these point to <b>malloc()</b> and
+<b>free()</b>, but you can replace the pointers so that your own functions are
+used instead.
+</P>
+<P>
+Separate functions are provided rather than using <b>pcre_malloc</b> and
+<b>pcre_free</b> because the usage is very predictable: the block sizes
+requested are always the same, and the blocks are always freed in reverse
+order. A calling program might be able to implement optimized functions that
+perform better than <b>malloc()</b> and <b>free()</b>. PCRE runs noticeably more
+slowly when built in this way. This option affects only the <b>pcre_exec()</b>
+function; it is not relevant for <b>pcre_dfa_exec()</b>.
+</P>
+<br><a name="SEC14" href="#TOC1">LIMITING PCRE RESOURCE USAGE</a><br>
+<P>
+Internally, PCRE has a function called <b>match()</b>, which it calls repeatedly
+(sometimes recursively) when matching a pattern with the <b>pcre_exec()</b>
+function. By controlling the maximum number of times this function may be
+called during a single matching operation, a limit can be placed on the
+resources used by a single call to <b>pcre_exec()</b>. The limit can be changed
+at run time, as described in the
+<a href="pcreapi.html"><b>pcreapi</b></a>
+documentation. The default is 10 million, but this can be changed by adding a
+setting such as
+<pre>
+  --with-match-limit=500000
+</pre>
+to the <b>configure</b> command. This setting has no effect on the
+<b>pcre_dfa_exec()</b> matching function.
+</P>
+<P>
+In some environments it is desirable to limit the depth of recursive calls of
+<b>match()</b> more strictly than the total number of calls, in order to
+restrict the maximum amount of stack (or heap, if --disable-stack-for-recursion
+is specified) that is used. A second limit controls this; it defaults to the
+value that is set for --with-match-limit, which imposes no additional
+constraints. However, you can set a lower limit by adding, for example,
+<pre>
+  --with-match-limit-recursion=10000
+</pre>
+to the <b>configure</b> command. This value can also be overridden at run time.
+</P>
+<br><a name="SEC15" href="#TOC1">CREATING CHARACTER TABLES AT BUILD TIME</a><br>
+<P>
+PCRE uses fixed tables for processing characters whose code values are less
+than 256. By default, PCRE is built with a set of tables that are distributed
+in the file <i>pcre_chartables.c.dist</i>. These tables are for ASCII codes
+only. If you add
+<pre>
+  --enable-rebuild-chartables
+</pre>
+to the <b>configure</b> command, the distributed tables are no longer used.
+Instead, a program called <b>dftables</b> is compiled and run. This outputs the
+source for new set of tables, created in the default locale of your C run-time
+system. (This method of replacing the tables does not work if you are cross
+compiling, because <b>dftables</b> is run on the local host. If you need to
+create alternative tables when cross compiling, you will have to do so "by
+hand".)
+</P>
+<br><a name="SEC16" href="#TOC1">USING EBCDIC CODE</a><br>
+<P>
+PCRE assumes by default that it will run in an environment where the character
+code is ASCII (or Unicode, which is a superset of ASCII). This is the case for
+most computer operating systems. PCRE can, however, be compiled to run in an
+EBCDIC environment by adding
+<pre>
+  --enable-ebcdic
+</pre>
+to the <b>configure</b> command. This setting implies
+--enable-rebuild-chartables. You should only use it if you know that you are in
+an EBCDIC environment (for example, an IBM mainframe operating system). The
+--enable-ebcdic option is incompatible with --enable-utf.
+</P>
+<P>
+The EBCDIC character that corresponds to an ASCII LF is assumed to have the
+value 0x15 by default. However, in some EBCDIC environments, 0x25 is used. In
+such an environment you should use
+<pre>
+  --enable-ebcdic-nl25
+</pre>
+as well as, or instead of, --enable-ebcdic. The EBCDIC character for CR has the
+same value as in ASCII, namely, 0x0d. Whichever of 0x15 and 0x25 is <i>not</i>
+chosen as LF is made to correspond to the Unicode NEL character (which, in
+Unicode, is 0x85).
+</P>
+<P>
+The options that select newline behaviour, such as --enable-newline-is-cr,
+and equivalent run-time options, refer to these character values in an EBCDIC
+environment.
+</P>
+<br><a name="SEC17" href="#TOC1">PCREGREP OPTIONS FOR COMPRESSED FILE SUPPORT</a><br>
+<P>
+By default, <b>pcregrep</b> reads all files as plain text. You can build it so
+that it recognizes files whose names end in <b>.gz</b> or <b>.bz2</b>, and reads
+them with <b>libz</b> or <b>libbz2</b>, respectively, by adding one or both of
+<pre>
+  --enable-pcregrep-libz
+  --enable-pcregrep-libbz2
+</pre>
+to the <b>configure</b> command. These options naturally require that the
+relevant libraries are installed on your system. Configuration will fail if
+they are not.
+</P>
+<br><a name="SEC18" href="#TOC1">PCREGREP BUFFER SIZE</a><br>
+<P>
+<b>pcregrep</b> uses an internal buffer to hold a "window" on the file it is
+scanning, in order to be able to output "before" and "after" lines when it
+finds a match. The size of the buffer is controlled by a parameter whose
+default value is 20K. The buffer itself is three times this size, but because
+of the way it is used for holding "before" lines, the longest line that is
+guaranteed to be processable is the parameter size. You can change the default
+parameter value by adding, for example,
+<pre>
+  --with-pcregrep-bufsize=50K
+</pre>
+to the <b>configure</b> command. The caller of \fPpcregrep\fP can, however,
+override this value by specifying a run-time option.
+</P>
+<br><a name="SEC19" href="#TOC1">PCRETEST OPTION FOR LIBREADLINE SUPPORT</a><br>
+<P>
+If you add
+<pre>
+  --enable-pcretest-libreadline
+</pre>
+to the <b>configure</b> command, <b>pcretest</b> is linked with the
+<b>libreadline</b> library, and when its input is from a terminal, it reads it
+using the <b>readline()</b> function. This provides line-editing and history
+facilities. Note that <b>libreadline</b> is GPL-licensed, so if you distribute a
+binary of <b>pcretest</b> linked in this way, there may be licensing issues.
+</P>
+<P>
+Setting this option causes the <b>-lreadline</b> option to be added to the
+<b>pcretest</b> build. In many operating environments with a sytem-installed
+<b>libreadline</b> this is sufficient. However, in some environments (e.g.
+if an unmodified distribution version of readline is in use), some extra
+configuration may be necessary. The INSTALL file for <b>libreadline</b> says
+this:
+<pre>
+  "Readline uses the termcap functions, but does not link with the
+  termcap or curses library itself, allowing applications which link
+  with readline the to choose an appropriate library."
+</pre>
+If your environment has not been set up so that an appropriate library is
+automatically included, you may need to add something like
+<pre>
+  LIBS="-ncurses"
+</pre>
+immediately before the <b>configure</b> command.
+</P>
+<br><a name="SEC20" href="#TOC1">DEBUGGING WITH VALGRIND SUPPORT</a><br>
+<P>
+By adding the
+<pre>
+  --enable-valgrind
+</pre>
+option to to the <b>configure</b> command, PCRE will use valgrind annotations
+to mark certain memory regions as unaddressable. This allows it to detect
+invalid memory accesses, and is mostly useful for debugging PCRE itself.
+</P>
+<br><a name="SEC21" href="#TOC1">CODE COVERAGE REPORTING</a><br>
+<P>
+If your C compiler is gcc, you can build a version of PCRE that can generate a
+code coverage report for its test suite. To enable this, you must install
+<b>lcov</b> version 1.6 or above. Then specify
+<pre>
+  --enable-coverage
+</pre>
+to the <b>configure</b> command and build PCRE in the usual way.
+</P>
+<P>
+Note that using <b>ccache</b> (a caching C compiler) is incompatible with code
+coverage reporting. If you have configured <b>ccache</b> to run automatically
+on your system, you must set the environment variable
+<pre>
+  CCACHE_DISABLE=1
+</pre>
+before running <b>make</b> to build PCRE, so that <b>ccache</b> is not used.
+</P>
+<P>
+When --enable-coverage is used, the following addition targets are added to the
+<i>Makefile</i>:
+<pre>
+  make coverage
+</pre>
+This creates a fresh coverage report for the PCRE test suite. It is equivalent
+to running "make coverage-reset", "make coverage-baseline", "make check", and
+then "make coverage-report".
+<pre>
+  make coverage-reset
+</pre>
+This zeroes the coverage counters, but does nothing else.
+<pre>
+  make coverage-baseline
+</pre>
+This captures baseline coverage information.
+<pre>
+  make coverage-report
+</pre>
+This creates the coverage report.
+<pre>
+  make coverage-clean-report
+</pre>
+This removes the generated coverage report without cleaning the coverage data
+itself.
+<pre>
+  make coverage-clean-data
+</pre>
+This removes the captured coverage data without removing the coverage files
+created at compile time (*.gcno).
+<pre>
+  make coverage-clean
+</pre>
+This cleans all coverage data including the generated coverage report. For more
+information about code coverage, see the <b>gcov</b> and <b>lcov</b>
+documentation.
+</P>
+<br><a name="SEC22" href="#TOC1">SEE ALSO</a><br>
+<P>
+<b>pcreapi</b>(3), <b>pcre16</b>, <b>pcre32</b>, <b>pcre_config</b>(3).
+</P>
+<br><a name="SEC23" href="#TOC1">AUTHOR</a><br>
+<P>
+Philip Hazel
+<br>
+University Computing Service
+<br>
+Cambridge CB2 3QH, England.
+<br>
+</P>
+<br><a name="SEC24" href="#TOC1">REVISION</a><br>
+<P>
+Last updated: 12 May 2013
+<br>
+Copyright &copy; 1997-2013 University of Cambridge.
+<br>
+<p>
+Return to the <a href="index.html">PCRE index page</a>.
+</p>
diff --git a/client/3rd/ShadowSocks/ShadowSocks/pcre/arm64/share/doc/pcre/html/pcrecallout.html b/client/3rd/ShadowSocks/ShadowSocks/pcre/arm64/share/doc/pcre/html/pcrecallout.html
new file mode 100644
index 00000000..53a937f5
--- /dev/null
+++ b/client/3rd/ShadowSocks/ShadowSocks/pcre/arm64/share/doc/pcre/html/pcrecallout.html
@@ -0,0 +1,286 @@
+<html>
+<head>
+<title>pcrecallout specification</title>
+</head>
+<body bgcolor="#FFFFFF" text="#00005A" link="#0066FF" alink="#3399FF" vlink="#2222BB">
+<h1>pcrecallout man page</h1>
+<p>
+Return to the <a href="index.html">PCRE index page</a>.
+</p>
+<p>
+This page is part of the PCRE HTML documentation. It was generated automatically
+from the original man page. If there is any nonsense in it, please consult the
+man page, in case the conversion went wrong.
+<br>
+<ul>
+<li><a name="TOC1" href="#SEC1">SYNOPSIS</a>
+<li><a name="TOC2" href="#SEC2">DESCRIPTION</a>
+<li><a name="TOC3" href="#SEC3">MISSING CALLOUTS</a>
+<li><a name="TOC4" href="#SEC4">THE CALLOUT INTERFACE</a>
+<li><a name="TOC5" href="#SEC5">RETURN VALUES</a>
+<li><a name="TOC6" href="#SEC6">AUTHOR</a>
+<li><a name="TOC7" href="#SEC7">REVISION</a>
+</ul>
+<br><a name="SEC1" href="#TOC1">SYNOPSIS</a><br>
+<P>
+<b>#include &#60;pcre.h&#62;</b>
+</P>
+<P>
+<b>int (*pcre_callout)(pcre_callout_block *);</b>
+</P>
+<P>
+<b>int (*pcre16_callout)(pcre16_callout_block *);</b>
+</P>
+<P>
+<b>int (*pcre32_callout)(pcre32_callout_block *);</b>
+</P>
+<br><a name="SEC2" href="#TOC1">DESCRIPTION</a><br>
+<P>
+PCRE provides a feature called "callout", which is a means of temporarily
+passing control to the caller of PCRE in the middle of pattern matching. The
+caller of PCRE provides an external function by putting its entry point in the
+global variable <i>pcre_callout</i> (<i>pcre16_callout</i> for the 16-bit
+library, <i>pcre32_callout</i> for the 32-bit library). By default, this
+variable contains NULL, which disables all calling out.
+</P>
+<P>
+Within a regular expression, (?C) indicates the points at which the external
+function is to be called. Different callout points can be identified by putting
+a number less than 256 after the letter C. The default value is zero.
+For example, this pattern has two callout points:
+<pre>
+  (?C1)abc(?C2)def
+</pre>
+If the PCRE_AUTO_CALLOUT option bit is set when a pattern is compiled, PCRE
+automatically inserts callouts, all with number 255, before each item in the
+pattern. For example, if PCRE_AUTO_CALLOUT is used with the pattern
+<pre>
+  A(\d{2}|--)
+</pre>
+it is processed as if it were
+<br>
+<br>
+(?C255)A(?C255)((?C255)\d{2}(?C255)|(?C255)-(?C255)-(?C255))(?C255)
+<br>
+<br>
+Notice that there is a callout before and after each parenthesis and
+alternation bar. If the pattern contains a conditional group whose condition is
+an assertion, an automatic callout is inserted immediately before the
+condition. Such a callout may also be inserted explicitly, for example:
+<pre>
+  (?(?C9)(?=a)ab|de)
+</pre>
+This applies only to assertion conditions (because they are themselves
+independent groups).
+</P>
+<P>
+Automatic callouts can be used for tracking the progress of pattern matching.
+The
+<a href="pcretest.html"><b>pcretest</b></a>
+program has a pattern qualifier (/C) that sets automatic callouts; when it is
+used, the output indicates how the pattern is being matched. This is useful
+information when you are trying to optimize the performance of a particular
+pattern.
+</P>
+<br><a name="SEC3" href="#TOC1">MISSING CALLOUTS</a><br>
+<P>
+You should be aware that, because of optimizations in the way PCRE compiles and
+matches patterns, callouts sometimes do not happen exactly as you might expect.
+</P>
+<P>
+At compile time, PCRE "auto-possessifies" repeated items when it knows that
+what follows cannot be part of the repeat. For example, a+[bc] is compiled as
+if it were a++[bc]. The <b>pcretest</b> output when this pattern is anchored and
+then applied with automatic callouts to the string "aaaa" is:
+<pre>
+  ---&#62;aaaa
+   +0 ^        ^
+   +1 ^        a+
+   +3 ^   ^    [bc]
+  No match
+</pre>
+This indicates that when matching [bc] fails, there is no backtracking into a+
+and therefore the callouts that would be taken for the backtracks do not occur.
+You can disable the auto-possessify feature by passing PCRE_NO_AUTO_POSSESS
+to <b>pcre_compile()</b>, or starting the pattern with (*NO_AUTO_POSSESS). If
+this is done in <b>pcretest</b> (using the /O qualifier), the output changes to
+this:
+<pre>
+  ---&#62;aaaa
+   +0 ^        ^
+   +1 ^        a+
+   +3 ^   ^    [bc]
+   +3 ^  ^     [bc]
+   +3 ^ ^      [bc]
+   +3 ^^       [bc]
+  No match
+</pre>
+This time, when matching [bc] fails, the matcher backtracks into a+ and tries
+again, repeatedly, until a+ itself fails.
+</P>
+<P>
+Other optimizations that provide fast "no match" results also affect callouts.
+For example, if the pattern is
+<pre>
+  ab(?C4)cd
+</pre>
+PCRE knows that any matching string must contain the letter "d". If the subject
+string is "abyz", the lack of "d" means that matching doesn't ever start, and
+the callout is never reached. However, with "abyd", though the result is still
+no match, the callout is obeyed.
+</P>
+<P>
+If the pattern is studied, PCRE knows the minimum length of a matching string,
+and will immediately give a "no match" return without actually running a match
+if the subject is not long enough, or, for unanchored patterns, if it has
+been scanned far enough.
+</P>
+<P>
+You can disable these optimizations by passing the PCRE_NO_START_OPTIMIZE
+option to the matching function, or by starting the pattern with
+(*NO_START_OPT). This slows down the matching process, but does ensure that
+callouts such as the example above are obeyed.
+</P>
+<br><a name="SEC4" href="#TOC1">THE CALLOUT INTERFACE</a><br>
+<P>
+During matching, when PCRE reaches a callout point, the external function
+defined by <i>pcre_callout</i> or <i>pcre[16|32]_callout</i> is called (if it is
+set). This applies to both normal and DFA matching. The only argument to the
+callout function is a pointer to a <b>pcre_callout</b> or
+<b>pcre[16|32]_callout</b> block. These structures contains the following
+fields:
+<pre>
+  int           <i>version</i>;
+  int           <i>callout_number</i>;
+  int          *<i>offset_vector</i>;
+  const char   *<i>subject</i>;           (8-bit version)
+  PCRE_SPTR16   <i>subject</i>;           (16-bit version)
+  PCRE_SPTR32   <i>subject</i>;           (32-bit version)
+  int           <i>subject_length</i>;
+  int           <i>start_match</i>;
+  int           <i>current_position</i>;
+  int           <i>capture_top</i>;
+  int           <i>capture_last</i>;
+  void         *<i>callout_data</i>;
+  int           <i>pattern_position</i>;
+  int           <i>next_item_length</i>;
+  const unsigned char *<i>mark</i>;       (8-bit version)
+  const PCRE_UCHAR16  *<i>mark</i>;       (16-bit version)
+  const PCRE_UCHAR32  *<i>mark</i>;       (32-bit version)
+</pre>
+The <i>version</i> field is an integer containing the version number of the
+block format. The initial version was 0; the current version is 2. The version
+number will change again in future if additional fields are added, but the
+intention is never to remove any of the existing fields.
+</P>
+<P>
+The <i>callout_number</i> field contains the number of the callout, as compiled
+into the pattern (that is, the number after ?C for manual callouts, and 255 for
+automatically generated callouts).
+</P>
+<P>
+The <i>offset_vector</i> field is a pointer to the vector of offsets that was
+passed by the caller to the matching function. When <b>pcre_exec()</b> or
+<b>pcre[16|32]_exec()</b> is used, the contents can be inspected, in order to
+extract substrings that have been matched so far, in the same way as for
+extracting substrings after a match has completed. For the DFA matching
+functions, this field is not useful.
+</P>
+<P>
+The <i>subject</i> and <i>subject_length</i> fields contain copies of the values
+that were passed to the matching function.
+</P>
+<P>
+The <i>start_match</i> field normally contains the offset within the subject at
+which the current match attempt started. However, if the escape sequence \K
+has been encountered, this value is changed to reflect the modified starting
+point. If the pattern is not anchored, the callout function may be called
+several times from the same point in the pattern for different starting points
+in the subject.
+</P>
+<P>
+The <i>current_position</i> field contains the offset within the subject of the
+current match pointer.
+</P>
+<P>
+When the <b>pcre_exec()</b> or <b>pcre[16|32]_exec()</b> is used, the
+<i>capture_top</i> field contains one more than the number of the highest
+numbered captured substring so far. If no substrings have been captured, the
+value of <i>capture_top</i> is one. This is always the case when the DFA
+functions are used, because they do not support captured substrings.
+</P>
+<P>
+The <i>capture_last</i> field contains the number of the most recently captured
+substring. However, when a recursion exits, the value reverts to what it was
+outside the recursion, as do the values of all captured substrings. If no
+substrings have been captured, the value of <i>capture_last</i> is -1. This is
+always the case for the DFA matching functions.
+</P>
+<P>
+The <i>callout_data</i> field contains a value that is passed to a matching
+function specifically so that it can be passed back in callouts. It is passed
+in the <i>callout_data</i> field of a <b>pcre_extra</b> or <b>pcre[16|32]_extra</b>
+data structure. If no such data was passed, the value of <i>callout_data</i> in
+a callout block is NULL. There is a description of the <b>pcre_extra</b>
+structure in the
+<a href="pcreapi.html"><b>pcreapi</b></a>
+documentation.
+</P>
+<P>
+The <i>pattern_position</i> field is present from version 1 of the callout
+structure. It contains the offset to the next item to be matched in the pattern
+string.
+</P>
+<P>
+The <i>next_item_length</i> field is present from version 1 of the callout
+structure. It contains the length of the next item to be matched in the pattern
+string. When the callout immediately precedes an alternation bar, a closing
+parenthesis, or the end of the pattern, the length is zero. When the callout
+precedes an opening parenthesis, the length is that of the entire subpattern.
+</P>
+<P>
+The <i>pattern_position</i> and <i>next_item_length</i> fields are intended to
+help in distinguishing between different automatic callouts, which all have the
+same callout number. However, they are set for all callouts.
+</P>
+<P>
+The <i>mark</i> field is present from version 2 of the callout structure. In
+callouts from <b>pcre_exec()</b> or <b>pcre[16|32]_exec()</b> it contains a
+pointer to the zero-terminated name of the most recently passed (*MARK),
+(*PRUNE), or (*THEN) item in the match, or NULL if no such items have been
+passed. Instances of (*PRUNE) or (*THEN) without a name do not obliterate a
+previous (*MARK). In callouts from the DFA matching functions this field always
+contains NULL.
+</P>
+<br><a name="SEC5" href="#TOC1">RETURN VALUES</a><br>
+<P>
+The external callout function returns an integer to PCRE. If the value is zero,
+matching proceeds as normal. If the value is greater than zero, matching fails
+at the current point, but the testing of other matching possibilities goes
+ahead, just as if a lookahead assertion had failed. If the value is less than
+zero, the match is abandoned, the matching function returns the negative value.
+</P>
+<P>
+Negative values should normally be chosen from the set of PCRE_ERROR_xxx
+values. In particular, PCRE_ERROR_NOMATCH forces a standard "no match" failure.
+The error number PCRE_ERROR_CALLOUT is reserved for use by callout functions;
+it will never be used by PCRE itself.
+</P>
+<br><a name="SEC6" href="#TOC1">AUTHOR</a><br>
+<P>
+Philip Hazel
+<br>
+University Computing Service
+<br>
+Cambridge CB2 3QH, England.
+<br>
+</P>
+<br><a name="SEC7" href="#TOC1">REVISION</a><br>
+<P>
+Last updated: 12 November 2013
+<br>
+Copyright &copy; 1997-2013 University of Cambridge.
+<br>
+<p>
+Return to the <a href="index.html">PCRE index page</a>.
+</p>
diff --git a/client/3rd/ShadowSocks/ShadowSocks/pcre/arm64/share/doc/pcre/html/pcrecompat.html b/client/3rd/ShadowSocks/ShadowSocks/pcre/arm64/share/doc/pcre/html/pcrecompat.html
new file mode 100644
index 00000000..d95570ef
--- /dev/null
+++ b/client/3rd/ShadowSocks/ShadowSocks/pcre/arm64/share/doc/pcre/html/pcrecompat.html
@@ -0,0 +1,235 @@
+<html>
+<head>
+<title>pcrecompat specification</title>
+</head>
+<body bgcolor="#FFFFFF" text="#00005A" link="#0066FF" alink="#3399FF" vlink="#2222BB">
+<h1>pcrecompat man page</h1>
+<p>
+Return to the <a href="index.html">PCRE index page</a>.
+</p>
+<p>
+This page is part of the PCRE HTML documentation. It was generated automatically
+from the original man page. If there is any nonsense in it, please consult the
+man page, in case the conversion went wrong.
+<br>
+<br><b>
+DIFFERENCES BETWEEN PCRE AND PERL
+</b><br>
+<P>
+This document describes the differences in the ways that PCRE and Perl handle
+regular expressions. The differences described here are with respect to Perl
+versions 5.10 and above.
+</P>
+<P>
+1. PCRE has only a subset of Perl's Unicode support. Details of what it does
+have are given in the
+<a href="pcreunicode.html"><b>pcreunicode</b></a>
+page.
+</P>
+<P>
+2. PCRE allows repeat quantifiers only on parenthesized assertions, but they do
+not mean what you might think. For example, (?!a){3} does not assert that the
+next three characters are not "a". It just asserts that the next character is
+not "a" three times (in principle: PCRE optimizes this to run the assertion
+just once). Perl allows repeat quantifiers on other assertions such as \b, but
+these do not seem to have any use.
+</P>
+<P>
+3. Capturing subpatterns that occur inside negative lookahead assertions are
+counted, but their entries in the offsets vector are never set. Perl sometimes
+(but not always) sets its numerical variables from inside negative assertions.
+</P>
+<P>
+4. Though binary zero characters are supported in the subject string, they are
+not allowed in a pattern string because it is passed as a normal C string,
+terminated by zero. The escape sequence \0 can be used in the pattern to
+represent a binary zero.
+</P>
+<P>
+5. The following Perl escape sequences are not supported: \l, \u, \L,
+\U, and \N when followed by a character name or Unicode value. (\N on its
+own, matching a non-newline character, is supported.) In fact these are
+implemented by Perl's general string-handling and are not part of its pattern
+matching engine. If any of these are encountered by PCRE, an error is
+generated by default. However, if the PCRE_JAVASCRIPT_COMPAT option is set,
+\U and \u are interpreted as JavaScript interprets them.
+</P>
+<P>
+6. The Perl escape sequences \p, \P, and \X are supported only if PCRE is
+built with Unicode character property support. The properties that can be
+tested with \p and \P are limited to the general category properties such as
+Lu and Nd, script names such as Greek or Han, and the derived properties Any
+and L&. PCRE does support the Cs (surrogate) property, which Perl does not; the
+Perl documentation says "Because Perl hides the need for the user to understand
+the internal representation of Unicode characters, there is no need to
+implement the somewhat messy concept of surrogates."
+</P>
+<P>
+7. PCRE does support the \Q...\E escape for quoting substrings. Characters in
+between are treated as literals. This is slightly different from Perl in that $
+and @ are also handled as literals inside the quotes. In Perl, they cause
+variable interpolation (but of course PCRE does not have variables). Note the
+following examples:
+<pre>
+    Pattern            PCRE matches      Perl matches
+
+    \Qabc$xyz\E        abc$xyz           abc followed by the contents of $xyz
+    \Qabc\$xyz\E       abc\$xyz          abc\$xyz
+    \Qabc\E\$\Qxyz\E   abc$xyz           abc$xyz
+</pre>
+The \Q...\E sequence is recognized both inside and outside character classes.
+</P>
+<P>
+8. Fairly obviously, PCRE does not support the (?{code}) and (??{code})
+constructions. However, there is support for recursive patterns. This is not
+available in Perl 5.8, but it is in Perl 5.10. Also, the PCRE "callout"
+feature allows an external function to be called during pattern matching. See
+the
+<a href="pcrecallout.html"><b>pcrecallout</b></a>
+documentation for details.
+</P>
+<P>
+9. Subpatterns that are called as subroutines (whether or not recursively) are
+always treated as atomic groups in PCRE. This is like Python, but unlike Perl.
+Captured values that are set outside a subroutine call can be reference from
+inside in PCRE, but not in Perl. There is a discussion that explains these
+differences in more detail in the
+<a href="pcrepattern.html#recursiondifference">section on recursion differences from Perl</a>
+in the
+<a href="pcrepattern.html"><b>pcrepattern</b></a>
+page.
+</P>
+<P>
+10. If any of the backtracking control verbs are used in a subpattern that is
+called as a subroutine (whether or not recursively), their effect is confined
+to that subpattern; it does not extend to the surrounding pattern. This is not
+always the case in Perl. In particular, if (*THEN) is present in a group that
+is called as a subroutine, its action is limited to that group, even if the
+group does not contain any | characters. Note that such subpatterns are
+processed as anchored at the point where they are tested.
+</P>
+<P>
+11. If a pattern contains more than one backtracking control verb, the first
+one that is backtracked onto acts. For example, in the pattern
+A(*COMMIT)B(*PRUNE)C a failure in B triggers (*COMMIT), but a failure in C
+triggers (*PRUNE). Perl's behaviour is more complex; in many cases it is the
+same as PCRE, but there are examples where it differs.
+</P>
+<P>
+12. Most backtracking verbs in assertions have their normal actions. They are
+not confined to the assertion.
+</P>
+<P>
+13. There are some differences that are concerned with the settings of captured
+strings when part of a pattern is repeated. For example, matching "aba" against
+the pattern /^(a(b)?)+$/ in Perl leaves $2 unset, but in PCRE it is set to "b".
+</P>
+<P>
+14. PCRE's handling of duplicate subpattern numbers and duplicate subpattern
+names is not as general as Perl's. This is a consequence of the fact the PCRE
+works internally just with numbers, using an external table to translate
+between numbers and names. In particular, a pattern such as (?|(?&#60;a&#62;A)|(?&#60;b&#62;B),
+where the two capturing parentheses have the same number but different names,
+is not supported, and causes an error at compile time. If it were allowed, it
+would not be possible to distinguish which parentheses matched, because both
+names map to capturing subpattern number 1. To avoid this confusing situation,
+an error is given at compile time.
+</P>
+<P>
+15. Perl recognizes comments in some places that PCRE does not, for example,
+between the ( and ? at the start of a subpattern. If the /x modifier is set,
+Perl allows white space between ( and ? (though current Perls warn that this is
+deprecated) but PCRE never does, even if the PCRE_EXTENDED option is set.
+</P>
+<P>
+16. Perl, when in warning mode, gives warnings for character classes such as
+[A-\d] or [a-[:digit:]]. It then treats the hyphens as literals. PCRE has no
+warning features, so it gives an error in these cases because they are almost
+certainly user mistakes.
+</P>
+<P>
+17. In PCRE, the upper/lower case character properties Lu and Ll are not
+affected when case-independent matching is specified. For example, \p{Lu}
+always matches an upper case letter. I think Perl has changed in this respect;
+in the release at the time of writing (5.16), \p{Lu} and \p{Ll} match all
+letters, regardless of case, when case independence is specified.
+</P>
+<P>
+18. PCRE provides some extensions to the Perl regular expression facilities.
+Perl 5.10 includes new features that are not in earlier versions of Perl, some
+of which (such as named parentheses) have been in PCRE for some time. This list
+is with respect to Perl 5.10:
+<br>
+<br>
+(a) Although lookbehind assertions in PCRE must match fixed length strings,
+each alternative branch of a lookbehind assertion can match a different length
+of string. Perl requires them all to have the same length.
+<br>
+<br>
+(b) If PCRE_DOLLAR_ENDONLY is set and PCRE_MULTILINE is not set, the $
+meta-character matches only at the very end of the string.
+<br>
+<br>
+(c) If PCRE_EXTRA is set, a backslash followed by a letter with no special
+meaning is faulted. Otherwise, like Perl, the backslash is quietly ignored.
+(Perl can be made to issue a warning.)
+<br>
+<br>
+(d) If PCRE_UNGREEDY is set, the greediness of the repetition quantifiers is
+inverted, that is, by default they are not greedy, but if followed by a
+question mark they are.
+<br>
+<br>
+(e) PCRE_ANCHORED can be used at matching time to force a pattern to be tried
+only at the first matching position in the subject string.
+<br>
+<br>
+(f) The PCRE_NOTBOL, PCRE_NOTEOL, PCRE_NOTEMPTY, PCRE_NOTEMPTY_ATSTART, and
+PCRE_NO_AUTO_CAPTURE options for <b>pcre_exec()</b> have no Perl equivalents.
+<br>
+<br>
+(g) The \R escape sequence can be restricted to match only CR, LF, or CRLF
+by the PCRE_BSR_ANYCRLF option.
+<br>
+<br>
+(h) The callout facility is PCRE-specific.
+<br>
+<br>
+(i) The partial matching facility is PCRE-specific.
+<br>
+<br>
+(j) Patterns compiled by PCRE can be saved and re-used at a later time, even on
+different hosts that have the other endianness. However, this does not apply to
+optimized data created by the just-in-time compiler.
+<br>
+<br>
+(k) The alternative matching functions (<b>pcre_dfa_exec()</b>,
+<b>pcre16_dfa_exec()</b> and <b>pcre32_dfa_exec()</b>,) match in a different way
+and are not Perl-compatible.
+<br>
+<br>
+(l) PCRE recognizes some special sequences such as (*CR) at the start of
+a pattern that set overall options that cannot be changed within the pattern.
+</P>
+<br><b>
+AUTHOR
+</b><br>
+<P>
+Philip Hazel
+<br>
+University Computing Service
+<br>
+Cambridge CB2 3QH, England.
+<br>
+</P>
+<br><b>
+REVISION
+</b><br>
+<P>
+Last updated: 10 November 2013
+<br>
+Copyright &copy; 1997-2013 University of Cambridge.
+<br>
+<p>
+Return to the <a href="index.html">PCRE index page</a>.
+</p>
diff --git a/client/3rd/ShadowSocks/ShadowSocks/pcre/arm64/share/doc/pcre/html/pcrecpp.html b/client/3rd/ShadowSocks/ShadowSocks/pcre/arm64/share/doc/pcre/html/pcrecpp.html
new file mode 100644
index 00000000..b7eac3a3
--- /dev/null
+++ b/client/3rd/ShadowSocks/ShadowSocks/pcre/arm64/share/doc/pcre/html/pcrecpp.html
@@ -0,0 +1,368 @@
+<html>
+<head>
+<title>pcrecpp specification</title>
+</head>
+<body bgcolor="#FFFFFF" text="#00005A" link="#0066FF" alink="#3399FF" vlink="#2222BB">
+<h1>pcrecpp man page</h1>
+<p>
+Return to the <a href="index.html">PCRE index page</a>.
+</p>
+<p>
+This page is part of the PCRE HTML documentation. It was generated automatically
+from the original man page. If there is any nonsense in it, please consult the
+man page, in case the conversion went wrong.
+<br>
+<ul>
+<li><a name="TOC1" href="#SEC1">SYNOPSIS OF C++ WRAPPER</a>
+<li><a name="TOC2" href="#SEC2">DESCRIPTION</a>
+<li><a name="TOC3" href="#SEC3">MATCHING INTERFACE</a>
+<li><a name="TOC4" href="#SEC4">QUOTING METACHARACTERS</a>
+<li><a name="TOC5" href="#SEC5">PARTIAL MATCHES</a>
+<li><a name="TOC6" href="#SEC6">UTF-8 AND THE MATCHING INTERFACE</a>
+<li><a name="TOC7" href="#SEC7">PASSING MODIFIERS TO THE REGULAR EXPRESSION ENGINE</a>
+<li><a name="TOC8" href="#SEC8">SCANNING TEXT INCREMENTALLY</a>
+<li><a name="TOC9" href="#SEC9">PARSING HEX/OCTAL/C-RADIX NUMBERS</a>
+<li><a name="TOC10" href="#SEC10">REPLACING PARTS OF STRINGS</a>
+<li><a name="TOC11" href="#SEC11">AUTHOR</a>
+<li><a name="TOC12" href="#SEC12">REVISION</a>
+</ul>
+<br><a name="SEC1" href="#TOC1">SYNOPSIS OF C++ WRAPPER</a><br>
+<P>
+<b>#include &#60;pcrecpp.h&#62;</b>
+</P>
+<br><a name="SEC2" href="#TOC1">DESCRIPTION</a><br>
+<P>
+The C++ wrapper for PCRE was provided by Google Inc. Some additional
+functionality was added by Giuseppe Maxia. This brief man page was constructed
+from the notes in the <i>pcrecpp.h</i> file, which should be consulted for
+further details. Note that the C++ wrapper supports only the original 8-bit
+PCRE library. There is no 16-bit or 32-bit support at present.
+</P>
+<br><a name="SEC3" href="#TOC1">MATCHING INTERFACE</a><br>
+<P>
+The "FullMatch" operation checks that supplied text matches a supplied pattern
+exactly. If pointer arguments are supplied, it copies matched sub-strings that
+match sub-patterns into them.
+<pre>
+  Example: successful match
+     pcrecpp::RE re("h.*o");
+     re.FullMatch("hello");
+
+  Example: unsuccessful match (requires full match):
+     pcrecpp::RE re("e");
+     !re.FullMatch("hello");
+
+  Example: creating a temporary RE object:
+     pcrecpp::RE("h.*o").FullMatch("hello");
+</pre>
+You can pass in a "const char*" or a "string" for "text". The examples below
+tend to use a const char*. You can, as in the different examples above, store
+the RE object explicitly in a variable or use a temporary RE object. The
+examples below use one mode or the other arbitrarily. Either could correctly be
+used for any of these examples.
+</P>
+<P>
+You must supply extra pointer arguments to extract matched subpieces.
+<pre>
+  Example: extracts "ruby" into "s" and 1234 into "i"
+     int i;
+     string s;
+     pcrecpp::RE re("(\\w+):(\\d+)");
+     re.FullMatch("ruby:1234", &s, &i);
+
+  Example: does not try to extract any extra sub-patterns
+     re.FullMatch("ruby:1234", &s);
+
+  Example: does not try to extract into NULL
+     re.FullMatch("ruby:1234", NULL, &i);
+
+  Example: integer overflow causes failure
+     !re.FullMatch("ruby:1234567891234", NULL, &i);
+
+  Example: fails because there aren't enough sub-patterns:
+     !pcrecpp::RE("\\w+:\\d+").FullMatch("ruby:1234", &s);
+
+  Example: fails because string cannot be stored in integer
+     !pcrecpp::RE("(.*)").FullMatch("ruby", &i);
+</pre>
+The provided pointer arguments can be pointers to any scalar numeric
+type, or one of:
+<pre>
+   string        (matched piece is copied to string)
+   StringPiece   (StringPiece is mutated to point to matched piece)
+   T             (where "bool T::ParseFrom(const char*, int)" exists)
+   NULL          (the corresponding matched sub-pattern is not copied)
+</pre>
+The function returns true iff all of the following conditions are satisfied:
+<pre>
+  a. "text" matches "pattern" exactly;
+
+  b. The number of matched sub-patterns is &#62;= number of supplied
+     pointers;
+
+  c. The "i"th argument has a suitable type for holding the
+     string captured as the "i"th sub-pattern. If you pass in
+     void * NULL for the "i"th argument, or a non-void * NULL
+     of the correct type, or pass fewer arguments than the
+     number of sub-patterns, "i"th captured sub-pattern is
+     ignored.
+</pre>
+CAVEAT: An optional sub-pattern that does not exist in the matched
+string is assigned the empty string. Therefore, the following will
+return false (because the empty string is not a valid number):
+<pre>
+   int number;
+   pcrecpp::RE::FullMatch("abc", "[a-z]+(\\d+)?", &number);
+</pre>
+The matching interface supports at most 16 arguments per call.
+If you need more, consider using the more general interface
+<b>pcrecpp::RE::DoMatch</b>. See <b>pcrecpp.h</b> for the signature for
+<b>DoMatch</b>.
+</P>
+<P>
+NOTE: Do not use <b>no_arg</b>, which is used internally to mark the end of a
+list of optional arguments, as a placeholder for missing arguments, as this can
+lead to segfaults.
+</P>
+<br><a name="SEC4" href="#TOC1">QUOTING METACHARACTERS</a><br>
+<P>
+You can use the "QuoteMeta" operation to insert backslashes before all
+potentially meaningful characters in a string. The returned string, used as a
+regular expression, will exactly match the original string.
+<pre>
+  Example:
+     string quoted = RE::QuoteMeta(unquoted);
+</pre>
+Note that it's legal to escape a character even if it has no special meaning in
+a regular expression -- so this function does that. (This also makes it
+identical to the perl function of the same name; see "perldoc -f quotemeta".)
+For example, "1.5-2.0?" becomes "1\.5\-2\.0\?".
+</P>
+<br><a name="SEC5" href="#TOC1">PARTIAL MATCHES</a><br>
+<P>
+You can use the "PartialMatch" operation when you want the pattern
+to match any substring of the text.
+<pre>
+  Example: simple search for a string:
+     pcrecpp::RE("ell").PartialMatch("hello");
+
+  Example: find first number in a string:
+     int number;
+     pcrecpp::RE re("(\\d+)");
+     re.PartialMatch("x*100 + 20", &number);
+     assert(number == 100);
+</PRE>
+</P>
+<br><a name="SEC6" href="#TOC1">UTF-8 AND THE MATCHING INTERFACE</a><br>
+<P>
+By default, pattern and text are plain text, one byte per character. The UTF8
+flag, passed to the constructor, causes both pattern and string to be treated
+as UTF-8 text, still a byte stream but potentially multiple bytes per
+character. In practice, the text is likelier to be UTF-8 than the pattern, but
+the match returned may depend on the UTF8 flag, so always use it when matching
+UTF8 text. For example, "." will match one byte normally but with UTF8 set may
+match up to three bytes of a multi-byte character.
+<pre>
+  Example:
+     pcrecpp::RE_Options options;
+     options.set_utf8();
+     pcrecpp::RE re(utf8_pattern, options);
+     re.FullMatch(utf8_string);
+
+  Example: using the convenience function UTF8():
+     pcrecpp::RE re(utf8_pattern, pcrecpp::UTF8());
+     re.FullMatch(utf8_string);
+</pre>
+NOTE: The UTF8 flag is ignored if pcre was not configured with the
+<pre>
+      --enable-utf8 flag.
+</PRE>
+</P>
+<br><a name="SEC7" href="#TOC1">PASSING MODIFIERS TO THE REGULAR EXPRESSION ENGINE</a><br>
+<P>
+PCRE defines some modifiers to change the behavior of the regular expression
+engine. The C++ wrapper defines an auxiliary class, RE_Options, as a vehicle to
+pass such modifiers to a RE class. Currently, the following modifiers are
+supported:
+<pre>
+   modifier              description               Perl corresponding
+
+   PCRE_CASELESS         case insensitive match      /i
+   PCRE_MULTILINE        multiple lines match        /m
+   PCRE_DOTALL           dot matches newlines        /s
+   PCRE_DOLLAR_ENDONLY   $ matches only at end       N/A
+   PCRE_EXTRA            strict escape parsing       N/A
+   PCRE_EXTENDED         ignore white spaces         /x
+   PCRE_UTF8             handles UTF8 chars          built-in
+   PCRE_UNGREEDY         reverses * and *?           N/A
+   PCRE_NO_AUTO_CAPTURE  disables capturing parens   N/A (*)
+</pre>
+(*) Both Perl and PCRE allow non capturing parentheses by means of the
+"?:" modifier within the pattern itself. e.g. (?:ab|cd) does not
+capture, while (ab|cd) does.
+</P>
+<P>
+For a full account on how each modifier works, please check the
+PCRE API reference page.
+</P>
+<P>
+For each modifier, there are two member functions whose name is made
+out of the modifier in lowercase, without the "PCRE_" prefix. For
+instance, PCRE_CASELESS is handled by
+<pre>
+  bool caseless()
+</pre>
+which returns true if the modifier is set, and
+<pre>
+  RE_Options & set_caseless(bool)
+</pre>
+which sets or unsets the modifier. Moreover, PCRE_EXTRA_MATCH_LIMIT can be
+accessed through the <b>set_match_limit()</b> and <b>match_limit()</b> member
+functions. Setting <i>match_limit</i> to a non-zero value will limit the
+execution of pcre to keep it from doing bad things like blowing the stack or
+taking an eternity to return a result. A value of 5000 is good enough to stop
+stack blowup in a 2MB thread stack. Setting <i>match_limit</i> to zero disables
+match limiting. Alternatively, you can call <b>match_limit_recursion()</b>
+which uses PCRE_EXTRA_MATCH_LIMIT_RECURSION to limit how much PCRE
+recurses. <b>match_limit()</b> limits the number of matches PCRE does;
+<b>match_limit_recursion()</b> limits the depth of internal recursion, and
+therefore the amount of stack that is used.
+</P>
+<P>
+Normally, to pass one or more modifiers to a RE class, you declare
+a <i>RE_Options</i> object, set the appropriate options, and pass this
+object to a RE constructor. Example:
+<pre>
+   RE_Options opt;
+   opt.set_caseless(true);
+   if (RE("HELLO", opt).PartialMatch("hello world")) ...
+</pre>
+RE_options has two constructors. The default constructor takes no arguments and
+creates a set of flags that are off by default. The optional parameter
+<i>option_flags</i> is to facilitate transfer of legacy code from C programs.
+This lets you do
+<pre>
+   RE(pattern,
+     RE_Options(PCRE_CASELESS|PCRE_MULTILINE)).PartialMatch(str);
+</pre>
+However, new code is better off doing
+<pre>
+   RE(pattern,
+     RE_Options().set_caseless(true).set_multiline(true))
+       .PartialMatch(str);
+</pre>
+If you are going to pass one of the most used modifiers, there are some
+convenience functions that return a RE_Options class with the
+appropriate modifier already set: <b>CASELESS()</b>, <b>UTF8()</b>,
+<b>MULTILINE()</b>, <b>DOTALL</b>(), and <b>EXTENDED()</b>.
+</P>
+<P>
+If you need to set several options at once, and you don't want to go through
+the pains of declaring a RE_Options object and setting several options, there
+is a parallel method that give you such ability on the fly. You can concatenate
+several <b>set_xxxxx()</b> member functions, since each of them returns a
+reference to its class object. For example, to pass PCRE_CASELESS,
+PCRE_EXTENDED, and PCRE_MULTILINE to a RE with one statement, you may write:
+<pre>
+   RE(" ^ xyz \\s+ .* blah$",
+     RE_Options()
+       .set_caseless(true)
+       .set_extended(true)
+       .set_multiline(true)).PartialMatch(sometext);
+
+</PRE>
+</P>
+<br><a name="SEC8" href="#TOC1">SCANNING TEXT INCREMENTALLY</a><br>
+<P>
+The "Consume" operation may be useful if you want to repeatedly
+match regular expressions at the front of a string and skip over
+them as they match. This requires use of the "StringPiece" type,
+which represents a sub-range of a real string. Like RE, StringPiece
+is defined in the pcrecpp namespace.
+<pre>
+  Example: read lines of the form "var = value" from a string.
+     string contents = ...;                 // Fill string somehow
+     pcrecpp::StringPiece input(contents);  // Wrap in a StringPiece
+
+     string var;
+     int value;
+     pcrecpp::RE re("(\\w+) = (\\d+)\n");
+     while (re.Consume(&input, &var, &value)) {
+       ...;
+     }
+</pre>
+Each successful call to "Consume" will set "var/value", and also
+advance "input" so it points past the matched text.
+</P>
+<P>
+The "FindAndConsume" operation is similar to "Consume" but does not
+anchor your match at the beginning of the string. For example, you
+could extract all words from a string by repeatedly calling
+<pre>
+  pcrecpp::RE("(\\w+)").FindAndConsume(&input, &word)
+</PRE>
+</P>
+<br><a name="SEC9" href="#TOC1">PARSING HEX/OCTAL/C-RADIX NUMBERS</a><br>
+<P>
+By default, if you pass a pointer to a numeric value, the
+corresponding text is interpreted as a base-10 number. You can
+instead wrap the pointer with a call to one of the operators Hex(),
+Octal(), or CRadix() to interpret the text in another base. The
+CRadix operator interprets C-style "0" (base-8) and "0x" (base-16)
+prefixes, but defaults to base-10.
+<pre>
+  Example:
+    int a, b, c, d;
+    pcrecpp::RE re("(.*) (.*) (.*) (.*)");
+    re.FullMatch("100 40 0100 0x40",
+                 pcrecpp::Octal(&a), pcrecpp::Hex(&b),
+                 pcrecpp::CRadix(&c), pcrecpp::CRadix(&d));
+</pre>
+will leave 64 in a, b, c, and d.
+</P>
+<br><a name="SEC10" href="#TOC1">REPLACING PARTS OF STRINGS</a><br>
+<P>
+You can replace the first match of "pattern" in "str" with "rewrite".
+Within "rewrite", backslash-escaped digits (\1 to \9) can be
+used to insert text matching corresponding parenthesized group
+from the pattern. \0 in "rewrite" refers to the entire matching
+text. For example:
+<pre>
+  string s = "yabba dabba doo";
+  pcrecpp::RE("b+").Replace("d", &s);
+</pre>
+will leave "s" containing "yada dabba doo". The result is true if the pattern
+matches and a replacement occurs, false otherwise.
+</P>
+<P>
+<b>GlobalReplace</b> is like <b>Replace</b> except that it replaces all
+occurrences of the pattern in the string with the rewrite. Replacements are
+not subject to re-matching. For example:
+<pre>
+  string s = "yabba dabba doo";
+  pcrecpp::RE("b+").GlobalReplace("d", &s);
+</pre>
+will leave "s" containing "yada dada doo". It returns the number of
+replacements made.
+</P>
+<P>
+<b>Extract</b> is like <b>Replace</b>, except that if the pattern matches,
+"rewrite" is copied into "out" (an additional argument) with substitutions.
+The non-matching portions of "text" are ignored. Returns true iff a match
+occurred and the extraction happened successfully;  if no match occurs, the
+string is left unaffected.
+</P>
+<br><a name="SEC11" href="#TOC1">AUTHOR</a><br>
+<P>
+The C++ wrapper was contributed by Google Inc.
+<br>
+Copyright &copy; 2007 Google Inc.
+<br>
+</P>
+<br><a name="SEC12" href="#TOC1">REVISION</a><br>
+<P>
+Last updated: 08 January 2012
+<br>
+<p>
+Return to the <a href="index.html">PCRE index page</a>.
+</p>
diff --git a/client/3rd/ShadowSocks/ShadowSocks/pcre/arm64/share/doc/pcre/html/pcredemo.html b/client/3rd/ShadowSocks/ShadowSocks/pcre/arm64/share/doc/pcre/html/pcredemo.html
new file mode 100644
index 00000000..894a9308
--- /dev/null
+++ b/client/3rd/ShadowSocks/ShadowSocks/pcre/arm64/share/doc/pcre/html/pcredemo.html
@@ -0,0 +1,426 @@
+<html>
+<head>
+<title>pcredemo specification</title>
+</head>
+<body bgcolor="#FFFFFF" text="#00005A" link="#0066FF" alink="#3399FF" vlink="#2222BB">
+<h1>pcredemo man page</h1>
+<p>
+Return to the <a href="index.html">PCRE index page</a>.
+</p>
+<p>
+This page is part of the PCRE HTML documentation. It was generated automatically
+from the original man page. If there is any nonsense in it, please consult the
+man page, in case the conversion went wrong.
+<br>
+<ul>
+</ul>
+<PRE>
+/*************************************************
+*           PCRE DEMONSTRATION PROGRAM           *
+*************************************************/
+
+/* This is a demonstration program to illustrate the most straightforward ways
+of calling the PCRE regular expression library from a C program. See the
+pcresample documentation for a short discussion ("man pcresample" if you have
+the PCRE man pages installed).
+
+In Unix-like environments, if PCRE is installed in your standard system
+libraries, you should be able to compile this program using this command:
+
+gcc -Wall pcredemo.c -lpcre -o pcredemo
+
+If PCRE is not installed in a standard place, it is likely to be installed with
+support for the pkg-config mechanism. If you have pkg-config, you can compile
+this program using this command:
+
+gcc -Wall pcredemo.c `pkg-config --cflags --libs libpcre` -o pcredemo
+
+If you do not have pkg-config, you may have to use this:
+
+gcc -Wall pcredemo.c -I/usr/local/include -L/usr/local/lib \
+  -R/usr/local/lib -lpcre -o pcredemo
+
+Replace "/usr/local/include" and "/usr/local/lib" with wherever the include and
+library files for PCRE are installed on your system. Only some operating
+systems (e.g. Solaris) use the -R option.
+
+Building under Windows:
+
+If you want to statically link this program against a non-dll .a file, you must
+define PCRE_STATIC before including pcre.h, otherwise the pcre_malloc() and
+pcre_free() exported functions will be declared __declspec(dllimport), with
+unwanted results. So in this environment, uncomment the following line. */
+
+/* #define PCRE_STATIC */
+
+#include &lt;stdio.h&gt;
+#include &lt;string.h&gt;
+#include &lt;pcre.h&gt;
+
+#define OVECCOUNT 30    /* should be a multiple of 3 */
+
+
+int main(int argc, char **argv)
+{
+pcre *re;
+const char *error;
+char *pattern;
+char *subject;
+unsigned char *name_table;
+unsigned int option_bits;
+int erroffset;
+int find_all;
+int crlf_is_newline;
+int namecount;
+int name_entry_size;
+int ovector[OVECCOUNT];
+int subject_length;
+int rc, i;
+int utf8;
+
+
+/**************************************************************************
+* First, sort out the command line. There is only one possible option at  *
+* the moment, "-g" to request repeated matching to find all occurrences,  *
+* like Perl's /g option. We set the variable find_all to a non-zero value *
+* if the -g option is present. Apart from that, there must be exactly two *
+* arguments.                                                              *
+**************************************************************************/
+
+find_all = 0;
+for (i = 1; i &lt; argc; i++)
+  {
+  if (strcmp(argv[i], "-g") == 0) find_all = 1;
+    else break;
+  }
+
+/* After the options, we require exactly two arguments, which are the pattern,
+and the subject string. */
+
+if (argc - i != 2)
+  {
+  printf("Two arguments required: a regex and a subject string\n");
+  return 1;
+  }
+
+pattern = argv[i];
+subject = argv[i+1];
+subject_length = (int)strlen(subject);
+
+
+/*************************************************************************
+* Now we are going to compile the regular expression pattern, and handle *
+* and errors that are detected.                                          *
+*************************************************************************/
+
+re = pcre_compile(
+  pattern,              /* the pattern */
+  0,                    /* default options */
+  &amp;error,               /* for error message */
+  &amp;erroffset,           /* for error offset */
+  NULL);                /* use default character tables */
+
+/* Compilation failed: print the error message and exit */
+
+if (re == NULL)
+  {
+  printf("PCRE compilation failed at offset %d: %s\n", erroffset, error);
+  return 1;
+  }
+
+
+/*************************************************************************
+* If the compilation succeeded, we call PCRE again, in order to do a     *
+* pattern match against the subject string. This does just ONE match. If *
+* further matching is needed, it will be done below.                     *
+*************************************************************************/
+
+rc = pcre_exec(
+  re,                   /* the compiled pattern */
+  NULL,                 /* no extra data - we didn't study the pattern */
+  subject,              /* the subject string */
+  subject_length,       /* the length of the subject */
+  0,                    /* start at offset 0 in the subject */
+  0,                    /* default options */
+  ovector,              /* output vector for substring information */
+  OVECCOUNT);           /* number of elements in the output vector */
+
+/* Matching failed: handle error cases */
+
+if (rc &lt; 0)
+  {
+  switch(rc)
+    {
+    case PCRE_ERROR_NOMATCH: printf("No match\n"); break;
+    /*
+    Handle other special cases if you like
+    */
+    default: printf("Matching error %d\n", rc); break;
+    }
+  pcre_free(re);     /* Release memory used for the compiled pattern */
+  return 1;
+  }
+
+/* Match succeded */
+
+printf("\nMatch succeeded at offset %d\n", ovector[0]);
+
+
+/*************************************************************************
+* We have found the first match within the subject string. If the output *
+* vector wasn't big enough, say so. Then output any substrings that were *
+* captured.                                                              *
+*************************************************************************/
+
+/* The output vector wasn't big enough */
+
+if (rc == 0)
+  {
+  rc = OVECCOUNT/3;
+  printf("ovector only has room for %d captured substrings\n", rc - 1);
+  }
+
+/* Show substrings stored in the output vector by number. Obviously, in a real
+application you might want to do things other than print them. */
+
+for (i = 0; i &lt; rc; i++)
+  {
+  char *substring_start = subject + ovector[2*i];
+  int substring_length = ovector[2*i+1] - ovector[2*i];
+  printf("%2d: %.*s\n", i, substring_length, substring_start);
+  }
+
+
+/**************************************************************************
+* That concludes the basic part of this demonstration program. We have    *
+* compiled a pattern, and performed a single match. The code that follows *
+* shows first how to access named substrings, and then how to code for    *
+* repeated matches on the same subject.                                   *
+**************************************************************************/
+
+/* See if there are any named substrings, and if so, show them by name. First
+we have to extract the count of named parentheses from the pattern. */
+
+(void)pcre_fullinfo(
+  re,                   /* the compiled pattern */
+  NULL,                 /* no extra data - we didn't study the pattern */
+  PCRE_INFO_NAMECOUNT,  /* number of named substrings */
+  &amp;namecount);          /* where to put the answer */
+
+if (namecount &lt;= 0) printf("No named substrings\n"); else
+  {
+  unsigned char *tabptr;
+  printf("Named substrings\n");
+
+  /* Before we can access the substrings, we must extract the table for
+  translating names to numbers, and the size of each entry in the table. */
+
+  (void)pcre_fullinfo(
+    re,                       /* the compiled pattern */
+    NULL,                     /* no extra data - we didn't study the pattern */
+    PCRE_INFO_NAMETABLE,      /* address of the table */
+    &amp;name_table);             /* where to put the answer */
+
+  (void)pcre_fullinfo(
+    re,                       /* the compiled pattern */
+    NULL,                     /* no extra data - we didn't study the pattern */
+    PCRE_INFO_NAMEENTRYSIZE,  /* size of each entry in the table */
+    &amp;name_entry_size);        /* where to put the answer */
+
+  /* Now we can scan the table and, for each entry, print the number, the name,
+  and the substring itself. */
+
+  tabptr = name_table;
+  for (i = 0; i &lt; namecount; i++)
+    {
+    int n = (tabptr[0] &lt;&lt; 8) | tabptr[1];
+    printf("(%d) %*s: %.*s\n", n, name_entry_size - 3, tabptr + 2,
+      ovector[2*n+1] - ovector[2*n], subject + ovector[2*n]);
+    tabptr += name_entry_size;
+    }
+  }
+
+
+/*************************************************************************
+* If the "-g" option was given on the command line, we want to continue  *
+* to search for additional matches in the subject string, in a similar   *
+* way to the /g option in Perl. This turns out to be trickier than you   *
+* might think because of the possibility of matching an empty string.    *
+* What happens is as follows:                                            *
+*                                                                        *
+* If the previous match was NOT for an empty string, we can just start   *
+* the next match at the end of the previous one.                         *
+*                                                                        *
+* If the previous match WAS for an empty string, we can't do that, as it *
+* would lead to an infinite loop. Instead, a special call of pcre_exec() *
+* is made with the PCRE_NOTEMPTY_ATSTART and PCRE_ANCHORED flags set.    *
+* The first of these tells PCRE that an empty string at the start of the *
+* subject is not a valid match; other possibilities must be tried. The   *
+* second flag restricts PCRE to one match attempt at the initial string  *
+* position. If this match succeeds, an alternative to the empty string   *
+* match has been found, and we can print it and proceed round the loop,  *
+* advancing by the length of whatever was found. If this match does not  *
+* succeed, we still stay in the loop, advancing by just one character.   *
+* In UTF-8 mode, which can be set by (*UTF8) in the pattern, this may be *
+* more than one byte.                                                    *
+*                                                                        *
+* However, there is a complication concerned with newlines. When the     *
+* newline convention is such that CRLF is a valid newline, we must       *
+* advance by two characters rather than one. The newline convention can  *
+* be set in the regex by (*CR), etc.; if not, we must find the default.  *
+*************************************************************************/
+
+if (!find_all)     /* Check for -g */
+  {
+  pcre_free(re);   /* Release the memory used for the compiled pattern */
+  return 0;        /* Finish unless -g was given */
+  }
+
+/* Before running the loop, check for UTF-8 and whether CRLF is a valid newline
+sequence. First, find the options with which the regex was compiled; extract
+the UTF-8 state, and mask off all but the newline options. */
+
+(void)pcre_fullinfo(re, NULL, PCRE_INFO_OPTIONS, &amp;option_bits);
+utf8 = option_bits &amp; PCRE_UTF8;
+option_bits &amp;= PCRE_NEWLINE_CR|PCRE_NEWLINE_LF|PCRE_NEWLINE_CRLF|
+               PCRE_NEWLINE_ANY|PCRE_NEWLINE_ANYCRLF;
+
+/* If no newline options were set, find the default newline convention from the
+build configuration. */
+
+if (option_bits == 0)
+  {
+  int d;
+  (void)pcre_config(PCRE_CONFIG_NEWLINE, &amp;d);
+  /* Note that these values are always the ASCII ones, even in
+  EBCDIC environments. CR = 13, NL = 10. */
+  option_bits = (d == 13)? PCRE_NEWLINE_CR :
+          (d == 10)? PCRE_NEWLINE_LF :
+          (d == (13&lt;&lt;8 | 10))? PCRE_NEWLINE_CRLF :
+          (d == -2)? PCRE_NEWLINE_ANYCRLF :
+          (d == -1)? PCRE_NEWLINE_ANY : 0;
+  }
+
+/* See if CRLF is a valid newline sequence. */
+
+crlf_is_newline =
+     option_bits == PCRE_NEWLINE_ANY ||
+     option_bits == PCRE_NEWLINE_CRLF ||
+     option_bits == PCRE_NEWLINE_ANYCRLF;
+
+/* Loop for second and subsequent matches */
+
+for (;;)
+  {
+  int options = 0;                 /* Normally no options */
+  int start_offset = ovector[1];   /* Start at end of previous match */
+
+  /* If the previous match was for an empty string, we are finished if we are
+  at the end of the subject. Otherwise, arrange to run another match at the
+  same point to see if a non-empty match can be found. */
+
+  if (ovector[0] == ovector[1])
+    {
+    if (ovector[0] == subject_length) break;
+    options = PCRE_NOTEMPTY_ATSTART | PCRE_ANCHORED;
+    }
+
+  /* Run the next matching operation */
+
+  rc = pcre_exec(
+    re,                   /* the compiled pattern */
+    NULL,                 /* no extra data - we didn't study the pattern */
+    subject,              /* the subject string */
+    subject_length,       /* the length of the subject */
+    start_offset,         /* starting offset in the subject */
+    options,              /* options */
+    ovector,              /* output vector for substring information */
+    OVECCOUNT);           /* number of elements in the output vector */
+
+  /* This time, a result of NOMATCH isn't an error. If the value in "options"
+  is zero, it just means we have found all possible matches, so the loop ends.
+  Otherwise, it means we have failed to find a non-empty-string match at a
+  point where there was a previous empty-string match. In this case, we do what
+  Perl does: advance the matching position by one character, and continue. We
+  do this by setting the "end of previous match" offset, because that is picked
+  up at the top of the loop as the point at which to start again.
+
+  There are two complications: (a) When CRLF is a valid newline sequence, and
+  the current position is just before it, advance by an extra byte. (b)
+  Otherwise we must ensure that we skip an entire UTF-8 character if we are in
+  UTF-8 mode. */
+
+  if (rc == PCRE_ERROR_NOMATCH)
+    {
+    if (options == 0) break;                    /* All matches found */
+    ovector[1] = start_offset + 1;              /* Advance one byte */
+    if (crlf_is_newline &amp;&amp;                      /* If CRLF is newline &amp; */
+        start_offset &lt; subject_length - 1 &amp;&amp;    /* we are at CRLF, */
+        subject[start_offset] == '\r' &amp;&amp;
+        subject[start_offset + 1] == '\n')
+      ovector[1] += 1;                          /* Advance by one more. */
+    else if (utf8)                              /* Otherwise, ensure we */
+      {                                         /* advance a whole UTF-8 */
+      while (ovector[1] &lt; subject_length)       /* character. */
+        {
+        if ((subject[ovector[1]] &amp; 0xc0) != 0x80) break;
+        ovector[1] += 1;
+        }
+      }
+    continue;    /* Go round the loop again */
+    }
+
+  /* Other matching errors are not recoverable. */
+
+  if (rc &lt; 0)
+    {
+    printf("Matching error %d\n", rc);
+    pcre_free(re);    /* Release memory used for the compiled pattern */
+    return 1;
+    }
+
+  /* Match succeded */
+
+  printf("\nMatch succeeded again at offset %d\n", ovector[0]);
+
+  /* The match succeeded, but the output vector wasn't big enough. */
+
+  if (rc == 0)
+    {
+    rc = OVECCOUNT/3;
+    printf("ovector only has room for %d captured substrings\n", rc - 1);
+    }
+
+  /* As before, show substrings stored in the output vector by number, and then
+  also any named substrings. */
+
+  for (i = 0; i &lt; rc; i++)
+    {
+    char *substring_start = subject + ovector[2*i];
+    int substring_length = ovector[2*i+1] - ovector[2*i];
+    printf("%2d: %.*s\n", i, substring_length, substring_start);
+    }
+
+  if (namecount &lt;= 0) printf("No named substrings\n"); else
+    {
+    unsigned char *tabptr = name_table;
+    printf("Named substrings\n");
+    for (i = 0; i &lt; namecount; i++)
+      {
+      int n = (tabptr[0] &lt;&lt; 8) | tabptr[1];
+      printf("(%d) %*s: %.*s\n", n, name_entry_size - 3, tabptr + 2,
+        ovector[2*n+1] - ovector[2*n], subject + ovector[2*n]);
+      tabptr += name_entry_size;
+      }
+    }
+  }      /* End of loop to find second and subsequent matches */
+
+printf("\n");
+pcre_free(re);       /* Release memory used for the compiled pattern */
+return 0;
+}
+
+/* End of pcredemo.c */
+<p>
+Return to the <a href="index.html">PCRE index page</a>.
+</p>
diff --git a/client/3rd/ShadowSocks/ShadowSocks/pcre/arm64/share/doc/pcre/html/pcregrep.html b/client/3rd/ShadowSocks/ShadowSocks/pcre/arm64/share/doc/pcre/html/pcregrep.html
new file mode 100644
index 00000000..dacbb499
--- /dev/null
+++ b/client/3rd/ShadowSocks/ShadowSocks/pcre/arm64/share/doc/pcre/html/pcregrep.html
@@ -0,0 +1,759 @@
+<html>
+<head>
+<title>pcregrep specification</title>
+</head>
+<body bgcolor="#FFFFFF" text="#00005A" link="#0066FF" alink="#3399FF" vlink="#2222BB">
+<h1>pcregrep man page</h1>
+<p>
+Return to the <a href="index.html">PCRE index page</a>.
+</p>
+<p>
+This page is part of the PCRE HTML documentation. It was generated automatically
+from the original man page. If there is any nonsense in it, please consult the
+man page, in case the conversion went wrong.
+<br>
+<ul>
+<li><a name="TOC1" href="#SEC1">SYNOPSIS</a>
+<li><a name="TOC2" href="#SEC2">DESCRIPTION</a>
+<li><a name="TOC3" href="#SEC3">SUPPORT FOR COMPRESSED FILES</a>
+<li><a name="TOC4" href="#SEC4">BINARY FILES</a>
+<li><a name="TOC5" href="#SEC5">OPTIONS</a>
+<li><a name="TOC6" href="#SEC6">ENVIRONMENT VARIABLES</a>
+<li><a name="TOC7" href="#SEC7">NEWLINES</a>
+<li><a name="TOC8" href="#SEC8">OPTIONS COMPATIBILITY</a>
+<li><a name="TOC9" href="#SEC9">OPTIONS WITH DATA</a>
+<li><a name="TOC10" href="#SEC10">MATCHING ERRORS</a>
+<li><a name="TOC11" href="#SEC11">DIAGNOSTICS</a>
+<li><a name="TOC12" href="#SEC12">SEE ALSO</a>
+<li><a name="TOC13" href="#SEC13">AUTHOR</a>
+<li><a name="TOC14" href="#SEC14">REVISION</a>
+</ul>
+<br><a name="SEC1" href="#TOC1">SYNOPSIS</a><br>
+<P>
+<b>pcregrep [options] [long options] [pattern] [path1 path2 ...]</b>
+</P>
+<br><a name="SEC2" href="#TOC1">DESCRIPTION</a><br>
+<P>
+<b>pcregrep</b> searches files for character patterns, in the same way as other
+grep commands do, but it uses the PCRE regular expression library to support
+patterns that are compatible with the regular expressions of Perl 5. See
+<a href="pcresyntax.html"><b>pcresyntax</b>(3)</a>
+for a quick-reference summary of pattern syntax, or
+<a href="pcrepattern.html"><b>pcrepattern</b>(3)</a>
+for a full description of the syntax and semantics of the regular expressions
+that PCRE supports.
+</P>
+<P>
+Patterns, whether supplied on the command line or in a separate file, are given
+without delimiters. For example:
+<pre>
+  pcregrep Thursday /etc/motd
+</pre>
+If you attempt to use delimiters (for example, by surrounding a pattern with
+slashes, as is common in Perl scripts), they are interpreted as part of the
+pattern. Quotes can of course be used to delimit patterns on the command line
+because they are interpreted by the shell, and indeed quotes are required if a
+pattern contains white space or shell metacharacters.
+</P>
+<P>
+The first argument that follows any option settings is treated as the single
+pattern to be matched when neither <b>-e</b> nor <b>-f</b> is present.
+Conversely, when one or both of these options are used to specify patterns, all
+arguments are treated as path names. At least one of <b>-e</b>, <b>-f</b>, or an
+argument pattern must be provided.
+</P>
+<P>
+If no files are specified, <b>pcregrep</b> reads the standard input. The
+standard input can also be referenced by a name consisting of a single hyphen.
+For example:
+<pre>
+  pcregrep some-pattern /file1 - /file3
+</pre>
+By default, each line that matches a pattern is copied to the standard
+output, and if there is more than one file, the file name is output at the
+start of each line, followed by a colon. However, there are options that can
+change how <b>pcregrep</b> behaves. In particular, the <b>-M</b> option makes it
+possible to search for patterns that span line boundaries. What defines a line
+boundary is controlled by the <b>-N</b> (<b>--newline</b>) option.
+</P>
+<P>
+The amount of memory used for buffering files that are being scanned is
+controlled by a parameter that can be set by the <b>--buffer-size</b> option.
+The default value for this parameter is specified when <b>pcregrep</b> is built,
+with the default default being 20K. A block of memory three times this size is
+used (to allow for buffering "before" and "after" lines). An error occurs if a
+line overflows the buffer.
+</P>
+<P>
+Patterns can be no longer than 8K or BUFSIZ bytes, whichever is the greater.
+BUFSIZ is defined in <b>&#60;stdio.h&#62;</b>. When there is more than one pattern
+(specified by the use of <b>-e</b> and/or <b>-f</b>), each pattern is applied to
+each line in the order in which they are defined, except that all the <b>-e</b>
+patterns are tried before the <b>-f</b> patterns.
+</P>
+<P>
+By default, as soon as one pattern matches a line, no further patterns are
+considered. However, if <b>--colour</b> (or <b>--color</b>) is used to colour the
+matching substrings, or if <b>--only-matching</b>, <b>--file-offsets</b>, or
+<b>--line-offsets</b> is used to output only the part of the line that matched
+(either shown literally, or as an offset), scanning resumes immediately
+following the match, so that further matches on the same line can be found. If
+there are multiple patterns, they are all tried on the remainder of the line,
+but patterns that follow the one that matched are not tried on the earlier part
+of the line.
+</P>
+<P>
+This behaviour means that the order in which multiple patterns are specified
+can affect the output when one of the above options is used. This is no longer
+the same behaviour as GNU grep, which now manages to display earlier matches
+for later patterns (as long as there is no overlap).
+</P>
+<P>
+Patterns that can match an empty string are accepted, but empty string
+matches are never recognized. An example is the pattern "(super)?(man)?", in
+which all components are optional. This pattern finds all occurrences of both
+"super" and "man"; the output differs from matching with "super|man" when only
+the matching substrings are being shown.
+</P>
+<P>
+If the <b>LC_ALL</b> or <b>LC_CTYPE</b> environment variable is set,
+<b>pcregrep</b> uses the value to set a locale when calling the PCRE library.
+The <b>--locale</b> option can be used to override this.
+</P>
+<br><a name="SEC3" href="#TOC1">SUPPORT FOR COMPRESSED FILES</a><br>
+<P>
+It is possible to compile <b>pcregrep</b> so that it uses <b>libz</b> or
+<b>libbz2</b> to read files whose names end in <b>.gz</b> or <b>.bz2</b>,
+respectively. You can find out whether your binary has support for one or both
+of these file types by running it with the <b>--help</b> option. If the
+appropriate support is not present, files are treated as plain text. The
+standard input is always so treated.
+</P>
+<br><a name="SEC4" href="#TOC1">BINARY FILES</a><br>
+<P>
+By default, a file that contains a binary zero byte within the first 1024 bytes
+is identified as a binary file, and is processed specially. (GNU grep also
+identifies binary files in this manner.) See the <b>--binary-files</b> option
+for a means of changing the way binary files are handled.
+</P>
+<br><a name="SEC5" href="#TOC1">OPTIONS</a><br>
+<P>
+The order in which some of the options appear can affect the output. For
+example, both the <b>-h</b> and <b>-l</b> options affect the printing of file
+names. Whichever comes later in the command line will be the one that takes
+effect. Similarly, except where noted below, if an option is given twice, the
+later setting is used. Numerical values for options may be followed by K or M,
+to signify multiplication by 1024 or 1024*1024 respectively.
+</P>
+<P>
+<b>--</b>
+This terminates the list of options. It is useful if the next item on the
+command line starts with a hyphen but is not an option. This allows for the
+processing of patterns and filenames that start with hyphens.
+</P>
+<P>
+<b>-A</b> <i>number</i>, <b>--after-context=</b><i>number</i>
+Output <i>number</i> lines of context after each matching line. If filenames
+and/or line numbers are being output, a hyphen separator is used instead of a
+colon for the context lines. A line containing "--" is output between each
+group of lines, unless they are in fact contiguous in the input file. The value
+of <i>number</i> is expected to be relatively small. However, <b>pcregrep</b>
+guarantees to have up to 8K of following text available for context output.
+</P>
+<P>
+<b>-a</b>, <b>--text</b>
+Treat binary files as text. This is equivalent to
+<b>--binary-files</b>=<i>text</i>.
+</P>
+<P>
+<b>-B</b> <i>number</i>, <b>--before-context=</b><i>number</i>
+Output <i>number</i> lines of context before each matching line. If filenames
+and/or line numbers are being output, a hyphen separator is used instead of a
+colon for the context lines. A line containing "--" is output between each
+group of lines, unless they are in fact contiguous in the input file. The value
+of <i>number</i> is expected to be relatively small. However, <b>pcregrep</b>
+guarantees to have up to 8K of preceding text available for context output.
+</P>
+<P>
+<b>--binary-files=</b><i>word</i>
+Specify how binary files are to be processed. If the word is "binary" (the
+default), pattern matching is performed on binary files, but the only output is
+"Binary file &#60;name&#62; matches" when a match succeeds. If the word is "text",
+which is equivalent to the <b>-a</b> or <b>--text</b> option, binary files are
+processed in the same way as any other file. In this case, when a match
+succeeds, the output may be binary garbage, which can have nasty effects if
+sent to a terminal. If the word is "without-match", which is equivalent to the
+<b>-I</b> option, binary files are not processed at all; they are assumed not to
+be of interest.
+</P>
+<P>
+<b>--buffer-size=</b><i>number</i>
+Set the parameter that controls how much memory is used for buffering files
+that are being scanned.
+</P>
+<P>
+<b>-C</b> <i>number</i>, <b>--context=</b><i>number</i>
+Output <i>number</i> lines of context both before and after each matching line.
+This is equivalent to setting both <b>-A</b> and <b>-B</b> to the same value.
+</P>
+<P>
+<b>-c</b>, <b>--count</b>
+Do not output individual lines from the files that are being scanned; instead
+output the number of lines that would otherwise have been shown. If no lines
+are selected, the number zero is output. If several files are are being
+scanned, a count is output for each of them. However, if the
+<b>--files-with-matches</b> option is also used, only those files whose counts
+are greater than zero are listed. When <b>-c</b> is used, the <b>-A</b>,
+<b>-B</b>, and <b>-C</b> options are ignored.
+</P>
+<P>
+<b>--colour</b>, <b>--color</b>
+If this option is given without any data, it is equivalent to "--colour=auto".
+If data is required, it must be given in the same shell item, separated by an
+equals sign.
+</P>
+<P>
+<b>--colour=</b><i>value</i>, <b>--color=</b><i>value</i>
+This option specifies under what circumstances the parts of a line that matched
+a pattern should be coloured in the output. By default, the output is not
+coloured. The value (which is optional, see above) may be "never", "always", or
+"auto". In the latter case, colouring happens only if the standard output is
+connected to a terminal. More resources are used when colouring is enabled,
+because <b>pcregrep</b> has to search for all possible matches in a line, not
+just one, in order to colour them all.
+<br>
+<br>
+The colour that is used can be specified by setting the environment variable
+PCREGREP_COLOUR or PCREGREP_COLOR. The value of this variable should be a
+string of two numbers, separated by a semicolon. They are copied directly into
+the control string for setting colour on a terminal, so it is your
+responsibility to ensure that they make sense. If neither of the environment
+variables is set, the default is "1;31", which gives red.
+</P>
+<P>
+<b>-D</b> <i>action</i>, <b>--devices=</b><i>action</i>
+If an input path is not a regular file or a directory, "action" specifies how
+it is to be processed. Valid values are "read" (the default) or "skip"
+(silently skip the path).
+</P>
+<P>
+<b>-d</b> <i>action</i>, <b>--directories=</b><i>action</i>
+If an input path is a directory, "action" specifies how it is to be processed.
+Valid values are "read" (the default in non-Windows environments, for
+compatibility with GNU grep), "recurse" (equivalent to the <b>-r</b> option), or
+"skip" (silently skip the path, the default in Windows environments). In the
+"read" case, directories are read as if they were ordinary files. In some
+operating systems the effect of reading a directory like this is an immediate
+end-of-file; in others it may provoke an error.
+</P>
+<P>
+<b>-e</b> <i>pattern</i>, <b>--regex=</b><i>pattern</i>, <b>--regexp=</b><i>pattern</i>
+Specify a pattern to be matched. This option can be used multiple times in
+order to specify several patterns. It can also be used as a way of specifying a
+single pattern that starts with a hyphen. When <b>-e</b> is used, no argument
+pattern is taken from the command line; all arguments are treated as file
+names. There is no limit to the number of patterns. They are applied to each
+line in the order in which they are defined until one matches.
+<br>
+<br>
+If <b>-f</b> is used with <b>-e</b>, the command line patterns are matched first,
+followed by the patterns from the file(s), independent of the order in which
+these options are specified. Note that multiple use of <b>-e</b> is not the same
+as a single pattern with alternatives. For example, X|Y finds the first
+character in a line that is X or Y, whereas if the two patterns are given
+separately, with X first, <b>pcregrep</b> finds X if it is present, even if it
+follows Y in the line. It finds Y only if there is no X in the line. This
+matters only if you are using <b>-o</b> or <b>--colo(u)r</b> to show the part(s)
+of the line that matched.
+</P>
+<P>
+<b>--exclude</b>=<i>pattern</i>
+Files (but not directories) whose names match the pattern are skipped without
+being processed. This applies to all files, whether listed on the command line,
+obtained from <b>--file-list</b>, or by scanning a directory. The pattern is a
+PCRE regular expression, and is matched against the final component of the file
+name, not the entire path. The <b>-F</b>, <b>-w</b>, and <b>-x</b> options do not
+apply to this pattern. The option may be given any number of times in order to
+specify multiple patterns. If a file name matches both an <b>--include</b>
+and an <b>--exclude</b> pattern, it is excluded. There is no short form for this
+option.
+</P>
+<P>
+<b>--exclude-from=</b><i>filename</i>
+Treat each non-empty line of the file as the data for an <b>--exclude</b>
+option. What constitutes a newline when reading the file is the operating
+system's default. The <b>--newline</b> option has no effect on this option. This
+option may be given more than once in order to specify a number of files to
+read.
+</P>
+<P>
+<b>--exclude-dir</b>=<i>pattern</i>
+Directories whose names match the pattern are skipped without being processed,
+whatever the setting of the <b>--recursive</b> option. This applies to all
+directories, whether listed on the command line, obtained from
+<b>--file-list</b>, or by scanning a parent directory. The pattern is a PCRE
+regular expression, and is matched against the final component of the directory
+name, not the entire path. The <b>-F</b>, <b>-w</b>, and <b>-x</b> options do not
+apply to this pattern. The option may be given any number of times in order to
+specify more than one pattern. If a directory matches both <b>--include-dir</b>
+and <b>--exclude-dir</b>, it is excluded. There is no short form for this
+option.
+</P>
+<P>
+<b>-F</b>, <b>--fixed-strings</b>
+Interpret each data-matching pattern as a list of fixed strings, separated by
+newlines, instead of as a regular expression. What constitutes a newline for
+this purpose is controlled by the <b>--newline</b> option. The <b>-w</b> (match
+as a word) and <b>-x</b> (match whole line) options can be used with <b>-F</b>.
+They apply to each of the fixed strings. A line is selected if any of the fixed
+strings are found in it (subject to <b>-w</b> or <b>-x</b>, if present). This
+option applies only to the patterns that are matched against the contents of
+files; it does not apply to patterns specified by any of the <b>--include</b> or
+<b>--exclude</b> options.
+</P>
+<P>
+<b>-f</b> <i>filename</i>, <b>--file=</b><i>filename</i>
+Read patterns from the file, one per line, and match them against
+each line of input. What constitutes a newline when reading the file is the
+operating system's default. The <b>--newline</b> option has no effect on this
+option. Trailing white space is removed from each line, and blank lines are
+ignored. An empty file contains no patterns and therefore matches nothing. See
+also the comments about multiple patterns versus a single pattern with
+alternatives in the description of <b>-e</b> above.
+<br>
+<br>
+If this option is given more than once, all the specified files are
+read. A data line is output if any of the patterns match it. A filename can
+be given as "-" to refer to the standard input. When <b>-f</b> is used, patterns
+specified on the command line using <b>-e</b> may also be present; they are
+tested before the file's patterns. However, no other pattern is taken from the
+command line; all arguments are treated as the names of paths to be searched.
+</P>
+<P>
+<b>--file-list</b>=<i>filename</i>
+Read a list of files and/or directories that are to be scanned from the given
+file, one per line. Trailing white space is removed from each line, and blank
+lines are ignored. These paths are processed before any that are listed on the
+command line. The filename can be given as "-" to refer to the standard input.
+If <b>--file</b> and <b>--file-list</b> are both specified as "-", patterns are
+read first. This is useful only when the standard input is a terminal, from
+which further lines (the list of files) can be read after an end-of-file
+indication. If this option is given more than once, all the specified files are
+read.
+</P>
+<P>
+<b>--file-offsets</b>
+Instead of showing lines or parts of lines that match, show each match as an
+offset from the start of the file and a length, separated by a comma. In this
+mode, no context is shown. That is, the <b>-A</b>, <b>-B</b>, and <b>-C</b>
+options are ignored. If there is more than one match in a line, each of them is
+shown separately. This option is mutually exclusive with <b>--line-offsets</b>
+and <b>--only-matching</b>.
+</P>
+<P>
+<b>-H</b>, <b>--with-filename</b>
+Force the inclusion of the filename at the start of output lines when searching
+a single file. By default, the filename is not shown in this case. For matching
+lines, the filename is followed by a colon; for context lines, a hyphen
+separator is used. If a line number is also being output, it follows the file
+name.
+</P>
+<P>
+<b>-h</b>, <b>--no-filename</b>
+Suppress the output filenames when searching multiple files. By default,
+filenames are shown when multiple files are searched. For matching lines, the
+filename is followed by a colon; for context lines, a hyphen separator is used.
+If a line number is also being output, it follows the file name.
+</P>
+<P>
+<b>--help</b>
+Output a help message, giving brief details of the command options and file
+type support, and then exit. Anything else on the command line is
+ignored.
+</P>
+<P>
+<b>-I</b>
+Treat binary files as never matching. This is equivalent to
+<b>--binary-files</b>=<i>without-match</i>.
+</P>
+<P>
+<b>-i</b>, <b>--ignore-case</b>
+Ignore upper/lower case distinctions during comparisons.
+</P>
+<P>
+<b>--include</b>=<i>pattern</i>
+If any <b>--include</b> patterns are specified, the only files that are
+processed are those that match one of the patterns (and do not match an
+<b>--exclude</b> pattern). This option does not affect directories, but it
+applies to all files, whether listed on the command line, obtained from
+<b>--file-list</b>, or by scanning a directory. The pattern is a PCRE regular
+expression, and is matched against the final component of the file name, not
+the entire path. The <b>-F</b>, <b>-w</b>, and <b>-x</b> options do not apply to
+this pattern. The option may be given any number of times. If a file name
+matches both an <b>--include</b> and an <b>--exclude</b> pattern, it is excluded.
+There is no short form for this option.
+</P>
+<P>
+<b>--include-from=</b><i>filename</i>
+Treat each non-empty line of the file as the data for an <b>--include</b>
+option. What constitutes a newline for this purpose is the operating system's
+default. The <b>--newline</b> option has no effect on this option. This option
+may be given any number of times; all the files are read.
+</P>
+<P>
+<b>--include-dir</b>=<i>pattern</i>
+If any <b>--include-dir</b> patterns are specified, the only directories that
+are processed are those that match one of the patterns (and do not match an
+<b>--exclude-dir</b> pattern). This applies to all directories, whether listed
+on the command line, obtained from <b>--file-list</b>, or by scanning a parent
+directory. The pattern is a PCRE regular expression, and is matched against the
+final component of the directory name, not the entire path. The <b>-F</b>,
+<b>-w</b>, and <b>-x</b> options do not apply to this pattern. The option may be
+given any number of times. If a directory matches both <b>--include-dir</b> and
+<b>--exclude-dir</b>, it is excluded. There is no short form for this option.
+</P>
+<P>
+<b>-L</b>, <b>--files-without-match</b>
+Instead of outputting lines from the files, just output the names of the files
+that do not contain any lines that would have been output. Each file name is
+output once, on a separate line.
+</P>
+<P>
+<b>-l</b>, <b>--files-with-matches</b>
+Instead of outputting lines from the files, just output the names of the files
+containing lines that would have been output. Each file name is output
+once, on a separate line. Searching normally stops as soon as a matching line
+is found in a file. However, if the <b>-c</b> (count) option is also used,
+matching continues in order to obtain the correct count, and those files that
+have at least one match are listed along with their counts. Using this option
+with <b>-c</b> is a way of suppressing the listing of files with no matches.
+</P>
+<P>
+<b>--label</b>=<i>name</i>
+This option supplies a name to be used for the standard input when file names
+are being output. If not supplied, "(standard input)" is used. There is no
+short form for this option.
+</P>
+<P>
+<b>--line-buffered</b>
+When this option is given, input is read and processed line by line, and the
+output is flushed after each write. By default, input is read in large chunks,
+unless <b>pcregrep</b> can determine that it is reading from a terminal (which
+is currently possible only in Unix-like environments). Output to terminal is
+normally automatically flushed by the operating system. This option can be
+useful when the input or output is attached to a pipe and you do not want
+<b>pcregrep</b> to buffer up large amounts of data. However, its use will affect
+performance, and the <b>-M</b> (multiline) option ceases to work.
+</P>
+<P>
+<b>--line-offsets</b>
+Instead of showing lines or parts of lines that match, show each match as a
+line number, the offset from the start of the line, and a length. The line
+number is terminated by a colon (as usual; see the <b>-n</b> option), and the
+offset and length are separated by a comma. In this mode, no context is shown.
+That is, the <b>-A</b>, <b>-B</b>, and <b>-C</b> options are ignored. If there is
+more than one match in a line, each of them is shown separately. This option is
+mutually exclusive with <b>--file-offsets</b> and <b>--only-matching</b>.
+</P>
+<P>
+<b>--locale</b>=<i>locale-name</i>
+This option specifies a locale to be used for pattern matching. It overrides
+the value in the <b>LC_ALL</b> or <b>LC_CTYPE</b> environment variables. If no
+locale is specified, the PCRE library's default (usually the "C" locale) is
+used. There is no short form for this option.
+</P>
+<P>
+<b>--match-limit</b>=<i>number</i>
+Processing some regular expression patterns can require a very large amount of
+memory, leading in some cases to a program crash if not enough is available.
+Other patterns may take a very long time to search for all possible matching
+strings. The <b>pcre_exec()</b> function that is called by <b>pcregrep</b> to do
+the matching has two parameters that can limit the resources that it uses.
+<br>
+<br>
+The <b>--match-limit</b> option provides a means of limiting resource usage
+when processing patterns that are not going to match, but which have a very
+large number of possibilities in their search trees. The classic example is a
+pattern that uses nested unlimited repeats. Internally, PCRE uses a function
+called <b>match()</b> which it calls repeatedly (sometimes recursively). The
+limit set by <b>--match-limit</b> is imposed on the number of times this
+function is called during a match, which has the effect of limiting the amount
+of backtracking that can take place.
+<br>
+<br>
+The <b>--recursion-limit</b> option is similar to <b>--match-limit</b>, but
+instead of limiting the total number of times that <b>match()</b> is called, it
+limits the depth of recursive calls, which in turn limits the amount of memory
+that can be used. The recursion depth is a smaller number than the total number
+of calls, because not all calls to <b>match()</b> are recursive. This limit is
+of use only if it is set smaller than <b>--match-limit</b>.
+<br>
+<br>
+There are no short forms for these options. The default settings are specified
+when the PCRE library is compiled, with the default default being 10 million.
+</P>
+<P>
+<b>-M</b>, <b>--multiline</b>
+Allow patterns to match more than one line. When this option is given, patterns
+may usefully contain literal newline characters and internal occurrences of ^
+and $ characters. The output for a successful match may consist of more than
+one line, the last of which is the one in which the match ended. If the matched
+string ends with a newline sequence the output ends at the end of that line.
+<br>
+<br>
+When this option is set, the PCRE library is called in "multiline" mode.
+There is a limit to the number of lines that can be matched, imposed by the way
+that <b>pcregrep</b> buffers the input file as it scans it. However,
+<b>pcregrep</b> ensures that at least 8K characters or the rest of the document
+(whichever is the shorter) are available for forward matching, and similarly
+the previous 8K characters (or all the previous characters, if fewer than 8K)
+are guaranteed to be available for lookbehind assertions. This option does not
+work when input is read line by line (see \fP--line-buffered\fP.)
+</P>
+<P>
+<b>-N</b> <i>newline-type</i>, <b>--newline</b>=<i>newline-type</i>
+The PCRE library supports five different conventions for indicating
+the ends of lines. They are the single-character sequences CR (carriage return)
+and LF (linefeed), the two-character sequence CRLF, an "anycrlf" convention,
+which recognizes any of the preceding three types, and an "any" convention, in
+which any Unicode line ending sequence is assumed to end a line. The Unicode
+sequences are the three just mentioned, plus VT (vertical tab, U+000B), FF
+(form feed, U+000C), NEL (next line, U+0085), LS (line separator, U+2028), and
+PS (paragraph separator, U+2029).
+<br>
+<br>
+When the PCRE library is built, a default line-ending sequence is specified.
+This is normally the standard sequence for the operating system. Unless
+otherwise specified by this option, <b>pcregrep</b> uses the library's default.
+The possible values for this option are CR, LF, CRLF, ANYCRLF, or ANY. This
+makes it possible to use <b>pcregrep</b> to scan files that have come from other
+environments without having to modify their line endings. If the data that is
+being scanned does not agree with the convention set by this option,
+<b>pcregrep</b> may behave in strange ways. Note that this option does not
+apply to files specified by the <b>-f</b>, <b>--exclude-from</b>, or
+<b>--include-from</b> options, which are expected to use the operating system's
+standard newline sequence.
+</P>
+<P>
+<b>-n</b>, <b>--line-number</b>
+Precede each output line by its line number in the file, followed by a colon
+for matching lines or a hyphen for context lines. If the filename is also being
+output, it precedes the line number. This option is forced if
+<b>--line-offsets</b> is used.
+</P>
+<P>
+<b>--no-jit</b>
+If the PCRE library is built with support for just-in-time compiling (which
+speeds up matching), <b>pcregrep</b> automatically makes use of this, unless it
+was explicitly disabled at build time. This option can be used to disable the
+use of JIT at run time. It is provided for testing and working round problems.
+It should never be needed in normal use.
+</P>
+<P>
+<b>-o</b>, <b>--only-matching</b>
+Show only the part of the line that matched a pattern instead of the whole
+line. In this mode, no context is shown. That is, the <b>-A</b>, <b>-B</b>, and
+<b>-C</b> options are ignored. If there is more than one match in a line, each
+of them is shown separately. If <b>-o</b> is combined with <b>-v</b> (invert the
+sense of the match to find non-matching lines), no output is generated, but the
+return code is set appropriately. If the matched portion of the line is empty,
+nothing is output unless the file name or line number are being printed, in
+which case they are shown on an otherwise empty line. This option is mutually
+exclusive with <b>--file-offsets</b> and <b>--line-offsets</b>.
+</P>
+<P>
+<b>-o</b><i>number</i>, <b>--only-matching</b>=<i>number</i>
+Show only the part of the line that matched the capturing parentheses of the
+given number. Up to 32 capturing parentheses are supported, and -o0 is
+equivalent to <b>-o</b> without a number. Because these options can be given
+without an argument (see above), if an argument is present, it must be given in
+the same shell item, for example, -o3 or --only-matching=2. The comments given
+for the non-argument case above also apply to this case. If the specified
+capturing parentheses do not exist in the pattern, or were not set in the
+match, nothing is output unless the file name or line number are being printed.
+<br>
+<br>
+If this option is given multiple times, multiple substrings are output, in the
+order the options are given. For example, -o3 -o1 -o3 causes the substrings
+matched by capturing parentheses 3 and 1 and then 3 again to be output. By
+default, there is no separator (but see the next option).
+</P>
+<P>
+<b>--om-separator</b>=<i>text</i>
+Specify a separating string for multiple occurrences of <b>-o</b>. The default
+is an empty string. Separating strings are never coloured.
+</P>
+<P>
+<b>-q</b>, <b>--quiet</b>
+Work quietly, that is, display nothing except error messages. The exit
+status indicates whether or not any matches were found.
+</P>
+<P>
+<b>-r</b>, <b>--recursive</b>
+If any given path is a directory, recursively scan the files it contains,
+taking note of any <b>--include</b> and <b>--exclude</b> settings. By default, a
+directory is read as a normal file; in some operating systems this gives an
+immediate end-of-file. This option is a shorthand for setting the <b>-d</b>
+option to "recurse".
+</P>
+<P>
+<b>--recursion-limit</b>=<i>number</i>
+See <b>--match-limit</b> above.
+</P>
+<P>
+<b>-s</b>, <b>--no-messages</b>
+Suppress error messages about non-existent or unreadable files. Such files are
+quietly skipped. However, the return code is still 2, even if matches were
+found in other files.
+</P>
+<P>
+<b>-u</b>, <b>--utf-8</b>
+Operate in UTF-8 mode. This option is available only if PCRE has been compiled
+with UTF-8 support. All patterns (including those for any <b>--exclude</b> and
+<b>--include</b> options) and all subject lines that are scanned must be valid
+strings of UTF-8 characters.
+</P>
+<P>
+<b>-V</b>, <b>--version</b>
+Write the version numbers of <b>pcregrep</b> and the PCRE library to the
+standard output and then exit. Anything else on the command line is
+ignored.
+</P>
+<P>
+<b>-v</b>, <b>--invert-match</b>
+Invert the sense of the match, so that lines which do <i>not</i> match any of
+the patterns are the ones that are found.
+</P>
+<P>
+<b>-w</b>, <b>--word-regex</b>, <b>--word-regexp</b>
+Force the patterns to match only whole words. This is equivalent to having \b
+at the start and end of the pattern. This option applies only to the patterns
+that are matched against the contents of files; it does not apply to patterns
+specified by any of the <b>--include</b> or <b>--exclude</b> options.
+</P>
+<P>
+<b>-x</b>, <b>--line-regex</b>, <b>--line-regexp</b>
+Force the patterns to be anchored (each must start matching at the beginning of
+a line) and in addition, require them to match entire lines. This is equivalent
+to having ^ and $ characters at the start and end of each alternative branch in
+every pattern. This option applies only to the patterns that are matched
+against the contents of files; it does not apply to patterns specified by any
+of the <b>--include</b> or <b>--exclude</b> options.
+</P>
+<br><a name="SEC6" href="#TOC1">ENVIRONMENT VARIABLES</a><br>
+<P>
+The environment variables <b>LC_ALL</b> and <b>LC_CTYPE</b> are examined, in that
+order, for a locale. The first one that is set is used. This can be overridden
+by the <b>--locale</b> option. If no locale is set, the PCRE library's default
+(usually the "C" locale) is used.
+</P>
+<br><a name="SEC7" href="#TOC1">NEWLINES</a><br>
+<P>
+The <b>-N</b> (<b>--newline</b>) option allows <b>pcregrep</b> to scan files with
+different newline conventions from the default. Any parts of the input files
+that are written to the standard output are copied identically, with whatever
+newline sequences they have in the input. However, the setting of this option
+does not affect the interpretation of files specified by the <b>-f</b>,
+<b>--exclude-from</b>, or <b>--include-from</b> options, which are assumed to use
+the operating system's standard newline sequence, nor does it affect the way in
+which <b>pcregrep</b> writes informational messages to the standard error and
+output streams. For these it uses the string "\n" to indicate newlines,
+relying on the C I/O library to convert this to an appropriate sequence.
+</P>
+<br><a name="SEC8" href="#TOC1">OPTIONS COMPATIBILITY</a><br>
+<P>
+Many of the short and long forms of <b>pcregrep</b>'s options are the same
+as in the GNU <b>grep</b> program. Any long option of the form
+<b>--xxx-regexp</b> (GNU terminology) is also available as <b>--xxx-regex</b>
+(PCRE terminology). However, the <b>--file-list</b>, <b>--file-offsets</b>,
+<b>--include-dir</b>, <b>--line-offsets</b>, <b>--locale</b>, <b>--match-limit</b>,
+<b>-M</b>, <b>--multiline</b>, <b>-N</b>, <b>--newline</b>, <b>--om-separator</b>,
+<b>--recursion-limit</b>, <b>-u</b>, and <b>--utf-8</b> options are specific to
+<b>pcregrep</b>, as is the use of the <b>--only-matching</b> option with a
+capturing parentheses number.
+</P>
+<P>
+Although most of the common options work the same way, a few are different in
+<b>pcregrep</b>. For example, the <b>--include</b> option's argument is a glob
+for GNU <b>grep</b>, but a regular expression for <b>pcregrep</b>. If both the
+<b>-c</b> and <b>-l</b> options are given, GNU grep lists only file names,
+without counts, but <b>pcregrep</b> gives the counts.
+</P>
+<br><a name="SEC9" href="#TOC1">OPTIONS WITH DATA</a><br>
+<P>
+There are four different ways in which an option with data can be specified.
+If a short form option is used, the data may follow immediately, or (with one
+exception) in the next command line item. For example:
+<pre>
+  -f/some/file
+  -f /some/file
+</pre>
+The exception is the <b>-o</b> option, which may appear with or without data.
+Because of this, if data is present, it must follow immediately in the same
+item, for example -o3.
+</P>
+<P>
+If a long form option is used, the data may appear in the same command line
+item, separated by an equals character, or (with two exceptions) it may appear
+in the next command line item. For example:
+<pre>
+  --file=/some/file
+  --file /some/file
+</pre>
+Note, however, that if you want to supply a file name beginning with ~ as data
+in a shell command, and have the shell expand ~ to a home directory, you must
+separate the file name from the option, because the shell does not treat ~
+specially unless it is at the start of an item.
+</P>
+<P>
+The exceptions to the above are the <b>--colour</b> (or <b>--color</b>) and
+<b>--only-matching</b> options, for which the data is optional. If one of these
+options does have data, it must be given in the first form, using an equals
+character. Otherwise <b>pcregrep</b> will assume that it has no data.
+</P>
+<br><a name="SEC10" href="#TOC1">MATCHING ERRORS</a><br>
+<P>
+It is possible to supply a regular expression that takes a very long time to
+fail to match certain lines. Such patterns normally involve nested indefinite
+repeats, for example: (a+)*\d when matched against a line of a's with no final
+digit. The PCRE matching function has a resource limit that causes it to abort
+in these circumstances. If this happens, <b>pcregrep</b> outputs an error
+message and the line that caused the problem to the standard error stream. If
+there are more than 20 such errors, <b>pcregrep</b> gives up.
+</P>
+<P>
+The <b>--match-limit</b> option of <b>pcregrep</b> can be used to set the overall
+resource limit; there is a second option called <b>--recursion-limit</b> that
+sets a limit on the amount of memory (usually stack) that is used (see the
+discussion of these options above).
+</P>
+<br><a name="SEC11" href="#TOC1">DIAGNOSTICS</a><br>
+<P>
+Exit status is 0 if any matches were found, 1 if no matches were found, and 2
+for syntax errors, overlong lines, non-existent or inaccessible files (even if
+matches were found in other files) or too many matching errors. Using the
+<b>-s</b> option to suppress error messages about inaccessible files does not
+affect the return code.
+</P>
+<br><a name="SEC12" href="#TOC1">SEE ALSO</a><br>
+<P>
+<b>pcrepattern</b>(3), <b>pcresyntax</b>(3), <b>pcretest</b>(1).
+</P>
+<br><a name="SEC13" href="#TOC1">AUTHOR</a><br>
+<P>
+Philip Hazel
+<br>
+University Computing Service
+<br>
+Cambridge CB2 3QH, England.
+<br>
+</P>
+<br><a name="SEC14" href="#TOC1">REVISION</a><br>
+<P>
+Last updated: 03 April 2014
+<br>
+Copyright &copy; 1997-2014 University of Cambridge.
+<br>
+<p>
+Return to the <a href="index.html">PCRE index page</a>.
+</p>
diff --git a/client/3rd/ShadowSocks/ShadowSocks/pcre/arm64/share/doc/pcre/html/pcrejit.html b/client/3rd/ShadowSocks/ShadowSocks/pcre/arm64/share/doc/pcre/html/pcrejit.html
new file mode 100644
index 00000000..abb34252
--- /dev/null
+++ b/client/3rd/ShadowSocks/ShadowSocks/pcre/arm64/share/doc/pcre/html/pcrejit.html
@@ -0,0 +1,499 @@
+<html>
+<head>
+<title>pcrejit specification</title>
+</head>
+<body bgcolor="#FFFFFF" text="#00005A" link="#0066FF" alink="#3399FF" vlink="#2222BB">
+<h1>pcrejit man page</h1>
+<p>
+Return to the <a href="index.html">PCRE index page</a>.
+</p>
+<p>
+This page is part of the PCRE HTML documentation. It was generated automatically
+from the original man page. If there is any nonsense in it, please consult the
+man page, in case the conversion went wrong.
+<br>
+<ul>
+<li><a name="TOC1" href="#SEC1">PCRE JUST-IN-TIME COMPILER SUPPORT</a>
+<li><a name="TOC2" href="#SEC2">8-BIT, 16-BIT AND 32-BIT SUPPORT</a>
+<li><a name="TOC3" href="#SEC3">AVAILABILITY OF JIT SUPPORT</a>
+<li><a name="TOC4" href="#SEC4">SIMPLE USE OF JIT</a>
+<li><a name="TOC5" href="#SEC5">UNSUPPORTED OPTIONS AND PATTERN ITEMS</a>
+<li><a name="TOC6" href="#SEC6">RETURN VALUES FROM JIT EXECUTION</a>
+<li><a name="TOC7" href="#SEC7">SAVING AND RESTORING COMPILED PATTERNS</a>
+<li><a name="TOC8" href="#SEC8">CONTROLLING THE JIT STACK</a>
+<li><a name="TOC9" href="#SEC9">JIT STACK FAQ</a>
+<li><a name="TOC10" href="#SEC10">EXAMPLE CODE</a>
+<li><a name="TOC11" href="#SEC11">JIT FAST PATH API</a>
+<li><a name="TOC12" href="#SEC12">SEE ALSO</a>
+<li><a name="TOC13" href="#SEC13">AUTHOR</a>
+<li><a name="TOC14" href="#SEC14">REVISION</a>
+</ul>
+<br><a name="SEC1" href="#TOC1">PCRE JUST-IN-TIME COMPILER SUPPORT</a><br>
+<P>
+Just-in-time compiling is a heavyweight optimization that can greatly speed up
+pattern matching. However, it comes at the cost of extra processing before the
+match is performed. Therefore, it is of most benefit when the same pattern is
+going to be matched many times. This does not necessarily mean many calls of a
+matching function; if the pattern is not anchored, matching attempts may take
+place many times at various positions in the subject, even for a single call.
+Therefore, if the subject string is very long, it may still pay to use JIT for
+one-off matches.
+</P>
+<P>
+JIT support applies only to the traditional Perl-compatible matching function.
+It does not apply when the DFA matching function is being used. The code for
+this support was written by Zoltan Herczeg.
+</P>
+<br><a name="SEC2" href="#TOC1">8-BIT, 16-BIT AND 32-BIT SUPPORT</a><br>
+<P>
+JIT support is available for all of the 8-bit, 16-bit and 32-bit PCRE
+libraries. To keep this documentation simple, only the 8-bit interface is
+described in what follows. If you are using the 16-bit library, substitute the
+16-bit functions and 16-bit structures (for example, <i>pcre16_jit_stack</i>
+instead of <i>pcre_jit_stack</i>). If you are using the 32-bit library,
+substitute the 32-bit functions and 32-bit structures (for example,
+<i>pcre32_jit_stack</i> instead of <i>pcre_jit_stack</i>).
+</P>
+<br><a name="SEC3" href="#TOC1">AVAILABILITY OF JIT SUPPORT</a><br>
+<P>
+JIT support is an optional feature of PCRE. The "configure" option --enable-jit
+(or equivalent CMake option) must be set when PCRE is built if you want to use
+JIT. The support is limited to the following hardware platforms:
+<pre>
+  ARM v5, v7, and Thumb2
+  Intel x86 32-bit and 64-bit
+  MIPS 32-bit
+  Power PC 32-bit and 64-bit
+  SPARC 32-bit (experimental)
+</pre>
+If --enable-jit is set on an unsupported platform, compilation fails.
+</P>
+<P>
+A program that is linked with PCRE 8.20 or later can tell if JIT support is
+available by calling <b>pcre_config()</b> with the PCRE_CONFIG_JIT option. The
+result is 1 when JIT is available, and 0 otherwise. However, a simple program
+does not need to check this in order to use JIT. The normal API is implemented
+in a way that falls back to the interpretive code if JIT is not available. For
+programs that need the best possible performance, there is also a "fast path"
+API that is JIT-specific.
+</P>
+<P>
+If your program may sometimes be linked with versions of PCRE that are older
+than 8.20, but you want to use JIT when it is available, you can test the
+values of PCRE_MAJOR and PCRE_MINOR, or the existence of a JIT macro such as
+PCRE_CONFIG_JIT, for compile-time control of your code. Also beware that the
+<b>pcre_jit_exec()</b> function was not available at all before 8.32,
+and may not be available at all if PCRE isn't compiled with
+--enable-jit. See the "JIT FAST PATH API" section below for details.
+</P>
+<br><a name="SEC4" href="#TOC1">SIMPLE USE OF JIT</a><br>
+<P>
+You have to do two things to make use of the JIT support in the simplest way:
+<pre>
+  (1) Call <b>pcre_study()</b> with the PCRE_STUDY_JIT_COMPILE option for
+      each compiled pattern, and pass the resulting <b>pcre_extra</b> block to
+      <b>pcre_exec()</b>.
+
+  (2) Use <b>pcre_free_study()</b> to free the <b>pcre_extra</b> block when it is
+      no longer needed, instead of just freeing it yourself. This ensures that
+      any JIT data is also freed.
+</pre>
+For a program that may be linked with pre-8.20 versions of PCRE, you can insert
+<pre>
+  #ifndef PCRE_STUDY_JIT_COMPILE
+  #define PCRE_STUDY_JIT_COMPILE 0
+  #endif
+</pre>
+so that no option is passed to <b>pcre_study()</b>, and then use something like
+this to free the study data:
+<pre>
+  #ifdef PCRE_CONFIG_JIT
+      pcre_free_study(study_ptr);
+  #else
+      pcre_free(study_ptr);
+  #endif
+</pre>
+PCRE_STUDY_JIT_COMPILE requests the JIT compiler to generate code for complete
+matches. If you want to run partial matches using the PCRE_PARTIAL_HARD or
+PCRE_PARTIAL_SOFT options of <b>pcre_exec()</b>, you should set one or both of
+the following options in addition to, or instead of, PCRE_STUDY_JIT_COMPILE
+when you call <b>pcre_study()</b>:
+<pre>
+  PCRE_STUDY_JIT_PARTIAL_HARD_COMPILE
+  PCRE_STUDY_JIT_PARTIAL_SOFT_COMPILE
+</pre>
+If using <b>pcre_jit_exec()</b> and supporting a pre-8.32 version of
+PCRE, you can insert:
+<pre>
+   #if PCRE_MAJOR &#62;= 8 && PCRE_MINOR &#62;= 32
+   pcre_jit_exec(...);
+   #else
+   pcre_exec(...)
+   #endif
+</pre>
+but as described in the "JIT FAST PATH API" section below this assumes
+version 8.32 and later are compiled with --enable-jit, which may
+break.
+<br>
+<br>
+The JIT compiler generates different optimized code for each of the three
+modes (normal, soft partial, hard partial). When <b>pcre_exec()</b> is called,
+the appropriate code is run if it is available. Otherwise, the pattern is
+matched using interpretive code.
+</P>
+<P>
+In some circumstances you may need to call additional functions. These are
+described in the section entitled
+<a href="#stackcontrol">"Controlling the JIT stack"</a>
+below.
+</P>
+<P>
+If JIT support is not available, PCRE_STUDY_JIT_COMPILE etc. are ignored, and
+no JIT data is created. Otherwise, the compiled pattern is passed to the JIT
+compiler, which turns it into machine code that executes much faster than the
+normal interpretive code. When <b>pcre_exec()</b> is passed a <b>pcre_extra</b>
+block containing a pointer to JIT code of the appropriate mode (normal or
+hard/soft partial), it obeys that code instead of running the interpreter. The
+result is identical, but the compiled JIT code runs much faster.
+</P>
+<P>
+There are some <b>pcre_exec()</b> options that are not supported for JIT
+execution. There are also some pattern items that JIT cannot handle. Details
+are given below. In both cases, execution automatically falls back to the
+interpretive code. If you want to know whether JIT was actually used for a
+particular match, you should arrange for a JIT callback function to be set up
+as described in the section entitled
+<a href="#stackcontrol">"Controlling the JIT stack"</a>
+below, even if you do not need to supply a non-default JIT stack. Such a
+callback function is called whenever JIT code is about to be obeyed. If the
+execution options are not right for JIT execution, the callback function is not
+obeyed.
+</P>
+<P>
+If the JIT compiler finds an unsupported item, no JIT data is generated. You
+can find out if JIT execution is available after studying a pattern by calling
+<b>pcre_fullinfo()</b> with the PCRE_INFO_JIT option. A result of 1 means that
+JIT compilation was successful. A result of 0 means that JIT support is not
+available, or the pattern was not studied with PCRE_STUDY_JIT_COMPILE etc., or
+the JIT compiler was not able to handle the pattern.
+</P>
+<P>
+Once a pattern has been studied, with or without JIT, it can be used as many
+times as you like for matching different subject strings.
+</P>
+<br><a name="SEC5" href="#TOC1">UNSUPPORTED OPTIONS AND PATTERN ITEMS</a><br>
+<P>
+The only <b>pcre_exec()</b> options that are supported for JIT execution are
+PCRE_NO_UTF8_CHECK, PCRE_NO_UTF16_CHECK, PCRE_NO_UTF32_CHECK, PCRE_NOTBOL,
+PCRE_NOTEOL, PCRE_NOTEMPTY, PCRE_NOTEMPTY_ATSTART, PCRE_PARTIAL_HARD, and
+PCRE_PARTIAL_SOFT.
+</P>
+<P>
+The only unsupported pattern items are \C (match a single data unit) when
+running in a UTF mode, and a callout immediately before an assertion condition
+in a conditional group.
+</P>
+<br><a name="SEC6" href="#TOC1">RETURN VALUES FROM JIT EXECUTION</a><br>
+<P>
+When a pattern is matched using JIT execution, the return values are the same
+as those given by the interpretive <b>pcre_exec()</b> code, with the addition of
+one new error code: PCRE_ERROR_JIT_STACKLIMIT. This means that the memory used
+for the JIT stack was insufficient. See
+<a href="#stackcontrol">"Controlling the JIT stack"</a>
+below for a discussion of JIT stack usage. For compatibility with the
+interpretive <b>pcre_exec()</b> code, no more than two-thirds of the
+<i>ovector</i> argument is used for passing back captured substrings.
+</P>
+<P>
+The error code PCRE_ERROR_MATCHLIMIT is returned by the JIT code if searching a
+very large pattern tree goes on for too long, as it is in the same circumstance
+when JIT is not used, but the details of exactly what is counted are not the
+same. The PCRE_ERROR_RECURSIONLIMIT error code is never returned by JIT
+execution.
+</P>
+<br><a name="SEC7" href="#TOC1">SAVING AND RESTORING COMPILED PATTERNS</a><br>
+<P>
+The code that is generated by the JIT compiler is architecture-specific, and is
+also position dependent. For those reasons it cannot be saved (in a file or
+database) and restored later like the bytecode and other data of a compiled
+pattern. Saving and restoring compiled patterns is not something many people
+do. More detail about this facility is given in the
+<a href="pcreprecompile.html"><b>pcreprecompile</b></a>
+documentation. It should be possible to run <b>pcre_study()</b> on a saved and
+restored pattern, and thereby recreate the JIT data, but because JIT
+compilation uses significant resources, it is probably not worth doing this;
+you might as well recompile the original pattern.
+<a name="stackcontrol"></a></P>
+<br><a name="SEC8" href="#TOC1">CONTROLLING THE JIT STACK</a><br>
+<P>
+When the compiled JIT code runs, it needs a block of memory to use as a stack.
+By default, it uses 32K on the machine stack. However, some large or
+complicated patterns need more than this. The error PCRE_ERROR_JIT_STACKLIMIT
+is given when there is not enough stack. Three functions are provided for
+managing blocks of memory for use as JIT stacks. There is further discussion
+about the use of JIT stacks in the section entitled
+<a href="#stackcontrol">"JIT stack FAQ"</a>
+below.
+</P>
+<P>
+The <b>pcre_jit_stack_alloc()</b> function creates a JIT stack. Its arguments
+are a starting size and a maximum size, and it returns a pointer to an opaque
+structure of type <b>pcre_jit_stack</b>, or NULL if there is an error. The
+<b>pcre_jit_stack_free()</b> function can be used to free a stack that is no
+longer needed. (For the technically minded: the address space is allocated by
+mmap or VirtualAlloc.)
+</P>
+<P>
+JIT uses far less memory for recursion than the interpretive code,
+and a maximum stack size of 512K to 1M should be more than enough for any
+pattern.
+</P>
+<P>
+The <b>pcre_assign_jit_stack()</b> function specifies which stack JIT code
+should use. Its arguments are as follows:
+<pre>
+  pcre_extra         *extra
+  pcre_jit_callback  callback
+  void               *data
+</pre>
+The <i>extra</i> argument must be the result of studying a pattern with
+PCRE_STUDY_JIT_COMPILE etc. There are three cases for the values of the other
+two options:
+<pre>
+  (1) If <i>callback</i> is NULL and <i>data</i> is NULL, an internal 32K block
+      on the machine stack is used.
+
+  (2) If <i>callback</i> is NULL and <i>data</i> is not NULL, <i>data</i> must be
+      a valid JIT stack, the result of calling <b>pcre_jit_stack_alloc()</b>.
+
+  (3) If <i>callback</i> is not NULL, it must point to a function that is
+      called with <i>data</i> as an argument at the start of matching, in
+      order to set up a JIT stack. If the return from the callback
+      function is NULL, the internal 32K stack is used; otherwise the
+      return value must be a valid JIT stack, the result of calling
+      <b>pcre_jit_stack_alloc()</b>.
+</pre>
+A callback function is obeyed whenever JIT code is about to be run; it is not
+obeyed when <b>pcre_exec()</b> is called with options that are incompatible for
+JIT execution. A callback function can therefore be used to determine whether a
+match operation was executed by JIT or by the interpreter.
+</P>
+<P>
+You may safely use the same JIT stack for more than one pattern (either by
+assigning directly or by callback), as long as the patterns are all matched
+sequentially in the same thread. In a multithread application, if you do not
+specify a JIT stack, or if you assign or pass back NULL from a callback, that
+is thread-safe, because each thread has its own machine stack. However, if you
+assign or pass back a non-NULL JIT stack, this must be a different stack for
+each thread so that the application is thread-safe.
+</P>
+<P>
+Strictly speaking, even more is allowed. You can assign the same non-NULL stack
+to any number of patterns as long as they are not used for matching by multiple
+threads at the same time. For example, you can assign the same stack to all
+compiled patterns, and use a global mutex in the callback to wait until the
+stack is available for use. However, this is an inefficient solution, and not
+recommended.
+</P>
+<P>
+This is a suggestion for how a multithreaded program that needs to set up
+non-default JIT stacks might operate:
+<pre>
+  During thread initalization
+    thread_local_var = pcre_jit_stack_alloc(...)
+
+  During thread exit
+    pcre_jit_stack_free(thread_local_var)
+
+  Use a one-line callback function
+    return thread_local_var
+</pre>
+All the functions described in this section do nothing if JIT is not available,
+and <b>pcre_assign_jit_stack()</b> does nothing unless the <b>extra</b> argument
+is non-NULL and points to a <b>pcre_extra</b> block that is the result of a
+successful study with PCRE_STUDY_JIT_COMPILE etc.
+<a name="stackfaq"></a></P>
+<br><a name="SEC9" href="#TOC1">JIT STACK FAQ</a><br>
+<P>
+(1) Why do we need JIT stacks?
+<br>
+<br>
+PCRE (and JIT) is a recursive, depth-first engine, so it needs a stack where
+the local data of the current node is pushed before checking its child nodes.
+Allocating real machine stack on some platforms is difficult. For example, the
+stack chain needs to be updated every time if we extend the stack on PowerPC.
+Although it is possible, its updating time overhead decreases performance. So
+we do the recursion in memory.
+</P>
+<P>
+(2) Why don't we simply allocate blocks of memory with <b>malloc()</b>?
+<br>
+<br>
+Modern operating systems have a nice feature: they can reserve an address space
+instead of allocating memory. We can safely allocate memory pages inside this
+address space, so the stack could grow without moving memory data (this is
+important because of pointers). Thus we can allocate 1M address space, and use
+only a single memory page (usually 4K) if that is enough. However, we can still
+grow up to 1M anytime if needed.
+</P>
+<P>
+(3) Who "owns" a JIT stack?
+<br>
+<br>
+The owner of the stack is the user program, not the JIT studied pattern or
+anything else. The user program must ensure that if a stack is used by
+<b>pcre_exec()</b>, (that is, it is assigned to the pattern currently running),
+that stack must not be used by any other threads (to avoid overwriting the same
+memory area). The best practice for multithreaded programs is to allocate a
+stack for each thread, and return this stack through the JIT callback function.
+</P>
+<P>
+(4) When should a JIT stack be freed?
+<br>
+<br>
+You can free a JIT stack at any time, as long as it will not be used by
+<b>pcre_exec()</b> again. When you assign the stack to a pattern, only a pointer
+is set. There is no reference counting or any other magic. You can free the
+patterns and stacks in any order, anytime. Just <i>do not</i> call
+<b>pcre_exec()</b> with a pattern pointing to an already freed stack, as that
+will cause SEGFAULT. (Also, do not free a stack currently used by
+<b>pcre_exec()</b> in another thread). You can also replace the stack for a
+pattern at any time. You can even free the previous stack before assigning a
+replacement.
+</P>
+<P>
+(5) Should I allocate/free a stack every time before/after calling
+<b>pcre_exec()</b>?
+<br>
+<br>
+No, because this is too costly in terms of resources. However, you could
+implement some clever idea which release the stack if it is not used in let's
+say two minutes. The JIT callback can help to achieve this without keeping a
+list of the currently JIT studied patterns.
+</P>
+<P>
+(6) OK, the stack is for long term memory allocation. But what happens if a
+pattern causes stack overflow with a stack of 1M? Is that 1M kept until the
+stack is freed?
+<br>
+<br>
+Especially on embedded sytems, it might be a good idea to release memory
+sometimes without freeing the stack. There is no API for this at the moment.
+Probably a function call which returns with the currently allocated memory for
+any stack and another which allows releasing memory (shrinking the stack) would
+be a good idea if someone needs this.
+</P>
+<P>
+(7) This is too much of a headache. Isn't there any better solution for JIT
+stack handling?
+<br>
+<br>
+No, thanks to Windows. If POSIX threads were used everywhere, we could throw
+out this complicated API.
+</P>
+<br><a name="SEC10" href="#TOC1">EXAMPLE CODE</a><br>
+<P>
+This is a single-threaded example that specifies a JIT stack without using a
+callback.
+<pre>
+  int rc;
+  int ovector[30];
+  pcre *re;
+  pcre_extra *extra;
+  pcre_jit_stack *jit_stack;
+
+  re = pcre_compile(pattern, 0, &error, &erroffset, NULL);
+  /* Check for errors */
+  extra = pcre_study(re, PCRE_STUDY_JIT_COMPILE, &error);
+  jit_stack = pcre_jit_stack_alloc(32*1024, 512*1024);
+  /* Check for error (NULL) */
+  pcre_assign_jit_stack(extra, NULL, jit_stack);
+  rc = pcre_exec(re, extra, subject, length, 0, 0, ovector, 30);
+  /* Check results */
+  pcre_free(re);
+  pcre_free_study(extra);
+  pcre_jit_stack_free(jit_stack);
+
+</PRE>
+</P>
+<br><a name="SEC11" href="#TOC1">JIT FAST PATH API</a><br>
+<P>
+Because the API described above falls back to interpreted execution when JIT is
+not available, it is convenient for programs that are written for general use
+in many environments. However, calling JIT via <b>pcre_exec()</b> does have a
+performance impact. Programs that are written for use where JIT is known to be
+available, and which need the best possible performance, can instead use a
+"fast path" API to call JIT execution directly instead of calling
+<b>pcre_exec()</b> (obviously only for patterns that have been successfully
+studied by JIT).
+</P>
+<P>
+The fast path function is called <b>pcre_jit_exec()</b>, and it takes exactly
+the same arguments as <b>pcre_exec()</b>, plus one additional argument that
+must point to a JIT stack. The JIT stack arrangements described above do not
+apply. The return values are the same as for <b>pcre_exec()</b>.
+</P>
+<P>
+When you call <b>pcre_exec()</b>, as well as testing for invalid options, a
+number of other sanity checks are performed on the arguments. For example, if
+the subject pointer is NULL, or its length is negative, an immediate error is
+given. Also, unless PCRE_NO_UTF[8|16|32] is set, a UTF subject string is tested
+for validity. In the interests of speed, these checks do not happen on the JIT
+fast path, and if invalid data is passed, the result is undefined.
+</P>
+<P>
+Bypassing the sanity checks and the <b>pcre_exec()</b> wrapping can give
+speedups of more than 10%.
+</P>
+<P>
+Note that the <b>pcre_jit_exec()</b> function is not available in versions of
+PCRE before 8.32 (released in November 2012). If you need to support versions
+that old you must either use the slower <b>pcre_exec()</b>, or switch between
+the two codepaths by checking the values of PCRE_MAJOR and PCRE_MINOR.
+</P>
+<P>
+Due to an unfortunate implementation oversight, even in versions 8.32
+and later there will be no <b>pcre_jit_exec()</b> stub function defined
+when PCRE is compiled with --disable-jit, which is the default, and
+there's no way to detect whether PCRE was compiled with --enable-jit
+via a macro.
+</P>
+<P>
+If you need to support versions older than 8.32, or versions that may
+not build with --enable-jit, you must either use the slower
+<b>pcre_exec()</b>, or switch between the two codepaths by checking the
+values of PCRE_MAJOR and PCRE_MINOR.
+</P>
+<P>
+Switching between the two by checking the version assumes that all the
+versions being targeted are built with --enable-jit. To also support
+builds that may use --disable-jit either <b>pcre_exec()</b> must be
+used, or a compile-time check for JIT via <b>pcre_config()</b> (which
+assumes the runtime environment will be the same), or as the Git
+project decided to do, simply assume that <b>pcre_jit_exec()</b> is
+present in 8.32 or later unless a compile-time flag is provided, see
+the "grep: un-break building with PCRE &#62;= 8.32 without --enable-jit"
+commit in git.git for an example of that.
+</P>
+<br><a name="SEC12" href="#TOC1">SEE ALSO</a><br>
+<P>
+<b>pcreapi</b>(3)
+</P>
+<br><a name="SEC13" href="#TOC1">AUTHOR</a><br>
+<P>
+Philip Hazel (FAQ by Zoltan Herczeg)
+<br>
+University Computing Service
+<br>
+Cambridge CB2 3QH, England.
+<br>
+</P>
+<br><a name="SEC14" href="#TOC1">REVISION</a><br>
+<P>
+Last updated: 05 July 2017
+<br>
+Copyright &copy; 1997-2017 University of Cambridge.
+<br>
+<p>
+Return to the <a href="index.html">PCRE index page</a>.
+</p>
diff --git a/client/3rd/ShadowSocks/ShadowSocks/pcre/arm64/share/doc/pcre/html/pcrelimits.html b/client/3rd/ShadowSocks/ShadowSocks/pcre/arm64/share/doc/pcre/html/pcrelimits.html
new file mode 100644
index 00000000..ee5ebf03
--- /dev/null
+++ b/client/3rd/ShadowSocks/ShadowSocks/pcre/arm64/share/doc/pcre/html/pcrelimits.html
@@ -0,0 +1,90 @@
+<html>
+<head>
+<title>pcrelimits specification</title>
+</head>
+<body bgcolor="#FFFFFF" text="#00005A" link="#0066FF" alink="#3399FF" vlink="#2222BB">
+<h1>pcrelimits man page</h1>
+<p>
+Return to the <a href="index.html">PCRE index page</a>.
+</p>
+<p>
+This page is part of the PCRE HTML documentation. It was generated automatically
+from the original man page. If there is any nonsense in it, please consult the
+man page, in case the conversion went wrong.
+<br>
+<br><b>
+SIZE AND OTHER LIMITATIONS
+</b><br>
+<P>
+There are some size limitations in PCRE but it is hoped that they will never in
+practice be relevant.
+</P>
+<P>
+The maximum length of a compiled pattern is approximately 64K data units (bytes
+for the 8-bit library, 16-bit units for the 16-bit library, and 32-bit units for
+the 32-bit library) if PCRE is compiled with the default internal linkage size,
+which is 2 bytes for the 8-bit and 16-bit libraries, and 4 bytes for the 32-bit
+library. If you want to process regular expressions that are truly enormous,
+you can compile PCRE with an internal linkage size of 3 or 4 (when building the
+16-bit or 32-bit library, 3 is rounded up to 4). See the <b>README</b> file in
+the source distribution and the
+<a href="pcrebuild.html"><b>pcrebuild</b></a>
+documentation for details. In these cases the limit is substantially larger.
+However, the speed of execution is slower.
+</P>
+<P>
+All values in repeating quantifiers must be less than 65536.
+</P>
+<P>
+There is no limit to the number of parenthesized subpatterns, but there can be
+no more than 65535 capturing subpatterns. There is, however, a limit to the
+depth of nesting of parenthesized subpatterns of all kinds. This is imposed in
+order to limit the amount of system stack used at compile time. The limit can
+be specified when PCRE is built; the default is 250.
+</P>
+<P>
+There is a limit to the number of forward references to subsequent subpatterns
+of around 200,000. Repeated forward references with fixed upper limits, for
+example, (?2){0,100} when subpattern number 2 is to the right, are included in
+the count. There is no limit to the number of backward references.
+</P>
+<P>
+The maximum length of name for a named subpattern is 32 characters, and the
+maximum number of named subpatterns is 10000.
+</P>
+<P>
+The maximum length of a name in a (*MARK), (*PRUNE), (*SKIP), or (*THEN) verb
+is 255 for the 8-bit library and 65535 for the 16-bit and 32-bit libraries.
+</P>
+<P>
+The maximum length of a subject string is the largest positive number that an
+integer variable can hold. However, when using the traditional matching
+function, PCRE uses recursion to handle subpatterns and indefinite repetition.
+This means that the available stack space may limit the size of a subject
+string that can be processed by certain patterns. For a discussion of stack
+issues, see the
+<a href="pcrestack.html"><b>pcrestack</b></a>
+documentation.
+</P>
+<br><b>
+AUTHOR
+</b><br>
+<P>
+Philip Hazel
+<br>
+University Computing Service
+<br>
+Cambridge CB2 3QH, England.
+<br>
+</P>
+<br><b>
+REVISION
+</b><br>
+<P>
+Last updated: 05 November 2013
+<br>
+Copyright &copy; 1997-2013 University of Cambridge.
+<br>
+<p>
+Return to the <a href="index.html">PCRE index page</a>.
+</p>
diff --git a/client/3rd/ShadowSocks/ShadowSocks/pcre/arm64/share/doc/pcre/html/pcrematching.html b/client/3rd/ShadowSocks/ShadowSocks/pcre/arm64/share/doc/pcre/html/pcrematching.html
new file mode 100644
index 00000000..a1af39b6
--- /dev/null
+++ b/client/3rd/ShadowSocks/ShadowSocks/pcre/arm64/share/doc/pcre/html/pcrematching.html
@@ -0,0 +1,242 @@
+<html>
+<head>
+<title>pcrematching specification</title>
+</head>
+<body bgcolor="#FFFFFF" text="#00005A" link="#0066FF" alink="#3399FF" vlink="#2222BB">
+<h1>pcrematching man page</h1>
+<p>
+Return to the <a href="index.html">PCRE index page</a>.
+</p>
+<p>
+This page is part of the PCRE HTML documentation. It was generated automatically
+from the original man page. If there is any nonsense in it, please consult the
+man page, in case the conversion went wrong.
+<br>
+<ul>
+<li><a name="TOC1" href="#SEC1">PCRE MATCHING ALGORITHMS</a>
+<li><a name="TOC2" href="#SEC2">REGULAR EXPRESSIONS AS TREES</a>
+<li><a name="TOC3" href="#SEC3">THE STANDARD MATCHING ALGORITHM</a>
+<li><a name="TOC4" href="#SEC4">THE ALTERNATIVE MATCHING ALGORITHM</a>
+<li><a name="TOC5" href="#SEC5">ADVANTAGES OF THE ALTERNATIVE ALGORITHM</a>
+<li><a name="TOC6" href="#SEC6">DISADVANTAGES OF THE ALTERNATIVE ALGORITHM</a>
+<li><a name="TOC7" href="#SEC7">AUTHOR</a>
+<li><a name="TOC8" href="#SEC8">REVISION</a>
+</ul>
+<br><a name="SEC1" href="#TOC1">PCRE MATCHING ALGORITHMS</a><br>
+<P>
+This document describes the two different algorithms that are available in PCRE
+for matching a compiled regular expression against a given subject string. The
+"standard" algorithm is the one provided by the <b>pcre_exec()</b>,
+<b>pcre16_exec()</b> and <b>pcre32_exec()</b> functions. These work in the same
+as as Perl's matching function, and provide a Perl-compatible matching operation.
+The just-in-time (JIT) optimization that is described in the
+<a href="pcrejit.html"><b>pcrejit</b></a>
+documentation is compatible with these functions.
+</P>
+<P>
+An alternative algorithm is provided by the <b>pcre_dfa_exec()</b>,
+<b>pcre16_dfa_exec()</b> and <b>pcre32_dfa_exec()</b> functions; they operate in
+a different way, and are not Perl-compatible. This alternative has advantages
+and disadvantages compared with the standard algorithm, and these are described
+below.
+</P>
+<P>
+When there is only one possible way in which a given subject string can match a
+pattern, the two algorithms give the same answer. A difference arises, however,
+when there are multiple possibilities. For example, if the pattern
+<pre>
+  ^&#60;.*&#62;
+</pre>
+is matched against the string
+<pre>
+  &#60;something&#62; &#60;something else&#62; &#60;something further&#62;
+</pre>
+there are three possible answers. The standard algorithm finds only one of
+them, whereas the alternative algorithm finds all three.
+</P>
+<br><a name="SEC2" href="#TOC1">REGULAR EXPRESSIONS AS TREES</a><br>
+<P>
+The set of strings that are matched by a regular expression can be represented
+as a tree structure. An unlimited repetition in the pattern makes the tree of
+infinite size, but it is still a tree. Matching the pattern to a given subject
+string (from a given starting point) can be thought of as a search of the tree.
+There are two ways to search a tree: depth-first and breadth-first, and these
+correspond to the two matching algorithms provided by PCRE.
+</P>
+<br><a name="SEC3" href="#TOC1">THE STANDARD MATCHING ALGORITHM</a><br>
+<P>
+In the terminology of Jeffrey Friedl's book "Mastering Regular
+Expressions", the standard algorithm is an "NFA algorithm". It conducts a
+depth-first search of the pattern tree. That is, it proceeds along a single
+path through the tree, checking that the subject matches what is required. When
+there is a mismatch, the algorithm tries any alternatives at the current point,
+and if they all fail, it backs up to the previous branch point in the tree, and
+tries the next alternative branch at that level. This often involves backing up
+(moving to the left) in the subject string as well. The order in which
+repetition branches are tried is controlled by the greedy or ungreedy nature of
+the quantifier.
+</P>
+<P>
+If a leaf node is reached, a matching string has been found, and at that point
+the algorithm stops. Thus, if there is more than one possible match, this
+algorithm returns the first one that it finds. Whether this is the shortest,
+the longest, or some intermediate length depends on the way the greedy and
+ungreedy repetition quantifiers are specified in the pattern.
+</P>
+<P>
+Because it ends up with a single path through the tree, it is relatively
+straightforward for this algorithm to keep track of the substrings that are
+matched by portions of the pattern in parentheses. This provides support for
+capturing parentheses and back references.
+</P>
+<br><a name="SEC4" href="#TOC1">THE ALTERNATIVE MATCHING ALGORITHM</a><br>
+<P>
+This algorithm conducts a breadth-first search of the tree. Starting from the
+first matching point in the subject, it scans the subject string from left to
+right, once, character by character, and as it does this, it remembers all the
+paths through the tree that represent valid matches. In Friedl's terminology,
+this is a kind of "DFA algorithm", though it is not implemented as a
+traditional finite state machine (it keeps multiple states active
+simultaneously).
+</P>
+<P>
+Although the general principle of this matching algorithm is that it scans the
+subject string only once, without backtracking, there is one exception: when a
+lookaround assertion is encountered, the characters following or preceding the
+current point have to be independently inspected.
+</P>
+<P>
+The scan continues until either the end of the subject is reached, or there are
+no more unterminated paths. At this point, terminated paths represent the
+different matching possibilities (if there are none, the match has failed).
+Thus, if there is more than one possible match, this algorithm finds all of
+them, and in particular, it finds the longest. The matches are returned in
+decreasing order of length. There is an option to stop the algorithm after the
+first match (which is necessarily the shortest) is found.
+</P>
+<P>
+Note that all the matches that are found start at the same point in the
+subject. If the pattern
+<pre>
+  cat(er(pillar)?)?
+</pre>
+is matched against the string "the caterpillar catchment", the result will be
+the three strings "caterpillar", "cater", and "cat" that start at the fifth
+character of the subject. The algorithm does not automatically move on to find
+matches that start at later positions.
+</P>
+<P>
+PCRE's "auto-possessification" optimization usually applies to character
+repeats at the end of a pattern (as well as internally). For example, the
+pattern "a\d+" is compiled as if it were "a\d++" because there is no point
+even considering the possibility of backtracking into the repeated digits. For
+DFA matching, this means that only one possible match is found. If you really
+do want multiple matches in such cases, either use an ungreedy repeat
+("a\d+?") or set the PCRE_NO_AUTO_POSSESS option when compiling.
+</P>
+<P>
+There are a number of features of PCRE regular expressions that are not
+supported by the alternative matching algorithm. They are as follows:
+</P>
+<P>
+1. Because the algorithm finds all possible matches, the greedy or ungreedy
+nature of repetition quantifiers is not relevant. Greedy and ungreedy
+quantifiers are treated in exactly the same way. However, possessive
+quantifiers can make a difference when what follows could also match what is
+quantified, for example in a pattern like this:
+<pre>
+  ^a++\w!
+</pre>
+This pattern matches "aaab!" but not "aaa!", which would be matched by a
+non-possessive quantifier. Similarly, if an atomic group is present, it is
+matched as if it were a standalone pattern at the current point, and the
+longest match is then "locked in" for the rest of the overall pattern.
+</P>
+<P>
+2. When dealing with multiple paths through the tree simultaneously, it is not
+straightforward to keep track of captured substrings for the different matching
+possibilities, and PCRE's implementation of this algorithm does not attempt to
+do this. This means that no captured substrings are available.
+</P>
+<P>
+3. Because no substrings are captured, back references within the pattern are
+not supported, and cause errors if encountered.
+</P>
+<P>
+4. For the same reason, conditional expressions that use a backreference as the
+condition or test for a specific group recursion are not supported.
+</P>
+<P>
+5. Because many paths through the tree may be active, the \K escape sequence,
+which resets the start of the match when encountered (but may be on some paths
+and not on others), is not supported. It causes an error if encountered.
+</P>
+<P>
+6. Callouts are supported, but the value of the <i>capture_top</i> field is
+always 1, and the value of the <i>capture_last</i> field is always -1.
+</P>
+<P>
+7. The \C escape sequence, which (in the standard algorithm) always matches a
+single data unit, even in UTF-8, UTF-16 or UTF-32 modes, is not supported in
+these modes, because the alternative algorithm moves through the subject string
+one character (not data unit) at a time, for all active paths through the tree.
+</P>
+<P>
+8. Except for (*FAIL), the backtracking control verbs such as (*PRUNE) are not
+supported. (*FAIL) is supported, and behaves like a failing negative assertion.
+</P>
+<br><a name="SEC5" href="#TOC1">ADVANTAGES OF THE ALTERNATIVE ALGORITHM</a><br>
+<P>
+Using the alternative matching algorithm provides the following advantages:
+</P>
+<P>
+1. All possible matches (at a single point in the subject) are automatically
+found, and in particular, the longest match is found. To find more than one
+match using the standard algorithm, you have to do kludgy things with
+callouts.
+</P>
+<P>
+2. Because the alternative algorithm scans the subject string just once, and
+never needs to backtrack (except for lookbehinds), it is possible to pass very
+long subject strings to the matching function in several pieces, checking for
+partial matching each time. Although it is possible to do multi-segment
+matching using the standard algorithm by retaining partially matched
+substrings, it is more complicated. The
+<a href="pcrepartial.html"><b>pcrepartial</b></a>
+documentation gives details of partial matching and discusses multi-segment
+matching.
+</P>
+<br><a name="SEC6" href="#TOC1">DISADVANTAGES OF THE ALTERNATIVE ALGORITHM</a><br>
+<P>
+The alternative algorithm suffers from a number of disadvantages:
+</P>
+<P>
+1. It is substantially slower than the standard algorithm. This is partly
+because it has to search for all possible matches, but is also because it is
+less susceptible to optimization.
+</P>
+<P>
+2. Capturing parentheses and back references are not supported.
+</P>
+<P>
+3. Although atomic groups are supported, their use does not provide the
+performance advantage that it does for the standard algorithm.
+</P>
+<br><a name="SEC7" href="#TOC1">AUTHOR</a><br>
+<P>
+Philip Hazel
+<br>
+University Computing Service
+<br>
+Cambridge CB2 3QH, England.
+<br>
+</P>
+<br><a name="SEC8" href="#TOC1">REVISION</a><br>
+<P>
+Last updated: 12 November 2013
+<br>
+Copyright &copy; 1997-2012 University of Cambridge.
+<br>
+<p>
+Return to the <a href="index.html">PCRE index page</a>.
+</p>
diff --git a/client/3rd/ShadowSocks/ShadowSocks/pcre/arm64/share/doc/pcre/html/pcrepartial.html b/client/3rd/ShadowSocks/ShadowSocks/pcre/arm64/share/doc/pcre/html/pcrepartial.html
new file mode 100644
index 00000000..4faeafcb
--- /dev/null
+++ b/client/3rd/ShadowSocks/ShadowSocks/pcre/arm64/share/doc/pcre/html/pcrepartial.html
@@ -0,0 +1,509 @@
+<html>
+<head>
+<title>pcrepartial specification</title>
+</head>
+<body bgcolor="#FFFFFF" text="#00005A" link="#0066FF" alink="#3399FF" vlink="#2222BB">
+<h1>pcrepartial man page</h1>
+<p>
+Return to the <a href="index.html">PCRE index page</a>.
+</p>
+<p>
+This page is part of the PCRE HTML documentation. It was generated automatically
+from the original man page. If there is any nonsense in it, please consult the
+man page, in case the conversion went wrong.
+<br>
+<ul>
+<li><a name="TOC1" href="#SEC1">PARTIAL MATCHING IN PCRE</a>
+<li><a name="TOC2" href="#SEC2">PARTIAL MATCHING USING pcre_exec() OR pcre[16|32]_exec()</a>
+<li><a name="TOC3" href="#SEC3">PARTIAL MATCHING USING pcre_dfa_exec() OR pcre[16|32]_dfa_exec()</a>
+<li><a name="TOC4" href="#SEC4">PARTIAL MATCHING AND WORD BOUNDARIES</a>
+<li><a name="TOC5" href="#SEC5">FORMERLY RESTRICTED PATTERNS</a>
+<li><a name="TOC6" href="#SEC6">EXAMPLE OF PARTIAL MATCHING USING PCRETEST</a>
+<li><a name="TOC7" href="#SEC7">MULTI-SEGMENT MATCHING WITH pcre_dfa_exec() OR pcre[16|32]_dfa_exec()</a>
+<li><a name="TOC8" href="#SEC8">MULTI-SEGMENT MATCHING WITH pcre_exec() OR pcre[16|32]_exec()</a>
+<li><a name="TOC9" href="#SEC9">ISSUES WITH MULTI-SEGMENT MATCHING</a>
+<li><a name="TOC10" href="#SEC10">AUTHOR</a>
+<li><a name="TOC11" href="#SEC11">REVISION</a>
+</ul>
+<br><a name="SEC1" href="#TOC1">PARTIAL MATCHING IN PCRE</a><br>
+<P>
+In normal use of PCRE, if the subject string that is passed to a matching
+function matches as far as it goes, but is too short to match the entire
+pattern, PCRE_ERROR_NOMATCH is returned. There are circumstances where it might
+be helpful to distinguish this case from other cases in which there is no
+match.
+</P>
+<P>
+Consider, for example, an application where a human is required to type in data
+for a field with specific formatting requirements. An example might be a date
+in the form <i>ddmmmyy</i>, defined by this pattern:
+<pre>
+  ^\d?\d(jan|feb|mar|apr|may|jun|jul|aug|sep|oct|nov|dec)\d\d$
+</pre>
+If the application sees the user's keystrokes one by one, and can check that
+what has been typed so far is potentially valid, it is able to raise an error
+as soon as a mistake is made, by beeping and not reflecting the character that
+has been typed, for example. This immediate feedback is likely to be a better
+user interface than a check that is delayed until the entire string has been
+entered. Partial matching can also be useful when the subject string is very
+long and is not all available at once.
+</P>
+<P>
+PCRE supports partial matching by means of the PCRE_PARTIAL_SOFT and
+PCRE_PARTIAL_HARD options, which can be set when calling any of the matching
+functions. For backwards compatibility, PCRE_PARTIAL is a synonym for
+PCRE_PARTIAL_SOFT. The essential difference between the two options is whether
+or not a partial match is preferred to an alternative complete match, though
+the details differ between the two types of matching function. If both options
+are set, PCRE_PARTIAL_HARD takes precedence.
+</P>
+<P>
+If you want to use partial matching with just-in-time optimized code, you must
+call <b>pcre_study()</b>, <b>pcre16_study()</b> or  <b>pcre32_study()</b> with one
+or both of these options:
+<pre>
+  PCRE_STUDY_JIT_PARTIAL_SOFT_COMPILE
+  PCRE_STUDY_JIT_PARTIAL_HARD_COMPILE
+</pre>
+PCRE_STUDY_JIT_COMPILE should also be set if you are going to run non-partial
+matches on the same pattern. If the appropriate JIT study mode has not been set
+for a match, the interpretive matching code is used.
+</P>
+<P>
+Setting a partial matching option disables two of PCRE's standard
+optimizations. PCRE remembers the last literal data unit in a pattern, and
+abandons matching immediately if it is not present in the subject string. This
+optimization cannot be used for a subject string that might match only
+partially. If the pattern was studied, PCRE knows the minimum length of a
+matching string, and does not bother to run the matching function on shorter
+strings. This optimization is also disabled for partial matching.
+</P>
+<br><a name="SEC2" href="#TOC1">PARTIAL MATCHING USING pcre_exec() OR pcre[16|32]_exec()</a><br>
+<P>
+A partial match occurs during a call to <b>pcre_exec()</b> or
+<b>pcre[16|32]_exec()</b> when the end of the subject string is reached
+successfully, but matching cannot continue because more characters are needed.
+However, at least one character in the subject must have been inspected. This
+character need not form part of the final matched string; lookbehind assertions
+and the \K escape sequence provide ways of inspecting characters before the
+start of a matched substring. The requirement for inspecting at least one
+character exists because an empty string can always be matched; without such a
+restriction there would always be a partial match of an empty string at the end
+of the subject.
+</P>
+<P>
+If there are at least two slots in the offsets vector when a partial match is
+returned, the first slot is set to the offset of the earliest character that
+was inspected. For convenience, the second offset points to the end of the
+subject so that a substring can easily be identified. If there are at least
+three slots in the offsets vector, the third slot is set to the offset of the
+character where matching started.
+</P>
+<P>
+For the majority of patterns, the contents of the first and third slots will be
+the same. However, for patterns that contain lookbehind assertions, or begin
+with \b or \B, characters before the one where matching started may have been
+inspected while carrying out the match. For example, consider this pattern:
+<pre>
+  /(?&#60;=abc)123/
+</pre>
+This pattern matches "123", but only if it is preceded by "abc". If the subject
+string is "xyzabc12", the first two offsets after a partial match are for the
+substring "abc12", because all these characters were inspected. However, the
+third offset is set to 6, because that is the offset where matching began.
+</P>
+<P>
+What happens when a partial match is identified depends on which of the two
+partial matching options are set.
+</P>
+<br><b>
+PCRE_PARTIAL_SOFT WITH pcre_exec() OR pcre[16|32]_exec()
+</b><br>
+<P>
+If PCRE_PARTIAL_SOFT is set when <b>pcre_exec()</b> or <b>pcre[16|32]_exec()</b>
+identifies a partial match, the partial match is remembered, but matching
+continues as normal, and other alternatives in the pattern are tried. If no
+complete match can be found, PCRE_ERROR_PARTIAL is returned instead of
+PCRE_ERROR_NOMATCH.
+</P>
+<P>
+This option is "soft" because it prefers a complete match over a partial match.
+All the various matching items in a pattern behave as if the subject string is
+potentially complete. For example, \z, \Z, and $ match at the end of the
+subject, as normal, and for \b and \B the end of the subject is treated as a
+non-alphanumeric.
+</P>
+<P>
+If there is more than one partial match, the first one that was found provides
+the data that is returned. Consider this pattern:
+<pre>
+  /123\w+X|dogY/
+</pre>
+If this is matched against the subject string "abc123dog", both
+alternatives fail to match, but the end of the subject is reached during
+matching, so PCRE_ERROR_PARTIAL is returned. The offsets are set to 3 and 9,
+identifying "123dog" as the first partial match that was found. (In this
+example, there are two partial matches, because "dog" on its own partially
+matches the second alternative.)
+</P>
+<br><b>
+PCRE_PARTIAL_HARD WITH pcre_exec() OR pcre[16|32]_exec()
+</b><br>
+<P>
+If PCRE_PARTIAL_HARD is set for <b>pcre_exec()</b> or <b>pcre[16|32]_exec()</b>,
+PCRE_ERROR_PARTIAL is returned as soon as a partial match is found, without
+continuing to search for possible complete matches. This option is "hard"
+because it prefers an earlier partial match over a later complete match. For
+this reason, the assumption is made that the end of the supplied subject string
+may not be the true end of the available data, and so, if \z, \Z, \b, \B,
+or $ are encountered at the end of the subject, the result is
+PCRE_ERROR_PARTIAL, provided that at least one character in the subject has
+been inspected.
+</P>
+<P>
+Setting PCRE_PARTIAL_HARD also affects the way UTF-8 and UTF-16
+subject strings are checked for validity. Normally, an invalid sequence
+causes the error PCRE_ERROR_BADUTF8 or PCRE_ERROR_BADUTF16. However, in the
+special case of a truncated character at the end of the subject,
+PCRE_ERROR_SHORTUTF8 or PCRE_ERROR_SHORTUTF16 is returned when
+PCRE_PARTIAL_HARD is set.
+</P>
+<br><b>
+Comparing hard and soft partial matching
+</b><br>
+<P>
+The difference between the two partial matching options can be illustrated by a
+pattern such as:
+<pre>
+  /dog(sbody)?/
+</pre>
+This matches either "dog" or "dogsbody", greedily (that is, it prefers the
+longer string if possible). If it is matched against the string "dog" with
+PCRE_PARTIAL_SOFT, it yields a complete match for "dog". However, if
+PCRE_PARTIAL_HARD is set, the result is PCRE_ERROR_PARTIAL. On the other hand,
+if the pattern is made ungreedy the result is different:
+<pre>
+  /dog(sbody)??/
+</pre>
+In this case the result is always a complete match because that is found first,
+and matching never continues after finding a complete match. It might be easier
+to follow this explanation by thinking of the two patterns like this:
+<pre>
+  /dog(sbody)?/    is the same as  /dogsbody|dog/
+  /dog(sbody)??/   is the same as  /dog|dogsbody/
+</pre>
+The second pattern will never match "dogsbody", because it will always find the
+shorter match first.
+</P>
+<br><a name="SEC3" href="#TOC1">PARTIAL MATCHING USING pcre_dfa_exec() OR pcre[16|32]_dfa_exec()</a><br>
+<P>
+The DFA functions move along the subject string character by character, without
+backtracking, searching for all possible matches simultaneously. If the end of
+the subject is reached before the end of the pattern, there is the possibility
+of a partial match, again provided that at least one character has been
+inspected.
+</P>
+<P>
+When PCRE_PARTIAL_SOFT is set, PCRE_ERROR_PARTIAL is returned only if there
+have been no complete matches. Otherwise, the complete matches are returned.
+However, if PCRE_PARTIAL_HARD is set, a partial match takes precedence over any
+complete matches. The portion of the string that was inspected when the longest
+partial match was found is set as the first matching string, provided there are
+at least two slots in the offsets vector.
+</P>
+<P>
+Because the DFA functions always search for all possible matches, and there is
+no difference between greedy and ungreedy repetition, their behaviour is
+different from the standard functions when PCRE_PARTIAL_HARD is set. Consider
+the string "dog" matched against the ungreedy pattern shown above:
+<pre>
+  /dog(sbody)??/
+</pre>
+Whereas the standard functions stop as soon as they find the complete match for
+"dog", the DFA functions also find the partial match for "dogsbody", and so
+return that when PCRE_PARTIAL_HARD is set.
+</P>
+<br><a name="SEC4" href="#TOC1">PARTIAL MATCHING AND WORD BOUNDARIES</a><br>
+<P>
+If a pattern ends with one of sequences \b or \B, which test for word
+boundaries, partial matching with PCRE_PARTIAL_SOFT can give counter-intuitive
+results. Consider this pattern:
+<pre>
+  /\bcat\b/
+</pre>
+This matches "cat", provided there is a word boundary at either end. If the
+subject string is "the cat", the comparison of the final "t" with a following
+character cannot take place, so a partial match is found. However, normal
+matching carries on, and \b matches at the end of the subject when the last
+character is a letter, so a complete match is found. The result, therefore, is
+<i>not</i> PCRE_ERROR_PARTIAL. Using PCRE_PARTIAL_HARD in this case does yield
+PCRE_ERROR_PARTIAL, because then the partial match takes precedence.
+</P>
+<br><a name="SEC5" href="#TOC1">FORMERLY RESTRICTED PATTERNS</a><br>
+<P>
+For releases of PCRE prior to 8.00, because of the way certain internal
+optimizations were implemented in the <b>pcre_exec()</b> function, the
+PCRE_PARTIAL option (predecessor of PCRE_PARTIAL_SOFT) could not be used with
+all patterns. From release 8.00 onwards, the restrictions no longer apply, and
+partial matching with can be requested for any pattern.
+</P>
+<P>
+Items that were formerly restricted were repeated single characters and
+repeated metasequences. If PCRE_PARTIAL was set for a pattern that did not
+conform to the restrictions, <b>pcre_exec()</b> returned the error code
+PCRE_ERROR_BADPARTIAL (-13). This error code is no longer in use. The
+PCRE_INFO_OKPARTIAL call to <b>pcre_fullinfo()</b> to find out if a compiled
+pattern can be used for partial matching now always returns 1.
+</P>
+<br><a name="SEC6" href="#TOC1">EXAMPLE OF PARTIAL MATCHING USING PCRETEST</a><br>
+<P>
+If the escape sequence \P is present in a <b>pcretest</b> data line, the
+PCRE_PARTIAL_SOFT option is used for the match. Here is a run of <b>pcretest</b>
+that uses the date example quoted above:
+<pre>
+    re&#62; /^\d?\d(jan|feb|mar|apr|may|jun|jul|aug|sep|oct|nov|dec)\d\d$/
+  data&#62; 25jun04\P
+   0: 25jun04
+   1: jun
+  data&#62; 25dec3\P
+  Partial match: 23dec3
+  data&#62; 3ju\P
+  Partial match: 3ju
+  data&#62; 3juj\P
+  No match
+  data&#62; j\P
+  No match
+</pre>
+The first data string is matched completely, so <b>pcretest</b> shows the
+matched substrings. The remaining four strings do not match the complete
+pattern, but the first two are partial matches. Similar output is obtained
+if DFA matching is used.
+</P>
+<P>
+If the escape sequence \P is present more than once in a <b>pcretest</b> data
+line, the PCRE_PARTIAL_HARD option is set for the match.
+</P>
+<br><a name="SEC7" href="#TOC1">MULTI-SEGMENT MATCHING WITH pcre_dfa_exec() OR pcre[16|32]_dfa_exec()</a><br>
+<P>
+When a partial match has been found using a DFA matching function, it is
+possible to continue the match by providing additional subject data and calling
+the function again with the same compiled regular expression, this time setting
+the PCRE_DFA_RESTART option. You must pass the same working space as before,
+because this is where details of the previous partial match are stored. Here is
+an example using <b>pcretest</b>, using the \R escape sequence to set the
+PCRE_DFA_RESTART option (\D specifies the use of the DFA matching function):
+<pre>
+    re&#62; /^\d?\d(jan|feb|mar|apr|may|jun|jul|aug|sep|oct|nov|dec)\d\d$/
+  data&#62; 23ja\P\D
+  Partial match: 23ja
+  data&#62; n05\R\D
+   0: n05
+</pre>
+The first call has "23ja" as the subject, and requests partial matching; the
+second call has "n05" as the subject for the continued (restarted) match.
+Notice that when the match is complete, only the last part is shown; PCRE does
+not retain the previously partially-matched string. It is up to the calling
+program to do that if it needs to.
+</P>
+<P>
+That means that, for an unanchored pattern, if a continued match fails, it is
+not possible to try again at a new starting point. All this facility is capable
+of doing is continuing with the previous match attempt. In the previous
+example, if the second set of data is "ug23" the result is no match, even
+though there would be a match for "aug23" if the entire string were given at
+once. Depending on the application, this may or may not be what you want.
+The only way to allow for starting again at the next character is to retain the
+matched part of the subject and try a new complete match.
+</P>
+<P>
+You can set the PCRE_PARTIAL_SOFT or PCRE_PARTIAL_HARD options with
+PCRE_DFA_RESTART to continue partial matching over multiple segments. This
+facility can be used to pass very long subject strings to the DFA matching
+functions.
+</P>
+<br><a name="SEC8" href="#TOC1">MULTI-SEGMENT MATCHING WITH pcre_exec() OR pcre[16|32]_exec()</a><br>
+<P>
+From release 8.00, the standard matching functions can also be used to do
+multi-segment matching. Unlike the DFA functions, it is not possible to
+restart the previous match with a new segment of data. Instead, new data must
+be added to the previous subject string, and the entire match re-run, starting
+from the point where the partial match occurred. Earlier data can be discarded.
+</P>
+<P>
+It is best to use PCRE_PARTIAL_HARD in this situation, because it does not
+treat the end of a segment as the end of the subject when matching \z, \Z,
+\b, \B, and $. Consider an unanchored pattern that matches dates:
+<pre>
+    re&#62; /\d?\d(jan|feb|mar|apr|may|jun|jul|aug|sep|oct|nov|dec)\d\d/
+  data&#62; The date is 23ja\P\P
+  Partial match: 23ja
+</pre>
+At this stage, an application could discard the text preceding "23ja", add on
+text from the next segment, and call the matching function again. Unlike the
+DFA matching functions, the entire matching string must always be available,
+and the complete matching process occurs for each call, so more memory and more
+processing time is needed.
+</P>
+<P>
+<b>Note:</b> If the pattern contains lookbehind assertions, or \K, or starts
+with \b or \B, the string that is returned for a partial match includes
+characters that precede the start of what would be returned for a complete
+match, because it contains all the characters that were inspected during the
+partial match.
+</P>
+<br><a name="SEC9" href="#TOC1">ISSUES WITH MULTI-SEGMENT MATCHING</a><br>
+<P>
+Certain types of pattern may give problems with multi-segment matching,
+whichever matching function is used.
+</P>
+<P>
+1. If the pattern contains a test for the beginning of a line, you need to pass
+the PCRE_NOTBOL option when the subject string for any call does start at the
+beginning of a line. There is also a PCRE_NOTEOL option, but in practice when
+doing multi-segment matching you should be using PCRE_PARTIAL_HARD, which
+includes the effect of PCRE_NOTEOL.
+</P>
+<P>
+2. Lookbehind assertions that have already been obeyed are catered for in the
+offsets that are returned for a partial match. However a lookbehind assertion
+later in the pattern could require even earlier characters to be inspected. You
+can handle this case by using the PCRE_INFO_MAXLOOKBEHIND option of the
+<b>pcre_fullinfo()</b> or <b>pcre[16|32]_fullinfo()</b> functions to obtain the
+length of the longest lookbehind in the pattern. This length is given in
+characters, not bytes. If you always retain at least that many characters
+before the partially matched string, all should be well. (Of course, near the
+start of the subject, fewer characters may be present; in that case all
+characters should be retained.)
+</P>
+<P>
+From release 8.33, there is a more accurate way of deciding which characters to
+retain. Instead of subtracting the length of the longest lookbehind from the
+earliest inspected character (<i>offsets[0]</i>), the match start position
+(<i>offsets[2]</i>) should be used, and the next match attempt started at the
+<i>offsets[2]</i> character by setting the <i>startoffset</i> argument of
+<b>pcre_exec()</b> or <b>pcre_dfa_exec()</b>.
+</P>
+<P>
+For example, if the pattern "(?&#60;=123)abc" is partially
+matched against the string "xx123a", the three offset values returned are 2, 6,
+and 5. This indicates that the matching process that gave a partial match
+started at offset 5, but the characters "123a" were all inspected. The maximum
+lookbehind for that pattern is 3, so taking that away from 5 shows that we need
+only keep "123a", and the next match attempt can be started at offset 3 (that
+is, at "a") when further characters have been added. When the match start is
+not the earliest inspected character, <b>pcretest</b> shows it explicitly:
+<pre>
+    re&#62; "(?&#60;=123)abc"
+  data&#62; xx123a\P\P
+  Partial match at offset 5: 123a
+</PRE>
+</P>
+<P>
+3. Because a partial match must always contain at least one character, what
+might be considered a partial match of an empty string actually gives a "no
+match" result. For example:
+<pre>
+    re&#62; /c(?&#60;=abc)x/
+  data&#62; ab\P
+  No match
+</pre>
+If the next segment begins "cx", a match should be found, but this will only
+happen if characters from the previous segment are retained. For this reason, a
+"no match" result should be interpreted as "partial match of an empty string"
+when the pattern contains lookbehinds.
+</P>
+<P>
+4. Matching a subject string that is split into multiple segments may not
+always produce exactly the same result as matching over one single long string,
+especially when PCRE_PARTIAL_SOFT is used. The section "Partial Matching and
+Word Boundaries" above describes an issue that arises if the pattern ends with
+\b or \B. Another kind of difference may occur when there are multiple
+matching possibilities, because (for PCRE_PARTIAL_SOFT) a partial match result
+is given only when there are no completed matches. This means that as soon as
+the shortest match has been found, continuation to a new subject segment is no
+longer possible. Consider again this <b>pcretest</b> example:
+<pre>
+    re&#62; /dog(sbody)?/
+  data&#62; dogsb\P
+   0: dog
+  data&#62; do\P\D
+  Partial match: do
+  data&#62; gsb\R\P\D
+   0: g
+  data&#62; dogsbody\D
+   0: dogsbody
+   1: dog
+</pre>
+The first data line passes the string "dogsb" to a standard matching function,
+setting the PCRE_PARTIAL_SOFT option. Although the string is a partial match
+for "dogsbody", the result is not PCRE_ERROR_PARTIAL, because the shorter
+string "dog" is a complete match. Similarly, when the subject is presented to
+a DFA matching function in several parts ("do" and "gsb" being the first two)
+the match stops when "dog" has been found, and it is not possible to continue.
+On the other hand, if "dogsbody" is presented as a single string, a DFA
+matching function finds both matches.
+</P>
+<P>
+Because of these problems, it is best to use PCRE_PARTIAL_HARD when matching
+multi-segment data. The example above then behaves differently:
+<pre>
+    re&#62; /dog(sbody)?/
+  data&#62; dogsb\P\P
+  Partial match: dogsb
+  data&#62; do\P\D
+  Partial match: do
+  data&#62; gsb\R\P\P\D
+  Partial match: gsb
+</pre>
+5. Patterns that contain alternatives at the top level which do not all start
+with the same pattern item may not work as expected when PCRE_DFA_RESTART is
+used. For example, consider this pattern:
+<pre>
+  1234|3789
+</pre>
+If the first part of the subject is "ABC123", a partial match of the first
+alternative is found at offset 3. There is no partial match for the second
+alternative, because such a match does not start at the same point in the
+subject string. Attempting to continue with the string "7890" does not yield a
+match because only those alternatives that match at one point in the subject
+are remembered. The problem arises because the start of the second alternative
+matches within the first alternative. There is no problem with anchored
+patterns or patterns such as:
+<pre>
+  1234|ABCD
+</pre>
+where no string can be a partial match for both alternatives. This is not a
+problem if a standard matching function is used, because the entire match has
+to be rerun each time:
+<pre>
+    re&#62; /1234|3789/
+  data&#62; ABC123\P\P
+  Partial match: 123
+  data&#62; 1237890
+   0: 3789
+</pre>
+Of course, instead of using PCRE_DFA_RESTART, the same technique of re-running
+the entire match can also be used with the DFA matching functions. Another
+possibility is to work with two buffers. If a partial match at offset <i>n</i>
+in the first buffer is followed by "no match" when PCRE_DFA_RESTART is used on
+the second buffer, you can then try a new match starting at offset <i>n+1</i> in
+the first buffer.
+</P>
+<br><a name="SEC10" href="#TOC1">AUTHOR</a><br>
+<P>
+Philip Hazel
+<br>
+University Computing Service
+<br>
+Cambridge CB2 3QH, England.
+<br>
+</P>
+<br><a name="SEC11" href="#TOC1">REVISION</a><br>
+<P>
+Last updated: 02 July 2013
+<br>
+Copyright &copy; 1997-2013 University of Cambridge.
+<br>
+<p>
+Return to the <a href="index.html">PCRE index page</a>.
+</p>
diff --git a/client/3rd/ShadowSocks/ShadowSocks/pcre/arm64/share/doc/pcre/html/pcrepattern.html b/client/3rd/ShadowSocks/ShadowSocks/pcre/arm64/share/doc/pcre/html/pcrepattern.html
new file mode 100644
index 00000000..96fc7298
--- /dev/null
+++ b/client/3rd/ShadowSocks/ShadowSocks/pcre/arm64/share/doc/pcre/html/pcrepattern.html
@@ -0,0 +1,3276 @@
+<html>
+<head>
+<title>pcrepattern specification</title>
+</head>
+<body bgcolor="#FFFFFF" text="#00005A" link="#0066FF" alink="#3399FF" vlink="#2222BB">
+<h1>pcrepattern man page</h1>
+<p>
+Return to the <a href="index.html">PCRE index page</a>.
+</p>
+<p>
+This page is part of the PCRE HTML documentation. It was generated automatically
+from the original man page. If there is any nonsense in it, please consult the
+man page, in case the conversion went wrong.
+<br>
+<ul>
+<li><a name="TOC1" href="#SEC1">PCRE REGULAR EXPRESSION DETAILS</a>
+<li><a name="TOC2" href="#SEC2">SPECIAL START-OF-PATTERN ITEMS</a>
+<li><a name="TOC3" href="#SEC3">EBCDIC CHARACTER CODES</a>
+<li><a name="TOC4" href="#SEC4">CHARACTERS AND METACHARACTERS</a>
+<li><a name="TOC5" href="#SEC5">BACKSLASH</a>
+<li><a name="TOC6" href="#SEC6">CIRCUMFLEX AND DOLLAR</a>
+<li><a name="TOC7" href="#SEC7">FULL STOP (PERIOD, DOT) AND \N</a>
+<li><a name="TOC8" href="#SEC8">MATCHING A SINGLE DATA UNIT</a>
+<li><a name="TOC9" href="#SEC9">SQUARE BRACKETS AND CHARACTER CLASSES</a>
+<li><a name="TOC10" href="#SEC10">POSIX CHARACTER CLASSES</a>
+<li><a name="TOC11" href="#SEC11">COMPATIBILITY FEATURE FOR WORD BOUNDARIES</a>
+<li><a name="TOC12" href="#SEC12">VERTICAL BAR</a>
+<li><a name="TOC13" href="#SEC13">INTERNAL OPTION SETTING</a>
+<li><a name="TOC14" href="#SEC14">SUBPATTERNS</a>
+<li><a name="TOC15" href="#SEC15">DUPLICATE SUBPATTERN NUMBERS</a>
+<li><a name="TOC16" href="#SEC16">NAMED SUBPATTERNS</a>
+<li><a name="TOC17" href="#SEC17">REPETITION</a>
+<li><a name="TOC18" href="#SEC18">ATOMIC GROUPING AND POSSESSIVE QUANTIFIERS</a>
+<li><a name="TOC19" href="#SEC19">BACK REFERENCES</a>
+<li><a name="TOC20" href="#SEC20">ASSERTIONS</a>
+<li><a name="TOC21" href="#SEC21">CONDITIONAL SUBPATTERNS</a>
+<li><a name="TOC22" href="#SEC22">COMMENTS</a>
+<li><a name="TOC23" href="#SEC23">RECURSIVE PATTERNS</a>
+<li><a name="TOC24" href="#SEC24">SUBPATTERNS AS SUBROUTINES</a>
+<li><a name="TOC25" href="#SEC25">ONIGURUMA SUBROUTINE SYNTAX</a>
+<li><a name="TOC26" href="#SEC26">CALLOUTS</a>
+<li><a name="TOC27" href="#SEC27">BACKTRACKING CONTROL</a>
+<li><a name="TOC28" href="#SEC28">SEE ALSO</a>
+<li><a name="TOC29" href="#SEC29">AUTHOR</a>
+<li><a name="TOC30" href="#SEC30">REVISION</a>
+</ul>
+<br><a name="SEC1" href="#TOC1">PCRE REGULAR EXPRESSION DETAILS</a><br>
+<P>
+The syntax and semantics of the regular expressions that are supported by PCRE
+are described in detail below. There is a quick-reference syntax summary in the
+<a href="pcresyntax.html"><b>pcresyntax</b></a>
+page. PCRE tries to match Perl syntax and semantics as closely as it can. PCRE
+also supports some alternative regular expression syntax (which does not
+conflict with the Perl syntax) in order to provide some compatibility with
+regular expressions in Python, .NET, and Oniguruma.
+</P>
+<P>
+Perl's regular expressions are described in its own documentation, and
+regular expressions in general are covered in a number of books, some of which
+have copious examples. Jeffrey Friedl's "Mastering Regular Expressions",
+published by O'Reilly, covers regular expressions in great detail. This
+description of PCRE's regular expressions is intended as reference material.
+</P>
+<P>
+This document discusses the patterns that are supported by PCRE when one its
+main matching functions, <b>pcre_exec()</b> (8-bit) or <b>pcre[16|32]_exec()</b>
+(16- or 32-bit), is used. PCRE also has alternative matching functions,
+<b>pcre_dfa_exec()</b> and <b>pcre[16|32_dfa_exec()</b>, which match using a
+different algorithm that is not Perl-compatible. Some of the features discussed
+below are not available when DFA matching is used. The advantages and
+disadvantages of the alternative functions, and how they differ from the normal
+functions, are discussed in the
+<a href="pcrematching.html"><b>pcrematching</b></a>
+page.
+</P>
+<br><a name="SEC2" href="#TOC1">SPECIAL START-OF-PATTERN ITEMS</a><br>
+<P>
+A number of options that can be passed to <b>pcre_compile()</b> can also be set
+by special items at the start of a pattern. These are not Perl-compatible, but
+are provided to make these options accessible to pattern writers who are not
+able to change the program that processes the pattern. Any number of these
+items may appear, but they must all be together right at the start of the
+pattern string, and the letters must be in upper case.
+</P>
+<br><b>
+UTF support
+</b><br>
+<P>
+The original operation of PCRE was on strings of one-byte characters. However,
+there is now also support for UTF-8 strings in the original library, an
+extra library that supports 16-bit and UTF-16 character strings, and a
+third library that supports 32-bit and UTF-32 character strings. To use these
+features, PCRE must be built to include appropriate support. When using UTF
+strings you must either call the compiling function with the PCRE_UTF8,
+PCRE_UTF16, or PCRE_UTF32 option, or the pattern must start with one of
+these special sequences:
+<pre>
+  (*UTF8)
+  (*UTF16)
+  (*UTF32)
+  (*UTF)
+</pre>
+(*UTF) is a generic sequence that can be used with any of the libraries.
+Starting a pattern with such a sequence is equivalent to setting the relevant
+option. How setting a UTF mode affects pattern matching is mentioned in several
+places below. There is also a summary of features in the
+<a href="pcreunicode.html"><b>pcreunicode</b></a>
+page.
+</P>
+<P>
+Some applications that allow their users to supply patterns may wish to
+restrict them to non-UTF data for security reasons. If the PCRE_NEVER_UTF
+option is set at compile time, (*UTF) etc. are not allowed, and their
+appearance causes an error.
+</P>
+<br><b>
+Unicode property support
+</b><br>
+<P>
+Another special sequence that may appear at the start of a pattern is (*UCP).
+This has the same effect as setting the PCRE_UCP option: it causes sequences
+such as \d and \w to use Unicode properties to determine character types,
+instead of recognizing only characters with codes less than 128 via a lookup
+table.
+</P>
+<br><b>
+Disabling auto-possessification
+</b><br>
+<P>
+If a pattern starts with (*NO_AUTO_POSSESS), it has the same effect as setting
+the PCRE_NO_AUTO_POSSESS option at compile time. This stops PCRE from making
+quantifiers possessive when what follows cannot match the repeated item. For
+example, by default a+b is treated as a++b. For more details, see the
+<a href="pcreapi.html"><b>pcreapi</b></a>
+documentation.
+</P>
+<br><b>
+Disabling start-up optimizations
+</b><br>
+<P>
+If a pattern starts with (*NO_START_OPT), it has the same effect as setting the
+PCRE_NO_START_OPTIMIZE option either at compile or matching time. This disables
+several optimizations for quickly reaching "no match" results. For more
+details, see the
+<a href="pcreapi.html"><b>pcreapi</b></a>
+documentation.
+<a name="newlines"></a></P>
+<br><b>
+Newline conventions
+</b><br>
+<P>
+PCRE supports five different conventions for indicating line breaks in
+strings: a single CR (carriage return) character, a single LF (linefeed)
+character, the two-character sequence CRLF, any of the three preceding, or any
+Unicode newline sequence. The
+<a href="pcreapi.html"><b>pcreapi</b></a>
+page has
+<a href="pcreapi.html#newlines">further discussion</a>
+about newlines, and shows how to set the newline convention in the
+<i>options</i> arguments for the compiling and matching functions.
+</P>
+<P>
+It is also possible to specify a newline convention by starting a pattern
+string with one of the following five sequences:
+<pre>
+  (*CR)        carriage return
+  (*LF)        linefeed
+  (*CRLF)      carriage return, followed by linefeed
+  (*ANYCRLF)   any of the three above
+  (*ANY)       all Unicode newline sequences
+</pre>
+These override the default and the options given to the compiling function. For
+example, on a Unix system where LF is the default newline sequence, the pattern
+<pre>
+  (*CR)a.b
+</pre>
+changes the convention to CR. That pattern matches "a\nb" because LF is no
+longer a newline. If more than one of these settings is present, the last one
+is used.
+</P>
+<P>
+The newline convention affects where the circumflex and dollar assertions are
+true. It also affects the interpretation of the dot metacharacter when
+PCRE_DOTALL is not set, and the behaviour of \N. However, it does not affect
+what the \R escape sequence matches. By default, this is any Unicode newline
+sequence, for Perl compatibility. However, this can be changed; see the
+description of \R in the section entitled
+<a href="#newlineseq">"Newline sequences"</a>
+below. A change of \R setting can be combined with a change of newline
+convention.
+</P>
+<br><b>
+Setting match and recursion limits
+</b><br>
+<P>
+The caller of <b>pcre_exec()</b> can set a limit on the number of times the
+internal <b>match()</b> function is called and on the maximum depth of
+recursive calls. These facilities are provided to catch runaway matches that
+are provoked by patterns with huge matching trees (a typical example is a
+pattern with nested unlimited repeats) and to avoid running out of system stack
+by too much recursion. When one of these limits is reached, <b>pcre_exec()</b>
+gives an error return. The limits can also be set by items at the start of the
+pattern of the form
+<pre>
+  (*LIMIT_MATCH=d)
+  (*LIMIT_RECURSION=d)
+</pre>
+where d is any number of decimal digits. However, the value of the setting must
+be less than the value set (or defaulted) by the caller of <b>pcre_exec()</b>
+for it to have any effect. In other words, the pattern writer can lower the
+limits set by the programmer, but not raise them. If there is more than one
+setting of one of these limits, the lower value is used.
+</P>
+<br><a name="SEC3" href="#TOC1">EBCDIC CHARACTER CODES</a><br>
+<P>
+PCRE can be compiled to run in an environment that uses EBCDIC as its character
+code rather than ASCII or Unicode (typically a mainframe system). In the
+sections below, character code values are ASCII or Unicode; in an EBCDIC
+environment these characters may have different code values, and there are no
+code points greater than 255.
+</P>
+<br><a name="SEC4" href="#TOC1">CHARACTERS AND METACHARACTERS</a><br>
+<P>
+A regular expression is a pattern that is matched against a subject string from
+left to right. Most characters stand for themselves in a pattern, and match the
+corresponding characters in the subject. As a trivial example, the pattern
+<pre>
+  The quick brown fox
+</pre>
+matches a portion of a subject string that is identical to itself. When
+caseless matching is specified (the PCRE_CASELESS option), letters are matched
+independently of case. In a UTF mode, PCRE always understands the concept of
+case for characters whose values are less than 128, so caseless matching is
+always possible. For characters with higher values, the concept of case is
+supported if PCRE is compiled with Unicode property support, but not otherwise.
+If you want to use caseless matching for characters 128 and above, you must
+ensure that PCRE is compiled with Unicode property support as well as with
+UTF support.
+</P>
+<P>
+The power of regular expressions comes from the ability to include alternatives
+and repetitions in the pattern. These are encoded in the pattern by the use of
+<i>metacharacters</i>, which do not stand for themselves but instead are
+interpreted in some special way.
+</P>
+<P>
+There are two different sets of metacharacters: those that are recognized
+anywhere in the pattern except within square brackets, and those that are
+recognized within square brackets. Outside square brackets, the metacharacters
+are as follows:
+<pre>
+  \      general escape character with several uses
+  ^      assert start of string (or line, in multiline mode)
+  $      assert end of string (or line, in multiline mode)
+  .      match any character except newline (by default)
+  [      start character class definition
+  |      start of alternative branch
+  (      start subpattern
+  )      end subpattern
+  ?      extends the meaning of (
+         also 0 or 1 quantifier
+         also quantifier minimizer
+  *      0 or more quantifier
+  +      1 or more quantifier
+         also "possessive quantifier"
+  {      start min/max quantifier
+</pre>
+Part of a pattern that is in square brackets is called a "character class". In
+a character class the only metacharacters are:
+<pre>
+  \      general escape character
+  ^      negate the class, but only if the first character
+  -      indicates character range
+  [      POSIX character class (only if followed by POSIX syntax)
+  ]      terminates the character class
+</pre>
+The following sections describe the use of each of the metacharacters.
+</P>
+<br><a name="SEC5" href="#TOC1">BACKSLASH</a><br>
+<P>
+The backslash character has several uses. Firstly, if it is followed by a
+character that is not a number or a letter, it takes away any special meaning
+that character may have. This use of backslash as an escape character applies
+both inside and outside character classes.
+</P>
+<P>
+For example, if you want to match a * character, you write \* in the pattern.
+This escaping action applies whether or not the following character would
+otherwise be interpreted as a metacharacter, so it is always safe to precede a
+non-alphanumeric with backslash to specify that it stands for itself. In
+particular, if you want to match a backslash, you write \\.
+</P>
+<P>
+In a UTF mode, only ASCII numbers and letters have any special meaning after a
+backslash. All other characters (in particular, those whose codepoints are
+greater than 127) are treated as literals.
+</P>
+<P>
+If a pattern is compiled with the PCRE_EXTENDED option, most white space in the
+pattern (other than in a character class), and characters between a # outside a
+character class and the next newline, inclusive, are ignored. An escaping
+backslash can be used to include a white space or # character as part of the
+pattern.
+</P>
+<P>
+If you want to remove the special meaning from a sequence of characters, you
+can do so by putting them between \Q and \E. This is different from Perl in
+that $ and @ are handled as literals in \Q...\E sequences in PCRE, whereas in
+Perl, $ and @ cause variable interpolation. Note the following examples:
+<pre>
+  Pattern            PCRE matches   Perl matches
+
+  \Qabc$xyz\E        abc$xyz        abc followed by the contents of $xyz
+  \Qabc\$xyz\E       abc\$xyz       abc\$xyz
+  \Qabc\E\$\Qxyz\E   abc$xyz        abc$xyz
+</pre>
+The \Q...\E sequence is recognized both inside and outside character classes.
+An isolated \E that is not preceded by \Q is ignored. If \Q is not followed
+by \E later in the pattern, the literal interpretation continues to the end of
+the pattern (that is, \E is assumed at the end). If the isolated \Q is inside
+a character class, this causes an error, because the character class is not
+terminated.
+<a name="digitsafterbackslash"></a></P>
+<br><b>
+Non-printing characters
+</b><br>
+<P>
+A second use of backslash provides a way of encoding non-printing characters
+in patterns in a visible manner. There is no restriction on the appearance of
+non-printing characters, apart from the binary zero that terminates a pattern,
+but when a pattern is being prepared by text editing, it is often easier to use
+one of the following escape sequences than the binary character it represents.
+In an ASCII or Unicode environment, these escapes are as follows:
+<pre>
+  \a        alarm, that is, the BEL character (hex 07)
+  \cx       "control-x", where x is any ASCII character
+  \e        escape (hex 1B)
+  \f        form feed (hex 0C)
+  \n        linefeed (hex 0A)
+  \r        carriage return (hex 0D)
+  \t        tab (hex 09)
+  \0dd      character with octal code 0dd
+  \ddd      character with octal code ddd, or back reference
+  \o{ddd..} character with octal code ddd..
+  \xhh      character with hex code hh
+  \x{hhh..} character with hex code hhh.. (non-JavaScript mode)
+  \uhhhh    character with hex code hhhh (JavaScript mode only)
+</pre>
+The precise effect of \cx on ASCII characters is as follows: if x is a lower
+case letter, it is converted to upper case. Then bit 6 of the character (hex
+40) is inverted. Thus \cA to \cZ become hex 01 to hex 1A (A is 41, Z is 5A),
+but \c{ becomes hex 3B ({ is 7B), and \c; becomes hex 7B (; is 3B). If the
+data item (byte or 16-bit value) following \c has a value greater than 127, a
+compile-time error occurs. This locks out non-ASCII characters in all modes.
+</P>
+<P>
+When PCRE is compiled in EBCDIC mode, \a, \e, \f, \n, \r, and \t
+generate the appropriate EBCDIC code values. The \c escape is processed
+as specified for Perl in the <b>perlebcdic</b> document. The only characters
+that are allowed after \c are A-Z, a-z, or one of @, [, \, ], ^, _, or ?. Any
+other character provokes a compile-time error. The sequence \c@ encodes
+character code 0; after \c the letters (in either case) encode characters 1-26
+(hex 01 to hex 1A); [, \, ], ^, and _ encode characters 27-31 (hex 1B to hex
+1F), and \c? becomes either 255 (hex FF) or 95 (hex 5F).
+</P>
+<P>
+Thus, apart from \c?, these escapes generate the same character code values as
+they do in an ASCII environment, though the meanings of the values mostly
+differ. For example, \cG always generates code value 7, which is BEL in ASCII
+but DEL in EBCDIC.
+</P>
+<P>
+The sequence \c? generates DEL (127, hex 7F) in an ASCII environment, but
+because 127 is not a control character in EBCDIC, Perl makes it generate the
+APC character. Unfortunately, there are several variants of EBCDIC. In most of
+them the APC character has the value 255 (hex FF), but in the one Perl calls
+POSIX-BC its value is 95 (hex 5F). If certain other characters have POSIX-BC
+values, PCRE makes \c? generate 95; otherwise it generates 255.
+</P>
+<P>
+After \0 up to two further octal digits are read. If there are fewer than two
+digits, just those that are present are used. Thus the sequence \0\x\015
+specifies two binary zeros followed by a CR character (code value 13). Make
+sure you supply two digits after the initial zero if the pattern character that
+follows is itself an octal digit.
+</P>
+<P>
+The escape \o must be followed by a sequence of octal digits, enclosed in
+braces. An error occurs if this is not the case. This escape is a recent
+addition to Perl; it provides way of specifying character code points as octal
+numbers greater than 0777, and it also allows octal numbers and back references
+to be unambiguously specified.
+</P>
+<P>
+For greater clarity and unambiguity, it is best to avoid following \ by a
+digit greater than zero. Instead, use \o{} or \x{} to specify character
+numbers, and \g{} to specify back references. The following paragraphs
+describe the old, ambiguous syntax.
+</P>
+<P>
+The handling of a backslash followed by a digit other than 0 is complicated,
+and Perl has changed in recent releases, causing PCRE also to change. Outside a
+character class, PCRE reads the digit and any following digits as a decimal
+number. If the number is less than 8, or if there have been at least that many
+previous capturing left parentheses in the expression, the entire sequence is
+taken as a <i>back reference</i>. A description of how this works is given
+<a href="#backreferences">later,</a>
+following the discussion of
+<a href="#subpattern">parenthesized subpatterns.</a>
+</P>
+<P>
+Inside a character class, or if the decimal number following \ is greater than
+7 and there have not been that many capturing subpatterns, PCRE handles \8 and
+\9 as the literal characters "8" and "9", and otherwise re-reads up to three
+octal digits following the backslash, using them to generate a data character.
+Any subsequent digits stand for themselves. For example:
+<pre>
+  \040   is another way of writing an ASCII space
+  \40    is the same, provided there are fewer than 40 previous capturing subpatterns
+  \7     is always a back reference
+  \11    might be a back reference, or another way of writing a tab
+  \011   is always a tab
+  \0113  is a tab followed by the character "3"
+  \113   might be a back reference, otherwise the character with octal code 113
+  \377   might be a back reference, otherwise the value 255 (decimal)
+  \81    is either a back reference, or the two characters "8" and "1"
+</pre>
+Note that octal values of 100 or greater that are specified using this syntax
+must not be introduced by a leading zero, because no more than three octal
+digits are ever read.
+</P>
+<P>
+By default, after \x that is not followed by {, from zero to two hexadecimal
+digits are read (letters can be in upper or lower case). Any number of
+hexadecimal digits may appear between \x{ and }. If a character other than
+a hexadecimal digit appears between \x{ and }, or if there is no terminating
+}, an error occurs.
+</P>
+<P>
+If the PCRE_JAVASCRIPT_COMPAT option is set, the interpretation of \x is
+as just described only when it is followed by two hexadecimal digits.
+Otherwise, it matches a literal "x" character. In JavaScript mode, support for
+code points greater than 256 is provided by \u, which must be followed by
+four hexadecimal digits; otherwise it matches a literal "u" character.
+</P>
+<P>
+Characters whose value is less than 256 can be defined by either of the two
+syntaxes for \x (or by \u in JavaScript mode). There is no difference in the
+way they are handled. For example, \xdc is exactly the same as \x{dc} (or
+\u00dc in JavaScript mode).
+</P>
+<br><b>
+Constraints on character values
+</b><br>
+<P>
+Characters that are specified using octal or hexadecimal numbers are
+limited to certain values, as follows:
+<pre>
+  8-bit non-UTF mode    less than 0x100
+  8-bit UTF-8 mode      less than 0x10ffff and a valid codepoint
+  16-bit non-UTF mode   less than 0x10000
+  16-bit UTF-16 mode    less than 0x10ffff and a valid codepoint
+  32-bit non-UTF mode   less than 0x100000000
+  32-bit UTF-32 mode    less than 0x10ffff and a valid codepoint
+</pre>
+Invalid Unicode codepoints are the range 0xd800 to 0xdfff (the so-called
+"surrogate" codepoints), and 0xffef.
+</P>
+<br><b>
+Escape sequences in character classes
+</b><br>
+<P>
+All the sequences that define a single character value can be used both inside
+and outside character classes. In addition, inside a character class, \b is
+interpreted as the backspace character (hex 08).
+</P>
+<P>
+\N is not allowed in a character class. \B, \R, and \X are not special
+inside a character class. Like other unrecognized escape sequences, they are
+treated as the literal characters "B", "R", and "X" by default, but cause an
+error if the PCRE_EXTRA option is set. Outside a character class, these
+sequences have different meanings.
+</P>
+<br><b>
+Unsupported escape sequences
+</b><br>
+<P>
+In Perl, the sequences \l, \L, \u, and \U are recognized by its string
+handler and used to modify the case of following characters. By default, PCRE
+does not support these escape sequences. However, if the PCRE_JAVASCRIPT_COMPAT
+option is set, \U matches a "U" character, and \u can be used to define a
+character by code point, as described in the previous section.
+</P>
+<br><b>
+Absolute and relative back references
+</b><br>
+<P>
+The sequence \g followed by an unsigned or a negative number, optionally
+enclosed in braces, is an absolute or relative back reference. A named back
+reference can be coded as \g{name}. Back references are discussed
+<a href="#backreferences">later,</a>
+following the discussion of
+<a href="#subpattern">parenthesized subpatterns.</a>
+</P>
+<br><b>
+Absolute and relative subroutine calls
+</b><br>
+<P>
+For compatibility with Oniguruma, the non-Perl syntax \g followed by a name or
+a number enclosed either in angle brackets or single quotes, is an alternative
+syntax for referencing a subpattern as a "subroutine". Details are discussed
+<a href="#onigurumasubroutines">later.</a>
+Note that \g{...} (Perl syntax) and \g&#60;...&#62; (Oniguruma syntax) are <i>not</i>
+synonymous. The former is a back reference; the latter is a
+<a href="#subpatternsassubroutines">subroutine</a>
+call.
+<a name="genericchartypes"></a></P>
+<br><b>
+Generic character types
+</b><br>
+<P>
+Another use of backslash is for specifying generic character types:
+<pre>
+  \d     any decimal digit
+  \D     any character that is not a decimal digit
+  \h     any horizontal white space character
+  \H     any character that is not a horizontal white space character
+  \s     any white space character
+  \S     any character that is not a white space character
+  \v     any vertical white space character
+  \V     any character that is not a vertical white space character
+  \w     any "word" character
+  \W     any "non-word" character
+</pre>
+There is also the single sequence \N, which matches a non-newline character.
+This is the same as
+<a href="#fullstopdot">the "." metacharacter</a>
+when PCRE_DOTALL is not set. Perl also uses \N to match characters by name;
+PCRE does not support this.
+</P>
+<P>
+Each pair of lower and upper case escape sequences partitions the complete set
+of characters into two disjoint sets. Any given character matches one, and only
+one, of each pair. The sequences can appear both inside and outside character
+classes. They each match one character of the appropriate type. If the current
+matching point is at the end of the subject string, all of them fail, because
+there is no character to match.
+</P>
+<P>
+For compatibility with Perl, \s did not used to match the VT character (code
+11), which made it different from the the POSIX "space" class. However, Perl
+added VT at release 5.18, and PCRE followed suit at release 8.34. The default
+\s characters are now HT (9), LF (10), VT (11), FF (12), CR (13), and space
+(32), which are defined as white space in the "C" locale. This list may vary if
+locale-specific matching is taking place. For example, in some locales the
+"non-breaking space" character (\xA0) is recognized as white space, and in
+others the VT character is not.
+</P>
+<P>
+A "word" character is an underscore or any character that is a letter or digit.
+By default, the definition of letters and digits is controlled by PCRE's
+low-valued character tables, and may vary if locale-specific matching is taking
+place (see
+<a href="pcreapi.html#localesupport">"Locale support"</a>
+in the
+<a href="pcreapi.html"><b>pcreapi</b></a>
+page). For example, in a French locale such as "fr_FR" in Unix-like systems,
+or "french" in Windows, some character codes greater than 127 are used for
+accented letters, and these are then matched by \w. The use of locales with
+Unicode is discouraged.
+</P>
+<P>
+By default, characters whose code points are greater than 127 never match \d,
+\s, or \w, and always match \D, \S, and \W, although this may vary for
+characters in the range 128-255 when locale-specific matching is happening.
+These escape sequences retain their original meanings from before Unicode
+support was available, mainly for efficiency reasons. If PCRE is compiled with
+Unicode property support, and the PCRE_UCP option is set, the behaviour is
+changed so that Unicode properties are used to determine character types, as
+follows:
+<pre>
+  \d  any character that matches \p{Nd} (decimal digit)
+  \s  any character that matches \p{Z} or \h or \v
+  \w  any character that matches \p{L} or \p{N}, plus underscore
+</pre>
+The upper case escapes match the inverse sets of characters. Note that \d
+matches only decimal digits, whereas \w matches any Unicode digit, as well as
+any Unicode letter, and underscore. Note also that PCRE_UCP affects \b, and
+\B because they are defined in terms of \w and \W. Matching these sequences
+is noticeably slower when PCRE_UCP is set.
+</P>
+<P>
+The sequences \h, \H, \v, and \V are features that were added to Perl at
+release 5.10. In contrast to the other sequences, which match only ASCII
+characters by default, these always match certain high-valued code points,
+whether or not PCRE_UCP is set. The horizontal space characters are:
+<pre>
+  U+0009     Horizontal tab (HT)
+  U+0020     Space
+  U+00A0     Non-break space
+  U+1680     Ogham space mark
+  U+180E     Mongolian vowel separator
+  U+2000     En quad
+  U+2001     Em quad
+  U+2002     En space
+  U+2003     Em space
+  U+2004     Three-per-em space
+  U+2005     Four-per-em space
+  U+2006     Six-per-em space
+  U+2007     Figure space
+  U+2008     Punctuation space
+  U+2009     Thin space
+  U+200A     Hair space
+  U+202F     Narrow no-break space
+  U+205F     Medium mathematical space
+  U+3000     Ideographic space
+</pre>
+The vertical space characters are:
+<pre>
+  U+000A     Linefeed (LF)
+  U+000B     Vertical tab (VT)
+  U+000C     Form feed (FF)
+  U+000D     Carriage return (CR)
+  U+0085     Next line (NEL)
+  U+2028     Line separator
+  U+2029     Paragraph separator
+</pre>
+In 8-bit, non-UTF-8 mode, only the characters with codepoints less than 256 are
+relevant.
+<a name="newlineseq"></a></P>
+<br><b>
+Newline sequences
+</b><br>
+<P>
+Outside a character class, by default, the escape sequence \R matches any
+Unicode newline sequence. In 8-bit non-UTF-8 mode \R is equivalent to the
+following:
+<pre>
+  (?&#62;\r\n|\n|\x0b|\f|\r|\x85)
+</pre>
+This is an example of an "atomic group", details of which are given
+<a href="#atomicgroup">below.</a>
+This particular group matches either the two-character sequence CR followed by
+LF, or one of the single characters LF (linefeed, U+000A), VT (vertical tab,
+U+000B), FF (form feed, U+000C), CR (carriage return, U+000D), or NEL (next
+line, U+0085). The two-character sequence is treated as a single unit that
+cannot be split.
+</P>
+<P>
+In other modes, two additional characters whose codepoints are greater than 255
+are added: LS (line separator, U+2028) and PS (paragraph separator, U+2029).
+Unicode character property support is not needed for these characters to be
+recognized.
+</P>
+<P>
+It is possible to restrict \R to match only CR, LF, or CRLF (instead of the
+complete set of Unicode line endings) by setting the option PCRE_BSR_ANYCRLF
+either at compile time or when the pattern is matched. (BSR is an abbrevation
+for "backslash R".) This can be made the default when PCRE is built; if this is
+the case, the other behaviour can be requested via the PCRE_BSR_UNICODE option.
+It is also possible to specify these settings by starting a pattern string with
+one of the following sequences:
+<pre>
+  (*BSR_ANYCRLF)   CR, LF, or CRLF only
+  (*BSR_UNICODE)   any Unicode newline sequence
+</pre>
+These override the default and the options given to the compiling function, but
+they can themselves be overridden by options given to a matching function. Note
+that these special settings, which are not Perl-compatible, are recognized only
+at the very start of a pattern, and that they must be in upper case. If more
+than one of them is present, the last one is used. They can be combined with a
+change of newline convention; for example, a pattern can start with:
+<pre>
+  (*ANY)(*BSR_ANYCRLF)
+</pre>
+They can also be combined with the (*UTF8), (*UTF16), (*UTF32), (*UTF) or
+(*UCP) special sequences. Inside a character class, \R is treated as an
+unrecognized escape sequence, and so matches the letter "R" by default, but
+causes an error if PCRE_EXTRA is set.
+<a name="uniextseq"></a></P>
+<br><b>
+Unicode character properties
+</b><br>
+<P>
+When PCRE is built with Unicode character property support, three additional
+escape sequences that match characters with specific properties are available.
+When in 8-bit non-UTF-8 mode, these sequences are of course limited to testing
+characters whose codepoints are less than 256, but they do work in this mode.
+The extra escape sequences are:
+<pre>
+  \p{<i>xx</i>}   a character with the <i>xx</i> property
+  \P{<i>xx</i>}   a character without the <i>xx</i> property
+  \X       a Unicode extended grapheme cluster
+</pre>
+The property names represented by <i>xx</i> above are limited to the Unicode
+script names, the general category properties, "Any", which matches any
+character (including newline), and some special PCRE properties (described
+in the
+<a href="#extraprops">next section).</a>
+Other Perl properties such as "InMusicalSymbols" are not currently supported by
+PCRE. Note that \P{Any} does not match any characters, so always causes a
+match failure.
+</P>
+<P>
+Sets of Unicode characters are defined as belonging to certain scripts. A
+character from one of these sets can be matched using a script name. For
+example:
+<pre>
+  \p{Greek}
+  \P{Han}
+</pre>
+Those that are not part of an identified script are lumped together as
+"Common". The current list of scripts is:
+</P>
+<P>
+Arabic,
+Armenian,
+Avestan,
+Balinese,
+Bamum,
+Bassa_Vah,
+Batak,
+Bengali,
+Bopomofo,
+Brahmi,
+Braille,
+Buginese,
+Buhid,
+Canadian_Aboriginal,
+Carian,
+Caucasian_Albanian,
+Chakma,
+Cham,
+Cherokee,
+Common,
+Coptic,
+Cuneiform,
+Cypriot,
+Cyrillic,
+Deseret,
+Devanagari,
+Duployan,
+Egyptian_Hieroglyphs,
+Elbasan,
+Ethiopic,
+Georgian,
+Glagolitic,
+Gothic,
+Grantha,
+Greek,
+Gujarati,
+Gurmukhi,
+Han,
+Hangul,
+Hanunoo,
+Hebrew,
+Hiragana,
+Imperial_Aramaic,
+Inherited,
+Inscriptional_Pahlavi,
+Inscriptional_Parthian,
+Javanese,
+Kaithi,
+Kannada,
+Katakana,
+Kayah_Li,
+Kharoshthi,
+Khmer,
+Khojki,
+Khudawadi,
+Lao,
+Latin,
+Lepcha,
+Limbu,
+Linear_A,
+Linear_B,
+Lisu,
+Lycian,
+Lydian,
+Mahajani,
+Malayalam,
+Mandaic,
+Manichaean,
+Meetei_Mayek,
+Mende_Kikakui,
+Meroitic_Cursive,
+Meroitic_Hieroglyphs,
+Miao,
+Modi,
+Mongolian,
+Mro,
+Myanmar,
+Nabataean,
+New_Tai_Lue,
+Nko,
+Ogham,
+Ol_Chiki,
+Old_Italic,
+Old_North_Arabian,
+Old_Permic,
+Old_Persian,
+Old_South_Arabian,
+Old_Turkic,
+Oriya,
+Osmanya,
+Pahawh_Hmong,
+Palmyrene,
+Pau_Cin_Hau,
+Phags_Pa,
+Phoenician,
+Psalter_Pahlavi,
+Rejang,
+Runic,
+Samaritan,
+Saurashtra,
+Sharada,
+Shavian,
+Siddham,
+Sinhala,
+Sora_Sompeng,
+Sundanese,
+Syloti_Nagri,
+Syriac,
+Tagalog,
+Tagbanwa,
+Tai_Le,
+Tai_Tham,
+Tai_Viet,
+Takri,
+Tamil,
+Telugu,
+Thaana,
+Thai,
+Tibetan,
+Tifinagh,
+Tirhuta,
+Ugaritic,
+Vai,
+Warang_Citi,
+Yi.
+</P>
+<P>
+Each character has exactly one Unicode general category property, specified by
+a two-letter abbreviation. For compatibility with Perl, negation can be
+specified by including a circumflex between the opening brace and the property
+name. For example, \p{^Lu} is the same as \P{Lu}.
+</P>
+<P>
+If only one letter is specified with \p or \P, it includes all the general
+category properties that start with that letter. In this case, in the absence
+of negation, the curly brackets in the escape sequence are optional; these two
+examples have the same effect:
+<pre>
+  \p{L}
+  \pL
+</pre>
+The following general category property codes are supported:
+<pre>
+  C     Other
+  Cc    Control
+  Cf    Format
+  Cn    Unassigned
+  Co    Private use
+  Cs    Surrogate
+
+  L     Letter
+  Ll    Lower case letter
+  Lm    Modifier letter
+  Lo    Other letter
+  Lt    Title case letter
+  Lu    Upper case letter
+
+  M     Mark
+  Mc    Spacing mark
+  Me    Enclosing mark
+  Mn    Non-spacing mark
+
+  N     Number
+  Nd    Decimal number
+  Nl    Letter number
+  No    Other number
+
+  P     Punctuation
+  Pc    Connector punctuation
+  Pd    Dash punctuation
+  Pe    Close punctuation
+  Pf    Final punctuation
+  Pi    Initial punctuation
+  Po    Other punctuation
+  Ps    Open punctuation
+
+  S     Symbol
+  Sc    Currency symbol
+  Sk    Modifier symbol
+  Sm    Mathematical symbol
+  So    Other symbol
+
+  Z     Separator
+  Zl    Line separator
+  Zp    Paragraph separator
+  Zs    Space separator
+</pre>
+The special property L& is also supported: it matches a character that has
+the Lu, Ll, or Lt property, in other words, a letter that is not classified as
+a modifier or "other".
+</P>
+<P>
+The Cs (Surrogate) property applies only to characters in the range U+D800 to
+U+DFFF. Such characters are not valid in Unicode strings and so
+cannot be tested by PCRE, unless UTF validity checking has been turned off
+(see the discussion of PCRE_NO_UTF8_CHECK, PCRE_NO_UTF16_CHECK and
+PCRE_NO_UTF32_CHECK in the
+<a href="pcreapi.html"><b>pcreapi</b></a>
+page). Perl does not support the Cs property.
+</P>
+<P>
+The long synonyms for property names that Perl supports (such as \p{Letter})
+are not supported by PCRE, nor is it permitted to prefix any of these
+properties with "Is".
+</P>
+<P>
+No character that is in the Unicode table has the Cn (unassigned) property.
+Instead, this property is assumed for any code point that is not in the
+Unicode table.
+</P>
+<P>
+Specifying caseless matching does not affect these escape sequences. For
+example, \p{Lu} always matches only upper case letters. This is different from
+the behaviour of current versions of Perl.
+</P>
+<P>
+Matching characters by Unicode property is not fast, because PCRE has to do a
+multistage table lookup in order to find a character's property. That is why
+the traditional escape sequences such as \d and \w do not use Unicode
+properties in PCRE by default, though you can make them do so by setting the
+PCRE_UCP option or by starting the pattern with (*UCP).
+</P>
+<br><b>
+Extended grapheme clusters
+</b><br>
+<P>
+The \X escape matches any number of Unicode characters that form an "extended
+grapheme cluster", and treats the sequence as an atomic group
+<a href="#atomicgroup">(see below).</a>
+Up to and including release 8.31, PCRE matched an earlier, simpler definition
+that was equivalent to
+<pre>
+  (?&#62;\PM\pM*)
+</pre>
+That is, it matched a character without the "mark" property, followed by zero
+or more characters with the "mark" property. Characters with the "mark"
+property are typically non-spacing accents that affect the preceding character.
+</P>
+<P>
+This simple definition was extended in Unicode to include more complicated
+kinds of composite character by giving each character a grapheme breaking
+property, and creating rules that use these properties to define the boundaries
+of extended grapheme clusters. In releases of PCRE later than 8.31, \X matches
+one of these clusters.
+</P>
+<P>
+\X always matches at least one character. Then it decides whether to add
+additional characters according to the following rules for ending a cluster:
+</P>
+<P>
+1. End at the end of the subject string.
+</P>
+<P>
+2. Do not end between CR and LF; otherwise end after any control character.
+</P>
+<P>
+3. Do not break Hangul (a Korean script) syllable sequences. Hangul characters
+are of five types: L, V, T, LV, and LVT. An L character may be followed by an
+L, V, LV, or LVT character; an LV or V character may be followed by a V or T
+character; an LVT or T character may be follwed only by a T character.
+</P>
+<P>
+4. Do not end before extending characters or spacing marks. Characters with
+the "mark" property always have the "extend" grapheme breaking property.
+</P>
+<P>
+5. Do not end after prepend characters.
+</P>
+<P>
+6. Otherwise, end the cluster.
+<a name="extraprops"></a></P>
+<br><b>
+PCRE's additional properties
+</b><br>
+<P>
+As well as the standard Unicode properties described above, PCRE supports four
+more that make it possible to convert traditional escape sequences such as \w
+and \s to use Unicode properties. PCRE uses these non-standard, non-Perl
+properties internally when PCRE_UCP is set. However, they may also be used
+explicitly. These properties are:
+<pre>
+  Xan   Any alphanumeric character
+  Xps   Any POSIX space character
+  Xsp   Any Perl space character
+  Xwd   Any Perl "word" character
+</pre>
+Xan matches characters that have either the L (letter) or the N (number)
+property. Xps matches the characters tab, linefeed, vertical tab, form feed, or
+carriage return, and any other character that has the Z (separator) property.
+Xsp is the same as Xps; it used to exclude vertical tab, for Perl
+compatibility, but Perl changed, and so PCRE followed at release 8.34. Xwd
+matches the same characters as Xan, plus underscore.
+</P>
+<P>
+There is another non-standard property, Xuc, which matches any character that
+can be represented by a Universal Character Name in C++ and other programming
+languages. These are the characters $, @, ` (grave accent), and all characters
+with Unicode code points greater than or equal to U+00A0, except for the
+surrogates U+D800 to U+DFFF. Note that most base (ASCII) characters are
+excluded. (Universal Character Names are of the form \uHHHH or \UHHHHHHHH
+where H is a hexadecimal digit. Note that the Xuc property does not match these
+sequences but the characters that they represent.)
+<a name="resetmatchstart"></a></P>
+<br><b>
+Resetting the match start
+</b><br>
+<P>
+The escape sequence \K causes any previously matched characters not to be
+included in the final matched sequence. For example, the pattern:
+<pre>
+  foo\Kbar
+</pre>
+matches "foobar", but reports that it has matched "bar". This feature is
+similar to a lookbehind assertion
+<a href="#lookbehind">(described below).</a>
+However, in this case, the part of the subject before the real match does not
+have to be of fixed length, as lookbehind assertions do. The use of \K does
+not interfere with the setting of
+<a href="#subpattern">captured substrings.</a>
+For example, when the pattern
+<pre>
+  (foo)\Kbar
+</pre>
+matches "foobar", the first substring is still set to "foo".
+</P>
+<P>
+Perl documents that the use of \K within assertions is "not well defined". In
+PCRE, \K is acted upon when it occurs inside positive assertions, but is
+ignored in negative assertions. Note that when a pattern such as (?=ab\K)
+matches, the reported start of the match can be greater than the end of the
+match.
+<a name="smallassertions"></a></P>
+<br><b>
+Simple assertions
+</b><br>
+<P>
+The final use of backslash is for certain simple assertions. An assertion
+specifies a condition that has to be met at a particular point in a match,
+without consuming any characters from the subject string. The use of
+subpatterns for more complicated assertions is described
+<a href="#bigassertions">below.</a>
+The backslashed assertions are:
+<pre>
+  \b     matches at a word boundary
+  \B     matches when not at a word boundary
+  \A     matches at the start of the subject
+  \Z     matches at the end of the subject
+          also matches before a newline at the end of the subject
+  \z     matches only at the end of the subject
+  \G     matches at the first matching position in the subject
+</pre>
+Inside a character class, \b has a different meaning; it matches the backspace
+character. If any other of these assertions appears in a character class, by
+default it matches the corresponding literal character (for example, \B
+matches the letter B). However, if the PCRE_EXTRA option is set, an "invalid
+escape sequence" error is generated instead.
+</P>
+<P>
+A word boundary is a position in the subject string where the current character
+and the previous character do not both match \w or \W (i.e. one matches
+\w and the other matches \W), or the start or end of the string if the
+first or last character matches \w, respectively. In a UTF mode, the meanings
+of \w and \W can be changed by setting the PCRE_UCP option. When this is
+done, it also affects \b and \B. Neither PCRE nor Perl has a separate "start
+of word" or "end of word" metasequence. However, whatever follows \b normally
+determines which it is. For example, the fragment \ba matches "a" at the start
+of a word.
+</P>
+<P>
+The \A, \Z, and \z assertions differ from the traditional circumflex and
+dollar (described in the next section) in that they only ever match at the very
+start and end of the subject string, whatever options are set. Thus, they are
+independent of multiline mode. These three assertions are not affected by the
+PCRE_NOTBOL or PCRE_NOTEOL options, which affect only the behaviour of the
+circumflex and dollar metacharacters. However, if the <i>startoffset</i>
+argument of <b>pcre_exec()</b> is non-zero, indicating that matching is to start
+at a point other than the beginning of the subject, \A can never match. The
+difference between \Z and \z is that \Z matches before a newline at the end
+of the string as well as at the very end, whereas \z matches only at the end.
+</P>
+<P>
+The \G assertion is true only when the current matching position is at the
+start point of the match, as specified by the <i>startoffset</i> argument of
+<b>pcre_exec()</b>. It differs from \A when the value of <i>startoffset</i> is
+non-zero. By calling <b>pcre_exec()</b> multiple times with appropriate
+arguments, you can mimic Perl's /g option, and it is in this kind of
+implementation where \G can be useful.
+</P>
+<P>
+Note, however, that PCRE's interpretation of \G, as the start of the current
+match, is subtly different from Perl's, which defines it as the end of the
+previous match. In Perl, these can be different when the previously matched
+string was empty. Because PCRE does just one match at a time, it cannot
+reproduce this behaviour.
+</P>
+<P>
+If all the alternatives of a pattern begin with \G, the expression is anchored
+to the starting match position, and the "anchored" flag is set in the compiled
+regular expression.
+</P>
+<br><a name="SEC6" href="#TOC1">CIRCUMFLEX AND DOLLAR</a><br>
+<P>
+The circumflex and dollar metacharacters are zero-width assertions. That is,
+they test for a particular condition being true without consuming any
+characters from the subject string.
+</P>
+<P>
+Outside a character class, in the default matching mode, the circumflex
+character is an assertion that is true only if the current matching point is at
+the start of the subject string. If the <i>startoffset</i> argument of
+<b>pcre_exec()</b> is non-zero, circumflex can never match if the PCRE_MULTILINE
+option is unset. Inside a character class, circumflex has an entirely different
+meaning
+<a href="#characterclass">(see below).</a>
+</P>
+<P>
+Circumflex need not be the first character of the pattern if a number of
+alternatives are involved, but it should be the first thing in each alternative
+in which it appears if the pattern is ever to match that branch. If all
+possible alternatives start with a circumflex, that is, if the pattern is
+constrained to match only at the start of the subject, it is said to be an
+"anchored" pattern. (There are also other constructs that can cause a pattern
+to be anchored.)
+</P>
+<P>
+The dollar character is an assertion that is true only if the current matching
+point is at the end of the subject string, or immediately before a newline at
+the end of the string (by default). Note, however, that it does not actually
+match the newline. Dollar need not be the last character of the pattern if a
+number of alternatives are involved, but it should be the last item in any
+branch in which it appears. Dollar has no special meaning in a character class.
+</P>
+<P>
+The meaning of dollar can be changed so that it matches only at the very end of
+the string, by setting the PCRE_DOLLAR_ENDONLY option at compile time. This
+does not affect the \Z assertion.
+</P>
+<P>
+The meanings of the circumflex and dollar characters are changed if the
+PCRE_MULTILINE option is set. When this is the case, a circumflex matches
+immediately after internal newlines as well as at the start of the subject
+string. It does not match after a newline that ends the string. A dollar
+matches before any newlines in the string, as well as at the very end, when
+PCRE_MULTILINE is set. When newline is specified as the two-character
+sequence CRLF, isolated CR and LF characters do not indicate newlines.
+</P>
+<P>
+For example, the pattern /^abc$/ matches the subject string "def\nabc" (where
+\n represents a newline) in multiline mode, but not otherwise. Consequently,
+patterns that are anchored in single line mode because all branches start with
+^ are not anchored in multiline mode, and a match for circumflex is possible
+when the <i>startoffset</i> argument of <b>pcre_exec()</b> is non-zero. The
+PCRE_DOLLAR_ENDONLY option is ignored if PCRE_MULTILINE is set.
+</P>
+<P>
+Note that the sequences \A, \Z, and \z can be used to match the start and
+end of the subject in both modes, and if all branches of a pattern start with
+\A it is always anchored, whether or not PCRE_MULTILINE is set.
+<a name="fullstopdot"></a></P>
+<br><a name="SEC7" href="#TOC1">FULL STOP (PERIOD, DOT) AND \N</a><br>
+<P>
+Outside a character class, a dot in the pattern matches any one character in
+the subject string except (by default) a character that signifies the end of a
+line.
+</P>
+<P>
+When a line ending is defined as a single character, dot never matches that
+character; when the two-character sequence CRLF is used, dot does not match CR
+if it is immediately followed by LF, but otherwise it matches all characters
+(including isolated CRs and LFs). When any Unicode line endings are being
+recognized, dot does not match CR or LF or any of the other line ending
+characters.
+</P>
+<P>
+The behaviour of dot with regard to newlines can be changed. If the PCRE_DOTALL
+option is set, a dot matches any one character, without exception. If the
+two-character sequence CRLF is present in the subject string, it takes two dots
+to match it.
+</P>
+<P>
+The handling of dot is entirely independent of the handling of circumflex and
+dollar, the only relationship being that they both involve newlines. Dot has no
+special meaning in a character class.
+</P>
+<P>
+The escape sequence \N behaves like a dot, except that it is not affected by
+the PCRE_DOTALL option. In other words, it matches any character except one
+that signifies the end of a line. Perl also uses \N to match characters by
+name; PCRE does not support this.
+</P>
+<br><a name="SEC8" href="#TOC1">MATCHING A SINGLE DATA UNIT</a><br>
+<P>
+Outside a character class, the escape sequence \C matches any one data unit,
+whether or not a UTF mode is set. In the 8-bit library, one data unit is one
+byte; in the 16-bit library it is a 16-bit unit; in the 32-bit library it is
+a 32-bit unit. Unlike a dot, \C always
+matches line-ending characters. The feature is provided in Perl in order to
+match individual bytes in UTF-8 mode, but it is unclear how it can usefully be
+used. Because \C breaks up characters into individual data units, matching one
+unit with \C in a UTF mode means that the rest of the string may start with a
+malformed UTF character. This has undefined results, because PCRE assumes that
+it is dealing with valid UTF strings (and by default it checks this at the
+start of processing unless the PCRE_NO_UTF8_CHECK, PCRE_NO_UTF16_CHECK or
+PCRE_NO_UTF32_CHECK option is used).
+</P>
+<P>
+PCRE does not allow \C to appear in lookbehind assertions
+<a href="#lookbehind">(described below)</a>
+in a UTF mode, because this would make it impossible to calculate the length of
+the lookbehind.
+</P>
+<P>
+In general, the \C escape sequence is best avoided. However, one
+way of using it that avoids the problem of malformed UTF characters is to use a
+lookahead to check the length of the next character, as in this pattern, which
+could be used with a UTF-8 string (ignore white space and line breaks):
+<pre>
+  (?| (?=[\x00-\x7f])(\C) |
+      (?=[\x80-\x{7ff}])(\C)(\C) |
+      (?=[\x{800}-\x{ffff}])(\C)(\C)(\C) |
+      (?=[\x{10000}-\x{1fffff}])(\C)(\C)(\C)(\C))
+</pre>
+A group that starts with (?| resets the capturing parentheses numbers in each
+alternative (see
+<a href="#dupsubpatternnumber">"Duplicate Subpattern Numbers"</a>
+below). The assertions at the start of each branch check the next UTF-8
+character for values whose encoding uses 1, 2, 3, or 4 bytes, respectively. The
+character's individual bytes are then captured by the appropriate number of
+groups.
+<a name="characterclass"></a></P>
+<br><a name="SEC9" href="#TOC1">SQUARE BRACKETS AND CHARACTER CLASSES</a><br>
+<P>
+An opening square bracket introduces a character class, terminated by a closing
+square bracket. A closing square bracket on its own is not special by default.
+However, if the PCRE_JAVASCRIPT_COMPAT option is set, a lone closing square
+bracket causes a compile-time error. If a closing square bracket is required as
+a member of the class, it should be the first data character in the class
+(after an initial circumflex, if present) or escaped with a backslash.
+</P>
+<P>
+A character class matches a single character in the subject. In a UTF mode, the
+character may be more than one data unit long. A matched character must be in
+the set of characters defined by the class, unless the first character in the
+class definition is a circumflex, in which case the subject character must not
+be in the set defined by the class. If a circumflex is actually required as a
+member of the class, ensure it is not the first character, or escape it with a
+backslash.
+</P>
+<P>
+For example, the character class [aeiou] matches any lower case vowel, while
+[^aeiou] matches any character that is not a lower case vowel. Note that a
+circumflex is just a convenient notation for specifying the characters that
+are in the class by enumerating those that are not. A class that starts with a
+circumflex is not an assertion; it still consumes a character from the subject
+string, and therefore it fails if the current pointer is at the end of the
+string.
+</P>
+<P>
+In UTF-8 (UTF-16, UTF-32) mode, characters with values greater than 255 (0xffff)
+can be included in a class as a literal string of data units, or by using the
+\x{ escaping mechanism.
+</P>
+<P>
+When caseless matching is set, any letters in a class represent both their
+upper case and lower case versions, so for example, a caseless [aeiou] matches
+"A" as well as "a", and a caseless [^aeiou] does not match "A", whereas a
+caseful version would. In a UTF mode, PCRE always understands the concept of
+case for characters whose values are less than 128, so caseless matching is
+always possible. For characters with higher values, the concept of case is
+supported if PCRE is compiled with Unicode property support, but not otherwise.
+If you want to use caseless matching in a UTF mode for characters 128 and
+above, you must ensure that PCRE is compiled with Unicode property support as
+well as with UTF support.
+</P>
+<P>
+Characters that might indicate line breaks are never treated in any special way
+when matching character classes, whatever line-ending sequence is in use, and
+whatever setting of the PCRE_DOTALL and PCRE_MULTILINE options is used. A class
+such as [^a] always matches one of these characters.
+</P>
+<P>
+The minus (hyphen) character can be used to specify a range of characters in a
+character class. For example, [d-m] matches any letter between d and m,
+inclusive. If a minus character is required in a class, it must be escaped with
+a backslash or appear in a position where it cannot be interpreted as
+indicating a range, typically as the first or last character in the class, or
+immediately after a range. For example, [b-d-z] matches letters in the range b
+to d, a hyphen character, or z.
+</P>
+<P>
+It is not possible to have the literal character "]" as the end character of a
+range. A pattern such as [W-]46] is interpreted as a class of two characters
+("W" and "-") followed by a literal string "46]", so it would match "W46]" or
+"-46]". However, if the "]" is escaped with a backslash it is interpreted as
+the end of range, so [W-\]46] is interpreted as a class containing a range
+followed by two other characters. The octal or hexadecimal representation of
+"]" can also be used to end a range.
+</P>
+<P>
+An error is generated if a POSIX character class (see below) or an escape
+sequence other than one that defines a single character appears at a point
+where a range ending character is expected. For example, [z-\xff] is valid,
+but [A-\d] and [A-[:digit:]] are not.
+</P>
+<P>
+Ranges operate in the collating sequence of character values. They can also be
+used for characters specified numerically, for example [\000-\037]. Ranges
+can include any characters that are valid for the current mode.
+</P>
+<P>
+If a range that includes letters is used when caseless matching is set, it
+matches the letters in either case. For example, [W-c] is equivalent to
+[][\\^_`wxyzabc], matched caselessly, and in a non-UTF mode, if character
+tables for a French locale are in use, [\xc8-\xcb] matches accented E
+characters in both cases. In UTF modes, PCRE supports the concept of case for
+characters with values greater than 128 only when it is compiled with Unicode
+property support.
+</P>
+<P>
+The character escape sequences \d, \D, \h, \H, \p, \P, \s, \S, \v,
+\V, \w, and \W may appear in a character class, and add the characters that
+they match to the class. For example, [\dABCDEF] matches any hexadecimal
+digit. In UTF modes, the PCRE_UCP option affects the meanings of \d, \s, \w
+and their upper case partners, just as it does when they appear outside a
+character class, as described in the section entitled
+<a href="#genericchartypes">"Generic character types"</a>
+above. The escape sequence \b has a different meaning inside a character
+class; it matches the backspace character. The sequences \B, \N, \R, and \X
+are not special inside a character class. Like any other unrecognized escape
+sequences, they are treated as the literal characters "B", "N", "R", and "X" by
+default, but cause an error if the PCRE_EXTRA option is set.
+</P>
+<P>
+A circumflex can conveniently be used with the upper case character types to
+specify a more restricted set of characters than the matching lower case type.
+For example, the class [^\W_] matches any letter or digit, but not underscore,
+whereas [\w] includes underscore. A positive character class should be read as
+"something OR something OR ..." and a negative class as "NOT something AND NOT
+something AND NOT ...".
+</P>
+<P>
+The only metacharacters that are recognized in character classes are backslash,
+hyphen (only where it can be interpreted as specifying a range), circumflex
+(only at the start), opening square bracket (only when it can be interpreted as
+introducing a POSIX class name, or for a special compatibility feature - see
+the next two sections), and the terminating closing square bracket. However,
+escaping other non-alphanumeric characters does no harm.
+</P>
+<br><a name="SEC10" href="#TOC1">POSIX CHARACTER CLASSES</a><br>
+<P>
+Perl supports the POSIX notation for character classes. This uses names
+enclosed by [: and :] within the enclosing square brackets. PCRE also supports
+this notation. For example,
+<pre>
+  [01[:alpha:]%]
+</pre>
+matches "0", "1", any alphabetic character, or "%". The supported class names
+are:
+<pre>
+  alnum    letters and digits
+  alpha    letters
+  ascii    character codes 0 - 127
+  blank    space or tab only
+  cntrl    control characters
+  digit    decimal digits (same as \d)
+  graph    printing characters, excluding space
+  lower    lower case letters
+  print    printing characters, including space
+  punct    printing characters, excluding letters and digits and space
+  space    white space (the same as \s from PCRE 8.34)
+  upper    upper case letters
+  word     "word" characters (same as \w)
+  xdigit   hexadecimal digits
+</pre>
+The default "space" characters are HT (9), LF (10), VT (11), FF (12), CR (13),
+and space (32). If locale-specific matching is taking place, the list of space
+characters may be different; there may be fewer or more of them. "Space" used
+to be different to \s, which did not include VT, for Perl compatibility.
+However, Perl changed at release 5.18, and PCRE followed at release 8.34.
+"Space" and \s now match the same set of characters.
+</P>
+<P>
+The name "word" is a Perl extension, and "blank" is a GNU extension from Perl
+5.8. Another Perl extension is negation, which is indicated by a ^ character
+after the colon. For example,
+<pre>
+  [12[:^digit:]]
+</pre>
+matches "1", "2", or any non-digit. PCRE (and Perl) also recognize the POSIX
+syntax [.ch.] and [=ch=] where "ch" is a "collating element", but these are not
+supported, and an error is given if they are encountered.
+</P>
+<P>
+By default, characters with values greater than 128 do not match any of the
+POSIX character classes. However, if the PCRE_UCP option is passed to
+<b>pcre_compile()</b>, some of the classes are changed so that Unicode character
+properties are used. This is achieved by replacing certain POSIX classes by
+other sequences, as follows:
+<pre>
+  [:alnum:]  becomes  \p{Xan}
+  [:alpha:]  becomes  \p{L}
+  [:blank:]  becomes  \h
+  [:digit:]  becomes  \p{Nd}
+  [:lower:]  becomes  \p{Ll}
+  [:space:]  becomes  \p{Xps}
+  [:upper:]  becomes  \p{Lu}
+  [:word:]   becomes  \p{Xwd}
+</pre>
+Negated versions, such as [:^alpha:] use \P instead of \p. Three other POSIX
+classes are handled specially in UCP mode:
+</P>
+<P>
+[:graph:]
+This matches characters that have glyphs that mark the page when printed. In
+Unicode property terms, it matches all characters with the L, M, N, P, S, or Cf
+properties, except for:
+<pre>
+  U+061C           Arabic Letter Mark
+  U+180E           Mongolian Vowel Separator
+  U+2066 - U+2069  Various "isolate"s
+
+</PRE>
+</P>
+<P>
+[:print:]
+This matches the same characters as [:graph:] plus space characters that are
+not controls, that is, characters with the Zs property.
+</P>
+<P>
+[:punct:]
+This matches all characters that have the Unicode P (punctuation) property,
+plus those characters whose code points are less than 128 that have the S
+(Symbol) property.
+</P>
+<P>
+The other POSIX classes are unchanged, and match only characters with code
+points less than 128.
+</P>
+<br><a name="SEC11" href="#TOC1">COMPATIBILITY FEATURE FOR WORD BOUNDARIES</a><br>
+<P>
+In the POSIX.2 compliant library that was included in 4.4BSD Unix, the ugly
+syntax [[:&#60;:]] and [[:&#62;:]] is used for matching "start of word" and "end of
+word". PCRE treats these items as follows:
+<pre>
+  [[:&#60;:]]  is converted to  \b(?=\w)
+  [[:&#62;:]]  is converted to  \b(?&#60;=\w)
+</pre>
+Only these exact character sequences are recognized. A sequence such as
+[a[:&#60;:]b] provokes error for an unrecognized POSIX class name. This support is
+not compatible with Perl. It is provided to help migrations from other
+environments, and is best not used in any new patterns. Note that \b matches
+at the start and the end of a word (see
+<a href="#smallassertions">"Simple assertions"</a>
+above), and in a Perl-style pattern the preceding or following character
+normally shows which is wanted, without the need for the assertions that are
+used above in order to give exactly the POSIX behaviour.
+</P>
+<br><a name="SEC12" href="#TOC1">VERTICAL BAR</a><br>
+<P>
+Vertical bar characters are used to separate alternative patterns. For example,
+the pattern
+<pre>
+  gilbert|sullivan
+</pre>
+matches either "gilbert" or "sullivan". Any number of alternatives may appear,
+and an empty alternative is permitted (matching the empty string). The matching
+process tries each alternative in turn, from left to right, and the first one
+that succeeds is used. If the alternatives are within a subpattern
+<a href="#subpattern">(defined below),</a>
+"succeeds" means matching the rest of the main pattern as well as the
+alternative in the subpattern.
+</P>
+<br><a name="SEC13" href="#TOC1">INTERNAL OPTION SETTING</a><br>
+<P>
+The settings of the PCRE_CASELESS, PCRE_MULTILINE, PCRE_DOTALL, and
+PCRE_EXTENDED options (which are Perl-compatible) can be changed from within
+the pattern by a sequence of Perl option letters enclosed between "(?" and ")".
+The option letters are
+<pre>
+  i  for PCRE_CASELESS
+  m  for PCRE_MULTILINE
+  s  for PCRE_DOTALL
+  x  for PCRE_EXTENDED
+</pre>
+For example, (?im) sets caseless, multiline matching. It is also possible to
+unset these options by preceding the letter with a hyphen, and a combined
+setting and unsetting such as (?im-sx), which sets PCRE_CASELESS and
+PCRE_MULTILINE while unsetting PCRE_DOTALL and PCRE_EXTENDED, is also
+permitted. If a letter appears both before and after the hyphen, the option is
+unset.
+</P>
+<P>
+The PCRE-specific options PCRE_DUPNAMES, PCRE_UNGREEDY, and PCRE_EXTRA can be
+changed in the same way as the Perl-compatible options by using the characters
+J, U and X respectively.
+</P>
+<P>
+When one of these option changes occurs at top level (that is, not inside
+subpattern parentheses), the change applies to the remainder of the pattern
+that follows. An option change within a subpattern (see below for a description
+of subpatterns) affects only that part of the subpattern that follows it, so
+<pre>
+  (a(?i)b)c
+</pre>
+matches abc and aBc and no other strings (assuming PCRE_CASELESS is not used).
+By this means, options can be made to have different settings in different
+parts of the pattern. Any changes made in one alternative do carry on
+into subsequent branches within the same subpattern. For example,
+<pre>
+  (a(?i)b|c)
+</pre>
+matches "ab", "aB", "c", and "C", even though when matching "C" the first
+branch is abandoned before the option setting. This is because the effects of
+option settings happen at compile time. There would be some very weird
+behaviour otherwise.
+</P>
+<P>
+<b>Note:</b> There are other PCRE-specific options that can be set by the
+application when the compiling or matching functions are called. In some cases
+the pattern can contain special leading sequences such as (*CRLF) to override
+what the application has set or what has been defaulted. Details are given in
+the section entitled
+<a href="#newlineseq">"Newline sequences"</a>
+above. There are also the (*UTF8), (*UTF16),(*UTF32), and (*UCP) leading
+sequences that can be used to set UTF and Unicode property modes; they are
+equivalent to setting the PCRE_UTF8, PCRE_UTF16, PCRE_UTF32 and the PCRE_UCP
+options, respectively. The (*UTF) sequence is a generic version that can be
+used with any of the libraries. However, the application can set the
+PCRE_NEVER_UTF option, which locks out the use of the (*UTF) sequences.
+<a name="subpattern"></a></P>
+<br><a name="SEC14" href="#TOC1">SUBPATTERNS</a><br>
+<P>
+Subpatterns are delimited by parentheses (round brackets), which can be nested.
+Turning part of a pattern into a subpattern does two things:
+<br>
+<br>
+1. It localizes a set of alternatives. For example, the pattern
+<pre>
+  cat(aract|erpillar|)
+</pre>
+matches "cataract", "caterpillar", or "cat". Without the parentheses, it would
+match "cataract", "erpillar" or an empty string.
+<br>
+<br>
+2. It sets up the subpattern as a capturing subpattern. This means that, when
+the whole pattern matches, that portion of the subject string that matched the
+subpattern is passed back to the caller via the <i>ovector</i> argument of the
+matching function. (This applies only to the traditional matching functions;
+the DFA matching functions do not support capturing.)
+</P>
+<P>
+Opening parentheses are counted from left to right (starting from 1) to obtain
+numbers for the capturing subpatterns. For example, if the string "the red
+king" is matched against the pattern
+<pre>
+  the ((red|white) (king|queen))
+</pre>
+the captured substrings are "red king", "red", and "king", and are numbered 1,
+2, and 3, respectively.
+</P>
+<P>
+The fact that plain parentheses fulfil two functions is not always helpful.
+There are often times when a grouping subpattern is required without a
+capturing requirement. If an opening parenthesis is followed by a question mark
+and a colon, the subpattern does not do any capturing, and is not counted when
+computing the number of any subsequent capturing subpatterns. For example, if
+the string "the white queen" is matched against the pattern
+<pre>
+  the ((?:red|white) (king|queen))
+</pre>
+the captured substrings are "white queen" and "queen", and are numbered 1 and
+2. The maximum number of capturing subpatterns is 65535.
+</P>
+<P>
+As a convenient shorthand, if any option settings are required at the start of
+a non-capturing subpattern, the option letters may appear between the "?" and
+the ":". Thus the two patterns
+<pre>
+  (?i:saturday|sunday)
+  (?:(?i)saturday|sunday)
+</pre>
+match exactly the same set of strings. Because alternative branches are tried
+from left to right, and options are not reset until the end of the subpattern
+is reached, an option setting in one branch does affect subsequent branches, so
+the above patterns match "SUNDAY" as well as "Saturday".
+<a name="dupsubpatternnumber"></a></P>
+<br><a name="SEC15" href="#TOC1">DUPLICATE SUBPATTERN NUMBERS</a><br>
+<P>
+Perl 5.10 introduced a feature whereby each alternative in a subpattern uses
+the same numbers for its capturing parentheses. Such a subpattern starts with
+(?| and is itself a non-capturing subpattern. For example, consider this
+pattern:
+<pre>
+  (?|(Sat)ur|(Sun))day
+</pre>
+Because the two alternatives are inside a (?| group, both sets of capturing
+parentheses are numbered one. Thus, when the pattern matches, you can look
+at captured substring number one, whichever alternative matched. This construct
+is useful when you want to capture part, but not all, of one of a number of
+alternatives. Inside a (?| group, parentheses are numbered as usual, but the
+number is reset at the start of each branch. The numbers of any capturing
+parentheses that follow the subpattern start after the highest number used in
+any branch. The following example is taken from the Perl documentation. The
+numbers underneath show in which buffer the captured content will be stored.
+<pre>
+  # before  ---------------branch-reset----------- after
+  / ( a )  (?| x ( y ) z | (p (q) r) | (t) u (v) ) ( z ) /x
+  # 1            2         2  3        2     3     4
+</pre>
+A back reference to a numbered subpattern uses the most recent value that is
+set for that number by any subpattern. The following pattern matches "abcabc"
+or "defdef":
+<pre>
+  /(?|(abc)|(def))\1/
+</pre>
+In contrast, a subroutine call to a numbered subpattern always refers to the
+first one in the pattern with the given number. The following pattern matches
+"abcabc" or "defabc":
+<pre>
+  /(?|(abc)|(def))(?1)/
+</pre>
+If a
+<a href="#conditions">condition test</a>
+for a subpattern's having matched refers to a non-unique number, the test is
+true if any of the subpatterns of that number have matched.
+</P>
+<P>
+An alternative approach to using this "branch reset" feature is to use
+duplicate named subpatterns, as described in the next section.
+</P>
+<br><a name="SEC16" href="#TOC1">NAMED SUBPATTERNS</a><br>
+<P>
+Identifying capturing parentheses by number is simple, but it can be very hard
+to keep track of the numbers in complicated regular expressions. Furthermore,
+if an expression is modified, the numbers may change. To help with this
+difficulty, PCRE supports the naming of subpatterns. This feature was not
+added to Perl until release 5.10. Python had the feature earlier, and PCRE
+introduced it at release 4.0, using the Python syntax. PCRE now supports both
+the Perl and the Python syntax. Perl allows identically numbered subpatterns to
+have different names, but PCRE does not.
+</P>
+<P>
+In PCRE, a subpattern can be named in one of three ways: (?&#60;name&#62;...) or
+(?'name'...) as in Perl, or (?P&#60;name&#62;...) as in Python. References to capturing
+parentheses from other parts of the pattern, such as
+<a href="#backreferences">back references,</a>
+<a href="#recursion">recursion,</a>
+and
+<a href="#conditions">conditions,</a>
+can be made by name as well as by number.
+</P>
+<P>
+Names consist of up to 32 alphanumeric characters and underscores, but must
+start with a non-digit. Named capturing parentheses are still allocated numbers
+as well as names, exactly as if the names were not present. The PCRE API
+provides function calls for extracting the name-to-number translation table
+from a compiled pattern. There is also a convenience function for extracting a
+captured substring by name.
+</P>
+<P>
+By default, a name must be unique within a pattern, but it is possible to relax
+this constraint by setting the PCRE_DUPNAMES option at compile time. (Duplicate
+names are also always permitted for subpatterns with the same number, set up as
+described in the previous section.) Duplicate names can be useful for patterns
+where only one instance of the named parentheses can match. Suppose you want to
+match the name of a weekday, either as a 3-letter abbreviation or as the full
+name, and in both cases you want to extract the abbreviation. This pattern
+(ignoring the line breaks) does the job:
+<pre>
+  (?&#60;DN&#62;Mon|Fri|Sun)(?:day)?|
+  (?&#60;DN&#62;Tue)(?:sday)?|
+  (?&#60;DN&#62;Wed)(?:nesday)?|
+  (?&#60;DN&#62;Thu)(?:rsday)?|
+  (?&#60;DN&#62;Sat)(?:urday)?
+</pre>
+There are five capturing substrings, but only one is ever set after a match.
+(An alternative way of solving this problem is to use a "branch reset"
+subpattern, as described in the previous section.)
+</P>
+<P>
+The convenience function for extracting the data by name returns the substring
+for the first (and in this example, the only) subpattern of that name that
+matched. This saves searching to find which numbered subpattern it was.
+</P>
+<P>
+If you make a back reference to a non-unique named subpattern from elsewhere in
+the pattern, the subpatterns to which the name refers are checked in the order
+in which they appear in the overall pattern. The first one that is set is used
+for the reference. For example, this pattern matches both "foofoo" and
+"barbar" but not "foobar" or "barfoo":
+<pre>
+  (?:(?&#60;n&#62;foo)|(?&#60;n&#62;bar))\k&#60;n&#62;
+
+</PRE>
+</P>
+<P>
+If you make a subroutine call to a non-unique named subpattern, the one that
+corresponds to the first occurrence of the name is used. In the absence of
+duplicate numbers (see the previous section) this is the one with the lowest
+number.
+</P>
+<P>
+If you use a named reference in a condition
+test (see the
+<a href="#conditions">section about conditions</a>
+below), either to check whether a subpattern has matched, or to check for
+recursion, all subpatterns with the same name are tested. If the condition is
+true for any one of them, the overall condition is true. This is the same
+behaviour as testing by number. For further details of the interfaces for
+handling named subpatterns, see the
+<a href="pcreapi.html"><b>pcreapi</b></a>
+documentation.
+</P>
+<P>
+<b>Warning:</b> You cannot use different names to distinguish between two
+subpatterns with the same number because PCRE uses only the numbers when
+matching. For this reason, an error is given at compile time if different names
+are given to subpatterns with the same number. However, you can always give the
+same name to subpatterns with the same number, even when PCRE_DUPNAMES is not
+set.
+</P>
+<br><a name="SEC17" href="#TOC1">REPETITION</a><br>
+<P>
+Repetition is specified by quantifiers, which can follow any of the following
+items:
+<pre>
+  a literal data character
+  the dot metacharacter
+  the \C escape sequence
+  the \X escape sequence
+  the \R escape sequence
+  an escape such as \d or \pL that matches a single character
+  a character class
+  a back reference (see next section)
+  a parenthesized subpattern (including assertions)
+  a subroutine call to a subpattern (recursive or otherwise)
+</pre>
+The general repetition quantifier specifies a minimum and maximum number of
+permitted matches, by giving the two numbers in curly brackets (braces),
+separated by a comma. The numbers must be less than 65536, and the first must
+be less than or equal to the second. For example:
+<pre>
+  z{2,4}
+</pre>
+matches "zz", "zzz", or "zzzz". A closing brace on its own is not a special
+character. If the second number is omitted, but the comma is present, there is
+no upper limit; if the second number and the comma are both omitted, the
+quantifier specifies an exact number of required matches. Thus
+<pre>
+  [aeiou]{3,}
+</pre>
+matches at least 3 successive vowels, but may match many more, while
+<pre>
+  \d{8}
+</pre>
+matches exactly 8 digits. An opening curly bracket that appears in a position
+where a quantifier is not allowed, or one that does not match the syntax of a
+quantifier, is taken as a literal character. For example, {,6} is not a
+quantifier, but a literal string of four characters.
+</P>
+<P>
+In UTF modes, quantifiers apply to characters rather than to individual data
+units. Thus, for example, \x{100}{2} matches two characters, each of
+which is represented by a two-byte sequence in a UTF-8 string. Similarly,
+\X{3} matches three Unicode extended grapheme clusters, each of which may be
+several data units long (and they may be of different lengths).
+</P>
+<P>
+The quantifier {0} is permitted, causing the expression to behave as if the
+previous item and the quantifier were not present. This may be useful for
+subpatterns that are referenced as
+<a href="#subpatternsassubroutines">subroutines</a>
+from elsewhere in the pattern (but see also the section entitled
+<a href="#subdefine">"Defining subpatterns for use by reference only"</a>
+below). Items other than subpatterns that have a {0} quantifier are omitted
+from the compiled pattern.
+</P>
+<P>
+For convenience, the three most common quantifiers have single-character
+abbreviations:
+<pre>
+  *    is equivalent to {0,}
+  +    is equivalent to {1,}
+  ?    is equivalent to {0,1}
+</pre>
+It is possible to construct infinite loops by following a subpattern that can
+match no characters with a quantifier that has no upper limit, for example:
+<pre>
+  (a?)*
+</pre>
+Earlier versions of Perl and PCRE used to give an error at compile time for
+such patterns. However, because there are cases where this can be useful, such
+patterns are now accepted, but if any repetition of the subpattern does in fact
+match no characters, the loop is forcibly broken.
+</P>
+<P>
+By default, the quantifiers are "greedy", that is, they match as much as
+possible (up to the maximum number of permitted times), without causing the
+rest of the pattern to fail. The classic example of where this gives problems
+is in trying to match comments in C programs. These appear between /* and */
+and within the comment, individual * and / characters may appear. An attempt to
+match C comments by applying the pattern
+<pre>
+  /\*.*\*/
+</pre>
+to the string
+<pre>
+  /* first comment */  not comment  /* second comment */
+</pre>
+fails, because it matches the entire string owing to the greediness of the .*
+item.
+</P>
+<P>
+However, if a quantifier is followed by a question mark, it ceases to be
+greedy, and instead matches the minimum number of times possible, so the
+pattern
+<pre>
+  /\*.*?\*/
+</pre>
+does the right thing with the C comments. The meaning of the various
+quantifiers is not otherwise changed, just the preferred number of matches.
+Do not confuse this use of question mark with its use as a quantifier in its
+own right. Because it has two uses, it can sometimes appear doubled, as in
+<pre>
+  \d??\d
+</pre>
+which matches one digit by preference, but can match two if that is the only
+way the rest of the pattern matches.
+</P>
+<P>
+If the PCRE_UNGREEDY option is set (an option that is not available in Perl),
+the quantifiers are not greedy by default, but individual ones can be made
+greedy by following them with a question mark. In other words, it inverts the
+default behaviour.
+</P>
+<P>
+When a parenthesized subpattern is quantified with a minimum repeat count that
+is greater than 1 or with a limited maximum, more memory is required for the
+compiled pattern, in proportion to the size of the minimum or maximum.
+</P>
+<P>
+If a pattern starts with .* or .{0,} and the PCRE_DOTALL option (equivalent
+to Perl's /s) is set, thus allowing the dot to match newlines, the pattern is
+implicitly anchored, because whatever follows will be tried against every
+character position in the subject string, so there is no point in retrying the
+overall match at any position after the first. PCRE normally treats such a
+pattern as though it were preceded by \A.
+</P>
+<P>
+In cases where it is known that the subject string contains no newlines, it is
+worth setting PCRE_DOTALL in order to obtain this optimization, or
+alternatively using ^ to indicate anchoring explicitly.
+</P>
+<P>
+However, there are some cases where the optimization cannot be used. When .*
+is inside capturing parentheses that are the subject of a back reference
+elsewhere in the pattern, a match at the start may fail where a later one
+succeeds. Consider, for example:
+<pre>
+  (.*)abc\1
+</pre>
+If the subject is "xyz123abc123" the match point is the fourth character. For
+this reason, such a pattern is not implicitly anchored.
+</P>
+<P>
+Another case where implicit anchoring is not applied is when the leading .* is
+inside an atomic group. Once again, a match at the start may fail where a later
+one succeeds. Consider this pattern:
+<pre>
+  (?&#62;.*?a)b
+</pre>
+It matches "ab" in the subject "aab". The use of the backtracking control verbs
+(*PRUNE) and (*SKIP) also disable this optimization.
+</P>
+<P>
+When a capturing subpattern is repeated, the value captured is the substring
+that matched the final iteration. For example, after
+<pre>
+  (tweedle[dume]{3}\s*)+
+</pre>
+has matched "tweedledum tweedledee" the value of the captured substring is
+"tweedledee". However, if there are nested capturing subpatterns, the
+corresponding captured values may have been set in previous iterations. For
+example, after
+<pre>
+  /(a|(b))+/
+</pre>
+matches "aba" the value of the second captured substring is "b".
+<a name="atomicgroup"></a></P>
+<br><a name="SEC18" href="#TOC1">ATOMIC GROUPING AND POSSESSIVE QUANTIFIERS</a><br>
+<P>
+With both maximizing ("greedy") and minimizing ("ungreedy" or "lazy")
+repetition, failure of what follows normally causes the repeated item to be
+re-evaluated to see if a different number of repeats allows the rest of the
+pattern to match. Sometimes it is useful to prevent this, either to change the
+nature of the match, or to cause it fail earlier than it otherwise might, when
+the author of the pattern knows there is no point in carrying on.
+</P>
+<P>
+Consider, for example, the pattern \d+foo when applied to the subject line
+<pre>
+  123456bar
+</pre>
+After matching all 6 digits and then failing to match "foo", the normal
+action of the matcher is to try again with only 5 digits matching the \d+
+item, and then with 4, and so on, before ultimately failing. "Atomic grouping"
+(a term taken from Jeffrey Friedl's book) provides the means for specifying
+that once a subpattern has matched, it is not to be re-evaluated in this way.
+</P>
+<P>
+If we use atomic grouping for the previous example, the matcher gives up
+immediately on failing to match "foo" the first time. The notation is a kind of
+special parenthesis, starting with (?&#62; as in this example:
+<pre>
+  (?&#62;\d+)foo
+</pre>
+This kind of parenthesis "locks up" the  part of the pattern it contains once
+it has matched, and a failure further into the pattern is prevented from
+backtracking into it. Backtracking past it to previous items, however, works as
+normal.
+</P>
+<P>
+An alternative description is that a subpattern of this type matches the string
+of characters that an identical standalone pattern would match, if anchored at
+the current point in the subject string.
+</P>
+<P>
+Atomic grouping subpatterns are not capturing subpatterns. Simple cases such as
+the above example can be thought of as a maximizing repeat that must swallow
+everything it can. So, while both \d+ and \d+? are prepared to adjust the
+number of digits they match in order to make the rest of the pattern match,
+(?&#62;\d+) can only match an entire sequence of digits.
+</P>
+<P>
+Atomic groups in general can of course contain arbitrarily complicated
+subpatterns, and can be nested. However, when the subpattern for an atomic
+group is just a single repeated item, as in the example above, a simpler
+notation, called a "possessive quantifier" can be used. This consists of an
+additional + character following a quantifier. Using this notation, the
+previous example can be rewritten as
+<pre>
+  \d++foo
+</pre>
+Note that a possessive quantifier can be used with an entire group, for
+example:
+<pre>
+  (abc|xyz){2,3}+
+</pre>
+Possessive quantifiers are always greedy; the setting of the PCRE_UNGREEDY
+option is ignored. They are a convenient notation for the simpler forms of
+atomic group. However, there is no difference in the meaning of a possessive
+quantifier and the equivalent atomic group, though there may be a performance
+difference; possessive quantifiers should be slightly faster.
+</P>
+<P>
+The possessive quantifier syntax is an extension to the Perl 5.8 syntax.
+Jeffrey Friedl originated the idea (and the name) in the first edition of his
+book. Mike McCloskey liked it, so implemented it when he built Sun's Java
+package, and PCRE copied it from there. It ultimately found its way into Perl
+at release 5.10.
+</P>
+<P>
+PCRE has an optimization that automatically "possessifies" certain simple
+pattern constructs. For example, the sequence A+B is treated as A++B because
+there is no point in backtracking into a sequence of A's when B must follow.
+</P>
+<P>
+When a pattern contains an unlimited repeat inside a subpattern that can itself
+be repeated an unlimited number of times, the use of an atomic group is the
+only way to avoid some failing matches taking a very long time indeed. The
+pattern
+<pre>
+  (\D+|&#60;\d+&#62;)*[!?]
+</pre>
+matches an unlimited number of substrings that either consist of non-digits, or
+digits enclosed in &#60;&#62;, followed by either ! or ?. When it matches, it runs
+quickly. However, if it is applied to
+<pre>
+  aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa
+</pre>
+it takes a long time before reporting failure. This is because the string can
+be divided between the internal \D+ repeat and the external * repeat in a
+large number of ways, and all have to be tried. (The example uses [!?] rather
+than a single character at the end, because both PCRE and Perl have an
+optimization that allows for fast failure when a single character is used. They
+remember the last single character that is required for a match, and fail early
+if it is not present in the string.) If the pattern is changed so that it uses
+an atomic group, like this:
+<pre>
+  ((?&#62;\D+)|&#60;\d+&#62;)*[!?]
+</pre>
+sequences of non-digits cannot be broken, and failure happens quickly.
+<a name="backreferences"></a></P>
+<br><a name="SEC19" href="#TOC1">BACK REFERENCES</a><br>
+<P>
+Outside a character class, a backslash followed by a digit greater than 0 (and
+possibly further digits) is a back reference to a capturing subpattern earlier
+(that is, to its left) in the pattern, provided there have been that many
+previous capturing left parentheses.
+</P>
+<P>
+However, if the decimal number following the backslash is less than 10, it is
+always taken as a back reference, and causes an error only if there are not
+that many capturing left parentheses in the entire pattern. In other words, the
+parentheses that are referenced need not be to the left of the reference for
+numbers less than 10. A "forward back reference" of this type can make sense
+when a repetition is involved and the subpattern to the right has participated
+in an earlier iteration.
+</P>
+<P>
+It is not possible to have a numerical "forward back reference" to a subpattern
+whose number is 10 or more using this syntax because a sequence such as \50 is
+interpreted as a character defined in octal. See the subsection entitled
+"Non-printing characters"
+<a href="#digitsafterbackslash">above</a>
+for further details of the handling of digits following a backslash. There is
+no such problem when named parentheses are used. A back reference to any
+subpattern is possible using named parentheses (see below).
+</P>
+<P>
+Another way of avoiding the ambiguity inherent in the use of digits following a
+backslash is to use the \g escape sequence. This escape must be followed by an
+unsigned number or a negative number, optionally enclosed in braces. These
+examples are all identical:
+<pre>
+  (ring), \1
+  (ring), \g1
+  (ring), \g{1}
+</pre>
+An unsigned number specifies an absolute reference without the ambiguity that
+is present in the older syntax. It is also useful when literal digits follow
+the reference. A negative number is a relative reference. Consider this
+example:
+<pre>
+  (abc(def)ghi)\g{-1}
+</pre>
+The sequence \g{-1} is a reference to the most recently started capturing
+subpattern before \g, that is, is it equivalent to \2 in this example.
+Similarly, \g{-2} would be equivalent to \1. The use of relative references
+can be helpful in long patterns, and also in patterns that are created by
+joining together fragments that contain references within themselves.
+</P>
+<P>
+A back reference matches whatever actually matched the capturing subpattern in
+the current subject string, rather than anything matching the subpattern
+itself (see
+<a href="#subpatternsassubroutines">"Subpatterns as subroutines"</a>
+below for a way of doing that). So the pattern
+<pre>
+  (sens|respons)e and \1ibility
+</pre>
+matches "sense and sensibility" and "response and responsibility", but not
+"sense and responsibility". If caseful matching is in force at the time of the
+back reference, the case of letters is relevant. For example,
+<pre>
+  ((?i)rah)\s+\1
+</pre>
+matches "rah rah" and "RAH RAH", but not "RAH rah", even though the original
+capturing subpattern is matched caselessly.
+</P>
+<P>
+There are several different ways of writing back references to named
+subpatterns. The .NET syntax \k{name} and the Perl syntax \k&#60;name&#62; or
+\k'name' are supported, as is the Python syntax (?P=name). Perl 5.10's unified
+back reference syntax, in which \g can be used for both numeric and named
+references, is also supported. We could rewrite the above example in any of
+the following ways:
+<pre>
+  (?&#60;p1&#62;(?i)rah)\s+\k&#60;p1&#62;
+  (?'p1'(?i)rah)\s+\k{p1}
+  (?P&#60;p1&#62;(?i)rah)\s+(?P=p1)
+  (?&#60;p1&#62;(?i)rah)\s+\g{p1}
+</pre>
+A subpattern that is referenced by name may appear in the pattern before or
+after the reference.
+</P>
+<P>
+There may be more than one back reference to the same subpattern. If a
+subpattern has not actually been used in a particular match, any back
+references to it always fail by default. For example, the pattern
+<pre>
+  (a|(bc))\2
+</pre>
+always fails if it starts to match "a" rather than "bc". However, if the
+PCRE_JAVASCRIPT_COMPAT option is set at compile time, a back reference to an
+unset value matches an empty string.
+</P>
+<P>
+Because there may be many capturing parentheses in a pattern, all digits
+following a backslash are taken as part of a potential back reference number.
+If the pattern continues with a digit character, some delimiter must be used to
+terminate the back reference. If the PCRE_EXTENDED option is set, this can be
+white space. Otherwise, the \g{ syntax or an empty comment (see
+<a href="#comments">"Comments"</a>
+below) can be used.
+</P>
+<br><b>
+Recursive back references
+</b><br>
+<P>
+A back reference that occurs inside the parentheses to which it refers fails
+when the subpattern is first used, so, for example, (a\1) never matches.
+However, such references can be useful inside repeated subpatterns. For
+example, the pattern
+<pre>
+  (a|b\1)+
+</pre>
+matches any number of "a"s and also "aba", "ababbaa" etc. At each iteration of
+the subpattern, the back reference matches the character string corresponding
+to the previous iteration. In order for this to work, the pattern must be such
+that the first iteration does not need to match the back reference. This can be
+done using alternation, as in the example above, or by a quantifier with a
+minimum of zero.
+</P>
+<P>
+Back references of this type cause the group that they reference to be treated
+as an
+<a href="#atomicgroup">atomic group.</a>
+Once the whole group has been matched, a subsequent matching failure cannot
+cause backtracking into the middle of the group.
+<a name="bigassertions"></a></P>
+<br><a name="SEC20" href="#TOC1">ASSERTIONS</a><br>
+<P>
+An assertion is a test on the characters following or preceding the current
+matching point that does not actually consume any characters. The simple
+assertions coded as \b, \B, \A, \G, \Z, \z, ^ and $ are described
+<a href="#smallassertions">above.</a>
+</P>
+<P>
+More complicated assertions are coded as subpatterns. There are two kinds:
+those that look ahead of the current position in the subject string, and those
+that look behind it. An assertion subpattern is matched in the normal way,
+except that it does not cause the current matching position to be changed.
+</P>
+<P>
+Assertion subpatterns are not capturing subpatterns. If such an assertion
+contains capturing subpatterns within it, these are counted for the purposes of
+numbering the capturing subpatterns in the whole pattern. However, substring
+capturing is carried out only for positive assertions. (Perl sometimes, but not
+always, does do capturing in negative assertions.)
+</P>
+<P>
+WARNING: If a positive assertion containing one or more capturing subpatterns
+succeeds, but failure to match later in the pattern causes backtracking over
+this assertion, the captures within the assertion are reset only if no higher
+numbered captures are already set. This is, unfortunately, a fundamental
+limitation of the current implementation, and as PCRE1 is now in
+maintenance-only status, it is unlikely ever to change.
+</P>
+<P>
+For compatibility with Perl, assertion subpatterns may be repeated; though
+it makes no sense to assert the same thing several times, the side effect of
+capturing parentheses may occasionally be useful. In practice, there only three
+cases:
+<br>
+<br>
+(1) If the quantifier is {0}, the assertion is never obeyed during matching.
+However, it may contain internal capturing parenthesized groups that are called
+from elsewhere via the
+<a href="#subpatternsassubroutines">subroutine mechanism.</a>
+<br>
+<br>
+(2) If quantifier is {0,n} where n is greater than zero, it is treated as if it
+were {0,1}. At run time, the rest of the pattern match is tried with and
+without the assertion, the order depending on the greediness of the quantifier.
+<br>
+<br>
+(3) If the minimum repetition is greater than zero, the quantifier is ignored.
+The assertion is obeyed just once when encountered during matching.
+</P>
+<br><b>
+Lookahead assertions
+</b><br>
+<P>
+Lookahead assertions start with (?= for positive assertions and (?! for
+negative assertions. For example,
+<pre>
+  \w+(?=;)
+</pre>
+matches a word followed by a semicolon, but does not include the semicolon in
+the match, and
+<pre>
+  foo(?!bar)
+</pre>
+matches any occurrence of "foo" that is not followed by "bar". Note that the
+apparently similar pattern
+<pre>
+  (?!foo)bar
+</pre>
+does not find an occurrence of "bar" that is preceded by something other than
+"foo"; it finds any occurrence of "bar" whatsoever, because the assertion
+(?!foo) is always true when the next three characters are "bar". A
+lookbehind assertion is needed to achieve the other effect.
+</P>
+<P>
+If you want to force a matching failure at some point in a pattern, the most
+convenient way to do it is with (?!) because an empty string always matches, so
+an assertion that requires there not to be an empty string must always fail.
+The backtracking control verb (*FAIL) or (*F) is a synonym for (?!).
+<a name="lookbehind"></a></P>
+<br><b>
+Lookbehind assertions
+</b><br>
+<P>
+Lookbehind assertions start with (?&#60;= for positive assertions and (?&#60;! for
+negative assertions. For example,
+<pre>
+  (?&#60;!foo)bar
+</pre>
+does find an occurrence of "bar" that is not preceded by "foo". The contents of
+a lookbehind assertion are restricted such that all the strings it matches must
+have a fixed length. However, if there are several top-level alternatives, they
+do not all have to have the same fixed length. Thus
+<pre>
+  (?&#60;=bullock|donkey)
+</pre>
+is permitted, but
+<pre>
+  (?&#60;!dogs?|cats?)
+</pre>
+causes an error at compile time. Branches that match different length strings
+are permitted only at the top level of a lookbehind assertion. This is an
+extension compared with Perl, which requires all branches to match the same
+length of string. An assertion such as
+<pre>
+  (?&#60;=ab(c|de))
+</pre>
+is not permitted, because its single top-level branch can match two different
+lengths, but it is acceptable to PCRE if rewritten to use two top-level
+branches:
+<pre>
+  (?&#60;=abc|abde)
+</pre>
+In some cases, the escape sequence \K
+<a href="#resetmatchstart">(see above)</a>
+can be used instead of a lookbehind assertion to get round the fixed-length
+restriction.
+</P>
+<P>
+The implementation of lookbehind assertions is, for each alternative, to
+temporarily move the current position back by the fixed length and then try to
+match. If there are insufficient characters before the current position, the
+assertion fails.
+</P>
+<P>
+In a UTF mode, PCRE does not allow the \C escape (which matches a single data
+unit even in a UTF mode) to appear in lookbehind assertions, because it makes
+it impossible to calculate the length of the lookbehind. The \X and \R
+escapes, which can match different numbers of data units, are also not
+permitted.
+</P>
+<P>
+<a href="#subpatternsassubroutines">"Subroutine"</a>
+calls (see below) such as (?2) or (?&X) are permitted in lookbehinds, as long
+as the subpattern matches a fixed-length string.
+<a href="#recursion">Recursion,</a>
+however, is not supported.
+</P>
+<P>
+Possessive quantifiers can be used in conjunction with lookbehind assertions to
+specify efficient matching of fixed-length strings at the end of subject
+strings. Consider a simple pattern such as
+<pre>
+  abcd$
+</pre>
+when applied to a long string that does not match. Because matching proceeds
+from left to right, PCRE will look for each "a" in the subject and then see if
+what follows matches the rest of the pattern. If the pattern is specified as
+<pre>
+  ^.*abcd$
+</pre>
+the initial .* matches the entire string at first, but when this fails (because
+there is no following "a"), it backtracks to match all but the last character,
+then all but the last two characters, and so on. Once again the search for "a"
+covers the entire string, from right to left, so we are no better off. However,
+if the pattern is written as
+<pre>
+  ^.*+(?&#60;=abcd)
+</pre>
+there can be no backtracking for the .*+ item; it can match only the entire
+string. The subsequent lookbehind assertion does a single test on the last four
+characters. If it fails, the match fails immediately. For long strings, this
+approach makes a significant difference to the processing time.
+</P>
+<br><b>
+Using multiple assertions
+</b><br>
+<P>
+Several assertions (of any sort) may occur in succession. For example,
+<pre>
+  (?&#60;=\d{3})(?&#60;!999)foo
+</pre>
+matches "foo" preceded by three digits that are not "999". Notice that each of
+the assertions is applied independently at the same point in the subject
+string. First there is a check that the previous three characters are all
+digits, and then there is a check that the same three characters are not "999".
+This pattern does <i>not</i> match "foo" preceded by six characters, the first
+of which are digits and the last three of which are not "999". For example, it
+doesn't match "123abcfoo". A pattern to do that is
+<pre>
+  (?&#60;=\d{3}...)(?&#60;!999)foo
+</pre>
+This time the first assertion looks at the preceding six characters, checking
+that the first three are digits, and then the second assertion checks that the
+preceding three characters are not "999".
+</P>
+<P>
+Assertions can be nested in any combination. For example,
+<pre>
+  (?&#60;=(?&#60;!foo)bar)baz
+</pre>
+matches an occurrence of "baz" that is preceded by "bar" which in turn is not
+preceded by "foo", while
+<pre>
+  (?&#60;=\d{3}(?!999)...)foo
+</pre>
+is another pattern that matches "foo" preceded by three digits and any three
+characters that are not "999".
+<a name="conditions"></a></P>
+<br><a name="SEC21" href="#TOC1">CONDITIONAL SUBPATTERNS</a><br>
+<P>
+It is possible to cause the matching process to obey a subpattern
+conditionally or to choose between two alternative subpatterns, depending on
+the result of an assertion, or whether a specific capturing subpattern has
+already been matched. The two possible forms of conditional subpattern are:
+<pre>
+  (?(condition)yes-pattern)
+  (?(condition)yes-pattern|no-pattern)
+</pre>
+If the condition is satisfied, the yes-pattern is used; otherwise the
+no-pattern (if present) is used. If there are more than two alternatives in the
+subpattern, a compile-time error occurs. Each of the two alternatives may
+itself contain nested subpatterns of any form, including conditional
+subpatterns; the restriction to two alternatives applies only at the level of
+the condition. This pattern fragment is an example where the alternatives are
+complex:
+<pre>
+  (?(1) (A|B|C) | (D | (?(2)E|F) | E) )
+
+</PRE>
+</P>
+<P>
+There are four kinds of condition: references to subpatterns, references to
+recursion, a pseudo-condition called DEFINE, and assertions.
+</P>
+<br><b>
+Checking for a used subpattern by number
+</b><br>
+<P>
+If the text between the parentheses consists of a sequence of digits, the
+condition is true if a capturing subpattern of that number has previously
+matched. If there is more than one capturing subpattern with the same number
+(see the earlier
+<a href="#recursion">section about duplicate subpattern numbers),</a>
+the condition is true if any of them have matched. An alternative notation is
+to precede the digits with a plus or minus sign. In this case, the subpattern
+number is relative rather than absolute. The most recently opened parentheses
+can be referenced by (?(-1), the next most recent by (?(-2), and so on. Inside
+loops it can also make sense to refer to subsequent groups. The next
+parentheses to be opened can be referenced as (?(+1), and so on. (The value
+zero in any of these forms is not used; it provokes a compile-time error.)
+</P>
+<P>
+Consider the following pattern, which contains non-significant white space to
+make it more readable (assume the PCRE_EXTENDED option) and to divide it into
+three parts for ease of discussion:
+<pre>
+  ( \( )?    [^()]+    (?(1) \) )
+</pre>
+The first part matches an optional opening parenthesis, and if that
+character is present, sets it as the first captured substring. The second part
+matches one or more characters that are not parentheses. The third part is a
+conditional subpattern that tests whether or not the first set of parentheses
+matched. If they did, that is, if subject started with an opening parenthesis,
+the condition is true, and so the yes-pattern is executed and a closing
+parenthesis is required. Otherwise, since no-pattern is not present, the
+subpattern matches nothing. In other words, this pattern matches a sequence of
+non-parentheses, optionally enclosed in parentheses.
+</P>
+<P>
+If you were embedding this pattern in a larger one, you could use a relative
+reference:
+<pre>
+  ...other stuff... ( \( )?    [^()]+    (?(-1) \) ) ...
+</pre>
+This makes the fragment independent of the parentheses in the larger pattern.
+</P>
+<br><b>
+Checking for a used subpattern by name
+</b><br>
+<P>
+Perl uses the syntax (?(&#60;name&#62;)...) or (?('name')...) to test for a used
+subpattern by name. For compatibility with earlier versions of PCRE, which had
+this facility before Perl, the syntax (?(name)...) is also recognized.
+</P>
+<P>
+Rewriting the above example to use a named subpattern gives this:
+<pre>
+  (?&#60;OPEN&#62; \( )?    [^()]+    (?(&#60;OPEN&#62;) \) )
+</pre>
+If the name used in a condition of this kind is a duplicate, the test is
+applied to all subpatterns of the same name, and is true if any one of them has
+matched.
+</P>
+<br><b>
+Checking for pattern recursion
+</b><br>
+<P>
+If the condition is the string (R), and there is no subpattern with the name R,
+the condition is true if a recursive call to the whole pattern or any
+subpattern has been made. If digits or a name preceded by ampersand follow the
+letter R, for example:
+<pre>
+  (?(R3)...) or (?(R&name)...)
+</pre>
+the condition is true if the most recent recursion is into a subpattern whose
+number or name is given. This condition does not check the entire recursion
+stack. If the name used in a condition of this kind is a duplicate, the test is
+applied to all subpatterns of the same name, and is true if any one of them is
+the most recent recursion.
+</P>
+<P>
+At "top level", all these recursion test conditions are false.
+<a href="#recursion">The syntax for recursive patterns</a>
+is described below.
+<a name="subdefine"></a></P>
+<br><b>
+Defining subpatterns for use by reference only
+</b><br>
+<P>
+If the condition is the string (DEFINE), and there is no subpattern with the
+name DEFINE, the condition is always false. In this case, there may be only one
+alternative in the subpattern. It is always skipped if control reaches this
+point in the pattern; the idea of DEFINE is that it can be used to define
+subroutines that can be referenced from elsewhere. (The use of
+<a href="#subpatternsassubroutines">subroutines</a>
+is described below.) For example, a pattern to match an IPv4 address such as
+"192.168.23.245" could be written like this (ignore white space and line
+breaks):
+<pre>
+  (?(DEFINE) (?&#60;byte&#62; 2[0-4]\d | 25[0-5] | 1\d\d | [1-9]?\d) )
+  \b (?&byte) (\.(?&byte)){3} \b
+</pre>
+The first part of the pattern is a DEFINE group inside which a another group
+named "byte" is defined. This matches an individual component of an IPv4
+address (a number less than 256). When matching takes place, this part of the
+pattern is skipped because DEFINE acts like a false condition. The rest of the
+pattern uses references to the named group to match the four dot-separated
+components of an IPv4 address, insisting on a word boundary at each end.
+</P>
+<br><b>
+Assertion conditions
+</b><br>
+<P>
+If the condition is not in any of the above formats, it must be an assertion.
+This may be a positive or negative lookahead or lookbehind assertion. Consider
+this pattern, again containing non-significant white space, and with the two
+alternatives on the second line:
+<pre>
+  (?(?=[^a-z]*[a-z])
+  \d{2}-[a-z]{3}-\d{2}  |  \d{2}-\d{2}-\d{2} )
+</pre>
+The condition is a positive lookahead assertion that matches an optional
+sequence of non-letters followed by a letter. In other words, it tests for the
+presence of at least one letter in the subject. If a letter is found, the
+subject is matched against the first alternative; otherwise it is matched
+against the second. This pattern matches strings in one of the two forms
+dd-aaa-dd or dd-dd-dd, where aaa are letters and dd are digits.
+<a name="comments"></a></P>
+<br><a name="SEC22" href="#TOC1">COMMENTS</a><br>
+<P>
+There are two ways of including comments in patterns that are processed by
+PCRE. In both cases, the start of the comment must not be in a character class,
+nor in the middle of any other sequence of related characters such as (?: or a
+subpattern name or number. The characters that make up a comment play no part
+in the pattern matching.
+</P>
+<P>
+The sequence (?# marks the start of a comment that continues up to the next
+closing parenthesis. Nested parentheses are not permitted. If the PCRE_EXTENDED
+option is set, an unescaped # character also introduces a comment, which in
+this case continues to immediately after the next newline character or
+character sequence in the pattern. Which characters are interpreted as newlines
+is controlled by the options passed to a compiling function or by a special
+sequence at the start of the pattern, as described in the section entitled
+<a href="#newlines">"Newline conventions"</a>
+above. Note that the end of this type of comment is a literal newline sequence
+in the pattern; escape sequences that happen to represent a newline do not
+count. For example, consider this pattern when PCRE_EXTENDED is set, and the
+default newline convention is in force:
+<pre>
+  abc #comment \n still comment
+</pre>
+On encountering the # character, <b>pcre_compile()</b> skips along, looking for
+a newline in the pattern. The sequence \n is still literal at this stage, so
+it does not terminate the comment. Only an actual character with the code value
+0x0a (the default newline) does so.
+<a name="recursion"></a></P>
+<br><a name="SEC23" href="#TOC1">RECURSIVE PATTERNS</a><br>
+<P>
+Consider the problem of matching a string in parentheses, allowing for
+unlimited nested parentheses. Without the use of recursion, the best that can
+be done is to use a pattern that matches up to some fixed depth of nesting. It
+is not possible to handle an arbitrary nesting depth.
+</P>
+<P>
+For some time, Perl has provided a facility that allows regular expressions to
+recurse (amongst other things). It does this by interpolating Perl code in the
+expression at run time, and the code can refer to the expression itself. A Perl
+pattern using code interpolation to solve the parentheses problem can be
+created like this:
+<pre>
+  $re = qr{\( (?: (?&#62;[^()]+) | (?p{$re}) )* \)}x;
+</pre>
+The (?p{...}) item interpolates Perl code at run time, and in this case refers
+recursively to the pattern in which it appears.
+</P>
+<P>
+Obviously, PCRE cannot support the interpolation of Perl code. Instead, it
+supports special syntax for recursion of the entire pattern, and also for
+individual subpattern recursion. After its introduction in PCRE and Python,
+this kind of recursion was subsequently introduced into Perl at release 5.10.
+</P>
+<P>
+A special item that consists of (? followed by a number greater than zero and a
+closing parenthesis is a recursive subroutine call of the subpattern of the
+given number, provided that it occurs inside that subpattern. (If not, it is a
+<a href="#subpatternsassubroutines">non-recursive subroutine</a>
+call, which is described in the next section.) The special item (?R) or (?0) is
+a recursive call of the entire regular expression.
+</P>
+<P>
+This PCRE pattern solves the nested parentheses problem (assume the
+PCRE_EXTENDED option is set so that white space is ignored):
+<pre>
+  \( ( [^()]++ | (?R) )* \)
+</pre>
+First it matches an opening parenthesis. Then it matches any number of
+substrings which can either be a sequence of non-parentheses, or a recursive
+match of the pattern itself (that is, a correctly parenthesized substring).
+Finally there is a closing parenthesis. Note the use of a possessive quantifier
+to avoid backtracking into sequences of non-parentheses.
+</P>
+<P>
+If this were part of a larger pattern, you would not want to recurse the entire
+pattern, so instead you could use this:
+<pre>
+  ( \( ( [^()]++ | (?1) )* \) )
+</pre>
+We have put the pattern into parentheses, and caused the recursion to refer to
+them instead of the whole pattern.
+</P>
+<P>
+In a larger pattern, keeping track of parenthesis numbers can be tricky. This
+is made easier by the use of relative references. Instead of (?1) in the
+pattern above you can write (?-2) to refer to the second most recently opened
+parentheses preceding the recursion. In other words, a negative number counts
+capturing parentheses leftwards from the point at which it is encountered.
+</P>
+<P>
+It is also possible to refer to subsequently opened parentheses, by writing
+references such as (?+2). However, these cannot be recursive because the
+reference is not inside the parentheses that are referenced. They are always
+<a href="#subpatternsassubroutines">non-recursive subroutine</a>
+calls, as described in the next section.
+</P>
+<P>
+An alternative approach is to use named parentheses instead. The Perl syntax
+for this is (?&name); PCRE's earlier syntax (?P&#62;name) is also supported. We
+could rewrite the above example as follows:
+<pre>
+  (?&#60;pn&#62; \( ( [^()]++ | (?&pn) )* \) )
+</pre>
+If there is more than one subpattern with the same name, the earliest one is
+used.
+</P>
+<P>
+This particular example pattern that we have been looking at contains nested
+unlimited repeats, and so the use of a possessive quantifier for matching
+strings of non-parentheses is important when applying the pattern to strings
+that do not match. For example, when this pattern is applied to
+<pre>
+  (aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa()
+</pre>
+it yields "no match" quickly. However, if a possessive quantifier is not used,
+the match runs for a very long time indeed because there are so many different
+ways the + and * repeats can carve up the subject, and all have to be tested
+before failure can be reported.
+</P>
+<P>
+At the end of a match, the values of capturing parentheses are those from
+the outermost level. If you want to obtain intermediate values, a callout
+function can be used (see below and the
+<a href="pcrecallout.html"><b>pcrecallout</b></a>
+documentation). If the pattern above is matched against
+<pre>
+  (ab(cd)ef)
+</pre>
+the value for the inner capturing parentheses (numbered 2) is "ef", which is
+the last value taken on at the top level. If a capturing subpattern is not
+matched at the top level, its final captured value is unset, even if it was
+(temporarily) set at a deeper level during the matching process.
+</P>
+<P>
+If there are more than 15 capturing parentheses in a pattern, PCRE has to
+obtain extra memory to store data during a recursion, which it does by using
+<b>pcre_malloc</b>, freeing it via <b>pcre_free</b> afterwards. If no memory can
+be obtained, the match fails with the PCRE_ERROR_NOMEMORY error.
+</P>
+<P>
+Do not confuse the (?R) item with the condition (R), which tests for recursion.
+Consider this pattern, which matches text in angle brackets, allowing for
+arbitrary nesting. Only digits are allowed in nested brackets (that is, when
+recursing), whereas any characters are permitted at the outer level.
+<pre>
+  &#60; (?: (?(R) \d++  | [^&#60;&#62;]*+) | (?R)) * &#62;
+</pre>
+In this pattern, (?(R) is the start of a conditional subpattern, with two
+different alternatives for the recursive and non-recursive cases. The (?R) item
+is the actual recursive call.
+<a name="recursiondifference"></a></P>
+<br><b>
+Differences in recursion processing between PCRE and Perl
+</b><br>
+<P>
+Recursion processing in PCRE differs from Perl in two important ways. In PCRE
+(like Python, but unlike Perl), a recursive subpattern call is always treated
+as an atomic group. That is, once it has matched some of the subject string, it
+is never re-entered, even if it contains untried alternatives and there is a
+subsequent matching failure. This can be illustrated by the following pattern,
+which purports to match a palindromic string that contains an odd number of
+characters (for example, "a", "aba", "abcba", "abcdcba"):
+<pre>
+  ^(.|(.)(?1)\2)$
+</pre>
+The idea is that it either matches a single character, or two identical
+characters surrounding a sub-palindrome. In Perl, this pattern works; in PCRE
+it does not if the pattern is longer than three characters. Consider the
+subject string "abcba":
+</P>
+<P>
+At the top level, the first character is matched, but as it is not at the end
+of the string, the first alternative fails; the second alternative is taken
+and the recursion kicks in. The recursive call to subpattern 1 successfully
+matches the next character ("b"). (Note that the beginning and end of line
+tests are not part of the recursion).
+</P>
+<P>
+Back at the top level, the next character ("c") is compared with what
+subpattern 2 matched, which was "a". This fails. Because the recursion is
+treated as an atomic group, there are now no backtracking points, and so the
+entire match fails. (Perl is able, at this point, to re-enter the recursion and
+try the second alternative.) However, if the pattern is written with the
+alternatives in the other order, things are different:
+<pre>
+  ^((.)(?1)\2|.)$
+</pre>
+This time, the recursing alternative is tried first, and continues to recurse
+until it runs out of characters, at which point the recursion fails. But this
+time we do have another alternative to try at the higher level. That is the big
+difference: in the previous case the remaining alternative is at a deeper
+recursion level, which PCRE cannot use.
+</P>
+<P>
+To change the pattern so that it matches all palindromic strings, not just
+those with an odd number of characters, it is tempting to change the pattern to
+this:
+<pre>
+  ^((.)(?1)\2|.?)$
+</pre>
+Again, this works in Perl, but not in PCRE, and for the same reason. When a
+deeper recursion has matched a single character, it cannot be entered again in
+order to match an empty string. The solution is to separate the two cases, and
+write out the odd and even cases as alternatives at the higher level:
+<pre>
+  ^(?:((.)(?1)\2|)|((.)(?3)\4|.))
+</pre>
+If you want to match typical palindromic phrases, the pattern has to ignore all
+non-word characters, which can be done like this:
+<pre>
+  ^\W*+(?:((.)\W*+(?1)\W*+\2|)|((.)\W*+(?3)\W*+\4|\W*+.\W*+))\W*+$
+</pre>
+If run with the PCRE_CASELESS option, this pattern matches phrases such as "A
+man, a plan, a canal: Panama!" and it works well in both PCRE and Perl. Note
+the use of the possessive quantifier *+ to avoid backtracking into sequences of
+non-word characters. Without this, PCRE takes a great deal longer (ten times or
+more) to match typical phrases, and Perl takes so long that you think it has
+gone into a loop.
+</P>
+<P>
+<b>WARNING</b>: The palindrome-matching patterns above work only if the subject
+string does not start with a palindrome that is shorter than the entire string.
+For example, although "abcba" is correctly matched, if the subject is "ababa",
+PCRE finds the palindrome "aba" at the start, then fails at top level because
+the end of the string does not follow. Once again, it cannot jump back into the
+recursion to try other alternatives, so the entire match fails.
+</P>
+<P>
+The second way in which PCRE and Perl differ in their recursion processing is
+in the handling of captured values. In Perl, when a subpattern is called
+recursively or as a subpattern (see the next section), it has no access to any
+values that were captured outside the recursion, whereas in PCRE these values
+can be referenced. Consider this pattern:
+<pre>
+  ^(.)(\1|a(?2))
+</pre>
+In PCRE, this pattern matches "bab". The first capturing parentheses match "b",
+then in the second group, when the back reference \1 fails to match "b", the
+second alternative matches "a" and then recurses. In the recursion, \1 does
+now match "b" and so the whole match succeeds. In Perl, the pattern fails to
+match because inside the recursive call \1 cannot access the externally set
+value.
+<a name="subpatternsassubroutines"></a></P>
+<br><a name="SEC24" href="#TOC1">SUBPATTERNS AS SUBROUTINES</a><br>
+<P>
+If the syntax for a recursive subpattern call (either by number or by
+name) is used outside the parentheses to which it refers, it operates like a
+subroutine in a programming language. The called subpattern may be defined
+before or after the reference. A numbered reference can be absolute or
+relative, as in these examples:
+<pre>
+  (...(absolute)...)...(?2)...
+  (...(relative)...)...(?-1)...
+  (...(?+1)...(relative)...
+</pre>
+An earlier example pointed out that the pattern
+<pre>
+  (sens|respons)e and \1ibility
+</pre>
+matches "sense and sensibility" and "response and responsibility", but not
+"sense and responsibility". If instead the pattern
+<pre>
+  (sens|respons)e and (?1)ibility
+</pre>
+is used, it does match "sense and responsibility" as well as the other two
+strings. Another example is given in the discussion of DEFINE above.
+</P>
+<P>
+All subroutine calls, whether recursive or not, are always treated as atomic
+groups. That is, once a subroutine has matched some of the subject string, it
+is never re-entered, even if it contains untried alternatives and there is a
+subsequent matching failure. Any capturing parentheses that are set during the
+subroutine call revert to their previous values afterwards.
+</P>
+<P>
+Processing options such as case-independence are fixed when a subpattern is
+defined, so if it is used as a subroutine, such options cannot be changed for
+different calls. For example, consider this pattern:
+<pre>
+  (abc)(?i:(?-1))
+</pre>
+It matches "abcabc". It does not match "abcABC" because the change of
+processing option does not affect the called subpattern.
+<a name="onigurumasubroutines"></a></P>
+<br><a name="SEC25" href="#TOC1">ONIGURUMA SUBROUTINE SYNTAX</a><br>
+<P>
+For compatibility with Oniguruma, the non-Perl syntax \g followed by a name or
+a number enclosed either in angle brackets or single quotes, is an alternative
+syntax for referencing a subpattern as a subroutine, possibly recursively. Here
+are two of the examples used above, rewritten using this syntax:
+<pre>
+  (?&#60;pn&#62; \( ( (?&#62;[^()]+) | \g&#60;pn&#62; )* \) )
+  (sens|respons)e and \g'1'ibility
+</pre>
+PCRE supports an extension to Oniguruma: if a number is preceded by a
+plus or a minus sign it is taken as a relative reference. For example:
+<pre>
+  (abc)(?i:\g&#60;-1&#62;)
+</pre>
+Note that \g{...} (Perl syntax) and \g&#60;...&#62; (Oniguruma syntax) are <i>not</i>
+synonymous. The former is a back reference; the latter is a subroutine call.
+</P>
+<br><a name="SEC26" href="#TOC1">CALLOUTS</a><br>
+<P>
+Perl has a feature whereby using the sequence (?{...}) causes arbitrary Perl
+code to be obeyed in the middle of matching a regular expression. This makes it
+possible, amongst other things, to extract different substrings that match the
+same pair of parentheses when there is a repetition.
+</P>
+<P>
+PCRE provides a similar feature, but of course it cannot obey arbitrary Perl
+code. The feature is called "callout". The caller of PCRE provides an external
+function by putting its entry point in the global variable <i>pcre_callout</i>
+(8-bit library) or <i>pcre[16|32]_callout</i> (16-bit or 32-bit library).
+By default, this variable contains NULL, which disables all calling out.
+</P>
+<P>
+Within a regular expression, (?C) indicates the points at which the external
+function is to be called. If you want to identify different callout points, you
+can put a number less than 256 after the letter C. The default value is zero.
+For example, this pattern has two callout points:
+<pre>
+  (?C1)abc(?C2)def
+</pre>
+If the PCRE_AUTO_CALLOUT flag is passed to a compiling function, callouts are
+automatically installed before each item in the pattern. They are all numbered
+255. If there is a conditional group in the pattern whose condition is an
+assertion, an additional callout is inserted just before the condition. An
+explicit callout may also be set at this position, as in this example:
+<pre>
+  (?(?C9)(?=a)abc|def)
+</pre>
+Note that this applies only to assertion conditions, not to other types of
+condition.
+</P>
+<P>
+During matching, when PCRE reaches a callout point, the external function is
+called. It is provided with the number of the callout, the position in the
+pattern, and, optionally, one item of data originally supplied by the caller of
+the matching function. The callout function may cause matching to proceed, to
+backtrack, or to fail altogether.
+</P>
+<P>
+By default, PCRE implements a number of optimizations at compile time and
+matching time, and one side-effect is that sometimes callouts are skipped. If
+you need all possible callouts to happen, you need to set options that disable
+the relevant optimizations. More details, and a complete description of the
+interface to the callout function, are given in the
+<a href="pcrecallout.html"><b>pcrecallout</b></a>
+documentation.
+<a name="backtrackcontrol"></a></P>
+<br><a name="SEC27" href="#TOC1">BACKTRACKING CONTROL</a><br>
+<P>
+Perl 5.10 introduced a number of "Special Backtracking Control Verbs", which
+are still described in the Perl documentation as "experimental and subject to
+change or removal in a future version of Perl". It goes on to say: "Their usage
+in production code should be noted to avoid problems during upgrades." The same
+remarks apply to the PCRE features described in this section.
+</P>
+<P>
+The new verbs make use of what was previously invalid syntax: an opening
+parenthesis followed by an asterisk. They are generally of the form
+(*VERB) or (*VERB:NAME). Some may take either form, possibly behaving
+differently depending on whether or not a name is present. A name is any
+sequence of characters that does not include a closing parenthesis. The maximum
+length of name is 255 in the 8-bit library and 65535 in the 16-bit and 32-bit
+libraries. If the name is empty, that is, if the closing parenthesis
+immediately follows the colon, the effect is as if the colon were not there.
+Any number of these verbs may occur in a pattern.
+</P>
+<P>
+Since these verbs are specifically related to backtracking, most of them can be
+used only when the pattern is to be matched using one of the traditional
+matching functions, because these use a backtracking algorithm. With the
+exception of (*FAIL), which behaves like a failing negative assertion, the
+backtracking control verbs cause an error if encountered by a DFA matching
+function.
+</P>
+<P>
+The behaviour of these verbs in
+<a href="#btrepeat">repeated groups,</a>
+<a href="#btassert">assertions,</a>
+and in
+<a href="#btsub">subpatterns called as subroutines</a>
+(whether or not recursively) is documented below.
+<a name="nooptimize"></a></P>
+<br><b>
+Optimizations that affect backtracking verbs
+</b><br>
+<P>
+PCRE contains some optimizations that are used to speed up matching by running
+some checks at the start of each match attempt. For example, it may know the
+minimum length of matching subject, or that a particular character must be
+present. When one of these optimizations bypasses the running of a match, any
+included backtracking verbs will not, of course, be processed. You can suppress
+the start-of-match optimizations by setting the PCRE_NO_START_OPTIMIZE option
+when calling <b>pcre_compile()</b> or <b>pcre_exec()</b>, or by starting the
+pattern with (*NO_START_OPT). There is more discussion of this option in the
+section entitled
+<a href="pcreapi.html#execoptions">"Option bits for <b>pcre_exec()</b>"</a>
+in the
+<a href="pcreapi.html"><b>pcreapi</b></a>
+documentation.
+</P>
+<P>
+Experiments with Perl suggest that it too has similar optimizations, sometimes
+leading to anomalous results.
+</P>
+<br><b>
+Verbs that act immediately
+</b><br>
+<P>
+The following verbs act as soon as they are encountered. They may not be
+followed by a name.
+<pre>
+   (*ACCEPT)
+</pre>
+This verb causes the match to end successfully, skipping the remainder of the
+pattern. However, when it is inside a subpattern that is called as a
+subroutine, only that subpattern is ended successfully. Matching then continues
+at the outer level. If (*ACCEPT) in triggered in a positive assertion, the
+assertion succeeds; in a negative assertion, the assertion fails.
+</P>
+<P>
+If (*ACCEPT) is inside capturing parentheses, the data so far is captured. For
+example:
+<pre>
+  A((?:A|B(*ACCEPT)|C)D)
+</pre>
+This matches "AB", "AAD", or "ACD"; when it matches "AB", "B" is captured by
+the outer parentheses.
+<pre>
+  (*FAIL) or (*F)
+</pre>
+This verb causes a matching failure, forcing backtracking to occur. It is
+equivalent to (?!) but easier to read. The Perl documentation notes that it is
+probably useful only when combined with (?{}) or (??{}). Those are, of course,
+Perl features that are not present in PCRE. The nearest equivalent is the
+callout feature, as for example in this pattern:
+<pre>
+  a+(?C)(*FAIL)
+</pre>
+A match with the string "aaaa" always fails, but the callout is taken before
+each backtrack happens (in this example, 10 times).
+</P>
+<br><b>
+Recording which path was taken
+</b><br>
+<P>
+There is one verb whose main purpose is to track how a match was arrived at,
+though it also has a secondary use in conjunction with advancing the match
+starting point (see (*SKIP) below).
+<pre>
+  (*MARK:NAME) or (*:NAME)
+</pre>
+A name is always required with this verb. There may be as many instances of
+(*MARK) as you like in a pattern, and their names do not have to be unique.
+</P>
+<P>
+When a match succeeds, the name of the last-encountered (*MARK:NAME),
+(*PRUNE:NAME), or (*THEN:NAME) on the matching path is passed back to the
+caller as described in the section entitled
+<a href="pcreapi.html#extradata">"Extra data for <b>pcre_exec()</b>"</a>
+in the
+<a href="pcreapi.html"><b>pcreapi</b></a>
+documentation. Here is an example of <b>pcretest</b> output, where the /K
+modifier requests the retrieval and outputting of (*MARK) data:
+<pre>
+    re&#62; /X(*MARK:A)Y|X(*MARK:B)Z/K
+  data&#62; XY
+   0: XY
+  MK: A
+  XZ
+   0: XZ
+  MK: B
+</pre>
+The (*MARK) name is tagged with "MK:" in this output, and in this example it
+indicates which of the two alternatives matched. This is a more efficient way
+of obtaining this information than putting each alternative in its own
+capturing parentheses.
+</P>
+<P>
+If a verb with a name is encountered in a positive assertion that is true, the
+name is recorded and passed back if it is the last-encountered. This does not
+happen for negative assertions or failing positive assertions.
+</P>
+<P>
+After a partial match or a failed match, the last encountered name in the
+entire match process is returned. For example:
+<pre>
+    re&#62; /X(*MARK:A)Y|X(*MARK:B)Z/K
+  data&#62; XP
+  No match, mark = B
+</pre>
+Note that in this unanchored example the mark is retained from the match
+attempt that started at the letter "X" in the subject. Subsequent match
+attempts starting at "P" and then with an empty string do not get as far as the
+(*MARK) item, but nevertheless do not reset it.
+</P>
+<P>
+If you are interested in (*MARK) values after failed matches, you should
+probably set the PCRE_NO_START_OPTIMIZE option
+<a href="#nooptimize">(see above)</a>
+to ensure that the match is always attempted.
+</P>
+<br><b>
+Verbs that act after backtracking
+</b><br>
+<P>
+The following verbs do nothing when they are encountered. Matching continues
+with what follows, but if there is no subsequent match, causing a backtrack to
+the verb, a failure is forced. That is, backtracking cannot pass to the left of
+the verb. However, when one of these verbs appears inside an atomic group or an
+assertion that is true, its effect is confined to that group, because once the
+group has been matched, there is never any backtracking into it. In this
+situation, backtracking can "jump back" to the left of the entire atomic group
+or assertion. (Remember also, as stated above, that this localization also
+applies in subroutine calls.)
+</P>
+<P>
+These verbs differ in exactly what kind of failure occurs when backtracking
+reaches them. The behaviour described below is what happens when the verb is
+not in a subroutine or an assertion. Subsequent sections cover these special
+cases.
+<pre>
+  (*COMMIT)
+</pre>
+This verb, which may not be followed by a name, causes the whole match to fail
+outright if there is a later matching failure that causes backtracking to reach
+it. Even if the pattern is unanchored, no further attempts to find a match by
+advancing the starting point take place. If (*COMMIT) is the only backtracking
+verb that is encountered, once it has been passed <b>pcre_exec()</b> is
+committed to finding a match at the current starting point, or not at all. For
+example:
+<pre>
+  a+(*COMMIT)b
+</pre>
+This matches "xxaab" but not "aacaab". It can be thought of as a kind of
+dynamic anchor, or "I've started, so I must finish." The name of the most
+recently passed (*MARK) in the path is passed back when (*COMMIT) forces a
+match failure.
+</P>
+<P>
+If there is more than one backtracking verb in a pattern, a different one that
+follows (*COMMIT) may be triggered first, so merely passing (*COMMIT) during a
+match does not always guarantee that a match must be at this starting point.
+</P>
+<P>
+Note that (*COMMIT) at the start of a pattern is not the same as an anchor,
+unless PCRE's start-of-match optimizations are turned off, as shown in this
+output from <b>pcretest</b>:
+<pre>
+    re&#62; /(*COMMIT)abc/
+  data&#62; xyzabc
+   0: abc
+  data&#62; xyzabc\Y
+  No match
+</pre>
+For this pattern, PCRE knows that any match must start with "a", so the
+optimization skips along the subject to "a" before applying the pattern to the
+first set of data. The match attempt then succeeds. In the second set of data,
+the escape sequence \Y is interpreted by the <b>pcretest</b> program. It causes
+the PCRE_NO_START_OPTIMIZE option to be set when <b>pcre_exec()</b> is called.
+This disables the optimization that skips along to the first character. The
+pattern is now applied starting at "x", and so the (*COMMIT) causes the match
+to fail without trying any other starting points.
+<pre>
+  (*PRUNE) or (*PRUNE:NAME)
+</pre>
+This verb causes the match to fail at the current starting position in the
+subject if there is a later matching failure that causes backtracking to reach
+it. If the pattern is unanchored, the normal "bumpalong" advance to the next
+starting character then happens. Backtracking can occur as usual to the left of
+(*PRUNE), before it is reached, or when matching to the right of (*PRUNE), but
+if there is no match to the right, backtracking cannot cross (*PRUNE). In
+simple cases, the use of (*PRUNE) is just an alternative to an atomic group or
+possessive quantifier, but there are some uses of (*PRUNE) that cannot be
+expressed in any other way. In an anchored pattern (*PRUNE) has the same effect
+as (*COMMIT).
+</P>
+<P>
+The behaviour of (*PRUNE:NAME) is the not the same as (*MARK:NAME)(*PRUNE).
+It is like (*MARK:NAME) in that the name is remembered for passing back to the
+caller. However, (*SKIP:NAME) searches only for names set with (*MARK).
+<pre>
+  (*SKIP)
+</pre>
+This verb, when given without a name, is like (*PRUNE), except that if the
+pattern is unanchored, the "bumpalong" advance is not to the next character,
+but to the position in the subject where (*SKIP) was encountered. (*SKIP)
+signifies that whatever text was matched leading up to it cannot be part of a
+successful match. Consider:
+<pre>
+  a+(*SKIP)b
+</pre>
+If the subject is "aaaac...", after the first match attempt fails (starting at
+the first character in the string), the starting point skips on to start the
+next attempt at "c". Note that a possessive quantifer does not have the same
+effect as this example; although it would suppress backtracking during the
+first match attempt, the second attempt would start at the second character
+instead of skipping on to "c".
+<pre>
+  (*SKIP:NAME)
+</pre>
+When (*SKIP) has an associated name, its behaviour is modified. When it is
+triggered, the previous path through the pattern is searched for the most
+recent (*MARK) that has the same name. If one is found, the "bumpalong" advance
+is to the subject position that corresponds to that (*MARK) instead of to where
+(*SKIP) was encountered. If no (*MARK) with a matching name is found, the
+(*SKIP) is ignored.
+</P>
+<P>
+Note that (*SKIP:NAME) searches only for names set by (*MARK:NAME). It ignores
+names that are set by (*PRUNE:NAME) or (*THEN:NAME).
+<pre>
+  (*THEN) or (*THEN:NAME)
+</pre>
+This verb causes a skip to the next innermost alternative when backtracking
+reaches it. That is, it cancels any further backtracking within the current
+alternative. Its name comes from the observation that it can be used for a
+pattern-based if-then-else block:
+<pre>
+  ( COND1 (*THEN) FOO | COND2 (*THEN) BAR | COND3 (*THEN) BAZ ) ...
+</pre>
+If the COND1 pattern matches, FOO is tried (and possibly further items after
+the end of the group if FOO succeeds); on failure, the matcher skips to the
+second alternative and tries COND2, without backtracking into COND1. If that
+succeeds and BAR fails, COND3 is tried. If subsequently BAZ fails, there are no
+more alternatives, so there is a backtrack to whatever came before the entire
+group. If (*THEN) is not inside an alternation, it acts like (*PRUNE).
+</P>
+<P>
+The behaviour of (*THEN:NAME) is the not the same as (*MARK:NAME)(*THEN).
+It is like (*MARK:NAME) in that the name is remembered for passing back to the
+caller. However, (*SKIP:NAME) searches only for names set with (*MARK).
+</P>
+<P>
+A subpattern that does not contain a | character is just a part of the
+enclosing alternative; it is not a nested alternation with only one
+alternative. The effect of (*THEN) extends beyond such a subpattern to the
+enclosing alternative. Consider this pattern, where A, B, etc. are complex
+pattern fragments that do not contain any | characters at this level:
+<pre>
+  A (B(*THEN)C) | D
+</pre>
+If A and B are matched, but there is a failure in C, matching does not
+backtrack into A; instead it moves to the next alternative, that is, D.
+However, if the subpattern containing (*THEN) is given an alternative, it
+behaves differently:
+<pre>
+  A (B(*THEN)C | (*FAIL)) | D
+</pre>
+The effect of (*THEN) is now confined to the inner subpattern. After a failure
+in C, matching moves to (*FAIL), which causes the whole subpattern to fail
+because there are no more alternatives to try. In this case, matching does now
+backtrack into A.
+</P>
+<P>
+Note that a conditional subpattern is not considered as having two
+alternatives, because only one is ever used. In other words, the | character in
+a conditional subpattern has a different meaning. Ignoring white space,
+consider:
+<pre>
+  ^.*? (?(?=a) a | b(*THEN)c )
+</pre>
+If the subject is "ba", this pattern does not match. Because .*? is ungreedy,
+it initially matches zero characters. The condition (?=a) then fails, the
+character "b" is matched, but "c" is not. At this point, matching does not
+backtrack to .*? as might perhaps be expected from the presence of the |
+character. The conditional subpattern is part of the single alternative that
+comprises the whole pattern, and so the match fails. (If there was a backtrack
+into .*?, allowing it to match "b", the match would succeed.)
+</P>
+<P>
+The verbs just described provide four different "strengths" of control when
+subsequent matching fails. (*THEN) is the weakest, carrying on the match at the
+next alternative. (*PRUNE) comes next, failing the match at the current
+starting position, but allowing an advance to the next character (for an
+unanchored pattern). (*SKIP) is similar, except that the advance may be more
+than one character. (*COMMIT) is the strongest, causing the entire match to
+fail.
+</P>
+<br><b>
+More than one backtracking verb
+</b><br>
+<P>
+If more than one backtracking verb is present in a pattern, the one that is
+backtracked onto first acts. For example, consider this pattern, where A, B,
+etc. are complex pattern fragments:
+<pre>
+  (A(*COMMIT)B(*THEN)C|ABD)
+</pre>
+If A matches but B fails, the backtrack to (*COMMIT) causes the entire match to
+fail. However, if A and B match, but C fails, the backtrack to (*THEN) causes
+the next alternative (ABD) to be tried. This behaviour is consistent, but is
+not always the same as Perl's. It means that if two or more backtracking verbs
+appear in succession, all the the last of them has no effect. Consider this
+example:
+<pre>
+  ...(*COMMIT)(*PRUNE)...
+</pre>
+If there is a matching failure to the right, backtracking onto (*PRUNE) causes
+it to be triggered, and its action is taken. There can never be a backtrack
+onto (*COMMIT).
+<a name="btrepeat"></a></P>
+<br><b>
+Backtracking verbs in repeated groups
+</b><br>
+<P>
+PCRE differs from Perl in its handling of backtracking verbs in repeated
+groups. For example, consider:
+<pre>
+  /(a(*COMMIT)b)+ac/
+</pre>
+If the subject is "abac", Perl matches, but PCRE fails because the (*COMMIT) in
+the second repeat of the group acts.
+<a name="btassert"></a></P>
+<br><b>
+Backtracking verbs in assertions
+</b><br>
+<P>
+(*FAIL) in an assertion has its normal effect: it forces an immediate backtrack.
+</P>
+<P>
+(*ACCEPT) in a positive assertion causes the assertion to succeed without any
+further processing. In a negative assertion, (*ACCEPT) causes the assertion to
+fail without any further processing.
+</P>
+<P>
+The other backtracking verbs are not treated specially if they appear in a
+positive assertion. In particular, (*THEN) skips to the next alternative in the
+innermost enclosing group that has alternations, whether or not this is within
+the assertion.
+</P>
+<P>
+Negative assertions are, however, different, in order to ensure that changing a
+positive assertion into a negative assertion changes its result. Backtracking
+into (*COMMIT), (*SKIP), or (*PRUNE) causes a negative assertion to be true,
+without considering any further alternative branches in the assertion.
+Backtracking into (*THEN) causes it to skip to the next enclosing alternative
+within the assertion (the normal behaviour), but if the assertion does not have
+such an alternative, (*THEN) behaves like (*PRUNE).
+<a name="btsub"></a></P>
+<br><b>
+Backtracking verbs in subroutines
+</b><br>
+<P>
+These behaviours occur whether or not the subpattern is called recursively.
+Perl's treatment of subroutines is different in some cases.
+</P>
+<P>
+(*FAIL) in a subpattern called as a subroutine has its normal effect: it forces
+an immediate backtrack.
+</P>
+<P>
+(*ACCEPT) in a subpattern called as a subroutine causes the subroutine match to
+succeed without any further processing. Matching then continues after the
+subroutine call.
+</P>
+<P>
+(*COMMIT), (*SKIP), and (*PRUNE) in a subpattern called as a subroutine cause
+the subroutine match to fail.
+</P>
+<P>
+(*THEN) skips to the next alternative in the innermost enclosing group within
+the subpattern that has alternatives. If there is no such group within the
+subpattern, (*THEN) causes the subroutine match to fail.
+</P>
+<br><a name="SEC28" href="#TOC1">SEE ALSO</a><br>
+<P>
+<b>pcreapi</b>(3), <b>pcrecallout</b>(3), <b>pcrematching</b>(3),
+<b>pcresyntax</b>(3), <b>pcre</b>(3), <b>pcre16(3)</b>, <b>pcre32(3)</b>.
+</P>
+<br><a name="SEC29" href="#TOC1">AUTHOR</a><br>
+<P>
+Philip Hazel
+<br>
+University Computing Service
+<br>
+Cambridge CB2 3QH, England.
+<br>
+</P>
+<br><a name="SEC30" href="#TOC1">REVISION</a><br>
+<P>
+Last updated: 23 October 2016
+<br>
+Copyright &copy; 1997-2016 University of Cambridge.
+<br>
+<p>
+Return to the <a href="index.html">PCRE index page</a>.
+</p>
diff --git a/client/3rd/ShadowSocks/ShadowSocks/pcre/arm64/share/doc/pcre/html/pcreperform.html b/client/3rd/ShadowSocks/ShadowSocks/pcre/arm64/share/doc/pcre/html/pcreperform.html
new file mode 100644
index 00000000..dda207f9
--- /dev/null
+++ b/client/3rd/ShadowSocks/ShadowSocks/pcre/arm64/share/doc/pcre/html/pcreperform.html
@@ -0,0 +1,195 @@
+<html>
+<head>
+<title>pcreperform specification</title>
+</head>
+<body bgcolor="#FFFFFF" text="#00005A" link="#0066FF" alink="#3399FF" vlink="#2222BB">
+<h1>pcreperform man page</h1>
+<p>
+Return to the <a href="index.html">PCRE index page</a>.
+</p>
+<p>
+This page is part of the PCRE HTML documentation. It was generated automatically
+from the original man page. If there is any nonsense in it, please consult the
+man page, in case the conversion went wrong.
+<br>
+<br><b>
+PCRE PERFORMANCE
+</b><br>
+<P>
+Two aspects of performance are discussed below: memory usage and processing
+time. The way you express your pattern as a regular expression can affect both
+of them.
+</P>
+<br><b>
+COMPILED PATTERN MEMORY USAGE
+</b><br>
+<P>
+Patterns are compiled by PCRE into a reasonably efficient interpretive code, so
+that most simple patterns do not use much memory. However, there is one case
+where the memory usage of a compiled pattern can be unexpectedly large. If a
+parenthesized subpattern has a quantifier with a minimum greater than 1 and/or
+a limited maximum, the whole subpattern is repeated in the compiled code. For
+example, the pattern
+<pre>
+  (abc|def){2,4}
+</pre>
+is compiled as if it were
+<pre>
+  (abc|def)(abc|def)((abc|def)(abc|def)?)?
+</pre>
+(Technical aside: It is done this way so that backtrack points within each of
+the repetitions can be independently maintained.)
+</P>
+<P>
+For regular expressions whose quantifiers use only small numbers, this is not
+usually a problem. However, if the numbers are large, and particularly if such
+repetitions are nested, the memory usage can become an embarrassment. For
+example, the very simple pattern
+<pre>
+  ((ab){1,1000}c){1,3}
+</pre>
+uses 51K bytes when compiled using the 8-bit library. When PCRE is compiled
+with its default internal pointer size of two bytes, the size limit on a
+compiled pattern is 64K data units, and this is reached with the above pattern
+if the outer repetition is increased from 3 to 4. PCRE can be compiled to use
+larger internal pointers and thus handle larger compiled patterns, but it is
+better to try to rewrite your pattern to use less memory if you can.
+</P>
+<P>
+One way of reducing the memory usage for such patterns is to make use of PCRE's
+<a href="pcrepattern.html#subpatternsassubroutines">"subroutine"</a>
+facility. Re-writing the above pattern as
+<pre>
+  ((ab)(?2){0,999}c)(?1){0,2}
+</pre>
+reduces the memory requirements to 18K, and indeed it remains under 20K even
+with the outer repetition increased to 100. However, this pattern is not
+exactly equivalent, because the "subroutine" calls are treated as
+<a href="pcrepattern.html#atomicgroup">atomic groups</a>
+into which there can be no backtracking if there is a subsequent matching
+failure. Therefore, PCRE cannot do this kind of rewriting automatically.
+Furthermore, there is a noticeable loss of speed when executing the modified
+pattern. Nevertheless, if the atomic grouping is not a problem and the loss of
+speed is acceptable, this kind of rewriting will allow you to process patterns
+that PCRE cannot otherwise handle.
+</P>
+<br><b>
+STACK USAGE AT RUN TIME
+</b><br>
+<P>
+When <b>pcre_exec()</b> or <b>pcre[16|32]_exec()</b> is used for matching, certain
+kinds of pattern can cause it to use large amounts of the process stack. In
+some environments the default process stack is quite small, and if it runs out
+the result is often SIGSEGV. This issue is probably the most frequently raised
+problem with PCRE. Rewriting your pattern can often help. The
+<a href="pcrestack.html"><b>pcrestack</b></a>
+documentation discusses this issue in detail.
+</P>
+<br><b>
+PROCESSING TIME
+</b><br>
+<P>
+Certain items in regular expression patterns are processed more efficiently
+than others. It is more efficient to use a character class like [aeiou] than a
+set of single-character alternatives such as (a|e|i|o|u). In general, the
+simplest construction that provides the required behaviour is usually the most
+efficient. Jeffrey Friedl's book contains a lot of useful general discussion
+about optimizing regular expressions for efficient performance. This document
+contains a few observations about PCRE.
+</P>
+<P>
+Using Unicode character properties (the \p, \P, and \X escapes) is slow,
+because PCRE has to use a multi-stage table lookup whenever it needs a
+character's property. If you can find an alternative pattern that does not use
+character properties, it will probably be faster.
+</P>
+<P>
+By default, the escape sequences \b, \d, \s, and \w, and the POSIX
+character classes such as [:alpha:] do not use Unicode properties, partly for
+backwards compatibility, and partly for performance reasons. However, you can
+set PCRE_UCP if you want Unicode character properties to be used. This can
+double the matching time for items such as \d, when matched with
+a traditional matching function; the performance loss is less with
+a DFA matching function, and in both cases there is not much difference for
+\b.
+</P>
+<P>
+When a pattern begins with .* not in parentheses, or in parentheses that are
+not the subject of a backreference, and the PCRE_DOTALL option is set, the
+pattern is implicitly anchored by PCRE, since it can match only at the start of
+a subject string. However, if PCRE_DOTALL is not set, PCRE cannot make this
+optimization, because the . metacharacter does not then match a newline, and if
+the subject string contains newlines, the pattern may match from the character
+immediately following one of them instead of from the very start. For example,
+the pattern
+<pre>
+  .*second
+</pre>
+matches the subject "first\nand second" (where \n stands for a newline
+character), with the match starting at the seventh character. In order to do
+this, PCRE has to retry the match starting after every newline in the subject.
+</P>
+<P>
+If you are using such a pattern with subject strings that do not contain
+newlines, the best performance is obtained by setting PCRE_DOTALL, or starting
+the pattern with ^.* or ^.*? to indicate explicit anchoring. That saves PCRE
+from having to scan along the subject looking for a newline to restart at.
+</P>
+<P>
+Beware of patterns that contain nested indefinite repeats. These can take a
+long time to run when applied to a string that does not match. Consider the
+pattern fragment
+<pre>
+  ^(a+)*
+</pre>
+This can match "aaaa" in 16 different ways, and this number increases very
+rapidly as the string gets longer. (The * repeat can match 0, 1, 2, 3, or 4
+times, and for each of those cases other than 0 or 4, the + repeats can match
+different numbers of times.) When the remainder of the pattern is such that the
+entire match is going to fail, PCRE has in principle to try every possible
+variation, and this can take an extremely long time, even for relatively short
+strings.
+</P>
+<P>
+An optimization catches some of the more simple cases such as
+<pre>
+  (a+)*b
+</pre>
+where a literal character follows. Before embarking on the standard matching
+procedure, PCRE checks that there is a "b" later in the subject string, and if
+there is not, it fails the match immediately. However, when there is no
+following literal this optimization cannot be used. You can see the difference
+by comparing the behaviour of
+<pre>
+  (a+)*\d
+</pre>
+with the pattern above. The former gives a failure almost instantly when
+applied to a whole line of "a" characters, whereas the latter takes an
+appreciable time with strings longer than about 20 characters.
+</P>
+<P>
+In many cases, the solution to this kind of performance issue is to use an
+atomic group or a possessive quantifier.
+</P>
+<br><b>
+AUTHOR
+</b><br>
+<P>
+Philip Hazel
+<br>
+University Computing Service
+<br>
+Cambridge CB2 3QH, England.
+<br>
+</P>
+<br><b>
+REVISION
+</b><br>
+<P>
+Last updated: 25 August 2012
+<br>
+Copyright &copy; 1997-2012 University of Cambridge.
+<br>
+<p>
+Return to the <a href="index.html">PCRE index page</a>.
+</p>
diff --git a/client/3rd/ShadowSocks/ShadowSocks/pcre/arm64/share/doc/pcre/html/pcreposix.html b/client/3rd/ShadowSocks/ShadowSocks/pcre/arm64/share/doc/pcre/html/pcreposix.html
new file mode 100644
index 00000000..18924cf7
--- /dev/null
+++ b/client/3rd/ShadowSocks/ShadowSocks/pcre/arm64/share/doc/pcre/html/pcreposix.html
@@ -0,0 +1,290 @@
+<html>
+<head>
+<title>pcreposix specification</title>
+</head>
+<body bgcolor="#FFFFFF" text="#00005A" link="#0066FF" alink="#3399FF" vlink="#2222BB">
+<h1>pcreposix man page</h1>
+<p>
+Return to the <a href="index.html">PCRE index page</a>.
+</p>
+<p>
+This page is part of the PCRE HTML documentation. It was generated automatically
+from the original man page. If there is any nonsense in it, please consult the
+man page, in case the conversion went wrong.
+<br>
+<ul>
+<li><a name="TOC1" href="#SEC1">SYNOPSIS</a>
+<li><a name="TOC2" href="#SEC2">DESCRIPTION</a>
+<li><a name="TOC3" href="#SEC3">COMPILING A PATTERN</a>
+<li><a name="TOC4" href="#SEC4">MATCHING NEWLINE CHARACTERS</a>
+<li><a name="TOC5" href="#SEC5">MATCHING A PATTERN</a>
+<li><a name="TOC6" href="#SEC6">ERROR MESSAGES</a>
+<li><a name="TOC7" href="#SEC7">MEMORY USAGE</a>
+<li><a name="TOC8" href="#SEC8">AUTHOR</a>
+<li><a name="TOC9" href="#SEC9">REVISION</a>
+</ul>
+<br><a name="SEC1" href="#TOC1">SYNOPSIS</a><br>
+<P>
+<b>#include &#60;pcreposix.h&#62;</b>
+</P>
+<P>
+<b>int regcomp(regex_t *<i>preg</i>, const char *<i>pattern</i>,</b>
+<b>     int <i>cflags</i>);</b>
+<br>
+<br>
+<b>int regexec(regex_t *<i>preg</i>, const char *<i>string</i>,</b>
+<b>     size_t <i>nmatch</i>, regmatch_t <i>pmatch</i>[], int <i>eflags</i>);</b>
+<b>     size_t regerror(int <i>errcode</i>, const regex_t *<i>preg</i>,</b>
+<b>     char *<i>errbuf</i>, size_t <i>errbuf_size</i>);</b>
+<br>
+<br>
+<b>void regfree(regex_t *<i>preg</i>);</b>
+</P>
+<br><a name="SEC2" href="#TOC1">DESCRIPTION</a><br>
+<P>
+This set of functions provides a POSIX-style API for the PCRE regular
+expression 8-bit library. See the
+<a href="pcreapi.html"><b>pcreapi</b></a>
+documentation for a description of PCRE's native API, which contains much
+additional functionality. There is no POSIX-style wrapper for PCRE's 16-bit
+and 32-bit library.
+</P>
+<P>
+The functions described here are just wrapper functions that ultimately call
+the PCRE native API. Their prototypes are defined in the <b>pcreposix.h</b>
+header file, and on Unix systems the library itself is called
+<b>pcreposix.a</b>, so can be accessed by adding <b>-lpcreposix</b> to the
+command for linking an application that uses them. Because the POSIX functions
+call the native ones, it is also necessary to add <b>-lpcre</b>.
+</P>
+<P>
+I have implemented only those POSIX option bits that can be reasonably mapped
+to PCRE native options. In addition, the option REG_EXTENDED is defined with
+the value zero. This has no effect, but since programs that are written to the
+POSIX interface often use it, this makes it easier to slot in PCRE as a
+replacement library. Other POSIX options are not even defined.
+</P>
+<P>
+There are also some other options that are not defined by POSIX. These have
+been added at the request of users who want to make use of certain
+PCRE-specific features via the POSIX calling interface.
+</P>
+<P>
+When PCRE is called via these functions, it is only the API that is POSIX-like
+in style. The syntax and semantics of the regular expressions themselves are
+still those of Perl, subject to the setting of various PCRE options, as
+described below. "POSIX-like in style" means that the API approximates to the
+POSIX definition; it is not fully POSIX-compatible, and in multi-byte encoding
+domains it is probably even less compatible.
+</P>
+<P>
+The header for these functions is supplied as <b>pcreposix.h</b> to avoid any
+potential clash with other POSIX libraries. It can, of course, be renamed or
+aliased as <b>regex.h</b>, which is the "correct" name. It provides two
+structure types, <i>regex_t</i> for compiled internal forms, and
+<i>regmatch_t</i> for returning captured substrings. It also defines some
+constants whose names start with "REG_"; these are used for setting options and
+identifying error codes.
+</P>
+<br><a name="SEC3" href="#TOC1">COMPILING A PATTERN</a><br>
+<P>
+The function <b>regcomp()</b> is called to compile a pattern into an
+internal form. The pattern is a C string terminated by a binary zero, and
+is passed in the argument <i>pattern</i>. The <i>preg</i> argument is a pointer
+to a <b>regex_t</b> structure that is used as a base for storing information
+about the compiled regular expression.
+</P>
+<P>
+The argument <i>cflags</i> is either zero, or contains one or more of the bits
+defined by the following macros:
+<pre>
+  REG_DOTALL
+</pre>
+The PCRE_DOTALL option is set when the regular expression is passed for
+compilation to the native function. Note that REG_DOTALL is not part of the
+POSIX standard.
+<pre>
+  REG_ICASE
+</pre>
+The PCRE_CASELESS option is set when the regular expression is passed for
+compilation to the native function.
+<pre>
+  REG_NEWLINE
+</pre>
+The PCRE_MULTILINE option is set when the regular expression is passed for
+compilation to the native function. Note that this does <i>not</i> mimic the
+defined POSIX behaviour for REG_NEWLINE (see the following section).
+<pre>
+  REG_NOSUB
+</pre>
+The PCRE_NO_AUTO_CAPTURE option is set when the regular expression is passed
+for compilation to the native function. In addition, when a pattern that is
+compiled with this flag is passed to <b>regexec()</b> for matching, the
+<i>nmatch</i> and <i>pmatch</i> arguments are ignored, and no captured strings
+are returned.
+<pre>
+  REG_UCP
+</pre>
+The PCRE_UCP option is set when the regular expression is passed for
+compilation to the native function. This causes PCRE to use Unicode properties
+when matchine \d, \w, etc., instead of just recognizing ASCII values. Note
+that REG_UTF8 is not part of the POSIX standard.
+<pre>
+  REG_UNGREEDY
+</pre>
+The PCRE_UNGREEDY option is set when the regular expression is passed for
+compilation to the native function. Note that REG_UNGREEDY is not part of the
+POSIX standard.
+<pre>
+  REG_UTF8
+</pre>
+The PCRE_UTF8 option is set when the regular expression is passed for
+compilation to the native function. This causes the pattern itself and all data
+strings used for matching it to be treated as UTF-8 strings. Note that REG_UTF8
+is not part of the POSIX standard.
+</P>
+<P>
+In the absence of these flags, no options are passed to the native function.
+This means the the regex is compiled with PCRE default semantics. In
+particular, the way it handles newline characters in the subject string is the
+Perl way, not the POSIX way. Note that setting PCRE_MULTILINE has only
+<i>some</i> of the effects specified for REG_NEWLINE. It does not affect the way
+newlines are matched by . (they are not) or by a negative class such as [^a]
+(they are).
+</P>
+<P>
+The yield of <b>regcomp()</b> is zero on success, and non-zero otherwise. The
+<i>preg</i> structure is filled in on success, and one member of the structure
+is public: <i>re_nsub</i> contains the number of capturing subpatterns in
+the regular expression. Various error codes are defined in the header file.
+</P>
+<P>
+NOTE: If the yield of <b>regcomp()</b> is non-zero, you must not attempt to
+use the contents of the <i>preg</i> structure. If, for example, you pass it to
+<b>regexec()</b>, the result is undefined and your program is likely to crash.
+</P>
+<br><a name="SEC4" href="#TOC1">MATCHING NEWLINE CHARACTERS</a><br>
+<P>
+This area is not simple, because POSIX and Perl take different views of things.
+It is not possible to get PCRE to obey POSIX semantics, but then PCRE was never
+intended to be a POSIX engine. The following table lists the different
+possibilities for matching newline characters in PCRE:
+<pre>
+                          Default   Change with
+
+  . matches newline          no     PCRE_DOTALL
+  newline matches [^a]       yes    not changeable
+  $ matches \n at end        yes    PCRE_DOLLARENDONLY
+  $ matches \n in middle     no     PCRE_MULTILINE
+  ^ matches \n in middle     no     PCRE_MULTILINE
+</pre>
+This is the equivalent table for POSIX:
+<pre>
+                          Default   Change with
+
+  . matches newline          yes    REG_NEWLINE
+  newline matches [^a]       yes    REG_NEWLINE
+  $ matches \n at end        no     REG_NEWLINE
+  $ matches \n in middle     no     REG_NEWLINE
+  ^ matches \n in middle     no     REG_NEWLINE
+</pre>
+PCRE's behaviour is the same as Perl's, except that there is no equivalent for
+PCRE_DOLLAR_ENDONLY in Perl. In both PCRE and Perl, there is no way to stop
+newline from matching [^a].
+</P>
+<P>
+The default POSIX newline handling can be obtained by setting PCRE_DOTALL and
+PCRE_DOLLAR_ENDONLY, but there is no way to make PCRE behave exactly as for the
+REG_NEWLINE action.
+</P>
+<br><a name="SEC5" href="#TOC1">MATCHING A PATTERN</a><br>
+<P>
+The function <b>regexec()</b> is called to match a compiled pattern <i>preg</i>
+against a given <i>string</i>, which is by default terminated by a zero byte
+(but see REG_STARTEND below), subject to the options in <i>eflags</i>. These can
+be:
+<pre>
+  REG_NOTBOL
+</pre>
+The PCRE_NOTBOL option is set when calling the underlying PCRE matching
+function.
+<pre>
+  REG_NOTEMPTY
+</pre>
+The PCRE_NOTEMPTY option is set when calling the underlying PCRE matching
+function. Note that REG_NOTEMPTY is not part of the POSIX standard. However,
+setting this option can give more POSIX-like behaviour in some situations.
+<pre>
+  REG_NOTEOL
+</pre>
+The PCRE_NOTEOL option is set when calling the underlying PCRE matching
+function.
+<pre>
+  REG_STARTEND
+</pre>
+The string is considered to start at <i>string</i> + <i>pmatch[0].rm_so</i> and
+to have a terminating NUL located at <i>string</i> + <i>pmatch[0].rm_eo</i>
+(there need not actually be a NUL at that location), regardless of the value of
+<i>nmatch</i>. This is a BSD extension, compatible with but not specified by
+IEEE Standard 1003.2 (POSIX.2), and should be used with caution in software
+intended to be portable to other systems. Note that a non-zero <i>rm_so</i> does
+not imply REG_NOTBOL; REG_STARTEND affects only the location of the string, not
+how it is matched.
+</P>
+<P>
+If the pattern was compiled with the REG_NOSUB flag, no data about any matched
+strings is returned. The <i>nmatch</i> and <i>pmatch</i> arguments of
+<b>regexec()</b> are ignored.
+</P>
+<P>
+If the value of <i>nmatch</i> is zero, or if the value <i>pmatch</i> is NULL,
+no data about any matched strings is returned.
+</P>
+<P>
+Otherwise,the portion of the string that was matched, and also any captured
+substrings, are returned via the <i>pmatch</i> argument, which points to an
+array of <i>nmatch</i> structures of type <i>regmatch_t</i>, containing the
+members <i>rm_so</i> and <i>rm_eo</i>. These contain the offset to the first
+character of each substring and the offset to the first character after the end
+of each substring, respectively. The 0th element of the vector relates to the
+entire portion of <i>string</i> that was matched; subsequent elements relate to
+the capturing subpatterns of the regular expression. Unused entries in the
+array have both structure members set to -1.
+</P>
+<P>
+A successful match yields a zero return; various error codes are defined in the
+header file, of which REG_NOMATCH is the "expected" failure code.
+</P>
+<br><a name="SEC6" href="#TOC1">ERROR MESSAGES</a><br>
+<P>
+The <b>regerror()</b> function maps a non-zero errorcode from either
+<b>regcomp()</b> or <b>regexec()</b> to a printable message. If <i>preg</i> is not
+NULL, the error should have arisen from the use of that structure. A message
+terminated by a binary zero is placed in <i>errbuf</i>. The length of the
+message, including the zero, is limited to <i>errbuf_size</i>. The yield of the
+function is the size of buffer needed to hold the whole message.
+</P>
+<br><a name="SEC7" href="#TOC1">MEMORY USAGE</a><br>
+<P>
+Compiling a regular expression causes memory to be allocated and associated
+with the <i>preg</i> structure. The function <b>regfree()</b> frees all such
+memory, after which <i>preg</i> may no longer be used as a compiled expression.
+</P>
+<br><a name="SEC8" href="#TOC1">AUTHOR</a><br>
+<P>
+Philip Hazel
+<br>
+University Computing Service
+<br>
+Cambridge CB2 3QH, England.
+<br>
+</P>
+<br><a name="SEC9" href="#TOC1">REVISION</a><br>
+<P>
+Last updated: 09 January 2012
+<br>
+Copyright &copy; 1997-2012 University of Cambridge.
+<br>
+<p>
+Return to the <a href="index.html">PCRE index page</a>.
+</p>
diff --git a/client/3rd/ShadowSocks/ShadowSocks/pcre/arm64/share/doc/pcre/html/pcreprecompile.html b/client/3rd/ShadowSocks/ShadowSocks/pcre/arm64/share/doc/pcre/html/pcreprecompile.html
new file mode 100644
index 00000000..decb1d6c
--- /dev/null
+++ b/client/3rd/ShadowSocks/ShadowSocks/pcre/arm64/share/doc/pcre/html/pcreprecompile.html
@@ -0,0 +1,163 @@
+<html>
+<head>
+<title>pcreprecompile specification</title>
+</head>
+<body bgcolor="#FFFFFF" text="#00005A" link="#0066FF" alink="#3399FF" vlink="#2222BB">
+<h1>pcreprecompile man page</h1>
+<p>
+Return to the <a href="index.html">PCRE index page</a>.
+</p>
+<p>
+This page is part of the PCRE HTML documentation. It was generated automatically
+from the original man page. If there is any nonsense in it, please consult the
+man page, in case the conversion went wrong.
+<br>
+<ul>
+<li><a name="TOC1" href="#SEC1">SAVING AND RE-USING PRECOMPILED PCRE PATTERNS</a>
+<li><a name="TOC2" href="#SEC2">SAVING A COMPILED PATTERN</a>
+<li><a name="TOC3" href="#SEC3">RE-USING A PRECOMPILED PATTERN</a>
+<li><a name="TOC4" href="#SEC4">COMPATIBILITY WITH DIFFERENT PCRE RELEASES</a>
+<li><a name="TOC5" href="#SEC5">AUTHOR</a>
+<li><a name="TOC6" href="#SEC6">REVISION</a>
+</ul>
+<br><a name="SEC1" href="#TOC1">SAVING AND RE-USING PRECOMPILED PCRE PATTERNS</a><br>
+<P>
+If you are running an application that uses a large number of regular
+expression patterns, it may be useful to store them in a precompiled form
+instead of having to compile them every time the application is run.
+If you are not using any private character tables (see the
+<a href="pcre_maketables.html"><b>pcre_maketables()</b></a>
+documentation), this is relatively straightforward. If you are using private
+tables, it is a little bit more complicated. However, if you are using the
+just-in-time optimization feature, it is not possible to save and reload the
+JIT data.
+</P>
+<P>
+If you save compiled patterns to a file, you can copy them to a different host
+and run them there. If the two hosts have different endianness (byte order),
+you should run the <b>pcre[16|32]_pattern_to_host_byte_order()</b> function on the
+new host before trying to match the pattern. The matching functions return
+PCRE_ERROR_BADENDIANNESS if they detect a pattern with the wrong endianness.
+</P>
+<P>
+Compiling regular expressions with one version of PCRE for use with a different
+version is not guaranteed to work and may cause crashes, and saving and
+restoring a compiled pattern loses any JIT optimization data.
+</P>
+<br><a name="SEC2" href="#TOC1">SAVING A COMPILED PATTERN</a><br>
+<P>
+The value returned by <b>pcre[16|32]_compile()</b> points to a single block of
+memory that holds the compiled pattern and associated data. You can find the
+length of this block in bytes by calling <b>pcre[16|32]_fullinfo()</b> with an
+argument of PCRE_INFO_SIZE. You can then save the data in any appropriate
+manner. Here is sample code for the 8-bit library that compiles a pattern and
+writes it to a file. It assumes that the variable <i>fd</i> refers to a file
+that is open for output:
+<pre>
+  int erroroffset, rc, size;
+  char *error;
+  pcre *re;
+
+  re = pcre_compile("my pattern", 0, &error, &erroroffset, NULL);
+  if (re == NULL) { ... handle errors ... }
+  rc = pcre_fullinfo(re, NULL, PCRE_INFO_SIZE, &size);
+  if (rc &#60; 0) { ... handle errors ... }
+  rc = fwrite(re, 1, size, fd);
+  if (rc != size) { ... handle errors ... }
+</pre>
+In this example, the bytes that comprise the compiled pattern are copied
+exactly. Note that this is binary data that may contain any of the 256 possible
+byte values. On systems that make a distinction between binary and non-binary
+data, be sure that the file is opened for binary output.
+</P>
+<P>
+If you want to write more than one pattern to a file, you will have to devise a
+way of separating them. For binary data, preceding each pattern with its length
+is probably the most straightforward approach. Another possibility is to write
+out the data in hexadecimal instead of binary, one pattern to a line.
+</P>
+<P>
+Saving compiled patterns in a file is only one possible way of storing them for
+later use. They could equally well be saved in a database, or in the memory of
+some daemon process that passes them via sockets to the processes that want
+them.
+</P>
+<P>
+If the pattern has been studied, it is also possible to save the normal study
+data in a similar way to the compiled pattern itself. However, if the
+PCRE_STUDY_JIT_COMPILE was used, the just-in-time data that is created cannot
+be saved because it is too dependent on the current environment. When studying
+generates additional information, <b>pcre[16|32]_study()</b> returns a pointer to a
+<b>pcre[16|32]_extra</b> data block. Its format is defined in the
+<a href="pcreapi.html#extradata">section on matching a pattern</a>
+in the
+<a href="pcreapi.html"><b>pcreapi</b></a>
+documentation. The <i>study_data</i> field points to the binary study data, and
+this is what you must save (not the <b>pcre[16|32]_extra</b> block itself). The
+length of the study data can be obtained by calling <b>pcre[16|32]_fullinfo()</b>
+with an argument of PCRE_INFO_STUDYSIZE. Remember to check that
+<b>pcre[16|32]_study()</b> did return a non-NULL value before trying to save the
+study data.
+</P>
+<br><a name="SEC3" href="#TOC1">RE-USING A PRECOMPILED PATTERN</a><br>
+<P>
+Re-using a precompiled pattern is straightforward. Having reloaded it into main
+memory, called <b>pcre[16|32]_pattern_to_host_byte_order()</b> if necessary, you
+pass its pointer to <b>pcre[16|32]_exec()</b> or <b>pcre[16|32]_dfa_exec()</b> in
+the usual way.
+</P>
+<P>
+However, if you passed a pointer to custom character tables when the pattern
+was compiled (the <i>tableptr</i> argument of <b>pcre[16|32]_compile()</b>), you
+must now pass a similar pointer to <b>pcre[16|32]_exec()</b> or
+<b>pcre[16|32]_dfa_exec()</b>, because the value saved with the compiled pattern
+will obviously be nonsense. A field in a <b>pcre[16|32]_extra()</b> block is used
+to pass this data, as described in the
+<a href="pcreapi.html#extradata">section on matching a pattern</a>
+in the
+<a href="pcreapi.html"><b>pcreapi</b></a>
+documentation.
+</P>
+<P>
+<b>Warning:</b> The tables that <b>pcre_exec()</b> and <b>pcre_dfa_exec()</b> use
+must be the same as those that were used when the pattern was compiled. If this
+is not the case, the behaviour is undefined.
+</P>
+<P>
+If you did not provide custom character tables when the pattern was compiled,
+the pointer in the compiled pattern is NULL, which causes the matching
+functions to use PCRE's internal tables. Thus, you do not need to take any
+special action at run time in this case.
+</P>
+<P>
+If you saved study data with the compiled pattern, you need to create your own
+<b>pcre[16|32]_extra</b> data block and set the <i>study_data</i> field to point
+to the reloaded study data. You must also set the PCRE_EXTRA_STUDY_DATA bit in
+the <i>flags</i> field to indicate that study data is present. Then pass the
+<b>pcre[16|32]_extra</b> block to the matching function in the usual way. If the
+pattern was studied for just-in-time optimization, that data cannot be saved,
+and so is lost by a save/restore cycle.
+</P>
+<br><a name="SEC4" href="#TOC1">COMPATIBILITY WITH DIFFERENT PCRE RELEASES</a><br>
+<P>
+In general, it is safest to recompile all saved patterns when you update to a
+new PCRE release, though not all updates actually require this.
+</P>
+<br><a name="SEC5" href="#TOC1">AUTHOR</a><br>
+<P>
+Philip Hazel
+<br>
+University Computing Service
+<br>
+Cambridge CB2 3QH, England.
+<br>
+</P>
+<br><a name="SEC6" href="#TOC1">REVISION</a><br>
+<P>
+Last updated: 12 November 2013
+<br>
+Copyright &copy; 1997-2013 University of Cambridge.
+<br>
+<p>
+Return to the <a href="index.html">PCRE index page</a>.
+</p>
diff --git a/client/3rd/ShadowSocks/ShadowSocks/pcre/arm64/share/doc/pcre/html/pcresample.html b/client/3rd/ShadowSocks/ShadowSocks/pcre/arm64/share/doc/pcre/html/pcresample.html
new file mode 100644
index 00000000..aca9184e
--- /dev/null
+++ b/client/3rd/ShadowSocks/ShadowSocks/pcre/arm64/share/doc/pcre/html/pcresample.html
@@ -0,0 +1,110 @@
+<html>
+<head>
+<title>pcresample specification</title>
+</head>
+<body bgcolor="#FFFFFF" text="#00005A" link="#0066FF" alink="#3399FF" vlink="#2222BB">
+<h1>pcresample man page</h1>
+<p>
+Return to the <a href="index.html">PCRE index page</a>.
+</p>
+<p>
+This page is part of the PCRE HTML documentation. It was generated automatically
+from the original man page. If there is any nonsense in it, please consult the
+man page, in case the conversion went wrong.
+<br>
+<br><b>
+PCRE SAMPLE PROGRAM
+</b><br>
+<P>
+A simple, complete demonstration program, to get you started with using PCRE,
+is supplied in the file <i>pcredemo.c</i> in the PCRE distribution. A listing of
+this program is given in the
+<a href="pcredemo.html"><b>pcredemo</b></a>
+documentation. If you do not have a copy of the PCRE distribution, you can save
+this listing to re-create <i>pcredemo.c</i>.
+</P>
+<P>
+The demonstration program, which uses the original PCRE 8-bit library, compiles
+the regular expression that is its first argument, and matches it against the
+subject string in its second argument. No PCRE options are set, and default
+character tables are used. If matching succeeds, the program outputs the
+portion of the subject that matched, together with the contents of any captured
+substrings.
+</P>
+<P>
+If the -g option is given on the command line, the program then goes on to
+check for further matches of the same regular expression in the same subject
+string. The logic is a little bit tricky because of the possibility of matching
+an empty string. Comments in the code explain what is going on.
+</P>
+<P>
+If PCRE is installed in the standard include and library directories for your
+operating system, you should be able to compile the demonstration program using
+this command:
+<pre>
+  gcc -o pcredemo pcredemo.c -lpcre
+</pre>
+If PCRE is installed elsewhere, you may need to add additional options to the
+command line. For example, on a Unix-like system that has PCRE installed in
+<i>/usr/local</i>, you can compile the demonstration program using a command
+like this:
+<pre>
+  gcc -o pcredemo -I/usr/local/include pcredemo.c -L/usr/local/lib -lpcre
+</pre>
+In a Windows environment, if you want to statically link the program against a
+non-dll <b>pcre.a</b> file, you must uncomment the line that defines PCRE_STATIC
+before including <b>pcre.h</b>, because otherwise the <b>pcre_malloc()</b> and
+<b>pcre_free()</b> exported functions will be declared
+<b>__declspec(dllimport)</b>, with unwanted results.
+</P>
+<P>
+Once you have compiled and linked the demonstration program, you can run simple
+tests like this:
+<pre>
+  ./pcredemo 'cat|dog' 'the cat sat on the mat'
+  ./pcredemo -g 'cat|dog' 'the dog sat on the cat'
+</pre>
+Note that there is a much more comprehensive test program, called
+<a href="pcretest.html"><b>pcretest</b>,</a>
+which supports many more facilities for testing regular expressions and both
+PCRE libraries. The
+<a href="pcredemo.html"><b>pcredemo</b></a>
+program is provided as a simple coding example.
+</P>
+<P>
+If you try to run
+<a href="pcredemo.html"><b>pcredemo</b></a>
+when PCRE is not installed in the standard library directory, you may get an
+error like this on some operating systems (e.g. Solaris):
+<pre>
+  ld.so.1: a.out: fatal: libpcre.so.0: open failed: No such file or directory
+</pre>
+This is caused by the way shared library support works on those systems. You
+need to add
+<pre>
+  -R/usr/local/lib
+</pre>
+(for example) to the compile command to get round this problem.
+</P>
+<br><b>
+AUTHOR
+</b><br>
+<P>
+Philip Hazel
+<br>
+University Computing Service
+<br>
+Cambridge CB2 3QH, England.
+<br>
+</P>
+<br><b>
+REVISION
+</b><br>
+<P>
+Last updated: 10 January 2012
+<br>
+Copyright &copy; 1997-2012 University of Cambridge.
+<br>
+<p>
+Return to the <a href="index.html">PCRE index page</a>.
+</p>
diff --git a/client/3rd/ShadowSocks/ShadowSocks/pcre/arm64/share/doc/pcre/html/pcrestack.html b/client/3rd/ShadowSocks/ShadowSocks/pcre/arm64/share/doc/pcre/html/pcrestack.html
new file mode 100644
index 00000000..af6406d0
--- /dev/null
+++ b/client/3rd/ShadowSocks/ShadowSocks/pcre/arm64/share/doc/pcre/html/pcrestack.html
@@ -0,0 +1,225 @@
+<html>
+<head>
+<title>pcrestack specification</title>
+</head>
+<body bgcolor="#FFFFFF" text="#00005A" link="#0066FF" alink="#3399FF" vlink="#2222BB">
+<h1>pcrestack man page</h1>
+<p>
+Return to the <a href="index.html">PCRE index page</a>.
+</p>
+<p>
+This page is part of the PCRE HTML documentation. It was generated automatically
+from the original man page. If there is any nonsense in it, please consult the
+man page, in case the conversion went wrong.
+<br>
+<br><b>
+PCRE DISCUSSION OF STACK USAGE
+</b><br>
+<P>
+When you call <b>pcre[16|32]_exec()</b>, it makes use of an internal function
+called <b>match()</b>. This calls itself recursively at branch points in the
+pattern, in order to remember the state of the match so that it can back up and
+try a different alternative if the first one fails. As matching proceeds deeper
+and deeper into the tree of possibilities, the recursion depth increases. The
+<b>match()</b> function is also called in other circumstances, for example,
+whenever a parenthesized sub-pattern is entered, and in certain cases of
+repetition.
+</P>
+<P>
+Not all calls of <b>match()</b> increase the recursion depth; for an item such
+as a* it may be called several times at the same level, after matching
+different numbers of a's. Furthermore, in a number of cases where the result of
+the recursive call would immediately be passed back as the result of the
+current call (a "tail recursion"), the function is just restarted instead.
+</P>
+<P>
+The above comments apply when <b>pcre[16|32]_exec()</b> is run in its normal
+interpretive manner. If the pattern was studied with the
+PCRE_STUDY_JIT_COMPILE option, and just-in-time compiling was successful, and
+the options passed to <b>pcre[16|32]_exec()</b> were not incompatible, the matching
+process uses the JIT-compiled code instead of the <b>match()</b> function. In
+this case, the memory requirements are handled entirely differently. See the
+<a href="pcrejit.html"><b>pcrejit</b></a>
+documentation for details.
+</P>
+<P>
+The <b>pcre[16|32]_dfa_exec()</b> function operates in an entirely different way,
+and uses recursion only when there is a regular expression recursion or
+subroutine call in the pattern. This includes the processing of assertion and
+"once-only" subpatterns, which are handled like subroutine calls. Normally,
+these are never very deep, and the limit on the complexity of
+<b>pcre[16|32]_dfa_exec()</b> is controlled by the amount of workspace it is given.
+However, it is possible to write patterns with runaway infinite recursions;
+such patterns will cause <b>pcre[16|32]_dfa_exec()</b> to run out of stack. At
+present, there is no protection against this.
+</P>
+<P>
+The comments that follow do NOT apply to <b>pcre[16|32]_dfa_exec()</b>; they are
+relevant only for <b>pcre[16|32]_exec()</b> without the JIT optimization.
+</P>
+<br><b>
+Reducing <b>pcre[16|32]_exec()</b>'s stack usage
+</b><br>
+<P>
+Each time that <b>match()</b> is actually called recursively, it uses memory
+from the process stack. For certain kinds of pattern and data, very large
+amounts of stack may be needed, despite the recognition of "tail recursion".
+You can often reduce the amount of recursion, and therefore the amount of stack
+used, by modifying the pattern that is being matched. Consider, for example,
+this pattern:
+<pre>
+  ([^&#60;]|&#60;(?!inet))+
+</pre>
+It matches from wherever it starts until it encounters "&#60;inet" or the end of
+the data, and is the kind of pattern that might be used when processing an XML
+file. Each iteration of the outer parentheses matches either one character that
+is not "&#60;" or a "&#60;" that is not followed by "inet". However, each time a
+parenthesis is processed, a recursion occurs, so this formulation uses a stack
+frame for each matched character. For a long string, a lot of stack is
+required. Consider now this rewritten pattern, which matches exactly the same
+strings:
+<pre>
+  ([^&#60;]++|&#60;(?!inet))+
+</pre>
+This uses very much less stack, because runs of characters that do not contain
+"&#60;" are "swallowed" in one item inside the parentheses. Recursion happens only
+when a "&#60;" character that is not followed by "inet" is encountered (and we
+assume this is relatively rare). A possessive quantifier is used to stop any
+backtracking into the runs of non-"&#60;" characters, but that is not related to
+stack usage.
+</P>
+<P>
+This example shows that one way of avoiding stack problems when matching long
+subject strings is to write repeated parenthesized subpatterns to match more
+than one character whenever possible.
+</P>
+<br><b>
+Compiling PCRE to use heap instead of stack for <b>pcre[16|32]_exec()</b>
+</b><br>
+<P>
+In environments where stack memory is constrained, you might want to compile
+PCRE to use heap memory instead of stack for remembering back-up points when
+<b>pcre[16|32]_exec()</b> is running. This makes it run a lot more slowly, however.
+Details of how to do this are given in the
+<a href="pcrebuild.html"><b>pcrebuild</b></a>
+documentation. When built in this way, instead of using the stack, PCRE obtains
+and frees memory by calling the functions that are pointed to by the
+<b>pcre[16|32]_stack_malloc</b> and <b>pcre[16|32]_stack_free</b> variables. By
+default, these point to <b>malloc()</b> and <b>free()</b>, but you can replace
+the pointers to cause PCRE to use your own functions. Since the block sizes are
+always the same, and are always freed in reverse order, it may be possible to
+implement customized memory handlers that are more efficient than the standard
+functions.
+</P>
+<br><b>
+Limiting <b>pcre[16|32]_exec()</b>'s stack usage
+</b><br>
+<P>
+You can set limits on the number of times that <b>match()</b> is called, both in
+total and recursively. If a limit is exceeded, <b>pcre[16|32]_exec()</b> returns an
+error code. Setting suitable limits should prevent it from running out of
+stack. The default values of the limits are very large, and unlikely ever to
+operate. They can be changed when PCRE is built, and they can also be set when
+<b>pcre[16|32]_exec()</b> is called. For details of these interfaces, see the
+<a href="pcrebuild.html"><b>pcrebuild</b></a>
+documentation and the
+<a href="pcreapi.html#extradata">section on extra data for <b>pcre[16|32]_exec()</b></a>
+in the
+<a href="pcreapi.html"><b>pcreapi</b></a>
+documentation.
+</P>
+<P>
+As a very rough rule of thumb, you should reckon on about 500 bytes per
+recursion. Thus, if you want to limit your stack usage to 8Mb, you should set
+the limit at 16000 recursions. A 64Mb stack, on the other hand, can support
+around 128000 recursions.
+</P>
+<P>
+In Unix-like environments, the <b>pcretest</b> test program has a command line
+option (<b>-S</b>) that can be used to increase the size of its stack. As long
+as the stack is large enough, another option (<b>-M</b>) can be used to find the
+smallest limits that allow a particular pattern to match a given subject
+string. This is done by calling <b>pcre[16|32]_exec()</b> repeatedly with different
+limits.
+</P>
+<br><b>
+Obtaining an estimate of stack usage
+</b><br>
+<P>
+The actual amount of stack used per recursion can vary quite a lot, depending
+on the compiler that was used to build PCRE and the optimization or debugging
+options that were set for it. The rule of thumb value of 500 bytes mentioned
+above may be larger or smaller than what is actually needed. A better
+approximation can be obtained by running this command:
+<pre>
+  pcretest -m -C
+</pre>
+The <b>-C</b> option causes <b>pcretest</b> to output information about the
+options with which PCRE was compiled. When <b>-m</b> is also given (before
+<b>-C</b>), information about stack use is given in a line like this:
+<pre>
+  Match recursion uses stack: approximate frame size = 640 bytes
+</pre>
+The value is approximate because some recursions need a bit more (up to perhaps
+16 more bytes).
+</P>
+<P>
+If the above command is given when PCRE is compiled to use the heap instead of
+the stack for recursion, the value that is output is the size of each block
+that is obtained from the heap.
+</P>
+<br><b>
+Changing stack size in Unix-like systems
+</b><br>
+<P>
+In Unix-like environments, there is not often a problem with the stack unless
+very long strings are involved, though the default limit on stack size varies
+from system to system. Values from 8Mb to 64Mb are common. You can find your
+default limit by running the command:
+<pre>
+  ulimit -s
+</pre>
+Unfortunately, the effect of running out of stack is often SIGSEGV, though
+sometimes a more explicit error message is given. You can normally increase the
+limit on stack size by code such as this:
+<pre>
+  struct rlimit rlim;
+  getrlimit(RLIMIT_STACK, &rlim);
+  rlim.rlim_cur = 100*1024*1024;
+  setrlimit(RLIMIT_STACK, &rlim);
+</pre>
+This reads the current limits (soft and hard) using <b>getrlimit()</b>, then
+attempts to increase the soft limit to 100Mb using <b>setrlimit()</b>. You must
+do this before calling <b>pcre[16|32]_exec()</b>.
+</P>
+<br><b>
+Changing stack size in Mac OS X
+</b><br>
+<P>
+Using <b>setrlimit()</b>, as described above, should also work on Mac OS X. It
+is also possible to set a stack size when linking a program. There is a
+discussion about stack sizes in Mac OS X at this web site:
+<a href="http://developer.apple.com/qa/qa2005/qa1419.html">http://developer.apple.com/qa/qa2005/qa1419.html.</a>
+</P>
+<br><b>
+AUTHOR
+</b><br>
+<P>
+Philip Hazel
+<br>
+University Computing Service
+<br>
+Cambridge CB2 3QH, England.
+<br>
+</P>
+<br><b>
+REVISION
+</b><br>
+<P>
+Last updated: 24 June 2012
+<br>
+Copyright &copy; 1997-2012 University of Cambridge.
+<br>
+<p>
+Return to the <a href="index.html">PCRE index page</a>.
+</p>
diff --git a/client/3rd/ShadowSocks/ShadowSocks/pcre/arm64/share/doc/pcre/html/pcresyntax.html b/client/3rd/ShadowSocks/ShadowSocks/pcre/arm64/share/doc/pcre/html/pcresyntax.html
new file mode 100644
index 00000000..5896b9e0
--- /dev/null
+++ b/client/3rd/ShadowSocks/ShadowSocks/pcre/arm64/share/doc/pcre/html/pcresyntax.html
@@ -0,0 +1,561 @@
+<html>
+<head>
+<title>pcresyntax specification</title>
+</head>
+<body bgcolor="#FFFFFF" text="#00005A" link="#0066FF" alink="#3399FF" vlink="#2222BB">
+<h1>pcresyntax man page</h1>
+<p>
+Return to the <a href="index.html">PCRE index page</a>.
+</p>
+<p>
+This page is part of the PCRE HTML documentation. It was generated automatically
+from the original man page. If there is any nonsense in it, please consult the
+man page, in case the conversion went wrong.
+<br>
+<ul>
+<li><a name="TOC1" href="#SEC1">PCRE REGULAR EXPRESSION SYNTAX SUMMARY</a>
+<li><a name="TOC2" href="#SEC2">QUOTING</a>
+<li><a name="TOC3" href="#SEC3">CHARACTERS</a>
+<li><a name="TOC4" href="#SEC4">CHARACTER TYPES</a>
+<li><a name="TOC5" href="#SEC5">GENERAL CATEGORY PROPERTIES FOR \p and \P</a>
+<li><a name="TOC6" href="#SEC6">PCRE SPECIAL CATEGORY PROPERTIES FOR \p and \P</a>
+<li><a name="TOC7" href="#SEC7">SCRIPT NAMES FOR \p AND \P</a>
+<li><a name="TOC8" href="#SEC8">CHARACTER CLASSES</a>
+<li><a name="TOC9" href="#SEC9">QUANTIFIERS</a>
+<li><a name="TOC10" href="#SEC10">ANCHORS AND SIMPLE ASSERTIONS</a>
+<li><a name="TOC11" href="#SEC11">MATCH POINT RESET</a>
+<li><a name="TOC12" href="#SEC12">ALTERNATION</a>
+<li><a name="TOC13" href="#SEC13">CAPTURING</a>
+<li><a name="TOC14" href="#SEC14">ATOMIC GROUPS</a>
+<li><a name="TOC15" href="#SEC15">COMMENT</a>
+<li><a name="TOC16" href="#SEC16">OPTION SETTING</a>
+<li><a name="TOC17" href="#SEC17">NEWLINE CONVENTION</a>
+<li><a name="TOC18" href="#SEC18">WHAT \R MATCHES</a>
+<li><a name="TOC19" href="#SEC19">LOOKAHEAD AND LOOKBEHIND ASSERTIONS</a>
+<li><a name="TOC20" href="#SEC20">BACKREFERENCES</a>
+<li><a name="TOC21" href="#SEC21">SUBROUTINE REFERENCES (POSSIBLY RECURSIVE)</a>
+<li><a name="TOC22" href="#SEC22">CONDITIONAL PATTERNS</a>
+<li><a name="TOC23" href="#SEC23">BACKTRACKING CONTROL</a>
+<li><a name="TOC24" href="#SEC24">CALLOUTS</a>
+<li><a name="TOC25" href="#SEC25">SEE ALSO</a>
+<li><a name="TOC26" href="#SEC26">AUTHOR</a>
+<li><a name="TOC27" href="#SEC27">REVISION</a>
+</ul>
+<br><a name="SEC1" href="#TOC1">PCRE REGULAR EXPRESSION SYNTAX SUMMARY</a><br>
+<P>
+The full syntax and semantics of the regular expressions that are supported by
+PCRE are described in the
+<a href="pcrepattern.html"><b>pcrepattern</b></a>
+documentation. This document contains a quick-reference summary of the syntax.
+</P>
+<br><a name="SEC2" href="#TOC1">QUOTING</a><br>
+<P>
+<pre>
+  \x         where x is non-alphanumeric is a literal x
+  \Q...\E    treat enclosed characters as literal
+</PRE>
+</P>
+<br><a name="SEC3" href="#TOC1">CHARACTERS</a><br>
+<P>
+<pre>
+  \a         alarm, that is, the BEL character (hex 07)
+  \cx        "control-x", where x is any ASCII character
+  \e         escape (hex 1B)
+  \f         form feed (hex 0C)
+  \n         newline (hex 0A)
+  \r         carriage return (hex 0D)
+  \t         tab (hex 09)
+  \0dd       character with octal code 0dd
+  \ddd       character with octal code ddd, or backreference
+  \o{ddd..}  character with octal code ddd..
+  \xhh       character with hex code hh
+  \x{hhh..}  character with hex code hhh..
+</pre>
+Note that \0dd is always an octal code, and that \8 and \9 are the literal
+characters "8" and "9".
+</P>
+<br><a name="SEC4" href="#TOC1">CHARACTER TYPES</a><br>
+<P>
+<pre>
+  .          any character except newline;
+               in dotall mode, any character whatsoever
+  \C         one data unit, even in UTF mode (best avoided)
+  \d         a decimal digit
+  \D         a character that is not a decimal digit
+  \h         a horizontal white space character
+  \H         a character that is not a horizontal white space character
+  \N         a character that is not a newline
+  \p{<i>xx</i>}     a character with the <i>xx</i> property
+  \P{<i>xx</i>}     a character without the <i>xx</i> property
+  \R         a newline sequence
+  \s         a white space character
+  \S         a character that is not a white space character
+  \v         a vertical white space character
+  \V         a character that is not a vertical white space character
+  \w         a "word" character
+  \W         a "non-word" character
+  \X         a Unicode extended grapheme cluster
+</pre>
+By default, \d, \s, and \w match only ASCII characters, even in UTF-8 mode
+or in the 16- bit and 32-bit libraries. However, if locale-specific matching is
+happening, \s and \w may also match characters with code points in the range
+128-255. If the PCRE_UCP option is set, the behaviour of these escape sequences
+is changed to use Unicode properties and they match many more characters.
+</P>
+<br><a name="SEC5" href="#TOC1">GENERAL CATEGORY PROPERTIES FOR \p and \P</a><br>
+<P>
+<pre>
+  C          Other
+  Cc         Control
+  Cf         Format
+  Cn         Unassigned
+  Co         Private use
+  Cs         Surrogate
+
+  L          Letter
+  Ll         Lower case letter
+  Lm         Modifier letter
+  Lo         Other letter
+  Lt         Title case letter
+  Lu         Upper case letter
+  L&         Ll, Lu, or Lt
+
+  M          Mark
+  Mc         Spacing mark
+  Me         Enclosing mark
+  Mn         Non-spacing mark
+
+  N          Number
+  Nd         Decimal number
+  Nl         Letter number
+  No         Other number
+
+  P          Punctuation
+  Pc         Connector punctuation
+  Pd         Dash punctuation
+  Pe         Close punctuation
+  Pf         Final punctuation
+  Pi         Initial punctuation
+  Po         Other punctuation
+  Ps         Open punctuation
+
+  S          Symbol
+  Sc         Currency symbol
+  Sk         Modifier symbol
+  Sm         Mathematical symbol
+  So         Other symbol
+
+  Z          Separator
+  Zl         Line separator
+  Zp         Paragraph separator
+  Zs         Space separator
+</PRE>
+</P>
+<br><a name="SEC6" href="#TOC1">PCRE SPECIAL CATEGORY PROPERTIES FOR \p and \P</a><br>
+<P>
+<pre>
+  Xan        Alphanumeric: union of properties L and N
+  Xps        POSIX space: property Z or tab, NL, VT, FF, CR
+  Xsp        Perl space: property Z or tab, NL, VT, FF, CR
+  Xuc        Univerally-named character: one that can be
+               represented by a Universal Character Name
+  Xwd        Perl word: property Xan or underscore
+</pre>
+Perl and POSIX space are now the same. Perl added VT to its space character set
+at release 5.18 and PCRE changed at release 8.34.
+</P>
+<br><a name="SEC7" href="#TOC1">SCRIPT NAMES FOR \p AND \P</a><br>
+<P>
+Arabic,
+Armenian,
+Avestan,
+Balinese,
+Bamum,
+Bassa_Vah,
+Batak,
+Bengali,
+Bopomofo,
+Brahmi,
+Braille,
+Buginese,
+Buhid,
+Canadian_Aboriginal,
+Carian,
+Caucasian_Albanian,
+Chakma,
+Cham,
+Cherokee,
+Common,
+Coptic,
+Cuneiform,
+Cypriot,
+Cyrillic,
+Deseret,
+Devanagari,
+Duployan,
+Egyptian_Hieroglyphs,
+Elbasan,
+Ethiopic,
+Georgian,
+Glagolitic,
+Gothic,
+Grantha,
+Greek,
+Gujarati,
+Gurmukhi,
+Han,
+Hangul,
+Hanunoo,
+Hebrew,
+Hiragana,
+Imperial_Aramaic,
+Inherited,
+Inscriptional_Pahlavi,
+Inscriptional_Parthian,
+Javanese,
+Kaithi,
+Kannada,
+Katakana,
+Kayah_Li,
+Kharoshthi,
+Khmer,
+Khojki,
+Khudawadi,
+Lao,
+Latin,
+Lepcha,
+Limbu,
+Linear_A,
+Linear_B,
+Lisu,
+Lycian,
+Lydian,
+Mahajani,
+Malayalam,
+Mandaic,
+Manichaean,
+Meetei_Mayek,
+Mende_Kikakui,
+Meroitic_Cursive,
+Meroitic_Hieroglyphs,
+Miao,
+Modi,
+Mongolian,
+Mro,
+Myanmar,
+Nabataean,
+New_Tai_Lue,
+Nko,
+Ogham,
+Ol_Chiki,
+Old_Italic,
+Old_North_Arabian,
+Old_Permic,
+Old_Persian,
+Old_South_Arabian,
+Old_Turkic,
+Oriya,
+Osmanya,
+Pahawh_Hmong,
+Palmyrene,
+Pau_Cin_Hau,
+Phags_Pa,
+Phoenician,
+Psalter_Pahlavi,
+Rejang,
+Runic,
+Samaritan,
+Saurashtra,
+Sharada,
+Shavian,
+Siddham,
+Sinhala,
+Sora_Sompeng,
+Sundanese,
+Syloti_Nagri,
+Syriac,
+Tagalog,
+Tagbanwa,
+Tai_Le,
+Tai_Tham,
+Tai_Viet,
+Takri,
+Tamil,
+Telugu,
+Thaana,
+Thai,
+Tibetan,
+Tifinagh,
+Tirhuta,
+Ugaritic,
+Vai,
+Warang_Citi,
+Yi.
+</P>
+<br><a name="SEC8" href="#TOC1">CHARACTER CLASSES</a><br>
+<P>
+<pre>
+  [...]       positive character class
+  [^...]      negative character class
+  [x-y]       range (can be used for hex characters)
+  [[:xxx:]]   positive POSIX named set
+  [[:^xxx:]]  negative POSIX named set
+
+  alnum       alphanumeric
+  alpha       alphabetic
+  ascii       0-127
+  blank       space or tab
+  cntrl       control character
+  digit       decimal digit
+  graph       printing, excluding space
+  lower       lower case letter
+  print       printing, including space
+  punct       printing, excluding alphanumeric
+  space       white space
+  upper       upper case letter
+  word        same as \w
+  xdigit      hexadecimal digit
+</pre>
+In PCRE, POSIX character set names recognize only ASCII characters by default,
+but some of them use Unicode properties if PCRE_UCP is set. You can use
+\Q...\E inside a character class.
+</P>
+<br><a name="SEC9" href="#TOC1">QUANTIFIERS</a><br>
+<P>
+<pre>
+  ?           0 or 1, greedy
+  ?+          0 or 1, possessive
+  ??          0 or 1, lazy
+  *           0 or more, greedy
+  *+          0 or more, possessive
+  *?          0 or more, lazy
+  +           1 or more, greedy
+  ++          1 or more, possessive
+  +?          1 or more, lazy
+  {n}         exactly n
+  {n,m}       at least n, no more than m, greedy
+  {n,m}+      at least n, no more than m, possessive
+  {n,m}?      at least n, no more than m, lazy
+  {n,}        n or more, greedy
+  {n,}+       n or more, possessive
+  {n,}?       n or more, lazy
+</PRE>
+</P>
+<br><a name="SEC10" href="#TOC1">ANCHORS AND SIMPLE ASSERTIONS</a><br>
+<P>
+<pre>
+  \b          word boundary
+  \B          not a word boundary
+  ^           start of subject
+               also after internal newline in multiline mode
+  \A          start of subject
+  $           end of subject
+               also before newline at end of subject
+               also before internal newline in multiline mode
+  \Z          end of subject
+               also before newline at end of subject
+  \z          end of subject
+  \G          first matching position in subject
+</PRE>
+</P>
+<br><a name="SEC11" href="#TOC1">MATCH POINT RESET</a><br>
+<P>
+<pre>
+  \K          reset start of match
+</pre>
+\K is honoured in positive assertions, but ignored in negative ones.
+</P>
+<br><a name="SEC12" href="#TOC1">ALTERNATION</a><br>
+<P>
+<pre>
+  expr|expr|expr...
+</PRE>
+</P>
+<br><a name="SEC13" href="#TOC1">CAPTURING</a><br>
+<P>
+<pre>
+  (...)           capturing group
+  (?&#60;name&#62;...)    named capturing group (Perl)
+  (?'name'...)    named capturing group (Perl)
+  (?P&#60;name&#62;...)   named capturing group (Python)
+  (?:...)         non-capturing group
+  (?|...)         non-capturing group; reset group numbers for
+                   capturing groups in each alternative
+</PRE>
+</P>
+<br><a name="SEC14" href="#TOC1">ATOMIC GROUPS</a><br>
+<P>
+<pre>
+  (?&#62;...)         atomic, non-capturing group
+</PRE>
+</P>
+<br><a name="SEC15" href="#TOC1">COMMENT</a><br>
+<P>
+<pre>
+  (?#....)        comment (not nestable)
+</PRE>
+</P>
+<br><a name="SEC16" href="#TOC1">OPTION SETTING</a><br>
+<P>
+<pre>
+  (?i)            caseless
+  (?J)            allow duplicate names
+  (?m)            multiline
+  (?s)            single line (dotall)
+  (?U)            default ungreedy (lazy)
+  (?x)            extended (ignore white space)
+  (?-...)         unset option(s)
+</pre>
+The following are recognized only at the very start of a pattern or after one
+of the newline or \R options with similar syntax. More than one of them may
+appear.
+<pre>
+  (*LIMIT_MATCH=d) set the match limit to d (decimal number)
+  (*LIMIT_RECURSION=d) set the recursion limit to d (decimal number)
+  (*NO_AUTO_POSSESS) no auto-possessification (PCRE_NO_AUTO_POSSESS)
+  (*NO_START_OPT) no start-match optimization (PCRE_NO_START_OPTIMIZE)
+  (*UTF8)         set UTF-8 mode: 8-bit library (PCRE_UTF8)
+  (*UTF16)        set UTF-16 mode: 16-bit library (PCRE_UTF16)
+  (*UTF32)        set UTF-32 mode: 32-bit library (PCRE_UTF32)
+  (*UTF)          set appropriate UTF mode for the library in use
+  (*UCP)          set PCRE_UCP (use Unicode properties for \d etc)
+</pre>
+Note that LIMIT_MATCH and LIMIT_RECURSION can only reduce the value of the
+limits set by the caller of pcre_exec(), not increase them.
+</P>
+<br><a name="SEC17" href="#TOC1">NEWLINE CONVENTION</a><br>
+<P>
+These are recognized only at the very start of the pattern or after option
+settings with a similar syntax.
+<pre>
+  (*CR)           carriage return only
+  (*LF)           linefeed only
+  (*CRLF)         carriage return followed by linefeed
+  (*ANYCRLF)      all three of the above
+  (*ANY)          any Unicode newline sequence
+</PRE>
+</P>
+<br><a name="SEC18" href="#TOC1">WHAT \R MATCHES</a><br>
+<P>
+These are recognized only at the very start of the pattern or after option
+setting with a similar syntax.
+<pre>
+  (*BSR_ANYCRLF)  CR, LF, or CRLF
+  (*BSR_UNICODE)  any Unicode newline sequence
+</PRE>
+</P>
+<br><a name="SEC19" href="#TOC1">LOOKAHEAD AND LOOKBEHIND ASSERTIONS</a><br>
+<P>
+<pre>
+  (?=...)         positive look ahead
+  (?!...)         negative look ahead
+  (?&#60;=...)        positive look behind
+  (?&#60;!...)        negative look behind
+</pre>
+Each top-level branch of a look behind must be of a fixed length.
+</P>
+<br><a name="SEC20" href="#TOC1">BACKREFERENCES</a><br>
+<P>
+<pre>
+  \n              reference by number (can be ambiguous)
+  \gn             reference by number
+  \g{n}           reference by number
+  \g{-n}          relative reference by number
+  \k&#60;name&#62;        reference by name (Perl)
+  \k'name'        reference by name (Perl)
+  \g{name}        reference by name (Perl)
+  \k{name}        reference by name (.NET)
+  (?P=name)       reference by name (Python)
+</PRE>
+</P>
+<br><a name="SEC21" href="#TOC1">SUBROUTINE REFERENCES (POSSIBLY RECURSIVE)</a><br>
+<P>
+<pre>
+  (?R)            recurse whole pattern
+  (?n)            call subpattern by absolute number
+  (?+n)           call subpattern by relative number
+  (?-n)           call subpattern by relative number
+  (?&name)        call subpattern by name (Perl)
+  (?P&#62;name)       call subpattern by name (Python)
+  \g&#60;name&#62;        call subpattern by name (Oniguruma)
+  \g'name'        call subpattern by name (Oniguruma)
+  \g&#60;n&#62;           call subpattern by absolute number (Oniguruma)
+  \g'n'           call subpattern by absolute number (Oniguruma)
+  \g&#60;+n&#62;          call subpattern by relative number (PCRE extension)
+  \g'+n'          call subpattern by relative number (PCRE extension)
+  \g&#60;-n&#62;          call subpattern by relative number (PCRE extension)
+  \g'-n'          call subpattern by relative number (PCRE extension)
+</PRE>
+</P>
+<br><a name="SEC22" href="#TOC1">CONDITIONAL PATTERNS</a><br>
+<P>
+<pre>
+  (?(condition)yes-pattern)
+  (?(condition)yes-pattern|no-pattern)
+
+  (?(n)...        absolute reference condition
+  (?(+n)...       relative reference condition
+  (?(-n)...       relative reference condition
+  (?(&#60;name&#62;)...   named reference condition (Perl)
+  (?('name')...   named reference condition (Perl)
+  (?(name)...     named reference condition (PCRE)
+  (?(R)...        overall recursion condition
+  (?(Rn)...       specific group recursion condition
+  (?(R&name)...   specific recursion condition
+  (?(DEFINE)...   define subpattern for reference
+  (?(assert)...   assertion condition
+</PRE>
+</P>
+<br><a name="SEC23" href="#TOC1">BACKTRACKING CONTROL</a><br>
+<P>
+The following act immediately they are reached:
+<pre>
+  (*ACCEPT)       force successful match
+  (*FAIL)         force backtrack; synonym (*F)
+  (*MARK:NAME)    set name to be passed back; synonym (*:NAME)
+</pre>
+The following act only when a subsequent match failure causes a backtrack to
+reach them. They all force a match failure, but they differ in what happens
+afterwards. Those that advance the start-of-match point do so only if the
+pattern is not anchored.
+<pre>
+  (*COMMIT)       overall failure, no advance of starting point
+  (*PRUNE)        advance to next starting character
+  (*PRUNE:NAME)   equivalent to (*MARK:NAME)(*PRUNE)
+  (*SKIP)         advance to current matching position
+  (*SKIP:NAME)    advance to position corresponding to an earlier
+                  (*MARK:NAME); if not found, the (*SKIP) is ignored
+  (*THEN)         local failure, backtrack to next alternation
+  (*THEN:NAME)    equivalent to (*MARK:NAME)(*THEN)
+</PRE>
+</P>
+<br><a name="SEC24" href="#TOC1">CALLOUTS</a><br>
+<P>
+<pre>
+  (?C)      callout
+  (?Cn)     callout with data n
+</PRE>
+</P>
+<br><a name="SEC25" href="#TOC1">SEE ALSO</a><br>
+<P>
+<b>pcrepattern</b>(3), <b>pcreapi</b>(3), <b>pcrecallout</b>(3),
+<b>pcrematching</b>(3), <b>pcre</b>(3).
+</P>
+<br><a name="SEC26" href="#TOC1">AUTHOR</a><br>
+<P>
+Philip Hazel
+<br>
+University Computing Service
+<br>
+Cambridge CB2 3QH, England.
+<br>
+</P>
+<br><a name="SEC27" href="#TOC1">REVISION</a><br>
+<P>
+Last updated: 08 January 2014
+<br>
+Copyright &copy; 1997-2014 University of Cambridge.
+<br>
+<p>
+Return to the <a href="index.html">PCRE index page</a>.
+</p>
diff --git a/client/3rd/ShadowSocks/ShadowSocks/pcre/arm64/share/doc/pcre/html/pcretest.html b/client/3rd/ShadowSocks/ShadowSocks/pcre/arm64/share/doc/pcre/html/pcretest.html
new file mode 100644
index 00000000..ba540d3c
--- /dev/null
+++ b/client/3rd/ShadowSocks/ShadowSocks/pcre/arm64/share/doc/pcre/html/pcretest.html
@@ -0,0 +1,1163 @@
+<html>
+<head>
+<title>pcretest specification</title>
+</head>
+<body bgcolor="#FFFFFF" text="#00005A" link="#0066FF" alink="#3399FF" vlink="#2222BB">
+<h1>pcretest man page</h1>
+<p>
+Return to the <a href="index.html">PCRE index page</a>.
+</p>
+<p>
+This page is part of the PCRE HTML documentation. It was generated automatically
+from the original man page. If there is any nonsense in it, please consult the
+man page, in case the conversion went wrong.
+<br>
+<ul>
+<li><a name="TOC1" href="#SEC1">SYNOPSIS</a>
+<li><a name="TOC2" href="#SEC2">INPUT DATA FORMAT</a>
+<li><a name="TOC3" href="#SEC3">PCRE's 8-BIT, 16-BIT AND 32-BIT LIBRARIES</a>
+<li><a name="TOC4" href="#SEC4">COMMAND LINE OPTIONS</a>
+<li><a name="TOC5" href="#SEC5">DESCRIPTION</a>
+<li><a name="TOC6" href="#SEC6">PATTERN MODIFIERS</a>
+<li><a name="TOC7" href="#SEC7">DATA LINES</a>
+<li><a name="TOC8" href="#SEC8">THE ALTERNATIVE MATCHING FUNCTION</a>
+<li><a name="TOC9" href="#SEC9">DEFAULT OUTPUT FROM PCRETEST</a>
+<li><a name="TOC10" href="#SEC10">OUTPUT FROM THE ALTERNATIVE MATCHING FUNCTION</a>
+<li><a name="TOC11" href="#SEC11">RESTARTING AFTER A PARTIAL MATCH</a>
+<li><a name="TOC12" href="#SEC12">CALLOUTS</a>
+<li><a name="TOC13" href="#SEC13">NON-PRINTING CHARACTERS</a>
+<li><a name="TOC14" href="#SEC14">SAVING AND RELOADING COMPILED PATTERNS</a>
+<li><a name="TOC15" href="#SEC15">SEE ALSO</a>
+<li><a name="TOC16" href="#SEC16">AUTHOR</a>
+<li><a name="TOC17" href="#SEC17">REVISION</a>
+</ul>
+<br><a name="SEC1" href="#TOC1">SYNOPSIS</a><br>
+<P>
+<b>pcretest [options] [input file [output file]]</b>
+<br>
+<br>
+<b>pcretest</b> was written as a test program for the PCRE regular expression
+library itself, but it can also be used for experimenting with regular
+expressions. This document describes the features of the test program; for
+details of the regular expressions themselves, see the
+<a href="pcrepattern.html"><b>pcrepattern</b></a>
+documentation. For details of the PCRE library function calls and their
+options, see the
+<a href="pcreapi.html"><b>pcreapi</b></a>
+,
+<a href="pcre16.html"><b>pcre16</b></a>
+and
+<a href="pcre32.html"><b>pcre32</b></a>
+documentation.
+</P>
+<P>
+The input for <b>pcretest</b> is a sequence of regular expression patterns and
+strings to be matched, as described below. The output shows the result of each
+match. Options on the command line and the patterns control PCRE options and
+exactly what is output.
+</P>
+<P>
+As PCRE has evolved, it has acquired many different features, and as a result,
+<b>pcretest</b> now has rather a lot of obscure options for testing every
+possible feature. Some of these options are specifically designed for use in
+conjunction with the test script and data files that are distributed as part of
+PCRE, and are unlikely to be of use otherwise. They are all documented here,
+but without much justification.
+</P>
+<br><a name="SEC2" href="#TOC1">INPUT DATA FORMAT</a><br>
+<P>
+Input to <b>pcretest</b> is processed line by line, either by calling the C
+library's <b>fgets()</b> function, or via the <b>libreadline</b> library (see
+below). In Unix-like environments, <b>fgets()</b> treats any bytes other than
+newline as data characters. However, in some Windows environments character 26
+(hex 1A) causes an immediate end of file, and no further data is read. For
+maximum portability, therefore, it is safest to use only ASCII characters in
+<b>pcretest</b> input files.
+</P>
+<P>
+The input is processed using using C's string functions, so must not
+contain binary zeroes, even though in Unix-like environments, <b>fgets()</b>
+treats any bytes other than newline as data characters.
+</P>
+<br><a name="SEC3" href="#TOC1">PCRE's 8-BIT, 16-BIT AND 32-BIT LIBRARIES</a><br>
+<P>
+From release 8.30, two separate PCRE libraries can be built. The original one
+supports 8-bit character strings, whereas the newer 16-bit library supports
+character strings encoded in 16-bit units. From release 8.32, a third library
+can be built, supporting character strings encoded in 32-bit units. The
+<b>pcretest</b> program can be used to test all three libraries. However, it is
+itself still an 8-bit program, reading 8-bit input and writing 8-bit output.
+When testing the 16-bit or 32-bit library, the patterns and data strings are
+converted to 16- or 32-bit format before being passed to the PCRE library
+functions. Results are converted to 8-bit for output.
+</P>
+<P>
+References to functions and structures of the form <b>pcre[16|32]_xx</b> below
+mean "<b>pcre_xx</b> when using the 8-bit library, <b>pcre16_xx</b> when using
+the 16-bit library, or <b>pcre32_xx</b> when using the 32-bit library".
+</P>
+<br><a name="SEC4" href="#TOC1">COMMAND LINE OPTIONS</a><br>
+<P>
+<b>-8</b>
+If both the 8-bit library has been built, this option causes the 8-bit library
+to be used (which is the default); if the 8-bit library has not been built,
+this option causes an error.
+</P>
+<P>
+<b>-16</b>
+If both the 8-bit or the 32-bit, and the 16-bit libraries have been built, this
+option causes the 16-bit library to be used. If only the 16-bit library has been
+built, this is the default (so has no effect). If only the 8-bit or the 32-bit
+library has been built, this option causes an error.
+</P>
+<P>
+<b>-32</b>
+If both the 8-bit or the 16-bit, and the 32-bit libraries have been built, this
+option causes the 32-bit library to be used. If only the 32-bit library has been
+built, this is the default (so has no effect). If only the 8-bit or the 16-bit
+library has been built, this option causes an error.
+</P>
+<P>
+<b>-b</b>
+Behave as if each pattern has the <b>/B</b> (show byte code) modifier; the
+internal form is output after compilation.
+</P>
+<P>
+<b>-C</b>
+Output the version number of the PCRE library, and all available information
+about the optional features that are included, and then exit with zero exit
+code. All other options are ignored.
+</P>
+<P>
+<b>-C</b> <i>option</i>
+Output information about a specific build-time option, then exit. This
+functionality is intended for use in scripts such as <b>RunTest</b>. The
+following options output the value and set the exit code as indicated:
+<pre>
+  ebcdic-nl  the code for LF (= NL) in an EBCDIC environment:
+               0x15 or 0x25
+               0 if used in an ASCII environment
+               exit code is always 0
+  linksize   the configured internal link size (2, 3, or 4)
+               exit code is set to the link size
+  newline    the default newline setting:
+               CR, LF, CRLF, ANYCRLF, or ANY
+               exit code is always 0
+  bsr        the default setting for what \R matches:
+               ANYCRLF or ANY
+               exit code is always 0
+</pre>
+The following options output 1 for true or 0 for false, and set the exit code
+to the same value:
+<pre>
+  ebcdic     compiled for an EBCDIC environment
+  jit        just-in-time support is available
+  pcre16     the 16-bit library was built
+  pcre32     the 32-bit library was built
+  pcre8      the 8-bit library was built
+  ucp        Unicode property support is available
+  utf        UTF-8 and/or UTF-16 and/or UTF-32 support
+               is available
+</pre>
+If an unknown option is given, an error message is output; the exit code is 0.
+</P>
+<P>
+<b>-d</b>
+Behave as if each pattern has the <b>/D</b> (debug) modifier; the internal
+form and information about the compiled pattern is output after compilation;
+<b>-d</b> is equivalent to <b>-b -i</b>.
+</P>
+<P>
+<b>-dfa</b>
+Behave as if each data line contains the \D escape sequence; this causes the
+alternative matching function, <b>pcre[16|32]_dfa_exec()</b>, to be used instead
+of the standard <b>pcre[16|32]_exec()</b> function (more detail is given below).
+</P>
+<P>
+<b>-help</b>
+Output a brief summary these options and then exit.
+</P>
+<P>
+<b>-i</b>
+Behave as if each pattern has the <b>/I</b> modifier; information about the
+compiled pattern is given after compilation.
+</P>
+<P>
+<b>-M</b>
+Behave as if each data line contains the \M escape sequence; this causes
+PCRE to discover the minimum MATCH_LIMIT and MATCH_LIMIT_RECURSION settings by
+calling <b>pcre[16|32]_exec()</b> repeatedly with different limits.
+</P>
+<P>
+<b>-m</b>
+Output the size of each compiled pattern after it has been compiled. This is
+equivalent to adding <b>/M</b> to each regular expression. The size is given in
+bytes for both libraries.
+</P>
+<P>
+<b>-O</b>
+Behave as if each pattern has the <b>/O</b> modifier, that is disable
+auto-possessification for all patterns.
+</P>
+<P>
+<b>-o</b> <i>osize</i>
+Set the number of elements in the output vector that is used when calling
+<b>pcre[16|32]_exec()</b> or <b>pcre[16|32]_dfa_exec()</b> to be <i>osize</i>. The
+default value is 45, which is enough for 14 capturing subexpressions for
+<b>pcre[16|32]_exec()</b> or 22 different matches for
+<b>pcre[16|32]_dfa_exec()</b>.
+The vector size can be changed for individual matching calls by including \O
+in the data line (see below).
+</P>
+<P>
+<b>-p</b>
+Behave as if each pattern has the <b>/P</b> modifier; the POSIX wrapper API is
+used to call PCRE. None of the other options has any effect when <b>-p</b> is
+set. This option can be used only with the 8-bit library.
+</P>
+<P>
+<b>-q</b>
+Do not output the version number of <b>pcretest</b> at the start of execution.
+</P>
+<P>
+<b>-S</b> <i>size</i>
+On Unix-like systems, set the size of the run-time stack to <i>size</i>
+megabytes.
+</P>
+<P>
+<b>-s</b> or <b>-s+</b>
+Behave as if each pattern has the <b>/S</b> modifier; in other words, force each
+pattern to be studied. If <b>-s+</b> is used, all the JIT compile options are
+passed to <b>pcre[16|32]_study()</b>, causing just-in-time optimization to be set
+up if it is available, for both full and partial matching. Specific JIT compile
+options can be selected by following <b>-s+</b> with a digit in the range 1 to
+7, which selects the JIT compile modes as follows:
+<pre>
+  1  normal match only
+  2  soft partial match only
+  3  normal match and soft partial match
+  4  hard partial match only
+  6  soft and hard partial match
+  7  all three modes (default)
+</pre>
+If <b>-s++</b> is used instead of <b>-s+</b> (with or without a following digit),
+the text "(JIT)" is added to the first output line after a match or no match
+when JIT-compiled code was actually used.
+<br>
+<br>
+Note that there are pattern options that can override <b>-s</b>, either
+specifying no studying at all, or suppressing JIT compilation.
+<br>
+<br>
+If the <b>/I</b> or <b>/D</b> option is present on a pattern (requesting output
+about the compiled pattern), information about the result of studying is not
+included when studying is caused only by <b>-s</b> and neither <b>-i</b> nor
+<b>-d</b> is present on the command line. This behaviour means that the output
+from tests that are run with and without <b>-s</b> should be identical, except
+when options that output information about the actual running of a match are
+set.
+<br>
+<br>
+The <b>-M</b>, <b>-t</b>, and <b>-tm</b> options, which give information about
+resources used, are likely to produce different output with and without
+<b>-s</b>. Output may also differ if the <b>/C</b> option is present on an
+individual pattern. This uses callouts to trace the the matching process, and
+this may be different between studied and non-studied patterns. If the pattern
+contains (*MARK) items there may also be differences, for the same reason. The
+<b>-s</b> command line option can be overridden for specific patterns that
+should never be studied (see the <b>/S</b> pattern modifier below).
+</P>
+<P>
+<b>-t</b>
+Run each compile, study, and match many times with a timer, and output the
+resulting times per compile, study, or match (in milliseconds). Do not set
+<b>-m</b> with <b>-t</b>, because you will then get the size output a zillion
+times, and the timing will be distorted. You can control the number of
+iterations that are used for timing by following <b>-t</b> with a number (as a
+separate item on the command line). For example, "-t 1000" iterates 1000 times.
+The default is to iterate 500000 times.
+</P>
+<P>
+<b>-tm</b>
+This is like <b>-t</b> except that it times only the matching phase, not the
+compile or study phases.
+</P>
+<P>
+<b>-T</b> <b>-TM</b>
+These behave like <b>-t</b> and <b>-tm</b>, but in addition, at the end of a run,
+the total times for all compiles, studies, and matches are output.
+</P>
+<br><a name="SEC5" href="#TOC1">DESCRIPTION</a><br>
+<P>
+If <b>pcretest</b> is given two filename arguments, it reads from the first and
+writes to the second. If it is given only one filename argument, it reads from
+that file and writes to stdout. Otherwise, it reads from stdin and writes to
+stdout, and prompts for each line of input, using "re&#62;" to prompt for regular
+expressions, and "data&#62;" to prompt for data lines.
+</P>
+<P>
+When <b>pcretest</b> is built, a configuration option can specify that it should
+be linked with the <b>libreadline</b> library. When this is done, if the input
+is from a terminal, it is read using the <b>readline()</b> function. This
+provides line-editing and history facilities. The output from the <b>-help</b>
+option states whether or not <b>readline()</b> will be used.
+</P>
+<P>
+The program handles any number of sets of input on a single input file. Each
+set starts with a regular expression, and continues with any number of data
+lines to be matched against that pattern.
+</P>
+<P>
+Each data line is matched separately and independently. If you want to do
+multi-line matches, you have to use the \n escape sequence (or \r or \r\n,
+etc., depending on the newline setting) in a single line of input to encode the
+newline sequences. There is no limit on the length of data lines; the input
+buffer is automatically extended if it is too small.
+</P>
+<P>
+An empty line signals the end of the data lines, at which point a new regular
+expression is read. The regular expressions are given enclosed in any
+non-alphanumeric delimiters other than backslash, for example:
+<pre>
+  /(a|bc)x+yz/
+</pre>
+White space before the initial delimiter is ignored. A regular expression may
+be continued over several input lines, in which case the newline characters are
+included within it. It is possible to include the delimiter within the pattern
+by escaping it, for example
+<pre>
+  /abc\/def/
+</pre>
+If you do so, the escape and the delimiter form part of the pattern, but since
+delimiters are always non-alphanumeric, this does not affect its interpretation.
+If the terminating delimiter is immediately followed by a backslash, for
+example,
+<pre>
+  /abc/\
+</pre>
+then a backslash is added to the end of the pattern. This is done to provide a
+way of testing the error condition that arises if a pattern finishes with a
+backslash, because
+<pre>
+  /abc\/
+</pre>
+is interpreted as the first line of a pattern that starts with "abc/", causing
+pcretest to read the next line as a continuation of the regular expression.
+</P>
+<br><a name="SEC6" href="#TOC1">PATTERN MODIFIERS</a><br>
+<P>
+A pattern may be followed by any number of modifiers, which are mostly single
+characters, though some of these can be qualified by further characters.
+Following Perl usage, these are referred to below as, for example, "the
+<b>/i</b> modifier", even though the delimiter of the pattern need not always be
+a slash, and no slash is used when writing modifiers. White space may appear
+between the final pattern delimiter and the first modifier, and between the
+modifiers themselves. For reference, here is a complete list of modifiers. They
+fall into several groups that are described in detail in the following
+sections.
+<pre>
+  <b>/8</b>              set UTF mode
+  <b>/9</b>              set PCRE_NEVER_UTF (locks out UTF mode)
+  <b>/?</b>              disable UTF validity check
+  <b>/+</b>              show remainder of subject after match
+  <b>/=</b>              show all captures (not just those that are set)
+
+  <b>/A</b>              set PCRE_ANCHORED
+  <b>/B</b>              show compiled code
+  <b>/C</b>              set PCRE_AUTO_CALLOUT
+  <b>/D</b>              same as <b>/B</b> plus <b>/I</b>
+  <b>/E</b>              set PCRE_DOLLAR_ENDONLY
+  <b>/F</b>              flip byte order in compiled pattern
+  <b>/f</b>              set PCRE_FIRSTLINE
+  <b>/G</b>              find all matches (shorten string)
+  <b>/g</b>              find all matches (use startoffset)
+  <b>/I</b>              show information about pattern
+  <b>/i</b>              set PCRE_CASELESS
+  <b>/J</b>              set PCRE_DUPNAMES
+  <b>/K</b>              show backtracking control names
+  <b>/L</b>              set locale
+  <b>/M</b>              show compiled memory size
+  <b>/m</b>              set PCRE_MULTILINE
+  <b>/N</b>              set PCRE_NO_AUTO_CAPTURE
+  <b>/O</b>              set PCRE_NO_AUTO_POSSESS
+  <b>/P</b>              use the POSIX wrapper
+  <b>/Q</b>              test external stack check function
+  <b>/S</b>              study the pattern after compilation
+  <b>/s</b>              set PCRE_DOTALL
+  <b>/T</b>              select character tables
+  <b>/U</b>              set PCRE_UNGREEDY
+  <b>/W</b>              set PCRE_UCP
+  <b>/X</b>              set PCRE_EXTRA
+  <b>/x</b>              set PCRE_EXTENDED
+  <b>/Y</b>              set PCRE_NO_START_OPTIMIZE
+  <b>/Z</b>              don't show lengths in <b>/B</b> output
+
+  <b>/&#60;any&#62;</b>          set PCRE_NEWLINE_ANY
+  <b>/&#60;anycrlf&#62;</b>      set PCRE_NEWLINE_ANYCRLF
+  <b>/&#60;cr&#62;</b>           set PCRE_NEWLINE_CR
+  <b>/&#60;crlf&#62;</b>         set PCRE_NEWLINE_CRLF
+  <b>/&#60;lf&#62;</b>           set PCRE_NEWLINE_LF
+  <b>/&#60;bsr_anycrlf&#62;</b>  set PCRE_BSR_ANYCRLF
+  <b>/&#60;bsr_unicode&#62;</b>  set PCRE_BSR_UNICODE
+  <b>/&#60;JS&#62;</b>           set PCRE_JAVASCRIPT_COMPAT
+
+</PRE>
+</P>
+<br><b>
+Perl-compatible modifiers
+</b><br>
+<P>
+The <b>/i</b>, <b>/m</b>, <b>/s</b>, and <b>/x</b> modifiers set the PCRE_CASELESS,
+PCRE_MULTILINE, PCRE_DOTALL, or PCRE_EXTENDED options, respectively, when
+<b>pcre[16|32]_compile()</b> is called. These four modifier letters have the same
+effect as they do in Perl. For example:
+<pre>
+  /caseless/i
+
+</PRE>
+</P>
+<br><b>
+Modifiers for other PCRE options
+</b><br>
+<P>
+The following table shows additional modifiers for setting PCRE compile-time
+options that do not correspond to anything in Perl:
+<pre>
+  <b>/8</b>              PCRE_UTF8           ) when using the 8-bit
+  <b>/?</b>              PCRE_NO_UTF8_CHECK  )   library
+
+  <b>/8</b>              PCRE_UTF16          ) when using the 16-bit
+  <b>/?</b>              PCRE_NO_UTF16_CHECK )   library
+
+  <b>/8</b>              PCRE_UTF32          ) when using the 32-bit
+  <b>/?</b>              PCRE_NO_UTF32_CHECK )   library
+
+  <b>/9</b>              PCRE_NEVER_UTF
+  <b>/A</b>              PCRE_ANCHORED
+  <b>/C</b>              PCRE_AUTO_CALLOUT
+  <b>/E</b>              PCRE_DOLLAR_ENDONLY
+  <b>/f</b>              PCRE_FIRSTLINE
+  <b>/J</b>              PCRE_DUPNAMES
+  <b>/N</b>              PCRE_NO_AUTO_CAPTURE
+  <b>/O</b>              PCRE_NO_AUTO_POSSESS
+  <b>/U</b>              PCRE_UNGREEDY
+  <b>/W</b>              PCRE_UCP
+  <b>/X</b>              PCRE_EXTRA
+  <b>/Y</b>              PCRE_NO_START_OPTIMIZE
+  <b>/&#60;any&#62;</b>          PCRE_NEWLINE_ANY
+  <b>/&#60;anycrlf&#62;</b>      PCRE_NEWLINE_ANYCRLF
+  <b>/&#60;cr&#62;</b>           PCRE_NEWLINE_CR
+  <b>/&#60;crlf&#62;</b>         PCRE_NEWLINE_CRLF
+  <b>/&#60;lf&#62;</b>           PCRE_NEWLINE_LF
+  <b>/&#60;bsr_anycrlf&#62;</b>  PCRE_BSR_ANYCRLF
+  <b>/&#60;bsr_unicode&#62;</b>  PCRE_BSR_UNICODE
+  <b>/&#60;JS&#62;</b>           PCRE_JAVASCRIPT_COMPAT
+</pre>
+The modifiers that are enclosed in angle brackets are literal strings as shown,
+including the angle brackets, but the letters within can be in either case.
+This example sets multiline matching with CRLF as the line ending sequence:
+<pre>
+  /^abc/m&#60;CRLF&#62;
+</pre>
+As well as turning on the PCRE_UTF8/16/32 option, the <b>/8</b> modifier causes
+all non-printing characters in output strings to be printed using the
+\x{hh...} notation. Otherwise, those less than 0x100 are output in hex without
+the curly brackets.
+</P>
+<P>
+Full details of the PCRE options are given in the
+<a href="pcreapi.html"><b>pcreapi</b></a>
+documentation.
+</P>
+<br><b>
+Finding all matches in a string
+</b><br>
+<P>
+Searching for all possible matches within each subject string can be requested
+by the <b>/g</b> or <b>/G</b> modifier. After finding a match, PCRE is called
+again to search the remainder of the subject string. The difference between
+<b>/g</b> and <b>/G</b> is that the former uses the <i>startoffset</i> argument to
+<b>pcre[16|32]_exec()</b> to start searching at a new point within the entire
+string (which is in effect what Perl does), whereas the latter passes over a
+shortened substring. This makes a difference to the matching process if the
+pattern begins with a lookbehind assertion (including \b or \B).
+</P>
+<P>
+If any call to <b>pcre[16|32]_exec()</b> in a <b>/g</b> or <b>/G</b> sequence matches
+an empty string, the next call is done with the PCRE_NOTEMPTY_ATSTART and
+PCRE_ANCHORED flags set in order to search for another, non-empty, match at the
+same point. If this second match fails, the start offset is advanced, and the
+normal match is retried. This imitates the way Perl handles such cases when
+using the <b>/g</b> modifier or the <b>split()</b> function. Normally, the start
+offset is advanced by one character, but if the newline convention recognizes
+CRLF as a newline, and the current character is CR followed by LF, an advance
+of two is used.
+</P>
+<br><b>
+Other modifiers
+</b><br>
+<P>
+There are yet more modifiers for controlling the way <b>pcretest</b>
+operates.
+</P>
+<P>
+The <b>/+</b> modifier requests that as well as outputting the substring that
+matched the entire pattern, <b>pcretest</b> should in addition output the
+remainder of the subject string. This is useful for tests where the subject
+contains multiple copies of the same substring. If the <b>+</b> modifier appears
+twice, the same action is taken for captured substrings. In each case the
+remainder is output on the following line with a plus character following the
+capture number. Note that this modifier must not immediately follow the /S
+modifier because /S+ and /S++ have other meanings.
+</P>
+<P>
+The <b>/=</b> modifier requests that the values of all potential captured
+parentheses be output after a match. By default, only those up to the highest
+one actually used in the match are output (corresponding to the return code
+from <b>pcre[16|32]_exec()</b>). Values in the offsets vector corresponding to
+higher numbers should be set to -1, and these are output as "&#60;unset&#62;". This
+modifier gives a way of checking that this is happening.
+</P>
+<P>
+The <b>/B</b> modifier is a debugging feature. It requests that <b>pcretest</b>
+output a representation of the compiled code after compilation. Normally this
+information contains length and offset values; however, if <b>/Z</b> is also
+present, this data is replaced by spaces. This is a special feature for use in
+the automatic test scripts; it ensures that the same output is generated for
+different internal link sizes.
+</P>
+<P>
+The <b>/D</b> modifier is a PCRE debugging feature, and is equivalent to
+<b>/BI</b>, that is, both the <b>/B</b> and the <b>/I</b> modifiers.
+</P>
+<P>
+The <b>/F</b> modifier causes <b>pcretest</b> to flip the byte order of the
+2-byte and 4-byte fields in the compiled pattern. This facility is for testing
+the feature in PCRE that allows it to execute patterns that were compiled on a
+host with a different endianness. This feature is not available when the POSIX
+interface to PCRE is being used, that is, when the <b>/P</b> pattern modifier is
+specified. See also the section about saving and reloading compiled patterns
+below.
+</P>
+<P>
+The <b>/I</b> modifier requests that <b>pcretest</b> output information about the
+compiled pattern (whether it is anchored, has a fixed first character, and
+so on). It does this by calling <b>pcre[16|32]_fullinfo()</b> after compiling a
+pattern. If the pattern is studied, the results of that are also output. In
+this output, the word "char" means a non-UTF character, that is, the value of a
+single data item (8-bit, 16-bit, or 32-bit, depending on the library that is
+being tested).
+</P>
+<P>
+The <b>/K</b> modifier requests <b>pcretest</b> to show names from backtracking
+control verbs that are returned from calls to <b>pcre[16|32]_exec()</b>. It causes
+<b>pcretest</b> to create a <b>pcre[16|32]_extra</b> block if one has not already
+been created by a call to <b>pcre[16|32]_study()</b>, and to set the
+PCRE_EXTRA_MARK flag and the <b>mark</b> field within it, every time that
+<b>pcre[16|32]_exec()</b> is called. If the variable that the <b>mark</b> field
+points to is non-NULL for a match, non-match, or partial match, <b>pcretest</b>
+prints the string to which it points. For a match, this is shown on a line by
+itself, tagged with "MK:". For a non-match it is added to the message.
+</P>
+<P>
+The <b>/L</b> modifier must be followed directly by the name of a locale, for
+example,
+<pre>
+  /pattern/Lfr_FR
+</pre>
+For this reason, it must be the last modifier. The given locale is set,
+<b>pcre[16|32]_maketables()</b> is called to build a set of character tables for
+the locale, and this is then passed to <b>pcre[16|32]_compile()</b> when compiling
+the regular expression. Without an <b>/L</b> (or <b>/T</b>) modifier, NULL is
+passed as the tables pointer; that is, <b>/L</b> applies only to the expression
+on which it appears.
+</P>
+<P>
+The <b>/M</b> modifier causes the size in bytes of the memory block used to hold
+the compiled pattern to be output. This does not include the size of the
+<b>pcre[16|32]</b> block; it is just the actual compiled data. If the pattern is
+successfully studied with the PCRE_STUDY_JIT_COMPILE option, the size of the
+JIT compiled code is also output.
+</P>
+<P>
+The <b>/Q</b> modifier is used to test the use of <b>pcre_stack_guard</b>. It
+must be followed by '0' or '1', specifying the return code to be given from an
+external function that is passed to PCRE and used for stack checking during
+compilation (see the
+<a href="pcreapi.html"><b>pcreapi</b></a>
+documentation for details).
+</P>
+<P>
+The <b>/S</b> modifier causes <b>pcre[16|32]_study()</b> to be called after the
+expression has been compiled, and the results used when the expression is
+matched. There are a number of qualifying characters that may follow <b>/S</b>.
+They may appear in any order.
+</P>
+<P>
+If <b>/S</b> is followed by an exclamation mark, <b>pcre[16|32]_study()</b> is
+called with the PCRE_STUDY_EXTRA_NEEDED option, causing it always to return a
+<b>pcre_extra</b> block, even when studying discovers no useful information.
+</P>
+<P>
+If <b>/S</b> is followed by a second S character, it suppresses studying, even
+if it was requested externally by the <b>-s</b> command line option. This makes
+it possible to specify that certain patterns are always studied, and others are
+never studied, independently of <b>-s</b>. This feature is used in the test
+files in a few cases where the output is different when the pattern is studied.
+</P>
+<P>
+If the <b>/S</b> modifier is followed by a + character, the call to
+<b>pcre[16|32]_study()</b> is made with all the JIT study options, requesting
+just-in-time optimization support if it is available, for both normal and
+partial matching. If you want to restrict the JIT compiling modes, you can
+follow <b>/S+</b> with a digit in the range 1 to 7:
+<pre>
+  1  normal match only
+  2  soft partial match only
+  3  normal match and soft partial match
+  4  hard partial match only
+  6  soft and hard partial match
+  7  all three modes (default)
+</pre>
+If <b>/S++</b> is used instead of <b>/S+</b> (with or without a following digit),
+the text "(JIT)" is added to the first output line after a match or no match
+when JIT-compiled code was actually used.
+</P>
+<P>
+Note that there is also an independent <b>/+</b> modifier; it must not be given
+immediately after <b>/S</b> or <b>/S+</b> because this will be misinterpreted.
+</P>
+<P>
+If JIT studying is successful, the compiled JIT code will automatically be used
+when <b>pcre[16|32]_exec()</b> is run, except when incompatible run-time options
+are specified. For more details, see the
+<a href="pcrejit.html"><b>pcrejit</b></a>
+documentation. See also the <b>\J</b> escape sequence below for a way of
+setting the size of the JIT stack.
+</P>
+<P>
+Finally, if <b>/S</b> is followed by a minus character, JIT compilation is
+suppressed, even if it was requested externally by the <b>-s</b> command line
+option. This makes it possible to specify that JIT is never to be used for
+certain patterns.
+</P>
+<P>
+The <b>/T</b> modifier must be followed by a single digit. It causes a specific
+set of built-in character tables to be passed to <b>pcre[16|32]_compile()</b>. It
+is used in the standard PCRE tests to check behaviour with different character
+tables. The digit specifies the tables as follows:
+<pre>
+  0   the default ASCII tables, as distributed in
+        pcre_chartables.c.dist
+  1   a set of tables defining ISO 8859 characters
+</pre>
+In table 1, some characters whose codes are greater than 128 are identified as
+letters, digits, spaces, etc.
+</P>
+<br><b>
+Using the POSIX wrapper API
+</b><br>
+<P>
+The <b>/P</b> modifier causes <b>pcretest</b> to call PCRE via the POSIX wrapper
+API rather than its native API. This supports only the 8-bit library. When
+<b>/P</b> is set, the following modifiers set options for the <b>regcomp()</b>
+function:
+<pre>
+  /i    REG_ICASE
+  /m    REG_NEWLINE
+  /N    REG_NOSUB
+  /s    REG_DOTALL     )
+  /U    REG_UNGREEDY   ) These options are not part of
+  /W    REG_UCP        )   the POSIX standard
+  /8    REG_UTF8       )
+</pre>
+The <b>/+</b> modifier works as described above. All other modifiers are
+ignored.
+</P>
+<br><b>
+Locking out certain modifiers
+</b><br>
+<P>
+PCRE can be compiled with or without support for certain features such as
+UTF-8/16/32 or Unicode properties. Accordingly, the standard tests are split up
+into a number of different files that are selected for running depending on
+which features are available. When updating the tests, it is all too easy to
+put a new test into the wrong file by mistake; for example, to put a test that
+requires UTF support into a file that is used when it is not available. To help
+detect such mistakes as early as possible, there is a facility for locking out
+specific modifiers. If an input line for <b>pcretest</b> starts with the string
+"&#60; forbid " the following sequence of characters is taken as a list of
+forbidden modifiers. For example, in the test files that must not use UTF or
+Unicode property support, this line appears:
+<pre>
+  &#60; forbid 8W
+</pre>
+This locks out the /8 and /W modifiers. An immediate error is given if they are
+subsequently encountered. If the character string contains &#60; but not &#62;, all the
+multi-character modifiers that begin with &#60; are locked out. Otherwise, such
+modifiers must be explicitly listed, for example:
+<pre>
+  &#60; forbid &#60;JS&#62;&#60;cr&#62;
+</pre>
+There must be a single space between &#60; and "forbid" for this feature to be
+recognised. If there is not, the line is interpreted either as a request to
+re-load a pre-compiled pattern (see "SAVING AND RELOADING COMPILED PATTERNS"
+below) or, if there is a another &#60; character, as a pattern that uses &#60; as its
+delimiter.
+</P>
+<br><a name="SEC7" href="#TOC1">DATA LINES</a><br>
+<P>
+Before each data line is passed to <b>pcre[16|32]_exec()</b>, leading and trailing
+white space is removed, and it is then scanned for \ escapes. Some of these
+are pretty esoteric features, intended for checking out some of the more
+complicated features of PCRE. If you are just testing "ordinary" regular
+expressions, you probably don't need any of these. The following escapes are
+recognized:
+<pre>
+  \a         alarm (BEL, \x07)
+  \b         backspace (\x08)
+  \e         escape (\x27)
+  \f         form feed (\x0c)
+  \n         newline (\x0a)
+  \qdd       set the PCRE_MATCH_LIMIT limit to dd (any number of digits)
+  \r         carriage return (\x0d)
+  \t         tab (\x09)
+  \v         vertical tab (\x0b)
+  \nnn       octal character (up to 3 octal digits); always
+               a byte unless &#62; 255 in UTF-8 or 16-bit or 32-bit mode
+  \o{dd...}  octal character (any number of octal digits}
+  \xhh       hexadecimal byte (up to 2 hex digits)
+  \x{hh...}  hexadecimal character (any number of hex digits)
+  \A         pass the PCRE_ANCHORED option to <b>pcre[16|32]_exec()</b> or <b>pcre[16|32]_dfa_exec()</b>
+  \B         pass the PCRE_NOTBOL option to <b>pcre[16|32]_exec()</b> or <b>pcre[16|32]_dfa_exec()</b>
+  \Cdd       call pcre[16|32]_copy_substring() for substring dd after a successful match (number less than 32)
+  \Cname     call pcre[16|32]_copy_named_substring() for substring "name" after a successful match (name termin-
+               ated by next non alphanumeric character)
+  \C+        show the current captured substrings at callout time
+  \C-        do not supply a callout function
+  \C!n       return 1 instead of 0 when callout number n is reached
+  \C!n!m     return 1 instead of 0 when callout number n is reached for the nth time
+  \C*n       pass the number n (may be negative) as callout data; this is used as the callout return value
+  \D         use the <b>pcre[16|32]_dfa_exec()</b> match function
+  \F         only shortest match for <b>pcre[16|32]_dfa_exec()</b>
+  \Gdd       call pcre[16|32]_get_substring() for substring dd after a successful match (number less than 32)
+  \Gname     call pcre[16|32]_get_named_substring() for substring "name" after a successful match (name termin-
+               ated by next non-alphanumeric character)
+  \Jdd       set up a JIT stack of dd kilobytes maximum (any number of digits)
+  \L         call pcre[16|32]_get_substringlist() after a successful match
+  \M         discover the minimum MATCH_LIMIT and MATCH_LIMIT_RECURSION settings
+  \N         pass the PCRE_NOTEMPTY option to <b>pcre[16|32]_exec()</b> or <b>pcre[16|32]_dfa_exec()</b>; if used twice, pass the
+               PCRE_NOTEMPTY_ATSTART option
+  \Odd       set the size of the output vector passed to <b>pcre[16|32]_exec()</b> to dd (any number of digits)
+  \P         pass the PCRE_PARTIAL_SOFT option to <b>pcre[16|32]_exec()</b> or <b>pcre[16|32]_dfa_exec()</b>; if used twice, pass the
+               PCRE_PARTIAL_HARD option
+  \Qdd       set the PCRE_MATCH_LIMIT_RECURSION limit to dd (any number of digits)
+  \R         pass the PCRE_DFA_RESTART option to <b>pcre[16|32]_dfa_exec()</b>
+  \S         output details of memory get/free calls during matching
+  \Y         pass the PCRE_NO_START_OPTIMIZE option to <b>pcre[16|32]_exec()</b> or <b>pcre[16|32]_dfa_exec()</b>
+  \Z         pass the PCRE_NOTEOL option to <b>pcre[16|32]_exec()</b> or <b>pcre[16|32]_dfa_exec()</b>
+  \?         pass the PCRE_NO_UTF[8|16|32]_CHECK option to <b>pcre[16|32]_exec()</b> or <b>pcre[16|32]_dfa_exec()</b>
+  \&#62;dd       start the match at offset dd (optional "-"; then any number of digits); this sets the <i>startoffset</i>
+               argument for <b>pcre[16|32]_exec()</b> or <b>pcre[16|32]_dfa_exec()</b>
+  \&#60;cr&#62;      pass the PCRE_NEWLINE_CR option to <b>pcre[16|32]_exec()</b> or <b>pcre[16|32]_dfa_exec()</b>
+  \&#60;lf&#62;      pass the PCRE_NEWLINE_LF option to <b>pcre[16|32]_exec()</b> or <b>pcre[16|32]_dfa_exec()</b>
+  \&#60;crlf&#62;    pass the PCRE_NEWLINE_CRLF option to <b>pcre[16|32]_exec()</b> or <b>pcre[16|32]_dfa_exec()</b>
+  \&#60;anycrlf&#62; pass the PCRE_NEWLINE_ANYCRLF option to <b>pcre[16|32]_exec()</b> or <b>pcre[16|32]_dfa_exec()</b>
+  \&#60;any&#62;     pass the PCRE_NEWLINE_ANY option to <b>pcre[16|32]_exec()</b> or <b>pcre[16|32]_dfa_exec()</b>
+</pre>
+The use of \x{hh...} is not dependent on the use of the <b>/8</b> modifier on
+the pattern. It is recognized always. There may be any number of hexadecimal
+digits inside the braces; invalid values provoke error messages.
+</P>
+<P>
+Note that \xhh specifies one byte rather than one character in UTF-8 mode;
+this makes it possible to construct invalid UTF-8 sequences for testing
+purposes. On the other hand, \x{hh} is interpreted as a UTF-8 character in
+UTF-8 mode, generating more than one byte if the value is greater than 127.
+When testing the 8-bit library not in UTF-8 mode, \x{hh} generates one byte
+for values less than 256, and causes an error for greater values.
+</P>
+<P>
+In UTF-16 mode, all 4-digit \x{hhhh} values are accepted. This makes it
+possible to construct invalid UTF-16 sequences for testing purposes.
+</P>
+<P>
+In UTF-32 mode, all 4- to 8-digit \x{...} values are accepted. This makes it
+possible to construct invalid UTF-32 sequences for testing purposes.
+</P>
+<P>
+The escapes that specify line ending sequences are literal strings, exactly as
+shown. No more than one newline setting should be present in any data line.
+</P>
+<P>
+A backslash followed by anything else just escapes the anything else. If
+the very last character is a backslash, it is ignored. This gives a way of
+passing an empty line as data, since a real empty line terminates the data
+input.
+</P>
+<P>
+The <b>\J</b> escape provides a way of setting the maximum stack size that is
+used by the just-in-time optimization code. It is ignored if JIT optimization
+is not being used. Providing a stack that is larger than the default 32K is
+necessary only for very complicated patterns.
+</P>
+<P>
+If \M is present, <b>pcretest</b> calls <b>pcre[16|32]_exec()</b> several times,
+with different values in the <i>match_limit</i> and <i>match_limit_recursion</i>
+fields of the <b>pcre[16|32]_extra</b> data structure, until it finds the minimum
+numbers for each parameter that allow <b>pcre[16|32]_exec()</b> to complete without
+error. Because this is testing a specific feature of the normal interpretive
+<b>pcre[16|32]_exec()</b> execution, the use of any JIT optimization that might
+have been set up by the <b>/S+</b> qualifier of <b>-s+</b> option is disabled.
+</P>
+<P>
+The <i>match_limit</i> number is a measure of the amount of backtracking
+that takes place, and checking it out can be instructive. For most simple
+matches, the number is quite small, but for patterns with very large numbers of
+matching possibilities, it can become large very quickly with increasing length
+of subject string. The <i>match_limit_recursion</i> number is a measure of how
+much stack (or, if PCRE is compiled with NO_RECURSE, how much heap) memory is
+needed to complete the match attempt.
+</P>
+<P>
+When \O is used, the value specified may be higher or lower than the size set
+by the <b>-O</b> command line option (or defaulted to 45); \O applies only to
+the call of <b>pcre[16|32]_exec()</b> for the line in which it appears.
+</P>
+<P>
+If the <b>/P</b> modifier was present on the pattern, causing the POSIX wrapper
+API to be used, the only option-setting sequences that have any effect are \B,
+\N, and \Z, causing REG_NOTBOL, REG_NOTEMPTY, and REG_NOTEOL, respectively,
+to be passed to <b>regexec()</b>.
+</P>
+<br><a name="SEC8" href="#TOC1">THE ALTERNATIVE MATCHING FUNCTION</a><br>
+<P>
+By default, <b>pcretest</b> uses the standard PCRE matching function,
+<b>pcre[16|32]_exec()</b> to match each data line. PCRE also supports an
+alternative matching function, <b>pcre[16|32]_dfa_test()</b>, which operates in a
+different way, and has some restrictions. The differences between the two
+functions are described in the
+<a href="pcrematching.html"><b>pcrematching</b></a>
+documentation.
+</P>
+<P>
+If a data line contains the \D escape sequence, or if the command line
+contains the <b>-dfa</b> option, the alternative matching function is used.
+This function finds all possible matches at a given point. If, however, the \F
+escape sequence is present in the data line, it stops after the first match is
+found. This is always the shortest possible match.
+</P>
+<br><a name="SEC9" href="#TOC1">DEFAULT OUTPUT FROM PCRETEST</a><br>
+<P>
+This section describes the output when the normal matching function,
+<b>pcre[16|32]_exec()</b>, is being used.
+</P>
+<P>
+When a match succeeds, <b>pcretest</b> outputs the list of captured substrings
+that <b>pcre[16|32]_exec()</b> returns, starting with number 0 for the string that
+matched the whole pattern. Otherwise, it outputs "No match" when the return is
+PCRE_ERROR_NOMATCH, and "Partial match:" followed by the partially matching
+substring when <b>pcre[16|32]_exec()</b> returns PCRE_ERROR_PARTIAL. (Note that
+this is the entire substring that was inspected during the partial match; it
+may include characters before the actual match start if a lookbehind assertion,
+\K, \b, or \B was involved.) For any other return, <b>pcretest</b> outputs
+the PCRE negative error number and a short descriptive phrase. If the error is
+a failed UTF string check, the offset of the start of the failing character and
+the reason code are also output, provided that the size of the output vector is
+at least two. Here is an example of an interactive <b>pcretest</b> run.
+<pre>
+  $ pcretest
+  PCRE version 8.13 2011-04-30
+
+    re&#62; /^abc(\d+)/
+  data&#62; abc123
+   0: abc123
+   1: 123
+  data&#62; xyz
+  No match
+</pre>
+Unset capturing substrings that are not followed by one that is set are not
+returned by <b>pcre[16|32]_exec()</b>, and are not shown by <b>pcretest</b>. In the
+following example, there are two capturing substrings, but when the first data
+line is matched, the second, unset substring is not shown. An "internal" unset
+substring is shown as "&#60;unset&#62;", as for the second data line.
+<pre>
+    re&#62; /(a)|(b)/
+  data&#62; a
+   0: a
+   1: a
+  data&#62; b
+   0: b
+   1: &#60;unset&#62;
+   2: b
+</pre>
+If the strings contain any non-printing characters, they are output as \xhh
+escapes if the value is less than 256 and UTF mode is not set. Otherwise they
+are output as \x{hh...} escapes. See below for the definition of non-printing
+characters. If the pattern has the <b>/+</b> modifier, the output for substring
+0 is followed by the the rest of the subject string, identified by "0+" like
+this:
+<pre>
+    re&#62; /cat/+
+  data&#62; cataract
+   0: cat
+   0+ aract
+</pre>
+If the pattern has the <b>/g</b> or <b>/G</b> modifier, the results of successive
+matching attempts are output in sequence, like this:
+<pre>
+    re&#62; /\Bi(\w\w)/g
+  data&#62; Mississippi
+   0: iss
+   1: ss
+   0: iss
+   1: ss
+   0: ipp
+   1: pp
+</pre>
+"No match" is output only if the first match attempt fails. Here is an example
+of a failure message (the offset 4 that is specified by \&#62;4 is past the end of
+the subject string):
+<pre>
+    re&#62; /xyz/
+  data&#62; xyz\&#62;4
+  Error -24 (bad offset value)
+</PRE>
+</P>
+<P>
+If any of the sequences <b>\C</b>, <b>\G</b>, or <b>\L</b> are present in a
+data line that is successfully matched, the substrings extracted by the
+convenience functions are output with C, G, or L after the string number
+instead of a colon. This is in addition to the normal full list. The string
+length (that is, the return from the extraction function) is given in
+parentheses after each string for <b>\C</b> and <b>\G</b>.
+</P>
+<P>
+Note that whereas patterns can be continued over several lines (a plain "&#62;"
+prompt is used for continuations), data lines may not. However newlines can be
+included in data by means of the \n escape (or \r, \r\n, etc., depending on
+the newline sequence setting).
+</P>
+<br><a name="SEC10" href="#TOC1">OUTPUT FROM THE ALTERNATIVE MATCHING FUNCTION</a><br>
+<P>
+When the alternative matching function, <b>pcre[16|32]_dfa_exec()</b>, is used (by
+means of the \D escape sequence or the <b>-dfa</b> command line option), the
+output consists of a list of all the matches that start at the first point in
+the subject where there is at least one match. For example:
+<pre>
+    re&#62; /(tang|tangerine|tan)/
+  data&#62; yellow tangerine\D
+   0: tangerine
+   1: tang
+   2: tan
+</pre>
+(Using the normal matching function on this data finds only "tang".) The
+longest matching string is always given first (and numbered zero). After a
+PCRE_ERROR_PARTIAL return, the output is "Partial match:", followed by the
+partially matching substring. (Note that this is the entire substring that was
+inspected during the partial match; it may include characters before the actual
+match start if a lookbehind assertion, \K, \b, or \B was involved.)
+</P>
+<P>
+If <b>/g</b> is present on the pattern, the search for further matches resumes
+at the end of the longest match. For example:
+<pre>
+    re&#62; /(tang|tangerine|tan)/g
+  data&#62; yellow tangerine and tangy sultana\D
+   0: tangerine
+   1: tang
+   2: tan
+   0: tang
+   1: tan
+   0: tan
+</pre>
+Since the matching function does not support substring capture, the escape
+sequences that are concerned with captured substrings are not relevant.
+</P>
+<br><a name="SEC11" href="#TOC1">RESTARTING AFTER A PARTIAL MATCH</a><br>
+<P>
+When the alternative matching function has given the PCRE_ERROR_PARTIAL return,
+indicating that the subject partially matched the pattern, you can restart the
+match with additional subject data by means of the \R escape sequence. For
+example:
+<pre>
+    re&#62; /^\d?\d(jan|feb|mar|apr|may|jun|jul|aug|sep|oct|nov|dec)\d\d$/
+  data&#62; 23ja\P\D
+  Partial match: 23ja
+  data&#62; n05\R\D
+   0: n05
+</pre>
+For further information about partial matching, see the
+<a href="pcrepartial.html"><b>pcrepartial</b></a>
+documentation.
+</P>
+<br><a name="SEC12" href="#TOC1">CALLOUTS</a><br>
+<P>
+If the pattern contains any callout requests, <b>pcretest</b>'s callout function
+is called during matching. This works with both matching functions. By default,
+the called function displays the callout number, the start and current
+positions in the text at the callout time, and the next pattern item to be
+tested. For example:
+<pre>
+  ---&#62;pqrabcdef
+    0    ^  ^     \d
+</pre>
+This output indicates that callout number 0 occurred for a match attempt
+starting at the fourth character of the subject string, when the pointer was at
+the seventh character of the data, and when the next pattern item was \d. Just
+one circumflex is output if the start and current positions are the same.
+</P>
+<P>
+Callouts numbered 255 are assumed to be automatic callouts, inserted as a
+result of the <b>/C</b> pattern modifier. In this case, instead of showing the
+callout number, the offset in the pattern, preceded by a plus, is output. For
+example:
+<pre>
+    re&#62; /\d?[A-E]\*/C
+  data&#62; E*
+  ---&#62;E*
+   +0 ^      \d?
+   +3 ^      [A-E]
+   +8 ^^     \*
+  +10 ^ ^
+   0: E*
+</pre>
+If a pattern contains (*MARK) items, an additional line is output whenever
+a change of latest mark is passed to the callout function. For example:
+<pre>
+    re&#62; /a(*MARK:X)bc/C
+  data&#62; abc
+  ---&#62;abc
+   +0 ^       a
+   +1 ^^      (*MARK:X)
+  +10 ^^      b
+  Latest Mark: X
+  +11 ^ ^     c
+  +12 ^  ^
+   0: abc
+</pre>
+The mark changes between matching "a" and "b", but stays the same for the rest
+of the match, so nothing more is output. If, as a result of backtracking, the
+mark reverts to being unset, the text "&#60;unset&#62;" is output.
+</P>
+<P>
+The callout function in <b>pcretest</b> returns zero (carry on matching) by
+default, but you can use a \C item in a data line (as described above) to
+change this and other parameters of the callout.
+</P>
+<P>
+Inserting callouts can be helpful when using <b>pcretest</b> to check
+complicated regular expressions. For further information about callouts, see
+the
+<a href="pcrecallout.html"><b>pcrecallout</b></a>
+documentation.
+</P>
+<br><a name="SEC13" href="#TOC1">NON-PRINTING CHARACTERS</a><br>
+<P>
+When <b>pcretest</b> is outputting text in the compiled version of a pattern,
+bytes other than 32-126 are always treated as non-printing characters are are
+therefore shown as hex escapes.
+</P>
+<P>
+When <b>pcretest</b> is outputting text that is a matched part of a subject
+string, it behaves in the same way, unless a different locale has been set for
+the pattern (using the <b>/L</b> modifier). In this case, the <b>isprint()</b>
+function to distinguish printing and non-printing characters.
+</P>
+<br><a name="SEC14" href="#TOC1">SAVING AND RELOADING COMPILED PATTERNS</a><br>
+<P>
+The facilities described in this section are not available when the POSIX
+interface to PCRE is being used, that is, when the <b>/P</b> pattern modifier is
+specified.
+</P>
+<P>
+When the POSIX interface is not in use, you can cause <b>pcretest</b> to write a
+compiled pattern to a file, by following the modifiers with &#62; and a file name.
+For example:
+<pre>
+  /pattern/im &#62;/some/file
+</pre>
+See the
+<a href="pcreprecompile.html"><b>pcreprecompile</b></a>
+documentation for a discussion about saving and re-using compiled patterns.
+Note that if the pattern was successfully studied with JIT optimization, the
+JIT data cannot be saved.
+</P>
+<P>
+The data that is written is binary. The first eight bytes are the length of the
+compiled pattern data followed by the length of the optional study data, each
+written as four bytes in big-endian order (most significant byte first). If
+there is no study data (either the pattern was not studied, or studying did not
+return any data), the second length is zero. The lengths are followed by an
+exact copy of the compiled pattern. If there is additional study data, this
+(excluding any JIT data) follows immediately after the compiled pattern. After
+writing the file, <b>pcretest</b> expects to read a new pattern.
+</P>
+<P>
+A saved pattern can be reloaded into <b>pcretest</b> by specifying &#60; and a file
+name instead of a pattern. There must be no space between &#60; and the file name,
+which must not contain a &#60; character, as otherwise <b>pcretest</b> will
+interpret the line as a pattern delimited by &#60; characters. For example:
+<pre>
+   re&#62; &#60;/some/file
+  Compiled pattern loaded from /some/file
+  No study data
+</pre>
+If the pattern was previously studied with the JIT optimization, the JIT
+information cannot be saved and restored, and so is lost. When the pattern has
+been loaded, <b>pcretest</b> proceeds to read data lines in the usual way.
+</P>
+<P>
+You can copy a file written by <b>pcretest</b> to a different host and reload it
+there, even if the new host has opposite endianness to the one on which the
+pattern was compiled. For example, you can compile on an i86 machine and run on
+a SPARC machine. When a pattern is reloaded on a host with different
+endianness, the confirmation message is changed to:
+<pre>
+  Compiled pattern (byte-inverted) loaded from /some/file
+</pre>
+The test suite contains some saved pre-compiled patterns with different
+endianness. These are reloaded using "&#60;!" instead of just "&#60;". This suppresses
+the "(byte-inverted)" text so that the output is the same on all hosts. It also
+forces debugging output once the pattern has been reloaded.
+</P>
+<P>
+File names for saving and reloading can be absolute or relative, but note that
+the shell facility of expanding a file name that starts with a tilde (~) is not
+available.
+</P>
+<P>
+The ability to save and reload files in <b>pcretest</b> is intended for testing
+and experimentation. It is not intended for production use because only a
+single pattern can be written to a file. Furthermore, there is no facility for
+supplying custom character tables for use with a reloaded pattern. If the
+original pattern was compiled with custom tables, an attempt to match a subject
+string using a reloaded pattern is likely to cause <b>pcretest</b> to crash.
+Finally, if you attempt to load a file that is not in the correct format, the
+result is undefined.
+</P>
+<br><a name="SEC15" href="#TOC1">SEE ALSO</a><br>
+<P>
+<b>pcre</b>(3), <b>pcre16</b>(3), <b>pcre32</b>(3), <b>pcreapi</b>(3),
+<b>pcrecallout</b>(3),
+<b>pcrejit</b>, <b>pcrematching</b>(3), <b>pcrepartial</b>(d),
+<b>pcrepattern</b>(3), <b>pcreprecompile</b>(3).
+</P>
+<br><a name="SEC16" href="#TOC1">AUTHOR</a><br>
+<P>
+Philip Hazel
+<br>
+University Computing Service
+<br>
+Cambridge CB2 3QH, England.
+<br>
+</P>
+<br><a name="SEC17" href="#TOC1">REVISION</a><br>
+<P>
+Last updated: 23 February 2017
+<br>
+Copyright &copy; 1997-2017 University of Cambridge.
+<br>
+<p>
+Return to the <a href="index.html">PCRE index page</a>.
+</p>
diff --git a/client/3rd/ShadowSocks/ShadowSocks/pcre/arm64/share/doc/pcre/html/pcreunicode.html b/client/3rd/ShadowSocks/ShadowSocks/pcre/arm64/share/doc/pcre/html/pcreunicode.html
new file mode 100644
index 00000000..ab36bc61
--- /dev/null
+++ b/client/3rd/ShadowSocks/ShadowSocks/pcre/arm64/share/doc/pcre/html/pcreunicode.html
@@ -0,0 +1,262 @@
+<html>
+<head>
+<title>pcreunicode specification</title>
+</head>
+<body bgcolor="#FFFFFF" text="#00005A" link="#0066FF" alink="#3399FF" vlink="#2222BB">
+<h1>pcreunicode man page</h1>
+<p>
+Return to the <a href="index.html">PCRE index page</a>.
+</p>
+<p>
+This page is part of the PCRE HTML documentation. It was generated automatically
+from the original man page. If there is any nonsense in it, please consult the
+man page, in case the conversion went wrong.
+<br>
+<br><b>
+UTF-8, UTF-16, UTF-32, AND UNICODE PROPERTY SUPPORT
+</b><br>
+<P>
+As well as UTF-8 support, PCRE also supports UTF-16 (from release 8.30) and
+UTF-32 (from release 8.32), by means of two additional libraries. They can be
+built as well as, or instead of, the 8-bit library.
+</P>
+<br><b>
+UTF-8 SUPPORT
+</b><br>
+<P>
+In order process UTF-8 strings, you must build PCRE's 8-bit library with UTF
+support, and, in addition, you must call
+<a href="pcre_compile.html"><b>pcre_compile()</b></a>
+with the PCRE_UTF8 option flag, or the pattern must start with the sequence
+(*UTF8) or (*UTF). When either of these is the case, both the pattern and any
+subject strings that are matched against it are treated as UTF-8 strings
+instead of strings of individual 1-byte characters.
+</P>
+<br><b>
+UTF-16 AND UTF-32 SUPPORT
+</b><br>
+<P>
+In order process UTF-16 or UTF-32 strings, you must build PCRE's 16-bit or
+32-bit library with UTF support, and, in addition, you must call
+<a href="pcre16_compile.html"><b>pcre16_compile()</b></a>
+or
+<a href="pcre32_compile.html"><b>pcre32_compile()</b></a>
+with the PCRE_UTF16 or PCRE_UTF32 option flag, as appropriate. Alternatively,
+the pattern must start with the sequence (*UTF16), (*UTF32), as appropriate, or
+(*UTF), which can be used with either library. When UTF mode is set, both the
+pattern and any subject strings that are matched against it are treated as
+UTF-16 or UTF-32 strings instead of strings of individual 16-bit or 32-bit
+characters.
+</P>
+<br><b>
+UTF SUPPORT OVERHEAD
+</b><br>
+<P>
+If you compile PCRE with UTF support, but do not use it at run time, the
+library will be a bit bigger, but the additional run time overhead is limited
+to testing the PCRE_UTF[8|16|32] flag occasionally, so should not be very big.
+</P>
+<br><b>
+UNICODE PROPERTY SUPPORT
+</b><br>
+<P>
+If PCRE is built with Unicode character property support (which implies UTF
+support), the escape sequences \p{..}, \P{..}, and \X can be used.
+The available properties that can be tested are limited to the general
+category properties such as Lu for an upper case letter or Nd for a decimal
+number, the Unicode script names such as Arabic or Han, and the derived
+properties Any and L&. Full lists is given in the
+<a href="pcrepattern.html"><b>pcrepattern</b></a>
+and
+<a href="pcresyntax.html"><b>pcresyntax</b></a>
+documentation. Only the short names for properties are supported. For example,
+\p{L} matches a letter. Its Perl synonym, \p{Letter}, is not supported.
+Furthermore, in Perl, many properties may optionally be prefixed by "Is", for
+compatibility with Perl 5.6. PCRE does not support this.
+<a name="utf8strings"></a></P>
+<br><b>
+Validity of UTF-8 strings
+</b><br>
+<P>
+When you set the PCRE_UTF8 flag, the byte strings passed as patterns and
+subjects are (by default) checked for validity on entry to the relevant
+functions. The entire string is checked before any other processing takes
+place. From release 7.3 of PCRE, the check is according the rules of RFC 3629,
+which are themselves derived from the Unicode specification. Earlier releases
+of PCRE followed the rules of RFC 2279, which allows the full range of 31-bit
+values (0 to 0x7FFFFFFF). The current check allows only values in the range U+0
+to U+10FFFF, excluding the surrogate area. (From release 8.33 the so-called
+"non-character" code points are no longer excluded because Unicode corrigendum
+#9 makes it clear that they should not be.)
+</P>
+<P>
+Characters in the "Surrogate Area" of Unicode are reserved for use by UTF-16,
+where they are used in pairs to encode codepoints with values greater than
+0xFFFF. The code points that are encoded by UTF-16 pairs are available
+independently in the UTF-8 and UTF-32 encodings. (In other words, the whole
+surrogate thing is a fudge for UTF-16 which unfortunately messes up UTF-8 and
+UTF-32.)
+</P>
+<P>
+If an invalid UTF-8 string is passed to PCRE, an error return is given. At
+compile time, the only additional information is the offset to the first byte
+of the failing character. The run-time functions <b>pcre_exec()</b> and
+<b>pcre_dfa_exec()</b> also pass back this information, as well as a more
+detailed reason code if the caller has provided memory in which to do this.
+</P>
+<P>
+In some situations, you may already know that your strings are valid, and
+therefore want to skip these checks in order to improve performance, for
+example in the case of a long subject string that is being scanned repeatedly.
+If you set the PCRE_NO_UTF8_CHECK flag at compile time or at run time, PCRE
+assumes that the pattern or subject it is given (respectively) contains only
+valid UTF-8 codes. In this case, it does not diagnose an invalid UTF-8 string.
+</P>
+<P>
+Note that passing PCRE_NO_UTF8_CHECK to <b>pcre_compile()</b> just disables the
+check for the pattern; it does not also apply to subject strings. If you want
+to disable the check for a subject string you must pass this option to
+<b>pcre_exec()</b> or <b>pcre_dfa_exec()</b>.
+</P>
+<P>
+If you pass an invalid UTF-8 string when PCRE_NO_UTF8_CHECK is set, the result
+is undefined and your program may crash.
+<a name="utf16strings"></a></P>
+<br><b>
+Validity of UTF-16 strings
+</b><br>
+<P>
+When you set the PCRE_UTF16 flag, the strings of 16-bit data units that are
+passed as patterns and subjects are (by default) checked for validity on entry
+to the relevant functions. Values other than those in the surrogate range
+U+D800 to U+DFFF are independent code points. Values in the surrogate range
+must be used in pairs in the correct manner.
+</P>
+<P>
+If an invalid UTF-16 string is passed to PCRE, an error return is given. At
+compile time, the only additional information is the offset to the first data
+unit of the failing character. The run-time functions <b>pcre16_exec()</b> and
+<b>pcre16_dfa_exec()</b> also pass back this information, as well as a more
+detailed reason code if the caller has provided memory in which to do this.
+</P>
+<P>
+In some situations, you may already know that your strings are valid, and
+therefore want to skip these checks in order to improve performance. If you set
+the PCRE_NO_UTF16_CHECK flag at compile time or at run time, PCRE assumes that
+the pattern or subject it is given (respectively) contains only valid UTF-16
+sequences. In this case, it does not diagnose an invalid UTF-16 string.
+However, if an invalid string is passed, the result is undefined.
+<a name="utf32strings"></a></P>
+<br><b>
+Validity of UTF-32 strings
+</b><br>
+<P>
+When you set the PCRE_UTF32 flag, the strings of 32-bit data units that are
+passed as patterns and subjects are (by default) checked for validity on entry
+to the relevant functions.  This check allows only values in the range U+0
+to U+10FFFF, excluding the surrogate area U+D800 to U+DFFF.
+</P>
+<P>
+If an invalid UTF-32 string is passed to PCRE, an error return is given. At
+compile time, the only additional information is the offset to the first data
+unit of the failing character. The run-time functions <b>pcre32_exec()</b> and
+<b>pcre32_dfa_exec()</b> also pass back this information, as well as a more
+detailed reason code if the caller has provided memory in which to do this.
+</P>
+<P>
+In some situations, you may already know that your strings are valid, and
+therefore want to skip these checks in order to improve performance. If you set
+the PCRE_NO_UTF32_CHECK flag at compile time or at run time, PCRE assumes that
+the pattern or subject it is given (respectively) contains only valid UTF-32
+sequences. In this case, it does not diagnose an invalid UTF-32 string.
+However, if an invalid string is passed, the result is undefined.
+</P>
+<br><b>
+General comments about UTF modes
+</b><br>
+<P>
+1. Codepoints less than 256 can be specified in patterns by either braced or
+unbraced hexadecimal escape sequences (for example, \x{b3} or \xb3). Larger
+values have to use braced sequences.
+</P>
+<P>
+2. Octal numbers up to \777 are recognized, and in UTF-8 mode they match
+two-byte characters for values greater than \177.
+</P>
+<P>
+3. Repeat quantifiers apply to complete UTF characters, not to individual
+data units, for example: \x{100}{3}.
+</P>
+<P>
+4. The dot metacharacter matches one UTF character instead of a single data
+unit.
+</P>
+<P>
+5. The escape sequence \C can be used to match a single byte in UTF-8 mode, or
+a single 16-bit data unit in UTF-16 mode, or a single 32-bit data unit in
+UTF-32 mode, but its use can lead to some strange effects because it breaks up
+multi-unit characters (see the description of \C in the
+<a href="pcrepattern.html"><b>pcrepattern</b></a>
+documentation). The use of \C is not supported in the alternative matching
+function <b>pcre[16|32]_dfa_exec()</b>, nor is it supported in UTF mode by the
+JIT optimization of <b>pcre[16|32]_exec()</b>. If JIT optimization is requested
+for a UTF pattern that contains \C, it will not succeed, and so the matching
+will be carried out by the normal interpretive function.
+</P>
+<P>
+6. The character escapes \b, \B, \d, \D, \s, \S, \w, and \W correctly
+test characters of any code value, but, by default, the characters that PCRE
+recognizes as digits, spaces, or word characters remain the same set as in
+non-UTF mode, all with values less than 256. This remains true even when PCRE
+is built to include Unicode property support, because to do otherwise would
+slow down PCRE in many common cases. Note in particular that this applies to
+\b and \B, because they are defined in terms of \w and \W. If you really
+want to test for a wider sense of, say, "digit", you can use explicit Unicode
+property tests such as \p{Nd}. Alternatively, if you set the PCRE_UCP option,
+the way that the character escapes work is changed so that Unicode properties
+are used to determine which characters match. There are more details in the
+section on
+<a href="pcrepattern.html#genericchartypes">generic character types</a>
+in the
+<a href="pcrepattern.html"><b>pcrepattern</b></a>
+documentation.
+</P>
+<P>
+7. Similarly, characters that match the POSIX named character classes are all
+low-valued characters, unless the PCRE_UCP option is set.
+</P>
+<P>
+8. However, the horizontal and vertical white space matching escapes (\h, \H,
+\v, and \V) do match all the appropriate Unicode characters, whether or not
+PCRE_UCP is set.
+</P>
+<P>
+9. Case-insensitive matching applies only to characters whose values are less
+than 128, unless PCRE is built with Unicode property support. A few Unicode
+characters such as Greek sigma have more than two codepoints that are
+case-equivalent. Up to and including PCRE release 8.31, only one-to-one case
+mappings were supported, but later releases (with Unicode property support) do
+treat as case-equivalent all versions of characters such as Greek sigma.
+</P>
+<br><b>
+AUTHOR
+</b><br>
+<P>
+Philip Hazel
+<br>
+University Computing Service
+<br>
+Cambridge CB2 3QH, England.
+<br>
+</P>
+<br><b>
+REVISION
+</b><br>
+<P>
+Last updated: 27 February 2013
+<br>
+Copyright &copy; 1997-2013 University of Cambridge.
+<br>
+<p>
+Return to the <a href="index.html">PCRE index page</a>.
+</p>
diff --git a/client/3rd/ShadowSocks/ShadowSocks/pcre/arm64/share/doc/pcre/pcre-config.txt b/client/3rd/ShadowSocks/ShadowSocks/pcre/arm64/share/doc/pcre/pcre-config.txt
new file mode 100644
index 00000000..8503ab0e
--- /dev/null
+++ b/client/3rd/ShadowSocks/ShadowSocks/pcre/arm64/share/doc/pcre/pcre-config.txt
@@ -0,0 +1,86 @@
+PCRE-CONFIG(1)              General Commands Manual             PCRE-CONFIG(1)
+
+
+
+NAME
+       pcre-config - program to return PCRE configuration
+
+SYNOPSIS
+
+       pcre-config [--prefix] [--exec-prefix] [--version] [--libs]
+                   [--libs16] [--libs32] [--libs-cpp] [--libs-posix]
+                   [--cflags] [--cflags-posix]
+
+
+DESCRIPTION
+
+       pcre-config  returns  the configuration of the installed PCRE libraries
+       and the options required to compile a program to use them. Some of  the
+       options  apply  only  to  the  8-bit,  or  16-bit, or 32-bit libraries,
+       respectively, and are not available if only one of those libraries  has
+       been built. If an unavailable option is encountered, the "usage" infor-
+       mation is output.
+
+
+OPTIONS
+
+       --prefix  Writes the directory prefix used in the PCRE installation for
+                 architecture   independent   files  (/usr  on  many  systems,
+                 /usr/local on some systems) to the standard output.
+
+       --exec-prefix
+                 Writes the directory prefix used in the PCRE installation for
+                 architecture  dependent files (normally the same as --prefix)
+                 to the standard output.
+
+       --version Writes the version number of the installed PCRE libraries  to
+                 the standard output.
+
+       --libs    Writes  to  the  standard  output  the  command  line options
+                 required to link with the 8-bit PCRE library (-lpcre on  many
+                 systems).
+
+       --libs16  Writes  to  the  standard  output  the  command  line options
+                 required to link with the 16-bit PCRE  library  (-lpcre16  on
+                 many systems).
+
+       --libs32  Writes  to  the  standard  output  the  command  line options
+                 required to link with the 32-bit PCRE  library  (-lpcre32  on
+                 many systems).
+
+       --libs-cpp
+                 Writes  to  the  standard  output  the  command  line options
+                 required to link with PCRE's C++ wrapper  library  (-lpcrecpp
+                 -lpcre on many systems).
+
+       --libs-posix
+                 Writes  to  the  standard  output  the  command  line options
+                 required to  link  with  PCRE's  POSIX  API  wrapper  library
+                 (-lpcreposix -lpcre on many systems).
+
+       --cflags  Writes  to  the  standard  output  the  command  line options
+                 required to compile files that use  PCRE  (this  may  include
+                 some -I options, but is blank on many systems).
+
+       --cflags-posix
+                 Writes  to  the  standard  output  the  command  line options
+                 required to compile files that use PCRE's POSIX  API  wrapper
+                 library  (this  may  include some -I options, but is blank on
+                 many systems).
+
+
+SEE ALSO
+
+       pcre(3)
+
+
+AUTHOR
+
+       This manual page was originally written by Mark Baker  for  the  Debian
+       GNU/Linux  system.  It  has been subsequently revised as a generic PCRE
+       man page.
+
+
+REVISION
+
+       Last updated: 24 June 2012
diff --git a/client/3rd/ShadowSocks/ShadowSocks/pcre/arm64/share/doc/pcre/pcre.txt b/client/3rd/ShadowSocks/ShadowSocks/pcre/arm64/share/doc/pcre/pcre.txt
new file mode 100644
index 00000000..c027538f
--- /dev/null
+++ b/client/3rd/ShadowSocks/ShadowSocks/pcre/arm64/share/doc/pcre/pcre.txt
@@ -0,0 +1,10502 @@
+-----------------------------------------------------------------------------
+This file contains a concatenation of the PCRE man pages, converted to plain
+text format for ease of searching with a text editor, or for use on systems
+that do not have a man page processor. The small individual files that give
+synopses of each function in the library have not been included. Neither has
+the pcredemo program. There are separate text files for the pcregrep and
+pcretest commands.
+-----------------------------------------------------------------------------
+
+
+PCRE(3)                    Library Functions Manual                    PCRE(3)
+
+
+
+NAME
+       PCRE - Perl-compatible regular expressions (original API)
+
+PLEASE TAKE NOTE
+
+       This  document relates to PCRE releases that use the original API, with
+       library names libpcre, libpcre16, and libpcre32. January 2015  saw  the
+       first release of a new API, known as PCRE2, with release numbers start-
+       ing  at  10.00  and  library   names   libpcre2-8,   libpcre2-16,   and
+       libpcre2-32. The old libraries (now called PCRE1) are still being main-
+       tained for bug fixes,  but  there  will  be  no  new  development.  New
+       projects are advised to use the new PCRE2 libraries.
+
+
+INTRODUCTION
+
+       The  PCRE  library is a set of functions that implement regular expres-
+       sion pattern matching using the same syntax and semantics as Perl, with
+       just  a few differences. Some features that appeared in Python and PCRE
+       before they appeared in Perl are also available using the  Python  syn-
+       tax,  there  is  some  support for one or two .NET and Oniguruma syntax
+       items, and there is an option for requesting some  minor  changes  that
+       give better JavaScript compatibility.
+
+       Starting with release 8.30, it is possible to compile two separate PCRE
+       libraries:  the  original,  which  supports  8-bit  character   strings
+       (including  UTF-8  strings),  and a second library that supports 16-bit
+       character strings (including UTF-16 strings). The build process  allows
+       either  one  or both to be built. The majority of the work to make this
+       possible was done by Zoltan Herczeg.
+
+       Starting with release 8.32 it is possible to compile a  third  separate
+       PCRE  library  that supports 32-bit character strings (including UTF-32
+       strings). The build process allows any combination of the 8-,  16-  and
+       32-bit  libraries. The work to make this possible was done by Christian
+       Persch.
+
+       The three libraries contain identical sets of  functions,  except  that
+       the  names  in  the 16-bit library start with pcre16_ instead of pcre_,
+       and the names in the 32-bit  library  start  with  pcre32_  instead  of
+       pcre_.  To avoid over-complication and reduce the documentation mainte-
+       nance load, most of the documentation describes the 8-bit library, with
+       the  differences  for  the  16-bit and 32-bit libraries described sepa-
+       rately in the pcre16 and  pcre32  pages.  References  to  functions  or
+       structures  of  the  form  pcre[16|32]_xxx  should  be  read as meaning
+       "pcre_xxx when using the  8-bit  library,  pcre16_xxx  when  using  the
+       16-bit library, or pcre32_xxx when using the 32-bit library".
+
+       The  current implementation of PCRE corresponds approximately with Perl
+       5.12, including support for UTF-8/16/32  encoded  strings  and  Unicode
+       general  category  properties. However, UTF-8/16/32 and Unicode support
+       has to be explicitly enabled; it is not the default. The Unicode tables
+       correspond to Unicode release 6.3.0.
+
+       In  addition to the Perl-compatible matching function, PCRE contains an
+       alternative function that matches the same compiled patterns in a  dif-
+       ferent way. In certain circumstances, the alternative function has some
+       advantages.  For a discussion of the two matching algorithms,  see  the
+       pcrematching page.
+
+       PCRE  is  written  in C and released as a C library. A number of people
+       have written wrappers and interfaces of various kinds.  In  particular,
+       Google  Inc.   have  provided a comprehensive C++ wrapper for the 8-bit
+       library. This is now included as part of  the  PCRE  distribution.  The
+       pcrecpp  page  has  details of this interface. Other people's contribu-
+       tions can be found in the Contrib directory at the  primary  FTP  site,
+       which is:
+
+       ftp://ftp.csx.cam.ac.uk/pub/software/programming/pcre
+
+       Details  of  exactly which Perl regular expression features are and are
+       not supported by PCRE are given in separate documents. See the pcrepat-
+       tern  and pcrecompat pages. There is a syntax summary in the pcresyntax
+       page.
+
+       Some features of PCRE can be included, excluded, or  changed  when  the
+       library  is  built.  The pcre_config() function makes it possible for a
+       client to discover which features are  available.  The  features  them-
+       selves  are described in the pcrebuild page. Documentation about build-
+       ing PCRE for various operating systems can be found in the  README  and
+       NON-AUTOTOOLS_BUILD files in the source distribution.
+
+       The  libraries contains a number of undocumented internal functions and
+       data tables that are used by more than one  of  the  exported  external
+       functions,  but  which  are  not  intended for use by external callers.
+       Their names all begin with "_pcre_" or "_pcre16_" or "_pcre32_",  which
+       hopefully  will  not provoke any name clashes. In some environments, it
+       is possible to control which  external  symbols  are  exported  when  a
+       shared  library  is  built, and in these cases the undocumented symbols
+       are not exported.
+
+
+SECURITY CONSIDERATIONS
+
+       If you are using PCRE in a non-UTF application that  permits  users  to
+       supply  arbitrary  patterns  for  compilation, you should be aware of a
+       feature that allows users to turn on UTF support from within a pattern,
+       provided  that  PCRE  was built with UTF support. For example, an 8-bit
+       pattern that begins with "(*UTF8)" or "(*UTF)"  turns  on  UTF-8  mode,
+       which  interprets  patterns and subjects as strings of UTF-8 characters
+       instead of individual 8-bit characters.  This causes both  the  pattern
+       and any data against which it is matched to be checked for UTF-8 valid-
+       ity. If the data string is very long, such a  check  might  use  suffi-
+       ciently  many  resources  as  to cause your application to lose perfor-
+       mance.
+
+       One  way  of  guarding  against  this  possibility  is   to   use   the
+       pcre_fullinfo()  function  to  check the compiled pattern's options for
+       UTF.  Alternatively, from release 8.33, you can set the  PCRE_NEVER_UTF
+       option  at compile time. This causes an compile time error if a pattern
+       contains a UTF-setting sequence.
+
+       If your application is one that supports UTF, be  aware  that  validity
+       checking  can  take time. If the same data string is to be matched many
+       times, you can use the PCRE_NO_UTF[8|16|32]_CHECK option for the second
+       and subsequent matches to save redundant checks.
+
+       Another  way  that  performance can be hit is by running a pattern that
+       has a very large search tree against a string that  will  never  match.
+       Nested  unlimited  repeats in a pattern are a common example. PCRE pro-
+       vides some protection against this: see the PCRE_EXTRA_MATCH_LIMIT fea-
+       ture in the pcreapi page.
+
+
+USER DOCUMENTATION
+
+       The  user  documentation  for PCRE comprises a number of different sec-
+       tions. In the "man" format, each of these is a separate "man page".  In
+       the  HTML  format, each is a separate page, linked from the index page.
+       In the plain text format, the descriptions of the pcregrep and pcretest
+       programs  are  in  files  called pcregrep.txt and pcretest.txt, respec-
+       tively. The remaining sections, except for the pcredemo section  (which
+       is  a  program  listing),  are  concatenated  in  pcre.txt, for ease of
+       searching. The sections are as follows:
+
+         pcre              this document
+         pcre-config       show PCRE installation configuration information
+         pcre16            details of the 16-bit library
+         pcre32            details of the 32-bit library
+         pcreapi           details of PCRE's native C API
+         pcrebuild         building PCRE
+         pcrecallout       details of the callout feature
+         pcrecompat        discussion of Perl compatibility
+         pcrecpp           details of the C++ wrapper for the 8-bit library
+         pcredemo          a demonstration C program that uses PCRE
+         pcregrep          description of the pcregrep command (8-bit only)
+         pcrejit           discussion of the just-in-time optimization support
+         pcrelimits        details of size and other limits
+         pcrematching      discussion of the two matching algorithms
+         pcrepartial       details of the partial matching facility
+         pcrepattern       syntax and semantics of supported
+                             regular expressions
+         pcreperform       discussion of performance issues
+         pcreposix         the POSIX-compatible C API for the 8-bit library
+         pcreprecompile    details of saving and re-using precompiled patterns
+         pcresample        discussion of the pcredemo program
+         pcrestack         discussion of stack usage
+         pcresyntax        quick syntax reference
+         pcretest          description of the pcretest testing command
+         pcreunicode       discussion of Unicode and UTF-8/16/32 support
+
+       In the "man" and HTML formats, there is also a short page  for  each  C
+       library function, listing its arguments and results.
+
+
+AUTHOR
+
+       Philip Hazel
+       University Computing Service
+       Cambridge CB2 3QH, England.
+
+       Putting  an actual email address here seems to have been a spam magnet,
+       so I've taken it away. If you want to email me, use  my  two  initials,
+       followed by the two digits 10, at the domain cam.ac.uk.
+
+
+REVISION
+
+       Last updated: 10 February 2015
+       Copyright (c) 1997-2015 University of Cambridge.
+------------------------------------------------------------------------------
+
+
+PCRE(3)                    Library Functions Manual                    PCRE(3)
+
+
+
+NAME
+       PCRE - Perl-compatible regular expressions
+
+       #include <pcre.h>
+
+
+PCRE 16-BIT API BASIC FUNCTIONS
+
+       pcre16 *pcre16_compile(PCRE_SPTR16 pattern, int options,
+            const char **errptr, int *erroffset,
+            const unsigned char *tableptr);
+
+       pcre16 *pcre16_compile2(PCRE_SPTR16 pattern, int options,
+            int *errorcodeptr,
+            const char **errptr, int *erroffset,
+            const unsigned char *tableptr);
+
+       pcre16_extra *pcre16_study(const pcre16 *code, int options,
+            const char **errptr);
+
+       void pcre16_free_study(pcre16_extra *extra);
+
+       int pcre16_exec(const pcre16 *code, const pcre16_extra *extra,
+            PCRE_SPTR16 subject, int length, int startoffset,
+            int options, int *ovector, int ovecsize);
+
+       int pcre16_dfa_exec(const pcre16 *code, const pcre16_extra *extra,
+            PCRE_SPTR16 subject, int length, int startoffset,
+            int options, int *ovector, int ovecsize,
+            int *workspace, int wscount);
+
+
+PCRE 16-BIT API STRING EXTRACTION FUNCTIONS
+
+       int pcre16_copy_named_substring(const pcre16 *code,
+            PCRE_SPTR16 subject, int *ovector,
+            int stringcount, PCRE_SPTR16 stringname,
+            PCRE_UCHAR16 *buffer, int buffersize);
+
+       int pcre16_copy_substring(PCRE_SPTR16 subject, int *ovector,
+            int stringcount, int stringnumber, PCRE_UCHAR16 *buffer,
+            int buffersize);
+
+       int pcre16_get_named_substring(const pcre16 *code,
+            PCRE_SPTR16 subject, int *ovector,
+            int stringcount, PCRE_SPTR16 stringname,
+            PCRE_SPTR16 *stringptr);
+
+       int pcre16_get_stringnumber(const pcre16 *code,
+            PCRE_SPTR16 name);
+
+       int pcre16_get_stringtable_entries(const pcre16 *code,
+            PCRE_SPTR16 name, PCRE_UCHAR16 **first, PCRE_UCHAR16 **last);
+
+       int pcre16_get_substring(PCRE_SPTR16 subject, int *ovector,
+            int stringcount, int stringnumber,
+            PCRE_SPTR16 *stringptr);
+
+       int pcre16_get_substring_list(PCRE_SPTR16 subject,
+            int *ovector, int stringcount, PCRE_SPTR16 **listptr);
+
+       void pcre16_free_substring(PCRE_SPTR16 stringptr);
+
+       void pcre16_free_substring_list(PCRE_SPTR16 *stringptr);
+
+
+PCRE 16-BIT API AUXILIARY FUNCTIONS
+
+       pcre16_jit_stack *pcre16_jit_stack_alloc(int startsize, int maxsize);
+
+       void pcre16_jit_stack_free(pcre16_jit_stack *stack);
+
+       void pcre16_assign_jit_stack(pcre16_extra *extra,
+            pcre16_jit_callback callback, void *data);
+
+       const unsigned char *pcre16_maketables(void);
+
+       int pcre16_fullinfo(const pcre16 *code, const pcre16_extra *extra,
+            int what, void *where);
+
+       int pcre16_refcount(pcre16 *code, int adjust);
+
+       int pcre16_config(int what, void *where);
+
+       const char *pcre16_version(void);
+
+       int pcre16_pattern_to_host_byte_order(pcre16 *code,
+            pcre16_extra *extra, const unsigned char *tables);
+
+
+PCRE 16-BIT API INDIRECTED FUNCTIONS
+
+       void *(*pcre16_malloc)(size_t);
+
+       void (*pcre16_free)(void *);
+
+       void *(*pcre16_stack_malloc)(size_t);
+
+       void (*pcre16_stack_free)(void *);
+
+       int (*pcre16_callout)(pcre16_callout_block *);
+
+
+PCRE 16-BIT API 16-BIT-ONLY FUNCTION
+
+       int pcre16_utf16_to_host_byte_order(PCRE_UCHAR16 *output,
+            PCRE_SPTR16 input, int length, int *byte_order,
+            int keep_boms);
+
+
+THE PCRE 16-BIT LIBRARY
+
+       Starting  with  release  8.30, it is possible to compile a PCRE library
+       that supports 16-bit character strings, including  UTF-16  strings,  as
+       well  as  or instead of the original 8-bit library. The majority of the
+       work to make  this  possible  was  done  by  Zoltan  Herczeg.  The  two
+       libraries contain identical sets of functions, used in exactly the same
+       way. Only the names of the functions and the data types of their  argu-
+       ments  and results are different. To avoid over-complication and reduce
+       the documentation maintenance load,  most  of  the  PCRE  documentation
+       describes  the  8-bit  library,  with only occasional references to the
+       16-bit library. This page describes what is different when you use  the
+       16-bit library.
+
+       WARNING:  A  single  application can be linked with both libraries, but
+       you must take care when processing any particular pattern to use  func-
+       tions  from  just one library. For example, if you want to study a pat-
+       tern that was compiled with  pcre16_compile(),  you  must  do  so  with
+       pcre16_study(), not pcre_study(), and you must free the study data with
+       pcre16_free_study().
+
+
+THE HEADER FILE
+
+       There is only one header file, pcre.h. It contains prototypes  for  all
+       the functions in all libraries, as well as definitions of flags, struc-
+       tures, error codes, etc.
+
+
+THE LIBRARY NAME
+
+       In Unix-like systems, the 16-bit library is called libpcre16,  and  can
+       normally  be  accesss  by adding -lpcre16 to the command for linking an
+       application that uses PCRE.
+
+
+STRING TYPES
+
+       In the 8-bit library, strings are passed to PCRE library  functions  as
+       vectors  of  bytes  with  the  C  type "char *". In the 16-bit library,
+       strings are passed as vectors of unsigned 16-bit quantities. The  macro
+       PCRE_UCHAR16  specifies  an  appropriate  data type, and PCRE_SPTR16 is
+       defined as "const PCRE_UCHAR16 *". In very  many  environments,  "short
+       int" is a 16-bit data type. When PCRE is built, it defines PCRE_UCHAR16
+       as "unsigned short int", but checks that it really  is  a  16-bit  data
+       type.  If  it is not, the build fails with an error message telling the
+       maintainer to modify the definition appropriately.
+
+
+STRUCTURE TYPES
+
+       The types of the opaque structures that are used  for  compiled  16-bit
+       patterns  and  JIT stacks are pcre16 and pcre16_jit_stack respectively.
+       The  type  of  the  user-accessible  structure  that  is  returned   by
+       pcre16_study()  is  pcre16_extra, and the type of the structure that is
+       used for passing data to a callout  function  is  pcre16_callout_block.
+       These structures contain the same fields, with the same names, as their
+       8-bit counterparts. The only difference is that pointers  to  character
+       strings are 16-bit instead of 8-bit types.
+
+
+16-BIT FUNCTIONS
+
+       For  every function in the 8-bit library there is a corresponding func-
+       tion in the 16-bit library with a name that starts with pcre16_ instead
+       of  pcre_.  The  prototypes are listed above. In addition, there is one
+       extra function, pcre16_utf16_to_host_byte_order(). This  is  a  utility
+       function  that converts a UTF-16 character string to host byte order if
+       necessary. The other 16-bit  functions  expect  the  strings  they  are
+       passed to be in host byte order.
+
+       The input and output arguments of pcre16_utf16_to_host_byte_order() may
+       point to the same address, that is, conversion in place  is  supported.
+       The output buffer must be at least as long as the input.
+
+       The  length  argument  specifies the number of 16-bit data units in the
+       input string; a negative value specifies a zero-terminated string.
+
+       If byte_order is NULL, it is assumed that the string starts off in host
+       byte  order. This may be changed by byte-order marks (BOMs) anywhere in
+       the string (commonly as the first character).
+
+       If byte_order is not NULL, a non-zero value of the integer to which  it
+       points  means  that  the input starts off in host byte order, otherwise
+       the opposite order is assumed. Again, BOMs in  the  string  can  change
+       this. The final byte order is passed back at the end of processing.
+
+       If  keep_boms  is  not  zero,  byte-order  mark characters (0xfeff) are
+       copied into the output string. Otherwise they are discarded.
+
+       The result of the function is the number of 16-bit  units  placed  into
+       the  output  buffer,  including  the  zero terminator if the string was
+       zero-terminated.
+
+
+SUBJECT STRING OFFSETS
+
+       The lengths and starting offsets of subject strings must  be  specified
+       in  16-bit  data units, and the offsets within subject strings that are
+       returned by the matching functions are in also 16-bit units rather than
+       bytes.
+
+
+NAMED SUBPATTERNS
+
+       The  name-to-number translation table that is maintained for named sub-
+       patterns uses 16-bit characters.  The  pcre16_get_stringtable_entries()
+       function returns the length of each entry in the table as the number of
+       16-bit data units.
+
+
+OPTION NAMES
+
+       There   are   two   new   general   option   names,   PCRE_UTF16    and
+       PCRE_NO_UTF16_CHECK,     which     correspond    to    PCRE_UTF8    and
+       PCRE_NO_UTF8_CHECK in the 8-bit library. In  fact,  these  new  options
+       define  the  same bits in the options word. There is a discussion about
+       the validity of UTF-16 strings in the pcreunicode page.
+
+       For the pcre16_config() function there is an  option  PCRE_CONFIG_UTF16
+       that  returns  1  if UTF-16 support is configured, otherwise 0. If this
+       option  is  given  to  pcre_config()  or  pcre32_config(),  or  if  the
+       PCRE_CONFIG_UTF8  or  PCRE_CONFIG_UTF32  option is given to pcre16_con-
+       fig(), the result is the PCRE_ERROR_BADOPTION error.
+
+
+CHARACTER CODES
+
+       In 16-bit mode, when  PCRE_UTF16  is  not  set,  character  values  are
+       treated in the same way as in 8-bit, non UTF-8 mode, except, of course,
+       that they can range from 0 to 0xffff instead of 0  to  0xff.  Character
+       types  for characters less than 0xff can therefore be influenced by the
+       locale in the same way as before.  Characters greater  than  0xff  have
+       only one case, and no "type" (such as letter or digit).
+
+       In  UTF-16  mode,  the  character  code  is  Unicode, in the range 0 to
+       0x10ffff, with the exception of values in the range  0xd800  to  0xdfff
+       because  those  are "surrogate" values that are used in pairs to encode
+       values greater than 0xffff.
+
+       A UTF-16 string can indicate its endianness by special code knows as  a
+       byte-order mark (BOM). The PCRE functions do not handle this, expecting
+       strings  to  be  in  host  byte  order.  A  utility   function   called
+       pcre16_utf16_to_host_byte_order()  is  provided  to help with this (see
+       above).
+
+
+ERROR NAMES
+
+       The errors PCRE_ERROR_BADUTF16_OFFSET and PCRE_ERROR_SHORTUTF16  corre-
+       spond  to  their  8-bit  counterparts.  The error PCRE_ERROR_BADMODE is
+       given when a compiled pattern is passed to a  function  that  processes
+       patterns  in  the  other  mode, for example, if a pattern compiled with
+       pcre_compile() is passed to pcre16_exec().
+
+       There are new error codes whose names  begin  with  PCRE_UTF16_ERR  for
+       invalid  UTF-16  strings,  corresponding to the PCRE_UTF8_ERR codes for
+       UTF-8 strings that are described in the section entitled "Reason  codes
+       for  invalid UTF-8 strings" in the main pcreapi page. The UTF-16 errors
+       are:
+
+         PCRE_UTF16_ERR1  Missing low surrogate at end of string
+         PCRE_UTF16_ERR2  Invalid low surrogate follows high surrogate
+         PCRE_UTF16_ERR3  Isolated low surrogate
+         PCRE_UTF16_ERR4  Non-character
+
+
+ERROR TEXTS
+
+       If there is an error while compiling a pattern, the error text that  is
+       passed  back by pcre16_compile() or pcre16_compile2() is still an 8-bit
+       character string, zero-terminated.
+
+
+CALLOUTS
+
+       The subject and mark fields in the callout block that is  passed  to  a
+       callout function point to 16-bit vectors.
+
+
+TESTING
+
+       The  pcretest  program continues to operate with 8-bit input and output
+       files, but it can be used for testing the 16-bit library. If it is  run
+       with the command line option -16, patterns and subject strings are con-
+       verted from 8-bit to 16-bit before being passed to PCRE, and the 16-bit
+       library  functions  are used instead of the 8-bit ones. Returned 16-bit
+       strings are converted to 8-bit for output. If both the  8-bit  and  the
+       32-bit libraries were not compiled, pcretest defaults to 16-bit and the
+       -16 option is ignored.
+
+       When PCRE is being built, the RunTest script that is  called  by  "make
+       check"  uses  the  pcretest  -C  option to discover which of the 8-bit,
+       16-bit and 32-bit libraries has been built, and runs the  tests  appro-
+       priately.
+
+
+NOT SUPPORTED IN 16-BIT MODE
+
+       Not all the features of the 8-bit library are available with the 16-bit
+       library. The C++ and POSIX wrapper functions  support  only  the  8-bit
+       library, and the pcregrep program is at present 8-bit only.
+
+
+AUTHOR
+
+       Philip Hazel
+       University Computing Service
+       Cambridge CB2 3QH, England.
+
+
+REVISION
+
+       Last updated: 12 May 2013
+       Copyright (c) 1997-2013 University of Cambridge.
+------------------------------------------------------------------------------
+
+
+PCRE(3)                    Library Functions Manual                    PCRE(3)
+
+
+
+NAME
+       PCRE - Perl-compatible regular expressions
+
+       #include <pcre.h>
+
+
+PCRE 32-BIT API BASIC FUNCTIONS
+
+       pcre32 *pcre32_compile(PCRE_SPTR32 pattern, int options,
+            const char **errptr, int *erroffset,
+            const unsigned char *tableptr);
+
+       pcre32 *pcre32_compile2(PCRE_SPTR32 pattern, int options,
+            int *errorcodeptr,
+            const unsigned char *tableptr);
+
+       pcre32_extra *pcre32_study(const pcre32 *code, int options,
+            const char **errptr);
+
+       void pcre32_free_study(pcre32_extra *extra);
+
+       int pcre32_exec(const pcre32 *code, const pcre32_extra *extra,
+            PCRE_SPTR32 subject, int length, int startoffset,
+            int options, int *ovector, int ovecsize);
+
+       int pcre32_dfa_exec(const pcre32 *code, const pcre32_extra *extra,
+            PCRE_SPTR32 subject, int length, int startoffset,
+            int options, int *ovector, int ovecsize,
+            int *workspace, int wscount);
+
+
+PCRE 32-BIT API STRING EXTRACTION FUNCTIONS
+
+       int pcre32_copy_named_substring(const pcre32 *code,
+            PCRE_SPTR32 subject, int *ovector,
+            int stringcount, PCRE_SPTR32 stringname,
+            PCRE_UCHAR32 *buffer, int buffersize);
+
+       int pcre32_copy_substring(PCRE_SPTR32 subject, int *ovector,
+            int stringcount, int stringnumber, PCRE_UCHAR32 *buffer,
+            int buffersize);
+
+       int pcre32_get_named_substring(const pcre32 *code,
+            PCRE_SPTR32 subject, int *ovector,
+            int stringcount, PCRE_SPTR32 stringname,
+            PCRE_SPTR32 *stringptr);
+
+       int pcre32_get_stringnumber(const pcre32 *code,
+            PCRE_SPTR32 name);
+
+       int pcre32_get_stringtable_entries(const pcre32 *code,
+            PCRE_SPTR32 name, PCRE_UCHAR32 **first, PCRE_UCHAR32 **last);
+
+       int pcre32_get_substring(PCRE_SPTR32 subject, int *ovector,
+            int stringcount, int stringnumber,
+            PCRE_SPTR32 *stringptr);
+
+       int pcre32_get_substring_list(PCRE_SPTR32 subject,
+            int *ovector, int stringcount, PCRE_SPTR32 **listptr);
+
+       void pcre32_free_substring(PCRE_SPTR32 stringptr);
+
+       void pcre32_free_substring_list(PCRE_SPTR32 *stringptr);
+
+
+PCRE 32-BIT API AUXILIARY FUNCTIONS
+
+       pcre32_jit_stack *pcre32_jit_stack_alloc(int startsize, int maxsize);
+
+       void pcre32_jit_stack_free(pcre32_jit_stack *stack);
+
+       void pcre32_assign_jit_stack(pcre32_extra *extra,
+            pcre32_jit_callback callback, void *data);
+
+       const unsigned char *pcre32_maketables(void);
+
+       int pcre32_fullinfo(const pcre32 *code, const pcre32_extra *extra,
+            int what, void *where);
+
+       int pcre32_refcount(pcre32 *code, int adjust);
+
+       int pcre32_config(int what, void *where);
+
+       const char *pcre32_version(void);
+
+       int pcre32_pattern_to_host_byte_order(pcre32 *code,
+            pcre32_extra *extra, const unsigned char *tables);
+
+
+PCRE 32-BIT API INDIRECTED FUNCTIONS
+
+       void *(*pcre32_malloc)(size_t);
+
+       void (*pcre32_free)(void *);
+
+       void *(*pcre32_stack_malloc)(size_t);
+
+       void (*pcre32_stack_free)(void *);
+
+       int (*pcre32_callout)(pcre32_callout_block *);
+
+
+PCRE 32-BIT API 32-BIT-ONLY FUNCTION
+
+       int pcre32_utf32_to_host_byte_order(PCRE_UCHAR32 *output,
+            PCRE_SPTR32 input, int length, int *byte_order,
+            int keep_boms);
+
+
+THE PCRE 32-BIT LIBRARY
+
+       Starting  with  release  8.32, it is possible to compile a PCRE library
+       that supports 32-bit character strings, including  UTF-32  strings,  as
+       well as or instead of the original 8-bit library. This work was done by
+       Christian Persch, based on the work done  by  Zoltan  Herczeg  for  the
+       16-bit  library.  All  three  libraries contain identical sets of func-
+       tions, used in exactly the same way.  Only the names of  the  functions
+       and  the  data  types  of their arguments and results are different. To
+       avoid over-complication and reduce the documentation maintenance  load,
+       most  of  the PCRE documentation describes the 8-bit library, with only
+       occasional references to the 16-bit and  32-bit  libraries.  This  page
+       describes what is different when you use the 32-bit library.
+
+       WARNING:  A  single  application  can  be linked with all or any of the
+       three libraries, but you must take care when processing any  particular
+       pattern  to  use  functions  from just one library. For example, if you
+       want to study a pattern that was compiled  with  pcre32_compile(),  you
+       must do so with pcre32_study(), not pcre_study(), and you must free the
+       study data with pcre32_free_study().
+
+
+THE HEADER FILE
+
+       There is only one header file, pcre.h. It contains prototypes  for  all
+       the functions in all libraries, as well as definitions of flags, struc-
+       tures, error codes, etc.
+
+
+THE LIBRARY NAME
+
+       In Unix-like systems, the 32-bit library is called libpcre32,  and  can
+       normally  be  accesss  by adding -lpcre32 to the command for linking an
+       application that uses PCRE.
+
+
+STRING TYPES
+
+       In the 8-bit library, strings are passed to PCRE library  functions  as
+       vectors  of  bytes  with  the  C  type "char *". In the 32-bit library,
+       strings are passed as vectors of unsigned 32-bit quantities. The  macro
+       PCRE_UCHAR32  specifies  an  appropriate  data type, and PCRE_SPTR32 is
+       defined as "const PCRE_UCHAR32 *". In very many environments, "unsigned
+       int" is a 32-bit data type. When PCRE is built, it defines PCRE_UCHAR32
+       as "unsigned int", but checks that it really is a 32-bit data type.  If
+       it is not, the build fails with an error message telling the maintainer
+       to modify the definition appropriately.
+
+
+STRUCTURE TYPES
+
+       The types of the opaque structures that are used  for  compiled  32-bit
+       patterns  and  JIT stacks are pcre32 and pcre32_jit_stack respectively.
+       The  type  of  the  user-accessible  structure  that  is  returned   by
+       pcre32_study()  is  pcre32_extra, and the type of the structure that is
+       used for passing data to a callout  function  is  pcre32_callout_block.
+       These structures contain the same fields, with the same names, as their
+       8-bit counterparts. The only difference is that pointers  to  character
+       strings are 32-bit instead of 8-bit types.
+
+
+32-BIT FUNCTIONS
+
+       For  every function in the 8-bit library there is a corresponding func-
+       tion in the 32-bit library with a name that starts with pcre32_ instead
+       of  pcre_.  The  prototypes are listed above. In addition, there is one
+       extra function, pcre32_utf32_to_host_byte_order(). This  is  a  utility
+       function  that converts a UTF-32 character string to host byte order if
+       necessary. The other 32-bit  functions  expect  the  strings  they  are
+       passed to be in host byte order.
+
+       The input and output arguments of pcre32_utf32_to_host_byte_order() may
+       point to the same address, that is, conversion in place  is  supported.
+       The output buffer must be at least as long as the input.
+
+       The  length  argument  specifies the number of 32-bit data units in the
+       input string; a negative value specifies a zero-terminated string.
+
+       If byte_order is NULL, it is assumed that the string starts off in host
+       byte  order. This may be changed by byte-order marks (BOMs) anywhere in
+       the string (commonly as the first character).
+
+       If byte_order is not NULL, a non-zero value of the integer to which  it
+       points  means  that  the input starts off in host byte order, otherwise
+       the opposite order is assumed. Again, BOMs in  the  string  can  change
+       this. The final byte order is passed back at the end of processing.
+
+       If  keep_boms  is  not  zero,  byte-order  mark characters (0xfeff) are
+       copied into the output string. Otherwise they are discarded.
+
+       The result of the function is the number of 32-bit  units  placed  into
+       the  output  buffer,  including  the  zero terminator if the string was
+       zero-terminated.
+
+
+SUBJECT STRING OFFSETS
+
+       The lengths and starting offsets of subject strings must  be  specified
+       in  32-bit  data units, and the offsets within subject strings that are
+       returned by the matching functions are in also 32-bit units rather than
+       bytes.
+
+
+NAMED SUBPATTERNS
+
+       The  name-to-number translation table that is maintained for named sub-
+       patterns uses 32-bit characters.  The  pcre32_get_stringtable_entries()
+       function returns the length of each entry in the table as the number of
+       32-bit data units.
+
+
+OPTION NAMES
+
+       There   are   two   new   general   option   names,   PCRE_UTF32    and
+       PCRE_NO_UTF32_CHECK,     which     correspond    to    PCRE_UTF8    and
+       PCRE_NO_UTF8_CHECK in the 8-bit library. In  fact,  these  new  options
+       define  the  same bits in the options word. There is a discussion about
+       the validity of UTF-32 strings in the pcreunicode page.
+
+       For the pcre32_config() function there is an  option  PCRE_CONFIG_UTF32
+       that  returns  1  if UTF-32 support is configured, otherwise 0. If this
+       option  is  given  to  pcre_config()  or  pcre16_config(),  or  if  the
+       PCRE_CONFIG_UTF8  or  PCRE_CONFIG_UTF16  option is given to pcre32_con-
+       fig(), the result is the PCRE_ERROR_BADOPTION error.
+
+
+CHARACTER CODES
+
+       In 32-bit mode, when  PCRE_UTF32  is  not  set,  character  values  are
+       treated in the same way as in 8-bit, non UTF-8 mode, except, of course,
+       that they can range from 0 to 0x7fffffff instead of 0 to 0xff.  Charac-
+       ter  types for characters less than 0xff can therefore be influenced by
+       the locale in the same way as before.   Characters  greater  than  0xff
+       have only one case, and no "type" (such as letter or digit).
+
+       In  UTF-32  mode,  the  character  code  is  Unicode, in the range 0 to
+       0x10ffff, with the exception of values in the range  0xd800  to  0xdfff
+       because those are "surrogate" values that are ill-formed in UTF-32.
+
+       A  UTF-32 string can indicate its endianness by special code knows as a
+       byte-order mark (BOM). The PCRE functions do not handle this, expecting
+       strings   to   be  in  host  byte  order.  A  utility  function  called
+       pcre32_utf32_to_host_byte_order() is provided to help  with  this  (see
+       above).
+
+
+ERROR NAMES
+
+       The  error  PCRE_ERROR_BADUTF32  corresponds  to its 8-bit counterpart.
+       The error PCRE_ERROR_BADMODE is given when a compiled pattern is passed
+       to  a  function that processes patterns in the other mode, for example,
+       if a pattern compiled with pcre_compile() is passed to pcre32_exec().
+
+       There are new error codes whose names  begin  with  PCRE_UTF32_ERR  for
+       invalid  UTF-32  strings,  corresponding to the PCRE_UTF8_ERR codes for
+       UTF-8 strings that are described in the section entitled "Reason  codes
+       for  invalid UTF-8 strings" in the main pcreapi page. The UTF-32 errors
+       are:
+
+         PCRE_UTF32_ERR1  Surrogate character (range from 0xd800 to 0xdfff)
+         PCRE_UTF32_ERR2  Non-character
+         PCRE_UTF32_ERR3  Character > 0x10ffff
+
+
+ERROR TEXTS
+
+       If there is an error while compiling a pattern, the error text that  is
+       passed  back by pcre32_compile() or pcre32_compile2() is still an 8-bit
+       character string, zero-terminated.
+
+
+CALLOUTS
+
+       The subject and mark fields in the callout block that is  passed  to  a
+       callout function point to 32-bit vectors.
+
+
+TESTING
+
+       The  pcretest  program continues to operate with 8-bit input and output
+       files, but it can be used for testing the 32-bit library. If it is  run
+       with the command line option -32, patterns and subject strings are con-
+       verted from 8-bit to 32-bit before being passed to PCRE, and the 32-bit
+       library  functions  are used instead of the 8-bit ones. Returned 32-bit
+       strings are converted to 8-bit for output. If both the  8-bit  and  the
+       16-bit libraries were not compiled, pcretest defaults to 32-bit and the
+       -32 option is ignored.
+
+       When PCRE is being built, the RunTest script that is  called  by  "make
+       check"  uses  the  pcretest  -C  option to discover which of the 8-bit,
+       16-bit and 32-bit libraries has been built, and runs the  tests  appro-
+       priately.
+
+
+NOT SUPPORTED IN 32-BIT MODE
+
+       Not all the features of the 8-bit library are available with the 32-bit
+       library. The C++ and POSIX wrapper functions  support  only  the  8-bit
+       library, and the pcregrep program is at present 8-bit only.
+
+
+AUTHOR
+
+       Philip Hazel
+       University Computing Service
+       Cambridge CB2 3QH, England.
+
+
+REVISION
+
+       Last updated: 12 May 2013
+       Copyright (c) 1997-2013 University of Cambridge.
+------------------------------------------------------------------------------
+
+
+PCREBUILD(3)               Library Functions Manual               PCREBUILD(3)
+
+
+
+NAME
+       PCRE - Perl-compatible regular expressions
+
+BUILDING PCRE
+
+       PCRE  is  distributed with a configure script that can be used to build
+       the library in Unix-like environments using the applications  known  as
+       Autotools.   Also  in  the  distribution  are files to support building
+       using CMake instead of configure. The text file README contains general
+       information  about  building  with Autotools (some of which is repeated
+       below), and also has some comments about building on various  operating
+       systems.  There  is  a lot more information about building PCRE without
+       using Autotools (including information about using CMake  and  building
+       "by  hand")  in  the  text file called NON-AUTOTOOLS-BUILD.  You should
+       consult this file as well as the README file if you are building  in  a
+       non-Unix-like environment.
+
+
+PCRE BUILD-TIME OPTIONS
+
+       The  rest of this document describes the optional features of PCRE that
+       can be selected when the library is compiled. It  assumes  use  of  the
+       configure  script,  where  the  optional features are selected or dese-
+       lected by providing options to configure before running the  make  com-
+       mand.  However,  the same options can be selected in both Unix-like and
+       non-Unix-like environments using the GUI facility of cmake-gui  if  you
+       are using CMake instead of configure to build PCRE.
+
+       If  you  are not using Autotools or CMake, option selection can be done
+       by editing the config.h file, or by passing parameter settings  to  the
+       compiler, as described in NON-AUTOTOOLS-BUILD.
+
+       The complete list of options for configure (which includes the standard
+       ones such as the  selection  of  the  installation  directory)  can  be
+       obtained by running
+
+         ./configure --help
+
+       The  following  sections  include  descriptions  of options whose names
+       begin with --enable or --disable. These settings specify changes to the
+       defaults  for  the configure command. Because of the way that configure
+       works, --enable and --disable always come in pairs, so  the  complemen-
+       tary  option always exists as well, but as it specifies the default, it
+       is not described.
+
+
+BUILDING 8-BIT, 16-BIT AND 32-BIT LIBRARIES
+
+       By default, a library called libpcre  is  built,  containing  functions
+       that  take  string  arguments  contained in vectors of bytes, either as
+       single-byte characters, or interpreted as UTF-8 strings. You  can  also
+       build  a  separate library, called libpcre16, in which strings are con-
+       tained in vectors of 16-bit data units and interpreted either  as  sin-
+       gle-unit characters or UTF-16 strings, by adding
+
+         --enable-pcre16
+
+       to  the  configure  command.  You  can  also build yet another separate
+       library, called libpcre32, in which strings are contained in vectors of
+       32-bit  data  units and interpreted either as single-unit characters or
+       UTF-32 strings, by adding
+
+         --enable-pcre32
+
+       to the configure command. If you do not want the 8-bit library, add
+
+         --disable-pcre8
+
+       as well. At least one of the three libraries must be built.  Note  that
+       the  C++  and  POSIX  wrappers are for the 8-bit library only, and that
+       pcregrep is an 8-bit program. None of these are  built  if  you  select
+       only the 16-bit or 32-bit libraries.
+
+
+BUILDING SHARED AND STATIC LIBRARIES
+
+       The  Autotools  PCRE building process uses libtool to build both shared
+       and static libraries by default. You  can  suppress  one  of  these  by
+       adding one of
+
+         --disable-shared
+         --disable-static
+
+       to the configure command, as required.
+
+
+C++ SUPPORT
+
+       By  default,  if the 8-bit library is being built, the configure script
+       will search for a C++ compiler and C++ header files. If it finds  them,
+       it  automatically  builds  the C++ wrapper library (which supports only
+       8-bit strings). You can disable this by adding
+
+         --disable-cpp
+
+       to the configure command.
+
+
+UTF-8, UTF-16 AND UTF-32 SUPPORT
+
+       To build PCRE with support for UTF Unicode character strings, add
+
+         --enable-utf
+
+       to the configure command. This setting applies to all three  libraries,
+       adding  support  for  UTF-8 to the 8-bit library, support for UTF-16 to
+       the 16-bit library, and  support  for  UTF-32  to  the  to  the  32-bit
+       library.  There  are no separate options for enabling UTF-8, UTF-16 and
+       UTF-32 independently because that would allow ridiculous settings  such
+       as  requesting UTF-16 support while building only the 8-bit library. It
+       is not possible to build one library with UTF support and another with-
+       out  in the same configuration. (For backwards compatibility, --enable-
+       utf8 is a synonym of --enable-utf.)
+
+       Of itself, this setting does not make  PCRE  treat  strings  as  UTF-8,
+       UTF-16  or UTF-32. As well as compiling PCRE with this option, you also
+       have have to set the PCRE_UTF8, PCRE_UTF16  or  PCRE_UTF32  option  (as
+       appropriate) when you call one of the pattern compiling functions.
+
+       If  you  set --enable-utf when compiling in an EBCDIC environment, PCRE
+       expects its input to be either ASCII or UTF-8 (depending  on  the  run-
+       time option). It is not possible to support both EBCDIC and UTF-8 codes
+       in the same version of  the  library.  Consequently,  --enable-utf  and
+       --enable-ebcdic are mutually exclusive.
+
+
+UNICODE CHARACTER PROPERTY SUPPORT
+
+       UTF  support allows the libraries to process character codepoints up to
+       0x10ffff in the strings that they handle. On its own, however, it  does
+       not provide any facilities for accessing the properties of such charac-
+       ters. If you want to be able to use the pattern escapes \P, \p, and \X,
+       which refer to Unicode character properties, you must add
+
+         --enable-unicode-properties
+
+       to  the  configure  command. This implies UTF support, even if you have
+       not explicitly requested it.
+
+       Including Unicode property support adds around 30K  of  tables  to  the
+       PCRE  library.  Only  the general category properties such as Lu and Nd
+       are supported. Details are given in the pcrepattern documentation.
+
+
+JUST-IN-TIME COMPILER SUPPORT
+
+       Just-in-time compiler support is included in the build by specifying
+
+         --enable-jit
+
+       This support is available only for certain hardware  architectures.  If
+       this  option  is  set  for  an unsupported architecture, a compile time
+       error occurs.  See the pcrejit documentation for a  discussion  of  JIT
+       usage. When JIT support is enabled, pcregrep automatically makes use of
+       it, unless you add
+
+         --disable-pcregrep-jit
+
+       to the "configure" command.
+
+
+CODE VALUE OF NEWLINE
+
+       By default, PCRE interprets the linefeed (LF) character  as  indicating
+       the  end  of  a line. This is the normal newline character on Unix-like
+       systems. You can compile PCRE to use carriage return (CR)  instead,  by
+       adding
+
+         --enable-newline-is-cr
+
+       to  the  configure  command.  There  is  also  a --enable-newline-is-lf
+       option, which explicitly specifies linefeed as the newline character.
+
+       Alternatively, you can specify that line endings are to be indicated by
+       the two character sequence CRLF. If you want this, add
+
+         --enable-newline-is-crlf
+
+       to the configure command. There is a fourth option, specified by
+
+         --enable-newline-is-anycrlf
+
+       which  causes  PCRE  to recognize any of the three sequences CR, LF, or
+       CRLF as indicating a line ending. Finally, a fifth option, specified by
+
+         --enable-newline-is-any
+
+       causes PCRE to recognize any Unicode newline sequence.
+
+       Whatever line ending convention is selected when PCRE is built  can  be
+       overridden  when  the library functions are called. At build time it is
+       conventional to use the standard for your operating system.
+
+
+WHAT \R MATCHES
+
+       By default, the sequence \R in a pattern matches  any  Unicode  newline
+       sequence,  whatever  has  been selected as the line ending sequence. If
+       you specify
+
+         --enable-bsr-anycrlf
+
+       the default is changed so that \R matches only CR, LF, or  CRLF.  What-
+       ever  is selected when PCRE is built can be overridden when the library
+       functions are called.
+
+
+POSIX MALLOC USAGE
+
+       When the 8-bit library is called through the POSIX interface  (see  the
+       pcreposix  documentation),  additional  working storage is required for
+       holding the pointers to capturing  substrings,  because  PCRE  requires
+       three integers per substring, whereas the POSIX interface provides only
+       two. If the number of expected substrings is small, the  wrapper  func-
+       tion  uses  space  on the stack, because this is faster than using mal-
+       loc() for each call. The default threshold above which the stack is  no
+       longer used is 10; it can be changed by adding a setting such as
+
+         --with-posix-malloc-threshold=20
+
+       to the configure command.
+
+
+HANDLING VERY LARGE PATTERNS
+
+       Within  a  compiled  pattern,  offset values are used to point from one
+       part to another (for example, from an opening parenthesis to an  alter-
+       nation  metacharacter).  By default, in the 8-bit and 16-bit libraries,
+       two-byte values are used for these offsets, leading to a  maximum  size
+       for  a compiled pattern of around 64K. This is sufficient to handle all
+       but the most gigantic patterns.  Nevertheless, some people do  want  to
+       process  truly  enormous patterns, so it is possible to compile PCRE to
+       use three-byte or four-byte offsets by adding a setting such as
+
+         --with-link-size=3
+
+       to the configure command. The value given must be 2, 3, or 4.  For  the
+       16-bit  library,  a  value of 3 is rounded up to 4. In these libraries,
+       using longer offsets slows down the operation of PCRE because it has to
+       load  additional  data  when  handling them. For the 32-bit library the
+       value is always 4 and cannot be overridden; the value  of  --with-link-
+       size is ignored.
+
+
+AVOIDING EXCESSIVE STACK USAGE
+
+       When matching with the pcre_exec() function, PCRE implements backtrack-
+       ing by making recursive calls to an internal function  called  match().
+       In  environments  where  the size of the stack is limited, this can se-
+       verely limit PCRE's operation. (The Unix environment does  not  usually
+       suffer from this problem, but it may sometimes be necessary to increase
+       the maximum stack size.  There is a discussion in the  pcrestack  docu-
+       mentation.)  An alternative approach to recursion that uses memory from
+       the heap to remember data, instead of using recursive  function  calls,
+       has  been  implemented to work round the problem of limited stack size.
+       If you want to build a version of PCRE that works this way, add
+
+         --disable-stack-for-recursion
+
+       to the configure command. With this configuration, PCRE  will  use  the
+       pcre_stack_malloc  and pcre_stack_free variables to call memory manage-
+       ment functions. By default these point to malloc() and free(), but  you
+       can replace the pointers so that your own functions are used instead.
+
+       Separate  functions  are  provided  rather  than  using pcre_malloc and
+       pcre_free because the  usage  is  very  predictable:  the  block  sizes
+       requested  are  always  the  same,  and  the blocks are always freed in
+       reverse order. A calling program might be able to  implement  optimized
+       functions  that  perform  better  than  malloc()  and free(). PCRE runs
+       noticeably more slowly when built in this way. This option affects only
+       the pcre_exec() function; it is not relevant for pcre_dfa_exec().
+
+
+LIMITING PCRE RESOURCE USAGE
+
+       Internally,  PCRE has a function called match(), which it calls repeat-
+       edly  (sometimes  recursively)  when  matching  a  pattern   with   the
+       pcre_exec()  function.  By controlling the maximum number of times this
+       function may be called during a single matching operation, a limit  can
+       be  placed  on  the resources used by a single call to pcre_exec(). The
+       limit can be changed at run time, as described in the pcreapi  documen-
+       tation.  The default is 10 million, but this can be changed by adding a
+       setting such as
+
+         --with-match-limit=500000
+
+       to  the  configure  command.  This  setting  has  no  effect   on   the
+       pcre_dfa_exec() matching function.
+
+       In  some  environments  it is desirable to limit the depth of recursive
+       calls of match() more strictly than the total number of calls, in order
+       to  restrict  the maximum amount of stack (or heap, if --disable-stack-
+       for-recursion is specified) that is used. A second limit controls this;
+       it  defaults  to  the  value  that is set for --with-match-limit, which
+       imposes no additional constraints. However, you can set a  lower  limit
+       by adding, for example,
+
+         --with-match-limit-recursion=10000
+
+       to  the  configure  command.  This  value can also be overridden at run
+       time.
+
+
+CREATING CHARACTER TABLES AT BUILD TIME
+
+       PCRE uses fixed tables for processing characters whose code values  are
+       less  than 256. By default, PCRE is built with a set of tables that are
+       distributed in the file pcre_chartables.c.dist. These  tables  are  for
+       ASCII codes only. If you add
+
+         --enable-rebuild-chartables
+
+       to  the  configure  command, the distributed tables are no longer used.
+       Instead, a program called dftables is compiled and  run.  This  outputs
+       the source for new set of tables, created in the default locale of your
+       C run-time system. (This method of replacing the tables does  not  work
+       if  you are cross compiling, because dftables is run on the local host.
+       If you need to create alternative tables when cross compiling, you will
+       have to do so "by hand".)
+
+
+USING EBCDIC CODE
+
+       PCRE  assumes  by  default that it will run in an environment where the
+       character code is ASCII (or Unicode, which is  a  superset  of  ASCII).
+       This  is  the  case for most computer operating systems. PCRE can, how-
+       ever, be compiled to run in an EBCDIC environment by adding
+
+         --enable-ebcdic
+
+       to the configure command. This setting implies --enable-rebuild-charta-
+       bles.  You  should  only  use  it if you know that you are in an EBCDIC
+       environment (for example,  an  IBM  mainframe  operating  system).  The
+       --enable-ebcdic option is incompatible with --enable-utf.
+
+       The EBCDIC character that corresponds to an ASCII LF is assumed to have
+       the value 0x15 by default. However, in some EBCDIC  environments,  0x25
+       is used. In such an environment you should use
+
+         --enable-ebcdic-nl25
+
+       as well as, or instead of, --enable-ebcdic. The EBCDIC character for CR
+       has the same value as in ASCII, namely, 0x0d.  Whichever  of  0x15  and
+       0x25 is not chosen as LF is made to correspond to the Unicode NEL char-
+       acter (which, in Unicode, is 0x85).
+
+       The options that select newline behaviour, such as --enable-newline-is-
+       cr, and equivalent run-time options, refer to these character values in
+       an EBCDIC environment.
+
+
+PCREGREP OPTIONS FOR COMPRESSED FILE SUPPORT
+
+       By default, pcregrep reads all files as plain text. You can build it so
+       that it recognizes files whose names end in .gz or .bz2, and reads them
+       with libz or libbz2, respectively, by adding one or both of
+
+         --enable-pcregrep-libz
+         --enable-pcregrep-libbz2
+
+       to the configure command. These options naturally require that the rel-
+       evant  libraries  are installed on your system. Configuration will fail
+       if they are not.
+
+
+PCREGREP BUFFER SIZE
+
+       pcregrep uses an internal buffer to hold a "window" on the file  it  is
+       scanning, in order to be able to output "before" and "after" lines when
+       it finds a match. The size of the buffer is controlled by  a  parameter
+       whose default value is 20K. The buffer itself is three times this size,
+       but because of the way it is used for holding "before" lines, the long-
+       est  line  that  is guaranteed to be processable is the parameter size.
+       You can change the default parameter value by adding, for example,
+
+         --with-pcregrep-bufsize=50K
+
+       to the configure command. The caller of pcregrep can, however, override
+       this value by specifying a run-time option.
+
+
+PCRETEST OPTION FOR LIBREADLINE SUPPORT
+
+       If you add
+
+         --enable-pcretest-libreadline
+
+       to  the  configure  command,  pcretest  is  linked with the libreadline
+       library, and when its input is from a terminal, it reads it  using  the
+       readline() function. This provides line-editing and history facilities.
+       Note that libreadline is GPL-licensed, so if you distribute a binary of
+       pcretest linked in this way, there may be licensing issues.
+
+       Setting  this  option  causes  the -lreadline option to be added to the
+       pcretest build. In many operating environments with  a  sytem-installed
+       libreadline this is sufficient. However, in some environments (e.g.  if
+       an unmodified distribution version of readline is in use),  some  extra
+       configuration  may  be necessary. The INSTALL file for libreadline says
+       this:
+
+         "Readline uses the termcap functions, but does not link with the
+         termcap or curses library itself, allowing applications which link
+         with readline the to choose an appropriate library."
+
+       If your environment has not been set up so that an appropriate  library
+       is automatically included, you may need to add something like
+
+         LIBS="-ncurses"
+
+       immediately before the configure command.
+
+
+DEBUGGING WITH VALGRIND SUPPORT
+
+       By adding the
+
+         --enable-valgrind
+
+       option  to to the configure command, PCRE will use valgrind annotations
+       to mark certain memory regions as  unaddressable.  This  allows  it  to
+       detect invalid memory accesses, and is mostly useful for debugging PCRE
+       itself.
+
+
+CODE COVERAGE REPORTING
+
+       If your C compiler is gcc, you can build a version  of  PCRE  that  can
+       generate a code coverage report for its test suite. To enable this, you
+       must install lcov version 1.6 or above. Then specify
+
+         --enable-coverage
+
+       to the configure command and build PCRE in the usual way.
+
+       Note that using ccache (a caching C compiler) is incompatible with code
+       coverage  reporting. If you have configured ccache to run automatically
+       on your system, you must set the environment variable
+
+         CCACHE_DISABLE=1
+
+       before running make to build PCRE, so that ccache is not used.
+
+       When --enable-coverage is used,  the  following  addition  targets  are
+       added to the Makefile:
+
+         make coverage
+
+       This  creates  a  fresh  coverage report for the PCRE test suite. It is
+       equivalent to running "make coverage-reset", "make  coverage-baseline",
+       "make check", and then "make coverage-report".
+
+         make coverage-reset
+
+       This zeroes the coverage counters, but does nothing else.
+
+         make coverage-baseline
+
+       This captures baseline coverage information.
+
+         make coverage-report
+
+       This creates the coverage report.
+
+         make coverage-clean-report
+
+       This  removes the generated coverage report without cleaning the cover-
+       age data itself.
+
+         make coverage-clean-data
+
+       This removes the captured coverage data without removing  the  coverage
+       files created at compile time (*.gcno).
+
+         make coverage-clean
+
+       This  cleans all coverage data including the generated coverage report.
+       For more information about code coverage, see the gcov and  lcov  docu-
+       mentation.
+
+
+SEE ALSO
+
+       pcreapi(3), pcre16, pcre32, pcre_config(3).
+
+
+AUTHOR
+
+       Philip Hazel
+       University Computing Service
+       Cambridge CB2 3QH, England.
+
+
+REVISION
+
+       Last updated: 12 May 2013
+       Copyright (c) 1997-2013 University of Cambridge.
+------------------------------------------------------------------------------
+
+
+PCREMATCHING(3)            Library Functions Manual            PCREMATCHING(3)
+
+
+
+NAME
+       PCRE - Perl-compatible regular expressions
+
+PCRE MATCHING ALGORITHMS
+
+       This document describes the two different algorithms that are available
+       in PCRE for matching a compiled regular expression against a given sub-
+       ject  string.  The  "standard"  algorithm  is  the  one provided by the
+       pcre_exec(), pcre16_exec() and pcre32_exec() functions. These  work  in
+       the  same as as Perl's matching function, and provide a Perl-compatible
+       matching  operation.   The  just-in-time  (JIT)  optimization  that  is
+       described  in  the pcrejit documentation is compatible with these func-
+       tions.
+
+       An  alternative  algorithm  is   provided   by   the   pcre_dfa_exec(),
+       pcre16_dfa_exec()  and  pcre32_dfa_exec()  functions; they operate in a
+       different way, and are not Perl-compatible. This alternative has advan-
+       tages and disadvantages compared with the standard algorithm, and these
+       are described below.
+
+       When there is only one possible way in which a given subject string can
+       match  a pattern, the two algorithms give the same answer. A difference
+       arises, however, when there are multiple possibilities. For example, if
+       the pattern
+
+         ^<.*>
+
+       is matched against the string
+
+         <something> <something else> <something further>
+
+       there are three possible answers. The standard algorithm finds only one
+       of them, whereas the alternative algorithm finds all three.
+
+
+REGULAR EXPRESSIONS AS TREES
+
+       The set of strings that are matched by a regular expression can be rep-
+       resented  as  a  tree structure. An unlimited repetition in the pattern
+       makes the tree of infinite size, but it is still a tree.  Matching  the
+       pattern  to a given subject string (from a given starting point) can be
+       thought of as a search of the tree.  There are two  ways  to  search  a
+       tree:  depth-first  and  breadth-first, and these correspond to the two
+       matching algorithms provided by PCRE.
+
+
+THE STANDARD MATCHING ALGORITHM
+
+       In the terminology of Jeffrey Friedl's book "Mastering Regular  Expres-
+       sions",  the  standard  algorithm  is an "NFA algorithm". It conducts a
+       depth-first search of the pattern tree. That is, it  proceeds  along  a
+       single path through the tree, checking that the subject matches what is
+       required. When there is a mismatch, the algorithm  tries  any  alterna-
+       tives  at  the  current point, and if they all fail, it backs up to the
+       previous branch point in the  tree,  and  tries  the  next  alternative
+       branch  at  that  level.  This often involves backing up (moving to the
+       left) in the subject string as well.  The  order  in  which  repetition
+       branches  are  tried  is controlled by the greedy or ungreedy nature of
+       the quantifier.
+
+       If a leaf node is reached, a matching string has  been  found,  and  at
+       that  point the algorithm stops. Thus, if there is more than one possi-
+       ble match, this algorithm returns the first one that it finds.  Whether
+       this  is the shortest, the longest, or some intermediate length depends
+       on the way the greedy and ungreedy repetition quantifiers are specified
+       in the pattern.
+
+       Because  it  ends  up  with a single path through the tree, it is rela-
+       tively straightforward for this algorithm to keep  track  of  the  sub-
+       strings  that  are  matched  by portions of the pattern in parentheses.
+       This provides support for capturing parentheses and back references.
+
+
+THE ALTERNATIVE MATCHING ALGORITHM
+
+       This algorithm conducts a breadth-first search of  the  tree.  Starting
+       from  the  first  matching  point  in the subject, it scans the subject
+       string from left to right, once, character by character, and as it does
+       this,  it remembers all the paths through the tree that represent valid
+       matches. In Friedl's terminology, this is a kind  of  "DFA  algorithm",
+       though  it is not implemented as a traditional finite state machine (it
+       keeps multiple states active simultaneously).
+
+       Although the general principle of this matching algorithm  is  that  it
+       scans  the subject string only once, without backtracking, there is one
+       exception: when a lookaround assertion is encountered,  the  characters
+       following  or  preceding  the  current  point  have to be independently
+       inspected.
+
+       The scan continues until either the end of the subject is  reached,  or
+       there  are  no more unterminated paths. At this point, terminated paths
+       represent the different matching possibilities (if there are none,  the
+       match  has  failed).   Thus,  if there is more than one possible match,
+       this algorithm finds all of them, and in particular, it finds the long-
+       est.  The  matches are returned in decreasing order of length. There is
+       an option to stop the algorithm after the first match (which is  neces-
+       sarily the shortest) is found.
+
+       Note that all the matches that are found start at the same point in the
+       subject. If the pattern
+
+         cat(er(pillar)?)?
+
+       is matched against the string "the caterpillar catchment",  the  result
+       will  be the three strings "caterpillar", "cater", and "cat" that start
+       at the fifth character of the subject. The algorithm does not automati-
+       cally move on to find matches that start at later positions.
+
+       PCRE's  "auto-possessification" optimization usually applies to charac-
+       ter repeats at the end of a pattern (as well as internally). For  exam-
+       ple, the pattern "a\d+" is compiled as if it were "a\d++" because there
+       is no point even considering the possibility of backtracking  into  the
+       repeated  digits.  For  DFA matching, this means that only one possible
+       match is found. If you really do want multiple matches in  such  cases,
+       either use an ungreedy repeat ("a\d+?") or set the PCRE_NO_AUTO_POSSESS
+       option when compiling.
+
+       There are a number of features of PCRE regular expressions that are not
+       supported by the alternative matching algorithm. They are as follows:
+
+       1.  Because  the  algorithm  finds  all possible matches, the greedy or
+       ungreedy nature of repetition quantifiers is not relevant.  Greedy  and
+       ungreedy quantifiers are treated in exactly the same way. However, pos-
+       sessive quantifiers can make a difference when what follows could  also
+       match what is quantified, for example in a pattern like this:
+
+         ^a++\w!
+
+       This  pattern matches "aaab!" but not "aaa!", which would be matched by
+       a non-possessive quantifier. Similarly, if an atomic group is  present,
+       it  is matched as if it were a standalone pattern at the current point,
+       and the longest match is then "locked in" for the rest of  the  overall
+       pattern.
+
+       2. When dealing with multiple paths through the tree simultaneously, it
+       is not straightforward to keep track of  captured  substrings  for  the
+       different  matching  possibilities,  and  PCRE's implementation of this
+       algorithm does not attempt to do this. This means that no captured sub-
+       strings are available.
+
+       3.  Because no substrings are captured, back references within the pat-
+       tern are not supported, and cause errors if encountered.
+
+       4. For the same reason, conditional expressions that use  a  backrefer-
+       ence  as  the  condition or test for a specific group recursion are not
+       supported.
+
+       5. Because many paths through the tree may be  active,  the  \K  escape
+       sequence, which resets the start of the match when encountered (but may
+       be on some paths and not on others), is not  supported.  It  causes  an
+       error if encountered.
+
+       6.  Callouts  are  supported, but the value of the capture_top field is
+       always 1, and the value of the capture_last field is always -1.
+
+       7. The \C escape sequence, which (in  the  standard  algorithm)  always
+       matches  a  single data unit, even in UTF-8, UTF-16 or UTF-32 modes, is
+       not supported in these modes, because the alternative  algorithm  moves
+       through the subject string one character (not data unit) at a time, for
+       all active paths through the tree.
+
+       8. Except for (*FAIL), the backtracking control verbs such as  (*PRUNE)
+       are  not  supported.  (*FAIL)  is supported, and behaves like a failing
+       negative assertion.
+
+
+ADVANTAGES OF THE ALTERNATIVE ALGORITHM
+
+       Using the alternative matching algorithm provides the following  advan-
+       tages:
+
+       1. All possible matches (at a single point in the subject) are automat-
+       ically found, and in particular, the longest match is  found.  To  find
+       more than one match using the standard algorithm, you have to do kludgy
+       things with callouts.
+
+       2. Because the alternative algorithm  scans  the  subject  string  just
+       once, and never needs to backtrack (except for lookbehinds), it is pos-
+       sible to pass very long subject strings to  the  matching  function  in
+       several pieces, checking for partial matching each time. Although it is
+       possible to do multi-segment matching using the standard  algorithm  by
+       retaining  partially  matched  substrings,  it is more complicated. The
+       pcrepartial documentation gives details of partial  matching  and  dis-
+       cusses multi-segment matching.
+
+
+DISADVANTAGES OF THE ALTERNATIVE ALGORITHM
+
+       The alternative algorithm suffers from a number of disadvantages:
+
+       1.  It  is  substantially  slower  than the standard algorithm. This is
+       partly because it has to search for all possible matches, but  is  also
+       because it is less susceptible to optimization.
+
+       2. Capturing parentheses and back references are not supported.
+
+       3. Although atomic groups are supported, their use does not provide the
+       performance advantage that it does for the standard algorithm.
+
+
+AUTHOR
+
+       Philip Hazel
+       University Computing Service
+       Cambridge CB2 3QH, England.
+
+
+REVISION
+
+       Last updated: 12 November 2013
+       Copyright (c) 1997-2012 University of Cambridge.
+------------------------------------------------------------------------------
+
+
+PCREAPI(3)                 Library Functions Manual                 PCREAPI(3)
+
+
+
+NAME
+       PCRE - Perl-compatible regular expressions
+
+       #include <pcre.h>
+
+
+PCRE NATIVE API BASIC FUNCTIONS
+
+       pcre *pcre_compile(const char *pattern, int options,
+            const char **errptr, int *erroffset,
+            const unsigned char *tableptr);
+
+       pcre *pcre_compile2(const char *pattern, int options,
+            int *errorcodeptr,
+            const char **errptr, int *erroffset,
+            const unsigned char *tableptr);
+
+       pcre_extra *pcre_study(const pcre *code, int options,
+            const char **errptr);
+
+       void pcre_free_study(pcre_extra *extra);
+
+       int pcre_exec(const pcre *code, const pcre_extra *extra,
+            const char *subject, int length, int startoffset,
+            int options, int *ovector, int ovecsize);
+
+       int pcre_dfa_exec(const pcre *code, const pcre_extra *extra,
+            const char *subject, int length, int startoffset,
+            int options, int *ovector, int ovecsize,
+            int *workspace, int wscount);
+
+
+PCRE NATIVE API STRING EXTRACTION FUNCTIONS
+
+       int pcre_copy_named_substring(const pcre *code,
+            const char *subject, int *ovector,
+            int stringcount, const char *stringname,
+            char *buffer, int buffersize);
+
+       int pcre_copy_substring(const char *subject, int *ovector,
+            int stringcount, int stringnumber, char *buffer,
+            int buffersize);
+
+       int pcre_get_named_substring(const pcre *code,
+            const char *subject, int *ovector,
+            int stringcount, const char *stringname,
+            const char **stringptr);
+
+       int pcre_get_stringnumber(const pcre *code,
+            const char *name);
+
+       int pcre_get_stringtable_entries(const pcre *code,
+            const char *name, char **first, char **last);
+
+       int pcre_get_substring(const char *subject, int *ovector,
+            int stringcount, int stringnumber,
+            const char **stringptr);
+
+       int pcre_get_substring_list(const char *subject,
+            int *ovector, int stringcount, const char ***listptr);
+
+       void pcre_free_substring(const char *stringptr);
+
+       void pcre_free_substring_list(const char **stringptr);
+
+
+PCRE NATIVE API AUXILIARY FUNCTIONS
+
+       int pcre_jit_exec(const pcre *code, const pcre_extra *extra,
+            const char *subject, int length, int startoffset,
+            int options, int *ovector, int ovecsize,
+            pcre_jit_stack *jstack);
+
+       pcre_jit_stack *pcre_jit_stack_alloc(int startsize, int maxsize);
+
+       void pcre_jit_stack_free(pcre_jit_stack *stack);
+
+       void pcre_assign_jit_stack(pcre_extra *extra,
+            pcre_jit_callback callback, void *data);
+
+       const unsigned char *pcre_maketables(void);
+
+       int pcre_fullinfo(const pcre *code, const pcre_extra *extra,
+            int what, void *where);
+
+       int pcre_refcount(pcre *code, int adjust);
+
+       int pcre_config(int what, void *where);
+
+       const char *pcre_version(void);
+
+       int pcre_pattern_to_host_byte_order(pcre *code,
+            pcre_extra *extra, const unsigned char *tables);
+
+
+PCRE NATIVE API INDIRECTED FUNCTIONS
+
+       void *(*pcre_malloc)(size_t);
+
+       void (*pcre_free)(void *);
+
+       void *(*pcre_stack_malloc)(size_t);
+
+       void (*pcre_stack_free)(void *);
+
+       int (*pcre_callout)(pcre_callout_block *);
+
+       int (*pcre_stack_guard)(void);
+
+
+PCRE 8-BIT, 16-BIT, AND 32-BIT LIBRARIES
+
+       As  well  as  support  for  8-bit character strings, PCRE also supports
+       16-bit strings (from release 8.30) and  32-bit  strings  (from  release
+       8.32),  by means of two additional libraries. They can be built as well
+       as, or instead of, the 8-bit library. To avoid too  much  complication,
+       this  document describes the 8-bit versions of the functions, with only
+       occasional references to the 16-bit and 32-bit libraries.
+
+       The 16-bit and 32-bit functions operate in the same way as their  8-bit
+       counterparts;  they  just  use different data types for their arguments
+       and results, and their names start with pcre16_ or pcre32_  instead  of
+       pcre_.  For  every  option  that  has  UTF8  in  its name (for example,
+       PCRE_UTF8), there are corresponding 16-bit and 32-bit names  with  UTF8
+       replaced by UTF16 or UTF32, respectively. This facility is in fact just
+       cosmetic; the 16-bit and 32-bit option names define the same  bit  val-
+       ues.
+
+       References to bytes and UTF-8 in this document should be read as refer-
+       ences to 16-bit data units and UTF-16 when using the 16-bit library, or
+       32-bit  data  units  and  UTF-32  when using the 32-bit library, unless
+       specified otherwise.  More details of the specific differences for  the
+       16-bit and 32-bit libraries are given in the pcre16 and pcre32 pages.
+
+
+PCRE API OVERVIEW
+
+       PCRE has its own native API, which is described in this document. There
+       are also some wrapper functions (for the 8-bit library only) that  cor-
+       respond  to  the  POSIX  regular  expression  API, but they do not give
+       access to all the functionality. They are described  in  the  pcreposix
+       documentation.  Both  of these APIs define a set of C function calls. A
+       C++ wrapper (again for the 8-bit library only) is also distributed with
+       PCRE. It is documented in the pcrecpp page.
+
+       The  native  API  C  function prototypes are defined in the header file
+       pcre.h, and on Unix-like systems the (8-bit) library itself  is  called
+       libpcre.  It  can  normally be accessed by adding -lpcre to the command
+       for linking an application that uses PCRE. The header file defines  the
+       macros PCRE_MAJOR and PCRE_MINOR to contain the major and minor release
+       numbers for the library. Applications can use these to include  support
+       for different releases of PCRE.
+
+       In a Windows environment, if you want to statically link an application
+       program against a non-dll pcre.a  file,  you  must  define  PCRE_STATIC
+       before  including  pcre.h or pcrecpp.h, because otherwise the pcre_mal-
+       loc()   and   pcre_free()   exported   functions   will   be   declared
+       __declspec(dllimport), with unwanted results.
+
+       The   functions   pcre_compile(),  pcre_compile2(),  pcre_study(),  and
+       pcre_exec() are used for compiling and matching regular expressions  in
+       a  Perl-compatible  manner. A sample program that demonstrates the sim-
+       plest way of using them is provided in the file  called  pcredemo.c  in
+       the PCRE source distribution. A listing of this program is given in the
+       pcredemo documentation, and the pcresample documentation describes  how
+       to compile and run it.
+
+       Just-in-time  compiler  support is an optional feature of PCRE that can
+       be built in appropriate hardware environments. It greatly speeds up the
+       matching  performance  of  many  patterns.  Simple  programs can easily
+       request that it be used if available, by  setting  an  option  that  is
+       ignored  when  it is not relevant. More complicated programs might need
+       to    make    use    of    the    functions     pcre_jit_stack_alloc(),
+       pcre_jit_stack_free(),  and pcre_assign_jit_stack() in order to control
+       the JIT code's memory usage.
+
+       From release 8.32 there is also a direct interface for  JIT  execution,
+       which  gives  improved performance. The JIT-specific functions are dis-
+       cussed in the pcrejit documentation.
+
+       A second matching function, pcre_dfa_exec(), which is not Perl-compati-
+       ble,  is  also provided. This uses a different algorithm for the match-
+       ing. The alternative algorithm finds all possible matches (at  a  given
+       point  in  the  subject), and scans the subject just once (unless there
+       are lookbehind assertions). However, this  algorithm  does  not  return
+       captured  substrings.  A description of the two matching algorithms and
+       their advantages and disadvantages is given in the  pcrematching  docu-
+       mentation.
+
+       In  addition  to  the  main compiling and matching functions, there are
+       convenience functions for extracting captured substrings from a subject
+       string that is matched by pcre_exec(). They are:
+
+         pcre_copy_substring()
+         pcre_copy_named_substring()
+         pcre_get_substring()
+         pcre_get_named_substring()
+         pcre_get_substring_list()
+         pcre_get_stringnumber()
+         pcre_get_stringtable_entries()
+
+       pcre_free_substring() and pcre_free_substring_list() are also provided,
+       to free the memory used for extracted strings.
+
+       The function pcre_maketables() is used to  build  a  set  of  character
+       tables   in   the   current   locale  for  passing  to  pcre_compile(),
+       pcre_exec(), or pcre_dfa_exec(). This is an optional facility  that  is
+       provided  for  specialist  use.  Most  commonly,  no special tables are
+       passed, in which case internal tables that are generated when  PCRE  is
+       built are used.
+
+       The  function  pcre_fullinfo()  is used to find out information about a
+       compiled pattern. The function pcre_version() returns a  pointer  to  a
+       string containing the version of PCRE and its date of release.
+
+       The  function  pcre_refcount()  maintains  a  reference count in a data
+       block containing a compiled pattern. This is provided for  the  benefit
+       of object-oriented applications.
+
+       The  global  variables  pcre_malloc and pcre_free initially contain the
+       entry points of the standard malloc()  and  free()  functions,  respec-
+       tively. PCRE calls the memory management functions via these variables,
+       so a calling program can replace them if it  wishes  to  intercept  the
+       calls. This should be done before calling any PCRE functions.
+
+       The  global  variables  pcre_stack_malloc  and pcre_stack_free are also
+       indirections to memory management functions.  These  special  functions
+       are  used  only  when  PCRE is compiled to use the heap for remembering
+       data, instead of recursive function calls, when running the pcre_exec()
+       function.  See  the  pcrebuild  documentation  for details of how to do
+       this. It is a non-standard way of building PCRE, for  use  in  environ-
+       ments  that  have  limited stacks. Because of the greater use of memory
+       management, it runs more slowly. Separate  functions  are  provided  so
+       that  special-purpose  external  code  can  be used for this case. When
+       used, these functions always allocate memory blocks of the  same  size.
+       There  is  a discussion about PCRE's stack usage in the pcrestack docu-
+       mentation.
+
+       The global variable pcre_callout initially contains NULL. It can be set
+       by  the  caller  to  a "callout" function, which PCRE will then call at
+       specified points during a matching operation. Details are given in  the
+       pcrecallout documentation.
+
+       The global variable pcre_stack_guard initially contains NULL. It can be
+       set by the caller to a function that is  called  by  PCRE  whenever  it
+       starts  to  compile a parenthesized part of a pattern. When parentheses
+       are nested, PCRE uses recursive function calls, which use up the system
+       stack.  This  function is provided so that applications with restricted
+       stacks can force a compilation error if the stack runs out.  The  func-
+       tion should return zero if all is well, or non-zero to force an error.
+
+
+NEWLINES
+
+       PCRE  supports five different conventions for indicating line breaks in
+       strings: a single CR (carriage return) character, a  single  LF  (line-
+       feed) character, the two-character sequence CRLF, any of the three pre-
+       ceding, or any Unicode newline sequence. The Unicode newline  sequences
+       are  the  three just mentioned, plus the single characters VT (vertical
+       tab, U+000B), FF (form feed, U+000C), NEL (next line, U+0085), LS (line
+       separator, U+2028), and PS (paragraph separator, U+2029).
+
+       Each  of  the first three conventions is used by at least one operating
+       system as its standard newline sequence. When PCRE is built, a  default
+       can  be  specified.  The default default is LF, which is the Unix stan-
+       dard. When PCRE is run, the default can be overridden,  either  when  a
+       pattern is compiled, or when it is matched.
+
+       At compile time, the newline convention can be specified by the options
+       argument of pcre_compile(), or it can be specified by special  text  at
+       the start of the pattern itself; this overrides any other settings. See
+       the pcrepattern page for details of the special character sequences.
+
+       In the PCRE documentation the word "newline" is used to mean "the char-
+       acter  or pair of characters that indicate a line break". The choice of
+       newline convention affects the handling of  the  dot,  circumflex,  and
+       dollar metacharacters, the handling of #-comments in /x mode, and, when
+       CRLF is a recognized line ending sequence, the match position  advance-
+       ment for a non-anchored pattern. There is more detail about this in the
+       section on pcre_exec() options below.
+
+       The choice of newline convention does not affect the interpretation  of
+       the  \n  or  \r  escape  sequences, nor does it affect what \R matches,
+       which is controlled in a similar way, but by separate options.
+
+
+MULTITHREADING
+
+       The PCRE functions can be used in  multi-threading  applications,  with
+       the  proviso  that  the  memory  management  functions  pointed  to  by
+       pcre_malloc, pcre_free, pcre_stack_malloc, and pcre_stack_free, and the
+       callout  and  stack-checking  functions  pointed to by pcre_callout and
+       pcre_stack_guard, are shared by all threads.
+
+       The compiled form of a regular expression is not altered during  match-
+       ing, so the same compiled pattern can safely be used by several threads
+       at once.
+
+       If the just-in-time optimization feature is being used, it needs  sepa-
+       rate  memory stack areas for each thread. See the pcrejit documentation
+       for more details.
+
+
+SAVING PRECOMPILED PATTERNS FOR LATER USE
+
+       The compiled form of a regular expression can be saved and re-used at a
+       later  time,  possibly by a different program, and even on a host other
+       than the one on which  it  was  compiled.  Details  are  given  in  the
+       pcreprecompile  documentation,  which  includes  a  description  of the
+       pcre_pattern_to_host_byte_order() function. However, compiling a  regu-
+       lar  expression  with one version of PCRE for use with a different ver-
+       sion is not guaranteed to work and may cause crashes.
+
+
+CHECKING BUILD-TIME OPTIONS
+
+       int pcre_config(int what, void *where);
+
+       The function pcre_config() makes it possible for a PCRE client to  dis-
+       cover which optional features have been compiled into the PCRE library.
+       The pcrebuild documentation has more details about these optional  fea-
+       tures.
+
+       The  first  argument  for pcre_config() is an integer, specifying which
+       information is required; the second argument is a pointer to a variable
+       into  which  the  information  is placed. The returned value is zero on
+       success, or the negative error code PCRE_ERROR_BADOPTION if  the  value
+       in  the  first argument is not recognized. The following information is
+       available:
+
+         PCRE_CONFIG_UTF8
+
+       The output is an integer that is set to one if UTF-8 support is  avail-
+       able;  otherwise it is set to zero. This value should normally be given
+       to the 8-bit version of this function, pcre_config(). If it is given to
+       the   16-bit  or  32-bit  version  of  this  function,  the  result  is
+       PCRE_ERROR_BADOPTION.
+
+         PCRE_CONFIG_UTF16
+
+       The output is an integer that is set to one if UTF-16 support is avail-
+       able;  otherwise it is set to zero. This value should normally be given
+       to the 16-bit version of this function, pcre16_config(). If it is given
+       to  the  8-bit  or  32-bit  version  of  this  function,  the result is
+       PCRE_ERROR_BADOPTION.
+
+         PCRE_CONFIG_UTF32
+
+       The output is an integer that is set to one if UTF-32 support is avail-
+       able;  otherwise it is set to zero. This value should normally be given
+       to the 32-bit version of this function, pcre32_config(). If it is given
+       to  the  8-bit  or  16-bit  version  of  this  function,  the result is
+       PCRE_ERROR_BADOPTION.
+
+         PCRE_CONFIG_UNICODE_PROPERTIES
+
+       The output is an integer that is set to  one  if  support  for  Unicode
+       character properties is available; otherwise it is set to zero.
+
+         PCRE_CONFIG_JIT
+
+       The output is an integer that is set to one if support for just-in-time
+       compiling is available; otherwise it is set to zero.
+
+         PCRE_CONFIG_JITTARGET
+
+       The output is a pointer to a zero-terminated "const char *" string.  If
+       JIT support is available, the string contains the name of the architec-
+       ture for which the JIT compiler is configured, for example  "x86  32bit
+       (little  endian  +  unaligned)".  If  JIT support is not available, the
+       result is NULL.
+
+         PCRE_CONFIG_NEWLINE
+
+       The output is an integer whose value specifies  the  default  character
+       sequence  that  is recognized as meaning "newline". The values that are
+       supported in ASCII/Unicode environments are: 10 for LF, 13 for CR, 3338
+       for  CRLF,  -2 for ANYCRLF, and -1 for ANY. In EBCDIC environments, CR,
+       ANYCRLF, and ANY yield the same values. However, the value  for  LF  is
+       normally  21, though some EBCDIC environments use 37. The corresponding
+       values for CRLF are 3349 and 3365. The default should  normally  corre-
+       spond to the standard sequence for your operating system.
+
+         PCRE_CONFIG_BSR
+
+       The output is an integer whose value indicates what character sequences
+       the \R escape sequence matches by default. A value of 0 means  that  \R
+       matches  any  Unicode  line ending sequence; a value of 1 means that \R
+       matches only CR, LF, or CRLF. The default can be overridden when a pat-
+       tern is compiled or matched.
+
+         PCRE_CONFIG_LINK_SIZE
+
+       The  output  is  an  integer that contains the number of bytes used for
+       internal  linkage  in  compiled  regular  expressions.  For  the  8-bit
+       library, the value can be 2, 3, or 4. For the 16-bit library, the value
+       is either 2 or 4 and is  still  a  number  of  bytes.  For  the  32-bit
+       library, the value is either 2 or 4 and is still a number of bytes. The
+       default value of 2 is sufficient for all but the most massive patterns,
+       since  it  allows  the compiled pattern to be up to 64K in size. Larger
+       values allow larger regular expressions to be compiled, at the  expense
+       of slower matching.
+
+         PCRE_CONFIG_POSIX_MALLOC_THRESHOLD
+
+       The  output  is  an integer that contains the threshold above which the
+       POSIX interface uses malloc() for output vectors. Further  details  are
+       given in the pcreposix documentation.
+
+         PCRE_CONFIG_PARENS_LIMIT
+
+       The output is a long integer that gives the maximum depth of nesting of
+       parentheses (of any kind) in a pattern. This limit is  imposed  to  cap
+       the amount of system stack used when a pattern is compiled. It is spec-
+       ified when PCRE is built; the default is 250. This limit does not  take
+       into account the stack that may already be used by the calling applica-
+       tion. For finer control over compilation stack usage,  you  can  set  a
+       pointer to an external checking function in pcre_stack_guard.
+
+         PCRE_CONFIG_MATCH_LIMIT
+
+       The  output is a long integer that gives the default limit for the num-
+       ber of internal matching function calls  in  a  pcre_exec()  execution.
+       Further details are given with pcre_exec() below.
+
+         PCRE_CONFIG_MATCH_LIMIT_RECURSION
+
+       The output is a long integer that gives the default limit for the depth
+       of  recursion  when  calling  the  internal  matching  function  in   a
+       pcre_exec()  execution.  Further  details  are  given  with pcre_exec()
+       below.
+
+         PCRE_CONFIG_STACKRECURSE
+
+       The output is an integer that is set to one if internal recursion  when
+       running pcre_exec() is implemented by recursive function calls that use
+       the stack to remember their state. This is the usual way that  PCRE  is
+       compiled. The output is zero if PCRE was compiled to use blocks of data
+       on the  heap  instead  of  recursive  function  calls.  In  this  case,
+       pcre_stack_malloc  and  pcre_stack_free  are  called  to  manage memory
+       blocks on the heap, thus avoiding the use of the stack.
+
+
+COMPILING A PATTERN
+
+       pcre *pcre_compile(const char *pattern, int options,
+            const char **errptr, int *erroffset,
+            const unsigned char *tableptr);
+
+       pcre *pcre_compile2(const char *pattern, int options,
+            int *errorcodeptr,
+            const char **errptr, int *erroffset,
+            const unsigned char *tableptr);
+
+       Either of the functions pcre_compile() or pcre_compile2() can be called
+       to compile a pattern into an internal form. The only difference between
+       the two interfaces is that pcre_compile2() has an additional  argument,
+       errorcodeptr,  via  which  a  numerical  error code can be returned. To
+       avoid too much repetition, we refer just to pcre_compile()  below,  but
+       the information applies equally to pcre_compile2().
+
+       The pattern is a C string terminated by a binary zero, and is passed in
+       the pattern argument. A pointer to a single block  of  memory  that  is
+       obtained  via  pcre_malloc is returned. This contains the compiled code
+       and related data. The pcre type is defined for the returned block; this
+       is a typedef for a structure whose contents are not externally defined.
+       It is up to the caller to free the memory (via pcre_free) when it is no
+       longer required.
+
+       Although  the compiled code of a PCRE regex is relocatable, that is, it
+       does not depend on memory location, the complete pcre data block is not
+       fully  relocatable, because it may contain a copy of the tableptr argu-
+       ment, which is an address (see below).
+
+       The options argument contains various bit settings that affect the com-
+       pilation.  It  should be zero if no options are required. The available
+       options are described below. Some of them (in  particular,  those  that
+       are  compatible with Perl, but some others as well) can also be set and
+       unset from within the pattern (see  the  detailed  description  in  the
+       pcrepattern  documentation). For those options that can be different in
+       different parts of the pattern, the contents of  the  options  argument
+       specifies their settings at the start of compilation and execution. The
+       PCRE_ANCHORED, PCRE_BSR_xxx, PCRE_NEWLINE_xxx, PCRE_NO_UTF8_CHECK,  and
+       PCRE_NO_START_OPTIMIZE  options  can  be set at the time of matching as
+       well as at compile time.
+
+       If errptr is NULL, pcre_compile() returns NULL immediately.  Otherwise,
+       if  compilation  of  a  pattern fails, pcre_compile() returns NULL, and
+       sets the variable pointed to by errptr to point to a textual error mes-
+       sage. This is a static string that is part of the library. You must not
+       try to free it. Normally, the offset from the start of the  pattern  to
+       the data unit that was being processed when the error was discovered is
+       placed in the variable pointed to by erroffset, which must not be  NULL
+       (if  it is, an immediate error is given). However, for an invalid UTF-8
+       or UTF-16 string, the offset is that of the  first  data  unit  of  the
+       failing character.
+
+       Some  errors are not detected until the whole pattern has been scanned;
+       in these cases, the offset passed back is the length  of  the  pattern.
+       Note  that  the  offset is in data units, not characters, even in a UTF
+       mode. It may sometimes point into the middle of a UTF-8 or UTF-16 char-
+       acter.
+
+       If  pcre_compile2()  is  used instead of pcre_compile(), and the error-
+       codeptr argument is not NULL, a non-zero error code number is  returned
+       via  this argument in the event of an error. This is in addition to the
+       textual error message. Error codes and messages are listed below.
+
+       If the final argument, tableptr, is NULL, PCRE uses a  default  set  of
+       character  tables  that  are  built  when  PCRE  is compiled, using the
+       default C locale. Otherwise, tableptr must be an address  that  is  the
+       result  of  a  call to pcre_maketables(). This value is stored with the
+       compiled pattern, and used again  by  pcre_exec()  and  pcre_dfa_exec()
+       when  the  pattern  is matched. For more discussion, see the section on
+       locale support below.
+
+       This code fragment shows a typical straightforward  call  to  pcre_com-
+       pile():
+
+         pcre *re;
+         const char *error;
+         int erroffset;
+         re = pcre_compile(
+           "^A.*Z",          /* the pattern */
+           0,                /* default options */
+           &error,           /* for error message */
+           &erroffset,       /* for error offset */
+           NULL);            /* use default character tables */
+
+       The  following  names  for option bits are defined in the pcre.h header
+       file:
+
+         PCRE_ANCHORED
+
+       If this bit is set, the pattern is forced to be "anchored", that is, it
+       is  constrained to match only at the first matching point in the string
+       that is being searched (the "subject string"). This effect can also  be
+       achieved  by appropriate constructs in the pattern itself, which is the
+       only way to do it in Perl.
+
+         PCRE_AUTO_CALLOUT
+
+       If this bit is set, pcre_compile() automatically inserts callout items,
+       all  with  number  255, before each pattern item. For discussion of the
+       callout facility, see the pcrecallout documentation.
+
+         PCRE_BSR_ANYCRLF
+         PCRE_BSR_UNICODE
+
+       These options (which are mutually exclusive) control what the \R escape
+       sequence  matches.  The choice is either to match only CR, LF, or CRLF,
+       or to match any Unicode newline sequence. The default is specified when
+       PCRE is built. It can be overridden from within the pattern, or by set-
+       ting an option when a compiled pattern is matched.
+
+         PCRE_CASELESS
+
+       If this bit is set, letters in the pattern match both upper  and  lower
+       case  letters.  It  is  equivalent  to  Perl's /i option, and it can be
+       changed within a pattern by a (?i) option setting. In UTF-8 mode,  PCRE
+       always  understands the concept of case for characters whose values are
+       less than 128, so caseless matching is always possible. For  characters
+       with  higher  values,  the concept of case is supported if PCRE is com-
+       piled with Unicode property support, but not otherwise. If you want  to
+       use  caseless  matching  for  characters 128 and above, you must ensure
+       that PCRE is compiled with Unicode property support  as  well  as  with
+       UTF-8 support.
+
+         PCRE_DOLLAR_ENDONLY
+
+       If  this bit is set, a dollar metacharacter in the pattern matches only
+       at the end of the subject string. Without this option,  a  dollar  also
+       matches  immediately before a newline at the end of the string (but not
+       before any other newlines). The PCRE_DOLLAR_ENDONLY option  is  ignored
+       if  PCRE_MULTILINE  is  set.   There is no equivalent to this option in
+       Perl, and no way to set it within a pattern.
+
+         PCRE_DOTALL
+
+       If this bit is set, a dot metacharacter in the pattern matches a  char-
+       acter of any value, including one that indicates a newline. However, it
+       only ever matches one character, even if newlines are  coded  as  CRLF.
+       Without  this option, a dot does not match when the current position is
+       at a newline. This option is equivalent to Perl's /s option, and it can
+       be  changed within a pattern by a (?s) option setting. A negative class
+       such as [^a] always matches newline characters, independent of the set-
+       ting of this option.
+
+         PCRE_DUPNAMES
+
+       If  this  bit is set, names used to identify capturing subpatterns need
+       not be unique. This can be helpful for certain types of pattern when it
+       is  known  that  only  one instance of the named subpattern can ever be
+       matched. There are more details of named subpatterns  below;  see  also
+       the pcrepattern documentation.
+
+         PCRE_EXTENDED
+
+       If  this  bit  is  set,  most white space characters in the pattern are
+       totally ignored except when escaped or inside a character  class.  How-
+       ever,  white  space  is  not  allowed within sequences such as (?> that
+       introduce various parenthesized subpatterns,  nor  within  a  numerical
+       quantifier  such as {1,3}.  However, ignorable white space is permitted
+       between an item and a following quantifier and between a quantifier and
+       a following + that indicates possessiveness.
+
+       White space did not used to include the VT character (code 11), because
+       Perl did not treat this character as white space. However, Perl changed
+       at  release  5.18,  so  PCRE  followed  at  release 8.34, and VT is now
+       treated as white space.
+
+       PCRE_EXTENDED also causes characters between an unescaped #  outside  a
+       character  class  and  the  next  newline,  inclusive,  to  be ignored.
+       PCRE_EXTENDED is equivalent to Perl's /x option, and it can be  changed
+       within a pattern by a (?x) option setting.
+
+       Which  characters  are  interpreted  as  newlines  is controlled by the
+       options passed to pcre_compile() or by a special sequence at the  start
+       of  the  pattern, as described in the section entitled "Newline conven-
+       tions" in the pcrepattern documentation. Note that the end of this type
+       of  comment  is  a  literal  newline  sequence  in  the pattern; escape
+       sequences that happen to represent a newline do not count.
+
+       This option makes it possible to include  comments  inside  complicated
+       patterns.   Note,  however,  that this applies only to data characters.
+       White space  characters  may  never  appear  within  special  character
+       sequences in a pattern, for example within the sequence (?( that intro-
+       duces a conditional subpattern.
+
+         PCRE_EXTRA
+
+       This option was invented in order to turn on  additional  functionality
+       of  PCRE  that  is  incompatible with Perl, but it is currently of very
+       little use. When set, any backslash in a pattern that is followed by  a
+       letter  that  has  no  special  meaning causes an error, thus reserving
+       these combinations for future expansion. By  default,  as  in  Perl,  a
+       backslash  followed by a letter with no special meaning is treated as a
+       literal. (Perl can, however, be persuaded to give an error for this, by
+       running  it with the -w option.) There are at present no other features
+       controlled by this option. It can also be set by a (?X) option  setting
+       within a pattern.
+
+         PCRE_FIRSTLINE
+
+       If  this  option  is  set,  an  unanchored pattern is required to match
+       before or at the first  newline  in  the  subject  string,  though  the
+       matched text may continue over the newline.
+
+         PCRE_JAVASCRIPT_COMPAT
+
+       If this option is set, PCRE's behaviour is changed in some ways so that
+       it is compatible with JavaScript rather than Perl. The changes  are  as
+       follows:
+
+       (1)  A  lone  closing square bracket in a pattern causes a compile-time
+       error, because this is illegal in JavaScript (by default it is  treated
+       as a data character). Thus, the pattern AB]CD becomes illegal when this
+       option is set.
+
+       (2) At run time, a back reference to an unset subpattern group  matches
+       an  empty  string (by default this causes the current matching alterna-
+       tive to fail). A pattern such as (\1)(a) succeeds when this  option  is
+       set  (assuming  it can find an "a" in the subject), whereas it fails by
+       default, for Perl compatibility.
+
+       (3) \U matches an upper case "U" character; by default \U causes a com-
+       pile time error (Perl uses \U to upper case subsequent characters).
+
+       (4) \u matches a lower case "u" character unless it is followed by four
+       hexadecimal digits, in which case the hexadecimal  number  defines  the
+       code  point  to match. By default, \u causes a compile time error (Perl
+       uses it to upper case the following character).
+
+       (5) \x matches a lower case "x" character unless it is followed by  two
+       hexadecimal  digits,  in  which case the hexadecimal number defines the
+       code point to match. By default, as in Perl, a  hexadecimal  number  is
+       always expected after \x, but it may have zero, one, or two digits (so,
+       for example, \xz matches a binary zero character followed by z).
+
+         PCRE_MULTILINE
+
+       By default, for the purposes of matching "start of line"  and  "end  of
+       line", PCRE treats the subject string as consisting of a single line of
+       characters, even if it actually contains newlines. The "start of  line"
+       metacharacter (^) matches only at the start of the string, and the "end
+       of line" metacharacter ($) matches only at the end of  the  string,  or
+       before  a terminating newline (except when PCRE_DOLLAR_ENDONLY is set).
+       Note, however, that unless PCRE_DOTALL  is  set,  the  "any  character"
+       metacharacter  (.)  does not match at a newline. This behaviour (for ^,
+       $, and dot) is the same as Perl.
+
+       When PCRE_MULTILINE it is set, the "start of line" and  "end  of  line"
+       constructs  match  immediately following or immediately before internal
+       newlines in the subject string, respectively, as well as  at  the  very
+       start  and  end.  This is equivalent to Perl's /m option, and it can be
+       changed within a pattern by a (?m) option setting. If there are no new-
+       lines  in  a  subject string, or no occurrences of ^ or $ in a pattern,
+       setting PCRE_MULTILINE has no effect.
+
+         PCRE_NEVER_UTF
+
+       This option locks out interpretation of the pattern as UTF-8 (or UTF-16
+       or  UTF-32  in the 16-bit and 32-bit libraries). In particular, it pre-
+       vents the creator of the pattern from switching to  UTF  interpretation
+       by starting the pattern with (*UTF). This may be useful in applications
+       that  process  patterns  from  external  sources.  The  combination  of
+       PCRE_UTF8 and PCRE_NEVER_UTF also causes an error.
+
+         PCRE_NEWLINE_CR
+         PCRE_NEWLINE_LF
+         PCRE_NEWLINE_CRLF
+         PCRE_NEWLINE_ANYCRLF
+         PCRE_NEWLINE_ANY
+
+       These  options  override the default newline definition that was chosen
+       when PCRE was built. Setting the first or the second specifies  that  a
+       newline  is  indicated  by a single character (CR or LF, respectively).
+       Setting PCRE_NEWLINE_CRLF specifies that a newline is indicated by  the
+       two-character  CRLF  sequence.  Setting  PCRE_NEWLINE_ANYCRLF specifies
+       that any of the three preceding sequences should be recognized. Setting
+       PCRE_NEWLINE_ANY  specifies that any Unicode newline sequence should be
+       recognized.
+
+       In an ASCII/Unicode environment, the Unicode newline sequences are  the
+       three  just  mentioned,  plus  the  single characters VT (vertical tab,
+       U+000B), FF (form feed, U+000C), NEL (next line, U+0085), LS (line sep-
+       arator,  U+2028),  and  PS (paragraph separator, U+2029). For the 8-bit
+       library, the last two are recognized only in UTF-8 mode.
+
+       When PCRE is compiled to run in an EBCDIC (mainframe) environment,  the
+       code for CR is 0x0d, the same as ASCII. However, the character code for
+       LF is normally 0x15, though in some EBCDIC environments 0x25  is  used.
+       Whichever  of  these  is  not LF is made to correspond to Unicode's NEL
+       character. EBCDIC codes are all less than 256. For  more  details,  see
+       the pcrebuild documentation.
+
+       The  newline  setting  in  the  options  word  uses three bits that are
+       treated as a number, giving eight possibilities. Currently only six are
+       used  (default  plus the five values above). This means that if you set
+       more than one newline option, the combination may or may not be  sensi-
+       ble. For example, PCRE_NEWLINE_CR with PCRE_NEWLINE_LF is equivalent to
+       PCRE_NEWLINE_CRLF, but other combinations may yield unused numbers  and
+       cause an error.
+
+       The  only  time  that a line break in a pattern is specially recognized
+       when compiling is when PCRE_EXTENDED is set. CR and LF are white  space
+       characters,  and so are ignored in this mode. Also, an unescaped # out-
+       side a character class indicates a comment that lasts until  after  the
+       next  line break sequence. In other circumstances, line break sequences
+       in patterns are treated as literal data.
+
+       The newline option that is set at compile time becomes the default that
+       is used for pcre_exec() and pcre_dfa_exec(), but it can be overridden.
+
+         PCRE_NO_AUTO_CAPTURE
+
+       If this option is set, it disables the use of numbered capturing paren-
+       theses in the pattern. Any opening parenthesis that is not followed  by
+       ?  behaves as if it were followed by ?: but named parentheses can still
+       be used for capturing (and they acquire  numbers  in  the  usual  way).
+       There is no equivalent of this option in Perl.
+
+         PCRE_NO_AUTO_POSSESS
+
+       If  this option is set, it disables "auto-possessification". This is an
+       optimization that, for example, turns a+b into a++b in order  to  avoid
+       backtracks  into  a+ that can never be successful. However, if callouts
+       are in use, auto-possessification means that some  of  them  are  never
+       taken. You can set this option if you want the matching functions to do
+       a full unoptimized search and run all the callouts, but  it  is  mainly
+       provided for testing purposes.
+
+         PCRE_NO_START_OPTIMIZE
+
+       This  is an option that acts at matching time; that is, it is really an
+       option for pcre_exec() or pcre_dfa_exec(). If  it  is  set  at  compile
+       time,  it is remembered with the compiled pattern and assumed at match-
+       ing time. This is necessary if you want to use JIT  execution,  because
+       the  JIT  compiler needs to know whether or not this option is set. For
+       details see the discussion of PCRE_NO_START_OPTIMIZE below.
+
+         PCRE_UCP
+
+       This option changes the way PCRE processes \B, \b, \D, \d, \S, \s,  \W,
+       \w,  and  some  of  the POSIX character classes. By default, only ASCII
+       characters are recognized, but if PCRE_UCP is set,  Unicode  properties
+       are  used instead to classify characters. More details are given in the
+       section on generic character types in the pcrepattern page. If you  set
+       PCRE_UCP,  matching  one of the items it affects takes much longer. The
+       option is available only if PCRE has been compiled with  Unicode  prop-
+       erty support.
+
+         PCRE_UNGREEDY
+
+       This  option  inverts  the "greediness" of the quantifiers so that they
+       are not greedy by default, but become greedy if followed by "?". It  is
+       not  compatible  with Perl. It can also be set by a (?U) option setting
+       within the pattern.
+
+         PCRE_UTF8
+
+       This option causes PCRE to regard both the pattern and the  subject  as
+       strings of UTF-8 characters instead of single-byte strings. However, it
+       is available only when PCRE is built to include UTF  support.  If  not,
+       the  use  of  this option provokes an error. Details of how this option
+       changes the behaviour of PCRE are given in the pcreunicode page.
+
+         PCRE_NO_UTF8_CHECK
+
+       When PCRE_UTF8 is set, the validity of the pattern as a UTF-8 string is
+       automatically  checked.  There  is  a  discussion about the validity of
+       UTF-8 strings in the pcreunicode page. If an invalid UTF-8 sequence  is
+       found,  pcre_compile()  returns an error. If you already know that your
+       pattern is valid, and you want to skip this check for performance  rea-
+       sons,  you  can set the PCRE_NO_UTF8_CHECK option.  When it is set, the
+       effect of passing an invalid UTF-8 string as a pattern is undefined. It
+       may cause your program to crash or loop. Note that this option can also
+       be passed to pcre_exec() and pcre_dfa_exec(), to suppress the  validity
+       checking  of  subject strings only. If the same string is being matched
+       many times, the option can be safely set for the second and  subsequent
+       matchings to improve performance.
+
+
+COMPILATION ERROR CODES
+
+       The  following  table  lists  the  error  codes than may be returned by
+       pcre_compile2(), along with the error messages that may be returned  by
+       both  compiling  functions.  Note  that error messages are always 8-bit
+       ASCII strings, even in 16-bit or 32-bit mode. As  PCRE  has  developed,
+       some  error codes have fallen out of use. To avoid confusion, they have
+       not been re-used.
+
+          0  no error
+          1  \ at end of pattern
+          2  \c at end of pattern
+          3  unrecognized character follows \
+          4  numbers out of order in {} quantifier
+          5  number too big in {} quantifier
+          6  missing terminating ] for character class
+          7  invalid escape sequence in character class
+          8  range out of order in character class
+          9  nothing to repeat
+         10  [this code is not in use]
+         11  internal error: unexpected repeat
+         12  unrecognized character after (? or (?-
+         13  POSIX named classes are supported only within a class
+         14  missing )
+         15  reference to non-existent subpattern
+         16  erroffset passed as NULL
+         17  unknown option bit(s) set
+         18  missing ) after comment
+         19  [this code is not in use]
+         20  regular expression is too large
+         21  failed to get memory
+         22  unmatched parentheses
+         23  internal error: code overflow
+         24  unrecognized character after (?<
+         25  lookbehind assertion is not fixed length
+         26  malformed number or name after (?(
+         27  conditional group contains more than two branches
+         28  assertion expected after (?(
+         29  (?R or (?[+-]digits must be followed by )
+         30  unknown POSIX class name
+         31  POSIX collating elements are not supported
+         32  this version of PCRE is compiled without UTF support
+         33  [this code is not in use]
+         34  character value in \x{} or \o{} is too large
+         35  invalid condition (?(0)
+         36  \C not allowed in lookbehind assertion
+         37  PCRE does not support \L, \l, \N{name}, \U, or \u
+         38  number after (?C is > 255
+         39  closing ) for (?C expected
+         40  recursive call could loop indefinitely
+         41  unrecognized character after (?P
+         42  syntax error in subpattern name (missing terminator)
+         43  two named subpatterns have the same name
+         44  invalid UTF-8 string (specifically UTF-8)
+         45  support for \P, \p, and \X has not been compiled
+         46  malformed \P or \p sequence
+         47  unknown property name after \P or \p
+         48  subpattern name is too long (maximum 32 characters)
+         49  too many named subpatterns (maximum 10000)
+         50  [this code is not in use]
+         51  octal value is greater than \377 in 8-bit non-UTF-8 mode
+         52  internal error: overran compiling workspace
+         53  internal error: previously-checked referenced subpattern
+               not found
+         54  DEFINE group contains more than one branch
+         55  repeating a DEFINE group is not allowed
+         56  inconsistent NEWLINE options
+         57  \g is not followed by a braced, angle-bracketed, or quoted
+               name/number or by a plain number
+         58  a numbered reference must not be zero
+         59  an argument is not allowed for (*ACCEPT), (*FAIL), or (*COMMIT)
+         60  (*VERB) not recognized or malformed
+         61  number is too big
+         62  subpattern name expected
+         63  digit expected after (?+
+         64  ] is an invalid data character in JavaScript compatibility mode
+         65  different names for subpatterns of the same number are
+               not allowed
+         66  (*MARK) must have an argument
+         67  this version of PCRE is not compiled with Unicode property
+               support
+         68  \c must be followed by an ASCII character
+         69  \k is not followed by a braced, angle-bracketed, or quoted name
+         70  internal error: unknown opcode in find_fixedlength()
+         71  \N is not supported in a class
+         72  too many forward references
+         73  disallowed Unicode code point (>= 0xd800 && <= 0xdfff)
+         74  invalid UTF-16 string (specifically UTF-16)
+         75  name is too long in (*MARK), (*PRUNE), (*SKIP), or (*THEN)
+         76  character value in \u.... sequence is too large
+         77  invalid UTF-32 string (specifically UTF-32)
+         78  setting UTF is disabled by the application
+         79  non-hex character in \x{} (closing brace missing?)
+         80  non-octal character in \o{} (closing brace missing?)
+         81  missing opening brace after \o
+         82  parentheses are too deeply nested
+         83  invalid range in character class
+         84  group name must start with a non-digit
+         85  parentheses are too deeply nested (stack check)
+
+       The numbers 32 and 10000 in errors 48 and 49  are  defaults;  different
+       values may be used if the limits were changed when PCRE was built.
+
+
+STUDYING A PATTERN
+
+       pcre_extra *pcre_study(const pcre *code, int options,
+            const char **errptr);
+
+       If  a  compiled  pattern is going to be used several times, it is worth
+       spending more time analyzing it in order to speed up the time taken for
+       matching.  The function pcre_study() takes a pointer to a compiled pat-
+       tern as its first argument. If studying the pattern produces additional
+       information  that  will  help speed up matching, pcre_study() returns a
+       pointer to a pcre_extra block, in which the study_data field points  to
+       the results of the study.
+
+       The  returned  value  from  pcre_study()  can  be  passed  directly  to
+       pcre_exec() or pcre_dfa_exec(). However, a pcre_extra block  also  con-
+       tains  other  fields  that can be set by the caller before the block is
+       passed; these are described below in the section on matching a pattern.
+
+       If studying the  pattern  does  not  produce  any  useful  information,
+       pcre_study()  returns  NULL  by  default.  In that circumstance, if the
+       calling program wants to pass any of the other fields to pcre_exec() or
+       pcre_dfa_exec(),  it  must set up its own pcre_extra block. However, if
+       pcre_study() is called  with  the  PCRE_STUDY_EXTRA_NEEDED  option,  it
+       returns a pcre_extra block even if studying did not find any additional
+       information. It may still return NULL, however, if an error  occurs  in
+       pcre_study().
+
+       The  second  argument  of  pcre_study() contains option bits. There are
+       three further options in addition to PCRE_STUDY_EXTRA_NEEDED:
+
+         PCRE_STUDY_JIT_COMPILE
+         PCRE_STUDY_JIT_PARTIAL_HARD_COMPILE
+         PCRE_STUDY_JIT_PARTIAL_SOFT_COMPILE
+
+       If any of these are set, and the just-in-time  compiler  is  available,
+       the  pattern  is  further compiled into machine code that executes much
+       faster than the pcre_exec()  interpretive  matching  function.  If  the
+       just-in-time  compiler is not available, these options are ignored. All
+       undefined bits in the options argument must be zero.
+
+       JIT compilation is a heavyweight optimization. It can  take  some  time
+       for  patterns  to  be analyzed, and for one-off matches and simple pat-
+       terns the benefit of faster execution might be offset by a much  slower
+       study time.  Not all patterns can be optimized by the JIT compiler. For
+       those that cannot be handled, matching automatically falls back to  the
+       pcre_exec()  interpreter.  For more details, see the pcrejit documenta-
+       tion.
+
+       The third argument for pcre_study() is a pointer for an error  message.
+       If  studying  succeeds  (even  if no data is returned), the variable it
+       points to is set to NULL. Otherwise it is set to  point  to  a  textual
+       error message. This is a static string that is part of the library. You
+       must not try to free it. You should test the  error  pointer  for  NULL
+       after calling pcre_study(), to be sure that it has run successfully.
+
+       When  you are finished with a pattern, you can free the memory used for
+       the study data by calling pcre_free_study(). This function was added to
+       the  API  for  release  8.20. For earlier versions, the memory could be
+       freed with pcre_free(), just like the pattern itself. This  will  still
+       work  in  cases where JIT optimization is not used, but it is advisable
+       to change to the new function when convenient.
+
+       This is a typical way in which pcre_study() is used (except that  in  a
+       real application there should be tests for errors):
+
+         int rc;
+         pcre *re;
+         pcre_extra *sd;
+         re = pcre_compile("pattern", 0, &error, &erroroffset, NULL);
+         sd = pcre_study(
+           re,             /* result of pcre_compile() */
+           0,              /* no options */
+           &error);        /* set to NULL or points to a message */
+         rc = pcre_exec(   /* see below for details of pcre_exec() options */
+           re, sd, "subject", 7, 0, 0, ovector, 30);
+         ...
+         pcre_free_study(sd);
+         pcre_free(re);
+
+       Studying a pattern does two things: first, a lower bound for the length
+       of subject string that is needed to match the pattern is computed. This
+       does not mean that there are any strings of that length that match, but
+       it does guarantee that no shorter strings match. The value is  used  to
+       avoid wasting time by trying to match strings that are shorter than the
+       lower bound. You can find out the value in a calling  program  via  the
+       pcre_fullinfo() function.
+
+       Studying a pattern is also useful for non-anchored patterns that do not
+       have a single fixed starting character. A bitmap of  possible  starting
+       bytes  is  created. This speeds up finding a position in the subject at
+       which to start matching. (In 16-bit mode, the bitmap is used for 16-bit
+       values  less  than  256.  In 32-bit mode, the bitmap is used for 32-bit
+       values less than 256.)
+
+       These two optimizations apply to both pcre_exec() and  pcre_dfa_exec(),
+       and  the  information  is also used by the JIT compiler.  The optimiza-
+       tions can be disabled by  setting  the  PCRE_NO_START_OPTIMIZE  option.
+       You  might want to do this if your pattern contains callouts or (*MARK)
+       and you want to make use of these facilities in  cases  where  matching
+       fails.
+
+       PCRE_NO_START_OPTIMIZE  can be specified at either compile time or exe-
+       cution  time.  However,  if   PCRE_NO_START_OPTIMIZE   is   passed   to
+       pcre_exec(), (that is, after any JIT compilation has happened) JIT exe-
+       cution is disabled. For JIT execution to work with  PCRE_NO_START_OPTI-
+       MIZE, the option must be set at compile time.
+
+       There is a longer discussion of PCRE_NO_START_OPTIMIZE below.
+
+
+LOCALE SUPPORT
+
+       PCRE  handles  caseless matching, and determines whether characters are
+       letters, digits, or whatever, by reference to a set of tables,  indexed
+       by  character  code point. When running in UTF-8 mode, or in the 16- or
+       32-bit libraries, this applies only to characters with code points less
+       than  256.  By  default,  higher-valued code points never match escapes
+       such as \w or \d. However, if PCRE is built with Unicode property  sup-
+       port,  all  characters can be tested with \p and \P, or, alternatively,
+       the PCRE_UCP option can be set when a pattern is compiled; this  causes
+       \w  and friends to use Unicode property support instead of the built-in
+       tables.
+
+       The use of locales with Unicode is discouraged.  If  you  are  handling
+       characters  with  code  points  greater than 128, you should either use
+       Unicode support, or use locales, but not try to mix the two.
+
+       PCRE contains an internal set of tables that are used  when  the  final
+       argument  of  pcre_compile()  is  NULL.  These  are sufficient for many
+       applications.  Normally, the internal tables recognize only ASCII char-
+       acters. However, when PCRE is built, it is possible to cause the inter-
+       nal tables to be rebuilt in the default "C" locale of the local system,
+       which may cause them to be different.
+
+       The  internal tables can always be overridden by tables supplied by the
+       application that calls PCRE. These may be created in a different locale
+       from  the  default.  As more and more applications change to using Uni-
+       code, the need for this locale support is expected to die away.
+
+       External tables are built by calling  the  pcre_maketables()  function,
+       which  has no arguments, in the relevant locale. The result can then be
+       passed to pcre_compile() as often as necessary. For example,  to  build
+       and  use  tables  that  are  appropriate  for  the French locale (where
+       accented characters with values greater than 128 are  treated  as  let-
+       ters), the following code could be used:
+
+         setlocale(LC_CTYPE, "fr_FR");
+         tables = pcre_maketables();
+         re = pcre_compile(..., tables);
+
+       The  locale  name "fr_FR" is used on Linux and other Unix-like systems;
+       if you are using Windows, the name for the French locale is "french".
+
+       When pcre_maketables() runs, the tables are built  in  memory  that  is
+       obtained  via  pcre_malloc. It is the caller's responsibility to ensure
+       that the memory containing the tables remains available for as long  as
+       it is needed.
+
+       The pointer that is passed to pcre_compile() is saved with the compiled
+       pattern, and the same tables are used via this pointer by  pcre_study()
+       and  also by pcre_exec() and pcre_dfa_exec(). Thus, for any single pat-
+       tern, compilation, studying and matching all happen in the same locale,
+       but different patterns can be processed in different locales.
+
+       It  is  possible to pass a table pointer or NULL (indicating the use of
+       the internal tables) to pcre_exec() or pcre_dfa_exec() (see the discus-
+       sion below in the section on matching a pattern). This facility is pro-
+       vided for use with pre-compiled  patterns  that  have  been  saved  and
+       reloaded.   Character  tables are not saved with patterns, so if a non-
+       standard table was used at compile time, it must be provided again when
+       the  reloaded  pattern  is  matched. Attempting to use this facility to
+       match a pattern in a different locale from the one in which it was com-
+       piled is likely to lead to anomalous (usually incorrect) results.
+
+
+INFORMATION ABOUT A PATTERN
+
+       int pcre_fullinfo(const pcre *code, const pcre_extra *extra,
+            int what, void *where);
+
+       The  pcre_fullinfo() function returns information about a compiled pat-
+       tern. It replaces the pcre_info() function, which was removed from  the
+       library at version 8.30, after more than 10 years of obsolescence.
+
+       The  first  argument  for  pcre_fullinfo() is a pointer to the compiled
+       pattern. The second argument is the result of pcre_study(), or NULL  if
+       the  pattern  was not studied. The third argument specifies which piece
+       of information is required, and the fourth argument is a pointer  to  a
+       variable  to  receive  the  data. The yield of the function is zero for
+       success, or one of the following negative numbers:
+
+         PCRE_ERROR_NULL           the argument code was NULL
+                                   the argument where was NULL
+         PCRE_ERROR_BADMAGIC       the "magic number" was not found
+         PCRE_ERROR_BADENDIANNESS  the pattern was compiled with different
+                                   endianness
+         PCRE_ERROR_BADOPTION      the value of what was invalid
+         PCRE_ERROR_UNSET          the requested field is not set
+
+       The "magic number" is placed at the start of each compiled  pattern  as
+       an  simple check against passing an arbitrary memory pointer. The endi-
+       anness error can occur if a compiled pattern is saved and reloaded on a
+       different  host.  Here  is a typical call of pcre_fullinfo(), to obtain
+       the length of the compiled pattern:
+
+         int rc;
+         size_t length;
+         rc = pcre_fullinfo(
+           re,               /* result of pcre_compile() */
+           sd,               /* result of pcre_study(), or NULL */
+           PCRE_INFO_SIZE,   /* what is required */
+           &length);         /* where to put the data */
+
+       The possible values for the third argument are defined in  pcre.h,  and
+       are as follows:
+
+         PCRE_INFO_BACKREFMAX
+
+       Return  the  number  of  the highest back reference in the pattern. The
+       fourth argument should point to an int variable. Zero  is  returned  if
+       there are no back references.
+
+         PCRE_INFO_CAPTURECOUNT
+
+       Return  the  number of capturing subpatterns in the pattern. The fourth
+       argument should point to an int variable.
+
+         PCRE_INFO_DEFAULT_TABLES
+
+       Return a pointer to the internal default character tables within  PCRE.
+       The  fourth  argument should point to an unsigned char * variable. This
+       information call is provided for internal use by the pcre_study() func-
+       tion.  External  callers  can  cause PCRE to use its internal tables by
+       passing a NULL table pointer.
+
+         PCRE_INFO_FIRSTBYTE (deprecated)
+
+       Return information about the first data unit of any matched string, for
+       a  non-anchored  pattern.  The  name of this option refers to the 8-bit
+       library, where data units are bytes. The fourth argument  should  point
+       to  an  int  variable. Negative values are used for special cases. How-
+       ever, this means that when the 32-bit library is  in  non-UTF-32  mode,
+       the  full  32-bit range of characters cannot be returned. For this rea-
+       son, this value is deprecated;  use  PCRE_INFO_FIRSTCHARACTERFLAGS  and
+       PCRE_INFO_FIRSTCHARACTER instead.
+
+       If  there  is  a  fixed first value, for example, the letter "c" from a
+       pattern such as (cat|cow|coyote), its value is returned. In  the  8-bit
+       library,  the  value is always less than 256. In the 16-bit library the
+       value can be up to 0xffff. In the 32-bit library the value can be up to
+       0x10ffff.
+
+       If there is no fixed first value, and if either
+
+       (a)  the pattern was compiled with the PCRE_MULTILINE option, and every
+       branch starts with "^", or
+
+       (b) every branch of the pattern starts with ".*" and PCRE_DOTALL is not
+       set (if it were set, the pattern would be anchored),
+
+       -1  is  returned, indicating that the pattern matches only at the start
+       of a subject string or after any newline within the  string.  Otherwise
+       -2 is returned. For anchored patterns, -2 is returned.
+
+         PCRE_INFO_FIRSTCHARACTER
+
+       Return  the  value  of  the  first data unit (non-UTF character) of any
+       matched string in  the  situation  where  PCRE_INFO_FIRSTCHARACTERFLAGS
+       returns  1;  otherwise return 0. The fourth argument should point to an
+       uint_t variable.
+
+       In the 8-bit library, the value is always less than 256. In the  16-bit
+       library  the value can be up to 0xffff. In the 32-bit library in UTF-32
+       mode the value can be up to 0x10ffff, and up  to  0xffffffff  when  not
+       using UTF-32 mode.
+
+         PCRE_INFO_FIRSTCHARACTERFLAGS
+
+       Return information about the first data unit of any matched string, for
+       a non-anchored pattern. The fourth argument  should  point  to  an  int
+       variable.
+
+       If  there  is  a  fixed first value, for example, the letter "c" from a
+       pattern such as (cat|cow|coyote), 1  is  returned,  and  the  character
+       value  can  be retrieved using PCRE_INFO_FIRSTCHARACTER. If there is no
+       fixed first value, and if either
+
+       (a) the pattern was compiled with the PCRE_MULTILINE option, and  every
+       branch starts with "^", or
+
+       (b) every branch of the pattern starts with ".*" and PCRE_DOTALL is not
+       set (if it were set, the pattern would be anchored),
+
+       2 is returned, indicating that the pattern matches only at the start of
+       a subject string or after any newline within the string. Otherwise 0 is
+       returned. For anchored patterns, 0 is returned.
+
+         PCRE_INFO_FIRSTTABLE
+
+       If the pattern was studied, and this resulted in the construction of  a
+       256-bit  table indicating a fixed set of values for the first data unit
+       in any matching string, a pointer to the table is  returned.  Otherwise
+       NULL  is returned. The fourth argument should point to an unsigned char
+       * variable.
+
+         PCRE_INFO_HASCRORLF
+
+       Return 1 if the pattern contains any explicit  matches  for  CR  or  LF
+       characters,  otherwise  0.  The  fourth argument should point to an int
+       variable. An explicit match is either a literal CR or LF character,  or
+       \r or \n.
+
+         PCRE_INFO_JCHANGED
+
+       Return  1  if  the (?J) or (?-J) option setting is used in the pattern,
+       otherwise 0. The fourth argument should point to an int variable.  (?J)
+       and (?-J) set and unset the local PCRE_DUPNAMES option, respectively.
+
+         PCRE_INFO_JIT
+
+       Return  1  if  the pattern was studied with one of the JIT options, and
+       just-in-time compiling was successful. The fourth argument should point
+       to  an  int variable. A return value of 0 means that JIT support is not
+       available in this version of PCRE, or that the pattern was not  studied
+       with  a JIT option, or that the JIT compiler could not handle this par-
+       ticular pattern. See the pcrejit documentation for details of what  can
+       and cannot be handled.
+
+         PCRE_INFO_JITSIZE
+
+       If  the  pattern was successfully studied with a JIT option, return the
+       size of the JIT compiled code, otherwise return zero. The fourth  argu-
+       ment should point to a size_t variable.
+
+         PCRE_INFO_LASTLITERAL
+
+       Return  the value of the rightmost literal data unit that must exist in
+       any matched string, other than at its start, if such a value  has  been
+       recorded. The fourth argument should point to an int variable. If there
+       is no such value, -1 is returned. For anchored patterns, a last literal
+       value  is recorded only if it follows something of variable length. For
+       example, for the pattern /^a\d+z\d+/ the returned value is "z", but for
+       /^a\dz\d/ the returned value is -1.
+
+       Since  for  the 32-bit library using the non-UTF-32 mode, this function
+       is unable to return the full 32-bit range of characters, this value  is
+       deprecated;     instead     the     PCRE_INFO_REQUIREDCHARFLAGS     and
+       PCRE_INFO_REQUIREDCHAR values should be used.
+
+         PCRE_INFO_MATCH_EMPTY
+
+       Return 1 if the pattern can match an empty  string,  otherwise  0.  The
+       fourth argument should point to an int variable.
+
+         PCRE_INFO_MATCHLIMIT
+
+       If  the  pattern  set  a  match  limit by including an item of the form
+       (*LIMIT_MATCH=nnnn) at the start, the value  is  returned.  The  fourth
+       argument  should  point to an unsigned 32-bit integer. If no such value
+       has  been  set,  the  call  to  pcre_fullinfo()   returns   the   error
+       PCRE_ERROR_UNSET.
+
+         PCRE_INFO_MAXLOOKBEHIND
+
+       Return  the  number  of  characters  (NB not data units) in the longest
+       lookbehind assertion in the pattern. This information  is  useful  when
+       doing  multi-segment  matching  using  the partial matching facilities.
+       Note that the simple assertions \b and \B require a one-character look-
+       behind.  \A  also  registers a one-character lookbehind, though it does
+       not actually inspect the previous character. This is to ensure that  at
+       least one character from the old segment is retained when a new segment
+       is processed. Otherwise, if there are no lookbehinds in the pattern, \A
+       might match incorrectly at the start of a new segment.
+
+         PCRE_INFO_MINLENGTH
+
+       If  the  pattern  was studied and a minimum length for matching subject
+       strings was computed, its value is  returned.  Otherwise  the  returned
+       value is -1. The value is a number of characters, which in UTF mode may
+       be different from the number of data units. The fourth argument  should
+       point  to an int variable. A non-negative value is a lower bound to the
+       length of any matching string. There may not be  any  strings  of  that
+       length  that  do actually match, but every string that does match is at
+       least that long.
+
+         PCRE_INFO_NAMECOUNT
+         PCRE_INFO_NAMEENTRYSIZE
+         PCRE_INFO_NAMETABLE
+
+       PCRE supports the use of named as well as numbered capturing  parenthe-
+       ses.  The names are just an additional way of identifying the parenthe-
+       ses, which still acquire numbers. Several convenience functions such as
+       pcre_get_named_substring()  are  provided  for extracting captured sub-
+       strings by name. It is also possible to extract the data  directly,  by
+       first  converting  the  name to a number in order to access the correct
+       pointers in the output vector (described with pcre_exec() below). To do
+       the  conversion,  you  need  to  use  the  name-to-number map, which is
+       described by these three values.
+
+       The map consists of a number of fixed-size entries. PCRE_INFO_NAMECOUNT
+       gives the number of entries, and PCRE_INFO_NAMEENTRYSIZE gives the size
+       of each entry; both of these  return  an  int  value.  The  entry  size
+       depends  on the length of the longest name. PCRE_INFO_NAMETABLE returns
+       a pointer to the first entry of the table. This is a pointer to char in
+       the 8-bit library, where the first two bytes of each entry are the num-
+       ber of the capturing parenthesis, most significant byte first.  In  the
+       16-bit  library,  the pointer points to 16-bit data units, the first of
+       which contains the parenthesis  number.  In  the  32-bit  library,  the
+       pointer  points  to  32-bit data units, the first of which contains the
+       parenthesis number. The rest of the entry is  the  corresponding  name,
+       zero terminated.
+
+       The  names are in alphabetical order. If (?| is used to create multiple
+       groups with the same number, as described in the section  on  duplicate
+       subpattern numbers in the pcrepattern page, the groups may be given the
+       same name, but there is only one entry in the  table.  Different  names
+       for  groups  of the same number are not permitted.  Duplicate names for
+       subpatterns with different numbers are permitted, but only if PCRE_DUP-
+       NAMES  is set. They appear in the table in the order in which they were
+       found in the pattern. In the absence  of  (?|  this  is  the  order  of
+       increasing  number;  when  (?| is used this is not necessarily the case
+       because later subpatterns may have lower numbers.
+
+       As a simple example of the name/number table,  consider  the  following
+       pattern after compilation by the 8-bit library (assume PCRE_EXTENDED is
+       set, so white space - including newlines - is ignored):
+
+         (?<date> (?<year>(\d\d)?\d\d) -
+         (?<month>\d\d) - (?<day>\d\d) )
+
+       There are four named subpatterns, so the table has  four  entries,  and
+       each  entry  in the table is eight bytes long. The table is as follows,
+       with non-printing bytes shows in hexadecimal, and undefined bytes shown
+       as ??:
+
+         00 01 d  a  t  e  00 ??
+         00 05 d  a  y  00 ?? ??
+         00 04 m  o  n  t  h  00
+         00 02 y  e  a  r  00 ??
+
+       When  writing  code  to  extract  data from named subpatterns using the
+       name-to-number map, remember that the length of the entries  is  likely
+       to be different for each compiled pattern.
+
+         PCRE_INFO_OKPARTIAL
+
+       Return  1  if  the  pattern  can  be  used  for  partial  matching with
+       pcre_exec(), otherwise 0. The fourth argument should point  to  an  int
+       variable.  From  release  8.00,  this  always  returns  1,  because the
+       restrictions that previously applied  to  partial  matching  have  been
+       lifted.  The  pcrepartial documentation gives details of partial match-
+       ing.
+
+         PCRE_INFO_OPTIONS
+
+       Return a copy of the options with which the pattern was  compiled.  The
+       fourth  argument  should  point to an unsigned long int variable. These
+       option bits are those specified in the call to pcre_compile(), modified
+       by any top-level option settings at the start of the pattern itself. In
+       other words, they are the options that will be in force  when  matching
+       starts.  For  example, if the pattern /(?im)abc(?-i)d/ is compiled with
+       the PCRE_EXTENDED option, the result is PCRE_CASELESS,  PCRE_MULTILINE,
+       and PCRE_EXTENDED.
+
+       A  pattern  is  automatically  anchored by PCRE if all of its top-level
+       alternatives begin with one of the following:
+
+         ^     unless PCRE_MULTILINE is set
+         \A    always
+         \G    always
+         .*    if PCRE_DOTALL is set and there are no back
+                 references to the subpattern in which .* appears
+
+       For such patterns, the PCRE_ANCHORED bit is set in the options returned
+       by pcre_fullinfo().
+
+         PCRE_INFO_RECURSIONLIMIT
+
+       If  the  pattern set a recursion limit by including an item of the form
+       (*LIMIT_RECURSION=nnnn) at the start, the value is returned. The fourth
+       argument  should  point to an unsigned 32-bit integer. If no such value
+       has  been  set,  the  call  to  pcre_fullinfo()   returns   the   error
+       PCRE_ERROR_UNSET.
+
+         PCRE_INFO_SIZE
+
+       Return  the  size  of  the  compiled  pattern  in  bytes (for all three
+       libraries). The fourth argument should point to a size_t variable. This
+       value  does not include the size of the pcre structure that is returned
+       by pcre_compile().  The  value  that  is  passed  as  the  argument  to
+       pcre_malloc()  when  pcre_compile() is getting memory in which to place
+       the compiled data is the value returned by this option plus the size of
+       the  pcre  structure. Studying a compiled pattern, with or without JIT,
+       does not alter the value returned by this option.
+
+         PCRE_INFO_STUDYSIZE
+
+       Return the size in bytes (for all three libraries) of  the  data  block
+       pointed to by the study_data field in a pcre_extra block. If pcre_extra
+       is NULL, or there is no study data, zero is returned. The fourth  argu-
+       ment  should point to a size_t variable. The study_data field is set by
+       pcre_study() to record information that will speed up matching (see the
+       section  entitled  "Studying  a  pattern"  above).  The  format  of the
+       study_data block is private, but its length is made available via  this
+       option  so  that  it  can be saved and restored (see the pcreprecompile
+       documentation for details).
+
+         PCRE_INFO_REQUIREDCHARFLAGS
+
+       Returns 1 if there is a rightmost literal data unit that must exist  in
+       any matched string, other than at its start. The fourth argument should
+       point to an int variable. If there is no such value, 0 is returned.  If
+       returning  1,  the  character  value  itself  can  be  retrieved  using
+       PCRE_INFO_REQUIREDCHAR.
+
+       For anchored patterns, a last literal value is recorded only if it fol-
+       lows  something  of  variable  length.  For  example,  for  the pattern
+       /^a\d+z\d+/  the   returned   value   1   (with   "z"   returned   from
+       PCRE_INFO_REQUIREDCHAR), but for /^a\dz\d/ the returned value is 0.
+
+         PCRE_INFO_REQUIREDCHAR
+
+       Return  the value of the rightmost literal data unit that must exist in
+       any matched string, other than at its start, if such a value  has  been
+       recorded.  The fourth argument should point to an uint32_t variable. If
+       there is no such value, 0 is returned.
+
+
+REFERENCE COUNTS
+
+       int pcre_refcount(pcre *code, int adjust);
+
+       The pcre_refcount() function is used to maintain a reference  count  in
+       the data block that contains a compiled pattern. It is provided for the
+       benefit of applications that  operate  in  an  object-oriented  manner,
+       where different parts of the application may be using the same compiled
+       pattern, but you want to free the block when they are all done.
+
+       When a pattern is compiled, the reference count field is initialized to
+       zero.   It is changed only by calling this function, whose action is to
+       add the adjust value (which may be positive or  negative)  to  it.  The
+       yield of the function is the new value. However, the value of the count
+       is constrained to lie between 0 and 65535, inclusive. If the new  value
+       is outside these limits, it is forced to the appropriate limit value.
+
+       Except  when it is zero, the reference count is not correctly preserved
+       if a pattern is compiled on one host and then  transferred  to  a  host
+       whose byte-order is different. (This seems a highly unlikely scenario.)
+
+
+MATCHING A PATTERN: THE TRADITIONAL FUNCTION
+
+       int pcre_exec(const pcre *code, const pcre_extra *extra,
+            const char *subject, int length, int startoffset,
+            int options, int *ovector, int ovecsize);
+
+       The  function pcre_exec() is called to match a subject string against a
+       compiled pattern, which is passed in the code argument. If the  pattern
+       was  studied,  the  result  of  the study should be passed in the extra
+       argument. You can call pcre_exec() with the same code and  extra  argu-
+       ments  as  many  times as you like, in order to match different subject
+       strings with the same pattern.
+
+       This function is the main matching facility  of  the  library,  and  it
+       operates  in  a  Perl-like  manner. For specialist use there is also an
+       alternative matching function, which is described below in the  section
+       about the pcre_dfa_exec() function.
+
+       In  most applications, the pattern will have been compiled (and option-
+       ally studied) in the same process that calls pcre_exec().  However,  it
+       is possible to save compiled patterns and study data, and then use them
+       later in different processes, possibly even on different hosts.  For  a
+       discussion about this, see the pcreprecompile documentation.
+
+       Here is an example of a simple call to pcre_exec():
+
+         int rc;
+         int ovector[30];
+         rc = pcre_exec(
+           re,             /* result of pcre_compile() */
+           NULL,           /* we didn't study the pattern */
+           "some string",  /* the subject string */
+           11,             /* the length of the subject string */
+           0,              /* start at offset 0 in the subject */
+           0,              /* default options */
+           ovector,        /* vector of integers for substring information */
+           30);            /* number of elements (NOT size in bytes) */
+
+   Extra data for pcre_exec()
+
+       If  the  extra argument is not NULL, it must point to a pcre_extra data
+       block. The pcre_study() function returns such a block (when it  doesn't
+       return  NULL), but you can also create one for yourself, and pass addi-
+       tional information in it. The pcre_extra block contains  the  following
+       fields (not necessarily in this order):
+
+         unsigned long int flags;
+         void *study_data;
+         void *executable_jit;
+         unsigned long int match_limit;
+         unsigned long int match_limit_recursion;
+         void *callout_data;
+         const unsigned char *tables;
+         unsigned char **mark;
+
+       In  the  16-bit  version  of  this  structure,  the mark field has type
+       "PCRE_UCHAR16 **".
+
+       In the 32-bit version of  this  structure,  the  mark  field  has  type
+       "PCRE_UCHAR32 **".
+
+       The  flags  field is used to specify which of the other fields are set.
+       The flag bits are:
+
+         PCRE_EXTRA_CALLOUT_DATA
+         PCRE_EXTRA_EXECUTABLE_JIT
+         PCRE_EXTRA_MARK
+         PCRE_EXTRA_MATCH_LIMIT
+         PCRE_EXTRA_MATCH_LIMIT_RECURSION
+         PCRE_EXTRA_STUDY_DATA
+         PCRE_EXTRA_TABLES
+
+       Other flag bits should be set to zero. The study_data field  and  some-
+       times  the executable_jit field are set in the pcre_extra block that is
+       returned by pcre_study(), together with the appropriate flag bits.  You
+       should  not set these yourself, but you may add to the block by setting
+       other fields and their corresponding flag bits.
+
+       The match_limit field provides a means of preventing PCRE from using up
+       a  vast amount of resources when running patterns that are not going to
+       match, but which have a very large number  of  possibilities  in  their
+       search  trees. The classic example is a pattern that uses nested unlim-
+       ited repeats.
+
+       Internally, pcre_exec() uses a function called match(), which it  calls
+       repeatedly  (sometimes  recursively).  The  limit set by match_limit is
+       imposed on the number of times this function is called during a  match,
+       which  has  the  effect of limiting the amount of backtracking that can
+       take place. For patterns that are not anchored, the count restarts from
+       zero for each position in the subject string.
+
+       When pcre_exec() is called with a pattern that was successfully studied
+       with a JIT option, the way that the matching is  executed  is  entirely
+       different.  However, there is still the possibility of runaway matching
+       that goes on for a very long time, and so the match_limit value is also
+       used in this case (but in a different way) to limit how long the match-
+       ing can continue.
+
+       The default value for the limit can be set  when  PCRE  is  built;  the
+       default  default  is 10 million, which handles all but the most extreme
+       cases. You can override the default  by  suppling  pcre_exec()  with  a
+       pcre_extra     block    in    which    match_limit    is    set,    and
+       PCRE_EXTRA_MATCH_LIMIT is set in the  flags  field.  If  the  limit  is
+       exceeded, pcre_exec() returns PCRE_ERROR_MATCHLIMIT.
+
+       A  value  for  the  match  limit may also be supplied by an item at the
+       start of a pattern of the form
+
+         (*LIMIT_MATCH=d)
+
+       where d is a decimal number. However, such a setting is ignored  unless
+       d  is  less  than  the limit set by the caller of pcre_exec() or, if no
+       such limit is set, less than the default.
+
+       The match_limit_recursion field is similar to match_limit, but  instead
+       of limiting the total number of times that match() is called, it limits
+       the depth of recursion. The recursion depth is a  smaller  number  than
+       the  total number of calls, because not all calls to match() are recur-
+       sive.  This limit is of use only if it is set smaller than match_limit.
+
+       Limiting the recursion depth limits the amount of  machine  stack  that
+       can  be used, or, when PCRE has been compiled to use memory on the heap
+       instead of the stack, the amount of heap memory that can be used.  This
+       limit  is not relevant, and is ignored, when matching is done using JIT
+       compiled code.
+
+       The default value for match_limit_recursion can be  set  when  PCRE  is
+       built;  the  default  default  is  the  same  value  as the default for
+       match_limit. You can override the default by suppling pcre_exec()  with
+       a   pcre_extra   block  in  which  match_limit_recursion  is  set,  and
+       PCRE_EXTRA_MATCH_LIMIT_RECURSION is set in  the  flags  field.  If  the
+       limit is exceeded, pcre_exec() returns PCRE_ERROR_RECURSIONLIMIT.
+
+       A  value for the recursion limit may also be supplied by an item at the
+       start of a pattern of the form
+
+         (*LIMIT_RECURSION=d)
+
+       where d is a decimal number. However, such a setting is ignored  unless
+       d  is  less  than  the limit set by the caller of pcre_exec() or, if no
+       such limit is set, less than the default.
+
+       The callout_data field is used in conjunction with the  "callout"  fea-
+       ture, and is described in the pcrecallout documentation.
+
+       The  tables field is provided for use with patterns that have been pre-
+       compiled using custom character tables, saved to disc or elsewhere, and
+       then  reloaded,  because the tables that were used to compile a pattern
+       are not saved with it. See the pcreprecompile documentation for a  dis-
+       cussion  of  saving  compiled patterns for later use. If NULL is passed
+       using this mechanism, it forces PCRE's internal tables to be used.
+
+       Warning: The tables that pcre_exec() uses must be  the  same  as  those
+       that  were used when the pattern was compiled. If this is not the case,
+       the behaviour of pcre_exec() is undefined. Therefore, when a pattern is
+       compiled  and  matched  in the same process, this field should never be
+       set. In this (the most common) case, the correct table pointer is auto-
+       matically  passed  with  the  compiled  pattern  from pcre_compile() to
+       pcre_exec().
+
+       If PCRE_EXTRA_MARK is set in the flags field, the mark  field  must  be
+       set  to point to a suitable variable. If the pattern contains any back-
+       tracking control verbs such as (*MARK:NAME), and the execution ends  up
+       with  a  name  to  pass back, a pointer to the name string (zero termi-
+       nated) is placed in the variable pointed to  by  the  mark  field.  The
+       names  are  within  the  compiled pattern; if you wish to retain such a
+       name you must copy it before freeing the memory of a compiled  pattern.
+       If  there  is no name to pass back, the variable pointed to by the mark
+       field is set to NULL. For details of the  backtracking  control  verbs,
+       see the section entitled "Backtracking control" in the pcrepattern doc-
+       umentation.
+
+   Option bits for pcre_exec()
+
+       The unused bits of the options argument for pcre_exec() must  be  zero.
+       The  only  bits  that  may  be set are PCRE_ANCHORED, PCRE_NEWLINE_xxx,
+       PCRE_NOTBOL,   PCRE_NOTEOL,    PCRE_NOTEMPTY,    PCRE_NOTEMPTY_ATSTART,
+       PCRE_NO_START_OPTIMIZE,   PCRE_NO_UTF8_CHECK,   PCRE_PARTIAL_HARD,  and
+       PCRE_PARTIAL_SOFT.
+
+       If the pattern was successfully studied with one  of  the  just-in-time
+       (JIT) compile options, the only supported options for JIT execution are
+       PCRE_NO_UTF8_CHECK,    PCRE_NOTBOL,     PCRE_NOTEOL,     PCRE_NOTEMPTY,
+       PCRE_NOTEMPTY_ATSTART,  PCRE_PARTIAL_HARD, and PCRE_PARTIAL_SOFT. If an
+       unsupported option is used, JIT execution is disabled  and  the  normal
+       interpretive code in pcre_exec() is run.
+
+         PCRE_ANCHORED
+
+       The  PCRE_ANCHORED  option  limits pcre_exec() to matching at the first
+       matching position. If a pattern was  compiled  with  PCRE_ANCHORED,  or
+       turned  out to be anchored by virtue of its contents, it cannot be made
+       unachored at matching time.
+
+         PCRE_BSR_ANYCRLF
+         PCRE_BSR_UNICODE
+
+       These options (which are mutually exclusive) control what the \R escape
+       sequence  matches.  The choice is either to match only CR, LF, or CRLF,
+       or to match any Unicode newline sequence. These  options  override  the
+       choice that was made or defaulted when the pattern was compiled.
+
+         PCRE_NEWLINE_CR
+         PCRE_NEWLINE_LF
+         PCRE_NEWLINE_CRLF
+         PCRE_NEWLINE_ANYCRLF
+         PCRE_NEWLINE_ANY
+
+       These  options  override  the  newline  definition  that  was chosen or
+       defaulted when the pattern was compiled. For details, see the  descrip-
+       tion  of  pcre_compile()  above.  During  matching,  the newline choice
+       affects the behaviour of the dot, circumflex,  and  dollar  metacharac-
+       ters.  It may also alter the way the match position is advanced after a
+       match failure for an unanchored pattern.
+
+       When PCRE_NEWLINE_CRLF, PCRE_NEWLINE_ANYCRLF,  or  PCRE_NEWLINE_ANY  is
+       set,  and a match attempt for an unanchored pattern fails when the cur-
+       rent position is at a  CRLF  sequence,  and  the  pattern  contains  no
+       explicit  matches  for  CR  or  LF  characters,  the  match position is
+       advanced by two characters instead of one, in other words, to after the
+       CRLF.
+
+       The above rule is a compromise that makes the most common cases work as
+       expected. For example, if the  pattern  is  .+A  (and  the  PCRE_DOTALL
+       option is not set), it does not match the string "\r\nA" because, after
+       failing at the start, it skips both the CR and the LF before  retrying.
+       However,  the  pattern  [\r\n]A does match that string, because it con-
+       tains an explicit CR or LF reference, and so advances only by one char-
+       acter after the first failure.
+
+       An explicit match for CR of LF is either a literal appearance of one of
+       those characters, or one of the \r or  \n  escape  sequences.  Implicit
+       matches  such  as [^X] do not count, nor does \s (which includes CR and
+       LF in the characters that it matches).
+
+       Notwithstanding the above, anomalous effects may still occur when  CRLF
+       is a valid newline sequence and explicit \r or \n escapes appear in the
+       pattern.
+
+         PCRE_NOTBOL
+
+       This option specifies that first character of the subject string is not
+       the  beginning  of  a  line, so the circumflex metacharacter should not
+       match before it. Setting this without PCRE_MULTILINE (at compile  time)
+       causes  circumflex  never to match. This option affects only the behav-
+       iour of the circumflex metacharacter. It does not affect \A.
+
+         PCRE_NOTEOL
+
+       This option specifies that the end of the subject string is not the end
+       of  a line, so the dollar metacharacter should not match it nor (except
+       in multiline mode) a newline immediately before it. Setting this  with-
+       out PCRE_MULTILINE (at compile time) causes dollar never to match. This
+       option affects only the behaviour of the dollar metacharacter. It  does
+       not affect \Z or \z.
+
+         PCRE_NOTEMPTY
+
+       An empty string is not considered to be a valid match if this option is
+       set. If there are alternatives in the pattern, they are tried.  If  all
+       the  alternatives  match  the empty string, the entire match fails. For
+       example, if the pattern
+
+         a?b?
+
+       is applied to a string not beginning with "a" or  "b",  it  matches  an
+       empty  string at the start of the subject. With PCRE_NOTEMPTY set, this
+       match is not valid, so PCRE searches further into the string for occur-
+       rences of "a" or "b".
+
+         PCRE_NOTEMPTY_ATSTART
+
+       This  is  like PCRE_NOTEMPTY, except that an empty string match that is
+       not at the start of  the  subject  is  permitted.  If  the  pattern  is
+       anchored, such a match can occur only if the pattern contains \K.
+
+       Perl     has    no    direct    equivalent    of    PCRE_NOTEMPTY    or
+       PCRE_NOTEMPTY_ATSTART, but it does make a special  case  of  a  pattern
+       match  of  the empty string within its split() function, and when using
+       the /g modifier. It is  possible  to  emulate  Perl's  behaviour  after
+       matching a null string by first trying the match again at the same off-
+       set with PCRE_NOTEMPTY_ATSTART and  PCRE_ANCHORED,  and  then  if  that
+       fails, by advancing the starting offset (see below) and trying an ordi-
+       nary match again. There is some code that demonstrates how to  do  this
+       in  the  pcredemo sample program. In the most general case, you have to
+       check to see if the newline convention recognizes CRLF  as  a  newline,
+       and  if so, and the current character is CR followed by LF, advance the
+       starting offset by two characters instead of one.
+
+         PCRE_NO_START_OPTIMIZE
+
+       There are a number of optimizations that pcre_exec() uses at the  start
+       of  a  match,  in  order to speed up the process. For example, if it is
+       known that an unanchored match must start with a specific character, it
+       searches  the  subject  for that character, and fails immediately if it
+       cannot find it, without actually running the  main  matching  function.
+       This means that a special item such as (*COMMIT) at the start of a pat-
+       tern is not considered until after a suitable starting  point  for  the
+       match  has been found. Also, when callouts or (*MARK) items are in use,
+       these "start-up" optimizations can cause them to be skipped if the pat-
+       tern is never actually used. The start-up optimizations are in effect a
+       pre-scan of the subject that takes place before the pattern is run.
+
+       The PCRE_NO_START_OPTIMIZE option disables the start-up  optimizations,
+       possibly  causing  performance  to  suffer,  but ensuring that in cases
+       where the result is "no match", the callouts do occur, and  that  items
+       such as (*COMMIT) and (*MARK) are considered at every possible starting
+       position in the subject string. If  PCRE_NO_START_OPTIMIZE  is  set  at
+       compile  time,  it  cannot  be  unset  at  matching  time.  The  use of
+       PCRE_NO_START_OPTIMIZE  at  matching  time  (that  is,  passing  it  to
+       pcre_exec())  disables  JIT  execution;  in this situation, matching is
+       always done using interpretively.
+
+       Setting PCRE_NO_START_OPTIMIZE can change the  outcome  of  a  matching
+       operation.  Consider the pattern
+
+         (*COMMIT)ABC
+
+       When  this  is  compiled, PCRE records the fact that a match must start
+       with the character "A". Suppose the subject  string  is  "DEFABC".  The
+       start-up  optimization  scans along the subject, finds "A" and runs the
+       first match attempt from there. The (*COMMIT) item means that the  pat-
+       tern  must  match the current starting position, which in this case, it
+       does. However, if the same match  is  run  with  PCRE_NO_START_OPTIMIZE
+       set,  the  initial  scan  along the subject string does not happen. The
+       first match attempt is run starting  from  "D"  and  when  this  fails,
+       (*COMMIT)  prevents  any  further  matches  being tried, so the overall
+       result is "no match". If the pattern is studied,  more  start-up  opti-
+       mizations  may  be  used. For example, a minimum length for the subject
+       may be recorded. Consider the pattern
+
+         (*MARK:A)(X|Y)
+
+       The minimum length for a match is one  character.  If  the  subject  is
+       "ABC",  there  will  be  attempts  to  match "ABC", "BC", "C", and then
+       finally an empty string.  If the pattern is studied, the final  attempt
+       does  not take place, because PCRE knows that the subject is too short,
+       and so the (*MARK) is never encountered.  In this  case,  studying  the
+       pattern  does  not  affect the overall match result, which is still "no
+       match", but it does affect the auxiliary information that is returned.
+
+         PCRE_NO_UTF8_CHECK
+
+       When PCRE_UTF8 is set at compile time, the validity of the subject as a
+       UTF-8  string is automatically checked when pcre_exec() is subsequently
+       called.  The entire string is checked before any other processing takes
+       place.  The  value  of  startoffset  is  also checked to ensure that it
+       points to the start of a UTF-8 character. There is a  discussion  about
+       the  validity  of  UTF-8 strings in the pcreunicode page. If an invalid
+       sequence  of  bytes   is   found,   pcre_exec()   returns   the   error
+       PCRE_ERROR_BADUTF8 or, if PCRE_PARTIAL_HARD is set and the problem is a
+       truncated character at the end of the subject, PCRE_ERROR_SHORTUTF8. In
+       both  cases, information about the precise nature of the error may also
+       be returned (see the descriptions of these errors in the section  enti-
+       tled  Error return values from pcre_exec() below).  If startoffset con-
+       tains a value that does not point to the start of a UTF-8 character (or
+       to the end of the subject), PCRE_ERROR_BADUTF8_OFFSET is returned.
+
+       If  you  already  know that your subject is valid, and you want to skip
+       these   checks   for   performance   reasons,   you   can    set    the
+       PCRE_NO_UTF8_CHECK  option  when calling pcre_exec(). You might want to
+       do this for the second and subsequent calls to pcre_exec() if  you  are
+       making  repeated  calls  to  find  all  the matches in a single subject
+       string. However, you should be  sure  that  the  value  of  startoffset
+       points  to  the  start of a character (or the end of the subject). When
+       PCRE_NO_UTF8_CHECK is set, the effect of passing an invalid string as a
+       subject  or  an invalid value of startoffset is undefined. Your program
+       may crash or loop.
+
+         PCRE_PARTIAL_HARD
+         PCRE_PARTIAL_SOFT
+
+       These options turn on the partial matching feature. For backwards  com-
+       patibility,  PCRE_PARTIAL is a synonym for PCRE_PARTIAL_SOFT. A partial
+       match occurs if the end of the subject string is reached  successfully,
+       but  there  are not enough subject characters to complete the match. If
+       this happens when PCRE_PARTIAL_SOFT (but not PCRE_PARTIAL_HARD) is set,
+       matching  continues  by  testing any remaining alternatives. Only if no
+       complete match can be found is PCRE_ERROR_PARTIAL returned  instead  of
+       PCRE_ERROR_NOMATCH.  In  other  words,  PCRE_PARTIAL_SOFT says that the
+       caller is prepared to handle a partial match, but only if  no  complete
+       match can be found.
+
+       If  PCRE_PARTIAL_HARD  is  set, it overrides PCRE_PARTIAL_SOFT. In this
+       case, if a partial match  is  found,  pcre_exec()  immediately  returns
+       PCRE_ERROR_PARTIAL,  without  considering  any  other  alternatives. In
+       other words, when PCRE_PARTIAL_HARD is set, a partial match is  consid-
+       ered to be more important that an alternative complete match.
+
+       In  both  cases,  the portion of the string that was inspected when the
+       partial match was found is set as the first matching string. There is a
+       more  detailed  discussion  of partial and multi-segment matching, with
+       examples, in the pcrepartial documentation.
+
+   The string to be matched by pcre_exec()
+
+       The subject string is passed to pcre_exec() as a pointer in subject,  a
+       length  in  length, and a starting offset in startoffset. The units for
+       length and startoffset are bytes for the  8-bit  library,  16-bit  data
+       items  for  the  16-bit  library,  and 32-bit data items for the 32-bit
+       library.
+
+       If startoffset is negative or greater than the length of  the  subject,
+       pcre_exec()  returns  PCRE_ERROR_BADOFFSET. When the starting offset is
+       zero, the search for a match starts at the beginning  of  the  subject,
+       and  this  is by far the most common case. In UTF-8 or UTF-16 mode, the
+       offset must point to the start of a character, or the end of  the  sub-
+       ject  (in  UTF-32 mode, one data unit equals one character, so all off-
+       sets are valid). Unlike the pattern string,  the  subject  may  contain
+       binary zeroes.
+
+       A  non-zero  starting offset is useful when searching for another match
+       in the same subject by calling pcre_exec() again after a previous  suc-
+       cess.   Setting  startoffset differs from just passing over a shortened
+       string and setting PCRE_NOTBOL in the case of  a  pattern  that  begins
+       with any kind of lookbehind. For example, consider the pattern
+
+         \Biss\B
+
+       which  finds  occurrences  of "iss" in the middle of words. (\B matches
+       only if the current position in the subject is not  a  word  boundary.)
+       When  applied  to the string "Mississipi" the first call to pcre_exec()
+       finds the first occurrence. If pcre_exec() is called  again  with  just
+       the  remainder  of  the  subject,  namely  "issipi", it does not match,
+       because \B is always false at the start of the subject, which is deemed
+       to  be  a  word  boundary. However, if pcre_exec() is passed the entire
+       string again, but with startoffset set to 4, it finds the second occur-
+       rence  of "iss" because it is able to look behind the starting point to
+       discover that it is preceded by a letter.
+
+       Finding all the matches in a subject is tricky  when  the  pattern  can
+       match an empty string. It is possible to emulate Perl's /g behaviour by
+       first  trying  the  match  again  at  the   same   offset,   with   the
+       PCRE_NOTEMPTY_ATSTART  and  PCRE_ANCHORED  options,  and  then  if that
+       fails, advancing the starting  offset  and  trying  an  ordinary  match
+       again. There is some code that demonstrates how to do this in the pcre-
+       demo sample program. In the most general case, you have to check to see
+       if  the newline convention recognizes CRLF as a newline, and if so, and
+       the current character is CR followed by LF, advance the starting offset
+       by two characters instead of one.
+
+       If  a  non-zero starting offset is passed when the pattern is anchored,
+       one attempt to match at the given offset is made. This can only succeed
+       if  the  pattern  does  not require the match to be at the start of the
+       subject.
+
+   How pcre_exec() returns captured substrings
+
+       In general, a pattern matches a certain portion of the subject, and  in
+       addition,  further  substrings  from  the  subject may be picked out by
+       parts of the pattern. Following the usage  in  Jeffrey  Friedl's  book,
+       this  is  called "capturing" in what follows, and the phrase "capturing
+       subpattern" is used for a fragment of a pattern that picks out  a  sub-
+       string.  PCRE  supports several other kinds of parenthesized subpattern
+       that do not cause substrings to be captured.
+
+       Captured substrings are returned to the caller via a vector of integers
+       whose  address is passed in ovector. The number of elements in the vec-
+       tor is passed in ovecsize, which must be a non-negative  number.  Note:
+       this argument is NOT the size of ovector in bytes.
+
+       The  first  two-thirds of the vector is used to pass back captured sub-
+       strings, each substring using a pair of integers. The  remaining  third
+       of  the  vector is used as workspace by pcre_exec() while matching cap-
+       turing subpatterns, and is not available for passing back  information.
+       The  number passed in ovecsize should always be a multiple of three. If
+       it is not, it is rounded down.
+
+       When a match is successful, information about  captured  substrings  is
+       returned  in  pairs  of integers, starting at the beginning of ovector,
+       and continuing up to two-thirds of its length at the  most.  The  first
+       element  of  each pair is set to the offset of the first character in a
+       substring, and the second is set to the offset of the  first  character
+       after  the  end  of a substring. These values are always data unit off-
+       sets, even in UTF mode. They are byte offsets  in  the  8-bit  library,
+       16-bit  data  item  offsets in the 16-bit library, and 32-bit data item
+       offsets in the 32-bit library. Note: they are not character counts.
+
+       The first pair of integers, ovector[0]  and  ovector[1],  identify  the
+       portion  of  the subject string matched by the entire pattern. The next
+       pair is used for the first capturing subpattern, and so on.  The  value
+       returned by pcre_exec() is one more than the highest numbered pair that
+       has been set.  For example, if two substrings have been  captured,  the
+       returned  value is 3. If there are no capturing subpatterns, the return
+       value from a successful match is 1, indicating that just the first pair
+       of offsets has been set.
+
+       If a capturing subpattern is matched repeatedly, it is the last portion
+       of the string that it matched that is returned.
+
+       If the vector is too small to hold all the captured substring  offsets,
+       it is used as far as possible (up to two-thirds of its length), and the
+       function returns a value of zero. If neither the actual string  matched
+       nor  any captured substrings are of interest, pcre_exec() may be called
+       with ovector passed as NULL and ovecsize as zero. However, if the  pat-
+       tern  contains  back  references  and  the ovector is not big enough to
+       remember the related substrings, PCRE has to get additional memory  for
+       use  during matching. Thus it is usually advisable to supply an ovector
+       of reasonable size.
+
+       There are some cases where zero is returned  (indicating  vector  over-
+       flow)  when  in fact the vector is exactly the right size for the final
+       match. For example, consider the pattern
+
+         (a)(?:(b)c|bd)
+
+       If a vector of 6 elements (allowing for only 1 captured  substring)  is
+       given with subject string "abd", pcre_exec() will try to set the second
+       captured string, thereby recording a vector overflow, before failing to
+       match  "c"  and  backing  up  to  try  the second alternative. The zero
+       return, however, does correctly indicate that  the  maximum  number  of
+       slots (namely 2) have been filled. In similar cases where there is tem-
+       porary overflow, but the final number of used slots  is  actually  less
+       than the maximum, a non-zero value is returned.
+
+       The pcre_fullinfo() function can be used to find out how many capturing
+       subpatterns there are in a compiled  pattern.  The  smallest  size  for
+       ovector  that  will allow for n captured substrings, in addition to the
+       offsets of the substring matched by the whole pattern, is (n+1)*3.
+
+       It is possible for capturing subpattern number n+1 to match  some  part
+       of the subject when subpattern n has not been used at all. For example,
+       if the string "abc" is matched  against  the  pattern  (a|(z))(bc)  the
+       return from the function is 4, and subpatterns 1 and 3 are matched, but
+       2 is not. When this happens, both values in  the  offset  pairs  corre-
+       sponding to unused subpatterns are set to -1.
+
+       Offset  values  that correspond to unused subpatterns at the end of the
+       expression are also set to -1. For example,  if  the  string  "abc"  is
+       matched  against the pattern (abc)(x(yz)?)? subpatterns 2 and 3 are not
+       matched. The return from the function is 2, because  the  highest  used
+       capturing  subpattern  number  is 1, and the offsets for for the second
+       and third capturing subpatterns (assuming the vector is  large  enough,
+       of course) are set to -1.
+
+       Note:  Elements  in  the first two-thirds of ovector that do not corre-
+       spond to capturing parentheses in the pattern are never  changed.  That
+       is,  if  a pattern contains n capturing parentheses, no more than ovec-
+       tor[0] to ovector[2n+1] are set by pcre_exec(). The other elements  (in
+       the first two-thirds) retain whatever values they previously had.
+
+       Some  convenience  functions  are  provided for extracting the captured
+       substrings as separate strings. These are described below.
+
+   Error return values from pcre_exec()
+
+       If pcre_exec() fails, it returns a negative number. The  following  are
+       defined in the header file:
+
+         PCRE_ERROR_NOMATCH        (-1)
+
+       The subject string did not match the pattern.
+
+         PCRE_ERROR_NULL           (-2)
+
+       Either  code  or  subject  was  passed as NULL, or ovector was NULL and
+       ovecsize was not zero.
+
+         PCRE_ERROR_BADOPTION      (-3)
+
+       An unrecognized bit was set in the options argument.
+
+         PCRE_ERROR_BADMAGIC       (-4)
+
+       PCRE stores a 4-byte "magic number" at the start of the compiled  code,
+       to catch the case when it is passed a junk pointer and to detect when a
+       pattern that was compiled in an environment of one endianness is run in
+       an  environment  with the other endianness. This is the error that PCRE
+       gives when the magic number is not present.
+
+         PCRE_ERROR_UNKNOWN_OPCODE (-5)
+
+       While running the pattern match, an unknown item was encountered in the
+       compiled  pattern.  This  error  could be caused by a bug in PCRE or by
+       overwriting of the compiled pattern.
+
+         PCRE_ERROR_NOMEMORY       (-6)
+
+       If a pattern contains back references, but the ovector that  is  passed
+       to pcre_exec() is not big enough to remember the referenced substrings,
+       PCRE gets a block of memory at the start of matching to  use  for  this
+       purpose.  If the call via pcre_malloc() fails, this error is given. The
+       memory is automatically freed at the end of matching.
+
+       This error is also given if pcre_stack_malloc() fails  in  pcre_exec().
+       This  can happen only when PCRE has been compiled with --disable-stack-
+       for-recursion.
+
+         PCRE_ERROR_NOSUBSTRING    (-7)
+
+       This error is used by the pcre_copy_substring(),  pcre_get_substring(),
+       and  pcre_get_substring_list()  functions  (see  below).  It  is  never
+       returned by pcre_exec().
+
+         PCRE_ERROR_MATCHLIMIT     (-8)
+
+       The backtracking limit, as specified by  the  match_limit  field  in  a
+       pcre_extra  structure  (or  defaulted) was reached. See the description
+       above.
+
+         PCRE_ERROR_CALLOUT        (-9)
+
+       This error is never generated by pcre_exec() itself. It is provided for
+       use  by  callout functions that want to yield a distinctive error code.
+       See the pcrecallout documentation for details.
+
+         PCRE_ERROR_BADUTF8        (-10)
+
+       A string that contains an invalid UTF-8 byte sequence was passed  as  a
+       subject,  and the PCRE_NO_UTF8_CHECK option was not set. If the size of
+       the output vector (ovecsize) is at least 2,  the  byte  offset  to  the
+       start  of  the  the invalid UTF-8 character is placed in the first ele-
+       ment, and a reason code is placed in the  second  element.  The  reason
+       codes are listed in the following section.  For backward compatibility,
+       if PCRE_PARTIAL_HARD is set and the problem is a truncated UTF-8  char-
+       acter   at   the   end   of   the   subject  (reason  codes  1  to  5),
+       PCRE_ERROR_SHORTUTF8 is returned instead of PCRE_ERROR_BADUTF8.
+
+         PCRE_ERROR_BADUTF8_OFFSET (-11)
+
+       The UTF-8 byte sequence that was passed as a subject  was  checked  and
+       found  to be valid (the PCRE_NO_UTF8_CHECK option was not set), but the
+       value of startoffset did not point to the beginning of a UTF-8  charac-
+       ter or the end of the subject.
+
+         PCRE_ERROR_PARTIAL        (-12)
+
+       The  subject  string did not match, but it did match partially. See the
+       pcrepartial documentation for details of partial matching.
+
+         PCRE_ERROR_BADPARTIAL     (-13)
+
+       This code is no longer in  use.  It  was  formerly  returned  when  the
+       PCRE_PARTIAL  option  was used with a compiled pattern containing items
+       that were  not  supported  for  partial  matching.  From  release  8.00
+       onwards, there are no restrictions on partial matching.
+
+         PCRE_ERROR_INTERNAL       (-14)
+
+       An  unexpected  internal error has occurred. This error could be caused
+       by a bug in PCRE or by overwriting of the compiled pattern.
+
+         PCRE_ERROR_BADCOUNT       (-15)
+
+       This error is given if the value of the ovecsize argument is negative.
+
+         PCRE_ERROR_RECURSIONLIMIT (-21)
+
+       The internal recursion limit, as specified by the match_limit_recursion
+       field  in  a  pcre_extra  structure (or defaulted) was reached. See the
+       description above.
+
+         PCRE_ERROR_BADNEWLINE     (-23)
+
+       An invalid combination of PCRE_NEWLINE_xxx options was given.
+
+         PCRE_ERROR_BADOFFSET      (-24)
+
+       The value of startoffset was negative or greater than the length of the
+       subject, that is, the value in length.
+
+         PCRE_ERROR_SHORTUTF8      (-25)
+
+       This  error  is returned instead of PCRE_ERROR_BADUTF8 when the subject
+       string ends with a truncated UTF-8 character and the  PCRE_PARTIAL_HARD
+       option  is  set.   Information  about  the  failure  is returned as for
+       PCRE_ERROR_BADUTF8. It is in fact sufficient to detect this  case,  but
+       this  special error code for PCRE_PARTIAL_HARD precedes the implementa-
+       tion of returned information; it is retained for backwards  compatibil-
+       ity.
+
+         PCRE_ERROR_RECURSELOOP    (-26)
+
+       This error is returned when pcre_exec() detects a recursion loop within
+       the pattern. Specifically, it means that either the whole pattern or  a
+       subpattern  has been called recursively for the second time at the same
+       position in the subject string. Some simple patterns that might do this
+       are  detected  and faulted at compile time, but more complicated cases,
+       in particular mutual recursions between two different subpatterns, can-
+       not be detected until run time.
+
+         PCRE_ERROR_JIT_STACKLIMIT (-27)
+
+       This  error  is  returned  when a pattern that was successfully studied
+       using a JIT compile option is being matched, but the  memory  available
+       for  the  just-in-time  processing  stack  is not large enough. See the
+       pcrejit documentation for more details.
+
+         PCRE_ERROR_BADMODE        (-28)
+
+       This error is given if a pattern that was compiled by the 8-bit library
+       is passed to a 16-bit or 32-bit library function, or vice versa.
+
+         PCRE_ERROR_BADENDIANNESS  (-29)
+
+       This  error  is  given  if  a  pattern  that  was compiled and saved is
+       reloaded on a host with  different  endianness.  The  utility  function
+       pcre_pattern_to_host_byte_order() can be used to convert such a pattern
+       so that it runs on the new host.
+
+         PCRE_ERROR_JIT_BADOPTION
+
+       This error is returned when a pattern  that  was  successfully  studied
+       using  a  JIT  compile  option  is being matched, but the matching mode
+       (partial or complete match) does not correspond to any JIT  compilation
+       mode.  When  the JIT fast path function is used, this error may be also
+       given for invalid options.  See  the  pcrejit  documentation  for  more
+       details.
+
+         PCRE_ERROR_BADLENGTH      (-32)
+
+       This  error is given if pcre_exec() is called with a negative value for
+       the length argument.
+
+       Error numbers -16 to -20, -22, and 30 are not used by pcre_exec().
+
+   Reason codes for invalid UTF-8 strings
+
+       This section applies only  to  the  8-bit  library.  The  corresponding
+       information  for the 16-bit and 32-bit libraries is given in the pcre16
+       and pcre32 pages.
+
+       When pcre_exec() returns either PCRE_ERROR_BADUTF8 or PCRE_ERROR_SHORT-
+       UTF8,  and  the size of the output vector (ovecsize) is at least 2, the
+       offset of the start of the invalid UTF-8 character  is  placed  in  the
+       first output vector element (ovector[0]) and a reason code is placed in
+       the second element (ovector[1]). The reason codes are  given  names  in
+       the pcre.h header file:
+
+         PCRE_UTF8_ERR1
+         PCRE_UTF8_ERR2
+         PCRE_UTF8_ERR3
+         PCRE_UTF8_ERR4
+         PCRE_UTF8_ERR5
+
+       The  string  ends  with a truncated UTF-8 character; the code specifies
+       how many bytes are missing (1 to 5). Although RFC 3629 restricts  UTF-8
+       characters  to  be  no longer than 4 bytes, the encoding scheme (origi-
+       nally defined by RFC 2279) allows for  up  to  6  bytes,  and  this  is
+       checked first; hence the possibility of 4 or 5 missing bytes.
+
+         PCRE_UTF8_ERR6
+         PCRE_UTF8_ERR7
+         PCRE_UTF8_ERR8
+         PCRE_UTF8_ERR9
+         PCRE_UTF8_ERR10
+
+       The two most significant bits of the 2nd, 3rd, 4th, 5th, or 6th byte of
+       the character do not have the binary value 0b10 (that  is,  either  the
+       most significant bit is 0, or the next bit is 1).
+
+         PCRE_UTF8_ERR11
+         PCRE_UTF8_ERR12
+
+       A  character that is valid by the RFC 2279 rules is either 5 or 6 bytes
+       long; these code points are excluded by RFC 3629.
+
+         PCRE_UTF8_ERR13
+
+       A 4-byte character has a value greater than 0x10fff; these code  points
+       are excluded by RFC 3629.
+
+         PCRE_UTF8_ERR14
+
+       A  3-byte  character  has  a  value in the range 0xd800 to 0xdfff; this
+       range of code points are reserved by RFC 3629 for use with UTF-16,  and
+       so are excluded from UTF-8.
+
+         PCRE_UTF8_ERR15
+         PCRE_UTF8_ERR16
+         PCRE_UTF8_ERR17
+         PCRE_UTF8_ERR18
+         PCRE_UTF8_ERR19
+
+       A  2-, 3-, 4-, 5-, or 6-byte character is "overlong", that is, it codes
+       for a value that can be represented by fewer bytes, which  is  invalid.
+       For  example,  the two bytes 0xc0, 0xae give the value 0x2e, whose cor-
+       rect coding uses just one byte.
+
+         PCRE_UTF8_ERR20
+
+       The two most significant bits of the first byte of a character have the
+       binary  value 0b10 (that is, the most significant bit is 1 and the sec-
+       ond is 0). Such a byte can only validly occur as the second  or  subse-
+       quent byte of a multi-byte character.
+
+         PCRE_UTF8_ERR21
+
+       The  first byte of a character has the value 0xfe or 0xff. These values
+       can never occur in a valid UTF-8 string.
+
+         PCRE_UTF8_ERR22
+
+       This error code was formerly used when  the  presence  of  a  so-called
+       "non-character"  caused an error. Unicode corrigendum #9 makes it clear
+       that such characters should not cause a string to be rejected,  and  so
+       this code is no longer in use and is never returned.
+
+
+EXTRACTING CAPTURED SUBSTRINGS BY NUMBER
+
+       int pcre_copy_substring(const char *subject, int *ovector,
+            int stringcount, int stringnumber, char *buffer,
+            int buffersize);
+
+       int pcre_get_substring(const char *subject, int *ovector,
+            int stringcount, int stringnumber,
+            const char **stringptr);
+
+       int pcre_get_substring_list(const char *subject,
+            int *ovector, int stringcount, const char ***listptr);
+
+       Captured  substrings  can  be  accessed  directly  by using the offsets
+       returned by pcre_exec() in  ovector.  For  convenience,  the  functions
+       pcre_copy_substring(),    pcre_get_substring(),    and    pcre_get_sub-
+       string_list() are provided for extracting captured substrings  as  new,
+       separate,  zero-terminated strings. These functions identify substrings
+       by number. The next section describes functions  for  extracting  named
+       substrings.
+
+       A  substring that contains a binary zero is correctly extracted and has
+       a further zero added on the end, but the result is not, of course, a  C
+       string.   However,  you  can  process such a string by referring to the
+       length that is  returned  by  pcre_copy_substring()  and  pcre_get_sub-
+       string().  Unfortunately, the interface to pcre_get_substring_list() is
+       not adequate for handling strings containing binary zeros, because  the
+       end of the final string is not independently indicated.
+
+       The  first  three  arguments  are the same for all three of these func-
+       tions: subject is the subject string that has  just  been  successfully
+       matched, ovector is a pointer to the vector of integer offsets that was
+       passed to pcre_exec(), and stringcount is the number of substrings that
+       were  captured  by  the match, including the substring that matched the
+       entire regular expression. This is the value returned by pcre_exec() if
+       it  is greater than zero. If pcre_exec() returned zero, indicating that
+       it ran out of space in ovector, the value passed as stringcount  should
+       be the number of elements in the vector divided by three.
+
+       The  functions pcre_copy_substring() and pcre_get_substring() extract a
+       single substring, whose number is given as  stringnumber.  A  value  of
+       zero  extracts  the  substring that matched the entire pattern, whereas
+       higher values  extract  the  captured  substrings.  For  pcre_copy_sub-
+       string(),  the  string  is  placed  in buffer, whose length is given by
+       buffersize, while for pcre_get_substring() a new  block  of  memory  is
+       obtained  via  pcre_malloc,  and its address is returned via stringptr.
+       The yield of the function is the length of the  string,  not  including
+       the terminating zero, or one of these error codes:
+
+         PCRE_ERROR_NOMEMORY       (-6)
+
+       The  buffer  was too small for pcre_copy_substring(), or the attempt to
+       get memory failed for pcre_get_substring().
+
+         PCRE_ERROR_NOSUBSTRING    (-7)
+
+       There is no substring whose number is stringnumber.
+
+       The pcre_get_substring_list()  function  extracts  all  available  sub-
+       strings  and  builds  a list of pointers to them. All this is done in a
+       single block of memory that is obtained via pcre_malloc. The address of
+       the  memory  block  is returned via listptr, which is also the start of
+       the list of string pointers. The end of the list is marked  by  a  NULL
+       pointer.  The  yield  of  the function is zero if all went well, or the
+       error code
+
+         PCRE_ERROR_NOMEMORY       (-6)
+
+       if the attempt to get the memory block failed.
+
+       When any of these functions encounter a substring that is unset,  which
+       can  happen  when  capturing subpattern number n+1 matches some part of
+       the subject, but subpattern n has not been used at all, they return  an
+       empty string. This can be distinguished from a genuine zero-length sub-
+       string by inspecting the appropriate offset in ovector, which is  nega-
+       tive for unset substrings.
+
+       The  two convenience functions pcre_free_substring() and pcre_free_sub-
+       string_list() can be used to free the memory  returned  by  a  previous
+       call  of  pcre_get_substring()  or  pcre_get_substring_list(),  respec-
+       tively. They do nothing more than  call  the  function  pointed  to  by
+       pcre_free,  which  of course could be called directly from a C program.
+       However, PCRE is used in some situations where it is linked via a  spe-
+       cial   interface  to  another  programming  language  that  cannot  use
+       pcre_free directly; it is for these cases that the functions  are  pro-
+       vided.
+
+
+EXTRACTING CAPTURED SUBSTRINGS BY NAME
+
+       int pcre_get_stringnumber(const pcre *code,
+            const char *name);
+
+       int pcre_copy_named_substring(const pcre *code,
+            const char *subject, int *ovector,
+            int stringcount, const char *stringname,
+            char *buffer, int buffersize);
+
+       int pcre_get_named_substring(const pcre *code,
+            const char *subject, int *ovector,
+            int stringcount, const char *stringname,
+            const char **stringptr);
+
+       To  extract a substring by name, you first have to find associated num-
+       ber.  For example, for this pattern
+
+         (a+)b(?<xxx>\d+)...
+
+       the number of the subpattern called "xxx" is 2. If the name is known to
+       be unique (PCRE_DUPNAMES was not set), you can find the number from the
+       name by calling pcre_get_stringnumber(). The first argument is the com-
+       piled pattern, and the second is the name. The yield of the function is
+       the subpattern number, or PCRE_ERROR_NOSUBSTRING (-7) if  there  is  no
+       subpattern of that name.
+
+       Given the number, you can extract the substring directly, or use one of
+       the functions described in the previous section. For convenience, there
+       are also two functions that do the whole job.
+
+       Most    of    the    arguments   of   pcre_copy_named_substring()   and
+       pcre_get_named_substring() are the same  as  those  for  the  similarly
+       named  functions  that extract by number. As these are described in the
+       previous section, they are not re-described here. There  are  just  two
+       differences:
+
+       First,  instead  of a substring number, a substring name is given. Sec-
+       ond, there is an extra argument, given at the start, which is a pointer
+       to  the compiled pattern. This is needed in order to gain access to the
+       name-to-number translation table.
+
+       These functions call pcre_get_stringnumber(), and if it succeeds,  they
+       then  call  pcre_copy_substring() or pcre_get_substring(), as appropri-
+       ate. NOTE: If PCRE_DUPNAMES is set and there are duplicate  names,  the
+       behaviour may not be what you want (see the next section).
+
+       Warning: If the pattern uses the (?| feature to set up multiple subpat-
+       terns with the same number, as described in the  section  on  duplicate
+       subpattern  numbers  in  the  pcrepattern page, you cannot use names to
+       distinguish the different subpatterns, because names are  not  included
+       in  the compiled code. The matching process uses only numbers. For this
+       reason, the use of different names for subpatterns of the  same  number
+       causes an error at compile time.
+
+
+DUPLICATE SUBPATTERN NAMES
+
+       int pcre_get_stringtable_entries(const pcre *code,
+            const char *name, char **first, char **last);
+
+       When  a  pattern  is  compiled with the PCRE_DUPNAMES option, names for
+       subpatterns are not required to be unique. (Duplicate names are  always
+       allowed  for subpatterns with the same number, created by using the (?|
+       feature. Indeed, if such subpatterns are named, they  are  required  to
+       use the same names.)
+
+       Normally, patterns with duplicate names are such that in any one match,
+       only one of the named subpatterns participates. An example is shown  in
+       the pcrepattern documentation.
+
+       When    duplicates   are   present,   pcre_copy_named_substring()   and
+       pcre_get_named_substring() return the first substring corresponding  to
+       the  given  name  that  is set. If none are set, PCRE_ERROR_NOSUBSTRING
+       (-7) is returned; no  data  is  returned.  The  pcre_get_stringnumber()
+       function  returns one of the numbers that are associated with the name,
+       but it is not defined which it is.
+
+       If you want to get full details of all captured substrings for a  given
+       name,  you  must  use  the pcre_get_stringtable_entries() function. The
+       first argument is the compiled pattern, and the second is the name. The
+       third  and  fourth  are  pointers to variables which are updated by the
+       function. After it has run, they point to the first and last entries in
+       the  name-to-number  table  for  the  given  name.  The function itself
+       returns the length of each entry,  or  PCRE_ERROR_NOSUBSTRING  (-7)  if
+       there  are none. The format of the table is described above in the sec-
+       tion entitled Information about a pattern above.  Given all  the  rele-
+       vant  entries  for the name, you can extract each of their numbers, and
+       hence the captured data, if any.
+
+
+FINDING ALL POSSIBLE MATCHES
+
+       The traditional matching function uses a  similar  algorithm  to  Perl,
+       which stops when it finds the first match, starting at a given point in
+       the subject. If you want to find all possible matches, or  the  longest
+       possible  match,  consider using the alternative matching function (see
+       below) instead. If you cannot use the alternative function,  but  still
+       need  to  find all possible matches, you can kludge it up by making use
+       of the callout facility, which is described in the pcrecallout documen-
+       tation.
+
+       What you have to do is to insert a callout right at the end of the pat-
+       tern.  When your callout function is called, extract and save the  cur-
+       rent  matched  substring.  Then  return  1, which forces pcre_exec() to
+       backtrack and try other alternatives. Ultimately, when it runs  out  of
+       matches, pcre_exec() will yield PCRE_ERROR_NOMATCH.
+
+
+OBTAINING AN ESTIMATE OF STACK USAGE
+
+       Matching  certain  patterns  using pcre_exec() can use a lot of process
+       stack, which in certain environments can be  rather  limited  in  size.
+       Some  users  find it helpful to have an estimate of the amount of stack
+       that is used by pcre_exec(), to help  them  set  recursion  limits,  as
+       described  in  the pcrestack documentation. The estimate that is output
+       by pcretest when called with the -m and -C options is obtained by call-
+       ing  pcre_exec with the values NULL, NULL, NULL, -999, and -999 for its
+       first five arguments.
+
+       Normally, if  its  first  argument  is  NULL,  pcre_exec()  immediately
+       returns  the negative error code PCRE_ERROR_NULL, but with this special
+       combination of arguments, it returns instead a  negative  number  whose
+       absolute  value  is the approximate stack frame size in bytes. (A nega-
+       tive number is used so that it is clear that no  match  has  happened.)
+       The  value  is  approximate  because  in some cases, recursive calls to
+       pcre_exec() occur when there are one or two additional variables on the
+       stack.
+
+       If  PCRE  has  been  compiled  to use the heap instead of the stack for
+       recursion, the value returned  is  the  size  of  each  block  that  is
+       obtained from the heap.
+
+
+MATCHING A PATTERN: THE ALTERNATIVE FUNCTION
+
+       int pcre_dfa_exec(const pcre *code, const pcre_extra *extra,
+            const char *subject, int length, int startoffset,
+            int options, int *ovector, int ovecsize,
+            int *workspace, int wscount);
+
+       The  function  pcre_dfa_exec()  is  called  to  match  a subject string
+       against a compiled pattern, using a matching algorithm that  scans  the
+       subject  string  just  once, and does not backtrack. This has different
+       characteristics to the normal algorithm, and  is  not  compatible  with
+       Perl.  Some  of the features of PCRE patterns are not supported. Never-
+       theless, there are times when this kind of matching can be useful.  For
+       a  discussion  of  the  two matching algorithms, and a list of features
+       that pcre_dfa_exec() does not support, see the pcrematching  documenta-
+       tion.
+
+       The  arguments  for  the  pcre_dfa_exec()  function are the same as for
+       pcre_exec(), plus two extras. The ovector argument is used in a differ-
+       ent  way,  and  this is described below. The other common arguments are
+       used in the same way as for pcre_exec(), so their  description  is  not
+       repeated here.
+
+       The  two  additional  arguments provide workspace for the function. The
+       workspace vector should contain at least 20 elements. It  is  used  for
+       keeping  track  of  multiple  paths  through  the  pattern  tree.  More
+       workspace will be needed for patterns and subjects where  there  are  a
+       lot of potential matches.
+
+       Here is an example of a simple call to pcre_dfa_exec():
+
+         int rc;
+         int ovector[10];
+         int wspace[20];
+         rc = pcre_dfa_exec(
+           re,             /* result of pcre_compile() */
+           NULL,           /* we didn't study the pattern */
+           "some string",  /* the subject string */
+           11,             /* the length of the subject string */
+           0,              /* start at offset 0 in the subject */
+           0,              /* default options */
+           ovector,        /* vector of integers for substring information */
+           10,             /* number of elements (NOT size in bytes) */
+           wspace,         /* working space vector */
+           20);            /* number of elements (NOT size in bytes) */
+
+   Option bits for pcre_dfa_exec()
+
+       The  unused  bits  of  the options argument for pcre_dfa_exec() must be
+       zero. The only bits  that  may  be  set  are  PCRE_ANCHORED,  PCRE_NEW-
+       LINE_xxx,        PCRE_NOTBOL,        PCRE_NOTEOL,        PCRE_NOTEMPTY,
+       PCRE_NOTEMPTY_ATSTART,      PCRE_NO_UTF8_CHECK,       PCRE_BSR_ANYCRLF,
+       PCRE_BSR_UNICODE,  PCRE_NO_START_OPTIMIZE, PCRE_PARTIAL_HARD, PCRE_PAR-
+       TIAL_SOFT, PCRE_DFA_SHORTEST, and PCRE_DFA_RESTART.  All but  the  last
+       four  of  these  are  exactly  the  same  as  for pcre_exec(), so their
+       description is not repeated here.
+
+         PCRE_PARTIAL_HARD
+         PCRE_PARTIAL_SOFT
+
+       These have the same general effect as they do for pcre_exec(), but  the
+       details  are  slightly  different.  When  PCRE_PARTIAL_HARD  is set for
+       pcre_dfa_exec(), it returns PCRE_ERROR_PARTIAL if the end of  the  sub-
+       ject  is  reached  and there is still at least one matching possibility
+       that requires additional characters. This happens even if some complete
+       matches have also been found. When PCRE_PARTIAL_SOFT is set, the return
+       code PCRE_ERROR_NOMATCH is converted into PCRE_ERROR_PARTIAL if the end
+       of  the  subject  is  reached, there have been no complete matches, but
+       there is still at least one matching possibility. The  portion  of  the
+       string  that  was inspected when the longest partial match was found is
+       set as the first matching string  in  both  cases.   There  is  a  more
+       detailed  discussion  of partial and multi-segment matching, with exam-
+       ples, in the pcrepartial documentation.
+
+         PCRE_DFA_SHORTEST
+
+       Setting the PCRE_DFA_SHORTEST option causes the matching  algorithm  to
+       stop as soon as it has found one match. Because of the way the alterna-
+       tive algorithm works, this is necessarily the shortest  possible  match
+       at the first possible matching point in the subject string.
+
+         PCRE_DFA_RESTART
+
+       When pcre_dfa_exec() returns a partial match, it is possible to call it
+       again, with additional subject characters, and have  it  continue  with
+       the  same match. The PCRE_DFA_RESTART option requests this action; when
+       it is set, the workspace and wscount options must  reference  the  same
+       vector  as  before  because data about the match so far is left in them
+       after a partial match. There is more discussion of this facility in the
+       pcrepartial documentation.
+
+   Successful returns from pcre_dfa_exec()
+
+       When  pcre_dfa_exec()  succeeds, it may have matched more than one sub-
+       string in the subject. Note, however, that all the matches from one run
+       of  the  function  start  at the same point in the subject. The shorter
+       matches are all initial substrings of the longer matches. For  example,
+       if the pattern
+
+         <.*>
+
+       is matched against the string
+
+         This is <something> <something else> <something further> no more
+
+       the three matched strings are
+
+         <something>
+         <something> <something else>
+         <something> <something else> <something further>
+
+       On  success,  the  yield of the function is a number greater than zero,
+       which is the number of matched substrings.  The  substrings  themselves
+       are  returned  in  ovector. Each string uses two elements; the first is
+       the offset to the start, and the second is the offset to  the  end.  In
+       fact,  all  the  strings  have the same start offset. (Space could have
+       been saved by giving this only once, but it was decided to retain  some
+       compatibility  with  the  way pcre_exec() returns data, even though the
+       meaning of the strings is different.)
+
+       The strings are returned in reverse order of length; that is, the long-
+       est  matching  string is given first. If there were too many matches to
+       fit into ovector, the yield of the function is zero, and the vector  is
+       filled  with  the  longest matches. Unlike pcre_exec(), pcre_dfa_exec()
+       can use the entire ovector for returning matched strings.
+
+       NOTE: PCRE's "auto-possessification" optimization  usually  applies  to
+       character  repeats at the end of a pattern (as well as internally). For
+       example, the pattern "a\d+" is compiled as if it were  "a\d++"  because
+       there is no point even considering the possibility of backtracking into
+       the repeated digits. For DFA matching, this means that only one  possi-
+       ble  match  is  found.  If  you really do want multiple matches in such
+       cases,  either  use  an  ungreedy   repeat   ("a\d+?")   or   set   the
+       PCRE_NO_AUTO_POSSESS option when compiling.
+
+   Error returns from pcre_dfa_exec()
+
+       The  pcre_dfa_exec()  function returns a negative number when it fails.
+       Many of the errors are the same  as  for  pcre_exec(),  and  these  are
+       described  above.   There are in addition the following errors that are
+       specific to pcre_dfa_exec():
+
+         PCRE_ERROR_DFA_UITEM      (-16)
+
+       This return is given if pcre_dfa_exec() encounters an item in the  pat-
+       tern  that  it  does not support, for instance, the use of \C or a back
+       reference.
+
+         PCRE_ERROR_DFA_UCOND      (-17)
+
+       This return is given if pcre_dfa_exec()  encounters  a  condition  item
+       that  uses  a back reference for the condition, or a test for recursion
+       in a specific group. These are not supported.
+
+         PCRE_ERROR_DFA_UMLIMIT    (-18)
+
+       This return is given if pcre_dfa_exec() is called with an  extra  block
+       that  contains  a  setting  of the match_limit or match_limit_recursion
+       fields. This is not supported (these fields  are  meaningless  for  DFA
+       matching).
+
+         PCRE_ERROR_DFA_WSSIZE     (-19)
+
+       This  return  is  given  if  pcre_dfa_exec()  runs  out of space in the
+       workspace vector.
+
+         PCRE_ERROR_DFA_RECURSE    (-20)
+
+       When a recursive subpattern is processed, the matching  function  calls
+       itself  recursively,  using  private vectors for ovector and workspace.
+       This error is given if the output vector  is  not  large  enough.  This
+       should be extremely rare, as a vector of size 1000 is used.
+
+         PCRE_ERROR_DFA_BADRESTART (-30)
+
+       When  pcre_dfa_exec()  is called with the PCRE_DFA_RESTART option, some
+       plausibility checks are made on the contents of  the  workspace,  which
+       should  contain  data about the previous partial match. If any of these
+       checks fail, this error is given.
+
+
+SEE ALSO
+
+       pcre16(3),  pcre32(3),  pcrebuild(3),  pcrecallout(3),   pcrecpp(3)(3),
+       pcrematching(3), pcrepartial(3), pcreposix(3), pcreprecompile(3), pcre-
+       sample(3), pcrestack(3).
+
+
+AUTHOR
+
+       Philip Hazel
+       University Computing Service
+       Cambridge CB2 3QH, England.
+
+
+REVISION
+
+       Last updated: 18 December 2015
+       Copyright (c) 1997-2015 University of Cambridge.
+------------------------------------------------------------------------------
+
+
+PCRECALLOUT(3)             Library Functions Manual             PCRECALLOUT(3)
+
+
+
+NAME
+       PCRE - Perl-compatible regular expressions
+
+SYNOPSIS
+
+       #include <pcre.h>
+
+       int (*pcre_callout)(pcre_callout_block *);
+
+       int (*pcre16_callout)(pcre16_callout_block *);
+
+       int (*pcre32_callout)(pcre32_callout_block *);
+
+
+DESCRIPTION
+
+       PCRE provides a feature called "callout", which is a means of temporar-
+       ily passing control to the caller of PCRE  in  the  middle  of  pattern
+       matching.  The  caller of PCRE provides an external function by putting
+       its entry point in the global variable pcre_callout (pcre16_callout for
+       the 16-bit library, pcre32_callout for the 32-bit library). By default,
+       this variable contains NULL, which disables all calling out.
+
+       Within a regular expression, (?C) indicates the  points  at  which  the
+       external  function  is  to  be  called. Different callout points can be
+       identified by putting a number less than 256 after the  letter  C.  The
+       default  value  is  zero.   For  example,  this pattern has two callout
+       points:
+
+         (?C1)abc(?C2)def
+
+       If the PCRE_AUTO_CALLOUT option bit is set when a pattern is  compiled,
+       PCRE  automatically  inserts callouts, all with number 255, before each
+       item in the pattern. For example, if PCRE_AUTO_CALLOUT is used with the
+       pattern
+
+         A(\d{2}|--)
+
+       it is processed as if it were
+
+       (?C255)A(?C255)((?C255)\d{2}(?C255)|(?C255)-(?C255)-(?C255))(?C255)
+
+       Notice  that  there  is a callout before and after each parenthesis and
+       alternation bar. If the pattern contains a conditional group whose con-
+       dition  is  an  assertion, an automatic callout is inserted immediately
+       before the condition. Such a callout may also be  inserted  explicitly,
+       for example:
+
+         (?(?C9)(?=a)ab|de)
+
+       This  applies only to assertion conditions (because they are themselves
+       independent groups).
+
+       Automatic callouts can be used for tracking  the  progress  of  pattern
+       matching.   The pcretest program has a pattern qualifier (/C) that sets
+       automatic callouts; when it is used, the output indicates how the  pat-
+       tern  is  being matched. This is useful information when you are trying
+       to optimize the performance of a particular pattern.
+
+
+MISSING CALLOUTS
+
+       You should be aware that, because of optimizations in the way PCRE com-
+       piles and matches patterns, callouts sometimes do not happen exactly as
+       you might expect.
+
+       At compile time, PCRE "auto-possessifies" repeated items when it  knows
+       that  what follows cannot be part of the repeat. For example, a+[bc] is
+       compiled as if it were a++[bc]. The pcretest output when  this  pattern
+       is  anchored  and  then  applied  with automatic callouts to the string
+       "aaaa" is:
+
+         --->aaaa
+          +0 ^        ^
+          +1 ^        a+
+          +3 ^   ^    [bc]
+         No match
+
+       This indicates that when matching [bc] fails, there is no  backtracking
+       into  a+  and  therefore the callouts that would be taken for the back-
+       tracks do not occur.  You can disable the  auto-possessify  feature  by
+       passing PCRE_NO_AUTO_POSSESS to pcre_compile(), or starting the pattern
+       with (*NO_AUTO_POSSESS). If this is done  in  pcretest  (using  the  /O
+       qualifier), the output changes to this:
+
+         --->aaaa
+          +0 ^        ^
+          +1 ^        a+
+          +3 ^   ^    [bc]
+          +3 ^  ^     [bc]
+          +3 ^ ^      [bc]
+          +3 ^^       [bc]
+         No match
+
+       This time, when matching [bc] fails, the matcher backtracks into a+ and
+       tries again, repeatedly, until a+ itself fails.
+
+       Other optimizations that provide fast "no match"  results  also  affect
+       callouts.  For example, if the pattern is
+
+         ab(?C4)cd
+
+       PCRE knows that any matching string must contain the letter "d". If the
+       subject string is "abyz", the lack of "d" means that  matching  doesn't
+       ever  start,  and  the  callout is never reached. However, with "abyd",
+       though the result is still no match, the callout is obeyed.
+
+       If the pattern is studied, PCRE knows the minimum length of a  matching
+       string,  and will immediately give a "no match" return without actually
+       running a match if the subject is not long enough, or,  for  unanchored
+       patterns, if it has been scanned far enough.
+
+       You  can disable these optimizations by passing the PCRE_NO_START_OPTI-
+       MIZE option to the matching function, or by starting the  pattern  with
+       (*NO_START_OPT).  This slows down the matching process, but does ensure
+       that callouts such as the example above are obeyed.
+
+
+THE CALLOUT INTERFACE
+
+       During matching, when PCRE reaches a callout point, the external  func-
+       tion defined by pcre_callout or pcre[16|32]_callout is called (if it is
+       set). This applies to both normal and DFA matching. The  only  argument
+       to   the   callout   function   is  a  pointer  to  a  pcre_callout  or
+       pcre[16|32]_callout block.  These  structures  contains  the  following
+       fields:
+
+         int           version;
+         int           callout_number;
+         int          *offset_vector;
+         const char   *subject;           (8-bit version)
+         PCRE_SPTR16   subject;           (16-bit version)
+         PCRE_SPTR32   subject;           (32-bit version)
+         int           subject_length;
+         int           start_match;
+         int           current_position;
+         int           capture_top;
+         int           capture_last;
+         void         *callout_data;
+         int           pattern_position;
+         int           next_item_length;
+         const unsigned char *mark;       (8-bit version)
+         const PCRE_UCHAR16  *mark;       (16-bit version)
+         const PCRE_UCHAR32  *mark;       (32-bit version)
+
+       The  version  field  is an integer containing the version number of the
+       block format. The initial version was 0; the current version is 2.  The
+       version  number  will  change  again in future if additional fields are
+       added, but the intention is never to remove any of the existing fields.
+
+       The callout_number field contains the number of the  callout,  as  com-
+       piled  into  the pattern (that is, the number after ?C for manual call-
+       outs, and 255 for automatically generated callouts).
+
+       The offset_vector field is a pointer to the vector of offsets that  was
+       passed  by  the  caller  to  the matching function. When pcre_exec() or
+       pcre[16|32]_exec() is used, the contents can be inspected, in order  to
+       extract  substrings  that  have been matched so far, in the same way as
+       for extracting substrings after a match  has  completed.  For  the  DFA
+       matching functions, this field is not useful.
+
+       The subject and subject_length fields contain copies of the values that
+       were passed to the matching function.
+
+       The start_match field normally contains the offset within  the  subject
+       at  which  the  current  match  attempt started. However, if the escape
+       sequence \K has been encountered, this value is changed to reflect  the
+       modified  starting  point.  If the pattern is not anchored, the callout
+       function may be called several times from the same point in the pattern
+       for different starting points in the subject.
+
+       The  current_position  field  contains the offset within the subject of
+       the current match pointer.
+
+       When the pcre_exec() or pcre[16|32]_exec()  is  used,  the  capture_top
+       field  contains  one  more than the number of the highest numbered cap-
+       tured substring so far. If no substrings have been captured, the  value
+       of  capture_top  is one. This is always the case when the DFA functions
+       are used, because they do not support captured substrings.
+
+       The capture_last field contains the number of the  most  recently  cap-
+       tured  substring. However, when a recursion exits, the value reverts to
+       what it was outside the recursion, as do the  values  of  all  captured
+       substrings.  If  no  substrings  have  been captured, the value of cap-
+       ture_last is -1. This is always the case for  the  DFA  matching  func-
+       tions.
+
+       The  callout_data  field  contains a value that is passed to a matching
+       function specifically so that it can be passed back in callouts. It  is
+       passed  in  the callout_data field of a pcre_extra or pcre[16|32]_extra
+       data structure. If no such data was passed, the value  of  callout_data
+       in  a  callout  block is NULL. There is a description of the pcre_extra
+       structure in the pcreapi documentation.
+
+       The pattern_position field is present from version  1  of  the  callout
+       structure. It contains the offset to the next item to be matched in the
+       pattern string.
+
+       The next_item_length field is present from version  1  of  the  callout
+       structure. It contains the length of the next item to be matched in the
+       pattern string. When the callout immediately  precedes  an  alternation
+       bar,  a  closing  parenthesis, or the end of the pattern, the length is
+       zero. When the callout precedes an opening parenthesis, the  length  is
+       that of the entire subpattern.
+
+       The  pattern_position  and next_item_length fields are intended to help
+       in distinguishing between different automatic callouts, which all  have
+       the same callout number. However, they are set for all callouts.
+
+       The  mark  field is present from version 2 of the callout structure. In
+       callouts from pcre_exec() or pcre[16|32]_exec() it contains  a  pointer
+       to  the  zero-terminated  name  of  the  most  recently passed (*MARK),
+       (*PRUNE), or (*THEN) item in the match, or NULL if no such  items  have
+       been  passed.  Instances  of  (*PRUNE) or (*THEN) without a name do not
+       obliterate a previous (*MARK). In callouts from the DFA matching  func-
+       tions this field always contains NULL.
+
+
+RETURN VALUES
+
+       The  external callout function returns an integer to PCRE. If the value
+       is zero, matching proceeds as normal. If  the  value  is  greater  than
+       zero,  matching  fails  at  the current point, but the testing of other
+       matching possibilities goes ahead, just as if a lookahead assertion had
+       failed.  If  the  value  is less than zero, the match is abandoned, the
+       matching function returns the negative value.
+
+       Negative  values  should  normally  be   chosen   from   the   set   of
+       PCRE_ERROR_xxx values. In particular, PCRE_ERROR_NOMATCH forces a stan-
+       dard "no  match"  failure.   The  error  number  PCRE_ERROR_CALLOUT  is
+       reserved  for  use  by callout functions; it will never be used by PCRE
+       itself.
+
+
+AUTHOR
+
+       Philip Hazel
+       University Computing Service
+       Cambridge CB2 3QH, England.
+
+
+REVISION
+
+       Last updated: 12 November 2013
+       Copyright (c) 1997-2013 University of Cambridge.
+------------------------------------------------------------------------------
+
+
+PCRECOMPAT(3)              Library Functions Manual              PCRECOMPAT(3)
+
+
+
+NAME
+       PCRE - Perl-compatible regular expressions
+
+DIFFERENCES BETWEEN PCRE AND PERL
+
+       This  document describes the differences in the ways that PCRE and Perl
+       handle regular expressions. The differences  described  here  are  with
+       respect to Perl versions 5.10 and above.
+
+       1. PCRE has only a subset of Perl's Unicode support. Details of what it
+       does have are given in the pcreunicode page.
+
+       2. PCRE allows repeat quantifiers only on parenthesized assertions, but
+       they  do  not mean what you might think. For example, (?!a){3} does not
+       assert that the next three characters are not "a". It just asserts that
+       the next character is not "a" three times (in principle: PCRE optimizes
+       this to run the assertion just once). Perl allows repeat quantifiers on
+       other assertions such as \b, but these do not seem to have any use.
+
+       3.  Capturing  subpatterns  that occur inside negative lookahead asser-
+       tions are counted, but their entries in the offsets  vector  are  never
+       set.  Perl sometimes (but not always) sets its numerical variables from
+       inside negative assertions.
+
+       4. Though binary zero characters are supported in the  subject  string,
+       they are not allowed in a pattern string because it is passed as a nor-
+       mal C string, terminated by zero. The escape sequence \0 can be used in
+       the pattern to represent a binary zero.
+
+       5.  The  following Perl escape sequences are not supported: \l, \u, \L,
+       \U, and \N when followed by a character name or Unicode value.  (\N  on
+       its own, matching a non-newline character, is supported.) In fact these
+       are implemented by Perl's general string-handling and are not  part  of
+       its  pattern  matching engine. If any of these are encountered by PCRE,
+       an error is generated by default. However, if the  PCRE_JAVASCRIPT_COM-
+       PAT  option  is set, \U and \u are interpreted as JavaScript interprets
+       them.
+
+       6. The Perl escape sequences \p, \P, and \X are supported only if  PCRE
+       is  built  with Unicode character property support. The properties that
+       can be tested with \p and \P are limited to the general category  prop-
+       erties  such  as  Lu and Nd, script names such as Greek or Han, and the
+       derived properties Any and L&. PCRE does  support  the  Cs  (surrogate)
+       property,  which  Perl  does  not; the Perl documentation says "Because
+       Perl hides the need for the user to understand the internal representa-
+       tion  of Unicode characters, there is no need to implement the somewhat
+       messy concept of surrogates."
+
+       7. PCRE does support the \Q...\E escape for quoting substrings. Charac-
+       ters  in  between  are  treated as literals. This is slightly different
+       from Perl in that $ and @ are  also  handled  as  literals  inside  the
+       quotes.  In Perl, they cause variable interpolation (but of course PCRE
+       does not have variables). Note the following examples:
+
+           Pattern            PCRE matches      Perl matches
+
+           \Qabc$xyz\E        abc$xyz           abc followed by the
+                                                  contents of $xyz
+           \Qabc\$xyz\E       abc\$xyz          abc\$xyz
+           \Qabc\E\$\Qxyz\E   abc$xyz           abc$xyz
+
+       The \Q...\E sequence is recognized both inside  and  outside  character
+       classes.
+
+       8. Fairly obviously, PCRE does not support the (?{code}) and (??{code})
+       constructions. However, there is support for recursive  patterns.  This
+       is  not  available  in Perl 5.8, but it is in Perl 5.10. Also, the PCRE
+       "callout" feature allows an external function to be called during  pat-
+       tern matching. See the pcrecallout documentation for details.
+
+       9.  Subpatterns  that  are called as subroutines (whether or not recur-
+       sively) are always treated as atomic  groups  in  PCRE.  This  is  like
+       Python,  but  unlike Perl.  Captured values that are set outside a sub-
+       routine call can be reference from inside in PCRE,  but  not  in  Perl.
+       There is a discussion that explains these differences in more detail in
+       the section on recursion differences from Perl in the pcrepattern page.
+
+       10. If any of the backtracking control verbs are used in  a  subpattern
+       that  is  called  as  a  subroutine (whether or not recursively), their
+       effect is confined to that subpattern; it does not extend to  the  sur-
+       rounding  pattern.  This is not always the case in Perl. In particular,
+       if (*THEN) is present in a group that is called as  a  subroutine,  its
+       action is limited to that group, even if the group does not contain any
+       | characters. Note that such subpatterns are processed as  anchored  at
+       the point where they are tested.
+
+       11.  If a pattern contains more than one backtracking control verb, the
+       first one that is backtracked onto acts. For example,  in  the  pattern
+       A(*COMMIT)B(*PRUNE)C  a  failure in B triggers (*COMMIT), but a failure
+       in C triggers (*PRUNE). Perl's behaviour is more complex; in many cases
+       it is the same as PCRE, but there are examples where it differs.
+
+       12.  Most  backtracking  verbs in assertions have their normal actions.
+       They are not confined to the assertion.
+
+       13. There are some differences that are concerned with the settings  of
+       captured  strings  when  part  of  a  pattern is repeated. For example,
+       matching "aba" against the  pattern  /^(a(b)?)+$/  in  Perl  leaves  $2
+       unset, but in PCRE it is set to "b".
+
+       14.  PCRE's handling of duplicate subpattern numbers and duplicate sub-
+       pattern names is not as general as Perl's. This is a consequence of the
+       fact the PCRE works internally just with numbers, using an external ta-
+       ble to translate between numbers and names. In  particular,  a  pattern
+       such  as  (?|(?<a>A)|(?<b>B),  where the two capturing parentheses have
+       the same number but different names, is not supported,  and  causes  an
+       error  at compile time. If it were allowed, it would not be possible to
+       distinguish which parentheses matched, because both names map  to  cap-
+       turing subpattern number 1. To avoid this confusing situation, an error
+       is given at compile time.
+
+       15. Perl recognizes comments in some places that  PCRE  does  not,  for
+       example,  between  the  ( and ? at the start of a subpattern. If the /x
+       modifier is set, Perl allows white space between ( and ?  (though  cur-
+       rent  Perls  warn that this is deprecated) but PCRE never does, even if
+       the PCRE_EXTENDED option is set.
+
+       16. Perl, when in warning mode, gives warnings  for  character  classes
+       such  as  [A-\d] or [a-[:digit:]]. It then treats the hyphens as liter-
+       als. PCRE has no warning features, so it gives an error in these  cases
+       because they are almost certainly user mistakes.
+
+       17.  In  PCRE,  the upper/lower case character properties Lu and Ll are
+       not affected when case-independent matching is specified. For  example,
+       \p{Lu} always matches an upper case letter. I think Perl has changed in
+       this respect; in the release at the time of writing (5.16), \p{Lu}  and
+       \p{Ll} match all letters, regardless of case, when case independence is
+       specified.
+
+       18. PCRE provides some extensions to the Perl regular expression facil-
+       ities.   Perl  5.10  includes new features that are not in earlier ver-
+       sions of Perl, some of which (such as named parentheses) have  been  in
+       PCRE for some time. This list is with respect to Perl 5.10:
+
+       (a)  Although  lookbehind  assertions  in  PCRE must match fixed length
+       strings, each alternative branch of a lookbehind assertion can match  a
+       different  length  of  string.  Perl requires them all to have the same
+       length.
+
+       (b) If PCRE_DOLLAR_ENDONLY is set and PCRE_MULTILINE is not set, the  $
+       meta-character matches only at the very end of the string.
+
+       (c) If PCRE_EXTRA is set, a backslash followed by a letter with no spe-
+       cial meaning is faulted. Otherwise, like Perl, the backslash is quietly
+       ignored.  (Perl can be made to issue a warning.)
+
+       (d)  If  PCRE_UNGREEDY is set, the greediness of the repetition quanti-
+       fiers is inverted, that is, by default they are not greedy, but if fol-
+       lowed by a question mark they are.
+
+       (e) PCRE_ANCHORED can be used at matching time to force a pattern to be
+       tried only at the first matching position in the subject string.
+
+       (f) The PCRE_NOTBOL, PCRE_NOTEOL, PCRE_NOTEMPTY, PCRE_NOTEMPTY_ATSTART,
+       and  PCRE_NO_AUTO_CAPTURE  options for pcre_exec() have no Perl equiva-
+       lents.
+
+       (g) The \R escape sequence can be restricted to match only CR,  LF,  or
+       CRLF by the PCRE_BSR_ANYCRLF option.
+
+       (h) The callout facility is PCRE-specific.
+
+       (i) The partial matching facility is PCRE-specific.
+
+       (j) Patterns compiled by PCRE can be saved and re-used at a later time,
+       even on different hosts that have the other endianness.  However,  this
+       does not apply to optimized data created by the just-in-time compiler.
+
+       (k)    The    alternative    matching    functions    (pcre_dfa_exec(),
+       pcre16_dfa_exec() and pcre32_dfa_exec(),) match in a different way  and
+       are not Perl-compatible.
+
+       (l)  PCRE  recognizes some special sequences such as (*CR) at the start
+       of a pattern that set overall options that cannot be changed within the
+       pattern.
+
+
+AUTHOR
+
+       Philip Hazel
+       University Computing Service
+       Cambridge CB2 3QH, England.
+
+
+REVISION
+
+       Last updated: 10 November 2013
+       Copyright (c) 1997-2013 University of Cambridge.
+------------------------------------------------------------------------------
+
+
+PCREPATTERN(3)             Library Functions Manual             PCREPATTERN(3)
+
+
+
+NAME
+       PCRE - Perl-compatible regular expressions
+
+PCRE REGULAR EXPRESSION DETAILS
+
+       The  syntax and semantics of the regular expressions that are supported
+       by PCRE are described in detail below. There is a quick-reference  syn-
+       tax summary in the pcresyntax page. PCRE tries to match Perl syntax and
+       semantics as closely as it can. PCRE  also  supports  some  alternative
+       regular  expression  syntax (which does not conflict with the Perl syn-
+       tax) in order to provide some compatibility with regular expressions in
+       Python, .NET, and Oniguruma.
+
+       Perl's  regular expressions are described in its own documentation, and
+       regular expressions in general are covered in a number of  books,  some
+       of  which  have  copious  examples. Jeffrey Friedl's "Mastering Regular
+       Expressions", published by  O'Reilly,  covers  regular  expressions  in
+       great  detail.  This  description  of  PCRE's  regular  expressions  is
+       intended as reference material.
+
+       This document discusses the patterns that are supported  by  PCRE  when
+       one    its    main   matching   functions,   pcre_exec()   (8-bit)   or
+       pcre[16|32]_exec() (16- or 32-bit), is used. PCRE also has  alternative
+       matching  functions,  pcre_dfa_exec()  and pcre[16|32_dfa_exec(), which
+       match using a different algorithm that is not Perl-compatible. Some  of
+       the  features  discussed  below  are not available when DFA matching is
+       used. The advantages and disadvantages of  the  alternative  functions,
+       and  how  they  differ  from the normal functions, are discussed in the
+       pcrematching page.
+
+
+SPECIAL START-OF-PATTERN ITEMS
+
+       A number of options that can be passed to pcre_compile()  can  also  be
+       set by special items at the start of a pattern. These are not Perl-com-
+       patible, but are provided to make these options accessible  to  pattern
+       writers  who are not able to change the program that processes the pat-
+       tern. Any number of these items  may  appear,  but  they  must  all  be
+       together right at the start of the pattern string, and the letters must
+       be in upper case.
+
+   UTF support
+
+       The original operation of PCRE was on strings of  one-byte  characters.
+       However,  there  is  now also support for UTF-8 strings in the original
+       library, an extra library that supports  16-bit  and  UTF-16  character
+       strings,  and a third library that supports 32-bit and UTF-32 character
+       strings. To use these features, PCRE must be built to include appropri-
+       ate  support. When using UTF strings you must either call the compiling
+       function with the PCRE_UTF8, PCRE_UTF16, or PCRE_UTF32 option,  or  the
+       pattern must start with one of these special sequences:
+
+         (*UTF8)
+         (*UTF16)
+         (*UTF32)
+         (*UTF)
+
+       (*UTF)  is  a  generic  sequence  that  can  be  used  with  any of the
+       libraries.  Starting a pattern with such a sequence  is  equivalent  to
+       setting  the  relevant  option.  How setting a UTF mode affects pattern
+       matching is mentioned in several places below. There is also a  summary
+       of features in the pcreunicode page.
+
+       Some applications that allow their users to supply patterns may wish to
+       restrict  them  to  non-UTF  data  for   security   reasons.   If   the
+       PCRE_NEVER_UTF  option  is  set  at  compile  time, (*UTF) etc. are not
+       allowed, and their appearance causes an error.
+
+   Unicode property support
+
+       Another special sequence that may appear at the start of a  pattern  is
+       (*UCP).   This  has  the same effect as setting the PCRE_UCP option: it
+       causes sequences such as \d and \w to use Unicode properties to  deter-
+       mine character types, instead of recognizing only characters with codes
+       less than 128 via a lookup table.
+
+   Disabling auto-possessification
+
+       If a pattern starts with (*NO_AUTO_POSSESS), it has the same effect  as
+       setting  the  PCRE_NO_AUTO_POSSESS  option  at compile time. This stops
+       PCRE from making quantifiers possessive when what follows cannot  match
+       the  repeated item. For example, by default a+b is treated as a++b. For
+       more details, see the pcreapi documentation.
+
+   Disabling start-up optimizations
+
+       If a pattern starts with (*NO_START_OPT), it has  the  same  effect  as
+       setting the PCRE_NO_START_OPTIMIZE option either at compile or matching
+       time. This disables several  optimizations  for  quickly  reaching  "no
+       match" results. For more details, see the pcreapi documentation.
+
+   Newline conventions
+
+       PCRE  supports five different conventions for indicating line breaks in
+       strings: a single CR (carriage return) character, a  single  LF  (line-
+       feed) character, the two-character sequence CRLF, any of the three pre-
+       ceding, or any Unicode newline sequence. The pcreapi page  has  further
+       discussion  about newlines, and shows how to set the newline convention
+       in the options arguments for the compiling and matching functions.
+
+       It is also possible to specify a newline convention by starting a  pat-
+       tern string with one of the following five sequences:
+
+         (*CR)        carriage return
+         (*LF)        linefeed
+         (*CRLF)      carriage return, followed by linefeed
+         (*ANYCRLF)   any of the three above
+         (*ANY)       all Unicode newline sequences
+
+       These override the default and the options given to the compiling func-
+       tion. For example, on a Unix system where LF  is  the  default  newline
+       sequence, the pattern
+
+         (*CR)a.b
+
+       changes the convention to CR. That pattern matches "a\nb" because LF is
+       no longer a newline. If more than one of these settings is present, the
+       last one is used.
+
+       The  newline  convention affects where the circumflex and dollar asser-
+       tions are true. It also affects the interpretation of the dot metachar-
+       acter when PCRE_DOTALL is not set, and the behaviour of \N. However, it
+       does not affect what the \R escape sequence matches. By  default,  this
+       is  any Unicode newline sequence, for Perl compatibility. However, this
+       can be changed; see the description of \R in the section entitled "New-
+       line  sequences"  below.  A change of \R setting can be combined with a
+       change of newline convention.
+
+   Setting match and recursion limits
+
+       The caller of pcre_exec() can set a limit on the number  of  times  the
+       internal  match() function is called and on the maximum depth of recur-
+       sive calls. These facilities are provided to catch runaway matches that
+       are provoked by patterns with huge matching trees (a typical example is
+       a pattern with nested unlimited repeats) and to avoid  running  out  of
+       system  stack  by  too  much  recursion.  When  one  of these limits is
+       reached, pcre_exec() gives an error return. The limits can also be  set
+       by items at the start of the pattern of the form
+
+         (*LIMIT_MATCH=d)
+         (*LIMIT_RECURSION=d)
+
+       where d is any number of decimal digits. However, the value of the set-
+       ting must be less than the value set (or defaulted) by  the  caller  of
+       pcre_exec()  for  it  to  have  any effect. In other words, the pattern
+       writer can lower the limits set by the programmer, but not raise  them.
+       If  there  is  more  than one setting of one of these limits, the lower
+       value is used.
+
+
+EBCDIC CHARACTER CODES
+
+       PCRE can be compiled to run in an environment that uses EBCDIC  as  its
+       character code rather than ASCII or Unicode (typically a mainframe sys-
+       tem). In the sections below, character code values are  ASCII  or  Uni-
+       code; in an EBCDIC environment these characters may have different code
+       values, and there are no code points greater than 255.
+
+
+CHARACTERS AND METACHARACTERS
+
+       A regular expression is a pattern that is  matched  against  a  subject
+       string  from  left  to right. Most characters stand for themselves in a
+       pattern, and match the corresponding characters in the  subject.  As  a
+       trivial example, the pattern
+
+         The quick brown fox
+
+       matches a portion of a subject string that is identical to itself. When
+       caseless matching is specified (the PCRE_CASELESS option), letters  are
+       matched  independently  of case. In a UTF mode, PCRE always understands
+       the concept of case for characters whose values are less than  128,  so
+       caseless  matching  is always possible. For characters with higher val-
+       ues, the concept of case is supported if PCRE is compiled with  Unicode
+       property  support,  but  not  otherwise.   If  you want to use caseless
+       matching for characters 128 and above, you must  ensure  that  PCRE  is
+       compiled with Unicode property support as well as with UTF support.
+
+       The  power  of  regular  expressions  comes from the ability to include
+       alternatives and repetitions in the pattern. These are encoded  in  the
+       pattern by the use of metacharacters, which do not stand for themselves
+       but instead are interpreted in some special way.
+
+       There are two different sets of metacharacters: those that  are  recog-
+       nized  anywhere in the pattern except within square brackets, and those
+       that are recognized within square brackets.  Outside  square  brackets,
+       the metacharacters are as follows:
+
+         \      general escape character with several uses
+         ^      assert start of string (or line, in multiline mode)
+         $      assert end of string (or line, in multiline mode)
+         .      match any character except newline (by default)
+         [      start character class definition
+         |      start of alternative branch
+         (      start subpattern
+         )      end subpattern
+         ?      extends the meaning of (
+                also 0 or 1 quantifier
+                also quantifier minimizer
+         *      0 or more quantifier
+         +      1 or more quantifier
+                also "possessive quantifier"
+         {      start min/max quantifier
+
+       Part  of  a  pattern  that is in square brackets is called a "character
+       class". In a character class the only metacharacters are:
+
+         \      general escape character
+         ^      negate the class, but only if the first character
+         -      indicates character range
+         [      POSIX character class (only if followed by POSIX
+                  syntax)
+         ]      terminates the character class
+
+       The following sections describe the use of each of the metacharacters.
+
+
+BACKSLASH
+
+       The backslash character has several uses. Firstly, if it is followed by
+       a character that is not a number or a letter, it takes away any special
+       meaning that character may have. This use of  backslash  as  an  escape
+       character applies both inside and outside character classes.
+
+       For  example,  if  you want to match a * character, you write \* in the
+       pattern.  This escaping action applies whether  or  not  the  following
+       character  would  otherwise be interpreted as a metacharacter, so it is
+       always safe to precede a non-alphanumeric  with  backslash  to  specify
+       that  it stands for itself. In particular, if you want to match a back-
+       slash, you write \\.
+
+       In a UTF mode, only ASCII numbers and letters have any special  meaning
+       after  a  backslash.  All  other characters (in particular, those whose
+       codepoints are greater than 127) are treated as literals.
+
+       If a pattern is compiled with  the  PCRE_EXTENDED  option,  most  white
+       space  in the pattern (other than in a character class), and characters
+       between a # outside a character class and the next newline,  inclusive,
+       are ignored. An escaping backslash can be used to include a white space
+       or # character as part of the pattern.
+
+       If you want to remove the special meaning from a  sequence  of  charac-
+       ters,  you can do so by putting them between \Q and \E. This is differ-
+       ent from Perl in that $ and  @  are  handled  as  literals  in  \Q...\E
+       sequences  in  PCRE, whereas in Perl, $ and @ cause variable interpola-
+       tion. Note the following examples:
+
+         Pattern            PCRE matches   Perl matches
+
+         \Qabc$xyz\E        abc$xyz        abc followed by the
+                                             contents of $xyz
+         \Qabc\$xyz\E       abc\$xyz       abc\$xyz
+         \Qabc\E\$\Qxyz\E   abc$xyz        abc$xyz
+
+       The \Q...\E sequence is recognized both inside  and  outside  character
+       classes.   An  isolated \E that is not preceded by \Q is ignored. If \Q
+       is not followed by \E later in the pattern, the literal  interpretation
+       continues  to  the  end  of  the pattern (that is, \E is assumed at the
+       end). If the isolated \Q is inside a character class,  this  causes  an
+       error, because the character class is not terminated.
+
+   Non-printing characters
+
+       A second use of backslash provides a way of encoding non-printing char-
+       acters in patterns in a visible manner. There is no restriction on  the
+       appearance  of non-printing characters, apart from the binary zero that
+       terminates a pattern, but when a pattern  is  being  prepared  by  text
+       editing,  it  is  often  easier  to  use  one  of  the following escape
+       sequences than the binary character it represents.  In an ASCII or Uni-
+       code environment, these escapes are as follows:
+
+         \a        alarm, that is, the BEL character (hex 07)
+         \cx       "control-x", where x is any ASCII character
+         \e        escape (hex 1B)
+         \f        form feed (hex 0C)
+         \n        linefeed (hex 0A)
+         \r        carriage return (hex 0D)
+         \t        tab (hex 09)
+         \0dd      character with octal code 0dd
+         \ddd      character with octal code ddd, or back reference
+         \o{ddd..} character with octal code ddd..
+         \xhh      character with hex code hh
+         \x{hhh..} character with hex code hhh.. (non-JavaScript mode)
+         \uhhhh    character with hex code hhhh (JavaScript mode only)
+
+       The  precise effect of \cx on ASCII characters is as follows: if x is a
+       lower case letter, it is converted to upper case. Then  bit  6  of  the
+       character (hex 40) is inverted. Thus \cA to \cZ become hex 01 to hex 1A
+       (A is 41, Z is 5A), but \c{ becomes hex 3B ({ is 7B), and  \c;  becomes
+       hex  7B (; is 3B). If the data item (byte or 16-bit value) following \c
+       has a value greater than 127, a compile-time error occurs.  This  locks
+       out non-ASCII characters in all modes.
+
+       When PCRE is compiled in EBCDIC mode, \a, \e, \f, \n, \r, and \t gener-
+       ate the appropriate EBCDIC code values. The \c escape is  processed  as
+       specified for Perl in the perlebcdic document. The only characters that
+       are allowed after \c are A-Z, a-z, or one of @, [, \, ], ^,  _,  or  ?.
+       Any  other  character  provokes  a compile-time error. The sequence \c@
+       encodes character code 0; after \c the letters (in either case)  encode
+       characters 1-26 (hex 01 to hex 1A); [, \, ], ^, and _ encode characters
+       27-31 (hex 1B to hex 1F), and \c? becomes either 255  (hex  FF)  or  95
+       (hex 5F).
+
+       Thus,  apart  from  \c?, these escapes generate the same character code
+       values as they do in an ASCII environment, though the meanings  of  the
+       values  mostly  differ. For example, \cG always generates code value 7,
+       which is BEL in ASCII but DEL in EBCDIC.
+
+       The sequence \c? generates DEL (127, hex 7F) in an  ASCII  environment,
+       but  because  127  is  not a control character in EBCDIC, Perl makes it
+       generate the APC character. Unfortunately, there are  several  variants
+       of  EBCDIC.  In  most  of them the APC character has the value 255 (hex
+       FF), but in the one Perl calls POSIX-BC its value is 95  (hex  5F).  If
+       certain  other characters have POSIX-BC values, PCRE makes \c? generate
+       95; otherwise it generates 255.
+
+       After \0 up to two further octal digits are read. If  there  are  fewer
+       than  two  digits,  just  those  that  are  present  are used. Thus the
+       sequence \0\x\015 specifies two binary zeros followed by a CR character
+       (code value 13). Make sure you supply two digits after the initial zero
+       if the pattern character that follows is itself an octal digit.
+
+       The escape \o must be followed by a sequence of octal digits,  enclosed
+       in  braces.  An  error occurs if this is not the case. This escape is a
+       recent addition to Perl; it provides way of specifying  character  code
+       points  as  octal  numbers  greater than 0777, and it also allows octal
+       numbers and back references to be unambiguously specified.
+
+       For greater clarity and unambiguity, it is best to avoid following \ by
+       a digit greater than zero. Instead, use \o{} or \x{} to specify charac-
+       ter numbers, and \g{} to specify back references. The  following  para-
+       graphs describe the old, ambiguous syntax.
+
+       The handling of a backslash followed by a digit other than 0 is compli-
+       cated, and Perl has changed in recent releases, causing  PCRE  also  to
+       change. Outside a character class, PCRE reads the digit and any follow-
+       ing digits as a decimal number. If the number is less  than  8,  or  if
+       there  have been at least that many previous capturing left parentheses
+       in the expression, the entire sequence is taken as a back reference.  A
+       description  of how this works is given later, following the discussion
+       of parenthesized subpatterns.
+
+       Inside a character class, or if  the  decimal  number  following  \  is
+       greater than 7 and there have not been that many capturing subpatterns,
+       PCRE handles \8 and \9 as the literal characters "8" and "9", and  oth-
+       erwise re-reads up to three octal digits following the backslash, using
+       them to generate a data character.  Any  subsequent  digits  stand  for
+       themselves. For example:
+
+         \040   is another way of writing an ASCII space
+         \40    is the same, provided there are fewer than 40
+                   previous capturing subpatterns
+         \7     is always a back reference
+         \11    might be a back reference, or another way of
+                   writing a tab
+         \011   is always a tab
+         \0113  is a tab followed by the character "3"
+         \113   might be a back reference, otherwise the
+                   character with octal code 113
+         \377   might be a back reference, otherwise
+                   the value 255 (decimal)
+         \81    is either a back reference, or the two
+                   characters "8" and "1"
+
+       Note  that octal values of 100 or greater that are specified using this
+       syntax must not be introduced by a leading zero, because no  more  than
+       three octal digits are ever read.
+
+       By  default, after \x that is not followed by {, from zero to two hexa-
+       decimal digits are read (letters can be in upper or  lower  case).  Any
+       number of hexadecimal digits may appear between \x{ and }. If a charac-
+       ter other than a hexadecimal digit appears between \x{  and  },  or  if
+       there is no terminating }, an error occurs.
+
+       If  the  PCRE_JAVASCRIPT_COMPAT option is set, the interpretation of \x
+       is as just described only when it is followed by two  hexadecimal  dig-
+       its.   Otherwise,  it  matches  a  literal "x" character. In JavaScript
+       mode, support for code points greater than 256 is provided by \u, which
+       must  be  followed  by  four hexadecimal digits; otherwise it matches a
+       literal "u" character.
+
+       Characters whose value is less than 256 can be defined by either of the
+       two  syntaxes for \x (or by \u in JavaScript mode). There is no differ-
+       ence in the way they are handled. For example, \xdc is exactly the same
+       as \x{dc} (or \u00dc in JavaScript mode).
+
+   Constraints on character values
+
+       Characters  that  are  specified using octal or hexadecimal numbers are
+       limited to certain values, as follows:
+
+         8-bit non-UTF mode    less than 0x100
+         8-bit UTF-8 mode      less than 0x10ffff and a valid codepoint
+         16-bit non-UTF mode   less than 0x10000
+         16-bit UTF-16 mode    less than 0x10ffff and a valid codepoint
+         32-bit non-UTF mode   less than 0x100000000
+         32-bit UTF-32 mode    less than 0x10ffff and a valid codepoint
+
+       Invalid Unicode codepoints are the range  0xd800  to  0xdfff  (the  so-
+       called "surrogate" codepoints), and 0xffef.
+
+   Escape sequences in character classes
+
+       All the sequences that define a single character value can be used both
+       inside and outside character classes. In addition, inside  a  character
+       class, \b is interpreted as the backspace character (hex 08).
+
+       \N  is not allowed in a character class. \B, \R, and \X are not special
+       inside a character class. Like  other  unrecognized  escape  sequences,
+       they  are  treated  as  the  literal  characters  "B",  "R", and "X" by
+       default, but cause an error if the PCRE_EXTRA option is set. Outside  a
+       character class, these sequences have different meanings.
+
+   Unsupported escape sequences
+
+       In  Perl, the sequences \l, \L, \u, and \U are recognized by its string
+       handler and used  to  modify  the  case  of  following  characters.  By
+       default,  PCRE does not support these escape sequences. However, if the
+       PCRE_JAVASCRIPT_COMPAT option is set, \U matches a "U"  character,  and
+       \u can be used to define a character by code point, as described in the
+       previous section.
+
+   Absolute and relative back references
+
+       The sequence \g followed by an unsigned or a negative  number,  option-
+       ally  enclosed  in braces, is an absolute or relative back reference. A
+       named back reference can be coded as \g{name}. Back references are dis-
+       cussed later, following the discussion of parenthesized subpatterns.
+
+   Absolute and relative subroutine calls
+
+       For  compatibility with Oniguruma, the non-Perl syntax \g followed by a
+       name or a number enclosed either in angle brackets or single quotes, is
+       an  alternative  syntax for referencing a subpattern as a "subroutine".
+       Details are discussed later.   Note  that  \g{...}  (Perl  syntax)  and
+       \g<...>  (Oniguruma  syntax)  are  not synonymous. The former is a back
+       reference; the latter is a subroutine call.
+
+   Generic character types
+
+       Another use of backslash is for specifying generic character types:
+
+         \d     any decimal digit
+         \D     any character that is not a decimal digit
+         \h     any horizontal white space character
+         \H     any character that is not a horizontal white space character
+         \s     any white space character
+         \S     any character that is not a white space character
+         \v     any vertical white space character
+         \V     any character that is not a vertical white space character
+         \w     any "word" character
+         \W     any "non-word" character
+
+       There is also the single sequence \N, which matches a non-newline char-
+       acter.   This  is the same as the "." metacharacter when PCRE_DOTALL is
+       not set. Perl also uses \N to match characters by name; PCRE  does  not
+       support this.
+
+       Each  pair of lower and upper case escape sequences partitions the com-
+       plete set of characters into two disjoint  sets.  Any  given  character
+       matches  one, and only one, of each pair. The sequences can appear both
+       inside and outside character classes. They each match one character  of
+       the  appropriate  type.  If the current matching point is at the end of
+       the subject string, all of them fail, because there is no character  to
+       match.
+
+       For  compatibility with Perl, \s did not used to match the VT character
+       (code 11), which made it different from the the  POSIX  "space"  class.
+       However,  Perl  added  VT  at  release  5.18, and PCRE followed suit at
+       release 8.34. The default \s characters are now HT  (9),  LF  (10),  VT
+       (11),  FF  (12),  CR  (13),  and space (32), which are defined as white
+       space in the "C" locale. This list may vary if locale-specific matching
+       is  taking place. For example, in some locales the "non-breaking space"
+       character (\xA0) is recognized as white space, and  in  others  the  VT
+       character is not.
+
+       A  "word"  character is an underscore or any character that is a letter
+       or digit.  By default, the definition of letters  and  digits  is  con-
+       trolled  by PCRE's low-valued character tables, and may vary if locale-
+       specific matching is taking place (see "Locale support" in the  pcreapi
+       page).  For  example,  in  a French locale such as "fr_FR" in Unix-like
+       systems, or "french" in Windows, some character codes greater than  127
+       are  used  for  accented letters, and these are then matched by \w. The
+       use of locales with Unicode is discouraged.
+
+       By default, characters whose code points are  greater  than  127  never
+       match \d, \s, or \w, and always match \D, \S, and \W, although this may
+       vary for characters in the range 128-255 when locale-specific  matching
+       is  happening.   These  escape sequences retain their original meanings
+       from before Unicode support was available, mainly for  efficiency  rea-
+       sons.  If  PCRE  is  compiled  with  Unicode  property support, and the
+       PCRE_UCP option is set, the behaviour is changed so that Unicode  prop-
+       erties are used to determine character types, as follows:
+
+         \d  any character that matches \p{Nd} (decimal digit)
+         \s  any character that matches \p{Z} or \h or \v
+         \w  any character that matches \p{L} or \p{N}, plus underscore
+
+       The  upper case escapes match the inverse sets of characters. Note that
+       \d matches only decimal digits, whereas \w matches any  Unicode  digit,
+       as  well as any Unicode letter, and underscore. Note also that PCRE_UCP
+       affects \b, and \B because they are defined in  terms  of  \w  and  \W.
+       Matching these sequences is noticeably slower when PCRE_UCP is set.
+
+       The  sequences  \h, \H, \v, and \V are features that were added to Perl
+       at release 5.10. In contrast to the other sequences, which  match  only
+       ASCII  characters  by  default,  these always match certain high-valued
+       code points, whether or not PCRE_UCP is set. The horizontal space char-
+       acters are:
+
+         U+0009     Horizontal tab (HT)
+         U+0020     Space
+         U+00A0     Non-break space
+         U+1680     Ogham space mark
+         U+180E     Mongolian vowel separator
+         U+2000     En quad
+         U+2001     Em quad
+         U+2002     En space
+         U+2003     Em space
+         U+2004     Three-per-em space
+         U+2005     Four-per-em space
+         U+2006     Six-per-em space
+         U+2007     Figure space
+         U+2008     Punctuation space
+         U+2009     Thin space
+         U+200A     Hair space
+         U+202F     Narrow no-break space
+         U+205F     Medium mathematical space
+         U+3000     Ideographic space
+
+       The vertical space characters are:
+
+         U+000A     Linefeed (LF)
+         U+000B     Vertical tab (VT)
+         U+000C     Form feed (FF)
+         U+000D     Carriage return (CR)
+         U+0085     Next line (NEL)
+         U+2028     Line separator
+         U+2029     Paragraph separator
+
+       In 8-bit, non-UTF-8 mode, only the characters with codepoints less than
+       256 are relevant.
+
+   Newline sequences
+
+       Outside a character class, by default, the escape sequence  \R  matches
+       any  Unicode newline sequence. In 8-bit non-UTF-8 mode \R is equivalent
+       to the following:
+
+         (?>\r\n|\n|\x0b|\f|\r|\x85)
+
+       This is an example of an "atomic group", details  of  which  are  given
+       below.  This particular group matches either the two-character sequence
+       CR followed by LF, or  one  of  the  single  characters  LF  (linefeed,
+       U+000A),  VT  (vertical  tab, U+000B), FF (form feed, U+000C), CR (car-
+       riage return, U+000D), or NEL (next line,  U+0085).  The  two-character
+       sequence is treated as a single unit that cannot be split.
+
+       In  other modes, two additional characters whose codepoints are greater
+       than 255 are added: LS (line separator, U+2028) and PS (paragraph sepa-
+       rator,  U+2029).   Unicode character property support is not needed for
+       these characters to be recognized.
+
+       It is possible to restrict \R to match only CR, LF, or CRLF (instead of
+       the  complete  set  of  Unicode  line  endings)  by  setting the option
+       PCRE_BSR_ANYCRLF either at compile time or when the pattern is matched.
+       (BSR is an abbrevation for "backslash R".) This can be made the default
+       when PCRE is built; if this is the case, the  other  behaviour  can  be
+       requested  via  the  PCRE_BSR_UNICODE  option.   It is also possible to
+       specify these settings by starting a pattern string  with  one  of  the
+       following sequences:
+
+         (*BSR_ANYCRLF)   CR, LF, or CRLF only
+         (*BSR_UNICODE)   any Unicode newline sequence
+
+       These override the default and the options given to the compiling func-
+       tion, but they can themselves be  overridden  by  options  given  to  a
+       matching  function.  Note  that  these  special settings, which are not
+       Perl-compatible, are recognized only at the very start  of  a  pattern,
+       and  that  they  must  be  in  upper  case. If more than one of them is
+       present, the last one is used. They can be combined with  a  change  of
+       newline convention; for example, a pattern can start with:
+
+         (*ANY)(*BSR_ANYCRLF)
+
+       They  can also be combined with the (*UTF8), (*UTF16), (*UTF32), (*UTF)
+       or (*UCP) special sequences. Inside a character class, \R is treated as
+       an  unrecognized  escape  sequence,  and  so  matches the letter "R" by
+       default, but causes an error if PCRE_EXTRA is set.
+
+   Unicode character properties
+
+       When PCRE is built with Unicode character property support, three addi-
+       tional  escape sequences that match characters with specific properties
+       are available.  When in 8-bit non-UTF-8 mode, these  sequences  are  of
+       course  limited  to  testing  characters whose codepoints are less than
+       256, but they do work in this mode.  The extra escape sequences are:
+
+         \p{xx}   a character with the xx property
+         \P{xx}   a character without the xx property
+         \X       a Unicode extended grapheme cluster
+
+       The property names represented by xx above are limited to  the  Unicode
+       script names, the general category properties, "Any", which matches any
+       character  (including  newline),  and  some  special  PCRE   properties
+       (described  in the next section).  Other Perl properties such as "InMu-
+       sicalSymbols" are not currently supported by PCRE.  Note  that  \P{Any}
+       does not match any characters, so always causes a match failure.
+
+       Sets of Unicode characters are defined as belonging to certain scripts.
+       A character from one of these sets can be matched using a script  name.
+       For example:
+
+         \p{Greek}
+         \P{Han}
+
+       Those  that are not part of an identified script are lumped together as
+       "Common". The current list of scripts is:
+
+       Arabic, Armenian, Avestan, Balinese, Bamum, Bassa_Vah, Batak,  Bengali,
+       Bopomofo,  Brahmi,  Braille, Buginese, Buhid, Canadian_Aboriginal, Car-
+       ian, Caucasian_Albanian, Chakma, Cham, Cherokee, Common, Coptic, Cunei-
+       form, Cypriot, Cyrillic, Deseret, Devanagari, Duployan, Egyptian_Hiero-
+       glyphs,  Elbasan,  Ethiopic,  Georgian,  Glagolitic,  Gothic,  Grantha,
+       Greek,  Gujarati,  Gurmukhi,  Han,  Hangul,  Hanunoo, Hebrew, Hiragana,
+       Imperial_Aramaic,    Inherited,     Inscriptional_Pahlavi,     Inscrip-
+       tional_Parthian,   Javanese,   Kaithi,   Kannada,  Katakana,  Kayah_Li,
+       Kharoshthi, Khmer, Khojki, Khudawadi, Lao, Latin, Lepcha,  Limbu,  Lin-
+       ear_A,  Linear_B,  Lisu,  Lycian, Lydian, Mahajani, Malayalam, Mandaic,
+       Manichaean,     Meetei_Mayek,     Mende_Kikakui,      Meroitic_Cursive,
+       Meroitic_Hieroglyphs,  Miao,  Modi, Mongolian, Mro, Myanmar, Nabataean,
+       New_Tai_Lue,  Nko,  Ogham,  Ol_Chiki,  Old_Italic,   Old_North_Arabian,
+       Old_Permic, Old_Persian, Old_South_Arabian, Old_Turkic, Oriya, Osmanya,
+       Pahawh_Hmong,    Palmyrene,    Pau_Cin_Hau,    Phags_Pa,    Phoenician,
+       Psalter_Pahlavi,  Rejang,  Runic,  Samaritan, Saurashtra, Sharada, Sha-
+       vian, Siddham, Sinhala, Sora_Sompeng, Sundanese, Syloti_Nagri,  Syriac,
+       Tagalog,  Tagbanwa,  Tai_Le,  Tai_Tham, Tai_Viet, Takri, Tamil, Telugu,
+       Thaana, Thai, Tibetan, Tifinagh, Tirhuta, Ugaritic,  Vai,  Warang_Citi,
+       Yi.
+
+       Each character has exactly one Unicode general category property, spec-
+       ified by a two-letter abbreviation. For compatibility with Perl,  nega-
+       tion  can  be  specified  by including a circumflex between the opening
+       brace and the property name.  For  example,  \p{^Lu}  is  the  same  as
+       \P{Lu}.
+
+       If only one letter is specified with \p or \P, it includes all the gen-
+       eral category properties that start with that letter. In this case,  in
+       the  absence of negation, the curly brackets in the escape sequence are
+       optional; these two examples have the same effect:
+
+         \p{L}
+         \pL
+
+       The following general category property codes are supported:
+
+         C     Other
+         Cc    Control
+         Cf    Format
+         Cn    Unassigned
+         Co    Private use
+         Cs    Surrogate
+
+         L     Letter
+         Ll    Lower case letter
+         Lm    Modifier letter
+         Lo    Other letter
+         Lt    Title case letter
+         Lu    Upper case letter
+
+         M     Mark
+         Mc    Spacing mark
+         Me    Enclosing mark
+         Mn    Non-spacing mark
+
+         N     Number
+         Nd    Decimal number
+         Nl    Letter number
+         No    Other number
+
+         P     Punctuation
+         Pc    Connector punctuation
+         Pd    Dash punctuation
+         Pe    Close punctuation
+         Pf    Final punctuation
+         Pi    Initial punctuation
+         Po    Other punctuation
+         Ps    Open punctuation
+
+         S     Symbol
+         Sc    Currency symbol
+         Sk    Modifier symbol
+         Sm    Mathematical symbol
+         So    Other symbol
+
+         Z     Separator
+         Zl    Line separator
+         Zp    Paragraph separator
+         Zs    Space separator
+
+       The special property L& is also supported: it matches a character  that
+       has  the  Lu,  Ll, or Lt property, in other words, a letter that is not
+       classified as a modifier or "other".
+
+       The Cs (Surrogate) property applies only to  characters  in  the  range
+       U+D800  to U+DFFF. Such characters are not valid in Unicode strings and
+       so cannot be tested by PCRE, unless  UTF  validity  checking  has  been
+       turned    off    (see    the    discussion    of    PCRE_NO_UTF8_CHECK,
+       PCRE_NO_UTF16_CHECK and PCRE_NO_UTF32_CHECK in the pcreapi page).  Perl
+       does not support the Cs property.
+
+       The  long  synonyms  for  property  names  that  Perl supports (such as
+       \p{Letter}) are not supported by PCRE, nor is it  permitted  to  prefix
+       any of these properties with "Is".
+
+       No character that is in the Unicode table has the Cn (unassigned) prop-
+       erty.  Instead, this property is assumed for any code point that is not
+       in the Unicode table.
+
+       Specifying  caseless  matching  does not affect these escape sequences.
+       For example, \p{Lu} always matches only upper  case  letters.  This  is
+       different from the behaviour of current versions of Perl.
+
+       Matching  characters  by Unicode property is not fast, because PCRE has
+       to do a multistage table lookup in order to find  a  character's  prop-
+       erty. That is why the traditional escape sequences such as \d and \w do
+       not use Unicode properties in PCRE by default, though you can make them
+       do  so  by  setting the PCRE_UCP option or by starting the pattern with
+       (*UCP).
+
+   Extended grapheme clusters
+
+       The \X escape matches any number of Unicode  characters  that  form  an
+       "extended grapheme cluster", and treats the sequence as an atomic group
+       (see below).  Up to and including release 8.31, PCRE  matched  an  ear-
+       lier, simpler definition that was equivalent to
+
+         (?>\PM\pM*)
+
+       That  is,  it matched a character without the "mark" property, followed
+       by zero or more characters with the "mark"  property.  Characters  with
+       the  "mark"  property are typically non-spacing accents that affect the
+       preceding character.
+
+       This simple definition was extended in Unicode to include more  compli-
+       cated  kinds of composite character by giving each character a grapheme
+       breaking property, and creating rules  that  use  these  properties  to
+       define  the  boundaries  of  extended grapheme clusters. In releases of
+       PCRE later than 8.31, \X matches one of these clusters.
+
+       \X always matches at least one character. Then it  decides  whether  to
+       add additional characters according to the following rules for ending a
+       cluster:
+
+       1. End at the end of the subject string.
+
+       2. Do not end between CR and LF; otherwise end after any control  char-
+       acter.
+
+       3.  Do  not  break  Hangul (a Korean script) syllable sequences. Hangul
+       characters are of five types: L, V, T, LV, and LVT. An L character  may
+       be  followed by an L, V, LV, or LVT character; an LV or V character may
+       be followed by a V or T character; an LVT or T character may be follwed
+       only by a T character.
+
+       4.  Do not end before extending characters or spacing marks. Characters
+       with the "mark" property always have  the  "extend"  grapheme  breaking
+       property.
+
+       5. Do not end after prepend characters.
+
+       6. Otherwise, end the cluster.
+
+   PCRE's additional properties
+
+       As  well  as the standard Unicode properties described above, PCRE sup-
+       ports four more that make it possible  to  convert  traditional  escape
+       sequences  such as \w and \s to use Unicode properties. PCRE uses these
+       non-standard, non-Perl properties internally when PCRE_UCP is set. How-
+       ever, they may also be used explicitly. These properties are:
+
+         Xan   Any alphanumeric character
+         Xps   Any POSIX space character
+         Xsp   Any Perl space character
+         Xwd   Any Perl "word" character
+
+       Xan  matches  characters that have either the L (letter) or the N (num-
+       ber) property. Xps matches the characters tab, linefeed, vertical  tab,
+       form  feed,  or carriage return, and any other character that has the Z
+       (separator) property.  Xsp is the same as Xps; it used to exclude  ver-
+       tical  tab,  for Perl compatibility, but Perl changed, and so PCRE fol-
+       lowed at release 8.34. Xwd matches the same  characters  as  Xan,  plus
+       underscore.
+
+       There  is another non-standard property, Xuc, which matches any charac-
+       ter that can be represented by a Universal Character Name  in  C++  and
+       other  programming  languages.  These are the characters $, @, ` (grave
+       accent), and all characters with Unicode code points  greater  than  or
+       equal  to U+00A0, except for the surrogates U+D800 to U+DFFF. Note that
+       most base (ASCII) characters are excluded. (Universal  Character  Names
+       are  of  the  form \uHHHH or \UHHHHHHHH where H is a hexadecimal digit.
+       Note that the Xuc property does not match these sequences but the char-
+       acters that they represent.)
+
+   Resetting the match start
+
+       The  escape sequence \K causes any previously matched characters not to
+       be included in the final matched sequence. For example, the pattern:
+
+         foo\Kbar
+
+       matches "foobar", but reports that it has matched "bar".  This  feature
+       is  similar  to  a lookbehind assertion (described below).  However, in
+       this case, the part of the subject before the real match does not  have
+       to  be of fixed length, as lookbehind assertions do. The use of \K does
+       not interfere with the setting of captured  substrings.   For  example,
+       when the pattern
+
+         (foo)\Kbar
+
+       matches "foobar", the first substring is still set to "foo".
+
+       Perl  documents  that  the  use  of  \K  within assertions is "not well
+       defined". In PCRE, \K is acted upon  when  it  occurs  inside  positive
+       assertions,  but  is  ignored  in negative assertions. Note that when a
+       pattern such as (?=ab\K) matches, the reported start of the  match  can
+       be greater than the end of the match.
+
+   Simple assertions
+
+       The  final use of backslash is for certain simple assertions. An asser-
+       tion specifies a condition that has to be met at a particular point  in
+       a  match, without consuming any characters from the subject string. The
+       use of subpatterns for more complicated assertions is described  below.
+       The backslashed assertions are:
+
+         \b     matches at a word boundary
+         \B     matches when not at a word boundary
+         \A     matches at the start of the subject
+         \Z     matches at the end of the subject
+                 also matches before a newline at the end of the subject
+         \z     matches only at the end of the subject
+         \G     matches at the first matching position in the subject
+
+       Inside  a  character  class, \b has a different meaning; it matches the
+       backspace character. If any other of  these  assertions  appears  in  a
+       character  class, by default it matches the corresponding literal char-
+       acter  (for  example,  \B  matches  the  letter  B).  However,  if  the
+       PCRE_EXTRA  option is set, an "invalid escape sequence" error is gener-
+       ated instead.
+
+       A word boundary is a position in the subject string where  the  current
+       character  and  the previous character do not both match \w or \W (i.e.
+       one matches \w and the other matches \W), or the start or  end  of  the
+       string  if  the  first or last character matches \w, respectively. In a
+       UTF mode, the meanings of \w and \W  can  be  changed  by  setting  the
+       PCRE_UCP  option. When this is done, it also affects \b and \B. Neither
+       PCRE nor Perl has a separate "start of word" or "end of  word"  metase-
+       quence.  However,  whatever follows \b normally determines which it is.
+       For example, the fragment \ba matches "a" at the start of a word.
+
+       The \A, \Z, and \z assertions differ from  the  traditional  circumflex
+       and dollar (described in the next section) in that they only ever match
+       at the very start and end of the subject string, whatever  options  are
+       set.  Thus,  they are independent of multiline mode. These three asser-
+       tions are not affected by the PCRE_NOTBOL or PCRE_NOTEOL options, which
+       affect  only the behaviour of the circumflex and dollar metacharacters.
+       However, if the startoffset argument of pcre_exec() is non-zero,  indi-
+       cating that matching is to start at a point other than the beginning of
+       the subject, \A can never match. The difference between \Z  and  \z  is
+       that \Z matches before a newline at the end of the string as well as at
+       the very end, whereas \z matches only at the end.
+
+       The \G assertion is true only when the current matching position is  at
+       the  start point of the match, as specified by the startoffset argument
+       of pcre_exec(). It differs from \A when the  value  of  startoffset  is
+       non-zero.  By calling pcre_exec() multiple times with appropriate argu-
+       ments, you can mimic Perl's /g option, and it is in this kind of imple-
+       mentation where \G can be useful.
+
+       Note,  however,  that  PCRE's interpretation of \G, as the start of the
+       current match, is subtly different from Perl's, which defines it as the
+       end  of  the  previous  match. In Perl, these can be different when the
+       previously matched string was empty. Because PCRE does just  one  match
+       at a time, it cannot reproduce this behaviour.
+
+       If  all  the alternatives of a pattern begin with \G, the expression is
+       anchored to the starting match position, and the "anchored" flag is set
+       in the compiled regular expression.
+
+
+CIRCUMFLEX AND DOLLAR
+
+       The  circumflex  and  dollar  metacharacters are zero-width assertions.
+       That is, they test for a particular condition being true  without  con-
+       suming any characters from the subject string.
+
+       Outside a character class, in the default matching mode, the circumflex
+       character is an assertion that is true only  if  the  current  matching
+       point  is  at the start of the subject string. If the startoffset argu-
+       ment of pcre_exec() is non-zero, circumflex  can  never  match  if  the
+       PCRE_MULTILINE  option  is  unset. Inside a character class, circumflex
+       has an entirely different meaning (see below).
+
+       Circumflex need not be the first character of the pattern if  a  number
+       of  alternatives are involved, but it should be the first thing in each
+       alternative in which it appears if the pattern is ever  to  match  that
+       branch.  If all possible alternatives start with a circumflex, that is,
+       if the pattern is constrained to match only at the start  of  the  sub-
+       ject,  it  is  said  to be an "anchored" pattern. (There are also other
+       constructs that can cause a pattern to be anchored.)
+
+       The dollar character is an assertion that is true only if  the  current
+       matching  point  is  at  the  end of the subject string, or immediately
+       before a newline at the end of the string (by default). Note,  however,
+       that  it  does  not  actually match the newline. Dollar need not be the
+       last character of the pattern if a number of alternatives are involved,
+       but  it should be the last item in any branch in which it appears. Dol-
+       lar has no special meaning in a character class.
+
+       The meaning of dollar can be changed so that it  matches  only  at  the
+       very  end  of  the string, by setting the PCRE_DOLLAR_ENDONLY option at
+       compile time. This does not affect the \Z assertion.
+
+       The meanings of the circumflex and dollar characters are changed if the
+       PCRE_MULTILINE  option  is  set.  When  this  is the case, a circumflex
+       matches immediately after internal newlines as well as at the start  of
+       the  subject  string.  It  does not match after a newline that ends the
+       string. A dollar matches before any newlines in the string, as well  as
+       at  the very end, when PCRE_MULTILINE is set. When newline is specified
+       as the two-character sequence CRLF, isolated CR and  LF  characters  do
+       not indicate newlines.
+
+       For  example, the pattern /^abc$/ matches the subject string "def\nabc"
+       (where \n represents a newline) in multiline mode, but  not  otherwise.
+       Consequently,  patterns  that  are anchored in single line mode because
+       all branches start with ^ are not anchored in  multiline  mode,  and  a
+       match  for  circumflex  is  possible  when  the startoffset argument of
+       pcre_exec() is non-zero. The PCRE_DOLLAR_ENDONLY option is  ignored  if
+       PCRE_MULTILINE is set.
+
+       Note  that  the sequences \A, \Z, and \z can be used to match the start
+       and end of the subject in both modes, and if all branches of a  pattern
+       start  with  \A it is always anchored, whether or not PCRE_MULTILINE is
+       set.
+
+
+FULL STOP (PERIOD, DOT) AND \N
+
+       Outside a character class, a dot in the pattern matches any one charac-
+       ter  in  the subject string except (by default) a character that signi-
+       fies the end of a line.
+
+       When a line ending is defined as a single character, dot never  matches
+       that  character; when the two-character sequence CRLF is used, dot does
+       not match CR if it is immediately followed  by  LF,  but  otherwise  it
+       matches  all characters (including isolated CRs and LFs). When any Uni-
+       code line endings are being recognized, dot does not match CR or LF  or
+       any of the other line ending characters.
+
+       The  behaviour  of  dot  with regard to newlines can be changed. If the
+       PCRE_DOTALL option is set, a dot matches  any  one  character,  without
+       exception. If the two-character sequence CRLF is present in the subject
+       string, it takes two dots to match it.
+
+       The handling of dot is entirely independent of the handling of  circum-
+       flex  and  dollar,  the  only relationship being that they both involve
+       newlines. Dot has no special meaning in a character class.
+
+       The escape sequence \N behaves like  a  dot,  except  that  it  is  not
+       affected  by  the  PCRE_DOTALL  option.  In other words, it matches any
+       character except one that signifies the end of a line. Perl  also  uses
+       \N to match characters by name; PCRE does not support this.
+
+
+MATCHING A SINGLE DATA UNIT
+
+       Outside  a character class, the escape sequence \C matches any one data
+       unit, whether or not a UTF mode is set. In the 8-bit library, one  data
+       unit  is  one  byte;  in the 16-bit library it is a 16-bit unit; in the
+       32-bit library it is a 32-bit unit. Unlike a  dot,  \C  always  matches
+       line-ending  characters.  The  feature  is provided in Perl in order to
+       match individual bytes in UTF-8 mode, but it is unclear how it can use-
+       fully  be  used.  Because  \C breaks up characters into individual data
+       units, matching one unit with \C in a UTF mode means that the  rest  of
+       the string may start with a malformed UTF character. This has undefined
+       results, because PCRE assumes that it is dealing with valid UTF strings
+       (and  by  default  it checks this at the start of processing unless the
+       PCRE_NO_UTF8_CHECK, PCRE_NO_UTF16_CHECK or  PCRE_NO_UTF32_CHECK  option
+       is used).
+
+       PCRE  does  not  allow \C to appear in lookbehind assertions (described
+       below) in a UTF mode, because this would make it impossible  to  calcu-
+       late the length of the lookbehind.
+
+       In general, the \C escape sequence is best avoided. However, one way of
+       using it that avoids the problem of malformed UTF characters is to  use
+       a  lookahead to check the length of the next character, as in this pat-
+       tern, which could be used with a UTF-8 string (ignore white  space  and
+       line breaks):
+
+         (?| (?=[\x00-\x7f])(\C) |
+             (?=[\x80-\x{7ff}])(\C)(\C) |
+             (?=[\x{800}-\x{ffff}])(\C)(\C)(\C) |
+             (?=[\x{10000}-\x{1fffff}])(\C)(\C)(\C)(\C))
+
+       A  group  that starts with (?| resets the capturing parentheses numbers
+       in each alternative (see "Duplicate  Subpattern  Numbers"  below).  The
+       assertions  at  the start of each branch check the next UTF-8 character
+       for values whose encoding uses 1, 2, 3, or 4 bytes,  respectively.  The
+       character's  individual bytes are then captured by the appropriate num-
+       ber of groups.
+
+
+SQUARE BRACKETS AND CHARACTER CLASSES
+
+       An opening square bracket introduces a character class, terminated by a
+       closing square bracket. A closing square bracket on its own is not spe-
+       cial by default.  However, if the PCRE_JAVASCRIPT_COMPAT option is set,
+       a lone closing square bracket causes a compile-time error. If a closing
+       square bracket is required as a member of the class, it should  be  the
+       first  data  character  in  the  class (after an initial circumflex, if
+       present) or escaped with a backslash.
+
+       A character class matches a single character in the subject. In  a  UTF
+       mode,  the  character  may  be  more than one data unit long. A matched
+       character must be in the set of characters defined by the class, unless
+       the  first  character in the class definition is a circumflex, in which
+       case the subject character must not be in the set defined by the class.
+       If  a  circumflex is actually required as a member of the class, ensure
+       it is not the first character, or escape it with a backslash.
+
+       For example, the character class [aeiou] matches any lower case  vowel,
+       while  [^aeiou]  matches  any character that is not a lower case vowel.
+       Note that a circumflex is just a convenient notation for specifying the
+       characters  that  are in the class by enumerating those that are not. A
+       class that starts with a circumflex is not an assertion; it still  con-
+       sumes  a  character  from the subject string, and therefore it fails if
+       the current pointer is at the end of the string.
+
+       In UTF-8 (UTF-16, UTF-32) mode, characters with values greater than 255
+       (0xffff)  can be included in a class as a literal string of data units,
+       or by using the \x{ escaping mechanism.
+
+       When caseless matching is set, any letters in a  class  represent  both
+       their  upper  case  and lower case versions, so for example, a caseless
+       [aeiou] matches "A" as well as "a", and a caseless  [^aeiou]  does  not
+       match  "A", whereas a caseful version would. In a UTF mode, PCRE always
+       understands the concept of case for characters whose  values  are  less
+       than  128, so caseless matching is always possible. For characters with
+       higher values, the concept of case is supported  if  PCRE  is  compiled
+       with  Unicode  property support, but not otherwise.  If you want to use
+       caseless matching in a UTF mode for characters 128 and above, you  must
+       ensure  that  PCRE is compiled with Unicode property support as well as
+       with UTF support.
+
+       Characters that might indicate line breaks are  never  treated  in  any
+       special  way  when  matching  character  classes,  whatever line-ending
+       sequence is in  use,  and  whatever  setting  of  the  PCRE_DOTALL  and
+       PCRE_MULTILINE options is used. A class such as [^a] always matches one
+       of these characters.
+
+       The minus (hyphen) character can be used to specify a range of  charac-
+       ters  in  a  character  class.  For  example,  [d-m] matches any letter
+       between d and m, inclusive. If a  minus  character  is  required  in  a
+       class,  it  must  be  escaped  with a backslash or appear in a position
+       where it cannot be interpreted as indicating a range, typically as  the
+       first or last character in the class, or immediately after a range. For
+       example, [b-d-z] matches letters in the range b to d, a hyphen  charac-
+       ter, or z.
+
+       It is not possible to have the literal character "]" as the end charac-
+       ter of a range. A pattern such as [W-]46] is interpreted as a class  of
+       two  characters ("W" and "-") followed by a literal string "46]", so it
+       would match "W46]" or "-46]". However, if the "]"  is  escaped  with  a
+       backslash  it is interpreted as the end of range, so [W-\]46] is inter-
+       preted as a class containing a range followed by two other  characters.
+       The  octal or hexadecimal representation of "]" can also be used to end
+       a range.
+
+       An error is generated if a POSIX character  class  (see  below)  or  an
+       escape  sequence other than one that defines a single character appears
+       at a point where a range ending character  is  expected.  For  example,
+       [z-\xff] is valid, but [A-\d] and [A-[:digit:]] are not.
+
+       Ranges  operate in the collating sequence of character values. They can
+       also  be  used  for  characters  specified  numerically,  for   example
+       [\000-\037].  Ranges  can include any characters that are valid for the
+       current mode.
+
+       If a range that includes letters is used when caseless matching is set,
+       it matches the letters in either case. For example, [W-c] is equivalent
+       to [][\\^_`wxyzabc], matched caselessly, and  in  a  non-UTF  mode,  if
+       character  tables  for  a French locale are in use, [\xc8-\xcb] matches
+       accented E characters in both cases. In UTF modes,  PCRE  supports  the
+       concept  of  case for characters with values greater than 128 only when
+       it is compiled with Unicode property support.
+
+       The character escape sequences \d, \D, \h, \H, \p, \P, \s, \S, \v,  \V,
+       \w, and \W may appear in a character class, and add the characters that
+       they match to the class. For example, [\dABCDEF] matches any  hexadeci-
+       mal  digit.  In  UTF modes, the PCRE_UCP option affects the meanings of
+       \d, \s, \w and their upper case partners, just as  it  does  when  they
+       appear  outside a character class, as described in the section entitled
+       "Generic character types" above. The escape sequence \b has a different
+       meaning  inside  a character class; it matches the backspace character.
+       The sequences \B, \N, \R, and \X are not  special  inside  a  character
+       class.  Like  any other unrecognized escape sequences, they are treated
+       as the literal characters "B", "N", "R", and "X" by default, but  cause
+       an error if the PCRE_EXTRA option is set.
+
+       A  circumflex  can  conveniently  be used with the upper case character
+       types to specify a more restricted set of characters than the  matching
+       lower  case  type.  For example, the class [^\W_] matches any letter or
+       digit, but not underscore, whereas [\w] includes underscore. A positive
+       character class should be read as "something OR something OR ..." and a
+       negative class as "NOT something AND NOT something AND NOT ...".
+
+       The only metacharacters that are recognized in  character  classes  are
+       backslash,  hyphen  (only  where  it can be interpreted as specifying a
+       range), circumflex (only at the start), opening  square  bracket  (only
+       when  it can be interpreted as introducing a POSIX class name, or for a
+       special compatibility feature - see the next  two  sections),  and  the
+       terminating  closing  square  bracket.  However,  escaping  other  non-
+       alphanumeric characters does no harm.
+
+
+POSIX CHARACTER CLASSES
+
+       Perl supports the POSIX notation for character classes. This uses names
+       enclosed  by  [: and :] within the enclosing square brackets. PCRE also
+       supports this notation. For example,
+
+         [01[:alpha:]%]
+
+       matches "0", "1", any alphabetic character, or "%". The supported class
+       names are:
+
+         alnum    letters and digits
+         alpha    letters
+         ascii    character codes 0 - 127
+         blank    space or tab only
+         cntrl    control characters
+         digit    decimal digits (same as \d)
+         graph    printing characters, excluding space
+         lower    lower case letters
+         print    printing characters, including space
+         punct    printing characters, excluding letters and digits and space
+         space    white space (the same as \s from PCRE 8.34)
+         upper    upper case letters
+         word     "word" characters (same as \w)
+         xdigit   hexadecimal digits
+
+       The  default  "space" characters are HT (9), LF (10), VT (11), FF (12),
+       CR (13), and space (32). If locale-specific matching is  taking  place,
+       the  list  of  space characters may be different; there may be fewer or
+       more of them. "Space" used to be different to \s, which did not include
+       VT, for Perl compatibility.  However, Perl changed at release 5.18, and
+       PCRE followed at release 8.34.  "Space" and \s now match the  same  set
+       of characters.
+
+       The  name  "word"  is  a Perl extension, and "blank" is a GNU extension
+       from Perl 5.8. Another Perl extension is negation, which  is  indicated
+       by a ^ character after the colon. For example,
+
+         [12[:^digit:]]
+
+       matches  "1", "2", or any non-digit. PCRE (and Perl) also recognize the
+       POSIX syntax [.ch.] and [=ch=] where "ch" is a "collating element", but
+       these are not supported, and an error is given if they are encountered.
+
+       By default, characters with values greater than 128 do not match any of
+       the POSIX character classes. However, if the PCRE_UCP option is  passed
+       to  pcre_compile(),  some  of  the  classes are changed so that Unicode
+       character properties are used. This is achieved  by  replacing  certain
+       POSIX classes by other sequences, as follows:
+
+         [:alnum:]  becomes  \p{Xan}
+         [:alpha:]  becomes  \p{L}
+         [:blank:]  becomes  \h
+         [:digit:]  becomes  \p{Nd}
+         [:lower:]  becomes  \p{Ll}
+         [:space:]  becomes  \p{Xps}
+         [:upper:]  becomes  \p{Lu}
+         [:word:]   becomes  \p{Xwd}
+
+       Negated  versions, such as [:^alpha:] use \P instead of \p. Three other
+       POSIX classes are handled specially in UCP mode:
+
+       [:graph:] This matches characters that have glyphs that mark  the  page
+                 when printed. In Unicode property terms, it matches all char-
+                 acters with the L, M, N, P, S, or Cf properties, except for:
+
+                   U+061C           Arabic Letter Mark
+                   U+180E           Mongolian Vowel Separator
+                   U+2066 - U+2069  Various "isolate"s
+
+
+       [:print:] This matches the same  characters  as  [:graph:]  plus  space
+                 characters  that  are  not controls, that is, characters with
+                 the Zs property.
+
+       [:punct:] This matches all characters that have the Unicode P (punctua-
+                 tion)  property,  plus those characters whose code points are
+                 less than 128 that have the S (Symbol) property.
+
+       The other POSIX classes are unchanged, and match only  characters  with
+       code points less than 128.
+
+
+COMPATIBILITY FEATURE FOR WORD BOUNDARIES
+
+       In  the POSIX.2 compliant library that was included in 4.4BSD Unix, the
+       ugly syntax [[:<:]] and [[:>:]] is used for matching  "start  of  word"
+       and "end of word". PCRE treats these items as follows:
+
+         [[:<:]]  is converted to  \b(?=\w)
+         [[:>:]]  is converted to  \b(?<=\w)
+
+       Only these exact character sequences are recognized. A sequence such as
+       [a[:<:]b] provokes error for an unrecognized  POSIX  class  name.  This
+       support  is not compatible with Perl. It is provided to help migrations
+       from other environments, and is best not used in any new patterns. Note
+       that  \b matches at the start and the end of a word (see "Simple asser-
+       tions" above), and in a Perl-style pattern the preceding  or  following
+       character  normally  shows  which  is  wanted, without the need for the
+       assertions that are used above in order to give exactly the  POSIX  be-
+       haviour.
+
+
+VERTICAL BAR
+
+       Vertical  bar characters are used to separate alternative patterns. For
+       example, the pattern
+
+         gilbert|sullivan
+
+       matches either "gilbert" or "sullivan". Any number of alternatives  may
+       appear,  and  an  empty  alternative  is  permitted (matching the empty
+       string). The matching process tries each alternative in turn, from left
+       to  right, and the first one that succeeds is used. If the alternatives
+       are within a subpattern (defined below), "succeeds" means matching  the
+       rest of the main pattern as well as the alternative in the subpattern.
+
+
+INTERNAL OPTION SETTING
+
+       The  settings  of  the  PCRE_CASELESS, PCRE_MULTILINE, PCRE_DOTALL, and
+       PCRE_EXTENDED options (which are Perl-compatible) can be  changed  from
+       within  the  pattern  by  a  sequence  of  Perl option letters enclosed
+       between "(?" and ")".  The option letters are
+
+         i  for PCRE_CASELESS
+         m  for PCRE_MULTILINE
+         s  for PCRE_DOTALL
+         x  for PCRE_EXTENDED
+
+       For example, (?im) sets caseless, multiline matching. It is also possi-
+       ble to unset these options by preceding the letter with a hyphen, and a
+       combined setting and unsetting such as (?im-sx), which sets  PCRE_CASE-
+       LESS  and PCRE_MULTILINE while unsetting PCRE_DOTALL and PCRE_EXTENDED,
+       is also permitted. If a  letter  appears  both  before  and  after  the
+       hyphen, the option is unset.
+
+       The  PCRE-specific options PCRE_DUPNAMES, PCRE_UNGREEDY, and PCRE_EXTRA
+       can be changed in the same way as the Perl-compatible options by  using
+       the characters J, U and X respectively.
+
+       When  one  of  these  option  changes occurs at top level (that is, not
+       inside subpattern parentheses), the change applies to the remainder  of
+       the  pattern  that  follows.  An option change within a subpattern (see
+       below for a description of subpatterns) affects only that part  of  the
+       subpattern that follows it, so
+
+         (a(?i)b)c
+
+       matches abc and aBc and no other strings (assuming PCRE_CASELESS is not
+       used).  By this means, options can be made to have  different  settings
+       in  different parts of the pattern. Any changes made in one alternative
+       do carry on into subsequent branches within the  same  subpattern.  For
+       example,
+
+         (a(?i)b|c)
+
+       matches  "ab",  "aB",  "c",  and "C", even though when matching "C" the
+       first branch is abandoned before the option setting.  This  is  because
+       the  effects  of option settings happen at compile time. There would be
+       some very weird behaviour otherwise.
+
+       Note: There are other PCRE-specific options that  can  be  set  by  the
+       application  when  the  compiling  or matching functions are called. In
+       some cases the pattern can contain special leading  sequences  such  as
+       (*CRLF)  to  override  what  the  application  has set or what has been
+       defaulted.  Details  are  given  in  the  section   entitled   "Newline
+       sequences"  above.  There  are also the (*UTF8), (*UTF16),(*UTF32), and
+       (*UCP) leading sequences that can be used to set UTF and Unicode  prop-
+       erty  modes;  they are equivalent to setting the PCRE_UTF8, PCRE_UTF16,
+       PCRE_UTF32 and the PCRE_UCP options, respectively. The (*UTF)  sequence
+       is  a  generic version that can be used with any of the libraries. How-
+       ever, the application can set the PCRE_NEVER_UTF  option,  which  locks
+       out the use of the (*UTF) sequences.
+
+
+SUBPATTERNS
+
+       Subpatterns are delimited by parentheses (round brackets), which can be
+       nested.  Turning part of a pattern into a subpattern does two things:
+
+       1. It localizes a set of alternatives. For example, the pattern
+
+         cat(aract|erpillar|)
+
+       matches "cataract", "caterpillar", or "cat". Without  the  parentheses,
+       it would match "cataract", "erpillar" or an empty string.
+
+       2.  It  sets  up  the  subpattern as a capturing subpattern. This means
+       that, when the whole pattern  matches,  that  portion  of  the  subject
+       string that matched the subpattern is passed back to the caller via the
+       ovector argument of the matching function. (This applies  only  to  the
+       traditional  matching functions; the DFA matching functions do not sup-
+       port capturing.)
+
+       Opening parentheses are counted from left to right (starting from 1) to
+       obtain  numbers  for  the  capturing  subpatterns.  For example, if the
+       string "the red king" is matched against the pattern
+
+         the ((red|white) (king|queen))
+
+       the captured substrings are "red king", "red", and "king", and are num-
+       bered 1, 2, and 3, respectively.
+
+       The  fact  that  plain  parentheses  fulfil two functions is not always
+       helpful.  There are often times when a grouping subpattern is  required
+       without  a capturing requirement. If an opening parenthesis is followed
+       by a question mark and a colon, the subpattern does not do any  captur-
+       ing,  and  is  not  counted when computing the number of any subsequent
+       capturing subpatterns. For example, if the string "the white queen"  is
+       matched against the pattern
+
+         the ((?:red|white) (king|queen))
+
+       the captured substrings are "white queen" and "queen", and are numbered
+       1 and 2. The maximum number of capturing subpatterns is 65535.
+
+       As a convenient shorthand, if any option settings are required  at  the
+       start  of  a  non-capturing  subpattern,  the option letters may appear
+       between the "?" and the ":". Thus the two patterns
+
+         (?i:saturday|sunday)
+         (?:(?i)saturday|sunday)
+
+       match exactly the same set of strings. Because alternative branches are
+       tried  from  left  to right, and options are not reset until the end of
+       the subpattern is reached, an option setting in one branch does  affect
+       subsequent  branches,  so  the above patterns match "SUNDAY" as well as
+       "Saturday".
+
+
+DUPLICATE SUBPATTERN NUMBERS
+
+       Perl 5.10 introduced a feature whereby each alternative in a subpattern
+       uses  the same numbers for its capturing parentheses. Such a subpattern
+       starts with (?| and is itself a non-capturing subpattern. For  example,
+       consider this pattern:
+
+         (?|(Sat)ur|(Sun))day
+
+       Because  the two alternatives are inside a (?| group, both sets of cap-
+       turing parentheses are numbered one. Thus, when  the  pattern  matches,
+       you  can  look  at captured substring number one, whichever alternative
+       matched. This construct is useful when you want to  capture  part,  but
+       not all, of one of a number of alternatives. Inside a (?| group, paren-
+       theses are numbered as usual, but the number is reset at the  start  of
+       each  branch.  The numbers of any capturing parentheses that follow the
+       subpattern start after the highest number used in any branch. The  fol-
+       lowing example is taken from the Perl documentation. The numbers under-
+       neath show in which buffer the captured content will be stored.
+
+         # before  ---------------branch-reset----------- after
+         / ( a )  (?| x ( y ) z | (p (q) r) | (t) u (v) ) ( z ) /x
+         # 1            2         2  3        2     3     4
+
+       A back reference to a numbered subpattern uses the  most  recent  value
+       that  is  set  for that number by any subpattern. The following pattern
+       matches "abcabc" or "defdef":
+
+         /(?|(abc)|(def))\1/
+
+       In contrast, a subroutine call to a numbered subpattern  always  refers
+       to  the  first  one in the pattern with the given number. The following
+       pattern matches "abcabc" or "defabc":
+
+         /(?|(abc)|(def))(?1)/
+
+       If a condition test for a subpattern's having matched refers to a  non-
+       unique  number, the test is true if any of the subpatterns of that num-
+       ber have matched.
+
+       An alternative approach to using this "branch reset" feature is to  use
+       duplicate named subpatterns, as described in the next section.
+
+
+NAMED SUBPATTERNS
+
+       Identifying  capturing  parentheses  by number is simple, but it can be
+       very hard to keep track of the numbers in complicated  regular  expres-
+       sions.  Furthermore,  if  an  expression  is  modified, the numbers may
+       change. To help with this difficulty, PCRE supports the naming of  sub-
+       patterns. This feature was not added to Perl until release 5.10. Python
+       had the feature earlier, and PCRE introduced it at release  4.0,  using
+       the  Python syntax. PCRE now supports both the Perl and the Python syn-
+       tax. Perl allows identically numbered  subpatterns  to  have  different
+       names, but PCRE does not.
+
+       In  PCRE,  a subpattern can be named in one of three ways: (?<name>...)
+       or (?'name'...) as in Perl, or (?P<name>...) as in  Python.  References
+       to  capturing parentheses from other parts of the pattern, such as back
+       references, recursion, and conditions, can be made by name as  well  as
+       by number.
+
+       Names  consist of up to 32 alphanumeric characters and underscores, but
+       must start with a non-digit.  Named  capturing  parentheses  are  still
+       allocated  numbers  as  well as names, exactly as if the names were not
+       present. The PCRE API provides function calls for extracting the  name-
+       to-number  translation  table  from a compiled pattern. There is also a
+       convenience function for extracting a captured substring by name.
+
+       By default, a name must be unique within a pattern, but it is  possible
+       to relax this constraint by setting the PCRE_DUPNAMES option at compile
+       time. (Duplicate names are also always permitted for  subpatterns  with
+       the  same  number, set up as described in the previous section.) Dupli-
+       cate names can be useful for patterns where only one  instance  of  the
+       named  parentheses  can  match. Suppose you want to match the name of a
+       weekday, either as a 3-letter abbreviation or as the full name, and  in
+       both cases you want to extract the abbreviation. This pattern (ignoring
+       the line breaks) does the job:
+
+         (?<DN>Mon|Fri|Sun)(?:day)?|
+         (?<DN>Tue)(?:sday)?|
+         (?<DN>Wed)(?:nesday)?|
+         (?<DN>Thu)(?:rsday)?|
+         (?<DN>Sat)(?:urday)?
+
+       There are five capturing substrings, but only one is ever set  after  a
+       match.  (An alternative way of solving this problem is to use a "branch
+       reset" subpattern, as described in the previous section.)
+
+       The convenience function for extracting the data by  name  returns  the
+       substring  for  the first (and in this example, the only) subpattern of
+       that name that matched. This saves searching  to  find  which  numbered
+       subpattern it was.
+
+       If  you  make  a  back  reference to a non-unique named subpattern from
+       elsewhere in the pattern, the subpatterns to which the name refers  are
+       checked  in  the order in which they appear in the overall pattern. The
+       first one that is set is used for the reference. For example, this pat-
+       tern matches both "foofoo" and "barbar" but not "foobar" or "barfoo":
+
+         (?:(?<n>foo)|(?<n>bar))\k<n>
+
+
+       If you make a subroutine call to a non-unique named subpattern, the one
+       that corresponds to the first occurrence of the name is  used.  In  the
+       absence of duplicate numbers (see the previous section) this is the one
+       with the lowest number.
+
+       If you use a named reference in a condition test (see the section about
+       conditions below), either to check whether a subpattern has matched, or
+       to check for recursion, all subpatterns with the same name are  tested.
+       If  the condition is true for any one of them, the overall condition is
+       true. This is the same behaviour as  testing  by  number.  For  further
+       details  of  the  interfaces  for  handling  named subpatterns, see the
+       pcreapi documentation.
+
+       Warning: You cannot use different names to distinguish between two sub-
+       patterns  with  the same number because PCRE uses only the numbers when
+       matching. For this reason, an error is given at compile time if differ-
+       ent  names  are given to subpatterns with the same number. However, you
+       can always give the same name to subpatterns with the same number, even
+       when PCRE_DUPNAMES is not set.
+
+
+REPETITION
+
+       Repetition  is  specified  by  quantifiers, which can follow any of the
+       following items:
+
+         a literal data character
+         the dot metacharacter
+         the \C escape sequence
+         the \X escape sequence
+         the \R escape sequence
+         an escape such as \d or \pL that matches a single character
+         a character class
+         a back reference (see next section)
+         a parenthesized subpattern (including assertions)
+         a subroutine call to a subpattern (recursive or otherwise)
+
+       The general repetition quantifier specifies a minimum and maximum  num-
+       ber  of  permitted matches, by giving the two numbers in curly brackets
+       (braces), separated by a comma. The numbers must be  less  than  65536,
+       and the first must be less than or equal to the second. For example:
+
+         z{2,4}
+
+       matches  "zz",  "zzz",  or  "zzzz". A closing brace on its own is not a
+       special character. If the second number is omitted, but  the  comma  is
+       present,  there  is  no upper limit; if the second number and the comma
+       are both omitted, the quantifier specifies an exact number of  required
+       matches. Thus
+
+         [aeiou]{3,}
+
+       matches at least 3 successive vowels, but may match many more, while
+
+         \d{8}
+
+       matches  exactly  8  digits. An opening curly bracket that appears in a
+       position where a quantifier is not allowed, or one that does not  match
+       the  syntax of a quantifier, is taken as a literal character. For exam-
+       ple, {,6} is not a quantifier, but a literal string of four characters.
+
+       In UTF modes, quantifiers apply to characters rather than to individual
+       data  units. Thus, for example, \x{100}{2} matches two characters, each
+       of which is represented by a two-byte sequence in a UTF-8 string. Simi-
+       larly,  \X{3} matches three Unicode extended grapheme clusters, each of
+       which may be several data units long (and  they  may  be  of  different
+       lengths).
+
+       The quantifier {0} is permitted, causing the expression to behave as if
+       the previous item and the quantifier were not present. This may be use-
+       ful  for  subpatterns that are referenced as subroutines from elsewhere
+       in the pattern (but see also the section entitled "Defining subpatterns
+       for  use  by  reference only" below). Items other than subpatterns that
+       have a {0} quantifier are omitted from the compiled pattern.
+
+       For convenience, the three most common quantifiers have  single-charac-
+       ter abbreviations:
+
+         *    is equivalent to {0,}
+         +    is equivalent to {1,}
+         ?    is equivalent to {0,1}
+
+       It  is  possible  to construct infinite loops by following a subpattern
+       that can match no characters with a quantifier that has no upper limit,
+       for example:
+
+         (a?)*
+
+       Earlier versions of Perl and PCRE used to give an error at compile time
+       for such patterns. However, because there are cases where this  can  be
+       useful,  such  patterns  are now accepted, but if any repetition of the
+       subpattern does in fact match no characters, the loop is forcibly  bro-
+       ken.
+
+       By  default,  the quantifiers are "greedy", that is, they match as much
+       as possible (up to the maximum  number  of  permitted  times),  without
+       causing  the  rest of the pattern to fail. The classic example of where
+       this gives problems is in trying to match comments in C programs. These
+       appear  between  /*  and  */ and within the comment, individual * and /
+       characters may appear. An attempt to match C comments by  applying  the
+       pattern
+
+         /\*.*\*/
+
+       to the string
+
+         /* first comment */  not comment  /* second comment */
+
+       fails,  because it matches the entire string owing to the greediness of
+       the .*  item.
+
+       However, if a quantifier is followed by a question mark, it  ceases  to
+       be greedy, and instead matches the minimum number of times possible, so
+       the pattern
+
+         /\*.*?\*/
+
+       does the right thing with the C comments. The meaning  of  the  various
+       quantifiers  is  not  otherwise  changed,  just the preferred number of
+       matches.  Do not confuse this use of question mark with its  use  as  a
+       quantifier  in its own right. Because it has two uses, it can sometimes
+       appear doubled, as in
+
+         \d??\d
+
+       which matches one digit by preference, but can match two if that is the
+       only way the rest of the pattern matches.
+
+       If  the PCRE_UNGREEDY option is set (an option that is not available in
+       Perl), the quantifiers are not greedy by default, but  individual  ones
+       can  be  made  greedy  by following them with a question mark. In other
+       words, it inverts the default behaviour.
+
+       When a parenthesized subpattern is quantified  with  a  minimum  repeat
+       count  that is greater than 1 or with a limited maximum, more memory is
+       required for the compiled pattern, in proportion to  the  size  of  the
+       minimum or maximum.
+
+       If a pattern starts with .* or .{0,} and the PCRE_DOTALL option (equiv-
+       alent to Perl's /s) is set, thus allowing the dot  to  match  newlines,
+       the  pattern  is  implicitly anchored, because whatever follows will be
+       tried against every character position in the subject string, so  there
+       is  no  point  in  retrying the overall match at any position after the
+       first. PCRE normally treats such a pattern as though it  were  preceded
+       by \A.
+
+       In  cases  where  it  is known that the subject string contains no new-
+       lines, it is worth setting PCRE_DOTALL in order to  obtain  this  opti-
+       mization, or alternatively using ^ to indicate anchoring explicitly.
+
+       However,  there  are  some cases where the optimization cannot be used.
+       When .*  is inside capturing parentheses that are the subject of a back
+       reference elsewhere in the pattern, a match at the start may fail where
+       a later one succeeds. Consider, for example:
+
+         (.*)abc\1
+
+       If the subject is "xyz123abc123" the match point is the fourth  charac-
+       ter. For this reason, such a pattern is not implicitly anchored.
+
+       Another  case where implicit anchoring is not applied is when the lead-
+       ing .* is inside an atomic group. Once again, a match at the start  may
+       fail where a later one succeeds. Consider this pattern:
+
+         (?>.*?a)b
+
+       It  matches "ab" in the subject "aab". The use of the backtracking con-
+       trol verbs (*PRUNE) and (*SKIP) also disable this optimization.
+
+       When a capturing subpattern is repeated, the value captured is the sub-
+       string that matched the final iteration. For example, after
+
+         (tweedle[dume]{3}\s*)+
+
+       has matched "tweedledum tweedledee" the value of the captured substring
+       is "tweedledee". However, if there are  nested  capturing  subpatterns,
+       the  corresponding captured values may have been set in previous itera-
+       tions. For example, after
+
+         /(a|(b))+/
+
+       matches "aba" the value of the second captured substring is "b".
+
+
+ATOMIC GROUPING AND POSSESSIVE QUANTIFIERS
+
+       With both maximizing ("greedy") and minimizing ("ungreedy"  or  "lazy")
+       repetition,  failure  of what follows normally causes the repeated item
+       to be re-evaluated to see if a different number of repeats  allows  the
+       rest  of  the pattern to match. Sometimes it is useful to prevent this,
+       either to change the nature of the match, or to cause it  fail  earlier
+       than  it otherwise might, when the author of the pattern knows there is
+       no point in carrying on.
+
+       Consider, for example, the pattern \d+foo when applied to  the  subject
+       line
+
+         123456bar
+
+       After matching all 6 digits and then failing to match "foo", the normal
+       action of the matcher is to try again with only 5 digits  matching  the
+       \d+  item,  and  then  with  4,  and  so on, before ultimately failing.
+       "Atomic grouping" (a term taken from Jeffrey  Friedl's  book)  provides
+       the  means for specifying that once a subpattern has matched, it is not
+       to be re-evaluated in this way.
+
+       If we use atomic grouping for the previous example, the  matcher  gives
+       up  immediately  on failing to match "foo" the first time. The notation
+       is a kind of special parenthesis, starting with (?> as in this example:
+
+         (?>\d+)foo
+
+       This kind of parenthesis "locks up" the  part of the  pattern  it  con-
+       tains  once  it  has matched, and a failure further into the pattern is
+       prevented from backtracking into it. Backtracking past it  to  previous
+       items, however, works as normal.
+
+       An  alternative  description  is that a subpattern of this type matches
+       the string of characters that an  identical  standalone  pattern  would
+       match, if anchored at the current point in the subject string.
+
+       Atomic grouping subpatterns are not capturing subpatterns. Simple cases
+       such as the above example can be thought of as a maximizing repeat that
+       must  swallow  everything  it can. So, while both \d+ and \d+? are pre-
+       pared to adjust the number of digits they match in order  to  make  the
+       rest of the pattern match, (?>\d+) can only match an entire sequence of
+       digits.
+
+       Atomic groups in general can of course contain arbitrarily  complicated
+       subpatterns,  and  can  be  nested. However, when the subpattern for an
+       atomic group is just a single repeated item, as in the example above, a
+       simpler  notation,  called  a "possessive quantifier" can be used. This
+       consists of an additional + character  following  a  quantifier.  Using
+       this notation, the previous example can be rewritten as
+
+         \d++foo
+
+       Note that a possessive quantifier can be used with an entire group, for
+       example:
+
+         (abc|xyz){2,3}+
+
+       Possessive  quantifiers  are  always  greedy;  the   setting   of   the
+       PCRE_UNGREEDY option is ignored. They are a convenient notation for the
+       simpler forms of atomic group. However, there is no difference  in  the
+       meaning  of  a  possessive  quantifier and the equivalent atomic group,
+       though there may be a performance  difference;  possessive  quantifiers
+       should be slightly faster.
+
+       The  possessive  quantifier syntax is an extension to the Perl 5.8 syn-
+       tax.  Jeffrey Friedl originated the idea (and the name)  in  the  first
+       edition of his book. Mike McCloskey liked it, so implemented it when he
+       built Sun's Java package, and PCRE copied it from there. It  ultimately
+       found its way into Perl at release 5.10.
+
+       PCRE has an optimization that automatically "possessifies" certain sim-
+       ple pattern constructs. For example, the sequence  A+B  is  treated  as
+       A++B  because  there is no point in backtracking into a sequence of A's
+       when B must follow.
+
+       When a pattern contains an unlimited repeat inside  a  subpattern  that
+       can  itself  be  repeated  an  unlimited number of times, the use of an
+       atomic group is the only way to avoid some  failing  matches  taking  a
+       very long time indeed. The pattern
+
+         (\D+|<\d+>)*[!?]
+
+       matches  an  unlimited number of substrings that either consist of non-
+       digits, or digits enclosed in <>, followed by either ! or  ?.  When  it
+       matches, it runs quickly. However, if it is applied to
+
+         aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa
+
+       it  takes  a  long  time  before reporting failure. This is because the
+       string can be divided between the internal \D+ repeat and the  external
+       *  repeat  in  a  large  number of ways, and all have to be tried. (The
+       example uses [!?] rather than a single character at  the  end,  because
+       both  PCRE  and  Perl have an optimization that allows for fast failure
+       when a single character is used. They remember the last single  charac-
+       ter  that  is required for a match, and fail early if it is not present
+       in the string.) If the pattern is changed so that  it  uses  an  atomic
+       group, like this:
+
+         ((?>\D+)|<\d+>)*[!?]
+
+       sequences of non-digits cannot be broken, and failure happens quickly.
+
+
+BACK REFERENCES
+
+       Outside a character class, a backslash followed by a digit greater than
+       0 (and possibly further digits) is a back reference to a capturing sub-
+       pattern  earlier  (that is, to its left) in the pattern, provided there
+       have been that many previous capturing left parentheses.
+
+       However, if the decimal number following the backslash is less than 10,
+       it  is  always  taken  as a back reference, and causes an error only if
+       there are not that many capturing left parentheses in the  entire  pat-
+       tern.  In  other words, the parentheses that are referenced need not be
+       to the left of the reference for numbers less than 10. A "forward  back
+       reference"  of  this  type can make sense when a repetition is involved
+       and the subpattern to the right has participated in an  earlier  itera-
+       tion.
+
+       It  is  not  possible to have a numerical "forward back reference" to a
+       subpattern whose number is 10 or  more  using  this  syntax  because  a
+       sequence  such  as  \50 is interpreted as a character defined in octal.
+       See the subsection entitled "Non-printing characters" above for further
+       details  of  the  handling of digits following a backslash. There is no
+       such problem when named parentheses are used. A back reference  to  any
+       subpattern is possible using named parentheses (see below).
+
+       Another  way  of  avoiding  the ambiguity inherent in the use of digits
+       following a backslash is to use the \g  escape  sequence.  This  escape
+       must be followed by an unsigned number or a negative number, optionally
+       enclosed in braces. These examples are all identical:
+
+         (ring), \1
+         (ring), \g1
+         (ring), \g{1}
+
+       An unsigned number specifies an absolute reference without the  ambigu-
+       ity that is present in the older syntax. It is also useful when literal
+       digits follow the reference. A negative number is a relative reference.
+       Consider this example:
+
+         (abc(def)ghi)\g{-1}
+
+       The sequence \g{-1} is a reference to the most recently started captur-
+       ing subpattern before \g, that is, is it equivalent to \2 in this exam-
+       ple.   Similarly, \g{-2} would be equivalent to \1. The use of relative
+       references can be helpful in long patterns, and also in  patterns  that
+       are  created  by  joining  together  fragments  that contain references
+       within themselves.
+
+       A back reference matches whatever actually matched the  capturing  sub-
+       pattern  in  the  current subject string, rather than anything matching
+       the subpattern itself (see "Subpatterns as subroutines" below for a way
+       of doing that). So the pattern
+
+         (sens|respons)e and \1ibility
+
+       matches  "sense and sensibility" and "response and responsibility", but
+       not "sense and responsibility". If caseful matching is in force at  the
+       time  of the back reference, the case of letters is relevant. For exam-
+       ple,
+
+         ((?i)rah)\s+\1
+
+       matches "rah rah" and "RAH RAH", but not "RAH  rah",  even  though  the
+       original capturing subpattern is matched caselessly.
+
+       There  are  several  different ways of writing back references to named
+       subpatterns. The .NET syntax \k{name} and the Perl syntax  \k<name>  or
+       \k'name'  are supported, as is the Python syntax (?P=name). Perl 5.10's
+       unified back reference syntax, in which \g can be used for both numeric
+       and  named  references,  is  also supported. We could rewrite the above
+       example in any of the following ways:
+
+         (?<p1>(?i)rah)\s+\k<p1>
+         (?'p1'(?i)rah)\s+\k{p1}
+         (?P<p1>(?i)rah)\s+(?P=p1)
+         (?<p1>(?i)rah)\s+\g{p1}
+
+       A subpattern that is referenced by  name  may  appear  in  the  pattern
+       before or after the reference.
+
+       There  may be more than one back reference to the same subpattern. If a
+       subpattern has not actually been used in a particular match,  any  back
+       references to it always fail by default. For example, the pattern
+
+         (a|(bc))\2
+
+       always  fails  if  it starts to match "a" rather than "bc". However, if
+       the PCRE_JAVASCRIPT_COMPAT option is set at compile time, a back refer-
+       ence to an unset value matches an empty string.
+
+       Because  there may be many capturing parentheses in a pattern, all dig-
+       its following a backslash are taken as part of a potential back  refer-
+       ence  number.   If  the  pattern continues with a digit character, some
+       delimiter must  be  used  to  terminate  the  back  reference.  If  the
+       PCRE_EXTENDED  option  is  set, this can be white space. Otherwise, the
+       \g{ syntax or an empty comment (see "Comments" below) can be used.
+
+   Recursive back references
+
+       A back reference that occurs inside the parentheses to which it  refers
+       fails  when  the subpattern is first used, so, for example, (a\1) never
+       matches.  However, such references can be useful inside  repeated  sub-
+       patterns. For example, the pattern
+
+         (a|b\1)+
+
+       matches any number of "a"s and also "aba", "ababbaa" etc. At each iter-
+       ation of the subpattern,  the  back  reference  matches  the  character
+       string  corresponding  to  the previous iteration. In order for this to
+       work, the pattern must be such that the first iteration does  not  need
+       to  match the back reference. This can be done using alternation, as in
+       the example above, or by a quantifier with a minimum of zero.
+
+       Back references of this type cause the group that they reference to  be
+       treated  as  an atomic group.  Once the whole group has been matched, a
+       subsequent matching failure cannot cause backtracking into  the  middle
+       of the group.
+
+
+ASSERTIONS
+
+       An  assertion  is  a  test on the characters following or preceding the
+       current matching point that does not actually consume  any  characters.
+       The  simple  assertions  coded  as  \b, \B, \A, \G, \Z, \z, ^ and $ are
+       described above.
+
+       More complicated assertions are coded as  subpatterns.  There  are  two
+       kinds:  those  that  look  ahead of the current position in the subject
+       string, and those that look  behind  it.  An  assertion  subpattern  is
+       matched  in  the  normal way, except that it does not cause the current
+       matching position to be changed.
+
+       Assertion subpatterns are not capturing subpatterns. If such an  asser-
+       tion  contains  capturing  subpatterns within it, these are counted for
+       the purposes of numbering the capturing subpatterns in the  whole  pat-
+       tern.  However,  substring  capturing  is carried out only for positive
+       assertions. (Perl sometimes, but not always, does do capturing in nega-
+       tive assertions.)
+
+       WARNING:  If a positive assertion containing one or more capturing sub-
+       patterns succeeds, but failure to match later  in  the  pattern  causes
+       backtracking over this assertion, the captures within the assertion are
+       reset only if no higher numbered captures are  already  set.  This  is,
+       unfortunately,  a fundamental limitation of the current implementation,
+       and as PCRE1 is now in maintenance-only status, it is unlikely ever  to
+       change.
+
+       For  compatibility  with  Perl,  assertion subpatterns may be repeated;
+       though it makes no sense to assert the same thing  several  times,  the
+       side  effect  of  capturing  parentheses may occasionally be useful. In
+       practice, there only three cases:
+
+       (1) If the quantifier is {0}, the  assertion  is  never  obeyed  during
+       matching.   However,  it  may  contain internal capturing parenthesized
+       groups that are called from elsewhere via the subroutine mechanism.
+
+       (2) If quantifier is {0,n} where n is greater than zero, it is  treated
+       as  if  it  were  {0,1}.  At run time, the rest of the pattern match is
+       tried with and without the assertion, the order depending on the greed-
+       iness of the quantifier.
+
+       (3)  If  the minimum repetition is greater than zero, the quantifier is
+       ignored.  The assertion is obeyed just  once  when  encountered  during
+       matching.
+
+   Lookahead assertions
+
+       Lookahead assertions start with (?= for positive assertions and (?! for
+       negative assertions. For example,
+
+         \w+(?=;)
+
+       matches a word followed by a semicolon, but does not include the  semi-
+       colon in the match, and
+
+         foo(?!bar)
+
+       matches  any  occurrence  of  "foo" that is not followed by "bar". Note
+       that the apparently similar pattern
+
+         (?!foo)bar
+
+       does not find an occurrence of "bar"  that  is  preceded  by  something
+       other  than "foo"; it finds any occurrence of "bar" whatsoever, because
+       the assertion (?!foo) is always true when the next three characters are
+       "bar". A lookbehind assertion is needed to achieve the other effect.
+
+       If you want to force a matching failure at some point in a pattern, the
+       most convenient way to do it is  with  (?!)  because  an  empty  string
+       always  matches, so an assertion that requires there not to be an empty
+       string must always fail.  The backtracking control verb (*FAIL) or (*F)
+       is a synonym for (?!).
+
+   Lookbehind assertions
+
+       Lookbehind  assertions start with (?<= for positive assertions and (?<!
+       for negative assertions. For example,
+
+         (?<!foo)bar
+
+       does find an occurrence of "bar" that is not  preceded  by  "foo".  The
+       contents  of  a  lookbehind  assertion are restricted such that all the
+       strings it matches must have a fixed length. However, if there are sev-
+       eral  top-level  alternatives,  they  do  not all have to have the same
+       fixed length. Thus
+
+         (?<=bullock|donkey)
+
+       is permitted, but
+
+         (?<!dogs?|cats?)
+
+       causes an error at compile time. Branches that match  different  length
+       strings  are permitted only at the top level of a lookbehind assertion.
+       This is an extension compared with Perl, which requires all branches to
+       match the same length of string. An assertion such as
+
+         (?<=ab(c|de))
+
+       is  not  permitted,  because  its single top-level branch can match two
+       different lengths, but it is acceptable to PCRE if rewritten to use two
+       top-level branches:
+
+         (?<=abc|abde)
+
+       In  some  cases, the escape sequence \K (see above) can be used instead
+       of a lookbehind assertion to get round the fixed-length restriction.
+
+       The implementation of lookbehind assertions is, for  each  alternative,
+       to  temporarily  move the current position back by the fixed length and
+       then try to match. If there are insufficient characters before the cur-
+       rent position, the assertion fails.
+
+       In  a UTF mode, PCRE does not allow the \C escape (which matches a sin-
+       gle data unit even in a UTF mode) to appear in  lookbehind  assertions,
+       because  it  makes it impossible to calculate the length of the lookbe-
+       hind. The \X and \R escapes, which can match different numbers of  data
+       units, are also not permitted.
+
+       "Subroutine"  calls  (see below) such as (?2) or (?&X) are permitted in
+       lookbehinds, as long as the subpattern matches a  fixed-length  string.
+       Recursion, however, is not supported.
+
+       Possessive  quantifiers  can  be  used  in  conjunction with lookbehind
+       assertions to specify efficient matching of fixed-length strings at the
+       end of subject strings. Consider a simple pattern such as
+
+         abcd$
+
+       when  applied  to  a  long string that does not match. Because matching
+       proceeds from left to right, PCRE will look for each "a" in the subject
+       and  then  see  if what follows matches the rest of the pattern. If the
+       pattern is specified as
+
+         ^.*abcd$
+
+       the initial .* matches the entire string at first, but when this  fails
+       (because there is no following "a"), it backtracks to match all but the
+       last character, then all but the last two characters, and so  on.  Once
+       again  the search for "a" covers the entire string, from right to left,
+       so we are no better off. However, if the pattern is written as
+
+         ^.*+(?<=abcd)
+
+       there can be no backtracking for the .*+ item; it can  match  only  the
+       entire  string.  The subsequent lookbehind assertion does a single test
+       on the last four characters. If it fails, the match fails  immediately.
+       For  long  strings, this approach makes a significant difference to the
+       processing time.
+
+   Using multiple assertions
+
+       Several assertions (of any sort) may occur in succession. For example,
+
+         (?<=\d{3})(?<!999)foo
+
+       matches "foo" preceded by three digits that are not "999". Notice  that
+       each  of  the  assertions is applied independently at the same point in
+       the subject string. First there is a  check  that  the  previous  three
+       characters  are  all  digits,  and  then there is a check that the same
+       three characters are not "999".  This pattern does not match "foo" pre-
+       ceded  by  six  characters,  the first of which are digits and the last
+       three of which are not "999". For example, it  doesn't  match  "123abc-
+       foo". A pattern to do that is
+
+         (?<=\d{3}...)(?<!999)foo
+
+       This  time  the  first assertion looks at the preceding six characters,
+       checking that the first three are digits, and then the second assertion
+       checks that the preceding three characters are not "999".
+
+       Assertions can be nested in any combination. For example,
+
+         (?<=(?<!foo)bar)baz
+
+       matches  an occurrence of "baz" that is preceded by "bar" which in turn
+       is not preceded by "foo", while
+
+         (?<=\d{3}(?!999)...)foo
+
+       is another pattern that matches "foo" preceded by three digits and  any
+       three characters that are not "999".
+
+
+CONDITIONAL SUBPATTERNS
+
+       It  is possible to cause the matching process to obey a subpattern con-
+       ditionally or to choose between two alternative subpatterns,  depending
+       on  the result of an assertion, or whether a specific capturing subpat-
+       tern has already been matched. The two possible  forms  of  conditional
+       subpattern are:
+
+         (?(condition)yes-pattern)
+         (?(condition)yes-pattern|no-pattern)
+
+       If  the  condition is satisfied, the yes-pattern is used; otherwise the
+       no-pattern (if present) is used. If there are more  than  two  alterna-
+       tives  in  the subpattern, a compile-time error occurs. Each of the two
+       alternatives may itself contain nested subpatterns of any form, includ-
+       ing  conditional  subpatterns;  the  restriction  to  two  alternatives
+       applies only at the level of the condition. This pattern fragment is an
+       example where the alternatives are complex:
+
+         (?(1) (A|B|C) | (D | (?(2)E|F) | E) )
+
+
+       There  are  four  kinds of condition: references to subpatterns, refer-
+       ences to recursion, a pseudo-condition called DEFINE, and assertions.
+
+   Checking for a used subpattern by number
+
+       If the text between the parentheses consists of a sequence  of  digits,
+       the condition is true if a capturing subpattern of that number has pre-
+       viously matched. If there is more than one  capturing  subpattern  with
+       the  same  number  (see  the earlier section about duplicate subpattern
+       numbers), the condition is true if any of them have matched. An  alter-
+       native  notation is to precede the digits with a plus or minus sign. In
+       this case, the subpattern number is relative rather than absolute.  The
+       most  recently opened parentheses can be referenced by (?(-1), the next
+       most recent by (?(-2), and so on. Inside loops it can also  make  sense
+       to refer to subsequent groups. The next parentheses to be opened can be
+       referenced as (?(+1), and so on. (The value zero in any of these  forms
+       is not used; it provokes a compile-time error.)
+
+       Consider  the  following  pattern, which contains non-significant white
+       space to make it more readable (assume the PCRE_EXTENDED option) and to
+       divide it into three parts for ease of discussion:
+
+         ( \( )?    [^()]+    (?(1) \) )
+
+       The  first  part  matches  an optional opening parenthesis, and if that
+       character is present, sets it as the first captured substring. The sec-
+       ond  part  matches one or more characters that are not parentheses. The
+       third part is a conditional subpattern that tests whether  or  not  the
+       first  set  of  parentheses  matched.  If they did, that is, if subject
+       started with an opening parenthesis, the condition is true, and so  the
+       yes-pattern  is  executed and a closing parenthesis is required. Other-
+       wise, since no-pattern is not present, the subpattern matches  nothing.
+       In  other  words,  this  pattern matches a sequence of non-parentheses,
+       optionally enclosed in parentheses.
+
+       If you were embedding this pattern in a larger one,  you  could  use  a
+       relative reference:
+
+         ...other stuff... ( \( )?    [^()]+    (?(-1) \) ) ...
+
+       This  makes  the  fragment independent of the parentheses in the larger
+       pattern.
+
+   Checking for a used subpattern by name
+
+       Perl uses the syntax (?(<name>)...) or (?('name')...)  to  test  for  a
+       used  subpattern  by  name.  For compatibility with earlier versions of
+       PCRE, which had this facility before Perl, the syntax  (?(name)...)  is
+       also recognized.
+
+       Rewriting the above example to use a named subpattern gives this:
+
+         (?<OPEN> \( )?    [^()]+    (?(<OPEN>) \) )
+
+       If  the  name used in a condition of this kind is a duplicate, the test
+       is applied to all subpatterns of the same name, and is true if any  one
+       of them has matched.
+
+   Checking for pattern recursion
+
+       If the condition is the string (R), and there is no subpattern with the
+       name R, the condition is true if a recursive call to the whole  pattern
+       or any subpattern has been made. If digits or a name preceded by amper-
+       sand follow the letter R, for example:
+
+         (?(R3)...) or (?(R&name)...)
+
+       the condition is true if the most recent recursion is into a subpattern
+       whose number or name is given. This condition does not check the entire
+       recursion stack. If the name used in a condition  of  this  kind  is  a
+       duplicate, the test is applied to all subpatterns of the same name, and
+       is true if any one of them is the most recent recursion.
+
+       At "top level", all these recursion test  conditions  are  false.   The
+       syntax for recursive patterns is described below.
+
+   Defining subpatterns for use by reference only
+
+       If  the  condition  is  the string (DEFINE), and there is no subpattern
+       with the name DEFINE, the condition is  always  false.  In  this  case,
+       there  may  be  only  one  alternative  in the subpattern. It is always
+       skipped if control reaches this point  in  the  pattern;  the  idea  of
+       DEFINE  is that it can be used to define subroutines that can be refer-
+       enced from elsewhere. (The use of subroutines is described below.)  For
+       example,  a  pattern  to match an IPv4 address such as "192.168.23.245"
+       could be written like this (ignore white space and line breaks):
+
+         (?(DEFINE) (?<byte> 2[0-4]\d | 25[0-5] | 1\d\d | [1-9]?\d) )
+         \b (?&byte) (\.(?&byte)){3} \b
+
+       The first part of the pattern is a DEFINE group inside which a  another
+       group  named "byte" is defined. This matches an individual component of
+       an IPv4 address (a number less than 256). When  matching  takes  place,
+       this  part  of  the pattern is skipped because DEFINE acts like a false
+       condition. The rest of the pattern uses references to the  named  group
+       to  match the four dot-separated components of an IPv4 address, insist-
+       ing on a word boundary at each end.
+
+   Assertion conditions
+
+       If the condition is not in any of the above  formats,  it  must  be  an
+       assertion.   This may be a positive or negative lookahead or lookbehind
+       assertion. Consider  this  pattern,  again  containing  non-significant
+       white space, and with the two alternatives on the second line:
+
+         (?(?=[^a-z]*[a-z])
+         \d{2}-[a-z]{3}-\d{2}  |  \d{2}-\d{2}-\d{2} )
+
+       The  condition  is  a  positive  lookahead  assertion  that  matches an
+       optional sequence of non-letters followed by a letter. In other  words,
+       it  tests  for the presence of at least one letter in the subject. If a
+       letter is found, the subject is matched against the first  alternative;
+       otherwise  it  is  matched  against  the  second.  This pattern matches
+       strings in one of the two forms dd-aaa-dd or dd-dd-dd,  where  aaa  are
+       letters and dd are digits.
+
+
+COMMENTS
+
+       There are two ways of including comments in patterns that are processed
+       by PCRE. In both cases, the start of the comment must not be in a char-
+       acter class, nor in the middle of any other sequence of related charac-
+       ters such as (?: or a subpattern name or number.  The  characters  that
+       make up a comment play no part in the pattern matching.
+
+       The  sequence (?# marks the start of a comment that continues up to the
+       next closing parenthesis. Nested parentheses are not permitted. If  the
+       PCRE_EXTENDED option is set, an unescaped # character also introduces a
+       comment, which in this case continues to  immediately  after  the  next
+       newline  character  or character sequence in the pattern. Which charac-
+       ters are interpreted as newlines is controlled by the options passed to
+       a  compiling function or by a special sequence at the start of the pat-
+       tern, as described in the section entitled "Newline conventions" above.
+       Note that the end of this type of comment is a literal newline sequence
+       in the pattern; escape sequences that happen to represent a newline  do
+       not  count.  For  example,  consider this pattern when PCRE_EXTENDED is
+       set, and the default newline convention is in force:
+
+         abc #comment \n still comment
+
+       On encountering the # character, pcre_compile()  skips  along,  looking
+       for  a newline in the pattern. The sequence \n is still literal at this
+       stage, so it does not terminate the comment. Only an  actual  character
+       with the code value 0x0a (the default newline) does so.
+
+
+RECURSIVE PATTERNS
+
+       Consider  the problem of matching a string in parentheses, allowing for
+       unlimited nested parentheses. Without the use of  recursion,  the  best
+       that  can  be  done  is  to use a pattern that matches up to some fixed
+       depth of nesting. It is not possible to  handle  an  arbitrary  nesting
+       depth.
+
+       For some time, Perl has provided a facility that allows regular expres-
+       sions to recurse (amongst other things). It does this by  interpolating
+       Perl  code in the expression at run time, and the code can refer to the
+       expression itself. A Perl pattern using code interpolation to solve the
+       parentheses problem can be created like this:
+
+         $re = qr{\( (?: (?>[^()]+) | (?p{$re}) )* \)}x;
+
+       The (?p{...}) item interpolates Perl code at run time, and in this case
+       refers recursively to the pattern in which it appears.
+
+       Obviously, PCRE cannot support the interpolation of Perl code. Instead,
+       it  supports  special  syntax  for recursion of the entire pattern, and
+       also for individual subpattern recursion.  After  its  introduction  in
+       PCRE  and  Python,  this  kind of recursion was subsequently introduced
+       into Perl at release 5.10.
+
+       A special item that consists of (? followed by a  number  greater  than
+       zero  and  a  closing parenthesis is a recursive subroutine call of the
+       subpattern of the given number, provided that  it  occurs  inside  that
+       subpattern.  (If  not,  it is a non-recursive subroutine call, which is
+       described in the next section.) The special item  (?R)  or  (?0)  is  a
+       recursive call of the entire regular expression.
+
+       This  PCRE  pattern  solves  the nested parentheses problem (assume the
+       PCRE_EXTENDED option is set so that white space is ignored):
+
+         \( ( [^()]++ | (?R) )* \)
+
+       First it matches an opening parenthesis. Then it matches any number  of
+       substrings  which  can  either  be  a sequence of non-parentheses, or a
+       recursive match of the pattern itself (that is, a  correctly  parenthe-
+       sized substring).  Finally there is a closing parenthesis. Note the use
+       of a possessive quantifier to avoid backtracking into sequences of non-
+       parentheses.
+
+       If  this  were  part of a larger pattern, you would not want to recurse
+       the entire pattern, so instead you could use this:
+
+         ( \( ( [^()]++ | (?1) )* \) )
+
+       We have put the pattern into parentheses, and caused the  recursion  to
+       refer to them instead of the whole pattern.
+
+       In  a  larger  pattern,  keeping  track  of  parenthesis numbers can be
+       tricky. This is made easier by the use of relative references.  Instead
+       of (?1) in the pattern above you can write (?-2) to refer to the second
+       most recently opened parentheses  preceding  the  recursion.  In  other
+       words,  a  negative  number counts capturing parentheses leftwards from
+       the point at which it is encountered.
+
+       It is also possible to refer to  subsequently  opened  parentheses,  by
+       writing  references  such  as (?+2). However, these cannot be recursive
+       because the reference is not inside the  parentheses  that  are  refer-
+       enced.  They are always non-recursive subroutine calls, as described in
+       the next section.
+
+       An alternative approach is to use named parentheses instead.  The  Perl
+       syntax  for  this  is (?&name); PCRE's earlier syntax (?P>name) is also
+       supported. We could rewrite the above example as follows:
+
+         (?<pn> \( ( [^()]++ | (?&pn) )* \) )
+
+       If there is more than one subpattern with the same name,  the  earliest
+       one is used.
+
+       This  particular  example pattern that we have been looking at contains
+       nested unlimited repeats, and so the use of a possessive quantifier for
+       matching strings of non-parentheses is important when applying the pat-
+       tern to strings that do not match. For example, when  this  pattern  is
+       applied to
+
+         (aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa()
+
+       it  yields  "no  match" quickly. However, if a possessive quantifier is
+       not used, the match runs for a very long time indeed because there  are
+       so  many  different  ways the + and * repeats can carve up the subject,
+       and all have to be tested before failure can be reported.
+
+       At the end of a match, the values of capturing  parentheses  are  those
+       from  the outermost level. If you want to obtain intermediate values, a
+       callout function can be used (see below and the pcrecallout  documenta-
+       tion). If the pattern above is matched against
+
+         (ab(cd)ef)
+
+       the  value  for  the  inner capturing parentheses (numbered 2) is "ef",
+       which is the last value taken on at the top level. If a capturing  sub-
+       pattern  is  not  matched at the top level, its final captured value is
+       unset, even if it was (temporarily) set at a deeper  level  during  the
+       matching process.
+
+       If  there are more than 15 capturing parentheses in a pattern, PCRE has
+       to obtain extra memory to store data during a recursion, which it  does
+       by using pcre_malloc, freeing it via pcre_free afterwards. If no memory
+       can be obtained, the match fails with the PCRE_ERROR_NOMEMORY error.
+
+       Do not confuse the (?R) item with the condition (R),  which  tests  for
+       recursion.   Consider  this pattern, which matches text in angle brack-
+       ets, allowing for arbitrary nesting. Only digits are allowed in  nested
+       brackets  (that is, when recursing), whereas any characters are permit-
+       ted at the outer level.
+
+         < (?: (?(R) \d++  | [^<>]*+) | (?R)) * >
+
+       In this pattern, (?(R) is the start of a conditional  subpattern,  with
+       two  different  alternatives for the recursive and non-recursive cases.
+       The (?R) item is the actual recursive call.
+
+   Differences in recursion processing between PCRE and Perl
+
+       Recursion processing in PCRE differs from Perl in two  important  ways.
+       In  PCRE (like Python, but unlike Perl), a recursive subpattern call is
+       always treated as an atomic group. That is, once it has matched some of
+       the subject string, it is never re-entered, even if it contains untried
+       alternatives and there is a subsequent matching failure.  This  can  be
+       illustrated  by the following pattern, which purports to match a palin-
+       dromic string that contains an odd number of characters  (for  example,
+       "a", "aba", "abcba", "abcdcba"):
+
+         ^(.|(.)(?1)\2)$
+
+       The idea is that it either matches a single character, or two identical
+       characters surrounding a sub-palindrome. In Perl, this  pattern  works;
+       in  PCRE  it  does  not if the pattern is longer than three characters.
+       Consider the subject string "abcba":
+
+       At the top level, the first character is matched, but as it is  not  at
+       the end of the string, the first alternative fails; the second alterna-
+       tive is taken and the recursion kicks in. The recursive call to subpat-
+       tern  1  successfully  matches the next character ("b"). (Note that the
+       beginning and end of line tests are not part of the recursion).
+
+       Back at the top level, the next character ("c") is compared  with  what
+       subpattern  2 matched, which was "a". This fails. Because the recursion
+       is treated as an atomic group, there are now  no  backtracking  points,
+       and  so  the  entire  match fails. (Perl is able, at this point, to re-
+       enter the recursion and try the second alternative.)  However,  if  the
+       pattern is written with the alternatives in the other order, things are
+       different:
+
+         ^((.)(?1)\2|.)$
+
+       This time, the recursing alternative is tried first, and  continues  to
+       recurse  until  it runs out of characters, at which point the recursion
+       fails. But this time we do have  another  alternative  to  try  at  the
+       higher  level.  That  is  the  big difference: in the previous case the
+       remaining alternative is at a deeper recursion level, which PCRE cannot
+       use.
+
+       To  change  the pattern so that it matches all palindromic strings, not
+       just those with an odd number of characters, it is tempting  to  change
+       the pattern to this:
+
+         ^((.)(?1)\2|.?)$
+
+       Again,  this  works  in Perl, but not in PCRE, and for the same reason.
+       When a deeper recursion has matched a single character,  it  cannot  be
+       entered  again  in  order  to match an empty string. The solution is to
+       separate the two cases, and write out the odd and even cases as  alter-
+       natives at the higher level:
+
+         ^(?:((.)(?1)\2|)|((.)(?3)\4|.))
+
+       If  you  want  to match typical palindromic phrases, the pattern has to
+       ignore all non-word characters, which can be done like this:
+
+         ^\W*+(?:((.)\W*+(?1)\W*+\2|)|((.)\W*+(?3)\W*+\4|\W*+.\W*+))\W*+$
+
+       If run with the PCRE_CASELESS option, this pattern matches phrases such
+       as "A man, a plan, a canal: Panama!" and it works well in both PCRE and
+       Perl. Note the use of the possessive quantifier *+ to avoid  backtrack-
+       ing  into  sequences of non-word characters. Without this, PCRE takes a
+       great deal longer (ten times or more) to  match  typical  phrases,  and
+       Perl takes so long that you think it has gone into a loop.
+
+       WARNING:  The  palindrome-matching patterns above work only if the sub-
+       ject string does not start with a palindrome that is shorter  than  the
+       entire  string.  For example, although "abcba" is correctly matched, if
+       the subject is "ababa", PCRE finds the palindrome "aba" at  the  start,
+       then  fails at top level because the end of the string does not follow.
+       Once again, it cannot jump back into the recursion to try other  alter-
+       natives, so the entire match fails.
+
+       The  second  way  in which PCRE and Perl differ in their recursion pro-
+       cessing is in the handling of captured values. In Perl, when a  subpat-
+       tern  is  called recursively or as a subpattern (see the next section),
+       it has no access to any values that were captured  outside  the  recur-
+       sion,  whereas  in  PCRE  these values can be referenced. Consider this
+       pattern:
+
+         ^(.)(\1|a(?2))
+
+       In PCRE, this pattern matches "bab". The  first  capturing  parentheses
+       match  "b",  then in the second group, when the back reference \1 fails
+       to match "b", the second alternative matches "a" and then recurses.  In
+       the  recursion,  \1 does now match "b" and so the whole match succeeds.
+       In Perl, the pattern fails to match because inside the  recursive  call
+       \1 cannot access the externally set value.
+
+
+SUBPATTERNS AS SUBROUTINES
+
+       If  the  syntax for a recursive subpattern call (either by number or by
+       name) is used outside the parentheses to which it refers,  it  operates
+       like  a subroutine in a programming language. The called subpattern may
+       be defined before or after the reference. A numbered reference  can  be
+       absolute or relative, as in these examples:
+
+         (...(absolute)...)...(?2)...
+         (...(relative)...)...(?-1)...
+         (...(?+1)...(relative)...
+
+       An earlier example pointed out that the pattern
+
+         (sens|respons)e and \1ibility
+
+       matches  "sense and sensibility" and "response and responsibility", but
+       not "sense and responsibility". If instead the pattern
+
+         (sens|respons)e and (?1)ibility
+
+       is used, it does match "sense and responsibility" as well as the  other
+       two  strings.  Another  example  is  given  in the discussion of DEFINE
+       above.
+
+       All subroutine calls, whether recursive or not, are always  treated  as
+       atomic  groups. That is, once a subroutine has matched some of the sub-
+       ject string, it is never re-entered, even if it contains untried alter-
+       natives  and  there  is  a  subsequent  matching failure. Any capturing
+       parentheses that are set during the subroutine  call  revert  to  their
+       previous values afterwards.
+
+       Processing  options  such as case-independence are fixed when a subpat-
+       tern is defined, so if it is used as a subroutine, such options  cannot
+       be changed for different calls. For example, consider this pattern:
+
+         (abc)(?i:(?-1))
+
+       It  matches  "abcabc". It does not match "abcABC" because the change of
+       processing option does not affect the called subpattern.
+
+
+ONIGURUMA SUBROUTINE SYNTAX
+
+       For compatibility with Oniguruma, the non-Perl syntax \g followed by  a
+       name or a number enclosed either in angle brackets or single quotes, is
+       an alternative syntax for referencing a  subpattern  as  a  subroutine,
+       possibly  recursively. Here are two of the examples used above, rewrit-
+       ten using this syntax:
+
+         (?<pn> \( ( (?>[^()]+) | \g<pn> )* \) )
+         (sens|respons)e and \g'1'ibility
+
+       PCRE supports an extension to Oniguruma: if a number is preceded  by  a
+       plus or a minus sign it is taken as a relative reference. For example:
+
+         (abc)(?i:\g<-1>)
+
+       Note  that \g{...} (Perl syntax) and \g<...> (Oniguruma syntax) are not
+       synonymous. The former is a back reference; the latter is a  subroutine
+       call.
+
+
+CALLOUTS
+
+       Perl has a feature whereby using the sequence (?{...}) causes arbitrary
+       Perl code to be obeyed in the middle of matching a regular  expression.
+       This makes it possible, amongst other things, to extract different sub-
+       strings that match the same pair of parentheses when there is a repeti-
+       tion.
+
+       PCRE provides a similar feature, but of course it cannot obey arbitrary
+       Perl code. The feature is called "callout". The caller of PCRE provides
+       an  external function by putting its entry point in the global variable
+       pcre_callout (8-bit library) or pcre[16|32]_callout (16-bit  or  32-bit
+       library).   By default, this variable contains NULL, which disables all
+       calling out.
+
+       Within a regular expression, (?C) indicates the  points  at  which  the
+       external  function  is  to be called. If you want to identify different
+       callout points, you can put a number less than 256 after the letter  C.
+       The  default  value is zero.  For example, this pattern has two callout
+       points:
+
+         (?C1)abc(?C2)def
+
+       If the PCRE_AUTO_CALLOUT flag is passed to a compiling function,  call-
+       outs  are automatically installed before each item in the pattern. They
+       are all numbered 255. If there is a conditional group  in  the  pattern
+       whose condition is an assertion, an additional callout is inserted just
+       before the condition. An explicit callout may also be set at this posi-
+       tion, as in this example:
+
+         (?(?C9)(?=a)abc|def)
+
+       Note that this applies only to assertion conditions, not to other types
+       of condition.
+
+       During matching, when PCRE reaches a callout point, the external  func-
+       tion  is  called.  It  is  provided with the number of the callout, the
+       position in the pattern, and, optionally, one item of  data  originally
+       supplied  by  the caller of the matching function. The callout function
+       may cause matching to proceed, to backtrack, or to fail altogether.
+
+       By default, PCRE implements a number of optimizations at  compile  time
+       and  matching  time, and one side-effect is that sometimes callouts are
+       skipped. If you need all possible callouts to happen, you need  to  set
+       options  that  disable  the relevant optimizations. More details, and a
+       complete description of the interface  to  the  callout  function,  are
+       given in the pcrecallout documentation.
+
+
+BACKTRACKING CONTROL
+
+       Perl  5.10 introduced a number of "Special Backtracking Control Verbs",
+       which are still described in the Perl  documentation  as  "experimental
+       and  subject to change or removal in a future version of Perl". It goes
+       on to say: "Their usage in production code should  be  noted  to  avoid
+       problems  during upgrades." The same remarks apply to the PCRE features
+       described in this section.
+
+       The new verbs make use of what was previously invalid syntax: an  open-
+       ing parenthesis followed by an asterisk. They are generally of the form
+       (*VERB) or (*VERB:NAME). Some may take either form,  possibly  behaving
+       differently  depending  on  whether or not a name is present. A name is
+       any sequence of characters that does not include a closing parenthesis.
+       The maximum length of name is 255 in the 8-bit library and 65535 in the
+       16-bit and 32-bit libraries. If the name is  empty,  that  is,  if  the
+       closing  parenthesis immediately follows the colon, the effect is as if
+       the colon were not there.  Any number of these verbs  may  occur  in  a
+       pattern.
+
+       Since  these  verbs  are  specifically related to backtracking, most of
+       them can be used only when the pattern is to be matched  using  one  of
+       the  traditional  matching  functions, because these use a backtracking
+       algorithm. With the exception of (*FAIL), which behaves like a  failing
+       negative  assertion,  the  backtracking control verbs cause an error if
+       encountered by a DFA matching function.
+
+       The behaviour of these verbs in repeated  groups,  assertions,  and  in
+       subpatterns called as subroutines (whether or not recursively) is docu-
+       mented below.
+
+   Optimizations that affect backtracking verbs
+
+       PCRE contains some optimizations that are used to speed up matching  by
+       running some checks at the start of each match attempt. For example, it
+       may know the minimum length of matching subject, or that  a  particular
+       character must be present. When one of these optimizations bypasses the
+       running of a match,  any  included  backtracking  verbs  will  not,  of
+       course, be processed. You can suppress the start-of-match optimizations
+       by setting the PCRE_NO_START_OPTIMIZE  option  when  calling  pcre_com-
+       pile() or pcre_exec(), or by starting the pattern with (*NO_START_OPT).
+       There is more discussion of this option in the section entitled "Option
+       bits for pcre_exec()" in the pcreapi documentation.
+
+       Experiments  with  Perl  suggest that it too has similar optimizations,
+       sometimes leading to anomalous results.
+
+   Verbs that act immediately
+
+       The following verbs act as soon as they are encountered. They  may  not
+       be followed by a name.
+
+          (*ACCEPT)
+
+       This  verb causes the match to end successfully, skipping the remainder
+       of the pattern. However, when it is inside a subpattern that is  called
+       as  a  subroutine, only that subpattern is ended successfully. Matching
+       then continues at the outer level. If (*ACCEPT) in triggered in a posi-
+       tive  assertion,  the  assertion succeeds; in a negative assertion, the
+       assertion fails.
+
+       If (*ACCEPT) is inside capturing parentheses, the data so far  is  cap-
+       tured. For example:
+
+         A((?:A|B(*ACCEPT)|C)D)
+
+       This  matches  "AB", "AAD", or "ACD"; when it matches "AB", "B" is cap-
+       tured by the outer parentheses.
+
+         (*FAIL) or (*F)
+
+       This verb causes a matching failure, forcing backtracking to occur.  It
+       is  equivalent to (?!) but easier to read. The Perl documentation notes
+       that it is probably useful only when combined  with  (?{})  or  (??{}).
+       Those  are,  of course, Perl features that are not present in PCRE. The
+       nearest equivalent is the callout feature, as for example in this  pat-
+       tern:
+
+         a+(?C)(*FAIL)
+
+       A  match  with the string "aaaa" always fails, but the callout is taken
+       before each backtrack happens (in this example, 10 times).
+
+   Recording which path was taken
+
+       There is one verb whose main purpose  is  to  track  how  a  match  was
+       arrived  at,  though  it  also  has a secondary use in conjunction with
+       advancing the match starting point (see (*SKIP) below).
+
+         (*MARK:NAME) or (*:NAME)
+
+       A name is always  required  with  this  verb.  There  may  be  as  many
+       instances  of  (*MARK) as you like in a pattern, and their names do not
+       have to be unique.
+
+       When a match succeeds, the name of the  last-encountered  (*MARK:NAME),
+       (*PRUNE:NAME),  or  (*THEN:NAME) on the matching path is passed back to
+       the caller as  described  in  the  section  entitled  "Extra  data  for
+       pcre_exec()"  in  the  pcreapi  documentation.  Here  is  an example of
+       pcretest output, where the /K modifier requests the retrieval and  out-
+       putting of (*MARK) data:
+
+           re> /X(*MARK:A)Y|X(*MARK:B)Z/K
+         data> XY
+          0: XY
+         MK: A
+         XZ
+          0: XZ
+         MK: B
+
+       The (*MARK) name is tagged with "MK:" in this output, and in this exam-
+       ple it indicates which of the two alternatives matched. This is a  more
+       efficient  way of obtaining this information than putting each alterna-
+       tive in its own capturing parentheses.
+
+       If a verb with a name is encountered in a positive  assertion  that  is
+       true,  the  name  is recorded and passed back if it is the last-encoun-
+       tered. This does not happen for negative assertions or failing positive
+       assertions.
+
+       After  a  partial match or a failed match, the last encountered name in
+       the entire match process is returned. For example:
+
+           re> /X(*MARK:A)Y|X(*MARK:B)Z/K
+         data> XP
+         No match, mark = B
+
+       Note that in this unanchored example the  mark  is  retained  from  the
+       match attempt that started at the letter "X" in the subject. Subsequent
+       match attempts starting at "P" and then with an empty string do not get
+       as far as the (*MARK) item, but nevertheless do not reset it.
+
+       If  you  are  interested  in  (*MARK)  values after failed matches, you
+       should probably set the PCRE_NO_START_OPTIMIZE option  (see  above)  to
+       ensure that the match is always attempted.
+
+   Verbs that act after backtracking
+
+       The following verbs do nothing when they are encountered. Matching con-
+       tinues with what follows, but if there is no subsequent match,  causing
+       a  backtrack  to  the  verb, a failure is forced. That is, backtracking
+       cannot pass to the left of the verb. However, when one of  these  verbs
+       appears inside an atomic group or an assertion that is true, its effect
+       is confined to that group, because once the  group  has  been  matched,
+       there  is never any backtracking into it. In this situation, backtrack-
+       ing can "jump back" to the left of the entire atomic  group  or  asser-
+       tion.  (Remember  also,  as  stated  above, that this localization also
+       applies in subroutine calls.)
+
+       These verbs differ in exactly what kind of failure  occurs  when  back-
+       tracking  reaches  them.  The behaviour described below is what happens
+       when the verb is not in a subroutine or an assertion.  Subsequent  sec-
+       tions cover these special cases.
+
+         (*COMMIT)
+
+       This  verb, which may not be followed by a name, causes the whole match
+       to fail outright if there is a later matching failure that causes back-
+       tracking  to  reach  it.  Even if the pattern is unanchored, no further
+       attempts to find a match by advancing the starting point take place. If
+       (*COMMIT)  is  the  only backtracking verb that is encountered, once it
+       has been passed pcre_exec() is committed to finding a match at the cur-
+       rent starting point, or not at all. For example:
+
+         a+(*COMMIT)b
+
+       This  matches  "xxaab" but not "aacaab". It can be thought of as a kind
+       of dynamic anchor, or "I've started, so I must finish." The name of the
+       most  recently passed (*MARK) in the path is passed back when (*COMMIT)
+       forces a match failure.
+
+       If there is more than one backtracking verb in a pattern,  a  different
+       one  that  follows  (*COMMIT) may be triggered first, so merely passing
+       (*COMMIT) during a match does not always guarantee that a match must be
+       at this starting point.
+
+       Note  that  (*COMMIT)  at  the start of a pattern is not the same as an
+       anchor, unless PCRE's start-of-match optimizations are turned  off,  as
+       shown in this output from pcretest:
+
+           re> /(*COMMIT)abc/
+         data> xyzabc
+          0: abc
+         data> xyzabc\Y
+         No match
+
+       For this pattern, PCRE knows that any match must start with "a", so the
+       optimization skips along the subject to "a" before applying the pattern
+       to  the first set of data. The match attempt then succeeds. In the sec-
+       ond set of data, the escape sequence \Y is interpreted by the  pcretest
+       program.  It  causes  the  PCRE_NO_START_OPTIMIZE option to be set when
+       pcre_exec() is called.  This disables the optimization that skips along
+       to the first character. The pattern is now applied starting at "x", and
+       so the (*COMMIT) causes the match to  fail  without  trying  any  other
+       starting points.
+
+         (*PRUNE) or (*PRUNE:NAME)
+
+       This  verb causes the match to fail at the current starting position in
+       the subject if there is a later matching failure that causes backtrack-
+       ing  to  reach it. If the pattern is unanchored, the normal "bumpalong"
+       advance to the next starting character then happens.  Backtracking  can
+       occur  as  usual to the left of (*PRUNE), before it is reached, or when
+       matching to the right of (*PRUNE), but if there  is  no  match  to  the
+       right,  backtracking cannot cross (*PRUNE). In simple cases, the use of
+       (*PRUNE) is just an alternative to an atomic group or possessive  quan-
+       tifier, but there are some uses of (*PRUNE) that cannot be expressed in
+       any other way. In an anchored pattern (*PRUNE) has the same  effect  as
+       (*COMMIT).
+
+       The   behaviour   of   (*PRUNE:NAME)   is   the   not   the   same   as
+       (*MARK:NAME)(*PRUNE).  It is like (*MARK:NAME)  in  that  the  name  is
+       remembered  for  passing  back  to  the  caller.  However, (*SKIP:NAME)
+       searches only for names set with (*MARK).
+
+         (*SKIP)
+
+       This verb, when given without a name, is like (*PRUNE), except that  if
+       the  pattern  is unanchored, the "bumpalong" advance is not to the next
+       character, but to the position in the subject where (*SKIP) was encoun-
+       tered.  (*SKIP)  signifies that whatever text was matched leading up to
+       it cannot be part of a successful match. Consider:
+
+         a+(*SKIP)b
+
+       If the subject is "aaaac...",  after  the  first  match  attempt  fails
+       (starting  at  the  first  character in the string), the starting point
+       skips on to start the next attempt at "c". Note that a possessive quan-
+       tifer  does not have the same effect as this example; although it would
+       suppress backtracking  during  the  first  match  attempt,  the  second
+       attempt  would  start at the second character instead of skipping on to
+       "c".
+
+         (*SKIP:NAME)
+
+       When (*SKIP) has an associated name, its behaviour is modified. When it
+       is triggered, the previous path through the pattern is searched for the
+       most recent (*MARK) that has the  same  name.  If  one  is  found,  the
+       "bumpalong" advance is to the subject position that corresponds to that
+       (*MARK) instead of to where (*SKIP) was encountered. If no (*MARK) with
+       a matching name is found, the (*SKIP) is ignored.
+
+       Note  that (*SKIP:NAME) searches only for names set by (*MARK:NAME). It
+       ignores names that are set by (*PRUNE:NAME) or (*THEN:NAME).
+
+         (*THEN) or (*THEN:NAME)
+
+       This verb causes a skip to the next innermost  alternative  when  back-
+       tracking  reaches  it.  That  is,  it  cancels any further backtracking
+       within the current alternative. Its name  comes  from  the  observation
+       that it can be used for a pattern-based if-then-else block:
+
+         ( COND1 (*THEN) FOO | COND2 (*THEN) BAR | COND3 (*THEN) BAZ ) ...
+
+       If  the COND1 pattern matches, FOO is tried (and possibly further items
+       after the end of the group if FOO succeeds); on  failure,  the  matcher
+       skips  to  the second alternative and tries COND2, without backtracking
+       into COND1. If that succeeds and BAR fails, COND3 is tried.  If  subse-
+       quently  BAZ fails, there are no more alternatives, so there is a back-
+       track to whatever came before the  entire  group.  If  (*THEN)  is  not
+       inside an alternation, it acts like (*PRUNE).
+
+       The    behaviour   of   (*THEN:NAME)   is   the   not   the   same   as
+       (*MARK:NAME)(*THEN).  It is like  (*MARK:NAME)  in  that  the  name  is
+       remembered  for  passing  back  to  the  caller.  However, (*SKIP:NAME)
+       searches only for names set with (*MARK).
+
+       A subpattern that does not contain a | character is just a part of  the
+       enclosing  alternative;  it  is  not a nested alternation with only one
+       alternative. The effect of (*THEN) extends beyond such a subpattern  to
+       the  enclosing alternative. Consider this pattern, where A, B, etc. are
+       complex pattern fragments that do not contain any | characters at  this
+       level:
+
+         A (B(*THEN)C) | D
+
+       If  A and B are matched, but there is a failure in C, matching does not
+       backtrack into A; instead it moves to the next alternative, that is, D.
+       However,  if the subpattern containing (*THEN) is given an alternative,
+       it behaves differently:
+
+         A (B(*THEN)C | (*FAIL)) | D
+
+       The effect of (*THEN) is now confined to the inner subpattern. After  a
+       failure in C, matching moves to (*FAIL), which causes the whole subpat-
+       tern to fail because there are no more alternatives  to  try.  In  this
+       case, matching does now backtrack into A.
+
+       Note  that  a  conditional  subpattern  is not considered as having two
+       alternatives, because only one is ever used.  In  other  words,  the  |
+       character in a conditional subpattern has a different meaning. Ignoring
+       white space, consider:
+
+         ^.*? (?(?=a) a | b(*THEN)c )
+
+       If the subject is "ba", this pattern does not  match.  Because  .*?  is
+       ungreedy,  it  initially  matches  zero characters. The condition (?=a)
+       then fails, the character "b" is matched,  but  "c"  is  not.  At  this
+       point,  matching does not backtrack to .*? as might perhaps be expected
+       from the presence of the | character.  The  conditional  subpattern  is
+       part of the single alternative that comprises the whole pattern, and so
+       the match fails. (If there was a backtrack into  .*?,  allowing  it  to
+       match "b", the match would succeed.)
+
+       The  verbs just described provide four different "strengths" of control
+       when subsequent matching fails. (*THEN) is the weakest, carrying on the
+       match  at  the next alternative. (*PRUNE) comes next, failing the match
+       at the current starting position, but allowing an advance to  the  next
+       character  (for an unanchored pattern). (*SKIP) is similar, except that
+       the advance may be more than one character. (*COMMIT) is the strongest,
+       causing the entire match to fail.
+
+   More than one backtracking verb
+
+       If  more  than  one  backtracking verb is present in a pattern, the one
+       that is backtracked onto first acts. For example,  consider  this  pat-
+       tern, where A, B, etc. are complex pattern fragments:
+
+         (A(*COMMIT)B(*THEN)C|ABD)
+
+       If  A matches but B fails, the backtrack to (*COMMIT) causes the entire
+       match to fail. However, if A and B match, but C fails, the backtrack to
+       (*THEN)  causes  the next alternative (ABD) to be tried. This behaviour
+       is consistent, but is not always the same as Perl's. It means  that  if
+       two  or  more backtracking verbs appear in succession, all the the last
+       of them has no effect. Consider this example:
+
+         ...(*COMMIT)(*PRUNE)...
+
+       If there is a matching failure to the right, backtracking onto (*PRUNE)
+       causes  it to be triggered, and its action is taken. There can never be
+       a backtrack onto (*COMMIT).
+
+   Backtracking verbs in repeated groups
+
+       PCRE differs from  Perl  in  its  handling  of  backtracking  verbs  in
+       repeated groups. For example, consider:
+
+         /(a(*COMMIT)b)+ac/
+
+       If  the  subject  is  "abac",  Perl matches, but PCRE fails because the
+       (*COMMIT) in the second repeat of the group acts.
+
+   Backtracking verbs in assertions
+
+       (*FAIL) in an assertion has its normal effect: it forces  an  immediate
+       backtrack.
+
+       (*ACCEPT) in a positive assertion causes the assertion to succeed with-
+       out any further processing. In a negative assertion,  (*ACCEPT)  causes
+       the assertion to fail without any further processing.
+
+       The  other  backtracking verbs are not treated specially if they appear
+       in a positive assertion. In  particular,  (*THEN)  skips  to  the  next
+       alternative  in  the  innermost  enclosing group that has alternations,
+       whether or not this is within the assertion.
+
+       Negative assertions are, however, different, in order  to  ensure  that
+       changing  a  positive  assertion  into a negative assertion changes its
+       result. Backtracking into (*COMMIT), (*SKIP), or (*PRUNE) causes a neg-
+       ative assertion to be true, without considering any further alternative
+       branches in the assertion.  Backtracking into (*THEN) causes it to skip
+       to  the next enclosing alternative within the assertion (the normal be-
+       haviour), but if the assertion  does  not  have  such  an  alternative,
+       (*THEN) behaves like (*PRUNE).
+
+   Backtracking verbs in subroutines
+
+       These  behaviours  occur whether or not the subpattern is called recur-
+       sively.  Perl's treatment of subroutines is different in some cases.
+
+       (*FAIL) in a subpattern called as a subroutine has its  normal  effect:
+       it forces an immediate backtrack.
+
+       (*ACCEPT)  in a subpattern called as a subroutine causes the subroutine
+       match to succeed without any further processing. Matching then  contin-
+       ues after the subroutine call.
+
+       (*COMMIT), (*SKIP), and (*PRUNE) in a subpattern called as a subroutine
+       cause the subroutine match to fail.
+
+       (*THEN) skips to the next alternative in the innermost enclosing  group
+       within  the subpattern that has alternatives. If there is no such group
+       within the subpattern, (*THEN) causes the subroutine match to fail.
+
+
+SEE ALSO
+
+       pcreapi(3), pcrecallout(3),  pcrematching(3),  pcresyntax(3),  pcre(3),
+       pcre16(3), pcre32(3).
+
+
+AUTHOR
+
+       Philip Hazel
+       University Computing Service
+       Cambridge CB2 3QH, England.
+
+
+REVISION
+
+       Last updated: 23 October 2016
+       Copyright (c) 1997-2016 University of Cambridge.
+------------------------------------------------------------------------------
+
+
+PCRESYNTAX(3)              Library Functions Manual              PCRESYNTAX(3)
+
+
+
+NAME
+       PCRE - Perl-compatible regular expressions
+
+PCRE REGULAR EXPRESSION SYNTAX SUMMARY
+
+       The  full syntax and semantics of the regular expressions that are sup-
+       ported by PCRE are described in  the  pcrepattern  documentation.  This
+       document contains a quick-reference summary of the syntax.
+
+
+QUOTING
+
+         \x         where x is non-alphanumeric is a literal x
+         \Q...\E    treat enclosed characters as literal
+
+
+CHARACTERS
+
+         \a         alarm, that is, the BEL character (hex 07)
+         \cx        "control-x", where x is any ASCII character
+         \e         escape (hex 1B)
+         \f         form feed (hex 0C)
+         \n         newline (hex 0A)
+         \r         carriage return (hex 0D)
+         \t         tab (hex 09)
+         \0dd       character with octal code 0dd
+         \ddd       character with octal code ddd, or backreference
+         \o{ddd..}  character with octal code ddd..
+         \xhh       character with hex code hh
+         \x{hhh..}  character with hex code hhh..
+
+       Note that \0dd is always an octal code, and that \8 and \9 are the lit-
+       eral characters "8" and "9".
+
+
+CHARACTER TYPES
+
+         .          any character except newline;
+                      in dotall mode, any character whatsoever
+         \C         one data unit, even in UTF mode (best avoided)
+         \d         a decimal digit
+         \D         a character that is not a decimal digit
+         \h         a horizontal white space character
+         \H         a character that is not a horizontal white space character
+         \N         a character that is not a newline
+         \p{xx}     a character with the xx property
+         \P{xx}     a character without the xx property
+         \R         a newline sequence
+         \s         a white space character
+         \S         a character that is not a white space character
+         \v         a vertical white space character
+         \V         a character that is not a vertical white space character
+         \w         a "word" character
+         \W         a "non-word" character
+         \X         a Unicode extended grapheme cluster
+
+       By default, \d, \s, and \w match only ASCII characters, even  in  UTF-8
+       mode  or  in  the 16- bit and 32-bit libraries. However, if locale-spe-
+       cific matching is happening, \s and \w may also match  characters  with
+       code  points  in  the range 128-255. If the PCRE_UCP option is set, the
+       behaviour of these escape sequences is changed to use  Unicode  proper-
+       ties and they match many more characters.
+
+
+GENERAL CATEGORY PROPERTIES FOR \p and \P
+
+         C          Other
+         Cc         Control
+         Cf         Format
+         Cn         Unassigned
+         Co         Private use
+         Cs         Surrogate
+
+         L          Letter
+         Ll         Lower case letter
+         Lm         Modifier letter
+         Lo         Other letter
+         Lt         Title case letter
+         Lu         Upper case letter
+         L&         Ll, Lu, or Lt
+
+         M          Mark
+         Mc         Spacing mark
+         Me         Enclosing mark
+         Mn         Non-spacing mark
+
+         N          Number
+         Nd         Decimal number
+         Nl         Letter number
+         No         Other number
+
+         P          Punctuation
+         Pc         Connector punctuation
+         Pd         Dash punctuation
+         Pe         Close punctuation
+         Pf         Final punctuation
+         Pi         Initial punctuation
+         Po         Other punctuation
+         Ps         Open punctuation
+
+         S          Symbol
+         Sc         Currency symbol
+         Sk         Modifier symbol
+         Sm         Mathematical symbol
+         So         Other symbol
+
+         Z          Separator
+         Zl         Line separator
+         Zp         Paragraph separator
+         Zs         Space separator
+
+
+PCRE SPECIAL CATEGORY PROPERTIES FOR \p and \P
+
+         Xan        Alphanumeric: union of properties L and N
+         Xps        POSIX space: property Z or tab, NL, VT, FF, CR
+         Xsp        Perl space: property Z or tab, NL, VT, FF, CR
+         Xuc        Univerally-named character: one that can be
+                      represented by a Universal Character Name
+         Xwd        Perl word: property Xan or underscore
+
+       Perl and POSIX space are now the same. Perl added VT to its space char-
+       acter set at release 5.18 and PCRE changed at release 8.34.
+
+
+SCRIPT NAMES FOR \p AND \P
+
+       Arabic, Armenian, Avestan, Balinese, Bamum, Bassa_Vah, Batak,  Bengali,
+       Bopomofo,  Brahmi,  Braille, Buginese, Buhid, Canadian_Aboriginal, Car-
+       ian, Caucasian_Albanian, Chakma, Cham, Cherokee, Common, Coptic, Cunei-
+       form, Cypriot, Cyrillic, Deseret, Devanagari, Duployan, Egyptian_Hiero-
+       glyphs,  Elbasan,  Ethiopic,  Georgian,  Glagolitic,  Gothic,  Grantha,
+       Greek,  Gujarati,  Gurmukhi,  Han,  Hangul,  Hanunoo, Hebrew, Hiragana,
+       Imperial_Aramaic,    Inherited,     Inscriptional_Pahlavi,     Inscrip-
+       tional_Parthian,   Javanese,   Kaithi,   Kannada,  Katakana,  Kayah_Li,
+       Kharoshthi, Khmer, Khojki, Khudawadi, Lao, Latin, Lepcha,  Limbu,  Lin-
+       ear_A,  Linear_B,  Lisu,  Lycian, Lydian, Mahajani, Malayalam, Mandaic,
+       Manichaean,     Meetei_Mayek,     Mende_Kikakui,      Meroitic_Cursive,
+       Meroitic_Hieroglyphs,  Miao,  Modi, Mongolian, Mro, Myanmar, Nabataean,
+       New_Tai_Lue,  Nko,  Ogham,  Ol_Chiki,  Old_Italic,   Old_North_Arabian,
+       Old_Permic, Old_Persian, Old_South_Arabian, Old_Turkic, Oriya, Osmanya,
+       Pahawh_Hmong,    Palmyrene,    Pau_Cin_Hau,    Phags_Pa,    Phoenician,
+       Psalter_Pahlavi,  Rejang,  Runic,  Samaritan, Saurashtra, Sharada, Sha-
+       vian, Siddham, Sinhala, Sora_Sompeng, Sundanese, Syloti_Nagri,  Syriac,
+       Tagalog,  Tagbanwa,  Tai_Le,  Tai_Tham, Tai_Viet, Takri, Tamil, Telugu,
+       Thaana, Thai, Tibetan, Tifinagh, Tirhuta, Ugaritic,  Vai,  Warang_Citi,
+       Yi.
+
+
+CHARACTER CLASSES
+
+         [...]       positive character class
+         [^...]      negative character class
+         [x-y]       range (can be used for hex characters)
+         [[:xxx:]]   positive POSIX named set
+         [[:^xxx:]]  negative POSIX named set
+
+         alnum       alphanumeric
+         alpha       alphabetic
+         ascii       0-127
+         blank       space or tab
+         cntrl       control character
+         digit       decimal digit
+         graph       printing, excluding space
+         lower       lower case letter
+         print       printing, including space
+         punct       printing, excluding alphanumeric
+         space       white space
+         upper       upper case letter
+         word        same as \w
+         xdigit      hexadecimal digit
+
+       In  PCRE,  POSIX character set names recognize only ASCII characters by
+       default, but some of them use Unicode properties if  PCRE_UCP  is  set.
+       You can use \Q...\E inside a character class.
+
+
+QUANTIFIERS
+
+         ?           0 or 1, greedy
+         ?+          0 or 1, possessive
+         ??          0 or 1, lazy
+         *           0 or more, greedy
+         *+          0 or more, possessive
+         *?          0 or more, lazy
+         +           1 or more, greedy
+         ++          1 or more, possessive
+         +?          1 or more, lazy
+         {n}         exactly n
+         {n,m}       at least n, no more than m, greedy
+         {n,m}+      at least n, no more than m, possessive
+         {n,m}?      at least n, no more than m, lazy
+         {n,}        n or more, greedy
+         {n,}+       n or more, possessive
+         {n,}?       n or more, lazy
+
+
+ANCHORS AND SIMPLE ASSERTIONS
+
+         \b          word boundary
+         \B          not a word boundary
+         ^           start of subject
+                      also after internal newline in multiline mode
+         \A          start of subject
+         $           end of subject
+                      also before newline at end of subject
+                      also before internal newline in multiline mode
+         \Z          end of subject
+                      also before newline at end of subject
+         \z          end of subject
+         \G          first matching position in subject
+
+
+MATCH POINT RESET
+
+         \K          reset start of match
+
+       \K is honoured in positive assertions, but ignored in negative ones.
+
+
+ALTERNATION
+
+         expr|expr|expr...
+
+
+CAPTURING
+
+         (...)           capturing group
+         (?<name>...)    named capturing group (Perl)
+         (?'name'...)    named capturing group (Perl)
+         (?P<name>...)   named capturing group (Python)
+         (?:...)         non-capturing group
+         (?|...)         non-capturing group; reset group numbers for
+                          capturing groups in each alternative
+
+
+ATOMIC GROUPS
+
+         (?>...)         atomic, non-capturing group
+
+
+COMMENT
+
+         (?#....)        comment (not nestable)
+
+
+OPTION SETTING
+
+         (?i)            caseless
+         (?J)            allow duplicate names
+         (?m)            multiline
+         (?s)            single line (dotall)
+         (?U)            default ungreedy (lazy)
+         (?x)            extended (ignore white space)
+         (?-...)         unset option(s)
+
+       The  following  are  recognized  only at the very start of a pattern or
+       after one of the newline or \R options with similar syntax.  More  than
+       one of them may appear.
+
+         (*LIMIT_MATCH=d) set the match limit to d (decimal number)
+         (*LIMIT_RECURSION=d) set the recursion limit to d (decimal number)
+         (*NO_AUTO_POSSESS) no auto-possessification (PCRE_NO_AUTO_POSSESS)
+         (*NO_START_OPT) no start-match optimization (PCRE_NO_START_OPTIMIZE)
+         (*UTF8)         set UTF-8 mode: 8-bit library (PCRE_UTF8)
+         (*UTF16)        set UTF-16 mode: 16-bit library (PCRE_UTF16)
+         (*UTF32)        set UTF-32 mode: 32-bit library (PCRE_UTF32)
+         (*UTF)          set appropriate UTF mode for the library in use
+         (*UCP)          set PCRE_UCP (use Unicode properties for \d etc)
+
+       Note  that LIMIT_MATCH and LIMIT_RECURSION can only reduce the value of
+       the limits set by the caller of pcre_exec(), not increase them.
+
+
+NEWLINE CONVENTION
+
+       These are recognized only at the very start of  the  pattern  or  after
+       option settings with a similar syntax.
+
+         (*CR)           carriage return only
+         (*LF)           linefeed only
+         (*CRLF)         carriage return followed by linefeed
+         (*ANYCRLF)      all three of the above
+         (*ANY)          any Unicode newline sequence
+
+
+WHAT \R MATCHES
+
+       These  are  recognized  only  at the very start of the pattern or after
+       option setting with a similar syntax.
+
+         (*BSR_ANYCRLF)  CR, LF, or CRLF
+         (*BSR_UNICODE)  any Unicode newline sequence
+
+
+LOOKAHEAD AND LOOKBEHIND ASSERTIONS
+
+         (?=...)         positive look ahead
+         (?!...)         negative look ahead
+         (?<=...)        positive look behind
+         (?<!...)        negative look behind
+
+       Each top-level branch of a look behind must be of a fixed length.
+
+
+BACKREFERENCES
+
+         \n              reference by number (can be ambiguous)
+         \gn             reference by number
+         \g{n}           reference by number
+         \g{-n}          relative reference by number
+         \k<name>        reference by name (Perl)
+         \k'name'        reference by name (Perl)
+         \g{name}        reference by name (Perl)
+         \k{name}        reference by name (.NET)
+         (?P=name)       reference by name (Python)
+
+
+SUBROUTINE REFERENCES (POSSIBLY RECURSIVE)
+
+         (?R)            recurse whole pattern
+         (?n)            call subpattern by absolute number
+         (?+n)           call subpattern by relative number
+         (?-n)           call subpattern by relative number
+         (?&name)        call subpattern by name (Perl)
+         (?P>name)       call subpattern by name (Python)
+         \g<name>        call subpattern by name (Oniguruma)
+         \g'name'        call subpattern by name (Oniguruma)
+         \g<n>           call subpattern by absolute number (Oniguruma)
+         \g'n'           call subpattern by absolute number (Oniguruma)
+         \g<+n>          call subpattern by relative number (PCRE extension)
+         \g'+n'          call subpattern by relative number (PCRE extension)
+         \g<-n>          call subpattern by relative number (PCRE extension)
+         \g'-n'          call subpattern by relative number (PCRE extension)
+
+
+CONDITIONAL PATTERNS
+
+         (?(condition)yes-pattern)
+         (?(condition)yes-pattern|no-pattern)
+
+         (?(n)...        absolute reference condition
+         (?(+n)...       relative reference condition
+         (?(-n)...       relative reference condition
+         (?(<name>)...   named reference condition (Perl)
+         (?('name')...   named reference condition (Perl)
+         (?(name)...     named reference condition (PCRE)
+         (?(R)...        overall recursion condition
+         (?(Rn)...       specific group recursion condition
+         (?(R&name)...   specific recursion condition
+         (?(DEFINE)...   define subpattern for reference
+         (?(assert)...   assertion condition
+
+
+BACKTRACKING CONTROL
+
+       The following act immediately they are reached:
+
+         (*ACCEPT)       force successful match
+         (*FAIL)         force backtrack; synonym (*F)
+         (*MARK:NAME)    set name to be passed back; synonym (*:NAME)
+
+       The following act only when a subsequent match failure causes  a  back-
+       track to reach them. They all force a match failure, but they differ in
+       what happens afterwards. Those that advance the start-of-match point do
+       so only if the pattern is not anchored.
+
+         (*COMMIT)       overall failure, no advance of starting point
+         (*PRUNE)        advance to next starting character
+         (*PRUNE:NAME)   equivalent to (*MARK:NAME)(*PRUNE)
+         (*SKIP)         advance to current matching position
+         (*SKIP:NAME)    advance to position corresponding to an earlier
+                         (*MARK:NAME); if not found, the (*SKIP) is ignored
+         (*THEN)         local failure, backtrack to next alternation
+         (*THEN:NAME)    equivalent to (*MARK:NAME)(*THEN)
+
+
+CALLOUTS
+
+         (?C)      callout
+         (?Cn)     callout with data n
+
+
+SEE ALSO
+
+       pcrepattern(3), pcreapi(3), pcrecallout(3), pcrematching(3), pcre(3).
+
+
+AUTHOR
+
+       Philip Hazel
+       University Computing Service
+       Cambridge CB2 3QH, England.
+
+
+REVISION
+
+       Last updated: 08 January 2014
+       Copyright (c) 1997-2014 University of Cambridge.
+------------------------------------------------------------------------------
+
+
+PCREUNICODE(3)             Library Functions Manual             PCREUNICODE(3)
+
+
+
+NAME
+       PCRE - Perl-compatible regular expressions
+
+UTF-8, UTF-16, UTF-32, AND UNICODE PROPERTY SUPPORT
+
+       As well as UTF-8 support, PCRE also supports UTF-16 (from release 8.30)
+       and UTF-32 (from release 8.32), by means of two  additional  libraries.
+       They can be built as well as, or instead of, the 8-bit library.
+
+
+UTF-8 SUPPORT
+
+       In  order  process  UTF-8  strings, you must build PCRE's 8-bit library
+       with UTF support, and, in addition, you must call  pcre_compile()  with
+       the  PCRE_UTF8 option flag, or the pattern must start with the sequence
+       (*UTF8) or (*UTF). When either of these is the case, both  the  pattern
+       and  any  subject  strings  that  are matched against it are treated as
+       UTF-8 strings instead of strings of individual 1-byte characters.
+
+
+UTF-16 AND UTF-32 SUPPORT
+
+       In order process UTF-16 or UTF-32 strings, you must build PCRE's 16-bit
+       or  32-bit  library  with  UTF support, and, in addition, you must call
+       pcre16_compile() or pcre32_compile() with the PCRE_UTF16 or  PCRE_UTF32
+       option flag, as appropriate. Alternatively, the pattern must start with
+       the sequence (*UTF16), (*UTF32), as appropriate, or (*UTF),  which  can
+       be used with either library. When UTF mode is set, both the pattern and
+       any subject strings that are matched against it are treated  as  UTF-16
+       or  UTF-32  strings  instead  of strings of individual 16-bit or 32-bit
+       characters.
+
+
+UTF SUPPORT OVERHEAD
+
+       If you compile PCRE with UTF support, but do not use it  at  run  time,
+       the  library will be a bit bigger, but the additional run time overhead
+       is limited to  testing  the  PCRE_UTF[8|16|32]  flag  occasionally,  so
+       should not be very big.
+
+
+UNICODE PROPERTY SUPPORT
+
+       If PCRE is built with Unicode character property support (which implies
+       UTF support), the escape sequences \p{..}, \P{..}, and \X can be  used.
+       The  available properties that can be tested are limited to the general
+       category properties such as Lu for an upper case letter  or  Nd  for  a
+       decimal number, the Unicode script names such as Arabic or Han, and the
+       derived properties Any and L&. Full lists is given in  the  pcrepattern
+       and  pcresyntax  documentation. Only the short names for properties are
+       supported. For example, \p{L}  matches  a  letter.  Its  Perl  synonym,
+       \p{Letter},  is  not  supported.  Furthermore, in Perl, many properties
+       may optionally be prefixed by "Is", for compatibility  with  Perl  5.6.
+       PCRE does not support this.
+
+   Validity of UTF-8 strings
+
+       When  you  set  the PCRE_UTF8 flag, the byte strings passed as patterns
+       and subjects are (by default) checked for validity on entry to the rel-
+       evant functions. The entire string is checked before any other process-
+       ing takes place. From release 7.3 of PCRE, the check is  according  the
+       rules of RFC 3629, which are themselves derived from the Unicode speci-
+       fication. Earlier releases of PCRE followed  the  rules  of  RFC  2279,
+       which  allows  the  full  range of 31-bit values (0 to 0x7FFFFFFF). The
+       current check allows only values in the range U+0 to U+10FFFF,  exclud-
+       ing  the  surrogate area. (From release 8.33 the so-called "non-charac-
+       ter" code points are no longer excluded because Unicode corrigendum  #9
+       makes it clear that they should not be.)
+
+       Characters  in  the "Surrogate Area" of Unicode are reserved for use by
+       UTF-16, where they are used in pairs to encode codepoints  with  values
+       greater  than  0xFFFF. The code points that are encoded by UTF-16 pairs
+       are available independently in the  UTF-8  and  UTF-32  encodings.  (In
+       other  words,  the  whole  surrogate  thing is a fudge for UTF-16 which
+       unfortunately messes up UTF-8 and UTF-32.)
+
+       If an invalid UTF-8 string is passed to PCRE, an error return is given.
+       At  compile  time, the only additional information is the offset to the
+       first byte of the failing character. The run-time functions pcre_exec()
+       and  pcre_dfa_exec() also pass back this information, as well as a more
+       detailed reason code if the caller has provided memory in which  to  do
+       this.
+
+       In  some  situations, you may already know that your strings are valid,
+       and therefore want to skip these checks in  order  to  improve  perfor-
+       mance,  for  example in the case of a long subject string that is being
+       scanned repeatedly.  If you set the PCRE_NO_UTF8_CHECK flag at  compile
+       time  or  at  run  time, PCRE assumes that the pattern or subject it is
+       given (respectively) contains only valid UTF-8 codes. In this case,  it
+       does not diagnose an invalid UTF-8 string.
+
+       Note  that  passing  PCRE_NO_UTF8_CHECK to pcre_compile() just disables
+       the check for the pattern; it does not also apply to  subject  strings.
+       If  you  want  to  disable the check for a subject string you must pass
+       this option to pcre_exec() or pcre_dfa_exec().
+
+       If you pass an invalid UTF-8 string when PCRE_NO_UTF8_CHECK is set, the
+       result is undefined and your program may crash.
+
+   Validity of UTF-16 strings
+
+       When you set the PCRE_UTF16 flag, the strings of 16-bit data units that
+       are passed as patterns and subjects are (by default) checked for valid-
+       ity  on entry to the relevant functions. Values other than those in the
+       surrogate range U+D800 to U+DFFF are independent code points. Values in
+       the surrogate range must be used in pairs in the correct manner.
+
+       If  an  invalid  UTF-16  string  is  passed to PCRE, an error return is
+       given. At compile time, the only additional information is  the  offset
+       to the first data unit of the failing character. The run-time functions
+       pcre16_exec() and pcre16_dfa_exec() also pass back this information, as
+       well  as  a more detailed reason code if the caller has provided memory
+       in which to do this.
+
+       In some situations, you may already know that your strings  are  valid,
+       and  therefore  want  to  skip these checks in order to improve perfor-
+       mance. If you set the PCRE_NO_UTF16_CHECK flag at compile  time  or  at
+       run time, PCRE assumes that the pattern or subject it is given (respec-
+       tively) contains only valid UTF-16 sequences. In this case, it does not
+       diagnose  an  invalid  UTF-16 string.  However, if an invalid string is
+       passed, the result is undefined.
+
+   Validity of UTF-32 strings
+
+       When you set the PCRE_UTF32 flag, the strings of 32-bit data units that
+       are passed as patterns and subjects are (by default) checked for valid-
+       ity on entry to the relevant functions.  This check allows only  values
+       in  the  range  U+0 to U+10FFFF, excluding the surrogate area U+D800 to
+       U+DFFF.
+
+       If an invalid UTF-32 string is passed  to  PCRE,  an  error  return  is
+       given.  At  compile time, the only additional information is the offset
+       to the first data unit of the failing character. The run-time functions
+       pcre32_exec() and pcre32_dfa_exec() also pass back this information, as
+       well as a more detailed reason code if the caller has  provided  memory
+       in which to do this.
+
+       In  some  situations, you may already know that your strings are valid,
+       and therefore want to skip these checks in  order  to  improve  perfor-
+       mance.  If  you  set the PCRE_NO_UTF32_CHECK flag at compile time or at
+       run time, PCRE assumes that the pattern or subject it is given (respec-
+       tively) contains only valid UTF-32 sequences. In this case, it does not
+       diagnose an invalid UTF-32 string.  However, if an  invalid  string  is
+       passed, the result is undefined.
+
+   General comments about UTF modes
+
+       1.  Codepoints  less  than  256  can be specified in patterns by either
+       braced or unbraced hexadecimal escape sequences (for example, \x{b3} or
+       \xb3). Larger values have to use braced sequences.
+
+       2.  Octal  numbers  up  to  \777 are recognized, and in UTF-8 mode they
+       match two-byte characters for values greater than \177.
+
+       3. Repeat quantifiers apply to complete UTF characters, not to individ-
+       ual data units, for example: \x{100}{3}.
+
+       4.  The dot metacharacter matches one UTF character instead of a single
+       data unit.
+
+       5. The escape sequence \C can be used to match a single byte  in  UTF-8
+       mode,  or  a single 16-bit data unit in UTF-16 mode, or a single 32-bit
+       data unit in UTF-32 mode, but its use can lead to some strange  effects
+       because  it  breaks up multi-unit characters (see the description of \C
+       in the pcrepattern documentation). The use of \C is  not  supported  in
+       the  alternative  matching  function  pcre[16|32]_dfa_exec(), nor is it
+       supported in UTF mode by the JIT optimization of pcre[16|32]_exec(). If
+       JIT  optimization  is  requested for a UTF pattern that contains \C, it
+       will not succeed, and so the matching will be carried out by the normal
+       interpretive function.
+
+       6.  The  character escapes \b, \B, \d, \D, \s, \S, \w, and \W correctly
+       test characters of any code value, but, by default, the characters that
+       PCRE  recognizes  as digits, spaces, or word characters remain the same
+       set as in non-UTF mode, all with values less  than  256.  This  remains
+       true  even  when  PCRE  is  built  to include Unicode property support,
+       because to do otherwise would slow down PCRE in many common cases. Note
+       in  particular that this applies to \b and \B, because they are defined
+       in terms of \w and \W. If you really want to test for a wider sense of,
+       say,  "digit",  you  can  use  explicit  Unicode property tests such as
+       \p{Nd}. Alternatively, if you set the PCRE_UCP option, the way that the
+       character  escapes  work is changed so that Unicode properties are used
+       to determine which characters match. There are more details in the sec-
+       tion on generic character types in the pcrepattern documentation.
+
+       7.  Similarly,  characters that match the POSIX named character classes
+       are all low-valued characters, unless the PCRE_UCP option is set.
+
+       8. However, the horizontal and vertical white  space  matching  escapes
+       (\h,  \H,  \v, and \V) do match all the appropriate Unicode characters,
+       whether or not PCRE_UCP is set.
+
+       9. Case-insensitive matching applies only to  characters  whose  values
+       are  less than 128, unless PCRE is built with Unicode property support.
+       A few Unicode characters such as Greek sigma have more than  two  code-
+       points that are case-equivalent. Up to and including PCRE release 8.31,
+       only one-to-one case mappings were supported, but later releases  (with
+       Unicode  property  support) do treat as case-equivalent all versions of
+       characters such as Greek sigma.
+
+
+AUTHOR
+
+       Philip Hazel
+       University Computing Service
+       Cambridge CB2 3QH, England.
+
+
+REVISION
+
+       Last updated: 27 February 2013
+       Copyright (c) 1997-2013 University of Cambridge.
+------------------------------------------------------------------------------
+
+
+PCREJIT(3)                 Library Functions Manual                 PCREJIT(3)
+
+
+
+NAME
+       PCRE - Perl-compatible regular expressions
+
+PCRE JUST-IN-TIME COMPILER SUPPORT
+
+       Just-in-time  compiling  is a heavyweight optimization that can greatly
+       speed up pattern matching. However, it comes at the cost of extra  pro-
+       cessing before the match is performed. Therefore, it is of most benefit
+       when the same pattern is going to be matched many times. This does  not
+       necessarily  mean  many calls of a matching function; if the pattern is
+       not anchored, matching attempts may take place many  times  at  various
+       positions  in  the  subject, even for a single call.  Therefore, if the
+       subject string is very long, it may still pay to use  JIT  for  one-off
+       matches.
+
+       JIT  support  applies  only to the traditional Perl-compatible matching
+       function.  It does not apply when the DFA matching  function  is  being
+       used. The code for this support was written by Zoltan Herczeg.
+
+
+8-BIT, 16-BIT AND 32-BIT SUPPORT
+
+       JIT  support  is available for all of the 8-bit, 16-bit and 32-bit PCRE
+       libraries. To keep this documentation simple, only the 8-bit  interface
+       is described in what follows. If you are using the 16-bit library, sub-
+       stitute the  16-bit  functions  and  16-bit  structures  (for  example,
+       pcre16_jit_stack  instead  of  pcre_jit_stack).  If  you  are using the
+       32-bit library, substitute the 32-bit functions and  32-bit  structures
+       (for example, pcre32_jit_stack instead of pcre_jit_stack).
+
+
+AVAILABILITY OF JIT SUPPORT
+
+       JIT  support  is  an  optional  feature of PCRE. The "configure" option
+       --enable-jit (or equivalent CMake option) must  be  set  when  PCRE  is
+       built  if  you want to use JIT. The support is limited to the following
+       hardware platforms:
+
+         ARM v5, v7, and Thumb2
+         Intel x86 32-bit and 64-bit
+         MIPS 32-bit
+         Power PC 32-bit and 64-bit
+         SPARC 32-bit (experimental)
+
+       If --enable-jit is set on an unsupported platform, compilation fails.
+
+       A program that is linked with PCRE 8.20 or later can tell if  JIT  sup-
+       port  is  available  by  calling pcre_config() with the PCRE_CONFIG_JIT
+       option. The result is 1 when JIT is available, and  0  otherwise.  How-
+       ever, a simple program does not need to check this in order to use JIT.
+       The normal API is implemented in a way that falls back to the interpre-
+       tive code if JIT is not available. For programs that need the best pos-
+       sible performance, there is also a "fast path"  API  that  is  JIT-spe-
+       cific.
+
+       If  your program may sometimes be linked with versions of PCRE that are
+       older than 8.20, but you want to use JIT when it is available, you  can
+       test the values of PCRE_MAJOR and PCRE_MINOR, or the existence of a JIT
+       macro such as PCRE_CONFIG_JIT, for compile-time control of  your  code.
+       Also  beware that the pcre_jit_exec() function was not available at all
+       before 8.32, and may not be available at all  if  PCRE  isn't  compiled
+       with  --enable-jit.  See  the  "JIT  FAST  PATH  API" section below for
+       details.
+
+
+SIMPLE USE OF JIT
+
+       You have to do two things to make use of the JIT support  in  the  sim-
+       plest way:
+
+         (1) Call pcre_study() with the PCRE_STUDY_JIT_COMPILE option for
+             each compiled pattern, and pass the resulting pcre_extra block to
+             pcre_exec().
+
+         (2) Use pcre_free_study() to free the pcre_extra block when it is
+             no  longer  needed,  instead  of  just  freeing it yourself. This
+       ensures that
+             any JIT data is also freed.
+
+       For a program that may be linked with pre-8.20 versions  of  PCRE,  you
+       can insert
+
+         #ifndef PCRE_STUDY_JIT_COMPILE
+         #define PCRE_STUDY_JIT_COMPILE 0
+         #endif
+
+       so  that  no  option  is passed to pcre_study(), and then use something
+       like this to free the study data:
+
+         #ifdef PCRE_CONFIG_JIT
+             pcre_free_study(study_ptr);
+         #else
+             pcre_free(study_ptr);
+         #endif
+
+       PCRE_STUDY_JIT_COMPILE requests the JIT compiler to generate  code  for
+       complete  matches.  If  you  want  to  run  partial  matches  using the
+       PCRE_PARTIAL_HARD or  PCRE_PARTIAL_SOFT  options  of  pcre_exec(),  you
+       should  set  one  or  both  of the following options in addition to, or
+       instead of, PCRE_STUDY_JIT_COMPILE when you call pcre_study():
+
+         PCRE_STUDY_JIT_PARTIAL_HARD_COMPILE
+         PCRE_STUDY_JIT_PARTIAL_SOFT_COMPILE
+
+       If using pcre_jit_exec() and supporting a pre-8.32 version of PCRE, you
+       can insert:
+
+          #if PCRE_MAJOR >= 8 && PCRE_MINOR >= 32
+          pcre_jit_exec(...);
+          #else
+          pcre_exec(...)
+          #endif
+
+       but  as described in the "JIT FAST PATH API" section below this assumes
+       version 8.32 and later are compiled with --enable-jit, which may break.
+
+       The JIT compiler generates different optimized code  for  each  of  the
+       three  modes  (normal, soft partial, hard partial). When pcre_exec() is
+       called, the appropriate code is run if it is available. Otherwise,  the
+       pattern is matched using interpretive code.
+
+       In  some circumstances you may need to call additional functions. These
+       are described in the  section  entitled  "Controlling  the  JIT  stack"
+       below.
+
+       If  JIT  support  is  not  available,  PCRE_STUDY_JIT_COMPILE  etc. are
+       ignored, and no JIT data is created. Otherwise, the compiled pattern is
+       passed  to the JIT compiler, which turns it into machine code that exe-
+       cutes much faster than the normal interpretive code.  When  pcre_exec()
+       is  passed  a  pcre_extra block containing a pointer to JIT code of the
+       appropriate mode (normal or hard/soft  partial),  it  obeys  that  code
+       instead  of  running  the interpreter. The result is identical, but the
+       compiled JIT code runs much faster.
+
+       There are some pcre_exec() options that are not supported for JIT  exe-
+       cution.  There  are  also  some  pattern  items that JIT cannot handle.
+       Details are given below. In both cases, execution  automatically  falls
+       back  to  the  interpretive  code.  If you want to know whether JIT was
+       actually used for a particular match, you  should  arrange  for  a  JIT
+       callback  function  to  be  set up as described in the section entitled
+       "Controlling the JIT stack" below, even if you do not need to supply  a
+       non-default  JIT stack. Such a callback function is called whenever JIT
+       code is about to be obeyed. If the execution options are not right  for
+       JIT execution, the callback function is not obeyed.
+
+       If  the  JIT  compiler finds an unsupported item, no JIT data is gener-
+       ated. You can find out if JIT execution is available after  studying  a
+       pattern  by  calling  pcre_fullinfo()  with the PCRE_INFO_JIT option. A
+       result of 1 means that JIT compilation was successful. A  result  of  0
+       means that JIT support is not available, or the pattern was not studied
+       with PCRE_STUDY_JIT_COMPILE etc., or the JIT compiler was not  able  to
+       handle the pattern.
+
+       Once a pattern has been studied, with or without JIT, it can be used as
+       many times as you like for matching different subject strings.
+
+
+UNSUPPORTED OPTIONS AND PATTERN ITEMS
+
+       The only pcre_exec() options that are supported for JIT  execution  are
+       PCRE_NO_UTF8_CHECK, PCRE_NO_UTF16_CHECK, PCRE_NO_UTF32_CHECK, PCRE_NOT-
+       BOL,  PCRE_NOTEOL,  PCRE_NOTEMPTY,   PCRE_NOTEMPTY_ATSTART,   PCRE_PAR-
+       TIAL_HARD, and PCRE_PARTIAL_SOFT.
+
+       The  only  unsupported  pattern items are \C (match a single data unit)
+       when running in a UTF mode, and a callout immediately before an  asser-
+       tion condition in a conditional group.
+
+
+RETURN VALUES FROM JIT EXECUTION
+
+       When  a  pattern  is matched using JIT execution, the return values are
+       the same as those given by the interpretive pcre_exec() code, with  the
+       addition  of  one new error code: PCRE_ERROR_JIT_STACKLIMIT. This means
+       that the memory used for the JIT stack was insufficient. See  "Control-
+       ling the JIT stack" below for a discussion of JIT stack usage. For com-
+       patibility with the interpretive pcre_exec() code, no  more  than  two-
+       thirds  of  the ovector argument is used for passing back captured sub-
+       strings.
+
+       The error code PCRE_ERROR_MATCHLIMIT is returned by  the  JIT  code  if
+       searching  a  very large pattern tree goes on for too long, as it is in
+       the same circumstance when JIT is not used, but the details of  exactly
+       what  is  counted are not the same. The PCRE_ERROR_RECURSIONLIMIT error
+       code is never returned by JIT execution.
+
+
+SAVING AND RESTORING COMPILED PATTERNS
+
+       The code that is generated by the  JIT  compiler  is  architecture-spe-
+       cific,  and  is also position dependent. For those reasons it cannot be
+       saved (in a file or database) and restored later like the bytecode  and
+       other  data  of  a compiled pattern. Saving and restoring compiled pat-
+       terns is not something many people do. More detail about this  facility
+       is  given in the pcreprecompile documentation. It should be possible to
+       run pcre_study() on a saved and restored pattern, and thereby  recreate
+       the  JIT  data, but because JIT compilation uses significant resources,
+       it is probably not worth doing this; you might as  well  recompile  the
+       original pattern.
+
+
+CONTROLLING THE JIT STACK
+
+       When the compiled JIT code runs, it needs a block of memory to use as a
+       stack.  By default, it uses 32K on the  machine  stack.  However,  some
+       large   or   complicated  patterns  need  more  than  this.  The  error
+       PCRE_ERROR_JIT_STACKLIMIT is given when  there  is  not  enough  stack.
+       Three  functions  are provided for managing blocks of memory for use as
+       JIT stacks. There is further discussion about the use of JIT stacks  in
+       the section entitled "JIT stack FAQ" below.
+
+       The  pcre_jit_stack_alloc() function creates a JIT stack. Its arguments
+       are a starting size and a maximum size, and it returns a pointer to  an
+       opaque  structure of type pcre_jit_stack, or NULL if there is an error.
+       The pcre_jit_stack_free() function can be used to free a stack that  is
+       no  longer  needed.  (For  the technically minded: the address space is
+       allocated by mmap or VirtualAlloc.)
+
+       JIT uses far less memory for recursion than the interpretive code,  and
+       a  maximum  stack size of 512K to 1M should be more than enough for any
+       pattern.
+
+       The pcre_assign_jit_stack() function specifies  which  stack  JIT  code
+       should use. Its arguments are as follows:
+
+         pcre_extra         *extra
+         pcre_jit_callback  callback
+         void               *data
+
+       The  extra  argument  must  be  the  result  of studying a pattern with
+       PCRE_STUDY_JIT_COMPILE etc. There are three cases for the values of the
+       other two options:
+
+         (1) If callback is NULL and data is NULL, an internal 32K block
+             on the machine stack is used.
+
+         (2) If callback is NULL and data is not NULL, data must be
+             a valid JIT stack, the result of calling pcre_jit_stack_alloc().
+
+         (3) If callback is not NULL, it must point to a function that is
+             called with data as an argument at the start of matching, in
+             order to set up a JIT stack. If the return from the callback
+             function is NULL, the internal 32K stack is used; otherwise the
+             return value must be a valid JIT stack, the result of calling
+             pcre_jit_stack_alloc().
+
+       A  callback function is obeyed whenever JIT code is about to be run; it
+       is not obeyed when pcre_exec() is called with options that  are  incom-
+       patible for JIT execution. A callback function can therefore be used to
+       determine whether a match operation was  executed  by  JIT  or  by  the
+       interpreter.
+
+       You may safely use the same JIT stack for more than one pattern (either
+       by assigning directly or by callback), as long as the patterns are  all
+       matched  sequentially in the same thread. In a multithread application,
+       if you do not specify a JIT stack, or if you assign or pass  back  NULL
+       from  a  callback, that is thread-safe, because each thread has its own
+       machine stack. However, if you assign  or  pass  back  a  non-NULL  JIT
+       stack,  this  must  be  a  different  stack for each thread so that the
+       application is thread-safe.
+
+       Strictly speaking, even more is allowed. You can assign the  same  non-
+       NULL  stack  to any number of patterns as long as they are not used for
+       matching by multiple threads at the same time.  For  example,  you  can
+       assign  the same stack to all compiled patterns, and use a global mutex
+       in the callback to wait until the stack is available for use.  However,
+       this is an inefficient solution, and not recommended.
+
+       This  is a suggestion for how a multithreaded program that needs to set
+       up non-default JIT stacks might operate:
+
+         During thread initalization
+           thread_local_var = pcre_jit_stack_alloc(...)
+
+         During thread exit
+           pcre_jit_stack_free(thread_local_var)
+
+         Use a one-line callback function
+           return thread_local_var
+
+       All the functions described in this section do nothing if  JIT  is  not
+       available,  and  pcre_assign_jit_stack()  does nothing unless the extra
+       argument is non-NULL and points to  a  pcre_extra  block  that  is  the
+       result of a successful study with PCRE_STUDY_JIT_COMPILE etc.
+
+
+JIT STACK FAQ
+
+       (1) Why do we need JIT stacks?
+
+       PCRE  (and JIT) is a recursive, depth-first engine, so it needs a stack
+       where the local data of the current node is pushed before checking  its
+       child nodes.  Allocating real machine stack on some platforms is diffi-
+       cult. For example, the stack chain needs to be updated every time if we
+       extend  the  stack  on  PowerPC.  Although it is possible, its updating
+       time overhead decreases performance. So we do the recursion in memory.
+
+       (2) Why don't we simply allocate blocks of memory with malloc()?
+
+       Modern operating systems have a  nice  feature:  they  can  reserve  an
+       address space instead of allocating memory. We can safely allocate mem-
+       ory pages inside this address space, so the stack  could  grow  without
+       moving memory data (this is important because of pointers). Thus we can
+       allocate 1M address space, and use only a single memory  page  (usually
+       4K)  if  that is enough. However, we can still grow up to 1M anytime if
+       needed.
+
+       (3) Who "owns" a JIT stack?
+
+       The owner of the stack is the user program, not the JIT studied pattern
+       or  anything else. The user program must ensure that if a stack is used
+       by pcre_exec(), (that is, it is assigned to the pattern currently  run-
+       ning), that stack must not be used by any other threads (to avoid over-
+       writing the same memory area). The best practice for multithreaded pro-
+       grams  is  to  allocate  a stack for each thread, and return this stack
+       through the JIT callback function.
+
+       (4) When should a JIT stack be freed?
+
+       You can free a JIT stack at any time, as long as it will not be used by
+       pcre_exec()  again.  When  you  assign  the  stack to a pattern, only a
+       pointer is set. There is no reference counting or any other magic.  You
+       can  free  the  patterns  and stacks in any order, anytime. Just do not
+       call pcre_exec() with a pattern pointing to an already freed stack,  as
+       that  will cause SEGFAULT. (Also, do not free a stack currently used by
+       pcre_exec() in another thread). You can also replace the  stack  for  a
+       pattern  at  any  time.  You  can  even  free the previous stack before
+       assigning a replacement.
+
+       (5) Should I allocate/free a  stack  every  time  before/after  calling
+       pcre_exec()?
+
+       No,  because  this  is  too  costly in terms of resources. However, you
+       could implement some clever idea which release the stack if it  is  not
+       used  in  let's  say  two minutes. The JIT callback can help to achieve
+       this without keeping a list of the currently JIT studied patterns.
+
+       (6) OK, the stack is for long term memory allocation. But what  happens
+       if  a pattern causes stack overflow with a stack of 1M? Is that 1M kept
+       until the stack is freed?
+
+       Especially on embedded sytems, it might be a good idea to release  mem-
+       ory  sometimes  without  freeing the stack. There is no API for this at
+       the moment.  Probably a function call which returns with the  currently
+       allocated  memory for any stack and another which allows releasing mem-
+       ory (shrinking the stack) would be a good idea if someone needs this.
+
+       (7) This is too much of a headache. Isn't there any better solution for
+       JIT stack handling?
+
+       No,  thanks to Windows. If POSIX threads were used everywhere, we could
+       throw out this complicated API.
+
+
+EXAMPLE CODE
+
+       This is a single-threaded example that specifies a  JIT  stack  without
+       using a callback.
+
+         int rc;
+         int ovector[30];
+         pcre *re;
+         pcre_extra *extra;
+         pcre_jit_stack *jit_stack;
+
+         re = pcre_compile(pattern, 0, &error, &erroffset, NULL);
+         /* Check for errors */
+         extra = pcre_study(re, PCRE_STUDY_JIT_COMPILE, &error);
+         jit_stack = pcre_jit_stack_alloc(32*1024, 512*1024);
+         /* Check for error (NULL) */
+         pcre_assign_jit_stack(extra, NULL, jit_stack);
+         rc = pcre_exec(re, extra, subject, length, 0, 0, ovector, 30);
+         /* Check results */
+         pcre_free(re);
+         pcre_free_study(extra);
+         pcre_jit_stack_free(jit_stack);
+
+
+JIT FAST PATH API
+
+       Because  the  API  described  above falls back to interpreted execution
+       when JIT is not available, it is convenient for programs that are writ-
+       ten  for  general  use  in  many environments. However, calling JIT via
+       pcre_exec() does have a performance impact. Programs that  are  written
+       for  use  where  JIT  is known to be available, and which need the best
+       possible performance, can instead use a "fast path"  API  to  call  JIT
+       execution  directly  instead of calling pcre_exec() (obviously only for
+       patterns that have been successfully studied by JIT).
+
+       The fast path function is called pcre_jit_exec(), and it takes  exactly
+       the  same  arguments  as pcre_exec(), plus one additional argument that
+       must point to a JIT stack. The JIT stack arrangements  described  above
+       do not apply. The return values are the same as for pcre_exec().
+
+       When  you  call  pcre_exec(), as well as testing for invalid options, a
+       number of other sanity checks are performed on the arguments. For exam-
+       ple,  if  the  subject  pointer  is NULL, or its length is negative, an
+       immediate error is given. Also, unless PCRE_NO_UTF[8|16|32] is  set,  a
+       UTF  subject  string is tested for validity. In the interests of speed,
+       these checks do not happen on the JIT fast path, and if invalid data is
+       passed, the result is undefined.
+
+       Bypassing  the  sanity  checks  and  the  pcre_exec() wrapping can give
+       speedups of more than 10%.
+
+       Note that the pcre_jit_exec() function is not available in versions  of
+       PCRE  before  8.32  (released in November 2012). If you need to support
+       versions that old you must either use the slower pcre_exec(), or switch
+       between  the  two  codepaths  by  checking the values of PCRE_MAJOR and
+       PCRE_MINOR.
+
+       Due to an unfortunate implementation oversight, even in  versions  8.32
+       and  later  there will be no pcre_jit_exec() stub function defined when
+       PCRE is compiled with --disable-jit, which is the default, and  there's
+       no  way  to  detect  whether  PCRE was compiled with --enable-jit via a
+       macro.
+
+       If you need to support versions older than 8.32, or versions  that  may
+       not   build   with   --enable-jit,  you  must  either  use  the  slower
+       pcre_exec(), or switch between the two codepaths by checking the values
+       of PCRE_MAJOR and PCRE_MINOR.
+
+       Switching  between the two by checking the version assumes that all the
+       versions being targeted are built with --enable-jit.  To  also  support
+       builds that may use --disable-jit either pcre_exec() must be used, or a
+       compile-time check for JIT via pcre_config() (which assumes the runtime
+       environment  will  be  the  same), or as the Git project decided to do,
+       simply assume that pcre_jit_exec() is present in 8.32 or later unless a
+       compile-time  flag  is  provided, see the "grep: un-break building with
+       PCRE >= 8.32 without --enable-jit" commit in git.git for an example  of
+       that.
+
+
+SEE ALSO
+
+       pcreapi(3)
+
+
+AUTHOR
+
+       Philip Hazel (FAQ by Zoltan Herczeg)
+       University Computing Service
+       Cambridge CB2 3QH, England.
+
+
+REVISION
+
+       Last updated: 05 July 2017
+       Copyright (c) 1997-2017 University of Cambridge.
+------------------------------------------------------------------------------
+
+
+PCREPARTIAL(3)             Library Functions Manual             PCREPARTIAL(3)
+
+
+
+NAME
+       PCRE - Perl-compatible regular expressions
+
+PARTIAL MATCHING IN PCRE
+
+       In normal use of PCRE, if the subject string that is passed to a match-
+       ing function matches as far as it goes, but is too short to  match  the
+       entire pattern, PCRE_ERROR_NOMATCH is returned. There are circumstances
+       where it might be helpful to distinguish this case from other cases  in
+       which there is no match.
+
+       Consider, for example, an application where a human is required to type
+       in data for a field with specific formatting requirements.  An  example
+       might be a date in the form ddmmmyy, defined by this pattern:
+
+         ^\d?\d(jan|feb|mar|apr|may|jun|jul|aug|sep|oct|nov|dec)\d\d$
+
+       If the application sees the user's keystrokes one by one, and can check
+       that what has been typed so far is potentially valid,  it  is  able  to
+       raise  an  error  as  soon  as  a  mistake  is made, by beeping and not
+       reflecting the character that has been typed, for example. This immedi-
+       ate  feedback is likely to be a better user interface than a check that
+       is delayed until the entire string has been entered.  Partial  matching
+       can  also be useful when the subject string is very long and is not all
+       available at once.
+
+       PCRE supports partial matching by means of  the  PCRE_PARTIAL_SOFT  and
+       PCRE_PARTIAL_HARD  options,  which  can  be set when calling any of the
+       matching functions. For backwards compatibility, PCRE_PARTIAL is a syn-
+       onym  for  PCRE_PARTIAL_SOFT.  The essential difference between the two
+       options is whether or not a partial match is preferred to  an  alterna-
+       tive complete match, though the details differ between the two types of
+       matching function. If both options  are  set,  PCRE_PARTIAL_HARD  takes
+       precedence.
+
+       If  you  want to use partial matching with just-in-time optimized code,
+       you must call pcre_study(), pcre16_study() or  pcre32_study() with  one
+       or both of these options:
+
+         PCRE_STUDY_JIT_PARTIAL_SOFT_COMPILE
+         PCRE_STUDY_JIT_PARTIAL_HARD_COMPILE
+
+       PCRE_STUDY_JIT_COMPILE  should also be set if you are going to run non-
+       partial matches on the same pattern. If the appropriate JIT study  mode
+       has not been set for a match, the interpretive matching code is used.
+
+       Setting a partial matching option disables two of PCRE's standard opti-
+       mizations. PCRE remembers the last literal data unit in a pattern,  and
+       abandons  matching  immediately  if  it  is  not present in the subject
+       string. This optimization cannot be used  for  a  subject  string  that
+       might  match only partially. If the pattern was studied, PCRE knows the
+       minimum length of a matching string, and does not  bother  to  run  the
+       matching  function  on  shorter strings. This optimization is also dis-
+       abled for partial matching.
+
+
+PARTIAL MATCHING USING pcre_exec() OR pcre[16|32]_exec()
+
+       A  partial   match   occurs   during   a   call   to   pcre_exec()   or
+       pcre[16|32]_exec()  when  the end of the subject string is reached suc-
+       cessfully, but matching cannot continue  because  more  characters  are
+       needed.   However, at least one character in the subject must have been
+       inspected. This character need not  form  part  of  the  final  matched
+       string;  lookbehind  assertions and the \K escape sequence provide ways
+       of inspecting characters before the start of a matched  substring.  The
+       requirement  for  inspecting  at  least one character exists because an
+       empty string can always be matched; without such  a  restriction  there
+       would  always  be  a partial match of an empty string at the end of the
+       subject.
+
+       If there are at least two slots in the offsets vector  when  a  partial
+       match  is returned, the first slot is set to the offset of the earliest
+       character that was inspected. For convenience, the second offset points
+       to the end of the subject so that a substring can easily be identified.
+       If there are at least three slots in the offsets vector, the third slot
+       is set to the offset of the character where matching started.
+
+       For the majority of patterns, the contents of the first and third slots
+       will be the same. However, for patterns that contain lookbehind  asser-
+       tions, or begin with \b or \B, characters before the one where matching
+       started may have been inspected while carrying out the match. For exam-
+       ple, consider this pattern:
+
+         /(?<=abc)123/
+
+       This pattern matches "123", but only if it is preceded by "abc". If the
+       subject string is "xyzabc12", the first two  offsets  after  a  partial
+       match  are for the substring "abc12", because all these characters were
+       inspected. However, the third offset is set to 6, because that  is  the
+       offset where matching began.
+
+       What happens when a partial match is identified depends on which of the
+       two partial matching options are set.
+
+   PCRE_PARTIAL_SOFT WITH pcre_exec() OR pcre[16|32]_exec()
+
+       If PCRE_PARTIAL_SOFT is  set  when  pcre_exec()  or  pcre[16|32]_exec()
+       identifies a partial match, the partial match is remembered, but match-
+       ing continues as normal, and other  alternatives  in  the  pattern  are
+       tried.  If  no  complete  match  can  be  found,  PCRE_ERROR_PARTIAL is
+       returned instead of PCRE_ERROR_NOMATCH.
+
+       This option is "soft" because it prefers a complete match over  a  par-
+       tial  match.   All the various matching items in a pattern behave as if
+       the subject string is potentially complete. For example, \z, \Z, and  $
+       match  at  the end of the subject, as normal, and for \b and \B the end
+       of the subject is treated as a non-alphanumeric.
+
+       If there is more than one partial match, the first one that  was  found
+       provides the data that is returned. Consider this pattern:
+
+         /123\w+X|dogY/
+
+       If  this is matched against the subject string "abc123dog", both alter-
+       natives fail to match, but the end of the  subject  is  reached  during
+       matching,  so  PCRE_ERROR_PARTIAL is returned. The offsets are set to 3
+       and 9, identifying "123dog" as the first partial match that was  found.
+       (In  this  example, there are two partial matches, because "dog" on its
+       own partially matches the second alternative.)
+
+   PCRE_PARTIAL_HARD WITH pcre_exec() OR pcre[16|32]_exec()
+
+       If PCRE_PARTIAL_HARD is  set  for  pcre_exec()  or  pcre[16|32]_exec(),
+       PCRE_ERROR_PARTIAL  is  returned  as  soon as a partial match is found,
+       without continuing to search for possible complete matches. This option
+       is "hard" because it prefers an earlier partial match over a later com-
+       plete match. For this reason, the assumption is made that  the  end  of
+       the  supplied  subject  string may not be the true end of the available
+       data, and so, if \z, \Z, \b, \B, or $ are encountered at the end of the
+       subject,  the  result is PCRE_ERROR_PARTIAL, provided that at least one
+       character in the subject has been inspected.
+
+       Setting PCRE_PARTIAL_HARD also affects the way UTF-8 and UTF-16 subject
+       strings  are checked for validity. Normally, an invalid sequence causes
+       the error PCRE_ERROR_BADUTF8 or PCRE_ERROR_BADUTF16.  However,  in  the
+       special  case  of  a  truncated  character  at  the end of the subject,
+       PCRE_ERROR_SHORTUTF8  or   PCRE_ERROR_SHORTUTF16   is   returned   when
+       PCRE_PARTIAL_HARD is set.
+
+   Comparing hard and soft partial matching
+
+       The  difference  between the two partial matching options can be illus-
+       trated by a pattern such as:
+
+         /dog(sbody)?/
+
+       This matches either "dog" or "dogsbody", greedily (that is, it  prefers
+       the  longer  string  if  possible). If it is matched against the string
+       "dog" with PCRE_PARTIAL_SOFT, it yields a  complete  match  for  "dog".
+       However, if PCRE_PARTIAL_HARD is set, the result is PCRE_ERROR_PARTIAL.
+       On the other hand, if the pattern is made ungreedy the result  is  dif-
+       ferent:
+
+         /dog(sbody)??/
+
+       In  this  case  the  result  is always a complete match because that is
+       found first, and matching never  continues  after  finding  a  complete
+       match. It might be easier to follow this explanation by thinking of the
+       two patterns like this:
+
+         /dog(sbody)?/    is the same as  /dogsbody|dog/
+         /dog(sbody)??/   is the same as  /dog|dogsbody/
+
+       The second pattern will never match "dogsbody", because it will  always
+       find the shorter match first.
+
+
+PARTIAL MATCHING USING pcre_dfa_exec() OR pcre[16|32]_dfa_exec()
+
+       The DFA functions move along the subject string character by character,
+       without backtracking, searching for  all  possible  matches  simultane-
+       ously.  If the end of the subject is reached before the end of the pat-
+       tern, there is the possibility of a partial match, again provided  that
+       at least one character has been inspected.
+
+       When  PCRE_PARTIAL_SOFT  is set, PCRE_ERROR_PARTIAL is returned only if
+       there have been no complete matches. Otherwise,  the  complete  matches
+       are  returned.   However,  if PCRE_PARTIAL_HARD is set, a partial match
+       takes precedence over any complete matches. The portion of  the  string
+       that  was  inspected when the longest partial match was found is set as
+       the first matching string, provided there are at least two slots in the
+       offsets vector.
+
+       Because  the  DFA functions always search for all possible matches, and
+       there is no difference between greedy and  ungreedy  repetition,  their
+       behaviour  is  different  from  the  standard  functions when PCRE_PAR-
+       TIAL_HARD is  set.  Consider  the  string  "dog"  matched  against  the
+       ungreedy pattern shown above:
+
+         /dog(sbody)??/
+
+       Whereas  the  standard functions stop as soon as they find the complete
+       match for "dog", the DFA functions also  find  the  partial  match  for
+       "dogsbody", and so return that when PCRE_PARTIAL_HARD is set.
+
+
+PARTIAL MATCHING AND WORD BOUNDARIES
+
+       If  a  pattern ends with one of sequences \b or \B, which test for word
+       boundaries, partial matching with PCRE_PARTIAL_SOFT can  give  counter-
+       intuitive results. Consider this pattern:
+
+         /\bcat\b/
+
+       This matches "cat", provided there is a word boundary at either end. If
+       the subject string is "the cat", the comparison of the final "t" with a
+       following  character  cannot  take  place, so a partial match is found.
+       However, normal matching carries on, and \b matches at the end  of  the
+       subject  when  the  last  character is a letter, so a complete match is
+       found.  The  result,  therefore,  is  not   PCRE_ERROR_PARTIAL.   Using
+       PCRE_PARTIAL_HARD  in  this case does yield PCRE_ERROR_PARTIAL, because
+       then the partial match takes precedence.
+
+
+FORMERLY RESTRICTED PATTERNS
+
+       For releases of PCRE prior to 8.00, because of the way certain internal
+       optimizations   were  implemented  in  the  pcre_exec()  function,  the
+       PCRE_PARTIAL option (predecessor of  PCRE_PARTIAL_SOFT)  could  not  be
+       used  with all patterns. From release 8.00 onwards, the restrictions no
+       longer apply, and partial matching with can be requested for  any  pat-
+       tern.
+
+       Items that were formerly restricted were repeated single characters and
+       repeated metasequences. If PCRE_PARTIAL was set for a pattern that  did
+       not  conform  to  the restrictions, pcre_exec() returned the error code
+       PCRE_ERROR_BADPARTIAL (-13). This error code is no longer in  use.  The
+       PCRE_INFO_OKPARTIAL  call  to pcre_fullinfo() to find out if a compiled
+       pattern can be used for partial matching now always returns 1.
+
+
+EXAMPLE OF PARTIAL MATCHING USING PCRETEST
+
+       If the escape sequence \P is present  in  a  pcretest  data  line,  the
+       PCRE_PARTIAL_SOFT  option  is  used  for  the  match.  Here is a run of
+       pcretest that uses the date example quoted above:
+
+           re> /^\d?\d(jan|feb|mar|apr|may|jun|jul|aug|sep|oct|nov|dec)\d\d$/
+         data> 25jun04\P
+          0: 25jun04
+          1: jun
+         data> 25dec3\P
+         Partial match: 23dec3
+         data> 3ju\P
+         Partial match: 3ju
+         data> 3juj\P
+         No match
+         data> j\P
+         No match
+
+       The first data string is matched  completely,  so  pcretest  shows  the
+       matched  substrings.  The  remaining four strings do not match the com-
+       plete pattern, but the first two are partial matches. Similar output is
+       obtained if DFA matching is used.
+
+       If  the escape sequence \P is present more than once in a pcretest data
+       line, the PCRE_PARTIAL_HARD option is set for the match.
+
+
+MULTI-SEGMENT MATCHING WITH pcre_dfa_exec() OR pcre[16|32]_dfa_exec()
+
+       When a partial match has been found using a DFA matching  function,  it
+       is  possible to continue the match by providing additional subject data
+       and calling the function again with the same compiled  regular  expres-
+       sion,  this time setting the PCRE_DFA_RESTART option. You must pass the
+       same working space as before, because this is where details of the pre-
+       vious  partial  match  are  stored.  Here is an example using pcretest,
+       using the \R escape sequence to set  the  PCRE_DFA_RESTART  option  (\D
+       specifies the use of the DFA matching function):
+
+           re> /^\d?\d(jan|feb|mar|apr|may|jun|jul|aug|sep|oct|nov|dec)\d\d$/
+         data> 23ja\P\D
+         Partial match: 23ja
+         data> n05\R\D
+          0: n05
+
+       The  first  call has "23ja" as the subject, and requests partial match-
+       ing; the second call  has  "n05"  as  the  subject  for  the  continued
+       (restarted)  match.   Notice  that when the match is complete, only the
+       last part is shown; PCRE does  not  retain  the  previously  partially-
+       matched  string. It is up to the calling program to do that if it needs
+       to.
+
+       That means that, for an unanchored pattern, if a continued match fails,
+       it  is  not  possible  to  try  again at a new starting point. All this
+       facility is capable of doing is  continuing  with  the  previous  match
+       attempt.  In  the previous example, if the second set of data is "ug23"
+       the result is no match, even though there would be a match for  "aug23"
+       if  the entire string were given at once. Depending on the application,
+       this may or may not be what you want.  The only way to allow for start-
+       ing  again  at  the next character is to retain the matched part of the
+       subject and try a new complete match.
+
+       You can set the PCRE_PARTIAL_SOFT  or  PCRE_PARTIAL_HARD  options  with
+       PCRE_DFA_RESTART  to  continue partial matching over multiple segments.
+       This facility can be used to pass very long subject strings to the  DFA
+       matching functions.
+
+
+MULTI-SEGMENT MATCHING WITH pcre_exec() OR pcre[16|32]_exec()
+
+       From  release 8.00, the standard matching functions can also be used to
+       do multi-segment matching. Unlike the DFA functions, it is not possible
+       to  restart the previous match with a new segment of data. Instead, new
+       data must be added to the previous subject string, and the entire match
+       re-run,  starting from the point where the partial match occurred. Ear-
+       lier data can be discarded.
+
+       It is best to use PCRE_PARTIAL_HARD in this situation, because it  does
+       not  treat the end of a segment as the end of the subject when matching
+       \z, \Z, \b, \B, and $. Consider  an  unanchored  pattern  that  matches
+       dates:
+
+           re> /\d?\d(jan|feb|mar|apr|may|jun|jul|aug|sep|oct|nov|dec)\d\d/
+         data> The date is 23ja\P\P
+         Partial match: 23ja
+
+       At  this stage, an application could discard the text preceding "23ja",
+       add on text from the next  segment,  and  call  the  matching  function
+       again.  Unlike  the  DFA matching functions, the entire matching string
+       must always be available, and the complete matching process occurs  for
+       each call, so more memory and more processing time is needed.
+
+       Note:  If  the pattern contains lookbehind assertions, or \K, or starts
+       with \b or \B, the string that is returned for a partial match includes
+       characters  that precede the start of what would be returned for a com-
+       plete match, because it contains all the characters that were inspected
+       during the partial match.
+
+
+ISSUES WITH MULTI-SEGMENT MATCHING
+
+       Certain types of pattern may give problems with multi-segment matching,
+       whichever matching function is used.
+
+       1. If the pattern contains a test for the beginning of a line, you need
+       to  pass  the  PCRE_NOTBOL  option when the subject string for any call
+       does start at the beginning of a line.  There  is  also  a  PCRE_NOTEOL
+       option, but in practice when doing multi-segment matching you should be
+       using PCRE_PARTIAL_HARD, which includes the effect of PCRE_NOTEOL.
+
+       2. Lookbehind assertions that have already been obeyed are catered  for
+       in the offsets that are returned for a partial match. However a lookbe-
+       hind assertion later in the pattern could require even earlier  charac-
+       ters   to  be  inspected.  You  can  handle  this  case  by  using  the
+       PCRE_INFO_MAXLOOKBEHIND    option    of    the    pcre_fullinfo()    or
+       pcre[16|32]_fullinfo()  functions  to  obtain the length of the longest
+       lookbehind in the pattern. This length  is  given  in  characters,  not
+       bytes.  If  you  always retain at least that many characters before the
+       partially matched string, all should be  well.  (Of  course,  near  the
+       start of the subject, fewer characters may be present; in that case all
+       characters should be retained.)
+
+       From release 8.33, there is a more accurate way of deciding which char-
+       acters  to  retain.  Instead  of  subtracting the length of the longest
+       lookbehind from the  earliest  inspected  character  (offsets[0]),  the
+       match  start  position  (offsets[2]) should be used, and the next match
+       attempt started at the offsets[2] character by setting the  startoffset
+       argument of pcre_exec() or pcre_dfa_exec().
+
+       For  example, if the pattern "(?<=123)abc" is partially matched against
+       the string "xx123a", the three offset values returned are 2, 6, and  5.
+       This  indicates  that  the  matching  process that gave a partial match
+       started at offset 5, but the characters "123a" were all inspected.  The
+       maximum  lookbehind  for  that pattern is 3, so taking that away from 5
+       shows that we need only keep "123a", and the next match attempt can  be
+       started at offset 3 (that is, at "a") when further characters have been
+       added. When the match start is not the  earliest  inspected  character,
+       pcretest shows it explicitly:
+
+           re> "(?<=123)abc"
+         data> xx123a\P\P
+         Partial match at offset 5: 123a
+
+       3.  Because a partial match must always contain at least one character,
+       what might be considered a partial match of an  empty  string  actually
+       gives a "no match" result. For example:
+
+           re> /c(?<=abc)x/
+         data> ab\P
+         No match
+
+       If the next segment begins "cx", a match should be found, but this will
+       only happen if characters from the previous segment are  retained.  For
+       this  reason,  a  "no  match"  result should be interpreted as "partial
+       match of an empty string" when the pattern contains lookbehinds.
+
+       4. Matching a subject string that is split into multiple  segments  may
+       not  always produce exactly the same result as matching over one single
+       long string, especially when PCRE_PARTIAL_SOFT  is  used.  The  section
+       "Partial  Matching  and  Word Boundaries" above describes an issue that
+       arises if the pattern ends with \b or \B. Another  kind  of  difference
+       may  occur when there are multiple matching possibilities, because (for
+       PCRE_PARTIAL_SOFT) a partial match result is given only when there  are
+       no completed matches. This means that as soon as the shortest match has
+       been found, continuation to a new subject segment is no  longer  possi-
+       ble. Consider again this pcretest example:
+
+           re> /dog(sbody)?/
+         data> dogsb\P
+          0: dog
+         data> do\P\D
+         Partial match: do
+         data> gsb\R\P\D
+          0: g
+         data> dogsbody\D
+          0: dogsbody
+          1: dog
+
+       The  first  data  line passes the string "dogsb" to a standard matching
+       function, setting the PCRE_PARTIAL_SOFT option. Although the string  is
+       a  partial  match for "dogsbody", the result is not PCRE_ERROR_PARTIAL,
+       because the shorter string "dog" is a complete match.  Similarly,  when
+       the  subject  is  presented to a DFA matching function in several parts
+       ("do" and "gsb" being the first two) the match  stops  when  "dog"  has
+       been  found, and it is not possible to continue.  On the other hand, if
+       "dogsbody" is presented as a single string,  a  DFA  matching  function
+       finds both matches.
+
+       Because  of  these  problems,  it is best to use PCRE_PARTIAL_HARD when
+       matching multi-segment data. The example  above  then  behaves  differ-
+       ently:
+
+           re> /dog(sbody)?/
+         data> dogsb\P\P
+         Partial match: dogsb
+         data> do\P\D
+         Partial match: do
+         data> gsb\R\P\P\D
+         Partial match: gsb
+
+       5. Patterns that contain alternatives at the top level which do not all
+       start with the  same  pattern  item  may  not  work  as  expected  when
+       PCRE_DFA_RESTART is used. For example, consider this pattern:
+
+         1234|3789
+
+       If  the  first  part of the subject is "ABC123", a partial match of the
+       first alternative is found at offset 3. There is no partial  match  for
+       the second alternative, because such a match does not start at the same
+       point in the subject string. Attempting to  continue  with  the  string
+       "7890"  does  not  yield  a  match because only those alternatives that
+       match at one point in the subject are remembered.  The  problem  arises
+       because  the  start  of the second alternative matches within the first
+       alternative. There is no problem with  anchored  patterns  or  patterns
+       such as:
+
+         1234|ABCD
+
+       where  no  string can be a partial match for both alternatives. This is
+       not a problem if a standard matching  function  is  used,  because  the
+       entire match has to be rerun each time:
+
+           re> /1234|3789/
+         data> ABC123\P\P
+         Partial match: 123
+         data> 1237890
+          0: 3789
+
+       Of course, instead of using PCRE_DFA_RESTART, the same technique of re-
+       running the entire match can also be used with the DFA  matching  func-
+       tions.  Another  possibility  is to work with two buffers. If a partial
+       match at offset n in the first buffer is followed by  "no  match"  when
+       PCRE_DFA_RESTART  is  used on the second buffer, you can then try a new
+       match starting at offset n+1 in the first buffer.
+
+
+AUTHOR
+
+       Philip Hazel
+       University Computing Service
+       Cambridge CB2 3QH, England.
+
+
+REVISION
+
+       Last updated: 02 July 2013
+       Copyright (c) 1997-2013 University of Cambridge.
+------------------------------------------------------------------------------
+
+
+PCREPRECOMPILE(3)          Library Functions Manual          PCREPRECOMPILE(3)
+
+
+
+NAME
+       PCRE - Perl-compatible regular expressions
+
+SAVING AND RE-USING PRECOMPILED PCRE PATTERNS
+
+       If  you  are running an application that uses a large number of regular
+       expression patterns, it may be useful to store them  in  a  precompiled
+       form  instead  of  having to compile them every time the application is
+       run.  If you are not  using  any  private  character  tables  (see  the
+       pcre_maketables()  documentation),  this is relatively straightforward.
+       If you are using private tables, it is a little bit  more  complicated.
+       However,  if you are using the just-in-time optimization feature, it is
+       not possible to save and reload the JIT data.
+
+       If you save compiled patterns to a file, you can copy them to a differ-
+       ent host and run them there. If the two hosts have different endianness
+       (byte    order),    you     should     run     the     pcre[16|32]_pat-
+       tern_to_host_byte_order()  function  on  the  new host before trying to
+       match the pattern. The matching functions return  PCRE_ERROR_BADENDIAN-
+       NESS if they detect a pattern with the wrong endianness.
+
+       Compiling  regular  expressions with one version of PCRE for use with a
+       different version is not guaranteed to work and may cause crashes,  and
+       saving  and  restoring  a  compiled  pattern loses any JIT optimization
+       data.
+
+
+SAVING A COMPILED PATTERN
+
+       The value returned by pcre[16|32]_compile() points to a single block of
+       memory  that  holds  the  compiled pattern and associated data. You can
+       find   the   length   of   this   block    in    bytes    by    calling
+       pcre[16|32]_fullinfo() with an argument of PCRE_INFO_SIZE. You can then
+       save the data in any appropriate manner. Here is sample  code  for  the
+       8-bit  library  that  compiles  a  pattern  and writes it to a file. It
+       assumes that the variable fd refers to a file that is open for output:
+
+         int erroroffset, rc, size;
+         char *error;
+         pcre *re;
+
+         re = pcre_compile("my pattern", 0, &error, &erroroffset, NULL);
+         if (re == NULL) { ... handle errors ... }
+         rc = pcre_fullinfo(re, NULL, PCRE_INFO_SIZE, &size);
+         if (rc < 0) { ... handle errors ... }
+         rc = fwrite(re, 1, size, fd);
+         if (rc != size) { ... handle errors ... }
+
+       In this example, the bytes  that  comprise  the  compiled  pattern  are
+       copied  exactly.  Note that this is binary data that may contain any of
+       the 256 possible byte  values.  On  systems  that  make  a  distinction
+       between binary and non-binary data, be sure that the file is opened for
+       binary output.
+
+       If you want to write more than one pattern to a file, you will have  to
+       devise  a  way of separating them. For binary data, preceding each pat-
+       tern with its length is probably  the  most  straightforward  approach.
+       Another  possibility is to write out the data in hexadecimal instead of
+       binary, one pattern to a line.
+
+       Saving compiled patterns in a file is only one possible way of  storing
+       them  for later use. They could equally well be saved in a database, or
+       in the memory of some daemon process that passes them  via  sockets  to
+       the processes that want them.
+
+       If the pattern has been studied, it is also possible to save the normal
+       study data in a similar way to the compiled pattern itself. However, if
+       the PCRE_STUDY_JIT_COMPILE was used, the just-in-time data that is cre-
+       ated cannot be saved because it is too dependent on the  current  envi-
+       ronment.    When    studying    generates    additional    information,
+       pcre[16|32]_study() returns  a  pointer  to  a  pcre[16|32]_extra  data
+       block.  Its  format  is defined in the section on matching a pattern in
+       the pcreapi documentation. The study_data field points  to  the  binary
+       study  data,  and this is what you must save (not the pcre[16|32]_extra
+       block itself). The length of the study data can be obtained by  calling
+       pcre[16|32]_fullinfo()  with an argument of PCRE_INFO_STUDYSIZE. Remem-
+       ber to check that  pcre[16|32]_study()  did  return  a  non-NULL  value
+       before trying to save the study data.
+
+
+RE-USING A PRECOMPILED PATTERN
+
+       Re-using  a  precompiled pattern is straightforward. Having reloaded it
+       into main memory,  called  pcre[16|32]_pattern_to_host_byte_order()  if
+       necessary,    you   pass   its   pointer   to   pcre[16|32]_exec()   or
+       pcre[16|32]_dfa_exec() in the usual way.
+
+       However, if you passed a pointer to custom character  tables  when  the
+       pattern  was compiled (the tableptr argument of pcre[16|32]_compile()),
+       you  must  now  pass  a  similar  pointer  to   pcre[16|32]_exec()   or
+       pcre[16|32]_dfa_exec(),  because the value saved with the compiled pat-
+       tern will obviously be nonsense. A field in a pcre[16|32]_extra() block
+       is  used  to  pass this data, as described in the section on matching a
+       pattern in the pcreapi documentation.
+
+       Warning: The tables that pcre_exec() and pcre_dfa_exec()  use  must  be
+       the same as those that were used when the pattern was compiled. If this
+       is not the case, the behaviour is undefined.
+
+       If you did not provide custom character tables  when  the  pattern  was
+       compiled, the pointer in the compiled pattern is NULL, which causes the
+       matching functions to use PCRE's internal tables. Thus, you do not need
+       to take any special action at run time in this case.
+
+       If  you  saved study data with the compiled pattern, you need to create
+       your own pcre[16|32]_extra data block and set the study_data  field  to
+       point   to   the   reloaded   study   data.   You  must  also  set  the
+       PCRE_EXTRA_STUDY_DATA bit in the flags field  to  indicate  that  study
+       data  is present. Then pass the pcre[16|32]_extra block to the matching
+       function in the usual way. If the pattern was studied for  just-in-time
+       optimization,  that  data  cannot  be  saved,  and  so  is  lost  by  a
+       save/restore cycle.
+
+
+COMPATIBILITY WITH DIFFERENT PCRE RELEASES
+
+       In general, it is safest to  recompile  all  saved  patterns  when  you
+       update  to  a new PCRE release, though not all updates actually require
+       this.
+
+
+AUTHOR
+
+       Philip Hazel
+       University Computing Service
+       Cambridge CB2 3QH, England.
+
+
+REVISION
+
+       Last updated: 12 November 2013
+       Copyright (c) 1997-2013 University of Cambridge.
+------------------------------------------------------------------------------
+
+
+PCREPERFORM(3)             Library Functions Manual             PCREPERFORM(3)
+
+
+
+NAME
+       PCRE - Perl-compatible regular expressions
+
+PCRE PERFORMANCE
+
+       Two  aspects  of performance are discussed below: memory usage and pro-
+       cessing time. The way you express your pattern as a regular  expression
+       can affect both of them.
+
+
+COMPILED PATTERN MEMORY USAGE
+
+       Patterns  are compiled by PCRE into a reasonably efficient interpretive
+       code, so that most simple patterns do not  use  much  memory.  However,
+       there  is  one case where the memory usage of a compiled pattern can be
+       unexpectedly large. If a parenthesized subpattern has a quantifier with
+       a minimum greater than 1 and/or a limited maximum, the whole subpattern
+       is repeated in the compiled code. For example, the pattern
+
+         (abc|def){2,4}
+
+       is compiled as if it were
+
+         (abc|def)(abc|def)((abc|def)(abc|def)?)?
+
+       (Technical aside: It is done this way so that backtrack  points  within
+       each of the repetitions can be independently maintained.)
+
+       For  regular expressions whose quantifiers use only small numbers, this
+       is not usually a problem. However, if the numbers are large,  and  par-
+       ticularly  if  such repetitions are nested, the memory usage can become
+       an embarrassment. For example, the very simple pattern
+
+         ((ab){1,1000}c){1,3}
+
+       uses 51K bytes when compiled using the 8-bit library. When PCRE is com-
+       piled  with  its  default  internal pointer size of two bytes, the size
+       limit on a compiled pattern is 64K data units, and this is reached with
+       the  above  pattern  if  the outer repetition is increased from 3 to 4.
+       PCRE can be compiled to use larger internal pointers  and  thus  handle
+       larger  compiled patterns, but it is better to try to rewrite your pat-
+       tern to use less memory if you can.
+
+       One way of reducing the memory usage for such patterns is to  make  use
+       of PCRE's "subroutine" facility. Re-writing the above pattern as
+
+         ((ab)(?2){0,999}c)(?1){0,2}
+
+       reduces the memory requirements to 18K, and indeed it remains under 20K
+       even with the outer repetition increased to 100. However, this  pattern
+       is  not  exactly equivalent, because the "subroutine" calls are treated
+       as atomic groups into which there can be no backtracking if there is  a
+       subsequent  matching  failure.  Therefore,  PCRE cannot do this kind of
+       rewriting automatically.  Furthermore, there is a  noticeable  loss  of
+       speed  when executing the modified pattern. Nevertheless, if the atomic
+       grouping is not a problem and the loss of  speed  is  acceptable,  this
+       kind  of  rewriting will allow you to process patterns that PCRE cannot
+       otherwise handle.
+
+
+STACK USAGE AT RUN TIME
+
+       When pcre_exec() or pcre[16|32]_exec() is used  for  matching,  certain
+       kinds  of  pattern  can  cause  it  to use large amounts of the process
+       stack. In some environments the default process stack is  quite  small,
+       and  if it runs out the result is often SIGSEGV. This issue is probably
+       the most frequently raised problem with PCRE.  Rewriting  your  pattern
+       can  often  help.  The  pcrestack documentation discusses this issue in
+       detail.
+
+
+PROCESSING TIME
+
+       Certain items in regular expression patterns are processed  more  effi-
+       ciently than others. It is more efficient to use a character class like
+       [aeiou]  than  a  set  of   single-character   alternatives   such   as
+       (a|e|i|o|u).  In  general,  the simplest construction that provides the
+       required behaviour is usually the most efficient. Jeffrey Friedl's book
+       contains  a  lot  of useful general discussion about optimizing regular
+       expressions for efficient performance. This  document  contains  a  few
+       observations about PCRE.
+
+       Using  Unicode  character  properties  (the  \p, \P, and \X escapes) is
+       slow, because PCRE has to use a multi-stage table  lookup  whenever  it
+       needs  a  character's  property. If you can find an alternative pattern
+       that does not use character properties, it will probably be faster.
+
+       By default, the escape sequences \b, \d, \s,  and  \w,  and  the  POSIX
+       character  classes  such  as  [:alpha:]  do not use Unicode properties,
+       partly for backwards compatibility, and partly for performance reasons.
+       However,  you can set PCRE_UCP if you want Unicode character properties
+       to be used. This can double the matching time for  items  such  as  \d,
+       when matched with a traditional matching function; the performance loss
+       is less with a DFA matching function, and in both cases  there  is  not
+       much difference for \b.
+
+       When  a  pattern  begins  with .* not in parentheses, or in parentheses
+       that are not the subject of a backreference, and the PCRE_DOTALL option
+       is  set, the pattern is implicitly anchored by PCRE, since it can match
+       only at the start of a subject string. However, if PCRE_DOTALL  is  not
+       set,  PCRE  cannot  make this optimization, because the . metacharacter
+       does not then match a newline, and if the subject string contains  new-
+       lines,  the  pattern may match from the character immediately following
+       one of them instead of from the very start. For example, the pattern
+
+         .*second
+
+       matches the subject "first\nand second" (where \n stands for a  newline
+       character),  with the match starting at the seventh character. In order
+       to do this, PCRE has to retry the match starting after every newline in
+       the subject.
+
+       If  you  are using such a pattern with subject strings that do not con-
+       tain newlines, the best performance is obtained by setting PCRE_DOTALL,
+       or  starting  the pattern with ^.* or ^.*? to indicate explicit anchor-
+       ing. That saves PCRE from having to scan along the subject looking  for
+       a newline to restart at.
+
+       Beware  of  patterns  that contain nested indefinite repeats. These can
+       take a long time to run when applied to a string that does  not  match.
+       Consider the pattern fragment
+
+         ^(a+)*
+
+       This  can  match "aaaa" in 16 different ways, and this number increases
+       very rapidly as the string gets longer. (The * repeat can match  0,  1,
+       2,  3, or 4 times, and for each of those cases other than 0 or 4, the +
+       repeats can match different numbers of times.) When  the  remainder  of
+       the pattern is such that the entire match is going to fail, PCRE has in
+       principle to try  every  possible  variation,  and  this  can  take  an
+       extremely long time, even for relatively short strings.
+
+       An optimization catches some of the more simple cases such as
+
+         (a+)*b
+
+       where  a  literal  character  follows. Before embarking on the standard
+       matching procedure, PCRE checks that there is a "b" later in  the  sub-
+       ject  string, and if there is not, it fails the match immediately. How-
+       ever, when there is no following literal this  optimization  cannot  be
+       used. You can see the difference by comparing the behaviour of
+
+         (a+)*\d
+
+       with  the  pattern  above.  The former gives a failure almost instantly
+       when applied to a whole line of  "a"  characters,  whereas  the  latter
+       takes an appreciable time with strings longer than about 20 characters.
+
+       In many cases, the solution to this kind of performance issue is to use
+       an atomic group or a possessive quantifier.
+
+
+AUTHOR
+
+       Philip Hazel
+       University Computing Service
+       Cambridge CB2 3QH, England.
+
+
+REVISION
+
+       Last updated: 25 August 2012
+       Copyright (c) 1997-2012 University of Cambridge.
+------------------------------------------------------------------------------
+
+
+PCREPOSIX(3)               Library Functions Manual               PCREPOSIX(3)
+
+
+
+NAME
+       PCRE - Perl-compatible regular expressions.
+
+SYNOPSIS
+
+       #include <pcreposix.h>
+
+       int regcomp(regex_t *preg, const char *pattern,
+            int cflags);
+
+       int regexec(regex_t *preg, const char *string,
+            size_t nmatch, regmatch_t pmatch[], int eflags);
+            size_t regerror(int errcode, const regex_t *preg,
+            char *errbuf, size_t errbuf_size);
+
+       void regfree(regex_t *preg);
+
+
+DESCRIPTION
+
+       This  set  of functions provides a POSIX-style API for the PCRE regular
+       expression 8-bit library. See the pcreapi documentation for a  descrip-
+       tion  of  PCRE's native API, which contains much additional functional-
+       ity. There is no POSIX-style  wrapper  for  PCRE's  16-bit  and  32-bit
+       library.
+
+       The functions described here are just wrapper functions that ultimately
+       call  the  PCRE  native  API.  Their  prototypes  are  defined  in  the
+       pcreposix.h  header  file,  and  on  Unix systems the library itself is
+       called pcreposix.a, so can be accessed by  adding  -lpcreposix  to  the
+       command  for  linking  an application that uses them. Because the POSIX
+       functions call the native ones, it is also necessary to add -lpcre.
+
+       I have implemented only those POSIX option bits that can be  reasonably
+       mapped  to PCRE native options. In addition, the option REG_EXTENDED is
+       defined with the value zero. This has no  effect,  but  since  programs
+       that  are  written  to  the POSIX interface often use it, this makes it
+       easier to slot in PCRE as a replacement library.  Other  POSIX  options
+       are not even defined.
+
+       There  are also some other options that are not defined by POSIX. These
+       have been added at the request of users who want to make use of certain
+       PCRE-specific features via the POSIX calling interface.
+
+       When  PCRE  is  called  via these functions, it is only the API that is
+       POSIX-like in style. The syntax and semantics of  the  regular  expres-
+       sions  themselves  are  still  those of Perl, subject to the setting of
+       various PCRE options, as described below. "POSIX-like in  style"  means
+       that  the  API  approximates  to  the POSIX definition; it is not fully
+       POSIX-compatible, and in multi-byte encoding  domains  it  is  probably
+       even less compatible.
+
+       The  header for these functions is supplied as pcreposix.h to avoid any
+       potential clash with other POSIX  libraries.  It  can,  of  course,  be
+       renamed or aliased as regex.h, which is the "correct" name. It provides
+       two structure types, regex_t for  compiled  internal  forms,  and  reg-
+       match_t  for  returning  captured substrings. It also defines some con-
+       stants whose names start  with  "REG_";  these  are  used  for  setting
+       options and identifying error codes.
+
+
+COMPILING A PATTERN
+
+       The  function regcomp() is called to compile a pattern into an internal
+       form. The pattern is a C string terminated by a  binary  zero,  and  is
+       passed  in  the  argument  pattern. The preg argument is a pointer to a
+       regex_t structure that is used as a base for storing information  about
+       the compiled regular expression.
+
+       The argument cflags is either zero, or contains one or more of the bits
+       defined by the following macros:
+
+         REG_DOTALL
+
+       The PCRE_DOTALL option is set when the regular expression is passed for
+       compilation to the native function. Note that REG_DOTALL is not part of
+       the POSIX standard.
+
+         REG_ICASE
+
+       The PCRE_CASELESS option is set when the regular expression  is  passed
+       for compilation to the native function.
+
+         REG_NEWLINE
+
+       The  PCRE_MULTILINE option is set when the regular expression is passed
+       for compilation to the native function. Note that this does  not  mimic
+       the  defined  POSIX  behaviour  for REG_NEWLINE (see the following sec-
+       tion).
+
+         REG_NOSUB
+
+       The PCRE_NO_AUTO_CAPTURE option is set when the regular  expression  is
+       passed for compilation to the native function. In addition, when a pat-
+       tern that is compiled with this flag is passed to regexec() for  match-
+       ing,  the  nmatch  and  pmatch  arguments  are ignored, and no captured
+       strings are returned.
+
+         REG_UCP
+
+       The PCRE_UCP option is set when the regular expression  is  passed  for
+       compilation  to  the  native  function. This causes PCRE to use Unicode
+       properties when matchine \d, \w,  etc.,  instead  of  just  recognizing
+       ASCII values. Note that REG_UTF8 is not part of the POSIX standard.
+
+         REG_UNGREEDY
+
+       The  PCRE_UNGREEDY  option is set when the regular expression is passed
+       for compilation to the native function. Note that REG_UNGREEDY  is  not
+       part of the POSIX standard.
+
+         REG_UTF8
+
+       The  PCRE_UTF8  option is set when the regular expression is passed for
+       compilation to the native function. This causes the pattern itself  and
+       all  data  strings used for matching it to be treated as UTF-8 strings.
+       Note that REG_UTF8 is not part of the POSIX standard.
+
+       In the absence of these flags, no options  are  passed  to  the  native
+       function.   This  means  the  the  regex  is compiled with PCRE default
+       semantics. In particular, the way it handles newline characters in  the
+       subject  string  is  the Perl way, not the POSIX way. Note that setting
+       PCRE_MULTILINE has only some of the effects specified for  REG_NEWLINE.
+       It  does not affect the way newlines are matched by . (they are not) or
+       by a negative class such as [^a] (they are).
+
+       The yield of regcomp() is zero on success, and non-zero otherwise.  The
+       preg structure is filled in on success, and one member of the structure
+       is public: re_nsub contains the number of capturing subpatterns in  the
+       regular expression. Various error codes are defined in the header file.
+
+       NOTE:  If  the  yield of regcomp() is non-zero, you must not attempt to
+       use the contents of the preg structure. If, for example, you pass it to
+       regexec(), the result is undefined and your program is likely to crash.
+
+
+MATCHING NEWLINE CHARACTERS
+
+       This area is not simple, because POSIX and Perl take different views of
+       things.  It is not possible to get PCRE to obey  POSIX  semantics,  but
+       then  PCRE was never intended to be a POSIX engine. The following table
+       lists the different possibilities for matching  newline  characters  in
+       PCRE:
+
+                                 Default   Change with
+
+         . matches newline          no     PCRE_DOTALL
+         newline matches [^a]       yes    not changeable
+         $ matches \n at end        yes    PCRE_DOLLARENDONLY
+         $ matches \n in middle     no     PCRE_MULTILINE
+         ^ matches \n in middle     no     PCRE_MULTILINE
+
+       This is the equivalent table for POSIX:
+
+                                 Default   Change with
+
+         . matches newline          yes    REG_NEWLINE
+         newline matches [^a]       yes    REG_NEWLINE
+         $ matches \n at end        no     REG_NEWLINE
+         $ matches \n in middle     no     REG_NEWLINE
+         ^ matches \n in middle     no     REG_NEWLINE
+
+       PCRE's behaviour is the same as Perl's, except that there is no equiva-
+       lent for PCRE_DOLLAR_ENDONLY in Perl. In both PCRE and Perl,  there  is
+       no way to stop newline from matching [^a].
+
+       The   default  POSIX  newline  handling  can  be  obtained  by  setting
+       PCRE_DOTALL and PCRE_DOLLAR_ENDONLY, but there is no way to  make  PCRE
+       behave exactly as for the REG_NEWLINE action.
+
+
+MATCHING A PATTERN
+
+       The  function  regexec()  is  called  to  match a compiled pattern preg
+       against a given string, which is by default terminated by a  zero  byte
+       (but  see  REG_STARTEND below), subject to the options in eflags. These
+       can be:
+
+         REG_NOTBOL
+
+       The PCRE_NOTBOL option is set when calling the underlying PCRE matching
+       function.
+
+         REG_NOTEMPTY
+
+       The PCRE_NOTEMPTY option is set when calling the underlying PCRE match-
+       ing function. Note that REG_NOTEMPTY is not part of the POSIX standard.
+       However, setting this option can give more POSIX-like behaviour in some
+       situations.
+
+         REG_NOTEOL
+
+       The PCRE_NOTEOL option is set when calling the underlying PCRE matching
+       function.
+
+         REG_STARTEND
+
+       The  string  is  considered to start at string + pmatch[0].rm_so and to
+       have a terminating NUL located at string + pmatch[0].rm_eo (there  need
+       not  actually  be  a  NUL at that location), regardless of the value of
+       nmatch. This is a BSD extension, compatible with but not  specified  by
+       IEEE  Standard  1003.2  (POSIX.2),  and  should be used with caution in
+       software intended to be portable to other systems. Note that a non-zero
+       rm_so does not imply REG_NOTBOL; REG_STARTEND affects only the location
+       of the string, not how it is matched.
+
+       If the pattern was compiled with the REG_NOSUB flag, no data about  any
+       matched  strings  is  returned.  The  nmatch  and  pmatch  arguments of
+       regexec() are ignored.
+
+       If the value of nmatch is zero, or if the value pmatch is NULL, no data
+       about any matched strings is returned.
+
+       Otherwise,the portion of the string that was matched, and also any cap-
+       tured substrings, are returned via the pmatch argument, which points to
+       an  array  of nmatch structures of type regmatch_t, containing the mem-
+       bers rm_so and rm_eo. These contain the offset to the  first  character
+       of  each  substring and the offset to the first character after the end
+       of each substring, respectively. The 0th element of the vector  relates
+       to  the  entire portion of string that was matched; subsequent elements
+       relate to the capturing subpatterns of the regular  expression.  Unused
+       entries in the array have both structure members set to -1.
+
+       A  successful  match  yields  a  zero  return;  various error codes are
+       defined in the header file, of  which  REG_NOMATCH  is  the  "expected"
+       failure code.
+
+
+ERROR MESSAGES
+
+       The regerror() function maps a non-zero errorcode from either regcomp()
+       or regexec() to a printable message. If preg is  not  NULL,  the  error
+       should have arisen from the use of that structure. A message terminated
+       by a binary zero is placed  in  errbuf.  The  length  of  the  message,
+       including  the  zero, is limited to errbuf_size. The yield of the func-
+       tion is the size of buffer needed to hold the whole message.
+
+
+MEMORY USAGE
+
+       Compiling a regular expression causes memory to be allocated and  asso-
+       ciated  with  the preg structure. The function regfree() frees all such
+       memory, after which preg may no longer be used as  a  compiled  expres-
+       sion.
+
+
+AUTHOR
+
+       Philip Hazel
+       University Computing Service
+       Cambridge CB2 3QH, England.
+
+
+REVISION
+
+       Last updated: 09 January 2012
+       Copyright (c) 1997-2012 University of Cambridge.
+------------------------------------------------------------------------------
+
+
+PCRECPP(3)                 Library Functions Manual                 PCRECPP(3)
+
+
+
+NAME
+       PCRE - Perl-compatible regular expressions.
+
+SYNOPSIS OF C++ WRAPPER
+
+       #include <pcrecpp.h>
+
+
+DESCRIPTION
+
+       The  C++  wrapper  for PCRE was provided by Google Inc. Some additional
+       functionality was added by Giuseppe Maxia. This brief man page was con-
+       structed  from  the  notes  in the pcrecpp.h file, which should be con-
+       sulted for further details. Note that the C++ wrapper supports only the
+       original  8-bit  PCRE  library. There is no 16-bit or 32-bit support at
+       present.
+
+
+MATCHING INTERFACE
+
+       The "FullMatch" operation checks that supplied text matches a  supplied
+       pattern  exactly.  If pointer arguments are supplied, it copies matched
+       sub-strings that match sub-patterns into them.
+
+         Example: successful match
+            pcrecpp::RE re("h.*o");
+            re.FullMatch("hello");
+
+         Example: unsuccessful match (requires full match):
+            pcrecpp::RE re("e");
+            !re.FullMatch("hello");
+
+         Example: creating a temporary RE object:
+            pcrecpp::RE("h.*o").FullMatch("hello");
+
+       You can pass in a "const char*" or a "string" for "text". The  examples
+       below  tend to use a const char*. You can, as in the different examples
+       above, store the RE object explicitly in a variable or use a  temporary
+       RE  object.  The  examples below use one mode or the other arbitrarily.
+       Either could correctly be used for any of these examples.
+
+       You must supply extra pointer arguments to extract matched subpieces.
+
+         Example: extracts "ruby" into "s" and 1234 into "i"
+            int i;
+            string s;
+            pcrecpp::RE re("(\\w+):(\\d+)");
+            re.FullMatch("ruby:1234", &s, &i);
+
+         Example: does not try to extract any extra sub-patterns
+            re.FullMatch("ruby:1234", &s);
+
+         Example: does not try to extract into NULL
+            re.FullMatch("ruby:1234", NULL, &i);
+
+         Example: integer overflow causes failure
+            !re.FullMatch("ruby:1234567891234", NULL, &i);
+
+         Example: fails because there aren't enough sub-patterns:
+            !pcrecpp::RE("\\w+:\\d+").FullMatch("ruby:1234", &s);
+
+         Example: fails because string cannot be stored in integer
+            !pcrecpp::RE("(.*)").FullMatch("ruby", &i);
+
+       The provided pointer arguments can be pointers to  any  scalar  numeric
+       type, or one of:
+
+          string        (matched piece is copied to string)
+          StringPiece   (StringPiece is mutated to point to matched piece)
+          T             (where "bool T::ParseFrom(const char*, int)" exists)
+          NULL          (the corresponding matched sub-pattern is not copied)
+
+       The  function returns true iff all of the following conditions are sat-
+       isfied:
+
+         a. "text" matches "pattern" exactly;
+
+         b. The number of matched sub-patterns is >= number of supplied
+            pointers;
+
+         c. The "i"th argument has a suitable type for holding the
+            string captured as the "i"th sub-pattern. If you pass in
+            void * NULL for the "i"th argument, or a non-void * NULL
+            of the correct type, or pass fewer arguments than the
+            number of sub-patterns, "i"th captured sub-pattern is
+            ignored.
+
+       CAVEAT: An optional sub-pattern that does  not  exist  in  the  matched
+       string  is  assigned  the  empty  string. Therefore, the following will
+       return false (because the empty string is not a valid number):
+
+          int number;
+          pcrecpp::RE::FullMatch("abc", "[a-z]+(\\d+)?", &number);
+
+       The matching interface supports at most 16 arguments per call.  If  you
+       need    more,    consider    using    the    more   general   interface
+       pcrecpp::RE::DoMatch. See pcrecpp.h for the signature for DoMatch.
+
+       NOTE: Do not use no_arg, which is used internally to mark the end of  a
+       list  of optional arguments, as a placeholder for missing arguments, as
+       this can lead to segfaults.
+
+
+QUOTING METACHARACTERS
+
+       You can use the "QuoteMeta" operation to insert backslashes before  all
+       potentially  meaningful  characters  in  a string. The returned string,
+       used as a regular expression, will exactly match the original string.
+
+         Example:
+            string quoted = RE::QuoteMeta(unquoted);
+
+       Note that it's legal to escape a character even if it  has  no  special
+       meaning  in  a  regular expression -- so this function does that. (This
+       also makes it identical to the perl function  of  the  same  name;  see
+       "perldoc    -f    quotemeta".)    For   example,   "1.5-2.0?"   becomes
+       "1\.5\-2\.0\?".
+
+
+PARTIAL MATCHES
+
+       You can use the "PartialMatch" operation when you want the  pattern  to
+       match any substring of the text.
+
+         Example: simple search for a string:
+            pcrecpp::RE("ell").PartialMatch("hello");
+
+         Example: find first number in a string:
+            int number;
+            pcrecpp::RE re("(\\d+)");
+            re.PartialMatch("x*100 + 20", &number);
+            assert(number == 100);
+
+
+UTF-8 AND THE MATCHING INTERFACE
+
+       By  default,  pattern  and text are plain text, one byte per character.
+       The UTF8 flag, passed to  the  constructor,  causes  both  pattern  and
+       string to be treated as UTF-8 text, still a byte stream but potentially
+       multiple bytes per character. In practice, the text is likelier  to  be
+       UTF-8  than  the pattern, but the match returned may depend on the UTF8
+       flag, so always use it when matching UTF8 text. For example,  "."  will
+       match  one  byte normally but with UTF8 set may match up to three bytes
+       of a multi-byte character.
+
+         Example:
+            pcrecpp::RE_Options options;
+            options.set_utf8();
+            pcrecpp::RE re(utf8_pattern, options);
+            re.FullMatch(utf8_string);
+
+         Example: using the convenience function UTF8():
+            pcrecpp::RE re(utf8_pattern, pcrecpp::UTF8());
+            re.FullMatch(utf8_string);
+
+       NOTE: The UTF8 flag is ignored if pcre was not configured with the
+             --enable-utf8 flag.
+
+
+PASSING MODIFIERS TO THE REGULAR EXPRESSION ENGINE
+
+       PCRE defines some modifiers to  change  the  behavior  of  the  regular
+       expression   engine.  The  C++  wrapper  defines  an  auxiliary  class,
+       RE_Options, as a vehicle to pass such modifiers to  a  RE  class.  Cur-
+       rently, the following modifiers are supported:
+
+          modifier              description               Perl corresponding
+
+          PCRE_CASELESS         case insensitive match      /i
+          PCRE_MULTILINE        multiple lines match        /m
+          PCRE_DOTALL           dot matches newlines        /s
+          PCRE_DOLLAR_ENDONLY   $ matches only at end       N/A
+          PCRE_EXTRA            strict escape parsing       N/A
+          PCRE_EXTENDED         ignore white spaces         /x
+          PCRE_UTF8             handles UTF8 chars          built-in
+          PCRE_UNGREEDY         reverses * and *?           N/A
+          PCRE_NO_AUTO_CAPTURE  disables capturing parens   N/A (*)
+
+       (*)  Both Perl and PCRE allow non capturing parentheses by means of the
+       "?:" modifier within the pattern itself. e.g. (?:ab|cd) does  not  cap-
+       ture, while (ab|cd) does.
+
+       For  a  full  account on how each modifier works, please check the PCRE
+       API reference page.
+
+       For each modifier, there are two member functions whose  name  is  made
+       out  of  the  modifier  in  lowercase,  without the "PCRE_" prefix. For
+       instance, PCRE_CASELESS is handled by
+
+         bool caseless()
+
+       which returns true if the modifier is set, and
+
+         RE_Options & set_caseless(bool)
+
+       which sets or unsets the modifier. Moreover, PCRE_EXTRA_MATCH_LIMIT can
+       be  accessed  through  the  set_match_limit()  and match_limit() member
+       functions. Setting match_limit to a non-zero value will limit the  exe-
+       cution  of pcre to keep it from doing bad things like blowing the stack
+       or taking an eternity to return a result.  A  value  of  5000  is  good
+       enough  to stop stack blowup in a 2MB thread stack. Setting match_limit
+       to  zero  disables  match  limiting.  Alternatively,   you   can   call
+       match_limit_recursion()  which uses PCRE_EXTRA_MATCH_LIMIT_RECURSION to
+       limit how much  PCRE  recurses.  match_limit()  limits  the  number  of
+       matches PCRE does; match_limit_recursion() limits the depth of internal
+       recursion, and therefore the amount of stack that is used.
+
+       Normally, to pass one or more modifiers to a RE class,  you  declare  a
+       RE_Options object, set the appropriate options, and pass this object to
+       a RE constructor. Example:
+
+          RE_Options opt;
+          opt.set_caseless(true);
+          if (RE("HELLO", opt).PartialMatch("hello world")) ...
+
+       RE_options has two constructors. The default constructor takes no argu-
+       ments  and creates a set of flags that are off by default. The optional
+       parameter option_flags is to facilitate transfer of legacy code from  C
+       programs.  This lets you do
+
+          RE(pattern,
+            RE_Options(PCRE_CASELESS|PCRE_MULTILINE)).PartialMatch(str);
+
+       However, new code is better off doing
+
+          RE(pattern,
+            RE_Options().set_caseless(true).set_multiline(true))
+              .PartialMatch(str);
+
+       If you are going to pass one of the most used modifiers, there are some
+       convenience functions that return a RE_Options class with the appropri-
+       ate  modifier  already  set: CASELESS(), UTF8(), MULTILINE(), DOTALL(),
+       and EXTENDED().
+
+       If you need to set several options at once, and you don't  want  to  go
+       through  the pains of declaring a RE_Options object and setting several
+       options, there is a parallel method that give you such ability  on  the
+       fly.  You  can  concatenate several set_xxxxx() member functions, since
+       each of them returns a reference to its class object. For  example,  to
+       pass  PCRE_CASELESS, PCRE_EXTENDED, and PCRE_MULTILINE to a RE with one
+       statement, you may write:
+
+          RE(" ^ xyz \\s+ .* blah$",
+            RE_Options()
+              .set_caseless(true)
+              .set_extended(true)
+              .set_multiline(true)).PartialMatch(sometext);
+
+
+SCANNING TEXT INCREMENTALLY
+
+       The "Consume" operation may be useful if you want to  repeatedly  match
+       regular expressions at the front of a string and skip over them as they
+       match. This requires use of the "StringPiece" type, which represents  a
+       sub-range  of  a  real  string.  Like RE, StringPiece is defined in the
+       pcrecpp namespace.
+
+         Example: read lines of the form "var = value" from a string.
+            string contents = ...;                 // Fill string somehow
+            pcrecpp::StringPiece input(contents);  // Wrap in a StringPiece
+
+            string var;
+            int value;
+            pcrecpp::RE re("(\\w+) = (\\d+)\n");
+            while (re.Consume(&input, &var, &value)) {
+              ...;
+            }
+
+       Each successful call  to  "Consume"  will  set  "var/value",  and  also
+       advance "input" so it points past the matched text.
+
+       The  "FindAndConsume"  operation  is  similar to "Consume" but does not
+       anchor your match at the beginning of  the  string.  For  example,  you
+       could extract all words from a string by repeatedly calling
+
+         pcrecpp::RE("(\\w+)").FindAndConsume(&input, &word)
+
+
+PARSING HEX/OCTAL/C-RADIX NUMBERS
+
+       By default, if you pass a pointer to a numeric value, the corresponding
+       text is interpreted as a base-10  number.  You  can  instead  wrap  the
+       pointer with a call to one of the operators Hex(), Octal(), or CRadix()
+       to interpret the text in another base. The CRadix  operator  interprets
+       C-style  "0"  (base-8)  and  "0x"  (base-16)  prefixes, but defaults to
+       base-10.
+
+         Example:
+           int a, b, c, d;
+           pcrecpp::RE re("(.*) (.*) (.*) (.*)");
+           re.FullMatch("100 40 0100 0x40",
+                        pcrecpp::Octal(&a), pcrecpp::Hex(&b),
+                        pcrecpp::CRadix(&c), pcrecpp::CRadix(&d));
+
+       will leave 64 in a, b, c, and d.
+
+
+REPLACING PARTS OF STRINGS
+
+       You can replace the first match of "pattern" in "str"  with  "rewrite".
+       Within  "rewrite",  backslash-escaped  digits (\1 to \9) can be used to
+       insert text matching corresponding parenthesized group  from  the  pat-
+       tern. \0 in "rewrite" refers to the entire matching text. For example:
+
+         string s = "yabba dabba doo";
+         pcrecpp::RE("b+").Replace("d", &s);
+
+       will  leave  "s" containing "yada dabba doo". The result is true if the
+       pattern matches and a replacement occurs, false otherwise.
+
+       GlobalReplace is like Replace except that it replaces  all  occurrences
+       of  the  pattern  in  the string with the rewrite. Replacements are not
+       subject to re-matching. For example:
+
+         string s = "yabba dabba doo";
+         pcrecpp::RE("b+").GlobalReplace("d", &s);
+
+       will leave "s" containing "yada dada doo". It  returns  the  number  of
+       replacements made.
+
+       Extract  is like Replace, except that if the pattern matches, "rewrite"
+       is copied into "out" (an additional argument) with substitutions.   The
+       non-matching  portions  of "text" are ignored. Returns true iff a match
+       occurred and the extraction happened successfully;  if no match occurs,
+       the string is left unaffected.
+
+
+AUTHOR
+
+       The C++ wrapper was contributed by Google Inc.
+       Copyright (c) 2007 Google Inc.
+
+
+REVISION
+
+       Last updated: 08 January 2012
+------------------------------------------------------------------------------
+
+
+PCRESAMPLE(3)              Library Functions Manual              PCRESAMPLE(3)
+
+
+
+NAME
+       PCRE - Perl-compatible regular expressions
+
+PCRE SAMPLE PROGRAM
+
+       A simple, complete demonstration program, to get you started with using
+       PCRE, is supplied in the file pcredemo.c in the  PCRE  distribution.  A
+       listing  of this program is given in the pcredemo documentation. If you
+       do not have a copy of the PCRE distribution, you can save this  listing
+       to re-create pcredemo.c.
+
+       The  demonstration program, which uses the original PCRE 8-bit library,
+       compiles the regular expression that is its first argument, and matches
+       it  against  the subject string in its second argument. No PCRE options
+       are set, and default character tables are used. If  matching  succeeds,
+       the  program  outputs the portion of the subject that matched, together
+       with the contents of any captured substrings.
+
+       If the -g option is given on the command line, the program then goes on
+       to check for further matches of the same regular expression in the same
+       subject string. The logic is a little bit tricky because of the  possi-
+       bility  of  matching an empty string. Comments in the code explain what
+       is going on.
+
+       If PCRE is installed in the standard include  and  library  directories
+       for your operating system, you should be able to compile the demonstra-
+       tion program using this command:
+
+         gcc -o pcredemo pcredemo.c -lpcre
+
+       If PCRE is installed elsewhere, you may need to add additional  options
+       to  the  command line. For example, on a Unix-like system that has PCRE
+       installed in /usr/local, you  can  compile  the  demonstration  program
+       using a command like this:
+
+         gcc -o pcredemo -I/usr/local/include pcredemo.c \
+             -L/usr/local/lib -lpcre
+
+       In  a  Windows  environment, if you want to statically link the program
+       against a non-dll pcre.a file, you must uncomment the line that defines
+       PCRE_STATIC  before  including  pcre.h, because otherwise the pcre_mal-
+       loc()   and   pcre_free()   exported   functions   will   be   declared
+       __declspec(dllimport), with unwanted results.
+
+       Once  you  have  compiled and linked the demonstration program, you can
+       run simple tests like this:
+
+         ./pcredemo 'cat|dog' 'the cat sat on the mat'
+         ./pcredemo -g 'cat|dog' 'the dog sat on the cat'
+
+       Note that there is a  much  more  comprehensive  test  program,  called
+       pcretest,  which  supports  many  more  facilities  for testing regular
+       expressions and both PCRE libraries. The pcredemo program  is  provided
+       as a simple coding example.
+
+       If  you  try to run pcredemo when PCRE is not installed in the standard
+       library directory, you may get an error like  this  on  some  operating
+       systems (e.g. Solaris):
+
+         ld.so.1:  a.out:  fatal:  libpcre.so.0:  open failed: No such file or
+       directory
+
+       This is caused by the way shared library support works  on  those  sys-
+       tems. You need to add
+
+         -R/usr/local/lib
+
+       (for example) to the compile command to get round this problem.
+
+
+AUTHOR
+
+       Philip Hazel
+       University Computing Service
+       Cambridge CB2 3QH, England.
+
+
+REVISION
+
+       Last updated: 10 January 2012
+       Copyright (c) 1997-2012 University of Cambridge.
+------------------------------------------------------------------------------
+PCRELIMITS(3)              Library Functions Manual              PCRELIMITS(3)
+
+
+
+NAME
+       PCRE - Perl-compatible regular expressions
+
+SIZE AND OTHER LIMITATIONS
+
+       There  are some size limitations in PCRE but it is hoped that they will
+       never in practice be relevant.
+
+       The maximum length of a compiled  pattern  is  approximately  64K  data
+       units  (bytes  for  the  8-bit  library,  16-bit  units  for the 16-bit
+       library, and 32-bit units for the 32-bit library) if PCRE  is  compiled
+       with  the default internal linkage size, which is 2 bytes for the 8-bit
+       and 16-bit libraries, and 4 bytes for the 32-bit library. If  you  want
+       to process regular expressions that are truly enormous, you can compile
+       PCRE with an internal linkage size of 3 or 4 (when building the  16-bit
+       or  32-bit  library,  3 is rounded up to 4). See the README file in the
+       source distribution and the pcrebuild  documentation  for  details.  In
+       these  cases  the limit is substantially larger.  However, the speed of
+       execution is slower.
+
+       All values in repeating quantifiers must be less than 65536.
+
+       There is no limit to the number of parenthesized subpatterns, but there
+       can  be  no more than 65535 capturing subpatterns. There is, however, a
+       limit to the depth of  nesting  of  parenthesized  subpatterns  of  all
+       kinds.  This  is  imposed  in order to limit the amount of system stack
+       used at compile time. The limit can be specified when  PCRE  is  built;
+       the default is 250.
+
+       There is a limit to the number of forward references to subsequent sub-
+       patterns of around 200,000.  Repeated  forward  references  with  fixed
+       upper  limits,  for example, (?2){0,100} when subpattern number 2 is to
+       the right, are included in the count. There is no limit to  the  number
+       of backward references.
+
+       The maximum length of name for a named subpattern is 32 characters, and
+       the maximum number of named subpatterns is 10000.
+
+       The maximum length of a  name  in  a  (*MARK),  (*PRUNE),  (*SKIP),  or
+       (*THEN)  verb is 255 for the 8-bit library and 65535 for the 16-bit and
+       32-bit libraries.
+
+       The maximum length of a subject string is the largest  positive  number
+       that  an integer variable can hold. However, when using the traditional
+       matching function, PCRE uses recursion to handle subpatterns and indef-
+       inite  repetition.  This means that the available stack space may limit
+       the size of a subject string that can be processed by certain patterns.
+       For a discussion of stack issues, see the pcrestack documentation.
+
+
+AUTHOR
+
+       Philip Hazel
+       University Computing Service
+       Cambridge CB2 3QH, England.
+
+
+REVISION
+
+       Last updated: 05 November 2013
+       Copyright (c) 1997-2013 University of Cambridge.
+------------------------------------------------------------------------------
+
+
+PCRESTACK(3)               Library Functions Manual               PCRESTACK(3)
+
+
+
+NAME
+       PCRE - Perl-compatible regular expressions
+
+PCRE DISCUSSION OF STACK USAGE
+
+       When  you call pcre[16|32]_exec(), it makes use of an internal function
+       called match(). This calls itself recursively at branch points  in  the
+       pattern,  in  order  to  remember the state of the match so that it can
+       back up and try a different alternative if  the  first  one  fails.  As
+       matching proceeds deeper and deeper into the tree of possibilities, the
+       recursion depth increases. The match() function is also called in other
+       circumstances,  for  example,  whenever  a parenthesized sub-pattern is
+       entered, and in certain cases of repetition.
+
+       Not all calls of match() increase the recursion depth; for an item such
+       as  a* it may be called several times at the same level, after matching
+       different numbers of a's. Furthermore, in a number of cases  where  the
+       result  of  the  recursive call would immediately be passed back as the
+       result of the current call (a "tail recursion"), the function  is  just
+       restarted instead.
+
+       The  above  comments apply when pcre[16|32]_exec() is run in its normal
+       interpretive  manner.   If   the   pattern   was   studied   with   the
+       PCRE_STUDY_JIT_COMPILE  option, and just-in-time compiling was success-
+       ful, and the options passed to pcre[16|32]_exec() were  not  incompati-
+       ble,  the  matching  process  uses the JIT-compiled code instead of the
+       match() function. In this case, the  memory  requirements  are  handled
+       entirely differently. See the pcrejit documentation for details.
+
+       The  pcre[16|32]_dfa_exec()  function operates in an entirely different
+       way, and uses recursion only when there is a regular expression  recur-
+       sion or subroutine call in the pattern. This includes the processing of
+       assertion and "once-only" subpatterns, which are handled  like  subrou-
+       tine  calls.  Normally, these are never very deep, and the limit on the
+       complexity of pcre[16|32]_dfa_exec() is controlled  by  the  amount  of
+       workspace  it is given.  However, it is possible to write patterns with
+       runaway    infinite    recursions;    such    patterns    will    cause
+       pcre[16|32]_dfa_exec()  to  run  out  of stack. At present, there is no
+       protection against this.
+
+       The comments that follow do NOT apply to  pcre[16|32]_dfa_exec();  they
+       are relevant only for pcre[16|32]_exec() without the JIT optimization.
+
+   Reducing pcre[16|32]_exec()'s stack usage
+
+       Each  time  that match() is actually called recursively, it uses memory
+       from the process stack. For certain kinds of  pattern  and  data,  very
+       large  amounts of stack may be needed, despite the recognition of "tail
+       recursion".  You can often reduce the amount of recursion,  and  there-
+       fore  the  amount of stack used, by modifying the pattern that is being
+       matched. Consider, for example, this pattern:
+
+         ([^<]|<(?!inet))+
+
+       It matches from wherever it starts until it encounters "<inet"  or  the
+       end  of  the  data,  and is the kind of pattern that might be used when
+       processing an XML file. Each iteration of the outer parentheses matches
+       either  one  character that is not "<" or a "<" that is not followed by
+       "inet". However, each time a  parenthesis  is  processed,  a  recursion
+       occurs, so this formulation uses a stack frame for each matched charac-
+       ter. For a long string, a lot of stack is required. Consider  now  this
+       rewritten pattern, which matches exactly the same strings:
+
+         ([^<]++|<(?!inet))+
+
+       This  uses very much less stack, because runs of characters that do not
+       contain "<" are "swallowed" in one item inside the parentheses.  Recur-
+       sion  happens  only when a "<" character that is not followed by "inet"
+       is encountered (and we assume this is relatively  rare).  A  possessive
+       quantifier  is  used  to stop any backtracking into the runs of non-"<"
+       characters, but that is not related to stack usage.
+
+       This example shows that one way of avoiding stack problems when  match-
+       ing long subject strings is to write repeated parenthesized subpatterns
+       to match more than one character whenever possible.
+
+   Compiling PCRE to use heap instead of stack for pcre[16|32]_exec()
+
+       In environments where stack memory is constrained, you  might  want  to
+       compile  PCRE to use heap memory instead of stack for remembering back-
+       up points when pcre[16|32]_exec() is running. This makes it run  a  lot
+       more slowly, however.  Details of how to do this are given in the pcre-
+       build documentation. When built in  this  way,  instead  of  using  the
+       stack,  PCRE obtains and frees memory by calling the functions that are
+       pointed to by the pcre[16|32]_stack_malloc  and  pcre[16|32]_stack_free
+       variables.  By default, these point to malloc() and free(), but you can
+       replace the pointers to cause PCRE to use your own functions. Since the
+       block sizes are always the same, and are always freed in reverse order,
+       it may be possible to implement customized  memory  handlers  that  are
+       more efficient than the standard functions.
+
+   Limiting pcre[16|32]_exec()'s stack usage
+
+       You  can set limits on the number of times that match() is called, both
+       in total and recursively. If a limit  is  exceeded,  pcre[16|32]_exec()
+       returns  an  error code. Setting suitable limits should prevent it from
+       running out of stack. The default values of the limits are very  large,
+       and  unlikely  ever to operate. They can be changed when PCRE is built,
+       and they can also be set when pcre[16|32]_exec() is called. For details
+       of these interfaces, see the pcrebuild documentation and the section on
+       extra data for pcre[16|32]_exec() in the pcreapi documentation.
+
+       As a very rough rule of thumb, you should reckon on about 500 bytes per
+       recursion.  Thus,  if  you  want  to limit your stack usage to 8Mb, you
+       should set the limit at 16000 recursions. A 64Mb stack,  on  the  other
+       hand, can support around 128000 recursions.
+
+       In Unix-like environments, the pcretest test program has a command line
+       option (-S) that can be used to increase the size of its stack. As long
+       as  the  stack is large enough, another option (-M) can be used to find
+       the smallest limits that allow a particular pattern to  match  a  given
+       subject  string.  This is done by calling pcre[16|32]_exec() repeatedly
+       with different limits.
+
+   Obtaining an estimate of stack usage
+
+       The actual amount of stack used per recursion can  vary  quite  a  lot,
+       depending on the compiler that was used to build PCRE and the optimiza-
+       tion or debugging options that were set for it. The rule of thumb value
+       of  500  bytes  mentioned  above  may be larger or smaller than what is
+       actually needed. A better approximation can be obtained by running this
+       command:
+
+         pcretest -m -C
+
+       The  -C  option causes pcretest to output information about the options
+       with which PCRE was compiled. When -m is also given (before -C), infor-
+       mation about stack use is given in a line like this:
+
+         Match recursion uses stack: approximate frame size = 640 bytes
+
+       The value is approximate because some recursions need a bit more (up to
+       perhaps 16 more bytes).
+
+       If the above command is given when PCRE is compiled  to  use  the  heap
+       instead  of  the  stack  for recursion, the value that is output is the
+       size of each block that is obtained from the heap.
+
+   Changing stack size in Unix-like systems
+
+       In Unix-like environments, there is not often a problem with the  stack
+       unless  very  long  strings  are  involved, though the default limit on
+       stack size varies from system to system. Values from 8Mb  to  64Mb  are
+       common. You can find your default limit by running the command:
+
+         ulimit -s
+
+       Unfortunately,  the  effect  of  running out of stack is often SIGSEGV,
+       though sometimes a more explicit error message is given. You  can  nor-
+       mally increase the limit on stack size by code such as this:
+
+         struct rlimit rlim;
+         getrlimit(RLIMIT_STACK, &rlim);
+         rlim.rlim_cur = 100*1024*1024;
+         setrlimit(RLIMIT_STACK, &rlim);
+
+       This  reads  the current limits (soft and hard) using getrlimit(), then
+       attempts to increase the soft limit to  100Mb  using  setrlimit().  You
+       must do this before calling pcre[16|32]_exec().
+
+   Changing stack size in Mac OS X
+
+       Using setrlimit(), as described above, should also work on Mac OS X. It
+       is also possible to set a stack size when linking a program. There is a
+       discussion   about   stack  sizes  in  Mac  OS  X  at  this  web  site:
+       http://developer.apple.com/qa/qa2005/qa1419.html.
+
+
+AUTHOR
+
+       Philip Hazel
+       University Computing Service
+       Cambridge CB2 3QH, England.
+
+
+REVISION
+
+       Last updated: 24 June 2012
+       Copyright (c) 1997-2012 University of Cambridge.
+------------------------------------------------------------------------------
+
+
diff --git a/client/3rd/ShadowSocks/ShadowSocks/pcre/arm64/share/doc/pcre/pcregrep.txt b/client/3rd/ShadowSocks/ShadowSocks/pcre/arm64/share/doc/pcre/pcregrep.txt
new file mode 100644
index 00000000..97d9a7bd
--- /dev/null
+++ b/client/3rd/ShadowSocks/ShadowSocks/pcre/arm64/share/doc/pcre/pcregrep.txt
@@ -0,0 +1,741 @@
+PCREGREP(1)                 General Commands Manual                PCREGREP(1)
+
+
+
+NAME
+       pcregrep - a grep with Perl-compatible regular expressions.
+
+SYNOPSIS
+       pcregrep [options] [long options] [pattern] [path1 path2 ...]
+
+
+DESCRIPTION
+
+       pcregrep  searches  files  for  character  patterns, in the same way as
+       other grep commands do, but it uses the PCRE regular expression library
+       to support patterns that are compatible with the regular expressions of
+       Perl 5. See pcresyntax(3) for a quick-reference summary of pattern syn-
+       tax,  or pcrepattern(3) for a full description of the syntax and seman-
+       tics of the regular expressions that PCRE supports.
+
+       Patterns, whether supplied on the command line or in a  separate  file,
+       are given without delimiters. For example:
+
+         pcregrep Thursday /etc/motd
+
+       If you attempt to use delimiters (for example, by surrounding a pattern
+       with slashes, as is common in Perl scripts), they  are  interpreted  as
+       part  of  the pattern. Quotes can of course be used to delimit patterns
+       on the command line because they are  interpreted  by  the  shell,  and
+       indeed  quotes  are required if a pattern contains white space or shell
+       metacharacters.
+
+       The first argument that follows any option settings is treated  as  the
+       single  pattern  to be matched when neither -e nor -f is present.  Con-
+       versely, when one or both of these options are  used  to  specify  pat-
+       terns, all arguments are treated as path names. At least one of -e, -f,
+       or an argument pattern must be provided.
+
+       If no files are specified, pcregrep reads the standard input. The stan-
+       dard  input  can  also  be  referenced by a name consisting of a single
+       hyphen.  For example:
+
+         pcregrep some-pattern /file1 - /file3
+
+       By default, each line that matches a pattern is copied to the  standard
+       output,  and if there is more than one file, the file name is output at
+       the start of each line, followed by a colon. However, there are options
+       that  can  change  how  pcregrep  behaves. In particular, the -M option
+       makes it possible to search for patterns  that  span  line  boundaries.
+       What  defines  a  line  boundary  is  controlled  by the -N (--newline)
+       option.
+
+       The amount of memory used for buffering files that are being scanned is
+       controlled  by a parameter that can be set by the --buffer-size option.
+       The default value for this parameter  is  specified  when  pcregrep  is
+       built,  with  the  default  default  being 20K. A block of memory three
+       times this size is used (to allow for buffering  "before"  and  "after"
+       lines). An error occurs if a line overflows the buffer.
+
+       Patterns  can  be  no  longer than 8K or BUFSIZ bytes, whichever is the
+       greater.  BUFSIZ is defined in <stdio.h>. When there is more  than  one
+       pattern (specified by the use of -e and/or -f), each pattern is applied
+       to each line in the order in which they are defined,  except  that  all
+       the -e patterns are tried before the -f patterns.
+
+       By  default, as soon as one pattern matches a line, no further patterns
+       are considered. However, if --colour (or --color) is used to colour the
+       matching  substrings, or if --only-matching, --file-offsets, or --line-
+       offsets is used to output only  the  part  of  the  line  that  matched
+       (either shown literally, or as an offset), scanning resumes immediately
+       following the match, so that further matches on the same  line  can  be
+       found.  If  there  are  multiple  patterns,  they  are all tried on the
+       remainder of the line, but patterns that follow the  one  that  matched
+       are not tried on the earlier part of the line.
+
+       This  behaviour  means  that  the  order in which multiple patterns are
+       specified can affect the output when one of the above options is  used.
+       This  is no longer the same behaviour as GNU grep, which now manages to
+       display earlier matches for later patterns (as  long  as  there  is  no
+       overlap).
+
+       Patterns  that can match an empty string are accepted, but empty string
+       matches   are   never   recognized.   An   example   is   the   pattern
+       "(super)?(man)?",  in  which  all components are optional. This pattern
+       finds all occurrences of both "super" and  "man";  the  output  differs
+       from  matching  with  "super|man" when only the matching substrings are
+       being shown.
+
+       If the LC_ALL or LC_CTYPE environment variable is  set,  pcregrep  uses
+       the  value to set a locale when calling the PCRE library.  The --locale
+       option can be used to override this.
+
+
+SUPPORT FOR COMPRESSED FILES
+
+       It is possible to compile pcregrep so that it uses libz  or  libbz2  to
+       read  files  whose names end in .gz or .bz2, respectively. You can find
+       out whether your binary has support for one or both of these file types
+       by running it with the --help option. If the appropriate support is not
+       present, files are treated as plain text. The standard input is  always
+       so treated.
+
+
+BINARY FILES
+
+       By  default,  a  file that contains a binary zero byte within the first
+       1024 bytes is identified as a binary file, and is processed  specially.
+       (GNU  grep  also  identifies  binary  files  in  this  manner.) See the
+       --binary-files option for a means of changing the way binary files  are
+       handled.
+
+
+OPTIONS
+
+       The  order  in  which some of the options appear can affect the output.
+       For example, both the -h and -l options affect  the  printing  of  file
+       names.  Whichever  comes later in the command line will be the one that
+       takes effect. Similarly, except where noted  below,  if  an  option  is
+       given  twice,  the  later setting is used. Numerical values for options
+       may be followed by K  or  M,  to  signify  multiplication  by  1024  or
+       1024*1024 respectively.
+
+       --        This terminates the list of options. It is useful if the next
+                 item on the command line starts with a hyphen but is  not  an
+                 option.  This allows for the processing of patterns and file-
+                 names that start with hyphens.
+
+       -A number, --after-context=number
+                 Output number lines of context after each matching  line.  If
+                 filenames and/or line numbers are being output, a hyphen sep-
+                 arator is used instead of a colon for the  context  lines.  A
+                 line  containing  "--" is output between each group of lines,
+                 unless they are in fact contiguous in  the  input  file.  The
+                 value  of number is expected to be relatively small. However,
+                 pcregrep guarantees to have up to 8K of following text avail-
+                 able for context output.
+
+       -a, --text
+                 Treat  binary  files as text. This is equivalent to --binary-
+                 files=text.
+
+       -B number, --before-context=number
+                 Output number lines of context before each matching line.  If
+                 filenames and/or line numbers are being output, a hyphen sep-
+                 arator is used instead of a colon for the  context  lines.  A
+                 line  containing  "--" is output between each group of lines,
+                 unless they are in fact contiguous in  the  input  file.  The
+                 value  of number is expected to be relatively small. However,
+                 pcregrep guarantees to have up to 8K of preceding text avail-
+                 able for context output.
+
+       --binary-files=word
+                 Specify  how binary files are to be processed. If the word is
+                 "binary" (the default),  pattern  matching  is  performed  on
+                 binary  files,  but  the  only  output is "Binary file <name>
+                 matches" when a match succeeds. If the word is "text",  which
+                 is  equivalent  to  the -a or --text option, binary files are
+                 processed in the same way as any other file.  In  this  case,
+                 when  a  match  succeeds,  the  output may be binary garbage,
+                 which can have nasty effects if sent to a  terminal.  If  the
+                 word  is  "without-match",  which  is  equivalent  to  the -I
+                 option, binary files are  not  processed  at  all;  they  are
+                 assumed not to be of interest.
+
+       --buffer-size=number
+                 Set  the  parameter that controls how much memory is used for
+                 buffering files that are being scanned.
+
+       -C number, --context=number
+                 Output number lines of context both  before  and  after  each
+                 matching  line.  This is equivalent to setting both -A and -B
+                 to the same value.
+
+       -c, --count
+                 Do not output individual lines from the files that are  being
+                 scanned; instead output the number of lines that would other-
+                 wise have been shown. If no lines are  selected,  the  number
+                 zero  is  output.  If  several files are are being scanned, a
+                 count is output for each of them. However,  if  the  --files-
+                 with-matches  option  is  also  used,  only those files whose
+                 counts are greater than zero are listed. When -c is used, the
+                 -A, -B, and -C options are ignored.
+
+       --colour, --color
+                 If this option is given without any data, it is equivalent to
+                 "--colour=auto".  If data is required, it must  be  given  in
+                 the same shell item, separated by an equals sign.
+
+       --colour=value, --color=value
+                 This option specifies under what circumstances the parts of a
+                 line that matched a pattern should be coloured in the output.
+                 By  default,  the output is not coloured. The value (which is
+                 optional, see above) may be "never", "always", or "auto".  In
+                 the  latter case, colouring happens only if the standard out-
+                 put is connected to a terminal. More resources are used  when
+                 colouring  is enabled, because pcregrep has to search for all
+                 possible matches in a line, not just one, in order to  colour
+                 them all.
+
+                 The colour that is used can be specified by setting the envi-
+                 ronment variable PCREGREP_COLOUR or PCREGREP_COLOR. The value
+                 of this variable should be a string of two numbers, separated
+                 by a semicolon. They are copied  directly  into  the  control
+                 string  for  setting  colour  on  a  terminal,  so it is your
+                 responsibility to ensure that they make sense. If neither  of
+                 the  environment  variables  is  set,  the default is "1;31",
+                 which gives red.
+
+       -D action, --devices=action
+                 If an input path is  not  a  regular  file  or  a  directory,
+                 "action"  specifies  how  it is to be processed. Valid values
+                 are "read" (the default) or "skip" (silently skip the path).
+
+       -d action, --directories=action
+                 If an input path is a directory, "action" specifies how it is
+                 to  be  processed.   Valid  values are "read" (the default in
+                 non-Windows environments, for compatibility with  GNU  grep),
+                 "recurse"  (equivalent to the -r option), or "skip" (silently
+                 skip the path, the default in Windows environments).  In  the
+                 "read"  case,  directories  are read as if they were ordinary
+                 files. In some operating systems  the  effect  of  reading  a
+                 directory like this is an immediate end-of-file; in others it
+                 may provoke an error.
+
+       -e pattern, --regex=pattern, --regexp=pattern
+                 Specify a pattern to be matched. This option can be used mul-
+                 tiple times in order to specify several patterns. It can also
+                 be used as a way of specifying a single pattern  that  starts
+                 with  a hyphen. When -e is used, no argument pattern is taken
+                 from the command line; all  arguments  are  treated  as  file
+                 names.  There is no limit to the number of patterns. They are
+                 applied to each line in the order in which they  are  defined
+                 until one matches.
+
+                 If  -f is used with -e, the command line patterns are matched
+                 first, followed by the patterns from the file(s), independent
+                 of  the order in which these options are specified. Note that
+                 multiple use of -e is not the same as a single  pattern  with
+                 alternatives. For example, X|Y finds the first character in a
+                 line that is X or Y, whereas if the two  patterns  are  given
+                 separately,  with X first, pcregrep finds X if it is present,
+                 even if it follows Y in the line. It finds Y only if there is
+                 no  X  in  the line. This matters only if you are using -o or
+                 --colo(u)r to show the part(s) of the line that matched.
+
+       --exclude=pattern
+                 Files (but not directories) whose names match the pattern are
+                 skipped  without  being processed. This applies to all files,
+                 whether listed on the command  line,  obtained  from  --file-
+                 list, or by scanning a directory. The pattern is a PCRE regu-
+                 lar expression, and is matched against the final component of
+                 the  file  name,  not  the  entire  path.  The -F, -w, and -x
+                 options do not apply to this pattern. The option may be given
+                 any number of times in order to specify multiple patterns. If
+                 a file name matches both an --include and an  --exclude  pat-
+                 tern, it is excluded. There is no short form for this option.
+
+       --exclude-from=filename
+                 Treat  each  non-empty  line  of  the file as the data for an
+                 --exclude option. What constitutes a newline when reading the
+                 file  is the operating system's default. The --newline option
+                 has no effect on this option. This option may be  given  more
+                 than once in order to specify a number of files to read.
+
+       --exclude-dir=pattern
+                 Directories whose names match the pattern are skipped without
+                 being processed, whatever  the  setting  of  the  --recursive
+                 option.  This  applies  to all directories, whether listed on
+                 the command line, obtained from --file-list, or by scanning a
+                 parent  directory.  The pattern is a PCRE regular expression,
+                 and is matched against the final component of  the  directory
+                 name,  not the entire path. The -F, -w, and -x options do not
+                 apply to this pattern. The option may be given any number  of
+                 times  in order to specify more than one pattern. If a direc-
+                 tory matches both  --include-dir  and  --exclude-dir,  it  is
+                 excluded. There is no short form for this option.
+
+       -F, --fixed-strings
+                 Interpret  each  data-matching  pattern  as  a  list of fixed
+                 strings, separated by  newlines,  instead  of  as  a  regular
+                 expression.  What  constitutes  a newline for this purpose is
+                 controlled by the --newline option. The -w (match as a  word)
+                 and  -x (match whole line) options can be used with -F.  They
+                 apply to each of the fixed strings. A line is selected if any
+                 of the fixed strings are found in it (subject to -w or -x, if
+                 present). This option applies only to the patterns  that  are
+                 matched  against  the contents of files; it does not apply to
+                 patterns specified by  any  of  the  --include  or  --exclude
+                 options.
+
+       -f filename, --file=filename
+                 Read  patterns  from  the  file, one per line, and match them
+                 against each line of input. What constitutes a  newline  when
+                 reading  the  file  is  the  operating  system's default. The
+                 --newline option has no effect on this option. Trailing white
+                 space is removed from each line, and blank lines are ignored.
+                 An empty file contains  no  patterns  and  therefore  matches
+                 nothing. See also the comments about multiple patterns versus
+                 a single pattern with alternatives in the description  of  -e
+                 above.
+
+                 If  this  option  is  given more than once, all the specified
+                 files are read. A data line is output if any of the  patterns
+                 match  it.  A  filename  can  be given as "-" to refer to the
+                 standard input. When -f is used, patterns  specified  on  the
+                 command  line  using  -e may also be present; they are tested
+                 before the file's patterns.  However,  no  other  pattern  is
+                 taken from the command line; all arguments are treated as the
+                 names of paths to be searched.
+
+       --file-list=filename
+                 Read a list of  files  and/or  directories  that  are  to  be
+                 scanned  from  the  given  file, one per line. Trailing white
+                 space is removed from each line, and blank lines are ignored.
+                 These  paths  are processed before any that are listed on the
+                 command line. The filename can be given as "-"  to  refer  to
+                 the standard input.  If --file and --file-list are both spec-
+                 ified as "-", patterns are read first. This  is  useful  only
+                 when  the  standard  input  is a terminal, from which further
+                 lines (the list of files) can be read  after  an  end-of-file
+                 indication.  If  this option is given more than once, all the
+                 specified files are read.
+
+       --file-offsets
+                 Instead of showing lines or parts of lines that  match,  show
+                 each  match  as  an  offset  from the start of the file and a
+                 length, separated by a comma. In this  mode,  no  context  is
+                 shown.  That  is,  the -A, -B, and -C options are ignored. If
+                 there is more than one match in a line, each of them is shown
+                 separately.  This  option  is mutually exclusive with --line-
+                 offsets and --only-matching.
+
+       -H, --with-filename
+                 Force the inclusion of the filename at the  start  of  output
+                 lines  when searching a single file. By default, the filename
+                 is not shown in this case. For matching lines,  the  filename
+                 is followed by a colon; for context lines, a hyphen separator
+                 is used. If a line number is also being  output,  it  follows
+                 the file name.
+
+       -h, --no-filename
+                 Suppress  the output filenames when searching multiple files.
+                 By default, filenames  are  shown  when  multiple  files  are
+                 searched.  For  matching lines, the filename is followed by a
+                 colon; for context lines, a hyphen separator is used.   If  a
+                 line number is also being output, it follows the file name.
+
+       --help    Output  a  help  message, giving brief details of the command
+                 options and file type support, and then exit.  Anything  else
+                 on the command line is ignored.
+
+       -I        Treat  binary  files as never matching. This is equivalent to
+                 --binary-files=without-match.
+
+       -i, --ignore-case
+                 Ignore upper/lower case distinctions during comparisons.
+
+       --include=pattern
+                 If any --include patterns are specified, the only files  that
+                 are  processed  are those that match one of the patterns (and
+                 do not match an --exclude  pattern).  This  option  does  not
+                 affect  directories,  but  it  applies  to all files, whether
+                 listed on the command line, obtained from --file-list, or  by
+                 scanning  a  directory. The pattern is a PCRE regular expres-
+                 sion, and is matched against the final component of the  file
+                 name,  not the entire path. The -F, -w, and -x options do not
+                 apply to this pattern. The option may be given any number  of
+                 times.  If  a  file  name  matches  both  an --include and an
+                 --exclude pattern, it is excluded.  There is  no  short  form
+                 for this option.
+
+       --include-from=filename
+                 Treat  each  non-empty  line  of  the file as the data for an
+                 --include option. What constitutes a newline for this purpose
+                 is  the  operating system's default. The --newline option has
+                 no effect on this option. This option may be given any number
+                 of times; all the files are read.
+
+       --include-dir=pattern
+                 If  any --include-dir patterns are specified, the only direc-
+                 tories that are processed are those that  match  one  of  the
+                 patterns  (and  do  not match an --exclude-dir pattern). This
+                 applies to all directories, whether  listed  on  the  command
+                 line,  obtained  from  --file-list,  or  by scanning a parent
+                 directory. The pattern is a PCRE regular expression,  and  is
+                 matched  against  the  final component of the directory name,
+                 not the entire path. The -F, -w, and -x options do not  apply
+                 to this pattern. The option may be given any number of times.
+                 If a directory matches both --include-dir and  --exclude-dir,
+                 it is excluded. There is no short form for this option.
+
+       -L, --files-without-match
+                 Instead  of  outputting lines from the files, just output the
+                 names of the files that do not contain any lines  that  would
+                 have  been  output. Each file name is output once, on a sepa-
+                 rate line.
+
+       -l, --files-with-matches
+                 Instead of outputting lines from the files, just  output  the
+                 names of the files containing lines that would have been out-
+                 put. Each file name is  output  once,  on  a  separate  line.
+                 Searching  normally stops as soon as a matching line is found
+                 in a file. However, if the -c (count) option  is  also  used,
+                 matching  continues in order to obtain the correct count, and
+                 those files that have at least one  match  are  listed  along
+                 with their counts. Using this option with -c is a way of sup-
+                 pressing the listing of files with no matches.
+
+       --label=name
+                 This option supplies a name to be used for the standard input
+                 when file names are being output. If not supplied, "(standard
+                 input)" is used. There is no short form for this option.
+
+       --line-buffered
+                 When this option is given, input is read and  processed  line
+                 by  line,  and  the  output  is  flushed after each write. By
+                 default, input is read in large chunks, unless  pcregrep  can
+                 determine  that  it is reading from a terminal (which is cur-
+                 rently possible only in Unix-like  environments).  Output  to
+                 terminal  is  normally automatically flushed by the operating
+                 system. This option can be useful when the input or output is
+                 attached  to a pipe and you do not want pcregrep to buffer up
+                 large amounts of data. However, its use will  affect  perfor-
+                 mance, and the -M (multiline) option ceases to work.
+
+       --line-offsets
+                 Instead  of  showing lines or parts of lines that match, show
+                 each match as a line number, the offset from the start of the
+                 line,  and a length. The line number is terminated by a colon
+                 (as usual; see the -n option), and the offset and length  are
+                 separated  by  a  comma.  In  this mode, no context is shown.
+                 That is, the -A, -B, and -C options are ignored. If there  is
+                 more  than  one  match in a line, each of them is shown sepa-
+                 rately. This option is mutually exclusive with --file-offsets
+                 and --only-matching.
+
+       --locale=locale-name
+                 This  option specifies a locale to be used for pattern match-
+                 ing. It overrides the value in the LC_ALL or  LC_CTYPE  envi-
+                 ronment  variables.  If  no  locale  is  specified,  the PCRE
+                 library's default (usually the "C" locale) is used. There  is
+                 no short form for this option.
+
+       --match-limit=number
+                 Processing  some  regular  expression  patterns can require a
+                 very large amount of memory, leading in some cases to a  pro-
+                 gram  crash  if  not enough is available.  Other patterns may
+                 take a very long time to search  for  all  possible  matching
+                 strings.  The pcre_exec() function that is called by pcregrep
+                 to do the matching has two  parameters  that  can  limit  the
+                 resources that it uses.
+
+                 The   --match-limit  option  provides  a  means  of  limiting
+                 resource usage when processing patterns that are not going to
+                 match, but which have a very large number of possibilities in
+                 their search trees. The classic example  is  a  pattern  that
+                 uses  nested unlimited repeats. Internally, PCRE uses a func-
+                 tion called match()  which  it  calls  repeatedly  (sometimes
+                 recursively).  The  limit  set by --match-limit is imposed on
+                 the number of times this function is called during  a  match,
+                 which  has  the effect of limiting the amount of backtracking
+                 that can take place.
+
+                 The --recursion-limit option is similar to --match-limit, but
+                 instead of limiting the total number of times that match() is
+                 called, it limits the depth of recursive calls, which in turn
+                 limits  the  amount of memory that can be used. The recursion
+                 depth is a smaller number than the  total  number  of  calls,
+                 because not all calls to match() are recursive. This limit is
+                 of use only if it is set smaller than --match-limit.
+
+                 There are no short forms for these options. The default  set-
+                 tings  are  specified when the PCRE library is compiled, with
+                 the default default being 10 million.
+
+       -M, --multiline
+                 Allow patterns to match more than one line. When this  option
+                 is given, patterns may usefully contain literal newline char-
+                 acters and internal occurrences of ^ and  $  characters.  The
+                 output  for  a  successful match may consist of more than one
+                 line, the last of which is the one in which the match  ended.
+                 If the matched string ends with a newline sequence the output
+                 ends at the end of that line.
+
+                 When this option is set, the PCRE library is called in  "mul-
+                 tiline"  mode.   There is a limit to the number of lines that
+                 can be matched, imposed by the way that pcregrep buffers  the
+                 input  file as it scans it. However, pcregrep ensures that at
+                 least 8K characters or the rest of the document (whichever is
+                 the  shorter)  are  available for forward matching, and simi-
+                 larly the previous 8K characters (or all the previous charac-
+                 ters,  if  fewer  than 8K) are guaranteed to be available for
+                 lookbehind assertions. This option does not work  when  input
+                 is read line by line (see --line-buffered.)
+
+       -N newline-type, --newline=newline-type
+                 The  PCRE  library  supports  five  different conventions for
+                 indicating the ends of lines. They are  the  single-character
+                 sequences  CR  (carriage  return) and LF (linefeed), the two-
+                 character sequence CRLF, an "anycrlf" convention, which  rec-
+                 ognizes  any  of the preceding three types, and an "any" con-
+                 vention, in which any Unicode line ending sequence is assumed
+                 to  end a line. The Unicode sequences are the three just men-
+                 tioned, plus  VT  (vertical  tab,  U+000B),  FF  (form  feed,
+                 U+000C),   NEL  (next  line,  U+0085),  LS  (line  separator,
+                 U+2028), and PS (paragraph separator, U+2029).
+
+                 When  the  PCRE  library  is  built,  a  default  line-ending
+                 sequence   is  specified.   This  is  normally  the  standard
+                 sequence for the operating system. Unless otherwise specified
+                 by  this  option,  pcregrep  uses the library's default.  The
+                 possible values for this option are CR, LF, CRLF, ANYCRLF, or
+                 ANY.  This  makes  it  possible to use pcregrep to scan files
+                 that have come from other environments without having to mod-
+                 ify  their  line  endings.  If the data that is being scanned
+                 does not agree with the convention set by this option,  pcre-
+                 grep  may  behave in strange ways. Note that this option does
+                 not apply to files specified by the  -f,  --exclude-from,  or
+                 --include-from options, which are expected to use the operat-
+                 ing system's standard newline sequence.
+
+       -n, --line-number
+                 Precede each output line by its line number in the file, fol-
+                 lowed  by  a colon for matching lines or a hyphen for context
+                 lines. If the filename is also being output, it precedes  the
+                 line number. This option is forced if --line-offsets is used.
+
+       --no-jit  If  the  PCRE  library is built with support for just-in-time
+                 compiling (which speeds up matching), pcregrep  automatically
+                 makes use of this, unless it was explicitly disabled at build
+                 time. This option can be used to disable the use  of  JIT  at
+                 run  time. It is provided for testing and working round prob-
+                 lems.  It should never be needed in normal use.
+
+       -o, --only-matching
+                 Show only the part of the line that matched a pattern instead
+                 of  the  whole  line. In this mode, no context is shown. That
+                 is, the -A, -B, and -C options are ignored. If there is  more
+                 than  one  match in a line, each of them is shown separately.
+                 If -o is combined with -v (invert the sense of the  match  to
+                 find  non-matching  lines),  no  output is generated, but the
+                 return code is set appropriately. If the matched  portion  of
+                 the  line is empty, nothing is output unless the file name or
+                 line number are being printed, in which case they  are  shown
+                 on an otherwise empty line. This option is mutually exclusive
+                 with --file-offsets and --line-offsets.
+
+       -onumber, --only-matching=number
+                 Show only the part of the line  that  matched  the  capturing
+                 parentheses of the given number. Up to 32 capturing parenthe-
+                 ses are supported, and -o0 is equivalent to -o without a num-
+                 ber.  Because  these options can be given without an argument
+                 (see above), if an argument is present, it must be  given  in
+                 the  same  shell item, for example, -o3 or --only-matching=2.
+                 The comments given for the non-argument case above also apply
+                 to  this  case. If the specified capturing parentheses do not
+                 exist in the pattern, or were not set in the  match,  nothing
+                 is  output  unless  the  file  name  or line number are being
+                 printed.
+
+                 If this option is given multiple times,  multiple  substrings
+                 are  output, in the order the options are given. For example,
+                 -o3 -o1 -o3 causes the substrings matched by capturing paren-
+                 theses  3  and  1  and then 3 again to be output. By default,
+                 there is no separator (but see the next option).
+
+       --om-separator=text
+                 Specify a separating string for multiple occurrences  of  -o.
+                 The  default is an empty string. Separating strings are never
+                 coloured.
+
+       -q, --quiet
+                 Work quietly, that is, display nothing except error messages.
+                 The  exit  status  indicates  whether or not any matches were
+                 found.
+
+       -r, --recursive
+                 If any given path is a directory, recursively scan the  files
+                 it  contains, taking note of any --include and --exclude set-
+                 tings. By default, a directory is read as a normal  file;  in
+                 some  operating  systems this gives an immediate end-of-file.
+                 This option is a shorthand  for  setting  the  -d  option  to
+                 "recurse".
+
+       --recursion-limit=number
+                 See --match-limit above.
+
+       -s, --no-messages
+                 Suppress  error  messages  about  non-existent  or unreadable
+                 files. Such files are quietly skipped.  However,  the  return
+                 code is still 2, even if matches were found in other files.
+
+       -u, --utf-8
+                 Operate  in UTF-8 mode. This option is available only if PCRE
+                 has been compiled with UTF-8 support. All patterns (including
+                 those  for  any --exclude and --include options) and all sub-
+                 ject lines that are scanned must be valid  strings  of  UTF-8
+                 characters.
+
+       -V, --version
+                 Write the version numbers of pcregrep and the PCRE library to
+                 the standard output and then exit. Anything else on the  com-
+                 mand line is ignored.
+
+       -v, --invert-match
+                 Invert  the  sense  of  the match, so that lines which do not
+                 match any of the patterns are the ones that are found.
+
+       -w, --word-regex, --word-regexp
+                 Force the patterns to match only whole words. This is equiva-
+                 lent  to  having \b at the start and end of the pattern. This
+                 option applies only to the patterns that are matched  against
+                 the  contents  of files; it does not apply to patterns speci-
+                 fied by any of the --include or --exclude options.
+
+       -x, --line-regex, --line-regexp
+                 Force the patterns to be anchored (each must  start  matching
+                 at  the beginning of a line) and in addition, require them to
+                 match entire lines. This is equivalent  to  having  ^  and  $
+                 characters at the start and end of each alternative branch in
+                 every pattern. This option applies only to the patterns  that
+                 are  matched against the contents of files; it does not apply
+                 to patterns specified by any of the  --include  or  --exclude
+                 options.
+
+
+ENVIRONMENT VARIABLES
+
+       The  environment  variables  LC_ALL  and LC_CTYPE are examined, in that
+       order, for a locale. The first one that is set is  used.  This  can  be
+       overridden  by  the  --locale  option.  If  no  locale is set, the PCRE
+       library's default (usually the "C" locale) is used.
+
+
+NEWLINES
+
+       The -N (--newline) option allows pcregrep to scan files with  different
+       newline conventions from the default. Any parts of the input files that
+       are written to the standard output are copied identically,  with  what-
+       ever  newline sequences they have in the input. However, the setting of
+       this option does not affect the interpretation of  files  specified  by
+       the -f, --exclude-from, or --include-from options, which are assumed to
+       use the operating system's  standard  newline  sequence,  nor  does  it
+       affect  the  way in which pcregrep writes informational messages to the
+       standard error and output streams. For these it uses the string "\n" to
+       indicate  newlines,  relying on the C I/O library to convert this to an
+       appropriate sequence.
+
+
+OPTIONS COMPATIBILITY
+
+       Many of the short and long forms of pcregrep's options are the same  as
+       in  the GNU grep program. Any long option of the form --xxx-regexp (GNU
+       terminology) is also available as --xxx-regex (PCRE terminology).  How-
+       ever,  the  --file-list, --file-offsets, --include-dir, --line-offsets,
+       --locale, --match-limit, -M, --multiline, -N,  --newline,  --om-separa-
+       tor,  --recursion-limit,  -u, and --utf-8 options are specific to pcre-
+       grep, as is the use of the  --only-matching  option  with  a  capturing
+       parentheses number.
+
+       Although  most  of the common options work the same way, a few are dif-
+       ferent in pcregrep. For example, the --include option's argument  is  a
+       glob  for  GNU grep, but a regular expression for pcregrep. If both the
+       -c and -l options are given, GNU grep lists only  file  names,  without
+       counts, but pcregrep gives the counts.
+
+
+OPTIONS WITH DATA
+
+       There are four different ways in which an option with data can be spec-
+       ified.  If a short form option is used, the  data  may  follow  immedi-
+       ately, or (with one exception) in the next command line item. For exam-
+       ple:
+
+         -f/some/file
+         -f /some/file
+
+       The exception is the -o option, which may appear with or without  data.
+       Because  of this, if data is present, it must follow immediately in the
+       same item, for example -o3.
+
+       If a long form option is used, the data may appear in the same  command
+       line  item,  separated by an equals character, or (with two exceptions)
+       it may appear in the next command line item. For example:
+
+         --file=/some/file
+         --file /some/file
+
+       Note, however, that if you want to supply a file name beginning with  ~
+       as  data  in  a  shell  command,  and have the shell expand ~ to a home
+       directory, you must separate the file name from the option, because the
+       shell does not treat ~ specially unless it is at the start of an item.
+
+       The  exceptions  to the above are the --colour (or --color) and --only-
+       matching options, for which the data  is  optional.  If  one  of  these
+       options  does  have  data, it must be given in the first form, using an
+       equals character. Otherwise pcregrep will assume that it has no data.
+
+
+MATCHING ERRORS
+
+       It is possible to supply a regular expression that takes  a  very  long
+       time  to  fail  to  match certain lines. Such patterns normally involve
+       nested indefinite repeats, for example: (a+)*\d when matched against  a
+       line  of  a's  with  no  final  digit. The PCRE matching function has a
+       resource limit that causes it to abort in these circumstances. If  this
+       happens, pcregrep outputs an error message and the line that caused the
+       problem to the standard error stream. If there are more  than  20  such
+       errors, pcregrep gives up.
+
+       The  --match-limit  option  of  pcregrep can be used to set the overall
+       resource limit; there is a second option called --recursion-limit  that
+       sets  a limit on the amount of memory (usually stack) that is used (see
+       the discussion of these options above).
+
+
+DIAGNOSTICS
+
+       Exit status is 0 if any matches were found, 1 if no matches were found,
+       and  2  for syntax errors, overlong lines, non-existent or inaccessible
+       files (even if matches were found in other files) or too many  matching
+       errors. Using the -s option to suppress error messages about inaccessi-
+       ble files does not affect the return code.
+
+
+SEE ALSO
+
+       pcrepattern(3), pcresyntax(3), pcretest(1).
+
+
+AUTHOR
+
+       Philip Hazel
+       University Computing Service
+       Cambridge CB2 3QH, England.
+
+
+REVISION
+
+       Last updated: 03 April 2014
+       Copyright (c) 1997-2014 University of Cambridge.
diff --git a/client/3rd/ShadowSocks/ShadowSocks/pcre/arm64/share/doc/pcre/pcretest.txt b/client/3rd/ShadowSocks/ShadowSocks/pcre/arm64/share/doc/pcre/pcretest.txt
new file mode 100644
index 00000000..6d7305cf
--- /dev/null
+++ b/client/3rd/ShadowSocks/ShadowSocks/pcre/arm64/share/doc/pcre/pcretest.txt
@@ -0,0 +1,1091 @@
+PCRETEST(1)                 General Commands Manual                PCRETEST(1)
+
+
+
+NAME
+       pcretest - a program for testing Perl-compatible regular expressions.
+
+SYNOPSIS
+
+       pcretest [options] [input file [output file]]
+
+       pcretest  was written as a test program for the PCRE regular expression
+       library itself, but it can also be used for experimenting with  regular
+       expressions.  This document describes the features of the test program;
+       for details of the regular expressions themselves, see the  pcrepattern
+       documentation. For details of the PCRE library function calls and their
+       options, see the pcreapi , pcre16 and pcre32 documentation.
+
+       The input for pcretest is a sequence of regular expression patterns and
+       strings  to be matched, as described below. The output shows the result
+       of each match. Options on the command line  and  the  patterns  control
+       PCRE options and exactly what is output.
+
+       As  PCRE has evolved, it has acquired many different features, and as a
+       result, pcretest now has rather a lot of obscure  options  for  testing
+       every possible feature. Some of these options are specifically designed
+       for use in conjunction with the test script and  data  files  that  are
+       distributed  as  part of PCRE, and are unlikely to be of use otherwise.
+       They are all documented here, but without much justification.
+
+
+INPUT DATA FORMAT
+
+       Input to pcretest is processed line by line, either by  calling  the  C
+       library's fgets() function, or via the libreadline library (see below).
+       In Unix-like environments, fgets() treats any bytes other than  newline
+       as  data characters. However, in some Windows environments character 26
+       (hex 1A) causes an immediate end of file, and no further data is  read.
+       For  maximum  portability,  therefore,  it  is safest to use only ASCII
+       characters in pcretest input files.
+
+       The input is processed using using C's string functions,  so  must  not
+       contain  binary  zeroes, even though in Unix-like environments, fgets()
+       treats any bytes other than newline as data characters.
+
+
+PCRE's 8-BIT, 16-BIT AND 32-BIT LIBRARIES
+
+       From release 8.30, two separate PCRE libraries can be built. The origi-
+       nal  one  supports  8-bit  character  strings, whereas the newer 16-bit
+       library supports  character  strings  encoded  in  16-bit  units.  From
+       release  8.32,  a  third  library  can  be  built, supporting character
+       strings encoded in 32-bit units. The pcretest program can  be  used  to
+       test all three libraries. However, it is itself still an 8-bit program,
+       reading 8-bit input and writing 8-bit output.  When testing the  16-bit
+       or  32-bit  library, the patterns and data strings are converted to 16-
+       or 32-bit format before being passed to  the  PCRE  library  functions.
+       Results are converted to 8-bit for output.
+
+       References to functions and structures of the form pcre[16|32]_xx below
+       mean "pcre_xx when using the 8-bit library, pcre16_xx  when  using  the
+       16-bit library, or pcre32_xx when using the 32-bit library".
+
+
+COMMAND LINE OPTIONS
+
+       -8        If  both the 8-bit library has been built, this option causes
+                 the 8-bit library to be used (which is the default);  if  the
+                 8-bit  library  has  not  been  built,  this option causes an
+                 error.
+
+       -16       If both the 8-bit or the 32-bit,  and  the  16-bit  libraries
+                 have  been built, this option causes the 16-bit library to be
+                 used. If only the 16-bit library has been built, this is  the
+                 default  (so  has no effect). If only the 8-bit or the 32-bit
+                 library has been built, this option causes an error.
+
+       -32       If both the 8-bit or the 16-bit,  and  the  32-bit  libraries
+                 have  been built, this option causes the 32-bit library to be
+                 used. If only the 32-bit library has been built, this is  the
+                 default  (so  has no effect). If only the 8-bit or the 16-bit
+                 library has been built, this option causes an error.
+
+       -b        Behave as if each pattern has the /B (show byte  code)  modi-
+                 fier; the internal form is output after compilation.
+
+       -C        Output the version number of the PCRE library, and all avail-
+                 able  information  about  the  optional  features  that   are
+                 included,  and  then  exit  with  zero  exit  code. All other
+                 options are ignored.
+
+       -C option Output information about a specific build-time  option,  then
+                 exit.  This functionality is intended for use in scripts such
+                 as RunTest. The following options output the  value  and  set
+                 the exit code as indicated:
+
+                   ebcdic-nl  the code for LF (= NL) in an EBCDIC environment:
+                                0x15 or 0x25
+                                0 if used in an ASCII environment
+                                exit code is always 0
+                   linksize   the configured internal link size (2, 3, or 4)
+                                exit code is set to the link size
+                   newline    the default newline setting:
+                                CR, LF, CRLF, ANYCRLF, or ANY
+                                exit code is always 0
+                   bsr        the default setting for what \R matches:
+                                ANYCRLF or ANY
+                                exit code is always 0
+
+                 The  following  options output 1 for true or 0 for false, and
+                 set the exit code to the same value:
+
+                   ebcdic     compiled for an EBCDIC environment
+                   jit        just-in-time support is available
+                   pcre16     the 16-bit library was built
+                   pcre32     the 32-bit library was built
+                   pcre8      the 8-bit library was built
+                   ucp        Unicode property support is available
+                   utf        UTF-8 and/or UTF-16 and/or UTF-32 support
+                                is available
+
+                 If an unknown option is given, an error  message  is  output;
+                 the exit code is 0.
+
+       -d        Behave  as  if  each pattern has the /D (debug) modifier; the
+                 internal form and information about the compiled  pattern  is
+                 output after compilation; -d is equivalent to -b -i.
+
+       -dfa      Behave  as if each data line contains the \D escape sequence;
+                 this    causes    the    alternative    matching    function,
+                 pcre[16|32]_dfa_exec(),  to  be  used instead of the standard
+                 pcre[16|32]_exec() function (more detail is given below).
+
+       -help     Output a brief summary these options and then exit.
+
+       -i        Behave as if each pattern has the  /I  modifier;  information
+                 about the compiled pattern is given after compilation.
+
+       -M        Behave  as if each data line contains the \M escape sequence;
+                 this causes PCRE to  discover  the  minimum  MATCH_LIMIT  and
+                 MATCH_LIMIT_RECURSION  settings by calling pcre[16|32]_exec()
+                 repeatedly with different limits.
+
+       -m        Output the size of each compiled pattern after  it  has  been
+                 compiled.  This  is  equivalent  to adding /M to each regular
+                 expression. The size is given in bytes for both libraries.
+
+       -O        Behave as if each pattern has the /O modifier, that  is  dis-
+                 able auto-possessification for all patterns.
+
+       -o osize  Set  the number of elements in the output vector that is used
+                 when calling pcre[16|32]_exec() or pcre[16|32]_dfa_exec()  to
+                 be  osize.  The  default  value is 45, which is enough for 14
+                 capturing subexpressions for pcre[16|32]_exec() or 22 differ-
+                 ent  matches for pcre[16|32]_dfa_exec().  The vector size can
+                 be changed for individual matching calls by including  \O  in
+                 the data line (see below).
+
+       -p        Behave  as  if  each  pattern  has the /P modifier; the POSIX
+                 wrapper API is used to call PCRE. None of the  other  options
+                 has  any  effect when -p is set. This option can be used only
+                 with the 8-bit library.
+
+       -q        Do not output the version number of pcretest at the start  of
+                 execution.
+
+       -S size   On  Unix-like  systems, set the size of the run-time stack to
+                 size megabytes.
+
+       -s or -s+ Behave as if each pattern  has  the  /S  modifier;  in  other
+                 words,  force each pattern to be studied. If -s+ is used, all
+                 the JIT compile options are  passed  to  pcre[16|32]_study(),
+                 causing  just-in-time  optimization  to  be  set  up if it is
+                 available, for both full and partial matching.  Specific  JIT
+                 compile options can be selected by following -s+ with a digit
+                 in the range 1 to 7, which selects the JIT compile  modes  as
+                 follows:
+
+                   1  normal match only
+                   2  soft partial match only
+                   3  normal match and soft partial match
+                   4  hard partial match only
+                   6  soft and hard partial match
+                   7  all three modes (default)
+
+                 If  -s++  is used instead of -s+ (with or without a following
+                 digit), the text "(JIT)" is added to the  first  output  line
+                 after a match or no match when JIT-compiled code was actually
+                 used.
+
+                 Note that there are pattern options  that  can  override  -s,
+                 either specifying no studying at all, or suppressing JIT com-
+                 pilation.
+
+                 If the /I or /D option is present on  a  pattern  (requesting
+                 output  about  the  compiled  pattern), information about the
+                 result of studying is not included when  studying  is  caused
+                 only  by  -s  and neither -i nor -d is present on the command
+                 line. This behaviour means that the output  from  tests  that
+                 are  run with and without -s should be identical, except when
+                 options that output information about the actual running of a
+                 match are set.
+
+                 The  -M,  -t,  and  -tm options, which give information about
+                 resources used, are likely to produce different  output  with
+                 and  without  -s.  Output may also differ if the /C option is
+                 present on an individual pattern. This uses callouts to trace
+                 the  the  matching process, and this may be different between
+                 studied and non-studied patterns.  If  the  pattern  contains
+                 (*MARK)  items  there  may  also be differences, for the same
+                 reason. The -s command line option can be overridden for spe-
+                 cific  patterns that should never be studied (see the /S pat-
+                 tern modifier below).
+
+       -t        Run each compile, study, and match many times with  a  timer,
+                 and  output  the resulting times per compile, study, or match
+                 (in milliseconds). Do not set -m with -t,  because  you  will
+                 then get the size output a zillion times, and the timing will
+                 be distorted. You can control the number of  iterations  that
+                 are used for timing by following -t with a number (as a sepa-
+                 rate item on the command line). For example, "-t 1000"  iter-
+                 ates 1000 times.  The default is to iterate 500000 times.
+
+       -tm       This is like -t except that it times only the matching phase,
+                 not the compile or study phases.
+
+       -T -TM    These behave like -t and -tm, but in addition, at the end  of
+                 a run, the total times for all compiles, studies, and matches
+                 are output.
+
+
+DESCRIPTION
+
+       If pcretest is given two filename arguments, it reads  from  the  first
+       and writes to the second. If it is given only one filename argument, it
+       reads from that file and writes to stdout.  Otherwise,  it  reads  from
+       stdin  and  writes to stdout, and prompts for each line of input, using
+       "re>" to prompt for regular expressions, and "data>" to prompt for data
+       lines.
+
+       When  pcretest  is  built,  a  configuration option can specify that it
+       should be linked with the libreadline library. When this  is  done,  if
+       the input is from a terminal, it is read using the readline() function.
+       This provides line-editing and history facilities. The output from  the
+       -help option states whether or not readline() will be used.
+
+       The program handles any number of sets of input on a single input file.
+       Each set starts with a regular expression, and continues with any  num-
+       ber of data lines to be matched against that pattern.
+
+       Each  data line is matched separately and independently. If you want to
+       do multi-line matches, you have to use the \n escape sequence (or \r or
+       \r\n, etc., depending on the newline setting) in a single line of input
+       to encode the newline sequences. There is no limit  on  the  length  of
+       data  lines;  the  input  buffer is automatically extended if it is too
+       small.
+
+       An empty line signals the end of the data lines, at which point  a  new
+       regular  expression is read. The regular expressions are given enclosed
+       in any non-alphanumeric delimiters other than backslash, for example:
+
+         /(a|bc)x+yz/
+
+       White space before the initial delimiter is ignored. A regular  expres-
+       sion  may be continued over several input lines, in which case the new-
+       line characters are included within it. It is possible to  include  the
+       delimiter within the pattern by escaping it, for example
+
+         /abc\/def/
+
+       If  you  do  so, the escape and the delimiter form part of the pattern,
+       but since delimiters are always non-alphanumeric, this does not  affect
+       its  interpretation.   If the terminating delimiter is immediately fol-
+       lowed by a backslash, for example,
+
+         /abc/\
+
+       then a backslash is added to the end of the pattern. This  is  done  to
+       provide  a  way of testing the error condition that arises if a pattern
+       finishes with a backslash, because
+
+         /abc\/
+
+       is interpreted as the first line of a pattern that starts with  "abc/",
+       causing pcretest to read the next line as a continuation of the regular
+       expression.
+
+
+PATTERN MODIFIERS
+
+       A pattern may be followed by any number of modifiers, which are  mostly
+       single  characters,  though  some  of these can be qualified by further
+       characters.  Following Perl usage, these are referred to below as,  for
+       example,  "the  /i  modifier", even though the delimiter of the pattern
+       need not always be a slash, and no slash is  used  when  writing  modi-
+       fiers.  White  space may appear between the final pattern delimiter and
+       the first modifier, and between the modifiers  themselves.  For  refer-
+       ence,  here  is  a  complete  list of modifiers. They fall into several
+       groups that are described in detail in the following sections.
+
+         /8              set UTF mode
+         /9              set PCRE_NEVER_UTF (locks out UTF mode)
+         /?              disable UTF validity check
+         /+              show remainder of subject after match
+         /=              show all captures (not just those that are set)
+
+         /A              set PCRE_ANCHORED
+         /B              show compiled code
+         /C              set PCRE_AUTO_CALLOUT
+         /D              same as /B plus /I
+         /E              set PCRE_DOLLAR_ENDONLY
+         /F              flip byte order in compiled pattern
+         /f              set PCRE_FIRSTLINE
+         /G              find all matches (shorten string)
+         /g              find all matches (use startoffset)
+         /I              show information about pattern
+         /i              set PCRE_CASELESS
+         /J              set PCRE_DUPNAMES
+         /K              show backtracking control names
+         /L              set locale
+         /M              show compiled memory size
+         /m              set PCRE_MULTILINE
+         /N              set PCRE_NO_AUTO_CAPTURE
+         /O              set PCRE_NO_AUTO_POSSESS
+         /P              use the POSIX wrapper
+         /Q              test external stack check function
+         /S              study the pattern after compilation
+         /s              set PCRE_DOTALL
+         /T              select character tables
+         /U              set PCRE_UNGREEDY
+         /W              set PCRE_UCP
+         /X              set PCRE_EXTRA
+         /x              set PCRE_EXTENDED
+         /Y              set PCRE_NO_START_OPTIMIZE
+         /Z              don't show lengths in /B output
+
+         /<any>          set PCRE_NEWLINE_ANY
+         /<anycrlf>      set PCRE_NEWLINE_ANYCRLF
+         /<cr>           set PCRE_NEWLINE_CR
+         /<crlf>         set PCRE_NEWLINE_CRLF
+         /<lf>           set PCRE_NEWLINE_LF
+         /<bsr_anycrlf>  set PCRE_BSR_ANYCRLF
+         /<bsr_unicode>  set PCRE_BSR_UNICODE
+         /<JS>           set PCRE_JAVASCRIPT_COMPAT
+
+
+   Perl-compatible modifiers
+
+       The /i, /m, /s, and /x modifiers set the PCRE_CASELESS, PCRE_MULTILINE,
+       PCRE_DOTALL,    or    PCRE_EXTENDED    options,    respectively,   when
+       pcre[16|32]_compile() is called. These four modifier letters  have  the
+       same effect as they do in Perl. For example:
+
+         /caseless/i
+
+
+   Modifiers for other PCRE options
+
+       The  following  table  shows additional modifiers for setting PCRE com-
+       pile-time options that do not correspond to anything in Perl:
+
+         /8              PCRE_UTF8           ) when using the 8-bit
+         /?              PCRE_NO_UTF8_CHECK  )   library
+
+         /8              PCRE_UTF16          ) when using the 16-bit
+         /?              PCRE_NO_UTF16_CHECK )   library
+
+         /8              PCRE_UTF32          ) when using the 32-bit
+         /?              PCRE_NO_UTF32_CHECK )   library
+
+         /9              PCRE_NEVER_UTF
+         /A              PCRE_ANCHORED
+         /C              PCRE_AUTO_CALLOUT
+         /E              PCRE_DOLLAR_ENDONLY
+         /f              PCRE_FIRSTLINE
+         /J              PCRE_DUPNAMES
+         /N              PCRE_NO_AUTO_CAPTURE
+         /O              PCRE_NO_AUTO_POSSESS
+         /U              PCRE_UNGREEDY
+         /W              PCRE_UCP
+         /X              PCRE_EXTRA
+         /Y              PCRE_NO_START_OPTIMIZE
+         /<any>          PCRE_NEWLINE_ANY
+         /<anycrlf>      PCRE_NEWLINE_ANYCRLF
+         /<cr>           PCRE_NEWLINE_CR
+         /<crlf>         PCRE_NEWLINE_CRLF
+         /<lf>           PCRE_NEWLINE_LF
+         /<bsr_anycrlf>  PCRE_BSR_ANYCRLF
+         /<bsr_unicode>  PCRE_BSR_UNICODE
+         /<JS>           PCRE_JAVASCRIPT_COMPAT
+
+       The modifiers that are enclosed in angle brackets are  literal  strings
+       as  shown,  including the angle brackets, but the letters within can be
+       in either case.  This example sets multiline matching with CRLF as  the
+       line ending sequence:
+
+         /^abc/m<CRLF>
+
+       As  well  as  turning  on  the  PCRE_UTF8/16/32 option, the /8 modifier
+       causes all non-printing characters in  output  strings  to  be  printed
+       using the \x{hh...} notation. Otherwise, those less than 0x100 are out-
+       put in hex without the curly brackets.
+
+       Full details of the PCRE options are given in  the  pcreapi  documenta-
+       tion.
+
+   Finding all matches in a string
+
+       Searching  for  all  possible matches within each subject string can be
+       requested by the /g or /G modifier. After  finding  a  match,  PCRE  is
+       called again to search the remainder of the subject string. The differ-
+       ence between /g and /G is that the former uses the startoffset argument
+       to  pcre[16|32]_exec()  to  start  searching  at a new point within the
+       entire string (which is in effect what Perl does), whereas  the  latter
+       passes  over  a  shortened  substring.  This  makes a difference to the
+       matching process if the pattern  begins  with  a  lookbehind  assertion
+       (including \b or \B).
+
+       If  any  call  to  pcre[16|32]_exec() in a /g or /G sequence matches an
+       empty string, the next call is done with the PCRE_NOTEMPTY_ATSTART  and
+       PCRE_ANCHORED  flags  set  in  order  to search for another, non-empty,
+       match at the same point. If this second match fails, the  start  offset
+       is  advanced,  and  the  normal match is retried. This imitates the way
+       Perl handles such cases when using the /g modifier or the split() func-
+       tion.  Normally,  the start offset is advanced by one character, but if
+       the newline convention recognizes CRLF as a newline,  and  the  current
+       character is CR followed by LF, an advance of two is used.
+
+   Other modifiers
+
+       There are yet more modifiers for controlling the way pcretest operates.
+
+       The  /+ modifier requests that as well as outputting the substring that
+       matched the entire pattern, pcretest  should  in  addition  output  the
+       remainder  of  the  subject  string. This is useful for tests where the
+       subject contains multiple copies of the same substring. If the +  modi-
+       fier  appears  twice, the same action is taken for captured substrings.
+       In each case the remainder is output on the following line with a  plus
+       character  following  the  capture number. Note that this modifier must
+       not immediately follow the /S modifier because /S+ and /S++ have  other
+       meanings.
+
+       The  /=  modifier  requests  that  the values of all potential captured
+       parentheses be output after a match. By default, only those up  to  the
+       highest one actually used in the match are output (corresponding to the
+       return code from pcre[16|32]_exec()). Values in the offsets vector cor-
+       responding  to higher numbers should be set to -1, and these are output
+       as "<unset>". This modifier gives a way of checking that this  is  hap-
+       pening.
+
+       The  /B modifier is a debugging feature. It requests that pcretest out-
+       put a representation of the compiled code after  compilation.  Normally
+       this  information  contains length and offset values; however, if /Z is
+       also present, this data is replaced by spaces. This is a  special  fea-
+       ture  for  use  in the automatic test scripts; it ensures that the same
+       output is generated for different internal link sizes.
+
+       The /D modifier is a PCRE debugging feature, and is equivalent to  /BI,
+       that is, both the /B and the /I modifiers.
+
+       The  /F  modifier  causes pcretest to flip the byte order of the 2-byte
+       and 4-byte fields in the compiled pattern. This facility is for testing
+       the  feature  in PCRE that allows it to execute patterns that were com-
+       piled on a host with a different endianness. This feature is not avail-
+       able  when the POSIX interface to PCRE is being used, that is, when the
+       /P pattern modifier is specified. See also the section about saving and
+       reloading compiled patterns below.
+
+       The  /I  modifier  requests  that pcretest output information about the
+       compiled pattern (whether it is anchored, has a fixed first  character,
+       and  so  on). It does this by calling pcre[16|32]_fullinfo() after com-
+       piling a pattern. If the pattern is studied, the results  of  that  are
+       also output. In this output, the word "char" means a non-UTF character,
+       that is, the value of a single data item  (8-bit,  16-bit,  or  32-bit,
+       depending on the library that is being tested).
+
+       The  /K modifier requests pcretest to show names from backtracking con-
+       trol verbs that are  returned  from  calls  to  pcre[16|32]_exec().  It
+       causes  pcretest  to  create  a  pcre[16|32]_extra block if one has not
+       already been created by a call to pcre[16|32]_study(), and to  set  the
+       PCRE_EXTRA_MARK  flag  and  the  mark  field within it, every time that
+       pcre[16|32]_exec() is called. If  the  variable  that  the  mark  field
+       points  to  is  non-NULL  for  a  match,  non-match,  or partial match,
+       pcretest prints the string to which it points. For  a  match,  this  is
+       shown  on  a  line  by itself, tagged with "MK:". For a non-match it is
+       added to the message.
+
+       The /L modifier must be followed directly by the name of a locale,  for
+       example,
+
+         /pattern/Lfr_FR
+
+       For this reason, it must be the last modifier. The given locale is set,
+       pcre[16|32]_maketables() is called to build a set of  character  tables
+       for  the  locale, and this is then passed to pcre[16|32]_compile() when
+       compiling the regular expression. Without an /L (or /T) modifier,  NULL
+       is  passed  as  the  tables  pointer;  that  is, /L applies only to the
+       expression on which it appears.
+
+       The /M modifier causes the size in bytes of the memory  block  used  to
+       hold  the compiled pattern to be output. This does not include the size
+       of the pcre[16|32] block; it is just the actual compiled data.  If  the
+       pattern is successfully studied with the PCRE_STUDY_JIT_COMPILE option,
+       the size of the JIT compiled code is also output.
+
+       The /Q modifier is used to test the use of pcre_stack_guard. It must be
+       followed  by '0' or '1', specifying the return code to be given from an
+       external function that is passed to PCRE and used  for  stack  checking
+       during compilation (see the pcreapi documentation for details).
+
+       The  /S  modifier  causes  pcre[16|32]_study()  to  be called after the
+       expression has been compiled, and the results used when the  expression
+       is matched. There are a number of qualifying characters that may follow
+       /S.  They may appear in any order.
+
+       If /S is followed by an exclamation mark, pcre[16|32]_study() is called
+       with  the PCRE_STUDY_EXTRA_NEEDED option, causing it always to return a
+       pcre_extra block, even when studying discovers no useful information.
+
+       If /S is followed by a second S character, it suppresses studying, even
+       if  it  was  requested  externally  by the -s command line option. This
+       makes it possible to specify that certain patterns are always  studied,
+       and others are never studied, independently of -s. This feature is used
+       in the test files in a few cases where the output is different when the
+       pattern is studied.
+
+       If  the  /S  modifier  is  followed  by  a  +  character,  the  call to
+       pcre[16|32]_study() is made with all the JIT study options,  requesting
+       just-in-time  optimization  support if it is available, for both normal
+       and partial matching. If you want to restrict the JIT compiling  modes,
+       you can follow /S+ with a digit in the range 1 to 7:
+
+         1  normal match only
+         2  soft partial match only
+         3  normal match and soft partial match
+         4  hard partial match only
+         6  soft and hard partial match
+         7  all three modes (default)
+
+       If /S++ is used instead of /S+ (with or without a following digit), the
+       text "(JIT)" is added to the first output line  after  a  match  or  no
+       match when JIT-compiled code was actually used.
+
+       Note  that  there  is  also  an independent /+ modifier; it must not be
+       given immediately after /S or /S+ because this will be misinterpreted.
+
+       If JIT studying is successful, the compiled JIT code will automatically
+       be  used  when pcre[16|32]_exec() is run, except when incompatible run-
+       time options are specified. For more details, see the pcrejit  documen-
+       tation.  See also the \J escape sequence below for a way of setting the
+       size of the JIT stack.
+
+       Finally, if /S is followed by a minus  character,  JIT  compilation  is
+       suppressed,  even if it was requested externally by the -s command line
+       option. This makes it possible to specify that JIT is never to be  used
+       for certain patterns.
+
+       The  /T  modifier  must be followed by a single digit. It causes a spe-
+       cific set of built-in character tables to be passed to pcre[16|32]_com-
+       pile().  It  is used in the standard PCRE tests to check behaviour with
+       different character tables. The digit specifies the tables as follows:
+
+         0   the default ASCII tables, as distributed in
+               pcre_chartables.c.dist
+         1   a set of tables defining ISO 8859 characters
+
+       In table 1, some characters whose codes are greater than 128 are  iden-
+       tified as letters, digits, spaces, etc.
+
+   Using the POSIX wrapper API
+
+       The  /P modifier causes pcretest to call PCRE via the POSIX wrapper API
+       rather than its native API. This supports only the 8-bit library.  When
+       /P  is set, the following modifiers set options for the regcomp() func-
+       tion:
+
+         /i    REG_ICASE
+         /m    REG_NEWLINE
+         /N    REG_NOSUB
+         /s    REG_DOTALL     )
+         /U    REG_UNGREEDY   ) These options are not part of
+         /W    REG_UCP        )   the POSIX standard
+         /8    REG_UTF8       )
+
+       The /+ modifier works as  described  above.  All  other  modifiers  are
+       ignored.
+
+   Locking out certain modifiers
+
+       PCRE  can be compiled with or without support for certain features such
+       as UTF-8/16/32 or Unicode properties. Accordingly, the  standard  tests
+       are  split  up  into  a number of different files that are selected for
+       running depending on which features are available.  When  updating  the
+       tests, it is all too easy to put a new test into the wrong file by mis-
+       take; for example, to put a test that requires UTF support into a  file
+       that  is used when it is not available. To help detect such mistakes as
+       early as possible, there is a facility for locking out  specific  modi-
+       fiers. If an input line for pcretest starts with the string "< forbid "
+       the following sequence of characters is taken as a  list  of  forbidden
+       modifiers. For example, in the test files that must not use UTF or Uni-
+       code property support, this line appears:
+
+         < forbid 8W
+
+       This locks out the /8 and /W modifiers. An immediate error is given  if
+       they  are  subsequently encountered. If the character string contains <
+       but not >, all the multi-character modifiers  that  begin  with  <  are
+       locked  out.  Otherwise,  such modifiers must be explicitly listed, for
+       example:
+
+         < forbid <JS><cr>
+
+       There must be a single space between < and "forbid" for this feature to
+       be  recognised.  If  there  is not, the line is interpreted either as a
+       request to re-load a pre-compiled pattern (see  "SAVING  AND  RELOADING
+       COMPILED  PATTERNS"  below) or, if there is a another < character, as a
+       pattern that uses < as its delimiter.
+
+
+DATA LINES
+
+       Before each data line is  passed  to  pcre[16|32]_exec(),  leading  and
+       trailing  white space is removed, and it is then scanned for \ escapes.
+       Some of these are pretty esoteric features, intended for  checking  out
+       some  of the more complicated features of PCRE. If you are just testing
+       "ordinary" regular expressions, you probably don't need any  of  these.
+       The following escapes are recognized:
+
+         \a         alarm (BEL, \x07)
+         \b         backspace (\x08)
+         \e         escape (\x27)
+         \f         form feed (\x0c)
+         \n         newline (\x0a)
+         \qdd       set the PCRE_MATCH_LIMIT limit to dd
+                      (any number of digits)
+         \r         carriage return (\x0d)
+         \t         tab (\x09)
+         \v         vertical tab (\x0b)
+         \nnn       octal character (up to 3 octal digits); always
+                      a byte unless > 255 in UTF-8 or 16-bit or 32-bit mode
+         \o{dd...}  octal character (any number of octal digits}
+         \xhh       hexadecimal byte (up to 2 hex digits)
+         \x{hh...}  hexadecimal character (any number of hex digits)
+         \A         pass the PCRE_ANCHORED option to pcre[16|32]_exec()
+                      or pcre[16|32]_dfa_exec()
+         \B         pass the PCRE_NOTBOL option to pcre[16|32]_exec()
+                      or pcre[16|32]_dfa_exec()
+         \Cdd       call pcre[16|32]_copy_substring() for substring dd
+                      after a successful match (number less than 32)
+         \Cname     call pcre[16|32]_copy_named_substring() for substring
+                      "name" after a successful match (name termin-
+                      ated by next non alphanumeric character)
+         \C+        show the current captured substrings at callout
+                      time
+         \C-        do not supply a callout function
+         \C!n       return 1 instead of 0 when callout number n is
+                      reached
+         \C!n!m     return 1 instead of 0 when callout number n is
+                      reached for the nth time
+         \C*n       pass the number n (may be negative) as callout
+                      data; this is used as the callout return value
+         \D         use the pcre[16|32]_dfa_exec() match function
+         \F         only shortest match for pcre[16|32]_dfa_exec()
+         \Gdd       call pcre[16|32]_get_substring() for substring dd
+                      after a successful match (number less than 32)
+         \Gname     call pcre[16|32]_get_named_substring() for substring
+                      "name" after a successful match (name termin-
+                      ated by next non-alphanumeric character)
+         \Jdd       set up a JIT stack of dd kilobytes maximum (any
+                      number of digits)
+         \L         call pcre[16|32]_get_substringlist() after a
+                      successful match
+         \M         discover the minimum MATCH_LIMIT and
+                      MATCH_LIMIT_RECURSION settings
+         \N         pass the PCRE_NOTEMPTY option to pcre[16|32]_exec()
+                      or pcre[16|32]_dfa_exec(); if used twice, pass the
+                      PCRE_NOTEMPTY_ATSTART option
+         \Odd       set the size of the output vector passed to
+                      pcre[16|32]_exec() to dd (any number of digits)
+         \P         pass the PCRE_PARTIAL_SOFT option to pcre[16|32]_exec()
+                      or pcre[16|32]_dfa_exec(); if used twice, pass the
+                      PCRE_PARTIAL_HARD option
+         \Qdd       set the PCRE_MATCH_LIMIT_RECURSION limit to dd
+                      (any number of digits)
+         \R         pass the PCRE_DFA_RESTART option to pcre[16|32]_dfa_exec()
+         \S         output details of memory get/free calls during matching
+         \Y             pass     the    PCRE_NO_START_OPTIMIZE    option    to
+       pcre[16|32]_exec()
+                      or pcre[16|32]_dfa_exec()
+         \Z         pass the PCRE_NOTEOL option to pcre[16|32]_exec()
+                      or pcre[16|32]_dfa_exec()
+         \?         pass the PCRE_NO_UTF[8|16|32]_CHECK option to
+                      pcre[16|32]_exec() or pcre[16|32]_dfa_exec()
+         \>dd       start the match at offset dd (optional "-"; then
+                      any number of digits); this sets the startoffset
+                      argument        for        pcre[16|32]_exec()         or
+       pcre[16|32]_dfa_exec()
+         \<cr>      pass the PCRE_NEWLINE_CR option to pcre[16|32]_exec()
+                      or pcre[16|32]_dfa_exec()
+         \<lf>      pass the PCRE_NEWLINE_LF option to pcre[16|32]_exec()
+                      or pcre[16|32]_dfa_exec()
+         \<crlf>    pass the PCRE_NEWLINE_CRLF option to pcre[16|32]_exec()
+                      or pcre[16|32]_dfa_exec()
+         \<anycrlf> pass the PCRE_NEWLINE_ANYCRLF option to pcre[16|32]_exec()
+                      or pcre[16|32]_dfa_exec()
+         \<any>     pass the PCRE_NEWLINE_ANY option to pcre[16|32]_exec()
+                      or pcre[16|32]_dfa_exec()
+
+       The  use of \x{hh...} is not dependent on the use of the /8 modifier on
+       the pattern. It is recognized always. There may be any number of  hexa-
+       decimal  digits  inside  the  braces; invalid values provoke error mes-
+       sages.
+
+       Note that \xhh specifies one byte rather than one  character  in  UTF-8
+       mode;  this  makes it possible to construct invalid UTF-8 sequences for
+       testing purposes. On the other hand, \x{hh} is interpreted as  a  UTF-8
+       character  in UTF-8 mode, generating more than one byte if the value is
+       greater than 127.  When testing the 8-bit library not  in  UTF-8  mode,
+       \x{hh} generates one byte for values less than 256, and causes an error
+       for greater values.
+
+       In UTF-16 mode, all 4-digit \x{hhhh} values are accepted. This makes it
+       possible to construct invalid UTF-16 sequences for testing purposes.
+
+       In  UTF-32  mode,  all  4- to 8-digit \x{...} values are accepted. This
+       makes it possible to construct invalid  UTF-32  sequences  for  testing
+       purposes.
+
+       The  escapes  that  specify  line ending sequences are literal strings,
+       exactly as shown. No more than one newline setting should be present in
+       any data line.
+
+       A  backslash  followed by anything else just escapes the anything else.
+       If the very last character is a backslash, it is ignored. This gives  a
+       way  of  passing  an empty line as data, since a real empty line termi-
+       nates the data input.
+
+       The \J escape provides a way of setting the maximum stack size that  is
+       used  by the just-in-time optimization code. It is ignored if JIT opti-
+       mization is not being used. Providing a stack that is larger  than  the
+       default 32K is necessary only for very complicated patterns.
+
+       If \M is present, pcretest calls pcre[16|32]_exec() several times, with
+       different values in the match_limit and match_limit_recursion fields of
+       the  pcre[16|32]_extra  data structure, until it finds the minimum num-
+       bers for each parameter that allow pcre[16|32]_exec() to complete with-
+       out  error.  Because  this  is testing a specific feature of the normal
+       interpretive pcre[16|32]_exec() execution, the use of any JIT optimiza-
+       tion  that might have been set up by the /S+ qualifier of -s+ option is
+       disabled.
+
+       The match_limit number is a measure of the amount of backtracking  that
+       takes  place,  and  checking it out can be instructive. For most simple
+       matches, the number is quite small, but for patterns  with  very  large
+       numbers  of  matching  possibilities,  it can become large very quickly
+       with increasing length of  subject  string.  The  match_limit_recursion
+       number  is  a  measure  of how much stack (or, if PCRE is compiled with
+       NO_RECURSE, how much heap) memory  is  needed  to  complete  the  match
+       attempt.
+
+       When  \O  is  used, the value specified may be higher or lower than the
+       size set by the -O command line option (or defaulted to 45); \O applies
+       only  to  the  call  of  pcre[16|32]_exec()  for  the  line in which it
+       appears.
+
+       If the /P modifier was present on the pattern, causing the POSIX  wrap-
+       per  API  to  be  used, the only option-setting sequences that have any
+       effect are \B,  \N,  and  \Z,  causing  REG_NOTBOL,  REG_NOTEMPTY,  and
+       REG_NOTEOL, respectively, to be passed to regexec().
+
+
+THE ALTERNATIVE MATCHING FUNCTION
+
+       By   default,  pcretest  uses  the  standard  PCRE  matching  function,
+       pcre[16|32]_exec() to match each  data  line.  PCRE  also  supports  an
+       alternative  matching  function, pcre[16|32]_dfa_test(), which operates
+       in a different way, and has some restrictions. The differences  between
+       the two functions are described in the pcrematching documentation.
+
+       If  a data line contains the \D escape sequence, or if the command line
+       contains the -dfa option, the alternative matching  function  is  used.
+       This function finds all possible matches at a given point. If, however,
+       the \F escape sequence is present in the data line, it stops after  the
+       first match is found. This is always the shortest possible match.
+
+
+DEFAULT OUTPUT FROM PCRETEST
+
+       This  section  describes  the output when the normal matching function,
+       pcre[16|32]_exec(), is being used.
+
+       When a match succeeds, pcretest outputs the list of captured substrings
+       that  pcre[16|32]_exec() returns, starting with number 0 for the string
+       that matched the whole pattern. Otherwise, it outputs "No  match"  when
+       the  return is PCRE_ERROR_NOMATCH, and "Partial match:" followed by the
+       partially   matching   substring   when   pcre[16|32]_exec()    returns
+       PCRE_ERROR_PARTIAL.  (Note  that  this is the entire substring that was
+       inspected during the partial match; it may  include  characters  before
+       the  actual  match  start  if a lookbehind assertion, \K, \b, or \B was
+       involved.) For any other return, pcretest  outputs  the  PCRE  negative
+       error  number  and a short descriptive phrase. If the error is a failed
+       UTF string check, the offset of the start of the failing character  and
+       the  reason  code are also output, provided that the size of the output
+       vector is at least two. Here is an example of an  interactive  pcretest
+       run.
+
+         $ pcretest
+         PCRE version 8.13 2011-04-30
+
+           re> /^abc(\d+)/
+         data> abc123
+          0: abc123
+          1: 123
+         data> xyz
+         No match
+
+       Unset capturing substrings that are not followed by one that is set are
+       not returned by pcre[16|32]_exec(), and are not shown by  pcretest.  In
+       the following example, there are two capturing substrings, but when the
+       first data line is matched, the second, unset substring is  not  shown.
+       An  "internal" unset substring is shown as "<unset>", as for the second
+       data line.
+
+           re> /(a)|(b)/
+         data> a
+          0: a
+          1: a
+         data> b
+          0: b
+          1: <unset>
+          2: b
+
+       If the strings contain any non-printing characters, they are output  as
+       \xhh  escapes  if  the  value is less than 256 and UTF mode is not set.
+       Otherwise they are output as \x{hh...} escapes. See below for the defi-
+       nition  of non-printing characters. If the pattern has the /+ modifier,
+       the output for substring 0 is followed by the the rest of  the  subject
+       string, identified by "0+" like this:
+
+           re> /cat/+
+         data> cataract
+          0: cat
+          0+ aract
+
+       If  the  pattern  has  the /g or /G modifier, the results of successive
+       matching attempts are output in sequence, like this:
+
+           re> /\Bi(\w\w)/g
+         data> Mississippi
+          0: iss
+          1: ss
+          0: iss
+          1: ss
+          0: ipp
+          1: pp
+
+       "No match" is output only if the first match attempt fails. Here is  an
+       example  of a failure message (the offset 4 that is specified by \>4 is
+       past the end of the subject string):
+
+           re> /xyz/
+         data> xyz\>4
+         Error -24 (bad offset value)
+
+       If any of the sequences \C, \G, or \L are present in a data  line  that
+       is  successfully  matched,  the substrings extracted by the convenience
+       functions are output with C, G, or L after the string number instead of
+       a colon. This is in addition to the normal full list. The string length
+       (that is, the return from the extraction function) is given  in  paren-
+       theses after each string for \C and \G.
+
+       Note that whereas patterns can be continued over several lines (a plain
+       ">" prompt is used for continuations), data lines may not. However new-
+       lines  can  be included in data by means of the \n escape (or \r, \r\n,
+       etc., depending on the newline sequence setting).
+
+
+OUTPUT FROM THE ALTERNATIVE MATCHING FUNCTION
+
+       When the alternative matching function, pcre[16|32]_dfa_exec(), is used
+       (by  means  of the \D escape sequence or the -dfa command line option),
+       the output consists of a list of all the  matches  that  start  at  the
+       first point in the subject where there is at least one match. For exam-
+       ple:
+
+           re> /(tang|tangerine|tan)/
+         data> yellow tangerine\D
+          0: tangerine
+          1: tang
+          2: tan
+
+       (Using the normal matching function on this data  finds  only  "tang".)
+       The  longest matching string is always given first (and numbered zero).
+       After a PCRE_ERROR_PARTIAL return, the output is "Partial match:", fol-
+       lowed  by  the  partially  matching  substring.  (Note that this is the
+       entire substring that was inspected during the partial  match;  it  may
+       include characters before the actual match start if a lookbehind asser-
+       tion, \K, \b, or \B was involved.)
+
+       If /g is present on the pattern, the search for further matches resumes
+       at the end of the longest match. For example:
+
+           re> /(tang|tangerine|tan)/g
+         data> yellow tangerine and tangy sultana\D
+          0: tangerine
+          1: tang
+          2: tan
+          0: tang
+          1: tan
+          0: tan
+
+       Since  the  matching  function  does not support substring capture, the
+       escape sequences that are concerned with captured  substrings  are  not
+       relevant.
+
+
+RESTARTING AFTER A PARTIAL MATCH
+
+       When the alternative matching function has given the PCRE_ERROR_PARTIAL
+       return, indicating that the subject partially matched the pattern,  you
+       can  restart  the match with additional subject data by means of the \R
+       escape sequence. For example:
+
+           re> /^\d?\d(jan|feb|mar|apr|may|jun|jul|aug|sep|oct|nov|dec)\d\d$/
+         data> 23ja\P\D
+         Partial match: 23ja
+         data> n05\R\D
+          0: n05
+
+       For further information about partial  matching,  see  the  pcrepartial
+       documentation.
+
+
+CALLOUTS
+
+       If  the pattern contains any callout requests, pcretest's callout func-
+       tion is called during matching. This works  with  both  matching  func-
+       tions. By default, the called function displays the callout number, the
+       start and current positions in the text at the callout  time,  and  the
+       next pattern item to be tested. For example:
+
+         --->pqrabcdef
+           0    ^  ^     \d
+
+       This  output  indicates  that  callout  number  0  occurred for a match
+       attempt starting at the fourth character of the  subject  string,  when
+       the pointer was at the seventh character of the data, and when the next
+       pattern item was \d. Just one circumflex is output  if  the  start  and
+       current positions are the same.
+
+       Callouts numbered 255 are assumed to be automatic callouts, inserted as
+       a result of the /C pattern modifier. In this case, instead  of  showing
+       the  callout  number, the offset in the pattern, preceded by a plus, is
+       output. For example:
+
+           re> /\d?[A-E]\*/C
+         data> E*
+         --->E*
+          +0 ^      \d?
+          +3 ^      [A-E]
+          +8 ^^     \*
+         +10 ^ ^
+          0: E*
+
+       If a pattern contains (*MARK) items, an additional line is output when-
+       ever  a  change  of  latest mark is passed to the callout function. For
+       example:
+
+           re> /a(*MARK:X)bc/C
+         data> abc
+         --->abc
+          +0 ^       a
+          +1 ^^      (*MARK:X)
+         +10 ^^      b
+         Latest Mark: X
+         +11 ^ ^     c
+         +12 ^  ^
+          0: abc
+
+       The mark changes between matching "a" and "b", but stays the  same  for
+       the  rest  of  the match, so nothing more is output. If, as a result of
+       backtracking, the mark reverts to being unset, the  text  "<unset>"  is
+       output.
+
+       The  callout  function  in pcretest returns zero (carry on matching) by
+       default, but you can use a \C item in a data line (as described  above)
+       to change this and other parameters of the callout.
+
+       Inserting  callouts can be helpful when using pcretest to check compli-
+       cated regular expressions. For further information about callouts,  see
+       the pcrecallout documentation.
+
+
+NON-PRINTING CHARACTERS
+
+       When  pcretest is outputting text in the compiled version of a pattern,
+       bytes other than 32-126 are always treated as  non-printing  characters
+       are are therefore shown as hex escapes.
+
+       When  pcretest  is  outputting text that is a matched part of a subject
+       string, it behaves in the same way, unless a different locale has  been
+       set  for  the  pattern  (using  the  /L  modifier).  In  this case, the
+       isprint() function to distinguish printing and non-printing characters.
+
+
+SAVING AND RELOADING COMPILED PATTERNS
+
+       The facilities described in this section are  not  available  when  the
+       POSIX  interface  to  PCRE  is being used, that is, when the /P pattern
+       modifier is specified.
+
+       When the POSIX interface is not in use, you can cause pcretest to write
+       a  compiled  pattern to a file, by following the modifiers with > and a
+       file name.  For example:
+
+         /pattern/im >/some/file
+
+       See the pcreprecompile documentation for a discussion about saving  and
+       re-using  compiled patterns.  Note that if the pattern was successfully
+       studied with JIT optimization, the JIT data cannot be saved.
+
+       The data that is written is binary.  The  first  eight  bytes  are  the
+       length  of  the  compiled  pattern  data  followed by the length of the
+       optional study data, each written as four  bytes  in  big-endian  order
+       (most  significant  byte  first). If there is no study data (either the
+       pattern was not studied, or studying did not return any data), the sec-
+       ond  length  is  zero. The lengths are followed by an exact copy of the
+       compiled pattern. If there is additional study  data,  this  (excluding
+       any  JIT  data)  follows  immediately after the compiled pattern. After
+       writing the file, pcretest expects to read a new pattern.
+
+       A saved pattern can be reloaded into pcretest by  specifying  <  and  a
+       file  name  instead  of a pattern. There must be no space between < and
+       the file name, which must not  contain  a  <  character,  as  otherwise
+       pcretest  will  interpret  the line as a pattern delimited by < charac-
+       ters. For example:
+
+          re> </some/file
+         Compiled pattern loaded from /some/file
+         No study data
+
+       If the pattern was previously studied with the  JIT  optimization,  the
+       JIT  information cannot be saved and restored, and so is lost. When the
+       pattern has been loaded, pcretest proceeds to read data  lines  in  the
+       usual way.
+
+       You  can copy a file written by pcretest to a different host and reload
+       it there, even if the new host has opposite endianness to  the  one  on
+       which  the pattern was compiled. For example, you can compile on an i86
+       machine and run on a SPARC machine. When a pattern  is  reloaded  on  a
+       host with different endianness, the confirmation message is changed to:
+
+         Compiled pattern (byte-inverted) loaded from /some/file
+
+       The test suite contains some saved pre-compiled patterns with different
+       endianness. These are reloaded using "<!" instead  of  just  "<".  This
+       suppresses the "(byte-inverted)" text so that the output is the same on
+       all hosts. It also forces debugging output once the  pattern  has  been
+       reloaded.
+
+       File  names  for  saving and reloading can be absolute or relative, but
+       note that the shell facility of expanding a file name that starts  with
+       a tilde (~) is not available.
+
+       The  ability to save and reload files in pcretest is intended for test-
+       ing and experimentation. It is not intended for production use  because
+       only  a  single pattern can be written to a file. Furthermore, there is
+       no facility for supplying  custom  character  tables  for  use  with  a
+       reloaded  pattern.  If  the  original  pattern was compiled with custom
+       tables, an attempt to match a subject string using a  reloaded  pattern
+       is  likely to cause pcretest to crash.  Finally, if you attempt to load
+       a file that is not in the correct format, the result is undefined.
+
+
+SEE ALSO
+
+       pcre(3), pcre16(3),  pcre32(3),  pcreapi(3),  pcrecallout(3),  pcrejit,
+       pcrematching(3), pcrepartial(d), pcrepattern(3), pcreprecompile(3).
+
+
+AUTHOR
+
+       Philip Hazel
+       University Computing Service
+       Cambridge CB2 3QH, England.
+
+
+REVISION
+
+       Last updated: 23 February 2017
+       Copyright (c) 1997-2017 University of Cambridge.
diff --git a/client/3rd/ShadowSocks/ShadowSocks/pcre/arm64/share/man/man1/pcre-config.1 b/client/3rd/ShadowSocks/ShadowSocks/pcre/arm64/share/man/man1/pcre-config.1
new file mode 100644
index 00000000..52eb4fb2
--- /dev/null
+++ b/client/3rd/ShadowSocks/ShadowSocks/pcre/arm64/share/man/man1/pcre-config.1
@@ -0,0 +1,92 @@
+.TH PCRE-CONFIG 1 "01 January 2012" "PCRE 8.30"
+.SH NAME
+pcre-config - program to return PCRE configuration
+.SH SYNOPSIS
+.rs
+.sp
+.nf
+.B pcre-config  [--prefix] [--exec-prefix] [--version] [--libs]
+.B "            [--libs16] [--libs32] [--libs-cpp] [--libs-posix]"
+.B "            [--cflags] [--cflags-posix]"
+.fi
+.
+.
+.SH DESCRIPTION
+.rs
+.sp
+\fBpcre-config\fP returns the configuration of the installed PCRE
+libraries and the options required to compile a program to use them. Some of
+the options apply only to the 8-bit, or 16-bit, or 32-bit libraries,
+respectively, and are
+not available if only one of those libraries has been built. If an unavailable
+option is encountered, the "usage" information is output.
+.
+.
+.SH OPTIONS
+.rs
+.TP 10
+\fB--prefix\fP
+Writes the directory prefix used in the PCRE installation for architecture
+independent files (\fI/usr\fP on many systems, \fI/usr/local\fP on some
+systems) to the standard output.
+.TP 10
+\fB--exec-prefix\fP
+Writes the directory prefix used in the PCRE installation for architecture
+dependent files (normally the same as \fB--prefix\fP) to the standard output.
+.TP 10
+\fB--version\fP
+Writes the version number of the installed PCRE libraries to the standard
+output.
+.TP 10
+\fB--libs\fP
+Writes to the standard output the command line options required to link
+with the 8-bit PCRE library (\fB-lpcre\fP on many systems).
+.TP 10
+\fB--libs16\fP
+Writes to the standard output the command line options required to link
+with the 16-bit PCRE library (\fB-lpcre16\fP on many systems).
+.TP 10
+\fB--libs32\fP
+Writes to the standard output the command line options required to link
+with the 32-bit PCRE library (\fB-lpcre32\fP on many systems).
+.TP 10
+\fB--libs-cpp\fP
+Writes to the standard output the command line options required to link with
+PCRE's C++ wrapper library (\fB-lpcrecpp\fP \fB-lpcre\fP on many
+systems).
+.TP 10
+\fB--libs-posix\fP
+Writes to the standard output the command line options required to link with
+PCRE's POSIX API wrapper library (\fB-lpcreposix\fP \fB-lpcre\fP on many
+systems).
+.TP 10
+\fB--cflags\fP
+Writes to the standard output the command line options required to compile
+files that use PCRE (this may include some \fB-I\fP options, but is blank on
+many systems).
+.TP 10
+\fB--cflags-posix\fP
+Writes to the standard output the command line options required to compile
+files that use PCRE's POSIX API wrapper library (this may include some \fB-I\fP
+options, but is blank on many systems).
+.
+.
+.SH "SEE ALSO"
+.rs
+.sp
+\fBpcre(3)\fP
+.
+.
+.SH AUTHOR
+.rs
+.sp
+This manual page was originally written by Mark Baker for the Debian GNU/Linux
+system. It has been subsequently revised as a generic PCRE man page.
+.
+.
+.SH REVISION
+.rs
+.sp
+.nf
+Last updated: 24 June 2012
+.fi
diff --git a/client/3rd/ShadowSocks/ShadowSocks/pcre/arm64/share/man/man1/pcregrep.1 b/client/3rd/ShadowSocks/ShadowSocks/pcre/arm64/share/man/man1/pcregrep.1
new file mode 100644
index 00000000..98866754
--- /dev/null
+++ b/client/3rd/ShadowSocks/ShadowSocks/pcre/arm64/share/man/man1/pcregrep.1
@@ -0,0 +1,683 @@
+.TH PCREGREP 1 "03 April 2014" "PCRE 8.35"
+.SH NAME
+pcregrep - a grep with Perl-compatible regular expressions.
+.SH SYNOPSIS
+.B pcregrep [options] [long options] [pattern] [path1 path2 ...]
+.
+.SH DESCRIPTION
+.rs
+.sp
+\fBpcregrep\fP searches files for character patterns, in the same way as other
+grep commands do, but it uses the PCRE regular expression library to support
+patterns that are compatible with the regular expressions of Perl 5. See
+.\" HREF
+\fBpcresyntax\fP(3)
+.\"
+for a quick-reference summary of pattern syntax, or
+.\" HREF
+\fBpcrepattern\fP(3)
+.\"
+for a full description of the syntax and semantics of the regular expressions
+that PCRE supports.
+.P
+Patterns, whether supplied on the command line or in a separate file, are given
+without delimiters. For example:
+.sp
+  pcregrep Thursday /etc/motd
+.sp
+If you attempt to use delimiters (for example, by surrounding a pattern with
+slashes, as is common in Perl scripts), they are interpreted as part of the
+pattern. Quotes can of course be used to delimit patterns on the command line
+because they are interpreted by the shell, and indeed quotes are required if a
+pattern contains white space or shell metacharacters.
+.P
+The first argument that follows any option settings is treated as the single
+pattern to be matched when neither \fB-e\fP nor \fB-f\fP is present.
+Conversely, when one or both of these options are used to specify patterns, all
+arguments are treated as path names. At least one of \fB-e\fP, \fB-f\fP, or an
+argument pattern must be provided.
+.P
+If no files are specified, \fBpcregrep\fP reads the standard input. The
+standard input can also be referenced by a name consisting of a single hyphen.
+For example:
+.sp
+  pcregrep some-pattern /file1 - /file3
+.sp
+By default, each line that matches a pattern is copied to the standard
+output, and if there is more than one file, the file name is output at the
+start of each line, followed by a colon. However, there are options that can
+change how \fBpcregrep\fP behaves. In particular, the \fB-M\fP option makes it
+possible to search for patterns that span line boundaries. What defines a line
+boundary is controlled by the \fB-N\fP (\fB--newline\fP) option.
+.P
+The amount of memory used for buffering files that are being scanned is
+controlled by a parameter that can be set by the \fB--buffer-size\fP option.
+The default value for this parameter is specified when \fBpcregrep\fP is built,
+with the default default being 20K. A block of memory three times this size is
+used (to allow for buffering "before" and "after" lines). An error occurs if a
+line overflows the buffer.
+.P
+Patterns can be no longer than 8K or BUFSIZ bytes, whichever is the greater.
+BUFSIZ is defined in \fB<stdio.h>\fP. When there is more than one pattern
+(specified by the use of \fB-e\fP and/or \fB-f\fP), each pattern is applied to
+each line in the order in which they are defined, except that all the \fB-e\fP
+patterns are tried before the \fB-f\fP patterns.
+.P
+By default, as soon as one pattern matches a line, no further patterns are
+considered. However, if \fB--colour\fP (or \fB--color\fP) is used to colour the
+matching substrings, or if \fB--only-matching\fP, \fB--file-offsets\fP, or
+\fB--line-offsets\fP is used to output only the part of the line that matched
+(either shown literally, or as an offset), scanning resumes immediately
+following the match, so that further matches on the same line can be found. If
+there are multiple patterns, they are all tried on the remainder of the line,
+but patterns that follow the one that matched are not tried on the earlier part
+of the line.
+.P
+This behaviour means that the order in which multiple patterns are specified
+can affect the output when one of the above options is used. This is no longer
+the same behaviour as GNU grep, which now manages to display earlier matches
+for later patterns (as long as there is no overlap).
+.P
+Patterns that can match an empty string are accepted, but empty string
+matches are never recognized. An example is the pattern "(super)?(man)?", in
+which all components are optional. This pattern finds all occurrences of both
+"super" and "man"; the output differs from matching with "super|man" when only
+the matching substrings are being shown.
+.P
+If the \fBLC_ALL\fP or \fBLC_CTYPE\fP environment variable is set,
+\fBpcregrep\fP uses the value to set a locale when calling the PCRE library.
+The \fB--locale\fP option can be used to override this.
+.
+.
+.SH "SUPPORT FOR COMPRESSED FILES"
+.rs
+.sp
+It is possible to compile \fBpcregrep\fP so that it uses \fBlibz\fP or
+\fBlibbz2\fP to read files whose names end in \fB.gz\fP or \fB.bz2\fP,
+respectively. You can find out whether your binary has support for one or both
+of these file types by running it with the \fB--help\fP option. If the
+appropriate support is not present, files are treated as plain text. The
+standard input is always so treated.
+.
+.
+.SH "BINARY FILES"
+.rs
+.sp
+By default, a file that contains a binary zero byte within the first 1024 bytes
+is identified as a binary file, and is processed specially. (GNU grep also
+identifies binary files in this manner.) See the \fB--binary-files\fP option
+for a means of changing the way binary files are handled.
+.
+.
+.SH OPTIONS
+.rs
+.sp
+The order in which some of the options appear can affect the output. For
+example, both the \fB-h\fP and \fB-l\fP options affect the printing of file
+names. Whichever comes later in the command line will be the one that takes
+effect. Similarly, except where noted below, if an option is given twice, the
+later setting is used. Numerical values for options may be followed by K or M,
+to signify multiplication by 1024 or 1024*1024 respectively.
+.TP 10
+\fB--\fP
+This terminates the list of options. It is useful if the next item on the
+command line starts with a hyphen but is not an option. This allows for the
+processing of patterns and filenames that start with hyphens.
+.TP
+\fB-A\fP \fInumber\fP, \fB--after-context=\fP\fInumber\fP
+Output \fInumber\fP lines of context after each matching line. If filenames
+and/or line numbers are being output, a hyphen separator is used instead of a
+colon for the context lines. A line containing "--" is output between each
+group of lines, unless they are in fact contiguous in the input file. The value
+of \fInumber\fP is expected to be relatively small. However, \fBpcregrep\fP
+guarantees to have up to 8K of following text available for context output.
+.TP
+\fB-a\fP, \fB--text\fP
+Treat binary files as text. This is equivalent to
+\fB--binary-files\fP=\fItext\fP.
+.TP
+\fB-B\fP \fInumber\fP, \fB--before-context=\fP\fInumber\fP
+Output \fInumber\fP lines of context before each matching line. If filenames
+and/or line numbers are being output, a hyphen separator is used instead of a
+colon for the context lines. A line containing "--" is output between each
+group of lines, unless they are in fact contiguous in the input file. The value
+of \fInumber\fP is expected to be relatively small. However, \fBpcregrep\fP
+guarantees to have up to 8K of preceding text available for context output.
+.TP
+\fB--binary-files=\fP\fIword\fP
+Specify how binary files are to be processed. If the word is "binary" (the
+default), pattern matching is performed on binary files, but the only output is
+"Binary file <name> matches" when a match succeeds. If the word is "text",
+which is equivalent to the \fB-a\fP or \fB--text\fP option, binary files are
+processed in the same way as any other file. In this case, when a match
+succeeds, the output may be binary garbage, which can have nasty effects if
+sent to a terminal. If the word is "without-match", which is equivalent to the
+\fB-I\fP option, binary files are not processed at all; they are assumed not to
+be of interest.
+.TP
+\fB--buffer-size=\fP\fInumber\fP
+Set the parameter that controls how much memory is used for buffering files
+that are being scanned.
+.TP
+\fB-C\fP \fInumber\fP, \fB--context=\fP\fInumber\fP
+Output \fInumber\fP lines of context both before and after each matching line.
+This is equivalent to setting both \fB-A\fP and \fB-B\fP to the same value.
+.TP
+\fB-c\fP, \fB--count\fP
+Do not output individual lines from the files that are being scanned; instead
+output the number of lines that would otherwise have been shown. If no lines
+are selected, the number zero is output. If several files are are being
+scanned, a count is output for each of them. However, if the
+\fB--files-with-matches\fP option is also used, only those files whose counts
+are greater than zero are listed. When \fB-c\fP is used, the \fB-A\fP,
+\fB-B\fP, and \fB-C\fP options are ignored.
+.TP
+\fB--colour\fP, \fB--color\fP
+If this option is given without any data, it is equivalent to "--colour=auto".
+If data is required, it must be given in the same shell item, separated by an
+equals sign.
+.TP
+\fB--colour=\fP\fIvalue\fP, \fB--color=\fP\fIvalue\fP
+This option specifies under what circumstances the parts of a line that matched
+a pattern should be coloured in the output. By default, the output is not
+coloured. The value (which is optional, see above) may be "never", "always", or
+"auto". In the latter case, colouring happens only if the standard output is
+connected to a terminal. More resources are used when colouring is enabled,
+because \fBpcregrep\fP has to search for all possible matches in a line, not
+just one, in order to colour them all.
+.sp
+The colour that is used can be specified by setting the environment variable
+PCREGREP_COLOUR or PCREGREP_COLOR. The value of this variable should be a
+string of two numbers, separated by a semicolon. They are copied directly into
+the control string for setting colour on a terminal, so it is your
+responsibility to ensure that they make sense. If neither of the environment
+variables is set, the default is "1;31", which gives red.
+.TP
+\fB-D\fP \fIaction\fP, \fB--devices=\fP\fIaction\fP
+If an input path is not a regular file or a directory, "action" specifies how
+it is to be processed. Valid values are "read" (the default) or "skip"
+(silently skip the path).
+.TP
+\fB-d\fP \fIaction\fP, \fB--directories=\fP\fIaction\fP
+If an input path is a directory, "action" specifies how it is to be processed.
+Valid values are "read" (the default in non-Windows environments, for
+compatibility with GNU grep), "recurse" (equivalent to the \fB-r\fP option), or
+"skip" (silently skip the path, the default in Windows environments). In the
+"read" case, directories are read as if they were ordinary files. In some
+operating systems the effect of reading a directory like this is an immediate
+end-of-file; in others it may provoke an error.
+.TP
+\fB-e\fP \fIpattern\fP, \fB--regex=\fP\fIpattern\fP, \fB--regexp=\fP\fIpattern\fP
+Specify a pattern to be matched. This option can be used multiple times in
+order to specify several patterns. It can also be used as a way of specifying a
+single pattern that starts with a hyphen. When \fB-e\fP is used, no argument
+pattern is taken from the command line; all arguments are treated as file
+names. There is no limit to the number of patterns. They are applied to each
+line in the order in which they are defined until one matches.
+.sp
+If \fB-f\fP is used with \fB-e\fP, the command line patterns are matched first,
+followed by the patterns from the file(s), independent of the order in which
+these options are specified. Note that multiple use of \fB-e\fP is not the same
+as a single pattern with alternatives. For example, X|Y finds the first
+character in a line that is X or Y, whereas if the two patterns are given
+separately, with X first, \fBpcregrep\fP finds X if it is present, even if it
+follows Y in the line. It finds Y only if there is no X in the line. This
+matters only if you are using \fB-o\fP or \fB--colo(u)r\fP to show the part(s)
+of the line that matched.
+.TP
+\fB--exclude\fP=\fIpattern\fP
+Files (but not directories) whose names match the pattern are skipped without
+being processed. This applies to all files, whether listed on the command line,
+obtained from \fB--file-list\fP, or by scanning a directory. The pattern is a
+PCRE regular expression, and is matched against the final component of the file
+name, not the entire path. The \fB-F\fP, \fB-w\fP, and \fB-x\fP options do not
+apply to this pattern. The option may be given any number of times in order to
+specify multiple patterns. If a file name matches both an \fB--include\fP
+and an \fB--exclude\fP pattern, it is excluded. There is no short form for this
+option.
+.TP
+\fB--exclude-from=\fP\fIfilename\fP
+Treat each non-empty line of the file as the data for an \fB--exclude\fP
+option. What constitutes a newline when reading the file is the operating
+system's default. The \fB--newline\fP option has no effect on this option. This
+option may be given more than once in order to specify a number of files to
+read.
+.TP
+\fB--exclude-dir\fP=\fIpattern\fP
+Directories whose names match the pattern are skipped without being processed,
+whatever the setting of the \fB--recursive\fP option. This applies to all
+directories, whether listed on the command line, obtained from
+\fB--file-list\fP, or by scanning a parent directory. The pattern is a PCRE
+regular expression, and is matched against the final component of the directory
+name, not the entire path. The \fB-F\fP, \fB-w\fP, and \fB-x\fP options do not
+apply to this pattern. The option may be given any number of times in order to
+specify more than one pattern. If a directory matches both \fB--include-dir\fP
+and \fB--exclude-dir\fP, it is excluded. There is no short form for this
+option.
+.TP
+\fB-F\fP, \fB--fixed-strings\fP
+Interpret each data-matching pattern as a list of fixed strings, separated by
+newlines, instead of as a regular expression. What constitutes a newline for
+this purpose is controlled by the \fB--newline\fP option. The \fB-w\fP (match
+as a word) and \fB-x\fP (match whole line) options can be used with \fB-F\fP.
+They apply to each of the fixed strings. A line is selected if any of the fixed
+strings are found in it (subject to \fB-w\fP or \fB-x\fP, if present). This
+option applies only to the patterns that are matched against the contents of
+files; it does not apply to patterns specified by any of the \fB--include\fP or
+\fB--exclude\fP options.
+.TP
+\fB-f\fP \fIfilename\fP, \fB--file=\fP\fIfilename\fP
+Read patterns from the file, one per line, and match them against
+each line of input. What constitutes a newline when reading the file is the
+operating system's default. The \fB--newline\fP option has no effect on this
+option. Trailing white space is removed from each line, and blank lines are
+ignored. An empty file contains no patterns and therefore matches nothing. See
+also the comments about multiple patterns versus a single pattern with
+alternatives in the description of \fB-e\fP above.
+.sp
+If this option is given more than once, all the specified files are
+read. A data line is output if any of the patterns match it. A filename can
+be given as "-" to refer to the standard input. When \fB-f\fP is used, patterns
+specified on the command line using \fB-e\fP may also be present; they are
+tested before the file's patterns. However, no other pattern is taken from the
+command line; all arguments are treated as the names of paths to be searched.
+.TP
+\fB--file-list\fP=\fIfilename\fP
+Read a list of files and/or directories that are to be scanned from the given
+file, one per line. Trailing white space is removed from each line, and blank
+lines are ignored. These paths are processed before any that are listed on the
+command line. The filename can be given as "-" to refer to the standard input.
+If \fB--file\fP and \fB--file-list\fP are both specified as "-", patterns are
+read first. This is useful only when the standard input is a terminal, from
+which further lines (the list of files) can be read after an end-of-file
+indication. If this option is given more than once, all the specified files are
+read.
+.TP
+\fB--file-offsets\fP
+Instead of showing lines or parts of lines that match, show each match as an
+offset from the start of the file and a length, separated by a comma. In this
+mode, no context is shown. That is, the \fB-A\fP, \fB-B\fP, and \fB-C\fP
+options are ignored. If there is more than one match in a line, each of them is
+shown separately. This option is mutually exclusive with \fB--line-offsets\fP
+and \fB--only-matching\fP.
+.TP
+\fB-H\fP, \fB--with-filename\fP
+Force the inclusion of the filename at the start of output lines when searching
+a single file. By default, the filename is not shown in this case. For matching
+lines, the filename is followed by a colon; for context lines, a hyphen
+separator is used. If a line number is also being output, it follows the file
+name.
+.TP
+\fB-h\fP, \fB--no-filename\fP
+Suppress the output filenames when searching multiple files. By default,
+filenames are shown when multiple files are searched. For matching lines, the
+filename is followed by a colon; for context lines, a hyphen separator is used.
+If a line number is also being output, it follows the file name.
+.TP
+\fB--help\fP
+Output a help message, giving brief details of the command options and file
+type support, and then exit. Anything else on the command line is
+ignored.
+.TP
+\fB-I\fP
+Treat binary files as never matching. This is equivalent to
+\fB--binary-files\fP=\fIwithout-match\fP.
+.TP
+\fB-i\fP, \fB--ignore-case\fP
+Ignore upper/lower case distinctions during comparisons.
+.TP
+\fB--include\fP=\fIpattern\fP
+If any \fB--include\fP patterns are specified, the only files that are
+processed are those that match one of the patterns (and do not match an
+\fB--exclude\fP pattern). This option does not affect directories, but it
+applies to all files, whether listed on the command line, obtained from
+\fB--file-list\fP, or by scanning a directory. The pattern is a PCRE regular
+expression, and is matched against the final component of the file name, not
+the entire path. The \fB-F\fP, \fB-w\fP, and \fB-x\fP options do not apply to
+this pattern. The option may be given any number of times. If a file name
+matches both an \fB--include\fP and an \fB--exclude\fP pattern, it is excluded.
+There is no short form for this option.
+.TP
+\fB--include-from=\fP\fIfilename\fP
+Treat each non-empty line of the file as the data for an \fB--include\fP
+option. What constitutes a newline for this purpose is the operating system's
+default. The \fB--newline\fP option has no effect on this option. This option
+may be given any number of times; all the files are read.
+.TP
+\fB--include-dir\fP=\fIpattern\fP
+If any \fB--include-dir\fP patterns are specified, the only directories that
+are processed are those that match one of the patterns (and do not match an
+\fB--exclude-dir\fP pattern). This applies to all directories, whether listed
+on the command line, obtained from \fB--file-list\fP, or by scanning a parent
+directory. The pattern is a PCRE regular expression, and is matched against the
+final component of the directory name, not the entire path. The \fB-F\fP,
+\fB-w\fP, and \fB-x\fP options do not apply to this pattern. The option may be
+given any number of times. If a directory matches both \fB--include-dir\fP and
+\fB--exclude-dir\fP, it is excluded. There is no short form for this option.
+.TP
+\fB-L\fP, \fB--files-without-match\fP
+Instead of outputting lines from the files, just output the names of the files
+that do not contain any lines that would have been output. Each file name is
+output once, on a separate line.
+.TP
+\fB-l\fP, \fB--files-with-matches\fP
+Instead of outputting lines from the files, just output the names of the files
+containing lines that would have been output. Each file name is output
+once, on a separate line. Searching normally stops as soon as a matching line
+is found in a file. However, if the \fB-c\fP (count) option is also used,
+matching continues in order to obtain the correct count, and those files that
+have at least one match are listed along with their counts. Using this option
+with \fB-c\fP is a way of suppressing the listing of files with no matches.
+.TP
+\fB--label\fP=\fIname\fP
+This option supplies a name to be used for the standard input when file names
+are being output. If not supplied, "(standard input)" is used. There is no
+short form for this option.
+.TP
+\fB--line-buffered\fP
+When this option is given, input is read and processed line by line, and the
+output is flushed after each write. By default, input is read in large chunks,
+unless \fBpcregrep\fP can determine that it is reading from a terminal (which
+is currently possible only in Unix-like environments). Output to terminal is
+normally automatically flushed by the operating system. This option can be
+useful when the input or output is attached to a pipe and you do not want
+\fBpcregrep\fP to buffer up large amounts of data. However, its use will affect
+performance, and the \fB-M\fP (multiline) option ceases to work.
+.TP
+\fB--line-offsets\fP
+Instead of showing lines or parts of lines that match, show each match as a
+line number, the offset from the start of the line, and a length. The line
+number is terminated by a colon (as usual; see the \fB-n\fP option), and the
+offset and length are separated by a comma. In this mode, no context is shown.
+That is, the \fB-A\fP, \fB-B\fP, and \fB-C\fP options are ignored. If there is
+more than one match in a line, each of them is shown separately. This option is
+mutually exclusive with \fB--file-offsets\fP and \fB--only-matching\fP.
+.TP
+\fB--locale\fP=\fIlocale-name\fP
+This option specifies a locale to be used for pattern matching. It overrides
+the value in the \fBLC_ALL\fP or \fBLC_CTYPE\fP environment variables. If no
+locale is specified, the PCRE library's default (usually the "C" locale) is
+used. There is no short form for this option.
+.TP
+\fB--match-limit\fP=\fInumber\fP
+Processing some regular expression patterns can require a very large amount of
+memory, leading in some cases to a program crash if not enough is available.
+Other patterns may take a very long time to search for all possible matching
+strings. The \fBpcre_exec()\fP function that is called by \fBpcregrep\fP to do
+the matching has two parameters that can limit the resources that it uses.
+.sp
+The \fB--match-limit\fP option provides a means of limiting resource usage
+when processing patterns that are not going to match, but which have a very
+large number of possibilities in their search trees. The classic example is a
+pattern that uses nested unlimited repeats. Internally, PCRE uses a function
+called \fBmatch()\fP which it calls repeatedly (sometimes recursively). The
+limit set by \fB--match-limit\fP is imposed on the number of times this
+function is called during a match, which has the effect of limiting the amount
+of backtracking that can take place.
+.sp
+The \fB--recursion-limit\fP option is similar to \fB--match-limit\fP, but
+instead of limiting the total number of times that \fBmatch()\fP is called, it
+limits the depth of recursive calls, which in turn limits the amount of memory
+that can be used. The recursion depth is a smaller number than the total number
+of calls, because not all calls to \fBmatch()\fP are recursive. This limit is
+of use only if it is set smaller than \fB--match-limit\fP.
+.sp
+There are no short forms for these options. The default settings are specified
+when the PCRE library is compiled, with the default default being 10 million.
+.TP
+\fB-M\fP, \fB--multiline\fP
+Allow patterns to match more than one line. When this option is given, patterns
+may usefully contain literal newline characters and internal occurrences of ^
+and $ characters. The output for a successful match may consist of more than
+one line, the last of which is the one in which the match ended. If the matched
+string ends with a newline sequence the output ends at the end of that line.
+.sp
+When this option is set, the PCRE library is called in "multiline" mode.
+There is a limit to the number of lines that can be matched, imposed by the way
+that \fBpcregrep\fP buffers the input file as it scans it. However,
+\fBpcregrep\fP ensures that at least 8K characters or the rest of the document
+(whichever is the shorter) are available for forward matching, and similarly
+the previous 8K characters (or all the previous characters, if fewer than 8K)
+are guaranteed to be available for lookbehind assertions. This option does not
+work when input is read line by line (see \fP--line-buffered\fP.)
+.TP
+\fB-N\fP \fInewline-type\fP, \fB--newline\fP=\fInewline-type\fP
+The PCRE library supports five different conventions for indicating
+the ends of lines. They are the single-character sequences CR (carriage return)
+and LF (linefeed), the two-character sequence CRLF, an "anycrlf" convention,
+which recognizes any of the preceding three types, and an "any" convention, in
+which any Unicode line ending sequence is assumed to end a line. The Unicode
+sequences are the three just mentioned, plus VT (vertical tab, U+000B), FF
+(form feed, U+000C), NEL (next line, U+0085), LS (line separator, U+2028), and
+PS (paragraph separator, U+2029).
+.sp
+When the PCRE library is built, a default line-ending sequence is specified.
+This is normally the standard sequence for the operating system. Unless
+otherwise specified by this option, \fBpcregrep\fP uses the library's default.
+The possible values for this option are CR, LF, CRLF, ANYCRLF, or ANY. This
+makes it possible to use \fBpcregrep\fP to scan files that have come from other
+environments without having to modify their line endings. If the data that is
+being scanned does not agree with the convention set by this option,
+\fBpcregrep\fP may behave in strange ways. Note that this option does not
+apply to files specified by the \fB-f\fP, \fB--exclude-from\fP, or
+\fB--include-from\fP options, which are expected to use the operating system's
+standard newline sequence.
+.TP
+\fB-n\fP, \fB--line-number\fP
+Precede each output line by its line number in the file, followed by a colon
+for matching lines or a hyphen for context lines. If the filename is also being
+output, it precedes the line number. This option is forced if
+\fB--line-offsets\fP is used.
+.TP
+\fB--no-jit\fP
+If the PCRE library is built with support for just-in-time compiling (which
+speeds up matching), \fBpcregrep\fP automatically makes use of this, unless it
+was explicitly disabled at build time. This option can be used to disable the
+use of JIT at run time. It is provided for testing and working round problems.
+It should never be needed in normal use.
+.TP
+\fB-o\fP, \fB--only-matching\fP
+Show only the part of the line that matched a pattern instead of the whole
+line. In this mode, no context is shown. That is, the \fB-A\fP, \fB-B\fP, and
+\fB-C\fP options are ignored. If there is more than one match in a line, each
+of them is shown separately. If \fB-o\fP is combined with \fB-v\fP (invert the
+sense of the match to find non-matching lines), no output is generated, but the
+return code is set appropriately. If the matched portion of the line is empty,
+nothing is output unless the file name or line number are being printed, in
+which case they are shown on an otherwise empty line. This option is mutually
+exclusive with \fB--file-offsets\fP and \fB--line-offsets\fP.
+.TP
+\fB-o\fP\fInumber\fP, \fB--only-matching\fP=\fInumber\fP
+Show only the part of the line that matched the capturing parentheses of the
+given number. Up to 32 capturing parentheses are supported, and -o0 is
+equivalent to \fB-o\fP without a number. Because these options can be given
+without an argument (see above), if an argument is present, it must be given in
+the same shell item, for example, -o3 or --only-matching=2. The comments given
+for the non-argument case above also apply to this case. If the specified
+capturing parentheses do not exist in the pattern, or were not set in the
+match, nothing is output unless the file name or line number are being printed.
+.sp
+If this option is given multiple times, multiple substrings are output, in the
+order the options are given. For example, -o3 -o1 -o3 causes the substrings
+matched by capturing parentheses 3 and 1 and then 3 again to be output. By
+default, there is no separator (but see the next option).
+.TP
+\fB--om-separator\fP=\fItext\fP
+Specify a separating string for multiple occurrences of \fB-o\fP. The default
+is an empty string. Separating strings are never coloured.
+.TP
+\fB-q\fP, \fB--quiet\fP
+Work quietly, that is, display nothing except error messages. The exit
+status indicates whether or not any matches were found.
+.TP
+\fB-r\fP, \fB--recursive\fP
+If any given path is a directory, recursively scan the files it contains,
+taking note of any \fB--include\fP and \fB--exclude\fP settings. By default, a
+directory is read as a normal file; in some operating systems this gives an
+immediate end-of-file. This option is a shorthand for setting the \fB-d\fP
+option to "recurse".
+.TP
+\fB--recursion-limit\fP=\fInumber\fP
+See \fB--match-limit\fP above.
+.TP
+\fB-s\fP, \fB--no-messages\fP
+Suppress error messages about non-existent or unreadable files. Such files are
+quietly skipped. However, the return code is still 2, even if matches were
+found in other files.
+.TP
+\fB-u\fP, \fB--utf-8\fP
+Operate in UTF-8 mode. This option is available only if PCRE has been compiled
+with UTF-8 support. All patterns (including those for any \fB--exclude\fP and
+\fB--include\fP options) and all subject lines that are scanned must be valid
+strings of UTF-8 characters.
+.TP
+\fB-V\fP, \fB--version\fP
+Write the version numbers of \fBpcregrep\fP and the PCRE library to the
+standard output and then exit. Anything else on the command line is
+ignored.
+.TP
+\fB-v\fP, \fB--invert-match\fP
+Invert the sense of the match, so that lines which do \fInot\fP match any of
+the patterns are the ones that are found.
+.TP
+\fB-w\fP, \fB--word-regex\fP, \fB--word-regexp\fP
+Force the patterns to match only whole words. This is equivalent to having \eb
+at the start and end of the pattern. This option applies only to the patterns
+that are matched against the contents of files; it does not apply to patterns
+specified by any of the \fB--include\fP or \fB--exclude\fP options.
+.TP
+\fB-x\fP, \fB--line-regex\fP, \fB--line-regexp\fP
+Force the patterns to be anchored (each must start matching at the beginning of
+a line) and in addition, require them to match entire lines. This is equivalent
+to having ^ and $ characters at the start and end of each alternative branch in
+every pattern. This option applies only to the patterns that are matched
+against the contents of files; it does not apply to patterns specified by any
+of the \fB--include\fP or \fB--exclude\fP options.
+.
+.
+.SH "ENVIRONMENT VARIABLES"
+.rs
+.sp
+The environment variables \fBLC_ALL\fP and \fBLC_CTYPE\fP are examined, in that
+order, for a locale. The first one that is set is used. This can be overridden
+by the \fB--locale\fP option. If no locale is set, the PCRE library's default
+(usually the "C" locale) is used.
+.
+.
+.SH "NEWLINES"
+.rs
+.sp
+The \fB-N\fP (\fB--newline\fP) option allows \fBpcregrep\fP to scan files with
+different newline conventions from the default. Any parts of the input files
+that are written to the standard output are copied identically, with whatever
+newline sequences they have in the input. However, the setting of this option
+does not affect the interpretation of files specified by the \fB-f\fP,
+\fB--exclude-from\fP, or \fB--include-from\fP options, which are assumed to use
+the operating system's standard newline sequence, nor does it affect the way in
+which \fBpcregrep\fP writes informational messages to the standard error and
+output streams. For these it uses the string "\en" to indicate newlines,
+relying on the C I/O library to convert this to an appropriate sequence.
+.
+.
+.SH "OPTIONS COMPATIBILITY"
+.rs
+.sp
+Many of the short and long forms of \fBpcregrep\fP's options are the same
+as in the GNU \fBgrep\fP program. Any long option of the form
+\fB--xxx-regexp\fP (GNU terminology) is also available as \fB--xxx-regex\fP
+(PCRE terminology). However, the \fB--file-list\fP, \fB--file-offsets\fP,
+\fB--include-dir\fP, \fB--line-offsets\fP, \fB--locale\fP, \fB--match-limit\fP,
+\fB-M\fP, \fB--multiline\fP, \fB-N\fP, \fB--newline\fP, \fB--om-separator\fP,
+\fB--recursion-limit\fP, \fB-u\fP, and \fB--utf-8\fP options are specific to
+\fBpcregrep\fP, as is the use of the \fB--only-matching\fP option with a
+capturing parentheses number.
+.P
+Although most of the common options work the same way, a few are different in
+\fBpcregrep\fP. For example, the \fB--include\fP option's argument is a glob
+for GNU \fBgrep\fP, but a regular expression for \fBpcregrep\fP. If both the
+\fB-c\fP and \fB-l\fP options are given, GNU grep lists only file names,
+without counts, but \fBpcregrep\fP gives the counts.
+.
+.
+.SH "OPTIONS WITH DATA"
+.rs
+.sp
+There are four different ways in which an option with data can be specified.
+If a short form option is used, the data may follow immediately, or (with one
+exception) in the next command line item. For example:
+.sp
+  -f/some/file
+  -f /some/file
+.sp
+The exception is the \fB-o\fP option, which may appear with or without data.
+Because of this, if data is present, it must follow immediately in the same
+item, for example -o3.
+.P
+If a long form option is used, the data may appear in the same command line
+item, separated by an equals character, or (with two exceptions) it may appear
+in the next command line item. For example:
+.sp
+  --file=/some/file
+  --file /some/file
+.sp
+Note, however, that if you want to supply a file name beginning with ~ as data
+in a shell command, and have the shell expand ~ to a home directory, you must
+separate the file name from the option, because the shell does not treat ~
+specially unless it is at the start of an item.
+.P
+The exceptions to the above are the \fB--colour\fP (or \fB--color\fP) and
+\fB--only-matching\fP options, for which the data is optional. If one of these
+options does have data, it must be given in the first form, using an equals
+character. Otherwise \fBpcregrep\fP will assume that it has no data.
+.
+.
+.SH "MATCHING ERRORS"
+.rs
+.sp
+It is possible to supply a regular expression that takes a very long time to
+fail to match certain lines. Such patterns normally involve nested indefinite
+repeats, for example: (a+)*\ed when matched against a line of a's with no final
+digit. The PCRE matching function has a resource limit that causes it to abort
+in these circumstances. If this happens, \fBpcregrep\fP outputs an error
+message and the line that caused the problem to the standard error stream. If
+there are more than 20 such errors, \fBpcregrep\fP gives up.
+.P
+The \fB--match-limit\fP option of \fBpcregrep\fP can be used to set the overall
+resource limit; there is a second option called \fB--recursion-limit\fP that
+sets a limit on the amount of memory (usually stack) that is used (see the
+discussion of these options above).
+.
+.
+.SH DIAGNOSTICS
+.rs
+.sp
+Exit status is 0 if any matches were found, 1 if no matches were found, and 2
+for syntax errors, overlong lines, non-existent or inaccessible files (even if
+matches were found in other files) or too many matching errors. Using the
+\fB-s\fP option to suppress error messages about inaccessible files does not
+affect the return code.
+.
+.
+.SH "SEE ALSO"
+.rs
+.sp
+\fBpcrepattern\fP(3), \fBpcresyntax\fP(3), \fBpcretest\fP(1).
+.
+.
+.SH AUTHOR
+.rs
+.sp
+.nf
+Philip Hazel
+University Computing Service
+Cambridge CB2 3QH, England.
+.fi
+.
+.
+.SH REVISION
+.rs
+.sp
+.nf
+Last updated: 03 April 2014
+Copyright (c) 1997-2014 University of Cambridge.
+.fi
diff --git a/client/3rd/ShadowSocks/ShadowSocks/pcre/arm64/share/man/man1/pcretest.1 b/client/3rd/ShadowSocks/ShadowSocks/pcre/arm64/share/man/man1/pcretest.1
new file mode 100644
index 00000000..ea7457c0
--- /dev/null
+++ b/client/3rd/ShadowSocks/ShadowSocks/pcre/arm64/share/man/man1/pcretest.1
@@ -0,0 +1,1160 @@
+.TH PCRETEST 1 "23 February 2017" "PCRE 8.41"
+.SH NAME
+pcretest - a program for testing Perl-compatible regular expressions.
+.SH SYNOPSIS
+.rs
+.sp
+.B pcretest "[options] [input file [output file]]"
+.sp
+\fBpcretest\fP was written as a test program for the PCRE regular expression
+library itself, but it can also be used for experimenting with regular
+expressions. This document describes the features of the test program; for
+details of the regular expressions themselves, see the
+.\" HREF
+\fBpcrepattern\fP
+.\"
+documentation. For details of the PCRE library function calls and their
+options, see the
+.\" HREF
+\fBpcreapi\fP
+.\"
+,
+.\" HREF
+\fBpcre16\fP
+and
+.\" HREF
+\fBpcre32\fP
+.\"
+documentation.
+.P
+The input for \fBpcretest\fP is a sequence of regular expression patterns and
+strings to be matched, as described below. The output shows the result of each
+match. Options on the command line and the patterns control PCRE options and
+exactly what is output.
+.P
+As PCRE has evolved, it has acquired many different features, and as a result,
+\fBpcretest\fP now has rather a lot of obscure options for testing every
+possible feature. Some of these options are specifically designed for use in
+conjunction with the test script and data files that are distributed as part of
+PCRE, and are unlikely to be of use otherwise. They are all documented here,
+but without much justification.
+.
+.
+.SH "INPUT DATA FORMAT"
+.rs
+.sp
+Input to \fBpcretest\fP is processed line by line, either by calling the C
+library's \fBfgets()\fP function, or via the \fBlibreadline\fP library (see
+below). In Unix-like environments, \fBfgets()\fP treats any bytes other than
+newline as data characters. However, in some Windows environments character 26
+(hex 1A) causes an immediate end of file, and no further data is read. For
+maximum portability, therefore, it is safest to use only ASCII characters in
+\fBpcretest\fP input files.
+.P
+The input is processed using using C's string functions, so must not
+contain binary zeroes, even though in Unix-like environments, \fBfgets()\fP
+treats any bytes other than newline as data characters.
+.
+.
+.SH "PCRE's 8-BIT, 16-BIT AND 32-BIT LIBRARIES"
+.rs
+.sp
+From release 8.30, two separate PCRE libraries can be built. The original one
+supports 8-bit character strings, whereas the newer 16-bit library supports
+character strings encoded in 16-bit units. From release 8.32, a third library
+can be built, supporting character strings encoded in 32-bit units. The
+\fBpcretest\fP program can be used to test all three libraries. However, it is
+itself still an 8-bit program, reading 8-bit input and writing 8-bit output.
+When testing the 16-bit or 32-bit library, the patterns and data strings are
+converted to 16- or 32-bit format before being passed to the PCRE library
+functions. Results are converted to 8-bit for output.
+.P
+References to functions and structures of the form \fBpcre[16|32]_xx\fP below
+mean "\fBpcre_xx\fP when using the 8-bit library, \fBpcre16_xx\fP when using
+the 16-bit library, or \fBpcre32_xx\fP when using the 32-bit library".
+.
+.
+.SH "COMMAND LINE OPTIONS"
+.rs
+.TP 10
+\fB-8\fP
+If both the 8-bit library has been built, this option causes the 8-bit library
+to be used (which is the default); if the 8-bit library has not been built,
+this option causes an error.
+.TP 10
+\fB-16\fP
+If both the 8-bit or the 32-bit, and the 16-bit libraries have been built, this
+option causes the 16-bit library to be used. If only the 16-bit library has been
+built, this is the default (so has no effect). If only the 8-bit or the 32-bit
+library has been built, this option causes an error.
+.TP 10
+\fB-32\fP
+If both the 8-bit or the 16-bit, and the 32-bit libraries have been built, this
+option causes the 32-bit library to be used. If only the 32-bit library has been
+built, this is the default (so has no effect). If only the 8-bit or the 16-bit
+library has been built, this option causes an error.
+.TP 10
+\fB-b\fP
+Behave as if each pattern has the \fB/B\fP (show byte code) modifier; the
+internal form is output after compilation.
+.TP 10
+\fB-C\fP
+Output the version number of the PCRE library, and all available information
+about the optional features that are included, and then exit with zero exit
+code. All other options are ignored.
+.TP 10
+\fB-C\fP \fIoption\fP
+Output information about a specific build-time option, then exit. This
+functionality is intended for use in scripts such as \fBRunTest\fP. The
+following options output the value and set the exit code as indicated:
+.sp
+  ebcdic-nl  the code for LF (= NL) in an EBCDIC environment:
+               0x15 or 0x25
+               0 if used in an ASCII environment
+               exit code is always 0
+  linksize   the configured internal link size (2, 3, or 4)
+               exit code is set to the link size
+  newline    the default newline setting:
+               CR, LF, CRLF, ANYCRLF, or ANY
+               exit code is always 0
+  bsr        the default setting for what \eR matches:
+               ANYCRLF or ANY
+               exit code is always 0
+.sp
+The following options output 1 for true or 0 for false, and set the exit code
+to the same value:
+.sp
+  ebcdic     compiled for an EBCDIC environment
+  jit        just-in-time support is available
+  pcre16     the 16-bit library was built
+  pcre32     the 32-bit library was built
+  pcre8      the 8-bit library was built
+  ucp        Unicode property support is available
+  utf        UTF-8 and/or UTF-16 and/or UTF-32 support
+               is available
+.sp
+If an unknown option is given, an error message is output; the exit code is 0.
+.TP 10
+\fB-d\fP
+Behave as if each pattern has the \fB/D\fP (debug) modifier; the internal
+form and information about the compiled pattern is output after compilation;
+\fB-d\fP is equivalent to \fB-b -i\fP.
+.TP 10
+\fB-dfa\fP
+Behave as if each data line contains the \eD escape sequence; this causes the
+alternative matching function, \fBpcre[16|32]_dfa_exec()\fP, to be used instead
+of the standard \fBpcre[16|32]_exec()\fP function (more detail is given below).
+.TP 10
+\fB-help\fP
+Output a brief summary these options and then exit.
+.TP 10
+\fB-i\fP
+Behave as if each pattern has the \fB/I\fP modifier; information about the
+compiled pattern is given after compilation.
+.TP 10
+\fB-M\fP
+Behave as if each data line contains the \eM escape sequence; this causes
+PCRE to discover the minimum MATCH_LIMIT and MATCH_LIMIT_RECURSION settings by
+calling \fBpcre[16|32]_exec()\fP repeatedly with different limits.
+.TP 10
+\fB-m\fP
+Output the size of each compiled pattern after it has been compiled. This is
+equivalent to adding \fB/M\fP to each regular expression. The size is given in
+bytes for both libraries.
+.TP 10
+\fB-O\fP
+Behave as if each pattern has the \fB/O\fP modifier, that is disable
+auto-possessification for all patterns.
+.TP 10
+\fB-o\fP \fIosize\fP
+Set the number of elements in the output vector that is used when calling
+\fBpcre[16|32]_exec()\fP or \fBpcre[16|32]_dfa_exec()\fP to be \fIosize\fP. The
+default value is 45, which is enough for 14 capturing subexpressions for
+\fBpcre[16|32]_exec()\fP or 22 different matches for
+\fBpcre[16|32]_dfa_exec()\fP.
+The vector size can be changed for individual matching calls by including \eO
+in the data line (see below).
+.TP 10
+\fB-p\fP
+Behave as if each pattern has the \fB/P\fP modifier; the POSIX wrapper API is
+used to call PCRE. None of the other options has any effect when \fB-p\fP is
+set. This option can be used only with the 8-bit library.
+.TP 10
+\fB-q\fP
+Do not output the version number of \fBpcretest\fP at the start of execution.
+.TP 10
+\fB-S\fP \fIsize\fP
+On Unix-like systems, set the size of the run-time stack to \fIsize\fP
+megabytes.
+.TP 10
+\fB-s\fP or \fB-s+\fP
+Behave as if each pattern has the \fB/S\fP modifier; in other words, force each
+pattern to be studied. If \fB-s+\fP is used, all the JIT compile options are
+passed to \fBpcre[16|32]_study()\fP, causing just-in-time optimization to be set
+up if it is available, for both full and partial matching. Specific JIT compile
+options can be selected by following \fB-s+\fP with a digit in the range 1 to
+7, which selects the JIT compile modes as follows:
+.sp
+  1  normal match only
+  2  soft partial match only
+  3  normal match and soft partial match
+  4  hard partial match only
+  6  soft and hard partial match
+  7  all three modes (default)
+.sp
+If \fB-s++\fP is used instead of \fB-s+\fP (with or without a following digit),
+the text "(JIT)" is added to the first output line after a match or no match
+when JIT-compiled code was actually used.
+.sp
+Note that there are pattern options that can override \fB-s\fP, either
+specifying no studying at all, or suppressing JIT compilation.
+.sp
+If the \fB/I\fP or \fB/D\fP option is present on a pattern (requesting output
+about the compiled pattern), information about the result of studying is not
+included when studying is caused only by \fB-s\fP and neither \fB-i\fP nor
+\fB-d\fP is present on the command line. This behaviour means that the output
+from tests that are run with and without \fB-s\fP should be identical, except
+when options that output information about the actual running of a match are
+set.
+.sp
+The \fB-M\fP, \fB-t\fP, and \fB-tm\fP options, which give information about
+resources used, are likely to produce different output with and without
+\fB-s\fP. Output may also differ if the \fB/C\fP option is present on an
+individual pattern. This uses callouts to trace the the matching process, and
+this may be different between studied and non-studied patterns. If the pattern
+contains (*MARK) items there may also be differences, for the same reason. The
+\fB-s\fP command line option can be overridden for specific patterns that
+should never be studied (see the \fB/S\fP pattern modifier below).
+.TP 10
+\fB-t\fP
+Run each compile, study, and match many times with a timer, and output the
+resulting times per compile, study, or match (in milliseconds). Do not set
+\fB-m\fP with \fB-t\fP, because you will then get the size output a zillion
+times, and the timing will be distorted. You can control the number of
+iterations that are used for timing by following \fB-t\fP with a number (as a
+separate item on the command line). For example, "-t 1000" iterates 1000 times.
+The default is to iterate 500000 times.
+.TP 10
+\fB-tm\fP
+This is like \fB-t\fP except that it times only the matching phase, not the
+compile or study phases.
+.TP 10
+\fB-T\fP \fB-TM\fP
+These behave like \fB-t\fP and \fB-tm\fP, but in addition, at the end of a run,
+the total times for all compiles, studies, and matches are output.
+.
+.
+.SH DESCRIPTION
+.rs
+.sp
+If \fBpcretest\fP is given two filename arguments, it reads from the first and
+writes to the second. If it is given only one filename argument, it reads from
+that file and writes to stdout. Otherwise, it reads from stdin and writes to
+stdout, and prompts for each line of input, using "re>" to prompt for regular
+expressions, and "data>" to prompt for data lines.
+.P
+When \fBpcretest\fP is built, a configuration option can specify that it should
+be linked with the \fBlibreadline\fP library. When this is done, if the input
+is from a terminal, it is read using the \fBreadline()\fP function. This
+provides line-editing and history facilities. The output from the \fB-help\fP
+option states whether or not \fBreadline()\fP will be used.
+.P
+The program handles any number of sets of input on a single input file. Each
+set starts with a regular expression, and continues with any number of data
+lines to be matched against that pattern.
+.P
+Each data line is matched separately and independently. If you want to do
+multi-line matches, you have to use the \en escape sequence (or \er or \er\en,
+etc., depending on the newline setting) in a single line of input to encode the
+newline sequences. There is no limit on the length of data lines; the input
+buffer is automatically extended if it is too small.
+.P
+An empty line signals the end of the data lines, at which point a new regular
+expression is read. The regular expressions are given enclosed in any
+non-alphanumeric delimiters other than backslash, for example:
+.sp
+  /(a|bc)x+yz/
+.sp
+White space before the initial delimiter is ignored. A regular expression may
+be continued over several input lines, in which case the newline characters are
+included within it. It is possible to include the delimiter within the pattern
+by escaping it, for example
+.sp
+  /abc\e/def/
+.sp
+If you do so, the escape and the delimiter form part of the pattern, but since
+delimiters are always non-alphanumeric, this does not affect its interpretation.
+If the terminating delimiter is immediately followed by a backslash, for
+example,
+.sp
+  /abc/\e
+.sp
+then a backslash is added to the end of the pattern. This is done to provide a
+way of testing the error condition that arises if a pattern finishes with a
+backslash, because
+.sp
+  /abc\e/
+.sp
+is interpreted as the first line of a pattern that starts with "abc/", causing
+pcretest to read the next line as a continuation of the regular expression.
+.
+.
+.SH "PATTERN MODIFIERS"
+.rs
+.sp
+A pattern may be followed by any number of modifiers, which are mostly single
+characters, though some of these can be qualified by further characters.
+Following Perl usage, these are referred to below as, for example, "the
+\fB/i\fP modifier", even though the delimiter of the pattern need not always be
+a slash, and no slash is used when writing modifiers. White space may appear
+between the final pattern delimiter and the first modifier, and between the
+modifiers themselves. For reference, here is a complete list of modifiers. They
+fall into several groups that are described in detail in the following
+sections.
+.sp
+  \fB/8\fP              set UTF mode
+  \fB/9\fP              set PCRE_NEVER_UTF (locks out UTF mode)
+  \fB/?\fP              disable UTF validity check
+  \fB/+\fP              show remainder of subject after match
+  \fB/=\fP              show all captures (not just those that are set)
+.sp
+  \fB/A\fP              set PCRE_ANCHORED
+  \fB/B\fP              show compiled code
+  \fB/C\fP              set PCRE_AUTO_CALLOUT
+  \fB/D\fP              same as \fB/B\fP plus \fB/I\fP
+  \fB/E\fP              set PCRE_DOLLAR_ENDONLY
+  \fB/F\fP              flip byte order in compiled pattern
+  \fB/f\fP              set PCRE_FIRSTLINE
+  \fB/G\fP              find all matches (shorten string)
+  \fB/g\fP              find all matches (use startoffset)
+  \fB/I\fP              show information about pattern
+  \fB/i\fP              set PCRE_CASELESS
+  \fB/J\fP              set PCRE_DUPNAMES
+  \fB/K\fP              show backtracking control names
+  \fB/L\fP              set locale
+  \fB/M\fP              show compiled memory size
+  \fB/m\fP              set PCRE_MULTILINE
+  \fB/N\fP              set PCRE_NO_AUTO_CAPTURE
+  \fB/O\fP              set PCRE_NO_AUTO_POSSESS
+  \fB/P\fP              use the POSIX wrapper
+  \fB/Q\fP              test external stack check function
+  \fB/S\fP              study the pattern after compilation
+  \fB/s\fP              set PCRE_DOTALL
+  \fB/T\fP              select character tables
+  \fB/U\fP              set PCRE_UNGREEDY
+  \fB/W\fP              set PCRE_UCP
+  \fB/X\fP              set PCRE_EXTRA
+  \fB/x\fP              set PCRE_EXTENDED
+  \fB/Y\fP              set PCRE_NO_START_OPTIMIZE
+  \fB/Z\fP              don't show lengths in \fB/B\fP output
+.sp
+  \fB/<any>\fP          set PCRE_NEWLINE_ANY
+  \fB/<anycrlf>\fP      set PCRE_NEWLINE_ANYCRLF
+  \fB/<cr>\fP           set PCRE_NEWLINE_CR
+  \fB/<crlf>\fP         set PCRE_NEWLINE_CRLF
+  \fB/<lf>\fP           set PCRE_NEWLINE_LF
+  \fB/<bsr_anycrlf>\fP  set PCRE_BSR_ANYCRLF
+  \fB/<bsr_unicode>\fP  set PCRE_BSR_UNICODE
+  \fB/<JS>\fP           set PCRE_JAVASCRIPT_COMPAT
+.sp
+.
+.
+.SS "Perl-compatible modifiers"
+.rs
+.sp
+The \fB/i\fP, \fB/m\fP, \fB/s\fP, and \fB/x\fP modifiers set the PCRE_CASELESS,
+PCRE_MULTILINE, PCRE_DOTALL, or PCRE_EXTENDED options, respectively, when
+\fBpcre[16|32]_compile()\fP is called. These four modifier letters have the same
+effect as they do in Perl. For example:
+.sp
+  /caseless/i
+.sp
+.
+.
+.SS "Modifiers for other PCRE options"
+.rs
+.sp
+The following table shows additional modifiers for setting PCRE compile-time
+options that do not correspond to anything in Perl:
+.sp
+  \fB/8\fP              PCRE_UTF8           ) when using the 8-bit
+  \fB/?\fP              PCRE_NO_UTF8_CHECK  )   library
+.sp
+  \fB/8\fP              PCRE_UTF16          ) when using the 16-bit
+  \fB/?\fP              PCRE_NO_UTF16_CHECK )   library
+.sp
+  \fB/8\fP              PCRE_UTF32          ) when using the 32-bit
+  \fB/?\fP              PCRE_NO_UTF32_CHECK )   library
+.sp
+  \fB/9\fP              PCRE_NEVER_UTF
+  \fB/A\fP              PCRE_ANCHORED
+  \fB/C\fP              PCRE_AUTO_CALLOUT
+  \fB/E\fP              PCRE_DOLLAR_ENDONLY
+  \fB/f\fP              PCRE_FIRSTLINE
+  \fB/J\fP              PCRE_DUPNAMES
+  \fB/N\fP              PCRE_NO_AUTO_CAPTURE
+  \fB/O\fP              PCRE_NO_AUTO_POSSESS
+  \fB/U\fP              PCRE_UNGREEDY
+  \fB/W\fP              PCRE_UCP
+  \fB/X\fP              PCRE_EXTRA
+  \fB/Y\fP              PCRE_NO_START_OPTIMIZE
+  \fB/<any>\fP          PCRE_NEWLINE_ANY
+  \fB/<anycrlf>\fP      PCRE_NEWLINE_ANYCRLF
+  \fB/<cr>\fP           PCRE_NEWLINE_CR
+  \fB/<crlf>\fP         PCRE_NEWLINE_CRLF
+  \fB/<lf>\fP           PCRE_NEWLINE_LF
+  \fB/<bsr_anycrlf>\fP  PCRE_BSR_ANYCRLF
+  \fB/<bsr_unicode>\fP  PCRE_BSR_UNICODE
+  \fB/<JS>\fP           PCRE_JAVASCRIPT_COMPAT
+.sp
+The modifiers that are enclosed in angle brackets are literal strings as shown,
+including the angle brackets, but the letters within can be in either case.
+This example sets multiline matching with CRLF as the line ending sequence:
+.sp
+  /^abc/m<CRLF>
+.sp
+As well as turning on the PCRE_UTF8/16/32 option, the \fB/8\fP modifier causes
+all non-printing characters in output strings to be printed using the
+\ex{hh...} notation. Otherwise, those less than 0x100 are output in hex without
+the curly brackets.
+.P
+Full details of the PCRE options are given in the
+.\" HREF
+\fBpcreapi\fP
+.\"
+documentation.
+.
+.
+.SS "Finding all matches in a string"
+.rs
+.sp
+Searching for all possible matches within each subject string can be requested
+by the \fB/g\fP or \fB/G\fP modifier. After finding a match, PCRE is called
+again to search the remainder of the subject string. The difference between
+\fB/g\fP and \fB/G\fP is that the former uses the \fIstartoffset\fP argument to
+\fBpcre[16|32]_exec()\fP to start searching at a new point within the entire
+string (which is in effect what Perl does), whereas the latter passes over a
+shortened substring. This makes a difference to the matching process if the
+pattern begins with a lookbehind assertion (including \eb or \eB).
+.P
+If any call to \fBpcre[16|32]_exec()\fP in a \fB/g\fP or \fB/G\fP sequence matches
+an empty string, the next call is done with the PCRE_NOTEMPTY_ATSTART and
+PCRE_ANCHORED flags set in order to search for another, non-empty, match at the
+same point. If this second match fails, the start offset is advanced, and the
+normal match is retried. This imitates the way Perl handles such cases when
+using the \fB/g\fP modifier or the \fBsplit()\fP function. Normally, the start
+offset is advanced by one character, but if the newline convention recognizes
+CRLF as a newline, and the current character is CR followed by LF, an advance
+of two is used.
+.
+.
+.SS "Other modifiers"
+.rs
+.sp
+There are yet more modifiers for controlling the way \fBpcretest\fP
+operates.
+.P
+The \fB/+\fP modifier requests that as well as outputting the substring that
+matched the entire pattern, \fBpcretest\fP should in addition output the
+remainder of the subject string. This is useful for tests where the subject
+contains multiple copies of the same substring. If the \fB+\fP modifier appears
+twice, the same action is taken for captured substrings. In each case the
+remainder is output on the following line with a plus character following the
+capture number. Note that this modifier must not immediately follow the /S
+modifier because /S+ and /S++ have other meanings.
+.P
+The \fB/=\fP modifier requests that the values of all potential captured
+parentheses be output after a match. By default, only those up to the highest
+one actually used in the match are output (corresponding to the return code
+from \fBpcre[16|32]_exec()\fP). Values in the offsets vector corresponding to
+higher numbers should be set to -1, and these are output as "<unset>". This
+modifier gives a way of checking that this is happening.
+.P
+The \fB/B\fP modifier is a debugging feature. It requests that \fBpcretest\fP
+output a representation of the compiled code after compilation. Normally this
+information contains length and offset values; however, if \fB/Z\fP is also
+present, this data is replaced by spaces. This is a special feature for use in
+the automatic test scripts; it ensures that the same output is generated for
+different internal link sizes.
+.P
+The \fB/D\fP modifier is a PCRE debugging feature, and is equivalent to
+\fB/BI\fP, that is, both the \fB/B\fP and the \fB/I\fP modifiers.
+.P
+The \fB/F\fP modifier causes \fBpcretest\fP to flip the byte order of the
+2-byte and 4-byte fields in the compiled pattern. This facility is for testing
+the feature in PCRE that allows it to execute patterns that were compiled on a
+host with a different endianness. This feature is not available when the POSIX
+interface to PCRE is being used, that is, when the \fB/P\fP pattern modifier is
+specified. See also the section about saving and reloading compiled patterns
+below.
+.P
+The \fB/I\fP modifier requests that \fBpcretest\fP output information about the
+compiled pattern (whether it is anchored, has a fixed first character, and
+so on). It does this by calling \fBpcre[16|32]_fullinfo()\fP after compiling a
+pattern. If the pattern is studied, the results of that are also output. In
+this output, the word "char" means a non-UTF character, that is, the value of a
+single data item (8-bit, 16-bit, or 32-bit, depending on the library that is
+being tested).
+.P
+The \fB/K\fP modifier requests \fBpcretest\fP to show names from backtracking
+control verbs that are returned from calls to \fBpcre[16|32]_exec()\fP. It causes
+\fBpcretest\fP to create a \fBpcre[16|32]_extra\fP block if one has not already
+been created by a call to \fBpcre[16|32]_study()\fP, and to set the
+PCRE_EXTRA_MARK flag and the \fBmark\fP field within it, every time that
+\fBpcre[16|32]_exec()\fP is called. If the variable that the \fBmark\fP field
+points to is non-NULL for a match, non-match, or partial match, \fBpcretest\fP
+prints the string to which it points. For a match, this is shown on a line by
+itself, tagged with "MK:". For a non-match it is added to the message.
+.P
+The \fB/L\fP modifier must be followed directly by the name of a locale, for
+example,
+.sp
+  /pattern/Lfr_FR
+.sp
+For this reason, it must be the last modifier. The given locale is set,
+\fBpcre[16|32]_maketables()\fP is called to build a set of character tables for
+the locale, and this is then passed to \fBpcre[16|32]_compile()\fP when compiling
+the regular expression. Without an \fB/L\fP (or \fB/T\fP) modifier, NULL is
+passed as the tables pointer; that is, \fB/L\fP applies only to the expression
+on which it appears.
+.P
+The \fB/M\fP modifier causes the size in bytes of the memory block used to hold
+the compiled pattern to be output. This does not include the size of the
+\fBpcre[16|32]\fP block; it is just the actual compiled data. If the pattern is
+successfully studied with the PCRE_STUDY_JIT_COMPILE option, the size of the
+JIT compiled code is also output.
+.P
+The \fB/Q\fP modifier is used to test the use of \fBpcre_stack_guard\fP. It
+must be followed by '0' or '1', specifying the return code to be given from an
+external function that is passed to PCRE and used for stack checking during
+compilation (see the
+.\" HREF
+\fBpcreapi\fP
+.\"
+documentation for details).
+.P
+The \fB/S\fP modifier causes \fBpcre[16|32]_study()\fP to be called after the
+expression has been compiled, and the results used when the expression is
+matched. There are a number of qualifying characters that may follow \fB/S\fP.
+They may appear in any order.
+.P
+If \fB/S\fP is followed by an exclamation mark, \fBpcre[16|32]_study()\fP is
+called with the PCRE_STUDY_EXTRA_NEEDED option, causing it always to return a
+\fBpcre_extra\fP block, even when studying discovers no useful information.
+.P
+If \fB/S\fP is followed by a second S character, it suppresses studying, even
+if it was requested externally by the \fB-s\fP command line option. This makes
+it possible to specify that certain patterns are always studied, and others are
+never studied, independently of \fB-s\fP. This feature is used in the test
+files in a few cases where the output is different when the pattern is studied.
+.P
+If the \fB/S\fP modifier is followed by a + character, the call to
+\fBpcre[16|32]_study()\fP is made with all the JIT study options, requesting
+just-in-time optimization support if it is available, for both normal and
+partial matching. If you want to restrict the JIT compiling modes, you can
+follow \fB/S+\fP with a digit in the range 1 to 7:
+.sp
+  1  normal match only
+  2  soft partial match only
+  3  normal match and soft partial match
+  4  hard partial match only
+  6  soft and hard partial match
+  7  all three modes (default)
+.sp
+If \fB/S++\fP is used instead of \fB/S+\fP (with or without a following digit),
+the text "(JIT)" is added to the first output line after a match or no match
+when JIT-compiled code was actually used.
+.P
+Note that there is also an independent \fB/+\fP modifier; it must not be given
+immediately after \fB/S\fP or \fB/S+\fP because this will be misinterpreted.
+.P
+If JIT studying is successful, the compiled JIT code will automatically be used
+when \fBpcre[16|32]_exec()\fP is run, except when incompatible run-time options
+are specified. For more details, see the
+.\" HREF
+\fBpcrejit\fP
+.\"
+documentation. See also the \fB\eJ\fP escape sequence below for a way of
+setting the size of the JIT stack.
+.P
+Finally, if \fB/S\fP is followed by a minus character, JIT compilation is
+suppressed, even if it was requested externally by the \fB-s\fP command line
+option. This makes it possible to specify that JIT is never to be used for
+certain patterns.
+.P
+The \fB/T\fP modifier must be followed by a single digit. It causes a specific
+set of built-in character tables to be passed to \fBpcre[16|32]_compile()\fP. It
+is used in the standard PCRE tests to check behaviour with different character
+tables. The digit specifies the tables as follows:
+.sp
+  0   the default ASCII tables, as distributed in
+        pcre_chartables.c.dist
+  1   a set of tables defining ISO 8859 characters
+.sp
+In table 1, some characters whose codes are greater than 128 are identified as
+letters, digits, spaces, etc.
+.
+.
+.SS "Using the POSIX wrapper API"
+.rs
+.sp
+The \fB/P\fP modifier causes \fBpcretest\fP to call PCRE via the POSIX wrapper
+API rather than its native API. This supports only the 8-bit library. When
+\fB/P\fP is set, the following modifiers set options for the \fBregcomp()\fP
+function:
+.sp
+  /i    REG_ICASE
+  /m    REG_NEWLINE
+  /N    REG_NOSUB
+  /s    REG_DOTALL     )
+  /U    REG_UNGREEDY   ) These options are not part of
+  /W    REG_UCP        )   the POSIX standard
+  /8    REG_UTF8       )
+.sp
+The \fB/+\fP modifier works as described above. All other modifiers are
+ignored.
+.
+.
+.SS "Locking out certain modifiers"
+.rs
+.sp
+PCRE can be compiled with or without support for certain features such as
+UTF-8/16/32 or Unicode properties. Accordingly, the standard tests are split up
+into a number of different files that are selected for running depending on
+which features are available. When updating the tests, it is all too easy to
+put a new test into the wrong file by mistake; for example, to put a test that
+requires UTF support into a file that is used when it is not available. To help
+detect such mistakes as early as possible, there is a facility for locking out
+specific modifiers. If an input line for \fBpcretest\fP starts with the string
+"< forbid " the following sequence of characters is taken as a list of
+forbidden modifiers. For example, in the test files that must not use UTF or
+Unicode property support, this line appears:
+.sp
+  < forbid 8W
+.sp
+This locks out the /8 and /W modifiers. An immediate error is given if they are
+subsequently encountered. If the character string contains < but not >, all the
+multi-character modifiers that begin with < are locked out. Otherwise, such
+modifiers must be explicitly listed, for example:
+.sp
+  < forbid <JS><cr>
+.sp
+There must be a single space between < and "forbid" for this feature to be
+recognised. If there is not, the line is interpreted either as a request to
+re-load a pre-compiled pattern (see "SAVING AND RELOADING COMPILED PATTERNS"
+below) or, if there is a another < character, as a pattern that uses < as its
+delimiter.
+.
+.
+.SH "DATA LINES"
+.rs
+.sp
+Before each data line is passed to \fBpcre[16|32]_exec()\fP, leading and trailing
+white space is removed, and it is then scanned for \e escapes. Some of these
+are pretty esoteric features, intended for checking out some of the more
+complicated features of PCRE. If you are just testing "ordinary" regular
+expressions, you probably don't need any of these. The following escapes are
+recognized:
+.sp
+  \ea         alarm (BEL, \ex07)
+  \eb         backspace (\ex08)
+  \ee         escape (\ex27)
+  \ef         form feed (\ex0c)
+  \en         newline (\ex0a)
+.\" JOIN
+  \eqdd       set the PCRE_MATCH_LIMIT limit to dd
+               (any number of digits)
+  \er         carriage return (\ex0d)
+  \et         tab (\ex09)
+  \ev         vertical tab (\ex0b)
+  \ennn       octal character (up to 3 octal digits); always
+               a byte unless > 255 in UTF-8 or 16-bit or 32-bit mode
+  \eo{dd...}  octal character (any number of octal digits}
+  \exhh       hexadecimal byte (up to 2 hex digits)
+  \ex{hh...}  hexadecimal character (any number of hex digits)
+.\" JOIN
+  \eA         pass the PCRE_ANCHORED option to \fBpcre[16|32]_exec()\fP
+               or \fBpcre[16|32]_dfa_exec()\fP
+.\" JOIN
+  \eB         pass the PCRE_NOTBOL option to \fBpcre[16|32]_exec()\fP
+               or \fBpcre[16|32]_dfa_exec()\fP
+.\" JOIN
+  \eCdd       call pcre[16|32]_copy_substring() for substring dd
+               after a successful match (number less than 32)
+.\" JOIN
+  \eCname     call pcre[16|32]_copy_named_substring() for substring
+               "name" after a successful match (name termin-
+               ated by next non alphanumeric character)
+.\" JOIN
+  \eC+        show the current captured substrings at callout
+               time
+  \eC-        do not supply a callout function
+.\" JOIN
+  \eC!n       return 1 instead of 0 when callout number n is
+               reached
+.\" JOIN
+  \eC!n!m     return 1 instead of 0 when callout number n is
+               reached for the nth time
+.\" JOIN
+  \eC*n       pass the number n (may be negative) as callout
+               data; this is used as the callout return value
+  \eD         use the \fBpcre[16|32]_dfa_exec()\fP match function
+  \eF         only shortest match for \fBpcre[16|32]_dfa_exec()\fP
+.\" JOIN
+  \eGdd       call pcre[16|32]_get_substring() for substring dd
+               after a successful match (number less than 32)
+.\" JOIN
+  \eGname     call pcre[16|32]_get_named_substring() for substring
+               "name" after a successful match (name termin-
+               ated by next non-alphanumeric character)
+.\" JOIN
+  \eJdd       set up a JIT stack of dd kilobytes maximum (any
+               number of digits)
+.\" JOIN
+  \eL         call pcre[16|32]_get_substringlist() after a
+               successful match
+.\" JOIN
+  \eM         discover the minimum MATCH_LIMIT and
+               MATCH_LIMIT_RECURSION settings
+.\" JOIN
+  \eN         pass the PCRE_NOTEMPTY option to \fBpcre[16|32]_exec()\fP
+               or \fBpcre[16|32]_dfa_exec()\fP; if used twice, pass the
+               PCRE_NOTEMPTY_ATSTART option
+.\" JOIN
+  \eOdd       set the size of the output vector passed to
+               \fBpcre[16|32]_exec()\fP to dd (any number of digits)
+.\" JOIN
+  \eP         pass the PCRE_PARTIAL_SOFT option to \fBpcre[16|32]_exec()\fP
+               or \fBpcre[16|32]_dfa_exec()\fP; if used twice, pass the
+               PCRE_PARTIAL_HARD option
+.\" JOIN
+  \eQdd       set the PCRE_MATCH_LIMIT_RECURSION limit to dd
+               (any number of digits)
+  \eR         pass the PCRE_DFA_RESTART option to \fBpcre[16|32]_dfa_exec()\fP
+  \eS         output details of memory get/free calls during matching
+.\" JOIN
+  \eY         pass the PCRE_NO_START_OPTIMIZE option to \fBpcre[16|32]_exec()\fP
+               or \fBpcre[16|32]_dfa_exec()\fP
+.\" JOIN
+  \eZ         pass the PCRE_NOTEOL option to \fBpcre[16|32]_exec()\fP
+               or \fBpcre[16|32]_dfa_exec()\fP
+.\" JOIN
+  \e?         pass the PCRE_NO_UTF[8|16|32]_CHECK option to
+               \fBpcre[16|32]_exec()\fP or \fBpcre[16|32]_dfa_exec()\fP
+.\" JOIN
+  \e>dd       start the match at offset dd (optional "-"; then
+               any number of digits); this sets the \fIstartoffset\fP
+               argument for \fBpcre[16|32]_exec()\fP or \fBpcre[16|32]_dfa_exec()\fP
+.\" JOIN
+  \e<cr>      pass the PCRE_NEWLINE_CR option to \fBpcre[16|32]_exec()\fP
+               or \fBpcre[16|32]_dfa_exec()\fP
+.\" JOIN
+  \e<lf>      pass the PCRE_NEWLINE_LF option to \fBpcre[16|32]_exec()\fP
+               or \fBpcre[16|32]_dfa_exec()\fP
+.\" JOIN
+  \e<crlf>    pass the PCRE_NEWLINE_CRLF option to \fBpcre[16|32]_exec()\fP
+               or \fBpcre[16|32]_dfa_exec()\fP
+.\" JOIN
+  \e<anycrlf> pass the PCRE_NEWLINE_ANYCRLF option to \fBpcre[16|32]_exec()\fP
+               or \fBpcre[16|32]_dfa_exec()\fP
+.\" JOIN
+  \e<any>     pass the PCRE_NEWLINE_ANY option to \fBpcre[16|32]_exec()\fP
+               or \fBpcre[16|32]_dfa_exec()\fP
+.sp
+The use of \ex{hh...} is not dependent on the use of the \fB/8\fP modifier on
+the pattern. It is recognized always. There may be any number of hexadecimal
+digits inside the braces; invalid values provoke error messages.
+.P
+Note that \exhh specifies one byte rather than one character in UTF-8 mode;
+this makes it possible to construct invalid UTF-8 sequences for testing
+purposes. On the other hand, \ex{hh} is interpreted as a UTF-8 character in
+UTF-8 mode, generating more than one byte if the value is greater than 127.
+When testing the 8-bit library not in UTF-8 mode, \ex{hh} generates one byte
+for values less than 256, and causes an error for greater values.
+.P
+In UTF-16 mode, all 4-digit \ex{hhhh} values are accepted. This makes it
+possible to construct invalid UTF-16 sequences for testing purposes.
+.P
+In UTF-32 mode, all 4- to 8-digit \ex{...} values are accepted. This makes it
+possible to construct invalid UTF-32 sequences for testing purposes.
+.P
+The escapes that specify line ending sequences are literal strings, exactly as
+shown. No more than one newline setting should be present in any data line.
+.P
+A backslash followed by anything else just escapes the anything else. If
+the very last character is a backslash, it is ignored. This gives a way of
+passing an empty line as data, since a real empty line terminates the data
+input.
+.P
+The \fB\eJ\fP escape provides a way of setting the maximum stack size that is
+used by the just-in-time optimization code. It is ignored if JIT optimization
+is not being used. Providing a stack that is larger than the default 32K is
+necessary only for very complicated patterns.
+.P
+If \eM is present, \fBpcretest\fP calls \fBpcre[16|32]_exec()\fP several times,
+with different values in the \fImatch_limit\fP and \fImatch_limit_recursion\fP
+fields of the \fBpcre[16|32]_extra\fP data structure, until it finds the minimum
+numbers for each parameter that allow \fBpcre[16|32]_exec()\fP to complete without
+error. Because this is testing a specific feature of the normal interpretive
+\fBpcre[16|32]_exec()\fP execution, the use of any JIT optimization that might
+have been set up by the \fB/S+\fP qualifier of \fB-s+\fP option is disabled.
+.P
+The \fImatch_limit\fP number is a measure of the amount of backtracking
+that takes place, and checking it out can be instructive. For most simple
+matches, the number is quite small, but for patterns with very large numbers of
+matching possibilities, it can become large very quickly with increasing length
+of subject string. The \fImatch_limit_recursion\fP number is a measure of how
+much stack (or, if PCRE is compiled with NO_RECURSE, how much heap) memory is
+needed to complete the match attempt.
+.P
+When \eO is used, the value specified may be higher or lower than the size set
+by the \fB-O\fP command line option (or defaulted to 45); \eO applies only to
+the call of \fBpcre[16|32]_exec()\fP for the line in which it appears.
+.P
+If the \fB/P\fP modifier was present on the pattern, causing the POSIX wrapper
+API to be used, the only option-setting sequences that have any effect are \eB,
+\eN, and \eZ, causing REG_NOTBOL, REG_NOTEMPTY, and REG_NOTEOL, respectively,
+to be passed to \fBregexec()\fP.
+.
+.
+.SH "THE ALTERNATIVE MATCHING FUNCTION"
+.rs
+.sp
+By default, \fBpcretest\fP uses the standard PCRE matching function,
+\fBpcre[16|32]_exec()\fP to match each data line. PCRE also supports an
+alternative matching function, \fBpcre[16|32]_dfa_test()\fP, which operates in a
+different way, and has some restrictions. The differences between the two
+functions are described in the
+.\" HREF
+\fBpcrematching\fP
+.\"
+documentation.
+.P
+If a data line contains the \eD escape sequence, or if the command line
+contains the \fB-dfa\fP option, the alternative matching function is used.
+This function finds all possible matches at a given point. If, however, the \eF
+escape sequence is present in the data line, it stops after the first match is
+found. This is always the shortest possible match.
+.
+.
+.SH "DEFAULT OUTPUT FROM PCRETEST"
+.rs
+.sp
+This section describes the output when the normal matching function,
+\fBpcre[16|32]_exec()\fP, is being used.
+.P
+When a match succeeds, \fBpcretest\fP outputs the list of captured substrings
+that \fBpcre[16|32]_exec()\fP returns, starting with number 0 for the string that
+matched the whole pattern. Otherwise, it outputs "No match" when the return is
+PCRE_ERROR_NOMATCH, and "Partial match:" followed by the partially matching
+substring when \fBpcre[16|32]_exec()\fP returns PCRE_ERROR_PARTIAL. (Note that
+this is the entire substring that was inspected during the partial match; it
+may include characters before the actual match start if a lookbehind assertion,
+\eK, \eb, or \eB was involved.) For any other return, \fBpcretest\fP outputs
+the PCRE negative error number and a short descriptive phrase. If the error is
+a failed UTF string check, the offset of the start of the failing character and
+the reason code are also output, provided that the size of the output vector is
+at least two. Here is an example of an interactive \fBpcretest\fP run.
+.sp
+  $ pcretest
+  PCRE version 8.13 2011-04-30
+.sp
+    re> /^abc(\ed+)/
+  data> abc123
+   0: abc123
+   1: 123
+  data> xyz
+  No match
+.sp
+Unset capturing substrings that are not followed by one that is set are not
+returned by \fBpcre[16|32]_exec()\fP, and are not shown by \fBpcretest\fP. In the
+following example, there are two capturing substrings, but when the first data
+line is matched, the second, unset substring is not shown. An "internal" unset
+substring is shown as "<unset>", as for the second data line.
+.sp
+    re> /(a)|(b)/
+  data> a
+   0: a
+   1: a
+  data> b
+   0: b
+   1: <unset>
+   2: b
+.sp
+If the strings contain any non-printing characters, they are output as \exhh
+escapes if the value is less than 256 and UTF mode is not set. Otherwise they
+are output as \ex{hh...} escapes. See below for the definition of non-printing
+characters. If the pattern has the \fB/+\fP modifier, the output for substring
+0 is followed by the the rest of the subject string, identified by "0+" like
+this:
+.sp
+    re> /cat/+
+  data> cataract
+   0: cat
+   0+ aract
+.sp
+If the pattern has the \fB/g\fP or \fB/G\fP modifier, the results of successive
+matching attempts are output in sequence, like this:
+.sp
+    re> /\eBi(\ew\ew)/g
+  data> Mississippi
+   0: iss
+   1: ss
+   0: iss
+   1: ss
+   0: ipp
+   1: pp
+.sp
+"No match" is output only if the first match attempt fails. Here is an example
+of a failure message (the offset 4 that is specified by \e>4 is past the end of
+the subject string):
+.sp
+    re> /xyz/
+  data> xyz\e>4
+  Error -24 (bad offset value)
+.P
+If any of the sequences \fB\eC\fP, \fB\eG\fP, or \fB\eL\fP are present in a
+data line that is successfully matched, the substrings extracted by the
+convenience functions are output with C, G, or L after the string number
+instead of a colon. This is in addition to the normal full list. The string
+length (that is, the return from the extraction function) is given in
+parentheses after each string for \fB\eC\fP and \fB\eG\fP.
+.P
+Note that whereas patterns can be continued over several lines (a plain ">"
+prompt is used for continuations), data lines may not. However newlines can be
+included in data by means of the \en escape (or \er, \er\en, etc., depending on
+the newline sequence setting).
+.
+.
+.
+.SH "OUTPUT FROM THE ALTERNATIVE MATCHING FUNCTION"
+.rs
+.sp
+When the alternative matching function, \fBpcre[16|32]_dfa_exec()\fP, is used (by
+means of the \eD escape sequence or the \fB-dfa\fP command line option), the
+output consists of a list of all the matches that start at the first point in
+the subject where there is at least one match. For example:
+.sp
+    re> /(tang|tangerine|tan)/
+  data> yellow tangerine\eD
+   0: tangerine
+   1: tang
+   2: tan
+.sp
+(Using the normal matching function on this data finds only "tang".) The
+longest matching string is always given first (and numbered zero). After a
+PCRE_ERROR_PARTIAL return, the output is "Partial match:", followed by the
+partially matching substring. (Note that this is the entire substring that was
+inspected during the partial match; it may include characters before the actual
+match start if a lookbehind assertion, \eK, \eb, or \eB was involved.)
+.P
+If \fB/g\fP is present on the pattern, the search for further matches resumes
+at the end of the longest match. For example:
+.sp
+    re> /(tang|tangerine|tan)/g
+  data> yellow tangerine and tangy sultana\eD
+   0: tangerine
+   1: tang
+   2: tan
+   0: tang
+   1: tan
+   0: tan
+.sp
+Since the matching function does not support substring capture, the escape
+sequences that are concerned with captured substrings are not relevant.
+.
+.
+.SH "RESTARTING AFTER A PARTIAL MATCH"
+.rs
+.sp
+When the alternative matching function has given the PCRE_ERROR_PARTIAL return,
+indicating that the subject partially matched the pattern, you can restart the
+match with additional subject data by means of the \eR escape sequence. For
+example:
+.sp
+    re> /^\ed?\ed(jan|feb|mar|apr|may|jun|jul|aug|sep|oct|nov|dec)\ed\ed$/
+  data> 23ja\eP\eD
+  Partial match: 23ja
+  data> n05\eR\eD
+   0: n05
+.sp
+For further information about partial matching, see the
+.\" HREF
+\fBpcrepartial\fP
+.\"
+documentation.
+.
+.
+.SH CALLOUTS
+.rs
+.sp
+If the pattern contains any callout requests, \fBpcretest\fP's callout function
+is called during matching. This works with both matching functions. By default,
+the called function displays the callout number, the start and current
+positions in the text at the callout time, and the next pattern item to be
+tested. For example:
+.sp
+  --->pqrabcdef
+    0    ^  ^     \ed
+.sp
+This output indicates that callout number 0 occurred for a match attempt
+starting at the fourth character of the subject string, when the pointer was at
+the seventh character of the data, and when the next pattern item was \ed. Just
+one circumflex is output if the start and current positions are the same.
+.P
+Callouts numbered 255 are assumed to be automatic callouts, inserted as a
+result of the \fB/C\fP pattern modifier. In this case, instead of showing the
+callout number, the offset in the pattern, preceded by a plus, is output. For
+example:
+.sp
+    re> /\ed?[A-E]\e*/C
+  data> E*
+  --->E*
+   +0 ^      \ed?
+   +3 ^      [A-E]
+   +8 ^^     \e*
+  +10 ^ ^
+   0: E*
+.sp
+If a pattern contains (*MARK) items, an additional line is output whenever
+a change of latest mark is passed to the callout function. For example:
+.sp
+    re> /a(*MARK:X)bc/C
+  data> abc
+  --->abc
+   +0 ^       a
+   +1 ^^      (*MARK:X)
+  +10 ^^      b
+  Latest Mark: X
+  +11 ^ ^     c
+  +12 ^  ^
+   0: abc
+.sp
+The mark changes between matching "a" and "b", but stays the same for the rest
+of the match, so nothing more is output. If, as a result of backtracking, the
+mark reverts to being unset, the text "<unset>" is output.
+.P
+The callout function in \fBpcretest\fP returns zero (carry on matching) by
+default, but you can use a \eC item in a data line (as described above) to
+change this and other parameters of the callout.
+.P
+Inserting callouts can be helpful when using \fBpcretest\fP to check
+complicated regular expressions. For further information about callouts, see
+the
+.\" HREF
+\fBpcrecallout\fP
+.\"
+documentation.
+.
+.
+.
+.SH "NON-PRINTING CHARACTERS"
+.rs
+.sp
+When \fBpcretest\fP is outputting text in the compiled version of a pattern,
+bytes other than 32-126 are always treated as non-printing characters are are
+therefore shown as hex escapes.
+.P
+When \fBpcretest\fP is outputting text that is a matched part of a subject
+string, it behaves in the same way, unless a different locale has been set for
+the pattern (using the \fB/L\fP modifier). In this case, the \fBisprint()\fP
+function to distinguish printing and non-printing characters.
+.
+.
+.
+.SH "SAVING AND RELOADING COMPILED PATTERNS"
+.rs
+.sp
+The facilities described in this section are not available when the POSIX
+interface to PCRE is being used, that is, when the \fB/P\fP pattern modifier is
+specified.
+.P
+When the POSIX interface is not in use, you can cause \fBpcretest\fP to write a
+compiled pattern to a file, by following the modifiers with > and a file name.
+For example:
+.sp
+  /pattern/im >/some/file
+.sp
+See the
+.\" HREF
+\fBpcreprecompile\fP
+.\"
+documentation for a discussion about saving and re-using compiled patterns.
+Note that if the pattern was successfully studied with JIT optimization, the
+JIT data cannot be saved.
+.P
+The data that is written is binary. The first eight bytes are the length of the
+compiled pattern data followed by the length of the optional study data, each
+written as four bytes in big-endian order (most significant byte first). If
+there is no study data (either the pattern was not studied, or studying did not
+return any data), the second length is zero. The lengths are followed by an
+exact copy of the compiled pattern. If there is additional study data, this
+(excluding any JIT data) follows immediately after the compiled pattern. After
+writing the file, \fBpcretest\fP expects to read a new pattern.
+.P
+A saved pattern can be reloaded into \fBpcretest\fP by specifying < and a file
+name instead of a pattern. There must be no space between < and the file name,
+which must not contain a < character, as otherwise \fBpcretest\fP will
+interpret the line as a pattern delimited by < characters. For example:
+.sp
+   re> </some/file
+  Compiled pattern loaded from /some/file
+  No study data
+.sp
+If the pattern was previously studied with the JIT optimization, the JIT
+information cannot be saved and restored, and so is lost. When the pattern has
+been loaded, \fBpcretest\fP proceeds to read data lines in the usual way.
+.P
+You can copy a file written by \fBpcretest\fP to a different host and reload it
+there, even if the new host has opposite endianness to the one on which the
+pattern was compiled. For example, you can compile on an i86 machine and run on
+a SPARC machine. When a pattern is reloaded on a host with different
+endianness, the confirmation message is changed to:
+.sp
+  Compiled pattern (byte-inverted) loaded from /some/file
+.sp
+The test suite contains some saved pre-compiled patterns with different
+endianness. These are reloaded using "<!" instead of just "<". This suppresses
+the "(byte-inverted)" text so that the output is the same on all hosts. It also
+forces debugging output once the pattern has been reloaded.
+.P
+File names for saving and reloading can be absolute or relative, but note that
+the shell facility of expanding a file name that starts with a tilde (~) is not
+available.
+.P
+The ability to save and reload files in \fBpcretest\fP is intended for testing
+and experimentation. It is not intended for production use because only a
+single pattern can be written to a file. Furthermore, there is no facility for
+supplying custom character tables for use with a reloaded pattern. If the
+original pattern was compiled with custom tables, an attempt to match a subject
+string using a reloaded pattern is likely to cause \fBpcretest\fP to crash.
+Finally, if you attempt to load a file that is not in the correct format, the
+result is undefined.
+.
+.
+.SH "SEE ALSO"
+.rs
+.sp
+\fBpcre\fP(3), \fBpcre16\fP(3), \fBpcre32\fP(3), \fBpcreapi\fP(3),
+\fBpcrecallout\fP(3),
+\fBpcrejit\fP, \fBpcrematching\fP(3), \fBpcrepartial\fP(d),
+\fBpcrepattern\fP(3), \fBpcreprecompile\fP(3).
+.
+.
+.SH AUTHOR
+.rs
+.sp
+.nf
+Philip Hazel
+University Computing Service
+Cambridge CB2 3QH, England.
+.fi
+.
+.
+.SH REVISION
+.rs
+.sp
+.nf
+Last updated: 23 February 2017
+Copyright (c) 1997-2017 University of Cambridge.
+.fi
diff --git a/client/3rd/ShadowSocks/ShadowSocks/pcre/arm64/share/man/man3/pcre.3 b/client/3rd/ShadowSocks/ShadowSocks/pcre/arm64/share/man/man3/pcre.3
new file mode 100644
index 00000000..0f2837e7
--- /dev/null
+++ b/client/3rd/ShadowSocks/ShadowSocks/pcre/arm64/share/man/man3/pcre.3
@@ -0,0 +1,230 @@
+.TH PCRE 3 "10 February 2015" "PCRE 8.37"
+.SH NAME
+PCRE - Perl-compatible regular expressions (original API)
+.SH "PLEASE TAKE NOTE"
+.rs
+.sp
+This document relates to PCRE releases that use the original API,
+with library names libpcre, libpcre16, and libpcre32. January 2015 saw the
+first release of a new API, known as PCRE2, with release numbers starting at
+10.00 and library names libpcre2-8, libpcre2-16, and libpcre2-32. The old
+libraries (now called PCRE1) are still being maintained for bug fixes, but
+there will be no new development. New projects are advised to use the new PCRE2
+libraries.
+.
+.
+.SH INTRODUCTION
+.rs
+.sp
+The PCRE library is a set of functions that implement regular expression
+pattern matching using the same syntax and semantics as Perl, with just a few
+differences. Some features that appeared in Python and PCRE before they
+appeared in Perl are also available using the Python syntax, there is some
+support for one or two .NET and Oniguruma syntax items, and there is an option
+for requesting some minor changes that give better JavaScript compatibility.
+.P
+Starting with release 8.30, it is possible to compile two separate PCRE
+libraries: the original, which supports 8-bit character strings (including
+UTF-8 strings), and a second library that supports 16-bit character strings
+(including UTF-16 strings). The build process allows either one or both to be
+built. The majority of the work to make this possible was done by Zoltan
+Herczeg.
+.P
+Starting with release 8.32 it is possible to compile a third separate PCRE
+library that supports 32-bit character strings (including UTF-32 strings). The
+build process allows any combination of the 8-, 16- and 32-bit libraries. The
+work to make this possible was done by Christian Persch.
+.P
+The three libraries contain identical sets of functions, except that the names
+in the 16-bit library start with \fBpcre16_\fP instead of \fBpcre_\fP, and the
+names in the 32-bit library start with \fBpcre32_\fP instead of \fBpcre_\fP. To
+avoid over-complication and reduce the documentation maintenance load, most of
+the documentation describes the 8-bit library, with the differences for the
+16-bit and 32-bit libraries described separately in the
+.\" HREF
+\fBpcre16\fP
+and
+.\" HREF
+\fBpcre32\fP
+.\"
+pages. References to functions or structures of the form \fIpcre[16|32]_xxx\fP
+should be read as meaning "\fIpcre_xxx\fP when using the 8-bit library,
+\fIpcre16_xxx\fP when using the 16-bit library, or \fIpcre32_xxx\fP when using
+the 32-bit library".
+.P
+The current implementation of PCRE corresponds approximately with Perl 5.12,
+including support for UTF-8/16/32 encoded strings and Unicode general category
+properties. However, UTF-8/16/32 and Unicode support has to be explicitly
+enabled; it is not the default. The Unicode tables correspond to Unicode
+release 6.3.0.
+.P
+In addition to the Perl-compatible matching function, PCRE contains an
+alternative function that matches the same compiled patterns in a different
+way. In certain circumstances, the alternative function has some advantages.
+For a discussion of the two matching algorithms, see the
+.\" HREF
+\fBpcrematching\fP
+.\"
+page.
+.P
+PCRE is written in C and released as a C library. A number of people have
+written wrappers and interfaces of various kinds. In particular, Google Inc.
+have provided a comprehensive C++ wrapper for the 8-bit library. This is now
+included as part of the PCRE distribution. The
+.\" HREF
+\fBpcrecpp\fP
+.\"
+page has details of this interface. Other people's contributions can be found
+in the \fIContrib\fP directory at the primary FTP site, which is:
+.sp
+.\" HTML <a href="ftp://ftp.csx.cam.ac.uk/pub/software/programming/pcre">
+.\" </a>
+ftp://ftp.csx.cam.ac.uk/pub/software/programming/pcre
+.\"
+.P
+Details of exactly which Perl regular expression features are and are not
+supported by PCRE are given in separate documents. See the
+.\" HREF
+\fBpcrepattern\fP
+.\"
+and
+.\" HREF
+\fBpcrecompat\fP
+.\"
+pages. There is a syntax summary in the
+.\" HREF
+\fBpcresyntax\fP
+.\"
+page.
+.P
+Some features of PCRE can be included, excluded, or changed when the library is
+built. The
+.\" HREF
+\fBpcre_config()\fP
+.\"
+function makes it possible for a client to discover which features are
+available. The features themselves are described in the
+.\" HREF
+\fBpcrebuild\fP
+.\"
+page. Documentation about building PCRE for various operating systems can be
+found in the
+.\" HTML <a href="README.txt">
+.\" </a>
+\fBREADME\fP
+.\"
+and
+.\" HTML <a href="NON-AUTOTOOLS-BUILD.txt">
+.\" </a>
+\fBNON-AUTOTOOLS_BUILD\fP
+.\"
+files in the source distribution.
+.P
+The libraries contains a number of undocumented internal functions and data
+tables that are used by more than one of the exported external functions, but
+which are not intended for use by external callers. Their names all begin with
+"_pcre_" or "_pcre16_" or "_pcre32_", which hopefully will not provoke any name
+clashes. In some environments, it is possible to control which external symbols
+are exported when a shared library is built, and in these cases the
+undocumented symbols are not exported.
+.
+.
+.SH "SECURITY CONSIDERATIONS"
+.rs
+.sp
+If you are using PCRE in a non-UTF application that permits users to supply
+arbitrary patterns for compilation, you should be aware of a feature that
+allows users to turn on UTF support from within a pattern, provided that PCRE
+was built with UTF support. For example, an 8-bit pattern that begins with
+"(*UTF8)" or "(*UTF)" turns on UTF-8 mode, which interprets patterns and
+subjects as strings of UTF-8 characters instead of individual 8-bit characters.
+This causes both the pattern and any data against which it is matched to be
+checked for UTF-8 validity. If the data string is very long, such a check might
+use sufficiently many resources as to cause your application to lose
+performance.
+.P
+One way of guarding against this possibility is to use the
+\fBpcre_fullinfo()\fP function to check the compiled pattern's options for UTF.
+Alternatively, from release 8.33, you can set the PCRE_NEVER_UTF option at
+compile time. This causes an compile time error if a pattern contains a
+UTF-setting sequence.
+.P
+If your application is one that supports UTF, be aware that validity checking
+can take time. If the same data string is to be matched many times, you can use
+the PCRE_NO_UTF[8|16|32]_CHECK option for the second and subsequent matches to
+save redundant checks.
+.P
+Another way that performance can be hit is by running a pattern that has a very
+large search tree against a string that will never match. Nested unlimited
+repeats in a pattern are a common example. PCRE provides some protection
+against this: see the PCRE_EXTRA_MATCH_LIMIT feature in the
+.\" HREF
+\fBpcreapi\fP
+.\"
+page.
+.
+.
+.SH "USER DOCUMENTATION"
+.rs
+.sp
+The user documentation for PCRE comprises a number of different sections. In
+the "man" format, each of these is a separate "man page". In the HTML format,
+each is a separate page, linked from the index page. In the plain text format,
+the descriptions of the \fBpcregrep\fP and \fBpcretest\fP programs are in files
+called \fBpcregrep.txt\fP and \fBpcretest.txt\fP, respectively. The remaining
+sections, except for the \fBpcredemo\fP section (which is a program listing),
+are concatenated in \fBpcre.txt\fP, for ease of searching. The sections are as
+follows:
+.sp
+  pcre              this document
+  pcre-config       show PCRE installation configuration information
+  pcre16            details of the 16-bit library
+  pcre32            details of the 32-bit library
+  pcreapi           details of PCRE's native C API
+  pcrebuild         building PCRE
+  pcrecallout       details of the callout feature
+  pcrecompat        discussion of Perl compatibility
+  pcrecpp           details of the C++ wrapper for the 8-bit library
+  pcredemo          a demonstration C program that uses PCRE
+  pcregrep          description of the \fBpcregrep\fP command (8-bit only)
+  pcrejit           discussion of the just-in-time optimization support
+  pcrelimits        details of size and other limits
+  pcrematching      discussion of the two matching algorithms
+  pcrepartial       details of the partial matching facility
+.\" JOIN
+  pcrepattern       syntax and semantics of supported
+                      regular expressions
+  pcreperform       discussion of performance issues
+  pcreposix         the POSIX-compatible C API for the 8-bit library
+  pcreprecompile    details of saving and re-using precompiled patterns
+  pcresample        discussion of the pcredemo program
+  pcrestack         discussion of stack usage
+  pcresyntax        quick syntax reference
+  pcretest          description of the \fBpcretest\fP testing command
+  pcreunicode       discussion of Unicode and UTF-8/16/32 support
+.sp
+In the "man" and HTML formats, there is also a short page for each C library
+function, listing its arguments and results.
+.
+.
+.SH AUTHOR
+.rs
+.sp
+.nf
+Philip Hazel
+University Computing Service
+Cambridge CB2 3QH, England.
+.fi
+.P
+Putting an actual email address here seems to have been a spam magnet, so I've
+taken it away. If you want to email me, use my two initials, followed by the
+two digits 10, at the domain cam.ac.uk.
+.
+.
+.SH REVISION
+.rs
+.sp
+.nf
+Last updated: 10 February 2015
+Copyright (c) 1997-2015 University of Cambridge.
+.fi
diff --git a/client/3rd/ShadowSocks/ShadowSocks/pcre/arm64/share/man/man3/pcre16.3 b/client/3rd/ShadowSocks/ShadowSocks/pcre/arm64/share/man/man3/pcre16.3
new file mode 100644
index 00000000..85126a67
--- /dev/null
+++ b/client/3rd/ShadowSocks/ShadowSocks/pcre/arm64/share/man/man3/pcre16.3
@@ -0,0 +1,371 @@
+.TH PCRE 3 "12 May 2013" "PCRE 8.33"
+.SH NAME
+PCRE - Perl-compatible regular expressions
+.sp
+.B #include <pcre.h>
+.
+.
+.SH "PCRE 16-BIT API BASIC FUNCTIONS"
+.rs
+.sp
+.nf
+.B pcre16 *pcre16_compile(PCRE_SPTR16 \fIpattern\fP, int \fIoptions\fP,
+.B "     const char **\fIerrptr\fP, int *\fIerroffset\fP,"
+.B "     const unsigned char *\fItableptr\fP);"
+.sp
+.B pcre16 *pcre16_compile2(PCRE_SPTR16 \fIpattern\fP, int \fIoptions\fP,
+.B "     int *\fIerrorcodeptr\fP,"
+.B "     const char **\fIerrptr\fP, int *\fIerroffset\fP,"
+.B "     const unsigned char *\fItableptr\fP);"
+.sp
+.B pcre16_extra *pcre16_study(const pcre16 *\fIcode\fP, int \fIoptions\fP,
+.B "     const char **\fIerrptr\fP);"
+.sp
+.B void pcre16_free_study(pcre16_extra *\fIextra\fP);
+.sp
+.B int pcre16_exec(const pcre16 *\fIcode\fP, "const pcre16_extra *\fIextra\fP,"
+.B "     PCRE_SPTR16 \fIsubject\fP, int \fIlength\fP, int \fIstartoffset\fP,"
+.B "     int \fIoptions\fP, int *\fIovector\fP, int \fIovecsize\fP);"
+.sp
+.B int pcre16_dfa_exec(const pcre16 *\fIcode\fP, "const pcre16_extra *\fIextra\fP,"
+.B "     PCRE_SPTR16 \fIsubject\fP, int \fIlength\fP, int \fIstartoffset\fP,"
+.B "     int \fIoptions\fP, int *\fIovector\fP, int \fIovecsize\fP,"
+.B "     int *\fIworkspace\fP, int \fIwscount\fP);"
+.fi
+.
+.
+.SH "PCRE 16-BIT API STRING EXTRACTION FUNCTIONS"
+.rs
+.sp
+.nf
+.B int pcre16_copy_named_substring(const pcre16 *\fIcode\fP,
+.B "     PCRE_SPTR16 \fIsubject\fP, int *\fIovector\fP,"
+.B "     int \fIstringcount\fP, PCRE_SPTR16 \fIstringname\fP,"
+.B "     PCRE_UCHAR16 *\fIbuffer\fP, int \fIbuffersize\fP);"
+.sp
+.B int pcre16_copy_substring(PCRE_SPTR16 \fIsubject\fP, int *\fIovector\fP,
+.B "     int \fIstringcount\fP, int \fIstringnumber\fP, PCRE_UCHAR16 *\fIbuffer\fP,"
+.B "     int \fIbuffersize\fP);"
+.sp
+.B int pcre16_get_named_substring(const pcre16 *\fIcode\fP,
+.B "     PCRE_SPTR16 \fIsubject\fP, int *\fIovector\fP,"
+.B "     int \fIstringcount\fP, PCRE_SPTR16 \fIstringname\fP,"
+.B "     PCRE_SPTR16 *\fIstringptr\fP);"
+.sp
+.B int pcre16_get_stringnumber(const pcre16 *\fIcode\fP,
+.B "     PCRE_SPTR16 \fIname\fP);
+.sp
+.B int pcre16_get_stringtable_entries(const pcre16 *\fIcode\fP,
+.B "     PCRE_SPTR16 \fIname\fP, PCRE_UCHAR16 **\fIfirst\fP, PCRE_UCHAR16 **\fIlast\fP);"
+.sp
+.B int pcre16_get_substring(PCRE_SPTR16 \fIsubject\fP, int *\fIovector\fP,
+.B "     int \fIstringcount\fP, int \fIstringnumber\fP,"
+.B "     PCRE_SPTR16 *\fIstringptr\fP);"
+.sp
+.B int pcre16_get_substring_list(PCRE_SPTR16 \fIsubject\fP,
+.B "     int *\fIovector\fP, int \fIstringcount\fP, PCRE_SPTR16 **\fIlistptr\fP);"
+.sp
+.B void pcre16_free_substring(PCRE_SPTR16 \fIstringptr\fP);
+.sp
+.B void pcre16_free_substring_list(PCRE_SPTR16 *\fIstringptr\fP);
+.fi
+.
+.
+.SH "PCRE 16-BIT API AUXILIARY FUNCTIONS"
+.rs
+.sp
+.nf
+.B pcre16_jit_stack *pcre16_jit_stack_alloc(int \fIstartsize\fP, int \fImaxsize\fP);
+.sp
+.B void pcre16_jit_stack_free(pcre16_jit_stack *\fIstack\fP);
+.sp
+.B void pcre16_assign_jit_stack(pcre16_extra *\fIextra\fP,
+.B "     pcre16_jit_callback \fIcallback\fP, void *\fIdata\fP);"
+.sp
+.B const unsigned char *pcre16_maketables(void);
+.sp
+.B int pcre16_fullinfo(const pcre16 *\fIcode\fP, "const pcre16_extra *\fIextra\fP,"
+.B "     int \fIwhat\fP, void *\fIwhere\fP);"
+.sp
+.B int pcre16_refcount(pcre16 *\fIcode\fP, int \fIadjust\fP);
+.sp
+.B int pcre16_config(int \fIwhat\fP, void *\fIwhere\fP);
+.sp
+.B const char *pcre16_version(void);
+.sp
+.B int pcre16_pattern_to_host_byte_order(pcre16 *\fIcode\fP,
+.B "     pcre16_extra *\fIextra\fP, const unsigned char *\fItables\fP);"
+.fi
+.
+.
+.SH "PCRE 16-BIT API INDIRECTED FUNCTIONS"
+.rs
+.sp
+.nf
+.B void *(*pcre16_malloc)(size_t);
+.sp
+.B void (*pcre16_free)(void *);
+.sp
+.B void *(*pcre16_stack_malloc)(size_t);
+.sp
+.B void (*pcre16_stack_free)(void *);
+.sp
+.B int (*pcre16_callout)(pcre16_callout_block *);
+.fi
+.
+.
+.SH "PCRE 16-BIT API 16-BIT-ONLY FUNCTION"
+.rs
+.sp
+.nf
+.B int pcre16_utf16_to_host_byte_order(PCRE_UCHAR16 *\fIoutput\fP,
+.B "     PCRE_SPTR16 \fIinput\fP, int \fIlength\fP, int *\fIbyte_order\fP,"
+.B "     int \fIkeep_boms\fP);"
+.fi
+.
+.
+.SH "THE PCRE 16-BIT LIBRARY"
+.rs
+.sp
+Starting with release 8.30, it is possible to compile a PCRE library that
+supports 16-bit character strings, including UTF-16 strings, as well as or
+instead of the original 8-bit library. The majority of the work to make this
+possible was done by Zoltan Herczeg. The two libraries contain identical sets
+of functions, used in exactly the same way. Only the names of the functions and
+the data types of their arguments and results are different. To avoid
+over-complication and reduce the documentation maintenance load, most of the
+PCRE documentation describes the 8-bit library, with only occasional references
+to the 16-bit library. This page describes what is different when you use the
+16-bit library.
+.P
+WARNING: A single application can be linked with both libraries, but you must
+take care when processing any particular pattern to use functions from just one
+library. For example, if you want to study a pattern that was compiled with
+\fBpcre16_compile()\fP, you must do so with \fBpcre16_study()\fP, not
+\fBpcre_study()\fP, and you must free the study data with
+\fBpcre16_free_study()\fP.
+.
+.
+.SH "THE HEADER FILE"
+.rs
+.sp
+There is only one header file, \fBpcre.h\fP. It contains prototypes for all the
+functions in all libraries, as well as definitions of flags, structures, error
+codes, etc.
+.
+.
+.SH "THE LIBRARY NAME"
+.rs
+.sp
+In Unix-like systems, the 16-bit library is called \fBlibpcre16\fP, and can
+normally be accesss by adding \fB-lpcre16\fP to the command for linking an
+application that uses PCRE.
+.
+.
+.SH "STRING TYPES"
+.rs
+.sp
+In the 8-bit library, strings are passed to PCRE library functions as vectors
+of bytes with the C type "char *". In the 16-bit library, strings are passed as
+vectors of unsigned 16-bit quantities. The macro PCRE_UCHAR16 specifies an
+appropriate data type, and PCRE_SPTR16 is defined as "const PCRE_UCHAR16 *". In
+very many environments, "short int" is a 16-bit data type. When PCRE is built,
+it defines PCRE_UCHAR16 as "unsigned short int", but checks that it really is a
+16-bit data type. If it is not, the build fails with an error message telling
+the maintainer to modify the definition appropriately.
+.
+.
+.SH "STRUCTURE TYPES"
+.rs
+.sp
+The types of the opaque structures that are used for compiled 16-bit patterns
+and JIT stacks are \fBpcre16\fP and \fBpcre16_jit_stack\fP respectively. The
+type of the user-accessible structure that is returned by \fBpcre16_study()\fP
+is \fBpcre16_extra\fP, and the type of the structure that is used for passing
+data to a callout function is \fBpcre16_callout_block\fP. These structures
+contain the same fields, with the same names, as their 8-bit counterparts. The
+only difference is that pointers to character strings are 16-bit instead of
+8-bit types.
+.
+.
+.SH "16-BIT FUNCTIONS"
+.rs
+.sp
+For every function in the 8-bit library there is a corresponding function in
+the 16-bit library with a name that starts with \fBpcre16_\fP instead of
+\fBpcre_\fP. The prototypes are listed above. In addition, there is one extra
+function, \fBpcre16_utf16_to_host_byte_order()\fP. This is a utility function
+that converts a UTF-16 character string to host byte order if necessary. The
+other 16-bit functions expect the strings they are passed to be in host byte
+order.
+.P
+The \fIinput\fP and \fIoutput\fP arguments of
+\fBpcre16_utf16_to_host_byte_order()\fP may point to the same address, that is,
+conversion in place is supported. The output buffer must be at least as long as
+the input.
+.P
+The \fIlength\fP argument specifies the number of 16-bit data units in the
+input string; a negative value specifies a zero-terminated string.
+.P
+If \fIbyte_order\fP is NULL, it is assumed that the string starts off in host
+byte order. This may be changed by byte-order marks (BOMs) anywhere in the
+string (commonly as the first character).
+.P
+If \fIbyte_order\fP is not NULL, a non-zero value of the integer to which it
+points means that the input starts off in host byte order, otherwise the
+opposite order is assumed. Again, BOMs in the string can change this. The final
+byte order is passed back at the end of processing.
+.P
+If \fIkeep_boms\fP is not zero, byte-order mark characters (0xfeff) are copied
+into the output string. Otherwise they are discarded.
+.P
+The result of the function is the number of 16-bit units placed into the output
+buffer, including the zero terminator if the string was zero-terminated.
+.
+.
+.SH "SUBJECT STRING OFFSETS"
+.rs
+.sp
+The lengths and starting offsets of subject strings must be specified in 16-bit
+data units, and the offsets within subject strings that are returned by the
+matching functions are in also 16-bit units rather than bytes.
+.
+.
+.SH "NAMED SUBPATTERNS"
+.rs
+.sp
+The name-to-number translation table that is maintained for named subpatterns
+uses 16-bit characters. The \fBpcre16_get_stringtable_entries()\fP function
+returns the length of each entry in the table as the number of 16-bit data
+units.
+.
+.
+.SH "OPTION NAMES"
+.rs
+.sp
+There are two new general option names, PCRE_UTF16 and PCRE_NO_UTF16_CHECK,
+which correspond to PCRE_UTF8 and PCRE_NO_UTF8_CHECK in the 8-bit library. In
+fact, these new options define the same bits in the options word. There is a
+discussion about the
+.\" HTML <a href="pcreunicode.html#utf16strings">
+.\" </a>
+validity of UTF-16 strings
+.\"
+in the
+.\" HREF
+\fBpcreunicode\fP
+.\"
+page.
+.P
+For the \fBpcre16_config()\fP function there is an option PCRE_CONFIG_UTF16
+that returns 1 if UTF-16 support is configured, otherwise 0. If this option is
+given to \fBpcre_config()\fP or \fBpcre32_config()\fP, or if the
+PCRE_CONFIG_UTF8 or PCRE_CONFIG_UTF32 option is given to \fBpcre16_config()\fP,
+the result is the PCRE_ERROR_BADOPTION error.
+.
+.
+.SH "CHARACTER CODES"
+.rs
+.sp
+In 16-bit mode, when PCRE_UTF16 is not set, character values are treated in the
+same way as in 8-bit, non UTF-8 mode, except, of course, that they can range
+from 0 to 0xffff instead of 0 to 0xff. Character types for characters less than
+0xff can therefore be influenced by the locale in the same way as before.
+Characters greater than 0xff have only one case, and no "type" (such as letter
+or digit).
+.P
+In UTF-16 mode, the character code is Unicode, in the range 0 to 0x10ffff, with
+the exception of values in the range 0xd800 to 0xdfff because those are
+"surrogate" values that are used in pairs to encode values greater than 0xffff.
+.P
+A UTF-16 string can indicate its endianness by special code knows as a
+byte-order mark (BOM). The PCRE functions do not handle this, expecting strings
+to be in host byte order. A utility function called
+\fBpcre16_utf16_to_host_byte_order()\fP is provided to help with this (see
+above).
+.
+.
+.SH "ERROR NAMES"
+.rs
+.sp
+The errors PCRE_ERROR_BADUTF16_OFFSET and PCRE_ERROR_SHORTUTF16 correspond to
+their 8-bit counterparts. The error PCRE_ERROR_BADMODE is given when a compiled
+pattern is passed to a function that processes patterns in the other
+mode, for example, if a pattern compiled with \fBpcre_compile()\fP is passed to
+\fBpcre16_exec()\fP.
+.P
+There are new error codes whose names begin with PCRE_UTF16_ERR for invalid
+UTF-16 strings, corresponding to the PCRE_UTF8_ERR codes for UTF-8 strings that
+are described in the section entitled
+.\" HTML <a href="pcreapi.html#badutf8reasons">
+.\" </a>
+"Reason codes for invalid UTF-8 strings"
+.\"
+in the main
+.\" HREF
+\fBpcreapi\fP
+.\"
+page. The UTF-16 errors are:
+.sp
+  PCRE_UTF16_ERR1  Missing low surrogate at end of string
+  PCRE_UTF16_ERR2  Invalid low surrogate follows high surrogate
+  PCRE_UTF16_ERR3  Isolated low surrogate
+  PCRE_UTF16_ERR4  Non-character
+.
+.
+.SH "ERROR TEXTS"
+.rs
+.sp
+If there is an error while compiling a pattern, the error text that is passed
+back by \fBpcre16_compile()\fP or \fBpcre16_compile2()\fP is still an 8-bit
+character string, zero-terminated.
+.
+.
+.SH "CALLOUTS"
+.rs
+.sp
+The \fIsubject\fP and \fImark\fP fields in the callout block that is passed to
+a callout function point to 16-bit vectors.
+.
+.
+.SH "TESTING"
+.rs
+.sp
+The \fBpcretest\fP program continues to operate with 8-bit input and output
+files, but it can be used for testing the 16-bit library. If it is run with the
+command line option \fB-16\fP, patterns and subject strings are converted from
+8-bit to 16-bit before being passed to PCRE, and the 16-bit library functions
+are used instead of the 8-bit ones. Returned 16-bit strings are converted to
+8-bit for output. If both the 8-bit and the 32-bit libraries were not compiled,
+\fBpcretest\fP defaults to 16-bit and the \fB-16\fP option is ignored.
+.P
+When PCRE is being built, the \fBRunTest\fP script that is called by "make
+check" uses the \fBpcretest\fP \fB-C\fP option to discover which of the 8-bit,
+16-bit and 32-bit libraries has been built, and runs the tests appropriately.
+.
+.
+.SH "NOT SUPPORTED IN 16-BIT MODE"
+.rs
+.sp
+Not all the features of the 8-bit library are available with the 16-bit
+library. The C++ and POSIX wrapper functions support only the 8-bit library,
+and the \fBpcregrep\fP program is at present 8-bit only.
+.
+.
+.SH AUTHOR
+.rs
+.sp
+.nf
+Philip Hazel
+University Computing Service
+Cambridge CB2 3QH, England.
+.fi
+.
+.
+.SH REVISION
+.rs
+.sp
+.nf
+Last updated: 12 May 2013
+Copyright (c) 1997-2013 University of Cambridge.
+.fi
diff --git a/client/3rd/ShadowSocks/ShadowSocks/pcre/arm64/share/man/man3/pcre16_assign_jit_stack.3 b/client/3rd/ShadowSocks/ShadowSocks/pcre/arm64/share/man/man3/pcre16_assign_jit_stack.3
new file mode 120000
index 00000000..40c8775a
--- /dev/null
+++ b/client/3rd/ShadowSocks/ShadowSocks/pcre/arm64/share/man/man3/pcre16_assign_jit_stack.3
@@ -0,0 +1 @@
+pcre_assign_jit_stack.3
\ No newline at end of file
diff --git a/client/3rd/ShadowSocks/ShadowSocks/pcre/arm64/share/man/man3/pcre16_compile.3 b/client/3rd/ShadowSocks/ShadowSocks/pcre/arm64/share/man/man3/pcre16_compile.3
new file mode 120000
index 00000000..9364e751
--- /dev/null
+++ b/client/3rd/ShadowSocks/ShadowSocks/pcre/arm64/share/man/man3/pcre16_compile.3
@@ -0,0 +1 @@
+pcre_compile.3
\ No newline at end of file
diff --git a/client/3rd/ShadowSocks/ShadowSocks/pcre/arm64/share/man/man3/pcre16_compile2.3 b/client/3rd/ShadowSocks/ShadowSocks/pcre/arm64/share/man/man3/pcre16_compile2.3
new file mode 120000
index 00000000..2d6aff35
--- /dev/null
+++ b/client/3rd/ShadowSocks/ShadowSocks/pcre/arm64/share/man/man3/pcre16_compile2.3
@@ -0,0 +1 @@
+pcre_compile2.3
\ No newline at end of file
diff --git a/client/3rd/ShadowSocks/ShadowSocks/pcre/arm64/share/man/man3/pcre16_config.3 b/client/3rd/ShadowSocks/ShadowSocks/pcre/arm64/share/man/man3/pcre16_config.3
new file mode 120000
index 00000000..db964059
--- /dev/null
+++ b/client/3rd/ShadowSocks/ShadowSocks/pcre/arm64/share/man/man3/pcre16_config.3
@@ -0,0 +1 @@
+pcre_config.3
\ No newline at end of file
diff --git a/client/3rd/ShadowSocks/ShadowSocks/pcre/arm64/share/man/man3/pcre16_copy_named_substring.3 b/client/3rd/ShadowSocks/ShadowSocks/pcre/arm64/share/man/man3/pcre16_copy_named_substring.3
new file mode 120000
index 00000000..c15b9774
--- /dev/null
+++ b/client/3rd/ShadowSocks/ShadowSocks/pcre/arm64/share/man/man3/pcre16_copy_named_substring.3
@@ -0,0 +1 @@
+pcre_copy_named_substring.3
\ No newline at end of file
diff --git a/client/3rd/ShadowSocks/ShadowSocks/pcre/arm64/share/man/man3/pcre16_copy_substring.3 b/client/3rd/ShadowSocks/ShadowSocks/pcre/arm64/share/man/man3/pcre16_copy_substring.3
new file mode 120000
index 00000000..98d1f84d
--- /dev/null
+++ b/client/3rd/ShadowSocks/ShadowSocks/pcre/arm64/share/man/man3/pcre16_copy_substring.3
@@ -0,0 +1 @@
+pcre_copy_substring.3
\ No newline at end of file
diff --git a/client/3rd/ShadowSocks/ShadowSocks/pcre/arm64/share/man/man3/pcre16_dfa_exec.3 b/client/3rd/ShadowSocks/ShadowSocks/pcre/arm64/share/man/man3/pcre16_dfa_exec.3
new file mode 120000
index 00000000..ed408df0
--- /dev/null
+++ b/client/3rd/ShadowSocks/ShadowSocks/pcre/arm64/share/man/man3/pcre16_dfa_exec.3
@@ -0,0 +1 @@
+pcre_dfa_exec.3
\ No newline at end of file
diff --git a/client/3rd/ShadowSocks/ShadowSocks/pcre/arm64/share/man/man3/pcre16_exec.3 b/client/3rd/ShadowSocks/ShadowSocks/pcre/arm64/share/man/man3/pcre16_exec.3
new file mode 120000
index 00000000..ebaa2527
--- /dev/null
+++ b/client/3rd/ShadowSocks/ShadowSocks/pcre/arm64/share/man/man3/pcre16_exec.3
@@ -0,0 +1 @@
+pcre_exec.3
\ No newline at end of file
diff --git a/client/3rd/ShadowSocks/ShadowSocks/pcre/arm64/share/man/man3/pcre16_free_study.3 b/client/3rd/ShadowSocks/ShadowSocks/pcre/arm64/share/man/man3/pcre16_free_study.3
new file mode 120000
index 00000000..4c53ea9f
--- /dev/null
+++ b/client/3rd/ShadowSocks/ShadowSocks/pcre/arm64/share/man/man3/pcre16_free_study.3
@@ -0,0 +1 @@
+pcre_free_study.3
\ No newline at end of file
diff --git a/client/3rd/ShadowSocks/ShadowSocks/pcre/arm64/share/man/man3/pcre16_free_substring.3 b/client/3rd/ShadowSocks/ShadowSocks/pcre/arm64/share/man/man3/pcre16_free_substring.3
new file mode 120000
index 00000000..48567bfb
--- /dev/null
+++ b/client/3rd/ShadowSocks/ShadowSocks/pcre/arm64/share/man/man3/pcre16_free_substring.3
@@ -0,0 +1 @@
+pcre_free_substring.3
\ No newline at end of file
diff --git a/client/3rd/ShadowSocks/ShadowSocks/pcre/arm64/share/man/man3/pcre16_free_substring_list.3 b/client/3rd/ShadowSocks/ShadowSocks/pcre/arm64/share/man/man3/pcre16_free_substring_list.3
new file mode 120000
index 00000000..84b7b7e5
--- /dev/null
+++ b/client/3rd/ShadowSocks/ShadowSocks/pcre/arm64/share/man/man3/pcre16_free_substring_list.3
@@ -0,0 +1 @@
+pcre_free_substring_list.3
\ No newline at end of file
diff --git a/client/3rd/ShadowSocks/ShadowSocks/pcre/arm64/share/man/man3/pcre16_fullinfo.3 b/client/3rd/ShadowSocks/ShadowSocks/pcre/arm64/share/man/man3/pcre16_fullinfo.3
new file mode 120000
index 00000000..b7386a98
--- /dev/null
+++ b/client/3rd/ShadowSocks/ShadowSocks/pcre/arm64/share/man/man3/pcre16_fullinfo.3
@@ -0,0 +1 @@
+pcre_fullinfo.3
\ No newline at end of file
diff --git a/client/3rd/ShadowSocks/ShadowSocks/pcre/arm64/share/man/man3/pcre16_get_named_substring.3 b/client/3rd/ShadowSocks/ShadowSocks/pcre/arm64/share/man/man3/pcre16_get_named_substring.3
new file mode 120000
index 00000000..c095ca50
--- /dev/null
+++ b/client/3rd/ShadowSocks/ShadowSocks/pcre/arm64/share/man/man3/pcre16_get_named_substring.3
@@ -0,0 +1 @@
+pcre_get_named_substring.3
\ No newline at end of file
diff --git a/client/3rd/ShadowSocks/ShadowSocks/pcre/arm64/share/man/man3/pcre16_get_stringnumber.3 b/client/3rd/ShadowSocks/ShadowSocks/pcre/arm64/share/man/man3/pcre16_get_stringnumber.3
new file mode 120000
index 00000000..f8e81d32
--- /dev/null
+++ b/client/3rd/ShadowSocks/ShadowSocks/pcre/arm64/share/man/man3/pcre16_get_stringnumber.3
@@ -0,0 +1 @@
+pcre_get_stringnumber.3
\ No newline at end of file
diff --git a/client/3rd/ShadowSocks/ShadowSocks/pcre/arm64/share/man/man3/pcre16_get_stringtable_entries.3 b/client/3rd/ShadowSocks/ShadowSocks/pcre/arm64/share/man/man3/pcre16_get_stringtable_entries.3
new file mode 120000
index 00000000..9f8cc4a7
--- /dev/null
+++ b/client/3rd/ShadowSocks/ShadowSocks/pcre/arm64/share/man/man3/pcre16_get_stringtable_entries.3
@@ -0,0 +1 @@
+pcre_get_stringtable_entries.3
\ No newline at end of file
diff --git a/client/3rd/ShadowSocks/ShadowSocks/pcre/arm64/share/man/man3/pcre16_get_substring.3 b/client/3rd/ShadowSocks/ShadowSocks/pcre/arm64/share/man/man3/pcre16_get_substring.3
new file mode 120000
index 00000000..26383b5d
--- /dev/null
+++ b/client/3rd/ShadowSocks/ShadowSocks/pcre/arm64/share/man/man3/pcre16_get_substring.3
@@ -0,0 +1 @@
+pcre_get_substring.3
\ No newline at end of file
diff --git a/client/3rd/ShadowSocks/ShadowSocks/pcre/arm64/share/man/man3/pcre16_get_substring_list.3 b/client/3rd/ShadowSocks/ShadowSocks/pcre/arm64/share/man/man3/pcre16_get_substring_list.3
new file mode 120000
index 00000000..2faa865f
--- /dev/null
+++ b/client/3rd/ShadowSocks/ShadowSocks/pcre/arm64/share/man/man3/pcre16_get_substring_list.3
@@ -0,0 +1 @@
+pcre_get_substring_list.3
\ No newline at end of file
diff --git a/client/3rd/ShadowSocks/ShadowSocks/pcre/arm64/share/man/man3/pcre16_jit_exec.3 b/client/3rd/ShadowSocks/ShadowSocks/pcre/arm64/share/man/man3/pcre16_jit_exec.3
new file mode 120000
index 00000000..59089ada
--- /dev/null
+++ b/client/3rd/ShadowSocks/ShadowSocks/pcre/arm64/share/man/man3/pcre16_jit_exec.3
@@ -0,0 +1 @@
+pcre_jit_exec.3
\ No newline at end of file
diff --git a/client/3rd/ShadowSocks/ShadowSocks/pcre/arm64/share/man/man3/pcre16_jit_stack_alloc.3 b/client/3rd/ShadowSocks/ShadowSocks/pcre/arm64/share/man/man3/pcre16_jit_stack_alloc.3
new file mode 120000
index 00000000..dab43b82
--- /dev/null
+++ b/client/3rd/ShadowSocks/ShadowSocks/pcre/arm64/share/man/man3/pcre16_jit_stack_alloc.3
@@ -0,0 +1 @@
+pcre_jit_stack_alloc.3
\ No newline at end of file
diff --git a/client/3rd/ShadowSocks/ShadowSocks/pcre/arm64/share/man/man3/pcre16_jit_stack_free.3 b/client/3rd/ShadowSocks/ShadowSocks/pcre/arm64/share/man/man3/pcre16_jit_stack_free.3
new file mode 120000
index 00000000..e92aa310
--- /dev/null
+++ b/client/3rd/ShadowSocks/ShadowSocks/pcre/arm64/share/man/man3/pcre16_jit_stack_free.3
@@ -0,0 +1 @@
+pcre_jit_stack_free.3
\ No newline at end of file
diff --git a/client/3rd/ShadowSocks/ShadowSocks/pcre/arm64/share/man/man3/pcre16_maketables.3 b/client/3rd/ShadowSocks/ShadowSocks/pcre/arm64/share/man/man3/pcre16_maketables.3
new file mode 120000
index 00000000..3b6308e2
--- /dev/null
+++ b/client/3rd/ShadowSocks/ShadowSocks/pcre/arm64/share/man/man3/pcre16_maketables.3
@@ -0,0 +1 @@
+pcre_maketables.3
\ No newline at end of file
diff --git a/client/3rd/ShadowSocks/ShadowSocks/pcre/arm64/share/man/man3/pcre16_pattern_to_host_byte_order.3 b/client/3rd/ShadowSocks/ShadowSocks/pcre/arm64/share/man/man3/pcre16_pattern_to_host_byte_order.3
new file mode 120000
index 00000000..6540917e
--- /dev/null
+++ b/client/3rd/ShadowSocks/ShadowSocks/pcre/arm64/share/man/man3/pcre16_pattern_to_host_byte_order.3
@@ -0,0 +1 @@
+pcre_pattern_to_host_byte_order.3
\ No newline at end of file
diff --git a/client/3rd/ShadowSocks/ShadowSocks/pcre/arm64/share/man/man3/pcre16_refcount.3 b/client/3rd/ShadowSocks/ShadowSocks/pcre/arm64/share/man/man3/pcre16_refcount.3
new file mode 120000
index 00000000..63cece3f
--- /dev/null
+++ b/client/3rd/ShadowSocks/ShadowSocks/pcre/arm64/share/man/man3/pcre16_refcount.3
@@ -0,0 +1 @@
+pcre_refcount.3
\ No newline at end of file
diff --git a/client/3rd/ShadowSocks/ShadowSocks/pcre/arm64/share/man/man3/pcre16_study.3 b/client/3rd/ShadowSocks/ShadowSocks/pcre/arm64/share/man/man3/pcre16_study.3
new file mode 120000
index 00000000..9871217f
--- /dev/null
+++ b/client/3rd/ShadowSocks/ShadowSocks/pcre/arm64/share/man/man3/pcre16_study.3
@@ -0,0 +1 @@
+pcre_study.3
\ No newline at end of file
diff --git a/client/3rd/ShadowSocks/ShadowSocks/pcre/arm64/share/man/man3/pcre16_utf16_to_host_byte_order.3 b/client/3rd/ShadowSocks/ShadowSocks/pcre/arm64/share/man/man3/pcre16_utf16_to_host_byte_order.3
new file mode 120000
index 00000000..d9233991
--- /dev/null
+++ b/client/3rd/ShadowSocks/ShadowSocks/pcre/arm64/share/man/man3/pcre16_utf16_to_host_byte_order.3
@@ -0,0 +1 @@
+pcre_utf16_to_host_byte_order.3
\ No newline at end of file
diff --git a/client/3rd/ShadowSocks/ShadowSocks/pcre/arm64/share/man/man3/pcre16_version.3 b/client/3rd/ShadowSocks/ShadowSocks/pcre/arm64/share/man/man3/pcre16_version.3
new file mode 120000
index 00000000..c31893c6
--- /dev/null
+++ b/client/3rd/ShadowSocks/ShadowSocks/pcre/arm64/share/man/man3/pcre16_version.3
@@ -0,0 +1 @@
+pcre_version.3
\ No newline at end of file
diff --git a/client/3rd/ShadowSocks/ShadowSocks/pcre/arm64/share/man/man3/pcre32.3 b/client/3rd/ShadowSocks/ShadowSocks/pcre/arm64/share/man/man3/pcre32.3
new file mode 100644
index 00000000..7cde8c08
--- /dev/null
+++ b/client/3rd/ShadowSocks/ShadowSocks/pcre/arm64/share/man/man3/pcre32.3
@@ -0,0 +1,369 @@
+.TH PCRE 3 "12 May 2013" "PCRE 8.33"
+.SH NAME
+PCRE - Perl-compatible regular expressions
+.sp
+.B #include <pcre.h>
+.
+.
+.SH "PCRE 32-BIT API BASIC FUNCTIONS"
+.rs
+.sp
+.nf
+.B pcre32 *pcre32_compile(PCRE_SPTR32 \fIpattern\fP, int \fIoptions\fP,
+.B "     const char **\fIerrptr\fP, int *\fIerroffset\fP,"
+.B "     const unsigned char *\fItableptr\fP);"
+.sp
+.B pcre32 *pcre32_compile2(PCRE_SPTR32 \fIpattern\fP, int \fIoptions\fP,
+.B "     int *\fIerrorcodeptr\fP,"
+.B "     const unsigned char *\fItableptr\fP);"
+.sp
+.B pcre32_extra *pcre32_study(const pcre32 *\fIcode\fP, int \fIoptions\fP,
+.B "     const char **\fIerrptr\fP);"
+.sp
+.B void pcre32_free_study(pcre32_extra *\fIextra\fP);
+.sp
+.B int pcre32_exec(const pcre32 *\fIcode\fP, "const pcre32_extra *\fIextra\fP,"
+.B "     PCRE_SPTR32 \fIsubject\fP, int \fIlength\fP, int \fIstartoffset\fP,"
+.B "     int \fIoptions\fP, int *\fIovector\fP, int \fIovecsize\fP);"
+.sp
+.B int pcre32_dfa_exec(const pcre32 *\fIcode\fP, "const pcre32_extra *\fIextra\fP,"
+.B "     PCRE_SPTR32 \fIsubject\fP, int \fIlength\fP, int \fIstartoffset\fP,"
+.B "     int \fIoptions\fP, int *\fIovector\fP, int \fIovecsize\fP,"
+.B "     int *\fIworkspace\fP, int \fIwscount\fP);"
+.fi
+.
+.
+.SH "PCRE 32-BIT API STRING EXTRACTION FUNCTIONS"
+.rs
+.sp
+.nf
+.B int pcre32_copy_named_substring(const pcre32 *\fIcode\fP,
+.B "     PCRE_SPTR32 \fIsubject\fP, int *\fIovector\fP,"
+.B "     int \fIstringcount\fP, PCRE_SPTR32 \fIstringname\fP,"
+.B "     PCRE_UCHAR32 *\fIbuffer\fP, int \fIbuffersize\fP);"
+.sp
+.B int pcre32_copy_substring(PCRE_SPTR32 \fIsubject\fP, int *\fIovector\fP,
+.B "     int \fIstringcount\fP, int \fIstringnumber\fP, PCRE_UCHAR32 *\fIbuffer\fP,"
+.B "     int \fIbuffersize\fP);"
+.sp
+.B int pcre32_get_named_substring(const pcre32 *\fIcode\fP,
+.B "     PCRE_SPTR32 \fIsubject\fP, int *\fIovector\fP,"
+.B "     int \fIstringcount\fP, PCRE_SPTR32 \fIstringname\fP,"
+.B "     PCRE_SPTR32 *\fIstringptr\fP);"
+.sp
+.B int pcre32_get_stringnumber(const pcre32 *\fIcode\fP,
+.B "     PCRE_SPTR32 \fIname\fP);"
+.sp
+.B int pcre32_get_stringtable_entries(const pcre32 *\fIcode\fP,
+.B "     PCRE_SPTR32 \fIname\fP, PCRE_UCHAR32 **\fIfirst\fP, PCRE_UCHAR32 **\fIlast\fP);"
+.sp
+.B int pcre32_get_substring(PCRE_SPTR32 \fIsubject\fP, int *\fIovector\fP,
+.B "     int \fIstringcount\fP, int \fIstringnumber\fP,"
+.B "     PCRE_SPTR32 *\fIstringptr\fP);"
+.sp
+.B int pcre32_get_substring_list(PCRE_SPTR32 \fIsubject\fP,
+.B "     int *\fIovector\fP, int \fIstringcount\fP, PCRE_SPTR32 **\fIlistptr\fP);"
+.sp
+.B void pcre32_free_substring(PCRE_SPTR32 \fIstringptr\fP);
+.sp
+.B void pcre32_free_substring_list(PCRE_SPTR32 *\fIstringptr\fP);
+.fi
+.
+.
+.SH "PCRE 32-BIT API AUXILIARY FUNCTIONS"
+.rs
+.sp
+.nf
+.B pcre32_jit_stack *pcre32_jit_stack_alloc(int \fIstartsize\fP, int \fImaxsize\fP);
+.sp
+.B void pcre32_jit_stack_free(pcre32_jit_stack *\fIstack\fP);
+.sp
+.B void pcre32_assign_jit_stack(pcre32_extra *\fIextra\fP,
+.B "     pcre32_jit_callback \fIcallback\fP, void *\fIdata\fP);"
+.sp
+.B const unsigned char *pcre32_maketables(void);
+.sp
+.B int pcre32_fullinfo(const pcre32 *\fIcode\fP, "const pcre32_extra *\fIextra\fP,"
+.B "     int \fIwhat\fP, void *\fIwhere\fP);"
+.sp
+.B int pcre32_refcount(pcre32 *\fIcode\fP, int \fIadjust\fP);
+.sp
+.B int pcre32_config(int \fIwhat\fP, void *\fIwhere\fP);
+.sp
+.B const char *pcre32_version(void);
+.sp
+.B int pcre32_pattern_to_host_byte_order(pcre32 *\fIcode\fP,
+.B "     pcre32_extra *\fIextra\fP, const unsigned char *\fItables\fP);"
+.fi
+.
+.
+.SH "PCRE 32-BIT API INDIRECTED FUNCTIONS"
+.rs
+.sp
+.nf
+.B void *(*pcre32_malloc)(size_t);
+.sp
+.B void (*pcre32_free)(void *);
+.sp
+.B void *(*pcre32_stack_malloc)(size_t);
+.sp
+.B void (*pcre32_stack_free)(void *);
+.sp
+.B int (*pcre32_callout)(pcre32_callout_block *);
+.fi
+.
+.
+.SH "PCRE 32-BIT API 32-BIT-ONLY FUNCTION"
+.rs
+.sp
+.nf
+.B int pcre32_utf32_to_host_byte_order(PCRE_UCHAR32 *\fIoutput\fP,
+.B "     PCRE_SPTR32 \fIinput\fP, int \fIlength\fP, int *\fIbyte_order\fP,"
+.B "     int \fIkeep_boms\fP);"
+.fi
+.
+.
+.SH "THE PCRE 32-BIT LIBRARY"
+.rs
+.sp
+Starting with release 8.32, it is possible to compile a PCRE library that
+supports 32-bit character strings, including UTF-32 strings, as well as or
+instead of the original 8-bit library. This work was done by Christian Persch,
+based on the work done by Zoltan Herczeg for the 16-bit library. All three
+libraries contain identical sets of functions, used in exactly the same way.
+Only the names of the functions and the data types of their arguments and
+results are different. To avoid over-complication and reduce the documentation
+maintenance load, most of the PCRE documentation describes the 8-bit library,
+with only occasional references to the 16-bit and 32-bit libraries. This page
+describes what is different when you use the 32-bit library.
+.P
+WARNING: A single application can be linked with all or any of the three
+libraries, but you must take care when processing any particular pattern
+to use functions from just one library. For example, if you want to study
+a pattern that was compiled with \fBpcre32_compile()\fP, you must do so
+with \fBpcre32_study()\fP, not \fBpcre_study()\fP, and you must free the
+study data with \fBpcre32_free_study()\fP.
+.
+.
+.SH "THE HEADER FILE"
+.rs
+.sp
+There is only one header file, \fBpcre.h\fP. It contains prototypes for all the
+functions in all libraries, as well as definitions of flags, structures, error
+codes, etc.
+.
+.
+.SH "THE LIBRARY NAME"
+.rs
+.sp
+In Unix-like systems, the 32-bit library is called \fBlibpcre32\fP, and can
+normally be accesss by adding \fB-lpcre32\fP to the command for linking an
+application that uses PCRE.
+.
+.
+.SH "STRING TYPES"
+.rs
+.sp
+In the 8-bit library, strings are passed to PCRE library functions as vectors
+of bytes with the C type "char *". In the 32-bit library, strings are passed as
+vectors of unsigned 32-bit quantities. The macro PCRE_UCHAR32 specifies an
+appropriate data type, and PCRE_SPTR32 is defined as "const PCRE_UCHAR32 *". In
+very many environments, "unsigned int" is a 32-bit data type. When PCRE is
+built, it defines PCRE_UCHAR32 as "unsigned int", but checks that it really is
+a 32-bit data type. If it is not, the build fails with an error message telling
+the maintainer to modify the definition appropriately.
+.
+.
+.SH "STRUCTURE TYPES"
+.rs
+.sp
+The types of the opaque structures that are used for compiled 32-bit patterns
+and JIT stacks are \fBpcre32\fP and \fBpcre32_jit_stack\fP respectively. The
+type of the user-accessible structure that is returned by \fBpcre32_study()\fP
+is \fBpcre32_extra\fP, and the type of the structure that is used for passing
+data to a callout function is \fBpcre32_callout_block\fP. These structures
+contain the same fields, with the same names, as their 8-bit counterparts. The
+only difference is that pointers to character strings are 32-bit instead of
+8-bit types.
+.
+.
+.SH "32-BIT FUNCTIONS"
+.rs
+.sp
+For every function in the 8-bit library there is a corresponding function in
+the 32-bit library with a name that starts with \fBpcre32_\fP instead of
+\fBpcre_\fP. The prototypes are listed above. In addition, there is one extra
+function, \fBpcre32_utf32_to_host_byte_order()\fP. This is a utility function
+that converts a UTF-32 character string to host byte order if necessary. The
+other 32-bit functions expect the strings they are passed to be in host byte
+order.
+.P
+The \fIinput\fP and \fIoutput\fP arguments of
+\fBpcre32_utf32_to_host_byte_order()\fP may point to the same address, that is,
+conversion in place is supported. The output buffer must be at least as long as
+the input.
+.P
+The \fIlength\fP argument specifies the number of 32-bit data units in the
+input string; a negative value specifies a zero-terminated string.
+.P
+If \fIbyte_order\fP is NULL, it is assumed that the string starts off in host
+byte order. This may be changed by byte-order marks (BOMs) anywhere in the
+string (commonly as the first character).
+.P
+If \fIbyte_order\fP is not NULL, a non-zero value of the integer to which it
+points means that the input starts off in host byte order, otherwise the
+opposite order is assumed. Again, BOMs in the string can change this. The final
+byte order is passed back at the end of processing.
+.P
+If \fIkeep_boms\fP is not zero, byte-order mark characters (0xfeff) are copied
+into the output string. Otherwise they are discarded.
+.P
+The result of the function is the number of 32-bit units placed into the output
+buffer, including the zero terminator if the string was zero-terminated.
+.
+.
+.SH "SUBJECT STRING OFFSETS"
+.rs
+.sp
+The lengths and starting offsets of subject strings must be specified in 32-bit
+data units, and the offsets within subject strings that are returned by the
+matching functions are in also 32-bit units rather than bytes.
+.
+.
+.SH "NAMED SUBPATTERNS"
+.rs
+.sp
+The name-to-number translation table that is maintained for named subpatterns
+uses 32-bit characters. The \fBpcre32_get_stringtable_entries()\fP function
+returns the length of each entry in the table as the number of 32-bit data
+units.
+.
+.
+.SH "OPTION NAMES"
+.rs
+.sp
+There are two new general option names, PCRE_UTF32 and PCRE_NO_UTF32_CHECK,
+which correspond to PCRE_UTF8 and PCRE_NO_UTF8_CHECK in the 8-bit library. In
+fact, these new options define the same bits in the options word. There is a
+discussion about the
+.\" HTML <a href="pcreunicode.html#utf32strings">
+.\" </a>
+validity of UTF-32 strings
+.\"
+in the
+.\" HREF
+\fBpcreunicode\fP
+.\"
+page.
+.P
+For the \fBpcre32_config()\fP function there is an option PCRE_CONFIG_UTF32
+that returns 1 if UTF-32 support is configured, otherwise 0. If this option is
+given to \fBpcre_config()\fP or \fBpcre16_config()\fP, or if the
+PCRE_CONFIG_UTF8 or PCRE_CONFIG_UTF16 option is given to \fBpcre32_config()\fP,
+the result is the PCRE_ERROR_BADOPTION error.
+.
+.
+.SH "CHARACTER CODES"
+.rs
+.sp
+In 32-bit mode, when PCRE_UTF32 is not set, character values are treated in the
+same way as in 8-bit, non UTF-8 mode, except, of course, that they can range
+from 0 to 0x7fffffff instead of 0 to 0xff. Character types for characters less
+than 0xff can therefore be influenced by the locale in the same way as before.
+Characters greater than 0xff have only one case, and no "type" (such as letter
+or digit).
+.P
+In UTF-32 mode, the character code is Unicode, in the range 0 to 0x10ffff, with
+the exception of values in the range 0xd800 to 0xdfff because those are
+"surrogate" values that are ill-formed in UTF-32.
+.P
+A UTF-32 string can indicate its endianness by special code knows as a
+byte-order mark (BOM). The PCRE functions do not handle this, expecting strings
+to be in host byte order. A utility function called
+\fBpcre32_utf32_to_host_byte_order()\fP is provided to help with this (see
+above).
+.
+.
+.SH "ERROR NAMES"
+.rs
+.sp
+The error PCRE_ERROR_BADUTF32 corresponds to its 8-bit counterpart.
+The error PCRE_ERROR_BADMODE is given when a compiled
+pattern is passed to a function that processes patterns in the other
+mode, for example, if a pattern compiled with \fBpcre_compile()\fP is passed to
+\fBpcre32_exec()\fP.
+.P
+There are new error codes whose names begin with PCRE_UTF32_ERR for invalid
+UTF-32 strings, corresponding to the PCRE_UTF8_ERR codes for UTF-8 strings that
+are described in the section entitled
+.\" HTML <a href="pcreapi.html#badutf8reasons">
+.\" </a>
+"Reason codes for invalid UTF-8 strings"
+.\"
+in the main
+.\" HREF
+\fBpcreapi\fP
+.\"
+page. The UTF-32 errors are:
+.sp
+  PCRE_UTF32_ERR1  Surrogate character (range from 0xd800 to 0xdfff)
+  PCRE_UTF32_ERR2  Non-character
+  PCRE_UTF32_ERR3  Character > 0x10ffff
+.
+.
+.SH "ERROR TEXTS"
+.rs
+.sp
+If there is an error while compiling a pattern, the error text that is passed
+back by \fBpcre32_compile()\fP or \fBpcre32_compile2()\fP is still an 8-bit
+character string, zero-terminated.
+.
+.
+.SH "CALLOUTS"
+.rs
+.sp
+The \fIsubject\fP and \fImark\fP fields in the callout block that is passed to
+a callout function point to 32-bit vectors.
+.
+.
+.SH "TESTING"
+.rs
+.sp
+The \fBpcretest\fP program continues to operate with 8-bit input and output
+files, but it can be used for testing the 32-bit library. If it is run with the
+command line option \fB-32\fP, patterns and subject strings are converted from
+8-bit to 32-bit before being passed to PCRE, and the 32-bit library functions
+are used instead of the 8-bit ones. Returned 32-bit strings are converted to
+8-bit for output. If both the 8-bit and the 16-bit libraries were not compiled,
+\fBpcretest\fP defaults to 32-bit and the \fB-32\fP option is ignored.
+.P
+When PCRE is being built, the \fBRunTest\fP script that is called by "make
+check" uses the \fBpcretest\fP \fB-C\fP option to discover which of the 8-bit,
+16-bit and 32-bit libraries has been built, and runs the tests appropriately.
+.
+.
+.SH "NOT SUPPORTED IN 32-BIT MODE"
+.rs
+.sp
+Not all the features of the 8-bit library are available with the 32-bit
+library. The C++ and POSIX wrapper functions support only the 8-bit library,
+and the \fBpcregrep\fP program is at present 8-bit only.
+.
+.
+.SH AUTHOR
+.rs
+.sp
+.nf
+Philip Hazel
+University Computing Service
+Cambridge CB2 3QH, England.
+.fi
+.
+.
+.SH REVISION
+.rs
+.sp
+.nf
+Last updated: 12 May 2013
+Copyright (c) 1997-2013 University of Cambridge.
+.fi
diff --git a/client/3rd/ShadowSocks/ShadowSocks/pcre/arm64/share/man/man3/pcre32_assign_jit_stack.3 b/client/3rd/ShadowSocks/ShadowSocks/pcre/arm64/share/man/man3/pcre32_assign_jit_stack.3
new file mode 120000
index 00000000..40c8775a
--- /dev/null
+++ b/client/3rd/ShadowSocks/ShadowSocks/pcre/arm64/share/man/man3/pcre32_assign_jit_stack.3
@@ -0,0 +1 @@
+pcre_assign_jit_stack.3
\ No newline at end of file
diff --git a/client/3rd/ShadowSocks/ShadowSocks/pcre/arm64/share/man/man3/pcre32_compile.3 b/client/3rd/ShadowSocks/ShadowSocks/pcre/arm64/share/man/man3/pcre32_compile.3
new file mode 120000
index 00000000..9364e751
--- /dev/null
+++ b/client/3rd/ShadowSocks/ShadowSocks/pcre/arm64/share/man/man3/pcre32_compile.3
@@ -0,0 +1 @@
+pcre_compile.3
\ No newline at end of file
diff --git a/client/3rd/ShadowSocks/ShadowSocks/pcre/arm64/share/man/man3/pcre32_compile2.3 b/client/3rd/ShadowSocks/ShadowSocks/pcre/arm64/share/man/man3/pcre32_compile2.3
new file mode 120000
index 00000000..2d6aff35
--- /dev/null
+++ b/client/3rd/ShadowSocks/ShadowSocks/pcre/arm64/share/man/man3/pcre32_compile2.3
@@ -0,0 +1 @@
+pcre_compile2.3
\ No newline at end of file
diff --git a/client/3rd/ShadowSocks/ShadowSocks/pcre/arm64/share/man/man3/pcre32_config.3 b/client/3rd/ShadowSocks/ShadowSocks/pcre/arm64/share/man/man3/pcre32_config.3
new file mode 120000
index 00000000..db964059
--- /dev/null
+++ b/client/3rd/ShadowSocks/ShadowSocks/pcre/arm64/share/man/man3/pcre32_config.3
@@ -0,0 +1 @@
+pcre_config.3
\ No newline at end of file
diff --git a/client/3rd/ShadowSocks/ShadowSocks/pcre/arm64/share/man/man3/pcre32_copy_named_substring.3 b/client/3rd/ShadowSocks/ShadowSocks/pcre/arm64/share/man/man3/pcre32_copy_named_substring.3
new file mode 120000
index 00000000..c15b9774
--- /dev/null
+++ b/client/3rd/ShadowSocks/ShadowSocks/pcre/arm64/share/man/man3/pcre32_copy_named_substring.3
@@ -0,0 +1 @@
+pcre_copy_named_substring.3
\ No newline at end of file
diff --git a/client/3rd/ShadowSocks/ShadowSocks/pcre/arm64/share/man/man3/pcre32_copy_substring.3 b/client/3rd/ShadowSocks/ShadowSocks/pcre/arm64/share/man/man3/pcre32_copy_substring.3
new file mode 120000
index 00000000..98d1f84d
--- /dev/null
+++ b/client/3rd/ShadowSocks/ShadowSocks/pcre/arm64/share/man/man3/pcre32_copy_substring.3
@@ -0,0 +1 @@
+pcre_copy_substring.3
\ No newline at end of file
diff --git a/client/3rd/ShadowSocks/ShadowSocks/pcre/arm64/share/man/man3/pcre32_dfa_exec.3 b/client/3rd/ShadowSocks/ShadowSocks/pcre/arm64/share/man/man3/pcre32_dfa_exec.3
new file mode 120000
index 00000000..ed408df0
--- /dev/null
+++ b/client/3rd/ShadowSocks/ShadowSocks/pcre/arm64/share/man/man3/pcre32_dfa_exec.3
@@ -0,0 +1 @@
+pcre_dfa_exec.3
\ No newline at end of file
diff --git a/client/3rd/ShadowSocks/ShadowSocks/pcre/arm64/share/man/man3/pcre32_exec.3 b/client/3rd/ShadowSocks/ShadowSocks/pcre/arm64/share/man/man3/pcre32_exec.3
new file mode 120000
index 00000000..ebaa2527
--- /dev/null
+++ b/client/3rd/ShadowSocks/ShadowSocks/pcre/arm64/share/man/man3/pcre32_exec.3
@@ -0,0 +1 @@
+pcre_exec.3
\ No newline at end of file
diff --git a/client/3rd/ShadowSocks/ShadowSocks/pcre/arm64/share/man/man3/pcre32_free_study.3 b/client/3rd/ShadowSocks/ShadowSocks/pcre/arm64/share/man/man3/pcre32_free_study.3
new file mode 120000
index 00000000..4c53ea9f
--- /dev/null
+++ b/client/3rd/ShadowSocks/ShadowSocks/pcre/arm64/share/man/man3/pcre32_free_study.3
@@ -0,0 +1 @@
+pcre_free_study.3
\ No newline at end of file
diff --git a/client/3rd/ShadowSocks/ShadowSocks/pcre/arm64/share/man/man3/pcre32_free_substring.3 b/client/3rd/ShadowSocks/ShadowSocks/pcre/arm64/share/man/man3/pcre32_free_substring.3
new file mode 120000
index 00000000..48567bfb
--- /dev/null
+++ b/client/3rd/ShadowSocks/ShadowSocks/pcre/arm64/share/man/man3/pcre32_free_substring.3
@@ -0,0 +1 @@
+pcre_free_substring.3
\ No newline at end of file
diff --git a/client/3rd/ShadowSocks/ShadowSocks/pcre/arm64/share/man/man3/pcre32_free_substring_list.3 b/client/3rd/ShadowSocks/ShadowSocks/pcre/arm64/share/man/man3/pcre32_free_substring_list.3
new file mode 120000
index 00000000..84b7b7e5
--- /dev/null
+++ b/client/3rd/ShadowSocks/ShadowSocks/pcre/arm64/share/man/man3/pcre32_free_substring_list.3
@@ -0,0 +1 @@
+pcre_free_substring_list.3
\ No newline at end of file
diff --git a/client/3rd/ShadowSocks/ShadowSocks/pcre/arm64/share/man/man3/pcre32_fullinfo.3 b/client/3rd/ShadowSocks/ShadowSocks/pcre/arm64/share/man/man3/pcre32_fullinfo.3
new file mode 120000
index 00000000..b7386a98
--- /dev/null
+++ b/client/3rd/ShadowSocks/ShadowSocks/pcre/arm64/share/man/man3/pcre32_fullinfo.3
@@ -0,0 +1 @@
+pcre_fullinfo.3
\ No newline at end of file
diff --git a/client/3rd/ShadowSocks/ShadowSocks/pcre/arm64/share/man/man3/pcre32_get_named_substring.3 b/client/3rd/ShadowSocks/ShadowSocks/pcre/arm64/share/man/man3/pcre32_get_named_substring.3
new file mode 120000
index 00000000..c095ca50
--- /dev/null
+++ b/client/3rd/ShadowSocks/ShadowSocks/pcre/arm64/share/man/man3/pcre32_get_named_substring.3
@@ -0,0 +1 @@
+pcre_get_named_substring.3
\ No newline at end of file
diff --git a/client/3rd/ShadowSocks/ShadowSocks/pcre/arm64/share/man/man3/pcre32_get_stringnumber.3 b/client/3rd/ShadowSocks/ShadowSocks/pcre/arm64/share/man/man3/pcre32_get_stringnumber.3
new file mode 120000
index 00000000..f8e81d32
--- /dev/null
+++ b/client/3rd/ShadowSocks/ShadowSocks/pcre/arm64/share/man/man3/pcre32_get_stringnumber.3
@@ -0,0 +1 @@
+pcre_get_stringnumber.3
\ No newline at end of file
diff --git a/client/3rd/ShadowSocks/ShadowSocks/pcre/arm64/share/man/man3/pcre32_get_stringtable_entries.3 b/client/3rd/ShadowSocks/ShadowSocks/pcre/arm64/share/man/man3/pcre32_get_stringtable_entries.3
new file mode 120000
index 00000000..9f8cc4a7
--- /dev/null
+++ b/client/3rd/ShadowSocks/ShadowSocks/pcre/arm64/share/man/man3/pcre32_get_stringtable_entries.3
@@ -0,0 +1 @@
+pcre_get_stringtable_entries.3
\ No newline at end of file
diff --git a/client/3rd/ShadowSocks/ShadowSocks/pcre/arm64/share/man/man3/pcre32_get_substring.3 b/client/3rd/ShadowSocks/ShadowSocks/pcre/arm64/share/man/man3/pcre32_get_substring.3
new file mode 120000
index 00000000..26383b5d
--- /dev/null
+++ b/client/3rd/ShadowSocks/ShadowSocks/pcre/arm64/share/man/man3/pcre32_get_substring.3
@@ -0,0 +1 @@
+pcre_get_substring.3
\ No newline at end of file
diff --git a/client/3rd/ShadowSocks/ShadowSocks/pcre/arm64/share/man/man3/pcre32_get_substring_list.3 b/client/3rd/ShadowSocks/ShadowSocks/pcre/arm64/share/man/man3/pcre32_get_substring_list.3
new file mode 120000
index 00000000..2faa865f
--- /dev/null
+++ b/client/3rd/ShadowSocks/ShadowSocks/pcre/arm64/share/man/man3/pcre32_get_substring_list.3
@@ -0,0 +1 @@
+pcre_get_substring_list.3
\ No newline at end of file
diff --git a/client/3rd/ShadowSocks/ShadowSocks/pcre/arm64/share/man/man3/pcre32_jit_exec.3 b/client/3rd/ShadowSocks/ShadowSocks/pcre/arm64/share/man/man3/pcre32_jit_exec.3
new file mode 120000
index 00000000..59089ada
--- /dev/null
+++ b/client/3rd/ShadowSocks/ShadowSocks/pcre/arm64/share/man/man3/pcre32_jit_exec.3
@@ -0,0 +1 @@
+pcre_jit_exec.3
\ No newline at end of file
diff --git a/client/3rd/ShadowSocks/ShadowSocks/pcre/arm64/share/man/man3/pcre32_jit_stack_alloc.3 b/client/3rd/ShadowSocks/ShadowSocks/pcre/arm64/share/man/man3/pcre32_jit_stack_alloc.3
new file mode 120000
index 00000000..dab43b82
--- /dev/null
+++ b/client/3rd/ShadowSocks/ShadowSocks/pcre/arm64/share/man/man3/pcre32_jit_stack_alloc.3
@@ -0,0 +1 @@
+pcre_jit_stack_alloc.3
\ No newline at end of file
diff --git a/client/3rd/ShadowSocks/ShadowSocks/pcre/arm64/share/man/man3/pcre32_jit_stack_free.3 b/client/3rd/ShadowSocks/ShadowSocks/pcre/arm64/share/man/man3/pcre32_jit_stack_free.3
new file mode 120000
index 00000000..e92aa310
--- /dev/null
+++ b/client/3rd/ShadowSocks/ShadowSocks/pcre/arm64/share/man/man3/pcre32_jit_stack_free.3
@@ -0,0 +1 @@
+pcre_jit_stack_free.3
\ No newline at end of file
diff --git a/client/3rd/ShadowSocks/ShadowSocks/pcre/arm64/share/man/man3/pcre32_maketables.3 b/client/3rd/ShadowSocks/ShadowSocks/pcre/arm64/share/man/man3/pcre32_maketables.3
new file mode 120000
index 00000000..3b6308e2
--- /dev/null
+++ b/client/3rd/ShadowSocks/ShadowSocks/pcre/arm64/share/man/man3/pcre32_maketables.3
@@ -0,0 +1 @@
+pcre_maketables.3
\ No newline at end of file
diff --git a/client/3rd/ShadowSocks/ShadowSocks/pcre/arm64/share/man/man3/pcre32_pattern_to_host_byte_order.3 b/client/3rd/ShadowSocks/ShadowSocks/pcre/arm64/share/man/man3/pcre32_pattern_to_host_byte_order.3
new file mode 120000
index 00000000..6540917e
--- /dev/null
+++ b/client/3rd/ShadowSocks/ShadowSocks/pcre/arm64/share/man/man3/pcre32_pattern_to_host_byte_order.3
@@ -0,0 +1 @@
+pcre_pattern_to_host_byte_order.3
\ No newline at end of file
diff --git a/client/3rd/ShadowSocks/ShadowSocks/pcre/arm64/share/man/man3/pcre32_refcount.3 b/client/3rd/ShadowSocks/ShadowSocks/pcre/arm64/share/man/man3/pcre32_refcount.3
new file mode 120000
index 00000000..63cece3f
--- /dev/null
+++ b/client/3rd/ShadowSocks/ShadowSocks/pcre/arm64/share/man/man3/pcre32_refcount.3
@@ -0,0 +1 @@
+pcre_refcount.3
\ No newline at end of file
diff --git a/client/3rd/ShadowSocks/ShadowSocks/pcre/arm64/share/man/man3/pcre32_study.3 b/client/3rd/ShadowSocks/ShadowSocks/pcre/arm64/share/man/man3/pcre32_study.3
new file mode 120000
index 00000000..9871217f
--- /dev/null
+++ b/client/3rd/ShadowSocks/ShadowSocks/pcre/arm64/share/man/man3/pcre32_study.3
@@ -0,0 +1 @@
+pcre_study.3
\ No newline at end of file
diff --git a/client/3rd/ShadowSocks/ShadowSocks/pcre/arm64/share/man/man3/pcre32_utf32_to_host_byte_order.3 b/client/3rd/ShadowSocks/ShadowSocks/pcre/arm64/share/man/man3/pcre32_utf32_to_host_byte_order.3
new file mode 120000
index 00000000..e9699f5f
--- /dev/null
+++ b/client/3rd/ShadowSocks/ShadowSocks/pcre/arm64/share/man/man3/pcre32_utf32_to_host_byte_order.3
@@ -0,0 +1 @@
+pcre_utf32_to_host_byte_order.3
\ No newline at end of file
diff --git a/client/3rd/ShadowSocks/ShadowSocks/pcre/arm64/share/man/man3/pcre32_version.3 b/client/3rd/ShadowSocks/ShadowSocks/pcre/arm64/share/man/man3/pcre32_version.3
new file mode 120000
index 00000000..c31893c6
--- /dev/null
+++ b/client/3rd/ShadowSocks/ShadowSocks/pcre/arm64/share/man/man3/pcre32_version.3
@@ -0,0 +1 @@
+pcre_version.3
\ No newline at end of file
diff --git a/client/3rd/ShadowSocks/ShadowSocks/pcre/arm64/share/man/man3/pcre_assign_jit_stack.3 b/client/3rd/ShadowSocks/ShadowSocks/pcre/arm64/share/man/man3/pcre_assign_jit_stack.3
new file mode 100644
index 00000000..0ecf6f2c
--- /dev/null
+++ b/client/3rd/ShadowSocks/ShadowSocks/pcre/arm64/share/man/man3/pcre_assign_jit_stack.3
@@ -0,0 +1,59 @@
+.TH PCRE_ASSIGN_JIT_STACK 3 "24 June 2012" "PCRE 8.30"
+.SH NAME
+PCRE - Perl-compatible regular expressions
+.SH SYNOPSIS
+.rs
+.sp
+.B #include <pcre.h>
+.PP
+.nf
+.B void pcre_assign_jit_stack(pcre_extra *\fIextra\fP,
+.B "     pcre_jit_callback \fIcallback\fP, void *\fIdata\fP);"
+.sp
+.B void pcre16_assign_jit_stack(pcre16_extra *\fIextra\fP,
+.B "     pcre16_jit_callback \fIcallback\fP, void *\fIdata\fP);"
+.sp
+.B void pcre32_assign_jit_stack(pcre32_extra *\fIextra\fP,
+.B "     pcre32_jit_callback \fIcallback\fP, void *\fIdata\fP);"
+.fi
+.
+.SH DESCRIPTION
+.rs
+.sp
+This function provides control over the memory used as a stack at run-time by a
+call to \fBpcre[16|32]_exec()\fP with a pattern that has been successfully
+compiled with JIT optimization. The arguments are:
+.sp
+  extra     the data pointer returned by \fBpcre[16|32]_study()\fP
+  callback  a callback function
+  data      a JIT stack or a value to be passed to the callback
+              function
+.P
+If \fIcallback\fP is NULL and \fIdata\fP is NULL, an internal 32K block on
+the machine stack is used.
+.P
+If \fIcallback\fP is NULL and \fIdata\fP is not NULL, \fIdata\fP must
+be a valid JIT stack, the result of calling \fBpcre[16|32]_jit_stack_alloc()\fP.
+.P
+If \fIcallback\fP not NULL, it is called with \fIdata\fP as an argument at
+the start of matching, in order to set up a JIT stack. If the result is NULL,
+the internal 32K stack is used; otherwise the return value must be a valid JIT
+stack, the result of calling \fBpcre[16|32]_jit_stack_alloc()\fP.
+.P
+You may safely assign the same JIT stack to multiple patterns, as long as they
+are all matched in the same thread. In a multithread application, each thread
+must use its own JIT stack. For more details, see the
+.\" HREF
+\fBpcrejit\fP
+.\"
+page.
+.P
+There is a complete description of the PCRE native API in the
+.\" HREF
+\fBpcreapi\fP
+.\"
+page and a description of the POSIX API in the
+.\" HREF
+\fBpcreposix\fP
+.\"
+page.
diff --git a/client/3rd/ShadowSocks/ShadowSocks/pcre/arm64/share/man/man3/pcre_compile.3 b/client/3rd/ShadowSocks/ShadowSocks/pcre/arm64/share/man/man3/pcre_compile.3
new file mode 100644
index 00000000..5c16ebe2
--- /dev/null
+++ b/client/3rd/ShadowSocks/ShadowSocks/pcre/arm64/share/man/man3/pcre_compile.3
@@ -0,0 +1,96 @@
+.TH PCRE_COMPILE 3 "01 October 2013" "PCRE 8.34"
+.SH NAME
+PCRE - Perl-compatible regular expressions
+.SH SYNOPSIS
+.rs
+.sp
+.B #include <pcre.h>
+.PP
+.nf
+.B pcre *pcre_compile(const char *\fIpattern\fP, int \fIoptions\fP,
+.B "     const char **\fIerrptr\fP, int *\fIerroffset\fP,"
+.B "     const unsigned char *\fItableptr\fP);"
+.sp
+.B pcre16 *pcre16_compile(PCRE_SPTR16 \fIpattern\fP, int \fIoptions\fP,
+.B "     const char **\fIerrptr\fP, int *\fIerroffset\fP,"
+.B "     const unsigned char *\fItableptr\fP);"
+.sp
+.B pcre32 *pcre32_compile(PCRE_SPTR32 \fIpattern\fP, int \fIoptions\fP,
+.B "     const char **\fIerrptr\fP, int *\fIerroffset\fP,"
+.B "     const unsigned char *\fItableptr\fP);"
+.fi
+.
+.SH DESCRIPTION
+.rs
+.sp
+This function compiles a regular expression into an internal form. It is the
+same as \fBpcre[16|32]_compile2()\fP, except for the absence of the
+\fIerrorcodeptr\fP argument. Its arguments are:
+.sp
+  \fIpattern\fP       A zero-terminated string containing the
+                  regular expression to be compiled
+  \fIoptions\fP       Zero or more option bits
+  \fIerrptr\fP        Where to put an error message
+  \fIerroffset\fP     Offset in pattern where error was found
+  \fItableptr\fP      Pointer to character tables, or NULL to
+                  use the built-in default
+.sp
+The option bits are:
+.sp
+  PCRE_ANCHORED           Force pattern anchoring
+  PCRE_AUTO_CALLOUT       Compile automatic callouts
+  PCRE_BSR_ANYCRLF        \eR matches only CR, LF, or CRLF
+  PCRE_BSR_UNICODE        \eR matches all Unicode line endings
+  PCRE_CASELESS           Do caseless matching
+  PCRE_DOLLAR_ENDONLY     $ not to match newline at end
+  PCRE_DOTALL             . matches anything including NL
+  PCRE_DUPNAMES           Allow duplicate names for subpatterns
+  PCRE_EXTENDED           Ignore white space and # comments
+  PCRE_EXTRA              PCRE extra features
+                            (not much use currently)
+  PCRE_FIRSTLINE          Force matching to be before newline
+  PCRE_JAVASCRIPT_COMPAT  JavaScript compatibility
+  PCRE_MULTILINE          ^ and $ match newlines within data
+  PCRE_NEVER_UTF          Lock out UTF, e.g. via (*UTF)
+  PCRE_NEWLINE_ANY        Recognize any Unicode newline sequence
+  PCRE_NEWLINE_ANYCRLF    Recognize CR, LF, and CRLF as newline
+                            sequences
+  PCRE_NEWLINE_CR         Set CR as the newline sequence
+  PCRE_NEWLINE_CRLF       Set CRLF as the newline sequence
+  PCRE_NEWLINE_LF         Set LF as the newline sequence
+  PCRE_NO_AUTO_CAPTURE    Disable numbered capturing paren-
+                            theses (named ones available)
+  PCRE_NO_AUTO_POSSESS    Disable auto-possessification
+  PCRE_NO_START_OPTIMIZE  Disable match-time start optimizations
+  PCRE_NO_UTF16_CHECK     Do not check the pattern for UTF-16
+                            validity (only relevant if
+                            PCRE_UTF16 is set)
+  PCRE_NO_UTF32_CHECK     Do not check the pattern for UTF-32
+                            validity (only relevant if
+                            PCRE_UTF32 is set)
+  PCRE_NO_UTF8_CHECK      Do not check the pattern for UTF-8
+                            validity (only relevant if
+                            PCRE_UTF8 is set)
+  PCRE_UCP                Use Unicode properties for \ed, \ew, etc.
+  PCRE_UNGREEDY           Invert greediness of quantifiers
+  PCRE_UTF16              Run in \fBpcre16_compile()\fP UTF-16 mode
+  PCRE_UTF32              Run in \fBpcre32_compile()\fP UTF-32 mode
+  PCRE_UTF8               Run in \fBpcre_compile()\fP UTF-8 mode
+.sp
+PCRE must be built with UTF support in order to use PCRE_UTF8/16/32 and
+PCRE_NO_UTF8/16/32_CHECK, and with UCP support if PCRE_UCP is used.
+.P
+The yield of the function is a pointer to a private data structure that
+contains the compiled pattern, or NULL if an error was detected. Note that
+compiling regular expressions with one version of PCRE for use with a different
+version is not guaranteed to work and may cause crashes.
+.P
+There is a complete description of the PCRE native API in the
+.\" HREF
+\fBpcreapi\fP
+.\"
+page and a description of the POSIX API in the
+.\" HREF
+\fBpcreposix\fP
+.\"
+page.
diff --git a/client/3rd/ShadowSocks/ShadowSocks/pcre/arm64/share/man/man3/pcre_compile2.3 b/client/3rd/ShadowSocks/ShadowSocks/pcre/arm64/share/man/man3/pcre_compile2.3
new file mode 100644
index 00000000..37742018
--- /dev/null
+++ b/client/3rd/ShadowSocks/ShadowSocks/pcre/arm64/share/man/man3/pcre_compile2.3
@@ -0,0 +1,101 @@
+.TH PCRE_COMPILE2 3 "01 October 2013" "PCRE 8.34"
+.SH NAME
+PCRE - Perl-compatible regular expressions
+.SH SYNOPSIS
+.rs
+.sp
+.B #include <pcre.h>
+.PP
+.nf
+.B pcre *pcre_compile2(const char *\fIpattern\fP, int \fIoptions\fP,
+.B "     int *\fIerrorcodeptr\fP,"
+.B "     const char **\fIerrptr\fP, int *\fIerroffset\fP,"
+.B "     const unsigned char *\fItableptr\fP);"
+.sp
+.B pcre16 *pcre16_compile2(PCRE_SPTR16 \fIpattern\fP, int \fIoptions\fP,
+.B "     int *\fIerrorcodeptr\fP,"
+.B "     const char **\fIerrptr\fP, int *\fIerroffset\fP,"
+.B "     const unsigned char *\fItableptr\fP);"
+.sp
+.B pcre32 *pcre32_compile2(PCRE_SPTR32 \fIpattern\fP, int \fIoptions\fP,
+.B "     int *\fIerrorcodeptr\fP,£
+.B "     const char **\fIerrptr\fP, int *\fIerroffset\fP,"
+.B "     const unsigned char *\fItableptr\fP);"
+.fi
+.
+.SH DESCRIPTION
+.rs
+.sp
+This function compiles a regular expression into an internal form. It is the
+same as \fBpcre[16|32]_compile()\fP, except for the addition of the
+\fIerrorcodeptr\fP argument. The arguments are:
+.
+.sp
+  \fIpattern\fP       A zero-terminated string containing the
+                  regular expression to be compiled
+  \fIoptions\fP       Zero or more option bits
+  \fIerrorcodeptr\fP  Where to put an error code
+  \fIerrptr\fP        Where to put an error message
+  \fIerroffset\fP     Offset in pattern where error was found
+  \fItableptr\fP      Pointer to character tables, or NULL to
+                  use the built-in default
+.sp
+The option bits are:
+.sp
+  PCRE_ANCHORED           Force pattern anchoring
+  PCRE_AUTO_CALLOUT       Compile automatic callouts
+  PCRE_BSR_ANYCRLF        \eR matches only CR, LF, or CRLF
+  PCRE_BSR_UNICODE        \eR matches all Unicode line endings
+  PCRE_CASELESS           Do caseless matching
+  PCRE_DOLLAR_ENDONLY     $ not to match newline at end
+  PCRE_DOTALL             . matches anything including NL
+  PCRE_DUPNAMES           Allow duplicate names for subpatterns
+  PCRE_EXTENDED           Ignore white space and # comments
+  PCRE_EXTRA              PCRE extra features
+                            (not much use currently)
+  PCRE_FIRSTLINE          Force matching to be before newline
+  PCRE_JAVASCRIPT_COMPAT  JavaScript compatibility
+  PCRE_MULTILINE          ^ and $ match newlines within data
+  PCRE_NEVER_UTF          Lock out UTF, e.g. via (*UTF)
+  PCRE_NEWLINE_ANY        Recognize any Unicode newline sequence
+  PCRE_NEWLINE_ANYCRLF    Recognize CR, LF, and CRLF as newline
+                            sequences
+  PCRE_NEWLINE_CR         Set CR as the newline sequence
+  PCRE_NEWLINE_CRLF       Set CRLF as the newline sequence
+  PCRE_NEWLINE_LF         Set LF as the newline sequence
+  PCRE_NO_AUTO_CAPTURE    Disable numbered capturing paren-
+                            theses (named ones available)
+  PCRE_NO_AUTO_POSSESS    Disable auto-possessification
+  PCRE_NO_START_OPTIMIZE  Disable match-time start optimizations
+  PCRE_NO_UTF16_CHECK     Do not check the pattern for UTF-16
+                            validity (only relevant if
+                            PCRE_UTF16 is set)
+  PCRE_NO_UTF32_CHECK     Do not check the pattern for UTF-32
+                            validity (only relevant if
+                            PCRE_UTF32 is set)
+  PCRE_NO_UTF8_CHECK      Do not check the pattern for UTF-8
+                            validity (only relevant if
+                            PCRE_UTF8 is set)
+  PCRE_UCP                Use Unicode properties for \ed, \ew, etc.
+  PCRE_UNGREEDY           Invert greediness of quantifiers
+  PCRE_UTF16              Run \fBpcre16_compile()\fP in UTF-16 mode
+  PCRE_UTF32              Run \fBpcre32_compile()\fP in UTF-32 mode
+  PCRE_UTF8               Run \fBpcre_compile()\fP in UTF-8 mode
+.sp
+PCRE must be built with UTF support in order to use PCRE_UTF8/16/32 and
+PCRE_NO_UTF8/16/32_CHECK, and with UCP support if PCRE_UCP is used.
+.P
+The yield of the function is a pointer to a private data structure that
+contains the compiled pattern, or NULL if an error was detected. Note that
+compiling regular expressions with one version of PCRE for use with a different
+version is not guaranteed to work and may cause crashes.
+.P
+There is a complete description of the PCRE native API in the
+.\" HREF
+\fBpcreapi\fP
+.\"
+page and a description of the POSIX API in the
+.\" HREF
+\fBpcreposix\fP
+.\"
+page.
diff --git a/client/3rd/ShadowSocks/ShadowSocks/pcre/arm64/share/man/man3/pcre_config.3 b/client/3rd/ShadowSocks/ShadowSocks/pcre/arm64/share/man/man3/pcre_config.3
new file mode 100644
index 00000000..d14ffdad
--- /dev/null
+++ b/client/3rd/ShadowSocks/ShadowSocks/pcre/arm64/share/man/man3/pcre_config.3
@@ -0,0 +1,79 @@
+.TH PCRE_CONFIG 3 "20 April 2014" "PCRE 8.36"
+.SH NAME
+PCRE - Perl-compatible regular expressions
+.SH SYNOPSIS
+.rs
+.sp
+.B #include <pcre.h>
+.PP
+.SM
+.B int pcre_config(int \fIwhat\fP, void *\fIwhere\fP);
+.PP
+.B int pcre16_config(int \fIwhat\fP, void *\fIwhere\fP);
+.PP
+.B int pcre32_config(int \fIwhat\fP, void *\fIwhere\fP);
+.
+.SH DESCRIPTION
+.rs
+.sp
+This function makes it possible for a client program to find out which optional
+features are available in the version of the PCRE library it is using. The
+arguments are as follows:
+.sp
+  \fIwhat\fP     A code specifying what information is required
+  \fIwhere\fP    Points to where to put the data
+.sp
+The \fIwhere\fP argument must point to an integer variable, except for
+PCRE_CONFIG_MATCH_LIMIT, PCRE_CONFIG_MATCH_LIMIT_RECURSION, and
+PCRE_CONFIG_PARENS_LIMIT, when it must point to an unsigned long integer,
+and for PCRE_CONFIG_JITTARGET, when it must point to a const char*.
+The available codes are:
+.sp
+  PCRE_CONFIG_JIT           Availability of just-in-time compiler
+                              support (1=yes 0=no)
+  PCRE_CONFIG_JITTARGET     String containing information about the
+                              target architecture for the JIT compiler,
+                              or NULL if there is no JIT support
+  PCRE_CONFIG_LINK_SIZE     Internal link size: 2, 3, or 4
+  PCRE_CONFIG_PARENS_LIMIT  Parentheses nesting limit
+  PCRE_CONFIG_MATCH_LIMIT   Internal resource limit
+  PCRE_CONFIG_MATCH_LIMIT_RECURSION
+                            Internal recursion depth limit
+  PCRE_CONFIG_NEWLINE       Value of the default newline sequence:
+                                13 (0x000d)    for CR
+                                10 (0x000a)    for LF
+                              3338 (0x0d0a)    for CRLF
+                                -2             for ANYCRLF
+                                -1             for ANY
+  PCRE_CONFIG_BSR           Indicates what \eR matches by default:
+                                 0             all Unicode line endings
+                                 1             CR, LF, or CRLF only
+  PCRE_CONFIG_POSIX_MALLOC_THRESHOLD
+                            Threshold of return slots, above which
+                              \fBmalloc()\fP is used by the POSIX API
+  PCRE_CONFIG_STACKRECURSE  Recursion implementation (1=stack 0=heap)
+  PCRE_CONFIG_UTF16         Availability of UTF-16 support (1=yes
+                               0=no); option for \fBpcre16_config()\fP
+  PCRE_CONFIG_UTF32         Availability of UTF-32 support (1=yes
+                               0=no); option for \fBpcre32_config()\fP
+  PCRE_CONFIG_UTF8          Availability of UTF-8 support (1=yes 0=no);
+                              option for \fBpcre_config()\fP
+  PCRE_CONFIG_UNICODE_PROPERTIES
+                            Availability of Unicode property support
+                              (1=yes 0=no)
+.sp
+The function yields 0 on success or PCRE_ERROR_BADOPTION otherwise. That error
+is also given if PCRE_CONFIG_UTF16 or PCRE_CONFIG_UTF32 is passed to
+\fBpcre_config()\fP, if PCRE_CONFIG_UTF8 or PCRE_CONFIG_UTF32 is passed to
+\fBpcre16_config()\fP, or if PCRE_CONFIG_UTF8 or PCRE_CONFIG_UTF16 is passed to
+\fBpcre32_config()\fP.
+.P
+There is a complete description of the PCRE native API in the
+.\" HREF
+\fBpcreapi\fP
+.\"
+page and a description of the POSIX API in the
+.\" HREF
+\fBpcreposix\fP
+.\"
+page.
diff --git a/client/3rd/ShadowSocks/ShadowSocks/pcre/arm64/share/man/man3/pcre_copy_named_substring.3 b/client/3rd/ShadowSocks/ShadowSocks/pcre/arm64/share/man/man3/pcre_copy_named_substring.3
new file mode 100644
index 00000000..52582aec
--- /dev/null
+++ b/client/3rd/ShadowSocks/ShadowSocks/pcre/arm64/share/man/man3/pcre_copy_named_substring.3
@@ -0,0 +1,51 @@
+.TH PCRE_COPY_NAMED_SUBSTRING 3 "24 June 2012" "PCRE 8.30"
+.SH NAME
+PCRE - Perl-compatible regular expressions
+.SH SYNOPSIS
+.rs
+.sp
+.B #include <pcre.h>
+.PP
+.nf
+.B int pcre_copy_named_substring(const pcre *\fIcode\fP,
+.B "     const char *\fIsubject\fP, int *\fIovector\fP,"
+.B "     int \fIstringcount\fP, const char *\fIstringname\fP,"
+.B "     char *\fIbuffer\fP, int \fIbuffersize\fP);"
+.sp
+.B int pcre16_copy_named_substring(const pcre16 *\fIcode\fP,
+.B "     PCRE_SPTR16 \fIsubject\fP, int *\fIovector\fP,"
+.B "     int \fIstringcount\fP, PCRE_SPTR16 \fIstringname\fP,"
+.B "     PCRE_UCHAR16 *\fIbuffer\fP, int \fIbuffersize\fP);"
+.sp
+.B int pcre32_copy_named_substring(const pcre32 *\fIcode\fP,
+.B "     PCRE_SPTR32 \fIsubject\fP, int *\fIovector\fP,"
+.B "     int \fIstringcount\fP, PCRE_SPTR32 \fIstringname\fP,"
+.B "     PCRE_UCHAR32 *\fIbuffer\fP, int \fIbuffersize\fP);"
+.fi
+.
+.SH DESCRIPTION
+.rs
+.sp
+This is a convenience function for extracting a captured substring, identified
+by name, into a given buffer. The arguments are:
+.sp
+  \fIcode\fP          Pattern that was successfully matched
+  \fIsubject\fP       Subject that has been successfully matched
+  \fIovector\fP       Offset vector that \fBpcre[16|32]_exec()\fP used
+  \fIstringcount\fP   Value returned by \fBpcre[16|32]_exec()\fP
+  \fIstringname\fP    Name of the required substring
+  \fIbuffer\fP        Buffer to receive the string
+  \fIbuffersize\fP    Size of buffer
+.sp
+The yield is the length of the substring, PCRE_ERROR_NOMEMORY if the buffer was
+too small, or PCRE_ERROR_NOSUBSTRING if the string name is invalid.
+.P
+There is a complete description of the PCRE native API in the
+.\" HREF
+\fBpcreapi\fP
+.\"
+page and a description of the POSIX API in the
+.\" HREF
+\fBpcreposix\fP
+.\"
+page.
diff --git a/client/3rd/ShadowSocks/ShadowSocks/pcre/arm64/share/man/man3/pcre_copy_substring.3 b/client/3rd/ShadowSocks/ShadowSocks/pcre/arm64/share/man/man3/pcre_copy_substring.3
new file mode 100644
index 00000000..83af6e80
--- /dev/null
+++ b/client/3rd/ShadowSocks/ShadowSocks/pcre/arm64/share/man/man3/pcre_copy_substring.3
@@ -0,0 +1,47 @@
+.TH PCRE_COPY_SUBSTRING 3 "24 June 2012" "PCRE 8.30"
+.SH NAME
+PCRE - Perl-compatible regular expressions
+.SH SYNOPSIS
+.rs
+.sp
+.B #include <pcre.h>
+.PP
+.nf
+.B int pcre_copy_substring(const char *\fIsubject\fP, int *\fIovector\fP,
+.B "     int \fIstringcount\fP, int \fIstringnumber\fP, char *\fIbuffer\fP,"
+.B "     int \fIbuffersize\fP);"
+.sp
+.B int pcre16_copy_substring(PCRE_SPTR16 \fIsubject\fP, int *\fIovector\fP,
+.B "     int \fIstringcount\fP, int \fIstringnumber\fP, PCRE_UCHAR16 *\fIbuffer\fP,"
+.B "     int \fIbuffersize\fP);"
+.sp
+.B int pcre32_copy_substring(PCRE_SPTR32 \fIsubject\fP, int *\fIovector\fP,
+.B "     int \fIstringcount\fP, int \fIstringnumber\fP, PCRE_UCHAR32 *\fIbuffer\fP,"
+.B "     int \fIbuffersize\fP);"
+.fi
+.
+.SH DESCRIPTION
+.rs
+.sp
+This is a convenience function for extracting a captured substring into a given
+buffer. The arguments are:
+.sp
+  \fIsubject\fP       Subject that has been successfully matched
+  \fIovector\fP       Offset vector that \fBpcre[16|32]_exec()\fP used
+  \fIstringcount\fP   Value returned by \fBpcre[16|32]_exec()\fP
+  \fIstringnumber\fP  Number of the required substring
+  \fIbuffer\fP        Buffer to receive the string
+  \fIbuffersize\fP    Size of buffer
+.sp
+The yield is the length of the string, PCRE_ERROR_NOMEMORY if the buffer was
+too small, or PCRE_ERROR_NOSUBSTRING if the string number is invalid.
+.P
+There is a complete description of the PCRE native API in the
+.\" HREF
+\fBpcreapi\fP
+.\"
+page and a description of the POSIX API in the
+.\" HREF
+\fBpcreposix\fP
+.\"
+page.
diff --git a/client/3rd/ShadowSocks/ShadowSocks/pcre/arm64/share/man/man3/pcre_dfa_exec.3 b/client/3rd/ShadowSocks/ShadowSocks/pcre/arm64/share/man/man3/pcre_dfa_exec.3
new file mode 100644
index 00000000..39c2e836
--- /dev/null
+++ b/client/3rd/ShadowSocks/ShadowSocks/pcre/arm64/share/man/man3/pcre_dfa_exec.3
@@ -0,0 +1,118 @@
+.TH PCRE_DFA_EXEC 3 "12 May 2013" "PCRE 8.33"
+.SH NAME
+PCRE - Perl-compatible regular expressions
+.SH SYNOPSIS
+.rs
+.sp
+.B #include <pcre.h>
+.PP
+.nf
+.B int pcre_dfa_exec(const pcre *\fIcode\fP, "const pcre_extra *\fIextra\fP,"
+.B "     const char *\fIsubject\fP, int \fIlength\fP, int \fIstartoffset\fP,"
+.B "     int \fIoptions\fP, int *\fIovector\fP, int \fIovecsize\fP,"
+.B "     int *\fIworkspace\fP, int \fIwscount\fP);"
+.sp
+.B int pcre16_dfa_exec(const pcre16 *\fIcode\fP, "const pcre16_extra *\fIextra\fP,"
+.B "     PCRE_SPTR16 \fIsubject\fP, int \fIlength\fP, int \fIstartoffset\fP,"
+.B "     int \fIoptions\fP, int *\fIovector\fP, int \fIovecsize\fP,"
+.B "     int *\fIworkspace\fP, int \fIwscount\fP);"
+.sp
+.B int pcre32_dfa_exec(const pcre32 *\fIcode\fP, "const pcre32_extra *\fIextra\fP,"
+.B "     PCRE_SPTR32 \fIsubject\fP, int \fIlength\fP, int \fIstartoffset\fP,"
+.B "     int \fIoptions\fP, int *\fIovector\fP, int \fIovecsize\fP,"
+.B "     int *\fIworkspace\fP, int \fIwscount\fP);"
+.fi
+.
+.SH DESCRIPTION
+.rs
+.sp
+This function matches a compiled regular expression against a given subject
+string, using an alternative matching algorithm that scans the subject string
+just once (\fInot\fP Perl-compatible). Note that the main, Perl-compatible,
+matching function is \fBpcre[16|32]_exec()\fP. The arguments for this function
+are:
+.sp
+  \fIcode\fP         Points to the compiled pattern
+  \fIextra\fP        Points to an associated \fBpcre[16|32]_extra\fP structure,
+                 or is NULL
+  \fIsubject\fP      Points to the subject string
+  \fIlength\fP       Length of the subject string
+  \fIstartoffset\fP  Offset in the subject at which to start matching
+  \fIoptions\fP      Option bits
+  \fIovector\fP      Points to a vector of ints for result offsets
+  \fIovecsize\fP     Number of elements in the vector
+  \fIworkspace\fP    Points to a vector of ints used as working space
+  \fIwscount\fP      Number of elements in the vector
+.sp
+The units for \fIlength\fP and \fIstartoffset\fP are bytes for
+\fBpcre_exec()\fP, 16-bit data items for \fBpcre16_exec()\fP, and 32-bit items
+for \fBpcre32_exec()\fP. The options are:
+.sp
+  PCRE_ANCHORED          Match only at the first position
+  PCRE_BSR_ANYCRLF       \eR matches only CR, LF, or CRLF
+  PCRE_BSR_UNICODE       \eR matches all Unicode line endings
+  PCRE_NEWLINE_ANY       Recognize any Unicode newline sequence
+  PCRE_NEWLINE_ANYCRLF   Recognize CR, LF, & CRLF as newline sequences
+  PCRE_NEWLINE_CR        Recognize CR as the only newline sequence
+  PCRE_NEWLINE_CRLF      Recognize CRLF as the only newline sequence
+  PCRE_NEWLINE_LF        Recognize LF as the only newline sequence
+  PCRE_NOTBOL            Subject is not the beginning of a line
+  PCRE_NOTEOL            Subject is not the end of a line
+  PCRE_NOTEMPTY          An empty string is not a valid match
+  PCRE_NOTEMPTY_ATSTART  An empty string at the start of the subject
+                           is not a valid match
+  PCRE_NO_START_OPTIMIZE Do not do "start-match" optimizations
+  PCRE_NO_UTF16_CHECK    Do not check the subject for UTF-16
+                           validity (only relevant if PCRE_UTF16
+                           was set at compile time)
+  PCRE_NO_UTF32_CHECK    Do not check the subject for UTF-32
+                           validity (only relevant if PCRE_UTF32
+                           was set at compile time)
+  PCRE_NO_UTF8_CHECK     Do not check the subject for UTF-8
+                           validity (only relevant if PCRE_UTF8
+                           was set at compile time)
+  PCRE_PARTIAL           ) Return PCRE_ERROR_PARTIAL for a partial
+  PCRE_PARTIAL_SOFT      )   match if no full matches are found
+  PCRE_PARTIAL_HARD      Return PCRE_ERROR_PARTIAL for a partial match
+                           even if there is a full match as well
+  PCRE_DFA_SHORTEST      Return only the shortest match
+  PCRE_DFA_RESTART       Restart after a partial match
+.sp
+There are restrictions on what may appear in a pattern when using this matching
+function. Details are given in the
+.\" HREF
+\fBpcrematching\fP
+.\"
+documentation. For details of partial matching, see the
+.\" HREF
+\fBpcrepartial\fP
+.\"
+page.
+.P
+A \fBpcre[16|32]_extra\fP structure contains the following fields:
+.sp
+  \fIflags\fP            Bits indicating which fields are set
+  \fIstudy_data\fP       Opaque data from \fBpcre[16|32]_study()\fP
+  \fImatch_limit\fP      Limit on internal resource use
+  \fImatch_limit_recursion\fP  Limit on internal recursion depth
+  \fIcallout_data\fP     Opaque data passed back to callouts
+  \fItables\fP           Points to character tables or is NULL
+  \fImark\fP             For passing back a *MARK pointer
+  \fIexecutable_jit\fP   Opaque data from JIT compilation
+.sp
+The flag bits are PCRE_EXTRA_STUDY_DATA, PCRE_EXTRA_MATCH_LIMIT,
+PCRE_EXTRA_MATCH_LIMIT_RECURSION, PCRE_EXTRA_CALLOUT_DATA,
+PCRE_EXTRA_TABLES, PCRE_EXTRA_MARK and PCRE_EXTRA_EXECUTABLE_JIT. For this
+matching function, the \fImatch_limit\fP and \fImatch_limit_recursion\fP fields
+are not used, and must not be set. The PCRE_EXTRA_EXECUTABLE_JIT flag and
+the corresponding variable are ignored.
+.P
+There is a complete description of the PCRE native API in the
+.\" HREF
+\fBpcreapi\fP
+.\"
+page and a description of the POSIX API in the
+.\" HREF
+\fBpcreposix\fP
+.\"
+page.
diff --git a/client/3rd/ShadowSocks/ShadowSocks/pcre/arm64/share/man/man3/pcre_exec.3 b/client/3rd/ShadowSocks/ShadowSocks/pcre/arm64/share/man/man3/pcre_exec.3
new file mode 100644
index 00000000..4686bd6d
--- /dev/null
+++ b/client/3rd/ShadowSocks/ShadowSocks/pcre/arm64/share/man/man3/pcre_exec.3
@@ -0,0 +1,99 @@
+.TH PCRE_EXEC 3 "12 May 2013" "PCRE 8.33"
+.SH NAME
+PCRE - Perl-compatible regular expressions
+.SH SYNOPSIS
+.rs
+.sp
+.B #include <pcre.h>
+.PP
+.nf
+.B int pcre_exec(const pcre *\fIcode\fP, "const pcre_extra *\fIextra\fP,"
+.B "     const char *\fIsubject\fP, int \fIlength\fP, int \fIstartoffset\fP,"
+.B "     int \fIoptions\fP, int *\fIovector\fP, int \fIovecsize\fP);"
+.sp
+.B int pcre16_exec(const pcre16 *\fIcode\fP, "const pcre16_extra *\fIextra\fP,"
+.B "     PCRE_SPTR16 \fIsubject\fP, int \fIlength\fP, int \fIstartoffset\fP,"
+.B "     int \fIoptions\fP, int *\fIovector\fP, int \fIovecsize\fP);"
+.sp
+.B int pcre32_exec(const pcre32 *\fIcode\fP, "const pcre32_extra *\fIextra\fP,"
+.B "     PCRE_SPTR32 \fIsubject\fP, int \fIlength\fP, int \fIstartoffset\fP,"
+.B "     int \fIoptions\fP, int *\fIovector\fP, int \fIovecsize\fP);"
+.fi
+.
+.SH DESCRIPTION
+.rs
+.sp
+This function matches a compiled regular expression against a given subject
+string, using a matching algorithm that is similar to Perl's. It returns
+offsets to captured substrings. Its arguments are:
+.sp
+  \fIcode\fP         Points to the compiled pattern
+  \fIextra\fP        Points to an associated \fBpcre[16|32]_extra\fP structure,
+                 or is NULL
+  \fIsubject\fP      Points to the subject string
+  \fIlength\fP       Length of the subject string
+  \fIstartoffset\fP  Offset in the subject at which to start matching
+  \fIoptions\fP      Option bits
+  \fIovector\fP      Points to a vector of ints for result offsets
+  \fIovecsize\fP     Number of elements in the vector (a multiple of 3)
+.sp
+The units for \fIlength\fP and \fIstartoffset\fP are bytes for
+\fBpcre_exec()\fP, 16-bit data items for \fBpcre16_exec()\fP, and 32-bit items
+for \fBpcre32_exec()\fP. The options are:
+.sp
+  PCRE_ANCHORED          Match only at the first position
+  PCRE_BSR_ANYCRLF       \eR matches only CR, LF, or CRLF
+  PCRE_BSR_UNICODE       \eR matches all Unicode line endings
+  PCRE_NEWLINE_ANY       Recognize any Unicode newline sequence
+  PCRE_NEWLINE_ANYCRLF   Recognize CR, LF, & CRLF as newline sequences
+  PCRE_NEWLINE_CR        Recognize CR as the only newline sequence
+  PCRE_NEWLINE_CRLF      Recognize CRLF as the only newline sequence
+  PCRE_NEWLINE_LF        Recognize LF as the only newline sequence
+  PCRE_NOTBOL            Subject string is not the beginning of a line
+  PCRE_NOTEOL            Subject string is not the end of a line
+  PCRE_NOTEMPTY          An empty string is not a valid match
+  PCRE_NOTEMPTY_ATSTART  An empty string at the start of the subject
+                           is not a valid match
+  PCRE_NO_START_OPTIMIZE Do not do "start-match" optimizations
+  PCRE_NO_UTF16_CHECK    Do not check the subject for UTF-16
+                           validity (only relevant if PCRE_UTF16
+                           was set at compile time)
+  PCRE_NO_UTF32_CHECK    Do not check the subject for UTF-32
+                           validity (only relevant if PCRE_UTF32
+                           was set at compile time)
+  PCRE_NO_UTF8_CHECK     Do not check the subject for UTF-8
+                           validity (only relevant if PCRE_UTF8
+                           was set at compile time)
+  PCRE_PARTIAL           ) Return PCRE_ERROR_PARTIAL for a partial
+  PCRE_PARTIAL_SOFT      )   match if no full matches are found
+  PCRE_PARTIAL_HARD      Return PCRE_ERROR_PARTIAL for a partial match
+                           if that is found before a full match
+.sp
+For details of partial matching, see the
+.\" HREF
+\fBpcrepartial\fP
+.\"
+page. A \fBpcre_extra\fP structure contains the following fields:
+.sp
+  \fIflags\fP            Bits indicating which fields are set
+  \fIstudy_data\fP       Opaque data from \fBpcre[16|32]_study()\fP
+  \fImatch_limit\fP      Limit on internal resource use
+  \fImatch_limit_recursion\fP  Limit on internal recursion depth
+  \fIcallout_data\fP     Opaque data passed back to callouts
+  \fItables\fP           Points to character tables or is NULL
+  \fImark\fP             For passing back a *MARK pointer
+  \fIexecutable_jit\fP   Opaque data from JIT compilation
+.sp
+The flag bits are PCRE_EXTRA_STUDY_DATA, PCRE_EXTRA_MATCH_LIMIT,
+PCRE_EXTRA_MATCH_LIMIT_RECURSION, PCRE_EXTRA_CALLOUT_DATA,
+PCRE_EXTRA_TABLES, PCRE_EXTRA_MARK and PCRE_EXTRA_EXECUTABLE_JIT.
+.P
+There is a complete description of the PCRE native API in the
+.\" HREF
+\fBpcreapi\fP
+.\"
+page and a description of the POSIX API in the
+.\" HREF
+\fBpcreposix\fP
+.\"
+page.
diff --git a/client/3rd/ShadowSocks/ShadowSocks/pcre/arm64/share/man/man3/pcre_free_study.3 b/client/3rd/ShadowSocks/ShadowSocks/pcre/arm64/share/man/man3/pcre_free_study.3
new file mode 100644
index 00000000..8826b735
--- /dev/null
+++ b/client/3rd/ShadowSocks/ShadowSocks/pcre/arm64/share/man/man3/pcre_free_study.3
@@ -0,0 +1,31 @@
+.TH PCRE_FREE_STUDY 3 "24 June 2012" "PCRE 8.30"
+.SH NAME
+PCRE - Perl-compatible regular expressions
+.SH SYNOPSIS
+.rs
+.sp
+.B #include <pcre.h>
+.PP
+.SM
+.B void pcre_free_study(pcre_extra *\fIextra\fP);
+.PP
+.B void pcre16_free_study(pcre16_extra *\fIextra\fP);
+.PP
+.B void pcre32_free_study(pcre32_extra *\fIextra\fP);
+.
+.SH DESCRIPTION
+.rs
+.sp
+This function is used to free the memory used for the data generated by a call
+to \fBpcre[16|32]_study()\fP when it is no longer needed. The argument must be the
+result of such a call.
+.P
+There is a complete description of the PCRE native API in the
+.\" HREF
+\fBpcreapi\fP
+.\"
+page and a description of the POSIX API in the
+.\" HREF
+\fBpcreposix\fP
+.\"
+page.
diff --git a/client/3rd/ShadowSocks/ShadowSocks/pcre/arm64/share/man/man3/pcre_free_substring.3 b/client/3rd/ShadowSocks/ShadowSocks/pcre/arm64/share/man/man3/pcre_free_substring.3
new file mode 100644
index 00000000..88c04019
--- /dev/null
+++ b/client/3rd/ShadowSocks/ShadowSocks/pcre/arm64/share/man/man3/pcre_free_substring.3
@@ -0,0 +1,31 @@
+.TH PCRE_FREE_SUBSTRING 3 "24 June 2012" "PCRE 8.30"
+.SH NAME
+PCRE - Perl-compatible regular expressions
+.SH SYNOPSIS
+.rs
+.sp
+.B #include <pcre.h>
+.PP
+.SM
+.B void pcre_free_substring(const char *\fIstringptr\fP);
+.PP
+.B void pcre16_free_substring(PCRE_SPTR16 \fIstringptr\fP);
+.PP
+.B void pcre32_free_substring(PCRE_SPTR32 \fIstringptr\fP);
+.
+.SH DESCRIPTION
+.rs
+.sp
+This is a convenience function for freeing the store obtained by a previous
+call to \fBpcre[16|32]_get_substring()\fP or \fBpcre[16|32]_get_named_substring()\fP.
+Its only argument is a pointer to the string.
+.P
+There is a complete description of the PCRE native API in the
+.\" HREF
+\fBpcreapi\fP
+.\"
+page and a description of the POSIX API in the
+.\" HREF
+\fBpcreposix\fP
+.\"
+page.
diff --git a/client/3rd/ShadowSocks/ShadowSocks/pcre/arm64/share/man/man3/pcre_free_substring_list.3 b/client/3rd/ShadowSocks/ShadowSocks/pcre/arm64/share/man/man3/pcre_free_substring_list.3
new file mode 100644
index 00000000..248b4bd0
--- /dev/null
+++ b/client/3rd/ShadowSocks/ShadowSocks/pcre/arm64/share/man/man3/pcre_free_substring_list.3
@@ -0,0 +1,31 @@
+.TH PCRE_FREE_SUBSTRING_LIST 3 "24 June 2012" "PCRE 8.30"
+.SH NAME
+PCRE - Perl-compatible regular expressions
+.SH SYNOPSIS
+.rs
+.sp
+.B #include <pcre.h>
+.PP
+.SM
+.B void pcre_free_substring_list(const char **\fIstringptr\fP);
+.PP
+.B void pcre16_free_substring_list(PCRE_SPTR16 *\fIstringptr\fP);
+.PP
+.B void pcre32_free_substring_list(PCRE_SPTR32 *\fIstringptr\fP);
+.
+.SH DESCRIPTION
+.rs
+.sp
+This is a convenience function for freeing the store obtained by a previous
+call to \fBpcre[16|32]_get_substring_list()\fP. Its only argument is a pointer to
+the list of string pointers.
+.P
+There is a complete description of the PCRE native API in the
+.\" HREF
+\fBpcreapi\fP
+.\"
+page and a description of the POSIX API in the
+.\" HREF
+\fBpcreposix\fP
+.\"
+page.
diff --git a/client/3rd/ShadowSocks/ShadowSocks/pcre/arm64/share/man/man3/pcre_fullinfo.3 b/client/3rd/ShadowSocks/ShadowSocks/pcre/arm64/share/man/man3/pcre_fullinfo.3
new file mode 100644
index 00000000..c9b2c656
--- /dev/null
+++ b/client/3rd/ShadowSocks/ShadowSocks/pcre/arm64/share/man/man3/pcre_fullinfo.3
@@ -0,0 +1,103 @@
+.TH PCRE_FULLINFO 3 "21 April 2014" "PCRE 8.36"
+.SH NAME
+PCRE - Perl-compatible regular expressions
+.SH SYNOPSIS
+.rs
+.sp
+.B #include <pcre.h>
+.PP
+.nf
+.B int pcre_fullinfo(const pcre *\fIcode\fP, "const pcre_extra *\fIextra\fP,"
+.B "     int \fIwhat\fP, void *\fIwhere\fP);"
+.sp
+.B int pcre16_fullinfo(const pcre16 *\fIcode\fP, "const pcre16_extra *\fIextra\fP,"
+.B "     int \fIwhat\fP, void *\fIwhere\fP);"
+.sp
+.B int pcre32_fullinfo(const pcre32 *\fIcode\fP, "const pcre32_extra *\fIextra\fP,"
+.B "     int \fIwhat\fP, void *\fIwhere\fP);"
+.fi
+.
+.SH DESCRIPTION
+.rs
+.sp
+This function returns information about a compiled pattern. Its arguments are:
+.sp
+  \fIcode\fP                      Compiled regular expression
+  \fIextra\fP                     Result of \fBpcre[16|32]_study()\fP or NULL
+  \fIwhat\fP                      What information is required
+  \fIwhere\fP                     Where to put the information
+.sp
+The following information is available:
+.sp
+  PCRE_INFO_BACKREFMAX      Number of highest back reference
+  PCRE_INFO_CAPTURECOUNT    Number of capturing subpatterns
+  PCRE_INFO_DEFAULT_TABLES  Pointer to default tables
+  PCRE_INFO_FIRSTBYTE       Fixed first data unit for a match, or
+                              -1 for start of string
+                                 or after newline, or
+                              -2 otherwise
+  PCRE_INFO_FIRSTTABLE      Table of first data units (after studying)
+  PCRE_INFO_HASCRORLF       Return 1 if explicit CR or LF matches exist
+  PCRE_INFO_JCHANGED        Return 1 if (?J) or (?-J) was used
+  PCRE_INFO_JIT             Return 1 after successful JIT compilation
+  PCRE_INFO_JITSIZE         Size of JIT compiled code
+  PCRE_INFO_LASTLITERAL     Literal last data unit required
+  PCRE_INFO_MINLENGTH       Lower bound length of matching strings
+  PCRE_INFO_MATCHEMPTY      Return 1 if the pattern can match an empty string,
+                               0 otherwise
+  PCRE_INFO_MATCHLIMIT      Match limit if set, otherwise PCRE_RROR_UNSET
+  PCRE_INFO_MAXLOOKBEHIND   Length (in characters) of the longest lookbehind assertion
+  PCRE_INFO_NAMECOUNT       Number of named subpatterns
+  PCRE_INFO_NAMEENTRYSIZE   Size of name table entry
+  PCRE_INFO_NAMETABLE       Pointer to name table
+  PCRE_INFO_OKPARTIAL       Return 1 if partial matching can be tried
+                              (always returns 1 after release 8.00)
+  PCRE_INFO_OPTIONS         Option bits used for compilation
+  PCRE_INFO_SIZE            Size of compiled pattern
+  PCRE_INFO_STUDYSIZE       Size of study data
+  PCRE_INFO_FIRSTCHARACTER      Fixed first data unit for a match
+  PCRE_INFO_FIRSTCHARACTERFLAGS Returns
+                                  1 if there is a first data character set, which can
+                                    then be retrieved using PCRE_INFO_FIRSTCHARACTER,
+                                  2 if the first character is at the start of the data
+                                    string or after a newline, and
+                                  0 otherwise
+  PCRE_INFO_RECURSIONLIMIT    Recursion limit if set, otherwise PCRE_ERROR_UNSET
+  PCRE_INFO_REQUIREDCHAR      Literal last data unit required
+  PCRE_INFO_REQUIREDCHARFLAGS Returns 1 if the last data character is set (which can then
+                              be retrieved using PCRE_INFO_REQUIREDCHAR); 0 otherwise
+.sp
+The \fIwhere\fP argument must point to an integer variable, except for the
+following \fIwhat\fP values:
+.sp
+  PCRE_INFO_DEFAULT_TABLES  const uint8_t *
+  PCRE_INFO_FIRSTCHARACTER  uint32_t
+  PCRE_INFO_FIRSTTABLE      const uint8_t *
+  PCRE_INFO_JITSIZE         size_t
+  PCRE_INFO_MATCHLIMIT      uint32_t
+  PCRE_INFO_NAMETABLE       PCRE_SPTR16           (16-bit library)
+  PCRE_INFO_NAMETABLE       PCRE_SPTR32           (32-bit library)
+  PCRE_INFO_NAMETABLE       const unsigned char * (8-bit library)
+  PCRE_INFO_OPTIONS         unsigned long int
+  PCRE_INFO_SIZE            size_t
+  PCRE_INFO_STUDYSIZE       size_t
+  PCRE_INFO_RECURSIONLIMIT  uint32_t
+  PCRE_INFO_REQUIREDCHAR    uint32_t
+.sp
+The yield of the function is zero on success or:
+.sp
+  PCRE_ERROR_NULL           the argument \fIcode\fP was NULL
+                            the argument \fIwhere\fP was NULL
+  PCRE_ERROR_BADMAGIC       the "magic number" was not found
+  PCRE_ERROR_BADOPTION      the value of \fIwhat\fP was invalid
+  PCRE_ERROR_UNSET          the option was not set
+.P
+There is a complete description of the PCRE native API in the
+.\" HREF
+\fBpcreapi\fP
+.\"
+page and a description of the POSIX API in the
+.\" HREF
+\fBpcreposix\fP
+.\"
+page.
diff --git a/client/3rd/ShadowSocks/ShadowSocks/pcre/arm64/share/man/man3/pcre_get_named_substring.3 b/client/3rd/ShadowSocks/ShadowSocks/pcre/arm64/share/man/man3/pcre_get_named_substring.3
new file mode 100644
index 00000000..84d4ee7d
--- /dev/null
+++ b/client/3rd/ShadowSocks/ShadowSocks/pcre/arm64/share/man/man3/pcre_get_named_substring.3
@@ -0,0 +1,54 @@
+.TH PCRE_GET_NAMED_SUBSTRING 3 "24 June 2012" "PCRE 8.30"
+.SH NAME
+PCRE - Perl-compatible regular expressions
+.SH SYNOPSIS
+.rs
+.sp
+.B #include <pcre.h>
+.PP
+.nf
+.B int pcre_get_named_substring(const pcre *\fIcode\fP,
+.B "     const char *\fIsubject\fP, int *\fIovector\fP,"
+.B "     int \fIstringcount\fP, const char *\fIstringname\fP,"
+.B "     const char **\fIstringptr\fP);"
+.sp
+.B int pcre16_get_named_substring(const pcre16 *\fIcode\fP,
+.B "     PCRE_SPTR16 \fIsubject\fP, int *\fIovector\fP,"
+.B "     int \fIstringcount\fP, PCRE_SPTR16 \fIstringname\fP,"
+.B "     PCRE_SPTR16 *\fIstringptr\fP);"
+.sp
+.B int pcre32_get_named_substring(const pcre32 *\fIcode\fP,
+.B "     PCRE_SPTR32 \fIsubject\fP, int *\fIovector\fP,"
+.B "     int \fIstringcount\fP, PCRE_SPTR32 \fIstringname\fP,"
+.B "     PCRE_SPTR32 *\fIstringptr\fP);"
+.fi
+.
+.SH DESCRIPTION
+.rs
+.sp
+This is a convenience function for extracting a captured substring by name. The
+arguments are:
+.sp
+  \fIcode\fP          Compiled pattern
+  \fIsubject\fP       Subject that has been successfully matched
+  \fIovector\fP       Offset vector that \fBpcre[16|32]_exec()\fP used
+  \fIstringcount\fP   Value returned by \fBpcre[16|32]_exec()\fP
+  \fIstringname\fP    Name of the required substring
+  \fIstringptr\fP     Where to put the string pointer
+.sp
+The memory in which the substring is placed is obtained by calling
+\fBpcre[16|32]_malloc()\fP. The convenience function
+\fBpcre[16|32]_free_substring()\fP can be used to free it when it is no longer
+needed. The yield of the function is the length of the extracted substring,
+PCRE_ERROR_NOMEMORY if sufficient memory could not be obtained, or
+PCRE_ERROR_NOSUBSTRING if the string name is invalid.
+.P
+There is a complete description of the PCRE native API in the
+.\" HREF
+\fBpcreapi\fP
+.\"
+page and a description of the POSIX API in the
+.\" HREF
+\fBpcreposix\fP
+.\"
+page.
diff --git a/client/3rd/ShadowSocks/ShadowSocks/pcre/arm64/share/man/man3/pcre_get_stringnumber.3 b/client/3rd/ShadowSocks/ShadowSocks/pcre/arm64/share/man/man3/pcre_get_stringnumber.3
new file mode 100644
index 00000000..9fc5291d
--- /dev/null
+++ b/client/3rd/ShadowSocks/ShadowSocks/pcre/arm64/share/man/man3/pcre_get_stringnumber.3
@@ -0,0 +1,43 @@
+.TH PCRE_GET_STRINGNUMBER 3 "24 June 2012" "PCRE 8.30"
+.SH NAME
+PCRE - Perl-compatible regular expressions
+.SH SYNOPSIS
+.rs
+.sp
+.B #include <pcre.h>
+.PP
+.nf
+.B int pcre_get_stringnumber(const pcre *\fIcode\fP,
+.B "     const char *\fIname\fP);"
+.sp
+.B int pcre16_get_stringnumber(const pcre16 *\fIcode\fP,
+.B "     PCRE_SPTR16 \fIname\fP);"
+.sp
+.B int pcre32_get_stringnumber(const pcre32 *\fIcode\fP,
+.B "     PCRE_SPTR32 \fIname\fP);"
+.fi
+.
+.SH DESCRIPTION
+.rs
+.sp
+This convenience function finds the number of a named substring capturing
+parenthesis in a compiled pattern. Its arguments are:
+.sp
+  \fIcode\fP    Compiled regular expression
+  \fIname\fP    Name whose number is required
+.sp
+The yield of the function is the number of the parenthesis if the name is
+found, or PCRE_ERROR_NOSUBSTRING otherwise. When duplicate names are allowed
+(PCRE_DUPNAMES is set), it is not defined which of the numbers is returned by
+\fBpcre[16|32]_get_stringnumber()\fP. You can obtain the complete list by calling
+\fBpcre[16|32]_get_stringtable_entries()\fP.
+.P
+There is a complete description of the PCRE native API in the
+.\" HREF
+\fBpcreapi\fP
+.\"
+page and a description of the POSIX API in the
+.\" HREF
+\fBpcreposix\fP
+.\"
+page.
diff --git a/client/3rd/ShadowSocks/ShadowSocks/pcre/arm64/share/man/man3/pcre_get_stringtable_entries.3 b/client/3rd/ShadowSocks/ShadowSocks/pcre/arm64/share/man/man3/pcre_get_stringtable_entries.3
new file mode 100644
index 00000000..5c58c90c
--- /dev/null
+++ b/client/3rd/ShadowSocks/ShadowSocks/pcre/arm64/share/man/man3/pcre_get_stringtable_entries.3
@@ -0,0 +1,46 @@
+.TH PCRE_GET_STRINGTABLE_ENTRIES 3 "24 June 2012" "PCRE 8.30"
+.SH NAME
+PCRE - Perl-compatible regular expressions
+.SH SYNOPSIS
+.rs
+.sp
+.B #include <pcre.h>
+.PP
+.nf
+.B int pcre_get_stringtable_entries(const pcre *\fIcode\fP,
+.B "     const char *\fIname\fP, char **\fIfirst\fP, char **\fIlast\fP);"
+.sp
+.B int pcre16_get_stringtable_entries(const pcre16 *\fIcode\fP,
+.B "     PCRE_SPTR16 \fIname\fP, PCRE_UCHAR16 **\fIfirst\fP, PCRE_UCHAR16 **\fIlast\fP);"
+.sp
+.B int pcre32_get_stringtable_entries(const pcre32 *\fIcode\fP,
+.B "     PCRE_SPTR32 \fIname\fP, PCRE_UCHAR32 **\fIfirst\fP, PCRE_UCHAR32 **\fIlast\fP);"
+.fi
+.
+.SH DESCRIPTION
+.rs
+.sp
+This convenience function finds, for a compiled pattern, the first and last
+entries for a given name in the table that translates capturing parenthesis
+names into numbers. When names are required to be unique (PCRE_DUPNAMES is
+\fInot\fP set), it is usually easier to use \fBpcre[16|32]_get_stringnumber()\fP
+instead.
+.sp
+  \fIcode\fP    Compiled regular expression
+  \fIname\fP    Name whose entries required
+  \fIfirst\fP   Where to return a pointer to the first entry
+  \fIlast\fP    Where to return a pointer to the last entry
+.sp
+The yield of the function is the length of each entry, or
+PCRE_ERROR_NOSUBSTRING if none are found.
+.P
+There is a complete description of the PCRE native API, including the format of
+the table entries, in the
+.\" HREF
+\fBpcreapi\fP
+.\"
+page, and a description of the POSIX API in the
+.\" HREF
+\fBpcreposix\fP
+.\"
+page.
diff --git a/client/3rd/ShadowSocks/ShadowSocks/pcre/arm64/share/man/man3/pcre_get_substring.3 b/client/3rd/ShadowSocks/ShadowSocks/pcre/arm64/share/man/man3/pcre_get_substring.3
new file mode 100644
index 00000000..1e62b2c0
--- /dev/null
+++ b/client/3rd/ShadowSocks/ShadowSocks/pcre/arm64/share/man/man3/pcre_get_substring.3
@@ -0,0 +1,50 @@
+.TH PCRE_GET_SUBSTRING 3 "24 June 2012" "PCRE 8.30"
+.SH NAME
+PCRE - Perl-compatible regular expressions
+.SH SYNOPSIS
+.rs
+.sp
+.B #include <pcre.h>
+.PP
+.nf
+.B int pcre_get_substring(const char *\fIsubject\fP, int *\fIovector\fP,
+.B "     int \fIstringcount\fP, int \fIstringnumber\fP,"
+.B "     const char **\fIstringptr\fP);"
+.sp
+.B int pcre16_get_substring(PCRE_SPTR16 \fIsubject\fP, int *\fIovector\fP,
+.B "     int \fIstringcount\fP, int \fIstringnumber\fP,"
+.B "     PCRE_SPTR16 *\fIstringptr\fP);"
+.sp
+.B int pcre32_get_substring(PCRE_SPTR32 \fIsubject\fP, int *\fIovector\fP,
+.B "     int \fIstringcount\fP, int \fIstringnumber\fP,"
+.B "     PCRE_SPTR32 *\fIstringptr\fP);"
+.fi
+.
+.SH DESCRIPTION
+.rs
+.sp
+This is a convenience function for extracting a captured substring. The
+arguments are:
+.sp
+  \fIsubject\fP       Subject that has been successfully matched
+  \fIovector\fP       Offset vector that \fBpcre[16|32]_exec()\fP used
+  \fIstringcount\fP   Value returned by \fBpcre[16|32]_exec()\fP
+  \fIstringnumber\fP  Number of the required substring
+  \fIstringptr\fP     Where to put the string pointer
+.sp
+The memory in which the substring is placed is obtained by calling
+\fBpcre[16|32]_malloc()\fP. The convenience function
+\fBpcre[16|32]_free_substring()\fP can be used to free it when it is no longer
+needed. The yield of the function is the length of the substring,
+PCRE_ERROR_NOMEMORY if sufficient memory could not be obtained, or
+PCRE_ERROR_NOSUBSTRING if the string number is invalid.
+.P
+There is a complete description of the PCRE native API in the
+.\" HREF
+\fBpcreapi\fP
+.\"
+page and a description of the POSIX API in the
+.\" HREF
+\fBpcreposix\fP
+.\"
+page.
diff --git a/client/3rd/ShadowSocks/ShadowSocks/pcre/arm64/share/man/man3/pcre_get_substring_list.3 b/client/3rd/ShadowSocks/ShadowSocks/pcre/arm64/share/man/man3/pcre_get_substring_list.3
new file mode 100644
index 00000000..511a4a39
--- /dev/null
+++ b/client/3rd/ShadowSocks/ShadowSocks/pcre/arm64/share/man/man3/pcre_get_substring_list.3
@@ -0,0 +1,47 @@
+.TH PCRE_GET_SUBSTRING_LIST 3 "24 June 2012" "PCRE 8.30"
+.SH NAME
+PCRE - Perl-compatible regular expressions
+.SH SYNOPSIS
+.rs
+.sp
+.B #include <pcre.h>
+.PP
+.nf
+.B int pcre_get_substring_list(const char *\fIsubject\fP,
+.B "     int *\fIovector\fP, int \fIstringcount\fP, const char ***\fIlistptr\fP);"
+.sp
+.B int pcre16_get_substring_list(PCRE_SPTR16 \fIsubject\fP,
+.B "     int *\fIovector\fP, int \fIstringcount\fP, PCRE_SPTR16 **\fIlistptr\fP);"
+.sp
+.B int pcre32_get_substring_list(PCRE_SPTR32 \fIsubject\fP,
+.B "     int *\fIovector\fP, int \fIstringcount\fP, PCRE_SPTR32 **\fIlistptr\fP);"
+.fi
+.
+.SH DESCRIPTION
+.rs
+.sp
+This is a convenience function for extracting a list of all the captured
+substrings. The arguments are:
+.sp
+  \fIsubject\fP       Subject that has been successfully matched
+  \fIovector\fP       Offset vector that \fBpcre[16|32]_exec\fP used
+  \fIstringcount\fP   Value returned by \fBpcre[16|32]_exec\fP
+  \fIlistptr\fP       Where to put a pointer to the list
+.sp
+The memory in which the substrings and the list are placed is obtained by
+calling \fBpcre[16|32]_malloc()\fP. The convenience function
+\fBpcre[16|32]_free_substring_list()\fP can be used to free it when it is no
+longer needed. A pointer to a list of pointers is put in the variable whose
+address is in \fIlistptr\fP. The list is terminated by a NULL pointer. The
+yield of the function is zero on success or PCRE_ERROR_NOMEMORY if sufficient
+memory could not be obtained.
+.P
+There is a complete description of the PCRE native API in the
+.\" HREF
+\fBpcreapi\fP
+.\"
+page and a description of the POSIX API in the
+.\" HREF
+\fBpcreposix\fP
+.\"
+page.
diff --git a/client/3rd/ShadowSocks/ShadowSocks/pcre/arm64/share/man/man3/pcre_jit_exec.3 b/client/3rd/ShadowSocks/ShadowSocks/pcre/arm64/share/man/man3/pcre_jit_exec.3
new file mode 100644
index 00000000..ba851681
--- /dev/null
+++ b/client/3rd/ShadowSocks/ShadowSocks/pcre/arm64/share/man/man3/pcre_jit_exec.3
@@ -0,0 +1,96 @@
+.TH PCRE_EXEC 3 "31 October 2012" "PCRE 8.30"
+.SH NAME
+PCRE - Perl-compatible regular expressions
+.SH SYNOPSIS
+.rs
+.sp
+.B #include <pcre.h>
+.PP
+.nf
+.B int pcre_jit_exec(const pcre *\fIcode\fP, "const pcre_extra *\fIextra\fP,"
+.B "     const char *\fIsubject\fP, int \fIlength\fP, int \fIstartoffset\fP,"
+.B "     int \fIoptions\fP, int *\fIovector\fP, int \fIovecsize\fP,"
+.B "     pcre_jit_stack *\fIjstack\fP);"
+.sp
+.B int pcre16_jit_exec(const pcre16 *\fIcode\fP, "const pcre16_extra *\fIextra\fP,"
+.B "     PCRE_SPTR16 \fIsubject\fP, int \fIlength\fP, int \fIstartoffset\fP,"
+.B "     int \fIoptions\fP, int *\fIovector\fP, int \fIovecsize\fP,"
+.B "     pcre_jit_stack *\fIjstack\fP);"
+.sp
+.B int pcre32_jit_exec(const pcre32 *\fIcode\fP, "const pcre32_extra *\fIextra\fP,"
+.B "     PCRE_SPTR32 \fIsubject\fP, int \fIlength\fP, int \fIstartoffset\fP,"
+.B "     int \fIoptions\fP, int *\fIovector\fP, int \fIovecsize\fP,"
+.B "     pcre_jit_stack *\fIjstack\fP);"
+.fi
+.
+.SH DESCRIPTION
+.rs
+.sp
+This function matches a compiled regular expression that has been successfully
+studied with one of the JIT options against a given subject string, using a
+matching algorithm that is similar to Perl's. It is a "fast path" interface to
+JIT, and it bypasses some of the sanity checks that \fBpcre_exec()\fP applies.
+It returns offsets to captured substrings. Its arguments are:
+.sp
+  \fIcode\fP         Points to the compiled pattern
+  \fIextra\fP        Points to an associated \fBpcre[16|32]_extra\fP structure,
+                 or is NULL
+  \fIsubject\fP      Points to the subject string
+  \fIlength\fP       Length of the subject string, in bytes
+  \fIstartoffset\fP  Offset in bytes in the subject at which to
+                 start matching
+  \fIoptions\fP      Option bits
+  \fIovector\fP      Points to a vector of ints for result offsets
+  \fIovecsize\fP     Number of elements in the vector (a multiple of 3)
+  \fIjstack\fP       Pointer to a JIT stack
+.sp
+The allowed options are:
+.sp
+  PCRE_NOTBOL            Subject string is not the beginning of a line
+  PCRE_NOTEOL            Subject string is not the end of a line
+  PCRE_NOTEMPTY          An empty string is not a valid match
+  PCRE_NOTEMPTY_ATSTART  An empty string at the start of the subject
+                           is not a valid match
+  PCRE_NO_UTF16_CHECK    Do not check the subject for UTF-16
+                           validity (only relevant if PCRE_UTF16
+                           was set at compile time)
+  PCRE_NO_UTF32_CHECK    Do not check the subject for UTF-32
+                           validity (only relevant if PCRE_UTF32
+                           was set at compile time)
+  PCRE_NO_UTF8_CHECK     Do not check the subject for UTF-8
+                           validity (only relevant if PCRE_UTF8
+                           was set at compile time)
+  PCRE_PARTIAL           ) Return PCRE_ERROR_PARTIAL for a partial
+  PCRE_PARTIAL_SOFT      )   match if no full matches are found
+  PCRE_PARTIAL_HARD      Return PCRE_ERROR_PARTIAL for a partial match
+                           if that is found before a full match
+.sp
+However, the PCRE_NO_UTF[8|16|32]_CHECK options have no effect, as this check
+is never applied. For details of partial matching, see the
+.\" HREF
+\fBpcrepartial\fP
+.\"
+page. A \fBpcre_extra\fP structure contains the following fields:
+.sp
+  \fIflags\fP            Bits indicating which fields are set
+  \fIstudy_data\fP       Opaque data from \fBpcre[16|32]_study()\fP
+  \fImatch_limit\fP      Limit on internal resource use
+  \fImatch_limit_recursion\fP  Limit on internal recursion depth
+  \fIcallout_data\fP     Opaque data passed back to callouts
+  \fItables\fP           Points to character tables or is NULL
+  \fImark\fP             For passing back a *MARK pointer
+  \fIexecutable_jit\fP   Opaque data from JIT compilation
+.sp
+The flag bits are PCRE_EXTRA_STUDY_DATA, PCRE_EXTRA_MATCH_LIMIT,
+PCRE_EXTRA_MATCH_LIMIT_RECURSION, PCRE_EXTRA_CALLOUT_DATA,
+PCRE_EXTRA_TABLES, PCRE_EXTRA_MARK and PCRE_EXTRA_EXECUTABLE_JIT.
+.P
+There is a complete description of the PCRE native API in the
+.\" HREF
+\fBpcreapi\fP
+.\"
+page and a description of the JIT API in the
+.\" HREF
+\fBpcrejit\fP
+.\"
+page.
diff --git a/client/3rd/ShadowSocks/ShadowSocks/pcre/arm64/share/man/man3/pcre_jit_stack_alloc.3 b/client/3rd/ShadowSocks/ShadowSocks/pcre/arm64/share/man/man3/pcre_jit_stack_alloc.3
new file mode 100644
index 00000000..11c97a0f
--- /dev/null
+++ b/client/3rd/ShadowSocks/ShadowSocks/pcre/arm64/share/man/man3/pcre_jit_stack_alloc.3
@@ -0,0 +1,43 @@
+.TH PCRE_JIT_STACK_ALLOC 3 "24 June 2012" "PCRE 8.30"
+.SH NAME
+PCRE - Perl-compatible regular expressions
+.SH SYNOPSIS
+.rs
+.sp
+.B #include <pcre.h>
+.PP
+.nf
+.B pcre_jit_stack *pcre_jit_stack_alloc(int \fIstartsize\fP,
+.B "     int \fImaxsize\fP);"
+.sp
+.B pcre16_jit_stack *pcre16_jit_stack_alloc(int \fIstartsize\fP,
+.B "     int \fImaxsize\fP);"
+.sp
+.B pcre32_jit_stack *pcre32_jit_stack_alloc(int \fIstartsize\fP,
+.B "     int \fImaxsize\fP);"
+.fi
+.
+.SH DESCRIPTION
+.rs
+.sp
+This function is used to create a stack for use by the code compiled by the JIT
+optimization of \fBpcre[16|32]_study()\fP. The arguments are a starting size for
+the stack, and a maximum size to which it is allowed to grow. The result can be
+passed to the JIT run-time code by \fBpcre[16|32]_assign_jit_stack()\fP, or that
+function can set up a callback for obtaining a stack. A maximum stack size of
+512K to 1M should be more than enough for any pattern. For more details, see
+the
+.\" HREF
+\fBpcrejit\fP
+.\"
+page.
+.P
+There is a complete description of the PCRE native API in the
+.\" HREF
+\fBpcreapi\fP
+.\"
+page and a description of the POSIX API in the
+.\" HREF
+\fBpcreposix\fP
+.\"
+page.
diff --git a/client/3rd/ShadowSocks/ShadowSocks/pcre/arm64/share/man/man3/pcre_jit_stack_free.3 b/client/3rd/ShadowSocks/ShadowSocks/pcre/arm64/share/man/man3/pcre_jit_stack_free.3
new file mode 100644
index 00000000..494724e8
--- /dev/null
+++ b/client/3rd/ShadowSocks/ShadowSocks/pcre/arm64/share/man/man3/pcre_jit_stack_free.3
@@ -0,0 +1,35 @@
+.TH PCRE_JIT_STACK_FREE 3 "24 June 2012" "PCRE 8.30"
+.SH NAME
+PCRE - Perl-compatible regular expressions
+.SH SYNOPSIS
+.rs
+.sp
+.B #include <pcre.h>
+.PP
+.SM
+.B void pcre_jit_stack_free(pcre_jit_stack *\fIstack\fP);
+.PP
+.B void pcre16_jit_stack_free(pcre16_jit_stack *\fIstack\fP);
+.PP
+.B void pcre32_jit_stack_free(pcre32_jit_stack *\fIstack\fP);
+.
+.SH DESCRIPTION
+.rs
+.sp
+This function is used to free a JIT stack that was created by
+\fBpcre[16|32]_jit_stack_alloc()\fP when it is no longer needed. For more details,
+see the
+.\" HREF
+\fBpcrejit\fP
+.\"
+page.
+.P
+There is a complete description of the PCRE native API in the
+.\" HREF
+\fBpcreapi\fP
+.\"
+page and a description of the POSIX API in the
+.\" HREF
+\fBpcreposix\fP
+.\"
+page.
diff --git a/client/3rd/ShadowSocks/ShadowSocks/pcre/arm64/share/man/man3/pcre_maketables.3 b/client/3rd/ShadowSocks/ShadowSocks/pcre/arm64/share/man/man3/pcre_maketables.3
new file mode 100644
index 00000000..b2c3d23a
--- /dev/null
+++ b/client/3rd/ShadowSocks/ShadowSocks/pcre/arm64/share/man/man3/pcre_maketables.3
@@ -0,0 +1,33 @@
+.TH PCRE_MAKETABLES 3 "24 June 2012" "PCRE 8.30"
+.SH NAME
+PCRE - Perl-compatible regular expressions
+.SH SYNOPSIS
+.rs
+.sp
+.B #include <pcre.h>
+.PP
+.SM
+.B const unsigned char *pcre_maketables(void);
+.PP
+.B const unsigned char *pcre16_maketables(void);
+.PP
+.B const unsigned char *pcre32_maketables(void);
+.
+.SH DESCRIPTION
+.rs
+.sp
+This function builds a set of character tables for character values less than
+256. These can be passed to \fBpcre[16|32]_compile()\fP to override PCRE's
+internal, built-in tables (which were made by \fBpcre[16|32]_maketables()\fP when
+PCRE was compiled). You might want to do this if you are using a non-standard
+locale. The function yields a pointer to the tables.
+.P
+There is a complete description of the PCRE native API in the
+.\" HREF
+\fBpcreapi\fP
+.\"
+page and a description of the POSIX API in the
+.\" HREF
+\fBpcreposix\fP
+.\"
+page.
diff --git a/client/3rd/ShadowSocks/ShadowSocks/pcre/arm64/share/man/man3/pcre_pattern_to_host_byte_order.3 b/client/3rd/ShadowSocks/ShadowSocks/pcre/arm64/share/man/man3/pcre_pattern_to_host_byte_order.3
new file mode 100644
index 00000000..b0c41c38
--- /dev/null
+++ b/client/3rd/ShadowSocks/ShadowSocks/pcre/arm64/share/man/man3/pcre_pattern_to_host_byte_order.3
@@ -0,0 +1,44 @@
+.TH PCRE_PATTERN_TO_HOST_BYTE_ORDER 3 "24 June 2012" "PCRE 8.30"
+.SH NAME
+PCRE - Perl-compatible regular expressions
+.SH SYNOPSIS
+.rs
+.sp
+.B #include <pcre.h>
+.PP
+.nf
+.B int pcre_pattern_to_host_byte_order(pcre *\fIcode\fP,
+.B "     pcre_extra *\fIextra\fP, const unsigned char *\fItables\fP);"
+.sp
+.B int pcre16_pattern_to_host_byte_order(pcre16 *\fIcode\fP,
+.B "     pcre16_extra *\fIextra\fP, const unsigned char *\fItables\fP);"
+.sp
+.B int pcre32_pattern_to_host_byte_order(pcre32 *\fIcode\fP,
+.B "     pcre32_extra *\fIextra\fP, const unsigned char *\fItables\fP);"
+.fi
+.
+.SH DESCRIPTION
+.rs
+.sp
+This function ensures that the bytes in 2-byte and 4-byte values in a compiled
+pattern are in the correct order for the current host. It is useful when a
+pattern that has been compiled on one host is transferred to another that might
+have different endianness. The arguments are:
+.sp
+  \fIcode\fP         A compiled regular expression
+  \fIextra\fP        Points to an associated \fBpcre[16|32]_extra\fP structure,
+                 or is NULL
+  \fItables\fP       Pointer to character tables, or NULL to
+                 set the built-in default
+.sp
+The result is 0 for success, a negative PCRE_ERROR_xxx value otherwise.
+.P
+There is a complete description of the PCRE native API in the
+.\" HREF
+\fBpcreapi\fP
+.\"
+page and a description of the POSIX API in the
+.\" HREF
+\fBpcreposix\fP
+.\"
+page.
diff --git a/client/3rd/ShadowSocks/ShadowSocks/pcre/arm64/share/man/man3/pcre_refcount.3 b/client/3rd/ShadowSocks/ShadowSocks/pcre/arm64/share/man/man3/pcre_refcount.3
new file mode 100644
index 00000000..45a41fef
--- /dev/null
+++ b/client/3rd/ShadowSocks/ShadowSocks/pcre/arm64/share/man/man3/pcre_refcount.3
@@ -0,0 +1,36 @@
+.TH PCRE_REFCOUNT 3 "24 June 2012" "PCRE 8.30"
+.SH NAME
+PCRE - Perl-compatible regular expressions
+.SH SYNOPSIS
+.rs
+.sp
+.B #include <pcre.h>
+.PP
+.SM
+.B int pcre_refcount(pcre *\fIcode\fP, int \fIadjust\fP);
+.PP
+.B int pcre16_refcount(pcre16 *\fIcode\fP, int \fIadjust\fP);
+.PP
+.B int pcre32_refcount(pcre32 *\fIcode\fP, int \fIadjust\fP);
+.
+.SH DESCRIPTION
+.rs
+.sp
+This function is used to maintain a reference count inside a data block that
+contains a compiled pattern. Its arguments are:
+.sp
+  \fIcode\fP                      Compiled regular expression
+  \fIadjust\fP                    Adjustment to reference value
+.sp
+The yield of the function is the adjusted reference value, which is constrained
+to lie between 0 and 65535.
+.P
+There is a complete description of the PCRE native API in the
+.\" HREF
+\fBpcreapi\fP
+.\"
+page and a description of the POSIX API in the
+.\" HREF
+\fBpcreposix\fP
+.\"
+page.
diff --git a/client/3rd/ShadowSocks/ShadowSocks/pcre/arm64/share/man/man3/pcre_study.3 b/client/3rd/ShadowSocks/ShadowSocks/pcre/arm64/share/man/man3/pcre_study.3
new file mode 100644
index 00000000..1200e0a6
--- /dev/null
+++ b/client/3rd/ShadowSocks/ShadowSocks/pcre/arm64/share/man/man3/pcre_study.3
@@ -0,0 +1,54 @@
+.TH PCRE_STUDY 3 " 24 June 2012" "PCRE 8.30"
+.SH NAME
+PCRE - Perl-compatible regular expressions
+.SH SYNOPSIS
+.rs
+.sp
+.B #include <pcre.h>
+.PP
+.nf
+.B pcre_extra *pcre_study(const pcre *\fIcode\fP, int \fIoptions\fP,
+.B "     const char **\fIerrptr\fP);"
+.sp
+.B pcre16_extra *pcre16_study(const pcre16 *\fIcode\fP, int \fIoptions\fP,
+.B "     const char **\fIerrptr\fP);"
+.sp
+.B pcre32_extra *pcre32_study(const pcre32 *\fIcode\fP, int \fIoptions\fP,
+.B "     const char **\fIerrptr\fP);"
+.fi
+.
+.SH DESCRIPTION
+.rs
+.sp
+This function studies a compiled pattern, to see if additional information can
+be extracted that might speed up matching. Its arguments are:
+.sp
+  \fIcode\fP       A compiled regular expression
+  \fIoptions\fP    Options for \fBpcre[16|32]_study()\fP
+  \fIerrptr\fP     Where to put an error message
+.sp
+If the function succeeds, it returns a value that can be passed to
+\fBpcre[16|32]_exec()\fP or \fBpcre[16|32]_dfa_exec()\fP via their \fIextra\fP
+arguments.
+.P
+If the function returns NULL, either it could not find any additional
+information, or there was an error. You can tell the difference by looking at
+the error value. It is NULL in first case.
+.P
+The only option is PCRE_STUDY_JIT_COMPILE. It requests just-in-time compilation
+if possible. If PCRE has been compiled without JIT support, this option is
+ignored. See the
+.\" HREF
+\fBpcrejit\fP
+.\"
+page for further details.
+.P
+There is a complete description of the PCRE native API in the
+.\" HREF
+\fBpcreapi\fP
+.\"
+page and a description of the POSIX API in the
+.\" HREF
+\fBpcreposix\fP
+.\"
+page.
diff --git a/client/3rd/ShadowSocks/ShadowSocks/pcre/arm64/share/man/man3/pcre_utf16_to_host_byte_order.3 b/client/3rd/ShadowSocks/ShadowSocks/pcre/arm64/share/man/man3/pcre_utf16_to_host_byte_order.3
new file mode 100644
index 00000000..1851b619
--- /dev/null
+++ b/client/3rd/ShadowSocks/ShadowSocks/pcre/arm64/share/man/man3/pcre_utf16_to_host_byte_order.3
@@ -0,0 +1,45 @@
+.TH PCRE_UTF16_TO_HOST_BYTE_ORDER 3 "21 January 2012" "PCRE 8.30"
+.SH NAME
+PCRE - Perl-compatible regular expressions
+.SH SYNOPSIS
+.rs
+.sp
+.B #include <pcre.h>
+.PP
+.nf
+.B int pcre16_utf16_to_host_byte_order(PCRE_UCHAR16 *\fIoutput\fP,
+.B "     PCRE_SPTR16 \fIinput\fP, int \fIlength\fP, int *\fIhost_byte_order\fP,"
+.B "     int \fIkeep_boms\fP);"
+.fi
+.
+.
+.SH DESCRIPTION
+.rs
+.sp
+This function, which exists only in the 16-bit library, converts a UTF-16
+string to the correct order for the current host, taking account of any byte
+order marks (BOMs) within the string. Its arguments are:
+.sp
+  \fIoutput\fP           pointer to output buffer, may be the same as \fIinput\fP
+  \fIinput\fP            pointer to input buffer
+  \fIlength\fP           number of 16-bit units in the input, or negative for
+                     a zero-terminated string
+  \fIhost_byte_order\fP  a NULL value or a non-zero value pointed to means
+                     start in host byte order
+  \fIkeep_boms\fP        if non-zero, BOMs are copied to the output string
+.sp
+The result of the function is the number of 16-bit units placed into the output
+buffer, including the zero terminator if the string was zero-terminated.
+.P
+If \fIhost_byte_order\fP is not NULL, it is set to indicate the byte order that
+is current at the end of the string.
+.P
+There is a complete description of the PCRE native API in the
+.\" HREF
+\fBpcreapi\fP
+.\"
+page and a description of the POSIX API in the
+.\" HREF
+\fBpcreposix\fP
+.\"
+page.
diff --git a/client/3rd/ShadowSocks/ShadowSocks/pcre/arm64/share/man/man3/pcre_utf32_to_host_byte_order.3 b/client/3rd/ShadowSocks/ShadowSocks/pcre/arm64/share/man/man3/pcre_utf32_to_host_byte_order.3
new file mode 100644
index 00000000..a415dcf5
--- /dev/null
+++ b/client/3rd/ShadowSocks/ShadowSocks/pcre/arm64/share/man/man3/pcre_utf32_to_host_byte_order.3
@@ -0,0 +1,45 @@
+.TH PCRE_UTF32_TO_HOST_BYTE_ORDER 3 "24 June 2012" "PCRE 8.30"
+.SH NAME
+PCRE - Perl-compatible regular expressions
+.SH SYNOPSIS
+.rs
+.sp
+.B #include <pcre.h>
+.PP
+.nf
+.B int pcre32_utf32_to_host_byte_order(PCRE_UCHAR32 *\fIoutput\fP,
+.B "     PCRE_SPTR32 \fIinput\fP, int \fIlength\fP, int *\fIhost_byte_order\fP,"
+.B "     int \fIkeep_boms\fP);"
+.fi
+.
+.
+.SH DESCRIPTION
+.rs
+.sp
+This function, which exists only in the 32-bit library, converts a UTF-32
+string to the correct order for the current host, taking account of any byte
+order marks (BOMs) within the string. Its arguments are:
+.sp
+  \fIoutput\fP           pointer to output buffer, may be the same as \fIinput\fP
+  \fIinput\fP            pointer to input buffer
+  \fIlength\fP           number of 32-bit units in the input, or negative for
+                     a zero-terminated string
+  \fIhost_byte_order\fP  a NULL value or a non-zero value pointed to means
+                     start in host byte order
+  \fIkeep_boms\fP        if non-zero, BOMs are copied to the output string
+.sp
+The result of the function is the number of 32-bit units placed into the output
+buffer, including the zero terminator if the string was zero-terminated.
+.P
+If \fIhost_byte_order\fP is not NULL, it is set to indicate the byte order that
+is current at the end of the string.
+.P
+There is a complete description of the PCRE native API in the
+.\" HREF
+\fBpcreapi\fP
+.\"
+page and a description of the POSIX API in the
+.\" HREF
+\fBpcreposix\fP
+.\"
+page.
diff --git a/client/3rd/ShadowSocks/ShadowSocks/pcre/arm64/share/man/man3/pcre_version.3 b/client/3rd/ShadowSocks/ShadowSocks/pcre/arm64/share/man/man3/pcre_version.3
new file mode 100644
index 00000000..0f4973f9
--- /dev/null
+++ b/client/3rd/ShadowSocks/ShadowSocks/pcre/arm64/share/man/man3/pcre_version.3
@@ -0,0 +1,31 @@
+.TH PCRE_VERSION 3 "24 June 2012" "PCRE 8.30"
+.SH NAME
+PCRE - Perl-compatible regular expressions
+.SH SYNOPSIS
+.rs
+.sp
+.B #include <pcre.h>
+.PP
+.SM
+.B const char *pcre_version(void);
+.PP
+.B const char *pcre16_version(void);
+.PP
+.B const char *pcre32_version(void);
+.
+.SH DESCRIPTION
+.rs
+.sp
+This function (even in the 16-bit and 32-bit libraries) returns a
+zero-terminated, 8-bit character string that gives the version number of the
+PCRE library and the date of its release.
+.P
+There is a complete description of the PCRE native API in the
+.\" HREF
+\fBpcreapi\fP
+.\"
+page and a description of the POSIX API in the
+.\" HREF
+\fBpcreposix\fP
+.\"
+page.
diff --git a/client/3rd/ShadowSocks/ShadowSocks/pcre/arm64/share/man/man3/pcreapi.3 b/client/3rd/ShadowSocks/ShadowSocks/pcre/arm64/share/man/man3/pcreapi.3
new file mode 100644
index 00000000..6e7c7c6e
--- /dev/null
+++ b/client/3rd/ShadowSocks/ShadowSocks/pcre/arm64/share/man/man3/pcreapi.3
@@ -0,0 +1,2918 @@
+.TH PCREAPI 3 "18 December 2015" "PCRE 8.39"
+.SH NAME
+PCRE - Perl-compatible regular expressions
+.sp
+.B #include <pcre.h>
+.
+.
+.SH "PCRE NATIVE API BASIC FUNCTIONS"
+.rs
+.sp
+.nf
+.B pcre *pcre_compile(const char *\fIpattern\fP, int \fIoptions\fP,
+.B "     const char **\fIerrptr\fP, int *\fIerroffset\fP,"
+.B "     const unsigned char *\fItableptr\fP);"
+.sp
+.B pcre *pcre_compile2(const char *\fIpattern\fP, int \fIoptions\fP,
+.B "     int *\fIerrorcodeptr\fP,"
+.B "     const char **\fIerrptr\fP, int *\fIerroffset\fP,"
+.B "     const unsigned char *\fItableptr\fP);"
+.sp
+.B pcre_extra *pcre_study(const pcre *\fIcode\fP, int \fIoptions\fP,
+.B "     const char **\fIerrptr\fP);"
+.sp
+.B void pcre_free_study(pcre_extra *\fIextra\fP);
+.sp
+.B int pcre_exec(const pcre *\fIcode\fP, "const pcre_extra *\fIextra\fP,"
+.B "     const char *\fIsubject\fP, int \fIlength\fP, int \fIstartoffset\fP,"
+.B "     int \fIoptions\fP, int *\fIovector\fP, int \fIovecsize\fP);"
+.sp
+.B int pcre_dfa_exec(const pcre *\fIcode\fP, "const pcre_extra *\fIextra\fP,"
+.B "     const char *\fIsubject\fP, int \fIlength\fP, int \fIstartoffset\fP,"
+.B "     int \fIoptions\fP, int *\fIovector\fP, int \fIovecsize\fP,"
+.B "     int *\fIworkspace\fP, int \fIwscount\fP);"
+.fi
+.
+.
+.SH "PCRE NATIVE API STRING EXTRACTION FUNCTIONS"
+.rs
+.sp
+.nf
+.B int pcre_copy_named_substring(const pcre *\fIcode\fP,
+.B "     const char *\fIsubject\fP, int *\fIovector\fP,"
+.B "     int \fIstringcount\fP, const char *\fIstringname\fP,"
+.B "     char *\fIbuffer\fP, int \fIbuffersize\fP);"
+.sp
+.B int pcre_copy_substring(const char *\fIsubject\fP, int *\fIovector\fP,
+.B "     int \fIstringcount\fP, int \fIstringnumber\fP, char *\fIbuffer\fP,"
+.B "     int \fIbuffersize\fP);"
+.sp
+.B int pcre_get_named_substring(const pcre *\fIcode\fP,
+.B "     const char *\fIsubject\fP, int *\fIovector\fP,"
+.B "     int \fIstringcount\fP, const char *\fIstringname\fP,"
+.B "     const char **\fIstringptr\fP);"
+.sp
+.B int pcre_get_stringnumber(const pcre *\fIcode\fP,
+.B "     const char *\fIname\fP);"
+.sp
+.B int pcre_get_stringtable_entries(const pcre *\fIcode\fP,
+.B "     const char *\fIname\fP, char **\fIfirst\fP, char **\fIlast\fP);"
+.sp
+.B int pcre_get_substring(const char *\fIsubject\fP, int *\fIovector\fP,
+.B "     int \fIstringcount\fP, int \fIstringnumber\fP,"
+.B "     const char **\fIstringptr\fP);"
+.sp
+.B int pcre_get_substring_list(const char *\fIsubject\fP,
+.B "     int *\fIovector\fP, int \fIstringcount\fP, const char ***\fIlistptr\fP);"
+.sp
+.B void pcre_free_substring(const char *\fIstringptr\fP);
+.sp
+.B void pcre_free_substring_list(const char **\fIstringptr\fP);
+.fi
+.
+.
+.SH "PCRE NATIVE API AUXILIARY FUNCTIONS"
+.rs
+.sp
+.nf
+.B int pcre_jit_exec(const pcre *\fIcode\fP, "const pcre_extra *\fIextra\fP,"
+.B "     const char *\fIsubject\fP, int \fIlength\fP, int \fIstartoffset\fP,"
+.B "     int \fIoptions\fP, int *\fIovector\fP, int \fIovecsize\fP,"
+.B "     pcre_jit_stack *\fIjstack\fP);"
+.sp
+.B pcre_jit_stack *pcre_jit_stack_alloc(int \fIstartsize\fP, int \fImaxsize\fP);
+.sp
+.B void pcre_jit_stack_free(pcre_jit_stack *\fIstack\fP);
+.sp
+.B void pcre_assign_jit_stack(pcre_extra *\fIextra\fP,
+.B "     pcre_jit_callback \fIcallback\fP, void *\fIdata\fP);"
+.sp
+.B const unsigned char *pcre_maketables(void);
+.sp
+.B int pcre_fullinfo(const pcre *\fIcode\fP, "const pcre_extra *\fIextra\fP,"
+.B "     int \fIwhat\fP, void *\fIwhere\fP);"
+.sp
+.B int pcre_refcount(pcre *\fIcode\fP, int \fIadjust\fP);
+.sp
+.B int pcre_config(int \fIwhat\fP, void *\fIwhere\fP);
+.sp
+.B const char *pcre_version(void);
+.sp
+.B int pcre_pattern_to_host_byte_order(pcre *\fIcode\fP,
+.B "     pcre_extra *\fIextra\fP, const unsigned char *\fItables\fP);"
+.fi
+.
+.
+.SH "PCRE NATIVE API INDIRECTED FUNCTIONS"
+.rs
+.sp
+.nf
+.B void *(*pcre_malloc)(size_t);
+.sp
+.B void (*pcre_free)(void *);
+.sp
+.B void *(*pcre_stack_malloc)(size_t);
+.sp
+.B void (*pcre_stack_free)(void *);
+.sp
+.B int (*pcre_callout)(pcre_callout_block *);
+.sp
+.B int (*pcre_stack_guard)(void);
+.fi
+.
+.
+.SH "PCRE 8-BIT, 16-BIT, AND 32-BIT LIBRARIES"
+.rs
+.sp
+As well as support for 8-bit character strings, PCRE also supports 16-bit
+strings (from release 8.30) and 32-bit strings (from release 8.32), by means of
+two additional libraries. They can be built as well as, or instead of, the
+8-bit library. To avoid too much complication, this document describes the
+8-bit versions of the functions, with only occasional references to the 16-bit
+and 32-bit libraries.
+.P
+The 16-bit and 32-bit functions operate in the same way as their 8-bit
+counterparts; they just use different data types for their arguments and
+results, and their names start with \fBpcre16_\fP or \fBpcre32_\fP instead of
+\fBpcre_\fP. For every option that has UTF8 in its name (for example,
+PCRE_UTF8), there are corresponding 16-bit and 32-bit names with UTF8 replaced
+by UTF16 or UTF32, respectively. This facility is in fact just cosmetic; the
+16-bit and 32-bit option names define the same bit values.
+.P
+References to bytes and UTF-8 in this document should be read as references to
+16-bit data units and UTF-16 when using the 16-bit library, or 32-bit data
+units and UTF-32 when using the 32-bit library, unless specified otherwise.
+More details of the specific differences for the 16-bit and 32-bit libraries
+are given in the
+.\" HREF
+\fBpcre16\fP
+.\"
+and
+.\" HREF
+\fBpcre32\fP
+.\"
+pages.
+.
+.
+.SH "PCRE API OVERVIEW"
+.rs
+.sp
+PCRE has its own native API, which is described in this document. There are
+also some wrapper functions (for the 8-bit library only) that correspond to the
+POSIX regular expression API, but they do not give access to all the
+functionality. They are described in the
+.\" HREF
+\fBpcreposix\fP
+.\"
+documentation. Both of these APIs define a set of C function calls. A C++
+wrapper (again for the 8-bit library only) is also distributed with PCRE. It is
+documented in the
+.\" HREF
+\fBpcrecpp\fP
+.\"
+page.
+.P
+The native API C function prototypes are defined in the header file
+\fBpcre.h\fP, and on Unix-like systems the (8-bit) library itself is called
+\fBlibpcre\fP. It can normally be accessed by adding \fB-lpcre\fP to the
+command for linking an application that uses PCRE. The header file defines the
+macros PCRE_MAJOR and PCRE_MINOR to contain the major and minor release numbers
+for the library. Applications can use these to include support for different
+releases of PCRE.
+.P
+In a Windows environment, if you want to statically link an application program
+against a non-dll \fBpcre.a\fP file, you must define PCRE_STATIC before
+including \fBpcre.h\fP or \fBpcrecpp.h\fP, because otherwise the
+\fBpcre_malloc()\fP and \fBpcre_free()\fP exported functions will be declared
+\fB__declspec(dllimport)\fP, with unwanted results.
+.P
+The functions \fBpcre_compile()\fP, \fBpcre_compile2()\fP, \fBpcre_study()\fP,
+and \fBpcre_exec()\fP are used for compiling and matching regular expressions
+in a Perl-compatible manner. A sample program that demonstrates the simplest
+way of using them is provided in the file called \fIpcredemo.c\fP in the PCRE
+source distribution. A listing of this program is given in the
+.\" HREF
+\fBpcredemo\fP
+.\"
+documentation, and the
+.\" HREF
+\fBpcresample\fP
+.\"
+documentation describes how to compile and run it.
+.P
+Just-in-time compiler support is an optional feature of PCRE that can be built
+in appropriate hardware environments. It greatly speeds up the matching
+performance of many patterns. Simple programs can easily request that it be
+used if available, by setting an option that is ignored when it is not
+relevant. More complicated programs might need to make use of the functions
+\fBpcre_jit_stack_alloc()\fP, \fBpcre_jit_stack_free()\fP, and
+\fBpcre_assign_jit_stack()\fP in order to control the JIT code's memory usage.
+.P
+From release 8.32 there is also a direct interface for JIT execution, which
+gives improved performance. The JIT-specific functions are discussed in the
+.\" HREF
+\fBpcrejit\fP
+.\"
+documentation.
+.P
+A second matching function, \fBpcre_dfa_exec()\fP, which is not
+Perl-compatible, is also provided. This uses a different algorithm for the
+matching. The alternative algorithm finds all possible matches (at a given
+point in the subject), and scans the subject just once (unless there are
+lookbehind assertions). However, this algorithm does not return captured
+substrings. A description of the two matching algorithms and their advantages
+and disadvantages is given in the
+.\" HREF
+\fBpcrematching\fP
+.\"
+documentation.
+.P
+In addition to the main compiling and matching functions, there are convenience
+functions for extracting captured substrings from a subject string that is
+matched by \fBpcre_exec()\fP. They are:
+.sp
+  \fBpcre_copy_substring()\fP
+  \fBpcre_copy_named_substring()\fP
+  \fBpcre_get_substring()\fP
+  \fBpcre_get_named_substring()\fP
+  \fBpcre_get_substring_list()\fP
+  \fBpcre_get_stringnumber()\fP
+  \fBpcre_get_stringtable_entries()\fP
+.sp
+\fBpcre_free_substring()\fP and \fBpcre_free_substring_list()\fP are also
+provided, to free the memory used for extracted strings.
+.P
+The function \fBpcre_maketables()\fP is used to build a set of character tables
+in the current locale for passing to \fBpcre_compile()\fP, \fBpcre_exec()\fP,
+or \fBpcre_dfa_exec()\fP. This is an optional facility that is provided for
+specialist use. Most commonly, no special tables are passed, in which case
+internal tables that are generated when PCRE is built are used.
+.P
+The function \fBpcre_fullinfo()\fP is used to find out information about a
+compiled pattern. The function \fBpcre_version()\fP returns a pointer to a
+string containing the version of PCRE and its date of release.
+.P
+The function \fBpcre_refcount()\fP maintains a reference count in a data block
+containing a compiled pattern. This is provided for the benefit of
+object-oriented applications.
+.P
+The global variables \fBpcre_malloc\fP and \fBpcre_free\fP initially contain
+the entry points of the standard \fBmalloc()\fP and \fBfree()\fP functions,
+respectively. PCRE calls the memory management functions via these variables,
+so a calling program can replace them if it wishes to intercept the calls. This
+should be done before calling any PCRE functions.
+.P
+The global variables \fBpcre_stack_malloc\fP and \fBpcre_stack_free\fP are also
+indirections to memory management functions. These special functions are used
+only when PCRE is compiled to use the heap for remembering data, instead of
+recursive function calls, when running the \fBpcre_exec()\fP function. See the
+.\" HREF
+\fBpcrebuild\fP
+.\"
+documentation for details of how to do this. It is a non-standard way of
+building PCRE, for use in environments that have limited stacks. Because of the
+greater use of memory management, it runs more slowly. Separate functions are
+provided so that special-purpose external code can be used for this case. When
+used, these functions always allocate memory blocks of the same size. There is
+a discussion about PCRE's stack usage in the
+.\" HREF
+\fBpcrestack\fP
+.\"
+documentation.
+.P
+The global variable \fBpcre_callout\fP initially contains NULL. It can be set
+by the caller to a "callout" function, which PCRE will then call at specified
+points during a matching operation. Details are given in the
+.\" HREF
+\fBpcrecallout\fP
+.\"
+documentation.
+.P
+The global variable \fBpcre_stack_guard\fP initially contains NULL. It can be
+set by the caller to a function that is called by PCRE whenever it starts
+to compile a parenthesized part of a pattern. When parentheses are nested, PCRE
+uses recursive function calls, which use up the system stack. This function is
+provided so that applications with restricted stacks can force a compilation
+error if the stack runs out. The function should return zero if all is well, or
+non-zero to force an error.
+.
+.
+.\" HTML <a name="newlines"></a>
+.SH NEWLINES
+.rs
+.sp
+PCRE supports five different conventions for indicating line breaks in
+strings: a single CR (carriage return) character, a single LF (linefeed)
+character, the two-character sequence CRLF, any of the three preceding, or any
+Unicode newline sequence. The Unicode newline sequences are the three just
+mentioned, plus the single characters VT (vertical tab, U+000B), FF (form feed,
+U+000C), NEL (next line, U+0085), LS (line separator, U+2028), and PS
+(paragraph separator, U+2029).
+.P
+Each of the first three conventions is used by at least one operating system as
+its standard newline sequence. When PCRE is built, a default can be specified.
+The default default is LF, which is the Unix standard. When PCRE is run, the
+default can be overridden, either when a pattern is compiled, or when it is
+matched.
+.P
+At compile time, the newline convention can be specified by the \fIoptions\fP
+argument of \fBpcre_compile()\fP, or it can be specified by special text at the
+start of the pattern itself; this overrides any other settings. See the
+.\" HREF
+\fBpcrepattern\fP
+.\"
+page for details of the special character sequences.
+.P
+In the PCRE documentation the word "newline" is used to mean "the character or
+pair of characters that indicate a line break". The choice of newline
+convention affects the handling of the dot, circumflex, and dollar
+metacharacters, the handling of #-comments in /x mode, and, when CRLF is a
+recognized line ending sequence, the match position advancement for a
+non-anchored pattern. There is more detail about this in the
+.\" HTML <a href="#execoptions">
+.\" </a>
+section on \fBpcre_exec()\fP options
+.\"
+below.
+.P
+The choice of newline convention does not affect the interpretation of
+the \en or \er escape sequences, nor does it affect what \eR matches, which is
+controlled in a similar way, but by separate options.
+.
+.
+.SH MULTITHREADING
+.rs
+.sp
+The PCRE functions can be used in multi-threading applications, with the
+proviso that the memory management functions pointed to by \fBpcre_malloc\fP,
+\fBpcre_free\fP, \fBpcre_stack_malloc\fP, and \fBpcre_stack_free\fP, and the
+callout and stack-checking functions pointed to by \fBpcre_callout\fP and
+\fBpcre_stack_guard\fP, are shared by all threads.
+.P
+The compiled form of a regular expression is not altered during matching, so
+the same compiled pattern can safely be used by several threads at once.
+.P
+If the just-in-time optimization feature is being used, it needs separate
+memory stack areas for each thread. See the
+.\" HREF
+\fBpcrejit\fP
+.\"
+documentation for more details.
+.
+.
+.SH "SAVING PRECOMPILED PATTERNS FOR LATER USE"
+.rs
+.sp
+The compiled form of a regular expression can be saved and re-used at a later
+time, possibly by a different program, and even on a host other than the one on
+which it was compiled. Details are given in the
+.\" HREF
+\fBpcreprecompile\fP
+.\"
+documentation, which includes a description of the
+\fBpcre_pattern_to_host_byte_order()\fP function. However, compiling a regular
+expression with one version of PCRE for use with a different version is not
+guaranteed to work and may cause crashes.
+.
+.
+.SH "CHECKING BUILD-TIME OPTIONS"
+.rs
+.sp
+.B int pcre_config(int \fIwhat\fP, void *\fIwhere\fP);
+.PP
+The function \fBpcre_config()\fP makes it possible for a PCRE client to
+discover which optional features have been compiled into the PCRE library. The
+.\" HREF
+\fBpcrebuild\fP
+.\"
+documentation has more details about these optional features.
+.P
+The first argument for \fBpcre_config()\fP is an integer, specifying which
+information is required; the second argument is a pointer to a variable into
+which the information is placed. The returned value is zero on success, or the
+negative error code PCRE_ERROR_BADOPTION if the value in the first argument is
+not recognized. The following information is available:
+.sp
+  PCRE_CONFIG_UTF8
+.sp
+The output is an integer that is set to one if UTF-8 support is available;
+otherwise it is set to zero. This value should normally be given to the 8-bit
+version of this function, \fBpcre_config()\fP. If it is given to the 16-bit
+or 32-bit version of this function, the result is PCRE_ERROR_BADOPTION.
+.sp
+  PCRE_CONFIG_UTF16
+.sp
+The output is an integer that is set to one if UTF-16 support is available;
+otherwise it is set to zero. This value should normally be given to the 16-bit
+version of this function, \fBpcre16_config()\fP. If it is given to the 8-bit
+or 32-bit version of this function, the result is PCRE_ERROR_BADOPTION.
+.sp
+  PCRE_CONFIG_UTF32
+.sp
+The output is an integer that is set to one if UTF-32 support is available;
+otherwise it is set to zero. This value should normally be given to the 32-bit
+version of this function, \fBpcre32_config()\fP. If it is given to the 8-bit
+or 16-bit version of this function, the result is PCRE_ERROR_BADOPTION.
+.sp
+  PCRE_CONFIG_UNICODE_PROPERTIES
+.sp
+The output is an integer that is set to one if support for Unicode character
+properties is available; otherwise it is set to zero.
+.sp
+  PCRE_CONFIG_JIT
+.sp
+The output is an integer that is set to one if support for just-in-time
+compiling is available; otherwise it is set to zero.
+.sp
+  PCRE_CONFIG_JITTARGET
+.sp
+The output is a pointer to a zero-terminated "const char *" string. If JIT
+support is available, the string contains the name of the architecture for
+which the JIT compiler is configured, for example "x86 32bit (little endian +
+unaligned)". If JIT support is not available, the result is NULL.
+.sp
+  PCRE_CONFIG_NEWLINE
+.sp
+The output is an integer whose value specifies the default character sequence
+that is recognized as meaning "newline". The values that are supported in
+ASCII/Unicode environments are: 10 for LF, 13 for CR, 3338 for CRLF, -2 for
+ANYCRLF, and -1 for ANY. In EBCDIC environments, CR, ANYCRLF, and ANY yield the
+same values. However, the value for LF is normally 21, though some EBCDIC
+environments use 37. The corresponding values for CRLF are 3349 and 3365. The
+default should normally correspond to the standard sequence for your operating
+system.
+.sp
+  PCRE_CONFIG_BSR
+.sp
+The output is an integer whose value indicates what character sequences the \eR
+escape sequence matches by default. A value of 0 means that \eR matches any
+Unicode line ending sequence; a value of 1 means that \eR matches only CR, LF,
+or CRLF. The default can be overridden when a pattern is compiled or matched.
+.sp
+  PCRE_CONFIG_LINK_SIZE
+.sp
+The output is an integer that contains the number of bytes used for internal
+linkage in compiled regular expressions. For the 8-bit library, the value can
+be 2, 3, or 4. For the 16-bit library, the value is either 2 or 4 and is still
+a number of bytes. For the 32-bit library, the value is either 2 or 4 and is
+still a number of bytes. The default value of 2 is sufficient for all but the
+most massive patterns, since it allows the compiled pattern to be up to 64K in
+size. Larger values allow larger regular expressions to be compiled, at the
+expense of slower matching.
+.sp
+  PCRE_CONFIG_POSIX_MALLOC_THRESHOLD
+.sp
+The output is an integer that contains the threshold above which the POSIX
+interface uses \fBmalloc()\fP for output vectors. Further details are given in
+the
+.\" HREF
+\fBpcreposix\fP
+.\"
+documentation.
+.sp
+  PCRE_CONFIG_PARENS_LIMIT
+.sp
+The output is a long integer that gives the maximum depth of nesting of
+parentheses (of any kind) in a pattern. This limit is imposed to cap the amount
+of system stack used when a pattern is compiled. It is specified when PCRE is
+built; the default is 250. This limit does not take into account the stack that
+may already be used by the calling application. For finer control over
+compilation stack usage, you can set a pointer to an external checking function
+in \fBpcre_stack_guard\fP.
+.sp
+  PCRE_CONFIG_MATCH_LIMIT
+.sp
+The output is a long integer that gives the default limit for the number of
+internal matching function calls in a \fBpcre_exec()\fP execution. Further
+details are given with \fBpcre_exec()\fP below.
+.sp
+  PCRE_CONFIG_MATCH_LIMIT_RECURSION
+.sp
+The output is a long integer that gives the default limit for the depth of
+recursion when calling the internal matching function in a \fBpcre_exec()\fP
+execution. Further details are given with \fBpcre_exec()\fP below.
+.sp
+  PCRE_CONFIG_STACKRECURSE
+.sp
+The output is an integer that is set to one if internal recursion when running
+\fBpcre_exec()\fP is implemented by recursive function calls that use the stack
+to remember their state. This is the usual way that PCRE is compiled. The
+output is zero if PCRE was compiled to use blocks of data on the heap instead
+of recursive function calls. In this case, \fBpcre_stack_malloc\fP and
+\fBpcre_stack_free\fP are called to manage memory blocks on the heap, thus
+avoiding the use of the stack.
+.
+.
+.SH "COMPILING A PATTERN"
+.rs
+.sp
+.nf
+.B pcre *pcre_compile(const char *\fIpattern\fP, int \fIoptions\fP,
+.B "     const char **\fIerrptr\fP, int *\fIerroffset\fP,"
+.B "     const unsigned char *\fItableptr\fP);"
+.sp
+.B pcre *pcre_compile2(const char *\fIpattern\fP, int \fIoptions\fP,
+.B "     int *\fIerrorcodeptr\fP,"
+.B "     const char **\fIerrptr\fP, int *\fIerroffset\fP,"
+.B "     const unsigned char *\fItableptr\fP);"
+.fi
+.P
+Either of the functions \fBpcre_compile()\fP or \fBpcre_compile2()\fP can be
+called to compile a pattern into an internal form. The only difference between
+the two interfaces is that \fBpcre_compile2()\fP has an additional argument,
+\fIerrorcodeptr\fP, via which a numerical error code can be returned. To avoid
+too much repetition, we refer just to \fBpcre_compile()\fP below, but the
+information applies equally to \fBpcre_compile2()\fP.
+.P
+The pattern is a C string terminated by a binary zero, and is passed in the
+\fIpattern\fP argument. A pointer to a single block of memory that is obtained
+via \fBpcre_malloc\fP is returned. This contains the compiled code and related
+data. The \fBpcre\fP type is defined for the returned block; this is a typedef
+for a structure whose contents are not externally defined. It is up to the
+caller to free the memory (via \fBpcre_free\fP) when it is no longer required.
+.P
+Although the compiled code of a PCRE regex is relocatable, that is, it does not
+depend on memory location, the complete \fBpcre\fP data block is not
+fully relocatable, because it may contain a copy of the \fItableptr\fP
+argument, which is an address (see below).
+.P
+The \fIoptions\fP argument contains various bit settings that affect the
+compilation. It should be zero if no options are required. The available
+options are described below. Some of them (in particular, those that are
+compatible with Perl, but some others as well) can also be set and unset from
+within the pattern (see the detailed description in the
+.\" HREF
+\fBpcrepattern\fP
+.\"
+documentation). For those options that can be different in different parts of
+the pattern, the contents of the \fIoptions\fP argument specifies their
+settings at the start of compilation and execution. The PCRE_ANCHORED,
+PCRE_BSR_\fIxxx\fP, PCRE_NEWLINE_\fIxxx\fP, PCRE_NO_UTF8_CHECK, and
+PCRE_NO_START_OPTIMIZE options can be set at the time of matching as well as at
+compile time.
+.P
+If \fIerrptr\fP is NULL, \fBpcre_compile()\fP returns NULL immediately.
+Otherwise, if compilation of a pattern fails, \fBpcre_compile()\fP returns
+NULL, and sets the variable pointed to by \fIerrptr\fP to point to a textual
+error message. This is a static string that is part of the library. You must
+not try to free it. Normally, the offset from the start of the pattern to the
+data unit that was being processed when the error was discovered is placed in
+the variable pointed to by \fIerroffset\fP, which must not be NULL (if it is,
+an immediate error is given). However, for an invalid UTF-8 or UTF-16 string,
+the offset is that of the first data unit of the failing character.
+.P
+Some errors are not detected until the whole pattern has been scanned; in these
+cases, the offset passed back is the length of the pattern. Note that the
+offset is in data units, not characters, even in a UTF mode. It may sometimes
+point into the middle of a UTF-8 or UTF-16 character.
+.P
+If \fBpcre_compile2()\fP is used instead of \fBpcre_compile()\fP, and the
+\fIerrorcodeptr\fP argument is not NULL, a non-zero error code number is
+returned via this argument in the event of an error. This is in addition to the
+textual error message. Error codes and messages are listed below.
+.P
+If the final argument, \fItableptr\fP, is NULL, PCRE uses a default set of
+character tables that are built when PCRE is compiled, using the default C
+locale. Otherwise, \fItableptr\fP must be an address that is the result of a
+call to \fBpcre_maketables()\fP. This value is stored with the compiled
+pattern, and used again by \fBpcre_exec()\fP and \fBpcre_dfa_exec()\fP when the
+pattern is matched. For more discussion, see the section on locale support
+below.
+.P
+This code fragment shows a typical straightforward call to \fBpcre_compile()\fP:
+.sp
+  pcre *re;
+  const char *error;
+  int erroffset;
+  re = pcre_compile(
+    "^A.*Z",          /* the pattern */
+    0,                /* default options */
+    &error,           /* for error message */
+    &erroffset,       /* for error offset */
+    NULL);            /* use default character tables */
+.sp
+The following names for option bits are defined in the \fBpcre.h\fP header
+file:
+.sp
+  PCRE_ANCHORED
+.sp
+If this bit is set, the pattern is forced to be "anchored", that is, it is
+constrained to match only at the first matching point in the string that is
+being searched (the "subject string"). This effect can also be achieved by
+appropriate constructs in the pattern itself, which is the only way to do it in
+Perl.
+.sp
+  PCRE_AUTO_CALLOUT
+.sp
+If this bit is set, \fBpcre_compile()\fP automatically inserts callout items,
+all with number 255, before each pattern item. For discussion of the callout
+facility, see the
+.\" HREF
+\fBpcrecallout\fP
+.\"
+documentation.
+.sp
+  PCRE_BSR_ANYCRLF
+  PCRE_BSR_UNICODE
+.sp
+These options (which are mutually exclusive) control what the \eR escape
+sequence matches. The choice is either to match only CR, LF, or CRLF, or to
+match any Unicode newline sequence. The default is specified when PCRE is
+built. It can be overridden from within the pattern, or by setting an option
+when a compiled pattern is matched.
+.sp
+  PCRE_CASELESS
+.sp
+If this bit is set, letters in the pattern match both upper and lower case
+letters. It is equivalent to Perl's /i option, and it can be changed within a
+pattern by a (?i) option setting. In UTF-8 mode, PCRE always understands the
+concept of case for characters whose values are less than 128, so caseless
+matching is always possible. For characters with higher values, the concept of
+case is supported if PCRE is compiled with Unicode property support, but not
+otherwise. If you want to use caseless matching for characters 128 and above,
+you must ensure that PCRE is compiled with Unicode property support as well as
+with UTF-8 support.
+.sp
+  PCRE_DOLLAR_ENDONLY
+.sp
+If this bit is set, a dollar metacharacter in the pattern matches only at the
+end of the subject string. Without this option, a dollar also matches
+immediately before a newline at the end of the string (but not before any other
+newlines). The PCRE_DOLLAR_ENDONLY option is ignored if PCRE_MULTILINE is set.
+There is no equivalent to this option in Perl, and no way to set it within a
+pattern.
+.sp
+  PCRE_DOTALL
+.sp
+If this bit is set, a dot metacharacter in the pattern matches a character of
+any value, including one that indicates a newline. However, it only ever
+matches one character, even if newlines are coded as CRLF. Without this option,
+a dot does not match when the current position is at a newline. This option is
+equivalent to Perl's /s option, and it can be changed within a pattern by a
+(?s) option setting. A negative class such as [^a] always matches newline
+characters, independent of the setting of this option.
+.sp
+  PCRE_DUPNAMES
+.sp
+If this bit is set, names used to identify capturing subpatterns need not be
+unique. This can be helpful for certain types of pattern when it is known that
+only one instance of the named subpattern can ever be matched. There are more
+details of named subpatterns below; see also the
+.\" HREF
+\fBpcrepattern\fP
+.\"
+documentation.
+.sp
+  PCRE_EXTENDED
+.sp
+If this bit is set, most white space characters in the pattern are totally
+ignored except when escaped or inside a character class. However, white space
+is not allowed within sequences such as (?> that introduce various
+parenthesized subpatterns, nor within a numerical quantifier such as {1,3}.
+However, ignorable white space is permitted between an item and a following
+quantifier and between a quantifier and a following + that indicates
+possessiveness.
+.P
+White space did not used to include the VT character (code 11), because Perl
+did not treat this character as white space. However, Perl changed at release
+5.18, so PCRE followed at release 8.34, and VT is now treated as white space.
+.P
+PCRE_EXTENDED also causes characters between an unescaped # outside a character
+class and the next newline, inclusive, to be ignored. PCRE_EXTENDED is
+equivalent to Perl's /x option, and it can be changed within a pattern by a
+(?x) option setting.
+.P
+Which characters are interpreted as newlines is controlled by the options
+passed to \fBpcre_compile()\fP or by a special sequence at the start of the
+pattern, as described in the section entitled
+.\" HTML <a href="pcrepattern.html#newlines">
+.\" </a>
+"Newline conventions"
+.\"
+in the \fBpcrepattern\fP documentation. Note that the end of this type of
+comment is a literal newline sequence in the pattern; escape sequences that
+happen to represent a newline do not count.
+.P
+This option makes it possible to include comments inside complicated patterns.
+Note, however, that this applies only to data characters. White space characters
+may never appear within special character sequences in a pattern, for example
+within the sequence (?( that introduces a conditional subpattern.
+.sp
+  PCRE_EXTRA
+.sp
+This option was invented in order to turn on additional functionality of PCRE
+that is incompatible with Perl, but it is currently of very little use. When
+set, any backslash in a pattern that is followed by a letter that has no
+special meaning causes an error, thus reserving these combinations for future
+expansion. By default, as in Perl, a backslash followed by a letter with no
+special meaning is treated as a literal. (Perl can, however, be persuaded to
+give an error for this, by running it with the -w option.) There are at present
+no other features controlled by this option. It can also be set by a (?X)
+option setting within a pattern.
+.sp
+  PCRE_FIRSTLINE
+.sp
+If this option is set, an unanchored pattern is required to match before or at
+the first newline in the subject string, though the matched text may continue
+over the newline.
+.sp
+  PCRE_JAVASCRIPT_COMPAT
+.sp
+If this option is set, PCRE's behaviour is changed in some ways so that it is
+compatible with JavaScript rather than Perl. The changes are as follows:
+.P
+(1) A lone closing square bracket in a pattern causes a compile-time error,
+because this is illegal in JavaScript (by default it is treated as a data
+character). Thus, the pattern AB]CD becomes illegal when this option is set.
+.P
+(2) At run time, a back reference to an unset subpattern group matches an empty
+string (by default this causes the current matching alternative to fail). A
+pattern such as (\e1)(a) succeeds when this option is set (assuming it can find
+an "a" in the subject), whereas it fails by default, for Perl compatibility.
+.P
+(3) \eU matches an upper case "U" character; by default \eU causes a compile
+time error (Perl uses \eU to upper case subsequent characters).
+.P
+(4) \eu matches a lower case "u" character unless it is followed by four
+hexadecimal digits, in which case the hexadecimal number defines the code point
+to match. By default, \eu causes a compile time error (Perl uses it to upper
+case the following character).
+.P
+(5) \ex matches a lower case "x" character unless it is followed by two
+hexadecimal digits, in which case the hexadecimal number defines the code point
+to match. By default, as in Perl, a hexadecimal number is always expected after
+\ex, but it may have zero, one, or two digits (so, for example, \exz matches a
+binary zero character followed by z).
+.sp
+  PCRE_MULTILINE
+.sp
+By default, for the purposes of matching "start of line" and "end of line",
+PCRE treats the subject string as consisting of a single line of characters,
+even if it actually contains newlines. The "start of line" metacharacter (^)
+matches only at the start of the string, and the "end of line" metacharacter
+($) matches only at the end of the string, or before a terminating newline
+(except when PCRE_DOLLAR_ENDONLY is set). Note, however, that unless
+PCRE_DOTALL is set, the "any character" metacharacter (.) does not match at a
+newline. This behaviour (for ^, $, and dot) is the same as Perl.
+.P
+When PCRE_MULTILINE it is set, the "start of line" and "end of line" constructs
+match immediately following or immediately before internal newlines in the
+subject string, respectively, as well as at the very start and end. This is
+equivalent to Perl's /m option, and it can be changed within a pattern by a
+(?m) option setting. If there are no newlines in a subject string, or no
+occurrences of ^ or $ in a pattern, setting PCRE_MULTILINE has no effect.
+.sp
+  PCRE_NEVER_UTF
+.sp
+This option locks out interpretation of the pattern as UTF-8 (or UTF-16 or
+UTF-32 in the 16-bit and 32-bit libraries). In particular, it prevents the
+creator of the pattern from switching to UTF interpretation by starting the
+pattern with (*UTF). This may be useful in applications that process patterns
+from external sources. The combination of PCRE_UTF8 and PCRE_NEVER_UTF also
+causes an error.
+.sp
+  PCRE_NEWLINE_CR
+  PCRE_NEWLINE_LF
+  PCRE_NEWLINE_CRLF
+  PCRE_NEWLINE_ANYCRLF
+  PCRE_NEWLINE_ANY
+.sp
+These options override the default newline definition that was chosen when PCRE
+was built. Setting the first or the second specifies that a newline is
+indicated by a single character (CR or LF, respectively). Setting
+PCRE_NEWLINE_CRLF specifies that a newline is indicated by the two-character
+CRLF sequence. Setting PCRE_NEWLINE_ANYCRLF specifies that any of the three
+preceding sequences should be recognized. Setting PCRE_NEWLINE_ANY specifies
+that any Unicode newline sequence should be recognized.
+.P
+In an ASCII/Unicode environment, the Unicode newline sequences are the three
+just mentioned, plus the single characters VT (vertical tab, U+000B), FF (form
+feed, U+000C), NEL (next line, U+0085), LS (line separator, U+2028), and PS
+(paragraph separator, U+2029). For the 8-bit library, the last two are
+recognized only in UTF-8 mode.
+.P
+When PCRE is compiled to run in an EBCDIC (mainframe) environment, the code for
+CR is 0x0d, the same as ASCII. However, the character code for LF is normally
+0x15, though in some EBCDIC environments 0x25 is used. Whichever of these is
+not LF is made to correspond to Unicode's NEL character. EBCDIC codes are all
+less than 256. For more details, see the
+.\" HREF
+\fBpcrebuild\fP
+.\"
+documentation.
+.P
+The newline setting in the options word uses three bits that are treated
+as a number, giving eight possibilities. Currently only six are used (default
+plus the five values above). This means that if you set more than one newline
+option, the combination may or may not be sensible. For example,
+PCRE_NEWLINE_CR with PCRE_NEWLINE_LF is equivalent to PCRE_NEWLINE_CRLF, but
+other combinations may yield unused numbers and cause an error.
+.P
+The only time that a line break in a pattern is specially recognized when
+compiling is when PCRE_EXTENDED is set. CR and LF are white space characters,
+and so are ignored in this mode. Also, an unescaped # outside a character class
+indicates a comment that lasts until after the next line break sequence. In
+other circumstances, line break sequences in patterns are treated as literal
+data.
+.P
+The newline option that is set at compile time becomes the default that is used
+for \fBpcre_exec()\fP and \fBpcre_dfa_exec()\fP, but it can be overridden.
+.sp
+  PCRE_NO_AUTO_CAPTURE
+.sp
+If this option is set, it disables the use of numbered capturing parentheses in
+the pattern. Any opening parenthesis that is not followed by ? behaves as if it
+were followed by ?: but named parentheses can still be used for capturing (and
+they acquire numbers in the usual way). There is no equivalent of this option
+in Perl.
+.sp
+  PCRE_NO_AUTO_POSSESS
+.sp
+If this option is set, it disables "auto-possessification". This is an
+optimization that, for example, turns a+b into a++b in order to avoid
+backtracks into a+ that can never be successful. However, if callouts are in
+use, auto-possessification means that some of them are never taken. You can set
+this option if you want the matching functions to do a full unoptimized search
+and run all the callouts, but it is mainly provided for testing purposes.
+.sp
+  PCRE_NO_START_OPTIMIZE
+.sp
+This is an option that acts at matching time; that is, it is really an option
+for \fBpcre_exec()\fP or \fBpcre_dfa_exec()\fP. If it is set at compile time,
+it is remembered with the compiled pattern and assumed at matching time. This
+is necessary if you want to use JIT execution, because the JIT compiler needs
+to know whether or not this option is set. For details see the discussion of
+PCRE_NO_START_OPTIMIZE
+.\" HTML <a href="#execoptions">
+.\" </a>
+below.
+.\"
+.sp
+  PCRE_UCP
+.sp
+This option changes the way PCRE processes \eB, \eb, \eD, \ed, \eS, \es, \eW,
+\ew, and some of the POSIX character classes. By default, only ASCII characters
+are recognized, but if PCRE_UCP is set, Unicode properties are used instead to
+classify characters. More details are given in the section on
+.\" HTML <a href="pcre.html#genericchartypes">
+.\" </a>
+generic character types
+.\"
+in the
+.\" HREF
+\fBpcrepattern\fP
+.\"
+page. If you set PCRE_UCP, matching one of the items it affects takes much
+longer. The option is available only if PCRE has been compiled with Unicode
+property support.
+.sp
+  PCRE_UNGREEDY
+.sp
+This option inverts the "greediness" of the quantifiers so that they are not
+greedy by default, but become greedy if followed by "?". It is not compatible
+with Perl. It can also be set by a (?U) option setting within the pattern.
+.sp
+  PCRE_UTF8
+.sp
+This option causes PCRE to regard both the pattern and the subject as strings
+of UTF-8 characters instead of single-byte strings. However, it is available
+only when PCRE is built to include UTF support. If not, the use of this option
+provokes an error. Details of how this option changes the behaviour of PCRE are
+given in the
+.\" HREF
+\fBpcreunicode\fP
+.\"
+page.
+.sp
+  PCRE_NO_UTF8_CHECK
+.sp
+When PCRE_UTF8 is set, the validity of the pattern as a UTF-8 string is
+automatically checked. There is a discussion about the
+.\" HTML <a href="pcreunicode.html#utf8strings">
+.\" </a>
+validity of UTF-8 strings
+.\"
+in the
+.\" HREF
+\fBpcreunicode\fP
+.\"
+page. If an invalid UTF-8 sequence is found, \fBpcre_compile()\fP returns an
+error. If you already know that your pattern is valid, and you want to skip
+this check for performance reasons, you can set the PCRE_NO_UTF8_CHECK option.
+When it is set, the effect of passing an invalid UTF-8 string as a pattern is
+undefined. It may cause your program to crash or loop. Note that this option
+can also be passed to \fBpcre_exec()\fP and \fBpcre_dfa_exec()\fP, to suppress
+the validity checking of subject strings only. If the same string is being
+matched many times, the option can be safely set for the second and subsequent
+matchings to improve performance.
+.
+.
+.SH "COMPILATION ERROR CODES"
+.rs
+.sp
+The following table lists the error codes than may be returned by
+\fBpcre_compile2()\fP, along with the error messages that may be returned by
+both compiling functions. Note that error messages are always 8-bit ASCII
+strings, even in 16-bit or 32-bit mode. As PCRE has developed, some error codes
+have fallen out of use. To avoid confusion, they have not been re-used.
+.sp
+   0  no error
+   1  \e at end of pattern
+   2  \ec at end of pattern
+   3  unrecognized character follows \e
+   4  numbers out of order in {} quantifier
+   5  number too big in {} quantifier
+   6  missing terminating ] for character class
+   7  invalid escape sequence in character class
+   8  range out of order in character class
+   9  nothing to repeat
+  10  [this code is not in use]
+  11  internal error: unexpected repeat
+  12  unrecognized character after (? or (?-
+  13  POSIX named classes are supported only within a class
+  14  missing )
+  15  reference to non-existent subpattern
+  16  erroffset passed as NULL
+  17  unknown option bit(s) set
+  18  missing ) after comment
+  19  [this code is not in use]
+  20  regular expression is too large
+  21  failed to get memory
+  22  unmatched parentheses
+  23  internal error: code overflow
+  24  unrecognized character after (?<
+  25  lookbehind assertion is not fixed length
+  26  malformed number or name after (?(
+  27  conditional group contains more than two branches
+  28  assertion expected after (?(
+  29  (?R or (?[+-]digits must be followed by )
+  30  unknown POSIX class name
+  31  POSIX collating elements are not supported
+  32  this version of PCRE is compiled without UTF support
+  33  [this code is not in use]
+  34  character value in \ex{} or \eo{} is too large
+  35  invalid condition (?(0)
+  36  \eC not allowed in lookbehind assertion
+  37  PCRE does not support \eL, \el, \eN{name}, \eU, or \eu
+  38  number after (?C is > 255
+  39  closing ) for (?C expected
+  40  recursive call could loop indefinitely
+  41  unrecognized character after (?P
+  42  syntax error in subpattern name (missing terminator)
+  43  two named subpatterns have the same name
+  44  invalid UTF-8 string (specifically UTF-8)
+  45  support for \eP, \ep, and \eX has not been compiled
+  46  malformed \eP or \ep sequence
+  47  unknown property name after \eP or \ep
+  48  subpattern name is too long (maximum 32 characters)
+  49  too many named subpatterns (maximum 10000)
+  50  [this code is not in use]
+  51  octal value is greater than \e377 in 8-bit non-UTF-8 mode
+  52  internal error: overran compiling workspace
+  53  internal error: previously-checked referenced subpattern
+        not found
+  54  DEFINE group contains more than one branch
+  55  repeating a DEFINE group is not allowed
+  56  inconsistent NEWLINE options
+  57  \eg is not followed by a braced, angle-bracketed, or quoted
+        name/number or by a plain number
+  58  a numbered reference must not be zero
+  59  an argument is not allowed for (*ACCEPT), (*FAIL), or (*COMMIT)
+  60  (*VERB) not recognized or malformed
+  61  number is too big
+  62  subpattern name expected
+  63  digit expected after (?+
+  64  ] is an invalid data character in JavaScript compatibility mode
+  65  different names for subpatterns of the same number are
+        not allowed
+  66  (*MARK) must have an argument
+  67  this version of PCRE is not compiled with Unicode property
+        support
+  68  \ec must be followed by an ASCII character
+  69  \ek is not followed by a braced, angle-bracketed, or quoted name
+  70  internal error: unknown opcode in find_fixedlength()
+  71  \eN is not supported in a class
+  72  too many forward references
+  73  disallowed Unicode code point (>= 0xd800 && <= 0xdfff)
+  74  invalid UTF-16 string (specifically UTF-16)
+  75  name is too long in (*MARK), (*PRUNE), (*SKIP), or (*THEN)
+  76  character value in \eu.... sequence is too large
+  77  invalid UTF-32 string (specifically UTF-32)
+  78  setting UTF is disabled by the application
+  79  non-hex character in \ex{} (closing brace missing?)
+  80  non-octal character in \eo{} (closing brace missing?)
+  81  missing opening brace after \eo
+  82  parentheses are too deeply nested
+  83  invalid range in character class
+  84  group name must start with a non-digit
+  85  parentheses are too deeply nested (stack check)
+.sp
+The numbers 32 and 10000 in errors 48 and 49 are defaults; different values may
+be used if the limits were changed when PCRE was built.
+.
+.
+.\" HTML <a name="studyingapattern"></a>
+.SH "STUDYING A PATTERN"
+.rs
+.sp
+.nf
+.B pcre_extra *pcre_study(const pcre *\fIcode\fP, int \fIoptions\fP,
+.B "     const char **\fIerrptr\fP);"
+.fi
+.PP
+If a compiled pattern is going to be used several times, it is worth spending
+more time analyzing it in order to speed up the time taken for matching. The
+function \fBpcre_study()\fP takes a pointer to a compiled pattern as its first
+argument. If studying the pattern produces additional information that will
+help speed up matching, \fBpcre_study()\fP returns a pointer to a
+\fBpcre_extra\fP block, in which the \fIstudy_data\fP field points to the
+results of the study.
+.P
+The returned value from \fBpcre_study()\fP can be passed directly to
+\fBpcre_exec()\fP or \fBpcre_dfa_exec()\fP. However, a \fBpcre_extra\fP block
+also contains other fields that can be set by the caller before the block is
+passed; these are described
+.\" HTML <a href="#extradata">
+.\" </a>
+below
+.\"
+in the section on matching a pattern.
+.P
+If studying the pattern does not produce any useful information,
+\fBpcre_study()\fP returns NULL by default. In that circumstance, if the
+calling program wants to pass any of the other fields to \fBpcre_exec()\fP or
+\fBpcre_dfa_exec()\fP, it must set up its own \fBpcre_extra\fP block. However,
+if \fBpcre_study()\fP is called with the PCRE_STUDY_EXTRA_NEEDED option, it
+returns a \fBpcre_extra\fP block even if studying did not find any additional
+information. It may still return NULL, however, if an error occurs in
+\fBpcre_study()\fP.
+.P
+The second argument of \fBpcre_study()\fP contains option bits. There are three
+further options in addition to PCRE_STUDY_EXTRA_NEEDED:
+.sp
+  PCRE_STUDY_JIT_COMPILE
+  PCRE_STUDY_JIT_PARTIAL_HARD_COMPILE
+  PCRE_STUDY_JIT_PARTIAL_SOFT_COMPILE
+.sp
+If any of these are set, and the just-in-time compiler is available, the
+pattern is further compiled into machine code that executes much faster than
+the \fBpcre_exec()\fP interpretive matching function. If the just-in-time
+compiler is not available, these options are ignored. All undefined bits in the
+\fIoptions\fP argument must be zero.
+.P
+JIT compilation is a heavyweight optimization. It can take some time for
+patterns to be analyzed, and for one-off matches and simple patterns the
+benefit of faster execution might be offset by a much slower study time.
+Not all patterns can be optimized by the JIT compiler. For those that cannot be
+handled, matching automatically falls back to the \fBpcre_exec()\fP
+interpreter. For more details, see the
+.\" HREF
+\fBpcrejit\fP
+.\"
+documentation.
+.P
+The third argument for \fBpcre_study()\fP is a pointer for an error message. If
+studying succeeds (even if no data is returned), the variable it points to is
+set to NULL. Otherwise it is set to point to a textual error message. This is a
+static string that is part of the library. You must not try to free it. You
+should test the error pointer for NULL after calling \fBpcre_study()\fP, to be
+sure that it has run successfully.
+.P
+When you are finished with a pattern, you can free the memory used for the
+study data by calling \fBpcre_free_study()\fP. This function was added to the
+API for release 8.20. For earlier versions, the memory could be freed with
+\fBpcre_free()\fP, just like the pattern itself. This will still work in cases
+where JIT optimization is not used, but it is advisable to change to the new
+function when convenient.
+.P
+This is a typical way in which \fBpcre_study\fP() is used (except that in a
+real application there should be tests for errors):
+.sp
+  int rc;
+  pcre *re;
+  pcre_extra *sd;
+  re = pcre_compile("pattern", 0, &error, &erroroffset, NULL);
+  sd = pcre_study(
+    re,             /* result of pcre_compile() */
+    0,              /* no options */
+    &error);        /* set to NULL or points to a message */
+  rc = pcre_exec(   /* see below for details of pcre_exec() options */
+    re, sd, "subject", 7, 0, 0, ovector, 30);
+  ...
+  pcre_free_study(sd);
+  pcre_free(re);
+.sp
+Studying a pattern does two things: first, a lower bound for the length of
+subject string that is needed to match the pattern is computed. This does not
+mean that there are any strings of that length that match, but it does
+guarantee that no shorter strings match. The value is used to avoid wasting
+time by trying to match strings that are shorter than the lower bound. You can
+find out the value in a calling program via the \fBpcre_fullinfo()\fP function.
+.P
+Studying a pattern is also useful for non-anchored patterns that do not have a
+single fixed starting character. A bitmap of possible starting bytes is
+created. This speeds up finding a position in the subject at which to start
+matching. (In 16-bit mode, the bitmap is used for 16-bit values less than 256.
+In 32-bit mode, the bitmap is used for 32-bit values less than 256.)
+.P
+These two optimizations apply to both \fBpcre_exec()\fP and
+\fBpcre_dfa_exec()\fP, and the information is also used by the JIT compiler.
+The optimizations can be disabled by setting the PCRE_NO_START_OPTIMIZE option.
+You might want to do this if your pattern contains callouts or (*MARK) and you
+want to make use of these facilities in cases where matching fails.
+.P
+PCRE_NO_START_OPTIMIZE can be specified at either compile time or execution
+time. However, if PCRE_NO_START_OPTIMIZE is passed to \fBpcre_exec()\fP, (that
+is, after any JIT compilation has happened) JIT execution is disabled. For JIT
+execution to work with PCRE_NO_START_OPTIMIZE, the option must be set at
+compile time.
+.P
+There is a longer discussion of PCRE_NO_START_OPTIMIZE
+.\" HTML <a href="#execoptions">
+.\" </a>
+below.
+.\"
+.
+.
+.\" HTML <a name="localesupport"></a>
+.SH "LOCALE SUPPORT"
+.rs
+.sp
+PCRE handles caseless matching, and determines whether characters are letters,
+digits, or whatever, by reference to a set of tables, indexed by character
+code point. When running in UTF-8 mode, or in the 16- or 32-bit libraries, this
+applies only to characters with code points less than 256. By default,
+higher-valued code points never match escapes such as \ew or \ed. However, if
+PCRE is built with Unicode property support, all characters can be tested with
+\ep and \eP, or, alternatively, the PCRE_UCP option can be set when a pattern
+is compiled; this causes \ew and friends to use Unicode property support
+instead of the built-in tables.
+.P
+The use of locales with Unicode is discouraged. If you are handling characters
+with code points greater than 128, you should either use Unicode support, or
+use locales, but not try to mix the two.
+.P
+PCRE contains an internal set of tables that are used when the final argument
+of \fBpcre_compile()\fP is NULL. These are sufficient for many applications.
+Normally, the internal tables recognize only ASCII characters. However, when
+PCRE is built, it is possible to cause the internal tables to be rebuilt in the
+default "C" locale of the local system, which may cause them to be different.
+.P
+The internal tables can always be overridden by tables supplied by the
+application that calls PCRE. These may be created in a different locale from
+the default. As more and more applications change to using Unicode, the need
+for this locale support is expected to die away.
+.P
+External tables are built by calling the \fBpcre_maketables()\fP function,
+which has no arguments, in the relevant locale. The result can then be passed
+to \fBpcre_compile()\fP as often as necessary. For example, to build and use
+tables that are appropriate for the French locale (where accented characters
+with values greater than 128 are treated as letters), the following code could
+be used:
+.sp
+  setlocale(LC_CTYPE, "fr_FR");
+  tables = pcre_maketables();
+  re = pcre_compile(..., tables);
+.sp
+The locale name "fr_FR" is used on Linux and other Unix-like systems; if you
+are using Windows, the name for the French locale is "french".
+.P
+When \fBpcre_maketables()\fP runs, the tables are built in memory that is
+obtained via \fBpcre_malloc\fP. It is the caller's responsibility to ensure
+that the memory containing the tables remains available for as long as it is
+needed.
+.P
+The pointer that is passed to \fBpcre_compile()\fP is saved with the compiled
+pattern, and the same tables are used via this pointer by \fBpcre_study()\fP
+and also by \fBpcre_exec()\fP and \fBpcre_dfa_exec()\fP. Thus, for any single
+pattern, compilation, studying and matching all happen in the same locale, but
+different patterns can be processed in different locales.
+.P
+It is possible to pass a table pointer or NULL (indicating the use of the
+internal tables) to \fBpcre_exec()\fP or \fBpcre_dfa_exec()\fP (see the
+discussion below in the section on matching a pattern). This facility is
+provided for use with pre-compiled patterns that have been saved and reloaded.
+Character tables are not saved with patterns, so if a non-standard table was
+used at compile time, it must be provided again when the reloaded pattern is
+matched. Attempting to use this facility to match a pattern in a different
+locale from the one in which it was compiled is likely to lead to anomalous
+(usually incorrect) results.
+.
+.
+.\" HTML <a name="infoaboutpattern"></a>
+.SH "INFORMATION ABOUT A PATTERN"
+.rs
+.sp
+.nf
+.B int pcre_fullinfo(const pcre *\fIcode\fP, "const pcre_extra *\fIextra\fP,"
+.B "     int \fIwhat\fP, void *\fIwhere\fP);"
+.fi
+.PP
+The \fBpcre_fullinfo()\fP function returns information about a compiled
+pattern. It replaces the \fBpcre_info()\fP function, which was removed from the
+library at version 8.30, after more than 10 years of obsolescence.
+.P
+The first argument for \fBpcre_fullinfo()\fP is a pointer to the compiled
+pattern. The second argument is the result of \fBpcre_study()\fP, or NULL if
+the pattern was not studied. The third argument specifies which piece of
+information is required, and the fourth argument is a pointer to a variable
+to receive the data. The yield of the function is zero for success, or one of
+the following negative numbers:
+.sp
+  PCRE_ERROR_NULL           the argument \fIcode\fP was NULL
+                            the argument \fIwhere\fP was NULL
+  PCRE_ERROR_BADMAGIC       the "magic number" was not found
+  PCRE_ERROR_BADENDIANNESS  the pattern was compiled with different
+                            endianness
+  PCRE_ERROR_BADOPTION      the value of \fIwhat\fP was invalid
+  PCRE_ERROR_UNSET          the requested field is not set
+.sp
+The "magic number" is placed at the start of each compiled pattern as an simple
+check against passing an arbitrary memory pointer. The endianness error can
+occur if a compiled pattern is saved and reloaded on a different host. Here is
+a typical call of \fBpcre_fullinfo()\fP, to obtain the length of the compiled
+pattern:
+.sp
+  int rc;
+  size_t length;
+  rc = pcre_fullinfo(
+    re,               /* result of pcre_compile() */
+    sd,               /* result of pcre_study(), or NULL */
+    PCRE_INFO_SIZE,   /* what is required */
+    &length);         /* where to put the data */
+.sp
+The possible values for the third argument are defined in \fBpcre.h\fP, and are
+as follows:
+.sp
+  PCRE_INFO_BACKREFMAX
+.sp
+Return the number of the highest back reference in the pattern. The fourth
+argument should point to an \fBint\fP variable. Zero is returned if there are
+no back references.
+.sp
+  PCRE_INFO_CAPTURECOUNT
+.sp
+Return the number of capturing subpatterns in the pattern. The fourth argument
+should point to an \fBint\fP variable.
+.sp
+  PCRE_INFO_DEFAULT_TABLES
+.sp
+Return a pointer to the internal default character tables within PCRE. The
+fourth argument should point to an \fBunsigned char *\fP variable. This
+information call is provided for internal use by the \fBpcre_study()\fP
+function. External callers can cause PCRE to use its internal tables by passing
+a NULL table pointer.
+.sp
+  PCRE_INFO_FIRSTBYTE (deprecated)
+.sp
+Return information about the first data unit of any matched string, for a
+non-anchored pattern. The name of this option refers to the 8-bit library,
+where data units are bytes. The fourth argument should point to an \fBint\fP
+variable. Negative values are used for special cases. However, this means that
+when the 32-bit library is in non-UTF-32 mode, the full 32-bit range of
+characters cannot be returned. For this reason, this value is deprecated; use
+PCRE_INFO_FIRSTCHARACTERFLAGS and PCRE_INFO_FIRSTCHARACTER instead.
+.P
+If there is a fixed first value, for example, the letter "c" from a pattern
+such as (cat|cow|coyote), its value is returned. In the 8-bit library, the
+value is always less than 256. In the 16-bit library the value can be up to
+0xffff. In the 32-bit library the value can be up to 0x10ffff.
+.P
+If there is no fixed first value, and if either
+.sp
+(a) the pattern was compiled with the PCRE_MULTILINE option, and every branch
+starts with "^", or
+.sp
+(b) every branch of the pattern starts with ".*" and PCRE_DOTALL is not set
+(if it were set, the pattern would be anchored),
+.sp
+-1 is returned, indicating that the pattern matches only at the start of a
+subject string or after any newline within the string. Otherwise -2 is
+returned. For anchored patterns, -2 is returned.
+.sp
+  PCRE_INFO_FIRSTCHARACTER
+.sp
+Return the value of the first data unit (non-UTF character) of any matched
+string in the situation where PCRE_INFO_FIRSTCHARACTERFLAGS returns 1;
+otherwise return 0. The fourth argument should point to an \fBuint_t\fP
+variable.
+.P
+In the 8-bit library, the value is always less than 256. In the 16-bit library
+the value can be up to 0xffff. In the 32-bit library in UTF-32 mode the value
+can be up to 0x10ffff, and up to 0xffffffff when not using UTF-32 mode.
+.sp
+  PCRE_INFO_FIRSTCHARACTERFLAGS
+.sp
+Return information about the first data unit of any matched string, for a
+non-anchored pattern. The fourth argument should point to an \fBint\fP
+variable.
+.P
+If there is a fixed first value, for example, the letter "c" from a pattern
+such as (cat|cow|coyote), 1 is returned, and the character value can be
+retrieved using PCRE_INFO_FIRSTCHARACTER. If there is no fixed first value, and
+if either
+.sp
+(a) the pattern was compiled with the PCRE_MULTILINE option, and every branch
+starts with "^", or
+.sp
+(b) every branch of the pattern starts with ".*" and PCRE_DOTALL is not set
+(if it were set, the pattern would be anchored),
+.sp
+2 is returned, indicating that the pattern matches only at the start of a
+subject string or after any newline within the string. Otherwise 0 is
+returned. For anchored patterns, 0 is returned.
+.sp
+  PCRE_INFO_FIRSTTABLE
+.sp
+If the pattern was studied, and this resulted in the construction of a 256-bit
+table indicating a fixed set of values for the first data unit in any matching
+string, a pointer to the table is returned. Otherwise NULL is returned. The
+fourth argument should point to an \fBunsigned char *\fP variable.
+.sp
+  PCRE_INFO_HASCRORLF
+.sp
+Return 1 if the pattern contains any explicit matches for CR or LF characters,
+otherwise 0. The fourth argument should point to an \fBint\fP variable. An
+explicit match is either a literal CR or LF character, or \er or \en.
+.sp
+  PCRE_INFO_JCHANGED
+.sp
+Return 1 if the (?J) or (?-J) option setting is used in the pattern, otherwise
+0. The fourth argument should point to an \fBint\fP variable. (?J) and
+(?-J) set and unset the local PCRE_DUPNAMES option, respectively.
+.sp
+  PCRE_INFO_JIT
+.sp
+Return 1 if the pattern was studied with one of the JIT options, and
+just-in-time compiling was successful. The fourth argument should point to an
+\fBint\fP variable. A return value of 0 means that JIT support is not available
+in this version of PCRE, or that the pattern was not studied with a JIT option,
+or that the JIT compiler could not handle this particular pattern. See the
+.\" HREF
+\fBpcrejit\fP
+.\"
+documentation for details of what can and cannot be handled.
+.sp
+  PCRE_INFO_JITSIZE
+.sp
+If the pattern was successfully studied with a JIT option, return the size of
+the JIT compiled code, otherwise return zero. The fourth argument should point
+to a \fBsize_t\fP variable.
+.sp
+  PCRE_INFO_LASTLITERAL
+.sp
+Return the value of the rightmost literal data unit that must exist in any
+matched string, other than at its start, if such a value has been recorded. The
+fourth argument should point to an \fBint\fP variable. If there is no such
+value, -1 is returned. For anchored patterns, a last literal value is recorded
+only if it follows something of variable length. For example, for the pattern
+/^a\ed+z\ed+/ the returned value is "z", but for /^a\edz\ed/ the returned value
+is -1.
+.P
+Since for the 32-bit library using the non-UTF-32 mode, this function is unable
+to return the full 32-bit range of characters, this value is deprecated;
+instead the PCRE_INFO_REQUIREDCHARFLAGS and PCRE_INFO_REQUIREDCHAR values should
+be used.
+.sp
+  PCRE_INFO_MATCH_EMPTY
+.sp
+Return 1 if the pattern can match an empty string, otherwise 0. The fourth
+argument should point to an \fBint\fP variable.
+.sp
+  PCRE_INFO_MATCHLIMIT
+.sp
+If the pattern set a match limit by including an item of the form
+(*LIMIT_MATCH=nnnn) at the start, the value is returned. The fourth argument
+should point to an unsigned 32-bit integer. If no such value has been set, the
+call to \fBpcre_fullinfo()\fP returns the error PCRE_ERROR_UNSET.
+.sp
+  PCRE_INFO_MAXLOOKBEHIND
+.sp
+Return the number of characters (NB not data units) in the longest lookbehind
+assertion in the pattern. This information is useful when doing multi-segment
+matching using the partial matching facilities. Note that the simple assertions
+\eb and \eB require a one-character lookbehind. \eA also registers a
+one-character lookbehind, though it does not actually inspect the previous
+character. This is to ensure that at least one character from the old segment
+is retained when a new segment is processed. Otherwise, if there are no
+lookbehinds in the pattern, \eA might match incorrectly at the start of a new
+segment.
+.sp
+  PCRE_INFO_MINLENGTH
+.sp
+If the pattern was studied and a minimum length for matching subject strings
+was computed, its value is returned. Otherwise the returned value is -1. The
+value is a number of characters, which in UTF mode may be different from the
+number of data units. The fourth argument should point to an \fBint\fP
+variable. A non-negative value is a lower bound to the length of any matching
+string. There may not be any strings of that length that do actually match, but
+every string that does match is at least that long.
+.sp
+  PCRE_INFO_NAMECOUNT
+  PCRE_INFO_NAMEENTRYSIZE
+  PCRE_INFO_NAMETABLE
+.sp
+PCRE supports the use of named as well as numbered capturing parentheses. The
+names are just an additional way of identifying the parentheses, which still
+acquire numbers. Several convenience functions such as
+\fBpcre_get_named_substring()\fP are provided for extracting captured
+substrings by name. It is also possible to extract the data directly, by first
+converting the name to a number in order to access the correct pointers in the
+output vector (described with \fBpcre_exec()\fP below). To do the conversion,
+you need to use the name-to-number map, which is described by these three
+values.
+.P
+The map consists of a number of fixed-size entries. PCRE_INFO_NAMECOUNT gives
+the number of entries, and PCRE_INFO_NAMEENTRYSIZE gives the size of each
+entry; both of these return an \fBint\fP value. The entry size depends on the
+length of the longest name. PCRE_INFO_NAMETABLE returns a pointer to the first
+entry of the table. This is a pointer to \fBchar\fP in the 8-bit library, where
+the first two bytes of each entry are the number of the capturing parenthesis,
+most significant byte first. In the 16-bit library, the pointer points to
+16-bit data units, the first of which contains the parenthesis number. In the
+32-bit library, the pointer points to 32-bit data units, the first of which
+contains the parenthesis number. The rest of the entry is the corresponding
+name, zero terminated.
+.P
+The names are in alphabetical order. If (?| is used to create multiple groups
+with the same number, as described in the
+.\" HTML <a href="pcrepattern.html#dupsubpatternnumber">
+.\" </a>
+section on duplicate subpattern numbers
+.\"
+in the
+.\" HREF
+\fBpcrepattern\fP
+.\"
+page, the groups may be given the same name, but there is only one entry in the
+table. Different names for groups of the same number are not permitted.
+Duplicate names for subpatterns with different numbers are permitted,
+but only if PCRE_DUPNAMES is set. They appear in the table in the order in
+which they were found in the pattern. In the absence of (?| this is the order
+of increasing number; when (?| is used this is not necessarily the case because
+later subpatterns may have lower numbers.
+.P
+As a simple example of the name/number table, consider the following pattern
+after compilation by the 8-bit library (assume PCRE_EXTENDED is set, so white
+space - including newlines - is ignored):
+.sp
+.\" JOIN
+  (?<date> (?<year>(\ed\ed)?\ed\ed) -
+  (?<month>\ed\ed) - (?<day>\ed\ed) )
+.sp
+There are four named subpatterns, so the table has four entries, and each entry
+in the table is eight bytes long. The table is as follows, with non-printing
+bytes shows in hexadecimal, and undefined bytes shown as ??:
+.sp
+  00 01 d  a  t  e  00 ??
+  00 05 d  a  y  00 ?? ??
+  00 04 m  o  n  t  h  00
+  00 02 y  e  a  r  00 ??
+.sp
+When writing code to extract data from named subpatterns using the
+name-to-number map, remember that the length of the entries is likely to be
+different for each compiled pattern.
+.sp
+  PCRE_INFO_OKPARTIAL
+.sp
+Return 1 if the pattern can be used for partial matching with
+\fBpcre_exec()\fP, otherwise 0. The fourth argument should point to an
+\fBint\fP variable. From release 8.00, this always returns 1, because the
+restrictions that previously applied to partial matching have been lifted. The
+.\" HREF
+\fBpcrepartial\fP
+.\"
+documentation gives details of partial matching.
+.sp
+  PCRE_INFO_OPTIONS
+.sp
+Return a copy of the options with which the pattern was compiled. The fourth
+argument should point to an \fBunsigned long int\fP variable. These option bits
+are those specified in the call to \fBpcre_compile()\fP, modified by any
+top-level option settings at the start of the pattern itself. In other words,
+they are the options that will be in force when matching starts. For example,
+if the pattern /(?im)abc(?-i)d/ is compiled with the PCRE_EXTENDED option, the
+result is PCRE_CASELESS, PCRE_MULTILINE, and PCRE_EXTENDED.
+.P
+A pattern is automatically anchored by PCRE if all of its top-level
+alternatives begin with one of the following:
+.sp
+  ^     unless PCRE_MULTILINE is set
+  \eA    always
+  \eG    always
+.\" JOIN
+  .*    if PCRE_DOTALL is set and there are no back
+          references to the subpattern in which .* appears
+.sp
+For such patterns, the PCRE_ANCHORED bit is set in the options returned by
+\fBpcre_fullinfo()\fP.
+.sp
+  PCRE_INFO_RECURSIONLIMIT
+.sp
+If the pattern set a recursion limit by including an item of the form
+(*LIMIT_RECURSION=nnnn) at the start, the value is returned. The fourth
+argument should point to an unsigned 32-bit integer. If no such value has been
+set, the call to \fBpcre_fullinfo()\fP returns the error PCRE_ERROR_UNSET.
+.sp
+  PCRE_INFO_SIZE
+.sp
+Return the size of the compiled pattern in bytes (for all three libraries). The
+fourth argument should point to a \fBsize_t\fP variable. This value does not
+include the size of the \fBpcre\fP structure that is returned by
+\fBpcre_compile()\fP. The value that is passed as the argument to
+\fBpcre_malloc()\fP when \fBpcre_compile()\fP is getting memory in which to
+place the compiled data is the value returned by this option plus the size of
+the \fBpcre\fP structure. Studying a compiled pattern, with or without JIT,
+does not alter the value returned by this option.
+.sp
+  PCRE_INFO_STUDYSIZE
+.sp
+Return the size in bytes (for all three libraries) of the data block pointed to
+by the \fIstudy_data\fP field in a \fBpcre_extra\fP block. If \fBpcre_extra\fP
+is NULL, or there is no study data, zero is returned. The fourth argument
+should point to a \fBsize_t\fP variable. The \fIstudy_data\fP field is set by
+\fBpcre_study()\fP to record information that will speed up matching (see the
+section entitled
+.\" HTML <a href="#studyingapattern">
+.\" </a>
+"Studying a pattern"
+.\"
+above). The format of the \fIstudy_data\fP block is private, but its length
+is made available via this option so that it can be saved and restored (see the
+.\" HREF
+\fBpcreprecompile\fP
+.\"
+documentation for details).
+.sp
+  PCRE_INFO_REQUIREDCHARFLAGS
+.sp
+Returns 1 if there is a rightmost literal data unit that must exist in any
+matched string, other than at its start. The fourth argument should  point to
+an \fBint\fP variable. If there is no such value, 0 is returned. If returning
+1, the character value itself can be retrieved using PCRE_INFO_REQUIREDCHAR.
+.P
+For anchored patterns, a last literal value is recorded only if it follows
+something of variable length. For example, for the pattern /^a\ed+z\ed+/ the
+returned value 1 (with "z" returned from PCRE_INFO_REQUIREDCHAR), but for
+/^a\edz\ed/ the returned value is 0.
+.sp
+  PCRE_INFO_REQUIREDCHAR
+.sp
+Return the value of the rightmost literal data unit that must exist in any
+matched string, other than at its start, if such a value has been recorded. The
+fourth argument should point to an \fBuint32_t\fP variable. If there is no such
+value, 0 is returned.
+.
+.
+.SH "REFERENCE COUNTS"
+.rs
+.sp
+.B int pcre_refcount(pcre *\fIcode\fP, int \fIadjust\fP);
+.PP
+The \fBpcre_refcount()\fP function is used to maintain a reference count in the
+data block that contains a compiled pattern. It is provided for the benefit of
+applications that operate in an object-oriented manner, where different parts
+of the application may be using the same compiled pattern, but you want to free
+the block when they are all done.
+.P
+When a pattern is compiled, the reference count field is initialized to zero.
+It is changed only by calling this function, whose action is to add the
+\fIadjust\fP value (which may be positive or negative) to it. The yield of the
+function is the new value. However, the value of the count is constrained to
+lie between 0 and 65535, inclusive. If the new value is outside these limits,
+it is forced to the appropriate limit value.
+.P
+Except when it is zero, the reference count is not correctly preserved if a
+pattern is compiled on one host and then transferred to a host whose byte-order
+is different. (This seems a highly unlikely scenario.)
+.
+.
+.SH "MATCHING A PATTERN: THE TRADITIONAL FUNCTION"
+.rs
+.sp
+.nf
+.B int pcre_exec(const pcre *\fIcode\fP, "const pcre_extra *\fIextra\fP,"
+.B "     const char *\fIsubject\fP," int \fIlength\fP, int \fIstartoffset\fP,
+.B "     int \fIoptions\fP, int *\fIovector\fP, int \fIovecsize\fP);"
+.fi
+.P
+The function \fBpcre_exec()\fP is called to match a subject string against a
+compiled pattern, which is passed in the \fIcode\fP argument. If the
+pattern was studied, the result of the study should be passed in the
+\fIextra\fP argument. You can call \fBpcre_exec()\fP with the same \fIcode\fP
+and \fIextra\fP arguments as many times as you like, in order to match
+different subject strings with the same pattern.
+.P
+This function is the main matching facility of the library, and it operates in
+a Perl-like manner. For specialist use there is also an alternative matching
+function, which is described
+.\" HTML <a href="#dfamatch">
+.\" </a>
+below
+.\"
+in the section about the \fBpcre_dfa_exec()\fP function.
+.P
+In most applications, the pattern will have been compiled (and optionally
+studied) in the same process that calls \fBpcre_exec()\fP. However, it is
+possible to save compiled patterns and study data, and then use them later
+in different processes, possibly even on different hosts. For a discussion
+about this, see the
+.\" HREF
+\fBpcreprecompile\fP
+.\"
+documentation.
+.P
+Here is an example of a simple call to \fBpcre_exec()\fP:
+.sp
+  int rc;
+  int ovector[30];
+  rc = pcre_exec(
+    re,             /* result of pcre_compile() */
+    NULL,           /* we didn't study the pattern */
+    "some string",  /* the subject string */
+    11,             /* the length of the subject string */
+    0,              /* start at offset 0 in the subject */
+    0,              /* default options */
+    ovector,        /* vector of integers for substring information */
+    30);            /* number of elements (NOT size in bytes) */
+.
+.
+.\" HTML <a name="extradata"></a>
+.SS "Extra data for \fBpcre_exec()\fR"
+.rs
+.sp
+If the \fIextra\fP argument is not NULL, it must point to a \fBpcre_extra\fP
+data block. The \fBpcre_study()\fP function returns such a block (when it
+doesn't return NULL), but you can also create one for yourself, and pass
+additional information in it. The \fBpcre_extra\fP block contains the following
+fields (not necessarily in this order):
+.sp
+  unsigned long int \fIflags\fP;
+  void *\fIstudy_data\fP;
+  void *\fIexecutable_jit\fP;
+  unsigned long int \fImatch_limit\fP;
+  unsigned long int \fImatch_limit_recursion\fP;
+  void *\fIcallout_data\fP;
+  const unsigned char *\fItables\fP;
+  unsigned char **\fImark\fP;
+.sp
+In the 16-bit version of this structure, the \fImark\fP field has type
+"PCRE_UCHAR16 **".
+.sp
+In the 32-bit version of this structure, the \fImark\fP field has type
+"PCRE_UCHAR32 **".
+.P
+The \fIflags\fP field is used to specify which of the other fields are set. The
+flag bits are:
+.sp
+  PCRE_EXTRA_CALLOUT_DATA
+  PCRE_EXTRA_EXECUTABLE_JIT
+  PCRE_EXTRA_MARK
+  PCRE_EXTRA_MATCH_LIMIT
+  PCRE_EXTRA_MATCH_LIMIT_RECURSION
+  PCRE_EXTRA_STUDY_DATA
+  PCRE_EXTRA_TABLES
+.sp
+Other flag bits should be set to zero. The \fIstudy_data\fP field and sometimes
+the \fIexecutable_jit\fP field are set in the \fBpcre_extra\fP block that is
+returned by \fBpcre_study()\fP, together with the appropriate flag bits. You
+should not set these yourself, but you may add to the block by setting other
+fields and their corresponding flag bits.
+.P
+The \fImatch_limit\fP field provides a means of preventing PCRE from using up a
+vast amount of resources when running patterns that are not going to match,
+but which have a very large number of possibilities in their search trees. The
+classic example is a pattern that uses nested unlimited repeats.
+.P
+Internally, \fBpcre_exec()\fP uses a function called \fBmatch()\fP, which it
+calls repeatedly (sometimes recursively). The limit set by \fImatch_limit\fP is
+imposed on the number of times this function is called during a match, which
+has the effect of limiting the amount of backtracking that can take place. For
+patterns that are not anchored, the count restarts from zero for each position
+in the subject string.
+.P
+When \fBpcre_exec()\fP is called with a pattern that was successfully studied
+with a JIT option, the way that the matching is executed is entirely different.
+However, there is still the possibility of runaway matching that goes on for a
+very long time, and so the \fImatch_limit\fP value is also used in this case
+(but in a different way) to limit how long the matching can continue.
+.P
+The default value for the limit can be set when PCRE is built; the default
+default is 10 million, which handles all but the most extreme cases. You can
+override the default by suppling \fBpcre_exec()\fP with a \fBpcre_extra\fP
+block in which \fImatch_limit\fP is set, and PCRE_EXTRA_MATCH_LIMIT is set in
+the \fIflags\fP field. If the limit is exceeded, \fBpcre_exec()\fP returns
+PCRE_ERROR_MATCHLIMIT.
+.P
+A value for the match limit may also be supplied by an item at the start of a
+pattern of the form
+.sp
+  (*LIMIT_MATCH=d)
+.sp
+where d is a decimal number. However, such a setting is ignored unless d is
+less than the limit set by the caller of \fBpcre_exec()\fP or, if no such limit
+is set, less than the default.
+.P
+The \fImatch_limit_recursion\fP field is similar to \fImatch_limit\fP, but
+instead of limiting the total number of times that \fBmatch()\fP is called, it
+limits the depth of recursion. The recursion depth is a smaller number than the
+total number of calls, because not all calls to \fBmatch()\fP are recursive.
+This limit is of use only if it is set smaller than \fImatch_limit\fP.
+.P
+Limiting the recursion depth limits the amount of machine stack that can be
+used, or, when PCRE has been compiled to use memory on the heap instead of the
+stack, the amount of heap memory that can be used. This limit is not relevant,
+and is ignored, when matching is done using JIT compiled code.
+.P
+The default value for \fImatch_limit_recursion\fP can be set when PCRE is
+built; the default default is the same value as the default for
+\fImatch_limit\fP. You can override the default by suppling \fBpcre_exec()\fP
+with a \fBpcre_extra\fP block in which \fImatch_limit_recursion\fP is set, and
+PCRE_EXTRA_MATCH_LIMIT_RECURSION is set in the \fIflags\fP field. If the limit
+is exceeded, \fBpcre_exec()\fP returns PCRE_ERROR_RECURSIONLIMIT.
+.P
+A value for the recursion limit may also be supplied by an item at the start of
+a pattern of the form
+.sp
+  (*LIMIT_RECURSION=d)
+.sp
+where d is a decimal number. However, such a setting is ignored unless d is
+less than the limit set by the caller of \fBpcre_exec()\fP or, if no such limit
+is set, less than the default.
+.P
+The \fIcallout_data\fP field is used in conjunction with the "callout" feature,
+and is described in the
+.\" HREF
+\fBpcrecallout\fP
+.\"
+documentation.
+.P
+The \fItables\fP field is provided for use with patterns that have been
+pre-compiled using custom character tables, saved to disc or elsewhere, and
+then reloaded, because the tables that were used to compile a pattern are not
+saved with it. See the
+.\" HREF
+\fBpcreprecompile\fP
+.\"
+documentation for a discussion of saving compiled patterns for later use. If
+NULL is passed using this mechanism, it forces PCRE's internal tables to be
+used.
+.P
+\fBWarning:\fP The tables that \fBpcre_exec()\fP uses must be the same as those
+that were used when the pattern was compiled. If this is not the case, the
+behaviour of \fBpcre_exec()\fP is undefined. Therefore, when a pattern is
+compiled and matched in the same process, this field should never be set. In
+this (the most common) case, the correct table pointer is automatically passed
+with the compiled pattern from \fBpcre_compile()\fP to \fBpcre_exec()\fP.
+.P
+If PCRE_EXTRA_MARK is set in the \fIflags\fP field, the \fImark\fP field must
+be set to point to a suitable variable. If the pattern contains any
+backtracking control verbs such as (*MARK:NAME), and the execution ends up with
+a name to pass back, a pointer to the name string (zero terminated) is placed
+in the variable pointed to by the \fImark\fP field. The names are within the
+compiled pattern; if you wish to retain such a name you must copy it before
+freeing the memory of a compiled pattern. If there is no name to pass back, the
+variable pointed to by the \fImark\fP field is set to NULL. For details of the
+backtracking control verbs, see the section entitled
+.\" HTML <a href="pcrepattern#backtrackcontrol">
+.\" </a>
+"Backtracking control"
+.\"
+in the
+.\" HREF
+\fBpcrepattern\fP
+.\"
+documentation.
+.
+.
+.\" HTML <a name="execoptions"></a>
+.SS "Option bits for \fBpcre_exec()\fP"
+.rs
+.sp
+The unused bits of the \fIoptions\fP argument for \fBpcre_exec()\fP must be
+zero. The only bits that may be set are PCRE_ANCHORED, PCRE_NEWLINE_\fIxxx\fP,
+PCRE_NOTBOL, PCRE_NOTEOL, PCRE_NOTEMPTY, PCRE_NOTEMPTY_ATSTART,
+PCRE_NO_START_OPTIMIZE, PCRE_NO_UTF8_CHECK, PCRE_PARTIAL_HARD, and
+PCRE_PARTIAL_SOFT.
+.P
+If the pattern was successfully studied with one of the just-in-time (JIT)
+compile options, the only supported options for JIT execution are
+PCRE_NO_UTF8_CHECK, PCRE_NOTBOL, PCRE_NOTEOL, PCRE_NOTEMPTY,
+PCRE_NOTEMPTY_ATSTART, PCRE_PARTIAL_HARD, and PCRE_PARTIAL_SOFT. If an
+unsupported option is used, JIT execution is disabled and the normal
+interpretive code in \fBpcre_exec()\fP is run.
+.sp
+  PCRE_ANCHORED
+.sp
+The PCRE_ANCHORED option limits \fBpcre_exec()\fP to matching at the first
+matching position. If a pattern was compiled with PCRE_ANCHORED, or turned out
+to be anchored by virtue of its contents, it cannot be made unachored at
+matching time.
+.sp
+  PCRE_BSR_ANYCRLF
+  PCRE_BSR_UNICODE
+.sp
+These options (which are mutually exclusive) control what the \eR escape
+sequence matches. The choice is either to match only CR, LF, or CRLF, or to
+match any Unicode newline sequence. These options override the choice that was
+made or defaulted when the pattern was compiled.
+.sp
+  PCRE_NEWLINE_CR
+  PCRE_NEWLINE_LF
+  PCRE_NEWLINE_CRLF
+  PCRE_NEWLINE_ANYCRLF
+  PCRE_NEWLINE_ANY
+.sp
+These options override the newline definition that was chosen or defaulted when
+the pattern was compiled. For details, see the description of
+\fBpcre_compile()\fP above. During matching, the newline choice affects the
+behaviour of the dot, circumflex, and dollar metacharacters. It may also alter
+the way the match position is advanced after a match failure for an unanchored
+pattern.
+.P
+When PCRE_NEWLINE_CRLF, PCRE_NEWLINE_ANYCRLF, or PCRE_NEWLINE_ANY is set, and a
+match attempt for an unanchored pattern fails when the current position is at a
+CRLF sequence, and the pattern contains no explicit matches for CR or LF
+characters, the match position is advanced by two characters instead of one, in
+other words, to after the CRLF.
+.P
+The above rule is a compromise that makes the most common cases work as
+expected. For example, if the pattern is .+A (and the PCRE_DOTALL option is not
+set), it does not match the string "\er\enA" because, after failing at the
+start, it skips both the CR and the LF before retrying. However, the pattern
+[\er\en]A does match that string, because it contains an explicit CR or LF
+reference, and so advances only by one character after the first failure.
+.P
+An explicit match for CR of LF is either a literal appearance of one of those
+characters, or one of the \er or \en escape sequences. Implicit matches such as
+[^X] do not count, nor does \es (which includes CR and LF in the characters
+that it matches).
+.P
+Notwithstanding the above, anomalous effects may still occur when CRLF is a
+valid newline sequence and explicit \er or \en escapes appear in the pattern.
+.sp
+  PCRE_NOTBOL
+.sp
+This option specifies that first character of the subject string is not the
+beginning of a line, so the circumflex metacharacter should not match before
+it. Setting this without PCRE_MULTILINE (at compile time) causes circumflex
+never to match. This option affects only the behaviour of the circumflex
+metacharacter. It does not affect \eA.
+.sp
+  PCRE_NOTEOL
+.sp
+This option specifies that the end of the subject string is not the end of a
+line, so the dollar metacharacter should not match it nor (except in multiline
+mode) a newline immediately before it. Setting this without PCRE_MULTILINE (at
+compile time) causes dollar never to match. This option affects only the
+behaviour of the dollar metacharacter. It does not affect \eZ or \ez.
+.sp
+  PCRE_NOTEMPTY
+.sp
+An empty string is not considered to be a valid match if this option is set. If
+there are alternatives in the pattern, they are tried. If all the alternatives
+match the empty string, the entire match fails. For example, if the pattern
+.sp
+  a?b?
+.sp
+is applied to a string not beginning with "a" or "b", it matches an empty
+string at the start of the subject. With PCRE_NOTEMPTY set, this match is not
+valid, so PCRE searches further into the string for occurrences of "a" or "b".
+.sp
+  PCRE_NOTEMPTY_ATSTART
+.sp
+This is like PCRE_NOTEMPTY, except that an empty string match that is not at
+the start of the subject is permitted. If the pattern is anchored, such a match
+can occur only if the pattern contains \eK.
+.P
+Perl has no direct equivalent of PCRE_NOTEMPTY or PCRE_NOTEMPTY_ATSTART, but it
+does make a special case of a pattern match of the empty string within its
+\fBsplit()\fP function, and when using the /g modifier. It is possible to
+emulate Perl's behaviour after matching a null string by first trying the match
+again at the same offset with PCRE_NOTEMPTY_ATSTART and PCRE_ANCHORED, and then
+if that fails, by advancing the starting offset (see below) and trying an
+ordinary match again. There is some code that demonstrates how to do this in
+the
+.\" HREF
+\fBpcredemo\fP
+.\"
+sample program. In the most general case, you have to check to see if the
+newline convention recognizes CRLF as a newline, and if so, and the current
+character is CR followed by LF, advance the starting offset by two characters
+instead of one.
+.sp
+  PCRE_NO_START_OPTIMIZE
+.sp
+There are a number of optimizations that \fBpcre_exec()\fP uses at the start of
+a match, in order to speed up the process. For example, if it is known that an
+unanchored match must start with a specific character, it searches the subject
+for that character, and fails immediately if it cannot find it, without
+actually running the main matching function. This means that a special item
+such as (*COMMIT) at the start of a pattern is not considered until after a
+suitable starting point for the match has been found. Also, when callouts or
+(*MARK) items are in use, these "start-up" optimizations can cause them to be
+skipped if the pattern is never actually used. The start-up optimizations are
+in effect a pre-scan of the subject that takes place before the pattern is run.
+.P
+The PCRE_NO_START_OPTIMIZE option disables the start-up optimizations, possibly
+causing performance to suffer, but ensuring that in cases where the result is
+"no match", the callouts do occur, and that items such as (*COMMIT) and (*MARK)
+are considered at every possible starting position in the subject string. If
+PCRE_NO_START_OPTIMIZE is set at compile time, it cannot be unset at matching
+time. The use of PCRE_NO_START_OPTIMIZE at matching time (that is, passing it
+to \fBpcre_exec()\fP) disables JIT execution; in this situation, matching is
+always done using interpretively.
+.P
+Setting PCRE_NO_START_OPTIMIZE can change the outcome of a matching operation.
+Consider the pattern
+.sp
+  (*COMMIT)ABC
+.sp
+When this is compiled, PCRE records the fact that a match must start with the
+character "A". Suppose the subject string is "DEFABC". The start-up
+optimization scans along the subject, finds "A" and runs the first match
+attempt from there. The (*COMMIT) item means that the pattern must match the
+current starting position, which in this case, it does. However, if the same
+match is run with PCRE_NO_START_OPTIMIZE set, the initial scan along the
+subject string does not happen. The first match attempt is run starting from
+"D" and when this fails, (*COMMIT) prevents any further matches being tried, so
+the overall result is "no match". If the pattern is studied, more start-up
+optimizations may be used. For example, a minimum length for the subject may be
+recorded. Consider the pattern
+.sp
+  (*MARK:A)(X|Y)
+.sp
+The minimum length for a match is one character. If the subject is "ABC", there
+will be attempts to match "ABC", "BC", "C", and then finally an empty string.
+If the pattern is studied, the final attempt does not take place, because PCRE
+knows that the subject is too short, and so the (*MARK) is never encountered.
+In this case, studying the pattern does not affect the overall match result,
+which is still "no match", but it does affect the auxiliary information that is
+returned.
+.sp
+  PCRE_NO_UTF8_CHECK
+.sp
+When PCRE_UTF8 is set at compile time, the validity of the subject as a UTF-8
+string is automatically checked when \fBpcre_exec()\fP is subsequently called.
+The entire string is checked before any other processing takes place. The value
+of \fIstartoffset\fP is also checked to ensure that it points to the start of a
+UTF-8 character. There is a discussion about the
+.\" HTML <a href="pcreunicode.html#utf8strings">
+.\" </a>
+validity of UTF-8 strings
+.\"
+in the
+.\" HREF
+\fBpcreunicode\fP
+.\"
+page. If an invalid sequence of bytes is found, \fBpcre_exec()\fP returns the
+error PCRE_ERROR_BADUTF8 or, if PCRE_PARTIAL_HARD is set and the problem is a
+truncated character at the end of the subject, PCRE_ERROR_SHORTUTF8. In both
+cases, information about the precise nature of the error may also be returned
+(see the descriptions of these errors in the section entitled \fIError return
+values from\fP \fBpcre_exec()\fP
+.\" HTML <a href="#errorlist">
+.\" </a>
+below).
+.\"
+If \fIstartoffset\fP contains a value that does not point to the start of a
+UTF-8 character (or to the end of the subject), PCRE_ERROR_BADUTF8_OFFSET is
+returned.
+.P
+If you already know that your subject is valid, and you want to skip these
+checks for performance reasons, you can set the PCRE_NO_UTF8_CHECK option when
+calling \fBpcre_exec()\fP. You might want to do this for the second and
+subsequent calls to \fBpcre_exec()\fP if you are making repeated calls to find
+all the matches in a single subject string. However, you should be sure that
+the value of \fIstartoffset\fP points to the start of a character (or the end
+of the subject). When PCRE_NO_UTF8_CHECK is set, the effect of passing an
+invalid string as a subject or an invalid value of \fIstartoffset\fP is
+undefined. Your program may crash or loop.
+.sp
+  PCRE_PARTIAL_HARD
+  PCRE_PARTIAL_SOFT
+.sp
+These options turn on the partial matching feature. For backwards
+compatibility, PCRE_PARTIAL is a synonym for PCRE_PARTIAL_SOFT. A partial match
+occurs if the end of the subject string is reached successfully, but there are
+not enough subject characters to complete the match. If this happens when
+PCRE_PARTIAL_SOFT (but not PCRE_PARTIAL_HARD) is set, matching continues by
+testing any remaining alternatives. Only if no complete match can be found is
+PCRE_ERROR_PARTIAL returned instead of PCRE_ERROR_NOMATCH. In other words,
+PCRE_PARTIAL_SOFT says that the caller is prepared to handle a partial match,
+but only if no complete match can be found.
+.P
+If PCRE_PARTIAL_HARD is set, it overrides PCRE_PARTIAL_SOFT. In this case, if a
+partial match is found, \fBpcre_exec()\fP immediately returns
+PCRE_ERROR_PARTIAL, without considering any other alternatives. In other words,
+when PCRE_PARTIAL_HARD is set, a partial match is considered to be more
+important that an alternative complete match.
+.P
+In both cases, the portion of the string that was inspected when the partial
+match was found is set as the first matching string. There is a more detailed
+discussion of partial and multi-segment matching, with examples, in the
+.\" HREF
+\fBpcrepartial\fP
+.\"
+documentation.
+.
+.
+.SS "The string to be matched by \fBpcre_exec()\fP"
+.rs
+.sp
+The subject string is passed to \fBpcre_exec()\fP as a pointer in
+\fIsubject\fP, a length in \fIlength\fP, and a starting offset in
+\fIstartoffset\fP. The units for \fIlength\fP and \fIstartoffset\fP are bytes
+for the 8-bit library, 16-bit data items for the 16-bit library, and 32-bit
+data items for the 32-bit library.
+.P
+If \fIstartoffset\fP is negative or greater than the length of the subject,
+\fBpcre_exec()\fP returns PCRE_ERROR_BADOFFSET. When the starting offset is
+zero, the search for a match starts at the beginning of the subject, and this
+is by far the most common case. In UTF-8 or UTF-16 mode, the offset must point
+to the start of a character, or the end of the subject (in UTF-32 mode, one
+data unit equals one character, so all offsets are valid). Unlike the pattern
+string, the subject may contain binary zeroes.
+.P
+A non-zero starting offset is useful when searching for another match in the
+same subject by calling \fBpcre_exec()\fP again after a previous success.
+Setting \fIstartoffset\fP differs from just passing over a shortened string and
+setting PCRE_NOTBOL in the case of a pattern that begins with any kind of
+lookbehind. For example, consider the pattern
+.sp
+  \eBiss\eB
+.sp
+which finds occurrences of "iss" in the middle of words. (\eB matches only if
+the current position in the subject is not a word boundary.) When applied to
+the string "Mississipi" the first call to \fBpcre_exec()\fP finds the first
+occurrence. If \fBpcre_exec()\fP is called again with just the remainder of the
+subject, namely "issipi", it does not match, because \eB is always false at the
+start of the subject, which is deemed to be a word boundary. However, if
+\fBpcre_exec()\fP is passed the entire string again, but with \fIstartoffset\fP
+set to 4, it finds the second occurrence of "iss" because it is able to look
+behind the starting point to discover that it is preceded by a letter.
+.P
+Finding all the matches in a subject is tricky when the pattern can match an
+empty string. It is possible to emulate Perl's /g behaviour by first trying the
+match again at the same offset, with the PCRE_NOTEMPTY_ATSTART and
+PCRE_ANCHORED options, and then if that fails, advancing the starting offset
+and trying an ordinary match again. There is some code that demonstrates how to
+do this in the
+.\" HREF
+\fBpcredemo\fP
+.\"
+sample program. In the most general case, you have to check to see if the
+newline convention recognizes CRLF as a newline, and if so, and the current
+character is CR followed by LF, advance the starting offset by two characters
+instead of one.
+.P
+If a non-zero starting offset is passed when the pattern is anchored, one
+attempt to match at the given offset is made. This can only succeed if the
+pattern does not require the match to be at the start of the subject.
+.
+.
+.SS "How \fBpcre_exec()\fP returns captured substrings"
+.rs
+.sp
+In general, a pattern matches a certain portion of the subject, and in
+addition, further substrings from the subject may be picked out by parts of the
+pattern. Following the usage in Jeffrey Friedl's book, this is called
+"capturing" in what follows, and the phrase "capturing subpattern" is used for
+a fragment of a pattern that picks out a substring. PCRE supports several other
+kinds of parenthesized subpattern that do not cause substrings to be captured.
+.P
+Captured substrings are returned to the caller via a vector of integers whose
+address is passed in \fIovector\fP. The number of elements in the vector is
+passed in \fIovecsize\fP, which must be a non-negative number. \fBNote\fP: this
+argument is NOT the size of \fIovector\fP in bytes.
+.P
+The first two-thirds of the vector is used to pass back captured substrings,
+each substring using a pair of integers. The remaining third of the vector is
+used as workspace by \fBpcre_exec()\fP while matching capturing subpatterns,
+and is not available for passing back information. The number passed in
+\fIovecsize\fP should always be a multiple of three. If it is not, it is
+rounded down.
+.P
+When a match is successful, information about captured substrings is returned
+in pairs of integers, starting at the beginning of \fIovector\fP, and
+continuing up to two-thirds of its length at the most. The first element of
+each pair is set to the offset of the first character in a substring, and the
+second is set to the offset of the first character after the end of a
+substring. These values are always data unit offsets, even in UTF mode. They
+are byte offsets in the 8-bit library, 16-bit data item offsets in the 16-bit
+library, and 32-bit data item offsets in the 32-bit library. \fBNote\fP: they
+are not character counts.
+.P
+The first pair of integers, \fIovector[0]\fP and \fIovector[1]\fP, identify the
+portion of the subject string matched by the entire pattern. The next pair is
+used for the first capturing subpattern, and so on. The value returned by
+\fBpcre_exec()\fP is one more than the highest numbered pair that has been set.
+For example, if two substrings have been captured, the returned value is 3. If
+there are no capturing subpatterns, the return value from a successful match is
+1, indicating that just the first pair of offsets has been set.
+.P
+If a capturing subpattern is matched repeatedly, it is the last portion of the
+string that it matched that is returned.
+.P
+If the vector is too small to hold all the captured substring offsets, it is
+used as far as possible (up to two-thirds of its length), and the function
+returns a value of zero. If neither the actual string matched nor any captured
+substrings are of interest, \fBpcre_exec()\fP may be called with \fIovector\fP
+passed as NULL and \fIovecsize\fP as zero. However, if the pattern contains
+back references and the \fIovector\fP is not big enough to remember the related
+substrings, PCRE has to get additional memory for use during matching. Thus it
+is usually advisable to supply an \fIovector\fP of reasonable size.
+.P
+There are some cases where zero is returned (indicating vector overflow) when
+in fact the vector is exactly the right size for the final match. For example,
+consider the pattern
+.sp
+  (a)(?:(b)c|bd)
+.sp
+If a vector of 6 elements (allowing for only 1 captured substring) is given
+with subject string "abd", \fBpcre_exec()\fP will try to set the second
+captured string, thereby recording a vector overflow, before failing to match
+"c" and backing up to try the second alternative. The zero return, however,
+does correctly indicate that the maximum number of slots (namely 2) have been
+filled. In similar cases where there is temporary overflow, but the final
+number of used slots is actually less than the maximum, a non-zero value is
+returned.
+.P
+The \fBpcre_fullinfo()\fP function can be used to find out how many capturing
+subpatterns there are in a compiled pattern. The smallest size for
+\fIovector\fP that will allow for \fIn\fP captured substrings, in addition to
+the offsets of the substring matched by the whole pattern, is (\fIn\fP+1)*3.
+.P
+It is possible for capturing subpattern number \fIn+1\fP to match some part of
+the subject when subpattern \fIn\fP has not been used at all. For example, if
+the string "abc" is matched against the pattern (a|(z))(bc) the return from the
+function is 4, and subpatterns 1 and 3 are matched, but 2 is not. When this
+happens, both values in the offset pairs corresponding to unused subpatterns
+are set to -1.
+.P
+Offset values that correspond to unused subpatterns at the end of the
+expression are also set to -1. For example, if the string "abc" is matched
+against the pattern (abc)(x(yz)?)? subpatterns 2 and 3 are not matched. The
+return from the function is 2, because the highest used capturing subpattern
+number is 1, and the offsets for for the second and third capturing subpatterns
+(assuming the vector is large enough, of course) are set to -1.
+.P
+\fBNote\fP: Elements in the first two-thirds of \fIovector\fP that do not
+correspond to capturing parentheses in the pattern are never changed. That is,
+if a pattern contains \fIn\fP capturing parentheses, no more than
+\fIovector[0]\fP to \fIovector[2n+1]\fP are set by \fBpcre_exec()\fP. The other
+elements (in the first two-thirds) retain whatever values they previously had.
+.P
+Some convenience functions are provided for extracting the captured substrings
+as separate strings. These are described below.
+.
+.
+.\" HTML <a name="errorlist"></a>
+.SS "Error return values from \fBpcre_exec()\fP"
+.rs
+.sp
+If \fBpcre_exec()\fP fails, it returns a negative number. The following are
+defined in the header file:
+.sp
+  PCRE_ERROR_NOMATCH        (-1)
+.sp
+The subject string did not match the pattern.
+.sp
+  PCRE_ERROR_NULL           (-2)
+.sp
+Either \fIcode\fP or \fIsubject\fP was passed as NULL, or \fIovector\fP was
+NULL and \fIovecsize\fP was not zero.
+.sp
+  PCRE_ERROR_BADOPTION      (-3)
+.sp
+An unrecognized bit was set in the \fIoptions\fP argument.
+.sp
+  PCRE_ERROR_BADMAGIC       (-4)
+.sp
+PCRE stores a 4-byte "magic number" at the start of the compiled code, to catch
+the case when it is passed a junk pointer and to detect when a pattern that was
+compiled in an environment of one endianness is run in an environment with the
+other endianness. This is the error that PCRE gives when the magic number is
+not present.
+.sp
+  PCRE_ERROR_UNKNOWN_OPCODE (-5)
+.sp
+While running the pattern match, an unknown item was encountered in the
+compiled pattern. This error could be caused by a bug in PCRE or by overwriting
+of the compiled pattern.
+.sp
+  PCRE_ERROR_NOMEMORY       (-6)
+.sp
+If a pattern contains back references, but the \fIovector\fP that is passed to
+\fBpcre_exec()\fP is not big enough to remember the referenced substrings, PCRE
+gets a block of memory at the start of matching to use for this purpose. If the
+call via \fBpcre_malloc()\fP fails, this error is given. The memory is
+automatically freed at the end of matching.
+.P
+This error is also given if \fBpcre_stack_malloc()\fP fails in
+\fBpcre_exec()\fP. This can happen only when PCRE has been compiled with
+\fB--disable-stack-for-recursion\fP.
+.sp
+  PCRE_ERROR_NOSUBSTRING    (-7)
+.sp
+This error is used by the \fBpcre_copy_substring()\fP,
+\fBpcre_get_substring()\fP, and \fBpcre_get_substring_list()\fP functions (see
+below). It is never returned by \fBpcre_exec()\fP.
+.sp
+  PCRE_ERROR_MATCHLIMIT     (-8)
+.sp
+The backtracking limit, as specified by the \fImatch_limit\fP field in a
+\fBpcre_extra\fP structure (or defaulted) was reached. See the description
+above.
+.sp
+  PCRE_ERROR_CALLOUT        (-9)
+.sp
+This error is never generated by \fBpcre_exec()\fP itself. It is provided for
+use by callout functions that want to yield a distinctive error code. See the
+.\" HREF
+\fBpcrecallout\fP
+.\"
+documentation for details.
+.sp
+  PCRE_ERROR_BADUTF8        (-10)
+.sp
+A string that contains an invalid UTF-8 byte sequence was passed as a subject,
+and the PCRE_NO_UTF8_CHECK option was not set. If the size of the output vector
+(\fIovecsize\fP) is at least 2, the byte offset to the start of the the invalid
+UTF-8 character is placed in the first element, and a reason code is placed in
+the second element. The reason codes are listed in the
+.\" HTML <a href="#badutf8reasons">
+.\" </a>
+following section.
+.\"
+For backward compatibility, if PCRE_PARTIAL_HARD is set and the problem is a
+truncated UTF-8 character at the end of the subject (reason codes 1 to 5),
+PCRE_ERROR_SHORTUTF8 is returned instead of PCRE_ERROR_BADUTF8.
+.sp
+  PCRE_ERROR_BADUTF8_OFFSET (-11)
+.sp
+The UTF-8 byte sequence that was passed as a subject was checked and found to
+be valid (the PCRE_NO_UTF8_CHECK option was not set), but the value of
+\fIstartoffset\fP did not point to the beginning of a UTF-8 character or the
+end of the subject.
+.sp
+  PCRE_ERROR_PARTIAL        (-12)
+.sp
+The subject string did not match, but it did match partially. See the
+.\" HREF
+\fBpcrepartial\fP
+.\"
+documentation for details of partial matching.
+.sp
+  PCRE_ERROR_BADPARTIAL     (-13)
+.sp
+This code is no longer in use. It was formerly returned when the PCRE_PARTIAL
+option was used with a compiled pattern containing items that were not
+supported for partial matching. From release 8.00 onwards, there are no
+restrictions on partial matching.
+.sp
+  PCRE_ERROR_INTERNAL       (-14)
+.sp
+An unexpected internal error has occurred. This error could be caused by a bug
+in PCRE or by overwriting of the compiled pattern.
+.sp
+  PCRE_ERROR_BADCOUNT       (-15)
+.sp
+This error is given if the value of the \fIovecsize\fP argument is negative.
+.sp
+  PCRE_ERROR_RECURSIONLIMIT (-21)
+.sp
+The internal recursion limit, as specified by the \fImatch_limit_recursion\fP
+field in a \fBpcre_extra\fP structure (or defaulted) was reached. See the
+description above.
+.sp
+  PCRE_ERROR_BADNEWLINE     (-23)
+.sp
+An invalid combination of PCRE_NEWLINE_\fIxxx\fP options was given.
+.sp
+  PCRE_ERROR_BADOFFSET      (-24)
+.sp
+The value of \fIstartoffset\fP was negative or greater than the length of the
+subject, that is, the value in \fIlength\fP.
+.sp
+  PCRE_ERROR_SHORTUTF8      (-25)
+.sp
+This error is returned instead of PCRE_ERROR_BADUTF8 when the subject string
+ends with a truncated UTF-8 character and the PCRE_PARTIAL_HARD option is set.
+Information about the failure is returned as for PCRE_ERROR_BADUTF8. It is in
+fact sufficient to detect this case, but this special error code for
+PCRE_PARTIAL_HARD precedes the implementation of returned information; it is
+retained for backwards compatibility.
+.sp
+  PCRE_ERROR_RECURSELOOP    (-26)
+.sp
+This error is returned when \fBpcre_exec()\fP detects a recursion loop within
+the pattern. Specifically, it means that either the whole pattern or a
+subpattern has been called recursively for the second time at the same position
+in the subject string. Some simple patterns that might do this are detected and
+faulted at compile time, but more complicated cases, in particular mutual
+recursions between two different subpatterns, cannot be detected until run
+time.
+.sp
+  PCRE_ERROR_JIT_STACKLIMIT (-27)
+.sp
+This error is returned when a pattern that was successfully studied using a
+JIT compile option is being matched, but the memory available for the
+just-in-time processing stack is not large enough. See the
+.\" HREF
+\fBpcrejit\fP
+.\"
+documentation for more details.
+.sp
+  PCRE_ERROR_BADMODE        (-28)
+.sp
+This error is given if a pattern that was compiled by the 8-bit library is
+passed to a 16-bit or 32-bit library function, or vice versa.
+.sp
+  PCRE_ERROR_BADENDIANNESS  (-29)
+.sp
+This error is given if a pattern that was compiled and saved is reloaded on a
+host with different endianness. The utility function
+\fBpcre_pattern_to_host_byte_order()\fP can be used to convert such a pattern
+so that it runs on the new host.
+.sp
+  PCRE_ERROR_JIT_BADOPTION
+.sp
+This error is returned when a pattern that was successfully studied using a JIT
+compile option is being matched, but the matching mode (partial or complete
+match) does not correspond to any JIT compilation mode. When the JIT fast path
+function is used, this error may be also given for invalid options. See the
+.\" HREF
+\fBpcrejit\fP
+.\"
+documentation for more details.
+.sp
+  PCRE_ERROR_BADLENGTH      (-32)
+.sp
+This error is given if \fBpcre_exec()\fP is called with a negative value for
+the \fIlength\fP argument.
+.P
+Error numbers -16 to -20, -22, and 30 are not used by \fBpcre_exec()\fP.
+.
+.
+.\" HTML <a name="badutf8reasons"></a>
+.SS "Reason codes for invalid UTF-8 strings"
+.rs
+.sp
+This section applies only to the 8-bit library. The corresponding information
+for the 16-bit and 32-bit libraries is given in the
+.\" HREF
+\fBpcre16\fP
+.\"
+and
+.\" HREF
+\fBpcre32\fP
+.\"
+pages.
+.P
+When \fBpcre_exec()\fP returns either PCRE_ERROR_BADUTF8 or
+PCRE_ERROR_SHORTUTF8, and the size of the output vector (\fIovecsize\fP) is at
+least 2, the offset of the start of the invalid UTF-8 character is placed in
+the first output vector element (\fIovector[0]\fP) and a reason code is placed
+in the second element (\fIovector[1]\fP). The reason codes are given names in
+the \fBpcre.h\fP header file:
+.sp
+  PCRE_UTF8_ERR1
+  PCRE_UTF8_ERR2
+  PCRE_UTF8_ERR3
+  PCRE_UTF8_ERR4
+  PCRE_UTF8_ERR5
+.sp
+The string ends with a truncated UTF-8 character; the code specifies how many
+bytes are missing (1 to 5). Although RFC 3629 restricts UTF-8 characters to be
+no longer than 4 bytes, the encoding scheme (originally defined by RFC 2279)
+allows for up to 6 bytes, and this is checked first; hence the possibility of
+4 or 5 missing bytes.
+.sp
+  PCRE_UTF8_ERR6
+  PCRE_UTF8_ERR7
+  PCRE_UTF8_ERR8
+  PCRE_UTF8_ERR9
+  PCRE_UTF8_ERR10
+.sp
+The two most significant bits of the 2nd, 3rd, 4th, 5th, or 6th byte of the
+character do not have the binary value 0b10 (that is, either the most
+significant bit is 0, or the next bit is 1).
+.sp
+  PCRE_UTF8_ERR11
+  PCRE_UTF8_ERR12
+.sp
+A character that is valid by the RFC 2279 rules is either 5 or 6 bytes long;
+these code points are excluded by RFC 3629.
+.sp
+  PCRE_UTF8_ERR13
+.sp
+A 4-byte character has a value greater than 0x10fff; these code points are
+excluded by RFC 3629.
+.sp
+  PCRE_UTF8_ERR14
+.sp
+A 3-byte character has a value in the range 0xd800 to 0xdfff; this range of
+code points are reserved by RFC 3629 for use with UTF-16, and so are excluded
+from UTF-8.
+.sp
+  PCRE_UTF8_ERR15
+  PCRE_UTF8_ERR16
+  PCRE_UTF8_ERR17
+  PCRE_UTF8_ERR18
+  PCRE_UTF8_ERR19
+.sp
+A 2-, 3-, 4-, 5-, or 6-byte character is "overlong", that is, it codes for a
+value that can be represented by fewer bytes, which is invalid. For example,
+the two bytes 0xc0, 0xae give the value 0x2e, whose correct coding uses just
+one byte.
+.sp
+  PCRE_UTF8_ERR20
+.sp
+The two most significant bits of the first byte of a character have the binary
+value 0b10 (that is, the most significant bit is 1 and the second is 0). Such a
+byte can only validly occur as the second or subsequent byte of a multi-byte
+character.
+.sp
+  PCRE_UTF8_ERR21
+.sp
+The first byte of a character has the value 0xfe or 0xff. These values can
+never occur in a valid UTF-8 string.
+.sp
+  PCRE_UTF8_ERR22
+.sp
+This error code was formerly used when the presence of a so-called
+"non-character" caused an error. Unicode corrigendum #9 makes it clear that
+such characters should not cause a string to be rejected, and so this code is
+no longer in use and is never returned.
+.
+.
+.SH "EXTRACTING CAPTURED SUBSTRINGS BY NUMBER"
+.rs
+.sp
+.nf
+.B int pcre_copy_substring(const char *\fIsubject\fP, int *\fIovector\fP,
+.B "     int \fIstringcount\fP, int \fIstringnumber\fP, char *\fIbuffer\fP,"
+.B "     int \fIbuffersize\fP);"
+.sp
+.B int pcre_get_substring(const char *\fIsubject\fP, int *\fIovector\fP,
+.B "     int \fIstringcount\fP, int \fIstringnumber\fP,"
+.B "     const char **\fIstringptr\fP);"
+.sp
+.B int pcre_get_substring_list(const char *\fIsubject\fP,
+.B "     int *\fIovector\fP, int \fIstringcount\fP, const char ***\fIlistptr\fP);"
+.fi
+.PP
+Captured substrings can be accessed directly by using the offsets returned by
+\fBpcre_exec()\fP in \fIovector\fP. For convenience, the functions
+\fBpcre_copy_substring()\fP, \fBpcre_get_substring()\fP, and
+\fBpcre_get_substring_list()\fP are provided for extracting captured substrings
+as new, separate, zero-terminated strings. These functions identify substrings
+by number. The next section describes functions for extracting named
+substrings.
+.P
+A substring that contains a binary zero is correctly extracted and has a
+further zero added on the end, but the result is not, of course, a C string.
+However, you can process such a string by referring to the length that is
+returned by \fBpcre_copy_substring()\fP and \fBpcre_get_substring()\fP.
+Unfortunately, the interface to \fBpcre_get_substring_list()\fP is not adequate
+for handling strings containing binary zeros, because the end of the final
+string is not independently indicated.
+.P
+The first three arguments are the same for all three of these functions:
+\fIsubject\fP is the subject string that has just been successfully matched,
+\fIovector\fP is a pointer to the vector of integer offsets that was passed to
+\fBpcre_exec()\fP, and \fIstringcount\fP is the number of substrings that were
+captured by the match, including the substring that matched the entire regular
+expression. This is the value returned by \fBpcre_exec()\fP if it is greater
+than zero. If \fBpcre_exec()\fP returned zero, indicating that it ran out of
+space in \fIovector\fP, the value passed as \fIstringcount\fP should be the
+number of elements in the vector divided by three.
+.P
+The functions \fBpcre_copy_substring()\fP and \fBpcre_get_substring()\fP
+extract a single substring, whose number is given as \fIstringnumber\fP. A
+value of zero extracts the substring that matched the entire pattern, whereas
+higher values extract the captured substrings. For \fBpcre_copy_substring()\fP,
+the string is placed in \fIbuffer\fP, whose length is given by
+\fIbuffersize\fP, while for \fBpcre_get_substring()\fP a new block of memory is
+obtained via \fBpcre_malloc\fP, and its address is returned via
+\fIstringptr\fP. The yield of the function is the length of the string, not
+including the terminating zero, or one of these error codes:
+.sp
+  PCRE_ERROR_NOMEMORY       (-6)
+.sp
+The buffer was too small for \fBpcre_copy_substring()\fP, or the attempt to get
+memory failed for \fBpcre_get_substring()\fP.
+.sp
+  PCRE_ERROR_NOSUBSTRING    (-7)
+.sp
+There is no substring whose number is \fIstringnumber\fP.
+.P
+The \fBpcre_get_substring_list()\fP function extracts all available substrings
+and builds a list of pointers to them. All this is done in a single block of
+memory that is obtained via \fBpcre_malloc\fP. The address of the memory block
+is returned via \fIlistptr\fP, which is also the start of the list of string
+pointers. The end of the list is marked by a NULL pointer. The yield of the
+function is zero if all went well, or the error code
+.sp
+  PCRE_ERROR_NOMEMORY       (-6)
+.sp
+if the attempt to get the memory block failed.
+.P
+When any of these functions encounter a substring that is unset, which can
+happen when capturing subpattern number \fIn+1\fP matches some part of the
+subject, but subpattern \fIn\fP has not been used at all, they return an empty
+string. This can be distinguished from a genuine zero-length substring by
+inspecting the appropriate offset in \fIovector\fP, which is negative for unset
+substrings.
+.P
+The two convenience functions \fBpcre_free_substring()\fP and
+\fBpcre_free_substring_list()\fP can be used to free the memory returned by
+a previous call of \fBpcre_get_substring()\fP or
+\fBpcre_get_substring_list()\fP, respectively. They do nothing more than call
+the function pointed to by \fBpcre_free\fP, which of course could be called
+directly from a C program. However, PCRE is used in some situations where it is
+linked via a special interface to another programming language that cannot use
+\fBpcre_free\fP directly; it is for these cases that the functions are
+provided.
+.
+.
+.SH "EXTRACTING CAPTURED SUBSTRINGS BY NAME"
+.rs
+.sp
+.nf
+.B int pcre_get_stringnumber(const pcre *\fIcode\fP,
+.B "     const char *\fIname\fP);"
+.sp
+.B int pcre_copy_named_substring(const pcre *\fIcode\fP,
+.B "     const char *\fIsubject\fP, int *\fIovector\fP,"
+.B "     int \fIstringcount\fP, const char *\fIstringname\fP,"
+.B "     char *\fIbuffer\fP, int \fIbuffersize\fP);"
+.sp
+.B int pcre_get_named_substring(const pcre *\fIcode\fP,
+.B "     const char *\fIsubject\fP, int *\fIovector\fP,"
+.B "     int \fIstringcount\fP, const char *\fIstringname\fP,"
+.B "     const char **\fIstringptr\fP);"
+.fi
+.PP
+To extract a substring by name, you first have to find associated number.
+For example, for this pattern
+.sp
+  (a+)b(?<xxx>\ed+)...
+.sp
+the number of the subpattern called "xxx" is 2. If the name is known to be
+unique (PCRE_DUPNAMES was not set), you can find the number from the name by
+calling \fBpcre_get_stringnumber()\fP. The first argument is the compiled
+pattern, and the second is the name. The yield of the function is the
+subpattern number, or PCRE_ERROR_NOSUBSTRING (-7) if there is no subpattern of
+that name.
+.P
+Given the number, you can extract the substring directly, or use one of the
+functions described in the previous section. For convenience, there are also
+two functions that do the whole job.
+.P
+Most of the arguments of \fBpcre_copy_named_substring()\fP and
+\fBpcre_get_named_substring()\fP are the same as those for the similarly named
+functions that extract by number. As these are described in the previous
+section, they are not re-described here. There are just two differences:
+.P
+First, instead of a substring number, a substring name is given. Second, there
+is an extra argument, given at the start, which is a pointer to the compiled
+pattern. This is needed in order to gain access to the name-to-number
+translation table.
+.P
+These functions call \fBpcre_get_stringnumber()\fP, and if it succeeds, they
+then call \fBpcre_copy_substring()\fP or \fBpcre_get_substring()\fP, as
+appropriate. \fBNOTE:\fP If PCRE_DUPNAMES is set and there are duplicate names,
+the behaviour may not be what you want (see the next section).
+.P
+\fBWarning:\fP If the pattern uses the (?| feature to set up multiple
+subpatterns with the same number, as described in the
+.\" HTML <a href="pcrepattern.html#dupsubpatternnumber">
+.\" </a>
+section on duplicate subpattern numbers
+.\"
+in the
+.\" HREF
+\fBpcrepattern\fP
+.\"
+page, you cannot use names to distinguish the different subpatterns, because
+names are not included in the compiled code. The matching process uses only
+numbers. For this reason, the use of different names for subpatterns of the
+same number causes an error at compile time.
+.
+.
+.SH "DUPLICATE SUBPATTERN NAMES"
+.rs
+.sp
+.nf
+.B int pcre_get_stringtable_entries(const pcre *\fIcode\fP,
+.B "     const char *\fIname\fP, char **\fIfirst\fP, char **\fIlast\fP);"
+.fi
+.PP
+When a pattern is compiled with the PCRE_DUPNAMES option, names for subpatterns
+are not required to be unique. (Duplicate names are always allowed for
+subpatterns with the same number, created by using the (?| feature. Indeed, if
+such subpatterns are named, they are required to use the same names.)
+.P
+Normally, patterns with duplicate names are such that in any one match, only
+one of the named subpatterns participates. An example is shown in the
+.\" HREF
+\fBpcrepattern\fP
+.\"
+documentation.
+.P
+When duplicates are present, \fBpcre_copy_named_substring()\fP and
+\fBpcre_get_named_substring()\fP return the first substring corresponding to
+the given name that is set. If none are set, PCRE_ERROR_NOSUBSTRING (-7) is
+returned; no data is returned. The \fBpcre_get_stringnumber()\fP function
+returns one of the numbers that are associated with the name, but it is not
+defined which it is.
+.P
+If you want to get full details of all captured substrings for a given name,
+you must use the \fBpcre_get_stringtable_entries()\fP function. The first
+argument is the compiled pattern, and the second is the name. The third and
+fourth are pointers to variables which are updated by the function. After it
+has run, they point to the first and last entries in the name-to-number table
+for the given name. The function itself returns the length of each entry, or
+PCRE_ERROR_NOSUBSTRING (-7) if there are none. The format of the table is
+described above in the section entitled \fIInformation about a pattern\fP
+.\" HTML <a href="#infoaboutpattern">
+.\" </a>
+above.
+.\"
+Given all the relevant entries for the name, you can extract each of their
+numbers, and hence the captured data, if any.
+.
+.
+.SH "FINDING ALL POSSIBLE MATCHES"
+.rs
+.sp
+The traditional matching function uses a similar algorithm to Perl, which stops
+when it finds the first match, starting at a given point in the subject. If you
+want to find all possible matches, or the longest possible match, consider
+using the alternative matching function (see below) instead. If you cannot use
+the alternative function, but still need to find all possible matches, you
+can kludge it up by making use of the callout facility, which is described in
+the
+.\" HREF
+\fBpcrecallout\fP
+.\"
+documentation.
+.P
+What you have to do is to insert a callout right at the end of the pattern.
+When your callout function is called, extract and save the current matched
+substring. Then return 1, which forces \fBpcre_exec()\fP to backtrack and try
+other alternatives. Ultimately, when it runs out of matches, \fBpcre_exec()\fP
+will yield PCRE_ERROR_NOMATCH.
+.
+.
+.SH "OBTAINING AN ESTIMATE OF STACK USAGE"
+.rs
+.sp
+Matching certain patterns using \fBpcre_exec()\fP can use a lot of process
+stack, which in certain environments can be rather limited in size. Some users
+find it helpful to have an estimate of the amount of stack that is used by
+\fBpcre_exec()\fP, to help them set recursion limits, as described in the
+.\" HREF
+\fBpcrestack\fP
+.\"
+documentation. The estimate that is output by \fBpcretest\fP when called with
+the \fB-m\fP and \fB-C\fP options is obtained by calling \fBpcre_exec\fP with
+the values NULL, NULL, NULL, -999, and -999 for its first five arguments.
+.P
+Normally, if its first argument is NULL, \fBpcre_exec()\fP immediately returns
+the negative error code PCRE_ERROR_NULL, but with this special combination of
+arguments, it returns instead a negative number whose absolute value is the
+approximate stack frame size in bytes. (A negative number is used so that it is
+clear that no match has happened.) The value is approximate because in some
+cases, recursive calls to \fBpcre_exec()\fP occur when there are one or two
+additional variables on the stack.
+.P
+If PCRE has been compiled to use the heap instead of the stack for recursion,
+the value returned is the size of each block that is obtained from the heap.
+.
+.
+.\" HTML <a name="dfamatch"></a>
+.SH "MATCHING A PATTERN: THE ALTERNATIVE FUNCTION"
+.rs
+.sp
+.nf
+.B int pcre_dfa_exec(const pcre *\fIcode\fP, "const pcre_extra *\fIextra\fP,"
+.B "     const char *\fIsubject\fP, int \fIlength\fP, int \fIstartoffset\fP,"
+.B "     int \fIoptions\fP, int *\fIovector\fP, int \fIovecsize\fP,"
+.B "     int *\fIworkspace\fP, int \fIwscount\fP);"
+.fi
+.P
+The function \fBpcre_dfa_exec()\fP is called to match a subject string against
+a compiled pattern, using a matching algorithm that scans the subject string
+just once, and does not backtrack. This has different characteristics to the
+normal algorithm, and is not compatible with Perl. Some of the features of PCRE
+patterns are not supported. Nevertheless, there are times when this kind of
+matching can be useful. For a discussion of the two matching algorithms, and a
+list of features that \fBpcre_dfa_exec()\fP does not support, see the
+.\" HREF
+\fBpcrematching\fP
+.\"
+documentation.
+.P
+The arguments for the \fBpcre_dfa_exec()\fP function are the same as for
+\fBpcre_exec()\fP, plus two extras. The \fIovector\fP argument is used in a
+different way, and this is described below. The other common arguments are used
+in the same way as for \fBpcre_exec()\fP, so their description is not repeated
+here.
+.P
+The two additional arguments provide workspace for the function. The workspace
+vector should contain at least 20 elements. It is used for keeping track of
+multiple paths through the pattern tree. More workspace will be needed for
+patterns and subjects where there are a lot of potential matches.
+.P
+Here is an example of a simple call to \fBpcre_dfa_exec()\fP:
+.sp
+  int rc;
+  int ovector[10];
+  int wspace[20];
+  rc = pcre_dfa_exec(
+    re,             /* result of pcre_compile() */
+    NULL,           /* we didn't study the pattern */
+    "some string",  /* the subject string */
+    11,             /* the length of the subject string */
+    0,              /* start at offset 0 in the subject */
+    0,              /* default options */
+    ovector,        /* vector of integers for substring information */
+    10,             /* number of elements (NOT size in bytes) */
+    wspace,         /* working space vector */
+    20);            /* number of elements (NOT size in bytes) */
+.
+.SS "Option bits for \fBpcre_dfa_exec()\fP"
+.rs
+.sp
+The unused bits of the \fIoptions\fP argument for \fBpcre_dfa_exec()\fP must be
+zero. The only bits that may be set are PCRE_ANCHORED, PCRE_NEWLINE_\fIxxx\fP,
+PCRE_NOTBOL, PCRE_NOTEOL, PCRE_NOTEMPTY, PCRE_NOTEMPTY_ATSTART,
+PCRE_NO_UTF8_CHECK, PCRE_BSR_ANYCRLF, PCRE_BSR_UNICODE, PCRE_NO_START_OPTIMIZE,
+PCRE_PARTIAL_HARD, PCRE_PARTIAL_SOFT, PCRE_DFA_SHORTEST, and PCRE_DFA_RESTART.
+All but the last four of these are exactly the same as for \fBpcre_exec()\fP,
+so their description is not repeated here.
+.sp
+  PCRE_PARTIAL_HARD
+  PCRE_PARTIAL_SOFT
+.sp
+These have the same general effect as they do for \fBpcre_exec()\fP, but the
+details are slightly different. When PCRE_PARTIAL_HARD is set for
+\fBpcre_dfa_exec()\fP, it returns PCRE_ERROR_PARTIAL if the end of the subject
+is reached and there is still at least one matching possibility that requires
+additional characters. This happens even if some complete matches have also
+been found. When PCRE_PARTIAL_SOFT is set, the return code PCRE_ERROR_NOMATCH
+is converted into PCRE_ERROR_PARTIAL if the end of the subject is reached,
+there have been no complete matches, but there is still at least one matching
+possibility. The portion of the string that was inspected when the longest
+partial match was found is set as the first matching string in both cases.
+There is a more detailed discussion of partial and multi-segment matching, with
+examples, in the
+.\" HREF
+\fBpcrepartial\fP
+.\"
+documentation.
+.sp
+  PCRE_DFA_SHORTEST
+.sp
+Setting the PCRE_DFA_SHORTEST option causes the matching algorithm to stop as
+soon as it has found one match. Because of the way the alternative algorithm
+works, this is necessarily the shortest possible match at the first possible
+matching point in the subject string.
+.sp
+  PCRE_DFA_RESTART
+.sp
+When \fBpcre_dfa_exec()\fP returns a partial match, it is possible to call it
+again, with additional subject characters, and have it continue with the same
+match. The PCRE_DFA_RESTART option requests this action; when it is set, the
+\fIworkspace\fP and \fIwscount\fP options must reference the same vector as
+before because data about the match so far is left in them after a partial
+match. There is more discussion of this facility in the
+.\" HREF
+\fBpcrepartial\fP
+.\"
+documentation.
+.
+.
+.SS "Successful returns from \fBpcre_dfa_exec()\fP"
+.rs
+.sp
+When \fBpcre_dfa_exec()\fP succeeds, it may have matched more than one
+substring in the subject. Note, however, that all the matches from one run of
+the function start at the same point in the subject. The shorter matches are
+all initial substrings of the longer matches. For example, if the pattern
+.sp
+  <.*>
+.sp
+is matched against the string
+.sp
+  This is <something> <something else> <something further> no more
+.sp
+the three matched strings are
+.sp
+  <something>
+  <something> <something else>
+  <something> <something else> <something further>
+.sp
+On success, the yield of the function is a number greater than zero, which is
+the number of matched substrings. The substrings themselves are returned in
+\fIovector\fP. Each string uses two elements; the first is the offset to the
+start, and the second is the offset to the end. In fact, all the strings have
+the same start offset. (Space could have been saved by giving this only once,
+but it was decided to retain some compatibility with the way \fBpcre_exec()\fP
+returns data, even though the meaning of the strings is different.)
+.P
+The strings are returned in reverse order of length; that is, the longest
+matching string is given first. If there were too many matches to fit into
+\fIovector\fP, the yield of the function is zero, and the vector is filled with
+the longest matches. Unlike \fBpcre_exec()\fP, \fBpcre_dfa_exec()\fP can use
+the entire \fIovector\fP for returning matched strings.
+.P
+NOTE: PCRE's "auto-possessification" optimization usually applies to character
+repeats at the end of a pattern (as well as internally). For example, the
+pattern "a\ed+" is compiled as if it were "a\ed++" because there is no point
+even considering the possibility of backtracking into the repeated digits. For
+DFA matching, this means that only one possible match is found. If you really
+do want multiple matches in such cases, either use an ungreedy repeat
+("a\ed+?") or set the PCRE_NO_AUTO_POSSESS option when compiling.
+.
+.
+.SS "Error returns from \fBpcre_dfa_exec()\fP"
+.rs
+.sp
+The \fBpcre_dfa_exec()\fP function returns a negative number when it fails.
+Many of the errors are the same as for \fBpcre_exec()\fP, and these are
+described
+.\" HTML <a href="#errorlist">
+.\" </a>
+above.
+.\"
+There are in addition the following errors that are specific to
+\fBpcre_dfa_exec()\fP:
+.sp
+  PCRE_ERROR_DFA_UITEM      (-16)
+.sp
+This return is given if \fBpcre_dfa_exec()\fP encounters an item in the pattern
+that it does not support, for instance, the use of \eC or a back reference.
+.sp
+  PCRE_ERROR_DFA_UCOND      (-17)
+.sp
+This return is given if \fBpcre_dfa_exec()\fP encounters a condition item that
+uses a back reference for the condition, or a test for recursion in a specific
+group. These are not supported.
+.sp
+  PCRE_ERROR_DFA_UMLIMIT    (-18)
+.sp
+This return is given if \fBpcre_dfa_exec()\fP is called with an \fIextra\fP
+block that contains a setting of the \fImatch_limit\fP or
+\fImatch_limit_recursion\fP fields. This is not supported (these fields are
+meaningless for DFA matching).
+.sp
+  PCRE_ERROR_DFA_WSSIZE     (-19)
+.sp
+This return is given if \fBpcre_dfa_exec()\fP runs out of space in the
+\fIworkspace\fP vector.
+.sp
+  PCRE_ERROR_DFA_RECURSE    (-20)
+.sp
+When a recursive subpattern is processed, the matching function calls itself
+recursively, using private vectors for \fIovector\fP and \fIworkspace\fP. This
+error is given if the output vector is not large enough. This should be
+extremely rare, as a vector of size 1000 is used.
+.sp
+  PCRE_ERROR_DFA_BADRESTART (-30)
+.sp
+When \fBpcre_dfa_exec()\fP is called with the \fBPCRE_DFA_RESTART\fP option,
+some plausibility checks are made on the contents of the workspace, which
+should contain data about the previous partial match. If any of these checks
+fail, this error is given.
+.
+.
+.SH "SEE ALSO"
+.rs
+.sp
+\fBpcre16\fP(3), \fBpcre32\fP(3), \fBpcrebuild\fP(3), \fBpcrecallout\fP(3),
+\fBpcrecpp(3)\fP(3), \fBpcrematching\fP(3), \fBpcrepartial\fP(3),
+\fBpcreposix\fP(3), \fBpcreprecompile\fP(3), \fBpcresample\fP(3),
+\fBpcrestack\fP(3).
+.
+.
+.SH AUTHOR
+.rs
+.sp
+.nf
+Philip Hazel
+University Computing Service
+Cambridge CB2 3QH, England.
+.fi
+.
+.
+.SH REVISION
+.rs
+.sp
+.nf
+Last updated: 18 December 2015
+Copyright (c) 1997-2015 University of Cambridge.
+.fi
diff --git a/client/3rd/ShadowSocks/ShadowSocks/pcre/arm64/share/man/man3/pcrebuild.3 b/client/3rd/ShadowSocks/ShadowSocks/pcre/arm64/share/man/man3/pcrebuild.3
new file mode 100644
index 00000000..403f2ae3
--- /dev/null
+++ b/client/3rd/ShadowSocks/ShadowSocks/pcre/arm64/share/man/man3/pcrebuild.3
@@ -0,0 +1,550 @@
+.TH PCREBUILD 3 "12 May 2013" "PCRE 8.33"
+.SH NAME
+PCRE - Perl-compatible regular expressions
+.
+.
+.SH "BUILDING PCRE"
+.rs
+.sp
+PCRE is distributed with a \fBconfigure\fP script that can be used to build the
+library in Unix-like environments using the applications known as Autotools.
+Also in the distribution are files to support building using \fBCMake\fP
+instead of \fBconfigure\fP. The text file
+.\" HTML <a href="README.txt">
+.\" </a>
+\fBREADME\fP
+.\"
+contains general information about building with Autotools (some of which is
+repeated below), and also has some comments about building on various operating
+systems. There is a lot more information about building PCRE without using
+Autotools (including information about using \fBCMake\fP and building "by
+hand") in the text file called
+.\" HTML <a href="NON-AUTOTOOLS-BUILD.txt">
+.\" </a>
+\fBNON-AUTOTOOLS-BUILD\fP.
+.\"
+You should consult this file as well as the
+.\" HTML <a href="README.txt">
+.\" </a>
+\fBREADME\fP
+.\"
+file if you are building in a non-Unix-like environment.
+.
+.
+.SH "PCRE BUILD-TIME OPTIONS"
+.rs
+.sp
+The rest of this document describes the optional features of PCRE that can be
+selected when the library is compiled. It assumes use of the \fBconfigure\fP
+script, where the optional features are selected or deselected by providing
+options to \fBconfigure\fP before running the \fBmake\fP command. However, the
+same options can be selected in both Unix-like and non-Unix-like environments
+using the GUI facility of \fBcmake-gui\fP if you are using \fBCMake\fP instead
+of \fBconfigure\fP to build PCRE.
+.P
+If you are not using Autotools or \fBCMake\fP, option selection can be done by
+editing the \fBconfig.h\fP file, or by passing parameter settings to the
+compiler, as described in
+.\" HTML <a href="NON-AUTOTOOLS-BUILD.txt">
+.\" </a>
+\fBNON-AUTOTOOLS-BUILD\fP.
+.\"
+.P
+The complete list of options for \fBconfigure\fP (which includes the standard
+ones such as the selection of the installation directory) can be obtained by
+running
+.sp
+  ./configure --help
+.sp
+The following sections include descriptions of options whose names begin with
+--enable or --disable. These settings specify changes to the defaults for the
+\fBconfigure\fP command. Because of the way that \fBconfigure\fP works,
+--enable and --disable always come in pairs, so the complementary option always
+exists as well, but as it specifies the default, it is not described.
+.
+.
+.SH "BUILDING 8-BIT, 16-BIT AND 32-BIT LIBRARIES"
+.rs
+.sp
+By default, a library called \fBlibpcre\fP is built, containing functions that
+take string arguments contained in vectors of bytes, either as single-byte
+characters, or interpreted as UTF-8 strings. You can also build a separate
+library, called \fBlibpcre16\fP, in which strings are contained in vectors of
+16-bit data units and interpreted either as single-unit characters or UTF-16
+strings, by adding
+.sp
+  --enable-pcre16
+.sp
+to the \fBconfigure\fP command. You can also build yet another separate
+library, called \fBlibpcre32\fP, in which strings are contained in vectors of
+32-bit data units and interpreted either as single-unit characters or UTF-32
+strings, by adding
+.sp
+  --enable-pcre32
+.sp
+to the \fBconfigure\fP command. If you do not want the 8-bit library, add
+.sp
+  --disable-pcre8
+.sp
+as well. At least one of the three libraries must be built. Note that the C++
+and POSIX wrappers are for the 8-bit library only, and that \fBpcregrep\fP is
+an 8-bit program. None of these are built if you select only the 16-bit or
+32-bit libraries.
+.
+.
+.SH "BUILDING SHARED AND STATIC LIBRARIES"
+.rs
+.sp
+The Autotools PCRE building process uses \fBlibtool\fP to build both shared and
+static libraries by default. You can suppress one of these by adding one of
+.sp
+  --disable-shared
+  --disable-static
+.sp
+to the \fBconfigure\fP command, as required.
+.
+.
+.SH "C++ SUPPORT"
+.rs
+.sp
+By default, if the 8-bit library is being built, the \fBconfigure\fP script
+will search for a C++ compiler and C++ header files. If it finds them, it
+automatically builds the C++ wrapper library (which supports only 8-bit
+strings). You can disable this by adding
+.sp
+  --disable-cpp
+.sp
+to the \fBconfigure\fP command.
+.
+.
+.SH "UTF-8, UTF-16 AND UTF-32 SUPPORT"
+.rs
+.sp
+To build PCRE with support for UTF Unicode character strings, add
+.sp
+  --enable-utf
+.sp
+to the \fBconfigure\fP command. This setting applies to all three libraries,
+adding support for UTF-8 to the 8-bit library, support for UTF-16 to the 16-bit
+library, and support for UTF-32 to the to the 32-bit library. There are no
+separate options for enabling UTF-8, UTF-16 and UTF-32 independently because
+that would allow ridiculous settings such as requesting UTF-16 support while
+building only the 8-bit library. It is not possible to build one library with
+UTF support and another without in the same configuration. (For backwards
+compatibility, --enable-utf8 is a synonym of --enable-utf.)
+.P
+Of itself, this setting does not make PCRE treat strings as UTF-8, UTF-16 or
+UTF-32. As well as compiling PCRE with this option, you also have have to set
+the PCRE_UTF8, PCRE_UTF16 or PCRE_UTF32 option (as appropriate) when you call
+one of the pattern compiling functions.
+.P
+If you set --enable-utf when compiling in an EBCDIC environment, PCRE expects
+its input to be either ASCII or UTF-8 (depending on the run-time option). It is
+not possible to support both EBCDIC and UTF-8 codes in the same version of the
+library. Consequently, --enable-utf and --enable-ebcdic are mutually
+exclusive.
+.
+.
+.SH "UNICODE CHARACTER PROPERTY SUPPORT"
+.rs
+.sp
+UTF support allows the libraries to process character codepoints up to 0x10ffff
+in the strings that they handle. On its own, however, it does not provide any
+facilities for accessing the properties of such characters. If you want to be
+able to use the pattern escapes \eP, \ep, and \eX, which refer to Unicode
+character properties, you must add
+.sp
+  --enable-unicode-properties
+.sp
+to the \fBconfigure\fP command. This implies UTF support, even if you have
+not explicitly requested it.
+.P
+Including Unicode property support adds around 30K of tables to the PCRE
+library. Only the general category properties such as \fILu\fP and \fINd\fP are
+supported. Details are given in the
+.\" HREF
+\fBpcrepattern\fP
+.\"
+documentation.
+.
+.
+.SH "JUST-IN-TIME COMPILER SUPPORT"
+.rs
+.sp
+Just-in-time compiler support is included in the build by specifying
+.sp
+  --enable-jit
+.sp
+This support is available only for certain hardware architectures. If this
+option is set for an unsupported architecture, a compile time error occurs.
+See the
+.\" HREF
+\fBpcrejit\fP
+.\"
+documentation for a discussion of JIT usage. When JIT support is enabled,
+pcregrep automatically makes use of it, unless you add
+.sp
+  --disable-pcregrep-jit
+.sp
+to the "configure" command.
+.
+.
+.SH "CODE VALUE OF NEWLINE"
+.rs
+.sp
+By default, PCRE interprets the linefeed (LF) character as indicating the end
+of a line. This is the normal newline character on Unix-like systems. You can
+compile PCRE to use carriage return (CR) instead, by adding
+.sp
+  --enable-newline-is-cr
+.sp
+to the \fBconfigure\fP command. There is also a --enable-newline-is-lf option,
+which explicitly specifies linefeed as the newline character.
+.sp
+Alternatively, you can specify that line endings are to be indicated by the two
+character sequence CRLF. If you want this, add
+.sp
+  --enable-newline-is-crlf
+.sp
+to the \fBconfigure\fP command. There is a fourth option, specified by
+.sp
+  --enable-newline-is-anycrlf
+.sp
+which causes PCRE to recognize any of the three sequences CR, LF, or CRLF as
+indicating a line ending. Finally, a fifth option, specified by
+.sp
+  --enable-newline-is-any
+.sp
+causes PCRE to recognize any Unicode newline sequence.
+.P
+Whatever line ending convention is selected when PCRE is built can be
+overridden when the library functions are called. At build time it is
+conventional to use the standard for your operating system.
+.
+.
+.SH "WHAT \eR MATCHES"
+.rs
+.sp
+By default, the sequence \eR in a pattern matches any Unicode newline sequence,
+whatever has been selected as the line ending sequence. If you specify
+.sp
+  --enable-bsr-anycrlf
+.sp
+the default is changed so that \eR matches only CR, LF, or CRLF. Whatever is
+selected when PCRE is built can be overridden when the library functions are
+called.
+.
+.
+.SH "POSIX MALLOC USAGE"
+.rs
+.sp
+When the 8-bit library is called through the POSIX interface (see the
+.\" HREF
+\fBpcreposix\fP
+.\"
+documentation), additional working storage is required for holding the pointers
+to capturing substrings, because PCRE requires three integers per substring,
+whereas the POSIX interface provides only two. If the number of expected
+substrings is small, the wrapper function uses space on the stack, because this
+is faster than using \fBmalloc()\fP for each call. The default threshold above
+which the stack is no longer used is 10; it can be changed by adding a setting
+such as
+.sp
+  --with-posix-malloc-threshold=20
+.sp
+to the \fBconfigure\fP command.
+.
+.
+.SH "HANDLING VERY LARGE PATTERNS"
+.rs
+.sp
+Within a compiled pattern, offset values are used to point from one part to
+another (for example, from an opening parenthesis to an alternation
+metacharacter). By default, in the 8-bit and 16-bit libraries, two-byte values
+are used for these offsets, leading to a maximum size for a compiled pattern of
+around 64K. This is sufficient to handle all but the most gigantic patterns.
+Nevertheless, some people do want to process truly enormous patterns, so it is
+possible to compile PCRE to use three-byte or four-byte offsets by adding a
+setting such as
+.sp
+  --with-link-size=3
+.sp
+to the \fBconfigure\fP command. The value given must be 2, 3, or 4. For the
+16-bit library, a value of 3 is rounded up to 4. In these libraries, using
+longer offsets slows down the operation of PCRE because it has to load
+additional data when handling them. For the 32-bit library the value is always
+4 and cannot be overridden; the value of --with-link-size is ignored.
+.
+.
+.SH "AVOIDING EXCESSIVE STACK USAGE"
+.rs
+.sp
+When matching with the \fBpcre_exec()\fP function, PCRE implements backtracking
+by making recursive calls to an internal function called \fBmatch()\fP. In
+environments where the size of the stack is limited, this can severely limit
+PCRE's operation. (The Unix environment does not usually suffer from this
+problem, but it may sometimes be necessary to increase the maximum stack size.
+There is a discussion in the
+.\" HREF
+\fBpcrestack\fP
+.\"
+documentation.) An alternative approach to recursion that uses memory from the
+heap to remember data, instead of using recursive function calls, has been
+implemented to work round the problem of limited stack size. If you want to
+build a version of PCRE that works this way, add
+.sp
+  --disable-stack-for-recursion
+.sp
+to the \fBconfigure\fP command. With this configuration, PCRE will use the
+\fBpcre_stack_malloc\fP and \fBpcre_stack_free\fP variables to call memory
+management functions. By default these point to \fBmalloc()\fP and
+\fBfree()\fP, but you can replace the pointers so that your own functions are
+used instead.
+.P
+Separate functions are provided rather than using \fBpcre_malloc\fP and
+\fBpcre_free\fP because the usage is very predictable: the block sizes
+requested are always the same, and the blocks are always freed in reverse
+order. A calling program might be able to implement optimized functions that
+perform better than \fBmalloc()\fP and \fBfree()\fP. PCRE runs noticeably more
+slowly when built in this way. This option affects only the \fBpcre_exec()\fP
+function; it is not relevant for \fBpcre_dfa_exec()\fP.
+.
+.
+.SH "LIMITING PCRE RESOURCE USAGE"
+.rs
+.sp
+Internally, PCRE has a function called \fBmatch()\fP, which it calls repeatedly
+(sometimes recursively) when matching a pattern with the \fBpcre_exec()\fP
+function. By controlling the maximum number of times this function may be
+called during a single matching operation, a limit can be placed on the
+resources used by a single call to \fBpcre_exec()\fP. The limit can be changed
+at run time, as described in the
+.\" HREF
+\fBpcreapi\fP
+.\"
+documentation. The default is 10 million, but this can be changed by adding a
+setting such as
+.sp
+  --with-match-limit=500000
+.sp
+to the \fBconfigure\fP command. This setting has no effect on the
+\fBpcre_dfa_exec()\fP matching function.
+.P
+In some environments it is desirable to limit the depth of recursive calls of
+\fBmatch()\fP more strictly than the total number of calls, in order to
+restrict the maximum amount of stack (or heap, if --disable-stack-for-recursion
+is specified) that is used. A second limit controls this; it defaults to the
+value that is set for --with-match-limit, which imposes no additional
+constraints. However, you can set a lower limit by adding, for example,
+.sp
+  --with-match-limit-recursion=10000
+.sp
+to the \fBconfigure\fP command. This value can also be overridden at run time.
+.
+.
+.SH "CREATING CHARACTER TABLES AT BUILD TIME"
+.rs
+.sp
+PCRE uses fixed tables for processing characters whose code values are less
+than 256. By default, PCRE is built with a set of tables that are distributed
+in the file \fIpcre_chartables.c.dist\fP. These tables are for ASCII codes
+only. If you add
+.sp
+  --enable-rebuild-chartables
+.sp
+to the \fBconfigure\fP command, the distributed tables are no longer used.
+Instead, a program called \fBdftables\fP is compiled and run. This outputs the
+source for new set of tables, created in the default locale of your C run-time
+system. (This method of replacing the tables does not work if you are cross
+compiling, because \fBdftables\fP is run on the local host. If you need to
+create alternative tables when cross compiling, you will have to do so "by
+hand".)
+.
+.
+.SH "USING EBCDIC CODE"
+.rs
+.sp
+PCRE assumes by default that it will run in an environment where the character
+code is ASCII (or Unicode, which is a superset of ASCII). This is the case for
+most computer operating systems. PCRE can, however, be compiled to run in an
+EBCDIC environment by adding
+.sp
+  --enable-ebcdic
+.sp
+to the \fBconfigure\fP command. This setting implies
+--enable-rebuild-chartables. You should only use it if you know that you are in
+an EBCDIC environment (for example, an IBM mainframe operating system). The
+--enable-ebcdic option is incompatible with --enable-utf.
+.P
+The EBCDIC character that corresponds to an ASCII LF is assumed to have the
+value 0x15 by default. However, in some EBCDIC environments, 0x25 is used. In
+such an environment you should use
+.sp
+  --enable-ebcdic-nl25
+.sp
+as well as, or instead of, --enable-ebcdic. The EBCDIC character for CR has the
+same value as in ASCII, namely, 0x0d. Whichever of 0x15 and 0x25 is \fInot\fP
+chosen as LF is made to correspond to the Unicode NEL character (which, in
+Unicode, is 0x85).
+.P
+The options that select newline behaviour, such as --enable-newline-is-cr,
+and equivalent run-time options, refer to these character values in an EBCDIC
+environment.
+.
+.
+.SH "PCREGREP OPTIONS FOR COMPRESSED FILE SUPPORT"
+.rs
+.sp
+By default, \fBpcregrep\fP reads all files as plain text. You can build it so
+that it recognizes files whose names end in \fB.gz\fP or \fB.bz2\fP, and reads
+them with \fBlibz\fP or \fBlibbz2\fP, respectively, by adding one or both of
+.sp
+  --enable-pcregrep-libz
+  --enable-pcregrep-libbz2
+.sp
+to the \fBconfigure\fP command. These options naturally require that the
+relevant libraries are installed on your system. Configuration will fail if
+they are not.
+.
+.
+.SH "PCREGREP BUFFER SIZE"
+.rs
+.sp
+\fBpcregrep\fP uses an internal buffer to hold a "window" on the file it is
+scanning, in order to be able to output "before" and "after" lines when it
+finds a match. The size of the buffer is controlled by a parameter whose
+default value is 20K. The buffer itself is three times this size, but because
+of the way it is used for holding "before" lines, the longest line that is
+guaranteed to be processable is the parameter size. You can change the default
+parameter value by adding, for example,
+.sp
+  --with-pcregrep-bufsize=50K
+.sp
+to the \fBconfigure\fP command. The caller of \fPpcregrep\fP can, however,
+override this value by specifying a run-time option.
+.
+.
+.SH "PCRETEST OPTION FOR LIBREADLINE SUPPORT"
+.rs
+.sp
+If you add
+.sp
+  --enable-pcretest-libreadline
+.sp
+to the \fBconfigure\fP command, \fBpcretest\fP is linked with the
+\fBlibreadline\fP library, and when its input is from a terminal, it reads it
+using the \fBreadline()\fP function. This provides line-editing and history
+facilities. Note that \fBlibreadline\fP is GPL-licensed, so if you distribute a
+binary of \fBpcretest\fP linked in this way, there may be licensing issues.
+.P
+Setting this option causes the \fB-lreadline\fP option to be added to the
+\fBpcretest\fP build. In many operating environments with a sytem-installed
+\fBlibreadline\fP this is sufficient. However, in some environments (e.g.
+if an unmodified distribution version of readline is in use), some extra
+configuration may be necessary. The INSTALL file for \fBlibreadline\fP says
+this:
+.sp
+  "Readline uses the termcap functions, but does not link with the
+  termcap or curses library itself, allowing applications which link
+  with readline the to choose an appropriate library."
+.sp
+If your environment has not been set up so that an appropriate library is
+automatically included, you may need to add something like
+.sp
+  LIBS="-ncurses"
+.sp
+immediately before the \fBconfigure\fP command.
+.
+.
+.SH "DEBUGGING WITH VALGRIND SUPPORT"
+.rs
+.sp
+By adding the
+.sp
+  --enable-valgrind
+.sp
+option to to the \fBconfigure\fP command, PCRE will use valgrind annotations
+to mark certain memory regions as unaddressable. This allows it to detect
+invalid memory accesses, and is mostly useful for debugging PCRE itself.
+.
+.
+.SH "CODE COVERAGE REPORTING"
+.rs
+.sp
+If your C compiler is gcc, you can build a version of PCRE that can generate a
+code coverage report for its test suite. To enable this, you must install
+\fBlcov\fP version 1.6 or above. Then specify
+.sp
+  --enable-coverage
+.sp
+to the \fBconfigure\fP command and build PCRE in the usual way.
+.P
+Note that using \fBccache\fP (a caching C compiler) is incompatible with code
+coverage reporting. If you have configured \fBccache\fP to run automatically
+on your system, you must set the environment variable
+.sp
+  CCACHE_DISABLE=1
+.sp
+before running \fBmake\fP to build PCRE, so that \fBccache\fP is not used.
+.P
+When --enable-coverage is used, the following addition targets are added to the
+\fIMakefile\fP:
+.sp
+  make coverage
+.sp
+This creates a fresh coverage report for the PCRE test suite. It is equivalent
+to running "make coverage-reset", "make coverage-baseline", "make check", and
+then "make coverage-report".
+.sp
+  make coverage-reset
+.sp
+This zeroes the coverage counters, but does nothing else.
+.sp
+  make coverage-baseline
+.sp
+This captures baseline coverage information.
+.sp
+  make coverage-report
+.sp
+This creates the coverage report.
+.sp
+  make coverage-clean-report
+.sp
+This removes the generated coverage report without cleaning the coverage data
+itself.
+.sp
+  make coverage-clean-data
+.sp
+This removes the captured coverage data without removing the coverage files
+created at compile time (*.gcno).
+.sp
+  make coverage-clean
+.sp
+This cleans all coverage data including the generated coverage report. For more
+information about code coverage, see the \fBgcov\fP and \fBlcov\fP
+documentation.
+.
+.
+.SH "SEE ALSO"
+.rs
+.sp
+\fBpcreapi\fP(3), \fBpcre16\fP, \fBpcre32\fP, \fBpcre_config\fP(3).
+.
+.
+.SH AUTHOR
+.rs
+.sp
+.nf
+Philip Hazel
+University Computing Service
+Cambridge CB2 3QH, England.
+.fi
+.
+.
+.SH REVISION
+.rs
+.sp
+.nf
+Last updated: 12 May 2013
+Copyright (c) 1997-2013 University of Cambridge.
+.fi
diff --git a/client/3rd/ShadowSocks/ShadowSocks/pcre/arm64/share/man/man3/pcrecallout.3 b/client/3rd/ShadowSocks/ShadowSocks/pcre/arm64/share/man/man3/pcrecallout.3
new file mode 100644
index 00000000..8ebc9959
--- /dev/null
+++ b/client/3rd/ShadowSocks/ShadowSocks/pcre/arm64/share/man/man3/pcrecallout.3
@@ -0,0 +1,255 @@
+.TH PCRECALLOUT 3 "12 November 2013" "PCRE 8.34"
+.SH NAME
+PCRE - Perl-compatible regular expressions
+.SH SYNOPSIS
+.rs
+.sp
+.B #include <pcre.h>
+.PP
+.SM
+.B int (*pcre_callout)(pcre_callout_block *);
+.PP
+.B int (*pcre16_callout)(pcre16_callout_block *);
+.PP
+.B int (*pcre32_callout)(pcre32_callout_block *);
+.
+.SH DESCRIPTION
+.rs
+.sp
+PCRE provides a feature called "callout", which is a means of temporarily
+passing control to the caller of PCRE in the middle of pattern matching. The
+caller of PCRE provides an external function by putting its entry point in the
+global variable \fIpcre_callout\fP (\fIpcre16_callout\fP for the 16-bit
+library, \fIpcre32_callout\fP for the 32-bit library). By default, this
+variable contains NULL, which disables all calling out.
+.P
+Within a regular expression, (?C) indicates the points at which the external
+function is to be called. Different callout points can be identified by putting
+a number less than 256 after the letter C. The default value is zero.
+For example, this pattern has two callout points:
+.sp
+  (?C1)abc(?C2)def
+.sp
+If the PCRE_AUTO_CALLOUT option bit is set when a pattern is compiled, PCRE
+automatically inserts callouts, all with number 255, before each item in the
+pattern. For example, if PCRE_AUTO_CALLOUT is used with the pattern
+.sp
+  A(\ed{2}|--)
+.sp
+it is processed as if it were
+.sp
+(?C255)A(?C255)((?C255)\ed{2}(?C255)|(?C255)-(?C255)-(?C255))(?C255)
+.sp
+Notice that there is a callout before and after each parenthesis and
+alternation bar. If the pattern contains a conditional group whose condition is
+an assertion, an automatic callout is inserted immediately before the
+condition. Such a callout may also be inserted explicitly, for example:
+.sp
+  (?(?C9)(?=a)ab|de)
+.sp
+This applies only to assertion conditions (because they are themselves
+independent groups).
+.P
+Automatic callouts can be used for tracking the progress of pattern matching.
+The
+.\" HREF
+\fBpcretest\fP
+.\"
+program has a pattern qualifier (/C) that sets automatic callouts; when it is
+used, the output indicates how the pattern is being matched. This is useful
+information when you are trying to optimize the performance of a particular
+pattern.
+.
+.
+.SH "MISSING CALLOUTS"
+.rs
+.sp
+You should be aware that, because of optimizations in the way PCRE compiles and
+matches patterns, callouts sometimes do not happen exactly as you might expect.
+.P
+At compile time, PCRE "auto-possessifies" repeated items when it knows that
+what follows cannot be part of the repeat. For example, a+[bc] is compiled as
+if it were a++[bc]. The \fBpcretest\fP output when this pattern is anchored and
+then applied with automatic callouts to the string "aaaa" is:
+.sp
+  --->aaaa
+   +0 ^        ^
+   +1 ^        a+
+   +3 ^   ^    [bc]
+  No match
+.sp
+This indicates that when matching [bc] fails, there is no backtracking into a+
+and therefore the callouts that would be taken for the backtracks do not occur.
+You can disable the auto-possessify feature by passing PCRE_NO_AUTO_POSSESS
+to \fBpcre_compile()\fP, or starting the pattern with (*NO_AUTO_POSSESS). If
+this is done in \fBpcretest\fP (using the /O qualifier), the output changes to
+this:
+.sp
+  --->aaaa
+   +0 ^        ^
+   +1 ^        a+
+   +3 ^   ^    [bc]
+   +3 ^  ^     [bc]
+   +3 ^ ^      [bc]
+   +3 ^^       [bc]
+  No match
+.sp
+This time, when matching [bc] fails, the matcher backtracks into a+ and tries
+again, repeatedly, until a+ itself fails.
+.P
+Other optimizations that provide fast "no match" results also affect callouts.
+For example, if the pattern is
+.sp
+  ab(?C4)cd
+.sp
+PCRE knows that any matching string must contain the letter "d". If the subject
+string is "abyz", the lack of "d" means that matching doesn't ever start, and
+the callout is never reached. However, with "abyd", though the result is still
+no match, the callout is obeyed.
+.P
+If the pattern is studied, PCRE knows the minimum length of a matching string,
+and will immediately give a "no match" return without actually running a match
+if the subject is not long enough, or, for unanchored patterns, if it has
+been scanned far enough.
+.P
+You can disable these optimizations by passing the PCRE_NO_START_OPTIMIZE
+option to the matching function, or by starting the pattern with
+(*NO_START_OPT). This slows down the matching process, but does ensure that
+callouts such as the example above are obeyed.
+.
+.
+.SH "THE CALLOUT INTERFACE"
+.rs
+.sp
+During matching, when PCRE reaches a callout point, the external function
+defined by \fIpcre_callout\fP or \fIpcre[16|32]_callout\fP is called (if it is
+set). This applies to both normal and DFA matching. The only argument to the
+callout function is a pointer to a \fBpcre_callout\fP or
+\fBpcre[16|32]_callout\fP block. These structures contains the following
+fields:
+.sp
+  int           \fIversion\fP;
+  int           \fIcallout_number\fP;
+  int          *\fIoffset_vector\fP;
+  const char   *\fIsubject\fP;           (8-bit version)
+  PCRE_SPTR16   \fIsubject\fP;           (16-bit version)
+  PCRE_SPTR32   \fIsubject\fP;           (32-bit version)
+  int           \fIsubject_length\fP;
+  int           \fIstart_match\fP;
+  int           \fIcurrent_position\fP;
+  int           \fIcapture_top\fP;
+  int           \fIcapture_last\fP;
+  void         *\fIcallout_data\fP;
+  int           \fIpattern_position\fP;
+  int           \fInext_item_length\fP;
+  const unsigned char *\fImark\fP;       (8-bit version)
+  const PCRE_UCHAR16  *\fImark\fP;       (16-bit version)
+  const PCRE_UCHAR32  *\fImark\fP;       (32-bit version)
+.sp
+The \fIversion\fP field is an integer containing the version number of the
+block format. The initial version was 0; the current version is 2. The version
+number will change again in future if additional fields are added, but the
+intention is never to remove any of the existing fields.
+.P
+The \fIcallout_number\fP field contains the number of the callout, as compiled
+into the pattern (that is, the number after ?C for manual callouts, and 255 for
+automatically generated callouts).
+.P
+The \fIoffset_vector\fP field is a pointer to the vector of offsets that was
+passed by the caller to the matching function. When \fBpcre_exec()\fP or
+\fBpcre[16|32]_exec()\fP is used, the contents can be inspected, in order to
+extract substrings that have been matched so far, in the same way as for
+extracting substrings after a match has completed. For the DFA matching
+functions, this field is not useful.
+.P
+The \fIsubject\fP and \fIsubject_length\fP fields contain copies of the values
+that were passed to the matching function.
+.P
+The \fIstart_match\fP field normally contains the offset within the subject at
+which the current match attempt started. However, if the escape sequence \eK
+has been encountered, this value is changed to reflect the modified starting
+point. If the pattern is not anchored, the callout function may be called
+several times from the same point in the pattern for different starting points
+in the subject.
+.P
+The \fIcurrent_position\fP field contains the offset within the subject of the
+current match pointer.
+.P
+When the \fBpcre_exec()\fP or \fBpcre[16|32]_exec()\fP is used, the
+\fIcapture_top\fP field contains one more than the number of the highest
+numbered captured substring so far. If no substrings have been captured, the
+value of \fIcapture_top\fP is one. This is always the case when the DFA
+functions are used, because they do not support captured substrings.
+.P
+The \fIcapture_last\fP field contains the number of the most recently captured
+substring. However, when a recursion exits, the value reverts to what it was
+outside the recursion, as do the values of all captured substrings. If no
+substrings have been captured, the value of \fIcapture_last\fP is -1. This is
+always the case for the DFA matching functions.
+.P
+The \fIcallout_data\fP field contains a value that is passed to a matching
+function specifically so that it can be passed back in callouts. It is passed
+in the \fIcallout_data\fP field of a \fBpcre_extra\fP or \fBpcre[16|32]_extra\fP
+data structure. If no such data was passed, the value of \fIcallout_data\fP in
+a callout block is NULL. There is a description of the \fBpcre_extra\fP
+structure in the
+.\" HREF
+\fBpcreapi\fP
+.\"
+documentation.
+.P
+The \fIpattern_position\fP field is present from version 1 of the callout
+structure. It contains the offset to the next item to be matched in the pattern
+string.
+.P
+The \fInext_item_length\fP field is present from version 1 of the callout
+structure. It contains the length of the next item to be matched in the pattern
+string. When the callout immediately precedes an alternation bar, a closing
+parenthesis, or the end of the pattern, the length is zero. When the callout
+precedes an opening parenthesis, the length is that of the entire subpattern.
+.P
+The \fIpattern_position\fP and \fInext_item_length\fP fields are intended to
+help in distinguishing between different automatic callouts, which all have the
+same callout number. However, they are set for all callouts.
+.P
+The \fImark\fP field is present from version 2 of the callout structure. In
+callouts from \fBpcre_exec()\fP or \fBpcre[16|32]_exec()\fP it contains a
+pointer to the zero-terminated name of the most recently passed (*MARK),
+(*PRUNE), or (*THEN) item in the match, or NULL if no such items have been
+passed. Instances of (*PRUNE) or (*THEN) without a name do not obliterate a
+previous (*MARK). In callouts from the DFA matching functions this field always
+contains NULL.
+.
+.
+.SH "RETURN VALUES"
+.rs
+.sp
+The external callout function returns an integer to PCRE. If the value is zero,
+matching proceeds as normal. If the value is greater than zero, matching fails
+at the current point, but the testing of other matching possibilities goes
+ahead, just as if a lookahead assertion had failed. If the value is less than
+zero, the match is abandoned, the matching function returns the negative value.
+.P
+Negative values should normally be chosen from the set of PCRE_ERROR_xxx
+values. In particular, PCRE_ERROR_NOMATCH forces a standard "no match" failure.
+The error number PCRE_ERROR_CALLOUT is reserved for use by callout functions;
+it will never be used by PCRE itself.
+.
+.
+.SH AUTHOR
+.rs
+.sp
+.nf
+Philip Hazel
+University Computing Service
+Cambridge CB2 3QH, England.
+.fi
+.
+.
+.SH REVISION
+.rs
+.sp
+.nf
+Last updated: 12 November 2013
+Copyright (c) 1997-2013 University of Cambridge.
+.fi
diff --git a/client/3rd/ShadowSocks/ShadowSocks/pcre/arm64/share/man/man3/pcrecompat.3 b/client/3rd/ShadowSocks/ShadowSocks/pcre/arm64/share/man/man3/pcrecompat.3
new file mode 100644
index 00000000..6156e776
--- /dev/null
+++ b/client/3rd/ShadowSocks/ShadowSocks/pcre/arm64/share/man/man3/pcrecompat.3
@@ -0,0 +1,200 @@
+.TH PCRECOMPAT 3 "10 November 2013" "PCRE 8.34"
+.SH NAME
+PCRE - Perl-compatible regular expressions
+.SH "DIFFERENCES BETWEEN PCRE AND PERL"
+.rs
+.sp
+This document describes the differences in the ways that PCRE and Perl handle
+regular expressions. The differences described here are with respect to Perl
+versions 5.10 and above.
+.P
+1. PCRE has only a subset of Perl's Unicode support. Details of what it does
+have are given in the
+.\" HREF
+\fBpcreunicode\fP
+.\"
+page.
+.P
+2. PCRE allows repeat quantifiers only on parenthesized assertions, but they do
+not mean what you might think. For example, (?!a){3} does not assert that the
+next three characters are not "a". It just asserts that the next character is
+not "a" three times (in principle: PCRE optimizes this to run the assertion
+just once). Perl allows repeat quantifiers on other assertions such as \eb, but
+these do not seem to have any use.
+.P
+3. Capturing subpatterns that occur inside negative lookahead assertions are
+counted, but their entries in the offsets vector are never set. Perl sometimes
+(but not always) sets its numerical variables from inside negative assertions.
+.P
+4. Though binary zero characters are supported in the subject string, they are
+not allowed in a pattern string because it is passed as a normal C string,
+terminated by zero. The escape sequence \e0 can be used in the pattern to
+represent a binary zero.
+.P
+5. The following Perl escape sequences are not supported: \el, \eu, \eL,
+\eU, and \eN when followed by a character name or Unicode value. (\eN on its
+own, matching a non-newline character, is supported.) In fact these are
+implemented by Perl's general string-handling and are not part of its pattern
+matching engine. If any of these are encountered by PCRE, an error is
+generated by default. However, if the PCRE_JAVASCRIPT_COMPAT option is set,
+\eU and \eu are interpreted as JavaScript interprets them.
+.P
+6. The Perl escape sequences \ep, \eP, and \eX are supported only if PCRE is
+built with Unicode character property support. The properties that can be
+tested with \ep and \eP are limited to the general category properties such as
+Lu and Nd, script names such as Greek or Han, and the derived properties Any
+and L&. PCRE does support the Cs (surrogate) property, which Perl does not; the
+Perl documentation says "Because Perl hides the need for the user to understand
+the internal representation of Unicode characters, there is no need to
+implement the somewhat messy concept of surrogates."
+.P
+7. PCRE does support the \eQ...\eE escape for quoting substrings. Characters in
+between are treated as literals. This is slightly different from Perl in that $
+and @ are also handled as literals inside the quotes. In Perl, they cause
+variable interpolation (but of course PCRE does not have variables). Note the
+following examples:
+.sp
+    Pattern            PCRE matches      Perl matches
+.sp
+.\" JOIN
+    \eQabc$xyz\eE        abc$xyz           abc followed by the
+                                           contents of $xyz
+    \eQabc\e$xyz\eE       abc\e$xyz          abc\e$xyz
+    \eQabc\eE\e$\eQxyz\eE   abc$xyz           abc$xyz
+.sp
+The \eQ...\eE sequence is recognized both inside and outside character classes.
+.P
+8. Fairly obviously, PCRE does not support the (?{code}) and (??{code})
+constructions. However, there is support for recursive patterns. This is not
+available in Perl 5.8, but it is in Perl 5.10. Also, the PCRE "callout"
+feature allows an external function to be called during pattern matching. See
+the
+.\" HREF
+\fBpcrecallout\fP
+.\"
+documentation for details.
+.P
+9. Subpatterns that are called as subroutines (whether or not recursively) are
+always treated as atomic groups in PCRE. This is like Python, but unlike Perl.
+Captured values that are set outside a subroutine call can be reference from
+inside in PCRE, but not in Perl. There is a discussion that explains these
+differences in more detail in the
+.\" HTML <a href="pcrepattern.html#recursiondifference">
+.\" </a>
+section on recursion differences from Perl
+.\"
+in the
+.\" HREF
+\fBpcrepattern\fP
+.\"
+page.
+.P
+10. If any of the backtracking control verbs are used in a subpattern that is
+called as a subroutine (whether or not recursively), their effect is confined
+to that subpattern; it does not extend to the surrounding pattern. This is not
+always the case in Perl. In particular, if (*THEN) is present in a group that
+is called as a subroutine, its action is limited to that group, even if the
+group does not contain any | characters. Note that such subpatterns are
+processed as anchored at the point where they are tested.
+.P
+11. If a pattern contains more than one backtracking control verb, the first
+one that is backtracked onto acts. For example, in the pattern
+A(*COMMIT)B(*PRUNE)C a failure in B triggers (*COMMIT), but a failure in C
+triggers (*PRUNE). Perl's behaviour is more complex; in many cases it is the
+same as PCRE, but there are examples where it differs.
+.P
+12. Most backtracking verbs in assertions have their normal actions. They are
+not confined to the assertion.
+.P
+13. There are some differences that are concerned with the settings of captured
+strings when part of a pattern is repeated. For example, matching "aba" against
+the pattern /^(a(b)?)+$/ in Perl leaves $2 unset, but in PCRE it is set to "b".
+.P
+14. PCRE's handling of duplicate subpattern numbers and duplicate subpattern
+names is not as general as Perl's. This is a consequence of the fact the PCRE
+works internally just with numbers, using an external table to translate
+between numbers and names. In particular, a pattern such as (?|(?<a>A)|(?<b>B),
+where the two capturing parentheses have the same number but different names,
+is not supported, and causes an error at compile time. If it were allowed, it
+would not be possible to distinguish which parentheses matched, because both
+names map to capturing subpattern number 1. To avoid this confusing situation,
+an error is given at compile time.
+.P
+15. Perl recognizes comments in some places that PCRE does not, for example,
+between the ( and ? at the start of a subpattern. If the /x modifier is set,
+Perl allows white space between ( and ? (though current Perls warn that this is
+deprecated) but PCRE never does, even if the PCRE_EXTENDED option is set.
+.P
+16. Perl, when in warning mode, gives warnings for character classes such as
+[A-\ed] or [a-[:digit:]]. It then treats the hyphens as literals. PCRE has no
+warning features, so it gives an error in these cases because they are almost
+certainly user mistakes.
+.P
+17. In PCRE, the upper/lower case character properties Lu and Ll are not
+affected when case-independent matching is specified. For example, \ep{Lu}
+always matches an upper case letter. I think Perl has changed in this respect;
+in the release at the time of writing (5.16), \ep{Lu} and \ep{Ll} match all
+letters, regardless of case, when case independence is specified.
+.P
+18. PCRE provides some extensions to the Perl regular expression facilities.
+Perl 5.10 includes new features that are not in earlier versions of Perl, some
+of which (such as named parentheses) have been in PCRE for some time. This list
+is with respect to Perl 5.10:
+.sp
+(a) Although lookbehind assertions in PCRE must match fixed length strings,
+each alternative branch of a lookbehind assertion can match a different length
+of string. Perl requires them all to have the same length.
+.sp
+(b) If PCRE_DOLLAR_ENDONLY is set and PCRE_MULTILINE is not set, the $
+meta-character matches only at the very end of the string.
+.sp
+(c) If PCRE_EXTRA is set, a backslash followed by a letter with no special
+meaning is faulted. Otherwise, like Perl, the backslash is quietly ignored.
+(Perl can be made to issue a warning.)
+.sp
+(d) If PCRE_UNGREEDY is set, the greediness of the repetition quantifiers is
+inverted, that is, by default they are not greedy, but if followed by a
+question mark they are.
+.sp
+(e) PCRE_ANCHORED can be used at matching time to force a pattern to be tried
+only at the first matching position in the subject string.
+.sp
+(f) The PCRE_NOTBOL, PCRE_NOTEOL, PCRE_NOTEMPTY, PCRE_NOTEMPTY_ATSTART, and
+PCRE_NO_AUTO_CAPTURE options for \fBpcre_exec()\fP have no Perl equivalents.
+.sp
+(g) The \eR escape sequence can be restricted to match only CR, LF, or CRLF
+by the PCRE_BSR_ANYCRLF option.
+.sp
+(h) The callout facility is PCRE-specific.
+.sp
+(i) The partial matching facility is PCRE-specific.
+.sp
+(j) Patterns compiled by PCRE can be saved and re-used at a later time, even on
+different hosts that have the other endianness. However, this does not apply to
+optimized data created by the just-in-time compiler.
+.sp
+(k) The alternative matching functions (\fBpcre_dfa_exec()\fP,
+\fBpcre16_dfa_exec()\fP and \fBpcre32_dfa_exec()\fP,) match in a different way
+and are not Perl-compatible.
+.sp
+(l) PCRE recognizes some special sequences such as (*CR) at the start of
+a pattern that set overall options that cannot be changed within the pattern.
+.
+.
+.SH AUTHOR
+.rs
+.sp
+.nf
+Philip Hazel
+University Computing Service
+Cambridge CB2 3QH, England.
+.fi
+.
+.
+.SH REVISION
+.rs
+.sp
+.nf
+Last updated: 10 November 2013
+Copyright (c) 1997-2013 University of Cambridge.
+.fi
diff --git a/client/3rd/ShadowSocks/ShadowSocks/pcre/arm64/share/man/man3/pcrecpp.3 b/client/3rd/ShadowSocks/ShadowSocks/pcre/arm64/share/man/man3/pcrecpp.3
new file mode 100644
index 00000000..fbddd86a
--- /dev/null
+++ b/client/3rd/ShadowSocks/ShadowSocks/pcre/arm64/share/man/man3/pcrecpp.3
@@ -0,0 +1,348 @@
+.TH PCRECPP 3 "08 January 2012" "PCRE 8.30"
+.SH NAME
+PCRE - Perl-compatible regular expressions.
+.SH "SYNOPSIS OF C++ WRAPPER"
+.rs
+.sp
+.B #include <pcrecpp.h>
+.
+.SH DESCRIPTION
+.rs
+.sp
+The C++ wrapper for PCRE was provided by Google Inc. Some additional
+functionality was added by Giuseppe Maxia. This brief man page was constructed
+from the notes in the \fIpcrecpp.h\fP file, which should be consulted for
+further details. Note that the C++ wrapper supports only the original 8-bit
+PCRE library. There is no 16-bit or 32-bit support at present.
+.
+.
+.SH "MATCHING INTERFACE"
+.rs
+.sp
+The "FullMatch" operation checks that supplied text matches a supplied pattern
+exactly. If pointer arguments are supplied, it copies matched sub-strings that
+match sub-patterns into them.
+.sp
+  Example: successful match
+     pcrecpp::RE re("h.*o");
+     re.FullMatch("hello");
+.sp
+  Example: unsuccessful match (requires full match):
+     pcrecpp::RE re("e");
+     !re.FullMatch("hello");
+.sp
+  Example: creating a temporary RE object:
+     pcrecpp::RE("h.*o").FullMatch("hello");
+.sp
+You can pass in a "const char*" or a "string" for "text". The examples below
+tend to use a const char*. You can, as in the different examples above, store
+the RE object explicitly in a variable or use a temporary RE object. The
+examples below use one mode or the other arbitrarily. Either could correctly be
+used for any of these examples.
+.P
+You must supply extra pointer arguments to extract matched subpieces.
+.sp
+  Example: extracts "ruby" into "s" and 1234 into "i"
+     int i;
+     string s;
+     pcrecpp::RE re("(\e\ew+):(\e\ed+)");
+     re.FullMatch("ruby:1234", &s, &i);
+.sp
+  Example: does not try to extract any extra sub-patterns
+     re.FullMatch("ruby:1234", &s);
+.sp
+  Example: does not try to extract into NULL
+     re.FullMatch("ruby:1234", NULL, &i);
+.sp
+  Example: integer overflow causes failure
+     !re.FullMatch("ruby:1234567891234", NULL, &i);
+.sp
+  Example: fails because there aren't enough sub-patterns:
+     !pcrecpp::RE("\e\ew+:\e\ed+").FullMatch("ruby:1234", &s);
+.sp
+  Example: fails because string cannot be stored in integer
+     !pcrecpp::RE("(.*)").FullMatch("ruby", &i);
+.sp
+The provided pointer arguments can be pointers to any scalar numeric
+type, or one of:
+.sp
+   string        (matched piece is copied to string)
+   StringPiece   (StringPiece is mutated to point to matched piece)
+   T             (where "bool T::ParseFrom(const char*, int)" exists)
+   NULL          (the corresponding matched sub-pattern is not copied)
+.sp
+The function returns true iff all of the following conditions are satisfied:
+.sp
+  a. "text" matches "pattern" exactly;
+.sp
+  b. The number of matched sub-patterns is >= number of supplied
+     pointers;
+.sp
+  c. The "i"th argument has a suitable type for holding the
+     string captured as the "i"th sub-pattern. If you pass in
+     void * NULL for the "i"th argument, or a non-void * NULL
+     of the correct type, or pass fewer arguments than the
+     number of sub-patterns, "i"th captured sub-pattern is
+     ignored.
+.sp
+CAVEAT: An optional sub-pattern that does not exist in the matched
+string is assigned the empty string. Therefore, the following will
+return false (because the empty string is not a valid number):
+.sp
+   int number;
+   pcrecpp::RE::FullMatch("abc", "[a-z]+(\e\ed+)?", &number);
+.sp
+The matching interface supports at most 16 arguments per call.
+If you need more, consider using the more general interface
+\fBpcrecpp::RE::DoMatch\fP. See \fBpcrecpp.h\fP for the signature for
+\fBDoMatch\fP.
+.P
+NOTE: Do not use \fBno_arg\fP, which is used internally to mark the end of a
+list of optional arguments, as a placeholder for missing arguments, as this can
+lead to segfaults.
+.
+.
+.SH "QUOTING METACHARACTERS"
+.rs
+.sp
+You can use the "QuoteMeta" operation to insert backslashes before all
+potentially meaningful characters in a string. The returned string, used as a
+regular expression, will exactly match the original string.
+.sp
+  Example:
+     string quoted = RE::QuoteMeta(unquoted);
+.sp
+Note that it's legal to escape a character even if it has no special meaning in
+a regular expression -- so this function does that. (This also makes it
+identical to the perl function of the same name; see "perldoc -f quotemeta".)
+For example, "1.5-2.0?" becomes "1\e.5\e-2\e.0\e?".
+.
+.SH "PARTIAL MATCHES"
+.rs
+.sp
+You can use the "PartialMatch" operation when you want the pattern
+to match any substring of the text.
+.sp
+  Example: simple search for a string:
+     pcrecpp::RE("ell").PartialMatch("hello");
+.sp
+  Example: find first number in a string:
+     int number;
+     pcrecpp::RE re("(\e\ed+)");
+     re.PartialMatch("x*100 + 20", &number);
+     assert(number == 100);
+.
+.
+.SH "UTF-8 AND THE MATCHING INTERFACE"
+.rs
+.sp
+By default, pattern and text are plain text, one byte per character. The UTF8
+flag, passed to the constructor, causes both pattern and string to be treated
+as UTF-8 text, still a byte stream but potentially multiple bytes per
+character. In practice, the text is likelier to be UTF-8 than the pattern, but
+the match returned may depend on the UTF8 flag, so always use it when matching
+UTF8 text. For example, "." will match one byte normally but with UTF8 set may
+match up to three bytes of a multi-byte character.
+.sp
+  Example:
+     pcrecpp::RE_Options options;
+     options.set_utf8();
+     pcrecpp::RE re(utf8_pattern, options);
+     re.FullMatch(utf8_string);
+.sp
+  Example: using the convenience function UTF8():
+     pcrecpp::RE re(utf8_pattern, pcrecpp::UTF8());
+     re.FullMatch(utf8_string);
+.sp
+NOTE: The UTF8 flag is ignored if pcre was not configured with the
+      --enable-utf8 flag.
+.
+.
+.SH "PASSING MODIFIERS TO THE REGULAR EXPRESSION ENGINE"
+.rs
+.sp
+PCRE defines some modifiers to change the behavior of the regular expression
+engine. The C++ wrapper defines an auxiliary class, RE_Options, as a vehicle to
+pass such modifiers to a RE class. Currently, the following modifiers are
+supported:
+.sp
+   modifier              description               Perl corresponding
+.sp
+   PCRE_CASELESS         case insensitive match      /i
+   PCRE_MULTILINE        multiple lines match        /m
+   PCRE_DOTALL           dot matches newlines        /s
+   PCRE_DOLLAR_ENDONLY   $ matches only at end       N/A
+   PCRE_EXTRA            strict escape parsing       N/A
+   PCRE_EXTENDED         ignore white spaces         /x
+   PCRE_UTF8             handles UTF8 chars          built-in
+   PCRE_UNGREEDY         reverses * and *?           N/A
+   PCRE_NO_AUTO_CAPTURE  disables capturing parens   N/A (*)
+.sp
+(*) Both Perl and PCRE allow non capturing parentheses by means of the
+"?:" modifier within the pattern itself. e.g. (?:ab|cd) does not
+capture, while (ab|cd) does.
+.P
+For a full account on how each modifier works, please check the
+PCRE API reference page.
+.P
+For each modifier, there are two member functions whose name is made
+out of the modifier in lowercase, without the "PCRE_" prefix. For
+instance, PCRE_CASELESS is handled by
+.sp
+  bool caseless()
+.sp
+which returns true if the modifier is set, and
+.sp
+  RE_Options & set_caseless(bool)
+.sp
+which sets or unsets the modifier. Moreover, PCRE_EXTRA_MATCH_LIMIT can be
+accessed through the \fBset_match_limit()\fP and \fBmatch_limit()\fP member
+functions. Setting \fImatch_limit\fP to a non-zero value will limit the
+execution of pcre to keep it from doing bad things like blowing the stack or
+taking an eternity to return a result. A value of 5000 is good enough to stop
+stack blowup in a 2MB thread stack. Setting \fImatch_limit\fP to zero disables
+match limiting. Alternatively, you can call \fBmatch_limit_recursion()\fP
+which uses PCRE_EXTRA_MATCH_LIMIT_RECURSION to limit how much PCRE
+recurses. \fBmatch_limit()\fP limits the number of matches PCRE does;
+\fBmatch_limit_recursion()\fP limits the depth of internal recursion, and
+therefore the amount of stack that is used.
+.P
+Normally, to pass one or more modifiers to a RE class, you declare
+a \fIRE_Options\fP object, set the appropriate options, and pass this
+object to a RE constructor. Example:
+.sp
+   RE_Options opt;
+   opt.set_caseless(true);
+   if (RE("HELLO", opt).PartialMatch("hello world")) ...
+.sp
+RE_options has two constructors. The default constructor takes no arguments and
+creates a set of flags that are off by default. The optional parameter
+\fIoption_flags\fP is to facilitate transfer of legacy code from C programs.
+This lets you do
+.sp
+   RE(pattern,
+     RE_Options(PCRE_CASELESS|PCRE_MULTILINE)).PartialMatch(str);
+.sp
+However, new code is better off doing
+.sp
+   RE(pattern,
+     RE_Options().set_caseless(true).set_multiline(true))
+       .PartialMatch(str);
+.sp
+If you are going to pass one of the most used modifiers, there are some
+convenience functions that return a RE_Options class with the
+appropriate modifier already set: \fBCASELESS()\fP, \fBUTF8()\fP,
+\fBMULTILINE()\fP, \fBDOTALL\fP(), and \fBEXTENDED()\fP.
+.P
+If you need to set several options at once, and you don't want to go through
+the pains of declaring a RE_Options object and setting several options, there
+is a parallel method that give you such ability on the fly. You can concatenate
+several \fBset_xxxxx()\fP member functions, since each of them returns a
+reference to its class object. For example, to pass PCRE_CASELESS,
+PCRE_EXTENDED, and PCRE_MULTILINE to a RE with one statement, you may write:
+.sp
+   RE(" ^ xyz \e\es+ .* blah$",
+     RE_Options()
+       .set_caseless(true)
+       .set_extended(true)
+       .set_multiline(true)).PartialMatch(sometext);
+.sp
+.
+.
+.SH "SCANNING TEXT INCREMENTALLY"
+.rs
+.sp
+The "Consume" operation may be useful if you want to repeatedly
+match regular expressions at the front of a string and skip over
+them as they match. This requires use of the "StringPiece" type,
+which represents a sub-range of a real string. Like RE, StringPiece
+is defined in the pcrecpp namespace.
+.sp
+  Example: read lines of the form "var = value" from a string.
+     string contents = ...;                 // Fill string somehow
+     pcrecpp::StringPiece input(contents);  // Wrap in a StringPiece
+.sp
+     string var;
+     int value;
+     pcrecpp::RE re("(\e\ew+) = (\e\ed+)\en");
+     while (re.Consume(&input, &var, &value)) {
+       ...;
+     }
+.sp
+Each successful call to "Consume" will set "var/value", and also
+advance "input" so it points past the matched text.
+.P
+The "FindAndConsume" operation is similar to "Consume" but does not
+anchor your match at the beginning of the string. For example, you
+could extract all words from a string by repeatedly calling
+.sp
+  pcrecpp::RE("(\e\ew+)").FindAndConsume(&input, &word)
+.
+.
+.SH "PARSING HEX/OCTAL/C-RADIX NUMBERS"
+.rs
+.sp
+By default, if you pass a pointer to a numeric value, the
+corresponding text is interpreted as a base-10 number. You can
+instead wrap the pointer with a call to one of the operators Hex(),
+Octal(), or CRadix() to interpret the text in another base. The
+CRadix operator interprets C-style "0" (base-8) and "0x" (base-16)
+prefixes, but defaults to base-10.
+.sp
+  Example:
+    int a, b, c, d;
+    pcrecpp::RE re("(.*) (.*) (.*) (.*)");
+    re.FullMatch("100 40 0100 0x40",
+                 pcrecpp::Octal(&a), pcrecpp::Hex(&b),
+                 pcrecpp::CRadix(&c), pcrecpp::CRadix(&d));
+.sp
+will leave 64 in a, b, c, and d.
+.
+.
+.SH "REPLACING PARTS OF STRINGS"
+.rs
+.sp
+You can replace the first match of "pattern" in "str" with "rewrite".
+Within "rewrite", backslash-escaped digits (\e1 to \e9) can be
+used to insert text matching corresponding parenthesized group
+from the pattern. \e0 in "rewrite" refers to the entire matching
+text. For example:
+.sp
+  string s = "yabba dabba doo";
+  pcrecpp::RE("b+").Replace("d", &s);
+.sp
+will leave "s" containing "yada dabba doo". The result is true if the pattern
+matches and a replacement occurs, false otherwise.
+.P
+\fBGlobalReplace\fP is like \fBReplace\fP except that it replaces all
+occurrences of the pattern in the string with the rewrite. Replacements are
+not subject to re-matching. For example:
+.sp
+  string s = "yabba dabba doo";
+  pcrecpp::RE("b+").GlobalReplace("d", &s);
+.sp
+will leave "s" containing "yada dada doo". It returns the number of
+replacements made.
+.P
+\fBExtract\fP is like \fBReplace\fP, except that if the pattern matches,
+"rewrite" is copied into "out" (an additional argument) with substitutions.
+The non-matching portions of "text" are ignored. Returns true iff a match
+occurred and the extraction happened successfully;  if no match occurs, the
+string is left unaffected.
+.
+.
+.SH AUTHOR
+.rs
+.sp
+.nf
+The C++ wrapper was contributed by Google Inc.
+Copyright (c) 2007 Google Inc.
+.fi
+.
+.
+.SH REVISION
+.rs
+.sp
+.nf
+Last updated: 08 January 2012
+.fi
diff --git a/client/3rd/ShadowSocks/ShadowSocks/pcre/arm64/share/man/man3/pcredemo.3 b/client/3rd/ShadowSocks/ShadowSocks/pcre/arm64/share/man/man3/pcredemo.3
new file mode 100644
index 00000000..194629b1
--- /dev/null
+++ b/client/3rd/ShadowSocks/ShadowSocks/pcre/arm64/share/man/man3/pcredemo.3
@@ -0,0 +1,424 @@
+.\" Start example.
+.de EX
+.  nr mE \\n(.f
+.  nf
+.  nh
+.  ft CW
+..
+.
+.
+.\" End example.
+.de EE
+.  ft \\n(mE
+.  fi
+.  hy \\n(HY
+..
+.
+.EX
+/*************************************************
+*           PCRE DEMONSTRATION PROGRAM           *
+*************************************************/
+
+/* This is a demonstration program to illustrate the most straightforward ways
+of calling the PCRE regular expression library from a C program. See the
+pcresample documentation for a short discussion ("man pcresample" if you have
+the PCRE man pages installed).
+
+In Unix-like environments, if PCRE is installed in your standard system
+libraries, you should be able to compile this program using this command:
+
+gcc -Wall pcredemo.c -lpcre -o pcredemo
+
+If PCRE is not installed in a standard place, it is likely to be installed with
+support for the pkg-config mechanism. If you have pkg-config, you can compile
+this program using this command:
+
+gcc -Wall pcredemo.c `pkg-config --cflags --libs libpcre` -o pcredemo
+
+If you do not have pkg-config, you may have to use this:
+
+gcc -Wall pcredemo.c -I/usr/local/include -L/usr/local/lib \e
+  -R/usr/local/lib -lpcre -o pcredemo
+
+Replace "/usr/local/include" and "/usr/local/lib" with wherever the include and
+library files for PCRE are installed on your system. Only some operating
+systems (e.g. Solaris) use the -R option.
+
+Building under Windows:
+
+If you want to statically link this program against a non-dll .a file, you must
+define PCRE_STATIC before including pcre.h, otherwise the pcre_malloc() and
+pcre_free() exported functions will be declared __declspec(dllimport), with
+unwanted results. So in this environment, uncomment the following line. */
+
+/* #define PCRE_STATIC */
+
+#include <stdio.h>
+#include <string.h>
+#include <pcre.h>
+
+#define OVECCOUNT 30    /* should be a multiple of 3 */
+
+
+int main(int argc, char **argv)
+{
+pcre *re;
+const char *error;
+char *pattern;
+char *subject;
+unsigned char *name_table;
+unsigned int option_bits;
+int erroffset;
+int find_all;
+int crlf_is_newline;
+int namecount;
+int name_entry_size;
+int ovector[OVECCOUNT];
+int subject_length;
+int rc, i;
+int utf8;
+
+
+/**************************************************************************
+* First, sort out the command line. There is only one possible option at  *
+* the moment, "-g" to request repeated matching to find all occurrences,  *
+* like Perl's /g option. We set the variable find_all to a non-zero value *
+* if the -g option is present. Apart from that, there must be exactly two *
+* arguments.                                                              *
+**************************************************************************/
+
+find_all = 0;
+for (i = 1; i < argc; i++)
+  {
+  if (strcmp(argv[i], "-g") == 0) find_all = 1;
+    else break;
+  }
+
+/* After the options, we require exactly two arguments, which are the pattern,
+and the subject string. */
+
+if (argc - i != 2)
+  {
+  printf("Two arguments required: a regex and a subject string\en");
+  return 1;
+  }
+
+pattern = argv[i];
+subject = argv[i+1];
+subject_length = (int)strlen(subject);
+
+
+/*************************************************************************
+* Now we are going to compile the regular expression pattern, and handle *
+* and errors that are detected.                                          *
+*************************************************************************/
+
+re = pcre_compile(
+  pattern,              /* the pattern */
+  0,                    /* default options */
+  &error,               /* for error message */
+  &erroffset,           /* for error offset */
+  NULL);                /* use default character tables */
+
+/* Compilation failed: print the error message and exit */
+
+if (re == NULL)
+  {
+  printf("PCRE compilation failed at offset %d: %s\en", erroffset, error);
+  return 1;
+  }
+
+
+/*************************************************************************
+* If the compilation succeeded, we call PCRE again, in order to do a     *
+* pattern match against the subject string. This does just ONE match. If *
+* further matching is needed, it will be done below.                     *
+*************************************************************************/
+
+rc = pcre_exec(
+  re,                   /* the compiled pattern */
+  NULL,                 /* no extra data - we didn't study the pattern */
+  subject,              /* the subject string */
+  subject_length,       /* the length of the subject */
+  0,                    /* start at offset 0 in the subject */
+  0,                    /* default options */
+  ovector,              /* output vector for substring information */
+  OVECCOUNT);           /* number of elements in the output vector */
+
+/* Matching failed: handle error cases */
+
+if (rc < 0)
+  {
+  switch(rc)
+    {
+    case PCRE_ERROR_NOMATCH: printf("No match\en"); break;
+    /*
+    Handle other special cases if you like
+    */
+    default: printf("Matching error %d\en", rc); break;
+    }
+  pcre_free(re);     /* Release memory used for the compiled pattern */
+  return 1;
+  }
+
+/* Match succeded */
+
+printf("\enMatch succeeded at offset %d\en", ovector[0]);
+
+
+/*************************************************************************
+* We have found the first match within the subject string. If the output *
+* vector wasn't big enough, say so. Then output any substrings that were *
+* captured.                                                              *
+*************************************************************************/
+
+/* The output vector wasn't big enough */
+
+if (rc == 0)
+  {
+  rc = OVECCOUNT/3;
+  printf("ovector only has room for %d captured substrings\en", rc - 1);
+  }
+
+/* Show substrings stored in the output vector by number. Obviously, in a real
+application you might want to do things other than print them. */
+
+for (i = 0; i < rc; i++)
+  {
+  char *substring_start = subject + ovector[2*i];
+  int substring_length = ovector[2*i+1] - ovector[2*i];
+  printf("%2d: %.*s\en", i, substring_length, substring_start);
+  }
+
+
+/**************************************************************************
+* That concludes the basic part of this demonstration program. We have    *
+* compiled a pattern, and performed a single match. The code that follows *
+* shows first how to access named substrings, and then how to code for    *
+* repeated matches on the same subject.                                   *
+**************************************************************************/
+
+/* See if there are any named substrings, and if so, show them by name. First
+we have to extract the count of named parentheses from the pattern. */
+
+(void)pcre_fullinfo(
+  re,                   /* the compiled pattern */
+  NULL,                 /* no extra data - we didn't study the pattern */
+  PCRE_INFO_NAMECOUNT,  /* number of named substrings */
+  &namecount);          /* where to put the answer */
+
+if (namecount <= 0) printf("No named substrings\en"); else
+  {
+  unsigned char *tabptr;
+  printf("Named substrings\en");
+
+  /* Before we can access the substrings, we must extract the table for
+  translating names to numbers, and the size of each entry in the table. */
+
+  (void)pcre_fullinfo(
+    re,                       /* the compiled pattern */
+    NULL,                     /* no extra data - we didn't study the pattern */
+    PCRE_INFO_NAMETABLE,      /* address of the table */
+    &name_table);             /* where to put the answer */
+
+  (void)pcre_fullinfo(
+    re,                       /* the compiled pattern */
+    NULL,                     /* no extra data - we didn't study the pattern */
+    PCRE_INFO_NAMEENTRYSIZE,  /* size of each entry in the table */
+    &name_entry_size);        /* where to put the answer */
+
+  /* Now we can scan the table and, for each entry, print the number, the name,
+  and the substring itself. */
+
+  tabptr = name_table;
+  for (i = 0; i < namecount; i++)
+    {
+    int n = (tabptr[0] << 8) | tabptr[1];
+    printf("(%d) %*s: %.*s\en", n, name_entry_size - 3, tabptr + 2,
+      ovector[2*n+1] - ovector[2*n], subject + ovector[2*n]);
+    tabptr += name_entry_size;
+    }
+  }
+
+
+/*************************************************************************
+* If the "-g" option was given on the command line, we want to continue  *
+* to search for additional matches in the subject string, in a similar   *
+* way to the /g option in Perl. This turns out to be trickier than you   *
+* might think because of the possibility of matching an empty string.    *
+* What happens is as follows:                                            *
+*                                                                        *
+* If the previous match was NOT for an empty string, we can just start   *
+* the next match at the end of the previous one.                         *
+*                                                                        *
+* If the previous match WAS for an empty string, we can't do that, as it *
+* would lead to an infinite loop. Instead, a special call of pcre_exec() *
+* is made with the PCRE_NOTEMPTY_ATSTART and PCRE_ANCHORED flags set.    *
+* The first of these tells PCRE that an empty string at the start of the *
+* subject is not a valid match; other possibilities must be tried. The   *
+* second flag restricts PCRE to one match attempt at the initial string  *
+* position. If this match succeeds, an alternative to the empty string   *
+* match has been found, and we can print it and proceed round the loop,  *
+* advancing by the length of whatever was found. If this match does not  *
+* succeed, we still stay in the loop, advancing by just one character.   *
+* In UTF-8 mode, which can be set by (*UTF8) in the pattern, this may be *
+* more than one byte.                                                    *
+*                                                                        *
+* However, there is a complication concerned with newlines. When the     *
+* newline convention is such that CRLF is a valid newline, we must       *
+* advance by two characters rather than one. The newline convention can  *
+* be set in the regex by (*CR), etc.; if not, we must find the default.  *
+*************************************************************************/
+
+if (!find_all)     /* Check for -g */
+  {
+  pcre_free(re);   /* Release the memory used for the compiled pattern */
+  return 0;        /* Finish unless -g was given */
+  }
+
+/* Before running the loop, check for UTF-8 and whether CRLF is a valid newline
+sequence. First, find the options with which the regex was compiled; extract
+the UTF-8 state, and mask off all but the newline options. */
+
+(void)pcre_fullinfo(re, NULL, PCRE_INFO_OPTIONS, &option_bits);
+utf8 = option_bits & PCRE_UTF8;
+option_bits &= PCRE_NEWLINE_CR|PCRE_NEWLINE_LF|PCRE_NEWLINE_CRLF|
+               PCRE_NEWLINE_ANY|PCRE_NEWLINE_ANYCRLF;
+
+/* If no newline options were set, find the default newline convention from the
+build configuration. */
+
+if (option_bits == 0)
+  {
+  int d;
+  (void)pcre_config(PCRE_CONFIG_NEWLINE, &d);
+  /* Note that these values are always the ASCII ones, even in
+  EBCDIC environments. CR = 13, NL = 10. */
+  option_bits = (d == 13)? PCRE_NEWLINE_CR :
+          (d == 10)? PCRE_NEWLINE_LF :
+          (d == (13<<8 | 10))? PCRE_NEWLINE_CRLF :
+          (d == -2)? PCRE_NEWLINE_ANYCRLF :
+          (d == -1)? PCRE_NEWLINE_ANY : 0;
+  }
+
+/* See if CRLF is a valid newline sequence. */
+
+crlf_is_newline =
+     option_bits == PCRE_NEWLINE_ANY ||
+     option_bits == PCRE_NEWLINE_CRLF ||
+     option_bits == PCRE_NEWLINE_ANYCRLF;
+
+/* Loop for second and subsequent matches */
+
+for (;;)
+  {
+  int options = 0;                 /* Normally no options */
+  int start_offset = ovector[1];   /* Start at end of previous match */
+
+  /* If the previous match was for an empty string, we are finished if we are
+  at the end of the subject. Otherwise, arrange to run another match at the
+  same point to see if a non-empty match can be found. */
+
+  if (ovector[0] == ovector[1])
+    {
+    if (ovector[0] == subject_length) break;
+    options = PCRE_NOTEMPTY_ATSTART | PCRE_ANCHORED;
+    }
+
+  /* Run the next matching operation */
+
+  rc = pcre_exec(
+    re,                   /* the compiled pattern */
+    NULL,                 /* no extra data - we didn't study the pattern */
+    subject,              /* the subject string */
+    subject_length,       /* the length of the subject */
+    start_offset,         /* starting offset in the subject */
+    options,              /* options */
+    ovector,              /* output vector for substring information */
+    OVECCOUNT);           /* number of elements in the output vector */
+
+  /* This time, a result of NOMATCH isn't an error. If the value in "options"
+  is zero, it just means we have found all possible matches, so the loop ends.
+  Otherwise, it means we have failed to find a non-empty-string match at a
+  point where there was a previous empty-string match. In this case, we do what
+  Perl does: advance the matching position by one character, and continue. We
+  do this by setting the "end of previous match" offset, because that is picked
+  up at the top of the loop as the point at which to start again.
+
+  There are two complications: (a) When CRLF is a valid newline sequence, and
+  the current position is just before it, advance by an extra byte. (b)
+  Otherwise we must ensure that we skip an entire UTF-8 character if we are in
+  UTF-8 mode. */
+
+  if (rc == PCRE_ERROR_NOMATCH)
+    {
+    if (options == 0) break;                    /* All matches found */
+    ovector[1] = start_offset + 1;              /* Advance one byte */
+    if (crlf_is_newline &&                      /* If CRLF is newline & */
+        start_offset < subject_length - 1 &&    /* we are at CRLF, */
+        subject[start_offset] == '\er' &&
+        subject[start_offset + 1] == '\en')
+      ovector[1] += 1;                          /* Advance by one more. */
+    else if (utf8)                              /* Otherwise, ensure we */
+      {                                         /* advance a whole UTF-8 */
+      while (ovector[1] < subject_length)       /* character. */
+        {
+        if ((subject[ovector[1]] & 0xc0) != 0x80) break;
+        ovector[1] += 1;
+        }
+      }
+    continue;    /* Go round the loop again */
+    }
+
+  /* Other matching errors are not recoverable. */
+
+  if (rc < 0)
+    {
+    printf("Matching error %d\en", rc);
+    pcre_free(re);    /* Release memory used for the compiled pattern */
+    return 1;
+    }
+
+  /* Match succeded */
+
+  printf("\enMatch succeeded again at offset %d\en", ovector[0]);
+
+  /* The match succeeded, but the output vector wasn't big enough. */
+
+  if (rc == 0)
+    {
+    rc = OVECCOUNT/3;
+    printf("ovector only has room for %d captured substrings\en", rc - 1);
+    }
+
+  /* As before, show substrings stored in the output vector by number, and then
+  also any named substrings. */
+
+  for (i = 0; i < rc; i++)
+    {
+    char *substring_start = subject + ovector[2*i];
+    int substring_length = ovector[2*i+1] - ovector[2*i];
+    printf("%2d: %.*s\en", i, substring_length, substring_start);
+    }
+
+  if (namecount <= 0) printf("No named substrings\en"); else
+    {
+    unsigned char *tabptr = name_table;
+    printf("Named substrings\en");
+    for (i = 0; i < namecount; i++)
+      {
+      int n = (tabptr[0] << 8) | tabptr[1];
+      printf("(%d) %*s: %.*s\en", n, name_entry_size - 3, tabptr + 2,
+        ovector[2*n+1] - ovector[2*n], subject + ovector[2*n]);
+      tabptr += name_entry_size;
+      }
+    }
+  }      /* End of loop to find second and subsequent matches */
+
+printf("\en");
+pcre_free(re);       /* Release memory used for the compiled pattern */
+return 0;
+}
+
+/* End of pcredemo.c */
+.EE
diff --git a/client/3rd/ShadowSocks/ShadowSocks/pcre/arm64/share/man/man3/pcrejit.3 b/client/3rd/ShadowSocks/ShadowSocks/pcre/arm64/share/man/man3/pcrejit.3
new file mode 100644
index 00000000..3b785f0f
--- /dev/null
+++ b/client/3rd/ShadowSocks/ShadowSocks/pcre/arm64/share/man/man3/pcrejit.3
@@ -0,0 +1,473 @@
+.TH PCREJIT 3 "05 July 2017" "PCRE 8.41"
+.SH NAME
+PCRE - Perl-compatible regular expressions
+.SH "PCRE JUST-IN-TIME COMPILER SUPPORT"
+.rs
+.sp
+Just-in-time compiling is a heavyweight optimization that can greatly speed up
+pattern matching. However, it comes at the cost of extra processing before the
+match is performed. Therefore, it is of most benefit when the same pattern is
+going to be matched many times. This does not necessarily mean many calls of a
+matching function; if the pattern is not anchored, matching attempts may take
+place many times at various positions in the subject, even for a single call.
+Therefore, if the subject string is very long, it may still pay to use JIT for
+one-off matches.
+.P
+JIT support applies only to the traditional Perl-compatible matching function.
+It does not apply when the DFA matching function is being used. The code for
+this support was written by Zoltan Herczeg.
+.
+.
+.SH "8-BIT, 16-BIT AND 32-BIT SUPPORT"
+.rs
+.sp
+JIT support is available for all of the 8-bit, 16-bit and 32-bit PCRE
+libraries. To keep this documentation simple, only the 8-bit interface is
+described in what follows. If you are using the 16-bit library, substitute the
+16-bit functions and 16-bit structures (for example, \fIpcre16_jit_stack\fP
+instead of \fIpcre_jit_stack\fP). If you are using the 32-bit library,
+substitute the 32-bit functions and 32-bit structures (for example,
+\fIpcre32_jit_stack\fP instead of \fIpcre_jit_stack\fP).
+.
+.
+.SH "AVAILABILITY OF JIT SUPPORT"
+.rs
+.sp
+JIT support is an optional feature of PCRE. The "configure" option --enable-jit
+(or equivalent CMake option) must be set when PCRE is built if you want to use
+JIT. The support is limited to the following hardware platforms:
+.sp
+  ARM v5, v7, and Thumb2
+  Intel x86 32-bit and 64-bit
+  MIPS 32-bit
+  Power PC 32-bit and 64-bit
+  SPARC 32-bit (experimental)
+.sp
+If --enable-jit is set on an unsupported platform, compilation fails.
+.P
+A program that is linked with PCRE 8.20 or later can tell if JIT support is
+available by calling \fBpcre_config()\fP with the PCRE_CONFIG_JIT option. The
+result is 1 when JIT is available, and 0 otherwise. However, a simple program
+does not need to check this in order to use JIT. The normal API is implemented
+in a way that falls back to the interpretive code if JIT is not available. For
+programs that need the best possible performance, there is also a "fast path"
+API that is JIT-specific.
+.P
+If your program may sometimes be linked with versions of PCRE that are older
+than 8.20, but you want to use JIT when it is available, you can test the
+values of PCRE_MAJOR and PCRE_MINOR, or the existence of a JIT macro such as
+PCRE_CONFIG_JIT, for compile-time control of your code. Also beware that the
+\fBpcre_jit_exec()\fP function was not available at all before 8.32,
+and may not be available at all if PCRE isn't compiled with
+--enable-jit. See the "JIT FAST PATH API" section below for details.
+.
+.
+.SH "SIMPLE USE OF JIT"
+.rs
+.sp
+You have to do two things to make use of the JIT support in the simplest way:
+.sp
+  (1) Call \fBpcre_study()\fP with the PCRE_STUDY_JIT_COMPILE option for
+      each compiled pattern, and pass the resulting \fBpcre_extra\fP block to
+      \fBpcre_exec()\fP.
+.sp
+  (2) Use \fBpcre_free_study()\fP to free the \fBpcre_extra\fP block when it is
+      no longer needed, instead of just freeing it yourself. This ensures that
+      any JIT data is also freed.
+.sp
+For a program that may be linked with pre-8.20 versions of PCRE, you can insert
+.sp
+  #ifndef PCRE_STUDY_JIT_COMPILE
+  #define PCRE_STUDY_JIT_COMPILE 0
+  #endif
+.sp
+so that no option is passed to \fBpcre_study()\fP, and then use something like
+this to free the study data:
+.sp
+  #ifdef PCRE_CONFIG_JIT
+      pcre_free_study(study_ptr);
+  #else
+      pcre_free(study_ptr);
+  #endif
+.sp
+PCRE_STUDY_JIT_COMPILE requests the JIT compiler to generate code for complete
+matches. If you want to run partial matches using the PCRE_PARTIAL_HARD or
+PCRE_PARTIAL_SOFT options of \fBpcre_exec()\fP, you should set one or both of
+the following options in addition to, or instead of, PCRE_STUDY_JIT_COMPILE
+when you call \fBpcre_study()\fP:
+.sp
+  PCRE_STUDY_JIT_PARTIAL_HARD_COMPILE
+  PCRE_STUDY_JIT_PARTIAL_SOFT_COMPILE
+.sp
+If using \fBpcre_jit_exec()\fP and supporting a pre-8.32 version of
+PCRE, you can insert:
+.sp
+   #if PCRE_MAJOR >= 8 && PCRE_MINOR >= 32
+   pcre_jit_exec(...);
+   #else
+   pcre_exec(...)
+   #endif
+.sp
+but as described in the "JIT FAST PATH API" section below this assumes
+version 8.32 and later are compiled with --enable-jit, which may
+break.
+.sp
+The JIT compiler generates different optimized code for each of the three
+modes (normal, soft partial, hard partial). When \fBpcre_exec()\fP is called,
+the appropriate code is run if it is available. Otherwise, the pattern is
+matched using interpretive code.
+.P
+In some circumstances you may need to call additional functions. These are
+described in the section entitled
+.\" HTML <a href="#stackcontrol">
+.\" </a>
+"Controlling the JIT stack"
+.\"
+below.
+.P
+If JIT support is not available, PCRE_STUDY_JIT_COMPILE etc. are ignored, and
+no JIT data is created. Otherwise, the compiled pattern is passed to the JIT
+compiler, which turns it into machine code that executes much faster than the
+normal interpretive code. When \fBpcre_exec()\fP is passed a \fBpcre_extra\fP
+block containing a pointer to JIT code of the appropriate mode (normal or
+hard/soft partial), it obeys that code instead of running the interpreter. The
+result is identical, but the compiled JIT code runs much faster.
+.P
+There are some \fBpcre_exec()\fP options that are not supported for JIT
+execution. There are also some pattern items that JIT cannot handle. Details
+are given below. In both cases, execution automatically falls back to the
+interpretive code. If you want to know whether JIT was actually used for a
+particular match, you should arrange for a JIT callback function to be set up
+as described in the section entitled
+.\" HTML <a href="#stackcontrol">
+.\" </a>
+"Controlling the JIT stack"
+.\"
+below, even if you do not need to supply a non-default JIT stack. Such a
+callback function is called whenever JIT code is about to be obeyed. If the
+execution options are not right for JIT execution, the callback function is not
+obeyed.
+.P
+If the JIT compiler finds an unsupported item, no JIT data is generated. You
+can find out if JIT execution is available after studying a pattern by calling
+\fBpcre_fullinfo()\fP with the PCRE_INFO_JIT option. A result of 1 means that
+JIT compilation was successful. A result of 0 means that JIT support is not
+available, or the pattern was not studied with PCRE_STUDY_JIT_COMPILE etc., or
+the JIT compiler was not able to handle the pattern.
+.P
+Once a pattern has been studied, with or without JIT, it can be used as many
+times as you like for matching different subject strings.
+.
+.
+.SH "UNSUPPORTED OPTIONS AND PATTERN ITEMS"
+.rs
+.sp
+The only \fBpcre_exec()\fP options that are supported for JIT execution are
+PCRE_NO_UTF8_CHECK, PCRE_NO_UTF16_CHECK, PCRE_NO_UTF32_CHECK, PCRE_NOTBOL,
+PCRE_NOTEOL, PCRE_NOTEMPTY, PCRE_NOTEMPTY_ATSTART, PCRE_PARTIAL_HARD, and
+PCRE_PARTIAL_SOFT.
+.P
+The only unsupported pattern items are \eC (match a single data unit) when
+running in a UTF mode, and a callout immediately before an assertion condition
+in a conditional group.
+.
+.
+.SH "RETURN VALUES FROM JIT EXECUTION"
+.rs
+.sp
+When a pattern is matched using JIT execution, the return values are the same
+as those given by the interpretive \fBpcre_exec()\fP code, with the addition of
+one new error code: PCRE_ERROR_JIT_STACKLIMIT. This means that the memory used
+for the JIT stack was insufficient. See
+.\" HTML <a href="#stackcontrol">
+.\" </a>
+"Controlling the JIT stack"
+.\"
+below for a discussion of JIT stack usage. For compatibility with the
+interpretive \fBpcre_exec()\fP code, no more than two-thirds of the
+\fIovector\fP argument is used for passing back captured substrings.
+.P
+The error code PCRE_ERROR_MATCHLIMIT is returned by the JIT code if searching a
+very large pattern tree goes on for too long, as it is in the same circumstance
+when JIT is not used, but the details of exactly what is counted are not the
+same. The PCRE_ERROR_RECURSIONLIMIT error code is never returned by JIT
+execution.
+.
+.
+.SH "SAVING AND RESTORING COMPILED PATTERNS"
+.rs
+.sp
+The code that is generated by the JIT compiler is architecture-specific, and is
+also position dependent. For those reasons it cannot be saved (in a file or
+database) and restored later like the bytecode and other data of a compiled
+pattern. Saving and restoring compiled patterns is not something many people
+do. More detail about this facility is given in the
+.\" HREF
+\fBpcreprecompile\fP
+.\"
+documentation. It should be possible to run \fBpcre_study()\fP on a saved and
+restored pattern, and thereby recreate the JIT data, but because JIT
+compilation uses significant resources, it is probably not worth doing this;
+you might as well recompile the original pattern.
+.
+.
+.\" HTML <a name="stackcontrol"></a>
+.SH "CONTROLLING THE JIT STACK"
+.rs
+.sp
+When the compiled JIT code runs, it needs a block of memory to use as a stack.
+By default, it uses 32K on the machine stack. However, some large or
+complicated patterns need more than this. The error PCRE_ERROR_JIT_STACKLIMIT
+is given when there is not enough stack. Three functions are provided for
+managing blocks of memory for use as JIT stacks. There is further discussion
+about the use of JIT stacks in the section entitled
+.\" HTML <a href="#stackcontrol">
+.\" </a>
+"JIT stack FAQ"
+.\"
+below.
+.P
+The \fBpcre_jit_stack_alloc()\fP function creates a JIT stack. Its arguments
+are a starting size and a maximum size, and it returns a pointer to an opaque
+structure of type \fBpcre_jit_stack\fP, or NULL if there is an error. The
+\fBpcre_jit_stack_free()\fP function can be used to free a stack that is no
+longer needed. (For the technically minded: the address space is allocated by
+mmap or VirtualAlloc.)
+.P
+JIT uses far less memory for recursion than the interpretive code,
+and a maximum stack size of 512K to 1M should be more than enough for any
+pattern.
+.P
+The \fBpcre_assign_jit_stack()\fP function specifies which stack JIT code
+should use. Its arguments are as follows:
+.sp
+  pcre_extra         *extra
+  pcre_jit_callback  callback
+  void               *data
+.sp
+The \fIextra\fP argument must be the result of studying a pattern with
+PCRE_STUDY_JIT_COMPILE etc. There are three cases for the values of the other
+two options:
+.sp
+  (1) If \fIcallback\fP is NULL and \fIdata\fP is NULL, an internal 32K block
+      on the machine stack is used.
+.sp
+  (2) If \fIcallback\fP is NULL and \fIdata\fP is not NULL, \fIdata\fP must be
+      a valid JIT stack, the result of calling \fBpcre_jit_stack_alloc()\fP.
+.sp
+  (3) If \fIcallback\fP is not NULL, it must point to a function that is
+      called with \fIdata\fP as an argument at the start of matching, in
+      order to set up a JIT stack. If the return from the callback
+      function is NULL, the internal 32K stack is used; otherwise the
+      return value must be a valid JIT stack, the result of calling
+      \fBpcre_jit_stack_alloc()\fP.
+.sp
+A callback function is obeyed whenever JIT code is about to be run; it is not
+obeyed when \fBpcre_exec()\fP is called with options that are incompatible for
+JIT execution. A callback function can therefore be used to determine whether a
+match operation was executed by JIT or by the interpreter.
+.P
+You may safely use the same JIT stack for more than one pattern (either by
+assigning directly or by callback), as long as the patterns are all matched
+sequentially in the same thread. In a multithread application, if you do not
+specify a JIT stack, or if you assign or pass back NULL from a callback, that
+is thread-safe, because each thread has its own machine stack. However, if you
+assign or pass back a non-NULL JIT stack, this must be a different stack for
+each thread so that the application is thread-safe.
+.P
+Strictly speaking, even more is allowed. You can assign the same non-NULL stack
+to any number of patterns as long as they are not used for matching by multiple
+threads at the same time. For example, you can assign the same stack to all
+compiled patterns, and use a global mutex in the callback to wait until the
+stack is available for use. However, this is an inefficient solution, and not
+recommended.
+.P
+This is a suggestion for how a multithreaded program that needs to set up
+non-default JIT stacks might operate:
+.sp
+  During thread initalization
+    thread_local_var = pcre_jit_stack_alloc(...)
+.sp
+  During thread exit
+    pcre_jit_stack_free(thread_local_var)
+.sp
+  Use a one-line callback function
+    return thread_local_var
+.sp
+All the functions described in this section do nothing if JIT is not available,
+and \fBpcre_assign_jit_stack()\fP does nothing unless the \fBextra\fP argument
+is non-NULL and points to a \fBpcre_extra\fP block that is the result of a
+successful study with PCRE_STUDY_JIT_COMPILE etc.
+.
+.
+.\" HTML <a name="stackfaq"></a>
+.SH "JIT STACK FAQ"
+.rs
+.sp
+(1) Why do we need JIT stacks?
+.sp
+PCRE (and JIT) is a recursive, depth-first engine, so it needs a stack where
+the local data of the current node is pushed before checking its child nodes.
+Allocating real machine stack on some platforms is difficult. For example, the
+stack chain needs to be updated every time if we extend the stack on PowerPC.
+Although it is possible, its updating time overhead decreases performance. So
+we do the recursion in memory.
+.P
+(2) Why don't we simply allocate blocks of memory with \fBmalloc()\fP?
+.sp
+Modern operating systems have a nice feature: they can reserve an address space
+instead of allocating memory. We can safely allocate memory pages inside this
+address space, so the stack could grow without moving memory data (this is
+important because of pointers). Thus we can allocate 1M address space, and use
+only a single memory page (usually 4K) if that is enough. However, we can still
+grow up to 1M anytime if needed.
+.P
+(3) Who "owns" a JIT stack?
+.sp
+The owner of the stack is the user program, not the JIT studied pattern or
+anything else. The user program must ensure that if a stack is used by
+\fBpcre_exec()\fP, (that is, it is assigned to the pattern currently running),
+that stack must not be used by any other threads (to avoid overwriting the same
+memory area). The best practice for multithreaded programs is to allocate a
+stack for each thread, and return this stack through the JIT callback function.
+.P
+(4) When should a JIT stack be freed?
+.sp
+You can free a JIT stack at any time, as long as it will not be used by
+\fBpcre_exec()\fP again. When you assign the stack to a pattern, only a pointer
+is set. There is no reference counting or any other magic. You can free the
+patterns and stacks in any order, anytime. Just \fIdo not\fP call
+\fBpcre_exec()\fP with a pattern pointing to an already freed stack, as that
+will cause SEGFAULT. (Also, do not free a stack currently used by
+\fBpcre_exec()\fP in another thread). You can also replace the stack for a
+pattern at any time. You can even free the previous stack before assigning a
+replacement.
+.P
+(5) Should I allocate/free a stack every time before/after calling
+\fBpcre_exec()\fP?
+.sp
+No, because this is too costly in terms of resources. However, you could
+implement some clever idea which release the stack if it is not used in let's
+say two minutes. The JIT callback can help to achieve this without keeping a
+list of the currently JIT studied patterns.
+.P
+(6) OK, the stack is for long term memory allocation. But what happens if a
+pattern causes stack overflow with a stack of 1M? Is that 1M kept until the
+stack is freed?
+.sp
+Especially on embedded sytems, it might be a good idea to release memory
+sometimes without freeing the stack. There is no API for this at the moment.
+Probably a function call which returns with the currently allocated memory for
+any stack and another which allows releasing memory (shrinking the stack) would
+be a good idea if someone needs this.
+.P
+(7) This is too much of a headache. Isn't there any better solution for JIT
+stack handling?
+.sp
+No, thanks to Windows. If POSIX threads were used everywhere, we could throw
+out this complicated API.
+.
+.
+.SH "EXAMPLE CODE"
+.rs
+.sp
+This is a single-threaded example that specifies a JIT stack without using a
+callback.
+.sp
+  int rc;
+  int ovector[30];
+  pcre *re;
+  pcre_extra *extra;
+  pcre_jit_stack *jit_stack;
+.sp
+  re = pcre_compile(pattern, 0, &error, &erroffset, NULL);
+  /* Check for errors */
+  extra = pcre_study(re, PCRE_STUDY_JIT_COMPILE, &error);
+  jit_stack = pcre_jit_stack_alloc(32*1024, 512*1024);
+  /* Check for error (NULL) */
+  pcre_assign_jit_stack(extra, NULL, jit_stack);
+  rc = pcre_exec(re, extra, subject, length, 0, 0, ovector, 30);
+  /* Check results */
+  pcre_free(re);
+  pcre_free_study(extra);
+  pcre_jit_stack_free(jit_stack);
+.sp
+.
+.
+.SH "JIT FAST PATH API"
+.rs
+.sp
+Because the API described above falls back to interpreted execution when JIT is
+not available, it is convenient for programs that are written for general use
+in many environments. However, calling JIT via \fBpcre_exec()\fP does have a
+performance impact. Programs that are written for use where JIT is known to be
+available, and which need the best possible performance, can instead use a
+"fast path" API to call JIT execution directly instead of calling
+\fBpcre_exec()\fP (obviously only for patterns that have been successfully
+studied by JIT).
+.P
+The fast path function is called \fBpcre_jit_exec()\fP, and it takes exactly
+the same arguments as \fBpcre_exec()\fP, plus one additional argument that
+must point to a JIT stack. The JIT stack arrangements described above do not
+apply. The return values are the same as for \fBpcre_exec()\fP.
+.P
+When you call \fBpcre_exec()\fP, as well as testing for invalid options, a
+number of other sanity checks are performed on the arguments. For example, if
+the subject pointer is NULL, or its length is negative, an immediate error is
+given. Also, unless PCRE_NO_UTF[8|16|32] is set, a UTF subject string is tested
+for validity. In the interests of speed, these checks do not happen on the JIT
+fast path, and if invalid data is passed, the result is undefined.
+.P
+Bypassing the sanity checks and the \fBpcre_exec()\fP wrapping can give
+speedups of more than 10%.
+.P
+Note that the \fBpcre_jit_exec()\fP function is not available in versions of
+PCRE before 8.32 (released in November 2012). If you need to support versions
+that old you must either use the slower \fBpcre_exec()\fP, or switch between
+the two codepaths by checking the values of PCRE_MAJOR and PCRE_MINOR.
+.P
+Due to an unfortunate implementation oversight, even in versions 8.32
+and later there will be no \fBpcre_jit_exec()\fP stub function defined
+when PCRE is compiled with --disable-jit, which is the default, and
+there's no way to detect whether PCRE was compiled with --enable-jit
+via a macro.
+.P
+If you need to support versions older than 8.32, or versions that may
+not build with --enable-jit, you must either use the slower
+\fBpcre_exec()\fP, or switch between the two codepaths by checking the
+values of PCRE_MAJOR and PCRE_MINOR.
+.P
+Switching between the two by checking the version assumes that all the
+versions being targeted are built with --enable-jit. To also support
+builds that may use --disable-jit either \fBpcre_exec()\fP must be
+used, or a compile-time check for JIT via \fBpcre_config()\fP (which
+assumes the runtime environment will be the same), or as the Git
+project decided to do, simply assume that \fBpcre_jit_exec()\fP is
+present in 8.32 or later unless a compile-time flag is provided, see
+the "grep: un-break building with PCRE >= 8.32 without --enable-jit"
+commit in git.git for an example of that.
+.
+.
+.SH "SEE ALSO"
+.rs
+.sp
+\fBpcreapi\fP(3)
+.
+.
+.SH AUTHOR
+.rs
+.sp
+.nf
+Philip Hazel (FAQ by Zoltan Herczeg)
+University Computing Service
+Cambridge CB2 3QH, England.
+.fi
+.
+.
+.SH REVISION
+.rs
+.sp
+.nf
+Last updated: 05 July 2017
+Copyright (c) 1997-2017 University of Cambridge.
+.fi
diff --git a/client/3rd/ShadowSocks/ShadowSocks/pcre/arm64/share/man/man3/pcrelimits.3 b/client/3rd/ShadowSocks/ShadowSocks/pcre/arm64/share/man/man3/pcrelimits.3
new file mode 100644
index 00000000..423d6a27
--- /dev/null
+++ b/client/3rd/ShadowSocks/ShadowSocks/pcre/arm64/share/man/man3/pcrelimits.3
@@ -0,0 +1,71 @@
+.TH PCRELIMITS 3 "05 November 2013" "PCRE 8.34"
+.SH NAME
+PCRE - Perl-compatible regular expressions
+.SH "SIZE AND OTHER LIMITATIONS"
+.rs
+.sp
+There are some size limitations in PCRE but it is hoped that they will never in
+practice be relevant.
+.P
+The maximum length of a compiled pattern is approximately 64K data units (bytes
+for the 8-bit library, 16-bit units for the 16-bit library, and 32-bit units for
+the 32-bit library) if PCRE is compiled with the default internal linkage size,
+which is 2 bytes for the 8-bit and 16-bit libraries, and 4 bytes for the 32-bit
+library. If you want to process regular expressions that are truly enormous,
+you can compile PCRE with an internal linkage size of 3 or 4 (when building the
+16-bit or 32-bit library, 3 is rounded up to 4). See the \fBREADME\fP file in
+the source distribution and the
+.\" HREF
+\fBpcrebuild\fP
+.\"
+documentation for details. In these cases the limit is substantially larger.
+However, the speed of execution is slower.
+.P
+All values in repeating quantifiers must be less than 65536.
+.P
+There is no limit to the number of parenthesized subpatterns, but there can be
+no more than 65535 capturing subpatterns. There is, however, a limit to the
+depth of nesting of parenthesized subpatterns of all kinds. This is imposed in
+order to limit the amount of system stack used at compile time. The limit can
+be specified when PCRE is built; the default is 250.
+.P
+There is a limit to the number of forward references to subsequent subpatterns
+of around 200,000. Repeated forward references with fixed upper limits, for
+example, (?2){0,100} when subpattern number 2 is to the right, are included in
+the count. There is no limit to the number of backward references.
+.P
+The maximum length of name for a named subpattern is 32 characters, and the
+maximum number of named subpatterns is 10000.
+.P
+The maximum length of a name in a (*MARK), (*PRUNE), (*SKIP), or (*THEN) verb
+is 255 for the 8-bit library and 65535 for the 16-bit and 32-bit libraries.
+.P
+The maximum length of a subject string is the largest positive number that an
+integer variable can hold. However, when using the traditional matching
+function, PCRE uses recursion to handle subpatterns and indefinite repetition.
+This means that the available stack space may limit the size of a subject
+string that can be processed by certain patterns. For a discussion of stack
+issues, see the
+.\" HREF
+\fBpcrestack\fP
+.\"
+documentation.
+.
+.
+.SH AUTHOR
+.rs
+.sp
+.nf
+Philip Hazel
+University Computing Service
+Cambridge CB2 3QH, England.
+.fi
+.
+.
+.SH REVISION
+.rs
+.sp
+.nf
+Last updated: 05 November 2013
+Copyright (c) 1997-2013 University of Cambridge.
+.fi
diff --git a/client/3rd/ShadowSocks/ShadowSocks/pcre/arm64/share/man/man3/pcrematching.3 b/client/3rd/ShadowSocks/ShadowSocks/pcre/arm64/share/man/man3/pcrematching.3
new file mode 100644
index 00000000..268baf9b
--- /dev/null
+++ b/client/3rd/ShadowSocks/ShadowSocks/pcre/arm64/share/man/man3/pcrematching.3
@@ -0,0 +1,214 @@
+.TH PCREMATCHING 3 "12 November 2013" "PCRE 8.34"
+.SH NAME
+PCRE - Perl-compatible regular expressions
+.SH "PCRE MATCHING ALGORITHMS"
+.rs
+.sp
+This document describes the two different algorithms that are available in PCRE
+for matching a compiled regular expression against a given subject string. The
+"standard" algorithm is the one provided by the \fBpcre_exec()\fP,
+\fBpcre16_exec()\fP and \fBpcre32_exec()\fP functions. These work in the same
+as as Perl's matching function, and provide a Perl-compatible matching operation.
+The just-in-time (JIT) optimization that is described in the
+.\" HREF
+\fBpcrejit\fP
+.\"
+documentation is compatible with these functions.
+.P
+An alternative algorithm is provided by the \fBpcre_dfa_exec()\fP,
+\fBpcre16_dfa_exec()\fP and \fBpcre32_dfa_exec()\fP functions; they operate in
+a different way, and are not Perl-compatible. This alternative has advantages
+and disadvantages compared with the standard algorithm, and these are described
+below.
+.P
+When there is only one possible way in which a given subject string can match a
+pattern, the two algorithms give the same answer. A difference arises, however,
+when there are multiple possibilities. For example, if the pattern
+.sp
+  ^<.*>
+.sp
+is matched against the string
+.sp
+  <something> <something else> <something further>
+.sp
+there are three possible answers. The standard algorithm finds only one of
+them, whereas the alternative algorithm finds all three.
+.
+.
+.SH "REGULAR EXPRESSIONS AS TREES"
+.rs
+.sp
+The set of strings that are matched by a regular expression can be represented
+as a tree structure. An unlimited repetition in the pattern makes the tree of
+infinite size, but it is still a tree. Matching the pattern to a given subject
+string (from a given starting point) can be thought of as a search of the tree.
+There are two ways to search a tree: depth-first and breadth-first, and these
+correspond to the two matching algorithms provided by PCRE.
+.
+.
+.SH "THE STANDARD MATCHING ALGORITHM"
+.rs
+.sp
+In the terminology of Jeffrey Friedl's book "Mastering Regular
+Expressions", the standard algorithm is an "NFA algorithm". It conducts a
+depth-first search of the pattern tree. That is, it proceeds along a single
+path through the tree, checking that the subject matches what is required. When
+there is a mismatch, the algorithm tries any alternatives at the current point,
+and if they all fail, it backs up to the previous branch point in the tree, and
+tries the next alternative branch at that level. This often involves backing up
+(moving to the left) in the subject string as well. The order in which
+repetition branches are tried is controlled by the greedy or ungreedy nature of
+the quantifier.
+.P
+If a leaf node is reached, a matching string has been found, and at that point
+the algorithm stops. Thus, if there is more than one possible match, this
+algorithm returns the first one that it finds. Whether this is the shortest,
+the longest, or some intermediate length depends on the way the greedy and
+ungreedy repetition quantifiers are specified in the pattern.
+.P
+Because it ends up with a single path through the tree, it is relatively
+straightforward for this algorithm to keep track of the substrings that are
+matched by portions of the pattern in parentheses. This provides support for
+capturing parentheses and back references.
+.
+.
+.SH "THE ALTERNATIVE MATCHING ALGORITHM"
+.rs
+.sp
+This algorithm conducts a breadth-first search of the tree. Starting from the
+first matching point in the subject, it scans the subject string from left to
+right, once, character by character, and as it does this, it remembers all the
+paths through the tree that represent valid matches. In Friedl's terminology,
+this is a kind of "DFA algorithm", though it is not implemented as a
+traditional finite state machine (it keeps multiple states active
+simultaneously).
+.P
+Although the general principle of this matching algorithm is that it scans the
+subject string only once, without backtracking, there is one exception: when a
+lookaround assertion is encountered, the characters following or preceding the
+current point have to be independently inspected.
+.P
+The scan continues until either the end of the subject is reached, or there are
+no more unterminated paths. At this point, terminated paths represent the
+different matching possibilities (if there are none, the match has failed).
+Thus, if there is more than one possible match, this algorithm finds all of
+them, and in particular, it finds the longest. The matches are returned in
+decreasing order of length. There is an option to stop the algorithm after the
+first match (which is necessarily the shortest) is found.
+.P
+Note that all the matches that are found start at the same point in the
+subject. If the pattern
+.sp
+  cat(er(pillar)?)?
+.sp
+is matched against the string "the caterpillar catchment", the result will be
+the three strings "caterpillar", "cater", and "cat" that start at the fifth
+character of the subject. The algorithm does not automatically move on to find
+matches that start at later positions.
+.P
+PCRE's "auto-possessification" optimization usually applies to character
+repeats at the end of a pattern (as well as internally). For example, the
+pattern "a\ed+" is compiled as if it were "a\ed++" because there is no point
+even considering the possibility of backtracking into the repeated digits. For
+DFA matching, this means that only one possible match is found. If you really
+do want multiple matches in such cases, either use an ungreedy repeat
+("a\ed+?") or set the PCRE_NO_AUTO_POSSESS option when compiling.
+.P
+There are a number of features of PCRE regular expressions that are not
+supported by the alternative matching algorithm. They are as follows:
+.P
+1. Because the algorithm finds all possible matches, the greedy or ungreedy
+nature of repetition quantifiers is not relevant. Greedy and ungreedy
+quantifiers are treated in exactly the same way. However, possessive
+quantifiers can make a difference when what follows could also match what is
+quantified, for example in a pattern like this:
+.sp
+  ^a++\ew!
+.sp
+This pattern matches "aaab!" but not "aaa!", which would be matched by a
+non-possessive quantifier. Similarly, if an atomic group is present, it is
+matched as if it were a standalone pattern at the current point, and the
+longest match is then "locked in" for the rest of the overall pattern.
+.P
+2. When dealing with multiple paths through the tree simultaneously, it is not
+straightforward to keep track of captured substrings for the different matching
+possibilities, and PCRE's implementation of this algorithm does not attempt to
+do this. This means that no captured substrings are available.
+.P
+3. Because no substrings are captured, back references within the pattern are
+not supported, and cause errors if encountered.
+.P
+4. For the same reason, conditional expressions that use a backreference as the
+condition or test for a specific group recursion are not supported.
+.P
+5. Because many paths through the tree may be active, the \eK escape sequence,
+which resets the start of the match when encountered (but may be on some paths
+and not on others), is not supported. It causes an error if encountered.
+.P
+6. Callouts are supported, but the value of the \fIcapture_top\fP field is
+always 1, and the value of the \fIcapture_last\fP field is always -1.
+.P
+7. The \eC escape sequence, which (in the standard algorithm) always matches a
+single data unit, even in UTF-8, UTF-16 or UTF-32 modes, is not supported in
+these modes, because the alternative algorithm moves through the subject string
+one character (not data unit) at a time, for all active paths through the tree.
+.P
+8. Except for (*FAIL), the backtracking control verbs such as (*PRUNE) are not
+supported. (*FAIL) is supported, and behaves like a failing negative assertion.
+.
+.
+.SH "ADVANTAGES OF THE ALTERNATIVE ALGORITHM"
+.rs
+.sp
+Using the alternative matching algorithm provides the following advantages:
+.P
+1. All possible matches (at a single point in the subject) are automatically
+found, and in particular, the longest match is found. To find more than one
+match using the standard algorithm, you have to do kludgy things with
+callouts.
+.P
+2. Because the alternative algorithm scans the subject string just once, and
+never needs to backtrack (except for lookbehinds), it is possible to pass very
+long subject strings to the matching function in several pieces, checking for
+partial matching each time. Although it is possible to do multi-segment
+matching using the standard algorithm by retaining partially matched
+substrings, it is more complicated. The
+.\" HREF
+\fBpcrepartial\fP
+.\"
+documentation gives details of partial matching and discusses multi-segment
+matching.
+.
+.
+.SH "DISADVANTAGES OF THE ALTERNATIVE ALGORITHM"
+.rs
+.sp
+The alternative algorithm suffers from a number of disadvantages:
+.P
+1. It is substantially slower than the standard algorithm. This is partly
+because it has to search for all possible matches, but is also because it is
+less susceptible to optimization.
+.P
+2. Capturing parentheses and back references are not supported.
+.P
+3. Although atomic groups are supported, their use does not provide the
+performance advantage that it does for the standard algorithm.
+.
+.
+.SH AUTHOR
+.rs
+.sp
+.nf
+Philip Hazel
+University Computing Service
+Cambridge CB2 3QH, England.
+.fi
+.
+.
+.SH REVISION
+.rs
+.sp
+.nf
+Last updated: 12 November 2013
+Copyright (c) 1997-2012 University of Cambridge.
+.fi
diff --git a/client/3rd/ShadowSocks/ShadowSocks/pcre/arm64/share/man/man3/pcrepartial.3 b/client/3rd/ShadowSocks/ShadowSocks/pcre/arm64/share/man/man3/pcrepartial.3
new file mode 100644
index 00000000..14d0124f
--- /dev/null
+++ b/client/3rd/ShadowSocks/ShadowSocks/pcre/arm64/share/man/man3/pcrepartial.3
@@ -0,0 +1,476 @@
+.TH PCREPARTIAL 3 "02 July 2013" "PCRE 8.34"
+.SH NAME
+PCRE - Perl-compatible regular expressions
+.SH "PARTIAL MATCHING IN PCRE"
+.rs
+.sp
+In normal use of PCRE, if the subject string that is passed to a matching
+function matches as far as it goes, but is too short to match the entire
+pattern, PCRE_ERROR_NOMATCH is returned. There are circumstances where it might
+be helpful to distinguish this case from other cases in which there is no
+match.
+.P
+Consider, for example, an application where a human is required to type in data
+for a field with specific formatting requirements. An example might be a date
+in the form \fIddmmmyy\fP, defined by this pattern:
+.sp
+  ^\ed?\ed(jan|feb|mar|apr|may|jun|jul|aug|sep|oct|nov|dec)\ed\ed$
+.sp
+If the application sees the user's keystrokes one by one, and can check that
+what has been typed so far is potentially valid, it is able to raise an error
+as soon as a mistake is made, by beeping and not reflecting the character that
+has been typed, for example. This immediate feedback is likely to be a better
+user interface than a check that is delayed until the entire string has been
+entered. Partial matching can also be useful when the subject string is very
+long and is not all available at once.
+.P
+PCRE supports partial matching by means of the PCRE_PARTIAL_SOFT and
+PCRE_PARTIAL_HARD options, which can be set when calling any of the matching
+functions. For backwards compatibility, PCRE_PARTIAL is a synonym for
+PCRE_PARTIAL_SOFT. The essential difference between the two options is whether
+or not a partial match is preferred to an alternative complete match, though
+the details differ between the two types of matching function. If both options
+are set, PCRE_PARTIAL_HARD takes precedence.
+.P
+If you want to use partial matching with just-in-time optimized code, you must
+call \fBpcre_study()\fP, \fBpcre16_study()\fP or  \fBpcre32_study()\fP with one
+or both of these options:
+.sp
+  PCRE_STUDY_JIT_PARTIAL_SOFT_COMPILE
+  PCRE_STUDY_JIT_PARTIAL_HARD_COMPILE
+.sp
+PCRE_STUDY_JIT_COMPILE should also be set if you are going to run non-partial
+matches on the same pattern. If the appropriate JIT study mode has not been set
+for a match, the interpretive matching code is used.
+.P
+Setting a partial matching option disables two of PCRE's standard
+optimizations. PCRE remembers the last literal data unit in a pattern, and
+abandons matching immediately if it is not present in the subject string. This
+optimization cannot be used for a subject string that might match only
+partially. If the pattern was studied, PCRE knows the minimum length of a
+matching string, and does not bother to run the matching function on shorter
+strings. This optimization is also disabled for partial matching.
+.
+.
+.SH "PARTIAL MATCHING USING pcre_exec() OR pcre[16|32]_exec()"
+.rs
+.sp
+A partial match occurs during a call to \fBpcre_exec()\fP or
+\fBpcre[16|32]_exec()\fP when the end of the subject string is reached
+successfully, but matching cannot continue because more characters are needed.
+However, at least one character in the subject must have been inspected. This
+character need not form part of the final matched string; lookbehind assertions
+and the \eK escape sequence provide ways of inspecting characters before the
+start of a matched substring. The requirement for inspecting at least one
+character exists because an empty string can always be matched; without such a
+restriction there would always be a partial match of an empty string at the end
+of the subject.
+.P
+If there are at least two slots in the offsets vector when a partial match is
+returned, the first slot is set to the offset of the earliest character that
+was inspected. For convenience, the second offset points to the end of the
+subject so that a substring can easily be identified. If there are at least
+three slots in the offsets vector, the third slot is set to the offset of the
+character where matching started.
+.P
+For the majority of patterns, the contents of the first and third slots will be
+the same. However, for patterns that contain lookbehind assertions, or begin
+with \eb or \eB, characters before the one where matching started may have been
+inspected while carrying out the match. For example, consider this pattern:
+.sp
+  /(?<=abc)123/
+.sp
+This pattern matches "123", but only if it is preceded by "abc". If the subject
+string is "xyzabc12", the first two offsets after a partial match are for the
+substring "abc12", because all these characters were inspected. However, the
+third offset is set to 6, because that is the offset where matching began.
+.P
+What happens when a partial match is identified depends on which of the two
+partial matching options are set.
+.
+.
+.SS "PCRE_PARTIAL_SOFT WITH pcre_exec() OR pcre[16|32]_exec()"
+.rs
+.sp
+If PCRE_PARTIAL_SOFT is set when \fBpcre_exec()\fP or \fBpcre[16|32]_exec()\fP
+identifies a partial match, the partial match is remembered, but matching
+continues as normal, and other alternatives in the pattern are tried. If no
+complete match can be found, PCRE_ERROR_PARTIAL is returned instead of
+PCRE_ERROR_NOMATCH.
+.P
+This option is "soft" because it prefers a complete match over a partial match.
+All the various matching items in a pattern behave as if the subject string is
+potentially complete. For example, \ez, \eZ, and $ match at the end of the
+subject, as normal, and for \eb and \eB the end of the subject is treated as a
+non-alphanumeric.
+.P
+If there is more than one partial match, the first one that was found provides
+the data that is returned. Consider this pattern:
+.sp
+  /123\ew+X|dogY/
+.sp
+If this is matched against the subject string "abc123dog", both
+alternatives fail to match, but the end of the subject is reached during
+matching, so PCRE_ERROR_PARTIAL is returned. The offsets are set to 3 and 9,
+identifying "123dog" as the first partial match that was found. (In this
+example, there are two partial matches, because "dog" on its own partially
+matches the second alternative.)
+.
+.
+.SS "PCRE_PARTIAL_HARD WITH pcre_exec() OR pcre[16|32]_exec()"
+.rs
+.sp
+If PCRE_PARTIAL_HARD is set for \fBpcre_exec()\fP or \fBpcre[16|32]_exec()\fP,
+PCRE_ERROR_PARTIAL is returned as soon as a partial match is found, without
+continuing to search for possible complete matches. This option is "hard"
+because it prefers an earlier partial match over a later complete match. For
+this reason, the assumption is made that the end of the supplied subject string
+may not be the true end of the available data, and so, if \ez, \eZ, \eb, \eB,
+or $ are encountered at the end of the subject, the result is
+PCRE_ERROR_PARTIAL, provided that at least one character in the subject has
+been inspected.
+.P
+Setting PCRE_PARTIAL_HARD also affects the way UTF-8 and UTF-16
+subject strings are checked for validity. Normally, an invalid sequence
+causes the error PCRE_ERROR_BADUTF8 or PCRE_ERROR_BADUTF16. However, in the
+special case of a truncated character at the end of the subject,
+PCRE_ERROR_SHORTUTF8 or PCRE_ERROR_SHORTUTF16 is returned when
+PCRE_PARTIAL_HARD is set.
+.
+.
+.SS "Comparing hard and soft partial matching"
+.rs
+.sp
+The difference between the two partial matching options can be illustrated by a
+pattern such as:
+.sp
+  /dog(sbody)?/
+.sp
+This matches either "dog" or "dogsbody", greedily (that is, it prefers the
+longer string if possible). If it is matched against the string "dog" with
+PCRE_PARTIAL_SOFT, it yields a complete match for "dog". However, if
+PCRE_PARTIAL_HARD is set, the result is PCRE_ERROR_PARTIAL. On the other hand,
+if the pattern is made ungreedy the result is different:
+.sp
+  /dog(sbody)??/
+.sp
+In this case the result is always a complete match because that is found first,
+and matching never continues after finding a complete match. It might be easier
+to follow this explanation by thinking of the two patterns like this:
+.sp
+  /dog(sbody)?/    is the same as  /dogsbody|dog/
+  /dog(sbody)??/   is the same as  /dog|dogsbody/
+.sp
+The second pattern will never match "dogsbody", because it will always find the
+shorter match first.
+.
+.
+.SH "PARTIAL MATCHING USING pcre_dfa_exec() OR pcre[16|32]_dfa_exec()"
+.rs
+.sp
+The DFA functions move along the subject string character by character, without
+backtracking, searching for all possible matches simultaneously. If the end of
+the subject is reached before the end of the pattern, there is the possibility
+of a partial match, again provided that at least one character has been
+inspected.
+.P
+When PCRE_PARTIAL_SOFT is set, PCRE_ERROR_PARTIAL is returned only if there
+have been no complete matches. Otherwise, the complete matches are returned.
+However, if PCRE_PARTIAL_HARD is set, a partial match takes precedence over any
+complete matches. The portion of the string that was inspected when the longest
+partial match was found is set as the first matching string, provided there are
+at least two slots in the offsets vector.
+.P
+Because the DFA functions always search for all possible matches, and there is
+no difference between greedy and ungreedy repetition, their behaviour is
+different from the standard functions when PCRE_PARTIAL_HARD is set. Consider
+the string "dog" matched against the ungreedy pattern shown above:
+.sp
+  /dog(sbody)??/
+.sp
+Whereas the standard functions stop as soon as they find the complete match for
+"dog", the DFA functions also find the partial match for "dogsbody", and so
+return that when PCRE_PARTIAL_HARD is set.
+.
+.
+.SH "PARTIAL MATCHING AND WORD BOUNDARIES"
+.rs
+.sp
+If a pattern ends with one of sequences \eb or \eB, which test for word
+boundaries, partial matching with PCRE_PARTIAL_SOFT can give counter-intuitive
+results. Consider this pattern:
+.sp
+  /\ebcat\eb/
+.sp
+This matches "cat", provided there is a word boundary at either end. If the
+subject string is "the cat", the comparison of the final "t" with a following
+character cannot take place, so a partial match is found. However, normal
+matching carries on, and \eb matches at the end of the subject when the last
+character is a letter, so a complete match is found. The result, therefore, is
+\fInot\fP PCRE_ERROR_PARTIAL. Using PCRE_PARTIAL_HARD in this case does yield
+PCRE_ERROR_PARTIAL, because then the partial match takes precedence.
+.
+.
+.SH "FORMERLY RESTRICTED PATTERNS"
+.rs
+.sp
+For releases of PCRE prior to 8.00, because of the way certain internal
+optimizations were implemented in the \fBpcre_exec()\fP function, the
+PCRE_PARTIAL option (predecessor of PCRE_PARTIAL_SOFT) could not be used with
+all patterns. From release 8.00 onwards, the restrictions no longer apply, and
+partial matching with can be requested for any pattern.
+.P
+Items that were formerly restricted were repeated single characters and
+repeated metasequences. If PCRE_PARTIAL was set for a pattern that did not
+conform to the restrictions, \fBpcre_exec()\fP returned the error code
+PCRE_ERROR_BADPARTIAL (-13). This error code is no longer in use. The
+PCRE_INFO_OKPARTIAL call to \fBpcre_fullinfo()\fP to find out if a compiled
+pattern can be used for partial matching now always returns 1.
+.
+.
+.SH "EXAMPLE OF PARTIAL MATCHING USING PCRETEST"
+.rs
+.sp
+If the escape sequence \eP is present in a \fBpcretest\fP data line, the
+PCRE_PARTIAL_SOFT option is used for the match. Here is a run of \fBpcretest\fP
+that uses the date example quoted above:
+.sp
+    re> /^\ed?\ed(jan|feb|mar|apr|may|jun|jul|aug|sep|oct|nov|dec)\ed\ed$/
+  data> 25jun04\eP
+   0: 25jun04
+   1: jun
+  data> 25dec3\eP
+  Partial match: 23dec3
+  data> 3ju\eP
+  Partial match: 3ju
+  data> 3juj\eP
+  No match
+  data> j\eP
+  No match
+.sp
+The first data string is matched completely, so \fBpcretest\fP shows the
+matched substrings. The remaining four strings do not match the complete
+pattern, but the first two are partial matches. Similar output is obtained
+if DFA matching is used.
+.P
+If the escape sequence \eP is present more than once in a \fBpcretest\fP data
+line, the PCRE_PARTIAL_HARD option is set for the match.
+.
+.
+.SH "MULTI-SEGMENT MATCHING WITH pcre_dfa_exec() OR pcre[16|32]_dfa_exec()"
+.rs
+.sp
+When a partial match has been found using a DFA matching function, it is
+possible to continue the match by providing additional subject data and calling
+the function again with the same compiled regular expression, this time setting
+the PCRE_DFA_RESTART option. You must pass the same working space as before,
+because this is where details of the previous partial match are stored. Here is
+an example using \fBpcretest\fP, using the \eR escape sequence to set the
+PCRE_DFA_RESTART option (\eD specifies the use of the DFA matching function):
+.sp
+    re> /^\ed?\ed(jan|feb|mar|apr|may|jun|jul|aug|sep|oct|nov|dec)\ed\ed$/
+  data> 23ja\eP\eD
+  Partial match: 23ja
+  data> n05\eR\eD
+   0: n05
+.sp
+The first call has "23ja" as the subject, and requests partial matching; the
+second call has "n05" as the subject for the continued (restarted) match.
+Notice that when the match is complete, only the last part is shown; PCRE does
+not retain the previously partially-matched string. It is up to the calling
+program to do that if it needs to.
+.P
+That means that, for an unanchored pattern, if a continued match fails, it is
+not possible to try again at a new starting point. All this facility is capable
+of doing is continuing with the previous match attempt. In the previous
+example, if the second set of data is "ug23" the result is no match, even
+though there would be a match for "aug23" if the entire string were given at
+once. Depending on the application, this may or may not be what you want.
+The only way to allow for starting again at the next character is to retain the
+matched part of the subject and try a new complete match.
+.P
+You can set the PCRE_PARTIAL_SOFT or PCRE_PARTIAL_HARD options with
+PCRE_DFA_RESTART to continue partial matching over multiple segments. This
+facility can be used to pass very long subject strings to the DFA matching
+functions.
+.
+.
+.SH "MULTI-SEGMENT MATCHING WITH pcre_exec() OR pcre[16|32]_exec()"
+.rs
+.sp
+From release 8.00, the standard matching functions can also be used to do
+multi-segment matching. Unlike the DFA functions, it is not possible to
+restart the previous match with a new segment of data. Instead, new data must
+be added to the previous subject string, and the entire match re-run, starting
+from the point where the partial match occurred. Earlier data can be discarded.
+.P
+It is best to use PCRE_PARTIAL_HARD in this situation, because it does not
+treat the end of a segment as the end of the subject when matching \ez, \eZ,
+\eb, \eB, and $. Consider an unanchored pattern that matches dates:
+.sp
+    re> /\ed?\ed(jan|feb|mar|apr|may|jun|jul|aug|sep|oct|nov|dec)\ed\ed/
+  data> The date is 23ja\eP\eP
+  Partial match: 23ja
+.sp
+At this stage, an application could discard the text preceding "23ja", add on
+text from the next segment, and call the matching function again. Unlike the
+DFA matching functions, the entire matching string must always be available,
+and the complete matching process occurs for each call, so more memory and more
+processing time is needed.
+.P
+\fBNote:\fP If the pattern contains lookbehind assertions, or \eK, or starts
+with \eb or \eB, the string that is returned for a partial match includes
+characters that precede the start of what would be returned for a complete
+match, because it contains all the characters that were inspected during the
+partial match.
+.
+.
+.SH "ISSUES WITH MULTI-SEGMENT MATCHING"
+.rs
+.sp
+Certain types of pattern may give problems with multi-segment matching,
+whichever matching function is used.
+.P
+1. If the pattern contains a test for the beginning of a line, you need to pass
+the PCRE_NOTBOL option when the subject string for any call does start at the
+beginning of a line. There is also a PCRE_NOTEOL option, but in practice when
+doing multi-segment matching you should be using PCRE_PARTIAL_HARD, which
+includes the effect of PCRE_NOTEOL.
+.P
+2. Lookbehind assertions that have already been obeyed are catered for in the
+offsets that are returned for a partial match. However a lookbehind assertion
+later in the pattern could require even earlier characters to be inspected. You
+can handle this case by using the PCRE_INFO_MAXLOOKBEHIND option of the
+\fBpcre_fullinfo()\fP or \fBpcre[16|32]_fullinfo()\fP functions to obtain the
+length of the longest lookbehind in the pattern. This length is given in
+characters, not bytes. If you always retain at least that many characters
+before the partially matched string, all should be well. (Of course, near the
+start of the subject, fewer characters may be present; in that case all
+characters should be retained.)
+.P
+From release 8.33, there is a more accurate way of deciding which characters to
+retain. Instead of subtracting the length of the longest lookbehind from the
+earliest inspected character (\fIoffsets[0]\fP), the match start position
+(\fIoffsets[2]\fP) should be used, and the next match attempt started at the
+\fIoffsets[2]\fP character by setting the \fIstartoffset\fP argument of
+\fBpcre_exec()\fP or \fBpcre_dfa_exec()\fP.
+.P
+For example, if the pattern "(?<=123)abc" is partially
+matched against the string "xx123a", the three offset values returned are 2, 6,
+and 5. This indicates that the matching process that gave a partial match
+started at offset 5, but the characters "123a" were all inspected. The maximum
+lookbehind for that pattern is 3, so taking that away from 5 shows that we need
+only keep "123a", and the next match attempt can be started at offset 3 (that
+is, at "a") when further characters have been added. When the match start is
+not the earliest inspected character, \fBpcretest\fP shows it explicitly:
+.sp
+    re> "(?<=123)abc"
+  data> xx123a\eP\eP
+  Partial match at offset 5: 123a
+.P
+3. Because a partial match must always contain at least one character, what
+might be considered a partial match of an empty string actually gives a "no
+match" result. For example:
+.sp
+    re> /c(?<=abc)x/
+  data> ab\eP
+  No match
+.sp
+If the next segment begins "cx", a match should be found, but this will only
+happen if characters from the previous segment are retained. For this reason, a
+"no match" result should be interpreted as "partial match of an empty string"
+when the pattern contains lookbehinds.
+.P
+4. Matching a subject string that is split into multiple segments may not
+always produce exactly the same result as matching over one single long string,
+especially when PCRE_PARTIAL_SOFT is used. The section "Partial Matching and
+Word Boundaries" above describes an issue that arises if the pattern ends with
+\eb or \eB. Another kind of difference may occur when there are multiple
+matching possibilities, because (for PCRE_PARTIAL_SOFT) a partial match result
+is given only when there are no completed matches. This means that as soon as
+the shortest match has been found, continuation to a new subject segment is no
+longer possible. Consider again this \fBpcretest\fP example:
+.sp
+    re> /dog(sbody)?/
+  data> dogsb\eP
+   0: dog
+  data> do\eP\eD
+  Partial match: do
+  data> gsb\eR\eP\eD
+   0: g
+  data> dogsbody\eD
+   0: dogsbody
+   1: dog
+.sp
+The first data line passes the string "dogsb" to a standard matching function,
+setting the PCRE_PARTIAL_SOFT option. Although the string is a partial match
+for "dogsbody", the result is not PCRE_ERROR_PARTIAL, because the shorter
+string "dog" is a complete match. Similarly, when the subject is presented to
+a DFA matching function in several parts ("do" and "gsb" being the first two)
+the match stops when "dog" has been found, and it is not possible to continue.
+On the other hand, if "dogsbody" is presented as a single string, a DFA
+matching function finds both matches.
+.P
+Because of these problems, it is best to use PCRE_PARTIAL_HARD when matching
+multi-segment data. The example above then behaves differently:
+.sp
+    re> /dog(sbody)?/
+  data> dogsb\eP\eP
+  Partial match: dogsb
+  data> do\eP\eD
+  Partial match: do
+  data> gsb\eR\eP\eP\eD
+  Partial match: gsb
+.sp
+5. Patterns that contain alternatives at the top level which do not all start
+with the same pattern item may not work as expected when PCRE_DFA_RESTART is
+used. For example, consider this pattern:
+.sp
+  1234|3789
+.sp
+If the first part of the subject is "ABC123", a partial match of the first
+alternative is found at offset 3. There is no partial match for the second
+alternative, because such a match does not start at the same point in the
+subject string. Attempting to continue with the string "7890" does not yield a
+match because only those alternatives that match at one point in the subject
+are remembered. The problem arises because the start of the second alternative
+matches within the first alternative. There is no problem with anchored
+patterns or patterns such as:
+.sp
+  1234|ABCD
+.sp
+where no string can be a partial match for both alternatives. This is not a
+problem if a standard matching function is used, because the entire match has
+to be rerun each time:
+.sp
+    re> /1234|3789/
+  data> ABC123\eP\eP
+  Partial match: 123
+  data> 1237890
+   0: 3789
+.sp
+Of course, instead of using PCRE_DFA_RESTART, the same technique of re-running
+the entire match can also be used with the DFA matching functions. Another
+possibility is to work with two buffers. If a partial match at offset \fIn\fP
+in the first buffer is followed by "no match" when PCRE_DFA_RESTART is used on
+the second buffer, you can then try a new match starting at offset \fIn+1\fP in
+the first buffer.
+.
+.
+.SH AUTHOR
+.rs
+.sp
+.nf
+Philip Hazel
+University Computing Service
+Cambridge CB2 3QH, England.
+.fi
+.
+.
+.SH REVISION
+.rs
+.sp
+.nf
+Last updated: 02 July 2013
+Copyright (c) 1997-2013 University of Cambridge.
+.fi
diff --git a/client/3rd/ShadowSocks/ShadowSocks/pcre/arm64/share/man/man3/pcrepattern.3 b/client/3rd/ShadowSocks/ShadowSocks/pcre/arm64/share/man/man3/pcrepattern.3
new file mode 100644
index 00000000..97df217f
--- /dev/null
+++ b/client/3rd/ShadowSocks/ShadowSocks/pcre/arm64/share/man/man3/pcrepattern.3
@@ -0,0 +1,3304 @@
+.TH PCREPATTERN 3 "23 October 2016" "PCRE 8.40"
+.SH NAME
+PCRE - Perl-compatible regular expressions
+.SH "PCRE REGULAR EXPRESSION DETAILS"
+.rs
+.sp
+The syntax and semantics of the regular expressions that are supported by PCRE
+are described in detail below. There is a quick-reference syntax summary in the
+.\" HREF
+\fBpcresyntax\fP
+.\"
+page. PCRE tries to match Perl syntax and semantics as closely as it can. PCRE
+also supports some alternative regular expression syntax (which does not
+conflict with the Perl syntax) in order to provide some compatibility with
+regular expressions in Python, .NET, and Oniguruma.
+.P
+Perl's regular expressions are described in its own documentation, and
+regular expressions in general are covered in a number of books, some of which
+have copious examples. Jeffrey Friedl's "Mastering Regular Expressions",
+published by O'Reilly, covers regular expressions in great detail. This
+description of PCRE's regular expressions is intended as reference material.
+.P
+This document discusses the patterns that are supported by PCRE when one its
+main matching functions, \fBpcre_exec()\fP (8-bit) or \fBpcre[16|32]_exec()\fP
+(16- or 32-bit), is used. PCRE also has alternative matching functions,
+\fBpcre_dfa_exec()\fP and \fBpcre[16|32_dfa_exec()\fP, which match using a
+different algorithm that is not Perl-compatible. Some of the features discussed
+below are not available when DFA matching is used. The advantages and
+disadvantages of the alternative functions, and how they differ from the normal
+functions, are discussed in the
+.\" HREF
+\fBpcrematching\fP
+.\"
+page.
+.
+.
+.SH "SPECIAL START-OF-PATTERN ITEMS"
+.rs
+.sp
+A number of options that can be passed to \fBpcre_compile()\fP can also be set
+by special items at the start of a pattern. These are not Perl-compatible, but
+are provided to make these options accessible to pattern writers who are not
+able to change the program that processes the pattern. Any number of these
+items may appear, but they must all be together right at the start of the
+pattern string, and the letters must be in upper case.
+.
+.
+.SS "UTF support"
+.rs
+.sp
+The original operation of PCRE was on strings of one-byte characters. However,
+there is now also support for UTF-8 strings in the original library, an
+extra library that supports 16-bit and UTF-16 character strings, and a
+third library that supports 32-bit and UTF-32 character strings. To use these
+features, PCRE must be built to include appropriate support. When using UTF
+strings you must either call the compiling function with the PCRE_UTF8,
+PCRE_UTF16, or PCRE_UTF32 option, or the pattern must start with one of
+these special sequences:
+.sp
+  (*UTF8)
+  (*UTF16)
+  (*UTF32)
+  (*UTF)
+.sp
+(*UTF) is a generic sequence that can be used with any of the libraries.
+Starting a pattern with such a sequence is equivalent to setting the relevant
+option. How setting a UTF mode affects pattern matching is mentioned in several
+places below. There is also a summary of features in the
+.\" HREF
+\fBpcreunicode\fP
+.\"
+page.
+.P
+Some applications that allow their users to supply patterns may wish to
+restrict them to non-UTF data for security reasons. If the PCRE_NEVER_UTF
+option is set at compile time, (*UTF) etc. are not allowed, and their
+appearance causes an error.
+.
+.
+.SS "Unicode property support"
+.rs
+.sp
+Another special sequence that may appear at the start of a pattern is (*UCP).
+This has the same effect as setting the PCRE_UCP option: it causes sequences
+such as \ed and \ew to use Unicode properties to determine character types,
+instead of recognizing only characters with codes less than 128 via a lookup
+table.
+.
+.
+.SS "Disabling auto-possessification"
+.rs
+.sp
+If a pattern starts with (*NO_AUTO_POSSESS), it has the same effect as setting
+the PCRE_NO_AUTO_POSSESS option at compile time. This stops PCRE from making
+quantifiers possessive when what follows cannot match the repeated item. For
+example, by default a+b is treated as a++b. For more details, see the
+.\" HREF
+\fBpcreapi\fP
+.\"
+documentation.
+.
+.
+.SS "Disabling start-up optimizations"
+.rs
+.sp
+If a pattern starts with (*NO_START_OPT), it has the same effect as setting the
+PCRE_NO_START_OPTIMIZE option either at compile or matching time. This disables
+several optimizations for quickly reaching "no match" results. For more
+details, see the
+.\" HREF
+\fBpcreapi\fP
+.\"
+documentation.
+.
+.
+.\" HTML <a name="newlines"></a>
+.SS "Newline conventions"
+.rs
+.sp
+PCRE supports five different conventions for indicating line breaks in
+strings: a single CR (carriage return) character, a single LF (linefeed)
+character, the two-character sequence CRLF, any of the three preceding, or any
+Unicode newline sequence. The
+.\" HREF
+\fBpcreapi\fP
+.\"
+page has
+.\" HTML <a href="pcreapi.html#newlines">
+.\" </a>
+further discussion
+.\"
+about newlines, and shows how to set the newline convention in the
+\fIoptions\fP arguments for the compiling and matching functions.
+.P
+It is also possible to specify a newline convention by starting a pattern
+string with one of the following five sequences:
+.sp
+  (*CR)        carriage return
+  (*LF)        linefeed
+  (*CRLF)      carriage return, followed by linefeed
+  (*ANYCRLF)   any of the three above
+  (*ANY)       all Unicode newline sequences
+.sp
+These override the default and the options given to the compiling function. For
+example, on a Unix system where LF is the default newline sequence, the pattern
+.sp
+  (*CR)a.b
+.sp
+changes the convention to CR. That pattern matches "a\enb" because LF is no
+longer a newline. If more than one of these settings is present, the last one
+is used.
+.P
+The newline convention affects where the circumflex and dollar assertions are
+true. It also affects the interpretation of the dot metacharacter when
+PCRE_DOTALL is not set, and the behaviour of \eN. However, it does not affect
+what the \eR escape sequence matches. By default, this is any Unicode newline
+sequence, for Perl compatibility. However, this can be changed; see the
+description of \eR in the section entitled
+.\" HTML <a href="#newlineseq">
+.\" </a>
+"Newline sequences"
+.\"
+below. A change of \eR setting can be combined with a change of newline
+convention.
+.
+.
+.SS "Setting match and recursion limits"
+.rs
+.sp
+The caller of \fBpcre_exec()\fP can set a limit on the number of times the
+internal \fBmatch()\fP function is called and on the maximum depth of
+recursive calls. These facilities are provided to catch runaway matches that
+are provoked by patterns with huge matching trees (a typical example is a
+pattern with nested unlimited repeats) and to avoid running out of system stack
+by too much recursion. When one of these limits is reached, \fBpcre_exec()\fP
+gives an error return. The limits can also be set by items at the start of the
+pattern of the form
+.sp
+  (*LIMIT_MATCH=d)
+  (*LIMIT_RECURSION=d)
+.sp
+where d is any number of decimal digits. However, the value of the setting must
+be less than the value set (or defaulted) by the caller of \fBpcre_exec()\fP
+for it to have any effect. In other words, the pattern writer can lower the
+limits set by the programmer, but not raise them. If there is more than one
+setting of one of these limits, the lower value is used.
+.
+.
+.SH "EBCDIC CHARACTER CODES"
+.rs
+.sp
+PCRE can be compiled to run in an environment that uses EBCDIC as its character
+code rather than ASCII or Unicode (typically a mainframe system). In the
+sections below, character code values are ASCII or Unicode; in an EBCDIC
+environment these characters may have different code values, and there are no
+code points greater than 255.
+.
+.
+.SH "CHARACTERS AND METACHARACTERS"
+.rs
+.sp
+A regular expression is a pattern that is matched against a subject string from
+left to right. Most characters stand for themselves in a pattern, and match the
+corresponding characters in the subject. As a trivial example, the pattern
+.sp
+  The quick brown fox
+.sp
+matches a portion of a subject string that is identical to itself. When
+caseless matching is specified (the PCRE_CASELESS option), letters are matched
+independently of case. In a UTF mode, PCRE always understands the concept of
+case for characters whose values are less than 128, so caseless matching is
+always possible. For characters with higher values, the concept of case is
+supported if PCRE is compiled with Unicode property support, but not otherwise.
+If you want to use caseless matching for characters 128 and above, you must
+ensure that PCRE is compiled with Unicode property support as well as with
+UTF support.
+.P
+The power of regular expressions comes from the ability to include alternatives
+and repetitions in the pattern. These are encoded in the pattern by the use of
+\fImetacharacters\fP, which do not stand for themselves but instead are
+interpreted in some special way.
+.P
+There are two different sets of metacharacters: those that are recognized
+anywhere in the pattern except within square brackets, and those that are
+recognized within square brackets. Outside square brackets, the metacharacters
+are as follows:
+.sp
+  \e      general escape character with several uses
+  ^      assert start of string (or line, in multiline mode)
+  $      assert end of string (or line, in multiline mode)
+  .      match any character except newline (by default)
+  [      start character class definition
+  |      start of alternative branch
+  (      start subpattern
+  )      end subpattern
+  ?      extends the meaning of (
+         also 0 or 1 quantifier
+         also quantifier minimizer
+  *      0 or more quantifier
+  +      1 or more quantifier
+         also "possessive quantifier"
+  {      start min/max quantifier
+.sp
+Part of a pattern that is in square brackets is called a "character class". In
+a character class the only metacharacters are:
+.sp
+  \e      general escape character
+  ^      negate the class, but only if the first character
+  -      indicates character range
+.\" JOIN
+  [      POSIX character class (only if followed by POSIX
+           syntax)
+  ]      terminates the character class
+.sp
+The following sections describe the use of each of the metacharacters.
+.
+.
+.SH BACKSLASH
+.rs
+.sp
+The backslash character has several uses. Firstly, if it is followed by a
+character that is not a number or a letter, it takes away any special meaning
+that character may have. This use of backslash as an escape character applies
+both inside and outside character classes.
+.P
+For example, if you want to match a * character, you write \e* in the pattern.
+This escaping action applies whether or not the following character would
+otherwise be interpreted as a metacharacter, so it is always safe to precede a
+non-alphanumeric with backslash to specify that it stands for itself. In
+particular, if you want to match a backslash, you write \e\e.
+.P
+In a UTF mode, only ASCII numbers and letters have any special meaning after a
+backslash. All other characters (in particular, those whose codepoints are
+greater than 127) are treated as literals.
+.P
+If a pattern is compiled with the PCRE_EXTENDED option, most white space in the
+pattern (other than in a character class), and characters between a # outside a
+character class and the next newline, inclusive, are ignored. An escaping
+backslash can be used to include a white space or # character as part of the
+pattern.
+.P
+If you want to remove the special meaning from a sequence of characters, you
+can do so by putting them between \eQ and \eE. This is different from Perl in
+that $ and @ are handled as literals in \eQ...\eE sequences in PCRE, whereas in
+Perl, $ and @ cause variable interpolation. Note the following examples:
+.sp
+  Pattern            PCRE matches   Perl matches
+.sp
+.\" JOIN
+  \eQabc$xyz\eE        abc$xyz        abc followed by the
+                                      contents of $xyz
+  \eQabc\e$xyz\eE       abc\e$xyz       abc\e$xyz
+  \eQabc\eE\e$\eQxyz\eE   abc$xyz        abc$xyz
+.sp
+The \eQ...\eE sequence is recognized both inside and outside character classes.
+An isolated \eE that is not preceded by \eQ is ignored. If \eQ is not followed
+by \eE later in the pattern, the literal interpretation continues to the end of
+the pattern (that is, \eE is assumed at the end). If the isolated \eQ is inside
+a character class, this causes an error, because the character class is not
+terminated.
+.
+.
+.\" HTML <a name="digitsafterbackslash"></a>
+.SS "Non-printing characters"
+.rs
+.sp
+A second use of backslash provides a way of encoding non-printing characters
+in patterns in a visible manner. There is no restriction on the appearance of
+non-printing characters, apart from the binary zero that terminates a pattern,
+but when a pattern is being prepared by text editing, it is often easier to use
+one of the following escape sequences than the binary character it represents.
+In an ASCII or Unicode environment, these escapes are as follows:
+.sp
+  \ea        alarm, that is, the BEL character (hex 07)
+  \ecx       "control-x", where x is any ASCII character
+  \ee        escape (hex 1B)
+  \ef        form feed (hex 0C)
+  \en        linefeed (hex 0A)
+  \er        carriage return (hex 0D)
+  \et        tab (hex 09)
+  \e0dd      character with octal code 0dd
+  \eddd      character with octal code ddd, or back reference
+  \eo{ddd..} character with octal code ddd..
+  \exhh      character with hex code hh
+  \ex{hhh..} character with hex code hhh.. (non-JavaScript mode)
+  \euhhhh    character with hex code hhhh (JavaScript mode only)
+.sp
+The precise effect of \ecx on ASCII characters is as follows: if x is a lower
+case letter, it is converted to upper case. Then bit 6 of the character (hex
+40) is inverted. Thus \ecA to \ecZ become hex 01 to hex 1A (A is 41, Z is 5A),
+but \ec{ becomes hex 3B ({ is 7B), and \ec; becomes hex 7B (; is 3B). If the
+data item (byte or 16-bit value) following \ec has a value greater than 127, a
+compile-time error occurs. This locks out non-ASCII characters in all modes.
+.P
+When PCRE is compiled in EBCDIC mode, \ea, \ee, \ef, \en, \er, and \et
+generate the appropriate EBCDIC code values. The \ec escape is processed
+as specified for Perl in the \fBperlebcdic\fP document. The only characters
+that are allowed after \ec are A-Z, a-z, or one of @, [, \e, ], ^, _, or ?. Any
+other character provokes a compile-time error. The sequence \ec@ encodes
+character code 0; after \ec the letters (in either case) encode characters 1-26
+(hex 01 to hex 1A); [, \e, ], ^, and _ encode characters 27-31 (hex 1B to hex
+1F), and \ec? becomes either 255 (hex FF) or 95 (hex 5F).
+.P
+Thus, apart from \ec?, these escapes generate the same character code values as
+they do in an ASCII environment, though the meanings of the values mostly
+differ. For example, \ecG always generates code value 7, which is BEL in ASCII
+but DEL in EBCDIC.
+.P
+The sequence \ec? generates DEL (127, hex 7F) in an ASCII environment, but
+because 127 is not a control character in EBCDIC, Perl makes it generate the
+APC character. Unfortunately, there are several variants of EBCDIC. In most of
+them the APC character has the value 255 (hex FF), but in the one Perl calls
+POSIX-BC its value is 95 (hex 5F). If certain other characters have POSIX-BC
+values, PCRE makes \ec? generate 95; otherwise it generates 255.
+.P
+After \e0 up to two further octal digits are read. If there are fewer than two
+digits, just those that are present are used. Thus the sequence \e0\ex\e015
+specifies two binary zeros followed by a CR character (code value 13). Make
+sure you supply two digits after the initial zero if the pattern character that
+follows is itself an octal digit.
+.P
+The escape \eo must be followed by a sequence of octal digits, enclosed in
+braces. An error occurs if this is not the case. This escape is a recent
+addition to Perl; it provides way of specifying character code points as octal
+numbers greater than 0777, and it also allows octal numbers and back references
+to be unambiguously specified.
+.P
+For greater clarity and unambiguity, it is best to avoid following \e by a
+digit greater than zero. Instead, use \eo{} or \ex{} to specify character
+numbers, and \eg{} to specify back references. The following paragraphs
+describe the old, ambiguous syntax.
+.P
+The handling of a backslash followed by a digit other than 0 is complicated,
+and Perl has changed in recent releases, causing PCRE also to change. Outside a
+character class, PCRE reads the digit and any following digits as a decimal
+number. If the number is less than 8, or if there have been at least that many
+previous capturing left parentheses in the expression, the entire sequence is
+taken as a \fIback reference\fP. A description of how this works is given
+.\" HTML <a href="#backreferences">
+.\" </a>
+later,
+.\"
+following the discussion of
+.\" HTML <a href="#subpattern">
+.\" </a>
+parenthesized subpatterns.
+.\"
+.P
+Inside a character class, or if the decimal number following \e is greater than
+7 and there have not been that many capturing subpatterns, PCRE handles \e8 and
+\e9 as the literal characters "8" and "9", and otherwise re-reads up to three
+octal digits following the backslash, using them to generate a data character.
+Any subsequent digits stand for themselves. For example:
+.sp
+  \e040   is another way of writing an ASCII space
+.\" JOIN
+  \e40    is the same, provided there are fewer than 40
+            previous capturing subpatterns
+  \e7     is always a back reference
+.\" JOIN
+  \e11    might be a back reference, or another way of
+            writing a tab
+  \e011   is always a tab
+  \e0113  is a tab followed by the character "3"
+.\" JOIN
+  \e113   might be a back reference, otherwise the
+            character with octal code 113
+.\" JOIN
+  \e377   might be a back reference, otherwise
+            the value 255 (decimal)
+.\" JOIN
+  \e81    is either a back reference, or the two
+            characters "8" and "1"
+.sp
+Note that octal values of 100 or greater that are specified using this syntax
+must not be introduced by a leading zero, because no more than three octal
+digits are ever read.
+.P
+By default, after \ex that is not followed by {, from zero to two hexadecimal
+digits are read (letters can be in upper or lower case). Any number of
+hexadecimal digits may appear between \ex{ and }. If a character other than
+a hexadecimal digit appears between \ex{ and }, or if there is no terminating
+}, an error occurs.
+.P
+If the PCRE_JAVASCRIPT_COMPAT option is set, the interpretation of \ex is
+as just described only when it is followed by two hexadecimal digits.
+Otherwise, it matches a literal "x" character. In JavaScript mode, support for
+code points greater than 256 is provided by \eu, which must be followed by
+four hexadecimal digits; otherwise it matches a literal "u" character.
+.P
+Characters whose value is less than 256 can be defined by either of the two
+syntaxes for \ex (or by \eu in JavaScript mode). There is no difference in the
+way they are handled. For example, \exdc is exactly the same as \ex{dc} (or
+\eu00dc in JavaScript mode).
+.
+.
+.SS "Constraints on character values"
+.rs
+.sp
+Characters that are specified using octal or hexadecimal numbers are
+limited to certain values, as follows:
+.sp
+  8-bit non-UTF mode    less than 0x100
+  8-bit UTF-8 mode      less than 0x10ffff and a valid codepoint
+  16-bit non-UTF mode   less than 0x10000
+  16-bit UTF-16 mode    less than 0x10ffff and a valid codepoint
+  32-bit non-UTF mode   less than 0x100000000
+  32-bit UTF-32 mode    less than 0x10ffff and a valid codepoint
+.sp
+Invalid Unicode codepoints are the range 0xd800 to 0xdfff (the so-called
+"surrogate" codepoints), and 0xffef.
+.
+.
+.SS "Escape sequences in character classes"
+.rs
+.sp
+All the sequences that define a single character value can be used both inside
+and outside character classes. In addition, inside a character class, \eb is
+interpreted as the backspace character (hex 08).
+.P
+\eN is not allowed in a character class. \eB, \eR, and \eX are not special
+inside a character class. Like other unrecognized escape sequences, they are
+treated as the literal characters "B", "R", and "X" by default, but cause an
+error if the PCRE_EXTRA option is set. Outside a character class, these
+sequences have different meanings.
+.
+.
+.SS "Unsupported escape sequences"
+.rs
+.sp
+In Perl, the sequences \el, \eL, \eu, and \eU are recognized by its string
+handler and used to modify the case of following characters. By default, PCRE
+does not support these escape sequences. However, if the PCRE_JAVASCRIPT_COMPAT
+option is set, \eU matches a "U" character, and \eu can be used to define a
+character by code point, as described in the previous section.
+.
+.
+.SS "Absolute and relative back references"
+.rs
+.sp
+The sequence \eg followed by an unsigned or a negative number, optionally
+enclosed in braces, is an absolute or relative back reference. A named back
+reference can be coded as \eg{name}. Back references are discussed
+.\" HTML <a href="#backreferences">
+.\" </a>
+later,
+.\"
+following the discussion of
+.\" HTML <a href="#subpattern">
+.\" </a>
+parenthesized subpatterns.
+.\"
+.
+.
+.SS "Absolute and relative subroutine calls"
+.rs
+.sp
+For compatibility with Oniguruma, the non-Perl syntax \eg followed by a name or
+a number enclosed either in angle brackets or single quotes, is an alternative
+syntax for referencing a subpattern as a "subroutine". Details are discussed
+.\" HTML <a href="#onigurumasubroutines">
+.\" </a>
+later.
+.\"
+Note that \eg{...} (Perl syntax) and \eg<...> (Oniguruma syntax) are \fInot\fP
+synonymous. The former is a back reference; the latter is a
+.\" HTML <a href="#subpatternsassubroutines">
+.\" </a>
+subroutine
+.\"
+call.
+.
+.
+.\" HTML <a name="genericchartypes"></a>
+.SS "Generic character types"
+.rs
+.sp
+Another use of backslash is for specifying generic character types:
+.sp
+  \ed     any decimal digit
+  \eD     any character that is not a decimal digit
+  \eh     any horizontal white space character
+  \eH     any character that is not a horizontal white space character
+  \es     any white space character
+  \eS     any character that is not a white space character
+  \ev     any vertical white space character
+  \eV     any character that is not a vertical white space character
+  \ew     any "word" character
+  \eW     any "non-word" character
+.sp
+There is also the single sequence \eN, which matches a non-newline character.
+This is the same as
+.\" HTML <a href="#fullstopdot">
+.\" </a>
+the "." metacharacter
+.\"
+when PCRE_DOTALL is not set. Perl also uses \eN to match characters by name;
+PCRE does not support this.
+.P
+Each pair of lower and upper case escape sequences partitions the complete set
+of characters into two disjoint sets. Any given character matches one, and only
+one, of each pair. The sequences can appear both inside and outside character
+classes. They each match one character of the appropriate type. If the current
+matching point is at the end of the subject string, all of them fail, because
+there is no character to match.
+.P
+For compatibility with Perl, \es did not used to match the VT character (code
+11), which made it different from the the POSIX "space" class. However, Perl
+added VT at release 5.18, and PCRE followed suit at release 8.34. The default
+\es characters are now HT (9), LF (10), VT (11), FF (12), CR (13), and space
+(32), which are defined as white space in the "C" locale. This list may vary if
+locale-specific matching is taking place. For example, in some locales the
+"non-breaking space" character (\exA0) is recognized as white space, and in
+others the VT character is not.
+.P
+A "word" character is an underscore or any character that is a letter or digit.
+By default, the definition of letters and digits is controlled by PCRE's
+low-valued character tables, and may vary if locale-specific matching is taking
+place (see
+.\" HTML <a href="pcreapi.html#localesupport">
+.\" </a>
+"Locale support"
+.\"
+in the
+.\" HREF
+\fBpcreapi\fP
+.\"
+page). For example, in a French locale such as "fr_FR" in Unix-like systems,
+or "french" in Windows, some character codes greater than 127 are used for
+accented letters, and these are then matched by \ew. The use of locales with
+Unicode is discouraged.
+.P
+By default, characters whose code points are greater than 127 never match \ed,
+\es, or \ew, and always match \eD, \eS, and \eW, although this may vary for
+characters in the range 128-255 when locale-specific matching is happening.
+These escape sequences retain their original meanings from before Unicode
+support was available, mainly for efficiency reasons. If PCRE is compiled with
+Unicode property support, and the PCRE_UCP option is set, the behaviour is
+changed so that Unicode properties are used to determine character types, as
+follows:
+.sp
+  \ed  any character that matches \ep{Nd} (decimal digit)
+  \es  any character that matches \ep{Z} or \eh or \ev
+  \ew  any character that matches \ep{L} or \ep{N}, plus underscore
+.sp
+The upper case escapes match the inverse sets of characters. Note that \ed
+matches only decimal digits, whereas \ew matches any Unicode digit, as well as
+any Unicode letter, and underscore. Note also that PCRE_UCP affects \eb, and
+\eB because they are defined in terms of \ew and \eW. Matching these sequences
+is noticeably slower when PCRE_UCP is set.
+.P
+The sequences \eh, \eH, \ev, and \eV are features that were added to Perl at
+release 5.10. In contrast to the other sequences, which match only ASCII
+characters by default, these always match certain high-valued code points,
+whether or not PCRE_UCP is set. The horizontal space characters are:
+.sp
+  U+0009     Horizontal tab (HT)
+  U+0020     Space
+  U+00A0     Non-break space
+  U+1680     Ogham space mark
+  U+180E     Mongolian vowel separator
+  U+2000     En quad
+  U+2001     Em quad
+  U+2002     En space
+  U+2003     Em space
+  U+2004     Three-per-em space
+  U+2005     Four-per-em space
+  U+2006     Six-per-em space
+  U+2007     Figure space
+  U+2008     Punctuation space
+  U+2009     Thin space
+  U+200A     Hair space
+  U+202F     Narrow no-break space
+  U+205F     Medium mathematical space
+  U+3000     Ideographic space
+.sp
+The vertical space characters are:
+.sp
+  U+000A     Linefeed (LF)
+  U+000B     Vertical tab (VT)
+  U+000C     Form feed (FF)
+  U+000D     Carriage return (CR)
+  U+0085     Next line (NEL)
+  U+2028     Line separator
+  U+2029     Paragraph separator
+.sp
+In 8-bit, non-UTF-8 mode, only the characters with codepoints less than 256 are
+relevant.
+.
+.
+.\" HTML <a name="newlineseq"></a>
+.SS "Newline sequences"
+.rs
+.sp
+Outside a character class, by default, the escape sequence \eR matches any
+Unicode newline sequence. In 8-bit non-UTF-8 mode \eR is equivalent to the
+following:
+.sp
+  (?>\er\en|\en|\ex0b|\ef|\er|\ex85)
+.sp
+This is an example of an "atomic group", details of which are given
+.\" HTML <a href="#atomicgroup">
+.\" </a>
+below.
+.\"
+This particular group matches either the two-character sequence CR followed by
+LF, or one of the single characters LF (linefeed, U+000A), VT (vertical tab,
+U+000B), FF (form feed, U+000C), CR (carriage return, U+000D), or NEL (next
+line, U+0085). The two-character sequence is treated as a single unit that
+cannot be split.
+.P
+In other modes, two additional characters whose codepoints are greater than 255
+are added: LS (line separator, U+2028) and PS (paragraph separator, U+2029).
+Unicode character property support is not needed for these characters to be
+recognized.
+.P
+It is possible to restrict \eR to match only CR, LF, or CRLF (instead of the
+complete set of Unicode line endings) by setting the option PCRE_BSR_ANYCRLF
+either at compile time or when the pattern is matched. (BSR is an abbrevation
+for "backslash R".) This can be made the default when PCRE is built; if this is
+the case, the other behaviour can be requested via the PCRE_BSR_UNICODE option.
+It is also possible to specify these settings by starting a pattern string with
+one of the following sequences:
+.sp
+  (*BSR_ANYCRLF)   CR, LF, or CRLF only
+  (*BSR_UNICODE)   any Unicode newline sequence
+.sp
+These override the default and the options given to the compiling function, but
+they can themselves be overridden by options given to a matching function. Note
+that these special settings, which are not Perl-compatible, are recognized only
+at the very start of a pattern, and that they must be in upper case. If more
+than one of them is present, the last one is used. They can be combined with a
+change of newline convention; for example, a pattern can start with:
+.sp
+  (*ANY)(*BSR_ANYCRLF)
+.sp
+They can also be combined with the (*UTF8), (*UTF16), (*UTF32), (*UTF) or
+(*UCP) special sequences. Inside a character class, \eR is treated as an
+unrecognized escape sequence, and so matches the letter "R" by default, but
+causes an error if PCRE_EXTRA is set.
+.
+.
+.\" HTML <a name="uniextseq"></a>
+.SS Unicode character properties
+.rs
+.sp
+When PCRE is built with Unicode character property support, three additional
+escape sequences that match characters with specific properties are available.
+When in 8-bit non-UTF-8 mode, these sequences are of course limited to testing
+characters whose codepoints are less than 256, but they do work in this mode.
+The extra escape sequences are:
+.sp
+  \ep{\fIxx\fP}   a character with the \fIxx\fP property
+  \eP{\fIxx\fP}   a character without the \fIxx\fP property
+  \eX       a Unicode extended grapheme cluster
+.sp
+The property names represented by \fIxx\fP above are limited to the Unicode
+script names, the general category properties, "Any", which matches any
+character (including newline), and some special PCRE properties (described
+in the
+.\" HTML <a href="#extraprops">
+.\" </a>
+next section).
+.\"
+Other Perl properties such as "InMusicalSymbols" are not currently supported by
+PCRE. Note that \eP{Any} does not match any characters, so always causes a
+match failure.
+.P
+Sets of Unicode characters are defined as belonging to certain scripts. A
+character from one of these sets can be matched using a script name. For
+example:
+.sp
+  \ep{Greek}
+  \eP{Han}
+.sp
+Those that are not part of an identified script are lumped together as
+"Common". The current list of scripts is:
+.P
+Arabic,
+Armenian,
+Avestan,
+Balinese,
+Bamum,
+Bassa_Vah,
+Batak,
+Bengali,
+Bopomofo,
+Brahmi,
+Braille,
+Buginese,
+Buhid,
+Canadian_Aboriginal,
+Carian,
+Caucasian_Albanian,
+Chakma,
+Cham,
+Cherokee,
+Common,
+Coptic,
+Cuneiform,
+Cypriot,
+Cyrillic,
+Deseret,
+Devanagari,
+Duployan,
+Egyptian_Hieroglyphs,
+Elbasan,
+Ethiopic,
+Georgian,
+Glagolitic,
+Gothic,
+Grantha,
+Greek,
+Gujarati,
+Gurmukhi,
+Han,
+Hangul,
+Hanunoo,
+Hebrew,
+Hiragana,
+Imperial_Aramaic,
+Inherited,
+Inscriptional_Pahlavi,
+Inscriptional_Parthian,
+Javanese,
+Kaithi,
+Kannada,
+Katakana,
+Kayah_Li,
+Kharoshthi,
+Khmer,
+Khojki,
+Khudawadi,
+Lao,
+Latin,
+Lepcha,
+Limbu,
+Linear_A,
+Linear_B,
+Lisu,
+Lycian,
+Lydian,
+Mahajani,
+Malayalam,
+Mandaic,
+Manichaean,
+Meetei_Mayek,
+Mende_Kikakui,
+Meroitic_Cursive,
+Meroitic_Hieroglyphs,
+Miao,
+Modi,
+Mongolian,
+Mro,
+Myanmar,
+Nabataean,
+New_Tai_Lue,
+Nko,
+Ogham,
+Ol_Chiki,
+Old_Italic,
+Old_North_Arabian,
+Old_Permic,
+Old_Persian,
+Old_South_Arabian,
+Old_Turkic,
+Oriya,
+Osmanya,
+Pahawh_Hmong,
+Palmyrene,
+Pau_Cin_Hau,
+Phags_Pa,
+Phoenician,
+Psalter_Pahlavi,
+Rejang,
+Runic,
+Samaritan,
+Saurashtra,
+Sharada,
+Shavian,
+Siddham,
+Sinhala,
+Sora_Sompeng,
+Sundanese,
+Syloti_Nagri,
+Syriac,
+Tagalog,
+Tagbanwa,
+Tai_Le,
+Tai_Tham,
+Tai_Viet,
+Takri,
+Tamil,
+Telugu,
+Thaana,
+Thai,
+Tibetan,
+Tifinagh,
+Tirhuta,
+Ugaritic,
+Vai,
+Warang_Citi,
+Yi.
+.P
+Each character has exactly one Unicode general category property, specified by
+a two-letter abbreviation. For compatibility with Perl, negation can be
+specified by including a circumflex between the opening brace and the property
+name. For example, \ep{^Lu} is the same as \eP{Lu}.
+.P
+If only one letter is specified with \ep or \eP, it includes all the general
+category properties that start with that letter. In this case, in the absence
+of negation, the curly brackets in the escape sequence are optional; these two
+examples have the same effect:
+.sp
+  \ep{L}
+  \epL
+.sp
+The following general category property codes are supported:
+.sp
+  C     Other
+  Cc    Control
+  Cf    Format
+  Cn    Unassigned
+  Co    Private use
+  Cs    Surrogate
+.sp
+  L     Letter
+  Ll    Lower case letter
+  Lm    Modifier letter
+  Lo    Other letter
+  Lt    Title case letter
+  Lu    Upper case letter
+.sp
+  M     Mark
+  Mc    Spacing mark
+  Me    Enclosing mark
+  Mn    Non-spacing mark
+.sp
+  N     Number
+  Nd    Decimal number
+  Nl    Letter number
+  No    Other number
+.sp
+  P     Punctuation
+  Pc    Connector punctuation
+  Pd    Dash punctuation
+  Pe    Close punctuation
+  Pf    Final punctuation
+  Pi    Initial punctuation
+  Po    Other punctuation
+  Ps    Open punctuation
+.sp
+  S     Symbol
+  Sc    Currency symbol
+  Sk    Modifier symbol
+  Sm    Mathematical symbol
+  So    Other symbol
+.sp
+  Z     Separator
+  Zl    Line separator
+  Zp    Paragraph separator
+  Zs    Space separator
+.sp
+The special property L& is also supported: it matches a character that has
+the Lu, Ll, or Lt property, in other words, a letter that is not classified as
+a modifier or "other".
+.P
+The Cs (Surrogate) property applies only to characters in the range U+D800 to
+U+DFFF. Such characters are not valid in Unicode strings and so
+cannot be tested by PCRE, unless UTF validity checking has been turned off
+(see the discussion of PCRE_NO_UTF8_CHECK, PCRE_NO_UTF16_CHECK and
+PCRE_NO_UTF32_CHECK in the
+.\" HREF
+\fBpcreapi\fP
+.\"
+page). Perl does not support the Cs property.
+.P
+The long synonyms for property names that Perl supports (such as \ep{Letter})
+are not supported by PCRE, nor is it permitted to prefix any of these
+properties with "Is".
+.P
+No character that is in the Unicode table has the Cn (unassigned) property.
+Instead, this property is assumed for any code point that is not in the
+Unicode table.
+.P
+Specifying caseless matching does not affect these escape sequences. For
+example, \ep{Lu} always matches only upper case letters. This is different from
+the behaviour of current versions of Perl.
+.P
+Matching characters by Unicode property is not fast, because PCRE has to do a
+multistage table lookup in order to find a character's property. That is why
+the traditional escape sequences such as \ed and \ew do not use Unicode
+properties in PCRE by default, though you can make them do so by setting the
+PCRE_UCP option or by starting the pattern with (*UCP).
+.
+.
+.SS Extended grapheme clusters
+.rs
+.sp
+The \eX escape matches any number of Unicode characters that form an "extended
+grapheme cluster", and treats the sequence as an atomic group
+.\" HTML <a href="#atomicgroup">
+.\" </a>
+(see below).
+.\"
+Up to and including release 8.31, PCRE matched an earlier, simpler definition
+that was equivalent to
+.sp
+  (?>\ePM\epM*)
+.sp
+That is, it matched a character without the "mark" property, followed by zero
+or more characters with the "mark" property. Characters with the "mark"
+property are typically non-spacing accents that affect the preceding character.
+.P
+This simple definition was extended in Unicode to include more complicated
+kinds of composite character by giving each character a grapheme breaking
+property, and creating rules that use these properties to define the boundaries
+of extended grapheme clusters. In releases of PCRE later than 8.31, \eX matches
+one of these clusters.
+.P
+\eX always matches at least one character. Then it decides whether to add
+additional characters according to the following rules for ending a cluster:
+.P
+1. End at the end of the subject string.
+.P
+2. Do not end between CR and LF; otherwise end after any control character.
+.P
+3. Do not break Hangul (a Korean script) syllable sequences. Hangul characters
+are of five types: L, V, T, LV, and LVT. An L character may be followed by an
+L, V, LV, or LVT character; an LV or V character may be followed by a V or T
+character; an LVT or T character may be follwed only by a T character.
+.P
+4. Do not end before extending characters or spacing marks. Characters with
+the "mark" property always have the "extend" grapheme breaking property.
+.P
+5. Do not end after prepend characters.
+.P
+6. Otherwise, end the cluster.
+.
+.
+.\" HTML <a name="extraprops"></a>
+.SS PCRE's additional properties
+.rs
+.sp
+As well as the standard Unicode properties described above, PCRE supports four
+more that make it possible to convert traditional escape sequences such as \ew
+and \es to use Unicode properties. PCRE uses these non-standard, non-Perl
+properties internally when PCRE_UCP is set. However, they may also be used
+explicitly. These properties are:
+.sp
+  Xan   Any alphanumeric character
+  Xps   Any POSIX space character
+  Xsp   Any Perl space character
+  Xwd   Any Perl "word" character
+.sp
+Xan matches characters that have either the L (letter) or the N (number)
+property. Xps matches the characters tab, linefeed, vertical tab, form feed, or
+carriage return, and any other character that has the Z (separator) property.
+Xsp is the same as Xps; it used to exclude vertical tab, for Perl
+compatibility, but Perl changed, and so PCRE followed at release 8.34. Xwd
+matches the same characters as Xan, plus underscore.
+.P
+There is another non-standard property, Xuc, which matches any character that
+can be represented by a Universal Character Name in C++ and other programming
+languages. These are the characters $, @, ` (grave accent), and all characters
+with Unicode code points greater than or equal to U+00A0, except for the
+surrogates U+D800 to U+DFFF. Note that most base (ASCII) characters are
+excluded. (Universal Character Names are of the form \euHHHH or \eUHHHHHHHH
+where H is a hexadecimal digit. Note that the Xuc property does not match these
+sequences but the characters that they represent.)
+.
+.
+.\" HTML <a name="resetmatchstart"></a>
+.SS "Resetting the match start"
+.rs
+.sp
+The escape sequence \eK causes any previously matched characters not to be
+included in the final matched sequence. For example, the pattern:
+.sp
+  foo\eKbar
+.sp
+matches "foobar", but reports that it has matched "bar". This feature is
+similar to a lookbehind assertion
+.\" HTML <a href="#lookbehind">
+.\" </a>
+(described below).
+.\"
+However, in this case, the part of the subject before the real match does not
+have to be of fixed length, as lookbehind assertions do. The use of \eK does
+not interfere with the setting of
+.\" HTML <a href="#subpattern">
+.\" </a>
+captured substrings.
+.\"
+For example, when the pattern
+.sp
+  (foo)\eKbar
+.sp
+matches "foobar", the first substring is still set to "foo".
+.P
+Perl documents that the use of \eK within assertions is "not well defined". In
+PCRE, \eK is acted upon when it occurs inside positive assertions, but is
+ignored in negative assertions. Note that when a pattern such as (?=ab\eK)
+matches, the reported start of the match can be greater than the end of the
+match.
+.
+.
+.\" HTML <a name="smallassertions"></a>
+.SS "Simple assertions"
+.rs
+.sp
+The final use of backslash is for certain simple assertions. An assertion
+specifies a condition that has to be met at a particular point in a match,
+without consuming any characters from the subject string. The use of
+subpatterns for more complicated assertions is described
+.\" HTML <a href="#bigassertions">
+.\" </a>
+below.
+.\"
+The backslashed assertions are:
+.sp
+  \eb     matches at a word boundary
+  \eB     matches when not at a word boundary
+  \eA     matches at the start of the subject
+  \eZ     matches at the end of the subject
+          also matches before a newline at the end of the subject
+  \ez     matches only at the end of the subject
+  \eG     matches at the first matching position in the subject
+.sp
+Inside a character class, \eb has a different meaning; it matches the backspace
+character. If any other of these assertions appears in a character class, by
+default it matches the corresponding literal character (for example, \eB
+matches the letter B). However, if the PCRE_EXTRA option is set, an "invalid
+escape sequence" error is generated instead.
+.P
+A word boundary is a position in the subject string where the current character
+and the previous character do not both match \ew or \eW (i.e. one matches
+\ew and the other matches \eW), or the start or end of the string if the
+first or last character matches \ew, respectively. In a UTF mode, the meanings
+of \ew and \eW can be changed by setting the PCRE_UCP option. When this is
+done, it also affects \eb and \eB. Neither PCRE nor Perl has a separate "start
+of word" or "end of word" metasequence. However, whatever follows \eb normally
+determines which it is. For example, the fragment \eba matches "a" at the start
+of a word.
+.P
+The \eA, \eZ, and \ez assertions differ from the traditional circumflex and
+dollar (described in the next section) in that they only ever match at the very
+start and end of the subject string, whatever options are set. Thus, they are
+independent of multiline mode. These three assertions are not affected by the
+PCRE_NOTBOL or PCRE_NOTEOL options, which affect only the behaviour of the
+circumflex and dollar metacharacters. However, if the \fIstartoffset\fP
+argument of \fBpcre_exec()\fP is non-zero, indicating that matching is to start
+at a point other than the beginning of the subject, \eA can never match. The
+difference between \eZ and \ez is that \eZ matches before a newline at the end
+of the string as well as at the very end, whereas \ez matches only at the end.
+.P
+The \eG assertion is true only when the current matching position is at the
+start point of the match, as specified by the \fIstartoffset\fP argument of
+\fBpcre_exec()\fP. It differs from \eA when the value of \fIstartoffset\fP is
+non-zero. By calling \fBpcre_exec()\fP multiple times with appropriate
+arguments, you can mimic Perl's /g option, and it is in this kind of
+implementation where \eG can be useful.
+.P
+Note, however, that PCRE's interpretation of \eG, as the start of the current
+match, is subtly different from Perl's, which defines it as the end of the
+previous match. In Perl, these can be different when the previously matched
+string was empty. Because PCRE does just one match at a time, it cannot
+reproduce this behaviour.
+.P
+If all the alternatives of a pattern begin with \eG, the expression is anchored
+to the starting match position, and the "anchored" flag is set in the compiled
+regular expression.
+.
+.
+.SH "CIRCUMFLEX AND DOLLAR"
+.rs
+.sp
+The circumflex and dollar metacharacters are zero-width assertions. That is,
+they test for a particular condition being true without consuming any
+characters from the subject string.
+.P
+Outside a character class, in the default matching mode, the circumflex
+character is an assertion that is true only if the current matching point is at
+the start of the subject string. If the \fIstartoffset\fP argument of
+\fBpcre_exec()\fP is non-zero, circumflex can never match if the PCRE_MULTILINE
+option is unset. Inside a character class, circumflex has an entirely different
+meaning
+.\" HTML <a href="#characterclass">
+.\" </a>
+(see below).
+.\"
+.P
+Circumflex need not be the first character of the pattern if a number of
+alternatives are involved, but it should be the first thing in each alternative
+in which it appears if the pattern is ever to match that branch. If all
+possible alternatives start with a circumflex, that is, if the pattern is
+constrained to match only at the start of the subject, it is said to be an
+"anchored" pattern. (There are also other constructs that can cause a pattern
+to be anchored.)
+.P
+The dollar character is an assertion that is true only if the current matching
+point is at the end of the subject string, or immediately before a newline at
+the end of the string (by default). Note, however, that it does not actually
+match the newline. Dollar need not be the last character of the pattern if a
+number of alternatives are involved, but it should be the last item in any
+branch in which it appears. Dollar has no special meaning in a character class.
+.P
+The meaning of dollar can be changed so that it matches only at the very end of
+the string, by setting the PCRE_DOLLAR_ENDONLY option at compile time. This
+does not affect the \eZ assertion.
+.P
+The meanings of the circumflex and dollar characters are changed if the
+PCRE_MULTILINE option is set. When this is the case, a circumflex matches
+immediately after internal newlines as well as at the start of the subject
+string. It does not match after a newline that ends the string. A dollar
+matches before any newlines in the string, as well as at the very end, when
+PCRE_MULTILINE is set. When newline is specified as the two-character
+sequence CRLF, isolated CR and LF characters do not indicate newlines.
+.P
+For example, the pattern /^abc$/ matches the subject string "def\enabc" (where
+\en represents a newline) in multiline mode, but not otherwise. Consequently,
+patterns that are anchored in single line mode because all branches start with
+^ are not anchored in multiline mode, and a match for circumflex is possible
+when the \fIstartoffset\fP argument of \fBpcre_exec()\fP is non-zero. The
+PCRE_DOLLAR_ENDONLY option is ignored if PCRE_MULTILINE is set.
+.P
+Note that the sequences \eA, \eZ, and \ez can be used to match the start and
+end of the subject in both modes, and if all branches of a pattern start with
+\eA it is always anchored, whether or not PCRE_MULTILINE is set.
+.
+.
+.\" HTML <a name="fullstopdot"></a>
+.SH "FULL STOP (PERIOD, DOT) AND \eN"
+.rs
+.sp
+Outside a character class, a dot in the pattern matches any one character in
+the subject string except (by default) a character that signifies the end of a
+line.
+.P
+When a line ending is defined as a single character, dot never matches that
+character; when the two-character sequence CRLF is used, dot does not match CR
+if it is immediately followed by LF, but otherwise it matches all characters
+(including isolated CRs and LFs). When any Unicode line endings are being
+recognized, dot does not match CR or LF or any of the other line ending
+characters.
+.P
+The behaviour of dot with regard to newlines can be changed. If the PCRE_DOTALL
+option is set, a dot matches any one character, without exception. If the
+two-character sequence CRLF is present in the subject string, it takes two dots
+to match it.
+.P
+The handling of dot is entirely independent of the handling of circumflex and
+dollar, the only relationship being that they both involve newlines. Dot has no
+special meaning in a character class.
+.P
+The escape sequence \eN behaves like a dot, except that it is not affected by
+the PCRE_DOTALL option. In other words, it matches any character except one
+that signifies the end of a line. Perl also uses \eN to match characters by
+name; PCRE does not support this.
+.
+.
+.SH "MATCHING A SINGLE DATA UNIT"
+.rs
+.sp
+Outside a character class, the escape sequence \eC matches any one data unit,
+whether or not a UTF mode is set. In the 8-bit library, one data unit is one
+byte; in the 16-bit library it is a 16-bit unit; in the 32-bit library it is
+a 32-bit unit. Unlike a dot, \eC always
+matches line-ending characters. The feature is provided in Perl in order to
+match individual bytes in UTF-8 mode, but it is unclear how it can usefully be
+used. Because \eC breaks up characters into individual data units, matching one
+unit with \eC in a UTF mode means that the rest of the string may start with a
+malformed UTF character. This has undefined results, because PCRE assumes that
+it is dealing with valid UTF strings (and by default it checks this at the
+start of processing unless the PCRE_NO_UTF8_CHECK, PCRE_NO_UTF16_CHECK or
+PCRE_NO_UTF32_CHECK option is used).
+.P
+PCRE does not allow \eC to appear in lookbehind assertions
+.\" HTML <a href="#lookbehind">
+.\" </a>
+(described below)
+.\"
+in a UTF mode, because this would make it impossible to calculate the length of
+the lookbehind.
+.P
+In general, the \eC escape sequence is best avoided. However, one
+way of using it that avoids the problem of malformed UTF characters is to use a
+lookahead to check the length of the next character, as in this pattern, which
+could be used with a UTF-8 string (ignore white space and line breaks):
+.sp
+  (?| (?=[\ex00-\ex7f])(\eC) |
+      (?=[\ex80-\ex{7ff}])(\eC)(\eC) |
+      (?=[\ex{800}-\ex{ffff}])(\eC)(\eC)(\eC) |
+      (?=[\ex{10000}-\ex{1fffff}])(\eC)(\eC)(\eC)(\eC))
+.sp
+A group that starts with (?| resets the capturing parentheses numbers in each
+alternative (see
+.\" HTML <a href="#dupsubpatternnumber">
+.\" </a>
+"Duplicate Subpattern Numbers"
+.\"
+below). The assertions at the start of each branch check the next UTF-8
+character for values whose encoding uses 1, 2, 3, or 4 bytes, respectively. The
+character's individual bytes are then captured by the appropriate number of
+groups.
+.
+.
+.\" HTML <a name="characterclass"></a>
+.SH "SQUARE BRACKETS AND CHARACTER CLASSES"
+.rs
+.sp
+An opening square bracket introduces a character class, terminated by a closing
+square bracket. A closing square bracket on its own is not special by default.
+However, if the PCRE_JAVASCRIPT_COMPAT option is set, a lone closing square
+bracket causes a compile-time error. If a closing square bracket is required as
+a member of the class, it should be the first data character in the class
+(after an initial circumflex, if present) or escaped with a backslash.
+.P
+A character class matches a single character in the subject. In a UTF mode, the
+character may be more than one data unit long. A matched character must be in
+the set of characters defined by the class, unless the first character in the
+class definition is a circumflex, in which case the subject character must not
+be in the set defined by the class. If a circumflex is actually required as a
+member of the class, ensure it is not the first character, or escape it with a
+backslash.
+.P
+For example, the character class [aeiou] matches any lower case vowel, while
+[^aeiou] matches any character that is not a lower case vowel. Note that a
+circumflex is just a convenient notation for specifying the characters that
+are in the class by enumerating those that are not. A class that starts with a
+circumflex is not an assertion; it still consumes a character from the subject
+string, and therefore it fails if the current pointer is at the end of the
+string.
+.P
+In UTF-8 (UTF-16, UTF-32) mode, characters with values greater than 255 (0xffff)
+can be included in a class as a literal string of data units, or by using the
+\ex{ escaping mechanism.
+.P
+When caseless matching is set, any letters in a class represent both their
+upper case and lower case versions, so for example, a caseless [aeiou] matches
+"A" as well as "a", and a caseless [^aeiou] does not match "A", whereas a
+caseful version would. In a UTF mode, PCRE always understands the concept of
+case for characters whose values are less than 128, so caseless matching is
+always possible. For characters with higher values, the concept of case is
+supported if PCRE is compiled with Unicode property support, but not otherwise.
+If you want to use caseless matching in a UTF mode for characters 128 and
+above, you must ensure that PCRE is compiled with Unicode property support as
+well as with UTF support.
+.P
+Characters that might indicate line breaks are never treated in any special way
+when matching character classes, whatever line-ending sequence is in use, and
+whatever setting of the PCRE_DOTALL and PCRE_MULTILINE options is used. A class
+such as [^a] always matches one of these characters.
+.P
+The minus (hyphen) character can be used to specify a range of characters in a
+character class. For example, [d-m] matches any letter between d and m,
+inclusive. If a minus character is required in a class, it must be escaped with
+a backslash or appear in a position where it cannot be interpreted as
+indicating a range, typically as the first or last character in the class, or
+immediately after a range. For example, [b-d-z] matches letters in the range b
+to d, a hyphen character, or z.
+.P
+It is not possible to have the literal character "]" as the end character of a
+range. A pattern such as [W-]46] is interpreted as a class of two characters
+("W" and "-") followed by a literal string "46]", so it would match "W46]" or
+"-46]". However, if the "]" is escaped with a backslash it is interpreted as
+the end of range, so [W-\e]46] is interpreted as a class containing a range
+followed by two other characters. The octal or hexadecimal representation of
+"]" can also be used to end a range.
+.P
+An error is generated if a POSIX character class (see below) or an escape
+sequence other than one that defines a single character appears at a point
+where a range ending character is expected. For example, [z-\exff] is valid,
+but [A-\ed] and [A-[:digit:]] are not.
+.P
+Ranges operate in the collating sequence of character values. They can also be
+used for characters specified numerically, for example [\e000-\e037]. Ranges
+can include any characters that are valid for the current mode.
+.P
+If a range that includes letters is used when caseless matching is set, it
+matches the letters in either case. For example, [W-c] is equivalent to
+[][\e\e^_`wxyzabc], matched caselessly, and in a non-UTF mode, if character
+tables for a French locale are in use, [\exc8-\excb] matches accented E
+characters in both cases. In UTF modes, PCRE supports the concept of case for
+characters with values greater than 128 only when it is compiled with Unicode
+property support.
+.P
+The character escape sequences \ed, \eD, \eh, \eH, \ep, \eP, \es, \eS, \ev,
+\eV, \ew, and \eW may appear in a character class, and add the characters that
+they match to the class. For example, [\edABCDEF] matches any hexadecimal
+digit. In UTF modes, the PCRE_UCP option affects the meanings of \ed, \es, \ew
+and their upper case partners, just as it does when they appear outside a
+character class, as described in the section entitled
+.\" HTML <a href="#genericchartypes">
+.\" </a>
+"Generic character types"
+.\"
+above. The escape sequence \eb has a different meaning inside a character
+class; it matches the backspace character. The sequences \eB, \eN, \eR, and \eX
+are not special inside a character class. Like any other unrecognized escape
+sequences, they are treated as the literal characters "B", "N", "R", and "X" by
+default, but cause an error if the PCRE_EXTRA option is set.
+.P
+A circumflex can conveniently be used with the upper case character types to
+specify a more restricted set of characters than the matching lower case type.
+For example, the class [^\eW_] matches any letter or digit, but not underscore,
+whereas [\ew] includes underscore. A positive character class should be read as
+"something OR something OR ..." and a negative class as "NOT something AND NOT
+something AND NOT ...".
+.P
+The only metacharacters that are recognized in character classes are backslash,
+hyphen (only where it can be interpreted as specifying a range), circumflex
+(only at the start), opening square bracket (only when it can be interpreted as
+introducing a POSIX class name, or for a special compatibility feature - see
+the next two sections), and the terminating closing square bracket. However,
+escaping other non-alphanumeric characters does no harm.
+.
+.
+.SH "POSIX CHARACTER CLASSES"
+.rs
+.sp
+Perl supports the POSIX notation for character classes. This uses names
+enclosed by [: and :] within the enclosing square brackets. PCRE also supports
+this notation. For example,
+.sp
+  [01[:alpha:]%]
+.sp
+matches "0", "1", any alphabetic character, or "%". The supported class names
+are:
+.sp
+  alnum    letters and digits
+  alpha    letters
+  ascii    character codes 0 - 127
+  blank    space or tab only
+  cntrl    control characters
+  digit    decimal digits (same as \ed)
+  graph    printing characters, excluding space
+  lower    lower case letters
+  print    printing characters, including space
+  punct    printing characters, excluding letters and digits and space
+  space    white space (the same as \es from PCRE 8.34)
+  upper    upper case letters
+  word     "word" characters (same as \ew)
+  xdigit   hexadecimal digits
+.sp
+The default "space" characters are HT (9), LF (10), VT (11), FF (12), CR (13),
+and space (32). If locale-specific matching is taking place, the list of space
+characters may be different; there may be fewer or more of them. "Space" used
+to be different to \es, which did not include VT, for Perl compatibility.
+However, Perl changed at release 5.18, and PCRE followed at release 8.34.
+"Space" and \es now match the same set of characters.
+.P
+The name "word" is a Perl extension, and "blank" is a GNU extension from Perl
+5.8. Another Perl extension is negation, which is indicated by a ^ character
+after the colon. For example,
+.sp
+  [12[:^digit:]]
+.sp
+matches "1", "2", or any non-digit. PCRE (and Perl) also recognize the POSIX
+syntax [.ch.] and [=ch=] where "ch" is a "collating element", but these are not
+supported, and an error is given if they are encountered.
+.P
+By default, characters with values greater than 128 do not match any of the
+POSIX character classes. However, if the PCRE_UCP option is passed to
+\fBpcre_compile()\fP, some of the classes are changed so that Unicode character
+properties are used. This is achieved by replacing certain POSIX classes by
+other sequences, as follows:
+.sp
+  [:alnum:]  becomes  \ep{Xan}
+  [:alpha:]  becomes  \ep{L}
+  [:blank:]  becomes  \eh
+  [:digit:]  becomes  \ep{Nd}
+  [:lower:]  becomes  \ep{Ll}
+  [:space:]  becomes  \ep{Xps}
+  [:upper:]  becomes  \ep{Lu}
+  [:word:]   becomes  \ep{Xwd}
+.sp
+Negated versions, such as [:^alpha:] use \eP instead of \ep. Three other POSIX
+classes are handled specially in UCP mode:
+.TP 10
+[:graph:]
+This matches characters that have glyphs that mark the page when printed. In
+Unicode property terms, it matches all characters with the L, M, N, P, S, or Cf
+properties, except for:
+.sp
+  U+061C           Arabic Letter Mark
+  U+180E           Mongolian Vowel Separator
+  U+2066 - U+2069  Various "isolate"s
+.sp
+.TP 10
+[:print:]
+This matches the same characters as [:graph:] plus space characters that are
+not controls, that is, characters with the Zs property.
+.TP 10
+[:punct:]
+This matches all characters that have the Unicode P (punctuation) property,
+plus those characters whose code points are less than 128 that have the S
+(Symbol) property.
+.P
+The other POSIX classes are unchanged, and match only characters with code
+points less than 128.
+.
+.
+.SH "COMPATIBILITY FEATURE FOR WORD BOUNDARIES"
+.rs
+.sp
+In the POSIX.2 compliant library that was included in 4.4BSD Unix, the ugly
+syntax [[:<:]] and [[:>:]] is used for matching "start of word" and "end of
+word". PCRE treats these items as follows:
+.sp
+  [[:<:]]  is converted to  \eb(?=\ew)
+  [[:>:]]  is converted to  \eb(?<=\ew)
+.sp
+Only these exact character sequences are recognized. A sequence such as
+[a[:<:]b] provokes error for an unrecognized POSIX class name. This support is
+not compatible with Perl. It is provided to help migrations from other
+environments, and is best not used in any new patterns. Note that \eb matches
+at the start and the end of a word (see
+.\" HTML <a href="#smallassertions">
+.\" </a>
+"Simple assertions"
+.\"
+above), and in a Perl-style pattern the preceding or following character
+normally shows which is wanted, without the need for the assertions that are
+used above in order to give exactly the POSIX behaviour.
+.
+.
+.SH "VERTICAL BAR"
+.rs
+.sp
+Vertical bar characters are used to separate alternative patterns. For example,
+the pattern
+.sp
+  gilbert|sullivan
+.sp
+matches either "gilbert" or "sullivan". Any number of alternatives may appear,
+and an empty alternative is permitted (matching the empty string). The matching
+process tries each alternative in turn, from left to right, and the first one
+that succeeds is used. If the alternatives are within a subpattern
+.\" HTML <a href="#subpattern">
+.\" </a>
+(defined below),
+.\"
+"succeeds" means matching the rest of the main pattern as well as the
+alternative in the subpattern.
+.
+.
+.SH "INTERNAL OPTION SETTING"
+.rs
+.sp
+The settings of the PCRE_CASELESS, PCRE_MULTILINE, PCRE_DOTALL, and
+PCRE_EXTENDED options (which are Perl-compatible) can be changed from within
+the pattern by a sequence of Perl option letters enclosed between "(?" and ")".
+The option letters are
+.sp
+  i  for PCRE_CASELESS
+  m  for PCRE_MULTILINE
+  s  for PCRE_DOTALL
+  x  for PCRE_EXTENDED
+.sp
+For example, (?im) sets caseless, multiline matching. It is also possible to
+unset these options by preceding the letter with a hyphen, and a combined
+setting and unsetting such as (?im-sx), which sets PCRE_CASELESS and
+PCRE_MULTILINE while unsetting PCRE_DOTALL and PCRE_EXTENDED, is also
+permitted. If a letter appears both before and after the hyphen, the option is
+unset.
+.P
+The PCRE-specific options PCRE_DUPNAMES, PCRE_UNGREEDY, and PCRE_EXTRA can be
+changed in the same way as the Perl-compatible options by using the characters
+J, U and X respectively.
+.P
+When one of these option changes occurs at top level (that is, not inside
+subpattern parentheses), the change applies to the remainder of the pattern
+that follows. An option change within a subpattern (see below for a description
+of subpatterns) affects only that part of the subpattern that follows it, so
+.sp
+  (a(?i)b)c
+.sp
+matches abc and aBc and no other strings (assuming PCRE_CASELESS is not used).
+By this means, options can be made to have different settings in different
+parts of the pattern. Any changes made in one alternative do carry on
+into subsequent branches within the same subpattern. For example,
+.sp
+  (a(?i)b|c)
+.sp
+matches "ab", "aB", "c", and "C", even though when matching "C" the first
+branch is abandoned before the option setting. This is because the effects of
+option settings happen at compile time. There would be some very weird
+behaviour otherwise.
+.P
+\fBNote:\fP There are other PCRE-specific options that can be set by the
+application when the compiling or matching functions are called. In some cases
+the pattern can contain special leading sequences such as (*CRLF) to override
+what the application has set or what has been defaulted. Details are given in
+the section entitled
+.\" HTML <a href="#newlineseq">
+.\" </a>
+"Newline sequences"
+.\"
+above. There are also the (*UTF8), (*UTF16),(*UTF32), and (*UCP) leading
+sequences that can be used to set UTF and Unicode property modes; they are
+equivalent to setting the PCRE_UTF8, PCRE_UTF16, PCRE_UTF32 and the PCRE_UCP
+options, respectively. The (*UTF) sequence is a generic version that can be
+used with any of the libraries. However, the application can set the
+PCRE_NEVER_UTF option, which locks out the use of the (*UTF) sequences.
+.
+.
+.\" HTML <a name="subpattern"></a>
+.SH SUBPATTERNS
+.rs
+.sp
+Subpatterns are delimited by parentheses (round brackets), which can be nested.
+Turning part of a pattern into a subpattern does two things:
+.sp
+1. It localizes a set of alternatives. For example, the pattern
+.sp
+  cat(aract|erpillar|)
+.sp
+matches "cataract", "caterpillar", or "cat". Without the parentheses, it would
+match "cataract", "erpillar" or an empty string.
+.sp
+2. It sets up the subpattern as a capturing subpattern. This means that, when
+the whole pattern matches, that portion of the subject string that matched the
+subpattern is passed back to the caller via the \fIovector\fP argument of the
+matching function. (This applies only to the traditional matching functions;
+the DFA matching functions do not support capturing.)
+.P
+Opening parentheses are counted from left to right (starting from 1) to obtain
+numbers for the capturing subpatterns. For example, if the string "the red
+king" is matched against the pattern
+.sp
+  the ((red|white) (king|queen))
+.sp
+the captured substrings are "red king", "red", and "king", and are numbered 1,
+2, and 3, respectively.
+.P
+The fact that plain parentheses fulfil two functions is not always helpful.
+There are often times when a grouping subpattern is required without a
+capturing requirement. If an opening parenthesis is followed by a question mark
+and a colon, the subpattern does not do any capturing, and is not counted when
+computing the number of any subsequent capturing subpatterns. For example, if
+the string "the white queen" is matched against the pattern
+.sp
+  the ((?:red|white) (king|queen))
+.sp
+the captured substrings are "white queen" and "queen", and are numbered 1 and
+2. The maximum number of capturing subpatterns is 65535.
+.P
+As a convenient shorthand, if any option settings are required at the start of
+a non-capturing subpattern, the option letters may appear between the "?" and
+the ":". Thus the two patterns
+.sp
+  (?i:saturday|sunday)
+  (?:(?i)saturday|sunday)
+.sp
+match exactly the same set of strings. Because alternative branches are tried
+from left to right, and options are not reset until the end of the subpattern
+is reached, an option setting in one branch does affect subsequent branches, so
+the above patterns match "SUNDAY" as well as "Saturday".
+.
+.
+.\" HTML <a name="dupsubpatternnumber"></a>
+.SH "DUPLICATE SUBPATTERN NUMBERS"
+.rs
+.sp
+Perl 5.10 introduced a feature whereby each alternative in a subpattern uses
+the same numbers for its capturing parentheses. Such a subpattern starts with
+(?| and is itself a non-capturing subpattern. For example, consider this
+pattern:
+.sp
+  (?|(Sat)ur|(Sun))day
+.sp
+Because the two alternatives are inside a (?| group, both sets of capturing
+parentheses are numbered one. Thus, when the pattern matches, you can look
+at captured substring number one, whichever alternative matched. This construct
+is useful when you want to capture part, but not all, of one of a number of
+alternatives. Inside a (?| group, parentheses are numbered as usual, but the
+number is reset at the start of each branch. The numbers of any capturing
+parentheses that follow the subpattern start after the highest number used in
+any branch. The following example is taken from the Perl documentation. The
+numbers underneath show in which buffer the captured content will be stored.
+.sp
+  # before  ---------------branch-reset----------- after
+  / ( a )  (?| x ( y ) z | (p (q) r) | (t) u (v) ) ( z ) /x
+  # 1            2         2  3        2     3     4
+.sp
+A back reference to a numbered subpattern uses the most recent value that is
+set for that number by any subpattern. The following pattern matches "abcabc"
+or "defdef":
+.sp
+  /(?|(abc)|(def))\e1/
+.sp
+In contrast, a subroutine call to a numbered subpattern always refers to the
+first one in the pattern with the given number. The following pattern matches
+"abcabc" or "defabc":
+.sp
+  /(?|(abc)|(def))(?1)/
+.sp
+If a
+.\" HTML <a href="#conditions">
+.\" </a>
+condition test
+.\"
+for a subpattern's having matched refers to a non-unique number, the test is
+true if any of the subpatterns of that number have matched.
+.P
+An alternative approach to using this "branch reset" feature is to use
+duplicate named subpatterns, as described in the next section.
+.
+.
+.SH "NAMED SUBPATTERNS"
+.rs
+.sp
+Identifying capturing parentheses by number is simple, but it can be very hard
+to keep track of the numbers in complicated regular expressions. Furthermore,
+if an expression is modified, the numbers may change. To help with this
+difficulty, PCRE supports the naming of subpatterns. This feature was not
+added to Perl until release 5.10. Python had the feature earlier, and PCRE
+introduced it at release 4.0, using the Python syntax. PCRE now supports both
+the Perl and the Python syntax. Perl allows identically numbered subpatterns to
+have different names, but PCRE does not.
+.P
+In PCRE, a subpattern can be named in one of three ways: (?<name>...) or
+(?'name'...) as in Perl, or (?P<name>...) as in Python. References to capturing
+parentheses from other parts of the pattern, such as
+.\" HTML <a href="#backreferences">
+.\" </a>
+back references,
+.\"
+.\" HTML <a href="#recursion">
+.\" </a>
+recursion,
+.\"
+and
+.\" HTML <a href="#conditions">
+.\" </a>
+conditions,
+.\"
+can be made by name as well as by number.
+.P
+Names consist of up to 32 alphanumeric characters and underscores, but must
+start with a non-digit. Named capturing parentheses are still allocated numbers
+as well as names, exactly as if the names were not present. The PCRE API
+provides function calls for extracting the name-to-number translation table
+from a compiled pattern. There is also a convenience function for extracting a
+captured substring by name.
+.P
+By default, a name must be unique within a pattern, but it is possible to relax
+this constraint by setting the PCRE_DUPNAMES option at compile time. (Duplicate
+names are also always permitted for subpatterns with the same number, set up as
+described in the previous section.) Duplicate names can be useful for patterns
+where only one instance of the named parentheses can match. Suppose you want to
+match the name of a weekday, either as a 3-letter abbreviation or as the full
+name, and in both cases you want to extract the abbreviation. This pattern
+(ignoring the line breaks) does the job:
+.sp
+  (?<DN>Mon|Fri|Sun)(?:day)?|
+  (?<DN>Tue)(?:sday)?|
+  (?<DN>Wed)(?:nesday)?|
+  (?<DN>Thu)(?:rsday)?|
+  (?<DN>Sat)(?:urday)?
+.sp
+There are five capturing substrings, but only one is ever set after a match.
+(An alternative way of solving this problem is to use a "branch reset"
+subpattern, as described in the previous section.)
+.P
+The convenience function for extracting the data by name returns the substring
+for the first (and in this example, the only) subpattern of that name that
+matched. This saves searching to find which numbered subpattern it was.
+.P
+If you make a back reference to a non-unique named subpattern from elsewhere in
+the pattern, the subpatterns to which the name refers are checked in the order
+in which they appear in the overall pattern. The first one that is set is used
+for the reference. For example, this pattern matches both "foofoo" and
+"barbar" but not "foobar" or "barfoo":
+.sp
+  (?:(?<n>foo)|(?<n>bar))\ek<n>
+.sp
+.P
+If you make a subroutine call to a non-unique named subpattern, the one that
+corresponds to the first occurrence of the name is used. In the absence of
+duplicate numbers (see the previous section) this is the one with the lowest
+number.
+.P
+If you use a named reference in a condition
+test (see the
+.\"
+.\" HTML <a href="#conditions">
+.\" </a>
+section about conditions
+.\"
+below), either to check whether a subpattern has matched, or to check for
+recursion, all subpatterns with the same name are tested. If the condition is
+true for any one of them, the overall condition is true. This is the same
+behaviour as testing by number. For further details of the interfaces for
+handling named subpatterns, see the
+.\" HREF
+\fBpcreapi\fP
+.\"
+documentation.
+.P
+\fBWarning:\fP You cannot use different names to distinguish between two
+subpatterns with the same number because PCRE uses only the numbers when
+matching. For this reason, an error is given at compile time if different names
+are given to subpatterns with the same number. However, you can always give the
+same name to subpatterns with the same number, even when PCRE_DUPNAMES is not
+set.
+.
+.
+.SH REPETITION
+.rs
+.sp
+Repetition is specified by quantifiers, which can follow any of the following
+items:
+.sp
+  a literal data character
+  the dot metacharacter
+  the \eC escape sequence
+  the \eX escape sequence
+  the \eR escape sequence
+  an escape such as \ed or \epL that matches a single character
+  a character class
+  a back reference (see next section)
+  a parenthesized subpattern (including assertions)
+  a subroutine call to a subpattern (recursive or otherwise)
+.sp
+The general repetition quantifier specifies a minimum and maximum number of
+permitted matches, by giving the two numbers in curly brackets (braces),
+separated by a comma. The numbers must be less than 65536, and the first must
+be less than or equal to the second. For example:
+.sp
+  z{2,4}
+.sp
+matches "zz", "zzz", or "zzzz". A closing brace on its own is not a special
+character. If the second number is omitted, but the comma is present, there is
+no upper limit; if the second number and the comma are both omitted, the
+quantifier specifies an exact number of required matches. Thus
+.sp
+  [aeiou]{3,}
+.sp
+matches at least 3 successive vowels, but may match many more, while
+.sp
+  \ed{8}
+.sp
+matches exactly 8 digits. An opening curly bracket that appears in a position
+where a quantifier is not allowed, or one that does not match the syntax of a
+quantifier, is taken as a literal character. For example, {,6} is not a
+quantifier, but a literal string of four characters.
+.P
+In UTF modes, quantifiers apply to characters rather than to individual data
+units. Thus, for example, \ex{100}{2} matches two characters, each of
+which is represented by a two-byte sequence in a UTF-8 string. Similarly,
+\eX{3} matches three Unicode extended grapheme clusters, each of which may be
+several data units long (and they may be of different lengths).
+.P
+The quantifier {0} is permitted, causing the expression to behave as if the
+previous item and the quantifier were not present. This may be useful for
+subpatterns that are referenced as
+.\" HTML <a href="#subpatternsassubroutines">
+.\" </a>
+subroutines
+.\"
+from elsewhere in the pattern (but see also the section entitled
+.\" HTML <a href="#subdefine">
+.\" </a>
+"Defining subpatterns for use by reference only"
+.\"
+below). Items other than subpatterns that have a {0} quantifier are omitted
+from the compiled pattern.
+.P
+For convenience, the three most common quantifiers have single-character
+abbreviations:
+.sp
+  *    is equivalent to {0,}
+  +    is equivalent to {1,}
+  ?    is equivalent to {0,1}
+.sp
+It is possible to construct infinite loops by following a subpattern that can
+match no characters with a quantifier that has no upper limit, for example:
+.sp
+  (a?)*
+.sp
+Earlier versions of Perl and PCRE used to give an error at compile time for
+such patterns. However, because there are cases where this can be useful, such
+patterns are now accepted, but if any repetition of the subpattern does in fact
+match no characters, the loop is forcibly broken.
+.P
+By default, the quantifiers are "greedy", that is, they match as much as
+possible (up to the maximum number of permitted times), without causing the
+rest of the pattern to fail. The classic example of where this gives problems
+is in trying to match comments in C programs. These appear between /* and */
+and within the comment, individual * and / characters may appear. An attempt to
+match C comments by applying the pattern
+.sp
+  /\e*.*\e*/
+.sp
+to the string
+.sp
+  /* first comment */  not comment  /* second comment */
+.sp
+fails, because it matches the entire string owing to the greediness of the .*
+item.
+.P
+However, if a quantifier is followed by a question mark, it ceases to be
+greedy, and instead matches the minimum number of times possible, so the
+pattern
+.sp
+  /\e*.*?\e*/
+.sp
+does the right thing with the C comments. The meaning of the various
+quantifiers is not otherwise changed, just the preferred number of matches.
+Do not confuse this use of question mark with its use as a quantifier in its
+own right. Because it has two uses, it can sometimes appear doubled, as in
+.sp
+  \ed??\ed
+.sp
+which matches one digit by preference, but can match two if that is the only
+way the rest of the pattern matches.
+.P
+If the PCRE_UNGREEDY option is set (an option that is not available in Perl),
+the quantifiers are not greedy by default, but individual ones can be made
+greedy by following them with a question mark. In other words, it inverts the
+default behaviour.
+.P
+When a parenthesized subpattern is quantified with a minimum repeat count that
+is greater than 1 or with a limited maximum, more memory is required for the
+compiled pattern, in proportion to the size of the minimum or maximum.
+.P
+If a pattern starts with .* or .{0,} and the PCRE_DOTALL option (equivalent
+to Perl's /s) is set, thus allowing the dot to match newlines, the pattern is
+implicitly anchored, because whatever follows will be tried against every
+character position in the subject string, so there is no point in retrying the
+overall match at any position after the first. PCRE normally treats such a
+pattern as though it were preceded by \eA.
+.P
+In cases where it is known that the subject string contains no newlines, it is
+worth setting PCRE_DOTALL in order to obtain this optimization, or
+alternatively using ^ to indicate anchoring explicitly.
+.P
+However, there are some cases where the optimization cannot be used. When .*
+is inside capturing parentheses that are the subject of a back reference
+elsewhere in the pattern, a match at the start may fail where a later one
+succeeds. Consider, for example:
+.sp
+  (.*)abc\e1
+.sp
+If the subject is "xyz123abc123" the match point is the fourth character. For
+this reason, such a pattern is not implicitly anchored.
+.P
+Another case where implicit anchoring is not applied is when the leading .* is
+inside an atomic group. Once again, a match at the start may fail where a later
+one succeeds. Consider this pattern:
+.sp
+  (?>.*?a)b
+.sp
+It matches "ab" in the subject "aab". The use of the backtracking control verbs
+(*PRUNE) and (*SKIP) also disable this optimization.
+.P
+When a capturing subpattern is repeated, the value captured is the substring
+that matched the final iteration. For example, after
+.sp
+  (tweedle[dume]{3}\es*)+
+.sp
+has matched "tweedledum tweedledee" the value of the captured substring is
+"tweedledee". However, if there are nested capturing subpatterns, the
+corresponding captured values may have been set in previous iterations. For
+example, after
+.sp
+  /(a|(b))+/
+.sp
+matches "aba" the value of the second captured substring is "b".
+.
+.
+.\" HTML <a name="atomicgroup"></a>
+.SH "ATOMIC GROUPING AND POSSESSIVE QUANTIFIERS"
+.rs
+.sp
+With both maximizing ("greedy") and minimizing ("ungreedy" or "lazy")
+repetition, failure of what follows normally causes the repeated item to be
+re-evaluated to see if a different number of repeats allows the rest of the
+pattern to match. Sometimes it is useful to prevent this, either to change the
+nature of the match, or to cause it fail earlier than it otherwise might, when
+the author of the pattern knows there is no point in carrying on.
+.P
+Consider, for example, the pattern \ed+foo when applied to the subject line
+.sp
+  123456bar
+.sp
+After matching all 6 digits and then failing to match "foo", the normal
+action of the matcher is to try again with only 5 digits matching the \ed+
+item, and then with 4, and so on, before ultimately failing. "Atomic grouping"
+(a term taken from Jeffrey Friedl's book) provides the means for specifying
+that once a subpattern has matched, it is not to be re-evaluated in this way.
+.P
+If we use atomic grouping for the previous example, the matcher gives up
+immediately on failing to match "foo" the first time. The notation is a kind of
+special parenthesis, starting with (?> as in this example:
+.sp
+  (?>\ed+)foo
+.sp
+This kind of parenthesis "locks up" the  part of the pattern it contains once
+it has matched, and a failure further into the pattern is prevented from
+backtracking into it. Backtracking past it to previous items, however, works as
+normal.
+.P
+An alternative description is that a subpattern of this type matches the string
+of characters that an identical standalone pattern would match, if anchored at
+the current point in the subject string.
+.P
+Atomic grouping subpatterns are not capturing subpatterns. Simple cases such as
+the above example can be thought of as a maximizing repeat that must swallow
+everything it can. So, while both \ed+ and \ed+? are prepared to adjust the
+number of digits they match in order to make the rest of the pattern match,
+(?>\ed+) can only match an entire sequence of digits.
+.P
+Atomic groups in general can of course contain arbitrarily complicated
+subpatterns, and can be nested. However, when the subpattern for an atomic
+group is just a single repeated item, as in the example above, a simpler
+notation, called a "possessive quantifier" can be used. This consists of an
+additional + character following a quantifier. Using this notation, the
+previous example can be rewritten as
+.sp
+  \ed++foo
+.sp
+Note that a possessive quantifier can be used with an entire group, for
+example:
+.sp
+  (abc|xyz){2,3}+
+.sp
+Possessive quantifiers are always greedy; the setting of the PCRE_UNGREEDY
+option is ignored. They are a convenient notation for the simpler forms of
+atomic group. However, there is no difference in the meaning of a possessive
+quantifier and the equivalent atomic group, though there may be a performance
+difference; possessive quantifiers should be slightly faster.
+.P
+The possessive quantifier syntax is an extension to the Perl 5.8 syntax.
+Jeffrey Friedl originated the idea (and the name) in the first edition of his
+book. Mike McCloskey liked it, so implemented it when he built Sun's Java
+package, and PCRE copied it from there. It ultimately found its way into Perl
+at release 5.10.
+.P
+PCRE has an optimization that automatically "possessifies" certain simple
+pattern constructs. For example, the sequence A+B is treated as A++B because
+there is no point in backtracking into a sequence of A's when B must follow.
+.P
+When a pattern contains an unlimited repeat inside a subpattern that can itself
+be repeated an unlimited number of times, the use of an atomic group is the
+only way to avoid some failing matches taking a very long time indeed. The
+pattern
+.sp
+  (\eD+|<\ed+>)*[!?]
+.sp
+matches an unlimited number of substrings that either consist of non-digits, or
+digits enclosed in <>, followed by either ! or ?. When it matches, it runs
+quickly. However, if it is applied to
+.sp
+  aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa
+.sp
+it takes a long time before reporting failure. This is because the string can
+be divided between the internal \eD+ repeat and the external * repeat in a
+large number of ways, and all have to be tried. (The example uses [!?] rather
+than a single character at the end, because both PCRE and Perl have an
+optimization that allows for fast failure when a single character is used. They
+remember the last single character that is required for a match, and fail early
+if it is not present in the string.) If the pattern is changed so that it uses
+an atomic group, like this:
+.sp
+  ((?>\eD+)|<\ed+>)*[!?]
+.sp
+sequences of non-digits cannot be broken, and failure happens quickly.
+.
+.
+.\" HTML <a name="backreferences"></a>
+.SH "BACK REFERENCES"
+.rs
+.sp
+Outside a character class, a backslash followed by a digit greater than 0 (and
+possibly further digits) is a back reference to a capturing subpattern earlier
+(that is, to its left) in the pattern, provided there have been that many
+previous capturing left parentheses.
+.P
+However, if the decimal number following the backslash is less than 10, it is
+always taken as a back reference, and causes an error only if there are not
+that many capturing left parentheses in the entire pattern. In other words, the
+parentheses that are referenced need not be to the left of the reference for
+numbers less than 10. A "forward back reference" of this type can make sense
+when a repetition is involved and the subpattern to the right has participated
+in an earlier iteration.
+.P
+It is not possible to have a numerical "forward back reference" to a subpattern
+whose number is 10 or more using this syntax because a sequence such as \e50 is
+interpreted as a character defined in octal. See the subsection entitled
+"Non-printing characters"
+.\" HTML <a href="#digitsafterbackslash">
+.\" </a>
+above
+.\"
+for further details of the handling of digits following a backslash. There is
+no such problem when named parentheses are used. A back reference to any
+subpattern is possible using named parentheses (see below).
+.P
+Another way of avoiding the ambiguity inherent in the use of digits following a
+backslash is to use the \eg escape sequence. This escape must be followed by an
+unsigned number or a negative number, optionally enclosed in braces. These
+examples are all identical:
+.sp
+  (ring), \e1
+  (ring), \eg1
+  (ring), \eg{1}
+.sp
+An unsigned number specifies an absolute reference without the ambiguity that
+is present in the older syntax. It is also useful when literal digits follow
+the reference. A negative number is a relative reference. Consider this
+example:
+.sp
+  (abc(def)ghi)\eg{-1}
+.sp
+The sequence \eg{-1} is a reference to the most recently started capturing
+subpattern before \eg, that is, is it equivalent to \e2 in this example.
+Similarly, \eg{-2} would be equivalent to \e1. The use of relative references
+can be helpful in long patterns, and also in patterns that are created by
+joining together fragments that contain references within themselves.
+.P
+A back reference matches whatever actually matched the capturing subpattern in
+the current subject string, rather than anything matching the subpattern
+itself (see
+.\" HTML <a href="#subpatternsassubroutines">
+.\" </a>
+"Subpatterns as subroutines"
+.\"
+below for a way of doing that). So the pattern
+.sp
+  (sens|respons)e and \e1ibility
+.sp
+matches "sense and sensibility" and "response and responsibility", but not
+"sense and responsibility". If caseful matching is in force at the time of the
+back reference, the case of letters is relevant. For example,
+.sp
+  ((?i)rah)\es+\e1
+.sp
+matches "rah rah" and "RAH RAH", but not "RAH rah", even though the original
+capturing subpattern is matched caselessly.
+.P
+There are several different ways of writing back references to named
+subpatterns. The .NET syntax \ek{name} and the Perl syntax \ek<name> or
+\ek'name' are supported, as is the Python syntax (?P=name). Perl 5.10's unified
+back reference syntax, in which \eg can be used for both numeric and named
+references, is also supported. We could rewrite the above example in any of
+the following ways:
+.sp
+  (?<p1>(?i)rah)\es+\ek<p1>
+  (?'p1'(?i)rah)\es+\ek{p1}
+  (?P<p1>(?i)rah)\es+(?P=p1)
+  (?<p1>(?i)rah)\es+\eg{p1}
+.sp
+A subpattern that is referenced by name may appear in the pattern before or
+after the reference.
+.P
+There may be more than one back reference to the same subpattern. If a
+subpattern has not actually been used in a particular match, any back
+references to it always fail by default. For example, the pattern
+.sp
+  (a|(bc))\e2
+.sp
+always fails if it starts to match "a" rather than "bc". However, if the
+PCRE_JAVASCRIPT_COMPAT option is set at compile time, a back reference to an
+unset value matches an empty string.
+.P
+Because there may be many capturing parentheses in a pattern, all digits
+following a backslash are taken as part of a potential back reference number.
+If the pattern continues with a digit character, some delimiter must be used to
+terminate the back reference. If the PCRE_EXTENDED option is set, this can be
+white space. Otherwise, the \eg{ syntax or an empty comment (see
+.\" HTML <a href="#comments">
+.\" </a>
+"Comments"
+.\"
+below) can be used.
+.
+.SS "Recursive back references"
+.rs
+.sp
+A back reference that occurs inside the parentheses to which it refers fails
+when the subpattern is first used, so, for example, (a\e1) never matches.
+However, such references can be useful inside repeated subpatterns. For
+example, the pattern
+.sp
+  (a|b\e1)+
+.sp
+matches any number of "a"s and also "aba", "ababbaa" etc. At each iteration of
+the subpattern, the back reference matches the character string corresponding
+to the previous iteration. In order for this to work, the pattern must be such
+that the first iteration does not need to match the back reference. This can be
+done using alternation, as in the example above, or by a quantifier with a
+minimum of zero.
+.P
+Back references of this type cause the group that they reference to be treated
+as an
+.\" HTML <a href="#atomicgroup">
+.\" </a>
+atomic group.
+.\"
+Once the whole group has been matched, a subsequent matching failure cannot
+cause backtracking into the middle of the group.
+.
+.
+.\" HTML <a name="bigassertions"></a>
+.SH ASSERTIONS
+.rs
+.sp
+An assertion is a test on the characters following or preceding the current
+matching point that does not actually consume any characters. The simple
+assertions coded as \eb, \eB, \eA, \eG, \eZ, \ez, ^ and $ are described
+.\" HTML <a href="#smallassertions">
+.\" </a>
+above.
+.\"
+.P
+More complicated assertions are coded as subpatterns. There are two kinds:
+those that look ahead of the current position in the subject string, and those
+that look behind it. An assertion subpattern is matched in the normal way,
+except that it does not cause the current matching position to be changed.
+.P
+Assertion subpatterns are not capturing subpatterns. If such an assertion
+contains capturing subpatterns within it, these are counted for the purposes of
+numbering the capturing subpatterns in the whole pattern. However, substring
+capturing is carried out only for positive assertions. (Perl sometimes, but not
+always, does do capturing in negative assertions.)
+.P
+WARNING: If a positive assertion containing one or more capturing subpatterns
+succeeds, but failure to match later in the pattern causes backtracking over
+this assertion, the captures within the assertion are reset only if no higher
+numbered captures are already set. This is, unfortunately, a fundamental
+limitation of the current implementation, and as PCRE1 is now in
+maintenance-only status, it is unlikely ever to change.
+.P
+For compatibility with Perl, assertion subpatterns may be repeated; though
+it makes no sense to assert the same thing several times, the side effect of
+capturing parentheses may occasionally be useful. In practice, there only three
+cases:
+.sp
+(1) If the quantifier is {0}, the assertion is never obeyed during matching.
+However, it may contain internal capturing parenthesized groups that are called
+from elsewhere via the
+.\" HTML <a href="#subpatternsassubroutines">
+.\" </a>
+subroutine mechanism.
+.\"
+.sp
+(2) If quantifier is {0,n} where n is greater than zero, it is treated as if it
+were {0,1}. At run time, the rest of the pattern match is tried with and
+without the assertion, the order depending on the greediness of the quantifier.
+.sp
+(3) If the minimum repetition is greater than zero, the quantifier is ignored.
+The assertion is obeyed just once when encountered during matching.
+.
+.
+.SS "Lookahead assertions"
+.rs
+.sp
+Lookahead assertions start with (?= for positive assertions and (?! for
+negative assertions. For example,
+.sp
+  \ew+(?=;)
+.sp
+matches a word followed by a semicolon, but does not include the semicolon in
+the match, and
+.sp
+  foo(?!bar)
+.sp
+matches any occurrence of "foo" that is not followed by "bar". Note that the
+apparently similar pattern
+.sp
+  (?!foo)bar
+.sp
+does not find an occurrence of "bar" that is preceded by something other than
+"foo"; it finds any occurrence of "bar" whatsoever, because the assertion
+(?!foo) is always true when the next three characters are "bar". A
+lookbehind assertion is needed to achieve the other effect.
+.P
+If you want to force a matching failure at some point in a pattern, the most
+convenient way to do it is with (?!) because an empty string always matches, so
+an assertion that requires there not to be an empty string must always fail.
+The backtracking control verb (*FAIL) or (*F) is a synonym for (?!).
+.
+.
+.\" HTML <a name="lookbehind"></a>
+.SS "Lookbehind assertions"
+.rs
+.sp
+Lookbehind assertions start with (?<= for positive assertions and (?<! for
+negative assertions. For example,
+.sp
+  (?<!foo)bar
+.sp
+does find an occurrence of "bar" that is not preceded by "foo". The contents of
+a lookbehind assertion are restricted such that all the strings it matches must
+have a fixed length. However, if there are several top-level alternatives, they
+do not all have to have the same fixed length. Thus
+.sp
+  (?<=bullock|donkey)
+.sp
+is permitted, but
+.sp
+  (?<!dogs?|cats?)
+.sp
+causes an error at compile time. Branches that match different length strings
+are permitted only at the top level of a lookbehind assertion. This is an
+extension compared with Perl, which requires all branches to match the same
+length of string. An assertion such as
+.sp
+  (?<=ab(c|de))
+.sp
+is not permitted, because its single top-level branch can match two different
+lengths, but it is acceptable to PCRE if rewritten to use two top-level
+branches:
+.sp
+  (?<=abc|abde)
+.sp
+In some cases, the escape sequence \eK
+.\" HTML <a href="#resetmatchstart">
+.\" </a>
+(see above)
+.\"
+can be used instead of a lookbehind assertion to get round the fixed-length
+restriction.
+.P
+The implementation of lookbehind assertions is, for each alternative, to
+temporarily move the current position back by the fixed length and then try to
+match. If there are insufficient characters before the current position, the
+assertion fails.
+.P
+In a UTF mode, PCRE does not allow the \eC escape (which matches a single data
+unit even in a UTF mode) to appear in lookbehind assertions, because it makes
+it impossible to calculate the length of the lookbehind. The \eX and \eR
+escapes, which can match different numbers of data units, are also not
+permitted.
+.P
+.\" HTML <a href="#subpatternsassubroutines">
+.\" </a>
+"Subroutine"
+.\"
+calls (see below) such as (?2) or (?&X) are permitted in lookbehinds, as long
+as the subpattern matches a fixed-length string.
+.\" HTML <a href="#recursion">
+.\" </a>
+Recursion,
+.\"
+however, is not supported.
+.P
+Possessive quantifiers can be used in conjunction with lookbehind assertions to
+specify efficient matching of fixed-length strings at the end of subject
+strings. Consider a simple pattern such as
+.sp
+  abcd$
+.sp
+when applied to a long string that does not match. Because matching proceeds
+from left to right, PCRE will look for each "a" in the subject and then see if
+what follows matches the rest of the pattern. If the pattern is specified as
+.sp
+  ^.*abcd$
+.sp
+the initial .* matches the entire string at first, but when this fails (because
+there is no following "a"), it backtracks to match all but the last character,
+then all but the last two characters, and so on. Once again the search for "a"
+covers the entire string, from right to left, so we are no better off. However,
+if the pattern is written as
+.sp
+  ^.*+(?<=abcd)
+.sp
+there can be no backtracking for the .*+ item; it can match only the entire
+string. The subsequent lookbehind assertion does a single test on the last four
+characters. If it fails, the match fails immediately. For long strings, this
+approach makes a significant difference to the processing time.
+.
+.
+.SS "Using multiple assertions"
+.rs
+.sp
+Several assertions (of any sort) may occur in succession. For example,
+.sp
+  (?<=\ed{3})(?<!999)foo
+.sp
+matches "foo" preceded by three digits that are not "999". Notice that each of
+the assertions is applied independently at the same point in the subject
+string. First there is a check that the previous three characters are all
+digits, and then there is a check that the same three characters are not "999".
+This pattern does \fInot\fP match "foo" preceded by six characters, the first
+of which are digits and the last three of which are not "999". For example, it
+doesn't match "123abcfoo". A pattern to do that is
+.sp
+  (?<=\ed{3}...)(?<!999)foo
+.sp
+This time the first assertion looks at the preceding six characters, checking
+that the first three are digits, and then the second assertion checks that the
+preceding three characters are not "999".
+.P
+Assertions can be nested in any combination. For example,
+.sp
+  (?<=(?<!foo)bar)baz
+.sp
+matches an occurrence of "baz" that is preceded by "bar" which in turn is not
+preceded by "foo", while
+.sp
+  (?<=\ed{3}(?!999)...)foo
+.sp
+is another pattern that matches "foo" preceded by three digits and any three
+characters that are not "999".
+.
+.
+.\" HTML <a name="conditions"></a>
+.SH "CONDITIONAL SUBPATTERNS"
+.rs
+.sp
+It is possible to cause the matching process to obey a subpattern
+conditionally or to choose between two alternative subpatterns, depending on
+the result of an assertion, or whether a specific capturing subpattern has
+already been matched. The two possible forms of conditional subpattern are:
+.sp
+  (?(condition)yes-pattern)
+  (?(condition)yes-pattern|no-pattern)
+.sp
+If the condition is satisfied, the yes-pattern is used; otherwise the
+no-pattern (if present) is used. If there are more than two alternatives in the
+subpattern, a compile-time error occurs. Each of the two alternatives may
+itself contain nested subpatterns of any form, including conditional
+subpatterns; the restriction to two alternatives applies only at the level of
+the condition. This pattern fragment is an example where the alternatives are
+complex:
+.sp
+  (?(1) (A|B|C) | (D | (?(2)E|F) | E) )
+.sp
+.P
+There are four kinds of condition: references to subpatterns, references to
+recursion, a pseudo-condition called DEFINE, and assertions.
+.
+.SS "Checking for a used subpattern by number"
+.rs
+.sp
+If the text between the parentheses consists of a sequence of digits, the
+condition is true if a capturing subpattern of that number has previously
+matched. If there is more than one capturing subpattern with the same number
+(see the earlier
+.\"
+.\" HTML <a href="#recursion">
+.\" </a>
+section about duplicate subpattern numbers),
+.\"
+the condition is true if any of them have matched. An alternative notation is
+to precede the digits with a plus or minus sign. In this case, the subpattern
+number is relative rather than absolute. The most recently opened parentheses
+can be referenced by (?(-1), the next most recent by (?(-2), and so on. Inside
+loops it can also make sense to refer to subsequent groups. The next
+parentheses to be opened can be referenced as (?(+1), and so on. (The value
+zero in any of these forms is not used; it provokes a compile-time error.)
+.P
+Consider the following pattern, which contains non-significant white space to
+make it more readable (assume the PCRE_EXTENDED option) and to divide it into
+three parts for ease of discussion:
+.sp
+  ( \e( )?    [^()]+    (?(1) \e) )
+.sp
+The first part matches an optional opening parenthesis, and if that
+character is present, sets it as the first captured substring. The second part
+matches one or more characters that are not parentheses. The third part is a
+conditional subpattern that tests whether or not the first set of parentheses
+matched. If they did, that is, if subject started with an opening parenthesis,
+the condition is true, and so the yes-pattern is executed and a closing
+parenthesis is required. Otherwise, since no-pattern is not present, the
+subpattern matches nothing. In other words, this pattern matches a sequence of
+non-parentheses, optionally enclosed in parentheses.
+.P
+If you were embedding this pattern in a larger one, you could use a relative
+reference:
+.sp
+  ...other stuff... ( \e( )?    [^()]+    (?(-1) \e) ) ...
+.sp
+This makes the fragment independent of the parentheses in the larger pattern.
+.
+.SS "Checking for a used subpattern by name"
+.rs
+.sp
+Perl uses the syntax (?(<name>)...) or (?('name')...) to test for a used
+subpattern by name. For compatibility with earlier versions of PCRE, which had
+this facility before Perl, the syntax (?(name)...) is also recognized.
+.P
+Rewriting the above example to use a named subpattern gives this:
+.sp
+  (?<OPEN> \e( )?    [^()]+    (?(<OPEN>) \e) )
+.sp
+If the name used in a condition of this kind is a duplicate, the test is
+applied to all subpatterns of the same name, and is true if any one of them has
+matched.
+.
+.SS "Checking for pattern recursion"
+.rs
+.sp
+If the condition is the string (R), and there is no subpattern with the name R,
+the condition is true if a recursive call to the whole pattern or any
+subpattern has been made. If digits or a name preceded by ampersand follow the
+letter R, for example:
+.sp
+  (?(R3)...) or (?(R&name)...)
+.sp
+the condition is true if the most recent recursion is into a subpattern whose
+number or name is given. This condition does not check the entire recursion
+stack. If the name used in a condition of this kind is a duplicate, the test is
+applied to all subpatterns of the same name, and is true if any one of them is
+the most recent recursion.
+.P
+At "top level", all these recursion test conditions are false.
+.\" HTML <a href="#recursion">
+.\" </a>
+The syntax for recursive patterns
+.\"
+is described below.
+.
+.\" HTML <a name="subdefine"></a>
+.SS "Defining subpatterns for use by reference only"
+.rs
+.sp
+If the condition is the string (DEFINE), and there is no subpattern with the
+name DEFINE, the condition is always false. In this case, there may be only one
+alternative in the subpattern. It is always skipped if control reaches this
+point in the pattern; the idea of DEFINE is that it can be used to define
+subroutines that can be referenced from elsewhere. (The use of
+.\" HTML <a href="#subpatternsassubroutines">
+.\" </a>
+subroutines
+.\"
+is described below.) For example, a pattern to match an IPv4 address such as
+"192.168.23.245" could be written like this (ignore white space and line
+breaks):
+.sp
+  (?(DEFINE) (?<byte> 2[0-4]\ed | 25[0-5] | 1\ed\ed | [1-9]?\ed) )
+  \eb (?&byte) (\e.(?&byte)){3} \eb
+.sp
+The first part of the pattern is a DEFINE group inside which a another group
+named "byte" is defined. This matches an individual component of an IPv4
+address (a number less than 256). When matching takes place, this part of the
+pattern is skipped because DEFINE acts like a false condition. The rest of the
+pattern uses references to the named group to match the four dot-separated
+components of an IPv4 address, insisting on a word boundary at each end.
+.
+.SS "Assertion conditions"
+.rs
+.sp
+If the condition is not in any of the above formats, it must be an assertion.
+This may be a positive or negative lookahead or lookbehind assertion. Consider
+this pattern, again containing non-significant white space, and with the two
+alternatives on the second line:
+.sp
+  (?(?=[^a-z]*[a-z])
+  \ed{2}-[a-z]{3}-\ed{2}  |  \ed{2}-\ed{2}-\ed{2} )
+.sp
+The condition is a positive lookahead assertion that matches an optional
+sequence of non-letters followed by a letter. In other words, it tests for the
+presence of at least one letter in the subject. If a letter is found, the
+subject is matched against the first alternative; otherwise it is matched
+against the second. This pattern matches strings in one of the two forms
+dd-aaa-dd or dd-dd-dd, where aaa are letters and dd are digits.
+.
+.
+.\" HTML <a name="comments"></a>
+.SH COMMENTS
+.rs
+.sp
+There are two ways of including comments in patterns that are processed by
+PCRE. In both cases, the start of the comment must not be in a character class,
+nor in the middle of any other sequence of related characters such as (?: or a
+subpattern name or number. The characters that make up a comment play no part
+in the pattern matching.
+.P
+The sequence (?# marks the start of a comment that continues up to the next
+closing parenthesis. Nested parentheses are not permitted. If the PCRE_EXTENDED
+option is set, an unescaped # character also introduces a comment, which in
+this case continues to immediately after the next newline character or
+character sequence in the pattern. Which characters are interpreted as newlines
+is controlled by the options passed to a compiling function or by a special
+sequence at the start of the pattern, as described in the section entitled
+.\" HTML <a href="#newlines">
+.\" </a>
+"Newline conventions"
+.\"
+above. Note that the end of this type of comment is a literal newline sequence
+in the pattern; escape sequences that happen to represent a newline do not
+count. For example, consider this pattern when PCRE_EXTENDED is set, and the
+default newline convention is in force:
+.sp
+  abc #comment \en still comment
+.sp
+On encountering the # character, \fBpcre_compile()\fP skips along, looking for
+a newline in the pattern. The sequence \en is still literal at this stage, so
+it does not terminate the comment. Only an actual character with the code value
+0x0a (the default newline) does so.
+.
+.
+.\" HTML <a name="recursion"></a>
+.SH "RECURSIVE PATTERNS"
+.rs
+.sp
+Consider the problem of matching a string in parentheses, allowing for
+unlimited nested parentheses. Without the use of recursion, the best that can
+be done is to use a pattern that matches up to some fixed depth of nesting. It
+is not possible to handle an arbitrary nesting depth.
+.P
+For some time, Perl has provided a facility that allows regular expressions to
+recurse (amongst other things). It does this by interpolating Perl code in the
+expression at run time, and the code can refer to the expression itself. A Perl
+pattern using code interpolation to solve the parentheses problem can be
+created like this:
+.sp
+  $re = qr{\e( (?: (?>[^()]+) | (?p{$re}) )* \e)}x;
+.sp
+The (?p{...}) item interpolates Perl code at run time, and in this case refers
+recursively to the pattern in which it appears.
+.P
+Obviously, PCRE cannot support the interpolation of Perl code. Instead, it
+supports special syntax for recursion of the entire pattern, and also for
+individual subpattern recursion. After its introduction in PCRE and Python,
+this kind of recursion was subsequently introduced into Perl at release 5.10.
+.P
+A special item that consists of (? followed by a number greater than zero and a
+closing parenthesis is a recursive subroutine call of the subpattern of the
+given number, provided that it occurs inside that subpattern. (If not, it is a
+.\" HTML <a href="#subpatternsassubroutines">
+.\" </a>
+non-recursive subroutine
+.\"
+call, which is described in the next section.) The special item (?R) or (?0) is
+a recursive call of the entire regular expression.
+.P
+This PCRE pattern solves the nested parentheses problem (assume the
+PCRE_EXTENDED option is set so that white space is ignored):
+.sp
+  \e( ( [^()]++ | (?R) )* \e)
+.sp
+First it matches an opening parenthesis. Then it matches any number of
+substrings which can either be a sequence of non-parentheses, or a recursive
+match of the pattern itself (that is, a correctly parenthesized substring).
+Finally there is a closing parenthesis. Note the use of a possessive quantifier
+to avoid backtracking into sequences of non-parentheses.
+.P
+If this were part of a larger pattern, you would not want to recurse the entire
+pattern, so instead you could use this:
+.sp
+  ( \e( ( [^()]++ | (?1) )* \e) )
+.sp
+We have put the pattern into parentheses, and caused the recursion to refer to
+them instead of the whole pattern.
+.P
+In a larger pattern, keeping track of parenthesis numbers can be tricky. This
+is made easier by the use of relative references. Instead of (?1) in the
+pattern above you can write (?-2) to refer to the second most recently opened
+parentheses preceding the recursion. In other words, a negative number counts
+capturing parentheses leftwards from the point at which it is encountered.
+.P
+It is also possible to refer to subsequently opened parentheses, by writing
+references such as (?+2). However, these cannot be recursive because the
+reference is not inside the parentheses that are referenced. They are always
+.\" HTML <a href="#subpatternsassubroutines">
+.\" </a>
+non-recursive subroutine
+.\"
+calls, as described in the next section.
+.P
+An alternative approach is to use named parentheses instead. The Perl syntax
+for this is (?&name); PCRE's earlier syntax (?P>name) is also supported. We
+could rewrite the above example as follows:
+.sp
+  (?<pn> \e( ( [^()]++ | (?&pn) )* \e) )
+.sp
+If there is more than one subpattern with the same name, the earliest one is
+used.
+.P
+This particular example pattern that we have been looking at contains nested
+unlimited repeats, and so the use of a possessive quantifier for matching
+strings of non-parentheses is important when applying the pattern to strings
+that do not match. For example, when this pattern is applied to
+.sp
+  (aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa()
+.sp
+it yields "no match" quickly. However, if a possessive quantifier is not used,
+the match runs for a very long time indeed because there are so many different
+ways the + and * repeats can carve up the subject, and all have to be tested
+before failure can be reported.
+.P
+At the end of a match, the values of capturing parentheses are those from
+the outermost level. If you want to obtain intermediate values, a callout
+function can be used (see below and the
+.\" HREF
+\fBpcrecallout\fP
+.\"
+documentation). If the pattern above is matched against
+.sp
+  (ab(cd)ef)
+.sp
+the value for the inner capturing parentheses (numbered 2) is "ef", which is
+the last value taken on at the top level. If a capturing subpattern is not
+matched at the top level, its final captured value is unset, even if it was
+(temporarily) set at a deeper level during the matching process.
+.P
+If there are more than 15 capturing parentheses in a pattern, PCRE has to
+obtain extra memory to store data during a recursion, which it does by using
+\fBpcre_malloc\fP, freeing it via \fBpcre_free\fP afterwards. If no memory can
+be obtained, the match fails with the PCRE_ERROR_NOMEMORY error.
+.P
+Do not confuse the (?R) item with the condition (R), which tests for recursion.
+Consider this pattern, which matches text in angle brackets, allowing for
+arbitrary nesting. Only digits are allowed in nested brackets (that is, when
+recursing), whereas any characters are permitted at the outer level.
+.sp
+  < (?: (?(R) \ed++  | [^<>]*+) | (?R)) * >
+.sp
+In this pattern, (?(R) is the start of a conditional subpattern, with two
+different alternatives for the recursive and non-recursive cases. The (?R) item
+is the actual recursive call.
+.
+.
+.\" HTML <a name="recursiondifference"></a>
+.SS "Differences in recursion processing between PCRE and Perl"
+.rs
+.sp
+Recursion processing in PCRE differs from Perl in two important ways. In PCRE
+(like Python, but unlike Perl), a recursive subpattern call is always treated
+as an atomic group. That is, once it has matched some of the subject string, it
+is never re-entered, even if it contains untried alternatives and there is a
+subsequent matching failure. This can be illustrated by the following pattern,
+which purports to match a palindromic string that contains an odd number of
+characters (for example, "a", "aba", "abcba", "abcdcba"):
+.sp
+  ^(.|(.)(?1)\e2)$
+.sp
+The idea is that it either matches a single character, or two identical
+characters surrounding a sub-palindrome. In Perl, this pattern works; in PCRE
+it does not if the pattern is longer than three characters. Consider the
+subject string "abcba":
+.P
+At the top level, the first character is matched, but as it is not at the end
+of the string, the first alternative fails; the second alternative is taken
+and the recursion kicks in. The recursive call to subpattern 1 successfully
+matches the next character ("b"). (Note that the beginning and end of line
+tests are not part of the recursion).
+.P
+Back at the top level, the next character ("c") is compared with what
+subpattern 2 matched, which was "a". This fails. Because the recursion is
+treated as an atomic group, there are now no backtracking points, and so the
+entire match fails. (Perl is able, at this point, to re-enter the recursion and
+try the second alternative.) However, if the pattern is written with the
+alternatives in the other order, things are different:
+.sp
+  ^((.)(?1)\e2|.)$
+.sp
+This time, the recursing alternative is tried first, and continues to recurse
+until it runs out of characters, at which point the recursion fails. But this
+time we do have another alternative to try at the higher level. That is the big
+difference: in the previous case the remaining alternative is at a deeper
+recursion level, which PCRE cannot use.
+.P
+To change the pattern so that it matches all palindromic strings, not just
+those with an odd number of characters, it is tempting to change the pattern to
+this:
+.sp
+  ^((.)(?1)\e2|.?)$
+.sp
+Again, this works in Perl, but not in PCRE, and for the same reason. When a
+deeper recursion has matched a single character, it cannot be entered again in
+order to match an empty string. The solution is to separate the two cases, and
+write out the odd and even cases as alternatives at the higher level:
+.sp
+  ^(?:((.)(?1)\e2|)|((.)(?3)\e4|.))
+.sp
+If you want to match typical palindromic phrases, the pattern has to ignore all
+non-word characters, which can be done like this:
+.sp
+  ^\eW*+(?:((.)\eW*+(?1)\eW*+\e2|)|((.)\eW*+(?3)\eW*+\e4|\eW*+.\eW*+))\eW*+$
+.sp
+If run with the PCRE_CASELESS option, this pattern matches phrases such as "A
+man, a plan, a canal: Panama!" and it works well in both PCRE and Perl. Note
+the use of the possessive quantifier *+ to avoid backtracking into sequences of
+non-word characters. Without this, PCRE takes a great deal longer (ten times or
+more) to match typical phrases, and Perl takes so long that you think it has
+gone into a loop.
+.P
+\fBWARNING\fP: The palindrome-matching patterns above work only if the subject
+string does not start with a palindrome that is shorter than the entire string.
+For example, although "abcba" is correctly matched, if the subject is "ababa",
+PCRE finds the palindrome "aba" at the start, then fails at top level because
+the end of the string does not follow. Once again, it cannot jump back into the
+recursion to try other alternatives, so the entire match fails.
+.P
+The second way in which PCRE and Perl differ in their recursion processing is
+in the handling of captured values. In Perl, when a subpattern is called
+recursively or as a subpattern (see the next section), it has no access to any
+values that were captured outside the recursion, whereas in PCRE these values
+can be referenced. Consider this pattern:
+.sp
+  ^(.)(\e1|a(?2))
+.sp
+In PCRE, this pattern matches "bab". The first capturing parentheses match "b",
+then in the second group, when the back reference \e1 fails to match "b", the
+second alternative matches "a" and then recurses. In the recursion, \e1 does
+now match "b" and so the whole match succeeds. In Perl, the pattern fails to
+match because inside the recursive call \e1 cannot access the externally set
+value.
+.
+.
+.\" HTML <a name="subpatternsassubroutines"></a>
+.SH "SUBPATTERNS AS SUBROUTINES"
+.rs
+.sp
+If the syntax for a recursive subpattern call (either by number or by
+name) is used outside the parentheses to which it refers, it operates like a
+subroutine in a programming language. The called subpattern may be defined
+before or after the reference. A numbered reference can be absolute or
+relative, as in these examples:
+.sp
+  (...(absolute)...)...(?2)...
+  (...(relative)...)...(?-1)...
+  (...(?+1)...(relative)...
+.sp
+An earlier example pointed out that the pattern
+.sp
+  (sens|respons)e and \e1ibility
+.sp
+matches "sense and sensibility" and "response and responsibility", but not
+"sense and responsibility". If instead the pattern
+.sp
+  (sens|respons)e and (?1)ibility
+.sp
+is used, it does match "sense and responsibility" as well as the other two
+strings. Another example is given in the discussion of DEFINE above.
+.P
+All subroutine calls, whether recursive or not, are always treated as atomic
+groups. That is, once a subroutine has matched some of the subject string, it
+is never re-entered, even if it contains untried alternatives and there is a
+subsequent matching failure. Any capturing parentheses that are set during the
+subroutine call revert to their previous values afterwards.
+.P
+Processing options such as case-independence are fixed when a subpattern is
+defined, so if it is used as a subroutine, such options cannot be changed for
+different calls. For example, consider this pattern:
+.sp
+  (abc)(?i:(?-1))
+.sp
+It matches "abcabc". It does not match "abcABC" because the change of
+processing option does not affect the called subpattern.
+.
+.
+.\" HTML <a name="onigurumasubroutines"></a>
+.SH "ONIGURUMA SUBROUTINE SYNTAX"
+.rs
+.sp
+For compatibility with Oniguruma, the non-Perl syntax \eg followed by a name or
+a number enclosed either in angle brackets or single quotes, is an alternative
+syntax for referencing a subpattern as a subroutine, possibly recursively. Here
+are two of the examples used above, rewritten using this syntax:
+.sp
+  (?<pn> \e( ( (?>[^()]+) | \eg<pn> )* \e) )
+  (sens|respons)e and \eg'1'ibility
+.sp
+PCRE supports an extension to Oniguruma: if a number is preceded by a
+plus or a minus sign it is taken as a relative reference. For example:
+.sp
+  (abc)(?i:\eg<-1>)
+.sp
+Note that \eg{...} (Perl syntax) and \eg<...> (Oniguruma syntax) are \fInot\fP
+synonymous. The former is a back reference; the latter is a subroutine call.
+.
+.
+.SH CALLOUTS
+.rs
+.sp
+Perl has a feature whereby using the sequence (?{...}) causes arbitrary Perl
+code to be obeyed in the middle of matching a regular expression. This makes it
+possible, amongst other things, to extract different substrings that match the
+same pair of parentheses when there is a repetition.
+.P
+PCRE provides a similar feature, but of course it cannot obey arbitrary Perl
+code. The feature is called "callout". The caller of PCRE provides an external
+function by putting its entry point in the global variable \fIpcre_callout\fP
+(8-bit library) or \fIpcre[16|32]_callout\fP (16-bit or 32-bit library).
+By default, this variable contains NULL, which disables all calling out.
+.P
+Within a regular expression, (?C) indicates the points at which the external
+function is to be called. If you want to identify different callout points, you
+can put a number less than 256 after the letter C. The default value is zero.
+For example, this pattern has two callout points:
+.sp
+  (?C1)abc(?C2)def
+.sp
+If the PCRE_AUTO_CALLOUT flag is passed to a compiling function, callouts are
+automatically installed before each item in the pattern. They are all numbered
+255. If there is a conditional group in the pattern whose condition is an
+assertion, an additional callout is inserted just before the condition. An
+explicit callout may also be set at this position, as in this example:
+.sp
+  (?(?C9)(?=a)abc|def)
+.sp
+Note that this applies only to assertion conditions, not to other types of
+condition.
+.P
+During matching, when PCRE reaches a callout point, the external function is
+called. It is provided with the number of the callout, the position in the
+pattern, and, optionally, one item of data originally supplied by the caller of
+the matching function. The callout function may cause matching to proceed, to
+backtrack, or to fail altogether.
+.P
+By default, PCRE implements a number of optimizations at compile time and
+matching time, and one side-effect is that sometimes callouts are skipped. If
+you need all possible callouts to happen, you need to set options that disable
+the relevant optimizations. More details, and a complete description of the
+interface to the callout function, are given in the
+.\" HREF
+\fBpcrecallout\fP
+.\"
+documentation.
+.
+.
+.\" HTML <a name="backtrackcontrol"></a>
+.SH "BACKTRACKING CONTROL"
+.rs
+.sp
+Perl 5.10 introduced a number of "Special Backtracking Control Verbs", which
+are still described in the Perl documentation as "experimental and subject to
+change or removal in a future version of Perl". It goes on to say: "Their usage
+in production code should be noted to avoid problems during upgrades." The same
+remarks apply to the PCRE features described in this section.
+.P
+The new verbs make use of what was previously invalid syntax: an opening
+parenthesis followed by an asterisk. They are generally of the form
+(*VERB) or (*VERB:NAME). Some may take either form, possibly behaving
+differently depending on whether or not a name is present. A name is any
+sequence of characters that does not include a closing parenthesis. The maximum
+length of name is 255 in the 8-bit library and 65535 in the 16-bit and 32-bit
+libraries. If the name is empty, that is, if the closing parenthesis
+immediately follows the colon, the effect is as if the colon were not there.
+Any number of these verbs may occur in a pattern.
+.P
+Since these verbs are specifically related to backtracking, most of them can be
+used only when the pattern is to be matched using one of the traditional
+matching functions, because these use a backtracking algorithm. With the
+exception of (*FAIL), which behaves like a failing negative assertion, the
+backtracking control verbs cause an error if encountered by a DFA matching
+function.
+.P
+The behaviour of these verbs in
+.\" HTML <a href="#btrepeat">
+.\" </a>
+repeated groups,
+.\"
+.\" HTML <a href="#btassert">
+.\" </a>
+assertions,
+.\"
+and in
+.\" HTML <a href="#btsub">
+.\" </a>
+subpatterns called as subroutines
+.\"
+(whether or not recursively) is documented below.
+.
+.
+.\" HTML <a name="nooptimize"></a>
+.SS "Optimizations that affect backtracking verbs"
+.rs
+.sp
+PCRE contains some optimizations that are used to speed up matching by running
+some checks at the start of each match attempt. For example, it may know the
+minimum length of matching subject, or that a particular character must be
+present. When one of these optimizations bypasses the running of a match, any
+included backtracking verbs will not, of course, be processed. You can suppress
+the start-of-match optimizations by setting the PCRE_NO_START_OPTIMIZE option
+when calling \fBpcre_compile()\fP or \fBpcre_exec()\fP, or by starting the
+pattern with (*NO_START_OPT). There is more discussion of this option in the
+section entitled
+.\" HTML <a href="pcreapi.html#execoptions">
+.\" </a>
+"Option bits for \fBpcre_exec()\fP"
+.\"
+in the
+.\" HREF
+\fBpcreapi\fP
+.\"
+documentation.
+.P
+Experiments with Perl suggest that it too has similar optimizations, sometimes
+leading to anomalous results.
+.
+.
+.SS "Verbs that act immediately"
+.rs
+.sp
+The following verbs act as soon as they are encountered. They may not be
+followed by a name.
+.sp
+   (*ACCEPT)
+.sp
+This verb causes the match to end successfully, skipping the remainder of the
+pattern. However, when it is inside a subpattern that is called as a
+subroutine, only that subpattern is ended successfully. Matching then continues
+at the outer level. If (*ACCEPT) in triggered in a positive assertion, the
+assertion succeeds; in a negative assertion, the assertion fails.
+.P
+If (*ACCEPT) is inside capturing parentheses, the data so far is captured. For
+example:
+.sp
+  A((?:A|B(*ACCEPT)|C)D)
+.sp
+This matches "AB", "AAD", or "ACD"; when it matches "AB", "B" is captured by
+the outer parentheses.
+.sp
+  (*FAIL) or (*F)
+.sp
+This verb causes a matching failure, forcing backtracking to occur. It is
+equivalent to (?!) but easier to read. The Perl documentation notes that it is
+probably useful only when combined with (?{}) or (??{}). Those are, of course,
+Perl features that are not present in PCRE. The nearest equivalent is the
+callout feature, as for example in this pattern:
+.sp
+  a+(?C)(*FAIL)
+.sp
+A match with the string "aaaa" always fails, but the callout is taken before
+each backtrack happens (in this example, 10 times).
+.
+.
+.SS "Recording which path was taken"
+.rs
+.sp
+There is one verb whose main purpose is to track how a match was arrived at,
+though it also has a secondary use in conjunction with advancing the match
+starting point (see (*SKIP) below).
+.sp
+  (*MARK:NAME) or (*:NAME)
+.sp
+A name is always required with this verb. There may be as many instances of
+(*MARK) as you like in a pattern, and their names do not have to be unique.
+.P
+When a match succeeds, the name of the last-encountered (*MARK:NAME),
+(*PRUNE:NAME), or (*THEN:NAME) on the matching path is passed back to the
+caller as described in the section entitled
+.\" HTML <a href="pcreapi.html#extradata">
+.\" </a>
+"Extra data for \fBpcre_exec()\fP"
+.\"
+in the
+.\" HREF
+\fBpcreapi\fP
+.\"
+documentation. Here is an example of \fBpcretest\fP output, where the /K
+modifier requests the retrieval and outputting of (*MARK) data:
+.sp
+    re> /X(*MARK:A)Y|X(*MARK:B)Z/K
+  data> XY
+   0: XY
+  MK: A
+  XZ
+   0: XZ
+  MK: B
+.sp
+The (*MARK) name is tagged with "MK:" in this output, and in this example it
+indicates which of the two alternatives matched. This is a more efficient way
+of obtaining this information than putting each alternative in its own
+capturing parentheses.
+.P
+If a verb with a name is encountered in a positive assertion that is true, the
+name is recorded and passed back if it is the last-encountered. This does not
+happen for negative assertions or failing positive assertions.
+.P
+After a partial match or a failed match, the last encountered name in the
+entire match process is returned. For example:
+.sp
+    re> /X(*MARK:A)Y|X(*MARK:B)Z/K
+  data> XP
+  No match, mark = B
+.sp
+Note that in this unanchored example the mark is retained from the match
+attempt that started at the letter "X" in the subject. Subsequent match
+attempts starting at "P" and then with an empty string do not get as far as the
+(*MARK) item, but nevertheless do not reset it.
+.P
+If you are interested in (*MARK) values after failed matches, you should
+probably set the PCRE_NO_START_OPTIMIZE option
+.\" HTML <a href="#nooptimize">
+.\" </a>
+(see above)
+.\"
+to ensure that the match is always attempted.
+.
+.
+.SS "Verbs that act after backtracking"
+.rs
+.sp
+The following verbs do nothing when they are encountered. Matching continues
+with what follows, but if there is no subsequent match, causing a backtrack to
+the verb, a failure is forced. That is, backtracking cannot pass to the left of
+the verb. However, when one of these verbs appears inside an atomic group or an
+assertion that is true, its effect is confined to that group, because once the
+group has been matched, there is never any backtracking into it. In this
+situation, backtracking can "jump back" to the left of the entire atomic group
+or assertion. (Remember also, as stated above, that this localization also
+applies in subroutine calls.)
+.P
+These verbs differ in exactly what kind of failure occurs when backtracking
+reaches them. The behaviour described below is what happens when the verb is
+not in a subroutine or an assertion. Subsequent sections cover these special
+cases.
+.sp
+  (*COMMIT)
+.sp
+This verb, which may not be followed by a name, causes the whole match to fail
+outright if there is a later matching failure that causes backtracking to reach
+it. Even if the pattern is unanchored, no further attempts to find a match by
+advancing the starting point take place. If (*COMMIT) is the only backtracking
+verb that is encountered, once it has been passed \fBpcre_exec()\fP is
+committed to finding a match at the current starting point, or not at all. For
+example:
+.sp
+  a+(*COMMIT)b
+.sp
+This matches "xxaab" but not "aacaab". It can be thought of as a kind of
+dynamic anchor, or "I've started, so I must finish." The name of the most
+recently passed (*MARK) in the path is passed back when (*COMMIT) forces a
+match failure.
+.P
+If there is more than one backtracking verb in a pattern, a different one that
+follows (*COMMIT) may be triggered first, so merely passing (*COMMIT) during a
+match does not always guarantee that a match must be at this starting point.
+.P
+Note that (*COMMIT) at the start of a pattern is not the same as an anchor,
+unless PCRE's start-of-match optimizations are turned off, as shown in this
+output from \fBpcretest\fP:
+.sp
+    re> /(*COMMIT)abc/
+  data> xyzabc
+   0: abc
+  data> xyzabc\eY
+  No match
+.sp
+For this pattern, PCRE knows that any match must start with "a", so the
+optimization skips along the subject to "a" before applying the pattern to the
+first set of data. The match attempt then succeeds. In the second set of data,
+the escape sequence \eY is interpreted by the \fBpcretest\fP program. It causes
+the PCRE_NO_START_OPTIMIZE option to be set when \fBpcre_exec()\fP is called.
+This disables the optimization that skips along to the first character. The
+pattern is now applied starting at "x", and so the (*COMMIT) causes the match
+to fail without trying any other starting points.
+.sp
+  (*PRUNE) or (*PRUNE:NAME)
+.sp
+This verb causes the match to fail at the current starting position in the
+subject if there is a later matching failure that causes backtracking to reach
+it. If the pattern is unanchored, the normal "bumpalong" advance to the next
+starting character then happens. Backtracking can occur as usual to the left of
+(*PRUNE), before it is reached, or when matching to the right of (*PRUNE), but
+if there is no match to the right, backtracking cannot cross (*PRUNE). In
+simple cases, the use of (*PRUNE) is just an alternative to an atomic group or
+possessive quantifier, but there are some uses of (*PRUNE) that cannot be
+expressed in any other way. In an anchored pattern (*PRUNE) has the same effect
+as (*COMMIT).
+.P
+The behaviour of (*PRUNE:NAME) is the not the same as (*MARK:NAME)(*PRUNE).
+It is like (*MARK:NAME) in that the name is remembered for passing back to the
+caller. However, (*SKIP:NAME) searches only for names set with (*MARK).
+.sp
+  (*SKIP)
+.sp
+This verb, when given without a name, is like (*PRUNE), except that if the
+pattern is unanchored, the "bumpalong" advance is not to the next character,
+but to the position in the subject where (*SKIP) was encountered. (*SKIP)
+signifies that whatever text was matched leading up to it cannot be part of a
+successful match. Consider:
+.sp
+  a+(*SKIP)b
+.sp
+If the subject is "aaaac...", after the first match attempt fails (starting at
+the first character in the string), the starting point skips on to start the
+next attempt at "c". Note that a possessive quantifer does not have the same
+effect as this example; although it would suppress backtracking during the
+first match attempt, the second attempt would start at the second character
+instead of skipping on to "c".
+.sp
+  (*SKIP:NAME)
+.sp
+When (*SKIP) has an associated name, its behaviour is modified. When it is
+triggered, the previous path through the pattern is searched for the most
+recent (*MARK) that has the same name. If one is found, the "bumpalong" advance
+is to the subject position that corresponds to that (*MARK) instead of to where
+(*SKIP) was encountered. If no (*MARK) with a matching name is found, the
+(*SKIP) is ignored.
+.P
+Note that (*SKIP:NAME) searches only for names set by (*MARK:NAME). It ignores
+names that are set by (*PRUNE:NAME) or (*THEN:NAME).
+.sp
+  (*THEN) or (*THEN:NAME)
+.sp
+This verb causes a skip to the next innermost alternative when backtracking
+reaches it. That is, it cancels any further backtracking within the current
+alternative. Its name comes from the observation that it can be used for a
+pattern-based if-then-else block:
+.sp
+  ( COND1 (*THEN) FOO | COND2 (*THEN) BAR | COND3 (*THEN) BAZ ) ...
+.sp
+If the COND1 pattern matches, FOO is tried (and possibly further items after
+the end of the group if FOO succeeds); on failure, the matcher skips to the
+second alternative and tries COND2, without backtracking into COND1. If that
+succeeds and BAR fails, COND3 is tried. If subsequently BAZ fails, there are no
+more alternatives, so there is a backtrack to whatever came before the entire
+group. If (*THEN) is not inside an alternation, it acts like (*PRUNE).
+.P
+The behaviour of (*THEN:NAME) is the not the same as (*MARK:NAME)(*THEN).
+It is like (*MARK:NAME) in that the name is remembered for passing back to the
+caller. However, (*SKIP:NAME) searches only for names set with (*MARK).
+.P
+A subpattern that does not contain a | character is just a part of the
+enclosing alternative; it is not a nested alternation with only one
+alternative. The effect of (*THEN) extends beyond such a subpattern to the
+enclosing alternative. Consider this pattern, where A, B, etc. are complex
+pattern fragments that do not contain any | characters at this level:
+.sp
+  A (B(*THEN)C) | D
+.sp
+If A and B are matched, but there is a failure in C, matching does not
+backtrack into A; instead it moves to the next alternative, that is, D.
+However, if the subpattern containing (*THEN) is given an alternative, it
+behaves differently:
+.sp
+  A (B(*THEN)C | (*FAIL)) | D
+.sp
+The effect of (*THEN) is now confined to the inner subpattern. After a failure
+in C, matching moves to (*FAIL), which causes the whole subpattern to fail
+because there are no more alternatives to try. In this case, matching does now
+backtrack into A.
+.P
+Note that a conditional subpattern is not considered as having two
+alternatives, because only one is ever used. In other words, the | character in
+a conditional subpattern has a different meaning. Ignoring white space,
+consider:
+.sp
+  ^.*? (?(?=a) a | b(*THEN)c )
+.sp
+If the subject is "ba", this pattern does not match. Because .*? is ungreedy,
+it initially matches zero characters. The condition (?=a) then fails, the
+character "b" is matched, but "c" is not. At this point, matching does not
+backtrack to .*? as might perhaps be expected from the presence of the |
+character. The conditional subpattern is part of the single alternative that
+comprises the whole pattern, and so the match fails. (If there was a backtrack
+into .*?, allowing it to match "b", the match would succeed.)
+.P
+The verbs just described provide four different "strengths" of control when
+subsequent matching fails. (*THEN) is the weakest, carrying on the match at the
+next alternative. (*PRUNE) comes next, failing the match at the current
+starting position, but allowing an advance to the next character (for an
+unanchored pattern). (*SKIP) is similar, except that the advance may be more
+than one character. (*COMMIT) is the strongest, causing the entire match to
+fail.
+.
+.
+.SS "More than one backtracking verb"
+.rs
+.sp
+If more than one backtracking verb is present in a pattern, the one that is
+backtracked onto first acts. For example, consider this pattern, where A, B,
+etc. are complex pattern fragments:
+.sp
+  (A(*COMMIT)B(*THEN)C|ABD)
+.sp
+If A matches but B fails, the backtrack to (*COMMIT) causes the entire match to
+fail. However, if A and B match, but C fails, the backtrack to (*THEN) causes
+the next alternative (ABD) to be tried. This behaviour is consistent, but is
+not always the same as Perl's. It means that if two or more backtracking verbs
+appear in succession, all the the last of them has no effect. Consider this
+example:
+.sp
+  ...(*COMMIT)(*PRUNE)...
+.sp
+If there is a matching failure to the right, backtracking onto (*PRUNE) causes
+it to be triggered, and its action is taken. There can never be a backtrack
+onto (*COMMIT).
+.
+.
+.\" HTML <a name="btrepeat"></a>
+.SS "Backtracking verbs in repeated groups"
+.rs
+.sp
+PCRE differs from Perl in its handling of backtracking verbs in repeated
+groups. For example, consider:
+.sp
+  /(a(*COMMIT)b)+ac/
+.sp
+If the subject is "abac", Perl matches, but PCRE fails because the (*COMMIT) in
+the second repeat of the group acts.
+.
+.
+.\" HTML <a name="btassert"></a>
+.SS "Backtracking verbs in assertions"
+.rs
+.sp
+(*FAIL) in an assertion has its normal effect: it forces an immediate backtrack.
+.P
+(*ACCEPT) in a positive assertion causes the assertion to succeed without any
+further processing. In a negative assertion, (*ACCEPT) causes the assertion to
+fail without any further processing.
+.P
+The other backtracking verbs are not treated specially if they appear in a
+positive assertion. In particular, (*THEN) skips to the next alternative in the
+innermost enclosing group that has alternations, whether or not this is within
+the assertion.
+.P
+Negative assertions are, however, different, in order to ensure that changing a
+positive assertion into a negative assertion changes its result. Backtracking
+into (*COMMIT), (*SKIP), or (*PRUNE) causes a negative assertion to be true,
+without considering any further alternative branches in the assertion.
+Backtracking into (*THEN) causes it to skip to the next enclosing alternative
+within the assertion (the normal behaviour), but if the assertion does not have
+such an alternative, (*THEN) behaves like (*PRUNE).
+.
+.
+.\" HTML <a name="btsub"></a>
+.SS "Backtracking verbs in subroutines"
+.rs
+.sp
+These behaviours occur whether or not the subpattern is called recursively.
+Perl's treatment of subroutines is different in some cases.
+.P
+(*FAIL) in a subpattern called as a subroutine has its normal effect: it forces
+an immediate backtrack.
+.P
+(*ACCEPT) in a subpattern called as a subroutine causes the subroutine match to
+succeed without any further processing. Matching then continues after the
+subroutine call.
+.P
+(*COMMIT), (*SKIP), and (*PRUNE) in a subpattern called as a subroutine cause
+the subroutine match to fail.
+.P
+(*THEN) skips to the next alternative in the innermost enclosing group within
+the subpattern that has alternatives. If there is no such group within the
+subpattern, (*THEN) causes the subroutine match to fail.
+.
+.
+.SH "SEE ALSO"
+.rs
+.sp
+\fBpcreapi\fP(3), \fBpcrecallout\fP(3), \fBpcrematching\fP(3),
+\fBpcresyntax\fP(3), \fBpcre\fP(3), \fBpcre16(3)\fP, \fBpcre32(3)\fP.
+.
+.
+.SH AUTHOR
+.rs
+.sp
+.nf
+Philip Hazel
+University Computing Service
+Cambridge CB2 3QH, England.
+.fi
+.
+.
+.SH REVISION
+.rs
+.sp
+.nf
+Last updated: 23 October 2016
+Copyright (c) 1997-2016 University of Cambridge.
+.fi
diff --git a/client/3rd/ShadowSocks/ShadowSocks/pcre/arm64/share/man/man3/pcreperform.3 b/client/3rd/ShadowSocks/ShadowSocks/pcre/arm64/share/man/man3/pcreperform.3
new file mode 100644
index 00000000..fb2aa959
--- /dev/null
+++ b/client/3rd/ShadowSocks/ShadowSocks/pcre/arm64/share/man/man3/pcreperform.3
@@ -0,0 +1,177 @@
+.TH PCREPERFORM 3 "09 January 2012" "PCRE 8.30"
+.SH NAME
+PCRE - Perl-compatible regular expressions
+.SH "PCRE PERFORMANCE"
+.rs
+.sp
+Two aspects of performance are discussed below: memory usage and processing
+time. The way you express your pattern as a regular expression can affect both
+of them.
+.
+.SH "COMPILED PATTERN MEMORY USAGE"
+.rs
+.sp
+Patterns are compiled by PCRE into a reasonably efficient interpretive code, so
+that most simple patterns do not use much memory. However, there is one case
+where the memory usage of a compiled pattern can be unexpectedly large. If a
+parenthesized subpattern has a quantifier with a minimum greater than 1 and/or
+a limited maximum, the whole subpattern is repeated in the compiled code. For
+example, the pattern
+.sp
+  (abc|def){2,4}
+.sp
+is compiled as if it were
+.sp
+  (abc|def)(abc|def)((abc|def)(abc|def)?)?
+.sp
+(Technical aside: It is done this way so that backtrack points within each of
+the repetitions can be independently maintained.)
+.P
+For regular expressions whose quantifiers use only small numbers, this is not
+usually a problem. However, if the numbers are large, and particularly if such
+repetitions are nested, the memory usage can become an embarrassment. For
+example, the very simple pattern
+.sp
+  ((ab){1,1000}c){1,3}
+.sp
+uses 51K bytes when compiled using the 8-bit library. When PCRE is compiled
+with its default internal pointer size of two bytes, the size limit on a
+compiled pattern is 64K data units, and this is reached with the above pattern
+if the outer repetition is increased from 3 to 4. PCRE can be compiled to use
+larger internal pointers and thus handle larger compiled patterns, but it is
+better to try to rewrite your pattern to use less memory if you can.
+.P
+One way of reducing the memory usage for such patterns is to make use of PCRE's
+.\" HTML <a href="pcrepattern.html#subpatternsassubroutines">
+.\" </a>
+"subroutine"
+.\"
+facility. Re-writing the above pattern as
+.sp
+  ((ab)(?2){0,999}c)(?1){0,2}
+.sp
+reduces the memory requirements to 18K, and indeed it remains under 20K even
+with the outer repetition increased to 100. However, this pattern is not
+exactly equivalent, because the "subroutine" calls are treated as
+.\" HTML <a href="pcrepattern.html#atomicgroup">
+.\" </a>
+atomic groups
+.\"
+into which there can be no backtracking if there is a subsequent matching
+failure. Therefore, PCRE cannot do this kind of rewriting automatically.
+Furthermore, there is a noticeable loss of speed when executing the modified
+pattern. Nevertheless, if the atomic grouping is not a problem and the loss of
+speed is acceptable, this kind of rewriting will allow you to process patterns
+that PCRE cannot otherwise handle.
+.
+.
+.SH "STACK USAGE AT RUN TIME"
+.rs
+.sp
+When \fBpcre_exec()\fP or \fBpcre[16|32]_exec()\fP is used for matching, certain
+kinds of pattern can cause it to use large amounts of the process stack. In
+some environments the default process stack is quite small, and if it runs out
+the result is often SIGSEGV. This issue is probably the most frequently raised
+problem with PCRE. Rewriting your pattern can often help. The
+.\" HREF
+\fBpcrestack\fP
+.\"
+documentation discusses this issue in detail.
+.
+.
+.SH "PROCESSING TIME"
+.rs
+.sp
+Certain items in regular expression patterns are processed more efficiently
+than others. It is more efficient to use a character class like [aeiou] than a
+set of single-character alternatives such as (a|e|i|o|u). In general, the
+simplest construction that provides the required behaviour is usually the most
+efficient. Jeffrey Friedl's book contains a lot of useful general discussion
+about optimizing regular expressions for efficient performance. This document
+contains a few observations about PCRE.
+.P
+Using Unicode character properties (the \ep, \eP, and \eX escapes) is slow,
+because PCRE has to use a multi-stage table lookup whenever it needs a
+character's property. If you can find an alternative pattern that does not use
+character properties, it will probably be faster.
+.P
+By default, the escape sequences \eb, \ed, \es, and \ew, and the POSIX
+character classes such as [:alpha:] do not use Unicode properties, partly for
+backwards compatibility, and partly for performance reasons. However, you can
+set PCRE_UCP if you want Unicode character properties to be used. This can
+double the matching time for items such as \ed, when matched with
+a traditional matching function; the performance loss is less with
+a DFA matching function, and in both cases there is not much difference for
+\eb.
+.P
+When a pattern begins with .* not in parentheses, or in parentheses that are
+not the subject of a backreference, and the PCRE_DOTALL option is set, the
+pattern is implicitly anchored by PCRE, since it can match only at the start of
+a subject string. However, if PCRE_DOTALL is not set, PCRE cannot make this
+optimization, because the . metacharacter does not then match a newline, and if
+the subject string contains newlines, the pattern may match from the character
+immediately following one of them instead of from the very start. For example,
+the pattern
+.sp
+  .*second
+.sp
+matches the subject "first\enand second" (where \en stands for a newline
+character), with the match starting at the seventh character. In order to do
+this, PCRE has to retry the match starting after every newline in the subject.
+.P
+If you are using such a pattern with subject strings that do not contain
+newlines, the best performance is obtained by setting PCRE_DOTALL, or starting
+the pattern with ^.* or ^.*? to indicate explicit anchoring. That saves PCRE
+from having to scan along the subject looking for a newline to restart at.
+.P
+Beware of patterns that contain nested indefinite repeats. These can take a
+long time to run when applied to a string that does not match. Consider the
+pattern fragment
+.sp
+  ^(a+)*
+.sp
+This can match "aaaa" in 16 different ways, and this number increases very
+rapidly as the string gets longer. (The * repeat can match 0, 1, 2, 3, or 4
+times, and for each of those cases other than 0 or 4, the + repeats can match
+different numbers of times.) When the remainder of the pattern is such that the
+entire match is going to fail, PCRE has in principle to try every possible
+variation, and this can take an extremely long time, even for relatively short
+strings.
+.P
+An optimization catches some of the more simple cases such as
+.sp
+  (a+)*b
+.sp
+where a literal character follows. Before embarking on the standard matching
+procedure, PCRE checks that there is a "b" later in the subject string, and if
+there is not, it fails the match immediately. However, when there is no
+following literal this optimization cannot be used. You can see the difference
+by comparing the behaviour of
+.sp
+  (a+)*\ed
+.sp
+with the pattern above. The former gives a failure almost instantly when
+applied to a whole line of "a" characters, whereas the latter takes an
+appreciable time with strings longer than about 20 characters.
+.P
+In many cases, the solution to this kind of performance issue is to use an
+atomic group or a possessive quantifier.
+.
+.
+.SH AUTHOR
+.rs
+.sp
+.nf
+Philip Hazel
+University Computing Service
+Cambridge CB2 3QH, England.
+.fi
+.
+.
+.SH REVISION
+.rs
+.sp
+.nf
+Last updated: 25 August 2012
+Copyright (c) 1997-2012 University of Cambridge.
+.fi
diff --git a/client/3rd/ShadowSocks/ShadowSocks/pcre/arm64/share/man/man3/pcreposix.3 b/client/3rd/ShadowSocks/ShadowSocks/pcre/arm64/share/man/man3/pcreposix.3
new file mode 100644
index 00000000..77890f36
--- /dev/null
+++ b/client/3rd/ShadowSocks/ShadowSocks/pcre/arm64/share/man/man3/pcreposix.3
@@ -0,0 +1,267 @@
+.TH PCREPOSIX 3 "09 January 2012" "PCRE 8.30"
+.SH NAME
+PCRE - Perl-compatible regular expressions.
+.SH "SYNOPSIS"
+.rs
+.sp
+.B #include <pcreposix.h>
+.PP
+.nf
+.B int regcomp(regex_t *\fIpreg\fP, const char *\fIpattern\fP,
+.B "     int \fIcflags\fP);"
+.sp
+.B int regexec(regex_t *\fIpreg\fP, const char *\fIstring\fP,
+.B "     size_t \fInmatch\fP, regmatch_t \fIpmatch\fP[], int \fIeflags\fP);"
+.B "     size_t regerror(int \fIerrcode\fP, const regex_t *\fIpreg\fP,"
+.B "     char *\fIerrbuf\fP, size_t \fIerrbuf_size\fP);"
+.sp
+.B void regfree(regex_t *\fIpreg\fP);
+.fi
+.
+.SH DESCRIPTION
+.rs
+.sp
+This set of functions provides a POSIX-style API for the PCRE regular
+expression 8-bit library. See the
+.\" HREF
+\fBpcreapi\fP
+.\"
+documentation for a description of PCRE's native API, which contains much
+additional functionality. There is no POSIX-style wrapper for PCRE's 16-bit
+and 32-bit library.
+.P
+The functions described here are just wrapper functions that ultimately call
+the PCRE native API. Their prototypes are defined in the \fBpcreposix.h\fP
+header file, and on Unix systems the library itself is called
+\fBpcreposix.a\fP, so can be accessed by adding \fB-lpcreposix\fP to the
+command for linking an application that uses them. Because the POSIX functions
+call the native ones, it is also necessary to add \fB-lpcre\fP.
+.P
+I have implemented only those POSIX option bits that can be reasonably mapped
+to PCRE native options. In addition, the option REG_EXTENDED is defined with
+the value zero. This has no effect, but since programs that are written to the
+POSIX interface often use it, this makes it easier to slot in PCRE as a
+replacement library. Other POSIX options are not even defined.
+.P
+There are also some other options that are not defined by POSIX. These have
+been added at the request of users who want to make use of certain
+PCRE-specific features via the POSIX calling interface.
+.P
+When PCRE is called via these functions, it is only the API that is POSIX-like
+in style. The syntax and semantics of the regular expressions themselves are
+still those of Perl, subject to the setting of various PCRE options, as
+described below. "POSIX-like in style" means that the API approximates to the
+POSIX definition; it is not fully POSIX-compatible, and in multi-byte encoding
+domains it is probably even less compatible.
+.P
+The header for these functions is supplied as \fBpcreposix.h\fP to avoid any
+potential clash with other POSIX libraries. It can, of course, be renamed or
+aliased as \fBregex.h\fP, which is the "correct" name. It provides two
+structure types, \fIregex_t\fP for compiled internal forms, and
+\fIregmatch_t\fP for returning captured substrings. It also defines some
+constants whose names start with "REG_"; these are used for setting options and
+identifying error codes.
+.
+.
+.SH "COMPILING A PATTERN"
+.rs
+.sp
+The function \fBregcomp()\fP is called to compile a pattern into an
+internal form. The pattern is a C string terminated by a binary zero, and
+is passed in the argument \fIpattern\fP. The \fIpreg\fP argument is a pointer
+to a \fBregex_t\fP structure that is used as a base for storing information
+about the compiled regular expression.
+.P
+The argument \fIcflags\fP is either zero, or contains one or more of the bits
+defined by the following macros:
+.sp
+  REG_DOTALL
+.sp
+The PCRE_DOTALL option is set when the regular expression is passed for
+compilation to the native function. Note that REG_DOTALL is not part of the
+POSIX standard.
+.sp
+  REG_ICASE
+.sp
+The PCRE_CASELESS option is set when the regular expression is passed for
+compilation to the native function.
+.sp
+  REG_NEWLINE
+.sp
+The PCRE_MULTILINE option is set when the regular expression is passed for
+compilation to the native function. Note that this does \fInot\fP mimic the
+defined POSIX behaviour for REG_NEWLINE (see the following section).
+.sp
+  REG_NOSUB
+.sp
+The PCRE_NO_AUTO_CAPTURE option is set when the regular expression is passed
+for compilation to the native function. In addition, when a pattern that is
+compiled with this flag is passed to \fBregexec()\fP for matching, the
+\fInmatch\fP and \fIpmatch\fP arguments are ignored, and no captured strings
+are returned.
+.sp
+  REG_UCP
+.sp
+The PCRE_UCP option is set when the regular expression is passed for
+compilation to the native function. This causes PCRE to use Unicode properties
+when matchine \ed, \ew, etc., instead of just recognizing ASCII values. Note
+that REG_UTF8 is not part of the POSIX standard.
+.sp
+  REG_UNGREEDY
+.sp
+The PCRE_UNGREEDY option is set when the regular expression is passed for
+compilation to the native function. Note that REG_UNGREEDY is not part of the
+POSIX standard.
+.sp
+  REG_UTF8
+.sp
+The PCRE_UTF8 option is set when the regular expression is passed for
+compilation to the native function. This causes the pattern itself and all data
+strings used for matching it to be treated as UTF-8 strings. Note that REG_UTF8
+is not part of the POSIX standard.
+.P
+In the absence of these flags, no options are passed to the native function.
+This means the the regex is compiled with PCRE default semantics. In
+particular, the way it handles newline characters in the subject string is the
+Perl way, not the POSIX way. Note that setting PCRE_MULTILINE has only
+\fIsome\fP of the effects specified for REG_NEWLINE. It does not affect the way
+newlines are matched by . (they are not) or by a negative class such as [^a]
+(they are).
+.P
+The yield of \fBregcomp()\fP is zero on success, and non-zero otherwise. The
+\fIpreg\fP structure is filled in on success, and one member of the structure
+is public: \fIre_nsub\fP contains the number of capturing subpatterns in
+the regular expression. Various error codes are defined in the header file.
+.P
+NOTE: If the yield of \fBregcomp()\fP is non-zero, you must not attempt to
+use the contents of the \fIpreg\fP structure. If, for example, you pass it to
+\fBregexec()\fP, the result is undefined and your program is likely to crash.
+.
+.
+.SH "MATCHING NEWLINE CHARACTERS"
+.rs
+.sp
+This area is not simple, because POSIX and Perl take different views of things.
+It is not possible to get PCRE to obey POSIX semantics, but then PCRE was never
+intended to be a POSIX engine. The following table lists the different
+possibilities for matching newline characters in PCRE:
+.sp
+                          Default   Change with
+.sp
+  . matches newline          no     PCRE_DOTALL
+  newline matches [^a]       yes    not changeable
+  $ matches \en at end        yes    PCRE_DOLLARENDONLY
+  $ matches \en in middle     no     PCRE_MULTILINE
+  ^ matches \en in middle     no     PCRE_MULTILINE
+.sp
+This is the equivalent table for POSIX:
+.sp
+                          Default   Change with
+.sp
+  . matches newline          yes    REG_NEWLINE
+  newline matches [^a]       yes    REG_NEWLINE
+  $ matches \en at end        no     REG_NEWLINE
+  $ matches \en in middle     no     REG_NEWLINE
+  ^ matches \en in middle     no     REG_NEWLINE
+.sp
+PCRE's behaviour is the same as Perl's, except that there is no equivalent for
+PCRE_DOLLAR_ENDONLY in Perl. In both PCRE and Perl, there is no way to stop
+newline from matching [^a].
+.P
+The default POSIX newline handling can be obtained by setting PCRE_DOTALL and
+PCRE_DOLLAR_ENDONLY, but there is no way to make PCRE behave exactly as for the
+REG_NEWLINE action.
+.
+.
+.SH "MATCHING A PATTERN"
+.rs
+.sp
+The function \fBregexec()\fP is called to match a compiled pattern \fIpreg\fP
+against a given \fIstring\fP, which is by default terminated by a zero byte
+(but see REG_STARTEND below), subject to the options in \fIeflags\fP. These can
+be:
+.sp
+  REG_NOTBOL
+.sp
+The PCRE_NOTBOL option is set when calling the underlying PCRE matching
+function.
+.sp
+  REG_NOTEMPTY
+.sp
+The PCRE_NOTEMPTY option is set when calling the underlying PCRE matching
+function. Note that REG_NOTEMPTY is not part of the POSIX standard. However,
+setting this option can give more POSIX-like behaviour in some situations.
+.sp
+  REG_NOTEOL
+.sp
+The PCRE_NOTEOL option is set when calling the underlying PCRE matching
+function.
+.sp
+  REG_STARTEND
+.sp
+The string is considered to start at \fIstring\fP + \fIpmatch[0].rm_so\fP and
+to have a terminating NUL located at \fIstring\fP + \fIpmatch[0].rm_eo\fP
+(there need not actually be a NUL at that location), regardless of the value of
+\fInmatch\fP. This is a BSD extension, compatible with but not specified by
+IEEE Standard 1003.2 (POSIX.2), and should be used with caution in software
+intended to be portable to other systems. Note that a non-zero \fIrm_so\fP does
+not imply REG_NOTBOL; REG_STARTEND affects only the location of the string, not
+how it is matched.
+.P
+If the pattern was compiled with the REG_NOSUB flag, no data about any matched
+strings is returned. The \fInmatch\fP and \fIpmatch\fP arguments of
+\fBregexec()\fP are ignored.
+.P
+If the value of \fInmatch\fP is zero, or if the value \fIpmatch\fP is NULL,
+no data about any matched strings is returned.
+.P
+Otherwise,the portion of the string that was matched, and also any captured
+substrings, are returned via the \fIpmatch\fP argument, which points to an
+array of \fInmatch\fP structures of type \fIregmatch_t\fP, containing the
+members \fIrm_so\fP and \fIrm_eo\fP. These contain the offset to the first
+character of each substring and the offset to the first character after the end
+of each substring, respectively. The 0th element of the vector relates to the
+entire portion of \fIstring\fP that was matched; subsequent elements relate to
+the capturing subpatterns of the regular expression. Unused entries in the
+array have both structure members set to -1.
+.P
+A successful match yields a zero return; various error codes are defined in the
+header file, of which REG_NOMATCH is the "expected" failure code.
+.
+.
+.SH "ERROR MESSAGES"
+.rs
+.sp
+The \fBregerror()\fP function maps a non-zero errorcode from either
+\fBregcomp()\fP or \fBregexec()\fP to a printable message. If \fIpreg\fP is not
+NULL, the error should have arisen from the use of that structure. A message
+terminated by a binary zero is placed in \fIerrbuf\fP. The length of the
+message, including the zero, is limited to \fIerrbuf_size\fP. The yield of the
+function is the size of buffer needed to hold the whole message.
+.
+.
+.SH MEMORY USAGE
+.rs
+.sp
+Compiling a regular expression causes memory to be allocated and associated
+with the \fIpreg\fP structure. The function \fBregfree()\fP frees all such
+memory, after which \fIpreg\fP may no longer be used as a compiled expression.
+.
+.
+.SH AUTHOR
+.rs
+.sp
+.nf
+Philip Hazel
+University Computing Service
+Cambridge CB2 3QH, England.
+.fi
+.
+.
+.SH REVISION
+.rs
+.sp
+.nf
+Last updated: 09 January 2012
+Copyright (c) 1997-2012 University of Cambridge.
+.fi
diff --git a/client/3rd/ShadowSocks/ShadowSocks/pcre/arm64/share/man/man3/pcreprecompile.3 b/client/3rd/ShadowSocks/ShadowSocks/pcre/arm64/share/man/man3/pcreprecompile.3
new file mode 100644
index 00000000..40f257a9
--- /dev/null
+++ b/client/3rd/ShadowSocks/ShadowSocks/pcre/arm64/share/man/man3/pcreprecompile.3
@@ -0,0 +1,155 @@
+.TH PCREPRECOMPILE 3 "12 November 2013" "PCRE 8.34"
+.SH NAME
+PCRE - Perl-compatible regular expressions
+.SH "SAVING AND RE-USING PRECOMPILED PCRE PATTERNS"
+.rs
+.sp
+If you are running an application that uses a large number of regular
+expression patterns, it may be useful to store them in a precompiled form
+instead of having to compile them every time the application is run.
+If you are not using any private character tables (see the
+.\" HREF
+\fBpcre_maketables()\fP
+.\"
+documentation), this is relatively straightforward. If you are using private
+tables, it is a little bit more complicated. However, if you are using the
+just-in-time optimization feature, it is not possible to save and reload the
+JIT data.
+.P
+If you save compiled patterns to a file, you can copy them to a different host
+and run them there. If the two hosts have different endianness (byte order),
+you should run the \fBpcre[16|32]_pattern_to_host_byte_order()\fP function on the
+new host before trying to match the pattern. The matching functions return
+PCRE_ERROR_BADENDIANNESS if they detect a pattern with the wrong endianness.
+.P
+Compiling regular expressions with one version of PCRE for use with a different
+version is not guaranteed to work and may cause crashes, and saving and
+restoring a compiled pattern loses any JIT optimization data.
+.
+.
+.SH "SAVING A COMPILED PATTERN"
+.rs
+.sp
+The value returned by \fBpcre[16|32]_compile()\fP points to a single block of
+memory that holds the compiled pattern and associated data. You can find the
+length of this block in bytes by calling \fBpcre[16|32]_fullinfo()\fP with an
+argument of PCRE_INFO_SIZE. You can then save the data in any appropriate
+manner. Here is sample code for the 8-bit library that compiles a pattern and
+writes it to a file. It assumes that the variable \fIfd\fP refers to a file
+that is open for output:
+.sp
+  int erroroffset, rc, size;
+  char *error;
+  pcre *re;
+.sp
+  re = pcre_compile("my pattern", 0, &error, &erroroffset, NULL);
+  if (re == NULL) { ... handle errors ... }
+  rc = pcre_fullinfo(re, NULL, PCRE_INFO_SIZE, &size);
+  if (rc < 0) { ... handle errors ... }
+  rc = fwrite(re, 1, size, fd);
+  if (rc != size) { ... handle errors ... }
+.sp
+In this example, the bytes that comprise the compiled pattern are copied
+exactly. Note that this is binary data that may contain any of the 256 possible
+byte values. On systems that make a distinction between binary and non-binary
+data, be sure that the file is opened for binary output.
+.P
+If you want to write more than one pattern to a file, you will have to devise a
+way of separating them. For binary data, preceding each pattern with its length
+is probably the most straightforward approach. Another possibility is to write
+out the data in hexadecimal instead of binary, one pattern to a line.
+.P
+Saving compiled patterns in a file is only one possible way of storing them for
+later use. They could equally well be saved in a database, or in the memory of
+some daemon process that passes them via sockets to the processes that want
+them.
+.P
+If the pattern has been studied, it is also possible to save the normal study
+data in a similar way to the compiled pattern itself. However, if the
+PCRE_STUDY_JIT_COMPILE was used, the just-in-time data that is created cannot
+be saved because it is too dependent on the current environment. When studying
+generates additional information, \fBpcre[16|32]_study()\fP returns a pointer to a
+\fBpcre[16|32]_extra\fP data block. Its format is defined in the
+.\" HTML <a href="pcreapi.html#extradata">
+.\" </a>
+section on matching a pattern
+.\"
+in the
+.\" HREF
+\fBpcreapi\fP
+.\"
+documentation. The \fIstudy_data\fP field points to the binary study data, and
+this is what you must save (not the \fBpcre[16|32]_extra\fP block itself). The
+length of the study data can be obtained by calling \fBpcre[16|32]_fullinfo()\fP
+with an argument of PCRE_INFO_STUDYSIZE. Remember to check that
+\fBpcre[16|32]_study()\fP did return a non-NULL value before trying to save the
+study data.
+.
+.
+.SH "RE-USING A PRECOMPILED PATTERN"
+.rs
+.sp
+Re-using a precompiled pattern is straightforward. Having reloaded it into main
+memory, called \fBpcre[16|32]_pattern_to_host_byte_order()\fP if necessary, you
+pass its pointer to \fBpcre[16|32]_exec()\fP or \fBpcre[16|32]_dfa_exec()\fP in
+the usual way.
+.P
+However, if you passed a pointer to custom character tables when the pattern
+was compiled (the \fItableptr\fP argument of \fBpcre[16|32]_compile()\fP), you
+must now pass a similar pointer to \fBpcre[16|32]_exec()\fP or
+\fBpcre[16|32]_dfa_exec()\fP, because the value saved with the compiled pattern
+will obviously be nonsense. A field in a \fBpcre[16|32]_extra()\fP block is used
+to pass this data, as described in the
+.\" HTML <a href="pcreapi.html#extradata">
+.\" </a>
+section on matching a pattern
+.\"
+in the
+.\" HREF
+\fBpcreapi\fP
+.\"
+documentation.
+.P
+\fBWarning:\fP The tables that \fBpcre_exec()\fP and \fBpcre_dfa_exec()\fP use
+must be the same as those that were used when the pattern was compiled. If this
+is not the case, the behaviour is undefined.
+.P
+If you did not provide custom character tables when the pattern was compiled,
+the pointer in the compiled pattern is NULL, which causes the matching
+functions to use PCRE's internal tables. Thus, you do not need to take any
+special action at run time in this case.
+.P
+If you saved study data with the compiled pattern, you need to create your own
+\fBpcre[16|32]_extra\fP data block and set the \fIstudy_data\fP field to point
+to the reloaded study data. You must also set the PCRE_EXTRA_STUDY_DATA bit in
+the \fIflags\fP field to indicate that study data is present. Then pass the
+\fBpcre[16|32]_extra\fP block to the matching function in the usual way. If the
+pattern was studied for just-in-time optimization, that data cannot be saved,
+and so is lost by a save/restore cycle.
+.
+.
+.SH "COMPATIBILITY WITH DIFFERENT PCRE RELEASES"
+.rs
+.sp
+In general, it is safest to recompile all saved patterns when you update to a
+new PCRE release, though not all updates actually require this.
+.
+.
+.
+.SH AUTHOR
+.rs
+.sp
+.nf
+Philip Hazel
+University Computing Service
+Cambridge CB2 3QH, England.
+.fi
+.
+.
+.SH REVISION
+.rs
+.sp
+.nf
+Last updated: 12 November 2013
+Copyright (c) 1997-2013 University of Cambridge.
+.fi
diff --git a/client/3rd/ShadowSocks/ShadowSocks/pcre/arm64/share/man/man3/pcresample.3 b/client/3rd/ShadowSocks/ShadowSocks/pcre/arm64/share/man/man3/pcresample.3
new file mode 100644
index 00000000..d7fe7ec5
--- /dev/null
+++ b/client/3rd/ShadowSocks/ShadowSocks/pcre/arm64/share/man/man3/pcresample.3
@@ -0,0 +1,99 @@
+.TH PCRESAMPLE 3 "10 January 2012" "PCRE 8.30"
+.SH NAME
+PCRE - Perl-compatible regular expressions
+.SH "PCRE SAMPLE PROGRAM"
+.rs
+.sp
+A simple, complete demonstration program, to get you started with using PCRE,
+is supplied in the file \fIpcredemo.c\fP in the PCRE distribution. A listing of
+this program is given in the
+.\" HREF
+\fBpcredemo\fP
+.\"
+documentation. If you do not have a copy of the PCRE distribution, you can save
+this listing to re-create \fIpcredemo.c\fP.
+.P
+The demonstration program, which uses the original PCRE 8-bit library, compiles
+the regular expression that is its first argument, and matches it against the
+subject string in its second argument. No PCRE options are set, and default
+character tables are used. If matching succeeds, the program outputs the
+portion of the subject that matched, together with the contents of any captured
+substrings.
+.P
+If the -g option is given on the command line, the program then goes on to
+check for further matches of the same regular expression in the same subject
+string. The logic is a little bit tricky because of the possibility of matching
+an empty string. Comments in the code explain what is going on.
+.P
+If PCRE is installed in the standard include and library directories for your
+operating system, you should be able to compile the demonstration program using
+this command:
+.sp
+  gcc -o pcredemo pcredemo.c -lpcre
+.sp
+If PCRE is installed elsewhere, you may need to add additional options to the
+command line. For example, on a Unix-like system that has PCRE installed in
+\fI/usr/local\fP, you can compile the demonstration program using a command
+like this:
+.sp
+.\" JOINSH
+  gcc -o pcredemo -I/usr/local/include pcredemo.c \e
+      -L/usr/local/lib -lpcre
+.sp
+In a Windows environment, if you want to statically link the program against a
+non-dll \fBpcre.a\fP file, you must uncomment the line that defines PCRE_STATIC
+before including \fBpcre.h\fP, because otherwise the \fBpcre_malloc()\fP and
+\fBpcre_free()\fP exported functions will be declared
+\fB__declspec(dllimport)\fP, with unwanted results.
+.P
+Once you have compiled and linked the demonstration program, you can run simple
+tests like this:
+.sp
+  ./pcredemo 'cat|dog' 'the cat sat on the mat'
+  ./pcredemo -g 'cat|dog' 'the dog sat on the cat'
+.sp
+Note that there is a much more comprehensive test program, called
+.\" HREF
+\fBpcretest\fP,
+.\"
+which supports many more facilities for testing regular expressions and both
+PCRE libraries. The
+.\" HREF
+\fBpcredemo\fP
+.\"
+program is provided as a simple coding example.
+.P
+If you try to run
+.\" HREF
+\fBpcredemo\fP
+.\"
+when PCRE is not installed in the standard library directory, you may get an
+error like this on some operating systems (e.g. Solaris):
+.sp
+  ld.so.1: a.out: fatal: libpcre.so.0: open failed: No such file or directory
+.sp
+This is caused by the way shared library support works on those systems. You
+need to add
+.sp
+  -R/usr/local/lib
+.sp
+(for example) to the compile command to get round this problem.
+.
+.
+.SH AUTHOR
+.rs
+.sp
+.nf
+Philip Hazel
+University Computing Service
+Cambridge CB2 3QH, England.
+.fi
+.
+.
+.SH REVISION
+.rs
+.sp
+.nf
+Last updated: 10 January 2012
+Copyright (c) 1997-2012 University of Cambridge.
+.fi
diff --git a/client/3rd/ShadowSocks/ShadowSocks/pcre/arm64/share/man/man3/pcrestack.3 b/client/3rd/ShadowSocks/ShadowSocks/pcre/arm64/share/man/man3/pcrestack.3
new file mode 100644
index 00000000..798f0bca
--- /dev/null
+++ b/client/3rd/ShadowSocks/ShadowSocks/pcre/arm64/share/man/man3/pcrestack.3
@@ -0,0 +1,215 @@
+.TH PCRESTACK 3 "24 June 2012" "PCRE 8.30"
+.SH NAME
+PCRE - Perl-compatible regular expressions
+.SH "PCRE DISCUSSION OF STACK USAGE"
+.rs
+.sp
+When you call \fBpcre[16|32]_exec()\fP, it makes use of an internal function
+called \fBmatch()\fP. This calls itself recursively at branch points in the
+pattern, in order to remember the state of the match so that it can back up and
+try a different alternative if the first one fails. As matching proceeds deeper
+and deeper into the tree of possibilities, the recursion depth increases. The
+\fBmatch()\fP function is also called in other circumstances, for example,
+whenever a parenthesized sub-pattern is entered, and in certain cases of
+repetition.
+.P
+Not all calls of \fBmatch()\fP increase the recursion depth; for an item such
+as a* it may be called several times at the same level, after matching
+different numbers of a's. Furthermore, in a number of cases where the result of
+the recursive call would immediately be passed back as the result of the
+current call (a "tail recursion"), the function is just restarted instead.
+.P
+The above comments apply when \fBpcre[16|32]_exec()\fP is run in its normal
+interpretive manner. If the pattern was studied with the
+PCRE_STUDY_JIT_COMPILE option, and just-in-time compiling was successful, and
+the options passed to \fBpcre[16|32]_exec()\fP were not incompatible, the matching
+process uses the JIT-compiled code instead of the \fBmatch()\fP function. In
+this case, the memory requirements are handled entirely differently. See the
+.\" HREF
+\fBpcrejit\fP
+.\"
+documentation for details.
+.P
+The \fBpcre[16|32]_dfa_exec()\fP function operates in an entirely different way,
+and uses recursion only when there is a regular expression recursion or
+subroutine call in the pattern. This includes the processing of assertion and
+"once-only" subpatterns, which are handled like subroutine calls. Normally,
+these are never very deep, and the limit on the complexity of
+\fBpcre[16|32]_dfa_exec()\fP is controlled by the amount of workspace it is given.
+However, it is possible to write patterns with runaway infinite recursions;
+such patterns will cause \fBpcre[16|32]_dfa_exec()\fP to run out of stack. At
+present, there is no protection against this.
+.P
+The comments that follow do NOT apply to \fBpcre[16|32]_dfa_exec()\fP; they are
+relevant only for \fBpcre[16|32]_exec()\fP without the JIT optimization.
+.
+.
+.SS "Reducing \fBpcre[16|32]_exec()\fP's stack usage"
+.rs
+.sp
+Each time that \fBmatch()\fP is actually called recursively, it uses memory
+from the process stack. For certain kinds of pattern and data, very large
+amounts of stack may be needed, despite the recognition of "tail recursion".
+You can often reduce the amount of recursion, and therefore the amount of stack
+used, by modifying the pattern that is being matched. Consider, for example,
+this pattern:
+.sp
+  ([^<]|<(?!inet))+
+.sp
+It matches from wherever it starts until it encounters "<inet" or the end of
+the data, and is the kind of pattern that might be used when processing an XML
+file. Each iteration of the outer parentheses matches either one character that
+is not "<" or a "<" that is not followed by "inet". However, each time a
+parenthesis is processed, a recursion occurs, so this formulation uses a stack
+frame for each matched character. For a long string, a lot of stack is
+required. Consider now this rewritten pattern, which matches exactly the same
+strings:
+.sp
+  ([^<]++|<(?!inet))+
+.sp
+This uses very much less stack, because runs of characters that do not contain
+"<" are "swallowed" in one item inside the parentheses. Recursion happens only
+when a "<" character that is not followed by "inet" is encountered (and we
+assume this is relatively rare). A possessive quantifier is used to stop any
+backtracking into the runs of non-"<" characters, but that is not related to
+stack usage.
+.P
+This example shows that one way of avoiding stack problems when matching long
+subject strings is to write repeated parenthesized subpatterns to match more
+than one character whenever possible.
+.
+.
+.SS "Compiling PCRE to use heap instead of stack for \fBpcre[16|32]_exec()\fP"
+.rs
+.sp
+In environments where stack memory is constrained, you might want to compile
+PCRE to use heap memory instead of stack for remembering back-up points when
+\fBpcre[16|32]_exec()\fP is running. This makes it run a lot more slowly, however.
+Details of how to do this are given in the
+.\" HREF
+\fBpcrebuild\fP
+.\"
+documentation. When built in this way, instead of using the stack, PCRE obtains
+and frees memory by calling the functions that are pointed to by the
+\fBpcre[16|32]_stack_malloc\fP and \fBpcre[16|32]_stack_free\fP variables. By
+default, these point to \fBmalloc()\fP and \fBfree()\fP, but you can replace
+the pointers to cause PCRE to use your own functions. Since the block sizes are
+always the same, and are always freed in reverse order, it may be possible to
+implement customized memory handlers that are more efficient than the standard
+functions.
+.
+.
+.SS "Limiting \fBpcre[16|32]_exec()\fP's stack usage"
+.rs
+.sp
+You can set limits on the number of times that \fBmatch()\fP is called, both in
+total and recursively. If a limit is exceeded, \fBpcre[16|32]_exec()\fP returns an
+error code. Setting suitable limits should prevent it from running out of
+stack. The default values of the limits are very large, and unlikely ever to
+operate. They can be changed when PCRE is built, and they can also be set when
+\fBpcre[16|32]_exec()\fP is called. For details of these interfaces, see the
+.\" HREF
+\fBpcrebuild\fP
+.\"
+documentation and the
+.\" HTML <a href="pcreapi.html#extradata">
+.\" </a>
+section on extra data for \fBpcre[16|32]_exec()\fP
+.\"
+in the
+.\" HREF
+\fBpcreapi\fP
+.\"
+documentation.
+.P
+As a very rough rule of thumb, you should reckon on about 500 bytes per
+recursion. Thus, if you want to limit your stack usage to 8Mb, you should set
+the limit at 16000 recursions. A 64Mb stack, on the other hand, can support
+around 128000 recursions.
+.P
+In Unix-like environments, the \fBpcretest\fP test program has a command line
+option (\fB-S\fP) that can be used to increase the size of its stack. As long
+as the stack is large enough, another option (\fB-M\fP) can be used to find the
+smallest limits that allow a particular pattern to match a given subject
+string. This is done by calling \fBpcre[16|32]_exec()\fP repeatedly with different
+limits.
+.
+.
+.SS "Obtaining an estimate of stack usage"
+.rs
+.sp
+The actual amount of stack used per recursion can vary quite a lot, depending
+on the compiler that was used to build PCRE and the optimization or debugging
+options that were set for it. The rule of thumb value of 500 bytes mentioned
+above may be larger or smaller than what is actually needed. A better
+approximation can be obtained by running this command:
+.sp
+  pcretest -m -C
+.sp
+The \fB-C\fP option causes \fBpcretest\fP to output information about the
+options with which PCRE was compiled. When \fB-m\fP is also given (before
+\fB-C\fP), information about stack use is given in a line like this:
+.sp
+  Match recursion uses stack: approximate frame size = 640 bytes
+.sp
+The value is approximate because some recursions need a bit more (up to perhaps
+16 more bytes).
+.P
+If the above command is given when PCRE is compiled to use the heap instead of
+the stack for recursion, the value that is output is the size of each block
+that is obtained from the heap.
+.
+.
+.SS "Changing stack size in Unix-like systems"
+.rs
+.sp
+In Unix-like environments, there is not often a problem with the stack unless
+very long strings are involved, though the default limit on stack size varies
+from system to system. Values from 8Mb to 64Mb are common. You can find your
+default limit by running the command:
+.sp
+  ulimit -s
+.sp
+Unfortunately, the effect of running out of stack is often SIGSEGV, though
+sometimes a more explicit error message is given. You can normally increase the
+limit on stack size by code such as this:
+.sp
+  struct rlimit rlim;
+  getrlimit(RLIMIT_STACK, &rlim);
+  rlim.rlim_cur = 100*1024*1024;
+  setrlimit(RLIMIT_STACK, &rlim);
+.sp
+This reads the current limits (soft and hard) using \fBgetrlimit()\fP, then
+attempts to increase the soft limit to 100Mb using \fBsetrlimit()\fP. You must
+do this before calling \fBpcre[16|32]_exec()\fP.
+.
+.
+.SS "Changing stack size in Mac OS X"
+.rs
+.sp
+Using \fBsetrlimit()\fP, as described above, should also work on Mac OS X. It
+is also possible to set a stack size when linking a program. There is a
+discussion about stack sizes in Mac OS X at this web site:
+.\" HTML <a href="http://developer.apple.com/qa/qa2005/qa1419.html">
+.\" </a>
+http://developer.apple.com/qa/qa2005/qa1419.html.
+.\"
+.
+.
+.SH AUTHOR
+.rs
+.sp
+.nf
+Philip Hazel
+University Computing Service
+Cambridge CB2 3QH, England.
+.fi
+.
+.
+.SH REVISION
+.rs
+.sp
+.nf
+Last updated: 24 June 2012
+Copyright (c) 1997-2012 University of Cambridge.
+.fi
diff --git a/client/3rd/ShadowSocks/ShadowSocks/pcre/arm64/share/man/man3/pcresyntax.3 b/client/3rd/ShadowSocks/ShadowSocks/pcre/arm64/share/man/man3/pcresyntax.3
new file mode 100644
index 00000000..0850369f
--- /dev/null
+++ b/client/3rd/ShadowSocks/ShadowSocks/pcre/arm64/share/man/man3/pcresyntax.3
@@ -0,0 +1,540 @@
+.TH PCRESYNTAX 3 "08 January 2014" "PCRE 8.35"
+.SH NAME
+PCRE - Perl-compatible regular expressions
+.SH "PCRE REGULAR EXPRESSION SYNTAX SUMMARY"
+.rs
+.sp
+The full syntax and semantics of the regular expressions that are supported by
+PCRE are described in the
+.\" HREF
+\fBpcrepattern\fP
+.\"
+documentation. This document contains a quick-reference summary of the syntax.
+.
+.
+.SH "QUOTING"
+.rs
+.sp
+  \ex         where x is non-alphanumeric is a literal x
+  \eQ...\eE    treat enclosed characters as literal
+.
+.
+.SH "CHARACTERS"
+.rs
+.sp
+  \ea         alarm, that is, the BEL character (hex 07)
+  \ecx        "control-x", where x is any ASCII character
+  \ee         escape (hex 1B)
+  \ef         form feed (hex 0C)
+  \en         newline (hex 0A)
+  \er         carriage return (hex 0D)
+  \et         tab (hex 09)
+  \e0dd       character with octal code 0dd
+  \eddd       character with octal code ddd, or backreference
+  \eo{ddd..}  character with octal code ddd..
+  \exhh       character with hex code hh
+  \ex{hhh..}  character with hex code hhh..
+.sp
+Note that \e0dd is always an octal code, and that \e8 and \e9 are the literal
+characters "8" and "9".
+.
+.
+.SH "CHARACTER TYPES"
+.rs
+.sp
+  .          any character except newline;
+               in dotall mode, any character whatsoever
+  \eC         one data unit, even in UTF mode (best avoided)
+  \ed         a decimal digit
+  \eD         a character that is not a decimal digit
+  \eh         a horizontal white space character
+  \eH         a character that is not a horizontal white space character
+  \eN         a character that is not a newline
+  \ep{\fIxx\fP}     a character with the \fIxx\fP property
+  \eP{\fIxx\fP}     a character without the \fIxx\fP property
+  \eR         a newline sequence
+  \es         a white space character
+  \eS         a character that is not a white space character
+  \ev         a vertical white space character
+  \eV         a character that is not a vertical white space character
+  \ew         a "word" character
+  \eW         a "non-word" character
+  \eX         a Unicode extended grapheme cluster
+.sp
+By default, \ed, \es, and \ew match only ASCII characters, even in UTF-8 mode
+or in the 16- bit and 32-bit libraries. However, if locale-specific matching is
+happening, \es and \ew may also match characters with code points in the range
+128-255. If the PCRE_UCP option is set, the behaviour of these escape sequences
+is changed to use Unicode properties and they match many more characters.
+.
+.
+.SH "GENERAL CATEGORY PROPERTIES FOR \ep and \eP"
+.rs
+.sp
+  C          Other
+  Cc         Control
+  Cf         Format
+  Cn         Unassigned
+  Co         Private use
+  Cs         Surrogate
+.sp
+  L          Letter
+  Ll         Lower case letter
+  Lm         Modifier letter
+  Lo         Other letter
+  Lt         Title case letter
+  Lu         Upper case letter
+  L&         Ll, Lu, or Lt
+.sp
+  M          Mark
+  Mc         Spacing mark
+  Me         Enclosing mark
+  Mn         Non-spacing mark
+.sp
+  N          Number
+  Nd         Decimal number
+  Nl         Letter number
+  No         Other number
+.sp
+  P          Punctuation
+  Pc         Connector punctuation
+  Pd         Dash punctuation
+  Pe         Close punctuation
+  Pf         Final punctuation
+  Pi         Initial punctuation
+  Po         Other punctuation
+  Ps         Open punctuation
+.sp
+  S          Symbol
+  Sc         Currency symbol
+  Sk         Modifier symbol
+  Sm         Mathematical symbol
+  So         Other symbol
+.sp
+  Z          Separator
+  Zl         Line separator
+  Zp         Paragraph separator
+  Zs         Space separator
+.
+.
+.SH "PCRE SPECIAL CATEGORY PROPERTIES FOR \ep and \eP"
+.rs
+.sp
+  Xan        Alphanumeric: union of properties L and N
+  Xps        POSIX space: property Z or tab, NL, VT, FF, CR
+  Xsp        Perl space: property Z or tab, NL, VT, FF, CR
+  Xuc        Univerally-named character: one that can be
+               represented by a Universal Character Name
+  Xwd        Perl word: property Xan or underscore
+.sp
+Perl and POSIX space are now the same. Perl added VT to its space character set
+at release 5.18 and PCRE changed at release 8.34.
+.
+.
+.SH "SCRIPT NAMES FOR \ep AND \eP"
+.rs
+.sp
+Arabic,
+Armenian,
+Avestan,
+Balinese,
+Bamum,
+Bassa_Vah,
+Batak,
+Bengali,
+Bopomofo,
+Brahmi,
+Braille,
+Buginese,
+Buhid,
+Canadian_Aboriginal,
+Carian,
+Caucasian_Albanian,
+Chakma,
+Cham,
+Cherokee,
+Common,
+Coptic,
+Cuneiform,
+Cypriot,
+Cyrillic,
+Deseret,
+Devanagari,
+Duployan,
+Egyptian_Hieroglyphs,
+Elbasan,
+Ethiopic,
+Georgian,
+Glagolitic,
+Gothic,
+Grantha,
+Greek,
+Gujarati,
+Gurmukhi,
+Han,
+Hangul,
+Hanunoo,
+Hebrew,
+Hiragana,
+Imperial_Aramaic,
+Inherited,
+Inscriptional_Pahlavi,
+Inscriptional_Parthian,
+Javanese,
+Kaithi,
+Kannada,
+Katakana,
+Kayah_Li,
+Kharoshthi,
+Khmer,
+Khojki,
+Khudawadi,
+Lao,
+Latin,
+Lepcha,
+Limbu,
+Linear_A,
+Linear_B,
+Lisu,
+Lycian,
+Lydian,
+Mahajani,
+Malayalam,
+Mandaic,
+Manichaean,
+Meetei_Mayek,
+Mende_Kikakui,
+Meroitic_Cursive,
+Meroitic_Hieroglyphs,
+Miao,
+Modi,
+Mongolian,
+Mro,
+Myanmar,
+Nabataean,
+New_Tai_Lue,
+Nko,
+Ogham,
+Ol_Chiki,
+Old_Italic,
+Old_North_Arabian,
+Old_Permic,
+Old_Persian,
+Old_South_Arabian,
+Old_Turkic,
+Oriya,
+Osmanya,
+Pahawh_Hmong,
+Palmyrene,
+Pau_Cin_Hau,
+Phags_Pa,
+Phoenician,
+Psalter_Pahlavi,
+Rejang,
+Runic,
+Samaritan,
+Saurashtra,
+Sharada,
+Shavian,
+Siddham,
+Sinhala,
+Sora_Sompeng,
+Sundanese,
+Syloti_Nagri,
+Syriac,
+Tagalog,
+Tagbanwa,
+Tai_Le,
+Tai_Tham,
+Tai_Viet,
+Takri,
+Tamil,
+Telugu,
+Thaana,
+Thai,
+Tibetan,
+Tifinagh,
+Tirhuta,
+Ugaritic,
+Vai,
+Warang_Citi,
+Yi.
+.
+.
+.SH "CHARACTER CLASSES"
+.rs
+.sp
+  [...]       positive character class
+  [^...]      negative character class
+  [x-y]       range (can be used for hex characters)
+  [[:xxx:]]   positive POSIX named set
+  [[:^xxx:]]  negative POSIX named set
+.sp
+  alnum       alphanumeric
+  alpha       alphabetic
+  ascii       0-127
+  blank       space or tab
+  cntrl       control character
+  digit       decimal digit
+  graph       printing, excluding space
+  lower       lower case letter
+  print       printing, including space
+  punct       printing, excluding alphanumeric
+  space       white space
+  upper       upper case letter
+  word        same as \ew
+  xdigit      hexadecimal digit
+.sp
+In PCRE, POSIX character set names recognize only ASCII characters by default,
+but some of them use Unicode properties if PCRE_UCP is set. You can use
+\eQ...\eE inside a character class.
+.
+.
+.SH "QUANTIFIERS"
+.rs
+.sp
+  ?           0 or 1, greedy
+  ?+          0 or 1, possessive
+  ??          0 or 1, lazy
+  *           0 or more, greedy
+  *+          0 or more, possessive
+  *?          0 or more, lazy
+  +           1 or more, greedy
+  ++          1 or more, possessive
+  +?          1 or more, lazy
+  {n}         exactly n
+  {n,m}       at least n, no more than m, greedy
+  {n,m}+      at least n, no more than m, possessive
+  {n,m}?      at least n, no more than m, lazy
+  {n,}        n or more, greedy
+  {n,}+       n or more, possessive
+  {n,}?       n or more, lazy
+.
+.
+.SH "ANCHORS AND SIMPLE ASSERTIONS"
+.rs
+.sp
+  \eb          word boundary
+  \eB          not a word boundary
+  ^           start of subject
+               also after internal newline in multiline mode
+  \eA          start of subject
+  $           end of subject
+               also before newline at end of subject
+               also before internal newline in multiline mode
+  \eZ          end of subject
+               also before newline at end of subject
+  \ez          end of subject
+  \eG          first matching position in subject
+.
+.
+.SH "MATCH POINT RESET"
+.rs
+.sp
+  \eK          reset start of match
+.sp
+\eK is honoured in positive assertions, but ignored in negative ones.
+.
+.
+.SH "ALTERNATION"
+.rs
+.sp
+  expr|expr|expr...
+.
+.
+.SH "CAPTURING"
+.rs
+.sp
+  (...)           capturing group
+  (?<name>...)    named capturing group (Perl)
+  (?'name'...)    named capturing group (Perl)
+  (?P<name>...)   named capturing group (Python)
+  (?:...)         non-capturing group
+  (?|...)         non-capturing group; reset group numbers for
+                   capturing groups in each alternative
+.
+.
+.SH "ATOMIC GROUPS"
+.rs
+.sp
+  (?>...)         atomic, non-capturing group
+.
+.
+.
+.
+.SH "COMMENT"
+.rs
+.sp
+  (?#....)        comment (not nestable)
+.
+.
+.SH "OPTION SETTING"
+.rs
+.sp
+  (?i)            caseless
+  (?J)            allow duplicate names
+  (?m)            multiline
+  (?s)            single line (dotall)
+  (?U)            default ungreedy (lazy)
+  (?x)            extended (ignore white space)
+  (?-...)         unset option(s)
+.sp
+The following are recognized only at the very start of a pattern or after one
+of the newline or \eR options with similar syntax. More than one of them may
+appear.
+.sp
+  (*LIMIT_MATCH=d) set the match limit to d (decimal number)
+  (*LIMIT_RECURSION=d) set the recursion limit to d (decimal number)
+  (*NO_AUTO_POSSESS) no auto-possessification (PCRE_NO_AUTO_POSSESS)
+  (*NO_START_OPT) no start-match optimization (PCRE_NO_START_OPTIMIZE)
+  (*UTF8)         set UTF-8 mode: 8-bit library (PCRE_UTF8)
+  (*UTF16)        set UTF-16 mode: 16-bit library (PCRE_UTF16)
+  (*UTF32)        set UTF-32 mode: 32-bit library (PCRE_UTF32)
+  (*UTF)          set appropriate UTF mode for the library in use
+  (*UCP)          set PCRE_UCP (use Unicode properties for \ed etc)
+.sp
+Note that LIMIT_MATCH and LIMIT_RECURSION can only reduce the value of the
+limits set by the caller of pcre_exec(), not increase them.
+.
+.
+.SH "NEWLINE CONVENTION"
+.rs
+.sp
+These are recognized only at the very start of the pattern or after option
+settings with a similar syntax.
+.sp
+  (*CR)           carriage return only
+  (*LF)           linefeed only
+  (*CRLF)         carriage return followed by linefeed
+  (*ANYCRLF)      all three of the above
+  (*ANY)          any Unicode newline sequence
+.
+.
+.SH "WHAT \eR MATCHES"
+.rs
+.sp
+These are recognized only at the very start of the pattern or after option
+setting with a similar syntax.
+.sp
+  (*BSR_ANYCRLF)  CR, LF, or CRLF
+  (*BSR_UNICODE)  any Unicode newline sequence
+.
+.
+.SH "LOOKAHEAD AND LOOKBEHIND ASSERTIONS"
+.rs
+.sp
+  (?=...)         positive look ahead
+  (?!...)         negative look ahead
+  (?<=...)        positive look behind
+  (?<!...)        negative look behind
+.sp
+Each top-level branch of a look behind must be of a fixed length.
+.
+.
+.SH "BACKREFERENCES"
+.rs
+.sp
+  \en              reference by number (can be ambiguous)
+  \egn             reference by number
+  \eg{n}           reference by number
+  \eg{-n}          relative reference by number
+  \ek<name>        reference by name (Perl)
+  \ek'name'        reference by name (Perl)
+  \eg{name}        reference by name (Perl)
+  \ek{name}        reference by name (.NET)
+  (?P=name)       reference by name (Python)
+.
+.
+.SH "SUBROUTINE REFERENCES (POSSIBLY RECURSIVE)"
+.rs
+.sp
+  (?R)            recurse whole pattern
+  (?n)            call subpattern by absolute number
+  (?+n)           call subpattern by relative number
+  (?-n)           call subpattern by relative number
+  (?&name)        call subpattern by name (Perl)
+  (?P>name)       call subpattern by name (Python)
+  \eg<name>        call subpattern by name (Oniguruma)
+  \eg'name'        call subpattern by name (Oniguruma)
+  \eg<n>           call subpattern by absolute number (Oniguruma)
+  \eg'n'           call subpattern by absolute number (Oniguruma)
+  \eg<+n>          call subpattern by relative number (PCRE extension)
+  \eg'+n'          call subpattern by relative number (PCRE extension)
+  \eg<-n>          call subpattern by relative number (PCRE extension)
+  \eg'-n'          call subpattern by relative number (PCRE extension)
+.
+.
+.SH "CONDITIONAL PATTERNS"
+.rs
+.sp
+  (?(condition)yes-pattern)
+  (?(condition)yes-pattern|no-pattern)
+.sp
+  (?(n)...        absolute reference condition
+  (?(+n)...       relative reference condition
+  (?(-n)...       relative reference condition
+  (?(<name>)...   named reference condition (Perl)
+  (?('name')...   named reference condition (Perl)
+  (?(name)...     named reference condition (PCRE)
+  (?(R)...        overall recursion condition
+  (?(Rn)...       specific group recursion condition
+  (?(R&name)...   specific recursion condition
+  (?(DEFINE)...   define subpattern for reference
+  (?(assert)...   assertion condition
+.
+.
+.SH "BACKTRACKING CONTROL"
+.rs
+.sp
+The following act immediately they are reached:
+.sp
+  (*ACCEPT)       force successful match
+  (*FAIL)         force backtrack; synonym (*F)
+  (*MARK:NAME)    set name to be passed back; synonym (*:NAME)
+.sp
+The following act only when a subsequent match failure causes a backtrack to
+reach them. They all force a match failure, but they differ in what happens
+afterwards. Those that advance the start-of-match point do so only if the
+pattern is not anchored.
+.sp
+  (*COMMIT)       overall failure, no advance of starting point
+  (*PRUNE)        advance to next starting character
+  (*PRUNE:NAME)   equivalent to (*MARK:NAME)(*PRUNE)
+  (*SKIP)         advance to current matching position
+  (*SKIP:NAME)    advance to position corresponding to an earlier
+                  (*MARK:NAME); if not found, the (*SKIP) is ignored
+  (*THEN)         local failure, backtrack to next alternation
+  (*THEN:NAME)    equivalent to (*MARK:NAME)(*THEN)
+.
+.
+.SH "CALLOUTS"
+.rs
+.sp
+  (?C)      callout
+  (?Cn)     callout with data n
+.
+.
+.SH "SEE ALSO"
+.rs
+.sp
+\fBpcrepattern\fP(3), \fBpcreapi\fP(3), \fBpcrecallout\fP(3),
+\fBpcrematching\fP(3), \fBpcre\fP(3).
+.
+.
+.SH AUTHOR
+.rs
+.sp
+.nf
+Philip Hazel
+University Computing Service
+Cambridge CB2 3QH, England.
+.fi
+.
+.
+.SH REVISION
+.rs
+.sp
+.nf
+Last updated: 08 January 2014
+Copyright (c) 1997-2014 University of Cambridge.
+.fi
diff --git a/client/3rd/ShadowSocks/ShadowSocks/pcre/arm64/share/man/man3/pcreunicode.3 b/client/3rd/ShadowSocks/ShadowSocks/pcre/arm64/share/man/man3/pcreunicode.3
new file mode 100644
index 00000000..cb5e5269
--- /dev/null
+++ b/client/3rd/ShadowSocks/ShadowSocks/pcre/arm64/share/man/man3/pcreunicode.3
@@ -0,0 +1,249 @@
+.TH PCREUNICODE 3 "27 February 2013" "PCRE 8.33"
+.SH NAME
+PCRE - Perl-compatible regular expressions
+.SH "UTF-8, UTF-16, UTF-32, AND UNICODE PROPERTY SUPPORT"
+.rs
+.sp
+As well as UTF-8 support, PCRE also supports UTF-16 (from release 8.30) and
+UTF-32 (from release 8.32), by means of two additional libraries. They can be
+built as well as, or instead of, the 8-bit library.
+.
+.
+.SH "UTF-8 SUPPORT"
+.rs
+.sp
+In order process UTF-8 strings, you must build PCRE's 8-bit library with UTF
+support, and, in addition, you must call
+.\" HREF
+\fBpcre_compile()\fP
+.\"
+with the PCRE_UTF8 option flag, or the pattern must start with the sequence
+(*UTF8) or (*UTF). When either of these is the case, both the pattern and any
+subject strings that are matched against it are treated as UTF-8 strings
+instead of strings of individual 1-byte characters.
+.
+.
+.SH "UTF-16 AND UTF-32 SUPPORT"
+.rs
+.sp
+In order process UTF-16 or UTF-32 strings, you must build PCRE's 16-bit or
+32-bit library with UTF support, and, in addition, you must call
+.\" HREF
+\fBpcre16_compile()\fP
+.\"
+or
+.\" HREF
+\fBpcre32_compile()\fP
+.\"
+with the PCRE_UTF16 or PCRE_UTF32 option flag, as appropriate. Alternatively,
+the pattern must start with the sequence (*UTF16), (*UTF32), as appropriate, or
+(*UTF), which can be used with either library. When UTF mode is set, both the
+pattern and any subject strings that are matched against it are treated as
+UTF-16 or UTF-32 strings instead of strings of individual 16-bit or 32-bit
+characters.
+.
+.
+.SH "UTF SUPPORT OVERHEAD"
+.rs
+.sp
+If you compile PCRE with UTF support, but do not use it at run time, the
+library will be a bit bigger, but the additional run time overhead is limited
+to testing the PCRE_UTF[8|16|32] flag occasionally, so should not be very big.
+.
+.
+.SH "UNICODE PROPERTY SUPPORT"
+.rs
+.sp
+If PCRE is built with Unicode character property support (which implies UTF
+support), the escape sequences \ep{..}, \eP{..}, and \eX can be used.
+The available properties that can be tested are limited to the general
+category properties such as Lu for an upper case letter or Nd for a decimal
+number, the Unicode script names such as Arabic or Han, and the derived
+properties Any and L&. Full lists is given in the
+.\" HREF
+\fBpcrepattern\fP
+.\"
+and
+.\" HREF
+\fBpcresyntax\fP
+.\"
+documentation. Only the short names for properties are supported. For example,
+\ep{L} matches a letter. Its Perl synonym, \ep{Letter}, is not supported.
+Furthermore, in Perl, many properties may optionally be prefixed by "Is", for
+compatibility with Perl 5.6. PCRE does not support this.
+.
+.
+.\" HTML <a name="utf8strings"></a>
+.SS "Validity of UTF-8 strings"
+.rs
+.sp
+When you set the PCRE_UTF8 flag, the byte strings passed as patterns and
+subjects are (by default) checked for validity on entry to the relevant
+functions. The entire string is checked before any other processing takes
+place. From release 7.3 of PCRE, the check is according the rules of RFC 3629,
+which are themselves derived from the Unicode specification. Earlier releases
+of PCRE followed the rules of RFC 2279, which allows the full range of 31-bit
+values (0 to 0x7FFFFFFF). The current check allows only values in the range U+0
+to U+10FFFF, excluding the surrogate area. (From release 8.33 the so-called
+"non-character" code points are no longer excluded because Unicode corrigendum
+#9 makes it clear that they should not be.)
+.P
+Characters in the "Surrogate Area" of Unicode are reserved for use by UTF-16,
+where they are used in pairs to encode codepoints with values greater than
+0xFFFF. The code points that are encoded by UTF-16 pairs are available
+independently in the UTF-8 and UTF-32 encodings. (In other words, the whole
+surrogate thing is a fudge for UTF-16 which unfortunately messes up UTF-8 and
+UTF-32.)
+.P
+If an invalid UTF-8 string is passed to PCRE, an error return is given. At
+compile time, the only additional information is the offset to the first byte
+of the failing character. The run-time functions \fBpcre_exec()\fP and
+\fBpcre_dfa_exec()\fP also pass back this information, as well as a more
+detailed reason code if the caller has provided memory in which to do this.
+.P
+In some situations, you may already know that your strings are valid, and
+therefore want to skip these checks in order to improve performance, for
+example in the case of a long subject string that is being scanned repeatedly.
+If you set the PCRE_NO_UTF8_CHECK flag at compile time or at run time, PCRE
+assumes that the pattern or subject it is given (respectively) contains only
+valid UTF-8 codes. In this case, it does not diagnose an invalid UTF-8 string.
+.P
+Note that passing PCRE_NO_UTF8_CHECK to \fBpcre_compile()\fP just disables the
+check for the pattern; it does not also apply to subject strings. If you want
+to disable the check for a subject string you must pass this option to
+\fBpcre_exec()\fP or \fBpcre_dfa_exec()\fP.
+.P
+If you pass an invalid UTF-8 string when PCRE_NO_UTF8_CHECK is set, the result
+is undefined and your program may crash.
+.
+.
+.\" HTML <a name="utf16strings"></a>
+.SS "Validity of UTF-16 strings"
+.rs
+.sp
+When you set the PCRE_UTF16 flag, the strings of 16-bit data units that are
+passed as patterns and subjects are (by default) checked for validity on entry
+to the relevant functions. Values other than those in the surrogate range
+U+D800 to U+DFFF are independent code points. Values in the surrogate range
+must be used in pairs in the correct manner.
+.P
+If an invalid UTF-16 string is passed to PCRE, an error return is given. At
+compile time, the only additional information is the offset to the first data
+unit of the failing character. The run-time functions \fBpcre16_exec()\fP and
+\fBpcre16_dfa_exec()\fP also pass back this information, as well as a more
+detailed reason code if the caller has provided memory in which to do this.
+.P
+In some situations, you may already know that your strings are valid, and
+therefore want to skip these checks in order to improve performance. If you set
+the PCRE_NO_UTF16_CHECK flag at compile time or at run time, PCRE assumes that
+the pattern or subject it is given (respectively) contains only valid UTF-16
+sequences. In this case, it does not diagnose an invalid UTF-16 string.
+However, if an invalid string is passed, the result is undefined.
+.
+.
+.\" HTML <a name="utf32strings"></a>
+.SS "Validity of UTF-32 strings"
+.rs
+.sp
+When you set the PCRE_UTF32 flag, the strings of 32-bit data units that are
+passed as patterns and subjects are (by default) checked for validity on entry
+to the relevant functions.  This check allows only values in the range U+0
+to U+10FFFF, excluding the surrogate area U+D800 to U+DFFF.
+.P
+If an invalid UTF-32 string is passed to PCRE, an error return is given. At
+compile time, the only additional information is the offset to the first data
+unit of the failing character. The run-time functions \fBpcre32_exec()\fP and
+\fBpcre32_dfa_exec()\fP also pass back this information, as well as a more
+detailed reason code if the caller has provided memory in which to do this.
+.P
+In some situations, you may already know that your strings are valid, and
+therefore want to skip these checks in order to improve performance. If you set
+the PCRE_NO_UTF32_CHECK flag at compile time or at run time, PCRE assumes that
+the pattern or subject it is given (respectively) contains only valid UTF-32
+sequences. In this case, it does not diagnose an invalid UTF-32 string.
+However, if an invalid string is passed, the result is undefined.
+.
+.
+.SS "General comments about UTF modes"
+.rs
+.sp
+1. Codepoints less than 256 can be specified in patterns by either braced or
+unbraced hexadecimal escape sequences (for example, \ex{b3} or \exb3). Larger
+values have to use braced sequences.
+.P
+2. Octal numbers up to \e777 are recognized, and in UTF-8 mode they match
+two-byte characters for values greater than \e177.
+.P
+3. Repeat quantifiers apply to complete UTF characters, not to individual
+data units, for example: \ex{100}{3}.
+.P
+4. The dot metacharacter matches one UTF character instead of a single data
+unit.
+.P
+5. The escape sequence \eC can be used to match a single byte in UTF-8 mode, or
+a single 16-bit data unit in UTF-16 mode, or a single 32-bit data unit in
+UTF-32 mode, but its use can lead to some strange effects because it breaks up
+multi-unit characters (see the description of \eC in the
+.\" HREF
+\fBpcrepattern\fP
+.\"
+documentation). The use of \eC is not supported in the alternative matching
+function \fBpcre[16|32]_dfa_exec()\fP, nor is it supported in UTF mode by the
+JIT optimization of \fBpcre[16|32]_exec()\fP. If JIT optimization is requested
+for a UTF pattern that contains \eC, it will not succeed, and so the matching
+will be carried out by the normal interpretive function.
+.P
+6. The character escapes \eb, \eB, \ed, \eD, \es, \eS, \ew, and \eW correctly
+test characters of any code value, but, by default, the characters that PCRE
+recognizes as digits, spaces, or word characters remain the same set as in
+non-UTF mode, all with values less than 256. This remains true even when PCRE
+is built to include Unicode property support, because to do otherwise would
+slow down PCRE in many common cases. Note in particular that this applies to
+\eb and \eB, because they are defined in terms of \ew and \eW. If you really
+want to test for a wider sense of, say, "digit", you can use explicit Unicode
+property tests such as \ep{Nd}. Alternatively, if you set the PCRE_UCP option,
+the way that the character escapes work is changed so that Unicode properties
+are used to determine which characters match. There are more details in the
+section on
+.\" HTML <a href="pcrepattern.html#genericchartypes">
+.\" </a>
+generic character types
+.\"
+in the
+.\" HREF
+\fBpcrepattern\fP
+.\"
+documentation.
+.P
+7. Similarly, characters that match the POSIX named character classes are all
+low-valued characters, unless the PCRE_UCP option is set.
+.P
+8. However, the horizontal and vertical white space matching escapes (\eh, \eH,
+\ev, and \eV) do match all the appropriate Unicode characters, whether or not
+PCRE_UCP is set.
+.P
+9. Case-insensitive matching applies only to characters whose values are less
+than 128, unless PCRE is built with Unicode property support. A few Unicode
+characters such as Greek sigma have more than two codepoints that are
+case-equivalent. Up to and including PCRE release 8.31, only one-to-one case
+mappings were supported, but later releases (with Unicode property support) do
+treat as case-equivalent all versions of characters such as Greek sigma.
+.
+.
+.SH AUTHOR
+.rs
+.sp
+.nf
+Philip Hazel
+University Computing Service
+Cambridge CB2 3QH, England.
+.fi
+.
+.
+.SH REVISION
+.rs
+.sp
+.nf
+Last updated: 27 February 2013
+Copyright (c) 1997-2013 University of Cambridge.
+.fi
diff --git a/client/3rd/ShadowSocks/ShadowSocks/pcre/armv7/bin/pcre-config b/client/3rd/ShadowSocks/ShadowSocks/pcre/armv7/bin/pcre-config
new file mode 100755
index 00000000..bf8c7677
--- /dev/null
+++ b/client/3rd/ShadowSocks/ShadowSocks/pcre/armv7/bin/pcre-config
@@ -0,0 +1,133 @@
+#!/bin/sh
+
+prefix=/Users/sanchez/work/vied/ios/vpn/playground/ss-libev-build/ShadowSocks-libev-iOS/ShadowSocks-libev-iOS/pcre/pcre/armv7
+exec_prefix=${prefix}
+exec_prefix_set=no
+
+cflags="[--cflags]"
+
+if test yes = yes ; then
+  libs="[--libs-cpp]"
+else
+  libs=
+fi
+
+if test no = yes ; then
+  libs="[--libs16] $libs"
+fi
+
+if test no = yes ; then
+  libs="[--libs32] $libs"
+fi
+
+if test yes = yes ; then
+  libs="[--libs] [--libs-posix] $libs"
+  cflags="$cflags [--cflags-posix]"
+fi
+
+usage="Usage: pcre-config [--prefix] [--exec-prefix] [--version] $libs $cflags"
+
+if test $# -eq 0; then
+      echo "${usage}" 1>&2
+      exit 1
+fi
+
+libR=
+case `uname -s` in
+  *SunOS*)
+  libR=" -R${exec_prefix}/lib"
+  ;;
+  *BSD*)
+  libR=" -Wl,-R${exec_prefix}/lib"
+  ;;
+esac
+
+libS=
+if test ${exec_prefix}/lib != /usr/lib ; then
+  libS=-L${exec_prefix}/lib
+fi
+
+while test $# -gt 0; do
+  case "$1" in
+  -*=*) optarg=`echo "$1" | sed 's/[-_a-zA-Z0-9]*=//'` ;;
+  *) optarg= ;;
+  esac
+
+  case $1 in
+    --prefix=*)
+      prefix=$optarg
+      if test $exec_prefix_set = no ; then
+        exec_prefix=$optarg
+      fi
+      ;;
+    --prefix)
+      echo $prefix
+      ;;
+    --exec-prefix=*)
+      exec_prefix=$optarg
+      exec_prefix_set=yes
+      ;;
+    --exec-prefix)
+      echo $exec_prefix
+      ;;
+    --version)
+      echo 8.41
+      ;;
+    --cflags)
+      if test ${prefix}/include != /usr/include ; then
+        includes=-I${prefix}/include
+      fi
+      echo $includes -DPCRE_STATIC
+      ;;
+    --cflags-posix)
+      if test yes = yes ; then
+        if test ${prefix}/include != /usr/include ; then
+          includes=-I${prefix}/include
+        fi
+        echo $includes -DPCRE_STATIC
+      else
+        echo "${usage}" 1>&2
+      fi
+      ;;
+    --libs-posix)
+      if test yes = yes ; then
+        echo $libS$libR -lpcreposix -lpcre
+      else
+        echo "${usage}" 1>&2
+      fi
+      ;;
+    --libs)
+      if test yes = yes ; then
+        echo $libS$libR -lpcre
+      else
+        echo "${usage}" 1>&2
+      fi
+      ;;
+    --libs16)
+      if test no = yes ; then
+        echo $libS$libR -lpcre16
+      else
+        echo "${usage}" 1>&2
+      fi
+      ;;
+    --libs32)
+      if test no = yes ; then
+        echo $libS$libR -lpcre32
+      else
+        echo "${usage}" 1>&2
+      fi
+      ;;
+    --libs-cpp)
+      if test yes = yes ; then
+        echo $libS$libR -lpcrecpp -lpcre
+      else
+        echo "${usage}" 1>&2
+      fi
+      ;;
+    *)
+      echo "${usage}" 1>&2
+      exit 1
+      ;;
+  esac
+  shift
+done
diff --git a/client/3rd/ShadowSocks/ShadowSocks/pcre/armv7/bin/pcregrep b/client/3rd/ShadowSocks/ShadowSocks/pcre/armv7/bin/pcregrep
new file mode 100755
index 00000000..d62169b0
Binary files /dev/null and b/client/3rd/ShadowSocks/ShadowSocks/pcre/armv7/bin/pcregrep differ
diff --git a/client/3rd/ShadowSocks/ShadowSocks/pcre/armv7/bin/pcretest b/client/3rd/ShadowSocks/ShadowSocks/pcre/armv7/bin/pcretest
new file mode 100755
index 00000000..d69f1920
Binary files /dev/null and b/client/3rd/ShadowSocks/ShadowSocks/pcre/armv7/bin/pcretest differ
diff --git a/client/3rd/ShadowSocks/ShadowSocks/pcre/armv7/include/pcre.h b/client/3rd/ShadowSocks/ShadowSocks/pcre/armv7/include/pcre.h
new file mode 100644
index 00000000..442c6bdb
--- /dev/null
+++ b/client/3rd/ShadowSocks/ShadowSocks/pcre/armv7/include/pcre.h
@@ -0,0 +1,677 @@
+/*************************************************
+*       Perl-Compatible Regular Expressions      *
+*************************************************/
+
+/* This is the public header file for the PCRE library, to be #included by
+applications that call the PCRE functions.
+
+           Copyright (c) 1997-2014 University of Cambridge
+
+-----------------------------------------------------------------------------
+Redistribution and use in source and binary forms, with or without
+modification, are permitted provided that the following conditions are met:
+
+    * Redistributions of source code must retain the above copyright notice,
+      this list of conditions and the following disclaimer.
+
+    * Redistributions in binary form must reproduce the above copyright
+      notice, this list of conditions and the following disclaimer in the
+      documentation and/or other materials provided with the distribution.
+
+    * Neither the name of the University of Cambridge nor the names of its
+      contributors may be used to endorse or promote products derived from
+      this software without specific prior written permission.
+
+THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS"
+AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT OWNER OR CONTRIBUTORS BE
+LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR
+CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF
+SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS
+INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN
+CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
+ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE
+POSSIBILITY OF SUCH DAMAGE.
+-----------------------------------------------------------------------------
+*/
+
+#ifndef _PCRE_H
+#define _PCRE_H
+
+/* The current PCRE version information. */
+
+#define PCRE_MAJOR          8
+#define PCRE_MINOR          41
+#define PCRE_PRERELEASE     
+#define PCRE_DATE           2017-07-05
+
+/* When an application links to a PCRE DLL in Windows, the symbols that are
+imported have to be identified as such. When building PCRE, the appropriate
+export setting is defined in pcre_internal.h, which includes this file. So we
+don't change existing definitions of PCRE_EXP_DECL and PCRECPP_EXP_DECL. */
+
+#if defined(_WIN32) && !defined(PCRE_STATIC)
+#  ifndef PCRE_EXP_DECL
+#    define PCRE_EXP_DECL  extern __declspec(dllimport)
+#  endif
+#  ifdef __cplusplus
+#    ifndef PCRECPP_EXP_DECL
+#      define PCRECPP_EXP_DECL  extern __declspec(dllimport)
+#    endif
+#    ifndef PCRECPP_EXP_DEFN
+#      define PCRECPP_EXP_DEFN  __declspec(dllimport)
+#    endif
+#  endif
+#endif
+
+/* By default, we use the standard "extern" declarations. */
+
+#ifndef PCRE_EXP_DECL
+#  ifdef __cplusplus
+#    define PCRE_EXP_DECL  extern "C"
+#  else
+#    define PCRE_EXP_DECL  extern
+#  endif
+#endif
+
+#ifdef __cplusplus
+#  ifndef PCRECPP_EXP_DECL
+#    define PCRECPP_EXP_DECL  extern
+#  endif
+#  ifndef PCRECPP_EXP_DEFN
+#    define PCRECPP_EXP_DEFN
+#  endif
+#endif
+
+/* Have to include stdlib.h in order to ensure that size_t is defined;
+it is needed here for malloc. */
+
+#include <stdlib.h>
+
+/* Allow for C++ users */
+
+#ifdef __cplusplus
+extern "C" {
+#endif
+
+/* Public options. Some are compile-time only, some are run-time only, and some
+are both. Most of the compile-time options are saved with the compiled regex so
+that they can be inspected during studying (and therefore JIT compiling). Note
+that pcre_study() has its own set of options. Originally, all the options
+defined here used distinct bits. However, almost all the bits in a 32-bit word
+are now used, so in order to conserve them, option bits that were previously
+only recognized at matching time (i.e. by pcre_exec() or pcre_dfa_exec()) may
+also be used for compile-time options that affect only compiling and are not
+relevant for studying or JIT compiling.
+
+Some options for pcre_compile() change its behaviour but do not affect the
+behaviour of the execution functions. Other options are passed through to the
+execution functions and affect their behaviour, with or without affecting the
+behaviour of pcre_compile().
+
+Options that can be passed to pcre_compile() are tagged Cx below, with these
+variants:
+
+C1   Affects compile only
+C2   Does not affect compile; affects exec, dfa_exec
+C3   Affects compile, exec, dfa_exec
+C4   Affects compile, exec, dfa_exec, study
+C5   Affects compile, exec, study
+
+Options that can be set for pcre_exec() and/or pcre_dfa_exec() are flagged with
+E and D, respectively. They take precedence over C3, C4, and C5 settings passed
+from pcre_compile(). Those that are compatible with JIT execution are flagged
+with J. */
+
+#define PCRE_CASELESS           0x00000001  /* C1       */
+#define PCRE_MULTILINE          0x00000002  /* C1       */
+#define PCRE_DOTALL             0x00000004  /* C1       */
+#define PCRE_EXTENDED           0x00000008  /* C1       */
+#define PCRE_ANCHORED           0x00000010  /* C4 E D   */
+#define PCRE_DOLLAR_ENDONLY     0x00000020  /* C2       */
+#define PCRE_EXTRA              0x00000040  /* C1       */
+#define PCRE_NOTBOL             0x00000080  /*    E D J */
+#define PCRE_NOTEOL             0x00000100  /*    E D J */
+#define PCRE_UNGREEDY           0x00000200  /* C1       */
+#define PCRE_NOTEMPTY           0x00000400  /*    E D J */
+#define PCRE_UTF8               0x00000800  /* C4        )          */
+#define PCRE_UTF16              0x00000800  /* C4        ) Synonyms */
+#define PCRE_UTF32              0x00000800  /* C4        )          */
+#define PCRE_NO_AUTO_CAPTURE    0x00001000  /* C1       */
+#define PCRE_NO_UTF8_CHECK      0x00002000  /* C1 E D J  )          */
+#define PCRE_NO_UTF16_CHECK     0x00002000  /* C1 E D J  ) Synonyms */
+#define PCRE_NO_UTF32_CHECK     0x00002000  /* C1 E D J  )          */
+#define PCRE_AUTO_CALLOUT       0x00004000  /* C1       */
+#define PCRE_PARTIAL_SOFT       0x00008000  /*    E D J  ) Synonyms */
+#define PCRE_PARTIAL            0x00008000  /*    E D J  )          */
+
+/* This pair use the same bit. */
+#define PCRE_NEVER_UTF          0x00010000  /* C1        ) Overlaid */
+#define PCRE_DFA_SHORTEST       0x00010000  /*      D    ) Overlaid */
+
+/* This pair use the same bit. */
+#define PCRE_NO_AUTO_POSSESS    0x00020000  /* C1        ) Overlaid */
+#define PCRE_DFA_RESTART        0x00020000  /*      D    ) Overlaid */
+
+#define PCRE_FIRSTLINE          0x00040000  /* C3       */
+#define PCRE_DUPNAMES           0x00080000  /* C1       */
+#define PCRE_NEWLINE_CR         0x00100000  /* C3 E D   */
+#define PCRE_NEWLINE_LF         0x00200000  /* C3 E D   */
+#define PCRE_NEWLINE_CRLF       0x00300000  /* C3 E D   */
+#define PCRE_NEWLINE_ANY        0x00400000  /* C3 E D   */
+#define PCRE_NEWLINE_ANYCRLF    0x00500000  /* C3 E D   */
+#define PCRE_BSR_ANYCRLF        0x00800000  /* C3 E D   */
+#define PCRE_BSR_UNICODE        0x01000000  /* C3 E D   */
+#define PCRE_JAVASCRIPT_COMPAT  0x02000000  /* C5       */
+#define PCRE_NO_START_OPTIMIZE  0x04000000  /* C2 E D    ) Synonyms */
+#define PCRE_NO_START_OPTIMISE  0x04000000  /* C2 E D    )          */
+#define PCRE_PARTIAL_HARD       0x08000000  /*    E D J */
+#define PCRE_NOTEMPTY_ATSTART   0x10000000  /*    E D J */
+#define PCRE_UCP                0x20000000  /* C3       */
+
+/* Exec-time and get/set-time error codes */
+
+#define PCRE_ERROR_NOMATCH          (-1)
+#define PCRE_ERROR_NULL             (-2)
+#define PCRE_ERROR_BADOPTION        (-3)
+#define PCRE_ERROR_BADMAGIC         (-4)
+#define PCRE_ERROR_UNKNOWN_OPCODE   (-5)
+#define PCRE_ERROR_UNKNOWN_NODE     (-5)  /* For backward compatibility */
+#define PCRE_ERROR_NOMEMORY         (-6)
+#define PCRE_ERROR_NOSUBSTRING      (-7)
+#define PCRE_ERROR_MATCHLIMIT       (-8)
+#define PCRE_ERROR_CALLOUT          (-9)  /* Never used by PCRE itself */
+#define PCRE_ERROR_BADUTF8         (-10)  /* Same for 8/16/32 */
+#define PCRE_ERROR_BADUTF16        (-10)  /* Same for 8/16/32 */
+#define PCRE_ERROR_BADUTF32        (-10)  /* Same for 8/16/32 */
+#define PCRE_ERROR_BADUTF8_OFFSET  (-11)  /* Same for 8/16 */
+#define PCRE_ERROR_BADUTF16_OFFSET (-11)  /* Same for 8/16 */
+#define PCRE_ERROR_PARTIAL         (-12)
+#define PCRE_ERROR_BADPARTIAL      (-13)
+#define PCRE_ERROR_INTERNAL        (-14)
+#define PCRE_ERROR_BADCOUNT        (-15)
+#define PCRE_ERROR_DFA_UITEM       (-16)
+#define PCRE_ERROR_DFA_UCOND       (-17)
+#define PCRE_ERROR_DFA_UMLIMIT     (-18)
+#define PCRE_ERROR_DFA_WSSIZE      (-19)
+#define PCRE_ERROR_DFA_RECURSE     (-20)
+#define PCRE_ERROR_RECURSIONLIMIT  (-21)
+#define PCRE_ERROR_NULLWSLIMIT     (-22)  /* No longer actually used */
+#define PCRE_ERROR_BADNEWLINE      (-23)
+#define PCRE_ERROR_BADOFFSET       (-24)
+#define PCRE_ERROR_SHORTUTF8       (-25)
+#define PCRE_ERROR_SHORTUTF16      (-25)  /* Same for 8/16 */
+#define PCRE_ERROR_RECURSELOOP     (-26)
+#define PCRE_ERROR_JIT_STACKLIMIT  (-27)
+#define PCRE_ERROR_BADMODE         (-28)
+#define PCRE_ERROR_BADENDIANNESS   (-29)
+#define PCRE_ERROR_DFA_BADRESTART  (-30)
+#define PCRE_ERROR_JIT_BADOPTION   (-31)
+#define PCRE_ERROR_BADLENGTH       (-32)
+#define PCRE_ERROR_UNSET           (-33)
+
+/* Specific error codes for UTF-8 validity checks */
+
+#define PCRE_UTF8_ERR0               0
+#define PCRE_UTF8_ERR1               1
+#define PCRE_UTF8_ERR2               2
+#define PCRE_UTF8_ERR3               3
+#define PCRE_UTF8_ERR4               4
+#define PCRE_UTF8_ERR5               5
+#define PCRE_UTF8_ERR6               6
+#define PCRE_UTF8_ERR7               7
+#define PCRE_UTF8_ERR8               8
+#define PCRE_UTF8_ERR9               9
+#define PCRE_UTF8_ERR10             10
+#define PCRE_UTF8_ERR11             11
+#define PCRE_UTF8_ERR12             12
+#define PCRE_UTF8_ERR13             13
+#define PCRE_UTF8_ERR14             14
+#define PCRE_UTF8_ERR15             15
+#define PCRE_UTF8_ERR16             16
+#define PCRE_UTF8_ERR17             17
+#define PCRE_UTF8_ERR18             18
+#define PCRE_UTF8_ERR19             19
+#define PCRE_UTF8_ERR20             20
+#define PCRE_UTF8_ERR21             21
+#define PCRE_UTF8_ERR22             22  /* Unused (was non-character) */
+
+/* Specific error codes for UTF-16 validity checks */
+
+#define PCRE_UTF16_ERR0              0
+#define PCRE_UTF16_ERR1              1
+#define PCRE_UTF16_ERR2              2
+#define PCRE_UTF16_ERR3              3
+#define PCRE_UTF16_ERR4              4  /* Unused (was non-character) */
+
+/* Specific error codes for UTF-32 validity checks */
+
+#define PCRE_UTF32_ERR0              0
+#define PCRE_UTF32_ERR1              1
+#define PCRE_UTF32_ERR2              2  /* Unused (was non-character) */
+#define PCRE_UTF32_ERR3              3
+
+/* Request types for pcre_fullinfo() */
+
+#define PCRE_INFO_OPTIONS            0
+#define PCRE_INFO_SIZE               1
+#define PCRE_INFO_CAPTURECOUNT       2
+#define PCRE_INFO_BACKREFMAX         3
+#define PCRE_INFO_FIRSTBYTE          4
+#define PCRE_INFO_FIRSTCHAR          4  /* For backwards compatibility */
+#define PCRE_INFO_FIRSTTABLE         5
+#define PCRE_INFO_LASTLITERAL        6
+#define PCRE_INFO_NAMEENTRYSIZE      7
+#define PCRE_INFO_NAMECOUNT          8
+#define PCRE_INFO_NAMETABLE          9
+#define PCRE_INFO_STUDYSIZE         10
+#define PCRE_INFO_DEFAULT_TABLES    11
+#define PCRE_INFO_OKPARTIAL         12
+#define PCRE_INFO_JCHANGED          13
+#define PCRE_INFO_HASCRORLF         14
+#define PCRE_INFO_MINLENGTH         15
+#define PCRE_INFO_JIT               16
+#define PCRE_INFO_JITSIZE           17
+#define PCRE_INFO_MAXLOOKBEHIND     18
+#define PCRE_INFO_FIRSTCHARACTER    19
+#define PCRE_INFO_FIRSTCHARACTERFLAGS 20
+#define PCRE_INFO_REQUIREDCHAR      21
+#define PCRE_INFO_REQUIREDCHARFLAGS 22
+#define PCRE_INFO_MATCHLIMIT        23
+#define PCRE_INFO_RECURSIONLIMIT    24
+#define PCRE_INFO_MATCH_EMPTY       25
+
+/* Request types for pcre_config(). Do not re-arrange, in order to remain
+compatible. */
+
+#define PCRE_CONFIG_UTF8                    0
+#define PCRE_CONFIG_NEWLINE                 1
+#define PCRE_CONFIG_LINK_SIZE               2
+#define PCRE_CONFIG_POSIX_MALLOC_THRESHOLD  3
+#define PCRE_CONFIG_MATCH_LIMIT             4
+#define PCRE_CONFIG_STACKRECURSE            5
+#define PCRE_CONFIG_UNICODE_PROPERTIES      6
+#define PCRE_CONFIG_MATCH_LIMIT_RECURSION   7
+#define PCRE_CONFIG_BSR                     8
+#define PCRE_CONFIG_JIT                     9
+#define PCRE_CONFIG_UTF16                  10
+#define PCRE_CONFIG_JITTARGET              11
+#define PCRE_CONFIG_UTF32                  12
+#define PCRE_CONFIG_PARENS_LIMIT           13
+
+/* Request types for pcre_study(). Do not re-arrange, in order to remain
+compatible. */
+
+#define PCRE_STUDY_JIT_COMPILE                0x0001
+#define PCRE_STUDY_JIT_PARTIAL_SOFT_COMPILE   0x0002
+#define PCRE_STUDY_JIT_PARTIAL_HARD_COMPILE   0x0004
+#define PCRE_STUDY_EXTRA_NEEDED               0x0008
+
+/* Bit flags for the pcre[16|32]_extra structure. Do not re-arrange or redefine
+these bits, just add new ones on the end, in order to remain compatible. */
+
+#define PCRE_EXTRA_STUDY_DATA             0x0001
+#define PCRE_EXTRA_MATCH_LIMIT            0x0002
+#define PCRE_EXTRA_CALLOUT_DATA           0x0004
+#define PCRE_EXTRA_TABLES                 0x0008
+#define PCRE_EXTRA_MATCH_LIMIT_RECURSION  0x0010
+#define PCRE_EXTRA_MARK                   0x0020
+#define PCRE_EXTRA_EXECUTABLE_JIT         0x0040
+
+/* Types */
+
+struct real_pcre;                 /* declaration; the definition is private  */
+typedef struct real_pcre pcre;
+
+struct real_pcre16;               /* declaration; the definition is private  */
+typedef struct real_pcre16 pcre16;
+
+struct real_pcre32;               /* declaration; the definition is private  */
+typedef struct real_pcre32 pcre32;
+
+struct real_pcre_jit_stack;       /* declaration; the definition is private  */
+typedef struct real_pcre_jit_stack pcre_jit_stack;
+
+struct real_pcre16_jit_stack;     /* declaration; the definition is private  */
+typedef struct real_pcre16_jit_stack pcre16_jit_stack;
+
+struct real_pcre32_jit_stack;     /* declaration; the definition is private  */
+typedef struct real_pcre32_jit_stack pcre32_jit_stack;
+
+/* If PCRE is compiled with 16 bit character support, PCRE_UCHAR16 must contain
+a 16 bit wide signed data type. Otherwise it can be a dummy data type since
+pcre16 functions are not implemented. There is a check for this in pcre_internal.h. */
+#ifndef PCRE_UCHAR16
+#define PCRE_UCHAR16 unsigned short
+#endif
+
+#ifndef PCRE_SPTR16
+#define PCRE_SPTR16 const PCRE_UCHAR16 *
+#endif
+
+/* If PCRE is compiled with 32 bit character support, PCRE_UCHAR32 must contain
+a 32 bit wide signed data type. Otherwise it can be a dummy data type since
+pcre32 functions are not implemented. There is a check for this in pcre_internal.h. */
+#ifndef PCRE_UCHAR32
+#define PCRE_UCHAR32 unsigned int
+#endif
+
+#ifndef PCRE_SPTR32
+#define PCRE_SPTR32 const PCRE_UCHAR32 *
+#endif
+
+/* When PCRE is compiled as a C++ library, the subject pointer type can be
+replaced with a custom type. For conventional use, the public interface is a
+const char *. */
+
+#ifndef PCRE_SPTR
+#define PCRE_SPTR const char *
+#endif
+
+/* The structure for passing additional data to pcre_exec(). This is defined in
+such as way as to be extensible. Always add new fields at the end, in order to
+remain compatible. */
+
+typedef struct pcre_extra {
+  unsigned long int flags;        /* Bits for which fields are set */
+  void *study_data;               /* Opaque data from pcre_study() */
+  unsigned long int match_limit;  /* Maximum number of calls to match() */
+  void *callout_data;             /* Data passed back in callouts */
+  const unsigned char *tables;    /* Pointer to character tables */
+  unsigned long int match_limit_recursion; /* Max recursive calls to match() */
+  unsigned char **mark;           /* For passing back a mark pointer */
+  void *executable_jit;           /* Contains a pointer to a compiled jit code */
+} pcre_extra;
+
+/* Same structure as above, but with 16 bit char pointers. */
+
+typedef struct pcre16_extra {
+  unsigned long int flags;        /* Bits for which fields are set */
+  void *study_data;               /* Opaque data from pcre_study() */
+  unsigned long int match_limit;  /* Maximum number of calls to match() */
+  void *callout_data;             /* Data passed back in callouts */
+  const unsigned char *tables;    /* Pointer to character tables */
+  unsigned long int match_limit_recursion; /* Max recursive calls to match() */
+  PCRE_UCHAR16 **mark;            /* For passing back a mark pointer */
+  void *executable_jit;           /* Contains a pointer to a compiled jit code */
+} pcre16_extra;
+
+/* Same structure as above, but with 32 bit char pointers. */
+
+typedef struct pcre32_extra {
+  unsigned long int flags;        /* Bits for which fields are set */
+  void *study_data;               /* Opaque data from pcre_study() */
+  unsigned long int match_limit;  /* Maximum number of calls to match() */
+  void *callout_data;             /* Data passed back in callouts */
+  const unsigned char *tables;    /* Pointer to character tables */
+  unsigned long int match_limit_recursion; /* Max recursive calls to match() */
+  PCRE_UCHAR32 **mark;            /* For passing back a mark pointer */
+  void *executable_jit;           /* Contains a pointer to a compiled jit code */
+} pcre32_extra;
+
+/* The structure for passing out data via the pcre_callout_function. We use a
+structure so that new fields can be added on the end in future versions,
+without changing the API of the function, thereby allowing old clients to work
+without modification. */
+
+typedef struct pcre_callout_block {
+  int          version;           /* Identifies version of block */
+  /* ------------------------ Version 0 ------------------------------- */
+  int          callout_number;    /* Number compiled into pattern */
+  int         *offset_vector;     /* The offset vector */
+  PCRE_SPTR    subject;           /* The subject being matched */
+  int          subject_length;    /* The length of the subject */
+  int          start_match;       /* Offset to start of this match attempt */
+  int          current_position;  /* Where we currently are in the subject */
+  int          capture_top;       /* Max current capture */
+  int          capture_last;      /* Most recently closed capture */
+  void        *callout_data;      /* Data passed in with the call */
+  /* ------------------- Added for Version 1 -------------------------- */
+  int          pattern_position;  /* Offset to next item in the pattern */
+  int          next_item_length;  /* Length of next item in the pattern */
+  /* ------------------- Added for Version 2 -------------------------- */
+  const unsigned char *mark;      /* Pointer to current mark or NULL    */
+  /* ------------------------------------------------------------------ */
+} pcre_callout_block;
+
+/* Same structure as above, but with 16 bit char pointers. */
+
+typedef struct pcre16_callout_block {
+  int          version;           /* Identifies version of block */
+  /* ------------------------ Version 0 ------------------------------- */
+  int          callout_number;    /* Number compiled into pattern */
+  int         *offset_vector;     /* The offset vector */
+  PCRE_SPTR16  subject;           /* The subject being matched */
+  int          subject_length;    /* The length of the subject */
+  int          start_match;       /* Offset to start of this match attempt */
+  int          current_position;  /* Where we currently are in the subject */
+  int          capture_top;       /* Max current capture */
+  int          capture_last;      /* Most recently closed capture */
+  void        *callout_data;      /* Data passed in with the call */
+  /* ------------------- Added for Version 1 -------------------------- */
+  int          pattern_position;  /* Offset to next item in the pattern */
+  int          next_item_length;  /* Length of next item in the pattern */
+  /* ------------------- Added for Version 2 -------------------------- */
+  const PCRE_UCHAR16 *mark;       /* Pointer to current mark or NULL    */
+  /* ------------------------------------------------------------------ */
+} pcre16_callout_block;
+
+/* Same structure as above, but with 32 bit char pointers. */
+
+typedef struct pcre32_callout_block {
+  int          version;           /* Identifies version of block */
+  /* ------------------------ Version 0 ------------------------------- */
+  int          callout_number;    /* Number compiled into pattern */
+  int         *offset_vector;     /* The offset vector */
+  PCRE_SPTR32  subject;           /* The subject being matched */
+  int          subject_length;    /* The length of the subject */
+  int          start_match;       /* Offset to start of this match attempt */
+  int          current_position;  /* Where we currently are in the subject */
+  int          capture_top;       /* Max current capture */
+  int          capture_last;      /* Most recently closed capture */
+  void        *callout_data;      /* Data passed in with the call */
+  /* ------------------- Added for Version 1 -------------------------- */
+  int          pattern_position;  /* Offset to next item in the pattern */
+  int          next_item_length;  /* Length of next item in the pattern */
+  /* ------------------- Added for Version 2 -------------------------- */
+  const PCRE_UCHAR32 *mark;       /* Pointer to current mark or NULL    */
+  /* ------------------------------------------------------------------ */
+} pcre32_callout_block;
+
+/* Indirection for store get and free functions. These can be set to
+alternative malloc/free functions if required. Special ones are used in the
+non-recursive case for "frames". There is also an optional callout function
+that is triggered by the (?) regex item. For Virtual Pascal, these definitions
+have to take another form. */
+
+#ifndef VPCOMPAT
+PCRE_EXP_DECL void *(*pcre_malloc)(size_t);
+PCRE_EXP_DECL void  (*pcre_free)(void *);
+PCRE_EXP_DECL void *(*pcre_stack_malloc)(size_t);
+PCRE_EXP_DECL void  (*pcre_stack_free)(void *);
+PCRE_EXP_DECL int   (*pcre_callout)(pcre_callout_block *);
+PCRE_EXP_DECL int   (*pcre_stack_guard)(void);
+
+PCRE_EXP_DECL void *(*pcre16_malloc)(size_t);
+PCRE_EXP_DECL void  (*pcre16_free)(void *);
+PCRE_EXP_DECL void *(*pcre16_stack_malloc)(size_t);
+PCRE_EXP_DECL void  (*pcre16_stack_free)(void *);
+PCRE_EXP_DECL int   (*pcre16_callout)(pcre16_callout_block *);
+PCRE_EXP_DECL int   (*pcre16_stack_guard)(void);
+
+PCRE_EXP_DECL void *(*pcre32_malloc)(size_t);
+PCRE_EXP_DECL void  (*pcre32_free)(void *);
+PCRE_EXP_DECL void *(*pcre32_stack_malloc)(size_t);
+PCRE_EXP_DECL void  (*pcre32_stack_free)(void *);
+PCRE_EXP_DECL int   (*pcre32_callout)(pcre32_callout_block *);
+PCRE_EXP_DECL int   (*pcre32_stack_guard)(void);
+#else   /* VPCOMPAT */
+PCRE_EXP_DECL void *pcre_malloc(size_t);
+PCRE_EXP_DECL void  pcre_free(void *);
+PCRE_EXP_DECL void *pcre_stack_malloc(size_t);
+PCRE_EXP_DECL void  pcre_stack_free(void *);
+PCRE_EXP_DECL int   pcre_callout(pcre_callout_block *);
+PCRE_EXP_DECL int   pcre_stack_guard(void);
+
+PCRE_EXP_DECL void *pcre16_malloc(size_t);
+PCRE_EXP_DECL void  pcre16_free(void *);
+PCRE_EXP_DECL void *pcre16_stack_malloc(size_t);
+PCRE_EXP_DECL void  pcre16_stack_free(void *);
+PCRE_EXP_DECL int   pcre16_callout(pcre16_callout_block *);
+PCRE_EXP_DECL int   pcre16_stack_guard(void);
+
+PCRE_EXP_DECL void *pcre32_malloc(size_t);
+PCRE_EXP_DECL void  pcre32_free(void *);
+PCRE_EXP_DECL void *pcre32_stack_malloc(size_t);
+PCRE_EXP_DECL void  pcre32_stack_free(void *);
+PCRE_EXP_DECL int   pcre32_callout(pcre32_callout_block *);
+PCRE_EXP_DECL int   pcre32_stack_guard(void);
+#endif  /* VPCOMPAT */
+
+/* User defined callback which provides a stack just before the match starts. */
+
+typedef pcre_jit_stack *(*pcre_jit_callback)(void *);
+typedef pcre16_jit_stack *(*pcre16_jit_callback)(void *);
+typedef pcre32_jit_stack *(*pcre32_jit_callback)(void *);
+
+/* Exported PCRE functions */
+
+PCRE_EXP_DECL pcre *pcre_compile(const char *, int, const char **, int *,
+                  const unsigned char *);
+PCRE_EXP_DECL pcre16 *pcre16_compile(PCRE_SPTR16, int, const char **, int *,
+                  const unsigned char *);
+PCRE_EXP_DECL pcre32 *pcre32_compile(PCRE_SPTR32, int, const char **, int *,
+                  const unsigned char *);
+PCRE_EXP_DECL pcre *pcre_compile2(const char *, int, int *, const char **,
+                  int *, const unsigned char *);
+PCRE_EXP_DECL pcre16 *pcre16_compile2(PCRE_SPTR16, int, int *, const char **,
+                  int *, const unsigned char *);
+PCRE_EXP_DECL pcre32 *pcre32_compile2(PCRE_SPTR32, int, int *, const char **,
+                  int *, const unsigned char *);
+PCRE_EXP_DECL int  pcre_config(int, void *);
+PCRE_EXP_DECL int  pcre16_config(int, void *);
+PCRE_EXP_DECL int  pcre32_config(int, void *);
+PCRE_EXP_DECL int  pcre_copy_named_substring(const pcre *, const char *,
+                  int *, int, const char *, char *, int);
+PCRE_EXP_DECL int  pcre16_copy_named_substring(const pcre16 *, PCRE_SPTR16,
+                  int *, int, PCRE_SPTR16, PCRE_UCHAR16 *, int);
+PCRE_EXP_DECL int  pcre32_copy_named_substring(const pcre32 *, PCRE_SPTR32,
+                  int *, int, PCRE_SPTR32, PCRE_UCHAR32 *, int);
+PCRE_EXP_DECL int  pcre_copy_substring(const char *, int *, int, int,
+                  char *, int);
+PCRE_EXP_DECL int  pcre16_copy_substring(PCRE_SPTR16, int *, int, int,
+                  PCRE_UCHAR16 *, int);
+PCRE_EXP_DECL int  pcre32_copy_substring(PCRE_SPTR32, int *, int, int,
+                  PCRE_UCHAR32 *, int);
+PCRE_EXP_DECL int  pcre_dfa_exec(const pcre *, const pcre_extra *,
+                  const char *, int, int, int, int *, int , int *, int);
+PCRE_EXP_DECL int  pcre16_dfa_exec(const pcre16 *, const pcre16_extra *,
+                  PCRE_SPTR16, int, int, int, int *, int , int *, int);
+PCRE_EXP_DECL int  pcre32_dfa_exec(const pcre32 *, const pcre32_extra *,
+                  PCRE_SPTR32, int, int, int, int *, int , int *, int);
+PCRE_EXP_DECL int  pcre_exec(const pcre *, const pcre_extra *, PCRE_SPTR,
+                   int, int, int, int *, int);
+PCRE_EXP_DECL int  pcre16_exec(const pcre16 *, const pcre16_extra *,
+                   PCRE_SPTR16, int, int, int, int *, int);
+PCRE_EXP_DECL int  pcre32_exec(const pcre32 *, const pcre32_extra *,
+                   PCRE_SPTR32, int, int, int, int *, int);
+PCRE_EXP_DECL int  pcre_jit_exec(const pcre *, const pcre_extra *,
+                   PCRE_SPTR, int, int, int, int *, int,
+                   pcre_jit_stack *);
+PCRE_EXP_DECL int  pcre16_jit_exec(const pcre16 *, const pcre16_extra *,
+                   PCRE_SPTR16, int, int, int, int *, int,
+                   pcre16_jit_stack *);
+PCRE_EXP_DECL int  pcre32_jit_exec(const pcre32 *, const pcre32_extra *,
+                   PCRE_SPTR32, int, int, int, int *, int,
+                   pcre32_jit_stack *);
+PCRE_EXP_DECL void pcre_free_substring(const char *);
+PCRE_EXP_DECL void pcre16_free_substring(PCRE_SPTR16);
+PCRE_EXP_DECL void pcre32_free_substring(PCRE_SPTR32);
+PCRE_EXP_DECL void pcre_free_substring_list(const char **);
+PCRE_EXP_DECL void pcre16_free_substring_list(PCRE_SPTR16 *);
+PCRE_EXP_DECL void pcre32_free_substring_list(PCRE_SPTR32 *);
+PCRE_EXP_DECL int  pcre_fullinfo(const pcre *, const pcre_extra *, int,
+                  void *);
+PCRE_EXP_DECL int  pcre16_fullinfo(const pcre16 *, const pcre16_extra *, int,
+                  void *);
+PCRE_EXP_DECL int  pcre32_fullinfo(const pcre32 *, const pcre32_extra *, int,
+                  void *);
+PCRE_EXP_DECL int  pcre_get_named_substring(const pcre *, const char *,
+                  int *, int, const char *, const char **);
+PCRE_EXP_DECL int  pcre16_get_named_substring(const pcre16 *, PCRE_SPTR16,
+                  int *, int, PCRE_SPTR16, PCRE_SPTR16 *);
+PCRE_EXP_DECL int  pcre32_get_named_substring(const pcre32 *, PCRE_SPTR32,
+                  int *, int, PCRE_SPTR32, PCRE_SPTR32 *);
+PCRE_EXP_DECL int  pcre_get_stringnumber(const pcre *, const char *);
+PCRE_EXP_DECL int  pcre16_get_stringnumber(const pcre16 *, PCRE_SPTR16);
+PCRE_EXP_DECL int  pcre32_get_stringnumber(const pcre32 *, PCRE_SPTR32);
+PCRE_EXP_DECL int  pcre_get_stringtable_entries(const pcre *, const char *,
+                  char **, char **);
+PCRE_EXP_DECL int  pcre16_get_stringtable_entries(const pcre16 *, PCRE_SPTR16,
+                  PCRE_UCHAR16 **, PCRE_UCHAR16 **);
+PCRE_EXP_DECL int  pcre32_get_stringtable_entries(const pcre32 *, PCRE_SPTR32,
+                  PCRE_UCHAR32 **, PCRE_UCHAR32 **);
+PCRE_EXP_DECL int  pcre_get_substring(const char *, int *, int, int,
+                  const char **);
+PCRE_EXP_DECL int  pcre16_get_substring(PCRE_SPTR16, int *, int, int,
+                  PCRE_SPTR16 *);
+PCRE_EXP_DECL int  pcre32_get_substring(PCRE_SPTR32, int *, int, int,
+                  PCRE_SPTR32 *);
+PCRE_EXP_DECL int  pcre_get_substring_list(const char *, int *, int,
+                  const char ***);
+PCRE_EXP_DECL int  pcre16_get_substring_list(PCRE_SPTR16, int *, int,
+                  PCRE_SPTR16 **);
+PCRE_EXP_DECL int  pcre32_get_substring_list(PCRE_SPTR32, int *, int,
+                  PCRE_SPTR32 **);
+PCRE_EXP_DECL const unsigned char *pcre_maketables(void);
+PCRE_EXP_DECL const unsigned char *pcre16_maketables(void);
+PCRE_EXP_DECL const unsigned char *pcre32_maketables(void);
+PCRE_EXP_DECL int  pcre_refcount(pcre *, int);
+PCRE_EXP_DECL int  pcre16_refcount(pcre16 *, int);
+PCRE_EXP_DECL int  pcre32_refcount(pcre32 *, int);
+PCRE_EXP_DECL pcre_extra *pcre_study(const pcre *, int, const char **);
+PCRE_EXP_DECL pcre16_extra *pcre16_study(const pcre16 *, int, const char **);
+PCRE_EXP_DECL pcre32_extra *pcre32_study(const pcre32 *, int, const char **);
+PCRE_EXP_DECL void pcre_free_study(pcre_extra *);
+PCRE_EXP_DECL void pcre16_free_study(pcre16_extra *);
+PCRE_EXP_DECL void pcre32_free_study(pcre32_extra *);
+PCRE_EXP_DECL const char *pcre_version(void);
+PCRE_EXP_DECL const char *pcre16_version(void);
+PCRE_EXP_DECL const char *pcre32_version(void);
+
+/* Utility functions for byte order swaps. */
+PCRE_EXP_DECL int  pcre_pattern_to_host_byte_order(pcre *, pcre_extra *,
+                  const unsigned char *);
+PCRE_EXP_DECL int  pcre16_pattern_to_host_byte_order(pcre16 *, pcre16_extra *,
+                  const unsigned char *);
+PCRE_EXP_DECL int  pcre32_pattern_to_host_byte_order(pcre32 *, pcre32_extra *,
+                  const unsigned char *);
+PCRE_EXP_DECL int  pcre16_utf16_to_host_byte_order(PCRE_UCHAR16 *,
+                  PCRE_SPTR16, int, int *, int);
+PCRE_EXP_DECL int  pcre32_utf32_to_host_byte_order(PCRE_UCHAR32 *,
+                  PCRE_SPTR32, int, int *, int);
+
+/* JIT compiler related functions. */
+
+PCRE_EXP_DECL pcre_jit_stack *pcre_jit_stack_alloc(int, int);
+PCRE_EXP_DECL pcre16_jit_stack *pcre16_jit_stack_alloc(int, int);
+PCRE_EXP_DECL pcre32_jit_stack *pcre32_jit_stack_alloc(int, int);
+PCRE_EXP_DECL void pcre_jit_stack_free(pcre_jit_stack *);
+PCRE_EXP_DECL void pcre16_jit_stack_free(pcre16_jit_stack *);
+PCRE_EXP_DECL void pcre32_jit_stack_free(pcre32_jit_stack *);
+PCRE_EXP_DECL void pcre_assign_jit_stack(pcre_extra *,
+                  pcre_jit_callback, void *);
+PCRE_EXP_DECL void pcre16_assign_jit_stack(pcre16_extra *,
+                  pcre16_jit_callback, void *);
+PCRE_EXP_DECL void pcre32_assign_jit_stack(pcre32_extra *,
+                  pcre32_jit_callback, void *);
+PCRE_EXP_DECL void pcre_jit_free_unused_memory(void);
+PCRE_EXP_DECL void pcre16_jit_free_unused_memory(void);
+PCRE_EXP_DECL void pcre32_jit_free_unused_memory(void);
+
+#ifdef __cplusplus
+}  /* extern "C" */
+#endif
+
+#endif /* End of pcre.h */
diff --git a/client/3rd/ShadowSocks/ShadowSocks/pcre/armv7/include/pcre_scanner.h b/client/3rd/ShadowSocks/ShadowSocks/pcre/armv7/include/pcre_scanner.h
new file mode 100644
index 00000000..5617e451
--- /dev/null
+++ b/client/3rd/ShadowSocks/ShadowSocks/pcre/armv7/include/pcre_scanner.h
@@ -0,0 +1,172 @@
+// Copyright (c) 2005, Google Inc.
+// All rights reserved.
+//
+// Redistribution and use in source and binary forms, with or without
+// modification, are permitted provided that the following conditions are
+// met:
+//
+//     * Redistributions of source code must retain the above copyright
+// notice, this list of conditions and the following disclaimer.
+//     * Redistributions in binary form must reproduce the above
+// copyright notice, this list of conditions and the following disclaimer
+// in the documentation and/or other materials provided with the
+// distribution.
+//     * Neither the name of Google Inc. nor the names of its
+// contributors may be used to endorse or promote products derived from
+// this software without specific prior written permission.
+//
+// THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS
+// "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT
+// LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR
+// A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT
+// OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
+// SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT
+// LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,
+// DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY
+// THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
+// (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE
+// OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
+//
+// Author: Sanjay Ghemawat
+//
+// Regular-expression based scanner for parsing an input stream.
+//
+// Example 1: parse a sequence of "var = number" entries from input:
+//
+//      Scanner scanner(input);
+//      string var;
+//      int number;
+//      scanner.SetSkipExpression("\\s+"); // Skip any white space we encounter
+//      while (scanner.Consume("(\\w+) = (\\d+)", &var, &number)) {
+//        ...;
+//      }
+
+#ifndef _PCRE_SCANNER_H
+#define _PCRE_SCANNER_H
+
+#include <assert.h>
+#include <string>
+#include <vector>
+
+#include <pcrecpp.h>
+#include <pcre_stringpiece.h>
+
+namespace pcrecpp {
+
+class PCRECPP_EXP_DEFN Scanner {
+ public:
+  Scanner();
+  explicit Scanner(const std::string& input);
+  ~Scanner();
+
+  // Return current line number.  The returned line-number is
+  // one-based.  I.e. it returns 1 + the number of consumed newlines.
+  //
+  // Note: this method may be slow.  It may take time proportional to
+  // the size of the input.
+  int LineNumber() const;
+
+  // Return the byte-offset that the scanner is looking in the
+  // input data;
+  int Offset() const;
+
+  // Return true iff the start of the remaining input matches "re"
+  bool LookingAt(const RE& re) const;
+
+  // Return true iff all of the following are true
+  //    a. the start of the remaining input matches "re",
+  //    b. if any arguments are supplied, matched sub-patterns can be
+  //       parsed and stored into the arguments.
+  // If it returns true, it skips over the matched input and any
+  // following input that matches the "skip" regular expression.
+  bool Consume(const RE& re,
+               const Arg& arg0 = RE::no_arg,
+               const Arg& arg1 = RE::no_arg,
+               const Arg& arg2 = RE::no_arg
+               // TODO: Allow more arguments?
+               );
+
+  // Set the "skip" regular expression.  If after consuming some data,
+  // a prefix of the input matches this RE, it is automatically
+  // skipped.  For example, a programming language scanner would use
+  // a skip RE that matches white space and comments.
+  //
+  //    scanner.SetSkipExpression("\\s+|//.*|/[*](.|\n)*?[*]/");
+  //
+  // Skipping repeats as long as it succeeds.  We used to let people do
+  // this by writing "(...)*" in the regular expression, but that added
+  // up to lots of recursive calls within the pcre library, so now we
+  // control repetition explicitly via the function call API.
+  //
+  // You can pass NULL for "re" if you do not want any data to be skipped.
+  void Skip(const char* re);   // DEPRECATED; does *not* repeat
+  void SetSkipExpression(const char* re);
+
+  // Temporarily pause "skip"ing. This
+  //   Skip("Foo"); code ; DisableSkip(); code; EnableSkip()
+  // is similar to
+  //   Skip("Foo"); code ; Skip(NULL); code ; Skip("Foo");
+  // but avoids creating/deleting new RE objects.
+  void DisableSkip();
+
+  // Reenable previously paused skipping.  Any prefix of the input
+  // that matches the skip pattern is immediately dropped.
+  void EnableSkip();
+
+  /***** Special wrappers around SetSkip() for some common idioms *****/
+
+  // Arranges to skip whitespace, C comments, C++ comments.
+  // The overall RE is a disjunction of the following REs:
+  //    \\s                     whitespace
+  //    //.*\n                  C++ comment
+  //    /[*](.|\n)*?[*]/        C comment (x*? means minimal repetitions of x)
+  // We get repetition via the semantics of SetSkipExpression, not by using *
+  void SkipCXXComments() {
+    SetSkipExpression("\\s|//.*\n|/[*](?:\n|.)*?[*]/");
+  }
+
+  void set_save_comments(bool comments) {
+    save_comments_ = comments;
+  }
+
+  bool save_comments() {
+    return save_comments_;
+  }
+
+  // Append to vector ranges the comments found in the
+  // byte range [start,end] (inclusive) of the input data.
+  // Only comments that were extracted entirely within that
+  // range are returned: no range splitting of atomically-extracted
+  // comments is performed.
+  void GetComments(int start, int end, std::vector<StringPiece> *ranges);
+
+  // Append to vector ranges the comments added
+  // since the last time this was called. This
+  // functionality is provided for efficiency when
+  // interleaving scanning with parsing.
+  void GetNextComments(std::vector<StringPiece> *ranges);
+
+ private:
+  std::string   data_;          // All the input data
+  StringPiece   input_;         // Unprocessed input
+  RE*           skip_;          // If non-NULL, RE for skipping input
+  bool          should_skip_;   // If true, use skip_
+  bool          skip_repeat_;   // If true, repeat skip_ as long as it works
+  bool          save_comments_; // If true, aggregate the skip expression
+
+  // the skipped comments
+  // TODO: later consider requiring that the StringPieces be added
+  // in order by their start position
+  std::vector<StringPiece> *comments_;
+
+  // the offset into comments_ that has been returned by GetNextComments
+  int           comments_offset_;
+
+  // helper function to consume *skip_ and honour
+  // save_comments_
+  void ConsumeSkip();
+};
+
+}   // namespace pcrecpp
+
+#endif /* _PCRE_SCANNER_H */
diff --git a/client/3rd/ShadowSocks/ShadowSocks/pcre/armv7/include/pcre_stringpiece.h b/client/3rd/ShadowSocks/ShadowSocks/pcre/armv7/include/pcre_stringpiece.h
new file mode 100644
index 00000000..cb94f52a
--- /dev/null
+++ b/client/3rd/ShadowSocks/ShadowSocks/pcre/armv7/include/pcre_stringpiece.h
@@ -0,0 +1,180 @@
+// Copyright (c) 2005, Google Inc.
+// All rights reserved.
+//
+// Redistribution and use in source and binary forms, with or without
+// modification, are permitted provided that the following conditions are
+// met:
+//
+//     * Redistributions of source code must retain the above copyright
+// notice, this list of conditions and the following disclaimer.
+//     * Redistributions in binary form must reproduce the above
+// copyright notice, this list of conditions and the following disclaimer
+// in the documentation and/or other materials provided with the
+// distribution.
+//     * Neither the name of Google Inc. nor the names of its
+// contributors may be used to endorse or promote products derived from
+// this software without specific prior written permission.
+//
+// THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS
+// "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT
+// LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR
+// A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT
+// OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
+// SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT
+// LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,
+// DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY
+// THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
+// (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE
+// OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
+//
+// Author: Sanjay Ghemawat
+//
+// A string like object that points into another piece of memory.
+// Useful for providing an interface that allows clients to easily
+// pass in either a "const char*" or a "string".
+//
+// Arghh!  I wish C++ literals were automatically of type "string".
+
+#ifndef _PCRE_STRINGPIECE_H
+#define _PCRE_STRINGPIECE_H
+
+#include <cstring>
+#include <string>
+#include <iosfwd>    // for ostream forward-declaration
+
+#if 0
+#define HAVE_TYPE_TRAITS
+#include <type_traits.h>
+#elif 0
+#define HAVE_TYPE_TRAITS
+#include <bits/type_traits.h>
+#endif
+
+#include <pcre.h>
+
+namespace pcrecpp {
+
+using std::memcmp;
+using std::strlen;
+using std::string;
+
+class PCRECPP_EXP_DEFN StringPiece {
+ private:
+  const char*   ptr_;
+  int           length_;
+
+ public:
+  // We provide non-explicit singleton constructors so users can pass
+  // in a "const char*" or a "string" wherever a "StringPiece" is
+  // expected.
+  StringPiece()
+    : ptr_(NULL), length_(0) { }
+  StringPiece(const char* str)
+    : ptr_(str), length_(static_cast<int>(strlen(ptr_))) { }
+  StringPiece(const unsigned char* str)
+    : ptr_(reinterpret_cast<const char*>(str)),
+      length_(static_cast<int>(strlen(ptr_))) { }
+  StringPiece(const string& str)
+    : ptr_(str.data()), length_(static_cast<int>(str.size())) { }
+  StringPiece(const char* offset, int len)
+    : ptr_(offset), length_(len) { }
+
+  // data() may return a pointer to a buffer with embedded NULs, and the
+  // returned buffer may or may not be null terminated.  Therefore it is
+  // typically a mistake to pass data() to a routine that expects a NUL
+  // terminated string.  Use "as_string().c_str()" if you really need to do
+  // this.  Or better yet, change your routine so it does not rely on NUL
+  // termination.
+  const char* data() const { return ptr_; }
+  int size() const { return length_; }
+  bool empty() const { return length_ == 0; }
+
+  void clear() { ptr_ = NULL; length_ = 0; }
+  void set(const char* buffer, int len) { ptr_ = buffer; length_ = len; }
+  void set(const char* str) {
+    ptr_ = str;
+    length_ = static_cast<int>(strlen(str));
+  }
+  void set(const void* buffer, int len) {
+    ptr_ = reinterpret_cast<const char*>(buffer);
+    length_ = len;
+  }
+
+  char operator[](int i) const { return ptr_[i]; }
+
+  void remove_prefix(int n) {
+    ptr_ += n;
+    length_ -= n;
+  }
+
+  void remove_suffix(int n) {
+    length_ -= n;
+  }
+
+  bool operator==(const StringPiece& x) const {
+    return ((length_ == x.length_) &&
+            (memcmp(ptr_, x.ptr_, length_) == 0));
+  }
+  bool operator!=(const StringPiece& x) const {
+    return !(*this == x);
+  }
+
+#define STRINGPIECE_BINARY_PREDICATE(cmp,auxcmp)                             \
+  bool operator cmp (const StringPiece& x) const {                           \
+    int r = memcmp(ptr_, x.ptr_, length_ < x.length_ ? length_ : x.length_); \
+    return ((r auxcmp 0) || ((r == 0) && (length_ cmp x.length_)));          \
+  }
+  STRINGPIECE_BINARY_PREDICATE(<,  <);
+  STRINGPIECE_BINARY_PREDICATE(<=, <);
+  STRINGPIECE_BINARY_PREDICATE(>=, >);
+  STRINGPIECE_BINARY_PREDICATE(>,  >);
+#undef STRINGPIECE_BINARY_PREDICATE
+
+  int compare(const StringPiece& x) const {
+    int r = memcmp(ptr_, x.ptr_, length_ < x.length_ ? length_ : x.length_);
+    if (r == 0) {
+      if (length_ < x.length_) r = -1;
+      else if (length_ > x.length_) r = +1;
+    }
+    return r;
+  }
+
+  string as_string() const {
+    return string(data(), size());
+  }
+
+  void CopyToString(string* target) const {
+    target->assign(ptr_, length_);
+  }
+
+  // Does "this" start with "x"
+  bool starts_with(const StringPiece& x) const {
+    return ((length_ >= x.length_) && (memcmp(ptr_, x.ptr_, x.length_) == 0));
+  }
+};
+
+}   // namespace pcrecpp
+
+// ------------------------------------------------------------------
+// Functions used to create STL containers that use StringPiece
+//  Remember that a StringPiece's lifetime had better be less than
+//  that of the underlying string or char*.  If it is not, then you
+//  cannot safely store a StringPiece into an STL container
+// ------------------------------------------------------------------
+
+#ifdef HAVE_TYPE_TRAITS
+// This makes vector<StringPiece> really fast for some STL implementations
+template<> struct __type_traits<pcrecpp::StringPiece> {
+  typedef __true_type    has_trivial_default_constructor;
+  typedef __true_type    has_trivial_copy_constructor;
+  typedef __true_type    has_trivial_assignment_operator;
+  typedef __true_type    has_trivial_destructor;
+  typedef __true_type    is_POD_type;
+};
+#endif
+
+// allow StringPiece to be logged
+PCRECPP_EXP_DECL std::ostream& operator<<(std::ostream& o,
+                                          const pcrecpp::StringPiece& piece);
+
+#endif /* _PCRE_STRINGPIECE_H */
diff --git a/client/3rd/ShadowSocks/ShadowSocks/pcre/armv7/include/pcrecpp.h b/client/3rd/ShadowSocks/ShadowSocks/pcre/armv7/include/pcrecpp.h
new file mode 100644
index 00000000..3e594b0d
--- /dev/null
+++ b/client/3rd/ShadowSocks/ShadowSocks/pcre/armv7/include/pcrecpp.h
@@ -0,0 +1,710 @@
+// Copyright (c) 2005, Google Inc.
+// All rights reserved.
+//
+// Redistribution and use in source and binary forms, with or without
+// modification, are permitted provided that the following conditions are
+// met:
+//
+//     * Redistributions of source code must retain the above copyright
+// notice, this list of conditions and the following disclaimer.
+//     * Redistributions in binary form must reproduce the above
+// copyright notice, this list of conditions and the following disclaimer
+// in the documentation and/or other materials provided with the
+// distribution.
+//     * Neither the name of Google Inc. nor the names of its
+// contributors may be used to endorse or promote products derived from
+// this software without specific prior written permission.
+//
+// THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS
+// "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT
+// LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR
+// A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT
+// OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
+// SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT
+// LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,
+// DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY
+// THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
+// (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE
+// OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
+//
+// Author: Sanjay Ghemawat
+// Support for PCRE_XXX modifiers added by Giuseppe Maxia, July 2005
+
+#ifndef _PCRECPP_H
+#define _PCRECPP_H
+
+// C++ interface to the pcre regular-expression library.  RE supports
+// Perl-style regular expressions (with extensions like \d, \w, \s,
+// ...).
+//
+// -----------------------------------------------------------------------
+// REGEXP SYNTAX:
+//
+// This module is part of the pcre library and hence supports its syntax
+// for regular expressions.
+//
+// The syntax is pretty similar to Perl's.  For those not familiar
+// with Perl's regular expressions, here are some examples of the most
+// commonly used extensions:
+//
+//   "hello (\\w+) world"  -- \w matches a "word" character
+//   "version (\\d+)"      -- \d matches a digit
+//   "hello\\s+world"      -- \s matches any whitespace character
+//   "\\b(\\w+)\\b"        -- \b matches empty string at a word boundary
+//   "(?i)hello"           -- (?i) turns on case-insensitive matching
+//   "/\\*(.*?)\\*/"       -- .*? matches . minimum no. of times possible
+//
+// -----------------------------------------------------------------------
+// MATCHING INTERFACE:
+//
+// The "FullMatch" operation checks that supplied text matches a
+// supplied pattern exactly.
+//
+// Example: successful match
+//    pcrecpp::RE re("h.*o");
+//    re.FullMatch("hello");
+//
+// Example: unsuccessful match (requires full match):
+//    pcrecpp::RE re("e");
+//    !re.FullMatch("hello");
+//
+// Example: creating a temporary RE object:
+//    pcrecpp::RE("h.*o").FullMatch("hello");
+//
+// You can pass in a "const char*" or a "string" for "text".  The
+// examples below tend to use a const char*.
+//
+// You can, as in the different examples above, store the RE object
+// explicitly in a variable or use a temporary RE object.  The
+// examples below use one mode or the other arbitrarily.  Either
+// could correctly be used for any of these examples.
+//
+// -----------------------------------------------------------------------
+// MATCHING WITH SUB-STRING EXTRACTION:
+//
+// You can supply extra pointer arguments to extract matched subpieces.
+//
+// Example: extracts "ruby" into "s" and 1234 into "i"
+//    int i;
+//    string s;
+//    pcrecpp::RE re("(\\w+):(\\d+)");
+//    re.FullMatch("ruby:1234", &s, &i);
+//
+// Example: does not try to extract any extra sub-patterns
+//    re.FullMatch("ruby:1234", &s);
+//
+// Example: does not try to extract into NULL
+//    re.FullMatch("ruby:1234", NULL, &i);
+//
+// Example: integer overflow causes failure
+//    !re.FullMatch("ruby:1234567891234", NULL, &i);
+//
+// Example: fails because there aren't enough sub-patterns:
+//    !pcrecpp::RE("\\w+:\\d+").FullMatch("ruby:1234", &s);
+//
+// Example: fails because string cannot be stored in integer
+//    !pcrecpp::RE("(.*)").FullMatch("ruby", &i);
+//
+// The provided pointer arguments can be pointers to any scalar numeric
+// type, or one of
+//    string        (matched piece is copied to string)
+//    StringPiece   (StringPiece is mutated to point to matched piece)
+//    T             (where "bool T::ParseFrom(const char*, int)" exists)
+//    NULL          (the corresponding matched sub-pattern is not copied)
+//
+// CAVEAT: An optional sub-pattern that does not exist in the matched
+// string is assigned the empty string.  Therefore, the following will
+// return false (because the empty string is not a valid number):
+//    int number;
+//    pcrecpp::RE::FullMatch("abc", "[a-z]+(\\d+)?", &number);
+//
+// -----------------------------------------------------------------------
+// DO_MATCH
+//
+// The matching interface supports at most 16 arguments per call.
+// If you need more, consider using the more general interface
+// pcrecpp::RE::DoMatch().  See pcrecpp.h for the signature for DoMatch.
+//
+// -----------------------------------------------------------------------
+// PARTIAL MATCHES
+//
+// You can use the "PartialMatch" operation when you want the pattern
+// to match any substring of the text.
+//
+// Example: simple search for a string:
+//    pcrecpp::RE("ell").PartialMatch("hello");
+//
+// Example: find first number in a string:
+//    int number;
+//    pcrecpp::RE re("(\\d+)");
+//    re.PartialMatch("x*100 + 20", &number);
+//    assert(number == 100);
+//
+// -----------------------------------------------------------------------
+// UTF-8 AND THE MATCHING INTERFACE:
+//
+// By default, pattern and text are plain text, one byte per character.
+// The UTF8 flag, passed to the constructor, causes both pattern
+// and string to be treated as UTF-8 text, still a byte stream but
+// potentially multiple bytes per character. In practice, the text
+// is likelier to be UTF-8 than the pattern, but the match returned
+// may depend on the UTF8 flag, so always use it when matching
+// UTF8 text.  E.g., "." will match one byte normally but with UTF8
+// set may match up to three bytes of a multi-byte character.
+//
+// Example:
+//    pcrecpp::RE_Options options;
+//    options.set_utf8();
+//    pcrecpp::RE re(utf8_pattern, options);
+//    re.FullMatch(utf8_string);
+//
+// Example: using the convenience function UTF8():
+//    pcrecpp::RE re(utf8_pattern, pcrecpp::UTF8());
+//    re.FullMatch(utf8_string);
+//
+// NOTE: The UTF8 option is ignored if pcre was not configured with the
+//       --enable-utf8 flag.
+//
+// -----------------------------------------------------------------------
+// PASSING MODIFIERS TO THE REGULAR EXPRESSION ENGINE
+//
+// PCRE defines some modifiers to change the behavior of the regular
+// expression engine.
+// The C++ wrapper defines an auxiliary class, RE_Options, as a vehicle
+// to pass such modifiers to a RE class.
+//
+// Currently, the following modifiers are supported
+//
+//    modifier              description               Perl corresponding
+//
+//    PCRE_CASELESS         case insensitive match    /i
+//    PCRE_MULTILINE        multiple lines match      /m
+//    PCRE_DOTALL           dot matches newlines      /s
+//    PCRE_DOLLAR_ENDONLY   $ matches only at end     N/A
+//    PCRE_EXTRA            strict escape parsing     N/A
+//    PCRE_EXTENDED         ignore whitespaces        /x
+//    PCRE_UTF8             handles UTF8 chars        built-in
+//    PCRE_UNGREEDY         reverses * and *?         N/A
+//    PCRE_NO_AUTO_CAPTURE  disables matching parens  N/A (*)
+//
+// (For a full account on how each modifier works, please check the
+// PCRE API reference manual).
+//
+// (*) Both Perl and PCRE allow non matching parentheses by means of the
+// "?:" modifier within the pattern itself. e.g. (?:ab|cd) does not
+// capture, while (ab|cd) does.
+//
+// For each modifier, there are two member functions whose name is made
+// out of the modifier in lowercase, without the "PCRE_" prefix. For
+// instance, PCRE_CASELESS is handled by
+//    bool caseless(),
+// which returns true if the modifier is set, and
+//    RE_Options & set_caseless(bool),
+// which sets or unsets the modifier.
+//
+// Moreover, PCRE_EXTRA_MATCH_LIMIT can be accessed through the
+// set_match_limit() and match_limit() member functions.
+// Setting match_limit to a non-zero value will limit the executation of
+// pcre to keep it from doing bad things like blowing the stack or taking
+// an eternity to return a result.  A value of 5000 is good enough to stop
+// stack blowup in a 2MB thread stack.  Setting match_limit to zero will
+// disable match limiting.  Alternately, you can set match_limit_recursion()
+// which uses PCRE_EXTRA_MATCH_LIMIT_RECURSION to limit how much pcre
+// recurses.  match_limit() caps the number of matches pcre does;
+// match_limit_recrusion() caps the depth of recursion.
+//
+// Normally, to pass one or more modifiers to a RE class, you declare
+// a RE_Options object, set the appropriate options, and pass this
+// object to a RE constructor. Example:
+//
+//    RE_options opt;
+//    opt.set_caseless(true);
+//
+//    if (RE("HELLO", opt).PartialMatch("hello world")) ...
+//
+// RE_options has two constructors. The default constructor takes no
+// arguments and creates a set of flags that are off by default.
+//
+// The optional parameter 'option_flags' is to facilitate transfer
+// of legacy code from C programs.  This lets you do
+//    RE(pattern, RE_Options(PCRE_CASELESS|PCRE_MULTILINE)).PartialMatch(str);
+//
+// But new code is better off doing
+//    RE(pattern,
+//      RE_Options().set_caseless(true).set_multiline(true)).PartialMatch(str);
+// (See below)
+//
+// If you are going to pass one of the most used modifiers, there are some
+// convenience functions that return a RE_Options class with the
+// appropriate modifier already set:
+// CASELESS(), UTF8(), MULTILINE(), DOTALL(), EXTENDED()
+//
+// If you need to set several options at once, and you don't want to go
+// through the pains of declaring a RE_Options object and setting several
+// options, there is a parallel method that give you such ability on the
+// fly. You can concatenate several set_xxxxx member functions, since each
+// of them returns a reference to its class object.  e.g.: to pass
+// PCRE_CASELESS, PCRE_EXTENDED, and PCRE_MULTILINE to a RE with one
+// statement, you may write
+//
+//    RE(" ^ xyz \\s+ .* blah$", RE_Options()
+//                            .set_caseless(true)
+//                            .set_extended(true)
+//                            .set_multiline(true)).PartialMatch(sometext);
+//
+// -----------------------------------------------------------------------
+// SCANNING TEXT INCREMENTALLY
+//
+// The "Consume" operation may be useful if you want to repeatedly
+// match regular expressions at the front of a string and skip over
+// them as they match.  This requires use of the "StringPiece" type,
+// which represents a sub-range of a real string.  Like RE, StringPiece
+// is defined in the pcrecpp namespace.
+//
+// Example: read lines of the form "var = value" from a string.
+//    string contents = ...;                 // Fill string somehow
+//    pcrecpp::StringPiece input(contents);  // Wrap in a StringPiece
+//
+//    string var;
+//    int value;
+//    pcrecpp::RE re("(\\w+) = (\\d+)\n");
+//    while (re.Consume(&input, &var, &value)) {
+//      ...;
+//    }
+//
+// Each successful call to "Consume" will set "var/value", and also
+// advance "input" so it points past the matched text.
+//
+// The "FindAndConsume" operation is similar to "Consume" but does not
+// anchor your match at the beginning of the string.  For example, you
+// could extract all words from a string by repeatedly calling
+//     pcrecpp::RE("(\\w+)").FindAndConsume(&input, &word)
+//
+// -----------------------------------------------------------------------
+// PARSING HEX/OCTAL/C-RADIX NUMBERS
+//
+// By default, if you pass a pointer to a numeric value, the
+// corresponding text is interpreted as a base-10 number.  You can
+// instead wrap the pointer with a call to one of the operators Hex(),
+// Octal(), or CRadix() to interpret the text in another base.  The
+// CRadix operator interprets C-style "0" (base-8) and "0x" (base-16)
+// prefixes, but defaults to base-10.
+//
+// Example:
+//   int a, b, c, d;
+//   pcrecpp::RE re("(.*) (.*) (.*) (.*)");
+//   re.FullMatch("100 40 0100 0x40",
+//                pcrecpp::Octal(&a), pcrecpp::Hex(&b),
+//                pcrecpp::CRadix(&c), pcrecpp::CRadix(&d));
+// will leave 64 in a, b, c, and d.
+//
+// -----------------------------------------------------------------------
+// REPLACING PARTS OF STRINGS
+//
+// You can replace the first match of "pattern" in "str" with
+// "rewrite".  Within "rewrite", backslash-escaped digits (\1 to \9)
+// can be used to insert text matching corresponding parenthesized
+// group from the pattern.  \0 in "rewrite" refers to the entire
+// matching text.  E.g.,
+//
+//   string s = "yabba dabba doo";
+//   pcrecpp::RE("b+").Replace("d", &s);
+//
+// will leave "s" containing "yada dabba doo".  The result is true if
+// the pattern matches and a replacement occurs, or false otherwise.
+//
+// GlobalReplace() is like Replace(), except that it replaces all
+// occurrences of the pattern in the string with the rewrite.
+// Replacements are not subject to re-matching.  E.g.,
+//
+//   string s = "yabba dabba doo";
+//   pcrecpp::RE("b+").GlobalReplace("d", &s);
+//
+// will leave "s" containing "yada dada doo".  It returns the number
+// of replacements made.
+//
+// Extract() is like Replace(), except that if the pattern matches,
+// "rewrite" is copied into "out" (an additional argument) with
+// substitutions.  The non-matching portions of "text" are ignored.
+// Returns true iff a match occurred and the extraction happened
+// successfully.  If no match occurs, the string is left unaffected.
+
+
+#include <string>
+#include <pcre.h>
+#include <pcrecpparg.h>   // defines the Arg class
+// This isn't technically needed here, but we include it
+// anyway so folks who include pcrecpp.h don't have to.
+#include <pcre_stringpiece.h>
+
+namespace pcrecpp {
+
+#define PCRE_SET_OR_CLEAR(b, o) \
+    if (b) all_options_ |= (o); else all_options_ &= ~(o); \
+    return *this
+
+#define PCRE_IS_SET(o)  \
+        (all_options_ & o) == o
+
+/***** Compiling regular expressions: the RE class *****/
+
+// RE_Options allow you to set options to be passed along to pcre,
+// along with other options we put on top of pcre.
+// Only 9 modifiers, plus match_limit and match_limit_recursion,
+// are supported now.
+class PCRECPP_EXP_DEFN RE_Options {
+ public:
+  // constructor
+  RE_Options() : match_limit_(0), match_limit_recursion_(0), all_options_(0) {}
+
+  // alternative constructor.
+  // To facilitate transfer of legacy code from C programs
+  //
+  // This lets you do
+  //    RE(pattern, RE_Options(PCRE_CASELESS|PCRE_MULTILINE)).PartialMatch(str);
+  // But new code is better off doing
+  //    RE(pattern,
+  //      RE_Options().set_caseless(true).set_multiline(true)).PartialMatch(str);
+  RE_Options(int option_flags) : match_limit_(0), match_limit_recursion_(0),
+                                 all_options_(option_flags) {}
+  // we're fine with the default destructor, copy constructor, etc.
+
+  // accessors and mutators
+  int match_limit() const { return match_limit_; };
+  RE_Options &set_match_limit(int limit) {
+    match_limit_ = limit;
+    return *this;
+  }
+
+  int match_limit_recursion() const { return match_limit_recursion_; };
+  RE_Options &set_match_limit_recursion(int limit) {
+    match_limit_recursion_ = limit;
+    return *this;
+  }
+
+  bool caseless() const {
+    return PCRE_IS_SET(PCRE_CASELESS);
+  }
+  RE_Options &set_caseless(bool x) {
+    PCRE_SET_OR_CLEAR(x, PCRE_CASELESS);
+  }
+
+  bool multiline() const {
+    return PCRE_IS_SET(PCRE_MULTILINE);
+  }
+  RE_Options &set_multiline(bool x) {
+    PCRE_SET_OR_CLEAR(x, PCRE_MULTILINE);
+  }
+
+  bool dotall() const {
+    return PCRE_IS_SET(PCRE_DOTALL);
+  }
+  RE_Options &set_dotall(bool x) {
+    PCRE_SET_OR_CLEAR(x, PCRE_DOTALL);
+  }
+
+  bool extended() const {
+    return PCRE_IS_SET(PCRE_EXTENDED);
+  }
+  RE_Options &set_extended(bool x) {
+    PCRE_SET_OR_CLEAR(x, PCRE_EXTENDED);
+  }
+
+  bool dollar_endonly() const {
+    return PCRE_IS_SET(PCRE_DOLLAR_ENDONLY);
+  }
+  RE_Options &set_dollar_endonly(bool x) {
+    PCRE_SET_OR_CLEAR(x, PCRE_DOLLAR_ENDONLY);
+  }
+
+  bool extra() const {
+    return PCRE_IS_SET(PCRE_EXTRA);
+  }
+  RE_Options &set_extra(bool x) {
+    PCRE_SET_OR_CLEAR(x, PCRE_EXTRA);
+  }
+
+  bool ungreedy() const {
+    return PCRE_IS_SET(PCRE_UNGREEDY);
+  }
+  RE_Options &set_ungreedy(bool x) {
+    PCRE_SET_OR_CLEAR(x, PCRE_UNGREEDY);
+  }
+
+  bool utf8() const {
+    return PCRE_IS_SET(PCRE_UTF8);
+  }
+  RE_Options &set_utf8(bool x) {
+    PCRE_SET_OR_CLEAR(x, PCRE_UTF8);
+  }
+
+  bool no_auto_capture() const {
+    return PCRE_IS_SET(PCRE_NO_AUTO_CAPTURE);
+  }
+  RE_Options &set_no_auto_capture(bool x) {
+    PCRE_SET_OR_CLEAR(x, PCRE_NO_AUTO_CAPTURE);
+  }
+
+  RE_Options &set_all_options(int opt) {
+    all_options_ = opt;
+    return *this;
+  }
+  int all_options() const {
+    return all_options_ ;
+  }
+
+  // TODO: add other pcre flags
+
+ private:
+  int match_limit_;
+  int match_limit_recursion_;
+  int all_options_;
+};
+
+// These functions return some common RE_Options
+static inline RE_Options UTF8() {
+  return RE_Options().set_utf8(true);
+}
+
+static inline RE_Options CASELESS() {
+  return RE_Options().set_caseless(true);
+}
+static inline RE_Options MULTILINE() {
+  return RE_Options().set_multiline(true);
+}
+
+static inline RE_Options DOTALL() {
+  return RE_Options().set_dotall(true);
+}
+
+static inline RE_Options EXTENDED() {
+  return RE_Options().set_extended(true);
+}
+
+// Interface for regular expression matching.  Also corresponds to a
+// pre-compiled regular expression.  An "RE" object is safe for
+// concurrent use by multiple threads.
+class PCRECPP_EXP_DEFN RE {
+ public:
+  // We provide implicit conversions from strings so that users can
+  // pass in a string or a "const char*" wherever an "RE" is expected.
+  RE(const string& pat) { Init(pat, NULL); }
+  RE(const string& pat, const RE_Options& option) { Init(pat, &option); }
+  RE(const char* pat) { Init(pat, NULL); }
+  RE(const char* pat, const RE_Options& option) { Init(pat, &option); }
+  RE(const unsigned char* pat) {
+    Init(reinterpret_cast<const char*>(pat), NULL);
+  }
+  RE(const unsigned char* pat, const RE_Options& option) {
+    Init(reinterpret_cast<const char*>(pat), &option);
+  }
+
+  // Copy constructor & assignment - note that these are expensive
+  // because they recompile the expression.
+  RE(const RE& re) { Init(re.pattern_, &re.options_); }
+  const RE& operator=(const RE& re) {
+    if (this != &re) {
+      Cleanup();
+
+      // This is the code that originally came from Google
+      // Init(re.pattern_.c_str(), &re.options_);
+
+      // This is the replacement from Ari Pollak
+      Init(re.pattern_, &re.options_);
+    }
+    return *this;
+  }
+
+
+  ~RE();
+
+  // The string specification for this RE.  E.g.
+  //   RE re("ab*c?d+");
+  //   re.pattern();    // "ab*c?d+"
+  const string& pattern() const { return pattern_; }
+
+  // If RE could not be created properly, returns an error string.
+  // Else returns the empty string.
+  const string& error() const { return *error_; }
+
+  /***** The useful part: the matching interface *****/
+
+  // This is provided so one can do pattern.ReplaceAll() just as
+  // easily as ReplaceAll(pattern-text, ....)
+
+  bool FullMatch(const StringPiece& text,
+                 const Arg& ptr1 = no_arg,
+                 const Arg& ptr2 = no_arg,
+                 const Arg& ptr3 = no_arg,
+                 const Arg& ptr4 = no_arg,
+                 const Arg& ptr5 = no_arg,
+                 const Arg& ptr6 = no_arg,
+                 const Arg& ptr7 = no_arg,
+                 const Arg& ptr8 = no_arg,
+                 const Arg& ptr9 = no_arg,
+                 const Arg& ptr10 = no_arg,
+                 const Arg& ptr11 = no_arg,
+                 const Arg& ptr12 = no_arg,
+                 const Arg& ptr13 = no_arg,
+                 const Arg& ptr14 = no_arg,
+                 const Arg& ptr15 = no_arg,
+                 const Arg& ptr16 = no_arg) const;
+
+  bool PartialMatch(const StringPiece& text,
+                    const Arg& ptr1 = no_arg,
+                    const Arg& ptr2 = no_arg,
+                    const Arg& ptr3 = no_arg,
+                    const Arg& ptr4 = no_arg,
+                    const Arg& ptr5 = no_arg,
+                    const Arg& ptr6 = no_arg,
+                    const Arg& ptr7 = no_arg,
+                    const Arg& ptr8 = no_arg,
+                    const Arg& ptr9 = no_arg,
+                    const Arg& ptr10 = no_arg,
+                    const Arg& ptr11 = no_arg,
+                    const Arg& ptr12 = no_arg,
+                    const Arg& ptr13 = no_arg,
+                    const Arg& ptr14 = no_arg,
+                    const Arg& ptr15 = no_arg,
+                    const Arg& ptr16 = no_arg) const;
+
+  bool Consume(StringPiece* input,
+               const Arg& ptr1 = no_arg,
+               const Arg& ptr2 = no_arg,
+               const Arg& ptr3 = no_arg,
+               const Arg& ptr4 = no_arg,
+               const Arg& ptr5 = no_arg,
+               const Arg& ptr6 = no_arg,
+               const Arg& ptr7 = no_arg,
+               const Arg& ptr8 = no_arg,
+               const Arg& ptr9 = no_arg,
+               const Arg& ptr10 = no_arg,
+               const Arg& ptr11 = no_arg,
+               const Arg& ptr12 = no_arg,
+               const Arg& ptr13 = no_arg,
+               const Arg& ptr14 = no_arg,
+               const Arg& ptr15 = no_arg,
+               const Arg& ptr16 = no_arg) const;
+
+  bool FindAndConsume(StringPiece* input,
+                      const Arg& ptr1 = no_arg,
+                      const Arg& ptr2 = no_arg,
+                      const Arg& ptr3 = no_arg,
+                      const Arg& ptr4 = no_arg,
+                      const Arg& ptr5 = no_arg,
+                      const Arg& ptr6 = no_arg,
+                      const Arg& ptr7 = no_arg,
+                      const Arg& ptr8 = no_arg,
+                      const Arg& ptr9 = no_arg,
+                      const Arg& ptr10 = no_arg,
+                      const Arg& ptr11 = no_arg,
+                      const Arg& ptr12 = no_arg,
+                      const Arg& ptr13 = no_arg,
+                      const Arg& ptr14 = no_arg,
+                      const Arg& ptr15 = no_arg,
+                      const Arg& ptr16 = no_arg) const;
+
+  bool Replace(const StringPiece& rewrite,
+               string *str) const;
+
+  int GlobalReplace(const StringPiece& rewrite,
+                    string *str) const;
+
+  bool Extract(const StringPiece &rewrite,
+               const StringPiece &text,
+               string *out) const;
+
+  // Escapes all potentially meaningful regexp characters in
+  // 'unquoted'.  The returned string, used as a regular expression,
+  // will exactly match the original string.  For example,
+  //           1.5-2.0?
+  // may become:
+  //           1\.5\-2\.0\?
+  // Note QuoteMeta behaves the same as perl's QuoteMeta function,
+  // *except* that it escapes the NUL character (\0) as backslash + 0,
+  // rather than backslash + NUL.
+  static string QuoteMeta(const StringPiece& unquoted);
+
+
+  /***** Generic matching interface *****/
+
+  // Type of match (TODO: Should be restructured as part of RE_Options)
+  enum Anchor {
+    UNANCHORED,         // No anchoring
+    ANCHOR_START,       // Anchor at start only
+    ANCHOR_BOTH         // Anchor at start and end
+  };
+
+  // General matching routine.  Stores the length of the match in
+  // "*consumed" if successful.
+  bool DoMatch(const StringPiece& text,
+               Anchor anchor,
+               int* consumed,
+               const Arg* const* args, int n) const;
+
+  // Return the number of capturing subpatterns, or -1 if the
+  // regexp wasn't valid on construction.
+  int NumberOfCapturingGroups() const;
+
+  // The default value for an argument, to indicate the end of the argument
+  // list. This must be used only in optional argument defaults. It should NOT
+  // be passed explicitly. Some people have tried to use it like this:
+  //
+  //   FullMatch(x, y, &z, no_arg, &w);
+  //
+  // This is a mistake, and will not work.
+  static Arg no_arg;
+
+ private:
+
+  void Init(const string& pattern, const RE_Options* options);
+  void Cleanup();
+
+  // Match against "text", filling in "vec" (up to "vecsize" * 2/3) with
+  // pairs of integers for the beginning and end positions of matched
+  // text.  The first pair corresponds to the entire matched text;
+  // subsequent pairs correspond, in order, to parentheses-captured
+  // matches.  Returns the number of pairs (one more than the number of
+  // the last subpattern with a match) if matching was successful
+  // and zero if the match failed.
+  // I.e. for RE("(foo)|(bar)|(baz)") it will return 2, 3, and 4 when matching
+  // against "foo", "bar", and "baz" respectively.
+  // When matching RE("(foo)|hello") against "hello", it will return 1.
+  // But the values for all subpattern are filled in into "vec".
+  int TryMatch(const StringPiece& text,
+               int startpos,
+               Anchor anchor,
+               bool empty_ok,
+               int *vec,
+               int vecsize) const;
+
+  // Append the "rewrite" string, with backslash subsitutions from "text"
+  // and "vec", to string "out".
+  bool Rewrite(string *out,
+               const StringPiece& rewrite,
+               const StringPiece& text,
+               int *vec,
+               int veclen) const;
+
+  // internal implementation for DoMatch
+  bool DoMatchImpl(const StringPiece& text,
+                   Anchor anchor,
+                   int* consumed,
+                   const Arg* const args[],
+                   int n,
+                   int* vec,
+                   int vecsize) const;
+
+  // Compile the regexp for the specified anchoring mode
+  pcre* Compile(Anchor anchor);
+
+  string        pattern_;
+  RE_Options    options_;
+  pcre*         re_full_;       // For full matches
+  pcre*         re_partial_;    // For partial matches
+  const string* error_;         // Error indicator (or points to empty string)
+};
+
+}   // namespace pcrecpp
+
+#endif /* _PCRECPP_H */
diff --git a/client/3rd/ShadowSocks/ShadowSocks/pcre/armv7/include/pcrecpparg.h b/client/3rd/ShadowSocks/ShadowSocks/pcre/armv7/include/pcrecpparg.h
new file mode 100644
index 00000000..b4f9c3f4
--- /dev/null
+++ b/client/3rd/ShadowSocks/ShadowSocks/pcre/armv7/include/pcrecpparg.h
@@ -0,0 +1,174 @@
+// Copyright (c) 2005, Google Inc.
+// All rights reserved.
+//
+// Redistribution and use in source and binary forms, with or without
+// modification, are permitted provided that the following conditions are
+// met:
+//
+//     * Redistributions of source code must retain the above copyright
+// notice, this list of conditions and the following disclaimer.
+//     * Redistributions in binary form must reproduce the above
+// copyright notice, this list of conditions and the following disclaimer
+// in the documentation and/or other materials provided with the
+// distribution.
+//     * Neither the name of Google Inc. nor the names of its
+// contributors may be used to endorse or promote products derived from
+// this software without specific prior written permission.
+//
+// THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS
+// "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT
+// LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR
+// A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT
+// OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
+// SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT
+// LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,
+// DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY
+// THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
+// (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE
+// OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
+//
+// Author: Sanjay Ghemawat
+
+#ifndef _PCRECPPARG_H
+#define _PCRECPPARG_H
+
+#include <stdlib.h>    // for NULL
+#include <string>
+
+#include <pcre.h>
+
+namespace pcrecpp {
+
+class StringPiece;
+
+// Hex/Octal/Binary?
+
+// Special class for parsing into objects that define a ParseFrom() method
+template <class T>
+class _RE_MatchObject {
+ public:
+  static inline bool Parse(const char* str, int n, void* dest) {
+    if (dest == NULL) return true;
+    T* object = reinterpret_cast<T*>(dest);
+    return object->ParseFrom(str, n);
+  }
+};
+
+class PCRECPP_EXP_DEFN Arg {
+ public:
+  // Empty constructor so we can declare arrays of Arg
+  Arg();
+
+  // Constructor specially designed for NULL arguments
+  Arg(void*);
+
+  typedef bool (*Parser)(const char* str, int n, void* dest);
+
+// Type-specific parsers
+#define PCRE_MAKE_PARSER(type,name)                             \
+  Arg(type* p) : arg_(p), parser_(name) { }                     \
+  Arg(type* p, Parser parser) : arg_(p), parser_(parser) { }
+
+
+  PCRE_MAKE_PARSER(char,               parse_char);
+  PCRE_MAKE_PARSER(unsigned char,      parse_uchar);
+  PCRE_MAKE_PARSER(short,              parse_short);
+  PCRE_MAKE_PARSER(unsigned short,     parse_ushort);
+  PCRE_MAKE_PARSER(int,                parse_int);
+  PCRE_MAKE_PARSER(unsigned int,       parse_uint);
+  PCRE_MAKE_PARSER(long,               parse_long);
+  PCRE_MAKE_PARSER(unsigned long,      parse_ulong);
+#if 1
+  PCRE_MAKE_PARSER(long long,          parse_longlong);
+#endif
+#if 1
+  PCRE_MAKE_PARSER(unsigned long long, parse_ulonglong);
+#endif
+  PCRE_MAKE_PARSER(float,              parse_float);
+  PCRE_MAKE_PARSER(double,             parse_double);
+  PCRE_MAKE_PARSER(std::string,        parse_string);
+  PCRE_MAKE_PARSER(StringPiece,        parse_stringpiece);
+
+#undef PCRE_MAKE_PARSER
+
+  // Generic constructor
+  template <class T> Arg(T*, Parser parser);
+  // Generic constructor template
+  template <class T> Arg(T* p)
+    : arg_(p), parser_(_RE_MatchObject<T>::Parse) {
+  }
+
+  // Parse the data
+  bool Parse(const char* str, int n) const;
+
+ private:
+  void*         arg_;
+  Parser        parser_;
+
+  static bool parse_null          (const char* str, int n, void* dest);
+  static bool parse_char          (const char* str, int n, void* dest);
+  static bool parse_uchar         (const char* str, int n, void* dest);
+  static bool parse_float         (const char* str, int n, void* dest);
+  static bool parse_double        (const char* str, int n, void* dest);
+  static bool parse_string        (const char* str, int n, void* dest);
+  static bool parse_stringpiece   (const char* str, int n, void* dest);
+
+#define PCRE_DECLARE_INTEGER_PARSER(name)                                   \
+ private:                                                                   \
+  static bool parse_ ## name(const char* str, int n, void* dest);           \
+  static bool parse_ ## name ## _radix(                                     \
+    const char* str, int n, void* dest, int radix);                         \
+ public:                                                                    \
+  static bool parse_ ## name ## _hex(const char* str, int n, void* dest);   \
+  static bool parse_ ## name ## _octal(const char* str, int n, void* dest); \
+  static bool parse_ ## name ## _cradix(const char* str, int n, void* dest)
+
+  PCRE_DECLARE_INTEGER_PARSER(short);
+  PCRE_DECLARE_INTEGER_PARSER(ushort);
+  PCRE_DECLARE_INTEGER_PARSER(int);
+  PCRE_DECLARE_INTEGER_PARSER(uint);
+  PCRE_DECLARE_INTEGER_PARSER(long);
+  PCRE_DECLARE_INTEGER_PARSER(ulong);
+  PCRE_DECLARE_INTEGER_PARSER(longlong);
+  PCRE_DECLARE_INTEGER_PARSER(ulonglong);
+
+#undef PCRE_DECLARE_INTEGER_PARSER
+};
+
+inline Arg::Arg() : arg_(NULL), parser_(parse_null) { }
+inline Arg::Arg(void* p) : arg_(p), parser_(parse_null) { }
+
+inline bool Arg::Parse(const char* str, int n) const {
+  return (*parser_)(str, n, arg_);
+}
+
+// This part of the parser, appropriate only for ints, deals with bases
+#define MAKE_INTEGER_PARSER(type, name) \
+  inline Arg Hex(type* ptr) { \
+    return Arg(ptr, Arg::parse_ ## name ## _hex); } \
+  inline Arg Octal(type* ptr) { \
+    return Arg(ptr, Arg::parse_ ## name ## _octal); } \
+  inline Arg CRadix(type* ptr) { \
+    return Arg(ptr, Arg::parse_ ## name ## _cradix); }
+
+MAKE_INTEGER_PARSER(short,              short)     /*                        */
+MAKE_INTEGER_PARSER(unsigned short,     ushort)    /*                        */
+MAKE_INTEGER_PARSER(int,                int)       /* Don't use semicolons   */
+MAKE_INTEGER_PARSER(unsigned int,       uint)      /* after these statement  */
+MAKE_INTEGER_PARSER(long,               long)      /* because they can cause */
+MAKE_INTEGER_PARSER(unsigned long,      ulong)     /* compiler warnings if   */
+#if 1                          /* the checking level is  */
+MAKE_INTEGER_PARSER(long long,          longlong)  /* turned up high enough. */
+#endif                                             /*                        */
+#if 1                         /*                        */
+MAKE_INTEGER_PARSER(unsigned long long, ulonglong) /*                        */
+#endif
+
+#undef PCRE_IS_SET
+#undef PCRE_SET_OR_CLEAR
+#undef MAKE_INTEGER_PARSER
+
+}   // namespace pcrecpp
+
+
+#endif /* _PCRECPPARG_H */
diff --git a/client/3rd/ShadowSocks/ShadowSocks/pcre/armv7/include/pcreposix.h b/client/3rd/ShadowSocks/ShadowSocks/pcre/armv7/include/pcreposix.h
new file mode 100644
index 00000000..c77c0b05
--- /dev/null
+++ b/client/3rd/ShadowSocks/ShadowSocks/pcre/armv7/include/pcreposix.h
@@ -0,0 +1,146 @@
+/*************************************************
+*       Perl-Compatible Regular Expressions      *
+*************************************************/
+
+#ifndef _PCREPOSIX_H
+#define _PCREPOSIX_H
+
+/* This is the header for the POSIX wrapper interface to the PCRE Perl-
+Compatible Regular Expression library. It defines the things POSIX says should
+be there. I hope.
+
+            Copyright (c) 1997-2012 University of Cambridge
+
+-----------------------------------------------------------------------------
+Redistribution and use in source and binary forms, with or without
+modification, are permitted provided that the following conditions are met:
+
+    * Redistributions of source code must retain the above copyright notice,
+      this list of conditions and the following disclaimer.
+
+    * Redistributions in binary form must reproduce the above copyright
+      notice, this list of conditions and the following disclaimer in the
+      documentation and/or other materials provided with the distribution.
+
+    * Neither the name of the University of Cambridge nor the names of its
+      contributors may be used to endorse or promote products derived from
+      this software without specific prior written permission.
+
+THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS"
+AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT OWNER OR CONTRIBUTORS BE
+LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR
+CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF
+SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS
+INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN
+CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
+ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE
+POSSIBILITY OF SUCH DAMAGE.
+-----------------------------------------------------------------------------
+*/
+
+/* Have to include stdlib.h in order to ensure that size_t is defined. */
+
+#include <stdlib.h>
+
+/* Allow for C++ users */
+
+#ifdef __cplusplus
+extern "C" {
+#endif
+
+/* Options, mostly defined by POSIX, but with some extras. */
+
+#define REG_ICASE     0x0001   /* Maps to PCRE_CASELESS */
+#define REG_NEWLINE   0x0002   /* Maps to PCRE_MULTILINE */
+#define REG_NOTBOL    0x0004   /* Maps to PCRE_NOTBOL */
+#define REG_NOTEOL    0x0008   /* Maps to PCRE_NOTEOL */
+#define REG_DOTALL    0x0010   /* NOT defined by POSIX; maps to PCRE_DOTALL */
+#define REG_NOSUB     0x0020   /* Maps to PCRE_NO_AUTO_CAPTURE */
+#define REG_UTF8      0x0040   /* NOT defined by POSIX; maps to PCRE_UTF8 */
+#define REG_STARTEND  0x0080   /* BSD feature: pass subject string by so,eo */
+#define REG_NOTEMPTY  0x0100   /* NOT defined by POSIX; maps to PCRE_NOTEMPTY */
+#define REG_UNGREEDY  0x0200   /* NOT defined by POSIX; maps to PCRE_UNGREEDY */
+#define REG_UCP       0x0400   /* NOT defined by POSIX; maps to PCRE_UCP */
+
+/* This is not used by PCRE, but by defining it we make it easier
+to slot PCRE into existing programs that make POSIX calls. */
+
+#define REG_EXTENDED  0
+
+/* Error values. Not all these are relevant or used by the wrapper. */
+
+enum {
+  REG_ASSERT = 1,  /* internal error ? */
+  REG_BADBR,       /* invalid repeat counts in {} */
+  REG_BADPAT,      /* pattern error */
+  REG_BADRPT,      /* ? * + invalid */
+  REG_EBRACE,      /* unbalanced {} */
+  REG_EBRACK,      /* unbalanced [] */
+  REG_ECOLLATE,    /* collation error - not relevant */
+  REG_ECTYPE,      /* bad class */
+  REG_EESCAPE,     /* bad escape sequence */
+  REG_EMPTY,       /* empty expression */
+  REG_EPAREN,      /* unbalanced () */
+  REG_ERANGE,      /* bad range inside [] */
+  REG_ESIZE,       /* expression too big */
+  REG_ESPACE,      /* failed to get memory */
+  REG_ESUBREG,     /* bad back reference */
+  REG_INVARG,      /* bad argument */
+  REG_NOMATCH      /* match failed */
+};
+
+
+/* The structure representing a compiled regular expression. */
+
+typedef struct {
+  void *re_pcre;
+  size_t re_nsub;
+  size_t re_erroffset;
+} regex_t;
+
+/* The structure in which a captured offset is returned. */
+
+typedef int regoff_t;
+
+typedef struct {
+  regoff_t rm_so;
+  regoff_t rm_eo;
+} regmatch_t;
+
+/* When an application links to a PCRE DLL in Windows, the symbols that are
+imported have to be identified as such. When building PCRE, the appropriate
+export settings are needed, and are set in pcreposix.c before including this
+file. */
+
+#if defined(_WIN32) && !defined(PCRE_STATIC) && !defined(PCREPOSIX_EXP_DECL)
+#  define PCREPOSIX_EXP_DECL  extern __declspec(dllimport)
+#  define PCREPOSIX_EXP_DEFN  __declspec(dllimport)
+#endif
+
+/* By default, we use the standard "extern" declarations. */
+
+#ifndef PCREPOSIX_EXP_DECL
+#  ifdef __cplusplus
+#    define PCREPOSIX_EXP_DECL  extern "C"
+#    define PCREPOSIX_EXP_DEFN  extern "C"
+#  else
+#    define PCREPOSIX_EXP_DECL  extern
+#    define PCREPOSIX_EXP_DEFN  extern
+#  endif
+#endif
+
+/* The functions */
+
+PCREPOSIX_EXP_DECL int regcomp(regex_t *, const char *, int);
+PCREPOSIX_EXP_DECL int regexec(const regex_t *, const char *, size_t,
+                     regmatch_t *, int);
+PCREPOSIX_EXP_DECL size_t regerror(int, const regex_t *, char *, size_t);
+PCREPOSIX_EXP_DECL void regfree(regex_t *);
+
+#ifdef __cplusplus
+}   /* extern "C" */
+#endif
+
+#endif /* End of pcreposix.h */
diff --git a/client/3rd/ShadowSocks/ShadowSocks/pcre/armv7/lib/libpcre.a b/client/3rd/ShadowSocks/ShadowSocks/pcre/armv7/lib/libpcre.a
new file mode 100644
index 00000000..70e72eed
Binary files /dev/null and b/client/3rd/ShadowSocks/ShadowSocks/pcre/armv7/lib/libpcre.a differ
diff --git a/client/3rd/ShadowSocks/ShadowSocks/pcre/armv7/lib/libpcre.la b/client/3rd/ShadowSocks/ShadowSocks/pcre/armv7/lib/libpcre.la
new file mode 100755
index 00000000..66367366
--- /dev/null
+++ b/client/3rd/ShadowSocks/ShadowSocks/pcre/armv7/lib/libpcre.la
@@ -0,0 +1,41 @@
+# libpcre.la - a libtool library file
+# Generated by libtool (GNU libtool) 2.4.6
+#
+# Please DO NOT delete this file!
+# It is necessary for linking the library.
+
+# The name that we can dlopen(3).
+dlname=''
+
+# Names of this library.
+library_names=''
+
+# The name of the static archive.
+old_library='libpcre.a'
+
+# Linker flags that cannot go in dependency_libs.
+inherited_linker_flags=' '
+
+# Libraries that this one depends upon.
+dependency_libs=' -L/Applications/Xcode.app/Contents/Developer/Platforms/iPhoneOS.platform/Developer/SDKs/iPhoneOS15.2.sdk/usr/lib'
+
+# Names of additional weak libraries provided by this library
+weak_library_names=''
+
+# Version information for libpcre.
+current=3
+age=2
+revision=9
+
+# Is this an already installed library?
+installed=yes
+
+# Should we warn about portability when linking against -modules?
+shouldnotlink=no
+
+# Files to dlopen/dlpreopen
+dlopen=''
+dlpreopen=''
+
+# Directory that this library needs to be installed in:
+libdir='/Users/sanchez/work/vied/ios/vpn/playground/ss-libev-build/ShadowSocks-libev-iOS/ShadowSocks-libev-iOS/pcre/pcre/armv7/lib'
diff --git a/client/3rd/ShadowSocks/ShadowSocks/pcre/armv7/lib/libpcrecpp.a b/client/3rd/ShadowSocks/ShadowSocks/pcre/armv7/lib/libpcrecpp.a
new file mode 100644
index 00000000..1321792d
Binary files /dev/null and b/client/3rd/ShadowSocks/ShadowSocks/pcre/armv7/lib/libpcrecpp.a differ
diff --git a/client/3rd/ShadowSocks/ShadowSocks/pcre/armv7/lib/libpcrecpp.la b/client/3rd/ShadowSocks/ShadowSocks/pcre/armv7/lib/libpcrecpp.la
new file mode 100755
index 00000000..07e07a31
--- /dev/null
+++ b/client/3rd/ShadowSocks/ShadowSocks/pcre/armv7/lib/libpcrecpp.la
@@ -0,0 +1,41 @@
+# libpcrecpp.la - a libtool library file
+# Generated by libtool (GNU libtool) 2.4.6
+#
+# Please DO NOT delete this file!
+# It is necessary for linking the library.
+
+# The name that we can dlopen(3).
+dlname=''
+
+# Names of this library.
+library_names=''
+
+# The name of the static archive.
+old_library='libpcrecpp.a'
+
+# Linker flags that cannot go in dependency_libs.
+inherited_linker_flags=' '
+
+# Libraries that this one depends upon.
+dependency_libs=' -L/Applications/Xcode.app/Contents/Developer/Platforms/iPhoneOS.platform/Developer/SDKs/iPhoneOS15.2.sdk/usr/lib /Users/sanchez/work/vied/ios/vpn/playground/ss-libev-build/ShadowSocks-libev-iOS/ShadowSocks-libev-iOS/pcre/pcre/armv7/lib/libpcre.la'
+
+# Names of additional weak libraries provided by this library
+weak_library_names=''
+
+# Version information for libpcrecpp.
+current=0
+age=0
+revision=1
+
+# Is this an already installed library?
+installed=yes
+
+# Should we warn about portability when linking against -modules?
+shouldnotlink=no
+
+# Files to dlopen/dlpreopen
+dlopen=''
+dlpreopen=''
+
+# Directory that this library needs to be installed in:
+libdir='/Users/sanchez/work/vied/ios/vpn/playground/ss-libev-build/ShadowSocks-libev-iOS/ShadowSocks-libev-iOS/pcre/pcre/armv7/lib'
diff --git a/client/3rd/ShadowSocks/ShadowSocks/pcre/armv7/lib/libpcreposix.a b/client/3rd/ShadowSocks/ShadowSocks/pcre/armv7/lib/libpcreposix.a
new file mode 100644
index 00000000..bb2aec40
Binary files /dev/null and b/client/3rd/ShadowSocks/ShadowSocks/pcre/armv7/lib/libpcreposix.a differ
diff --git a/client/3rd/ShadowSocks/ShadowSocks/pcre/armv7/lib/libpcreposix.la b/client/3rd/ShadowSocks/ShadowSocks/pcre/armv7/lib/libpcreposix.la
new file mode 100755
index 00000000..c3cbdaef
--- /dev/null
+++ b/client/3rd/ShadowSocks/ShadowSocks/pcre/armv7/lib/libpcreposix.la
@@ -0,0 +1,41 @@
+# libpcreposix.la - a libtool library file
+# Generated by libtool (GNU libtool) 2.4.6
+#
+# Please DO NOT delete this file!
+# It is necessary for linking the library.
+
+# The name that we can dlopen(3).
+dlname=''
+
+# Names of this library.
+library_names=''
+
+# The name of the static archive.
+old_library='libpcreposix.a'
+
+# Linker flags that cannot go in dependency_libs.
+inherited_linker_flags=' '
+
+# Libraries that this one depends upon.
+dependency_libs=' -L/Applications/Xcode.app/Contents/Developer/Platforms/iPhoneOS.platform/Developer/SDKs/iPhoneOS15.2.sdk/usr/lib /Users/sanchez/work/vied/ios/vpn/playground/ss-libev-build/ShadowSocks-libev-iOS/ShadowSocks-libev-iOS/pcre/pcre/armv7/lib/libpcre.la'
+
+# Names of additional weak libraries provided by this library
+weak_library_names=''
+
+# Version information for libpcreposix.
+current=0
+age=0
+revision=5
+
+# Is this an already installed library?
+installed=yes
+
+# Should we warn about portability when linking against -modules?
+shouldnotlink=no
+
+# Files to dlopen/dlpreopen
+dlopen=''
+dlpreopen=''
+
+# Directory that this library needs to be installed in:
+libdir='/Users/sanchez/work/vied/ios/vpn/playground/ss-libev-build/ShadowSocks-libev-iOS/ShadowSocks-libev-iOS/pcre/pcre/armv7/lib'
diff --git a/client/3rd/ShadowSocks/ShadowSocks/pcre/armv7/lib/pkgconfig/libpcre.pc b/client/3rd/ShadowSocks/ShadowSocks/pcre/armv7/lib/pkgconfig/libpcre.pc
new file mode 100644
index 00000000..8949761e
--- /dev/null
+++ b/client/3rd/ShadowSocks/ShadowSocks/pcre/armv7/lib/pkgconfig/libpcre.pc
@@ -0,0 +1,13 @@
+# Package Information for pkg-config
+
+prefix=/Users/sanchez/work/vied/ios/vpn/playground/ss-libev-build/ShadowSocks-libev-iOS/ShadowSocks-libev-iOS/pcre/pcre/armv7
+exec_prefix=${prefix}
+libdir=${exec_prefix}/lib
+includedir=${prefix}/include
+
+Name: libpcre
+Description: PCRE - Perl compatible regular expressions C library with 8 bit character support
+Version: 8.41
+Libs: -L${libdir} -lpcre
+Libs.private:  
+Cflags: -I${includedir} -DPCRE_STATIC
diff --git a/client/3rd/ShadowSocks/ShadowSocks/pcre/armv7/lib/pkgconfig/libpcrecpp.pc b/client/3rd/ShadowSocks/ShadowSocks/pcre/armv7/lib/pkgconfig/libpcrecpp.pc
new file mode 100644
index 00000000..3207e1aa
--- /dev/null
+++ b/client/3rd/ShadowSocks/ShadowSocks/pcre/armv7/lib/pkgconfig/libpcrecpp.pc
@@ -0,0 +1,12 @@
+# Package Information for pkg-config
+
+prefix=/Users/sanchez/work/vied/ios/vpn/playground/ss-libev-build/ShadowSocks-libev-iOS/ShadowSocks-libev-iOS/pcre/pcre/armv7
+exec_prefix=${prefix}
+libdir=${exec_prefix}/lib
+includedir=${prefix}/include
+
+Name: libpcrecpp
+Description: PCRECPP - C++ wrapper for PCRE
+Version: 8.41
+Libs: -L${libdir} -lpcre -lpcrecpp
+Cflags: -I${includedir} -DPCRE_STATIC
diff --git a/client/3rd/ShadowSocks/ShadowSocks/pcre/armv7/lib/pkgconfig/libpcreposix.pc b/client/3rd/ShadowSocks/ShadowSocks/pcre/armv7/lib/pkgconfig/libpcreposix.pc
new file mode 100644
index 00000000..983ee1f0
--- /dev/null
+++ b/client/3rd/ShadowSocks/ShadowSocks/pcre/armv7/lib/pkgconfig/libpcreposix.pc
@@ -0,0 +1,13 @@
+# Package Information for pkg-config
+
+prefix=/Users/sanchez/work/vied/ios/vpn/playground/ss-libev-build/ShadowSocks-libev-iOS/ShadowSocks-libev-iOS/pcre/pcre/armv7
+exec_prefix=${prefix}
+libdir=${exec_prefix}/lib
+includedir=${prefix}/include
+
+Name: libpcreposix
+Description: PCREPosix - Posix compatible interface to libpcre
+Version: 8.41
+Libs: -L${libdir} -lpcreposix
+Cflags: -I${includedir} -DPCRE_STATIC
+Requires.private: libpcre
diff --git a/client/3rd/ShadowSocks/ShadowSocks/pcre/armv7/share/doc/pcre/AUTHORS b/client/3rd/ShadowSocks/ShadowSocks/pcre/armv7/share/doc/pcre/AUTHORS
new file mode 100644
index 00000000..291657ca
--- /dev/null
+++ b/client/3rd/ShadowSocks/ShadowSocks/pcre/armv7/share/doc/pcre/AUTHORS
@@ -0,0 +1,45 @@
+THE MAIN PCRE LIBRARY
+---------------------
+
+Written by:       Philip Hazel
+Email local part: ph10
+Email domain:     cam.ac.uk
+
+University of Cambridge Computing Service,
+Cambridge, England.
+
+Copyright (c) 1997-2017 University of Cambridge
+All rights reserved
+
+
+PCRE JUST-IN-TIME COMPILATION SUPPORT
+-------------------------------------
+
+Written by:       Zoltan Herczeg
+Email local part: hzmester
+Emain domain:     freemail.hu
+
+Copyright(c) 2010-2017 Zoltan Herczeg
+All rights reserved.
+
+
+STACK-LESS JUST-IN-TIME COMPILER
+--------------------------------
+
+Written by:       Zoltan Herczeg
+Email local part: hzmester
+Emain domain:     freemail.hu
+
+Copyright(c) 2009-2017 Zoltan Herczeg
+All rights reserved.
+
+
+THE C++ WRAPPER LIBRARY
+-----------------------
+
+Written by:       Google Inc.
+
+Copyright (c) 2007-2012 Google Inc
+All rights reserved
+
+####
diff --git a/client/3rd/ShadowSocks/ShadowSocks/pcre/armv7/share/doc/pcre/COPYING b/client/3rd/ShadowSocks/ShadowSocks/pcre/armv7/share/doc/pcre/COPYING
new file mode 100644
index 00000000..58eed01b
--- /dev/null
+++ b/client/3rd/ShadowSocks/ShadowSocks/pcre/armv7/share/doc/pcre/COPYING
@@ -0,0 +1,5 @@
+PCRE LICENCE
+
+Please see the file LICENCE in the PCRE distribution for licensing details.
+
+End
diff --git a/client/3rd/ShadowSocks/ShadowSocks/pcre/armv7/share/doc/pcre/ChangeLog b/client/3rd/ShadowSocks/ShadowSocks/pcre/armv7/share/doc/pcre/ChangeLog
new file mode 100644
index 00000000..590a7542
--- /dev/null
+++ b/client/3rd/ShadowSocks/ShadowSocks/pcre/armv7/share/doc/pcre/ChangeLog
@@ -0,0 +1,6104 @@
+ChangeLog for PCRE
+------------------
+
+Note that the PCRE 8.xx series (PCRE1) is now in a bugfix-only state. All
+development is happening in the PCRE2 10.xx series.
+
+Version 8.41 05-July-2017
+-------------------------
+
+1.  Fixed typo in CMakeLists.txt (wrong number of arguments for
+PCRE_STATIC_RUNTIME (affects MSVC only).
+
+2.  Issue 1 for 8.40 below was not correctly fixed. If pcregrep in multiline
+mode with --only-matching matched several lines, it restarted scanning at the
+next line instead of moving on to the end of the matched string, which can be
+several lines after the start.
+
+3.  Fix a missing else in the JIT compiler reported by 'idaifish'.
+
+4.  A (?# style comment is now ignored between a basic quantifier and a
+following '+' or '?' (example: /X+(?#comment)?Y/.
+
+5.  Avoid use of a potentially overflowing buffer in pcregrep (patch by Petr
+Pisar).
+
+6.  Fuzzers have reported issues in pcretest. These are NOT serious (it is,
+after all, just a test program). However, to stop the reports, some easy ones
+are fixed:
+
+    (a) Check for values < 256 when calling isprint() in pcretest.
+    (b) Give an error for too big a number after \O.
+
+7.  In the 32-bit library in non-UTF mode, an attempt to find a Unicode
+property for a character with a code point greater than 0x10ffff (the Unicode
+maximum) caused a crash.
+
+8. The alternative matching function, pcre_dfa_exec() misbehaved if it
+encountered a character class with a possessive repeat, for example [a-f]{3}+.
+
+9. When pcretest called pcre_copy_substring() in 32-bit mode, it set the buffer
+length incorrectly, which could result in buffer overflow.
+
+10. Remove redundant line of code (accidentally left in ages ago).
+
+11. Applied C++ patch from Irfan Adilovic to guard 'using std::' directives
+with namespace pcrecpp (Bugzilla #2084).
+
+12. Remove a duplication typo in pcre_tables.c.
+
+13. Fix returned offsets from regexec() when REG_STARTEND is used with a
+starting offset greater than zero.
+
+
+Version 8.40 11-January-2017
+----------------------------
+
+1.  Using -o with -M in pcregrep could cause unnecessary repeated output when
+    the match extended over a line boundary.
+
+2.  Applied Chris Wilson's second patch (Bugzilla #1681) to CMakeLists.txt for
+    MSVC static compilation, putting the first patch under a new option.
+
+3.  Fix register overwite in JIT when SSE2 acceleration is enabled.
+
+4.  Ignore "show all captures" (/=) for DFA matching.
+
+5.  Fix JIT unaligned accesses on x86. Patch by Marc Mutz.
+
+6.  In any wide-character mode (8-bit UTF or any 16-bit or 32-bit mode),
+    without PCRE_UCP set, a negative character type such as \D in a positive
+    class should cause all characters greater than 255 to match, whatever else
+    is in the class. There was a bug that caused this not to happen if a
+    Unicode property item was added to such a class, for example [\D\P{Nd}] or
+    [\W\pL].
+
+7.  When pcretest was outputing information from a callout, the caret indicator
+    for the current position in the subject line was incorrect if it was after
+    an escape sequence for a character whose code point was greater than
+    \x{ff}.
+
+8.  A pattern such as (?<RA>abc)(?(R)xyz) was incorrectly compiled such that
+    the conditional was interpreted as a reference to capturing group 1 instead
+    of a test for recursion. Any group whose name began with R was
+    misinterpreted in this way. (The reference interpretation should only
+    happen if the group's name is precisely "R".)
+
+9.  A number of bugs have been mended relating to match start-up optimizations
+    when the first thing in a pattern is a positive lookahead. These all
+    applied only when PCRE_NO_START_OPTIMIZE was *not* set:
+
+    (a) A pattern such as (?=.*X)X$ was incorrectly optimized as if it needed
+        both an initial 'X' and a following 'X'.
+    (b) Some patterns starting with an assertion that started with .* were
+        incorrectly optimized as having to match at the start of the subject or
+        after a newline. There are cases where this is not true, for example,
+        (?=.*[A-Z])(?=.{8,16})(?!.*[\s]) matches after the start in lines that
+        start with spaces. Starting .* in an assertion is no longer taken as an
+        indication of matching at the start (or after a newline).
+
+
+Version 8.39 14-June-2016
+-------------------------
+
+1.  If PCRE_AUTO_CALLOUT was set on a pattern that had a (?# comment between
+    an item and its qualifier (for example, A(?#comment)?B) pcre_compile()
+    misbehaved. This bug was found by the LLVM fuzzer.
+
+2.  Similar to the above, if an isolated \E was present between an item and its
+    qualifier when PCRE_AUTO_CALLOUT was set, pcre_compile() misbehaved. This
+    bug was found by the LLVM fuzzer.
+
+3.  Further to 8.38/46, negated classes such as [^[:^ascii:]\d] were also not
+    working correctly in UCP mode.
+
+4.  The POSIX wrapper function regexec() crashed if the option REG_STARTEND
+    was set when the pmatch argument was NULL. It now returns REG_INVARG.
+
+5.  Allow for up to 32-bit numbers in the ordin() function in pcregrep.
+
+6.  An empty \Q\E sequence between an item and its qualifier caused
+    pcre_compile() to misbehave when auto callouts were enabled. This bug was
+    found by the LLVM fuzzer.
+
+7.  If a pattern that was compiled with PCRE_EXTENDED started with white
+    space or a #-type comment that was followed by (?-x), which turns off
+    PCRE_EXTENDED, and there was no subsequent (?x) to turn it on again,
+    pcre_compile() assumed that (?-x) applied to the whole pattern and
+    consequently mis-compiled it. This bug was found by the LLVM fuzzer.
+
+8.  A call of pcre_copy_named_substring() for a named substring whose number
+    was greater than the space in the ovector could cause a crash.
+
+9.  Yet another buffer overflow bug involved duplicate named groups with a
+    group that reset capture numbers (compare 8.38/7 below). Once again, I have
+    just allowed for more memory, even if not needed. (A proper fix is
+    implemented in PCRE2, but it involves a lot of refactoring.)
+
+10. pcre_get_substring_list() crashed if the use of \K in a match caused the
+    start of the match to be earlier than the end.
+
+11. Migrating appropriate PCRE2 JIT improvements to PCRE.
+
+12. A pattern such as /(?<=((?C)0))/, which has a callout inside a lookbehind
+    assertion, caused pcretest to generate incorrect output, and also to read
+    uninitialized memory (detected by ASAN or valgrind).
+
+13. A pattern that included (*ACCEPT) in the middle of a sufficiently deeply
+    nested set of parentheses of sufficient size caused an overflow of the
+    compiling workspace (which was diagnosed, but of course is not desirable).
+
+14. And yet another buffer overflow bug involving duplicate named groups, this
+    time nested, with a nested back reference. Yet again, I have just allowed
+    for more memory, because anything more needs all the refactoring that has
+    been done for PCRE2. An example pattern that provoked this bug is:
+    /((?J)(?'R'(?'R'(?'R'(?'R'(?'R'(?|(\k'R'))))))))/ and the bug was
+    registered as CVE-2016-1283.
+
+15. pcretest went into a loop if global matching was requested with an ovector
+    size less than 2. It now gives an error message. This bug was found by
+    afl-fuzz.
+
+16. An invalid pattern fragment such as (?(?C)0 was not diagnosing an error
+    ("assertion expected") when (?(?C) was not followed by an opening
+    parenthesis.
+
+17. Fixed typo ("&&" for "&") in pcre_study(). Fortunately, this could not
+    actually affect anything, by sheer luck.
+
+18. Applied Chris Wilson's patch (Bugzilla #1681) to CMakeLists.txt for MSVC
+    static compilation.
+
+19. Modified the RunTest script to incorporate a valgrind suppressions file so
+    that certain errors, provoked by the SSE2 instruction set when JIT is used,
+    are ignored.
+
+20. A racing condition is fixed in JIT reported by Mozilla.
+
+21. Minor code refactor to avoid "array subscript is below array bounds"
+    compiler warning.
+
+22. Minor code refactor to avoid "left shift of negative number" warning.
+
+23. Fix typo causing compile error when 16- or 32-bit JIT is compiled without
+    UCP support.
+
+24. Refactor to avoid compiler warnings in pcrecpp.cc.
+
+25. Refactor to fix a typo in pcre_jit_test.c
+
+26. Patch to support compiling pcrecpp.cc with Intel compiler.
+
+
+Version 8.38 23-November-2015
+-----------------------------
+
+1.  If a group that contained a recursive back reference also contained a
+    forward reference subroutine call followed by a non-forward-reference
+    subroutine call, for example /.((?2)(?R)\1)()/, pcre_compile() failed to
+    compile correct code, leading to undefined behaviour or an internally
+    detected error. This bug was discovered by the LLVM fuzzer.
+
+2.  Quantification of certain items (e.g. atomic back references) could cause
+    incorrect code to be compiled when recursive forward references were
+    involved. For example, in this pattern: /(?1)()((((((\1++))\x85)+)|))/.
+    This bug was discovered by the LLVM fuzzer.
+
+3.  A repeated conditional group whose condition was a reference by name caused
+    a buffer overflow if there was more than one group with the given name.
+    This bug was discovered by the LLVM fuzzer.
+
+4.  A recursive back reference by name within a group that had the same name as
+    another group caused a buffer overflow. For example:
+    /(?J)(?'d'(?'d'\g{d}))/. This bug was discovered by the LLVM fuzzer.
+
+5.  A forward reference by name to a group whose number is the same as the
+    current group, for example in this pattern: /(?|(\k'Pm')|(?'Pm'))/, caused
+    a buffer overflow at compile time. This bug was discovered by the LLVM
+    fuzzer.
+
+6.  A lookbehind assertion within a set of mutually recursive subpatterns could
+    provoke a buffer overflow. This bug was discovered by the LLVM fuzzer.
+
+7.  Another buffer overflow bug involved duplicate named groups with a
+    reference between their definition, with a group that reset capture
+    numbers, for example: /(?J:(?|(?'R')(\k'R')|((?'R'))))/. This has been
+    fixed by always allowing for more memory, even if not needed. (A proper fix
+    is implemented in PCRE2, but it involves more refactoring.)
+
+8.  There was no check for integer overflow in subroutine calls such as (?123).
+
+9.  The table entry for \l in EBCDIC environments was incorrect, leading to its
+    being treated as a literal 'l' instead of causing an error.
+
+10. There was a buffer overflow if pcre_exec() was called with an ovector of
+    size 1. This bug was found by american fuzzy lop.
+
+11. If a non-capturing group containing a conditional group that could match
+    an empty string was repeated, it was not identified as matching an empty
+    string itself. For example: /^(?:(?(1)x|)+)+$()/.
+
+12. In an EBCDIC environment, pcretest was mishandling the escape sequences
+    \a and \e in test subject lines.
+
+13. In an EBCDIC environment, \a in a pattern was converted to the ASCII
+    instead of the EBCDIC value.
+
+14. The handling of \c in an EBCDIC environment has been revised so that it is
+    now compatible with the specification in Perl's perlebcdic page.
+
+15. The EBCDIC character 0x41 is a non-breaking space, equivalent to 0xa0 in
+    ASCII/Unicode. This has now been added to the list of characters that are
+    recognized as white space in EBCDIC.
+
+16. When PCRE was compiled without UCP support, the use of \p and \P gave an
+    error (correctly) when used outside a class, but did not give an error
+    within a class.
+
+17. \h within a class was incorrectly compiled in EBCDIC environments.
+
+18. A pattern with an unmatched closing parenthesis that contained a backward
+    assertion which itself contained a forward reference caused buffer
+    overflow. And example pattern is: /(?=di(?<=(?1))|(?=(.))))/.
+
+19. JIT should return with error when the compiled pattern requires more stack
+    space than the maximum.
+
+20. A possessively repeated conditional group that could match an empty string,
+    for example, /(?(R))*+/, was incorrectly compiled.
+
+21. Fix infinite recursion in the JIT compiler when certain patterns such as
+    /(?:|a|){100}x/ are analysed.
+
+22. Some patterns with character classes involving [: and \\ were incorrectly
+    compiled and could cause reading from uninitialized memory or an incorrect
+    error diagnosis.
+
+23. Pathological patterns containing many nested occurrences of [: caused
+    pcre_compile() to run for a very long time.
+
+24. A conditional group with only one branch has an implicit empty alternative
+    branch and must therefore be treated as potentially matching an empty
+    string.
+
+25. If (?R was followed by - or + incorrect behaviour happened instead of a
+    diagnostic.
+
+26. Arrange to give up on finding the minimum matching length for overly
+    complex patterns.
+
+27. Similar to (4) above: in a pattern with duplicated named groups and an
+    occurrence of (?| it is possible for an apparently non-recursive back
+    reference to become recursive if a later named group with the relevant
+    number is encountered. This could lead to a buffer overflow. Wen Guanxing
+    from Venustech ADLAB discovered this bug.
+
+28. If pcregrep was given the -q option with -c or -l, or when handling a
+    binary file, it incorrectly wrote output to stdout.
+
+29. The JIT compiler did not restore the control verb head in case of *THEN
+    control verbs. This issue was found by Karl Skomski with a custom LLVM
+    fuzzer.
+
+30. Error messages for syntax errors following \g and \k were giving inaccurate
+    offsets in the pattern.
+
+31. Added a check for integer overflow in conditions (?(<digits>) and
+    (?(R<digits>). This omission was discovered by Karl Skomski with the LLVM
+    fuzzer.
+
+32. Handling recursive references such as (?2) when the reference is to a group
+    later in the pattern uses code that is very hacked about and error-prone.
+    It has been re-written for PCRE2. Here in PCRE1, a check has been added to
+    give an internal error if it is obvious that compiling has gone wrong.
+
+33. The JIT compiler should not check repeats after a {0,1} repeat byte code.
+    This issue was found by Karl Skomski with a custom LLVM fuzzer.
+
+34. The JIT compiler should restore the control chain for empty possessive
+    repeats. This issue was found by Karl Skomski with a custom LLVM fuzzer.
+
+35. Match limit check added to JIT recursion. This issue was found by Karl
+    Skomski with a custom LLVM fuzzer.
+
+36. Yet another case similar to 27 above has been circumvented by an
+    unconditional allocation of extra memory. This issue is fixed "properly" in
+    PCRE2 by refactoring the way references are handled. Wen Guanxing
+    from Venustech ADLAB discovered this bug.
+
+37. Fix two assertion fails in JIT. These issues were found by Karl Skomski
+    with a custom LLVM fuzzer.
+
+38. Fixed a corner case of range optimization in JIT.
+
+39. An incorrect error "overran compiling workspace" was given if there were
+    exactly enough group forward references such that the last one extended
+    into the workspace safety margin. The next one would have expanded the
+    workspace. The test for overflow was not including the safety margin.
+
+40. A match limit issue is fixed in JIT which was found by Karl Skomski
+    with a custom LLVM fuzzer.
+
+41. Remove the use of /dev/null in testdata/testinput2, because it doesn't
+    work under Windows. (Why has it taken so long for anyone to notice?)
+
+42. In a character class such as [\W\p{Any}] where both a negative-type escape
+    ("not a word character") and a property escape were present, the property
+    escape was being ignored.
+
+43. Fix crash caused by very long (*MARK) or (*THEN) names.
+
+44. A sequence such as [[:punct:]b] that is, a POSIX character class followed
+    by a single ASCII character in a class item, was incorrectly compiled in
+    UCP mode. The POSIX class got lost, but only if the single character
+    followed it.
+
+45. [:punct:] in UCP mode was matching some characters in the range 128-255
+    that should not have been matched.
+
+46. If [:^ascii:] or [:^xdigit:] or [:^cntrl:] are present in a non-negated
+    class, all characters with code points greater than 255 are in the class.
+    When a Unicode property was also in the class (if PCRE_UCP is set, escapes
+    such as \w are turned into Unicode properties), wide characters were not
+    correctly handled, and could fail to match.
+
+
+Version 8.37 28-April-2015
+--------------------------
+
+1.  When an (*ACCEPT) is triggered inside capturing parentheses, it arranges
+    for those parentheses to be closed with whatever has been captured so far.
+    However, it was failing to mark any other groups between the hightest
+    capture so far and the currrent group as "unset". Thus, the ovector for
+    those groups contained whatever was previously there. An example is the
+    pattern /(x)|((*ACCEPT))/ when matched against "abcd".
+
+2.  If an assertion condition was quantified with a minimum of zero (an odd
+    thing to do, but it happened), SIGSEGV or other misbehaviour could occur.
+
+3.  If a pattern in pcretest input had the P (POSIX) modifier followed by an
+    unrecognized modifier, a crash could occur.
+
+4.  An attempt to do global matching in pcretest with a zero-length ovector
+    caused a crash.
+
+5.  Fixed a memory leak during matching that could occur for a subpattern
+    subroutine call (recursive or otherwise) if the number of captured groups
+    that had to be saved was greater than ten.
+
+6.  Catch a bad opcode during auto-possessification after compiling a bad UTF
+    string with NO_UTF_CHECK. This is a tidyup, not a bug fix, as passing bad
+    UTF with NO_UTF_CHECK is documented as having an undefined outcome.
+
+7.  A UTF pattern containing a "not" match of a non-ASCII character and a
+    subroutine reference could loop at compile time. Example: /[^\xff]((?1))/.
+
+8. When a pattern is compiled, it remembers the highest back reference so that
+   when matching, if the ovector is too small, extra memory can be obtained to
+   use instead. A conditional subpattern whose condition is a check on a
+   capture having happened, such as, for example in the pattern
+   /^(?:(a)|b)(?(1)A|B)/, is another kind of back reference, but it was not
+   setting the highest backreference number. This mattered only if pcre_exec()
+   was called with an ovector that was too small to hold the capture, and there
+   was no other kind of back reference (a situation which is probably quite
+   rare). The effect of the bug was that the condition was always treated as
+   FALSE when the capture could not be consulted, leading to a incorrect
+   behaviour by pcre_exec(). This bug has been fixed.
+
+9. A reference to a duplicated named group (either a back reference or a test
+   for being set in a conditional) that occurred in a part of the pattern where
+   PCRE_DUPNAMES was not set caused the amount of memory needed for the pattern
+   to be incorrectly calculated, leading to overwriting.
+
+10. A mutually recursive set of back references such as (\2)(\1) caused a
+    segfault at study time (while trying to find the minimum matching length).
+    The infinite loop is now broken (with the minimum length unset, that is,
+    zero).
+
+11. If an assertion that was used as a condition was quantified with a minimum
+    of zero, matching went wrong. In particular, if the whole group had
+    unlimited repetition and could match an empty string, a segfault was
+    likely. The pattern (?(?=0)?)+ is an example that caused this. Perl allows
+    assertions to be quantified, but not if they are being used as conditions,
+    so the above pattern is faulted by Perl. PCRE has now been changed so that
+    it also rejects such patterns.
+
+12. A possessive capturing group such as (a)*+ with a minimum repeat of zero
+    failed to allow the zero-repeat case if pcre2_exec() was called with an
+    ovector too small to capture the group.
+
+13. Fixed two bugs in pcretest that were discovered by fuzzing and reported by
+    Red Hat Product Security:
+
+    (a) A crash if /K and /F were both set with the option to save the compiled
+    pattern.
+
+    (b) Another crash if the option to print captured substrings in a callout
+    was combined with setting a null ovector, for example \O\C+ as a subject
+    string.
+
+14. A pattern such as "((?2){0,1999}())?", which has a group containing a
+    forward reference repeated a large (but limited) number of times within a
+    repeated outer group that has a zero minimum quantifier, caused incorrect
+    code to be compiled, leading to the error "internal error:
+    previously-checked referenced subpattern not found" when an incorrect
+    memory address was read. This bug was reported as "heap overflow",
+    discovered by Kai Lu of Fortinet's FortiGuard Labs and given the CVE number
+    CVE-2015-2325.
+
+23. A pattern such as "((?+1)(\1))/" containing a forward reference subroutine
+    call within a group that also contained a recursive back reference caused
+    incorrect code to be compiled. This bug was reported as "heap overflow",
+    discovered by Kai Lu of Fortinet's FortiGuard Labs, and given the CVE
+    number CVE-2015-2326.
+
+24. Computing the size of the JIT read-only data in advance has been a source
+    of various issues, and new ones are still appear unfortunately. To fix
+    existing and future issues, size computation is eliminated from the code,
+    and replaced by on-demand memory allocation.
+
+25. A pattern such as /(?i)[A-`]/, where characters in the other case are
+    adjacent to the end of the range, and the range contained characters with
+    more than one other case, caused incorrect behaviour when compiled in UTF
+    mode. In that example, the range a-j was left out of the class.
+
+26. Fix JIT compilation of conditional blocks, which assertion
+    is converted to (*FAIL). E.g: /(?(?!))/.
+
+27. The pattern /(?(?!)^)/ caused references to random memory. This bug was
+    discovered by the LLVM fuzzer.
+
+28. The assertion (?!) is optimized to (*FAIL). This was not handled correctly
+    when this assertion was used as a condition, for example (?(?!)a|b). In
+    pcre2_match() it worked by luck; in pcre2_dfa_match() it gave an incorrect
+    error about an unsupported item.
+
+29. For some types of pattern, for example /Z*(|d*){216}/, the auto-
+    possessification code could take exponential time to complete. A recursion
+    depth limit of 1000 has been imposed to limit the resources used by this
+    optimization.
+
+30. A pattern such as /(*UTF)[\S\V\H]/, which contains a negated special class
+    such as \S in non-UCP mode, explicit wide characters (> 255) can be ignored
+    because \S ensures they are all in the class. The code for doing this was
+    interacting badly with the code for computing the amount of space needed to
+    compile the pattern, leading to a buffer overflow. This bug was discovered
+    by the LLVM fuzzer.
+
+31. A pattern such as /((?2)+)((?1))/ which has mutual recursion nested inside
+    other kinds of group caused stack overflow at compile time. This bug was
+    discovered by the LLVM fuzzer.
+
+32. A pattern such as /(?1)(?#?'){8}(a)/ which had a parenthesized comment
+    between a subroutine call and its quantifier was incorrectly compiled,
+    leading to buffer overflow or other errors. This bug was discovered by the
+    LLVM fuzzer.
+
+33. The illegal pattern /(?(?<E>.*!.*)?)/ was not being diagnosed as missing an
+    assertion after (?(. The code was failing to check the character after
+    (?(?< for the ! or = that would indicate a lookbehind assertion. This bug
+    was discovered by the LLVM fuzzer.
+
+34. A pattern such as /X((?2)()*+){2}+/ which has a possessive quantifier with
+    a fixed maximum following a group that contains a subroutine reference was
+    incorrectly compiled and could trigger buffer overflow. This bug was
+    discovered by the LLVM fuzzer.
+
+35. A mutual recursion within a lookbehind assertion such as (?<=((?2))((?1)))
+    caused a stack overflow instead of the diagnosis of a non-fixed length
+    lookbehind assertion. This bug was discovered by the LLVM fuzzer.
+
+36. The use of \K in a positive lookbehind assertion in a non-anchored pattern
+    (e.g. /(?<=\Ka)/) could make pcregrep loop.
+
+37. There was a similar problem to 36 in pcretest for global matches.
+
+38. If a greedy quantified \X was preceded by \C in UTF mode (e.g. \C\X*),
+    and a subsequent item in the pattern caused a non-match, backtracking over
+    the repeated \X did not stop, but carried on past the start of the subject,
+    causing reference to random memory and/or a segfault. There were also some
+    other cases where backtracking after \C could crash. This set of bugs was
+    discovered by the LLVM fuzzer.
+
+39. The function for finding the minimum length of a matching string could take
+    a very long time if mutual recursion was present many times in a pattern,
+    for example, /((?2){73}(?2))((?1))/. A better mutual recursion detection
+    method has been implemented. This infelicity was discovered by the LLVM
+    fuzzer.
+
+40. Static linking against the PCRE library using the pkg-config module was
+    failing on missing pthread symbols.
+
+
+Version 8.36 26-September-2014
+------------------------------
+
+1.  Got rid of some compiler warnings in the C++ modules that were shown up by
+    -Wmissing-field-initializers and -Wunused-parameter.
+
+2.  The tests for quantifiers being too big (greater than 65535) were being
+    applied after reading the number, and stupidly assuming that integer
+    overflow would give a negative number. The tests are now applied as the
+    numbers are read.
+
+3.  Tidy code in pcre_exec.c where two branches that used to be different are
+    now the same.
+
+4.  The JIT compiler did not generate match limit checks for certain
+    bracketed expressions with quantifiers. This may lead to exponential
+    backtracking, instead of returning with PCRE_ERROR_MATCHLIMIT. This
+    issue should be resolved now.
+
+5.  Fixed an issue, which occures when nested alternatives are optimized
+    with table jumps.
+
+6.  Inserted two casts and changed some ints to size_t in the light of some
+    reported 64-bit compiler warnings (Bugzilla 1477).
+
+7.  Fixed a bug concerned with zero-minimum possessive groups that could match
+    an empty string, which sometimes were behaving incorrectly in the
+    interpreter (though correctly in the JIT matcher). This pcretest input is
+    an example:
+
+      '\A(?:[^"]++|"(?:[^"]*+|"")*+")++'
+      NON QUOTED "QUOT""ED" AFTER "NOT MATCHED
+
+    the interpreter was reporting a match of 'NON QUOTED ' only, whereas the
+    JIT matcher and Perl both matched 'NON QUOTED "QUOT""ED" AFTER '. The test
+    for an empty string was breaking the inner loop and carrying on at a lower
+    level, when possessive repeated groups should always return to a higher
+    level as they have no backtrack points in them. The empty string test now
+    occurs at the outer level.
+
+8.  Fixed a bug that was incorrectly auto-possessifying \w+ in the pattern
+    ^\w+(?>\s*)(?<=\w) which caused it not to match "test test".
+
+9.  Give a compile-time error for \o{} (as Perl does) and for \x{} (which Perl
+    doesn't).
+
+10. Change 8.34/15 introduced a bug that caused the amount of memory needed
+    to hold a pattern to be incorrectly computed (too small) when there were
+    named back references to duplicated names. This could cause "internal
+    error: code overflow" or "double free or corruption" or other memory
+    handling errors.
+
+11. When named subpatterns had the same prefixes, back references could be
+    confused. For example, in this pattern:
+
+      /(?P<Name>a)?(?P<Name2>b)?(?(<Name>)c|d)*l/
+
+    the reference to 'Name' was incorrectly treated as a reference to a
+    duplicate name.
+
+12. A pattern such as /^s?c/mi8 where the optional character has more than
+    one "other case" was incorrectly compiled such that it would only try to
+    match starting at "c".
+
+13. When a pattern starting with \s was studied, VT was not included in the
+    list of possible starting characters; this should have been part of the
+    8.34/18 patch.
+
+14. If a character class started [\Qx]... where x is any character, the class
+    was incorrectly terminated at the ].
+
+15. If a pattern that started with a caseless match for a character with more
+    than one "other case" was studied, PCRE did not set up the starting code
+    unit bit map for the list of possible characters. Now it does. This is an
+    optimization improvement, not a bug fix.
+
+16. The Unicode data tables have been updated to Unicode 7.0.0.
+
+17. Fixed a number of memory leaks in pcregrep.
+
+18. Avoid a compiler warning (from some compilers) for a function call with
+    a cast that removes "const" from an lvalue by using an intermediate
+    variable (to which the compiler does not object).
+
+19. Incorrect code was compiled if a group that contained an internal recursive
+    back reference was optional (had quantifier with a minimum of zero). This
+    example compiled incorrect code: /(((a\2)|(a*)\g<-1>))*/ and other examples
+    caused segmentation faults because of stack overflows at compile time.
+
+20. A pattern such as /((?(R)a|(?1)))+/, which contains a recursion within a
+    group that is quantified with an indefinite repeat, caused a compile-time
+    loop which used up all the system stack and provoked a segmentation fault.
+    This was not the same bug as 19 above.
+
+21. Add PCRECPP_EXP_DECL declaration to operator<< in pcre_stringpiece.h.
+    Patch by Mike Frysinger.
+
+
+Version 8.35 04-April-2014
+--------------------------
+
+1.  A new flag is set, when property checks are present in an XCLASS.
+    When this flag is not set, PCRE can perform certain optimizations
+    such as studying these XCLASS-es.
+
+2.  The auto-possessification of character sets were improved: a normal
+    and an extended character set can be compared now. Furthermore
+    the JIT compiler optimizes more character set checks.
+
+3.  Got rid of some compiler warnings for potentially uninitialized variables
+    that show up only when compiled with -O2.
+
+4.  A pattern such as (?=ab\K) that uses \K in an assertion can set the start
+    of a match later then the end of the match. The pcretest program was not
+    handling the case sensibly - it was outputting from the start to the next
+    binary zero. It now reports this situation in a message, and outputs the
+    text from the end to the start.
+
+5.  Fast forward search is improved in JIT. Instead of the first three
+    characters, any three characters with fixed position can be searched.
+    Search order: first, last, middle.
+
+6.  Improve character range checks in JIT. Characters are read by an inprecise
+    function now, which returns with an unknown value if the character code is
+    above a certain threshold (e.g: 256). The only limitation is that the value
+    must be bigger than the threshold as well. This function is useful when
+    the characters above the threshold are handled in the same way.
+
+7.  The macros whose names start with RAWUCHAR are placeholders for a future
+    mode in which only the bottom 21 bits of 32-bit data items are used. To
+    make this more memorable for those maintaining the code, the names have
+    been changed to start with UCHAR21, and an extensive comment has been added
+    to their definition.
+
+8.  Add missing (new) files sljitNativeTILEGX.c and sljitNativeTILEGX-encoder.c
+    to the export list in Makefile.am (they were accidentally omitted from the
+    8.34 tarball).
+
+9.  The informational output from pcretest used the phrase "starting byte set"
+    which is inappropriate for the 16-bit and 32-bit libraries. As the output
+    for "first char" and "need char" really means "non-UTF-char", I've changed
+    "byte" to "char", and slightly reworded the output. The documentation about
+    these values has also been (I hope) clarified.
+
+10. Another JIT related optimization: use table jumps for selecting the correct
+    backtracking path, when more than four alternatives are present inside a
+    bracket.
+
+11. Empty match is not possible, when the minimum length is greater than zero,
+    and there is no \K in the pattern. JIT should avoid empty match checks in
+    such cases.
+
+12. In a caseless character class with UCP support, when a character with more
+    than one alternative case was not the first character of a range, not all
+    the alternative cases were added to the class. For example, s and \x{17f}
+    are both alternative cases for S: the class [RST] was handled correctly,
+    but [R-T] was not.
+
+13. The configure.ac file always checked for pthread support when JIT was
+    enabled. This is not used in Windows, so I have put this test inside a
+    check for the presence of windows.h (which was already tested for).
+
+14. Improve pattern prefix search by a simplified Boyer-Moore algorithm in JIT.
+    The algorithm provides a way to skip certain starting offsets, and usually
+    faster than linear prefix searches.
+
+15. Change 13 for 8.20 updated RunTest to check for the 'fr' locale as well
+    as for 'fr_FR' and 'french'. For some reason, however, it then used the
+    Windows-specific input and output files, which have 'french' screwed in.
+    So this could never have worked. One of the problems with locales is that
+    they aren't always the same. I have now updated RunTest so that it checks
+    the output of the locale test (test 3) against three different output
+    files, and it allows the test to pass if any one of them matches. With luck
+    this should make the test pass on some versions of Solaris where it was
+    failing. Because of the uncertainty, the script did not used to stop if
+    test 3 failed; it now does. If further versions of a French locale ever
+    come to light, they can now easily be added.
+
+16. If --with-pcregrep-bufsize was given a non-integer value such as "50K",
+    there was a message during ./configure, but it did not stop. This now
+    provokes an error. The invalid example in README has been corrected.
+    If a value less than the minimum is given, the minimum value has always
+    been used, but now a warning is given.
+
+17. If --enable-bsr-anycrlf was set, the special 16/32-bit test failed. This
+    was a bug in the test system, which is now fixed. Also, the list of various
+    configurations that are tested for each release did not have one with both
+    16/32 bits and --enable-bar-anycrlf. It now does.
+
+18. pcretest was missing "-C bsr" for displaying the \R default setting.
+
+19. Little endian PowerPC systems are supported now by the JIT compiler.
+
+20. The fast forward newline mechanism could enter to an infinite loop on
+    certain invalid UTF-8 input. Although we don't support these cases
+    this issue can be fixed by a performance optimization.
+
+21. Change 33 of 8.34 is not sufficient to ensure stack safety because it does
+    not take account if existing stack usage. There is now a new global
+    variable called pcre_stack_guard that can be set to point to an external
+    function to check stack availability. It is called at the start of
+    processing every parenthesized group.
+
+22. A typo in the code meant that in ungreedy mode the max/min qualifier
+    behaved like a min-possessive qualifier, and, for example, /a{1,3}b/U did
+    not match "ab".
+
+23. When UTF was disabled, the JIT program reported some incorrect compile
+    errors. These messages are silenced now.
+
+24. Experimental support for ARM-64 and MIPS-64 has been added to the JIT
+    compiler.
+
+25. Change all the temporary files used in RunGrepTest to be different to those
+    used by RunTest so that the tests can be run simultaneously, for example by
+    "make -j check".
+
+
+Version 8.34 15-December-2013
+-----------------------------
+
+1.  Add pcre[16|32]_jit_free_unused_memory to forcibly free unused JIT
+    executable memory. Patch inspired by Carsten Klein.
+
+2.  ./configure --enable-coverage defined SUPPORT_GCOV in config.h, although
+    this macro is never tested and has no effect, because the work to support
+    coverage involves only compiling and linking options and special targets in
+    the Makefile. The comment in config.h implied that defining the macro would
+    enable coverage support, which is totally false. There was also support for
+    setting this macro in the CMake files (my fault, I just copied it from
+    configure). SUPPORT_GCOV has now been removed.
+
+3.  Make a small performance improvement in strlen16() and strlen32() in
+    pcretest.
+
+4.  Change 36 for 8.33 left some unreachable statements in pcre_exec.c,
+    detected by the Solaris compiler (gcc doesn't seem to be able to diagnose
+    these cases). There was also one in pcretest.c.
+
+5.  Cleaned up a "may be uninitialized" compiler warning in pcre_exec.c.
+
+6.  In UTF mode, the code for checking whether a group could match an empty
+    string (which is used for indefinitely repeated groups to allow for
+    breaking an infinite loop) was broken when the group contained a repeated
+    negated single-character class with a character that occupied more than one
+    data item and had a minimum repetition of zero (for example, [^\x{100}]* in
+    UTF-8 mode). The effect was undefined: the group might or might not be
+    deemed as matching an empty string, or the program might have crashed.
+
+7.  The code for checking whether a group could match an empty string was not
+    recognizing that \h, \H, \v, \V, and \R must match a character.
+
+8.  Implemented PCRE_INFO_MATCH_EMPTY, which yields 1 if the pattern can match
+    an empty string. If it can, pcretest shows this in its information output.
+
+9.  Fixed two related bugs that applied to Unicode extended grapheme clusters
+    that were repeated with a maximizing qualifier (e.g. \X* or \X{2,5}) when
+    matched by pcre_exec() without using JIT:
+
+    (a) If the rest of the pattern did not match after a maximal run of
+        grapheme clusters, the code for backing up to try with fewer of them
+        did not always back up over a full grapheme when characters that do not
+        have the modifier quality were involved, e.g. Hangul syllables.
+
+    (b) If the match point in a subject started with modifier character, and
+        there was no match, the code could incorrectly back up beyond the match
+        point, and potentially beyond the first character in the subject,
+        leading to a segfault or an incorrect match result.
+
+10. A conditional group with an assertion condition could lead to PCRE
+    recording an incorrect first data item for a match if no other first data
+    item was recorded. For example, the pattern (?(?=ab)ab) recorded "a" as a
+    first data item, and therefore matched "ca" after "c" instead of at the
+    start.
+
+11. Change 40 for 8.33 (allowing pcregrep to find empty strings) showed up a
+    bug that caused the command "echo a | ./pcregrep -M '|a'" to loop.
+
+12. The source of pcregrep now includes z/OS-specific code so that it can be
+    compiled for z/OS as part of the special z/OS distribution.
+
+13. Added the -T and -TM options to pcretest.
+
+14. The code in pcre_compile.c for creating the table of named capturing groups
+    has been refactored. Instead of creating the table dynamically during the
+    actual compiling pass, the information is remembered during the pre-compile
+    pass (on the stack unless there are more than 20 named groups, in which
+    case malloc() is used) and the whole table is created before the actual
+    compile happens. This has simplified the code (it is now nearly 150 lines
+    shorter) and prepared the way for better handling of references to groups
+    with duplicate names.
+
+15. A back reference to a named subpattern when there is more than one of the
+    same name now checks them in the order in which they appear in the pattern.
+    The first one that is set is used for the reference. Previously only the
+    first one was inspected. This change makes PCRE more compatible with Perl.
+
+16. Unicode character properties were updated from Unicode 6.3.0.
+
+17. The compile-time code for auto-possessification has been refactored, based
+    on a patch by Zoltan Herczeg. It now happens after instead of during
+    compilation. The code is cleaner, and more cases are handled. The option
+    PCRE_NO_AUTO_POSSESS is added for testing purposes, and the -O and /O
+    options in pcretest are provided to set it. It can also be set by
+    (*NO_AUTO_POSSESS) at the start of a pattern.
+
+18. The character VT has been added to the default ("C" locale) set of
+    characters that match \s and are generally treated as white space,
+    following this same change in Perl 5.18. There is now no difference between
+    "Perl space" and "POSIX space". Whether VT is treated as white space in
+    other locales depends on the locale.
+
+19. The code for checking named groups as conditions, either for being set or
+    for being recursed, has been refactored (this is related to 14 and 15
+    above). Processing unduplicated named groups should now be as fast at
+    numerical groups, and processing duplicated groups should be faster than
+    before.
+
+20. Two patches to the CMake build system, by Alexander Barkov:
+
+      (1) Replace the "source" command by "." in CMakeLists.txt because
+          "source" is a bash-ism.
+
+      (2) Add missing HAVE_STDINT_H and HAVE_INTTYPES_H to config-cmake.h.in;
+          without these the CMake build does not work on Solaris.
+
+21. Perl has changed its handling of \8 and \9. If there is no previously
+    encountered capturing group of those numbers, they are treated as the
+    literal characters 8 and 9 instead of a binary zero followed by the
+    literals. PCRE now does the same.
+
+22. Following Perl, added \o{} to specify codepoints in octal, making it
+    possible to specify values greater than 0777 and also making them
+    unambiguous.
+
+23. Perl now gives an error for missing closing braces after \x{... instead of
+    treating the string as literal. PCRE now does the same.
+
+24. RunTest used to grumble if an inappropriate test was selected explicitly,
+    but just skip it when running all tests. This make it awkward to run ranges
+    of tests when one of them was inappropriate. Now it just skips any
+    inappropriate tests, as it always did when running all tests.
+
+25. If PCRE_AUTO_CALLOUT and PCRE_UCP were set for a pattern that contained
+    character types such as \d or \w, too many callouts were inserted, and the
+    data that they returned was rubbish.
+
+26. In UCP mode, \s was not matching two of the characters that Perl matches,
+    namely NEL (U+0085) and MONGOLIAN VOWEL SEPARATOR (U+180E), though they
+    were matched by \h. The code has now been refactored so that the lists of
+    the horizontal and vertical whitespace characters used for \h and \v (which
+    are defined only in one place) are now also used for \s.
+
+27. Add JIT support for the 64 bit TileGX architecture.
+    Patch by Jiong Wang (Tilera Corporation).
+
+28. Possessive quantifiers for classes (both explicit and automatically
+    generated) now use special opcodes instead of wrapping in ONCE brackets.
+
+29. Whereas an item such as A{4}+ ignored the possessivenes of the quantifier
+    (because it's meaningless), this was not happening when PCRE_CASELESS was
+    set. Not wrong, but inefficient.
+
+30. Updated perltest.pl to add /u (force Unicode mode) when /W (use Unicode
+    properties for \w, \d, etc) is present in a test regex. Otherwise if the
+    test contains no characters greater than 255, Perl doesn't realise it
+    should be using Unicode semantics.
+
+31. Upgraded the handling of the POSIX classes [:graph:], [:print:], and
+    [:punct:] when PCRE_UCP is set so as to include the same characters as Perl
+    does in Unicode mode.
+
+32. Added the "forbid" facility to pcretest so that putting tests into the
+    wrong test files can sometimes be quickly detected.
+
+33. There is now a limit (default 250) on the depth of nesting of parentheses.
+    This limit is imposed to control the amount of system stack used at compile
+    time. It can be changed at build time by --with-parens-nest-limit=xxx or
+    the equivalent in CMake.
+
+34. Character classes such as [A-\d] or [a-[:digit:]] now cause compile-time
+    errors. Perl warns for these when in warning mode, but PCRE has no facility
+    for giving warnings.
+
+35. Change 34 for 8.13 allowed quantifiers on assertions, because Perl does.
+    However, this was not working for (?!) because it is optimized to (*FAIL),
+    for which PCRE does not allow quantifiers. The optimization is now disabled
+    when a quantifier follows (?!). I can't see any use for this, but it makes
+    things uniform.
+
+36. Perl no longer allows group names to start with digits, so I have made this
+    change also in PCRE. It simplifies the code a bit.
+
+37. In extended mode, Perl ignores spaces before a + that indicates a
+    possessive quantifier. PCRE allowed a space before the quantifier, but not
+    before the possessive +. It now does.
+
+38. The use of \K (reset reported match start) within a repeated possessive
+    group such as (a\Kb)*+ was not working.
+
+40. Document that the same character tables must be used at compile time and
+    run time, and that the facility to pass tables to pcre_exec() and
+    pcre_dfa_exec() is for use only with saved/restored patterns.
+
+41. Applied Jeff Trawick's patch CMakeLists.txt, which "provides two new
+    features for Builds with MSVC:
+
+    1. Support pcre.rc and/or pcreposix.rc (as is already done for MinGW
+       builds). The .rc files can be used to set FileDescription and many other
+       attributes.
+
+    2. Add an option (-DINSTALL_MSVC_PDB) to enable installation of .pdb files.
+       This allows higher-level build scripts which want .pdb files to avoid
+       hard-coding the exact files needed."
+
+42. Added support for [[:<:]] and [[:>:]] as used in the BSD POSIX library to
+    mean "start of word" and "end of word", respectively, as a transition aid.
+
+43. A minimizing repeat of a class containing codepoints greater than 255 in
+    non-UTF 16-bit or 32-bit modes caused an internal error when PCRE was
+    compiled to use the heap for recursion.
+
+44. Got rid of some compiler warnings for unused variables when UTF but not UCP
+    is configured.
+
+
+Version 8.33 28-May-2013
+------------------------
+
+1.  Added 'U' to some constants that are compared to unsigned integers, to
+    avoid compiler signed/unsigned warnings. Added (int) casts to unsigned
+    variables that are added to signed variables, to ensure the result is
+    signed and can be negated.
+
+2.  Applied patch by Daniel Richard G for quashing MSVC warnings to the
+    CMake config files.
+
+3.  Revise the creation of config.h.generic so that all boolean macros are
+    #undefined, whereas non-boolean macros are #ifndef/#endif-ed. This makes
+    overriding via -D on the command line possible.
+
+4.  Changing the definition of the variable "op" in pcre_exec.c from pcre_uchar
+    to unsigned int is reported to make a quite noticeable speed difference in
+    a specific Windows environment. Testing on Linux did also appear to show
+    some benefit (and it is clearly not harmful). Also fixed the definition of
+    Xop which should be unsigned.
+
+5.  Related to (4), changing the definition of the intermediate variable cc
+    in repeated character loops from pcre_uchar to pcre_uint32 also gave speed
+    improvements.
+
+6.  Fix forward search in JIT when link size is 3 or greater. Also removed some
+    unnecessary spaces.
+
+7.  Adjust autogen.sh and configure.ac to lose warnings given by automake 1.12
+    and later.
+
+8.  Fix two buffer over read issues in 16 and 32 bit modes. Affects JIT only.
+
+9.  Optimizing fast_forward_start_bits in JIT.
+
+10. Adding support for callouts in JIT, and fixing some issues revealed
+    during this work. Namely:
+
+    (a) Unoptimized capturing brackets incorrectly reset on backtrack.
+
+    (b) Minimum length was not checked before the matching is started.
+
+11. The value of capture_last that is passed to callouts was incorrect in some
+    cases when there was a capture on one path that was subsequently abandoned
+    after a backtrack. Also, the capture_last value is now reset after a
+    recursion, since all captures are also reset in this case.
+
+12. The interpreter no longer returns the "too many substrings" error in the
+    case when an overflowing capture is in a branch that is subsequently
+    abandoned after a backtrack.
+
+13. In the pathological case when an offset vector of size 2 is used, pcretest
+    now prints out the matched string after a yield of 0 or 1.
+
+14. Inlining subpatterns in recursions, when certain conditions are fulfilled.
+    Only supported by the JIT compiler at the moment.
+
+15. JIT compiler now supports 32 bit Macs thanks to Lawrence Velazquez.
+
+16. Partial matches now set offsets[2] to the "bumpalong" value, that is, the
+    offset of the starting point of the matching process, provided the offsets
+    vector is large enough.
+
+17. The \A escape now records a lookbehind value of 1, though its execution
+    does not actually inspect the previous character. This is to ensure that,
+    in partial multi-segment matching, at least one character from the old
+    segment is retained when a new segment is processed. Otherwise, if there
+    are no lookbehinds in the pattern, \A might match incorrectly at the start
+    of a new segment.
+
+18. Added some #ifdef __VMS code into pcretest.c to help VMS implementations.
+
+19. Redefined some pcre_uchar variables in pcre_exec.c as pcre_uint32; this
+    gives some modest performance improvement in 8-bit mode.
+
+20. Added the PCRE-specific property \p{Xuc} for matching characters that can
+    be expressed in certain programming languages using Universal Character
+    Names.
+
+21. Unicode validation has been updated in the light of Unicode Corrigendum #9,
+    which points out that "non characters" are not "characters that may not
+    appear in Unicode strings" but rather "characters that are reserved for
+    internal use and have only local meaning".
+
+22. When a pattern was compiled with automatic callouts (PCRE_AUTO_CALLOUT) and
+    there was a conditional group that depended on an assertion, if the
+    assertion was false, the callout that immediately followed the alternation
+    in the condition was skipped when pcre_exec() was used for matching.
+
+23. Allow an explicit callout to be inserted before an assertion that is the
+    condition for a conditional group, for compatibility with automatic
+    callouts, which always insert a callout at this point.
+
+24. In 8.31, (*COMMIT) was confined to within a recursive subpattern. Perl also
+    confines (*SKIP) and (*PRUNE) in the same way, and this has now been done.
+
+25. (*PRUNE) is now supported by the JIT compiler.
+
+26. Fix infinite loop when /(?<=(*SKIP)ac)a/ is matched against aa.
+
+27. Fix the case where there are two or more SKIPs with arguments that may be
+    ignored.
+
+28. (*SKIP) is now supported by the JIT compiler.
+
+29. (*THEN) is now supported by the JIT compiler.
+
+30. Update RunTest with additional test selector options.
+
+31. The way PCRE handles backtracking verbs has been changed in two ways.
+
+    (1) Previously, in something like (*COMMIT)(*SKIP), COMMIT would override
+    SKIP. Now, PCRE acts on whichever backtracking verb is reached first by
+    backtracking. In some cases this makes it more Perl-compatible, but Perl's
+    rather obscure rules do not always do the same thing.
+
+    (2) Previously, backtracking verbs were confined within assertions. This is
+    no longer the case for positive assertions, except for (*ACCEPT). Again,
+    this sometimes improves Perl compatibility, and sometimes does not.
+
+32. A number of tests that were in test 2 because Perl did things differently
+    have been moved to test 1, because either Perl or PCRE has changed, and
+    these tests are now compatible.
+
+32. Backtracking control verbs are now handled in the same way in JIT and
+    interpreter.
+
+33. An opening parenthesis in a MARK/PRUNE/SKIP/THEN name in a pattern that
+    contained a forward subroutine reference caused a compile error.
+
+34. Auto-detect and optimize limited repetitions in JIT.
+
+35. Implement PCRE_NEVER_UTF to lock out the use of UTF, in particular,
+    blocking (*UTF) etc.
+
+36. In the interpreter, maximizing pattern repetitions for characters and
+    character types now use tail recursion, which reduces stack usage.
+
+37. The value of the max lookbehind was not correctly preserved if a compiled
+    and saved regex was reloaded on a host of different endianness.
+
+38. Implemented (*LIMIT_MATCH) and (*LIMIT_RECURSION). As part of the extension
+    of the compiled pattern block, expand the flags field from 16 to 32 bits
+    because it was almost full.
+
+39. Try madvise first before posix_madvise.
+
+40. Change 7 for PCRE 7.9 made it impossible for pcregrep to find empty lines
+    with a pattern such as ^$. It has taken 4 years for anybody to notice! The
+    original change locked out all matches of empty strings. This has been
+    changed so that one match of an empty string per line is recognized.
+    Subsequent searches on the same line (for colouring or for --only-matching,
+    for example) do not recognize empty strings.
+
+41. Applied a user patch to fix a number of spelling mistakes in comments.
+
+42. Data lines longer than 65536 caused pcretest to crash.
+
+43. Clarified the data type for length and startoffset arguments for pcre_exec
+    and pcre_dfa_exec in the function-specific man pages, where they were
+    explicitly stated to be in bytes, never having been updated. I also added
+    some clarification to the pcreapi man page.
+
+44. A call to pcre_dfa_exec() with an output vector size less than 2 caused
+    a segmentation fault.
+
+
+Version 8.32 30-November-2012
+-----------------------------
+
+1.  Improved JIT compiler optimizations for first character search and single
+    character iterators.
+
+2.  Supporting IBM XL C compilers for PPC architectures in the JIT compiler.
+    Patch by Daniel Richard G.
+
+3.  Single character iterator optimizations in the JIT compiler.
+
+4.  Improved JIT compiler optimizations for character ranges.
+
+5.  Rename the "leave" variable names to "quit" to improve WinCE compatibility.
+    Reported by Giuseppe D'Angelo.
+
+6.  The PCRE_STARTLINE bit, indicating that a match can occur only at the start
+    of a line, was being set incorrectly in cases where .* appeared inside
+    atomic brackets at the start of a pattern, or where there was a subsequent
+    *PRUNE or *SKIP.
+
+7.  Improved instruction cache flush for POWER/PowerPC.
+    Patch by Daniel Richard G.
+
+8.  Fixed a number of issues in pcregrep, making it more compatible with GNU
+    grep:
+
+    (a) There is now no limit to the number of patterns to be matched.
+
+    (b) An error is given if a pattern is too long.
+
+    (c) Multiple uses of --exclude, --exclude-dir, --include, and --include-dir
+        are now supported.
+
+    (d) --exclude-from and --include-from (multiple use) have been added.
+
+    (e) Exclusions and inclusions now apply to all files and directories, not
+        just to those obtained from scanning a directory recursively.
+
+    (f) Multiple uses of -f and --file-list are now supported.
+
+    (g) In a Windows environment, the default for -d has been changed from
+        "read" (the GNU grep default) to "skip", because otherwise the presence
+        of a directory in the file list provokes an error.
+
+    (h) The documentation has been revised and clarified in places.
+
+9.  Improve the matching speed of capturing brackets.
+
+10. Changed the meaning of \X so that it now matches a Unicode extended
+    grapheme cluster.
+
+11. Patch by Daniel Richard G to the autoconf files to add a macro for sorting
+    out POSIX threads when JIT support is configured.
+
+12. Added support for PCRE_STUDY_EXTRA_NEEDED.
+
+13. In the POSIX wrapper regcomp() function, setting re_nsub field in the preg
+    structure could go wrong in environments where size_t is not the same size
+    as int.
+
+14. Applied user-supplied patch to pcrecpp.cc to allow PCRE_NO_UTF8_CHECK to be
+    set.
+
+15. The EBCDIC support had decayed; later updates to the code had included
+    explicit references to (e.g.) \x0a instead of CHAR_LF. There has been a
+    general tidy up of EBCDIC-related issues, and the documentation was also
+    not quite right. There is now a test that can be run on ASCII systems to
+    check some of the EBCDIC-related things (but is it not a full test).
+
+16. The new PCRE_STUDY_EXTRA_NEEDED option is now used by pcregrep, resulting
+    in a small tidy to the code.
+
+17. Fix JIT tests when UTF is disabled and both 8 and 16 bit mode are enabled.
+
+18. If the --only-matching (-o) option in pcregrep is specified multiple
+    times, each one causes appropriate output. For example, -o1 -o2 outputs the
+    substrings matched by the 1st and 2nd capturing parentheses. A separating
+    string can be specified by --om-separator (default empty).
+
+19. Improving the first n character searches.
+
+20. Turn case lists for horizontal and vertical white space into macros so that
+    they are defined only once.
+
+21. This set of changes together give more compatible Unicode case-folding
+    behaviour for characters that have more than one other case when UCP
+    support is available.
+
+    (a) The Unicode property table now has offsets into a new table of sets of
+        three or more characters that are case-equivalent. The MultiStage2.py
+        script that generates these tables (the pcre_ucd.c file) now scans
+        CaseFolding.txt instead of UnicodeData.txt for character case
+        information.
+
+    (b) The code for adding characters or ranges of characters to a character
+        class has been abstracted into a generalized function that also handles
+        case-independence. In UTF-mode with UCP support, this uses the new data
+        to handle characters with more than one other case.
+
+    (c) A bug that is fixed as a result of (b) is that codepoints less than 256
+        whose other case is greater than 256 are now correctly matched
+        caselessly. Previously, the high codepoint matched the low one, but not
+        vice versa.
+
+    (d) The processing of \h, \H, \v, and \ in character classes now makes use
+        of the new class addition function, using character lists defined as
+        macros alongside the case definitions of 20 above.
+
+    (e) Caseless back references now work with characters that have more than
+        one other case.
+
+    (f) General caseless matching of characters with more than one other case
+        is supported.
+
+22. Unicode character properties were updated from Unicode 6.2.0
+
+23. Improved CMake support under Windows. Patch by Daniel Richard G.
+
+24. Add support for 32-bit character strings, and UTF-32
+
+25. Major JIT compiler update (code refactoring and bugfixing).
+    Experimental Sparc 32 support is added.
+
+26. Applied a modified version of Daniel Richard G's patch to create
+    pcre.h.generic and config.h.generic by "make" instead of in the
+    PrepareRelease script.
+
+27. Added a definition for CHAR_NULL (helpful for the z/OS port), and use it in
+    pcre_compile.c when checking for a zero character.
+
+28. Introducing a native interface for JIT. Through this interface, the compiled
+    machine code can be directly executed. The purpose of this interface is to
+    provide fast pattern matching, so several sanity checks are not performed.
+    However, feature tests are still performed. The new interface provides
+    1.4x speedup compared to the old one.
+
+29. If pcre_exec() or pcre_dfa_exec() was called with a negative value for
+    the subject string length, the error given was PCRE_ERROR_BADOFFSET, which
+    was confusing. There is now a new error PCRE_ERROR_BADLENGTH for this case.
+
+30. In 8-bit UTF-8 mode, pcretest failed to give an error for data codepoints
+    greater than 0x7fffffff (which cannot be represented in UTF-8, even under
+    the "old" RFC 2279). Instead, it ended up passing a negative length to
+    pcre_exec().
+
+31. Add support for GCC's visibility feature to hide internal functions.
+
+32. Running "pcretest -C pcre8" or "pcretest -C pcre16" gave a spurious error
+    "unknown -C option" after outputting 0 or 1.
+
+33. There is now support for generating a code coverage report for the test
+    suite in environments where gcc is the compiler and lcov is installed. This
+    is mainly for the benefit of the developers.
+
+34. If PCRE is built with --enable-valgrind, certain memory regions are marked
+    unaddressable using valgrind annotations, allowing valgrind to detect
+    invalid memory accesses. This is mainly for the benefit of the developers.
+
+25. (*UTF) can now be used to start a pattern in any of the three libraries.
+
+26. Give configure error if --enable-cpp but no C++ compiler found.
+
+
+Version 8.31 06-July-2012
+-------------------------
+
+1.  Fixing a wrong JIT test case and some compiler warnings.
+
+2.  Removed a bashism from the RunTest script.
+
+3.  Add a cast to pcre_exec.c to fix the warning "unary minus operator applied
+    to unsigned type, result still unsigned" that was given by an MS compiler
+    on encountering the code "-sizeof(xxx)".
+
+4.  Partial matching support is added to the JIT compiler.
+
+5.  Fixed several bugs concerned with partial matching of items that consist
+    of more than one character:
+
+    (a) /^(..)\1/ did not partially match "aba" because checking references was
+        done on an "all or nothing" basis. This also applied to repeated
+        references.
+
+    (b) \R did not give a hard partial match if \r was found at the end of the
+        subject.
+
+    (c) \X did not give a hard partial match after matching one or more
+        characters at the end of the subject.
+
+    (d) When newline was set to CRLF, a pattern such as /a$/ did not recognize
+        a partial match for the string "\r".
+
+    (e) When newline was set to CRLF, the metacharacter "." did not recognize
+        a partial match for a CR character at the end of the subject string.
+
+6.  If JIT is requested using /S++ or -s++ (instead of just /S+ or -s+) when
+    running pcretest, the text "(JIT)" added to the output whenever JIT is
+    actually used to run the match.
+
+7.  Individual JIT compile options can be set in pcretest by following -s+[+]
+    or /S+[+] with a digit between 1 and 7.
+
+8.  OP_NOT now supports any UTF character not just single-byte ones.
+
+9.  (*MARK) control verb is now supported by the JIT compiler.
+
+10. The command "./RunTest list" lists the available tests without actually
+    running any of them. (Because I keep forgetting what they all are.)
+
+11. Add PCRE_INFO_MAXLOOKBEHIND.
+
+12. Applied a (slightly modified) user-supplied patch that improves performance
+    when the heap is used for recursion (compiled with --disable-stack-for-
+    recursion). Instead of malloc and free for each heap frame each time a
+    logical recursion happens, frames are retained on a chain and re-used where
+    possible. This sometimes gives as much as 30% improvement.
+
+13. As documented, (*COMMIT) is now confined to within a recursive subpattern
+    call.
+
+14. As documented, (*COMMIT) is now confined to within a positive assertion.
+
+15. It is now possible to link pcretest with libedit as an alternative to
+    libreadline.
+
+16. (*COMMIT) control verb is now supported by the JIT compiler.
+
+17. The Unicode data tables have been updated to Unicode 6.1.0.
+
+18. Added --file-list option to pcregrep.
+
+19. Added binary file support to pcregrep, including the -a, --binary-files,
+    -I, and --text options.
+
+20. The madvise function is renamed for posix_madvise for QNX compatibility
+    reasons. Fixed by Giuseppe D'Angelo.
+
+21. Fixed a bug for backward assertions with REVERSE 0 in the JIT compiler.
+
+22. Changed the option for creating symbolic links for 16-bit man pages from
+    -s to -sf so that re-installing does not cause issues.
+
+23. Support PCRE_NO_START_OPTIMIZE in JIT as (*MARK) support requires it.
+
+24. Fixed a very old bug in pcretest that caused errors with restarted DFA
+    matches in certain environments (the workspace was not being correctly
+    retained). Also added to pcre_dfa_exec() a simple plausibility check on
+    some of the workspace data at the beginning of a restart.
+
+25. \s*\R was auto-possessifying the \s* when it should not, whereas \S*\R
+    was not doing so when it should - probably a typo introduced by SVN 528
+    (change 8.10/14).
+
+26. When PCRE_UCP was not set, \w+\x{c4} was incorrectly auto-possessifying the
+    \w+ when the character tables indicated that \x{c4} was a word character.
+    There were several related cases, all because the tests for doing a table
+    lookup were testing for characters less than 127 instead of 255.
+
+27. If a pattern contains capturing parentheses that are not used in a match,
+    their slots in the ovector are set to -1. For those that are higher than
+    any matched groups, this happens at the end of processing. In the case when
+    there were back references that the ovector was too small to contain
+    (causing temporary malloc'd memory to be used during matching), and the
+    highest capturing number was not used, memory off the end of the ovector
+    was incorrectly being set to -1. (It was using the size of the temporary
+    memory instead of the true size.)
+
+28. To catch bugs like 27 using valgrind, when pcretest is asked to specify an
+    ovector size, it uses memory at the end of the block that it has got.
+
+29. Check for an overlong MARK name and give an error at compile time. The
+    limit is 255 for the 8-bit library and 65535 for the 16-bit library.
+
+30. JIT compiler update.
+
+31. JIT is now supported on jailbroken iOS devices. Thanks for Ruiger
+    Rill for the patch.
+
+32. Put spaces around SLJIT_PRINT_D in the JIT compiler. Required by CXX11.
+
+33. Variable renamings in the PCRE-JIT compiler. No functionality change.
+
+34. Fixed typos in pcregrep: in two places there was SUPPORT_LIBZ2 instead of
+    SUPPORT_LIBBZ2. This caused a build problem when bzip2 but not gzip (zlib)
+    was enabled.
+
+35. Improve JIT code generation for greedy plus quantifier.
+
+36. When /((?:a?)*)*c/ or /((?>a?)*)*c/ was matched against "aac", it set group
+    1 to "aa" instead of to an empty string. The bug affected repeated groups
+    that could potentially match an empty string.
+
+37. Optimizing single character iterators in JIT.
+
+38. Wide characters specified with \uxxxx in JavaScript mode are now subject to
+    the same checks as \x{...} characters in non-JavaScript mode. Specifically,
+    codepoints that are too big for the mode are faulted, and in a UTF mode,
+    disallowed codepoints are also faulted.
+
+39. If PCRE was compiled with UTF support, in three places in the DFA
+    matcher there was code that should only have been obeyed in UTF mode, but
+    was being obeyed unconditionally. In 8-bit mode this could cause incorrect
+    processing when bytes with values greater than 127 were present. In 16-bit
+    mode the bug would be provoked by values in the range 0xfc00 to 0xdc00. In
+    both cases the values are those that cannot be the first data item in a UTF
+    character. The three items that might have provoked this were recursions,
+    possessively repeated groups, and atomic groups.
+
+40. Ensure that libpcre is explicitly listed in the link commands for pcretest
+    and pcregrep, because some OS require shared objects to be explicitly
+    passed to ld, causing the link step to fail if they are not.
+
+41. There were two incorrect #ifdefs in pcre_study.c, meaning that, in 16-bit
+    mode, patterns that started with \h* or \R* might be incorrectly matched.
+
+
+Version 8.30 04-February-2012
+-----------------------------
+
+1.  Renamed "isnumber" as "is_a_number" because in some Mac environments this
+    name is defined in ctype.h.
+
+2.  Fixed a bug in fixed-length calculation for lookbehinds that would show up
+    only in quite long subpatterns.
+
+3.  Removed the function pcre_info(), which has been obsolete and deprecated
+    since it was replaced by pcre_fullinfo() in February 2000.
+
+4.  For a non-anchored pattern, if (*SKIP) was given with a name that did not
+    match a (*MARK), and the match failed at the start of the subject, a
+    reference to memory before the start of the subject could occur. This bug
+    was introduced by fix 17 of release 8.21.
+
+5.  A reference to an unset group with zero minimum repetition was giving
+    totally wrong answers (in non-JavaScript-compatibility mode). For example,
+    /(another)?(\1?)test/ matched against "hello world test". This bug was
+    introduced in release 8.13.
+
+6.  Add support for 16-bit character strings (a large amount of work involving
+    many changes and refactorings).
+
+7.  RunGrepTest failed on msys because \r\n was replaced by whitespace when the
+    command "pattern=`printf 'xxx\r\njkl'`" was run. The pattern is now taken
+    from a file.
+
+8.  Ovector size of 2 is also supported by JIT based pcre_exec (the ovector size
+    rounding is not applied in this particular case).
+
+9.  The invalid Unicode surrogate codepoints U+D800 to U+DFFF are now rejected
+    if they appear, or are escaped, in patterns.
+
+10. Get rid of a number of -Wunused-but-set-variable warnings.
+
+11. The pattern /(?=(*:x))(q|)/ matches an empty string, and returns the mark
+    "x". The similar pattern /(?=(*:x))((*:y)q|)/ did not return a mark at all.
+    Oddly, Perl behaves the same way. PCRE has been fixed so that this pattern
+    also returns the mark "x". This bug applied to capturing parentheses,
+    non-capturing parentheses, and atomic parentheses. It also applied to some
+    assertions.
+
+12. Stephen Kelly's patch to CMakeLists.txt allows it to parse the version
+    information out of configure.ac instead of relying on pcre.h.generic, which
+    is not stored in the repository.
+
+13. Applied Dmitry V. Levin's patch for a more portable method for linking with
+    -lreadline.
+
+14. ZH added PCRE_CONFIG_JITTARGET; added its output to pcretest -C.
+
+15. Applied Graycode's patch to put the top-level frame on the stack rather
+    than the heap when not using the stack for recursion. This gives a
+    performance improvement in many cases when recursion is not deep.
+
+16. Experimental code added to "pcretest -C" to output the stack frame size.
+
+
+Version 8.21 12-Dec-2011
+------------------------
+
+1.  Updating the JIT compiler.
+
+2.  JIT compiler now supports OP_NCREF, OP_RREF and OP_NRREF. New test cases
+    are added as well.
+
+3.  Fix cache-flush issue on PowerPC (It is still an experimental JIT port).
+    PCRE_EXTRA_TABLES is not suported by JIT, and should be checked before
+    calling _pcre_jit_exec. Some extra comments are added.
+
+4.  (*MARK) settings inside atomic groups that do not contain any capturing
+    parentheses, for example, (?>a(*:m)), were not being passed out. This bug
+    was introduced by change 18 for 8.20.
+
+5.  Supporting of \x, \U and \u in JavaScript compatibility mode based on the
+    ECMA-262 standard.
+
+6.  Lookbehinds such as (?<=a{2}b) that contained a fixed repetition were
+    erroneously being rejected as "not fixed length" if PCRE_CASELESS was set.
+    This bug was probably introduced by change 9 of 8.13.
+
+7.  While fixing 6 above, I noticed that a number of other items were being
+    incorrectly rejected as "not fixed length". This arose partly because newer
+    opcodes had not been added to the fixed-length checking code. I have (a)
+    corrected the bug and added tests for these items, and (b) arranged for an
+    error to occur if an unknown opcode is encountered while checking for fixed
+    length instead of just assuming "not fixed length". The items that were
+    rejected were: (*ACCEPT), (*COMMIT), (*FAIL), (*MARK), (*PRUNE), (*SKIP),
+    (*THEN), \h, \H, \v, \V, and single character negative classes with fixed
+    repetitions, e.g. [^a]{3}, with and without PCRE_CASELESS.
+
+8.  A possessively repeated conditional subpattern such as (?(?=c)c|d)++ was
+    being incorrectly compiled and would have given unpredicatble results.
+
+9.  A possessively repeated subpattern with minimum repeat count greater than
+    one behaved incorrectly. For example, (A){2,}+ behaved as if it was
+    (A)(A)++ which meant that, after a subsequent mismatch, backtracking into
+    the first (A) could occur when it should not.
+
+10. Add a cast and remove a redundant test from the code.
+
+11. JIT should use pcre_malloc/pcre_free for allocation.
+
+12. Updated pcre-config so that it no longer shows -L/usr/lib, which seems
+    best practice nowadays, and helps with cross-compiling. (If the exec_prefix
+    is anything other than /usr, -L is still shown).
+
+13. In non-UTF-8 mode, \C is now supported in lookbehinds and DFA matching.
+
+14. Perl does not support \N without a following name in a [] class; PCRE now
+    also gives an error.
+
+15. If a forward reference was repeated with an upper limit of around 2000,
+    it caused the error "internal error: overran compiling workspace". The
+    maximum number of forward references (including repeats) was limited by the
+    internal workspace, and dependent on the LINK_SIZE. The code has been
+    rewritten so that the workspace expands (via pcre_malloc) if necessary, and
+    the default depends on LINK_SIZE. There is a new upper limit (for safety)
+    of around 200,000 forward references. While doing this, I also speeded up
+    the filling in of repeated forward references.
+
+16. A repeated forward reference in a pattern such as (a)(?2){2}(.) was
+    incorrectly expecting the subject to contain another "a" after the start.
+
+17. When (*SKIP:name) is activated without a corresponding (*MARK:name) earlier
+    in the match, the SKIP should be ignored. This was not happening; instead
+    the SKIP was being treated as NOMATCH. For patterns such as
+    /A(*MARK:A)A+(*SKIP:B)Z|AAC/ this meant that the AAC branch was never
+    tested.
+
+18. The behaviour of (*MARK), (*PRUNE), and (*THEN) has been reworked and is
+    now much more compatible with Perl, in particular in cases where the result
+    is a non-match for a non-anchored pattern. For example, if
+    /b(*:m)f|a(*:n)w/ is matched against "abc", the non-match returns the name
+    "m", where previously it did not return a name. A side effect of this
+    change is that for partial matches, the last encountered mark name is
+    returned, as for non matches. A number of tests that were previously not
+    Perl-compatible have been moved into the Perl-compatible test files. The
+    refactoring has had the pleasing side effect of removing one argument from
+    the match() function, thus reducing its stack requirements.
+
+19. If the /S+ option was used in pcretest to study a pattern using JIT,
+    subsequent uses of /S (without +) incorrectly behaved like /S+.
+
+21. Retrieve executable code size support for the JIT compiler and fixing
+    some warnings.
+
+22. A caseless match of a UTF-8 character whose other case uses fewer bytes did
+    not work when the shorter character appeared right at the end of the
+    subject string.
+
+23. Added some (int) casts to non-JIT modules to reduce warnings on 64-bit
+    systems.
+
+24. Added PCRE_INFO_JITSIZE to pass on the value from (21) above, and also
+    output it when the /M option is used in pcretest.
+
+25. The CheckMan script was not being included in the distribution. Also, added
+    an explicit "perl" to run Perl scripts from the PrepareRelease script
+    because this is reportedly needed in Windows.
+
+26. If study data was being save in a file and studying had not found a set of
+    "starts with" bytes for the pattern, the data written to the file (though
+    never used) was taken from uninitialized memory and so caused valgrind to
+    complain.
+
+27. Updated RunTest.bat as provided by Sheri Pierce.
+
+28. Fixed a possible uninitialized memory bug in pcre_jit_compile.c.
+
+29. Computation of memory usage for the table of capturing group names was
+    giving an unnecessarily large value.
+
+
+Version 8.20 21-Oct-2011
+------------------------
+
+1.  Change 37 of 8.13 broke patterns like [:a]...[b:] because it thought it had
+    a POSIX class. After further experiments with Perl, which convinced me that
+    Perl has bugs and confusions, a closing square bracket is no longer allowed
+    in a POSIX name. This bug also affected patterns with classes that started
+    with full stops.
+
+2.  If a pattern such as /(a)b|ac/ is matched against "ac", there is no
+    captured substring, but while checking the failing first alternative,
+    substring 1 is temporarily captured. If the output vector supplied to
+    pcre_exec() was not big enough for this capture, the yield of the function
+    was still zero ("insufficient space for captured substrings"). This cannot
+    be totally fixed without adding another stack variable, which seems a lot
+    of expense for a edge case. However, I have improved the situation in cases
+    such as /(a)(b)x|abc/ matched against "abc", where the return code
+    indicates that fewer than the maximum number of slots in the ovector have
+    been set.
+
+3.  Related to (2) above: when there are more back references in a pattern than
+    slots in the output vector, pcre_exec() uses temporary memory during
+    matching, and copies in the captures as far as possible afterwards. It was
+    using the entire output vector, but this conflicts with the specification
+    that only 2/3 is used for passing back captured substrings. Now it uses
+    only the first 2/3, for compatibility. This is, of course, another edge
+    case.
+
+4.  Zoltan Herczeg's just-in-time compiler support has been integrated into the
+    main code base, and can be used by building with --enable-jit. When this is
+    done, pcregrep automatically uses it unless --disable-pcregrep-jit or the
+    runtime --no-jit option is given.
+
+5.  When the number of matches in a pcre_dfa_exec() run exactly filled the
+    ovector, the return from the function was zero, implying that there were
+    other matches that did not fit. The correct "exactly full" value is now
+    returned.
+
+6.  If a subpattern that was called recursively or as a subroutine contained
+    (*PRUNE) or any other control that caused it to give a non-standard return,
+    invalid errors such as "Error -26 (nested recursion at the same subject
+    position)" or even infinite loops could occur.
+
+7.  If a pattern such as /a(*SKIP)c|b(*ACCEPT)|/ was studied, it stopped
+    computing the minimum length on reaching *ACCEPT, and so ended up with the
+    wrong value of 1 rather than 0. Further investigation indicates that
+    computing a minimum subject length in the presence of *ACCEPT is difficult
+    (think back references, subroutine calls), and so I have changed the code
+    so that no minimum is registered for a pattern that contains *ACCEPT.
+
+8.  If (*THEN) was present in the first (true) branch of a conditional group,
+    it was not handled as intended. [But see 16 below.]
+
+9.  Replaced RunTest.bat and CMakeLists.txt with improved versions provided by
+    Sheri Pierce.
+
+10. A pathological pattern such as /(*ACCEPT)a/ was miscompiled, thinking that
+    the first byte in a match must be "a".
+
+11. Change 17 for 8.13 increased the recursion depth for patterns like
+    /a(?:.)*?a/ drastically. I've improved things by remembering whether a
+    pattern contains any instances of (*THEN). If it does not, the old
+    optimizations are restored. It would be nice to do this on a per-group
+    basis, but at the moment that is not feasible.
+
+12. In some environments, the output of pcretest -C is CRLF terminated. This
+    broke RunTest's code that checks for the link size. A single white space
+    character after the value is now allowed for.
+
+13. RunTest now checks for the "fr" locale as well as for "fr_FR" and "french".
+    For "fr", it uses the Windows-specific input and output files.
+
+14. If (*THEN) appeared in a group that was called recursively or as a
+    subroutine, it did not work as intended. [But see next item.]
+
+15. Consider the pattern /A (B(*THEN)C) | D/ where A, B, C, and D are complex
+    pattern fragments (but not containing any | characters). If A and B are
+    matched, but there is a failure in C so that it backtracks to (*THEN), PCRE
+    was behaving differently to Perl. PCRE backtracked into A, but Perl goes to
+    D. In other words, Perl considers parentheses that do not contain any |
+    characters to be part of a surrounding alternative, whereas PCRE was
+    treading (B(*THEN)C) the same as (B(*THEN)C|(*FAIL)) -- which Perl handles
+    differently. PCRE now behaves in the same way as Perl, except in the case
+    of subroutine/recursion calls such as (?1) which have in any case always
+    been different (but PCRE had them first :-).
+
+16. Related to 15 above: Perl does not treat the | in a conditional group as
+    creating alternatives. Such a group is treated in the same way as an
+    ordinary group without any | characters when processing (*THEN). PCRE has
+    been changed to match Perl's behaviour.
+
+17. If a user had set PCREGREP_COLO(U)R to something other than 1:31, the
+    RunGrepTest script failed.
+
+18. Change 22 for version 13 caused atomic groups to use more stack. This is
+    inevitable for groups that contain captures, but it can lead to a lot of
+    stack use in large patterns. The old behaviour has been restored for atomic
+    groups that do not contain any capturing parentheses.
+
+19. If the PCRE_NO_START_OPTIMIZE option was set for pcre_compile(), it did not
+    suppress the check for a minimum subject length at run time. (If it was
+    given to pcre_exec() or pcre_dfa_exec() it did work.)
+
+20. Fixed an ASCII-dependent infelicity in pcretest that would have made it
+    fail to work when decoding hex characters in data strings in EBCDIC
+    environments.
+
+21. It appears that in at least one Mac OS environment, the isxdigit() function
+    is implemented as a macro that evaluates to its argument more than once,
+    contravening the C 90 Standard (I haven't checked a later standard). There
+    was an instance in pcretest which caused it to go wrong when processing
+    \x{...} escapes in subject strings. The has been rewritten to avoid using
+    things like p++ in the argument of isxdigit().
+
+
+Version 8.13 16-Aug-2011
+------------------------
+
+1.  The Unicode data tables have been updated to Unicode 6.0.0.
+
+2.  Two minor typos in pcre_internal.h have been fixed.
+
+3.  Added #include <string.h> to pcre_scanner_unittest.cc, pcrecpp.cc, and
+    pcrecpp_unittest.cc. They are needed for strcmp(), memset(), and strchr()
+    in some environments (e.g. Solaris 10/SPARC using Sun Studio 12U2).
+
+4.  There were a number of related bugs in the code for matching backrefences
+    caselessly in UTF-8 mode when codes for the characters concerned were
+    different numbers of bytes. For example, U+023A and U+2C65 are an upper
+    and lower case pair, using 2 and 3 bytes, respectively. The main bugs were:
+    (a) A reference to 3 copies of a 2-byte code matched only 2 of a 3-byte
+    code. (b) A reference to 2 copies of a 3-byte code would not match 2 of a
+    2-byte code at the end of the subject (it thought there wasn't enough data
+    left).
+
+5.  Comprehensive information about what went wrong is now returned by
+    pcre_exec() and pcre_dfa_exec() when the UTF-8 string check fails, as long
+    as the output vector has at least 2 elements. The offset of the start of
+    the failing character and a reason code are placed in the vector.
+
+6.  When the UTF-8 string check fails for pcre_compile(), the offset that is
+    now returned is for the first byte of the failing character, instead of the
+    last byte inspected. This is an incompatible change, but I hope it is small
+    enough not to be a problem. It makes the returned offset consistent with
+    pcre_exec() and pcre_dfa_exec().
+
+7.  pcretest now gives a text phrase as well as the error number when
+    pcre_exec() or pcre_dfa_exec() fails; if the error is a UTF-8 check
+    failure, the offset and reason code are output.
+
+8.  When \R was used with a maximizing quantifier it failed to skip backwards
+    over a \r\n pair if the subsequent match failed. Instead, it just skipped
+    back over a single character (\n). This seems wrong (because it treated the
+    two characters as a single entity when going forwards), conflicts with the
+    documentation that \R is equivalent to (?>\r\n|\n|...etc), and makes the
+    behaviour of \R* different to (\R)*, which also seems wrong. The behaviour
+    has been changed.
+
+9.  Some internal refactoring has changed the processing so that the handling
+    of the PCRE_CASELESS and PCRE_MULTILINE options is done entirely at compile
+    time (the PCRE_DOTALL option was changed this way some time ago: version
+    7.7 change 16). This has made it possible to abolish the OP_OPT op code,
+    which was always a bit of a fudge. It also means that there is one less
+    argument for the match() function, which reduces its stack requirements
+    slightly. This change also fixes an incompatibility with Perl: the pattern
+    (?i:([^b]))(?1) should not match "ab", but previously PCRE gave a match.
+
+10. More internal refactoring has drastically reduced the number of recursive
+    calls to match() for possessively repeated groups such as (abc)++ when
+    using pcre_exec().
+
+11. While implementing 10, a number of bugs in the handling of groups were
+    discovered and fixed:
+
+    (?<=(a)+) was not diagnosed as invalid (non-fixed-length lookbehind).
+    (a|)*(?1) gave a compile-time internal error.
+    ((a|)+)+  did not notice that the outer group could match an empty string.
+    (^a|^)+   was not marked as anchored.
+    (.*a|.*)+ was not marked as matching at start or after a newline.
+
+12. Yet more internal refactoring has removed another argument from the match()
+    function. Special calls to this function are now indicated by setting a
+    value in a variable in the "match data" data block.
+
+13. Be more explicit in pcre_study() instead of relying on "default" for
+    opcodes that mean there is no starting character; this means that when new
+    ones are added and accidentally left out of pcre_study(), testing should
+    pick them up.
+
+14. The -s option of pcretest has been documented for ages as being an old
+    synonym of -m (show memory usage). I have changed it to mean "force study
+    for every regex", that is, assume /S for every regex. This is similar to -i
+    and -d etc. It's slightly incompatible, but I'm hoping nobody is still
+    using it. It makes it easier to run collections of tests with and without
+    study enabled, and thereby test pcre_study() more easily. All the standard
+    tests are now run with and without -s (but some patterns can be marked as
+    "never study" - see 20 below).
+
+15. When (*ACCEPT) was used in a subpattern that was called recursively, the
+    restoration of the capturing data to the outer values was not happening
+    correctly.
+
+16. If a recursively called subpattern ended with (*ACCEPT) and matched an
+    empty string, and PCRE_NOTEMPTY was set, pcre_exec() thought the whole
+    pattern had matched an empty string, and so incorrectly returned a no
+    match.
+
+17. There was optimizing code for the last branch of non-capturing parentheses,
+    and also for the obeyed branch of a conditional subexpression, which used
+    tail recursion to cut down on stack usage. Unfortunately, now that there is
+    the possibility of (*THEN) occurring in these branches, tail recursion is
+    no longer possible because the return has to be checked for (*THEN). These
+    two optimizations have therefore been removed. [But see 8.20/11 above.]
+
+18. If a pattern containing \R was studied, it was assumed that \R always
+    matched two bytes, thus causing the minimum subject length to be
+    incorrectly computed because \R can also match just one byte.
+
+19. If a pattern containing (*ACCEPT) was studied, the minimum subject length
+    was incorrectly computed.
+
+20. If /S is present twice on a test pattern in pcretest input, it now
+    *disables* studying, thereby overriding the use of -s on the command line
+    (see 14 above). This is necessary for one or two tests to keep the output
+    identical in both cases.
+
+21. When (*ACCEPT) was used in an assertion that matched an empty string and
+    PCRE_NOTEMPTY was set, PCRE applied the non-empty test to the assertion.
+
+22. When an atomic group that contained a capturing parenthesis was
+    successfully matched, but the branch in which it appeared failed, the
+    capturing was not being forgotten if a higher numbered group was later
+    captured. For example, /(?>(a))b|(a)c/ when matching "ac" set capturing
+    group 1 to "a", when in fact it should be unset. This applied to multi-
+    branched capturing and non-capturing groups, repeated or not, and also to
+    positive assertions (capturing in negative assertions does not happen
+    in PCRE) and also to nested atomic groups.
+
+23. Add the ++ qualifier feature to pcretest, to show the remainder of the
+    subject after a captured substring, to make it easier to tell which of a
+    number of identical substrings has been captured.
+
+24. The way atomic groups are processed by pcre_exec() has been changed so that
+    if they are repeated, backtracking one repetition now resets captured
+    values correctly. For example, if ((?>(a+)b)+aabab) is matched against
+    "aaaabaaabaabab" the value of captured group 2 is now correctly recorded as
+    "aaa". Previously, it would have been "a". As part of this code
+    refactoring, the way recursive calls are handled has also been changed.
+
+25. If an assertion condition captured any substrings, they were not passed
+    back unless some other capturing happened later. For example, if
+    (?(?=(a))a) was matched against "a", no capturing was returned.
+
+26. When studying a pattern that contained subroutine calls or assertions,
+    the code for finding the minimum length of a possible match was handling
+    direct recursions such as (xxx(?1)|yyy) but not mutual recursions (where
+    group 1 called group 2 while simultaneously a separate group 2 called group
+    1). A stack overflow occurred in this case. I have fixed this by limiting
+    the recursion depth to 10.
+
+27. Updated RunTest.bat in the distribution to the version supplied by Tom
+    Fortmann. This supports explicit test numbers on the command line, and has
+    argument validation and error reporting.
+
+28. An instance of \X with an unlimited repeat could fail if at any point the
+    first character it looked at was a mark character.
+
+29. Some minor code refactoring concerning Unicode properties and scripts
+    should reduce the stack requirement of match() slightly.
+
+30. Added the '=' option to pcretest to check the setting of unused capturing
+    slots at the end of the pattern, which are documented as being -1, but are
+    not included in the return count.
+
+31. If \k was not followed by a braced, angle-bracketed, or quoted name, PCRE
+    compiled something random. Now it gives a compile-time error (as does
+    Perl).
+
+32. A *MARK encountered during the processing of a positive assertion is now
+    recorded and passed back (compatible with Perl).
+
+33. If --only-matching or --colour was set on a pcregrep call whose pattern
+    had alternative anchored branches, the search for a second match in a line
+    was done as if at the line start. Thus, for example, /^01|^02/ incorrectly
+    matched the line "0102" twice. The same bug affected patterns that started
+    with a backwards assertion. For example /\b01|\b02/ also matched "0102"
+    twice.
+
+34. Previously, PCRE did not allow quantification of assertions. However, Perl
+    does, and because of capturing effects, quantifying parenthesized
+    assertions may at times be useful. Quantifiers are now allowed for
+    parenthesized assertions.
+
+35. A minor code tidy in pcre_compile() when checking options for \R usage.
+
+36. \g was being checked for fancy things in a character class, when it should
+    just be a literal "g".
+
+37. PCRE was rejecting [:a[:digit:]] whereas Perl was not. It seems that the
+    appearance of a nested POSIX class supersedes an apparent external class.
+    For example, [:a[:digit:]b:] matches "a", "b", ":", or a digit. Also,
+    unescaped square brackets may also appear as part of class names. For
+    example, [:a[:abc]b:] gives unknown class "[:abc]b:]". PCRE now behaves
+    more like Perl. (But see 8.20/1 above.)
+
+38. PCRE was giving an error for \N with a braced quantifier such as {1,} (this
+    was because it thought it was \N{name}, which is not supported).
+
+39. Add minix to OS list not supporting the -S option in pcretest.
+
+40. PCRE tries to detect cases of infinite recursion at compile time, but it
+    cannot analyze patterns in sufficient detail to catch mutual recursions
+    such as ((?1))((?2)). There is now a runtime test that gives an error if a
+    subgroup is called recursively as a subpattern for a second time at the
+    same position in the subject string. In previous releases this might have
+    been caught by the recursion limit, or it might have run out of stack.
+
+41. A pattern such as /(?(R)a+|(?R)b)/ is quite safe, as the recursion can
+    happen only once. PCRE was, however incorrectly giving a compile time error
+    "recursive call could loop indefinitely" because it cannot analyze the
+    pattern in sufficient detail. The compile time test no longer happens when
+    PCRE is compiling a conditional subpattern, but actual runaway loops are
+    now caught at runtime (see 40 above).
+
+42. It seems that Perl allows any characters other than a closing parenthesis
+    to be part of the NAME in (*MARK:NAME) and other backtracking verbs. PCRE
+    has been changed to be the same.
+
+43. Updated configure.ac to put in more quoting round AC_LANG_PROGRAM etc. so
+    as not to get warnings when autogen.sh is called. Also changed
+    AC_PROG_LIBTOOL (deprecated) to LT_INIT (the current macro).
+
+44. To help people who use pcregrep to scan files containing exceedingly long
+    lines, the following changes have been made:
+
+    (a) The default value of the buffer size parameter has been increased from
+        8K to 20K. (The actual buffer used is three times this size.)
+
+    (b) The default can be changed by ./configure --with-pcregrep-bufsize when
+        PCRE is built.
+
+    (c) A --buffer-size=n option has been added to pcregrep, to allow the size
+        to be set at run time.
+
+    (d) Numerical values in pcregrep options can be followed by K or M, for
+        example --buffer-size=50K.
+
+    (e) If a line being scanned overflows pcregrep's buffer, an error is now
+        given and the return code is set to 2.
+
+45. Add a pointer to the latest mark to the callout data block.
+
+46. The pattern /.(*F)/, when applied to "abc" with PCRE_PARTIAL_HARD, gave a
+    partial match of an empty string instead of no match. This was specific to
+    the use of ".".
+
+47. The pattern /f.*/8s, when applied to "for" with PCRE_PARTIAL_HARD, gave a
+    complete match instead of a partial match. This bug was dependent on both
+    the PCRE_UTF8 and PCRE_DOTALL options being set.
+
+48. For a pattern such as /\babc|\bdef/ pcre_study() was failing to set up the
+    starting byte set, because \b was not being ignored.
+
+
+Version 8.12 15-Jan-2011
+------------------------
+
+1.  Fixed some typos in the markup of the man pages, and wrote a script that
+    checks for such things as part of the documentation building process.
+
+2.  On a big-endian 64-bit system, pcregrep did not correctly process the
+    --match-limit and --recursion-limit options (added for 8.11). In
+    particular, this made one of the standard tests fail. (The integer value
+    went into the wrong half of a long int.)
+
+3.  If the --colour option was given to pcregrep with -v (invert match), it
+    did strange things, either producing crazy output, or crashing. It should,
+    of course, ignore a request for colour when reporting lines that do not
+    match.
+
+4.  Another pcregrep bug caused similar problems if --colour was specified with
+    -M (multiline) and the pattern match finished with a line ending.
+
+5.  In pcregrep, when a pattern that ended with a literal newline sequence was
+    matched in multiline mode, the following line was shown as part of the
+    match. This seems wrong, so I have changed it.
+
+6.  Another pcregrep bug in multiline mode, when --colour was specified, caused
+    the check for further matches in the same line (so they could be coloured)
+    to overrun the end of the current line. If another match was found, it was
+    incorrectly shown (and then shown again when found in the next line).
+
+7.  If pcregrep was compiled under Windows, there was a reference to the
+    function pcregrep_exit() before it was defined. I am assuming this was
+    the cause of the "error C2371: 'pcregrep_exit' : redefinition;" that was
+    reported by a user. I've moved the definition above the reference.
+
+
+Version 8.11 10-Dec-2010
+------------------------
+
+1.  (*THEN) was not working properly if there were untried alternatives prior
+    to it in the current branch. For example, in ((a|b)(*THEN)(*F)|c..) it
+    backtracked to try for "b" instead of moving to the next alternative branch
+    at the same level (in this case, to look for "c"). The Perl documentation
+    is clear that when (*THEN) is backtracked onto, it goes to the "next
+    alternative in the innermost enclosing group".
+
+2.  (*COMMIT) was not overriding (*THEN), as it does in Perl. In a pattern
+    such as   (A(*COMMIT)B(*THEN)C|D)  any failure after matching A should
+    result in overall failure. Similarly, (*COMMIT) now overrides (*PRUNE) and
+    (*SKIP), (*SKIP) overrides (*PRUNE) and (*THEN), and (*PRUNE) overrides
+    (*THEN).
+
+3.  If \s appeared in a character class, it removed the VT character from
+    the class, even if it had been included by some previous item, for example
+    in [\x00-\xff\s]. (This was a bug related to the fact that VT is not part
+    of \s, but is part of the POSIX "space" class.)
+
+4.  A partial match never returns an empty string (because you can always
+    match an empty string at the end of the subject); however the checking for
+    an empty string was starting at the "start of match" point. This has been
+    changed to the "earliest inspected character" point, because the returned
+    data for a partial match starts at this character. This means that, for
+    example, /(?<=abc)def/ gives a partial match for the subject "abc"
+    (previously it gave "no match").
+
+5.  Changes have been made to the way PCRE_PARTIAL_HARD affects the matching
+    of $, \z, \Z, \b, and \B. If the match point is at the end of the string,
+    previously a full match would be given. However, setting PCRE_PARTIAL_HARD
+    has an implication that the given string is incomplete (because a partial
+    match is preferred over a full match). For this reason, these items now
+    give a partial match in this situation. [Aside: previously, the one case
+    /t\b/ matched against "cat" with PCRE_PARTIAL_HARD set did return a partial
+    match rather than a full match, which was wrong by the old rules, but is
+    now correct.]
+
+6.  There was a bug in the handling of #-introduced comments, recognized when
+    PCRE_EXTENDED is set, when PCRE_NEWLINE_ANY and PCRE_UTF8 were also set.
+    If a UTF-8 multi-byte character included the byte 0x85 (e.g. +U0445, whose
+    UTF-8 encoding is 0xd1,0x85), this was misinterpreted as a newline when
+    scanning for the end of the comment. (*Character* 0x85 is an "any" newline,
+    but *byte* 0x85 is not, in UTF-8 mode). This bug was present in several
+    places in pcre_compile().
+
+7.  Related to (6) above, when pcre_compile() was skipping #-introduced
+    comments when looking ahead for named forward references to subpatterns,
+    the only newline sequence it recognized was NL. It now handles newlines
+    according to the set newline convention.
+
+8.  SunOS4 doesn't have strerror() or strtoul(); pcregrep dealt with the
+    former, but used strtoul(), whereas pcretest avoided strtoul() but did not
+    cater for a lack of strerror(). These oversights have been fixed.
+
+9.  Added --match-limit and --recursion-limit to pcregrep.
+
+10. Added two casts needed to build with Visual Studio when NO_RECURSE is set.
+
+11. When the -o option was used, pcregrep was setting a return code of 1, even
+    when matches were found, and --line-buffered was not being honoured.
+
+12. Added an optional parentheses number to the -o and --only-matching options
+    of pcregrep.
+
+13. Imitating Perl's /g action for multiple matches is tricky when the pattern
+    can match an empty string. The code to do it in pcretest and pcredemo
+    needed fixing:
+
+    (a) When the newline convention was "crlf", pcretest got it wrong, skipping
+        only one byte after an empty string match just before CRLF (this case
+        just got forgotten; "any" and "anycrlf" were OK).
+
+    (b) The pcretest code also had a bug, causing it to loop forever in UTF-8
+        mode when an empty string match preceded an ASCII character followed by
+        a non-ASCII character. (The code for advancing by one character rather
+        than one byte was nonsense.)
+
+    (c) The pcredemo.c sample program did not have any code at all to handle
+        the cases when CRLF is a valid newline sequence.
+
+14. Neither pcre_exec() nor pcre_dfa_exec() was checking that the value given
+    as a starting offset was within the subject string. There is now a new
+    error, PCRE_ERROR_BADOFFSET, which is returned if the starting offset is
+    negative or greater than the length of the string. In order to test this,
+    pcretest is extended to allow the setting of negative starting offsets.
+
+15. In both pcre_exec() and pcre_dfa_exec() the code for checking that the
+    starting offset points to the beginning of a UTF-8 character was
+    unnecessarily clumsy. I tidied it up.
+
+16. Added PCRE_ERROR_SHORTUTF8 to make it possible to distinguish between a
+    bad UTF-8 sequence and one that is incomplete when using PCRE_PARTIAL_HARD.
+
+17. Nobody had reported that the --include_dir option, which was added in
+    release 7.7 should have been called --include-dir (hyphen, not underscore)
+    for compatibility with GNU grep. I have changed it to --include-dir, but
+    left --include_dir as an undocumented synonym, and the same for
+    --exclude-dir, though that is not available in GNU grep, at least as of
+    release 2.5.4.
+
+18. At a user's suggestion, the macros GETCHAR and friends (which pick up UTF-8
+    characters from a string of bytes) have been redefined so as not to use
+    loops, in order to improve performance in some environments. At the same
+    time, I abstracted some of the common code into auxiliary macros to save
+    repetition (this should not affect the compiled code).
+
+19. If \c was followed by a multibyte UTF-8 character, bad things happened. A
+    compile-time error is now given if \c is not followed by an ASCII
+    character, that is, a byte less than 128. (In EBCDIC mode, the code is
+    different, and any byte value is allowed.)
+
+20. Recognize (*NO_START_OPT) at the start of a pattern to set the PCRE_NO_
+    START_OPTIMIZE option, which is now allowed at compile time - but just
+    passed through to pcre_exec() or pcre_dfa_exec(). This makes it available
+    to pcregrep and other applications that have no direct access to PCRE
+    options. The new /Y option in pcretest sets this option when calling
+    pcre_compile().
+
+21. Change 18 of release 8.01 broke the use of named subpatterns for recursive
+    back references. Groups containing recursive back references were forced to
+    be atomic by that change, but in the case of named groups, the amount of
+    memory required was incorrectly computed, leading to "Failed: internal
+    error: code overflow". This has been fixed.
+
+22. Some patches to pcre_stringpiece.h, pcre_stringpiece_unittest.cc, and
+    pcretest.c, to avoid build problems in some Borland environments.
+
+
+Version 8.10 25-Jun-2010
+------------------------
+
+1.  Added support for (*MARK:ARG) and for ARG additions to PRUNE, SKIP, and
+    THEN.
+
+2.  (*ACCEPT) was not working when inside an atomic group.
+
+3.  Inside a character class, \B is treated as a literal by default, but
+    faulted if PCRE_EXTRA is set. This mimics Perl's behaviour (the -w option
+    causes the error). The code is unchanged, but I tidied the documentation.
+
+4.  Inside a character class, PCRE always treated \R and \X as literals,
+    whereas Perl faults them if its -w option is set. I have changed PCRE so
+    that it faults them when PCRE_EXTRA is set.
+
+5.  Added support for \N, which always matches any character other than
+    newline. (It is the same as "." when PCRE_DOTALL is not set.)
+
+6.  When compiling pcregrep with newer versions of gcc which may have
+    FORTIFY_SOURCE set, several warnings "ignoring return value of 'fwrite',
+    declared with attribute warn_unused_result" were given. Just casting the
+    result to (void) does not stop the warnings; a more elaborate fudge is
+    needed. I've used a macro to implement this.
+
+7.  Minor change to pcretest.c to avoid a compiler warning.
+
+8.  Added four artifical Unicode properties to help with an option to make
+    \s etc use properties (see next item). The new properties are: Xan
+    (alphanumeric), Xsp (Perl space), Xps (POSIX space), and Xwd (word).
+
+9.  Added PCRE_UCP to make \b, \d, \s, \w, and certain POSIX character classes
+    use Unicode properties. (*UCP) at the start of a pattern can be used to set
+    this option. Modified pcretest to add /W to test this facility. Added
+    REG_UCP to make it available via the POSIX interface.
+
+10. Added --line-buffered to pcregrep.
+
+11. In UTF-8 mode, if a pattern that was compiled with PCRE_CASELESS was
+    studied, and the match started with a letter with a code point greater than
+    127 whose first byte was different to the first byte of the other case of
+    the letter, the other case of this starting letter was not recognized
+    (#976).
+
+12. If a pattern that was studied started with a repeated Unicode property
+    test, for example, \p{Nd}+, there was the theoretical possibility of
+    setting up an incorrect bitmap of starting bytes, but fortunately it could
+    not have actually happened in practice until change 8 above was made (it
+    added property types that matched character-matching opcodes).
+
+13. pcre_study() now recognizes \h, \v, and \R when constructing a bit map of
+    possible starting bytes for non-anchored patterns.
+
+14. Extended the "auto-possessify" feature of pcre_compile(). It now recognizes
+    \R, and also a number of cases that involve Unicode properties, both
+    explicit and implicit when PCRE_UCP is set.
+
+15. If a repeated Unicode property match (e.g. \p{Lu}*) was used with non-UTF-8
+    input, it could crash or give wrong results if characters with values
+    greater than 0xc0 were present in the subject string. (Detail: it assumed
+    UTF-8 input when processing these items.)
+
+16. Added a lot of (int) casts to avoid compiler warnings in systems where
+    size_t is 64-bit (#991).
+
+17. Added a check for running out of memory when PCRE is compiled with
+    --disable-stack-for-recursion (#990).
+
+18. If the last data line in a file for pcretest does not have a newline on
+    the end, a newline was missing in the output.
+
+19. The default pcre_chartables.c file recognizes only ASCII characters (values
+    less than 128) in its various bitmaps. However, there is a facility for
+    generating tables according to the current locale when PCRE is compiled. It
+    turns out that in some environments, 0x85 and 0xa0, which are Unicode space
+    characters, are recognized by isspace() and therefore were getting set in
+    these tables, and indeed these tables seem to approximate to ISO 8859. This
+    caused a problem in UTF-8 mode when pcre_study() was used to create a list
+    of bytes that can start a match. For \s, it was including 0x85 and 0xa0,
+    which of course cannot start UTF-8 characters. I have changed the code so
+    that only real ASCII characters (less than 128) and the correct starting
+    bytes for UTF-8 encodings are set for characters greater than 127 when in
+    UTF-8 mode. (When PCRE_UCP is set - see 9 above - the code is different
+    altogether.)
+
+20. Added the /T option to pcretest so as to be able to run tests with non-
+    standard character tables, thus making it possible to include the tests
+    used for 19 above in the standard set of tests.
+
+21. A pattern such as (?&t)(?#()(?(DEFINE)(?<t>a)) which has a forward
+    reference to a subpattern the other side of a comment that contains an
+    opening parenthesis caused either an internal compiling error, or a
+    reference to the wrong subpattern.
+
+
+Version 8.02 19-Mar-2010
+------------------------
+
+1.  The Unicode data tables have been updated to Unicode 5.2.0.
+
+2.  Added the option --libs-cpp to pcre-config, but only when C++ support is
+    configured.
+
+3.  Updated the licensing terms in the pcregexp.pas file, as agreed with the
+    original author of that file, following a query about its status.
+
+4.  On systems that do not have stdint.h (e.g. Solaris), check for and include
+    inttypes.h instead. This fixes a bug that was introduced by change 8.01/8.
+
+5.  A pattern such as (?&t)*+(?(DEFINE)(?<t>.)) which has a possessive
+    quantifier applied to a forward-referencing subroutine call, could compile
+    incorrect code or give the error "internal error: previously-checked
+    referenced subpattern not found".
+
+6.  Both MS Visual Studio and Symbian OS have problems with initializing
+    variables to point to external functions. For these systems, therefore,
+    pcre_malloc etc. are now initialized to local functions that call the
+    relevant global functions.
+
+7.  There were two entries missing in the vectors called coptable and poptable
+    in pcre_dfa_exec.c. This could lead to memory accesses outsize the vectors.
+    I've fixed the data, and added a kludgy way of testing at compile time that
+    the lengths are correct (equal to the number of opcodes).
+
+8.  Following on from 7, I added a similar kludge to check the length of the
+    eint vector in pcreposix.c.
+
+9.  Error texts for pcre_compile() are held as one long string to avoid too
+    much relocation at load time. To find a text, the string is searched,
+    counting zeros. There was no check for running off the end of the string,
+    which could happen if a new error number was added without updating the
+    string.
+
+10. \K gave a compile-time error if it appeared in a lookbehind assersion.
+
+11. \K was not working if it appeared in an atomic group or in a group that
+    was called as a "subroutine", or in an assertion. Perl 5.11 documents that
+    \K is "not well defined" if used in an assertion. PCRE now accepts it if
+    the assertion is positive, but not if it is negative.
+
+12. Change 11 fortuitously reduced the size of the stack frame used in the
+    "match()" function of pcre_exec.c by one pointer. Forthcoming
+    implementation of support for (*MARK) will need an extra pointer on the
+    stack; I have reserved it now, so that the stack frame size does not
+    decrease.
+
+13. A pattern such as (?P<L1>(?P<L2>0)|(?P>L2)(?P>L1)) in which the only other
+    item in branch that calls a recursion is a subroutine call - as in the
+    second branch in the above example - was incorrectly given the compile-
+    time error "recursive call could loop indefinitely" because pcre_compile()
+    was not correctly checking the subroutine for matching a non-empty string.
+
+14. The checks for overrunning compiling workspace could trigger after an
+    overrun had occurred. This is a "should never occur" error, but it can be
+    triggered by pathological patterns such as hundreds of nested parentheses.
+    The checks now trigger 100 bytes before the end of the workspace.
+
+15. Fix typo in configure.ac: "srtoq" should be "strtoq".
+
+
+Version 8.01 19-Jan-2010
+------------------------
+
+1.  If a pattern contained a conditional subpattern with only one branch (in
+    particular, this includes all (*DEFINE) patterns), a call to pcre_study()
+    computed the wrong minimum data length (which is of course zero for such
+    subpatterns). This could cause incorrect "no match" results.
+
+2.  For patterns such as (?i)a(?-i)b|c where an option setting at the start of
+    the pattern is reset in the first branch, pcre_compile() failed with
+    "internal error: code overflow at offset...". This happened only when
+    the reset was to the original external option setting. (An optimization
+    abstracts leading options settings into an external setting, which was the
+    cause of this.)
+
+3.  A pattern such as ^(?!a(*SKIP)b) where a negative assertion contained one
+    of the verbs SKIP, PRUNE, or COMMIT, did not work correctly. When the
+    assertion pattern did not match (meaning that the assertion was true), it
+    was incorrectly treated as false if the SKIP had been reached during the
+    matching. This also applied to assertions used as conditions.
+
+4.  If an item that is not supported by pcre_dfa_exec() was encountered in an
+    assertion subpattern, including such a pattern used as a condition,
+    unpredictable results occurred, instead of the error return
+    PCRE_ERROR_DFA_UITEM.
+
+5.  The C++ GlobalReplace function was not working like Perl for the special
+    situation when an empty string is matched. It now does the fancy magic
+    stuff that is necessary.
+
+6.  In pcre_internal.h, obsolete includes to setjmp.h and stdarg.h have been
+    removed. (These were left over from very, very early versions of PCRE.)
+
+7.  Some cosmetic changes to the code to make life easier when compiling it
+    as part of something else:
+
+    (a) Change DEBUG to PCRE_DEBUG.
+
+    (b) In pcre_compile(), rename the member of the "branch_chain" structure
+        called "current" as "current_branch", to prevent a collision with the
+        Linux macro when compiled as a kernel module.
+
+    (c) In pcre_study(), rename the function set_bit() as set_table_bit(), to
+        prevent a collision with the Linux macro when compiled as a kernel
+        module.
+
+8.  In pcre_compile() there are some checks for integer overflows that used to
+    cast potentially large values to (double). This has been changed to that
+    when building, a check for int64_t is made, and if it is found, it is used
+    instead, thus avoiding the use of floating point arithmetic. (There is no
+    other use of FP in PCRE.) If int64_t is not found, the fallback is to
+    double.
+
+9.  Added two casts to avoid signed/unsigned warnings from VS Studio Express
+    2005 (difference between two addresses compared to an unsigned value).
+
+10. Change the standard AC_CHECK_LIB test for libbz2 in configure.ac to a
+    custom one, because of the following reported problem in Windows:
+
+      - libbz2 uses the Pascal calling convention (WINAPI) for the functions
+          under Win32.
+      - The standard autoconf AC_CHECK_LIB fails to include "bzlib.h",
+          therefore missing the function definition.
+      - The compiler thus generates a "C" signature for the test function.
+      - The linker fails to find the "C" function.
+      - PCRE fails to configure if asked to do so against libbz2.
+
+11. When running libtoolize from libtool-2.2.6b as part of autogen.sh, these
+    messages were output:
+
+      Consider adding `AC_CONFIG_MACRO_DIR([m4])' to configure.ac and
+      rerunning libtoolize, to keep the correct libtool macros in-tree.
+      Consider adding `-I m4' to ACLOCAL_AMFLAGS in Makefile.am.
+
+    I have done both of these things.
+
+12. Although pcre_dfa_exec() does not use nearly as much stack as pcre_exec()
+    most of the time, it *can* run out if it is given a pattern that contains a
+    runaway infinite recursion. I updated the discussion in the pcrestack man
+    page.
+
+13. Now that we have gone to the x.xx style of version numbers, the minor
+    version may start with zero. Using 08 or 09 is a bad idea because users
+    might check the value of PCRE_MINOR in their code, and 08 or 09 may be
+    interpreted as invalid octal numbers. I've updated the previous comment in
+    configure.ac, and also added a check that gives an error if 08 or 09 are
+    used.
+
+14. Change 8.00/11 was not quite complete: code had been accidentally omitted,
+    causing partial matching to fail when the end of the subject matched \W
+    in a UTF-8 pattern where \W was quantified with a minimum of 3.
+
+15. There were some discrepancies between the declarations in pcre_internal.h
+    of _pcre_is_newline(), _pcre_was_newline(), and _pcre_valid_utf8() and
+    their definitions. The declarations used "const uschar *" and the
+    definitions used USPTR. Even though USPTR is normally defined as "const
+    unsigned char *" (and uschar is typedeffed as "unsigned char"), it was
+    reported that: "This difference in casting confuses some C++ compilers, for
+    example, SunCC recognizes above declarations as different functions and
+    generates broken code for hbpcre." I have changed the declarations to use
+    USPTR.
+
+16. GNU libtool is named differently on some systems. The autogen.sh script now
+    tries several variants such as glibtoolize (MacOSX) and libtoolize1x
+    (FreeBSD).
+
+17. Applied Craig's patch that fixes an HP aCC compile error in pcre 8.00
+    (strtoXX undefined when compiling pcrecpp.cc). The patch contains this
+    comment: "Figure out how to create a longlong from a string: strtoll and
+    equivalent. It's not enough to call AC_CHECK_FUNCS: hpux has a strtoll, for
+    instance, but it only takes 2 args instead of 3!"
+
+18. A subtle bug concerned with back references has been fixed by a change of
+    specification, with a corresponding code fix. A pattern such as
+    ^(xa|=?\1a)+$ which contains a back reference inside the group to which it
+    refers, was giving matches when it shouldn't. For example, xa=xaaa would
+    match that pattern. Interestingly, Perl (at least up to 5.11.3) has the
+    same bug. Such groups have to be quantified to be useful, or contained
+    inside another quantified group. (If there's no repetition, the reference
+    can never match.) The problem arises because, having left the group and
+    moved on to the rest of the pattern, a later failure that backtracks into
+    the group uses the captured value from the final iteration of the group
+    rather than the correct earlier one. I have fixed this in PCRE by forcing
+    any group that contains a reference to itself to be an atomic group; that
+    is, there cannot be any backtracking into it once it has completed. This is
+    similar to recursive and subroutine calls.
+
+
+Version 8.00 19-Oct-09
+----------------------
+
+1.  The table for translating pcre_compile() error codes into POSIX error codes
+    was out-of-date, and there was no check on the pcre_compile() error code
+    being within the table. This could lead to an OK return being given in
+    error.
+
+2.  Changed the call to open a subject file in pcregrep from fopen(pathname,
+    "r") to fopen(pathname, "rb"), which fixed a problem with some of the tests
+    in a Windows environment.
+
+3.  The pcregrep --count option prints the count for each file even when it is
+    zero, as does GNU grep. However, pcregrep was also printing all files when
+    --files-with-matches was added. Now, when both options are given, it prints
+    counts only for those files that have at least one match. (GNU grep just
+    prints the file name in this circumstance, but including the count seems
+    more useful - otherwise, why use --count?) Also ensured that the
+    combination -clh just lists non-zero counts, with no names.
+
+4.  The long form of the pcregrep -F option was incorrectly implemented as
+    --fixed_strings instead of --fixed-strings. This is an incompatible change,
+    but it seems right to fix it, and I didn't think it was worth preserving
+    the old behaviour.
+
+5.  The command line items --regex=pattern and --regexp=pattern were not
+    recognized by pcregrep, which required --regex pattern or --regexp pattern
+    (with a space rather than an '='). The man page documented the '=' forms,
+    which are compatible with GNU grep; these now work.
+
+6.  No libpcreposix.pc file was created for pkg-config; there was just
+    libpcre.pc and libpcrecpp.pc. The omission has been rectified.
+
+7.  Added #ifndef SUPPORT_UCP into the pcre_ucd.c module, to reduce its size
+    when UCP support is not needed, by modifying the Python script that
+    generates it from Unicode data files. This should not matter if the module
+    is correctly used as a library, but I received one complaint about 50K of
+    unwanted data. My guess is that the person linked everything into his
+    program rather than using a library. Anyway, it does no harm.
+
+8.  A pattern such as /\x{123}{2,2}+/8 was incorrectly compiled; the trigger
+    was a minimum greater than 1 for a wide character in a possessive
+    repetition. The same bug could also affect patterns like /(\x{ff}{0,2})*/8
+    which had an unlimited repeat of a nested, fixed maximum repeat of a wide
+    character. Chaos in the form of incorrect output or a compiling loop could
+    result.
+
+9.  The restrictions on what a pattern can contain when partial matching is
+    requested for pcre_exec() have been removed. All patterns can now be
+    partially matched by this function. In addition, if there are at least two
+    slots in the offset vector, the offset of the earliest inspected character
+    for the match and the offset of the end of the subject are set in them when
+    PCRE_ERROR_PARTIAL is returned.
+
+10. Partial matching has been split into two forms: PCRE_PARTIAL_SOFT, which is
+    synonymous with PCRE_PARTIAL, for backwards compatibility, and
+    PCRE_PARTIAL_HARD, which causes a partial match to supersede a full match,
+    and may be more useful for multi-segment matching.
+
+11. Partial matching with pcre_exec() is now more intuitive. A partial match
+    used to be given if ever the end of the subject was reached; now it is
+    given only if matching could not proceed because another character was
+    needed. This makes a difference in some odd cases such as Z(*FAIL) with the
+    string "Z", which now yields "no match" instead of "partial match". In the
+    case of pcre_dfa_exec(), "no match" is given if every matching path for the
+    final character ended with (*FAIL).
+
+12. Restarting a match using pcre_dfa_exec() after a partial match did not work
+    if the pattern had a "must contain" character that was already found in the
+    earlier partial match, unless partial matching was again requested. For
+    example, with the pattern /dog.(body)?/, the "must contain" character is
+    "g". If the first part-match was for the string "dog", restarting with
+    "sbody" failed. This bug has been fixed.
+
+13. The string returned by pcre_dfa_exec() after a partial match has been
+    changed so that it starts at the first inspected character rather than the
+    first character of the match. This makes a difference only if the pattern
+    starts with a lookbehind assertion or \b or \B (\K is not supported by
+    pcre_dfa_exec()). It's an incompatible change, but it makes the two
+    matching functions compatible, and I think it's the right thing to do.
+
+14. Added a pcredemo man page, created automatically from the pcredemo.c file,
+    so that the demonstration program is easily available in environments where
+    PCRE has not been installed from source.
+
+15. Arranged to add -DPCRE_STATIC to cflags in libpcre.pc, libpcreposix.cp,
+    libpcrecpp.pc and pcre-config when PCRE is not compiled as a shared
+    library.
+
+16. Added REG_UNGREEDY to the pcreposix interface, at the request of a user.
+    It maps to PCRE_UNGREEDY. It is not, of course, POSIX-compatible, but it
+    is not the first non-POSIX option to be added. Clearly some people find
+    these options useful.
+
+17. If a caller to the POSIX matching function regexec() passes a non-zero
+    value for nmatch with a NULL value for pmatch, the value of
+    nmatch is forced to zero.
+
+18. RunGrepTest did not have a test for the availability of the -u option of
+    the diff command, as RunTest does. It now checks in the same way as
+    RunTest, and also checks for the -b option.
+
+19. If an odd number of negated classes containing just a single character
+    interposed, within parentheses, between a forward reference to a named
+    subpattern and the definition of the subpattern, compilation crashed with
+    an internal error, complaining that it could not find the referenced
+    subpattern. An example of a crashing pattern is /(?&A)(([^m])(?<A>))/.
+    [The bug was that it was starting one character too far in when skipping
+    over the character class, thus treating the ] as data rather than
+    terminating the class. This meant it could skip too much.]
+
+20. Added PCRE_NOTEMPTY_ATSTART in order to be able to correctly implement the
+    /g option in pcretest when the pattern contains \K, which makes it possible
+    to have an empty string match not at the start, even when the pattern is
+    anchored. Updated pcretest and pcredemo to use this option.
+
+21. If the maximum number of capturing subpatterns in a recursion was greater
+    than the maximum at the outer level, the higher number was returned, but
+    with unset values at the outer level. The correct (outer level) value is
+    now given.
+
+22. If (*ACCEPT) appeared inside capturing parentheses, previous releases of
+    PCRE did not set those parentheses (unlike Perl). I have now found a way to
+    make it do so. The string so far is captured, making this feature
+    compatible with Perl.
+
+23. The tests have been re-organized, adding tests 11 and 12, to make it
+    possible to check the Perl 5.10 features against Perl 5.10.
+
+24. Perl 5.10 allows subroutine calls in lookbehinds, as long as the subroutine
+    pattern matches a fixed length string. PCRE did not allow this; now it
+    does. Neither allows recursion.
+
+25. I finally figured out how to implement a request to provide the minimum
+    length of subject string that was needed in order to match a given pattern.
+    (It was back references and recursion that I had previously got hung up
+    on.) This code has now been added to pcre_study(); it finds a lower bound
+    to the length of subject needed. It is not necessarily the greatest lower
+    bound, but using it to avoid searching strings that are too short does give
+    some useful speed-ups. The value is available to calling programs via
+    pcre_fullinfo().
+
+26. While implementing 25, I discovered to my embarrassment that pcretest had
+    not been passing the result of pcre_study() to pcre_dfa_exec(), so the
+    study optimizations had never been tested with that matching function.
+    Oops. What is worse, even when it was passed study data, there was a bug in
+    pcre_dfa_exec() that meant it never actually used it. Double oops. There
+    were also very few tests of studied patterns with pcre_dfa_exec().
+
+27. If (?| is used to create subpatterns with duplicate numbers, they are now
+    allowed to have the same name, even if PCRE_DUPNAMES is not set. However,
+    on the other side of the coin, they are no longer allowed to have different
+    names, because these cannot be distinguished in PCRE, and this has caused
+    confusion. (This is a difference from Perl.)
+
+28. When duplicate subpattern names are present (necessarily with different
+    numbers, as required by 27 above), and a test is made by name in a
+    conditional pattern, either for a subpattern having been matched, or for
+    recursion in such a pattern, all the associated numbered subpatterns are
+    tested, and the overall condition is true if the condition is true for any
+    one of them. This is the way Perl works, and is also more like the way
+    testing by number works.
+
+
+Version 7.9 11-Apr-09
+---------------------
+
+1.  When building with support for bzlib/zlib (pcregrep) and/or readline
+    (pcretest), all targets were linked against these libraries. This included
+    libpcre, libpcreposix, and libpcrecpp, even though they do not use these
+    libraries. This caused unwanted dependencies to be created. This problem
+    has been fixed, and now only pcregrep is linked with bzlib/zlib and only
+    pcretest is linked with readline.
+
+2.  The "typedef int BOOL" in pcre_internal.h that was included inside the
+    "#ifndef FALSE" condition by an earlier change (probably 7.8/18) has been
+    moved outside it again, because FALSE and TRUE are already defined in AIX,
+    but BOOL is not.
+
+3.  The pcre_config() function was treating the PCRE_MATCH_LIMIT and
+    PCRE_MATCH_LIMIT_RECURSION values as ints, when they should be long ints.
+
+4.  The pcregrep documentation said spaces were inserted as well as colons (or
+    hyphens) following file names and line numbers when outputting matching
+    lines. This is not true; no spaces are inserted. I have also clarified the
+    wording for the --colour (or --color) option.
+
+5.  In pcregrep, when --colour was used with -o, the list of matching strings
+    was not coloured; this is different to GNU grep, so I have changed it to be
+    the same.
+
+6.  When --colo(u)r was used in pcregrep, only the first matching substring in
+    each matching line was coloured. Now it goes on to look for further matches
+    of any of the test patterns, which is the same behaviour as GNU grep.
+
+7.  A pattern that could match an empty string could cause pcregrep to loop; it
+    doesn't make sense to accept an empty string match in pcregrep, so I have
+    locked it out (using PCRE's PCRE_NOTEMPTY option). By experiment, this
+    seems to be how GNU grep behaves. [But see later change 40 for release
+    8.33.]
+
+8.  The pattern (?(?=.*b)b|^) was incorrectly compiled as "match must be at
+    start or after a newline", because the conditional assertion was not being
+    correctly handled. The rule now is that both the assertion and what follows
+    in the first alternative must satisfy the test.
+
+9.  If auto-callout was enabled in a pattern with a conditional group whose
+    condition was an assertion, PCRE could crash during matching, both with
+    pcre_exec() and pcre_dfa_exec().
+
+10. The PCRE_DOLLAR_ENDONLY option was not working when pcre_dfa_exec() was
+    used for matching.
+
+11. Unicode property support in character classes was not working for
+    characters (bytes) greater than 127 when not in UTF-8 mode.
+
+12. Added the -M command line option to pcretest.
+
+14. Added the non-standard REG_NOTEMPTY option to the POSIX interface.
+
+15. Added the PCRE_NO_START_OPTIMIZE match-time option.
+
+16. Added comments and documentation about mis-use of no_arg in the C++
+    wrapper.
+
+17. Implemented support for UTF-8 encoding in EBCDIC environments, a patch
+    from Martin Jerabek that uses macro names for all relevant character and
+    string constants.
+
+18. Added to pcre_internal.h two configuration checks: (a) If both EBCDIC and
+    SUPPORT_UTF8 are set, give an error; (b) If SUPPORT_UCP is set without
+    SUPPORT_UTF8, define SUPPORT_UTF8. The "configure" script handles both of
+    these, but not everybody uses configure.
+
+19. A conditional group that had only one branch was not being correctly
+    recognized as an item that could match an empty string. This meant that an
+    enclosing group might also not be so recognized, causing infinite looping
+    (and probably a segfault) for patterns such as ^"((?(?=[a])[^"])|b)*"$
+    with the subject "ab", where knowledge that the repeated group can match
+    nothing is needed in order to break the loop.
+
+20. If a pattern that was compiled with callouts was matched using pcre_dfa_
+    exec(), but without supplying a callout function, matching went wrong.
+
+21. If PCRE_ERROR_MATCHLIMIT occurred during a recursion, there was a memory
+    leak if the size of the offset vector was greater than 30. When the vector
+    is smaller, the saved offsets during recursion go onto a local stack
+    vector, but for larger vectors malloc() is used. It was failing to free
+    when the recursion yielded PCRE_ERROR_MATCH_LIMIT (or any other "abnormal"
+    error, in fact).
+
+22. There was a missing #ifdef SUPPORT_UTF8 round one of the variables in the
+    heapframe that is used only when UTF-8 support is enabled. This caused no
+    problem, but was untidy.
+
+23. Steven Van Ingelgem's patch to CMakeLists.txt to change the name
+    CMAKE_BINARY_DIR to PROJECT_BINARY_DIR so that it works when PCRE is
+    included within another project.
+
+24. Steven Van Ingelgem's patches to add more options to the CMake support,
+    slightly modified by me:
+
+      (a) PCRE_BUILD_TESTS can be set OFF not to build the tests, including
+          not building pcregrep.
+
+      (b) PCRE_BUILD_PCREGREP can be see OFF not to build pcregrep, but only
+          if PCRE_BUILD_TESTS is also set OFF, because the tests use pcregrep.
+
+25. Forward references, both numeric and by name, in patterns that made use of
+    duplicate group numbers, could behave incorrectly or give incorrect errors,
+    because when scanning forward to find the reference group, PCRE was not
+    taking into account the duplicate group numbers. A pattern such as
+    ^X(?3)(a)(?|(b)|(q))(Y) is an example.
+
+26. Changed a few more instances of "const unsigned char *" to USPTR, making
+    the feature of a custom pointer more persuasive (as requested by a user).
+
+27. Wrapped the definitions of fileno and isatty for Windows, which appear in
+    pcretest.c, inside #ifndefs, because it seems they are sometimes already
+    pre-defined.
+
+28. Added support for (*UTF8) at the start of a pattern.
+
+29. Arrange for flags added by the "release type" setting in CMake to be shown
+    in the configuration summary.
+
+
+Version 7.8 05-Sep-08
+---------------------
+
+1.  Replaced UCP searching code with optimized version as implemented for Ad
+    Muncher (http://www.admuncher.com/) by Peter Kankowski. This uses a two-
+    stage table and inline lookup instead of a function, giving speed ups of 2
+    to 5 times on some simple patterns that I tested. Permission was given to
+    distribute the MultiStage2.py script that generates the tables (it's not in
+    the tarball, but is in the Subversion repository).
+
+2.  Updated the Unicode datatables to Unicode 5.1.0. This adds yet more
+    scripts.
+
+3.  Change 12 for 7.7 introduced a bug in pcre_study() when a pattern contained
+    a group with a zero qualifier. The result of the study could be incorrect,
+    or the function might crash, depending on the pattern.
+
+4.  Caseless matching was not working for non-ASCII characters in back
+    references. For example, /(\x{de})\1/8i was not matching \x{de}\x{fe}.
+    It now works when Unicode Property Support is available.
+
+5.  In pcretest, an escape such as \x{de} in the data was always generating
+    a UTF-8 string, even in non-UTF-8 mode. Now it generates a single byte in
+    non-UTF-8 mode. If the value is greater than 255, it gives a warning about
+    truncation.
+
+6.  Minor bugfix in pcrecpp.cc (change "" == ... to NULL == ...).
+
+7.  Added two (int) casts to pcregrep when printing the difference of two
+    pointers, in case they are 64-bit values.
+
+8.  Added comments about Mac OS X stack usage to the pcrestack man page and to
+    test 2 if it fails.
+
+9.  Added PCRE_CALL_CONVENTION just before the names of all exported functions,
+    and a #define of that name to empty if it is not externally set. This is to
+    allow users of MSVC to set it if necessary.
+
+10. The PCRE_EXP_DEFN macro which precedes exported functions was missing from
+    the convenience functions in the pcre_get.c source file.
+
+11. An option change at the start of a pattern that had top-level alternatives
+    could cause overwriting and/or a crash. This command provoked a crash in
+    some environments:
+
+      printf "/(?i)[\xc3\xa9\xc3\xbd]|[\xc3\xa9\xc3\xbdA]/8\n" | pcretest
+
+    This potential security problem was recorded as CVE-2008-2371.
+
+12. For a pattern where the match had to start at the beginning or immediately
+    after a newline (e.g /.*anything/ without the DOTALL flag), pcre_exec() and
+    pcre_dfa_exec() could read past the end of the passed subject if there was
+    no match. To help with detecting such bugs (e.g. with valgrind), I modified
+    pcretest so that it places the subject at the end of its malloc-ed buffer.
+
+13. The change to pcretest in 12 above threw up a couple more cases when pcre_
+    exec() might read past the end of the data buffer in UTF-8 mode.
+
+14. A similar bug to 7.3/2 existed when the PCRE_FIRSTLINE option was set and
+    the data contained the byte 0x85 as part of a UTF-8 character within its
+    first line. This applied both to normal and DFA matching.
+
+15. Lazy qualifiers were not working in some cases in UTF-8 mode. For example,
+    /^[^d]*?$/8 failed to match "abc".
+
+16. Added a missing copyright notice to pcrecpp_internal.h.
+
+17. Make it more clear in the documentation that values returned from
+    pcre_exec() in ovector are byte offsets, not character counts.
+
+18. Tidied a few places to stop certain compilers from issuing warnings.
+
+19. Updated the Virtual Pascal + BCC files to compile the latest v7.7, as
+    supplied by Stefan Weber. I made a further small update for 7.8 because
+    there is a change of source arrangements: the pcre_searchfuncs.c module is
+    replaced by pcre_ucd.c.
+
+
+Version 7.7 07-May-08
+---------------------
+
+1.  Applied Craig's patch to sort out a long long problem: "If we can't convert
+    a string to a long long, pretend we don't even have a long long." This is
+    done by checking for the strtoq, strtoll, and _strtoi64 functions.
+
+2.  Applied Craig's patch to pcrecpp.cc to restore ABI compatibility with
+    pre-7.6 versions, which defined a global no_arg variable instead of putting
+    it in the RE class. (See also #8 below.)
+
+3.  Remove a line of dead code, identified by coverity and reported by Nuno
+    Lopes.
+
+4.  Fixed two related pcregrep bugs involving -r with --include or --exclude:
+
+    (1) The include/exclude patterns were being applied to the whole pathnames
+        of files, instead of just to the final components.
+
+    (2) If there was more than one level of directory, the subdirectories were
+        skipped unless they satisfied the include/exclude conditions. This is
+        inconsistent with GNU grep (and could even be seen as contrary to the
+        pcregrep specification - which I improved to make it absolutely clear).
+        The action now is always to scan all levels of directory, and just
+        apply the include/exclude patterns to regular files.
+
+5.  Added the --include_dir and --exclude_dir patterns to pcregrep, and used
+    --exclude_dir in the tests to avoid scanning .svn directories.
+
+6.  Applied Craig's patch to the QuoteMeta function so that it escapes the
+    NUL character as backslash + 0 rather than backslash + NUL, because PCRE
+    doesn't support NULs in patterns.
+
+7.  Added some missing "const"s to declarations of static tables in
+    pcre_compile.c and pcre_dfa_exec.c.
+
+8.  Applied Craig's patch to pcrecpp.cc to fix a problem in OS X that was
+    caused by fix #2  above. (Subsequently also a second patch to fix the
+    first patch. And a third patch - this was a messy problem.)
+
+9.  Applied Craig's patch to remove the use of push_back().
+
+10. Applied Alan Lehotsky's patch to add REG_STARTEND support to the POSIX
+    matching function regexec().
+
+11. Added support for the Oniguruma syntax \g<name>, \g<n>, \g'name', \g'n',
+    which, however, unlike Perl's \g{...}, are subroutine calls, not back
+    references. PCRE supports relative numbers with this syntax (I don't think
+    Oniguruma does).
+
+12. Previously, a group with a zero repeat such as (...){0} was completely
+    omitted from the compiled regex. However, this means that if the group
+    was called as a subroutine from elsewhere in the pattern, things went wrong
+    (an internal error was given). Such groups are now left in the compiled
+    pattern, with a new opcode that causes them to be skipped at execution
+    time.
+
+13. Added the PCRE_JAVASCRIPT_COMPAT option. This makes the following changes
+    to the way PCRE behaves:
+
+    (a) A lone ] character is dis-allowed (Perl treats it as data).
+
+    (b) A back reference to an unmatched subpattern matches an empty string
+        (Perl fails the current match path).
+
+    (c) A data ] in a character class must be notated as \] because if the
+        first data character in a class is ], it defines an empty class. (In
+        Perl it is not possible to have an empty class.) The empty class []
+        never matches; it forces failure and is equivalent to (*FAIL) or (?!).
+        The negative empty class [^] matches any one character, independently
+        of the DOTALL setting.
+
+14. A pattern such as /(?2)[]a()b](abc)/ which had a forward reference to a
+    non-existent subpattern following a character class starting with ']' and
+    containing () gave an internal compiling error instead of "reference to
+    non-existent subpattern". Fortunately, when the pattern did exist, the
+    compiled code was correct. (When scanning forwards to check for the
+    existence of the subpattern, it was treating the data ']' as terminating
+    the class, so got the count wrong. When actually compiling, the reference
+    was subsequently set up correctly.)
+
+15. The "always fail" assertion (?!) is optimzed to (*FAIL) by pcre_compile;
+    it was being rejected as not supported by pcre_dfa_exec(), even though
+    other assertions are supported. I have made pcre_dfa_exec() support
+    (*FAIL).
+
+16. The implementation of 13c above involved the invention of a new opcode,
+    OP_ALLANY, which is like OP_ANY but doesn't check the /s flag. Since /s
+    cannot be changed at match time, I realized I could make a small
+    improvement to matching performance by compiling OP_ALLANY instead of
+    OP_ANY for "." when DOTALL was set, and then removing the runtime tests
+    on the OP_ANY path.
+
+17. Compiling pcretest on Windows with readline support failed without the
+    following two fixes: (1) Make the unistd.h include conditional on
+    HAVE_UNISTD_H; (2) #define isatty and fileno as _isatty and _fileno.
+
+18. Changed CMakeLists.txt and cmake/FindReadline.cmake to arrange for the
+    ncurses library to be included for pcretest when ReadLine support is
+    requested, but also to allow for it to be overridden. This patch came from
+    Daniel Bergstr�m.
+
+19. There was a typo in the file ucpinternal.h where f0_rangeflag was defined
+    as 0x00f00000 instead of 0x00800000. Luckily, this would not have caused
+    any errors with the current Unicode tables. Thanks to Peter Kankowski for
+    spotting this.
+
+
+Version 7.6 28-Jan-08
+---------------------
+
+1.  A character class containing a very large number of characters with
+    codepoints greater than 255 (in UTF-8 mode, of course) caused a buffer
+    overflow.
+
+2.  Patch to cut out the "long long" test in pcrecpp_unittest when
+    HAVE_LONG_LONG is not defined.
+
+3.  Applied Christian Ehrlicher's patch to update the CMake build files to
+    bring them up to date and include new features. This patch includes:
+
+    - Fixed PH's badly added libz and libbz2 support.
+    - Fixed a problem with static linking.
+    - Added pcredemo. [But later removed - see 7 below.]
+    - Fixed dftables problem and added an option.
+    - Added a number of HAVE_XXX tests, including HAVE_WINDOWS_H and
+        HAVE_LONG_LONG.
+    - Added readline support for pcretest.
+    - Added an listing of the option settings after cmake has run.
+
+4.  A user submitted a patch to Makefile that makes it easy to create
+    "pcre.dll" under mingw when using Configure/Make. I added stuff to
+    Makefile.am that cause it to include this special target, without
+    affecting anything else. Note that the same mingw target plus all
+    the other distribution libraries and programs are now supported
+    when configuring with CMake (see 6 below) instead of with
+    Configure/Make.
+
+5.  Applied Craig's patch that moves no_arg into the RE class in the C++ code.
+    This is an attempt to solve the reported problem "pcrecpp::no_arg is not
+    exported in the Windows port". It has not yet been confirmed that the patch
+    solves the problem, but it does no harm.
+
+6.  Applied Sheri's patch to CMakeLists.txt to add NON_STANDARD_LIB_PREFIX and
+    NON_STANDARD_LIB_SUFFIX for dll names built with mingw when configured
+    with CMake, and also correct the comment about stack recursion.
+
+7.  Remove the automatic building of pcredemo from the ./configure system and
+    from CMakeLists.txt. The whole idea of pcredemo.c is that it is an example
+    of a program that users should build themselves after PCRE is installed, so
+    building it automatically is not really right. What is more, it gave
+    trouble in some build environments.
+
+8.  Further tidies to CMakeLists.txt from Sheri and Christian.
+
+
+Version 7.5 10-Jan-08
+---------------------
+
+1.  Applied a patch from Craig: "This patch makes it possible to 'ignore'
+    values in parens when parsing an RE using the C++ wrapper."
+
+2.  Negative specials like \S did not work in character classes in UTF-8 mode.
+    Characters greater than 255 were excluded from the class instead of being
+    included.
+
+3.  The same bug as (2) above applied to negated POSIX classes such as
+    [:^space:].
+
+4.  PCRECPP_STATIC was referenced in pcrecpp_internal.h, but nowhere was it
+    defined or documented. It seems to have been a typo for PCRE_STATIC, so
+    I have changed it.
+
+5.  The construct (?&) was not diagnosed as a syntax error (it referenced the
+    first named subpattern) and a construct such as (?&a) would reference the
+    first named subpattern whose name started with "a" (in other words, the
+    length check was missing). Both these problems are fixed. "Subpattern name
+    expected" is now given for (?&) (a zero-length name), and this patch also
+    makes it give the same error for \k'' (previously it complained that that
+    was a reference to a non-existent subpattern).
+
+6.  The erroneous patterns (?+-a) and (?-+a) give different error messages;
+    this is right because (?- can be followed by option settings as well as by
+    digits. I have, however, made the messages clearer.
+
+7.  Patterns such as (?(1)a|b) (a pattern that contains fewer subpatterns
+    than the number used in the conditional) now cause a compile-time error.
+    This is actually not compatible with Perl, which accepts such patterns, but
+    treats the conditional as always being FALSE (as PCRE used to), but it
+    seems to me that giving a diagnostic is better.
+
+8.  Change "alphameric" to the more common word "alphanumeric" in comments
+    and messages.
+
+9.  Fix two occurrences of "backslash" in comments that should have been
+    "backspace".
+
+10. Remove two redundant lines of code that can never be obeyed (their function
+    was moved elsewhere).
+
+11. The program that makes PCRE's Unicode character property table had a bug
+    which caused it to generate incorrect table entries for sequences of
+    characters that have the same character type, but are in different scripts.
+    It amalgamated them into a single range, with the script of the first of
+    them. In other words, some characters were in the wrong script. There were
+    thirteen such cases, affecting characters in the following ranges:
+
+      U+002b0 - U+002c1
+      U+0060c - U+0060d
+      U+0061e - U+00612
+      U+0064b - U+0065e
+      U+0074d - U+0076d
+      U+01800 - U+01805
+      U+01d00 - U+01d77
+      U+01d9b - U+01dbf
+      U+0200b - U+0200f
+      U+030fc - U+030fe
+      U+03260 - U+0327f
+      U+0fb46 - U+0fbb1
+      U+10450 - U+1049d
+
+12. The -o option (show only the matching part of a line) for pcregrep was not
+    compatible with GNU grep in that, if there was more than one match in a
+    line, it showed only the first of them. It now behaves in the same way as
+    GNU grep.
+
+13. If the -o and -v options were combined for pcregrep, it printed a blank
+    line for every non-matching line. GNU grep prints nothing, and pcregrep now
+    does the same. The return code can be used to tell if there were any
+    non-matching lines.
+
+14. Added --file-offsets and --line-offsets to pcregrep.
+
+15. The pattern (?=something)(?R) was not being diagnosed as a potentially
+    infinitely looping recursion. The bug was that positive lookaheads were not
+    being skipped when checking for a possible empty match (negative lookaheads
+    and both kinds of lookbehind were skipped).
+
+16. Fixed two typos in the Windows-only code in pcregrep.c, and moved the
+    inclusion of <windows.h> to before rather than after the definition of
+    INVALID_FILE_ATTRIBUTES (patch from David Byron).
+
+17. Specifying a possessive quantifier with a specific limit for a Unicode
+    character property caused pcre_compile() to compile bad code, which led at
+    runtime to PCRE_ERROR_INTERNAL (-14). Examples of patterns that caused this
+    are: /\p{Zl}{2,3}+/8 and /\p{Cc}{2}+/8. It was the possessive "+" that
+    caused the error; without that there was no problem.
+
+18. Added --enable-pcregrep-libz and --enable-pcregrep-libbz2.
+
+19. Added --enable-pcretest-libreadline.
+
+20. In pcrecpp.cc, the variable 'count' was incremented twice in
+    RE::GlobalReplace(). As a result, the number of replacements returned was
+    double what it should be. I removed one of the increments, but Craig sent a
+    later patch that removed the other one (the right fix) and added unit tests
+    that check the return values (which was not done before).
+
+21. Several CMake things:
+
+    (1) Arranged that, when cmake is used on Unix, the libraries end up with
+        the names libpcre and libpcreposix, not just pcre and pcreposix.
+
+    (2) The above change means that pcretest and pcregrep are now correctly
+        linked with the newly-built libraries, not previously installed ones.
+
+    (3) Added PCRE_SUPPORT_LIBREADLINE, PCRE_SUPPORT_LIBZ, PCRE_SUPPORT_LIBBZ2.
+
+22. In UTF-8 mode, with newline set to "any", a pattern such as .*a.*=.b.*
+    crashed when matching a string such as a\x{2029}b (note that \x{2029} is a
+    UTF-8 newline character). The key issue is that the pattern starts .*;
+    this means that the match must be either at the beginning, or after a
+    newline. The bug was in the code for advancing after a failed match and
+    checking that the new position followed a newline. It was not taking
+    account of UTF-8 characters correctly.
+
+23. PCRE was behaving differently from Perl in the way it recognized POSIX
+    character classes. PCRE was not treating the sequence [:...:] as a
+    character class unless the ... were all letters. Perl, however, seems to
+    allow any characters between [: and :], though of course it rejects as
+    unknown any "names" that contain non-letters, because all the known class
+    names consist only of letters. Thus, Perl gives an error for [[:1234:]],
+    for example, whereas PCRE did not - it did not recognize a POSIX character
+    class. This seemed a bit dangerous, so the code has been changed to be
+    closer to Perl. The behaviour is not identical to Perl, because PCRE will
+    diagnose an unknown class for, for example, [[:l\ower:]] where Perl will
+    treat it as [[:lower:]]. However, PCRE does now give "unknown" errors where
+    Perl does, and where it didn't before.
+
+24. Rewrite so as to remove the single use of %n from pcregrep because in some
+    Windows environments %n is disabled by default.
+
+
+Version 7.4 21-Sep-07
+---------------------
+
+1.  Change 7.3/28 was implemented for classes by looking at the bitmap. This
+    means that a class such as [\s] counted as "explicit reference to CR or
+    LF". That isn't really right - the whole point of the change was to try to
+    help when there was an actual mention of one of the two characters. So now
+    the change happens only if \r or \n (or a literal CR or LF) character is
+    encountered.
+
+2.  The 32-bit options word was also used for 6 internal flags, but the numbers
+    of both had grown to the point where there were only 3 bits left.
+    Fortunately, there was spare space in the data structure, and so I have
+    moved the internal flags into a new 16-bit field to free up more option
+    bits.
+
+3.  The appearance of (?J) at the start of a pattern set the DUPNAMES option,
+    but did not set the internal JCHANGED flag - either of these is enough to
+    control the way the "get" function works - but the PCRE_INFO_JCHANGED
+    facility is supposed to tell if (?J) was ever used, so now (?J) at the
+    start sets both bits.
+
+4.  Added options (at build time, compile time, exec time) to change \R from
+    matching any Unicode line ending sequence to just matching CR, LF, or CRLF.
+
+5.  doc/pcresyntax.html was missing from the distribution.
+
+6.  Put back the definition of PCRE_ERROR_NULLWSLIMIT, for backward
+    compatibility, even though it is no longer used.
+
+7.  Added macro for snprintf to pcrecpp_unittest.cc and also for strtoll and
+    strtoull to pcrecpp.cc to select the available functions in WIN32 when the
+    windows.h file is present (where different names are used). [This was
+    reversed later after testing - see 16 below.]
+
+8.  Changed all #include <config.h> to #include "config.h". There were also
+    some further <pcre.h> cases that I changed to "pcre.h".
+
+9.  When pcregrep was used with the --colour option, it missed the line ending
+    sequence off the lines that it output.
+
+10. It was pointed out to me that arrays of string pointers cause lots of
+    relocations when a shared library is dynamically loaded. A technique of
+    using a single long string with a table of offsets can drastically reduce
+    these. I have refactored PCRE in four places to do this. The result is
+    dramatic:
+
+      Originally:                          290
+      After changing UCP table:            187
+      After changing error message table:   43
+      After changing table of "verbs"       36
+      After changing table of Posix names   22
+
+    Thanks to the folks working on Gregex for glib for this insight.
+
+11. --disable-stack-for-recursion caused compiling to fail unless -enable-
+    unicode-properties was also set.
+
+12. Updated the tests so that they work when \R is defaulted to ANYCRLF.
+
+13. Added checks for ANY and ANYCRLF to pcrecpp.cc where it previously
+    checked only for CRLF.
+
+14. Added casts to pcretest.c to avoid compiler warnings.
+
+15. Added Craig's patch to various pcrecpp modules to avoid compiler warnings.
+
+16. Added Craig's patch to remove the WINDOWS_H tests, that were not working,
+    and instead check for _strtoi64 explicitly, and avoid the use of snprintf()
+    entirely. This removes changes made in 7 above.
+
+17. The CMake files have been updated, and there is now more information about
+    building with CMake in the NON-UNIX-USE document.
+
+
+Version 7.3 28-Aug-07
+---------------------
+
+ 1. In the rejigging of the build system that eventually resulted in 7.1, the
+    line "#include <pcre.h>" was included in pcre_internal.h. The use of angle
+    brackets there is not right, since it causes compilers to look for an
+    installed pcre.h, not the version that is in the source that is being
+    compiled (which of course may be different). I have changed it back to:
+
+      #include "pcre.h"
+
+    I have a vague recollection that the change was concerned with compiling in
+    different directories, but in the new build system, that is taken care of
+    by the VPATH setting the Makefile.
+
+ 2. The pattern .*$ when run in not-DOTALL UTF-8 mode with newline=any failed
+    when the subject happened to end in the byte 0x85 (e.g. if the last
+    character was \x{1ec5}). *Character* 0x85 is one of the "any" newline
+    characters but of course it shouldn't be taken as a newline when it is part
+    of another character. The bug was that, for an unlimited repeat of . in
+    not-DOTALL UTF-8 mode, PCRE was advancing by bytes rather than by
+    characters when looking for a newline.
+
+ 3. A small performance improvement in the DOTALL UTF-8 mode .* case.
+
+ 4. Debugging: adjusted the names of opcodes for different kinds of parentheses
+    in debug output.
+
+ 5. Arrange to use "%I64d" instead of "%lld" and "%I64u" instead of "%llu" for
+    long printing in the pcrecpp unittest when running under MinGW.
+
+ 6. ESC_K was left out of the EBCDIC table.
+
+ 7. Change 7.0/38 introduced a new limit on the number of nested non-capturing
+    parentheses; I made it 1000, which seemed large enough. Unfortunately, the
+    limit also applies to "virtual nesting" when a pattern is recursive, and in
+    this case 1000 isn't so big. I have been able to remove this limit at the
+    expense of backing off one optimization in certain circumstances. Normally,
+    when pcre_exec() would call its internal match() function recursively and
+    immediately return the result unconditionally, it uses a "tail recursion"
+    feature to save stack. However, when a subpattern that can match an empty
+    string has an unlimited repetition quantifier, it no longer makes this
+    optimization. That gives it a stack frame in which to save the data for
+    checking that an empty string has been matched. Previously this was taken
+    from the 1000-entry workspace that had been reserved. So now there is no
+    explicit limit, but more stack is used.
+
+ 8. Applied Daniel's patches to solve problems with the import/export magic
+    syntax that is required for Windows, and which was going wrong for the
+    pcreposix and pcrecpp parts of the library. These were overlooked when this
+    problem was solved for the main library.
+
+ 9. There were some crude static tests to avoid integer overflow when computing
+    the size of patterns that contain repeated groups with explicit upper
+    limits. As the maximum quantifier is 65535, the maximum group length was
+    set at 30,000 so that the product of these two numbers did not overflow a
+    32-bit integer. However, it turns out that people want to use groups that
+    are longer than 30,000 bytes (though not repeat them that many times).
+    Change 7.0/17 (the refactoring of the way the pattern size is computed) has
+    made it possible to implement the integer overflow checks in a much more
+    dynamic way, which I have now done. The artificial limitation on group
+    length has been removed - we now have only the limit on the total length of
+    the compiled pattern, which depends on the LINK_SIZE setting.
+
+10. Fixed a bug in the documentation for get/copy named substring when
+    duplicate names are permitted. If none of the named substrings are set, the
+    functions return PCRE_ERROR_NOSUBSTRING (7); the doc said they returned an
+    empty string.
+
+11. Because Perl interprets \Q...\E at a high level, and ignores orphan \E
+    instances, patterns such as [\Q\E] or [\E] or even [^\E] cause an error,
+    because the ] is interpreted as the first data character and the
+    terminating ] is not found. PCRE has been made compatible with Perl in this
+    regard. Previously, it interpreted [\Q\E] as an empty class, and [\E] could
+    cause memory overwriting.
+
+10. Like Perl, PCRE automatically breaks an unlimited repeat after an empty
+    string has been matched (to stop an infinite loop). It was not recognizing
+    a conditional subpattern that could match an empty string if that
+    subpattern was within another subpattern. For example, it looped when
+    trying to match  (((?(1)X|))*)  but it was OK with  ((?(1)X|)*)  where the
+    condition was not nested. This bug has been fixed.
+
+12. A pattern like \X?\d or \P{L}?\d in non-UTF-8 mode could cause a backtrack
+    past the start of the subject in the presence of bytes with the top bit
+    set, for example "\x8aBCD".
+
+13. Added Perl 5.10 experimental backtracking controls (*FAIL), (*F), (*PRUNE),
+    (*SKIP), (*THEN), (*COMMIT), and (*ACCEPT).
+
+14. Optimized (?!) to (*FAIL).
+
+15. Updated the test for a valid UTF-8 string to conform to the later RFC 3629.
+    This restricts code points to be within the range 0 to 0x10FFFF, excluding
+    the "low surrogate" sequence 0xD800 to 0xDFFF. Previously, PCRE allowed the
+    full range 0 to 0x7FFFFFFF, as defined by RFC 2279. Internally, it still
+    does: it's just the validity check that is more restrictive.
+
+16. Inserted checks for integer overflows during escape sequence (backslash)
+    processing, and also fixed erroneous offset values for syntax errors during
+    backslash processing.
+
+17. Fixed another case of looking too far back in non-UTF-8 mode (cf 12 above)
+    for patterns like [\PPP\x8a]{1,}\x80 with the subject "A\x80".
+
+18. An unterminated class in a pattern like (?1)\c[ with a "forward reference"
+    caused an overrun.
+
+19. A pattern like (?:[\PPa*]*){8,} which had an "extended class" (one with
+    something other than just ASCII characters) inside a group that had an
+    unlimited repeat caused a loop at compile time (while checking to see
+    whether the group could match an empty string).
+
+20. Debugging a pattern containing \p or \P could cause a crash. For example,
+    [\P{Any}] did so. (Error in the code for printing property names.)
+
+21. An orphan \E inside a character class could cause a crash.
+
+22. A repeated capturing bracket such as (A)? could cause a wild memory
+    reference during compilation.
+
+23. There are several functions in pcre_compile() that scan along a compiled
+    expression for various reasons (e.g. to see if it's fixed length for look
+    behind). There were bugs in these functions when a repeated \p or \P was
+    present in the pattern. These operators have additional parameters compared
+    with \d, etc, and these were not being taken into account when moving along
+    the compiled data. Specifically:
+
+    (a) A item such as \p{Yi}{3} in a lookbehind was not treated as fixed
+        length.
+
+    (b) An item such as \pL+ within a repeated group could cause crashes or
+        loops.
+
+    (c) A pattern such as \p{Yi}+(\P{Yi}+)(?1) could give an incorrect
+        "reference to non-existent subpattern" error.
+
+    (d) A pattern like (\P{Yi}{2}\277)? could loop at compile time.
+
+24. A repeated \S or \W in UTF-8 mode could give wrong answers when multibyte
+    characters were involved (for example /\S{2}/8g with "A\x{a3}BC").
+
+25. Using pcregrep in multiline, inverted mode (-Mv) caused it to loop.
+
+26. Patterns such as [\P{Yi}A] which include \p or \P and just one other
+    character were causing crashes (broken optimization).
+
+27. Patterns such as (\P{Yi}*\277)* (group with possible zero repeat containing
+    \p or \P) caused a compile-time loop.
+
+28. More problems have arisen in unanchored patterns when CRLF is a valid line
+    break. For example, the unstudied pattern [\r\n]A does not match the string
+    "\r\nA" because change 7.0/46 below moves the current point on by two
+    characters after failing to match at the start. However, the pattern \nA
+    *does* match, because it doesn't start till \n, and if [\r\n]A is studied,
+    the same is true. There doesn't seem any very clean way out of this, but
+    what I have chosen to do makes the common cases work: PCRE now takes note
+    of whether there can be an explicit match for \r or \n anywhere in the
+    pattern, and if so, 7.0/46 no longer applies. As part of this change,
+    there's a new PCRE_INFO_HASCRORLF option for finding out whether a compiled
+    pattern has explicit CR or LF references.
+
+29. Added (*CR) etc for changing newline setting at start of pattern.
+
+
+Version 7.2 19-Jun-07
+---------------------
+
+ 1. If the fr_FR locale cannot be found for test 3, try the "french" locale,
+    which is apparently normally available under Windows.
+
+ 2. Re-jig the pcregrep tests with different newline settings in an attempt
+    to make them independent of the local environment's newline setting.
+
+ 3. Add code to configure.ac to remove -g from the CFLAGS default settings.
+
+ 4. Some of the "internals" tests were previously cut out when the link size
+    was not 2, because the output contained actual offsets. The recent new
+    "Z" feature of pcretest means that these can be cut out, making the tests
+    usable with all link sizes.
+
+ 5. Implemented Stan Switzer's goto replacement for longjmp() when not using
+    stack recursion. This gives a massive performance boost under BSD, but just
+    a small improvement under Linux. However, it saves one field in the frame
+    in all cases.
+
+ 6. Added more features from the forthcoming Perl 5.10:
+
+    (a) (?-n) (where n is a string of digits) is a relative subroutine or
+        recursion call. It refers to the nth most recently opened parentheses.
+
+    (b) (?+n) is also a relative subroutine call; it refers to the nth next
+        to be opened parentheses.
+
+    (c) Conditions that refer to capturing parentheses can be specified
+        relatively, for example, (?(-2)... or (?(+3)...
+
+    (d) \K resets the start of the current match so that everything before
+        is not part of it.
+
+    (e) \k{name} is synonymous with \k<name> and \k'name' (.NET compatible).
+
+    (f) \g{name} is another synonym - part of Perl 5.10's unification of
+        reference syntax.
+
+    (g) (?| introduces a group in which the numbering of parentheses in each
+        alternative starts with the same number.
+
+    (h) \h, \H, \v, and \V match horizontal and vertical whitespace.
+
+ 7. Added two new calls to pcre_fullinfo(): PCRE_INFO_OKPARTIAL and
+    PCRE_INFO_JCHANGED.
+
+ 8. A pattern such as  (.*(.)?)*  caused pcre_exec() to fail by either not
+    terminating or by crashing. Diagnosed by Viktor Griph; it was in the code
+    for detecting groups that can match an empty string.
+
+ 9. A pattern with a very large number of alternatives (more than several
+    hundred) was running out of internal workspace during the pre-compile
+    phase, where pcre_compile() figures out how much memory will be needed. A
+    bit of new cunning has reduced the workspace needed for groups with
+    alternatives. The 1000-alternative test pattern now uses 12 bytes of
+    workspace instead of running out of the 4096 that are available.
+
+10. Inserted some missing (unsigned int) casts to get rid of compiler warnings.
+
+11. Applied patch from Google to remove an optimization that didn't quite work.
+    The report of the bug said:
+
+      pcrecpp::RE("a*").FullMatch("aaa") matches, while
+      pcrecpp::RE("a*?").FullMatch("aaa") does not, and
+      pcrecpp::RE("a*?\\z").FullMatch("aaa") does again.
+
+12. If \p or \P was used in non-UTF-8 mode on a character greater than 127
+    it matched the wrong number of bytes.
+
+
+Version 7.1 24-Apr-07
+---------------------
+
+ 1. Applied Bob Rossi and Daniel G's patches to convert the build system to one
+    that is more "standard", making use of automake and other Autotools. There
+    is some re-arrangement of the files and adjustment of comments consequent
+    on this.
+
+ 2. Part of the patch fixed a problem with the pcregrep tests. The test of -r
+    for recursive directory scanning broke on some systems because the files
+    are not scanned in any specific order and on different systems the order
+    was different. A call to "sort" has been inserted into RunGrepTest for the
+    approprate test as a short-term fix. In the longer term there may be an
+    alternative.
+
+ 3. I had an email from Eric Raymond about problems translating some of PCRE's
+    man pages to HTML (despite the fact that I distribute HTML pages, some
+    people do their own conversions for various reasons). The problems
+    concerned the use of low-level troff macros .br and .in. I have therefore
+    removed all such uses from the man pages (some were redundant, some could
+    be replaced by .nf/.fi pairs). The 132html script that I use to generate
+    HTML has been updated to handle .nf/.fi and to complain if it encounters
+    .br or .in.
+
+ 4. Updated comments in configure.ac that get placed in config.h.in and also
+    arranged for config.h to be included in the distribution, with the name
+    config.h.generic, for the benefit of those who have to compile without
+    Autotools (compare pcre.h, which is now distributed as pcre.h.generic).
+
+ 5. Updated the support (such as it is) for Virtual Pascal, thanks to Stefan
+    Weber: (1) pcre_internal.h was missing some function renames; (2) updated
+    makevp.bat for the current PCRE, using the additional files
+    makevp_c.txt, makevp_l.txt, and pcregexp.pas.
+
+ 6. A Windows user reported a minor discrepancy with test 2, which turned out
+    to be caused by a trailing space on an input line that had got lost in his
+    copy. The trailing space was an accident, so I've just removed it.
+
+ 7. Add -Wl,-R... flags in pcre-config.in for *BSD* systems, as I'm told
+    that is needed.
+
+ 8. Mark ucp_table (in ucptable.h) and ucp_gentype (in pcre_ucp_searchfuncs.c)
+    as "const" (a) because they are and (b) because it helps the PHP
+    maintainers who have recently made a script to detect big data structures
+    in the php code that should be moved to the .rodata section. I remembered
+    to update Builducptable as well, so it won't revert if ucptable.h is ever
+    re-created.
+
+ 9. Added some extra #ifdef SUPPORT_UTF8 conditionals into pcretest.c,
+    pcre_printint.src, pcre_compile.c, pcre_study.c, and pcre_tables.c, in
+    order to be able to cut out the UTF-8 tables in the latter when UTF-8
+    support is not required. This saves 1.5-2K of code, which is important in
+    some applications.
+
+    Later: more #ifdefs are needed in pcre_ord2utf8.c and pcre_valid_utf8.c
+    so as not to refer to the tables, even though these functions will never be
+    called when UTF-8 support is disabled. Otherwise there are problems with a
+    shared library.
+
+10. Fixed two bugs in the emulated memmove() function in pcre_internal.h:
+
+    (a) It was defining its arguments as char * instead of void *.
+
+    (b) It was assuming that all moves were upwards in memory; this was true
+        a long time ago when I wrote it, but is no longer the case.
+
+    The emulated memove() is provided for those environments that have neither
+    memmove() nor bcopy(). I didn't think anyone used it these days, but that
+    is clearly not the case, as these two bugs were recently reported.
+
+11. The script PrepareRelease is now distributed: it calls 132html, CleanTxt,
+    and Detrail to create the HTML documentation, the .txt form of the man
+    pages, and it removes trailing spaces from listed files. It also creates
+    pcre.h.generic and config.h.generic from pcre.h and config.h. In the latter
+    case, it wraps all the #defines with #ifndefs. This script should be run
+    before "make dist".
+
+12. Fixed two fairly obscure bugs concerned with quantified caseless matching
+    with Unicode property support.
+
+    (a) For a maximizing quantifier, if the two different cases of the
+        character were of different lengths in their UTF-8 codings (there are
+        some cases like this - I found 11), and the matching function had to
+        back up over a mixture of the two cases, it incorrectly assumed they
+        were both the same length.
+
+    (b) When PCRE was configured to use the heap rather than the stack for
+        recursion during matching, it was not correctly preserving the data for
+        the other case of a UTF-8 character when checking ahead for a match
+        while processing a minimizing repeat. If the check also involved
+        matching a wide character, but failed, corruption could cause an
+        erroneous result when trying to check for a repeat of the original
+        character.
+
+13. Some tidying changes to the testing mechanism:
+
+    (a) The RunTest script now detects the internal link size and whether there
+        is UTF-8 and UCP support by running ./pcretest -C instead of relying on
+        values substituted by "configure". (The RunGrepTest script already did
+        this for UTF-8.) The configure.ac script no longer substitutes the
+        relevant variables.
+
+    (b) The debugging options /B and /D in pcretest show the compiled bytecode
+        with length and offset values. This means that the output is different
+        for different internal link sizes. Test 2 is skipped for link sizes
+        other than 2 because of this, bypassing the problem. Unfortunately,
+        there was also a test in test 3 (the locale tests) that used /B and
+        failed for link sizes other than 2. Rather than cut the whole test out,
+        I have added a new /Z option to pcretest that replaces the length and
+        offset values with spaces. This is now used to make test 3 independent
+        of link size. (Test 2 will be tidied up later.)
+
+14. If erroroffset was passed as NULL to pcre_compile, it provoked a
+    segmentation fault instead of returning the appropriate error message.
+
+15. In multiline mode when the newline sequence was set to "any", the pattern
+    ^$ would give a match between the \r and \n of a subject such as "A\r\nB".
+    This doesn't seem right; it now treats the CRLF combination as the line
+    ending, and so does not match in that case. It's only a pattern such as ^$
+    that would hit this one: something like ^ABC$ would have failed after \r
+    and then tried again after \r\n.
+
+16. Changed the comparison command for RunGrepTest from "diff -u" to "diff -ub"
+    in an attempt to make files that differ only in their line terminators
+    compare equal. This works on Linux.
+
+17. Under certain error circumstances pcregrep might try to free random memory
+    as it exited. This is now fixed, thanks to valgrind.
+
+19. In pcretest, if the pattern /(?m)^$/g<any> was matched against the string
+    "abc\r\n\r\n", it found an unwanted second match after the second \r. This
+    was because its rules for how to advance for /g after matching an empty
+    string at the end of a line did not allow for this case. They now check for
+    it specially.
+
+20. pcretest is supposed to handle patterns and data of any length, by
+    extending its buffers when necessary. It was getting this wrong when the
+    buffer for a data line had to be extended.
+
+21. Added PCRE_NEWLINE_ANYCRLF which is like ANY, but matches only CR, LF, or
+    CRLF as a newline sequence.
+
+22. Code for handling Unicode properties in pcre_dfa_exec() wasn't being cut
+    out by #ifdef SUPPORT_UCP. This did no harm, as it could never be used, but
+    I have nevertheless tidied it up.
+
+23. Added some casts to kill warnings from HP-UX ia64 compiler.
+
+24. Added a man page for pcre-config.
+
+
+Version 7.0 19-Dec-06
+---------------------
+
+ 1. Fixed a signed/unsigned compiler warning in pcre_compile.c, shown up by
+    moving to gcc 4.1.1.
+
+ 2. The -S option for pcretest uses setrlimit(); I had omitted to #include
+    sys/time.h, which is documented as needed for this function. It doesn't
+    seem to matter on Linux, but it showed up on some releases of OS X.
+
+ 3. It seems that there are systems where bytes whose values are greater than
+    127 match isprint() in the "C" locale. The "C" locale should be the
+    default when a C program starts up. In most systems, only ASCII printing
+    characters match isprint(). This difference caused the output from pcretest
+    to vary, making some of the tests fail. I have changed pcretest so that:
+
+    (a) When it is outputting text in the compiled version of a pattern, bytes
+        other than 32-126 are always shown as hex escapes.
+
+    (b) When it is outputting text that is a matched part of a subject string,
+        it does the same, unless a different locale has been set for the match
+        (using the /L modifier). In this case, it uses isprint() to decide.
+
+ 4. Fixed a major bug that caused incorrect computation of the amount of memory
+    required for a compiled pattern when options that changed within the
+    pattern affected the logic of the preliminary scan that determines the
+    length. The relevant options are -x, and -i in UTF-8 mode. The result was
+    that the computed length was too small. The symptoms of this bug were
+    either the PCRE error "internal error: code overflow" from pcre_compile(),
+    or a glibc crash with a message such as "pcretest: free(): invalid next
+    size (fast)". Examples of patterns that provoked this bug (shown in
+    pcretest format) are:
+
+      /(?-x: )/x
+      /(?x)(?-x: \s*#\s*)/
+      /((?i)[\x{c0}])/8
+      /(?i:[\x{c0}])/8
+
+    HOWEVER: Change 17 below makes this fix obsolete as the memory computation
+    is now done differently.
+
+ 5. Applied patches from Google to: (a) add a QuoteMeta function to the C++
+    wrapper classes; (b) implement a new function in the C++ scanner that is
+    more efficient than the old way of doing things because it avoids levels of
+    recursion in the regex matching; (c) add a paragraph to the documentation
+    for the FullMatch() function.
+
+ 6. The escape sequence \n was being treated as whatever was defined as
+    "newline". Not only was this contrary to the documentation, which states
+    that \n is character 10 (hex 0A), but it also went horribly wrong when
+    "newline" was defined as CRLF. This has been fixed.
+
+ 7. In pcre_dfa_exec.c the value of an unsigned integer (the variable called c)
+    was being set to -1 for the "end of line" case (supposedly a value that no
+    character can have). Though this value is never used (the check for end of
+    line is "zero bytes in current character"), it caused compiler complaints.
+    I've changed it to 0xffffffff.
+
+ 8. In pcre_version.c, the version string was being built by a sequence of
+    C macros that, in the event of PCRE_PRERELEASE being defined as an empty
+    string (as it is for production releases) called a macro with an empty
+    argument. The C standard says the result of this is undefined. The gcc
+    compiler treats it as an empty string (which was what was wanted) but it is
+    reported that Visual C gives an error. The source has been hacked around to
+    avoid this problem.
+
+ 9. On the advice of a Windows user, included <io.h> and <fcntl.h> in Windows
+    builds of pcretest, and changed the call to _setmode() to use _O_BINARY
+    instead of 0x8000. Made all the #ifdefs test both _WIN32 and WIN32 (not all
+    of them did).
+
+10. Originally, pcretest opened its input and output without "b"; then I was
+    told that "b" was needed in some environments, so it was added for release
+    5.0 to both the input and output. (It makes no difference on Unix-like
+    systems.) Later I was told that it is wrong for the input on Windows. I've
+    now abstracted the modes into two macros, to make it easier to fiddle with
+    them, and removed "b" from the input mode under Windows.
+
+11. Added pkgconfig support for the C++ wrapper library, libpcrecpp.
+
+12. Added -help and --help to pcretest as an official way of being reminded
+    of the options.
+
+13. Removed some redundant semicolons after macro calls in pcrecpparg.h.in
+    and pcrecpp.cc because they annoy compilers at high warning levels.
+
+14. A bit of tidying/refactoring in pcre_exec.c in the main bumpalong loop.
+
+15. Fixed an occurrence of == in configure.ac that should have been = (shell
+    scripts are not C programs :-) and which was not noticed because it works
+    on Linux.
+
+16. pcretest is supposed to handle any length of pattern and data line (as one
+    line or as a continued sequence of lines) by extending its input buffer if
+    necessary. This feature was broken for very long pattern lines, leading to
+    a string of junk being passed to pcre_compile() if the pattern was longer
+    than about 50K.
+
+17. I have done a major re-factoring of the way pcre_compile() computes the
+    amount of memory needed for a compiled pattern. Previously, there was code
+    that made a preliminary scan of the pattern in order to do this. That was
+    OK when PCRE was new, but as the facilities have expanded, it has become
+    harder and harder to keep it in step with the real compile phase, and there
+    have been a number of bugs (see for example, 4 above). I have now found a
+    cunning way of running the real compile function in a "fake" mode that
+    enables it to compute how much memory it would need, while actually only
+    ever using a few hundred bytes of working memory and without too many
+    tests of the mode. This should make future maintenance and development
+    easier. A side effect of this work is that the limit of 200 on the nesting
+    depth of parentheses has been removed (though this was never a serious
+    limitation, I suspect). However, there is a downside: pcre_compile() now
+    runs more slowly than before (30% or more, depending on the pattern). I
+    hope this isn't a big issue. There is no effect on runtime performance.
+
+18. Fixed a minor bug in pcretest: if a pattern line was not terminated by a
+    newline (only possible for the last line of a file) and it was a
+    pattern that set a locale (followed by /Lsomething), pcretest crashed.
+
+19. Added additional timing features to pcretest. (1) The -tm option now times
+    matching only, not compiling. (2) Both -t and -tm can be followed, as a
+    separate command line item, by a number that specifies the number of
+    repeats to use when timing. The default is 50000; this gives better
+    precision, but takes uncomfortably long for very large patterns.
+
+20. Extended pcre_study() to be more clever in cases where a branch of a
+    subpattern has no definite first character. For example, (a*|b*)[cd] would
+    previously give no result from pcre_study(). Now it recognizes that the
+    first character must be a, b, c, or d.
+
+21. There was an incorrect error "recursive call could loop indefinitely" if
+    a subpattern (or the entire pattern) that was being tested for matching an
+    empty string contained only one non-empty item after a nested subpattern.
+    For example, the pattern (?>\x{100}*)\d(?R) provoked this error
+    incorrectly, because the \d was being skipped in the check.
+
+22. The pcretest program now has a new pattern option /B and a command line
+    option -b, which is equivalent to adding /B to every pattern. This causes
+    it to show the compiled bytecode, without the additional information that
+    -d shows. The effect of -d is now the same as -b with -i (and similarly, /D
+    is the same as /B/I).
+
+23. A new optimization is now able automatically to treat some sequences such
+    as a*b as a*+b. More specifically, if something simple (such as a character
+    or a simple class like \d) has an unlimited quantifier, and is followed by
+    something that cannot possibly match the quantified thing, the quantifier
+    is automatically "possessified".
+
+24. A recursive reference to a subpattern whose number was greater than 39
+    went wrong under certain circumstances in UTF-8 mode. This bug could also
+    have affected the operation of pcre_study().
+
+25. Realized that a little bit of performance could be had by replacing
+    (c & 0xc0) == 0xc0 with c >= 0xc0 when processing UTF-8 characters.
+
+26. Timing data from pcretest is now shown to 4 decimal places instead of 3.
+
+27. Possessive quantifiers such as a++ were previously implemented by turning
+    them into atomic groups such as ($>a+). Now they have their own opcodes,
+    which improves performance. This includes the automatically created ones
+    from 23 above.
+
+28. A pattern such as (?=(\w+))\1: which simulates an atomic group using a
+    lookahead was broken if it was not anchored. PCRE was mistakenly expecting
+    the first matched character to be a colon. This applied both to named and
+    numbered groups.
+
+29. The ucpinternal.h header file was missing its idempotency #ifdef.
+
+30. I was sent a "project" file called libpcre.a.dev which I understand makes
+    building PCRE on Windows easier, so I have included it in the distribution.
+
+31. There is now a check in pcretest against a ridiculously large number being
+    returned by pcre_exec() or pcre_dfa_exec(). If this happens in a /g or /G
+    loop, the loop is abandoned.
+
+32. Forward references to subpatterns in conditions such as (?(2)...) where
+    subpattern 2 is defined later cause pcre_compile() to search forwards in
+    the pattern for the relevant set of parentheses. This search went wrong
+    when there were unescaped parentheses in a character class, parentheses
+    escaped with \Q...\E, or parentheses in a #-comment in /x mode.
+
+33. "Subroutine" calls and backreferences were previously restricted to
+    referencing subpatterns earlier in the regex. This restriction has now
+    been removed.
+
+34. Added a number of extra features that are going to be in Perl 5.10. On the
+    whole, these are just syntactic alternatives for features that PCRE had
+    previously implemented using the Python syntax or my own invention. The
+    other formats are all retained for compatibility.
+
+    (a) Named groups can now be defined as (?<name>...) or (?'name'...) as well
+        as (?P<name>...). The new forms, as well as being in Perl 5.10, are
+        also .NET compatible.
+
+    (b) A recursion or subroutine call to a named group can now be defined as
+        (?&name) as well as (?P>name).
+
+    (c) A backreference to a named group can now be defined as \k<name> or
+        \k'name' as well as (?P=name). The new forms, as well as being in Perl
+        5.10, are also .NET compatible.
+
+    (d) A conditional reference to a named group can now use the syntax
+        (?(<name>) or (?('name') as well as (?(name).
+
+    (e) A "conditional group" of the form (?(DEFINE)...) can be used to define
+        groups (named and numbered) that are never evaluated inline, but can be
+        called as "subroutines" from elsewhere. In effect, the DEFINE condition
+        is always false. There may be only one alternative in such a group.
+
+    (f) A test for recursion can be given as (?(R1).. or (?(R&name)... as well
+        as the simple (?(R). The condition is true only if the most recent
+        recursion is that of the given number or name. It does not search out
+        through the entire recursion stack.
+
+    (g) The escape \gN or \g{N} has been added, where N is a positive or
+        negative number, specifying an absolute or relative reference.
+
+35. Tidied to get rid of some further signed/unsigned compiler warnings and
+    some "unreachable code" warnings.
+
+36. Updated the Unicode property tables to Unicode version 5.0.0. Amongst other
+    things, this adds five new scripts.
+
+37. Perl ignores orphaned \E escapes completely. PCRE now does the same.
+    There were also incompatibilities regarding the handling of \Q..\E inside
+    character classes, for example with patterns like [\Qa\E-\Qz\E] where the
+    hyphen was adjacent to \Q or \E. I hope I've cleared all this up now.
+
+38. Like Perl, PCRE detects when an indefinitely repeated parenthesized group
+    matches an empty string, and forcibly breaks the loop. There were bugs in
+    this code in non-simple cases. For a pattern such as  ^(a()*)*  matched
+    against  aaaa  the result was just "a" rather than "aaaa", for example. Two
+    separate and independent bugs (that affected different cases) have been
+    fixed.
+
+39. Refactored the code to abolish the use of different opcodes for small
+    capturing bracket numbers. This is a tidy that I avoided doing when I
+    removed the limit on the number of capturing brackets for 3.5 back in 2001.
+    The new approach is not only tidier, it makes it possible to reduce the
+    memory needed to fix the previous bug (38).
+
+40. Implemented PCRE_NEWLINE_ANY to recognize any of the Unicode newline
+    sequences (http://unicode.org/unicode/reports/tr18/) as "newline" when
+    processing dot, circumflex, or dollar metacharacters, or #-comments in /x
+    mode.
+
+41. Add \R to match any Unicode newline sequence, as suggested in the Unicode
+    report.
+
+42. Applied patch, originally from Ari Pollak, modified by Google, to allow
+    copy construction and assignment in the C++ wrapper.
+
+43. Updated pcregrep to support "--newline=any". In the process, I fixed a
+    couple of bugs that could have given wrong results in the "--newline=crlf"
+    case.
+
+44. Added a number of casts and did some reorganization of signed/unsigned int
+    variables following suggestions from Dair Grant. Also renamed the variable
+    "this" as "item" because it is a C++ keyword.
+
+45. Arranged for dftables to add
+
+      #include "pcre_internal.h"
+
+    to pcre_chartables.c because without it, gcc 4.x may remove the array
+    definition from the final binary if PCRE is built into a static library and
+    dead code stripping is activated.
+
+46. For an unanchored pattern, if a match attempt fails at the start of a
+    newline sequence, and the newline setting is CRLF or ANY, and the next two
+    characters are CRLF, advance by two characters instead of one.
+
+
+Version 6.7 04-Jul-06
+---------------------
+
+ 1. In order to handle tests when input lines are enormously long, pcretest has
+    been re-factored so that it automatically extends its buffers when
+    necessary. The code is crude, but this _is_ just a test program. The
+    default size has been increased from 32K to 50K.
+
+ 2. The code in pcre_study() was using the value of the re argument before
+    testing it for NULL. (Of course, in any sensible call of the function, it
+    won't be NULL.)
+
+ 3. The memmove() emulation function in pcre_internal.h, which is used on
+    systems that lack both memmove() and bcopy() - that is, hardly ever -
+    was missing a "static" storage class specifier.
+
+ 4. When UTF-8 mode was not set, PCRE looped when compiling certain patterns
+    containing an extended class (one that cannot be represented by a bitmap
+    because it contains high-valued characters or Unicode property items, e.g.
+    [\pZ]). Almost always one would set UTF-8 mode when processing such a
+    pattern, but PCRE should not loop if you do not (it no longer does).
+    [Detail: two cases were found: (a) a repeated subpattern containing an
+    extended class; (b) a recursive reference to a subpattern that followed a
+    previous extended class. It wasn't skipping over the extended class
+    correctly when UTF-8 mode was not set.]
+
+ 5. A negated single-character class was not being recognized as fixed-length
+    in lookbehind assertions such as (?<=[^f]), leading to an incorrect
+    compile error "lookbehind assertion is not fixed length".
+
+ 6. The RunPerlTest auxiliary script was showing an unexpected difference
+    between PCRE and Perl for UTF-8 tests. It turns out that it is hard to
+    write a Perl script that can interpret lines of an input file either as
+    byte characters or as UTF-8, which is what "perltest" was being required to
+    do for the non-UTF-8 and UTF-8 tests, respectively. Essentially what you
+    can't do is switch easily at run time between having the "use utf8;" pragma
+    or not. In the end, I fudged it by using the RunPerlTest script to insert
+    "use utf8;" explicitly for the UTF-8 tests.
+
+ 7. In multiline (/m) mode, PCRE was matching ^ after a terminating newline at
+    the end of the subject string, contrary to the documentation and to what
+    Perl does. This was true of both matching functions. Now it matches only at
+    the start of the subject and immediately after *internal* newlines.
+
+ 8. A call of pcre_fullinfo() from pcretest to get the option bits was passing
+    a pointer to an int instead of a pointer to an unsigned long int. This
+    caused problems on 64-bit systems.
+
+ 9. Applied a patch from the folks at Google to pcrecpp.cc, to fix "another
+    instance of the 'standard' template library not being so standard".
+
+10. There was no check on the number of named subpatterns nor the maximum
+    length of a subpattern name. The product of these values is used to compute
+    the size of the memory block for a compiled pattern. By supplying a very
+    long subpattern name and a large number of named subpatterns, the size
+    computation could be caused to overflow. This is now prevented by limiting
+    the length of names to 32 characters, and the number of named subpatterns
+    to 10,000.
+
+11. Subpatterns that are repeated with specific counts have to be replicated in
+    the compiled pattern. The size of memory for this was computed from the
+    length of the subpattern and the repeat count. The latter is limited to
+    65535, but there was no limit on the former, meaning that integer overflow
+    could in principle occur. The compiled length of a repeated subpattern is
+    now limited to 30,000 bytes in order to prevent this.
+
+12. Added the optional facility to have named substrings with the same name.
+
+13. Added the ability to use a named substring as a condition, using the
+    Python syntax: (?(name)yes|no). This overloads (?(R)... and names that
+    are numbers (not recommended). Forward references are permitted.
+
+14. Added forward references in named backreferences (if you see what I mean).
+
+15. In UTF-8 mode, with the PCRE_DOTALL option set, a quantified dot in the
+    pattern could run off the end of the subject. For example, the pattern
+    "(?s)(.{1,5})"8 did this with the subject "ab".
+
+16. If PCRE_DOTALL or PCRE_MULTILINE were set, pcre_dfa_exec() behaved as if
+    PCRE_CASELESS was set when matching characters that were quantified with ?
+    or *.
+
+17. A character class other than a single negated character that had a minimum
+    but no maximum quantifier - for example [ab]{6,} - was not handled
+    correctly by pce_dfa_exec(). It would match only one character.
+
+18. A valid (though odd) pattern that looked like a POSIX character
+    class but used an invalid character after [ (for example [[,abc,]]) caused
+    pcre_compile() to give the error "Failed: internal error: code overflow" or
+    in some cases to crash with a glibc free() error. This could even happen if
+    the pattern terminated after [[ but there just happened to be a sequence of
+    letters, a binary zero, and a closing ] in the memory that followed.
+
+19. Perl's treatment of octal escapes in the range \400 to \777 has changed
+    over the years. Originally (before any Unicode support), just the bottom 8
+    bits were taken. Thus, for example, \500 really meant \100. Nowadays the
+    output from "man perlunicode" includes this:
+
+      The regular expression compiler produces polymorphic opcodes.  That
+      is, the pattern adapts to the data and automatically switches to
+      the Unicode character scheme when presented with Unicode data--or
+      instead uses a traditional byte scheme when presented with byte
+      data.
+
+    Sadly, a wide octal escape does not cause a switch, and in a string with
+    no other multibyte characters, these octal escapes are treated as before.
+    Thus, in Perl, the pattern  /\500/ actually matches \100 but the pattern
+    /\500|\x{1ff}/ matches \500 or \777 because the whole thing is treated as a
+    Unicode string.
+
+    I have not perpetrated such confusion in PCRE. Up till now, it took just
+    the bottom 8 bits, as in old Perl. I have now made octal escapes with
+    values greater than \377 illegal in non-UTF-8 mode. In UTF-8 mode they
+    translate to the appropriate multibyte character.
+
+29. Applied some refactoring to reduce the number of warnings from Microsoft
+    and Borland compilers. This has included removing the fudge introduced
+    seven years ago for the OS/2 compiler (see 2.02/2 below) because it caused
+    a warning about an unused variable.
+
+21. PCRE has not included VT (character 0x0b) in the set of whitespace
+    characters since release 4.0, because Perl (from release 5.004) does not.
+    [Or at least, is documented not to: some releases seem to be in conflict
+    with the documentation.] However, when a pattern was studied with
+    pcre_study() and all its branches started with \s, PCRE still included VT
+    as a possible starting character. Of course, this did no harm; it just
+    caused an unnecessary match attempt.
+
+22. Removed a now-redundant internal flag bit that recorded the fact that case
+    dependency changed within the pattern. This was once needed for "required
+    byte" processing, but is no longer used. This recovers a now-scarce options
+    bit. Also moved the least significant internal flag bit to the most-
+    significant bit of the word, which was not previously used (hangover from
+    the days when it was an int rather than a uint) to free up another bit for
+    the future.
+
+23. Added support for CRLF line endings as well as CR and LF. As well as the
+    default being selectable at build time, it can now be changed at runtime
+    via the PCRE_NEWLINE_xxx flags. There are now options for pcregrep to
+    specify that it is scanning data with non-default line endings.
+
+24. Changed the definition of CXXLINK to make it agree with the definition of
+    LINK in the Makefile, by replacing LDFLAGS to CXXFLAGS.
+
+25. Applied Ian Taylor's patches to avoid using another stack frame for tail
+    recursions. This makes a big different to stack usage for some patterns.
+
+26. If a subpattern containing a named recursion or subroutine reference such
+    as (?P>B) was quantified, for example (xxx(?P>B)){3}, the calculation of
+    the space required for the compiled pattern went wrong and gave too small a
+    value. Depending on the environment, this could lead to "Failed: internal
+    error: code overflow at offset 49" or "glibc detected double free or
+    corruption" errors.
+
+27. Applied patches from Google (a) to support the new newline modes and (b) to
+    advance over multibyte UTF-8 characters in GlobalReplace.
+
+28. Change free() to pcre_free() in pcredemo.c. Apparently this makes a
+    difference for some implementation of PCRE in some Windows version.
+
+29. Added some extra testing facilities to pcretest:
+
+    \q<number>   in a data line sets the "match limit" value
+    \Q<number>   in a data line sets the "match recursion limt" value
+    -S <number>  sets the stack size, where <number> is in megabytes
+
+    The -S option isn't available for Windows.
+
+
+Version 6.6 06-Feb-06
+---------------------
+
+ 1. Change 16(a) for 6.5 broke things, because PCRE_DATA_SCOPE was not defined
+    in pcreposix.h. I have copied the definition from pcre.h.
+
+ 2. Change 25 for 6.5 broke compilation in a build directory out-of-tree
+    because pcre.h is no longer a built file.
+
+ 3. Added Jeff Friedl's additional debugging patches to pcregrep. These are
+    not normally included in the compiled code.
+
+
+Version 6.5 01-Feb-06
+---------------------
+
+ 1. When using the partial match feature with pcre_dfa_exec(), it was not
+    anchoring the second and subsequent partial matches at the new starting
+    point. This could lead to incorrect results. For example, with the pattern
+    /1234/, partially matching against "123" and then "a4" gave a match.
+
+ 2. Changes to pcregrep:
+
+    (a) All non-match returns from pcre_exec() were being treated as failures
+        to match the line. Now, unless the error is PCRE_ERROR_NOMATCH, an
+        error message is output. Some extra information is given for the
+        PCRE_ERROR_MATCHLIMIT and PCRE_ERROR_RECURSIONLIMIT errors, which are
+        probably the only errors that are likely to be caused by users (by
+        specifying a regex that has nested indefinite repeats, for instance).
+        If there are more than 20 of these errors, pcregrep is abandoned.
+
+    (b) A binary zero was treated as data while matching, but terminated the
+        output line if it was written out. This has been fixed: binary zeroes
+        are now no different to any other data bytes.
+
+    (c) Whichever of the LC_ALL or LC_CTYPE environment variables is set is
+        used to set a locale for matching. The --locale=xxxx long option has
+        been added (no short equivalent) to specify a locale explicitly on the
+        pcregrep command, overriding the environment variables.
+
+    (d) When -B was used with -n, some line numbers in the output were one less
+        than they should have been.
+
+    (e) Added the -o (--only-matching) option.
+
+    (f) If -A or -C was used with -c (count only), some lines of context were
+        accidentally printed for the final match.
+
+    (g) Added the -H (--with-filename) option.
+
+    (h) The combination of options -rh failed to suppress file names for files
+        that were found from directory arguments.
+
+    (i) Added the -D (--devices) and -d (--directories) options.
+
+    (j) Added the -F (--fixed-strings) option.
+
+    (k) Allow "-" to be used as a file name for -f as well as for a data file.
+
+    (l) Added the --colo(u)r option.
+
+    (m) Added Jeffrey Friedl's -S testing option, but within #ifdefs so that it
+        is not present by default.
+
+ 3. A nasty bug was discovered in the handling of recursive patterns, that is,
+    items such as (?R) or (?1), when the recursion could match a number of
+    alternatives. If it matched one of the alternatives, but subsequently,
+    outside the recursion, there was a failure, the code tried to back up into
+    the recursion. However, because of the way PCRE is implemented, this is not
+    possible, and the result was an incorrect result from the match.
+
+    In order to prevent this happening, the specification of recursion has
+    been changed so that all such subpatterns are automatically treated as
+    atomic groups. Thus, for example, (?R) is treated as if it were (?>(?R)).
+
+ 4. I had overlooked the fact that, in some locales, there are characters for
+    which isalpha() is true but neither isupper() nor islower() are true. In
+    the fr_FR locale, for instance, the \xAA and \xBA characters (ordmasculine
+    and ordfeminine) are like this. This affected the treatment of \w and \W
+    when they appeared in character classes, but not when they appeared outside
+    a character class. The bit map for "word" characters is now created
+    separately from the results of isalnum() instead of just taking it from the
+    upper, lower, and digit maps. (Plus the underscore character, of course.)
+
+ 5. The above bug also affected the handling of POSIX character classes such as
+    [[:alpha:]] and [[:alnum:]]. These do not have their own bit maps in PCRE's
+    permanent tables. Instead, the bit maps for such a class were previously
+    created as the appropriate unions of the upper, lower, and digit bitmaps.
+    Now they are created by subtraction from the [[:word:]] class, which has
+    its own bitmap.
+
+ 6. The [[:blank:]] character class matches horizontal, but not vertical space.
+    It is created by subtracting the vertical space characters (\x09, \x0a,
+    \x0b, \x0c) from the [[:space:]] bitmap. Previously, however, the
+    subtraction was done in the overall bitmap for a character class, meaning
+    that a class such as [\x0c[:blank:]] was incorrect because \x0c would not
+    be recognized. This bug has been fixed.
+
+ 7. Patches from the folks at Google:
+
+      (a) pcrecpp.cc: "to handle a corner case that may or may not happen in
+      real life, but is still worth protecting against".
+
+      (b) pcrecpp.cc: "corrects a bug when negative radixes are used with
+      regular expressions".
+
+      (c) pcre_scanner.cc: avoid use of std::count() because not all systems
+      have it.
+
+      (d) Split off pcrecpparg.h from pcrecpp.h and had the former built by
+      "configure" and the latter not, in order to fix a problem somebody had
+      with compiling the Arg class on HP-UX.
+
+      (e) Improve the error-handling of the C++ wrapper a little bit.
+
+      (f) New tests for checking recursion limiting.
+
+ 8. The pcre_memmove() function, which is used only if the environment does not
+    have a standard memmove() function (and is therefore rarely compiled),
+    contained two bugs: (a) use of int instead of size_t, and (b) it was not
+    returning a result (though PCRE never actually uses the result).
+
+ 9. In the POSIX regexec() interface, if nmatch is specified as a ridiculously
+    large number - greater than INT_MAX/(3*sizeof(int)) - REG_ESPACE is
+    returned instead of calling malloc() with an overflowing number that would
+    most likely cause subsequent chaos.
+
+10. The debugging option of pcretest was not showing the NO_AUTO_CAPTURE flag.
+
+11. The POSIX flag REG_NOSUB is now supported. When a pattern that was compiled
+    with this option is matched, the nmatch and pmatch options of regexec() are
+    ignored.
+
+12. Added REG_UTF8 to the POSIX interface. This is not defined by POSIX, but is
+    provided in case anyone wants to the the POSIX interface with UTF-8
+    strings.
+
+13. Added CXXLDFLAGS to the Makefile parameters to provide settings only on the
+    C++ linking (needed for some HP-UX environments).
+
+14. Avoid compiler warnings in get_ucpname() when compiled without UCP support
+    (unused parameter) and in the pcre_printint() function (omitted "default"
+    switch label when the default is to do nothing).
+
+15. Added some code to make it possible, when PCRE is compiled as a C++
+    library, to replace subject pointers for pcre_exec() with a smart pointer
+    class, thus making it possible to process discontinuous strings.
+
+16. The two macros PCRE_EXPORT and PCRE_DATA_SCOPE are confusing, and perform
+    much the same function. They were added by different people who were trying
+    to make PCRE easy to compile on non-Unix systems. It has been suggested
+    that PCRE_EXPORT be abolished now that there is more automatic apparatus
+    for compiling on Windows systems. I have therefore replaced it with
+    PCRE_DATA_SCOPE. This is set automatically for Windows; if not set it
+    defaults to "extern" for C or "extern C" for C++, which works fine on
+    Unix-like systems. It is now possible to override the value of PCRE_DATA_
+    SCOPE with something explicit in config.h. In addition:
+
+    (a) pcreposix.h still had just "extern" instead of either of these macros;
+        I have replaced it with PCRE_DATA_SCOPE.
+
+    (b) Functions such as _pcre_xclass(), which are internal to the library,
+        but external in the C sense, all had PCRE_EXPORT in their definitions.
+        This is apparently wrong for the Windows case, so I have removed it.
+        (It makes no difference on Unix-like systems.)
+
+17. Added a new limit, MATCH_LIMIT_RECURSION, which limits the depth of nesting
+    of recursive calls to match(). This is different to MATCH_LIMIT because
+    that limits the total number of calls to match(), not all of which increase
+    the depth of recursion. Limiting the recursion depth limits the amount of
+    stack (or heap if NO_RECURSE is set) that is used. The default can be set
+    when PCRE is compiled, and changed at run time. A patch from Google adds
+    this functionality to the C++ interface.
+
+18. Changes to the handling of Unicode character properties:
+
+    (a) Updated the table to Unicode 4.1.0.
+
+    (b) Recognize characters that are not in the table as "Cn" (undefined).
+
+    (c) I revised the way the table is implemented to a much improved format
+        which includes recognition of ranges. It now supports the ranges that
+        are defined in UnicodeData.txt, and it also amalgamates other
+        characters into ranges. This has reduced the number of entries in the
+        table from around 16,000 to around 3,000, thus reducing its size
+        considerably. I realized I did not need to use a tree structure after
+        all - a binary chop search is just as efficient. Having reduced the
+        number of entries, I extended their size from 6 bytes to 8 bytes to
+        allow for more data.
+
+    (d) Added support for Unicode script names via properties such as \p{Han}.
+
+19. In UTF-8 mode, a backslash followed by a non-Ascii character was not
+    matching that character.
+
+20. When matching a repeated Unicode property with a minimum greater than zero,
+    (for example \pL{2,}), PCRE could look past the end of the subject if it
+    reached it while seeking the minimum number of characters. This could
+    happen only if some of the characters were more than one byte long, because
+    there is a check for at least the minimum number of bytes.
+
+21. Refactored the implementation of \p and \P so as to be more general, to
+    allow for more different types of property in future. This has changed the
+    compiled form incompatibly. Anybody with saved compiled patterns that use
+    \p or \P will have to recompile them.
+
+22. Added "Any" and "L&" to the supported property types.
+
+23. Recognize \x{...} as a code point specifier, even when not in UTF-8 mode,
+    but give a compile time error if the value is greater than 0xff.
+
+24. The man pages for pcrepartial, pcreprecompile, and pcre_compile2 were
+    accidentally not being installed or uninstalled.
+
+25. The pcre.h file was built from pcre.h.in, but the only changes that were
+    made were to insert the current release number. This seemed silly, because
+    it made things harder for people building PCRE on systems that don't run
+    "configure". I have turned pcre.h into a distributed file, no longer built
+    by "configure", with the version identification directly included. There is
+    no longer a pcre.h.in file.
+
+    However, this change necessitated a change to the pcre-config script as
+    well. It is built from pcre-config.in, and one of the substitutions was the
+    release number. I have updated configure.ac so that ./configure now finds
+    the release number by grepping pcre.h.
+
+26. Added the ability to run the tests under valgrind.
+
+
+Version 6.4 05-Sep-05
+---------------------
+
+ 1. Change 6.0/10/(l) to pcregrep introduced a bug that caused separator lines
+    "--" to be printed when multiple files were scanned, even when none of the
+    -A, -B, or -C options were used. This is not compatible with Gnu grep, so I
+    consider it to be a bug, and have restored the previous behaviour.
+
+ 2. A couple of code tidies to get rid of compiler warnings.
+
+ 3. The pcretest program used to cheat by referring to symbols in the library
+    whose names begin with _pcre_. These are internal symbols that are not
+    really supposed to be visible externally, and in some environments it is
+    possible to suppress them. The cheating is now confined to including
+    certain files from the library's source, which is a bit cleaner.
+
+ 4. Renamed pcre.in as pcre.h.in to go with pcrecpp.h.in; it also makes the
+    file's purpose clearer.
+
+ 5. Reorganized pcre_ucp_findchar().
+
+
+Version 6.3 15-Aug-05
+---------------------
+
+ 1. The file libpcre.pc.in did not have general read permission in the tarball.
+
+ 2. There were some problems when building without C++ support:
+
+    (a) If C++ support was not built, "make install" and "make test" still
+        tried to test it.
+
+    (b) There were problems when the value of CXX was explicitly set. Some
+        changes have been made to try to fix these, and ...
+
+    (c) --disable-cpp can now be used to explicitly disable C++ support.
+
+    (d) The use of @CPP_OBJ@ directly caused a blank line preceded by a
+        backslash in a target when C++ was disabled. This confuses some
+        versions of "make", apparently. Using an intermediate variable solves
+        this. (Same for CPP_LOBJ.)
+
+ 3. $(LINK_FOR_BUILD) now includes $(CFLAGS_FOR_BUILD) and $(LINK)
+    (non-Windows) now includes $(CFLAGS) because these flags are sometimes
+    necessary on certain architectures.
+
+ 4. Added a setting of -export-symbols-regex to the link command to remove
+    those symbols that are exported in the C sense, but actually are local
+    within the library, and not documented. Their names all begin with
+    "_pcre_". This is not a perfect job, because (a) we have to except some
+    symbols that pcretest ("illegally") uses, and (b) the facility isn't always
+    available (and never for static libraries). I have made a note to try to
+    find a way round (a) in the future.
+
+
+Version 6.2 01-Aug-05
+---------------------
+
+ 1. There was no test for integer overflow of quantifier values. A construction
+    such as {1111111111111111} would give undefined results. What is worse, if
+    a minimum quantifier for a parenthesized subpattern overflowed and became
+    negative, the calculation of the memory size went wrong. This could have
+    led to memory overwriting.
+
+ 2. Building PCRE using VPATH was broken. Hopefully it is now fixed.
+
+ 3. Added "b" to the 2nd argument of fopen() in dftables.c, for non-Unix-like
+    operating environments where this matters.
+
+ 4. Applied Giuseppe Maxia's patch to add additional features for controlling
+    PCRE options from within the C++ wrapper.
+
+ 5. Named capturing subpatterns were not being correctly counted when a pattern
+    was compiled. This caused two problems: (a) If there were more than 100
+    such subpatterns, the calculation of the memory needed for the whole
+    compiled pattern went wrong, leading to an overflow error. (b) Numerical
+    back references of the form \12, where the number was greater than 9, were
+    not recognized as back references, even though there were sufficient
+    previous subpatterns.
+
+ 6. Two minor patches to pcrecpp.cc in order to allow it to compile on older
+    versions of gcc, e.g. 2.95.4.
+
+
+Version 6.1 21-Jun-05
+---------------------
+
+ 1. There was one reference to the variable "posix" in pcretest.c that was not
+    surrounded by "#if !defined NOPOSIX".
+
+ 2. Make it possible to compile pcretest without DFA support, UTF8 support, or
+    the cross-check on the old pcre_info() function, for the benefit of the
+    cut-down version of PCRE that is currently imported into Exim.
+
+ 3. A (silly) pattern starting with (?i)(?-i) caused an internal space
+    allocation error. I've done the easy fix, which wastes 2 bytes for sensible
+    patterns that start (?i) but I don't think that matters. The use of (?i) is
+    just an example; this all applies to the other options as well.
+
+ 4. Since libtool seems to echo the compile commands it is issuing, the output
+    from "make" can be reduced a bit by putting "@" in front of each libtool
+    compile command.
+
+ 5. Patch from the folks at Google for configure.in to be a bit more thorough
+    in checking for a suitable C++ installation before trying to compile the
+    C++ stuff. This should fix a reported problem when a compiler was present,
+    but no suitable headers.
+
+ 6. The man pages all had just "PCRE" as their title. I have changed them to
+    be the relevant file name. I have also arranged that these names are
+    retained in the file doc/pcre.txt, which is a concatenation in text format
+    of all the man pages except the little individual ones for each function.
+
+ 7. The NON-UNIX-USE file had not been updated for the different set of source
+    files that come with release 6. I also added a few comments about the C++
+    wrapper.
+
+
+Version 6.0 07-Jun-05
+---------------------
+
+ 1. Some minor internal re-organization to help with my DFA experiments.
+
+ 2. Some missing #ifdef SUPPORT_UCP conditionals in pcretest and printint that
+    didn't matter for the library itself when fully configured, but did matter
+    when compiling without UCP support, or within Exim, where the ucp files are
+    not imported.
+
+ 3. Refactoring of the library code to split up the various functions into
+    different source modules. The addition of the new DFA matching code (see
+    below) to a single monolithic source would have made it really too
+    unwieldy, quite apart from causing all the code to be include in a
+    statically linked application, when only some functions are used. This is
+    relevant even without the DFA addition now that patterns can be compiled in
+    one application and matched in another.
+
+    The downside of splitting up is that there have to be some external
+    functions and data tables that are used internally in different modules of
+    the library but which are not part of the API. These have all had their
+    names changed to start with "_pcre_" so that they are unlikely to clash
+    with other external names.
+
+ 4. Added an alternate matching function, pcre_dfa_exec(), which matches using
+    a different (DFA) algorithm. Although it is slower than the original
+    function, it does have some advantages for certain types of matching
+    problem.
+
+ 5. Upgrades to pcretest in order to test the features of pcre_dfa_exec(),
+    including restarting after a partial match.
+
+ 6. A patch for pcregrep that defines INVALID_FILE_ATTRIBUTES if it is not
+    defined when compiling for Windows was sent to me. I have put it into the
+    code, though I have no means of testing or verifying it.
+
+ 7. Added the pcre_refcount() auxiliary function.
+
+ 8. Added the PCRE_FIRSTLINE option. This constrains an unanchored pattern to
+    match before or at the first newline in the subject string. In pcretest,
+    the /f option on a pattern can be used to set this.
+
+ 9. A repeated \w when used in UTF-8 mode with characters greater than 256
+    would behave wrongly. This has been present in PCRE since release 4.0.
+
+10. A number of changes to the pcregrep command:
+
+    (a) Refactored how -x works; insert ^(...)$ instead of setting
+        PCRE_ANCHORED and checking the length, in preparation for adding
+        something similar for -w.
+
+    (b) Added the -w (match as a word) option.
+
+    (c) Refactored the way lines are read and buffered so as to have more
+        than one at a time available.
+
+    (d) Implemented a pcregrep test script.
+
+    (e) Added the -M (multiline match) option. This allows patterns to match
+        over several lines of the subject. The buffering ensures that at least
+        8K, or the rest of the document (whichever is the shorter) is available
+        for matching (and similarly the previous 8K for lookbehind assertions).
+
+    (f) Changed the --help output so that it now says
+
+          -w, --word-regex(p)
+
+        instead of two lines, one with "regex" and the other with "regexp"
+        because that confused at least one person since the short forms are the
+        same. (This required a bit of code, as the output is generated
+        automatically from a table. It wasn't just a text change.)
+
+    (g) -- can be used to terminate pcregrep options if the next thing isn't an
+        option but starts with a hyphen. Could be a pattern or a path name
+        starting with a hyphen, for instance.
+
+    (h) "-" can be given as a file name to represent stdin.
+
+    (i) When file names are being printed, "(standard input)" is used for
+        the standard input, for compatibility with GNU grep. Previously
+        "<stdin>" was used.
+
+    (j) The option --label=xxx can be used to supply a name to be used for
+        stdin when file names are being printed. There is no short form.
+
+    (k) Re-factored the options decoding logic because we are going to add
+        two more options that take data. Such options can now be given in four
+        different ways, e.g. "-fname", "-f name", "--file=name", "--file name".
+
+    (l) Added the -A, -B, and -C options for requesting that lines of context
+        around matches be printed.
+
+    (m) Added the -L option to print the names of files that do not contain
+        any matching lines, that is, the complement of -l.
+
+    (n) The return code is 2 if any file cannot be opened, but pcregrep does
+        continue to scan other files.
+
+    (o) The -s option was incorrectly implemented. For compatibility with other
+        greps, it now suppresses the error message for a non-existent or non-
+        accessible file (but not the return code). There is a new option called
+        -q that suppresses the output of matching lines, which was what -s was
+        previously doing.
+
+    (p) Added --include and --exclude options to specify files for inclusion
+        and exclusion when recursing.
+
+11. The Makefile was not using the Autoconf-supported LDFLAGS macro properly.
+    Hopefully, it now does.
+
+12. Missing cast in pcre_study().
+
+13. Added an "uninstall" target to the makefile.
+
+14. Replaced "extern" in the function prototypes in Makefile.in with
+    "PCRE_DATA_SCOPE", which defaults to 'extern' or 'extern "C"' in the Unix
+    world, but is set differently for Windows.
+
+15. Added a second compiling function called pcre_compile2(). The only
+    difference is that it has an extra argument, which is a pointer to an
+    integer error code. When there is a compile-time failure, this is set
+    non-zero, in addition to the error test pointer being set to point to an
+    error message. The new argument may be NULL if no error number is required
+    (but then you may as well call pcre_compile(), which is now just a
+    wrapper). This facility is provided because some applications need a
+    numeric error indication, but it has also enabled me to tidy up the way
+    compile-time errors are handled in the POSIX wrapper.
+
+16. Added VPATH=.libs to the makefile; this should help when building with one
+    prefix path and installing with another. (Or so I'm told by someone who
+    knows more about this stuff than I do.)
+
+17. Added a new option, REG_DOTALL, to the POSIX function regcomp(). This
+    passes PCRE_DOTALL to the pcre_compile() function, making the "." character
+    match everything, including newlines. This is not POSIX-compatible, but
+    somebody wanted the feature. From pcretest it can be activated by using
+    both the P and the s flags.
+
+18. AC_PROG_LIBTOOL appeared twice in Makefile.in. Removed one.
+
+19. libpcre.pc was being incorrectly installed as executable.
+
+20. A couple of places in pcretest check for end-of-line by looking for '\n';
+    it now also looks for '\r' so that it will work unmodified on Windows.
+
+21. Added Google's contributed C++ wrapper to the distribution.
+
+22. Added some untidy missing memory free() calls in pcretest, to keep
+    Electric Fence happy when testing.
+
+
+
+Version 5.0 13-Sep-04
+---------------------
+
+ 1. Internal change: literal characters are no longer packed up into items
+    containing multiple characters in a single byte-string. Each character
+    is now matched using a separate opcode. However, there may be more than one
+    byte in the character in UTF-8 mode.
+
+ 2. The pcre_callout_block structure has two new fields: pattern_position and
+    next_item_length. These contain the offset in the pattern to the next match
+    item, and its length, respectively.
+
+ 3. The PCRE_AUTO_CALLOUT option for pcre_compile() requests the automatic
+    insertion of callouts before each pattern item. Added the /C option to
+    pcretest to make use of this.
+
+ 4. On the advice of a Windows user, the lines
+
+      #if defined(_WIN32) || defined(WIN32)
+      _setmode( _fileno( stdout ), 0x8000 );
+      #endif  /* defined(_WIN32) || defined(WIN32) */
+
+    have been added to the source of pcretest. This apparently does useful
+    magic in relation to line terminators.
+
+ 5. Changed "r" and "w" in the calls to fopen() in pcretest to "rb" and "wb"
+    for the benefit of those environments where the "b" makes a difference.
+
+ 6. The icc compiler has the same options as gcc, but "configure" doesn't seem
+    to know about it. I have put a hack into configure.in that adds in code
+    to set GCC=yes if CC=icc. This seems to end up at a point in the
+    generated configure script that is early enough to affect the setting of
+    compiler options, which is what is needed, but I have no means of testing
+    whether it really works. (The user who reported this had patched the
+    generated configure script, which of course I cannot do.)
+
+    LATER: After change 22 below (new libtool files), the configure script
+    seems to know about icc (and also ecc). Therefore, I have commented out
+    this hack in configure.in.
+
+ 7. Added support for pkg-config (2 patches were sent in).
+
+ 8. Negated POSIX character classes that used a combination of internal tables
+    were completely broken. These were [[:^alpha:]], [[:^alnum:]], and
+    [[:^ascii]]. Typically, they would match almost any characters. The other
+    POSIX classes were not broken in this way.
+
+ 9. Matching the pattern "\b.*?" against "ab cd", starting at offset 1, failed
+    to find the match, as PCRE was deluded into thinking that the match had to
+    start at the start point or following a newline. The same bug applied to
+    patterns with negative forward assertions or any backward assertions
+    preceding ".*" at the start, unless the pattern required a fixed first
+    character. This was a failing pattern: "(?!.bcd).*". The bug is now fixed.
+
+10. In UTF-8 mode, when moving forwards in the subject after a failed match
+    starting at the last subject character, bytes beyond the end of the subject
+    string were read.
+
+11. Renamed the variable "class" as "classbits" to make life easier for C++
+    users. (Previously there was a macro definition, but it apparently wasn't
+    enough.)
+
+12. Added the new field "tables" to the extra data so that tables can be passed
+    in at exec time, or the internal tables can be re-selected. This allows
+    a compiled regex to be saved and re-used at a later time by a different
+    program that might have everything at different addresses.
+
+13. Modified the pcre-config script so that, when run on Solaris, it shows a
+    -R library as well as a -L library.
+
+14. The debugging options of pcretest (-d on the command line or D on a
+    pattern) showed incorrect output for anything following an extended class
+    that contained multibyte characters and which was followed by a quantifier.
+
+15. Added optional support for general category Unicode character properties
+    via the \p, \P, and \X escapes. Unicode property support implies UTF-8
+    support. It adds about 90K to the size of the library. The meanings of the
+    inbuilt class escapes such as \d and \s have NOT been changed.
+
+16. Updated pcredemo.c to include calls to free() to release the memory for the
+    compiled pattern.
+
+17. The generated file chartables.c was being created in the source directory
+    instead of in the building directory. This caused the build to fail if the
+    source directory was different from the building directory, and was
+    read-only.
+
+18. Added some sample Win commands from Mark Tetrode into the NON-UNIX-USE
+    file. No doubt somebody will tell me if they don't make sense... Also added
+    Dan Mooney's comments about building on OpenVMS.
+
+19. Added support for partial matching via the PCRE_PARTIAL option for
+    pcre_exec() and the \P data escape in pcretest.
+
+20. Extended pcretest with 3 new pattern features:
+
+    (i)   A pattern option of the form ">rest-of-line" causes pcretest to
+          write the compiled pattern to the file whose name is "rest-of-line".
+          This is a straight binary dump of the data, with the saved pointer to
+          the character tables forced to be NULL. The study data, if any, is
+          written too. After writing, pcretest reads a new pattern.
+
+    (ii)  If, instead of a pattern, "<rest-of-line" is given, pcretest reads a
+          compiled pattern from the given file. There must not be any
+          occurrences of "<" in the file name (pretty unlikely); if there are,
+          pcretest will instead treat the initial "<" as a pattern delimiter.
+          After reading in the pattern, pcretest goes on to read data lines as
+          usual.
+
+    (iii) The F pattern option causes pcretest to flip the bytes in the 32-bit
+          and 16-bit fields in a compiled pattern, to simulate a pattern that
+          was compiled on a host of opposite endianness.
+
+21. The pcre-exec() function can now cope with patterns that were compiled on
+    hosts of opposite endianness, with this restriction:
+
+      As for any compiled expression that is saved and used later, the tables
+      pointer field cannot be preserved; the extra_data field in the arguments
+      to pcre_exec() should be used to pass in a tables address if a value
+      other than the default internal tables were used at compile time.
+
+22. Calling pcre_exec() with a negative value of the "ovecsize" parameter is
+    now diagnosed as an error. Previously, most of the time, a negative number
+    would have been treated as zero, but if in addition "ovector" was passed as
+    NULL, a crash could occur.
+
+23. Updated the files ltmain.sh, config.sub, config.guess, and aclocal.m4 with
+    new versions from the libtool 1.5 distribution (the last one is a copy of
+    a file called libtool.m4). This seems to have fixed the need to patch
+    "configure" to support Darwin 1.3 (which I used to do). However, I still
+    had to patch ltmain.sh to ensure that ${SED} is set (it isn't on my
+    workstation).
+
+24. Changed the PCRE licence to be the more standard "BSD" licence.
+
+
+Version 4.5 01-Dec-03
+---------------------
+
+ 1. There has been some re-arrangement of the code for the match() function so
+    that it can be compiled in a version that does not call itself recursively.
+    Instead, it keeps those local variables that need separate instances for
+    each "recursion" in a frame on the heap, and gets/frees frames whenever it
+    needs to "recurse". Keeping track of where control must go is done by means
+    of setjmp/longjmp. The whole thing is implemented by a set of macros that
+    hide most of the details from the main code, and operates only if
+    NO_RECURSE is defined while compiling pcre.c. If PCRE is built using the
+    "configure" mechanism, "--disable-stack-for-recursion" turns on this way of
+    operating.
+
+    To make it easier for callers to provide specially tailored get/free
+    functions for this usage, two new functions, pcre_stack_malloc, and
+    pcre_stack_free, are used. They are always called in strict stacking order,
+    and the size of block requested is always the same.
+
+    The PCRE_CONFIG_STACKRECURSE info parameter can be used to find out whether
+    PCRE has been compiled to use the stack or the heap for recursion. The
+    -C option of pcretest uses this to show which version is compiled.
+
+    A new data escape \S, is added to pcretest; it causes the amounts of store
+    obtained and freed by both kinds of malloc/free at match time to be added
+    to the output.
+
+ 2. Changed the locale test to use "fr_FR" instead of "fr" because that's
+    what's available on my current Linux desktop machine.
+
+ 3. When matching a UTF-8 string, the test for a valid string at the start has
+    been extended. If start_offset is not zero, PCRE now checks that it points
+    to a byte that is the start of a UTF-8 character. If not, it returns
+    PCRE_ERROR_BADUTF8_OFFSET (-11). Note: the whole string is still checked;
+    this is necessary because there may be backward assertions in the pattern.
+    When matching the same subject several times, it may save resources to use
+    PCRE_NO_UTF8_CHECK on all but the first call if the string is long.
+
+ 4. The code for checking the validity of UTF-8 strings has been tightened so
+    that it rejects (a) strings containing 0xfe or 0xff bytes and (b) strings
+    containing "overlong sequences".
+
+ 5. Fixed a bug (appearing twice) that I could not find any way of exploiting!
+    I had written "if ((digitab[*p++] && chtab_digit) == 0)" where the "&&"
+    should have been "&", but it just so happened that all the cases this let
+    through by mistake were picked up later in the function.
+
+ 6. I had used a variable called "isblank" - this is a C99 function, causing
+    some compilers to warn. To avoid this, I renamed it (as "blankclass").
+
+ 7. Cosmetic: (a) only output another newline at the end of pcretest if it is
+    prompting; (b) run "./pcretest /dev/null" at the start of the test script
+    so the version is shown; (c) stop "make test" echoing "./RunTest".
+
+ 8. Added patches from David Burgess to enable PCRE to run on EBCDIC systems.
+
+ 9. The prototype for memmove() for systems that don't have it was using
+    size_t, but the inclusion of the header that defines size_t was later. I've
+    moved the #includes for the C headers earlier to avoid this.
+
+10. Added some adjustments to the code to make it easier to compiler on certain
+    special systems:
+
+      (a) Some "const" qualifiers were missing.
+      (b) Added the macro EXPORT before all exported functions; by default this
+          is defined to be empty.
+      (c) Changed the dftables auxiliary program (that builds chartables.c) so
+          that it reads its output file name as an argument instead of writing
+          to the standard output and assuming this can be redirected.
+
+11. In UTF-8 mode, if a recursive reference (e.g. (?1)) followed a character
+    class containing characters with values greater than 255, PCRE compilation
+    went into a loop.
+
+12. A recursive reference to a subpattern that was within another subpattern
+    that had a minimum quantifier of zero caused PCRE to crash. For example,
+    (x(y(?2))z)? provoked this bug with a subject that got as far as the
+    recursion. If the recursively-called subpattern itself had a zero repeat,
+    that was OK.
+
+13. In pcretest, the buffer for reading a data line was set at 30K, but the
+    buffer into which it was copied (for escape processing) was still set at
+    1024, so long lines caused crashes.
+
+14. A pattern such as /[ab]{1,3}+/ failed to compile, giving the error
+    "internal error: code overflow...". This applied to any character class
+    that was followed by a possessive quantifier.
+
+15. Modified the Makefile to add libpcre.la as a prerequisite for
+    libpcreposix.la because I was told this is needed for a parallel build to
+    work.
+
+16. If a pattern that contained .* following optional items at the start was
+    studied, the wrong optimizing data was generated, leading to matching
+    errors. For example, studying /[ab]*.*c/ concluded, erroneously, that any
+    matching string must start with a or b or c. The correct conclusion for
+    this pattern is that a match can start with any character.
+
+
+Version 4.4 13-Aug-03
+---------------------
+
+ 1. In UTF-8 mode, a character class containing characters with values between
+    127 and 255 was not handled correctly if the compiled pattern was studied.
+    In fixing this, I have also improved the studying algorithm for such
+    classes (slightly).
+
+ 2. Three internal functions had redundant arguments passed to them. Removal
+    might give a very teeny performance improvement.
+
+ 3. Documentation bug: the value of the capture_top field in a callout is *one
+    more than* the number of the hightest numbered captured substring.
+
+ 4. The Makefile linked pcretest and pcregrep with -lpcre, which could result
+    in incorrectly linking with a previously installed version. They now link
+    explicitly with libpcre.la.
+
+ 5. configure.in no longer needs to recognize Cygwin specially.
+
+ 6. A problem in pcre.in for Windows platforms is fixed.
+
+ 7. If a pattern was successfully studied, and the -d (or /D) flag was given to
+    pcretest, it used to include the size of the study block as part of its
+    output. Unfortunately, the structure contains a field that has a different
+    size on different hardware architectures. This meant that the tests that
+    showed this size failed. As the block is currently always of a fixed size,
+    this information isn't actually particularly useful in pcretest output, so
+    I have just removed it.
+
+ 8. Three pre-processor statements accidentally did not start in column 1.
+    Sadly, there are *still* compilers around that complain, even though
+    standard C has not required this for well over a decade. Sigh.
+
+ 9. In pcretest, the code for checking callouts passed small integers in the
+    callout_data field, which is a void * field. However, some picky compilers
+    complained about the casts involved for this on 64-bit systems. Now
+    pcretest passes the address of the small integer instead, which should get
+    rid of the warnings.
+
+10. By default, when in UTF-8 mode, PCRE now checks for valid UTF-8 strings at
+    both compile and run time, and gives an error if an invalid UTF-8 sequence
+    is found. There is a option for disabling this check in cases where the
+    string is known to be correct and/or the maximum performance is wanted.
+
+11. In response to a bug report, I changed one line in Makefile.in from
+
+        -Wl,--out-implib,.libs/lib@WIN_PREFIX@pcreposix.dll.a \
+    to
+        -Wl,--out-implib,.libs/@WIN_PREFIX@libpcreposix.dll.a \
+
+    to look similar to other lines, but I have no way of telling whether this
+    is the right thing to do, as I do not use Windows. No doubt I'll get told
+    if it's wrong...
+
+
+Version 4.3 21-May-03
+---------------------
+
+1. Two instances of @WIN_PREFIX@ omitted from the Windows targets in the
+   Makefile.
+
+2. Some refactoring to improve the quality of the code:
+
+   (i)   The utf8_table... variables are now declared "const".
+
+   (ii)  The code for \cx, which used the "case flipping" table to upper case
+         lower case letters, now just substracts 32. This is ASCII-specific,
+         but the whole concept of \cx is ASCII-specific, so it seems
+         reasonable.
+
+   (iii) PCRE was using its character types table to recognize decimal and
+         hexadecimal digits in the pattern. This is silly, because it handles
+         only 0-9, a-f, and A-F, but the character types table is locale-
+         specific, which means strange things might happen. A private
+         table is now used for this - though it costs 256 bytes, a table is
+         much faster than multiple explicit tests. Of course, the standard
+         character types table is still used for matching digits in subject
+         strings against \d.
+
+   (iv)  Strictly, the identifier ESC_t is reserved by POSIX (all identifiers
+         ending in _t are). So I've renamed it as ESC_tee.
+
+3. The first argument for regexec() in the POSIX wrapper should have been
+   defined as "const".
+
+4. Changed pcretest to use malloc() for its buffers so that they can be
+   Electric Fenced for debugging.
+
+5. There were several places in the code where, in UTF-8 mode, PCRE would try
+   to read one or more bytes before the start of the subject string. Often this
+   had no effect on PCRE's behaviour, but in some circumstances it could
+   provoke a segmentation fault.
+
+6. A lookbehind at the start of a pattern in UTF-8 mode could also cause PCRE
+   to try to read one or more bytes before the start of the subject string.
+
+7. A lookbehind in a pattern matched in non-UTF-8 mode on a PCRE compiled with
+   UTF-8 support could misbehave in various ways if the subject string
+   contained bytes with the 0x80 bit set and the 0x40 bit unset in a lookbehind
+   area. (PCRE was not checking for the UTF-8 mode flag, and trying to move
+   back over UTF-8 characters.)
+
+
+Version 4.2 14-Apr-03
+---------------------
+
+1. Typo "#if SUPPORT_UTF8" instead of "#ifdef SUPPORT_UTF8" fixed.
+
+2. Changes to the building process, supplied by Ronald Landheer-Cieslak
+     [ON_WINDOWS]: new variable, "#" on non-Windows platforms
+     [NOT_ON_WINDOWS]: new variable, "#" on Windows platforms
+     [WIN_PREFIX]: new variable, "cyg" for Cygwin
+     * Makefile.in: use autoconf substitution for OBJEXT, EXEEXT, BUILD_OBJEXT
+       and BUILD_EXEEXT
+     Note: automatic setting of the BUILD variables is not yet working
+     set CPPFLAGS and BUILD_CPPFLAGS (but don't use yet) - should be used at
+       compile-time but not at link-time
+     [LINK]: use for linking executables only
+     make different versions for Windows and non-Windows
+     [LINKLIB]: new variable, copy of UNIX-style LINK, used for linking
+       libraries
+     [LINK_FOR_BUILD]: new variable
+     [OBJEXT]: use throughout
+     [EXEEXT]: use throughout
+     <winshared>: new target
+     <wininstall>: new target
+     <dftables.o>: use native compiler
+     <dftables>: use native linker
+     <install>: handle Windows platform correctly
+     <clean>: ditto
+     <check>: ditto
+     copy DLL to top builddir before testing
+
+   As part of these changes, -no-undefined was removed again. This was reported
+   to give trouble on HP-UX 11.0, so getting rid of it seems like a good idea
+   in any case.
+
+3. Some tidies to get rid of compiler warnings:
+
+   . In the match_data structure, match_limit was an unsigned long int, whereas
+     match_call_count was an int. I've made them both unsigned long ints.
+
+   . In pcretest the fact that a const uschar * doesn't automatically cast to
+     a void * provoked a warning.
+
+   . Turning on some more compiler warnings threw up some "shadow" variables
+     and a few more missing casts.
+
+4. If PCRE was complied with UTF-8 support, but called without the PCRE_UTF8
+   option, a class that contained a single character with a value between 128
+   and 255 (e.g. /[\xFF]/) caused PCRE to crash.
+
+5. If PCRE was compiled with UTF-8 support, but called without the PCRE_UTF8
+   option, a class that contained several characters, but with at least one
+   whose value was between 128 and 255 caused PCRE to crash.
+
+
+Version 4.1 12-Mar-03
+---------------------
+
+1. Compiling with gcc -pedantic found a couple of places where casts were
+needed, and a string in dftables.c that was longer than standard compilers are
+required to support.
+
+2. Compiling with Sun's compiler found a few more places where the code could
+be tidied up in order to avoid warnings.
+
+3. The variables for cross-compiling were called HOST_CC and HOST_CFLAGS; the
+first of these names is deprecated in the latest Autoconf in favour of the name
+CC_FOR_BUILD, because "host" is typically used to mean the system on which the
+compiled code will be run. I can't find a reference for HOST_CFLAGS, but by
+analogy I have changed it to CFLAGS_FOR_BUILD.
+
+4. Added -no-undefined to the linking command in the Makefile, because this is
+apparently helpful for Windows. To make it work, also added "-L. -lpcre" to the
+linking step for the pcreposix library.
+
+5. PCRE was failing to diagnose the case of two named groups with the same
+name.
+
+6. A problem with one of PCRE's optimizations was discovered. PCRE remembers a
+literal character that is needed in the subject for a match, and scans along to
+ensure that it is present before embarking on the full matching process. This
+saves time in cases of nested unlimited repeats that are never going to match.
+Problem: the scan can take a lot of time if the subject is very long (e.g.
+megabytes), thus penalizing straightforward matches. It is now done only if the
+amount of subject to be scanned is less than 1000 bytes.
+
+7. A lesser problem with the same optimization is that it was recording the
+first character of an anchored pattern as "needed", thus provoking a search
+right along the subject, even when the first match of the pattern was going to
+fail. The "needed" character is now not set for anchored patterns, unless it
+follows something in the pattern that is of non-fixed length. Thus, it still
+fulfils its original purpose of finding quick non-matches in cases of nested
+unlimited repeats, but isn't used for simple anchored patterns such as /^abc/.
+
+
+Version 4.0 17-Feb-03
+---------------------
+
+1. If a comment in an extended regex that started immediately after a meta-item
+extended to the end of string, PCRE compiled incorrect data. This could lead to
+all kinds of weird effects. Example: /#/ was bad; /()#/ was bad; /a#/ was not.
+
+2. Moved to autoconf 2.53 and libtool 1.4.2.
+
+3. Perl 5.8 no longer needs "use utf8" for doing UTF-8 things. Consequently,
+the special perltest8 script is no longer needed - all the tests can be run
+from a single perltest script.
+
+4. From 5.004, Perl has not included the VT character (0x0b) in the set defined
+by \s. It has now been removed in PCRE. This means it isn't recognized as
+whitespace in /x regexes too, which is the same as Perl. Note that the POSIX
+class [:space:] *does* include VT, thereby creating a mess.
+
+5. Added the class [:blank:] (a GNU extension from Perl 5.8) to match only
+space and tab.
+
+6. Perl 5.005 was a long time ago. It's time to amalgamate the tests that use
+its new features into the main test script, reducing the number of scripts.
+
+7. Perl 5.8 has changed the meaning of patterns like /a(?i)b/. Earlier versions
+were backward compatible, and made the (?i) apply to the whole pattern, as if
+/i were given. Now it behaves more logically, and applies the option setting
+only to what follows. PCRE has been changed to follow suit. However, if it
+finds options settings right at the start of the pattern, it extracts them into
+the global options, as before. Thus, they show up in the info data.
+
+8. Added support for the \Q...\E escape sequence. Characters in between are
+treated as literals. This is slightly different from Perl in that $ and @ are
+also handled as literals inside the quotes. In Perl, they will cause variable
+interpolation. Note the following examples:
+
+    Pattern            PCRE matches      Perl matches
+
+    \Qabc$xyz\E        abc$xyz           abc followed by the contents of $xyz
+    \Qabc\$xyz\E       abc\$xyz          abc\$xyz
+    \Qabc\E\$\Qxyz\E   abc$xyz           abc$xyz
+
+For compatibility with Perl, \Q...\E sequences are recognized inside character
+classes as well as outside them.
+
+9. Re-organized 3 code statements in pcretest to avoid "overflow in
+floating-point constant arithmetic" warnings from a Microsoft compiler. Added a
+(size_t) cast to one statement in pcretest and one in pcreposix to avoid
+signed/unsigned warnings.
+
+10. SunOS4 doesn't have strtoul(). This was used only for unpicking the -o
+option for pcretest, so I've replaced it by a simple function that does just
+that job.
+
+11. pcregrep was ending with code 0 instead of 2 for the commands "pcregrep" or
+"pcregrep -".
+
+12. Added "possessive quantifiers" ?+, *+, ++, and {,}+ which come from Sun's
+Java package. This provides some syntactic sugar for simple cases of what my
+documentation calls "once-only subpatterns". A pattern such as x*+ is the same
+as (?>x*). In other words, if what is inside (?>...) is just a single repeated
+item, you can use this simplified notation. Note that only makes sense with
+greedy quantifiers. Consequently, the use of the possessive quantifier forces
+greediness, whatever the setting of the PCRE_UNGREEDY option.
+
+13. A change of greediness default within a pattern was not taking effect at
+the current level for patterns like /(b+(?U)a+)/. It did apply to parenthesized
+subpatterns that followed. Patterns like /b+(?U)a+/ worked because the option
+was abstracted outside.
+
+14. PCRE now supports the \G assertion. It is true when the current matching
+position is at the start point of the match. This differs from \A when the
+starting offset is non-zero. Used with the /g option of pcretest (or similar
+code), it works in the same way as it does for Perl's /g option. If all
+alternatives of a regex begin with \G, the expression is anchored to the start
+match position, and the "anchored" flag is set in the compiled expression.
+
+15. Some bugs concerning the handling of certain option changes within patterns
+have been fixed. These applied to options other than (?ims). For example,
+"a(?x: b c )d" did not match "XabcdY" but did match "Xa b c dY". It should have
+been the other way round. Some of this was related to change 7 above.
+
+16. PCRE now gives errors for /[.x.]/ and /[=x=]/ as unsupported POSIX
+features, as Perl does. Previously, PCRE gave the warnings only for /[[.x.]]/
+and /[[=x=]]/. PCRE now also gives an error for /[:name:]/ because it supports
+POSIX classes only within a class (e.g. /[[:alpha:]]/).
+
+17. Added support for Perl's \C escape. This matches one byte, even in UTF8
+mode. Unlike ".", it always matches newline, whatever the setting of
+PCRE_DOTALL. However, PCRE does not permit \C to appear in lookbehind
+assertions. Perl allows it, but it doesn't (in general) work because it can't
+calculate the length of the lookbehind. At least, that's the case for Perl
+5.8.0 - I've been told they are going to document that it doesn't work in
+future.
+
+18. Added an error diagnosis for escapes that PCRE does not support: these are
+\L, \l, \N, \P, \p, \U, \u, and \X.
+
+19. Although correctly diagnosing a missing ']' in a character class, PCRE was
+reading past the end of the pattern in cases such as /[abcd/.
+
+20. PCRE was getting more memory than necessary for patterns with classes that
+contained both POSIX named classes and other characters, e.g. /[[:space:]abc/.
+
+21. Added some code, conditional on #ifdef VPCOMPAT, to make life easier for
+compiling PCRE for use with Virtual Pascal.
+
+22. Small fix to the Makefile to make it work properly if the build is done
+outside the source tree.
+
+23. Added a new extension: a condition to go with recursion. If a conditional
+subpattern starts with (?(R) the "true" branch is used if recursion has
+happened, whereas the "false" branch is used only at the top level.
+
+24. When there was a very long string of literal characters (over 255 bytes
+without UTF support, over 250 bytes with UTF support), the computation of how
+much memory was required could be incorrect, leading to segfaults or other
+strange effects.
+
+25. PCRE was incorrectly assuming anchoring (either to start of subject or to
+start of line for a non-DOTALL pattern) when a pattern started with (.*) and
+there was a subsequent back reference to those brackets. This meant that, for
+example, /(.*)\d+\1/ failed to match "abc123bc". Unfortunately, it isn't
+possible to check for precisely this case. All we can do is abandon the
+optimization if .* occurs inside capturing brackets when there are any back
+references whatsoever. (See below for a better fix that came later.)
+
+26. The handling of the optimization for finding the first character of a
+non-anchored pattern, and for finding a character that is required later in the
+match were failing in some cases. This didn't break the matching; it just
+failed to optimize when it could. The way this is done has been re-implemented.
+
+27. Fixed typo in error message for invalid (?R item (it said "(?p").
+
+28. Added a new feature that provides some of the functionality that Perl
+provides with (?{...}). The facility is termed a "callout". The way it is done
+in PCRE is for the caller to provide an optional function, by setting
+pcre_callout to its entry point. Like pcre_malloc and pcre_free, this is a
+global variable. By default it is unset, which disables all calling out. To get
+the function called, the regex must include (?C) at appropriate points. This
+is, in fact, equivalent to (?C0), and any number <= 255 may be given with (?C).
+This provides a means of identifying different callout points. When PCRE
+reaches such a point in the regex, if pcre_callout has been set, the external
+function is called. It is provided with data in a structure called
+pcre_callout_block, which is defined in pcre.h. If the function returns 0,
+matching continues; if it returns a non-zero value, the match at the current
+point fails. However, backtracking will occur if possible. [This was changed
+later and other features added - see item 49 below.]
+
+29. pcretest is upgraded to test the callout functionality. It provides a
+callout function that displays information. By default, it shows the start of
+the match and the current position in the text. There are some new data escapes
+to vary what happens:
+
+    \C+         in addition, show current contents of captured substrings
+    \C-         do not supply a callout function
+    \C!n        return 1 when callout number n is reached
+    \C!n!m      return 1 when callout number n is reached for the mth time
+
+30. If pcregrep was called with the -l option and just a single file name, it
+output "<stdin>" if a match was found, instead of the file name.
+
+31. Improve the efficiency of the POSIX API to PCRE. If the number of capturing
+slots is less than POSIX_MALLOC_THRESHOLD, use a block on the stack to pass to
+pcre_exec(). This saves a malloc/free per call. The default value of
+POSIX_MALLOC_THRESHOLD is 10; it can be changed by --with-posix-malloc-threshold
+when configuring.
+
+32. The default maximum size of a compiled pattern is 64K. There have been a
+few cases of people hitting this limit. The code now uses macros to handle the
+storing of links as offsets within the compiled pattern. It defaults to 2-byte
+links, but this can be changed to 3 or 4 bytes by --with-link-size when
+configuring. Tests 2 and 5 work only with 2-byte links because they output
+debugging information about compiled patterns.
+
+33. Internal code re-arrangements:
+
+(a) Moved the debugging function for printing out a compiled regex into
+    its own source file (printint.c) and used #include to pull it into
+    pcretest.c and, when DEBUG is defined, into pcre.c, instead of having two
+    separate copies.
+
+(b) Defined the list of op-code names for debugging as a macro in
+    internal.h so that it is next to the definition of the opcodes.
+
+(c) Defined a table of op-code lengths for simpler skipping along compiled
+    code. This is again a macro in internal.h so that it is next to the
+    definition of the opcodes.
+
+34. Added support for recursive calls to individual subpatterns, along the
+lines of Robin Houston's patch (but implemented somewhat differently).
+
+35. Further mods to the Makefile to help Win32. Also, added code to pcregrep to
+allow it to read and process whole directories in Win32. This code was
+contributed by Lionel Fourquaux; it has not been tested by me.
+
+36. Added support for named subpatterns. The Python syntax (?P<name>...) is
+used to name a group. Names consist of alphanumerics and underscores, and must
+be unique. Back references use the syntax (?P=name) and recursive calls use
+(?P>name) which is a PCRE extension to the Python extension. Groups still have
+numbers. The function pcre_fullinfo() can be used after compilation to extract
+a name/number map. There are three relevant calls:
+
+  PCRE_INFO_NAMEENTRYSIZE        yields the size of each entry in the map
+  PCRE_INFO_NAMECOUNT            yields the number of entries
+  PCRE_INFO_NAMETABLE            yields a pointer to the map.
+
+The map is a vector of fixed-size entries. The size of each entry depends on
+the length of the longest name used. The first two bytes of each entry are the
+group number, most significant byte first. There follows the corresponding
+name, zero terminated. The names are in alphabetical order.
+
+37. Make the maximum literal string in the compiled code 250 for the non-UTF-8
+case instead of 255. Making it the same both with and without UTF-8 support
+means that the same test output works with both.
+
+38. There was a case of malloc(0) in the POSIX testing code in pcretest. Avoid
+calling malloc() with a zero argument.
+
+39. Change 25 above had to resort to a heavy-handed test for the .* anchoring
+optimization. I've improved things by keeping a bitmap of backreferences with
+numbers 1-31 so that if .* occurs inside capturing brackets that are not in
+fact referenced, the optimization can be applied. It is unlikely that a
+relevant occurrence of .* (i.e. one which might indicate anchoring or forcing
+the match to follow \n) will appear inside brackets with a number greater than
+31, but if it does, any back reference > 31 suppresses the optimization.
+
+40. Added a new compile-time option PCRE_NO_AUTO_CAPTURE. This has the effect
+of disabling numbered capturing parentheses. Any opening parenthesis that is
+not followed by ? behaves as if it were followed by ?: but named parentheses
+can still be used for capturing (and they will acquire numbers in the usual
+way).
+
+41. Redesigned the return codes from the match() function into yes/no/error so
+that errors can be passed back from deep inside the nested calls. A malloc
+failure while inside a recursive subpattern call now causes the
+PCRE_ERROR_NOMEMORY return instead of quietly going wrong.
+
+42. It is now possible to set a limit on the number of times the match()
+function is called in a call to pcre_exec(). This facility makes it possible to
+limit the amount of recursion and backtracking, though not in a directly
+obvious way, because the match() function is used in a number of different
+circumstances. The count starts from zero for each position in the subject
+string (for non-anchored patterns). The default limit is, for compatibility, a
+large number, namely 10 000 000. You can change this in two ways:
+
+(a) When configuring PCRE before making, you can use --with-match-limit=n
+    to set a default value for the compiled library.
+
+(b) For each call to pcre_exec(), you can pass a pcre_extra block in which
+    a different value is set. See 45 below.
+
+If the limit is exceeded, pcre_exec() returns PCRE_ERROR_MATCHLIMIT.
+
+43. Added a new function pcre_config(int, void *) to enable run-time extraction
+of things that can be changed at compile time. The first argument specifies
+what is wanted and the second points to where the information is to be placed.
+The current list of available information is:
+
+  PCRE_CONFIG_UTF8
+
+The output is an integer that is set to one if UTF-8 support is available;
+otherwise it is set to zero.
+
+  PCRE_CONFIG_NEWLINE
+
+The output is an integer that it set to the value of the code that is used for
+newline. It is either LF (10) or CR (13).
+
+  PCRE_CONFIG_LINK_SIZE
+
+The output is an integer that contains the number of bytes used for internal
+linkage in compiled expressions. The value is 2, 3, or 4. See item 32 above.
+
+  PCRE_CONFIG_POSIX_MALLOC_THRESHOLD
+
+The output is an integer that contains the threshold above which the POSIX
+interface uses malloc() for output vectors. See item 31 above.
+
+  PCRE_CONFIG_MATCH_LIMIT
+
+The output is an unsigned integer that contains the default limit of the number
+of match() calls in a pcre_exec() execution. See 42 above.
+
+44. pcretest has been upgraded by the addition of the -C option. This causes it
+to extract all the available output from the new pcre_config() function, and to
+output it. The program then exits immediately.
+
+45. A need has arisen to pass over additional data with calls to pcre_exec() in
+order to support additional features. One way would have been to define
+pcre_exec2() (for example) with extra arguments, but this would not have been
+extensible, and would also have required all calls to the original function to
+be mapped to the new one. Instead, I have chosen to extend the mechanism that
+is used for passing in "extra" data from pcre_study().
+
+The pcre_extra structure is now exposed and defined in pcre.h. It currently
+contains the following fields:
+
+  flags         a bitmap indicating which of the following fields are set
+  study_data    opaque data from pcre_study()
+  match_limit   a way of specifying a limit on match() calls for a specific
+                  call to pcre_exec()
+  callout_data  data for callouts (see 49 below)
+
+The flag bits are also defined in pcre.h, and are
+
+  PCRE_EXTRA_STUDY_DATA
+  PCRE_EXTRA_MATCH_LIMIT
+  PCRE_EXTRA_CALLOUT_DATA
+
+The pcre_study() function now returns one of these new pcre_extra blocks, with
+the actual study data pointed to by the study_data field, and the
+PCRE_EXTRA_STUDY_DATA flag set. This can be passed directly to pcre_exec() as
+before. That is, this change is entirely upwards-compatible and requires no
+change to existing code.
+
+If you want to pass in additional data to pcre_exec(), you can either place it
+in a pcre_extra block provided by pcre_study(), or create your own pcre_extra
+block.
+
+46. pcretest has been extended to test the PCRE_EXTRA_MATCH_LIMIT feature. If a
+data string contains the escape sequence \M, pcretest calls pcre_exec() several
+times with different match limits, until it finds the minimum value needed for
+pcre_exec() to complete. The value is then output. This can be instructive; for
+most simple matches the number is quite small, but for pathological cases it
+gets very large very quickly.
+
+47. There's a new option for pcre_fullinfo() called PCRE_INFO_STUDYSIZE. It
+returns the size of the data block pointed to by the study_data field in a
+pcre_extra block, that is, the value that was passed as the argument to
+pcre_malloc() when PCRE was getting memory in which to place the information
+created by pcre_study(). The fourth argument should point to a size_t variable.
+pcretest has been extended so that this information is shown after a successful
+pcre_study() call when information about the compiled regex is being displayed.
+
+48. Cosmetic change to Makefile: there's no need to have / after $(DESTDIR)
+because what follows is always an absolute path. (Later: it turns out that this
+is more than cosmetic for MinGW, because it doesn't like empty path
+components.)
+
+49. Some changes have been made to the callout feature (see 28 above):
+
+(i)  A callout function now has three choices for what it returns:
+
+       0  =>  success, carry on matching
+     > 0  =>  failure at this point, but backtrack if possible
+     < 0  =>  serious error, return this value from pcre_exec()
+
+     Negative values should normally be chosen from the set of PCRE_ERROR_xxx
+     values. In particular, returning PCRE_ERROR_NOMATCH forces a standard
+     "match failed" error. The error number PCRE_ERROR_CALLOUT is reserved for
+     use by callout functions. It will never be used by PCRE itself.
+
+(ii) The pcre_extra structure (see 45 above) has a void * field called
+     callout_data, with corresponding flag bit PCRE_EXTRA_CALLOUT_DATA. The
+     pcre_callout_block structure has a field of the same name. The contents of
+     the field passed in the pcre_extra structure are passed to the callout
+     function in the corresponding field in the callout block. This makes it
+     easier to use the same callout-containing regex from multiple threads. For
+     testing, the pcretest program has a new data escape
+
+       \C*n        pass the number n (may be negative) as callout_data
+
+     If the callout function in pcretest receives a non-zero value as
+     callout_data, it returns that value.
+
+50. Makefile wasn't handling CFLAGS properly when compiling dftables. Also,
+there were some redundant $(CFLAGS) in commands that are now specified as
+$(LINK), which already includes $(CFLAGS).
+
+51. Extensions to UTF-8 support are listed below. These all apply when (a) PCRE
+has been compiled with UTF-8 support *and* pcre_compile() has been compiled
+with the PCRE_UTF8 flag. Patterns that are compiled without that flag assume
+one-byte characters throughout. Note that case-insensitive matching applies
+only to characters whose values are less than 256. PCRE doesn't support the
+notion of cases for higher-valued characters.
+
+(i)   A character class whose characters are all within 0-255 is handled as
+      a bit map, and the map is inverted for negative classes. Previously, a
+      character > 255 always failed to match such a class; however it should
+      match if the class was a negative one (e.g. [^ab]). This has been fixed.
+
+(ii)  A negated character class with a single character < 255 is coded as
+      "not this character" (OP_NOT). This wasn't working properly when the test
+      character was multibyte, either singly or repeated.
+
+(iii) Repeats of multibyte characters are now handled correctly in UTF-8
+      mode, for example: \x{100}{2,3}.
+
+(iv)  The character escapes \b, \B, \d, \D, \s, \S, \w, and \W (either
+      singly or repeated) now correctly test multibyte characters. However,
+      PCRE doesn't recognize any characters with values greater than 255 as
+      digits, spaces, or word characters. Such characters always match \D, \S,
+      and \W, and never match \d, \s, or \w.
+
+(v)   Classes may now contain characters and character ranges with values
+      greater than 255. For example: [ab\x{100}-\x{400}].
+
+(vi)  pcregrep now has a --utf-8 option (synonym -u) which makes it call
+      PCRE in UTF-8 mode.
+
+52. The info request value PCRE_INFO_FIRSTCHAR has been renamed
+PCRE_INFO_FIRSTBYTE because it is a byte value. However, the old name is
+retained for backwards compatibility. (Note that LASTLITERAL is also a byte
+value.)
+
+53. The single man page has become too large. I have therefore split it up into
+a number of separate man pages. These also give rise to individual HTML pages;
+these are now put in a separate directory, and there is an index.html page that
+lists them all. Some hyperlinking between the pages has been installed.
+
+54. Added convenience functions for handling named capturing parentheses.
+
+55. Unknown escapes inside character classes (e.g. [\M]) and escapes that
+aren't interpreted therein (e.g. [\C]) are literals in Perl. This is now also
+true in PCRE, except when the PCRE_EXTENDED option is set, in which case they
+are faulted.
+
+56. Introduced HOST_CC and HOST_CFLAGS which can be set in the environment when
+calling configure. These values are used when compiling the dftables.c program
+which is run to generate the source of the default character tables. They
+default to the values of CC and CFLAGS. If you are cross-compiling PCRE,
+you will need to set these values.
+
+57. Updated the building process for Windows DLL, as provided by Fred Cox.
+
+
+Version 3.9 02-Jan-02
+---------------------
+
+1. A bit of extraneous text had somehow crept into the pcregrep documentation.
+
+2. If --disable-static was given, the building process failed when trying to
+build pcretest and pcregrep. (For some reason it was using libtool to compile
+them, which is not right, as they aren't part of the library.)
+
+
+Version 3.8 18-Dec-01
+---------------------
+
+1. The experimental UTF-8 code was completely screwed up. It was packing the
+bytes in the wrong order. How dumb can you get?
+
+
+Version 3.7 29-Oct-01
+---------------------
+
+1. In updating pcretest to check change 1 of version 3.6, I screwed up.
+This caused pcretest, when used on the test data, to segfault. Unfortunately,
+this didn't happen under Solaris 8, where I normally test things.
+
+2. The Makefile had to be changed to make it work on BSD systems, where 'make'
+doesn't seem to recognize that ./xxx and xxx are the same file. (This entry
+isn't in ChangeLog distributed with 3.7 because I forgot when I hastily made
+this fix an hour or so after the initial 3.7 release.)
+
+
+Version 3.6 23-Oct-01
+---------------------
+
+1. Crashed with /(sens|respons)e and \1ibility/ and "sense and sensibility" if
+offsets passed as NULL with zero offset count.
+
+2. The config.guess and config.sub files had not been updated when I moved to
+the latest autoconf.
+
+
+Version 3.5 15-Aug-01
+---------------------
+
+1. Added some missing #if !defined NOPOSIX conditionals in pcretest.c that
+had been forgotten.
+
+2. By using declared but undefined structures, we can avoid using "void"
+definitions in pcre.h while keeping the internal definitions of the structures
+private.
+
+3. The distribution is now built using autoconf 2.50 and libtool 1.4. From a
+user point of view, this means that both static and shared libraries are built
+by default, but this can be individually controlled. More of the work of
+handling this static/shared cases is now inside libtool instead of PCRE's make
+file.
+
+4. The pcretest utility is now installed along with pcregrep because it is
+useful for users (to test regexs) and by doing this, it automatically gets
+relinked by libtool. The documentation has been turned into a man page, so
+there are now .1, .txt, and .html versions in /doc.
+
+5. Upgrades to pcregrep:
+   (i)   Added long-form option names like gnu grep.
+   (ii)  Added --help to list all options with an explanatory phrase.
+   (iii) Added -r, --recursive to recurse into sub-directories.
+   (iv)  Added -f, --file to read patterns from a file.
+
+6. pcre_exec() was referring to its "code" argument before testing that
+argument for NULL (and giving an error if it was NULL).
+
+7. Upgraded Makefile.in to allow for compiling in a different directory from
+the source directory.
+
+8. Tiny buglet in pcretest: when pcre_fullinfo() was called to retrieve the
+options bits, the pointer it was passed was to an int instead of to an unsigned
+long int. This mattered only on 64-bit systems.
+
+9. Fixed typo (3.4/1) in pcre.h again. Sigh. I had changed pcre.h (which is
+generated) instead of pcre.in, which it its source. Also made the same change
+in several of the .c files.
+
+10. A new release of gcc defines printf() as a macro, which broke pcretest
+because it had an ifdef in the middle of a string argument for printf(). Fixed
+by using separate calls to printf().
+
+11. Added --enable-newline-is-cr and --enable-newline-is-lf to the configure
+script, to force use of CR or LF instead of \n in the source. On non-Unix
+systems, the value can be set in config.h.
+
+12. The limit of 200 on non-capturing parentheses is a _nesting_ limit, not an
+absolute limit. Changed the text of the error message to make this clear, and
+likewise updated the man page.
+
+13. The limit of 99 on the number of capturing subpatterns has been removed.
+The new limit is 65535, which I hope will not be a "real" limit.
+
+
+Version 3.4 22-Aug-00
+---------------------
+
+1. Fixed typo in pcre.h: unsigned const char * changed to const unsigned char *.
+
+2. Diagnose condition (?(0) as an error instead of crashing on matching.
+
+
+Version 3.3 01-Aug-00
+---------------------
+
+1. If an octal character was given, but the value was greater than \377, it
+was not getting masked to the least significant bits, as documented. This could
+lead to crashes in some systems.
+
+2. Perl 5.6 (if not earlier versions) accepts classes like [a-\d] and treats
+the hyphen as a literal. PCRE used to give an error; it now behaves like Perl.
+
+3. Added the functions pcre_free_substring() and pcre_free_substring_list().
+These just pass their arguments on to (pcre_free)(), but they are provided
+because some uses of PCRE bind it to non-C systems that can call its functions,
+but cannot call free() or pcre_free() directly.
+
+4. Add "make test" as a synonym for "make check". Corrected some comments in
+the Makefile.
+
+5. Add $(DESTDIR)/ in front of all the paths in the "install" target in the
+Makefile.
+
+6. Changed the name of pgrep to pcregrep, because Solaris has introduced a
+command called pgrep for grepping around the active processes.
+
+7. Added the beginnings of support for UTF-8 character strings.
+
+8. Arranged for the Makefile to pass over the settings of CC, CFLAGS, and
+RANLIB to ./ltconfig so that they are used by libtool. I think these are all
+the relevant ones. (AR is not passed because ./ltconfig does its own figuring
+out for the ar command.)
+
+
+Version 3.2 12-May-00
+---------------------
+
+This is purely a bug fixing release.
+
+1. If the pattern /((Z)+|A)*/ was matched agained ZABCDEFG it matched Z instead
+of ZA. This was just one example of several cases that could provoke this bug,
+which was introduced by change 9 of version 2.00. The code for breaking
+infinite loops after an iteration that matches an empty string was't working
+correctly.
+
+2. The pcretest program was not imitating Perl correctly for the pattern /a*/g
+when matched against abbab (for example). After matching an empty string, it
+wasn't forcing anchoring when setting PCRE_NOTEMPTY for the next attempt; this
+caused it to match further down the string than it should.
+
+3. The code contained an inclusion of sys/types.h. It isn't clear why this
+was there because it doesn't seem to be needed, and it causes trouble on some
+systems, as it is not a Standard C header. It has been removed.
+
+4. Made 4 silly changes to the source to avoid stupid compiler warnings that
+were reported on the Macintosh. The changes were from
+
+  while ((c = *(++ptr)) != 0 && c != '\n');
+to
+  while ((c = *(++ptr)) != 0 && c != '\n') ;
+
+Totally extraordinary, but if that's what it takes...
+
+5. PCRE is being used in one environment where neither memmove() nor bcopy() is
+available. Added HAVE_BCOPY and an autoconf test for it; if neither
+HAVE_MEMMOVE nor HAVE_BCOPY is set, use a built-in emulation function which
+assumes the way PCRE uses memmove() (always moving upwards).
+
+6. PCRE is being used in one environment where strchr() is not available. There
+was only one use in pcre.c, and writing it out to avoid strchr() probably gives
+faster code anyway.
+
+
+Version 3.1 09-Feb-00
+---------------------
+
+The only change in this release is the fixing of some bugs in Makefile.in for
+the "install" target:
+
+(1) It was failing to install pcreposix.h.
+
+(2) It was overwriting the pcre.3 man page with the pcreposix.3 man page.
+
+
+Version 3.0 01-Feb-00
+---------------------
+
+1. Add support for the /+ modifier to perltest (to output $` like it does in
+pcretest).
+
+2. Add support for the /g modifier to perltest.
+
+3. Fix pcretest so that it behaves even more like Perl for /g when the pattern
+matches null strings.
+
+4. Fix perltest so that it doesn't do unwanted things when fed an empty
+pattern. Perl treats empty patterns specially - it reuses the most recent
+pattern, which is not what we want. Replace // by /(?#)/ in order to avoid this
+effect.
+
+5. The POSIX interface was broken in that it was just handing over the POSIX
+captured string vector to pcre_exec(), but (since release 2.00) PCRE has
+required a bigger vector, with some working space on the end. This means that
+the POSIX wrapper now has to get and free some memory, and copy the results.
+
+6. Added some simple autoconf support, placing the test data and the
+documentation in separate directories, re-organizing some of the
+information files, and making it build pcre-config (a GNU standard). Also added
+libtool support for building PCRE as a shared library, which is now the
+default.
+
+7. Got rid of the leading zero in the definition of PCRE_MINOR because 08 and
+09 are not valid octal constants. Single digits will be used for minor values
+less than 10.
+
+8. Defined REG_EXTENDED and REG_NOSUB as zero in the POSIX header, so that
+existing programs that set these in the POSIX interface can use PCRE without
+modification.
+
+9. Added a new function, pcre_fullinfo() with an extensible interface. It can
+return all that pcre_info() returns, plus additional data. The pcre_info()
+function is retained for compatibility, but is considered to be obsolete.
+
+10. Added experimental recursion feature (?R) to handle one common case that
+Perl 5.6 will be able to do with (?p{...}).
+
+11. Added support for POSIX character classes like [:alpha:], which Perl is
+adopting.
+
+
+Version 2.08 31-Aug-99
+----------------------
+
+1. When startoffset was not zero and the pattern began with ".*", PCRE was not
+trying to match at the startoffset position, but instead was moving forward to
+the next newline as if a previous match had failed.
+
+2. pcretest was not making use of PCRE_NOTEMPTY when repeating for /g and /G,
+and could get into a loop if a null string was matched other than at the start
+of the subject.
+
+3. Added definitions of PCRE_MAJOR and PCRE_MINOR to pcre.h so the version can
+be distinguished at compile time, and for completeness also added PCRE_DATE.
+
+5. Added Paul Sokolovsky's minor changes to make it easy to compile a Win32 DLL
+in GnuWin32 environments.
+
+
+Version 2.07 29-Jul-99
+----------------------
+
+1. The documentation is now supplied in plain text form and HTML as well as in
+the form of man page sources.
+
+2. C++ compilers don't like assigning (void *) values to other pointer types.
+In particular this affects malloc(). Although there is no problem in Standard
+C, I've put in casts to keep C++ compilers happy.
+
+3. Typo on pcretest.c; a cast of (unsigned char *) in the POSIX regexec() call
+should be (const char *).
+
+4. If NOPOSIX is defined, pcretest.c compiles without POSIX support. This may
+be useful for non-Unix systems who don't want to bother with the POSIX stuff.
+However, I haven't made this a standard facility. The documentation doesn't
+mention it, and the Makefile doesn't support it.
+
+5. The Makefile now contains an "install" target, with editable destinations at
+the top of the file. The pcretest program is not installed.
+
+6. pgrep -V now gives the PCRE version number and date.
+
+7. Fixed bug: a zero repetition after a literal string (e.g. /abcde{0}/) was
+causing the entire string to be ignored, instead of just the last character.
+
+8. If a pattern like /"([^\\"]+|\\.)*"/ is applied in the normal way to a
+non-matching string, it can take a very, very long time, even for strings of
+quite modest length, because of the nested recursion. PCRE now does better in
+some of these cases. It does this by remembering the last required literal
+character in the pattern, and pre-searching the subject to ensure it is present
+before running the real match. In other words, it applies a heuristic to detect
+some types of certain failure quickly, and in the above example, if presented
+with a string that has no trailing " it gives "no match" very quickly.
+
+9. A new runtime option PCRE_NOTEMPTY causes null string matches to be ignored;
+other alternatives are tried instead.
+
+
+Version 2.06 09-Jun-99
+----------------------
+
+1. Change pcretest's output for amount of store used to show just the code
+space, because the remainder (the data block) varies in size between 32-bit and
+64-bit systems.
+
+2. Added an extra argument to pcre_exec() to supply an offset in the subject to
+start matching at. This allows lookbehinds to work when searching for multiple
+occurrences in a string.
+
+3. Added additional options to pcretest for testing multiple occurrences:
+
+   /+   outputs the rest of the string that follows a match
+   /g   loops for multiple occurrences, using the new startoffset argument
+   /G   loops for multiple occurrences by passing an incremented pointer
+
+4. PCRE wasn't doing the "first character" optimization for patterns starting
+with \b or \B, though it was doing it for other lookbehind assertions. That is,
+it wasn't noticing that a match for a pattern such as /\bxyz/ has to start with
+the letter 'x'. On long subject strings, this gives a significant speed-up.
+
+
+Version 2.05 21-Apr-99
+----------------------
+
+1. Changed the type of magic_number from int to long int so that it works
+properly on 16-bit systems.
+
+2. Fixed a bug which caused patterns starting with .* not to work correctly
+when the subject string contained newline characters. PCRE was assuming
+anchoring for such patterns in all cases, which is not correct because .* will
+not pass a newline unless PCRE_DOTALL is set. It now assumes anchoring only if
+DOTALL is set at top level; otherwise it knows that patterns starting with .*
+must be retried after every newline in the subject.
+
+
+Version 2.04 18-Feb-99
+----------------------
+
+1. For parenthesized subpatterns with repeats whose minimum was zero, the
+computation of the store needed to hold the pattern was incorrect (too large).
+If such patterns were nested a few deep, this could multiply and become a real
+problem.
+
+2. Added /M option to pcretest to show the memory requirement of a specific
+pattern. Made -m a synonym of -s (which does this globally) for compatibility.
+
+3. Subpatterns of the form (regex){n,m} (i.e. limited maximum) were being
+compiled in such a way that the backtracking after subsequent failure was
+pessimal. Something like (a){0,3} was compiled as (a)?(a)?(a)? instead of
+((a)((a)(a)?)?)? with disastrous performance if the maximum was of any size.
+
+
+Version 2.03 02-Feb-99
+----------------------
+
+1. Fixed typo and small mistake in man page.
+
+2. Added 4th condition (GPL supersedes if conflict) and created separate
+LICENCE file containing the conditions.
+
+3. Updated pcretest so that patterns such as /abc\/def/ work like they do in
+Perl, that is the internal \ allows the delimiter to be included in the
+pattern. Locked out the use of \ as a delimiter. If \ immediately follows
+the final delimiter, add \ to the end of the pattern (to test the error).
+
+4. Added the convenience functions for extracting substrings after a successful
+match. Updated pcretest to make it able to test these functions.
+
+
+Version 2.02 14-Jan-99
+----------------------
+
+1. Initialized the working variables associated with each extraction so that
+their saving and restoring doesn't refer to uninitialized store.
+
+2. Put dummy code into study.c in order to trick the optimizer of the IBM C
+compiler for OS/2 into generating correct code. Apparently IBM isn't going to
+fix the problem.
+
+3. Pcretest: the timing code wasn't using LOOPREPEAT for timing execution
+calls, and wasn't printing the correct value for compiling calls. Increased the
+default value of LOOPREPEAT, and the number of significant figures in the
+times.
+
+4. Changed "/bin/rm" in the Makefile to "-rm" so it works on Windows NT.
+
+5. Renamed "deftables" as "dftables" to get it down to 8 characters, to avoid
+a building problem on Windows NT with a FAT file system.
+
+
+Version 2.01 21-Oct-98
+----------------------
+
+1. Changed the API for pcre_compile() to allow for the provision of a pointer
+to character tables built by pcre_maketables() in the current locale. If NULL
+is passed, the default tables are used.
+
+
+Version 2.00 24-Sep-98
+----------------------
+
+1. Since the (>?) facility is in Perl 5.005, don't require PCRE_EXTRA to enable
+it any more.
+
+2. Allow quantification of (?>) groups, and make it work correctly.
+
+3. The first character computation wasn't working for (?>) groups.
+
+4. Correct the implementation of \Z (it is permitted to match on the \n at the
+end of the subject) and add 5.005's \z, which really does match only at the
+very end of the subject.
+
+5. Remove the \X "cut" facility; Perl doesn't have it, and (?> is neater.
+
+6. Remove the ability to specify CASELESS, MULTILINE, DOTALL, and
+DOLLAR_END_ONLY at runtime, to make it possible to implement the Perl 5.005
+localized options. All options to pcre_study() were also removed.
+
+7. Add other new features from 5.005:
+
+   $(?<=           positive lookbehind
+   $(?<!           negative lookbehind
+   (?imsx-imsx)    added the unsetting capability
+                   such a setting is global if at outer level; local otherwise
+   (?imsx-imsx:)   non-capturing groups with option setting
+   (?(cond)re|re)  conditional pattern matching
+
+   A backreference to itself in a repeated group matches the previous
+   captured string.
+
+8. General tidying up of studying (both automatic and via "study")
+consequential on the addition of new assertions.
+
+9. As in 5.005, unlimited repeated groups that could match an empty substring
+are no longer faulted at compile time. Instead, the loop is forcibly broken at
+runtime if any iteration does actually match an empty substring.
+
+10. Include the RunTest script in the distribution.
+
+11. Added tests from the Perl 5.005_02 distribution. This showed up a few
+discrepancies, some of which were old and were also with respect to 5.004. They
+have now been fixed.
+
+
+Version 1.09 28-Apr-98
+----------------------
+
+1. A negated single character class followed by a quantifier with a minimum
+value of one (e.g.  [^x]{1,6}  ) was not compiled correctly. This could lead to
+program crashes, or just wrong answers. This did not apply to negated classes
+containing more than one character, or to minima other than one.
+
+
+Version 1.08 27-Mar-98
+----------------------
+
+1. Add PCRE_UNGREEDY to invert the greediness of quantifiers.
+
+2. Add (?U) and (?X) to set PCRE_UNGREEDY and PCRE_EXTRA respectively. The
+latter must appear before anything that relies on it in the pattern.
+
+
+Version 1.07 16-Feb-98
+----------------------
+
+1. A pattern such as /((a)*)*/ was not being diagnosed as in error (unlimited
+repeat of a potentially empty string).
+
+
+Version 1.06 23-Jan-98
+----------------------
+
+1. Added Markus Oberhumer's little patches for C++.
+
+2. Literal strings longer than 255 characters were broken.
+
+
+Version 1.05 23-Dec-97
+----------------------
+
+1. Negated character classes containing more than one character were failing if
+PCRE_CASELESS was set at run time.
+
+
+Version 1.04 19-Dec-97
+----------------------
+
+1. Corrected the man page, where some "const" qualifiers had been omitted.
+
+2. Made debugging output print "{0,xxx}" instead of just "{,xxx}" to agree with
+input syntax.
+
+3. Fixed memory leak which occurred when a regex with back references was
+matched with an offsets vector that wasn't big enough. The temporary memory
+that is used in this case wasn't being freed if the match failed.
+
+4. Tidied pcretest to ensure it frees memory that it gets.
+
+5. Temporary memory was being obtained in the case where the passed offsets
+vector was exactly big enough.
+
+6. Corrected definition of offsetof() from change 5 below.
+
+7. I had screwed up change 6 below and broken the rules for the use of
+setjmp(). Now fixed.
+
+
+Version 1.03 18-Dec-97
+----------------------
+
+1. A erroneous regex with a missing opening parenthesis was correctly
+diagnosed, but PCRE attempted to access brastack[-1], which could cause crashes
+on some systems.
+
+2. Replaced offsetof(real_pcre, code) by offsetof(real_pcre, code[0]) because
+it was reported that one broken compiler failed on the former because "code" is
+also an independent variable.
+
+3. The erroneous regex a[]b caused an array overrun reference.
+
+4. A regex ending with a one-character negative class (e.g. /[^k]$/) did not
+fail on data ending with that character. (It was going on too far, and checking
+the next character, typically a binary zero.) This was specific to the
+optimized code for single-character negative classes.
+
+5. Added a contributed patch from the TIN world which does the following:
+
+  + Add an undef for memmove, in case the the system defines a macro for it.
+
+  + Add a definition of offsetof(), in case there isn't one. (I don't know
+    the reason behind this - offsetof() is part of the ANSI standard - but
+    it does no harm).
+
+  + Reduce the ifdef's in pcre.c using macro DPRINTF, thereby eliminating
+    most of the places where whitespace preceded '#'. I have given up and
+    allowed the remaining 2 cases to be at the margin.
+
+  + Rename some variables in pcre to eliminate shadowing. This seems very
+    pedantic, but does no harm, of course.
+
+6. Moved the call to setjmp() into its own function, to get rid of warnings
+from gcc -Wall, and avoided calling it at all unless PCRE_EXTRA is used.
+
+7. Constructs such as \d{8,} were compiling into the equivalent of
+\d{8}\d{0,65527} instead of \d{8}\d* which didn't make much difference to the
+outcome, but in this particular case used more store than had been allocated,
+which caused the bug to be discovered because it threw up an internal error.
+
+8. The debugging code in both pcre and pcretest for outputting the compiled
+form of a regex was going wrong in the case of back references followed by
+curly-bracketed repeats.
+
+
+Version 1.02 12-Dec-97
+----------------------
+
+1. Typos in pcre.3 and comments in the source fixed.
+
+2. Applied a contributed patch to get rid of places where it used to remove
+'const' from variables, and fixed some signed/unsigned and uninitialized
+variable warnings.
+
+3. Added the "runtest" target to Makefile.
+
+4. Set default compiler flag to -O2 rather than just -O.
+
+
+Version 1.01 19-Nov-97
+----------------------
+
+1. PCRE was failing to diagnose unlimited repeat of empty string for patterns
+like /([ab]*)*/, that is, for classes with more than one character in them.
+
+2. Likewise, it wasn't diagnosing patterns with "once-only" subpatterns, such
+as /((?>a*))*/ (a PCRE_EXTRA facility).
+
+
+Version 1.00 18-Nov-97
+----------------------
+
+1. Added compile-time macros to support systems such as SunOS4 which don't have
+memmove() or strerror() but have other things that can be used instead.
+
+2. Arranged that "make clean" removes the executables.
+
+
+Version 0.99 27-Oct-97
+----------------------
+
+1. Fixed bug in code for optimizing classes with only one character. It was
+initializing a 32-byte map regardless, which could cause it to run off the end
+of the memory it had got.
+
+2. Added, conditional on PCRE_EXTRA, the proposed (?>REGEX) construction.
+
+
+Version 0.98 22-Oct-97
+----------------------
+
+1. Fixed bug in code for handling temporary memory usage when there are more
+back references than supplied space in the ovector. This could cause segfaults.
+
+
+Version 0.97 21-Oct-97
+----------------------
+
+1. Added the \X "cut" facility, conditional on PCRE_EXTRA.
+
+2. Optimized negated single characters not to use a bit map.
+
+3. Brought error texts together as macro definitions; clarified some of them;
+fixed one that was wrong - it said "range out of order" when it meant "invalid
+escape sequence".
+
+4. Changed some char * arguments to const char *.
+
+5. Added PCRE_NOTBOL and PCRE_NOTEOL (from POSIX).
+
+6. Added the POSIX-style API wrapper in pcreposix.a and testing facilities in
+pcretest.
+
+
+Version 0.96 16-Oct-97
+----------------------
+
+1. Added a simple "pgrep" utility to the distribution.
+
+2. Fixed an incompatibility with Perl: "{" is now treated as a normal character
+unless it appears in one of the precise forms "{ddd}", "{ddd,}", or "{ddd,ddd}"
+where "ddd" means "one or more decimal digits".
+
+3. Fixed serious bug. If a pattern had a back reference, but the call to
+pcre_exec() didn't supply a large enough ovector to record the related
+identifying subpattern, the match always failed. PCRE now remembers the number
+of the largest back reference, and gets some temporary memory in which to save
+the offsets during matching if necessary, in order to ensure that
+backreferences always work.
+
+4. Increased the compatibility with Perl in a number of ways:
+
+  (a) . no longer matches \n by default; an option PCRE_DOTALL is provided
+      to request this handling. The option can be set at compile or exec time.
+
+  (b) $ matches before a terminating newline by default; an option
+      PCRE_DOLLAR_ENDONLY is provided to override this (but not in multiline
+      mode). The option can be set at compile or exec time.
+
+  (c) The handling of \ followed by a digit other than 0 is now supposed to be
+      the same as Perl's. If the decimal number it represents is less than 10
+      or there aren't that many previous left capturing parentheses, an octal
+      escape is read. Inside a character class, it's always an octal escape,
+      even if it is a single digit.
+
+  (d) An escaped but undefined alphabetic character is taken as a literal,
+      unless PCRE_EXTRA is set. Currently this just reserves the remaining
+      escapes.
+
+  (e) {0} is now permitted. (The previous item is removed from the compiled
+      pattern).
+
+5. Changed all the names of code files so that the basic parts are no longer
+than 10 characters, and abolished the teeny "globals.c" file.
+
+6. Changed the handling of character classes; they are now done with a 32-byte
+bit map always.
+
+7. Added the -d and /D options to pcretest to make it possible to look at the
+internals of compilation without having to recompile pcre.
+
+
+Version 0.95 23-Sep-97
+----------------------
+
+1. Fixed bug in pre-pass concerning escaped "normal" characters such as \x5c or
+\x20 at the start of a run of normal characters. These were being treated as
+real characters, instead of the source characters being re-checked.
+
+
+Version 0.94 18-Sep-97
+----------------------
+
+1. The functions are now thread-safe, with the caveat that the global variables
+containing pointers to malloc() and free() or alternative functions are the
+same for all threads.
+
+2. Get pcre_study() to generate a bitmap of initial characters for non-
+anchored patterns when this is possible, and use it if passed to pcre_exec().
+
+
+Version 0.93 15-Sep-97
+----------------------
+
+1. /(b)|(:+)/ was computing an incorrect first character.
+
+2. Add pcre_study() to the API and the passing of pcre_extra to pcre_exec(),
+but not actually doing anything yet.
+
+3. Treat "-" characters in classes that cannot be part of ranges as literals,
+as Perl does (e.g. [-az] or [az-]).
+
+4. Set the anchored flag if a branch starts with .* or .*? because that tests
+all possible positions.
+
+5. Split up into different modules to avoid including unneeded functions in a
+compiled binary. However, compile and exec are still in one module. The "study"
+function is split off.
+
+6. The character tables are now in a separate module whose source is generated
+by an auxiliary program - but can then be edited by hand if required. There are
+now no calls to isalnum(), isspace(), isdigit(), isxdigit(), tolower() or
+toupper() in the code.
+
+7. Turn the malloc/free funtions variables into pcre_malloc and pcre_free and
+make them global. Abolish the function for setting them, as the caller can now
+set them directly.
+
+
+Version 0.92 11-Sep-97
+----------------------
+
+1. A repeat with a fixed maximum and a minimum of 1 for an ordinary character
+(e.g. /a{1,3}/) was broken (I mis-optimized it).
+
+2. Caseless matching was not working in character classes if the characters in
+the pattern were in upper case.
+
+3. Make ranges like [W-c] work in the same way as Perl for caseless matching.
+
+4. Make PCRE_ANCHORED public and accept as a compile option.
+
+5. Add an options word to pcre_exec() and accept PCRE_ANCHORED and
+PCRE_CASELESS at run time. Add escapes \A and \I to pcretest to cause it to
+pass them.
+
+6. Give an error if bad option bits passed at compile or run time.
+
+7. Add PCRE_MULTILINE at compile and exec time, and (?m) as well. Add \M to
+pcretest to cause it to pass that flag.
+
+8. Add pcre_info(), to get the number of identifying subpatterns, the stored
+options, and the first character, if set.
+
+9. Recognize C+ or C{n,m} where n >= 1 as providing a fixed starting character.
+
+
+Version 0.91 10-Sep-97
+----------------------
+
+1. PCRE was failing to diagnose unlimited repeats of subpatterns that could
+match the empty string as in /(a*)*/. It was looping and ultimately crashing.
+
+2. PCRE was looping on encountering an indefinitely repeated back reference to
+a subpattern that had matched an empty string, e.g. /(a|)\1*/. It now does what
+Perl does - treats the match as successful.
+
+****
diff --git a/client/3rd/ShadowSocks/ShadowSocks/pcre/armv7/share/doc/pcre/LICENCE b/client/3rd/ShadowSocks/ShadowSocks/pcre/armv7/share/doc/pcre/LICENCE
new file mode 100644
index 00000000..dd9071a8
--- /dev/null
+++ b/client/3rd/ShadowSocks/ShadowSocks/pcre/armv7/share/doc/pcre/LICENCE
@@ -0,0 +1,93 @@
+PCRE LICENCE
+------------
+
+PCRE is a library of functions to support regular expressions whose syntax
+and semantics are as close as possible to those of the Perl 5 language.
+
+Release 8 of PCRE is distributed under the terms of the "BSD" licence, as
+specified below. The documentation for PCRE, supplied in the "doc"
+directory, is distributed under the same terms as the software itself. The data
+in the testdata directory is not copyrighted and is in the public domain.
+
+The basic library functions are written in C and are freestanding. Also
+included in the distribution is a set of C++ wrapper functions, and a
+just-in-time compiler that can be used to optimize pattern matching. These
+are both optional features that can be omitted when the library is built.
+
+
+THE BASIC LIBRARY FUNCTIONS
+---------------------------
+
+Written by:       Philip Hazel
+Email local part: ph10
+Email domain:     cam.ac.uk
+
+University of Cambridge Computing Service,
+Cambridge, England.
+
+Copyright (c) 1997-2017 University of Cambridge
+All rights reserved.
+
+
+PCRE JUST-IN-TIME COMPILATION SUPPORT
+-------------------------------------
+
+Written by:       Zoltan Herczeg
+Email local part: hzmester
+Emain domain:     freemail.hu
+
+Copyright(c) 2010-2017 Zoltan Herczeg
+All rights reserved.
+
+
+STACK-LESS JUST-IN-TIME COMPILER
+--------------------------------
+
+Written by:       Zoltan Herczeg
+Email local part: hzmester
+Emain domain:     freemail.hu
+
+Copyright(c) 2009-2017 Zoltan Herczeg
+All rights reserved.
+
+
+THE C++ WRAPPER FUNCTIONS
+-------------------------
+
+Contributed by:   Google Inc.
+
+Copyright (c) 2007-2012, Google Inc.
+All rights reserved.
+
+
+THE "BSD" LICENCE
+-----------------
+
+Redistribution and use in source and binary forms, with or without
+modification, are permitted provided that the following conditions are met:
+
+    * Redistributions of source code must retain the above copyright notice,
+      this list of conditions and the following disclaimer.
+
+    * Redistributions in binary form must reproduce the above copyright
+      notice, this list of conditions and the following disclaimer in the
+      documentation and/or other materials provided with the distribution.
+
+    * Neither the name of the University of Cambridge nor the name of Google
+      Inc. nor the names of their contributors may be used to endorse or
+      promote products derived from this software without specific prior
+      written permission.
+
+THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS"
+AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT OWNER OR CONTRIBUTORS BE
+LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR
+CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF
+SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS
+INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN
+CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
+ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE
+POSSIBILITY OF SUCH DAMAGE.
+
+End
diff --git a/client/3rd/ShadowSocks/ShadowSocks/pcre/armv7/share/doc/pcre/NEWS b/client/3rd/ShadowSocks/ShadowSocks/pcre/armv7/share/doc/pcre/NEWS
new file mode 100644
index 00000000..36be07cb
--- /dev/null
+++ b/client/3rd/ShadowSocks/ShadowSocks/pcre/armv7/share/doc/pcre/NEWS
@@ -0,0 +1,737 @@
+News about PCRE releases
+------------------------
+
+Release 8.41 13-June-2017
+-------------------------
+
+This is a bug-fix release.
+
+
+Release 8.40 11-January-2017
+----------------------------
+
+This is a bug-fix release.
+
+
+Release 8.39 14-June-2016
+-------------------------
+
+Some appropriate PCRE2 JIT improvements have been retro-fitted to PCRE1. Apart
+from that, this is another bug-fix release. Note that this library (now called
+PCRE1) is now being maintained for bug fixes only. New projects are advised to
+use the new PCRE2 libraries.
+
+
+Release 8.38 23-November-2015
+-----------------------------
+
+This is bug-fix release. Note that this library (now called PCRE1) is now being
+maintained for bug fixes only. New projects are advised to use the new PCRE2
+libraries.
+
+
+Release 8.37 28-April-2015
+--------------------------
+
+This is bug-fix release. Note that this library (now called PCRE1) is now being
+maintained for bug fixes only. New projects are advised to use the new PCRE2
+libraries.
+
+
+Release 8.36 26-September-2014
+------------------------------
+
+This is primarily a bug-fix release. However, in addition, the Unicode data
+tables have been updated to Unicode 7.0.0.
+
+
+Release 8.35 04-April-2014
+--------------------------
+
+There have been performance improvements for classes containing non-ASCII
+characters and the "auto-possessification" feature has been extended. Other
+minor improvements have been implemented and bugs fixed. There is a new callout
+feature to enable applications to do detailed stack checks at compile time, to
+avoid running out of stack for deeply nested parentheses. The JIT compiler has
+been extended with experimental support for ARM-64, MIPS-64, and PPC-LE.
+
+
+Release 8.34 15-December-2013
+-----------------------------
+
+As well as fixing the inevitable bugs, performance has been improved by
+refactoring and extending the amount of "auto-possessification" that PCRE does.
+Other notable changes:
+
+.  Implemented PCRE_INFO_MATCH_EMPTY, which yields 1 if the pattern can match
+   an empty string. If it can, pcretest shows this in its information output.
+
+.  A back reference to a named subpattern when there is more than one of the
+   same name now checks them in the order in which they appear in the pattern.
+   The first one that is set is used for the reference. Previously only the
+   first one was inspected. This change makes PCRE more compatible with Perl.
+
+.  Unicode character properties were updated from Unicode 6.3.0.
+
+.  The character VT has been added to the set of characters that match \s and
+   are generally treated as white space, following this same change in Perl
+   5.18. There is now no difference between "Perl space" and "POSIX space".
+
+.  Perl has changed its handling of \8 and \9. If there is no previously
+   encountered capturing group of those numbers, they are treated as the
+   literal characters 8 and 9 instead of a binary zero followed by the
+   literals. PCRE now does the same.
+
+.  Following Perl, added \o{} to specify codepoints in octal, making it
+   possible to specify values greater than 0777 and also making them
+   unambiguous.
+
+.  In UCP mode, \s was not matching two of the characters that Perl matches,
+   namely NEL (U+0085) and MONGOLIAN VOWEL SEPARATOR (U+180E), though they
+   were matched by \h.
+
+.  Add JIT support for the 64 bit TileGX architecture.
+
+.  Upgraded the handling of the POSIX classes [:graph:], [:print:], and
+   [:punct:] when PCRE_UCP is set so as to include the same characters as Perl
+   does in Unicode mode.
+
+.  Perl no longer allows group names to start with digits, so I have made this
+   change also in PCRE.
+
+.  Added support for [[:<:]] and [[:>:]] as used in the BSD POSIX library to
+   mean "start of word" and "end of word", respectively, as a transition aid.
+
+
+Release 8.33 28-May-2013
+--------------------------
+
+A number of bugs are fixed, and some performance improvements have been made.
+There are also some new features, of which these are the most important:
+
+.  The behaviour of the backtracking verbs has been rationalized and
+   documented in more detail.
+
+.  JIT now supports callouts and all of the backtracking verbs.
+
+.  Unicode validation has been updated in the light of Unicode Corrigendum #9,
+   which points out that "non characters" are not "characters that may not
+   appear in Unicode strings" but rather "characters that are reserved for
+   internal use and have only local meaning".
+
+.  (*LIMIT_MATCH=d) and (*LIMIT_RECURSION=d) have been added so that the
+   creator of a pattern can specify lower (but not higher) limits for the
+   matching process.
+
+.  The PCRE_NEVER_UTF option is available to prevent pattern-writers from using
+   the (*UTF) feature, as this could be a security issue.
+
+
+Release 8.32 30-November-2012
+-----------------------------
+
+This release fixes a number of bugs, but also has some new features. These are
+the highlights:
+
+.  There is now support for 32-bit character strings and UTF-32. Like the
+   16-bit support, this is done by compiling a separate 32-bit library.
+
+.  \X now matches a Unicode extended grapheme cluster.
+
+.  Case-independent matching of Unicode characters that have more than one
+   "other case" now makes all three (or more) characters equivalent. This
+   applies, for example, to Greek Sigma, which has two lowercase versions.
+
+.  Unicode character properties are updated to Unicode 6.2.0.
+
+.  The EBCDIC support, which had decayed, has had a spring clean.
+
+.  A number of JIT optimizations have been added, which give faster JIT
+   execution speed. In addition, a new direct interface to JIT execution is
+   available. This bypasses some of the sanity checks of pcre_exec() to give a
+   noticeable speed-up.
+
+.  A number of issues in pcregrep have been fixed, making it more compatible
+   with GNU grep. In particular, --exclude and --include (and variants) apply
+   to all files now, not just those obtained from scanning a directory
+   recursively. In Windows environments, the default action for directories is
+   now "skip" instead of "read" (which provokes an error).
+
+.  If the --only-matching (-o) option in pcregrep is specified multiple
+   times, each one causes appropriate output. For example, -o1 -o2 outputs the
+   substrings matched by the 1st and 2nd capturing parentheses. A separating
+   string can be specified by --om-separator (default empty).
+
+.  When PCRE is built via Autotools using a version of gcc that has the
+   "visibility" feature, it is used to hide internal library functions that are
+   not part of the public API.
+
+
+Release 8.31 06-July-2012
+-------------------------
+
+This is mainly a bug-fixing release, with a small number of developments:
+
+. The JIT compiler now supports partial matching and the (*MARK) and
+  (*COMMIT) verbs.
+
+. PCRE_INFO_MAXLOOKBEHIND can be used to find the longest lookbehind in a
+  pattern.
+
+. There should be a performance improvement when using the heap instead of the
+  stack for recursion.
+
+. pcregrep can now be linked with libedit as an alternative to libreadline.
+
+. pcregrep now has a --file-list option where the list of files to scan is
+  given as a file.
+
+. pcregrep now recognizes binary files and there are related options.
+
+. The Unicode tables have been updated to 6.1.0.
+
+As always, the full list of changes is in the ChangeLog file.
+
+
+Release 8.30 04-February-2012
+-----------------------------
+
+Release 8.30 introduces a major new feature: support for 16-bit character
+strings, compiled as a separate library. There are a few changes to the
+8-bit library, in addition to some bug fixes.
+
+. The pcre_info() function, which has been obsolete for over 10 years, has
+  been removed.
+
+. When a compiled pattern was saved to a file and later reloaded on a host
+  with different endianness, PCRE used automatically to swap the bytes in some
+  of the data fields. With the advent of the 16-bit library, where more of this
+  swapping is needed, it is no longer done automatically. Instead, the bad
+  endianness is detected and a specific error is given. The user can then call
+  a new function called pcre_pattern_to_host_byte_order() (or an equivalent
+  16-bit function) to do the swap.
+
+. In UTF-8 mode, the values 0xd800 to 0xdfff are not legal Unicode
+  code points and are now faulted. (They are the so-called "surrogates"
+  that are reserved for coding high values in UTF-16.)
+
+
+Release 8.21 12-Dec-2011
+------------------------
+
+This is almost entirely a bug-fix release. The only new feature is the ability
+to obtain the size of the memory used by the JIT compiler.
+
+
+Release 8.20 21-Oct-2011
+------------------------
+
+The main change in this release is the inclusion of Zoltan Herczeg's
+just-in-time compiler support, which can be accessed by building PCRE with
+--enable-jit. Large performance benefits can be had in many situations. 8.20
+also fixes an unfortunate bug that was introduced in 8.13 as well as tidying up
+a number of infelicities and differences from Perl.
+
+
+Release 8.13 16-Aug-2011
+------------------------
+
+This is mainly a bug-fix release. There has been a lot of internal refactoring.
+The Unicode tables have been updated. The only new feature in the library is
+the passing of *MARK information to callouts. Some additions have been made to
+pcretest to make testing easier and more comprehensive. There is a new option
+for pcregrep to adjust its internal buffer size.
+
+
+Release 8.12 15-Jan-2011
+------------------------
+
+This release fixes some bugs in pcregrep, one of which caused the tests to fail
+on 64-bit big-endian systems. There are no changes to the code of the library.
+
+
+Release 8.11 10-Dec-2010
+------------------------
+
+A number of bugs in the library and in pcregrep have been fixed. As always, see
+ChangeLog for details. The following are the non-bug-fix changes:
+
+. Added --match-limit and --recursion-limit to pcregrep.
+
+. Added an optional parentheses number to the -o and --only-matching options
+  of pcregrep.
+
+. Changed the way PCRE_PARTIAL_HARD affects the matching of $, \z, \Z, \b, and
+  \B.
+
+. Added PCRE_ERROR_SHORTUTF8 to make it possible to distinguish between a
+  bad UTF-8 sequence and one that is incomplete when using PCRE_PARTIAL_HARD.
+
+. Recognize (*NO_START_OPT) at the start of a pattern to set the PCRE_NO_
+  START_OPTIMIZE option, which is now allowed at compile time
+
+
+Release 8.10 25-Jun-2010
+------------------------
+
+There are two major additions: support for (*MARK) and friends, and the option
+PCRE_UCP, which changes the behaviour of \b, \d, \s, and \w (and their
+opposites) so that they make use of Unicode properties. There are also a number
+of lesser new features, and several bugs have been fixed. A new option,
+--line-buffered, has been added to pcregrep, for use when it is connected to
+pipes.
+
+
+Release 8.02 19-Mar-2010
+------------------------
+
+Another bug-fix release.
+
+
+Release 8.01 19-Jan-2010
+------------------------
+
+This is a bug-fix release. Several bugs in the code itself and some bugs and
+infelicities in the build system have been fixed.
+
+
+Release 8.00 19-Oct-09
+----------------------
+
+Bugs have been fixed in the library and in pcregrep. There are also some
+enhancements. Restrictions on patterns used for partial matching have been
+removed, extra information is given for partial matches, the partial matching
+process has been improved, and an option to make a partial match override a
+full match is available. The "study" process has been enhanced by finding a
+lower bound matching length. Groups with duplicate numbers may now have
+duplicated names without the use of PCRE_DUPNAMES. However, they may not have
+different names. The documentation has been revised to reflect these changes.
+The version number has been expanded to 3 digits as it is clear that the rate
+of change is not slowing down.
+
+
+Release 7.9 11-Apr-09
+---------------------
+
+Mostly bugfixes and tidies with just a couple of minor functional additions.
+
+
+Release 7.8 05-Sep-08
+---------------------
+
+More bug fixes, plus a performance improvement in Unicode character property
+lookup.
+
+
+Release 7.7 07-May-08
+---------------------
+
+This is once again mainly a bug-fix release, but there are a couple of new
+features.
+
+
+Release 7.6 28-Jan-08
+---------------------
+
+The main reason for having this release so soon after 7.5 is because it fixes a
+potential buffer overflow problem in pcre_compile() when run in UTF-8 mode. In
+addition, the CMake configuration files have been brought up to date.
+
+
+Release 7.5 10-Jan-08
+---------------------
+
+This is mainly a bug-fix release. However the ability to link pcregrep with
+libz or libbz2 and the ability to link pcretest with libreadline have been
+added. Also the --line-offsets and --file-offsets options were added to
+pcregrep.
+
+
+Release 7.4 21-Sep-07
+---------------------
+
+The only change of specification is the addition of options to control whether
+\R matches any Unicode line ending (the default) or just CR, LF, and CRLF.
+Otherwise, the changes are bug fixes and a refactoring to reduce the number of
+relocations needed in a shared library. There have also been some documentation
+updates, in particular, some more information about using CMake to build PCRE
+has been added to the NON-UNIX-USE file.
+
+
+Release 7.3 28-Aug-07
+---------------------
+
+Most changes are bug fixes. Some that are not:
+
+1. There is some support for Perl 5.10's experimental "backtracking control
+   verbs" such as (*PRUNE).
+
+2. UTF-8 checking is now as per RFC 3629 instead of RFC 2279; this is more
+   restrictive in the strings it accepts.
+
+3. Checking for potential integer overflow has been made more dynamic, and as a
+   consequence there is no longer a hard limit on the size of a subpattern that
+   has a limited repeat count.
+
+4. When CRLF is a valid line-ending sequence, pcre_exec() and pcre_dfa_exec()
+   no longer advance by two characters instead of one when an unanchored match
+   fails at CRLF if there are explicit CR or LF matches within the pattern.
+   This gets rid of some anomalous effects that previously occurred.
+
+5. Some PCRE-specific settings for varying the newline options at the start of
+   a pattern have been added.
+
+
+Release 7.2 19-Jun-07
+---------------------
+
+WARNING: saved patterns that were compiled by earlier versions of PCRE must be
+recompiled for use with 7.2 (necessitated by the addition of \K, \h, \H, \v,
+and \V).
+
+Correction to the notes for 7.1: the note about shared libraries for Windows is
+wrong. Previously, three libraries were built, but each could function
+independently. For example, the pcreposix library also included all the
+functions from the basic pcre library. The change is that the three libraries
+are no longer independent. They are like the Unix libraries. To use the
+pcreposix functions, for example, you need to link with both the pcreposix and
+the basic pcre library.
+
+Some more features from Perl 5.10 have been added:
+
+  (?-n) and (?+n) relative references for recursion and subroutines.
+
+  (?(-n) and (?(+n) relative references as conditions.
+
+  \k{name} and \g{name} are synonyms for \k<name>.
+
+  \K to reset the start of the matched string; for example, (foo)\Kbar
+  matches bar preceded by foo, but only sets bar as the matched string.
+
+  (?| introduces a group where the capturing parentheses in each alternative
+  start from the same number; for example, (?|(abc)|(xyz)) sets capturing
+  parentheses number 1 in both cases.
+
+  \h, \H, \v, \V match horizontal and vertical whitespace, respectively.
+
+
+Release 7.1 24-Apr-07
+---------------------
+
+There is only one new feature in this release: a linebreak setting of
+PCRE_NEWLINE_ANYCRLF. It is a cut-down version of PCRE_NEWLINE_ANY, which
+recognizes only CRLF, CR, and LF as linebreaks.
+
+A few bugs are fixed (see ChangeLog for details), but the major change is a
+complete re-implementation of the build system. This now has full Autotools
+support and so is now "standard" in some sense. It should help with compiling
+PCRE in a wide variety of environments.
+
+NOTE: when building shared libraries for Windows, three dlls are now built,
+called libpcre, libpcreposix, and libpcrecpp. Previously, everything was
+included in a single dll.
+
+Another important change is that the dftables auxiliary program is no longer
+compiled and run at "make" time by default. Instead, a default set of character
+tables (assuming ASCII coding) is used. If you want to use dftables to generate
+the character tables as previously, add --enable-rebuild-chartables to the
+"configure" command. You must do this if you are compiling PCRE to run on a
+system that uses EBCDIC code.
+
+There is a discussion about character tables in the README file. The default is
+not to use dftables so that that there is no problem when cross-compiling.
+
+
+Release 7.0 19-Dec-06
+---------------------
+
+This release has a new major number because there have been some internal
+upheavals to facilitate the addition of new optimizations and other facilities,
+and to make subsequent maintenance and extension easier. Compilation is likely
+to be a bit slower, but there should be no major effect on runtime performance.
+Previously compiled patterns are NOT upwards compatible with this release. If
+you have saved compiled patterns from a previous release, you will have to
+re-compile them. Important changes that are visible to users are:
+
+1. The Unicode property tables have been updated to Unicode 5.0.0, which adds
+   some more scripts.
+
+2. The option PCRE_NEWLINE_ANY causes PCRE to recognize any Unicode newline
+   sequence as a newline.
+
+3. The \R escape matches a single Unicode newline sequence as a single unit.
+
+4. New features that will appear in Perl 5.10 are now in PCRE. These include
+   alternative Perl syntax for named parentheses, and Perl syntax for
+   recursion.
+
+5. The C++ wrapper interface has been extended by the addition of a
+   QuoteMeta function and the ability to allow copy construction and
+   assignment.
+
+For a complete list of changes, see the ChangeLog file.
+
+
+Release 6.7 04-Jul-06
+---------------------
+
+The main additions to this release are the ability to use the same name for
+multiple sets of parentheses, and support for CRLF line endings in both the
+library and pcregrep (and in pcretest for testing).
+
+Thanks to Ian Taylor, the stack usage for many kinds of pattern has been
+significantly reduced for certain subject strings.
+
+
+Release 6.5 01-Feb-06
+---------------------
+
+Important changes in this release:
+
+1. A number of new features have been added to pcregrep.
+
+2. The Unicode property tables have been updated to Unicode 4.1.0, and the
+   supported properties have been extended with script names such as "Arabic",
+   and the derived properties "Any" and "L&". This has necessitated a change to
+   the interal format of compiled patterns. Any saved compiled patterns that
+   use \p or \P must be recompiled.
+
+3. The specification of recursion in patterns has been changed so that all
+   recursive subpatterns are automatically treated as atomic groups. Thus, for
+   example, (?R) is treated as if it were (?>(?R)). This is necessary because
+   otherwise there are situations where recursion does not work.
+
+See the ChangeLog for a complete list of changes, which include a number of bug
+fixes and tidies.
+
+
+Release 6.0 07-Jun-05
+---------------------
+
+The release number has been increased to 6.0 because of the addition of several
+major new pieces of functionality.
+
+A new function, pcre_dfa_exec(), which implements pattern matching using a DFA
+algorithm, has been added. This has a number of advantages for certain cases,
+though it does run more slowly, and lacks the ability to capture substrings. On
+the other hand, it does find all matches, not just the first, and it works
+better for partial matching. The pcrematching man page discusses the
+differences.
+
+The pcretest program has been enhanced so that it can make use of the new
+pcre_dfa_exec() matching function and the extra features it provides.
+
+The distribution now includes a C++ wrapper library. This is built
+automatically if a C++ compiler is found. The pcrecpp man page discusses this
+interface.
+
+The code itself has been re-organized into many more files, one for each
+function, so it no longer requires everything to be linked in when static
+linkage is used. As a consequence, some internal functions have had to have
+their names exposed. These functions all have names starting with _pcre_. They
+are undocumented, and are not intended for use by outside callers.
+
+The pcregrep program has been enhanced with new functionality such as
+multiline-matching and options for output more matching context. See the
+ChangeLog for a complete list of changes to the library and the utility
+programs.
+
+
+Release 5.0 13-Sep-04
+---------------------
+
+The licence under which PCRE is released has been changed to the more
+conventional "BSD" licence.
+
+In the code, some bugs have been fixed, and there are also some major changes
+in this release (which is why I've increased the number to 5.0). Some changes
+are internal rearrangements, and some provide a number of new facilities. The
+new features are:
+
+1. There's an "automatic callout" feature that inserts callouts before every
+   item in the regex, and there's a new callout field that gives the position
+   in the pattern - useful for debugging and tracing.
+
+2. The extra_data structure can now be used to pass in a set of character
+   tables at exec time. This is useful if compiled regex are saved and re-used
+   at a later time when the tables may not be at the same address. If the
+   default internal tables are used, the pointer saved with the compiled
+   pattern is now set to NULL, which means that you don't need to do anything
+   special unless you are using custom tables.
+
+3. It is possible, with some restrictions on the content of the regex, to
+   request "partial" matching. A special return code is given if all of the
+   subject string matched part of the regex. This could be useful for testing
+   an input field as it is being typed.
+
+4. There is now some optional support for Unicode character properties, which
+   means that the patterns items such as \p{Lu} and \X can now be used. Only
+   the general category properties are supported. If PCRE is compiled with this
+   support, an additional 90K data structure is include, which increases the
+   size of the library dramatically.
+
+5. There is support for saving compiled patterns and re-using them later.
+
+6. There is support for running regular expressions that were compiled on a
+   different host with the opposite endianness.
+
+7. The pcretest program has been extended to accommodate the new features.
+
+The main internal rearrangement is that sequences of literal characters are no
+longer handled as strings. Instead, each character is handled on its own. This
+makes some UTF-8 handling easier, and makes the support of partial matching
+possible. Compiled patterns containing long literal strings will be larger as a
+result of this change; I hope that performance will not be much affected.
+
+
+Release 4.5 01-Dec-03
+---------------------
+
+Again mainly a bug-fix and tidying release, with only a couple of new features:
+
+1. It's possible now to compile PCRE so that it does not use recursive
+function calls when matching. Instead it gets memory from the heap. This slows
+things down, but may be necessary on systems with limited stacks.
+
+2. UTF-8 string checking has been tightened to reject overlong sequences and to
+check that a starting offset points to the start of a character. Failure of the
+latter returns a new error code: PCRE_ERROR_BADUTF8_OFFSET.
+
+3. PCRE can now be compiled for systems that use EBCDIC code.
+
+
+Release 4.4 21-Aug-03
+---------------------
+
+This is mainly a bug-fix and tidying release. The only new feature is that PCRE
+checks UTF-8 strings for validity by default. There is an option to suppress
+this, just in case anybody wants that teeny extra bit of performance.
+
+
+Releases 4.1 - 4.3
+------------------
+
+Sorry, I forgot about updating the NEWS file for these releases. Please take a
+look at ChangeLog.
+
+
+Release 4.0 17-Feb-03
+---------------------
+
+There have been a lot of changes for the 4.0 release, adding additional
+functionality and mending bugs. Below is a list of the highlights of the new
+functionality. For full details of these features, please consult the
+documentation. For a complete list of changes, see the ChangeLog file.
+
+1. Support for Perl's \Q...\E escapes.
+
+2. "Possessive quantifiers" ?+, *+, ++, and {,}+ which come from Sun's Java
+package. They provide some syntactic sugar for simple cases of "atomic
+grouping".
+
+3. Support for the \G assertion. It is true when the current matching position
+is at the start point of the match.
+
+4. A new feature that provides some of the functionality that Perl provides
+with (?{...}). The facility is termed a "callout". The way it is done in PCRE
+is for the caller to provide an optional function, by setting pcre_callout to
+its entry point. To get the function called, the regex must include (?C) at
+appropriate points.
+
+5. Support for recursive calls to individual subpatterns. This makes it really
+easy to get totally confused.
+
+6. Support for named subpatterns. The Python syntax (?P<name>...) is used to
+name a group.
+
+7. Several extensions to UTF-8 support; it is now fairly complete. There is an
+option for pcregrep to make it operate in UTF-8 mode.
+
+8. The single man page has been split into a number of separate man pages.
+These also give rise to individual HTML pages which are put in a separate
+directory. There is an index.html page that lists them all. Some hyperlinking
+between the pages has been installed.
+
+
+Release 3.5 15-Aug-01
+---------------------
+
+1. The configuring system has been upgraded to use later versions of autoconf
+and libtool. By default it builds both a shared and a static library if the OS
+supports it. You can use --disable-shared or --disable-static on the configure
+command if you want only one of them.
+
+2. The pcretest utility is now installed along with pcregrep because it is
+useful for users (to test regexs) and by doing this, it automatically gets
+relinked by libtool. The documentation has been turned into a man page, so
+there are now .1, .txt, and .html versions in /doc.
+
+3. Upgrades to pcregrep:
+   (i)   Added long-form option names like gnu grep.
+   (ii)  Added --help to list all options with an explanatory phrase.
+   (iii) Added -r, --recursive to recurse into sub-directories.
+   (iv)  Added -f, --file to read patterns from a file.
+
+4. Added --enable-newline-is-cr and --enable-newline-is-lf to the configure
+script, to force use of CR or LF instead of \n in the source. On non-Unix
+systems, the value can be set in config.h.
+
+5. The limit of 200 on non-capturing parentheses is a _nesting_ limit, not an
+absolute limit. Changed the text of the error message to make this clear, and
+likewise updated the man page.
+
+6. The limit of 99 on the number of capturing subpatterns has been removed.
+The new limit is 65535, which I hope will not be a "real" limit.
+
+
+Release 3.3 01-Aug-00
+---------------------
+
+There is some support for UTF-8 character strings. This is incomplete and
+experimental. The documentation describes what is and what is not implemented.
+Otherwise, this is just a bug-fixing release.
+
+
+Release 3.0 01-Feb-00
+---------------------
+
+1. A "configure" script is now used to configure PCRE for Unix systems. It
+builds a Makefile, a config.h file, and the pcre-config script.
+
+2. PCRE is built as a shared library by default.
+
+3. There is support for POSIX classes such as [:alpha:].
+
+5. There is an experimental recursion feature.
+
+----------------------------------------------------------------------------
+          IMPORTANT FOR THOSE UPGRADING FROM VERSIONS BEFORE 2.00
+
+Please note that there has been a change in the API such that a larger
+ovector is required at matching time, to provide some additional workspace.
+The new man page has details. This change was necessary in order to support
+some of the new functionality in Perl 5.005.
+
+          IMPORTANT FOR THOSE UPGRADING FROM VERSION 2.00
+
+Another (I hope this is the last!) change has been made to the API for the
+pcre_compile() function. An additional argument has been added to make it
+possible to pass over a pointer to character tables built in the current
+locale by pcre_maketables(). To use the default tables, this new argument
+should be passed as NULL.
+
+          IMPORTANT FOR THOSE UPGRADING FROM VERSION 2.05
+
+Yet another (and again I hope this really is the last) change has been made
+to the API for the pcre_exec() function. An additional argument has been
+added to make it possible to start the match other than at the start of the
+subject string. This is important if there are lookbehinds. The new man
+page has the details, but you just want to convert existing programs, all
+you need to do is to stick in a new fifth argument to pcre_exec(), with a
+value of zero. For example, change
+
+  pcre_exec(pattern, extra, subject, length, options, ovec, ovecsize)
+to
+  pcre_exec(pattern, extra, subject, length, 0, options, ovec, ovecsize)
+
+****
diff --git a/client/3rd/ShadowSocks/ShadowSocks/pcre/armv7/share/doc/pcre/README b/client/3rd/ShadowSocks/ShadowSocks/pcre/armv7/share/doc/pcre/README
new file mode 100644
index 00000000..4887ebf3
--- /dev/null
+++ b/client/3rd/ShadowSocks/ShadowSocks/pcre/armv7/share/doc/pcre/README
@@ -0,0 +1,1002 @@
+README file for PCRE (Perl-compatible regular expression library)
+-----------------------------------------------------------------
+
+NOTE: This set of files relates to PCRE releases that use the original API,
+with library names libpcre, libpcre16, and libpcre32. January 2015 saw the
+first release of a new API, known as PCRE2, with release numbers starting at
+10.00 and library names libpcre2-8, libpcre2-16, and libpcre2-32. The old
+libraries (now called PCRE1) are still being maintained for bug fixes, but
+there will be no new development. New projects are advised to use the new PCRE2
+libraries.
+
+
+The latest release of PCRE1 is always available in three alternative formats
+from:
+
+  ftp://ftp.csx.cam.ac.uk/pub/software/programming/pcre/pcre-xxx.tar.gz
+  ftp://ftp.csx.cam.ac.uk/pub/software/programming/pcre/pcre-xxx.tar.bz2
+  ftp://ftp.csx.cam.ac.uk/pub/software/programming/pcre/pcre-xxx.zip
+
+There is a mailing list for discussion about the development of PCRE at
+pcre-dev@exim.org. You can access the archives and subscribe or manage your
+subscription here:
+
+   https://lists.exim.org/mailman/listinfo/pcre-dev
+
+Please read the NEWS file if you are upgrading from a previous release.
+The contents of this README file are:
+
+  The PCRE APIs
+  Documentation for PCRE
+  Contributions by users of PCRE
+  Building PCRE on non-Unix-like systems
+  Building PCRE without using autotools
+  Building PCRE using autotools
+  Retrieving configuration information
+  Shared libraries
+  Cross-compiling using autotools
+  Using HP's ANSI C++ compiler (aCC)
+  Compiling in Tru64 using native compilers
+  Using Sun's compilers for Solaris
+  Using PCRE from MySQL
+  Making new tarballs
+  Testing PCRE
+  Character tables
+  File manifest
+
+
+The PCRE APIs
+-------------
+
+PCRE is written in C, and it has its own API. There are three sets of
+functions, one for the 8-bit library, which processes strings of bytes, one for
+the 16-bit library, which processes strings of 16-bit values, and one for the
+32-bit library, which processes strings of 32-bit values. The distribution also
+includes a set of C++ wrapper functions (see the pcrecpp man page for details),
+courtesy of Google Inc., which can be used to call the 8-bit PCRE library from
+C++. Other C++ wrappers have been created from time to time. See, for example:
+https://github.com/YasserAsmi/regexp, which aims to be simple and similar in
+style to the C API.
+
+The distribution also contains a set of C wrapper functions (again, just for
+the 8-bit library) that are based on the POSIX regular expression API (see the
+pcreposix man page). These end up in the library called libpcreposix. Note that
+this just provides a POSIX calling interface to PCRE; the regular expressions
+themselves still follow Perl syntax and semantics. The POSIX API is restricted,
+and does not give full access to all of PCRE's facilities.
+
+The header file for the POSIX-style functions is called pcreposix.h. The
+official POSIX name is regex.h, but I did not want to risk possible problems
+with existing files of that name by distributing it that way. To use PCRE with
+an existing program that uses the POSIX API, pcreposix.h will have to be
+renamed or pointed at by a link.
+
+If you are using the POSIX interface to PCRE and there is already a POSIX regex
+library installed on your system, as well as worrying about the regex.h header
+file (as mentioned above), you must also take care when linking programs to
+ensure that they link with PCRE's libpcreposix library. Otherwise they may pick
+up the POSIX functions of the same name from the other library.
+
+One way of avoiding this confusion is to compile PCRE with the addition of
+-Dregcomp=PCREregcomp (and similarly for the other POSIX functions) to the
+compiler flags (CFLAGS if you are using "configure" -- see below). This has the
+effect of renaming the functions so that the names no longer clash. Of course,
+you have to do the same thing for your applications, or write them using the
+new names.
+
+
+Documentation for PCRE
+----------------------
+
+If you install PCRE in the normal way on a Unix-like system, you will end up
+with a set of man pages whose names all start with "pcre". The one that is just
+called "pcre" lists all the others. In addition to these man pages, the PCRE
+documentation is supplied in two other forms:
+
+  1. There are files called doc/pcre.txt, doc/pcregrep.txt, and
+     doc/pcretest.txt in the source distribution. The first of these is a
+     concatenation of the text forms of all the section 3 man pages except
+     the listing of pcredemo.c and those that summarize individual functions.
+     The other two are the text forms of the section 1 man pages for the
+     pcregrep and pcretest commands. These text forms are provided for ease of
+     scanning with text editors or similar tools. They are installed in
+     <prefix>/share/doc/pcre, where <prefix> is the installation prefix
+     (defaulting to /usr/local).
+
+  2. A set of files containing all the documentation in HTML form, hyperlinked
+     in various ways, and rooted in a file called index.html, is distributed in
+     doc/html and installed in <prefix>/share/doc/pcre/html.
+
+Users of PCRE have contributed files containing the documentation for various
+releases in CHM format. These can be found in the Contrib directory of the FTP
+site (see next section).
+
+
+Contributions by users of PCRE
+------------------------------
+
+You can find contributions from PCRE users in the directory
+
+  ftp://ftp.csx.cam.ac.uk/pub/software/programming/pcre/Contrib
+
+There is a README file giving brief descriptions of what they are. Some are
+complete in themselves; others are pointers to URLs containing relevant files.
+Some of this material is likely to be well out-of-date. Several of the earlier
+contributions provided support for compiling PCRE on various flavours of
+Windows (I myself do not use Windows). Nowadays there is more Windows support
+in the standard distribution, so these contibutions have been archived.
+
+A PCRE user maintains downloadable Windows binaries of the pcregrep and
+pcretest programs here:
+
+  http://www.rexegg.com/pcregrep-pcretest.html
+
+
+Building PCRE on non-Unix-like systems
+--------------------------------------
+
+For a non-Unix-like system, please read the comments in the file
+NON-AUTOTOOLS-BUILD, though if your system supports the use of "configure" and
+"make" you may be able to build PCRE using autotools in the same way as for
+many Unix-like systems.
+
+PCRE can also be configured using the GUI facility provided by CMake's
+cmake-gui command. This creates Makefiles, solution files, etc. The file
+NON-AUTOTOOLS-BUILD has information about CMake.
+
+PCRE has been compiled on many different operating systems. It should be
+straightforward to build PCRE on any system that has a Standard C compiler and
+library, because it uses only Standard C functions.
+
+
+Building PCRE without using autotools
+-------------------------------------
+
+The use of autotools (in particular, libtool) is problematic in some
+environments, even some that are Unix or Unix-like. See the NON-AUTOTOOLS-BUILD
+file for ways of building PCRE without using autotools.
+
+
+Building PCRE using autotools
+-----------------------------
+
+If you are using HP's ANSI C++ compiler (aCC), please see the special note
+in the section entitled "Using HP's ANSI C++ compiler (aCC)" below.
+
+The following instructions assume the use of the widely used "configure; make;
+make install" (autotools) process.
+
+To build PCRE on system that supports autotools, first run the "configure"
+command from the PCRE distribution directory, with your current directory set
+to the directory where you want the files to be created. This command is a
+standard GNU "autoconf" configuration script, for which generic instructions
+are supplied in the file INSTALL.
+
+Most commonly, people build PCRE within its own distribution directory, and in
+this case, on many systems, just running "./configure" is sufficient. However,
+the usual methods of changing standard defaults are available. For example:
+
+CFLAGS='-O2 -Wall' ./configure --prefix=/opt/local
+
+This command specifies that the C compiler should be run with the flags '-O2
+-Wall' instead of the default, and that "make install" should install PCRE
+under /opt/local instead of the default /usr/local.
+
+If you want to build in a different directory, just run "configure" with that
+directory as current. For example, suppose you have unpacked the PCRE source
+into /source/pcre/pcre-xxx, but you want to build it in /build/pcre/pcre-xxx:
+
+cd /build/pcre/pcre-xxx
+/source/pcre/pcre-xxx/configure
+
+PCRE is written in C and is normally compiled as a C library. However, it is
+possible to build it as a C++ library, though the provided building apparatus
+does not have any features to support this.
+
+There are some optional features that can be included or omitted from the PCRE
+library. They are also documented in the pcrebuild man page.
+
+. By default, both shared and static libraries are built. You can change this
+  by adding one of these options to the "configure" command:
+
+  --disable-shared
+  --disable-static
+
+  (See also "Shared libraries on Unix-like systems" below.)
+
+. By default, only the 8-bit library is built. If you add --enable-pcre16 to
+  the "configure" command, the 16-bit library is also built. If you add
+  --enable-pcre32 to the "configure" command, the 32-bit library is also built.
+  If you want only the 16-bit or 32-bit library, use --disable-pcre8 to disable
+  building the 8-bit library.
+
+. If you are building the 8-bit library and want to suppress the building of
+  the C++ wrapper library, you can add --disable-cpp to the "configure"
+  command. Otherwise, when "configure" is run without --disable-pcre8, it will
+  try to find a C++ compiler and C++ header files, and if it succeeds, it will
+  try to build the C++ wrapper.
+
+. If you want to include support for just-in-time compiling, which can give
+  large performance improvements on certain platforms, add --enable-jit to the
+  "configure" command. This support is available only for certain hardware
+  architectures. If you try to enable it on an unsupported architecture, there
+  will be a compile time error.
+
+. When JIT support is enabled, pcregrep automatically makes use of it, unless
+  you add --disable-pcregrep-jit to the "configure" command.
+
+. If you want to make use of the support for UTF-8 Unicode character strings in
+  the 8-bit library, or UTF-16 Unicode character strings in the 16-bit library,
+  or UTF-32 Unicode character strings in the 32-bit library, you must add
+  --enable-utf to the "configure" command. Without it, the code for handling
+  UTF-8, UTF-16 and UTF-8 is not included in the relevant library. Even
+  when --enable-utf is included, the use of a UTF encoding still has to be
+  enabled by an option at run time. When PCRE is compiled with this option, its
+  input can only either be ASCII or UTF-8/16/32, even when running on EBCDIC
+  platforms. It is not possible to use both --enable-utf and --enable-ebcdic at
+  the same time.
+
+. There are no separate options for enabling UTF-8, UTF-16 and UTF-32
+  independently because that would allow ridiculous settings such as requesting
+  UTF-16 support while building only the 8-bit library. However, the option
+  --enable-utf8 is retained for backwards compatibility with earlier releases
+  that did not support 16-bit or 32-bit character strings. It is synonymous with
+  --enable-utf. It is not possible to configure one library with UTF support
+  and the other without in the same configuration.
+
+. If, in addition to support for UTF-8/16/32 character strings, you want to
+  include support for the \P, \p, and \X sequences that recognize Unicode
+  character properties, you must add --enable-unicode-properties to the
+  "configure" command. This adds about 30K to the size of the library (in the
+  form of a property table); only the basic two-letter properties such as Lu
+  are supported.
+
+. You can build PCRE to recognize either CR or LF or the sequence CRLF or any
+  of the preceding, or any of the Unicode newline sequences as indicating the
+  end of a line. Whatever you specify at build time is the default; the caller
+  of PCRE can change the selection at run time. The default newline indicator
+  is a single LF character (the Unix standard). You can specify the default
+  newline indicator by adding --enable-newline-is-cr or --enable-newline-is-lf
+  or --enable-newline-is-crlf or --enable-newline-is-anycrlf or
+  --enable-newline-is-any to the "configure" command, respectively.
+
+  If you specify --enable-newline-is-cr or --enable-newline-is-crlf, some of
+  the standard tests will fail, because the lines in the test files end with
+  LF. Even if the files are edited to change the line endings, there are likely
+  to be some failures. With --enable-newline-is-anycrlf or
+  --enable-newline-is-any, many tests should succeed, but there may be some
+  failures.
+
+. By default, the sequence \R in a pattern matches any Unicode line ending
+  sequence. This is independent of the option specifying what PCRE considers to
+  be the end of a line (see above). However, the caller of PCRE can restrict \R
+  to match only CR, LF, or CRLF. You can make this the default by adding
+  --enable-bsr-anycrlf to the "configure" command (bsr = "backslash R").
+
+. When called via the POSIX interface, PCRE uses malloc() to get additional
+  storage for processing capturing parentheses if there are more than 10 of
+  them in a pattern. You can increase this threshold by setting, for example,
+
+  --with-posix-malloc-threshold=20
+
+  on the "configure" command.
+
+. PCRE has a counter that limits the depth of nesting of parentheses in a
+  pattern. This limits the amount of system stack that a pattern uses when it
+  is compiled. The default is 250, but you can change it by setting, for
+  example,
+
+  --with-parens-nest-limit=500
+
+. PCRE has a counter that can be set to limit the amount of resources it uses
+  when matching a pattern. If the limit is exceeded during a match, the match
+  fails. The default is ten million. You can change the default by setting, for
+  example,
+
+  --with-match-limit=500000
+
+  on the "configure" command. This is just the default; individual calls to
+  pcre_exec() can supply their own value. There is more discussion on the
+  pcreapi man page.
+
+. There is a separate counter that limits the depth of recursive function calls
+  during a matching process. This also has a default of ten million, which is
+  essentially "unlimited". You can change the default by setting, for example,
+
+  --with-match-limit-recursion=500000
+
+  Recursive function calls use up the runtime stack; running out of stack can
+  cause programs to crash in strange ways. There is a discussion about stack
+  sizes in the pcrestack man page.
+
+. The default maximum compiled pattern size is around 64K. You can increase
+  this by adding --with-link-size=3 to the "configure" command. In the 8-bit
+  library, PCRE then uses three bytes instead of two for offsets to different
+  parts of the compiled pattern. In the 16-bit library, --with-link-size=3 is
+  the same as --with-link-size=4, which (in both libraries) uses four-byte
+  offsets. Increasing the internal link size reduces performance. In the 32-bit
+  library, the only supported link size is 4.
+
+. You can build PCRE so that its internal match() function that is called from
+  pcre_exec() does not call itself recursively. Instead, it uses memory blocks
+  obtained from the heap via the special functions pcre_stack_malloc() and
+  pcre_stack_free() to save data that would otherwise be saved on the stack. To
+  build PCRE like this, use
+
+  --disable-stack-for-recursion
+
+  on the "configure" command. PCRE runs more slowly in this mode, but it may be
+  necessary in environments with limited stack sizes. This applies only to the
+  normal execution of the pcre_exec() function; if JIT support is being
+  successfully used, it is not relevant. Equally, it does not apply to
+  pcre_dfa_exec(), which does not use deeply nested recursion. There is a
+  discussion about stack sizes in the pcrestack man page.
+
+. For speed, PCRE uses four tables for manipulating and identifying characters
+  whose code point values are less than 256. By default, it uses a set of
+  tables for ASCII encoding that is part of the distribution. If you specify
+
+  --enable-rebuild-chartables
+
+  a program called dftables is compiled and run in the default C locale when
+  you obey "make". It builds a source file called pcre_chartables.c. If you do
+  not specify this option, pcre_chartables.c is created as a copy of
+  pcre_chartables.c.dist. See "Character tables" below for further information.
+
+. It is possible to compile PCRE for use on systems that use EBCDIC as their
+  character code (as opposed to ASCII/Unicode) by specifying
+
+  --enable-ebcdic
+
+  This automatically implies --enable-rebuild-chartables (see above). However,
+  when PCRE is built this way, it always operates in EBCDIC. It cannot support
+  both EBCDIC and UTF-8/16/32. There is a second option, --enable-ebcdic-nl25,
+  which specifies that the code value for the EBCDIC NL character is 0x25
+  instead of the default 0x15.
+
+. In environments where valgrind is installed, if you specify
+
+  --enable-valgrind
+
+  PCRE will use valgrind annotations to mark certain memory regions as
+  unaddressable. This allows it to detect invalid memory accesses, and is
+  mostly useful for debugging PCRE itself.
+
+. In environments where the gcc compiler is used and lcov version 1.6 or above
+  is installed, if you specify
+
+  --enable-coverage
+
+  the build process implements a code coverage report for the test suite. The
+  report is generated by running "make coverage". If ccache is installed on
+  your system, it must be disabled when building PCRE for coverage reporting.
+  You can do this by setting the environment variable CCACHE_DISABLE=1 before
+  running "make" to build PCRE. There is more information about coverage
+  reporting in the "pcrebuild" documentation.
+
+. The pcregrep program currently supports only 8-bit data files, and so
+  requires the 8-bit PCRE library. It is possible to compile pcregrep to use
+  libz and/or libbz2, in order to read .gz and .bz2 files (respectively), by
+  specifying one or both of
+
+  --enable-pcregrep-libz
+  --enable-pcregrep-libbz2
+
+  Of course, the relevant libraries must be installed on your system.
+
+. The default size (in bytes) of the internal buffer used by pcregrep can be
+  set by, for example:
+
+  --with-pcregrep-bufsize=51200
+
+  The value must be a plain integer. The default is 20480.
+
+. It is possible to compile pcretest so that it links with the libreadline
+  or libedit libraries, by specifying, respectively,
+
+  --enable-pcretest-libreadline or --enable-pcretest-libedit
+
+  If this is done, when pcretest's input is from a terminal, it reads it using
+  the readline() function. This provides line-editing and history facilities.
+  Note that libreadline is GPL-licenced, so if you distribute a binary of
+  pcretest linked in this way, there may be licensing issues. These can be
+  avoided by linking with libedit (which has a BSD licence) instead.
+
+  Enabling libreadline causes the -lreadline option to be added to the pcretest
+  build. In many operating environments with a sytem-installed readline
+  library this is sufficient. However, in some environments (e.g. if an
+  unmodified distribution version of readline is in use), it may be necessary
+  to specify something like LIBS="-lncurses" as well. This is because, to quote
+  the readline INSTALL, "Readline uses the termcap functions, but does not link
+  with the termcap or curses library itself, allowing applications which link
+  with readline the to choose an appropriate library." If you get error
+  messages about missing functions tgetstr, tgetent, tputs, tgetflag, or tgoto,
+  this is the problem, and linking with the ncurses library should fix it.
+
+The "configure" script builds the following files for the basic C library:
+
+. Makefile             the makefile that builds the library
+. config.h             build-time configuration options for the library
+. pcre.h               the public PCRE header file
+. pcre-config          script that shows the building settings such as CFLAGS
+                         that were set for "configure"
+. libpcre.pc         ) data for the pkg-config command
+. libpcre16.pc       )
+. libpcre32.pc       )
+. libpcreposix.pc    )
+. libtool              script that builds shared and/or static libraries
+
+Versions of config.h and pcre.h are distributed in the PCRE tarballs under the
+names config.h.generic and pcre.h.generic. These are provided for those who
+have to built PCRE without using "configure" or CMake. If you use "configure"
+or CMake, the .generic versions are not used.
+
+When building the 8-bit library, if a C++ compiler is found, the following
+files are also built:
+
+. libpcrecpp.pc        data for the pkg-config command
+. pcrecpparg.h         header file for calling PCRE via the C++ wrapper
+. pcre_stringpiece.h   header for the C++ "stringpiece" functions
+
+The "configure" script also creates config.status, which is an executable
+script that can be run to recreate the configuration, and config.log, which
+contains compiler output from tests that "configure" runs.
+
+Once "configure" has run, you can run "make". This builds the the libraries
+libpcre, libpcre16 and/or libpcre32, and a test program called pcretest. If you
+enabled JIT support with --enable-jit, a test program called pcre_jit_test is
+built as well.
+
+If the 8-bit library is built, libpcreposix and the pcregrep command are also
+built, and if a C++ compiler was found on your system, and you did not disable
+it with --disable-cpp, "make" builds the C++ wrapper library, which is called
+libpcrecpp, as well as some test programs called pcrecpp_unittest,
+pcre_scanner_unittest, and pcre_stringpiece_unittest.
+
+The command "make check" runs all the appropriate tests. Details of the PCRE
+tests are given below in a separate section of this document.
+
+You can use "make install" to install PCRE into live directories on your
+system. The following are installed (file names are all relative to the
+<prefix> that is set when "configure" is run):
+
+  Commands (bin):
+    pcretest
+    pcregrep (if 8-bit support is enabled)
+    pcre-config
+
+  Libraries (lib):
+    libpcre16     (if 16-bit support is enabled)
+    libpcre32     (if 32-bit support is enabled)
+    libpcre       (if 8-bit support is enabled)
+    libpcreposix  (if 8-bit support is enabled)
+    libpcrecpp    (if 8-bit and C++ support is enabled)
+
+  Configuration information (lib/pkgconfig):
+    libpcre16.pc
+    libpcre32.pc
+    libpcre.pc
+    libpcreposix.pc
+    libpcrecpp.pc (if C++ support is enabled)
+
+  Header files (include):
+    pcre.h
+    pcreposix.h
+    pcre_scanner.h      )
+    pcre_stringpiece.h  ) if C++ support is enabled
+    pcrecpp.h           )
+    pcrecpparg.h        )
+
+  Man pages (share/man/man{1,3}):
+    pcregrep.1
+    pcretest.1
+    pcre-config.1
+    pcre.3
+    pcre*.3 (lots more pages, all starting "pcre")
+
+  HTML documentation (share/doc/pcre/html):
+    index.html
+    *.html (lots more pages, hyperlinked from index.html)
+
+  Text file documentation (share/doc/pcre):
+    AUTHORS
+    COPYING
+    ChangeLog
+    LICENCE
+    NEWS
+    README
+    pcre.txt         (a concatenation of the man(3) pages)
+    pcretest.txt     the pcretest man page
+    pcregrep.txt     the pcregrep man page
+    pcre-config.txt  the pcre-config man page
+
+If you want to remove PCRE from your system, you can run "make uninstall".
+This removes all the files that "make install" installed. However, it does not
+remove any directories, because these are often shared with other programs.
+
+
+Retrieving configuration information
+------------------------------------
+
+Running "make install" installs the command pcre-config, which can be used to
+recall information about the PCRE configuration and installation. For example:
+
+  pcre-config --version
+
+prints the version number, and
+
+  pcre-config --libs
+
+outputs information about where the library is installed. This command can be
+included in makefiles for programs that use PCRE, saving the programmer from
+having to remember too many details.
+
+The pkg-config command is another system for saving and retrieving information
+about installed libraries. Instead of separate commands for each library, a
+single command is used. For example:
+
+  pkg-config --cflags pcre
+
+The data is held in *.pc files that are installed in a directory called
+<prefix>/lib/pkgconfig.
+
+
+Shared libraries
+----------------
+
+The default distribution builds PCRE as shared libraries and static libraries,
+as long as the operating system supports shared libraries. Shared library
+support relies on the "libtool" script which is built as part of the
+"configure" process.
+
+The libtool script is used to compile and link both shared and static
+libraries. They are placed in a subdirectory called .libs when they are newly
+built. The programs pcretest and pcregrep are built to use these uninstalled
+libraries (by means of wrapper scripts in the case of shared libraries). When
+you use "make install" to install shared libraries, pcregrep and pcretest are
+automatically re-built to use the newly installed shared libraries before being
+installed themselves. However, the versions left in the build directory still
+use the uninstalled libraries.
+
+To build PCRE using static libraries only you must use --disable-shared when
+configuring it. For example:
+
+./configure --prefix=/usr/gnu --disable-shared
+
+Then run "make" in the usual way. Similarly, you can use --disable-static to
+build only shared libraries.
+
+
+Cross-compiling using autotools
+-------------------------------
+
+You can specify CC and CFLAGS in the normal way to the "configure" command, in
+order to cross-compile PCRE for some other host. However, you should NOT
+specify --enable-rebuild-chartables, because if you do, the dftables.c source
+file is compiled and run on the local host, in order to generate the inbuilt
+character tables (the pcre_chartables.c file). This will probably not work,
+because dftables.c needs to be compiled with the local compiler, not the cross
+compiler.
+
+When --enable-rebuild-chartables is not specified, pcre_chartables.c is created
+by making a copy of pcre_chartables.c.dist, which is a default set of tables
+that assumes ASCII code. Cross-compiling with the default tables should not be
+a problem.
+
+If you need to modify the character tables when cross-compiling, you should
+move pcre_chartables.c.dist out of the way, then compile dftables.c by hand and
+run it on the local host to make a new version of pcre_chartables.c.dist.
+Then when you cross-compile PCRE this new version of the tables will be used.
+
+
+Using HP's ANSI C++ compiler (aCC)
+----------------------------------
+
+Unless C++ support is disabled by specifying the "--disable-cpp" option of the
+"configure" script, you must include the "-AA" option in the CXXFLAGS
+environment variable in order for the C++ components to compile correctly.
+
+Also, note that the aCC compiler on PA-RISC platforms may have a defect whereby
+needed libraries fail to get included when specifying the "-AA" compiler
+option. If you experience unresolved symbols when linking the C++ programs,
+use the workaround of specifying the following environment variable prior to
+running the "configure" script:
+
+  CXXLDFLAGS="-lstd_v2 -lCsup_v2"
+
+
+Compiling in Tru64 using native compilers
+-----------------------------------------
+
+The following error may occur when compiling with native compilers in the Tru64
+operating system:
+
+  CXX    libpcrecpp_la-pcrecpp.lo
+cxx: Error: /usr/lib/cmplrs/cxx/V7.1-006/include/cxx/iosfwd, line 58: #error
+          directive: "cannot include iosfwd -- define __USE_STD_IOSTREAM to
+          override default - see section 7.1.2 of the C++ Using Guide"
+#error "cannot include iosfwd -- define __USE_STD_IOSTREAM to override default
+- see section 7.1.2 of the C++ Using Guide"
+
+This may be followed by other errors, complaining that 'namespace "std" has no
+member'. The solution to this is to add the line
+
+#define __USE_STD_IOSTREAM 1
+
+to the config.h file.
+
+
+Using Sun's compilers for Solaris
+---------------------------------
+
+A user reports that the following configurations work on Solaris 9 sparcv9 and
+Solaris 9 x86 (32-bit):
+
+  Solaris 9 sparcv9: ./configure --disable-cpp CC=/bin/cc CFLAGS="-m64 -g"
+  Solaris 9 x86:     ./configure --disable-cpp CC=/bin/cc CFLAGS="-g"
+
+
+Using PCRE from MySQL
+---------------------
+
+On systems where both PCRE and MySQL are installed, it is possible to make use
+of PCRE from within MySQL, as an alternative to the built-in pattern matching.
+There is a web page that tells you how to do this:
+
+  http://www.mysqludf.org/lib_mysqludf_preg/index.php
+
+
+Making new tarballs
+-------------------
+
+The command "make dist" creates three PCRE tarballs, in tar.gz, tar.bz2, and
+zip formats. The command "make distcheck" does the same, but then does a trial
+build of the new distribution to ensure that it works.
+
+If you have modified any of the man page sources in the doc directory, you
+should first run the PrepareRelease script before making a distribution. This
+script creates the .txt and HTML forms of the documentation from the man pages.
+
+
+Testing PCRE
+------------
+
+To test the basic PCRE library on a Unix-like system, run the RunTest script.
+There is another script called RunGrepTest that tests the options of the
+pcregrep command. If the C++ wrapper library is built, three test programs
+called pcrecpp_unittest, pcre_scanner_unittest, and pcre_stringpiece_unittest
+are also built. When JIT support is enabled, another test program called
+pcre_jit_test is built.
+
+Both the scripts and all the program tests are run if you obey "make check" or
+"make test". For other environments, see the instructions in
+NON-AUTOTOOLS-BUILD.
+
+The RunTest script runs the pcretest test program (which is documented in its
+own man page) on each of the relevant testinput files in the testdata
+directory, and compares the output with the contents of the corresponding
+testoutput files. RunTest uses a file called testtry to hold the main output
+from pcretest. Other files whose names begin with "test" are used as working
+files in some tests.
+
+Some tests are relevant only when certain build-time options were selected. For
+example, the tests for UTF-8/16/32 support are run only if --enable-utf was
+used. RunTest outputs a comment when it skips a test.
+
+Many of the tests that are not skipped are run up to three times. The second
+run forces pcre_study() to be called for all patterns except for a few in some
+tests that are marked "never study" (see the pcretest program for how this is
+done). If JIT support is available, the non-DFA tests are run a third time,
+this time with a forced pcre_study() with the PCRE_STUDY_JIT_COMPILE option.
+This testing can be suppressed by putting "nojit" on the RunTest command line.
+
+The entire set of tests is run once for each of the 8-bit, 16-bit and 32-bit
+libraries that are enabled. If you want to run just one set of tests, call
+RunTest with either the -8, -16 or -32 option.
+
+If valgrind is installed, you can run the tests under it by putting "valgrind"
+on the RunTest command line. To run pcretest on just one or more specific test
+files, give their numbers as arguments to RunTest, for example:
+
+  RunTest 2 7 11
+
+You can also specify ranges of tests such as 3-6 or 3- (meaning 3 to the
+end), or a number preceded by ~ to exclude a test. For example:
+
+  Runtest 3-15 ~10
+
+This runs tests 3 to 15, excluding test 10, and just ~13 runs all the tests
+except test 13. Whatever order the arguments are in, the tests are always run
+in numerical order.
+
+You can also call RunTest with the single argument "list" to cause it to output
+a list of tests.
+
+The first test file can be fed directly into the perltest.pl script to check
+that Perl gives the same results. The only difference you should see is in the
+first few lines, where the Perl version is given instead of the PCRE version.
+
+The second set of tests check pcre_fullinfo(), pcre_study(),
+pcre_copy_substring(), pcre_get_substring(), pcre_get_substring_list(), error
+detection, and run-time flags that are specific to PCRE, as well as the POSIX
+wrapper API. It also uses the debugging flags to check some of the internals of
+pcre_compile().
+
+If you build PCRE with a locale setting that is not the standard C locale, the
+character tables may be different (see next paragraph). In some cases, this may
+cause failures in the second set of tests. For example, in a locale where the
+isprint() function yields TRUE for characters in the range 128-255, the use of
+[:isascii:] inside a character class defines a different set of characters, and
+this shows up in this test as a difference in the compiled code, which is being
+listed for checking. Where the comparison test output contains [\x00-\x7f] the
+test will contain [\x00-\xff], and similarly in some other cases. This is not a
+bug in PCRE.
+
+The third set of tests checks pcre_maketables(), the facility for building a
+set of character tables for a specific locale and using them instead of the
+default tables. The tests make use of the "fr_FR" (French) locale. Before
+running the test, the script checks for the presence of this locale by running
+the "locale" command. If that command fails, or if it doesn't include "fr_FR"
+in the list of available locales, the third test cannot be run, and a comment
+is output to say why. If running this test produces instances of the error
+
+  ** Failed to set locale "fr_FR"
+
+in the comparison output, it means that locale is not available on your system,
+despite being listed by "locale". This does not mean that PCRE is broken.
+
+[If you are trying to run this test on Windows, you may be able to get it to
+work by changing "fr_FR" to "french" everywhere it occurs. Alternatively, use
+RunTest.bat. The version of RunTest.bat included with PCRE 7.4 and above uses
+Windows versions of test 2. More info on using RunTest.bat is included in the
+document entitled NON-UNIX-USE.]
+
+The fourth and fifth tests check the UTF-8/16/32 support and error handling and
+internal UTF features of PCRE that are not relevant to Perl, respectively. The
+sixth and seventh tests do the same for Unicode character properties support.
+
+The eighth, ninth, and tenth tests check the pcre_dfa_exec() alternative
+matching function, in non-UTF-8/16/32 mode, UTF-8/16/32 mode, and UTF-8/16/32
+mode with Unicode property support, respectively.
+
+The eleventh test checks some internal offsets and code size features; it is
+run only when the default "link size" of 2 is set (in other cases the sizes
+change) and when Unicode property support is enabled.
+
+The twelfth test is run only when JIT support is available, and the thirteenth
+test is run only when JIT support is not available. They test some JIT-specific
+features such as information output from pcretest about JIT compilation.
+
+The fourteenth, fifteenth, and sixteenth tests are run only in 8-bit mode, and
+the seventeenth, eighteenth, and nineteenth tests are run only in 16/32-bit
+mode. These are tests that generate different output in the two modes. They are
+for general cases, UTF-8/16/32 support, and Unicode property support,
+respectively.
+
+The twentieth test is run only in 16/32-bit mode. It tests some specific
+16/32-bit features of the DFA matching engine.
+
+The twenty-first and twenty-second tests are run only in 16/32-bit mode, when
+the link size is set to 2 for the 16-bit library. They test reloading
+pre-compiled patterns.
+
+The twenty-third and twenty-fourth tests are run only in 16-bit mode. They are
+for general cases, and UTF-16 support, respectively.
+
+The twenty-fifth and twenty-sixth tests are run only in 32-bit mode. They are
+for general cases, and UTF-32 support, respectively.
+
+
+Character tables
+----------------
+
+For speed, PCRE uses four tables for manipulating and identifying characters
+whose code point values are less than 256. The final argument of the
+pcre_compile() function is a pointer to a block of memory containing the
+concatenated tables. A call to pcre_maketables() can be used to generate a set
+of tables in the current locale. If the final argument for pcre_compile() is
+passed as NULL, a set of default tables that is built into the binary is used.
+
+The source file called pcre_chartables.c contains the default set of tables. By
+default, this is created as a copy of pcre_chartables.c.dist, which contains
+tables for ASCII coding. However, if --enable-rebuild-chartables is specified
+for ./configure, a different version of pcre_chartables.c is built by the
+program dftables (compiled from dftables.c), which uses the ANSI C character
+handling functions such as isalnum(), isalpha(), isupper(), islower(), etc. to
+build the table sources. This means that the default C locale which is set for
+your system will control the contents of these default tables. You can change
+the default tables by editing pcre_chartables.c and then re-building PCRE. If
+you do this, you should take care to ensure that the file does not get
+automatically re-generated. The best way to do this is to move
+pcre_chartables.c.dist out of the way and replace it with your customized
+tables.
+
+When the dftables program is run as a result of --enable-rebuild-chartables,
+it uses the default C locale that is set on your system. It does not pay
+attention to the LC_xxx environment variables. In other words, it uses the
+system's default locale rather than whatever the compiling user happens to have
+set. If you really do want to build a source set of character tables in a
+locale that is specified by the LC_xxx variables, you can run the dftables
+program by hand with the -L option. For example:
+
+  ./dftables -L pcre_chartables.c.special
+
+The first two 256-byte tables provide lower casing and case flipping functions,
+respectively. The next table consists of three 32-byte bit maps which identify
+digits, "word" characters, and white space, respectively. These are used when
+building 32-byte bit maps that represent character classes for code points less
+than 256.
+
+The final 256-byte table has bits indicating various character types, as
+follows:
+
+    1   white space character
+    2   letter
+    4   decimal digit
+    8   hexadecimal digit
+   16   alphanumeric or '_'
+  128   regular expression metacharacter or binary zero
+
+You should not alter the set of characters that contain the 128 bit, as that
+will cause PCRE to malfunction.
+
+
+File manifest
+-------------
+
+The distribution should contain the files listed below. Where a file name is
+given as pcre[16|32]_xxx it means that there are three files, one with the name
+pcre_xxx, one with the name pcre16_xx, and a third with the name pcre32_xxx.
+
+(A) Source files of the PCRE library functions and their headers:
+
+  dftables.c              auxiliary program for building pcre_chartables.c
+                          when --enable-rebuild-chartables is specified
+
+  pcre_chartables.c.dist  a default set of character tables that assume ASCII
+                          coding; used, unless --enable-rebuild-chartables is
+                          specified, by copying to pcre[16]_chartables.c
+
+  pcreposix.c                )
+  pcre[16|32]_byte_order.c   )
+  pcre[16|32]_compile.c      )
+  pcre[16|32]_config.c       )
+  pcre[16|32]_dfa_exec.c     )
+  pcre[16|32]_exec.c         )
+  pcre[16|32]_fullinfo.c     )
+  pcre[16|32]_get.c          ) sources for the functions in the library,
+  pcre[16|32]_globals.c      )   and some internal functions that they use
+  pcre[16|32]_jit_compile.c  )
+  pcre[16|32]_maketables.c   )
+  pcre[16|32]_newline.c      )
+  pcre[16|32]_refcount.c     )
+  pcre[16|32]_string_utils.c )
+  pcre[16|32]_study.c        )
+  pcre[16|32]_tables.c       )
+  pcre[16|32]_ucd.c          )
+  pcre[16|32]_version.c      )
+  pcre[16|32]_xclass.c       )
+  pcre_ord2utf8.c            )
+  pcre_valid_utf8.c          )
+  pcre16_ord2utf16.c         )
+  pcre16_utf16_utils.c       )
+  pcre16_valid_utf16.c       )
+  pcre32_utf32_utils.c       )
+  pcre32_valid_utf32.c       )
+
+  pcre[16|32]_printint.c     ) debugging function that is used by pcretest,
+                             )   and can also be #included in pcre_compile()
+
+  pcre.h.in               template for pcre.h when built by "configure"
+  pcreposix.h             header for the external POSIX wrapper API
+  pcre_internal.h         header for internal use
+  sljit/*                 16 files that make up the JIT compiler
+  ucp.h                   header for Unicode property handling
+
+  config.h.in             template for config.h, which is built by "configure"
+
+  pcrecpp.h               public header file for the C++ wrapper
+  pcrecpparg.h.in         template for another C++ header file
+  pcre_scanner.h          public header file for C++ scanner functions
+  pcrecpp.cc              )
+  pcre_scanner.cc         ) source for the C++ wrapper library
+
+  pcre_stringpiece.h.in   template for pcre_stringpiece.h, the header for the
+                            C++ stringpiece functions
+  pcre_stringpiece.cc     source for the C++ stringpiece functions
+
+(B) Source files for programs that use PCRE:
+
+  pcredemo.c              simple demonstration of coding calls to PCRE
+  pcregrep.c              source of a grep utility that uses PCRE
+  pcretest.c              comprehensive test program
+
+(C) Auxiliary files:
+
+  132html                 script to turn "man" pages into HTML
+  AUTHORS                 information about the author of PCRE
+  ChangeLog               log of changes to the code
+  CleanTxt                script to clean nroff output for txt man pages
+  Detrail                 script to remove trailing spaces
+  HACKING                 some notes about the internals of PCRE
+  INSTALL                 generic installation instructions
+  LICENCE                 conditions for the use of PCRE
+  COPYING                 the same, using GNU's standard name
+  Makefile.in             ) template for Unix Makefile, which is built by
+                          )   "configure"
+  Makefile.am             ) the automake input that was used to create
+                          )   Makefile.in
+  NEWS                    important changes in this release
+  NON-UNIX-USE            the previous name for NON-AUTOTOOLS-BUILD
+  NON-AUTOTOOLS-BUILD     notes on building PCRE without using autotools
+  PrepareRelease          script to make preparations for "make dist"
+  README                  this file
+  RunTest                 a Unix shell script for running tests
+  RunGrepTest             a Unix shell script for pcregrep tests
+  aclocal.m4              m4 macros (generated by "aclocal")
+  config.guess            ) files used by libtool,
+  config.sub              )   used only when building a shared library
+  configure               a configuring shell script (built by autoconf)
+  configure.ac            ) the autoconf input that was used to build
+                          )   "configure" and config.h
+  depcomp                 ) script to find program dependencies, generated by
+                          )   automake
+  doc/*.3                 man page sources for PCRE
+  doc/*.1                 man page sources for pcregrep and pcretest
+  doc/index.html.src      the base HTML page
+  doc/html/*              HTML documentation
+  doc/pcre.txt            plain text version of the man pages
+  doc/pcretest.txt        plain text documentation of test program
+  doc/perltest.txt        plain text documentation of Perl test program
+  install-sh              a shell script for installing files
+  libpcre16.pc.in         template for libpcre16.pc for pkg-config
+  libpcre32.pc.in         template for libpcre32.pc for pkg-config
+  libpcre.pc.in           template for libpcre.pc for pkg-config
+  libpcreposix.pc.in      template for libpcreposix.pc for pkg-config
+  libpcrecpp.pc.in        template for libpcrecpp.pc for pkg-config
+  ltmain.sh               file used to build a libtool script
+  missing                 ) common stub for a few missing GNU programs while
+                          )   installing, generated by automake
+  mkinstalldirs           script for making install directories
+  perltest.pl             Perl test program
+  pcre-config.in          source of script which retains PCRE information
+  pcre_jit_test.c         test program for the JIT compiler
+  pcrecpp_unittest.cc          )
+  pcre_scanner_unittest.cc     ) test programs for the C++ wrapper
+  pcre_stringpiece_unittest.cc )
+  testdata/testinput*     test data for main library tests
+  testdata/testoutput*    expected test results
+  testdata/grep*          input and output for pcregrep tests
+  testdata/*              other supporting test files
+
+(D) Auxiliary files for cmake support
+
+  cmake/COPYING-CMAKE-SCRIPTS
+  cmake/FindPackageHandleStandardArgs.cmake
+  cmake/FindEditline.cmake
+  cmake/FindReadline.cmake
+  CMakeLists.txt
+  config-cmake.h.in
+
+(E) Auxiliary files for VPASCAL
+
+  makevp.bat
+  makevp_c.txt
+  makevp_l.txt
+  pcregexp.pas
+
+(F) Auxiliary files for building PCRE "by hand"
+
+  pcre.h.generic          ) a version of the public PCRE header file
+                          )   for use in non-"configure" environments
+  config.h.generic        ) a version of config.h for use in non-"configure"
+                          )   environments
+
+(F) Miscellaneous
+
+  RunTest.bat            a script for running tests under Windows
+
+Philip Hazel
+Email local part: ph10
+Email domain: cam.ac.uk
+Last updated: 10 February 2015
diff --git a/client/3rd/ShadowSocks/ShadowSocks/pcre/armv7/share/doc/pcre/html/NON-AUTOTOOLS-BUILD.txt b/client/3rd/ShadowSocks/ShadowSocks/pcre/armv7/share/doc/pcre/html/NON-AUTOTOOLS-BUILD.txt
new file mode 100644
index 00000000..39100591
--- /dev/null
+++ b/client/3rd/ShadowSocks/ShadowSocks/pcre/armv7/share/doc/pcre/html/NON-AUTOTOOLS-BUILD.txt
@@ -0,0 +1,772 @@
+Building PCRE without using autotools
+-------------------------------------
+
+NOTE: This document relates to PCRE releases that use the original API, with
+library names libpcre, libpcre16, and libpcre32. January 2015 saw the first
+release of a new API, known as PCRE2, with release numbers starting at 10.00
+and library names libpcre2-8, libpcre2-16, and libpcre2-32. The old libraries
+(now called PCRE1) are still being maintained for bug fixes, but there will be
+no new development. New projects are advised to use the new PCRE2 libraries.
+
+
+This document contains the following sections:
+
+  General
+  Generic instructions for the PCRE C library
+  The C++ wrapper functions
+  Building for virtual Pascal
+  Stack size in Windows environments
+  Linking programs in Windows environments
+  Calling conventions in Windows environments
+  Comments about Win32 builds
+  Building PCRE on Windows with CMake
+  Use of relative paths with CMake on Windows
+  Testing with RunTest.bat
+  Building under Windows CE with Visual Studio 200x
+  Building under Windows with BCC5.5
+  Building using Borland C++ Builder 2007 (CB2007) and higher
+  Building PCRE on OpenVMS
+  Building PCRE on Stratus OpenVOS
+  Building PCRE on native z/OS and z/VM
+
+
+GENERAL
+
+I (Philip Hazel) have no experience of Windows or VMS sytems and how their
+libraries work. The items in the PCRE distribution and Makefile that relate to
+anything other than Linux systems are untested by me.
+
+There are some other comments and files (including some documentation in CHM
+format) in the Contrib directory on the FTP site:
+
+  ftp://ftp.csx.cam.ac.uk/pub/software/programming/pcre/Contrib
+
+The basic PCRE library consists entirely of code written in Standard C, and so
+should compile successfully on any system that has a Standard C compiler and
+library. The C++ wrapper functions are a separate issue (see below).
+
+The PCRE distribution includes a "configure" file for use by the configure/make
+(autotools) build system, as found in many Unix-like environments. The README
+file contains information about the options for "configure".
+
+There is also support for CMake, which some users prefer, especially in Windows
+environments, though it can also be run in Unix-like environments. See the
+section entitled "Building PCRE on Windows with CMake" below.
+
+Versions of config.h and pcre.h are distributed in the PCRE tarballs under the
+names config.h.generic and pcre.h.generic. These are provided for those who
+build PCRE without using "configure" or CMake. If you use "configure" or CMake,
+the .generic versions are not used.
+
+
+GENERIC INSTRUCTIONS FOR THE PCRE C LIBRARY
+
+The following are generic instructions for building the PCRE C library "by
+hand". If you are going to use CMake, this section does not apply to you; you
+can skip ahead to the CMake section.
+
+ (1) Copy or rename the file config.h.generic as config.h, and edit the macro
+     settings that it contains to whatever is appropriate for your environment.
+
+     In particular, you can alter the definition of the NEWLINE macro to
+     specify what character(s) you want to be interpreted as line terminators.
+     In an EBCDIC environment, you MUST change NEWLINE, because its default
+     value is 10, an ASCII LF. The usual EBCDIC newline character is 21 (0x15,
+     NL), though in some cases it may be 37 (0x25).
+
+     When you compile any of the PCRE modules, you must specify -DHAVE_CONFIG_H
+     to your compiler so that config.h is included in the sources.
+
+     An alternative approach is not to edit config.h, but to use -D on the
+     compiler command line to make any changes that you need to the
+     configuration options. In this case -DHAVE_CONFIG_H must not be set.
+
+     NOTE: There have been occasions when the way in which certain parameters
+     in config.h are used has changed between releases. (In the configure/make
+     world, this is handled automatically.) When upgrading to a new release,
+     you are strongly advised to review config.h.generic before re-using what
+     you had previously.
+
+ (2) Copy or rename the file pcre.h.generic as pcre.h.
+
+ (3) EITHER:
+       Copy or rename file pcre_chartables.c.dist as pcre_chartables.c.
+
+     OR:
+       Compile dftables.c as a stand-alone program (using -DHAVE_CONFIG_H if
+       you have set up config.h), and then run it with the single argument
+       "pcre_chartables.c". This generates a set of standard character tables
+       and writes them to that file. The tables are generated using the default
+       C locale for your system. If you want to use a locale that is specified
+       by LC_xxx environment variables, add the -L option to the dftables
+       command. You must use this method if you are building on a system that
+       uses EBCDIC code.
+
+     The tables in pcre_chartables.c are defaults. The caller of PCRE can
+     specify alternative tables at run time.
+
+ (4) Ensure that you have the following header files:
+
+       pcre_internal.h
+       ucp.h
+
+ (5) For an 8-bit library, compile the following source files, setting
+     -DHAVE_CONFIG_H as a compiler option if you have set up config.h with your
+     configuration, or else use other -D settings to change the configuration
+     as required.
+
+       pcre_byte_order.c
+       pcre_chartables.c
+       pcre_compile.c
+       pcre_config.c
+       pcre_dfa_exec.c
+       pcre_exec.c
+       pcre_fullinfo.c
+       pcre_get.c
+       pcre_globals.c
+       pcre_jit_compile.c
+       pcre_maketables.c
+       pcre_newline.c
+       pcre_ord2utf8.c
+       pcre_refcount.c
+       pcre_string_utils.c
+       pcre_study.c
+       pcre_tables.c
+       pcre_ucd.c
+       pcre_valid_utf8.c
+       pcre_version.c
+       pcre_xclass.c
+
+     Make sure that you include -I. in the compiler command (or equivalent for
+     an unusual compiler) so that all included PCRE header files are first
+     sought in the current directory. Otherwise you run the risk of picking up
+     a previously-installed file from somewhere else.
+
+     Note that you must still compile pcre_jit_compile.c, even if you have not
+     defined SUPPORT_JIT in config.h, because when JIT support is not
+     configured, dummy functions are compiled. When JIT support IS configured,
+     pcre_jit_compile.c #includes sources from the sljit subdirectory, where
+     there should be 16 files, all of whose names begin with "sljit".
+
+ (6) Now link all the compiled code into an object library in whichever form
+     your system keeps such libraries. This is the basic PCRE C 8-bit library.
+     If your system has static and shared libraries, you may have to do this
+     once for each type.
+
+ (7) If you want to build a 16-bit library (as well as, or instead of the 8-bit
+     or 32-bit libraries) repeat steps 5-6 with the following files:
+
+       pcre16_byte_order.c
+       pcre16_chartables.c
+       pcre16_compile.c
+       pcre16_config.c
+       pcre16_dfa_exec.c
+       pcre16_exec.c
+       pcre16_fullinfo.c
+       pcre16_get.c
+       pcre16_globals.c
+       pcre16_jit_compile.c
+       pcre16_maketables.c
+       pcre16_newline.c
+       pcre16_ord2utf16.c
+       pcre16_refcount.c
+       pcre16_string_utils.c
+       pcre16_study.c
+       pcre16_tables.c
+       pcre16_ucd.c
+       pcre16_utf16_utils.c
+       pcre16_valid_utf16.c
+       pcre16_version.c
+       pcre16_xclass.c
+
+ (8) If you want to build a 32-bit library (as well as, or instead of the 8-bit
+     or 16-bit libraries) repeat steps 5-6 with the following files:
+
+       pcre32_byte_order.c
+       pcre32_chartables.c
+       pcre32_compile.c
+       pcre32_config.c
+       pcre32_dfa_exec.c
+       pcre32_exec.c
+       pcre32_fullinfo.c
+       pcre32_get.c
+       pcre32_globals.c
+       pcre32_jit_compile.c
+       pcre32_maketables.c
+       pcre32_newline.c
+       pcre32_ord2utf32.c
+       pcre32_refcount.c
+       pcre32_string_utils.c
+       pcre32_study.c
+       pcre32_tables.c
+       pcre32_ucd.c
+       pcre32_utf32_utils.c
+       pcre32_valid_utf32.c
+       pcre32_version.c
+       pcre32_xclass.c
+
+ (9) If you want to build the POSIX wrapper functions (which apply only to the
+     8-bit library), ensure that you have the pcreposix.h file and then compile
+     pcreposix.c (remembering -DHAVE_CONFIG_H if necessary). Link the result
+     (on its own) as the pcreposix library.
+
+(10) The pcretest program can be linked with any combination of the 8-bit,
+     16-bit and 32-bit libraries (depending on what you selected in config.h).
+     Compile pcretest.c and pcre_printint.c (again, don't forget
+     -DHAVE_CONFIG_H) and link them together with the appropriate library/ies.
+     If you compiled an 8-bit library, pcretest also needs the pcreposix
+     wrapper library unless you compiled it with -DNOPOSIX.
+
+(11) Run pcretest on the testinput files in the testdata directory, and check
+     that the output matches the corresponding testoutput files. There are
+     comments about what each test does in the section entitled "Testing PCRE"
+     in the README file. If you compiled more than one of the 8-bit, 16-bit and
+     32-bit libraries, you need to run pcretest with the -16 option to do
+     16-bit tests and with the -32 option to do 32-bit tests.
+
+     Some tests are relevant only when certain build-time options are selected.
+     For example, test 4 is for UTF-8/UTF-16/UTF-32 support, and will not run
+     if you have built PCRE without it. See the comments at the start of each
+     testinput file. If you have a suitable Unix-like shell, the RunTest script
+     will run the appropriate tests for you. The command "RunTest list" will
+     output a list of all the tests.
+
+     Note that the supplied files are in Unix format, with just LF characters
+     as line terminators. You may need to edit them to change this if your
+     system uses a different convention. If you are using Windows, you probably
+     should use the wintestinput3 file instead of testinput3 (and the
+     corresponding output file). This is a locale test; wintestinput3 sets the
+     locale to "french" rather than "fr_FR", and there some minor output
+     differences.
+
+(12) If you have built PCRE with SUPPORT_JIT, the JIT features will be tested
+     by the testdata files. However, you might also like to build and run
+     the freestanding JIT test program, pcre_jit_test.c.
+
+(13) If you want to use the pcregrep command, compile and link pcregrep.c; it
+     uses only the basic 8-bit PCRE library (it does not need the pcreposix
+     library).
+
+
+THE C++ WRAPPER FUNCTIONS
+
+The PCRE distribution also contains some C++ wrapper functions and tests,
+applicable to the 8-bit library, which were contributed by Google Inc. On a
+system that can use "configure" and "make", the functions are automatically
+built into a library called pcrecpp. It should be straightforward to compile
+the .cc files manually on other systems. The files called xxx_unittest.cc are
+test programs for each of the corresponding xxx.cc files.
+
+
+BUILDING FOR VIRTUAL PASCAL
+
+A script for building PCRE using Borland's C++ compiler for use with VPASCAL
+was contributed by Alexander Tokarev. Stefan Weber updated the script and added
+additional files. The following files in the distribution are for building PCRE
+for use with VP/Borland: makevp_c.txt, makevp_l.txt, makevp.bat, pcregexp.pas.
+
+
+STACK SIZE IN WINDOWS ENVIRONMENTS
+
+The default processor stack size of 1Mb in some Windows environments is too
+small for matching patterns that need much recursion. In particular, test 2 may
+fail because of this. Normally, running out of stack causes a crash, but there
+have been cases where the test program has just died silently. See your linker
+documentation for how to increase stack size if you experience problems. The
+Linux default of 8Mb is a reasonable choice for the stack, though even that can
+be too small for some pattern/subject combinations.
+
+PCRE has a compile configuration option to disable the use of stack for
+recursion so that heap is used instead. However, pattern matching is
+significantly slower when this is done. There is more about stack usage in the
+"pcrestack" documentation.
+
+
+LINKING PROGRAMS IN WINDOWS ENVIRONMENTS
+
+If you want to statically link a program against a PCRE library in the form of
+a non-dll .a file, you must define PCRE_STATIC before including pcre.h or
+pcrecpp.h, otherwise the pcre_malloc() and pcre_free() exported functions will
+be declared __declspec(dllimport), with unwanted results.
+
+
+CALLING CONVENTIONS IN WINDOWS ENVIRONMENTS
+
+It is possible to compile programs to use different calling conventions using
+MSVC. Search the web for "calling conventions" for more information. To make it
+easier to change the calling convention for the exported functions in the
+PCRE library, the macro PCRE_CALL_CONVENTION is present in all the external
+definitions. It can be set externally when compiling (e.g. in CFLAGS). If it is
+not set, it defaults to empty; the default calling convention is then used
+(which is what is wanted most of the time).
+
+
+COMMENTS ABOUT WIN32 BUILDS (see also "BUILDING PCRE ON WINDOWS WITH CMAKE")
+
+There are two ways of building PCRE using the "configure, make, make install"
+paradigm on Windows systems: using MinGW or using Cygwin. These are not at all
+the same thing; they are completely different from each other. There is also
+support for building using CMake, which some users find a more straightforward
+way of building PCRE under Windows.
+
+The MinGW home page (http://www.mingw.org/) says this:
+
+  MinGW: A collection of freely available and freely distributable Windows
+  specific header files and import libraries combined with GNU toolsets that
+  allow one to produce native Windows programs that do not rely on any
+  3rd-party C runtime DLLs.
+
+The Cygwin home page (http://www.cygwin.com/) says this:
+
+  Cygwin is a Linux-like environment for Windows. It consists of two parts:
+
+  . A DLL (cygwin1.dll) which acts as a Linux API emulation layer providing
+    substantial Linux API functionality
+
+  . A collection of tools which provide Linux look and feel.
+
+  The Cygwin DLL currently works with all recent, commercially released x86 32
+  bit and 64 bit versions of Windows, with the exception of Windows CE.
+
+On both MinGW and Cygwin, PCRE should build correctly using:
+
+  ./configure && make && make install
+
+This should create two libraries called libpcre and libpcreposix, and, if you
+have enabled building the C++ wrapper, a third one called libpcrecpp. These are
+independent libraries: when you link with libpcreposix or libpcrecpp you must
+also link with libpcre, which contains the basic functions. (Some earlier
+releases of PCRE included the basic libpcre functions in libpcreposix. This no
+longer happens.)
+
+A user submitted a special-purpose patch that makes it easy to create
+"pcre.dll" under mingw32 using the "msys" environment. It provides "pcre.dll"
+as a special target. If you use this target, no other files are built, and in
+particular, the pcretest and pcregrep programs are not built. An example of how
+this might be used is:
+
+  ./configure --enable-utf --disable-cpp CFLAGS="-03 -s"; make pcre.dll
+
+Using Cygwin's compiler generates libraries and executables that depend on
+cygwin1.dll. If a library that is generated this way is distributed,
+cygwin1.dll has to be distributed as well. Since cygwin1.dll is under the GPL
+licence, this forces not only PCRE to be under the GPL, but also the entire
+application. A distributor who wants to keep their own code proprietary must
+purchase an appropriate Cygwin licence.
+
+MinGW has no such restrictions. The MinGW compiler generates a library or
+executable that can run standalone on Windows without any third party dll or
+licensing issues.
+
+But there is more complication:
+
+If a Cygwin user uses the -mno-cygwin Cygwin gcc flag, what that really does is
+to tell Cygwin's gcc to use the MinGW gcc. Cygwin's gcc is only acting as a
+front end to MinGW's gcc (if you install Cygwin's gcc, you get both Cygwin's
+gcc and MinGW's gcc). So, a user can:
+
+. Build native binaries by using MinGW or by getting Cygwin and using
+  -mno-cygwin.
+
+. Build binaries that depend on cygwin1.dll by using Cygwin with the normal
+  compiler flags.
+
+The test files that are supplied with PCRE are in UNIX format, with LF
+characters as line terminators. Unless your PCRE library uses a default newline
+option that includes LF as a valid newline, it may be necessary to change the
+line terminators in the test files to get some of the tests to work.
+
+
+BUILDING PCRE ON WINDOWS WITH CMAKE
+
+CMake is an alternative configuration facility that can be used instead of
+"configure". CMake creates project files (make files, solution files, etc.)
+tailored to numerous development environments, including Visual Studio,
+Borland, Msys, MinGW, NMake, and Unix. If possible, use short paths with no
+spaces in the names for your CMake installation and your PCRE source and build
+directories.
+
+The following instructions were contributed by a PCRE user. If they are not
+followed exactly, errors may occur. In the event that errors do occur, it is
+recommended that you delete the CMake cache before attempting to repeat the
+CMake build process. In the CMake GUI, the cache can be deleted by selecting
+"File > Delete Cache".
+
+1.  Install the latest CMake version available from http://www.cmake.org/, and
+    ensure that cmake\bin is on your path.
+
+2.  Unzip (retaining folder structure) the PCRE source tree into a source
+    directory such as C:\pcre. You should ensure your local date and time
+    is not earlier than the file dates in your source dir if the release is
+    very new.
+
+3.  Create a new, empty build directory, preferably a subdirectory of the
+    source dir. For example, C:\pcre\pcre-xx\build.
+
+4.  Run cmake-gui from the Shell envirornment of your build tool, for example,
+    Msys for Msys/MinGW or Visual Studio Command Prompt for VC/VC++. Do not try
+    to start Cmake from the Windows Start menu, as this can lead to errors.
+
+5.  Enter C:\pcre\pcre-xx and C:\pcre\pcre-xx\build for the source and build
+    directories, respectively.
+
+6.  Hit the "Configure" button.
+
+7.  Select the particular IDE / build tool that you are using (Visual
+    Studio, MSYS makefiles, MinGW makefiles, etc.)
+
+8.  The GUI will then list several configuration options. This is where
+    you can enable UTF-8 support or other PCRE optional features.
+
+9.  Hit "Configure" again. The adjacent "Generate" button should now be
+    active.
+
+10. Hit "Generate".
+
+11. The build directory should now contain a usable build system, be it a
+    solution file for Visual Studio, makefiles for MinGW, etc. Exit from
+    cmake-gui and use the generated build system with your compiler or IDE.
+    E.g., for MinGW you can run "make", or for Visual Studio, open the PCRE
+    solution, select the desired configuration (Debug, or Release, etc.) and
+    build the ALL_BUILD project.
+
+12. If during configuration with cmake-gui you've elected to build the test
+    programs, you can execute them by building the test project. E.g., for
+    MinGW: "make test"; for Visual Studio build the RUN_TESTS project. The
+    most recent build configuration is targeted by the tests. A summary of
+    test results is presented. Complete test output is subsequently
+    available for review in Testing\Temporary under your build dir.
+
+
+USE OF RELATIVE PATHS WITH CMAKE ON WINDOWS
+
+A PCRE user comments as follows: I thought that others may want to know the
+current state of CMAKE_USE_RELATIVE_PATHS support on Windows. Here it is:
+
+-- AdditionalIncludeDirectories is only partially modified (only the
+   first path - see below)
+-- Only some of the contained file paths are modified - shown below for
+   pcre.vcproj
+-- It properly modifies
+
+I am sure CMake people can fix that if they want to. Until then one will
+need to replace existing absolute paths in project files with relative
+paths manually (e.g. from VS) - relative to project file location. I did
+just that before being told to try CMAKE_USE_RELATIVE_PATHS. Not a big
+deal.
+
+AdditionalIncludeDirectories="E:\builds\pcre\build;E:\builds\pcre\pcre-7.5;"
+AdditionalIncludeDirectories=".;E:\builds\pcre\pcre-7.5;"
+
+RelativePath="pcre.h"
+RelativePath="pcre_chartables.c"
+RelativePath="pcre_chartables.c.rule"
+
+
+TESTING WITH RUNTEST.BAT
+
+If configured with CMake, building the test project ("make test" or building
+ALL_TESTS in Visual Studio) creates (and runs) pcre_test.bat (and depending
+on your configuration options, possibly other test programs) in the build
+directory. Pcre_test.bat runs RunTest.Bat with correct source and exe paths.
+
+For manual testing with RunTest.bat, provided the build dir is a subdirectory
+of the source directory: Open command shell window. Chdir to the location
+of your pcretest.exe and pcregrep.exe programs. Call RunTest.bat with
+"..\RunTest.Bat" or "..\..\RunTest.bat" as appropriate.
+
+To run only a particular test with RunTest.Bat provide a test number argument.
+
+Otherwise:
+
+1. Copy RunTest.bat into the directory where pcretest.exe and pcregrep.exe
+   have been created.
+
+2. Edit RunTest.bat to indentify the full or relative location of
+   the pcre source (wherein which the testdata folder resides), e.g.:
+
+   set srcdir=C:\pcre\pcre-8.20
+
+3. In a Windows command environment, chdir to the location of your bat and
+   exe programs.
+
+4. Run RunTest.bat. Test outputs will automatically be compared to expected
+   results, and discrepancies will be identified in the console output.
+
+To independently test the just-in-time compiler, run pcre_jit_test.exe.
+To test pcrecpp, run pcrecpp_unittest.exe, pcre_stringpiece_unittest.exe and
+pcre_scanner_unittest.exe.
+
+
+BUILDING UNDER WINDOWS CE WITH VISUAL STUDIO 200x
+
+Vincent Richomme sent a zip archive of files to help with this process. They
+can be found in the file "pcre-vsbuild.zip" in the Contrib directory of the FTP
+site.
+
+
+BUILDING UNDER WINDOWS WITH BCC5.5
+
+Michael Roy sent these comments about building PCRE under Windows with BCC5.5:
+
+Some of the core BCC libraries have a version of PCRE from 1998 built in, which
+can lead to pcre_exec() giving an erroneous PCRE_ERROR_NULL from a version
+mismatch. I'm including an easy workaround below, if you'd like to include it
+in the non-unix instructions:
+
+When linking a project with BCC5.5, pcre.lib must be included before any of the
+libraries cw32.lib, cw32i.lib, cw32mt.lib, and cw32mti.lib on the command line.
+
+
+BUILDING USING BORLAND C++ BUILDER 2007 (CB2007) AND HIGHER
+
+A PCRE user sent these comments about this environment (see also the comment
+from another user that follows them):
+
+The XE versions of C++ Builder come with a RegularExpressionsCore class which
+contain a version of TPerlRegEx. However, direct use of the C PCRE library may
+be desirable.
+
+The default makevp.bat, however, supplied with PCRE builds a version of PCRE
+that is not usable with any version of C++ Builder because the compiler ships
+with an embedded version of PCRE, version 2.01 from 1998! [See also the note
+about BCC5.5 above.] If you want to use PCRE you'll need to rename the
+functions (pcre_compile to pcre_compile_bcc, etc) or do as I have done and just
+use the 16 bit versions. I'm using std::wstring everywhere anyway. Since the
+embedded version of PCRE does not have the 16 bit function names, there is no
+conflict.
+
+Building PCRE using a C++ Builder static library project file (recommended):
+
+1. Rename or remove pcre.h, pcreposi.h, and pcreposix.h from your C++ Builder
+original include path.
+
+2. Download PCRE from pcre.org and extract to a directory.
+
+3. Rename pcre_chartables.c.dist to pcre_chartables.c, pcre.h.generic to
+pcre.h, and config.h.generic to config.h.
+
+4. Edit pcre.h and pcre_config.c so that they include config.h.
+
+5. Edit config.h like so:
+
+Comment out the following lines:
+#define PACKAGE "pcre"
+#define PACKAGE_BUGREPORT ""
+#define PACKAGE_NAME "PCRE"
+#define PACKAGE_STRING "PCRE 8.32"
+#define PACKAGE_TARNAME "pcre"
+#define PACKAGE_URL ""
+#define PACKAGE_VERSION "8.32"
+
+Add the following lines:
+#ifndef SUPPORT_UTF
+#define SUPPORT_UTF 100 // any value is fine
+#endif
+
+#ifndef SUPPORT_UCP
+#define SUPPORT_UCP 101 // any value is fine
+#endif
+
+#ifndef SUPPORT_UCP
+#define SUPPORT_PCRE16 102 // any value is fine
+#endif
+
+#ifndef SUPPORT_UTF8
+#define SUPPORT_UTF8 103 // any value is fine
+#endif
+
+6. Build a C++ Builder project using the IDE. Go to File / New / Other and
+choose Static Library. You can name it pcre.cbproj or whatever. Now set your
+paths by going to Project / Options. Set the Include path. Do this from the
+"Base" option to apply to both Release and Debug builds. Now add the following
+files to the project:
+
+pcre.h
+pcre16_byte_order.c
+pcre16_chartables.c
+pcre16_compile.c
+pcre16_config.c
+pcre16_dfa_exec.c
+pcre16_exec.c
+pcre16_fullinfo.c
+pcre16_get.c
+pcre16_globals.c
+pcre16_maketables.c
+pcre16_newline.c
+pcre16_ord2utf16.c
+pcre16_printint.c
+pcre16_refcount.c
+pcre16_string_utils.c
+pcre16_study.c
+pcre16_tables.c
+pcre16_ucd.c
+pcre16_utf16_utils.c
+pcre16_valid_utf16.c
+pcre16_version.c
+pcre16_xclass.c
+
+//Optional
+pcre_version.c
+
+7. After compiling the .lib file, copy the .lib and header files to a project
+you want to use PCRE with. Enjoy.
+
+Optional ... Building PCRE using the makevp.bat file:
+
+1. Edit makevp_c.txt and makevp_l.txt and change all the names to the 16 bit
+versions.
+
+2. Edit makevp.bat and set the path to C++ Builder. Run makevp.bat.
+
+Another PCRE user added this comment:
+
+Another approach I successfully used for some years with BCB 5 and 6 was to
+make sure that include and library paths of PCRE are configured before the
+default paths of the IDE in the dialogs where one can manage those paths.
+Afterwards one can open the project files using a text editor and manually add
+the self created library for pcre itself, pcrecpp doesn't ship with the IDE, in
+the library nodes where the IDE manages its own libraries to link against in
+front of the IDE-own libraries. This way one can use the default PCRE function
+names without getting access violations on runtime.
+
+  <ALLLIB value="libpcre.lib $(LIBFILES) $(LIBRARIES) import32.lib cp32mt.lib"/>
+
+
+BUILDING PCRE ON OPENVMS
+
+Stephen Hoffman sent the following, in December 2012:
+
+"Here <http://labs.hoffmanlabs.com/node/1847> is a very short write-up on the
+OpenVMS port and here
+
+<http://labs.hoffmanlabs.com/labsnotes/pcre-vms-8_32.zip>
+
+is a zip with the OpenVMS files, and with one modified testing-related PCRE
+file." This is a port of PCRE 8.32.
+
+Earlier, Dan Mooney sent the following comments about building PCRE on OpenVMS.
+They relate to an older version of PCRE that used fewer source files, so the
+exact commands will need changing. See the current list of source files above.
+
+"It was quite easy to compile and link the library. I don't have a formal
+make file but the attached file [reproduced below] contains the OpenVMS DCL
+commands I used to build the library. I had to add #define
+POSIX_MALLOC_THRESHOLD 10 to pcre.h since it was not defined anywhere.
+
+The library was built on:
+O/S: HP OpenVMS v7.3-1
+Compiler: Compaq C v6.5-001-48BCD
+Linker: vA13-01
+
+The test results did not match 100% due to the issues you mention in your
+documentation regarding isprint(), iscntrl(), isgraph() and ispunct(). I
+modified some of the character tables temporarily and was able to get the
+results to match. Tests using the fr locale did not match since I don't have
+that locale loaded. The study size was always reported to be 3 less than the
+value in the standard test output files."
+
+=========================
+$! This DCL procedure builds PCRE on OpenVMS
+$!
+$! I followed the instructions in the non-unix-use file in the distribution.
+$!
+$ COMPILE == "CC/LIST/NOMEMBER_ALIGNMENT/PREFIX_LIBRARY_ENTRIES=ALL_ENTRIES
+$ COMPILE DFTABLES.C
+$ LINK/EXE=DFTABLES.EXE DFTABLES.OBJ
+$ RUN DFTABLES.EXE/OUTPUT=CHARTABLES.C
+$ COMPILE MAKETABLES.C
+$ COMPILE GET.C
+$ COMPILE STUDY.C
+$! I had to set POSIX_MALLOC_THRESHOLD to 10 in PCRE.H since the symbol
+$! did not seem to be defined anywhere.
+$! I edited pcre.h and added #DEFINE SUPPORT_UTF8 to enable UTF8 support.
+$ COMPILE PCRE.C
+$ LIB/CREATE PCRE MAKETABLES.OBJ, GET.OBJ, STUDY.OBJ, PCRE.OBJ
+$! I had to set POSIX_MALLOC_THRESHOLD to 10 in PCRE.H since the symbol
+$! did not seem to be defined anywhere.
+$ COMPILE PCREPOSIX.C
+$ LIB/CREATE PCREPOSIX PCREPOSIX.OBJ
+$ COMPILE PCRETEST.C
+$ LINK/EXE=PCRETEST.EXE PCRETEST.OBJ, PCRE/LIB, PCREPOSIX/LIB
+$! C programs that want access to command line arguments must be
+$! defined as a symbol
+$ PCRETEST :== "$ SYS$ROADSUSERS:[DMOONEY.REGEXP]PCRETEST.EXE"
+$! Arguments must be enclosed in quotes.
+$ PCRETEST "-C"
+$! Test results:
+$!
+$!   The test results did not match 100%. The functions isprint(), iscntrl(),
+$!   isgraph() and ispunct() on OpenVMS must not produce the same results
+$!   as the system that built the test output files provided with the
+$!   distribution.
+$!
+$!   The study size did not match and was always 3 less on OpenVMS.
+$!
+$!   Locale could not be set to fr
+$!
+=========================
+
+
+BUILDING PCRE ON STRATUS OPENVOS
+
+These notes on the port of PCRE to VOS (lightly edited) were supplied by
+Ashutosh Warikoo, whose email address has the local part awarikoo and the
+domain nse.co.in. The port was for version 7.9 in August 2009.
+
+1.   Building PCRE
+
+I built pcre on OpenVOS Release 17.0.1at using GNU Tools 3.4a without any
+problems. I used the following packages to build PCRE:
+
+  ftp://ftp.stratus.com/pub/vos/posix/ga/posix.save.evf.gz
+
+Please read and follow the instructions that come with these packages. To start
+the build of pcre, from the root of the package type:
+
+  ./build.sh
+
+2. Installing PCRE
+
+Once you have successfully built PCRE, login to the SysAdmin group, switch to
+the root user, and type
+
+  [ !create_dir (master_disk)>usr   --if needed ]
+  [ !create_dir (master_disk)>usr>local   --if needed ]
+    !gmake install
+
+This installs PCRE and its man pages into /usr/local. You can add
+(master_disk)>usr>local>bin to your command search paths, or if you are in
+BASH, add /usr/local/bin to the PATH environment variable.
+
+4. Restrictions
+
+This port requires readline library optionally. However during the build I
+faced some yet unexplored errors while linking with readline. As it was an
+optional component I chose to disable it.
+
+5. Known Problems
+
+I ran the test suite, but you will have to be your own judge of whether this
+command, and this port, suits your purposes. If you find any problems that
+appear to be related to the port itself, please let me know. Please see the
+build.log file in the root of the package also.
+
+
+BUILDING PCRE ON NATIVE Z/OS AND Z/VM
+
+z/OS and z/VM are operating systems for mainframe computers, produced by IBM.
+The character code used is EBCDIC, not ASCII or Unicode. In z/OS, UNIX APIs and
+applications can be supported through UNIX System Services, and in such an
+environment PCRE can be built in the same way as in other systems. However, in
+native z/OS (without UNIX System Services) and in z/VM, special ports are
+required. For details, please see this web site:
+
+  http://www.zaconsultants.net
+
+You may download PCRE from WWW.CBTTAPE.ORG, file 882.  Everything, source and
+executable, is in EBCDIC and native z/OS file formats and this is the
+recommended download site.
+
+==========================
+Last Updated: 25 June 2015
diff --git a/client/3rd/ShadowSocks/ShadowSocks/pcre/armv7/share/doc/pcre/html/README.txt b/client/3rd/ShadowSocks/ShadowSocks/pcre/armv7/share/doc/pcre/html/README.txt
new file mode 100644
index 00000000..4887ebf3
--- /dev/null
+++ b/client/3rd/ShadowSocks/ShadowSocks/pcre/armv7/share/doc/pcre/html/README.txt
@@ -0,0 +1,1002 @@
+README file for PCRE (Perl-compatible regular expression library)
+-----------------------------------------------------------------
+
+NOTE: This set of files relates to PCRE releases that use the original API,
+with library names libpcre, libpcre16, and libpcre32. January 2015 saw the
+first release of a new API, known as PCRE2, with release numbers starting at
+10.00 and library names libpcre2-8, libpcre2-16, and libpcre2-32. The old
+libraries (now called PCRE1) are still being maintained for bug fixes, but
+there will be no new development. New projects are advised to use the new PCRE2
+libraries.
+
+
+The latest release of PCRE1 is always available in three alternative formats
+from:
+
+  ftp://ftp.csx.cam.ac.uk/pub/software/programming/pcre/pcre-xxx.tar.gz
+  ftp://ftp.csx.cam.ac.uk/pub/software/programming/pcre/pcre-xxx.tar.bz2
+  ftp://ftp.csx.cam.ac.uk/pub/software/programming/pcre/pcre-xxx.zip
+
+There is a mailing list for discussion about the development of PCRE at
+pcre-dev@exim.org. You can access the archives and subscribe or manage your
+subscription here:
+
+   https://lists.exim.org/mailman/listinfo/pcre-dev
+
+Please read the NEWS file if you are upgrading from a previous release.
+The contents of this README file are:
+
+  The PCRE APIs
+  Documentation for PCRE
+  Contributions by users of PCRE
+  Building PCRE on non-Unix-like systems
+  Building PCRE without using autotools
+  Building PCRE using autotools
+  Retrieving configuration information
+  Shared libraries
+  Cross-compiling using autotools
+  Using HP's ANSI C++ compiler (aCC)
+  Compiling in Tru64 using native compilers
+  Using Sun's compilers for Solaris
+  Using PCRE from MySQL
+  Making new tarballs
+  Testing PCRE
+  Character tables
+  File manifest
+
+
+The PCRE APIs
+-------------
+
+PCRE is written in C, and it has its own API. There are three sets of
+functions, one for the 8-bit library, which processes strings of bytes, one for
+the 16-bit library, which processes strings of 16-bit values, and one for the
+32-bit library, which processes strings of 32-bit values. The distribution also
+includes a set of C++ wrapper functions (see the pcrecpp man page for details),
+courtesy of Google Inc., which can be used to call the 8-bit PCRE library from
+C++. Other C++ wrappers have been created from time to time. See, for example:
+https://github.com/YasserAsmi/regexp, which aims to be simple and similar in
+style to the C API.
+
+The distribution also contains a set of C wrapper functions (again, just for
+the 8-bit library) that are based on the POSIX regular expression API (see the
+pcreposix man page). These end up in the library called libpcreposix. Note that
+this just provides a POSIX calling interface to PCRE; the regular expressions
+themselves still follow Perl syntax and semantics. The POSIX API is restricted,
+and does not give full access to all of PCRE's facilities.
+
+The header file for the POSIX-style functions is called pcreposix.h. The
+official POSIX name is regex.h, but I did not want to risk possible problems
+with existing files of that name by distributing it that way. To use PCRE with
+an existing program that uses the POSIX API, pcreposix.h will have to be
+renamed or pointed at by a link.
+
+If you are using the POSIX interface to PCRE and there is already a POSIX regex
+library installed on your system, as well as worrying about the regex.h header
+file (as mentioned above), you must also take care when linking programs to
+ensure that they link with PCRE's libpcreposix library. Otherwise they may pick
+up the POSIX functions of the same name from the other library.
+
+One way of avoiding this confusion is to compile PCRE with the addition of
+-Dregcomp=PCREregcomp (and similarly for the other POSIX functions) to the
+compiler flags (CFLAGS if you are using "configure" -- see below). This has the
+effect of renaming the functions so that the names no longer clash. Of course,
+you have to do the same thing for your applications, or write them using the
+new names.
+
+
+Documentation for PCRE
+----------------------
+
+If you install PCRE in the normal way on a Unix-like system, you will end up
+with a set of man pages whose names all start with "pcre". The one that is just
+called "pcre" lists all the others. In addition to these man pages, the PCRE
+documentation is supplied in two other forms:
+
+  1. There are files called doc/pcre.txt, doc/pcregrep.txt, and
+     doc/pcretest.txt in the source distribution. The first of these is a
+     concatenation of the text forms of all the section 3 man pages except
+     the listing of pcredemo.c and those that summarize individual functions.
+     The other two are the text forms of the section 1 man pages for the
+     pcregrep and pcretest commands. These text forms are provided for ease of
+     scanning with text editors or similar tools. They are installed in
+     <prefix>/share/doc/pcre, where <prefix> is the installation prefix
+     (defaulting to /usr/local).
+
+  2. A set of files containing all the documentation in HTML form, hyperlinked
+     in various ways, and rooted in a file called index.html, is distributed in
+     doc/html and installed in <prefix>/share/doc/pcre/html.
+
+Users of PCRE have contributed files containing the documentation for various
+releases in CHM format. These can be found in the Contrib directory of the FTP
+site (see next section).
+
+
+Contributions by users of PCRE
+------------------------------
+
+You can find contributions from PCRE users in the directory
+
+  ftp://ftp.csx.cam.ac.uk/pub/software/programming/pcre/Contrib
+
+There is a README file giving brief descriptions of what they are. Some are
+complete in themselves; others are pointers to URLs containing relevant files.
+Some of this material is likely to be well out-of-date. Several of the earlier
+contributions provided support for compiling PCRE on various flavours of
+Windows (I myself do not use Windows). Nowadays there is more Windows support
+in the standard distribution, so these contibutions have been archived.
+
+A PCRE user maintains downloadable Windows binaries of the pcregrep and
+pcretest programs here:
+
+  http://www.rexegg.com/pcregrep-pcretest.html
+
+
+Building PCRE on non-Unix-like systems
+--------------------------------------
+
+For a non-Unix-like system, please read the comments in the file
+NON-AUTOTOOLS-BUILD, though if your system supports the use of "configure" and
+"make" you may be able to build PCRE using autotools in the same way as for
+many Unix-like systems.
+
+PCRE can also be configured using the GUI facility provided by CMake's
+cmake-gui command. This creates Makefiles, solution files, etc. The file
+NON-AUTOTOOLS-BUILD has information about CMake.
+
+PCRE has been compiled on many different operating systems. It should be
+straightforward to build PCRE on any system that has a Standard C compiler and
+library, because it uses only Standard C functions.
+
+
+Building PCRE without using autotools
+-------------------------------------
+
+The use of autotools (in particular, libtool) is problematic in some
+environments, even some that are Unix or Unix-like. See the NON-AUTOTOOLS-BUILD
+file for ways of building PCRE without using autotools.
+
+
+Building PCRE using autotools
+-----------------------------
+
+If you are using HP's ANSI C++ compiler (aCC), please see the special note
+in the section entitled "Using HP's ANSI C++ compiler (aCC)" below.
+
+The following instructions assume the use of the widely used "configure; make;
+make install" (autotools) process.
+
+To build PCRE on system that supports autotools, first run the "configure"
+command from the PCRE distribution directory, with your current directory set
+to the directory where you want the files to be created. This command is a
+standard GNU "autoconf" configuration script, for which generic instructions
+are supplied in the file INSTALL.
+
+Most commonly, people build PCRE within its own distribution directory, and in
+this case, on many systems, just running "./configure" is sufficient. However,
+the usual methods of changing standard defaults are available. For example:
+
+CFLAGS='-O2 -Wall' ./configure --prefix=/opt/local
+
+This command specifies that the C compiler should be run with the flags '-O2
+-Wall' instead of the default, and that "make install" should install PCRE
+under /opt/local instead of the default /usr/local.
+
+If you want to build in a different directory, just run "configure" with that
+directory as current. For example, suppose you have unpacked the PCRE source
+into /source/pcre/pcre-xxx, but you want to build it in /build/pcre/pcre-xxx:
+
+cd /build/pcre/pcre-xxx
+/source/pcre/pcre-xxx/configure
+
+PCRE is written in C and is normally compiled as a C library. However, it is
+possible to build it as a C++ library, though the provided building apparatus
+does not have any features to support this.
+
+There are some optional features that can be included or omitted from the PCRE
+library. They are also documented in the pcrebuild man page.
+
+. By default, both shared and static libraries are built. You can change this
+  by adding one of these options to the "configure" command:
+
+  --disable-shared
+  --disable-static
+
+  (See also "Shared libraries on Unix-like systems" below.)
+
+. By default, only the 8-bit library is built. If you add --enable-pcre16 to
+  the "configure" command, the 16-bit library is also built. If you add
+  --enable-pcre32 to the "configure" command, the 32-bit library is also built.
+  If you want only the 16-bit or 32-bit library, use --disable-pcre8 to disable
+  building the 8-bit library.
+
+. If you are building the 8-bit library and want to suppress the building of
+  the C++ wrapper library, you can add --disable-cpp to the "configure"
+  command. Otherwise, when "configure" is run without --disable-pcre8, it will
+  try to find a C++ compiler and C++ header files, and if it succeeds, it will
+  try to build the C++ wrapper.
+
+. If you want to include support for just-in-time compiling, which can give
+  large performance improvements on certain platforms, add --enable-jit to the
+  "configure" command. This support is available only for certain hardware
+  architectures. If you try to enable it on an unsupported architecture, there
+  will be a compile time error.
+
+. When JIT support is enabled, pcregrep automatically makes use of it, unless
+  you add --disable-pcregrep-jit to the "configure" command.
+
+. If you want to make use of the support for UTF-8 Unicode character strings in
+  the 8-bit library, or UTF-16 Unicode character strings in the 16-bit library,
+  or UTF-32 Unicode character strings in the 32-bit library, you must add
+  --enable-utf to the "configure" command. Without it, the code for handling
+  UTF-8, UTF-16 and UTF-8 is not included in the relevant library. Even
+  when --enable-utf is included, the use of a UTF encoding still has to be
+  enabled by an option at run time. When PCRE is compiled with this option, its
+  input can only either be ASCII or UTF-8/16/32, even when running on EBCDIC
+  platforms. It is not possible to use both --enable-utf and --enable-ebcdic at
+  the same time.
+
+. There are no separate options for enabling UTF-8, UTF-16 and UTF-32
+  independently because that would allow ridiculous settings such as requesting
+  UTF-16 support while building only the 8-bit library. However, the option
+  --enable-utf8 is retained for backwards compatibility with earlier releases
+  that did not support 16-bit or 32-bit character strings. It is synonymous with
+  --enable-utf. It is not possible to configure one library with UTF support
+  and the other without in the same configuration.
+
+. If, in addition to support for UTF-8/16/32 character strings, you want to
+  include support for the \P, \p, and \X sequences that recognize Unicode
+  character properties, you must add --enable-unicode-properties to the
+  "configure" command. This adds about 30K to the size of the library (in the
+  form of a property table); only the basic two-letter properties such as Lu
+  are supported.
+
+. You can build PCRE to recognize either CR or LF or the sequence CRLF or any
+  of the preceding, or any of the Unicode newline sequences as indicating the
+  end of a line. Whatever you specify at build time is the default; the caller
+  of PCRE can change the selection at run time. The default newline indicator
+  is a single LF character (the Unix standard). You can specify the default
+  newline indicator by adding --enable-newline-is-cr or --enable-newline-is-lf
+  or --enable-newline-is-crlf or --enable-newline-is-anycrlf or
+  --enable-newline-is-any to the "configure" command, respectively.
+
+  If you specify --enable-newline-is-cr or --enable-newline-is-crlf, some of
+  the standard tests will fail, because the lines in the test files end with
+  LF. Even if the files are edited to change the line endings, there are likely
+  to be some failures. With --enable-newline-is-anycrlf or
+  --enable-newline-is-any, many tests should succeed, but there may be some
+  failures.
+
+. By default, the sequence \R in a pattern matches any Unicode line ending
+  sequence. This is independent of the option specifying what PCRE considers to
+  be the end of a line (see above). However, the caller of PCRE can restrict \R
+  to match only CR, LF, or CRLF. You can make this the default by adding
+  --enable-bsr-anycrlf to the "configure" command (bsr = "backslash R").
+
+. When called via the POSIX interface, PCRE uses malloc() to get additional
+  storage for processing capturing parentheses if there are more than 10 of
+  them in a pattern. You can increase this threshold by setting, for example,
+
+  --with-posix-malloc-threshold=20
+
+  on the "configure" command.
+
+. PCRE has a counter that limits the depth of nesting of parentheses in a
+  pattern. This limits the amount of system stack that a pattern uses when it
+  is compiled. The default is 250, but you can change it by setting, for
+  example,
+
+  --with-parens-nest-limit=500
+
+. PCRE has a counter that can be set to limit the amount of resources it uses
+  when matching a pattern. If the limit is exceeded during a match, the match
+  fails. The default is ten million. You can change the default by setting, for
+  example,
+
+  --with-match-limit=500000
+
+  on the "configure" command. This is just the default; individual calls to
+  pcre_exec() can supply their own value. There is more discussion on the
+  pcreapi man page.
+
+. There is a separate counter that limits the depth of recursive function calls
+  during a matching process. This also has a default of ten million, which is
+  essentially "unlimited". You can change the default by setting, for example,
+
+  --with-match-limit-recursion=500000
+
+  Recursive function calls use up the runtime stack; running out of stack can
+  cause programs to crash in strange ways. There is a discussion about stack
+  sizes in the pcrestack man page.
+
+. The default maximum compiled pattern size is around 64K. You can increase
+  this by adding --with-link-size=3 to the "configure" command. In the 8-bit
+  library, PCRE then uses three bytes instead of two for offsets to different
+  parts of the compiled pattern. In the 16-bit library, --with-link-size=3 is
+  the same as --with-link-size=4, which (in both libraries) uses four-byte
+  offsets. Increasing the internal link size reduces performance. In the 32-bit
+  library, the only supported link size is 4.
+
+. You can build PCRE so that its internal match() function that is called from
+  pcre_exec() does not call itself recursively. Instead, it uses memory blocks
+  obtained from the heap via the special functions pcre_stack_malloc() and
+  pcre_stack_free() to save data that would otherwise be saved on the stack. To
+  build PCRE like this, use
+
+  --disable-stack-for-recursion
+
+  on the "configure" command. PCRE runs more slowly in this mode, but it may be
+  necessary in environments with limited stack sizes. This applies only to the
+  normal execution of the pcre_exec() function; if JIT support is being
+  successfully used, it is not relevant. Equally, it does not apply to
+  pcre_dfa_exec(), which does not use deeply nested recursion. There is a
+  discussion about stack sizes in the pcrestack man page.
+
+. For speed, PCRE uses four tables for manipulating and identifying characters
+  whose code point values are less than 256. By default, it uses a set of
+  tables for ASCII encoding that is part of the distribution. If you specify
+
+  --enable-rebuild-chartables
+
+  a program called dftables is compiled and run in the default C locale when
+  you obey "make". It builds a source file called pcre_chartables.c. If you do
+  not specify this option, pcre_chartables.c is created as a copy of
+  pcre_chartables.c.dist. See "Character tables" below for further information.
+
+. It is possible to compile PCRE for use on systems that use EBCDIC as their
+  character code (as opposed to ASCII/Unicode) by specifying
+
+  --enable-ebcdic
+
+  This automatically implies --enable-rebuild-chartables (see above). However,
+  when PCRE is built this way, it always operates in EBCDIC. It cannot support
+  both EBCDIC and UTF-8/16/32. There is a second option, --enable-ebcdic-nl25,
+  which specifies that the code value for the EBCDIC NL character is 0x25
+  instead of the default 0x15.
+
+. In environments where valgrind is installed, if you specify
+
+  --enable-valgrind
+
+  PCRE will use valgrind annotations to mark certain memory regions as
+  unaddressable. This allows it to detect invalid memory accesses, and is
+  mostly useful for debugging PCRE itself.
+
+. In environments where the gcc compiler is used and lcov version 1.6 or above
+  is installed, if you specify
+
+  --enable-coverage
+
+  the build process implements a code coverage report for the test suite. The
+  report is generated by running "make coverage". If ccache is installed on
+  your system, it must be disabled when building PCRE for coverage reporting.
+  You can do this by setting the environment variable CCACHE_DISABLE=1 before
+  running "make" to build PCRE. There is more information about coverage
+  reporting in the "pcrebuild" documentation.
+
+. The pcregrep program currently supports only 8-bit data files, and so
+  requires the 8-bit PCRE library. It is possible to compile pcregrep to use
+  libz and/or libbz2, in order to read .gz and .bz2 files (respectively), by
+  specifying one or both of
+
+  --enable-pcregrep-libz
+  --enable-pcregrep-libbz2
+
+  Of course, the relevant libraries must be installed on your system.
+
+. The default size (in bytes) of the internal buffer used by pcregrep can be
+  set by, for example:
+
+  --with-pcregrep-bufsize=51200
+
+  The value must be a plain integer. The default is 20480.
+
+. It is possible to compile pcretest so that it links with the libreadline
+  or libedit libraries, by specifying, respectively,
+
+  --enable-pcretest-libreadline or --enable-pcretest-libedit
+
+  If this is done, when pcretest's input is from a terminal, it reads it using
+  the readline() function. This provides line-editing and history facilities.
+  Note that libreadline is GPL-licenced, so if you distribute a binary of
+  pcretest linked in this way, there may be licensing issues. These can be
+  avoided by linking with libedit (which has a BSD licence) instead.
+
+  Enabling libreadline causes the -lreadline option to be added to the pcretest
+  build. In many operating environments with a sytem-installed readline
+  library this is sufficient. However, in some environments (e.g. if an
+  unmodified distribution version of readline is in use), it may be necessary
+  to specify something like LIBS="-lncurses" as well. This is because, to quote
+  the readline INSTALL, "Readline uses the termcap functions, but does not link
+  with the termcap or curses library itself, allowing applications which link
+  with readline the to choose an appropriate library." If you get error
+  messages about missing functions tgetstr, tgetent, tputs, tgetflag, or tgoto,
+  this is the problem, and linking with the ncurses library should fix it.
+
+The "configure" script builds the following files for the basic C library:
+
+. Makefile             the makefile that builds the library
+. config.h             build-time configuration options for the library
+. pcre.h               the public PCRE header file
+. pcre-config          script that shows the building settings such as CFLAGS
+                         that were set for "configure"
+. libpcre.pc         ) data for the pkg-config command
+. libpcre16.pc       )
+. libpcre32.pc       )
+. libpcreposix.pc    )
+. libtool              script that builds shared and/or static libraries
+
+Versions of config.h and pcre.h are distributed in the PCRE tarballs under the
+names config.h.generic and pcre.h.generic. These are provided for those who
+have to built PCRE without using "configure" or CMake. If you use "configure"
+or CMake, the .generic versions are not used.
+
+When building the 8-bit library, if a C++ compiler is found, the following
+files are also built:
+
+. libpcrecpp.pc        data for the pkg-config command
+. pcrecpparg.h         header file for calling PCRE via the C++ wrapper
+. pcre_stringpiece.h   header for the C++ "stringpiece" functions
+
+The "configure" script also creates config.status, which is an executable
+script that can be run to recreate the configuration, and config.log, which
+contains compiler output from tests that "configure" runs.
+
+Once "configure" has run, you can run "make". This builds the the libraries
+libpcre, libpcre16 and/or libpcre32, and a test program called pcretest. If you
+enabled JIT support with --enable-jit, a test program called pcre_jit_test is
+built as well.
+
+If the 8-bit library is built, libpcreposix and the pcregrep command are also
+built, and if a C++ compiler was found on your system, and you did not disable
+it with --disable-cpp, "make" builds the C++ wrapper library, which is called
+libpcrecpp, as well as some test programs called pcrecpp_unittest,
+pcre_scanner_unittest, and pcre_stringpiece_unittest.
+
+The command "make check" runs all the appropriate tests. Details of the PCRE
+tests are given below in a separate section of this document.
+
+You can use "make install" to install PCRE into live directories on your
+system. The following are installed (file names are all relative to the
+<prefix> that is set when "configure" is run):
+
+  Commands (bin):
+    pcretest
+    pcregrep (if 8-bit support is enabled)
+    pcre-config
+
+  Libraries (lib):
+    libpcre16     (if 16-bit support is enabled)
+    libpcre32     (if 32-bit support is enabled)
+    libpcre       (if 8-bit support is enabled)
+    libpcreposix  (if 8-bit support is enabled)
+    libpcrecpp    (if 8-bit and C++ support is enabled)
+
+  Configuration information (lib/pkgconfig):
+    libpcre16.pc
+    libpcre32.pc
+    libpcre.pc
+    libpcreposix.pc
+    libpcrecpp.pc (if C++ support is enabled)
+
+  Header files (include):
+    pcre.h
+    pcreposix.h
+    pcre_scanner.h      )
+    pcre_stringpiece.h  ) if C++ support is enabled
+    pcrecpp.h           )
+    pcrecpparg.h        )
+
+  Man pages (share/man/man{1,3}):
+    pcregrep.1
+    pcretest.1
+    pcre-config.1
+    pcre.3
+    pcre*.3 (lots more pages, all starting "pcre")
+
+  HTML documentation (share/doc/pcre/html):
+    index.html
+    *.html (lots more pages, hyperlinked from index.html)
+
+  Text file documentation (share/doc/pcre):
+    AUTHORS
+    COPYING
+    ChangeLog
+    LICENCE
+    NEWS
+    README
+    pcre.txt         (a concatenation of the man(3) pages)
+    pcretest.txt     the pcretest man page
+    pcregrep.txt     the pcregrep man page
+    pcre-config.txt  the pcre-config man page
+
+If you want to remove PCRE from your system, you can run "make uninstall".
+This removes all the files that "make install" installed. However, it does not
+remove any directories, because these are often shared with other programs.
+
+
+Retrieving configuration information
+------------------------------------
+
+Running "make install" installs the command pcre-config, which can be used to
+recall information about the PCRE configuration and installation. For example:
+
+  pcre-config --version
+
+prints the version number, and
+
+  pcre-config --libs
+
+outputs information about where the library is installed. This command can be
+included in makefiles for programs that use PCRE, saving the programmer from
+having to remember too many details.
+
+The pkg-config command is another system for saving and retrieving information
+about installed libraries. Instead of separate commands for each library, a
+single command is used. For example:
+
+  pkg-config --cflags pcre
+
+The data is held in *.pc files that are installed in a directory called
+<prefix>/lib/pkgconfig.
+
+
+Shared libraries
+----------------
+
+The default distribution builds PCRE as shared libraries and static libraries,
+as long as the operating system supports shared libraries. Shared library
+support relies on the "libtool" script which is built as part of the
+"configure" process.
+
+The libtool script is used to compile and link both shared and static
+libraries. They are placed in a subdirectory called .libs when they are newly
+built. The programs pcretest and pcregrep are built to use these uninstalled
+libraries (by means of wrapper scripts in the case of shared libraries). When
+you use "make install" to install shared libraries, pcregrep and pcretest are
+automatically re-built to use the newly installed shared libraries before being
+installed themselves. However, the versions left in the build directory still
+use the uninstalled libraries.
+
+To build PCRE using static libraries only you must use --disable-shared when
+configuring it. For example:
+
+./configure --prefix=/usr/gnu --disable-shared
+
+Then run "make" in the usual way. Similarly, you can use --disable-static to
+build only shared libraries.
+
+
+Cross-compiling using autotools
+-------------------------------
+
+You can specify CC and CFLAGS in the normal way to the "configure" command, in
+order to cross-compile PCRE for some other host. However, you should NOT
+specify --enable-rebuild-chartables, because if you do, the dftables.c source
+file is compiled and run on the local host, in order to generate the inbuilt
+character tables (the pcre_chartables.c file). This will probably not work,
+because dftables.c needs to be compiled with the local compiler, not the cross
+compiler.
+
+When --enable-rebuild-chartables is not specified, pcre_chartables.c is created
+by making a copy of pcre_chartables.c.dist, which is a default set of tables
+that assumes ASCII code. Cross-compiling with the default tables should not be
+a problem.
+
+If you need to modify the character tables when cross-compiling, you should
+move pcre_chartables.c.dist out of the way, then compile dftables.c by hand and
+run it on the local host to make a new version of pcre_chartables.c.dist.
+Then when you cross-compile PCRE this new version of the tables will be used.
+
+
+Using HP's ANSI C++ compiler (aCC)
+----------------------------------
+
+Unless C++ support is disabled by specifying the "--disable-cpp" option of the
+"configure" script, you must include the "-AA" option in the CXXFLAGS
+environment variable in order for the C++ components to compile correctly.
+
+Also, note that the aCC compiler on PA-RISC platforms may have a defect whereby
+needed libraries fail to get included when specifying the "-AA" compiler
+option. If you experience unresolved symbols when linking the C++ programs,
+use the workaround of specifying the following environment variable prior to
+running the "configure" script:
+
+  CXXLDFLAGS="-lstd_v2 -lCsup_v2"
+
+
+Compiling in Tru64 using native compilers
+-----------------------------------------
+
+The following error may occur when compiling with native compilers in the Tru64
+operating system:
+
+  CXX    libpcrecpp_la-pcrecpp.lo
+cxx: Error: /usr/lib/cmplrs/cxx/V7.1-006/include/cxx/iosfwd, line 58: #error
+          directive: "cannot include iosfwd -- define __USE_STD_IOSTREAM to
+          override default - see section 7.1.2 of the C++ Using Guide"
+#error "cannot include iosfwd -- define __USE_STD_IOSTREAM to override default
+- see section 7.1.2 of the C++ Using Guide"
+
+This may be followed by other errors, complaining that 'namespace "std" has no
+member'. The solution to this is to add the line
+
+#define __USE_STD_IOSTREAM 1
+
+to the config.h file.
+
+
+Using Sun's compilers for Solaris
+---------------------------------
+
+A user reports that the following configurations work on Solaris 9 sparcv9 and
+Solaris 9 x86 (32-bit):
+
+  Solaris 9 sparcv9: ./configure --disable-cpp CC=/bin/cc CFLAGS="-m64 -g"
+  Solaris 9 x86:     ./configure --disable-cpp CC=/bin/cc CFLAGS="-g"
+
+
+Using PCRE from MySQL
+---------------------
+
+On systems where both PCRE and MySQL are installed, it is possible to make use
+of PCRE from within MySQL, as an alternative to the built-in pattern matching.
+There is a web page that tells you how to do this:
+
+  http://www.mysqludf.org/lib_mysqludf_preg/index.php
+
+
+Making new tarballs
+-------------------
+
+The command "make dist" creates three PCRE tarballs, in tar.gz, tar.bz2, and
+zip formats. The command "make distcheck" does the same, but then does a trial
+build of the new distribution to ensure that it works.
+
+If you have modified any of the man page sources in the doc directory, you
+should first run the PrepareRelease script before making a distribution. This
+script creates the .txt and HTML forms of the documentation from the man pages.
+
+
+Testing PCRE
+------------
+
+To test the basic PCRE library on a Unix-like system, run the RunTest script.
+There is another script called RunGrepTest that tests the options of the
+pcregrep command. If the C++ wrapper library is built, three test programs
+called pcrecpp_unittest, pcre_scanner_unittest, and pcre_stringpiece_unittest
+are also built. When JIT support is enabled, another test program called
+pcre_jit_test is built.
+
+Both the scripts and all the program tests are run if you obey "make check" or
+"make test". For other environments, see the instructions in
+NON-AUTOTOOLS-BUILD.
+
+The RunTest script runs the pcretest test program (which is documented in its
+own man page) on each of the relevant testinput files in the testdata
+directory, and compares the output with the contents of the corresponding
+testoutput files. RunTest uses a file called testtry to hold the main output
+from pcretest. Other files whose names begin with "test" are used as working
+files in some tests.
+
+Some tests are relevant only when certain build-time options were selected. For
+example, the tests for UTF-8/16/32 support are run only if --enable-utf was
+used. RunTest outputs a comment when it skips a test.
+
+Many of the tests that are not skipped are run up to three times. The second
+run forces pcre_study() to be called for all patterns except for a few in some
+tests that are marked "never study" (see the pcretest program for how this is
+done). If JIT support is available, the non-DFA tests are run a third time,
+this time with a forced pcre_study() with the PCRE_STUDY_JIT_COMPILE option.
+This testing can be suppressed by putting "nojit" on the RunTest command line.
+
+The entire set of tests is run once for each of the 8-bit, 16-bit and 32-bit
+libraries that are enabled. If you want to run just one set of tests, call
+RunTest with either the -8, -16 or -32 option.
+
+If valgrind is installed, you can run the tests under it by putting "valgrind"
+on the RunTest command line. To run pcretest on just one or more specific test
+files, give their numbers as arguments to RunTest, for example:
+
+  RunTest 2 7 11
+
+You can also specify ranges of tests such as 3-6 or 3- (meaning 3 to the
+end), or a number preceded by ~ to exclude a test. For example:
+
+  Runtest 3-15 ~10
+
+This runs tests 3 to 15, excluding test 10, and just ~13 runs all the tests
+except test 13. Whatever order the arguments are in, the tests are always run
+in numerical order.
+
+You can also call RunTest with the single argument "list" to cause it to output
+a list of tests.
+
+The first test file can be fed directly into the perltest.pl script to check
+that Perl gives the same results. The only difference you should see is in the
+first few lines, where the Perl version is given instead of the PCRE version.
+
+The second set of tests check pcre_fullinfo(), pcre_study(),
+pcre_copy_substring(), pcre_get_substring(), pcre_get_substring_list(), error
+detection, and run-time flags that are specific to PCRE, as well as the POSIX
+wrapper API. It also uses the debugging flags to check some of the internals of
+pcre_compile().
+
+If you build PCRE with a locale setting that is not the standard C locale, the
+character tables may be different (see next paragraph). In some cases, this may
+cause failures in the second set of tests. For example, in a locale where the
+isprint() function yields TRUE for characters in the range 128-255, the use of
+[:isascii:] inside a character class defines a different set of characters, and
+this shows up in this test as a difference in the compiled code, which is being
+listed for checking. Where the comparison test output contains [\x00-\x7f] the
+test will contain [\x00-\xff], and similarly in some other cases. This is not a
+bug in PCRE.
+
+The third set of tests checks pcre_maketables(), the facility for building a
+set of character tables for a specific locale and using them instead of the
+default tables. The tests make use of the "fr_FR" (French) locale. Before
+running the test, the script checks for the presence of this locale by running
+the "locale" command. If that command fails, or if it doesn't include "fr_FR"
+in the list of available locales, the third test cannot be run, and a comment
+is output to say why. If running this test produces instances of the error
+
+  ** Failed to set locale "fr_FR"
+
+in the comparison output, it means that locale is not available on your system,
+despite being listed by "locale". This does not mean that PCRE is broken.
+
+[If you are trying to run this test on Windows, you may be able to get it to
+work by changing "fr_FR" to "french" everywhere it occurs. Alternatively, use
+RunTest.bat. The version of RunTest.bat included with PCRE 7.4 and above uses
+Windows versions of test 2. More info on using RunTest.bat is included in the
+document entitled NON-UNIX-USE.]
+
+The fourth and fifth tests check the UTF-8/16/32 support and error handling and
+internal UTF features of PCRE that are not relevant to Perl, respectively. The
+sixth and seventh tests do the same for Unicode character properties support.
+
+The eighth, ninth, and tenth tests check the pcre_dfa_exec() alternative
+matching function, in non-UTF-8/16/32 mode, UTF-8/16/32 mode, and UTF-8/16/32
+mode with Unicode property support, respectively.
+
+The eleventh test checks some internal offsets and code size features; it is
+run only when the default "link size" of 2 is set (in other cases the sizes
+change) and when Unicode property support is enabled.
+
+The twelfth test is run only when JIT support is available, and the thirteenth
+test is run only when JIT support is not available. They test some JIT-specific
+features such as information output from pcretest about JIT compilation.
+
+The fourteenth, fifteenth, and sixteenth tests are run only in 8-bit mode, and
+the seventeenth, eighteenth, and nineteenth tests are run only in 16/32-bit
+mode. These are tests that generate different output in the two modes. They are
+for general cases, UTF-8/16/32 support, and Unicode property support,
+respectively.
+
+The twentieth test is run only in 16/32-bit mode. It tests some specific
+16/32-bit features of the DFA matching engine.
+
+The twenty-first and twenty-second tests are run only in 16/32-bit mode, when
+the link size is set to 2 for the 16-bit library. They test reloading
+pre-compiled patterns.
+
+The twenty-third and twenty-fourth tests are run only in 16-bit mode. They are
+for general cases, and UTF-16 support, respectively.
+
+The twenty-fifth and twenty-sixth tests are run only in 32-bit mode. They are
+for general cases, and UTF-32 support, respectively.
+
+
+Character tables
+----------------
+
+For speed, PCRE uses four tables for manipulating and identifying characters
+whose code point values are less than 256. The final argument of the
+pcre_compile() function is a pointer to a block of memory containing the
+concatenated tables. A call to pcre_maketables() can be used to generate a set
+of tables in the current locale. If the final argument for pcre_compile() is
+passed as NULL, a set of default tables that is built into the binary is used.
+
+The source file called pcre_chartables.c contains the default set of tables. By
+default, this is created as a copy of pcre_chartables.c.dist, which contains
+tables for ASCII coding. However, if --enable-rebuild-chartables is specified
+for ./configure, a different version of pcre_chartables.c is built by the
+program dftables (compiled from dftables.c), which uses the ANSI C character
+handling functions such as isalnum(), isalpha(), isupper(), islower(), etc. to
+build the table sources. This means that the default C locale which is set for
+your system will control the contents of these default tables. You can change
+the default tables by editing pcre_chartables.c and then re-building PCRE. If
+you do this, you should take care to ensure that the file does not get
+automatically re-generated. The best way to do this is to move
+pcre_chartables.c.dist out of the way and replace it with your customized
+tables.
+
+When the dftables program is run as a result of --enable-rebuild-chartables,
+it uses the default C locale that is set on your system. It does not pay
+attention to the LC_xxx environment variables. In other words, it uses the
+system's default locale rather than whatever the compiling user happens to have
+set. If you really do want to build a source set of character tables in a
+locale that is specified by the LC_xxx variables, you can run the dftables
+program by hand with the -L option. For example:
+
+  ./dftables -L pcre_chartables.c.special
+
+The first two 256-byte tables provide lower casing and case flipping functions,
+respectively. The next table consists of three 32-byte bit maps which identify
+digits, "word" characters, and white space, respectively. These are used when
+building 32-byte bit maps that represent character classes for code points less
+than 256.
+
+The final 256-byte table has bits indicating various character types, as
+follows:
+
+    1   white space character
+    2   letter
+    4   decimal digit
+    8   hexadecimal digit
+   16   alphanumeric or '_'
+  128   regular expression metacharacter or binary zero
+
+You should not alter the set of characters that contain the 128 bit, as that
+will cause PCRE to malfunction.
+
+
+File manifest
+-------------
+
+The distribution should contain the files listed below. Where a file name is
+given as pcre[16|32]_xxx it means that there are three files, one with the name
+pcre_xxx, one with the name pcre16_xx, and a third with the name pcre32_xxx.
+
+(A) Source files of the PCRE library functions and their headers:
+
+  dftables.c              auxiliary program for building pcre_chartables.c
+                          when --enable-rebuild-chartables is specified
+
+  pcre_chartables.c.dist  a default set of character tables that assume ASCII
+                          coding; used, unless --enable-rebuild-chartables is
+                          specified, by copying to pcre[16]_chartables.c
+
+  pcreposix.c                )
+  pcre[16|32]_byte_order.c   )
+  pcre[16|32]_compile.c      )
+  pcre[16|32]_config.c       )
+  pcre[16|32]_dfa_exec.c     )
+  pcre[16|32]_exec.c         )
+  pcre[16|32]_fullinfo.c     )
+  pcre[16|32]_get.c          ) sources for the functions in the library,
+  pcre[16|32]_globals.c      )   and some internal functions that they use
+  pcre[16|32]_jit_compile.c  )
+  pcre[16|32]_maketables.c   )
+  pcre[16|32]_newline.c      )
+  pcre[16|32]_refcount.c     )
+  pcre[16|32]_string_utils.c )
+  pcre[16|32]_study.c        )
+  pcre[16|32]_tables.c       )
+  pcre[16|32]_ucd.c          )
+  pcre[16|32]_version.c      )
+  pcre[16|32]_xclass.c       )
+  pcre_ord2utf8.c            )
+  pcre_valid_utf8.c          )
+  pcre16_ord2utf16.c         )
+  pcre16_utf16_utils.c       )
+  pcre16_valid_utf16.c       )
+  pcre32_utf32_utils.c       )
+  pcre32_valid_utf32.c       )
+
+  pcre[16|32]_printint.c     ) debugging function that is used by pcretest,
+                             )   and can also be #included in pcre_compile()
+
+  pcre.h.in               template for pcre.h when built by "configure"
+  pcreposix.h             header for the external POSIX wrapper API
+  pcre_internal.h         header for internal use
+  sljit/*                 16 files that make up the JIT compiler
+  ucp.h                   header for Unicode property handling
+
+  config.h.in             template for config.h, which is built by "configure"
+
+  pcrecpp.h               public header file for the C++ wrapper
+  pcrecpparg.h.in         template for another C++ header file
+  pcre_scanner.h          public header file for C++ scanner functions
+  pcrecpp.cc              )
+  pcre_scanner.cc         ) source for the C++ wrapper library
+
+  pcre_stringpiece.h.in   template for pcre_stringpiece.h, the header for the
+                            C++ stringpiece functions
+  pcre_stringpiece.cc     source for the C++ stringpiece functions
+
+(B) Source files for programs that use PCRE:
+
+  pcredemo.c              simple demonstration of coding calls to PCRE
+  pcregrep.c              source of a grep utility that uses PCRE
+  pcretest.c              comprehensive test program
+
+(C) Auxiliary files:
+
+  132html                 script to turn "man" pages into HTML
+  AUTHORS                 information about the author of PCRE
+  ChangeLog               log of changes to the code
+  CleanTxt                script to clean nroff output for txt man pages
+  Detrail                 script to remove trailing spaces
+  HACKING                 some notes about the internals of PCRE
+  INSTALL                 generic installation instructions
+  LICENCE                 conditions for the use of PCRE
+  COPYING                 the same, using GNU's standard name
+  Makefile.in             ) template for Unix Makefile, which is built by
+                          )   "configure"
+  Makefile.am             ) the automake input that was used to create
+                          )   Makefile.in
+  NEWS                    important changes in this release
+  NON-UNIX-USE            the previous name for NON-AUTOTOOLS-BUILD
+  NON-AUTOTOOLS-BUILD     notes on building PCRE without using autotools
+  PrepareRelease          script to make preparations for "make dist"
+  README                  this file
+  RunTest                 a Unix shell script for running tests
+  RunGrepTest             a Unix shell script for pcregrep tests
+  aclocal.m4              m4 macros (generated by "aclocal")
+  config.guess            ) files used by libtool,
+  config.sub              )   used only when building a shared library
+  configure               a configuring shell script (built by autoconf)
+  configure.ac            ) the autoconf input that was used to build
+                          )   "configure" and config.h
+  depcomp                 ) script to find program dependencies, generated by
+                          )   automake
+  doc/*.3                 man page sources for PCRE
+  doc/*.1                 man page sources for pcregrep and pcretest
+  doc/index.html.src      the base HTML page
+  doc/html/*              HTML documentation
+  doc/pcre.txt            plain text version of the man pages
+  doc/pcretest.txt        plain text documentation of test program
+  doc/perltest.txt        plain text documentation of Perl test program
+  install-sh              a shell script for installing files
+  libpcre16.pc.in         template for libpcre16.pc for pkg-config
+  libpcre32.pc.in         template for libpcre32.pc for pkg-config
+  libpcre.pc.in           template for libpcre.pc for pkg-config
+  libpcreposix.pc.in      template for libpcreposix.pc for pkg-config
+  libpcrecpp.pc.in        template for libpcrecpp.pc for pkg-config
+  ltmain.sh               file used to build a libtool script
+  missing                 ) common stub for a few missing GNU programs while
+                          )   installing, generated by automake
+  mkinstalldirs           script for making install directories
+  perltest.pl             Perl test program
+  pcre-config.in          source of script which retains PCRE information
+  pcre_jit_test.c         test program for the JIT compiler
+  pcrecpp_unittest.cc          )
+  pcre_scanner_unittest.cc     ) test programs for the C++ wrapper
+  pcre_stringpiece_unittest.cc )
+  testdata/testinput*     test data for main library tests
+  testdata/testoutput*    expected test results
+  testdata/grep*          input and output for pcregrep tests
+  testdata/*              other supporting test files
+
+(D) Auxiliary files for cmake support
+
+  cmake/COPYING-CMAKE-SCRIPTS
+  cmake/FindPackageHandleStandardArgs.cmake
+  cmake/FindEditline.cmake
+  cmake/FindReadline.cmake
+  CMakeLists.txt
+  config-cmake.h.in
+
+(E) Auxiliary files for VPASCAL
+
+  makevp.bat
+  makevp_c.txt
+  makevp_l.txt
+  pcregexp.pas
+
+(F) Auxiliary files for building PCRE "by hand"
+
+  pcre.h.generic          ) a version of the public PCRE header file
+                          )   for use in non-"configure" environments
+  config.h.generic        ) a version of config.h for use in non-"configure"
+                          )   environments
+
+(F) Miscellaneous
+
+  RunTest.bat            a script for running tests under Windows
+
+Philip Hazel
+Email local part: ph10
+Email domain: cam.ac.uk
+Last updated: 10 February 2015
diff --git a/client/3rd/ShadowSocks/ShadowSocks/pcre/armv7/share/doc/pcre/html/index.html b/client/3rd/ShadowSocks/ShadowSocks/pcre/armv7/share/doc/pcre/html/index.html
new file mode 100644
index 00000000..352c55df
--- /dev/null
+++ b/client/3rd/ShadowSocks/ShadowSocks/pcre/armv7/share/doc/pcre/html/index.html
@@ -0,0 +1,185 @@
+<html>
+<!-- This is a manually maintained file that is the root of the HTML version of
+     the PCRE documentation. When the HTML documents are built from the man
+     page versions, the entire doc/html directory is emptied, this file is then
+     copied into doc/html/index.html, and the remaining files therein are
+     created by the 132html script.
+-->
+<head>
+<title>PCRE specification</title>
+</head>
+<body bgcolor="#FFFFFF" text="#00005A" link="#0066FF" alink="#3399FF" vlink="#2222BB">
+<h1>Perl-compatible Regular Expressions (PCRE)</h1>
+<p>
+The HTML documentation for PCRE consists of a number of pages that are listed
+below in alphabetical order. If you are new to PCRE, please read the first one
+first.
+</p>
+
+<table>
+<tr><td><a href="pcre.html">pcre</a></td>
+    <td>&nbsp;&nbsp;Introductory page</td></tr>
+
+<tr><td><a href="pcre-config.html">pcre-config</a></td>
+    <td>&nbsp;&nbsp;Information about the installation configuration</td></tr>
+
+<tr><td><a href="pcre16.html">pcre16</a></td>
+    <td>&nbsp;&nbsp;Discussion of the 16-bit PCRE library</td></tr>
+
+<tr><td><a href="pcre32.html">pcre32</a></td>
+    <td>&nbsp;&nbsp;Discussion of the 32-bit PCRE library</td></tr>
+
+<tr><td><a href="pcreapi.html">pcreapi</a></td>
+    <td>&nbsp;&nbsp;PCRE's native API</td></tr>
+
+<tr><td><a href="pcrebuild.html">pcrebuild</a></td>
+    <td>&nbsp;&nbsp;Building PCRE</td></tr>
+
+<tr><td><a href="pcrecallout.html">pcrecallout</a></td>
+    <td>&nbsp;&nbsp;The <i>callout</i> facility</td></tr>
+
+<tr><td><a href="pcrecompat.html">pcrecompat</a></td>
+    <td>&nbsp;&nbsp;Compability with Perl</td></tr>
+
+<tr><td><a href="pcrecpp.html">pcrecpp</a></td>
+    <td>&nbsp;&nbsp;The C++ wrapper for the PCRE library</td></tr>
+
+<tr><td><a href="pcredemo.html">pcredemo</a></td>
+    <td>&nbsp;&nbsp;A demonstration C program that uses the PCRE library</td></tr>
+
+<tr><td><a href="pcregrep.html">pcregrep</a></td>
+    <td>&nbsp;&nbsp;The <b>pcregrep</b> command</td></tr>
+
+<tr><td><a href="pcrejit.html">pcrejit</a></td>
+    <td>&nbsp;&nbsp;Discussion of the just-in-time optimization support</td></tr>
+
+<tr><td><a href="pcrelimits.html">pcrelimits</a></td>
+    <td>&nbsp;&nbsp;Details of size and other limits</td></tr>
+
+<tr><td><a href="pcrematching.html">pcrematching</a></td>
+    <td>&nbsp;&nbsp;Discussion of the two matching algorithms</td></tr>
+
+<tr><td><a href="pcrepartial.html">pcrepartial</a></td>
+    <td>&nbsp;&nbsp;Using PCRE for partial matching</td></tr>
+
+<tr><td><a href="pcrepattern.html">pcrepattern</a></td>
+    <td>&nbsp;&nbsp;Specification of the regular expressions supported by PCRE</td></tr>
+
+<tr><td><a href="pcreperform.html">pcreperform</a></td>
+    <td>&nbsp;&nbsp;Some comments on performance</td></tr>
+
+<tr><td><a href="pcreposix.html">pcreposix</a></td>
+    <td>&nbsp;&nbsp;The POSIX API to the PCRE 8-bit library</td></tr>
+
+<tr><td><a href="pcreprecompile.html">pcreprecompile</a></td>
+    <td>&nbsp;&nbsp;How to save and re-use compiled patterns</td></tr>
+
+<tr><td><a href="pcresample.html">pcresample</a></td>
+    <td>&nbsp;&nbsp;Discussion of the pcredemo program</td></tr>
+
+<tr><td><a href="pcrestack.html">pcrestack</a></td>
+    <td>&nbsp;&nbsp;Discussion of PCRE's stack usage</td></tr>
+
+<tr><td><a href="pcresyntax.html">pcresyntax</a></td>
+    <td>&nbsp;&nbsp;Syntax quick-reference summary</td></tr>
+
+<tr><td><a href="pcretest.html">pcretest</a></td>
+    <td>&nbsp;&nbsp;The <b>pcretest</b> command for testing PCRE</td></tr>
+
+<tr><td><a href="pcreunicode.html">pcreunicode</a></td>
+    <td>&nbsp;&nbsp;Discussion of Unicode and UTF-8/UTF-16/UTF-32 support</td></tr>
+</table>
+
+<p>
+There are also individual pages that summarize the interface for each function
+in the library. There is a single page for each triple of 8-bit/16-bit/32-bit
+functions.
+</p>
+
+<table>
+
+<tr><td><a href="pcre_assign_jit_stack.html">pcre_assign_jit_stack</a></td>
+    <td>&nbsp;&nbsp;Assign stack for JIT matching</td></tr>
+
+<tr><td><a href="pcre_compile.html">pcre_compile</a></td>
+    <td>&nbsp;&nbsp;Compile a regular expression</td></tr>
+
+<tr><td><a href="pcre_compile2.html">pcre_compile2</a></td>
+    <td>&nbsp;&nbsp;Compile a regular expression (alternate interface)</td></tr>
+
+<tr><td><a href="pcre_config.html">pcre_config</a></td>
+    <td>&nbsp;&nbsp;Show build-time configuration options</td></tr>
+
+<tr><td><a href="pcre_copy_named_substring.html">pcre_copy_named_substring</a></td>
+    <td>&nbsp;&nbsp;Extract named substring into given buffer</td></tr>
+
+<tr><td><a href="pcre_copy_substring.html">pcre_copy_substring</a></td>
+    <td>&nbsp;&nbsp;Extract numbered substring into given buffer</td></tr>
+
+<tr><td><a href="pcre_dfa_exec.html">pcre_dfa_exec</a></td>
+    <td>&nbsp;&nbsp;Match a compiled pattern to a subject string
+    (DFA algorithm; <i>not</i> Perl compatible)</td></tr>
+
+<tr><td><a href="pcre_exec.html">pcre_exec</a></td>
+    <td>&nbsp;&nbsp;Match a compiled pattern to a subject string
+    (Perl compatible)</td></tr>
+
+<tr><td><a href="pcre_free_study.html">pcre_free_study</a></td>
+    <td>&nbsp;&nbsp;Free study data</td></tr>
+
+<tr><td><a href="pcre_free_substring.html">pcre_free_substring</a></td>
+    <td>&nbsp;&nbsp;Free extracted substring</td></tr>
+
+<tr><td><a href="pcre_free_substring_list.html">pcre_free_substring_list</a></td>
+    <td>&nbsp;&nbsp;Free list of extracted substrings</td></tr>
+
+<tr><td><a href="pcre_fullinfo.html">pcre_fullinfo</a></td>
+    <td>&nbsp;&nbsp;Extract information about a pattern</td></tr>
+
+<tr><td><a href="pcre_get_named_substring.html">pcre_get_named_substring</a></td>
+    <td>&nbsp;&nbsp;Extract named substring into new memory</td></tr>
+
+<tr><td><a href="pcre_get_stringnumber.html">pcre_get_stringnumber</a></td>
+    <td>&nbsp;&nbsp;Convert captured string name to number</td></tr>
+
+<tr><td><a href="pcre_get_stringtable_entries.html">pcre_get_stringtable_entries</a></td>
+    <td>&nbsp;&nbsp;Find table entries for given string name</td></tr>
+
+<tr><td><a href="pcre_get_substring.html">pcre_get_substring</a></td>
+    <td>&nbsp;&nbsp;Extract numbered substring into new memory</td></tr>
+
+<tr><td><a href="pcre_get_substring_list.html">pcre_get_substring_list</a></td>
+    <td>&nbsp;&nbsp;Extract all substrings into new memory</td></tr>
+
+<tr><td><a href="pcre_jit_exec.html">pcre_jit_exec</a></td>
+    <td>&nbsp;&nbsp;Fast path interface to JIT matching</td></tr>
+
+<tr><td><a href="pcre_jit_stack_alloc.html">pcre_jit_stack_alloc</a></td>
+    <td>&nbsp;&nbsp;Create a stack for JIT matching</td></tr>
+
+<tr><td><a href="pcre_jit_stack_free.html">pcre_jit_stack_free</a></td>
+    <td>&nbsp;&nbsp;Free a JIT matching stack</td></tr>
+
+<tr><td><a href="pcre_maketables.html">pcre_maketables</a></td>
+    <td>&nbsp;&nbsp;Build character tables in current locale</td></tr>
+
+<tr><td><a href="pcre_pattern_to_host_byte_order.html">pcre_pattern_to_host_byte_order</a></td>
+    <td>&nbsp;&nbsp;Convert compiled pattern to host byte order if necessary</td></tr>
+
+<tr><td><a href="pcre_refcount.html">pcre_refcount</a></td>
+    <td>&nbsp;&nbsp;Maintain reference count in compiled pattern</td></tr>
+
+<tr><td><a href="pcre_study.html">pcre_study</a></td>
+    <td>&nbsp;&nbsp;Study a compiled pattern</td></tr>
+
+<tr><td><a href="pcre_utf16_to_host_byte_order.html">pcre_utf16_to_host_byte_order</a></td>
+    <td>&nbsp;&nbsp;Convert UTF-16 string to host byte order if necessary</td></tr>
+
+<tr><td><a href="pcre_utf32_to_host_byte_order.html">pcre_utf32_to_host_byte_order</a></td>
+    <td>&nbsp;&nbsp;Convert UTF-32 string to host byte order if necessary</td></tr>
+
+<tr><td><a href="pcre_version.html">pcre_version</a></td>
+    <td>&nbsp;&nbsp;Return PCRE version and release date</td></tr>
+</table>
+
+</html>
diff --git a/client/3rd/ShadowSocks/ShadowSocks/pcre/armv7/share/doc/pcre/html/pcre-config.html b/client/3rd/ShadowSocks/ShadowSocks/pcre/armv7/share/doc/pcre/html/pcre-config.html
new file mode 100644
index 00000000..56a80604
--- /dev/null
+++ b/client/3rd/ShadowSocks/ShadowSocks/pcre/armv7/share/doc/pcre/html/pcre-config.html
@@ -0,0 +1,109 @@
+<html>
+<head>
+<title>pcre-config specification</title>
+</head>
+<body bgcolor="#FFFFFF" text="#00005A" link="#0066FF" alink="#3399FF" vlink="#2222BB">
+<h1>pcre-config man page</h1>
+<p>
+Return to the <a href="index.html">PCRE index page</a>.
+</p>
+<p>
+This page is part of the PCRE HTML documentation. It was generated automatically
+from the original man page. If there is any nonsense in it, please consult the
+man page, in case the conversion went wrong.
+<br>
+<ul>
+<li><a name="TOC1" href="#SEC1">SYNOPSIS</a>
+<li><a name="TOC2" href="#SEC2">DESCRIPTION</a>
+<li><a name="TOC3" href="#SEC3">OPTIONS</a>
+<li><a name="TOC4" href="#SEC4">SEE ALSO</a>
+<li><a name="TOC5" href="#SEC5">AUTHOR</a>
+<li><a name="TOC6" href="#SEC6">REVISION</a>
+</ul>
+<br><a name="SEC1" href="#TOC1">SYNOPSIS</a><br>
+<P>
+<b>pcre-config  [--prefix] [--exec-prefix] [--version] [--libs]</b>
+<b>            [--libs16] [--libs32] [--libs-cpp] [--libs-posix]</b>
+<b>            [--cflags] [--cflags-posix]</b>
+</P>
+<br><a name="SEC2" href="#TOC1">DESCRIPTION</a><br>
+<P>
+<b>pcre-config</b> returns the configuration of the installed PCRE
+libraries and the options required to compile a program to use them. Some of
+the options apply only to the 8-bit, or 16-bit, or 32-bit libraries,
+respectively, and are
+not available if only one of those libraries has been built. If an unavailable
+option is encountered, the "usage" information is output.
+</P>
+<br><a name="SEC3" href="#TOC1">OPTIONS</a><br>
+<P>
+<b>--prefix</b>
+Writes the directory prefix used in the PCRE installation for architecture
+independent files (<i>/usr</i> on many systems, <i>/usr/local</i> on some
+systems) to the standard output.
+</P>
+<P>
+<b>--exec-prefix</b>
+Writes the directory prefix used in the PCRE installation for architecture
+dependent files (normally the same as <b>--prefix</b>) to the standard output.
+</P>
+<P>
+<b>--version</b>
+Writes the version number of the installed PCRE libraries to the standard
+output.
+</P>
+<P>
+<b>--libs</b>
+Writes to the standard output the command line options required to link
+with the 8-bit PCRE library (<b>-lpcre</b> on many systems).
+</P>
+<P>
+<b>--libs16</b>
+Writes to the standard output the command line options required to link
+with the 16-bit PCRE library (<b>-lpcre16</b> on many systems).
+</P>
+<P>
+<b>--libs32</b>
+Writes to the standard output the command line options required to link
+with the 32-bit PCRE library (<b>-lpcre32</b> on many systems).
+</P>
+<P>
+<b>--libs-cpp</b>
+Writes to the standard output the command line options required to link with
+PCRE's C++ wrapper library (<b>-lpcrecpp</b> <b>-lpcre</b> on many
+systems).
+</P>
+<P>
+<b>--libs-posix</b>
+Writes to the standard output the command line options required to link with
+PCRE's POSIX API wrapper library (<b>-lpcreposix</b> <b>-lpcre</b> on many
+systems).
+</P>
+<P>
+<b>--cflags</b>
+Writes to the standard output the command line options required to compile
+files that use PCRE (this may include some <b>-I</b> options, but is blank on
+many systems).
+</P>
+<P>
+<b>--cflags-posix</b>
+Writes to the standard output the command line options required to compile
+files that use PCRE's POSIX API wrapper library (this may include some <b>-I</b>
+options, but is blank on many systems).
+</P>
+<br><a name="SEC4" href="#TOC1">SEE ALSO</a><br>
+<P>
+<b>pcre(3)</b>
+</P>
+<br><a name="SEC5" href="#TOC1">AUTHOR</a><br>
+<P>
+This manual page was originally written by Mark Baker for the Debian GNU/Linux
+system. It has been subsequently revised as a generic PCRE man page.
+</P>
+<br><a name="SEC6" href="#TOC1">REVISION</a><br>
+<P>
+Last updated: 24 June 2012
+<br>
+<p>
+Return to the <a href="index.html">PCRE index page</a>.
+</p>
diff --git a/client/3rd/ShadowSocks/ShadowSocks/pcre/armv7/share/doc/pcre/html/pcre.html b/client/3rd/ShadowSocks/ShadowSocks/pcre/armv7/share/doc/pcre/html/pcre.html
new file mode 100644
index 00000000..c87b1066
--- /dev/null
+++ b/client/3rd/ShadowSocks/ShadowSocks/pcre/armv7/share/doc/pcre/html/pcre.html
@@ -0,0 +1,224 @@
+<html>
+<head>
+<title>pcre specification</title>
+</head>
+<body bgcolor="#FFFFFF" text="#00005A" link="#0066FF" alink="#3399FF" vlink="#2222BB">
+<h1>pcre man page</h1>
+<p>
+Return to the <a href="index.html">PCRE index page</a>.
+</p>
+<p>
+This page is part of the PCRE HTML documentation. It was generated automatically
+from the original man page. If there is any nonsense in it, please consult the
+man page, in case the conversion went wrong.
+<br>
+<ul>
+<li><a name="TOC1" href="#SEC1">PLEASE TAKE NOTE</a>
+<li><a name="TOC2" href="#SEC2">INTRODUCTION</a>
+<li><a name="TOC3" href="#SEC3">SECURITY CONSIDERATIONS</a>
+<li><a name="TOC4" href="#SEC4">USER DOCUMENTATION</a>
+<li><a name="TOC5" href="#SEC5">AUTHOR</a>
+<li><a name="TOC6" href="#SEC6">REVISION</a>
+</ul>
+<br><a name="SEC1" href="#TOC1">PLEASE TAKE NOTE</a><br>
+<P>
+This document relates to PCRE releases that use the original API,
+with library names libpcre, libpcre16, and libpcre32. January 2015 saw the
+first release of a new API, known as PCRE2, with release numbers starting at
+10.00 and library names libpcre2-8, libpcre2-16, and libpcre2-32. The old
+libraries (now called PCRE1) are still being maintained for bug fixes, but
+there will be no new development. New projects are advised to use the new PCRE2
+libraries.
+</P>
+<br><a name="SEC2" href="#TOC1">INTRODUCTION</a><br>
+<P>
+The PCRE library is a set of functions that implement regular expression
+pattern matching using the same syntax and semantics as Perl, with just a few
+differences. Some features that appeared in Python and PCRE before they
+appeared in Perl are also available using the Python syntax, there is some
+support for one or two .NET and Oniguruma syntax items, and there is an option
+for requesting some minor changes that give better JavaScript compatibility.
+</P>
+<P>
+Starting with release 8.30, it is possible to compile two separate PCRE
+libraries: the original, which supports 8-bit character strings (including
+UTF-8 strings), and a second library that supports 16-bit character strings
+(including UTF-16 strings). The build process allows either one or both to be
+built. The majority of the work to make this possible was done by Zoltan
+Herczeg.
+</P>
+<P>
+Starting with release 8.32 it is possible to compile a third separate PCRE
+library that supports 32-bit character strings (including UTF-32 strings). The
+build process allows any combination of the 8-, 16- and 32-bit libraries. The
+work to make this possible was done by Christian Persch.
+</P>
+<P>
+The three libraries contain identical sets of functions, except that the names
+in the 16-bit library start with <b>pcre16_</b> instead of <b>pcre_</b>, and the
+names in the 32-bit library start with <b>pcre32_</b> instead of <b>pcre_</b>. To
+avoid over-complication and reduce the documentation maintenance load, most of
+the documentation describes the 8-bit library, with the differences for the
+16-bit and 32-bit libraries described separately in the
+<a href="pcre16.html"><b>pcre16</b></a>
+and
+<a href="pcre32.html"><b>pcre32</b></a>
+pages. References to functions or structures of the form <i>pcre[16|32]_xxx</i>
+should be read as meaning "<i>pcre_xxx</i> when using the 8-bit library,
+<i>pcre16_xxx</i> when using the 16-bit library, or <i>pcre32_xxx</i> when using
+the 32-bit library".
+</P>
+<P>
+The current implementation of PCRE corresponds approximately with Perl 5.12,
+including support for UTF-8/16/32 encoded strings and Unicode general category
+properties. However, UTF-8/16/32 and Unicode support has to be explicitly
+enabled; it is not the default. The Unicode tables correspond to Unicode
+release 6.3.0.
+</P>
+<P>
+In addition to the Perl-compatible matching function, PCRE contains an
+alternative function that matches the same compiled patterns in a different
+way. In certain circumstances, the alternative function has some advantages.
+For a discussion of the two matching algorithms, see the
+<a href="pcrematching.html"><b>pcrematching</b></a>
+page.
+</P>
+<P>
+PCRE is written in C and released as a C library. A number of people have
+written wrappers and interfaces of various kinds. In particular, Google Inc.
+have provided a comprehensive C++ wrapper for the 8-bit library. This is now
+included as part of the PCRE distribution. The
+<a href="pcrecpp.html"><b>pcrecpp</b></a>
+page has details of this interface. Other people's contributions can be found
+in the <i>Contrib</i> directory at the primary FTP site, which is:
+<a href="ftp://ftp.csx.cam.ac.uk/pub/software/programming/pcre">ftp://ftp.csx.cam.ac.uk/pub/software/programming/pcre</a>
+</P>
+<P>
+Details of exactly which Perl regular expression features are and are not
+supported by PCRE are given in separate documents. See the
+<a href="pcrepattern.html"><b>pcrepattern</b></a>
+and
+<a href="pcrecompat.html"><b>pcrecompat</b></a>
+pages. There is a syntax summary in the
+<a href="pcresyntax.html"><b>pcresyntax</b></a>
+page.
+</P>
+<P>
+Some features of PCRE can be included, excluded, or changed when the library is
+built. The
+<a href="pcre_config.html"><b>pcre_config()</b></a>
+function makes it possible for a client to discover which features are
+available. The features themselves are described in the
+<a href="pcrebuild.html"><b>pcrebuild</b></a>
+page. Documentation about building PCRE for various operating systems can be
+found in the
+<a href="README.txt"><b>README</b></a>
+and
+<a href="NON-AUTOTOOLS-BUILD.txt"><b>NON-AUTOTOOLS_BUILD</b></a>
+files in the source distribution.
+</P>
+<P>
+The libraries contains a number of undocumented internal functions and data
+tables that are used by more than one of the exported external functions, but
+which are not intended for use by external callers. Their names all begin with
+"_pcre_" or "_pcre16_" or "_pcre32_", which hopefully will not provoke any name
+clashes. In some environments, it is possible to control which external symbols
+are exported when a shared library is built, and in these cases the
+undocumented symbols are not exported.
+</P>
+<br><a name="SEC3" href="#TOC1">SECURITY CONSIDERATIONS</a><br>
+<P>
+If you are using PCRE in a non-UTF application that permits users to supply
+arbitrary patterns for compilation, you should be aware of a feature that
+allows users to turn on UTF support from within a pattern, provided that PCRE
+was built with UTF support. For example, an 8-bit pattern that begins with
+"(*UTF8)" or "(*UTF)" turns on UTF-8 mode, which interprets patterns and
+subjects as strings of UTF-8 characters instead of individual 8-bit characters.
+This causes both the pattern and any data against which it is matched to be
+checked for UTF-8 validity. If the data string is very long, such a check might
+use sufficiently many resources as to cause your application to lose
+performance.
+</P>
+<P>
+One way of guarding against this possibility is to use the
+<b>pcre_fullinfo()</b> function to check the compiled pattern's options for UTF.
+Alternatively, from release 8.33, you can set the PCRE_NEVER_UTF option at
+compile time. This causes an compile time error if a pattern contains a
+UTF-setting sequence.
+</P>
+<P>
+If your application is one that supports UTF, be aware that validity checking
+can take time. If the same data string is to be matched many times, you can use
+the PCRE_NO_UTF[8|16|32]_CHECK option for the second and subsequent matches to
+save redundant checks.
+</P>
+<P>
+Another way that performance can be hit is by running a pattern that has a very
+large search tree against a string that will never match. Nested unlimited
+repeats in a pattern are a common example. PCRE provides some protection
+against this: see the PCRE_EXTRA_MATCH_LIMIT feature in the
+<a href="pcreapi.html"><b>pcreapi</b></a>
+page.
+</P>
+<br><a name="SEC4" href="#TOC1">USER DOCUMENTATION</a><br>
+<P>
+The user documentation for PCRE comprises a number of different sections. In
+the "man" format, each of these is a separate "man page". In the HTML format,
+each is a separate page, linked from the index page. In the plain text format,
+the descriptions of the <b>pcregrep</b> and <b>pcretest</b> programs are in files
+called <b>pcregrep.txt</b> and <b>pcretest.txt</b>, respectively. The remaining
+sections, except for the <b>pcredemo</b> section (which is a program listing),
+are concatenated in <b>pcre.txt</b>, for ease of searching. The sections are as
+follows:
+<pre>
+  pcre              this document
+  pcre-config       show PCRE installation configuration information
+  pcre16            details of the 16-bit library
+  pcre32            details of the 32-bit library
+  pcreapi           details of PCRE's native C API
+  pcrebuild         building PCRE
+  pcrecallout       details of the callout feature
+  pcrecompat        discussion of Perl compatibility
+  pcrecpp           details of the C++ wrapper for the 8-bit library
+  pcredemo          a demonstration C program that uses PCRE
+  pcregrep          description of the <b>pcregrep</b> command (8-bit only)
+  pcrejit           discussion of the just-in-time optimization support
+  pcrelimits        details of size and other limits
+  pcrematching      discussion of the two matching algorithms
+  pcrepartial       details of the partial matching facility
+  pcrepattern       syntax and semantics of supported regular expressions
+  pcreperform       discussion of performance issues
+  pcreposix         the POSIX-compatible C API for the 8-bit library
+  pcreprecompile    details of saving and re-using precompiled patterns
+  pcresample        discussion of the pcredemo program
+  pcrestack         discussion of stack usage
+  pcresyntax        quick syntax reference
+  pcretest          description of the <b>pcretest</b> testing command
+  pcreunicode       discussion of Unicode and UTF-8/16/32 support
+</pre>
+In the "man" and HTML formats, there is also a short page for each C library
+function, listing its arguments and results.
+</P>
+<br><a name="SEC5" href="#TOC1">AUTHOR</a><br>
+<P>
+Philip Hazel
+<br>
+University Computing Service
+<br>
+Cambridge CB2 3QH, England.
+<br>
+</P>
+<P>
+Putting an actual email address here seems to have been a spam magnet, so I've
+taken it away. If you want to email me, use my two initials, followed by the
+two digits 10, at the domain cam.ac.uk.
+</P>
+<br><a name="SEC6" href="#TOC1">REVISION</a><br>
+<P>
+Last updated: 10 February 2015
+<br>
+Copyright &copy; 1997-2015 University of Cambridge.
+<br>
+<p>
+Return to the <a href="index.html">PCRE index page</a>.
+</p>
diff --git a/client/3rd/ShadowSocks/ShadowSocks/pcre/armv7/share/doc/pcre/html/pcre16.html b/client/3rd/ShadowSocks/ShadowSocks/pcre/armv7/share/doc/pcre/html/pcre16.html
new file mode 100644
index 00000000..f00859f0
--- /dev/null
+++ b/client/3rd/ShadowSocks/ShadowSocks/pcre/armv7/share/doc/pcre/html/pcre16.html
@@ -0,0 +1,384 @@
+<html>
+<head>
+<title>pcre16 specification</title>
+</head>
+<body bgcolor="#FFFFFF" text="#00005A" link="#0066FF" alink="#3399FF" vlink="#2222BB">
+<h1>pcre16 man page</h1>
+<p>
+Return to the <a href="index.html">PCRE index page</a>.
+</p>
+<p>
+This page is part of the PCRE HTML documentation. It was generated automatically
+from the original man page. If there is any nonsense in it, please consult the
+man page, in case the conversion went wrong.
+<br>
+<ul>
+<li><a name="TOC1" href="#SEC1">PCRE 16-BIT API BASIC FUNCTIONS</a>
+<li><a name="TOC2" href="#SEC2">PCRE 16-BIT API STRING EXTRACTION FUNCTIONS</a>
+<li><a name="TOC3" href="#SEC3">PCRE 16-BIT API AUXILIARY FUNCTIONS</a>
+<li><a name="TOC4" href="#SEC4">PCRE 16-BIT API INDIRECTED FUNCTIONS</a>
+<li><a name="TOC5" href="#SEC5">PCRE 16-BIT API 16-BIT-ONLY FUNCTION</a>
+<li><a name="TOC6" href="#SEC6">THE PCRE 16-BIT LIBRARY</a>
+<li><a name="TOC7" href="#SEC7">THE HEADER FILE</a>
+<li><a name="TOC8" href="#SEC8">THE LIBRARY NAME</a>
+<li><a name="TOC9" href="#SEC9">STRING TYPES</a>
+<li><a name="TOC10" href="#SEC10">STRUCTURE TYPES</a>
+<li><a name="TOC11" href="#SEC11">16-BIT FUNCTIONS</a>
+<li><a name="TOC12" href="#SEC12">SUBJECT STRING OFFSETS</a>
+<li><a name="TOC13" href="#SEC13">NAMED SUBPATTERNS</a>
+<li><a name="TOC14" href="#SEC14">OPTION NAMES</a>
+<li><a name="TOC15" href="#SEC15">CHARACTER CODES</a>
+<li><a name="TOC16" href="#SEC16">ERROR NAMES</a>
+<li><a name="TOC17" href="#SEC17">ERROR TEXTS</a>
+<li><a name="TOC18" href="#SEC18">CALLOUTS</a>
+<li><a name="TOC19" href="#SEC19">TESTING</a>
+<li><a name="TOC20" href="#SEC20">NOT SUPPORTED IN 16-BIT MODE</a>
+<li><a name="TOC21" href="#SEC21">AUTHOR</a>
+<li><a name="TOC22" href="#SEC22">REVISION</a>
+</ul>
+<P>
+<b>#include &#60;pcre.h&#62;</b>
+</P>
+<br><a name="SEC1" href="#TOC1">PCRE 16-BIT API BASIC FUNCTIONS</a><br>
+<P>
+<b>pcre16 *pcre16_compile(PCRE_SPTR16 <i>pattern</i>, int <i>options</i>,</b>
+<b>     const char **<i>errptr</i>, int *<i>erroffset</i>,</b>
+<b>     const unsigned char *<i>tableptr</i>);</b>
+<br>
+<br>
+<b>pcre16 *pcre16_compile2(PCRE_SPTR16 <i>pattern</i>, int <i>options</i>,</b>
+<b>     int *<i>errorcodeptr</i>,</b>
+<b>     const char **<i>errptr</i>, int *<i>erroffset</i>,</b>
+<b>     const unsigned char *<i>tableptr</i>);</b>
+<br>
+<br>
+<b>pcre16_extra *pcre16_study(const pcre16 *<i>code</i>, int <i>options</i>,</b>
+<b>     const char **<i>errptr</i>);</b>
+<br>
+<br>
+<b>void pcre16_free_study(pcre16_extra *<i>extra</i>);</b>
+<br>
+<br>
+<b>int pcre16_exec(const pcre16 *<i>code</i>, const pcre16_extra *<i>extra</i>,</b>
+<b>     PCRE_SPTR16 <i>subject</i>, int <i>length</i>, int <i>startoffset</i>,</b>
+<b>     int <i>options</i>, int *<i>ovector</i>, int <i>ovecsize</i>);</b>
+<br>
+<br>
+<b>int pcre16_dfa_exec(const pcre16 *<i>code</i>, const pcre16_extra *<i>extra</i>,</b>
+<b>     PCRE_SPTR16 <i>subject</i>, int <i>length</i>, int <i>startoffset</i>,</b>
+<b>     int <i>options</i>, int *<i>ovector</i>, int <i>ovecsize</i>,</b>
+<b>     int *<i>workspace</i>, int <i>wscount</i>);</b>
+</P>
+<br><a name="SEC2" href="#TOC1">PCRE 16-BIT API STRING EXTRACTION FUNCTIONS</a><br>
+<P>
+<b>int pcre16_copy_named_substring(const pcre16 *<i>code</i>,</b>
+<b>     PCRE_SPTR16 <i>subject</i>, int *<i>ovector</i>,</b>
+<b>     int <i>stringcount</i>, PCRE_SPTR16 <i>stringname</i>,</b>
+<b>     PCRE_UCHAR16 *<i>buffer</i>, int <i>buffersize</i>);</b>
+<br>
+<br>
+<b>int pcre16_copy_substring(PCRE_SPTR16 <i>subject</i>, int *<i>ovector</i>,</b>
+<b>     int <i>stringcount</i>, int <i>stringnumber</i>, PCRE_UCHAR16 *<i>buffer</i>,</b>
+<b>     int <i>buffersize</i>);</b>
+<br>
+<br>
+<b>int pcre16_get_named_substring(const pcre16 *<i>code</i>,</b>
+<b>     PCRE_SPTR16 <i>subject</i>, int *<i>ovector</i>,</b>
+<b>     int <i>stringcount</i>, PCRE_SPTR16 <i>stringname</i>,</b>
+<b>     PCRE_SPTR16 *<i>stringptr</i>);</b>
+<br>
+<br>
+<b>int pcre16_get_stringnumber(const pcre16 *<i>code</i>,</b>
+<b>"     PCRE_SPTR16 <i>name</i>);</b>
+<br>
+<br>
+<b>int pcre16_get_stringtable_entries(const pcre16 *<i>code</i>,</b>
+<b>     PCRE_SPTR16 <i>name</i>, PCRE_UCHAR16 **<i>first</i>, PCRE_UCHAR16 **<i>last</i>);</b>
+<br>
+<br>
+<b>int pcre16_get_substring(PCRE_SPTR16 <i>subject</i>, int *<i>ovector</i>,</b>
+<b>     int <i>stringcount</i>, int <i>stringnumber</i>,</b>
+<b>     PCRE_SPTR16 *<i>stringptr</i>);</b>
+<br>
+<br>
+<b>int pcre16_get_substring_list(PCRE_SPTR16 <i>subject</i>,</b>
+<b>     int *<i>ovector</i>, int <i>stringcount</i>, PCRE_SPTR16 **<i>listptr</i>);</b>
+<br>
+<br>
+<b>void pcre16_free_substring(PCRE_SPTR16 <i>stringptr</i>);</b>
+<br>
+<br>
+<b>void pcre16_free_substring_list(PCRE_SPTR16 *<i>stringptr</i>);</b>
+</P>
+<br><a name="SEC3" href="#TOC1">PCRE 16-BIT API AUXILIARY FUNCTIONS</a><br>
+<P>
+<b>pcre16_jit_stack *pcre16_jit_stack_alloc(int <i>startsize</i>, int <i>maxsize</i>);</b>
+<br>
+<br>
+<b>void pcre16_jit_stack_free(pcre16_jit_stack *<i>stack</i>);</b>
+<br>
+<br>
+<b>void pcre16_assign_jit_stack(pcre16_extra *<i>extra</i>,</b>
+<b>     pcre16_jit_callback <i>callback</i>, void *<i>data</i>);</b>
+<br>
+<br>
+<b>const unsigned char *pcre16_maketables(void);</b>
+<br>
+<br>
+<b>int pcre16_fullinfo(const pcre16 *<i>code</i>, const pcre16_extra *<i>extra</i>,</b>
+<b>     int <i>what</i>, void *<i>where</i>);</b>
+<br>
+<br>
+<b>int pcre16_refcount(pcre16 *<i>code</i>, int <i>adjust</i>);</b>
+<br>
+<br>
+<b>int pcre16_config(int <i>what</i>, void *<i>where</i>);</b>
+<br>
+<br>
+<b>const char *pcre16_version(void);</b>
+<br>
+<br>
+<b>int pcre16_pattern_to_host_byte_order(pcre16 *<i>code</i>,</b>
+<b>     pcre16_extra *<i>extra</i>, const unsigned char *<i>tables</i>);</b>
+</P>
+<br><a name="SEC4" href="#TOC1">PCRE 16-BIT API INDIRECTED FUNCTIONS</a><br>
+<P>
+<b>void *(*pcre16_malloc)(size_t);</b>
+<br>
+<br>
+<b>void (*pcre16_free)(void *);</b>
+<br>
+<br>
+<b>void *(*pcre16_stack_malloc)(size_t);</b>
+<br>
+<br>
+<b>void (*pcre16_stack_free)(void *);</b>
+<br>
+<br>
+<b>int (*pcre16_callout)(pcre16_callout_block *);</b>
+</P>
+<br><a name="SEC5" href="#TOC1">PCRE 16-BIT API 16-BIT-ONLY FUNCTION</a><br>
+<P>
+<b>int pcre16_utf16_to_host_byte_order(PCRE_UCHAR16 *<i>output</i>,</b>
+<b>     PCRE_SPTR16 <i>input</i>, int <i>length</i>, int *<i>byte_order</i>,</b>
+<b>     int <i>keep_boms</i>);</b>
+</P>
+<br><a name="SEC6" href="#TOC1">THE PCRE 16-BIT LIBRARY</a><br>
+<P>
+Starting with release 8.30, it is possible to compile a PCRE library that
+supports 16-bit character strings, including UTF-16 strings, as well as or
+instead of the original 8-bit library. The majority of the work to make this
+possible was done by Zoltan Herczeg. The two libraries contain identical sets
+of functions, used in exactly the same way. Only the names of the functions and
+the data types of their arguments and results are different. To avoid
+over-complication and reduce the documentation maintenance load, most of the
+PCRE documentation describes the 8-bit library, with only occasional references
+to the 16-bit library. This page describes what is different when you use the
+16-bit library.
+</P>
+<P>
+WARNING: A single application can be linked with both libraries, but you must
+take care when processing any particular pattern to use functions from just one
+library. For example, if you want to study a pattern that was compiled with
+<b>pcre16_compile()</b>, you must do so with <b>pcre16_study()</b>, not
+<b>pcre_study()</b>, and you must free the study data with
+<b>pcre16_free_study()</b>.
+</P>
+<br><a name="SEC7" href="#TOC1">THE HEADER FILE</a><br>
+<P>
+There is only one header file, <b>pcre.h</b>. It contains prototypes for all the
+functions in all libraries, as well as definitions of flags, structures, error
+codes, etc.
+</P>
+<br><a name="SEC8" href="#TOC1">THE LIBRARY NAME</a><br>
+<P>
+In Unix-like systems, the 16-bit library is called <b>libpcre16</b>, and can
+normally be accesss by adding <b>-lpcre16</b> to the command for linking an
+application that uses PCRE.
+</P>
+<br><a name="SEC9" href="#TOC1">STRING TYPES</a><br>
+<P>
+In the 8-bit library, strings are passed to PCRE library functions as vectors
+of bytes with the C type "char *". In the 16-bit library, strings are passed as
+vectors of unsigned 16-bit quantities. The macro PCRE_UCHAR16 specifies an
+appropriate data type, and PCRE_SPTR16 is defined as "const PCRE_UCHAR16 *". In
+very many environments, "short int" is a 16-bit data type. When PCRE is built,
+it defines PCRE_UCHAR16 as "unsigned short int", but checks that it really is a
+16-bit data type. If it is not, the build fails with an error message telling
+the maintainer to modify the definition appropriately.
+</P>
+<br><a name="SEC10" href="#TOC1">STRUCTURE TYPES</a><br>
+<P>
+The types of the opaque structures that are used for compiled 16-bit patterns
+and JIT stacks are <b>pcre16</b> and <b>pcre16_jit_stack</b> respectively. The
+type of the user-accessible structure that is returned by <b>pcre16_study()</b>
+is <b>pcre16_extra</b>, and the type of the structure that is used for passing
+data to a callout function is <b>pcre16_callout_block</b>. These structures
+contain the same fields, with the same names, as their 8-bit counterparts. The
+only difference is that pointers to character strings are 16-bit instead of
+8-bit types.
+</P>
+<br><a name="SEC11" href="#TOC1">16-BIT FUNCTIONS</a><br>
+<P>
+For every function in the 8-bit library there is a corresponding function in
+the 16-bit library with a name that starts with <b>pcre16_</b> instead of
+<b>pcre_</b>. The prototypes are listed above. In addition, there is one extra
+function, <b>pcre16_utf16_to_host_byte_order()</b>. This is a utility function
+that converts a UTF-16 character string to host byte order if necessary. The
+other 16-bit functions expect the strings they are passed to be in host byte
+order.
+</P>
+<P>
+The <i>input</i> and <i>output</i> arguments of
+<b>pcre16_utf16_to_host_byte_order()</b> may point to the same address, that is,
+conversion in place is supported. The output buffer must be at least as long as
+the input.
+</P>
+<P>
+The <i>length</i> argument specifies the number of 16-bit data units in the
+input string; a negative value specifies a zero-terminated string.
+</P>
+<P>
+If <i>byte_order</i> is NULL, it is assumed that the string starts off in host
+byte order. This may be changed by byte-order marks (BOMs) anywhere in the
+string (commonly as the first character).
+</P>
+<P>
+If <i>byte_order</i> is not NULL, a non-zero value of the integer to which it
+points means that the input starts off in host byte order, otherwise the
+opposite order is assumed. Again, BOMs in the string can change this. The final
+byte order is passed back at the end of processing.
+</P>
+<P>
+If <i>keep_boms</i> is not zero, byte-order mark characters (0xfeff) are copied
+into the output string. Otherwise they are discarded.
+</P>
+<P>
+The result of the function is the number of 16-bit units placed into the output
+buffer, including the zero terminator if the string was zero-terminated.
+</P>
+<br><a name="SEC12" href="#TOC1">SUBJECT STRING OFFSETS</a><br>
+<P>
+The lengths and starting offsets of subject strings must be specified in 16-bit
+data units, and the offsets within subject strings that are returned by the
+matching functions are in also 16-bit units rather than bytes.
+</P>
+<br><a name="SEC13" href="#TOC1">NAMED SUBPATTERNS</a><br>
+<P>
+The name-to-number translation table that is maintained for named subpatterns
+uses 16-bit characters. The <b>pcre16_get_stringtable_entries()</b> function
+returns the length of each entry in the table as the number of 16-bit data
+units.
+</P>
+<br><a name="SEC14" href="#TOC1">OPTION NAMES</a><br>
+<P>
+There are two new general option names, PCRE_UTF16 and PCRE_NO_UTF16_CHECK,
+which correspond to PCRE_UTF8 and PCRE_NO_UTF8_CHECK in the 8-bit library. In
+fact, these new options define the same bits in the options word. There is a
+discussion about the
+<a href="pcreunicode.html#utf16strings">validity of UTF-16 strings</a>
+in the
+<a href="pcreunicode.html"><b>pcreunicode</b></a>
+page.
+</P>
+<P>
+For the <b>pcre16_config()</b> function there is an option PCRE_CONFIG_UTF16
+that returns 1 if UTF-16 support is configured, otherwise 0. If this option is
+given to <b>pcre_config()</b> or <b>pcre32_config()</b>, or if the
+PCRE_CONFIG_UTF8 or PCRE_CONFIG_UTF32 option is given to <b>pcre16_config()</b>,
+the result is the PCRE_ERROR_BADOPTION error.
+</P>
+<br><a name="SEC15" href="#TOC1">CHARACTER CODES</a><br>
+<P>
+In 16-bit mode, when PCRE_UTF16 is not set, character values are treated in the
+same way as in 8-bit, non UTF-8 mode, except, of course, that they can range
+from 0 to 0xffff instead of 0 to 0xff. Character types for characters less than
+0xff can therefore be influenced by the locale in the same way as before.
+Characters greater than 0xff have only one case, and no "type" (such as letter
+or digit).
+</P>
+<P>
+In UTF-16 mode, the character code is Unicode, in the range 0 to 0x10ffff, with
+the exception of values in the range 0xd800 to 0xdfff because those are
+"surrogate" values that are used in pairs to encode values greater than 0xffff.
+</P>
+<P>
+A UTF-16 string can indicate its endianness by special code knows as a
+byte-order mark (BOM). The PCRE functions do not handle this, expecting strings
+to be in host byte order. A utility function called
+<b>pcre16_utf16_to_host_byte_order()</b> is provided to help with this (see
+above).
+</P>
+<br><a name="SEC16" href="#TOC1">ERROR NAMES</a><br>
+<P>
+The errors PCRE_ERROR_BADUTF16_OFFSET and PCRE_ERROR_SHORTUTF16 correspond to
+their 8-bit counterparts. The error PCRE_ERROR_BADMODE is given when a compiled
+pattern is passed to a function that processes patterns in the other
+mode, for example, if a pattern compiled with <b>pcre_compile()</b> is passed to
+<b>pcre16_exec()</b>.
+</P>
+<P>
+There are new error codes whose names begin with PCRE_UTF16_ERR for invalid
+UTF-16 strings, corresponding to the PCRE_UTF8_ERR codes for UTF-8 strings that
+are described in the section entitled
+<a href="pcreapi.html#badutf8reasons">"Reason codes for invalid UTF-8 strings"</a>
+in the main
+<a href="pcreapi.html"><b>pcreapi</b></a>
+page. The UTF-16 errors are:
+<pre>
+  PCRE_UTF16_ERR1  Missing low surrogate at end of string
+  PCRE_UTF16_ERR2  Invalid low surrogate follows high surrogate
+  PCRE_UTF16_ERR3  Isolated low surrogate
+  PCRE_UTF16_ERR4  Non-character
+</PRE>
+</P>
+<br><a name="SEC17" href="#TOC1">ERROR TEXTS</a><br>
+<P>
+If there is an error while compiling a pattern, the error text that is passed
+back by <b>pcre16_compile()</b> or <b>pcre16_compile2()</b> is still an 8-bit
+character string, zero-terminated.
+</P>
+<br><a name="SEC18" href="#TOC1">CALLOUTS</a><br>
+<P>
+The <i>subject</i> and <i>mark</i> fields in the callout block that is passed to
+a callout function point to 16-bit vectors.
+</P>
+<br><a name="SEC19" href="#TOC1">TESTING</a><br>
+<P>
+The <b>pcretest</b> program continues to operate with 8-bit input and output
+files, but it can be used for testing the 16-bit library. If it is run with the
+command line option <b>-16</b>, patterns and subject strings are converted from
+8-bit to 16-bit before being passed to PCRE, and the 16-bit library functions
+are used instead of the 8-bit ones. Returned 16-bit strings are converted to
+8-bit for output. If both the 8-bit and the 32-bit libraries were not compiled,
+<b>pcretest</b> defaults to 16-bit and the <b>-16</b> option is ignored.
+</P>
+<P>
+When PCRE is being built, the <b>RunTest</b> script that is called by "make
+check" uses the <b>pcretest</b> <b>-C</b> option to discover which of the 8-bit,
+16-bit and 32-bit libraries has been built, and runs the tests appropriately.
+</P>
+<br><a name="SEC20" href="#TOC1">NOT SUPPORTED IN 16-BIT MODE</a><br>
+<P>
+Not all the features of the 8-bit library are available with the 16-bit
+library. The C++ and POSIX wrapper functions support only the 8-bit library,
+and the <b>pcregrep</b> program is at present 8-bit only.
+</P>
+<br><a name="SEC21" href="#TOC1">AUTHOR</a><br>
+<P>
+Philip Hazel
+<br>
+University Computing Service
+<br>
+Cambridge CB2 3QH, England.
+<br>
+</P>
+<br><a name="SEC22" href="#TOC1">REVISION</a><br>
+<P>
+Last updated: 12 May 2013
+<br>
+Copyright &copy; 1997-2013 University of Cambridge.
+<br>
+<p>
+Return to the <a href="index.html">PCRE index page</a>.
+</p>
diff --git a/client/3rd/ShadowSocks/ShadowSocks/pcre/armv7/share/doc/pcre/html/pcre32.html b/client/3rd/ShadowSocks/ShadowSocks/pcre/armv7/share/doc/pcre/html/pcre32.html
new file mode 100644
index 00000000..f96876e7
--- /dev/null
+++ b/client/3rd/ShadowSocks/ShadowSocks/pcre/armv7/share/doc/pcre/html/pcre32.html
@@ -0,0 +1,382 @@
+<html>
+<head>
+<title>pcre32 specification</title>
+</head>
+<body bgcolor="#FFFFFF" text="#00005A" link="#0066FF" alink="#3399FF" vlink="#2222BB">
+<h1>pcre32 man page</h1>
+<p>
+Return to the <a href="index.html">PCRE index page</a>.
+</p>
+<p>
+This page is part of the PCRE HTML documentation. It was generated automatically
+from the original man page. If there is any nonsense in it, please consult the
+man page, in case the conversion went wrong.
+<br>
+<ul>
+<li><a name="TOC1" href="#SEC1">PCRE 32-BIT API BASIC FUNCTIONS</a>
+<li><a name="TOC2" href="#SEC2">PCRE 32-BIT API STRING EXTRACTION FUNCTIONS</a>
+<li><a name="TOC3" href="#SEC3">PCRE 32-BIT API AUXILIARY FUNCTIONS</a>
+<li><a name="TOC4" href="#SEC4">PCRE 32-BIT API INDIRECTED FUNCTIONS</a>
+<li><a name="TOC5" href="#SEC5">PCRE 32-BIT API 32-BIT-ONLY FUNCTION</a>
+<li><a name="TOC6" href="#SEC6">THE PCRE 32-BIT LIBRARY</a>
+<li><a name="TOC7" href="#SEC7">THE HEADER FILE</a>
+<li><a name="TOC8" href="#SEC8">THE LIBRARY NAME</a>
+<li><a name="TOC9" href="#SEC9">STRING TYPES</a>
+<li><a name="TOC10" href="#SEC10">STRUCTURE TYPES</a>
+<li><a name="TOC11" href="#SEC11">32-BIT FUNCTIONS</a>
+<li><a name="TOC12" href="#SEC12">SUBJECT STRING OFFSETS</a>
+<li><a name="TOC13" href="#SEC13">NAMED SUBPATTERNS</a>
+<li><a name="TOC14" href="#SEC14">OPTION NAMES</a>
+<li><a name="TOC15" href="#SEC15">CHARACTER CODES</a>
+<li><a name="TOC16" href="#SEC16">ERROR NAMES</a>
+<li><a name="TOC17" href="#SEC17">ERROR TEXTS</a>
+<li><a name="TOC18" href="#SEC18">CALLOUTS</a>
+<li><a name="TOC19" href="#SEC19">TESTING</a>
+<li><a name="TOC20" href="#SEC20">NOT SUPPORTED IN 32-BIT MODE</a>
+<li><a name="TOC21" href="#SEC21">AUTHOR</a>
+<li><a name="TOC22" href="#SEC22">REVISION</a>
+</ul>
+<P>
+<b>#include &#60;pcre.h&#62;</b>
+</P>
+<br><a name="SEC1" href="#TOC1">PCRE 32-BIT API BASIC FUNCTIONS</a><br>
+<P>
+<b>pcre32 *pcre32_compile(PCRE_SPTR32 <i>pattern</i>, int <i>options</i>,</b>
+<b>     const char **<i>errptr</i>, int *<i>erroffset</i>,</b>
+<b>     const unsigned char *<i>tableptr</i>);</b>
+<br>
+<br>
+<b>pcre32 *pcre32_compile2(PCRE_SPTR32 <i>pattern</i>, int <i>options</i>,</b>
+<b>     int *<i>errorcodeptr</i>,</b>
+<b>     const unsigned char *<i>tableptr</i>);</b>
+<br>
+<br>
+<b>pcre32_extra *pcre32_study(const pcre32 *<i>code</i>, int <i>options</i>,</b>
+<b>     const char **<i>errptr</i>);</b>
+<br>
+<br>
+<b>void pcre32_free_study(pcre32_extra *<i>extra</i>);</b>
+<br>
+<br>
+<b>int pcre32_exec(const pcre32 *<i>code</i>, const pcre32_extra *<i>extra</i>,</b>
+<b>     PCRE_SPTR32 <i>subject</i>, int <i>length</i>, int <i>startoffset</i>,</b>
+<b>     int <i>options</i>, int *<i>ovector</i>, int <i>ovecsize</i>);</b>
+<br>
+<br>
+<b>int pcre32_dfa_exec(const pcre32 *<i>code</i>, const pcre32_extra *<i>extra</i>,</b>
+<b>     PCRE_SPTR32 <i>subject</i>, int <i>length</i>, int <i>startoffset</i>,</b>
+<b>     int <i>options</i>, int *<i>ovector</i>, int <i>ovecsize</i>,</b>
+<b>     int *<i>workspace</i>, int <i>wscount</i>);</b>
+</P>
+<br><a name="SEC2" href="#TOC1">PCRE 32-BIT API STRING EXTRACTION FUNCTIONS</a><br>
+<P>
+<b>int pcre32_copy_named_substring(const pcre32 *<i>code</i>,</b>
+<b>     PCRE_SPTR32 <i>subject</i>, int *<i>ovector</i>,</b>
+<b>     int <i>stringcount</i>, PCRE_SPTR32 <i>stringname</i>,</b>
+<b>     PCRE_UCHAR32 *<i>buffer</i>, int <i>buffersize</i>);</b>
+<br>
+<br>
+<b>int pcre32_copy_substring(PCRE_SPTR32 <i>subject</i>, int *<i>ovector</i>,</b>
+<b>     int <i>stringcount</i>, int <i>stringnumber</i>, PCRE_UCHAR32 *<i>buffer</i>,</b>
+<b>     int <i>buffersize</i>);</b>
+<br>
+<br>
+<b>int pcre32_get_named_substring(const pcre32 *<i>code</i>,</b>
+<b>     PCRE_SPTR32 <i>subject</i>, int *<i>ovector</i>,</b>
+<b>     int <i>stringcount</i>, PCRE_SPTR32 <i>stringname</i>,</b>
+<b>     PCRE_SPTR32 *<i>stringptr</i>);</b>
+<br>
+<br>
+<b>int pcre32_get_stringnumber(const pcre32 *<i>code</i>,</b>
+<b>     PCRE_SPTR32 <i>name</i>);</b>
+<br>
+<br>
+<b>int pcre32_get_stringtable_entries(const pcre32 *<i>code</i>,</b>
+<b>     PCRE_SPTR32 <i>name</i>, PCRE_UCHAR32 **<i>first</i>, PCRE_UCHAR32 **<i>last</i>);</b>
+<br>
+<br>
+<b>int pcre32_get_substring(PCRE_SPTR32 <i>subject</i>, int *<i>ovector</i>,</b>
+<b>     int <i>stringcount</i>, int <i>stringnumber</i>,</b>
+<b>     PCRE_SPTR32 *<i>stringptr</i>);</b>
+<br>
+<br>
+<b>int pcre32_get_substring_list(PCRE_SPTR32 <i>subject</i>,</b>
+<b>     int *<i>ovector</i>, int <i>stringcount</i>, PCRE_SPTR32 **<i>listptr</i>);</b>
+<br>
+<br>
+<b>void pcre32_free_substring(PCRE_SPTR32 <i>stringptr</i>);</b>
+<br>
+<br>
+<b>void pcre32_free_substring_list(PCRE_SPTR32 *<i>stringptr</i>);</b>
+</P>
+<br><a name="SEC3" href="#TOC1">PCRE 32-BIT API AUXILIARY FUNCTIONS</a><br>
+<P>
+<b>pcre32_jit_stack *pcre32_jit_stack_alloc(int <i>startsize</i>, int <i>maxsize</i>);</b>
+<br>
+<br>
+<b>void pcre32_jit_stack_free(pcre32_jit_stack *<i>stack</i>);</b>
+<br>
+<br>
+<b>void pcre32_assign_jit_stack(pcre32_extra *<i>extra</i>,</b>
+<b>     pcre32_jit_callback <i>callback</i>, void *<i>data</i>);</b>
+<br>
+<br>
+<b>const unsigned char *pcre32_maketables(void);</b>
+<br>
+<br>
+<b>int pcre32_fullinfo(const pcre32 *<i>code</i>, const pcre32_extra *<i>extra</i>,</b>
+<b>     int <i>what</i>, void *<i>where</i>);</b>
+<br>
+<br>
+<b>int pcre32_refcount(pcre32 *<i>code</i>, int <i>adjust</i>);</b>
+<br>
+<br>
+<b>int pcre32_config(int <i>what</i>, void *<i>where</i>);</b>
+<br>
+<br>
+<b>const char *pcre32_version(void);</b>
+<br>
+<br>
+<b>int pcre32_pattern_to_host_byte_order(pcre32 *<i>code</i>,</b>
+<b>     pcre32_extra *<i>extra</i>, const unsigned char *<i>tables</i>);</b>
+</P>
+<br><a name="SEC4" href="#TOC1">PCRE 32-BIT API INDIRECTED FUNCTIONS</a><br>
+<P>
+<b>void *(*pcre32_malloc)(size_t);</b>
+<br>
+<br>
+<b>void (*pcre32_free)(void *);</b>
+<br>
+<br>
+<b>void *(*pcre32_stack_malloc)(size_t);</b>
+<br>
+<br>
+<b>void (*pcre32_stack_free)(void *);</b>
+<br>
+<br>
+<b>int (*pcre32_callout)(pcre32_callout_block *);</b>
+</P>
+<br><a name="SEC5" href="#TOC1">PCRE 32-BIT API 32-BIT-ONLY FUNCTION</a><br>
+<P>
+<b>int pcre32_utf32_to_host_byte_order(PCRE_UCHAR32 *<i>output</i>,</b>
+<b>     PCRE_SPTR32 <i>input</i>, int <i>length</i>, int *<i>byte_order</i>,</b>
+<b>     int <i>keep_boms</i>);</b>
+</P>
+<br><a name="SEC6" href="#TOC1">THE PCRE 32-BIT LIBRARY</a><br>
+<P>
+Starting with release 8.32, it is possible to compile a PCRE library that
+supports 32-bit character strings, including UTF-32 strings, as well as or
+instead of the original 8-bit library. This work was done by Christian Persch,
+based on the work done by Zoltan Herczeg for the 16-bit library. All three
+libraries contain identical sets of functions, used in exactly the same way.
+Only the names of the functions and the data types of their arguments and
+results are different. To avoid over-complication and reduce the documentation
+maintenance load, most of the PCRE documentation describes the 8-bit library,
+with only occasional references to the 16-bit and 32-bit libraries. This page
+describes what is different when you use the 32-bit library.
+</P>
+<P>
+WARNING: A single application can be linked with all or any of the three
+libraries, but you must take care when processing any particular pattern
+to use functions from just one library. For example, if you want to study
+a pattern that was compiled with <b>pcre32_compile()</b>, you must do so
+with <b>pcre32_study()</b>, not <b>pcre_study()</b>, and you must free the
+study data with <b>pcre32_free_study()</b>.
+</P>
+<br><a name="SEC7" href="#TOC1">THE HEADER FILE</a><br>
+<P>
+There is only one header file, <b>pcre.h</b>. It contains prototypes for all the
+functions in all libraries, as well as definitions of flags, structures, error
+codes, etc.
+</P>
+<br><a name="SEC8" href="#TOC1">THE LIBRARY NAME</a><br>
+<P>
+In Unix-like systems, the 32-bit library is called <b>libpcre32</b>, and can
+normally be accesss by adding <b>-lpcre32</b> to the command for linking an
+application that uses PCRE.
+</P>
+<br><a name="SEC9" href="#TOC1">STRING TYPES</a><br>
+<P>
+In the 8-bit library, strings are passed to PCRE library functions as vectors
+of bytes with the C type "char *". In the 32-bit library, strings are passed as
+vectors of unsigned 32-bit quantities. The macro PCRE_UCHAR32 specifies an
+appropriate data type, and PCRE_SPTR32 is defined as "const PCRE_UCHAR32 *". In
+very many environments, "unsigned int" is a 32-bit data type. When PCRE is
+built, it defines PCRE_UCHAR32 as "unsigned int", but checks that it really is
+a 32-bit data type. If it is not, the build fails with an error message telling
+the maintainer to modify the definition appropriately.
+</P>
+<br><a name="SEC10" href="#TOC1">STRUCTURE TYPES</a><br>
+<P>
+The types of the opaque structures that are used for compiled 32-bit patterns
+and JIT stacks are <b>pcre32</b> and <b>pcre32_jit_stack</b> respectively. The
+type of the user-accessible structure that is returned by <b>pcre32_study()</b>
+is <b>pcre32_extra</b>, and the type of the structure that is used for passing
+data to a callout function is <b>pcre32_callout_block</b>. These structures
+contain the same fields, with the same names, as their 8-bit counterparts. The
+only difference is that pointers to character strings are 32-bit instead of
+8-bit types.
+</P>
+<br><a name="SEC11" href="#TOC1">32-BIT FUNCTIONS</a><br>
+<P>
+For every function in the 8-bit library there is a corresponding function in
+the 32-bit library with a name that starts with <b>pcre32_</b> instead of
+<b>pcre_</b>. The prototypes are listed above. In addition, there is one extra
+function, <b>pcre32_utf32_to_host_byte_order()</b>. This is a utility function
+that converts a UTF-32 character string to host byte order if necessary. The
+other 32-bit functions expect the strings they are passed to be in host byte
+order.
+</P>
+<P>
+The <i>input</i> and <i>output</i> arguments of
+<b>pcre32_utf32_to_host_byte_order()</b> may point to the same address, that is,
+conversion in place is supported. The output buffer must be at least as long as
+the input.
+</P>
+<P>
+The <i>length</i> argument specifies the number of 32-bit data units in the
+input string; a negative value specifies a zero-terminated string.
+</P>
+<P>
+If <i>byte_order</i> is NULL, it is assumed that the string starts off in host
+byte order. This may be changed by byte-order marks (BOMs) anywhere in the
+string (commonly as the first character).
+</P>
+<P>
+If <i>byte_order</i> is not NULL, a non-zero value of the integer to which it
+points means that the input starts off in host byte order, otherwise the
+opposite order is assumed. Again, BOMs in the string can change this. The final
+byte order is passed back at the end of processing.
+</P>
+<P>
+If <i>keep_boms</i> is not zero, byte-order mark characters (0xfeff) are copied
+into the output string. Otherwise they are discarded.
+</P>
+<P>
+The result of the function is the number of 32-bit units placed into the output
+buffer, including the zero terminator if the string was zero-terminated.
+</P>
+<br><a name="SEC12" href="#TOC1">SUBJECT STRING OFFSETS</a><br>
+<P>
+The lengths and starting offsets of subject strings must be specified in 32-bit
+data units, and the offsets within subject strings that are returned by the
+matching functions are in also 32-bit units rather than bytes.
+</P>
+<br><a name="SEC13" href="#TOC1">NAMED SUBPATTERNS</a><br>
+<P>
+The name-to-number translation table that is maintained for named subpatterns
+uses 32-bit characters. The <b>pcre32_get_stringtable_entries()</b> function
+returns the length of each entry in the table as the number of 32-bit data
+units.
+</P>
+<br><a name="SEC14" href="#TOC1">OPTION NAMES</a><br>
+<P>
+There are two new general option names, PCRE_UTF32 and PCRE_NO_UTF32_CHECK,
+which correspond to PCRE_UTF8 and PCRE_NO_UTF8_CHECK in the 8-bit library. In
+fact, these new options define the same bits in the options word. There is a
+discussion about the
+<a href="pcreunicode.html#utf32strings">validity of UTF-32 strings</a>
+in the
+<a href="pcreunicode.html"><b>pcreunicode</b></a>
+page.
+</P>
+<P>
+For the <b>pcre32_config()</b> function there is an option PCRE_CONFIG_UTF32
+that returns 1 if UTF-32 support is configured, otherwise 0. If this option is
+given to <b>pcre_config()</b> or <b>pcre16_config()</b>, or if the
+PCRE_CONFIG_UTF8 or PCRE_CONFIG_UTF16 option is given to <b>pcre32_config()</b>,
+the result is the PCRE_ERROR_BADOPTION error.
+</P>
+<br><a name="SEC15" href="#TOC1">CHARACTER CODES</a><br>
+<P>
+In 32-bit mode, when PCRE_UTF32 is not set, character values are treated in the
+same way as in 8-bit, non UTF-8 mode, except, of course, that they can range
+from 0 to 0x7fffffff instead of 0 to 0xff. Character types for characters less
+than 0xff can therefore be influenced by the locale in the same way as before.
+Characters greater than 0xff have only one case, and no "type" (such as letter
+or digit).
+</P>
+<P>
+In UTF-32 mode, the character code is Unicode, in the range 0 to 0x10ffff, with
+the exception of values in the range 0xd800 to 0xdfff because those are
+"surrogate" values that are ill-formed in UTF-32.
+</P>
+<P>
+A UTF-32 string can indicate its endianness by special code knows as a
+byte-order mark (BOM). The PCRE functions do not handle this, expecting strings
+to be in host byte order. A utility function called
+<b>pcre32_utf32_to_host_byte_order()</b> is provided to help with this (see
+above).
+</P>
+<br><a name="SEC16" href="#TOC1">ERROR NAMES</a><br>
+<P>
+The error PCRE_ERROR_BADUTF32 corresponds to its 8-bit counterpart.
+The error PCRE_ERROR_BADMODE is given when a compiled
+pattern is passed to a function that processes patterns in the other
+mode, for example, if a pattern compiled with <b>pcre_compile()</b> is passed to
+<b>pcre32_exec()</b>.
+</P>
+<P>
+There are new error codes whose names begin with PCRE_UTF32_ERR for invalid
+UTF-32 strings, corresponding to the PCRE_UTF8_ERR codes for UTF-8 strings that
+are described in the section entitled
+<a href="pcreapi.html#badutf8reasons">"Reason codes for invalid UTF-8 strings"</a>
+in the main
+<a href="pcreapi.html"><b>pcreapi</b></a>
+page. The UTF-32 errors are:
+<pre>
+  PCRE_UTF32_ERR1  Surrogate character (range from 0xd800 to 0xdfff)
+  PCRE_UTF32_ERR2  Non-character
+  PCRE_UTF32_ERR3  Character &#62; 0x10ffff
+</PRE>
+</P>
+<br><a name="SEC17" href="#TOC1">ERROR TEXTS</a><br>
+<P>
+If there is an error while compiling a pattern, the error text that is passed
+back by <b>pcre32_compile()</b> or <b>pcre32_compile2()</b> is still an 8-bit
+character string, zero-terminated.
+</P>
+<br><a name="SEC18" href="#TOC1">CALLOUTS</a><br>
+<P>
+The <i>subject</i> and <i>mark</i> fields in the callout block that is passed to
+a callout function point to 32-bit vectors.
+</P>
+<br><a name="SEC19" href="#TOC1">TESTING</a><br>
+<P>
+The <b>pcretest</b> program continues to operate with 8-bit input and output
+files, but it can be used for testing the 32-bit library. If it is run with the
+command line option <b>-32</b>, patterns and subject strings are converted from
+8-bit to 32-bit before being passed to PCRE, and the 32-bit library functions
+are used instead of the 8-bit ones. Returned 32-bit strings are converted to
+8-bit for output. If both the 8-bit and the 16-bit libraries were not compiled,
+<b>pcretest</b> defaults to 32-bit and the <b>-32</b> option is ignored.
+</P>
+<P>
+When PCRE is being built, the <b>RunTest</b> script that is called by "make
+check" uses the <b>pcretest</b> <b>-C</b> option to discover which of the 8-bit,
+16-bit and 32-bit libraries has been built, and runs the tests appropriately.
+</P>
+<br><a name="SEC20" href="#TOC1">NOT SUPPORTED IN 32-BIT MODE</a><br>
+<P>
+Not all the features of the 8-bit library are available with the 32-bit
+library. The C++ and POSIX wrapper functions support only the 8-bit library,
+and the <b>pcregrep</b> program is at present 8-bit only.
+</P>
+<br><a name="SEC21" href="#TOC1">AUTHOR</a><br>
+<P>
+Philip Hazel
+<br>
+University Computing Service
+<br>
+Cambridge CB2 3QH, England.
+<br>
+</P>
+<br><a name="SEC22" href="#TOC1">REVISION</a><br>
+<P>
+Last updated: 12 May 2013
+<br>
+Copyright &copy; 1997-2013 University of Cambridge.
+<br>
+<p>
+Return to the <a href="index.html">PCRE index page</a>.
+</p>
diff --git a/client/3rd/ShadowSocks/ShadowSocks/pcre/armv7/share/doc/pcre/html/pcre_assign_jit_stack.html b/client/3rd/ShadowSocks/ShadowSocks/pcre/armv7/share/doc/pcre/html/pcre_assign_jit_stack.html
new file mode 100644
index 00000000..b2eef704
--- /dev/null
+++ b/client/3rd/ShadowSocks/ShadowSocks/pcre/armv7/share/doc/pcre/html/pcre_assign_jit_stack.html
@@ -0,0 +1,76 @@
+<html>
+<head>
+<title>pcre_assign_jit_stack specification</title>
+</head>
+<body bgcolor="#FFFFFF" text="#00005A" link="#0066FF" alink="#3399FF" vlink="#2222BB">
+<h1>pcre_assign_jit_stack man page</h1>
+<p>
+Return to the <a href="index.html">PCRE index page</a>.
+</p>
+<p>
+This page is part of the PCRE HTML documentation. It was generated automatically
+from the original man page. If there is any nonsense in it, please consult the
+man page, in case the conversion went wrong.
+<br>
+<br><b>
+SYNOPSIS
+</b><br>
+<P>
+<b>#include &#60;pcre.h&#62;</b>
+</P>
+<P>
+<b>void pcre_assign_jit_stack(pcre_extra *<i>extra</i>,</b>
+<b>     pcre_jit_callback <i>callback</i>, void *<i>data</i>);</b>
+<br>
+<br>
+<b>void pcre16_assign_jit_stack(pcre16_extra *<i>extra</i>,</b>
+<b>     pcre16_jit_callback <i>callback</i>, void *<i>data</i>);</b>
+<br>
+<br>
+<b>void pcre32_assign_jit_stack(pcre32_extra *<i>extra</i>,</b>
+<b>     pcre32_jit_callback <i>callback</i>, void *<i>data</i>);</b>
+</P>
+<br><b>
+DESCRIPTION
+</b><br>
+<P>
+This function provides control over the memory used as a stack at run-time by a
+call to <b>pcre[16|32]_exec()</b> with a pattern that has been successfully
+compiled with JIT optimization. The arguments are:
+<pre>
+  extra     the data pointer returned by <b>pcre[16|32]_study()</b>
+  callback  a callback function
+  data      a JIT stack or a value to be passed to the callback
+              function
+</PRE>
+</P>
+<P>
+If <i>callback</i> is NULL and <i>data</i> is NULL, an internal 32K block on
+the machine stack is used.
+</P>
+<P>
+If <i>callback</i> is NULL and <i>data</i> is not NULL, <i>data</i> must
+be a valid JIT stack, the result of calling <b>pcre[16|32]_jit_stack_alloc()</b>.
+</P>
+<P>
+If <i>callback</i> not NULL, it is called with <i>data</i> as an argument at
+the start of matching, in order to set up a JIT stack. If the result is NULL,
+the internal 32K stack is used; otherwise the return value must be a valid JIT
+stack, the result of calling <b>pcre[16|32]_jit_stack_alloc()</b>.
+</P>
+<P>
+You may safely assign the same JIT stack to multiple patterns, as long as they
+are all matched in the same thread. In a multithread application, each thread
+must use its own JIT stack. For more details, see the
+<a href="pcrejit.html"><b>pcrejit</b></a>
+page.
+</P>
+<P>
+There is a complete description of the PCRE native API in the
+<a href="pcreapi.html"><b>pcreapi</b></a>
+page and a description of the POSIX API in the
+<a href="pcreposix.html"><b>pcreposix</b></a>
+page.
+<p>
+Return to the <a href="index.html">PCRE index page</a>.
+</p>
diff --git a/client/3rd/ShadowSocks/ShadowSocks/pcre/armv7/share/doc/pcre/html/pcre_compile.html b/client/3rd/ShadowSocks/ShadowSocks/pcre/armv7/share/doc/pcre/html/pcre_compile.html
new file mode 100644
index 00000000..95b4bec6
--- /dev/null
+++ b/client/3rd/ShadowSocks/ShadowSocks/pcre/armv7/share/doc/pcre/html/pcre_compile.html
@@ -0,0 +1,111 @@
+<html>
+<head>
+<title>pcre_compile specification</title>
+</head>
+<body bgcolor="#FFFFFF" text="#00005A" link="#0066FF" alink="#3399FF" vlink="#2222BB">
+<h1>pcre_compile man page</h1>
+<p>
+Return to the <a href="index.html">PCRE index page</a>.
+</p>
+<p>
+This page is part of the PCRE HTML documentation. It was generated automatically
+from the original man page. If there is any nonsense in it, please consult the
+man page, in case the conversion went wrong.
+<br>
+<br><b>
+SYNOPSIS
+</b><br>
+<P>
+<b>#include &#60;pcre.h&#62;</b>
+</P>
+<P>
+<b>pcre *pcre_compile(const char *<i>pattern</i>, int <i>options</i>,</b>
+<b>     const char **<i>errptr</i>, int *<i>erroffset</i>,</b>
+<b>     const unsigned char *<i>tableptr</i>);</b>
+<br>
+<br>
+<b>pcre16 *pcre16_compile(PCRE_SPTR16 <i>pattern</i>, int <i>options</i>,</b>
+<b>     const char **<i>errptr</i>, int *<i>erroffset</i>,</b>
+<b>     const unsigned char *<i>tableptr</i>);</b>
+<br>
+<br>
+<b>pcre32 *pcre32_compile(PCRE_SPTR32 <i>pattern</i>, int <i>options</i>,</b>
+<b>     const char **<i>errptr</i>, int *<i>erroffset</i>,</b>
+<b>     const unsigned char *<i>tableptr</i>);</b>
+</P>
+<br><b>
+DESCRIPTION
+</b><br>
+<P>
+This function compiles a regular expression into an internal form. It is the
+same as <b>pcre[16|32]_compile2()</b>, except for the absence of the
+<i>errorcodeptr</i> argument. Its arguments are:
+<pre>
+  <i>pattern</i>       A zero-terminated string containing the
+                  regular expression to be compiled
+  <i>options</i>       Zero or more option bits
+  <i>errptr</i>        Where to put an error message
+  <i>erroffset</i>     Offset in pattern where error was found
+  <i>tableptr</i>      Pointer to character tables, or NULL to
+                  use the built-in default
+</pre>
+The option bits are:
+<pre>
+  PCRE_ANCHORED           Force pattern anchoring
+  PCRE_AUTO_CALLOUT       Compile automatic callouts
+  PCRE_BSR_ANYCRLF        \R matches only CR, LF, or CRLF
+  PCRE_BSR_UNICODE        \R matches all Unicode line endings
+  PCRE_CASELESS           Do caseless matching
+  PCRE_DOLLAR_ENDONLY     $ not to match newline at end
+  PCRE_DOTALL             . matches anything including NL
+  PCRE_DUPNAMES           Allow duplicate names for subpatterns
+  PCRE_EXTENDED           Ignore white space and # comments
+  PCRE_EXTRA              PCRE extra features
+                            (not much use currently)
+  PCRE_FIRSTLINE          Force matching to be before newline
+  PCRE_JAVASCRIPT_COMPAT  JavaScript compatibility
+  PCRE_MULTILINE          ^ and $ match newlines within data
+  PCRE_NEVER_UTF          Lock out UTF, e.g. via (*UTF)
+  PCRE_NEWLINE_ANY        Recognize any Unicode newline sequence
+  PCRE_NEWLINE_ANYCRLF    Recognize CR, LF, and CRLF as newline
+                            sequences
+  PCRE_NEWLINE_CR         Set CR as the newline sequence
+  PCRE_NEWLINE_CRLF       Set CRLF as the newline sequence
+  PCRE_NEWLINE_LF         Set LF as the newline sequence
+  PCRE_NO_AUTO_CAPTURE    Disable numbered capturing paren-
+                            theses (named ones available)
+  PCRE_NO_AUTO_POSSESS    Disable auto-possessification
+  PCRE_NO_START_OPTIMIZE  Disable match-time start optimizations
+  PCRE_NO_UTF16_CHECK     Do not check the pattern for UTF-16
+                            validity (only relevant if
+                            PCRE_UTF16 is set)
+  PCRE_NO_UTF32_CHECK     Do not check the pattern for UTF-32
+                            validity (only relevant if
+                            PCRE_UTF32 is set)
+  PCRE_NO_UTF8_CHECK      Do not check the pattern for UTF-8
+                            validity (only relevant if
+                            PCRE_UTF8 is set)
+  PCRE_UCP                Use Unicode properties for \d, \w, etc.
+  PCRE_UNGREEDY           Invert greediness of quantifiers
+  PCRE_UTF16              Run in <b>pcre16_compile()</b> UTF-16 mode
+  PCRE_UTF32              Run in <b>pcre32_compile()</b> UTF-32 mode
+  PCRE_UTF8               Run in <b>pcre_compile()</b> UTF-8 mode
+</pre>
+PCRE must be built with UTF support in order to use PCRE_UTF8/16/32 and
+PCRE_NO_UTF8/16/32_CHECK, and with UCP support if PCRE_UCP is used.
+</P>
+<P>
+The yield of the function is a pointer to a private data structure that
+contains the compiled pattern, or NULL if an error was detected. Note that
+compiling regular expressions with one version of PCRE for use with a different
+version is not guaranteed to work and may cause crashes.
+</P>
+<P>
+There is a complete description of the PCRE native API in the
+<a href="pcreapi.html"><b>pcreapi</b></a>
+page and a description of the POSIX API in the
+<a href="pcreposix.html"><b>pcreposix</b></a>
+page.
+<p>
+Return to the <a href="index.html">PCRE index page</a>.
+</p>
diff --git a/client/3rd/ShadowSocks/ShadowSocks/pcre/armv7/share/doc/pcre/html/pcre_compile2.html b/client/3rd/ShadowSocks/ShadowSocks/pcre/armv7/share/doc/pcre/html/pcre_compile2.html
new file mode 100644
index 00000000..9cd56a23
--- /dev/null
+++ b/client/3rd/ShadowSocks/ShadowSocks/pcre/armv7/share/doc/pcre/html/pcre_compile2.html
@@ -0,0 +1,115 @@
+<html>
+<head>
+<title>pcre_compile2 specification</title>
+</head>
+<body bgcolor="#FFFFFF" text="#00005A" link="#0066FF" alink="#3399FF" vlink="#2222BB">
+<h1>pcre_compile2 man page</h1>
+<p>
+Return to the <a href="index.html">PCRE index page</a>.
+</p>
+<p>
+This page is part of the PCRE HTML documentation. It was generated automatically
+from the original man page. If there is any nonsense in it, please consult the
+man page, in case the conversion went wrong.
+<br>
+<br><b>
+SYNOPSIS
+</b><br>
+<P>
+<b>#include &#60;pcre.h&#62;</b>
+</P>
+<P>
+<b>pcre *pcre_compile2(const char *<i>pattern</i>, int <i>options</i>,</b>
+<b>     int *<i>errorcodeptr</i>,</b>
+<b>     const char **<i>errptr</i>, int *<i>erroffset</i>,</b>
+<b>     const unsigned char *<i>tableptr</i>);</b>
+<br>
+<br>
+<b>pcre16 *pcre16_compile2(PCRE_SPTR16 <i>pattern</i>, int <i>options</i>,</b>
+<b>     int *<i>errorcodeptr</i>,</b>
+<b>     const char **<i>errptr</i>, int *<i>erroffset</i>,</b>
+<b>     const unsigned char *<i>tableptr</i>);</b>
+<br>
+<br>
+<b>pcre32 *pcre32_compile2(PCRE_SPTR32 <i>pattern</i>, int <i>options</i>,</b>
+<b>"     int *<i>errorcodeptr</i>,£</b>
+<b>     const char **<i>errptr</i>, int *<i>erroffset</i>,</b>
+<b>     const unsigned char *<i>tableptr</i>);</b>
+</P>
+<br><b>
+DESCRIPTION
+</b><br>
+<P>
+This function compiles a regular expression into an internal form. It is the
+same as <b>pcre[16|32]_compile()</b>, except for the addition of the
+<i>errorcodeptr</i> argument. The arguments are:
+<pre>
+  <i>pattern</i>       A zero-terminated string containing the
+                  regular expression to be compiled
+  <i>options</i>       Zero or more option bits
+  <i>errorcodeptr</i>  Where to put an error code
+  <i>errptr</i>        Where to put an error message
+  <i>erroffset</i>     Offset in pattern where error was found
+  <i>tableptr</i>      Pointer to character tables, or NULL to
+                  use the built-in default
+</pre>
+The option bits are:
+<pre>
+  PCRE_ANCHORED           Force pattern anchoring
+  PCRE_AUTO_CALLOUT       Compile automatic callouts
+  PCRE_BSR_ANYCRLF        \R matches only CR, LF, or CRLF
+  PCRE_BSR_UNICODE        \R matches all Unicode line endings
+  PCRE_CASELESS           Do caseless matching
+  PCRE_DOLLAR_ENDONLY     $ not to match newline at end
+  PCRE_DOTALL             . matches anything including NL
+  PCRE_DUPNAMES           Allow duplicate names for subpatterns
+  PCRE_EXTENDED           Ignore white space and # comments
+  PCRE_EXTRA              PCRE extra features
+                            (not much use currently)
+  PCRE_FIRSTLINE          Force matching to be before newline
+  PCRE_JAVASCRIPT_COMPAT  JavaScript compatibility
+  PCRE_MULTILINE          ^ and $ match newlines within data
+  PCRE_NEVER_UTF          Lock out UTF, e.g. via (*UTF)
+  PCRE_NEWLINE_ANY        Recognize any Unicode newline sequence
+  PCRE_NEWLINE_ANYCRLF    Recognize CR, LF, and CRLF as newline
+                            sequences
+  PCRE_NEWLINE_CR         Set CR as the newline sequence
+  PCRE_NEWLINE_CRLF       Set CRLF as the newline sequence
+  PCRE_NEWLINE_LF         Set LF as the newline sequence
+  PCRE_NO_AUTO_CAPTURE    Disable numbered capturing paren-
+                            theses (named ones available)
+  PCRE_NO_AUTO_POSSESS    Disable auto-possessification
+  PCRE_NO_START_OPTIMIZE  Disable match-time start optimizations
+  PCRE_NO_UTF16_CHECK     Do not check the pattern for UTF-16
+                            validity (only relevant if
+                            PCRE_UTF16 is set)
+  PCRE_NO_UTF32_CHECK     Do not check the pattern for UTF-32
+                            validity (only relevant if
+                            PCRE_UTF32 is set)
+  PCRE_NO_UTF8_CHECK      Do not check the pattern for UTF-8
+                            validity (only relevant if
+                            PCRE_UTF8 is set)
+  PCRE_UCP                Use Unicode properties for \d, \w, etc.
+  PCRE_UNGREEDY           Invert greediness of quantifiers
+  PCRE_UTF16              Run <b>pcre16_compile()</b> in UTF-16 mode
+  PCRE_UTF32              Run <b>pcre32_compile()</b> in UTF-32 mode
+  PCRE_UTF8               Run <b>pcre_compile()</b> in UTF-8 mode
+</pre>
+PCRE must be built with UTF support in order to use PCRE_UTF8/16/32 and
+PCRE_NO_UTF8/16/32_CHECK, and with UCP support if PCRE_UCP is used.
+</P>
+<P>
+The yield of the function is a pointer to a private data structure that
+contains the compiled pattern, or NULL if an error was detected. Note that
+compiling regular expressions with one version of PCRE for use with a different
+version is not guaranteed to work and may cause crashes.
+</P>
+<P>
+There is a complete description of the PCRE native API in the
+<a href="pcreapi.html"><b>pcreapi</b></a>
+page and a description of the POSIX API in the
+<a href="pcreposix.html"><b>pcreposix</b></a>
+page.
+<p>
+Return to the <a href="index.html">PCRE index page</a>.
+</p>
diff --git a/client/3rd/ShadowSocks/ShadowSocks/pcre/armv7/share/doc/pcre/html/pcre_config.html b/client/3rd/ShadowSocks/ShadowSocks/pcre/armv7/share/doc/pcre/html/pcre_config.html
new file mode 100644
index 00000000..72fb9caa
--- /dev/null
+++ b/client/3rd/ShadowSocks/ShadowSocks/pcre/armv7/share/doc/pcre/html/pcre_config.html
@@ -0,0 +1,94 @@
+<html>
+<head>
+<title>pcre_config specification</title>
+</head>
+<body bgcolor="#FFFFFF" text="#00005A" link="#0066FF" alink="#3399FF" vlink="#2222BB">
+<h1>pcre_config man page</h1>
+<p>
+Return to the <a href="index.html">PCRE index page</a>.
+</p>
+<p>
+This page is part of the PCRE HTML documentation. It was generated automatically
+from the original man page. If there is any nonsense in it, please consult the
+man page, in case the conversion went wrong.
+<br>
+<br><b>
+SYNOPSIS
+</b><br>
+<P>
+<b>#include &#60;pcre.h&#62;</b>
+</P>
+<P>
+<b>int pcre_config(int <i>what</i>, void *<i>where</i>);</b>
+</P>
+<P>
+<b>int pcre16_config(int <i>what</i>, void *<i>where</i>);</b>
+</P>
+<P>
+<b>int pcre32_config(int <i>what</i>, void *<i>where</i>);</b>
+</P>
+<br><b>
+DESCRIPTION
+</b><br>
+<P>
+This function makes it possible for a client program to find out which optional
+features are available in the version of the PCRE library it is using. The
+arguments are as follows:
+<pre>
+  <i>what</i>     A code specifying what information is required
+  <i>where</i>    Points to where to put the data
+</pre>
+The <i>where</i> argument must point to an integer variable, except for
+PCRE_CONFIG_MATCH_LIMIT, PCRE_CONFIG_MATCH_LIMIT_RECURSION, and
+PCRE_CONFIG_PARENS_LIMIT, when it must point to an unsigned long integer,
+and for PCRE_CONFIG_JITTARGET, when it must point to a const char*.
+The available codes are:
+<pre>
+  PCRE_CONFIG_JIT           Availability of just-in-time compiler
+                              support (1=yes 0=no)
+  PCRE_CONFIG_JITTARGET     String containing information about the
+                              target architecture for the JIT compiler,
+                              or NULL if there is no JIT support
+  PCRE_CONFIG_LINK_SIZE     Internal link size: 2, 3, or 4
+  PCRE_CONFIG_PARENS_LIMIT  Parentheses nesting limit
+  PCRE_CONFIG_MATCH_LIMIT   Internal resource limit
+  PCRE_CONFIG_MATCH_LIMIT_RECURSION
+                            Internal recursion depth limit
+  PCRE_CONFIG_NEWLINE       Value of the default newline sequence:
+                                13 (0x000d)    for CR
+                                10 (0x000a)    for LF
+                              3338 (0x0d0a)    for CRLF
+                                -2             for ANYCRLF
+                                -1             for ANY
+  PCRE_CONFIG_BSR           Indicates what \R matches by default:
+                                 0             all Unicode line endings
+                                 1             CR, LF, or CRLF only
+  PCRE_CONFIG_POSIX_MALLOC_THRESHOLD
+                            Threshold of return slots, above which
+                              <b>malloc()</b> is used by the POSIX API
+  PCRE_CONFIG_STACKRECURSE  Recursion implementation (1=stack 0=heap)
+  PCRE_CONFIG_UTF16         Availability of UTF-16 support (1=yes
+                               0=no); option for <b>pcre16_config()</b>
+  PCRE_CONFIG_UTF32         Availability of UTF-32 support (1=yes
+                               0=no); option for <b>pcre32_config()</b>
+  PCRE_CONFIG_UTF8          Availability of UTF-8 support (1=yes 0=no);
+                              option for <b>pcre_config()</b>
+  PCRE_CONFIG_UNICODE_PROPERTIES
+                            Availability of Unicode property support
+                              (1=yes 0=no)
+</pre>
+The function yields 0 on success or PCRE_ERROR_BADOPTION otherwise. That error
+is also given if PCRE_CONFIG_UTF16 or PCRE_CONFIG_UTF32 is passed to
+<b>pcre_config()</b>, if PCRE_CONFIG_UTF8 or PCRE_CONFIG_UTF32 is passed to
+<b>pcre16_config()</b>, or if PCRE_CONFIG_UTF8 or PCRE_CONFIG_UTF16 is passed to
+<b>pcre32_config()</b>.
+</P>
+<P>
+There is a complete description of the PCRE native API in the
+<a href="pcreapi.html"><b>pcreapi</b></a>
+page and a description of the POSIX API in the
+<a href="pcreposix.html"><b>pcreposix</b></a>
+page.
+<p>
+Return to the <a href="index.html">PCRE index page</a>.
+</p>
diff --git a/client/3rd/ShadowSocks/ShadowSocks/pcre/armv7/share/doc/pcre/html/pcre_copy_named_substring.html b/client/3rd/ShadowSocks/ShadowSocks/pcre/armv7/share/doc/pcre/html/pcre_copy_named_substring.html
new file mode 100644
index 00000000..77b48043
--- /dev/null
+++ b/client/3rd/ShadowSocks/ShadowSocks/pcre/armv7/share/doc/pcre/html/pcre_copy_named_substring.html
@@ -0,0 +1,65 @@
+<html>
+<head>
+<title>pcre_copy_named_substring specification</title>
+</head>
+<body bgcolor="#FFFFFF" text="#00005A" link="#0066FF" alink="#3399FF" vlink="#2222BB">
+<h1>pcre_copy_named_substring man page</h1>
+<p>
+Return to the <a href="index.html">PCRE index page</a>.
+</p>
+<p>
+This page is part of the PCRE HTML documentation. It was generated automatically
+from the original man page. If there is any nonsense in it, please consult the
+man page, in case the conversion went wrong.
+<br>
+<br><b>
+SYNOPSIS
+</b><br>
+<P>
+<b>#include &#60;pcre.h&#62;</b>
+</P>
+<P>
+<b>int pcre_copy_named_substring(const pcre *<i>code</i>,</b>
+<b>     const char *<i>subject</i>, int *<i>ovector</i>,</b>
+<b>     int <i>stringcount</i>, const char *<i>stringname</i>,</b>
+<b>     char *<i>buffer</i>, int <i>buffersize</i>);</b>
+<br>
+<br>
+<b>int pcre16_copy_named_substring(const pcre16 *<i>code</i>,</b>
+<b>     PCRE_SPTR16 <i>subject</i>, int *<i>ovector</i>,</b>
+<b>     int <i>stringcount</i>, PCRE_SPTR16 <i>stringname</i>,</b>
+<b>     PCRE_UCHAR16 *<i>buffer</i>, int <i>buffersize</i>);</b>
+<br>
+<br>
+<b>int pcre32_copy_named_substring(const pcre32 *<i>code</i>,</b>
+<b>     PCRE_SPTR32 <i>subject</i>, int *<i>ovector</i>,</b>
+<b>     int <i>stringcount</i>, PCRE_SPTR32 <i>stringname</i>,</b>
+<b>     PCRE_UCHAR32 *<i>buffer</i>, int <i>buffersize</i>);</b>
+</P>
+<br><b>
+DESCRIPTION
+</b><br>
+<P>
+This is a convenience function for extracting a captured substring, identified
+by name, into a given buffer. The arguments are:
+<pre>
+  <i>code</i>          Pattern that was successfully matched
+  <i>subject</i>       Subject that has been successfully matched
+  <i>ovector</i>       Offset vector that <b>pcre[16|32]_exec()</b> used
+  <i>stringcount</i>   Value returned by <b>pcre[16|32]_exec()</b>
+  <i>stringname</i>    Name of the required substring
+  <i>buffer</i>        Buffer to receive the string
+  <i>buffersize</i>    Size of buffer
+</pre>
+The yield is the length of the substring, PCRE_ERROR_NOMEMORY if the buffer was
+too small, or PCRE_ERROR_NOSUBSTRING if the string name is invalid.
+</P>
+<P>
+There is a complete description of the PCRE native API in the
+<a href="pcreapi.html"><b>pcreapi</b></a>
+page and a description of the POSIX API in the
+<a href="pcreposix.html"><b>pcreposix</b></a>
+page.
+<p>
+Return to the <a href="index.html">PCRE index page</a>.
+</p>
diff --git a/client/3rd/ShadowSocks/ShadowSocks/pcre/armv7/share/doc/pcre/html/pcre_copy_substring.html b/client/3rd/ShadowSocks/ShadowSocks/pcre/armv7/share/doc/pcre/html/pcre_copy_substring.html
new file mode 100644
index 00000000..ecaebe85
--- /dev/null
+++ b/client/3rd/ShadowSocks/ShadowSocks/pcre/armv7/share/doc/pcre/html/pcre_copy_substring.html
@@ -0,0 +1,61 @@
+<html>
+<head>
+<title>pcre_copy_substring specification</title>
+</head>
+<body bgcolor="#FFFFFF" text="#00005A" link="#0066FF" alink="#3399FF" vlink="#2222BB">
+<h1>pcre_copy_substring man page</h1>
+<p>
+Return to the <a href="index.html">PCRE index page</a>.
+</p>
+<p>
+This page is part of the PCRE HTML documentation. It was generated automatically
+from the original man page. If there is any nonsense in it, please consult the
+man page, in case the conversion went wrong.
+<br>
+<br><b>
+SYNOPSIS
+</b><br>
+<P>
+<b>#include &#60;pcre.h&#62;</b>
+</P>
+<P>
+<b>int pcre_copy_substring(const char *<i>subject</i>, int *<i>ovector</i>,</b>
+<b>     int <i>stringcount</i>, int <i>stringnumber</i>, char *<i>buffer</i>,</b>
+<b>     int <i>buffersize</i>);</b>
+<br>
+<br>
+<b>int pcre16_copy_substring(PCRE_SPTR16 <i>subject</i>, int *<i>ovector</i>,</b>
+<b>     int <i>stringcount</i>, int <i>stringnumber</i>, PCRE_UCHAR16 *<i>buffer</i>,</b>
+<b>     int <i>buffersize</i>);</b>
+<br>
+<br>
+<b>int pcre32_copy_substring(PCRE_SPTR32 <i>subject</i>, int *<i>ovector</i>,</b>
+<b>     int <i>stringcount</i>, int <i>stringnumber</i>, PCRE_UCHAR32 *<i>buffer</i>,</b>
+<b>     int <i>buffersize</i>);</b>
+</P>
+<br><b>
+DESCRIPTION
+</b><br>
+<P>
+This is a convenience function for extracting a captured substring into a given
+buffer. The arguments are:
+<pre>
+  <i>subject</i>       Subject that has been successfully matched
+  <i>ovector</i>       Offset vector that <b>pcre[16|32]_exec()</b> used
+  <i>stringcount</i>   Value returned by <b>pcre[16|32]_exec()</b>
+  <i>stringnumber</i>  Number of the required substring
+  <i>buffer</i>        Buffer to receive the string
+  <i>buffersize</i>    Size of buffer
+</pre>
+The yield is the length of the string, PCRE_ERROR_NOMEMORY if the buffer was
+too small, or PCRE_ERROR_NOSUBSTRING if the string number is invalid.
+</P>
+<P>
+There is a complete description of the PCRE native API in the
+<a href="pcreapi.html"><b>pcreapi</b></a>
+page and a description of the POSIX API in the
+<a href="pcreposix.html"><b>pcreposix</b></a>
+page.
+<p>
+Return to the <a href="index.html">PCRE index page</a>.
+</p>
diff --git a/client/3rd/ShadowSocks/ShadowSocks/pcre/armv7/share/doc/pcre/html/pcre_dfa_exec.html b/client/3rd/ShadowSocks/ShadowSocks/pcre/armv7/share/doc/pcre/html/pcre_dfa_exec.html
new file mode 100644
index 00000000..5fff6a7e
--- /dev/null
+++ b/client/3rd/ShadowSocks/ShadowSocks/pcre/armv7/share/doc/pcre/html/pcre_dfa_exec.html
@@ -0,0 +1,129 @@
+<html>
+<head>
+<title>pcre_dfa_exec specification</title>
+</head>
+<body bgcolor="#FFFFFF" text="#00005A" link="#0066FF" alink="#3399FF" vlink="#2222BB">
+<h1>pcre_dfa_exec man page</h1>
+<p>
+Return to the <a href="index.html">PCRE index page</a>.
+</p>
+<p>
+This page is part of the PCRE HTML documentation. It was generated automatically
+from the original man page. If there is any nonsense in it, please consult the
+man page, in case the conversion went wrong.
+<br>
+<br><b>
+SYNOPSIS
+</b><br>
+<P>
+<b>#include &#60;pcre.h&#62;</b>
+</P>
+<P>
+<b>int pcre_dfa_exec(const pcre *<i>code</i>, const pcre_extra *<i>extra</i>,</b>
+<b>     const char *<i>subject</i>, int <i>length</i>, int <i>startoffset</i>,</b>
+<b>     int <i>options</i>, int *<i>ovector</i>, int <i>ovecsize</i>,</b>
+<b>     int *<i>workspace</i>, int <i>wscount</i>);</b>
+<br>
+<br>
+<b>int pcre16_dfa_exec(const pcre16 *<i>code</i>, const pcre16_extra *<i>extra</i>,</b>
+<b>     PCRE_SPTR16 <i>subject</i>, int <i>length</i>, int <i>startoffset</i>,</b>
+<b>     int <i>options</i>, int *<i>ovector</i>, int <i>ovecsize</i>,</b>
+<b>     int *<i>workspace</i>, int <i>wscount</i>);</b>
+<br>
+<br>
+<b>int pcre32_dfa_exec(const pcre32 *<i>code</i>, const pcre32_extra *<i>extra</i>,</b>
+<b>     PCRE_SPTR32 <i>subject</i>, int <i>length</i>, int <i>startoffset</i>,</b>
+<b>     int <i>options</i>, int *<i>ovector</i>, int <i>ovecsize</i>,</b>
+<b>     int *<i>workspace</i>, int <i>wscount</i>);</b>
+</P>
+<br><b>
+DESCRIPTION
+</b><br>
+<P>
+This function matches a compiled regular expression against a given subject
+string, using an alternative matching algorithm that scans the subject string
+just once (<i>not</i> Perl-compatible). Note that the main, Perl-compatible,
+matching function is <b>pcre[16|32]_exec()</b>. The arguments for this function
+are:
+<pre>
+  <i>code</i>         Points to the compiled pattern
+  <i>extra</i>        Points to an associated <b>pcre[16|32]_extra</b> structure,
+                 or is NULL
+  <i>subject</i>      Points to the subject string
+  <i>length</i>       Length of the subject string
+  <i>startoffset</i>  Offset in the subject at which to start matching
+  <i>options</i>      Option bits
+  <i>ovector</i>      Points to a vector of ints for result offsets
+  <i>ovecsize</i>     Number of elements in the vector
+  <i>workspace</i>    Points to a vector of ints used as working space
+  <i>wscount</i>      Number of elements in the vector
+</pre>
+The units for <i>length</i> and <i>startoffset</i> are bytes for
+<b>pcre_exec()</b>, 16-bit data items for <b>pcre16_exec()</b>, and 32-bit items
+for <b>pcre32_exec()</b>. The options are:
+<pre>
+  PCRE_ANCHORED          Match only at the first position
+  PCRE_BSR_ANYCRLF       \R matches only CR, LF, or CRLF
+  PCRE_BSR_UNICODE       \R matches all Unicode line endings
+  PCRE_NEWLINE_ANY       Recognize any Unicode newline sequence
+  PCRE_NEWLINE_ANYCRLF   Recognize CR, LF, & CRLF as newline sequences
+  PCRE_NEWLINE_CR        Recognize CR as the only newline sequence
+  PCRE_NEWLINE_CRLF      Recognize CRLF as the only newline sequence
+  PCRE_NEWLINE_LF        Recognize LF as the only newline sequence
+  PCRE_NOTBOL            Subject is not the beginning of a line
+  PCRE_NOTEOL            Subject is not the end of a line
+  PCRE_NOTEMPTY          An empty string is not a valid match
+  PCRE_NOTEMPTY_ATSTART  An empty string at the start of the subject
+                           is not a valid match
+  PCRE_NO_START_OPTIMIZE Do not do "start-match" optimizations
+  PCRE_NO_UTF16_CHECK    Do not check the subject for UTF-16
+                           validity (only relevant if PCRE_UTF16
+                           was set at compile time)
+  PCRE_NO_UTF32_CHECK    Do not check the subject for UTF-32
+                           validity (only relevant if PCRE_UTF32
+                           was set at compile time)
+  PCRE_NO_UTF8_CHECK     Do not check the subject for UTF-8
+                           validity (only relevant if PCRE_UTF8
+                           was set at compile time)
+  PCRE_PARTIAL           ) Return PCRE_ERROR_PARTIAL for a partial
+  PCRE_PARTIAL_SOFT      )   match if no full matches are found
+  PCRE_PARTIAL_HARD      Return PCRE_ERROR_PARTIAL for a partial match
+                           even if there is a full match as well
+  PCRE_DFA_SHORTEST      Return only the shortest match
+  PCRE_DFA_RESTART       Restart after a partial match
+</pre>
+There are restrictions on what may appear in a pattern when using this matching
+function. Details are given in the
+<a href="pcrematching.html"><b>pcrematching</b></a>
+documentation. For details of partial matching, see the
+<a href="pcrepartial.html"><b>pcrepartial</b></a>
+page.
+</P>
+<P>
+A <b>pcre[16|32]_extra</b> structure contains the following fields:
+<pre>
+  <i>flags</i>            Bits indicating which fields are set
+  <i>study_data</i>       Opaque data from <b>pcre[16|32]_study()</b>
+  <i>match_limit</i>      Limit on internal resource use
+  <i>match_limit_recursion</i>  Limit on internal recursion depth
+  <i>callout_data</i>     Opaque data passed back to callouts
+  <i>tables</i>           Points to character tables or is NULL
+  <i>mark</i>             For passing back a *MARK pointer
+  <i>executable_jit</i>   Opaque data from JIT compilation
+</pre>
+The flag bits are PCRE_EXTRA_STUDY_DATA, PCRE_EXTRA_MATCH_LIMIT,
+PCRE_EXTRA_MATCH_LIMIT_RECURSION, PCRE_EXTRA_CALLOUT_DATA,
+PCRE_EXTRA_TABLES, PCRE_EXTRA_MARK and PCRE_EXTRA_EXECUTABLE_JIT. For this
+matching function, the <i>match_limit</i> and <i>match_limit_recursion</i> fields
+are not used, and must not be set. The PCRE_EXTRA_EXECUTABLE_JIT flag and
+the corresponding variable are ignored.
+</P>
+<P>
+There is a complete description of the PCRE native API in the
+<a href="pcreapi.html"><b>pcreapi</b></a>
+page and a description of the POSIX API in the
+<a href="pcreposix.html"><b>pcreposix</b></a>
+page.
+<p>
+Return to the <a href="index.html">PCRE index page</a>.
+</p>
diff --git a/client/3rd/ShadowSocks/ShadowSocks/pcre/armv7/share/doc/pcre/html/pcre_exec.html b/client/3rd/ShadowSocks/ShadowSocks/pcre/armv7/share/doc/pcre/html/pcre_exec.html
new file mode 100644
index 00000000..18e1a13f
--- /dev/null
+++ b/client/3rd/ShadowSocks/ShadowSocks/pcre/armv7/share/doc/pcre/html/pcre_exec.html
@@ -0,0 +1,111 @@
+<html>
+<head>
+<title>pcre_exec specification</title>
+</head>
+<body bgcolor="#FFFFFF" text="#00005A" link="#0066FF" alink="#3399FF" vlink="#2222BB">
+<h1>pcre_exec man page</h1>
+<p>
+Return to the <a href="index.html">PCRE index page</a>.
+</p>
+<p>
+This page is part of the PCRE HTML documentation. It was generated automatically
+from the original man page. If there is any nonsense in it, please consult the
+man page, in case the conversion went wrong.
+<br>
+<br><b>
+SYNOPSIS
+</b><br>
+<P>
+<b>#include &#60;pcre.h&#62;</b>
+</P>
+<P>
+<b>int pcre_exec(const pcre *<i>code</i>, const pcre_extra *<i>extra</i>,</b>
+<b>     const char *<i>subject</i>, int <i>length</i>, int <i>startoffset</i>,</b>
+<b>     int <i>options</i>, int *<i>ovector</i>, int <i>ovecsize</i>);</b>
+<br>
+<br>
+<b>int pcre16_exec(const pcre16 *<i>code</i>, const pcre16_extra *<i>extra</i>,</b>
+<b>     PCRE_SPTR16 <i>subject</i>, int <i>length</i>, int <i>startoffset</i>,</b>
+<b>     int <i>options</i>, int *<i>ovector</i>, int <i>ovecsize</i>);</b>
+<br>
+<br>
+<b>int pcre32_exec(const pcre32 *<i>code</i>, const pcre32_extra *<i>extra</i>,</b>
+<b>     PCRE_SPTR32 <i>subject</i>, int <i>length</i>, int <i>startoffset</i>,</b>
+<b>     int <i>options</i>, int *<i>ovector</i>, int <i>ovecsize</i>);</b>
+</P>
+<br><b>
+DESCRIPTION
+</b><br>
+<P>
+This function matches a compiled regular expression against a given subject
+string, using a matching algorithm that is similar to Perl's. It returns
+offsets to captured substrings. Its arguments are:
+<pre>
+  <i>code</i>         Points to the compiled pattern
+  <i>extra</i>        Points to an associated <b>pcre[16|32]_extra</b> structure,
+                 or is NULL
+  <i>subject</i>      Points to the subject string
+  <i>length</i>       Length of the subject string
+  <i>startoffset</i>  Offset in the subject at which to start matching
+  <i>options</i>      Option bits
+  <i>ovector</i>      Points to a vector of ints for result offsets
+  <i>ovecsize</i>     Number of elements in the vector (a multiple of 3)
+</pre>
+The units for <i>length</i> and <i>startoffset</i> are bytes for
+<b>pcre_exec()</b>, 16-bit data items for <b>pcre16_exec()</b>, and 32-bit items
+for <b>pcre32_exec()</b>. The options are:
+<pre>
+  PCRE_ANCHORED          Match only at the first position
+  PCRE_BSR_ANYCRLF       \R matches only CR, LF, or CRLF
+  PCRE_BSR_UNICODE       \R matches all Unicode line endings
+  PCRE_NEWLINE_ANY       Recognize any Unicode newline sequence
+  PCRE_NEWLINE_ANYCRLF   Recognize CR, LF, & CRLF as newline sequences
+  PCRE_NEWLINE_CR        Recognize CR as the only newline sequence
+  PCRE_NEWLINE_CRLF      Recognize CRLF as the only newline sequence
+  PCRE_NEWLINE_LF        Recognize LF as the only newline sequence
+  PCRE_NOTBOL            Subject string is not the beginning of a line
+  PCRE_NOTEOL            Subject string is not the end of a line
+  PCRE_NOTEMPTY          An empty string is not a valid match
+  PCRE_NOTEMPTY_ATSTART  An empty string at the start of the subject
+                           is not a valid match
+  PCRE_NO_START_OPTIMIZE Do not do "start-match" optimizations
+  PCRE_NO_UTF16_CHECK    Do not check the subject for UTF-16
+                           validity (only relevant if PCRE_UTF16
+                           was set at compile time)
+  PCRE_NO_UTF32_CHECK    Do not check the subject for UTF-32
+                           validity (only relevant if PCRE_UTF32
+                           was set at compile time)
+  PCRE_NO_UTF8_CHECK     Do not check the subject for UTF-8
+                           validity (only relevant if PCRE_UTF8
+                           was set at compile time)
+  PCRE_PARTIAL           ) Return PCRE_ERROR_PARTIAL for a partial
+  PCRE_PARTIAL_SOFT      )   match if no full matches are found
+  PCRE_PARTIAL_HARD      Return PCRE_ERROR_PARTIAL for a partial match
+                           if that is found before a full match
+</pre>
+For details of partial matching, see the
+<a href="pcrepartial.html"><b>pcrepartial</b></a>
+page. A <b>pcre_extra</b> structure contains the following fields:
+<pre>
+  <i>flags</i>            Bits indicating which fields are set
+  <i>study_data</i>       Opaque data from <b>pcre[16|32]_study()</b>
+  <i>match_limit</i>      Limit on internal resource use
+  <i>match_limit_recursion</i>  Limit on internal recursion depth
+  <i>callout_data</i>     Opaque data passed back to callouts
+  <i>tables</i>           Points to character tables or is NULL
+  <i>mark</i>             For passing back a *MARK pointer
+  <i>executable_jit</i>   Opaque data from JIT compilation
+</pre>
+The flag bits are PCRE_EXTRA_STUDY_DATA, PCRE_EXTRA_MATCH_LIMIT,
+PCRE_EXTRA_MATCH_LIMIT_RECURSION, PCRE_EXTRA_CALLOUT_DATA,
+PCRE_EXTRA_TABLES, PCRE_EXTRA_MARK and PCRE_EXTRA_EXECUTABLE_JIT.
+</P>
+<P>
+There is a complete description of the PCRE native API in the
+<a href="pcreapi.html"><b>pcreapi</b></a>
+page and a description of the POSIX API in the
+<a href="pcreposix.html"><b>pcreposix</b></a>
+page.
+<p>
+Return to the <a href="index.html">PCRE index page</a>.
+</p>
diff --git a/client/3rd/ShadowSocks/ShadowSocks/pcre/armv7/share/doc/pcre/html/pcre_free_study.html b/client/3rd/ShadowSocks/ShadowSocks/pcre/armv7/share/doc/pcre/html/pcre_free_study.html
new file mode 100644
index 00000000..7f9e10e8
--- /dev/null
+++ b/client/3rd/ShadowSocks/ShadowSocks/pcre/armv7/share/doc/pcre/html/pcre_free_study.html
@@ -0,0 +1,46 @@
+<html>
+<head>
+<title>pcre_free_study specification</title>
+</head>
+<body bgcolor="#FFFFFF" text="#00005A" link="#0066FF" alink="#3399FF" vlink="#2222BB">
+<h1>pcre_free_study man page</h1>
+<p>
+Return to the <a href="index.html">PCRE index page</a>.
+</p>
+<p>
+This page is part of the PCRE HTML documentation. It was generated automatically
+from the original man page. If there is any nonsense in it, please consult the
+man page, in case the conversion went wrong.
+<br>
+<br><b>
+SYNOPSIS
+</b><br>
+<P>
+<b>#include &#60;pcre.h&#62;</b>
+</P>
+<P>
+<b>void pcre_free_study(pcre_extra *<i>extra</i>);</b>
+</P>
+<P>
+<b>void pcre16_free_study(pcre16_extra *<i>extra</i>);</b>
+</P>
+<P>
+<b>void pcre32_free_study(pcre32_extra *<i>extra</i>);</b>
+</P>
+<br><b>
+DESCRIPTION
+</b><br>
+<P>
+This function is used to free the memory used for the data generated by a call
+to <b>pcre[16|32]_study()</b> when it is no longer needed. The argument must be the
+result of such a call.
+</P>
+<P>
+There is a complete description of the PCRE native API in the
+<a href="pcreapi.html"><b>pcreapi</b></a>
+page and a description of the POSIX API in the
+<a href="pcreposix.html"><b>pcreposix</b></a>
+page.
+<p>
+Return to the <a href="index.html">PCRE index page</a>.
+</p>
diff --git a/client/3rd/ShadowSocks/ShadowSocks/pcre/armv7/share/doc/pcre/html/pcre_free_substring.html b/client/3rd/ShadowSocks/ShadowSocks/pcre/armv7/share/doc/pcre/html/pcre_free_substring.html
new file mode 100644
index 00000000..1fe66107
--- /dev/null
+++ b/client/3rd/ShadowSocks/ShadowSocks/pcre/armv7/share/doc/pcre/html/pcre_free_substring.html
@@ -0,0 +1,46 @@
+<html>
+<head>
+<title>pcre_free_substring specification</title>
+</head>
+<body bgcolor="#FFFFFF" text="#00005A" link="#0066FF" alink="#3399FF" vlink="#2222BB">
+<h1>pcre_free_substring man page</h1>
+<p>
+Return to the <a href="index.html">PCRE index page</a>.
+</p>
+<p>
+This page is part of the PCRE HTML documentation. It was generated automatically
+from the original man page. If there is any nonsense in it, please consult the
+man page, in case the conversion went wrong.
+<br>
+<br><b>
+SYNOPSIS
+</b><br>
+<P>
+<b>#include &#60;pcre.h&#62;</b>
+</P>
+<P>
+<b>void pcre_free_substring(const char *<i>stringptr</i>);</b>
+</P>
+<P>
+<b>void pcre16_free_substring(PCRE_SPTR16 <i>stringptr</i>);</b>
+</P>
+<P>
+<b>void pcre32_free_substring(PCRE_SPTR32 <i>stringptr</i>);</b>
+</P>
+<br><b>
+DESCRIPTION
+</b><br>
+<P>
+This is a convenience function for freeing the store obtained by a previous
+call to <b>pcre[16|32]_get_substring()</b> or <b>pcre[16|32]_get_named_substring()</b>.
+Its only argument is a pointer to the string.
+</P>
+<P>
+There is a complete description of the PCRE native API in the
+<a href="pcreapi.html"><b>pcreapi</b></a>
+page and a description of the POSIX API in the
+<a href="pcreposix.html"><b>pcreposix</b></a>
+page.
+<p>
+Return to the <a href="index.html">PCRE index page</a>.
+</p>
diff --git a/client/3rd/ShadowSocks/ShadowSocks/pcre/armv7/share/doc/pcre/html/pcre_free_substring_list.html b/client/3rd/ShadowSocks/ShadowSocks/pcre/armv7/share/doc/pcre/html/pcre_free_substring_list.html
new file mode 100644
index 00000000..c0861780
--- /dev/null
+++ b/client/3rd/ShadowSocks/ShadowSocks/pcre/armv7/share/doc/pcre/html/pcre_free_substring_list.html
@@ -0,0 +1,46 @@
+<html>
+<head>
+<title>pcre_free_substring_list specification</title>
+</head>
+<body bgcolor="#FFFFFF" text="#00005A" link="#0066FF" alink="#3399FF" vlink="#2222BB">
+<h1>pcre_free_substring_list man page</h1>
+<p>
+Return to the <a href="index.html">PCRE index page</a>.
+</p>
+<p>
+This page is part of the PCRE HTML documentation. It was generated automatically
+from the original man page. If there is any nonsense in it, please consult the
+man page, in case the conversion went wrong.
+<br>
+<br><b>
+SYNOPSIS
+</b><br>
+<P>
+<b>#include &#60;pcre.h&#62;</b>
+</P>
+<P>
+<b>void pcre_free_substring_list(const char **<i>stringptr</i>);</b>
+</P>
+<P>
+<b>void pcre16_free_substring_list(PCRE_SPTR16 *<i>stringptr</i>);</b>
+</P>
+<P>
+<b>void pcre32_free_substring_list(PCRE_SPTR32 *<i>stringptr</i>);</b>
+</P>
+<br><b>
+DESCRIPTION
+</b><br>
+<P>
+This is a convenience function for freeing the store obtained by a previous
+call to <b>pcre[16|32]_get_substring_list()</b>. Its only argument is a pointer to
+the list of string pointers.
+</P>
+<P>
+There is a complete description of the PCRE native API in the
+<a href="pcreapi.html"><b>pcreapi</b></a>
+page and a description of the POSIX API in the
+<a href="pcreposix.html"><b>pcreposix</b></a>
+page.
+<p>
+Return to the <a href="index.html">PCRE index page</a>.
+</p>
diff --git a/client/3rd/ShadowSocks/ShadowSocks/pcre/armv7/share/doc/pcre/html/pcre_fullinfo.html b/client/3rd/ShadowSocks/ShadowSocks/pcre/armv7/share/doc/pcre/html/pcre_fullinfo.html
new file mode 100644
index 00000000..2b7c72b3
--- /dev/null
+++ b/client/3rd/ShadowSocks/ShadowSocks/pcre/armv7/share/doc/pcre/html/pcre_fullinfo.html
@@ -0,0 +1,118 @@
+<html>
+<head>
+<title>pcre_fullinfo specification</title>
+</head>
+<body bgcolor="#FFFFFF" text="#00005A" link="#0066FF" alink="#3399FF" vlink="#2222BB">
+<h1>pcre_fullinfo man page</h1>
+<p>
+Return to the <a href="index.html">PCRE index page</a>.
+</p>
+<p>
+This page is part of the PCRE HTML documentation. It was generated automatically
+from the original man page. If there is any nonsense in it, please consult the
+man page, in case the conversion went wrong.
+<br>
+<br><b>
+SYNOPSIS
+</b><br>
+<P>
+<b>#include &#60;pcre.h&#62;</b>
+</P>
+<P>
+<b>int pcre_fullinfo(const pcre *<i>code</i>, const pcre_extra *<i>extra</i>,</b>
+<b>     int <i>what</i>, void *<i>where</i>);</b>
+<br>
+<br>
+<b>int pcre16_fullinfo(const pcre16 *<i>code</i>, const pcre16_extra *<i>extra</i>,</b>
+<b>     int <i>what</i>, void *<i>where</i>);</b>
+<br>
+<br>
+<b>int pcre32_fullinfo(const pcre32 *<i>code</i>, const pcre32_extra *<i>extra</i>,</b>
+<b>     int <i>what</i>, void *<i>where</i>);</b>
+</P>
+<br><b>
+DESCRIPTION
+</b><br>
+<P>
+This function returns information about a compiled pattern. Its arguments are:
+<pre>
+  <i>code</i>                      Compiled regular expression
+  <i>extra</i>                     Result of <b>pcre[16|32]_study()</b> or NULL
+  <i>what</i>                      What information is required
+  <i>where</i>                     Where to put the information
+</pre>
+The following information is available:
+<pre>
+  PCRE_INFO_BACKREFMAX      Number of highest back reference
+  PCRE_INFO_CAPTURECOUNT    Number of capturing subpatterns
+  PCRE_INFO_DEFAULT_TABLES  Pointer to default tables
+  PCRE_INFO_FIRSTBYTE       Fixed first data unit for a match, or
+                              -1 for start of string
+                                 or after newline, or
+                              -2 otherwise
+  PCRE_INFO_FIRSTTABLE      Table of first data units (after studying)
+  PCRE_INFO_HASCRORLF       Return 1 if explicit CR or LF matches exist
+  PCRE_INFO_JCHANGED        Return 1 if (?J) or (?-J) was used
+  PCRE_INFO_JIT             Return 1 after successful JIT compilation
+  PCRE_INFO_JITSIZE         Size of JIT compiled code
+  PCRE_INFO_LASTLITERAL     Literal last data unit required
+  PCRE_INFO_MINLENGTH       Lower bound length of matching strings
+  PCRE_INFO_MATCHEMPTY      Return 1 if the pattern can match an empty string,
+                               0 otherwise
+  PCRE_INFO_MATCHLIMIT      Match limit if set, otherwise PCRE_RROR_UNSET
+  PCRE_INFO_MAXLOOKBEHIND   Length (in characters) of the longest lookbehind assertion
+  PCRE_INFO_NAMECOUNT       Number of named subpatterns
+  PCRE_INFO_NAMEENTRYSIZE   Size of name table entry
+  PCRE_INFO_NAMETABLE       Pointer to name table
+  PCRE_INFO_OKPARTIAL       Return 1 if partial matching can be tried
+                              (always returns 1 after release 8.00)
+  PCRE_INFO_OPTIONS         Option bits used for compilation
+  PCRE_INFO_SIZE            Size of compiled pattern
+  PCRE_INFO_STUDYSIZE       Size of study data
+  PCRE_INFO_FIRSTCHARACTER      Fixed first data unit for a match
+  PCRE_INFO_FIRSTCHARACTERFLAGS Returns
+                                  1 if there is a first data character set, which can
+                                    then be retrieved using PCRE_INFO_FIRSTCHARACTER,
+                                  2 if the first character is at the start of the data
+                                    string or after a newline, and
+                                  0 otherwise
+  PCRE_INFO_RECURSIONLIMIT    Recursion limit if set, otherwise PCRE_ERROR_UNSET
+  PCRE_INFO_REQUIREDCHAR      Literal last data unit required
+  PCRE_INFO_REQUIREDCHARFLAGS Returns 1 if the last data character is set (which can then
+                              be retrieved using PCRE_INFO_REQUIREDCHAR); 0 otherwise
+</pre>
+The <i>where</i> argument must point to an integer variable, except for the
+following <i>what</i> values:
+<pre>
+  PCRE_INFO_DEFAULT_TABLES  const uint8_t *
+  PCRE_INFO_FIRSTCHARACTER  uint32_t
+  PCRE_INFO_FIRSTTABLE      const uint8_t *
+  PCRE_INFO_JITSIZE         size_t
+  PCRE_INFO_MATCHLIMIT      uint32_t
+  PCRE_INFO_NAMETABLE       PCRE_SPTR16           (16-bit library)
+  PCRE_INFO_NAMETABLE       PCRE_SPTR32           (32-bit library)
+  PCRE_INFO_NAMETABLE       const unsigned char * (8-bit library)
+  PCRE_INFO_OPTIONS         unsigned long int
+  PCRE_INFO_SIZE            size_t
+  PCRE_INFO_STUDYSIZE       size_t
+  PCRE_INFO_RECURSIONLIMIT  uint32_t
+  PCRE_INFO_REQUIREDCHAR    uint32_t
+</pre>
+The yield of the function is zero on success or:
+<pre>
+  PCRE_ERROR_NULL           the argument <i>code</i> was NULL
+                            the argument <i>where</i> was NULL
+  PCRE_ERROR_BADMAGIC       the "magic number" was not found
+  PCRE_ERROR_BADOPTION      the value of <i>what</i> was invalid
+  PCRE_ERROR_UNSET          the option was not set
+</PRE>
+</P>
+<P>
+There is a complete description of the PCRE native API in the
+<a href="pcreapi.html"><b>pcreapi</b></a>
+page and a description of the POSIX API in the
+<a href="pcreposix.html"><b>pcreposix</b></a>
+page.
+<p>
+Return to the <a href="index.html">PCRE index page</a>.
+</p>
diff --git a/client/3rd/ShadowSocks/ShadowSocks/pcre/armv7/share/doc/pcre/html/pcre_get_named_substring.html b/client/3rd/ShadowSocks/ShadowSocks/pcre/armv7/share/doc/pcre/html/pcre_get_named_substring.html
new file mode 100644
index 00000000..72924d9b
--- /dev/null
+++ b/client/3rd/ShadowSocks/ShadowSocks/pcre/armv7/share/doc/pcre/html/pcre_get_named_substring.html
@@ -0,0 +1,68 @@
+<html>
+<head>
+<title>pcre_get_named_substring specification</title>
+</head>
+<body bgcolor="#FFFFFF" text="#00005A" link="#0066FF" alink="#3399FF" vlink="#2222BB">
+<h1>pcre_get_named_substring man page</h1>
+<p>
+Return to the <a href="index.html">PCRE index page</a>.
+</p>
+<p>
+This page is part of the PCRE HTML documentation. It was generated automatically
+from the original man page. If there is any nonsense in it, please consult the
+man page, in case the conversion went wrong.
+<br>
+<br><b>
+SYNOPSIS
+</b><br>
+<P>
+<b>#include &#60;pcre.h&#62;</b>
+</P>
+<P>
+<b>int pcre_get_named_substring(const pcre *<i>code</i>,</b>
+<b>     const char *<i>subject</i>, int *<i>ovector</i>,</b>
+<b>     int <i>stringcount</i>, const char *<i>stringname</i>,</b>
+<b>     const char **<i>stringptr</i>);</b>
+<br>
+<br>
+<b>int pcre16_get_named_substring(const pcre16 *<i>code</i>,</b>
+<b>     PCRE_SPTR16 <i>subject</i>, int *<i>ovector</i>,</b>
+<b>     int <i>stringcount</i>, PCRE_SPTR16 <i>stringname</i>,</b>
+<b>     PCRE_SPTR16 *<i>stringptr</i>);</b>
+<br>
+<br>
+<b>int pcre32_get_named_substring(const pcre32 *<i>code</i>,</b>
+<b>     PCRE_SPTR32 <i>subject</i>, int *<i>ovector</i>,</b>
+<b>     int <i>stringcount</i>, PCRE_SPTR32 <i>stringname</i>,</b>
+<b>     PCRE_SPTR32 *<i>stringptr</i>);</b>
+</P>
+<br><b>
+DESCRIPTION
+</b><br>
+<P>
+This is a convenience function for extracting a captured substring by name. The
+arguments are:
+<pre>
+  <i>code</i>          Compiled pattern
+  <i>subject</i>       Subject that has been successfully matched
+  <i>ovector</i>       Offset vector that <b>pcre[16|32]_exec()</b> used
+  <i>stringcount</i>   Value returned by <b>pcre[16|32]_exec()</b>
+  <i>stringname</i>    Name of the required substring
+  <i>stringptr</i>     Where to put the string pointer
+</pre>
+The memory in which the substring is placed is obtained by calling
+<b>pcre[16|32]_malloc()</b>. The convenience function
+<b>pcre[16|32]_free_substring()</b> can be used to free it when it is no longer
+needed. The yield of the function is the length of the extracted substring,
+PCRE_ERROR_NOMEMORY if sufficient memory could not be obtained, or
+PCRE_ERROR_NOSUBSTRING if the string name is invalid.
+</P>
+<P>
+There is a complete description of the PCRE native API in the
+<a href="pcreapi.html"><b>pcreapi</b></a>
+page and a description of the POSIX API in the
+<a href="pcreposix.html"><b>pcreposix</b></a>
+page.
+<p>
+Return to the <a href="index.html">PCRE index page</a>.
+</p>
diff --git a/client/3rd/ShadowSocks/ShadowSocks/pcre/armv7/share/doc/pcre/html/pcre_get_stringnumber.html b/client/3rd/ShadowSocks/ShadowSocks/pcre/armv7/share/doc/pcre/html/pcre_get_stringnumber.html
new file mode 100644
index 00000000..7324d782
--- /dev/null
+++ b/client/3rd/ShadowSocks/ShadowSocks/pcre/armv7/share/doc/pcre/html/pcre_get_stringnumber.html
@@ -0,0 +1,57 @@
+<html>
+<head>
+<title>pcre_get_stringnumber specification</title>
+</head>
+<body bgcolor="#FFFFFF" text="#00005A" link="#0066FF" alink="#3399FF" vlink="#2222BB">
+<h1>pcre_get_stringnumber man page</h1>
+<p>
+Return to the <a href="index.html">PCRE index page</a>.
+</p>
+<p>
+This page is part of the PCRE HTML documentation. It was generated automatically
+from the original man page. If there is any nonsense in it, please consult the
+man page, in case the conversion went wrong.
+<br>
+<br><b>
+SYNOPSIS
+</b><br>
+<P>
+<b>#include &#60;pcre.h&#62;</b>
+</P>
+<P>
+<b>int pcre_get_stringnumber(const pcre *<i>code</i>,</b>
+<b>     const char *<i>name</i>);</b>
+<br>
+<br>
+<b>int pcre16_get_stringnumber(const pcre16 *<i>code</i>,</b>
+<b>     PCRE_SPTR16 <i>name</i>);</b>
+<br>
+<br>
+<b>int pcre32_get_stringnumber(const pcre32 *<i>code</i>,</b>
+<b>     PCRE_SPTR32 <i>name</i>);</b>
+</P>
+<br><b>
+DESCRIPTION
+</b><br>
+<P>
+This convenience function finds the number of a named substring capturing
+parenthesis in a compiled pattern. Its arguments are:
+<pre>
+  <i>code</i>    Compiled regular expression
+  <i>name</i>    Name whose number is required
+</pre>
+The yield of the function is the number of the parenthesis if the name is
+found, or PCRE_ERROR_NOSUBSTRING otherwise. When duplicate names are allowed
+(PCRE_DUPNAMES is set), it is not defined which of the numbers is returned by
+<b>pcre[16|32]_get_stringnumber()</b>. You can obtain the complete list by calling
+<b>pcre[16|32]_get_stringtable_entries()</b>.
+</P>
+<P>
+There is a complete description of the PCRE native API in the
+<a href="pcreapi.html"><b>pcreapi</b></a>
+page and a description of the POSIX API in the
+<a href="pcreposix.html"><b>pcreposix</b></a>
+page.
+<p>
+Return to the <a href="index.html">PCRE index page</a>.
+</p>
diff --git a/client/3rd/ShadowSocks/ShadowSocks/pcre/armv7/share/doc/pcre/html/pcre_get_stringtable_entries.html b/client/3rd/ShadowSocks/ShadowSocks/pcre/armv7/share/doc/pcre/html/pcre_get_stringtable_entries.html
new file mode 100644
index 00000000..79906798
--- /dev/null
+++ b/client/3rd/ShadowSocks/ShadowSocks/pcre/armv7/share/doc/pcre/html/pcre_get_stringtable_entries.html
@@ -0,0 +1,60 @@
+<html>
+<head>
+<title>pcre_get_stringtable_entries specification</title>
+</head>
+<body bgcolor="#FFFFFF" text="#00005A" link="#0066FF" alink="#3399FF" vlink="#2222BB">
+<h1>pcre_get_stringtable_entries man page</h1>
+<p>
+Return to the <a href="index.html">PCRE index page</a>.
+</p>
+<p>
+This page is part of the PCRE HTML documentation. It was generated automatically
+from the original man page. If there is any nonsense in it, please consult the
+man page, in case the conversion went wrong.
+<br>
+<br><b>
+SYNOPSIS
+</b><br>
+<P>
+<b>#include &#60;pcre.h&#62;</b>
+</P>
+<P>
+<b>int pcre_get_stringtable_entries(const pcre *<i>code</i>,</b>
+<b>     const char *<i>name</i>, char **<i>first</i>, char **<i>last</i>);</b>
+<br>
+<br>
+<b>int pcre16_get_stringtable_entries(const pcre16 *<i>code</i>,</b>
+<b>     PCRE_SPTR16 <i>name</i>, PCRE_UCHAR16 **<i>first</i>, PCRE_UCHAR16 **<i>last</i>);</b>
+<br>
+<br>
+<b>int pcre32_get_stringtable_entries(const pcre32 *<i>code</i>,</b>
+<b>     PCRE_SPTR32 <i>name</i>, PCRE_UCHAR32 **<i>first</i>, PCRE_UCHAR32 **<i>last</i>);</b>
+</P>
+<br><b>
+DESCRIPTION
+</b><br>
+<P>
+This convenience function finds, for a compiled pattern, the first and last
+entries for a given name in the table that translates capturing parenthesis
+names into numbers. When names are required to be unique (PCRE_DUPNAMES is
+<i>not</i> set), it is usually easier to use <b>pcre[16|32]_get_stringnumber()</b>
+instead.
+<pre>
+  <i>code</i>    Compiled regular expression
+  <i>name</i>    Name whose entries required
+  <i>first</i>   Where to return a pointer to the first entry
+  <i>last</i>    Where to return a pointer to the last entry
+</pre>
+The yield of the function is the length of each entry, or
+PCRE_ERROR_NOSUBSTRING if none are found.
+</P>
+<P>
+There is a complete description of the PCRE native API, including the format of
+the table entries, in the
+<a href="pcreapi.html"><b>pcreapi</b></a>
+page, and a description of the POSIX API in the
+<a href="pcreposix.html"><b>pcreposix</b></a>
+page.
+<p>
+Return to the <a href="index.html">PCRE index page</a>.
+</p>
diff --git a/client/3rd/ShadowSocks/ShadowSocks/pcre/armv7/share/doc/pcre/html/pcre_get_substring.html b/client/3rd/ShadowSocks/ShadowSocks/pcre/armv7/share/doc/pcre/html/pcre_get_substring.html
new file mode 100644
index 00000000..1a8e4f5a
--- /dev/null
+++ b/client/3rd/ShadowSocks/ShadowSocks/pcre/armv7/share/doc/pcre/html/pcre_get_substring.html
@@ -0,0 +1,64 @@
+<html>
+<head>
+<title>pcre_get_substring specification</title>
+</head>
+<body bgcolor="#FFFFFF" text="#00005A" link="#0066FF" alink="#3399FF" vlink="#2222BB">
+<h1>pcre_get_substring man page</h1>
+<p>
+Return to the <a href="index.html">PCRE index page</a>.
+</p>
+<p>
+This page is part of the PCRE HTML documentation. It was generated automatically
+from the original man page. If there is any nonsense in it, please consult the
+man page, in case the conversion went wrong.
+<br>
+<br><b>
+SYNOPSIS
+</b><br>
+<P>
+<b>#include &#60;pcre.h&#62;</b>
+</P>
+<P>
+<b>int pcre_get_substring(const char *<i>subject</i>, int *<i>ovector</i>,</b>
+<b>     int <i>stringcount</i>, int <i>stringnumber</i>,</b>
+<b>     const char **<i>stringptr</i>);</b>
+<br>
+<br>
+<b>int pcre16_get_substring(PCRE_SPTR16 <i>subject</i>, int *<i>ovector</i>,</b>
+<b>     int <i>stringcount</i>, int <i>stringnumber</i>,</b>
+<b>     PCRE_SPTR16 *<i>stringptr</i>);</b>
+<br>
+<br>
+<b>int pcre32_get_substring(PCRE_SPTR32 <i>subject</i>, int *<i>ovector</i>,</b>
+<b>     int <i>stringcount</i>, int <i>stringnumber</i>,</b>
+<b>     PCRE_SPTR32 *<i>stringptr</i>);</b>
+</P>
+<br><b>
+DESCRIPTION
+</b><br>
+<P>
+This is a convenience function for extracting a captured substring. The
+arguments are:
+<pre>
+  <i>subject</i>       Subject that has been successfully matched
+  <i>ovector</i>       Offset vector that <b>pcre[16|32]_exec()</b> used
+  <i>stringcount</i>   Value returned by <b>pcre[16|32]_exec()</b>
+  <i>stringnumber</i>  Number of the required substring
+  <i>stringptr</i>     Where to put the string pointer
+</pre>
+The memory in which the substring is placed is obtained by calling
+<b>pcre[16|32]_malloc()</b>. The convenience function
+<b>pcre[16|32]_free_substring()</b> can be used to free it when it is no longer
+needed. The yield of the function is the length of the substring,
+PCRE_ERROR_NOMEMORY if sufficient memory could not be obtained, or
+PCRE_ERROR_NOSUBSTRING if the string number is invalid.
+</P>
+<P>
+There is a complete description of the PCRE native API in the
+<a href="pcreapi.html"><b>pcreapi</b></a>
+page and a description of the POSIX API in the
+<a href="pcreposix.html"><b>pcreposix</b></a>
+page.
+<p>
+Return to the <a href="index.html">PCRE index page</a>.
+</p>
diff --git a/client/3rd/ShadowSocks/ShadowSocks/pcre/armv7/share/doc/pcre/html/pcre_get_substring_list.html b/client/3rd/ShadowSocks/ShadowSocks/pcre/armv7/share/doc/pcre/html/pcre_get_substring_list.html
new file mode 100644
index 00000000..7e8c6bc8
--- /dev/null
+++ b/client/3rd/ShadowSocks/ShadowSocks/pcre/armv7/share/doc/pcre/html/pcre_get_substring_list.html
@@ -0,0 +1,61 @@
+<html>
+<head>
+<title>pcre_get_substring_list specification</title>
+</head>
+<body bgcolor="#FFFFFF" text="#00005A" link="#0066FF" alink="#3399FF" vlink="#2222BB">
+<h1>pcre_get_substring_list man page</h1>
+<p>
+Return to the <a href="index.html">PCRE index page</a>.
+</p>
+<p>
+This page is part of the PCRE HTML documentation. It was generated automatically
+from the original man page. If there is any nonsense in it, please consult the
+man page, in case the conversion went wrong.
+<br>
+<br><b>
+SYNOPSIS
+</b><br>
+<P>
+<b>#include &#60;pcre.h&#62;</b>
+</P>
+<P>
+<b>int pcre_get_substring_list(const char *<i>subject</i>,</b>
+<b>     int *<i>ovector</i>, int <i>stringcount</i>, const char ***<i>listptr</i>);</b>
+<br>
+<br>
+<b>int pcre16_get_substring_list(PCRE_SPTR16 <i>subject</i>,</b>
+<b>     int *<i>ovector</i>, int <i>stringcount</i>, PCRE_SPTR16 **<i>listptr</i>);</b>
+<br>
+<br>
+<b>int pcre32_get_substring_list(PCRE_SPTR32 <i>subject</i>,</b>
+<b>     int *<i>ovector</i>, int <i>stringcount</i>, PCRE_SPTR32 **<i>listptr</i>);</b>
+</P>
+<br><b>
+DESCRIPTION
+</b><br>
+<P>
+This is a convenience function for extracting a list of all the captured
+substrings. The arguments are:
+<pre>
+  <i>subject</i>       Subject that has been successfully matched
+  <i>ovector</i>       Offset vector that <b>pcre[16|32]_exec</b> used
+  <i>stringcount</i>   Value returned by <b>pcre[16|32]_exec</b>
+  <i>listptr</i>       Where to put a pointer to the list
+</pre>
+The memory in which the substrings and the list are placed is obtained by
+calling <b>pcre[16|32]_malloc()</b>. The convenience function
+<b>pcre[16|32]_free_substring_list()</b> can be used to free it when it is no
+longer needed. A pointer to a list of pointers is put in the variable whose
+address is in <i>listptr</i>. The list is terminated by a NULL pointer. The
+yield of the function is zero on success or PCRE_ERROR_NOMEMORY if sufficient
+memory could not be obtained.
+</P>
+<P>
+There is a complete description of the PCRE native API in the
+<a href="pcreapi.html"><b>pcreapi</b></a>
+page and a description of the POSIX API in the
+<a href="pcreposix.html"><b>pcreposix</b></a>
+page.
+<p>
+Return to the <a href="index.html">PCRE index page</a>.
+</p>
diff --git a/client/3rd/ShadowSocks/ShadowSocks/pcre/armv7/share/doc/pcre/html/pcre_jit_exec.html b/client/3rd/ShadowSocks/ShadowSocks/pcre/armv7/share/doc/pcre/html/pcre_jit_exec.html
new file mode 100644
index 00000000..4ebb0cbc
--- /dev/null
+++ b/client/3rd/ShadowSocks/ShadowSocks/pcre/armv7/share/doc/pcre/html/pcre_jit_exec.html
@@ -0,0 +1,108 @@
+<html>
+<head>
+<title>pcre_jit_exec specification</title>
+</head>
+<body bgcolor="#FFFFFF" text="#00005A" link="#0066FF" alink="#3399FF" vlink="#2222BB">
+<h1>pcre_jit_exec man page</h1>
+<p>
+Return to the <a href="index.html">PCRE index page</a>.
+</p>
+<p>
+This page is part of the PCRE HTML documentation. It was generated automatically
+from the original man page. If there is any nonsense in it, please consult the
+man page, in case the conversion went wrong.
+<br>
+<br><b>
+SYNOPSIS
+</b><br>
+<P>
+<b>#include &#60;pcre.h&#62;</b>
+</P>
+<P>
+<b>int pcre_jit_exec(const pcre *<i>code</i>, const pcre_extra *<i>extra</i>,</b>
+<b>     const char *<i>subject</i>, int <i>length</i>, int <i>startoffset</i>,</b>
+<b>     int <i>options</i>, int *<i>ovector</i>, int <i>ovecsize</i>,</b>
+<b>     pcre_jit_stack *<i>jstack</i>);</b>
+<br>
+<br>
+<b>int pcre16_jit_exec(const pcre16 *<i>code</i>, const pcre16_extra *<i>extra</i>,</b>
+<b>     PCRE_SPTR16 <i>subject</i>, int <i>length</i>, int <i>startoffset</i>,</b>
+<b>     int <i>options</i>, int *<i>ovector</i>, int <i>ovecsize</i>,</b>
+<b>     pcre_jit_stack *<i>jstack</i>);</b>
+<br>
+<br>
+<b>int pcre32_jit_exec(const pcre32 *<i>code</i>, const pcre32_extra *<i>extra</i>,</b>
+<b>     PCRE_SPTR32 <i>subject</i>, int <i>length</i>, int <i>startoffset</i>,</b>
+<b>     int <i>options</i>, int *<i>ovector</i>, int <i>ovecsize</i>,</b>
+<b>     pcre_jit_stack *<i>jstack</i>);</b>
+</P>
+<br><b>
+DESCRIPTION
+</b><br>
+<P>
+This function matches a compiled regular expression that has been successfully
+studied with one of the JIT options against a given subject string, using a
+matching algorithm that is similar to Perl's. It is a "fast path" interface to
+JIT, and it bypasses some of the sanity checks that <b>pcre_exec()</b> applies.
+It returns offsets to captured substrings. Its arguments are:
+<pre>
+  <i>code</i>         Points to the compiled pattern
+  <i>extra</i>        Points to an associated <b>pcre[16|32]_extra</b> structure,
+                 or is NULL
+  <i>subject</i>      Points to the subject string
+  <i>length</i>       Length of the subject string, in bytes
+  <i>startoffset</i>  Offset in bytes in the subject at which to
+                 start matching
+  <i>options</i>      Option bits
+  <i>ovector</i>      Points to a vector of ints for result offsets
+  <i>ovecsize</i>     Number of elements in the vector (a multiple of 3)
+  <i>jstack</i>       Pointer to a JIT stack
+</pre>
+The allowed options are:
+<pre>
+  PCRE_NOTBOL            Subject string is not the beginning of a line
+  PCRE_NOTEOL            Subject string is not the end of a line
+  PCRE_NOTEMPTY          An empty string is not a valid match
+  PCRE_NOTEMPTY_ATSTART  An empty string at the start of the subject
+                           is not a valid match
+  PCRE_NO_UTF16_CHECK    Do not check the subject for UTF-16
+                           validity (only relevant if PCRE_UTF16
+                           was set at compile time)
+  PCRE_NO_UTF32_CHECK    Do not check the subject for UTF-32
+                           validity (only relevant if PCRE_UTF32
+                           was set at compile time)
+  PCRE_NO_UTF8_CHECK     Do not check the subject for UTF-8
+                           validity (only relevant if PCRE_UTF8
+                           was set at compile time)
+  PCRE_PARTIAL           ) Return PCRE_ERROR_PARTIAL for a partial
+  PCRE_PARTIAL_SOFT      )   match if no full matches are found
+  PCRE_PARTIAL_HARD      Return PCRE_ERROR_PARTIAL for a partial match
+                           if that is found before a full match
+</pre>
+However, the PCRE_NO_UTF[8|16|32]_CHECK options have no effect, as this check
+is never applied. For details of partial matching, see the
+<a href="pcrepartial.html"><b>pcrepartial</b></a>
+page. A <b>pcre_extra</b> structure contains the following fields:
+<pre>
+  <i>flags</i>            Bits indicating which fields are set
+  <i>study_data</i>       Opaque data from <b>pcre[16|32]_study()</b>
+  <i>match_limit</i>      Limit on internal resource use
+  <i>match_limit_recursion</i>  Limit on internal recursion depth
+  <i>callout_data</i>     Opaque data passed back to callouts
+  <i>tables</i>           Points to character tables or is NULL
+  <i>mark</i>             For passing back a *MARK pointer
+  <i>executable_jit</i>   Opaque data from JIT compilation
+</pre>
+The flag bits are PCRE_EXTRA_STUDY_DATA, PCRE_EXTRA_MATCH_LIMIT,
+PCRE_EXTRA_MATCH_LIMIT_RECURSION, PCRE_EXTRA_CALLOUT_DATA,
+PCRE_EXTRA_TABLES, PCRE_EXTRA_MARK and PCRE_EXTRA_EXECUTABLE_JIT.
+</P>
+<P>
+There is a complete description of the PCRE native API in the
+<a href="pcreapi.html"><b>pcreapi</b></a>
+page and a description of the JIT API in the
+<a href="pcrejit.html"><b>pcrejit</b></a>
+page.
+<p>
+Return to the <a href="index.html">PCRE index page</a>.
+</p>
diff --git a/client/3rd/ShadowSocks/ShadowSocks/pcre/armv7/share/doc/pcre/html/pcre_jit_stack_alloc.html b/client/3rd/ShadowSocks/ShadowSocks/pcre/armv7/share/doc/pcre/html/pcre_jit_stack_alloc.html
new file mode 100644
index 00000000..23ba4507
--- /dev/null
+++ b/client/3rd/ShadowSocks/ShadowSocks/pcre/armv7/share/doc/pcre/html/pcre_jit_stack_alloc.html
@@ -0,0 +1,55 @@
+<html>
+<head>
+<title>pcre_jit_stack_alloc specification</title>
+</head>
+<body bgcolor="#FFFFFF" text="#00005A" link="#0066FF" alink="#3399FF" vlink="#2222BB">
+<h1>pcre_jit_stack_alloc man page</h1>
+<p>
+Return to the <a href="index.html">PCRE index page</a>.
+</p>
+<p>
+This page is part of the PCRE HTML documentation. It was generated automatically
+from the original man page. If there is any nonsense in it, please consult the
+man page, in case the conversion went wrong.
+<br>
+<br><b>
+SYNOPSIS
+</b><br>
+<P>
+<b>#include &#60;pcre.h&#62;</b>
+</P>
+<P>
+<b>pcre_jit_stack *pcre_jit_stack_alloc(int <i>startsize</i>,</b>
+<b>     int <i>maxsize</i>);</b>
+<br>
+<br>
+<b>pcre16_jit_stack *pcre16_jit_stack_alloc(int <i>startsize</i>,</b>
+<b>     int <i>maxsize</i>);</b>
+<br>
+<br>
+<b>pcre32_jit_stack *pcre32_jit_stack_alloc(int <i>startsize</i>,</b>
+<b>     int <i>maxsize</i>);</b>
+</P>
+<br><b>
+DESCRIPTION
+</b><br>
+<P>
+This function is used to create a stack for use by the code compiled by the JIT
+optimization of <b>pcre[16|32]_study()</b>. The arguments are a starting size for
+the stack, and a maximum size to which it is allowed to grow. The result can be
+passed to the JIT run-time code by <b>pcre[16|32]_assign_jit_stack()</b>, or that
+function can set up a callback for obtaining a stack. A maximum stack size of
+512K to 1M should be more than enough for any pattern. For more details, see
+the
+<a href="pcrejit.html"><b>pcrejit</b></a>
+page.
+</P>
+<P>
+There is a complete description of the PCRE native API in the
+<a href="pcreapi.html"><b>pcreapi</b></a>
+page and a description of the POSIX API in the
+<a href="pcreposix.html"><b>pcreposix</b></a>
+page.
+<p>
+Return to the <a href="index.html">PCRE index page</a>.
+</p>
diff --git a/client/3rd/ShadowSocks/ShadowSocks/pcre/armv7/share/doc/pcre/html/pcre_jit_stack_free.html b/client/3rd/ShadowSocks/ShadowSocks/pcre/armv7/share/doc/pcre/html/pcre_jit_stack_free.html
new file mode 100644
index 00000000..8bd06e46
--- /dev/null
+++ b/client/3rd/ShadowSocks/ShadowSocks/pcre/armv7/share/doc/pcre/html/pcre_jit_stack_free.html
@@ -0,0 +1,48 @@
+<html>
+<head>
+<title>pcre_jit_stack_free specification</title>
+</head>
+<body bgcolor="#FFFFFF" text="#00005A" link="#0066FF" alink="#3399FF" vlink="#2222BB">
+<h1>pcre_jit_stack_free man page</h1>
+<p>
+Return to the <a href="index.html">PCRE index page</a>.
+</p>
+<p>
+This page is part of the PCRE HTML documentation. It was generated automatically
+from the original man page. If there is any nonsense in it, please consult the
+man page, in case the conversion went wrong.
+<br>
+<br><b>
+SYNOPSIS
+</b><br>
+<P>
+<b>#include &#60;pcre.h&#62;</b>
+</P>
+<P>
+<b>void pcre_jit_stack_free(pcre_jit_stack *<i>stack</i>);</b>
+</P>
+<P>
+<b>void pcre16_jit_stack_free(pcre16_jit_stack *<i>stack</i>);</b>
+</P>
+<P>
+<b>void pcre32_jit_stack_free(pcre32_jit_stack *<i>stack</i>);</b>
+</P>
+<br><b>
+DESCRIPTION
+</b><br>
+<P>
+This function is used to free a JIT stack that was created by
+<b>pcre[16|32]_jit_stack_alloc()</b> when it is no longer needed. For more details,
+see the
+<a href="pcrejit.html"><b>pcrejit</b></a>
+page.
+</P>
+<P>
+There is a complete description of the PCRE native API in the
+<a href="pcreapi.html"><b>pcreapi</b></a>
+page and a description of the POSIX API in the
+<a href="pcreposix.html"><b>pcreposix</b></a>
+page.
+<p>
+Return to the <a href="index.html">PCRE index page</a>.
+</p>
diff --git a/client/3rd/ShadowSocks/ShadowSocks/pcre/armv7/share/doc/pcre/html/pcre_maketables.html b/client/3rd/ShadowSocks/ShadowSocks/pcre/armv7/share/doc/pcre/html/pcre_maketables.html
new file mode 100644
index 00000000..3a7b5ebc
--- /dev/null
+++ b/client/3rd/ShadowSocks/ShadowSocks/pcre/armv7/share/doc/pcre/html/pcre_maketables.html
@@ -0,0 +1,48 @@
+<html>
+<head>
+<title>pcre_maketables specification</title>
+</head>
+<body bgcolor="#FFFFFF" text="#00005A" link="#0066FF" alink="#3399FF" vlink="#2222BB">
+<h1>pcre_maketables man page</h1>
+<p>
+Return to the <a href="index.html">PCRE index page</a>.
+</p>
+<p>
+This page is part of the PCRE HTML documentation. It was generated automatically
+from the original man page. If there is any nonsense in it, please consult the
+man page, in case the conversion went wrong.
+<br>
+<br><b>
+SYNOPSIS
+</b><br>
+<P>
+<b>#include &#60;pcre.h&#62;</b>
+</P>
+<P>
+<b>const unsigned char *pcre_maketables(void);</b>
+</P>
+<P>
+<b>const unsigned char *pcre16_maketables(void);</b>
+</P>
+<P>
+<b>const unsigned char *pcre32_maketables(void);</b>
+</P>
+<br><b>
+DESCRIPTION
+</b><br>
+<P>
+This function builds a set of character tables for character values less than
+256. These can be passed to <b>pcre[16|32]_compile()</b> to override PCRE's
+internal, built-in tables (which were made by <b>pcre[16|32]_maketables()</b> when
+PCRE was compiled). You might want to do this if you are using a non-standard
+locale. The function yields a pointer to the tables.
+</P>
+<P>
+There is a complete description of the PCRE native API in the
+<a href="pcreapi.html"><b>pcreapi</b></a>
+page and a description of the POSIX API in the
+<a href="pcreposix.html"><b>pcreposix</b></a>
+page.
+<p>
+Return to the <a href="index.html">PCRE index page</a>.
+</p>
diff --git a/client/3rd/ShadowSocks/ShadowSocks/pcre/armv7/share/doc/pcre/html/pcre_pattern_to_host_byte_order.html b/client/3rd/ShadowSocks/ShadowSocks/pcre/armv7/share/doc/pcre/html/pcre_pattern_to_host_byte_order.html
new file mode 100644
index 00000000..1b1c8037
--- /dev/null
+++ b/client/3rd/ShadowSocks/ShadowSocks/pcre/armv7/share/doc/pcre/html/pcre_pattern_to_host_byte_order.html
@@ -0,0 +1,58 @@
+<html>
+<head>
+<title>pcre_pattern_to_host_byte_order specification</title>
+</head>
+<body bgcolor="#FFFFFF" text="#00005A" link="#0066FF" alink="#3399FF" vlink="#2222BB">
+<h1>pcre_pattern_to_host_byte_order man page</h1>
+<p>
+Return to the <a href="index.html">PCRE index page</a>.
+</p>
+<p>
+This page is part of the PCRE HTML documentation. It was generated automatically
+from the original man page. If there is any nonsense in it, please consult the
+man page, in case the conversion went wrong.
+<br>
+<br><b>
+SYNOPSIS
+</b><br>
+<P>
+<b>#include &#60;pcre.h&#62;</b>
+</P>
+<P>
+<b>int pcre_pattern_to_host_byte_order(pcre *<i>code</i>,</b>
+<b>     pcre_extra *<i>extra</i>, const unsigned char *<i>tables</i>);</b>
+<br>
+<br>
+<b>int pcre16_pattern_to_host_byte_order(pcre16 *<i>code</i>,</b>
+<b>     pcre16_extra *<i>extra</i>, const unsigned char *<i>tables</i>);</b>
+<br>
+<br>
+<b>int pcre32_pattern_to_host_byte_order(pcre32 *<i>code</i>,</b>
+<b>     pcre32_extra *<i>extra</i>, const unsigned char *<i>tables</i>);</b>
+</P>
+<br><b>
+DESCRIPTION
+</b><br>
+<P>
+This function ensures that the bytes in 2-byte and 4-byte values in a compiled
+pattern are in the correct order for the current host. It is useful when a
+pattern that has been compiled on one host is transferred to another that might
+have different endianness. The arguments are:
+<pre>
+  <i>code</i>         A compiled regular expression
+  <i>extra</i>        Points to an associated <b>pcre[16|32]_extra</b> structure,
+                 or is NULL
+  <i>tables</i>       Pointer to character tables, or NULL to
+                 set the built-in default
+</pre>
+The result is 0 for success, a negative PCRE_ERROR_xxx value otherwise.
+</P>
+<P>
+There is a complete description of the PCRE native API in the
+<a href="pcreapi.html"><b>pcreapi</b></a>
+page and a description of the POSIX API in the
+<a href="pcreposix.html"><b>pcreposix</b></a>
+page.
+<p>
+Return to the <a href="index.html">PCRE index page</a>.
+</p>
diff --git a/client/3rd/ShadowSocks/ShadowSocks/pcre/armv7/share/doc/pcre/html/pcre_refcount.html b/client/3rd/ShadowSocks/ShadowSocks/pcre/armv7/share/doc/pcre/html/pcre_refcount.html
new file mode 100644
index 00000000..bfb92e6d
--- /dev/null
+++ b/client/3rd/ShadowSocks/ShadowSocks/pcre/armv7/share/doc/pcre/html/pcre_refcount.html
@@ -0,0 +1,51 @@
+<html>
+<head>
+<title>pcre_refcount specification</title>
+</head>
+<body bgcolor="#FFFFFF" text="#00005A" link="#0066FF" alink="#3399FF" vlink="#2222BB">
+<h1>pcre_refcount man page</h1>
+<p>
+Return to the <a href="index.html">PCRE index page</a>.
+</p>
+<p>
+This page is part of the PCRE HTML documentation. It was generated automatically
+from the original man page. If there is any nonsense in it, please consult the
+man page, in case the conversion went wrong.
+<br>
+<br><b>
+SYNOPSIS
+</b><br>
+<P>
+<b>#include &#60;pcre.h&#62;</b>
+</P>
+<P>
+<b>int pcre_refcount(pcre *<i>code</i>, int <i>adjust</i>);</b>
+</P>
+<P>
+<b>int pcre16_refcount(pcre16 *<i>code</i>, int <i>adjust</i>);</b>
+</P>
+<P>
+<b>int pcre32_refcount(pcre32 *<i>code</i>, int <i>adjust</i>);</b>
+</P>
+<br><b>
+DESCRIPTION
+</b><br>
+<P>
+This function is used to maintain a reference count inside a data block that
+contains a compiled pattern. Its arguments are:
+<pre>
+  <i>code</i>                      Compiled regular expression
+  <i>adjust</i>                    Adjustment to reference value
+</pre>
+The yield of the function is the adjusted reference value, which is constrained
+to lie between 0 and 65535.
+</P>
+<P>
+There is a complete description of the PCRE native API in the
+<a href="pcreapi.html"><b>pcreapi</b></a>
+page and a description of the POSIX API in the
+<a href="pcreposix.html"><b>pcreposix</b></a>
+page.
+<p>
+Return to the <a href="index.html">PCRE index page</a>.
+</p>
diff --git a/client/3rd/ShadowSocks/ShadowSocks/pcre/armv7/share/doc/pcre/html/pcre_study.html b/client/3rd/ShadowSocks/ShadowSocks/pcre/armv7/share/doc/pcre/html/pcre_study.html
new file mode 100644
index 00000000..af82f114
--- /dev/null
+++ b/client/3rd/ShadowSocks/ShadowSocks/pcre/armv7/share/doc/pcre/html/pcre_study.html
@@ -0,0 +1,68 @@
+<html>
+<head>
+<title>pcre_study specification</title>
+</head>
+<body bgcolor="#FFFFFF" text="#00005A" link="#0066FF" alink="#3399FF" vlink="#2222BB">
+<h1>pcre_study man page</h1>
+<p>
+Return to the <a href="index.html">PCRE index page</a>.
+</p>
+<p>
+This page is part of the PCRE HTML documentation. It was generated automatically
+from the original man page. If there is any nonsense in it, please consult the
+man page, in case the conversion went wrong.
+<br>
+<br><b>
+SYNOPSIS
+</b><br>
+<P>
+<b>#include &#60;pcre.h&#62;</b>
+</P>
+<P>
+<b>pcre_extra *pcre_study(const pcre *<i>code</i>, int <i>options</i>,</b>
+<b>     const char **<i>errptr</i>);</b>
+<br>
+<br>
+<b>pcre16_extra *pcre16_study(const pcre16 *<i>code</i>, int <i>options</i>,</b>
+<b>     const char **<i>errptr</i>);</b>
+<br>
+<br>
+<b>pcre32_extra *pcre32_study(const pcre32 *<i>code</i>, int <i>options</i>,</b>
+<b>     const char **<i>errptr</i>);</b>
+</P>
+<br><b>
+DESCRIPTION
+</b><br>
+<P>
+This function studies a compiled pattern, to see if additional information can
+be extracted that might speed up matching. Its arguments are:
+<pre>
+  <i>code</i>       A compiled regular expression
+  <i>options</i>    Options for <b>pcre[16|32]_study()</b>
+  <i>errptr</i>     Where to put an error message
+</pre>
+If the function succeeds, it returns a value that can be passed to
+<b>pcre[16|32]_exec()</b> or <b>pcre[16|32]_dfa_exec()</b> via their <i>extra</i>
+arguments.
+</P>
+<P>
+If the function returns NULL, either it could not find any additional
+information, or there was an error. You can tell the difference by looking at
+the error value. It is NULL in first case.
+</P>
+<P>
+The only option is PCRE_STUDY_JIT_COMPILE. It requests just-in-time compilation
+if possible. If PCRE has been compiled without JIT support, this option is
+ignored. See the
+<a href="pcrejit.html"><b>pcrejit</b></a>
+page for further details.
+</P>
+<P>
+There is a complete description of the PCRE native API in the
+<a href="pcreapi.html"><b>pcreapi</b></a>
+page and a description of the POSIX API in the
+<a href="pcreposix.html"><b>pcreposix</b></a>
+page.
+<p>
+Return to the <a href="index.html">PCRE index page</a>.
+</p>
diff --git a/client/3rd/ShadowSocks/ShadowSocks/pcre/armv7/share/doc/pcre/html/pcre_utf16_to_host_byte_order.html b/client/3rd/ShadowSocks/ShadowSocks/pcre/armv7/share/doc/pcre/html/pcre_utf16_to_host_byte_order.html
new file mode 100644
index 00000000..18e7788f
--- /dev/null
+++ b/client/3rd/ShadowSocks/ShadowSocks/pcre/armv7/share/doc/pcre/html/pcre_utf16_to_host_byte_order.html
@@ -0,0 +1,57 @@
+<html>
+<head>
+<title>pcre_utf16_to_host_byte_order specification</title>
+</head>
+<body bgcolor="#FFFFFF" text="#00005A" link="#0066FF" alink="#3399FF" vlink="#2222BB">
+<h1>pcre_utf16_to_host_byte_order man page</h1>
+<p>
+Return to the <a href="index.html">PCRE index page</a>.
+</p>
+<p>
+This page is part of the PCRE HTML documentation. It was generated automatically
+from the original man page. If there is any nonsense in it, please consult the
+man page, in case the conversion went wrong.
+<br>
+<br><b>
+SYNOPSIS
+</b><br>
+<P>
+<b>#include &#60;pcre.h&#62;</b>
+</P>
+<P>
+<b>int pcre16_utf16_to_host_byte_order(PCRE_UCHAR16 *<i>output</i>,</b>
+<b>     PCRE_SPTR16 <i>input</i>, int <i>length</i>, int *<i>host_byte_order</i>,</b>
+<b>     int <i>keep_boms</i>);</b>
+</P>
+<br><b>
+DESCRIPTION
+</b><br>
+<P>
+This function, which exists only in the 16-bit library, converts a UTF-16
+string to the correct order for the current host, taking account of any byte
+order marks (BOMs) within the string. Its arguments are:
+<pre>
+  <i>output</i>           pointer to output buffer, may be the same as <i>input</i>
+  <i>input</i>            pointer to input buffer
+  <i>length</i>           number of 16-bit units in the input, or negative for
+                     a zero-terminated string
+  <i>host_byte_order</i>  a NULL value or a non-zero value pointed to means
+                     start in host byte order
+  <i>keep_boms</i>        if non-zero, BOMs are copied to the output string
+</pre>
+The result of the function is the number of 16-bit units placed into the output
+buffer, including the zero terminator if the string was zero-terminated.
+</P>
+<P>
+If <i>host_byte_order</i> is not NULL, it is set to indicate the byte order that
+is current at the end of the string.
+</P>
+<P>
+There is a complete description of the PCRE native API in the
+<a href="pcreapi.html"><b>pcreapi</b></a>
+page and a description of the POSIX API in the
+<a href="pcreposix.html"><b>pcreposix</b></a>
+page.
+<p>
+Return to the <a href="index.html">PCRE index page</a>.
+</p>
diff --git a/client/3rd/ShadowSocks/ShadowSocks/pcre/armv7/share/doc/pcre/html/pcre_utf32_to_host_byte_order.html b/client/3rd/ShadowSocks/ShadowSocks/pcre/armv7/share/doc/pcre/html/pcre_utf32_to_host_byte_order.html
new file mode 100644
index 00000000..772ae40c
--- /dev/null
+++ b/client/3rd/ShadowSocks/ShadowSocks/pcre/armv7/share/doc/pcre/html/pcre_utf32_to_host_byte_order.html
@@ -0,0 +1,57 @@
+<html>
+<head>
+<title>pcre_utf32_to_host_byte_order specification</title>
+</head>
+<body bgcolor="#FFFFFF" text="#00005A" link="#0066FF" alink="#3399FF" vlink="#2222BB">
+<h1>pcre_utf32_to_host_byte_order man page</h1>
+<p>
+Return to the <a href="index.html">PCRE index page</a>.
+</p>
+<p>
+This page is part of the PCRE HTML documentation. It was generated automatically
+from the original man page. If there is any nonsense in it, please consult the
+man page, in case the conversion went wrong.
+<br>
+<br><b>
+SYNOPSIS
+</b><br>
+<P>
+<b>#include &#60;pcre.h&#62;</b>
+</P>
+<P>
+<b>int pcre32_utf32_to_host_byte_order(PCRE_UCHAR32 *<i>output</i>,</b>
+<b>     PCRE_SPTR32 <i>input</i>, int <i>length</i>, int *<i>host_byte_order</i>,</b>
+<b>     int <i>keep_boms</i>);</b>
+</P>
+<br><b>
+DESCRIPTION
+</b><br>
+<P>
+This function, which exists only in the 32-bit library, converts a UTF-32
+string to the correct order for the current host, taking account of any byte
+order marks (BOMs) within the string. Its arguments are:
+<pre>
+  <i>output</i>           pointer to output buffer, may be the same as <i>input</i>
+  <i>input</i>            pointer to input buffer
+  <i>length</i>           number of 32-bit units in the input, or negative for
+                     a zero-terminated string
+  <i>host_byte_order</i>  a NULL value or a non-zero value pointed to means
+                     start in host byte order
+  <i>keep_boms</i>        if non-zero, BOMs are copied to the output string
+</pre>
+The result of the function is the number of 32-bit units placed into the output
+buffer, including the zero terminator if the string was zero-terminated.
+</P>
+<P>
+If <i>host_byte_order</i> is not NULL, it is set to indicate the byte order that
+is current at the end of the string.
+</P>
+<P>
+There is a complete description of the PCRE native API in the
+<a href="pcreapi.html"><b>pcreapi</b></a>
+page and a description of the POSIX API in the
+<a href="pcreposix.html"><b>pcreposix</b></a>
+page.
+<p>
+Return to the <a href="index.html">PCRE index page</a>.
+</p>
diff --git a/client/3rd/ShadowSocks/ShadowSocks/pcre/armv7/share/doc/pcre/html/pcre_version.html b/client/3rd/ShadowSocks/ShadowSocks/pcre/armv7/share/doc/pcre/html/pcre_version.html
new file mode 100644
index 00000000..d33e7189
--- /dev/null
+++ b/client/3rd/ShadowSocks/ShadowSocks/pcre/armv7/share/doc/pcre/html/pcre_version.html
@@ -0,0 +1,46 @@
+<html>
+<head>
+<title>pcre_version specification</title>
+</head>
+<body bgcolor="#FFFFFF" text="#00005A" link="#0066FF" alink="#3399FF" vlink="#2222BB">
+<h1>pcre_version man page</h1>
+<p>
+Return to the <a href="index.html">PCRE index page</a>.
+</p>
+<p>
+This page is part of the PCRE HTML documentation. It was generated automatically
+from the original man page. If there is any nonsense in it, please consult the
+man page, in case the conversion went wrong.
+<br>
+<br><b>
+SYNOPSIS
+</b><br>
+<P>
+<b>#include &#60;pcre.h&#62;</b>
+</P>
+<P>
+<b>const char *pcre_version(void);</b>
+</P>
+<P>
+<b>const char *pcre16_version(void);</b>
+</P>
+<P>
+<b>const char *pcre32_version(void);</b>
+</P>
+<br><b>
+DESCRIPTION
+</b><br>
+<P>
+This function (even in the 16-bit and 32-bit libraries) returns a
+zero-terminated, 8-bit character string that gives the version number of the
+PCRE library and the date of its release.
+</P>
+<P>
+There is a complete description of the PCRE native API in the
+<a href="pcreapi.html"><b>pcreapi</b></a>
+page and a description of the POSIX API in the
+<a href="pcreposix.html"><b>pcreposix</b></a>
+page.
+<p>
+Return to the <a href="index.html">PCRE index page</a>.
+</p>
diff --git a/client/3rd/ShadowSocks/ShadowSocks/pcre/armv7/share/doc/pcre/html/pcreapi.html b/client/3rd/ShadowSocks/ShadowSocks/pcre/armv7/share/doc/pcre/html/pcreapi.html
new file mode 100644
index 00000000..2d7adf18
--- /dev/null
+++ b/client/3rd/ShadowSocks/ShadowSocks/pcre/armv7/share/doc/pcre/html/pcreapi.html
@@ -0,0 +1,2921 @@
+<html>
+<head>
+<title>pcreapi specification</title>
+</head>
+<body bgcolor="#FFFFFF" text="#00005A" link="#0066FF" alink="#3399FF" vlink="#2222BB">
+<h1>pcreapi man page</h1>
+<p>
+Return to the <a href="index.html">PCRE index page</a>.
+</p>
+<p>
+This page is part of the PCRE HTML documentation. It was generated automatically
+from the original man page. If there is any nonsense in it, please consult the
+man page, in case the conversion went wrong.
+<br>
+<ul>
+<li><a name="TOC1" href="#SEC1">PCRE NATIVE API BASIC FUNCTIONS</a>
+<li><a name="TOC2" href="#SEC2">PCRE NATIVE API STRING EXTRACTION FUNCTIONS</a>
+<li><a name="TOC3" href="#SEC3">PCRE NATIVE API AUXILIARY FUNCTIONS</a>
+<li><a name="TOC4" href="#SEC4">PCRE NATIVE API INDIRECTED FUNCTIONS</a>
+<li><a name="TOC5" href="#SEC5">PCRE 8-BIT, 16-BIT, AND 32-BIT LIBRARIES</a>
+<li><a name="TOC6" href="#SEC6">PCRE API OVERVIEW</a>
+<li><a name="TOC7" href="#SEC7">NEWLINES</a>
+<li><a name="TOC8" href="#SEC8">MULTITHREADING</a>
+<li><a name="TOC9" href="#SEC9">SAVING PRECOMPILED PATTERNS FOR LATER USE</a>
+<li><a name="TOC10" href="#SEC10">CHECKING BUILD-TIME OPTIONS</a>
+<li><a name="TOC11" href="#SEC11">COMPILING A PATTERN</a>
+<li><a name="TOC12" href="#SEC12">COMPILATION ERROR CODES</a>
+<li><a name="TOC13" href="#SEC13">STUDYING A PATTERN</a>
+<li><a name="TOC14" href="#SEC14">LOCALE SUPPORT</a>
+<li><a name="TOC15" href="#SEC15">INFORMATION ABOUT A PATTERN</a>
+<li><a name="TOC16" href="#SEC16">REFERENCE COUNTS</a>
+<li><a name="TOC17" href="#SEC17">MATCHING A PATTERN: THE TRADITIONAL FUNCTION</a>
+<li><a name="TOC18" href="#SEC18">EXTRACTING CAPTURED SUBSTRINGS BY NUMBER</a>
+<li><a name="TOC19" href="#SEC19">EXTRACTING CAPTURED SUBSTRINGS BY NAME</a>
+<li><a name="TOC20" href="#SEC20">DUPLICATE SUBPATTERN NAMES</a>
+<li><a name="TOC21" href="#SEC21">FINDING ALL POSSIBLE MATCHES</a>
+<li><a name="TOC22" href="#SEC22">OBTAINING AN ESTIMATE OF STACK USAGE</a>
+<li><a name="TOC23" href="#SEC23">MATCHING A PATTERN: THE ALTERNATIVE FUNCTION</a>
+<li><a name="TOC24" href="#SEC24">SEE ALSO</a>
+<li><a name="TOC25" href="#SEC25">AUTHOR</a>
+<li><a name="TOC26" href="#SEC26">REVISION</a>
+</ul>
+<P>
+<b>#include &#60;pcre.h&#62;</b>
+</P>
+<br><a name="SEC1" href="#TOC1">PCRE NATIVE API BASIC FUNCTIONS</a><br>
+<P>
+<b>pcre *pcre_compile(const char *<i>pattern</i>, int <i>options</i>,</b>
+<b>     const char **<i>errptr</i>, int *<i>erroffset</i>,</b>
+<b>     const unsigned char *<i>tableptr</i>);</b>
+<br>
+<br>
+<b>pcre *pcre_compile2(const char *<i>pattern</i>, int <i>options</i>,</b>
+<b>     int *<i>errorcodeptr</i>,</b>
+<b>     const char **<i>errptr</i>, int *<i>erroffset</i>,</b>
+<b>     const unsigned char *<i>tableptr</i>);</b>
+<br>
+<br>
+<b>pcre_extra *pcre_study(const pcre *<i>code</i>, int <i>options</i>,</b>
+<b>     const char **<i>errptr</i>);</b>
+<br>
+<br>
+<b>void pcre_free_study(pcre_extra *<i>extra</i>);</b>
+<br>
+<br>
+<b>int pcre_exec(const pcre *<i>code</i>, const pcre_extra *<i>extra</i>,</b>
+<b>     const char *<i>subject</i>, int <i>length</i>, int <i>startoffset</i>,</b>
+<b>     int <i>options</i>, int *<i>ovector</i>, int <i>ovecsize</i>);</b>
+<br>
+<br>
+<b>int pcre_dfa_exec(const pcre *<i>code</i>, const pcre_extra *<i>extra</i>,</b>
+<b>     const char *<i>subject</i>, int <i>length</i>, int <i>startoffset</i>,</b>
+<b>     int <i>options</i>, int *<i>ovector</i>, int <i>ovecsize</i>,</b>
+<b>     int *<i>workspace</i>, int <i>wscount</i>);</b>
+</P>
+<br><a name="SEC2" href="#TOC1">PCRE NATIVE API STRING EXTRACTION FUNCTIONS</a><br>
+<P>
+<b>int pcre_copy_named_substring(const pcre *<i>code</i>,</b>
+<b>     const char *<i>subject</i>, int *<i>ovector</i>,</b>
+<b>     int <i>stringcount</i>, const char *<i>stringname</i>,</b>
+<b>     char *<i>buffer</i>, int <i>buffersize</i>);</b>
+<br>
+<br>
+<b>int pcre_copy_substring(const char *<i>subject</i>, int *<i>ovector</i>,</b>
+<b>     int <i>stringcount</i>, int <i>stringnumber</i>, char *<i>buffer</i>,</b>
+<b>     int <i>buffersize</i>);</b>
+<br>
+<br>
+<b>int pcre_get_named_substring(const pcre *<i>code</i>,</b>
+<b>     const char *<i>subject</i>, int *<i>ovector</i>,</b>
+<b>     int <i>stringcount</i>, const char *<i>stringname</i>,</b>
+<b>     const char **<i>stringptr</i>);</b>
+<br>
+<br>
+<b>int pcre_get_stringnumber(const pcre *<i>code</i>,</b>
+<b>     const char *<i>name</i>);</b>
+<br>
+<br>
+<b>int pcre_get_stringtable_entries(const pcre *<i>code</i>,</b>
+<b>     const char *<i>name</i>, char **<i>first</i>, char **<i>last</i>);</b>
+<br>
+<br>
+<b>int pcre_get_substring(const char *<i>subject</i>, int *<i>ovector</i>,</b>
+<b>     int <i>stringcount</i>, int <i>stringnumber</i>,</b>
+<b>     const char **<i>stringptr</i>);</b>
+<br>
+<br>
+<b>int pcre_get_substring_list(const char *<i>subject</i>,</b>
+<b>     int *<i>ovector</i>, int <i>stringcount</i>, const char ***<i>listptr</i>);</b>
+<br>
+<br>
+<b>void pcre_free_substring(const char *<i>stringptr</i>);</b>
+<br>
+<br>
+<b>void pcre_free_substring_list(const char **<i>stringptr</i>);</b>
+</P>
+<br><a name="SEC3" href="#TOC1">PCRE NATIVE API AUXILIARY FUNCTIONS</a><br>
+<P>
+<b>int pcre_jit_exec(const pcre *<i>code</i>, const pcre_extra *<i>extra</i>,</b>
+<b>     const char *<i>subject</i>, int <i>length</i>, int <i>startoffset</i>,</b>
+<b>     int <i>options</i>, int *<i>ovector</i>, int <i>ovecsize</i>,</b>
+<b>     pcre_jit_stack *<i>jstack</i>);</b>
+<br>
+<br>
+<b>pcre_jit_stack *pcre_jit_stack_alloc(int <i>startsize</i>, int <i>maxsize</i>);</b>
+<br>
+<br>
+<b>void pcre_jit_stack_free(pcre_jit_stack *<i>stack</i>);</b>
+<br>
+<br>
+<b>void pcre_assign_jit_stack(pcre_extra *<i>extra</i>,</b>
+<b>     pcre_jit_callback <i>callback</i>, void *<i>data</i>);</b>
+<br>
+<br>
+<b>const unsigned char *pcre_maketables(void);</b>
+<br>
+<br>
+<b>int pcre_fullinfo(const pcre *<i>code</i>, const pcre_extra *<i>extra</i>,</b>
+<b>     int <i>what</i>, void *<i>where</i>);</b>
+<br>
+<br>
+<b>int pcre_refcount(pcre *<i>code</i>, int <i>adjust</i>);</b>
+<br>
+<br>
+<b>int pcre_config(int <i>what</i>, void *<i>where</i>);</b>
+<br>
+<br>
+<b>const char *pcre_version(void);</b>
+<br>
+<br>
+<b>int pcre_pattern_to_host_byte_order(pcre *<i>code</i>,</b>
+<b>     pcre_extra *<i>extra</i>, const unsigned char *<i>tables</i>);</b>
+</P>
+<br><a name="SEC4" href="#TOC1">PCRE NATIVE API INDIRECTED FUNCTIONS</a><br>
+<P>
+<b>void *(*pcre_malloc)(size_t);</b>
+<br>
+<br>
+<b>void (*pcre_free)(void *);</b>
+<br>
+<br>
+<b>void *(*pcre_stack_malloc)(size_t);</b>
+<br>
+<br>
+<b>void (*pcre_stack_free)(void *);</b>
+<br>
+<br>
+<b>int (*pcre_callout)(pcre_callout_block *);</b>
+<br>
+<br>
+<b>int (*pcre_stack_guard)(void);</b>
+</P>
+<br><a name="SEC5" href="#TOC1">PCRE 8-BIT, 16-BIT, AND 32-BIT LIBRARIES</a><br>
+<P>
+As well as support for 8-bit character strings, PCRE also supports 16-bit
+strings (from release 8.30) and 32-bit strings (from release 8.32), by means of
+two additional libraries. They can be built as well as, or instead of, the
+8-bit library. To avoid too much complication, this document describes the
+8-bit versions of the functions, with only occasional references to the 16-bit
+and 32-bit libraries.
+</P>
+<P>
+The 16-bit and 32-bit functions operate in the same way as their 8-bit
+counterparts; they just use different data types for their arguments and
+results, and their names start with <b>pcre16_</b> or <b>pcre32_</b> instead of
+<b>pcre_</b>. For every option that has UTF8 in its name (for example,
+PCRE_UTF8), there are corresponding 16-bit and 32-bit names with UTF8 replaced
+by UTF16 or UTF32, respectively. This facility is in fact just cosmetic; the
+16-bit and 32-bit option names define the same bit values.
+</P>
+<P>
+References to bytes and UTF-8 in this document should be read as references to
+16-bit data units and UTF-16 when using the 16-bit library, or 32-bit data
+units and UTF-32 when using the 32-bit library, unless specified otherwise.
+More details of the specific differences for the 16-bit and 32-bit libraries
+are given in the
+<a href="pcre16.html"><b>pcre16</b></a>
+and
+<a href="pcre32.html"><b>pcre32</b></a>
+pages.
+</P>
+<br><a name="SEC6" href="#TOC1">PCRE API OVERVIEW</a><br>
+<P>
+PCRE has its own native API, which is described in this document. There are
+also some wrapper functions (for the 8-bit library only) that correspond to the
+POSIX regular expression API, but they do not give access to all the
+functionality. They are described in the
+<a href="pcreposix.html"><b>pcreposix</b></a>
+documentation. Both of these APIs define a set of C function calls. A C++
+wrapper (again for the 8-bit library only) is also distributed with PCRE. It is
+documented in the
+<a href="pcrecpp.html"><b>pcrecpp</b></a>
+page.
+</P>
+<P>
+The native API C function prototypes are defined in the header file
+<b>pcre.h</b>, and on Unix-like systems the (8-bit) library itself is called
+<b>libpcre</b>. It can normally be accessed by adding <b>-lpcre</b> to the
+command for linking an application that uses PCRE. The header file defines the
+macros PCRE_MAJOR and PCRE_MINOR to contain the major and minor release numbers
+for the library. Applications can use these to include support for different
+releases of PCRE.
+</P>
+<P>
+In a Windows environment, if you want to statically link an application program
+against a non-dll <b>pcre.a</b> file, you must define PCRE_STATIC before
+including <b>pcre.h</b> or <b>pcrecpp.h</b>, because otherwise the
+<b>pcre_malloc()</b> and <b>pcre_free()</b> exported functions will be declared
+<b>__declspec(dllimport)</b>, with unwanted results.
+</P>
+<P>
+The functions <b>pcre_compile()</b>, <b>pcre_compile2()</b>, <b>pcre_study()</b>,
+and <b>pcre_exec()</b> are used for compiling and matching regular expressions
+in a Perl-compatible manner. A sample program that demonstrates the simplest
+way of using them is provided in the file called <i>pcredemo.c</i> in the PCRE
+source distribution. A listing of this program is given in the
+<a href="pcredemo.html"><b>pcredemo</b></a>
+documentation, and the
+<a href="pcresample.html"><b>pcresample</b></a>
+documentation describes how to compile and run it.
+</P>
+<P>
+Just-in-time compiler support is an optional feature of PCRE that can be built
+in appropriate hardware environments. It greatly speeds up the matching
+performance of many patterns. Simple programs can easily request that it be
+used if available, by setting an option that is ignored when it is not
+relevant. More complicated programs might need to make use of the functions
+<b>pcre_jit_stack_alloc()</b>, <b>pcre_jit_stack_free()</b>, and
+<b>pcre_assign_jit_stack()</b> in order to control the JIT code's memory usage.
+</P>
+<P>
+From release 8.32 there is also a direct interface for JIT execution, which
+gives improved performance. The JIT-specific functions are discussed in the
+<a href="pcrejit.html"><b>pcrejit</b></a>
+documentation.
+</P>
+<P>
+A second matching function, <b>pcre_dfa_exec()</b>, which is not
+Perl-compatible, is also provided. This uses a different algorithm for the
+matching. The alternative algorithm finds all possible matches (at a given
+point in the subject), and scans the subject just once (unless there are
+lookbehind assertions). However, this algorithm does not return captured
+substrings. A description of the two matching algorithms and their advantages
+and disadvantages is given in the
+<a href="pcrematching.html"><b>pcrematching</b></a>
+documentation.
+</P>
+<P>
+In addition to the main compiling and matching functions, there are convenience
+functions for extracting captured substrings from a subject string that is
+matched by <b>pcre_exec()</b>. They are:
+<pre>
+  <b>pcre_copy_substring()</b>
+  <b>pcre_copy_named_substring()</b>
+  <b>pcre_get_substring()</b>
+  <b>pcre_get_named_substring()</b>
+  <b>pcre_get_substring_list()</b>
+  <b>pcre_get_stringnumber()</b>
+  <b>pcre_get_stringtable_entries()</b>
+</pre>
+<b>pcre_free_substring()</b> and <b>pcre_free_substring_list()</b> are also
+provided, to free the memory used for extracted strings.
+</P>
+<P>
+The function <b>pcre_maketables()</b> is used to build a set of character tables
+in the current locale for passing to <b>pcre_compile()</b>, <b>pcre_exec()</b>,
+or <b>pcre_dfa_exec()</b>. This is an optional facility that is provided for
+specialist use. Most commonly, no special tables are passed, in which case
+internal tables that are generated when PCRE is built are used.
+</P>
+<P>
+The function <b>pcre_fullinfo()</b> is used to find out information about a
+compiled pattern. The function <b>pcre_version()</b> returns a pointer to a
+string containing the version of PCRE and its date of release.
+</P>
+<P>
+The function <b>pcre_refcount()</b> maintains a reference count in a data block
+containing a compiled pattern. This is provided for the benefit of
+object-oriented applications.
+</P>
+<P>
+The global variables <b>pcre_malloc</b> and <b>pcre_free</b> initially contain
+the entry points of the standard <b>malloc()</b> and <b>free()</b> functions,
+respectively. PCRE calls the memory management functions via these variables,
+so a calling program can replace them if it wishes to intercept the calls. This
+should be done before calling any PCRE functions.
+</P>
+<P>
+The global variables <b>pcre_stack_malloc</b> and <b>pcre_stack_free</b> are also
+indirections to memory management functions. These special functions are used
+only when PCRE is compiled to use the heap for remembering data, instead of
+recursive function calls, when running the <b>pcre_exec()</b> function. See the
+<a href="pcrebuild.html"><b>pcrebuild</b></a>
+documentation for details of how to do this. It is a non-standard way of
+building PCRE, for use in environments that have limited stacks. Because of the
+greater use of memory management, it runs more slowly. Separate functions are
+provided so that special-purpose external code can be used for this case. When
+used, these functions always allocate memory blocks of the same size. There is
+a discussion about PCRE's stack usage in the
+<a href="pcrestack.html"><b>pcrestack</b></a>
+documentation.
+</P>
+<P>
+The global variable <b>pcre_callout</b> initially contains NULL. It can be set
+by the caller to a "callout" function, which PCRE will then call at specified
+points during a matching operation. Details are given in the
+<a href="pcrecallout.html"><b>pcrecallout</b></a>
+documentation.
+</P>
+<P>
+The global variable <b>pcre_stack_guard</b> initially contains NULL. It can be
+set by the caller to a function that is called by PCRE whenever it starts
+to compile a parenthesized part of a pattern. When parentheses are nested, PCRE
+uses recursive function calls, which use up the system stack. This function is
+provided so that applications with restricted stacks can force a compilation
+error if the stack runs out. The function should return zero if all is well, or
+non-zero to force an error.
+<a name="newlines"></a></P>
+<br><a name="SEC7" href="#TOC1">NEWLINES</a><br>
+<P>
+PCRE supports five different conventions for indicating line breaks in
+strings: a single CR (carriage return) character, a single LF (linefeed)
+character, the two-character sequence CRLF, any of the three preceding, or any
+Unicode newline sequence. The Unicode newline sequences are the three just
+mentioned, plus the single characters VT (vertical tab, U+000B), FF (form feed,
+U+000C), NEL (next line, U+0085), LS (line separator, U+2028), and PS
+(paragraph separator, U+2029).
+</P>
+<P>
+Each of the first three conventions is used by at least one operating system as
+its standard newline sequence. When PCRE is built, a default can be specified.
+The default default is LF, which is the Unix standard. When PCRE is run, the
+default can be overridden, either when a pattern is compiled, or when it is
+matched.
+</P>
+<P>
+At compile time, the newline convention can be specified by the <i>options</i>
+argument of <b>pcre_compile()</b>, or it can be specified by special text at the
+start of the pattern itself; this overrides any other settings. See the
+<a href="pcrepattern.html"><b>pcrepattern</b></a>
+page for details of the special character sequences.
+</P>
+<P>
+In the PCRE documentation the word "newline" is used to mean "the character or
+pair of characters that indicate a line break". The choice of newline
+convention affects the handling of the dot, circumflex, and dollar
+metacharacters, the handling of #-comments in /x mode, and, when CRLF is a
+recognized line ending sequence, the match position advancement for a
+non-anchored pattern. There is more detail about this in the
+<a href="#execoptions">section on <b>pcre_exec()</b> options</a>
+below.
+</P>
+<P>
+The choice of newline convention does not affect the interpretation of
+the \n or \r escape sequences, nor does it affect what \R matches, which is
+controlled in a similar way, but by separate options.
+</P>
+<br><a name="SEC8" href="#TOC1">MULTITHREADING</a><br>
+<P>
+The PCRE functions can be used in multi-threading applications, with the
+proviso that the memory management functions pointed to by <b>pcre_malloc</b>,
+<b>pcre_free</b>, <b>pcre_stack_malloc</b>, and <b>pcre_stack_free</b>, and the
+callout and stack-checking functions pointed to by <b>pcre_callout</b> and
+<b>pcre_stack_guard</b>, are shared by all threads.
+</P>
+<P>
+The compiled form of a regular expression is not altered during matching, so
+the same compiled pattern can safely be used by several threads at once.
+</P>
+<P>
+If the just-in-time optimization feature is being used, it needs separate
+memory stack areas for each thread. See the
+<a href="pcrejit.html"><b>pcrejit</b></a>
+documentation for more details.
+</P>
+<br><a name="SEC9" href="#TOC1">SAVING PRECOMPILED PATTERNS FOR LATER USE</a><br>
+<P>
+The compiled form of a regular expression can be saved and re-used at a later
+time, possibly by a different program, and even on a host other than the one on
+which it was compiled. Details are given in the
+<a href="pcreprecompile.html"><b>pcreprecompile</b></a>
+documentation, which includes a description of the
+<b>pcre_pattern_to_host_byte_order()</b> function. However, compiling a regular
+expression with one version of PCRE for use with a different version is not
+guaranteed to work and may cause crashes.
+</P>
+<br><a name="SEC10" href="#TOC1">CHECKING BUILD-TIME OPTIONS</a><br>
+<P>
+<b>int pcre_config(int <i>what</i>, void *<i>where</i>);</b>
+</P>
+<P>
+The function <b>pcre_config()</b> makes it possible for a PCRE client to
+discover which optional features have been compiled into the PCRE library. The
+<a href="pcrebuild.html"><b>pcrebuild</b></a>
+documentation has more details about these optional features.
+</P>
+<P>
+The first argument for <b>pcre_config()</b> is an integer, specifying which
+information is required; the second argument is a pointer to a variable into
+which the information is placed. The returned value is zero on success, or the
+negative error code PCRE_ERROR_BADOPTION if the value in the first argument is
+not recognized. The following information is available:
+<pre>
+  PCRE_CONFIG_UTF8
+</pre>
+The output is an integer that is set to one if UTF-8 support is available;
+otherwise it is set to zero. This value should normally be given to the 8-bit
+version of this function, <b>pcre_config()</b>. If it is given to the 16-bit
+or 32-bit version of this function, the result is PCRE_ERROR_BADOPTION.
+<pre>
+  PCRE_CONFIG_UTF16
+</pre>
+The output is an integer that is set to one if UTF-16 support is available;
+otherwise it is set to zero. This value should normally be given to the 16-bit
+version of this function, <b>pcre16_config()</b>. If it is given to the 8-bit
+or 32-bit version of this function, the result is PCRE_ERROR_BADOPTION.
+<pre>
+  PCRE_CONFIG_UTF32
+</pre>
+The output is an integer that is set to one if UTF-32 support is available;
+otherwise it is set to zero. This value should normally be given to the 32-bit
+version of this function, <b>pcre32_config()</b>. If it is given to the 8-bit
+or 16-bit version of this function, the result is PCRE_ERROR_BADOPTION.
+<pre>
+  PCRE_CONFIG_UNICODE_PROPERTIES
+</pre>
+The output is an integer that is set to one if support for Unicode character
+properties is available; otherwise it is set to zero.
+<pre>
+  PCRE_CONFIG_JIT
+</pre>
+The output is an integer that is set to one if support for just-in-time
+compiling is available; otherwise it is set to zero.
+<pre>
+  PCRE_CONFIG_JITTARGET
+</pre>
+The output is a pointer to a zero-terminated "const char *" string. If JIT
+support is available, the string contains the name of the architecture for
+which the JIT compiler is configured, for example "x86 32bit (little endian +
+unaligned)". If JIT support is not available, the result is NULL.
+<pre>
+  PCRE_CONFIG_NEWLINE
+</pre>
+The output is an integer whose value specifies the default character sequence
+that is recognized as meaning "newline". The values that are supported in
+ASCII/Unicode environments are: 10 for LF, 13 for CR, 3338 for CRLF, -2 for
+ANYCRLF, and -1 for ANY. In EBCDIC environments, CR, ANYCRLF, and ANY yield the
+same values. However, the value for LF is normally 21, though some EBCDIC
+environments use 37. The corresponding values for CRLF are 3349 and 3365. The
+default should normally correspond to the standard sequence for your operating
+system.
+<pre>
+  PCRE_CONFIG_BSR
+</pre>
+The output is an integer whose value indicates what character sequences the \R
+escape sequence matches by default. A value of 0 means that \R matches any
+Unicode line ending sequence; a value of 1 means that \R matches only CR, LF,
+or CRLF. The default can be overridden when a pattern is compiled or matched.
+<pre>
+  PCRE_CONFIG_LINK_SIZE
+</pre>
+The output is an integer that contains the number of bytes used for internal
+linkage in compiled regular expressions. For the 8-bit library, the value can
+be 2, 3, or 4. For the 16-bit library, the value is either 2 or 4 and is still
+a number of bytes. For the 32-bit library, the value is either 2 or 4 and is
+still a number of bytes. The default value of 2 is sufficient for all but the
+most massive patterns, since it allows the compiled pattern to be up to 64K in
+size. Larger values allow larger regular expressions to be compiled, at the
+expense of slower matching.
+<pre>
+  PCRE_CONFIG_POSIX_MALLOC_THRESHOLD
+</pre>
+The output is an integer that contains the threshold above which the POSIX
+interface uses <b>malloc()</b> for output vectors. Further details are given in
+the
+<a href="pcreposix.html"><b>pcreposix</b></a>
+documentation.
+<pre>
+  PCRE_CONFIG_PARENS_LIMIT
+</pre>
+The output is a long integer that gives the maximum depth of nesting of
+parentheses (of any kind) in a pattern. This limit is imposed to cap the amount
+of system stack used when a pattern is compiled. It is specified when PCRE is
+built; the default is 250. This limit does not take into account the stack that
+may already be used by the calling application. For finer control over
+compilation stack usage, you can set a pointer to an external checking function
+in <b>pcre_stack_guard</b>.
+<pre>
+  PCRE_CONFIG_MATCH_LIMIT
+</pre>
+The output is a long integer that gives the default limit for the number of
+internal matching function calls in a <b>pcre_exec()</b> execution. Further
+details are given with <b>pcre_exec()</b> below.
+<pre>
+  PCRE_CONFIG_MATCH_LIMIT_RECURSION
+</pre>
+The output is a long integer that gives the default limit for the depth of
+recursion when calling the internal matching function in a <b>pcre_exec()</b>
+execution. Further details are given with <b>pcre_exec()</b> below.
+<pre>
+  PCRE_CONFIG_STACKRECURSE
+</pre>
+The output is an integer that is set to one if internal recursion when running
+<b>pcre_exec()</b> is implemented by recursive function calls that use the stack
+to remember their state. This is the usual way that PCRE is compiled. The
+output is zero if PCRE was compiled to use blocks of data on the heap instead
+of recursive function calls. In this case, <b>pcre_stack_malloc</b> and
+<b>pcre_stack_free</b> are called to manage memory blocks on the heap, thus
+avoiding the use of the stack.
+</P>
+<br><a name="SEC11" href="#TOC1">COMPILING A PATTERN</a><br>
+<P>
+<b>pcre *pcre_compile(const char *<i>pattern</i>, int <i>options</i>,</b>
+<b>     const char **<i>errptr</i>, int *<i>erroffset</i>,</b>
+<b>     const unsigned char *<i>tableptr</i>);</b>
+<br>
+<br>
+<b>pcre *pcre_compile2(const char *<i>pattern</i>, int <i>options</i>,</b>
+<b>     int *<i>errorcodeptr</i>,</b>
+<b>     const char **<i>errptr</i>, int *<i>erroffset</i>,</b>
+<b>     const unsigned char *<i>tableptr</i>);</b>
+</P>
+<P>
+Either of the functions <b>pcre_compile()</b> or <b>pcre_compile2()</b> can be
+called to compile a pattern into an internal form. The only difference between
+the two interfaces is that <b>pcre_compile2()</b> has an additional argument,
+<i>errorcodeptr</i>, via which a numerical error code can be returned. To avoid
+too much repetition, we refer just to <b>pcre_compile()</b> below, but the
+information applies equally to <b>pcre_compile2()</b>.
+</P>
+<P>
+The pattern is a C string terminated by a binary zero, and is passed in the
+<i>pattern</i> argument. A pointer to a single block of memory that is obtained
+via <b>pcre_malloc</b> is returned. This contains the compiled code and related
+data. The <b>pcre</b> type is defined for the returned block; this is a typedef
+for a structure whose contents are not externally defined. It is up to the
+caller to free the memory (via <b>pcre_free</b>) when it is no longer required.
+</P>
+<P>
+Although the compiled code of a PCRE regex is relocatable, that is, it does not
+depend on memory location, the complete <b>pcre</b> data block is not
+fully relocatable, because it may contain a copy of the <i>tableptr</i>
+argument, which is an address (see below).
+</P>
+<P>
+The <i>options</i> argument contains various bit settings that affect the
+compilation. It should be zero if no options are required. The available
+options are described below. Some of them (in particular, those that are
+compatible with Perl, but some others as well) can also be set and unset from
+within the pattern (see the detailed description in the
+<a href="pcrepattern.html"><b>pcrepattern</b></a>
+documentation). For those options that can be different in different parts of
+the pattern, the contents of the <i>options</i> argument specifies their
+settings at the start of compilation and execution. The PCRE_ANCHORED,
+PCRE_BSR_<i>xxx</i>, PCRE_NEWLINE_<i>xxx</i>, PCRE_NO_UTF8_CHECK, and
+PCRE_NO_START_OPTIMIZE options can be set at the time of matching as well as at
+compile time.
+</P>
+<P>
+If <i>errptr</i> is NULL, <b>pcre_compile()</b> returns NULL immediately.
+Otherwise, if compilation of a pattern fails, <b>pcre_compile()</b> returns
+NULL, and sets the variable pointed to by <i>errptr</i> to point to a textual
+error message. This is a static string that is part of the library. You must
+not try to free it. Normally, the offset from the start of the pattern to the
+data unit that was being processed when the error was discovered is placed in
+the variable pointed to by <i>erroffset</i>, which must not be NULL (if it is,
+an immediate error is given). However, for an invalid UTF-8 or UTF-16 string,
+the offset is that of the first data unit of the failing character.
+</P>
+<P>
+Some errors are not detected until the whole pattern has been scanned; in these
+cases, the offset passed back is the length of the pattern. Note that the
+offset is in data units, not characters, even in a UTF mode. It may sometimes
+point into the middle of a UTF-8 or UTF-16 character.
+</P>
+<P>
+If <b>pcre_compile2()</b> is used instead of <b>pcre_compile()</b>, and the
+<i>errorcodeptr</i> argument is not NULL, a non-zero error code number is
+returned via this argument in the event of an error. This is in addition to the
+textual error message. Error codes and messages are listed below.
+</P>
+<P>
+If the final argument, <i>tableptr</i>, is NULL, PCRE uses a default set of
+character tables that are built when PCRE is compiled, using the default C
+locale. Otherwise, <i>tableptr</i> must be an address that is the result of a
+call to <b>pcre_maketables()</b>. This value is stored with the compiled
+pattern, and used again by <b>pcre_exec()</b> and <b>pcre_dfa_exec()</b> when the
+pattern is matched. For more discussion, see the section on locale support
+below.
+</P>
+<P>
+This code fragment shows a typical straightforward call to <b>pcre_compile()</b>:
+<pre>
+  pcre *re;
+  const char *error;
+  int erroffset;
+  re = pcre_compile(
+    "^A.*Z",          /* the pattern */
+    0,                /* default options */
+    &error,           /* for error message */
+    &erroffset,       /* for error offset */
+    NULL);            /* use default character tables */
+</pre>
+The following names for option bits are defined in the <b>pcre.h</b> header
+file:
+<pre>
+  PCRE_ANCHORED
+</pre>
+If this bit is set, the pattern is forced to be "anchored", that is, it is
+constrained to match only at the first matching point in the string that is
+being searched (the "subject string"). This effect can also be achieved by
+appropriate constructs in the pattern itself, which is the only way to do it in
+Perl.
+<pre>
+  PCRE_AUTO_CALLOUT
+</pre>
+If this bit is set, <b>pcre_compile()</b> automatically inserts callout items,
+all with number 255, before each pattern item. For discussion of the callout
+facility, see the
+<a href="pcrecallout.html"><b>pcrecallout</b></a>
+documentation.
+<pre>
+  PCRE_BSR_ANYCRLF
+  PCRE_BSR_UNICODE
+</pre>
+These options (which are mutually exclusive) control what the \R escape
+sequence matches. The choice is either to match only CR, LF, or CRLF, or to
+match any Unicode newline sequence. The default is specified when PCRE is
+built. It can be overridden from within the pattern, or by setting an option
+when a compiled pattern is matched.
+<pre>
+  PCRE_CASELESS
+</pre>
+If this bit is set, letters in the pattern match both upper and lower case
+letters. It is equivalent to Perl's /i option, and it can be changed within a
+pattern by a (?i) option setting. In UTF-8 mode, PCRE always understands the
+concept of case for characters whose values are less than 128, so caseless
+matching is always possible. For characters with higher values, the concept of
+case is supported if PCRE is compiled with Unicode property support, but not
+otherwise. If you want to use caseless matching for characters 128 and above,
+you must ensure that PCRE is compiled with Unicode property support as well as
+with UTF-8 support.
+<pre>
+  PCRE_DOLLAR_ENDONLY
+</pre>
+If this bit is set, a dollar metacharacter in the pattern matches only at the
+end of the subject string. Without this option, a dollar also matches
+immediately before a newline at the end of the string (but not before any other
+newlines). The PCRE_DOLLAR_ENDONLY option is ignored if PCRE_MULTILINE is set.
+There is no equivalent to this option in Perl, and no way to set it within a
+pattern.
+<pre>
+  PCRE_DOTALL
+</pre>
+If this bit is set, a dot metacharacter in the pattern matches a character of
+any value, including one that indicates a newline. However, it only ever
+matches one character, even if newlines are coded as CRLF. Without this option,
+a dot does not match when the current position is at a newline. This option is
+equivalent to Perl's /s option, and it can be changed within a pattern by a
+(?s) option setting. A negative class such as [^a] always matches newline
+characters, independent of the setting of this option.
+<pre>
+  PCRE_DUPNAMES
+</pre>
+If this bit is set, names used to identify capturing subpatterns need not be
+unique. This can be helpful for certain types of pattern when it is known that
+only one instance of the named subpattern can ever be matched. There are more
+details of named subpatterns below; see also the
+<a href="pcrepattern.html"><b>pcrepattern</b></a>
+documentation.
+<pre>
+  PCRE_EXTENDED
+</pre>
+If this bit is set, most white space characters in the pattern are totally
+ignored except when escaped or inside a character class. However, white space
+is not allowed within sequences such as (?&#62; that introduce various
+parenthesized subpatterns, nor within a numerical quantifier such as {1,3}.
+However, ignorable white space is permitted between an item and a following
+quantifier and between a quantifier and a following + that indicates
+possessiveness.
+</P>
+<P>
+White space did not used to include the VT character (code 11), because Perl
+did not treat this character as white space. However, Perl changed at release
+5.18, so PCRE followed at release 8.34, and VT is now treated as white space.
+</P>
+<P>
+PCRE_EXTENDED also causes characters between an unescaped # outside a character
+class and the next newline, inclusive, to be ignored. PCRE_EXTENDED is
+equivalent to Perl's /x option, and it can be changed within a pattern by a
+(?x) option setting.
+</P>
+<P>
+Which characters are interpreted as newlines is controlled by the options
+passed to <b>pcre_compile()</b> or by a special sequence at the start of the
+pattern, as described in the section entitled
+<a href="pcrepattern.html#newlines">"Newline conventions"</a>
+in the <b>pcrepattern</b> documentation. Note that the end of this type of
+comment is a literal newline sequence in the pattern; escape sequences that
+happen to represent a newline do not count.
+</P>
+<P>
+This option makes it possible to include comments inside complicated patterns.
+Note, however, that this applies only to data characters. White space characters
+may never appear within special character sequences in a pattern, for example
+within the sequence (?( that introduces a conditional subpattern.
+<pre>
+  PCRE_EXTRA
+</pre>
+This option was invented in order to turn on additional functionality of PCRE
+that is incompatible with Perl, but it is currently of very little use. When
+set, any backslash in a pattern that is followed by a letter that has no
+special meaning causes an error, thus reserving these combinations for future
+expansion. By default, as in Perl, a backslash followed by a letter with no
+special meaning is treated as a literal. (Perl can, however, be persuaded to
+give an error for this, by running it with the -w option.) There are at present
+no other features controlled by this option. It can also be set by a (?X)
+option setting within a pattern.
+<pre>
+  PCRE_FIRSTLINE
+</pre>
+If this option is set, an unanchored pattern is required to match before or at
+the first newline in the subject string, though the matched text may continue
+over the newline.
+<pre>
+  PCRE_JAVASCRIPT_COMPAT
+</pre>
+If this option is set, PCRE's behaviour is changed in some ways so that it is
+compatible with JavaScript rather than Perl. The changes are as follows:
+</P>
+<P>
+(1) A lone closing square bracket in a pattern causes a compile-time error,
+because this is illegal in JavaScript (by default it is treated as a data
+character). Thus, the pattern AB]CD becomes illegal when this option is set.
+</P>
+<P>
+(2) At run time, a back reference to an unset subpattern group matches an empty
+string (by default this causes the current matching alternative to fail). A
+pattern such as (\1)(a) succeeds when this option is set (assuming it can find
+an "a" in the subject), whereas it fails by default, for Perl compatibility.
+</P>
+<P>
+(3) \U matches an upper case "U" character; by default \U causes a compile
+time error (Perl uses \U to upper case subsequent characters).
+</P>
+<P>
+(4) \u matches a lower case "u" character unless it is followed by four
+hexadecimal digits, in which case the hexadecimal number defines the code point
+to match. By default, \u causes a compile time error (Perl uses it to upper
+case the following character).
+</P>
+<P>
+(5) \x matches a lower case "x" character unless it is followed by two
+hexadecimal digits, in which case the hexadecimal number defines the code point
+to match. By default, as in Perl, a hexadecimal number is always expected after
+\x, but it may have zero, one, or two digits (so, for example, \xz matches a
+binary zero character followed by z).
+<pre>
+  PCRE_MULTILINE
+</pre>
+By default, for the purposes of matching "start of line" and "end of line",
+PCRE treats the subject string as consisting of a single line of characters,
+even if it actually contains newlines. The "start of line" metacharacter (^)
+matches only at the start of the string, and the "end of line" metacharacter
+($) matches only at the end of the string, or before a terminating newline
+(except when PCRE_DOLLAR_ENDONLY is set). Note, however, that unless
+PCRE_DOTALL is set, the "any character" metacharacter (.) does not match at a
+newline. This behaviour (for ^, $, and dot) is the same as Perl.
+</P>
+<P>
+When PCRE_MULTILINE it is set, the "start of line" and "end of line" constructs
+match immediately following or immediately before internal newlines in the
+subject string, respectively, as well as at the very start and end. This is
+equivalent to Perl's /m option, and it can be changed within a pattern by a
+(?m) option setting. If there are no newlines in a subject string, or no
+occurrences of ^ or $ in a pattern, setting PCRE_MULTILINE has no effect.
+<pre>
+  PCRE_NEVER_UTF
+</pre>
+This option locks out interpretation of the pattern as UTF-8 (or UTF-16 or
+UTF-32 in the 16-bit and 32-bit libraries). In particular, it prevents the
+creator of the pattern from switching to UTF interpretation by starting the
+pattern with (*UTF). This may be useful in applications that process patterns
+from external sources. The combination of PCRE_UTF8 and PCRE_NEVER_UTF also
+causes an error.
+<pre>
+  PCRE_NEWLINE_CR
+  PCRE_NEWLINE_LF
+  PCRE_NEWLINE_CRLF
+  PCRE_NEWLINE_ANYCRLF
+  PCRE_NEWLINE_ANY
+</pre>
+These options override the default newline definition that was chosen when PCRE
+was built. Setting the first or the second specifies that a newline is
+indicated by a single character (CR or LF, respectively). Setting
+PCRE_NEWLINE_CRLF specifies that a newline is indicated by the two-character
+CRLF sequence. Setting PCRE_NEWLINE_ANYCRLF specifies that any of the three
+preceding sequences should be recognized. Setting PCRE_NEWLINE_ANY specifies
+that any Unicode newline sequence should be recognized.
+</P>
+<P>
+In an ASCII/Unicode environment, the Unicode newline sequences are the three
+just mentioned, plus the single characters VT (vertical tab, U+000B), FF (form
+feed, U+000C), NEL (next line, U+0085), LS (line separator, U+2028), and PS
+(paragraph separator, U+2029). For the 8-bit library, the last two are
+recognized only in UTF-8 mode.
+</P>
+<P>
+When PCRE is compiled to run in an EBCDIC (mainframe) environment, the code for
+CR is 0x0d, the same as ASCII. However, the character code for LF is normally
+0x15, though in some EBCDIC environments 0x25 is used. Whichever of these is
+not LF is made to correspond to Unicode's NEL character. EBCDIC codes are all
+less than 256. For more details, see the
+<a href="pcrebuild.html"><b>pcrebuild</b></a>
+documentation.
+</P>
+<P>
+The newline setting in the options word uses three bits that are treated
+as a number, giving eight possibilities. Currently only six are used (default
+plus the five values above). This means that if you set more than one newline
+option, the combination may or may not be sensible. For example,
+PCRE_NEWLINE_CR with PCRE_NEWLINE_LF is equivalent to PCRE_NEWLINE_CRLF, but
+other combinations may yield unused numbers and cause an error.
+</P>
+<P>
+The only time that a line break in a pattern is specially recognized when
+compiling is when PCRE_EXTENDED is set. CR and LF are white space characters,
+and so are ignored in this mode. Also, an unescaped # outside a character class
+indicates a comment that lasts until after the next line break sequence. In
+other circumstances, line break sequences in patterns are treated as literal
+data.
+</P>
+<P>
+The newline option that is set at compile time becomes the default that is used
+for <b>pcre_exec()</b> and <b>pcre_dfa_exec()</b>, but it can be overridden.
+<pre>
+  PCRE_NO_AUTO_CAPTURE
+</pre>
+If this option is set, it disables the use of numbered capturing parentheses in
+the pattern. Any opening parenthesis that is not followed by ? behaves as if it
+were followed by ?: but named parentheses can still be used for capturing (and
+they acquire numbers in the usual way). There is no equivalent of this option
+in Perl.
+<pre>
+  PCRE_NO_AUTO_POSSESS
+</pre>
+If this option is set, it disables "auto-possessification". This is an
+optimization that, for example, turns a+b into a++b in order to avoid
+backtracks into a+ that can never be successful. However, if callouts are in
+use, auto-possessification means that some of them are never taken. You can set
+this option if you want the matching functions to do a full unoptimized search
+and run all the callouts, but it is mainly provided for testing purposes.
+<pre>
+  PCRE_NO_START_OPTIMIZE
+</pre>
+This is an option that acts at matching time; that is, it is really an option
+for <b>pcre_exec()</b> or <b>pcre_dfa_exec()</b>. If it is set at compile time,
+it is remembered with the compiled pattern and assumed at matching time. This
+is necessary if you want to use JIT execution, because the JIT compiler needs
+to know whether or not this option is set. For details see the discussion of
+PCRE_NO_START_OPTIMIZE
+<a href="#execoptions">below.</a>
+<pre>
+  PCRE_UCP
+</pre>
+This option changes the way PCRE processes \B, \b, \D, \d, \S, \s, \W,
+\w, and some of the POSIX character classes. By default, only ASCII characters
+are recognized, but if PCRE_UCP is set, Unicode properties are used instead to
+classify characters. More details are given in the section on
+<a href="pcre.html#genericchartypes">generic character types</a>
+in the
+<a href="pcrepattern.html"><b>pcrepattern</b></a>
+page. If you set PCRE_UCP, matching one of the items it affects takes much
+longer. The option is available only if PCRE has been compiled with Unicode
+property support.
+<pre>
+  PCRE_UNGREEDY
+</pre>
+This option inverts the "greediness" of the quantifiers so that they are not
+greedy by default, but become greedy if followed by "?". It is not compatible
+with Perl. It can also be set by a (?U) option setting within the pattern.
+<pre>
+  PCRE_UTF8
+</pre>
+This option causes PCRE to regard both the pattern and the subject as strings
+of UTF-8 characters instead of single-byte strings. However, it is available
+only when PCRE is built to include UTF support. If not, the use of this option
+provokes an error. Details of how this option changes the behaviour of PCRE are
+given in the
+<a href="pcreunicode.html"><b>pcreunicode</b></a>
+page.
+<pre>
+  PCRE_NO_UTF8_CHECK
+</pre>
+When PCRE_UTF8 is set, the validity of the pattern as a UTF-8 string is
+automatically checked. There is a discussion about the
+<a href="pcreunicode.html#utf8strings">validity of UTF-8 strings</a>
+in the
+<a href="pcreunicode.html"><b>pcreunicode</b></a>
+page. If an invalid UTF-8 sequence is found, <b>pcre_compile()</b> returns an
+error. If you already know that your pattern is valid, and you want to skip
+this check for performance reasons, you can set the PCRE_NO_UTF8_CHECK option.
+When it is set, the effect of passing an invalid UTF-8 string as a pattern is
+undefined. It may cause your program to crash or loop. Note that this option
+can also be passed to <b>pcre_exec()</b> and <b>pcre_dfa_exec()</b>, to suppress
+the validity checking of subject strings only. If the same string is being
+matched many times, the option can be safely set for the second and subsequent
+matchings to improve performance.
+</P>
+<br><a name="SEC12" href="#TOC1">COMPILATION ERROR CODES</a><br>
+<P>
+The following table lists the error codes than may be returned by
+<b>pcre_compile2()</b>, along with the error messages that may be returned by
+both compiling functions. Note that error messages are always 8-bit ASCII
+strings, even in 16-bit or 32-bit mode. As PCRE has developed, some error codes
+have fallen out of use. To avoid confusion, they have not been re-used.
+<pre>
+   0  no error
+   1  \ at end of pattern
+   2  \c at end of pattern
+   3  unrecognized character follows \
+   4  numbers out of order in {} quantifier
+   5  number too big in {} quantifier
+   6  missing terminating ] for character class
+   7  invalid escape sequence in character class
+   8  range out of order in character class
+   9  nothing to repeat
+  10  [this code is not in use]
+  11  internal error: unexpected repeat
+  12  unrecognized character after (? or (?-
+  13  POSIX named classes are supported only within a class
+  14  missing )
+  15  reference to non-existent subpattern
+  16  erroffset passed as NULL
+  17  unknown option bit(s) set
+  18  missing ) after comment
+  19  [this code is not in use]
+  20  regular expression is too large
+  21  failed to get memory
+  22  unmatched parentheses
+  23  internal error: code overflow
+  24  unrecognized character after (?&#60;
+  25  lookbehind assertion is not fixed length
+  26  malformed number or name after (?(
+  27  conditional group contains more than two branches
+  28  assertion expected after (?(
+  29  (?R or (?[+-]digits must be followed by )
+  30  unknown POSIX class name
+  31  POSIX collating elements are not supported
+  32  this version of PCRE is compiled without UTF support
+  33  [this code is not in use]
+  34  character value in \x{} or \o{} is too large
+  35  invalid condition (?(0)
+  36  \C not allowed in lookbehind assertion
+  37  PCRE does not support \L, \l, \N{name}, \U, or \u
+  38  number after (?C is &#62; 255
+  39  closing ) for (?C expected
+  40  recursive call could loop indefinitely
+  41  unrecognized character after (?P
+  42  syntax error in subpattern name (missing terminator)
+  43  two named subpatterns have the same name
+  44  invalid UTF-8 string (specifically UTF-8)
+  45  support for \P, \p, and \X has not been compiled
+  46  malformed \P or \p sequence
+  47  unknown property name after \P or \p
+  48  subpattern name is too long (maximum 32 characters)
+  49  too many named subpatterns (maximum 10000)
+  50  [this code is not in use]
+  51  octal value is greater than \377 in 8-bit non-UTF-8 mode
+  52  internal error: overran compiling workspace
+  53  internal error: previously-checked referenced subpattern
+        not found
+  54  DEFINE group contains more than one branch
+  55  repeating a DEFINE group is not allowed
+  56  inconsistent NEWLINE options
+  57  \g is not followed by a braced, angle-bracketed, or quoted
+        name/number or by a plain number
+  58  a numbered reference must not be zero
+  59  an argument is not allowed for (*ACCEPT), (*FAIL), or (*COMMIT)
+  60  (*VERB) not recognized or malformed
+  61  number is too big
+  62  subpattern name expected
+  63  digit expected after (?+
+  64  ] is an invalid data character in JavaScript compatibility mode
+  65  different names for subpatterns of the same number are
+        not allowed
+  66  (*MARK) must have an argument
+  67  this version of PCRE is not compiled with Unicode property
+        support
+  68  \c must be followed by an ASCII character
+  69  \k is not followed by a braced, angle-bracketed, or quoted name
+  70  internal error: unknown opcode in find_fixedlength()
+  71  \N is not supported in a class
+  72  too many forward references
+  73  disallowed Unicode code point (&#62;= 0xd800 && &#60;= 0xdfff)
+  74  invalid UTF-16 string (specifically UTF-16)
+  75  name is too long in (*MARK), (*PRUNE), (*SKIP), or (*THEN)
+  76  character value in \u.... sequence is too large
+  77  invalid UTF-32 string (specifically UTF-32)
+  78  setting UTF is disabled by the application
+  79  non-hex character in \x{} (closing brace missing?)
+  80  non-octal character in \o{} (closing brace missing?)
+  81  missing opening brace after \o
+  82  parentheses are too deeply nested
+  83  invalid range in character class
+  84  group name must start with a non-digit
+  85  parentheses are too deeply nested (stack check)
+</pre>
+The numbers 32 and 10000 in errors 48 and 49 are defaults; different values may
+be used if the limits were changed when PCRE was built.
+<a name="studyingapattern"></a></P>
+<br><a name="SEC13" href="#TOC1">STUDYING A PATTERN</a><br>
+<P>
+<b>pcre_extra *pcre_study(const pcre *<i>code</i>, int <i>options</i>,</b>
+<b>     const char **<i>errptr</i>);</b>
+</P>
+<P>
+If a compiled pattern is going to be used several times, it is worth spending
+more time analyzing it in order to speed up the time taken for matching. The
+function <b>pcre_study()</b> takes a pointer to a compiled pattern as its first
+argument. If studying the pattern produces additional information that will
+help speed up matching, <b>pcre_study()</b> returns a pointer to a
+<b>pcre_extra</b> block, in which the <i>study_data</i> field points to the
+results of the study.
+</P>
+<P>
+The returned value from <b>pcre_study()</b> can be passed directly to
+<b>pcre_exec()</b> or <b>pcre_dfa_exec()</b>. However, a <b>pcre_extra</b> block
+also contains other fields that can be set by the caller before the block is
+passed; these are described
+<a href="#extradata">below</a>
+in the section on matching a pattern.
+</P>
+<P>
+If studying the pattern does not produce any useful information,
+<b>pcre_study()</b> returns NULL by default. In that circumstance, if the
+calling program wants to pass any of the other fields to <b>pcre_exec()</b> or
+<b>pcre_dfa_exec()</b>, it must set up its own <b>pcre_extra</b> block. However,
+if <b>pcre_study()</b> is called with the PCRE_STUDY_EXTRA_NEEDED option, it
+returns a <b>pcre_extra</b> block even if studying did not find any additional
+information. It may still return NULL, however, if an error occurs in
+<b>pcre_study()</b>.
+</P>
+<P>
+The second argument of <b>pcre_study()</b> contains option bits. There are three
+further options in addition to PCRE_STUDY_EXTRA_NEEDED:
+<pre>
+  PCRE_STUDY_JIT_COMPILE
+  PCRE_STUDY_JIT_PARTIAL_HARD_COMPILE
+  PCRE_STUDY_JIT_PARTIAL_SOFT_COMPILE
+</pre>
+If any of these are set, and the just-in-time compiler is available, the
+pattern is further compiled into machine code that executes much faster than
+the <b>pcre_exec()</b> interpretive matching function. If the just-in-time
+compiler is not available, these options are ignored. All undefined bits in the
+<i>options</i> argument must be zero.
+</P>
+<P>
+JIT compilation is a heavyweight optimization. It can take some time for
+patterns to be analyzed, and for one-off matches and simple patterns the
+benefit of faster execution might be offset by a much slower study time.
+Not all patterns can be optimized by the JIT compiler. For those that cannot be
+handled, matching automatically falls back to the <b>pcre_exec()</b>
+interpreter. For more details, see the
+<a href="pcrejit.html"><b>pcrejit</b></a>
+documentation.
+</P>
+<P>
+The third argument for <b>pcre_study()</b> is a pointer for an error message. If
+studying succeeds (even if no data is returned), the variable it points to is
+set to NULL. Otherwise it is set to point to a textual error message. This is a
+static string that is part of the library. You must not try to free it. You
+should test the error pointer for NULL after calling <b>pcre_study()</b>, to be
+sure that it has run successfully.
+</P>
+<P>
+When you are finished with a pattern, you can free the memory used for the
+study data by calling <b>pcre_free_study()</b>. This function was added to the
+API for release 8.20. For earlier versions, the memory could be freed with
+<b>pcre_free()</b>, just like the pattern itself. This will still work in cases
+where JIT optimization is not used, but it is advisable to change to the new
+function when convenient.
+</P>
+<P>
+This is a typical way in which <b>pcre_study</b>() is used (except that in a
+real application there should be tests for errors):
+<pre>
+  int rc;
+  pcre *re;
+  pcre_extra *sd;
+  re = pcre_compile("pattern", 0, &error, &erroroffset, NULL);
+  sd = pcre_study(
+    re,             /* result of pcre_compile() */
+    0,              /* no options */
+    &error);        /* set to NULL or points to a message */
+  rc = pcre_exec(   /* see below for details of pcre_exec() options */
+    re, sd, "subject", 7, 0, 0, ovector, 30);
+  ...
+  pcre_free_study(sd);
+  pcre_free(re);
+</pre>
+Studying a pattern does two things: first, a lower bound for the length of
+subject string that is needed to match the pattern is computed. This does not
+mean that there are any strings of that length that match, but it does
+guarantee that no shorter strings match. The value is used to avoid wasting
+time by trying to match strings that are shorter than the lower bound. You can
+find out the value in a calling program via the <b>pcre_fullinfo()</b> function.
+</P>
+<P>
+Studying a pattern is also useful for non-anchored patterns that do not have a
+single fixed starting character. A bitmap of possible starting bytes is
+created. This speeds up finding a position in the subject at which to start
+matching. (In 16-bit mode, the bitmap is used for 16-bit values less than 256.
+In 32-bit mode, the bitmap is used for 32-bit values less than 256.)
+</P>
+<P>
+These two optimizations apply to both <b>pcre_exec()</b> and
+<b>pcre_dfa_exec()</b>, and the information is also used by the JIT compiler.
+The optimizations can be disabled by setting the PCRE_NO_START_OPTIMIZE option.
+You might want to do this if your pattern contains callouts or (*MARK) and you
+want to make use of these facilities in cases where matching fails.
+</P>
+<P>
+PCRE_NO_START_OPTIMIZE can be specified at either compile time or execution
+time. However, if PCRE_NO_START_OPTIMIZE is passed to <b>pcre_exec()</b>, (that
+is, after any JIT compilation has happened) JIT execution is disabled. For JIT
+execution to work with PCRE_NO_START_OPTIMIZE, the option must be set at
+compile time.
+</P>
+<P>
+There is a longer discussion of PCRE_NO_START_OPTIMIZE
+<a href="#execoptions">below.</a>
+<a name="localesupport"></a></P>
+<br><a name="SEC14" href="#TOC1">LOCALE SUPPORT</a><br>
+<P>
+PCRE handles caseless matching, and determines whether characters are letters,
+digits, or whatever, by reference to a set of tables, indexed by character
+code point. When running in UTF-8 mode, or in the 16- or 32-bit libraries, this
+applies only to characters with code points less than 256. By default,
+higher-valued code points never match escapes such as \w or \d. However, if
+PCRE is built with Unicode property support, all characters can be tested with
+\p and \P, or, alternatively, the PCRE_UCP option can be set when a pattern
+is compiled; this causes \w and friends to use Unicode property support
+instead of the built-in tables.
+</P>
+<P>
+The use of locales with Unicode is discouraged. If you are handling characters
+with code points greater than 128, you should either use Unicode support, or
+use locales, but not try to mix the two.
+</P>
+<P>
+PCRE contains an internal set of tables that are used when the final argument
+of <b>pcre_compile()</b> is NULL. These are sufficient for many applications.
+Normally, the internal tables recognize only ASCII characters. However, when
+PCRE is built, it is possible to cause the internal tables to be rebuilt in the
+default "C" locale of the local system, which may cause them to be different.
+</P>
+<P>
+The internal tables can always be overridden by tables supplied by the
+application that calls PCRE. These may be created in a different locale from
+the default. As more and more applications change to using Unicode, the need
+for this locale support is expected to die away.
+</P>
+<P>
+External tables are built by calling the <b>pcre_maketables()</b> function,
+which has no arguments, in the relevant locale. The result can then be passed
+to <b>pcre_compile()</b> as often as necessary. For example, to build and use
+tables that are appropriate for the French locale (where accented characters
+with values greater than 128 are treated as letters), the following code could
+be used:
+<pre>
+  setlocale(LC_CTYPE, "fr_FR");
+  tables = pcre_maketables();
+  re = pcre_compile(..., tables);
+</pre>
+The locale name "fr_FR" is used on Linux and other Unix-like systems; if you
+are using Windows, the name for the French locale is "french".
+</P>
+<P>
+When <b>pcre_maketables()</b> runs, the tables are built in memory that is
+obtained via <b>pcre_malloc</b>. It is the caller's responsibility to ensure
+that the memory containing the tables remains available for as long as it is
+needed.
+</P>
+<P>
+The pointer that is passed to <b>pcre_compile()</b> is saved with the compiled
+pattern, and the same tables are used via this pointer by <b>pcre_study()</b>
+and also by <b>pcre_exec()</b> and <b>pcre_dfa_exec()</b>. Thus, for any single
+pattern, compilation, studying and matching all happen in the same locale, but
+different patterns can be processed in different locales.
+</P>
+<P>
+It is possible to pass a table pointer or NULL (indicating the use of the
+internal tables) to <b>pcre_exec()</b> or <b>pcre_dfa_exec()</b> (see the
+discussion below in the section on matching a pattern). This facility is
+provided for use with pre-compiled patterns that have been saved and reloaded.
+Character tables are not saved with patterns, so if a non-standard table was
+used at compile time, it must be provided again when the reloaded pattern is
+matched. Attempting to use this facility to match a pattern in a different
+locale from the one in which it was compiled is likely to lead to anomalous
+(usually incorrect) results.
+<a name="infoaboutpattern"></a></P>
+<br><a name="SEC15" href="#TOC1">INFORMATION ABOUT A PATTERN</a><br>
+<P>
+<b>int pcre_fullinfo(const pcre *<i>code</i>, const pcre_extra *<i>extra</i>,</b>
+<b>     int <i>what</i>, void *<i>where</i>);</b>
+</P>
+<P>
+The <b>pcre_fullinfo()</b> function returns information about a compiled
+pattern. It replaces the <b>pcre_info()</b> function, which was removed from the
+library at version 8.30, after more than 10 years of obsolescence.
+</P>
+<P>
+The first argument for <b>pcre_fullinfo()</b> is a pointer to the compiled
+pattern. The second argument is the result of <b>pcre_study()</b>, or NULL if
+the pattern was not studied. The third argument specifies which piece of
+information is required, and the fourth argument is a pointer to a variable
+to receive the data. The yield of the function is zero for success, or one of
+the following negative numbers:
+<pre>
+  PCRE_ERROR_NULL           the argument <i>code</i> was NULL
+                            the argument <i>where</i> was NULL
+  PCRE_ERROR_BADMAGIC       the "magic number" was not found
+  PCRE_ERROR_BADENDIANNESS  the pattern was compiled with different
+                            endianness
+  PCRE_ERROR_BADOPTION      the value of <i>what</i> was invalid
+  PCRE_ERROR_UNSET          the requested field is not set
+</pre>
+The "magic number" is placed at the start of each compiled pattern as an simple
+check against passing an arbitrary memory pointer. The endianness error can
+occur if a compiled pattern is saved and reloaded on a different host. Here is
+a typical call of <b>pcre_fullinfo()</b>, to obtain the length of the compiled
+pattern:
+<pre>
+  int rc;
+  size_t length;
+  rc = pcre_fullinfo(
+    re,               /* result of pcre_compile() */
+    sd,               /* result of pcre_study(), or NULL */
+    PCRE_INFO_SIZE,   /* what is required */
+    &length);         /* where to put the data */
+</pre>
+The possible values for the third argument are defined in <b>pcre.h</b>, and are
+as follows:
+<pre>
+  PCRE_INFO_BACKREFMAX
+</pre>
+Return the number of the highest back reference in the pattern. The fourth
+argument should point to an <b>int</b> variable. Zero is returned if there are
+no back references.
+<pre>
+  PCRE_INFO_CAPTURECOUNT
+</pre>
+Return the number of capturing subpatterns in the pattern. The fourth argument
+should point to an <b>int</b> variable.
+<pre>
+  PCRE_INFO_DEFAULT_TABLES
+</pre>
+Return a pointer to the internal default character tables within PCRE. The
+fourth argument should point to an <b>unsigned char *</b> variable. This
+information call is provided for internal use by the <b>pcre_study()</b>
+function. External callers can cause PCRE to use its internal tables by passing
+a NULL table pointer.
+<pre>
+  PCRE_INFO_FIRSTBYTE (deprecated)
+</pre>
+Return information about the first data unit of any matched string, for a
+non-anchored pattern. The name of this option refers to the 8-bit library,
+where data units are bytes. The fourth argument should point to an <b>int</b>
+variable. Negative values are used for special cases. However, this means that
+when the 32-bit library is in non-UTF-32 mode, the full 32-bit range of
+characters cannot be returned. For this reason, this value is deprecated; use
+PCRE_INFO_FIRSTCHARACTERFLAGS and PCRE_INFO_FIRSTCHARACTER instead.
+</P>
+<P>
+If there is a fixed first value, for example, the letter "c" from a pattern
+such as (cat|cow|coyote), its value is returned. In the 8-bit library, the
+value is always less than 256. In the 16-bit library the value can be up to
+0xffff. In the 32-bit library the value can be up to 0x10ffff.
+</P>
+<P>
+If there is no fixed first value, and if either
+<br>
+<br>
+(a) the pattern was compiled with the PCRE_MULTILINE option, and every branch
+starts with "^", or
+<br>
+<br>
+(b) every branch of the pattern starts with ".*" and PCRE_DOTALL is not set
+(if it were set, the pattern would be anchored),
+<br>
+<br>
+-1 is returned, indicating that the pattern matches only at the start of a
+subject string or after any newline within the string. Otherwise -2 is
+returned. For anchored patterns, -2 is returned.
+<pre>
+  PCRE_INFO_FIRSTCHARACTER
+</pre>
+Return the value of the first data unit (non-UTF character) of any matched
+string in the situation where PCRE_INFO_FIRSTCHARACTERFLAGS returns 1;
+otherwise return 0. The fourth argument should point to an <b>uint_t</b>
+variable.
+</P>
+<P>
+In the 8-bit library, the value is always less than 256. In the 16-bit library
+the value can be up to 0xffff. In the 32-bit library in UTF-32 mode the value
+can be up to 0x10ffff, and up to 0xffffffff when not using UTF-32 mode.
+<pre>
+  PCRE_INFO_FIRSTCHARACTERFLAGS
+</pre>
+Return information about the first data unit of any matched string, for a
+non-anchored pattern. The fourth argument should point to an <b>int</b>
+variable.
+</P>
+<P>
+If there is a fixed first value, for example, the letter "c" from a pattern
+such as (cat|cow|coyote), 1 is returned, and the character value can be
+retrieved using PCRE_INFO_FIRSTCHARACTER. If there is no fixed first value, and
+if either
+<br>
+<br>
+(a) the pattern was compiled with the PCRE_MULTILINE option, and every branch
+starts with "^", or
+<br>
+<br>
+(b) every branch of the pattern starts with ".*" and PCRE_DOTALL is not set
+(if it were set, the pattern would be anchored),
+<br>
+<br>
+2 is returned, indicating that the pattern matches only at the start of a
+subject string or after any newline within the string. Otherwise 0 is
+returned. For anchored patterns, 0 is returned.
+<pre>
+  PCRE_INFO_FIRSTTABLE
+</pre>
+If the pattern was studied, and this resulted in the construction of a 256-bit
+table indicating a fixed set of values for the first data unit in any matching
+string, a pointer to the table is returned. Otherwise NULL is returned. The
+fourth argument should point to an <b>unsigned char *</b> variable.
+<pre>
+  PCRE_INFO_HASCRORLF
+</pre>
+Return 1 if the pattern contains any explicit matches for CR or LF characters,
+otherwise 0. The fourth argument should point to an <b>int</b> variable. An
+explicit match is either a literal CR or LF character, or \r or \n.
+<pre>
+  PCRE_INFO_JCHANGED
+</pre>
+Return 1 if the (?J) or (?-J) option setting is used in the pattern, otherwise
+0. The fourth argument should point to an <b>int</b> variable. (?J) and
+(?-J) set and unset the local PCRE_DUPNAMES option, respectively.
+<pre>
+  PCRE_INFO_JIT
+</pre>
+Return 1 if the pattern was studied with one of the JIT options, and
+just-in-time compiling was successful. The fourth argument should point to an
+<b>int</b> variable. A return value of 0 means that JIT support is not available
+in this version of PCRE, or that the pattern was not studied with a JIT option,
+or that the JIT compiler could not handle this particular pattern. See the
+<a href="pcrejit.html"><b>pcrejit</b></a>
+documentation for details of what can and cannot be handled.
+<pre>
+  PCRE_INFO_JITSIZE
+</pre>
+If the pattern was successfully studied with a JIT option, return the size of
+the JIT compiled code, otherwise return zero. The fourth argument should point
+to a <b>size_t</b> variable.
+<pre>
+  PCRE_INFO_LASTLITERAL
+</pre>
+Return the value of the rightmost literal data unit that must exist in any
+matched string, other than at its start, if such a value has been recorded. The
+fourth argument should point to an <b>int</b> variable. If there is no such
+value, -1 is returned. For anchored patterns, a last literal value is recorded
+only if it follows something of variable length. For example, for the pattern
+/^a\d+z\d+/ the returned value is "z", but for /^a\dz\d/ the returned value
+is -1.
+</P>
+<P>
+Since for the 32-bit library using the non-UTF-32 mode, this function is unable
+to return the full 32-bit range of characters, this value is deprecated;
+instead the PCRE_INFO_REQUIREDCHARFLAGS and PCRE_INFO_REQUIREDCHAR values should
+be used.
+<pre>
+  PCRE_INFO_MATCH_EMPTY
+</pre>
+Return 1 if the pattern can match an empty string, otherwise 0. The fourth
+argument should point to an <b>int</b> variable.
+<pre>
+  PCRE_INFO_MATCHLIMIT
+</pre>
+If the pattern set a match limit by including an item of the form
+(*LIMIT_MATCH=nnnn) at the start, the value is returned. The fourth argument
+should point to an unsigned 32-bit integer. If no such value has been set, the
+call to <b>pcre_fullinfo()</b> returns the error PCRE_ERROR_UNSET.
+<pre>
+  PCRE_INFO_MAXLOOKBEHIND
+</pre>
+Return the number of characters (NB not data units) in the longest lookbehind
+assertion in the pattern. This information is useful when doing multi-segment
+matching using the partial matching facilities. Note that the simple assertions
+\b and \B require a one-character lookbehind. \A also registers a
+one-character lookbehind, though it does not actually inspect the previous
+character. This is to ensure that at least one character from the old segment
+is retained when a new segment is processed. Otherwise, if there are no
+lookbehinds in the pattern, \A might match incorrectly at the start of a new
+segment.
+<pre>
+  PCRE_INFO_MINLENGTH
+</pre>
+If the pattern was studied and a minimum length for matching subject strings
+was computed, its value is returned. Otherwise the returned value is -1. The
+value is a number of characters, which in UTF mode may be different from the
+number of data units. The fourth argument should point to an <b>int</b>
+variable. A non-negative value is a lower bound to the length of any matching
+string. There may not be any strings of that length that do actually match, but
+every string that does match is at least that long.
+<pre>
+  PCRE_INFO_NAMECOUNT
+  PCRE_INFO_NAMEENTRYSIZE
+  PCRE_INFO_NAMETABLE
+</pre>
+PCRE supports the use of named as well as numbered capturing parentheses. The
+names are just an additional way of identifying the parentheses, which still
+acquire numbers. Several convenience functions such as
+<b>pcre_get_named_substring()</b> are provided for extracting captured
+substrings by name. It is also possible to extract the data directly, by first
+converting the name to a number in order to access the correct pointers in the
+output vector (described with <b>pcre_exec()</b> below). To do the conversion,
+you need to use the name-to-number map, which is described by these three
+values.
+</P>
+<P>
+The map consists of a number of fixed-size entries. PCRE_INFO_NAMECOUNT gives
+the number of entries, and PCRE_INFO_NAMEENTRYSIZE gives the size of each
+entry; both of these return an <b>int</b> value. The entry size depends on the
+length of the longest name. PCRE_INFO_NAMETABLE returns a pointer to the first
+entry of the table. This is a pointer to <b>char</b> in the 8-bit library, where
+the first two bytes of each entry are the number of the capturing parenthesis,
+most significant byte first. In the 16-bit library, the pointer points to
+16-bit data units, the first of which contains the parenthesis number. In the
+32-bit library, the pointer points to 32-bit data units, the first of which
+contains the parenthesis number. The rest of the entry is the corresponding
+name, zero terminated.
+</P>
+<P>
+The names are in alphabetical order. If (?| is used to create multiple groups
+with the same number, as described in the
+<a href="pcrepattern.html#dupsubpatternnumber">section on duplicate subpattern numbers</a>
+in the
+<a href="pcrepattern.html"><b>pcrepattern</b></a>
+page, the groups may be given the same name, but there is only one entry in the
+table. Different names for groups of the same number are not permitted.
+Duplicate names for subpatterns with different numbers are permitted,
+but only if PCRE_DUPNAMES is set. They appear in the table in the order in
+which they were found in the pattern. In the absence of (?| this is the order
+of increasing number; when (?| is used this is not necessarily the case because
+later subpatterns may have lower numbers.
+</P>
+<P>
+As a simple example of the name/number table, consider the following pattern
+after compilation by the 8-bit library (assume PCRE_EXTENDED is set, so white
+space - including newlines - is ignored):
+<pre>
+  (?&#60;date&#62; (?&#60;year&#62;(\d\d)?\d\d) - (?&#60;month&#62;\d\d) - (?&#60;day&#62;\d\d) )
+</pre>
+There are four named subpatterns, so the table has four entries, and each entry
+in the table is eight bytes long. The table is as follows, with non-printing
+bytes shows in hexadecimal, and undefined bytes shown as ??:
+<pre>
+  00 01 d  a  t  e  00 ??
+  00 05 d  a  y  00 ?? ??
+  00 04 m  o  n  t  h  00
+  00 02 y  e  a  r  00 ??
+</pre>
+When writing code to extract data from named subpatterns using the
+name-to-number map, remember that the length of the entries is likely to be
+different for each compiled pattern.
+<pre>
+  PCRE_INFO_OKPARTIAL
+</pre>
+Return 1 if the pattern can be used for partial matching with
+<b>pcre_exec()</b>, otherwise 0. The fourth argument should point to an
+<b>int</b> variable. From release 8.00, this always returns 1, because the
+restrictions that previously applied to partial matching have been lifted. The
+<a href="pcrepartial.html"><b>pcrepartial</b></a>
+documentation gives details of partial matching.
+<pre>
+  PCRE_INFO_OPTIONS
+</pre>
+Return a copy of the options with which the pattern was compiled. The fourth
+argument should point to an <b>unsigned long int</b> variable. These option bits
+are those specified in the call to <b>pcre_compile()</b>, modified by any
+top-level option settings at the start of the pattern itself. In other words,
+they are the options that will be in force when matching starts. For example,
+if the pattern /(?im)abc(?-i)d/ is compiled with the PCRE_EXTENDED option, the
+result is PCRE_CASELESS, PCRE_MULTILINE, and PCRE_EXTENDED.
+</P>
+<P>
+A pattern is automatically anchored by PCRE if all of its top-level
+alternatives begin with one of the following:
+<pre>
+  ^     unless PCRE_MULTILINE is set
+  \A    always
+  \G    always
+  .*    if PCRE_DOTALL is set and there are no back references to the subpattern in which .* appears
+</pre>
+For such patterns, the PCRE_ANCHORED bit is set in the options returned by
+<b>pcre_fullinfo()</b>.
+<pre>
+  PCRE_INFO_RECURSIONLIMIT
+</pre>
+If the pattern set a recursion limit by including an item of the form
+(*LIMIT_RECURSION=nnnn) at the start, the value is returned. The fourth
+argument should point to an unsigned 32-bit integer. If no such value has been
+set, the call to <b>pcre_fullinfo()</b> returns the error PCRE_ERROR_UNSET.
+<pre>
+  PCRE_INFO_SIZE
+</pre>
+Return the size of the compiled pattern in bytes (for all three libraries). The
+fourth argument should point to a <b>size_t</b> variable. This value does not
+include the size of the <b>pcre</b> structure that is returned by
+<b>pcre_compile()</b>. The value that is passed as the argument to
+<b>pcre_malloc()</b> when <b>pcre_compile()</b> is getting memory in which to
+place the compiled data is the value returned by this option plus the size of
+the <b>pcre</b> structure. Studying a compiled pattern, with or without JIT,
+does not alter the value returned by this option.
+<pre>
+  PCRE_INFO_STUDYSIZE
+</pre>
+Return the size in bytes (for all three libraries) of the data block pointed to
+by the <i>study_data</i> field in a <b>pcre_extra</b> block. If <b>pcre_extra</b>
+is NULL, or there is no study data, zero is returned. The fourth argument
+should point to a <b>size_t</b> variable. The <i>study_data</i> field is set by
+<b>pcre_study()</b> to record information that will speed up matching (see the
+section entitled
+<a href="#studyingapattern">"Studying a pattern"</a>
+above). The format of the <i>study_data</i> block is private, but its length
+is made available via this option so that it can be saved and restored (see the
+<a href="pcreprecompile.html"><b>pcreprecompile</b></a>
+documentation for details).
+<pre>
+  PCRE_INFO_REQUIREDCHARFLAGS
+</pre>
+Returns 1 if there is a rightmost literal data unit that must exist in any
+matched string, other than at its start. The fourth argument should  point to
+an <b>int</b> variable. If there is no such value, 0 is returned. If returning
+1, the character value itself can be retrieved using PCRE_INFO_REQUIREDCHAR.
+</P>
+<P>
+For anchored patterns, a last literal value is recorded only if it follows
+something of variable length. For example, for the pattern /^a\d+z\d+/ the
+returned value 1 (with "z" returned from PCRE_INFO_REQUIREDCHAR), but for
+/^a\dz\d/ the returned value is 0.
+<pre>
+  PCRE_INFO_REQUIREDCHAR
+</pre>
+Return the value of the rightmost literal data unit that must exist in any
+matched string, other than at its start, if such a value has been recorded. The
+fourth argument should point to an <b>uint32_t</b> variable. If there is no such
+value, 0 is returned.
+</P>
+<br><a name="SEC16" href="#TOC1">REFERENCE COUNTS</a><br>
+<P>
+<b>int pcre_refcount(pcre *<i>code</i>, int <i>adjust</i>);</b>
+</P>
+<P>
+The <b>pcre_refcount()</b> function is used to maintain a reference count in the
+data block that contains a compiled pattern. It is provided for the benefit of
+applications that operate in an object-oriented manner, where different parts
+of the application may be using the same compiled pattern, but you want to free
+the block when they are all done.
+</P>
+<P>
+When a pattern is compiled, the reference count field is initialized to zero.
+It is changed only by calling this function, whose action is to add the
+<i>adjust</i> value (which may be positive or negative) to it. The yield of the
+function is the new value. However, the value of the count is constrained to
+lie between 0 and 65535, inclusive. If the new value is outside these limits,
+it is forced to the appropriate limit value.
+</P>
+<P>
+Except when it is zero, the reference count is not correctly preserved if a
+pattern is compiled on one host and then transferred to a host whose byte-order
+is different. (This seems a highly unlikely scenario.)
+</P>
+<br><a name="SEC17" href="#TOC1">MATCHING A PATTERN: THE TRADITIONAL FUNCTION</a><br>
+<P>
+<b>int pcre_exec(const pcre *<i>code</i>, const pcre_extra *<i>extra</i>,</b>
+<b>     const char *<i>subject</i>, int <i>length</i>, int <i>startoffset</i>,</b>
+<b>     int <i>options</i>, int *<i>ovector</i>, int <i>ovecsize</i>);</b>
+</P>
+<P>
+The function <b>pcre_exec()</b> is called to match a subject string against a
+compiled pattern, which is passed in the <i>code</i> argument. If the
+pattern was studied, the result of the study should be passed in the
+<i>extra</i> argument. You can call <b>pcre_exec()</b> with the same <i>code</i>
+and <i>extra</i> arguments as many times as you like, in order to match
+different subject strings with the same pattern.
+</P>
+<P>
+This function is the main matching facility of the library, and it operates in
+a Perl-like manner. For specialist use there is also an alternative matching
+function, which is described
+<a href="#dfamatch">below</a>
+in the section about the <b>pcre_dfa_exec()</b> function.
+</P>
+<P>
+In most applications, the pattern will have been compiled (and optionally
+studied) in the same process that calls <b>pcre_exec()</b>. However, it is
+possible to save compiled patterns and study data, and then use them later
+in different processes, possibly even on different hosts. For a discussion
+about this, see the
+<a href="pcreprecompile.html"><b>pcreprecompile</b></a>
+documentation.
+</P>
+<P>
+Here is an example of a simple call to <b>pcre_exec()</b>:
+<pre>
+  int rc;
+  int ovector[30];
+  rc = pcre_exec(
+    re,             /* result of pcre_compile() */
+    NULL,           /* we didn't study the pattern */
+    "some string",  /* the subject string */
+    11,             /* the length of the subject string */
+    0,              /* start at offset 0 in the subject */
+    0,              /* default options */
+    ovector,        /* vector of integers for substring information */
+    30);            /* number of elements (NOT size in bytes) */
+<a name="extradata"></a></PRE>
+</P>
+<br><b>
+Extra data for <b>pcre_exec()</b>
+</b><br>
+<P>
+If the <i>extra</i> argument is not NULL, it must point to a <b>pcre_extra</b>
+data block. The <b>pcre_study()</b> function returns such a block (when it
+doesn't return NULL), but you can also create one for yourself, and pass
+additional information in it. The <b>pcre_extra</b> block contains the following
+fields (not necessarily in this order):
+<pre>
+  unsigned long int <i>flags</i>;
+  void *<i>study_data</i>;
+  void *<i>executable_jit</i>;
+  unsigned long int <i>match_limit</i>;
+  unsigned long int <i>match_limit_recursion</i>;
+  void *<i>callout_data</i>;
+  const unsigned char *<i>tables</i>;
+  unsigned char **<i>mark</i>;
+</pre>
+In the 16-bit version of this structure, the <i>mark</i> field has type
+"PCRE_UCHAR16 **".
+<br>
+<br>
+In the 32-bit version of this structure, the <i>mark</i> field has type
+"PCRE_UCHAR32 **".
+</P>
+<P>
+The <i>flags</i> field is used to specify which of the other fields are set. The
+flag bits are:
+<pre>
+  PCRE_EXTRA_CALLOUT_DATA
+  PCRE_EXTRA_EXECUTABLE_JIT
+  PCRE_EXTRA_MARK
+  PCRE_EXTRA_MATCH_LIMIT
+  PCRE_EXTRA_MATCH_LIMIT_RECURSION
+  PCRE_EXTRA_STUDY_DATA
+  PCRE_EXTRA_TABLES
+</pre>
+Other flag bits should be set to zero. The <i>study_data</i> field and sometimes
+the <i>executable_jit</i> field are set in the <b>pcre_extra</b> block that is
+returned by <b>pcre_study()</b>, together with the appropriate flag bits. You
+should not set these yourself, but you may add to the block by setting other
+fields and their corresponding flag bits.
+</P>
+<P>
+The <i>match_limit</i> field provides a means of preventing PCRE from using up a
+vast amount of resources when running patterns that are not going to match,
+but which have a very large number of possibilities in their search trees. The
+classic example is a pattern that uses nested unlimited repeats.
+</P>
+<P>
+Internally, <b>pcre_exec()</b> uses a function called <b>match()</b>, which it
+calls repeatedly (sometimes recursively). The limit set by <i>match_limit</i> is
+imposed on the number of times this function is called during a match, which
+has the effect of limiting the amount of backtracking that can take place. For
+patterns that are not anchored, the count restarts from zero for each position
+in the subject string.
+</P>
+<P>
+When <b>pcre_exec()</b> is called with a pattern that was successfully studied
+with a JIT option, the way that the matching is executed is entirely different.
+However, there is still the possibility of runaway matching that goes on for a
+very long time, and so the <i>match_limit</i> value is also used in this case
+(but in a different way) to limit how long the matching can continue.
+</P>
+<P>
+The default value for the limit can be set when PCRE is built; the default
+default is 10 million, which handles all but the most extreme cases. You can
+override the default by suppling <b>pcre_exec()</b> with a <b>pcre_extra</b>
+block in which <i>match_limit</i> is set, and PCRE_EXTRA_MATCH_LIMIT is set in
+the <i>flags</i> field. If the limit is exceeded, <b>pcre_exec()</b> returns
+PCRE_ERROR_MATCHLIMIT.
+</P>
+<P>
+A value for the match limit may also be supplied by an item at the start of a
+pattern of the form
+<pre>
+  (*LIMIT_MATCH=d)
+</pre>
+where d is a decimal number. However, such a setting is ignored unless d is
+less than the limit set by the caller of <b>pcre_exec()</b> or, if no such limit
+is set, less than the default.
+</P>
+<P>
+The <i>match_limit_recursion</i> field is similar to <i>match_limit</i>, but
+instead of limiting the total number of times that <b>match()</b> is called, it
+limits the depth of recursion. The recursion depth is a smaller number than the
+total number of calls, because not all calls to <b>match()</b> are recursive.
+This limit is of use only if it is set smaller than <i>match_limit</i>.
+</P>
+<P>
+Limiting the recursion depth limits the amount of machine stack that can be
+used, or, when PCRE has been compiled to use memory on the heap instead of the
+stack, the amount of heap memory that can be used. This limit is not relevant,
+and is ignored, when matching is done using JIT compiled code.
+</P>
+<P>
+The default value for <i>match_limit_recursion</i> can be set when PCRE is
+built; the default default is the same value as the default for
+<i>match_limit</i>. You can override the default by suppling <b>pcre_exec()</b>
+with a <b>pcre_extra</b> block in which <i>match_limit_recursion</i> is set, and
+PCRE_EXTRA_MATCH_LIMIT_RECURSION is set in the <i>flags</i> field. If the limit
+is exceeded, <b>pcre_exec()</b> returns PCRE_ERROR_RECURSIONLIMIT.
+</P>
+<P>
+A value for the recursion limit may also be supplied by an item at the start of
+a pattern of the form
+<pre>
+  (*LIMIT_RECURSION=d)
+</pre>
+where d is a decimal number. However, such a setting is ignored unless d is
+less than the limit set by the caller of <b>pcre_exec()</b> or, if no such limit
+is set, less than the default.
+</P>
+<P>
+The <i>callout_data</i> field is used in conjunction with the "callout" feature,
+and is described in the
+<a href="pcrecallout.html"><b>pcrecallout</b></a>
+documentation.
+</P>
+<P>
+The <i>tables</i> field is provided for use with patterns that have been
+pre-compiled using custom character tables, saved to disc or elsewhere, and
+then reloaded, because the tables that were used to compile a pattern are not
+saved with it. See the
+<a href="pcreprecompile.html"><b>pcreprecompile</b></a>
+documentation for a discussion of saving compiled patterns for later use. If
+NULL is passed using this mechanism, it forces PCRE's internal tables to be
+used.
+</P>
+<P>
+<b>Warning:</b> The tables that <b>pcre_exec()</b> uses must be the same as those
+that were used when the pattern was compiled. If this is not the case, the
+behaviour of <b>pcre_exec()</b> is undefined. Therefore, when a pattern is
+compiled and matched in the same process, this field should never be set. In
+this (the most common) case, the correct table pointer is automatically passed
+with the compiled pattern from <b>pcre_compile()</b> to <b>pcre_exec()</b>.
+</P>
+<P>
+If PCRE_EXTRA_MARK is set in the <i>flags</i> field, the <i>mark</i> field must
+be set to point to a suitable variable. If the pattern contains any
+backtracking control verbs such as (*MARK:NAME), and the execution ends up with
+a name to pass back, a pointer to the name string (zero terminated) is placed
+in the variable pointed to by the <i>mark</i> field. The names are within the
+compiled pattern; if you wish to retain such a name you must copy it before
+freeing the memory of a compiled pattern. If there is no name to pass back, the
+variable pointed to by the <i>mark</i> field is set to NULL. For details of the
+backtracking control verbs, see the section entitled
+<a href="pcrepattern#backtrackcontrol">"Backtracking control"</a>
+in the
+<a href="pcrepattern.html"><b>pcrepattern</b></a>
+documentation.
+<a name="execoptions"></a></P>
+<br><b>
+Option bits for <b>pcre_exec()</b>
+</b><br>
+<P>
+The unused bits of the <i>options</i> argument for <b>pcre_exec()</b> must be
+zero. The only bits that may be set are PCRE_ANCHORED, PCRE_NEWLINE_<i>xxx</i>,
+PCRE_NOTBOL, PCRE_NOTEOL, PCRE_NOTEMPTY, PCRE_NOTEMPTY_ATSTART,
+PCRE_NO_START_OPTIMIZE, PCRE_NO_UTF8_CHECK, PCRE_PARTIAL_HARD, and
+PCRE_PARTIAL_SOFT.
+</P>
+<P>
+If the pattern was successfully studied with one of the just-in-time (JIT)
+compile options, the only supported options for JIT execution are
+PCRE_NO_UTF8_CHECK, PCRE_NOTBOL, PCRE_NOTEOL, PCRE_NOTEMPTY,
+PCRE_NOTEMPTY_ATSTART, PCRE_PARTIAL_HARD, and PCRE_PARTIAL_SOFT. If an
+unsupported option is used, JIT execution is disabled and the normal
+interpretive code in <b>pcre_exec()</b> is run.
+<pre>
+  PCRE_ANCHORED
+</pre>
+The PCRE_ANCHORED option limits <b>pcre_exec()</b> to matching at the first
+matching position. If a pattern was compiled with PCRE_ANCHORED, or turned out
+to be anchored by virtue of its contents, it cannot be made unachored at
+matching time.
+<pre>
+  PCRE_BSR_ANYCRLF
+  PCRE_BSR_UNICODE
+</pre>
+These options (which are mutually exclusive) control what the \R escape
+sequence matches. The choice is either to match only CR, LF, or CRLF, or to
+match any Unicode newline sequence. These options override the choice that was
+made or defaulted when the pattern was compiled.
+<pre>
+  PCRE_NEWLINE_CR
+  PCRE_NEWLINE_LF
+  PCRE_NEWLINE_CRLF
+  PCRE_NEWLINE_ANYCRLF
+  PCRE_NEWLINE_ANY
+</pre>
+These options override the newline definition that was chosen or defaulted when
+the pattern was compiled. For details, see the description of
+<b>pcre_compile()</b> above. During matching, the newline choice affects the
+behaviour of the dot, circumflex, and dollar metacharacters. It may also alter
+the way the match position is advanced after a match failure for an unanchored
+pattern.
+</P>
+<P>
+When PCRE_NEWLINE_CRLF, PCRE_NEWLINE_ANYCRLF, or PCRE_NEWLINE_ANY is set, and a
+match attempt for an unanchored pattern fails when the current position is at a
+CRLF sequence, and the pattern contains no explicit matches for CR or LF
+characters, the match position is advanced by two characters instead of one, in
+other words, to after the CRLF.
+</P>
+<P>
+The above rule is a compromise that makes the most common cases work as
+expected. For example, if the pattern is .+A (and the PCRE_DOTALL option is not
+set), it does not match the string "\r\nA" because, after failing at the
+start, it skips both the CR and the LF before retrying. However, the pattern
+[\r\n]A does match that string, because it contains an explicit CR or LF
+reference, and so advances only by one character after the first failure.
+</P>
+<P>
+An explicit match for CR of LF is either a literal appearance of one of those
+characters, or one of the \r or \n escape sequences. Implicit matches such as
+[^X] do not count, nor does \s (which includes CR and LF in the characters
+that it matches).
+</P>
+<P>
+Notwithstanding the above, anomalous effects may still occur when CRLF is a
+valid newline sequence and explicit \r or \n escapes appear in the pattern.
+<pre>
+  PCRE_NOTBOL
+</pre>
+This option specifies that first character of the subject string is not the
+beginning of a line, so the circumflex metacharacter should not match before
+it. Setting this without PCRE_MULTILINE (at compile time) causes circumflex
+never to match. This option affects only the behaviour of the circumflex
+metacharacter. It does not affect \A.
+<pre>
+  PCRE_NOTEOL
+</pre>
+This option specifies that the end of the subject string is not the end of a
+line, so the dollar metacharacter should not match it nor (except in multiline
+mode) a newline immediately before it. Setting this without PCRE_MULTILINE (at
+compile time) causes dollar never to match. This option affects only the
+behaviour of the dollar metacharacter. It does not affect \Z or \z.
+<pre>
+  PCRE_NOTEMPTY
+</pre>
+An empty string is not considered to be a valid match if this option is set. If
+there are alternatives in the pattern, they are tried. If all the alternatives
+match the empty string, the entire match fails. For example, if the pattern
+<pre>
+  a?b?
+</pre>
+is applied to a string not beginning with "a" or "b", it matches an empty
+string at the start of the subject. With PCRE_NOTEMPTY set, this match is not
+valid, so PCRE searches further into the string for occurrences of "a" or "b".
+<pre>
+  PCRE_NOTEMPTY_ATSTART
+</pre>
+This is like PCRE_NOTEMPTY, except that an empty string match that is not at
+the start of the subject is permitted. If the pattern is anchored, such a match
+can occur only if the pattern contains \K.
+</P>
+<P>
+Perl has no direct equivalent of PCRE_NOTEMPTY or PCRE_NOTEMPTY_ATSTART, but it
+does make a special case of a pattern match of the empty string within its
+<b>split()</b> function, and when using the /g modifier. It is possible to
+emulate Perl's behaviour after matching a null string by first trying the match
+again at the same offset with PCRE_NOTEMPTY_ATSTART and PCRE_ANCHORED, and then
+if that fails, by advancing the starting offset (see below) and trying an
+ordinary match again. There is some code that demonstrates how to do this in
+the
+<a href="pcredemo.html"><b>pcredemo</b></a>
+sample program. In the most general case, you have to check to see if the
+newline convention recognizes CRLF as a newline, and if so, and the current
+character is CR followed by LF, advance the starting offset by two characters
+instead of one.
+<pre>
+  PCRE_NO_START_OPTIMIZE
+</pre>
+There are a number of optimizations that <b>pcre_exec()</b> uses at the start of
+a match, in order to speed up the process. For example, if it is known that an
+unanchored match must start with a specific character, it searches the subject
+for that character, and fails immediately if it cannot find it, without
+actually running the main matching function. This means that a special item
+such as (*COMMIT) at the start of a pattern is not considered until after a
+suitable starting point for the match has been found. Also, when callouts or
+(*MARK) items are in use, these "start-up" optimizations can cause them to be
+skipped if the pattern is never actually used. The start-up optimizations are
+in effect a pre-scan of the subject that takes place before the pattern is run.
+</P>
+<P>
+The PCRE_NO_START_OPTIMIZE option disables the start-up optimizations, possibly
+causing performance to suffer, but ensuring that in cases where the result is
+"no match", the callouts do occur, and that items such as (*COMMIT) and (*MARK)
+are considered at every possible starting position in the subject string. If
+PCRE_NO_START_OPTIMIZE is set at compile time, it cannot be unset at matching
+time. The use of PCRE_NO_START_OPTIMIZE at matching time (that is, passing it
+to <b>pcre_exec()</b>) disables JIT execution; in this situation, matching is
+always done using interpretively.
+</P>
+<P>
+Setting PCRE_NO_START_OPTIMIZE can change the outcome of a matching operation.
+Consider the pattern
+<pre>
+  (*COMMIT)ABC
+</pre>
+When this is compiled, PCRE records the fact that a match must start with the
+character "A". Suppose the subject string is "DEFABC". The start-up
+optimization scans along the subject, finds "A" and runs the first match
+attempt from there. The (*COMMIT) item means that the pattern must match the
+current starting position, which in this case, it does. However, if the same
+match is run with PCRE_NO_START_OPTIMIZE set, the initial scan along the
+subject string does not happen. The first match attempt is run starting from
+"D" and when this fails, (*COMMIT) prevents any further matches being tried, so
+the overall result is "no match". If the pattern is studied, more start-up
+optimizations may be used. For example, a minimum length for the subject may be
+recorded. Consider the pattern
+<pre>
+  (*MARK:A)(X|Y)
+</pre>
+The minimum length for a match is one character. If the subject is "ABC", there
+will be attempts to match "ABC", "BC", "C", and then finally an empty string.
+If the pattern is studied, the final attempt does not take place, because PCRE
+knows that the subject is too short, and so the (*MARK) is never encountered.
+In this case, studying the pattern does not affect the overall match result,
+which is still "no match", but it does affect the auxiliary information that is
+returned.
+<pre>
+  PCRE_NO_UTF8_CHECK
+</pre>
+When PCRE_UTF8 is set at compile time, the validity of the subject as a UTF-8
+string is automatically checked when <b>pcre_exec()</b> is subsequently called.
+The entire string is checked before any other processing takes place. The value
+of <i>startoffset</i> is also checked to ensure that it points to the start of a
+UTF-8 character. There is a discussion about the
+<a href="pcreunicode.html#utf8strings">validity of UTF-8 strings</a>
+in the
+<a href="pcreunicode.html"><b>pcreunicode</b></a>
+page. If an invalid sequence of bytes is found, <b>pcre_exec()</b> returns the
+error PCRE_ERROR_BADUTF8 or, if PCRE_PARTIAL_HARD is set and the problem is a
+truncated character at the end of the subject, PCRE_ERROR_SHORTUTF8. In both
+cases, information about the precise nature of the error may also be returned
+(see the descriptions of these errors in the section entitled \fIError return
+values from\fP <b>pcre_exec()</b>
+<a href="#errorlist">below).</a>
+If <i>startoffset</i> contains a value that does not point to the start of a
+UTF-8 character (or to the end of the subject), PCRE_ERROR_BADUTF8_OFFSET is
+returned.
+</P>
+<P>
+If you already know that your subject is valid, and you want to skip these
+checks for performance reasons, you can set the PCRE_NO_UTF8_CHECK option when
+calling <b>pcre_exec()</b>. You might want to do this for the second and
+subsequent calls to <b>pcre_exec()</b> if you are making repeated calls to find
+all the matches in a single subject string. However, you should be sure that
+the value of <i>startoffset</i> points to the start of a character (or the end
+of the subject). When PCRE_NO_UTF8_CHECK is set, the effect of passing an
+invalid string as a subject or an invalid value of <i>startoffset</i> is
+undefined. Your program may crash or loop.
+<pre>
+  PCRE_PARTIAL_HARD
+  PCRE_PARTIAL_SOFT
+</pre>
+These options turn on the partial matching feature. For backwards
+compatibility, PCRE_PARTIAL is a synonym for PCRE_PARTIAL_SOFT. A partial match
+occurs if the end of the subject string is reached successfully, but there are
+not enough subject characters to complete the match. If this happens when
+PCRE_PARTIAL_SOFT (but not PCRE_PARTIAL_HARD) is set, matching continues by
+testing any remaining alternatives. Only if no complete match can be found is
+PCRE_ERROR_PARTIAL returned instead of PCRE_ERROR_NOMATCH. In other words,
+PCRE_PARTIAL_SOFT says that the caller is prepared to handle a partial match,
+but only if no complete match can be found.
+</P>
+<P>
+If PCRE_PARTIAL_HARD is set, it overrides PCRE_PARTIAL_SOFT. In this case, if a
+partial match is found, <b>pcre_exec()</b> immediately returns
+PCRE_ERROR_PARTIAL, without considering any other alternatives. In other words,
+when PCRE_PARTIAL_HARD is set, a partial match is considered to be more
+important that an alternative complete match.
+</P>
+<P>
+In both cases, the portion of the string that was inspected when the partial
+match was found is set as the first matching string. There is a more detailed
+discussion of partial and multi-segment matching, with examples, in the
+<a href="pcrepartial.html"><b>pcrepartial</b></a>
+documentation.
+</P>
+<br><b>
+The string to be matched by <b>pcre_exec()</b>
+</b><br>
+<P>
+The subject string is passed to <b>pcre_exec()</b> as a pointer in
+<i>subject</i>, a length in <i>length</i>, and a starting offset in
+<i>startoffset</i>. The units for <i>length</i> and <i>startoffset</i> are bytes
+for the 8-bit library, 16-bit data items for the 16-bit library, and 32-bit
+data items for the 32-bit library.
+</P>
+<P>
+If <i>startoffset</i> is negative or greater than the length of the subject,
+<b>pcre_exec()</b> returns PCRE_ERROR_BADOFFSET. When the starting offset is
+zero, the search for a match starts at the beginning of the subject, and this
+is by far the most common case. In UTF-8 or UTF-16 mode, the offset must point
+to the start of a character, or the end of the subject (in UTF-32 mode, one
+data unit equals one character, so all offsets are valid). Unlike the pattern
+string, the subject may contain binary zeroes.
+</P>
+<P>
+A non-zero starting offset is useful when searching for another match in the
+same subject by calling <b>pcre_exec()</b> again after a previous success.
+Setting <i>startoffset</i> differs from just passing over a shortened string and
+setting PCRE_NOTBOL in the case of a pattern that begins with any kind of
+lookbehind. For example, consider the pattern
+<pre>
+  \Biss\B
+</pre>
+which finds occurrences of "iss" in the middle of words. (\B matches only if
+the current position in the subject is not a word boundary.) When applied to
+the string "Mississipi" the first call to <b>pcre_exec()</b> finds the first
+occurrence. If <b>pcre_exec()</b> is called again with just the remainder of the
+subject, namely "issipi", it does not match, because \B is always false at the
+start of the subject, which is deemed to be a word boundary. However, if
+<b>pcre_exec()</b> is passed the entire string again, but with <i>startoffset</i>
+set to 4, it finds the second occurrence of "iss" because it is able to look
+behind the starting point to discover that it is preceded by a letter.
+</P>
+<P>
+Finding all the matches in a subject is tricky when the pattern can match an
+empty string. It is possible to emulate Perl's /g behaviour by first trying the
+match again at the same offset, with the PCRE_NOTEMPTY_ATSTART and
+PCRE_ANCHORED options, and then if that fails, advancing the starting offset
+and trying an ordinary match again. There is some code that demonstrates how to
+do this in the
+<a href="pcredemo.html"><b>pcredemo</b></a>
+sample program. In the most general case, you have to check to see if the
+newline convention recognizes CRLF as a newline, and if so, and the current
+character is CR followed by LF, advance the starting offset by two characters
+instead of one.
+</P>
+<P>
+If a non-zero starting offset is passed when the pattern is anchored, one
+attempt to match at the given offset is made. This can only succeed if the
+pattern does not require the match to be at the start of the subject.
+</P>
+<br><b>
+How <b>pcre_exec()</b> returns captured substrings
+</b><br>
+<P>
+In general, a pattern matches a certain portion of the subject, and in
+addition, further substrings from the subject may be picked out by parts of the
+pattern. Following the usage in Jeffrey Friedl's book, this is called
+"capturing" in what follows, and the phrase "capturing subpattern" is used for
+a fragment of a pattern that picks out a substring. PCRE supports several other
+kinds of parenthesized subpattern that do not cause substrings to be captured.
+</P>
+<P>
+Captured substrings are returned to the caller via a vector of integers whose
+address is passed in <i>ovector</i>. The number of elements in the vector is
+passed in <i>ovecsize</i>, which must be a non-negative number. <b>Note</b>: this
+argument is NOT the size of <i>ovector</i> in bytes.
+</P>
+<P>
+The first two-thirds of the vector is used to pass back captured substrings,
+each substring using a pair of integers. The remaining third of the vector is
+used as workspace by <b>pcre_exec()</b> while matching capturing subpatterns,
+and is not available for passing back information. The number passed in
+<i>ovecsize</i> should always be a multiple of three. If it is not, it is
+rounded down.
+</P>
+<P>
+When a match is successful, information about captured substrings is returned
+in pairs of integers, starting at the beginning of <i>ovector</i>, and
+continuing up to two-thirds of its length at the most. The first element of
+each pair is set to the offset of the first character in a substring, and the
+second is set to the offset of the first character after the end of a
+substring. These values are always data unit offsets, even in UTF mode. They
+are byte offsets in the 8-bit library, 16-bit data item offsets in the 16-bit
+library, and 32-bit data item offsets in the 32-bit library. <b>Note</b>: they
+are not character counts.
+</P>
+<P>
+The first pair of integers, <i>ovector[0]</i> and <i>ovector[1]</i>, identify the
+portion of the subject string matched by the entire pattern. The next pair is
+used for the first capturing subpattern, and so on. The value returned by
+<b>pcre_exec()</b> is one more than the highest numbered pair that has been set.
+For example, if two substrings have been captured, the returned value is 3. If
+there are no capturing subpatterns, the return value from a successful match is
+1, indicating that just the first pair of offsets has been set.
+</P>
+<P>
+If a capturing subpattern is matched repeatedly, it is the last portion of the
+string that it matched that is returned.
+</P>
+<P>
+If the vector is too small to hold all the captured substring offsets, it is
+used as far as possible (up to two-thirds of its length), and the function
+returns a value of zero. If neither the actual string matched nor any captured
+substrings are of interest, <b>pcre_exec()</b> may be called with <i>ovector</i>
+passed as NULL and <i>ovecsize</i> as zero. However, if the pattern contains
+back references and the <i>ovector</i> is not big enough to remember the related
+substrings, PCRE has to get additional memory for use during matching. Thus it
+is usually advisable to supply an <i>ovector</i> of reasonable size.
+</P>
+<P>
+There are some cases where zero is returned (indicating vector overflow) when
+in fact the vector is exactly the right size for the final match. For example,
+consider the pattern
+<pre>
+  (a)(?:(b)c|bd)
+</pre>
+If a vector of 6 elements (allowing for only 1 captured substring) is given
+with subject string "abd", <b>pcre_exec()</b> will try to set the second
+captured string, thereby recording a vector overflow, before failing to match
+"c" and backing up to try the second alternative. The zero return, however,
+does correctly indicate that the maximum number of slots (namely 2) have been
+filled. In similar cases where there is temporary overflow, but the final
+number of used slots is actually less than the maximum, a non-zero value is
+returned.
+</P>
+<P>
+The <b>pcre_fullinfo()</b> function can be used to find out how many capturing
+subpatterns there are in a compiled pattern. The smallest size for
+<i>ovector</i> that will allow for <i>n</i> captured substrings, in addition to
+the offsets of the substring matched by the whole pattern, is (<i>n</i>+1)*3.
+</P>
+<P>
+It is possible for capturing subpattern number <i>n+1</i> to match some part of
+the subject when subpattern <i>n</i> has not been used at all. For example, if
+the string "abc" is matched against the pattern (a|(z))(bc) the return from the
+function is 4, and subpatterns 1 and 3 are matched, but 2 is not. When this
+happens, both values in the offset pairs corresponding to unused subpatterns
+are set to -1.
+</P>
+<P>
+Offset values that correspond to unused subpatterns at the end of the
+expression are also set to -1. For example, if the string "abc" is matched
+against the pattern (abc)(x(yz)?)? subpatterns 2 and 3 are not matched. The
+return from the function is 2, because the highest used capturing subpattern
+number is 1, and the offsets for for the second and third capturing subpatterns
+(assuming the vector is large enough, of course) are set to -1.
+</P>
+<P>
+<b>Note</b>: Elements in the first two-thirds of <i>ovector</i> that do not
+correspond to capturing parentheses in the pattern are never changed. That is,
+if a pattern contains <i>n</i> capturing parentheses, no more than
+<i>ovector[0]</i> to <i>ovector[2n+1]</i> are set by <b>pcre_exec()</b>. The other
+elements (in the first two-thirds) retain whatever values they previously had.
+</P>
+<P>
+Some convenience functions are provided for extracting the captured substrings
+as separate strings. These are described below.
+<a name="errorlist"></a></P>
+<br><b>
+Error return values from <b>pcre_exec()</b>
+</b><br>
+<P>
+If <b>pcre_exec()</b> fails, it returns a negative number. The following are
+defined in the header file:
+<pre>
+  PCRE_ERROR_NOMATCH        (-1)
+</pre>
+The subject string did not match the pattern.
+<pre>
+  PCRE_ERROR_NULL           (-2)
+</pre>
+Either <i>code</i> or <i>subject</i> was passed as NULL, or <i>ovector</i> was
+NULL and <i>ovecsize</i> was not zero.
+<pre>
+  PCRE_ERROR_BADOPTION      (-3)
+</pre>
+An unrecognized bit was set in the <i>options</i> argument.
+<pre>
+  PCRE_ERROR_BADMAGIC       (-4)
+</pre>
+PCRE stores a 4-byte "magic number" at the start of the compiled code, to catch
+the case when it is passed a junk pointer and to detect when a pattern that was
+compiled in an environment of one endianness is run in an environment with the
+other endianness. This is the error that PCRE gives when the magic number is
+not present.
+<pre>
+  PCRE_ERROR_UNKNOWN_OPCODE (-5)
+</pre>
+While running the pattern match, an unknown item was encountered in the
+compiled pattern. This error could be caused by a bug in PCRE or by overwriting
+of the compiled pattern.
+<pre>
+  PCRE_ERROR_NOMEMORY       (-6)
+</pre>
+If a pattern contains back references, but the <i>ovector</i> that is passed to
+<b>pcre_exec()</b> is not big enough to remember the referenced substrings, PCRE
+gets a block of memory at the start of matching to use for this purpose. If the
+call via <b>pcre_malloc()</b> fails, this error is given. The memory is
+automatically freed at the end of matching.
+</P>
+<P>
+This error is also given if <b>pcre_stack_malloc()</b> fails in
+<b>pcre_exec()</b>. This can happen only when PCRE has been compiled with
+<b>--disable-stack-for-recursion</b>.
+<pre>
+  PCRE_ERROR_NOSUBSTRING    (-7)
+</pre>
+This error is used by the <b>pcre_copy_substring()</b>,
+<b>pcre_get_substring()</b>, and <b>pcre_get_substring_list()</b> functions (see
+below). It is never returned by <b>pcre_exec()</b>.
+<pre>
+  PCRE_ERROR_MATCHLIMIT     (-8)
+</pre>
+The backtracking limit, as specified by the <i>match_limit</i> field in a
+<b>pcre_extra</b> structure (or defaulted) was reached. See the description
+above.
+<pre>
+  PCRE_ERROR_CALLOUT        (-9)
+</pre>
+This error is never generated by <b>pcre_exec()</b> itself. It is provided for
+use by callout functions that want to yield a distinctive error code. See the
+<a href="pcrecallout.html"><b>pcrecallout</b></a>
+documentation for details.
+<pre>
+  PCRE_ERROR_BADUTF8        (-10)
+</pre>
+A string that contains an invalid UTF-8 byte sequence was passed as a subject,
+and the PCRE_NO_UTF8_CHECK option was not set. If the size of the output vector
+(<i>ovecsize</i>) is at least 2, the byte offset to the start of the the invalid
+UTF-8 character is placed in the first element, and a reason code is placed in
+the second element. The reason codes are listed in the
+<a href="#badutf8reasons">following section.</a>
+For backward compatibility, if PCRE_PARTIAL_HARD is set and the problem is a
+truncated UTF-8 character at the end of the subject (reason codes 1 to 5),
+PCRE_ERROR_SHORTUTF8 is returned instead of PCRE_ERROR_BADUTF8.
+<pre>
+  PCRE_ERROR_BADUTF8_OFFSET (-11)
+</pre>
+The UTF-8 byte sequence that was passed as a subject was checked and found to
+be valid (the PCRE_NO_UTF8_CHECK option was not set), but the value of
+<i>startoffset</i> did not point to the beginning of a UTF-8 character or the
+end of the subject.
+<pre>
+  PCRE_ERROR_PARTIAL        (-12)
+</pre>
+The subject string did not match, but it did match partially. See the
+<a href="pcrepartial.html"><b>pcrepartial</b></a>
+documentation for details of partial matching.
+<pre>
+  PCRE_ERROR_BADPARTIAL     (-13)
+</pre>
+This code is no longer in use. It was formerly returned when the PCRE_PARTIAL
+option was used with a compiled pattern containing items that were not
+supported for partial matching. From release 8.00 onwards, there are no
+restrictions on partial matching.
+<pre>
+  PCRE_ERROR_INTERNAL       (-14)
+</pre>
+An unexpected internal error has occurred. This error could be caused by a bug
+in PCRE or by overwriting of the compiled pattern.
+<pre>
+  PCRE_ERROR_BADCOUNT       (-15)
+</pre>
+This error is given if the value of the <i>ovecsize</i> argument is negative.
+<pre>
+  PCRE_ERROR_RECURSIONLIMIT (-21)
+</pre>
+The internal recursion limit, as specified by the <i>match_limit_recursion</i>
+field in a <b>pcre_extra</b> structure (or defaulted) was reached. See the
+description above.
+<pre>
+  PCRE_ERROR_BADNEWLINE     (-23)
+</pre>
+An invalid combination of PCRE_NEWLINE_<i>xxx</i> options was given.
+<pre>
+  PCRE_ERROR_BADOFFSET      (-24)
+</pre>
+The value of <i>startoffset</i> was negative or greater than the length of the
+subject, that is, the value in <i>length</i>.
+<pre>
+  PCRE_ERROR_SHORTUTF8      (-25)
+</pre>
+This error is returned instead of PCRE_ERROR_BADUTF8 when the subject string
+ends with a truncated UTF-8 character and the PCRE_PARTIAL_HARD option is set.
+Information about the failure is returned as for PCRE_ERROR_BADUTF8. It is in
+fact sufficient to detect this case, but this special error code for
+PCRE_PARTIAL_HARD precedes the implementation of returned information; it is
+retained for backwards compatibility.
+<pre>
+  PCRE_ERROR_RECURSELOOP    (-26)
+</pre>
+This error is returned when <b>pcre_exec()</b> detects a recursion loop within
+the pattern. Specifically, it means that either the whole pattern or a
+subpattern has been called recursively for the second time at the same position
+in the subject string. Some simple patterns that might do this are detected and
+faulted at compile time, but more complicated cases, in particular mutual
+recursions between two different subpatterns, cannot be detected until run
+time.
+<pre>
+  PCRE_ERROR_JIT_STACKLIMIT (-27)
+</pre>
+This error is returned when a pattern that was successfully studied using a
+JIT compile option is being matched, but the memory available for the
+just-in-time processing stack is not large enough. See the
+<a href="pcrejit.html"><b>pcrejit</b></a>
+documentation for more details.
+<pre>
+  PCRE_ERROR_BADMODE        (-28)
+</pre>
+This error is given if a pattern that was compiled by the 8-bit library is
+passed to a 16-bit or 32-bit library function, or vice versa.
+<pre>
+  PCRE_ERROR_BADENDIANNESS  (-29)
+</pre>
+This error is given if a pattern that was compiled and saved is reloaded on a
+host with different endianness. The utility function
+<b>pcre_pattern_to_host_byte_order()</b> can be used to convert such a pattern
+so that it runs on the new host.
+<pre>
+  PCRE_ERROR_JIT_BADOPTION
+</pre>
+This error is returned when a pattern that was successfully studied using a JIT
+compile option is being matched, but the matching mode (partial or complete
+match) does not correspond to any JIT compilation mode. When the JIT fast path
+function is used, this error may be also given for invalid options. See the
+<a href="pcrejit.html"><b>pcrejit</b></a>
+documentation for more details.
+<pre>
+  PCRE_ERROR_BADLENGTH      (-32)
+</pre>
+This error is given if <b>pcre_exec()</b> is called with a negative value for
+the <i>length</i> argument.
+</P>
+<P>
+Error numbers -16 to -20, -22, and 30 are not used by <b>pcre_exec()</b>.
+<a name="badutf8reasons"></a></P>
+<br><b>
+Reason codes for invalid UTF-8 strings
+</b><br>
+<P>
+This section applies only to the 8-bit library. The corresponding information
+for the 16-bit and 32-bit libraries is given in the
+<a href="pcre16.html"><b>pcre16</b></a>
+and
+<a href="pcre32.html"><b>pcre32</b></a>
+pages.
+</P>
+<P>
+When <b>pcre_exec()</b> returns either PCRE_ERROR_BADUTF8 or
+PCRE_ERROR_SHORTUTF8, and the size of the output vector (<i>ovecsize</i>) is at
+least 2, the offset of the start of the invalid UTF-8 character is placed in
+the first output vector element (<i>ovector[0]</i>) and a reason code is placed
+in the second element (<i>ovector[1]</i>). The reason codes are given names in
+the <b>pcre.h</b> header file:
+<pre>
+  PCRE_UTF8_ERR1
+  PCRE_UTF8_ERR2
+  PCRE_UTF8_ERR3
+  PCRE_UTF8_ERR4
+  PCRE_UTF8_ERR5
+</pre>
+The string ends with a truncated UTF-8 character; the code specifies how many
+bytes are missing (1 to 5). Although RFC 3629 restricts UTF-8 characters to be
+no longer than 4 bytes, the encoding scheme (originally defined by RFC 2279)
+allows for up to 6 bytes, and this is checked first; hence the possibility of
+4 or 5 missing bytes.
+<pre>
+  PCRE_UTF8_ERR6
+  PCRE_UTF8_ERR7
+  PCRE_UTF8_ERR8
+  PCRE_UTF8_ERR9
+  PCRE_UTF8_ERR10
+</pre>
+The two most significant bits of the 2nd, 3rd, 4th, 5th, or 6th byte of the
+character do not have the binary value 0b10 (that is, either the most
+significant bit is 0, or the next bit is 1).
+<pre>
+  PCRE_UTF8_ERR11
+  PCRE_UTF8_ERR12
+</pre>
+A character that is valid by the RFC 2279 rules is either 5 or 6 bytes long;
+these code points are excluded by RFC 3629.
+<pre>
+  PCRE_UTF8_ERR13
+</pre>
+A 4-byte character has a value greater than 0x10fff; these code points are
+excluded by RFC 3629.
+<pre>
+  PCRE_UTF8_ERR14
+</pre>
+A 3-byte character has a value in the range 0xd800 to 0xdfff; this range of
+code points are reserved by RFC 3629 for use with UTF-16, and so are excluded
+from UTF-8.
+<pre>
+  PCRE_UTF8_ERR15
+  PCRE_UTF8_ERR16
+  PCRE_UTF8_ERR17
+  PCRE_UTF8_ERR18
+  PCRE_UTF8_ERR19
+</pre>
+A 2-, 3-, 4-, 5-, or 6-byte character is "overlong", that is, it codes for a
+value that can be represented by fewer bytes, which is invalid. For example,
+the two bytes 0xc0, 0xae give the value 0x2e, whose correct coding uses just
+one byte.
+<pre>
+  PCRE_UTF8_ERR20
+</pre>
+The two most significant bits of the first byte of a character have the binary
+value 0b10 (that is, the most significant bit is 1 and the second is 0). Such a
+byte can only validly occur as the second or subsequent byte of a multi-byte
+character.
+<pre>
+  PCRE_UTF8_ERR21
+</pre>
+The first byte of a character has the value 0xfe or 0xff. These values can
+never occur in a valid UTF-8 string.
+<pre>
+  PCRE_UTF8_ERR22
+</pre>
+This error code was formerly used when the presence of a so-called
+"non-character" caused an error. Unicode corrigendum #9 makes it clear that
+such characters should not cause a string to be rejected, and so this code is
+no longer in use and is never returned.
+</P>
+<br><a name="SEC18" href="#TOC1">EXTRACTING CAPTURED SUBSTRINGS BY NUMBER</a><br>
+<P>
+<b>int pcre_copy_substring(const char *<i>subject</i>, int *<i>ovector</i>,</b>
+<b>     int <i>stringcount</i>, int <i>stringnumber</i>, char *<i>buffer</i>,</b>
+<b>     int <i>buffersize</i>);</b>
+<br>
+<br>
+<b>int pcre_get_substring(const char *<i>subject</i>, int *<i>ovector</i>,</b>
+<b>     int <i>stringcount</i>, int <i>stringnumber</i>,</b>
+<b>     const char **<i>stringptr</i>);</b>
+<br>
+<br>
+<b>int pcre_get_substring_list(const char *<i>subject</i>,</b>
+<b>     int *<i>ovector</i>, int <i>stringcount</i>, const char ***<i>listptr</i>);</b>
+</P>
+<P>
+Captured substrings can be accessed directly by using the offsets returned by
+<b>pcre_exec()</b> in <i>ovector</i>. For convenience, the functions
+<b>pcre_copy_substring()</b>, <b>pcre_get_substring()</b>, and
+<b>pcre_get_substring_list()</b> are provided for extracting captured substrings
+as new, separate, zero-terminated strings. These functions identify substrings
+by number. The next section describes functions for extracting named
+substrings.
+</P>
+<P>
+A substring that contains a binary zero is correctly extracted and has a
+further zero added on the end, but the result is not, of course, a C string.
+However, you can process such a string by referring to the length that is
+returned by <b>pcre_copy_substring()</b> and <b>pcre_get_substring()</b>.
+Unfortunately, the interface to <b>pcre_get_substring_list()</b> is not adequate
+for handling strings containing binary zeros, because the end of the final
+string is not independently indicated.
+</P>
+<P>
+The first three arguments are the same for all three of these functions:
+<i>subject</i> is the subject string that has just been successfully matched,
+<i>ovector</i> is a pointer to the vector of integer offsets that was passed to
+<b>pcre_exec()</b>, and <i>stringcount</i> is the number of substrings that were
+captured by the match, including the substring that matched the entire regular
+expression. This is the value returned by <b>pcre_exec()</b> if it is greater
+than zero. If <b>pcre_exec()</b> returned zero, indicating that it ran out of
+space in <i>ovector</i>, the value passed as <i>stringcount</i> should be the
+number of elements in the vector divided by three.
+</P>
+<P>
+The functions <b>pcre_copy_substring()</b> and <b>pcre_get_substring()</b>
+extract a single substring, whose number is given as <i>stringnumber</i>. A
+value of zero extracts the substring that matched the entire pattern, whereas
+higher values extract the captured substrings. For <b>pcre_copy_substring()</b>,
+the string is placed in <i>buffer</i>, whose length is given by
+<i>buffersize</i>, while for <b>pcre_get_substring()</b> a new block of memory is
+obtained via <b>pcre_malloc</b>, and its address is returned via
+<i>stringptr</i>. The yield of the function is the length of the string, not
+including the terminating zero, or one of these error codes:
+<pre>
+  PCRE_ERROR_NOMEMORY       (-6)
+</pre>
+The buffer was too small for <b>pcre_copy_substring()</b>, or the attempt to get
+memory failed for <b>pcre_get_substring()</b>.
+<pre>
+  PCRE_ERROR_NOSUBSTRING    (-7)
+</pre>
+There is no substring whose number is <i>stringnumber</i>.
+</P>
+<P>
+The <b>pcre_get_substring_list()</b> function extracts all available substrings
+and builds a list of pointers to them. All this is done in a single block of
+memory that is obtained via <b>pcre_malloc</b>. The address of the memory block
+is returned via <i>listptr</i>, which is also the start of the list of string
+pointers. The end of the list is marked by a NULL pointer. The yield of the
+function is zero if all went well, or the error code
+<pre>
+  PCRE_ERROR_NOMEMORY       (-6)
+</pre>
+if the attempt to get the memory block failed.
+</P>
+<P>
+When any of these functions encounter a substring that is unset, which can
+happen when capturing subpattern number <i>n+1</i> matches some part of the
+subject, but subpattern <i>n</i> has not been used at all, they return an empty
+string. This can be distinguished from a genuine zero-length substring by
+inspecting the appropriate offset in <i>ovector</i>, which is negative for unset
+substrings.
+</P>
+<P>
+The two convenience functions <b>pcre_free_substring()</b> and
+<b>pcre_free_substring_list()</b> can be used to free the memory returned by
+a previous call of <b>pcre_get_substring()</b> or
+<b>pcre_get_substring_list()</b>, respectively. They do nothing more than call
+the function pointed to by <b>pcre_free</b>, which of course could be called
+directly from a C program. However, PCRE is used in some situations where it is
+linked via a special interface to another programming language that cannot use
+<b>pcre_free</b> directly; it is for these cases that the functions are
+provided.
+</P>
+<br><a name="SEC19" href="#TOC1">EXTRACTING CAPTURED SUBSTRINGS BY NAME</a><br>
+<P>
+<b>int pcre_get_stringnumber(const pcre *<i>code</i>,</b>
+<b>     const char *<i>name</i>);</b>
+<br>
+<br>
+<b>int pcre_copy_named_substring(const pcre *<i>code</i>,</b>
+<b>     const char *<i>subject</i>, int *<i>ovector</i>,</b>
+<b>     int <i>stringcount</i>, const char *<i>stringname</i>,</b>
+<b>     char *<i>buffer</i>, int <i>buffersize</i>);</b>
+<br>
+<br>
+<b>int pcre_get_named_substring(const pcre *<i>code</i>,</b>
+<b>     const char *<i>subject</i>, int *<i>ovector</i>,</b>
+<b>     int <i>stringcount</i>, const char *<i>stringname</i>,</b>
+<b>     const char **<i>stringptr</i>);</b>
+</P>
+<P>
+To extract a substring by name, you first have to find associated number.
+For example, for this pattern
+<pre>
+  (a+)b(?&#60;xxx&#62;\d+)...
+</pre>
+the number of the subpattern called "xxx" is 2. If the name is known to be
+unique (PCRE_DUPNAMES was not set), you can find the number from the name by
+calling <b>pcre_get_stringnumber()</b>. The first argument is the compiled
+pattern, and the second is the name. The yield of the function is the
+subpattern number, or PCRE_ERROR_NOSUBSTRING (-7) if there is no subpattern of
+that name.
+</P>
+<P>
+Given the number, you can extract the substring directly, or use one of the
+functions described in the previous section. For convenience, there are also
+two functions that do the whole job.
+</P>
+<P>
+Most of the arguments of <b>pcre_copy_named_substring()</b> and
+<b>pcre_get_named_substring()</b> are the same as those for the similarly named
+functions that extract by number. As these are described in the previous
+section, they are not re-described here. There are just two differences:
+</P>
+<P>
+First, instead of a substring number, a substring name is given. Second, there
+is an extra argument, given at the start, which is a pointer to the compiled
+pattern. This is needed in order to gain access to the name-to-number
+translation table.
+</P>
+<P>
+These functions call <b>pcre_get_stringnumber()</b>, and if it succeeds, they
+then call <b>pcre_copy_substring()</b> or <b>pcre_get_substring()</b>, as
+appropriate. <b>NOTE:</b> If PCRE_DUPNAMES is set and there are duplicate names,
+the behaviour may not be what you want (see the next section).
+</P>
+<P>
+<b>Warning:</b> If the pattern uses the (?| feature to set up multiple
+subpatterns with the same number, as described in the
+<a href="pcrepattern.html#dupsubpatternnumber">section on duplicate subpattern numbers</a>
+in the
+<a href="pcrepattern.html"><b>pcrepattern</b></a>
+page, you cannot use names to distinguish the different subpatterns, because
+names are not included in the compiled code. The matching process uses only
+numbers. For this reason, the use of different names for subpatterns of the
+same number causes an error at compile time.
+</P>
+<br><a name="SEC20" href="#TOC1">DUPLICATE SUBPATTERN NAMES</a><br>
+<P>
+<b>int pcre_get_stringtable_entries(const pcre *<i>code</i>,</b>
+<b>     const char *<i>name</i>, char **<i>first</i>, char **<i>last</i>);</b>
+</P>
+<P>
+When a pattern is compiled with the PCRE_DUPNAMES option, names for subpatterns
+are not required to be unique. (Duplicate names are always allowed for
+subpatterns with the same number, created by using the (?| feature. Indeed, if
+such subpatterns are named, they are required to use the same names.)
+</P>
+<P>
+Normally, patterns with duplicate names are such that in any one match, only
+one of the named subpatterns participates. An example is shown in the
+<a href="pcrepattern.html"><b>pcrepattern</b></a>
+documentation.
+</P>
+<P>
+When duplicates are present, <b>pcre_copy_named_substring()</b> and
+<b>pcre_get_named_substring()</b> return the first substring corresponding to
+the given name that is set. If none are set, PCRE_ERROR_NOSUBSTRING (-7) is
+returned; no data is returned. The <b>pcre_get_stringnumber()</b> function
+returns one of the numbers that are associated with the name, but it is not
+defined which it is.
+</P>
+<P>
+If you want to get full details of all captured substrings for a given name,
+you must use the <b>pcre_get_stringtable_entries()</b> function. The first
+argument is the compiled pattern, and the second is the name. The third and
+fourth are pointers to variables which are updated by the function. After it
+has run, they point to the first and last entries in the name-to-number table
+for the given name. The function itself returns the length of each entry, or
+PCRE_ERROR_NOSUBSTRING (-7) if there are none. The format of the table is
+described above in the section entitled <i>Information about a pattern</i>
+<a href="#infoaboutpattern">above.</a>
+Given all the relevant entries for the name, you can extract each of their
+numbers, and hence the captured data, if any.
+</P>
+<br><a name="SEC21" href="#TOC1">FINDING ALL POSSIBLE MATCHES</a><br>
+<P>
+The traditional matching function uses a similar algorithm to Perl, which stops
+when it finds the first match, starting at a given point in the subject. If you
+want to find all possible matches, or the longest possible match, consider
+using the alternative matching function (see below) instead. If you cannot use
+the alternative function, but still need to find all possible matches, you
+can kludge it up by making use of the callout facility, which is described in
+the
+<a href="pcrecallout.html"><b>pcrecallout</b></a>
+documentation.
+</P>
+<P>
+What you have to do is to insert a callout right at the end of the pattern.
+When your callout function is called, extract and save the current matched
+substring. Then return 1, which forces <b>pcre_exec()</b> to backtrack and try
+other alternatives. Ultimately, when it runs out of matches, <b>pcre_exec()</b>
+will yield PCRE_ERROR_NOMATCH.
+</P>
+<br><a name="SEC22" href="#TOC1">OBTAINING AN ESTIMATE OF STACK USAGE</a><br>
+<P>
+Matching certain patterns using <b>pcre_exec()</b> can use a lot of process
+stack, which in certain environments can be rather limited in size. Some users
+find it helpful to have an estimate of the amount of stack that is used by
+<b>pcre_exec()</b>, to help them set recursion limits, as described in the
+<a href="pcrestack.html"><b>pcrestack</b></a>
+documentation. The estimate that is output by <b>pcretest</b> when called with
+the <b>-m</b> and <b>-C</b> options is obtained by calling <b>pcre_exec</b> with
+the values NULL, NULL, NULL, -999, and -999 for its first five arguments.
+</P>
+<P>
+Normally, if its first argument is NULL, <b>pcre_exec()</b> immediately returns
+the negative error code PCRE_ERROR_NULL, but with this special combination of
+arguments, it returns instead a negative number whose absolute value is the
+approximate stack frame size in bytes. (A negative number is used so that it is
+clear that no match has happened.) The value is approximate because in some
+cases, recursive calls to <b>pcre_exec()</b> occur when there are one or two
+additional variables on the stack.
+</P>
+<P>
+If PCRE has been compiled to use the heap instead of the stack for recursion,
+the value returned is the size of each block that is obtained from the heap.
+<a name="dfamatch"></a></P>
+<br><a name="SEC23" href="#TOC1">MATCHING A PATTERN: THE ALTERNATIVE FUNCTION</a><br>
+<P>
+<b>int pcre_dfa_exec(const pcre *<i>code</i>, const pcre_extra *<i>extra</i>,</b>
+<b>     const char *<i>subject</i>, int <i>length</i>, int <i>startoffset</i>,</b>
+<b>     int <i>options</i>, int *<i>ovector</i>, int <i>ovecsize</i>,</b>
+<b>     int *<i>workspace</i>, int <i>wscount</i>);</b>
+</P>
+<P>
+The function <b>pcre_dfa_exec()</b> is called to match a subject string against
+a compiled pattern, using a matching algorithm that scans the subject string
+just once, and does not backtrack. This has different characteristics to the
+normal algorithm, and is not compatible with Perl. Some of the features of PCRE
+patterns are not supported. Nevertheless, there are times when this kind of
+matching can be useful. For a discussion of the two matching algorithms, and a
+list of features that <b>pcre_dfa_exec()</b> does not support, see the
+<a href="pcrematching.html"><b>pcrematching</b></a>
+documentation.
+</P>
+<P>
+The arguments for the <b>pcre_dfa_exec()</b> function are the same as for
+<b>pcre_exec()</b>, plus two extras. The <i>ovector</i> argument is used in a
+different way, and this is described below. The other common arguments are used
+in the same way as for <b>pcre_exec()</b>, so their description is not repeated
+here.
+</P>
+<P>
+The two additional arguments provide workspace for the function. The workspace
+vector should contain at least 20 elements. It is used for keeping track of
+multiple paths through the pattern tree. More workspace will be needed for
+patterns and subjects where there are a lot of potential matches.
+</P>
+<P>
+Here is an example of a simple call to <b>pcre_dfa_exec()</b>:
+<pre>
+  int rc;
+  int ovector[10];
+  int wspace[20];
+  rc = pcre_dfa_exec(
+    re,             /* result of pcre_compile() */
+    NULL,           /* we didn't study the pattern */
+    "some string",  /* the subject string */
+    11,             /* the length of the subject string */
+    0,              /* start at offset 0 in the subject */
+    0,              /* default options */
+    ovector,        /* vector of integers for substring information */
+    10,             /* number of elements (NOT size in bytes) */
+    wspace,         /* working space vector */
+    20);            /* number of elements (NOT size in bytes) */
+</PRE>
+</P>
+<br><b>
+Option bits for <b>pcre_dfa_exec()</b>
+</b><br>
+<P>
+The unused bits of the <i>options</i> argument for <b>pcre_dfa_exec()</b> must be
+zero. The only bits that may be set are PCRE_ANCHORED, PCRE_NEWLINE_<i>xxx</i>,
+PCRE_NOTBOL, PCRE_NOTEOL, PCRE_NOTEMPTY, PCRE_NOTEMPTY_ATSTART,
+PCRE_NO_UTF8_CHECK, PCRE_BSR_ANYCRLF, PCRE_BSR_UNICODE, PCRE_NO_START_OPTIMIZE,
+PCRE_PARTIAL_HARD, PCRE_PARTIAL_SOFT, PCRE_DFA_SHORTEST, and PCRE_DFA_RESTART.
+All but the last four of these are exactly the same as for <b>pcre_exec()</b>,
+so their description is not repeated here.
+<pre>
+  PCRE_PARTIAL_HARD
+  PCRE_PARTIAL_SOFT
+</pre>
+These have the same general effect as they do for <b>pcre_exec()</b>, but the
+details are slightly different. When PCRE_PARTIAL_HARD is set for
+<b>pcre_dfa_exec()</b>, it returns PCRE_ERROR_PARTIAL if the end of the subject
+is reached and there is still at least one matching possibility that requires
+additional characters. This happens even if some complete matches have also
+been found. When PCRE_PARTIAL_SOFT is set, the return code PCRE_ERROR_NOMATCH
+is converted into PCRE_ERROR_PARTIAL if the end of the subject is reached,
+there have been no complete matches, but there is still at least one matching
+possibility. The portion of the string that was inspected when the longest
+partial match was found is set as the first matching string in both cases.
+There is a more detailed discussion of partial and multi-segment matching, with
+examples, in the
+<a href="pcrepartial.html"><b>pcrepartial</b></a>
+documentation.
+<pre>
+  PCRE_DFA_SHORTEST
+</pre>
+Setting the PCRE_DFA_SHORTEST option causes the matching algorithm to stop as
+soon as it has found one match. Because of the way the alternative algorithm
+works, this is necessarily the shortest possible match at the first possible
+matching point in the subject string.
+<pre>
+  PCRE_DFA_RESTART
+</pre>
+When <b>pcre_dfa_exec()</b> returns a partial match, it is possible to call it
+again, with additional subject characters, and have it continue with the same
+match. The PCRE_DFA_RESTART option requests this action; when it is set, the
+<i>workspace</i> and <i>wscount</i> options must reference the same vector as
+before because data about the match so far is left in them after a partial
+match. There is more discussion of this facility in the
+<a href="pcrepartial.html"><b>pcrepartial</b></a>
+documentation.
+</P>
+<br><b>
+Successful returns from <b>pcre_dfa_exec()</b>
+</b><br>
+<P>
+When <b>pcre_dfa_exec()</b> succeeds, it may have matched more than one
+substring in the subject. Note, however, that all the matches from one run of
+the function start at the same point in the subject. The shorter matches are
+all initial substrings of the longer matches. For example, if the pattern
+<pre>
+  &#60;.*&#62;
+</pre>
+is matched against the string
+<pre>
+  This is &#60;something&#62; &#60;something else&#62; &#60;something further&#62; no more
+</pre>
+the three matched strings are
+<pre>
+  &#60;something&#62;
+  &#60;something&#62; &#60;something else&#62;
+  &#60;something&#62; &#60;something else&#62; &#60;something further&#62;
+</pre>
+On success, the yield of the function is a number greater than zero, which is
+the number of matched substrings. The substrings themselves are returned in
+<i>ovector</i>. Each string uses two elements; the first is the offset to the
+start, and the second is the offset to the end. In fact, all the strings have
+the same start offset. (Space could have been saved by giving this only once,
+but it was decided to retain some compatibility with the way <b>pcre_exec()</b>
+returns data, even though the meaning of the strings is different.)
+</P>
+<P>
+The strings are returned in reverse order of length; that is, the longest
+matching string is given first. If there were too many matches to fit into
+<i>ovector</i>, the yield of the function is zero, and the vector is filled with
+the longest matches. Unlike <b>pcre_exec()</b>, <b>pcre_dfa_exec()</b> can use
+the entire <i>ovector</i> for returning matched strings.
+</P>
+<P>
+NOTE: PCRE's "auto-possessification" optimization usually applies to character
+repeats at the end of a pattern (as well as internally). For example, the
+pattern "a\d+" is compiled as if it were "a\d++" because there is no point
+even considering the possibility of backtracking into the repeated digits. For
+DFA matching, this means that only one possible match is found. If you really
+do want multiple matches in such cases, either use an ungreedy repeat
+("a\d+?") or set the PCRE_NO_AUTO_POSSESS option when compiling.
+</P>
+<br><b>
+Error returns from <b>pcre_dfa_exec()</b>
+</b><br>
+<P>
+The <b>pcre_dfa_exec()</b> function returns a negative number when it fails.
+Many of the errors are the same as for <b>pcre_exec()</b>, and these are
+described
+<a href="#errorlist">above.</a>
+There are in addition the following errors that are specific to
+<b>pcre_dfa_exec()</b>:
+<pre>
+  PCRE_ERROR_DFA_UITEM      (-16)
+</pre>
+This return is given if <b>pcre_dfa_exec()</b> encounters an item in the pattern
+that it does not support, for instance, the use of \C or a back reference.
+<pre>
+  PCRE_ERROR_DFA_UCOND      (-17)
+</pre>
+This return is given if <b>pcre_dfa_exec()</b> encounters a condition item that
+uses a back reference for the condition, or a test for recursion in a specific
+group. These are not supported.
+<pre>
+  PCRE_ERROR_DFA_UMLIMIT    (-18)
+</pre>
+This return is given if <b>pcre_dfa_exec()</b> is called with an <i>extra</i>
+block that contains a setting of the <i>match_limit</i> or
+<i>match_limit_recursion</i> fields. This is not supported (these fields are
+meaningless for DFA matching).
+<pre>
+  PCRE_ERROR_DFA_WSSIZE     (-19)
+</pre>
+This return is given if <b>pcre_dfa_exec()</b> runs out of space in the
+<i>workspace</i> vector.
+<pre>
+  PCRE_ERROR_DFA_RECURSE    (-20)
+</pre>
+When a recursive subpattern is processed, the matching function calls itself
+recursively, using private vectors for <i>ovector</i> and <i>workspace</i>. This
+error is given if the output vector is not large enough. This should be
+extremely rare, as a vector of size 1000 is used.
+<pre>
+  PCRE_ERROR_DFA_BADRESTART (-30)
+</pre>
+When <b>pcre_dfa_exec()</b> is called with the <b>PCRE_DFA_RESTART</b> option,
+some plausibility checks are made on the contents of the workspace, which
+should contain data about the previous partial match. If any of these checks
+fail, this error is given.
+</P>
+<br><a name="SEC24" href="#TOC1">SEE ALSO</a><br>
+<P>
+<b>pcre16</b>(3), <b>pcre32</b>(3), <b>pcrebuild</b>(3), <b>pcrecallout</b>(3),
+<b>pcrecpp(3)</b>(3), <b>pcrematching</b>(3), <b>pcrepartial</b>(3),
+<b>pcreposix</b>(3), <b>pcreprecompile</b>(3), <b>pcresample</b>(3),
+<b>pcrestack</b>(3).
+</P>
+<br><a name="SEC25" href="#TOC1">AUTHOR</a><br>
+<P>
+Philip Hazel
+<br>
+University Computing Service
+<br>
+Cambridge CB2 3QH, England.
+<br>
+</P>
+<br><a name="SEC26" href="#TOC1">REVISION</a><br>
+<P>
+Last updated: 18 December 2015
+<br>
+Copyright &copy; 1997-2015 University of Cambridge.
+<br>
+<p>
+Return to the <a href="index.html">PCRE index page</a>.
+</p>
diff --git a/client/3rd/ShadowSocks/ShadowSocks/pcre/armv7/share/doc/pcre/html/pcrebuild.html b/client/3rd/ShadowSocks/ShadowSocks/pcre/armv7/share/doc/pcre/html/pcrebuild.html
new file mode 100644
index 00000000..03c8cbe0
--- /dev/null
+++ b/client/3rd/ShadowSocks/ShadowSocks/pcre/armv7/share/doc/pcre/html/pcrebuild.html
@@ -0,0 +1,534 @@
+<html>
+<head>
+<title>pcrebuild specification</title>
+</head>
+<body bgcolor="#FFFFFF" text="#00005A" link="#0066FF" alink="#3399FF" vlink="#2222BB">
+<h1>pcrebuild man page</h1>
+<p>
+Return to the <a href="index.html">PCRE index page</a>.
+</p>
+<p>
+This page is part of the PCRE HTML documentation. It was generated automatically
+from the original man page. If there is any nonsense in it, please consult the
+man page, in case the conversion went wrong.
+<br>
+<ul>
+<li><a name="TOC1" href="#SEC1">BUILDING PCRE</a>
+<li><a name="TOC2" href="#SEC2">PCRE BUILD-TIME OPTIONS</a>
+<li><a name="TOC3" href="#SEC3">BUILDING 8-BIT, 16-BIT AND 32-BIT LIBRARIES</a>
+<li><a name="TOC4" href="#SEC4">BUILDING SHARED AND STATIC LIBRARIES</a>
+<li><a name="TOC5" href="#SEC5">C++ SUPPORT</a>
+<li><a name="TOC6" href="#SEC6">UTF-8, UTF-16 AND UTF-32 SUPPORT</a>
+<li><a name="TOC7" href="#SEC7">UNICODE CHARACTER PROPERTY SUPPORT</a>
+<li><a name="TOC8" href="#SEC8">JUST-IN-TIME COMPILER SUPPORT</a>
+<li><a name="TOC9" href="#SEC9">CODE VALUE OF NEWLINE</a>
+<li><a name="TOC10" href="#SEC10">WHAT \R MATCHES</a>
+<li><a name="TOC11" href="#SEC11">POSIX MALLOC USAGE</a>
+<li><a name="TOC12" href="#SEC12">HANDLING VERY LARGE PATTERNS</a>
+<li><a name="TOC13" href="#SEC13">AVOIDING EXCESSIVE STACK USAGE</a>
+<li><a name="TOC14" href="#SEC14">LIMITING PCRE RESOURCE USAGE</a>
+<li><a name="TOC15" href="#SEC15">CREATING CHARACTER TABLES AT BUILD TIME</a>
+<li><a name="TOC16" href="#SEC16">USING EBCDIC CODE</a>
+<li><a name="TOC17" href="#SEC17">PCREGREP OPTIONS FOR COMPRESSED FILE SUPPORT</a>
+<li><a name="TOC18" href="#SEC18">PCREGREP BUFFER SIZE</a>
+<li><a name="TOC19" href="#SEC19">PCRETEST OPTION FOR LIBREADLINE SUPPORT</a>
+<li><a name="TOC20" href="#SEC20">DEBUGGING WITH VALGRIND SUPPORT</a>
+<li><a name="TOC21" href="#SEC21">CODE COVERAGE REPORTING</a>
+<li><a name="TOC22" href="#SEC22">SEE ALSO</a>
+<li><a name="TOC23" href="#SEC23">AUTHOR</a>
+<li><a name="TOC24" href="#SEC24">REVISION</a>
+</ul>
+<br><a name="SEC1" href="#TOC1">BUILDING PCRE</a><br>
+<P>
+PCRE is distributed with a <b>configure</b> script that can be used to build the
+library in Unix-like environments using the applications known as Autotools.
+Also in the distribution are files to support building using <b>CMake</b>
+instead of <b>configure</b>. The text file
+<a href="README.txt"><b>README</b></a>
+contains general information about building with Autotools (some of which is
+repeated below), and also has some comments about building on various operating
+systems. There is a lot more information about building PCRE without using
+Autotools (including information about using <b>CMake</b> and building "by
+hand") in the text file called
+<a href="NON-AUTOTOOLS-BUILD.txt"><b>NON-AUTOTOOLS-BUILD</b>.</a>
+You should consult this file as well as the
+<a href="README.txt"><b>README</b></a>
+file if you are building in a non-Unix-like environment.
+</P>
+<br><a name="SEC2" href="#TOC1">PCRE BUILD-TIME OPTIONS</a><br>
+<P>
+The rest of this document describes the optional features of PCRE that can be
+selected when the library is compiled. It assumes use of the <b>configure</b>
+script, where the optional features are selected or deselected by providing
+options to <b>configure</b> before running the <b>make</b> command. However, the
+same options can be selected in both Unix-like and non-Unix-like environments
+using the GUI facility of <b>cmake-gui</b> if you are using <b>CMake</b> instead
+of <b>configure</b> to build PCRE.
+</P>
+<P>
+If you are not using Autotools or <b>CMake</b>, option selection can be done by
+editing the <b>config.h</b> file, or by passing parameter settings to the
+compiler, as described in
+<a href="NON-AUTOTOOLS-BUILD.txt"><b>NON-AUTOTOOLS-BUILD</b>.</a>
+</P>
+<P>
+The complete list of options for <b>configure</b> (which includes the standard
+ones such as the selection of the installation directory) can be obtained by
+running
+<pre>
+  ./configure --help
+</pre>
+The following sections include descriptions of options whose names begin with
+--enable or --disable. These settings specify changes to the defaults for the
+<b>configure</b> command. Because of the way that <b>configure</b> works,
+--enable and --disable always come in pairs, so the complementary option always
+exists as well, but as it specifies the default, it is not described.
+</P>
+<br><a name="SEC3" href="#TOC1">BUILDING 8-BIT, 16-BIT AND 32-BIT LIBRARIES</a><br>
+<P>
+By default, a library called <b>libpcre</b> is built, containing functions that
+take string arguments contained in vectors of bytes, either as single-byte
+characters, or interpreted as UTF-8 strings. You can also build a separate
+library, called <b>libpcre16</b>, in which strings are contained in vectors of
+16-bit data units and interpreted either as single-unit characters or UTF-16
+strings, by adding
+<pre>
+  --enable-pcre16
+</pre>
+to the <b>configure</b> command. You can also build yet another separate
+library, called <b>libpcre32</b>, in which strings are contained in vectors of
+32-bit data units and interpreted either as single-unit characters or UTF-32
+strings, by adding
+<pre>
+  --enable-pcre32
+</pre>
+to the <b>configure</b> command. If you do not want the 8-bit library, add
+<pre>
+  --disable-pcre8
+</pre>
+as well. At least one of the three libraries must be built. Note that the C++
+and POSIX wrappers are for the 8-bit library only, and that <b>pcregrep</b> is
+an 8-bit program. None of these are built if you select only the 16-bit or
+32-bit libraries.
+</P>
+<br><a name="SEC4" href="#TOC1">BUILDING SHARED AND STATIC LIBRARIES</a><br>
+<P>
+The Autotools PCRE building process uses <b>libtool</b> to build both shared and
+static libraries by default. You can suppress one of these by adding one of
+<pre>
+  --disable-shared
+  --disable-static
+</pre>
+to the <b>configure</b> command, as required.
+</P>
+<br><a name="SEC5" href="#TOC1">C++ SUPPORT</a><br>
+<P>
+By default, if the 8-bit library is being built, the <b>configure</b> script
+will search for a C++ compiler and C++ header files. If it finds them, it
+automatically builds the C++ wrapper library (which supports only 8-bit
+strings). You can disable this by adding
+<pre>
+  --disable-cpp
+</pre>
+to the <b>configure</b> command.
+</P>
+<br><a name="SEC6" href="#TOC1">UTF-8, UTF-16 AND UTF-32 SUPPORT</a><br>
+<P>
+To build PCRE with support for UTF Unicode character strings, add
+<pre>
+  --enable-utf
+</pre>
+to the <b>configure</b> command. This setting applies to all three libraries,
+adding support for UTF-8 to the 8-bit library, support for UTF-16 to the 16-bit
+library, and support for UTF-32 to the to the 32-bit library. There are no
+separate options for enabling UTF-8, UTF-16 and UTF-32 independently because
+that would allow ridiculous settings such as requesting UTF-16 support while
+building only the 8-bit library. It is not possible to build one library with
+UTF support and another without in the same configuration. (For backwards
+compatibility, --enable-utf8 is a synonym of --enable-utf.)
+</P>
+<P>
+Of itself, this setting does not make PCRE treat strings as UTF-8, UTF-16 or
+UTF-32. As well as compiling PCRE with this option, you also have have to set
+the PCRE_UTF8, PCRE_UTF16 or PCRE_UTF32 option (as appropriate) when you call
+one of the pattern compiling functions.
+</P>
+<P>
+If you set --enable-utf when compiling in an EBCDIC environment, PCRE expects
+its input to be either ASCII or UTF-8 (depending on the run-time option). It is
+not possible to support both EBCDIC and UTF-8 codes in the same version of the
+library. Consequently, --enable-utf and --enable-ebcdic are mutually
+exclusive.
+</P>
+<br><a name="SEC7" href="#TOC1">UNICODE CHARACTER PROPERTY SUPPORT</a><br>
+<P>
+UTF support allows the libraries to process character codepoints up to 0x10ffff
+in the strings that they handle. On its own, however, it does not provide any
+facilities for accessing the properties of such characters. If you want to be
+able to use the pattern escapes \P, \p, and \X, which refer to Unicode
+character properties, you must add
+<pre>
+  --enable-unicode-properties
+</pre>
+to the <b>configure</b> command. This implies UTF support, even if you have
+not explicitly requested it.
+</P>
+<P>
+Including Unicode property support adds around 30K of tables to the PCRE
+library. Only the general category properties such as <i>Lu</i> and <i>Nd</i> are
+supported. Details are given in the
+<a href="pcrepattern.html"><b>pcrepattern</b></a>
+documentation.
+</P>
+<br><a name="SEC8" href="#TOC1">JUST-IN-TIME COMPILER SUPPORT</a><br>
+<P>
+Just-in-time compiler support is included in the build by specifying
+<pre>
+  --enable-jit
+</pre>
+This support is available only for certain hardware architectures. If this
+option is set for an unsupported architecture, a compile time error occurs.
+See the
+<a href="pcrejit.html"><b>pcrejit</b></a>
+documentation for a discussion of JIT usage. When JIT support is enabled,
+pcregrep automatically makes use of it, unless you add
+<pre>
+  --disable-pcregrep-jit
+</pre>
+to the "configure" command.
+</P>
+<br><a name="SEC9" href="#TOC1">CODE VALUE OF NEWLINE</a><br>
+<P>
+By default, PCRE interprets the linefeed (LF) character as indicating the end
+of a line. This is the normal newline character on Unix-like systems. You can
+compile PCRE to use carriage return (CR) instead, by adding
+<pre>
+  --enable-newline-is-cr
+</pre>
+to the <b>configure</b> command. There is also a --enable-newline-is-lf option,
+which explicitly specifies linefeed as the newline character.
+<br>
+<br>
+Alternatively, you can specify that line endings are to be indicated by the two
+character sequence CRLF. If you want this, add
+<pre>
+  --enable-newline-is-crlf
+</pre>
+to the <b>configure</b> command. There is a fourth option, specified by
+<pre>
+  --enable-newline-is-anycrlf
+</pre>
+which causes PCRE to recognize any of the three sequences CR, LF, or CRLF as
+indicating a line ending. Finally, a fifth option, specified by
+<pre>
+  --enable-newline-is-any
+</pre>
+causes PCRE to recognize any Unicode newline sequence.
+</P>
+<P>
+Whatever line ending convention is selected when PCRE is built can be
+overridden when the library functions are called. At build time it is
+conventional to use the standard for your operating system.
+</P>
+<br><a name="SEC10" href="#TOC1">WHAT \R MATCHES</a><br>
+<P>
+By default, the sequence \R in a pattern matches any Unicode newline sequence,
+whatever has been selected as the line ending sequence. If you specify
+<pre>
+  --enable-bsr-anycrlf
+</pre>
+the default is changed so that \R matches only CR, LF, or CRLF. Whatever is
+selected when PCRE is built can be overridden when the library functions are
+called.
+</P>
+<br><a name="SEC11" href="#TOC1">POSIX MALLOC USAGE</a><br>
+<P>
+When the 8-bit library is called through the POSIX interface (see the
+<a href="pcreposix.html"><b>pcreposix</b></a>
+documentation), additional working storage is required for holding the pointers
+to capturing substrings, because PCRE requires three integers per substring,
+whereas the POSIX interface provides only two. If the number of expected
+substrings is small, the wrapper function uses space on the stack, because this
+is faster than using <b>malloc()</b> for each call. The default threshold above
+which the stack is no longer used is 10; it can be changed by adding a setting
+such as
+<pre>
+  --with-posix-malloc-threshold=20
+</pre>
+to the <b>configure</b> command.
+</P>
+<br><a name="SEC12" href="#TOC1">HANDLING VERY LARGE PATTERNS</a><br>
+<P>
+Within a compiled pattern, offset values are used to point from one part to
+another (for example, from an opening parenthesis to an alternation
+metacharacter). By default, in the 8-bit and 16-bit libraries, two-byte values
+are used for these offsets, leading to a maximum size for a compiled pattern of
+around 64K. This is sufficient to handle all but the most gigantic patterns.
+Nevertheless, some people do want to process truly enormous patterns, so it is
+possible to compile PCRE to use three-byte or four-byte offsets by adding a
+setting such as
+<pre>
+  --with-link-size=3
+</pre>
+to the <b>configure</b> command. The value given must be 2, 3, or 4. For the
+16-bit library, a value of 3 is rounded up to 4. In these libraries, using
+longer offsets slows down the operation of PCRE because it has to load
+additional data when handling them. For the 32-bit library the value is always
+4 and cannot be overridden; the value of --with-link-size is ignored.
+</P>
+<br><a name="SEC13" href="#TOC1">AVOIDING EXCESSIVE STACK USAGE</a><br>
+<P>
+When matching with the <b>pcre_exec()</b> function, PCRE implements backtracking
+by making recursive calls to an internal function called <b>match()</b>. In
+environments where the size of the stack is limited, this can severely limit
+PCRE's operation. (The Unix environment does not usually suffer from this
+problem, but it may sometimes be necessary to increase the maximum stack size.
+There is a discussion in the
+<a href="pcrestack.html"><b>pcrestack</b></a>
+documentation.) An alternative approach to recursion that uses memory from the
+heap to remember data, instead of using recursive function calls, has been
+implemented to work round the problem of limited stack size. If you want to
+build a version of PCRE that works this way, add
+<pre>
+  --disable-stack-for-recursion
+</pre>
+to the <b>configure</b> command. With this configuration, PCRE will use the
+<b>pcre_stack_malloc</b> and <b>pcre_stack_free</b> variables to call memory
+management functions. By default these point to <b>malloc()</b> and
+<b>free()</b>, but you can replace the pointers so that your own functions are
+used instead.
+</P>
+<P>
+Separate functions are provided rather than using <b>pcre_malloc</b> and
+<b>pcre_free</b> because the usage is very predictable: the block sizes
+requested are always the same, and the blocks are always freed in reverse
+order. A calling program might be able to implement optimized functions that
+perform better than <b>malloc()</b> and <b>free()</b>. PCRE runs noticeably more
+slowly when built in this way. This option affects only the <b>pcre_exec()</b>
+function; it is not relevant for <b>pcre_dfa_exec()</b>.
+</P>
+<br><a name="SEC14" href="#TOC1">LIMITING PCRE RESOURCE USAGE</a><br>
+<P>
+Internally, PCRE has a function called <b>match()</b>, which it calls repeatedly
+(sometimes recursively) when matching a pattern with the <b>pcre_exec()</b>
+function. By controlling the maximum number of times this function may be
+called during a single matching operation, a limit can be placed on the
+resources used by a single call to <b>pcre_exec()</b>. The limit can be changed
+at run time, as described in the
+<a href="pcreapi.html"><b>pcreapi</b></a>
+documentation. The default is 10 million, but this can be changed by adding a
+setting such as
+<pre>
+  --with-match-limit=500000
+</pre>
+to the <b>configure</b> command. This setting has no effect on the
+<b>pcre_dfa_exec()</b> matching function.
+</P>
+<P>
+In some environments it is desirable to limit the depth of recursive calls of
+<b>match()</b> more strictly than the total number of calls, in order to
+restrict the maximum amount of stack (or heap, if --disable-stack-for-recursion
+is specified) that is used. A second limit controls this; it defaults to the
+value that is set for --with-match-limit, which imposes no additional
+constraints. However, you can set a lower limit by adding, for example,
+<pre>
+  --with-match-limit-recursion=10000
+</pre>
+to the <b>configure</b> command. This value can also be overridden at run time.
+</P>
+<br><a name="SEC15" href="#TOC1">CREATING CHARACTER TABLES AT BUILD TIME</a><br>
+<P>
+PCRE uses fixed tables for processing characters whose code values are less
+than 256. By default, PCRE is built with a set of tables that are distributed
+in the file <i>pcre_chartables.c.dist</i>. These tables are for ASCII codes
+only. If you add
+<pre>
+  --enable-rebuild-chartables
+</pre>
+to the <b>configure</b> command, the distributed tables are no longer used.
+Instead, a program called <b>dftables</b> is compiled and run. This outputs the
+source for new set of tables, created in the default locale of your C run-time
+system. (This method of replacing the tables does not work if you are cross
+compiling, because <b>dftables</b> is run on the local host. If you need to
+create alternative tables when cross compiling, you will have to do so "by
+hand".)
+</P>
+<br><a name="SEC16" href="#TOC1">USING EBCDIC CODE</a><br>
+<P>
+PCRE assumes by default that it will run in an environment where the character
+code is ASCII (or Unicode, which is a superset of ASCII). This is the case for
+most computer operating systems. PCRE can, however, be compiled to run in an
+EBCDIC environment by adding
+<pre>
+  --enable-ebcdic
+</pre>
+to the <b>configure</b> command. This setting implies
+--enable-rebuild-chartables. You should only use it if you know that you are in
+an EBCDIC environment (for example, an IBM mainframe operating system). The
+--enable-ebcdic option is incompatible with --enable-utf.
+</P>
+<P>
+The EBCDIC character that corresponds to an ASCII LF is assumed to have the
+value 0x15 by default. However, in some EBCDIC environments, 0x25 is used. In
+such an environment you should use
+<pre>
+  --enable-ebcdic-nl25
+</pre>
+as well as, or instead of, --enable-ebcdic. The EBCDIC character for CR has the
+same value as in ASCII, namely, 0x0d. Whichever of 0x15 and 0x25 is <i>not</i>
+chosen as LF is made to correspond to the Unicode NEL character (which, in
+Unicode, is 0x85).
+</P>
+<P>
+The options that select newline behaviour, such as --enable-newline-is-cr,
+and equivalent run-time options, refer to these character values in an EBCDIC
+environment.
+</P>
+<br><a name="SEC17" href="#TOC1">PCREGREP OPTIONS FOR COMPRESSED FILE SUPPORT</a><br>
+<P>
+By default, <b>pcregrep</b> reads all files as plain text. You can build it so
+that it recognizes files whose names end in <b>.gz</b> or <b>.bz2</b>, and reads
+them with <b>libz</b> or <b>libbz2</b>, respectively, by adding one or both of
+<pre>
+  --enable-pcregrep-libz
+  --enable-pcregrep-libbz2
+</pre>
+to the <b>configure</b> command. These options naturally require that the
+relevant libraries are installed on your system. Configuration will fail if
+they are not.
+</P>
+<br><a name="SEC18" href="#TOC1">PCREGREP BUFFER SIZE</a><br>
+<P>
+<b>pcregrep</b> uses an internal buffer to hold a "window" on the file it is
+scanning, in order to be able to output "before" and "after" lines when it
+finds a match. The size of the buffer is controlled by a parameter whose
+default value is 20K. The buffer itself is three times this size, but because
+of the way it is used for holding "before" lines, the longest line that is
+guaranteed to be processable is the parameter size. You can change the default
+parameter value by adding, for example,
+<pre>
+  --with-pcregrep-bufsize=50K
+</pre>
+to the <b>configure</b> command. The caller of \fPpcregrep\fP can, however,
+override this value by specifying a run-time option.
+</P>
+<br><a name="SEC19" href="#TOC1">PCRETEST OPTION FOR LIBREADLINE SUPPORT</a><br>
+<P>
+If you add
+<pre>
+  --enable-pcretest-libreadline
+</pre>
+to the <b>configure</b> command, <b>pcretest</b> is linked with the
+<b>libreadline</b> library, and when its input is from a terminal, it reads it
+using the <b>readline()</b> function. This provides line-editing and history
+facilities. Note that <b>libreadline</b> is GPL-licensed, so if you distribute a
+binary of <b>pcretest</b> linked in this way, there may be licensing issues.
+</P>
+<P>
+Setting this option causes the <b>-lreadline</b> option to be added to the
+<b>pcretest</b> build. In many operating environments with a sytem-installed
+<b>libreadline</b> this is sufficient. However, in some environments (e.g.
+if an unmodified distribution version of readline is in use), some extra
+configuration may be necessary. The INSTALL file for <b>libreadline</b> says
+this:
+<pre>
+  "Readline uses the termcap functions, but does not link with the
+  termcap or curses library itself, allowing applications which link
+  with readline the to choose an appropriate library."
+</pre>
+If your environment has not been set up so that an appropriate library is
+automatically included, you may need to add something like
+<pre>
+  LIBS="-ncurses"
+</pre>
+immediately before the <b>configure</b> command.
+</P>
+<br><a name="SEC20" href="#TOC1">DEBUGGING WITH VALGRIND SUPPORT</a><br>
+<P>
+By adding the
+<pre>
+  --enable-valgrind
+</pre>
+option to to the <b>configure</b> command, PCRE will use valgrind annotations
+to mark certain memory regions as unaddressable. This allows it to detect
+invalid memory accesses, and is mostly useful for debugging PCRE itself.
+</P>
+<br><a name="SEC21" href="#TOC1">CODE COVERAGE REPORTING</a><br>
+<P>
+If your C compiler is gcc, you can build a version of PCRE that can generate a
+code coverage report for its test suite. To enable this, you must install
+<b>lcov</b> version 1.6 or above. Then specify
+<pre>
+  --enable-coverage
+</pre>
+to the <b>configure</b> command and build PCRE in the usual way.
+</P>
+<P>
+Note that using <b>ccache</b> (a caching C compiler) is incompatible with code
+coverage reporting. If you have configured <b>ccache</b> to run automatically
+on your system, you must set the environment variable
+<pre>
+  CCACHE_DISABLE=1
+</pre>
+before running <b>make</b> to build PCRE, so that <b>ccache</b> is not used.
+</P>
+<P>
+When --enable-coverage is used, the following addition targets are added to the
+<i>Makefile</i>:
+<pre>
+  make coverage
+</pre>
+This creates a fresh coverage report for the PCRE test suite. It is equivalent
+to running "make coverage-reset", "make coverage-baseline", "make check", and
+then "make coverage-report".
+<pre>
+  make coverage-reset
+</pre>
+This zeroes the coverage counters, but does nothing else.
+<pre>
+  make coverage-baseline
+</pre>
+This captures baseline coverage information.
+<pre>
+  make coverage-report
+</pre>
+This creates the coverage report.
+<pre>
+  make coverage-clean-report
+</pre>
+This removes the generated coverage report without cleaning the coverage data
+itself.
+<pre>
+  make coverage-clean-data
+</pre>
+This removes the captured coverage data without removing the coverage files
+created at compile time (*.gcno).
+<pre>
+  make coverage-clean
+</pre>
+This cleans all coverage data including the generated coverage report. For more
+information about code coverage, see the <b>gcov</b> and <b>lcov</b>
+documentation.
+</P>
+<br><a name="SEC22" href="#TOC1">SEE ALSO</a><br>
+<P>
+<b>pcreapi</b>(3), <b>pcre16</b>, <b>pcre32</b>, <b>pcre_config</b>(3).
+</P>
+<br><a name="SEC23" href="#TOC1">AUTHOR</a><br>
+<P>
+Philip Hazel
+<br>
+University Computing Service
+<br>
+Cambridge CB2 3QH, England.
+<br>
+</P>
+<br><a name="SEC24" href="#TOC1">REVISION</a><br>
+<P>
+Last updated: 12 May 2013
+<br>
+Copyright &copy; 1997-2013 University of Cambridge.
+<br>
+<p>
+Return to the <a href="index.html">PCRE index page</a>.
+</p>
diff --git a/client/3rd/ShadowSocks/ShadowSocks/pcre/armv7/share/doc/pcre/html/pcrecallout.html b/client/3rd/ShadowSocks/ShadowSocks/pcre/armv7/share/doc/pcre/html/pcrecallout.html
new file mode 100644
index 00000000..53a937f5
--- /dev/null
+++ b/client/3rd/ShadowSocks/ShadowSocks/pcre/armv7/share/doc/pcre/html/pcrecallout.html
@@ -0,0 +1,286 @@
+<html>
+<head>
+<title>pcrecallout specification</title>
+</head>
+<body bgcolor="#FFFFFF" text="#00005A" link="#0066FF" alink="#3399FF" vlink="#2222BB">
+<h1>pcrecallout man page</h1>
+<p>
+Return to the <a href="index.html">PCRE index page</a>.
+</p>
+<p>
+This page is part of the PCRE HTML documentation. It was generated automatically
+from the original man page. If there is any nonsense in it, please consult the
+man page, in case the conversion went wrong.
+<br>
+<ul>
+<li><a name="TOC1" href="#SEC1">SYNOPSIS</a>
+<li><a name="TOC2" href="#SEC2">DESCRIPTION</a>
+<li><a name="TOC3" href="#SEC3">MISSING CALLOUTS</a>
+<li><a name="TOC4" href="#SEC4">THE CALLOUT INTERFACE</a>
+<li><a name="TOC5" href="#SEC5">RETURN VALUES</a>
+<li><a name="TOC6" href="#SEC6">AUTHOR</a>
+<li><a name="TOC7" href="#SEC7">REVISION</a>
+</ul>
+<br><a name="SEC1" href="#TOC1">SYNOPSIS</a><br>
+<P>
+<b>#include &#60;pcre.h&#62;</b>
+</P>
+<P>
+<b>int (*pcre_callout)(pcre_callout_block *);</b>
+</P>
+<P>
+<b>int (*pcre16_callout)(pcre16_callout_block *);</b>
+</P>
+<P>
+<b>int (*pcre32_callout)(pcre32_callout_block *);</b>
+</P>
+<br><a name="SEC2" href="#TOC1">DESCRIPTION</a><br>
+<P>
+PCRE provides a feature called "callout", which is a means of temporarily
+passing control to the caller of PCRE in the middle of pattern matching. The
+caller of PCRE provides an external function by putting its entry point in the
+global variable <i>pcre_callout</i> (<i>pcre16_callout</i> for the 16-bit
+library, <i>pcre32_callout</i> for the 32-bit library). By default, this
+variable contains NULL, which disables all calling out.
+</P>
+<P>
+Within a regular expression, (?C) indicates the points at which the external
+function is to be called. Different callout points can be identified by putting
+a number less than 256 after the letter C. The default value is zero.
+For example, this pattern has two callout points:
+<pre>
+  (?C1)abc(?C2)def
+</pre>
+If the PCRE_AUTO_CALLOUT option bit is set when a pattern is compiled, PCRE
+automatically inserts callouts, all with number 255, before each item in the
+pattern. For example, if PCRE_AUTO_CALLOUT is used with the pattern
+<pre>
+  A(\d{2}|--)
+</pre>
+it is processed as if it were
+<br>
+<br>
+(?C255)A(?C255)((?C255)\d{2}(?C255)|(?C255)-(?C255)-(?C255))(?C255)
+<br>
+<br>
+Notice that there is a callout before and after each parenthesis and
+alternation bar. If the pattern contains a conditional group whose condition is
+an assertion, an automatic callout is inserted immediately before the
+condition. Such a callout may also be inserted explicitly, for example:
+<pre>
+  (?(?C9)(?=a)ab|de)
+</pre>
+This applies only to assertion conditions (because they are themselves
+independent groups).
+</P>
+<P>
+Automatic callouts can be used for tracking the progress of pattern matching.
+The
+<a href="pcretest.html"><b>pcretest</b></a>
+program has a pattern qualifier (/C) that sets automatic callouts; when it is
+used, the output indicates how the pattern is being matched. This is useful
+information when you are trying to optimize the performance of a particular
+pattern.
+</P>
+<br><a name="SEC3" href="#TOC1">MISSING CALLOUTS</a><br>
+<P>
+You should be aware that, because of optimizations in the way PCRE compiles and
+matches patterns, callouts sometimes do not happen exactly as you might expect.
+</P>
+<P>
+At compile time, PCRE "auto-possessifies" repeated items when it knows that
+what follows cannot be part of the repeat. For example, a+[bc] is compiled as
+if it were a++[bc]. The <b>pcretest</b> output when this pattern is anchored and
+then applied with automatic callouts to the string "aaaa" is:
+<pre>
+  ---&#62;aaaa
+   +0 ^        ^
+   +1 ^        a+
+   +3 ^   ^    [bc]
+  No match
+</pre>
+This indicates that when matching [bc] fails, there is no backtracking into a+
+and therefore the callouts that would be taken for the backtracks do not occur.
+You can disable the auto-possessify feature by passing PCRE_NO_AUTO_POSSESS
+to <b>pcre_compile()</b>, or starting the pattern with (*NO_AUTO_POSSESS). If
+this is done in <b>pcretest</b> (using the /O qualifier), the output changes to
+this:
+<pre>
+  ---&#62;aaaa
+   +0 ^        ^
+   +1 ^        a+
+   +3 ^   ^    [bc]
+   +3 ^  ^     [bc]
+   +3 ^ ^      [bc]
+   +3 ^^       [bc]
+  No match
+</pre>
+This time, when matching [bc] fails, the matcher backtracks into a+ and tries
+again, repeatedly, until a+ itself fails.
+</P>
+<P>
+Other optimizations that provide fast "no match" results also affect callouts.
+For example, if the pattern is
+<pre>
+  ab(?C4)cd
+</pre>
+PCRE knows that any matching string must contain the letter "d". If the subject
+string is "abyz", the lack of "d" means that matching doesn't ever start, and
+the callout is never reached. However, with "abyd", though the result is still
+no match, the callout is obeyed.
+</P>
+<P>
+If the pattern is studied, PCRE knows the minimum length of a matching string,
+and will immediately give a "no match" return without actually running a match
+if the subject is not long enough, or, for unanchored patterns, if it has
+been scanned far enough.
+</P>
+<P>
+You can disable these optimizations by passing the PCRE_NO_START_OPTIMIZE
+option to the matching function, or by starting the pattern with
+(*NO_START_OPT). This slows down the matching process, but does ensure that
+callouts such as the example above are obeyed.
+</P>
+<br><a name="SEC4" href="#TOC1">THE CALLOUT INTERFACE</a><br>
+<P>
+During matching, when PCRE reaches a callout point, the external function
+defined by <i>pcre_callout</i> or <i>pcre[16|32]_callout</i> is called (if it is
+set). This applies to both normal and DFA matching. The only argument to the
+callout function is a pointer to a <b>pcre_callout</b> or
+<b>pcre[16|32]_callout</b> block. These structures contains the following
+fields:
+<pre>
+  int           <i>version</i>;
+  int           <i>callout_number</i>;
+  int          *<i>offset_vector</i>;
+  const char   *<i>subject</i>;           (8-bit version)
+  PCRE_SPTR16   <i>subject</i>;           (16-bit version)
+  PCRE_SPTR32   <i>subject</i>;           (32-bit version)
+  int           <i>subject_length</i>;
+  int           <i>start_match</i>;
+  int           <i>current_position</i>;
+  int           <i>capture_top</i>;
+  int           <i>capture_last</i>;
+  void         *<i>callout_data</i>;
+  int           <i>pattern_position</i>;
+  int           <i>next_item_length</i>;
+  const unsigned char *<i>mark</i>;       (8-bit version)
+  const PCRE_UCHAR16  *<i>mark</i>;       (16-bit version)
+  const PCRE_UCHAR32  *<i>mark</i>;       (32-bit version)
+</pre>
+The <i>version</i> field is an integer containing the version number of the
+block format. The initial version was 0; the current version is 2. The version
+number will change again in future if additional fields are added, but the
+intention is never to remove any of the existing fields.
+</P>
+<P>
+The <i>callout_number</i> field contains the number of the callout, as compiled
+into the pattern (that is, the number after ?C for manual callouts, and 255 for
+automatically generated callouts).
+</P>
+<P>
+The <i>offset_vector</i> field is a pointer to the vector of offsets that was
+passed by the caller to the matching function. When <b>pcre_exec()</b> or
+<b>pcre[16|32]_exec()</b> is used, the contents can be inspected, in order to
+extract substrings that have been matched so far, in the same way as for
+extracting substrings after a match has completed. For the DFA matching
+functions, this field is not useful.
+</P>
+<P>
+The <i>subject</i> and <i>subject_length</i> fields contain copies of the values
+that were passed to the matching function.
+</P>
+<P>
+The <i>start_match</i> field normally contains the offset within the subject at
+which the current match attempt started. However, if the escape sequence \K
+has been encountered, this value is changed to reflect the modified starting
+point. If the pattern is not anchored, the callout function may be called
+several times from the same point in the pattern for different starting points
+in the subject.
+</P>
+<P>
+The <i>current_position</i> field contains the offset within the subject of the
+current match pointer.
+</P>
+<P>
+When the <b>pcre_exec()</b> or <b>pcre[16|32]_exec()</b> is used, the
+<i>capture_top</i> field contains one more than the number of the highest
+numbered captured substring so far. If no substrings have been captured, the
+value of <i>capture_top</i> is one. This is always the case when the DFA
+functions are used, because they do not support captured substrings.
+</P>
+<P>
+The <i>capture_last</i> field contains the number of the most recently captured
+substring. However, when a recursion exits, the value reverts to what it was
+outside the recursion, as do the values of all captured substrings. If no
+substrings have been captured, the value of <i>capture_last</i> is -1. This is
+always the case for the DFA matching functions.
+</P>
+<P>
+The <i>callout_data</i> field contains a value that is passed to a matching
+function specifically so that it can be passed back in callouts. It is passed
+in the <i>callout_data</i> field of a <b>pcre_extra</b> or <b>pcre[16|32]_extra</b>
+data structure. If no such data was passed, the value of <i>callout_data</i> in
+a callout block is NULL. There is a description of the <b>pcre_extra</b>
+structure in the
+<a href="pcreapi.html"><b>pcreapi</b></a>
+documentation.
+</P>
+<P>
+The <i>pattern_position</i> field is present from version 1 of the callout
+structure. It contains the offset to the next item to be matched in the pattern
+string.
+</P>
+<P>
+The <i>next_item_length</i> field is present from version 1 of the callout
+structure. It contains the length of the next item to be matched in the pattern
+string. When the callout immediately precedes an alternation bar, a closing
+parenthesis, or the end of the pattern, the length is zero. When the callout
+precedes an opening parenthesis, the length is that of the entire subpattern.
+</P>
+<P>
+The <i>pattern_position</i> and <i>next_item_length</i> fields are intended to
+help in distinguishing between different automatic callouts, which all have the
+same callout number. However, they are set for all callouts.
+</P>
+<P>
+The <i>mark</i> field is present from version 2 of the callout structure. In
+callouts from <b>pcre_exec()</b> or <b>pcre[16|32]_exec()</b> it contains a
+pointer to the zero-terminated name of the most recently passed (*MARK),
+(*PRUNE), or (*THEN) item in the match, or NULL if no such items have been
+passed. Instances of (*PRUNE) or (*THEN) without a name do not obliterate a
+previous (*MARK). In callouts from the DFA matching functions this field always
+contains NULL.
+</P>
+<br><a name="SEC5" href="#TOC1">RETURN VALUES</a><br>
+<P>
+The external callout function returns an integer to PCRE. If the value is zero,
+matching proceeds as normal. If the value is greater than zero, matching fails
+at the current point, but the testing of other matching possibilities goes
+ahead, just as if a lookahead assertion had failed. If the value is less than
+zero, the match is abandoned, the matching function returns the negative value.
+</P>
+<P>
+Negative values should normally be chosen from the set of PCRE_ERROR_xxx
+values. In particular, PCRE_ERROR_NOMATCH forces a standard "no match" failure.
+The error number PCRE_ERROR_CALLOUT is reserved for use by callout functions;
+it will never be used by PCRE itself.
+</P>
+<br><a name="SEC6" href="#TOC1">AUTHOR</a><br>
+<P>
+Philip Hazel
+<br>
+University Computing Service
+<br>
+Cambridge CB2 3QH, England.
+<br>
+</P>
+<br><a name="SEC7" href="#TOC1">REVISION</a><br>
+<P>
+Last updated: 12 November 2013
+<br>
+Copyright &copy; 1997-2013 University of Cambridge.
+<br>
+<p>
+Return to the <a href="index.html">PCRE index page</a>.
+</p>
diff --git a/client/3rd/ShadowSocks/ShadowSocks/pcre/armv7/share/doc/pcre/html/pcrecompat.html b/client/3rd/ShadowSocks/ShadowSocks/pcre/armv7/share/doc/pcre/html/pcrecompat.html
new file mode 100644
index 00000000..d95570ef
--- /dev/null
+++ b/client/3rd/ShadowSocks/ShadowSocks/pcre/armv7/share/doc/pcre/html/pcrecompat.html
@@ -0,0 +1,235 @@
+<html>
+<head>
+<title>pcrecompat specification</title>
+</head>
+<body bgcolor="#FFFFFF" text="#00005A" link="#0066FF" alink="#3399FF" vlink="#2222BB">
+<h1>pcrecompat man page</h1>
+<p>
+Return to the <a href="index.html">PCRE index page</a>.
+</p>
+<p>
+This page is part of the PCRE HTML documentation. It was generated automatically
+from the original man page. If there is any nonsense in it, please consult the
+man page, in case the conversion went wrong.
+<br>
+<br><b>
+DIFFERENCES BETWEEN PCRE AND PERL
+</b><br>
+<P>
+This document describes the differences in the ways that PCRE and Perl handle
+regular expressions. The differences described here are with respect to Perl
+versions 5.10 and above.
+</P>
+<P>
+1. PCRE has only a subset of Perl's Unicode support. Details of what it does
+have are given in the
+<a href="pcreunicode.html"><b>pcreunicode</b></a>
+page.
+</P>
+<P>
+2. PCRE allows repeat quantifiers only on parenthesized assertions, but they do
+not mean what you might think. For example, (?!a){3} does not assert that the
+next three characters are not "a". It just asserts that the next character is
+not "a" three times (in principle: PCRE optimizes this to run the assertion
+just once). Perl allows repeat quantifiers on other assertions such as \b, but
+these do not seem to have any use.
+</P>
+<P>
+3. Capturing subpatterns that occur inside negative lookahead assertions are
+counted, but their entries in the offsets vector are never set. Perl sometimes
+(but not always) sets its numerical variables from inside negative assertions.
+</P>
+<P>
+4. Though binary zero characters are supported in the subject string, they are
+not allowed in a pattern string because it is passed as a normal C string,
+terminated by zero. The escape sequence \0 can be used in the pattern to
+represent a binary zero.
+</P>
+<P>
+5. The following Perl escape sequences are not supported: \l, \u, \L,
+\U, and \N when followed by a character name or Unicode value. (\N on its
+own, matching a non-newline character, is supported.) In fact these are
+implemented by Perl's general string-handling and are not part of its pattern
+matching engine. If any of these are encountered by PCRE, an error is
+generated by default. However, if the PCRE_JAVASCRIPT_COMPAT option is set,
+\U and \u are interpreted as JavaScript interprets them.
+</P>
+<P>
+6. The Perl escape sequences \p, \P, and \X are supported only if PCRE is
+built with Unicode character property support. The properties that can be
+tested with \p and \P are limited to the general category properties such as
+Lu and Nd, script names such as Greek or Han, and the derived properties Any
+and L&. PCRE does support the Cs (surrogate) property, which Perl does not; the
+Perl documentation says "Because Perl hides the need for the user to understand
+the internal representation of Unicode characters, there is no need to
+implement the somewhat messy concept of surrogates."
+</P>
+<P>
+7. PCRE does support the \Q...\E escape for quoting substrings. Characters in
+between are treated as literals. This is slightly different from Perl in that $
+and @ are also handled as literals inside the quotes. In Perl, they cause
+variable interpolation (but of course PCRE does not have variables). Note the
+following examples:
+<pre>
+    Pattern            PCRE matches      Perl matches
+
+    \Qabc$xyz\E        abc$xyz           abc followed by the contents of $xyz
+    \Qabc\$xyz\E       abc\$xyz          abc\$xyz
+    \Qabc\E\$\Qxyz\E   abc$xyz           abc$xyz
+</pre>
+The \Q...\E sequence is recognized both inside and outside character classes.
+</P>
+<P>
+8. Fairly obviously, PCRE does not support the (?{code}) and (??{code})
+constructions. However, there is support for recursive patterns. This is not
+available in Perl 5.8, but it is in Perl 5.10. Also, the PCRE "callout"
+feature allows an external function to be called during pattern matching. See
+the
+<a href="pcrecallout.html"><b>pcrecallout</b></a>
+documentation for details.
+</P>
+<P>
+9. Subpatterns that are called as subroutines (whether or not recursively) are
+always treated as atomic groups in PCRE. This is like Python, but unlike Perl.
+Captured values that are set outside a subroutine call can be reference from
+inside in PCRE, but not in Perl. There is a discussion that explains these
+differences in more detail in the
+<a href="pcrepattern.html#recursiondifference">section on recursion differences from Perl</a>
+in the
+<a href="pcrepattern.html"><b>pcrepattern</b></a>
+page.
+</P>
+<P>
+10. If any of the backtracking control verbs are used in a subpattern that is
+called as a subroutine (whether or not recursively), their effect is confined
+to that subpattern; it does not extend to the surrounding pattern. This is not
+always the case in Perl. In particular, if (*THEN) is present in a group that
+is called as a subroutine, its action is limited to that group, even if the
+group does not contain any | characters. Note that such subpatterns are
+processed as anchored at the point where they are tested.
+</P>
+<P>
+11. If a pattern contains more than one backtracking control verb, the first
+one that is backtracked onto acts. For example, in the pattern
+A(*COMMIT)B(*PRUNE)C a failure in B triggers (*COMMIT), but a failure in C
+triggers (*PRUNE). Perl's behaviour is more complex; in many cases it is the
+same as PCRE, but there are examples where it differs.
+</P>
+<P>
+12. Most backtracking verbs in assertions have their normal actions. They are
+not confined to the assertion.
+</P>
+<P>
+13. There are some differences that are concerned with the settings of captured
+strings when part of a pattern is repeated. For example, matching "aba" against
+the pattern /^(a(b)?)+$/ in Perl leaves $2 unset, but in PCRE it is set to "b".
+</P>
+<P>
+14. PCRE's handling of duplicate subpattern numbers and duplicate subpattern
+names is not as general as Perl's. This is a consequence of the fact the PCRE
+works internally just with numbers, using an external table to translate
+between numbers and names. In particular, a pattern such as (?|(?&#60;a&#62;A)|(?&#60;b&#62;B),
+where the two capturing parentheses have the same number but different names,
+is not supported, and causes an error at compile time. If it were allowed, it
+would not be possible to distinguish which parentheses matched, because both
+names map to capturing subpattern number 1. To avoid this confusing situation,
+an error is given at compile time.
+</P>
+<P>
+15. Perl recognizes comments in some places that PCRE does not, for example,
+between the ( and ? at the start of a subpattern. If the /x modifier is set,
+Perl allows white space between ( and ? (though current Perls warn that this is
+deprecated) but PCRE never does, even if the PCRE_EXTENDED option is set.
+</P>
+<P>
+16. Perl, when in warning mode, gives warnings for character classes such as
+[A-\d] or [a-[:digit:]]. It then treats the hyphens as literals. PCRE has no
+warning features, so it gives an error in these cases because they are almost
+certainly user mistakes.
+</P>
+<P>
+17. In PCRE, the upper/lower case character properties Lu and Ll are not
+affected when case-independent matching is specified. For example, \p{Lu}
+always matches an upper case letter. I think Perl has changed in this respect;
+in the release at the time of writing (5.16), \p{Lu} and \p{Ll} match all
+letters, regardless of case, when case independence is specified.
+</P>
+<P>
+18. PCRE provides some extensions to the Perl regular expression facilities.
+Perl 5.10 includes new features that are not in earlier versions of Perl, some
+of which (such as named parentheses) have been in PCRE for some time. This list
+is with respect to Perl 5.10:
+<br>
+<br>
+(a) Although lookbehind assertions in PCRE must match fixed length strings,
+each alternative branch of a lookbehind assertion can match a different length
+of string. Perl requires them all to have the same length.
+<br>
+<br>
+(b) If PCRE_DOLLAR_ENDONLY is set and PCRE_MULTILINE is not set, the $
+meta-character matches only at the very end of the string.
+<br>
+<br>
+(c) If PCRE_EXTRA is set, a backslash followed by a letter with no special
+meaning is faulted. Otherwise, like Perl, the backslash is quietly ignored.
+(Perl can be made to issue a warning.)
+<br>
+<br>
+(d) If PCRE_UNGREEDY is set, the greediness of the repetition quantifiers is
+inverted, that is, by default they are not greedy, but if followed by a
+question mark they are.
+<br>
+<br>
+(e) PCRE_ANCHORED can be used at matching time to force a pattern to be tried
+only at the first matching position in the subject string.
+<br>
+<br>
+(f) The PCRE_NOTBOL, PCRE_NOTEOL, PCRE_NOTEMPTY, PCRE_NOTEMPTY_ATSTART, and
+PCRE_NO_AUTO_CAPTURE options for <b>pcre_exec()</b> have no Perl equivalents.
+<br>
+<br>
+(g) The \R escape sequence can be restricted to match only CR, LF, or CRLF
+by the PCRE_BSR_ANYCRLF option.
+<br>
+<br>
+(h) The callout facility is PCRE-specific.
+<br>
+<br>
+(i) The partial matching facility is PCRE-specific.
+<br>
+<br>
+(j) Patterns compiled by PCRE can be saved and re-used at a later time, even on
+different hosts that have the other endianness. However, this does not apply to
+optimized data created by the just-in-time compiler.
+<br>
+<br>
+(k) The alternative matching functions (<b>pcre_dfa_exec()</b>,
+<b>pcre16_dfa_exec()</b> and <b>pcre32_dfa_exec()</b>,) match in a different way
+and are not Perl-compatible.
+<br>
+<br>
+(l) PCRE recognizes some special sequences such as (*CR) at the start of
+a pattern that set overall options that cannot be changed within the pattern.
+</P>
+<br><b>
+AUTHOR
+</b><br>
+<P>
+Philip Hazel
+<br>
+University Computing Service
+<br>
+Cambridge CB2 3QH, England.
+<br>
+</P>
+<br><b>
+REVISION
+</b><br>
+<P>
+Last updated: 10 November 2013
+<br>
+Copyright &copy; 1997-2013 University of Cambridge.
+<br>
+<p>
+Return to the <a href="index.html">PCRE index page</a>.
+</p>
diff --git a/client/3rd/ShadowSocks/ShadowSocks/pcre/armv7/share/doc/pcre/html/pcrecpp.html b/client/3rd/ShadowSocks/ShadowSocks/pcre/armv7/share/doc/pcre/html/pcrecpp.html
new file mode 100644
index 00000000..b7eac3a3
--- /dev/null
+++ b/client/3rd/ShadowSocks/ShadowSocks/pcre/armv7/share/doc/pcre/html/pcrecpp.html
@@ -0,0 +1,368 @@
+<html>
+<head>
+<title>pcrecpp specification</title>
+</head>
+<body bgcolor="#FFFFFF" text="#00005A" link="#0066FF" alink="#3399FF" vlink="#2222BB">
+<h1>pcrecpp man page</h1>
+<p>
+Return to the <a href="index.html">PCRE index page</a>.
+</p>
+<p>
+This page is part of the PCRE HTML documentation. It was generated automatically
+from the original man page. If there is any nonsense in it, please consult the
+man page, in case the conversion went wrong.
+<br>
+<ul>
+<li><a name="TOC1" href="#SEC1">SYNOPSIS OF C++ WRAPPER</a>
+<li><a name="TOC2" href="#SEC2">DESCRIPTION</a>
+<li><a name="TOC3" href="#SEC3">MATCHING INTERFACE</a>
+<li><a name="TOC4" href="#SEC4">QUOTING METACHARACTERS</a>
+<li><a name="TOC5" href="#SEC5">PARTIAL MATCHES</a>
+<li><a name="TOC6" href="#SEC6">UTF-8 AND THE MATCHING INTERFACE</a>
+<li><a name="TOC7" href="#SEC7">PASSING MODIFIERS TO THE REGULAR EXPRESSION ENGINE</a>
+<li><a name="TOC8" href="#SEC8">SCANNING TEXT INCREMENTALLY</a>
+<li><a name="TOC9" href="#SEC9">PARSING HEX/OCTAL/C-RADIX NUMBERS</a>
+<li><a name="TOC10" href="#SEC10">REPLACING PARTS OF STRINGS</a>
+<li><a name="TOC11" href="#SEC11">AUTHOR</a>
+<li><a name="TOC12" href="#SEC12">REVISION</a>
+</ul>
+<br><a name="SEC1" href="#TOC1">SYNOPSIS OF C++ WRAPPER</a><br>
+<P>
+<b>#include &#60;pcrecpp.h&#62;</b>
+</P>
+<br><a name="SEC2" href="#TOC1">DESCRIPTION</a><br>
+<P>
+The C++ wrapper for PCRE was provided by Google Inc. Some additional
+functionality was added by Giuseppe Maxia. This brief man page was constructed
+from the notes in the <i>pcrecpp.h</i> file, which should be consulted for
+further details. Note that the C++ wrapper supports only the original 8-bit
+PCRE library. There is no 16-bit or 32-bit support at present.
+</P>
+<br><a name="SEC3" href="#TOC1">MATCHING INTERFACE</a><br>
+<P>
+The "FullMatch" operation checks that supplied text matches a supplied pattern
+exactly. If pointer arguments are supplied, it copies matched sub-strings that
+match sub-patterns into them.
+<pre>
+  Example: successful match
+     pcrecpp::RE re("h.*o");
+     re.FullMatch("hello");
+
+  Example: unsuccessful match (requires full match):
+     pcrecpp::RE re("e");
+     !re.FullMatch("hello");
+
+  Example: creating a temporary RE object:
+     pcrecpp::RE("h.*o").FullMatch("hello");
+</pre>
+You can pass in a "const char*" or a "string" for "text". The examples below
+tend to use a const char*. You can, as in the different examples above, store
+the RE object explicitly in a variable or use a temporary RE object. The
+examples below use one mode or the other arbitrarily. Either could correctly be
+used for any of these examples.
+</P>
+<P>
+You must supply extra pointer arguments to extract matched subpieces.
+<pre>
+  Example: extracts "ruby" into "s" and 1234 into "i"
+     int i;
+     string s;
+     pcrecpp::RE re("(\\w+):(\\d+)");
+     re.FullMatch("ruby:1234", &s, &i);
+
+  Example: does not try to extract any extra sub-patterns
+     re.FullMatch("ruby:1234", &s);
+
+  Example: does not try to extract into NULL
+     re.FullMatch("ruby:1234", NULL, &i);
+
+  Example: integer overflow causes failure
+     !re.FullMatch("ruby:1234567891234", NULL, &i);
+
+  Example: fails because there aren't enough sub-patterns:
+     !pcrecpp::RE("\\w+:\\d+").FullMatch("ruby:1234", &s);
+
+  Example: fails because string cannot be stored in integer
+     !pcrecpp::RE("(.*)").FullMatch("ruby", &i);
+</pre>
+The provided pointer arguments can be pointers to any scalar numeric
+type, or one of:
+<pre>
+   string        (matched piece is copied to string)
+   StringPiece   (StringPiece is mutated to point to matched piece)
+   T             (where "bool T::ParseFrom(const char*, int)" exists)
+   NULL          (the corresponding matched sub-pattern is not copied)
+</pre>
+The function returns true iff all of the following conditions are satisfied:
+<pre>
+  a. "text" matches "pattern" exactly;
+
+  b. The number of matched sub-patterns is &#62;= number of supplied
+     pointers;
+
+  c. The "i"th argument has a suitable type for holding the
+     string captured as the "i"th sub-pattern. If you pass in
+     void * NULL for the "i"th argument, or a non-void * NULL
+     of the correct type, or pass fewer arguments than the
+     number of sub-patterns, "i"th captured sub-pattern is
+     ignored.
+</pre>
+CAVEAT: An optional sub-pattern that does not exist in the matched
+string is assigned the empty string. Therefore, the following will
+return false (because the empty string is not a valid number):
+<pre>
+   int number;
+   pcrecpp::RE::FullMatch("abc", "[a-z]+(\\d+)?", &number);
+</pre>
+The matching interface supports at most 16 arguments per call.
+If you need more, consider using the more general interface
+<b>pcrecpp::RE::DoMatch</b>. See <b>pcrecpp.h</b> for the signature for
+<b>DoMatch</b>.
+</P>
+<P>
+NOTE: Do not use <b>no_arg</b>, which is used internally to mark the end of a
+list of optional arguments, as a placeholder for missing arguments, as this can
+lead to segfaults.
+</P>
+<br><a name="SEC4" href="#TOC1">QUOTING METACHARACTERS</a><br>
+<P>
+You can use the "QuoteMeta" operation to insert backslashes before all
+potentially meaningful characters in a string. The returned string, used as a
+regular expression, will exactly match the original string.
+<pre>
+  Example:
+     string quoted = RE::QuoteMeta(unquoted);
+</pre>
+Note that it's legal to escape a character even if it has no special meaning in
+a regular expression -- so this function does that. (This also makes it
+identical to the perl function of the same name; see "perldoc -f quotemeta".)
+For example, "1.5-2.0?" becomes "1\.5\-2\.0\?".
+</P>
+<br><a name="SEC5" href="#TOC1">PARTIAL MATCHES</a><br>
+<P>
+You can use the "PartialMatch" operation when you want the pattern
+to match any substring of the text.
+<pre>
+  Example: simple search for a string:
+     pcrecpp::RE("ell").PartialMatch("hello");
+
+  Example: find first number in a string:
+     int number;
+     pcrecpp::RE re("(\\d+)");
+     re.PartialMatch("x*100 + 20", &number);
+     assert(number == 100);
+</PRE>
+</P>
+<br><a name="SEC6" href="#TOC1">UTF-8 AND THE MATCHING INTERFACE</a><br>
+<P>
+By default, pattern and text are plain text, one byte per character. The UTF8
+flag, passed to the constructor, causes both pattern and string to be treated
+as UTF-8 text, still a byte stream but potentially multiple bytes per
+character. In practice, the text is likelier to be UTF-8 than the pattern, but
+the match returned may depend on the UTF8 flag, so always use it when matching
+UTF8 text. For example, "." will match one byte normally but with UTF8 set may
+match up to three bytes of a multi-byte character.
+<pre>
+  Example:
+     pcrecpp::RE_Options options;
+     options.set_utf8();
+     pcrecpp::RE re(utf8_pattern, options);
+     re.FullMatch(utf8_string);
+
+  Example: using the convenience function UTF8():
+     pcrecpp::RE re(utf8_pattern, pcrecpp::UTF8());
+     re.FullMatch(utf8_string);
+</pre>
+NOTE: The UTF8 flag is ignored if pcre was not configured with the
+<pre>
+      --enable-utf8 flag.
+</PRE>
+</P>
+<br><a name="SEC7" href="#TOC1">PASSING MODIFIERS TO THE REGULAR EXPRESSION ENGINE</a><br>
+<P>
+PCRE defines some modifiers to change the behavior of the regular expression
+engine. The C++ wrapper defines an auxiliary class, RE_Options, as a vehicle to
+pass such modifiers to a RE class. Currently, the following modifiers are
+supported:
+<pre>
+   modifier              description               Perl corresponding
+
+   PCRE_CASELESS         case insensitive match      /i
+   PCRE_MULTILINE        multiple lines match        /m
+   PCRE_DOTALL           dot matches newlines        /s
+   PCRE_DOLLAR_ENDONLY   $ matches only at end       N/A
+   PCRE_EXTRA            strict escape parsing       N/A
+   PCRE_EXTENDED         ignore white spaces         /x
+   PCRE_UTF8             handles UTF8 chars          built-in
+   PCRE_UNGREEDY         reverses * and *?           N/A
+   PCRE_NO_AUTO_CAPTURE  disables capturing parens   N/A (*)
+</pre>
+(*) Both Perl and PCRE allow non capturing parentheses by means of the
+"?:" modifier within the pattern itself. e.g. (?:ab|cd) does not
+capture, while (ab|cd) does.
+</P>
+<P>
+For a full account on how each modifier works, please check the
+PCRE API reference page.
+</P>
+<P>
+For each modifier, there are two member functions whose name is made
+out of the modifier in lowercase, without the "PCRE_" prefix. For
+instance, PCRE_CASELESS is handled by
+<pre>
+  bool caseless()
+</pre>
+which returns true if the modifier is set, and
+<pre>
+  RE_Options & set_caseless(bool)
+</pre>
+which sets or unsets the modifier. Moreover, PCRE_EXTRA_MATCH_LIMIT can be
+accessed through the <b>set_match_limit()</b> and <b>match_limit()</b> member
+functions. Setting <i>match_limit</i> to a non-zero value will limit the
+execution of pcre to keep it from doing bad things like blowing the stack or
+taking an eternity to return a result. A value of 5000 is good enough to stop
+stack blowup in a 2MB thread stack. Setting <i>match_limit</i> to zero disables
+match limiting. Alternatively, you can call <b>match_limit_recursion()</b>
+which uses PCRE_EXTRA_MATCH_LIMIT_RECURSION to limit how much PCRE
+recurses. <b>match_limit()</b> limits the number of matches PCRE does;
+<b>match_limit_recursion()</b> limits the depth of internal recursion, and
+therefore the amount of stack that is used.
+</P>
+<P>
+Normally, to pass one or more modifiers to a RE class, you declare
+a <i>RE_Options</i> object, set the appropriate options, and pass this
+object to a RE constructor. Example:
+<pre>
+   RE_Options opt;
+   opt.set_caseless(true);
+   if (RE("HELLO", opt).PartialMatch("hello world")) ...
+</pre>
+RE_options has two constructors. The default constructor takes no arguments and
+creates a set of flags that are off by default. The optional parameter
+<i>option_flags</i> is to facilitate transfer of legacy code from C programs.
+This lets you do
+<pre>
+   RE(pattern,
+     RE_Options(PCRE_CASELESS|PCRE_MULTILINE)).PartialMatch(str);
+</pre>
+However, new code is better off doing
+<pre>
+   RE(pattern,
+     RE_Options().set_caseless(true).set_multiline(true))
+       .PartialMatch(str);
+</pre>
+If you are going to pass one of the most used modifiers, there are some
+convenience functions that return a RE_Options class with the
+appropriate modifier already set: <b>CASELESS()</b>, <b>UTF8()</b>,
+<b>MULTILINE()</b>, <b>DOTALL</b>(), and <b>EXTENDED()</b>.
+</P>
+<P>
+If you need to set several options at once, and you don't want to go through
+the pains of declaring a RE_Options object and setting several options, there
+is a parallel method that give you such ability on the fly. You can concatenate
+several <b>set_xxxxx()</b> member functions, since each of them returns a
+reference to its class object. For example, to pass PCRE_CASELESS,
+PCRE_EXTENDED, and PCRE_MULTILINE to a RE with one statement, you may write:
+<pre>
+   RE(" ^ xyz \\s+ .* blah$",
+     RE_Options()
+       .set_caseless(true)
+       .set_extended(true)
+       .set_multiline(true)).PartialMatch(sometext);
+
+</PRE>
+</P>
+<br><a name="SEC8" href="#TOC1">SCANNING TEXT INCREMENTALLY</a><br>
+<P>
+The "Consume" operation may be useful if you want to repeatedly
+match regular expressions at the front of a string and skip over
+them as they match. This requires use of the "StringPiece" type,
+which represents a sub-range of a real string. Like RE, StringPiece
+is defined in the pcrecpp namespace.
+<pre>
+  Example: read lines of the form "var = value" from a string.
+     string contents = ...;                 // Fill string somehow
+     pcrecpp::StringPiece input(contents);  // Wrap in a StringPiece
+
+     string var;
+     int value;
+     pcrecpp::RE re("(\\w+) = (\\d+)\n");
+     while (re.Consume(&input, &var, &value)) {
+       ...;
+     }
+</pre>
+Each successful call to "Consume" will set "var/value", and also
+advance "input" so it points past the matched text.
+</P>
+<P>
+The "FindAndConsume" operation is similar to "Consume" but does not
+anchor your match at the beginning of the string. For example, you
+could extract all words from a string by repeatedly calling
+<pre>
+  pcrecpp::RE("(\\w+)").FindAndConsume(&input, &word)
+</PRE>
+</P>
+<br><a name="SEC9" href="#TOC1">PARSING HEX/OCTAL/C-RADIX NUMBERS</a><br>
+<P>
+By default, if you pass a pointer to a numeric value, the
+corresponding text is interpreted as a base-10 number. You can
+instead wrap the pointer with a call to one of the operators Hex(),
+Octal(), or CRadix() to interpret the text in another base. The
+CRadix operator interprets C-style "0" (base-8) and "0x" (base-16)
+prefixes, but defaults to base-10.
+<pre>
+  Example:
+    int a, b, c, d;
+    pcrecpp::RE re("(.*) (.*) (.*) (.*)");
+    re.FullMatch("100 40 0100 0x40",
+                 pcrecpp::Octal(&a), pcrecpp::Hex(&b),
+                 pcrecpp::CRadix(&c), pcrecpp::CRadix(&d));
+</pre>
+will leave 64 in a, b, c, and d.
+</P>
+<br><a name="SEC10" href="#TOC1">REPLACING PARTS OF STRINGS</a><br>
+<P>
+You can replace the first match of "pattern" in "str" with "rewrite".
+Within "rewrite", backslash-escaped digits (\1 to \9) can be
+used to insert text matching corresponding parenthesized group
+from the pattern. \0 in "rewrite" refers to the entire matching
+text. For example:
+<pre>
+  string s = "yabba dabba doo";
+  pcrecpp::RE("b+").Replace("d", &s);
+</pre>
+will leave "s" containing "yada dabba doo". The result is true if the pattern
+matches and a replacement occurs, false otherwise.
+</P>
+<P>
+<b>GlobalReplace</b> is like <b>Replace</b> except that it replaces all
+occurrences of the pattern in the string with the rewrite. Replacements are
+not subject to re-matching. For example:
+<pre>
+  string s = "yabba dabba doo";
+  pcrecpp::RE("b+").GlobalReplace("d", &s);
+</pre>
+will leave "s" containing "yada dada doo". It returns the number of
+replacements made.
+</P>
+<P>
+<b>Extract</b> is like <b>Replace</b>, except that if the pattern matches,
+"rewrite" is copied into "out" (an additional argument) with substitutions.
+The non-matching portions of "text" are ignored. Returns true iff a match
+occurred and the extraction happened successfully;  if no match occurs, the
+string is left unaffected.
+</P>
+<br><a name="SEC11" href="#TOC1">AUTHOR</a><br>
+<P>
+The C++ wrapper was contributed by Google Inc.
+<br>
+Copyright &copy; 2007 Google Inc.
+<br>
+</P>
+<br><a name="SEC12" href="#TOC1">REVISION</a><br>
+<P>
+Last updated: 08 January 2012
+<br>
+<p>
+Return to the <a href="index.html">PCRE index page</a>.
+</p>
diff --git a/client/3rd/ShadowSocks/ShadowSocks/pcre/armv7/share/doc/pcre/html/pcredemo.html b/client/3rd/ShadowSocks/ShadowSocks/pcre/armv7/share/doc/pcre/html/pcredemo.html
new file mode 100644
index 00000000..894a9308
--- /dev/null
+++ b/client/3rd/ShadowSocks/ShadowSocks/pcre/armv7/share/doc/pcre/html/pcredemo.html
@@ -0,0 +1,426 @@
+<html>
+<head>
+<title>pcredemo specification</title>
+</head>
+<body bgcolor="#FFFFFF" text="#00005A" link="#0066FF" alink="#3399FF" vlink="#2222BB">
+<h1>pcredemo man page</h1>
+<p>
+Return to the <a href="index.html">PCRE index page</a>.
+</p>
+<p>
+This page is part of the PCRE HTML documentation. It was generated automatically
+from the original man page. If there is any nonsense in it, please consult the
+man page, in case the conversion went wrong.
+<br>
+<ul>
+</ul>
+<PRE>
+/*************************************************
+*           PCRE DEMONSTRATION PROGRAM           *
+*************************************************/
+
+/* This is a demonstration program to illustrate the most straightforward ways
+of calling the PCRE regular expression library from a C program. See the
+pcresample documentation for a short discussion ("man pcresample" if you have
+the PCRE man pages installed).
+
+In Unix-like environments, if PCRE is installed in your standard system
+libraries, you should be able to compile this program using this command:
+
+gcc -Wall pcredemo.c -lpcre -o pcredemo
+
+If PCRE is not installed in a standard place, it is likely to be installed with
+support for the pkg-config mechanism. If you have pkg-config, you can compile
+this program using this command:
+
+gcc -Wall pcredemo.c `pkg-config --cflags --libs libpcre` -o pcredemo
+
+If you do not have pkg-config, you may have to use this:
+
+gcc -Wall pcredemo.c -I/usr/local/include -L/usr/local/lib \
+  -R/usr/local/lib -lpcre -o pcredemo
+
+Replace "/usr/local/include" and "/usr/local/lib" with wherever the include and
+library files for PCRE are installed on your system. Only some operating
+systems (e.g. Solaris) use the -R option.
+
+Building under Windows:
+
+If you want to statically link this program against a non-dll .a file, you must
+define PCRE_STATIC before including pcre.h, otherwise the pcre_malloc() and
+pcre_free() exported functions will be declared __declspec(dllimport), with
+unwanted results. So in this environment, uncomment the following line. */
+
+/* #define PCRE_STATIC */
+
+#include &lt;stdio.h&gt;
+#include &lt;string.h&gt;
+#include &lt;pcre.h&gt;
+
+#define OVECCOUNT 30    /* should be a multiple of 3 */
+
+
+int main(int argc, char **argv)
+{
+pcre *re;
+const char *error;
+char *pattern;
+char *subject;
+unsigned char *name_table;
+unsigned int option_bits;
+int erroffset;
+int find_all;
+int crlf_is_newline;
+int namecount;
+int name_entry_size;
+int ovector[OVECCOUNT];
+int subject_length;
+int rc, i;
+int utf8;
+
+
+/**************************************************************************
+* First, sort out the command line. There is only one possible option at  *
+* the moment, "-g" to request repeated matching to find all occurrences,  *
+* like Perl's /g option. We set the variable find_all to a non-zero value *
+* if the -g option is present. Apart from that, there must be exactly two *
+* arguments.                                                              *
+**************************************************************************/
+
+find_all = 0;
+for (i = 1; i &lt; argc; i++)
+  {
+  if (strcmp(argv[i], "-g") == 0) find_all = 1;
+    else break;
+  }
+
+/* After the options, we require exactly two arguments, which are the pattern,
+and the subject string. */
+
+if (argc - i != 2)
+  {
+  printf("Two arguments required: a regex and a subject string\n");
+  return 1;
+  }
+
+pattern = argv[i];
+subject = argv[i+1];
+subject_length = (int)strlen(subject);
+
+
+/*************************************************************************
+* Now we are going to compile the regular expression pattern, and handle *
+* and errors that are detected.                                          *
+*************************************************************************/
+
+re = pcre_compile(
+  pattern,              /* the pattern */
+  0,                    /* default options */
+  &amp;error,               /* for error message */
+  &amp;erroffset,           /* for error offset */
+  NULL);                /* use default character tables */
+
+/* Compilation failed: print the error message and exit */
+
+if (re == NULL)
+  {
+  printf("PCRE compilation failed at offset %d: %s\n", erroffset, error);
+  return 1;
+  }
+
+
+/*************************************************************************
+* If the compilation succeeded, we call PCRE again, in order to do a     *
+* pattern match against the subject string. This does just ONE match. If *
+* further matching is needed, it will be done below.                     *
+*************************************************************************/
+
+rc = pcre_exec(
+  re,                   /* the compiled pattern */
+  NULL,                 /* no extra data - we didn't study the pattern */
+  subject,              /* the subject string */
+  subject_length,       /* the length of the subject */
+  0,                    /* start at offset 0 in the subject */
+  0,                    /* default options */
+  ovector,              /* output vector for substring information */
+  OVECCOUNT);           /* number of elements in the output vector */
+
+/* Matching failed: handle error cases */
+
+if (rc &lt; 0)
+  {
+  switch(rc)
+    {
+    case PCRE_ERROR_NOMATCH: printf("No match\n"); break;
+    /*
+    Handle other special cases if you like
+    */
+    default: printf("Matching error %d\n", rc); break;
+    }
+  pcre_free(re);     /* Release memory used for the compiled pattern */
+  return 1;
+  }
+
+/* Match succeded */
+
+printf("\nMatch succeeded at offset %d\n", ovector[0]);
+
+
+/*************************************************************************
+* We have found the first match within the subject string. If the output *
+* vector wasn't big enough, say so. Then output any substrings that were *
+* captured.                                                              *
+*************************************************************************/
+
+/* The output vector wasn't big enough */
+
+if (rc == 0)
+  {
+  rc = OVECCOUNT/3;
+  printf("ovector only has room for %d captured substrings\n", rc - 1);
+  }
+
+/* Show substrings stored in the output vector by number. Obviously, in a real
+application you might want to do things other than print them. */
+
+for (i = 0; i &lt; rc; i++)
+  {
+  char *substring_start = subject + ovector[2*i];
+  int substring_length = ovector[2*i+1] - ovector[2*i];
+  printf("%2d: %.*s\n", i, substring_length, substring_start);
+  }
+
+
+/**************************************************************************
+* That concludes the basic part of this demonstration program. We have    *
+* compiled a pattern, and performed a single match. The code that follows *
+* shows first how to access named substrings, and then how to code for    *
+* repeated matches on the same subject.                                   *
+**************************************************************************/
+
+/* See if there are any named substrings, and if so, show them by name. First
+we have to extract the count of named parentheses from the pattern. */
+
+(void)pcre_fullinfo(
+  re,                   /* the compiled pattern */
+  NULL,                 /* no extra data - we didn't study the pattern */
+  PCRE_INFO_NAMECOUNT,  /* number of named substrings */
+  &amp;namecount);          /* where to put the answer */
+
+if (namecount &lt;= 0) printf("No named substrings\n"); else
+  {
+  unsigned char *tabptr;
+  printf("Named substrings\n");
+
+  /* Before we can access the substrings, we must extract the table for
+  translating names to numbers, and the size of each entry in the table. */
+
+  (void)pcre_fullinfo(
+    re,                       /* the compiled pattern */
+    NULL,                     /* no extra data - we didn't study the pattern */
+    PCRE_INFO_NAMETABLE,      /* address of the table */
+    &amp;name_table);             /* where to put the answer */
+
+  (void)pcre_fullinfo(
+    re,                       /* the compiled pattern */
+    NULL,                     /* no extra data - we didn't study the pattern */
+    PCRE_INFO_NAMEENTRYSIZE,  /* size of each entry in the table */
+    &amp;name_entry_size);        /* where to put the answer */
+
+  /* Now we can scan the table and, for each entry, print the number, the name,
+  and the substring itself. */
+
+  tabptr = name_table;
+  for (i = 0; i &lt; namecount; i++)
+    {
+    int n = (tabptr[0] &lt;&lt; 8) | tabptr[1];
+    printf("(%d) %*s: %.*s\n", n, name_entry_size - 3, tabptr + 2,
+      ovector[2*n+1] - ovector[2*n], subject + ovector[2*n]);
+    tabptr += name_entry_size;
+    }
+  }
+
+
+/*************************************************************************
+* If the "-g" option was given on the command line, we want to continue  *
+* to search for additional matches in the subject string, in a similar   *
+* way to the /g option in Perl. This turns out to be trickier than you   *
+* might think because of the possibility of matching an empty string.    *
+* What happens is as follows:                                            *
+*                                                                        *
+* If the previous match was NOT for an empty string, we can just start   *
+* the next match at the end of the previous one.                         *
+*                                                                        *
+* If the previous match WAS for an empty string, we can't do that, as it *
+* would lead to an infinite loop. Instead, a special call of pcre_exec() *
+* is made with the PCRE_NOTEMPTY_ATSTART and PCRE_ANCHORED flags set.    *
+* The first of these tells PCRE that an empty string at the start of the *
+* subject is not a valid match; other possibilities must be tried. The   *
+* second flag restricts PCRE to one match attempt at the initial string  *
+* position. If this match succeeds, an alternative to the empty string   *
+* match has been found, and we can print it and proceed round the loop,  *
+* advancing by the length of whatever was found. If this match does not  *
+* succeed, we still stay in the loop, advancing by just one character.   *
+* In UTF-8 mode, which can be set by (*UTF8) in the pattern, this may be *
+* more than one byte.                                                    *
+*                                                                        *
+* However, there is a complication concerned with newlines. When the     *
+* newline convention is such that CRLF is a valid newline, we must       *
+* advance by two characters rather than one. The newline convention can  *
+* be set in the regex by (*CR), etc.; if not, we must find the default.  *
+*************************************************************************/
+
+if (!find_all)     /* Check for -g */
+  {
+  pcre_free(re);   /* Release the memory used for the compiled pattern */
+  return 0;        /* Finish unless -g was given */
+  }
+
+/* Before running the loop, check for UTF-8 and whether CRLF is a valid newline
+sequence. First, find the options with which the regex was compiled; extract
+the UTF-8 state, and mask off all but the newline options. */
+
+(void)pcre_fullinfo(re, NULL, PCRE_INFO_OPTIONS, &amp;option_bits);
+utf8 = option_bits &amp; PCRE_UTF8;
+option_bits &amp;= PCRE_NEWLINE_CR|PCRE_NEWLINE_LF|PCRE_NEWLINE_CRLF|
+               PCRE_NEWLINE_ANY|PCRE_NEWLINE_ANYCRLF;
+
+/* If no newline options were set, find the default newline convention from the
+build configuration. */
+
+if (option_bits == 0)
+  {
+  int d;
+  (void)pcre_config(PCRE_CONFIG_NEWLINE, &amp;d);
+  /* Note that these values are always the ASCII ones, even in
+  EBCDIC environments. CR = 13, NL = 10. */
+  option_bits = (d == 13)? PCRE_NEWLINE_CR :
+          (d == 10)? PCRE_NEWLINE_LF :
+          (d == (13&lt;&lt;8 | 10))? PCRE_NEWLINE_CRLF :
+          (d == -2)? PCRE_NEWLINE_ANYCRLF :
+          (d == -1)? PCRE_NEWLINE_ANY : 0;
+  }
+
+/* See if CRLF is a valid newline sequence. */
+
+crlf_is_newline =
+     option_bits == PCRE_NEWLINE_ANY ||
+     option_bits == PCRE_NEWLINE_CRLF ||
+     option_bits == PCRE_NEWLINE_ANYCRLF;
+
+/* Loop for second and subsequent matches */
+
+for (;;)
+  {
+  int options = 0;                 /* Normally no options */
+  int start_offset = ovector[1];   /* Start at end of previous match */
+
+  /* If the previous match was for an empty string, we are finished if we are
+  at the end of the subject. Otherwise, arrange to run another match at the
+  same point to see if a non-empty match can be found. */
+
+  if (ovector[0] == ovector[1])
+    {
+    if (ovector[0] == subject_length) break;
+    options = PCRE_NOTEMPTY_ATSTART | PCRE_ANCHORED;
+    }
+
+  /* Run the next matching operation */
+
+  rc = pcre_exec(
+    re,                   /* the compiled pattern */
+    NULL,                 /* no extra data - we didn't study the pattern */
+    subject,              /* the subject string */
+    subject_length,       /* the length of the subject */
+    start_offset,         /* starting offset in the subject */
+    options,              /* options */
+    ovector,              /* output vector for substring information */
+    OVECCOUNT);           /* number of elements in the output vector */
+
+  /* This time, a result of NOMATCH isn't an error. If the value in "options"
+  is zero, it just means we have found all possible matches, so the loop ends.
+  Otherwise, it means we have failed to find a non-empty-string match at a
+  point where there was a previous empty-string match. In this case, we do what
+  Perl does: advance the matching position by one character, and continue. We
+  do this by setting the "end of previous match" offset, because that is picked
+  up at the top of the loop as the point at which to start again.
+
+  There are two complications: (a) When CRLF is a valid newline sequence, and
+  the current position is just before it, advance by an extra byte. (b)
+  Otherwise we must ensure that we skip an entire UTF-8 character if we are in
+  UTF-8 mode. */
+
+  if (rc == PCRE_ERROR_NOMATCH)
+    {
+    if (options == 0) break;                    /* All matches found */
+    ovector[1] = start_offset + 1;              /* Advance one byte */
+    if (crlf_is_newline &amp;&amp;                      /* If CRLF is newline &amp; */
+        start_offset &lt; subject_length - 1 &amp;&amp;    /* we are at CRLF, */
+        subject[start_offset] == '\r' &amp;&amp;
+        subject[start_offset + 1] == '\n')
+      ovector[1] += 1;                          /* Advance by one more. */
+    else if (utf8)                              /* Otherwise, ensure we */
+      {                                         /* advance a whole UTF-8 */
+      while (ovector[1] &lt; subject_length)       /* character. */
+        {
+        if ((subject[ovector[1]] &amp; 0xc0) != 0x80) break;
+        ovector[1] += 1;
+        }
+      }
+    continue;    /* Go round the loop again */
+    }
+
+  /* Other matching errors are not recoverable. */
+
+  if (rc &lt; 0)
+    {
+    printf("Matching error %d\n", rc);
+    pcre_free(re);    /* Release memory used for the compiled pattern */
+    return 1;
+    }
+
+  /* Match succeded */
+
+  printf("\nMatch succeeded again at offset %d\n", ovector[0]);
+
+  /* The match succeeded, but the output vector wasn't big enough. */
+
+  if (rc == 0)
+    {
+    rc = OVECCOUNT/3;
+    printf("ovector only has room for %d captured substrings\n", rc - 1);
+    }
+
+  /* As before, show substrings stored in the output vector by number, and then
+  also any named substrings. */
+
+  for (i = 0; i &lt; rc; i++)
+    {
+    char *substring_start = subject + ovector[2*i];
+    int substring_length = ovector[2*i+1] - ovector[2*i];
+    printf("%2d: %.*s\n", i, substring_length, substring_start);
+    }
+
+  if (namecount &lt;= 0) printf("No named substrings\n"); else
+    {
+    unsigned char *tabptr = name_table;
+    printf("Named substrings\n");
+    for (i = 0; i &lt; namecount; i++)
+      {
+      int n = (tabptr[0] &lt;&lt; 8) | tabptr[1];
+      printf("(%d) %*s: %.*s\n", n, name_entry_size - 3, tabptr + 2,
+        ovector[2*n+1] - ovector[2*n], subject + ovector[2*n]);
+      tabptr += name_entry_size;
+      }
+    }
+  }      /* End of loop to find second and subsequent matches */
+
+printf("\n");
+pcre_free(re);       /* Release memory used for the compiled pattern */
+return 0;
+}
+
+/* End of pcredemo.c */
+<p>
+Return to the <a href="index.html">PCRE index page</a>.
+</p>
diff --git a/client/3rd/ShadowSocks/ShadowSocks/pcre/armv7/share/doc/pcre/html/pcregrep.html b/client/3rd/ShadowSocks/ShadowSocks/pcre/armv7/share/doc/pcre/html/pcregrep.html
new file mode 100644
index 00000000..dacbb499
--- /dev/null
+++ b/client/3rd/ShadowSocks/ShadowSocks/pcre/armv7/share/doc/pcre/html/pcregrep.html
@@ -0,0 +1,759 @@
+<html>
+<head>
+<title>pcregrep specification</title>
+</head>
+<body bgcolor="#FFFFFF" text="#00005A" link="#0066FF" alink="#3399FF" vlink="#2222BB">
+<h1>pcregrep man page</h1>
+<p>
+Return to the <a href="index.html">PCRE index page</a>.
+</p>
+<p>
+This page is part of the PCRE HTML documentation. It was generated automatically
+from the original man page. If there is any nonsense in it, please consult the
+man page, in case the conversion went wrong.
+<br>
+<ul>
+<li><a name="TOC1" href="#SEC1">SYNOPSIS</a>
+<li><a name="TOC2" href="#SEC2">DESCRIPTION</a>
+<li><a name="TOC3" href="#SEC3">SUPPORT FOR COMPRESSED FILES</a>
+<li><a name="TOC4" href="#SEC4">BINARY FILES</a>
+<li><a name="TOC5" href="#SEC5">OPTIONS</a>
+<li><a name="TOC6" href="#SEC6">ENVIRONMENT VARIABLES</a>
+<li><a name="TOC7" href="#SEC7">NEWLINES</a>
+<li><a name="TOC8" href="#SEC8">OPTIONS COMPATIBILITY</a>
+<li><a name="TOC9" href="#SEC9">OPTIONS WITH DATA</a>
+<li><a name="TOC10" href="#SEC10">MATCHING ERRORS</a>
+<li><a name="TOC11" href="#SEC11">DIAGNOSTICS</a>
+<li><a name="TOC12" href="#SEC12">SEE ALSO</a>
+<li><a name="TOC13" href="#SEC13">AUTHOR</a>
+<li><a name="TOC14" href="#SEC14">REVISION</a>
+</ul>
+<br><a name="SEC1" href="#TOC1">SYNOPSIS</a><br>
+<P>
+<b>pcregrep [options] [long options] [pattern] [path1 path2 ...]</b>
+</P>
+<br><a name="SEC2" href="#TOC1">DESCRIPTION</a><br>
+<P>
+<b>pcregrep</b> searches files for character patterns, in the same way as other
+grep commands do, but it uses the PCRE regular expression library to support
+patterns that are compatible with the regular expressions of Perl 5. See
+<a href="pcresyntax.html"><b>pcresyntax</b>(3)</a>
+for a quick-reference summary of pattern syntax, or
+<a href="pcrepattern.html"><b>pcrepattern</b>(3)</a>
+for a full description of the syntax and semantics of the regular expressions
+that PCRE supports.
+</P>
+<P>
+Patterns, whether supplied on the command line or in a separate file, are given
+without delimiters. For example:
+<pre>
+  pcregrep Thursday /etc/motd
+</pre>
+If you attempt to use delimiters (for example, by surrounding a pattern with
+slashes, as is common in Perl scripts), they are interpreted as part of the
+pattern. Quotes can of course be used to delimit patterns on the command line
+because they are interpreted by the shell, and indeed quotes are required if a
+pattern contains white space or shell metacharacters.
+</P>
+<P>
+The first argument that follows any option settings is treated as the single
+pattern to be matched when neither <b>-e</b> nor <b>-f</b> is present.
+Conversely, when one or both of these options are used to specify patterns, all
+arguments are treated as path names. At least one of <b>-e</b>, <b>-f</b>, or an
+argument pattern must be provided.
+</P>
+<P>
+If no files are specified, <b>pcregrep</b> reads the standard input. The
+standard input can also be referenced by a name consisting of a single hyphen.
+For example:
+<pre>
+  pcregrep some-pattern /file1 - /file3
+</pre>
+By default, each line that matches a pattern is copied to the standard
+output, and if there is more than one file, the file name is output at the
+start of each line, followed by a colon. However, there are options that can
+change how <b>pcregrep</b> behaves. In particular, the <b>-M</b> option makes it
+possible to search for patterns that span line boundaries. What defines a line
+boundary is controlled by the <b>-N</b> (<b>--newline</b>) option.
+</P>
+<P>
+The amount of memory used for buffering files that are being scanned is
+controlled by a parameter that can be set by the <b>--buffer-size</b> option.
+The default value for this parameter is specified when <b>pcregrep</b> is built,
+with the default default being 20K. A block of memory three times this size is
+used (to allow for buffering "before" and "after" lines). An error occurs if a
+line overflows the buffer.
+</P>
+<P>
+Patterns can be no longer than 8K or BUFSIZ bytes, whichever is the greater.
+BUFSIZ is defined in <b>&#60;stdio.h&#62;</b>. When there is more than one pattern
+(specified by the use of <b>-e</b> and/or <b>-f</b>), each pattern is applied to
+each line in the order in which they are defined, except that all the <b>-e</b>
+patterns are tried before the <b>-f</b> patterns.
+</P>
+<P>
+By default, as soon as one pattern matches a line, no further patterns are
+considered. However, if <b>--colour</b> (or <b>--color</b>) is used to colour the
+matching substrings, or if <b>--only-matching</b>, <b>--file-offsets</b>, or
+<b>--line-offsets</b> is used to output only the part of the line that matched
+(either shown literally, or as an offset), scanning resumes immediately
+following the match, so that further matches on the same line can be found. If
+there are multiple patterns, they are all tried on the remainder of the line,
+but patterns that follow the one that matched are not tried on the earlier part
+of the line.
+</P>
+<P>
+This behaviour means that the order in which multiple patterns are specified
+can affect the output when one of the above options is used. This is no longer
+the same behaviour as GNU grep, which now manages to display earlier matches
+for later patterns (as long as there is no overlap).
+</P>
+<P>
+Patterns that can match an empty string are accepted, but empty string
+matches are never recognized. An example is the pattern "(super)?(man)?", in
+which all components are optional. This pattern finds all occurrences of both
+"super" and "man"; the output differs from matching with "super|man" when only
+the matching substrings are being shown.
+</P>
+<P>
+If the <b>LC_ALL</b> or <b>LC_CTYPE</b> environment variable is set,
+<b>pcregrep</b> uses the value to set a locale when calling the PCRE library.
+The <b>--locale</b> option can be used to override this.
+</P>
+<br><a name="SEC3" href="#TOC1">SUPPORT FOR COMPRESSED FILES</a><br>
+<P>
+It is possible to compile <b>pcregrep</b> so that it uses <b>libz</b> or
+<b>libbz2</b> to read files whose names end in <b>.gz</b> or <b>.bz2</b>,
+respectively. You can find out whether your binary has support for one or both
+of these file types by running it with the <b>--help</b> option. If the
+appropriate support is not present, files are treated as plain text. The
+standard input is always so treated.
+</P>
+<br><a name="SEC4" href="#TOC1">BINARY FILES</a><br>
+<P>
+By default, a file that contains a binary zero byte within the first 1024 bytes
+is identified as a binary file, and is processed specially. (GNU grep also
+identifies binary files in this manner.) See the <b>--binary-files</b> option
+for a means of changing the way binary files are handled.
+</P>
+<br><a name="SEC5" href="#TOC1">OPTIONS</a><br>
+<P>
+The order in which some of the options appear can affect the output. For
+example, both the <b>-h</b> and <b>-l</b> options affect the printing of file
+names. Whichever comes later in the command line will be the one that takes
+effect. Similarly, except where noted below, if an option is given twice, the
+later setting is used. Numerical values for options may be followed by K or M,
+to signify multiplication by 1024 or 1024*1024 respectively.
+</P>
+<P>
+<b>--</b>
+This terminates the list of options. It is useful if the next item on the
+command line starts with a hyphen but is not an option. This allows for the
+processing of patterns and filenames that start with hyphens.
+</P>
+<P>
+<b>-A</b> <i>number</i>, <b>--after-context=</b><i>number</i>
+Output <i>number</i> lines of context after each matching line. If filenames
+and/or line numbers are being output, a hyphen separator is used instead of a
+colon for the context lines. A line containing "--" is output between each
+group of lines, unless they are in fact contiguous in the input file. The value
+of <i>number</i> is expected to be relatively small. However, <b>pcregrep</b>
+guarantees to have up to 8K of following text available for context output.
+</P>
+<P>
+<b>-a</b>, <b>--text</b>
+Treat binary files as text. This is equivalent to
+<b>--binary-files</b>=<i>text</i>.
+</P>
+<P>
+<b>-B</b> <i>number</i>, <b>--before-context=</b><i>number</i>
+Output <i>number</i> lines of context before each matching line. If filenames
+and/or line numbers are being output, a hyphen separator is used instead of a
+colon for the context lines. A line containing "--" is output between each
+group of lines, unless they are in fact contiguous in the input file. The value
+of <i>number</i> is expected to be relatively small. However, <b>pcregrep</b>
+guarantees to have up to 8K of preceding text available for context output.
+</P>
+<P>
+<b>--binary-files=</b><i>word</i>
+Specify how binary files are to be processed. If the word is "binary" (the
+default), pattern matching is performed on binary files, but the only output is
+"Binary file &#60;name&#62; matches" when a match succeeds. If the word is "text",
+which is equivalent to the <b>-a</b> or <b>--text</b> option, binary files are
+processed in the same way as any other file. In this case, when a match
+succeeds, the output may be binary garbage, which can have nasty effects if
+sent to a terminal. If the word is "without-match", which is equivalent to the
+<b>-I</b> option, binary files are not processed at all; they are assumed not to
+be of interest.
+</P>
+<P>
+<b>--buffer-size=</b><i>number</i>
+Set the parameter that controls how much memory is used for buffering files
+that are being scanned.
+</P>
+<P>
+<b>-C</b> <i>number</i>, <b>--context=</b><i>number</i>
+Output <i>number</i> lines of context both before and after each matching line.
+This is equivalent to setting both <b>-A</b> and <b>-B</b> to the same value.
+</P>
+<P>
+<b>-c</b>, <b>--count</b>
+Do not output individual lines from the files that are being scanned; instead
+output the number of lines that would otherwise have been shown. If no lines
+are selected, the number zero is output. If several files are are being
+scanned, a count is output for each of them. However, if the
+<b>--files-with-matches</b> option is also used, only those files whose counts
+are greater than zero are listed. When <b>-c</b> is used, the <b>-A</b>,
+<b>-B</b>, and <b>-C</b> options are ignored.
+</P>
+<P>
+<b>--colour</b>, <b>--color</b>
+If this option is given without any data, it is equivalent to "--colour=auto".
+If data is required, it must be given in the same shell item, separated by an
+equals sign.
+</P>
+<P>
+<b>--colour=</b><i>value</i>, <b>--color=</b><i>value</i>
+This option specifies under what circumstances the parts of a line that matched
+a pattern should be coloured in the output. By default, the output is not
+coloured. The value (which is optional, see above) may be "never", "always", or
+"auto". In the latter case, colouring happens only if the standard output is
+connected to a terminal. More resources are used when colouring is enabled,
+because <b>pcregrep</b> has to search for all possible matches in a line, not
+just one, in order to colour them all.
+<br>
+<br>
+The colour that is used can be specified by setting the environment variable
+PCREGREP_COLOUR or PCREGREP_COLOR. The value of this variable should be a
+string of two numbers, separated by a semicolon. They are copied directly into
+the control string for setting colour on a terminal, so it is your
+responsibility to ensure that they make sense. If neither of the environment
+variables is set, the default is "1;31", which gives red.
+</P>
+<P>
+<b>-D</b> <i>action</i>, <b>--devices=</b><i>action</i>
+If an input path is not a regular file or a directory, "action" specifies how
+it is to be processed. Valid values are "read" (the default) or "skip"
+(silently skip the path).
+</P>
+<P>
+<b>-d</b> <i>action</i>, <b>--directories=</b><i>action</i>
+If an input path is a directory, "action" specifies how it is to be processed.
+Valid values are "read" (the default in non-Windows environments, for
+compatibility with GNU grep), "recurse" (equivalent to the <b>-r</b> option), or
+"skip" (silently skip the path, the default in Windows environments). In the
+"read" case, directories are read as if they were ordinary files. In some
+operating systems the effect of reading a directory like this is an immediate
+end-of-file; in others it may provoke an error.
+</P>
+<P>
+<b>-e</b> <i>pattern</i>, <b>--regex=</b><i>pattern</i>, <b>--regexp=</b><i>pattern</i>
+Specify a pattern to be matched. This option can be used multiple times in
+order to specify several patterns. It can also be used as a way of specifying a
+single pattern that starts with a hyphen. When <b>-e</b> is used, no argument
+pattern is taken from the command line; all arguments are treated as file
+names. There is no limit to the number of patterns. They are applied to each
+line in the order in which they are defined until one matches.
+<br>
+<br>
+If <b>-f</b> is used with <b>-e</b>, the command line patterns are matched first,
+followed by the patterns from the file(s), independent of the order in which
+these options are specified. Note that multiple use of <b>-e</b> is not the same
+as a single pattern with alternatives. For example, X|Y finds the first
+character in a line that is X or Y, whereas if the two patterns are given
+separately, with X first, <b>pcregrep</b> finds X if it is present, even if it
+follows Y in the line. It finds Y only if there is no X in the line. This
+matters only if you are using <b>-o</b> or <b>--colo(u)r</b> to show the part(s)
+of the line that matched.
+</P>
+<P>
+<b>--exclude</b>=<i>pattern</i>
+Files (but not directories) whose names match the pattern are skipped without
+being processed. This applies to all files, whether listed on the command line,
+obtained from <b>--file-list</b>, or by scanning a directory. The pattern is a
+PCRE regular expression, and is matched against the final component of the file
+name, not the entire path. The <b>-F</b>, <b>-w</b>, and <b>-x</b> options do not
+apply to this pattern. The option may be given any number of times in order to
+specify multiple patterns. If a file name matches both an <b>--include</b>
+and an <b>--exclude</b> pattern, it is excluded. There is no short form for this
+option.
+</P>
+<P>
+<b>--exclude-from=</b><i>filename</i>
+Treat each non-empty line of the file as the data for an <b>--exclude</b>
+option. What constitutes a newline when reading the file is the operating
+system's default. The <b>--newline</b> option has no effect on this option. This
+option may be given more than once in order to specify a number of files to
+read.
+</P>
+<P>
+<b>--exclude-dir</b>=<i>pattern</i>
+Directories whose names match the pattern are skipped without being processed,
+whatever the setting of the <b>--recursive</b> option. This applies to all
+directories, whether listed on the command line, obtained from
+<b>--file-list</b>, or by scanning a parent directory. The pattern is a PCRE
+regular expression, and is matched against the final component of the directory
+name, not the entire path. The <b>-F</b>, <b>-w</b>, and <b>-x</b> options do not
+apply to this pattern. The option may be given any number of times in order to
+specify more than one pattern. If a directory matches both <b>--include-dir</b>
+and <b>--exclude-dir</b>, it is excluded. There is no short form for this
+option.
+</P>
+<P>
+<b>-F</b>, <b>--fixed-strings</b>
+Interpret each data-matching pattern as a list of fixed strings, separated by
+newlines, instead of as a regular expression. What constitutes a newline for
+this purpose is controlled by the <b>--newline</b> option. The <b>-w</b> (match
+as a word) and <b>-x</b> (match whole line) options can be used with <b>-F</b>.
+They apply to each of the fixed strings. A line is selected if any of the fixed
+strings are found in it (subject to <b>-w</b> or <b>-x</b>, if present). This
+option applies only to the patterns that are matched against the contents of
+files; it does not apply to patterns specified by any of the <b>--include</b> or
+<b>--exclude</b> options.
+</P>
+<P>
+<b>-f</b> <i>filename</i>, <b>--file=</b><i>filename</i>
+Read patterns from the file, one per line, and match them against
+each line of input. What constitutes a newline when reading the file is the
+operating system's default. The <b>--newline</b> option has no effect on this
+option. Trailing white space is removed from each line, and blank lines are
+ignored. An empty file contains no patterns and therefore matches nothing. See
+also the comments about multiple patterns versus a single pattern with
+alternatives in the description of <b>-e</b> above.
+<br>
+<br>
+If this option is given more than once, all the specified files are
+read. A data line is output if any of the patterns match it. A filename can
+be given as "-" to refer to the standard input. When <b>-f</b> is used, patterns
+specified on the command line using <b>-e</b> may also be present; they are
+tested before the file's patterns. However, no other pattern is taken from the
+command line; all arguments are treated as the names of paths to be searched.
+</P>
+<P>
+<b>--file-list</b>=<i>filename</i>
+Read a list of files and/or directories that are to be scanned from the given
+file, one per line. Trailing white space is removed from each line, and blank
+lines are ignored. These paths are processed before any that are listed on the
+command line. The filename can be given as "-" to refer to the standard input.
+If <b>--file</b> and <b>--file-list</b> are both specified as "-", patterns are
+read first. This is useful only when the standard input is a terminal, from
+which further lines (the list of files) can be read after an end-of-file
+indication. If this option is given more than once, all the specified files are
+read.
+</P>
+<P>
+<b>--file-offsets</b>
+Instead of showing lines or parts of lines that match, show each match as an
+offset from the start of the file and a length, separated by a comma. In this
+mode, no context is shown. That is, the <b>-A</b>, <b>-B</b>, and <b>-C</b>
+options are ignored. If there is more than one match in a line, each of them is
+shown separately. This option is mutually exclusive with <b>--line-offsets</b>
+and <b>--only-matching</b>.
+</P>
+<P>
+<b>-H</b>, <b>--with-filename</b>
+Force the inclusion of the filename at the start of output lines when searching
+a single file. By default, the filename is not shown in this case. For matching
+lines, the filename is followed by a colon; for context lines, a hyphen
+separator is used. If a line number is also being output, it follows the file
+name.
+</P>
+<P>
+<b>-h</b>, <b>--no-filename</b>
+Suppress the output filenames when searching multiple files. By default,
+filenames are shown when multiple files are searched. For matching lines, the
+filename is followed by a colon; for context lines, a hyphen separator is used.
+If a line number is also being output, it follows the file name.
+</P>
+<P>
+<b>--help</b>
+Output a help message, giving brief details of the command options and file
+type support, and then exit. Anything else on the command line is
+ignored.
+</P>
+<P>
+<b>-I</b>
+Treat binary files as never matching. This is equivalent to
+<b>--binary-files</b>=<i>without-match</i>.
+</P>
+<P>
+<b>-i</b>, <b>--ignore-case</b>
+Ignore upper/lower case distinctions during comparisons.
+</P>
+<P>
+<b>--include</b>=<i>pattern</i>
+If any <b>--include</b> patterns are specified, the only files that are
+processed are those that match one of the patterns (and do not match an
+<b>--exclude</b> pattern). This option does not affect directories, but it
+applies to all files, whether listed on the command line, obtained from
+<b>--file-list</b>, or by scanning a directory. The pattern is a PCRE regular
+expression, and is matched against the final component of the file name, not
+the entire path. The <b>-F</b>, <b>-w</b>, and <b>-x</b> options do not apply to
+this pattern. The option may be given any number of times. If a file name
+matches both an <b>--include</b> and an <b>--exclude</b> pattern, it is excluded.
+There is no short form for this option.
+</P>
+<P>
+<b>--include-from=</b><i>filename</i>
+Treat each non-empty line of the file as the data for an <b>--include</b>
+option. What constitutes a newline for this purpose is the operating system's
+default. The <b>--newline</b> option has no effect on this option. This option
+may be given any number of times; all the files are read.
+</P>
+<P>
+<b>--include-dir</b>=<i>pattern</i>
+If any <b>--include-dir</b> patterns are specified, the only directories that
+are processed are those that match one of the patterns (and do not match an
+<b>--exclude-dir</b> pattern). This applies to all directories, whether listed
+on the command line, obtained from <b>--file-list</b>, or by scanning a parent
+directory. The pattern is a PCRE regular expression, and is matched against the
+final component of the directory name, not the entire path. The <b>-F</b>,
+<b>-w</b>, and <b>-x</b> options do not apply to this pattern. The option may be
+given any number of times. If a directory matches both <b>--include-dir</b> and
+<b>--exclude-dir</b>, it is excluded. There is no short form for this option.
+</P>
+<P>
+<b>-L</b>, <b>--files-without-match</b>
+Instead of outputting lines from the files, just output the names of the files
+that do not contain any lines that would have been output. Each file name is
+output once, on a separate line.
+</P>
+<P>
+<b>-l</b>, <b>--files-with-matches</b>
+Instead of outputting lines from the files, just output the names of the files
+containing lines that would have been output. Each file name is output
+once, on a separate line. Searching normally stops as soon as a matching line
+is found in a file. However, if the <b>-c</b> (count) option is also used,
+matching continues in order to obtain the correct count, and those files that
+have at least one match are listed along with their counts. Using this option
+with <b>-c</b> is a way of suppressing the listing of files with no matches.
+</P>
+<P>
+<b>--label</b>=<i>name</i>
+This option supplies a name to be used for the standard input when file names
+are being output. If not supplied, "(standard input)" is used. There is no
+short form for this option.
+</P>
+<P>
+<b>--line-buffered</b>
+When this option is given, input is read and processed line by line, and the
+output is flushed after each write. By default, input is read in large chunks,
+unless <b>pcregrep</b> can determine that it is reading from a terminal (which
+is currently possible only in Unix-like environments). Output to terminal is
+normally automatically flushed by the operating system. This option can be
+useful when the input or output is attached to a pipe and you do not want
+<b>pcregrep</b> to buffer up large amounts of data. However, its use will affect
+performance, and the <b>-M</b> (multiline) option ceases to work.
+</P>
+<P>
+<b>--line-offsets</b>
+Instead of showing lines or parts of lines that match, show each match as a
+line number, the offset from the start of the line, and a length. The line
+number is terminated by a colon (as usual; see the <b>-n</b> option), and the
+offset and length are separated by a comma. In this mode, no context is shown.
+That is, the <b>-A</b>, <b>-B</b>, and <b>-C</b> options are ignored. If there is
+more than one match in a line, each of them is shown separately. This option is
+mutually exclusive with <b>--file-offsets</b> and <b>--only-matching</b>.
+</P>
+<P>
+<b>--locale</b>=<i>locale-name</i>
+This option specifies a locale to be used for pattern matching. It overrides
+the value in the <b>LC_ALL</b> or <b>LC_CTYPE</b> environment variables. If no
+locale is specified, the PCRE library's default (usually the "C" locale) is
+used. There is no short form for this option.
+</P>
+<P>
+<b>--match-limit</b>=<i>number</i>
+Processing some regular expression patterns can require a very large amount of
+memory, leading in some cases to a program crash if not enough is available.
+Other patterns may take a very long time to search for all possible matching
+strings. The <b>pcre_exec()</b> function that is called by <b>pcregrep</b> to do
+the matching has two parameters that can limit the resources that it uses.
+<br>
+<br>
+The <b>--match-limit</b> option provides a means of limiting resource usage
+when processing patterns that are not going to match, but which have a very
+large number of possibilities in their search trees. The classic example is a
+pattern that uses nested unlimited repeats. Internally, PCRE uses a function
+called <b>match()</b> which it calls repeatedly (sometimes recursively). The
+limit set by <b>--match-limit</b> is imposed on the number of times this
+function is called during a match, which has the effect of limiting the amount
+of backtracking that can take place.
+<br>
+<br>
+The <b>--recursion-limit</b> option is similar to <b>--match-limit</b>, but
+instead of limiting the total number of times that <b>match()</b> is called, it
+limits the depth of recursive calls, which in turn limits the amount of memory
+that can be used. The recursion depth is a smaller number than the total number
+of calls, because not all calls to <b>match()</b> are recursive. This limit is
+of use only if it is set smaller than <b>--match-limit</b>.
+<br>
+<br>
+There are no short forms for these options. The default settings are specified
+when the PCRE library is compiled, with the default default being 10 million.
+</P>
+<P>
+<b>-M</b>, <b>--multiline</b>
+Allow patterns to match more than one line. When this option is given, patterns
+may usefully contain literal newline characters and internal occurrences of ^
+and $ characters. The output for a successful match may consist of more than
+one line, the last of which is the one in which the match ended. If the matched
+string ends with a newline sequence the output ends at the end of that line.
+<br>
+<br>
+When this option is set, the PCRE library is called in "multiline" mode.
+There is a limit to the number of lines that can be matched, imposed by the way
+that <b>pcregrep</b> buffers the input file as it scans it. However,
+<b>pcregrep</b> ensures that at least 8K characters or the rest of the document
+(whichever is the shorter) are available for forward matching, and similarly
+the previous 8K characters (or all the previous characters, if fewer than 8K)
+are guaranteed to be available for lookbehind assertions. This option does not
+work when input is read line by line (see \fP--line-buffered\fP.)
+</P>
+<P>
+<b>-N</b> <i>newline-type</i>, <b>--newline</b>=<i>newline-type</i>
+The PCRE library supports five different conventions for indicating
+the ends of lines. They are the single-character sequences CR (carriage return)
+and LF (linefeed), the two-character sequence CRLF, an "anycrlf" convention,
+which recognizes any of the preceding three types, and an "any" convention, in
+which any Unicode line ending sequence is assumed to end a line. The Unicode
+sequences are the three just mentioned, plus VT (vertical tab, U+000B), FF
+(form feed, U+000C), NEL (next line, U+0085), LS (line separator, U+2028), and
+PS (paragraph separator, U+2029).
+<br>
+<br>
+When the PCRE library is built, a default line-ending sequence is specified.
+This is normally the standard sequence for the operating system. Unless
+otherwise specified by this option, <b>pcregrep</b> uses the library's default.
+The possible values for this option are CR, LF, CRLF, ANYCRLF, or ANY. This
+makes it possible to use <b>pcregrep</b> to scan files that have come from other
+environments without having to modify their line endings. If the data that is
+being scanned does not agree with the convention set by this option,
+<b>pcregrep</b> may behave in strange ways. Note that this option does not
+apply to files specified by the <b>-f</b>, <b>--exclude-from</b>, or
+<b>--include-from</b> options, which are expected to use the operating system's
+standard newline sequence.
+</P>
+<P>
+<b>-n</b>, <b>--line-number</b>
+Precede each output line by its line number in the file, followed by a colon
+for matching lines or a hyphen for context lines. If the filename is also being
+output, it precedes the line number. This option is forced if
+<b>--line-offsets</b> is used.
+</P>
+<P>
+<b>--no-jit</b>
+If the PCRE library is built with support for just-in-time compiling (which
+speeds up matching), <b>pcregrep</b> automatically makes use of this, unless it
+was explicitly disabled at build time. This option can be used to disable the
+use of JIT at run time. It is provided for testing and working round problems.
+It should never be needed in normal use.
+</P>
+<P>
+<b>-o</b>, <b>--only-matching</b>
+Show only the part of the line that matched a pattern instead of the whole
+line. In this mode, no context is shown. That is, the <b>-A</b>, <b>-B</b>, and
+<b>-C</b> options are ignored. If there is more than one match in a line, each
+of them is shown separately. If <b>-o</b> is combined with <b>-v</b> (invert the
+sense of the match to find non-matching lines), no output is generated, but the
+return code is set appropriately. If the matched portion of the line is empty,
+nothing is output unless the file name or line number are being printed, in
+which case they are shown on an otherwise empty line. This option is mutually
+exclusive with <b>--file-offsets</b> and <b>--line-offsets</b>.
+</P>
+<P>
+<b>-o</b><i>number</i>, <b>--only-matching</b>=<i>number</i>
+Show only the part of the line that matched the capturing parentheses of the
+given number. Up to 32 capturing parentheses are supported, and -o0 is
+equivalent to <b>-o</b> without a number. Because these options can be given
+without an argument (see above), if an argument is present, it must be given in
+the same shell item, for example, -o3 or --only-matching=2. The comments given
+for the non-argument case above also apply to this case. If the specified
+capturing parentheses do not exist in the pattern, or were not set in the
+match, nothing is output unless the file name or line number are being printed.
+<br>
+<br>
+If this option is given multiple times, multiple substrings are output, in the
+order the options are given. For example, -o3 -o1 -o3 causes the substrings
+matched by capturing parentheses 3 and 1 and then 3 again to be output. By
+default, there is no separator (but see the next option).
+</P>
+<P>
+<b>--om-separator</b>=<i>text</i>
+Specify a separating string for multiple occurrences of <b>-o</b>. The default
+is an empty string. Separating strings are never coloured.
+</P>
+<P>
+<b>-q</b>, <b>--quiet</b>
+Work quietly, that is, display nothing except error messages. The exit
+status indicates whether or not any matches were found.
+</P>
+<P>
+<b>-r</b>, <b>--recursive</b>
+If any given path is a directory, recursively scan the files it contains,
+taking note of any <b>--include</b> and <b>--exclude</b> settings. By default, a
+directory is read as a normal file; in some operating systems this gives an
+immediate end-of-file. This option is a shorthand for setting the <b>-d</b>
+option to "recurse".
+</P>
+<P>
+<b>--recursion-limit</b>=<i>number</i>
+See <b>--match-limit</b> above.
+</P>
+<P>
+<b>-s</b>, <b>--no-messages</b>
+Suppress error messages about non-existent or unreadable files. Such files are
+quietly skipped. However, the return code is still 2, even if matches were
+found in other files.
+</P>
+<P>
+<b>-u</b>, <b>--utf-8</b>
+Operate in UTF-8 mode. This option is available only if PCRE has been compiled
+with UTF-8 support. All patterns (including those for any <b>--exclude</b> and
+<b>--include</b> options) and all subject lines that are scanned must be valid
+strings of UTF-8 characters.
+</P>
+<P>
+<b>-V</b>, <b>--version</b>
+Write the version numbers of <b>pcregrep</b> and the PCRE library to the
+standard output and then exit. Anything else on the command line is
+ignored.
+</P>
+<P>
+<b>-v</b>, <b>--invert-match</b>
+Invert the sense of the match, so that lines which do <i>not</i> match any of
+the patterns are the ones that are found.
+</P>
+<P>
+<b>-w</b>, <b>--word-regex</b>, <b>--word-regexp</b>
+Force the patterns to match only whole words. This is equivalent to having \b
+at the start and end of the pattern. This option applies only to the patterns
+that are matched against the contents of files; it does not apply to patterns
+specified by any of the <b>--include</b> or <b>--exclude</b> options.
+</P>
+<P>
+<b>-x</b>, <b>--line-regex</b>, <b>--line-regexp</b>
+Force the patterns to be anchored (each must start matching at the beginning of
+a line) and in addition, require them to match entire lines. This is equivalent
+to having ^ and $ characters at the start and end of each alternative branch in
+every pattern. This option applies only to the patterns that are matched
+against the contents of files; it does not apply to patterns specified by any
+of the <b>--include</b> or <b>--exclude</b> options.
+</P>
+<br><a name="SEC6" href="#TOC1">ENVIRONMENT VARIABLES</a><br>
+<P>
+The environment variables <b>LC_ALL</b> and <b>LC_CTYPE</b> are examined, in that
+order, for a locale. The first one that is set is used. This can be overridden
+by the <b>--locale</b> option. If no locale is set, the PCRE library's default
+(usually the "C" locale) is used.
+</P>
+<br><a name="SEC7" href="#TOC1">NEWLINES</a><br>
+<P>
+The <b>-N</b> (<b>--newline</b>) option allows <b>pcregrep</b> to scan files with
+different newline conventions from the default. Any parts of the input files
+that are written to the standard output are copied identically, with whatever
+newline sequences they have in the input. However, the setting of this option
+does not affect the interpretation of files specified by the <b>-f</b>,
+<b>--exclude-from</b>, or <b>--include-from</b> options, which are assumed to use
+the operating system's standard newline sequence, nor does it affect the way in
+which <b>pcregrep</b> writes informational messages to the standard error and
+output streams. For these it uses the string "\n" to indicate newlines,
+relying on the C I/O library to convert this to an appropriate sequence.
+</P>
+<br><a name="SEC8" href="#TOC1">OPTIONS COMPATIBILITY</a><br>
+<P>
+Many of the short and long forms of <b>pcregrep</b>'s options are the same
+as in the GNU <b>grep</b> program. Any long option of the form
+<b>--xxx-regexp</b> (GNU terminology) is also available as <b>--xxx-regex</b>
+(PCRE terminology). However, the <b>--file-list</b>, <b>--file-offsets</b>,
+<b>--include-dir</b>, <b>--line-offsets</b>, <b>--locale</b>, <b>--match-limit</b>,
+<b>-M</b>, <b>--multiline</b>, <b>-N</b>, <b>--newline</b>, <b>--om-separator</b>,
+<b>--recursion-limit</b>, <b>-u</b>, and <b>--utf-8</b> options are specific to
+<b>pcregrep</b>, as is the use of the <b>--only-matching</b> option with a
+capturing parentheses number.
+</P>
+<P>
+Although most of the common options work the same way, a few are different in
+<b>pcregrep</b>. For example, the <b>--include</b> option's argument is a glob
+for GNU <b>grep</b>, but a regular expression for <b>pcregrep</b>. If both the
+<b>-c</b> and <b>-l</b> options are given, GNU grep lists only file names,
+without counts, but <b>pcregrep</b> gives the counts.
+</P>
+<br><a name="SEC9" href="#TOC1">OPTIONS WITH DATA</a><br>
+<P>
+There are four different ways in which an option with data can be specified.
+If a short form option is used, the data may follow immediately, or (with one
+exception) in the next command line item. For example:
+<pre>
+  -f/some/file
+  -f /some/file
+</pre>
+The exception is the <b>-o</b> option, which may appear with or without data.
+Because of this, if data is present, it must follow immediately in the same
+item, for example -o3.
+</P>
+<P>
+If a long form option is used, the data may appear in the same command line
+item, separated by an equals character, or (with two exceptions) it may appear
+in the next command line item. For example:
+<pre>
+  --file=/some/file
+  --file /some/file
+</pre>
+Note, however, that if you want to supply a file name beginning with ~ as data
+in a shell command, and have the shell expand ~ to a home directory, you must
+separate the file name from the option, because the shell does not treat ~
+specially unless it is at the start of an item.
+</P>
+<P>
+The exceptions to the above are the <b>--colour</b> (or <b>--color</b>) and
+<b>--only-matching</b> options, for which the data is optional. If one of these
+options does have data, it must be given in the first form, using an equals
+character. Otherwise <b>pcregrep</b> will assume that it has no data.
+</P>
+<br><a name="SEC10" href="#TOC1">MATCHING ERRORS</a><br>
+<P>
+It is possible to supply a regular expression that takes a very long time to
+fail to match certain lines. Such patterns normally involve nested indefinite
+repeats, for example: (a+)*\d when matched against a line of a's with no final
+digit. The PCRE matching function has a resource limit that causes it to abort
+in these circumstances. If this happens, <b>pcregrep</b> outputs an error
+message and the line that caused the problem to the standard error stream. If
+there are more than 20 such errors, <b>pcregrep</b> gives up.
+</P>
+<P>
+The <b>--match-limit</b> option of <b>pcregrep</b> can be used to set the overall
+resource limit; there is a second option called <b>--recursion-limit</b> that
+sets a limit on the amount of memory (usually stack) that is used (see the
+discussion of these options above).
+</P>
+<br><a name="SEC11" href="#TOC1">DIAGNOSTICS</a><br>
+<P>
+Exit status is 0 if any matches were found, 1 if no matches were found, and 2
+for syntax errors, overlong lines, non-existent or inaccessible files (even if
+matches were found in other files) or too many matching errors. Using the
+<b>-s</b> option to suppress error messages about inaccessible files does not
+affect the return code.
+</P>
+<br><a name="SEC12" href="#TOC1">SEE ALSO</a><br>
+<P>
+<b>pcrepattern</b>(3), <b>pcresyntax</b>(3), <b>pcretest</b>(1).
+</P>
+<br><a name="SEC13" href="#TOC1">AUTHOR</a><br>
+<P>
+Philip Hazel
+<br>
+University Computing Service
+<br>
+Cambridge CB2 3QH, England.
+<br>
+</P>
+<br><a name="SEC14" href="#TOC1">REVISION</a><br>
+<P>
+Last updated: 03 April 2014
+<br>
+Copyright &copy; 1997-2014 University of Cambridge.
+<br>
+<p>
+Return to the <a href="index.html">PCRE index page</a>.
+</p>
diff --git a/client/3rd/ShadowSocks/ShadowSocks/pcre/armv7/share/doc/pcre/html/pcrejit.html b/client/3rd/ShadowSocks/ShadowSocks/pcre/armv7/share/doc/pcre/html/pcrejit.html
new file mode 100644
index 00000000..abb34252
--- /dev/null
+++ b/client/3rd/ShadowSocks/ShadowSocks/pcre/armv7/share/doc/pcre/html/pcrejit.html
@@ -0,0 +1,499 @@
+<html>
+<head>
+<title>pcrejit specification</title>
+</head>
+<body bgcolor="#FFFFFF" text="#00005A" link="#0066FF" alink="#3399FF" vlink="#2222BB">
+<h1>pcrejit man page</h1>
+<p>
+Return to the <a href="index.html">PCRE index page</a>.
+</p>
+<p>
+This page is part of the PCRE HTML documentation. It was generated automatically
+from the original man page. If there is any nonsense in it, please consult the
+man page, in case the conversion went wrong.
+<br>
+<ul>
+<li><a name="TOC1" href="#SEC1">PCRE JUST-IN-TIME COMPILER SUPPORT</a>
+<li><a name="TOC2" href="#SEC2">8-BIT, 16-BIT AND 32-BIT SUPPORT</a>
+<li><a name="TOC3" href="#SEC3">AVAILABILITY OF JIT SUPPORT</a>
+<li><a name="TOC4" href="#SEC4">SIMPLE USE OF JIT</a>
+<li><a name="TOC5" href="#SEC5">UNSUPPORTED OPTIONS AND PATTERN ITEMS</a>
+<li><a name="TOC6" href="#SEC6">RETURN VALUES FROM JIT EXECUTION</a>
+<li><a name="TOC7" href="#SEC7">SAVING AND RESTORING COMPILED PATTERNS</a>
+<li><a name="TOC8" href="#SEC8">CONTROLLING THE JIT STACK</a>
+<li><a name="TOC9" href="#SEC9">JIT STACK FAQ</a>
+<li><a name="TOC10" href="#SEC10">EXAMPLE CODE</a>
+<li><a name="TOC11" href="#SEC11">JIT FAST PATH API</a>
+<li><a name="TOC12" href="#SEC12">SEE ALSO</a>
+<li><a name="TOC13" href="#SEC13">AUTHOR</a>
+<li><a name="TOC14" href="#SEC14">REVISION</a>
+</ul>
+<br><a name="SEC1" href="#TOC1">PCRE JUST-IN-TIME COMPILER SUPPORT</a><br>
+<P>
+Just-in-time compiling is a heavyweight optimization that can greatly speed up
+pattern matching. However, it comes at the cost of extra processing before the
+match is performed. Therefore, it is of most benefit when the same pattern is
+going to be matched many times. This does not necessarily mean many calls of a
+matching function; if the pattern is not anchored, matching attempts may take
+place many times at various positions in the subject, even for a single call.
+Therefore, if the subject string is very long, it may still pay to use JIT for
+one-off matches.
+</P>
+<P>
+JIT support applies only to the traditional Perl-compatible matching function.
+It does not apply when the DFA matching function is being used. The code for
+this support was written by Zoltan Herczeg.
+</P>
+<br><a name="SEC2" href="#TOC1">8-BIT, 16-BIT AND 32-BIT SUPPORT</a><br>
+<P>
+JIT support is available for all of the 8-bit, 16-bit and 32-bit PCRE
+libraries. To keep this documentation simple, only the 8-bit interface is
+described in what follows. If you are using the 16-bit library, substitute the
+16-bit functions and 16-bit structures (for example, <i>pcre16_jit_stack</i>
+instead of <i>pcre_jit_stack</i>). If you are using the 32-bit library,
+substitute the 32-bit functions and 32-bit structures (for example,
+<i>pcre32_jit_stack</i> instead of <i>pcre_jit_stack</i>).
+</P>
+<br><a name="SEC3" href="#TOC1">AVAILABILITY OF JIT SUPPORT</a><br>
+<P>
+JIT support is an optional feature of PCRE. The "configure" option --enable-jit
+(or equivalent CMake option) must be set when PCRE is built if you want to use
+JIT. The support is limited to the following hardware platforms:
+<pre>
+  ARM v5, v7, and Thumb2
+  Intel x86 32-bit and 64-bit
+  MIPS 32-bit
+  Power PC 32-bit and 64-bit
+  SPARC 32-bit (experimental)
+</pre>
+If --enable-jit is set on an unsupported platform, compilation fails.
+</P>
+<P>
+A program that is linked with PCRE 8.20 or later can tell if JIT support is
+available by calling <b>pcre_config()</b> with the PCRE_CONFIG_JIT option. The
+result is 1 when JIT is available, and 0 otherwise. However, a simple program
+does not need to check this in order to use JIT. The normal API is implemented
+in a way that falls back to the interpretive code if JIT is not available. For
+programs that need the best possible performance, there is also a "fast path"
+API that is JIT-specific.
+</P>
+<P>
+If your program may sometimes be linked with versions of PCRE that are older
+than 8.20, but you want to use JIT when it is available, you can test the
+values of PCRE_MAJOR and PCRE_MINOR, or the existence of a JIT macro such as
+PCRE_CONFIG_JIT, for compile-time control of your code. Also beware that the
+<b>pcre_jit_exec()</b> function was not available at all before 8.32,
+and may not be available at all if PCRE isn't compiled with
+--enable-jit. See the "JIT FAST PATH API" section below for details.
+</P>
+<br><a name="SEC4" href="#TOC1">SIMPLE USE OF JIT</a><br>
+<P>
+You have to do two things to make use of the JIT support in the simplest way:
+<pre>
+  (1) Call <b>pcre_study()</b> with the PCRE_STUDY_JIT_COMPILE option for
+      each compiled pattern, and pass the resulting <b>pcre_extra</b> block to
+      <b>pcre_exec()</b>.
+
+  (2) Use <b>pcre_free_study()</b> to free the <b>pcre_extra</b> block when it is
+      no longer needed, instead of just freeing it yourself. This ensures that
+      any JIT data is also freed.
+</pre>
+For a program that may be linked with pre-8.20 versions of PCRE, you can insert
+<pre>
+  #ifndef PCRE_STUDY_JIT_COMPILE
+  #define PCRE_STUDY_JIT_COMPILE 0
+  #endif
+</pre>
+so that no option is passed to <b>pcre_study()</b>, and then use something like
+this to free the study data:
+<pre>
+  #ifdef PCRE_CONFIG_JIT
+      pcre_free_study(study_ptr);
+  #else
+      pcre_free(study_ptr);
+  #endif
+</pre>
+PCRE_STUDY_JIT_COMPILE requests the JIT compiler to generate code for complete
+matches. If you want to run partial matches using the PCRE_PARTIAL_HARD or
+PCRE_PARTIAL_SOFT options of <b>pcre_exec()</b>, you should set one or both of
+the following options in addition to, or instead of, PCRE_STUDY_JIT_COMPILE
+when you call <b>pcre_study()</b>:
+<pre>
+  PCRE_STUDY_JIT_PARTIAL_HARD_COMPILE
+  PCRE_STUDY_JIT_PARTIAL_SOFT_COMPILE
+</pre>
+If using <b>pcre_jit_exec()</b> and supporting a pre-8.32 version of
+PCRE, you can insert:
+<pre>
+   #if PCRE_MAJOR &#62;= 8 && PCRE_MINOR &#62;= 32
+   pcre_jit_exec(...);
+   #else
+   pcre_exec(...)
+   #endif
+</pre>
+but as described in the "JIT FAST PATH API" section below this assumes
+version 8.32 and later are compiled with --enable-jit, which may
+break.
+<br>
+<br>
+The JIT compiler generates different optimized code for each of the three
+modes (normal, soft partial, hard partial). When <b>pcre_exec()</b> is called,
+the appropriate code is run if it is available. Otherwise, the pattern is
+matched using interpretive code.
+</P>
+<P>
+In some circumstances you may need to call additional functions. These are
+described in the section entitled
+<a href="#stackcontrol">"Controlling the JIT stack"</a>
+below.
+</P>
+<P>
+If JIT support is not available, PCRE_STUDY_JIT_COMPILE etc. are ignored, and
+no JIT data is created. Otherwise, the compiled pattern is passed to the JIT
+compiler, which turns it into machine code that executes much faster than the
+normal interpretive code. When <b>pcre_exec()</b> is passed a <b>pcre_extra</b>
+block containing a pointer to JIT code of the appropriate mode (normal or
+hard/soft partial), it obeys that code instead of running the interpreter. The
+result is identical, but the compiled JIT code runs much faster.
+</P>
+<P>
+There are some <b>pcre_exec()</b> options that are not supported for JIT
+execution. There are also some pattern items that JIT cannot handle. Details
+are given below. In both cases, execution automatically falls back to the
+interpretive code. If you want to know whether JIT was actually used for a
+particular match, you should arrange for a JIT callback function to be set up
+as described in the section entitled
+<a href="#stackcontrol">"Controlling the JIT stack"</a>
+below, even if you do not need to supply a non-default JIT stack. Such a
+callback function is called whenever JIT code is about to be obeyed. If the
+execution options are not right for JIT execution, the callback function is not
+obeyed.
+</P>
+<P>
+If the JIT compiler finds an unsupported item, no JIT data is generated. You
+can find out if JIT execution is available after studying a pattern by calling
+<b>pcre_fullinfo()</b> with the PCRE_INFO_JIT option. A result of 1 means that
+JIT compilation was successful. A result of 0 means that JIT support is not
+available, or the pattern was not studied with PCRE_STUDY_JIT_COMPILE etc., or
+the JIT compiler was not able to handle the pattern.
+</P>
+<P>
+Once a pattern has been studied, with or without JIT, it can be used as many
+times as you like for matching different subject strings.
+</P>
+<br><a name="SEC5" href="#TOC1">UNSUPPORTED OPTIONS AND PATTERN ITEMS</a><br>
+<P>
+The only <b>pcre_exec()</b> options that are supported for JIT execution are
+PCRE_NO_UTF8_CHECK, PCRE_NO_UTF16_CHECK, PCRE_NO_UTF32_CHECK, PCRE_NOTBOL,
+PCRE_NOTEOL, PCRE_NOTEMPTY, PCRE_NOTEMPTY_ATSTART, PCRE_PARTIAL_HARD, and
+PCRE_PARTIAL_SOFT.
+</P>
+<P>
+The only unsupported pattern items are \C (match a single data unit) when
+running in a UTF mode, and a callout immediately before an assertion condition
+in a conditional group.
+</P>
+<br><a name="SEC6" href="#TOC1">RETURN VALUES FROM JIT EXECUTION</a><br>
+<P>
+When a pattern is matched using JIT execution, the return values are the same
+as those given by the interpretive <b>pcre_exec()</b> code, with the addition of
+one new error code: PCRE_ERROR_JIT_STACKLIMIT. This means that the memory used
+for the JIT stack was insufficient. See
+<a href="#stackcontrol">"Controlling the JIT stack"</a>
+below for a discussion of JIT stack usage. For compatibility with the
+interpretive <b>pcre_exec()</b> code, no more than two-thirds of the
+<i>ovector</i> argument is used for passing back captured substrings.
+</P>
+<P>
+The error code PCRE_ERROR_MATCHLIMIT is returned by the JIT code if searching a
+very large pattern tree goes on for too long, as it is in the same circumstance
+when JIT is not used, but the details of exactly what is counted are not the
+same. The PCRE_ERROR_RECURSIONLIMIT error code is never returned by JIT
+execution.
+</P>
+<br><a name="SEC7" href="#TOC1">SAVING AND RESTORING COMPILED PATTERNS</a><br>
+<P>
+The code that is generated by the JIT compiler is architecture-specific, and is
+also position dependent. For those reasons it cannot be saved (in a file or
+database) and restored later like the bytecode and other data of a compiled
+pattern. Saving and restoring compiled patterns is not something many people
+do. More detail about this facility is given in the
+<a href="pcreprecompile.html"><b>pcreprecompile</b></a>
+documentation. It should be possible to run <b>pcre_study()</b> on a saved and
+restored pattern, and thereby recreate the JIT data, but because JIT
+compilation uses significant resources, it is probably not worth doing this;
+you might as well recompile the original pattern.
+<a name="stackcontrol"></a></P>
+<br><a name="SEC8" href="#TOC1">CONTROLLING THE JIT STACK</a><br>
+<P>
+When the compiled JIT code runs, it needs a block of memory to use as a stack.
+By default, it uses 32K on the machine stack. However, some large or
+complicated patterns need more than this. The error PCRE_ERROR_JIT_STACKLIMIT
+is given when there is not enough stack. Three functions are provided for
+managing blocks of memory for use as JIT stacks. There is further discussion
+about the use of JIT stacks in the section entitled
+<a href="#stackcontrol">"JIT stack FAQ"</a>
+below.
+</P>
+<P>
+The <b>pcre_jit_stack_alloc()</b> function creates a JIT stack. Its arguments
+are a starting size and a maximum size, and it returns a pointer to an opaque
+structure of type <b>pcre_jit_stack</b>, or NULL if there is an error. The
+<b>pcre_jit_stack_free()</b> function can be used to free a stack that is no
+longer needed. (For the technically minded: the address space is allocated by
+mmap or VirtualAlloc.)
+</P>
+<P>
+JIT uses far less memory for recursion than the interpretive code,
+and a maximum stack size of 512K to 1M should be more than enough for any
+pattern.
+</P>
+<P>
+The <b>pcre_assign_jit_stack()</b> function specifies which stack JIT code
+should use. Its arguments are as follows:
+<pre>
+  pcre_extra         *extra
+  pcre_jit_callback  callback
+  void               *data
+</pre>
+The <i>extra</i> argument must be the result of studying a pattern with
+PCRE_STUDY_JIT_COMPILE etc. There are three cases for the values of the other
+two options:
+<pre>
+  (1) If <i>callback</i> is NULL and <i>data</i> is NULL, an internal 32K block
+      on the machine stack is used.
+
+  (2) If <i>callback</i> is NULL and <i>data</i> is not NULL, <i>data</i> must be
+      a valid JIT stack, the result of calling <b>pcre_jit_stack_alloc()</b>.
+
+  (3) If <i>callback</i> is not NULL, it must point to a function that is
+      called with <i>data</i> as an argument at the start of matching, in
+      order to set up a JIT stack. If the return from the callback
+      function is NULL, the internal 32K stack is used; otherwise the
+      return value must be a valid JIT stack, the result of calling
+      <b>pcre_jit_stack_alloc()</b>.
+</pre>
+A callback function is obeyed whenever JIT code is about to be run; it is not
+obeyed when <b>pcre_exec()</b> is called with options that are incompatible for
+JIT execution. A callback function can therefore be used to determine whether a
+match operation was executed by JIT or by the interpreter.
+</P>
+<P>
+You may safely use the same JIT stack for more than one pattern (either by
+assigning directly or by callback), as long as the patterns are all matched
+sequentially in the same thread. In a multithread application, if you do not
+specify a JIT stack, or if you assign or pass back NULL from a callback, that
+is thread-safe, because each thread has its own machine stack. However, if you
+assign or pass back a non-NULL JIT stack, this must be a different stack for
+each thread so that the application is thread-safe.
+</P>
+<P>
+Strictly speaking, even more is allowed. You can assign the same non-NULL stack
+to any number of patterns as long as they are not used for matching by multiple
+threads at the same time. For example, you can assign the same stack to all
+compiled patterns, and use a global mutex in the callback to wait until the
+stack is available for use. However, this is an inefficient solution, and not
+recommended.
+</P>
+<P>
+This is a suggestion for how a multithreaded program that needs to set up
+non-default JIT stacks might operate:
+<pre>
+  During thread initalization
+    thread_local_var = pcre_jit_stack_alloc(...)
+
+  During thread exit
+    pcre_jit_stack_free(thread_local_var)
+
+  Use a one-line callback function
+    return thread_local_var
+</pre>
+All the functions described in this section do nothing if JIT is not available,
+and <b>pcre_assign_jit_stack()</b> does nothing unless the <b>extra</b> argument
+is non-NULL and points to a <b>pcre_extra</b> block that is the result of a
+successful study with PCRE_STUDY_JIT_COMPILE etc.
+<a name="stackfaq"></a></P>
+<br><a name="SEC9" href="#TOC1">JIT STACK FAQ</a><br>
+<P>
+(1) Why do we need JIT stacks?
+<br>
+<br>
+PCRE (and JIT) is a recursive, depth-first engine, so it needs a stack where
+the local data of the current node is pushed before checking its child nodes.
+Allocating real machine stack on some platforms is difficult. For example, the
+stack chain needs to be updated every time if we extend the stack on PowerPC.
+Although it is possible, its updating time overhead decreases performance. So
+we do the recursion in memory.
+</P>
+<P>
+(2) Why don't we simply allocate blocks of memory with <b>malloc()</b>?
+<br>
+<br>
+Modern operating systems have a nice feature: they can reserve an address space
+instead of allocating memory. We can safely allocate memory pages inside this
+address space, so the stack could grow without moving memory data (this is
+important because of pointers). Thus we can allocate 1M address space, and use
+only a single memory page (usually 4K) if that is enough. However, we can still
+grow up to 1M anytime if needed.
+</P>
+<P>
+(3) Who "owns" a JIT stack?
+<br>
+<br>
+The owner of the stack is the user program, not the JIT studied pattern or
+anything else. The user program must ensure that if a stack is used by
+<b>pcre_exec()</b>, (that is, it is assigned to the pattern currently running),
+that stack must not be used by any other threads (to avoid overwriting the same
+memory area). The best practice for multithreaded programs is to allocate a
+stack for each thread, and return this stack through the JIT callback function.
+</P>
+<P>
+(4) When should a JIT stack be freed?
+<br>
+<br>
+You can free a JIT stack at any time, as long as it will not be used by
+<b>pcre_exec()</b> again. When you assign the stack to a pattern, only a pointer
+is set. There is no reference counting or any other magic. You can free the
+patterns and stacks in any order, anytime. Just <i>do not</i> call
+<b>pcre_exec()</b> with a pattern pointing to an already freed stack, as that
+will cause SEGFAULT. (Also, do not free a stack currently used by
+<b>pcre_exec()</b> in another thread). You can also replace the stack for a
+pattern at any time. You can even free the previous stack before assigning a
+replacement.
+</P>
+<P>
+(5) Should I allocate/free a stack every time before/after calling
+<b>pcre_exec()</b>?
+<br>
+<br>
+No, because this is too costly in terms of resources. However, you could
+implement some clever idea which release the stack if it is not used in let's
+say two minutes. The JIT callback can help to achieve this without keeping a
+list of the currently JIT studied patterns.
+</P>
+<P>
+(6) OK, the stack is for long term memory allocation. But what happens if a
+pattern causes stack overflow with a stack of 1M? Is that 1M kept until the
+stack is freed?
+<br>
+<br>
+Especially on embedded sytems, it might be a good idea to release memory
+sometimes without freeing the stack. There is no API for this at the moment.
+Probably a function call which returns with the currently allocated memory for
+any stack and another which allows releasing memory (shrinking the stack) would
+be a good idea if someone needs this.
+</P>
+<P>
+(7) This is too much of a headache. Isn't there any better solution for JIT
+stack handling?
+<br>
+<br>
+No, thanks to Windows. If POSIX threads were used everywhere, we could throw
+out this complicated API.
+</P>
+<br><a name="SEC10" href="#TOC1">EXAMPLE CODE</a><br>
+<P>
+This is a single-threaded example that specifies a JIT stack without using a
+callback.
+<pre>
+  int rc;
+  int ovector[30];
+  pcre *re;
+  pcre_extra *extra;
+  pcre_jit_stack *jit_stack;
+
+  re = pcre_compile(pattern, 0, &error, &erroffset, NULL);
+  /* Check for errors */
+  extra = pcre_study(re, PCRE_STUDY_JIT_COMPILE, &error);
+  jit_stack = pcre_jit_stack_alloc(32*1024, 512*1024);
+  /* Check for error (NULL) */
+  pcre_assign_jit_stack(extra, NULL, jit_stack);
+  rc = pcre_exec(re, extra, subject, length, 0, 0, ovector, 30);
+  /* Check results */
+  pcre_free(re);
+  pcre_free_study(extra);
+  pcre_jit_stack_free(jit_stack);
+
+</PRE>
+</P>
+<br><a name="SEC11" href="#TOC1">JIT FAST PATH API</a><br>
+<P>
+Because the API described above falls back to interpreted execution when JIT is
+not available, it is convenient for programs that are written for general use
+in many environments. However, calling JIT via <b>pcre_exec()</b> does have a
+performance impact. Programs that are written for use where JIT is known to be
+available, and which need the best possible performance, can instead use a
+"fast path" API to call JIT execution directly instead of calling
+<b>pcre_exec()</b> (obviously only for patterns that have been successfully
+studied by JIT).
+</P>
+<P>
+The fast path function is called <b>pcre_jit_exec()</b>, and it takes exactly
+the same arguments as <b>pcre_exec()</b>, plus one additional argument that
+must point to a JIT stack. The JIT stack arrangements described above do not
+apply. The return values are the same as for <b>pcre_exec()</b>.
+</P>
+<P>
+When you call <b>pcre_exec()</b>, as well as testing for invalid options, a
+number of other sanity checks are performed on the arguments. For example, if
+the subject pointer is NULL, or its length is negative, an immediate error is
+given. Also, unless PCRE_NO_UTF[8|16|32] is set, a UTF subject string is tested
+for validity. In the interests of speed, these checks do not happen on the JIT
+fast path, and if invalid data is passed, the result is undefined.
+</P>
+<P>
+Bypassing the sanity checks and the <b>pcre_exec()</b> wrapping can give
+speedups of more than 10%.
+</P>
+<P>
+Note that the <b>pcre_jit_exec()</b> function is not available in versions of
+PCRE before 8.32 (released in November 2012). If you need to support versions
+that old you must either use the slower <b>pcre_exec()</b>, or switch between
+the two codepaths by checking the values of PCRE_MAJOR and PCRE_MINOR.
+</P>
+<P>
+Due to an unfortunate implementation oversight, even in versions 8.32
+and later there will be no <b>pcre_jit_exec()</b> stub function defined
+when PCRE is compiled with --disable-jit, which is the default, and
+there's no way to detect whether PCRE was compiled with --enable-jit
+via a macro.
+</P>
+<P>
+If you need to support versions older than 8.32, or versions that may
+not build with --enable-jit, you must either use the slower
+<b>pcre_exec()</b>, or switch between the two codepaths by checking the
+values of PCRE_MAJOR and PCRE_MINOR.
+</P>
+<P>
+Switching between the two by checking the version assumes that all the
+versions being targeted are built with --enable-jit. To also support
+builds that may use --disable-jit either <b>pcre_exec()</b> must be
+used, or a compile-time check for JIT via <b>pcre_config()</b> (which
+assumes the runtime environment will be the same), or as the Git
+project decided to do, simply assume that <b>pcre_jit_exec()</b> is
+present in 8.32 or later unless a compile-time flag is provided, see
+the "grep: un-break building with PCRE &#62;= 8.32 without --enable-jit"
+commit in git.git for an example of that.
+</P>
+<br><a name="SEC12" href="#TOC1">SEE ALSO</a><br>
+<P>
+<b>pcreapi</b>(3)
+</P>
+<br><a name="SEC13" href="#TOC1">AUTHOR</a><br>
+<P>
+Philip Hazel (FAQ by Zoltan Herczeg)
+<br>
+University Computing Service
+<br>
+Cambridge CB2 3QH, England.
+<br>
+</P>
+<br><a name="SEC14" href="#TOC1">REVISION</a><br>
+<P>
+Last updated: 05 July 2017
+<br>
+Copyright &copy; 1997-2017 University of Cambridge.
+<br>
+<p>
+Return to the <a href="index.html">PCRE index page</a>.
+</p>
diff --git a/client/3rd/ShadowSocks/ShadowSocks/pcre/armv7/share/doc/pcre/html/pcrelimits.html b/client/3rd/ShadowSocks/ShadowSocks/pcre/armv7/share/doc/pcre/html/pcrelimits.html
new file mode 100644
index 00000000..ee5ebf03
--- /dev/null
+++ b/client/3rd/ShadowSocks/ShadowSocks/pcre/armv7/share/doc/pcre/html/pcrelimits.html
@@ -0,0 +1,90 @@
+<html>
+<head>
+<title>pcrelimits specification</title>
+</head>
+<body bgcolor="#FFFFFF" text="#00005A" link="#0066FF" alink="#3399FF" vlink="#2222BB">
+<h1>pcrelimits man page</h1>
+<p>
+Return to the <a href="index.html">PCRE index page</a>.
+</p>
+<p>
+This page is part of the PCRE HTML documentation. It was generated automatically
+from the original man page. If there is any nonsense in it, please consult the
+man page, in case the conversion went wrong.
+<br>
+<br><b>
+SIZE AND OTHER LIMITATIONS
+</b><br>
+<P>
+There are some size limitations in PCRE but it is hoped that they will never in
+practice be relevant.
+</P>
+<P>
+The maximum length of a compiled pattern is approximately 64K data units (bytes
+for the 8-bit library, 16-bit units for the 16-bit library, and 32-bit units for
+the 32-bit library) if PCRE is compiled with the default internal linkage size,
+which is 2 bytes for the 8-bit and 16-bit libraries, and 4 bytes for the 32-bit
+library. If you want to process regular expressions that are truly enormous,
+you can compile PCRE with an internal linkage size of 3 or 4 (when building the
+16-bit or 32-bit library, 3 is rounded up to 4). See the <b>README</b> file in
+the source distribution and the
+<a href="pcrebuild.html"><b>pcrebuild</b></a>
+documentation for details. In these cases the limit is substantially larger.
+However, the speed of execution is slower.
+</P>
+<P>
+All values in repeating quantifiers must be less than 65536.
+</P>
+<P>
+There is no limit to the number of parenthesized subpatterns, but there can be
+no more than 65535 capturing subpatterns. There is, however, a limit to the
+depth of nesting of parenthesized subpatterns of all kinds. This is imposed in
+order to limit the amount of system stack used at compile time. The limit can
+be specified when PCRE is built; the default is 250.
+</P>
+<P>
+There is a limit to the number of forward references to subsequent subpatterns
+of around 200,000. Repeated forward references with fixed upper limits, for
+example, (?2){0,100} when subpattern number 2 is to the right, are included in
+the count. There is no limit to the number of backward references.
+</P>
+<P>
+The maximum length of name for a named subpattern is 32 characters, and the
+maximum number of named subpatterns is 10000.
+</P>
+<P>
+The maximum length of a name in a (*MARK), (*PRUNE), (*SKIP), or (*THEN) verb
+is 255 for the 8-bit library and 65535 for the 16-bit and 32-bit libraries.
+</P>
+<P>
+The maximum length of a subject string is the largest positive number that an
+integer variable can hold. However, when using the traditional matching
+function, PCRE uses recursion to handle subpatterns and indefinite repetition.
+This means that the available stack space may limit the size of a subject
+string that can be processed by certain patterns. For a discussion of stack
+issues, see the
+<a href="pcrestack.html"><b>pcrestack</b></a>
+documentation.
+</P>
+<br><b>
+AUTHOR
+</b><br>
+<P>
+Philip Hazel
+<br>
+University Computing Service
+<br>
+Cambridge CB2 3QH, England.
+<br>
+</P>
+<br><b>
+REVISION
+</b><br>
+<P>
+Last updated: 05 November 2013
+<br>
+Copyright &copy; 1997-2013 University of Cambridge.
+<br>
+<p>
+Return to the <a href="index.html">PCRE index page</a>.
+</p>
diff --git a/client/3rd/ShadowSocks/ShadowSocks/pcre/armv7/share/doc/pcre/html/pcrematching.html b/client/3rd/ShadowSocks/ShadowSocks/pcre/armv7/share/doc/pcre/html/pcrematching.html
new file mode 100644
index 00000000..a1af39b6
--- /dev/null
+++ b/client/3rd/ShadowSocks/ShadowSocks/pcre/armv7/share/doc/pcre/html/pcrematching.html
@@ -0,0 +1,242 @@
+<html>
+<head>
+<title>pcrematching specification</title>
+</head>
+<body bgcolor="#FFFFFF" text="#00005A" link="#0066FF" alink="#3399FF" vlink="#2222BB">
+<h1>pcrematching man page</h1>
+<p>
+Return to the <a href="index.html">PCRE index page</a>.
+</p>
+<p>
+This page is part of the PCRE HTML documentation. It was generated automatically
+from the original man page. If there is any nonsense in it, please consult the
+man page, in case the conversion went wrong.
+<br>
+<ul>
+<li><a name="TOC1" href="#SEC1">PCRE MATCHING ALGORITHMS</a>
+<li><a name="TOC2" href="#SEC2">REGULAR EXPRESSIONS AS TREES</a>
+<li><a name="TOC3" href="#SEC3">THE STANDARD MATCHING ALGORITHM</a>
+<li><a name="TOC4" href="#SEC4">THE ALTERNATIVE MATCHING ALGORITHM</a>
+<li><a name="TOC5" href="#SEC5">ADVANTAGES OF THE ALTERNATIVE ALGORITHM</a>
+<li><a name="TOC6" href="#SEC6">DISADVANTAGES OF THE ALTERNATIVE ALGORITHM</a>
+<li><a name="TOC7" href="#SEC7">AUTHOR</a>
+<li><a name="TOC8" href="#SEC8">REVISION</a>
+</ul>
+<br><a name="SEC1" href="#TOC1">PCRE MATCHING ALGORITHMS</a><br>
+<P>
+This document describes the two different algorithms that are available in PCRE
+for matching a compiled regular expression against a given subject string. The
+"standard" algorithm is the one provided by the <b>pcre_exec()</b>,
+<b>pcre16_exec()</b> and <b>pcre32_exec()</b> functions. These work in the same
+as as Perl's matching function, and provide a Perl-compatible matching operation.
+The just-in-time (JIT) optimization that is described in the
+<a href="pcrejit.html"><b>pcrejit</b></a>
+documentation is compatible with these functions.
+</P>
+<P>
+An alternative algorithm is provided by the <b>pcre_dfa_exec()</b>,
+<b>pcre16_dfa_exec()</b> and <b>pcre32_dfa_exec()</b> functions; they operate in
+a different way, and are not Perl-compatible. This alternative has advantages
+and disadvantages compared with the standard algorithm, and these are described
+below.
+</P>
+<P>
+When there is only one possible way in which a given subject string can match a
+pattern, the two algorithms give the same answer. A difference arises, however,
+when there are multiple possibilities. For example, if the pattern
+<pre>
+  ^&#60;.*&#62;
+</pre>
+is matched against the string
+<pre>
+  &#60;something&#62; &#60;something else&#62; &#60;something further&#62;
+</pre>
+there are three possible answers. The standard algorithm finds only one of
+them, whereas the alternative algorithm finds all three.
+</P>
+<br><a name="SEC2" href="#TOC1">REGULAR EXPRESSIONS AS TREES</a><br>
+<P>
+The set of strings that are matched by a regular expression can be represented
+as a tree structure. An unlimited repetition in the pattern makes the tree of
+infinite size, but it is still a tree. Matching the pattern to a given subject
+string (from a given starting point) can be thought of as a search of the tree.
+There are two ways to search a tree: depth-first and breadth-first, and these
+correspond to the two matching algorithms provided by PCRE.
+</P>
+<br><a name="SEC3" href="#TOC1">THE STANDARD MATCHING ALGORITHM</a><br>
+<P>
+In the terminology of Jeffrey Friedl's book "Mastering Regular
+Expressions", the standard algorithm is an "NFA algorithm". It conducts a
+depth-first search of the pattern tree. That is, it proceeds along a single
+path through the tree, checking that the subject matches what is required. When
+there is a mismatch, the algorithm tries any alternatives at the current point,
+and if they all fail, it backs up to the previous branch point in the tree, and
+tries the next alternative branch at that level. This often involves backing up
+(moving to the left) in the subject string as well. The order in which
+repetition branches are tried is controlled by the greedy or ungreedy nature of
+the quantifier.
+</P>
+<P>
+If a leaf node is reached, a matching string has been found, and at that point
+the algorithm stops. Thus, if there is more than one possible match, this
+algorithm returns the first one that it finds. Whether this is the shortest,
+the longest, or some intermediate length depends on the way the greedy and
+ungreedy repetition quantifiers are specified in the pattern.
+</P>
+<P>
+Because it ends up with a single path through the tree, it is relatively
+straightforward for this algorithm to keep track of the substrings that are
+matched by portions of the pattern in parentheses. This provides support for
+capturing parentheses and back references.
+</P>
+<br><a name="SEC4" href="#TOC1">THE ALTERNATIVE MATCHING ALGORITHM</a><br>
+<P>
+This algorithm conducts a breadth-first search of the tree. Starting from the
+first matching point in the subject, it scans the subject string from left to
+right, once, character by character, and as it does this, it remembers all the
+paths through the tree that represent valid matches. In Friedl's terminology,
+this is a kind of "DFA algorithm", though it is not implemented as a
+traditional finite state machine (it keeps multiple states active
+simultaneously).
+</P>
+<P>
+Although the general principle of this matching algorithm is that it scans the
+subject string only once, without backtracking, there is one exception: when a
+lookaround assertion is encountered, the characters following or preceding the
+current point have to be independently inspected.
+</P>
+<P>
+The scan continues until either the end of the subject is reached, or there are
+no more unterminated paths. At this point, terminated paths represent the
+different matching possibilities (if there are none, the match has failed).
+Thus, if there is more than one possible match, this algorithm finds all of
+them, and in particular, it finds the longest. The matches are returned in
+decreasing order of length. There is an option to stop the algorithm after the
+first match (which is necessarily the shortest) is found.
+</P>
+<P>
+Note that all the matches that are found start at the same point in the
+subject. If the pattern
+<pre>
+  cat(er(pillar)?)?
+</pre>
+is matched against the string "the caterpillar catchment", the result will be
+the three strings "caterpillar", "cater", and "cat" that start at the fifth
+character of the subject. The algorithm does not automatically move on to find
+matches that start at later positions.
+</P>
+<P>
+PCRE's "auto-possessification" optimization usually applies to character
+repeats at the end of a pattern (as well as internally). For example, the
+pattern "a\d+" is compiled as if it were "a\d++" because there is no point
+even considering the possibility of backtracking into the repeated digits. For
+DFA matching, this means that only one possible match is found. If you really
+do want multiple matches in such cases, either use an ungreedy repeat
+("a\d+?") or set the PCRE_NO_AUTO_POSSESS option when compiling.
+</P>
+<P>
+There are a number of features of PCRE regular expressions that are not
+supported by the alternative matching algorithm. They are as follows:
+</P>
+<P>
+1. Because the algorithm finds all possible matches, the greedy or ungreedy
+nature of repetition quantifiers is not relevant. Greedy and ungreedy
+quantifiers are treated in exactly the same way. However, possessive
+quantifiers can make a difference when what follows could also match what is
+quantified, for example in a pattern like this:
+<pre>
+  ^a++\w!
+</pre>
+This pattern matches "aaab!" but not "aaa!", which would be matched by a
+non-possessive quantifier. Similarly, if an atomic group is present, it is
+matched as if it were a standalone pattern at the current point, and the
+longest match is then "locked in" for the rest of the overall pattern.
+</P>
+<P>
+2. When dealing with multiple paths through the tree simultaneously, it is not
+straightforward to keep track of captured substrings for the different matching
+possibilities, and PCRE's implementation of this algorithm does not attempt to
+do this. This means that no captured substrings are available.
+</P>
+<P>
+3. Because no substrings are captured, back references within the pattern are
+not supported, and cause errors if encountered.
+</P>
+<P>
+4. For the same reason, conditional expressions that use a backreference as the
+condition or test for a specific group recursion are not supported.
+</P>
+<P>
+5. Because many paths through the tree may be active, the \K escape sequence,
+which resets the start of the match when encountered (but may be on some paths
+and not on others), is not supported. It causes an error if encountered.
+</P>
+<P>
+6. Callouts are supported, but the value of the <i>capture_top</i> field is
+always 1, and the value of the <i>capture_last</i> field is always -1.
+</P>
+<P>
+7. The \C escape sequence, which (in the standard algorithm) always matches a
+single data unit, even in UTF-8, UTF-16 or UTF-32 modes, is not supported in
+these modes, because the alternative algorithm moves through the subject string
+one character (not data unit) at a time, for all active paths through the tree.
+</P>
+<P>
+8. Except for (*FAIL), the backtracking control verbs such as (*PRUNE) are not
+supported. (*FAIL) is supported, and behaves like a failing negative assertion.
+</P>
+<br><a name="SEC5" href="#TOC1">ADVANTAGES OF THE ALTERNATIVE ALGORITHM</a><br>
+<P>
+Using the alternative matching algorithm provides the following advantages:
+</P>
+<P>
+1. All possible matches (at a single point in the subject) are automatically
+found, and in particular, the longest match is found. To find more than one
+match using the standard algorithm, you have to do kludgy things with
+callouts.
+</P>
+<P>
+2. Because the alternative algorithm scans the subject string just once, and
+never needs to backtrack (except for lookbehinds), it is possible to pass very
+long subject strings to the matching function in several pieces, checking for
+partial matching each time. Although it is possible to do multi-segment
+matching using the standard algorithm by retaining partially matched
+substrings, it is more complicated. The
+<a href="pcrepartial.html"><b>pcrepartial</b></a>
+documentation gives details of partial matching and discusses multi-segment
+matching.
+</P>
+<br><a name="SEC6" href="#TOC1">DISADVANTAGES OF THE ALTERNATIVE ALGORITHM</a><br>
+<P>
+The alternative algorithm suffers from a number of disadvantages:
+</P>
+<P>
+1. It is substantially slower than the standard algorithm. This is partly
+because it has to search for all possible matches, but is also because it is
+less susceptible to optimization.
+</P>
+<P>
+2. Capturing parentheses and back references are not supported.
+</P>
+<P>
+3. Although atomic groups are supported, their use does not provide the
+performance advantage that it does for the standard algorithm.
+</P>
+<br><a name="SEC7" href="#TOC1">AUTHOR</a><br>
+<P>
+Philip Hazel
+<br>
+University Computing Service
+<br>
+Cambridge CB2 3QH, England.
+<br>
+</P>
+<br><a name="SEC8" href="#TOC1">REVISION</a><br>
+<P>
+Last updated: 12 November 2013
+<br>
+Copyright &copy; 1997-2012 University of Cambridge.
+<br>
+<p>
+Return to the <a href="index.html">PCRE index page</a>.
+</p>
diff --git a/client/3rd/ShadowSocks/ShadowSocks/pcre/armv7/share/doc/pcre/html/pcrepartial.html b/client/3rd/ShadowSocks/ShadowSocks/pcre/armv7/share/doc/pcre/html/pcrepartial.html
new file mode 100644
index 00000000..4faeafcb
--- /dev/null
+++ b/client/3rd/ShadowSocks/ShadowSocks/pcre/armv7/share/doc/pcre/html/pcrepartial.html
@@ -0,0 +1,509 @@
+<html>
+<head>
+<title>pcrepartial specification</title>
+</head>
+<body bgcolor="#FFFFFF" text="#00005A" link="#0066FF" alink="#3399FF" vlink="#2222BB">
+<h1>pcrepartial man page</h1>
+<p>
+Return to the <a href="index.html">PCRE index page</a>.
+</p>
+<p>
+This page is part of the PCRE HTML documentation. It was generated automatically
+from the original man page. If there is any nonsense in it, please consult the
+man page, in case the conversion went wrong.
+<br>
+<ul>
+<li><a name="TOC1" href="#SEC1">PARTIAL MATCHING IN PCRE</a>
+<li><a name="TOC2" href="#SEC2">PARTIAL MATCHING USING pcre_exec() OR pcre[16|32]_exec()</a>
+<li><a name="TOC3" href="#SEC3">PARTIAL MATCHING USING pcre_dfa_exec() OR pcre[16|32]_dfa_exec()</a>
+<li><a name="TOC4" href="#SEC4">PARTIAL MATCHING AND WORD BOUNDARIES</a>
+<li><a name="TOC5" href="#SEC5">FORMERLY RESTRICTED PATTERNS</a>
+<li><a name="TOC6" href="#SEC6">EXAMPLE OF PARTIAL MATCHING USING PCRETEST</a>
+<li><a name="TOC7" href="#SEC7">MULTI-SEGMENT MATCHING WITH pcre_dfa_exec() OR pcre[16|32]_dfa_exec()</a>
+<li><a name="TOC8" href="#SEC8">MULTI-SEGMENT MATCHING WITH pcre_exec() OR pcre[16|32]_exec()</a>
+<li><a name="TOC9" href="#SEC9">ISSUES WITH MULTI-SEGMENT MATCHING</a>
+<li><a name="TOC10" href="#SEC10">AUTHOR</a>
+<li><a name="TOC11" href="#SEC11">REVISION</a>
+</ul>
+<br><a name="SEC1" href="#TOC1">PARTIAL MATCHING IN PCRE</a><br>
+<P>
+In normal use of PCRE, if the subject string that is passed to a matching
+function matches as far as it goes, but is too short to match the entire
+pattern, PCRE_ERROR_NOMATCH is returned. There are circumstances where it might
+be helpful to distinguish this case from other cases in which there is no
+match.
+</P>
+<P>
+Consider, for example, an application where a human is required to type in data
+for a field with specific formatting requirements. An example might be a date
+in the form <i>ddmmmyy</i>, defined by this pattern:
+<pre>
+  ^\d?\d(jan|feb|mar|apr|may|jun|jul|aug|sep|oct|nov|dec)\d\d$
+</pre>
+If the application sees the user's keystrokes one by one, and can check that
+what has been typed so far is potentially valid, it is able to raise an error
+as soon as a mistake is made, by beeping and not reflecting the character that
+has been typed, for example. This immediate feedback is likely to be a better
+user interface than a check that is delayed until the entire string has been
+entered. Partial matching can also be useful when the subject string is very
+long and is not all available at once.
+</P>
+<P>
+PCRE supports partial matching by means of the PCRE_PARTIAL_SOFT and
+PCRE_PARTIAL_HARD options, which can be set when calling any of the matching
+functions. For backwards compatibility, PCRE_PARTIAL is a synonym for
+PCRE_PARTIAL_SOFT. The essential difference between the two options is whether
+or not a partial match is preferred to an alternative complete match, though
+the details differ between the two types of matching function. If both options
+are set, PCRE_PARTIAL_HARD takes precedence.
+</P>
+<P>
+If you want to use partial matching with just-in-time optimized code, you must
+call <b>pcre_study()</b>, <b>pcre16_study()</b> or  <b>pcre32_study()</b> with one
+or both of these options:
+<pre>
+  PCRE_STUDY_JIT_PARTIAL_SOFT_COMPILE
+  PCRE_STUDY_JIT_PARTIAL_HARD_COMPILE
+</pre>
+PCRE_STUDY_JIT_COMPILE should also be set if you are going to run non-partial
+matches on the same pattern. If the appropriate JIT study mode has not been set
+for a match, the interpretive matching code is used.
+</P>
+<P>
+Setting a partial matching option disables two of PCRE's standard
+optimizations. PCRE remembers the last literal data unit in a pattern, and
+abandons matching immediately if it is not present in the subject string. This
+optimization cannot be used for a subject string that might match only
+partially. If the pattern was studied, PCRE knows the minimum length of a
+matching string, and does not bother to run the matching function on shorter
+strings. This optimization is also disabled for partial matching.
+</P>
+<br><a name="SEC2" href="#TOC1">PARTIAL MATCHING USING pcre_exec() OR pcre[16|32]_exec()</a><br>
+<P>
+A partial match occurs during a call to <b>pcre_exec()</b> or
+<b>pcre[16|32]_exec()</b> when the end of the subject string is reached
+successfully, but matching cannot continue because more characters are needed.
+However, at least one character in the subject must have been inspected. This
+character need not form part of the final matched string; lookbehind assertions
+and the \K escape sequence provide ways of inspecting characters before the
+start of a matched substring. The requirement for inspecting at least one
+character exists because an empty string can always be matched; without such a
+restriction there would always be a partial match of an empty string at the end
+of the subject.
+</P>
+<P>
+If there are at least two slots in the offsets vector when a partial match is
+returned, the first slot is set to the offset of the earliest character that
+was inspected. For convenience, the second offset points to the end of the
+subject so that a substring can easily be identified. If there are at least
+three slots in the offsets vector, the third slot is set to the offset of the
+character where matching started.
+</P>
+<P>
+For the majority of patterns, the contents of the first and third slots will be
+the same. However, for patterns that contain lookbehind assertions, or begin
+with \b or \B, characters before the one where matching started may have been
+inspected while carrying out the match. For example, consider this pattern:
+<pre>
+  /(?&#60;=abc)123/
+</pre>
+This pattern matches "123", but only if it is preceded by "abc". If the subject
+string is "xyzabc12", the first two offsets after a partial match are for the
+substring "abc12", because all these characters were inspected. However, the
+third offset is set to 6, because that is the offset where matching began.
+</P>
+<P>
+What happens when a partial match is identified depends on which of the two
+partial matching options are set.
+</P>
+<br><b>
+PCRE_PARTIAL_SOFT WITH pcre_exec() OR pcre[16|32]_exec()
+</b><br>
+<P>
+If PCRE_PARTIAL_SOFT is set when <b>pcre_exec()</b> or <b>pcre[16|32]_exec()</b>
+identifies a partial match, the partial match is remembered, but matching
+continues as normal, and other alternatives in the pattern are tried. If no
+complete match can be found, PCRE_ERROR_PARTIAL is returned instead of
+PCRE_ERROR_NOMATCH.
+</P>
+<P>
+This option is "soft" because it prefers a complete match over a partial match.
+All the various matching items in a pattern behave as if the subject string is
+potentially complete. For example, \z, \Z, and $ match at the end of the
+subject, as normal, and for \b and \B the end of the subject is treated as a
+non-alphanumeric.
+</P>
+<P>
+If there is more than one partial match, the first one that was found provides
+the data that is returned. Consider this pattern:
+<pre>
+  /123\w+X|dogY/
+</pre>
+If this is matched against the subject string "abc123dog", both
+alternatives fail to match, but the end of the subject is reached during
+matching, so PCRE_ERROR_PARTIAL is returned. The offsets are set to 3 and 9,
+identifying "123dog" as the first partial match that was found. (In this
+example, there are two partial matches, because "dog" on its own partially
+matches the second alternative.)
+</P>
+<br><b>
+PCRE_PARTIAL_HARD WITH pcre_exec() OR pcre[16|32]_exec()
+</b><br>
+<P>
+If PCRE_PARTIAL_HARD is set for <b>pcre_exec()</b> or <b>pcre[16|32]_exec()</b>,
+PCRE_ERROR_PARTIAL is returned as soon as a partial match is found, without
+continuing to search for possible complete matches. This option is "hard"
+because it prefers an earlier partial match over a later complete match. For
+this reason, the assumption is made that the end of the supplied subject string
+may not be the true end of the available data, and so, if \z, \Z, \b, \B,
+or $ are encountered at the end of the subject, the result is
+PCRE_ERROR_PARTIAL, provided that at least one character in the subject has
+been inspected.
+</P>
+<P>
+Setting PCRE_PARTIAL_HARD also affects the way UTF-8 and UTF-16
+subject strings are checked for validity. Normally, an invalid sequence
+causes the error PCRE_ERROR_BADUTF8 or PCRE_ERROR_BADUTF16. However, in the
+special case of a truncated character at the end of the subject,
+PCRE_ERROR_SHORTUTF8 or PCRE_ERROR_SHORTUTF16 is returned when
+PCRE_PARTIAL_HARD is set.
+</P>
+<br><b>
+Comparing hard and soft partial matching
+</b><br>
+<P>
+The difference between the two partial matching options can be illustrated by a
+pattern such as:
+<pre>
+  /dog(sbody)?/
+</pre>
+This matches either "dog" or "dogsbody", greedily (that is, it prefers the
+longer string if possible). If it is matched against the string "dog" with
+PCRE_PARTIAL_SOFT, it yields a complete match for "dog". However, if
+PCRE_PARTIAL_HARD is set, the result is PCRE_ERROR_PARTIAL. On the other hand,
+if the pattern is made ungreedy the result is different:
+<pre>
+  /dog(sbody)??/
+</pre>
+In this case the result is always a complete match because that is found first,
+and matching never continues after finding a complete match. It might be easier
+to follow this explanation by thinking of the two patterns like this:
+<pre>
+  /dog(sbody)?/    is the same as  /dogsbody|dog/
+  /dog(sbody)??/   is the same as  /dog|dogsbody/
+</pre>
+The second pattern will never match "dogsbody", because it will always find the
+shorter match first.
+</P>
+<br><a name="SEC3" href="#TOC1">PARTIAL MATCHING USING pcre_dfa_exec() OR pcre[16|32]_dfa_exec()</a><br>
+<P>
+The DFA functions move along the subject string character by character, without
+backtracking, searching for all possible matches simultaneously. If the end of
+the subject is reached before the end of the pattern, there is the possibility
+of a partial match, again provided that at least one character has been
+inspected.
+</P>
+<P>
+When PCRE_PARTIAL_SOFT is set, PCRE_ERROR_PARTIAL is returned only if there
+have been no complete matches. Otherwise, the complete matches are returned.
+However, if PCRE_PARTIAL_HARD is set, a partial match takes precedence over any
+complete matches. The portion of the string that was inspected when the longest
+partial match was found is set as the first matching string, provided there are
+at least two slots in the offsets vector.
+</P>
+<P>
+Because the DFA functions always search for all possible matches, and there is
+no difference between greedy and ungreedy repetition, their behaviour is
+different from the standard functions when PCRE_PARTIAL_HARD is set. Consider
+the string "dog" matched against the ungreedy pattern shown above:
+<pre>
+  /dog(sbody)??/
+</pre>
+Whereas the standard functions stop as soon as they find the complete match for
+"dog", the DFA functions also find the partial match for "dogsbody", and so
+return that when PCRE_PARTIAL_HARD is set.
+</P>
+<br><a name="SEC4" href="#TOC1">PARTIAL MATCHING AND WORD BOUNDARIES</a><br>
+<P>
+If a pattern ends with one of sequences \b or \B, which test for word
+boundaries, partial matching with PCRE_PARTIAL_SOFT can give counter-intuitive
+results. Consider this pattern:
+<pre>
+  /\bcat\b/
+</pre>
+This matches "cat", provided there is a word boundary at either end. If the
+subject string is "the cat", the comparison of the final "t" with a following
+character cannot take place, so a partial match is found. However, normal
+matching carries on, and \b matches at the end of the subject when the last
+character is a letter, so a complete match is found. The result, therefore, is
+<i>not</i> PCRE_ERROR_PARTIAL. Using PCRE_PARTIAL_HARD in this case does yield
+PCRE_ERROR_PARTIAL, because then the partial match takes precedence.
+</P>
+<br><a name="SEC5" href="#TOC1">FORMERLY RESTRICTED PATTERNS</a><br>
+<P>
+For releases of PCRE prior to 8.00, because of the way certain internal
+optimizations were implemented in the <b>pcre_exec()</b> function, the
+PCRE_PARTIAL option (predecessor of PCRE_PARTIAL_SOFT) could not be used with
+all patterns. From release 8.00 onwards, the restrictions no longer apply, and
+partial matching with can be requested for any pattern.
+</P>
+<P>
+Items that were formerly restricted were repeated single characters and
+repeated metasequences. If PCRE_PARTIAL was set for a pattern that did not
+conform to the restrictions, <b>pcre_exec()</b> returned the error code
+PCRE_ERROR_BADPARTIAL (-13). This error code is no longer in use. The
+PCRE_INFO_OKPARTIAL call to <b>pcre_fullinfo()</b> to find out if a compiled
+pattern can be used for partial matching now always returns 1.
+</P>
+<br><a name="SEC6" href="#TOC1">EXAMPLE OF PARTIAL MATCHING USING PCRETEST</a><br>
+<P>
+If the escape sequence \P is present in a <b>pcretest</b> data line, the
+PCRE_PARTIAL_SOFT option is used for the match. Here is a run of <b>pcretest</b>
+that uses the date example quoted above:
+<pre>
+    re&#62; /^\d?\d(jan|feb|mar|apr|may|jun|jul|aug|sep|oct|nov|dec)\d\d$/
+  data&#62; 25jun04\P
+   0: 25jun04
+   1: jun
+  data&#62; 25dec3\P
+  Partial match: 23dec3
+  data&#62; 3ju\P
+  Partial match: 3ju
+  data&#62; 3juj\P
+  No match
+  data&#62; j\P
+  No match
+</pre>
+The first data string is matched completely, so <b>pcretest</b> shows the
+matched substrings. The remaining four strings do not match the complete
+pattern, but the first two are partial matches. Similar output is obtained
+if DFA matching is used.
+</P>
+<P>
+If the escape sequence \P is present more than once in a <b>pcretest</b> data
+line, the PCRE_PARTIAL_HARD option is set for the match.
+</P>
+<br><a name="SEC7" href="#TOC1">MULTI-SEGMENT MATCHING WITH pcre_dfa_exec() OR pcre[16|32]_dfa_exec()</a><br>
+<P>
+When a partial match has been found using a DFA matching function, it is
+possible to continue the match by providing additional subject data and calling
+the function again with the same compiled regular expression, this time setting
+the PCRE_DFA_RESTART option. You must pass the same working space as before,
+because this is where details of the previous partial match are stored. Here is
+an example using <b>pcretest</b>, using the \R escape sequence to set the
+PCRE_DFA_RESTART option (\D specifies the use of the DFA matching function):
+<pre>
+    re&#62; /^\d?\d(jan|feb|mar|apr|may|jun|jul|aug|sep|oct|nov|dec)\d\d$/
+  data&#62; 23ja\P\D
+  Partial match: 23ja
+  data&#62; n05\R\D
+   0: n05
+</pre>
+The first call has "23ja" as the subject, and requests partial matching; the
+second call has "n05" as the subject for the continued (restarted) match.
+Notice that when the match is complete, only the last part is shown; PCRE does
+not retain the previously partially-matched string. It is up to the calling
+program to do that if it needs to.
+</P>
+<P>
+That means that, for an unanchored pattern, if a continued match fails, it is
+not possible to try again at a new starting point. All this facility is capable
+of doing is continuing with the previous match attempt. In the previous
+example, if the second set of data is "ug23" the result is no match, even
+though there would be a match for "aug23" if the entire string were given at
+once. Depending on the application, this may or may not be what you want.
+The only way to allow for starting again at the next character is to retain the
+matched part of the subject and try a new complete match.
+</P>
+<P>
+You can set the PCRE_PARTIAL_SOFT or PCRE_PARTIAL_HARD options with
+PCRE_DFA_RESTART to continue partial matching over multiple segments. This
+facility can be used to pass very long subject strings to the DFA matching
+functions.
+</P>
+<br><a name="SEC8" href="#TOC1">MULTI-SEGMENT MATCHING WITH pcre_exec() OR pcre[16|32]_exec()</a><br>
+<P>
+From release 8.00, the standard matching functions can also be used to do
+multi-segment matching. Unlike the DFA functions, it is not possible to
+restart the previous match with a new segment of data. Instead, new data must
+be added to the previous subject string, and the entire match re-run, starting
+from the point where the partial match occurred. Earlier data can be discarded.
+</P>
+<P>
+It is best to use PCRE_PARTIAL_HARD in this situation, because it does not
+treat the end of a segment as the end of the subject when matching \z, \Z,
+\b, \B, and $. Consider an unanchored pattern that matches dates:
+<pre>
+    re&#62; /\d?\d(jan|feb|mar|apr|may|jun|jul|aug|sep|oct|nov|dec)\d\d/
+  data&#62; The date is 23ja\P\P
+  Partial match: 23ja
+</pre>
+At this stage, an application could discard the text preceding "23ja", add on
+text from the next segment, and call the matching function again. Unlike the
+DFA matching functions, the entire matching string must always be available,
+and the complete matching process occurs for each call, so more memory and more
+processing time is needed.
+</P>
+<P>
+<b>Note:</b> If the pattern contains lookbehind assertions, or \K, or starts
+with \b or \B, the string that is returned for a partial match includes
+characters that precede the start of what would be returned for a complete
+match, because it contains all the characters that were inspected during the
+partial match.
+</P>
+<br><a name="SEC9" href="#TOC1">ISSUES WITH MULTI-SEGMENT MATCHING</a><br>
+<P>
+Certain types of pattern may give problems with multi-segment matching,
+whichever matching function is used.
+</P>
+<P>
+1. If the pattern contains a test for the beginning of a line, you need to pass
+the PCRE_NOTBOL option when the subject string for any call does start at the
+beginning of a line. There is also a PCRE_NOTEOL option, but in practice when
+doing multi-segment matching you should be using PCRE_PARTIAL_HARD, which
+includes the effect of PCRE_NOTEOL.
+</P>
+<P>
+2. Lookbehind assertions that have already been obeyed are catered for in the
+offsets that are returned for a partial match. However a lookbehind assertion
+later in the pattern could require even earlier characters to be inspected. You
+can handle this case by using the PCRE_INFO_MAXLOOKBEHIND option of the
+<b>pcre_fullinfo()</b> or <b>pcre[16|32]_fullinfo()</b> functions to obtain the
+length of the longest lookbehind in the pattern. This length is given in
+characters, not bytes. If you always retain at least that many characters
+before the partially matched string, all should be well. (Of course, near the
+start of the subject, fewer characters may be present; in that case all
+characters should be retained.)
+</P>
+<P>
+From release 8.33, there is a more accurate way of deciding which characters to
+retain. Instead of subtracting the length of the longest lookbehind from the
+earliest inspected character (<i>offsets[0]</i>), the match start position
+(<i>offsets[2]</i>) should be used, and the next match attempt started at the
+<i>offsets[2]</i> character by setting the <i>startoffset</i> argument of
+<b>pcre_exec()</b> or <b>pcre_dfa_exec()</b>.
+</P>
+<P>
+For example, if the pattern "(?&#60;=123)abc" is partially
+matched against the string "xx123a", the three offset values returned are 2, 6,
+and 5. This indicates that the matching process that gave a partial match
+started at offset 5, but the characters "123a" were all inspected. The maximum
+lookbehind for that pattern is 3, so taking that away from 5 shows that we need
+only keep "123a", and the next match attempt can be started at offset 3 (that
+is, at "a") when further characters have been added. When the match start is
+not the earliest inspected character, <b>pcretest</b> shows it explicitly:
+<pre>
+    re&#62; "(?&#60;=123)abc"
+  data&#62; xx123a\P\P
+  Partial match at offset 5: 123a
+</PRE>
+</P>
+<P>
+3. Because a partial match must always contain at least one character, what
+might be considered a partial match of an empty string actually gives a "no
+match" result. For example:
+<pre>
+    re&#62; /c(?&#60;=abc)x/
+  data&#62; ab\P
+  No match
+</pre>
+If the next segment begins "cx", a match should be found, but this will only
+happen if characters from the previous segment are retained. For this reason, a
+"no match" result should be interpreted as "partial match of an empty string"
+when the pattern contains lookbehinds.
+</P>
+<P>
+4. Matching a subject string that is split into multiple segments may not
+always produce exactly the same result as matching over one single long string,
+especially when PCRE_PARTIAL_SOFT is used. The section "Partial Matching and
+Word Boundaries" above describes an issue that arises if the pattern ends with
+\b or \B. Another kind of difference may occur when there are multiple
+matching possibilities, because (for PCRE_PARTIAL_SOFT) a partial match result
+is given only when there are no completed matches. This means that as soon as
+the shortest match has been found, continuation to a new subject segment is no
+longer possible. Consider again this <b>pcretest</b> example:
+<pre>
+    re&#62; /dog(sbody)?/
+  data&#62; dogsb\P
+   0: dog
+  data&#62; do\P\D
+  Partial match: do
+  data&#62; gsb\R\P\D
+   0: g
+  data&#62; dogsbody\D
+   0: dogsbody
+   1: dog
+</pre>
+The first data line passes the string "dogsb" to a standard matching function,
+setting the PCRE_PARTIAL_SOFT option. Although the string is a partial match
+for "dogsbody", the result is not PCRE_ERROR_PARTIAL, because the shorter
+string "dog" is a complete match. Similarly, when the subject is presented to
+a DFA matching function in several parts ("do" and "gsb" being the first two)
+the match stops when "dog" has been found, and it is not possible to continue.
+On the other hand, if "dogsbody" is presented as a single string, a DFA
+matching function finds both matches.
+</P>
+<P>
+Because of these problems, it is best to use PCRE_PARTIAL_HARD when matching
+multi-segment data. The example above then behaves differently:
+<pre>
+    re&#62; /dog(sbody)?/
+  data&#62; dogsb\P\P
+  Partial match: dogsb
+  data&#62; do\P\D
+  Partial match: do
+  data&#62; gsb\R\P\P\D
+  Partial match: gsb
+</pre>
+5. Patterns that contain alternatives at the top level which do not all start
+with the same pattern item may not work as expected when PCRE_DFA_RESTART is
+used. For example, consider this pattern:
+<pre>
+  1234|3789
+</pre>
+If the first part of the subject is "ABC123", a partial match of the first
+alternative is found at offset 3. There is no partial match for the second
+alternative, because such a match does not start at the same point in the
+subject string. Attempting to continue with the string "7890" does not yield a
+match because only those alternatives that match at one point in the subject
+are remembered. The problem arises because the start of the second alternative
+matches within the first alternative. There is no problem with anchored
+patterns or patterns such as:
+<pre>
+  1234|ABCD
+</pre>
+where no string can be a partial match for both alternatives. This is not a
+problem if a standard matching function is used, because the entire match has
+to be rerun each time:
+<pre>
+    re&#62; /1234|3789/
+  data&#62; ABC123\P\P
+  Partial match: 123
+  data&#62; 1237890
+   0: 3789
+</pre>
+Of course, instead of using PCRE_DFA_RESTART, the same technique of re-running
+the entire match can also be used with the DFA matching functions. Another
+possibility is to work with two buffers. If a partial match at offset <i>n</i>
+in the first buffer is followed by "no match" when PCRE_DFA_RESTART is used on
+the second buffer, you can then try a new match starting at offset <i>n+1</i> in
+the first buffer.
+</P>
+<br><a name="SEC10" href="#TOC1">AUTHOR</a><br>
+<P>
+Philip Hazel
+<br>
+University Computing Service
+<br>
+Cambridge CB2 3QH, England.
+<br>
+</P>
+<br><a name="SEC11" href="#TOC1">REVISION</a><br>
+<P>
+Last updated: 02 July 2013
+<br>
+Copyright &copy; 1997-2013 University of Cambridge.
+<br>
+<p>
+Return to the <a href="index.html">PCRE index page</a>.
+</p>
diff --git a/client/3rd/ShadowSocks/ShadowSocks/pcre/armv7/share/doc/pcre/html/pcrepattern.html b/client/3rd/ShadowSocks/ShadowSocks/pcre/armv7/share/doc/pcre/html/pcrepattern.html
new file mode 100644
index 00000000..96fc7298
--- /dev/null
+++ b/client/3rd/ShadowSocks/ShadowSocks/pcre/armv7/share/doc/pcre/html/pcrepattern.html
@@ -0,0 +1,3276 @@
+<html>
+<head>
+<title>pcrepattern specification</title>
+</head>
+<body bgcolor="#FFFFFF" text="#00005A" link="#0066FF" alink="#3399FF" vlink="#2222BB">
+<h1>pcrepattern man page</h1>
+<p>
+Return to the <a href="index.html">PCRE index page</a>.
+</p>
+<p>
+This page is part of the PCRE HTML documentation. It was generated automatically
+from the original man page. If there is any nonsense in it, please consult the
+man page, in case the conversion went wrong.
+<br>
+<ul>
+<li><a name="TOC1" href="#SEC1">PCRE REGULAR EXPRESSION DETAILS</a>
+<li><a name="TOC2" href="#SEC2">SPECIAL START-OF-PATTERN ITEMS</a>
+<li><a name="TOC3" href="#SEC3">EBCDIC CHARACTER CODES</a>
+<li><a name="TOC4" href="#SEC4">CHARACTERS AND METACHARACTERS</a>
+<li><a name="TOC5" href="#SEC5">BACKSLASH</a>
+<li><a name="TOC6" href="#SEC6">CIRCUMFLEX AND DOLLAR</a>
+<li><a name="TOC7" href="#SEC7">FULL STOP (PERIOD, DOT) AND \N</a>
+<li><a name="TOC8" href="#SEC8">MATCHING A SINGLE DATA UNIT</a>
+<li><a name="TOC9" href="#SEC9">SQUARE BRACKETS AND CHARACTER CLASSES</a>
+<li><a name="TOC10" href="#SEC10">POSIX CHARACTER CLASSES</a>
+<li><a name="TOC11" href="#SEC11">COMPATIBILITY FEATURE FOR WORD BOUNDARIES</a>
+<li><a name="TOC12" href="#SEC12">VERTICAL BAR</a>
+<li><a name="TOC13" href="#SEC13">INTERNAL OPTION SETTING</a>
+<li><a name="TOC14" href="#SEC14">SUBPATTERNS</a>
+<li><a name="TOC15" href="#SEC15">DUPLICATE SUBPATTERN NUMBERS</a>
+<li><a name="TOC16" href="#SEC16">NAMED SUBPATTERNS</a>
+<li><a name="TOC17" href="#SEC17">REPETITION</a>
+<li><a name="TOC18" href="#SEC18">ATOMIC GROUPING AND POSSESSIVE QUANTIFIERS</a>
+<li><a name="TOC19" href="#SEC19">BACK REFERENCES</a>
+<li><a name="TOC20" href="#SEC20">ASSERTIONS</a>
+<li><a name="TOC21" href="#SEC21">CONDITIONAL SUBPATTERNS</a>
+<li><a name="TOC22" href="#SEC22">COMMENTS</a>
+<li><a name="TOC23" href="#SEC23">RECURSIVE PATTERNS</a>
+<li><a name="TOC24" href="#SEC24">SUBPATTERNS AS SUBROUTINES</a>
+<li><a name="TOC25" href="#SEC25">ONIGURUMA SUBROUTINE SYNTAX</a>
+<li><a name="TOC26" href="#SEC26">CALLOUTS</a>
+<li><a name="TOC27" href="#SEC27">BACKTRACKING CONTROL</a>
+<li><a name="TOC28" href="#SEC28">SEE ALSO</a>
+<li><a name="TOC29" href="#SEC29">AUTHOR</a>
+<li><a name="TOC30" href="#SEC30">REVISION</a>
+</ul>
+<br><a name="SEC1" href="#TOC1">PCRE REGULAR EXPRESSION DETAILS</a><br>
+<P>
+The syntax and semantics of the regular expressions that are supported by PCRE
+are described in detail below. There is a quick-reference syntax summary in the
+<a href="pcresyntax.html"><b>pcresyntax</b></a>
+page. PCRE tries to match Perl syntax and semantics as closely as it can. PCRE
+also supports some alternative regular expression syntax (which does not
+conflict with the Perl syntax) in order to provide some compatibility with
+regular expressions in Python, .NET, and Oniguruma.
+</P>
+<P>
+Perl's regular expressions are described in its own documentation, and
+regular expressions in general are covered in a number of books, some of which
+have copious examples. Jeffrey Friedl's "Mastering Regular Expressions",
+published by O'Reilly, covers regular expressions in great detail. This
+description of PCRE's regular expressions is intended as reference material.
+</P>
+<P>
+This document discusses the patterns that are supported by PCRE when one its
+main matching functions, <b>pcre_exec()</b> (8-bit) or <b>pcre[16|32]_exec()</b>
+(16- or 32-bit), is used. PCRE also has alternative matching functions,
+<b>pcre_dfa_exec()</b> and <b>pcre[16|32_dfa_exec()</b>, which match using a
+different algorithm that is not Perl-compatible. Some of the features discussed
+below are not available when DFA matching is used. The advantages and
+disadvantages of the alternative functions, and how they differ from the normal
+functions, are discussed in the
+<a href="pcrematching.html"><b>pcrematching</b></a>
+page.
+</P>
+<br><a name="SEC2" href="#TOC1">SPECIAL START-OF-PATTERN ITEMS</a><br>
+<P>
+A number of options that can be passed to <b>pcre_compile()</b> can also be set
+by special items at the start of a pattern. These are not Perl-compatible, but
+are provided to make these options accessible to pattern writers who are not
+able to change the program that processes the pattern. Any number of these
+items may appear, but they must all be together right at the start of the
+pattern string, and the letters must be in upper case.
+</P>
+<br><b>
+UTF support
+</b><br>
+<P>
+The original operation of PCRE was on strings of one-byte characters. However,
+there is now also support for UTF-8 strings in the original library, an
+extra library that supports 16-bit and UTF-16 character strings, and a
+third library that supports 32-bit and UTF-32 character strings. To use these
+features, PCRE must be built to include appropriate support. When using UTF
+strings you must either call the compiling function with the PCRE_UTF8,
+PCRE_UTF16, or PCRE_UTF32 option, or the pattern must start with one of
+these special sequences:
+<pre>
+  (*UTF8)
+  (*UTF16)
+  (*UTF32)
+  (*UTF)
+</pre>
+(*UTF) is a generic sequence that can be used with any of the libraries.
+Starting a pattern with such a sequence is equivalent to setting the relevant
+option. How setting a UTF mode affects pattern matching is mentioned in several
+places below. There is also a summary of features in the
+<a href="pcreunicode.html"><b>pcreunicode</b></a>
+page.
+</P>
+<P>
+Some applications that allow their users to supply patterns may wish to
+restrict them to non-UTF data for security reasons. If the PCRE_NEVER_UTF
+option is set at compile time, (*UTF) etc. are not allowed, and their
+appearance causes an error.
+</P>
+<br><b>
+Unicode property support
+</b><br>
+<P>
+Another special sequence that may appear at the start of a pattern is (*UCP).
+This has the same effect as setting the PCRE_UCP option: it causes sequences
+such as \d and \w to use Unicode properties to determine character types,
+instead of recognizing only characters with codes less than 128 via a lookup
+table.
+</P>
+<br><b>
+Disabling auto-possessification
+</b><br>
+<P>
+If a pattern starts with (*NO_AUTO_POSSESS), it has the same effect as setting
+the PCRE_NO_AUTO_POSSESS option at compile time. This stops PCRE from making
+quantifiers possessive when what follows cannot match the repeated item. For
+example, by default a+b is treated as a++b. For more details, see the
+<a href="pcreapi.html"><b>pcreapi</b></a>
+documentation.
+</P>
+<br><b>
+Disabling start-up optimizations
+</b><br>
+<P>
+If a pattern starts with (*NO_START_OPT), it has the same effect as setting the
+PCRE_NO_START_OPTIMIZE option either at compile or matching time. This disables
+several optimizations for quickly reaching "no match" results. For more
+details, see the
+<a href="pcreapi.html"><b>pcreapi</b></a>
+documentation.
+<a name="newlines"></a></P>
+<br><b>
+Newline conventions
+</b><br>
+<P>
+PCRE supports five different conventions for indicating line breaks in
+strings: a single CR (carriage return) character, a single LF (linefeed)
+character, the two-character sequence CRLF, any of the three preceding, or any
+Unicode newline sequence. The
+<a href="pcreapi.html"><b>pcreapi</b></a>
+page has
+<a href="pcreapi.html#newlines">further discussion</a>
+about newlines, and shows how to set the newline convention in the
+<i>options</i> arguments for the compiling and matching functions.
+</P>
+<P>
+It is also possible to specify a newline convention by starting a pattern
+string with one of the following five sequences:
+<pre>
+  (*CR)        carriage return
+  (*LF)        linefeed
+  (*CRLF)      carriage return, followed by linefeed
+  (*ANYCRLF)   any of the three above
+  (*ANY)       all Unicode newline sequences
+</pre>
+These override the default and the options given to the compiling function. For
+example, on a Unix system where LF is the default newline sequence, the pattern
+<pre>
+  (*CR)a.b
+</pre>
+changes the convention to CR. That pattern matches "a\nb" because LF is no
+longer a newline. If more than one of these settings is present, the last one
+is used.
+</P>
+<P>
+The newline convention affects where the circumflex and dollar assertions are
+true. It also affects the interpretation of the dot metacharacter when
+PCRE_DOTALL is not set, and the behaviour of \N. However, it does not affect
+what the \R escape sequence matches. By default, this is any Unicode newline
+sequence, for Perl compatibility. However, this can be changed; see the
+description of \R in the section entitled
+<a href="#newlineseq">"Newline sequences"</a>
+below. A change of \R setting can be combined with a change of newline
+convention.
+</P>
+<br><b>
+Setting match and recursion limits
+</b><br>
+<P>
+The caller of <b>pcre_exec()</b> can set a limit on the number of times the
+internal <b>match()</b> function is called and on the maximum depth of
+recursive calls. These facilities are provided to catch runaway matches that
+are provoked by patterns with huge matching trees (a typical example is a
+pattern with nested unlimited repeats) and to avoid running out of system stack
+by too much recursion. When one of these limits is reached, <b>pcre_exec()</b>
+gives an error return. The limits can also be set by items at the start of the
+pattern of the form
+<pre>
+  (*LIMIT_MATCH=d)
+  (*LIMIT_RECURSION=d)
+</pre>
+where d is any number of decimal digits. However, the value of the setting must
+be less than the value set (or defaulted) by the caller of <b>pcre_exec()</b>
+for it to have any effect. In other words, the pattern writer can lower the
+limits set by the programmer, but not raise them. If there is more than one
+setting of one of these limits, the lower value is used.
+</P>
+<br><a name="SEC3" href="#TOC1">EBCDIC CHARACTER CODES</a><br>
+<P>
+PCRE can be compiled to run in an environment that uses EBCDIC as its character
+code rather than ASCII or Unicode (typically a mainframe system). In the
+sections below, character code values are ASCII or Unicode; in an EBCDIC
+environment these characters may have different code values, and there are no
+code points greater than 255.
+</P>
+<br><a name="SEC4" href="#TOC1">CHARACTERS AND METACHARACTERS</a><br>
+<P>
+A regular expression is a pattern that is matched against a subject string from
+left to right. Most characters stand for themselves in a pattern, and match the
+corresponding characters in the subject. As a trivial example, the pattern
+<pre>
+  The quick brown fox
+</pre>
+matches a portion of a subject string that is identical to itself. When
+caseless matching is specified (the PCRE_CASELESS option), letters are matched
+independently of case. In a UTF mode, PCRE always understands the concept of
+case for characters whose values are less than 128, so caseless matching is
+always possible. For characters with higher values, the concept of case is
+supported if PCRE is compiled with Unicode property support, but not otherwise.
+If you want to use caseless matching for characters 128 and above, you must
+ensure that PCRE is compiled with Unicode property support as well as with
+UTF support.
+</P>
+<P>
+The power of regular expressions comes from the ability to include alternatives
+and repetitions in the pattern. These are encoded in the pattern by the use of
+<i>metacharacters</i>, which do not stand for themselves but instead are
+interpreted in some special way.
+</P>
+<P>
+There are two different sets of metacharacters: those that are recognized
+anywhere in the pattern except within square brackets, and those that are
+recognized within square brackets. Outside square brackets, the metacharacters
+are as follows:
+<pre>
+  \      general escape character with several uses
+  ^      assert start of string (or line, in multiline mode)
+  $      assert end of string (or line, in multiline mode)
+  .      match any character except newline (by default)
+  [      start character class definition
+  |      start of alternative branch
+  (      start subpattern
+  )      end subpattern
+  ?      extends the meaning of (
+         also 0 or 1 quantifier
+         also quantifier minimizer
+  *      0 or more quantifier
+  +      1 or more quantifier
+         also "possessive quantifier"
+  {      start min/max quantifier
+</pre>
+Part of a pattern that is in square brackets is called a "character class". In
+a character class the only metacharacters are:
+<pre>
+  \      general escape character
+  ^      negate the class, but only if the first character
+  -      indicates character range
+  [      POSIX character class (only if followed by POSIX syntax)
+  ]      terminates the character class
+</pre>
+The following sections describe the use of each of the metacharacters.
+</P>
+<br><a name="SEC5" href="#TOC1">BACKSLASH</a><br>
+<P>
+The backslash character has several uses. Firstly, if it is followed by a
+character that is not a number or a letter, it takes away any special meaning
+that character may have. This use of backslash as an escape character applies
+both inside and outside character classes.
+</P>
+<P>
+For example, if you want to match a * character, you write \* in the pattern.
+This escaping action applies whether or not the following character would
+otherwise be interpreted as a metacharacter, so it is always safe to precede a
+non-alphanumeric with backslash to specify that it stands for itself. In
+particular, if you want to match a backslash, you write \\.
+</P>
+<P>
+In a UTF mode, only ASCII numbers and letters have any special meaning after a
+backslash. All other characters (in particular, those whose codepoints are
+greater than 127) are treated as literals.
+</P>
+<P>
+If a pattern is compiled with the PCRE_EXTENDED option, most white space in the
+pattern (other than in a character class), and characters between a # outside a
+character class and the next newline, inclusive, are ignored. An escaping
+backslash can be used to include a white space or # character as part of the
+pattern.
+</P>
+<P>
+If you want to remove the special meaning from a sequence of characters, you
+can do so by putting them between \Q and \E. This is different from Perl in
+that $ and @ are handled as literals in \Q...\E sequences in PCRE, whereas in
+Perl, $ and @ cause variable interpolation. Note the following examples:
+<pre>
+  Pattern            PCRE matches   Perl matches
+
+  \Qabc$xyz\E        abc$xyz        abc followed by the contents of $xyz
+  \Qabc\$xyz\E       abc\$xyz       abc\$xyz
+  \Qabc\E\$\Qxyz\E   abc$xyz        abc$xyz
+</pre>
+The \Q...\E sequence is recognized both inside and outside character classes.
+An isolated \E that is not preceded by \Q is ignored. If \Q is not followed
+by \E later in the pattern, the literal interpretation continues to the end of
+the pattern (that is, \E is assumed at the end). If the isolated \Q is inside
+a character class, this causes an error, because the character class is not
+terminated.
+<a name="digitsafterbackslash"></a></P>
+<br><b>
+Non-printing characters
+</b><br>
+<P>
+A second use of backslash provides a way of encoding non-printing characters
+in patterns in a visible manner. There is no restriction on the appearance of
+non-printing characters, apart from the binary zero that terminates a pattern,
+but when a pattern is being prepared by text editing, it is often easier to use
+one of the following escape sequences than the binary character it represents.
+In an ASCII or Unicode environment, these escapes are as follows:
+<pre>
+  \a        alarm, that is, the BEL character (hex 07)
+  \cx       "control-x", where x is any ASCII character
+  \e        escape (hex 1B)
+  \f        form feed (hex 0C)
+  \n        linefeed (hex 0A)
+  \r        carriage return (hex 0D)
+  \t        tab (hex 09)
+  \0dd      character with octal code 0dd
+  \ddd      character with octal code ddd, or back reference
+  \o{ddd..} character with octal code ddd..
+  \xhh      character with hex code hh
+  \x{hhh..} character with hex code hhh.. (non-JavaScript mode)
+  \uhhhh    character with hex code hhhh (JavaScript mode only)
+</pre>
+The precise effect of \cx on ASCII characters is as follows: if x is a lower
+case letter, it is converted to upper case. Then bit 6 of the character (hex
+40) is inverted. Thus \cA to \cZ become hex 01 to hex 1A (A is 41, Z is 5A),
+but \c{ becomes hex 3B ({ is 7B), and \c; becomes hex 7B (; is 3B). If the
+data item (byte or 16-bit value) following \c has a value greater than 127, a
+compile-time error occurs. This locks out non-ASCII characters in all modes.
+</P>
+<P>
+When PCRE is compiled in EBCDIC mode, \a, \e, \f, \n, \r, and \t
+generate the appropriate EBCDIC code values. The \c escape is processed
+as specified for Perl in the <b>perlebcdic</b> document. The only characters
+that are allowed after \c are A-Z, a-z, or one of @, [, \, ], ^, _, or ?. Any
+other character provokes a compile-time error. The sequence \c@ encodes
+character code 0; after \c the letters (in either case) encode characters 1-26
+(hex 01 to hex 1A); [, \, ], ^, and _ encode characters 27-31 (hex 1B to hex
+1F), and \c? becomes either 255 (hex FF) or 95 (hex 5F).
+</P>
+<P>
+Thus, apart from \c?, these escapes generate the same character code values as
+they do in an ASCII environment, though the meanings of the values mostly
+differ. For example, \cG always generates code value 7, which is BEL in ASCII
+but DEL in EBCDIC.
+</P>
+<P>
+The sequence \c? generates DEL (127, hex 7F) in an ASCII environment, but
+because 127 is not a control character in EBCDIC, Perl makes it generate the
+APC character. Unfortunately, there are several variants of EBCDIC. In most of
+them the APC character has the value 255 (hex FF), but in the one Perl calls
+POSIX-BC its value is 95 (hex 5F). If certain other characters have POSIX-BC
+values, PCRE makes \c? generate 95; otherwise it generates 255.
+</P>
+<P>
+After \0 up to two further octal digits are read. If there are fewer than two
+digits, just those that are present are used. Thus the sequence \0\x\015
+specifies two binary zeros followed by a CR character (code value 13). Make
+sure you supply two digits after the initial zero if the pattern character that
+follows is itself an octal digit.
+</P>
+<P>
+The escape \o must be followed by a sequence of octal digits, enclosed in
+braces. An error occurs if this is not the case. This escape is a recent
+addition to Perl; it provides way of specifying character code points as octal
+numbers greater than 0777, and it also allows octal numbers and back references
+to be unambiguously specified.
+</P>
+<P>
+For greater clarity and unambiguity, it is best to avoid following \ by a
+digit greater than zero. Instead, use \o{} or \x{} to specify character
+numbers, and \g{} to specify back references. The following paragraphs
+describe the old, ambiguous syntax.
+</P>
+<P>
+The handling of a backslash followed by a digit other than 0 is complicated,
+and Perl has changed in recent releases, causing PCRE also to change. Outside a
+character class, PCRE reads the digit and any following digits as a decimal
+number. If the number is less than 8, or if there have been at least that many
+previous capturing left parentheses in the expression, the entire sequence is
+taken as a <i>back reference</i>. A description of how this works is given
+<a href="#backreferences">later,</a>
+following the discussion of
+<a href="#subpattern">parenthesized subpatterns.</a>
+</P>
+<P>
+Inside a character class, or if the decimal number following \ is greater than
+7 and there have not been that many capturing subpatterns, PCRE handles \8 and
+\9 as the literal characters "8" and "9", and otherwise re-reads up to three
+octal digits following the backslash, using them to generate a data character.
+Any subsequent digits stand for themselves. For example:
+<pre>
+  \040   is another way of writing an ASCII space
+  \40    is the same, provided there are fewer than 40 previous capturing subpatterns
+  \7     is always a back reference
+  \11    might be a back reference, or another way of writing a tab
+  \011   is always a tab
+  \0113  is a tab followed by the character "3"
+  \113   might be a back reference, otherwise the character with octal code 113
+  \377   might be a back reference, otherwise the value 255 (decimal)
+  \81    is either a back reference, or the two characters "8" and "1"
+</pre>
+Note that octal values of 100 or greater that are specified using this syntax
+must not be introduced by a leading zero, because no more than three octal
+digits are ever read.
+</P>
+<P>
+By default, after \x that is not followed by {, from zero to two hexadecimal
+digits are read (letters can be in upper or lower case). Any number of
+hexadecimal digits may appear between \x{ and }. If a character other than
+a hexadecimal digit appears between \x{ and }, or if there is no terminating
+}, an error occurs.
+</P>
+<P>
+If the PCRE_JAVASCRIPT_COMPAT option is set, the interpretation of \x is
+as just described only when it is followed by two hexadecimal digits.
+Otherwise, it matches a literal "x" character. In JavaScript mode, support for
+code points greater than 256 is provided by \u, which must be followed by
+four hexadecimal digits; otherwise it matches a literal "u" character.
+</P>
+<P>
+Characters whose value is less than 256 can be defined by either of the two
+syntaxes for \x (or by \u in JavaScript mode). There is no difference in the
+way they are handled. For example, \xdc is exactly the same as \x{dc} (or
+\u00dc in JavaScript mode).
+</P>
+<br><b>
+Constraints on character values
+</b><br>
+<P>
+Characters that are specified using octal or hexadecimal numbers are
+limited to certain values, as follows:
+<pre>
+  8-bit non-UTF mode    less than 0x100
+  8-bit UTF-8 mode      less than 0x10ffff and a valid codepoint
+  16-bit non-UTF mode   less than 0x10000
+  16-bit UTF-16 mode    less than 0x10ffff and a valid codepoint
+  32-bit non-UTF mode   less than 0x100000000
+  32-bit UTF-32 mode    less than 0x10ffff and a valid codepoint
+</pre>
+Invalid Unicode codepoints are the range 0xd800 to 0xdfff (the so-called
+"surrogate" codepoints), and 0xffef.
+</P>
+<br><b>
+Escape sequences in character classes
+</b><br>
+<P>
+All the sequences that define a single character value can be used both inside
+and outside character classes. In addition, inside a character class, \b is
+interpreted as the backspace character (hex 08).
+</P>
+<P>
+\N is not allowed in a character class. \B, \R, and \X are not special
+inside a character class. Like other unrecognized escape sequences, they are
+treated as the literal characters "B", "R", and "X" by default, but cause an
+error if the PCRE_EXTRA option is set. Outside a character class, these
+sequences have different meanings.
+</P>
+<br><b>
+Unsupported escape sequences
+</b><br>
+<P>
+In Perl, the sequences \l, \L, \u, and \U are recognized by its string
+handler and used to modify the case of following characters. By default, PCRE
+does not support these escape sequences. However, if the PCRE_JAVASCRIPT_COMPAT
+option is set, \U matches a "U" character, and \u can be used to define a
+character by code point, as described in the previous section.
+</P>
+<br><b>
+Absolute and relative back references
+</b><br>
+<P>
+The sequence \g followed by an unsigned or a negative number, optionally
+enclosed in braces, is an absolute or relative back reference. A named back
+reference can be coded as \g{name}. Back references are discussed
+<a href="#backreferences">later,</a>
+following the discussion of
+<a href="#subpattern">parenthesized subpatterns.</a>
+</P>
+<br><b>
+Absolute and relative subroutine calls
+</b><br>
+<P>
+For compatibility with Oniguruma, the non-Perl syntax \g followed by a name or
+a number enclosed either in angle brackets or single quotes, is an alternative
+syntax for referencing a subpattern as a "subroutine". Details are discussed
+<a href="#onigurumasubroutines">later.</a>
+Note that \g{...} (Perl syntax) and \g&#60;...&#62; (Oniguruma syntax) are <i>not</i>
+synonymous. The former is a back reference; the latter is a
+<a href="#subpatternsassubroutines">subroutine</a>
+call.
+<a name="genericchartypes"></a></P>
+<br><b>
+Generic character types
+</b><br>
+<P>
+Another use of backslash is for specifying generic character types:
+<pre>
+  \d     any decimal digit
+  \D     any character that is not a decimal digit
+  \h     any horizontal white space character
+  \H     any character that is not a horizontal white space character
+  \s     any white space character
+  \S     any character that is not a white space character
+  \v     any vertical white space character
+  \V     any character that is not a vertical white space character
+  \w     any "word" character
+  \W     any "non-word" character
+</pre>
+There is also the single sequence \N, which matches a non-newline character.
+This is the same as
+<a href="#fullstopdot">the "." metacharacter</a>
+when PCRE_DOTALL is not set. Perl also uses \N to match characters by name;
+PCRE does not support this.
+</P>
+<P>
+Each pair of lower and upper case escape sequences partitions the complete set
+of characters into two disjoint sets. Any given character matches one, and only
+one, of each pair. The sequences can appear both inside and outside character
+classes. They each match one character of the appropriate type. If the current
+matching point is at the end of the subject string, all of them fail, because
+there is no character to match.
+</P>
+<P>
+For compatibility with Perl, \s did not used to match the VT character (code
+11), which made it different from the the POSIX "space" class. However, Perl
+added VT at release 5.18, and PCRE followed suit at release 8.34. The default
+\s characters are now HT (9), LF (10), VT (11), FF (12), CR (13), and space
+(32), which are defined as white space in the "C" locale. This list may vary if
+locale-specific matching is taking place. For example, in some locales the
+"non-breaking space" character (\xA0) is recognized as white space, and in
+others the VT character is not.
+</P>
+<P>
+A "word" character is an underscore or any character that is a letter or digit.
+By default, the definition of letters and digits is controlled by PCRE's
+low-valued character tables, and may vary if locale-specific matching is taking
+place (see
+<a href="pcreapi.html#localesupport">"Locale support"</a>
+in the
+<a href="pcreapi.html"><b>pcreapi</b></a>
+page). For example, in a French locale such as "fr_FR" in Unix-like systems,
+or "french" in Windows, some character codes greater than 127 are used for
+accented letters, and these are then matched by \w. The use of locales with
+Unicode is discouraged.
+</P>
+<P>
+By default, characters whose code points are greater than 127 never match \d,
+\s, or \w, and always match \D, \S, and \W, although this may vary for
+characters in the range 128-255 when locale-specific matching is happening.
+These escape sequences retain their original meanings from before Unicode
+support was available, mainly for efficiency reasons. If PCRE is compiled with
+Unicode property support, and the PCRE_UCP option is set, the behaviour is
+changed so that Unicode properties are used to determine character types, as
+follows:
+<pre>
+  \d  any character that matches \p{Nd} (decimal digit)
+  \s  any character that matches \p{Z} or \h or \v
+  \w  any character that matches \p{L} or \p{N}, plus underscore
+</pre>
+The upper case escapes match the inverse sets of characters. Note that \d
+matches only decimal digits, whereas \w matches any Unicode digit, as well as
+any Unicode letter, and underscore. Note also that PCRE_UCP affects \b, and
+\B because they are defined in terms of \w and \W. Matching these sequences
+is noticeably slower when PCRE_UCP is set.
+</P>
+<P>
+The sequences \h, \H, \v, and \V are features that were added to Perl at
+release 5.10. In contrast to the other sequences, which match only ASCII
+characters by default, these always match certain high-valued code points,
+whether or not PCRE_UCP is set. The horizontal space characters are:
+<pre>
+  U+0009     Horizontal tab (HT)
+  U+0020     Space
+  U+00A0     Non-break space
+  U+1680     Ogham space mark
+  U+180E     Mongolian vowel separator
+  U+2000     En quad
+  U+2001     Em quad
+  U+2002     En space
+  U+2003     Em space
+  U+2004     Three-per-em space
+  U+2005     Four-per-em space
+  U+2006     Six-per-em space
+  U+2007     Figure space
+  U+2008     Punctuation space
+  U+2009     Thin space
+  U+200A     Hair space
+  U+202F     Narrow no-break space
+  U+205F     Medium mathematical space
+  U+3000     Ideographic space
+</pre>
+The vertical space characters are:
+<pre>
+  U+000A     Linefeed (LF)
+  U+000B     Vertical tab (VT)
+  U+000C     Form feed (FF)
+  U+000D     Carriage return (CR)
+  U+0085     Next line (NEL)
+  U+2028     Line separator
+  U+2029     Paragraph separator
+</pre>
+In 8-bit, non-UTF-8 mode, only the characters with codepoints less than 256 are
+relevant.
+<a name="newlineseq"></a></P>
+<br><b>
+Newline sequences
+</b><br>
+<P>
+Outside a character class, by default, the escape sequence \R matches any
+Unicode newline sequence. In 8-bit non-UTF-8 mode \R is equivalent to the
+following:
+<pre>
+  (?&#62;\r\n|\n|\x0b|\f|\r|\x85)
+</pre>
+This is an example of an "atomic group", details of which are given
+<a href="#atomicgroup">below.</a>
+This particular group matches either the two-character sequence CR followed by
+LF, or one of the single characters LF (linefeed, U+000A), VT (vertical tab,
+U+000B), FF (form feed, U+000C), CR (carriage return, U+000D), or NEL (next
+line, U+0085). The two-character sequence is treated as a single unit that
+cannot be split.
+</P>
+<P>
+In other modes, two additional characters whose codepoints are greater than 255
+are added: LS (line separator, U+2028) and PS (paragraph separator, U+2029).
+Unicode character property support is not needed for these characters to be
+recognized.
+</P>
+<P>
+It is possible to restrict \R to match only CR, LF, or CRLF (instead of the
+complete set of Unicode line endings) by setting the option PCRE_BSR_ANYCRLF
+either at compile time or when the pattern is matched. (BSR is an abbrevation
+for "backslash R".) This can be made the default when PCRE is built; if this is
+the case, the other behaviour can be requested via the PCRE_BSR_UNICODE option.
+It is also possible to specify these settings by starting a pattern string with
+one of the following sequences:
+<pre>
+  (*BSR_ANYCRLF)   CR, LF, or CRLF only
+  (*BSR_UNICODE)   any Unicode newline sequence
+</pre>
+These override the default and the options given to the compiling function, but
+they can themselves be overridden by options given to a matching function. Note
+that these special settings, which are not Perl-compatible, are recognized only
+at the very start of a pattern, and that they must be in upper case. If more
+than one of them is present, the last one is used. They can be combined with a
+change of newline convention; for example, a pattern can start with:
+<pre>
+  (*ANY)(*BSR_ANYCRLF)
+</pre>
+They can also be combined with the (*UTF8), (*UTF16), (*UTF32), (*UTF) or
+(*UCP) special sequences. Inside a character class, \R is treated as an
+unrecognized escape sequence, and so matches the letter "R" by default, but
+causes an error if PCRE_EXTRA is set.
+<a name="uniextseq"></a></P>
+<br><b>
+Unicode character properties
+</b><br>
+<P>
+When PCRE is built with Unicode character property support, three additional
+escape sequences that match characters with specific properties are available.
+When in 8-bit non-UTF-8 mode, these sequences are of course limited to testing
+characters whose codepoints are less than 256, but they do work in this mode.
+The extra escape sequences are:
+<pre>
+  \p{<i>xx</i>}   a character with the <i>xx</i> property
+  \P{<i>xx</i>}   a character without the <i>xx</i> property
+  \X       a Unicode extended grapheme cluster
+</pre>
+The property names represented by <i>xx</i> above are limited to the Unicode
+script names, the general category properties, "Any", which matches any
+character (including newline), and some special PCRE properties (described
+in the
+<a href="#extraprops">next section).</a>
+Other Perl properties such as "InMusicalSymbols" are not currently supported by
+PCRE. Note that \P{Any} does not match any characters, so always causes a
+match failure.
+</P>
+<P>
+Sets of Unicode characters are defined as belonging to certain scripts. A
+character from one of these sets can be matched using a script name. For
+example:
+<pre>
+  \p{Greek}
+  \P{Han}
+</pre>
+Those that are not part of an identified script are lumped together as
+"Common". The current list of scripts is:
+</P>
+<P>
+Arabic,
+Armenian,
+Avestan,
+Balinese,
+Bamum,
+Bassa_Vah,
+Batak,
+Bengali,
+Bopomofo,
+Brahmi,
+Braille,
+Buginese,
+Buhid,
+Canadian_Aboriginal,
+Carian,
+Caucasian_Albanian,
+Chakma,
+Cham,
+Cherokee,
+Common,
+Coptic,
+Cuneiform,
+Cypriot,
+Cyrillic,
+Deseret,
+Devanagari,
+Duployan,
+Egyptian_Hieroglyphs,
+Elbasan,
+Ethiopic,
+Georgian,
+Glagolitic,
+Gothic,
+Grantha,
+Greek,
+Gujarati,
+Gurmukhi,
+Han,
+Hangul,
+Hanunoo,
+Hebrew,
+Hiragana,
+Imperial_Aramaic,
+Inherited,
+Inscriptional_Pahlavi,
+Inscriptional_Parthian,
+Javanese,
+Kaithi,
+Kannada,
+Katakana,
+Kayah_Li,
+Kharoshthi,
+Khmer,
+Khojki,
+Khudawadi,
+Lao,
+Latin,
+Lepcha,
+Limbu,
+Linear_A,
+Linear_B,
+Lisu,
+Lycian,
+Lydian,
+Mahajani,
+Malayalam,
+Mandaic,
+Manichaean,
+Meetei_Mayek,
+Mende_Kikakui,
+Meroitic_Cursive,
+Meroitic_Hieroglyphs,
+Miao,
+Modi,
+Mongolian,
+Mro,
+Myanmar,
+Nabataean,
+New_Tai_Lue,
+Nko,
+Ogham,
+Ol_Chiki,
+Old_Italic,
+Old_North_Arabian,
+Old_Permic,
+Old_Persian,
+Old_South_Arabian,
+Old_Turkic,
+Oriya,
+Osmanya,
+Pahawh_Hmong,
+Palmyrene,
+Pau_Cin_Hau,
+Phags_Pa,
+Phoenician,
+Psalter_Pahlavi,
+Rejang,
+Runic,
+Samaritan,
+Saurashtra,
+Sharada,
+Shavian,
+Siddham,
+Sinhala,
+Sora_Sompeng,
+Sundanese,
+Syloti_Nagri,
+Syriac,
+Tagalog,
+Tagbanwa,
+Tai_Le,
+Tai_Tham,
+Tai_Viet,
+Takri,
+Tamil,
+Telugu,
+Thaana,
+Thai,
+Tibetan,
+Tifinagh,
+Tirhuta,
+Ugaritic,
+Vai,
+Warang_Citi,
+Yi.
+</P>
+<P>
+Each character has exactly one Unicode general category property, specified by
+a two-letter abbreviation. For compatibility with Perl, negation can be
+specified by including a circumflex between the opening brace and the property
+name. For example, \p{^Lu} is the same as \P{Lu}.
+</P>
+<P>
+If only one letter is specified with \p or \P, it includes all the general
+category properties that start with that letter. In this case, in the absence
+of negation, the curly brackets in the escape sequence are optional; these two
+examples have the same effect:
+<pre>
+  \p{L}
+  \pL
+</pre>
+The following general category property codes are supported:
+<pre>
+  C     Other
+  Cc    Control
+  Cf    Format
+  Cn    Unassigned
+  Co    Private use
+  Cs    Surrogate
+
+  L     Letter
+  Ll    Lower case letter
+  Lm    Modifier letter
+  Lo    Other letter
+  Lt    Title case letter
+  Lu    Upper case letter
+
+  M     Mark
+  Mc    Spacing mark
+  Me    Enclosing mark
+  Mn    Non-spacing mark
+
+  N     Number
+  Nd    Decimal number
+  Nl    Letter number
+  No    Other number
+
+  P     Punctuation
+  Pc    Connector punctuation
+  Pd    Dash punctuation
+  Pe    Close punctuation
+  Pf    Final punctuation
+  Pi    Initial punctuation
+  Po    Other punctuation
+  Ps    Open punctuation
+
+  S     Symbol
+  Sc    Currency symbol
+  Sk    Modifier symbol
+  Sm    Mathematical symbol
+  So    Other symbol
+
+  Z     Separator
+  Zl    Line separator
+  Zp    Paragraph separator
+  Zs    Space separator
+</pre>
+The special property L& is also supported: it matches a character that has
+the Lu, Ll, or Lt property, in other words, a letter that is not classified as
+a modifier or "other".
+</P>
+<P>
+The Cs (Surrogate) property applies only to characters in the range U+D800 to
+U+DFFF. Such characters are not valid in Unicode strings and so
+cannot be tested by PCRE, unless UTF validity checking has been turned off
+(see the discussion of PCRE_NO_UTF8_CHECK, PCRE_NO_UTF16_CHECK and
+PCRE_NO_UTF32_CHECK in the
+<a href="pcreapi.html"><b>pcreapi</b></a>
+page). Perl does not support the Cs property.
+</P>
+<P>
+The long synonyms for property names that Perl supports (such as \p{Letter})
+are not supported by PCRE, nor is it permitted to prefix any of these
+properties with "Is".
+</P>
+<P>
+No character that is in the Unicode table has the Cn (unassigned) property.
+Instead, this property is assumed for any code point that is not in the
+Unicode table.
+</P>
+<P>
+Specifying caseless matching does not affect these escape sequences. For
+example, \p{Lu} always matches only upper case letters. This is different from
+the behaviour of current versions of Perl.
+</P>
+<P>
+Matching characters by Unicode property is not fast, because PCRE has to do a
+multistage table lookup in order to find a character's property. That is why
+the traditional escape sequences such as \d and \w do not use Unicode
+properties in PCRE by default, though you can make them do so by setting the
+PCRE_UCP option or by starting the pattern with (*UCP).
+</P>
+<br><b>
+Extended grapheme clusters
+</b><br>
+<P>
+The \X escape matches any number of Unicode characters that form an "extended
+grapheme cluster", and treats the sequence as an atomic group
+<a href="#atomicgroup">(see below).</a>
+Up to and including release 8.31, PCRE matched an earlier, simpler definition
+that was equivalent to
+<pre>
+  (?&#62;\PM\pM*)
+</pre>
+That is, it matched a character without the "mark" property, followed by zero
+or more characters with the "mark" property. Characters with the "mark"
+property are typically non-spacing accents that affect the preceding character.
+</P>
+<P>
+This simple definition was extended in Unicode to include more complicated
+kinds of composite character by giving each character a grapheme breaking
+property, and creating rules that use these properties to define the boundaries
+of extended grapheme clusters. In releases of PCRE later than 8.31, \X matches
+one of these clusters.
+</P>
+<P>
+\X always matches at least one character. Then it decides whether to add
+additional characters according to the following rules for ending a cluster:
+</P>
+<P>
+1. End at the end of the subject string.
+</P>
+<P>
+2. Do not end between CR and LF; otherwise end after any control character.
+</P>
+<P>
+3. Do not break Hangul (a Korean script) syllable sequences. Hangul characters
+are of five types: L, V, T, LV, and LVT. An L character may be followed by an
+L, V, LV, or LVT character; an LV or V character may be followed by a V or T
+character; an LVT or T character may be follwed only by a T character.
+</P>
+<P>
+4. Do not end before extending characters or spacing marks. Characters with
+the "mark" property always have the "extend" grapheme breaking property.
+</P>
+<P>
+5. Do not end after prepend characters.
+</P>
+<P>
+6. Otherwise, end the cluster.
+<a name="extraprops"></a></P>
+<br><b>
+PCRE's additional properties
+</b><br>
+<P>
+As well as the standard Unicode properties described above, PCRE supports four
+more that make it possible to convert traditional escape sequences such as \w
+and \s to use Unicode properties. PCRE uses these non-standard, non-Perl
+properties internally when PCRE_UCP is set. However, they may also be used
+explicitly. These properties are:
+<pre>
+  Xan   Any alphanumeric character
+  Xps   Any POSIX space character
+  Xsp   Any Perl space character
+  Xwd   Any Perl "word" character
+</pre>
+Xan matches characters that have either the L (letter) or the N (number)
+property. Xps matches the characters tab, linefeed, vertical tab, form feed, or
+carriage return, and any other character that has the Z (separator) property.
+Xsp is the same as Xps; it used to exclude vertical tab, for Perl
+compatibility, but Perl changed, and so PCRE followed at release 8.34. Xwd
+matches the same characters as Xan, plus underscore.
+</P>
+<P>
+There is another non-standard property, Xuc, which matches any character that
+can be represented by a Universal Character Name in C++ and other programming
+languages. These are the characters $, @, ` (grave accent), and all characters
+with Unicode code points greater than or equal to U+00A0, except for the
+surrogates U+D800 to U+DFFF. Note that most base (ASCII) characters are
+excluded. (Universal Character Names are of the form \uHHHH or \UHHHHHHHH
+where H is a hexadecimal digit. Note that the Xuc property does not match these
+sequences but the characters that they represent.)
+<a name="resetmatchstart"></a></P>
+<br><b>
+Resetting the match start
+</b><br>
+<P>
+The escape sequence \K causes any previously matched characters not to be
+included in the final matched sequence. For example, the pattern:
+<pre>
+  foo\Kbar
+</pre>
+matches "foobar", but reports that it has matched "bar". This feature is
+similar to a lookbehind assertion
+<a href="#lookbehind">(described below).</a>
+However, in this case, the part of the subject before the real match does not
+have to be of fixed length, as lookbehind assertions do. The use of \K does
+not interfere with the setting of
+<a href="#subpattern">captured substrings.</a>
+For example, when the pattern
+<pre>
+  (foo)\Kbar
+</pre>
+matches "foobar", the first substring is still set to "foo".
+</P>
+<P>
+Perl documents that the use of \K within assertions is "not well defined". In
+PCRE, \K is acted upon when it occurs inside positive assertions, but is
+ignored in negative assertions. Note that when a pattern such as (?=ab\K)
+matches, the reported start of the match can be greater than the end of the
+match.
+<a name="smallassertions"></a></P>
+<br><b>
+Simple assertions
+</b><br>
+<P>
+The final use of backslash is for certain simple assertions. An assertion
+specifies a condition that has to be met at a particular point in a match,
+without consuming any characters from the subject string. The use of
+subpatterns for more complicated assertions is described
+<a href="#bigassertions">below.</a>
+The backslashed assertions are:
+<pre>
+  \b     matches at a word boundary
+  \B     matches when not at a word boundary
+  \A     matches at the start of the subject
+  \Z     matches at the end of the subject
+          also matches before a newline at the end of the subject
+  \z     matches only at the end of the subject
+  \G     matches at the first matching position in the subject
+</pre>
+Inside a character class, \b has a different meaning; it matches the backspace
+character. If any other of these assertions appears in a character class, by
+default it matches the corresponding literal character (for example, \B
+matches the letter B). However, if the PCRE_EXTRA option is set, an "invalid
+escape sequence" error is generated instead.
+</P>
+<P>
+A word boundary is a position in the subject string where the current character
+and the previous character do not both match \w or \W (i.e. one matches
+\w and the other matches \W), or the start or end of the string if the
+first or last character matches \w, respectively. In a UTF mode, the meanings
+of \w and \W can be changed by setting the PCRE_UCP option. When this is
+done, it also affects \b and \B. Neither PCRE nor Perl has a separate "start
+of word" or "end of word" metasequence. However, whatever follows \b normally
+determines which it is. For example, the fragment \ba matches "a" at the start
+of a word.
+</P>
+<P>
+The \A, \Z, and \z assertions differ from the traditional circumflex and
+dollar (described in the next section) in that they only ever match at the very
+start and end of the subject string, whatever options are set. Thus, they are
+independent of multiline mode. These three assertions are not affected by the
+PCRE_NOTBOL or PCRE_NOTEOL options, which affect only the behaviour of the
+circumflex and dollar metacharacters. However, if the <i>startoffset</i>
+argument of <b>pcre_exec()</b> is non-zero, indicating that matching is to start
+at a point other than the beginning of the subject, \A can never match. The
+difference between \Z and \z is that \Z matches before a newline at the end
+of the string as well as at the very end, whereas \z matches only at the end.
+</P>
+<P>
+The \G assertion is true only when the current matching position is at the
+start point of the match, as specified by the <i>startoffset</i> argument of
+<b>pcre_exec()</b>. It differs from \A when the value of <i>startoffset</i> is
+non-zero. By calling <b>pcre_exec()</b> multiple times with appropriate
+arguments, you can mimic Perl's /g option, and it is in this kind of
+implementation where \G can be useful.
+</P>
+<P>
+Note, however, that PCRE's interpretation of \G, as the start of the current
+match, is subtly different from Perl's, which defines it as the end of the
+previous match. In Perl, these can be different when the previously matched
+string was empty. Because PCRE does just one match at a time, it cannot
+reproduce this behaviour.
+</P>
+<P>
+If all the alternatives of a pattern begin with \G, the expression is anchored
+to the starting match position, and the "anchored" flag is set in the compiled
+regular expression.
+</P>
+<br><a name="SEC6" href="#TOC1">CIRCUMFLEX AND DOLLAR</a><br>
+<P>
+The circumflex and dollar metacharacters are zero-width assertions. That is,
+they test for a particular condition being true without consuming any
+characters from the subject string.
+</P>
+<P>
+Outside a character class, in the default matching mode, the circumflex
+character is an assertion that is true only if the current matching point is at
+the start of the subject string. If the <i>startoffset</i> argument of
+<b>pcre_exec()</b> is non-zero, circumflex can never match if the PCRE_MULTILINE
+option is unset. Inside a character class, circumflex has an entirely different
+meaning
+<a href="#characterclass">(see below).</a>
+</P>
+<P>
+Circumflex need not be the first character of the pattern if a number of
+alternatives are involved, but it should be the first thing in each alternative
+in which it appears if the pattern is ever to match that branch. If all
+possible alternatives start with a circumflex, that is, if the pattern is
+constrained to match only at the start of the subject, it is said to be an
+"anchored" pattern. (There are also other constructs that can cause a pattern
+to be anchored.)
+</P>
+<P>
+The dollar character is an assertion that is true only if the current matching
+point is at the end of the subject string, or immediately before a newline at
+the end of the string (by default). Note, however, that it does not actually
+match the newline. Dollar need not be the last character of the pattern if a
+number of alternatives are involved, but it should be the last item in any
+branch in which it appears. Dollar has no special meaning in a character class.
+</P>
+<P>
+The meaning of dollar can be changed so that it matches only at the very end of
+the string, by setting the PCRE_DOLLAR_ENDONLY option at compile time. This
+does not affect the \Z assertion.
+</P>
+<P>
+The meanings of the circumflex and dollar characters are changed if the
+PCRE_MULTILINE option is set. When this is the case, a circumflex matches
+immediately after internal newlines as well as at the start of the subject
+string. It does not match after a newline that ends the string. A dollar
+matches before any newlines in the string, as well as at the very end, when
+PCRE_MULTILINE is set. When newline is specified as the two-character
+sequence CRLF, isolated CR and LF characters do not indicate newlines.
+</P>
+<P>
+For example, the pattern /^abc$/ matches the subject string "def\nabc" (where
+\n represents a newline) in multiline mode, but not otherwise. Consequently,
+patterns that are anchored in single line mode because all branches start with
+^ are not anchored in multiline mode, and a match for circumflex is possible
+when the <i>startoffset</i> argument of <b>pcre_exec()</b> is non-zero. The
+PCRE_DOLLAR_ENDONLY option is ignored if PCRE_MULTILINE is set.
+</P>
+<P>
+Note that the sequences \A, \Z, and \z can be used to match the start and
+end of the subject in both modes, and if all branches of a pattern start with
+\A it is always anchored, whether or not PCRE_MULTILINE is set.
+<a name="fullstopdot"></a></P>
+<br><a name="SEC7" href="#TOC1">FULL STOP (PERIOD, DOT) AND \N</a><br>
+<P>
+Outside a character class, a dot in the pattern matches any one character in
+the subject string except (by default) a character that signifies the end of a
+line.
+</P>
+<P>
+When a line ending is defined as a single character, dot never matches that
+character; when the two-character sequence CRLF is used, dot does not match CR
+if it is immediately followed by LF, but otherwise it matches all characters
+(including isolated CRs and LFs). When any Unicode line endings are being
+recognized, dot does not match CR or LF or any of the other line ending
+characters.
+</P>
+<P>
+The behaviour of dot with regard to newlines can be changed. If the PCRE_DOTALL
+option is set, a dot matches any one character, without exception. If the
+two-character sequence CRLF is present in the subject string, it takes two dots
+to match it.
+</P>
+<P>
+The handling of dot is entirely independent of the handling of circumflex and
+dollar, the only relationship being that they both involve newlines. Dot has no
+special meaning in a character class.
+</P>
+<P>
+The escape sequence \N behaves like a dot, except that it is not affected by
+the PCRE_DOTALL option. In other words, it matches any character except one
+that signifies the end of a line. Perl also uses \N to match characters by
+name; PCRE does not support this.
+</P>
+<br><a name="SEC8" href="#TOC1">MATCHING A SINGLE DATA UNIT</a><br>
+<P>
+Outside a character class, the escape sequence \C matches any one data unit,
+whether or not a UTF mode is set. In the 8-bit library, one data unit is one
+byte; in the 16-bit library it is a 16-bit unit; in the 32-bit library it is
+a 32-bit unit. Unlike a dot, \C always
+matches line-ending characters. The feature is provided in Perl in order to
+match individual bytes in UTF-8 mode, but it is unclear how it can usefully be
+used. Because \C breaks up characters into individual data units, matching one
+unit with \C in a UTF mode means that the rest of the string may start with a
+malformed UTF character. This has undefined results, because PCRE assumes that
+it is dealing with valid UTF strings (and by default it checks this at the
+start of processing unless the PCRE_NO_UTF8_CHECK, PCRE_NO_UTF16_CHECK or
+PCRE_NO_UTF32_CHECK option is used).
+</P>
+<P>
+PCRE does not allow \C to appear in lookbehind assertions
+<a href="#lookbehind">(described below)</a>
+in a UTF mode, because this would make it impossible to calculate the length of
+the lookbehind.
+</P>
+<P>
+In general, the \C escape sequence is best avoided. However, one
+way of using it that avoids the problem of malformed UTF characters is to use a
+lookahead to check the length of the next character, as in this pattern, which
+could be used with a UTF-8 string (ignore white space and line breaks):
+<pre>
+  (?| (?=[\x00-\x7f])(\C) |
+      (?=[\x80-\x{7ff}])(\C)(\C) |
+      (?=[\x{800}-\x{ffff}])(\C)(\C)(\C) |
+      (?=[\x{10000}-\x{1fffff}])(\C)(\C)(\C)(\C))
+</pre>
+A group that starts with (?| resets the capturing parentheses numbers in each
+alternative (see
+<a href="#dupsubpatternnumber">"Duplicate Subpattern Numbers"</a>
+below). The assertions at the start of each branch check the next UTF-8
+character for values whose encoding uses 1, 2, 3, or 4 bytes, respectively. The
+character's individual bytes are then captured by the appropriate number of
+groups.
+<a name="characterclass"></a></P>
+<br><a name="SEC9" href="#TOC1">SQUARE BRACKETS AND CHARACTER CLASSES</a><br>
+<P>
+An opening square bracket introduces a character class, terminated by a closing
+square bracket. A closing square bracket on its own is not special by default.
+However, if the PCRE_JAVASCRIPT_COMPAT option is set, a lone closing square
+bracket causes a compile-time error. If a closing square bracket is required as
+a member of the class, it should be the first data character in the class
+(after an initial circumflex, if present) or escaped with a backslash.
+</P>
+<P>
+A character class matches a single character in the subject. In a UTF mode, the
+character may be more than one data unit long. A matched character must be in
+the set of characters defined by the class, unless the first character in the
+class definition is a circumflex, in which case the subject character must not
+be in the set defined by the class. If a circumflex is actually required as a
+member of the class, ensure it is not the first character, or escape it with a
+backslash.
+</P>
+<P>
+For example, the character class [aeiou] matches any lower case vowel, while
+[^aeiou] matches any character that is not a lower case vowel. Note that a
+circumflex is just a convenient notation for specifying the characters that
+are in the class by enumerating those that are not. A class that starts with a
+circumflex is not an assertion; it still consumes a character from the subject
+string, and therefore it fails if the current pointer is at the end of the
+string.
+</P>
+<P>
+In UTF-8 (UTF-16, UTF-32) mode, characters with values greater than 255 (0xffff)
+can be included in a class as a literal string of data units, or by using the
+\x{ escaping mechanism.
+</P>
+<P>
+When caseless matching is set, any letters in a class represent both their
+upper case and lower case versions, so for example, a caseless [aeiou] matches
+"A" as well as "a", and a caseless [^aeiou] does not match "A", whereas a
+caseful version would. In a UTF mode, PCRE always understands the concept of
+case for characters whose values are less than 128, so caseless matching is
+always possible. For characters with higher values, the concept of case is
+supported if PCRE is compiled with Unicode property support, but not otherwise.
+If you want to use caseless matching in a UTF mode for characters 128 and
+above, you must ensure that PCRE is compiled with Unicode property support as
+well as with UTF support.
+</P>
+<P>
+Characters that might indicate line breaks are never treated in any special way
+when matching character classes, whatever line-ending sequence is in use, and
+whatever setting of the PCRE_DOTALL and PCRE_MULTILINE options is used. A class
+such as [^a] always matches one of these characters.
+</P>
+<P>
+The minus (hyphen) character can be used to specify a range of characters in a
+character class. For example, [d-m] matches any letter between d and m,
+inclusive. If a minus character is required in a class, it must be escaped with
+a backslash or appear in a position where it cannot be interpreted as
+indicating a range, typically as the first or last character in the class, or
+immediately after a range. For example, [b-d-z] matches letters in the range b
+to d, a hyphen character, or z.
+</P>
+<P>
+It is not possible to have the literal character "]" as the end character of a
+range. A pattern such as [W-]46] is interpreted as a class of two characters
+("W" and "-") followed by a literal string "46]", so it would match "W46]" or
+"-46]". However, if the "]" is escaped with a backslash it is interpreted as
+the end of range, so [W-\]46] is interpreted as a class containing a range
+followed by two other characters. The octal or hexadecimal representation of
+"]" can also be used to end a range.
+</P>
+<P>
+An error is generated if a POSIX character class (see below) or an escape
+sequence other than one that defines a single character appears at a point
+where a range ending character is expected. For example, [z-\xff] is valid,
+but [A-\d] and [A-[:digit:]] are not.
+</P>
+<P>
+Ranges operate in the collating sequence of character values. They can also be
+used for characters specified numerically, for example [\000-\037]. Ranges
+can include any characters that are valid for the current mode.
+</P>
+<P>
+If a range that includes letters is used when caseless matching is set, it
+matches the letters in either case. For example, [W-c] is equivalent to
+[][\\^_`wxyzabc], matched caselessly, and in a non-UTF mode, if character
+tables for a French locale are in use, [\xc8-\xcb] matches accented E
+characters in both cases. In UTF modes, PCRE supports the concept of case for
+characters with values greater than 128 only when it is compiled with Unicode
+property support.
+</P>
+<P>
+The character escape sequences \d, \D, \h, \H, \p, \P, \s, \S, \v,
+\V, \w, and \W may appear in a character class, and add the characters that
+they match to the class. For example, [\dABCDEF] matches any hexadecimal
+digit. In UTF modes, the PCRE_UCP option affects the meanings of \d, \s, \w
+and their upper case partners, just as it does when they appear outside a
+character class, as described in the section entitled
+<a href="#genericchartypes">"Generic character types"</a>
+above. The escape sequence \b has a different meaning inside a character
+class; it matches the backspace character. The sequences \B, \N, \R, and \X
+are not special inside a character class. Like any other unrecognized escape
+sequences, they are treated as the literal characters "B", "N", "R", and "X" by
+default, but cause an error if the PCRE_EXTRA option is set.
+</P>
+<P>
+A circumflex can conveniently be used with the upper case character types to
+specify a more restricted set of characters than the matching lower case type.
+For example, the class [^\W_] matches any letter or digit, but not underscore,
+whereas [\w] includes underscore. A positive character class should be read as
+"something OR something OR ..." and a negative class as "NOT something AND NOT
+something AND NOT ...".
+</P>
+<P>
+The only metacharacters that are recognized in character classes are backslash,
+hyphen (only where it can be interpreted as specifying a range), circumflex
+(only at the start), opening square bracket (only when it can be interpreted as
+introducing a POSIX class name, or for a special compatibility feature - see
+the next two sections), and the terminating closing square bracket. However,
+escaping other non-alphanumeric characters does no harm.
+</P>
+<br><a name="SEC10" href="#TOC1">POSIX CHARACTER CLASSES</a><br>
+<P>
+Perl supports the POSIX notation for character classes. This uses names
+enclosed by [: and :] within the enclosing square brackets. PCRE also supports
+this notation. For example,
+<pre>
+  [01[:alpha:]%]
+</pre>
+matches "0", "1", any alphabetic character, or "%". The supported class names
+are:
+<pre>
+  alnum    letters and digits
+  alpha    letters
+  ascii    character codes 0 - 127
+  blank    space or tab only
+  cntrl    control characters
+  digit    decimal digits (same as \d)
+  graph    printing characters, excluding space
+  lower    lower case letters
+  print    printing characters, including space
+  punct    printing characters, excluding letters and digits and space
+  space    white space (the same as \s from PCRE 8.34)
+  upper    upper case letters
+  word     "word" characters (same as \w)
+  xdigit   hexadecimal digits
+</pre>
+The default "space" characters are HT (9), LF (10), VT (11), FF (12), CR (13),
+and space (32). If locale-specific matching is taking place, the list of space
+characters may be different; there may be fewer or more of them. "Space" used
+to be different to \s, which did not include VT, for Perl compatibility.
+However, Perl changed at release 5.18, and PCRE followed at release 8.34.
+"Space" and \s now match the same set of characters.
+</P>
+<P>
+The name "word" is a Perl extension, and "blank" is a GNU extension from Perl
+5.8. Another Perl extension is negation, which is indicated by a ^ character
+after the colon. For example,
+<pre>
+  [12[:^digit:]]
+</pre>
+matches "1", "2", or any non-digit. PCRE (and Perl) also recognize the POSIX
+syntax [.ch.] and [=ch=] where "ch" is a "collating element", but these are not
+supported, and an error is given if they are encountered.
+</P>
+<P>
+By default, characters with values greater than 128 do not match any of the
+POSIX character classes. However, if the PCRE_UCP option is passed to
+<b>pcre_compile()</b>, some of the classes are changed so that Unicode character
+properties are used. This is achieved by replacing certain POSIX classes by
+other sequences, as follows:
+<pre>
+  [:alnum:]  becomes  \p{Xan}
+  [:alpha:]  becomes  \p{L}
+  [:blank:]  becomes  \h
+  [:digit:]  becomes  \p{Nd}
+  [:lower:]  becomes  \p{Ll}
+  [:space:]  becomes  \p{Xps}
+  [:upper:]  becomes  \p{Lu}
+  [:word:]   becomes  \p{Xwd}
+</pre>
+Negated versions, such as [:^alpha:] use \P instead of \p. Three other POSIX
+classes are handled specially in UCP mode:
+</P>
+<P>
+[:graph:]
+This matches characters that have glyphs that mark the page when printed. In
+Unicode property terms, it matches all characters with the L, M, N, P, S, or Cf
+properties, except for:
+<pre>
+  U+061C           Arabic Letter Mark
+  U+180E           Mongolian Vowel Separator
+  U+2066 - U+2069  Various "isolate"s
+
+</PRE>
+</P>
+<P>
+[:print:]
+This matches the same characters as [:graph:] plus space characters that are
+not controls, that is, characters with the Zs property.
+</P>
+<P>
+[:punct:]
+This matches all characters that have the Unicode P (punctuation) property,
+plus those characters whose code points are less than 128 that have the S
+(Symbol) property.
+</P>
+<P>
+The other POSIX classes are unchanged, and match only characters with code
+points less than 128.
+</P>
+<br><a name="SEC11" href="#TOC1">COMPATIBILITY FEATURE FOR WORD BOUNDARIES</a><br>
+<P>
+In the POSIX.2 compliant library that was included in 4.4BSD Unix, the ugly
+syntax [[:&#60;:]] and [[:&#62;:]] is used for matching "start of word" and "end of
+word". PCRE treats these items as follows:
+<pre>
+  [[:&#60;:]]  is converted to  \b(?=\w)
+  [[:&#62;:]]  is converted to  \b(?&#60;=\w)
+</pre>
+Only these exact character sequences are recognized. A sequence such as
+[a[:&#60;:]b] provokes error for an unrecognized POSIX class name. This support is
+not compatible with Perl. It is provided to help migrations from other
+environments, and is best not used in any new patterns. Note that \b matches
+at the start and the end of a word (see
+<a href="#smallassertions">"Simple assertions"</a>
+above), and in a Perl-style pattern the preceding or following character
+normally shows which is wanted, without the need for the assertions that are
+used above in order to give exactly the POSIX behaviour.
+</P>
+<br><a name="SEC12" href="#TOC1">VERTICAL BAR</a><br>
+<P>
+Vertical bar characters are used to separate alternative patterns. For example,
+the pattern
+<pre>
+  gilbert|sullivan
+</pre>
+matches either "gilbert" or "sullivan". Any number of alternatives may appear,
+and an empty alternative is permitted (matching the empty string). The matching
+process tries each alternative in turn, from left to right, and the first one
+that succeeds is used. If the alternatives are within a subpattern
+<a href="#subpattern">(defined below),</a>
+"succeeds" means matching the rest of the main pattern as well as the
+alternative in the subpattern.
+</P>
+<br><a name="SEC13" href="#TOC1">INTERNAL OPTION SETTING</a><br>
+<P>
+The settings of the PCRE_CASELESS, PCRE_MULTILINE, PCRE_DOTALL, and
+PCRE_EXTENDED options (which are Perl-compatible) can be changed from within
+the pattern by a sequence of Perl option letters enclosed between "(?" and ")".
+The option letters are
+<pre>
+  i  for PCRE_CASELESS
+  m  for PCRE_MULTILINE
+  s  for PCRE_DOTALL
+  x  for PCRE_EXTENDED
+</pre>
+For example, (?im) sets caseless, multiline matching. It is also possible to
+unset these options by preceding the letter with a hyphen, and a combined
+setting and unsetting such as (?im-sx), which sets PCRE_CASELESS and
+PCRE_MULTILINE while unsetting PCRE_DOTALL and PCRE_EXTENDED, is also
+permitted. If a letter appears both before and after the hyphen, the option is
+unset.
+</P>
+<P>
+The PCRE-specific options PCRE_DUPNAMES, PCRE_UNGREEDY, and PCRE_EXTRA can be
+changed in the same way as the Perl-compatible options by using the characters
+J, U and X respectively.
+</P>
+<P>
+When one of these option changes occurs at top level (that is, not inside
+subpattern parentheses), the change applies to the remainder of the pattern
+that follows. An option change within a subpattern (see below for a description
+of subpatterns) affects only that part of the subpattern that follows it, so
+<pre>
+  (a(?i)b)c
+</pre>
+matches abc and aBc and no other strings (assuming PCRE_CASELESS is not used).
+By this means, options can be made to have different settings in different
+parts of the pattern. Any changes made in one alternative do carry on
+into subsequent branches within the same subpattern. For example,
+<pre>
+  (a(?i)b|c)
+</pre>
+matches "ab", "aB", "c", and "C", even though when matching "C" the first
+branch is abandoned before the option setting. This is because the effects of
+option settings happen at compile time. There would be some very weird
+behaviour otherwise.
+</P>
+<P>
+<b>Note:</b> There are other PCRE-specific options that can be set by the
+application when the compiling or matching functions are called. In some cases
+the pattern can contain special leading sequences such as (*CRLF) to override
+what the application has set or what has been defaulted. Details are given in
+the section entitled
+<a href="#newlineseq">"Newline sequences"</a>
+above. There are also the (*UTF8), (*UTF16),(*UTF32), and (*UCP) leading
+sequences that can be used to set UTF and Unicode property modes; they are
+equivalent to setting the PCRE_UTF8, PCRE_UTF16, PCRE_UTF32 and the PCRE_UCP
+options, respectively. The (*UTF) sequence is a generic version that can be
+used with any of the libraries. However, the application can set the
+PCRE_NEVER_UTF option, which locks out the use of the (*UTF) sequences.
+<a name="subpattern"></a></P>
+<br><a name="SEC14" href="#TOC1">SUBPATTERNS</a><br>
+<P>
+Subpatterns are delimited by parentheses (round brackets), which can be nested.
+Turning part of a pattern into a subpattern does two things:
+<br>
+<br>
+1. It localizes a set of alternatives. For example, the pattern
+<pre>
+  cat(aract|erpillar|)
+</pre>
+matches "cataract", "caterpillar", or "cat". Without the parentheses, it would
+match "cataract", "erpillar" or an empty string.
+<br>
+<br>
+2. It sets up the subpattern as a capturing subpattern. This means that, when
+the whole pattern matches, that portion of the subject string that matched the
+subpattern is passed back to the caller via the <i>ovector</i> argument of the
+matching function. (This applies only to the traditional matching functions;
+the DFA matching functions do not support capturing.)
+</P>
+<P>
+Opening parentheses are counted from left to right (starting from 1) to obtain
+numbers for the capturing subpatterns. For example, if the string "the red
+king" is matched against the pattern
+<pre>
+  the ((red|white) (king|queen))
+</pre>
+the captured substrings are "red king", "red", and "king", and are numbered 1,
+2, and 3, respectively.
+</P>
+<P>
+The fact that plain parentheses fulfil two functions is not always helpful.
+There are often times when a grouping subpattern is required without a
+capturing requirement. If an opening parenthesis is followed by a question mark
+and a colon, the subpattern does not do any capturing, and is not counted when
+computing the number of any subsequent capturing subpatterns. For example, if
+the string "the white queen" is matched against the pattern
+<pre>
+  the ((?:red|white) (king|queen))
+</pre>
+the captured substrings are "white queen" and "queen", and are numbered 1 and
+2. The maximum number of capturing subpatterns is 65535.
+</P>
+<P>
+As a convenient shorthand, if any option settings are required at the start of
+a non-capturing subpattern, the option letters may appear between the "?" and
+the ":". Thus the two patterns
+<pre>
+  (?i:saturday|sunday)
+  (?:(?i)saturday|sunday)
+</pre>
+match exactly the same set of strings. Because alternative branches are tried
+from left to right, and options are not reset until the end of the subpattern
+is reached, an option setting in one branch does affect subsequent branches, so
+the above patterns match "SUNDAY" as well as "Saturday".
+<a name="dupsubpatternnumber"></a></P>
+<br><a name="SEC15" href="#TOC1">DUPLICATE SUBPATTERN NUMBERS</a><br>
+<P>
+Perl 5.10 introduced a feature whereby each alternative in a subpattern uses
+the same numbers for its capturing parentheses. Such a subpattern starts with
+(?| and is itself a non-capturing subpattern. For example, consider this
+pattern:
+<pre>
+  (?|(Sat)ur|(Sun))day
+</pre>
+Because the two alternatives are inside a (?| group, both sets of capturing
+parentheses are numbered one. Thus, when the pattern matches, you can look
+at captured substring number one, whichever alternative matched. This construct
+is useful when you want to capture part, but not all, of one of a number of
+alternatives. Inside a (?| group, parentheses are numbered as usual, but the
+number is reset at the start of each branch. The numbers of any capturing
+parentheses that follow the subpattern start after the highest number used in
+any branch. The following example is taken from the Perl documentation. The
+numbers underneath show in which buffer the captured content will be stored.
+<pre>
+  # before  ---------------branch-reset----------- after
+  / ( a )  (?| x ( y ) z | (p (q) r) | (t) u (v) ) ( z ) /x
+  # 1            2         2  3        2     3     4
+</pre>
+A back reference to a numbered subpattern uses the most recent value that is
+set for that number by any subpattern. The following pattern matches "abcabc"
+or "defdef":
+<pre>
+  /(?|(abc)|(def))\1/
+</pre>
+In contrast, a subroutine call to a numbered subpattern always refers to the
+first one in the pattern with the given number. The following pattern matches
+"abcabc" or "defabc":
+<pre>
+  /(?|(abc)|(def))(?1)/
+</pre>
+If a
+<a href="#conditions">condition test</a>
+for a subpattern's having matched refers to a non-unique number, the test is
+true if any of the subpatterns of that number have matched.
+</P>
+<P>
+An alternative approach to using this "branch reset" feature is to use
+duplicate named subpatterns, as described in the next section.
+</P>
+<br><a name="SEC16" href="#TOC1">NAMED SUBPATTERNS</a><br>
+<P>
+Identifying capturing parentheses by number is simple, but it can be very hard
+to keep track of the numbers in complicated regular expressions. Furthermore,
+if an expression is modified, the numbers may change. To help with this
+difficulty, PCRE supports the naming of subpatterns. This feature was not
+added to Perl until release 5.10. Python had the feature earlier, and PCRE
+introduced it at release 4.0, using the Python syntax. PCRE now supports both
+the Perl and the Python syntax. Perl allows identically numbered subpatterns to
+have different names, but PCRE does not.
+</P>
+<P>
+In PCRE, a subpattern can be named in one of three ways: (?&#60;name&#62;...) or
+(?'name'...) as in Perl, or (?P&#60;name&#62;...) as in Python. References to capturing
+parentheses from other parts of the pattern, such as
+<a href="#backreferences">back references,</a>
+<a href="#recursion">recursion,</a>
+and
+<a href="#conditions">conditions,</a>
+can be made by name as well as by number.
+</P>
+<P>
+Names consist of up to 32 alphanumeric characters and underscores, but must
+start with a non-digit. Named capturing parentheses are still allocated numbers
+as well as names, exactly as if the names were not present. The PCRE API
+provides function calls for extracting the name-to-number translation table
+from a compiled pattern. There is also a convenience function for extracting a
+captured substring by name.
+</P>
+<P>
+By default, a name must be unique within a pattern, but it is possible to relax
+this constraint by setting the PCRE_DUPNAMES option at compile time. (Duplicate
+names are also always permitted for subpatterns with the same number, set up as
+described in the previous section.) Duplicate names can be useful for patterns
+where only one instance of the named parentheses can match. Suppose you want to
+match the name of a weekday, either as a 3-letter abbreviation or as the full
+name, and in both cases you want to extract the abbreviation. This pattern
+(ignoring the line breaks) does the job:
+<pre>
+  (?&#60;DN&#62;Mon|Fri|Sun)(?:day)?|
+  (?&#60;DN&#62;Tue)(?:sday)?|
+  (?&#60;DN&#62;Wed)(?:nesday)?|
+  (?&#60;DN&#62;Thu)(?:rsday)?|
+  (?&#60;DN&#62;Sat)(?:urday)?
+</pre>
+There are five capturing substrings, but only one is ever set after a match.
+(An alternative way of solving this problem is to use a "branch reset"
+subpattern, as described in the previous section.)
+</P>
+<P>
+The convenience function for extracting the data by name returns the substring
+for the first (and in this example, the only) subpattern of that name that
+matched. This saves searching to find which numbered subpattern it was.
+</P>
+<P>
+If you make a back reference to a non-unique named subpattern from elsewhere in
+the pattern, the subpatterns to which the name refers are checked in the order
+in which they appear in the overall pattern. The first one that is set is used
+for the reference. For example, this pattern matches both "foofoo" and
+"barbar" but not "foobar" or "barfoo":
+<pre>
+  (?:(?&#60;n&#62;foo)|(?&#60;n&#62;bar))\k&#60;n&#62;
+
+</PRE>
+</P>
+<P>
+If you make a subroutine call to a non-unique named subpattern, the one that
+corresponds to the first occurrence of the name is used. In the absence of
+duplicate numbers (see the previous section) this is the one with the lowest
+number.
+</P>
+<P>
+If you use a named reference in a condition
+test (see the
+<a href="#conditions">section about conditions</a>
+below), either to check whether a subpattern has matched, or to check for
+recursion, all subpatterns with the same name are tested. If the condition is
+true for any one of them, the overall condition is true. This is the same
+behaviour as testing by number. For further details of the interfaces for
+handling named subpatterns, see the
+<a href="pcreapi.html"><b>pcreapi</b></a>
+documentation.
+</P>
+<P>
+<b>Warning:</b> You cannot use different names to distinguish between two
+subpatterns with the same number because PCRE uses only the numbers when
+matching. For this reason, an error is given at compile time if different names
+are given to subpatterns with the same number. However, you can always give the
+same name to subpatterns with the same number, even when PCRE_DUPNAMES is not
+set.
+</P>
+<br><a name="SEC17" href="#TOC1">REPETITION</a><br>
+<P>
+Repetition is specified by quantifiers, which can follow any of the following
+items:
+<pre>
+  a literal data character
+  the dot metacharacter
+  the \C escape sequence
+  the \X escape sequence
+  the \R escape sequence
+  an escape such as \d or \pL that matches a single character
+  a character class
+  a back reference (see next section)
+  a parenthesized subpattern (including assertions)
+  a subroutine call to a subpattern (recursive or otherwise)
+</pre>
+The general repetition quantifier specifies a minimum and maximum number of
+permitted matches, by giving the two numbers in curly brackets (braces),
+separated by a comma. The numbers must be less than 65536, and the first must
+be less than or equal to the second. For example:
+<pre>
+  z{2,4}
+</pre>
+matches "zz", "zzz", or "zzzz". A closing brace on its own is not a special
+character. If the second number is omitted, but the comma is present, there is
+no upper limit; if the second number and the comma are both omitted, the
+quantifier specifies an exact number of required matches. Thus
+<pre>
+  [aeiou]{3,}
+</pre>
+matches at least 3 successive vowels, but may match many more, while
+<pre>
+  \d{8}
+</pre>
+matches exactly 8 digits. An opening curly bracket that appears in a position
+where a quantifier is not allowed, or one that does not match the syntax of a
+quantifier, is taken as a literal character. For example, {,6} is not a
+quantifier, but a literal string of four characters.
+</P>
+<P>
+In UTF modes, quantifiers apply to characters rather than to individual data
+units. Thus, for example, \x{100}{2} matches two characters, each of
+which is represented by a two-byte sequence in a UTF-8 string. Similarly,
+\X{3} matches three Unicode extended grapheme clusters, each of which may be
+several data units long (and they may be of different lengths).
+</P>
+<P>
+The quantifier {0} is permitted, causing the expression to behave as if the
+previous item and the quantifier were not present. This may be useful for
+subpatterns that are referenced as
+<a href="#subpatternsassubroutines">subroutines</a>
+from elsewhere in the pattern (but see also the section entitled
+<a href="#subdefine">"Defining subpatterns for use by reference only"</a>
+below). Items other than subpatterns that have a {0} quantifier are omitted
+from the compiled pattern.
+</P>
+<P>
+For convenience, the three most common quantifiers have single-character
+abbreviations:
+<pre>
+  *    is equivalent to {0,}
+  +    is equivalent to {1,}
+  ?    is equivalent to {0,1}
+</pre>
+It is possible to construct infinite loops by following a subpattern that can
+match no characters with a quantifier that has no upper limit, for example:
+<pre>
+  (a?)*
+</pre>
+Earlier versions of Perl and PCRE used to give an error at compile time for
+such patterns. However, because there are cases where this can be useful, such
+patterns are now accepted, but if any repetition of the subpattern does in fact
+match no characters, the loop is forcibly broken.
+</P>
+<P>
+By default, the quantifiers are "greedy", that is, they match as much as
+possible (up to the maximum number of permitted times), without causing the
+rest of the pattern to fail. The classic example of where this gives problems
+is in trying to match comments in C programs. These appear between /* and */
+and within the comment, individual * and / characters may appear. An attempt to
+match C comments by applying the pattern
+<pre>
+  /\*.*\*/
+</pre>
+to the string
+<pre>
+  /* first comment */  not comment  /* second comment */
+</pre>
+fails, because it matches the entire string owing to the greediness of the .*
+item.
+</P>
+<P>
+However, if a quantifier is followed by a question mark, it ceases to be
+greedy, and instead matches the minimum number of times possible, so the
+pattern
+<pre>
+  /\*.*?\*/
+</pre>
+does the right thing with the C comments. The meaning of the various
+quantifiers is not otherwise changed, just the preferred number of matches.
+Do not confuse this use of question mark with its use as a quantifier in its
+own right. Because it has two uses, it can sometimes appear doubled, as in
+<pre>
+  \d??\d
+</pre>
+which matches one digit by preference, but can match two if that is the only
+way the rest of the pattern matches.
+</P>
+<P>
+If the PCRE_UNGREEDY option is set (an option that is not available in Perl),
+the quantifiers are not greedy by default, but individual ones can be made
+greedy by following them with a question mark. In other words, it inverts the
+default behaviour.
+</P>
+<P>
+When a parenthesized subpattern is quantified with a minimum repeat count that
+is greater than 1 or with a limited maximum, more memory is required for the
+compiled pattern, in proportion to the size of the minimum or maximum.
+</P>
+<P>
+If a pattern starts with .* or .{0,} and the PCRE_DOTALL option (equivalent
+to Perl's /s) is set, thus allowing the dot to match newlines, the pattern is
+implicitly anchored, because whatever follows will be tried against every
+character position in the subject string, so there is no point in retrying the
+overall match at any position after the first. PCRE normally treats such a
+pattern as though it were preceded by \A.
+</P>
+<P>
+In cases where it is known that the subject string contains no newlines, it is
+worth setting PCRE_DOTALL in order to obtain this optimization, or
+alternatively using ^ to indicate anchoring explicitly.
+</P>
+<P>
+However, there are some cases where the optimization cannot be used. When .*
+is inside capturing parentheses that are the subject of a back reference
+elsewhere in the pattern, a match at the start may fail where a later one
+succeeds. Consider, for example:
+<pre>
+  (.*)abc\1
+</pre>
+If the subject is "xyz123abc123" the match point is the fourth character. For
+this reason, such a pattern is not implicitly anchored.
+</P>
+<P>
+Another case where implicit anchoring is not applied is when the leading .* is
+inside an atomic group. Once again, a match at the start may fail where a later
+one succeeds. Consider this pattern:
+<pre>
+  (?&#62;.*?a)b
+</pre>
+It matches "ab" in the subject "aab". The use of the backtracking control verbs
+(*PRUNE) and (*SKIP) also disable this optimization.
+</P>
+<P>
+When a capturing subpattern is repeated, the value captured is the substring
+that matched the final iteration. For example, after
+<pre>
+  (tweedle[dume]{3}\s*)+
+</pre>
+has matched "tweedledum tweedledee" the value of the captured substring is
+"tweedledee". However, if there are nested capturing subpatterns, the
+corresponding captured values may have been set in previous iterations. For
+example, after
+<pre>
+  /(a|(b))+/
+</pre>
+matches "aba" the value of the second captured substring is "b".
+<a name="atomicgroup"></a></P>
+<br><a name="SEC18" href="#TOC1">ATOMIC GROUPING AND POSSESSIVE QUANTIFIERS</a><br>
+<P>
+With both maximizing ("greedy") and minimizing ("ungreedy" or "lazy")
+repetition, failure of what follows normally causes the repeated item to be
+re-evaluated to see if a different number of repeats allows the rest of the
+pattern to match. Sometimes it is useful to prevent this, either to change the
+nature of the match, or to cause it fail earlier than it otherwise might, when
+the author of the pattern knows there is no point in carrying on.
+</P>
+<P>
+Consider, for example, the pattern \d+foo when applied to the subject line
+<pre>
+  123456bar
+</pre>
+After matching all 6 digits and then failing to match "foo", the normal
+action of the matcher is to try again with only 5 digits matching the \d+
+item, and then with 4, and so on, before ultimately failing. "Atomic grouping"
+(a term taken from Jeffrey Friedl's book) provides the means for specifying
+that once a subpattern has matched, it is not to be re-evaluated in this way.
+</P>
+<P>
+If we use atomic grouping for the previous example, the matcher gives up
+immediately on failing to match "foo" the first time. The notation is a kind of
+special parenthesis, starting with (?&#62; as in this example:
+<pre>
+  (?&#62;\d+)foo
+</pre>
+This kind of parenthesis "locks up" the  part of the pattern it contains once
+it has matched, and a failure further into the pattern is prevented from
+backtracking into it. Backtracking past it to previous items, however, works as
+normal.
+</P>
+<P>
+An alternative description is that a subpattern of this type matches the string
+of characters that an identical standalone pattern would match, if anchored at
+the current point in the subject string.
+</P>
+<P>
+Atomic grouping subpatterns are not capturing subpatterns. Simple cases such as
+the above example can be thought of as a maximizing repeat that must swallow
+everything it can. So, while both \d+ and \d+? are prepared to adjust the
+number of digits they match in order to make the rest of the pattern match,
+(?&#62;\d+) can only match an entire sequence of digits.
+</P>
+<P>
+Atomic groups in general can of course contain arbitrarily complicated
+subpatterns, and can be nested. However, when the subpattern for an atomic
+group is just a single repeated item, as in the example above, a simpler
+notation, called a "possessive quantifier" can be used. This consists of an
+additional + character following a quantifier. Using this notation, the
+previous example can be rewritten as
+<pre>
+  \d++foo
+</pre>
+Note that a possessive quantifier can be used with an entire group, for
+example:
+<pre>
+  (abc|xyz){2,3}+
+</pre>
+Possessive quantifiers are always greedy; the setting of the PCRE_UNGREEDY
+option is ignored. They are a convenient notation for the simpler forms of
+atomic group. However, there is no difference in the meaning of a possessive
+quantifier and the equivalent atomic group, though there may be a performance
+difference; possessive quantifiers should be slightly faster.
+</P>
+<P>
+The possessive quantifier syntax is an extension to the Perl 5.8 syntax.
+Jeffrey Friedl originated the idea (and the name) in the first edition of his
+book. Mike McCloskey liked it, so implemented it when he built Sun's Java
+package, and PCRE copied it from there. It ultimately found its way into Perl
+at release 5.10.
+</P>
+<P>
+PCRE has an optimization that automatically "possessifies" certain simple
+pattern constructs. For example, the sequence A+B is treated as A++B because
+there is no point in backtracking into a sequence of A's when B must follow.
+</P>
+<P>
+When a pattern contains an unlimited repeat inside a subpattern that can itself
+be repeated an unlimited number of times, the use of an atomic group is the
+only way to avoid some failing matches taking a very long time indeed. The
+pattern
+<pre>
+  (\D+|&#60;\d+&#62;)*[!?]
+</pre>
+matches an unlimited number of substrings that either consist of non-digits, or
+digits enclosed in &#60;&#62;, followed by either ! or ?. When it matches, it runs
+quickly. However, if it is applied to
+<pre>
+  aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa
+</pre>
+it takes a long time before reporting failure. This is because the string can
+be divided between the internal \D+ repeat and the external * repeat in a
+large number of ways, and all have to be tried. (The example uses [!?] rather
+than a single character at the end, because both PCRE and Perl have an
+optimization that allows for fast failure when a single character is used. They
+remember the last single character that is required for a match, and fail early
+if it is not present in the string.) If the pattern is changed so that it uses
+an atomic group, like this:
+<pre>
+  ((?&#62;\D+)|&#60;\d+&#62;)*[!?]
+</pre>
+sequences of non-digits cannot be broken, and failure happens quickly.
+<a name="backreferences"></a></P>
+<br><a name="SEC19" href="#TOC1">BACK REFERENCES</a><br>
+<P>
+Outside a character class, a backslash followed by a digit greater than 0 (and
+possibly further digits) is a back reference to a capturing subpattern earlier
+(that is, to its left) in the pattern, provided there have been that many
+previous capturing left parentheses.
+</P>
+<P>
+However, if the decimal number following the backslash is less than 10, it is
+always taken as a back reference, and causes an error only if there are not
+that many capturing left parentheses in the entire pattern. In other words, the
+parentheses that are referenced need not be to the left of the reference for
+numbers less than 10. A "forward back reference" of this type can make sense
+when a repetition is involved and the subpattern to the right has participated
+in an earlier iteration.
+</P>
+<P>
+It is not possible to have a numerical "forward back reference" to a subpattern
+whose number is 10 or more using this syntax because a sequence such as \50 is
+interpreted as a character defined in octal. See the subsection entitled
+"Non-printing characters"
+<a href="#digitsafterbackslash">above</a>
+for further details of the handling of digits following a backslash. There is
+no such problem when named parentheses are used. A back reference to any
+subpattern is possible using named parentheses (see below).
+</P>
+<P>
+Another way of avoiding the ambiguity inherent in the use of digits following a
+backslash is to use the \g escape sequence. This escape must be followed by an
+unsigned number or a negative number, optionally enclosed in braces. These
+examples are all identical:
+<pre>
+  (ring), \1
+  (ring), \g1
+  (ring), \g{1}
+</pre>
+An unsigned number specifies an absolute reference without the ambiguity that
+is present in the older syntax. It is also useful when literal digits follow
+the reference. A negative number is a relative reference. Consider this
+example:
+<pre>
+  (abc(def)ghi)\g{-1}
+</pre>
+The sequence \g{-1} is a reference to the most recently started capturing
+subpattern before \g, that is, is it equivalent to \2 in this example.
+Similarly, \g{-2} would be equivalent to \1. The use of relative references
+can be helpful in long patterns, and also in patterns that are created by
+joining together fragments that contain references within themselves.
+</P>
+<P>
+A back reference matches whatever actually matched the capturing subpattern in
+the current subject string, rather than anything matching the subpattern
+itself (see
+<a href="#subpatternsassubroutines">"Subpatterns as subroutines"</a>
+below for a way of doing that). So the pattern
+<pre>
+  (sens|respons)e and \1ibility
+</pre>
+matches "sense and sensibility" and "response and responsibility", but not
+"sense and responsibility". If caseful matching is in force at the time of the
+back reference, the case of letters is relevant. For example,
+<pre>
+  ((?i)rah)\s+\1
+</pre>
+matches "rah rah" and "RAH RAH", but not "RAH rah", even though the original
+capturing subpattern is matched caselessly.
+</P>
+<P>
+There are several different ways of writing back references to named
+subpatterns. The .NET syntax \k{name} and the Perl syntax \k&#60;name&#62; or
+\k'name' are supported, as is the Python syntax (?P=name). Perl 5.10's unified
+back reference syntax, in which \g can be used for both numeric and named
+references, is also supported. We could rewrite the above example in any of
+the following ways:
+<pre>
+  (?&#60;p1&#62;(?i)rah)\s+\k&#60;p1&#62;
+  (?'p1'(?i)rah)\s+\k{p1}
+  (?P&#60;p1&#62;(?i)rah)\s+(?P=p1)
+  (?&#60;p1&#62;(?i)rah)\s+\g{p1}
+</pre>
+A subpattern that is referenced by name may appear in the pattern before or
+after the reference.
+</P>
+<P>
+There may be more than one back reference to the same subpattern. If a
+subpattern has not actually been used in a particular match, any back
+references to it always fail by default. For example, the pattern
+<pre>
+  (a|(bc))\2
+</pre>
+always fails if it starts to match "a" rather than "bc". However, if the
+PCRE_JAVASCRIPT_COMPAT option is set at compile time, a back reference to an
+unset value matches an empty string.
+</P>
+<P>
+Because there may be many capturing parentheses in a pattern, all digits
+following a backslash are taken as part of a potential back reference number.
+If the pattern continues with a digit character, some delimiter must be used to
+terminate the back reference. If the PCRE_EXTENDED option is set, this can be
+white space. Otherwise, the \g{ syntax or an empty comment (see
+<a href="#comments">"Comments"</a>
+below) can be used.
+</P>
+<br><b>
+Recursive back references
+</b><br>
+<P>
+A back reference that occurs inside the parentheses to which it refers fails
+when the subpattern is first used, so, for example, (a\1) never matches.
+However, such references can be useful inside repeated subpatterns. For
+example, the pattern
+<pre>
+  (a|b\1)+
+</pre>
+matches any number of "a"s and also "aba", "ababbaa" etc. At each iteration of
+the subpattern, the back reference matches the character string corresponding
+to the previous iteration. In order for this to work, the pattern must be such
+that the first iteration does not need to match the back reference. This can be
+done using alternation, as in the example above, or by a quantifier with a
+minimum of zero.
+</P>
+<P>
+Back references of this type cause the group that they reference to be treated
+as an
+<a href="#atomicgroup">atomic group.</a>
+Once the whole group has been matched, a subsequent matching failure cannot
+cause backtracking into the middle of the group.
+<a name="bigassertions"></a></P>
+<br><a name="SEC20" href="#TOC1">ASSERTIONS</a><br>
+<P>
+An assertion is a test on the characters following or preceding the current
+matching point that does not actually consume any characters. The simple
+assertions coded as \b, \B, \A, \G, \Z, \z, ^ and $ are described
+<a href="#smallassertions">above.</a>
+</P>
+<P>
+More complicated assertions are coded as subpatterns. There are two kinds:
+those that look ahead of the current position in the subject string, and those
+that look behind it. An assertion subpattern is matched in the normal way,
+except that it does not cause the current matching position to be changed.
+</P>
+<P>
+Assertion subpatterns are not capturing subpatterns. If such an assertion
+contains capturing subpatterns within it, these are counted for the purposes of
+numbering the capturing subpatterns in the whole pattern. However, substring
+capturing is carried out only for positive assertions. (Perl sometimes, but not
+always, does do capturing in negative assertions.)
+</P>
+<P>
+WARNING: If a positive assertion containing one or more capturing subpatterns
+succeeds, but failure to match later in the pattern causes backtracking over
+this assertion, the captures within the assertion are reset only if no higher
+numbered captures are already set. This is, unfortunately, a fundamental
+limitation of the current implementation, and as PCRE1 is now in
+maintenance-only status, it is unlikely ever to change.
+</P>
+<P>
+For compatibility with Perl, assertion subpatterns may be repeated; though
+it makes no sense to assert the same thing several times, the side effect of
+capturing parentheses may occasionally be useful. In practice, there only three
+cases:
+<br>
+<br>
+(1) If the quantifier is {0}, the assertion is never obeyed during matching.
+However, it may contain internal capturing parenthesized groups that are called
+from elsewhere via the
+<a href="#subpatternsassubroutines">subroutine mechanism.</a>
+<br>
+<br>
+(2) If quantifier is {0,n} where n is greater than zero, it is treated as if it
+were {0,1}. At run time, the rest of the pattern match is tried with and
+without the assertion, the order depending on the greediness of the quantifier.
+<br>
+<br>
+(3) If the minimum repetition is greater than zero, the quantifier is ignored.
+The assertion is obeyed just once when encountered during matching.
+</P>
+<br><b>
+Lookahead assertions
+</b><br>
+<P>
+Lookahead assertions start with (?= for positive assertions and (?! for
+negative assertions. For example,
+<pre>
+  \w+(?=;)
+</pre>
+matches a word followed by a semicolon, but does not include the semicolon in
+the match, and
+<pre>
+  foo(?!bar)
+</pre>
+matches any occurrence of "foo" that is not followed by "bar". Note that the
+apparently similar pattern
+<pre>
+  (?!foo)bar
+</pre>
+does not find an occurrence of "bar" that is preceded by something other than
+"foo"; it finds any occurrence of "bar" whatsoever, because the assertion
+(?!foo) is always true when the next three characters are "bar". A
+lookbehind assertion is needed to achieve the other effect.
+</P>
+<P>
+If you want to force a matching failure at some point in a pattern, the most
+convenient way to do it is with (?!) because an empty string always matches, so
+an assertion that requires there not to be an empty string must always fail.
+The backtracking control verb (*FAIL) or (*F) is a synonym for (?!).
+<a name="lookbehind"></a></P>
+<br><b>
+Lookbehind assertions
+</b><br>
+<P>
+Lookbehind assertions start with (?&#60;= for positive assertions and (?&#60;! for
+negative assertions. For example,
+<pre>
+  (?&#60;!foo)bar
+</pre>
+does find an occurrence of "bar" that is not preceded by "foo". The contents of
+a lookbehind assertion are restricted such that all the strings it matches must
+have a fixed length. However, if there are several top-level alternatives, they
+do not all have to have the same fixed length. Thus
+<pre>
+  (?&#60;=bullock|donkey)
+</pre>
+is permitted, but
+<pre>
+  (?&#60;!dogs?|cats?)
+</pre>
+causes an error at compile time. Branches that match different length strings
+are permitted only at the top level of a lookbehind assertion. This is an
+extension compared with Perl, which requires all branches to match the same
+length of string. An assertion such as
+<pre>
+  (?&#60;=ab(c|de))
+</pre>
+is not permitted, because its single top-level branch can match two different
+lengths, but it is acceptable to PCRE if rewritten to use two top-level
+branches:
+<pre>
+  (?&#60;=abc|abde)
+</pre>
+In some cases, the escape sequence \K
+<a href="#resetmatchstart">(see above)</a>
+can be used instead of a lookbehind assertion to get round the fixed-length
+restriction.
+</P>
+<P>
+The implementation of lookbehind assertions is, for each alternative, to
+temporarily move the current position back by the fixed length and then try to
+match. If there are insufficient characters before the current position, the
+assertion fails.
+</P>
+<P>
+In a UTF mode, PCRE does not allow the \C escape (which matches a single data
+unit even in a UTF mode) to appear in lookbehind assertions, because it makes
+it impossible to calculate the length of the lookbehind. The \X and \R
+escapes, which can match different numbers of data units, are also not
+permitted.
+</P>
+<P>
+<a href="#subpatternsassubroutines">"Subroutine"</a>
+calls (see below) such as (?2) or (?&X) are permitted in lookbehinds, as long
+as the subpattern matches a fixed-length string.
+<a href="#recursion">Recursion,</a>
+however, is not supported.
+</P>
+<P>
+Possessive quantifiers can be used in conjunction with lookbehind assertions to
+specify efficient matching of fixed-length strings at the end of subject
+strings. Consider a simple pattern such as
+<pre>
+  abcd$
+</pre>
+when applied to a long string that does not match. Because matching proceeds
+from left to right, PCRE will look for each "a" in the subject and then see if
+what follows matches the rest of the pattern. If the pattern is specified as
+<pre>
+  ^.*abcd$
+</pre>
+the initial .* matches the entire string at first, but when this fails (because
+there is no following "a"), it backtracks to match all but the last character,
+then all but the last two characters, and so on. Once again the search for "a"
+covers the entire string, from right to left, so we are no better off. However,
+if the pattern is written as
+<pre>
+  ^.*+(?&#60;=abcd)
+</pre>
+there can be no backtracking for the .*+ item; it can match only the entire
+string. The subsequent lookbehind assertion does a single test on the last four
+characters. If it fails, the match fails immediately. For long strings, this
+approach makes a significant difference to the processing time.
+</P>
+<br><b>
+Using multiple assertions
+</b><br>
+<P>
+Several assertions (of any sort) may occur in succession. For example,
+<pre>
+  (?&#60;=\d{3})(?&#60;!999)foo
+</pre>
+matches "foo" preceded by three digits that are not "999". Notice that each of
+the assertions is applied independently at the same point in the subject
+string. First there is a check that the previous three characters are all
+digits, and then there is a check that the same three characters are not "999".
+This pattern does <i>not</i> match "foo" preceded by six characters, the first
+of which are digits and the last three of which are not "999". For example, it
+doesn't match "123abcfoo". A pattern to do that is
+<pre>
+  (?&#60;=\d{3}...)(?&#60;!999)foo
+</pre>
+This time the first assertion looks at the preceding six characters, checking
+that the first three are digits, and then the second assertion checks that the
+preceding three characters are not "999".
+</P>
+<P>
+Assertions can be nested in any combination. For example,
+<pre>
+  (?&#60;=(?&#60;!foo)bar)baz
+</pre>
+matches an occurrence of "baz" that is preceded by "bar" which in turn is not
+preceded by "foo", while
+<pre>
+  (?&#60;=\d{3}(?!999)...)foo
+</pre>
+is another pattern that matches "foo" preceded by three digits and any three
+characters that are not "999".
+<a name="conditions"></a></P>
+<br><a name="SEC21" href="#TOC1">CONDITIONAL SUBPATTERNS</a><br>
+<P>
+It is possible to cause the matching process to obey a subpattern
+conditionally or to choose between two alternative subpatterns, depending on
+the result of an assertion, or whether a specific capturing subpattern has
+already been matched. The two possible forms of conditional subpattern are:
+<pre>
+  (?(condition)yes-pattern)
+  (?(condition)yes-pattern|no-pattern)
+</pre>
+If the condition is satisfied, the yes-pattern is used; otherwise the
+no-pattern (if present) is used. If there are more than two alternatives in the
+subpattern, a compile-time error occurs. Each of the two alternatives may
+itself contain nested subpatterns of any form, including conditional
+subpatterns; the restriction to two alternatives applies only at the level of
+the condition. This pattern fragment is an example where the alternatives are
+complex:
+<pre>
+  (?(1) (A|B|C) | (D | (?(2)E|F) | E) )
+
+</PRE>
+</P>
+<P>
+There are four kinds of condition: references to subpatterns, references to
+recursion, a pseudo-condition called DEFINE, and assertions.
+</P>
+<br><b>
+Checking for a used subpattern by number
+</b><br>
+<P>
+If the text between the parentheses consists of a sequence of digits, the
+condition is true if a capturing subpattern of that number has previously
+matched. If there is more than one capturing subpattern with the same number
+(see the earlier
+<a href="#recursion">section about duplicate subpattern numbers),</a>
+the condition is true if any of them have matched. An alternative notation is
+to precede the digits with a plus or minus sign. In this case, the subpattern
+number is relative rather than absolute. The most recently opened parentheses
+can be referenced by (?(-1), the next most recent by (?(-2), and so on. Inside
+loops it can also make sense to refer to subsequent groups. The next
+parentheses to be opened can be referenced as (?(+1), and so on. (The value
+zero in any of these forms is not used; it provokes a compile-time error.)
+</P>
+<P>
+Consider the following pattern, which contains non-significant white space to
+make it more readable (assume the PCRE_EXTENDED option) and to divide it into
+three parts for ease of discussion:
+<pre>
+  ( \( )?    [^()]+    (?(1) \) )
+</pre>
+The first part matches an optional opening parenthesis, and if that
+character is present, sets it as the first captured substring. The second part
+matches one or more characters that are not parentheses. The third part is a
+conditional subpattern that tests whether or not the first set of parentheses
+matched. If they did, that is, if subject started with an opening parenthesis,
+the condition is true, and so the yes-pattern is executed and a closing
+parenthesis is required. Otherwise, since no-pattern is not present, the
+subpattern matches nothing. In other words, this pattern matches a sequence of
+non-parentheses, optionally enclosed in parentheses.
+</P>
+<P>
+If you were embedding this pattern in a larger one, you could use a relative
+reference:
+<pre>
+  ...other stuff... ( \( )?    [^()]+    (?(-1) \) ) ...
+</pre>
+This makes the fragment independent of the parentheses in the larger pattern.
+</P>
+<br><b>
+Checking for a used subpattern by name
+</b><br>
+<P>
+Perl uses the syntax (?(&#60;name&#62;)...) or (?('name')...) to test for a used
+subpattern by name. For compatibility with earlier versions of PCRE, which had
+this facility before Perl, the syntax (?(name)...) is also recognized.
+</P>
+<P>
+Rewriting the above example to use a named subpattern gives this:
+<pre>
+  (?&#60;OPEN&#62; \( )?    [^()]+    (?(&#60;OPEN&#62;) \) )
+</pre>
+If the name used in a condition of this kind is a duplicate, the test is
+applied to all subpatterns of the same name, and is true if any one of them has
+matched.
+</P>
+<br><b>
+Checking for pattern recursion
+</b><br>
+<P>
+If the condition is the string (R), and there is no subpattern with the name R,
+the condition is true if a recursive call to the whole pattern or any
+subpattern has been made. If digits or a name preceded by ampersand follow the
+letter R, for example:
+<pre>
+  (?(R3)...) or (?(R&name)...)
+</pre>
+the condition is true if the most recent recursion is into a subpattern whose
+number or name is given. This condition does not check the entire recursion
+stack. If the name used in a condition of this kind is a duplicate, the test is
+applied to all subpatterns of the same name, and is true if any one of them is
+the most recent recursion.
+</P>
+<P>
+At "top level", all these recursion test conditions are false.
+<a href="#recursion">The syntax for recursive patterns</a>
+is described below.
+<a name="subdefine"></a></P>
+<br><b>
+Defining subpatterns for use by reference only
+</b><br>
+<P>
+If the condition is the string (DEFINE), and there is no subpattern with the
+name DEFINE, the condition is always false. In this case, there may be only one
+alternative in the subpattern. It is always skipped if control reaches this
+point in the pattern; the idea of DEFINE is that it can be used to define
+subroutines that can be referenced from elsewhere. (The use of
+<a href="#subpatternsassubroutines">subroutines</a>
+is described below.) For example, a pattern to match an IPv4 address such as
+"192.168.23.245" could be written like this (ignore white space and line
+breaks):
+<pre>
+  (?(DEFINE) (?&#60;byte&#62; 2[0-4]\d | 25[0-5] | 1\d\d | [1-9]?\d) )
+  \b (?&byte) (\.(?&byte)){3} \b
+</pre>
+The first part of the pattern is a DEFINE group inside which a another group
+named "byte" is defined. This matches an individual component of an IPv4
+address (a number less than 256). When matching takes place, this part of the
+pattern is skipped because DEFINE acts like a false condition. The rest of the
+pattern uses references to the named group to match the four dot-separated
+components of an IPv4 address, insisting on a word boundary at each end.
+</P>
+<br><b>
+Assertion conditions
+</b><br>
+<P>
+If the condition is not in any of the above formats, it must be an assertion.
+This may be a positive or negative lookahead or lookbehind assertion. Consider
+this pattern, again containing non-significant white space, and with the two
+alternatives on the second line:
+<pre>
+  (?(?=[^a-z]*[a-z])
+  \d{2}-[a-z]{3}-\d{2}  |  \d{2}-\d{2}-\d{2} )
+</pre>
+The condition is a positive lookahead assertion that matches an optional
+sequence of non-letters followed by a letter. In other words, it tests for the
+presence of at least one letter in the subject. If a letter is found, the
+subject is matched against the first alternative; otherwise it is matched
+against the second. This pattern matches strings in one of the two forms
+dd-aaa-dd or dd-dd-dd, where aaa are letters and dd are digits.
+<a name="comments"></a></P>
+<br><a name="SEC22" href="#TOC1">COMMENTS</a><br>
+<P>
+There are two ways of including comments in patterns that are processed by
+PCRE. In both cases, the start of the comment must not be in a character class,
+nor in the middle of any other sequence of related characters such as (?: or a
+subpattern name or number. The characters that make up a comment play no part
+in the pattern matching.
+</P>
+<P>
+The sequence (?# marks the start of a comment that continues up to the next
+closing parenthesis. Nested parentheses are not permitted. If the PCRE_EXTENDED
+option is set, an unescaped # character also introduces a comment, which in
+this case continues to immediately after the next newline character or
+character sequence in the pattern. Which characters are interpreted as newlines
+is controlled by the options passed to a compiling function or by a special
+sequence at the start of the pattern, as described in the section entitled
+<a href="#newlines">"Newline conventions"</a>
+above. Note that the end of this type of comment is a literal newline sequence
+in the pattern; escape sequences that happen to represent a newline do not
+count. For example, consider this pattern when PCRE_EXTENDED is set, and the
+default newline convention is in force:
+<pre>
+  abc #comment \n still comment
+</pre>
+On encountering the # character, <b>pcre_compile()</b> skips along, looking for
+a newline in the pattern. The sequence \n is still literal at this stage, so
+it does not terminate the comment. Only an actual character with the code value
+0x0a (the default newline) does so.
+<a name="recursion"></a></P>
+<br><a name="SEC23" href="#TOC1">RECURSIVE PATTERNS</a><br>
+<P>
+Consider the problem of matching a string in parentheses, allowing for
+unlimited nested parentheses. Without the use of recursion, the best that can
+be done is to use a pattern that matches up to some fixed depth of nesting. It
+is not possible to handle an arbitrary nesting depth.
+</P>
+<P>
+For some time, Perl has provided a facility that allows regular expressions to
+recurse (amongst other things). It does this by interpolating Perl code in the
+expression at run time, and the code can refer to the expression itself. A Perl
+pattern using code interpolation to solve the parentheses problem can be
+created like this:
+<pre>
+  $re = qr{\( (?: (?&#62;[^()]+) | (?p{$re}) )* \)}x;
+</pre>
+The (?p{...}) item interpolates Perl code at run time, and in this case refers
+recursively to the pattern in which it appears.
+</P>
+<P>
+Obviously, PCRE cannot support the interpolation of Perl code. Instead, it
+supports special syntax for recursion of the entire pattern, and also for
+individual subpattern recursion. After its introduction in PCRE and Python,
+this kind of recursion was subsequently introduced into Perl at release 5.10.
+</P>
+<P>
+A special item that consists of (? followed by a number greater than zero and a
+closing parenthesis is a recursive subroutine call of the subpattern of the
+given number, provided that it occurs inside that subpattern. (If not, it is a
+<a href="#subpatternsassubroutines">non-recursive subroutine</a>
+call, which is described in the next section.) The special item (?R) or (?0) is
+a recursive call of the entire regular expression.
+</P>
+<P>
+This PCRE pattern solves the nested parentheses problem (assume the
+PCRE_EXTENDED option is set so that white space is ignored):
+<pre>
+  \( ( [^()]++ | (?R) )* \)
+</pre>
+First it matches an opening parenthesis. Then it matches any number of
+substrings which can either be a sequence of non-parentheses, or a recursive
+match of the pattern itself (that is, a correctly parenthesized substring).
+Finally there is a closing parenthesis. Note the use of a possessive quantifier
+to avoid backtracking into sequences of non-parentheses.
+</P>
+<P>
+If this were part of a larger pattern, you would not want to recurse the entire
+pattern, so instead you could use this:
+<pre>
+  ( \( ( [^()]++ | (?1) )* \) )
+</pre>
+We have put the pattern into parentheses, and caused the recursion to refer to
+them instead of the whole pattern.
+</P>
+<P>
+In a larger pattern, keeping track of parenthesis numbers can be tricky. This
+is made easier by the use of relative references. Instead of (?1) in the
+pattern above you can write (?-2) to refer to the second most recently opened
+parentheses preceding the recursion. In other words, a negative number counts
+capturing parentheses leftwards from the point at which it is encountered.
+</P>
+<P>
+It is also possible to refer to subsequently opened parentheses, by writing
+references such as (?+2). However, these cannot be recursive because the
+reference is not inside the parentheses that are referenced. They are always
+<a href="#subpatternsassubroutines">non-recursive subroutine</a>
+calls, as described in the next section.
+</P>
+<P>
+An alternative approach is to use named parentheses instead. The Perl syntax
+for this is (?&name); PCRE's earlier syntax (?P&#62;name) is also supported. We
+could rewrite the above example as follows:
+<pre>
+  (?&#60;pn&#62; \( ( [^()]++ | (?&pn) )* \) )
+</pre>
+If there is more than one subpattern with the same name, the earliest one is
+used.
+</P>
+<P>
+This particular example pattern that we have been looking at contains nested
+unlimited repeats, and so the use of a possessive quantifier for matching
+strings of non-parentheses is important when applying the pattern to strings
+that do not match. For example, when this pattern is applied to
+<pre>
+  (aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa()
+</pre>
+it yields "no match" quickly. However, if a possessive quantifier is not used,
+the match runs for a very long time indeed because there are so many different
+ways the + and * repeats can carve up the subject, and all have to be tested
+before failure can be reported.
+</P>
+<P>
+At the end of a match, the values of capturing parentheses are those from
+the outermost level. If you want to obtain intermediate values, a callout
+function can be used (see below and the
+<a href="pcrecallout.html"><b>pcrecallout</b></a>
+documentation). If the pattern above is matched against
+<pre>
+  (ab(cd)ef)
+</pre>
+the value for the inner capturing parentheses (numbered 2) is "ef", which is
+the last value taken on at the top level. If a capturing subpattern is not
+matched at the top level, its final captured value is unset, even if it was
+(temporarily) set at a deeper level during the matching process.
+</P>
+<P>
+If there are more than 15 capturing parentheses in a pattern, PCRE has to
+obtain extra memory to store data during a recursion, which it does by using
+<b>pcre_malloc</b>, freeing it via <b>pcre_free</b> afterwards. If no memory can
+be obtained, the match fails with the PCRE_ERROR_NOMEMORY error.
+</P>
+<P>
+Do not confuse the (?R) item with the condition (R), which tests for recursion.
+Consider this pattern, which matches text in angle brackets, allowing for
+arbitrary nesting. Only digits are allowed in nested brackets (that is, when
+recursing), whereas any characters are permitted at the outer level.
+<pre>
+  &#60; (?: (?(R) \d++  | [^&#60;&#62;]*+) | (?R)) * &#62;
+</pre>
+In this pattern, (?(R) is the start of a conditional subpattern, with two
+different alternatives for the recursive and non-recursive cases. The (?R) item
+is the actual recursive call.
+<a name="recursiondifference"></a></P>
+<br><b>
+Differences in recursion processing between PCRE and Perl
+</b><br>
+<P>
+Recursion processing in PCRE differs from Perl in two important ways. In PCRE
+(like Python, but unlike Perl), a recursive subpattern call is always treated
+as an atomic group. That is, once it has matched some of the subject string, it
+is never re-entered, even if it contains untried alternatives and there is a
+subsequent matching failure. This can be illustrated by the following pattern,
+which purports to match a palindromic string that contains an odd number of
+characters (for example, "a", "aba", "abcba", "abcdcba"):
+<pre>
+  ^(.|(.)(?1)\2)$
+</pre>
+The idea is that it either matches a single character, or two identical
+characters surrounding a sub-palindrome. In Perl, this pattern works; in PCRE
+it does not if the pattern is longer than three characters. Consider the
+subject string "abcba":
+</P>
+<P>
+At the top level, the first character is matched, but as it is not at the end
+of the string, the first alternative fails; the second alternative is taken
+and the recursion kicks in. The recursive call to subpattern 1 successfully
+matches the next character ("b"). (Note that the beginning and end of line
+tests are not part of the recursion).
+</P>
+<P>
+Back at the top level, the next character ("c") is compared with what
+subpattern 2 matched, which was "a". This fails. Because the recursion is
+treated as an atomic group, there are now no backtracking points, and so the
+entire match fails. (Perl is able, at this point, to re-enter the recursion and
+try the second alternative.) However, if the pattern is written with the
+alternatives in the other order, things are different:
+<pre>
+  ^((.)(?1)\2|.)$
+</pre>
+This time, the recursing alternative is tried first, and continues to recurse
+until it runs out of characters, at which point the recursion fails. But this
+time we do have another alternative to try at the higher level. That is the big
+difference: in the previous case the remaining alternative is at a deeper
+recursion level, which PCRE cannot use.
+</P>
+<P>
+To change the pattern so that it matches all palindromic strings, not just
+those with an odd number of characters, it is tempting to change the pattern to
+this:
+<pre>
+  ^((.)(?1)\2|.?)$
+</pre>
+Again, this works in Perl, but not in PCRE, and for the same reason. When a
+deeper recursion has matched a single character, it cannot be entered again in
+order to match an empty string. The solution is to separate the two cases, and
+write out the odd and even cases as alternatives at the higher level:
+<pre>
+  ^(?:((.)(?1)\2|)|((.)(?3)\4|.))
+</pre>
+If you want to match typical palindromic phrases, the pattern has to ignore all
+non-word characters, which can be done like this:
+<pre>
+  ^\W*+(?:((.)\W*+(?1)\W*+\2|)|((.)\W*+(?3)\W*+\4|\W*+.\W*+))\W*+$
+</pre>
+If run with the PCRE_CASELESS option, this pattern matches phrases such as "A
+man, a plan, a canal: Panama!" and it works well in both PCRE and Perl. Note
+the use of the possessive quantifier *+ to avoid backtracking into sequences of
+non-word characters. Without this, PCRE takes a great deal longer (ten times or
+more) to match typical phrases, and Perl takes so long that you think it has
+gone into a loop.
+</P>
+<P>
+<b>WARNING</b>: The palindrome-matching patterns above work only if the subject
+string does not start with a palindrome that is shorter than the entire string.
+For example, although "abcba" is correctly matched, if the subject is "ababa",
+PCRE finds the palindrome "aba" at the start, then fails at top level because
+the end of the string does not follow. Once again, it cannot jump back into the
+recursion to try other alternatives, so the entire match fails.
+</P>
+<P>
+The second way in which PCRE and Perl differ in their recursion processing is
+in the handling of captured values. In Perl, when a subpattern is called
+recursively or as a subpattern (see the next section), it has no access to any
+values that were captured outside the recursion, whereas in PCRE these values
+can be referenced. Consider this pattern:
+<pre>
+  ^(.)(\1|a(?2))
+</pre>
+In PCRE, this pattern matches "bab". The first capturing parentheses match "b",
+then in the second group, when the back reference \1 fails to match "b", the
+second alternative matches "a" and then recurses. In the recursion, \1 does
+now match "b" and so the whole match succeeds. In Perl, the pattern fails to
+match because inside the recursive call \1 cannot access the externally set
+value.
+<a name="subpatternsassubroutines"></a></P>
+<br><a name="SEC24" href="#TOC1">SUBPATTERNS AS SUBROUTINES</a><br>
+<P>
+If the syntax for a recursive subpattern call (either by number or by
+name) is used outside the parentheses to which it refers, it operates like a
+subroutine in a programming language. The called subpattern may be defined
+before or after the reference. A numbered reference can be absolute or
+relative, as in these examples:
+<pre>
+  (...(absolute)...)...(?2)...
+  (...(relative)...)...(?-1)...
+  (...(?+1)...(relative)...
+</pre>
+An earlier example pointed out that the pattern
+<pre>
+  (sens|respons)e and \1ibility
+</pre>
+matches "sense and sensibility" and "response and responsibility", but not
+"sense and responsibility". If instead the pattern
+<pre>
+  (sens|respons)e and (?1)ibility
+</pre>
+is used, it does match "sense and responsibility" as well as the other two
+strings. Another example is given in the discussion of DEFINE above.
+</P>
+<P>
+All subroutine calls, whether recursive or not, are always treated as atomic
+groups. That is, once a subroutine has matched some of the subject string, it
+is never re-entered, even if it contains untried alternatives and there is a
+subsequent matching failure. Any capturing parentheses that are set during the
+subroutine call revert to their previous values afterwards.
+</P>
+<P>
+Processing options such as case-independence are fixed when a subpattern is
+defined, so if it is used as a subroutine, such options cannot be changed for
+different calls. For example, consider this pattern:
+<pre>
+  (abc)(?i:(?-1))
+</pre>
+It matches "abcabc". It does not match "abcABC" because the change of
+processing option does not affect the called subpattern.
+<a name="onigurumasubroutines"></a></P>
+<br><a name="SEC25" href="#TOC1">ONIGURUMA SUBROUTINE SYNTAX</a><br>
+<P>
+For compatibility with Oniguruma, the non-Perl syntax \g followed by a name or
+a number enclosed either in angle brackets or single quotes, is an alternative
+syntax for referencing a subpattern as a subroutine, possibly recursively. Here
+are two of the examples used above, rewritten using this syntax:
+<pre>
+  (?&#60;pn&#62; \( ( (?&#62;[^()]+) | \g&#60;pn&#62; )* \) )
+  (sens|respons)e and \g'1'ibility
+</pre>
+PCRE supports an extension to Oniguruma: if a number is preceded by a
+plus or a minus sign it is taken as a relative reference. For example:
+<pre>
+  (abc)(?i:\g&#60;-1&#62;)
+</pre>
+Note that \g{...} (Perl syntax) and \g&#60;...&#62; (Oniguruma syntax) are <i>not</i>
+synonymous. The former is a back reference; the latter is a subroutine call.
+</P>
+<br><a name="SEC26" href="#TOC1">CALLOUTS</a><br>
+<P>
+Perl has a feature whereby using the sequence (?{...}) causes arbitrary Perl
+code to be obeyed in the middle of matching a regular expression. This makes it
+possible, amongst other things, to extract different substrings that match the
+same pair of parentheses when there is a repetition.
+</P>
+<P>
+PCRE provides a similar feature, but of course it cannot obey arbitrary Perl
+code. The feature is called "callout". The caller of PCRE provides an external
+function by putting its entry point in the global variable <i>pcre_callout</i>
+(8-bit library) or <i>pcre[16|32]_callout</i> (16-bit or 32-bit library).
+By default, this variable contains NULL, which disables all calling out.
+</P>
+<P>
+Within a regular expression, (?C) indicates the points at which the external
+function is to be called. If you want to identify different callout points, you
+can put a number less than 256 after the letter C. The default value is zero.
+For example, this pattern has two callout points:
+<pre>
+  (?C1)abc(?C2)def
+</pre>
+If the PCRE_AUTO_CALLOUT flag is passed to a compiling function, callouts are
+automatically installed before each item in the pattern. They are all numbered
+255. If there is a conditional group in the pattern whose condition is an
+assertion, an additional callout is inserted just before the condition. An
+explicit callout may also be set at this position, as in this example:
+<pre>
+  (?(?C9)(?=a)abc|def)
+</pre>
+Note that this applies only to assertion conditions, not to other types of
+condition.
+</P>
+<P>
+During matching, when PCRE reaches a callout point, the external function is
+called. It is provided with the number of the callout, the position in the
+pattern, and, optionally, one item of data originally supplied by the caller of
+the matching function. The callout function may cause matching to proceed, to
+backtrack, or to fail altogether.
+</P>
+<P>
+By default, PCRE implements a number of optimizations at compile time and
+matching time, and one side-effect is that sometimes callouts are skipped. If
+you need all possible callouts to happen, you need to set options that disable
+the relevant optimizations. More details, and a complete description of the
+interface to the callout function, are given in the
+<a href="pcrecallout.html"><b>pcrecallout</b></a>
+documentation.
+<a name="backtrackcontrol"></a></P>
+<br><a name="SEC27" href="#TOC1">BACKTRACKING CONTROL</a><br>
+<P>
+Perl 5.10 introduced a number of "Special Backtracking Control Verbs", which
+are still described in the Perl documentation as "experimental and subject to
+change or removal in a future version of Perl". It goes on to say: "Their usage
+in production code should be noted to avoid problems during upgrades." The same
+remarks apply to the PCRE features described in this section.
+</P>
+<P>
+The new verbs make use of what was previously invalid syntax: an opening
+parenthesis followed by an asterisk. They are generally of the form
+(*VERB) or (*VERB:NAME). Some may take either form, possibly behaving
+differently depending on whether or not a name is present. A name is any
+sequence of characters that does not include a closing parenthesis. The maximum
+length of name is 255 in the 8-bit library and 65535 in the 16-bit and 32-bit
+libraries. If the name is empty, that is, if the closing parenthesis
+immediately follows the colon, the effect is as if the colon were not there.
+Any number of these verbs may occur in a pattern.
+</P>
+<P>
+Since these verbs are specifically related to backtracking, most of them can be
+used only when the pattern is to be matched using one of the traditional
+matching functions, because these use a backtracking algorithm. With the
+exception of (*FAIL), which behaves like a failing negative assertion, the
+backtracking control verbs cause an error if encountered by a DFA matching
+function.
+</P>
+<P>
+The behaviour of these verbs in
+<a href="#btrepeat">repeated groups,</a>
+<a href="#btassert">assertions,</a>
+and in
+<a href="#btsub">subpatterns called as subroutines</a>
+(whether or not recursively) is documented below.
+<a name="nooptimize"></a></P>
+<br><b>
+Optimizations that affect backtracking verbs
+</b><br>
+<P>
+PCRE contains some optimizations that are used to speed up matching by running
+some checks at the start of each match attempt. For example, it may know the
+minimum length of matching subject, or that a particular character must be
+present. When one of these optimizations bypasses the running of a match, any
+included backtracking verbs will not, of course, be processed. You can suppress
+the start-of-match optimizations by setting the PCRE_NO_START_OPTIMIZE option
+when calling <b>pcre_compile()</b> or <b>pcre_exec()</b>, or by starting the
+pattern with (*NO_START_OPT). There is more discussion of this option in the
+section entitled
+<a href="pcreapi.html#execoptions">"Option bits for <b>pcre_exec()</b>"</a>
+in the
+<a href="pcreapi.html"><b>pcreapi</b></a>
+documentation.
+</P>
+<P>
+Experiments with Perl suggest that it too has similar optimizations, sometimes
+leading to anomalous results.
+</P>
+<br><b>
+Verbs that act immediately
+</b><br>
+<P>
+The following verbs act as soon as they are encountered. They may not be
+followed by a name.
+<pre>
+   (*ACCEPT)
+</pre>
+This verb causes the match to end successfully, skipping the remainder of the
+pattern. However, when it is inside a subpattern that is called as a
+subroutine, only that subpattern is ended successfully. Matching then continues
+at the outer level. If (*ACCEPT) in triggered in a positive assertion, the
+assertion succeeds; in a negative assertion, the assertion fails.
+</P>
+<P>
+If (*ACCEPT) is inside capturing parentheses, the data so far is captured. For
+example:
+<pre>
+  A((?:A|B(*ACCEPT)|C)D)
+</pre>
+This matches "AB", "AAD", or "ACD"; when it matches "AB", "B" is captured by
+the outer parentheses.
+<pre>
+  (*FAIL) or (*F)
+</pre>
+This verb causes a matching failure, forcing backtracking to occur. It is
+equivalent to (?!) but easier to read. The Perl documentation notes that it is
+probably useful only when combined with (?{}) or (??{}). Those are, of course,
+Perl features that are not present in PCRE. The nearest equivalent is the
+callout feature, as for example in this pattern:
+<pre>
+  a+(?C)(*FAIL)
+</pre>
+A match with the string "aaaa" always fails, but the callout is taken before
+each backtrack happens (in this example, 10 times).
+</P>
+<br><b>
+Recording which path was taken
+</b><br>
+<P>
+There is one verb whose main purpose is to track how a match was arrived at,
+though it also has a secondary use in conjunction with advancing the match
+starting point (see (*SKIP) below).
+<pre>
+  (*MARK:NAME) or (*:NAME)
+</pre>
+A name is always required with this verb. There may be as many instances of
+(*MARK) as you like in a pattern, and their names do not have to be unique.
+</P>
+<P>
+When a match succeeds, the name of the last-encountered (*MARK:NAME),
+(*PRUNE:NAME), or (*THEN:NAME) on the matching path is passed back to the
+caller as described in the section entitled
+<a href="pcreapi.html#extradata">"Extra data for <b>pcre_exec()</b>"</a>
+in the
+<a href="pcreapi.html"><b>pcreapi</b></a>
+documentation. Here is an example of <b>pcretest</b> output, where the /K
+modifier requests the retrieval and outputting of (*MARK) data:
+<pre>
+    re&#62; /X(*MARK:A)Y|X(*MARK:B)Z/K
+  data&#62; XY
+   0: XY
+  MK: A
+  XZ
+   0: XZ
+  MK: B
+</pre>
+The (*MARK) name is tagged with "MK:" in this output, and in this example it
+indicates which of the two alternatives matched. This is a more efficient way
+of obtaining this information than putting each alternative in its own
+capturing parentheses.
+</P>
+<P>
+If a verb with a name is encountered in a positive assertion that is true, the
+name is recorded and passed back if it is the last-encountered. This does not
+happen for negative assertions or failing positive assertions.
+</P>
+<P>
+After a partial match or a failed match, the last encountered name in the
+entire match process is returned. For example:
+<pre>
+    re&#62; /X(*MARK:A)Y|X(*MARK:B)Z/K
+  data&#62; XP
+  No match, mark = B
+</pre>
+Note that in this unanchored example the mark is retained from the match
+attempt that started at the letter "X" in the subject. Subsequent match
+attempts starting at "P" and then with an empty string do not get as far as the
+(*MARK) item, but nevertheless do not reset it.
+</P>
+<P>
+If you are interested in (*MARK) values after failed matches, you should
+probably set the PCRE_NO_START_OPTIMIZE option
+<a href="#nooptimize">(see above)</a>
+to ensure that the match is always attempted.
+</P>
+<br><b>
+Verbs that act after backtracking
+</b><br>
+<P>
+The following verbs do nothing when they are encountered. Matching continues
+with what follows, but if there is no subsequent match, causing a backtrack to
+the verb, a failure is forced. That is, backtracking cannot pass to the left of
+the verb. However, when one of these verbs appears inside an atomic group or an
+assertion that is true, its effect is confined to that group, because once the
+group has been matched, there is never any backtracking into it. In this
+situation, backtracking can "jump back" to the left of the entire atomic group
+or assertion. (Remember also, as stated above, that this localization also
+applies in subroutine calls.)
+</P>
+<P>
+These verbs differ in exactly what kind of failure occurs when backtracking
+reaches them. The behaviour described below is what happens when the verb is
+not in a subroutine or an assertion. Subsequent sections cover these special
+cases.
+<pre>
+  (*COMMIT)
+</pre>
+This verb, which may not be followed by a name, causes the whole match to fail
+outright if there is a later matching failure that causes backtracking to reach
+it. Even if the pattern is unanchored, no further attempts to find a match by
+advancing the starting point take place. If (*COMMIT) is the only backtracking
+verb that is encountered, once it has been passed <b>pcre_exec()</b> is
+committed to finding a match at the current starting point, or not at all. For
+example:
+<pre>
+  a+(*COMMIT)b
+</pre>
+This matches "xxaab" but not "aacaab". It can be thought of as a kind of
+dynamic anchor, or "I've started, so I must finish." The name of the most
+recently passed (*MARK) in the path is passed back when (*COMMIT) forces a
+match failure.
+</P>
+<P>
+If there is more than one backtracking verb in a pattern, a different one that
+follows (*COMMIT) may be triggered first, so merely passing (*COMMIT) during a
+match does not always guarantee that a match must be at this starting point.
+</P>
+<P>
+Note that (*COMMIT) at the start of a pattern is not the same as an anchor,
+unless PCRE's start-of-match optimizations are turned off, as shown in this
+output from <b>pcretest</b>:
+<pre>
+    re&#62; /(*COMMIT)abc/
+  data&#62; xyzabc
+   0: abc
+  data&#62; xyzabc\Y
+  No match
+</pre>
+For this pattern, PCRE knows that any match must start with "a", so the
+optimization skips along the subject to "a" before applying the pattern to the
+first set of data. The match attempt then succeeds. In the second set of data,
+the escape sequence \Y is interpreted by the <b>pcretest</b> program. It causes
+the PCRE_NO_START_OPTIMIZE option to be set when <b>pcre_exec()</b> is called.
+This disables the optimization that skips along to the first character. The
+pattern is now applied starting at "x", and so the (*COMMIT) causes the match
+to fail without trying any other starting points.
+<pre>
+  (*PRUNE) or (*PRUNE:NAME)
+</pre>
+This verb causes the match to fail at the current starting position in the
+subject if there is a later matching failure that causes backtracking to reach
+it. If the pattern is unanchored, the normal "bumpalong" advance to the next
+starting character then happens. Backtracking can occur as usual to the left of
+(*PRUNE), before it is reached, or when matching to the right of (*PRUNE), but
+if there is no match to the right, backtracking cannot cross (*PRUNE). In
+simple cases, the use of (*PRUNE) is just an alternative to an atomic group or
+possessive quantifier, but there are some uses of (*PRUNE) that cannot be
+expressed in any other way. In an anchored pattern (*PRUNE) has the same effect
+as (*COMMIT).
+</P>
+<P>
+The behaviour of (*PRUNE:NAME) is the not the same as (*MARK:NAME)(*PRUNE).
+It is like (*MARK:NAME) in that the name is remembered for passing back to the
+caller. However, (*SKIP:NAME) searches only for names set with (*MARK).
+<pre>
+  (*SKIP)
+</pre>
+This verb, when given without a name, is like (*PRUNE), except that if the
+pattern is unanchored, the "bumpalong" advance is not to the next character,
+but to the position in the subject where (*SKIP) was encountered. (*SKIP)
+signifies that whatever text was matched leading up to it cannot be part of a
+successful match. Consider:
+<pre>
+  a+(*SKIP)b
+</pre>
+If the subject is "aaaac...", after the first match attempt fails (starting at
+the first character in the string), the starting point skips on to start the
+next attempt at "c". Note that a possessive quantifer does not have the same
+effect as this example; although it would suppress backtracking during the
+first match attempt, the second attempt would start at the second character
+instead of skipping on to "c".
+<pre>
+  (*SKIP:NAME)
+</pre>
+When (*SKIP) has an associated name, its behaviour is modified. When it is
+triggered, the previous path through the pattern is searched for the most
+recent (*MARK) that has the same name. If one is found, the "bumpalong" advance
+is to the subject position that corresponds to that (*MARK) instead of to where
+(*SKIP) was encountered. If no (*MARK) with a matching name is found, the
+(*SKIP) is ignored.
+</P>
+<P>
+Note that (*SKIP:NAME) searches only for names set by (*MARK:NAME). It ignores
+names that are set by (*PRUNE:NAME) or (*THEN:NAME).
+<pre>
+  (*THEN) or (*THEN:NAME)
+</pre>
+This verb causes a skip to the next innermost alternative when backtracking
+reaches it. That is, it cancels any further backtracking within the current
+alternative. Its name comes from the observation that it can be used for a
+pattern-based if-then-else block:
+<pre>
+  ( COND1 (*THEN) FOO | COND2 (*THEN) BAR | COND3 (*THEN) BAZ ) ...
+</pre>
+If the COND1 pattern matches, FOO is tried (and possibly further items after
+the end of the group if FOO succeeds); on failure, the matcher skips to the
+second alternative and tries COND2, without backtracking into COND1. If that
+succeeds and BAR fails, COND3 is tried. If subsequently BAZ fails, there are no
+more alternatives, so there is a backtrack to whatever came before the entire
+group. If (*THEN) is not inside an alternation, it acts like (*PRUNE).
+</P>
+<P>
+The behaviour of (*THEN:NAME) is the not the same as (*MARK:NAME)(*THEN).
+It is like (*MARK:NAME) in that the name is remembered for passing back to the
+caller. However, (*SKIP:NAME) searches only for names set with (*MARK).
+</P>
+<P>
+A subpattern that does not contain a | character is just a part of the
+enclosing alternative; it is not a nested alternation with only one
+alternative. The effect of (*THEN) extends beyond such a subpattern to the
+enclosing alternative. Consider this pattern, where A, B, etc. are complex
+pattern fragments that do not contain any | characters at this level:
+<pre>
+  A (B(*THEN)C) | D
+</pre>
+If A and B are matched, but there is a failure in C, matching does not
+backtrack into A; instead it moves to the next alternative, that is, D.
+However, if the subpattern containing (*THEN) is given an alternative, it
+behaves differently:
+<pre>
+  A (B(*THEN)C | (*FAIL)) | D
+</pre>
+The effect of (*THEN) is now confined to the inner subpattern. After a failure
+in C, matching moves to (*FAIL), which causes the whole subpattern to fail
+because there are no more alternatives to try. In this case, matching does now
+backtrack into A.
+</P>
+<P>
+Note that a conditional subpattern is not considered as having two
+alternatives, because only one is ever used. In other words, the | character in
+a conditional subpattern has a different meaning. Ignoring white space,
+consider:
+<pre>
+  ^.*? (?(?=a) a | b(*THEN)c )
+</pre>
+If the subject is "ba", this pattern does not match. Because .*? is ungreedy,
+it initially matches zero characters. The condition (?=a) then fails, the
+character "b" is matched, but "c" is not. At this point, matching does not
+backtrack to .*? as might perhaps be expected from the presence of the |
+character. The conditional subpattern is part of the single alternative that
+comprises the whole pattern, and so the match fails. (If there was a backtrack
+into .*?, allowing it to match "b", the match would succeed.)
+</P>
+<P>
+The verbs just described provide four different "strengths" of control when
+subsequent matching fails. (*THEN) is the weakest, carrying on the match at the
+next alternative. (*PRUNE) comes next, failing the match at the current
+starting position, but allowing an advance to the next character (for an
+unanchored pattern). (*SKIP) is similar, except that the advance may be more
+than one character. (*COMMIT) is the strongest, causing the entire match to
+fail.
+</P>
+<br><b>
+More than one backtracking verb
+</b><br>
+<P>
+If more than one backtracking verb is present in a pattern, the one that is
+backtracked onto first acts. For example, consider this pattern, where A, B,
+etc. are complex pattern fragments:
+<pre>
+  (A(*COMMIT)B(*THEN)C|ABD)
+</pre>
+If A matches but B fails, the backtrack to (*COMMIT) causes the entire match to
+fail. However, if A and B match, but C fails, the backtrack to (*THEN) causes
+the next alternative (ABD) to be tried. This behaviour is consistent, but is
+not always the same as Perl's. It means that if two or more backtracking verbs
+appear in succession, all the the last of them has no effect. Consider this
+example:
+<pre>
+  ...(*COMMIT)(*PRUNE)...
+</pre>
+If there is a matching failure to the right, backtracking onto (*PRUNE) causes
+it to be triggered, and its action is taken. There can never be a backtrack
+onto (*COMMIT).
+<a name="btrepeat"></a></P>
+<br><b>
+Backtracking verbs in repeated groups
+</b><br>
+<P>
+PCRE differs from Perl in its handling of backtracking verbs in repeated
+groups. For example, consider:
+<pre>
+  /(a(*COMMIT)b)+ac/
+</pre>
+If the subject is "abac", Perl matches, but PCRE fails because the (*COMMIT) in
+the second repeat of the group acts.
+<a name="btassert"></a></P>
+<br><b>
+Backtracking verbs in assertions
+</b><br>
+<P>
+(*FAIL) in an assertion has its normal effect: it forces an immediate backtrack.
+</P>
+<P>
+(*ACCEPT) in a positive assertion causes the assertion to succeed without any
+further processing. In a negative assertion, (*ACCEPT) causes the assertion to
+fail without any further processing.
+</P>
+<P>
+The other backtracking verbs are not treated specially if they appear in a
+positive assertion. In particular, (*THEN) skips to the next alternative in the
+innermost enclosing group that has alternations, whether or not this is within
+the assertion.
+</P>
+<P>
+Negative assertions are, however, different, in order to ensure that changing a
+positive assertion into a negative assertion changes its result. Backtracking
+into (*COMMIT), (*SKIP), or (*PRUNE) causes a negative assertion to be true,
+without considering any further alternative branches in the assertion.
+Backtracking into (*THEN) causes it to skip to the next enclosing alternative
+within the assertion (the normal behaviour), but if the assertion does not have
+such an alternative, (*THEN) behaves like (*PRUNE).
+<a name="btsub"></a></P>
+<br><b>
+Backtracking verbs in subroutines
+</b><br>
+<P>
+These behaviours occur whether or not the subpattern is called recursively.
+Perl's treatment of subroutines is different in some cases.
+</P>
+<P>
+(*FAIL) in a subpattern called as a subroutine has its normal effect: it forces
+an immediate backtrack.
+</P>
+<P>
+(*ACCEPT) in a subpattern called as a subroutine causes the subroutine match to
+succeed without any further processing. Matching then continues after the
+subroutine call.
+</P>
+<P>
+(*COMMIT), (*SKIP), and (*PRUNE) in a subpattern called as a subroutine cause
+the subroutine match to fail.
+</P>
+<P>
+(*THEN) skips to the next alternative in the innermost enclosing group within
+the subpattern that has alternatives. If there is no such group within the
+subpattern, (*THEN) causes the subroutine match to fail.
+</P>
+<br><a name="SEC28" href="#TOC1">SEE ALSO</a><br>
+<P>
+<b>pcreapi</b>(3), <b>pcrecallout</b>(3), <b>pcrematching</b>(3),
+<b>pcresyntax</b>(3), <b>pcre</b>(3), <b>pcre16(3)</b>, <b>pcre32(3)</b>.
+</P>
+<br><a name="SEC29" href="#TOC1">AUTHOR</a><br>
+<P>
+Philip Hazel
+<br>
+University Computing Service
+<br>
+Cambridge CB2 3QH, England.
+<br>
+</P>
+<br><a name="SEC30" href="#TOC1">REVISION</a><br>
+<P>
+Last updated: 23 October 2016
+<br>
+Copyright &copy; 1997-2016 University of Cambridge.
+<br>
+<p>
+Return to the <a href="index.html">PCRE index page</a>.
+</p>
diff --git a/client/3rd/ShadowSocks/ShadowSocks/pcre/armv7/share/doc/pcre/html/pcreperform.html b/client/3rd/ShadowSocks/ShadowSocks/pcre/armv7/share/doc/pcre/html/pcreperform.html
new file mode 100644
index 00000000..dda207f9
--- /dev/null
+++ b/client/3rd/ShadowSocks/ShadowSocks/pcre/armv7/share/doc/pcre/html/pcreperform.html
@@ -0,0 +1,195 @@
+<html>
+<head>
+<title>pcreperform specification</title>
+</head>
+<body bgcolor="#FFFFFF" text="#00005A" link="#0066FF" alink="#3399FF" vlink="#2222BB">
+<h1>pcreperform man page</h1>
+<p>
+Return to the <a href="index.html">PCRE index page</a>.
+</p>
+<p>
+This page is part of the PCRE HTML documentation. It was generated automatically
+from the original man page. If there is any nonsense in it, please consult the
+man page, in case the conversion went wrong.
+<br>
+<br><b>
+PCRE PERFORMANCE
+</b><br>
+<P>
+Two aspects of performance are discussed below: memory usage and processing
+time. The way you express your pattern as a regular expression can affect both
+of them.
+</P>
+<br><b>
+COMPILED PATTERN MEMORY USAGE
+</b><br>
+<P>
+Patterns are compiled by PCRE into a reasonably efficient interpretive code, so
+that most simple patterns do not use much memory. However, there is one case
+where the memory usage of a compiled pattern can be unexpectedly large. If a
+parenthesized subpattern has a quantifier with a minimum greater than 1 and/or
+a limited maximum, the whole subpattern is repeated in the compiled code. For
+example, the pattern
+<pre>
+  (abc|def){2,4}
+</pre>
+is compiled as if it were
+<pre>
+  (abc|def)(abc|def)((abc|def)(abc|def)?)?
+</pre>
+(Technical aside: It is done this way so that backtrack points within each of
+the repetitions can be independently maintained.)
+</P>
+<P>
+For regular expressions whose quantifiers use only small numbers, this is not
+usually a problem. However, if the numbers are large, and particularly if such
+repetitions are nested, the memory usage can become an embarrassment. For
+example, the very simple pattern
+<pre>
+  ((ab){1,1000}c){1,3}
+</pre>
+uses 51K bytes when compiled using the 8-bit library. When PCRE is compiled
+with its default internal pointer size of two bytes, the size limit on a
+compiled pattern is 64K data units, and this is reached with the above pattern
+if the outer repetition is increased from 3 to 4. PCRE can be compiled to use
+larger internal pointers and thus handle larger compiled patterns, but it is
+better to try to rewrite your pattern to use less memory if you can.
+</P>
+<P>
+One way of reducing the memory usage for such patterns is to make use of PCRE's
+<a href="pcrepattern.html#subpatternsassubroutines">"subroutine"</a>
+facility. Re-writing the above pattern as
+<pre>
+  ((ab)(?2){0,999}c)(?1){0,2}
+</pre>
+reduces the memory requirements to 18K, and indeed it remains under 20K even
+with the outer repetition increased to 100. However, this pattern is not
+exactly equivalent, because the "subroutine" calls are treated as
+<a href="pcrepattern.html#atomicgroup">atomic groups</a>
+into which there can be no backtracking if there is a subsequent matching
+failure. Therefore, PCRE cannot do this kind of rewriting automatically.
+Furthermore, there is a noticeable loss of speed when executing the modified
+pattern. Nevertheless, if the atomic grouping is not a problem and the loss of
+speed is acceptable, this kind of rewriting will allow you to process patterns
+that PCRE cannot otherwise handle.
+</P>
+<br><b>
+STACK USAGE AT RUN TIME
+</b><br>
+<P>
+When <b>pcre_exec()</b> or <b>pcre[16|32]_exec()</b> is used for matching, certain
+kinds of pattern can cause it to use large amounts of the process stack. In
+some environments the default process stack is quite small, and if it runs out
+the result is often SIGSEGV. This issue is probably the most frequently raised
+problem with PCRE. Rewriting your pattern can often help. The
+<a href="pcrestack.html"><b>pcrestack</b></a>
+documentation discusses this issue in detail.
+</P>
+<br><b>
+PROCESSING TIME
+</b><br>
+<P>
+Certain items in regular expression patterns are processed more efficiently
+than others. It is more efficient to use a character class like [aeiou] than a
+set of single-character alternatives such as (a|e|i|o|u). In general, the
+simplest construction that provides the required behaviour is usually the most
+efficient. Jeffrey Friedl's book contains a lot of useful general discussion
+about optimizing regular expressions for efficient performance. This document
+contains a few observations about PCRE.
+</P>
+<P>
+Using Unicode character properties (the \p, \P, and \X escapes) is slow,
+because PCRE has to use a multi-stage table lookup whenever it needs a
+character's property. If you can find an alternative pattern that does not use
+character properties, it will probably be faster.
+</P>
+<P>
+By default, the escape sequences \b, \d, \s, and \w, and the POSIX
+character classes such as [:alpha:] do not use Unicode properties, partly for
+backwards compatibility, and partly for performance reasons. However, you can
+set PCRE_UCP if you want Unicode character properties to be used. This can
+double the matching time for items such as \d, when matched with
+a traditional matching function; the performance loss is less with
+a DFA matching function, and in both cases there is not much difference for
+\b.
+</P>
+<P>
+When a pattern begins with .* not in parentheses, or in parentheses that are
+not the subject of a backreference, and the PCRE_DOTALL option is set, the
+pattern is implicitly anchored by PCRE, since it can match only at the start of
+a subject string. However, if PCRE_DOTALL is not set, PCRE cannot make this
+optimization, because the . metacharacter does not then match a newline, and if
+the subject string contains newlines, the pattern may match from the character
+immediately following one of them instead of from the very start. For example,
+the pattern
+<pre>
+  .*second
+</pre>
+matches the subject "first\nand second" (where \n stands for a newline
+character), with the match starting at the seventh character. In order to do
+this, PCRE has to retry the match starting after every newline in the subject.
+</P>
+<P>
+If you are using such a pattern with subject strings that do not contain
+newlines, the best performance is obtained by setting PCRE_DOTALL, or starting
+the pattern with ^.* or ^.*? to indicate explicit anchoring. That saves PCRE
+from having to scan along the subject looking for a newline to restart at.
+</P>
+<P>
+Beware of patterns that contain nested indefinite repeats. These can take a
+long time to run when applied to a string that does not match. Consider the
+pattern fragment
+<pre>
+  ^(a+)*
+</pre>
+This can match "aaaa" in 16 different ways, and this number increases very
+rapidly as the string gets longer. (The * repeat can match 0, 1, 2, 3, or 4
+times, and for each of those cases other than 0 or 4, the + repeats can match
+different numbers of times.) When the remainder of the pattern is such that the
+entire match is going to fail, PCRE has in principle to try every possible
+variation, and this can take an extremely long time, even for relatively short
+strings.
+</P>
+<P>
+An optimization catches some of the more simple cases such as
+<pre>
+  (a+)*b
+</pre>
+where a literal character follows. Before embarking on the standard matching
+procedure, PCRE checks that there is a "b" later in the subject string, and if
+there is not, it fails the match immediately. However, when there is no
+following literal this optimization cannot be used. You can see the difference
+by comparing the behaviour of
+<pre>
+  (a+)*\d
+</pre>
+with the pattern above. The former gives a failure almost instantly when
+applied to a whole line of "a" characters, whereas the latter takes an
+appreciable time with strings longer than about 20 characters.
+</P>
+<P>
+In many cases, the solution to this kind of performance issue is to use an
+atomic group or a possessive quantifier.
+</P>
+<br><b>
+AUTHOR
+</b><br>
+<P>
+Philip Hazel
+<br>
+University Computing Service
+<br>
+Cambridge CB2 3QH, England.
+<br>
+</P>
+<br><b>
+REVISION
+</b><br>
+<P>
+Last updated: 25 August 2012
+<br>
+Copyright &copy; 1997-2012 University of Cambridge.
+<br>
+<p>
+Return to the <a href="index.html">PCRE index page</a>.
+</p>
diff --git a/client/3rd/ShadowSocks/ShadowSocks/pcre/armv7/share/doc/pcre/html/pcreposix.html b/client/3rd/ShadowSocks/ShadowSocks/pcre/armv7/share/doc/pcre/html/pcreposix.html
new file mode 100644
index 00000000..18924cf7
--- /dev/null
+++ b/client/3rd/ShadowSocks/ShadowSocks/pcre/armv7/share/doc/pcre/html/pcreposix.html
@@ -0,0 +1,290 @@
+<html>
+<head>
+<title>pcreposix specification</title>
+</head>
+<body bgcolor="#FFFFFF" text="#00005A" link="#0066FF" alink="#3399FF" vlink="#2222BB">
+<h1>pcreposix man page</h1>
+<p>
+Return to the <a href="index.html">PCRE index page</a>.
+</p>
+<p>
+This page is part of the PCRE HTML documentation. It was generated automatically
+from the original man page. If there is any nonsense in it, please consult the
+man page, in case the conversion went wrong.
+<br>
+<ul>
+<li><a name="TOC1" href="#SEC1">SYNOPSIS</a>
+<li><a name="TOC2" href="#SEC2">DESCRIPTION</a>
+<li><a name="TOC3" href="#SEC3">COMPILING A PATTERN</a>
+<li><a name="TOC4" href="#SEC4">MATCHING NEWLINE CHARACTERS</a>
+<li><a name="TOC5" href="#SEC5">MATCHING A PATTERN</a>
+<li><a name="TOC6" href="#SEC6">ERROR MESSAGES</a>
+<li><a name="TOC7" href="#SEC7">MEMORY USAGE</a>
+<li><a name="TOC8" href="#SEC8">AUTHOR</a>
+<li><a name="TOC9" href="#SEC9">REVISION</a>
+</ul>
+<br><a name="SEC1" href="#TOC1">SYNOPSIS</a><br>
+<P>
+<b>#include &#60;pcreposix.h&#62;</b>
+</P>
+<P>
+<b>int regcomp(regex_t *<i>preg</i>, const char *<i>pattern</i>,</b>
+<b>     int <i>cflags</i>);</b>
+<br>
+<br>
+<b>int regexec(regex_t *<i>preg</i>, const char *<i>string</i>,</b>
+<b>     size_t <i>nmatch</i>, regmatch_t <i>pmatch</i>[], int <i>eflags</i>);</b>
+<b>     size_t regerror(int <i>errcode</i>, const regex_t *<i>preg</i>,</b>
+<b>     char *<i>errbuf</i>, size_t <i>errbuf_size</i>);</b>
+<br>
+<br>
+<b>void regfree(regex_t *<i>preg</i>);</b>
+</P>
+<br><a name="SEC2" href="#TOC1">DESCRIPTION</a><br>
+<P>
+This set of functions provides a POSIX-style API for the PCRE regular
+expression 8-bit library. See the
+<a href="pcreapi.html"><b>pcreapi</b></a>
+documentation for a description of PCRE's native API, which contains much
+additional functionality. There is no POSIX-style wrapper for PCRE's 16-bit
+and 32-bit library.
+</P>
+<P>
+The functions described here are just wrapper functions that ultimately call
+the PCRE native API. Their prototypes are defined in the <b>pcreposix.h</b>
+header file, and on Unix systems the library itself is called
+<b>pcreposix.a</b>, so can be accessed by adding <b>-lpcreposix</b> to the
+command for linking an application that uses them. Because the POSIX functions
+call the native ones, it is also necessary to add <b>-lpcre</b>.
+</P>
+<P>
+I have implemented only those POSIX option bits that can be reasonably mapped
+to PCRE native options. In addition, the option REG_EXTENDED is defined with
+the value zero. This has no effect, but since programs that are written to the
+POSIX interface often use it, this makes it easier to slot in PCRE as a
+replacement library. Other POSIX options are not even defined.
+</P>
+<P>
+There are also some other options that are not defined by POSIX. These have
+been added at the request of users who want to make use of certain
+PCRE-specific features via the POSIX calling interface.
+</P>
+<P>
+When PCRE is called via these functions, it is only the API that is POSIX-like
+in style. The syntax and semantics of the regular expressions themselves are
+still those of Perl, subject to the setting of various PCRE options, as
+described below. "POSIX-like in style" means that the API approximates to the
+POSIX definition; it is not fully POSIX-compatible, and in multi-byte encoding
+domains it is probably even less compatible.
+</P>
+<P>
+The header for these functions is supplied as <b>pcreposix.h</b> to avoid any
+potential clash with other POSIX libraries. It can, of course, be renamed or
+aliased as <b>regex.h</b>, which is the "correct" name. It provides two
+structure types, <i>regex_t</i> for compiled internal forms, and
+<i>regmatch_t</i> for returning captured substrings. It also defines some
+constants whose names start with "REG_"; these are used for setting options and
+identifying error codes.
+</P>
+<br><a name="SEC3" href="#TOC1">COMPILING A PATTERN</a><br>
+<P>
+The function <b>regcomp()</b> is called to compile a pattern into an
+internal form. The pattern is a C string terminated by a binary zero, and
+is passed in the argument <i>pattern</i>. The <i>preg</i> argument is a pointer
+to a <b>regex_t</b> structure that is used as a base for storing information
+about the compiled regular expression.
+</P>
+<P>
+The argument <i>cflags</i> is either zero, or contains one or more of the bits
+defined by the following macros:
+<pre>
+  REG_DOTALL
+</pre>
+The PCRE_DOTALL option is set when the regular expression is passed for
+compilation to the native function. Note that REG_DOTALL is not part of the
+POSIX standard.
+<pre>
+  REG_ICASE
+</pre>
+The PCRE_CASELESS option is set when the regular expression is passed for
+compilation to the native function.
+<pre>
+  REG_NEWLINE
+</pre>
+The PCRE_MULTILINE option is set when the regular expression is passed for
+compilation to the native function. Note that this does <i>not</i> mimic the
+defined POSIX behaviour for REG_NEWLINE (see the following section).
+<pre>
+  REG_NOSUB
+</pre>
+The PCRE_NO_AUTO_CAPTURE option is set when the regular expression is passed
+for compilation to the native function. In addition, when a pattern that is
+compiled with this flag is passed to <b>regexec()</b> for matching, the
+<i>nmatch</i> and <i>pmatch</i> arguments are ignored, and no captured strings
+are returned.
+<pre>
+  REG_UCP
+</pre>
+The PCRE_UCP option is set when the regular expression is passed for
+compilation to the native function. This causes PCRE to use Unicode properties
+when matchine \d, \w, etc., instead of just recognizing ASCII values. Note
+that REG_UTF8 is not part of the POSIX standard.
+<pre>
+  REG_UNGREEDY
+</pre>
+The PCRE_UNGREEDY option is set when the regular expression is passed for
+compilation to the native function. Note that REG_UNGREEDY is not part of the
+POSIX standard.
+<pre>
+  REG_UTF8
+</pre>
+The PCRE_UTF8 option is set when the regular expression is passed for
+compilation to the native function. This causes the pattern itself and all data
+strings used for matching it to be treated as UTF-8 strings. Note that REG_UTF8
+is not part of the POSIX standard.
+</P>
+<P>
+In the absence of these flags, no options are passed to the native function.
+This means the the regex is compiled with PCRE default semantics. In
+particular, the way it handles newline characters in the subject string is the
+Perl way, not the POSIX way. Note that setting PCRE_MULTILINE has only
+<i>some</i> of the effects specified for REG_NEWLINE. It does not affect the way
+newlines are matched by . (they are not) or by a negative class such as [^a]
+(they are).
+</P>
+<P>
+The yield of <b>regcomp()</b> is zero on success, and non-zero otherwise. The
+<i>preg</i> structure is filled in on success, and one member of the structure
+is public: <i>re_nsub</i> contains the number of capturing subpatterns in
+the regular expression. Various error codes are defined in the header file.
+</P>
+<P>
+NOTE: If the yield of <b>regcomp()</b> is non-zero, you must not attempt to
+use the contents of the <i>preg</i> structure. If, for example, you pass it to
+<b>regexec()</b>, the result is undefined and your program is likely to crash.
+</P>
+<br><a name="SEC4" href="#TOC1">MATCHING NEWLINE CHARACTERS</a><br>
+<P>
+This area is not simple, because POSIX and Perl take different views of things.
+It is not possible to get PCRE to obey POSIX semantics, but then PCRE was never
+intended to be a POSIX engine. The following table lists the different
+possibilities for matching newline characters in PCRE:
+<pre>
+                          Default   Change with
+
+  . matches newline          no     PCRE_DOTALL
+  newline matches [^a]       yes    not changeable
+  $ matches \n at end        yes    PCRE_DOLLARENDONLY
+  $ matches \n in middle     no     PCRE_MULTILINE
+  ^ matches \n in middle     no     PCRE_MULTILINE
+</pre>
+This is the equivalent table for POSIX:
+<pre>
+                          Default   Change with
+
+  . matches newline          yes    REG_NEWLINE
+  newline matches [^a]       yes    REG_NEWLINE
+  $ matches \n at end        no     REG_NEWLINE
+  $ matches \n in middle     no     REG_NEWLINE
+  ^ matches \n in middle     no     REG_NEWLINE
+</pre>
+PCRE's behaviour is the same as Perl's, except that there is no equivalent for
+PCRE_DOLLAR_ENDONLY in Perl. In both PCRE and Perl, there is no way to stop
+newline from matching [^a].
+</P>
+<P>
+The default POSIX newline handling can be obtained by setting PCRE_DOTALL and
+PCRE_DOLLAR_ENDONLY, but there is no way to make PCRE behave exactly as for the
+REG_NEWLINE action.
+</P>
+<br><a name="SEC5" href="#TOC1">MATCHING A PATTERN</a><br>
+<P>
+The function <b>regexec()</b> is called to match a compiled pattern <i>preg</i>
+against a given <i>string</i>, which is by default terminated by a zero byte
+(but see REG_STARTEND below), subject to the options in <i>eflags</i>. These can
+be:
+<pre>
+  REG_NOTBOL
+</pre>
+The PCRE_NOTBOL option is set when calling the underlying PCRE matching
+function.
+<pre>
+  REG_NOTEMPTY
+</pre>
+The PCRE_NOTEMPTY option is set when calling the underlying PCRE matching
+function. Note that REG_NOTEMPTY is not part of the POSIX standard. However,
+setting this option can give more POSIX-like behaviour in some situations.
+<pre>
+  REG_NOTEOL
+</pre>
+The PCRE_NOTEOL option is set when calling the underlying PCRE matching
+function.
+<pre>
+  REG_STARTEND
+</pre>
+The string is considered to start at <i>string</i> + <i>pmatch[0].rm_so</i> and
+to have a terminating NUL located at <i>string</i> + <i>pmatch[0].rm_eo</i>
+(there need not actually be a NUL at that location), regardless of the value of
+<i>nmatch</i>. This is a BSD extension, compatible with but not specified by
+IEEE Standard 1003.2 (POSIX.2), and should be used with caution in software
+intended to be portable to other systems. Note that a non-zero <i>rm_so</i> does
+not imply REG_NOTBOL; REG_STARTEND affects only the location of the string, not
+how it is matched.
+</P>
+<P>
+If the pattern was compiled with the REG_NOSUB flag, no data about any matched
+strings is returned. The <i>nmatch</i> and <i>pmatch</i> arguments of
+<b>regexec()</b> are ignored.
+</P>
+<P>
+If the value of <i>nmatch</i> is zero, or if the value <i>pmatch</i> is NULL,
+no data about any matched strings is returned.
+</P>
+<P>
+Otherwise,the portion of the string that was matched, and also any captured
+substrings, are returned via the <i>pmatch</i> argument, which points to an
+array of <i>nmatch</i> structures of type <i>regmatch_t</i>, containing the
+members <i>rm_so</i> and <i>rm_eo</i>. These contain the offset to the first
+character of each substring and the offset to the first character after the end
+of each substring, respectively. The 0th element of the vector relates to the
+entire portion of <i>string</i> that was matched; subsequent elements relate to
+the capturing subpatterns of the regular expression. Unused entries in the
+array have both structure members set to -1.
+</P>
+<P>
+A successful match yields a zero return; various error codes are defined in the
+header file, of which REG_NOMATCH is the "expected" failure code.
+</P>
+<br><a name="SEC6" href="#TOC1">ERROR MESSAGES</a><br>
+<P>
+The <b>regerror()</b> function maps a non-zero errorcode from either
+<b>regcomp()</b> or <b>regexec()</b> to a printable message. If <i>preg</i> is not
+NULL, the error should have arisen from the use of that structure. A message
+terminated by a binary zero is placed in <i>errbuf</i>. The length of the
+message, including the zero, is limited to <i>errbuf_size</i>. The yield of the
+function is the size of buffer needed to hold the whole message.
+</P>
+<br><a name="SEC7" href="#TOC1">MEMORY USAGE</a><br>
+<P>
+Compiling a regular expression causes memory to be allocated and associated
+with the <i>preg</i> structure. The function <b>regfree()</b> frees all such
+memory, after which <i>preg</i> may no longer be used as a compiled expression.
+</P>
+<br><a name="SEC8" href="#TOC1">AUTHOR</a><br>
+<P>
+Philip Hazel
+<br>
+University Computing Service
+<br>
+Cambridge CB2 3QH, England.
+<br>
+</P>
+<br><a name="SEC9" href="#TOC1">REVISION</a><br>
+<P>
+Last updated: 09 January 2012
+<br>
+Copyright &copy; 1997-2012 University of Cambridge.
+<br>
+<p>
+Return to the <a href="index.html">PCRE index page</a>.
+</p>
diff --git a/client/3rd/ShadowSocks/ShadowSocks/pcre/armv7/share/doc/pcre/html/pcreprecompile.html b/client/3rd/ShadowSocks/ShadowSocks/pcre/armv7/share/doc/pcre/html/pcreprecompile.html
new file mode 100644
index 00000000..decb1d6c
--- /dev/null
+++ b/client/3rd/ShadowSocks/ShadowSocks/pcre/armv7/share/doc/pcre/html/pcreprecompile.html
@@ -0,0 +1,163 @@
+<html>
+<head>
+<title>pcreprecompile specification</title>
+</head>
+<body bgcolor="#FFFFFF" text="#00005A" link="#0066FF" alink="#3399FF" vlink="#2222BB">
+<h1>pcreprecompile man page</h1>
+<p>
+Return to the <a href="index.html">PCRE index page</a>.
+</p>
+<p>
+This page is part of the PCRE HTML documentation. It was generated automatically
+from the original man page. If there is any nonsense in it, please consult the
+man page, in case the conversion went wrong.
+<br>
+<ul>
+<li><a name="TOC1" href="#SEC1">SAVING AND RE-USING PRECOMPILED PCRE PATTERNS</a>
+<li><a name="TOC2" href="#SEC2">SAVING A COMPILED PATTERN</a>
+<li><a name="TOC3" href="#SEC3">RE-USING A PRECOMPILED PATTERN</a>
+<li><a name="TOC4" href="#SEC4">COMPATIBILITY WITH DIFFERENT PCRE RELEASES</a>
+<li><a name="TOC5" href="#SEC5">AUTHOR</a>
+<li><a name="TOC6" href="#SEC6">REVISION</a>
+</ul>
+<br><a name="SEC1" href="#TOC1">SAVING AND RE-USING PRECOMPILED PCRE PATTERNS</a><br>
+<P>
+If you are running an application that uses a large number of regular
+expression patterns, it may be useful to store them in a precompiled form
+instead of having to compile them every time the application is run.
+If you are not using any private character tables (see the
+<a href="pcre_maketables.html"><b>pcre_maketables()</b></a>
+documentation), this is relatively straightforward. If you are using private
+tables, it is a little bit more complicated. However, if you are using the
+just-in-time optimization feature, it is not possible to save and reload the
+JIT data.
+</P>
+<P>
+If you save compiled patterns to a file, you can copy them to a different host
+and run them there. If the two hosts have different endianness (byte order),
+you should run the <b>pcre[16|32]_pattern_to_host_byte_order()</b> function on the
+new host before trying to match the pattern. The matching functions return
+PCRE_ERROR_BADENDIANNESS if they detect a pattern with the wrong endianness.
+</P>
+<P>
+Compiling regular expressions with one version of PCRE for use with a different
+version is not guaranteed to work and may cause crashes, and saving and
+restoring a compiled pattern loses any JIT optimization data.
+</P>
+<br><a name="SEC2" href="#TOC1">SAVING A COMPILED PATTERN</a><br>
+<P>
+The value returned by <b>pcre[16|32]_compile()</b> points to a single block of
+memory that holds the compiled pattern and associated data. You can find the
+length of this block in bytes by calling <b>pcre[16|32]_fullinfo()</b> with an
+argument of PCRE_INFO_SIZE. You can then save the data in any appropriate
+manner. Here is sample code for the 8-bit library that compiles a pattern and
+writes it to a file. It assumes that the variable <i>fd</i> refers to a file
+that is open for output:
+<pre>
+  int erroroffset, rc, size;
+  char *error;
+  pcre *re;
+
+  re = pcre_compile("my pattern", 0, &error, &erroroffset, NULL);
+  if (re == NULL) { ... handle errors ... }
+  rc = pcre_fullinfo(re, NULL, PCRE_INFO_SIZE, &size);
+  if (rc &#60; 0) { ... handle errors ... }
+  rc = fwrite(re, 1, size, fd);
+  if (rc != size) { ... handle errors ... }
+</pre>
+In this example, the bytes that comprise the compiled pattern are copied
+exactly. Note that this is binary data that may contain any of the 256 possible
+byte values. On systems that make a distinction between binary and non-binary
+data, be sure that the file is opened for binary output.
+</P>
+<P>
+If you want to write more than one pattern to a file, you will have to devise a
+way of separating them. For binary data, preceding each pattern with its length
+is probably the most straightforward approach. Another possibility is to write
+out the data in hexadecimal instead of binary, one pattern to a line.
+</P>
+<P>
+Saving compiled patterns in a file is only one possible way of storing them for
+later use. They could equally well be saved in a database, or in the memory of
+some daemon process that passes them via sockets to the processes that want
+them.
+</P>
+<P>
+If the pattern has been studied, it is also possible to save the normal study
+data in a similar way to the compiled pattern itself. However, if the
+PCRE_STUDY_JIT_COMPILE was used, the just-in-time data that is created cannot
+be saved because it is too dependent on the current environment. When studying
+generates additional information, <b>pcre[16|32]_study()</b> returns a pointer to a
+<b>pcre[16|32]_extra</b> data block. Its format is defined in the
+<a href="pcreapi.html#extradata">section on matching a pattern</a>
+in the
+<a href="pcreapi.html"><b>pcreapi</b></a>
+documentation. The <i>study_data</i> field points to the binary study data, and
+this is what you must save (not the <b>pcre[16|32]_extra</b> block itself). The
+length of the study data can be obtained by calling <b>pcre[16|32]_fullinfo()</b>
+with an argument of PCRE_INFO_STUDYSIZE. Remember to check that
+<b>pcre[16|32]_study()</b> did return a non-NULL value before trying to save the
+study data.
+</P>
+<br><a name="SEC3" href="#TOC1">RE-USING A PRECOMPILED PATTERN</a><br>
+<P>
+Re-using a precompiled pattern is straightforward. Having reloaded it into main
+memory, called <b>pcre[16|32]_pattern_to_host_byte_order()</b> if necessary, you
+pass its pointer to <b>pcre[16|32]_exec()</b> or <b>pcre[16|32]_dfa_exec()</b> in
+the usual way.
+</P>
+<P>
+However, if you passed a pointer to custom character tables when the pattern
+was compiled (the <i>tableptr</i> argument of <b>pcre[16|32]_compile()</b>), you
+must now pass a similar pointer to <b>pcre[16|32]_exec()</b> or
+<b>pcre[16|32]_dfa_exec()</b>, because the value saved with the compiled pattern
+will obviously be nonsense. A field in a <b>pcre[16|32]_extra()</b> block is used
+to pass this data, as described in the
+<a href="pcreapi.html#extradata">section on matching a pattern</a>
+in the
+<a href="pcreapi.html"><b>pcreapi</b></a>
+documentation.
+</P>
+<P>
+<b>Warning:</b> The tables that <b>pcre_exec()</b> and <b>pcre_dfa_exec()</b> use
+must be the same as those that were used when the pattern was compiled. If this
+is not the case, the behaviour is undefined.
+</P>
+<P>
+If you did not provide custom character tables when the pattern was compiled,
+the pointer in the compiled pattern is NULL, which causes the matching
+functions to use PCRE's internal tables. Thus, you do not need to take any
+special action at run time in this case.
+</P>
+<P>
+If you saved study data with the compiled pattern, you need to create your own
+<b>pcre[16|32]_extra</b> data block and set the <i>study_data</i> field to point
+to the reloaded study data. You must also set the PCRE_EXTRA_STUDY_DATA bit in
+the <i>flags</i> field to indicate that study data is present. Then pass the
+<b>pcre[16|32]_extra</b> block to the matching function in the usual way. If the
+pattern was studied for just-in-time optimization, that data cannot be saved,
+and so is lost by a save/restore cycle.
+</P>
+<br><a name="SEC4" href="#TOC1">COMPATIBILITY WITH DIFFERENT PCRE RELEASES</a><br>
+<P>
+In general, it is safest to recompile all saved patterns when you update to a
+new PCRE release, though not all updates actually require this.
+</P>
+<br><a name="SEC5" href="#TOC1">AUTHOR</a><br>
+<P>
+Philip Hazel
+<br>
+University Computing Service
+<br>
+Cambridge CB2 3QH, England.
+<br>
+</P>
+<br><a name="SEC6" href="#TOC1">REVISION</a><br>
+<P>
+Last updated: 12 November 2013
+<br>
+Copyright &copy; 1997-2013 University of Cambridge.
+<br>
+<p>
+Return to the <a href="index.html">PCRE index page</a>.
+</p>
diff --git a/client/3rd/ShadowSocks/ShadowSocks/pcre/armv7/share/doc/pcre/html/pcresample.html b/client/3rd/ShadowSocks/ShadowSocks/pcre/armv7/share/doc/pcre/html/pcresample.html
new file mode 100644
index 00000000..aca9184e
--- /dev/null
+++ b/client/3rd/ShadowSocks/ShadowSocks/pcre/armv7/share/doc/pcre/html/pcresample.html
@@ -0,0 +1,110 @@
+<html>
+<head>
+<title>pcresample specification</title>
+</head>
+<body bgcolor="#FFFFFF" text="#00005A" link="#0066FF" alink="#3399FF" vlink="#2222BB">
+<h1>pcresample man page</h1>
+<p>
+Return to the <a href="index.html">PCRE index page</a>.
+</p>
+<p>
+This page is part of the PCRE HTML documentation. It was generated automatically
+from the original man page. If there is any nonsense in it, please consult the
+man page, in case the conversion went wrong.
+<br>
+<br><b>
+PCRE SAMPLE PROGRAM
+</b><br>
+<P>
+A simple, complete demonstration program, to get you started with using PCRE,
+is supplied in the file <i>pcredemo.c</i> in the PCRE distribution. A listing of
+this program is given in the
+<a href="pcredemo.html"><b>pcredemo</b></a>
+documentation. If you do not have a copy of the PCRE distribution, you can save
+this listing to re-create <i>pcredemo.c</i>.
+</P>
+<P>
+The demonstration program, which uses the original PCRE 8-bit library, compiles
+the regular expression that is its first argument, and matches it against the
+subject string in its second argument. No PCRE options are set, and default
+character tables are used. If matching succeeds, the program outputs the
+portion of the subject that matched, together with the contents of any captured
+substrings.
+</P>
+<P>
+If the -g option is given on the command line, the program then goes on to
+check for further matches of the same regular expression in the same subject
+string. The logic is a little bit tricky because of the possibility of matching
+an empty string. Comments in the code explain what is going on.
+</P>
+<P>
+If PCRE is installed in the standard include and library directories for your
+operating system, you should be able to compile the demonstration program using
+this command:
+<pre>
+  gcc -o pcredemo pcredemo.c -lpcre
+</pre>
+If PCRE is installed elsewhere, you may need to add additional options to the
+command line. For example, on a Unix-like system that has PCRE installed in
+<i>/usr/local</i>, you can compile the demonstration program using a command
+like this:
+<pre>
+  gcc -o pcredemo -I/usr/local/include pcredemo.c -L/usr/local/lib -lpcre
+</pre>
+In a Windows environment, if you want to statically link the program against a
+non-dll <b>pcre.a</b> file, you must uncomment the line that defines PCRE_STATIC
+before including <b>pcre.h</b>, because otherwise the <b>pcre_malloc()</b> and
+<b>pcre_free()</b> exported functions will be declared
+<b>__declspec(dllimport)</b>, with unwanted results.
+</P>
+<P>
+Once you have compiled and linked the demonstration program, you can run simple
+tests like this:
+<pre>
+  ./pcredemo 'cat|dog' 'the cat sat on the mat'
+  ./pcredemo -g 'cat|dog' 'the dog sat on the cat'
+</pre>
+Note that there is a much more comprehensive test program, called
+<a href="pcretest.html"><b>pcretest</b>,</a>
+which supports many more facilities for testing regular expressions and both
+PCRE libraries. The
+<a href="pcredemo.html"><b>pcredemo</b></a>
+program is provided as a simple coding example.
+</P>
+<P>
+If you try to run
+<a href="pcredemo.html"><b>pcredemo</b></a>
+when PCRE is not installed in the standard library directory, you may get an
+error like this on some operating systems (e.g. Solaris):
+<pre>
+  ld.so.1: a.out: fatal: libpcre.so.0: open failed: No such file or directory
+</pre>
+This is caused by the way shared library support works on those systems. You
+need to add
+<pre>
+  -R/usr/local/lib
+</pre>
+(for example) to the compile command to get round this problem.
+</P>
+<br><b>
+AUTHOR
+</b><br>
+<P>
+Philip Hazel
+<br>
+University Computing Service
+<br>
+Cambridge CB2 3QH, England.
+<br>
+</P>
+<br><b>
+REVISION
+</b><br>
+<P>
+Last updated: 10 January 2012
+<br>
+Copyright &copy; 1997-2012 University of Cambridge.
+<br>
+<p>
+Return to the <a href="index.html">PCRE index page</a>.
+</p>
diff --git a/client/3rd/ShadowSocks/ShadowSocks/pcre/armv7/share/doc/pcre/html/pcrestack.html b/client/3rd/ShadowSocks/ShadowSocks/pcre/armv7/share/doc/pcre/html/pcrestack.html
new file mode 100644
index 00000000..af6406d0
--- /dev/null
+++ b/client/3rd/ShadowSocks/ShadowSocks/pcre/armv7/share/doc/pcre/html/pcrestack.html
@@ -0,0 +1,225 @@
+<html>
+<head>
+<title>pcrestack specification</title>
+</head>
+<body bgcolor="#FFFFFF" text="#00005A" link="#0066FF" alink="#3399FF" vlink="#2222BB">
+<h1>pcrestack man page</h1>
+<p>
+Return to the <a href="index.html">PCRE index page</a>.
+</p>
+<p>
+This page is part of the PCRE HTML documentation. It was generated automatically
+from the original man page. If there is any nonsense in it, please consult the
+man page, in case the conversion went wrong.
+<br>
+<br><b>
+PCRE DISCUSSION OF STACK USAGE
+</b><br>
+<P>
+When you call <b>pcre[16|32]_exec()</b>, it makes use of an internal function
+called <b>match()</b>. This calls itself recursively at branch points in the
+pattern, in order to remember the state of the match so that it can back up and
+try a different alternative if the first one fails. As matching proceeds deeper
+and deeper into the tree of possibilities, the recursion depth increases. The
+<b>match()</b> function is also called in other circumstances, for example,
+whenever a parenthesized sub-pattern is entered, and in certain cases of
+repetition.
+</P>
+<P>
+Not all calls of <b>match()</b> increase the recursion depth; for an item such
+as a* it may be called several times at the same level, after matching
+different numbers of a's. Furthermore, in a number of cases where the result of
+the recursive call would immediately be passed back as the result of the
+current call (a "tail recursion"), the function is just restarted instead.
+</P>
+<P>
+The above comments apply when <b>pcre[16|32]_exec()</b> is run in its normal
+interpretive manner. If the pattern was studied with the
+PCRE_STUDY_JIT_COMPILE option, and just-in-time compiling was successful, and
+the options passed to <b>pcre[16|32]_exec()</b> were not incompatible, the matching
+process uses the JIT-compiled code instead of the <b>match()</b> function. In
+this case, the memory requirements are handled entirely differently. See the
+<a href="pcrejit.html"><b>pcrejit</b></a>
+documentation for details.
+</P>
+<P>
+The <b>pcre[16|32]_dfa_exec()</b> function operates in an entirely different way,
+and uses recursion only when there is a regular expression recursion or
+subroutine call in the pattern. This includes the processing of assertion and
+"once-only" subpatterns, which are handled like subroutine calls. Normally,
+these are never very deep, and the limit on the complexity of
+<b>pcre[16|32]_dfa_exec()</b> is controlled by the amount of workspace it is given.
+However, it is possible to write patterns with runaway infinite recursions;
+such patterns will cause <b>pcre[16|32]_dfa_exec()</b> to run out of stack. At
+present, there is no protection against this.
+</P>
+<P>
+The comments that follow do NOT apply to <b>pcre[16|32]_dfa_exec()</b>; they are
+relevant only for <b>pcre[16|32]_exec()</b> without the JIT optimization.
+</P>
+<br><b>
+Reducing <b>pcre[16|32]_exec()</b>'s stack usage
+</b><br>
+<P>
+Each time that <b>match()</b> is actually called recursively, it uses memory
+from the process stack. For certain kinds of pattern and data, very large
+amounts of stack may be needed, despite the recognition of "tail recursion".
+You can often reduce the amount of recursion, and therefore the amount of stack
+used, by modifying the pattern that is being matched. Consider, for example,
+this pattern:
+<pre>
+  ([^&#60;]|&#60;(?!inet))+
+</pre>
+It matches from wherever it starts until it encounters "&#60;inet" or the end of
+the data, and is the kind of pattern that might be used when processing an XML
+file. Each iteration of the outer parentheses matches either one character that
+is not "&#60;" or a "&#60;" that is not followed by "inet". However, each time a
+parenthesis is processed, a recursion occurs, so this formulation uses a stack
+frame for each matched character. For a long string, a lot of stack is
+required. Consider now this rewritten pattern, which matches exactly the same
+strings:
+<pre>
+  ([^&#60;]++|&#60;(?!inet))+
+</pre>
+This uses very much less stack, because runs of characters that do not contain
+"&#60;" are "swallowed" in one item inside the parentheses. Recursion happens only
+when a "&#60;" character that is not followed by "inet" is encountered (and we
+assume this is relatively rare). A possessive quantifier is used to stop any
+backtracking into the runs of non-"&#60;" characters, but that is not related to
+stack usage.
+</P>
+<P>
+This example shows that one way of avoiding stack problems when matching long
+subject strings is to write repeated parenthesized subpatterns to match more
+than one character whenever possible.
+</P>
+<br><b>
+Compiling PCRE to use heap instead of stack for <b>pcre[16|32]_exec()</b>
+</b><br>
+<P>
+In environments where stack memory is constrained, you might want to compile
+PCRE to use heap memory instead of stack for remembering back-up points when
+<b>pcre[16|32]_exec()</b> is running. This makes it run a lot more slowly, however.
+Details of how to do this are given in the
+<a href="pcrebuild.html"><b>pcrebuild</b></a>
+documentation. When built in this way, instead of using the stack, PCRE obtains
+and frees memory by calling the functions that are pointed to by the
+<b>pcre[16|32]_stack_malloc</b> and <b>pcre[16|32]_stack_free</b> variables. By
+default, these point to <b>malloc()</b> and <b>free()</b>, but you can replace
+the pointers to cause PCRE to use your own functions. Since the block sizes are
+always the same, and are always freed in reverse order, it may be possible to
+implement customized memory handlers that are more efficient than the standard
+functions.
+</P>
+<br><b>
+Limiting <b>pcre[16|32]_exec()</b>'s stack usage
+</b><br>
+<P>
+You can set limits on the number of times that <b>match()</b> is called, both in
+total and recursively. If a limit is exceeded, <b>pcre[16|32]_exec()</b> returns an
+error code. Setting suitable limits should prevent it from running out of
+stack. The default values of the limits are very large, and unlikely ever to
+operate. They can be changed when PCRE is built, and they can also be set when
+<b>pcre[16|32]_exec()</b> is called. For details of these interfaces, see the
+<a href="pcrebuild.html"><b>pcrebuild</b></a>
+documentation and the
+<a href="pcreapi.html#extradata">section on extra data for <b>pcre[16|32]_exec()</b></a>
+in the
+<a href="pcreapi.html"><b>pcreapi</b></a>
+documentation.
+</P>
+<P>
+As a very rough rule of thumb, you should reckon on about 500 bytes per
+recursion. Thus, if you want to limit your stack usage to 8Mb, you should set
+the limit at 16000 recursions. A 64Mb stack, on the other hand, can support
+around 128000 recursions.
+</P>
+<P>
+In Unix-like environments, the <b>pcretest</b> test program has a command line
+option (<b>-S</b>) that can be used to increase the size of its stack. As long
+as the stack is large enough, another option (<b>-M</b>) can be used to find the
+smallest limits that allow a particular pattern to match a given subject
+string. This is done by calling <b>pcre[16|32]_exec()</b> repeatedly with different
+limits.
+</P>
+<br><b>
+Obtaining an estimate of stack usage
+</b><br>
+<P>
+The actual amount of stack used per recursion can vary quite a lot, depending
+on the compiler that was used to build PCRE and the optimization or debugging
+options that were set for it. The rule of thumb value of 500 bytes mentioned
+above may be larger or smaller than what is actually needed. A better
+approximation can be obtained by running this command:
+<pre>
+  pcretest -m -C
+</pre>
+The <b>-C</b> option causes <b>pcretest</b> to output information about the
+options with which PCRE was compiled. When <b>-m</b> is also given (before
+<b>-C</b>), information about stack use is given in a line like this:
+<pre>
+  Match recursion uses stack: approximate frame size = 640 bytes
+</pre>
+The value is approximate because some recursions need a bit more (up to perhaps
+16 more bytes).
+</P>
+<P>
+If the above command is given when PCRE is compiled to use the heap instead of
+the stack for recursion, the value that is output is the size of each block
+that is obtained from the heap.
+</P>
+<br><b>
+Changing stack size in Unix-like systems
+</b><br>
+<P>
+In Unix-like environments, there is not often a problem with the stack unless
+very long strings are involved, though the default limit on stack size varies
+from system to system. Values from 8Mb to 64Mb are common. You can find your
+default limit by running the command:
+<pre>
+  ulimit -s
+</pre>
+Unfortunately, the effect of running out of stack is often SIGSEGV, though
+sometimes a more explicit error message is given. You can normally increase the
+limit on stack size by code such as this:
+<pre>
+  struct rlimit rlim;
+  getrlimit(RLIMIT_STACK, &rlim);
+  rlim.rlim_cur = 100*1024*1024;
+  setrlimit(RLIMIT_STACK, &rlim);
+</pre>
+This reads the current limits (soft and hard) using <b>getrlimit()</b>, then
+attempts to increase the soft limit to 100Mb using <b>setrlimit()</b>. You must
+do this before calling <b>pcre[16|32]_exec()</b>.
+</P>
+<br><b>
+Changing stack size in Mac OS X
+</b><br>
+<P>
+Using <b>setrlimit()</b>, as described above, should also work on Mac OS X. It
+is also possible to set a stack size when linking a program. There is a
+discussion about stack sizes in Mac OS X at this web site:
+<a href="http://developer.apple.com/qa/qa2005/qa1419.html">http://developer.apple.com/qa/qa2005/qa1419.html.</a>
+</P>
+<br><b>
+AUTHOR
+</b><br>
+<P>
+Philip Hazel
+<br>
+University Computing Service
+<br>
+Cambridge CB2 3QH, England.
+<br>
+</P>
+<br><b>
+REVISION
+</b><br>
+<P>
+Last updated: 24 June 2012
+<br>
+Copyright &copy; 1997-2012 University of Cambridge.
+<br>
+<p>
+Return to the <a href="index.html">PCRE index page</a>.
+</p>
diff --git a/client/3rd/ShadowSocks/ShadowSocks/pcre/armv7/share/doc/pcre/html/pcresyntax.html b/client/3rd/ShadowSocks/ShadowSocks/pcre/armv7/share/doc/pcre/html/pcresyntax.html
new file mode 100644
index 00000000..5896b9e0
--- /dev/null
+++ b/client/3rd/ShadowSocks/ShadowSocks/pcre/armv7/share/doc/pcre/html/pcresyntax.html
@@ -0,0 +1,561 @@
+<html>
+<head>
+<title>pcresyntax specification</title>
+</head>
+<body bgcolor="#FFFFFF" text="#00005A" link="#0066FF" alink="#3399FF" vlink="#2222BB">
+<h1>pcresyntax man page</h1>
+<p>
+Return to the <a href="index.html">PCRE index page</a>.
+</p>
+<p>
+This page is part of the PCRE HTML documentation. It was generated automatically
+from the original man page. If there is any nonsense in it, please consult the
+man page, in case the conversion went wrong.
+<br>
+<ul>
+<li><a name="TOC1" href="#SEC1">PCRE REGULAR EXPRESSION SYNTAX SUMMARY</a>
+<li><a name="TOC2" href="#SEC2">QUOTING</a>
+<li><a name="TOC3" href="#SEC3">CHARACTERS</a>
+<li><a name="TOC4" href="#SEC4">CHARACTER TYPES</a>
+<li><a name="TOC5" href="#SEC5">GENERAL CATEGORY PROPERTIES FOR \p and \P</a>
+<li><a name="TOC6" href="#SEC6">PCRE SPECIAL CATEGORY PROPERTIES FOR \p and \P</a>
+<li><a name="TOC7" href="#SEC7">SCRIPT NAMES FOR \p AND \P</a>
+<li><a name="TOC8" href="#SEC8">CHARACTER CLASSES</a>
+<li><a name="TOC9" href="#SEC9">QUANTIFIERS</a>
+<li><a name="TOC10" href="#SEC10">ANCHORS AND SIMPLE ASSERTIONS</a>
+<li><a name="TOC11" href="#SEC11">MATCH POINT RESET</a>
+<li><a name="TOC12" href="#SEC12">ALTERNATION</a>
+<li><a name="TOC13" href="#SEC13">CAPTURING</a>
+<li><a name="TOC14" href="#SEC14">ATOMIC GROUPS</a>
+<li><a name="TOC15" href="#SEC15">COMMENT</a>
+<li><a name="TOC16" href="#SEC16">OPTION SETTING</a>
+<li><a name="TOC17" href="#SEC17">NEWLINE CONVENTION</a>
+<li><a name="TOC18" href="#SEC18">WHAT \R MATCHES</a>
+<li><a name="TOC19" href="#SEC19">LOOKAHEAD AND LOOKBEHIND ASSERTIONS</a>
+<li><a name="TOC20" href="#SEC20">BACKREFERENCES</a>
+<li><a name="TOC21" href="#SEC21">SUBROUTINE REFERENCES (POSSIBLY RECURSIVE)</a>
+<li><a name="TOC22" href="#SEC22">CONDITIONAL PATTERNS</a>
+<li><a name="TOC23" href="#SEC23">BACKTRACKING CONTROL</a>
+<li><a name="TOC24" href="#SEC24">CALLOUTS</a>
+<li><a name="TOC25" href="#SEC25">SEE ALSO</a>
+<li><a name="TOC26" href="#SEC26">AUTHOR</a>
+<li><a name="TOC27" href="#SEC27">REVISION</a>
+</ul>
+<br><a name="SEC1" href="#TOC1">PCRE REGULAR EXPRESSION SYNTAX SUMMARY</a><br>
+<P>
+The full syntax and semantics of the regular expressions that are supported by
+PCRE are described in the
+<a href="pcrepattern.html"><b>pcrepattern</b></a>
+documentation. This document contains a quick-reference summary of the syntax.
+</P>
+<br><a name="SEC2" href="#TOC1">QUOTING</a><br>
+<P>
+<pre>
+  \x         where x is non-alphanumeric is a literal x
+  \Q...\E    treat enclosed characters as literal
+</PRE>
+</P>
+<br><a name="SEC3" href="#TOC1">CHARACTERS</a><br>
+<P>
+<pre>
+  \a         alarm, that is, the BEL character (hex 07)
+  \cx        "control-x", where x is any ASCII character
+  \e         escape (hex 1B)
+  \f         form feed (hex 0C)
+  \n         newline (hex 0A)
+  \r         carriage return (hex 0D)
+  \t         tab (hex 09)
+  \0dd       character with octal code 0dd
+  \ddd       character with octal code ddd, or backreference
+  \o{ddd..}  character with octal code ddd..
+  \xhh       character with hex code hh
+  \x{hhh..}  character with hex code hhh..
+</pre>
+Note that \0dd is always an octal code, and that \8 and \9 are the literal
+characters "8" and "9".
+</P>
+<br><a name="SEC4" href="#TOC1">CHARACTER TYPES</a><br>
+<P>
+<pre>
+  .          any character except newline;
+               in dotall mode, any character whatsoever
+  \C         one data unit, even in UTF mode (best avoided)
+  \d         a decimal digit
+  \D         a character that is not a decimal digit
+  \h         a horizontal white space character
+  \H         a character that is not a horizontal white space character
+  \N         a character that is not a newline
+  \p{<i>xx</i>}     a character with the <i>xx</i> property
+  \P{<i>xx</i>}     a character without the <i>xx</i> property
+  \R         a newline sequence
+  \s         a white space character
+  \S         a character that is not a white space character
+  \v         a vertical white space character
+  \V         a character that is not a vertical white space character
+  \w         a "word" character
+  \W         a "non-word" character
+  \X         a Unicode extended grapheme cluster
+</pre>
+By default, \d, \s, and \w match only ASCII characters, even in UTF-8 mode
+or in the 16- bit and 32-bit libraries. However, if locale-specific matching is
+happening, \s and \w may also match characters with code points in the range
+128-255. If the PCRE_UCP option is set, the behaviour of these escape sequences
+is changed to use Unicode properties and they match many more characters.
+</P>
+<br><a name="SEC5" href="#TOC1">GENERAL CATEGORY PROPERTIES FOR \p and \P</a><br>
+<P>
+<pre>
+  C          Other
+  Cc         Control
+  Cf         Format
+  Cn         Unassigned
+  Co         Private use
+  Cs         Surrogate
+
+  L          Letter
+  Ll         Lower case letter
+  Lm         Modifier letter
+  Lo         Other letter
+  Lt         Title case letter
+  Lu         Upper case letter
+  L&         Ll, Lu, or Lt
+
+  M          Mark
+  Mc         Spacing mark
+  Me         Enclosing mark
+  Mn         Non-spacing mark
+
+  N          Number
+  Nd         Decimal number
+  Nl         Letter number
+  No         Other number
+
+  P          Punctuation
+  Pc         Connector punctuation
+  Pd         Dash punctuation
+  Pe         Close punctuation
+  Pf         Final punctuation
+  Pi         Initial punctuation
+  Po         Other punctuation
+  Ps         Open punctuation
+
+  S          Symbol
+  Sc         Currency symbol
+  Sk         Modifier symbol
+  Sm         Mathematical symbol
+  So         Other symbol
+
+  Z          Separator
+  Zl         Line separator
+  Zp         Paragraph separator
+  Zs         Space separator
+</PRE>
+</P>
+<br><a name="SEC6" href="#TOC1">PCRE SPECIAL CATEGORY PROPERTIES FOR \p and \P</a><br>
+<P>
+<pre>
+  Xan        Alphanumeric: union of properties L and N
+  Xps        POSIX space: property Z or tab, NL, VT, FF, CR
+  Xsp        Perl space: property Z or tab, NL, VT, FF, CR
+  Xuc        Univerally-named character: one that can be
+               represented by a Universal Character Name
+  Xwd        Perl word: property Xan or underscore
+</pre>
+Perl and POSIX space are now the same. Perl added VT to its space character set
+at release 5.18 and PCRE changed at release 8.34.
+</P>
+<br><a name="SEC7" href="#TOC1">SCRIPT NAMES FOR \p AND \P</a><br>
+<P>
+Arabic,
+Armenian,
+Avestan,
+Balinese,
+Bamum,
+Bassa_Vah,
+Batak,
+Bengali,
+Bopomofo,
+Brahmi,
+Braille,
+Buginese,
+Buhid,
+Canadian_Aboriginal,
+Carian,
+Caucasian_Albanian,
+Chakma,
+Cham,
+Cherokee,
+Common,
+Coptic,
+Cuneiform,
+Cypriot,
+Cyrillic,
+Deseret,
+Devanagari,
+Duployan,
+Egyptian_Hieroglyphs,
+Elbasan,
+Ethiopic,
+Georgian,
+Glagolitic,
+Gothic,
+Grantha,
+Greek,
+Gujarati,
+Gurmukhi,
+Han,
+Hangul,
+Hanunoo,
+Hebrew,
+Hiragana,
+Imperial_Aramaic,
+Inherited,
+Inscriptional_Pahlavi,
+Inscriptional_Parthian,
+Javanese,
+Kaithi,
+Kannada,
+Katakana,
+Kayah_Li,
+Kharoshthi,
+Khmer,
+Khojki,
+Khudawadi,
+Lao,
+Latin,
+Lepcha,
+Limbu,
+Linear_A,
+Linear_B,
+Lisu,
+Lycian,
+Lydian,
+Mahajani,
+Malayalam,
+Mandaic,
+Manichaean,
+Meetei_Mayek,
+Mende_Kikakui,
+Meroitic_Cursive,
+Meroitic_Hieroglyphs,
+Miao,
+Modi,
+Mongolian,
+Mro,
+Myanmar,
+Nabataean,
+New_Tai_Lue,
+Nko,
+Ogham,
+Ol_Chiki,
+Old_Italic,
+Old_North_Arabian,
+Old_Permic,
+Old_Persian,
+Old_South_Arabian,
+Old_Turkic,
+Oriya,
+Osmanya,
+Pahawh_Hmong,
+Palmyrene,
+Pau_Cin_Hau,
+Phags_Pa,
+Phoenician,
+Psalter_Pahlavi,
+Rejang,
+Runic,
+Samaritan,
+Saurashtra,
+Sharada,
+Shavian,
+Siddham,
+Sinhala,
+Sora_Sompeng,
+Sundanese,
+Syloti_Nagri,
+Syriac,
+Tagalog,
+Tagbanwa,
+Tai_Le,
+Tai_Tham,
+Tai_Viet,
+Takri,
+Tamil,
+Telugu,
+Thaana,
+Thai,
+Tibetan,
+Tifinagh,
+Tirhuta,
+Ugaritic,
+Vai,
+Warang_Citi,
+Yi.
+</P>
+<br><a name="SEC8" href="#TOC1">CHARACTER CLASSES</a><br>
+<P>
+<pre>
+  [...]       positive character class
+  [^...]      negative character class
+  [x-y]       range (can be used for hex characters)
+  [[:xxx:]]   positive POSIX named set
+  [[:^xxx:]]  negative POSIX named set
+
+  alnum       alphanumeric
+  alpha       alphabetic
+  ascii       0-127
+  blank       space or tab
+  cntrl       control character
+  digit       decimal digit
+  graph       printing, excluding space
+  lower       lower case letter
+  print       printing, including space
+  punct       printing, excluding alphanumeric
+  space       white space
+  upper       upper case letter
+  word        same as \w
+  xdigit      hexadecimal digit
+</pre>
+In PCRE, POSIX character set names recognize only ASCII characters by default,
+but some of them use Unicode properties if PCRE_UCP is set. You can use
+\Q...\E inside a character class.
+</P>
+<br><a name="SEC9" href="#TOC1">QUANTIFIERS</a><br>
+<P>
+<pre>
+  ?           0 or 1, greedy
+  ?+          0 or 1, possessive
+  ??          0 or 1, lazy
+  *           0 or more, greedy
+  *+          0 or more, possessive
+  *?          0 or more, lazy
+  +           1 or more, greedy
+  ++          1 or more, possessive
+  +?          1 or more, lazy
+  {n}         exactly n
+  {n,m}       at least n, no more than m, greedy
+  {n,m}+      at least n, no more than m, possessive
+  {n,m}?      at least n, no more than m, lazy
+  {n,}        n or more, greedy
+  {n,}+       n or more, possessive
+  {n,}?       n or more, lazy
+</PRE>
+</P>
+<br><a name="SEC10" href="#TOC1">ANCHORS AND SIMPLE ASSERTIONS</a><br>
+<P>
+<pre>
+  \b          word boundary
+  \B          not a word boundary
+  ^           start of subject
+               also after internal newline in multiline mode
+  \A          start of subject
+  $           end of subject
+               also before newline at end of subject
+               also before internal newline in multiline mode
+  \Z          end of subject
+               also before newline at end of subject
+  \z          end of subject
+  \G          first matching position in subject
+</PRE>
+</P>
+<br><a name="SEC11" href="#TOC1">MATCH POINT RESET</a><br>
+<P>
+<pre>
+  \K          reset start of match
+</pre>
+\K is honoured in positive assertions, but ignored in negative ones.
+</P>
+<br><a name="SEC12" href="#TOC1">ALTERNATION</a><br>
+<P>
+<pre>
+  expr|expr|expr...
+</PRE>
+</P>
+<br><a name="SEC13" href="#TOC1">CAPTURING</a><br>
+<P>
+<pre>
+  (...)           capturing group
+  (?&#60;name&#62;...)    named capturing group (Perl)
+  (?'name'...)    named capturing group (Perl)
+  (?P&#60;name&#62;...)   named capturing group (Python)
+  (?:...)         non-capturing group
+  (?|...)         non-capturing group; reset group numbers for
+                   capturing groups in each alternative
+</PRE>
+</P>
+<br><a name="SEC14" href="#TOC1">ATOMIC GROUPS</a><br>
+<P>
+<pre>
+  (?&#62;...)         atomic, non-capturing group
+</PRE>
+</P>
+<br><a name="SEC15" href="#TOC1">COMMENT</a><br>
+<P>
+<pre>
+  (?#....)        comment (not nestable)
+</PRE>
+</P>
+<br><a name="SEC16" href="#TOC1">OPTION SETTING</a><br>
+<P>
+<pre>
+  (?i)            caseless
+  (?J)            allow duplicate names
+  (?m)            multiline
+  (?s)            single line (dotall)
+  (?U)            default ungreedy (lazy)
+  (?x)            extended (ignore white space)
+  (?-...)         unset option(s)
+</pre>
+The following are recognized only at the very start of a pattern or after one
+of the newline or \R options with similar syntax. More than one of them may
+appear.
+<pre>
+  (*LIMIT_MATCH=d) set the match limit to d (decimal number)
+  (*LIMIT_RECURSION=d) set the recursion limit to d (decimal number)
+  (*NO_AUTO_POSSESS) no auto-possessification (PCRE_NO_AUTO_POSSESS)
+  (*NO_START_OPT) no start-match optimization (PCRE_NO_START_OPTIMIZE)
+  (*UTF8)         set UTF-8 mode: 8-bit library (PCRE_UTF8)
+  (*UTF16)        set UTF-16 mode: 16-bit library (PCRE_UTF16)
+  (*UTF32)        set UTF-32 mode: 32-bit library (PCRE_UTF32)
+  (*UTF)          set appropriate UTF mode for the library in use
+  (*UCP)          set PCRE_UCP (use Unicode properties for \d etc)
+</pre>
+Note that LIMIT_MATCH and LIMIT_RECURSION can only reduce the value of the
+limits set by the caller of pcre_exec(), not increase them.
+</P>
+<br><a name="SEC17" href="#TOC1">NEWLINE CONVENTION</a><br>
+<P>
+These are recognized only at the very start of the pattern or after option
+settings with a similar syntax.
+<pre>
+  (*CR)           carriage return only
+  (*LF)           linefeed only
+  (*CRLF)         carriage return followed by linefeed
+  (*ANYCRLF)      all three of the above
+  (*ANY)          any Unicode newline sequence
+</PRE>
+</P>
+<br><a name="SEC18" href="#TOC1">WHAT \R MATCHES</a><br>
+<P>
+These are recognized only at the very start of the pattern or after option
+setting with a similar syntax.
+<pre>
+  (*BSR_ANYCRLF)  CR, LF, or CRLF
+  (*BSR_UNICODE)  any Unicode newline sequence
+</PRE>
+</P>
+<br><a name="SEC19" href="#TOC1">LOOKAHEAD AND LOOKBEHIND ASSERTIONS</a><br>
+<P>
+<pre>
+  (?=...)         positive look ahead
+  (?!...)         negative look ahead
+  (?&#60;=...)        positive look behind
+  (?&#60;!...)        negative look behind
+</pre>
+Each top-level branch of a look behind must be of a fixed length.
+</P>
+<br><a name="SEC20" href="#TOC1">BACKREFERENCES</a><br>
+<P>
+<pre>
+  \n              reference by number (can be ambiguous)
+  \gn             reference by number
+  \g{n}           reference by number
+  \g{-n}          relative reference by number
+  \k&#60;name&#62;        reference by name (Perl)
+  \k'name'        reference by name (Perl)
+  \g{name}        reference by name (Perl)
+  \k{name}        reference by name (.NET)
+  (?P=name)       reference by name (Python)
+</PRE>
+</P>
+<br><a name="SEC21" href="#TOC1">SUBROUTINE REFERENCES (POSSIBLY RECURSIVE)</a><br>
+<P>
+<pre>
+  (?R)            recurse whole pattern
+  (?n)            call subpattern by absolute number
+  (?+n)           call subpattern by relative number
+  (?-n)           call subpattern by relative number
+  (?&name)        call subpattern by name (Perl)
+  (?P&#62;name)       call subpattern by name (Python)
+  \g&#60;name&#62;        call subpattern by name (Oniguruma)
+  \g'name'        call subpattern by name (Oniguruma)
+  \g&#60;n&#62;           call subpattern by absolute number (Oniguruma)
+  \g'n'           call subpattern by absolute number (Oniguruma)
+  \g&#60;+n&#62;          call subpattern by relative number (PCRE extension)
+  \g'+n'          call subpattern by relative number (PCRE extension)
+  \g&#60;-n&#62;          call subpattern by relative number (PCRE extension)
+  \g'-n'          call subpattern by relative number (PCRE extension)
+</PRE>
+</P>
+<br><a name="SEC22" href="#TOC1">CONDITIONAL PATTERNS</a><br>
+<P>
+<pre>
+  (?(condition)yes-pattern)
+  (?(condition)yes-pattern|no-pattern)
+
+  (?(n)...        absolute reference condition
+  (?(+n)...       relative reference condition
+  (?(-n)...       relative reference condition
+  (?(&#60;name&#62;)...   named reference condition (Perl)
+  (?('name')...   named reference condition (Perl)
+  (?(name)...     named reference condition (PCRE)
+  (?(R)...        overall recursion condition
+  (?(Rn)...       specific group recursion condition
+  (?(R&name)...   specific recursion condition
+  (?(DEFINE)...   define subpattern for reference
+  (?(assert)...   assertion condition
+</PRE>
+</P>
+<br><a name="SEC23" href="#TOC1">BACKTRACKING CONTROL</a><br>
+<P>
+The following act immediately they are reached:
+<pre>
+  (*ACCEPT)       force successful match
+  (*FAIL)         force backtrack; synonym (*F)
+  (*MARK:NAME)    set name to be passed back; synonym (*:NAME)
+</pre>
+The following act only when a subsequent match failure causes a backtrack to
+reach them. They all force a match failure, but they differ in what happens
+afterwards. Those that advance the start-of-match point do so only if the
+pattern is not anchored.
+<pre>
+  (*COMMIT)       overall failure, no advance of starting point
+  (*PRUNE)        advance to next starting character
+  (*PRUNE:NAME)   equivalent to (*MARK:NAME)(*PRUNE)
+  (*SKIP)         advance to current matching position
+  (*SKIP:NAME)    advance to position corresponding to an earlier
+                  (*MARK:NAME); if not found, the (*SKIP) is ignored
+  (*THEN)         local failure, backtrack to next alternation
+  (*THEN:NAME)    equivalent to (*MARK:NAME)(*THEN)
+</PRE>
+</P>
+<br><a name="SEC24" href="#TOC1">CALLOUTS</a><br>
+<P>
+<pre>
+  (?C)      callout
+  (?Cn)     callout with data n
+</PRE>
+</P>
+<br><a name="SEC25" href="#TOC1">SEE ALSO</a><br>
+<P>
+<b>pcrepattern</b>(3), <b>pcreapi</b>(3), <b>pcrecallout</b>(3),
+<b>pcrematching</b>(3), <b>pcre</b>(3).
+</P>
+<br><a name="SEC26" href="#TOC1">AUTHOR</a><br>
+<P>
+Philip Hazel
+<br>
+University Computing Service
+<br>
+Cambridge CB2 3QH, England.
+<br>
+</P>
+<br><a name="SEC27" href="#TOC1">REVISION</a><br>
+<P>
+Last updated: 08 January 2014
+<br>
+Copyright &copy; 1997-2014 University of Cambridge.
+<br>
+<p>
+Return to the <a href="index.html">PCRE index page</a>.
+</p>
diff --git a/client/3rd/ShadowSocks/ShadowSocks/pcre/armv7/share/doc/pcre/html/pcretest.html b/client/3rd/ShadowSocks/ShadowSocks/pcre/armv7/share/doc/pcre/html/pcretest.html
new file mode 100644
index 00000000..ba540d3c
--- /dev/null
+++ b/client/3rd/ShadowSocks/ShadowSocks/pcre/armv7/share/doc/pcre/html/pcretest.html
@@ -0,0 +1,1163 @@
+<html>
+<head>
+<title>pcretest specification</title>
+</head>
+<body bgcolor="#FFFFFF" text="#00005A" link="#0066FF" alink="#3399FF" vlink="#2222BB">
+<h1>pcretest man page</h1>
+<p>
+Return to the <a href="index.html">PCRE index page</a>.
+</p>
+<p>
+This page is part of the PCRE HTML documentation. It was generated automatically
+from the original man page. If there is any nonsense in it, please consult the
+man page, in case the conversion went wrong.
+<br>
+<ul>
+<li><a name="TOC1" href="#SEC1">SYNOPSIS</a>
+<li><a name="TOC2" href="#SEC2">INPUT DATA FORMAT</a>
+<li><a name="TOC3" href="#SEC3">PCRE's 8-BIT, 16-BIT AND 32-BIT LIBRARIES</a>
+<li><a name="TOC4" href="#SEC4">COMMAND LINE OPTIONS</a>
+<li><a name="TOC5" href="#SEC5">DESCRIPTION</a>
+<li><a name="TOC6" href="#SEC6">PATTERN MODIFIERS</a>
+<li><a name="TOC7" href="#SEC7">DATA LINES</a>
+<li><a name="TOC8" href="#SEC8">THE ALTERNATIVE MATCHING FUNCTION</a>
+<li><a name="TOC9" href="#SEC9">DEFAULT OUTPUT FROM PCRETEST</a>
+<li><a name="TOC10" href="#SEC10">OUTPUT FROM THE ALTERNATIVE MATCHING FUNCTION</a>
+<li><a name="TOC11" href="#SEC11">RESTARTING AFTER A PARTIAL MATCH</a>
+<li><a name="TOC12" href="#SEC12">CALLOUTS</a>
+<li><a name="TOC13" href="#SEC13">NON-PRINTING CHARACTERS</a>
+<li><a name="TOC14" href="#SEC14">SAVING AND RELOADING COMPILED PATTERNS</a>
+<li><a name="TOC15" href="#SEC15">SEE ALSO</a>
+<li><a name="TOC16" href="#SEC16">AUTHOR</a>
+<li><a name="TOC17" href="#SEC17">REVISION</a>
+</ul>
+<br><a name="SEC1" href="#TOC1">SYNOPSIS</a><br>
+<P>
+<b>pcretest [options] [input file [output file]]</b>
+<br>
+<br>
+<b>pcretest</b> was written as a test program for the PCRE regular expression
+library itself, but it can also be used for experimenting with regular
+expressions. This document describes the features of the test program; for
+details of the regular expressions themselves, see the
+<a href="pcrepattern.html"><b>pcrepattern</b></a>
+documentation. For details of the PCRE library function calls and their
+options, see the
+<a href="pcreapi.html"><b>pcreapi</b></a>
+,
+<a href="pcre16.html"><b>pcre16</b></a>
+and
+<a href="pcre32.html"><b>pcre32</b></a>
+documentation.
+</P>
+<P>
+The input for <b>pcretest</b> is a sequence of regular expression patterns and
+strings to be matched, as described below. The output shows the result of each
+match. Options on the command line and the patterns control PCRE options and
+exactly what is output.
+</P>
+<P>
+As PCRE has evolved, it has acquired many different features, and as a result,
+<b>pcretest</b> now has rather a lot of obscure options for testing every
+possible feature. Some of these options are specifically designed for use in
+conjunction with the test script and data files that are distributed as part of
+PCRE, and are unlikely to be of use otherwise. They are all documented here,
+but without much justification.
+</P>
+<br><a name="SEC2" href="#TOC1">INPUT DATA FORMAT</a><br>
+<P>
+Input to <b>pcretest</b> is processed line by line, either by calling the C
+library's <b>fgets()</b> function, or via the <b>libreadline</b> library (see
+below). In Unix-like environments, <b>fgets()</b> treats any bytes other than
+newline as data characters. However, in some Windows environments character 26
+(hex 1A) causes an immediate end of file, and no further data is read. For
+maximum portability, therefore, it is safest to use only ASCII characters in
+<b>pcretest</b> input files.
+</P>
+<P>
+The input is processed using using C's string functions, so must not
+contain binary zeroes, even though in Unix-like environments, <b>fgets()</b>
+treats any bytes other than newline as data characters.
+</P>
+<br><a name="SEC3" href="#TOC1">PCRE's 8-BIT, 16-BIT AND 32-BIT LIBRARIES</a><br>
+<P>
+From release 8.30, two separate PCRE libraries can be built. The original one
+supports 8-bit character strings, whereas the newer 16-bit library supports
+character strings encoded in 16-bit units. From release 8.32, a third library
+can be built, supporting character strings encoded in 32-bit units. The
+<b>pcretest</b> program can be used to test all three libraries. However, it is
+itself still an 8-bit program, reading 8-bit input and writing 8-bit output.
+When testing the 16-bit or 32-bit library, the patterns and data strings are
+converted to 16- or 32-bit format before being passed to the PCRE library
+functions. Results are converted to 8-bit for output.
+</P>
+<P>
+References to functions and structures of the form <b>pcre[16|32]_xx</b> below
+mean "<b>pcre_xx</b> when using the 8-bit library, <b>pcre16_xx</b> when using
+the 16-bit library, or <b>pcre32_xx</b> when using the 32-bit library".
+</P>
+<br><a name="SEC4" href="#TOC1">COMMAND LINE OPTIONS</a><br>
+<P>
+<b>-8</b>
+If both the 8-bit library has been built, this option causes the 8-bit library
+to be used (which is the default); if the 8-bit library has not been built,
+this option causes an error.
+</P>
+<P>
+<b>-16</b>
+If both the 8-bit or the 32-bit, and the 16-bit libraries have been built, this
+option causes the 16-bit library to be used. If only the 16-bit library has been
+built, this is the default (so has no effect). If only the 8-bit or the 32-bit
+library has been built, this option causes an error.
+</P>
+<P>
+<b>-32</b>
+If both the 8-bit or the 16-bit, and the 32-bit libraries have been built, this
+option causes the 32-bit library to be used. If only the 32-bit library has been
+built, this is the default (so has no effect). If only the 8-bit or the 16-bit
+library has been built, this option causes an error.
+</P>
+<P>
+<b>-b</b>
+Behave as if each pattern has the <b>/B</b> (show byte code) modifier; the
+internal form is output after compilation.
+</P>
+<P>
+<b>-C</b>
+Output the version number of the PCRE library, and all available information
+about the optional features that are included, and then exit with zero exit
+code. All other options are ignored.
+</P>
+<P>
+<b>-C</b> <i>option</i>
+Output information about a specific build-time option, then exit. This
+functionality is intended for use in scripts such as <b>RunTest</b>. The
+following options output the value and set the exit code as indicated:
+<pre>
+  ebcdic-nl  the code for LF (= NL) in an EBCDIC environment:
+               0x15 or 0x25
+               0 if used in an ASCII environment
+               exit code is always 0
+  linksize   the configured internal link size (2, 3, or 4)
+               exit code is set to the link size
+  newline    the default newline setting:
+               CR, LF, CRLF, ANYCRLF, or ANY
+               exit code is always 0
+  bsr        the default setting for what \R matches:
+               ANYCRLF or ANY
+               exit code is always 0
+</pre>
+The following options output 1 for true or 0 for false, and set the exit code
+to the same value:
+<pre>
+  ebcdic     compiled for an EBCDIC environment
+  jit        just-in-time support is available
+  pcre16     the 16-bit library was built
+  pcre32     the 32-bit library was built
+  pcre8      the 8-bit library was built
+  ucp        Unicode property support is available
+  utf        UTF-8 and/or UTF-16 and/or UTF-32 support
+               is available
+</pre>
+If an unknown option is given, an error message is output; the exit code is 0.
+</P>
+<P>
+<b>-d</b>
+Behave as if each pattern has the <b>/D</b> (debug) modifier; the internal
+form and information about the compiled pattern is output after compilation;
+<b>-d</b> is equivalent to <b>-b -i</b>.
+</P>
+<P>
+<b>-dfa</b>
+Behave as if each data line contains the \D escape sequence; this causes the
+alternative matching function, <b>pcre[16|32]_dfa_exec()</b>, to be used instead
+of the standard <b>pcre[16|32]_exec()</b> function (more detail is given below).
+</P>
+<P>
+<b>-help</b>
+Output a brief summary these options and then exit.
+</P>
+<P>
+<b>-i</b>
+Behave as if each pattern has the <b>/I</b> modifier; information about the
+compiled pattern is given after compilation.
+</P>
+<P>
+<b>-M</b>
+Behave as if each data line contains the \M escape sequence; this causes
+PCRE to discover the minimum MATCH_LIMIT and MATCH_LIMIT_RECURSION settings by
+calling <b>pcre[16|32]_exec()</b> repeatedly with different limits.
+</P>
+<P>
+<b>-m</b>
+Output the size of each compiled pattern after it has been compiled. This is
+equivalent to adding <b>/M</b> to each regular expression. The size is given in
+bytes for both libraries.
+</P>
+<P>
+<b>-O</b>
+Behave as if each pattern has the <b>/O</b> modifier, that is disable
+auto-possessification for all patterns.
+</P>
+<P>
+<b>-o</b> <i>osize</i>
+Set the number of elements in the output vector that is used when calling
+<b>pcre[16|32]_exec()</b> or <b>pcre[16|32]_dfa_exec()</b> to be <i>osize</i>. The
+default value is 45, which is enough for 14 capturing subexpressions for
+<b>pcre[16|32]_exec()</b> or 22 different matches for
+<b>pcre[16|32]_dfa_exec()</b>.
+The vector size can be changed for individual matching calls by including \O
+in the data line (see below).
+</P>
+<P>
+<b>-p</b>
+Behave as if each pattern has the <b>/P</b> modifier; the POSIX wrapper API is
+used to call PCRE. None of the other options has any effect when <b>-p</b> is
+set. This option can be used only with the 8-bit library.
+</P>
+<P>
+<b>-q</b>
+Do not output the version number of <b>pcretest</b> at the start of execution.
+</P>
+<P>
+<b>-S</b> <i>size</i>
+On Unix-like systems, set the size of the run-time stack to <i>size</i>
+megabytes.
+</P>
+<P>
+<b>-s</b> or <b>-s+</b>
+Behave as if each pattern has the <b>/S</b> modifier; in other words, force each
+pattern to be studied. If <b>-s+</b> is used, all the JIT compile options are
+passed to <b>pcre[16|32]_study()</b>, causing just-in-time optimization to be set
+up if it is available, for both full and partial matching. Specific JIT compile
+options can be selected by following <b>-s+</b> with a digit in the range 1 to
+7, which selects the JIT compile modes as follows:
+<pre>
+  1  normal match only
+  2  soft partial match only
+  3  normal match and soft partial match
+  4  hard partial match only
+  6  soft and hard partial match
+  7  all three modes (default)
+</pre>
+If <b>-s++</b> is used instead of <b>-s+</b> (with or without a following digit),
+the text "(JIT)" is added to the first output line after a match or no match
+when JIT-compiled code was actually used.
+<br>
+<br>
+Note that there are pattern options that can override <b>-s</b>, either
+specifying no studying at all, or suppressing JIT compilation.
+<br>
+<br>
+If the <b>/I</b> or <b>/D</b> option is present on a pattern (requesting output
+about the compiled pattern), information about the result of studying is not
+included when studying is caused only by <b>-s</b> and neither <b>-i</b> nor
+<b>-d</b> is present on the command line. This behaviour means that the output
+from tests that are run with and without <b>-s</b> should be identical, except
+when options that output information about the actual running of a match are
+set.
+<br>
+<br>
+The <b>-M</b>, <b>-t</b>, and <b>-tm</b> options, which give information about
+resources used, are likely to produce different output with and without
+<b>-s</b>. Output may also differ if the <b>/C</b> option is present on an
+individual pattern. This uses callouts to trace the the matching process, and
+this may be different between studied and non-studied patterns. If the pattern
+contains (*MARK) items there may also be differences, for the same reason. The
+<b>-s</b> command line option can be overridden for specific patterns that
+should never be studied (see the <b>/S</b> pattern modifier below).
+</P>
+<P>
+<b>-t</b>
+Run each compile, study, and match many times with a timer, and output the
+resulting times per compile, study, or match (in milliseconds). Do not set
+<b>-m</b> with <b>-t</b>, because you will then get the size output a zillion
+times, and the timing will be distorted. You can control the number of
+iterations that are used for timing by following <b>-t</b> with a number (as a
+separate item on the command line). For example, "-t 1000" iterates 1000 times.
+The default is to iterate 500000 times.
+</P>
+<P>
+<b>-tm</b>
+This is like <b>-t</b> except that it times only the matching phase, not the
+compile or study phases.
+</P>
+<P>
+<b>-T</b> <b>-TM</b>
+These behave like <b>-t</b> and <b>-tm</b>, but in addition, at the end of a run,
+the total times for all compiles, studies, and matches are output.
+</P>
+<br><a name="SEC5" href="#TOC1">DESCRIPTION</a><br>
+<P>
+If <b>pcretest</b> is given two filename arguments, it reads from the first and
+writes to the second. If it is given only one filename argument, it reads from
+that file and writes to stdout. Otherwise, it reads from stdin and writes to
+stdout, and prompts for each line of input, using "re&#62;" to prompt for regular
+expressions, and "data&#62;" to prompt for data lines.
+</P>
+<P>
+When <b>pcretest</b> is built, a configuration option can specify that it should
+be linked with the <b>libreadline</b> library. When this is done, if the input
+is from a terminal, it is read using the <b>readline()</b> function. This
+provides line-editing and history facilities. The output from the <b>-help</b>
+option states whether or not <b>readline()</b> will be used.
+</P>
+<P>
+The program handles any number of sets of input on a single input file. Each
+set starts with a regular expression, and continues with any number of data
+lines to be matched against that pattern.
+</P>
+<P>
+Each data line is matched separately and independently. If you want to do
+multi-line matches, you have to use the \n escape sequence (or \r or \r\n,
+etc., depending on the newline setting) in a single line of input to encode the
+newline sequences. There is no limit on the length of data lines; the input
+buffer is automatically extended if it is too small.
+</P>
+<P>
+An empty line signals the end of the data lines, at which point a new regular
+expression is read. The regular expressions are given enclosed in any
+non-alphanumeric delimiters other than backslash, for example:
+<pre>
+  /(a|bc)x+yz/
+</pre>
+White space before the initial delimiter is ignored. A regular expression may
+be continued over several input lines, in which case the newline characters are
+included within it. It is possible to include the delimiter within the pattern
+by escaping it, for example
+<pre>
+  /abc\/def/
+</pre>
+If you do so, the escape and the delimiter form part of the pattern, but since
+delimiters are always non-alphanumeric, this does not affect its interpretation.
+If the terminating delimiter is immediately followed by a backslash, for
+example,
+<pre>
+  /abc/\
+</pre>
+then a backslash is added to the end of the pattern. This is done to provide a
+way of testing the error condition that arises if a pattern finishes with a
+backslash, because
+<pre>
+  /abc\/
+</pre>
+is interpreted as the first line of a pattern that starts with "abc/", causing
+pcretest to read the next line as a continuation of the regular expression.
+</P>
+<br><a name="SEC6" href="#TOC1">PATTERN MODIFIERS</a><br>
+<P>
+A pattern may be followed by any number of modifiers, which are mostly single
+characters, though some of these can be qualified by further characters.
+Following Perl usage, these are referred to below as, for example, "the
+<b>/i</b> modifier", even though the delimiter of the pattern need not always be
+a slash, and no slash is used when writing modifiers. White space may appear
+between the final pattern delimiter and the first modifier, and between the
+modifiers themselves. For reference, here is a complete list of modifiers. They
+fall into several groups that are described in detail in the following
+sections.
+<pre>
+  <b>/8</b>              set UTF mode
+  <b>/9</b>              set PCRE_NEVER_UTF (locks out UTF mode)
+  <b>/?</b>              disable UTF validity check
+  <b>/+</b>              show remainder of subject after match
+  <b>/=</b>              show all captures (not just those that are set)
+
+  <b>/A</b>              set PCRE_ANCHORED
+  <b>/B</b>              show compiled code
+  <b>/C</b>              set PCRE_AUTO_CALLOUT
+  <b>/D</b>              same as <b>/B</b> plus <b>/I</b>
+  <b>/E</b>              set PCRE_DOLLAR_ENDONLY
+  <b>/F</b>              flip byte order in compiled pattern
+  <b>/f</b>              set PCRE_FIRSTLINE
+  <b>/G</b>              find all matches (shorten string)
+  <b>/g</b>              find all matches (use startoffset)
+  <b>/I</b>              show information about pattern
+  <b>/i</b>              set PCRE_CASELESS
+  <b>/J</b>              set PCRE_DUPNAMES
+  <b>/K</b>              show backtracking control names
+  <b>/L</b>              set locale
+  <b>/M</b>              show compiled memory size
+  <b>/m</b>              set PCRE_MULTILINE
+  <b>/N</b>              set PCRE_NO_AUTO_CAPTURE
+  <b>/O</b>              set PCRE_NO_AUTO_POSSESS
+  <b>/P</b>              use the POSIX wrapper
+  <b>/Q</b>              test external stack check function
+  <b>/S</b>              study the pattern after compilation
+  <b>/s</b>              set PCRE_DOTALL
+  <b>/T</b>              select character tables
+  <b>/U</b>              set PCRE_UNGREEDY
+  <b>/W</b>              set PCRE_UCP
+  <b>/X</b>              set PCRE_EXTRA
+  <b>/x</b>              set PCRE_EXTENDED
+  <b>/Y</b>              set PCRE_NO_START_OPTIMIZE
+  <b>/Z</b>              don't show lengths in <b>/B</b> output
+
+  <b>/&#60;any&#62;</b>          set PCRE_NEWLINE_ANY
+  <b>/&#60;anycrlf&#62;</b>      set PCRE_NEWLINE_ANYCRLF
+  <b>/&#60;cr&#62;</b>           set PCRE_NEWLINE_CR
+  <b>/&#60;crlf&#62;</b>         set PCRE_NEWLINE_CRLF
+  <b>/&#60;lf&#62;</b>           set PCRE_NEWLINE_LF
+  <b>/&#60;bsr_anycrlf&#62;</b>  set PCRE_BSR_ANYCRLF
+  <b>/&#60;bsr_unicode&#62;</b>  set PCRE_BSR_UNICODE
+  <b>/&#60;JS&#62;</b>           set PCRE_JAVASCRIPT_COMPAT
+
+</PRE>
+</P>
+<br><b>
+Perl-compatible modifiers
+</b><br>
+<P>
+The <b>/i</b>, <b>/m</b>, <b>/s</b>, and <b>/x</b> modifiers set the PCRE_CASELESS,
+PCRE_MULTILINE, PCRE_DOTALL, or PCRE_EXTENDED options, respectively, when
+<b>pcre[16|32]_compile()</b> is called. These four modifier letters have the same
+effect as they do in Perl. For example:
+<pre>
+  /caseless/i
+
+</PRE>
+</P>
+<br><b>
+Modifiers for other PCRE options
+</b><br>
+<P>
+The following table shows additional modifiers for setting PCRE compile-time
+options that do not correspond to anything in Perl:
+<pre>
+  <b>/8</b>              PCRE_UTF8           ) when using the 8-bit
+  <b>/?</b>              PCRE_NO_UTF8_CHECK  )   library
+
+  <b>/8</b>              PCRE_UTF16          ) when using the 16-bit
+  <b>/?</b>              PCRE_NO_UTF16_CHECK )   library
+
+  <b>/8</b>              PCRE_UTF32          ) when using the 32-bit
+  <b>/?</b>              PCRE_NO_UTF32_CHECK )   library
+
+  <b>/9</b>              PCRE_NEVER_UTF
+  <b>/A</b>              PCRE_ANCHORED
+  <b>/C</b>              PCRE_AUTO_CALLOUT
+  <b>/E</b>              PCRE_DOLLAR_ENDONLY
+  <b>/f</b>              PCRE_FIRSTLINE
+  <b>/J</b>              PCRE_DUPNAMES
+  <b>/N</b>              PCRE_NO_AUTO_CAPTURE
+  <b>/O</b>              PCRE_NO_AUTO_POSSESS
+  <b>/U</b>              PCRE_UNGREEDY
+  <b>/W</b>              PCRE_UCP
+  <b>/X</b>              PCRE_EXTRA
+  <b>/Y</b>              PCRE_NO_START_OPTIMIZE
+  <b>/&#60;any&#62;</b>          PCRE_NEWLINE_ANY
+  <b>/&#60;anycrlf&#62;</b>      PCRE_NEWLINE_ANYCRLF
+  <b>/&#60;cr&#62;</b>           PCRE_NEWLINE_CR
+  <b>/&#60;crlf&#62;</b>         PCRE_NEWLINE_CRLF
+  <b>/&#60;lf&#62;</b>           PCRE_NEWLINE_LF
+  <b>/&#60;bsr_anycrlf&#62;</b>  PCRE_BSR_ANYCRLF
+  <b>/&#60;bsr_unicode&#62;</b>  PCRE_BSR_UNICODE
+  <b>/&#60;JS&#62;</b>           PCRE_JAVASCRIPT_COMPAT
+</pre>
+The modifiers that are enclosed in angle brackets are literal strings as shown,
+including the angle brackets, but the letters within can be in either case.
+This example sets multiline matching with CRLF as the line ending sequence:
+<pre>
+  /^abc/m&#60;CRLF&#62;
+</pre>
+As well as turning on the PCRE_UTF8/16/32 option, the <b>/8</b> modifier causes
+all non-printing characters in output strings to be printed using the
+\x{hh...} notation. Otherwise, those less than 0x100 are output in hex without
+the curly brackets.
+</P>
+<P>
+Full details of the PCRE options are given in the
+<a href="pcreapi.html"><b>pcreapi</b></a>
+documentation.
+</P>
+<br><b>
+Finding all matches in a string
+</b><br>
+<P>
+Searching for all possible matches within each subject string can be requested
+by the <b>/g</b> or <b>/G</b> modifier. After finding a match, PCRE is called
+again to search the remainder of the subject string. The difference between
+<b>/g</b> and <b>/G</b> is that the former uses the <i>startoffset</i> argument to
+<b>pcre[16|32]_exec()</b> to start searching at a new point within the entire
+string (which is in effect what Perl does), whereas the latter passes over a
+shortened substring. This makes a difference to the matching process if the
+pattern begins with a lookbehind assertion (including \b or \B).
+</P>
+<P>
+If any call to <b>pcre[16|32]_exec()</b> in a <b>/g</b> or <b>/G</b> sequence matches
+an empty string, the next call is done with the PCRE_NOTEMPTY_ATSTART and
+PCRE_ANCHORED flags set in order to search for another, non-empty, match at the
+same point. If this second match fails, the start offset is advanced, and the
+normal match is retried. This imitates the way Perl handles such cases when
+using the <b>/g</b> modifier or the <b>split()</b> function. Normally, the start
+offset is advanced by one character, but if the newline convention recognizes
+CRLF as a newline, and the current character is CR followed by LF, an advance
+of two is used.
+</P>
+<br><b>
+Other modifiers
+</b><br>
+<P>
+There are yet more modifiers for controlling the way <b>pcretest</b>
+operates.
+</P>
+<P>
+The <b>/+</b> modifier requests that as well as outputting the substring that
+matched the entire pattern, <b>pcretest</b> should in addition output the
+remainder of the subject string. This is useful for tests where the subject
+contains multiple copies of the same substring. If the <b>+</b> modifier appears
+twice, the same action is taken for captured substrings. In each case the
+remainder is output on the following line with a plus character following the
+capture number. Note that this modifier must not immediately follow the /S
+modifier because /S+ and /S++ have other meanings.
+</P>
+<P>
+The <b>/=</b> modifier requests that the values of all potential captured
+parentheses be output after a match. By default, only those up to the highest
+one actually used in the match are output (corresponding to the return code
+from <b>pcre[16|32]_exec()</b>). Values in the offsets vector corresponding to
+higher numbers should be set to -1, and these are output as "&#60;unset&#62;". This
+modifier gives a way of checking that this is happening.
+</P>
+<P>
+The <b>/B</b> modifier is a debugging feature. It requests that <b>pcretest</b>
+output a representation of the compiled code after compilation. Normally this
+information contains length and offset values; however, if <b>/Z</b> is also
+present, this data is replaced by spaces. This is a special feature for use in
+the automatic test scripts; it ensures that the same output is generated for
+different internal link sizes.
+</P>
+<P>
+The <b>/D</b> modifier is a PCRE debugging feature, and is equivalent to
+<b>/BI</b>, that is, both the <b>/B</b> and the <b>/I</b> modifiers.
+</P>
+<P>
+The <b>/F</b> modifier causes <b>pcretest</b> to flip the byte order of the
+2-byte and 4-byte fields in the compiled pattern. This facility is for testing
+the feature in PCRE that allows it to execute patterns that were compiled on a
+host with a different endianness. This feature is not available when the POSIX
+interface to PCRE is being used, that is, when the <b>/P</b> pattern modifier is
+specified. See also the section about saving and reloading compiled patterns
+below.
+</P>
+<P>
+The <b>/I</b> modifier requests that <b>pcretest</b> output information about the
+compiled pattern (whether it is anchored, has a fixed first character, and
+so on). It does this by calling <b>pcre[16|32]_fullinfo()</b> after compiling a
+pattern. If the pattern is studied, the results of that are also output. In
+this output, the word "char" means a non-UTF character, that is, the value of a
+single data item (8-bit, 16-bit, or 32-bit, depending on the library that is
+being tested).
+</P>
+<P>
+The <b>/K</b> modifier requests <b>pcretest</b> to show names from backtracking
+control verbs that are returned from calls to <b>pcre[16|32]_exec()</b>. It causes
+<b>pcretest</b> to create a <b>pcre[16|32]_extra</b> block if one has not already
+been created by a call to <b>pcre[16|32]_study()</b>, and to set the
+PCRE_EXTRA_MARK flag and the <b>mark</b> field within it, every time that
+<b>pcre[16|32]_exec()</b> is called. If the variable that the <b>mark</b> field
+points to is non-NULL for a match, non-match, or partial match, <b>pcretest</b>
+prints the string to which it points. For a match, this is shown on a line by
+itself, tagged with "MK:". For a non-match it is added to the message.
+</P>
+<P>
+The <b>/L</b> modifier must be followed directly by the name of a locale, for
+example,
+<pre>
+  /pattern/Lfr_FR
+</pre>
+For this reason, it must be the last modifier. The given locale is set,
+<b>pcre[16|32]_maketables()</b> is called to build a set of character tables for
+the locale, and this is then passed to <b>pcre[16|32]_compile()</b> when compiling
+the regular expression. Without an <b>/L</b> (or <b>/T</b>) modifier, NULL is
+passed as the tables pointer; that is, <b>/L</b> applies only to the expression
+on which it appears.
+</P>
+<P>
+The <b>/M</b> modifier causes the size in bytes of the memory block used to hold
+the compiled pattern to be output. This does not include the size of the
+<b>pcre[16|32]</b> block; it is just the actual compiled data. If the pattern is
+successfully studied with the PCRE_STUDY_JIT_COMPILE option, the size of the
+JIT compiled code is also output.
+</P>
+<P>
+The <b>/Q</b> modifier is used to test the use of <b>pcre_stack_guard</b>. It
+must be followed by '0' or '1', specifying the return code to be given from an
+external function that is passed to PCRE and used for stack checking during
+compilation (see the
+<a href="pcreapi.html"><b>pcreapi</b></a>
+documentation for details).
+</P>
+<P>
+The <b>/S</b> modifier causes <b>pcre[16|32]_study()</b> to be called after the
+expression has been compiled, and the results used when the expression is
+matched. There are a number of qualifying characters that may follow <b>/S</b>.
+They may appear in any order.
+</P>
+<P>
+If <b>/S</b> is followed by an exclamation mark, <b>pcre[16|32]_study()</b> is
+called with the PCRE_STUDY_EXTRA_NEEDED option, causing it always to return a
+<b>pcre_extra</b> block, even when studying discovers no useful information.
+</P>
+<P>
+If <b>/S</b> is followed by a second S character, it suppresses studying, even
+if it was requested externally by the <b>-s</b> command line option. This makes
+it possible to specify that certain patterns are always studied, and others are
+never studied, independently of <b>-s</b>. This feature is used in the test
+files in a few cases where the output is different when the pattern is studied.
+</P>
+<P>
+If the <b>/S</b> modifier is followed by a + character, the call to
+<b>pcre[16|32]_study()</b> is made with all the JIT study options, requesting
+just-in-time optimization support if it is available, for both normal and
+partial matching. If you want to restrict the JIT compiling modes, you can
+follow <b>/S+</b> with a digit in the range 1 to 7:
+<pre>
+  1  normal match only
+  2  soft partial match only
+  3  normal match and soft partial match
+  4  hard partial match only
+  6  soft and hard partial match
+  7  all three modes (default)
+</pre>
+If <b>/S++</b> is used instead of <b>/S+</b> (with or without a following digit),
+the text "(JIT)" is added to the first output line after a match or no match
+when JIT-compiled code was actually used.
+</P>
+<P>
+Note that there is also an independent <b>/+</b> modifier; it must not be given
+immediately after <b>/S</b> or <b>/S+</b> because this will be misinterpreted.
+</P>
+<P>
+If JIT studying is successful, the compiled JIT code will automatically be used
+when <b>pcre[16|32]_exec()</b> is run, except when incompatible run-time options
+are specified. For more details, see the
+<a href="pcrejit.html"><b>pcrejit</b></a>
+documentation. See also the <b>\J</b> escape sequence below for a way of
+setting the size of the JIT stack.
+</P>
+<P>
+Finally, if <b>/S</b> is followed by a minus character, JIT compilation is
+suppressed, even if it was requested externally by the <b>-s</b> command line
+option. This makes it possible to specify that JIT is never to be used for
+certain patterns.
+</P>
+<P>
+The <b>/T</b> modifier must be followed by a single digit. It causes a specific
+set of built-in character tables to be passed to <b>pcre[16|32]_compile()</b>. It
+is used in the standard PCRE tests to check behaviour with different character
+tables. The digit specifies the tables as follows:
+<pre>
+  0   the default ASCII tables, as distributed in
+        pcre_chartables.c.dist
+  1   a set of tables defining ISO 8859 characters
+</pre>
+In table 1, some characters whose codes are greater than 128 are identified as
+letters, digits, spaces, etc.
+</P>
+<br><b>
+Using the POSIX wrapper API
+</b><br>
+<P>
+The <b>/P</b> modifier causes <b>pcretest</b> to call PCRE via the POSIX wrapper
+API rather than its native API. This supports only the 8-bit library. When
+<b>/P</b> is set, the following modifiers set options for the <b>regcomp()</b>
+function:
+<pre>
+  /i    REG_ICASE
+  /m    REG_NEWLINE
+  /N    REG_NOSUB
+  /s    REG_DOTALL     )
+  /U    REG_UNGREEDY   ) These options are not part of
+  /W    REG_UCP        )   the POSIX standard
+  /8    REG_UTF8       )
+</pre>
+The <b>/+</b> modifier works as described above. All other modifiers are
+ignored.
+</P>
+<br><b>
+Locking out certain modifiers
+</b><br>
+<P>
+PCRE can be compiled with or without support for certain features such as
+UTF-8/16/32 or Unicode properties. Accordingly, the standard tests are split up
+into a number of different files that are selected for running depending on
+which features are available. When updating the tests, it is all too easy to
+put a new test into the wrong file by mistake; for example, to put a test that
+requires UTF support into a file that is used when it is not available. To help
+detect such mistakes as early as possible, there is a facility for locking out
+specific modifiers. If an input line for <b>pcretest</b> starts with the string
+"&#60; forbid " the following sequence of characters is taken as a list of
+forbidden modifiers. For example, in the test files that must not use UTF or
+Unicode property support, this line appears:
+<pre>
+  &#60; forbid 8W
+</pre>
+This locks out the /8 and /W modifiers. An immediate error is given if they are
+subsequently encountered. If the character string contains &#60; but not &#62;, all the
+multi-character modifiers that begin with &#60; are locked out. Otherwise, such
+modifiers must be explicitly listed, for example:
+<pre>
+  &#60; forbid &#60;JS&#62;&#60;cr&#62;
+</pre>
+There must be a single space between &#60; and "forbid" for this feature to be
+recognised. If there is not, the line is interpreted either as a request to
+re-load a pre-compiled pattern (see "SAVING AND RELOADING COMPILED PATTERNS"
+below) or, if there is a another &#60; character, as a pattern that uses &#60; as its
+delimiter.
+</P>
+<br><a name="SEC7" href="#TOC1">DATA LINES</a><br>
+<P>
+Before each data line is passed to <b>pcre[16|32]_exec()</b>, leading and trailing
+white space is removed, and it is then scanned for \ escapes. Some of these
+are pretty esoteric features, intended for checking out some of the more
+complicated features of PCRE. If you are just testing "ordinary" regular
+expressions, you probably don't need any of these. The following escapes are
+recognized:
+<pre>
+  \a         alarm (BEL, \x07)
+  \b         backspace (\x08)
+  \e         escape (\x27)
+  \f         form feed (\x0c)
+  \n         newline (\x0a)
+  \qdd       set the PCRE_MATCH_LIMIT limit to dd (any number of digits)
+  \r         carriage return (\x0d)
+  \t         tab (\x09)
+  \v         vertical tab (\x0b)
+  \nnn       octal character (up to 3 octal digits); always
+               a byte unless &#62; 255 in UTF-8 or 16-bit or 32-bit mode
+  \o{dd...}  octal character (any number of octal digits}
+  \xhh       hexadecimal byte (up to 2 hex digits)
+  \x{hh...}  hexadecimal character (any number of hex digits)
+  \A         pass the PCRE_ANCHORED option to <b>pcre[16|32]_exec()</b> or <b>pcre[16|32]_dfa_exec()</b>
+  \B         pass the PCRE_NOTBOL option to <b>pcre[16|32]_exec()</b> or <b>pcre[16|32]_dfa_exec()</b>
+  \Cdd       call pcre[16|32]_copy_substring() for substring dd after a successful match (number less than 32)
+  \Cname     call pcre[16|32]_copy_named_substring() for substring "name" after a successful match (name termin-
+               ated by next non alphanumeric character)
+  \C+        show the current captured substrings at callout time
+  \C-        do not supply a callout function
+  \C!n       return 1 instead of 0 when callout number n is reached
+  \C!n!m     return 1 instead of 0 when callout number n is reached for the nth time
+  \C*n       pass the number n (may be negative) as callout data; this is used as the callout return value
+  \D         use the <b>pcre[16|32]_dfa_exec()</b> match function
+  \F         only shortest match for <b>pcre[16|32]_dfa_exec()</b>
+  \Gdd       call pcre[16|32]_get_substring() for substring dd after a successful match (number less than 32)
+  \Gname     call pcre[16|32]_get_named_substring() for substring "name" after a successful match (name termin-
+               ated by next non-alphanumeric character)
+  \Jdd       set up a JIT stack of dd kilobytes maximum (any number of digits)
+  \L         call pcre[16|32]_get_substringlist() after a successful match
+  \M         discover the minimum MATCH_LIMIT and MATCH_LIMIT_RECURSION settings
+  \N         pass the PCRE_NOTEMPTY option to <b>pcre[16|32]_exec()</b> or <b>pcre[16|32]_dfa_exec()</b>; if used twice, pass the
+               PCRE_NOTEMPTY_ATSTART option
+  \Odd       set the size of the output vector passed to <b>pcre[16|32]_exec()</b> to dd (any number of digits)
+  \P         pass the PCRE_PARTIAL_SOFT option to <b>pcre[16|32]_exec()</b> or <b>pcre[16|32]_dfa_exec()</b>; if used twice, pass the
+               PCRE_PARTIAL_HARD option
+  \Qdd       set the PCRE_MATCH_LIMIT_RECURSION limit to dd (any number of digits)
+  \R         pass the PCRE_DFA_RESTART option to <b>pcre[16|32]_dfa_exec()</b>
+  \S         output details of memory get/free calls during matching
+  \Y         pass the PCRE_NO_START_OPTIMIZE option to <b>pcre[16|32]_exec()</b> or <b>pcre[16|32]_dfa_exec()</b>
+  \Z         pass the PCRE_NOTEOL option to <b>pcre[16|32]_exec()</b> or <b>pcre[16|32]_dfa_exec()</b>
+  \?         pass the PCRE_NO_UTF[8|16|32]_CHECK option to <b>pcre[16|32]_exec()</b> or <b>pcre[16|32]_dfa_exec()</b>
+  \&#62;dd       start the match at offset dd (optional "-"; then any number of digits); this sets the <i>startoffset</i>
+               argument for <b>pcre[16|32]_exec()</b> or <b>pcre[16|32]_dfa_exec()</b>
+  \&#60;cr&#62;      pass the PCRE_NEWLINE_CR option to <b>pcre[16|32]_exec()</b> or <b>pcre[16|32]_dfa_exec()</b>
+  \&#60;lf&#62;      pass the PCRE_NEWLINE_LF option to <b>pcre[16|32]_exec()</b> or <b>pcre[16|32]_dfa_exec()</b>
+  \&#60;crlf&#62;    pass the PCRE_NEWLINE_CRLF option to <b>pcre[16|32]_exec()</b> or <b>pcre[16|32]_dfa_exec()</b>
+  \&#60;anycrlf&#62; pass the PCRE_NEWLINE_ANYCRLF option to <b>pcre[16|32]_exec()</b> or <b>pcre[16|32]_dfa_exec()</b>
+  \&#60;any&#62;     pass the PCRE_NEWLINE_ANY option to <b>pcre[16|32]_exec()</b> or <b>pcre[16|32]_dfa_exec()</b>
+</pre>
+The use of \x{hh...} is not dependent on the use of the <b>/8</b> modifier on
+the pattern. It is recognized always. There may be any number of hexadecimal
+digits inside the braces; invalid values provoke error messages.
+</P>
+<P>
+Note that \xhh specifies one byte rather than one character in UTF-8 mode;
+this makes it possible to construct invalid UTF-8 sequences for testing
+purposes. On the other hand, \x{hh} is interpreted as a UTF-8 character in
+UTF-8 mode, generating more than one byte if the value is greater than 127.
+When testing the 8-bit library not in UTF-8 mode, \x{hh} generates one byte
+for values less than 256, and causes an error for greater values.
+</P>
+<P>
+In UTF-16 mode, all 4-digit \x{hhhh} values are accepted. This makes it
+possible to construct invalid UTF-16 sequences for testing purposes.
+</P>
+<P>
+In UTF-32 mode, all 4- to 8-digit \x{...} values are accepted. This makes it
+possible to construct invalid UTF-32 sequences for testing purposes.
+</P>
+<P>
+The escapes that specify line ending sequences are literal strings, exactly as
+shown. No more than one newline setting should be present in any data line.
+</P>
+<P>
+A backslash followed by anything else just escapes the anything else. If
+the very last character is a backslash, it is ignored. This gives a way of
+passing an empty line as data, since a real empty line terminates the data
+input.
+</P>
+<P>
+The <b>\J</b> escape provides a way of setting the maximum stack size that is
+used by the just-in-time optimization code. It is ignored if JIT optimization
+is not being used. Providing a stack that is larger than the default 32K is
+necessary only for very complicated patterns.
+</P>
+<P>
+If \M is present, <b>pcretest</b> calls <b>pcre[16|32]_exec()</b> several times,
+with different values in the <i>match_limit</i> and <i>match_limit_recursion</i>
+fields of the <b>pcre[16|32]_extra</b> data structure, until it finds the minimum
+numbers for each parameter that allow <b>pcre[16|32]_exec()</b> to complete without
+error. Because this is testing a specific feature of the normal interpretive
+<b>pcre[16|32]_exec()</b> execution, the use of any JIT optimization that might
+have been set up by the <b>/S+</b> qualifier of <b>-s+</b> option is disabled.
+</P>
+<P>
+The <i>match_limit</i> number is a measure of the amount of backtracking
+that takes place, and checking it out can be instructive. For most simple
+matches, the number is quite small, but for patterns with very large numbers of
+matching possibilities, it can become large very quickly with increasing length
+of subject string. The <i>match_limit_recursion</i> number is a measure of how
+much stack (or, if PCRE is compiled with NO_RECURSE, how much heap) memory is
+needed to complete the match attempt.
+</P>
+<P>
+When \O is used, the value specified may be higher or lower than the size set
+by the <b>-O</b> command line option (or defaulted to 45); \O applies only to
+the call of <b>pcre[16|32]_exec()</b> for the line in which it appears.
+</P>
+<P>
+If the <b>/P</b> modifier was present on the pattern, causing the POSIX wrapper
+API to be used, the only option-setting sequences that have any effect are \B,
+\N, and \Z, causing REG_NOTBOL, REG_NOTEMPTY, and REG_NOTEOL, respectively,
+to be passed to <b>regexec()</b>.
+</P>
+<br><a name="SEC8" href="#TOC1">THE ALTERNATIVE MATCHING FUNCTION</a><br>
+<P>
+By default, <b>pcretest</b> uses the standard PCRE matching function,
+<b>pcre[16|32]_exec()</b> to match each data line. PCRE also supports an
+alternative matching function, <b>pcre[16|32]_dfa_test()</b>, which operates in a
+different way, and has some restrictions. The differences between the two
+functions are described in the
+<a href="pcrematching.html"><b>pcrematching</b></a>
+documentation.
+</P>
+<P>
+If a data line contains the \D escape sequence, or if the command line
+contains the <b>-dfa</b> option, the alternative matching function is used.
+This function finds all possible matches at a given point. If, however, the \F
+escape sequence is present in the data line, it stops after the first match is
+found. This is always the shortest possible match.
+</P>
+<br><a name="SEC9" href="#TOC1">DEFAULT OUTPUT FROM PCRETEST</a><br>
+<P>
+This section describes the output when the normal matching function,
+<b>pcre[16|32]_exec()</b>, is being used.
+</P>
+<P>
+When a match succeeds, <b>pcretest</b> outputs the list of captured substrings
+that <b>pcre[16|32]_exec()</b> returns, starting with number 0 for the string that
+matched the whole pattern. Otherwise, it outputs "No match" when the return is
+PCRE_ERROR_NOMATCH, and "Partial match:" followed by the partially matching
+substring when <b>pcre[16|32]_exec()</b> returns PCRE_ERROR_PARTIAL. (Note that
+this is the entire substring that was inspected during the partial match; it
+may include characters before the actual match start if a lookbehind assertion,
+\K, \b, or \B was involved.) For any other return, <b>pcretest</b> outputs
+the PCRE negative error number and a short descriptive phrase. If the error is
+a failed UTF string check, the offset of the start of the failing character and
+the reason code are also output, provided that the size of the output vector is
+at least two. Here is an example of an interactive <b>pcretest</b> run.
+<pre>
+  $ pcretest
+  PCRE version 8.13 2011-04-30
+
+    re&#62; /^abc(\d+)/
+  data&#62; abc123
+   0: abc123
+   1: 123
+  data&#62; xyz
+  No match
+</pre>
+Unset capturing substrings that are not followed by one that is set are not
+returned by <b>pcre[16|32]_exec()</b>, and are not shown by <b>pcretest</b>. In the
+following example, there are two capturing substrings, but when the first data
+line is matched, the second, unset substring is not shown. An "internal" unset
+substring is shown as "&#60;unset&#62;", as for the second data line.
+<pre>
+    re&#62; /(a)|(b)/
+  data&#62; a
+   0: a
+   1: a
+  data&#62; b
+   0: b
+   1: &#60;unset&#62;
+   2: b
+</pre>
+If the strings contain any non-printing characters, they are output as \xhh
+escapes if the value is less than 256 and UTF mode is not set. Otherwise they
+are output as \x{hh...} escapes. See below for the definition of non-printing
+characters. If the pattern has the <b>/+</b> modifier, the output for substring
+0 is followed by the the rest of the subject string, identified by "0+" like
+this:
+<pre>
+    re&#62; /cat/+
+  data&#62; cataract
+   0: cat
+   0+ aract
+</pre>
+If the pattern has the <b>/g</b> or <b>/G</b> modifier, the results of successive
+matching attempts are output in sequence, like this:
+<pre>
+    re&#62; /\Bi(\w\w)/g
+  data&#62; Mississippi
+   0: iss
+   1: ss
+   0: iss
+   1: ss
+   0: ipp
+   1: pp
+</pre>
+"No match" is output only if the first match attempt fails. Here is an example
+of a failure message (the offset 4 that is specified by \&#62;4 is past the end of
+the subject string):
+<pre>
+    re&#62; /xyz/
+  data&#62; xyz\&#62;4
+  Error -24 (bad offset value)
+</PRE>
+</P>
+<P>
+If any of the sequences <b>\C</b>, <b>\G</b>, or <b>\L</b> are present in a
+data line that is successfully matched, the substrings extracted by the
+convenience functions are output with C, G, or L after the string number
+instead of a colon. This is in addition to the normal full list. The string
+length (that is, the return from the extraction function) is given in
+parentheses after each string for <b>\C</b> and <b>\G</b>.
+</P>
+<P>
+Note that whereas patterns can be continued over several lines (a plain "&#62;"
+prompt is used for continuations), data lines may not. However newlines can be
+included in data by means of the \n escape (or \r, \r\n, etc., depending on
+the newline sequence setting).
+</P>
+<br><a name="SEC10" href="#TOC1">OUTPUT FROM THE ALTERNATIVE MATCHING FUNCTION</a><br>
+<P>
+When the alternative matching function, <b>pcre[16|32]_dfa_exec()</b>, is used (by
+means of the \D escape sequence or the <b>-dfa</b> command line option), the
+output consists of a list of all the matches that start at the first point in
+the subject where there is at least one match. For example:
+<pre>
+    re&#62; /(tang|tangerine|tan)/
+  data&#62; yellow tangerine\D
+   0: tangerine
+   1: tang
+   2: tan
+</pre>
+(Using the normal matching function on this data finds only "tang".) The
+longest matching string is always given first (and numbered zero). After a
+PCRE_ERROR_PARTIAL return, the output is "Partial match:", followed by the
+partially matching substring. (Note that this is the entire substring that was
+inspected during the partial match; it may include characters before the actual
+match start if a lookbehind assertion, \K, \b, or \B was involved.)
+</P>
+<P>
+If <b>/g</b> is present on the pattern, the search for further matches resumes
+at the end of the longest match. For example:
+<pre>
+    re&#62; /(tang|tangerine|tan)/g
+  data&#62; yellow tangerine and tangy sultana\D
+   0: tangerine
+   1: tang
+   2: tan
+   0: tang
+   1: tan
+   0: tan
+</pre>
+Since the matching function does not support substring capture, the escape
+sequences that are concerned with captured substrings are not relevant.
+</P>
+<br><a name="SEC11" href="#TOC1">RESTARTING AFTER A PARTIAL MATCH</a><br>
+<P>
+When the alternative matching function has given the PCRE_ERROR_PARTIAL return,
+indicating that the subject partially matched the pattern, you can restart the
+match with additional subject data by means of the \R escape sequence. For
+example:
+<pre>
+    re&#62; /^\d?\d(jan|feb|mar|apr|may|jun|jul|aug|sep|oct|nov|dec)\d\d$/
+  data&#62; 23ja\P\D
+  Partial match: 23ja
+  data&#62; n05\R\D
+   0: n05
+</pre>
+For further information about partial matching, see the
+<a href="pcrepartial.html"><b>pcrepartial</b></a>
+documentation.
+</P>
+<br><a name="SEC12" href="#TOC1">CALLOUTS</a><br>
+<P>
+If the pattern contains any callout requests, <b>pcretest</b>'s callout function
+is called during matching. This works with both matching functions. By default,
+the called function displays the callout number, the start and current
+positions in the text at the callout time, and the next pattern item to be
+tested. For example:
+<pre>
+  ---&#62;pqrabcdef
+    0    ^  ^     \d
+</pre>
+This output indicates that callout number 0 occurred for a match attempt
+starting at the fourth character of the subject string, when the pointer was at
+the seventh character of the data, and when the next pattern item was \d. Just
+one circumflex is output if the start and current positions are the same.
+</P>
+<P>
+Callouts numbered 255 are assumed to be automatic callouts, inserted as a
+result of the <b>/C</b> pattern modifier. In this case, instead of showing the
+callout number, the offset in the pattern, preceded by a plus, is output. For
+example:
+<pre>
+    re&#62; /\d?[A-E]\*/C
+  data&#62; E*
+  ---&#62;E*
+   +0 ^      \d?
+   +3 ^      [A-E]
+   +8 ^^     \*
+  +10 ^ ^
+   0: E*
+</pre>
+If a pattern contains (*MARK) items, an additional line is output whenever
+a change of latest mark is passed to the callout function. For example:
+<pre>
+    re&#62; /a(*MARK:X)bc/C
+  data&#62; abc
+  ---&#62;abc
+   +0 ^       a
+   +1 ^^      (*MARK:X)
+  +10 ^^      b
+  Latest Mark: X
+  +11 ^ ^     c
+  +12 ^  ^
+   0: abc
+</pre>
+The mark changes between matching "a" and "b", but stays the same for the rest
+of the match, so nothing more is output. If, as a result of backtracking, the
+mark reverts to being unset, the text "&#60;unset&#62;" is output.
+</P>
+<P>
+The callout function in <b>pcretest</b> returns zero (carry on matching) by
+default, but you can use a \C item in a data line (as described above) to
+change this and other parameters of the callout.
+</P>
+<P>
+Inserting callouts can be helpful when using <b>pcretest</b> to check
+complicated regular expressions. For further information about callouts, see
+the
+<a href="pcrecallout.html"><b>pcrecallout</b></a>
+documentation.
+</P>
+<br><a name="SEC13" href="#TOC1">NON-PRINTING CHARACTERS</a><br>
+<P>
+When <b>pcretest</b> is outputting text in the compiled version of a pattern,
+bytes other than 32-126 are always treated as non-printing characters are are
+therefore shown as hex escapes.
+</P>
+<P>
+When <b>pcretest</b> is outputting text that is a matched part of a subject
+string, it behaves in the same way, unless a different locale has been set for
+the pattern (using the <b>/L</b> modifier). In this case, the <b>isprint()</b>
+function to distinguish printing and non-printing characters.
+</P>
+<br><a name="SEC14" href="#TOC1">SAVING AND RELOADING COMPILED PATTERNS</a><br>
+<P>
+The facilities described in this section are not available when the POSIX
+interface to PCRE is being used, that is, when the <b>/P</b> pattern modifier is
+specified.
+</P>
+<P>
+When the POSIX interface is not in use, you can cause <b>pcretest</b> to write a
+compiled pattern to a file, by following the modifiers with &#62; and a file name.
+For example:
+<pre>
+  /pattern/im &#62;/some/file
+</pre>
+See the
+<a href="pcreprecompile.html"><b>pcreprecompile</b></a>
+documentation for a discussion about saving and re-using compiled patterns.
+Note that if the pattern was successfully studied with JIT optimization, the
+JIT data cannot be saved.
+</P>
+<P>
+The data that is written is binary. The first eight bytes are the length of the
+compiled pattern data followed by the length of the optional study data, each
+written as four bytes in big-endian order (most significant byte first). If
+there is no study data (either the pattern was not studied, or studying did not
+return any data), the second length is zero. The lengths are followed by an
+exact copy of the compiled pattern. If there is additional study data, this
+(excluding any JIT data) follows immediately after the compiled pattern. After
+writing the file, <b>pcretest</b> expects to read a new pattern.
+</P>
+<P>
+A saved pattern can be reloaded into <b>pcretest</b> by specifying &#60; and a file
+name instead of a pattern. There must be no space between &#60; and the file name,
+which must not contain a &#60; character, as otherwise <b>pcretest</b> will
+interpret the line as a pattern delimited by &#60; characters. For example:
+<pre>
+   re&#62; &#60;/some/file
+  Compiled pattern loaded from /some/file
+  No study data
+</pre>
+If the pattern was previously studied with the JIT optimization, the JIT
+information cannot be saved and restored, and so is lost. When the pattern has
+been loaded, <b>pcretest</b> proceeds to read data lines in the usual way.
+</P>
+<P>
+You can copy a file written by <b>pcretest</b> to a different host and reload it
+there, even if the new host has opposite endianness to the one on which the
+pattern was compiled. For example, you can compile on an i86 machine and run on
+a SPARC machine. When a pattern is reloaded on a host with different
+endianness, the confirmation message is changed to:
+<pre>
+  Compiled pattern (byte-inverted) loaded from /some/file
+</pre>
+The test suite contains some saved pre-compiled patterns with different
+endianness. These are reloaded using "&#60;!" instead of just "&#60;". This suppresses
+the "(byte-inverted)" text so that the output is the same on all hosts. It also
+forces debugging output once the pattern has been reloaded.
+</P>
+<P>
+File names for saving and reloading can be absolute or relative, but note that
+the shell facility of expanding a file name that starts with a tilde (~) is not
+available.
+</P>
+<P>
+The ability to save and reload files in <b>pcretest</b> is intended for testing
+and experimentation. It is not intended for production use because only a
+single pattern can be written to a file. Furthermore, there is no facility for
+supplying custom character tables for use with a reloaded pattern. If the
+original pattern was compiled with custom tables, an attempt to match a subject
+string using a reloaded pattern is likely to cause <b>pcretest</b> to crash.
+Finally, if you attempt to load a file that is not in the correct format, the
+result is undefined.
+</P>
+<br><a name="SEC15" href="#TOC1">SEE ALSO</a><br>
+<P>
+<b>pcre</b>(3), <b>pcre16</b>(3), <b>pcre32</b>(3), <b>pcreapi</b>(3),
+<b>pcrecallout</b>(3),
+<b>pcrejit</b>, <b>pcrematching</b>(3), <b>pcrepartial</b>(d),
+<b>pcrepattern</b>(3), <b>pcreprecompile</b>(3).
+</P>
+<br><a name="SEC16" href="#TOC1">AUTHOR</a><br>
+<P>
+Philip Hazel
+<br>
+University Computing Service
+<br>
+Cambridge CB2 3QH, England.
+<br>
+</P>
+<br><a name="SEC17" href="#TOC1">REVISION</a><br>
+<P>
+Last updated: 23 February 2017
+<br>
+Copyright &copy; 1997-2017 University of Cambridge.
+<br>
+<p>
+Return to the <a href="index.html">PCRE index page</a>.
+</p>
diff --git a/client/3rd/ShadowSocks/ShadowSocks/pcre/armv7/share/doc/pcre/html/pcreunicode.html b/client/3rd/ShadowSocks/ShadowSocks/pcre/armv7/share/doc/pcre/html/pcreunicode.html
new file mode 100644
index 00000000..ab36bc61
--- /dev/null
+++ b/client/3rd/ShadowSocks/ShadowSocks/pcre/armv7/share/doc/pcre/html/pcreunicode.html
@@ -0,0 +1,262 @@
+<html>
+<head>
+<title>pcreunicode specification</title>
+</head>
+<body bgcolor="#FFFFFF" text="#00005A" link="#0066FF" alink="#3399FF" vlink="#2222BB">
+<h1>pcreunicode man page</h1>
+<p>
+Return to the <a href="index.html">PCRE index page</a>.
+</p>
+<p>
+This page is part of the PCRE HTML documentation. It was generated automatically
+from the original man page. If there is any nonsense in it, please consult the
+man page, in case the conversion went wrong.
+<br>
+<br><b>
+UTF-8, UTF-16, UTF-32, AND UNICODE PROPERTY SUPPORT
+</b><br>
+<P>
+As well as UTF-8 support, PCRE also supports UTF-16 (from release 8.30) and
+UTF-32 (from release 8.32), by means of two additional libraries. They can be
+built as well as, or instead of, the 8-bit library.
+</P>
+<br><b>
+UTF-8 SUPPORT
+</b><br>
+<P>
+In order process UTF-8 strings, you must build PCRE's 8-bit library with UTF
+support, and, in addition, you must call
+<a href="pcre_compile.html"><b>pcre_compile()</b></a>
+with the PCRE_UTF8 option flag, or the pattern must start with the sequence
+(*UTF8) or (*UTF). When either of these is the case, both the pattern and any
+subject strings that are matched against it are treated as UTF-8 strings
+instead of strings of individual 1-byte characters.
+</P>
+<br><b>
+UTF-16 AND UTF-32 SUPPORT
+</b><br>
+<P>
+In order process UTF-16 or UTF-32 strings, you must build PCRE's 16-bit or
+32-bit library with UTF support, and, in addition, you must call
+<a href="pcre16_compile.html"><b>pcre16_compile()</b></a>
+or
+<a href="pcre32_compile.html"><b>pcre32_compile()</b></a>
+with the PCRE_UTF16 or PCRE_UTF32 option flag, as appropriate. Alternatively,
+the pattern must start with the sequence (*UTF16), (*UTF32), as appropriate, or
+(*UTF), which can be used with either library. When UTF mode is set, both the
+pattern and any subject strings that are matched against it are treated as
+UTF-16 or UTF-32 strings instead of strings of individual 16-bit or 32-bit
+characters.
+</P>
+<br><b>
+UTF SUPPORT OVERHEAD
+</b><br>
+<P>
+If you compile PCRE with UTF support, but do not use it at run time, the
+library will be a bit bigger, but the additional run time overhead is limited
+to testing the PCRE_UTF[8|16|32] flag occasionally, so should not be very big.
+</P>
+<br><b>
+UNICODE PROPERTY SUPPORT
+</b><br>
+<P>
+If PCRE is built with Unicode character property support (which implies UTF
+support), the escape sequences \p{..}, \P{..}, and \X can be used.
+The available properties that can be tested are limited to the general
+category properties such as Lu for an upper case letter or Nd for a decimal
+number, the Unicode script names such as Arabic or Han, and the derived
+properties Any and L&. Full lists is given in the
+<a href="pcrepattern.html"><b>pcrepattern</b></a>
+and
+<a href="pcresyntax.html"><b>pcresyntax</b></a>
+documentation. Only the short names for properties are supported. For example,
+\p{L} matches a letter. Its Perl synonym, \p{Letter}, is not supported.
+Furthermore, in Perl, many properties may optionally be prefixed by "Is", for
+compatibility with Perl 5.6. PCRE does not support this.
+<a name="utf8strings"></a></P>
+<br><b>
+Validity of UTF-8 strings
+</b><br>
+<P>
+When you set the PCRE_UTF8 flag, the byte strings passed as patterns and
+subjects are (by default) checked for validity on entry to the relevant
+functions. The entire string is checked before any other processing takes
+place. From release 7.3 of PCRE, the check is according the rules of RFC 3629,
+which are themselves derived from the Unicode specification. Earlier releases
+of PCRE followed the rules of RFC 2279, which allows the full range of 31-bit
+values (0 to 0x7FFFFFFF). The current check allows only values in the range U+0
+to U+10FFFF, excluding the surrogate area. (From release 8.33 the so-called
+"non-character" code points are no longer excluded because Unicode corrigendum
+#9 makes it clear that they should not be.)
+</P>
+<P>
+Characters in the "Surrogate Area" of Unicode are reserved for use by UTF-16,
+where they are used in pairs to encode codepoints with values greater than
+0xFFFF. The code points that are encoded by UTF-16 pairs are available
+independently in the UTF-8 and UTF-32 encodings. (In other words, the whole
+surrogate thing is a fudge for UTF-16 which unfortunately messes up UTF-8 and
+UTF-32.)
+</P>
+<P>
+If an invalid UTF-8 string is passed to PCRE, an error return is given. At
+compile time, the only additional information is the offset to the first byte
+of the failing character. The run-time functions <b>pcre_exec()</b> and
+<b>pcre_dfa_exec()</b> also pass back this information, as well as a more
+detailed reason code if the caller has provided memory in which to do this.
+</P>
+<P>
+In some situations, you may already know that your strings are valid, and
+therefore want to skip these checks in order to improve performance, for
+example in the case of a long subject string that is being scanned repeatedly.
+If you set the PCRE_NO_UTF8_CHECK flag at compile time or at run time, PCRE
+assumes that the pattern or subject it is given (respectively) contains only
+valid UTF-8 codes. In this case, it does not diagnose an invalid UTF-8 string.
+</P>
+<P>
+Note that passing PCRE_NO_UTF8_CHECK to <b>pcre_compile()</b> just disables the
+check for the pattern; it does not also apply to subject strings. If you want
+to disable the check for a subject string you must pass this option to
+<b>pcre_exec()</b> or <b>pcre_dfa_exec()</b>.
+</P>
+<P>
+If you pass an invalid UTF-8 string when PCRE_NO_UTF8_CHECK is set, the result
+is undefined and your program may crash.
+<a name="utf16strings"></a></P>
+<br><b>
+Validity of UTF-16 strings
+</b><br>
+<P>
+When you set the PCRE_UTF16 flag, the strings of 16-bit data units that are
+passed as patterns and subjects are (by default) checked for validity on entry
+to the relevant functions. Values other than those in the surrogate range
+U+D800 to U+DFFF are independent code points. Values in the surrogate range
+must be used in pairs in the correct manner.
+</P>
+<P>
+If an invalid UTF-16 string is passed to PCRE, an error return is given. At
+compile time, the only additional information is the offset to the first data
+unit of the failing character. The run-time functions <b>pcre16_exec()</b> and
+<b>pcre16_dfa_exec()</b> also pass back this information, as well as a more
+detailed reason code if the caller has provided memory in which to do this.
+</P>
+<P>
+In some situations, you may already know that your strings are valid, and
+therefore want to skip these checks in order to improve performance. If you set
+the PCRE_NO_UTF16_CHECK flag at compile time or at run time, PCRE assumes that
+the pattern or subject it is given (respectively) contains only valid UTF-16
+sequences. In this case, it does not diagnose an invalid UTF-16 string.
+However, if an invalid string is passed, the result is undefined.
+<a name="utf32strings"></a></P>
+<br><b>
+Validity of UTF-32 strings
+</b><br>
+<P>
+When you set the PCRE_UTF32 flag, the strings of 32-bit data units that are
+passed as patterns and subjects are (by default) checked for validity on entry
+to the relevant functions.  This check allows only values in the range U+0
+to U+10FFFF, excluding the surrogate area U+D800 to U+DFFF.
+</P>
+<P>
+If an invalid UTF-32 string is passed to PCRE, an error return is given. At
+compile time, the only additional information is the offset to the first data
+unit of the failing character. The run-time functions <b>pcre32_exec()</b> and
+<b>pcre32_dfa_exec()</b> also pass back this information, as well as a more
+detailed reason code if the caller has provided memory in which to do this.
+</P>
+<P>
+In some situations, you may already know that your strings are valid, and
+therefore want to skip these checks in order to improve performance. If you set
+the PCRE_NO_UTF32_CHECK flag at compile time or at run time, PCRE assumes that
+the pattern or subject it is given (respectively) contains only valid UTF-32
+sequences. In this case, it does not diagnose an invalid UTF-32 string.
+However, if an invalid string is passed, the result is undefined.
+</P>
+<br><b>
+General comments about UTF modes
+</b><br>
+<P>
+1. Codepoints less than 256 can be specified in patterns by either braced or
+unbraced hexadecimal escape sequences (for example, \x{b3} or \xb3). Larger
+values have to use braced sequences.
+</P>
+<P>
+2. Octal numbers up to \777 are recognized, and in UTF-8 mode they match
+two-byte characters for values greater than \177.
+</P>
+<P>
+3. Repeat quantifiers apply to complete UTF characters, not to individual
+data units, for example: \x{100}{3}.
+</P>
+<P>
+4. The dot metacharacter matches one UTF character instead of a single data
+unit.
+</P>
+<P>
+5. The escape sequence \C can be used to match a single byte in UTF-8 mode, or
+a single 16-bit data unit in UTF-16 mode, or a single 32-bit data unit in
+UTF-32 mode, but its use can lead to some strange effects because it breaks up
+multi-unit characters (see the description of \C in the
+<a href="pcrepattern.html"><b>pcrepattern</b></a>
+documentation). The use of \C is not supported in the alternative matching
+function <b>pcre[16|32]_dfa_exec()</b>, nor is it supported in UTF mode by the
+JIT optimization of <b>pcre[16|32]_exec()</b>. If JIT optimization is requested
+for a UTF pattern that contains \C, it will not succeed, and so the matching
+will be carried out by the normal interpretive function.
+</P>
+<P>
+6. The character escapes \b, \B, \d, \D, \s, \S, \w, and \W correctly
+test characters of any code value, but, by default, the characters that PCRE
+recognizes as digits, spaces, or word characters remain the same set as in
+non-UTF mode, all with values less than 256. This remains true even when PCRE
+is built to include Unicode property support, because to do otherwise would
+slow down PCRE in many common cases. Note in particular that this applies to
+\b and \B, because they are defined in terms of \w and \W. If you really
+want to test for a wider sense of, say, "digit", you can use explicit Unicode
+property tests such as \p{Nd}. Alternatively, if you set the PCRE_UCP option,
+the way that the character escapes work is changed so that Unicode properties
+are used to determine which characters match. There are more details in the
+section on
+<a href="pcrepattern.html#genericchartypes">generic character types</a>
+in the
+<a href="pcrepattern.html"><b>pcrepattern</b></a>
+documentation.
+</P>
+<P>
+7. Similarly, characters that match the POSIX named character classes are all
+low-valued characters, unless the PCRE_UCP option is set.
+</P>
+<P>
+8. However, the horizontal and vertical white space matching escapes (\h, \H,
+\v, and \V) do match all the appropriate Unicode characters, whether or not
+PCRE_UCP is set.
+</P>
+<P>
+9. Case-insensitive matching applies only to characters whose values are less
+than 128, unless PCRE is built with Unicode property support. A few Unicode
+characters such as Greek sigma have more than two codepoints that are
+case-equivalent. Up to and including PCRE release 8.31, only one-to-one case
+mappings were supported, but later releases (with Unicode property support) do
+treat as case-equivalent all versions of characters such as Greek sigma.
+</P>
+<br><b>
+AUTHOR
+</b><br>
+<P>
+Philip Hazel
+<br>
+University Computing Service
+<br>
+Cambridge CB2 3QH, England.
+<br>
+</P>
+<br><b>
+REVISION
+</b><br>
+<P>
+Last updated: 27 February 2013
+<br>
+Copyright &copy; 1997-2013 University of Cambridge.
+<br>
+<p>
+Return to the <a href="index.html">PCRE index page</a>.
+</p>
diff --git a/client/3rd/ShadowSocks/ShadowSocks/pcre/armv7/share/doc/pcre/pcre-config.txt b/client/3rd/ShadowSocks/ShadowSocks/pcre/armv7/share/doc/pcre/pcre-config.txt
new file mode 100644
index 00000000..8503ab0e
--- /dev/null
+++ b/client/3rd/ShadowSocks/ShadowSocks/pcre/armv7/share/doc/pcre/pcre-config.txt
@@ -0,0 +1,86 @@
+PCRE-CONFIG(1)              General Commands Manual             PCRE-CONFIG(1)
+
+
+
+NAME
+       pcre-config - program to return PCRE configuration
+
+SYNOPSIS
+
+       pcre-config [--prefix] [--exec-prefix] [--version] [--libs]
+                   [--libs16] [--libs32] [--libs-cpp] [--libs-posix]
+                   [--cflags] [--cflags-posix]
+
+
+DESCRIPTION
+
+       pcre-config  returns  the configuration of the installed PCRE libraries
+       and the options required to compile a program to use them. Some of  the
+       options  apply  only  to  the  8-bit,  or  16-bit, or 32-bit libraries,
+       respectively, and are not available if only one of those libraries  has
+       been built. If an unavailable option is encountered, the "usage" infor-
+       mation is output.
+
+
+OPTIONS
+
+       --prefix  Writes the directory prefix used in the PCRE installation for
+                 architecture   independent   files  (/usr  on  many  systems,
+                 /usr/local on some systems) to the standard output.
+
+       --exec-prefix
+                 Writes the directory prefix used in the PCRE installation for
+                 architecture  dependent files (normally the same as --prefix)
+                 to the standard output.
+
+       --version Writes the version number of the installed PCRE libraries  to
+                 the standard output.
+
+       --libs    Writes  to  the  standard  output  the  command  line options
+                 required to link with the 8-bit PCRE library (-lpcre on  many
+                 systems).
+
+       --libs16  Writes  to  the  standard  output  the  command  line options
+                 required to link with the 16-bit PCRE  library  (-lpcre16  on
+                 many systems).
+
+       --libs32  Writes  to  the  standard  output  the  command  line options
+                 required to link with the 32-bit PCRE  library  (-lpcre32  on
+                 many systems).
+
+       --libs-cpp
+                 Writes  to  the  standard  output  the  command  line options
+                 required to link with PCRE's C++ wrapper  library  (-lpcrecpp
+                 -lpcre on many systems).
+
+       --libs-posix
+                 Writes  to  the  standard  output  the  command  line options
+                 required to  link  with  PCRE's  POSIX  API  wrapper  library
+                 (-lpcreposix -lpcre on many systems).
+
+       --cflags  Writes  to  the  standard  output  the  command  line options
+                 required to compile files that use  PCRE  (this  may  include
+                 some -I options, but is blank on many systems).
+
+       --cflags-posix
+                 Writes  to  the  standard  output  the  command  line options
+                 required to compile files that use PCRE's POSIX  API  wrapper
+                 library  (this  may  include some -I options, but is blank on
+                 many systems).
+
+
+SEE ALSO
+
+       pcre(3)
+
+
+AUTHOR
+
+       This manual page was originally written by Mark Baker  for  the  Debian
+       GNU/Linux  system.  It  has been subsequently revised as a generic PCRE
+       man page.
+
+
+REVISION
+
+       Last updated: 24 June 2012
diff --git a/client/3rd/ShadowSocks/ShadowSocks/pcre/armv7/share/doc/pcre/pcre.txt b/client/3rd/ShadowSocks/ShadowSocks/pcre/armv7/share/doc/pcre/pcre.txt
new file mode 100644
index 00000000..c027538f
--- /dev/null
+++ b/client/3rd/ShadowSocks/ShadowSocks/pcre/armv7/share/doc/pcre/pcre.txt
@@ -0,0 +1,10502 @@
+-----------------------------------------------------------------------------
+This file contains a concatenation of the PCRE man pages, converted to plain
+text format for ease of searching with a text editor, or for use on systems
+that do not have a man page processor. The small individual files that give
+synopses of each function in the library have not been included. Neither has
+the pcredemo program. There are separate text files for the pcregrep and
+pcretest commands.
+-----------------------------------------------------------------------------
+
+
+PCRE(3)                    Library Functions Manual                    PCRE(3)
+
+
+
+NAME
+       PCRE - Perl-compatible regular expressions (original API)
+
+PLEASE TAKE NOTE
+
+       This  document relates to PCRE releases that use the original API, with
+       library names libpcre, libpcre16, and libpcre32. January 2015  saw  the
+       first release of a new API, known as PCRE2, with release numbers start-
+       ing  at  10.00  and  library   names   libpcre2-8,   libpcre2-16,   and
+       libpcre2-32. The old libraries (now called PCRE1) are still being main-
+       tained for bug fixes,  but  there  will  be  no  new  development.  New
+       projects are advised to use the new PCRE2 libraries.
+
+
+INTRODUCTION
+
+       The  PCRE  library is a set of functions that implement regular expres-
+       sion pattern matching using the same syntax and semantics as Perl, with
+       just  a few differences. Some features that appeared in Python and PCRE
+       before they appeared in Perl are also available using the  Python  syn-
+       tax,  there  is  some  support for one or two .NET and Oniguruma syntax
+       items, and there is an option for requesting some  minor  changes  that
+       give better JavaScript compatibility.
+
+       Starting with release 8.30, it is possible to compile two separate PCRE
+       libraries:  the  original,  which  supports  8-bit  character   strings
+       (including  UTF-8  strings),  and a second library that supports 16-bit
+       character strings (including UTF-16 strings). The build process  allows
+       either  one  or both to be built. The majority of the work to make this
+       possible was done by Zoltan Herczeg.
+
+       Starting with release 8.32 it is possible to compile a  third  separate
+       PCRE  library  that supports 32-bit character strings (including UTF-32
+       strings). The build process allows any combination of the 8-,  16-  and
+       32-bit  libraries. The work to make this possible was done by Christian
+       Persch.
+
+       The three libraries contain identical sets of  functions,  except  that
+       the  names  in  the 16-bit library start with pcre16_ instead of pcre_,
+       and the names in the 32-bit  library  start  with  pcre32_  instead  of
+       pcre_.  To avoid over-complication and reduce the documentation mainte-
+       nance load, most of the documentation describes the 8-bit library, with
+       the  differences  for  the  16-bit and 32-bit libraries described sepa-
+       rately in the pcre16 and  pcre32  pages.  References  to  functions  or
+       structures  of  the  form  pcre[16|32]_xxx  should  be  read as meaning
+       "pcre_xxx when using the  8-bit  library,  pcre16_xxx  when  using  the
+       16-bit library, or pcre32_xxx when using the 32-bit library".
+
+       The  current implementation of PCRE corresponds approximately with Perl
+       5.12, including support for UTF-8/16/32  encoded  strings  and  Unicode
+       general  category  properties. However, UTF-8/16/32 and Unicode support
+       has to be explicitly enabled; it is not the default. The Unicode tables
+       correspond to Unicode release 6.3.0.
+
+       In  addition to the Perl-compatible matching function, PCRE contains an
+       alternative function that matches the same compiled patterns in a  dif-
+       ferent way. In certain circumstances, the alternative function has some
+       advantages.  For a discussion of the two matching algorithms,  see  the
+       pcrematching page.
+
+       PCRE  is  written  in C and released as a C library. A number of people
+       have written wrappers and interfaces of various kinds.  In  particular,
+       Google  Inc.   have  provided a comprehensive C++ wrapper for the 8-bit
+       library. This is now included as part of  the  PCRE  distribution.  The
+       pcrecpp  page  has  details of this interface. Other people's contribu-
+       tions can be found in the Contrib directory at the  primary  FTP  site,
+       which is:
+
+       ftp://ftp.csx.cam.ac.uk/pub/software/programming/pcre
+
+       Details  of  exactly which Perl regular expression features are and are
+       not supported by PCRE are given in separate documents. See the pcrepat-
+       tern  and pcrecompat pages. There is a syntax summary in the pcresyntax
+       page.
+
+       Some features of PCRE can be included, excluded, or  changed  when  the
+       library  is  built.  The pcre_config() function makes it possible for a
+       client to discover which features are  available.  The  features  them-
+       selves  are described in the pcrebuild page. Documentation about build-
+       ing PCRE for various operating systems can be found in the  README  and
+       NON-AUTOTOOLS_BUILD files in the source distribution.
+
+       The  libraries contains a number of undocumented internal functions and
+       data tables that are used by more than one  of  the  exported  external
+       functions,  but  which  are  not  intended for use by external callers.
+       Their names all begin with "_pcre_" or "_pcre16_" or "_pcre32_",  which
+       hopefully  will  not provoke any name clashes. In some environments, it
+       is possible to control which  external  symbols  are  exported  when  a
+       shared  library  is  built, and in these cases the undocumented symbols
+       are not exported.
+
+
+SECURITY CONSIDERATIONS
+
+       If you are using PCRE in a non-UTF application that  permits  users  to
+       supply  arbitrary  patterns  for  compilation, you should be aware of a
+       feature that allows users to turn on UTF support from within a pattern,
+       provided  that  PCRE  was built with UTF support. For example, an 8-bit
+       pattern that begins with "(*UTF8)" or "(*UTF)"  turns  on  UTF-8  mode,
+       which  interprets  patterns and subjects as strings of UTF-8 characters
+       instead of individual 8-bit characters.  This causes both  the  pattern
+       and any data against which it is matched to be checked for UTF-8 valid-
+       ity. If the data string is very long, such a  check  might  use  suffi-
+       ciently  many  resources  as  to cause your application to lose perfor-
+       mance.
+
+       One  way  of  guarding  against  this  possibility  is   to   use   the
+       pcre_fullinfo()  function  to  check the compiled pattern's options for
+       UTF.  Alternatively, from release 8.33, you can set the  PCRE_NEVER_UTF
+       option  at compile time. This causes an compile time error if a pattern
+       contains a UTF-setting sequence.
+
+       If your application is one that supports UTF, be  aware  that  validity
+       checking  can  take time. If the same data string is to be matched many
+       times, you can use the PCRE_NO_UTF[8|16|32]_CHECK option for the second
+       and subsequent matches to save redundant checks.
+
+       Another  way  that  performance can be hit is by running a pattern that
+       has a very large search tree against a string that  will  never  match.
+       Nested  unlimited  repeats in a pattern are a common example. PCRE pro-
+       vides some protection against this: see the PCRE_EXTRA_MATCH_LIMIT fea-
+       ture in the pcreapi page.
+
+
+USER DOCUMENTATION
+
+       The  user  documentation  for PCRE comprises a number of different sec-
+       tions. In the "man" format, each of these is a separate "man page".  In
+       the  HTML  format, each is a separate page, linked from the index page.
+       In the plain text format, the descriptions of the pcregrep and pcretest
+       programs  are  in  files  called pcregrep.txt and pcretest.txt, respec-
+       tively. The remaining sections, except for the pcredemo section  (which
+       is  a  program  listing),  are  concatenated  in  pcre.txt, for ease of
+       searching. The sections are as follows:
+
+         pcre              this document
+         pcre-config       show PCRE installation configuration information
+         pcre16            details of the 16-bit library
+         pcre32            details of the 32-bit library
+         pcreapi           details of PCRE's native C API
+         pcrebuild         building PCRE
+         pcrecallout       details of the callout feature
+         pcrecompat        discussion of Perl compatibility
+         pcrecpp           details of the C++ wrapper for the 8-bit library
+         pcredemo          a demonstration C program that uses PCRE
+         pcregrep          description of the pcregrep command (8-bit only)
+         pcrejit           discussion of the just-in-time optimization support
+         pcrelimits        details of size and other limits
+         pcrematching      discussion of the two matching algorithms
+         pcrepartial       details of the partial matching facility
+         pcrepattern       syntax and semantics of supported
+                             regular expressions
+         pcreperform       discussion of performance issues
+         pcreposix         the POSIX-compatible C API for the 8-bit library
+         pcreprecompile    details of saving and re-using precompiled patterns
+         pcresample        discussion of the pcredemo program
+         pcrestack         discussion of stack usage
+         pcresyntax        quick syntax reference
+         pcretest          description of the pcretest testing command
+         pcreunicode       discussion of Unicode and UTF-8/16/32 support
+
+       In the "man" and HTML formats, there is also a short page  for  each  C
+       library function, listing its arguments and results.
+
+
+AUTHOR
+
+       Philip Hazel
+       University Computing Service
+       Cambridge CB2 3QH, England.
+
+       Putting  an actual email address here seems to have been a spam magnet,
+       so I've taken it away. If you want to email me, use  my  two  initials,
+       followed by the two digits 10, at the domain cam.ac.uk.
+
+
+REVISION
+
+       Last updated: 10 February 2015
+       Copyright (c) 1997-2015 University of Cambridge.
+------------------------------------------------------------------------------
+
+
+PCRE(3)                    Library Functions Manual                    PCRE(3)
+
+
+
+NAME
+       PCRE - Perl-compatible regular expressions
+
+       #include <pcre.h>
+
+
+PCRE 16-BIT API BASIC FUNCTIONS
+
+       pcre16 *pcre16_compile(PCRE_SPTR16 pattern, int options,
+            const char **errptr, int *erroffset,
+            const unsigned char *tableptr);
+
+       pcre16 *pcre16_compile2(PCRE_SPTR16 pattern, int options,
+            int *errorcodeptr,
+            const char **errptr, int *erroffset,
+            const unsigned char *tableptr);
+
+       pcre16_extra *pcre16_study(const pcre16 *code, int options,
+            const char **errptr);
+
+       void pcre16_free_study(pcre16_extra *extra);
+
+       int pcre16_exec(const pcre16 *code, const pcre16_extra *extra,
+            PCRE_SPTR16 subject, int length, int startoffset,
+            int options, int *ovector, int ovecsize);
+
+       int pcre16_dfa_exec(const pcre16 *code, const pcre16_extra *extra,
+            PCRE_SPTR16 subject, int length, int startoffset,
+            int options, int *ovector, int ovecsize,
+            int *workspace, int wscount);
+
+
+PCRE 16-BIT API STRING EXTRACTION FUNCTIONS
+
+       int pcre16_copy_named_substring(const pcre16 *code,
+            PCRE_SPTR16 subject, int *ovector,
+            int stringcount, PCRE_SPTR16 stringname,
+            PCRE_UCHAR16 *buffer, int buffersize);
+
+       int pcre16_copy_substring(PCRE_SPTR16 subject, int *ovector,
+            int stringcount, int stringnumber, PCRE_UCHAR16 *buffer,
+            int buffersize);
+
+       int pcre16_get_named_substring(const pcre16 *code,
+            PCRE_SPTR16 subject, int *ovector,
+            int stringcount, PCRE_SPTR16 stringname,
+            PCRE_SPTR16 *stringptr);
+
+       int pcre16_get_stringnumber(const pcre16 *code,
+            PCRE_SPTR16 name);
+
+       int pcre16_get_stringtable_entries(const pcre16 *code,
+            PCRE_SPTR16 name, PCRE_UCHAR16 **first, PCRE_UCHAR16 **last);
+
+       int pcre16_get_substring(PCRE_SPTR16 subject, int *ovector,
+            int stringcount, int stringnumber,
+            PCRE_SPTR16 *stringptr);
+
+       int pcre16_get_substring_list(PCRE_SPTR16 subject,
+            int *ovector, int stringcount, PCRE_SPTR16 **listptr);
+
+       void pcre16_free_substring(PCRE_SPTR16 stringptr);
+
+       void pcre16_free_substring_list(PCRE_SPTR16 *stringptr);
+
+
+PCRE 16-BIT API AUXILIARY FUNCTIONS
+
+       pcre16_jit_stack *pcre16_jit_stack_alloc(int startsize, int maxsize);
+
+       void pcre16_jit_stack_free(pcre16_jit_stack *stack);
+
+       void pcre16_assign_jit_stack(pcre16_extra *extra,
+            pcre16_jit_callback callback, void *data);
+
+       const unsigned char *pcre16_maketables(void);
+
+       int pcre16_fullinfo(const pcre16 *code, const pcre16_extra *extra,
+            int what, void *where);
+
+       int pcre16_refcount(pcre16 *code, int adjust);
+
+       int pcre16_config(int what, void *where);
+
+       const char *pcre16_version(void);
+
+       int pcre16_pattern_to_host_byte_order(pcre16 *code,
+            pcre16_extra *extra, const unsigned char *tables);
+
+
+PCRE 16-BIT API INDIRECTED FUNCTIONS
+
+       void *(*pcre16_malloc)(size_t);
+
+       void (*pcre16_free)(void *);
+
+       void *(*pcre16_stack_malloc)(size_t);
+
+       void (*pcre16_stack_free)(void *);
+
+       int (*pcre16_callout)(pcre16_callout_block *);
+
+
+PCRE 16-BIT API 16-BIT-ONLY FUNCTION
+
+       int pcre16_utf16_to_host_byte_order(PCRE_UCHAR16 *output,
+            PCRE_SPTR16 input, int length, int *byte_order,
+            int keep_boms);
+
+
+THE PCRE 16-BIT LIBRARY
+
+       Starting  with  release  8.30, it is possible to compile a PCRE library
+       that supports 16-bit character strings, including  UTF-16  strings,  as
+       well  as  or instead of the original 8-bit library. The majority of the
+       work to make  this  possible  was  done  by  Zoltan  Herczeg.  The  two
+       libraries contain identical sets of functions, used in exactly the same
+       way. Only the names of the functions and the data types of their  argu-
+       ments  and results are different. To avoid over-complication and reduce
+       the documentation maintenance load,  most  of  the  PCRE  documentation
+       describes  the  8-bit  library,  with only occasional references to the
+       16-bit library. This page describes what is different when you use  the
+       16-bit library.
+
+       WARNING:  A  single  application can be linked with both libraries, but
+       you must take care when processing any particular pattern to use  func-
+       tions  from  just one library. For example, if you want to study a pat-
+       tern that was compiled with  pcre16_compile(),  you  must  do  so  with
+       pcre16_study(), not pcre_study(), and you must free the study data with
+       pcre16_free_study().
+
+
+THE HEADER FILE
+
+       There is only one header file, pcre.h. It contains prototypes  for  all
+       the functions in all libraries, as well as definitions of flags, struc-
+       tures, error codes, etc.
+
+
+THE LIBRARY NAME
+
+       In Unix-like systems, the 16-bit library is called libpcre16,  and  can
+       normally  be  accesss  by adding -lpcre16 to the command for linking an
+       application that uses PCRE.
+
+
+STRING TYPES
+
+       In the 8-bit library, strings are passed to PCRE library  functions  as
+       vectors  of  bytes  with  the  C  type "char *". In the 16-bit library,
+       strings are passed as vectors of unsigned 16-bit quantities. The  macro
+       PCRE_UCHAR16  specifies  an  appropriate  data type, and PCRE_SPTR16 is
+       defined as "const PCRE_UCHAR16 *". In very  many  environments,  "short
+       int" is a 16-bit data type. When PCRE is built, it defines PCRE_UCHAR16
+       as "unsigned short int", but checks that it really  is  a  16-bit  data
+       type.  If  it is not, the build fails with an error message telling the
+       maintainer to modify the definition appropriately.
+
+
+STRUCTURE TYPES
+
+       The types of the opaque structures that are used  for  compiled  16-bit
+       patterns  and  JIT stacks are pcre16 and pcre16_jit_stack respectively.
+       The  type  of  the  user-accessible  structure  that  is  returned   by
+       pcre16_study()  is  pcre16_extra, and the type of the structure that is
+       used for passing data to a callout  function  is  pcre16_callout_block.
+       These structures contain the same fields, with the same names, as their
+       8-bit counterparts. The only difference is that pointers  to  character
+       strings are 16-bit instead of 8-bit types.
+
+
+16-BIT FUNCTIONS
+
+       For  every function in the 8-bit library there is a corresponding func-
+       tion in the 16-bit library with a name that starts with pcre16_ instead
+       of  pcre_.  The  prototypes are listed above. In addition, there is one
+       extra function, pcre16_utf16_to_host_byte_order(). This  is  a  utility
+       function  that converts a UTF-16 character string to host byte order if
+       necessary. The other 16-bit  functions  expect  the  strings  they  are
+       passed to be in host byte order.
+
+       The input and output arguments of pcre16_utf16_to_host_byte_order() may
+       point to the same address, that is, conversion in place  is  supported.
+       The output buffer must be at least as long as the input.
+
+       The  length  argument  specifies the number of 16-bit data units in the
+       input string; a negative value specifies a zero-terminated string.
+
+       If byte_order is NULL, it is assumed that the string starts off in host
+       byte  order. This may be changed by byte-order marks (BOMs) anywhere in
+       the string (commonly as the first character).
+
+       If byte_order is not NULL, a non-zero value of the integer to which  it
+       points  means  that  the input starts off in host byte order, otherwise
+       the opposite order is assumed. Again, BOMs in  the  string  can  change
+       this. The final byte order is passed back at the end of processing.
+
+       If  keep_boms  is  not  zero,  byte-order  mark characters (0xfeff) are
+       copied into the output string. Otherwise they are discarded.
+
+       The result of the function is the number of 16-bit  units  placed  into
+       the  output  buffer,  including  the  zero terminator if the string was
+       zero-terminated.
+
+
+SUBJECT STRING OFFSETS
+
+       The lengths and starting offsets of subject strings must  be  specified
+       in  16-bit  data units, and the offsets within subject strings that are
+       returned by the matching functions are in also 16-bit units rather than
+       bytes.
+
+
+NAMED SUBPATTERNS
+
+       The  name-to-number translation table that is maintained for named sub-
+       patterns uses 16-bit characters.  The  pcre16_get_stringtable_entries()
+       function returns the length of each entry in the table as the number of
+       16-bit data units.
+
+
+OPTION NAMES
+
+       There   are   two   new   general   option   names,   PCRE_UTF16    and
+       PCRE_NO_UTF16_CHECK,     which     correspond    to    PCRE_UTF8    and
+       PCRE_NO_UTF8_CHECK in the 8-bit library. In  fact,  these  new  options
+       define  the  same bits in the options word. There is a discussion about
+       the validity of UTF-16 strings in the pcreunicode page.
+
+       For the pcre16_config() function there is an  option  PCRE_CONFIG_UTF16
+       that  returns  1  if UTF-16 support is configured, otherwise 0. If this
+       option  is  given  to  pcre_config()  or  pcre32_config(),  or  if  the
+       PCRE_CONFIG_UTF8  or  PCRE_CONFIG_UTF32  option is given to pcre16_con-
+       fig(), the result is the PCRE_ERROR_BADOPTION error.
+
+
+CHARACTER CODES
+
+       In 16-bit mode, when  PCRE_UTF16  is  not  set,  character  values  are
+       treated in the same way as in 8-bit, non UTF-8 mode, except, of course,
+       that they can range from 0 to 0xffff instead of 0  to  0xff.  Character
+       types  for characters less than 0xff can therefore be influenced by the
+       locale in the same way as before.  Characters greater  than  0xff  have
+       only one case, and no "type" (such as letter or digit).
+
+       In  UTF-16  mode,  the  character  code  is  Unicode, in the range 0 to
+       0x10ffff, with the exception of values in the range  0xd800  to  0xdfff
+       because  those  are "surrogate" values that are used in pairs to encode
+       values greater than 0xffff.
+
+       A UTF-16 string can indicate its endianness by special code knows as  a
+       byte-order mark (BOM). The PCRE functions do not handle this, expecting
+       strings  to  be  in  host  byte  order.  A  utility   function   called
+       pcre16_utf16_to_host_byte_order()  is  provided  to help with this (see
+       above).
+
+
+ERROR NAMES
+
+       The errors PCRE_ERROR_BADUTF16_OFFSET and PCRE_ERROR_SHORTUTF16  corre-
+       spond  to  their  8-bit  counterparts.  The error PCRE_ERROR_BADMODE is
+       given when a compiled pattern is passed to a  function  that  processes
+       patterns  in  the  other  mode, for example, if a pattern compiled with
+       pcre_compile() is passed to pcre16_exec().
+
+       There are new error codes whose names  begin  with  PCRE_UTF16_ERR  for
+       invalid  UTF-16  strings,  corresponding to the PCRE_UTF8_ERR codes for
+       UTF-8 strings that are described in the section entitled "Reason  codes
+       for  invalid UTF-8 strings" in the main pcreapi page. The UTF-16 errors
+       are:
+
+         PCRE_UTF16_ERR1  Missing low surrogate at end of string
+         PCRE_UTF16_ERR2  Invalid low surrogate follows high surrogate
+         PCRE_UTF16_ERR3  Isolated low surrogate
+         PCRE_UTF16_ERR4  Non-character
+
+
+ERROR TEXTS
+
+       If there is an error while compiling a pattern, the error text that  is
+       passed  back by pcre16_compile() or pcre16_compile2() is still an 8-bit
+       character string, zero-terminated.
+
+
+CALLOUTS
+
+       The subject and mark fields in the callout block that is  passed  to  a
+       callout function point to 16-bit vectors.
+
+
+TESTING
+
+       The  pcretest  program continues to operate with 8-bit input and output
+       files, but it can be used for testing the 16-bit library. If it is  run
+       with the command line option -16, patterns and subject strings are con-
+       verted from 8-bit to 16-bit before being passed to PCRE, and the 16-bit
+       library  functions  are used instead of the 8-bit ones. Returned 16-bit
+       strings are converted to 8-bit for output. If both the  8-bit  and  the
+       32-bit libraries were not compiled, pcretest defaults to 16-bit and the
+       -16 option is ignored.
+
+       When PCRE is being built, the RunTest script that is  called  by  "make
+       check"  uses  the  pcretest  -C  option to discover which of the 8-bit,
+       16-bit and 32-bit libraries has been built, and runs the  tests  appro-
+       priately.
+
+
+NOT SUPPORTED IN 16-BIT MODE
+
+       Not all the features of the 8-bit library are available with the 16-bit
+       library. The C++ and POSIX wrapper functions  support  only  the  8-bit
+       library, and the pcregrep program is at present 8-bit only.
+
+
+AUTHOR
+
+       Philip Hazel
+       University Computing Service
+       Cambridge CB2 3QH, England.
+
+
+REVISION
+
+       Last updated: 12 May 2013
+       Copyright (c) 1997-2013 University of Cambridge.
+------------------------------------------------------------------------------
+
+
+PCRE(3)                    Library Functions Manual                    PCRE(3)
+
+
+
+NAME
+       PCRE - Perl-compatible regular expressions
+
+       #include <pcre.h>
+
+
+PCRE 32-BIT API BASIC FUNCTIONS
+
+       pcre32 *pcre32_compile(PCRE_SPTR32 pattern, int options,
+            const char **errptr, int *erroffset,
+            const unsigned char *tableptr);
+
+       pcre32 *pcre32_compile2(PCRE_SPTR32 pattern, int options,
+            int *errorcodeptr,
+            const unsigned char *tableptr);
+
+       pcre32_extra *pcre32_study(const pcre32 *code, int options,
+            const char **errptr);
+
+       void pcre32_free_study(pcre32_extra *extra);
+
+       int pcre32_exec(const pcre32 *code, const pcre32_extra *extra,
+            PCRE_SPTR32 subject, int length, int startoffset,
+            int options, int *ovector, int ovecsize);
+
+       int pcre32_dfa_exec(const pcre32 *code, const pcre32_extra *extra,
+            PCRE_SPTR32 subject, int length, int startoffset,
+            int options, int *ovector, int ovecsize,
+            int *workspace, int wscount);
+
+
+PCRE 32-BIT API STRING EXTRACTION FUNCTIONS
+
+       int pcre32_copy_named_substring(const pcre32 *code,
+            PCRE_SPTR32 subject, int *ovector,
+            int stringcount, PCRE_SPTR32 stringname,
+            PCRE_UCHAR32 *buffer, int buffersize);
+
+       int pcre32_copy_substring(PCRE_SPTR32 subject, int *ovector,
+            int stringcount, int stringnumber, PCRE_UCHAR32 *buffer,
+            int buffersize);
+
+       int pcre32_get_named_substring(const pcre32 *code,
+            PCRE_SPTR32 subject, int *ovector,
+            int stringcount, PCRE_SPTR32 stringname,
+            PCRE_SPTR32 *stringptr);
+
+       int pcre32_get_stringnumber(const pcre32 *code,
+            PCRE_SPTR32 name);
+
+       int pcre32_get_stringtable_entries(const pcre32 *code,
+            PCRE_SPTR32 name, PCRE_UCHAR32 **first, PCRE_UCHAR32 **last);
+
+       int pcre32_get_substring(PCRE_SPTR32 subject, int *ovector,
+            int stringcount, int stringnumber,
+            PCRE_SPTR32 *stringptr);
+
+       int pcre32_get_substring_list(PCRE_SPTR32 subject,
+            int *ovector, int stringcount, PCRE_SPTR32 **listptr);
+
+       void pcre32_free_substring(PCRE_SPTR32 stringptr);
+
+       void pcre32_free_substring_list(PCRE_SPTR32 *stringptr);
+
+
+PCRE 32-BIT API AUXILIARY FUNCTIONS
+
+       pcre32_jit_stack *pcre32_jit_stack_alloc(int startsize, int maxsize);
+
+       void pcre32_jit_stack_free(pcre32_jit_stack *stack);
+
+       void pcre32_assign_jit_stack(pcre32_extra *extra,
+            pcre32_jit_callback callback, void *data);
+
+       const unsigned char *pcre32_maketables(void);
+
+       int pcre32_fullinfo(const pcre32 *code, const pcre32_extra *extra,
+            int what, void *where);
+
+       int pcre32_refcount(pcre32 *code, int adjust);
+
+       int pcre32_config(int what, void *where);
+
+       const char *pcre32_version(void);
+
+       int pcre32_pattern_to_host_byte_order(pcre32 *code,
+            pcre32_extra *extra, const unsigned char *tables);
+
+
+PCRE 32-BIT API INDIRECTED FUNCTIONS
+
+       void *(*pcre32_malloc)(size_t);
+
+       void (*pcre32_free)(void *);
+
+       void *(*pcre32_stack_malloc)(size_t);
+
+       void (*pcre32_stack_free)(void *);
+
+       int (*pcre32_callout)(pcre32_callout_block *);
+
+
+PCRE 32-BIT API 32-BIT-ONLY FUNCTION
+
+       int pcre32_utf32_to_host_byte_order(PCRE_UCHAR32 *output,
+            PCRE_SPTR32 input, int length, int *byte_order,
+            int keep_boms);
+
+
+THE PCRE 32-BIT LIBRARY
+
+       Starting  with  release  8.32, it is possible to compile a PCRE library
+       that supports 32-bit character strings, including  UTF-32  strings,  as
+       well as or instead of the original 8-bit library. This work was done by
+       Christian Persch, based on the work done  by  Zoltan  Herczeg  for  the
+       16-bit  library.  All  three  libraries contain identical sets of func-
+       tions, used in exactly the same way.  Only the names of  the  functions
+       and  the  data  types  of their arguments and results are different. To
+       avoid over-complication and reduce the documentation maintenance  load,
+       most  of  the PCRE documentation describes the 8-bit library, with only
+       occasional references to the 16-bit and  32-bit  libraries.  This  page
+       describes what is different when you use the 32-bit library.
+
+       WARNING:  A  single  application  can  be linked with all or any of the
+       three libraries, but you must take care when processing any  particular
+       pattern  to  use  functions  from just one library. For example, if you
+       want to study a pattern that was compiled  with  pcre32_compile(),  you
+       must do so with pcre32_study(), not pcre_study(), and you must free the
+       study data with pcre32_free_study().
+
+
+THE HEADER FILE
+
+       There is only one header file, pcre.h. It contains prototypes  for  all
+       the functions in all libraries, as well as definitions of flags, struc-
+       tures, error codes, etc.
+
+
+THE LIBRARY NAME
+
+       In Unix-like systems, the 32-bit library is called libpcre32,  and  can
+       normally  be  accesss  by adding -lpcre32 to the command for linking an
+       application that uses PCRE.
+
+
+STRING TYPES
+
+       In the 8-bit library, strings are passed to PCRE library  functions  as
+       vectors  of  bytes  with  the  C  type "char *". In the 32-bit library,
+       strings are passed as vectors of unsigned 32-bit quantities. The  macro
+       PCRE_UCHAR32  specifies  an  appropriate  data type, and PCRE_SPTR32 is
+       defined as "const PCRE_UCHAR32 *". In very many environments, "unsigned
+       int" is a 32-bit data type. When PCRE is built, it defines PCRE_UCHAR32
+       as "unsigned int", but checks that it really is a 32-bit data type.  If
+       it is not, the build fails with an error message telling the maintainer
+       to modify the definition appropriately.
+
+
+STRUCTURE TYPES
+
+       The types of the opaque structures that are used  for  compiled  32-bit
+       patterns  and  JIT stacks are pcre32 and pcre32_jit_stack respectively.
+       The  type  of  the  user-accessible  structure  that  is  returned   by
+       pcre32_study()  is  pcre32_extra, and the type of the structure that is
+       used for passing data to a callout  function  is  pcre32_callout_block.
+       These structures contain the same fields, with the same names, as their
+       8-bit counterparts. The only difference is that pointers  to  character
+       strings are 32-bit instead of 8-bit types.
+
+
+32-BIT FUNCTIONS
+
+       For  every function in the 8-bit library there is a corresponding func-
+       tion in the 32-bit library with a name that starts with pcre32_ instead
+       of  pcre_.  The  prototypes are listed above. In addition, there is one
+       extra function, pcre32_utf32_to_host_byte_order(). This  is  a  utility
+       function  that converts a UTF-32 character string to host byte order if
+       necessary. The other 32-bit  functions  expect  the  strings  they  are
+       passed to be in host byte order.
+
+       The input and output arguments of pcre32_utf32_to_host_byte_order() may
+       point to the same address, that is, conversion in place  is  supported.
+       The output buffer must be at least as long as the input.
+
+       The  length  argument  specifies the number of 32-bit data units in the
+       input string; a negative value specifies a zero-terminated string.
+
+       If byte_order is NULL, it is assumed that the string starts off in host
+       byte  order. This may be changed by byte-order marks (BOMs) anywhere in
+       the string (commonly as the first character).
+
+       If byte_order is not NULL, a non-zero value of the integer to which  it
+       points  means  that  the input starts off in host byte order, otherwise
+       the opposite order is assumed. Again, BOMs in  the  string  can  change
+       this. The final byte order is passed back at the end of processing.
+
+       If  keep_boms  is  not  zero,  byte-order  mark characters (0xfeff) are
+       copied into the output string. Otherwise they are discarded.
+
+       The result of the function is the number of 32-bit  units  placed  into
+       the  output  buffer,  including  the  zero terminator if the string was
+       zero-terminated.
+
+
+SUBJECT STRING OFFSETS
+
+       The lengths and starting offsets of subject strings must  be  specified
+       in  32-bit  data units, and the offsets within subject strings that are
+       returned by the matching functions are in also 32-bit units rather than
+       bytes.
+
+
+NAMED SUBPATTERNS
+
+       The  name-to-number translation table that is maintained for named sub-
+       patterns uses 32-bit characters.  The  pcre32_get_stringtable_entries()
+       function returns the length of each entry in the table as the number of
+       32-bit data units.
+
+
+OPTION NAMES
+
+       There   are   two   new   general   option   names,   PCRE_UTF32    and
+       PCRE_NO_UTF32_CHECK,     which     correspond    to    PCRE_UTF8    and
+       PCRE_NO_UTF8_CHECK in the 8-bit library. In  fact,  these  new  options
+       define  the  same bits in the options word. There is a discussion about
+       the validity of UTF-32 strings in the pcreunicode page.
+
+       For the pcre32_config() function there is an  option  PCRE_CONFIG_UTF32
+       that  returns  1  if UTF-32 support is configured, otherwise 0. If this
+       option  is  given  to  pcre_config()  or  pcre16_config(),  or  if  the
+       PCRE_CONFIG_UTF8  or  PCRE_CONFIG_UTF16  option is given to pcre32_con-
+       fig(), the result is the PCRE_ERROR_BADOPTION error.
+
+
+CHARACTER CODES
+
+       In 32-bit mode, when  PCRE_UTF32  is  not  set,  character  values  are
+       treated in the same way as in 8-bit, non UTF-8 mode, except, of course,
+       that they can range from 0 to 0x7fffffff instead of 0 to 0xff.  Charac-
+       ter  types for characters less than 0xff can therefore be influenced by
+       the locale in the same way as before.   Characters  greater  than  0xff
+       have only one case, and no "type" (such as letter or digit).
+
+       In  UTF-32  mode,  the  character  code  is  Unicode, in the range 0 to
+       0x10ffff, with the exception of values in the range  0xd800  to  0xdfff
+       because those are "surrogate" values that are ill-formed in UTF-32.
+
+       A  UTF-32 string can indicate its endianness by special code knows as a
+       byte-order mark (BOM). The PCRE functions do not handle this, expecting
+       strings   to   be  in  host  byte  order.  A  utility  function  called
+       pcre32_utf32_to_host_byte_order() is provided to help  with  this  (see
+       above).
+
+
+ERROR NAMES
+
+       The  error  PCRE_ERROR_BADUTF32  corresponds  to its 8-bit counterpart.
+       The error PCRE_ERROR_BADMODE is given when a compiled pattern is passed
+       to  a  function that processes patterns in the other mode, for example,
+       if a pattern compiled with pcre_compile() is passed to pcre32_exec().
+
+       There are new error codes whose names  begin  with  PCRE_UTF32_ERR  for
+       invalid  UTF-32  strings,  corresponding to the PCRE_UTF8_ERR codes for
+       UTF-8 strings that are described in the section entitled "Reason  codes
+       for  invalid UTF-8 strings" in the main pcreapi page. The UTF-32 errors
+       are:
+
+         PCRE_UTF32_ERR1  Surrogate character (range from 0xd800 to 0xdfff)
+         PCRE_UTF32_ERR2  Non-character
+         PCRE_UTF32_ERR3  Character > 0x10ffff
+
+
+ERROR TEXTS
+
+       If there is an error while compiling a pattern, the error text that  is
+       passed  back by pcre32_compile() or pcre32_compile2() is still an 8-bit
+       character string, zero-terminated.
+
+
+CALLOUTS
+
+       The subject and mark fields in the callout block that is  passed  to  a
+       callout function point to 32-bit vectors.
+
+
+TESTING
+
+       The  pcretest  program continues to operate with 8-bit input and output
+       files, but it can be used for testing the 32-bit library. If it is  run
+       with the command line option -32, patterns and subject strings are con-
+       verted from 8-bit to 32-bit before being passed to PCRE, and the 32-bit
+       library  functions  are used instead of the 8-bit ones. Returned 32-bit
+       strings are converted to 8-bit for output. If both the  8-bit  and  the
+       16-bit libraries were not compiled, pcretest defaults to 32-bit and the
+       -32 option is ignored.
+
+       When PCRE is being built, the RunTest script that is  called  by  "make
+       check"  uses  the  pcretest  -C  option to discover which of the 8-bit,
+       16-bit and 32-bit libraries has been built, and runs the  tests  appro-
+       priately.
+
+
+NOT SUPPORTED IN 32-BIT MODE
+
+       Not all the features of the 8-bit library are available with the 32-bit
+       library. The C++ and POSIX wrapper functions  support  only  the  8-bit
+       library, and the pcregrep program is at present 8-bit only.
+
+
+AUTHOR
+
+       Philip Hazel
+       University Computing Service
+       Cambridge CB2 3QH, England.
+
+
+REVISION
+
+       Last updated: 12 May 2013
+       Copyright (c) 1997-2013 University of Cambridge.
+------------------------------------------------------------------------------
+
+
+PCREBUILD(3)               Library Functions Manual               PCREBUILD(3)
+
+
+
+NAME
+       PCRE - Perl-compatible regular expressions
+
+BUILDING PCRE
+
+       PCRE  is  distributed with a configure script that can be used to build
+       the library in Unix-like environments using the applications  known  as
+       Autotools.   Also  in  the  distribution  are files to support building
+       using CMake instead of configure. The text file README contains general
+       information  about  building  with Autotools (some of which is repeated
+       below), and also has some comments about building on various  operating
+       systems.  There  is  a lot more information about building PCRE without
+       using Autotools (including information about using CMake  and  building
+       "by  hand")  in  the  text file called NON-AUTOTOOLS-BUILD.  You should
+       consult this file as well as the README file if you are building  in  a
+       non-Unix-like environment.
+
+
+PCRE BUILD-TIME OPTIONS
+
+       The  rest of this document describes the optional features of PCRE that
+       can be selected when the library is compiled. It  assumes  use  of  the
+       configure  script,  where  the  optional features are selected or dese-
+       lected by providing options to configure before running the  make  com-
+       mand.  However,  the same options can be selected in both Unix-like and
+       non-Unix-like environments using the GUI facility of cmake-gui  if  you
+       are using CMake instead of configure to build PCRE.
+
+       If  you  are not using Autotools or CMake, option selection can be done
+       by editing the config.h file, or by passing parameter settings  to  the
+       compiler, as described in NON-AUTOTOOLS-BUILD.
+
+       The complete list of options for configure (which includes the standard
+       ones such as the  selection  of  the  installation  directory)  can  be
+       obtained by running
+
+         ./configure --help
+
+       The  following  sections  include  descriptions  of options whose names
+       begin with --enable or --disable. These settings specify changes to the
+       defaults  for  the configure command. Because of the way that configure
+       works, --enable and --disable always come in pairs, so  the  complemen-
+       tary  option always exists as well, but as it specifies the default, it
+       is not described.
+
+
+BUILDING 8-BIT, 16-BIT AND 32-BIT LIBRARIES
+
+       By default, a library called libpcre  is  built,  containing  functions
+       that  take  string  arguments  contained in vectors of bytes, either as
+       single-byte characters, or interpreted as UTF-8 strings. You  can  also
+       build  a  separate library, called libpcre16, in which strings are con-
+       tained in vectors of 16-bit data units and interpreted either  as  sin-
+       gle-unit characters or UTF-16 strings, by adding
+
+         --enable-pcre16
+
+       to  the  configure  command.  You  can  also build yet another separate
+       library, called libpcre32, in which strings are contained in vectors of
+       32-bit  data  units and interpreted either as single-unit characters or
+       UTF-32 strings, by adding
+
+         --enable-pcre32
+
+       to the configure command. If you do not want the 8-bit library, add
+
+         --disable-pcre8
+
+       as well. At least one of the three libraries must be built.  Note  that
+       the  C++  and  POSIX  wrappers are for the 8-bit library only, and that
+       pcregrep is an 8-bit program. None of these are  built  if  you  select
+       only the 16-bit or 32-bit libraries.
+
+
+BUILDING SHARED AND STATIC LIBRARIES
+
+       The  Autotools  PCRE building process uses libtool to build both shared
+       and static libraries by default. You  can  suppress  one  of  these  by
+       adding one of
+
+         --disable-shared
+         --disable-static
+
+       to the configure command, as required.
+
+
+C++ SUPPORT
+
+       By  default,  if the 8-bit library is being built, the configure script
+       will search for a C++ compiler and C++ header files. If it finds  them,
+       it  automatically  builds  the C++ wrapper library (which supports only
+       8-bit strings). You can disable this by adding
+
+         --disable-cpp
+
+       to the configure command.
+
+
+UTF-8, UTF-16 AND UTF-32 SUPPORT
+
+       To build PCRE with support for UTF Unicode character strings, add
+
+         --enable-utf
+
+       to the configure command. This setting applies to all three  libraries,
+       adding  support  for  UTF-8 to the 8-bit library, support for UTF-16 to
+       the 16-bit library, and  support  for  UTF-32  to  the  to  the  32-bit
+       library.  There  are no separate options for enabling UTF-8, UTF-16 and
+       UTF-32 independently because that would allow ridiculous settings  such
+       as  requesting UTF-16 support while building only the 8-bit library. It
+       is not possible to build one library with UTF support and another with-
+       out  in the same configuration. (For backwards compatibility, --enable-
+       utf8 is a synonym of --enable-utf.)
+
+       Of itself, this setting does not make  PCRE  treat  strings  as  UTF-8,
+       UTF-16  or UTF-32. As well as compiling PCRE with this option, you also
+       have have to set the PCRE_UTF8, PCRE_UTF16  or  PCRE_UTF32  option  (as
+       appropriate) when you call one of the pattern compiling functions.
+
+       If  you  set --enable-utf when compiling in an EBCDIC environment, PCRE
+       expects its input to be either ASCII or UTF-8 (depending  on  the  run-
+       time option). It is not possible to support both EBCDIC and UTF-8 codes
+       in the same version of  the  library.  Consequently,  --enable-utf  and
+       --enable-ebcdic are mutually exclusive.
+
+
+UNICODE CHARACTER PROPERTY SUPPORT
+
+       UTF  support allows the libraries to process character codepoints up to
+       0x10ffff in the strings that they handle. On its own, however, it  does
+       not provide any facilities for accessing the properties of such charac-
+       ters. If you want to be able to use the pattern escapes \P, \p, and \X,
+       which refer to Unicode character properties, you must add
+
+         --enable-unicode-properties
+
+       to  the  configure  command. This implies UTF support, even if you have
+       not explicitly requested it.
+
+       Including Unicode property support adds around 30K  of  tables  to  the
+       PCRE  library.  Only  the general category properties such as Lu and Nd
+       are supported. Details are given in the pcrepattern documentation.
+
+
+JUST-IN-TIME COMPILER SUPPORT
+
+       Just-in-time compiler support is included in the build by specifying
+
+         --enable-jit
+
+       This support is available only for certain hardware  architectures.  If
+       this  option  is  set  for  an unsupported architecture, a compile time
+       error occurs.  See the pcrejit documentation for a  discussion  of  JIT
+       usage. When JIT support is enabled, pcregrep automatically makes use of
+       it, unless you add
+
+         --disable-pcregrep-jit
+
+       to the "configure" command.
+
+
+CODE VALUE OF NEWLINE
+
+       By default, PCRE interprets the linefeed (LF) character  as  indicating
+       the  end  of  a line. This is the normal newline character on Unix-like
+       systems. You can compile PCRE to use carriage return (CR)  instead,  by
+       adding
+
+         --enable-newline-is-cr
+
+       to  the  configure  command.  There  is  also  a --enable-newline-is-lf
+       option, which explicitly specifies linefeed as the newline character.
+
+       Alternatively, you can specify that line endings are to be indicated by
+       the two character sequence CRLF. If you want this, add
+
+         --enable-newline-is-crlf
+
+       to the configure command. There is a fourth option, specified by
+
+         --enable-newline-is-anycrlf
+
+       which  causes  PCRE  to recognize any of the three sequences CR, LF, or
+       CRLF as indicating a line ending. Finally, a fifth option, specified by
+
+         --enable-newline-is-any
+
+       causes PCRE to recognize any Unicode newline sequence.
+
+       Whatever line ending convention is selected when PCRE is built  can  be
+       overridden  when  the library functions are called. At build time it is
+       conventional to use the standard for your operating system.
+
+
+WHAT \R MATCHES
+
+       By default, the sequence \R in a pattern matches  any  Unicode  newline
+       sequence,  whatever  has  been selected as the line ending sequence. If
+       you specify
+
+         --enable-bsr-anycrlf
+
+       the default is changed so that \R matches only CR, LF, or  CRLF.  What-
+       ever  is selected when PCRE is built can be overridden when the library
+       functions are called.
+
+
+POSIX MALLOC USAGE
+
+       When the 8-bit library is called through the POSIX interface  (see  the
+       pcreposix  documentation),  additional  working storage is required for
+       holding the pointers to capturing  substrings,  because  PCRE  requires
+       three integers per substring, whereas the POSIX interface provides only
+       two. If the number of expected substrings is small, the  wrapper  func-
+       tion  uses  space  on the stack, because this is faster than using mal-
+       loc() for each call. The default threshold above which the stack is  no
+       longer used is 10; it can be changed by adding a setting such as
+
+         --with-posix-malloc-threshold=20
+
+       to the configure command.
+
+
+HANDLING VERY LARGE PATTERNS
+
+       Within  a  compiled  pattern,  offset values are used to point from one
+       part to another (for example, from an opening parenthesis to an  alter-
+       nation  metacharacter).  By default, in the 8-bit and 16-bit libraries,
+       two-byte values are used for these offsets, leading to a  maximum  size
+       for  a compiled pattern of around 64K. This is sufficient to handle all
+       but the most gigantic patterns.  Nevertheless, some people do  want  to
+       process  truly  enormous patterns, so it is possible to compile PCRE to
+       use three-byte or four-byte offsets by adding a setting such as
+
+         --with-link-size=3
+
+       to the configure command. The value given must be 2, 3, or 4.  For  the
+       16-bit  library,  a  value of 3 is rounded up to 4. In these libraries,
+       using longer offsets slows down the operation of PCRE because it has to
+       load  additional  data  when  handling them. For the 32-bit library the
+       value is always 4 and cannot be overridden; the value  of  --with-link-
+       size is ignored.
+
+
+AVOIDING EXCESSIVE STACK USAGE
+
+       When matching with the pcre_exec() function, PCRE implements backtrack-
+       ing by making recursive calls to an internal function  called  match().
+       In  environments  where  the size of the stack is limited, this can se-
+       verely limit PCRE's operation. (The Unix environment does  not  usually
+       suffer from this problem, but it may sometimes be necessary to increase
+       the maximum stack size.  There is a discussion in the  pcrestack  docu-
+       mentation.)  An alternative approach to recursion that uses memory from
+       the heap to remember data, instead of using recursive  function  calls,
+       has  been  implemented to work round the problem of limited stack size.
+       If you want to build a version of PCRE that works this way, add
+
+         --disable-stack-for-recursion
+
+       to the configure command. With this configuration, PCRE  will  use  the
+       pcre_stack_malloc  and pcre_stack_free variables to call memory manage-
+       ment functions. By default these point to malloc() and free(), but  you
+       can replace the pointers so that your own functions are used instead.
+
+       Separate  functions  are  provided  rather  than  using pcre_malloc and
+       pcre_free because the  usage  is  very  predictable:  the  block  sizes
+       requested  are  always  the  same,  and  the blocks are always freed in
+       reverse order. A calling program might be able to  implement  optimized
+       functions  that  perform  better  than  malloc()  and free(). PCRE runs
+       noticeably more slowly when built in this way. This option affects only
+       the pcre_exec() function; it is not relevant for pcre_dfa_exec().
+
+
+LIMITING PCRE RESOURCE USAGE
+
+       Internally,  PCRE has a function called match(), which it calls repeat-
+       edly  (sometimes  recursively)  when  matching  a  pattern   with   the
+       pcre_exec()  function.  By controlling the maximum number of times this
+       function may be called during a single matching operation, a limit  can
+       be  placed  on  the resources used by a single call to pcre_exec(). The
+       limit can be changed at run time, as described in the pcreapi  documen-
+       tation.  The default is 10 million, but this can be changed by adding a
+       setting such as
+
+         --with-match-limit=500000
+
+       to  the  configure  command.  This  setting  has  no  effect   on   the
+       pcre_dfa_exec() matching function.
+
+       In  some  environments  it is desirable to limit the depth of recursive
+       calls of match() more strictly than the total number of calls, in order
+       to  restrict  the maximum amount of stack (or heap, if --disable-stack-
+       for-recursion is specified) that is used. A second limit controls this;
+       it  defaults  to  the  value  that is set for --with-match-limit, which
+       imposes no additional constraints. However, you can set a  lower  limit
+       by adding, for example,
+
+         --with-match-limit-recursion=10000
+
+       to  the  configure  command.  This  value can also be overridden at run
+       time.
+
+
+CREATING CHARACTER TABLES AT BUILD TIME
+
+       PCRE uses fixed tables for processing characters whose code values  are
+       less  than 256. By default, PCRE is built with a set of tables that are
+       distributed in the file pcre_chartables.c.dist. These  tables  are  for
+       ASCII codes only. If you add
+
+         --enable-rebuild-chartables
+
+       to  the  configure  command, the distributed tables are no longer used.
+       Instead, a program called dftables is compiled and  run.  This  outputs
+       the source for new set of tables, created in the default locale of your
+       C run-time system. (This method of replacing the tables does  not  work
+       if  you are cross compiling, because dftables is run on the local host.
+       If you need to create alternative tables when cross compiling, you will
+       have to do so "by hand".)
+
+
+USING EBCDIC CODE
+
+       PCRE  assumes  by  default that it will run in an environment where the
+       character code is ASCII (or Unicode, which is  a  superset  of  ASCII).
+       This  is  the  case for most computer operating systems. PCRE can, how-
+       ever, be compiled to run in an EBCDIC environment by adding
+
+         --enable-ebcdic
+
+       to the configure command. This setting implies --enable-rebuild-charta-
+       bles.  You  should  only  use  it if you know that you are in an EBCDIC
+       environment (for example,  an  IBM  mainframe  operating  system).  The
+       --enable-ebcdic option is incompatible with --enable-utf.
+
+       The EBCDIC character that corresponds to an ASCII LF is assumed to have
+       the value 0x15 by default. However, in some EBCDIC  environments,  0x25
+       is used. In such an environment you should use
+
+         --enable-ebcdic-nl25
+
+       as well as, or instead of, --enable-ebcdic. The EBCDIC character for CR
+       has the same value as in ASCII, namely, 0x0d.  Whichever  of  0x15  and
+       0x25 is not chosen as LF is made to correspond to the Unicode NEL char-
+       acter (which, in Unicode, is 0x85).
+
+       The options that select newline behaviour, such as --enable-newline-is-
+       cr, and equivalent run-time options, refer to these character values in
+       an EBCDIC environment.
+
+
+PCREGREP OPTIONS FOR COMPRESSED FILE SUPPORT
+
+       By default, pcregrep reads all files as plain text. You can build it so
+       that it recognizes files whose names end in .gz or .bz2, and reads them
+       with libz or libbz2, respectively, by adding one or both of
+
+         --enable-pcregrep-libz
+         --enable-pcregrep-libbz2
+
+       to the configure command. These options naturally require that the rel-
+       evant  libraries  are installed on your system. Configuration will fail
+       if they are not.
+
+
+PCREGREP BUFFER SIZE
+
+       pcregrep uses an internal buffer to hold a "window" on the file  it  is
+       scanning, in order to be able to output "before" and "after" lines when
+       it finds a match. The size of the buffer is controlled by  a  parameter
+       whose default value is 20K. The buffer itself is three times this size,
+       but because of the way it is used for holding "before" lines, the long-
+       est  line  that  is guaranteed to be processable is the parameter size.
+       You can change the default parameter value by adding, for example,
+
+         --with-pcregrep-bufsize=50K
+
+       to the configure command. The caller of pcregrep can, however, override
+       this value by specifying a run-time option.
+
+
+PCRETEST OPTION FOR LIBREADLINE SUPPORT
+
+       If you add
+
+         --enable-pcretest-libreadline
+
+       to  the  configure  command,  pcretest  is  linked with the libreadline
+       library, and when its input is from a terminal, it reads it  using  the
+       readline() function. This provides line-editing and history facilities.
+       Note that libreadline is GPL-licensed, so if you distribute a binary of
+       pcretest linked in this way, there may be licensing issues.
+
+       Setting  this  option  causes  the -lreadline option to be added to the
+       pcretest build. In many operating environments with  a  sytem-installed
+       libreadline this is sufficient. However, in some environments (e.g.  if
+       an unmodified distribution version of readline is in use),  some  extra
+       configuration  may  be necessary. The INSTALL file for libreadline says
+       this:
+
+         "Readline uses the termcap functions, but does not link with the
+         termcap or curses library itself, allowing applications which link
+         with readline the to choose an appropriate library."
+
+       If your environment has not been set up so that an appropriate  library
+       is automatically included, you may need to add something like
+
+         LIBS="-ncurses"
+
+       immediately before the configure command.
+
+
+DEBUGGING WITH VALGRIND SUPPORT
+
+       By adding the
+
+         --enable-valgrind
+
+       option  to to the configure command, PCRE will use valgrind annotations
+       to mark certain memory regions as  unaddressable.  This  allows  it  to
+       detect invalid memory accesses, and is mostly useful for debugging PCRE
+       itself.
+
+
+CODE COVERAGE REPORTING
+
+       If your C compiler is gcc, you can build a version  of  PCRE  that  can
+       generate a code coverage report for its test suite. To enable this, you
+       must install lcov version 1.6 or above. Then specify
+
+         --enable-coverage
+
+       to the configure command and build PCRE in the usual way.
+
+       Note that using ccache (a caching C compiler) is incompatible with code
+       coverage  reporting. If you have configured ccache to run automatically
+       on your system, you must set the environment variable
+
+         CCACHE_DISABLE=1
+
+       before running make to build PCRE, so that ccache is not used.
+
+       When --enable-coverage is used,  the  following  addition  targets  are
+       added to the Makefile:
+
+         make coverage
+
+       This  creates  a  fresh  coverage report for the PCRE test suite. It is
+       equivalent to running "make coverage-reset", "make  coverage-baseline",
+       "make check", and then "make coverage-report".
+
+         make coverage-reset
+
+       This zeroes the coverage counters, but does nothing else.
+
+         make coverage-baseline
+
+       This captures baseline coverage information.
+
+         make coverage-report
+
+       This creates the coverage report.
+
+         make coverage-clean-report
+
+       This  removes the generated coverage report without cleaning the cover-
+       age data itself.
+
+         make coverage-clean-data
+
+       This removes the captured coverage data without removing  the  coverage
+       files created at compile time (*.gcno).
+
+         make coverage-clean
+
+       This  cleans all coverage data including the generated coverage report.
+       For more information about code coverage, see the gcov and  lcov  docu-
+       mentation.
+
+
+SEE ALSO
+
+       pcreapi(3), pcre16, pcre32, pcre_config(3).
+
+
+AUTHOR
+
+       Philip Hazel
+       University Computing Service
+       Cambridge CB2 3QH, England.
+
+
+REVISION
+
+       Last updated: 12 May 2013
+       Copyright (c) 1997-2013 University of Cambridge.
+------------------------------------------------------------------------------
+
+
+PCREMATCHING(3)            Library Functions Manual            PCREMATCHING(3)
+
+
+
+NAME
+       PCRE - Perl-compatible regular expressions
+
+PCRE MATCHING ALGORITHMS
+
+       This document describes the two different algorithms that are available
+       in PCRE for matching a compiled regular expression against a given sub-
+       ject  string.  The  "standard"  algorithm  is  the  one provided by the
+       pcre_exec(), pcre16_exec() and pcre32_exec() functions. These  work  in
+       the  same as as Perl's matching function, and provide a Perl-compatible
+       matching  operation.   The  just-in-time  (JIT)  optimization  that  is
+       described  in  the pcrejit documentation is compatible with these func-
+       tions.
+
+       An  alternative  algorithm  is   provided   by   the   pcre_dfa_exec(),
+       pcre16_dfa_exec()  and  pcre32_dfa_exec()  functions; they operate in a
+       different way, and are not Perl-compatible. This alternative has advan-
+       tages and disadvantages compared with the standard algorithm, and these
+       are described below.
+
+       When there is only one possible way in which a given subject string can
+       match  a pattern, the two algorithms give the same answer. A difference
+       arises, however, when there are multiple possibilities. For example, if
+       the pattern
+
+         ^<.*>
+
+       is matched against the string
+
+         <something> <something else> <something further>
+
+       there are three possible answers. The standard algorithm finds only one
+       of them, whereas the alternative algorithm finds all three.
+
+
+REGULAR EXPRESSIONS AS TREES
+
+       The set of strings that are matched by a regular expression can be rep-
+       resented  as  a  tree structure. An unlimited repetition in the pattern
+       makes the tree of infinite size, but it is still a tree.  Matching  the
+       pattern  to a given subject string (from a given starting point) can be
+       thought of as a search of the tree.  There are two  ways  to  search  a
+       tree:  depth-first  and  breadth-first, and these correspond to the two
+       matching algorithms provided by PCRE.
+
+
+THE STANDARD MATCHING ALGORITHM
+
+       In the terminology of Jeffrey Friedl's book "Mastering Regular  Expres-
+       sions",  the  standard  algorithm  is an "NFA algorithm". It conducts a
+       depth-first search of the pattern tree. That is, it  proceeds  along  a
+       single path through the tree, checking that the subject matches what is
+       required. When there is a mismatch, the algorithm  tries  any  alterna-
+       tives  at  the  current point, and if they all fail, it backs up to the
+       previous branch point in the  tree,  and  tries  the  next  alternative
+       branch  at  that  level.  This often involves backing up (moving to the
+       left) in the subject string as well.  The  order  in  which  repetition
+       branches  are  tried  is controlled by the greedy or ungreedy nature of
+       the quantifier.
+
+       If a leaf node is reached, a matching string has  been  found,  and  at
+       that  point the algorithm stops. Thus, if there is more than one possi-
+       ble match, this algorithm returns the first one that it finds.  Whether
+       this  is the shortest, the longest, or some intermediate length depends
+       on the way the greedy and ungreedy repetition quantifiers are specified
+       in the pattern.
+
+       Because  it  ends  up  with a single path through the tree, it is rela-
+       tively straightforward for this algorithm to keep  track  of  the  sub-
+       strings  that  are  matched  by portions of the pattern in parentheses.
+       This provides support for capturing parentheses and back references.
+
+
+THE ALTERNATIVE MATCHING ALGORITHM
+
+       This algorithm conducts a breadth-first search of  the  tree.  Starting
+       from  the  first  matching  point  in the subject, it scans the subject
+       string from left to right, once, character by character, and as it does
+       this,  it remembers all the paths through the tree that represent valid
+       matches. In Friedl's terminology, this is a kind  of  "DFA  algorithm",
+       though  it is not implemented as a traditional finite state machine (it
+       keeps multiple states active simultaneously).
+
+       Although the general principle of this matching algorithm  is  that  it
+       scans  the subject string only once, without backtracking, there is one
+       exception: when a lookaround assertion is encountered,  the  characters
+       following  or  preceding  the  current  point  have to be independently
+       inspected.
+
+       The scan continues until either the end of the subject is  reached,  or
+       there  are  no more unterminated paths. At this point, terminated paths
+       represent the different matching possibilities (if there are none,  the
+       match  has  failed).   Thus,  if there is more than one possible match,
+       this algorithm finds all of them, and in particular, it finds the long-
+       est.  The  matches are returned in decreasing order of length. There is
+       an option to stop the algorithm after the first match (which is  neces-
+       sarily the shortest) is found.
+
+       Note that all the matches that are found start at the same point in the
+       subject. If the pattern
+
+         cat(er(pillar)?)?
+
+       is matched against the string "the caterpillar catchment",  the  result
+       will  be the three strings "caterpillar", "cater", and "cat" that start
+       at the fifth character of the subject. The algorithm does not automati-
+       cally move on to find matches that start at later positions.
+
+       PCRE's  "auto-possessification" optimization usually applies to charac-
+       ter repeats at the end of a pattern (as well as internally). For  exam-
+       ple, the pattern "a\d+" is compiled as if it were "a\d++" because there
+       is no point even considering the possibility of backtracking  into  the
+       repeated  digits.  For  DFA matching, this means that only one possible
+       match is found. If you really do want multiple matches in  such  cases,
+       either use an ungreedy repeat ("a\d+?") or set the PCRE_NO_AUTO_POSSESS
+       option when compiling.
+
+       There are a number of features of PCRE regular expressions that are not
+       supported by the alternative matching algorithm. They are as follows:
+
+       1.  Because  the  algorithm  finds  all possible matches, the greedy or
+       ungreedy nature of repetition quantifiers is not relevant.  Greedy  and
+       ungreedy quantifiers are treated in exactly the same way. However, pos-
+       sessive quantifiers can make a difference when what follows could  also
+       match what is quantified, for example in a pattern like this:
+
+         ^a++\w!
+
+       This  pattern matches "aaab!" but not "aaa!", which would be matched by
+       a non-possessive quantifier. Similarly, if an atomic group is  present,
+       it  is matched as if it were a standalone pattern at the current point,
+       and the longest match is then "locked in" for the rest of  the  overall
+       pattern.
+
+       2. When dealing with multiple paths through the tree simultaneously, it
+       is not straightforward to keep track of  captured  substrings  for  the
+       different  matching  possibilities,  and  PCRE's implementation of this
+       algorithm does not attempt to do this. This means that no captured sub-
+       strings are available.
+
+       3.  Because no substrings are captured, back references within the pat-
+       tern are not supported, and cause errors if encountered.
+
+       4. For the same reason, conditional expressions that use  a  backrefer-
+       ence  as  the  condition or test for a specific group recursion are not
+       supported.
+
+       5. Because many paths through the tree may be  active,  the  \K  escape
+       sequence, which resets the start of the match when encountered (but may
+       be on some paths and not on others), is not  supported.  It  causes  an
+       error if encountered.
+
+       6.  Callouts  are  supported, but the value of the capture_top field is
+       always 1, and the value of the capture_last field is always -1.
+
+       7. The \C escape sequence, which (in  the  standard  algorithm)  always
+       matches  a  single data unit, even in UTF-8, UTF-16 or UTF-32 modes, is
+       not supported in these modes, because the alternative  algorithm  moves
+       through the subject string one character (not data unit) at a time, for
+       all active paths through the tree.
+
+       8. Except for (*FAIL), the backtracking control verbs such as  (*PRUNE)
+       are  not  supported.  (*FAIL)  is supported, and behaves like a failing
+       negative assertion.
+
+
+ADVANTAGES OF THE ALTERNATIVE ALGORITHM
+
+       Using the alternative matching algorithm provides the following  advan-
+       tages:
+
+       1. All possible matches (at a single point in the subject) are automat-
+       ically found, and in particular, the longest match is  found.  To  find
+       more than one match using the standard algorithm, you have to do kludgy
+       things with callouts.
+
+       2. Because the alternative algorithm  scans  the  subject  string  just
+       once, and never needs to backtrack (except for lookbehinds), it is pos-
+       sible to pass very long subject strings to  the  matching  function  in
+       several pieces, checking for partial matching each time. Although it is
+       possible to do multi-segment matching using the standard  algorithm  by
+       retaining  partially  matched  substrings,  it is more complicated. The
+       pcrepartial documentation gives details of partial  matching  and  dis-
+       cusses multi-segment matching.
+
+
+DISADVANTAGES OF THE ALTERNATIVE ALGORITHM
+
+       The alternative algorithm suffers from a number of disadvantages:
+
+       1.  It  is  substantially  slower  than the standard algorithm. This is
+       partly because it has to search for all possible matches, but  is  also
+       because it is less susceptible to optimization.
+
+       2. Capturing parentheses and back references are not supported.
+
+       3. Although atomic groups are supported, their use does not provide the
+       performance advantage that it does for the standard algorithm.
+
+
+AUTHOR
+
+       Philip Hazel
+       University Computing Service
+       Cambridge CB2 3QH, England.
+
+
+REVISION
+
+       Last updated: 12 November 2013
+       Copyright (c) 1997-2012 University of Cambridge.
+------------------------------------------------------------------------------
+
+
+PCREAPI(3)                 Library Functions Manual                 PCREAPI(3)
+
+
+
+NAME
+       PCRE - Perl-compatible regular expressions
+
+       #include <pcre.h>
+
+
+PCRE NATIVE API BASIC FUNCTIONS
+
+       pcre *pcre_compile(const char *pattern, int options,
+            const char **errptr, int *erroffset,
+            const unsigned char *tableptr);
+
+       pcre *pcre_compile2(const char *pattern, int options,
+            int *errorcodeptr,
+            const char **errptr, int *erroffset,
+            const unsigned char *tableptr);
+
+       pcre_extra *pcre_study(const pcre *code, int options,
+            const char **errptr);
+
+       void pcre_free_study(pcre_extra *extra);
+
+       int pcre_exec(const pcre *code, const pcre_extra *extra,
+            const char *subject, int length, int startoffset,
+            int options, int *ovector, int ovecsize);
+
+       int pcre_dfa_exec(const pcre *code, const pcre_extra *extra,
+            const char *subject, int length, int startoffset,
+            int options, int *ovector, int ovecsize,
+            int *workspace, int wscount);
+
+
+PCRE NATIVE API STRING EXTRACTION FUNCTIONS
+
+       int pcre_copy_named_substring(const pcre *code,
+            const char *subject, int *ovector,
+            int stringcount, const char *stringname,
+            char *buffer, int buffersize);
+
+       int pcre_copy_substring(const char *subject, int *ovector,
+            int stringcount, int stringnumber, char *buffer,
+            int buffersize);
+
+       int pcre_get_named_substring(const pcre *code,
+            const char *subject, int *ovector,
+            int stringcount, const char *stringname,
+            const char **stringptr);
+
+       int pcre_get_stringnumber(const pcre *code,
+            const char *name);
+
+       int pcre_get_stringtable_entries(const pcre *code,
+            const char *name, char **first, char **last);
+
+       int pcre_get_substring(const char *subject, int *ovector,
+            int stringcount, int stringnumber,
+            const char **stringptr);
+
+       int pcre_get_substring_list(const char *subject,
+            int *ovector, int stringcount, const char ***listptr);
+
+       void pcre_free_substring(const char *stringptr);
+
+       void pcre_free_substring_list(const char **stringptr);
+
+
+PCRE NATIVE API AUXILIARY FUNCTIONS
+
+       int pcre_jit_exec(const pcre *code, const pcre_extra *extra,
+            const char *subject, int length, int startoffset,
+            int options, int *ovector, int ovecsize,
+            pcre_jit_stack *jstack);
+
+       pcre_jit_stack *pcre_jit_stack_alloc(int startsize, int maxsize);
+
+       void pcre_jit_stack_free(pcre_jit_stack *stack);
+
+       void pcre_assign_jit_stack(pcre_extra *extra,
+            pcre_jit_callback callback, void *data);
+
+       const unsigned char *pcre_maketables(void);
+
+       int pcre_fullinfo(const pcre *code, const pcre_extra *extra,
+            int what, void *where);
+
+       int pcre_refcount(pcre *code, int adjust);
+
+       int pcre_config(int what, void *where);
+
+       const char *pcre_version(void);
+
+       int pcre_pattern_to_host_byte_order(pcre *code,
+            pcre_extra *extra, const unsigned char *tables);
+
+
+PCRE NATIVE API INDIRECTED FUNCTIONS
+
+       void *(*pcre_malloc)(size_t);
+
+       void (*pcre_free)(void *);
+
+       void *(*pcre_stack_malloc)(size_t);
+
+       void (*pcre_stack_free)(void *);
+
+       int (*pcre_callout)(pcre_callout_block *);
+
+       int (*pcre_stack_guard)(void);
+
+
+PCRE 8-BIT, 16-BIT, AND 32-BIT LIBRARIES
+
+       As  well  as  support  for  8-bit character strings, PCRE also supports
+       16-bit strings (from release 8.30) and  32-bit  strings  (from  release
+       8.32),  by means of two additional libraries. They can be built as well
+       as, or instead of, the 8-bit library. To avoid too  much  complication,
+       this  document describes the 8-bit versions of the functions, with only
+       occasional references to the 16-bit and 32-bit libraries.
+
+       The 16-bit and 32-bit functions operate in the same way as their  8-bit
+       counterparts;  they  just  use different data types for their arguments
+       and results, and their names start with pcre16_ or pcre32_  instead  of
+       pcre_.  For  every  option  that  has  UTF8  in  its name (for example,
+       PCRE_UTF8), there are corresponding 16-bit and 32-bit names  with  UTF8
+       replaced by UTF16 or UTF32, respectively. This facility is in fact just
+       cosmetic; the 16-bit and 32-bit option names define the same  bit  val-
+       ues.
+
+       References to bytes and UTF-8 in this document should be read as refer-
+       ences to 16-bit data units and UTF-16 when using the 16-bit library, or
+       32-bit  data  units  and  UTF-32  when using the 32-bit library, unless
+       specified otherwise.  More details of the specific differences for  the
+       16-bit and 32-bit libraries are given in the pcre16 and pcre32 pages.
+
+
+PCRE API OVERVIEW
+
+       PCRE has its own native API, which is described in this document. There
+       are also some wrapper functions (for the 8-bit library only) that  cor-
+       respond  to  the  POSIX  regular  expression  API, but they do not give
+       access to all the functionality. They are described  in  the  pcreposix
+       documentation.  Both  of these APIs define a set of C function calls. A
+       C++ wrapper (again for the 8-bit library only) is also distributed with
+       PCRE. It is documented in the pcrecpp page.
+
+       The  native  API  C  function prototypes are defined in the header file
+       pcre.h, and on Unix-like systems the (8-bit) library itself  is  called
+       libpcre.  It  can  normally be accessed by adding -lpcre to the command
+       for linking an application that uses PCRE. The header file defines  the
+       macros PCRE_MAJOR and PCRE_MINOR to contain the major and minor release
+       numbers for the library. Applications can use these to include  support
+       for different releases of PCRE.
+
+       In a Windows environment, if you want to statically link an application
+       program against a non-dll pcre.a  file,  you  must  define  PCRE_STATIC
+       before  including  pcre.h or pcrecpp.h, because otherwise the pcre_mal-
+       loc()   and   pcre_free()   exported   functions   will   be   declared
+       __declspec(dllimport), with unwanted results.
+
+       The   functions   pcre_compile(),  pcre_compile2(),  pcre_study(),  and
+       pcre_exec() are used for compiling and matching regular expressions  in
+       a  Perl-compatible  manner. A sample program that demonstrates the sim-
+       plest way of using them is provided in the file  called  pcredemo.c  in
+       the PCRE source distribution. A listing of this program is given in the
+       pcredemo documentation, and the pcresample documentation describes  how
+       to compile and run it.
+
+       Just-in-time  compiler  support is an optional feature of PCRE that can
+       be built in appropriate hardware environments. It greatly speeds up the
+       matching  performance  of  many  patterns.  Simple  programs can easily
+       request that it be used if available, by  setting  an  option  that  is
+       ignored  when  it is not relevant. More complicated programs might need
+       to    make    use    of    the    functions     pcre_jit_stack_alloc(),
+       pcre_jit_stack_free(),  and pcre_assign_jit_stack() in order to control
+       the JIT code's memory usage.
+
+       From release 8.32 there is also a direct interface for  JIT  execution,
+       which  gives  improved performance. The JIT-specific functions are dis-
+       cussed in the pcrejit documentation.
+
+       A second matching function, pcre_dfa_exec(), which is not Perl-compati-
+       ble,  is  also provided. This uses a different algorithm for the match-
+       ing. The alternative algorithm finds all possible matches (at  a  given
+       point  in  the  subject), and scans the subject just once (unless there
+       are lookbehind assertions). However, this  algorithm  does  not  return
+       captured  substrings.  A description of the two matching algorithms and
+       their advantages and disadvantages is given in the  pcrematching  docu-
+       mentation.
+
+       In  addition  to  the  main compiling and matching functions, there are
+       convenience functions for extracting captured substrings from a subject
+       string that is matched by pcre_exec(). They are:
+
+         pcre_copy_substring()
+         pcre_copy_named_substring()
+         pcre_get_substring()
+         pcre_get_named_substring()
+         pcre_get_substring_list()
+         pcre_get_stringnumber()
+         pcre_get_stringtable_entries()
+
+       pcre_free_substring() and pcre_free_substring_list() are also provided,
+       to free the memory used for extracted strings.
+
+       The function pcre_maketables() is used to  build  a  set  of  character
+       tables   in   the   current   locale  for  passing  to  pcre_compile(),
+       pcre_exec(), or pcre_dfa_exec(). This is an optional facility  that  is
+       provided  for  specialist  use.  Most  commonly,  no special tables are
+       passed, in which case internal tables that are generated when  PCRE  is
+       built are used.
+
+       The  function  pcre_fullinfo()  is used to find out information about a
+       compiled pattern. The function pcre_version() returns a  pointer  to  a
+       string containing the version of PCRE and its date of release.
+
+       The  function  pcre_refcount()  maintains  a  reference count in a data
+       block containing a compiled pattern. This is provided for  the  benefit
+       of object-oriented applications.
+
+       The  global  variables  pcre_malloc and pcre_free initially contain the
+       entry points of the standard malloc()  and  free()  functions,  respec-
+       tively. PCRE calls the memory management functions via these variables,
+       so a calling program can replace them if it  wishes  to  intercept  the
+       calls. This should be done before calling any PCRE functions.
+
+       The  global  variables  pcre_stack_malloc  and pcre_stack_free are also
+       indirections to memory management functions.  These  special  functions
+       are  used  only  when  PCRE is compiled to use the heap for remembering
+       data, instead of recursive function calls, when running the pcre_exec()
+       function.  See  the  pcrebuild  documentation  for details of how to do
+       this. It is a non-standard way of building PCRE, for  use  in  environ-
+       ments  that  have  limited stacks. Because of the greater use of memory
+       management, it runs more slowly. Separate  functions  are  provided  so
+       that  special-purpose  external  code  can  be used for this case. When
+       used, these functions always allocate memory blocks of the  same  size.
+       There  is  a discussion about PCRE's stack usage in the pcrestack docu-
+       mentation.
+
+       The global variable pcre_callout initially contains NULL. It can be set
+       by  the  caller  to  a "callout" function, which PCRE will then call at
+       specified points during a matching operation. Details are given in  the
+       pcrecallout documentation.
+
+       The global variable pcre_stack_guard initially contains NULL. It can be
+       set by the caller to a function that is  called  by  PCRE  whenever  it
+       starts  to  compile a parenthesized part of a pattern. When parentheses
+       are nested, PCRE uses recursive function calls, which use up the system
+       stack.  This  function is provided so that applications with restricted
+       stacks can force a compilation error if the stack runs out.  The  func-
+       tion should return zero if all is well, or non-zero to force an error.
+
+
+NEWLINES
+
+       PCRE  supports five different conventions for indicating line breaks in
+       strings: a single CR (carriage return) character, a  single  LF  (line-
+       feed) character, the two-character sequence CRLF, any of the three pre-
+       ceding, or any Unicode newline sequence. The Unicode newline  sequences
+       are  the  three just mentioned, plus the single characters VT (vertical
+       tab, U+000B), FF (form feed, U+000C), NEL (next line, U+0085), LS (line
+       separator, U+2028), and PS (paragraph separator, U+2029).
+
+       Each  of  the first three conventions is used by at least one operating
+       system as its standard newline sequence. When PCRE is built, a  default
+       can  be  specified.  The default default is LF, which is the Unix stan-
+       dard. When PCRE is run, the default can be overridden,  either  when  a
+       pattern is compiled, or when it is matched.
+
+       At compile time, the newline convention can be specified by the options
+       argument of pcre_compile(), or it can be specified by special  text  at
+       the start of the pattern itself; this overrides any other settings. See
+       the pcrepattern page for details of the special character sequences.
+
+       In the PCRE documentation the word "newline" is used to mean "the char-
+       acter  or pair of characters that indicate a line break". The choice of
+       newline convention affects the handling of  the  dot,  circumflex,  and
+       dollar metacharacters, the handling of #-comments in /x mode, and, when
+       CRLF is a recognized line ending sequence, the match position  advance-
+       ment for a non-anchored pattern. There is more detail about this in the
+       section on pcre_exec() options below.
+
+       The choice of newline convention does not affect the interpretation  of
+       the  \n  or  \r  escape  sequences, nor does it affect what \R matches,
+       which is controlled in a similar way, but by separate options.
+
+
+MULTITHREADING
+
+       The PCRE functions can be used in  multi-threading  applications,  with
+       the  proviso  that  the  memory  management  functions  pointed  to  by
+       pcre_malloc, pcre_free, pcre_stack_malloc, and pcre_stack_free, and the
+       callout  and  stack-checking  functions  pointed to by pcre_callout and
+       pcre_stack_guard, are shared by all threads.
+
+       The compiled form of a regular expression is not altered during  match-
+       ing, so the same compiled pattern can safely be used by several threads
+       at once.
+
+       If the just-in-time optimization feature is being used, it needs  sepa-
+       rate  memory stack areas for each thread. See the pcrejit documentation
+       for more details.
+
+
+SAVING PRECOMPILED PATTERNS FOR LATER USE
+
+       The compiled form of a regular expression can be saved and re-used at a
+       later  time,  possibly by a different program, and even on a host other
+       than the one on which  it  was  compiled.  Details  are  given  in  the
+       pcreprecompile  documentation,  which  includes  a  description  of the
+       pcre_pattern_to_host_byte_order() function. However, compiling a  regu-
+       lar  expression  with one version of PCRE for use with a different ver-
+       sion is not guaranteed to work and may cause crashes.
+
+
+CHECKING BUILD-TIME OPTIONS
+
+       int pcre_config(int what, void *where);
+
+       The function pcre_config() makes it possible for a PCRE client to  dis-
+       cover which optional features have been compiled into the PCRE library.
+       The pcrebuild documentation has more details about these optional  fea-
+       tures.
+
+       The  first  argument  for pcre_config() is an integer, specifying which
+       information is required; the second argument is a pointer to a variable
+       into  which  the  information  is placed. The returned value is zero on
+       success, or the negative error code PCRE_ERROR_BADOPTION if  the  value
+       in  the  first argument is not recognized. The following information is
+       available:
+
+         PCRE_CONFIG_UTF8
+
+       The output is an integer that is set to one if UTF-8 support is  avail-
+       able;  otherwise it is set to zero. This value should normally be given
+       to the 8-bit version of this function, pcre_config(). If it is given to
+       the   16-bit  or  32-bit  version  of  this  function,  the  result  is
+       PCRE_ERROR_BADOPTION.
+
+         PCRE_CONFIG_UTF16
+
+       The output is an integer that is set to one if UTF-16 support is avail-
+       able;  otherwise it is set to zero. This value should normally be given
+       to the 16-bit version of this function, pcre16_config(). If it is given
+       to  the  8-bit  or  32-bit  version  of  this  function,  the result is
+       PCRE_ERROR_BADOPTION.
+
+         PCRE_CONFIG_UTF32
+
+       The output is an integer that is set to one if UTF-32 support is avail-
+       able;  otherwise it is set to zero. This value should normally be given
+       to the 32-bit version of this function, pcre32_config(). If it is given
+       to  the  8-bit  or  16-bit  version  of  this  function,  the result is
+       PCRE_ERROR_BADOPTION.
+
+         PCRE_CONFIG_UNICODE_PROPERTIES
+
+       The output is an integer that is set to  one  if  support  for  Unicode
+       character properties is available; otherwise it is set to zero.
+
+         PCRE_CONFIG_JIT
+
+       The output is an integer that is set to one if support for just-in-time
+       compiling is available; otherwise it is set to zero.
+
+         PCRE_CONFIG_JITTARGET
+
+       The output is a pointer to a zero-terminated "const char *" string.  If
+       JIT support is available, the string contains the name of the architec-
+       ture for which the JIT compiler is configured, for example  "x86  32bit
+       (little  endian  +  unaligned)".  If  JIT support is not available, the
+       result is NULL.
+
+         PCRE_CONFIG_NEWLINE
+
+       The output is an integer whose value specifies  the  default  character
+       sequence  that  is recognized as meaning "newline". The values that are
+       supported in ASCII/Unicode environments are: 10 for LF, 13 for CR, 3338
+       for  CRLF,  -2 for ANYCRLF, and -1 for ANY. In EBCDIC environments, CR,
+       ANYCRLF, and ANY yield the same values. However, the value  for  LF  is
+       normally  21, though some EBCDIC environments use 37. The corresponding
+       values for CRLF are 3349 and 3365. The default should  normally  corre-
+       spond to the standard sequence for your operating system.
+
+         PCRE_CONFIG_BSR
+
+       The output is an integer whose value indicates what character sequences
+       the \R escape sequence matches by default. A value of 0 means  that  \R
+       matches  any  Unicode  line ending sequence; a value of 1 means that \R
+       matches only CR, LF, or CRLF. The default can be overridden when a pat-
+       tern is compiled or matched.
+
+         PCRE_CONFIG_LINK_SIZE
+
+       The  output  is  an  integer that contains the number of bytes used for
+       internal  linkage  in  compiled  regular  expressions.  For  the  8-bit
+       library, the value can be 2, 3, or 4. For the 16-bit library, the value
+       is either 2 or 4 and is  still  a  number  of  bytes.  For  the  32-bit
+       library, the value is either 2 or 4 and is still a number of bytes. The
+       default value of 2 is sufficient for all but the most massive patterns,
+       since  it  allows  the compiled pattern to be up to 64K in size. Larger
+       values allow larger regular expressions to be compiled, at the  expense
+       of slower matching.
+
+         PCRE_CONFIG_POSIX_MALLOC_THRESHOLD
+
+       The  output  is  an integer that contains the threshold above which the
+       POSIX interface uses malloc() for output vectors. Further  details  are
+       given in the pcreposix documentation.
+
+         PCRE_CONFIG_PARENS_LIMIT
+
+       The output is a long integer that gives the maximum depth of nesting of
+       parentheses (of any kind) in a pattern. This limit is  imposed  to  cap
+       the amount of system stack used when a pattern is compiled. It is spec-
+       ified when PCRE is built; the default is 250. This limit does not  take
+       into account the stack that may already be used by the calling applica-
+       tion. For finer control over compilation stack usage,  you  can  set  a
+       pointer to an external checking function in pcre_stack_guard.
+
+         PCRE_CONFIG_MATCH_LIMIT
+
+       The  output is a long integer that gives the default limit for the num-
+       ber of internal matching function calls  in  a  pcre_exec()  execution.
+       Further details are given with pcre_exec() below.
+
+         PCRE_CONFIG_MATCH_LIMIT_RECURSION
+
+       The output is a long integer that gives the default limit for the depth
+       of  recursion  when  calling  the  internal  matching  function  in   a
+       pcre_exec()  execution.  Further  details  are  given  with pcre_exec()
+       below.
+
+         PCRE_CONFIG_STACKRECURSE
+
+       The output is an integer that is set to one if internal recursion  when
+       running pcre_exec() is implemented by recursive function calls that use
+       the stack to remember their state. This is the usual way that  PCRE  is
+       compiled. The output is zero if PCRE was compiled to use blocks of data
+       on the  heap  instead  of  recursive  function  calls.  In  this  case,
+       pcre_stack_malloc  and  pcre_stack_free  are  called  to  manage memory
+       blocks on the heap, thus avoiding the use of the stack.
+
+
+COMPILING A PATTERN
+
+       pcre *pcre_compile(const char *pattern, int options,
+            const char **errptr, int *erroffset,
+            const unsigned char *tableptr);
+
+       pcre *pcre_compile2(const char *pattern, int options,
+            int *errorcodeptr,
+            const char **errptr, int *erroffset,
+            const unsigned char *tableptr);
+
+       Either of the functions pcre_compile() or pcre_compile2() can be called
+       to compile a pattern into an internal form. The only difference between
+       the two interfaces is that pcre_compile2() has an additional  argument,
+       errorcodeptr,  via  which  a  numerical  error code can be returned. To
+       avoid too much repetition, we refer just to pcre_compile()  below,  but
+       the information applies equally to pcre_compile2().
+
+       The pattern is a C string terminated by a binary zero, and is passed in
+       the pattern argument. A pointer to a single block  of  memory  that  is
+       obtained  via  pcre_malloc is returned. This contains the compiled code
+       and related data. The pcre type is defined for the returned block; this
+       is a typedef for a structure whose contents are not externally defined.
+       It is up to the caller to free the memory (via pcre_free) when it is no
+       longer required.
+
+       Although  the compiled code of a PCRE regex is relocatable, that is, it
+       does not depend on memory location, the complete pcre data block is not
+       fully  relocatable, because it may contain a copy of the tableptr argu-
+       ment, which is an address (see below).
+
+       The options argument contains various bit settings that affect the com-
+       pilation.  It  should be zero if no options are required. The available
+       options are described below. Some of them (in  particular,  those  that
+       are  compatible with Perl, but some others as well) can also be set and
+       unset from within the pattern (see  the  detailed  description  in  the
+       pcrepattern  documentation). For those options that can be different in
+       different parts of the pattern, the contents of  the  options  argument
+       specifies their settings at the start of compilation and execution. The
+       PCRE_ANCHORED, PCRE_BSR_xxx, PCRE_NEWLINE_xxx, PCRE_NO_UTF8_CHECK,  and
+       PCRE_NO_START_OPTIMIZE  options  can  be set at the time of matching as
+       well as at compile time.
+
+       If errptr is NULL, pcre_compile() returns NULL immediately.  Otherwise,
+       if  compilation  of  a  pattern fails, pcre_compile() returns NULL, and
+       sets the variable pointed to by errptr to point to a textual error mes-
+       sage. This is a static string that is part of the library. You must not
+       try to free it. Normally, the offset from the start of the  pattern  to
+       the data unit that was being processed when the error was discovered is
+       placed in the variable pointed to by erroffset, which must not be  NULL
+       (if  it is, an immediate error is given). However, for an invalid UTF-8
+       or UTF-16 string, the offset is that of the  first  data  unit  of  the
+       failing character.
+
+       Some  errors are not detected until the whole pattern has been scanned;
+       in these cases, the offset passed back is the length  of  the  pattern.
+       Note  that  the  offset is in data units, not characters, even in a UTF
+       mode. It may sometimes point into the middle of a UTF-8 or UTF-16 char-
+       acter.
+
+       If  pcre_compile2()  is  used instead of pcre_compile(), and the error-
+       codeptr argument is not NULL, a non-zero error code number is  returned
+       via  this argument in the event of an error. This is in addition to the
+       textual error message. Error codes and messages are listed below.
+
+       If the final argument, tableptr, is NULL, PCRE uses a  default  set  of
+       character  tables  that  are  built  when  PCRE  is compiled, using the
+       default C locale. Otherwise, tableptr must be an address  that  is  the
+       result  of  a  call to pcre_maketables(). This value is stored with the
+       compiled pattern, and used again  by  pcre_exec()  and  pcre_dfa_exec()
+       when  the  pattern  is matched. For more discussion, see the section on
+       locale support below.
+
+       This code fragment shows a typical straightforward  call  to  pcre_com-
+       pile():
+
+         pcre *re;
+         const char *error;
+         int erroffset;
+         re = pcre_compile(
+           "^A.*Z",          /* the pattern */
+           0,                /* default options */
+           &error,           /* for error message */
+           &erroffset,       /* for error offset */
+           NULL);            /* use default character tables */
+
+       The  following  names  for option bits are defined in the pcre.h header
+       file:
+
+         PCRE_ANCHORED
+
+       If this bit is set, the pattern is forced to be "anchored", that is, it
+       is  constrained to match only at the first matching point in the string
+       that is being searched (the "subject string"). This effect can also  be
+       achieved  by appropriate constructs in the pattern itself, which is the
+       only way to do it in Perl.
+
+         PCRE_AUTO_CALLOUT
+
+       If this bit is set, pcre_compile() automatically inserts callout items,
+       all  with  number  255, before each pattern item. For discussion of the
+       callout facility, see the pcrecallout documentation.
+
+         PCRE_BSR_ANYCRLF
+         PCRE_BSR_UNICODE
+
+       These options (which are mutually exclusive) control what the \R escape
+       sequence  matches.  The choice is either to match only CR, LF, or CRLF,
+       or to match any Unicode newline sequence. The default is specified when
+       PCRE is built. It can be overridden from within the pattern, or by set-
+       ting an option when a compiled pattern is matched.
+
+         PCRE_CASELESS
+
+       If this bit is set, letters in the pattern match both upper  and  lower
+       case  letters.  It  is  equivalent  to  Perl's /i option, and it can be
+       changed within a pattern by a (?i) option setting. In UTF-8 mode,  PCRE
+       always  understands the concept of case for characters whose values are
+       less than 128, so caseless matching is always possible. For  characters
+       with  higher  values,  the concept of case is supported if PCRE is com-
+       piled with Unicode property support, but not otherwise. If you want  to
+       use  caseless  matching  for  characters 128 and above, you must ensure
+       that PCRE is compiled with Unicode property support  as  well  as  with
+       UTF-8 support.
+
+         PCRE_DOLLAR_ENDONLY
+
+       If  this bit is set, a dollar metacharacter in the pattern matches only
+       at the end of the subject string. Without this option,  a  dollar  also
+       matches  immediately before a newline at the end of the string (but not
+       before any other newlines). The PCRE_DOLLAR_ENDONLY option  is  ignored
+       if  PCRE_MULTILINE  is  set.   There is no equivalent to this option in
+       Perl, and no way to set it within a pattern.
+
+         PCRE_DOTALL
+
+       If this bit is set, a dot metacharacter in the pattern matches a  char-
+       acter of any value, including one that indicates a newline. However, it
+       only ever matches one character, even if newlines are  coded  as  CRLF.
+       Without  this option, a dot does not match when the current position is
+       at a newline. This option is equivalent to Perl's /s option, and it can
+       be  changed within a pattern by a (?s) option setting. A negative class
+       such as [^a] always matches newline characters, independent of the set-
+       ting of this option.
+
+         PCRE_DUPNAMES
+
+       If  this  bit is set, names used to identify capturing subpatterns need
+       not be unique. This can be helpful for certain types of pattern when it
+       is  known  that  only  one instance of the named subpattern can ever be
+       matched. There are more details of named subpatterns  below;  see  also
+       the pcrepattern documentation.
+
+         PCRE_EXTENDED
+
+       If  this  bit  is  set,  most white space characters in the pattern are
+       totally ignored except when escaped or inside a character  class.  How-
+       ever,  white  space  is  not  allowed within sequences such as (?> that
+       introduce various parenthesized subpatterns,  nor  within  a  numerical
+       quantifier  such as {1,3}.  However, ignorable white space is permitted
+       between an item and a following quantifier and between a quantifier and
+       a following + that indicates possessiveness.
+
+       White space did not used to include the VT character (code 11), because
+       Perl did not treat this character as white space. However, Perl changed
+       at  release  5.18,  so  PCRE  followed  at  release 8.34, and VT is now
+       treated as white space.
+
+       PCRE_EXTENDED also causes characters between an unescaped #  outside  a
+       character  class  and  the  next  newline,  inclusive,  to  be ignored.
+       PCRE_EXTENDED is equivalent to Perl's /x option, and it can be  changed
+       within a pattern by a (?x) option setting.
+
+       Which  characters  are  interpreted  as  newlines  is controlled by the
+       options passed to pcre_compile() or by a special sequence at the  start
+       of  the  pattern, as described in the section entitled "Newline conven-
+       tions" in the pcrepattern documentation. Note that the end of this type
+       of  comment  is  a  literal  newline  sequence  in  the pattern; escape
+       sequences that happen to represent a newline do not count.
+
+       This option makes it possible to include  comments  inside  complicated
+       patterns.   Note,  however,  that this applies only to data characters.
+       White space  characters  may  never  appear  within  special  character
+       sequences in a pattern, for example within the sequence (?( that intro-
+       duces a conditional subpattern.
+
+         PCRE_EXTRA
+
+       This option was invented in order to turn on  additional  functionality
+       of  PCRE  that  is  incompatible with Perl, but it is currently of very
+       little use. When set, any backslash in a pattern that is followed by  a
+       letter  that  has  no  special  meaning causes an error, thus reserving
+       these combinations for future expansion. By  default,  as  in  Perl,  a
+       backslash  followed by a letter with no special meaning is treated as a
+       literal. (Perl can, however, be persuaded to give an error for this, by
+       running  it with the -w option.) There are at present no other features
+       controlled by this option. It can also be set by a (?X) option  setting
+       within a pattern.
+
+         PCRE_FIRSTLINE
+
+       If  this  option  is  set,  an  unanchored pattern is required to match
+       before or at the first  newline  in  the  subject  string,  though  the
+       matched text may continue over the newline.
+
+         PCRE_JAVASCRIPT_COMPAT
+
+       If this option is set, PCRE's behaviour is changed in some ways so that
+       it is compatible with JavaScript rather than Perl. The changes  are  as
+       follows:
+
+       (1)  A  lone  closing square bracket in a pattern causes a compile-time
+       error, because this is illegal in JavaScript (by default it is  treated
+       as a data character). Thus, the pattern AB]CD becomes illegal when this
+       option is set.
+
+       (2) At run time, a back reference to an unset subpattern group  matches
+       an  empty  string (by default this causes the current matching alterna-
+       tive to fail). A pattern such as (\1)(a) succeeds when this  option  is
+       set  (assuming  it can find an "a" in the subject), whereas it fails by
+       default, for Perl compatibility.
+
+       (3) \U matches an upper case "U" character; by default \U causes a com-
+       pile time error (Perl uses \U to upper case subsequent characters).
+
+       (4) \u matches a lower case "u" character unless it is followed by four
+       hexadecimal digits, in which case the hexadecimal  number  defines  the
+       code  point  to match. By default, \u causes a compile time error (Perl
+       uses it to upper case the following character).
+
+       (5) \x matches a lower case "x" character unless it is followed by  two
+       hexadecimal  digits,  in  which case the hexadecimal number defines the
+       code point to match. By default, as in Perl, a  hexadecimal  number  is
+       always expected after \x, but it may have zero, one, or two digits (so,
+       for example, \xz matches a binary zero character followed by z).
+
+         PCRE_MULTILINE
+
+       By default, for the purposes of matching "start of line"  and  "end  of
+       line", PCRE treats the subject string as consisting of a single line of
+       characters, even if it actually contains newlines. The "start of  line"
+       metacharacter (^) matches only at the start of the string, and the "end
+       of line" metacharacter ($) matches only at the end of  the  string,  or
+       before  a terminating newline (except when PCRE_DOLLAR_ENDONLY is set).
+       Note, however, that unless PCRE_DOTALL  is  set,  the  "any  character"
+       metacharacter  (.)  does not match at a newline. This behaviour (for ^,
+       $, and dot) is the same as Perl.
+
+       When PCRE_MULTILINE it is set, the "start of line" and  "end  of  line"
+       constructs  match  immediately following or immediately before internal
+       newlines in the subject string, respectively, as well as  at  the  very
+       start  and  end.  This is equivalent to Perl's /m option, and it can be
+       changed within a pattern by a (?m) option setting. If there are no new-
+       lines  in  a  subject string, or no occurrences of ^ or $ in a pattern,
+       setting PCRE_MULTILINE has no effect.
+
+         PCRE_NEVER_UTF
+
+       This option locks out interpretation of the pattern as UTF-8 (or UTF-16
+       or  UTF-32  in the 16-bit and 32-bit libraries). In particular, it pre-
+       vents the creator of the pattern from switching to  UTF  interpretation
+       by starting the pattern with (*UTF). This may be useful in applications
+       that  process  patterns  from  external  sources.  The  combination  of
+       PCRE_UTF8 and PCRE_NEVER_UTF also causes an error.
+
+         PCRE_NEWLINE_CR
+         PCRE_NEWLINE_LF
+         PCRE_NEWLINE_CRLF
+         PCRE_NEWLINE_ANYCRLF
+         PCRE_NEWLINE_ANY
+
+       These  options  override the default newline definition that was chosen
+       when PCRE was built. Setting the first or the second specifies  that  a
+       newline  is  indicated  by a single character (CR or LF, respectively).
+       Setting PCRE_NEWLINE_CRLF specifies that a newline is indicated by  the
+       two-character  CRLF  sequence.  Setting  PCRE_NEWLINE_ANYCRLF specifies
+       that any of the three preceding sequences should be recognized. Setting
+       PCRE_NEWLINE_ANY  specifies that any Unicode newline sequence should be
+       recognized.
+
+       In an ASCII/Unicode environment, the Unicode newline sequences are  the
+       three  just  mentioned,  plus  the  single characters VT (vertical tab,
+       U+000B), FF (form feed, U+000C), NEL (next line, U+0085), LS (line sep-
+       arator,  U+2028),  and  PS (paragraph separator, U+2029). For the 8-bit
+       library, the last two are recognized only in UTF-8 mode.
+
+       When PCRE is compiled to run in an EBCDIC (mainframe) environment,  the
+       code for CR is 0x0d, the same as ASCII. However, the character code for
+       LF is normally 0x15, though in some EBCDIC environments 0x25  is  used.
+       Whichever  of  these  is  not LF is made to correspond to Unicode's NEL
+       character. EBCDIC codes are all less than 256. For  more  details,  see
+       the pcrebuild documentation.
+
+       The  newline  setting  in  the  options  word  uses three bits that are
+       treated as a number, giving eight possibilities. Currently only six are
+       used  (default  plus the five values above). This means that if you set
+       more than one newline option, the combination may or may not be  sensi-
+       ble. For example, PCRE_NEWLINE_CR with PCRE_NEWLINE_LF is equivalent to
+       PCRE_NEWLINE_CRLF, but other combinations may yield unused numbers  and
+       cause an error.
+
+       The  only  time  that a line break in a pattern is specially recognized
+       when compiling is when PCRE_EXTENDED is set. CR and LF are white  space
+       characters,  and so are ignored in this mode. Also, an unescaped # out-
+       side a character class indicates a comment that lasts until  after  the
+       next  line break sequence. In other circumstances, line break sequences
+       in patterns are treated as literal data.
+
+       The newline option that is set at compile time becomes the default that
+       is used for pcre_exec() and pcre_dfa_exec(), but it can be overridden.
+
+         PCRE_NO_AUTO_CAPTURE
+
+       If this option is set, it disables the use of numbered capturing paren-
+       theses in the pattern. Any opening parenthesis that is not followed  by
+       ?  behaves as if it were followed by ?: but named parentheses can still
+       be used for capturing (and they acquire  numbers  in  the  usual  way).
+       There is no equivalent of this option in Perl.
+
+         PCRE_NO_AUTO_POSSESS
+
+       If  this option is set, it disables "auto-possessification". This is an
+       optimization that, for example, turns a+b into a++b in order  to  avoid
+       backtracks  into  a+ that can never be successful. However, if callouts
+       are in use, auto-possessification means that some  of  them  are  never
+       taken. You can set this option if you want the matching functions to do
+       a full unoptimized search and run all the callouts, but  it  is  mainly
+       provided for testing purposes.
+
+         PCRE_NO_START_OPTIMIZE
+
+       This  is an option that acts at matching time; that is, it is really an
+       option for pcre_exec() or pcre_dfa_exec(). If  it  is  set  at  compile
+       time,  it is remembered with the compiled pattern and assumed at match-
+       ing time. This is necessary if you want to use JIT  execution,  because
+       the  JIT  compiler needs to know whether or not this option is set. For
+       details see the discussion of PCRE_NO_START_OPTIMIZE below.
+
+         PCRE_UCP
+
+       This option changes the way PCRE processes \B, \b, \D, \d, \S, \s,  \W,
+       \w,  and  some  of  the POSIX character classes. By default, only ASCII
+       characters are recognized, but if PCRE_UCP is set,  Unicode  properties
+       are  used instead to classify characters. More details are given in the
+       section on generic character types in the pcrepattern page. If you  set
+       PCRE_UCP,  matching  one of the items it affects takes much longer. The
+       option is available only if PCRE has been compiled with  Unicode  prop-
+       erty support.
+
+         PCRE_UNGREEDY
+
+       This  option  inverts  the "greediness" of the quantifiers so that they
+       are not greedy by default, but become greedy if followed by "?". It  is
+       not  compatible  with Perl. It can also be set by a (?U) option setting
+       within the pattern.
+
+         PCRE_UTF8
+
+       This option causes PCRE to regard both the pattern and the  subject  as
+       strings of UTF-8 characters instead of single-byte strings. However, it
+       is available only when PCRE is built to include UTF  support.  If  not,
+       the  use  of  this option provokes an error. Details of how this option
+       changes the behaviour of PCRE are given in the pcreunicode page.
+
+         PCRE_NO_UTF8_CHECK
+
+       When PCRE_UTF8 is set, the validity of the pattern as a UTF-8 string is
+       automatically  checked.  There  is  a  discussion about the validity of
+       UTF-8 strings in the pcreunicode page. If an invalid UTF-8 sequence  is
+       found,  pcre_compile()  returns an error. If you already know that your
+       pattern is valid, and you want to skip this check for performance  rea-
+       sons,  you  can set the PCRE_NO_UTF8_CHECK option.  When it is set, the
+       effect of passing an invalid UTF-8 string as a pattern is undefined. It
+       may cause your program to crash or loop. Note that this option can also
+       be passed to pcre_exec() and pcre_dfa_exec(), to suppress the  validity
+       checking  of  subject strings only. If the same string is being matched
+       many times, the option can be safely set for the second and  subsequent
+       matchings to improve performance.
+
+
+COMPILATION ERROR CODES
+
+       The  following  table  lists  the  error  codes than may be returned by
+       pcre_compile2(), along with the error messages that may be returned  by
+       both  compiling  functions.  Note  that error messages are always 8-bit
+       ASCII strings, even in 16-bit or 32-bit mode. As  PCRE  has  developed,
+       some  error codes have fallen out of use. To avoid confusion, they have
+       not been re-used.
+
+          0  no error
+          1  \ at end of pattern
+          2  \c at end of pattern
+          3  unrecognized character follows \
+          4  numbers out of order in {} quantifier
+          5  number too big in {} quantifier
+          6  missing terminating ] for character class
+          7  invalid escape sequence in character class
+          8  range out of order in character class
+          9  nothing to repeat
+         10  [this code is not in use]
+         11  internal error: unexpected repeat
+         12  unrecognized character after (? or (?-
+         13  POSIX named classes are supported only within a class
+         14  missing )
+         15  reference to non-existent subpattern
+         16  erroffset passed as NULL
+         17  unknown option bit(s) set
+         18  missing ) after comment
+         19  [this code is not in use]
+         20  regular expression is too large
+         21  failed to get memory
+         22  unmatched parentheses
+         23  internal error: code overflow
+         24  unrecognized character after (?<
+         25  lookbehind assertion is not fixed length
+         26  malformed number or name after (?(
+         27  conditional group contains more than two branches
+         28  assertion expected after (?(
+         29  (?R or (?[+-]digits must be followed by )
+         30  unknown POSIX class name
+         31  POSIX collating elements are not supported
+         32  this version of PCRE is compiled without UTF support
+         33  [this code is not in use]
+         34  character value in \x{} or \o{} is too large
+         35  invalid condition (?(0)
+         36  \C not allowed in lookbehind assertion
+         37  PCRE does not support \L, \l, \N{name}, \U, or \u
+         38  number after (?C is > 255
+         39  closing ) for (?C expected
+         40  recursive call could loop indefinitely
+         41  unrecognized character after (?P
+         42  syntax error in subpattern name (missing terminator)
+         43  two named subpatterns have the same name
+         44  invalid UTF-8 string (specifically UTF-8)
+         45  support for \P, \p, and \X has not been compiled
+         46  malformed \P or \p sequence
+         47  unknown property name after \P or \p
+         48  subpattern name is too long (maximum 32 characters)
+         49  too many named subpatterns (maximum 10000)
+         50  [this code is not in use]
+         51  octal value is greater than \377 in 8-bit non-UTF-8 mode
+         52  internal error: overran compiling workspace
+         53  internal error: previously-checked referenced subpattern
+               not found
+         54  DEFINE group contains more than one branch
+         55  repeating a DEFINE group is not allowed
+         56  inconsistent NEWLINE options
+         57  \g is not followed by a braced, angle-bracketed, or quoted
+               name/number or by a plain number
+         58  a numbered reference must not be zero
+         59  an argument is not allowed for (*ACCEPT), (*FAIL), or (*COMMIT)
+         60  (*VERB) not recognized or malformed
+         61  number is too big
+         62  subpattern name expected
+         63  digit expected after (?+
+         64  ] is an invalid data character in JavaScript compatibility mode
+         65  different names for subpatterns of the same number are
+               not allowed
+         66  (*MARK) must have an argument
+         67  this version of PCRE is not compiled with Unicode property
+               support
+         68  \c must be followed by an ASCII character
+         69  \k is not followed by a braced, angle-bracketed, or quoted name
+         70  internal error: unknown opcode in find_fixedlength()
+         71  \N is not supported in a class
+         72  too many forward references
+         73  disallowed Unicode code point (>= 0xd800 && <= 0xdfff)
+         74  invalid UTF-16 string (specifically UTF-16)
+         75  name is too long in (*MARK), (*PRUNE), (*SKIP), or (*THEN)
+         76  character value in \u.... sequence is too large
+         77  invalid UTF-32 string (specifically UTF-32)
+         78  setting UTF is disabled by the application
+         79  non-hex character in \x{} (closing brace missing?)
+         80  non-octal character in \o{} (closing brace missing?)
+         81  missing opening brace after \o
+         82  parentheses are too deeply nested
+         83  invalid range in character class
+         84  group name must start with a non-digit
+         85  parentheses are too deeply nested (stack check)
+
+       The numbers 32 and 10000 in errors 48 and 49  are  defaults;  different
+       values may be used if the limits were changed when PCRE was built.
+
+
+STUDYING A PATTERN
+
+       pcre_extra *pcre_study(const pcre *code, int options,
+            const char **errptr);
+
+       If  a  compiled  pattern is going to be used several times, it is worth
+       spending more time analyzing it in order to speed up the time taken for
+       matching.  The function pcre_study() takes a pointer to a compiled pat-
+       tern as its first argument. If studying the pattern produces additional
+       information  that  will  help speed up matching, pcre_study() returns a
+       pointer to a pcre_extra block, in which the study_data field points  to
+       the results of the study.
+
+       The  returned  value  from  pcre_study()  can  be  passed  directly  to
+       pcre_exec() or pcre_dfa_exec(). However, a pcre_extra block  also  con-
+       tains  other  fields  that can be set by the caller before the block is
+       passed; these are described below in the section on matching a pattern.
+
+       If studying the  pattern  does  not  produce  any  useful  information,
+       pcre_study()  returns  NULL  by  default.  In that circumstance, if the
+       calling program wants to pass any of the other fields to pcre_exec() or
+       pcre_dfa_exec(),  it  must set up its own pcre_extra block. However, if
+       pcre_study() is called  with  the  PCRE_STUDY_EXTRA_NEEDED  option,  it
+       returns a pcre_extra block even if studying did not find any additional
+       information. It may still return NULL, however, if an error  occurs  in
+       pcre_study().
+
+       The  second  argument  of  pcre_study() contains option bits. There are
+       three further options in addition to PCRE_STUDY_EXTRA_NEEDED:
+
+         PCRE_STUDY_JIT_COMPILE
+         PCRE_STUDY_JIT_PARTIAL_HARD_COMPILE
+         PCRE_STUDY_JIT_PARTIAL_SOFT_COMPILE
+
+       If any of these are set, and the just-in-time  compiler  is  available,
+       the  pattern  is  further compiled into machine code that executes much
+       faster than the pcre_exec()  interpretive  matching  function.  If  the
+       just-in-time  compiler is not available, these options are ignored. All
+       undefined bits in the options argument must be zero.
+
+       JIT compilation is a heavyweight optimization. It can  take  some  time
+       for  patterns  to  be analyzed, and for one-off matches and simple pat-
+       terns the benefit of faster execution might be offset by a much  slower
+       study time.  Not all patterns can be optimized by the JIT compiler. For
+       those that cannot be handled, matching automatically falls back to  the
+       pcre_exec()  interpreter.  For more details, see the pcrejit documenta-
+       tion.
+
+       The third argument for pcre_study() is a pointer for an error  message.
+       If  studying  succeeds  (even  if no data is returned), the variable it
+       points to is set to NULL. Otherwise it is set to  point  to  a  textual
+       error message. This is a static string that is part of the library. You
+       must not try to free it. You should test the  error  pointer  for  NULL
+       after calling pcre_study(), to be sure that it has run successfully.
+
+       When  you are finished with a pattern, you can free the memory used for
+       the study data by calling pcre_free_study(). This function was added to
+       the  API  for  release  8.20. For earlier versions, the memory could be
+       freed with pcre_free(), just like the pattern itself. This  will  still
+       work  in  cases where JIT optimization is not used, but it is advisable
+       to change to the new function when convenient.
+
+       This is a typical way in which pcre_study() is used (except that  in  a
+       real application there should be tests for errors):
+
+         int rc;
+         pcre *re;
+         pcre_extra *sd;
+         re = pcre_compile("pattern", 0, &error, &erroroffset, NULL);
+         sd = pcre_study(
+           re,             /* result of pcre_compile() */
+           0,              /* no options */
+           &error);        /* set to NULL or points to a message */
+         rc = pcre_exec(   /* see below for details of pcre_exec() options */
+           re, sd, "subject", 7, 0, 0, ovector, 30);
+         ...
+         pcre_free_study(sd);
+         pcre_free(re);
+
+       Studying a pattern does two things: first, a lower bound for the length
+       of subject string that is needed to match the pattern is computed. This
+       does not mean that there are any strings of that length that match, but
+       it does guarantee that no shorter strings match. The value is  used  to
+       avoid wasting time by trying to match strings that are shorter than the
+       lower bound. You can find out the value in a calling  program  via  the
+       pcre_fullinfo() function.
+
+       Studying a pattern is also useful for non-anchored patterns that do not
+       have a single fixed starting character. A bitmap of  possible  starting
+       bytes  is  created. This speeds up finding a position in the subject at
+       which to start matching. (In 16-bit mode, the bitmap is used for 16-bit
+       values  less  than  256.  In 32-bit mode, the bitmap is used for 32-bit
+       values less than 256.)
+
+       These two optimizations apply to both pcre_exec() and  pcre_dfa_exec(),
+       and  the  information  is also used by the JIT compiler.  The optimiza-
+       tions can be disabled by  setting  the  PCRE_NO_START_OPTIMIZE  option.
+       You  might want to do this if your pattern contains callouts or (*MARK)
+       and you want to make use of these facilities in  cases  where  matching
+       fails.
+
+       PCRE_NO_START_OPTIMIZE  can be specified at either compile time or exe-
+       cution  time.  However,  if   PCRE_NO_START_OPTIMIZE   is   passed   to
+       pcre_exec(), (that is, after any JIT compilation has happened) JIT exe-
+       cution is disabled. For JIT execution to work with  PCRE_NO_START_OPTI-
+       MIZE, the option must be set at compile time.
+
+       There is a longer discussion of PCRE_NO_START_OPTIMIZE below.
+
+
+LOCALE SUPPORT
+
+       PCRE  handles  caseless matching, and determines whether characters are
+       letters, digits, or whatever, by reference to a set of tables,  indexed
+       by  character  code point. When running in UTF-8 mode, or in the 16- or
+       32-bit libraries, this applies only to characters with code points less
+       than  256.  By  default,  higher-valued code points never match escapes
+       such as \w or \d. However, if PCRE is built with Unicode property  sup-
+       port,  all  characters can be tested with \p and \P, or, alternatively,
+       the PCRE_UCP option can be set when a pattern is compiled; this  causes
+       \w  and friends to use Unicode property support instead of the built-in
+       tables.
+
+       The use of locales with Unicode is discouraged.  If  you  are  handling
+       characters  with  code  points  greater than 128, you should either use
+       Unicode support, or use locales, but not try to mix the two.
+
+       PCRE contains an internal set of tables that are used  when  the  final
+       argument  of  pcre_compile()  is  NULL.  These  are sufficient for many
+       applications.  Normally, the internal tables recognize only ASCII char-
+       acters. However, when PCRE is built, it is possible to cause the inter-
+       nal tables to be rebuilt in the default "C" locale of the local system,
+       which may cause them to be different.
+
+       The  internal tables can always be overridden by tables supplied by the
+       application that calls PCRE. These may be created in a different locale
+       from  the  default.  As more and more applications change to using Uni-
+       code, the need for this locale support is expected to die away.
+
+       External tables are built by calling  the  pcre_maketables()  function,
+       which  has no arguments, in the relevant locale. The result can then be
+       passed to pcre_compile() as often as necessary. For example,  to  build
+       and  use  tables  that  are  appropriate  for  the French locale (where
+       accented characters with values greater than 128 are  treated  as  let-
+       ters), the following code could be used:
+
+         setlocale(LC_CTYPE, "fr_FR");
+         tables = pcre_maketables();
+         re = pcre_compile(..., tables);
+
+       The  locale  name "fr_FR" is used on Linux and other Unix-like systems;
+       if you are using Windows, the name for the French locale is "french".
+
+       When pcre_maketables() runs, the tables are built  in  memory  that  is
+       obtained  via  pcre_malloc. It is the caller's responsibility to ensure
+       that the memory containing the tables remains available for as long  as
+       it is needed.
+
+       The pointer that is passed to pcre_compile() is saved with the compiled
+       pattern, and the same tables are used via this pointer by  pcre_study()
+       and  also by pcre_exec() and pcre_dfa_exec(). Thus, for any single pat-
+       tern, compilation, studying and matching all happen in the same locale,
+       but different patterns can be processed in different locales.
+
+       It  is  possible to pass a table pointer or NULL (indicating the use of
+       the internal tables) to pcre_exec() or pcre_dfa_exec() (see the discus-
+       sion below in the section on matching a pattern). This facility is pro-
+       vided for use with pre-compiled  patterns  that  have  been  saved  and
+       reloaded.   Character  tables are not saved with patterns, so if a non-
+       standard table was used at compile time, it must be provided again when
+       the  reloaded  pattern  is  matched. Attempting to use this facility to
+       match a pattern in a different locale from the one in which it was com-
+       piled is likely to lead to anomalous (usually incorrect) results.
+
+
+INFORMATION ABOUT A PATTERN
+
+       int pcre_fullinfo(const pcre *code, const pcre_extra *extra,
+            int what, void *where);
+
+       The  pcre_fullinfo() function returns information about a compiled pat-
+       tern. It replaces the pcre_info() function, which was removed from  the
+       library at version 8.30, after more than 10 years of obsolescence.
+
+       The  first  argument  for  pcre_fullinfo() is a pointer to the compiled
+       pattern. The second argument is the result of pcre_study(), or NULL  if
+       the  pattern  was not studied. The third argument specifies which piece
+       of information is required, and the fourth argument is a pointer  to  a
+       variable  to  receive  the  data. The yield of the function is zero for
+       success, or one of the following negative numbers:
+
+         PCRE_ERROR_NULL           the argument code was NULL
+                                   the argument where was NULL
+         PCRE_ERROR_BADMAGIC       the "magic number" was not found
+         PCRE_ERROR_BADENDIANNESS  the pattern was compiled with different
+                                   endianness
+         PCRE_ERROR_BADOPTION      the value of what was invalid
+         PCRE_ERROR_UNSET          the requested field is not set
+
+       The "magic number" is placed at the start of each compiled  pattern  as
+       an  simple check against passing an arbitrary memory pointer. The endi-
+       anness error can occur if a compiled pattern is saved and reloaded on a
+       different  host.  Here  is a typical call of pcre_fullinfo(), to obtain
+       the length of the compiled pattern:
+
+         int rc;
+         size_t length;
+         rc = pcre_fullinfo(
+           re,               /* result of pcre_compile() */
+           sd,               /* result of pcre_study(), or NULL */
+           PCRE_INFO_SIZE,   /* what is required */
+           &length);         /* where to put the data */
+
+       The possible values for the third argument are defined in  pcre.h,  and
+       are as follows:
+
+         PCRE_INFO_BACKREFMAX
+
+       Return  the  number  of  the highest back reference in the pattern. The
+       fourth argument should point to an int variable. Zero  is  returned  if
+       there are no back references.
+
+         PCRE_INFO_CAPTURECOUNT
+
+       Return  the  number of capturing subpatterns in the pattern. The fourth
+       argument should point to an int variable.
+
+         PCRE_INFO_DEFAULT_TABLES
+
+       Return a pointer to the internal default character tables within  PCRE.
+       The  fourth  argument should point to an unsigned char * variable. This
+       information call is provided for internal use by the pcre_study() func-
+       tion.  External  callers  can  cause PCRE to use its internal tables by
+       passing a NULL table pointer.
+
+         PCRE_INFO_FIRSTBYTE (deprecated)
+
+       Return information about the first data unit of any matched string, for
+       a  non-anchored  pattern.  The  name of this option refers to the 8-bit
+       library, where data units are bytes. The fourth argument  should  point
+       to  an  int  variable. Negative values are used for special cases. How-
+       ever, this means that when the 32-bit library is  in  non-UTF-32  mode,
+       the  full  32-bit range of characters cannot be returned. For this rea-
+       son, this value is deprecated;  use  PCRE_INFO_FIRSTCHARACTERFLAGS  and
+       PCRE_INFO_FIRSTCHARACTER instead.
+
+       If  there  is  a  fixed first value, for example, the letter "c" from a
+       pattern such as (cat|cow|coyote), its value is returned. In  the  8-bit
+       library,  the  value is always less than 256. In the 16-bit library the
+       value can be up to 0xffff. In the 32-bit library the value can be up to
+       0x10ffff.
+
+       If there is no fixed first value, and if either
+
+       (a)  the pattern was compiled with the PCRE_MULTILINE option, and every
+       branch starts with "^", or
+
+       (b) every branch of the pattern starts with ".*" and PCRE_DOTALL is not
+       set (if it were set, the pattern would be anchored),
+
+       -1  is  returned, indicating that the pattern matches only at the start
+       of a subject string or after any newline within the  string.  Otherwise
+       -2 is returned. For anchored patterns, -2 is returned.
+
+         PCRE_INFO_FIRSTCHARACTER
+
+       Return  the  value  of  the  first data unit (non-UTF character) of any
+       matched string in  the  situation  where  PCRE_INFO_FIRSTCHARACTERFLAGS
+       returns  1;  otherwise return 0. The fourth argument should point to an
+       uint_t variable.
+
+       In the 8-bit library, the value is always less than 256. In the  16-bit
+       library  the value can be up to 0xffff. In the 32-bit library in UTF-32
+       mode the value can be up to 0x10ffff, and up  to  0xffffffff  when  not
+       using UTF-32 mode.
+
+         PCRE_INFO_FIRSTCHARACTERFLAGS
+
+       Return information about the first data unit of any matched string, for
+       a non-anchored pattern. The fourth argument  should  point  to  an  int
+       variable.
+
+       If  there  is  a  fixed first value, for example, the letter "c" from a
+       pattern such as (cat|cow|coyote), 1  is  returned,  and  the  character
+       value  can  be retrieved using PCRE_INFO_FIRSTCHARACTER. If there is no
+       fixed first value, and if either
+
+       (a) the pattern was compiled with the PCRE_MULTILINE option, and  every
+       branch starts with "^", or
+
+       (b) every branch of the pattern starts with ".*" and PCRE_DOTALL is not
+       set (if it were set, the pattern would be anchored),
+
+       2 is returned, indicating that the pattern matches only at the start of
+       a subject string or after any newline within the string. Otherwise 0 is
+       returned. For anchored patterns, 0 is returned.
+
+         PCRE_INFO_FIRSTTABLE
+
+       If the pattern was studied, and this resulted in the construction of  a
+       256-bit  table indicating a fixed set of values for the first data unit
+       in any matching string, a pointer to the table is  returned.  Otherwise
+       NULL  is returned. The fourth argument should point to an unsigned char
+       * variable.
+
+         PCRE_INFO_HASCRORLF
+
+       Return 1 if the pattern contains any explicit  matches  for  CR  or  LF
+       characters,  otherwise  0.  The  fourth argument should point to an int
+       variable. An explicit match is either a literal CR or LF character,  or
+       \r or \n.
+
+         PCRE_INFO_JCHANGED
+
+       Return  1  if  the (?J) or (?-J) option setting is used in the pattern,
+       otherwise 0. The fourth argument should point to an int variable.  (?J)
+       and (?-J) set and unset the local PCRE_DUPNAMES option, respectively.
+
+         PCRE_INFO_JIT
+
+       Return  1  if  the pattern was studied with one of the JIT options, and
+       just-in-time compiling was successful. The fourth argument should point
+       to  an  int variable. A return value of 0 means that JIT support is not
+       available in this version of PCRE, or that the pattern was not  studied
+       with  a JIT option, or that the JIT compiler could not handle this par-
+       ticular pattern. See the pcrejit documentation for details of what  can
+       and cannot be handled.
+
+         PCRE_INFO_JITSIZE
+
+       If  the  pattern was successfully studied with a JIT option, return the
+       size of the JIT compiled code, otherwise return zero. The fourth  argu-
+       ment should point to a size_t variable.
+
+         PCRE_INFO_LASTLITERAL
+
+       Return  the value of the rightmost literal data unit that must exist in
+       any matched string, other than at its start, if such a value  has  been
+       recorded. The fourth argument should point to an int variable. If there
+       is no such value, -1 is returned. For anchored patterns, a last literal
+       value  is recorded only if it follows something of variable length. For
+       example, for the pattern /^a\d+z\d+/ the returned value is "z", but for
+       /^a\dz\d/ the returned value is -1.
+
+       Since  for  the 32-bit library using the non-UTF-32 mode, this function
+       is unable to return the full 32-bit range of characters, this value  is
+       deprecated;     instead     the     PCRE_INFO_REQUIREDCHARFLAGS     and
+       PCRE_INFO_REQUIREDCHAR values should be used.
+
+         PCRE_INFO_MATCH_EMPTY
+
+       Return 1 if the pattern can match an empty  string,  otherwise  0.  The
+       fourth argument should point to an int variable.
+
+         PCRE_INFO_MATCHLIMIT
+
+       If  the  pattern  set  a  match  limit by including an item of the form
+       (*LIMIT_MATCH=nnnn) at the start, the value  is  returned.  The  fourth
+       argument  should  point to an unsigned 32-bit integer. If no such value
+       has  been  set,  the  call  to  pcre_fullinfo()   returns   the   error
+       PCRE_ERROR_UNSET.
+
+         PCRE_INFO_MAXLOOKBEHIND
+
+       Return  the  number  of  characters  (NB not data units) in the longest
+       lookbehind assertion in the pattern. This information  is  useful  when
+       doing  multi-segment  matching  using  the partial matching facilities.
+       Note that the simple assertions \b and \B require a one-character look-
+       behind.  \A  also  registers a one-character lookbehind, though it does
+       not actually inspect the previous character. This is to ensure that  at
+       least one character from the old segment is retained when a new segment
+       is processed. Otherwise, if there are no lookbehinds in the pattern, \A
+       might match incorrectly at the start of a new segment.
+
+         PCRE_INFO_MINLENGTH
+
+       If  the  pattern  was studied and a minimum length for matching subject
+       strings was computed, its value is  returned.  Otherwise  the  returned
+       value is -1. The value is a number of characters, which in UTF mode may
+       be different from the number of data units. The fourth argument  should
+       point  to an int variable. A non-negative value is a lower bound to the
+       length of any matching string. There may not be  any  strings  of  that
+       length  that  do actually match, but every string that does match is at
+       least that long.
+
+         PCRE_INFO_NAMECOUNT
+         PCRE_INFO_NAMEENTRYSIZE
+         PCRE_INFO_NAMETABLE
+
+       PCRE supports the use of named as well as numbered capturing  parenthe-
+       ses.  The names are just an additional way of identifying the parenthe-
+       ses, which still acquire numbers. Several convenience functions such as
+       pcre_get_named_substring()  are  provided  for extracting captured sub-
+       strings by name. It is also possible to extract the data  directly,  by
+       first  converting  the  name to a number in order to access the correct
+       pointers in the output vector (described with pcre_exec() below). To do
+       the  conversion,  you  need  to  use  the  name-to-number map, which is
+       described by these three values.
+
+       The map consists of a number of fixed-size entries. PCRE_INFO_NAMECOUNT
+       gives the number of entries, and PCRE_INFO_NAMEENTRYSIZE gives the size
+       of each entry; both of these  return  an  int  value.  The  entry  size
+       depends  on the length of the longest name. PCRE_INFO_NAMETABLE returns
+       a pointer to the first entry of the table. This is a pointer to char in
+       the 8-bit library, where the first two bytes of each entry are the num-
+       ber of the capturing parenthesis, most significant byte first.  In  the
+       16-bit  library,  the pointer points to 16-bit data units, the first of
+       which contains the parenthesis  number.  In  the  32-bit  library,  the
+       pointer  points  to  32-bit data units, the first of which contains the
+       parenthesis number. The rest of the entry is  the  corresponding  name,
+       zero terminated.
+
+       The  names are in alphabetical order. If (?| is used to create multiple
+       groups with the same number, as described in the section  on  duplicate
+       subpattern numbers in the pcrepattern page, the groups may be given the
+       same name, but there is only one entry in the  table.  Different  names
+       for  groups  of the same number are not permitted.  Duplicate names for
+       subpatterns with different numbers are permitted, but only if PCRE_DUP-
+       NAMES  is set. They appear in the table in the order in which they were
+       found in the pattern. In the absence  of  (?|  this  is  the  order  of
+       increasing  number;  when  (?| is used this is not necessarily the case
+       because later subpatterns may have lower numbers.
+
+       As a simple example of the name/number table,  consider  the  following
+       pattern after compilation by the 8-bit library (assume PCRE_EXTENDED is
+       set, so white space - including newlines - is ignored):
+
+         (?<date> (?<year>(\d\d)?\d\d) -
+         (?<month>\d\d) - (?<day>\d\d) )
+
+       There are four named subpatterns, so the table has  four  entries,  and
+       each  entry  in the table is eight bytes long. The table is as follows,
+       with non-printing bytes shows in hexadecimal, and undefined bytes shown
+       as ??:
+
+         00 01 d  a  t  e  00 ??
+         00 05 d  a  y  00 ?? ??
+         00 04 m  o  n  t  h  00
+         00 02 y  e  a  r  00 ??
+
+       When  writing  code  to  extract  data from named subpatterns using the
+       name-to-number map, remember that the length of the entries  is  likely
+       to be different for each compiled pattern.
+
+         PCRE_INFO_OKPARTIAL
+
+       Return  1  if  the  pattern  can  be  used  for  partial  matching with
+       pcre_exec(), otherwise 0. The fourth argument should point  to  an  int
+       variable.  From  release  8.00,  this  always  returns  1,  because the
+       restrictions that previously applied  to  partial  matching  have  been
+       lifted.  The  pcrepartial documentation gives details of partial match-
+       ing.
+
+         PCRE_INFO_OPTIONS
+
+       Return a copy of the options with which the pattern was  compiled.  The
+       fourth  argument  should  point to an unsigned long int variable. These
+       option bits are those specified in the call to pcre_compile(), modified
+       by any top-level option settings at the start of the pattern itself. In
+       other words, they are the options that will be in force  when  matching
+       starts.  For  example, if the pattern /(?im)abc(?-i)d/ is compiled with
+       the PCRE_EXTENDED option, the result is PCRE_CASELESS,  PCRE_MULTILINE,
+       and PCRE_EXTENDED.
+
+       A  pattern  is  automatically  anchored by PCRE if all of its top-level
+       alternatives begin with one of the following:
+
+         ^     unless PCRE_MULTILINE is set
+         \A    always
+         \G    always
+         .*    if PCRE_DOTALL is set and there are no back
+                 references to the subpattern in which .* appears
+
+       For such patterns, the PCRE_ANCHORED bit is set in the options returned
+       by pcre_fullinfo().
+
+         PCRE_INFO_RECURSIONLIMIT
+
+       If  the  pattern set a recursion limit by including an item of the form
+       (*LIMIT_RECURSION=nnnn) at the start, the value is returned. The fourth
+       argument  should  point to an unsigned 32-bit integer. If no such value
+       has  been  set,  the  call  to  pcre_fullinfo()   returns   the   error
+       PCRE_ERROR_UNSET.
+
+         PCRE_INFO_SIZE
+
+       Return  the  size  of  the  compiled  pattern  in  bytes (for all three
+       libraries). The fourth argument should point to a size_t variable. This
+       value  does not include the size of the pcre structure that is returned
+       by pcre_compile().  The  value  that  is  passed  as  the  argument  to
+       pcre_malloc()  when  pcre_compile() is getting memory in which to place
+       the compiled data is the value returned by this option plus the size of
+       the  pcre  structure. Studying a compiled pattern, with or without JIT,
+       does not alter the value returned by this option.
+
+         PCRE_INFO_STUDYSIZE
+
+       Return the size in bytes (for all three libraries) of  the  data  block
+       pointed to by the study_data field in a pcre_extra block. If pcre_extra
+       is NULL, or there is no study data, zero is returned. The fourth  argu-
+       ment  should point to a size_t variable. The study_data field is set by
+       pcre_study() to record information that will speed up matching (see the
+       section  entitled  "Studying  a  pattern"  above).  The  format  of the
+       study_data block is private, but its length is made available via  this
+       option  so  that  it  can be saved and restored (see the pcreprecompile
+       documentation for details).
+
+         PCRE_INFO_REQUIREDCHARFLAGS
+
+       Returns 1 if there is a rightmost literal data unit that must exist  in
+       any matched string, other than at its start. The fourth argument should
+       point to an int variable. If there is no such value, 0 is returned.  If
+       returning  1,  the  character  value  itself  can  be  retrieved  using
+       PCRE_INFO_REQUIREDCHAR.
+
+       For anchored patterns, a last literal value is recorded only if it fol-
+       lows  something  of  variable  length.  For  example,  for  the pattern
+       /^a\d+z\d+/  the   returned   value   1   (with   "z"   returned   from
+       PCRE_INFO_REQUIREDCHAR), but for /^a\dz\d/ the returned value is 0.
+
+         PCRE_INFO_REQUIREDCHAR
+
+       Return  the value of the rightmost literal data unit that must exist in
+       any matched string, other than at its start, if such a value  has  been
+       recorded.  The fourth argument should point to an uint32_t variable. If
+       there is no such value, 0 is returned.
+
+
+REFERENCE COUNTS
+
+       int pcre_refcount(pcre *code, int adjust);
+
+       The pcre_refcount() function is used to maintain a reference  count  in
+       the data block that contains a compiled pattern. It is provided for the
+       benefit of applications that  operate  in  an  object-oriented  manner,
+       where different parts of the application may be using the same compiled
+       pattern, but you want to free the block when they are all done.
+
+       When a pattern is compiled, the reference count field is initialized to
+       zero.   It is changed only by calling this function, whose action is to
+       add the adjust value (which may be positive or  negative)  to  it.  The
+       yield of the function is the new value. However, the value of the count
+       is constrained to lie between 0 and 65535, inclusive. If the new  value
+       is outside these limits, it is forced to the appropriate limit value.
+
+       Except  when it is zero, the reference count is not correctly preserved
+       if a pattern is compiled on one host and then  transferred  to  a  host
+       whose byte-order is different. (This seems a highly unlikely scenario.)
+
+
+MATCHING A PATTERN: THE TRADITIONAL FUNCTION
+
+       int pcre_exec(const pcre *code, const pcre_extra *extra,
+            const char *subject, int length, int startoffset,
+            int options, int *ovector, int ovecsize);
+
+       The  function pcre_exec() is called to match a subject string against a
+       compiled pattern, which is passed in the code argument. If the  pattern
+       was  studied,  the  result  of  the study should be passed in the extra
+       argument. You can call pcre_exec() with the same code and  extra  argu-
+       ments  as  many  times as you like, in order to match different subject
+       strings with the same pattern.
+
+       This function is the main matching facility  of  the  library,  and  it
+       operates  in  a  Perl-like  manner. For specialist use there is also an
+       alternative matching function, which is described below in the  section
+       about the pcre_dfa_exec() function.
+
+       In  most applications, the pattern will have been compiled (and option-
+       ally studied) in the same process that calls pcre_exec().  However,  it
+       is possible to save compiled patterns and study data, and then use them
+       later in different processes, possibly even on different hosts.  For  a
+       discussion about this, see the pcreprecompile documentation.
+
+       Here is an example of a simple call to pcre_exec():
+
+         int rc;
+         int ovector[30];
+         rc = pcre_exec(
+           re,             /* result of pcre_compile() */
+           NULL,           /* we didn't study the pattern */
+           "some string",  /* the subject string */
+           11,             /* the length of the subject string */
+           0,              /* start at offset 0 in the subject */
+           0,              /* default options */
+           ovector,        /* vector of integers for substring information */
+           30);            /* number of elements (NOT size in bytes) */
+
+   Extra data for pcre_exec()
+
+       If  the  extra argument is not NULL, it must point to a pcre_extra data
+       block. The pcre_study() function returns such a block (when it  doesn't
+       return  NULL), but you can also create one for yourself, and pass addi-
+       tional information in it. The pcre_extra block contains  the  following
+       fields (not necessarily in this order):
+
+         unsigned long int flags;
+         void *study_data;
+         void *executable_jit;
+         unsigned long int match_limit;
+         unsigned long int match_limit_recursion;
+         void *callout_data;
+         const unsigned char *tables;
+         unsigned char **mark;
+
+       In  the  16-bit  version  of  this  structure,  the mark field has type
+       "PCRE_UCHAR16 **".
+
+       In the 32-bit version of  this  structure,  the  mark  field  has  type
+       "PCRE_UCHAR32 **".
+
+       The  flags  field is used to specify which of the other fields are set.
+       The flag bits are:
+
+         PCRE_EXTRA_CALLOUT_DATA
+         PCRE_EXTRA_EXECUTABLE_JIT
+         PCRE_EXTRA_MARK
+         PCRE_EXTRA_MATCH_LIMIT
+         PCRE_EXTRA_MATCH_LIMIT_RECURSION
+         PCRE_EXTRA_STUDY_DATA
+         PCRE_EXTRA_TABLES
+
+       Other flag bits should be set to zero. The study_data field  and  some-
+       times  the executable_jit field are set in the pcre_extra block that is
+       returned by pcre_study(), together with the appropriate flag bits.  You
+       should  not set these yourself, but you may add to the block by setting
+       other fields and their corresponding flag bits.
+
+       The match_limit field provides a means of preventing PCRE from using up
+       a  vast amount of resources when running patterns that are not going to
+       match, but which have a very large number  of  possibilities  in  their
+       search  trees. The classic example is a pattern that uses nested unlim-
+       ited repeats.
+
+       Internally, pcre_exec() uses a function called match(), which it  calls
+       repeatedly  (sometimes  recursively).  The  limit set by match_limit is
+       imposed on the number of times this function is called during a  match,
+       which  has  the  effect of limiting the amount of backtracking that can
+       take place. For patterns that are not anchored, the count restarts from
+       zero for each position in the subject string.
+
+       When pcre_exec() is called with a pattern that was successfully studied
+       with a JIT option, the way that the matching is  executed  is  entirely
+       different.  However, there is still the possibility of runaway matching
+       that goes on for a very long time, and so the match_limit value is also
+       used in this case (but in a different way) to limit how long the match-
+       ing can continue.
+
+       The default value for the limit can be set  when  PCRE  is  built;  the
+       default  default  is 10 million, which handles all but the most extreme
+       cases. You can override the default  by  suppling  pcre_exec()  with  a
+       pcre_extra     block    in    which    match_limit    is    set,    and
+       PCRE_EXTRA_MATCH_LIMIT is set in the  flags  field.  If  the  limit  is
+       exceeded, pcre_exec() returns PCRE_ERROR_MATCHLIMIT.
+
+       A  value  for  the  match  limit may also be supplied by an item at the
+       start of a pattern of the form
+
+         (*LIMIT_MATCH=d)
+
+       where d is a decimal number. However, such a setting is ignored  unless
+       d  is  less  than  the limit set by the caller of pcre_exec() or, if no
+       such limit is set, less than the default.
+
+       The match_limit_recursion field is similar to match_limit, but  instead
+       of limiting the total number of times that match() is called, it limits
+       the depth of recursion. The recursion depth is a  smaller  number  than
+       the  total number of calls, because not all calls to match() are recur-
+       sive.  This limit is of use only if it is set smaller than match_limit.
+
+       Limiting the recursion depth limits the amount of  machine  stack  that
+       can  be used, or, when PCRE has been compiled to use memory on the heap
+       instead of the stack, the amount of heap memory that can be used.  This
+       limit  is not relevant, and is ignored, when matching is done using JIT
+       compiled code.
+
+       The default value for match_limit_recursion can be  set  when  PCRE  is
+       built;  the  default  default  is  the  same  value  as the default for
+       match_limit. You can override the default by suppling pcre_exec()  with
+       a   pcre_extra   block  in  which  match_limit_recursion  is  set,  and
+       PCRE_EXTRA_MATCH_LIMIT_RECURSION is set in  the  flags  field.  If  the
+       limit is exceeded, pcre_exec() returns PCRE_ERROR_RECURSIONLIMIT.
+
+       A  value for the recursion limit may also be supplied by an item at the
+       start of a pattern of the form
+
+         (*LIMIT_RECURSION=d)
+
+       where d is a decimal number. However, such a setting is ignored  unless
+       d  is  less  than  the limit set by the caller of pcre_exec() or, if no
+       such limit is set, less than the default.
+
+       The callout_data field is used in conjunction with the  "callout"  fea-
+       ture, and is described in the pcrecallout documentation.
+
+       The  tables field is provided for use with patterns that have been pre-
+       compiled using custom character tables, saved to disc or elsewhere, and
+       then  reloaded,  because the tables that were used to compile a pattern
+       are not saved with it. See the pcreprecompile documentation for a  dis-
+       cussion  of  saving  compiled patterns for later use. If NULL is passed
+       using this mechanism, it forces PCRE's internal tables to be used.
+
+       Warning: The tables that pcre_exec() uses must be  the  same  as  those
+       that  were used when the pattern was compiled. If this is not the case,
+       the behaviour of pcre_exec() is undefined. Therefore, when a pattern is
+       compiled  and  matched  in the same process, this field should never be
+       set. In this (the most common) case, the correct table pointer is auto-
+       matically  passed  with  the  compiled  pattern  from pcre_compile() to
+       pcre_exec().
+
+       If PCRE_EXTRA_MARK is set in the flags field, the mark  field  must  be
+       set  to point to a suitable variable. If the pattern contains any back-
+       tracking control verbs such as (*MARK:NAME), and the execution ends  up
+       with  a  name  to  pass back, a pointer to the name string (zero termi-
+       nated) is placed in the variable pointed to  by  the  mark  field.  The
+       names  are  within  the  compiled pattern; if you wish to retain such a
+       name you must copy it before freeing the memory of a compiled  pattern.
+       If  there  is no name to pass back, the variable pointed to by the mark
+       field is set to NULL. For details of the  backtracking  control  verbs,
+       see the section entitled "Backtracking control" in the pcrepattern doc-
+       umentation.
+
+   Option bits for pcre_exec()
+
+       The unused bits of the options argument for pcre_exec() must  be  zero.
+       The  only  bits  that  may  be set are PCRE_ANCHORED, PCRE_NEWLINE_xxx,
+       PCRE_NOTBOL,   PCRE_NOTEOL,    PCRE_NOTEMPTY,    PCRE_NOTEMPTY_ATSTART,
+       PCRE_NO_START_OPTIMIZE,   PCRE_NO_UTF8_CHECK,   PCRE_PARTIAL_HARD,  and
+       PCRE_PARTIAL_SOFT.
+
+       If the pattern was successfully studied with one  of  the  just-in-time
+       (JIT) compile options, the only supported options for JIT execution are
+       PCRE_NO_UTF8_CHECK,    PCRE_NOTBOL,     PCRE_NOTEOL,     PCRE_NOTEMPTY,
+       PCRE_NOTEMPTY_ATSTART,  PCRE_PARTIAL_HARD, and PCRE_PARTIAL_SOFT. If an
+       unsupported option is used, JIT execution is disabled  and  the  normal
+       interpretive code in pcre_exec() is run.
+
+         PCRE_ANCHORED
+
+       The  PCRE_ANCHORED  option  limits pcre_exec() to matching at the first
+       matching position. If a pattern was  compiled  with  PCRE_ANCHORED,  or
+       turned  out to be anchored by virtue of its contents, it cannot be made
+       unachored at matching time.
+
+         PCRE_BSR_ANYCRLF
+         PCRE_BSR_UNICODE
+
+       These options (which are mutually exclusive) control what the \R escape
+       sequence  matches.  The choice is either to match only CR, LF, or CRLF,
+       or to match any Unicode newline sequence. These  options  override  the
+       choice that was made or defaulted when the pattern was compiled.
+
+         PCRE_NEWLINE_CR
+         PCRE_NEWLINE_LF
+         PCRE_NEWLINE_CRLF
+         PCRE_NEWLINE_ANYCRLF
+         PCRE_NEWLINE_ANY
+
+       These  options  override  the  newline  definition  that  was chosen or
+       defaulted when the pattern was compiled. For details, see the  descrip-
+       tion  of  pcre_compile()  above.  During  matching,  the newline choice
+       affects the behaviour of the dot, circumflex,  and  dollar  metacharac-
+       ters.  It may also alter the way the match position is advanced after a
+       match failure for an unanchored pattern.
+
+       When PCRE_NEWLINE_CRLF, PCRE_NEWLINE_ANYCRLF,  or  PCRE_NEWLINE_ANY  is
+       set,  and a match attempt for an unanchored pattern fails when the cur-
+       rent position is at a  CRLF  sequence,  and  the  pattern  contains  no
+       explicit  matches  for  CR  or  LF  characters,  the  match position is
+       advanced by two characters instead of one, in other words, to after the
+       CRLF.
+
+       The above rule is a compromise that makes the most common cases work as
+       expected. For example, if the  pattern  is  .+A  (and  the  PCRE_DOTALL
+       option is not set), it does not match the string "\r\nA" because, after
+       failing at the start, it skips both the CR and the LF before  retrying.
+       However,  the  pattern  [\r\n]A does match that string, because it con-
+       tains an explicit CR or LF reference, and so advances only by one char-
+       acter after the first failure.
+
+       An explicit match for CR of LF is either a literal appearance of one of
+       those characters, or one of the \r or  \n  escape  sequences.  Implicit
+       matches  such  as [^X] do not count, nor does \s (which includes CR and
+       LF in the characters that it matches).
+
+       Notwithstanding the above, anomalous effects may still occur when  CRLF
+       is a valid newline sequence and explicit \r or \n escapes appear in the
+       pattern.
+
+         PCRE_NOTBOL
+
+       This option specifies that first character of the subject string is not
+       the  beginning  of  a  line, so the circumflex metacharacter should not
+       match before it. Setting this without PCRE_MULTILINE (at compile  time)
+       causes  circumflex  never to match. This option affects only the behav-
+       iour of the circumflex metacharacter. It does not affect \A.
+
+         PCRE_NOTEOL
+
+       This option specifies that the end of the subject string is not the end
+       of  a line, so the dollar metacharacter should not match it nor (except
+       in multiline mode) a newline immediately before it. Setting this  with-
+       out PCRE_MULTILINE (at compile time) causes dollar never to match. This
+       option affects only the behaviour of the dollar metacharacter. It  does
+       not affect \Z or \z.
+
+         PCRE_NOTEMPTY
+
+       An empty string is not considered to be a valid match if this option is
+       set. If there are alternatives in the pattern, they are tried.  If  all
+       the  alternatives  match  the empty string, the entire match fails. For
+       example, if the pattern
+
+         a?b?
+
+       is applied to a string not beginning with "a" or  "b",  it  matches  an
+       empty  string at the start of the subject. With PCRE_NOTEMPTY set, this
+       match is not valid, so PCRE searches further into the string for occur-
+       rences of "a" or "b".
+
+         PCRE_NOTEMPTY_ATSTART
+
+       This  is  like PCRE_NOTEMPTY, except that an empty string match that is
+       not at the start of  the  subject  is  permitted.  If  the  pattern  is
+       anchored, such a match can occur only if the pattern contains \K.
+
+       Perl     has    no    direct    equivalent    of    PCRE_NOTEMPTY    or
+       PCRE_NOTEMPTY_ATSTART, but it does make a special  case  of  a  pattern
+       match  of  the empty string within its split() function, and when using
+       the /g modifier. It is  possible  to  emulate  Perl's  behaviour  after
+       matching a null string by first trying the match again at the same off-
+       set with PCRE_NOTEMPTY_ATSTART and  PCRE_ANCHORED,  and  then  if  that
+       fails, by advancing the starting offset (see below) and trying an ordi-
+       nary match again. There is some code that demonstrates how to  do  this
+       in  the  pcredemo sample program. In the most general case, you have to
+       check to see if the newline convention recognizes CRLF  as  a  newline,
+       and  if so, and the current character is CR followed by LF, advance the
+       starting offset by two characters instead of one.
+
+         PCRE_NO_START_OPTIMIZE
+
+       There are a number of optimizations that pcre_exec() uses at the  start
+       of  a  match,  in  order to speed up the process. For example, if it is
+       known that an unanchored match must start with a specific character, it
+       searches  the  subject  for that character, and fails immediately if it
+       cannot find it, without actually running the  main  matching  function.
+       This means that a special item such as (*COMMIT) at the start of a pat-
+       tern is not considered until after a suitable starting  point  for  the
+       match  has been found. Also, when callouts or (*MARK) items are in use,
+       these "start-up" optimizations can cause them to be skipped if the pat-
+       tern is never actually used. The start-up optimizations are in effect a
+       pre-scan of the subject that takes place before the pattern is run.
+
+       The PCRE_NO_START_OPTIMIZE option disables the start-up  optimizations,
+       possibly  causing  performance  to  suffer,  but ensuring that in cases
+       where the result is "no match", the callouts do occur, and  that  items
+       such as (*COMMIT) and (*MARK) are considered at every possible starting
+       position in the subject string. If  PCRE_NO_START_OPTIMIZE  is  set  at
+       compile  time,  it  cannot  be  unset  at  matching  time.  The  use of
+       PCRE_NO_START_OPTIMIZE  at  matching  time  (that  is,  passing  it  to
+       pcre_exec())  disables  JIT  execution;  in this situation, matching is
+       always done using interpretively.
+
+       Setting PCRE_NO_START_OPTIMIZE can change the  outcome  of  a  matching
+       operation.  Consider the pattern
+
+         (*COMMIT)ABC
+
+       When  this  is  compiled, PCRE records the fact that a match must start
+       with the character "A". Suppose the subject  string  is  "DEFABC".  The
+       start-up  optimization  scans along the subject, finds "A" and runs the
+       first match attempt from there. The (*COMMIT) item means that the  pat-
+       tern  must  match the current starting position, which in this case, it
+       does. However, if the same match  is  run  with  PCRE_NO_START_OPTIMIZE
+       set,  the  initial  scan  along the subject string does not happen. The
+       first match attempt is run starting  from  "D"  and  when  this  fails,
+       (*COMMIT)  prevents  any  further  matches  being tried, so the overall
+       result is "no match". If the pattern is studied,  more  start-up  opti-
+       mizations  may  be  used. For example, a minimum length for the subject
+       may be recorded. Consider the pattern
+
+         (*MARK:A)(X|Y)
+
+       The minimum length for a match is one  character.  If  the  subject  is
+       "ABC",  there  will  be  attempts  to  match "ABC", "BC", "C", and then
+       finally an empty string.  If the pattern is studied, the final  attempt
+       does  not take place, because PCRE knows that the subject is too short,
+       and so the (*MARK) is never encountered.  In this  case,  studying  the
+       pattern  does  not  affect the overall match result, which is still "no
+       match", but it does affect the auxiliary information that is returned.
+
+         PCRE_NO_UTF8_CHECK
+
+       When PCRE_UTF8 is set at compile time, the validity of the subject as a
+       UTF-8  string is automatically checked when pcre_exec() is subsequently
+       called.  The entire string is checked before any other processing takes
+       place.  The  value  of  startoffset  is  also checked to ensure that it
+       points to the start of a UTF-8 character. There is a  discussion  about
+       the  validity  of  UTF-8 strings in the pcreunicode page. If an invalid
+       sequence  of  bytes   is   found,   pcre_exec()   returns   the   error
+       PCRE_ERROR_BADUTF8 or, if PCRE_PARTIAL_HARD is set and the problem is a
+       truncated character at the end of the subject, PCRE_ERROR_SHORTUTF8. In
+       both  cases, information about the precise nature of the error may also
+       be returned (see the descriptions of these errors in the section  enti-
+       tled  Error return values from pcre_exec() below).  If startoffset con-
+       tains a value that does not point to the start of a UTF-8 character (or
+       to the end of the subject), PCRE_ERROR_BADUTF8_OFFSET is returned.
+
+       If  you  already  know that your subject is valid, and you want to skip
+       these   checks   for   performance   reasons,   you   can    set    the
+       PCRE_NO_UTF8_CHECK  option  when calling pcre_exec(). You might want to
+       do this for the second and subsequent calls to pcre_exec() if  you  are
+       making  repeated  calls  to  find  all  the matches in a single subject
+       string. However, you should be  sure  that  the  value  of  startoffset
+       points  to  the  start of a character (or the end of the subject). When
+       PCRE_NO_UTF8_CHECK is set, the effect of passing an invalid string as a
+       subject  or  an invalid value of startoffset is undefined. Your program
+       may crash or loop.
+
+         PCRE_PARTIAL_HARD
+         PCRE_PARTIAL_SOFT
+
+       These options turn on the partial matching feature. For backwards  com-
+       patibility,  PCRE_PARTIAL is a synonym for PCRE_PARTIAL_SOFT. A partial
+       match occurs if the end of the subject string is reached  successfully,
+       but  there  are not enough subject characters to complete the match. If
+       this happens when PCRE_PARTIAL_SOFT (but not PCRE_PARTIAL_HARD) is set,
+       matching  continues  by  testing any remaining alternatives. Only if no
+       complete match can be found is PCRE_ERROR_PARTIAL returned  instead  of
+       PCRE_ERROR_NOMATCH.  In  other  words,  PCRE_PARTIAL_SOFT says that the
+       caller is prepared to handle a partial match, but only if  no  complete
+       match can be found.
+
+       If  PCRE_PARTIAL_HARD  is  set, it overrides PCRE_PARTIAL_SOFT. In this
+       case, if a partial match  is  found,  pcre_exec()  immediately  returns
+       PCRE_ERROR_PARTIAL,  without  considering  any  other  alternatives. In
+       other words, when PCRE_PARTIAL_HARD is set, a partial match is  consid-
+       ered to be more important that an alternative complete match.
+
+       In  both  cases,  the portion of the string that was inspected when the
+       partial match was found is set as the first matching string. There is a
+       more  detailed  discussion  of partial and multi-segment matching, with
+       examples, in the pcrepartial documentation.
+
+   The string to be matched by pcre_exec()
+
+       The subject string is passed to pcre_exec() as a pointer in subject,  a
+       length  in  length, and a starting offset in startoffset. The units for
+       length and startoffset are bytes for the  8-bit  library,  16-bit  data
+       items  for  the  16-bit  library,  and 32-bit data items for the 32-bit
+       library.
+
+       If startoffset is negative or greater than the length of  the  subject,
+       pcre_exec()  returns  PCRE_ERROR_BADOFFSET. When the starting offset is
+       zero, the search for a match starts at the beginning  of  the  subject,
+       and  this  is by far the most common case. In UTF-8 or UTF-16 mode, the
+       offset must point to the start of a character, or the end of  the  sub-
+       ject  (in  UTF-32 mode, one data unit equals one character, so all off-
+       sets are valid). Unlike the pattern string,  the  subject  may  contain
+       binary zeroes.
+
+       A  non-zero  starting offset is useful when searching for another match
+       in the same subject by calling pcre_exec() again after a previous  suc-
+       cess.   Setting  startoffset differs from just passing over a shortened
+       string and setting PCRE_NOTBOL in the case of  a  pattern  that  begins
+       with any kind of lookbehind. For example, consider the pattern
+
+         \Biss\B
+
+       which  finds  occurrences  of "iss" in the middle of words. (\B matches
+       only if the current position in the subject is not  a  word  boundary.)
+       When  applied  to the string "Mississipi" the first call to pcre_exec()
+       finds the first occurrence. If pcre_exec() is called  again  with  just
+       the  remainder  of  the  subject,  namely  "issipi", it does not match,
+       because \B is always false at the start of the subject, which is deemed
+       to  be  a  word  boundary. However, if pcre_exec() is passed the entire
+       string again, but with startoffset set to 4, it finds the second occur-
+       rence  of "iss" because it is able to look behind the starting point to
+       discover that it is preceded by a letter.
+
+       Finding all the matches in a subject is tricky  when  the  pattern  can
+       match an empty string. It is possible to emulate Perl's /g behaviour by
+       first  trying  the  match  again  at  the   same   offset,   with   the
+       PCRE_NOTEMPTY_ATSTART  and  PCRE_ANCHORED  options,  and  then  if that
+       fails, advancing the starting  offset  and  trying  an  ordinary  match
+       again. There is some code that demonstrates how to do this in the pcre-
+       demo sample program. In the most general case, you have to check to see
+       if  the newline convention recognizes CRLF as a newline, and if so, and
+       the current character is CR followed by LF, advance the starting offset
+       by two characters instead of one.
+
+       If  a  non-zero starting offset is passed when the pattern is anchored,
+       one attempt to match at the given offset is made. This can only succeed
+       if  the  pattern  does  not require the match to be at the start of the
+       subject.
+
+   How pcre_exec() returns captured substrings
+
+       In general, a pattern matches a certain portion of the subject, and  in
+       addition,  further  substrings  from  the  subject may be picked out by
+       parts of the pattern. Following the usage  in  Jeffrey  Friedl's  book,
+       this  is  called "capturing" in what follows, and the phrase "capturing
+       subpattern" is used for a fragment of a pattern that picks out  a  sub-
+       string.  PCRE  supports several other kinds of parenthesized subpattern
+       that do not cause substrings to be captured.
+
+       Captured substrings are returned to the caller via a vector of integers
+       whose  address is passed in ovector. The number of elements in the vec-
+       tor is passed in ovecsize, which must be a non-negative  number.  Note:
+       this argument is NOT the size of ovector in bytes.
+
+       The  first  two-thirds of the vector is used to pass back captured sub-
+       strings, each substring using a pair of integers. The  remaining  third
+       of  the  vector is used as workspace by pcre_exec() while matching cap-
+       turing subpatterns, and is not available for passing back  information.
+       The  number passed in ovecsize should always be a multiple of three. If
+       it is not, it is rounded down.
+
+       When a match is successful, information about  captured  substrings  is
+       returned  in  pairs  of integers, starting at the beginning of ovector,
+       and continuing up to two-thirds of its length at the  most.  The  first
+       element  of  each pair is set to the offset of the first character in a
+       substring, and the second is set to the offset of the  first  character
+       after  the  end  of a substring. These values are always data unit off-
+       sets, even in UTF mode. They are byte offsets  in  the  8-bit  library,
+       16-bit  data  item  offsets in the 16-bit library, and 32-bit data item
+       offsets in the 32-bit library. Note: they are not character counts.
+
+       The first pair of integers, ovector[0]  and  ovector[1],  identify  the
+       portion  of  the subject string matched by the entire pattern. The next
+       pair is used for the first capturing subpattern, and so on.  The  value
+       returned by pcre_exec() is one more than the highest numbered pair that
+       has been set.  For example, if two substrings have been  captured,  the
+       returned  value is 3. If there are no capturing subpatterns, the return
+       value from a successful match is 1, indicating that just the first pair
+       of offsets has been set.
+
+       If a capturing subpattern is matched repeatedly, it is the last portion
+       of the string that it matched that is returned.
+
+       If the vector is too small to hold all the captured substring  offsets,
+       it is used as far as possible (up to two-thirds of its length), and the
+       function returns a value of zero. If neither the actual string  matched
+       nor  any captured substrings are of interest, pcre_exec() may be called
+       with ovector passed as NULL and ovecsize as zero. However, if the  pat-
+       tern  contains  back  references  and  the ovector is not big enough to
+       remember the related substrings, PCRE has to get additional memory  for
+       use  during matching. Thus it is usually advisable to supply an ovector
+       of reasonable size.
+
+       There are some cases where zero is returned  (indicating  vector  over-
+       flow)  when  in fact the vector is exactly the right size for the final
+       match. For example, consider the pattern
+
+         (a)(?:(b)c|bd)
+
+       If a vector of 6 elements (allowing for only 1 captured  substring)  is
+       given with subject string "abd", pcre_exec() will try to set the second
+       captured string, thereby recording a vector overflow, before failing to
+       match  "c"  and  backing  up  to  try  the second alternative. The zero
+       return, however, does correctly indicate that  the  maximum  number  of
+       slots (namely 2) have been filled. In similar cases where there is tem-
+       porary overflow, but the final number of used slots  is  actually  less
+       than the maximum, a non-zero value is returned.
+
+       The pcre_fullinfo() function can be used to find out how many capturing
+       subpatterns there are in a compiled  pattern.  The  smallest  size  for
+       ovector  that  will allow for n captured substrings, in addition to the
+       offsets of the substring matched by the whole pattern, is (n+1)*3.
+
+       It is possible for capturing subpattern number n+1 to match  some  part
+       of the subject when subpattern n has not been used at all. For example,
+       if the string "abc" is matched  against  the  pattern  (a|(z))(bc)  the
+       return from the function is 4, and subpatterns 1 and 3 are matched, but
+       2 is not. When this happens, both values in  the  offset  pairs  corre-
+       sponding to unused subpatterns are set to -1.
+
+       Offset  values  that correspond to unused subpatterns at the end of the
+       expression are also set to -1. For example,  if  the  string  "abc"  is
+       matched  against the pattern (abc)(x(yz)?)? subpatterns 2 and 3 are not
+       matched. The return from the function is 2, because  the  highest  used
+       capturing  subpattern  number  is 1, and the offsets for for the second
+       and third capturing subpatterns (assuming the vector is  large  enough,
+       of course) are set to -1.
+
+       Note:  Elements  in  the first two-thirds of ovector that do not corre-
+       spond to capturing parentheses in the pattern are never  changed.  That
+       is,  if  a pattern contains n capturing parentheses, no more than ovec-
+       tor[0] to ovector[2n+1] are set by pcre_exec(). The other elements  (in
+       the first two-thirds) retain whatever values they previously had.
+
+       Some  convenience  functions  are  provided for extracting the captured
+       substrings as separate strings. These are described below.
+
+   Error return values from pcre_exec()
+
+       If pcre_exec() fails, it returns a negative number. The  following  are
+       defined in the header file:
+
+         PCRE_ERROR_NOMATCH        (-1)
+
+       The subject string did not match the pattern.
+
+         PCRE_ERROR_NULL           (-2)
+
+       Either  code  or  subject  was  passed as NULL, or ovector was NULL and
+       ovecsize was not zero.
+
+         PCRE_ERROR_BADOPTION      (-3)
+
+       An unrecognized bit was set in the options argument.
+
+         PCRE_ERROR_BADMAGIC       (-4)
+
+       PCRE stores a 4-byte "magic number" at the start of the compiled  code,
+       to catch the case when it is passed a junk pointer and to detect when a
+       pattern that was compiled in an environment of one endianness is run in
+       an  environment  with the other endianness. This is the error that PCRE
+       gives when the magic number is not present.
+
+         PCRE_ERROR_UNKNOWN_OPCODE (-5)
+
+       While running the pattern match, an unknown item was encountered in the
+       compiled  pattern.  This  error  could be caused by a bug in PCRE or by
+       overwriting of the compiled pattern.
+
+         PCRE_ERROR_NOMEMORY       (-6)
+
+       If a pattern contains back references, but the ovector that  is  passed
+       to pcre_exec() is not big enough to remember the referenced substrings,
+       PCRE gets a block of memory at the start of matching to  use  for  this
+       purpose.  If the call via pcre_malloc() fails, this error is given. The
+       memory is automatically freed at the end of matching.
+
+       This error is also given if pcre_stack_malloc() fails  in  pcre_exec().
+       This  can happen only when PCRE has been compiled with --disable-stack-
+       for-recursion.
+
+         PCRE_ERROR_NOSUBSTRING    (-7)
+
+       This error is used by the pcre_copy_substring(),  pcre_get_substring(),
+       and  pcre_get_substring_list()  functions  (see  below).  It  is  never
+       returned by pcre_exec().
+
+         PCRE_ERROR_MATCHLIMIT     (-8)
+
+       The backtracking limit, as specified by  the  match_limit  field  in  a
+       pcre_extra  structure  (or  defaulted) was reached. See the description
+       above.
+
+         PCRE_ERROR_CALLOUT        (-9)
+
+       This error is never generated by pcre_exec() itself. It is provided for
+       use  by  callout functions that want to yield a distinctive error code.
+       See the pcrecallout documentation for details.
+
+         PCRE_ERROR_BADUTF8        (-10)
+
+       A string that contains an invalid UTF-8 byte sequence was passed  as  a
+       subject,  and the PCRE_NO_UTF8_CHECK option was not set. If the size of
+       the output vector (ovecsize) is at least 2,  the  byte  offset  to  the
+       start  of  the  the invalid UTF-8 character is placed in the first ele-
+       ment, and a reason code is placed in the  second  element.  The  reason
+       codes are listed in the following section.  For backward compatibility,
+       if PCRE_PARTIAL_HARD is set and the problem is a truncated UTF-8  char-
+       acter   at   the   end   of   the   subject  (reason  codes  1  to  5),
+       PCRE_ERROR_SHORTUTF8 is returned instead of PCRE_ERROR_BADUTF8.
+
+         PCRE_ERROR_BADUTF8_OFFSET (-11)
+
+       The UTF-8 byte sequence that was passed as a subject  was  checked  and
+       found  to be valid (the PCRE_NO_UTF8_CHECK option was not set), but the
+       value of startoffset did not point to the beginning of a UTF-8  charac-
+       ter or the end of the subject.
+
+         PCRE_ERROR_PARTIAL        (-12)
+
+       The  subject  string did not match, but it did match partially. See the
+       pcrepartial documentation for details of partial matching.
+
+         PCRE_ERROR_BADPARTIAL     (-13)
+
+       This code is no longer in  use.  It  was  formerly  returned  when  the
+       PCRE_PARTIAL  option  was used with a compiled pattern containing items
+       that were  not  supported  for  partial  matching.  From  release  8.00
+       onwards, there are no restrictions on partial matching.
+
+         PCRE_ERROR_INTERNAL       (-14)
+
+       An  unexpected  internal error has occurred. This error could be caused
+       by a bug in PCRE or by overwriting of the compiled pattern.
+
+         PCRE_ERROR_BADCOUNT       (-15)
+
+       This error is given if the value of the ovecsize argument is negative.
+
+         PCRE_ERROR_RECURSIONLIMIT (-21)
+
+       The internal recursion limit, as specified by the match_limit_recursion
+       field  in  a  pcre_extra  structure (or defaulted) was reached. See the
+       description above.
+
+         PCRE_ERROR_BADNEWLINE     (-23)
+
+       An invalid combination of PCRE_NEWLINE_xxx options was given.
+
+         PCRE_ERROR_BADOFFSET      (-24)
+
+       The value of startoffset was negative or greater than the length of the
+       subject, that is, the value in length.
+
+         PCRE_ERROR_SHORTUTF8      (-25)
+
+       This  error  is returned instead of PCRE_ERROR_BADUTF8 when the subject
+       string ends with a truncated UTF-8 character and the  PCRE_PARTIAL_HARD
+       option  is  set.   Information  about  the  failure  is returned as for
+       PCRE_ERROR_BADUTF8. It is in fact sufficient to detect this  case,  but
+       this  special error code for PCRE_PARTIAL_HARD precedes the implementa-
+       tion of returned information; it is retained for backwards  compatibil-
+       ity.
+
+         PCRE_ERROR_RECURSELOOP    (-26)
+
+       This error is returned when pcre_exec() detects a recursion loop within
+       the pattern. Specifically, it means that either the whole pattern or  a
+       subpattern  has been called recursively for the second time at the same
+       position in the subject string. Some simple patterns that might do this
+       are  detected  and faulted at compile time, but more complicated cases,
+       in particular mutual recursions between two different subpatterns, can-
+       not be detected until run time.
+
+         PCRE_ERROR_JIT_STACKLIMIT (-27)
+
+       This  error  is  returned  when a pattern that was successfully studied
+       using a JIT compile option is being matched, but the  memory  available
+       for  the  just-in-time  processing  stack  is not large enough. See the
+       pcrejit documentation for more details.
+
+         PCRE_ERROR_BADMODE        (-28)
+
+       This error is given if a pattern that was compiled by the 8-bit library
+       is passed to a 16-bit or 32-bit library function, or vice versa.
+
+         PCRE_ERROR_BADENDIANNESS  (-29)
+
+       This  error  is  given  if  a  pattern  that  was compiled and saved is
+       reloaded on a host with  different  endianness.  The  utility  function
+       pcre_pattern_to_host_byte_order() can be used to convert such a pattern
+       so that it runs on the new host.
+
+         PCRE_ERROR_JIT_BADOPTION
+
+       This error is returned when a pattern  that  was  successfully  studied
+       using  a  JIT  compile  option  is being matched, but the matching mode
+       (partial or complete match) does not correspond to any JIT  compilation
+       mode.  When  the JIT fast path function is used, this error may be also
+       given for invalid options.  See  the  pcrejit  documentation  for  more
+       details.
+
+         PCRE_ERROR_BADLENGTH      (-32)
+
+       This  error is given if pcre_exec() is called with a negative value for
+       the length argument.
+
+       Error numbers -16 to -20, -22, and 30 are not used by pcre_exec().
+
+   Reason codes for invalid UTF-8 strings
+
+       This section applies only  to  the  8-bit  library.  The  corresponding
+       information  for the 16-bit and 32-bit libraries is given in the pcre16
+       and pcre32 pages.
+
+       When pcre_exec() returns either PCRE_ERROR_BADUTF8 or PCRE_ERROR_SHORT-
+       UTF8,  and  the size of the output vector (ovecsize) is at least 2, the
+       offset of the start of the invalid UTF-8 character  is  placed  in  the
+       first output vector element (ovector[0]) and a reason code is placed in
+       the second element (ovector[1]). The reason codes are  given  names  in
+       the pcre.h header file:
+
+         PCRE_UTF8_ERR1
+         PCRE_UTF8_ERR2
+         PCRE_UTF8_ERR3
+         PCRE_UTF8_ERR4
+         PCRE_UTF8_ERR5
+
+       The  string  ends  with a truncated UTF-8 character; the code specifies
+       how many bytes are missing (1 to 5). Although RFC 3629 restricts  UTF-8
+       characters  to  be  no longer than 4 bytes, the encoding scheme (origi-
+       nally defined by RFC 2279) allows for  up  to  6  bytes,  and  this  is
+       checked first; hence the possibility of 4 or 5 missing bytes.
+
+         PCRE_UTF8_ERR6
+         PCRE_UTF8_ERR7
+         PCRE_UTF8_ERR8
+         PCRE_UTF8_ERR9
+         PCRE_UTF8_ERR10
+
+       The two most significant bits of the 2nd, 3rd, 4th, 5th, or 6th byte of
+       the character do not have the binary value 0b10 (that  is,  either  the
+       most significant bit is 0, or the next bit is 1).
+
+         PCRE_UTF8_ERR11
+         PCRE_UTF8_ERR12
+
+       A  character that is valid by the RFC 2279 rules is either 5 or 6 bytes
+       long; these code points are excluded by RFC 3629.
+
+         PCRE_UTF8_ERR13
+
+       A 4-byte character has a value greater than 0x10fff; these code  points
+       are excluded by RFC 3629.
+
+         PCRE_UTF8_ERR14
+
+       A  3-byte  character  has  a  value in the range 0xd800 to 0xdfff; this
+       range of code points are reserved by RFC 3629 for use with UTF-16,  and
+       so are excluded from UTF-8.
+
+         PCRE_UTF8_ERR15
+         PCRE_UTF8_ERR16
+         PCRE_UTF8_ERR17
+         PCRE_UTF8_ERR18
+         PCRE_UTF8_ERR19
+
+       A  2-, 3-, 4-, 5-, or 6-byte character is "overlong", that is, it codes
+       for a value that can be represented by fewer bytes, which  is  invalid.
+       For  example,  the two bytes 0xc0, 0xae give the value 0x2e, whose cor-
+       rect coding uses just one byte.
+
+         PCRE_UTF8_ERR20
+
+       The two most significant bits of the first byte of a character have the
+       binary  value 0b10 (that is, the most significant bit is 1 and the sec-
+       ond is 0). Such a byte can only validly occur as the second  or  subse-
+       quent byte of a multi-byte character.
+
+         PCRE_UTF8_ERR21
+
+       The  first byte of a character has the value 0xfe or 0xff. These values
+       can never occur in a valid UTF-8 string.
+
+         PCRE_UTF8_ERR22
+
+       This error code was formerly used when  the  presence  of  a  so-called
+       "non-character"  caused an error. Unicode corrigendum #9 makes it clear
+       that such characters should not cause a string to be rejected,  and  so
+       this code is no longer in use and is never returned.
+
+
+EXTRACTING CAPTURED SUBSTRINGS BY NUMBER
+
+       int pcre_copy_substring(const char *subject, int *ovector,
+            int stringcount, int stringnumber, char *buffer,
+            int buffersize);
+
+       int pcre_get_substring(const char *subject, int *ovector,
+            int stringcount, int stringnumber,
+            const char **stringptr);
+
+       int pcre_get_substring_list(const char *subject,
+            int *ovector, int stringcount, const char ***listptr);
+
+       Captured  substrings  can  be  accessed  directly  by using the offsets
+       returned by pcre_exec() in  ovector.  For  convenience,  the  functions
+       pcre_copy_substring(),    pcre_get_substring(),    and    pcre_get_sub-
+       string_list() are provided for extracting captured substrings  as  new,
+       separate,  zero-terminated strings. These functions identify substrings
+       by number. The next section describes functions  for  extracting  named
+       substrings.
+
+       A  substring that contains a binary zero is correctly extracted and has
+       a further zero added on the end, but the result is not, of course, a  C
+       string.   However,  you  can  process such a string by referring to the
+       length that is  returned  by  pcre_copy_substring()  and  pcre_get_sub-
+       string().  Unfortunately, the interface to pcre_get_substring_list() is
+       not adequate for handling strings containing binary zeros, because  the
+       end of the final string is not independently indicated.
+
+       The  first  three  arguments  are the same for all three of these func-
+       tions: subject is the subject string that has  just  been  successfully
+       matched, ovector is a pointer to the vector of integer offsets that was
+       passed to pcre_exec(), and stringcount is the number of substrings that
+       were  captured  by  the match, including the substring that matched the
+       entire regular expression. This is the value returned by pcre_exec() if
+       it  is greater than zero. If pcre_exec() returned zero, indicating that
+       it ran out of space in ovector, the value passed as stringcount  should
+       be the number of elements in the vector divided by three.
+
+       The  functions pcre_copy_substring() and pcre_get_substring() extract a
+       single substring, whose number is given as  stringnumber.  A  value  of
+       zero  extracts  the  substring that matched the entire pattern, whereas
+       higher values  extract  the  captured  substrings.  For  pcre_copy_sub-
+       string(),  the  string  is  placed  in buffer, whose length is given by
+       buffersize, while for pcre_get_substring() a new  block  of  memory  is
+       obtained  via  pcre_malloc,  and its address is returned via stringptr.
+       The yield of the function is the length of the  string,  not  including
+       the terminating zero, or one of these error codes:
+
+         PCRE_ERROR_NOMEMORY       (-6)
+
+       The  buffer  was too small for pcre_copy_substring(), or the attempt to
+       get memory failed for pcre_get_substring().
+
+         PCRE_ERROR_NOSUBSTRING    (-7)
+
+       There is no substring whose number is stringnumber.
+
+       The pcre_get_substring_list()  function  extracts  all  available  sub-
+       strings  and  builds  a list of pointers to them. All this is done in a
+       single block of memory that is obtained via pcre_malloc. The address of
+       the  memory  block  is returned via listptr, which is also the start of
+       the list of string pointers. The end of the list is marked  by  a  NULL
+       pointer.  The  yield  of  the function is zero if all went well, or the
+       error code
+
+         PCRE_ERROR_NOMEMORY       (-6)
+
+       if the attempt to get the memory block failed.
+
+       When any of these functions encounter a substring that is unset,  which
+       can  happen  when  capturing subpattern number n+1 matches some part of
+       the subject, but subpattern n has not been used at all, they return  an
+       empty string. This can be distinguished from a genuine zero-length sub-
+       string by inspecting the appropriate offset in ovector, which is  nega-
+       tive for unset substrings.
+
+       The  two convenience functions pcre_free_substring() and pcre_free_sub-
+       string_list() can be used to free the memory  returned  by  a  previous
+       call  of  pcre_get_substring()  or  pcre_get_substring_list(),  respec-
+       tively. They do nothing more than  call  the  function  pointed  to  by
+       pcre_free,  which  of course could be called directly from a C program.
+       However, PCRE is used in some situations where it is linked via a  spe-
+       cial   interface  to  another  programming  language  that  cannot  use
+       pcre_free directly; it is for these cases that the functions  are  pro-
+       vided.
+
+
+EXTRACTING CAPTURED SUBSTRINGS BY NAME
+
+       int pcre_get_stringnumber(const pcre *code,
+            const char *name);
+
+       int pcre_copy_named_substring(const pcre *code,
+            const char *subject, int *ovector,
+            int stringcount, const char *stringname,
+            char *buffer, int buffersize);
+
+       int pcre_get_named_substring(const pcre *code,
+            const char *subject, int *ovector,
+            int stringcount, const char *stringname,
+            const char **stringptr);
+
+       To  extract a substring by name, you first have to find associated num-
+       ber.  For example, for this pattern
+
+         (a+)b(?<xxx>\d+)...
+
+       the number of the subpattern called "xxx" is 2. If the name is known to
+       be unique (PCRE_DUPNAMES was not set), you can find the number from the
+       name by calling pcre_get_stringnumber(). The first argument is the com-
+       piled pattern, and the second is the name. The yield of the function is
+       the subpattern number, or PCRE_ERROR_NOSUBSTRING (-7) if  there  is  no
+       subpattern of that name.
+
+       Given the number, you can extract the substring directly, or use one of
+       the functions described in the previous section. For convenience, there
+       are also two functions that do the whole job.
+
+       Most    of    the    arguments   of   pcre_copy_named_substring()   and
+       pcre_get_named_substring() are the same  as  those  for  the  similarly
+       named  functions  that extract by number. As these are described in the
+       previous section, they are not re-described here. There  are  just  two
+       differences:
+
+       First,  instead  of a substring number, a substring name is given. Sec-
+       ond, there is an extra argument, given at the start, which is a pointer
+       to  the compiled pattern. This is needed in order to gain access to the
+       name-to-number translation table.
+
+       These functions call pcre_get_stringnumber(), and if it succeeds,  they
+       then  call  pcre_copy_substring() or pcre_get_substring(), as appropri-
+       ate. NOTE: If PCRE_DUPNAMES is set and there are duplicate  names,  the
+       behaviour may not be what you want (see the next section).
+
+       Warning: If the pattern uses the (?| feature to set up multiple subpat-
+       terns with the same number, as described in the  section  on  duplicate
+       subpattern  numbers  in  the  pcrepattern page, you cannot use names to
+       distinguish the different subpatterns, because names are  not  included
+       in  the compiled code. The matching process uses only numbers. For this
+       reason, the use of different names for subpatterns of the  same  number
+       causes an error at compile time.
+
+
+DUPLICATE SUBPATTERN NAMES
+
+       int pcre_get_stringtable_entries(const pcre *code,
+            const char *name, char **first, char **last);
+
+       When  a  pattern  is  compiled with the PCRE_DUPNAMES option, names for
+       subpatterns are not required to be unique. (Duplicate names are  always
+       allowed  for subpatterns with the same number, created by using the (?|
+       feature. Indeed, if such subpatterns are named, they  are  required  to
+       use the same names.)
+
+       Normally, patterns with duplicate names are such that in any one match,
+       only one of the named subpatterns participates. An example is shown  in
+       the pcrepattern documentation.
+
+       When    duplicates   are   present,   pcre_copy_named_substring()   and
+       pcre_get_named_substring() return the first substring corresponding  to
+       the  given  name  that  is set. If none are set, PCRE_ERROR_NOSUBSTRING
+       (-7) is returned; no  data  is  returned.  The  pcre_get_stringnumber()
+       function  returns one of the numbers that are associated with the name,
+       but it is not defined which it is.
+
+       If you want to get full details of all captured substrings for a  given
+       name,  you  must  use  the pcre_get_stringtable_entries() function. The
+       first argument is the compiled pattern, and the second is the name. The
+       third  and  fourth  are  pointers to variables which are updated by the
+       function. After it has run, they point to the first and last entries in
+       the  name-to-number  table  for  the  given  name.  The function itself
+       returns the length of each entry,  or  PCRE_ERROR_NOSUBSTRING  (-7)  if
+       there  are none. The format of the table is described above in the sec-
+       tion entitled Information about a pattern above.  Given all  the  rele-
+       vant  entries  for the name, you can extract each of their numbers, and
+       hence the captured data, if any.
+
+
+FINDING ALL POSSIBLE MATCHES
+
+       The traditional matching function uses a  similar  algorithm  to  Perl,
+       which stops when it finds the first match, starting at a given point in
+       the subject. If you want to find all possible matches, or  the  longest
+       possible  match,  consider using the alternative matching function (see
+       below) instead. If you cannot use the alternative function,  but  still
+       need  to  find all possible matches, you can kludge it up by making use
+       of the callout facility, which is described in the pcrecallout documen-
+       tation.
+
+       What you have to do is to insert a callout right at the end of the pat-
+       tern.  When your callout function is called, extract and save the  cur-
+       rent  matched  substring.  Then  return  1, which forces pcre_exec() to
+       backtrack and try other alternatives. Ultimately, when it runs  out  of
+       matches, pcre_exec() will yield PCRE_ERROR_NOMATCH.
+
+
+OBTAINING AN ESTIMATE OF STACK USAGE
+
+       Matching  certain  patterns  using pcre_exec() can use a lot of process
+       stack, which in certain environments can be  rather  limited  in  size.
+       Some  users  find it helpful to have an estimate of the amount of stack
+       that is used by pcre_exec(), to help  them  set  recursion  limits,  as
+       described  in  the pcrestack documentation. The estimate that is output
+       by pcretest when called with the -m and -C options is obtained by call-
+       ing  pcre_exec with the values NULL, NULL, NULL, -999, and -999 for its
+       first five arguments.
+
+       Normally, if  its  first  argument  is  NULL,  pcre_exec()  immediately
+       returns  the negative error code PCRE_ERROR_NULL, but with this special
+       combination of arguments, it returns instead a  negative  number  whose
+       absolute  value  is the approximate stack frame size in bytes. (A nega-
+       tive number is used so that it is clear that no  match  has  happened.)
+       The  value  is  approximate  because  in some cases, recursive calls to
+       pcre_exec() occur when there are one or two additional variables on the
+       stack.
+
+       If  PCRE  has  been  compiled  to use the heap instead of the stack for
+       recursion, the value returned  is  the  size  of  each  block  that  is
+       obtained from the heap.
+
+
+MATCHING A PATTERN: THE ALTERNATIVE FUNCTION
+
+       int pcre_dfa_exec(const pcre *code, const pcre_extra *extra,
+            const char *subject, int length, int startoffset,
+            int options, int *ovector, int ovecsize,
+            int *workspace, int wscount);
+
+       The  function  pcre_dfa_exec()  is  called  to  match  a subject string
+       against a compiled pattern, using a matching algorithm that  scans  the
+       subject  string  just  once, and does not backtrack. This has different
+       characteristics to the normal algorithm, and  is  not  compatible  with
+       Perl.  Some  of the features of PCRE patterns are not supported. Never-
+       theless, there are times when this kind of matching can be useful.  For
+       a  discussion  of  the  two matching algorithms, and a list of features
+       that pcre_dfa_exec() does not support, see the pcrematching  documenta-
+       tion.
+
+       The  arguments  for  the  pcre_dfa_exec()  function are the same as for
+       pcre_exec(), plus two extras. The ovector argument is used in a differ-
+       ent  way,  and  this is described below. The other common arguments are
+       used in the same way as for pcre_exec(), so their  description  is  not
+       repeated here.
+
+       The  two  additional  arguments provide workspace for the function. The
+       workspace vector should contain at least 20 elements. It  is  used  for
+       keeping  track  of  multiple  paths  through  the  pattern  tree.  More
+       workspace will be needed for patterns and subjects where  there  are  a
+       lot of potential matches.
+
+       Here is an example of a simple call to pcre_dfa_exec():
+
+         int rc;
+         int ovector[10];
+         int wspace[20];
+         rc = pcre_dfa_exec(
+           re,             /* result of pcre_compile() */
+           NULL,           /* we didn't study the pattern */
+           "some string",  /* the subject string */
+           11,             /* the length of the subject string */
+           0,              /* start at offset 0 in the subject */
+           0,              /* default options */
+           ovector,        /* vector of integers for substring information */
+           10,             /* number of elements (NOT size in bytes) */
+           wspace,         /* working space vector */
+           20);            /* number of elements (NOT size in bytes) */
+
+   Option bits for pcre_dfa_exec()
+
+       The  unused  bits  of  the options argument for pcre_dfa_exec() must be
+       zero. The only bits  that  may  be  set  are  PCRE_ANCHORED,  PCRE_NEW-
+       LINE_xxx,        PCRE_NOTBOL,        PCRE_NOTEOL,        PCRE_NOTEMPTY,
+       PCRE_NOTEMPTY_ATSTART,      PCRE_NO_UTF8_CHECK,       PCRE_BSR_ANYCRLF,
+       PCRE_BSR_UNICODE,  PCRE_NO_START_OPTIMIZE, PCRE_PARTIAL_HARD, PCRE_PAR-
+       TIAL_SOFT, PCRE_DFA_SHORTEST, and PCRE_DFA_RESTART.  All but  the  last
+       four  of  these  are  exactly  the  same  as  for pcre_exec(), so their
+       description is not repeated here.
+
+         PCRE_PARTIAL_HARD
+         PCRE_PARTIAL_SOFT
+
+       These have the same general effect as they do for pcre_exec(), but  the
+       details  are  slightly  different.  When  PCRE_PARTIAL_HARD  is set for
+       pcre_dfa_exec(), it returns PCRE_ERROR_PARTIAL if the end of  the  sub-
+       ject  is  reached  and there is still at least one matching possibility
+       that requires additional characters. This happens even if some complete
+       matches have also been found. When PCRE_PARTIAL_SOFT is set, the return
+       code PCRE_ERROR_NOMATCH is converted into PCRE_ERROR_PARTIAL if the end
+       of  the  subject  is  reached, there have been no complete matches, but
+       there is still at least one matching possibility. The  portion  of  the
+       string  that  was inspected when the longest partial match was found is
+       set as the first matching string  in  both  cases.   There  is  a  more
+       detailed  discussion  of partial and multi-segment matching, with exam-
+       ples, in the pcrepartial documentation.
+
+         PCRE_DFA_SHORTEST
+
+       Setting the PCRE_DFA_SHORTEST option causes the matching  algorithm  to
+       stop as soon as it has found one match. Because of the way the alterna-
+       tive algorithm works, this is necessarily the shortest  possible  match
+       at the first possible matching point in the subject string.
+
+         PCRE_DFA_RESTART
+
+       When pcre_dfa_exec() returns a partial match, it is possible to call it
+       again, with additional subject characters, and have  it  continue  with
+       the  same match. The PCRE_DFA_RESTART option requests this action; when
+       it is set, the workspace and wscount options must  reference  the  same
+       vector  as  before  because data about the match so far is left in them
+       after a partial match. There is more discussion of this facility in the
+       pcrepartial documentation.
+
+   Successful returns from pcre_dfa_exec()
+
+       When  pcre_dfa_exec()  succeeds, it may have matched more than one sub-
+       string in the subject. Note, however, that all the matches from one run
+       of  the  function  start  at the same point in the subject. The shorter
+       matches are all initial substrings of the longer matches. For  example,
+       if the pattern
+
+         <.*>
+
+       is matched against the string
+
+         This is <something> <something else> <something further> no more
+
+       the three matched strings are
+
+         <something>
+         <something> <something else>
+         <something> <something else> <something further>
+
+       On  success,  the  yield of the function is a number greater than zero,
+       which is the number of matched substrings.  The  substrings  themselves
+       are  returned  in  ovector. Each string uses two elements; the first is
+       the offset to the start, and the second is the offset to  the  end.  In
+       fact,  all  the  strings  have the same start offset. (Space could have
+       been saved by giving this only once, but it was decided to retain  some
+       compatibility  with  the  way pcre_exec() returns data, even though the
+       meaning of the strings is different.)
+
+       The strings are returned in reverse order of length; that is, the long-
+       est  matching  string is given first. If there were too many matches to
+       fit into ovector, the yield of the function is zero, and the vector  is
+       filled  with  the  longest matches. Unlike pcre_exec(), pcre_dfa_exec()
+       can use the entire ovector for returning matched strings.
+
+       NOTE: PCRE's "auto-possessification" optimization  usually  applies  to
+       character  repeats at the end of a pattern (as well as internally). For
+       example, the pattern "a\d+" is compiled as if it were  "a\d++"  because
+       there is no point even considering the possibility of backtracking into
+       the repeated digits. For DFA matching, this means that only one  possi-
+       ble  match  is  found.  If  you really do want multiple matches in such
+       cases,  either  use  an  ungreedy   repeat   ("a\d+?")   or   set   the
+       PCRE_NO_AUTO_POSSESS option when compiling.
+
+   Error returns from pcre_dfa_exec()
+
+       The  pcre_dfa_exec()  function returns a negative number when it fails.
+       Many of the errors are the same  as  for  pcre_exec(),  and  these  are
+       described  above.   There are in addition the following errors that are
+       specific to pcre_dfa_exec():
+
+         PCRE_ERROR_DFA_UITEM      (-16)
+
+       This return is given if pcre_dfa_exec() encounters an item in the  pat-
+       tern  that  it  does not support, for instance, the use of \C or a back
+       reference.
+
+         PCRE_ERROR_DFA_UCOND      (-17)
+
+       This return is given if pcre_dfa_exec()  encounters  a  condition  item
+       that  uses  a back reference for the condition, or a test for recursion
+       in a specific group. These are not supported.
+
+         PCRE_ERROR_DFA_UMLIMIT    (-18)
+
+       This return is given if pcre_dfa_exec() is called with an  extra  block
+       that  contains  a  setting  of the match_limit or match_limit_recursion
+       fields. This is not supported (these fields  are  meaningless  for  DFA
+       matching).
+
+         PCRE_ERROR_DFA_WSSIZE     (-19)
+
+       This  return  is  given  if  pcre_dfa_exec()  runs  out of space in the
+       workspace vector.
+
+         PCRE_ERROR_DFA_RECURSE    (-20)
+
+       When a recursive subpattern is processed, the matching  function  calls
+       itself  recursively,  using  private vectors for ovector and workspace.
+       This error is given if the output vector  is  not  large  enough.  This
+       should be extremely rare, as a vector of size 1000 is used.
+
+         PCRE_ERROR_DFA_BADRESTART (-30)
+
+       When  pcre_dfa_exec()  is called with the PCRE_DFA_RESTART option, some
+       plausibility checks are made on the contents of  the  workspace,  which
+       should  contain  data about the previous partial match. If any of these
+       checks fail, this error is given.
+
+
+SEE ALSO
+
+       pcre16(3),  pcre32(3),  pcrebuild(3),  pcrecallout(3),   pcrecpp(3)(3),
+       pcrematching(3), pcrepartial(3), pcreposix(3), pcreprecompile(3), pcre-
+       sample(3), pcrestack(3).
+
+
+AUTHOR
+
+       Philip Hazel
+       University Computing Service
+       Cambridge CB2 3QH, England.
+
+
+REVISION
+
+       Last updated: 18 December 2015
+       Copyright (c) 1997-2015 University of Cambridge.
+------------------------------------------------------------------------------
+
+
+PCRECALLOUT(3)             Library Functions Manual             PCRECALLOUT(3)
+
+
+
+NAME
+       PCRE - Perl-compatible regular expressions
+
+SYNOPSIS
+
+       #include <pcre.h>
+
+       int (*pcre_callout)(pcre_callout_block *);
+
+       int (*pcre16_callout)(pcre16_callout_block *);
+
+       int (*pcre32_callout)(pcre32_callout_block *);
+
+
+DESCRIPTION
+
+       PCRE provides a feature called "callout", which is a means of temporar-
+       ily passing control to the caller of PCRE  in  the  middle  of  pattern
+       matching.  The  caller of PCRE provides an external function by putting
+       its entry point in the global variable pcre_callout (pcre16_callout for
+       the 16-bit library, pcre32_callout for the 32-bit library). By default,
+       this variable contains NULL, which disables all calling out.
+
+       Within a regular expression, (?C) indicates the  points  at  which  the
+       external  function  is  to  be  called. Different callout points can be
+       identified by putting a number less than 256 after the  letter  C.  The
+       default  value  is  zero.   For  example,  this pattern has two callout
+       points:
+
+         (?C1)abc(?C2)def
+
+       If the PCRE_AUTO_CALLOUT option bit is set when a pattern is  compiled,
+       PCRE  automatically  inserts callouts, all with number 255, before each
+       item in the pattern. For example, if PCRE_AUTO_CALLOUT is used with the
+       pattern
+
+         A(\d{2}|--)
+
+       it is processed as if it were
+
+       (?C255)A(?C255)((?C255)\d{2}(?C255)|(?C255)-(?C255)-(?C255))(?C255)
+
+       Notice  that  there  is a callout before and after each parenthesis and
+       alternation bar. If the pattern contains a conditional group whose con-
+       dition  is  an  assertion, an automatic callout is inserted immediately
+       before the condition. Such a callout may also be  inserted  explicitly,
+       for example:
+
+         (?(?C9)(?=a)ab|de)
+
+       This  applies only to assertion conditions (because they are themselves
+       independent groups).
+
+       Automatic callouts can be used for tracking  the  progress  of  pattern
+       matching.   The pcretest program has a pattern qualifier (/C) that sets
+       automatic callouts; when it is used, the output indicates how the  pat-
+       tern  is  being matched. This is useful information when you are trying
+       to optimize the performance of a particular pattern.
+
+
+MISSING CALLOUTS
+
+       You should be aware that, because of optimizations in the way PCRE com-
+       piles and matches patterns, callouts sometimes do not happen exactly as
+       you might expect.
+
+       At compile time, PCRE "auto-possessifies" repeated items when it  knows
+       that  what follows cannot be part of the repeat. For example, a+[bc] is
+       compiled as if it were a++[bc]. The pcretest output when  this  pattern
+       is  anchored  and  then  applied  with automatic callouts to the string
+       "aaaa" is:
+
+         --->aaaa
+          +0 ^        ^
+          +1 ^        a+
+          +3 ^   ^    [bc]
+         No match
+
+       This indicates that when matching [bc] fails, there is no  backtracking
+       into  a+  and  therefore the callouts that would be taken for the back-
+       tracks do not occur.  You can disable the  auto-possessify  feature  by
+       passing PCRE_NO_AUTO_POSSESS to pcre_compile(), or starting the pattern
+       with (*NO_AUTO_POSSESS). If this is done  in  pcretest  (using  the  /O
+       qualifier), the output changes to this:
+
+         --->aaaa
+          +0 ^        ^
+          +1 ^        a+
+          +3 ^   ^    [bc]
+          +3 ^  ^     [bc]
+          +3 ^ ^      [bc]
+          +3 ^^       [bc]
+         No match
+
+       This time, when matching [bc] fails, the matcher backtracks into a+ and
+       tries again, repeatedly, until a+ itself fails.
+
+       Other optimizations that provide fast "no match"  results  also  affect
+       callouts.  For example, if the pattern is
+
+         ab(?C4)cd
+
+       PCRE knows that any matching string must contain the letter "d". If the
+       subject string is "abyz", the lack of "d" means that  matching  doesn't
+       ever  start,  and  the  callout is never reached. However, with "abyd",
+       though the result is still no match, the callout is obeyed.
+
+       If the pattern is studied, PCRE knows the minimum length of a  matching
+       string,  and will immediately give a "no match" return without actually
+       running a match if the subject is not long enough, or,  for  unanchored
+       patterns, if it has been scanned far enough.
+
+       You  can disable these optimizations by passing the PCRE_NO_START_OPTI-
+       MIZE option to the matching function, or by starting the  pattern  with
+       (*NO_START_OPT).  This slows down the matching process, but does ensure
+       that callouts such as the example above are obeyed.
+
+
+THE CALLOUT INTERFACE
+
+       During matching, when PCRE reaches a callout point, the external  func-
+       tion defined by pcre_callout or pcre[16|32]_callout is called (if it is
+       set). This applies to both normal and DFA matching. The  only  argument
+       to   the   callout   function   is  a  pointer  to  a  pcre_callout  or
+       pcre[16|32]_callout block.  These  structures  contains  the  following
+       fields:
+
+         int           version;
+         int           callout_number;
+         int          *offset_vector;
+         const char   *subject;           (8-bit version)
+         PCRE_SPTR16   subject;           (16-bit version)
+         PCRE_SPTR32   subject;           (32-bit version)
+         int           subject_length;
+         int           start_match;
+         int           current_position;
+         int           capture_top;
+         int           capture_last;
+         void         *callout_data;
+         int           pattern_position;
+         int           next_item_length;
+         const unsigned char *mark;       (8-bit version)
+         const PCRE_UCHAR16  *mark;       (16-bit version)
+         const PCRE_UCHAR32  *mark;       (32-bit version)
+
+       The  version  field  is an integer containing the version number of the
+       block format. The initial version was 0; the current version is 2.  The
+       version  number  will  change  again in future if additional fields are
+       added, but the intention is never to remove any of the existing fields.
+
+       The callout_number field contains the number of the  callout,  as  com-
+       piled  into  the pattern (that is, the number after ?C for manual call-
+       outs, and 255 for automatically generated callouts).
+
+       The offset_vector field is a pointer to the vector of offsets that  was
+       passed  by  the  caller  to  the matching function. When pcre_exec() or
+       pcre[16|32]_exec() is used, the contents can be inspected, in order  to
+       extract  substrings  that  have been matched so far, in the same way as
+       for extracting substrings after a match  has  completed.  For  the  DFA
+       matching functions, this field is not useful.
+
+       The subject and subject_length fields contain copies of the values that
+       were passed to the matching function.
+
+       The start_match field normally contains the offset within  the  subject
+       at  which  the  current  match  attempt started. However, if the escape
+       sequence \K has been encountered, this value is changed to reflect  the
+       modified  starting  point.  If the pattern is not anchored, the callout
+       function may be called several times from the same point in the pattern
+       for different starting points in the subject.
+
+       The  current_position  field  contains the offset within the subject of
+       the current match pointer.
+
+       When the pcre_exec() or pcre[16|32]_exec()  is  used,  the  capture_top
+       field  contains  one  more than the number of the highest numbered cap-
+       tured substring so far. If no substrings have been captured, the  value
+       of  capture_top  is one. This is always the case when the DFA functions
+       are used, because they do not support captured substrings.
+
+       The capture_last field contains the number of the  most  recently  cap-
+       tured  substring. However, when a recursion exits, the value reverts to
+       what it was outside the recursion, as do the  values  of  all  captured
+       substrings.  If  no  substrings  have  been captured, the value of cap-
+       ture_last is -1. This is always the case for  the  DFA  matching  func-
+       tions.
+
+       The  callout_data  field  contains a value that is passed to a matching
+       function specifically so that it can be passed back in callouts. It  is
+       passed  in  the callout_data field of a pcre_extra or pcre[16|32]_extra
+       data structure. If no such data was passed, the value  of  callout_data
+       in  a  callout  block is NULL. There is a description of the pcre_extra
+       structure in the pcreapi documentation.
+
+       The pattern_position field is present from version  1  of  the  callout
+       structure. It contains the offset to the next item to be matched in the
+       pattern string.
+
+       The next_item_length field is present from version  1  of  the  callout
+       structure. It contains the length of the next item to be matched in the
+       pattern string. When the callout immediately  precedes  an  alternation
+       bar,  a  closing  parenthesis, or the end of the pattern, the length is
+       zero. When the callout precedes an opening parenthesis, the  length  is
+       that of the entire subpattern.
+
+       The  pattern_position  and next_item_length fields are intended to help
+       in distinguishing between different automatic callouts, which all  have
+       the same callout number. However, they are set for all callouts.
+
+       The  mark  field is present from version 2 of the callout structure. In
+       callouts from pcre_exec() or pcre[16|32]_exec() it contains  a  pointer
+       to  the  zero-terminated  name  of  the  most  recently passed (*MARK),
+       (*PRUNE), or (*THEN) item in the match, or NULL if no such  items  have
+       been  passed.  Instances  of  (*PRUNE) or (*THEN) without a name do not
+       obliterate a previous (*MARK). In callouts from the DFA matching  func-
+       tions this field always contains NULL.
+
+
+RETURN VALUES
+
+       The  external callout function returns an integer to PCRE. If the value
+       is zero, matching proceeds as normal. If  the  value  is  greater  than
+       zero,  matching  fails  at  the current point, but the testing of other
+       matching possibilities goes ahead, just as if a lookahead assertion had
+       failed.  If  the  value  is less than zero, the match is abandoned, the
+       matching function returns the negative value.
+
+       Negative  values  should  normally  be   chosen   from   the   set   of
+       PCRE_ERROR_xxx values. In particular, PCRE_ERROR_NOMATCH forces a stan-
+       dard "no  match"  failure.   The  error  number  PCRE_ERROR_CALLOUT  is
+       reserved  for  use  by callout functions; it will never be used by PCRE
+       itself.
+
+
+AUTHOR
+
+       Philip Hazel
+       University Computing Service
+       Cambridge CB2 3QH, England.
+
+
+REVISION
+
+       Last updated: 12 November 2013
+       Copyright (c) 1997-2013 University of Cambridge.
+------------------------------------------------------------------------------
+
+
+PCRECOMPAT(3)              Library Functions Manual              PCRECOMPAT(3)
+
+
+
+NAME
+       PCRE - Perl-compatible regular expressions
+
+DIFFERENCES BETWEEN PCRE AND PERL
+
+       This  document describes the differences in the ways that PCRE and Perl
+       handle regular expressions. The differences  described  here  are  with
+       respect to Perl versions 5.10 and above.
+
+       1. PCRE has only a subset of Perl's Unicode support. Details of what it
+       does have are given in the pcreunicode page.
+
+       2. PCRE allows repeat quantifiers only on parenthesized assertions, but
+       they  do  not mean what you might think. For example, (?!a){3} does not
+       assert that the next three characters are not "a". It just asserts that
+       the next character is not "a" three times (in principle: PCRE optimizes
+       this to run the assertion just once). Perl allows repeat quantifiers on
+       other assertions such as \b, but these do not seem to have any use.
+
+       3.  Capturing  subpatterns  that occur inside negative lookahead asser-
+       tions are counted, but their entries in the offsets  vector  are  never
+       set.  Perl sometimes (but not always) sets its numerical variables from
+       inside negative assertions.
+
+       4. Though binary zero characters are supported in the  subject  string,
+       they are not allowed in a pattern string because it is passed as a nor-
+       mal C string, terminated by zero. The escape sequence \0 can be used in
+       the pattern to represent a binary zero.
+
+       5.  The  following Perl escape sequences are not supported: \l, \u, \L,
+       \U, and \N when followed by a character name or Unicode value.  (\N  on
+       its own, matching a non-newline character, is supported.) In fact these
+       are implemented by Perl's general string-handling and are not  part  of
+       its  pattern  matching engine. If any of these are encountered by PCRE,
+       an error is generated by default. However, if the  PCRE_JAVASCRIPT_COM-
+       PAT  option  is set, \U and \u are interpreted as JavaScript interprets
+       them.
+
+       6. The Perl escape sequences \p, \P, and \X are supported only if  PCRE
+       is  built  with Unicode character property support. The properties that
+       can be tested with \p and \P are limited to the general category  prop-
+       erties  such  as  Lu and Nd, script names such as Greek or Han, and the
+       derived properties Any and L&. PCRE does  support  the  Cs  (surrogate)
+       property,  which  Perl  does  not; the Perl documentation says "Because
+       Perl hides the need for the user to understand the internal representa-
+       tion  of Unicode characters, there is no need to implement the somewhat
+       messy concept of surrogates."
+
+       7. PCRE does support the \Q...\E escape for quoting substrings. Charac-
+       ters  in  between  are  treated as literals. This is slightly different
+       from Perl in that $ and @ are  also  handled  as  literals  inside  the
+       quotes.  In Perl, they cause variable interpolation (but of course PCRE
+       does not have variables). Note the following examples:
+
+           Pattern            PCRE matches      Perl matches
+
+           \Qabc$xyz\E        abc$xyz           abc followed by the
+                                                  contents of $xyz
+           \Qabc\$xyz\E       abc\$xyz          abc\$xyz
+           \Qabc\E\$\Qxyz\E   abc$xyz           abc$xyz
+
+       The \Q...\E sequence is recognized both inside  and  outside  character
+       classes.
+
+       8. Fairly obviously, PCRE does not support the (?{code}) and (??{code})
+       constructions. However, there is support for recursive  patterns.  This
+       is  not  available  in Perl 5.8, but it is in Perl 5.10. Also, the PCRE
+       "callout" feature allows an external function to be called during  pat-
+       tern matching. See the pcrecallout documentation for details.
+
+       9.  Subpatterns  that  are called as subroutines (whether or not recur-
+       sively) are always treated as atomic  groups  in  PCRE.  This  is  like
+       Python,  but  unlike Perl.  Captured values that are set outside a sub-
+       routine call can be reference from inside in PCRE,  but  not  in  Perl.
+       There is a discussion that explains these differences in more detail in
+       the section on recursion differences from Perl in the pcrepattern page.
+
+       10. If any of the backtracking control verbs are used in  a  subpattern
+       that  is  called  as  a  subroutine (whether or not recursively), their
+       effect is confined to that subpattern; it does not extend to  the  sur-
+       rounding  pattern.  This is not always the case in Perl. In particular,
+       if (*THEN) is present in a group that is called as  a  subroutine,  its
+       action is limited to that group, even if the group does not contain any
+       | characters. Note that such subpatterns are processed as  anchored  at
+       the point where they are tested.
+
+       11.  If a pattern contains more than one backtracking control verb, the
+       first one that is backtracked onto acts. For example,  in  the  pattern
+       A(*COMMIT)B(*PRUNE)C  a  failure in B triggers (*COMMIT), but a failure
+       in C triggers (*PRUNE). Perl's behaviour is more complex; in many cases
+       it is the same as PCRE, but there are examples where it differs.
+
+       12.  Most  backtracking  verbs in assertions have their normal actions.
+       They are not confined to the assertion.
+
+       13. There are some differences that are concerned with the settings  of
+       captured  strings  when  part  of  a  pattern is repeated. For example,
+       matching "aba" against the  pattern  /^(a(b)?)+$/  in  Perl  leaves  $2
+       unset, but in PCRE it is set to "b".
+
+       14.  PCRE's handling of duplicate subpattern numbers and duplicate sub-
+       pattern names is not as general as Perl's. This is a consequence of the
+       fact the PCRE works internally just with numbers, using an external ta-
+       ble to translate between numbers and names. In  particular,  a  pattern
+       such  as  (?|(?<a>A)|(?<b>B),  where the two capturing parentheses have
+       the same number but different names, is not supported,  and  causes  an
+       error  at compile time. If it were allowed, it would not be possible to
+       distinguish which parentheses matched, because both names map  to  cap-
+       turing subpattern number 1. To avoid this confusing situation, an error
+       is given at compile time.
+
+       15. Perl recognizes comments in some places that  PCRE  does  not,  for
+       example,  between  the  ( and ? at the start of a subpattern. If the /x
+       modifier is set, Perl allows white space between ( and ?  (though  cur-
+       rent  Perls  warn that this is deprecated) but PCRE never does, even if
+       the PCRE_EXTENDED option is set.
+
+       16. Perl, when in warning mode, gives warnings  for  character  classes
+       such  as  [A-\d] or [a-[:digit:]]. It then treats the hyphens as liter-
+       als. PCRE has no warning features, so it gives an error in these  cases
+       because they are almost certainly user mistakes.
+
+       17.  In  PCRE,  the upper/lower case character properties Lu and Ll are
+       not affected when case-independent matching is specified. For  example,
+       \p{Lu} always matches an upper case letter. I think Perl has changed in
+       this respect; in the release at the time of writing (5.16), \p{Lu}  and
+       \p{Ll} match all letters, regardless of case, when case independence is
+       specified.
+
+       18. PCRE provides some extensions to the Perl regular expression facil-
+       ities.   Perl  5.10  includes new features that are not in earlier ver-
+       sions of Perl, some of which (such as named parentheses) have  been  in
+       PCRE for some time. This list is with respect to Perl 5.10:
+
+       (a)  Although  lookbehind  assertions  in  PCRE must match fixed length
+       strings, each alternative branch of a lookbehind assertion can match  a
+       different  length  of  string.  Perl requires them all to have the same
+       length.
+
+       (b) If PCRE_DOLLAR_ENDONLY is set and PCRE_MULTILINE is not set, the  $
+       meta-character matches only at the very end of the string.
+
+       (c) If PCRE_EXTRA is set, a backslash followed by a letter with no spe-
+       cial meaning is faulted. Otherwise, like Perl, the backslash is quietly
+       ignored.  (Perl can be made to issue a warning.)
+
+       (d)  If  PCRE_UNGREEDY is set, the greediness of the repetition quanti-
+       fiers is inverted, that is, by default they are not greedy, but if fol-
+       lowed by a question mark they are.
+
+       (e) PCRE_ANCHORED can be used at matching time to force a pattern to be
+       tried only at the first matching position in the subject string.
+
+       (f) The PCRE_NOTBOL, PCRE_NOTEOL, PCRE_NOTEMPTY, PCRE_NOTEMPTY_ATSTART,
+       and  PCRE_NO_AUTO_CAPTURE  options for pcre_exec() have no Perl equiva-
+       lents.
+
+       (g) The \R escape sequence can be restricted to match only CR,  LF,  or
+       CRLF by the PCRE_BSR_ANYCRLF option.
+
+       (h) The callout facility is PCRE-specific.
+
+       (i) The partial matching facility is PCRE-specific.
+
+       (j) Patterns compiled by PCRE can be saved and re-used at a later time,
+       even on different hosts that have the other endianness.  However,  this
+       does not apply to optimized data created by the just-in-time compiler.
+
+       (k)    The    alternative    matching    functions    (pcre_dfa_exec(),
+       pcre16_dfa_exec() and pcre32_dfa_exec(),) match in a different way  and
+       are not Perl-compatible.
+
+       (l)  PCRE  recognizes some special sequences such as (*CR) at the start
+       of a pattern that set overall options that cannot be changed within the
+       pattern.
+
+
+AUTHOR
+
+       Philip Hazel
+       University Computing Service
+       Cambridge CB2 3QH, England.
+
+
+REVISION
+
+       Last updated: 10 November 2013
+       Copyright (c) 1997-2013 University of Cambridge.
+------------------------------------------------------------------------------
+
+
+PCREPATTERN(3)             Library Functions Manual             PCREPATTERN(3)
+
+
+
+NAME
+       PCRE - Perl-compatible regular expressions
+
+PCRE REGULAR EXPRESSION DETAILS
+
+       The  syntax and semantics of the regular expressions that are supported
+       by PCRE are described in detail below. There is a quick-reference  syn-
+       tax summary in the pcresyntax page. PCRE tries to match Perl syntax and
+       semantics as closely as it can. PCRE  also  supports  some  alternative
+       regular  expression  syntax (which does not conflict with the Perl syn-
+       tax) in order to provide some compatibility with regular expressions in
+       Python, .NET, and Oniguruma.
+
+       Perl's  regular expressions are described in its own documentation, and
+       regular expressions in general are covered in a number of  books,  some
+       of  which  have  copious  examples. Jeffrey Friedl's "Mastering Regular
+       Expressions", published by  O'Reilly,  covers  regular  expressions  in
+       great  detail.  This  description  of  PCRE's  regular  expressions  is
+       intended as reference material.
+
+       This document discusses the patterns that are supported  by  PCRE  when
+       one    its    main   matching   functions,   pcre_exec()   (8-bit)   or
+       pcre[16|32]_exec() (16- or 32-bit), is used. PCRE also has  alternative
+       matching  functions,  pcre_dfa_exec()  and pcre[16|32_dfa_exec(), which
+       match using a different algorithm that is not Perl-compatible. Some  of
+       the  features  discussed  below  are not available when DFA matching is
+       used. The advantages and disadvantages of  the  alternative  functions,
+       and  how  they  differ  from the normal functions, are discussed in the
+       pcrematching page.
+
+
+SPECIAL START-OF-PATTERN ITEMS
+
+       A number of options that can be passed to pcre_compile()  can  also  be
+       set by special items at the start of a pattern. These are not Perl-com-
+       patible, but are provided to make these options accessible  to  pattern
+       writers  who are not able to change the program that processes the pat-
+       tern. Any number of these items  may  appear,  but  they  must  all  be
+       together right at the start of the pattern string, and the letters must
+       be in upper case.
+
+   UTF support
+
+       The original operation of PCRE was on strings of  one-byte  characters.
+       However,  there  is  now also support for UTF-8 strings in the original
+       library, an extra library that supports  16-bit  and  UTF-16  character
+       strings,  and a third library that supports 32-bit and UTF-32 character
+       strings. To use these features, PCRE must be built to include appropri-
+       ate  support. When using UTF strings you must either call the compiling
+       function with the PCRE_UTF8, PCRE_UTF16, or PCRE_UTF32 option,  or  the
+       pattern must start with one of these special sequences:
+
+         (*UTF8)
+         (*UTF16)
+         (*UTF32)
+         (*UTF)
+
+       (*UTF)  is  a  generic  sequence  that  can  be  used  with  any of the
+       libraries.  Starting a pattern with such a sequence  is  equivalent  to
+       setting  the  relevant  option.  How setting a UTF mode affects pattern
+       matching is mentioned in several places below. There is also a  summary
+       of features in the pcreunicode page.
+
+       Some applications that allow their users to supply patterns may wish to
+       restrict  them  to  non-UTF  data  for   security   reasons.   If   the
+       PCRE_NEVER_UTF  option  is  set  at  compile  time, (*UTF) etc. are not
+       allowed, and their appearance causes an error.
+
+   Unicode property support
+
+       Another special sequence that may appear at the start of a  pattern  is
+       (*UCP).   This  has  the same effect as setting the PCRE_UCP option: it
+       causes sequences such as \d and \w to use Unicode properties to  deter-
+       mine character types, instead of recognizing only characters with codes
+       less than 128 via a lookup table.
+
+   Disabling auto-possessification
+
+       If a pattern starts with (*NO_AUTO_POSSESS), it has the same effect  as
+       setting  the  PCRE_NO_AUTO_POSSESS  option  at compile time. This stops
+       PCRE from making quantifiers possessive when what follows cannot  match
+       the  repeated item. For example, by default a+b is treated as a++b. For
+       more details, see the pcreapi documentation.
+
+   Disabling start-up optimizations
+
+       If a pattern starts with (*NO_START_OPT), it has  the  same  effect  as
+       setting the PCRE_NO_START_OPTIMIZE option either at compile or matching
+       time. This disables several  optimizations  for  quickly  reaching  "no
+       match" results. For more details, see the pcreapi documentation.
+
+   Newline conventions
+
+       PCRE  supports five different conventions for indicating line breaks in
+       strings: a single CR (carriage return) character, a  single  LF  (line-
+       feed) character, the two-character sequence CRLF, any of the three pre-
+       ceding, or any Unicode newline sequence. The pcreapi page  has  further
+       discussion  about newlines, and shows how to set the newline convention
+       in the options arguments for the compiling and matching functions.
+
+       It is also possible to specify a newline convention by starting a  pat-
+       tern string with one of the following five sequences:
+
+         (*CR)        carriage return
+         (*LF)        linefeed
+         (*CRLF)      carriage return, followed by linefeed
+         (*ANYCRLF)   any of the three above
+         (*ANY)       all Unicode newline sequences
+
+       These override the default and the options given to the compiling func-
+       tion. For example, on a Unix system where LF  is  the  default  newline
+       sequence, the pattern
+
+         (*CR)a.b
+
+       changes the convention to CR. That pattern matches "a\nb" because LF is
+       no longer a newline. If more than one of these settings is present, the
+       last one is used.
+
+       The  newline  convention affects where the circumflex and dollar asser-
+       tions are true. It also affects the interpretation of the dot metachar-
+       acter when PCRE_DOTALL is not set, and the behaviour of \N. However, it
+       does not affect what the \R escape sequence matches. By  default,  this
+       is  any Unicode newline sequence, for Perl compatibility. However, this
+       can be changed; see the description of \R in the section entitled "New-
+       line  sequences"  below.  A change of \R setting can be combined with a
+       change of newline convention.
+
+   Setting match and recursion limits
+
+       The caller of pcre_exec() can set a limit on the number  of  times  the
+       internal  match() function is called and on the maximum depth of recur-
+       sive calls. These facilities are provided to catch runaway matches that
+       are provoked by patterns with huge matching trees (a typical example is
+       a pattern with nested unlimited repeats) and to avoid  running  out  of
+       system  stack  by  too  much  recursion.  When  one  of these limits is
+       reached, pcre_exec() gives an error return. The limits can also be  set
+       by items at the start of the pattern of the form
+
+         (*LIMIT_MATCH=d)
+         (*LIMIT_RECURSION=d)
+
+       where d is any number of decimal digits. However, the value of the set-
+       ting must be less than the value set (or defaulted) by  the  caller  of
+       pcre_exec()  for  it  to  have  any effect. In other words, the pattern
+       writer can lower the limits set by the programmer, but not raise  them.
+       If  there  is  more  than one setting of one of these limits, the lower
+       value is used.
+
+
+EBCDIC CHARACTER CODES
+
+       PCRE can be compiled to run in an environment that uses EBCDIC  as  its
+       character code rather than ASCII or Unicode (typically a mainframe sys-
+       tem). In the sections below, character code values are  ASCII  or  Uni-
+       code; in an EBCDIC environment these characters may have different code
+       values, and there are no code points greater than 255.
+
+
+CHARACTERS AND METACHARACTERS
+
+       A regular expression is a pattern that is  matched  against  a  subject
+       string  from  left  to right. Most characters stand for themselves in a
+       pattern, and match the corresponding characters in the  subject.  As  a
+       trivial example, the pattern
+
+         The quick brown fox
+
+       matches a portion of a subject string that is identical to itself. When
+       caseless matching is specified (the PCRE_CASELESS option), letters  are
+       matched  independently  of case. In a UTF mode, PCRE always understands
+       the concept of case for characters whose values are less than  128,  so
+       caseless  matching  is always possible. For characters with higher val-
+       ues, the concept of case is supported if PCRE is compiled with  Unicode
+       property  support,  but  not  otherwise.   If  you want to use caseless
+       matching for characters 128 and above, you must  ensure  that  PCRE  is
+       compiled with Unicode property support as well as with UTF support.
+
+       The  power  of  regular  expressions  comes from the ability to include
+       alternatives and repetitions in the pattern. These are encoded  in  the
+       pattern by the use of metacharacters, which do not stand for themselves
+       but instead are interpreted in some special way.
+
+       There are two different sets of metacharacters: those that  are  recog-
+       nized  anywhere in the pattern except within square brackets, and those
+       that are recognized within square brackets.  Outside  square  brackets,
+       the metacharacters are as follows:
+
+         \      general escape character with several uses
+         ^      assert start of string (or line, in multiline mode)
+         $      assert end of string (or line, in multiline mode)
+         .      match any character except newline (by default)
+         [      start character class definition
+         |      start of alternative branch
+         (      start subpattern
+         )      end subpattern
+         ?      extends the meaning of (
+                also 0 or 1 quantifier
+                also quantifier minimizer
+         *      0 or more quantifier
+         +      1 or more quantifier
+                also "possessive quantifier"
+         {      start min/max quantifier
+
+       Part  of  a  pattern  that is in square brackets is called a "character
+       class". In a character class the only metacharacters are:
+
+         \      general escape character
+         ^      negate the class, but only if the first character
+         -      indicates character range
+         [      POSIX character class (only if followed by POSIX
+                  syntax)
+         ]      terminates the character class
+
+       The following sections describe the use of each of the metacharacters.
+
+
+BACKSLASH
+
+       The backslash character has several uses. Firstly, if it is followed by
+       a character that is not a number or a letter, it takes away any special
+       meaning that character may have. This use of  backslash  as  an  escape
+       character applies both inside and outside character classes.
+
+       For  example,  if  you want to match a * character, you write \* in the
+       pattern.  This escaping action applies whether  or  not  the  following
+       character  would  otherwise be interpreted as a metacharacter, so it is
+       always safe to precede a non-alphanumeric  with  backslash  to  specify
+       that  it stands for itself. In particular, if you want to match a back-
+       slash, you write \\.
+
+       In a UTF mode, only ASCII numbers and letters have any special  meaning
+       after  a  backslash.  All  other characters (in particular, those whose
+       codepoints are greater than 127) are treated as literals.
+
+       If a pattern is compiled with  the  PCRE_EXTENDED  option,  most  white
+       space  in the pattern (other than in a character class), and characters
+       between a # outside a character class and the next newline,  inclusive,
+       are ignored. An escaping backslash can be used to include a white space
+       or # character as part of the pattern.
+
+       If you want to remove the special meaning from a  sequence  of  charac-
+       ters,  you can do so by putting them between \Q and \E. This is differ-
+       ent from Perl in that $ and  @  are  handled  as  literals  in  \Q...\E
+       sequences  in  PCRE, whereas in Perl, $ and @ cause variable interpola-
+       tion. Note the following examples:
+
+         Pattern            PCRE matches   Perl matches
+
+         \Qabc$xyz\E        abc$xyz        abc followed by the
+                                             contents of $xyz
+         \Qabc\$xyz\E       abc\$xyz       abc\$xyz
+         \Qabc\E\$\Qxyz\E   abc$xyz        abc$xyz
+
+       The \Q...\E sequence is recognized both inside  and  outside  character
+       classes.   An  isolated \E that is not preceded by \Q is ignored. If \Q
+       is not followed by \E later in the pattern, the literal  interpretation
+       continues  to  the  end  of  the pattern (that is, \E is assumed at the
+       end). If the isolated \Q is inside a character class,  this  causes  an
+       error, because the character class is not terminated.
+
+   Non-printing characters
+
+       A second use of backslash provides a way of encoding non-printing char-
+       acters in patterns in a visible manner. There is no restriction on  the
+       appearance  of non-printing characters, apart from the binary zero that
+       terminates a pattern, but when a pattern  is  being  prepared  by  text
+       editing,  it  is  often  easier  to  use  one  of  the following escape
+       sequences than the binary character it represents.  In an ASCII or Uni-
+       code environment, these escapes are as follows:
+
+         \a        alarm, that is, the BEL character (hex 07)
+         \cx       "control-x", where x is any ASCII character
+         \e        escape (hex 1B)
+         \f        form feed (hex 0C)
+         \n        linefeed (hex 0A)
+         \r        carriage return (hex 0D)
+         \t        tab (hex 09)
+         \0dd      character with octal code 0dd
+         \ddd      character with octal code ddd, or back reference
+         \o{ddd..} character with octal code ddd..
+         \xhh      character with hex code hh
+         \x{hhh..} character with hex code hhh.. (non-JavaScript mode)
+         \uhhhh    character with hex code hhhh (JavaScript mode only)
+
+       The  precise effect of \cx on ASCII characters is as follows: if x is a
+       lower case letter, it is converted to upper case. Then  bit  6  of  the
+       character (hex 40) is inverted. Thus \cA to \cZ become hex 01 to hex 1A
+       (A is 41, Z is 5A), but \c{ becomes hex 3B ({ is 7B), and  \c;  becomes
+       hex  7B (; is 3B). If the data item (byte or 16-bit value) following \c
+       has a value greater than 127, a compile-time error occurs.  This  locks
+       out non-ASCII characters in all modes.
+
+       When PCRE is compiled in EBCDIC mode, \a, \e, \f, \n, \r, and \t gener-
+       ate the appropriate EBCDIC code values. The \c escape is  processed  as
+       specified for Perl in the perlebcdic document. The only characters that
+       are allowed after \c are A-Z, a-z, or one of @, [, \, ], ^,  _,  or  ?.
+       Any  other  character  provokes  a compile-time error. The sequence \c@
+       encodes character code 0; after \c the letters (in either case)  encode
+       characters 1-26 (hex 01 to hex 1A); [, \, ], ^, and _ encode characters
+       27-31 (hex 1B to hex 1F), and \c? becomes either 255  (hex  FF)  or  95
+       (hex 5F).
+
+       Thus,  apart  from  \c?, these escapes generate the same character code
+       values as they do in an ASCII environment, though the meanings  of  the
+       values  mostly  differ. For example, \cG always generates code value 7,
+       which is BEL in ASCII but DEL in EBCDIC.
+
+       The sequence \c? generates DEL (127, hex 7F) in an  ASCII  environment,
+       but  because  127  is  not a control character in EBCDIC, Perl makes it
+       generate the APC character. Unfortunately, there are  several  variants
+       of  EBCDIC.  In  most  of them the APC character has the value 255 (hex
+       FF), but in the one Perl calls POSIX-BC its value is 95  (hex  5F).  If
+       certain  other characters have POSIX-BC values, PCRE makes \c? generate
+       95; otherwise it generates 255.
+
+       After \0 up to two further octal digits are read. If  there  are  fewer
+       than  two  digits,  just  those  that  are  present  are used. Thus the
+       sequence \0\x\015 specifies two binary zeros followed by a CR character
+       (code value 13). Make sure you supply two digits after the initial zero
+       if the pattern character that follows is itself an octal digit.
+
+       The escape \o must be followed by a sequence of octal digits,  enclosed
+       in  braces.  An  error occurs if this is not the case. This escape is a
+       recent addition to Perl; it provides way of specifying  character  code
+       points  as  octal  numbers  greater than 0777, and it also allows octal
+       numbers and back references to be unambiguously specified.
+
+       For greater clarity and unambiguity, it is best to avoid following \ by
+       a digit greater than zero. Instead, use \o{} or \x{} to specify charac-
+       ter numbers, and \g{} to specify back references. The  following  para-
+       graphs describe the old, ambiguous syntax.
+
+       The handling of a backslash followed by a digit other than 0 is compli-
+       cated, and Perl has changed in recent releases, causing  PCRE  also  to
+       change. Outside a character class, PCRE reads the digit and any follow-
+       ing digits as a decimal number. If the number is less  than  8,  or  if
+       there  have been at least that many previous capturing left parentheses
+       in the expression, the entire sequence is taken as a back reference.  A
+       description  of how this works is given later, following the discussion
+       of parenthesized subpatterns.
+
+       Inside a character class, or if  the  decimal  number  following  \  is
+       greater than 7 and there have not been that many capturing subpatterns,
+       PCRE handles \8 and \9 as the literal characters "8" and "9", and  oth-
+       erwise re-reads up to three octal digits following the backslash, using
+       them to generate a data character.  Any  subsequent  digits  stand  for
+       themselves. For example:
+
+         \040   is another way of writing an ASCII space
+         \40    is the same, provided there are fewer than 40
+                   previous capturing subpatterns
+         \7     is always a back reference
+         \11    might be a back reference, or another way of
+                   writing a tab
+         \011   is always a tab
+         \0113  is a tab followed by the character "3"
+         \113   might be a back reference, otherwise the
+                   character with octal code 113
+         \377   might be a back reference, otherwise
+                   the value 255 (decimal)
+         \81    is either a back reference, or the two
+                   characters "8" and "1"
+
+       Note  that octal values of 100 or greater that are specified using this
+       syntax must not be introduced by a leading zero, because no  more  than
+       three octal digits are ever read.
+
+       By  default, after \x that is not followed by {, from zero to two hexa-
+       decimal digits are read (letters can be in upper or  lower  case).  Any
+       number of hexadecimal digits may appear between \x{ and }. If a charac-
+       ter other than a hexadecimal digit appears between \x{  and  },  or  if
+       there is no terminating }, an error occurs.
+
+       If  the  PCRE_JAVASCRIPT_COMPAT option is set, the interpretation of \x
+       is as just described only when it is followed by two  hexadecimal  dig-
+       its.   Otherwise,  it  matches  a  literal "x" character. In JavaScript
+       mode, support for code points greater than 256 is provided by \u, which
+       must  be  followed  by  four hexadecimal digits; otherwise it matches a
+       literal "u" character.
+
+       Characters whose value is less than 256 can be defined by either of the
+       two  syntaxes for \x (or by \u in JavaScript mode). There is no differ-
+       ence in the way they are handled. For example, \xdc is exactly the same
+       as \x{dc} (or \u00dc in JavaScript mode).
+
+   Constraints on character values
+
+       Characters  that  are  specified using octal or hexadecimal numbers are
+       limited to certain values, as follows:
+
+         8-bit non-UTF mode    less than 0x100
+         8-bit UTF-8 mode      less than 0x10ffff and a valid codepoint
+         16-bit non-UTF mode   less than 0x10000
+         16-bit UTF-16 mode    less than 0x10ffff and a valid codepoint
+         32-bit non-UTF mode   less than 0x100000000
+         32-bit UTF-32 mode    less than 0x10ffff and a valid codepoint
+
+       Invalid Unicode codepoints are the range  0xd800  to  0xdfff  (the  so-
+       called "surrogate" codepoints), and 0xffef.
+
+   Escape sequences in character classes
+
+       All the sequences that define a single character value can be used both
+       inside and outside character classes. In addition, inside  a  character
+       class, \b is interpreted as the backspace character (hex 08).
+
+       \N  is not allowed in a character class. \B, \R, and \X are not special
+       inside a character class. Like  other  unrecognized  escape  sequences,
+       they  are  treated  as  the  literal  characters  "B",  "R", and "X" by
+       default, but cause an error if the PCRE_EXTRA option is set. Outside  a
+       character class, these sequences have different meanings.
+
+   Unsupported escape sequences
+
+       In  Perl, the sequences \l, \L, \u, and \U are recognized by its string
+       handler and used  to  modify  the  case  of  following  characters.  By
+       default,  PCRE does not support these escape sequences. However, if the
+       PCRE_JAVASCRIPT_COMPAT option is set, \U matches a "U"  character,  and
+       \u can be used to define a character by code point, as described in the
+       previous section.
+
+   Absolute and relative back references
+
+       The sequence \g followed by an unsigned or a negative  number,  option-
+       ally  enclosed  in braces, is an absolute or relative back reference. A
+       named back reference can be coded as \g{name}. Back references are dis-
+       cussed later, following the discussion of parenthesized subpatterns.
+
+   Absolute and relative subroutine calls
+
+       For  compatibility with Oniguruma, the non-Perl syntax \g followed by a
+       name or a number enclosed either in angle brackets or single quotes, is
+       an  alternative  syntax for referencing a subpattern as a "subroutine".
+       Details are discussed later.   Note  that  \g{...}  (Perl  syntax)  and
+       \g<...>  (Oniguruma  syntax)  are  not synonymous. The former is a back
+       reference; the latter is a subroutine call.
+
+   Generic character types
+
+       Another use of backslash is for specifying generic character types:
+
+         \d     any decimal digit
+         \D     any character that is not a decimal digit
+         \h     any horizontal white space character
+         \H     any character that is not a horizontal white space character
+         \s     any white space character
+         \S     any character that is not a white space character
+         \v     any vertical white space character
+         \V     any character that is not a vertical white space character
+         \w     any "word" character
+         \W     any "non-word" character
+
+       There is also the single sequence \N, which matches a non-newline char-
+       acter.   This  is the same as the "." metacharacter when PCRE_DOTALL is
+       not set. Perl also uses \N to match characters by name; PCRE  does  not
+       support this.
+
+       Each  pair of lower and upper case escape sequences partitions the com-
+       plete set of characters into two disjoint  sets.  Any  given  character
+       matches  one, and only one, of each pair. The sequences can appear both
+       inside and outside character classes. They each match one character  of
+       the  appropriate  type.  If the current matching point is at the end of
+       the subject string, all of them fail, because there is no character  to
+       match.
+
+       For  compatibility with Perl, \s did not used to match the VT character
+       (code 11), which made it different from the the  POSIX  "space"  class.
+       However,  Perl  added  VT  at  release  5.18, and PCRE followed suit at
+       release 8.34. The default \s characters are now HT  (9),  LF  (10),  VT
+       (11),  FF  (12),  CR  (13),  and space (32), which are defined as white
+       space in the "C" locale. This list may vary if locale-specific matching
+       is  taking place. For example, in some locales the "non-breaking space"
+       character (\xA0) is recognized as white space, and  in  others  the  VT
+       character is not.
+
+       A  "word"  character is an underscore or any character that is a letter
+       or digit.  By default, the definition of letters  and  digits  is  con-
+       trolled  by PCRE's low-valued character tables, and may vary if locale-
+       specific matching is taking place (see "Locale support" in the  pcreapi
+       page).  For  example,  in  a French locale such as "fr_FR" in Unix-like
+       systems, or "french" in Windows, some character codes greater than  127
+       are  used  for  accented letters, and these are then matched by \w. The
+       use of locales with Unicode is discouraged.
+
+       By default, characters whose code points are  greater  than  127  never
+       match \d, \s, or \w, and always match \D, \S, and \W, although this may
+       vary for characters in the range 128-255 when locale-specific  matching
+       is  happening.   These  escape sequences retain their original meanings
+       from before Unicode support was available, mainly for  efficiency  rea-
+       sons.  If  PCRE  is  compiled  with  Unicode  property support, and the
+       PCRE_UCP option is set, the behaviour is changed so that Unicode  prop-
+       erties are used to determine character types, as follows:
+
+         \d  any character that matches \p{Nd} (decimal digit)
+         \s  any character that matches \p{Z} or \h or \v
+         \w  any character that matches \p{L} or \p{N}, plus underscore
+
+       The  upper case escapes match the inverse sets of characters. Note that
+       \d matches only decimal digits, whereas \w matches any  Unicode  digit,
+       as  well as any Unicode letter, and underscore. Note also that PCRE_UCP
+       affects \b, and \B because they are defined in  terms  of  \w  and  \W.
+       Matching these sequences is noticeably slower when PCRE_UCP is set.
+
+       The  sequences  \h, \H, \v, and \V are features that were added to Perl
+       at release 5.10. In contrast to the other sequences, which  match  only
+       ASCII  characters  by  default,  these always match certain high-valued
+       code points, whether or not PCRE_UCP is set. The horizontal space char-
+       acters are:
+
+         U+0009     Horizontal tab (HT)
+         U+0020     Space
+         U+00A0     Non-break space
+         U+1680     Ogham space mark
+         U+180E     Mongolian vowel separator
+         U+2000     En quad
+         U+2001     Em quad
+         U+2002     En space
+         U+2003     Em space
+         U+2004     Three-per-em space
+         U+2005     Four-per-em space
+         U+2006     Six-per-em space
+         U+2007     Figure space
+         U+2008     Punctuation space
+         U+2009     Thin space
+         U+200A     Hair space
+         U+202F     Narrow no-break space
+         U+205F     Medium mathematical space
+         U+3000     Ideographic space
+
+       The vertical space characters are:
+
+         U+000A     Linefeed (LF)
+         U+000B     Vertical tab (VT)
+         U+000C     Form feed (FF)
+         U+000D     Carriage return (CR)
+         U+0085     Next line (NEL)
+         U+2028     Line separator
+         U+2029     Paragraph separator
+
+       In 8-bit, non-UTF-8 mode, only the characters with codepoints less than
+       256 are relevant.
+
+   Newline sequences
+
+       Outside a character class, by default, the escape sequence  \R  matches
+       any  Unicode newline sequence. In 8-bit non-UTF-8 mode \R is equivalent
+       to the following:
+
+         (?>\r\n|\n|\x0b|\f|\r|\x85)
+
+       This is an example of an "atomic group", details  of  which  are  given
+       below.  This particular group matches either the two-character sequence
+       CR followed by LF, or  one  of  the  single  characters  LF  (linefeed,
+       U+000A),  VT  (vertical  tab, U+000B), FF (form feed, U+000C), CR (car-
+       riage return, U+000D), or NEL (next line,  U+0085).  The  two-character
+       sequence is treated as a single unit that cannot be split.
+
+       In  other modes, two additional characters whose codepoints are greater
+       than 255 are added: LS (line separator, U+2028) and PS (paragraph sepa-
+       rator,  U+2029).   Unicode character property support is not needed for
+       these characters to be recognized.
+
+       It is possible to restrict \R to match only CR, LF, or CRLF (instead of
+       the  complete  set  of  Unicode  line  endings)  by  setting the option
+       PCRE_BSR_ANYCRLF either at compile time or when the pattern is matched.
+       (BSR is an abbrevation for "backslash R".) This can be made the default
+       when PCRE is built; if this is the case, the  other  behaviour  can  be
+       requested  via  the  PCRE_BSR_UNICODE  option.   It is also possible to
+       specify these settings by starting a pattern string  with  one  of  the
+       following sequences:
+
+         (*BSR_ANYCRLF)   CR, LF, or CRLF only
+         (*BSR_UNICODE)   any Unicode newline sequence
+
+       These override the default and the options given to the compiling func-
+       tion, but they can themselves be  overridden  by  options  given  to  a
+       matching  function.  Note  that  these  special settings, which are not
+       Perl-compatible, are recognized only at the very start  of  a  pattern,
+       and  that  they  must  be  in  upper  case. If more than one of them is
+       present, the last one is used. They can be combined with  a  change  of
+       newline convention; for example, a pattern can start with:
+
+         (*ANY)(*BSR_ANYCRLF)
+
+       They  can also be combined with the (*UTF8), (*UTF16), (*UTF32), (*UTF)
+       or (*UCP) special sequences. Inside a character class, \R is treated as
+       an  unrecognized  escape  sequence,  and  so  matches the letter "R" by
+       default, but causes an error if PCRE_EXTRA is set.
+
+   Unicode character properties
+
+       When PCRE is built with Unicode character property support, three addi-
+       tional  escape sequences that match characters with specific properties
+       are available.  When in 8-bit non-UTF-8 mode, these  sequences  are  of
+       course  limited  to  testing  characters whose codepoints are less than
+       256, but they do work in this mode.  The extra escape sequences are:
+
+         \p{xx}   a character with the xx property
+         \P{xx}   a character without the xx property
+         \X       a Unicode extended grapheme cluster
+
+       The property names represented by xx above are limited to  the  Unicode
+       script names, the general category properties, "Any", which matches any
+       character  (including  newline),  and  some  special  PCRE   properties
+       (described  in the next section).  Other Perl properties such as "InMu-
+       sicalSymbols" are not currently supported by PCRE.  Note  that  \P{Any}
+       does not match any characters, so always causes a match failure.
+
+       Sets of Unicode characters are defined as belonging to certain scripts.
+       A character from one of these sets can be matched using a script  name.
+       For example:
+
+         \p{Greek}
+         \P{Han}
+
+       Those  that are not part of an identified script are lumped together as
+       "Common". The current list of scripts is:
+
+       Arabic, Armenian, Avestan, Balinese, Bamum, Bassa_Vah, Batak,  Bengali,
+       Bopomofo,  Brahmi,  Braille, Buginese, Buhid, Canadian_Aboriginal, Car-
+       ian, Caucasian_Albanian, Chakma, Cham, Cherokee, Common, Coptic, Cunei-
+       form, Cypriot, Cyrillic, Deseret, Devanagari, Duployan, Egyptian_Hiero-
+       glyphs,  Elbasan,  Ethiopic,  Georgian,  Glagolitic,  Gothic,  Grantha,
+       Greek,  Gujarati,  Gurmukhi,  Han,  Hangul,  Hanunoo, Hebrew, Hiragana,
+       Imperial_Aramaic,    Inherited,     Inscriptional_Pahlavi,     Inscrip-
+       tional_Parthian,   Javanese,   Kaithi,   Kannada,  Katakana,  Kayah_Li,
+       Kharoshthi, Khmer, Khojki, Khudawadi, Lao, Latin, Lepcha,  Limbu,  Lin-
+       ear_A,  Linear_B,  Lisu,  Lycian, Lydian, Mahajani, Malayalam, Mandaic,
+       Manichaean,     Meetei_Mayek,     Mende_Kikakui,      Meroitic_Cursive,
+       Meroitic_Hieroglyphs,  Miao,  Modi, Mongolian, Mro, Myanmar, Nabataean,
+       New_Tai_Lue,  Nko,  Ogham,  Ol_Chiki,  Old_Italic,   Old_North_Arabian,
+       Old_Permic, Old_Persian, Old_South_Arabian, Old_Turkic, Oriya, Osmanya,
+       Pahawh_Hmong,    Palmyrene,    Pau_Cin_Hau,    Phags_Pa,    Phoenician,
+       Psalter_Pahlavi,  Rejang,  Runic,  Samaritan, Saurashtra, Sharada, Sha-
+       vian, Siddham, Sinhala, Sora_Sompeng, Sundanese, Syloti_Nagri,  Syriac,
+       Tagalog,  Tagbanwa,  Tai_Le,  Tai_Tham, Tai_Viet, Takri, Tamil, Telugu,
+       Thaana, Thai, Tibetan, Tifinagh, Tirhuta, Ugaritic,  Vai,  Warang_Citi,
+       Yi.
+
+       Each character has exactly one Unicode general category property, spec-
+       ified by a two-letter abbreviation. For compatibility with Perl,  nega-
+       tion  can  be  specified  by including a circumflex between the opening
+       brace and the property name.  For  example,  \p{^Lu}  is  the  same  as
+       \P{Lu}.
+
+       If only one letter is specified with \p or \P, it includes all the gen-
+       eral category properties that start with that letter. In this case,  in
+       the  absence of negation, the curly brackets in the escape sequence are
+       optional; these two examples have the same effect:
+
+         \p{L}
+         \pL
+
+       The following general category property codes are supported:
+
+         C     Other
+         Cc    Control
+         Cf    Format
+         Cn    Unassigned
+         Co    Private use
+         Cs    Surrogate
+
+         L     Letter
+         Ll    Lower case letter
+         Lm    Modifier letter
+         Lo    Other letter
+         Lt    Title case letter
+         Lu    Upper case letter
+
+         M     Mark
+         Mc    Spacing mark
+         Me    Enclosing mark
+         Mn    Non-spacing mark
+
+         N     Number
+         Nd    Decimal number
+         Nl    Letter number
+         No    Other number
+
+         P     Punctuation
+         Pc    Connector punctuation
+         Pd    Dash punctuation
+         Pe    Close punctuation
+         Pf    Final punctuation
+         Pi    Initial punctuation
+         Po    Other punctuation
+         Ps    Open punctuation
+
+         S     Symbol
+         Sc    Currency symbol
+         Sk    Modifier symbol
+         Sm    Mathematical symbol
+         So    Other symbol
+
+         Z     Separator
+         Zl    Line separator
+         Zp    Paragraph separator
+         Zs    Space separator
+
+       The special property L& is also supported: it matches a character  that
+       has  the  Lu,  Ll, or Lt property, in other words, a letter that is not
+       classified as a modifier or "other".
+
+       The Cs (Surrogate) property applies only to  characters  in  the  range
+       U+D800  to U+DFFF. Such characters are not valid in Unicode strings and
+       so cannot be tested by PCRE, unless  UTF  validity  checking  has  been
+       turned    off    (see    the    discussion    of    PCRE_NO_UTF8_CHECK,
+       PCRE_NO_UTF16_CHECK and PCRE_NO_UTF32_CHECK in the pcreapi page).  Perl
+       does not support the Cs property.
+
+       The  long  synonyms  for  property  names  that  Perl supports (such as
+       \p{Letter}) are not supported by PCRE, nor is it  permitted  to  prefix
+       any of these properties with "Is".
+
+       No character that is in the Unicode table has the Cn (unassigned) prop-
+       erty.  Instead, this property is assumed for any code point that is not
+       in the Unicode table.
+
+       Specifying  caseless  matching  does not affect these escape sequences.
+       For example, \p{Lu} always matches only upper  case  letters.  This  is
+       different from the behaviour of current versions of Perl.
+
+       Matching  characters  by Unicode property is not fast, because PCRE has
+       to do a multistage table lookup in order to find  a  character's  prop-
+       erty. That is why the traditional escape sequences such as \d and \w do
+       not use Unicode properties in PCRE by default, though you can make them
+       do  so  by  setting the PCRE_UCP option or by starting the pattern with
+       (*UCP).
+
+   Extended grapheme clusters
+
+       The \X escape matches any number of Unicode  characters  that  form  an
+       "extended grapheme cluster", and treats the sequence as an atomic group
+       (see below).  Up to and including release 8.31, PCRE  matched  an  ear-
+       lier, simpler definition that was equivalent to
+
+         (?>\PM\pM*)
+
+       That  is,  it matched a character without the "mark" property, followed
+       by zero or more characters with the "mark"  property.  Characters  with
+       the  "mark"  property are typically non-spacing accents that affect the
+       preceding character.
+
+       This simple definition was extended in Unicode to include more  compli-
+       cated  kinds of composite character by giving each character a grapheme
+       breaking property, and creating rules  that  use  these  properties  to
+       define  the  boundaries  of  extended grapheme clusters. In releases of
+       PCRE later than 8.31, \X matches one of these clusters.
+
+       \X always matches at least one character. Then it  decides  whether  to
+       add additional characters according to the following rules for ending a
+       cluster:
+
+       1. End at the end of the subject string.
+
+       2. Do not end between CR and LF; otherwise end after any control  char-
+       acter.
+
+       3.  Do  not  break  Hangul (a Korean script) syllable sequences. Hangul
+       characters are of five types: L, V, T, LV, and LVT. An L character  may
+       be  followed by an L, V, LV, or LVT character; an LV or V character may
+       be followed by a V or T character; an LVT or T character may be follwed
+       only by a T character.
+
+       4.  Do not end before extending characters or spacing marks. Characters
+       with the "mark" property always have  the  "extend"  grapheme  breaking
+       property.
+
+       5. Do not end after prepend characters.
+
+       6. Otherwise, end the cluster.
+
+   PCRE's additional properties
+
+       As  well  as the standard Unicode properties described above, PCRE sup-
+       ports four more that make it possible  to  convert  traditional  escape
+       sequences  such as \w and \s to use Unicode properties. PCRE uses these
+       non-standard, non-Perl properties internally when PCRE_UCP is set. How-
+       ever, they may also be used explicitly. These properties are:
+
+         Xan   Any alphanumeric character
+         Xps   Any POSIX space character
+         Xsp   Any Perl space character
+         Xwd   Any Perl "word" character
+
+       Xan  matches  characters that have either the L (letter) or the N (num-
+       ber) property. Xps matches the characters tab, linefeed, vertical  tab,
+       form  feed,  or carriage return, and any other character that has the Z
+       (separator) property.  Xsp is the same as Xps; it used to exclude  ver-
+       tical  tab,  for Perl compatibility, but Perl changed, and so PCRE fol-
+       lowed at release 8.34. Xwd matches the same  characters  as  Xan,  plus
+       underscore.
+
+       There  is another non-standard property, Xuc, which matches any charac-
+       ter that can be represented by a Universal Character Name  in  C++  and
+       other  programming  languages.  These are the characters $, @, ` (grave
+       accent), and all characters with Unicode code points  greater  than  or
+       equal  to U+00A0, except for the surrogates U+D800 to U+DFFF. Note that
+       most base (ASCII) characters are excluded. (Universal  Character  Names
+       are  of  the  form \uHHHH or \UHHHHHHHH where H is a hexadecimal digit.
+       Note that the Xuc property does not match these sequences but the char-
+       acters that they represent.)
+
+   Resetting the match start
+
+       The  escape sequence \K causes any previously matched characters not to
+       be included in the final matched sequence. For example, the pattern:
+
+         foo\Kbar
+
+       matches "foobar", but reports that it has matched "bar".  This  feature
+       is  similar  to  a lookbehind assertion (described below).  However, in
+       this case, the part of the subject before the real match does not  have
+       to  be of fixed length, as lookbehind assertions do. The use of \K does
+       not interfere with the setting of captured  substrings.   For  example,
+       when the pattern
+
+         (foo)\Kbar
+
+       matches "foobar", the first substring is still set to "foo".
+
+       Perl  documents  that  the  use  of  \K  within assertions is "not well
+       defined". In PCRE, \K is acted upon  when  it  occurs  inside  positive
+       assertions,  but  is  ignored  in negative assertions. Note that when a
+       pattern such as (?=ab\K) matches, the reported start of the  match  can
+       be greater than the end of the match.
+
+   Simple assertions
+
+       The  final use of backslash is for certain simple assertions. An asser-
+       tion specifies a condition that has to be met at a particular point  in
+       a  match, without consuming any characters from the subject string. The
+       use of subpatterns for more complicated assertions is described  below.
+       The backslashed assertions are:
+
+         \b     matches at a word boundary
+         \B     matches when not at a word boundary
+         \A     matches at the start of the subject
+         \Z     matches at the end of the subject
+                 also matches before a newline at the end of the subject
+         \z     matches only at the end of the subject
+         \G     matches at the first matching position in the subject
+
+       Inside  a  character  class, \b has a different meaning; it matches the
+       backspace character. If any other of  these  assertions  appears  in  a
+       character  class, by default it matches the corresponding literal char-
+       acter  (for  example,  \B  matches  the  letter  B).  However,  if  the
+       PCRE_EXTRA  option is set, an "invalid escape sequence" error is gener-
+       ated instead.
+
+       A word boundary is a position in the subject string where  the  current
+       character  and  the previous character do not both match \w or \W (i.e.
+       one matches \w and the other matches \W), or the start or  end  of  the
+       string  if  the  first or last character matches \w, respectively. In a
+       UTF mode, the meanings of \w and \W  can  be  changed  by  setting  the
+       PCRE_UCP  option. When this is done, it also affects \b and \B. Neither
+       PCRE nor Perl has a separate "start of word" or "end of  word"  metase-
+       quence.  However,  whatever follows \b normally determines which it is.
+       For example, the fragment \ba matches "a" at the start of a word.
+
+       The \A, \Z, and \z assertions differ from  the  traditional  circumflex
+       and dollar (described in the next section) in that they only ever match
+       at the very start and end of the subject string, whatever  options  are
+       set.  Thus,  they are independent of multiline mode. These three asser-
+       tions are not affected by the PCRE_NOTBOL or PCRE_NOTEOL options, which
+       affect  only the behaviour of the circumflex and dollar metacharacters.
+       However, if the startoffset argument of pcre_exec() is non-zero,  indi-
+       cating that matching is to start at a point other than the beginning of
+       the subject, \A can never match. The difference between \Z  and  \z  is
+       that \Z matches before a newline at the end of the string as well as at
+       the very end, whereas \z matches only at the end.
+
+       The \G assertion is true only when the current matching position is  at
+       the  start point of the match, as specified by the startoffset argument
+       of pcre_exec(). It differs from \A when the  value  of  startoffset  is
+       non-zero.  By calling pcre_exec() multiple times with appropriate argu-
+       ments, you can mimic Perl's /g option, and it is in this kind of imple-
+       mentation where \G can be useful.
+
+       Note,  however,  that  PCRE's interpretation of \G, as the start of the
+       current match, is subtly different from Perl's, which defines it as the
+       end  of  the  previous  match. In Perl, these can be different when the
+       previously matched string was empty. Because PCRE does just  one  match
+       at a time, it cannot reproduce this behaviour.
+
+       If  all  the alternatives of a pattern begin with \G, the expression is
+       anchored to the starting match position, and the "anchored" flag is set
+       in the compiled regular expression.
+
+
+CIRCUMFLEX AND DOLLAR
+
+       The  circumflex  and  dollar  metacharacters are zero-width assertions.
+       That is, they test for a particular condition being true  without  con-
+       suming any characters from the subject string.
+
+       Outside a character class, in the default matching mode, the circumflex
+       character is an assertion that is true only  if  the  current  matching
+       point  is  at the start of the subject string. If the startoffset argu-
+       ment of pcre_exec() is non-zero, circumflex  can  never  match  if  the
+       PCRE_MULTILINE  option  is  unset. Inside a character class, circumflex
+       has an entirely different meaning (see below).
+
+       Circumflex need not be the first character of the pattern if  a  number
+       of  alternatives are involved, but it should be the first thing in each
+       alternative in which it appears if the pattern is ever  to  match  that
+       branch.  If all possible alternatives start with a circumflex, that is,
+       if the pattern is constrained to match only at the start  of  the  sub-
+       ject,  it  is  said  to be an "anchored" pattern. (There are also other
+       constructs that can cause a pattern to be anchored.)
+
+       The dollar character is an assertion that is true only if  the  current
+       matching  point  is  at  the  end of the subject string, or immediately
+       before a newline at the end of the string (by default). Note,  however,
+       that  it  does  not  actually match the newline. Dollar need not be the
+       last character of the pattern if a number of alternatives are involved,
+       but  it should be the last item in any branch in which it appears. Dol-
+       lar has no special meaning in a character class.
+
+       The meaning of dollar can be changed so that it  matches  only  at  the
+       very  end  of  the string, by setting the PCRE_DOLLAR_ENDONLY option at
+       compile time. This does not affect the \Z assertion.
+
+       The meanings of the circumflex and dollar characters are changed if the
+       PCRE_MULTILINE  option  is  set.  When  this  is the case, a circumflex
+       matches immediately after internal newlines as well as at the start  of
+       the  subject  string.  It  does not match after a newline that ends the
+       string. A dollar matches before any newlines in the string, as well  as
+       at  the very end, when PCRE_MULTILINE is set. When newline is specified
+       as the two-character sequence CRLF, isolated CR and  LF  characters  do
+       not indicate newlines.
+
+       For  example, the pattern /^abc$/ matches the subject string "def\nabc"
+       (where \n represents a newline) in multiline mode, but  not  otherwise.
+       Consequently,  patterns  that  are anchored in single line mode because
+       all branches start with ^ are not anchored in  multiline  mode,  and  a
+       match  for  circumflex  is  possible  when  the startoffset argument of
+       pcre_exec() is non-zero. The PCRE_DOLLAR_ENDONLY option is  ignored  if
+       PCRE_MULTILINE is set.
+
+       Note  that  the sequences \A, \Z, and \z can be used to match the start
+       and end of the subject in both modes, and if all branches of a  pattern
+       start  with  \A it is always anchored, whether or not PCRE_MULTILINE is
+       set.
+
+
+FULL STOP (PERIOD, DOT) AND \N
+
+       Outside a character class, a dot in the pattern matches any one charac-
+       ter  in  the subject string except (by default) a character that signi-
+       fies the end of a line.
+
+       When a line ending is defined as a single character, dot never  matches
+       that  character; when the two-character sequence CRLF is used, dot does
+       not match CR if it is immediately followed  by  LF,  but  otherwise  it
+       matches  all characters (including isolated CRs and LFs). When any Uni-
+       code line endings are being recognized, dot does not match CR or LF  or
+       any of the other line ending characters.
+
+       The  behaviour  of  dot  with regard to newlines can be changed. If the
+       PCRE_DOTALL option is set, a dot matches  any  one  character,  without
+       exception. If the two-character sequence CRLF is present in the subject
+       string, it takes two dots to match it.
+
+       The handling of dot is entirely independent of the handling of  circum-
+       flex  and  dollar,  the  only relationship being that they both involve
+       newlines. Dot has no special meaning in a character class.
+
+       The escape sequence \N behaves like  a  dot,  except  that  it  is  not
+       affected  by  the  PCRE_DOTALL  option.  In other words, it matches any
+       character except one that signifies the end of a line. Perl  also  uses
+       \N to match characters by name; PCRE does not support this.
+
+
+MATCHING A SINGLE DATA UNIT
+
+       Outside  a character class, the escape sequence \C matches any one data
+       unit, whether or not a UTF mode is set. In the 8-bit library, one  data
+       unit  is  one  byte;  in the 16-bit library it is a 16-bit unit; in the
+       32-bit library it is a 32-bit unit. Unlike a  dot,  \C  always  matches
+       line-ending  characters.  The  feature  is provided in Perl in order to
+       match individual bytes in UTF-8 mode, but it is unclear how it can use-
+       fully  be  used.  Because  \C breaks up characters into individual data
+       units, matching one unit with \C in a UTF mode means that the  rest  of
+       the string may start with a malformed UTF character. This has undefined
+       results, because PCRE assumes that it is dealing with valid UTF strings
+       (and  by  default  it checks this at the start of processing unless the
+       PCRE_NO_UTF8_CHECK, PCRE_NO_UTF16_CHECK or  PCRE_NO_UTF32_CHECK  option
+       is used).
+
+       PCRE  does  not  allow \C to appear in lookbehind assertions (described
+       below) in a UTF mode, because this would make it impossible  to  calcu-
+       late the length of the lookbehind.
+
+       In general, the \C escape sequence is best avoided. However, one way of
+       using it that avoids the problem of malformed UTF characters is to  use
+       a  lookahead to check the length of the next character, as in this pat-
+       tern, which could be used with a UTF-8 string (ignore white  space  and
+       line breaks):
+
+         (?| (?=[\x00-\x7f])(\C) |
+             (?=[\x80-\x{7ff}])(\C)(\C) |
+             (?=[\x{800}-\x{ffff}])(\C)(\C)(\C) |
+             (?=[\x{10000}-\x{1fffff}])(\C)(\C)(\C)(\C))
+
+       A  group  that starts with (?| resets the capturing parentheses numbers
+       in each alternative (see "Duplicate  Subpattern  Numbers"  below).  The
+       assertions  at  the start of each branch check the next UTF-8 character
+       for values whose encoding uses 1, 2, 3, or 4 bytes,  respectively.  The
+       character's  individual bytes are then captured by the appropriate num-
+       ber of groups.
+
+
+SQUARE BRACKETS AND CHARACTER CLASSES
+
+       An opening square bracket introduces a character class, terminated by a
+       closing square bracket. A closing square bracket on its own is not spe-
+       cial by default.  However, if the PCRE_JAVASCRIPT_COMPAT option is set,
+       a lone closing square bracket causes a compile-time error. If a closing
+       square bracket is required as a member of the class, it should  be  the
+       first  data  character  in  the  class (after an initial circumflex, if
+       present) or escaped with a backslash.
+
+       A character class matches a single character in the subject. In  a  UTF
+       mode,  the  character  may  be  more than one data unit long. A matched
+       character must be in the set of characters defined by the class, unless
+       the  first  character in the class definition is a circumflex, in which
+       case the subject character must not be in the set defined by the class.
+       If  a  circumflex is actually required as a member of the class, ensure
+       it is not the first character, or escape it with a backslash.
+
+       For example, the character class [aeiou] matches any lower case  vowel,
+       while  [^aeiou]  matches  any character that is not a lower case vowel.
+       Note that a circumflex is just a convenient notation for specifying the
+       characters  that  are in the class by enumerating those that are not. A
+       class that starts with a circumflex is not an assertion; it still  con-
+       sumes  a  character  from the subject string, and therefore it fails if
+       the current pointer is at the end of the string.
+
+       In UTF-8 (UTF-16, UTF-32) mode, characters with values greater than 255
+       (0xffff)  can be included in a class as a literal string of data units,
+       or by using the \x{ escaping mechanism.
+
+       When caseless matching is set, any letters in a  class  represent  both
+       their  upper  case  and lower case versions, so for example, a caseless
+       [aeiou] matches "A" as well as "a", and a caseless  [^aeiou]  does  not
+       match  "A", whereas a caseful version would. In a UTF mode, PCRE always
+       understands the concept of case for characters whose  values  are  less
+       than  128, so caseless matching is always possible. For characters with
+       higher values, the concept of case is supported  if  PCRE  is  compiled
+       with  Unicode  property support, but not otherwise.  If you want to use
+       caseless matching in a UTF mode for characters 128 and above, you  must
+       ensure  that  PCRE is compiled with Unicode property support as well as
+       with UTF support.
+
+       Characters that might indicate line breaks are  never  treated  in  any
+       special  way  when  matching  character  classes,  whatever line-ending
+       sequence is in  use,  and  whatever  setting  of  the  PCRE_DOTALL  and
+       PCRE_MULTILINE options is used. A class such as [^a] always matches one
+       of these characters.
+
+       The minus (hyphen) character can be used to specify a range of  charac-
+       ters  in  a  character  class.  For  example,  [d-m] matches any letter
+       between d and m, inclusive. If a  minus  character  is  required  in  a
+       class,  it  must  be  escaped  with a backslash or appear in a position
+       where it cannot be interpreted as indicating a range, typically as  the
+       first or last character in the class, or immediately after a range. For
+       example, [b-d-z] matches letters in the range b to d, a hyphen  charac-
+       ter, or z.
+
+       It is not possible to have the literal character "]" as the end charac-
+       ter of a range. A pattern such as [W-]46] is interpreted as a class  of
+       two  characters ("W" and "-") followed by a literal string "46]", so it
+       would match "W46]" or "-46]". However, if the "]"  is  escaped  with  a
+       backslash  it is interpreted as the end of range, so [W-\]46] is inter-
+       preted as a class containing a range followed by two other  characters.
+       The  octal or hexadecimal representation of "]" can also be used to end
+       a range.
+
+       An error is generated if a POSIX character  class  (see  below)  or  an
+       escape  sequence other than one that defines a single character appears
+       at a point where a range ending character  is  expected.  For  example,
+       [z-\xff] is valid, but [A-\d] and [A-[:digit:]] are not.
+
+       Ranges  operate in the collating sequence of character values. They can
+       also  be  used  for  characters  specified  numerically,  for   example
+       [\000-\037].  Ranges  can include any characters that are valid for the
+       current mode.
+
+       If a range that includes letters is used when caseless matching is set,
+       it matches the letters in either case. For example, [W-c] is equivalent
+       to [][\\^_`wxyzabc], matched caselessly, and  in  a  non-UTF  mode,  if
+       character  tables  for  a French locale are in use, [\xc8-\xcb] matches
+       accented E characters in both cases. In UTF modes,  PCRE  supports  the
+       concept  of  case for characters with values greater than 128 only when
+       it is compiled with Unicode property support.
+
+       The character escape sequences \d, \D, \h, \H, \p, \P, \s, \S, \v,  \V,
+       \w, and \W may appear in a character class, and add the characters that
+       they match to the class. For example, [\dABCDEF] matches any  hexadeci-
+       mal  digit.  In  UTF modes, the PCRE_UCP option affects the meanings of
+       \d, \s, \w and their upper case partners, just as  it  does  when  they
+       appear  outside a character class, as described in the section entitled
+       "Generic character types" above. The escape sequence \b has a different
+       meaning  inside  a character class; it matches the backspace character.
+       The sequences \B, \N, \R, and \X are not  special  inside  a  character
+       class.  Like  any other unrecognized escape sequences, they are treated
+       as the literal characters "B", "N", "R", and "X" by default, but  cause
+       an error if the PCRE_EXTRA option is set.
+
+       A  circumflex  can  conveniently  be used with the upper case character
+       types to specify a more restricted set of characters than the  matching
+       lower  case  type.  For example, the class [^\W_] matches any letter or
+       digit, but not underscore, whereas [\w] includes underscore. A positive
+       character class should be read as "something OR something OR ..." and a
+       negative class as "NOT something AND NOT something AND NOT ...".
+
+       The only metacharacters that are recognized in  character  classes  are
+       backslash,  hyphen  (only  where  it can be interpreted as specifying a
+       range), circumflex (only at the start), opening  square  bracket  (only
+       when  it can be interpreted as introducing a POSIX class name, or for a
+       special compatibility feature - see the next  two  sections),  and  the
+       terminating  closing  square  bracket.  However,  escaping  other  non-
+       alphanumeric characters does no harm.
+
+
+POSIX CHARACTER CLASSES
+
+       Perl supports the POSIX notation for character classes. This uses names
+       enclosed  by  [: and :] within the enclosing square brackets. PCRE also
+       supports this notation. For example,
+
+         [01[:alpha:]%]
+
+       matches "0", "1", any alphabetic character, or "%". The supported class
+       names are:
+
+         alnum    letters and digits
+         alpha    letters
+         ascii    character codes 0 - 127
+         blank    space or tab only
+         cntrl    control characters
+         digit    decimal digits (same as \d)
+         graph    printing characters, excluding space
+         lower    lower case letters
+         print    printing characters, including space
+         punct    printing characters, excluding letters and digits and space
+         space    white space (the same as \s from PCRE 8.34)
+         upper    upper case letters
+         word     "word" characters (same as \w)
+         xdigit   hexadecimal digits
+
+       The  default  "space" characters are HT (9), LF (10), VT (11), FF (12),
+       CR (13), and space (32). If locale-specific matching is  taking  place,
+       the  list  of  space characters may be different; there may be fewer or
+       more of them. "Space" used to be different to \s, which did not include
+       VT, for Perl compatibility.  However, Perl changed at release 5.18, and
+       PCRE followed at release 8.34.  "Space" and \s now match the  same  set
+       of characters.
+
+       The  name  "word"  is  a Perl extension, and "blank" is a GNU extension
+       from Perl 5.8. Another Perl extension is negation, which  is  indicated
+       by a ^ character after the colon. For example,
+
+         [12[:^digit:]]
+
+       matches  "1", "2", or any non-digit. PCRE (and Perl) also recognize the
+       POSIX syntax [.ch.] and [=ch=] where "ch" is a "collating element", but
+       these are not supported, and an error is given if they are encountered.
+
+       By default, characters with values greater than 128 do not match any of
+       the POSIX character classes. However, if the PCRE_UCP option is  passed
+       to  pcre_compile(),  some  of  the  classes are changed so that Unicode
+       character properties are used. This is achieved  by  replacing  certain
+       POSIX classes by other sequences, as follows:
+
+         [:alnum:]  becomes  \p{Xan}
+         [:alpha:]  becomes  \p{L}
+         [:blank:]  becomes  \h
+         [:digit:]  becomes  \p{Nd}
+         [:lower:]  becomes  \p{Ll}
+         [:space:]  becomes  \p{Xps}
+         [:upper:]  becomes  \p{Lu}
+         [:word:]   becomes  \p{Xwd}
+
+       Negated  versions, such as [:^alpha:] use \P instead of \p. Three other
+       POSIX classes are handled specially in UCP mode:
+
+       [:graph:] This matches characters that have glyphs that mark  the  page
+                 when printed. In Unicode property terms, it matches all char-
+                 acters with the L, M, N, P, S, or Cf properties, except for:
+
+                   U+061C           Arabic Letter Mark
+                   U+180E           Mongolian Vowel Separator
+                   U+2066 - U+2069  Various "isolate"s
+
+
+       [:print:] This matches the same  characters  as  [:graph:]  plus  space
+                 characters  that  are  not controls, that is, characters with
+                 the Zs property.
+
+       [:punct:] This matches all characters that have the Unicode P (punctua-
+                 tion)  property,  plus those characters whose code points are
+                 less than 128 that have the S (Symbol) property.
+
+       The other POSIX classes are unchanged, and match only  characters  with
+       code points less than 128.
+
+
+COMPATIBILITY FEATURE FOR WORD BOUNDARIES
+
+       In  the POSIX.2 compliant library that was included in 4.4BSD Unix, the
+       ugly syntax [[:<:]] and [[:>:]] is used for matching  "start  of  word"
+       and "end of word". PCRE treats these items as follows:
+
+         [[:<:]]  is converted to  \b(?=\w)
+         [[:>:]]  is converted to  \b(?<=\w)
+
+       Only these exact character sequences are recognized. A sequence such as
+       [a[:<:]b] provokes error for an unrecognized  POSIX  class  name.  This
+       support  is not compatible with Perl. It is provided to help migrations
+       from other environments, and is best not used in any new patterns. Note
+       that  \b matches at the start and the end of a word (see "Simple asser-
+       tions" above), and in a Perl-style pattern the preceding  or  following
+       character  normally  shows  which  is  wanted, without the need for the
+       assertions that are used above in order to give exactly the  POSIX  be-
+       haviour.
+
+
+VERTICAL BAR
+
+       Vertical  bar characters are used to separate alternative patterns. For
+       example, the pattern
+
+         gilbert|sullivan
+
+       matches either "gilbert" or "sullivan". Any number of alternatives  may
+       appear,  and  an  empty  alternative  is  permitted (matching the empty
+       string). The matching process tries each alternative in turn, from left
+       to  right, and the first one that succeeds is used. If the alternatives
+       are within a subpattern (defined below), "succeeds" means matching  the
+       rest of the main pattern as well as the alternative in the subpattern.
+
+
+INTERNAL OPTION SETTING
+
+       The  settings  of  the  PCRE_CASELESS, PCRE_MULTILINE, PCRE_DOTALL, and
+       PCRE_EXTENDED options (which are Perl-compatible) can be  changed  from
+       within  the  pattern  by  a  sequence  of  Perl option letters enclosed
+       between "(?" and ")".  The option letters are
+
+         i  for PCRE_CASELESS
+         m  for PCRE_MULTILINE
+         s  for PCRE_DOTALL
+         x  for PCRE_EXTENDED
+
+       For example, (?im) sets caseless, multiline matching. It is also possi-
+       ble to unset these options by preceding the letter with a hyphen, and a
+       combined setting and unsetting such as (?im-sx), which sets  PCRE_CASE-
+       LESS  and PCRE_MULTILINE while unsetting PCRE_DOTALL and PCRE_EXTENDED,
+       is also permitted. If a  letter  appears  both  before  and  after  the
+       hyphen, the option is unset.
+
+       The  PCRE-specific options PCRE_DUPNAMES, PCRE_UNGREEDY, and PCRE_EXTRA
+       can be changed in the same way as the Perl-compatible options by  using
+       the characters J, U and X respectively.
+
+       When  one  of  these  option  changes occurs at top level (that is, not
+       inside subpattern parentheses), the change applies to the remainder  of
+       the  pattern  that  follows.  An option change within a subpattern (see
+       below for a description of subpatterns) affects only that part  of  the
+       subpattern that follows it, so
+
+         (a(?i)b)c
+
+       matches abc and aBc and no other strings (assuming PCRE_CASELESS is not
+       used).  By this means, options can be made to have  different  settings
+       in  different parts of the pattern. Any changes made in one alternative
+       do carry on into subsequent branches within the  same  subpattern.  For
+       example,
+
+         (a(?i)b|c)
+
+       matches  "ab",  "aB",  "c",  and "C", even though when matching "C" the
+       first branch is abandoned before the option setting.  This  is  because
+       the  effects  of option settings happen at compile time. There would be
+       some very weird behaviour otherwise.
+
+       Note: There are other PCRE-specific options that  can  be  set  by  the
+       application  when  the  compiling  or matching functions are called. In
+       some cases the pattern can contain special leading  sequences  such  as
+       (*CRLF)  to  override  what  the  application  has set or what has been
+       defaulted.  Details  are  given  in  the  section   entitled   "Newline
+       sequences"  above.  There  are also the (*UTF8), (*UTF16),(*UTF32), and
+       (*UCP) leading sequences that can be used to set UTF and Unicode  prop-
+       erty  modes;  they are equivalent to setting the PCRE_UTF8, PCRE_UTF16,
+       PCRE_UTF32 and the PCRE_UCP options, respectively. The (*UTF)  sequence
+       is  a  generic version that can be used with any of the libraries. How-
+       ever, the application can set the PCRE_NEVER_UTF  option,  which  locks
+       out the use of the (*UTF) sequences.
+
+
+SUBPATTERNS
+
+       Subpatterns are delimited by parentheses (round brackets), which can be
+       nested.  Turning part of a pattern into a subpattern does two things:
+
+       1. It localizes a set of alternatives. For example, the pattern
+
+         cat(aract|erpillar|)
+
+       matches "cataract", "caterpillar", or "cat". Without  the  parentheses,
+       it would match "cataract", "erpillar" or an empty string.
+
+       2.  It  sets  up  the  subpattern as a capturing subpattern. This means
+       that, when the whole pattern  matches,  that  portion  of  the  subject
+       string that matched the subpattern is passed back to the caller via the
+       ovector argument of the matching function. (This applies  only  to  the
+       traditional  matching functions; the DFA matching functions do not sup-
+       port capturing.)
+
+       Opening parentheses are counted from left to right (starting from 1) to
+       obtain  numbers  for  the  capturing  subpatterns.  For example, if the
+       string "the red king" is matched against the pattern
+
+         the ((red|white) (king|queen))
+
+       the captured substrings are "red king", "red", and "king", and are num-
+       bered 1, 2, and 3, respectively.
+
+       The  fact  that  plain  parentheses  fulfil two functions is not always
+       helpful.  There are often times when a grouping subpattern is  required
+       without  a capturing requirement. If an opening parenthesis is followed
+       by a question mark and a colon, the subpattern does not do any  captur-
+       ing,  and  is  not  counted when computing the number of any subsequent
+       capturing subpatterns. For example, if the string "the white queen"  is
+       matched against the pattern
+
+         the ((?:red|white) (king|queen))
+
+       the captured substrings are "white queen" and "queen", and are numbered
+       1 and 2. The maximum number of capturing subpatterns is 65535.
+
+       As a convenient shorthand, if any option settings are required  at  the
+       start  of  a  non-capturing  subpattern,  the option letters may appear
+       between the "?" and the ":". Thus the two patterns
+
+         (?i:saturday|sunday)
+         (?:(?i)saturday|sunday)
+
+       match exactly the same set of strings. Because alternative branches are
+       tried  from  left  to right, and options are not reset until the end of
+       the subpattern is reached, an option setting in one branch does  affect
+       subsequent  branches,  so  the above patterns match "SUNDAY" as well as
+       "Saturday".
+
+
+DUPLICATE SUBPATTERN NUMBERS
+
+       Perl 5.10 introduced a feature whereby each alternative in a subpattern
+       uses  the same numbers for its capturing parentheses. Such a subpattern
+       starts with (?| and is itself a non-capturing subpattern. For  example,
+       consider this pattern:
+
+         (?|(Sat)ur|(Sun))day
+
+       Because  the two alternatives are inside a (?| group, both sets of cap-
+       turing parentheses are numbered one. Thus, when  the  pattern  matches,
+       you  can  look  at captured substring number one, whichever alternative
+       matched. This construct is useful when you want to  capture  part,  but
+       not all, of one of a number of alternatives. Inside a (?| group, paren-
+       theses are numbered as usual, but the number is reset at the  start  of
+       each  branch.  The numbers of any capturing parentheses that follow the
+       subpattern start after the highest number used in any branch. The  fol-
+       lowing example is taken from the Perl documentation. The numbers under-
+       neath show in which buffer the captured content will be stored.
+
+         # before  ---------------branch-reset----------- after
+         / ( a )  (?| x ( y ) z | (p (q) r) | (t) u (v) ) ( z ) /x
+         # 1            2         2  3        2     3     4
+
+       A back reference to a numbered subpattern uses the  most  recent  value
+       that  is  set  for that number by any subpattern. The following pattern
+       matches "abcabc" or "defdef":
+
+         /(?|(abc)|(def))\1/
+
+       In contrast, a subroutine call to a numbered subpattern  always  refers
+       to  the  first  one in the pattern with the given number. The following
+       pattern matches "abcabc" or "defabc":
+
+         /(?|(abc)|(def))(?1)/
+
+       If a condition test for a subpattern's having matched refers to a  non-
+       unique  number, the test is true if any of the subpatterns of that num-
+       ber have matched.
+
+       An alternative approach to using this "branch reset" feature is to  use
+       duplicate named subpatterns, as described in the next section.
+
+
+NAMED SUBPATTERNS
+
+       Identifying  capturing  parentheses  by number is simple, but it can be
+       very hard to keep track of the numbers in complicated  regular  expres-
+       sions.  Furthermore,  if  an  expression  is  modified, the numbers may
+       change. To help with this difficulty, PCRE supports the naming of  sub-
+       patterns. This feature was not added to Perl until release 5.10. Python
+       had the feature earlier, and PCRE introduced it at release  4.0,  using
+       the  Python syntax. PCRE now supports both the Perl and the Python syn-
+       tax. Perl allows identically numbered  subpatterns  to  have  different
+       names, but PCRE does not.
+
+       In  PCRE,  a subpattern can be named in one of three ways: (?<name>...)
+       or (?'name'...) as in Perl, or (?P<name>...) as in  Python.  References
+       to  capturing parentheses from other parts of the pattern, such as back
+       references, recursion, and conditions, can be made by name as  well  as
+       by number.
+
+       Names  consist of up to 32 alphanumeric characters and underscores, but
+       must start with a non-digit.  Named  capturing  parentheses  are  still
+       allocated  numbers  as  well as names, exactly as if the names were not
+       present. The PCRE API provides function calls for extracting the  name-
+       to-number  translation  table  from a compiled pattern. There is also a
+       convenience function for extracting a captured substring by name.
+
+       By default, a name must be unique within a pattern, but it is  possible
+       to relax this constraint by setting the PCRE_DUPNAMES option at compile
+       time. (Duplicate names are also always permitted for  subpatterns  with
+       the  same  number, set up as described in the previous section.) Dupli-
+       cate names can be useful for patterns where only one  instance  of  the
+       named  parentheses  can  match. Suppose you want to match the name of a
+       weekday, either as a 3-letter abbreviation or as the full name, and  in
+       both cases you want to extract the abbreviation. This pattern (ignoring
+       the line breaks) does the job:
+
+         (?<DN>Mon|Fri|Sun)(?:day)?|
+         (?<DN>Tue)(?:sday)?|
+         (?<DN>Wed)(?:nesday)?|
+         (?<DN>Thu)(?:rsday)?|
+         (?<DN>Sat)(?:urday)?
+
+       There are five capturing substrings, but only one is ever set  after  a
+       match.  (An alternative way of solving this problem is to use a "branch
+       reset" subpattern, as described in the previous section.)
+
+       The convenience function for extracting the data by  name  returns  the
+       substring  for  the first (and in this example, the only) subpattern of
+       that name that matched. This saves searching  to  find  which  numbered
+       subpattern it was.
+
+       If  you  make  a  back  reference to a non-unique named subpattern from
+       elsewhere in the pattern, the subpatterns to which the name refers  are
+       checked  in  the order in which they appear in the overall pattern. The
+       first one that is set is used for the reference. For example, this pat-
+       tern matches both "foofoo" and "barbar" but not "foobar" or "barfoo":
+
+         (?:(?<n>foo)|(?<n>bar))\k<n>
+
+
+       If you make a subroutine call to a non-unique named subpattern, the one
+       that corresponds to the first occurrence of the name is  used.  In  the
+       absence of duplicate numbers (see the previous section) this is the one
+       with the lowest number.
+
+       If you use a named reference in a condition test (see the section about
+       conditions below), either to check whether a subpattern has matched, or
+       to check for recursion, all subpatterns with the same name are  tested.
+       If  the condition is true for any one of them, the overall condition is
+       true. This is the same behaviour as  testing  by  number.  For  further
+       details  of  the  interfaces  for  handling  named subpatterns, see the
+       pcreapi documentation.
+
+       Warning: You cannot use different names to distinguish between two sub-
+       patterns  with  the same number because PCRE uses only the numbers when
+       matching. For this reason, an error is given at compile time if differ-
+       ent  names  are given to subpatterns with the same number. However, you
+       can always give the same name to subpatterns with the same number, even
+       when PCRE_DUPNAMES is not set.
+
+
+REPETITION
+
+       Repetition  is  specified  by  quantifiers, which can follow any of the
+       following items:
+
+         a literal data character
+         the dot metacharacter
+         the \C escape sequence
+         the \X escape sequence
+         the \R escape sequence
+         an escape such as \d or \pL that matches a single character
+         a character class
+         a back reference (see next section)
+         a parenthesized subpattern (including assertions)
+         a subroutine call to a subpattern (recursive or otherwise)
+
+       The general repetition quantifier specifies a minimum and maximum  num-
+       ber  of  permitted matches, by giving the two numbers in curly brackets
+       (braces), separated by a comma. The numbers must be  less  than  65536,
+       and the first must be less than or equal to the second. For example:
+
+         z{2,4}
+
+       matches  "zz",  "zzz",  or  "zzzz". A closing brace on its own is not a
+       special character. If the second number is omitted, but  the  comma  is
+       present,  there  is  no upper limit; if the second number and the comma
+       are both omitted, the quantifier specifies an exact number of  required
+       matches. Thus
+
+         [aeiou]{3,}
+
+       matches at least 3 successive vowels, but may match many more, while
+
+         \d{8}
+
+       matches  exactly  8  digits. An opening curly bracket that appears in a
+       position where a quantifier is not allowed, or one that does not  match
+       the  syntax of a quantifier, is taken as a literal character. For exam-
+       ple, {,6} is not a quantifier, but a literal string of four characters.
+
+       In UTF modes, quantifiers apply to characters rather than to individual
+       data  units. Thus, for example, \x{100}{2} matches two characters, each
+       of which is represented by a two-byte sequence in a UTF-8 string. Simi-
+       larly,  \X{3} matches three Unicode extended grapheme clusters, each of
+       which may be several data units long (and  they  may  be  of  different
+       lengths).
+
+       The quantifier {0} is permitted, causing the expression to behave as if
+       the previous item and the quantifier were not present. This may be use-
+       ful  for  subpatterns that are referenced as subroutines from elsewhere
+       in the pattern (but see also the section entitled "Defining subpatterns
+       for  use  by  reference only" below). Items other than subpatterns that
+       have a {0} quantifier are omitted from the compiled pattern.
+
+       For convenience, the three most common quantifiers have  single-charac-
+       ter abbreviations:
+
+         *    is equivalent to {0,}
+         +    is equivalent to {1,}
+         ?    is equivalent to {0,1}
+
+       It  is  possible  to construct infinite loops by following a subpattern
+       that can match no characters with a quantifier that has no upper limit,
+       for example:
+
+         (a?)*
+
+       Earlier versions of Perl and PCRE used to give an error at compile time
+       for such patterns. However, because there are cases where this  can  be
+       useful,  such  patterns  are now accepted, but if any repetition of the
+       subpattern does in fact match no characters, the loop is forcibly  bro-
+       ken.
+
+       By  default,  the quantifiers are "greedy", that is, they match as much
+       as possible (up to the maximum  number  of  permitted  times),  without
+       causing  the  rest of the pattern to fail. The classic example of where
+       this gives problems is in trying to match comments in C programs. These
+       appear  between  /*  and  */ and within the comment, individual * and /
+       characters may appear. An attempt to match C comments by  applying  the
+       pattern
+
+         /\*.*\*/
+
+       to the string
+
+         /* first comment */  not comment  /* second comment */
+
+       fails,  because it matches the entire string owing to the greediness of
+       the .*  item.
+
+       However, if a quantifier is followed by a question mark, it  ceases  to
+       be greedy, and instead matches the minimum number of times possible, so
+       the pattern
+
+         /\*.*?\*/
+
+       does the right thing with the C comments. The meaning  of  the  various
+       quantifiers  is  not  otherwise  changed,  just the preferred number of
+       matches.  Do not confuse this use of question mark with its  use  as  a
+       quantifier  in its own right. Because it has two uses, it can sometimes
+       appear doubled, as in
+
+         \d??\d
+
+       which matches one digit by preference, but can match two if that is the
+       only way the rest of the pattern matches.
+
+       If  the PCRE_UNGREEDY option is set (an option that is not available in
+       Perl), the quantifiers are not greedy by default, but  individual  ones
+       can  be  made  greedy  by following them with a question mark. In other
+       words, it inverts the default behaviour.
+
+       When a parenthesized subpattern is quantified  with  a  minimum  repeat
+       count  that is greater than 1 or with a limited maximum, more memory is
+       required for the compiled pattern, in proportion to  the  size  of  the
+       minimum or maximum.
+
+       If a pattern starts with .* or .{0,} and the PCRE_DOTALL option (equiv-
+       alent to Perl's /s) is set, thus allowing the dot  to  match  newlines,
+       the  pattern  is  implicitly anchored, because whatever follows will be
+       tried against every character position in the subject string, so  there
+       is  no  point  in  retrying the overall match at any position after the
+       first. PCRE normally treats such a pattern as though it  were  preceded
+       by \A.
+
+       In  cases  where  it  is known that the subject string contains no new-
+       lines, it is worth setting PCRE_DOTALL in order to  obtain  this  opti-
+       mization, or alternatively using ^ to indicate anchoring explicitly.
+
+       However,  there  are  some cases where the optimization cannot be used.
+       When .*  is inside capturing parentheses that are the subject of a back
+       reference elsewhere in the pattern, a match at the start may fail where
+       a later one succeeds. Consider, for example:
+
+         (.*)abc\1
+
+       If the subject is "xyz123abc123" the match point is the fourth  charac-
+       ter. For this reason, such a pattern is not implicitly anchored.
+
+       Another  case where implicit anchoring is not applied is when the lead-
+       ing .* is inside an atomic group. Once again, a match at the start  may
+       fail where a later one succeeds. Consider this pattern:
+
+         (?>.*?a)b
+
+       It  matches "ab" in the subject "aab". The use of the backtracking con-
+       trol verbs (*PRUNE) and (*SKIP) also disable this optimization.
+
+       When a capturing subpattern is repeated, the value captured is the sub-
+       string that matched the final iteration. For example, after
+
+         (tweedle[dume]{3}\s*)+
+
+       has matched "tweedledum tweedledee" the value of the captured substring
+       is "tweedledee". However, if there are  nested  capturing  subpatterns,
+       the  corresponding captured values may have been set in previous itera-
+       tions. For example, after
+
+         /(a|(b))+/
+
+       matches "aba" the value of the second captured substring is "b".
+
+
+ATOMIC GROUPING AND POSSESSIVE QUANTIFIERS
+
+       With both maximizing ("greedy") and minimizing ("ungreedy"  or  "lazy")
+       repetition,  failure  of what follows normally causes the repeated item
+       to be re-evaluated to see if a different number of repeats  allows  the
+       rest  of  the pattern to match. Sometimes it is useful to prevent this,
+       either to change the nature of the match, or to cause it  fail  earlier
+       than  it otherwise might, when the author of the pattern knows there is
+       no point in carrying on.
+
+       Consider, for example, the pattern \d+foo when applied to  the  subject
+       line
+
+         123456bar
+
+       After matching all 6 digits and then failing to match "foo", the normal
+       action of the matcher is to try again with only 5 digits  matching  the
+       \d+  item,  and  then  with  4,  and  so on, before ultimately failing.
+       "Atomic grouping" (a term taken from Jeffrey  Friedl's  book)  provides
+       the  means for specifying that once a subpattern has matched, it is not
+       to be re-evaluated in this way.
+
+       If we use atomic grouping for the previous example, the  matcher  gives
+       up  immediately  on failing to match "foo" the first time. The notation
+       is a kind of special parenthesis, starting with (?> as in this example:
+
+         (?>\d+)foo
+
+       This kind of parenthesis "locks up" the  part of the  pattern  it  con-
+       tains  once  it  has matched, and a failure further into the pattern is
+       prevented from backtracking into it. Backtracking past it  to  previous
+       items, however, works as normal.
+
+       An  alternative  description  is that a subpattern of this type matches
+       the string of characters that an  identical  standalone  pattern  would
+       match, if anchored at the current point in the subject string.
+
+       Atomic grouping subpatterns are not capturing subpatterns. Simple cases
+       such as the above example can be thought of as a maximizing repeat that
+       must  swallow  everything  it can. So, while both \d+ and \d+? are pre-
+       pared to adjust the number of digits they match in order  to  make  the
+       rest of the pattern match, (?>\d+) can only match an entire sequence of
+       digits.
+
+       Atomic groups in general can of course contain arbitrarily  complicated
+       subpatterns,  and  can  be  nested. However, when the subpattern for an
+       atomic group is just a single repeated item, as in the example above, a
+       simpler  notation,  called  a "possessive quantifier" can be used. This
+       consists of an additional + character  following  a  quantifier.  Using
+       this notation, the previous example can be rewritten as
+
+         \d++foo
+
+       Note that a possessive quantifier can be used with an entire group, for
+       example:
+
+         (abc|xyz){2,3}+
+
+       Possessive  quantifiers  are  always  greedy;  the   setting   of   the
+       PCRE_UNGREEDY option is ignored. They are a convenient notation for the
+       simpler forms of atomic group. However, there is no difference  in  the
+       meaning  of  a  possessive  quantifier and the equivalent atomic group,
+       though there may be a performance  difference;  possessive  quantifiers
+       should be slightly faster.
+
+       The  possessive  quantifier syntax is an extension to the Perl 5.8 syn-
+       tax.  Jeffrey Friedl originated the idea (and the name)  in  the  first
+       edition of his book. Mike McCloskey liked it, so implemented it when he
+       built Sun's Java package, and PCRE copied it from there. It  ultimately
+       found its way into Perl at release 5.10.
+
+       PCRE has an optimization that automatically "possessifies" certain sim-
+       ple pattern constructs. For example, the sequence  A+B  is  treated  as
+       A++B  because  there is no point in backtracking into a sequence of A's
+       when B must follow.
+
+       When a pattern contains an unlimited repeat inside  a  subpattern  that
+       can  itself  be  repeated  an  unlimited number of times, the use of an
+       atomic group is the only way to avoid some  failing  matches  taking  a
+       very long time indeed. The pattern
+
+         (\D+|<\d+>)*[!?]
+
+       matches  an  unlimited number of substrings that either consist of non-
+       digits, or digits enclosed in <>, followed by either ! or  ?.  When  it
+       matches, it runs quickly. However, if it is applied to
+
+         aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa
+
+       it  takes  a  long  time  before reporting failure. This is because the
+       string can be divided between the internal \D+ repeat and the  external
+       *  repeat  in  a  large  number of ways, and all have to be tried. (The
+       example uses [!?] rather than a single character at  the  end,  because
+       both  PCRE  and  Perl have an optimization that allows for fast failure
+       when a single character is used. They remember the last single  charac-
+       ter  that  is required for a match, and fail early if it is not present
+       in the string.) If the pattern is changed so that  it  uses  an  atomic
+       group, like this:
+
+         ((?>\D+)|<\d+>)*[!?]
+
+       sequences of non-digits cannot be broken, and failure happens quickly.
+
+
+BACK REFERENCES
+
+       Outside a character class, a backslash followed by a digit greater than
+       0 (and possibly further digits) is a back reference to a capturing sub-
+       pattern  earlier  (that is, to its left) in the pattern, provided there
+       have been that many previous capturing left parentheses.
+
+       However, if the decimal number following the backslash is less than 10,
+       it  is  always  taken  as a back reference, and causes an error only if
+       there are not that many capturing left parentheses in the  entire  pat-
+       tern.  In  other words, the parentheses that are referenced need not be
+       to the left of the reference for numbers less than 10. A "forward  back
+       reference"  of  this  type can make sense when a repetition is involved
+       and the subpattern to the right has participated in an  earlier  itera-
+       tion.
+
+       It  is  not  possible to have a numerical "forward back reference" to a
+       subpattern whose number is 10 or  more  using  this  syntax  because  a
+       sequence  such  as  \50 is interpreted as a character defined in octal.
+       See the subsection entitled "Non-printing characters" above for further
+       details  of  the  handling of digits following a backslash. There is no
+       such problem when named parentheses are used. A back reference  to  any
+       subpattern is possible using named parentheses (see below).
+
+       Another  way  of  avoiding  the ambiguity inherent in the use of digits
+       following a backslash is to use the \g  escape  sequence.  This  escape
+       must be followed by an unsigned number or a negative number, optionally
+       enclosed in braces. These examples are all identical:
+
+         (ring), \1
+         (ring), \g1
+         (ring), \g{1}
+
+       An unsigned number specifies an absolute reference without the  ambigu-
+       ity that is present in the older syntax. It is also useful when literal
+       digits follow the reference. A negative number is a relative reference.
+       Consider this example:
+
+         (abc(def)ghi)\g{-1}
+
+       The sequence \g{-1} is a reference to the most recently started captur-
+       ing subpattern before \g, that is, is it equivalent to \2 in this exam-
+       ple.   Similarly, \g{-2} would be equivalent to \1. The use of relative
+       references can be helpful in long patterns, and also in  patterns  that
+       are  created  by  joining  together  fragments  that contain references
+       within themselves.
+
+       A back reference matches whatever actually matched the  capturing  sub-
+       pattern  in  the  current subject string, rather than anything matching
+       the subpattern itself (see "Subpatterns as subroutines" below for a way
+       of doing that). So the pattern
+
+         (sens|respons)e and \1ibility
+
+       matches  "sense and sensibility" and "response and responsibility", but
+       not "sense and responsibility". If caseful matching is in force at  the
+       time  of the back reference, the case of letters is relevant. For exam-
+       ple,
+
+         ((?i)rah)\s+\1
+
+       matches "rah rah" and "RAH RAH", but not "RAH  rah",  even  though  the
+       original capturing subpattern is matched caselessly.
+
+       There  are  several  different ways of writing back references to named
+       subpatterns. The .NET syntax \k{name} and the Perl syntax  \k<name>  or
+       \k'name'  are supported, as is the Python syntax (?P=name). Perl 5.10's
+       unified back reference syntax, in which \g can be used for both numeric
+       and  named  references,  is  also supported. We could rewrite the above
+       example in any of the following ways:
+
+         (?<p1>(?i)rah)\s+\k<p1>
+         (?'p1'(?i)rah)\s+\k{p1}
+         (?P<p1>(?i)rah)\s+(?P=p1)
+         (?<p1>(?i)rah)\s+\g{p1}
+
+       A subpattern that is referenced by  name  may  appear  in  the  pattern
+       before or after the reference.
+
+       There  may be more than one back reference to the same subpattern. If a
+       subpattern has not actually been used in a particular match,  any  back
+       references to it always fail by default. For example, the pattern
+
+         (a|(bc))\2
+
+       always  fails  if  it starts to match "a" rather than "bc". However, if
+       the PCRE_JAVASCRIPT_COMPAT option is set at compile time, a back refer-
+       ence to an unset value matches an empty string.
+
+       Because  there may be many capturing parentheses in a pattern, all dig-
+       its following a backslash are taken as part of a potential back  refer-
+       ence  number.   If  the  pattern continues with a digit character, some
+       delimiter must  be  used  to  terminate  the  back  reference.  If  the
+       PCRE_EXTENDED  option  is  set, this can be white space. Otherwise, the
+       \g{ syntax or an empty comment (see "Comments" below) can be used.
+
+   Recursive back references
+
+       A back reference that occurs inside the parentheses to which it  refers
+       fails  when  the subpattern is first used, so, for example, (a\1) never
+       matches.  However, such references can be useful inside  repeated  sub-
+       patterns. For example, the pattern
+
+         (a|b\1)+
+
+       matches any number of "a"s and also "aba", "ababbaa" etc. At each iter-
+       ation of the subpattern,  the  back  reference  matches  the  character
+       string  corresponding  to  the previous iteration. In order for this to
+       work, the pattern must be such that the first iteration does  not  need
+       to  match the back reference. This can be done using alternation, as in
+       the example above, or by a quantifier with a minimum of zero.
+
+       Back references of this type cause the group that they reference to  be
+       treated  as  an atomic group.  Once the whole group has been matched, a
+       subsequent matching failure cannot cause backtracking into  the  middle
+       of the group.
+
+
+ASSERTIONS
+
+       An  assertion  is  a  test on the characters following or preceding the
+       current matching point that does not actually consume  any  characters.
+       The  simple  assertions  coded  as  \b, \B, \A, \G, \Z, \z, ^ and $ are
+       described above.
+
+       More complicated assertions are coded as  subpatterns.  There  are  two
+       kinds:  those  that  look  ahead of the current position in the subject
+       string, and those that look  behind  it.  An  assertion  subpattern  is
+       matched  in  the  normal way, except that it does not cause the current
+       matching position to be changed.
+
+       Assertion subpatterns are not capturing subpatterns. If such an  asser-
+       tion  contains  capturing  subpatterns within it, these are counted for
+       the purposes of numbering the capturing subpatterns in the  whole  pat-
+       tern.  However,  substring  capturing  is carried out only for positive
+       assertions. (Perl sometimes, but not always, does do capturing in nega-
+       tive assertions.)
+
+       WARNING:  If a positive assertion containing one or more capturing sub-
+       patterns succeeds, but failure to match later  in  the  pattern  causes
+       backtracking over this assertion, the captures within the assertion are
+       reset only if no higher numbered captures are  already  set.  This  is,
+       unfortunately,  a fundamental limitation of the current implementation,
+       and as PCRE1 is now in maintenance-only status, it is unlikely ever  to
+       change.
+
+       For  compatibility  with  Perl,  assertion subpatterns may be repeated;
+       though it makes no sense to assert the same thing  several  times,  the
+       side  effect  of  capturing  parentheses may occasionally be useful. In
+       practice, there only three cases:
+
+       (1) If the quantifier is {0}, the  assertion  is  never  obeyed  during
+       matching.   However,  it  may  contain internal capturing parenthesized
+       groups that are called from elsewhere via the subroutine mechanism.
+
+       (2) If quantifier is {0,n} where n is greater than zero, it is  treated
+       as  if  it  were  {0,1}.  At run time, the rest of the pattern match is
+       tried with and without the assertion, the order depending on the greed-
+       iness of the quantifier.
+
+       (3)  If  the minimum repetition is greater than zero, the quantifier is
+       ignored.  The assertion is obeyed just  once  when  encountered  during
+       matching.
+
+   Lookahead assertions
+
+       Lookahead assertions start with (?= for positive assertions and (?! for
+       negative assertions. For example,
+
+         \w+(?=;)
+
+       matches a word followed by a semicolon, but does not include the  semi-
+       colon in the match, and
+
+         foo(?!bar)
+
+       matches  any  occurrence  of  "foo" that is not followed by "bar". Note
+       that the apparently similar pattern
+
+         (?!foo)bar
+
+       does not find an occurrence of "bar"  that  is  preceded  by  something
+       other  than "foo"; it finds any occurrence of "bar" whatsoever, because
+       the assertion (?!foo) is always true when the next three characters are
+       "bar". A lookbehind assertion is needed to achieve the other effect.
+
+       If you want to force a matching failure at some point in a pattern, the
+       most convenient way to do it is  with  (?!)  because  an  empty  string
+       always  matches, so an assertion that requires there not to be an empty
+       string must always fail.  The backtracking control verb (*FAIL) or (*F)
+       is a synonym for (?!).
+
+   Lookbehind assertions
+
+       Lookbehind  assertions start with (?<= for positive assertions and (?<!
+       for negative assertions. For example,
+
+         (?<!foo)bar
+
+       does find an occurrence of "bar" that is not  preceded  by  "foo".  The
+       contents  of  a  lookbehind  assertion are restricted such that all the
+       strings it matches must have a fixed length. However, if there are sev-
+       eral  top-level  alternatives,  they  do  not all have to have the same
+       fixed length. Thus
+
+         (?<=bullock|donkey)
+
+       is permitted, but
+
+         (?<!dogs?|cats?)
+
+       causes an error at compile time. Branches that match  different  length
+       strings  are permitted only at the top level of a lookbehind assertion.
+       This is an extension compared with Perl, which requires all branches to
+       match the same length of string. An assertion such as
+
+         (?<=ab(c|de))
+
+       is  not  permitted,  because  its single top-level branch can match two
+       different lengths, but it is acceptable to PCRE if rewritten to use two
+       top-level branches:
+
+         (?<=abc|abde)
+
+       In  some  cases, the escape sequence \K (see above) can be used instead
+       of a lookbehind assertion to get round the fixed-length restriction.
+
+       The implementation of lookbehind assertions is, for  each  alternative,
+       to  temporarily  move the current position back by the fixed length and
+       then try to match. If there are insufficient characters before the cur-
+       rent position, the assertion fails.
+
+       In  a UTF mode, PCRE does not allow the \C escape (which matches a sin-
+       gle data unit even in a UTF mode) to appear in  lookbehind  assertions,
+       because  it  makes it impossible to calculate the length of the lookbe-
+       hind. The \X and \R escapes, which can match different numbers of  data
+       units, are also not permitted.
+
+       "Subroutine"  calls  (see below) such as (?2) or (?&X) are permitted in
+       lookbehinds, as long as the subpattern matches a  fixed-length  string.
+       Recursion, however, is not supported.
+
+       Possessive  quantifiers  can  be  used  in  conjunction with lookbehind
+       assertions to specify efficient matching of fixed-length strings at the
+       end of subject strings. Consider a simple pattern such as
+
+         abcd$
+
+       when  applied  to  a  long string that does not match. Because matching
+       proceeds from left to right, PCRE will look for each "a" in the subject
+       and  then  see  if what follows matches the rest of the pattern. If the
+       pattern is specified as
+
+         ^.*abcd$
+
+       the initial .* matches the entire string at first, but when this  fails
+       (because there is no following "a"), it backtracks to match all but the
+       last character, then all but the last two characters, and so  on.  Once
+       again  the search for "a" covers the entire string, from right to left,
+       so we are no better off. However, if the pattern is written as
+
+         ^.*+(?<=abcd)
+
+       there can be no backtracking for the .*+ item; it can  match  only  the
+       entire  string.  The subsequent lookbehind assertion does a single test
+       on the last four characters. If it fails, the match fails  immediately.
+       For  long  strings, this approach makes a significant difference to the
+       processing time.
+
+   Using multiple assertions
+
+       Several assertions (of any sort) may occur in succession. For example,
+
+         (?<=\d{3})(?<!999)foo
+
+       matches "foo" preceded by three digits that are not "999". Notice  that
+       each  of  the  assertions is applied independently at the same point in
+       the subject string. First there is a  check  that  the  previous  three
+       characters  are  all  digits,  and  then there is a check that the same
+       three characters are not "999".  This pattern does not match "foo" pre-
+       ceded  by  six  characters,  the first of which are digits and the last
+       three of which are not "999". For example, it  doesn't  match  "123abc-
+       foo". A pattern to do that is
+
+         (?<=\d{3}...)(?<!999)foo
+
+       This  time  the  first assertion looks at the preceding six characters,
+       checking that the first three are digits, and then the second assertion
+       checks that the preceding three characters are not "999".
+
+       Assertions can be nested in any combination. For example,
+
+         (?<=(?<!foo)bar)baz
+
+       matches  an occurrence of "baz" that is preceded by "bar" which in turn
+       is not preceded by "foo", while
+
+         (?<=\d{3}(?!999)...)foo
+
+       is another pattern that matches "foo" preceded by three digits and  any
+       three characters that are not "999".
+
+
+CONDITIONAL SUBPATTERNS
+
+       It  is possible to cause the matching process to obey a subpattern con-
+       ditionally or to choose between two alternative subpatterns,  depending
+       on  the result of an assertion, or whether a specific capturing subpat-
+       tern has already been matched. The two possible  forms  of  conditional
+       subpattern are:
+
+         (?(condition)yes-pattern)
+         (?(condition)yes-pattern|no-pattern)
+
+       If  the  condition is satisfied, the yes-pattern is used; otherwise the
+       no-pattern (if present) is used. If there are more  than  two  alterna-
+       tives  in  the subpattern, a compile-time error occurs. Each of the two
+       alternatives may itself contain nested subpatterns of any form, includ-
+       ing  conditional  subpatterns;  the  restriction  to  two  alternatives
+       applies only at the level of the condition. This pattern fragment is an
+       example where the alternatives are complex:
+
+         (?(1) (A|B|C) | (D | (?(2)E|F) | E) )
+
+
+       There  are  four  kinds of condition: references to subpatterns, refer-
+       ences to recursion, a pseudo-condition called DEFINE, and assertions.
+
+   Checking for a used subpattern by number
+
+       If the text between the parentheses consists of a sequence  of  digits,
+       the condition is true if a capturing subpattern of that number has pre-
+       viously matched. If there is more than one  capturing  subpattern  with
+       the  same  number  (see  the earlier section about duplicate subpattern
+       numbers), the condition is true if any of them have matched. An  alter-
+       native  notation is to precede the digits with a plus or minus sign. In
+       this case, the subpattern number is relative rather than absolute.  The
+       most  recently opened parentheses can be referenced by (?(-1), the next
+       most recent by (?(-2), and so on. Inside loops it can also  make  sense
+       to refer to subsequent groups. The next parentheses to be opened can be
+       referenced as (?(+1), and so on. (The value zero in any of these  forms
+       is not used; it provokes a compile-time error.)
+
+       Consider  the  following  pattern, which contains non-significant white
+       space to make it more readable (assume the PCRE_EXTENDED option) and to
+       divide it into three parts for ease of discussion:
+
+         ( \( )?    [^()]+    (?(1) \) )
+
+       The  first  part  matches  an optional opening parenthesis, and if that
+       character is present, sets it as the first captured substring. The sec-
+       ond  part  matches one or more characters that are not parentheses. The
+       third part is a conditional subpattern that tests whether  or  not  the
+       first  set  of  parentheses  matched.  If they did, that is, if subject
+       started with an opening parenthesis, the condition is true, and so  the
+       yes-pattern  is  executed and a closing parenthesis is required. Other-
+       wise, since no-pattern is not present, the subpattern matches  nothing.
+       In  other  words,  this  pattern matches a sequence of non-parentheses,
+       optionally enclosed in parentheses.
+
+       If you were embedding this pattern in a larger one,  you  could  use  a
+       relative reference:
+
+         ...other stuff... ( \( )?    [^()]+    (?(-1) \) ) ...
+
+       This  makes  the  fragment independent of the parentheses in the larger
+       pattern.
+
+   Checking for a used subpattern by name
+
+       Perl uses the syntax (?(<name>)...) or (?('name')...)  to  test  for  a
+       used  subpattern  by  name.  For compatibility with earlier versions of
+       PCRE, which had this facility before Perl, the syntax  (?(name)...)  is
+       also recognized.
+
+       Rewriting the above example to use a named subpattern gives this:
+
+         (?<OPEN> \( )?    [^()]+    (?(<OPEN>) \) )
+
+       If  the  name used in a condition of this kind is a duplicate, the test
+       is applied to all subpatterns of the same name, and is true if any  one
+       of them has matched.
+
+   Checking for pattern recursion
+
+       If the condition is the string (R), and there is no subpattern with the
+       name R, the condition is true if a recursive call to the whole  pattern
+       or any subpattern has been made. If digits or a name preceded by amper-
+       sand follow the letter R, for example:
+
+         (?(R3)...) or (?(R&name)...)
+
+       the condition is true if the most recent recursion is into a subpattern
+       whose number or name is given. This condition does not check the entire
+       recursion stack. If the name used in a condition  of  this  kind  is  a
+       duplicate, the test is applied to all subpatterns of the same name, and
+       is true if any one of them is the most recent recursion.
+
+       At "top level", all these recursion test  conditions  are  false.   The
+       syntax for recursive patterns is described below.
+
+   Defining subpatterns for use by reference only
+
+       If  the  condition  is  the string (DEFINE), and there is no subpattern
+       with the name DEFINE, the condition is  always  false.  In  this  case,
+       there  may  be  only  one  alternative  in the subpattern. It is always
+       skipped if control reaches this point  in  the  pattern;  the  idea  of
+       DEFINE  is that it can be used to define subroutines that can be refer-
+       enced from elsewhere. (The use of subroutines is described below.)  For
+       example,  a  pattern  to match an IPv4 address such as "192.168.23.245"
+       could be written like this (ignore white space and line breaks):
+
+         (?(DEFINE) (?<byte> 2[0-4]\d | 25[0-5] | 1\d\d | [1-9]?\d) )
+         \b (?&byte) (\.(?&byte)){3} \b
+
+       The first part of the pattern is a DEFINE group inside which a  another
+       group  named "byte" is defined. This matches an individual component of
+       an IPv4 address (a number less than 256). When  matching  takes  place,
+       this  part  of  the pattern is skipped because DEFINE acts like a false
+       condition. The rest of the pattern uses references to the  named  group
+       to  match the four dot-separated components of an IPv4 address, insist-
+       ing on a word boundary at each end.
+
+   Assertion conditions
+
+       If the condition is not in any of the above  formats,  it  must  be  an
+       assertion.   This may be a positive or negative lookahead or lookbehind
+       assertion. Consider  this  pattern,  again  containing  non-significant
+       white space, and with the two alternatives on the second line:
+
+         (?(?=[^a-z]*[a-z])
+         \d{2}-[a-z]{3}-\d{2}  |  \d{2}-\d{2}-\d{2} )
+
+       The  condition  is  a  positive  lookahead  assertion  that  matches an
+       optional sequence of non-letters followed by a letter. In other  words,
+       it  tests  for the presence of at least one letter in the subject. If a
+       letter is found, the subject is matched against the first  alternative;
+       otherwise  it  is  matched  against  the  second.  This pattern matches
+       strings in one of the two forms dd-aaa-dd or dd-dd-dd,  where  aaa  are
+       letters and dd are digits.
+
+
+COMMENTS
+
+       There are two ways of including comments in patterns that are processed
+       by PCRE. In both cases, the start of the comment must not be in a char-
+       acter class, nor in the middle of any other sequence of related charac-
+       ters such as (?: or a subpattern name or number.  The  characters  that
+       make up a comment play no part in the pattern matching.
+
+       The  sequence (?# marks the start of a comment that continues up to the
+       next closing parenthesis. Nested parentheses are not permitted. If  the
+       PCRE_EXTENDED option is set, an unescaped # character also introduces a
+       comment, which in this case continues to  immediately  after  the  next
+       newline  character  or character sequence in the pattern. Which charac-
+       ters are interpreted as newlines is controlled by the options passed to
+       a  compiling function or by a special sequence at the start of the pat-
+       tern, as described in the section entitled "Newline conventions" above.
+       Note that the end of this type of comment is a literal newline sequence
+       in the pattern; escape sequences that happen to represent a newline  do
+       not  count.  For  example,  consider this pattern when PCRE_EXTENDED is
+       set, and the default newline convention is in force:
+
+         abc #comment \n still comment
+
+       On encountering the # character, pcre_compile()  skips  along,  looking
+       for  a newline in the pattern. The sequence \n is still literal at this
+       stage, so it does not terminate the comment. Only an  actual  character
+       with the code value 0x0a (the default newline) does so.
+
+
+RECURSIVE PATTERNS
+
+       Consider  the problem of matching a string in parentheses, allowing for
+       unlimited nested parentheses. Without the use of  recursion,  the  best
+       that  can  be  done  is  to use a pattern that matches up to some fixed
+       depth of nesting. It is not possible to  handle  an  arbitrary  nesting
+       depth.
+
+       For some time, Perl has provided a facility that allows regular expres-
+       sions to recurse (amongst other things). It does this by  interpolating
+       Perl  code in the expression at run time, and the code can refer to the
+       expression itself. A Perl pattern using code interpolation to solve the
+       parentheses problem can be created like this:
+
+         $re = qr{\( (?: (?>[^()]+) | (?p{$re}) )* \)}x;
+
+       The (?p{...}) item interpolates Perl code at run time, and in this case
+       refers recursively to the pattern in which it appears.
+
+       Obviously, PCRE cannot support the interpolation of Perl code. Instead,
+       it  supports  special  syntax  for recursion of the entire pattern, and
+       also for individual subpattern recursion.  After  its  introduction  in
+       PCRE  and  Python,  this  kind of recursion was subsequently introduced
+       into Perl at release 5.10.
+
+       A special item that consists of (? followed by a  number  greater  than
+       zero  and  a  closing parenthesis is a recursive subroutine call of the
+       subpattern of the given number, provided that  it  occurs  inside  that
+       subpattern.  (If  not,  it is a non-recursive subroutine call, which is
+       described in the next section.) The special item  (?R)  or  (?0)  is  a
+       recursive call of the entire regular expression.
+
+       This  PCRE  pattern  solves  the nested parentheses problem (assume the
+       PCRE_EXTENDED option is set so that white space is ignored):
+
+         \( ( [^()]++ | (?R) )* \)
+
+       First it matches an opening parenthesis. Then it matches any number  of
+       substrings  which  can  either  be  a sequence of non-parentheses, or a
+       recursive match of the pattern itself (that is, a  correctly  parenthe-
+       sized substring).  Finally there is a closing parenthesis. Note the use
+       of a possessive quantifier to avoid backtracking into sequences of non-
+       parentheses.
+
+       If  this  were  part of a larger pattern, you would not want to recurse
+       the entire pattern, so instead you could use this:
+
+         ( \( ( [^()]++ | (?1) )* \) )
+
+       We have put the pattern into parentheses, and caused the  recursion  to
+       refer to them instead of the whole pattern.
+
+       In  a  larger  pattern,  keeping  track  of  parenthesis numbers can be
+       tricky. This is made easier by the use of relative references.  Instead
+       of (?1) in the pattern above you can write (?-2) to refer to the second
+       most recently opened parentheses  preceding  the  recursion.  In  other
+       words,  a  negative  number counts capturing parentheses leftwards from
+       the point at which it is encountered.
+
+       It is also possible to refer to  subsequently  opened  parentheses,  by
+       writing  references  such  as (?+2). However, these cannot be recursive
+       because the reference is not inside the  parentheses  that  are  refer-
+       enced.  They are always non-recursive subroutine calls, as described in
+       the next section.
+
+       An alternative approach is to use named parentheses instead.  The  Perl
+       syntax  for  this  is (?&name); PCRE's earlier syntax (?P>name) is also
+       supported. We could rewrite the above example as follows:
+
+         (?<pn> \( ( [^()]++ | (?&pn) )* \) )
+
+       If there is more than one subpattern with the same name,  the  earliest
+       one is used.
+
+       This  particular  example pattern that we have been looking at contains
+       nested unlimited repeats, and so the use of a possessive quantifier for
+       matching strings of non-parentheses is important when applying the pat-
+       tern to strings that do not match. For example, when  this  pattern  is
+       applied to
+
+         (aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa()
+
+       it  yields  "no  match" quickly. However, if a possessive quantifier is
+       not used, the match runs for a very long time indeed because there  are
+       so  many  different  ways the + and * repeats can carve up the subject,
+       and all have to be tested before failure can be reported.
+
+       At the end of a match, the values of capturing  parentheses  are  those
+       from  the outermost level. If you want to obtain intermediate values, a
+       callout function can be used (see below and the pcrecallout  documenta-
+       tion). If the pattern above is matched against
+
+         (ab(cd)ef)
+
+       the  value  for  the  inner capturing parentheses (numbered 2) is "ef",
+       which is the last value taken on at the top level. If a capturing  sub-
+       pattern  is  not  matched at the top level, its final captured value is
+       unset, even if it was (temporarily) set at a deeper  level  during  the
+       matching process.
+
+       If  there are more than 15 capturing parentheses in a pattern, PCRE has
+       to obtain extra memory to store data during a recursion, which it  does
+       by using pcre_malloc, freeing it via pcre_free afterwards. If no memory
+       can be obtained, the match fails with the PCRE_ERROR_NOMEMORY error.
+
+       Do not confuse the (?R) item with the condition (R),  which  tests  for
+       recursion.   Consider  this pattern, which matches text in angle brack-
+       ets, allowing for arbitrary nesting. Only digits are allowed in  nested
+       brackets  (that is, when recursing), whereas any characters are permit-
+       ted at the outer level.
+
+         < (?: (?(R) \d++  | [^<>]*+) | (?R)) * >
+
+       In this pattern, (?(R) is the start of a conditional  subpattern,  with
+       two  different  alternatives for the recursive and non-recursive cases.
+       The (?R) item is the actual recursive call.
+
+   Differences in recursion processing between PCRE and Perl
+
+       Recursion processing in PCRE differs from Perl in two  important  ways.
+       In  PCRE (like Python, but unlike Perl), a recursive subpattern call is
+       always treated as an atomic group. That is, once it has matched some of
+       the subject string, it is never re-entered, even if it contains untried
+       alternatives and there is a subsequent matching failure.  This  can  be
+       illustrated  by the following pattern, which purports to match a palin-
+       dromic string that contains an odd number of characters  (for  example,
+       "a", "aba", "abcba", "abcdcba"):
+
+         ^(.|(.)(?1)\2)$
+
+       The idea is that it either matches a single character, or two identical
+       characters surrounding a sub-palindrome. In Perl, this  pattern  works;
+       in  PCRE  it  does  not if the pattern is longer than three characters.
+       Consider the subject string "abcba":
+
+       At the top level, the first character is matched, but as it is  not  at
+       the end of the string, the first alternative fails; the second alterna-
+       tive is taken and the recursion kicks in. The recursive call to subpat-
+       tern  1  successfully  matches the next character ("b"). (Note that the
+       beginning and end of line tests are not part of the recursion).
+
+       Back at the top level, the next character ("c") is compared  with  what
+       subpattern  2 matched, which was "a". This fails. Because the recursion
+       is treated as an atomic group, there are now  no  backtracking  points,
+       and  so  the  entire  match fails. (Perl is able, at this point, to re-
+       enter the recursion and try the second alternative.)  However,  if  the
+       pattern is written with the alternatives in the other order, things are
+       different:
+
+         ^((.)(?1)\2|.)$
+
+       This time, the recursing alternative is tried first, and  continues  to
+       recurse  until  it runs out of characters, at which point the recursion
+       fails. But this time we do have  another  alternative  to  try  at  the
+       higher  level.  That  is  the  big difference: in the previous case the
+       remaining alternative is at a deeper recursion level, which PCRE cannot
+       use.
+
+       To  change  the pattern so that it matches all palindromic strings, not
+       just those with an odd number of characters, it is tempting  to  change
+       the pattern to this:
+
+         ^((.)(?1)\2|.?)$
+
+       Again,  this  works  in Perl, but not in PCRE, and for the same reason.
+       When a deeper recursion has matched a single character,  it  cannot  be
+       entered  again  in  order  to match an empty string. The solution is to
+       separate the two cases, and write out the odd and even cases as  alter-
+       natives at the higher level:
+
+         ^(?:((.)(?1)\2|)|((.)(?3)\4|.))
+
+       If  you  want  to match typical palindromic phrases, the pattern has to
+       ignore all non-word characters, which can be done like this:
+
+         ^\W*+(?:((.)\W*+(?1)\W*+\2|)|((.)\W*+(?3)\W*+\4|\W*+.\W*+))\W*+$
+
+       If run with the PCRE_CASELESS option, this pattern matches phrases such
+       as "A man, a plan, a canal: Panama!" and it works well in both PCRE and
+       Perl. Note the use of the possessive quantifier *+ to avoid  backtrack-
+       ing  into  sequences of non-word characters. Without this, PCRE takes a
+       great deal longer (ten times or more) to  match  typical  phrases,  and
+       Perl takes so long that you think it has gone into a loop.
+
+       WARNING:  The  palindrome-matching patterns above work only if the sub-
+       ject string does not start with a palindrome that is shorter  than  the
+       entire  string.  For example, although "abcba" is correctly matched, if
+       the subject is "ababa", PCRE finds the palindrome "aba" at  the  start,
+       then  fails at top level because the end of the string does not follow.
+       Once again, it cannot jump back into the recursion to try other  alter-
+       natives, so the entire match fails.
+
+       The  second  way  in which PCRE and Perl differ in their recursion pro-
+       cessing is in the handling of captured values. In Perl, when a  subpat-
+       tern  is  called recursively or as a subpattern (see the next section),
+       it has no access to any values that were captured  outside  the  recur-
+       sion,  whereas  in  PCRE  these values can be referenced. Consider this
+       pattern:
+
+         ^(.)(\1|a(?2))
+
+       In PCRE, this pattern matches "bab". The  first  capturing  parentheses
+       match  "b",  then in the second group, when the back reference \1 fails
+       to match "b", the second alternative matches "a" and then recurses.  In
+       the  recursion,  \1 does now match "b" and so the whole match succeeds.
+       In Perl, the pattern fails to match because inside the  recursive  call
+       \1 cannot access the externally set value.
+
+
+SUBPATTERNS AS SUBROUTINES
+
+       If  the  syntax for a recursive subpattern call (either by number or by
+       name) is used outside the parentheses to which it refers,  it  operates
+       like  a subroutine in a programming language. The called subpattern may
+       be defined before or after the reference. A numbered reference  can  be
+       absolute or relative, as in these examples:
+
+         (...(absolute)...)...(?2)...
+         (...(relative)...)...(?-1)...
+         (...(?+1)...(relative)...
+
+       An earlier example pointed out that the pattern
+
+         (sens|respons)e and \1ibility
+
+       matches  "sense and sensibility" and "response and responsibility", but
+       not "sense and responsibility". If instead the pattern
+
+         (sens|respons)e and (?1)ibility
+
+       is used, it does match "sense and responsibility" as well as the  other
+       two  strings.  Another  example  is  given  in the discussion of DEFINE
+       above.
+
+       All subroutine calls, whether recursive or not, are always  treated  as
+       atomic  groups. That is, once a subroutine has matched some of the sub-
+       ject string, it is never re-entered, even if it contains untried alter-
+       natives  and  there  is  a  subsequent  matching failure. Any capturing
+       parentheses that are set during the subroutine  call  revert  to  their
+       previous values afterwards.
+
+       Processing  options  such as case-independence are fixed when a subpat-
+       tern is defined, so if it is used as a subroutine, such options  cannot
+       be changed for different calls. For example, consider this pattern:
+
+         (abc)(?i:(?-1))
+
+       It  matches  "abcabc". It does not match "abcABC" because the change of
+       processing option does not affect the called subpattern.
+
+
+ONIGURUMA SUBROUTINE SYNTAX
+
+       For compatibility with Oniguruma, the non-Perl syntax \g followed by  a
+       name or a number enclosed either in angle brackets or single quotes, is
+       an alternative syntax for referencing a  subpattern  as  a  subroutine,
+       possibly  recursively. Here are two of the examples used above, rewrit-
+       ten using this syntax:
+
+         (?<pn> \( ( (?>[^()]+) | \g<pn> )* \) )
+         (sens|respons)e and \g'1'ibility
+
+       PCRE supports an extension to Oniguruma: if a number is preceded  by  a
+       plus or a minus sign it is taken as a relative reference. For example:
+
+         (abc)(?i:\g<-1>)
+
+       Note  that \g{...} (Perl syntax) and \g<...> (Oniguruma syntax) are not
+       synonymous. The former is a back reference; the latter is a  subroutine
+       call.
+
+
+CALLOUTS
+
+       Perl has a feature whereby using the sequence (?{...}) causes arbitrary
+       Perl code to be obeyed in the middle of matching a regular  expression.
+       This makes it possible, amongst other things, to extract different sub-
+       strings that match the same pair of parentheses when there is a repeti-
+       tion.
+
+       PCRE provides a similar feature, but of course it cannot obey arbitrary
+       Perl code. The feature is called "callout". The caller of PCRE provides
+       an  external function by putting its entry point in the global variable
+       pcre_callout (8-bit library) or pcre[16|32]_callout (16-bit  or  32-bit
+       library).   By default, this variable contains NULL, which disables all
+       calling out.
+
+       Within a regular expression, (?C) indicates the  points  at  which  the
+       external  function  is  to be called. If you want to identify different
+       callout points, you can put a number less than 256 after the letter  C.
+       The  default  value is zero.  For example, this pattern has two callout
+       points:
+
+         (?C1)abc(?C2)def
+
+       If the PCRE_AUTO_CALLOUT flag is passed to a compiling function,  call-
+       outs  are automatically installed before each item in the pattern. They
+       are all numbered 255. If there is a conditional group  in  the  pattern
+       whose condition is an assertion, an additional callout is inserted just
+       before the condition. An explicit callout may also be set at this posi-
+       tion, as in this example:
+
+         (?(?C9)(?=a)abc|def)
+
+       Note that this applies only to assertion conditions, not to other types
+       of condition.
+
+       During matching, when PCRE reaches a callout point, the external  func-
+       tion  is  called.  It  is  provided with the number of the callout, the
+       position in the pattern, and, optionally, one item of  data  originally
+       supplied  by  the caller of the matching function. The callout function
+       may cause matching to proceed, to backtrack, or to fail altogether.
+
+       By default, PCRE implements a number of optimizations at  compile  time
+       and  matching  time, and one side-effect is that sometimes callouts are
+       skipped. If you need all possible callouts to happen, you need  to  set
+       options  that  disable  the relevant optimizations. More details, and a
+       complete description of the interface  to  the  callout  function,  are
+       given in the pcrecallout documentation.
+
+
+BACKTRACKING CONTROL
+
+       Perl  5.10 introduced a number of "Special Backtracking Control Verbs",
+       which are still described in the Perl  documentation  as  "experimental
+       and  subject to change or removal in a future version of Perl". It goes
+       on to say: "Their usage in production code should  be  noted  to  avoid
+       problems  during upgrades." The same remarks apply to the PCRE features
+       described in this section.
+
+       The new verbs make use of what was previously invalid syntax: an  open-
+       ing parenthesis followed by an asterisk. They are generally of the form
+       (*VERB) or (*VERB:NAME). Some may take either form,  possibly  behaving
+       differently  depending  on  whether or not a name is present. A name is
+       any sequence of characters that does not include a closing parenthesis.
+       The maximum length of name is 255 in the 8-bit library and 65535 in the
+       16-bit and 32-bit libraries. If the name is  empty,  that  is,  if  the
+       closing  parenthesis immediately follows the colon, the effect is as if
+       the colon were not there.  Any number of these verbs  may  occur  in  a
+       pattern.
+
+       Since  these  verbs  are  specifically related to backtracking, most of
+       them can be used only when the pattern is to be matched  using  one  of
+       the  traditional  matching  functions, because these use a backtracking
+       algorithm. With the exception of (*FAIL), which behaves like a  failing
+       negative  assertion,  the  backtracking control verbs cause an error if
+       encountered by a DFA matching function.
+
+       The behaviour of these verbs in repeated  groups,  assertions,  and  in
+       subpatterns called as subroutines (whether or not recursively) is docu-
+       mented below.
+
+   Optimizations that affect backtracking verbs
+
+       PCRE contains some optimizations that are used to speed up matching  by
+       running some checks at the start of each match attempt. For example, it
+       may know the minimum length of matching subject, or that  a  particular
+       character must be present. When one of these optimizations bypasses the
+       running of a match,  any  included  backtracking  verbs  will  not,  of
+       course, be processed. You can suppress the start-of-match optimizations
+       by setting the PCRE_NO_START_OPTIMIZE  option  when  calling  pcre_com-
+       pile() or pcre_exec(), or by starting the pattern with (*NO_START_OPT).
+       There is more discussion of this option in the section entitled "Option
+       bits for pcre_exec()" in the pcreapi documentation.
+
+       Experiments  with  Perl  suggest that it too has similar optimizations,
+       sometimes leading to anomalous results.
+
+   Verbs that act immediately
+
+       The following verbs act as soon as they are encountered. They  may  not
+       be followed by a name.
+
+          (*ACCEPT)
+
+       This  verb causes the match to end successfully, skipping the remainder
+       of the pattern. However, when it is inside a subpattern that is  called
+       as  a  subroutine, only that subpattern is ended successfully. Matching
+       then continues at the outer level. If (*ACCEPT) in triggered in a posi-
+       tive  assertion,  the  assertion succeeds; in a negative assertion, the
+       assertion fails.
+
+       If (*ACCEPT) is inside capturing parentheses, the data so far  is  cap-
+       tured. For example:
+
+         A((?:A|B(*ACCEPT)|C)D)
+
+       This  matches  "AB", "AAD", or "ACD"; when it matches "AB", "B" is cap-
+       tured by the outer parentheses.
+
+         (*FAIL) or (*F)
+
+       This verb causes a matching failure, forcing backtracking to occur.  It
+       is  equivalent to (?!) but easier to read. The Perl documentation notes
+       that it is probably useful only when combined  with  (?{})  or  (??{}).
+       Those  are,  of course, Perl features that are not present in PCRE. The
+       nearest equivalent is the callout feature, as for example in this  pat-
+       tern:
+
+         a+(?C)(*FAIL)
+
+       A  match  with the string "aaaa" always fails, but the callout is taken
+       before each backtrack happens (in this example, 10 times).
+
+   Recording which path was taken
+
+       There is one verb whose main purpose  is  to  track  how  a  match  was
+       arrived  at,  though  it  also  has a secondary use in conjunction with
+       advancing the match starting point (see (*SKIP) below).
+
+         (*MARK:NAME) or (*:NAME)
+
+       A name is always  required  with  this  verb.  There  may  be  as  many
+       instances  of  (*MARK) as you like in a pattern, and their names do not
+       have to be unique.
+
+       When a match succeeds, the name of the  last-encountered  (*MARK:NAME),
+       (*PRUNE:NAME),  or  (*THEN:NAME) on the matching path is passed back to
+       the caller as  described  in  the  section  entitled  "Extra  data  for
+       pcre_exec()"  in  the  pcreapi  documentation.  Here  is  an example of
+       pcretest output, where the /K modifier requests the retrieval and  out-
+       putting of (*MARK) data:
+
+           re> /X(*MARK:A)Y|X(*MARK:B)Z/K
+         data> XY
+          0: XY
+         MK: A
+         XZ
+          0: XZ
+         MK: B
+
+       The (*MARK) name is tagged with "MK:" in this output, and in this exam-
+       ple it indicates which of the two alternatives matched. This is a  more
+       efficient  way of obtaining this information than putting each alterna-
+       tive in its own capturing parentheses.
+
+       If a verb with a name is encountered in a positive  assertion  that  is
+       true,  the  name  is recorded and passed back if it is the last-encoun-
+       tered. This does not happen for negative assertions or failing positive
+       assertions.
+
+       After  a  partial match or a failed match, the last encountered name in
+       the entire match process is returned. For example:
+
+           re> /X(*MARK:A)Y|X(*MARK:B)Z/K
+         data> XP
+         No match, mark = B
+
+       Note that in this unanchored example the  mark  is  retained  from  the
+       match attempt that started at the letter "X" in the subject. Subsequent
+       match attempts starting at "P" and then with an empty string do not get
+       as far as the (*MARK) item, but nevertheless do not reset it.
+
+       If  you  are  interested  in  (*MARK)  values after failed matches, you
+       should probably set the PCRE_NO_START_OPTIMIZE option  (see  above)  to
+       ensure that the match is always attempted.
+
+   Verbs that act after backtracking
+
+       The following verbs do nothing when they are encountered. Matching con-
+       tinues with what follows, but if there is no subsequent match,  causing
+       a  backtrack  to  the  verb, a failure is forced. That is, backtracking
+       cannot pass to the left of the verb. However, when one of  these  verbs
+       appears inside an atomic group or an assertion that is true, its effect
+       is confined to that group, because once the  group  has  been  matched,
+       there  is never any backtracking into it. In this situation, backtrack-
+       ing can "jump back" to the left of the entire atomic  group  or  asser-
+       tion.  (Remember  also,  as  stated  above, that this localization also
+       applies in subroutine calls.)
+
+       These verbs differ in exactly what kind of failure  occurs  when  back-
+       tracking  reaches  them.  The behaviour described below is what happens
+       when the verb is not in a subroutine or an assertion.  Subsequent  sec-
+       tions cover these special cases.
+
+         (*COMMIT)
+
+       This  verb, which may not be followed by a name, causes the whole match
+       to fail outright if there is a later matching failure that causes back-
+       tracking  to  reach  it.  Even if the pattern is unanchored, no further
+       attempts to find a match by advancing the starting point take place. If
+       (*COMMIT)  is  the  only backtracking verb that is encountered, once it
+       has been passed pcre_exec() is committed to finding a match at the cur-
+       rent starting point, or not at all. For example:
+
+         a+(*COMMIT)b
+
+       This  matches  "xxaab" but not "aacaab". It can be thought of as a kind
+       of dynamic anchor, or "I've started, so I must finish." The name of the
+       most  recently passed (*MARK) in the path is passed back when (*COMMIT)
+       forces a match failure.
+
+       If there is more than one backtracking verb in a pattern,  a  different
+       one  that  follows  (*COMMIT) may be triggered first, so merely passing
+       (*COMMIT) during a match does not always guarantee that a match must be
+       at this starting point.
+
+       Note  that  (*COMMIT)  at  the start of a pattern is not the same as an
+       anchor, unless PCRE's start-of-match optimizations are turned  off,  as
+       shown in this output from pcretest:
+
+           re> /(*COMMIT)abc/
+         data> xyzabc
+          0: abc
+         data> xyzabc\Y
+         No match
+
+       For this pattern, PCRE knows that any match must start with "a", so the
+       optimization skips along the subject to "a" before applying the pattern
+       to  the first set of data. The match attempt then succeeds. In the sec-
+       ond set of data, the escape sequence \Y is interpreted by the  pcretest
+       program.  It  causes  the  PCRE_NO_START_OPTIMIZE option to be set when
+       pcre_exec() is called.  This disables the optimization that skips along
+       to the first character. The pattern is now applied starting at "x", and
+       so the (*COMMIT) causes the match to  fail  without  trying  any  other
+       starting points.
+
+         (*PRUNE) or (*PRUNE:NAME)
+
+       This  verb causes the match to fail at the current starting position in
+       the subject if there is a later matching failure that causes backtrack-
+       ing  to  reach it. If the pattern is unanchored, the normal "bumpalong"
+       advance to the next starting character then happens.  Backtracking  can
+       occur  as  usual to the left of (*PRUNE), before it is reached, or when
+       matching to the right of (*PRUNE), but if there  is  no  match  to  the
+       right,  backtracking cannot cross (*PRUNE). In simple cases, the use of
+       (*PRUNE) is just an alternative to an atomic group or possessive  quan-
+       tifier, but there are some uses of (*PRUNE) that cannot be expressed in
+       any other way. In an anchored pattern (*PRUNE) has the same  effect  as
+       (*COMMIT).
+
+       The   behaviour   of   (*PRUNE:NAME)   is   the   not   the   same   as
+       (*MARK:NAME)(*PRUNE).  It is like (*MARK:NAME)  in  that  the  name  is
+       remembered  for  passing  back  to  the  caller.  However, (*SKIP:NAME)
+       searches only for names set with (*MARK).
+
+         (*SKIP)
+
+       This verb, when given without a name, is like (*PRUNE), except that  if
+       the  pattern  is unanchored, the "bumpalong" advance is not to the next
+       character, but to the position in the subject where (*SKIP) was encoun-
+       tered.  (*SKIP)  signifies that whatever text was matched leading up to
+       it cannot be part of a successful match. Consider:
+
+         a+(*SKIP)b
+
+       If the subject is "aaaac...",  after  the  first  match  attempt  fails
+       (starting  at  the  first  character in the string), the starting point
+       skips on to start the next attempt at "c". Note that a possessive quan-
+       tifer  does not have the same effect as this example; although it would
+       suppress backtracking  during  the  first  match  attempt,  the  second
+       attempt  would  start at the second character instead of skipping on to
+       "c".
+
+         (*SKIP:NAME)
+
+       When (*SKIP) has an associated name, its behaviour is modified. When it
+       is triggered, the previous path through the pattern is searched for the
+       most recent (*MARK) that has the  same  name.  If  one  is  found,  the
+       "bumpalong" advance is to the subject position that corresponds to that
+       (*MARK) instead of to where (*SKIP) was encountered. If no (*MARK) with
+       a matching name is found, the (*SKIP) is ignored.
+
+       Note  that (*SKIP:NAME) searches only for names set by (*MARK:NAME). It
+       ignores names that are set by (*PRUNE:NAME) or (*THEN:NAME).
+
+         (*THEN) or (*THEN:NAME)
+
+       This verb causes a skip to the next innermost  alternative  when  back-
+       tracking  reaches  it.  That  is,  it  cancels any further backtracking
+       within the current alternative. Its name  comes  from  the  observation
+       that it can be used for a pattern-based if-then-else block:
+
+         ( COND1 (*THEN) FOO | COND2 (*THEN) BAR | COND3 (*THEN) BAZ ) ...
+
+       If  the COND1 pattern matches, FOO is tried (and possibly further items
+       after the end of the group if FOO succeeds); on  failure,  the  matcher
+       skips  to  the second alternative and tries COND2, without backtracking
+       into COND1. If that succeeds and BAR fails, COND3 is tried.  If  subse-
+       quently  BAZ fails, there are no more alternatives, so there is a back-
+       track to whatever came before the  entire  group.  If  (*THEN)  is  not
+       inside an alternation, it acts like (*PRUNE).
+
+       The    behaviour   of   (*THEN:NAME)   is   the   not   the   same   as
+       (*MARK:NAME)(*THEN).  It is like  (*MARK:NAME)  in  that  the  name  is
+       remembered  for  passing  back  to  the  caller.  However, (*SKIP:NAME)
+       searches only for names set with (*MARK).
+
+       A subpattern that does not contain a | character is just a part of  the
+       enclosing  alternative;  it  is  not a nested alternation with only one
+       alternative. The effect of (*THEN) extends beyond such a subpattern  to
+       the  enclosing alternative. Consider this pattern, where A, B, etc. are
+       complex pattern fragments that do not contain any | characters at  this
+       level:
+
+         A (B(*THEN)C) | D
+
+       If  A and B are matched, but there is a failure in C, matching does not
+       backtrack into A; instead it moves to the next alternative, that is, D.
+       However,  if the subpattern containing (*THEN) is given an alternative,
+       it behaves differently:
+
+         A (B(*THEN)C | (*FAIL)) | D
+
+       The effect of (*THEN) is now confined to the inner subpattern. After  a
+       failure in C, matching moves to (*FAIL), which causes the whole subpat-
+       tern to fail because there are no more alternatives  to  try.  In  this
+       case, matching does now backtrack into A.
+
+       Note  that  a  conditional  subpattern  is not considered as having two
+       alternatives, because only one is ever used.  In  other  words,  the  |
+       character in a conditional subpattern has a different meaning. Ignoring
+       white space, consider:
+
+         ^.*? (?(?=a) a | b(*THEN)c )
+
+       If the subject is "ba", this pattern does not  match.  Because  .*?  is
+       ungreedy,  it  initially  matches  zero characters. The condition (?=a)
+       then fails, the character "b" is matched,  but  "c"  is  not.  At  this
+       point,  matching does not backtrack to .*? as might perhaps be expected
+       from the presence of the | character.  The  conditional  subpattern  is
+       part of the single alternative that comprises the whole pattern, and so
+       the match fails. (If there was a backtrack into  .*?,  allowing  it  to
+       match "b", the match would succeed.)
+
+       The  verbs just described provide four different "strengths" of control
+       when subsequent matching fails. (*THEN) is the weakest, carrying on the
+       match  at  the next alternative. (*PRUNE) comes next, failing the match
+       at the current starting position, but allowing an advance to  the  next
+       character  (for an unanchored pattern). (*SKIP) is similar, except that
+       the advance may be more than one character. (*COMMIT) is the strongest,
+       causing the entire match to fail.
+
+   More than one backtracking verb
+
+       If  more  than  one  backtracking verb is present in a pattern, the one
+       that is backtracked onto first acts. For example,  consider  this  pat-
+       tern, where A, B, etc. are complex pattern fragments:
+
+         (A(*COMMIT)B(*THEN)C|ABD)
+
+       If  A matches but B fails, the backtrack to (*COMMIT) causes the entire
+       match to fail. However, if A and B match, but C fails, the backtrack to
+       (*THEN)  causes  the next alternative (ABD) to be tried. This behaviour
+       is consistent, but is not always the same as Perl's. It means  that  if
+       two  or  more backtracking verbs appear in succession, all the the last
+       of them has no effect. Consider this example:
+
+         ...(*COMMIT)(*PRUNE)...
+
+       If there is a matching failure to the right, backtracking onto (*PRUNE)
+       causes  it to be triggered, and its action is taken. There can never be
+       a backtrack onto (*COMMIT).
+
+   Backtracking verbs in repeated groups
+
+       PCRE differs from  Perl  in  its  handling  of  backtracking  verbs  in
+       repeated groups. For example, consider:
+
+         /(a(*COMMIT)b)+ac/
+
+       If  the  subject  is  "abac",  Perl matches, but PCRE fails because the
+       (*COMMIT) in the second repeat of the group acts.
+
+   Backtracking verbs in assertions
+
+       (*FAIL) in an assertion has its normal effect: it forces  an  immediate
+       backtrack.
+
+       (*ACCEPT) in a positive assertion causes the assertion to succeed with-
+       out any further processing. In a negative assertion,  (*ACCEPT)  causes
+       the assertion to fail without any further processing.
+
+       The  other  backtracking verbs are not treated specially if they appear
+       in a positive assertion. In  particular,  (*THEN)  skips  to  the  next
+       alternative  in  the  innermost  enclosing group that has alternations,
+       whether or not this is within the assertion.
+
+       Negative assertions are, however, different, in order  to  ensure  that
+       changing  a  positive  assertion  into a negative assertion changes its
+       result. Backtracking into (*COMMIT), (*SKIP), or (*PRUNE) causes a neg-
+       ative assertion to be true, without considering any further alternative
+       branches in the assertion.  Backtracking into (*THEN) causes it to skip
+       to  the next enclosing alternative within the assertion (the normal be-
+       haviour), but if the assertion  does  not  have  such  an  alternative,
+       (*THEN) behaves like (*PRUNE).
+
+   Backtracking verbs in subroutines
+
+       These  behaviours  occur whether or not the subpattern is called recur-
+       sively.  Perl's treatment of subroutines is different in some cases.
+
+       (*FAIL) in a subpattern called as a subroutine has its  normal  effect:
+       it forces an immediate backtrack.
+
+       (*ACCEPT)  in a subpattern called as a subroutine causes the subroutine
+       match to succeed without any further processing. Matching then  contin-
+       ues after the subroutine call.
+
+       (*COMMIT), (*SKIP), and (*PRUNE) in a subpattern called as a subroutine
+       cause the subroutine match to fail.
+
+       (*THEN) skips to the next alternative in the innermost enclosing  group
+       within  the subpattern that has alternatives. If there is no such group
+       within the subpattern, (*THEN) causes the subroutine match to fail.
+
+
+SEE ALSO
+
+       pcreapi(3), pcrecallout(3),  pcrematching(3),  pcresyntax(3),  pcre(3),
+       pcre16(3), pcre32(3).
+
+
+AUTHOR
+
+       Philip Hazel
+       University Computing Service
+       Cambridge CB2 3QH, England.
+
+
+REVISION
+
+       Last updated: 23 October 2016
+       Copyright (c) 1997-2016 University of Cambridge.
+------------------------------------------------------------------------------
+
+
+PCRESYNTAX(3)              Library Functions Manual              PCRESYNTAX(3)
+
+
+
+NAME
+       PCRE - Perl-compatible regular expressions
+
+PCRE REGULAR EXPRESSION SYNTAX SUMMARY
+
+       The  full syntax and semantics of the regular expressions that are sup-
+       ported by PCRE are described in  the  pcrepattern  documentation.  This
+       document contains a quick-reference summary of the syntax.
+
+
+QUOTING
+
+         \x         where x is non-alphanumeric is a literal x
+         \Q...\E    treat enclosed characters as literal
+
+
+CHARACTERS
+
+         \a         alarm, that is, the BEL character (hex 07)
+         \cx        "control-x", where x is any ASCII character
+         \e         escape (hex 1B)
+         \f         form feed (hex 0C)
+         \n         newline (hex 0A)
+         \r         carriage return (hex 0D)
+         \t         tab (hex 09)
+         \0dd       character with octal code 0dd
+         \ddd       character with octal code ddd, or backreference
+         \o{ddd..}  character with octal code ddd..
+         \xhh       character with hex code hh
+         \x{hhh..}  character with hex code hhh..
+
+       Note that \0dd is always an octal code, and that \8 and \9 are the lit-
+       eral characters "8" and "9".
+
+
+CHARACTER TYPES
+
+         .          any character except newline;
+                      in dotall mode, any character whatsoever
+         \C         one data unit, even in UTF mode (best avoided)
+         \d         a decimal digit
+         \D         a character that is not a decimal digit
+         \h         a horizontal white space character
+         \H         a character that is not a horizontal white space character
+         \N         a character that is not a newline
+         \p{xx}     a character with the xx property
+         \P{xx}     a character without the xx property
+         \R         a newline sequence
+         \s         a white space character
+         \S         a character that is not a white space character
+         \v         a vertical white space character
+         \V         a character that is not a vertical white space character
+         \w         a "word" character
+         \W         a "non-word" character
+         \X         a Unicode extended grapheme cluster
+
+       By default, \d, \s, and \w match only ASCII characters, even  in  UTF-8
+       mode  or  in  the 16- bit and 32-bit libraries. However, if locale-spe-
+       cific matching is happening, \s and \w may also match  characters  with
+       code  points  in  the range 128-255. If the PCRE_UCP option is set, the
+       behaviour of these escape sequences is changed to use  Unicode  proper-
+       ties and they match many more characters.
+
+
+GENERAL CATEGORY PROPERTIES FOR \p and \P
+
+         C          Other
+         Cc         Control
+         Cf         Format
+         Cn         Unassigned
+         Co         Private use
+         Cs         Surrogate
+
+         L          Letter
+         Ll         Lower case letter
+         Lm         Modifier letter
+         Lo         Other letter
+         Lt         Title case letter
+         Lu         Upper case letter
+         L&         Ll, Lu, or Lt
+
+         M          Mark
+         Mc         Spacing mark
+         Me         Enclosing mark
+         Mn         Non-spacing mark
+
+         N          Number
+         Nd         Decimal number
+         Nl         Letter number
+         No         Other number
+
+         P          Punctuation
+         Pc         Connector punctuation
+         Pd         Dash punctuation
+         Pe         Close punctuation
+         Pf         Final punctuation
+         Pi         Initial punctuation
+         Po         Other punctuation
+         Ps         Open punctuation
+
+         S          Symbol
+         Sc         Currency symbol
+         Sk         Modifier symbol
+         Sm         Mathematical symbol
+         So         Other symbol
+
+         Z          Separator
+         Zl         Line separator
+         Zp         Paragraph separator
+         Zs         Space separator
+
+
+PCRE SPECIAL CATEGORY PROPERTIES FOR \p and \P
+
+         Xan        Alphanumeric: union of properties L and N
+         Xps        POSIX space: property Z or tab, NL, VT, FF, CR
+         Xsp        Perl space: property Z or tab, NL, VT, FF, CR
+         Xuc        Univerally-named character: one that can be
+                      represented by a Universal Character Name
+         Xwd        Perl word: property Xan or underscore
+
+       Perl and POSIX space are now the same. Perl added VT to its space char-
+       acter set at release 5.18 and PCRE changed at release 8.34.
+
+
+SCRIPT NAMES FOR \p AND \P
+
+       Arabic, Armenian, Avestan, Balinese, Bamum, Bassa_Vah, Batak,  Bengali,
+       Bopomofo,  Brahmi,  Braille, Buginese, Buhid, Canadian_Aboriginal, Car-
+       ian, Caucasian_Albanian, Chakma, Cham, Cherokee, Common, Coptic, Cunei-
+       form, Cypriot, Cyrillic, Deseret, Devanagari, Duployan, Egyptian_Hiero-
+       glyphs,  Elbasan,  Ethiopic,  Georgian,  Glagolitic,  Gothic,  Grantha,
+       Greek,  Gujarati,  Gurmukhi,  Han,  Hangul,  Hanunoo, Hebrew, Hiragana,
+       Imperial_Aramaic,    Inherited,     Inscriptional_Pahlavi,     Inscrip-
+       tional_Parthian,   Javanese,   Kaithi,   Kannada,  Katakana,  Kayah_Li,
+       Kharoshthi, Khmer, Khojki, Khudawadi, Lao, Latin, Lepcha,  Limbu,  Lin-
+       ear_A,  Linear_B,  Lisu,  Lycian, Lydian, Mahajani, Malayalam, Mandaic,
+       Manichaean,     Meetei_Mayek,     Mende_Kikakui,      Meroitic_Cursive,
+       Meroitic_Hieroglyphs,  Miao,  Modi, Mongolian, Mro, Myanmar, Nabataean,
+       New_Tai_Lue,  Nko,  Ogham,  Ol_Chiki,  Old_Italic,   Old_North_Arabian,
+       Old_Permic, Old_Persian, Old_South_Arabian, Old_Turkic, Oriya, Osmanya,
+       Pahawh_Hmong,    Palmyrene,    Pau_Cin_Hau,    Phags_Pa,    Phoenician,
+       Psalter_Pahlavi,  Rejang,  Runic,  Samaritan, Saurashtra, Sharada, Sha-
+       vian, Siddham, Sinhala, Sora_Sompeng, Sundanese, Syloti_Nagri,  Syriac,
+       Tagalog,  Tagbanwa,  Tai_Le,  Tai_Tham, Tai_Viet, Takri, Tamil, Telugu,
+       Thaana, Thai, Tibetan, Tifinagh, Tirhuta, Ugaritic,  Vai,  Warang_Citi,
+       Yi.
+
+
+CHARACTER CLASSES
+
+         [...]       positive character class
+         [^...]      negative character class
+         [x-y]       range (can be used for hex characters)
+         [[:xxx:]]   positive POSIX named set
+         [[:^xxx:]]  negative POSIX named set
+
+         alnum       alphanumeric
+         alpha       alphabetic
+         ascii       0-127
+         blank       space or tab
+         cntrl       control character
+         digit       decimal digit
+         graph       printing, excluding space
+         lower       lower case letter
+         print       printing, including space
+         punct       printing, excluding alphanumeric
+         space       white space
+         upper       upper case letter
+         word        same as \w
+         xdigit      hexadecimal digit
+
+       In  PCRE,  POSIX character set names recognize only ASCII characters by
+       default, but some of them use Unicode properties if  PCRE_UCP  is  set.
+       You can use \Q...\E inside a character class.
+
+
+QUANTIFIERS
+
+         ?           0 or 1, greedy
+         ?+          0 or 1, possessive
+         ??          0 or 1, lazy
+         *           0 or more, greedy
+         *+          0 or more, possessive
+         *?          0 or more, lazy
+         +           1 or more, greedy
+         ++          1 or more, possessive
+         +?          1 or more, lazy
+         {n}         exactly n
+         {n,m}       at least n, no more than m, greedy
+         {n,m}+      at least n, no more than m, possessive
+         {n,m}?      at least n, no more than m, lazy
+         {n,}        n or more, greedy
+         {n,}+       n or more, possessive
+         {n,}?       n or more, lazy
+
+
+ANCHORS AND SIMPLE ASSERTIONS
+
+         \b          word boundary
+         \B          not a word boundary
+         ^           start of subject
+                      also after internal newline in multiline mode
+         \A          start of subject
+         $           end of subject
+                      also before newline at end of subject
+                      also before internal newline in multiline mode
+         \Z          end of subject
+                      also before newline at end of subject
+         \z          end of subject
+         \G          first matching position in subject
+
+
+MATCH POINT RESET
+
+         \K          reset start of match
+
+       \K is honoured in positive assertions, but ignored in negative ones.
+
+
+ALTERNATION
+
+         expr|expr|expr...
+
+
+CAPTURING
+
+         (...)           capturing group
+         (?<name>...)    named capturing group (Perl)
+         (?'name'...)    named capturing group (Perl)
+         (?P<name>...)   named capturing group (Python)
+         (?:...)         non-capturing group
+         (?|...)         non-capturing group; reset group numbers for
+                          capturing groups in each alternative
+
+
+ATOMIC GROUPS
+
+         (?>...)         atomic, non-capturing group
+
+
+COMMENT
+
+         (?#....)        comment (not nestable)
+
+
+OPTION SETTING
+
+         (?i)            caseless
+         (?J)            allow duplicate names
+         (?m)            multiline
+         (?s)            single line (dotall)
+         (?U)            default ungreedy (lazy)
+         (?x)            extended (ignore white space)
+         (?-...)         unset option(s)
+
+       The  following  are  recognized  only at the very start of a pattern or
+       after one of the newline or \R options with similar syntax.  More  than
+       one of them may appear.
+
+         (*LIMIT_MATCH=d) set the match limit to d (decimal number)
+         (*LIMIT_RECURSION=d) set the recursion limit to d (decimal number)
+         (*NO_AUTO_POSSESS) no auto-possessification (PCRE_NO_AUTO_POSSESS)
+         (*NO_START_OPT) no start-match optimization (PCRE_NO_START_OPTIMIZE)
+         (*UTF8)         set UTF-8 mode: 8-bit library (PCRE_UTF8)
+         (*UTF16)        set UTF-16 mode: 16-bit library (PCRE_UTF16)
+         (*UTF32)        set UTF-32 mode: 32-bit library (PCRE_UTF32)
+         (*UTF)          set appropriate UTF mode for the library in use
+         (*UCP)          set PCRE_UCP (use Unicode properties for \d etc)
+
+       Note  that LIMIT_MATCH and LIMIT_RECURSION can only reduce the value of
+       the limits set by the caller of pcre_exec(), not increase them.
+
+
+NEWLINE CONVENTION
+
+       These are recognized only at the very start of  the  pattern  or  after
+       option settings with a similar syntax.
+
+         (*CR)           carriage return only
+         (*LF)           linefeed only
+         (*CRLF)         carriage return followed by linefeed
+         (*ANYCRLF)      all three of the above
+         (*ANY)          any Unicode newline sequence
+
+
+WHAT \R MATCHES
+
+       These  are  recognized  only  at the very start of the pattern or after
+       option setting with a similar syntax.
+
+         (*BSR_ANYCRLF)  CR, LF, or CRLF
+         (*BSR_UNICODE)  any Unicode newline sequence
+
+
+LOOKAHEAD AND LOOKBEHIND ASSERTIONS
+
+         (?=...)         positive look ahead
+         (?!...)         negative look ahead
+         (?<=...)        positive look behind
+         (?<!...)        negative look behind
+
+       Each top-level branch of a look behind must be of a fixed length.
+
+
+BACKREFERENCES
+
+         \n              reference by number (can be ambiguous)
+         \gn             reference by number
+         \g{n}           reference by number
+         \g{-n}          relative reference by number
+         \k<name>        reference by name (Perl)
+         \k'name'        reference by name (Perl)
+         \g{name}        reference by name (Perl)
+         \k{name}        reference by name (.NET)
+         (?P=name)       reference by name (Python)
+
+
+SUBROUTINE REFERENCES (POSSIBLY RECURSIVE)
+
+         (?R)            recurse whole pattern
+         (?n)            call subpattern by absolute number
+         (?+n)           call subpattern by relative number
+         (?-n)           call subpattern by relative number
+         (?&name)        call subpattern by name (Perl)
+         (?P>name)       call subpattern by name (Python)
+         \g<name>        call subpattern by name (Oniguruma)
+         \g'name'        call subpattern by name (Oniguruma)
+         \g<n>           call subpattern by absolute number (Oniguruma)
+         \g'n'           call subpattern by absolute number (Oniguruma)
+         \g<+n>          call subpattern by relative number (PCRE extension)
+         \g'+n'          call subpattern by relative number (PCRE extension)
+         \g<-n>          call subpattern by relative number (PCRE extension)
+         \g'-n'          call subpattern by relative number (PCRE extension)
+
+
+CONDITIONAL PATTERNS
+
+         (?(condition)yes-pattern)
+         (?(condition)yes-pattern|no-pattern)
+
+         (?(n)...        absolute reference condition
+         (?(+n)...       relative reference condition
+         (?(-n)...       relative reference condition
+         (?(<name>)...   named reference condition (Perl)
+         (?('name')...   named reference condition (Perl)
+         (?(name)...     named reference condition (PCRE)
+         (?(R)...        overall recursion condition
+         (?(Rn)...       specific group recursion condition
+         (?(R&name)...   specific recursion condition
+         (?(DEFINE)...   define subpattern for reference
+         (?(assert)...   assertion condition
+
+
+BACKTRACKING CONTROL
+
+       The following act immediately they are reached:
+
+         (*ACCEPT)       force successful match
+         (*FAIL)         force backtrack; synonym (*F)
+         (*MARK:NAME)    set name to be passed back; synonym (*:NAME)
+
+       The following act only when a subsequent match failure causes  a  back-
+       track to reach them. They all force a match failure, but they differ in
+       what happens afterwards. Those that advance the start-of-match point do
+       so only if the pattern is not anchored.
+
+         (*COMMIT)       overall failure, no advance of starting point
+         (*PRUNE)        advance to next starting character
+         (*PRUNE:NAME)   equivalent to (*MARK:NAME)(*PRUNE)
+         (*SKIP)         advance to current matching position
+         (*SKIP:NAME)    advance to position corresponding to an earlier
+                         (*MARK:NAME); if not found, the (*SKIP) is ignored
+         (*THEN)         local failure, backtrack to next alternation
+         (*THEN:NAME)    equivalent to (*MARK:NAME)(*THEN)
+
+
+CALLOUTS
+
+         (?C)      callout
+         (?Cn)     callout with data n
+
+
+SEE ALSO
+
+       pcrepattern(3), pcreapi(3), pcrecallout(3), pcrematching(3), pcre(3).
+
+
+AUTHOR
+
+       Philip Hazel
+       University Computing Service
+       Cambridge CB2 3QH, England.
+
+
+REVISION
+
+       Last updated: 08 January 2014
+       Copyright (c) 1997-2014 University of Cambridge.
+------------------------------------------------------------------------------
+
+
+PCREUNICODE(3)             Library Functions Manual             PCREUNICODE(3)
+
+
+
+NAME
+       PCRE - Perl-compatible regular expressions
+
+UTF-8, UTF-16, UTF-32, AND UNICODE PROPERTY SUPPORT
+
+       As well as UTF-8 support, PCRE also supports UTF-16 (from release 8.30)
+       and UTF-32 (from release 8.32), by means of two  additional  libraries.
+       They can be built as well as, or instead of, the 8-bit library.
+
+
+UTF-8 SUPPORT
+
+       In  order  process  UTF-8  strings, you must build PCRE's 8-bit library
+       with UTF support, and, in addition, you must call  pcre_compile()  with
+       the  PCRE_UTF8 option flag, or the pattern must start with the sequence
+       (*UTF8) or (*UTF). When either of these is the case, both  the  pattern
+       and  any  subject  strings  that  are matched against it are treated as
+       UTF-8 strings instead of strings of individual 1-byte characters.
+
+
+UTF-16 AND UTF-32 SUPPORT
+
+       In order process UTF-16 or UTF-32 strings, you must build PCRE's 16-bit
+       or  32-bit  library  with  UTF support, and, in addition, you must call
+       pcre16_compile() or pcre32_compile() with the PCRE_UTF16 or  PCRE_UTF32
+       option flag, as appropriate. Alternatively, the pattern must start with
+       the sequence (*UTF16), (*UTF32), as appropriate, or (*UTF),  which  can
+       be used with either library. When UTF mode is set, both the pattern and
+       any subject strings that are matched against it are treated  as  UTF-16
+       or  UTF-32  strings  instead  of strings of individual 16-bit or 32-bit
+       characters.
+
+
+UTF SUPPORT OVERHEAD
+
+       If you compile PCRE with UTF support, but do not use it  at  run  time,
+       the  library will be a bit bigger, but the additional run time overhead
+       is limited to  testing  the  PCRE_UTF[8|16|32]  flag  occasionally,  so
+       should not be very big.
+
+
+UNICODE PROPERTY SUPPORT
+
+       If PCRE is built with Unicode character property support (which implies
+       UTF support), the escape sequences \p{..}, \P{..}, and \X can be  used.
+       The  available properties that can be tested are limited to the general
+       category properties such as Lu for an upper case letter  or  Nd  for  a
+       decimal number, the Unicode script names such as Arabic or Han, and the
+       derived properties Any and L&. Full lists is given in  the  pcrepattern
+       and  pcresyntax  documentation. Only the short names for properties are
+       supported. For example, \p{L}  matches  a  letter.  Its  Perl  synonym,
+       \p{Letter},  is  not  supported.  Furthermore, in Perl, many properties
+       may optionally be prefixed by "Is", for compatibility  with  Perl  5.6.
+       PCRE does not support this.
+
+   Validity of UTF-8 strings
+
+       When  you  set  the PCRE_UTF8 flag, the byte strings passed as patterns
+       and subjects are (by default) checked for validity on entry to the rel-
+       evant functions. The entire string is checked before any other process-
+       ing takes place. From release 7.3 of PCRE, the check is  according  the
+       rules of RFC 3629, which are themselves derived from the Unicode speci-
+       fication. Earlier releases of PCRE followed  the  rules  of  RFC  2279,
+       which  allows  the  full  range of 31-bit values (0 to 0x7FFFFFFF). The
+       current check allows only values in the range U+0 to U+10FFFF,  exclud-
+       ing  the  surrogate area. (From release 8.33 the so-called "non-charac-
+       ter" code points are no longer excluded because Unicode corrigendum  #9
+       makes it clear that they should not be.)
+
+       Characters  in  the "Surrogate Area" of Unicode are reserved for use by
+       UTF-16, where they are used in pairs to encode codepoints  with  values
+       greater  than  0xFFFF. The code points that are encoded by UTF-16 pairs
+       are available independently in the  UTF-8  and  UTF-32  encodings.  (In
+       other  words,  the  whole  surrogate  thing is a fudge for UTF-16 which
+       unfortunately messes up UTF-8 and UTF-32.)
+
+       If an invalid UTF-8 string is passed to PCRE, an error return is given.
+       At  compile  time, the only additional information is the offset to the
+       first byte of the failing character. The run-time functions pcre_exec()
+       and  pcre_dfa_exec() also pass back this information, as well as a more
+       detailed reason code if the caller has provided memory in which  to  do
+       this.
+
+       In  some  situations, you may already know that your strings are valid,
+       and therefore want to skip these checks in  order  to  improve  perfor-
+       mance,  for  example in the case of a long subject string that is being
+       scanned repeatedly.  If you set the PCRE_NO_UTF8_CHECK flag at  compile
+       time  or  at  run  time, PCRE assumes that the pattern or subject it is
+       given (respectively) contains only valid UTF-8 codes. In this case,  it
+       does not diagnose an invalid UTF-8 string.
+
+       Note  that  passing  PCRE_NO_UTF8_CHECK to pcre_compile() just disables
+       the check for the pattern; it does not also apply to  subject  strings.
+       If  you  want  to  disable the check for a subject string you must pass
+       this option to pcre_exec() or pcre_dfa_exec().
+
+       If you pass an invalid UTF-8 string when PCRE_NO_UTF8_CHECK is set, the
+       result is undefined and your program may crash.
+
+   Validity of UTF-16 strings
+
+       When you set the PCRE_UTF16 flag, the strings of 16-bit data units that
+       are passed as patterns and subjects are (by default) checked for valid-
+       ity  on entry to the relevant functions. Values other than those in the
+       surrogate range U+D800 to U+DFFF are independent code points. Values in
+       the surrogate range must be used in pairs in the correct manner.
+
+       If  an  invalid  UTF-16  string  is  passed to PCRE, an error return is
+       given. At compile time, the only additional information is  the  offset
+       to the first data unit of the failing character. The run-time functions
+       pcre16_exec() and pcre16_dfa_exec() also pass back this information, as
+       well  as  a more detailed reason code if the caller has provided memory
+       in which to do this.
+
+       In some situations, you may already know that your strings  are  valid,
+       and  therefore  want  to  skip these checks in order to improve perfor-
+       mance. If you set the PCRE_NO_UTF16_CHECK flag at compile  time  or  at
+       run time, PCRE assumes that the pattern or subject it is given (respec-
+       tively) contains only valid UTF-16 sequences. In this case, it does not
+       diagnose  an  invalid  UTF-16 string.  However, if an invalid string is
+       passed, the result is undefined.
+
+   Validity of UTF-32 strings
+
+       When you set the PCRE_UTF32 flag, the strings of 32-bit data units that
+       are passed as patterns and subjects are (by default) checked for valid-
+       ity on entry to the relevant functions.  This check allows only  values
+       in  the  range  U+0 to U+10FFFF, excluding the surrogate area U+D800 to
+       U+DFFF.
+
+       If an invalid UTF-32 string is passed  to  PCRE,  an  error  return  is
+       given.  At  compile time, the only additional information is the offset
+       to the first data unit of the failing character. The run-time functions
+       pcre32_exec() and pcre32_dfa_exec() also pass back this information, as
+       well as a more detailed reason code if the caller has  provided  memory
+       in which to do this.
+
+       In  some  situations, you may already know that your strings are valid,
+       and therefore want to skip these checks in  order  to  improve  perfor-
+       mance.  If  you  set the PCRE_NO_UTF32_CHECK flag at compile time or at
+       run time, PCRE assumes that the pattern or subject it is given (respec-
+       tively) contains only valid UTF-32 sequences. In this case, it does not
+       diagnose an invalid UTF-32 string.  However, if an  invalid  string  is
+       passed, the result is undefined.
+
+   General comments about UTF modes
+
+       1.  Codepoints  less  than  256  can be specified in patterns by either
+       braced or unbraced hexadecimal escape sequences (for example, \x{b3} or
+       \xb3). Larger values have to use braced sequences.
+
+       2.  Octal  numbers  up  to  \777 are recognized, and in UTF-8 mode they
+       match two-byte characters for values greater than \177.
+
+       3. Repeat quantifiers apply to complete UTF characters, not to individ-
+       ual data units, for example: \x{100}{3}.
+
+       4.  The dot metacharacter matches one UTF character instead of a single
+       data unit.
+
+       5. The escape sequence \C can be used to match a single byte  in  UTF-8
+       mode,  or  a single 16-bit data unit in UTF-16 mode, or a single 32-bit
+       data unit in UTF-32 mode, but its use can lead to some strange  effects
+       because  it  breaks up multi-unit characters (see the description of \C
+       in the pcrepattern documentation). The use of \C is  not  supported  in
+       the  alternative  matching  function  pcre[16|32]_dfa_exec(), nor is it
+       supported in UTF mode by the JIT optimization of pcre[16|32]_exec(). If
+       JIT  optimization  is  requested for a UTF pattern that contains \C, it
+       will not succeed, and so the matching will be carried out by the normal
+       interpretive function.
+
+       6.  The  character escapes \b, \B, \d, \D, \s, \S, \w, and \W correctly
+       test characters of any code value, but, by default, the characters that
+       PCRE  recognizes  as digits, spaces, or word characters remain the same
+       set as in non-UTF mode, all with values less  than  256.  This  remains
+       true  even  when  PCRE  is  built  to include Unicode property support,
+       because to do otherwise would slow down PCRE in many common cases. Note
+       in  particular that this applies to \b and \B, because they are defined
+       in terms of \w and \W. If you really want to test for a wider sense of,
+       say,  "digit",  you  can  use  explicit  Unicode property tests such as
+       \p{Nd}. Alternatively, if you set the PCRE_UCP option, the way that the
+       character  escapes  work is changed so that Unicode properties are used
+       to determine which characters match. There are more details in the sec-
+       tion on generic character types in the pcrepattern documentation.
+
+       7.  Similarly,  characters that match the POSIX named character classes
+       are all low-valued characters, unless the PCRE_UCP option is set.
+
+       8. However, the horizontal and vertical white  space  matching  escapes
+       (\h,  \H,  \v, and \V) do match all the appropriate Unicode characters,
+       whether or not PCRE_UCP is set.
+
+       9. Case-insensitive matching applies only to  characters  whose  values
+       are  less than 128, unless PCRE is built with Unicode property support.
+       A few Unicode characters such as Greek sigma have more than  two  code-
+       points that are case-equivalent. Up to and including PCRE release 8.31,
+       only one-to-one case mappings were supported, but later releases  (with
+       Unicode  property  support) do treat as case-equivalent all versions of
+       characters such as Greek sigma.
+
+
+AUTHOR
+
+       Philip Hazel
+       University Computing Service
+       Cambridge CB2 3QH, England.
+
+
+REVISION
+
+       Last updated: 27 February 2013
+       Copyright (c) 1997-2013 University of Cambridge.
+------------------------------------------------------------------------------
+
+
+PCREJIT(3)                 Library Functions Manual                 PCREJIT(3)
+
+
+
+NAME
+       PCRE - Perl-compatible regular expressions
+
+PCRE JUST-IN-TIME COMPILER SUPPORT
+
+       Just-in-time  compiling  is a heavyweight optimization that can greatly
+       speed up pattern matching. However, it comes at the cost of extra  pro-
+       cessing before the match is performed. Therefore, it is of most benefit
+       when the same pattern is going to be matched many times. This does  not
+       necessarily  mean  many calls of a matching function; if the pattern is
+       not anchored, matching attempts may take place many  times  at  various
+       positions  in  the  subject, even for a single call.  Therefore, if the
+       subject string is very long, it may still pay to use  JIT  for  one-off
+       matches.
+
+       JIT  support  applies  only to the traditional Perl-compatible matching
+       function.  It does not apply when the DFA matching  function  is  being
+       used. The code for this support was written by Zoltan Herczeg.
+
+
+8-BIT, 16-BIT AND 32-BIT SUPPORT
+
+       JIT  support  is available for all of the 8-bit, 16-bit and 32-bit PCRE
+       libraries. To keep this documentation simple, only the 8-bit  interface
+       is described in what follows. If you are using the 16-bit library, sub-
+       stitute the  16-bit  functions  and  16-bit  structures  (for  example,
+       pcre16_jit_stack  instead  of  pcre_jit_stack).  If  you  are using the
+       32-bit library, substitute the 32-bit functions and  32-bit  structures
+       (for example, pcre32_jit_stack instead of pcre_jit_stack).
+
+
+AVAILABILITY OF JIT SUPPORT
+
+       JIT  support  is  an  optional  feature of PCRE. The "configure" option
+       --enable-jit (or equivalent CMake option) must  be  set  when  PCRE  is
+       built  if  you want to use JIT. The support is limited to the following
+       hardware platforms:
+
+         ARM v5, v7, and Thumb2
+         Intel x86 32-bit and 64-bit
+         MIPS 32-bit
+         Power PC 32-bit and 64-bit
+         SPARC 32-bit (experimental)
+
+       If --enable-jit is set on an unsupported platform, compilation fails.
+
+       A program that is linked with PCRE 8.20 or later can tell if  JIT  sup-
+       port  is  available  by  calling pcre_config() with the PCRE_CONFIG_JIT
+       option. The result is 1 when JIT is available, and  0  otherwise.  How-
+       ever, a simple program does not need to check this in order to use JIT.
+       The normal API is implemented in a way that falls back to the interpre-
+       tive code if JIT is not available. For programs that need the best pos-
+       sible performance, there is also a "fast path"  API  that  is  JIT-spe-
+       cific.
+
+       If  your program may sometimes be linked with versions of PCRE that are
+       older than 8.20, but you want to use JIT when it is available, you  can
+       test the values of PCRE_MAJOR and PCRE_MINOR, or the existence of a JIT
+       macro such as PCRE_CONFIG_JIT, for compile-time control of  your  code.
+       Also  beware that the pcre_jit_exec() function was not available at all
+       before 8.32, and may not be available at all  if  PCRE  isn't  compiled
+       with  --enable-jit.  See  the  "JIT  FAST  PATH  API" section below for
+       details.
+
+
+SIMPLE USE OF JIT
+
+       You have to do two things to make use of the JIT support  in  the  sim-
+       plest way:
+
+         (1) Call pcre_study() with the PCRE_STUDY_JIT_COMPILE option for
+             each compiled pattern, and pass the resulting pcre_extra block to
+             pcre_exec().
+
+         (2) Use pcre_free_study() to free the pcre_extra block when it is
+             no  longer  needed,  instead  of  just  freeing it yourself. This
+       ensures that
+             any JIT data is also freed.
+
+       For a program that may be linked with pre-8.20 versions  of  PCRE,  you
+       can insert
+
+         #ifndef PCRE_STUDY_JIT_COMPILE
+         #define PCRE_STUDY_JIT_COMPILE 0
+         #endif
+
+       so  that  no  option  is passed to pcre_study(), and then use something
+       like this to free the study data:
+
+         #ifdef PCRE_CONFIG_JIT
+             pcre_free_study(study_ptr);
+         #else
+             pcre_free(study_ptr);
+         #endif
+
+       PCRE_STUDY_JIT_COMPILE requests the JIT compiler to generate  code  for
+       complete  matches.  If  you  want  to  run  partial  matches  using the
+       PCRE_PARTIAL_HARD or  PCRE_PARTIAL_SOFT  options  of  pcre_exec(),  you
+       should  set  one  or  both  of the following options in addition to, or
+       instead of, PCRE_STUDY_JIT_COMPILE when you call pcre_study():
+
+         PCRE_STUDY_JIT_PARTIAL_HARD_COMPILE
+         PCRE_STUDY_JIT_PARTIAL_SOFT_COMPILE
+
+       If using pcre_jit_exec() and supporting a pre-8.32 version of PCRE, you
+       can insert:
+
+          #if PCRE_MAJOR >= 8 && PCRE_MINOR >= 32
+          pcre_jit_exec(...);
+          #else
+          pcre_exec(...)
+          #endif
+
+       but  as described in the "JIT FAST PATH API" section below this assumes
+       version 8.32 and later are compiled with --enable-jit, which may break.
+
+       The JIT compiler generates different optimized code  for  each  of  the
+       three  modes  (normal, soft partial, hard partial). When pcre_exec() is
+       called, the appropriate code is run if it is available. Otherwise,  the
+       pattern is matched using interpretive code.
+
+       In  some circumstances you may need to call additional functions. These
+       are described in the  section  entitled  "Controlling  the  JIT  stack"
+       below.
+
+       If  JIT  support  is  not  available,  PCRE_STUDY_JIT_COMPILE  etc. are
+       ignored, and no JIT data is created. Otherwise, the compiled pattern is
+       passed  to the JIT compiler, which turns it into machine code that exe-
+       cutes much faster than the normal interpretive code.  When  pcre_exec()
+       is  passed  a  pcre_extra block containing a pointer to JIT code of the
+       appropriate mode (normal or hard/soft  partial),  it  obeys  that  code
+       instead  of  running  the interpreter. The result is identical, but the
+       compiled JIT code runs much faster.
+
+       There are some pcre_exec() options that are not supported for JIT  exe-
+       cution.  There  are  also  some  pattern  items that JIT cannot handle.
+       Details are given below. In both cases, execution  automatically  falls
+       back  to  the  interpretive  code.  If you want to know whether JIT was
+       actually used for a particular match, you  should  arrange  for  a  JIT
+       callback  function  to  be  set up as described in the section entitled
+       "Controlling the JIT stack" below, even if you do not need to supply  a
+       non-default  JIT stack. Such a callback function is called whenever JIT
+       code is about to be obeyed. If the execution options are not right  for
+       JIT execution, the callback function is not obeyed.
+
+       If  the  JIT  compiler finds an unsupported item, no JIT data is gener-
+       ated. You can find out if JIT execution is available after  studying  a
+       pattern  by  calling  pcre_fullinfo()  with the PCRE_INFO_JIT option. A
+       result of 1 means that JIT compilation was successful. A  result  of  0
+       means that JIT support is not available, or the pattern was not studied
+       with PCRE_STUDY_JIT_COMPILE etc., or the JIT compiler was not  able  to
+       handle the pattern.
+
+       Once a pattern has been studied, with or without JIT, it can be used as
+       many times as you like for matching different subject strings.
+
+
+UNSUPPORTED OPTIONS AND PATTERN ITEMS
+
+       The only pcre_exec() options that are supported for JIT  execution  are
+       PCRE_NO_UTF8_CHECK, PCRE_NO_UTF16_CHECK, PCRE_NO_UTF32_CHECK, PCRE_NOT-
+       BOL,  PCRE_NOTEOL,  PCRE_NOTEMPTY,   PCRE_NOTEMPTY_ATSTART,   PCRE_PAR-
+       TIAL_HARD, and PCRE_PARTIAL_SOFT.
+
+       The  only  unsupported  pattern items are \C (match a single data unit)
+       when running in a UTF mode, and a callout immediately before an  asser-
+       tion condition in a conditional group.
+
+
+RETURN VALUES FROM JIT EXECUTION
+
+       When  a  pattern  is matched using JIT execution, the return values are
+       the same as those given by the interpretive pcre_exec() code, with  the
+       addition  of  one new error code: PCRE_ERROR_JIT_STACKLIMIT. This means
+       that the memory used for the JIT stack was insufficient. See  "Control-
+       ling the JIT stack" below for a discussion of JIT stack usage. For com-
+       patibility with the interpretive pcre_exec() code, no  more  than  two-
+       thirds  of  the ovector argument is used for passing back captured sub-
+       strings.
+
+       The error code PCRE_ERROR_MATCHLIMIT is returned by  the  JIT  code  if
+       searching  a  very large pattern tree goes on for too long, as it is in
+       the same circumstance when JIT is not used, but the details of  exactly
+       what  is  counted are not the same. The PCRE_ERROR_RECURSIONLIMIT error
+       code is never returned by JIT execution.
+
+
+SAVING AND RESTORING COMPILED PATTERNS
+
+       The code that is generated by the  JIT  compiler  is  architecture-spe-
+       cific,  and  is also position dependent. For those reasons it cannot be
+       saved (in a file or database) and restored later like the bytecode  and
+       other  data  of  a compiled pattern. Saving and restoring compiled pat-
+       terns is not something many people do. More detail about this  facility
+       is  given in the pcreprecompile documentation. It should be possible to
+       run pcre_study() on a saved and restored pattern, and thereby  recreate
+       the  JIT  data, but because JIT compilation uses significant resources,
+       it is probably not worth doing this; you might as  well  recompile  the
+       original pattern.
+
+
+CONTROLLING THE JIT STACK
+
+       When the compiled JIT code runs, it needs a block of memory to use as a
+       stack.  By default, it uses 32K on the  machine  stack.  However,  some
+       large   or   complicated  patterns  need  more  than  this.  The  error
+       PCRE_ERROR_JIT_STACKLIMIT is given when  there  is  not  enough  stack.
+       Three  functions  are provided for managing blocks of memory for use as
+       JIT stacks. There is further discussion about the use of JIT stacks  in
+       the section entitled "JIT stack FAQ" below.
+
+       The  pcre_jit_stack_alloc() function creates a JIT stack. Its arguments
+       are a starting size and a maximum size, and it returns a pointer to  an
+       opaque  structure of type pcre_jit_stack, or NULL if there is an error.
+       The pcre_jit_stack_free() function can be used to free a stack that  is
+       no  longer  needed.  (For  the technically minded: the address space is
+       allocated by mmap or VirtualAlloc.)
+
+       JIT uses far less memory for recursion than the interpretive code,  and
+       a  maximum  stack size of 512K to 1M should be more than enough for any
+       pattern.
+
+       The pcre_assign_jit_stack() function specifies  which  stack  JIT  code
+       should use. Its arguments are as follows:
+
+         pcre_extra         *extra
+         pcre_jit_callback  callback
+         void               *data
+
+       The  extra  argument  must  be  the  result  of studying a pattern with
+       PCRE_STUDY_JIT_COMPILE etc. There are three cases for the values of the
+       other two options:
+
+         (1) If callback is NULL and data is NULL, an internal 32K block
+             on the machine stack is used.
+
+         (2) If callback is NULL and data is not NULL, data must be
+             a valid JIT stack, the result of calling pcre_jit_stack_alloc().
+
+         (3) If callback is not NULL, it must point to a function that is
+             called with data as an argument at the start of matching, in
+             order to set up a JIT stack. If the return from the callback
+             function is NULL, the internal 32K stack is used; otherwise the
+             return value must be a valid JIT stack, the result of calling
+             pcre_jit_stack_alloc().
+
+       A  callback function is obeyed whenever JIT code is about to be run; it
+       is not obeyed when pcre_exec() is called with options that  are  incom-
+       patible for JIT execution. A callback function can therefore be used to
+       determine whether a match operation was  executed  by  JIT  or  by  the
+       interpreter.
+
+       You may safely use the same JIT stack for more than one pattern (either
+       by assigning directly or by callback), as long as the patterns are  all
+       matched  sequentially in the same thread. In a multithread application,
+       if you do not specify a JIT stack, or if you assign or pass  back  NULL
+       from  a  callback, that is thread-safe, because each thread has its own
+       machine stack. However, if you assign  or  pass  back  a  non-NULL  JIT
+       stack,  this  must  be  a  different  stack for each thread so that the
+       application is thread-safe.
+
+       Strictly speaking, even more is allowed. You can assign the  same  non-
+       NULL  stack  to any number of patterns as long as they are not used for
+       matching by multiple threads at the same time.  For  example,  you  can
+       assign  the same stack to all compiled patterns, and use a global mutex
+       in the callback to wait until the stack is available for use.  However,
+       this is an inefficient solution, and not recommended.
+
+       This  is a suggestion for how a multithreaded program that needs to set
+       up non-default JIT stacks might operate:
+
+         During thread initalization
+           thread_local_var = pcre_jit_stack_alloc(...)
+
+         During thread exit
+           pcre_jit_stack_free(thread_local_var)
+
+         Use a one-line callback function
+           return thread_local_var
+
+       All the functions described in this section do nothing if  JIT  is  not
+       available,  and  pcre_assign_jit_stack()  does nothing unless the extra
+       argument is non-NULL and points to  a  pcre_extra  block  that  is  the
+       result of a successful study with PCRE_STUDY_JIT_COMPILE etc.
+
+
+JIT STACK FAQ
+
+       (1) Why do we need JIT stacks?
+
+       PCRE  (and JIT) is a recursive, depth-first engine, so it needs a stack
+       where the local data of the current node is pushed before checking  its
+       child nodes.  Allocating real machine stack on some platforms is diffi-
+       cult. For example, the stack chain needs to be updated every time if we
+       extend  the  stack  on  PowerPC.  Although it is possible, its updating
+       time overhead decreases performance. So we do the recursion in memory.
+
+       (2) Why don't we simply allocate blocks of memory with malloc()?
+
+       Modern operating systems have a  nice  feature:  they  can  reserve  an
+       address space instead of allocating memory. We can safely allocate mem-
+       ory pages inside this address space, so the stack  could  grow  without
+       moving memory data (this is important because of pointers). Thus we can
+       allocate 1M address space, and use only a single memory  page  (usually
+       4K)  if  that is enough. However, we can still grow up to 1M anytime if
+       needed.
+
+       (3) Who "owns" a JIT stack?
+
+       The owner of the stack is the user program, not the JIT studied pattern
+       or  anything else. The user program must ensure that if a stack is used
+       by pcre_exec(), (that is, it is assigned to the pattern currently  run-
+       ning), that stack must not be used by any other threads (to avoid over-
+       writing the same memory area). The best practice for multithreaded pro-
+       grams  is  to  allocate  a stack for each thread, and return this stack
+       through the JIT callback function.
+
+       (4) When should a JIT stack be freed?
+
+       You can free a JIT stack at any time, as long as it will not be used by
+       pcre_exec()  again.  When  you  assign  the  stack to a pattern, only a
+       pointer is set. There is no reference counting or any other magic.  You
+       can  free  the  patterns  and stacks in any order, anytime. Just do not
+       call pcre_exec() with a pattern pointing to an already freed stack,  as
+       that  will cause SEGFAULT. (Also, do not free a stack currently used by
+       pcre_exec() in another thread). You can also replace the  stack  for  a
+       pattern  at  any  time.  You  can  even  free the previous stack before
+       assigning a replacement.
+
+       (5) Should I allocate/free a  stack  every  time  before/after  calling
+       pcre_exec()?
+
+       No,  because  this  is  too  costly in terms of resources. However, you
+       could implement some clever idea which release the stack if it  is  not
+       used  in  let's  say  two minutes. The JIT callback can help to achieve
+       this without keeping a list of the currently JIT studied patterns.
+
+       (6) OK, the stack is for long term memory allocation. But what  happens
+       if  a pattern causes stack overflow with a stack of 1M? Is that 1M kept
+       until the stack is freed?
+
+       Especially on embedded sytems, it might be a good idea to release  mem-
+       ory  sometimes  without  freeing the stack. There is no API for this at
+       the moment.  Probably a function call which returns with the  currently
+       allocated  memory for any stack and another which allows releasing mem-
+       ory (shrinking the stack) would be a good idea if someone needs this.
+
+       (7) This is too much of a headache. Isn't there any better solution for
+       JIT stack handling?
+
+       No,  thanks to Windows. If POSIX threads were used everywhere, we could
+       throw out this complicated API.
+
+
+EXAMPLE CODE
+
+       This is a single-threaded example that specifies a  JIT  stack  without
+       using a callback.
+
+         int rc;
+         int ovector[30];
+         pcre *re;
+         pcre_extra *extra;
+         pcre_jit_stack *jit_stack;
+
+         re = pcre_compile(pattern, 0, &error, &erroffset, NULL);
+         /* Check for errors */
+         extra = pcre_study(re, PCRE_STUDY_JIT_COMPILE, &error);
+         jit_stack = pcre_jit_stack_alloc(32*1024, 512*1024);
+         /* Check for error (NULL) */
+         pcre_assign_jit_stack(extra, NULL, jit_stack);
+         rc = pcre_exec(re, extra, subject, length, 0, 0, ovector, 30);
+         /* Check results */
+         pcre_free(re);
+         pcre_free_study(extra);
+         pcre_jit_stack_free(jit_stack);
+
+
+JIT FAST PATH API
+
+       Because  the  API  described  above falls back to interpreted execution
+       when JIT is not available, it is convenient for programs that are writ-
+       ten  for  general  use  in  many environments. However, calling JIT via
+       pcre_exec() does have a performance impact. Programs that  are  written
+       for  use  where  JIT  is known to be available, and which need the best
+       possible performance, can instead use a "fast path"  API  to  call  JIT
+       execution  directly  instead of calling pcre_exec() (obviously only for
+       patterns that have been successfully studied by JIT).
+
+       The fast path function is called pcre_jit_exec(), and it takes  exactly
+       the  same  arguments  as pcre_exec(), plus one additional argument that
+       must point to a JIT stack. The JIT stack arrangements  described  above
+       do not apply. The return values are the same as for pcre_exec().
+
+       When  you  call  pcre_exec(), as well as testing for invalid options, a
+       number of other sanity checks are performed on the arguments. For exam-
+       ple,  if  the  subject  pointer  is NULL, or its length is negative, an
+       immediate error is given. Also, unless PCRE_NO_UTF[8|16|32] is  set,  a
+       UTF  subject  string is tested for validity. In the interests of speed,
+       these checks do not happen on the JIT fast path, and if invalid data is
+       passed, the result is undefined.
+
+       Bypassing  the  sanity  checks  and  the  pcre_exec() wrapping can give
+       speedups of more than 10%.
+
+       Note that the pcre_jit_exec() function is not available in versions  of
+       PCRE  before  8.32  (released in November 2012). If you need to support
+       versions that old you must either use the slower pcre_exec(), or switch
+       between  the  two  codepaths  by  checking the values of PCRE_MAJOR and
+       PCRE_MINOR.
+
+       Due to an unfortunate implementation oversight, even in  versions  8.32
+       and  later  there will be no pcre_jit_exec() stub function defined when
+       PCRE is compiled with --disable-jit, which is the default, and  there's
+       no  way  to  detect  whether  PCRE was compiled with --enable-jit via a
+       macro.
+
+       If you need to support versions older than 8.32, or versions  that  may
+       not   build   with   --enable-jit,  you  must  either  use  the  slower
+       pcre_exec(), or switch between the two codepaths by checking the values
+       of PCRE_MAJOR and PCRE_MINOR.
+
+       Switching  between the two by checking the version assumes that all the
+       versions being targeted are built with --enable-jit.  To  also  support
+       builds that may use --disable-jit either pcre_exec() must be used, or a
+       compile-time check for JIT via pcre_config() (which assumes the runtime
+       environment  will  be  the  same), or as the Git project decided to do,
+       simply assume that pcre_jit_exec() is present in 8.32 or later unless a
+       compile-time  flag  is  provided, see the "grep: un-break building with
+       PCRE >= 8.32 without --enable-jit" commit in git.git for an example  of
+       that.
+
+
+SEE ALSO
+
+       pcreapi(3)
+
+
+AUTHOR
+
+       Philip Hazel (FAQ by Zoltan Herczeg)
+       University Computing Service
+       Cambridge CB2 3QH, England.
+
+
+REVISION
+
+       Last updated: 05 July 2017
+       Copyright (c) 1997-2017 University of Cambridge.
+------------------------------------------------------------------------------
+
+
+PCREPARTIAL(3)             Library Functions Manual             PCREPARTIAL(3)
+
+
+
+NAME
+       PCRE - Perl-compatible regular expressions
+
+PARTIAL MATCHING IN PCRE
+
+       In normal use of PCRE, if the subject string that is passed to a match-
+       ing function matches as far as it goes, but is too short to  match  the
+       entire pattern, PCRE_ERROR_NOMATCH is returned. There are circumstances
+       where it might be helpful to distinguish this case from other cases  in
+       which there is no match.
+
+       Consider, for example, an application where a human is required to type
+       in data for a field with specific formatting requirements.  An  example
+       might be a date in the form ddmmmyy, defined by this pattern:
+
+         ^\d?\d(jan|feb|mar|apr|may|jun|jul|aug|sep|oct|nov|dec)\d\d$
+
+       If the application sees the user's keystrokes one by one, and can check
+       that what has been typed so far is potentially valid,  it  is  able  to
+       raise  an  error  as  soon  as  a  mistake  is made, by beeping and not
+       reflecting the character that has been typed, for example. This immedi-
+       ate  feedback is likely to be a better user interface than a check that
+       is delayed until the entire string has been entered.  Partial  matching
+       can  also be useful when the subject string is very long and is not all
+       available at once.
+
+       PCRE supports partial matching by means of  the  PCRE_PARTIAL_SOFT  and
+       PCRE_PARTIAL_HARD  options,  which  can  be set when calling any of the
+       matching functions. For backwards compatibility, PCRE_PARTIAL is a syn-
+       onym  for  PCRE_PARTIAL_SOFT.  The essential difference between the two
+       options is whether or not a partial match is preferred to  an  alterna-
+       tive complete match, though the details differ between the two types of
+       matching function. If both options  are  set,  PCRE_PARTIAL_HARD  takes
+       precedence.
+
+       If  you  want to use partial matching with just-in-time optimized code,
+       you must call pcre_study(), pcre16_study() or  pcre32_study() with  one
+       or both of these options:
+
+         PCRE_STUDY_JIT_PARTIAL_SOFT_COMPILE
+         PCRE_STUDY_JIT_PARTIAL_HARD_COMPILE
+
+       PCRE_STUDY_JIT_COMPILE  should also be set if you are going to run non-
+       partial matches on the same pattern. If the appropriate JIT study  mode
+       has not been set for a match, the interpretive matching code is used.
+
+       Setting a partial matching option disables two of PCRE's standard opti-
+       mizations. PCRE remembers the last literal data unit in a pattern,  and
+       abandons  matching  immediately  if  it  is  not present in the subject
+       string. This optimization cannot be used  for  a  subject  string  that
+       might  match only partially. If the pattern was studied, PCRE knows the
+       minimum length of a matching string, and does not  bother  to  run  the
+       matching  function  on  shorter strings. This optimization is also dis-
+       abled for partial matching.
+
+
+PARTIAL MATCHING USING pcre_exec() OR pcre[16|32]_exec()
+
+       A  partial   match   occurs   during   a   call   to   pcre_exec()   or
+       pcre[16|32]_exec()  when  the end of the subject string is reached suc-
+       cessfully, but matching cannot continue  because  more  characters  are
+       needed.   However, at least one character in the subject must have been
+       inspected. This character need not  form  part  of  the  final  matched
+       string;  lookbehind  assertions and the \K escape sequence provide ways
+       of inspecting characters before the start of a matched  substring.  The
+       requirement  for  inspecting  at  least one character exists because an
+       empty string can always be matched; without such  a  restriction  there
+       would  always  be  a partial match of an empty string at the end of the
+       subject.
+
+       If there are at least two slots in the offsets vector  when  a  partial
+       match  is returned, the first slot is set to the offset of the earliest
+       character that was inspected. For convenience, the second offset points
+       to the end of the subject so that a substring can easily be identified.
+       If there are at least three slots in the offsets vector, the third slot
+       is set to the offset of the character where matching started.
+
+       For the majority of patterns, the contents of the first and third slots
+       will be the same. However, for patterns that contain lookbehind  asser-
+       tions, or begin with \b or \B, characters before the one where matching
+       started may have been inspected while carrying out the match. For exam-
+       ple, consider this pattern:
+
+         /(?<=abc)123/
+
+       This pattern matches "123", but only if it is preceded by "abc". If the
+       subject string is "xyzabc12", the first two  offsets  after  a  partial
+       match  are for the substring "abc12", because all these characters were
+       inspected. However, the third offset is set to 6, because that  is  the
+       offset where matching began.
+
+       What happens when a partial match is identified depends on which of the
+       two partial matching options are set.
+
+   PCRE_PARTIAL_SOFT WITH pcre_exec() OR pcre[16|32]_exec()
+
+       If PCRE_PARTIAL_SOFT is  set  when  pcre_exec()  or  pcre[16|32]_exec()
+       identifies a partial match, the partial match is remembered, but match-
+       ing continues as normal, and other  alternatives  in  the  pattern  are
+       tried.  If  no  complete  match  can  be  found,  PCRE_ERROR_PARTIAL is
+       returned instead of PCRE_ERROR_NOMATCH.
+
+       This option is "soft" because it prefers a complete match over  a  par-
+       tial  match.   All the various matching items in a pattern behave as if
+       the subject string is potentially complete. For example, \z, \Z, and  $
+       match  at  the end of the subject, as normal, and for \b and \B the end
+       of the subject is treated as a non-alphanumeric.
+
+       If there is more than one partial match, the first one that  was  found
+       provides the data that is returned. Consider this pattern:
+
+         /123\w+X|dogY/
+
+       If  this is matched against the subject string "abc123dog", both alter-
+       natives fail to match, but the end of the  subject  is  reached  during
+       matching,  so  PCRE_ERROR_PARTIAL is returned. The offsets are set to 3
+       and 9, identifying "123dog" as the first partial match that was  found.
+       (In  this  example, there are two partial matches, because "dog" on its
+       own partially matches the second alternative.)
+
+   PCRE_PARTIAL_HARD WITH pcre_exec() OR pcre[16|32]_exec()
+
+       If PCRE_PARTIAL_HARD is  set  for  pcre_exec()  or  pcre[16|32]_exec(),
+       PCRE_ERROR_PARTIAL  is  returned  as  soon as a partial match is found,
+       without continuing to search for possible complete matches. This option
+       is "hard" because it prefers an earlier partial match over a later com-
+       plete match. For this reason, the assumption is made that  the  end  of
+       the  supplied  subject  string may not be the true end of the available
+       data, and so, if \z, \Z, \b, \B, or $ are encountered at the end of the
+       subject,  the  result is PCRE_ERROR_PARTIAL, provided that at least one
+       character in the subject has been inspected.
+
+       Setting PCRE_PARTIAL_HARD also affects the way UTF-8 and UTF-16 subject
+       strings  are checked for validity. Normally, an invalid sequence causes
+       the error PCRE_ERROR_BADUTF8 or PCRE_ERROR_BADUTF16.  However,  in  the
+       special  case  of  a  truncated  character  at  the end of the subject,
+       PCRE_ERROR_SHORTUTF8  or   PCRE_ERROR_SHORTUTF16   is   returned   when
+       PCRE_PARTIAL_HARD is set.
+
+   Comparing hard and soft partial matching
+
+       The  difference  between the two partial matching options can be illus-
+       trated by a pattern such as:
+
+         /dog(sbody)?/
+
+       This matches either "dog" or "dogsbody", greedily (that is, it  prefers
+       the  longer  string  if  possible). If it is matched against the string
+       "dog" with PCRE_PARTIAL_SOFT, it yields a  complete  match  for  "dog".
+       However, if PCRE_PARTIAL_HARD is set, the result is PCRE_ERROR_PARTIAL.
+       On the other hand, if the pattern is made ungreedy the result  is  dif-
+       ferent:
+
+         /dog(sbody)??/
+
+       In  this  case  the  result  is always a complete match because that is
+       found first, and matching never  continues  after  finding  a  complete
+       match. It might be easier to follow this explanation by thinking of the
+       two patterns like this:
+
+         /dog(sbody)?/    is the same as  /dogsbody|dog/
+         /dog(sbody)??/   is the same as  /dog|dogsbody/
+
+       The second pattern will never match "dogsbody", because it will  always
+       find the shorter match first.
+
+
+PARTIAL MATCHING USING pcre_dfa_exec() OR pcre[16|32]_dfa_exec()
+
+       The DFA functions move along the subject string character by character,
+       without backtracking, searching for  all  possible  matches  simultane-
+       ously.  If the end of the subject is reached before the end of the pat-
+       tern, there is the possibility of a partial match, again provided  that
+       at least one character has been inspected.
+
+       When  PCRE_PARTIAL_SOFT  is set, PCRE_ERROR_PARTIAL is returned only if
+       there have been no complete matches. Otherwise,  the  complete  matches
+       are  returned.   However,  if PCRE_PARTIAL_HARD is set, a partial match
+       takes precedence over any complete matches. The portion of  the  string
+       that  was  inspected when the longest partial match was found is set as
+       the first matching string, provided there are at least two slots in the
+       offsets vector.
+
+       Because  the  DFA functions always search for all possible matches, and
+       there is no difference between greedy and  ungreedy  repetition,  their
+       behaviour  is  different  from  the  standard  functions when PCRE_PAR-
+       TIAL_HARD is  set.  Consider  the  string  "dog"  matched  against  the
+       ungreedy pattern shown above:
+
+         /dog(sbody)??/
+
+       Whereas  the  standard functions stop as soon as they find the complete
+       match for "dog", the DFA functions also  find  the  partial  match  for
+       "dogsbody", and so return that when PCRE_PARTIAL_HARD is set.
+
+
+PARTIAL MATCHING AND WORD BOUNDARIES
+
+       If  a  pattern ends with one of sequences \b or \B, which test for word
+       boundaries, partial matching with PCRE_PARTIAL_SOFT can  give  counter-
+       intuitive results. Consider this pattern:
+
+         /\bcat\b/
+
+       This matches "cat", provided there is a word boundary at either end. If
+       the subject string is "the cat", the comparison of the final "t" with a
+       following  character  cannot  take  place, so a partial match is found.
+       However, normal matching carries on, and \b matches at the end  of  the
+       subject  when  the  last  character is a letter, so a complete match is
+       found.  The  result,  therefore,  is  not   PCRE_ERROR_PARTIAL.   Using
+       PCRE_PARTIAL_HARD  in  this case does yield PCRE_ERROR_PARTIAL, because
+       then the partial match takes precedence.
+
+
+FORMERLY RESTRICTED PATTERNS
+
+       For releases of PCRE prior to 8.00, because of the way certain internal
+       optimizations   were  implemented  in  the  pcre_exec()  function,  the
+       PCRE_PARTIAL option (predecessor of  PCRE_PARTIAL_SOFT)  could  not  be
+       used  with all patterns. From release 8.00 onwards, the restrictions no
+       longer apply, and partial matching with can be requested for  any  pat-
+       tern.
+
+       Items that were formerly restricted were repeated single characters and
+       repeated metasequences. If PCRE_PARTIAL was set for a pattern that  did
+       not  conform  to  the restrictions, pcre_exec() returned the error code
+       PCRE_ERROR_BADPARTIAL (-13). This error code is no longer in  use.  The
+       PCRE_INFO_OKPARTIAL  call  to pcre_fullinfo() to find out if a compiled
+       pattern can be used for partial matching now always returns 1.
+
+
+EXAMPLE OF PARTIAL MATCHING USING PCRETEST
+
+       If the escape sequence \P is present  in  a  pcretest  data  line,  the
+       PCRE_PARTIAL_SOFT  option  is  used  for  the  match.  Here is a run of
+       pcretest that uses the date example quoted above:
+
+           re> /^\d?\d(jan|feb|mar|apr|may|jun|jul|aug|sep|oct|nov|dec)\d\d$/
+         data> 25jun04\P
+          0: 25jun04
+          1: jun
+         data> 25dec3\P
+         Partial match: 23dec3
+         data> 3ju\P
+         Partial match: 3ju
+         data> 3juj\P
+         No match
+         data> j\P
+         No match
+
+       The first data string is matched  completely,  so  pcretest  shows  the
+       matched  substrings.  The  remaining four strings do not match the com-
+       plete pattern, but the first two are partial matches. Similar output is
+       obtained if DFA matching is used.
+
+       If  the escape sequence \P is present more than once in a pcretest data
+       line, the PCRE_PARTIAL_HARD option is set for the match.
+
+
+MULTI-SEGMENT MATCHING WITH pcre_dfa_exec() OR pcre[16|32]_dfa_exec()
+
+       When a partial match has been found using a DFA matching  function,  it
+       is  possible to continue the match by providing additional subject data
+       and calling the function again with the same compiled  regular  expres-
+       sion,  this time setting the PCRE_DFA_RESTART option. You must pass the
+       same working space as before, because this is where details of the pre-
+       vious  partial  match  are  stored.  Here is an example using pcretest,
+       using the \R escape sequence to set  the  PCRE_DFA_RESTART  option  (\D
+       specifies the use of the DFA matching function):
+
+           re> /^\d?\d(jan|feb|mar|apr|may|jun|jul|aug|sep|oct|nov|dec)\d\d$/
+         data> 23ja\P\D
+         Partial match: 23ja
+         data> n05\R\D
+          0: n05
+
+       The  first  call has "23ja" as the subject, and requests partial match-
+       ing; the second call  has  "n05"  as  the  subject  for  the  continued
+       (restarted)  match.   Notice  that when the match is complete, only the
+       last part is shown; PCRE does  not  retain  the  previously  partially-
+       matched  string. It is up to the calling program to do that if it needs
+       to.
+
+       That means that, for an unanchored pattern, if a continued match fails,
+       it  is  not  possible  to  try  again at a new starting point. All this
+       facility is capable of doing is  continuing  with  the  previous  match
+       attempt.  In  the previous example, if the second set of data is "ug23"
+       the result is no match, even though there would be a match for  "aug23"
+       if  the entire string were given at once. Depending on the application,
+       this may or may not be what you want.  The only way to allow for start-
+       ing  again  at  the next character is to retain the matched part of the
+       subject and try a new complete match.
+
+       You can set the PCRE_PARTIAL_SOFT  or  PCRE_PARTIAL_HARD  options  with
+       PCRE_DFA_RESTART  to  continue partial matching over multiple segments.
+       This facility can be used to pass very long subject strings to the  DFA
+       matching functions.
+
+
+MULTI-SEGMENT MATCHING WITH pcre_exec() OR pcre[16|32]_exec()
+
+       From  release 8.00, the standard matching functions can also be used to
+       do multi-segment matching. Unlike the DFA functions, it is not possible
+       to  restart the previous match with a new segment of data. Instead, new
+       data must be added to the previous subject string, and the entire match
+       re-run,  starting from the point where the partial match occurred. Ear-
+       lier data can be discarded.
+
+       It is best to use PCRE_PARTIAL_HARD in this situation, because it  does
+       not  treat the end of a segment as the end of the subject when matching
+       \z, \Z, \b, \B, and $. Consider  an  unanchored  pattern  that  matches
+       dates:
+
+           re> /\d?\d(jan|feb|mar|apr|may|jun|jul|aug|sep|oct|nov|dec)\d\d/
+         data> The date is 23ja\P\P
+         Partial match: 23ja
+
+       At  this stage, an application could discard the text preceding "23ja",
+       add on text from the next  segment,  and  call  the  matching  function
+       again.  Unlike  the  DFA matching functions, the entire matching string
+       must always be available, and the complete matching process occurs  for
+       each call, so more memory and more processing time is needed.
+
+       Note:  If  the pattern contains lookbehind assertions, or \K, or starts
+       with \b or \B, the string that is returned for a partial match includes
+       characters  that precede the start of what would be returned for a com-
+       plete match, because it contains all the characters that were inspected
+       during the partial match.
+
+
+ISSUES WITH MULTI-SEGMENT MATCHING
+
+       Certain types of pattern may give problems with multi-segment matching,
+       whichever matching function is used.
+
+       1. If the pattern contains a test for the beginning of a line, you need
+       to  pass  the  PCRE_NOTBOL  option when the subject string for any call
+       does start at the beginning of a line.  There  is  also  a  PCRE_NOTEOL
+       option, but in practice when doing multi-segment matching you should be
+       using PCRE_PARTIAL_HARD, which includes the effect of PCRE_NOTEOL.
+
+       2. Lookbehind assertions that have already been obeyed are catered  for
+       in the offsets that are returned for a partial match. However a lookbe-
+       hind assertion later in the pattern could require even earlier  charac-
+       ters   to  be  inspected.  You  can  handle  this  case  by  using  the
+       PCRE_INFO_MAXLOOKBEHIND    option    of    the    pcre_fullinfo()    or
+       pcre[16|32]_fullinfo()  functions  to  obtain the length of the longest
+       lookbehind in the pattern. This length  is  given  in  characters,  not
+       bytes.  If  you  always retain at least that many characters before the
+       partially matched string, all should be  well.  (Of  course,  near  the
+       start of the subject, fewer characters may be present; in that case all
+       characters should be retained.)
+
+       From release 8.33, there is a more accurate way of deciding which char-
+       acters  to  retain.  Instead  of  subtracting the length of the longest
+       lookbehind from the  earliest  inspected  character  (offsets[0]),  the
+       match  start  position  (offsets[2]) should be used, and the next match
+       attempt started at the offsets[2] character by setting the  startoffset
+       argument of pcre_exec() or pcre_dfa_exec().
+
+       For  example, if the pattern "(?<=123)abc" is partially matched against
+       the string "xx123a", the three offset values returned are 2, 6, and  5.
+       This  indicates  that  the  matching  process that gave a partial match
+       started at offset 5, but the characters "123a" were all inspected.  The
+       maximum  lookbehind  for  that pattern is 3, so taking that away from 5
+       shows that we need only keep "123a", and the next match attempt can  be
+       started at offset 3 (that is, at "a") when further characters have been
+       added. When the match start is not the  earliest  inspected  character,
+       pcretest shows it explicitly:
+
+           re> "(?<=123)abc"
+         data> xx123a\P\P
+         Partial match at offset 5: 123a
+
+       3.  Because a partial match must always contain at least one character,
+       what might be considered a partial match of an  empty  string  actually
+       gives a "no match" result. For example:
+
+           re> /c(?<=abc)x/
+         data> ab\P
+         No match
+
+       If the next segment begins "cx", a match should be found, but this will
+       only happen if characters from the previous segment are  retained.  For
+       this  reason,  a  "no  match"  result should be interpreted as "partial
+       match of an empty string" when the pattern contains lookbehinds.
+
+       4. Matching a subject string that is split into multiple  segments  may
+       not  always produce exactly the same result as matching over one single
+       long string, especially when PCRE_PARTIAL_SOFT  is  used.  The  section
+       "Partial  Matching  and  Word Boundaries" above describes an issue that
+       arises if the pattern ends with \b or \B. Another  kind  of  difference
+       may  occur when there are multiple matching possibilities, because (for
+       PCRE_PARTIAL_SOFT) a partial match result is given only when there  are
+       no completed matches. This means that as soon as the shortest match has
+       been found, continuation to a new subject segment is no  longer  possi-
+       ble. Consider again this pcretest example:
+
+           re> /dog(sbody)?/
+         data> dogsb\P
+          0: dog
+         data> do\P\D
+         Partial match: do
+         data> gsb\R\P\D
+          0: g
+         data> dogsbody\D
+          0: dogsbody
+          1: dog
+
+       The  first  data  line passes the string "dogsb" to a standard matching
+       function, setting the PCRE_PARTIAL_SOFT option. Although the string  is
+       a  partial  match for "dogsbody", the result is not PCRE_ERROR_PARTIAL,
+       because the shorter string "dog" is a complete match.  Similarly,  when
+       the  subject  is  presented to a DFA matching function in several parts
+       ("do" and "gsb" being the first two) the match  stops  when  "dog"  has
+       been  found, and it is not possible to continue.  On the other hand, if
+       "dogsbody" is presented as a single string,  a  DFA  matching  function
+       finds both matches.
+
+       Because  of  these  problems,  it is best to use PCRE_PARTIAL_HARD when
+       matching multi-segment data. The example  above  then  behaves  differ-
+       ently:
+
+           re> /dog(sbody)?/
+         data> dogsb\P\P
+         Partial match: dogsb
+         data> do\P\D
+         Partial match: do
+         data> gsb\R\P\P\D
+         Partial match: gsb
+
+       5. Patterns that contain alternatives at the top level which do not all
+       start with the  same  pattern  item  may  not  work  as  expected  when
+       PCRE_DFA_RESTART is used. For example, consider this pattern:
+
+         1234|3789
+
+       If  the  first  part of the subject is "ABC123", a partial match of the
+       first alternative is found at offset 3. There is no partial  match  for
+       the second alternative, because such a match does not start at the same
+       point in the subject string. Attempting to  continue  with  the  string
+       "7890"  does  not  yield  a  match because only those alternatives that
+       match at one point in the subject are remembered.  The  problem  arises
+       because  the  start  of the second alternative matches within the first
+       alternative. There is no problem with  anchored  patterns  or  patterns
+       such as:
+
+         1234|ABCD
+
+       where  no  string can be a partial match for both alternatives. This is
+       not a problem if a standard matching  function  is  used,  because  the
+       entire match has to be rerun each time:
+
+           re> /1234|3789/
+         data> ABC123\P\P
+         Partial match: 123
+         data> 1237890
+          0: 3789
+
+       Of course, instead of using PCRE_DFA_RESTART, the same technique of re-
+       running the entire match can also be used with the DFA  matching  func-
+       tions.  Another  possibility  is to work with two buffers. If a partial
+       match at offset n in the first buffer is followed by  "no  match"  when
+       PCRE_DFA_RESTART  is  used on the second buffer, you can then try a new
+       match starting at offset n+1 in the first buffer.
+
+
+AUTHOR
+
+       Philip Hazel
+       University Computing Service
+       Cambridge CB2 3QH, England.
+
+
+REVISION
+
+       Last updated: 02 July 2013
+       Copyright (c) 1997-2013 University of Cambridge.
+------------------------------------------------------------------------------
+
+
+PCREPRECOMPILE(3)          Library Functions Manual          PCREPRECOMPILE(3)
+
+
+
+NAME
+       PCRE - Perl-compatible regular expressions
+
+SAVING AND RE-USING PRECOMPILED PCRE PATTERNS
+
+       If  you  are running an application that uses a large number of regular
+       expression patterns, it may be useful to store them  in  a  precompiled
+       form  instead  of  having to compile them every time the application is
+       run.  If you are not  using  any  private  character  tables  (see  the
+       pcre_maketables()  documentation),  this is relatively straightforward.
+       If you are using private tables, it is a little bit  more  complicated.
+       However,  if you are using the just-in-time optimization feature, it is
+       not possible to save and reload the JIT data.
+
+       If you save compiled patterns to a file, you can copy them to a differ-
+       ent host and run them there. If the two hosts have different endianness
+       (byte    order),    you     should     run     the     pcre[16|32]_pat-
+       tern_to_host_byte_order()  function  on  the  new host before trying to
+       match the pattern. The matching functions return  PCRE_ERROR_BADENDIAN-
+       NESS if they detect a pattern with the wrong endianness.
+
+       Compiling  regular  expressions with one version of PCRE for use with a
+       different version is not guaranteed to work and may cause crashes,  and
+       saving  and  restoring  a  compiled  pattern loses any JIT optimization
+       data.
+
+
+SAVING A COMPILED PATTERN
+
+       The value returned by pcre[16|32]_compile() points to a single block of
+       memory  that  holds  the  compiled pattern and associated data. You can
+       find   the   length   of   this   block    in    bytes    by    calling
+       pcre[16|32]_fullinfo() with an argument of PCRE_INFO_SIZE. You can then
+       save the data in any appropriate manner. Here is sample  code  for  the
+       8-bit  library  that  compiles  a  pattern  and writes it to a file. It
+       assumes that the variable fd refers to a file that is open for output:
+
+         int erroroffset, rc, size;
+         char *error;
+         pcre *re;
+
+         re = pcre_compile("my pattern", 0, &error, &erroroffset, NULL);
+         if (re == NULL) { ... handle errors ... }
+         rc = pcre_fullinfo(re, NULL, PCRE_INFO_SIZE, &size);
+         if (rc < 0) { ... handle errors ... }
+         rc = fwrite(re, 1, size, fd);
+         if (rc != size) { ... handle errors ... }
+
+       In this example, the bytes  that  comprise  the  compiled  pattern  are
+       copied  exactly.  Note that this is binary data that may contain any of
+       the 256 possible byte  values.  On  systems  that  make  a  distinction
+       between binary and non-binary data, be sure that the file is opened for
+       binary output.
+
+       If you want to write more than one pattern to a file, you will have  to
+       devise  a  way of separating them. For binary data, preceding each pat-
+       tern with its length is probably  the  most  straightforward  approach.
+       Another  possibility is to write out the data in hexadecimal instead of
+       binary, one pattern to a line.
+
+       Saving compiled patterns in a file is only one possible way of  storing
+       them  for later use. They could equally well be saved in a database, or
+       in the memory of some daemon process that passes them  via  sockets  to
+       the processes that want them.
+
+       If the pattern has been studied, it is also possible to save the normal
+       study data in a similar way to the compiled pattern itself. However, if
+       the PCRE_STUDY_JIT_COMPILE was used, the just-in-time data that is cre-
+       ated cannot be saved because it is too dependent on the  current  envi-
+       ronment.    When    studying    generates    additional    information,
+       pcre[16|32]_study() returns  a  pointer  to  a  pcre[16|32]_extra  data
+       block.  Its  format  is defined in the section on matching a pattern in
+       the pcreapi documentation. The study_data field points  to  the  binary
+       study  data,  and this is what you must save (not the pcre[16|32]_extra
+       block itself). The length of the study data can be obtained by  calling
+       pcre[16|32]_fullinfo()  with an argument of PCRE_INFO_STUDYSIZE. Remem-
+       ber to check that  pcre[16|32]_study()  did  return  a  non-NULL  value
+       before trying to save the study data.
+
+
+RE-USING A PRECOMPILED PATTERN
+
+       Re-using  a  precompiled pattern is straightforward. Having reloaded it
+       into main memory,  called  pcre[16|32]_pattern_to_host_byte_order()  if
+       necessary,    you   pass   its   pointer   to   pcre[16|32]_exec()   or
+       pcre[16|32]_dfa_exec() in the usual way.
+
+       However, if you passed a pointer to custom character  tables  when  the
+       pattern  was compiled (the tableptr argument of pcre[16|32]_compile()),
+       you  must  now  pass  a  similar  pointer  to   pcre[16|32]_exec()   or
+       pcre[16|32]_dfa_exec(),  because the value saved with the compiled pat-
+       tern will obviously be nonsense. A field in a pcre[16|32]_extra() block
+       is  used  to  pass this data, as described in the section on matching a
+       pattern in the pcreapi documentation.
+
+       Warning: The tables that pcre_exec() and pcre_dfa_exec()  use  must  be
+       the same as those that were used when the pattern was compiled. If this
+       is not the case, the behaviour is undefined.
+
+       If you did not provide custom character tables  when  the  pattern  was
+       compiled, the pointer in the compiled pattern is NULL, which causes the
+       matching functions to use PCRE's internal tables. Thus, you do not need
+       to take any special action at run time in this case.
+
+       If  you  saved study data with the compiled pattern, you need to create
+       your own pcre[16|32]_extra data block and set the study_data  field  to
+       point   to   the   reloaded   study   data.   You  must  also  set  the
+       PCRE_EXTRA_STUDY_DATA bit in the flags field  to  indicate  that  study
+       data  is present. Then pass the pcre[16|32]_extra block to the matching
+       function in the usual way. If the pattern was studied for  just-in-time
+       optimization,  that  data  cannot  be  saved,  and  so  is  lost  by  a
+       save/restore cycle.
+
+
+COMPATIBILITY WITH DIFFERENT PCRE RELEASES
+
+       In general, it is safest to  recompile  all  saved  patterns  when  you
+       update  to  a new PCRE release, though not all updates actually require
+       this.
+
+
+AUTHOR
+
+       Philip Hazel
+       University Computing Service
+       Cambridge CB2 3QH, England.
+
+
+REVISION
+
+       Last updated: 12 November 2013
+       Copyright (c) 1997-2013 University of Cambridge.
+------------------------------------------------------------------------------
+
+
+PCREPERFORM(3)             Library Functions Manual             PCREPERFORM(3)
+
+
+
+NAME
+       PCRE - Perl-compatible regular expressions
+
+PCRE PERFORMANCE
+
+       Two  aspects  of performance are discussed below: memory usage and pro-
+       cessing time. The way you express your pattern as a regular  expression
+       can affect both of them.
+
+
+COMPILED PATTERN MEMORY USAGE
+
+       Patterns  are compiled by PCRE into a reasonably efficient interpretive
+       code, so that most simple patterns do not  use  much  memory.  However,
+       there  is  one case where the memory usage of a compiled pattern can be
+       unexpectedly large. If a parenthesized subpattern has a quantifier with
+       a minimum greater than 1 and/or a limited maximum, the whole subpattern
+       is repeated in the compiled code. For example, the pattern
+
+         (abc|def){2,4}
+
+       is compiled as if it were
+
+         (abc|def)(abc|def)((abc|def)(abc|def)?)?
+
+       (Technical aside: It is done this way so that backtrack  points  within
+       each of the repetitions can be independently maintained.)
+
+       For  regular expressions whose quantifiers use only small numbers, this
+       is not usually a problem. However, if the numbers are large,  and  par-
+       ticularly  if  such repetitions are nested, the memory usage can become
+       an embarrassment. For example, the very simple pattern
+
+         ((ab){1,1000}c){1,3}
+
+       uses 51K bytes when compiled using the 8-bit library. When PCRE is com-
+       piled  with  its  default  internal pointer size of two bytes, the size
+       limit on a compiled pattern is 64K data units, and this is reached with
+       the  above  pattern  if  the outer repetition is increased from 3 to 4.
+       PCRE can be compiled to use larger internal pointers  and  thus  handle
+       larger  compiled patterns, but it is better to try to rewrite your pat-
+       tern to use less memory if you can.
+
+       One way of reducing the memory usage for such patterns is to  make  use
+       of PCRE's "subroutine" facility. Re-writing the above pattern as
+
+         ((ab)(?2){0,999}c)(?1){0,2}
+
+       reduces the memory requirements to 18K, and indeed it remains under 20K
+       even with the outer repetition increased to 100. However, this  pattern
+       is  not  exactly equivalent, because the "subroutine" calls are treated
+       as atomic groups into which there can be no backtracking if there is  a
+       subsequent  matching  failure.  Therefore,  PCRE cannot do this kind of
+       rewriting automatically.  Furthermore, there is a  noticeable  loss  of
+       speed  when executing the modified pattern. Nevertheless, if the atomic
+       grouping is not a problem and the loss of  speed  is  acceptable,  this
+       kind  of  rewriting will allow you to process patterns that PCRE cannot
+       otherwise handle.
+
+
+STACK USAGE AT RUN TIME
+
+       When pcre_exec() or pcre[16|32]_exec() is used  for  matching,  certain
+       kinds  of  pattern  can  cause  it  to use large amounts of the process
+       stack. In some environments the default process stack is  quite  small,
+       and  if it runs out the result is often SIGSEGV. This issue is probably
+       the most frequently raised problem with PCRE.  Rewriting  your  pattern
+       can  often  help.  The  pcrestack documentation discusses this issue in
+       detail.
+
+
+PROCESSING TIME
+
+       Certain items in regular expression patterns are processed  more  effi-
+       ciently than others. It is more efficient to use a character class like
+       [aeiou]  than  a  set  of   single-character   alternatives   such   as
+       (a|e|i|o|u).  In  general,  the simplest construction that provides the
+       required behaviour is usually the most efficient. Jeffrey Friedl's book
+       contains  a  lot  of useful general discussion about optimizing regular
+       expressions for efficient performance. This  document  contains  a  few
+       observations about PCRE.
+
+       Using  Unicode  character  properties  (the  \p, \P, and \X escapes) is
+       slow, because PCRE has to use a multi-stage table  lookup  whenever  it
+       needs  a  character's  property. If you can find an alternative pattern
+       that does not use character properties, it will probably be faster.
+
+       By default, the escape sequences \b, \d, \s,  and  \w,  and  the  POSIX
+       character  classes  such  as  [:alpha:]  do not use Unicode properties,
+       partly for backwards compatibility, and partly for performance reasons.
+       However,  you can set PCRE_UCP if you want Unicode character properties
+       to be used. This can double the matching time for  items  such  as  \d,
+       when matched with a traditional matching function; the performance loss
+       is less with a DFA matching function, and in both cases  there  is  not
+       much difference for \b.
+
+       When  a  pattern  begins  with .* not in parentheses, or in parentheses
+       that are not the subject of a backreference, and the PCRE_DOTALL option
+       is  set, the pattern is implicitly anchored by PCRE, since it can match
+       only at the start of a subject string. However, if PCRE_DOTALL  is  not
+       set,  PCRE  cannot  make this optimization, because the . metacharacter
+       does not then match a newline, and if the subject string contains  new-
+       lines,  the  pattern may match from the character immediately following
+       one of them instead of from the very start. For example, the pattern
+
+         .*second
+
+       matches the subject "first\nand second" (where \n stands for a  newline
+       character),  with the match starting at the seventh character. In order
+       to do this, PCRE has to retry the match starting after every newline in
+       the subject.
+
+       If  you  are using such a pattern with subject strings that do not con-
+       tain newlines, the best performance is obtained by setting PCRE_DOTALL,
+       or  starting  the pattern with ^.* or ^.*? to indicate explicit anchor-
+       ing. That saves PCRE from having to scan along the subject looking  for
+       a newline to restart at.
+
+       Beware  of  patterns  that contain nested indefinite repeats. These can
+       take a long time to run when applied to a string that does  not  match.
+       Consider the pattern fragment
+
+         ^(a+)*
+
+       This  can  match "aaaa" in 16 different ways, and this number increases
+       very rapidly as the string gets longer. (The * repeat can match  0,  1,
+       2,  3, or 4 times, and for each of those cases other than 0 or 4, the +
+       repeats can match different numbers of times.) When  the  remainder  of
+       the pattern is such that the entire match is going to fail, PCRE has in
+       principle to try  every  possible  variation,  and  this  can  take  an
+       extremely long time, even for relatively short strings.
+
+       An optimization catches some of the more simple cases such as
+
+         (a+)*b
+
+       where  a  literal  character  follows. Before embarking on the standard
+       matching procedure, PCRE checks that there is a "b" later in  the  sub-
+       ject  string, and if there is not, it fails the match immediately. How-
+       ever, when there is no following literal this  optimization  cannot  be
+       used. You can see the difference by comparing the behaviour of
+
+         (a+)*\d
+
+       with  the  pattern  above.  The former gives a failure almost instantly
+       when applied to a whole line of  "a"  characters,  whereas  the  latter
+       takes an appreciable time with strings longer than about 20 characters.
+
+       In many cases, the solution to this kind of performance issue is to use
+       an atomic group or a possessive quantifier.
+
+
+AUTHOR
+
+       Philip Hazel
+       University Computing Service
+       Cambridge CB2 3QH, England.
+
+
+REVISION
+
+       Last updated: 25 August 2012
+       Copyright (c) 1997-2012 University of Cambridge.
+------------------------------------------------------------------------------
+
+
+PCREPOSIX(3)               Library Functions Manual               PCREPOSIX(3)
+
+
+
+NAME
+       PCRE - Perl-compatible regular expressions.
+
+SYNOPSIS
+
+       #include <pcreposix.h>
+
+       int regcomp(regex_t *preg, const char *pattern,
+            int cflags);
+
+       int regexec(regex_t *preg, const char *string,
+            size_t nmatch, regmatch_t pmatch[], int eflags);
+            size_t regerror(int errcode, const regex_t *preg,
+            char *errbuf, size_t errbuf_size);
+
+       void regfree(regex_t *preg);
+
+
+DESCRIPTION
+
+       This  set  of functions provides a POSIX-style API for the PCRE regular
+       expression 8-bit library. See the pcreapi documentation for a  descrip-
+       tion  of  PCRE's native API, which contains much additional functional-
+       ity. There is no POSIX-style  wrapper  for  PCRE's  16-bit  and  32-bit
+       library.
+
+       The functions described here are just wrapper functions that ultimately
+       call  the  PCRE  native  API.  Their  prototypes  are  defined  in  the
+       pcreposix.h  header  file,  and  on  Unix systems the library itself is
+       called pcreposix.a, so can be accessed by  adding  -lpcreposix  to  the
+       command  for  linking  an application that uses them. Because the POSIX
+       functions call the native ones, it is also necessary to add -lpcre.
+
+       I have implemented only those POSIX option bits that can be  reasonably
+       mapped  to PCRE native options. In addition, the option REG_EXTENDED is
+       defined with the value zero. This has no  effect,  but  since  programs
+       that  are  written  to  the POSIX interface often use it, this makes it
+       easier to slot in PCRE as a replacement library.  Other  POSIX  options
+       are not even defined.
+
+       There  are also some other options that are not defined by POSIX. These
+       have been added at the request of users who want to make use of certain
+       PCRE-specific features via the POSIX calling interface.
+
+       When  PCRE  is  called  via these functions, it is only the API that is
+       POSIX-like in style. The syntax and semantics of  the  regular  expres-
+       sions  themselves  are  still  those of Perl, subject to the setting of
+       various PCRE options, as described below. "POSIX-like in  style"  means
+       that  the  API  approximates  to  the POSIX definition; it is not fully
+       POSIX-compatible, and in multi-byte encoding  domains  it  is  probably
+       even less compatible.
+
+       The  header for these functions is supplied as pcreposix.h to avoid any
+       potential clash with other POSIX  libraries.  It  can,  of  course,  be
+       renamed or aliased as regex.h, which is the "correct" name. It provides
+       two structure types, regex_t for  compiled  internal  forms,  and  reg-
+       match_t  for  returning  captured substrings. It also defines some con-
+       stants whose names start  with  "REG_";  these  are  used  for  setting
+       options and identifying error codes.
+
+
+COMPILING A PATTERN
+
+       The  function regcomp() is called to compile a pattern into an internal
+       form. The pattern is a C string terminated by a  binary  zero,  and  is
+       passed  in  the  argument  pattern. The preg argument is a pointer to a
+       regex_t structure that is used as a base for storing information  about
+       the compiled regular expression.
+
+       The argument cflags is either zero, or contains one or more of the bits
+       defined by the following macros:
+
+         REG_DOTALL
+
+       The PCRE_DOTALL option is set when the regular expression is passed for
+       compilation to the native function. Note that REG_DOTALL is not part of
+       the POSIX standard.
+
+         REG_ICASE
+
+       The PCRE_CASELESS option is set when the regular expression  is  passed
+       for compilation to the native function.
+
+         REG_NEWLINE
+
+       The  PCRE_MULTILINE option is set when the regular expression is passed
+       for compilation to the native function. Note that this does  not  mimic
+       the  defined  POSIX  behaviour  for REG_NEWLINE (see the following sec-
+       tion).
+
+         REG_NOSUB
+
+       The PCRE_NO_AUTO_CAPTURE option is set when the regular  expression  is
+       passed for compilation to the native function. In addition, when a pat-
+       tern that is compiled with this flag is passed to regexec() for  match-
+       ing,  the  nmatch  and  pmatch  arguments  are ignored, and no captured
+       strings are returned.
+
+         REG_UCP
+
+       The PCRE_UCP option is set when the regular expression  is  passed  for
+       compilation  to  the  native  function. This causes PCRE to use Unicode
+       properties when matchine \d, \w,  etc.,  instead  of  just  recognizing
+       ASCII values. Note that REG_UTF8 is not part of the POSIX standard.
+
+         REG_UNGREEDY
+
+       The  PCRE_UNGREEDY  option is set when the regular expression is passed
+       for compilation to the native function. Note that REG_UNGREEDY  is  not
+       part of the POSIX standard.
+
+         REG_UTF8
+
+       The  PCRE_UTF8  option is set when the regular expression is passed for
+       compilation to the native function. This causes the pattern itself  and
+       all  data  strings used for matching it to be treated as UTF-8 strings.
+       Note that REG_UTF8 is not part of the POSIX standard.
+
+       In the absence of these flags, no options  are  passed  to  the  native
+       function.   This  means  the  the  regex  is compiled with PCRE default
+       semantics. In particular, the way it handles newline characters in  the
+       subject  string  is  the Perl way, not the POSIX way. Note that setting
+       PCRE_MULTILINE has only some of the effects specified for  REG_NEWLINE.
+       It  does not affect the way newlines are matched by . (they are not) or
+       by a negative class such as [^a] (they are).
+
+       The yield of regcomp() is zero on success, and non-zero otherwise.  The
+       preg structure is filled in on success, and one member of the structure
+       is public: re_nsub contains the number of capturing subpatterns in  the
+       regular expression. Various error codes are defined in the header file.
+
+       NOTE:  If  the  yield of regcomp() is non-zero, you must not attempt to
+       use the contents of the preg structure. If, for example, you pass it to
+       regexec(), the result is undefined and your program is likely to crash.
+
+
+MATCHING NEWLINE CHARACTERS
+
+       This area is not simple, because POSIX and Perl take different views of
+       things.  It is not possible to get PCRE to obey  POSIX  semantics,  but
+       then  PCRE was never intended to be a POSIX engine. The following table
+       lists the different possibilities for matching  newline  characters  in
+       PCRE:
+
+                                 Default   Change with
+
+         . matches newline          no     PCRE_DOTALL
+         newline matches [^a]       yes    not changeable
+         $ matches \n at end        yes    PCRE_DOLLARENDONLY
+         $ matches \n in middle     no     PCRE_MULTILINE
+         ^ matches \n in middle     no     PCRE_MULTILINE
+
+       This is the equivalent table for POSIX:
+
+                                 Default   Change with
+
+         . matches newline          yes    REG_NEWLINE
+         newline matches [^a]       yes    REG_NEWLINE
+         $ matches \n at end        no     REG_NEWLINE
+         $ matches \n in middle     no     REG_NEWLINE
+         ^ matches \n in middle     no     REG_NEWLINE
+
+       PCRE's behaviour is the same as Perl's, except that there is no equiva-
+       lent for PCRE_DOLLAR_ENDONLY in Perl. In both PCRE and Perl,  there  is
+       no way to stop newline from matching [^a].
+
+       The   default  POSIX  newline  handling  can  be  obtained  by  setting
+       PCRE_DOTALL and PCRE_DOLLAR_ENDONLY, but there is no way to  make  PCRE
+       behave exactly as for the REG_NEWLINE action.
+
+
+MATCHING A PATTERN
+
+       The  function  regexec()  is  called  to  match a compiled pattern preg
+       against a given string, which is by default terminated by a  zero  byte
+       (but  see  REG_STARTEND below), subject to the options in eflags. These
+       can be:
+
+         REG_NOTBOL
+
+       The PCRE_NOTBOL option is set when calling the underlying PCRE matching
+       function.
+
+         REG_NOTEMPTY
+
+       The PCRE_NOTEMPTY option is set when calling the underlying PCRE match-
+       ing function. Note that REG_NOTEMPTY is not part of the POSIX standard.
+       However, setting this option can give more POSIX-like behaviour in some
+       situations.
+
+         REG_NOTEOL
+
+       The PCRE_NOTEOL option is set when calling the underlying PCRE matching
+       function.
+
+         REG_STARTEND
+
+       The  string  is  considered to start at string + pmatch[0].rm_so and to
+       have a terminating NUL located at string + pmatch[0].rm_eo (there  need
+       not  actually  be  a  NUL at that location), regardless of the value of
+       nmatch. This is a BSD extension, compatible with but not  specified  by
+       IEEE  Standard  1003.2  (POSIX.2),  and  should be used with caution in
+       software intended to be portable to other systems. Note that a non-zero
+       rm_so does not imply REG_NOTBOL; REG_STARTEND affects only the location
+       of the string, not how it is matched.
+
+       If the pattern was compiled with the REG_NOSUB flag, no data about  any
+       matched  strings  is  returned.  The  nmatch  and  pmatch  arguments of
+       regexec() are ignored.
+
+       If the value of nmatch is zero, or if the value pmatch is NULL, no data
+       about any matched strings is returned.
+
+       Otherwise,the portion of the string that was matched, and also any cap-
+       tured substrings, are returned via the pmatch argument, which points to
+       an  array  of nmatch structures of type regmatch_t, containing the mem-
+       bers rm_so and rm_eo. These contain the offset to the  first  character
+       of  each  substring and the offset to the first character after the end
+       of each substring, respectively. The 0th element of the vector  relates
+       to  the  entire portion of string that was matched; subsequent elements
+       relate to the capturing subpatterns of the regular  expression.  Unused
+       entries in the array have both structure members set to -1.
+
+       A  successful  match  yields  a  zero  return;  various error codes are
+       defined in the header file, of  which  REG_NOMATCH  is  the  "expected"
+       failure code.
+
+
+ERROR MESSAGES
+
+       The regerror() function maps a non-zero errorcode from either regcomp()
+       or regexec() to a printable message. If preg is  not  NULL,  the  error
+       should have arisen from the use of that structure. A message terminated
+       by a binary zero is placed  in  errbuf.  The  length  of  the  message,
+       including  the  zero, is limited to errbuf_size. The yield of the func-
+       tion is the size of buffer needed to hold the whole message.
+
+
+MEMORY USAGE
+
+       Compiling a regular expression causes memory to be allocated and  asso-
+       ciated  with  the preg structure. The function regfree() frees all such
+       memory, after which preg may no longer be used as  a  compiled  expres-
+       sion.
+
+
+AUTHOR
+
+       Philip Hazel
+       University Computing Service
+       Cambridge CB2 3QH, England.
+
+
+REVISION
+
+       Last updated: 09 January 2012
+       Copyright (c) 1997-2012 University of Cambridge.
+------------------------------------------------------------------------------
+
+
+PCRECPP(3)                 Library Functions Manual                 PCRECPP(3)
+
+
+
+NAME
+       PCRE - Perl-compatible regular expressions.
+
+SYNOPSIS OF C++ WRAPPER
+
+       #include <pcrecpp.h>
+
+
+DESCRIPTION
+
+       The  C++  wrapper  for PCRE was provided by Google Inc. Some additional
+       functionality was added by Giuseppe Maxia. This brief man page was con-
+       structed  from  the  notes  in the pcrecpp.h file, which should be con-
+       sulted for further details. Note that the C++ wrapper supports only the
+       original  8-bit  PCRE  library. There is no 16-bit or 32-bit support at
+       present.
+
+
+MATCHING INTERFACE
+
+       The "FullMatch" operation checks that supplied text matches a  supplied
+       pattern  exactly.  If pointer arguments are supplied, it copies matched
+       sub-strings that match sub-patterns into them.
+
+         Example: successful match
+            pcrecpp::RE re("h.*o");
+            re.FullMatch("hello");
+
+         Example: unsuccessful match (requires full match):
+            pcrecpp::RE re("e");
+            !re.FullMatch("hello");
+
+         Example: creating a temporary RE object:
+            pcrecpp::RE("h.*o").FullMatch("hello");
+
+       You can pass in a "const char*" or a "string" for "text". The  examples
+       below  tend to use a const char*. You can, as in the different examples
+       above, store the RE object explicitly in a variable or use a  temporary
+       RE  object.  The  examples below use one mode or the other arbitrarily.
+       Either could correctly be used for any of these examples.
+
+       You must supply extra pointer arguments to extract matched subpieces.
+
+         Example: extracts "ruby" into "s" and 1234 into "i"
+            int i;
+            string s;
+            pcrecpp::RE re("(\\w+):(\\d+)");
+            re.FullMatch("ruby:1234", &s, &i);
+
+         Example: does not try to extract any extra sub-patterns
+            re.FullMatch("ruby:1234", &s);
+
+         Example: does not try to extract into NULL
+            re.FullMatch("ruby:1234", NULL, &i);
+
+         Example: integer overflow causes failure
+            !re.FullMatch("ruby:1234567891234", NULL, &i);
+
+         Example: fails because there aren't enough sub-patterns:
+            !pcrecpp::RE("\\w+:\\d+").FullMatch("ruby:1234", &s);
+
+         Example: fails because string cannot be stored in integer
+            !pcrecpp::RE("(.*)").FullMatch("ruby", &i);
+
+       The provided pointer arguments can be pointers to  any  scalar  numeric
+       type, or one of:
+
+          string        (matched piece is copied to string)
+          StringPiece   (StringPiece is mutated to point to matched piece)
+          T             (where "bool T::ParseFrom(const char*, int)" exists)
+          NULL          (the corresponding matched sub-pattern is not copied)
+
+       The  function returns true iff all of the following conditions are sat-
+       isfied:
+
+         a. "text" matches "pattern" exactly;
+
+         b. The number of matched sub-patterns is >= number of supplied
+            pointers;
+
+         c. The "i"th argument has a suitable type for holding the
+            string captured as the "i"th sub-pattern. If you pass in
+            void * NULL for the "i"th argument, or a non-void * NULL
+            of the correct type, or pass fewer arguments than the
+            number of sub-patterns, "i"th captured sub-pattern is
+            ignored.
+
+       CAVEAT: An optional sub-pattern that does  not  exist  in  the  matched
+       string  is  assigned  the  empty  string. Therefore, the following will
+       return false (because the empty string is not a valid number):
+
+          int number;
+          pcrecpp::RE::FullMatch("abc", "[a-z]+(\\d+)?", &number);
+
+       The matching interface supports at most 16 arguments per call.  If  you
+       need    more,    consider    using    the    more   general   interface
+       pcrecpp::RE::DoMatch. See pcrecpp.h for the signature for DoMatch.
+
+       NOTE: Do not use no_arg, which is used internally to mark the end of  a
+       list  of optional arguments, as a placeholder for missing arguments, as
+       this can lead to segfaults.
+
+
+QUOTING METACHARACTERS
+
+       You can use the "QuoteMeta" operation to insert backslashes before  all
+       potentially  meaningful  characters  in  a string. The returned string,
+       used as a regular expression, will exactly match the original string.
+
+         Example:
+            string quoted = RE::QuoteMeta(unquoted);
+
+       Note that it's legal to escape a character even if it  has  no  special
+       meaning  in  a  regular expression -- so this function does that. (This
+       also makes it identical to the perl function  of  the  same  name;  see
+       "perldoc    -f    quotemeta".)    For   example,   "1.5-2.0?"   becomes
+       "1\.5\-2\.0\?".
+
+
+PARTIAL MATCHES
+
+       You can use the "PartialMatch" operation when you want the  pattern  to
+       match any substring of the text.
+
+         Example: simple search for a string:
+            pcrecpp::RE("ell").PartialMatch("hello");
+
+         Example: find first number in a string:
+            int number;
+            pcrecpp::RE re("(\\d+)");
+            re.PartialMatch("x*100 + 20", &number);
+            assert(number == 100);
+
+
+UTF-8 AND THE MATCHING INTERFACE
+
+       By  default,  pattern  and text are plain text, one byte per character.
+       The UTF8 flag, passed to  the  constructor,  causes  both  pattern  and
+       string to be treated as UTF-8 text, still a byte stream but potentially
+       multiple bytes per character. In practice, the text is likelier  to  be
+       UTF-8  than  the pattern, but the match returned may depend on the UTF8
+       flag, so always use it when matching UTF8 text. For example,  "."  will
+       match  one  byte normally but with UTF8 set may match up to three bytes
+       of a multi-byte character.
+
+         Example:
+            pcrecpp::RE_Options options;
+            options.set_utf8();
+            pcrecpp::RE re(utf8_pattern, options);
+            re.FullMatch(utf8_string);
+
+         Example: using the convenience function UTF8():
+            pcrecpp::RE re(utf8_pattern, pcrecpp::UTF8());
+            re.FullMatch(utf8_string);
+
+       NOTE: The UTF8 flag is ignored if pcre was not configured with the
+             --enable-utf8 flag.
+
+
+PASSING MODIFIERS TO THE REGULAR EXPRESSION ENGINE
+
+       PCRE defines some modifiers to  change  the  behavior  of  the  regular
+       expression   engine.  The  C++  wrapper  defines  an  auxiliary  class,
+       RE_Options, as a vehicle to pass such modifiers to  a  RE  class.  Cur-
+       rently, the following modifiers are supported:
+
+          modifier              description               Perl corresponding
+
+          PCRE_CASELESS         case insensitive match      /i
+          PCRE_MULTILINE        multiple lines match        /m
+          PCRE_DOTALL           dot matches newlines        /s
+          PCRE_DOLLAR_ENDONLY   $ matches only at end       N/A
+          PCRE_EXTRA            strict escape parsing       N/A
+          PCRE_EXTENDED         ignore white spaces         /x
+          PCRE_UTF8             handles UTF8 chars          built-in
+          PCRE_UNGREEDY         reverses * and *?           N/A
+          PCRE_NO_AUTO_CAPTURE  disables capturing parens   N/A (*)
+
+       (*)  Both Perl and PCRE allow non capturing parentheses by means of the
+       "?:" modifier within the pattern itself. e.g. (?:ab|cd) does  not  cap-
+       ture, while (ab|cd) does.
+
+       For  a  full  account on how each modifier works, please check the PCRE
+       API reference page.
+
+       For each modifier, there are two member functions whose  name  is  made
+       out  of  the  modifier  in  lowercase,  without the "PCRE_" prefix. For
+       instance, PCRE_CASELESS is handled by
+
+         bool caseless()
+
+       which returns true if the modifier is set, and
+
+         RE_Options & set_caseless(bool)
+
+       which sets or unsets the modifier. Moreover, PCRE_EXTRA_MATCH_LIMIT can
+       be  accessed  through  the  set_match_limit()  and match_limit() member
+       functions. Setting match_limit to a non-zero value will limit the  exe-
+       cution  of pcre to keep it from doing bad things like blowing the stack
+       or taking an eternity to return a result.  A  value  of  5000  is  good
+       enough  to stop stack blowup in a 2MB thread stack. Setting match_limit
+       to  zero  disables  match  limiting.  Alternatively,   you   can   call
+       match_limit_recursion()  which uses PCRE_EXTRA_MATCH_LIMIT_RECURSION to
+       limit how much  PCRE  recurses.  match_limit()  limits  the  number  of
+       matches PCRE does; match_limit_recursion() limits the depth of internal
+       recursion, and therefore the amount of stack that is used.
+
+       Normally, to pass one or more modifiers to a RE class,  you  declare  a
+       RE_Options object, set the appropriate options, and pass this object to
+       a RE constructor. Example:
+
+          RE_Options opt;
+          opt.set_caseless(true);
+          if (RE("HELLO", opt).PartialMatch("hello world")) ...
+
+       RE_options has two constructors. The default constructor takes no argu-
+       ments  and creates a set of flags that are off by default. The optional
+       parameter option_flags is to facilitate transfer of legacy code from  C
+       programs.  This lets you do
+
+          RE(pattern,
+            RE_Options(PCRE_CASELESS|PCRE_MULTILINE)).PartialMatch(str);
+
+       However, new code is better off doing
+
+          RE(pattern,
+            RE_Options().set_caseless(true).set_multiline(true))
+              .PartialMatch(str);
+
+       If you are going to pass one of the most used modifiers, there are some
+       convenience functions that return a RE_Options class with the appropri-
+       ate  modifier  already  set: CASELESS(), UTF8(), MULTILINE(), DOTALL(),
+       and EXTENDED().
+
+       If you need to set several options at once, and you don't  want  to  go
+       through  the pains of declaring a RE_Options object and setting several
+       options, there is a parallel method that give you such ability  on  the
+       fly.  You  can  concatenate several set_xxxxx() member functions, since
+       each of them returns a reference to its class object. For  example,  to
+       pass  PCRE_CASELESS, PCRE_EXTENDED, and PCRE_MULTILINE to a RE with one
+       statement, you may write:
+
+          RE(" ^ xyz \\s+ .* blah$",
+            RE_Options()
+              .set_caseless(true)
+              .set_extended(true)
+              .set_multiline(true)).PartialMatch(sometext);
+
+
+SCANNING TEXT INCREMENTALLY
+
+       The "Consume" operation may be useful if you want to  repeatedly  match
+       regular expressions at the front of a string and skip over them as they
+       match. This requires use of the "StringPiece" type, which represents  a
+       sub-range  of  a  real  string.  Like RE, StringPiece is defined in the
+       pcrecpp namespace.
+
+         Example: read lines of the form "var = value" from a string.
+            string contents = ...;                 // Fill string somehow
+            pcrecpp::StringPiece input(contents);  // Wrap in a StringPiece
+
+            string var;
+            int value;
+            pcrecpp::RE re("(\\w+) = (\\d+)\n");
+            while (re.Consume(&input, &var, &value)) {
+              ...;
+            }
+
+       Each successful call  to  "Consume"  will  set  "var/value",  and  also
+       advance "input" so it points past the matched text.
+
+       The  "FindAndConsume"  operation  is  similar to "Consume" but does not
+       anchor your match at the beginning of  the  string.  For  example,  you
+       could extract all words from a string by repeatedly calling
+
+         pcrecpp::RE("(\\w+)").FindAndConsume(&input, &word)
+
+
+PARSING HEX/OCTAL/C-RADIX NUMBERS
+
+       By default, if you pass a pointer to a numeric value, the corresponding
+       text is interpreted as a base-10  number.  You  can  instead  wrap  the
+       pointer with a call to one of the operators Hex(), Octal(), or CRadix()
+       to interpret the text in another base. The CRadix  operator  interprets
+       C-style  "0"  (base-8)  and  "0x"  (base-16)  prefixes, but defaults to
+       base-10.
+
+         Example:
+           int a, b, c, d;
+           pcrecpp::RE re("(.*) (.*) (.*) (.*)");
+           re.FullMatch("100 40 0100 0x40",
+                        pcrecpp::Octal(&a), pcrecpp::Hex(&b),
+                        pcrecpp::CRadix(&c), pcrecpp::CRadix(&d));
+
+       will leave 64 in a, b, c, and d.
+
+
+REPLACING PARTS OF STRINGS
+
+       You can replace the first match of "pattern" in "str"  with  "rewrite".
+       Within  "rewrite",  backslash-escaped  digits (\1 to \9) can be used to
+       insert text matching corresponding parenthesized group  from  the  pat-
+       tern. \0 in "rewrite" refers to the entire matching text. For example:
+
+         string s = "yabba dabba doo";
+         pcrecpp::RE("b+").Replace("d", &s);
+
+       will  leave  "s" containing "yada dabba doo". The result is true if the
+       pattern matches and a replacement occurs, false otherwise.
+
+       GlobalReplace is like Replace except that it replaces  all  occurrences
+       of  the  pattern  in  the string with the rewrite. Replacements are not
+       subject to re-matching. For example:
+
+         string s = "yabba dabba doo";
+         pcrecpp::RE("b+").GlobalReplace("d", &s);
+
+       will leave "s" containing "yada dada doo". It  returns  the  number  of
+       replacements made.
+
+       Extract  is like Replace, except that if the pattern matches, "rewrite"
+       is copied into "out" (an additional argument) with substitutions.   The
+       non-matching  portions  of "text" are ignored. Returns true iff a match
+       occurred and the extraction happened successfully;  if no match occurs,
+       the string is left unaffected.
+
+
+AUTHOR
+
+       The C++ wrapper was contributed by Google Inc.
+       Copyright (c) 2007 Google Inc.
+
+
+REVISION
+
+       Last updated: 08 January 2012
+------------------------------------------------------------------------------
+
+
+PCRESAMPLE(3)              Library Functions Manual              PCRESAMPLE(3)
+
+
+
+NAME
+       PCRE - Perl-compatible regular expressions
+
+PCRE SAMPLE PROGRAM
+
+       A simple, complete demonstration program, to get you started with using
+       PCRE, is supplied in the file pcredemo.c in the  PCRE  distribution.  A
+       listing  of this program is given in the pcredemo documentation. If you
+       do not have a copy of the PCRE distribution, you can save this  listing
+       to re-create pcredemo.c.
+
+       The  demonstration program, which uses the original PCRE 8-bit library,
+       compiles the regular expression that is its first argument, and matches
+       it  against  the subject string in its second argument. No PCRE options
+       are set, and default character tables are used. If  matching  succeeds,
+       the  program  outputs the portion of the subject that matched, together
+       with the contents of any captured substrings.
+
+       If the -g option is given on the command line, the program then goes on
+       to check for further matches of the same regular expression in the same
+       subject string. The logic is a little bit tricky because of the  possi-
+       bility  of  matching an empty string. Comments in the code explain what
+       is going on.
+
+       If PCRE is installed in the standard include  and  library  directories
+       for your operating system, you should be able to compile the demonstra-
+       tion program using this command:
+
+         gcc -o pcredemo pcredemo.c -lpcre
+
+       If PCRE is installed elsewhere, you may need to add additional  options
+       to  the  command line. For example, on a Unix-like system that has PCRE
+       installed in /usr/local, you  can  compile  the  demonstration  program
+       using a command like this:
+
+         gcc -o pcredemo -I/usr/local/include pcredemo.c \
+             -L/usr/local/lib -lpcre
+
+       In  a  Windows  environment, if you want to statically link the program
+       against a non-dll pcre.a file, you must uncomment the line that defines
+       PCRE_STATIC  before  including  pcre.h, because otherwise the pcre_mal-
+       loc()   and   pcre_free()   exported   functions   will   be   declared
+       __declspec(dllimport), with unwanted results.
+
+       Once  you  have  compiled and linked the demonstration program, you can
+       run simple tests like this:
+
+         ./pcredemo 'cat|dog' 'the cat sat on the mat'
+         ./pcredemo -g 'cat|dog' 'the dog sat on the cat'
+
+       Note that there is a  much  more  comprehensive  test  program,  called
+       pcretest,  which  supports  many  more  facilities  for testing regular
+       expressions and both PCRE libraries. The pcredemo program  is  provided
+       as a simple coding example.
+
+       If  you  try to run pcredemo when PCRE is not installed in the standard
+       library directory, you may get an error like  this  on  some  operating
+       systems (e.g. Solaris):
+
+         ld.so.1:  a.out:  fatal:  libpcre.so.0:  open failed: No such file or
+       directory
+
+       This is caused by the way shared library support works  on  those  sys-
+       tems. You need to add
+
+         -R/usr/local/lib
+
+       (for example) to the compile command to get round this problem.
+
+
+AUTHOR
+
+       Philip Hazel
+       University Computing Service
+       Cambridge CB2 3QH, England.
+
+
+REVISION
+
+       Last updated: 10 January 2012
+       Copyright (c) 1997-2012 University of Cambridge.
+------------------------------------------------------------------------------
+PCRELIMITS(3)              Library Functions Manual              PCRELIMITS(3)
+
+
+
+NAME
+       PCRE - Perl-compatible regular expressions
+
+SIZE AND OTHER LIMITATIONS
+
+       There  are some size limitations in PCRE but it is hoped that they will
+       never in practice be relevant.
+
+       The maximum length of a compiled  pattern  is  approximately  64K  data
+       units  (bytes  for  the  8-bit  library,  16-bit  units  for the 16-bit
+       library, and 32-bit units for the 32-bit library) if PCRE  is  compiled
+       with  the default internal linkage size, which is 2 bytes for the 8-bit
+       and 16-bit libraries, and 4 bytes for the 32-bit library. If  you  want
+       to process regular expressions that are truly enormous, you can compile
+       PCRE with an internal linkage size of 3 or 4 (when building the  16-bit
+       or  32-bit  library,  3 is rounded up to 4). See the README file in the
+       source distribution and the pcrebuild  documentation  for  details.  In
+       these  cases  the limit is substantially larger.  However, the speed of
+       execution is slower.
+
+       All values in repeating quantifiers must be less than 65536.
+
+       There is no limit to the number of parenthesized subpatterns, but there
+       can  be  no more than 65535 capturing subpatterns. There is, however, a
+       limit to the depth of  nesting  of  parenthesized  subpatterns  of  all
+       kinds.  This  is  imposed  in order to limit the amount of system stack
+       used at compile time. The limit can be specified when  PCRE  is  built;
+       the default is 250.
+
+       There is a limit to the number of forward references to subsequent sub-
+       patterns of around 200,000.  Repeated  forward  references  with  fixed
+       upper  limits,  for example, (?2){0,100} when subpattern number 2 is to
+       the right, are included in the count. There is no limit to  the  number
+       of backward references.
+
+       The maximum length of name for a named subpattern is 32 characters, and
+       the maximum number of named subpatterns is 10000.
+
+       The maximum length of a  name  in  a  (*MARK),  (*PRUNE),  (*SKIP),  or
+       (*THEN)  verb is 255 for the 8-bit library and 65535 for the 16-bit and
+       32-bit libraries.
+
+       The maximum length of a subject string is the largest  positive  number
+       that  an integer variable can hold. However, when using the traditional
+       matching function, PCRE uses recursion to handle subpatterns and indef-
+       inite  repetition.  This means that the available stack space may limit
+       the size of a subject string that can be processed by certain patterns.
+       For a discussion of stack issues, see the pcrestack documentation.
+
+
+AUTHOR
+
+       Philip Hazel
+       University Computing Service
+       Cambridge CB2 3QH, England.
+
+
+REVISION
+
+       Last updated: 05 November 2013
+       Copyright (c) 1997-2013 University of Cambridge.
+------------------------------------------------------------------------------
+
+
+PCRESTACK(3)               Library Functions Manual               PCRESTACK(3)
+
+
+
+NAME
+       PCRE - Perl-compatible regular expressions
+
+PCRE DISCUSSION OF STACK USAGE
+
+       When  you call pcre[16|32]_exec(), it makes use of an internal function
+       called match(). This calls itself recursively at branch points  in  the
+       pattern,  in  order  to  remember the state of the match so that it can
+       back up and try a different alternative if  the  first  one  fails.  As
+       matching proceeds deeper and deeper into the tree of possibilities, the
+       recursion depth increases. The match() function is also called in other
+       circumstances,  for  example,  whenever  a parenthesized sub-pattern is
+       entered, and in certain cases of repetition.
+
+       Not all calls of match() increase the recursion depth; for an item such
+       as  a* it may be called several times at the same level, after matching
+       different numbers of a's. Furthermore, in a number of cases  where  the
+       result  of  the  recursive call would immediately be passed back as the
+       result of the current call (a "tail recursion"), the function  is  just
+       restarted instead.
+
+       The  above  comments apply when pcre[16|32]_exec() is run in its normal
+       interpretive  manner.   If   the   pattern   was   studied   with   the
+       PCRE_STUDY_JIT_COMPILE  option, and just-in-time compiling was success-
+       ful, and the options passed to pcre[16|32]_exec() were  not  incompati-
+       ble,  the  matching  process  uses the JIT-compiled code instead of the
+       match() function. In this case, the  memory  requirements  are  handled
+       entirely differently. See the pcrejit documentation for details.
+
+       The  pcre[16|32]_dfa_exec()  function operates in an entirely different
+       way, and uses recursion only when there is a regular expression  recur-
+       sion or subroutine call in the pattern. This includes the processing of
+       assertion and "once-only" subpatterns, which are handled  like  subrou-
+       tine  calls.  Normally, these are never very deep, and the limit on the
+       complexity of pcre[16|32]_dfa_exec() is controlled  by  the  amount  of
+       workspace  it is given.  However, it is possible to write patterns with
+       runaway    infinite    recursions;    such    patterns    will    cause
+       pcre[16|32]_dfa_exec()  to  run  out  of stack. At present, there is no
+       protection against this.
+
+       The comments that follow do NOT apply to  pcre[16|32]_dfa_exec();  they
+       are relevant only for pcre[16|32]_exec() without the JIT optimization.
+
+   Reducing pcre[16|32]_exec()'s stack usage
+
+       Each  time  that match() is actually called recursively, it uses memory
+       from the process stack. For certain kinds of  pattern  and  data,  very
+       large  amounts of stack may be needed, despite the recognition of "tail
+       recursion".  You can often reduce the amount of recursion,  and  there-
+       fore  the  amount of stack used, by modifying the pattern that is being
+       matched. Consider, for example, this pattern:
+
+         ([^<]|<(?!inet))+
+
+       It matches from wherever it starts until it encounters "<inet"  or  the
+       end  of  the  data,  and is the kind of pattern that might be used when
+       processing an XML file. Each iteration of the outer parentheses matches
+       either  one  character that is not "<" or a "<" that is not followed by
+       "inet". However, each time a  parenthesis  is  processed,  a  recursion
+       occurs, so this formulation uses a stack frame for each matched charac-
+       ter. For a long string, a lot of stack is required. Consider  now  this
+       rewritten pattern, which matches exactly the same strings:
+
+         ([^<]++|<(?!inet))+
+
+       This  uses very much less stack, because runs of characters that do not
+       contain "<" are "swallowed" in one item inside the parentheses.  Recur-
+       sion  happens  only when a "<" character that is not followed by "inet"
+       is encountered (and we assume this is relatively  rare).  A  possessive
+       quantifier  is  used  to stop any backtracking into the runs of non-"<"
+       characters, but that is not related to stack usage.
+
+       This example shows that one way of avoiding stack problems when  match-
+       ing long subject strings is to write repeated parenthesized subpatterns
+       to match more than one character whenever possible.
+
+   Compiling PCRE to use heap instead of stack for pcre[16|32]_exec()
+
+       In environments where stack memory is constrained, you  might  want  to
+       compile  PCRE to use heap memory instead of stack for remembering back-
+       up points when pcre[16|32]_exec() is running. This makes it run  a  lot
+       more slowly, however.  Details of how to do this are given in the pcre-
+       build documentation. When built in  this  way,  instead  of  using  the
+       stack,  PCRE obtains and frees memory by calling the functions that are
+       pointed to by the pcre[16|32]_stack_malloc  and  pcre[16|32]_stack_free
+       variables.  By default, these point to malloc() and free(), but you can
+       replace the pointers to cause PCRE to use your own functions. Since the
+       block sizes are always the same, and are always freed in reverse order,
+       it may be possible to implement customized  memory  handlers  that  are
+       more efficient than the standard functions.
+
+   Limiting pcre[16|32]_exec()'s stack usage
+
+       You  can set limits on the number of times that match() is called, both
+       in total and recursively. If a limit  is  exceeded,  pcre[16|32]_exec()
+       returns  an  error code. Setting suitable limits should prevent it from
+       running out of stack. The default values of the limits are very  large,
+       and  unlikely  ever to operate. They can be changed when PCRE is built,
+       and they can also be set when pcre[16|32]_exec() is called. For details
+       of these interfaces, see the pcrebuild documentation and the section on
+       extra data for pcre[16|32]_exec() in the pcreapi documentation.
+
+       As a very rough rule of thumb, you should reckon on about 500 bytes per
+       recursion.  Thus,  if  you  want  to limit your stack usage to 8Mb, you
+       should set the limit at 16000 recursions. A 64Mb stack,  on  the  other
+       hand, can support around 128000 recursions.
+
+       In Unix-like environments, the pcretest test program has a command line
+       option (-S) that can be used to increase the size of its stack. As long
+       as  the  stack is large enough, another option (-M) can be used to find
+       the smallest limits that allow a particular pattern to  match  a  given
+       subject  string.  This is done by calling pcre[16|32]_exec() repeatedly
+       with different limits.
+
+   Obtaining an estimate of stack usage
+
+       The actual amount of stack used per recursion can  vary  quite  a  lot,
+       depending on the compiler that was used to build PCRE and the optimiza-
+       tion or debugging options that were set for it. The rule of thumb value
+       of  500  bytes  mentioned  above  may be larger or smaller than what is
+       actually needed. A better approximation can be obtained by running this
+       command:
+
+         pcretest -m -C
+
+       The  -C  option causes pcretest to output information about the options
+       with which PCRE was compiled. When -m is also given (before -C), infor-
+       mation about stack use is given in a line like this:
+
+         Match recursion uses stack: approximate frame size = 640 bytes
+
+       The value is approximate because some recursions need a bit more (up to
+       perhaps 16 more bytes).
+
+       If the above command is given when PCRE is compiled  to  use  the  heap
+       instead  of  the  stack  for recursion, the value that is output is the
+       size of each block that is obtained from the heap.
+
+   Changing stack size in Unix-like systems
+
+       In Unix-like environments, there is not often a problem with the  stack
+       unless  very  long  strings  are  involved, though the default limit on
+       stack size varies from system to system. Values from 8Mb  to  64Mb  are
+       common. You can find your default limit by running the command:
+
+         ulimit -s
+
+       Unfortunately,  the  effect  of  running out of stack is often SIGSEGV,
+       though sometimes a more explicit error message is given. You  can  nor-
+       mally increase the limit on stack size by code such as this:
+
+         struct rlimit rlim;
+         getrlimit(RLIMIT_STACK, &rlim);
+         rlim.rlim_cur = 100*1024*1024;
+         setrlimit(RLIMIT_STACK, &rlim);
+
+       This  reads  the current limits (soft and hard) using getrlimit(), then
+       attempts to increase the soft limit to  100Mb  using  setrlimit().  You
+       must do this before calling pcre[16|32]_exec().
+
+   Changing stack size in Mac OS X
+
+       Using setrlimit(), as described above, should also work on Mac OS X. It
+       is also possible to set a stack size when linking a program. There is a
+       discussion   about   stack  sizes  in  Mac  OS  X  at  this  web  site:
+       http://developer.apple.com/qa/qa2005/qa1419.html.
+
+
+AUTHOR
+
+       Philip Hazel
+       University Computing Service
+       Cambridge CB2 3QH, England.
+
+
+REVISION
+
+       Last updated: 24 June 2012
+       Copyright (c) 1997-2012 University of Cambridge.
+------------------------------------------------------------------------------
+
+
diff --git a/client/3rd/ShadowSocks/ShadowSocks/pcre/armv7/share/doc/pcre/pcregrep.txt b/client/3rd/ShadowSocks/ShadowSocks/pcre/armv7/share/doc/pcre/pcregrep.txt
new file mode 100644
index 00000000..97d9a7bd
--- /dev/null
+++ b/client/3rd/ShadowSocks/ShadowSocks/pcre/armv7/share/doc/pcre/pcregrep.txt
@@ -0,0 +1,741 @@
+PCREGREP(1)                 General Commands Manual                PCREGREP(1)
+
+
+
+NAME
+       pcregrep - a grep with Perl-compatible regular expressions.
+
+SYNOPSIS
+       pcregrep [options] [long options] [pattern] [path1 path2 ...]
+
+
+DESCRIPTION
+
+       pcregrep  searches  files  for  character  patterns, in the same way as
+       other grep commands do, but it uses the PCRE regular expression library
+       to support patterns that are compatible with the regular expressions of
+       Perl 5. See pcresyntax(3) for a quick-reference summary of pattern syn-
+       tax,  or pcrepattern(3) for a full description of the syntax and seman-
+       tics of the regular expressions that PCRE supports.
+
+       Patterns, whether supplied on the command line or in a  separate  file,
+       are given without delimiters. For example:
+
+         pcregrep Thursday /etc/motd
+
+       If you attempt to use delimiters (for example, by surrounding a pattern
+       with slashes, as is common in Perl scripts), they  are  interpreted  as
+       part  of  the pattern. Quotes can of course be used to delimit patterns
+       on the command line because they are  interpreted  by  the  shell,  and
+       indeed  quotes  are required if a pattern contains white space or shell
+       metacharacters.
+
+       The first argument that follows any option settings is treated  as  the
+       single  pattern  to be matched when neither -e nor -f is present.  Con-
+       versely, when one or both of these options are  used  to  specify  pat-
+       terns, all arguments are treated as path names. At least one of -e, -f,
+       or an argument pattern must be provided.
+
+       If no files are specified, pcregrep reads the standard input. The stan-
+       dard  input  can  also  be  referenced by a name consisting of a single
+       hyphen.  For example:
+
+         pcregrep some-pattern /file1 - /file3
+
+       By default, each line that matches a pattern is copied to the  standard
+       output,  and if there is more than one file, the file name is output at
+       the start of each line, followed by a colon. However, there are options
+       that  can  change  how  pcregrep  behaves. In particular, the -M option
+       makes it possible to search for patterns  that  span  line  boundaries.
+       What  defines  a  line  boundary  is  controlled  by the -N (--newline)
+       option.
+
+       The amount of memory used for buffering files that are being scanned is
+       controlled  by a parameter that can be set by the --buffer-size option.
+       The default value for this parameter  is  specified  when  pcregrep  is
+       built,  with  the  default  default  being 20K. A block of memory three
+       times this size is used (to allow for buffering  "before"  and  "after"
+       lines). An error occurs if a line overflows the buffer.
+
+       Patterns  can  be  no  longer than 8K or BUFSIZ bytes, whichever is the
+       greater.  BUFSIZ is defined in <stdio.h>. When there is more  than  one
+       pattern (specified by the use of -e and/or -f), each pattern is applied
+       to each line in the order in which they are defined,  except  that  all
+       the -e patterns are tried before the -f patterns.
+
+       By  default, as soon as one pattern matches a line, no further patterns
+       are considered. However, if --colour (or --color) is used to colour the
+       matching  substrings, or if --only-matching, --file-offsets, or --line-
+       offsets is used to output only  the  part  of  the  line  that  matched
+       (either shown literally, or as an offset), scanning resumes immediately
+       following the match, so that further matches on the same  line  can  be
+       found.  If  there  are  multiple  patterns,  they  are all tried on the
+       remainder of the line, but patterns that follow the  one  that  matched
+       are not tried on the earlier part of the line.
+
+       This  behaviour  means  that  the  order in which multiple patterns are
+       specified can affect the output when one of the above options is  used.
+       This  is no longer the same behaviour as GNU grep, which now manages to
+       display earlier matches for later patterns (as  long  as  there  is  no
+       overlap).
+
+       Patterns  that can match an empty string are accepted, but empty string
+       matches   are   never   recognized.   An   example   is   the   pattern
+       "(super)?(man)?",  in  which  all components are optional. This pattern
+       finds all occurrences of both "super" and  "man";  the  output  differs
+       from  matching  with  "super|man" when only the matching substrings are
+       being shown.
+
+       If the LC_ALL or LC_CTYPE environment variable is  set,  pcregrep  uses
+       the  value to set a locale when calling the PCRE library.  The --locale
+       option can be used to override this.
+
+
+SUPPORT FOR COMPRESSED FILES
+
+       It is possible to compile pcregrep so that it uses libz  or  libbz2  to
+       read  files  whose names end in .gz or .bz2, respectively. You can find
+       out whether your binary has support for one or both of these file types
+       by running it with the --help option. If the appropriate support is not
+       present, files are treated as plain text. The standard input is  always
+       so treated.
+
+
+BINARY FILES
+
+       By  default,  a  file that contains a binary zero byte within the first
+       1024 bytes is identified as a binary file, and is processed  specially.
+       (GNU  grep  also  identifies  binary  files  in  this  manner.) See the
+       --binary-files option for a means of changing the way binary files  are
+       handled.
+
+
+OPTIONS
+
+       The  order  in  which some of the options appear can affect the output.
+       For example, both the -h and -l options affect  the  printing  of  file
+       names.  Whichever  comes later in the command line will be the one that
+       takes effect. Similarly, except where noted  below,  if  an  option  is
+       given  twice,  the  later setting is used. Numerical values for options
+       may be followed by K  or  M,  to  signify  multiplication  by  1024  or
+       1024*1024 respectively.
+
+       --        This terminates the list of options. It is useful if the next
+                 item on the command line starts with a hyphen but is  not  an
+                 option.  This allows for the processing of patterns and file-
+                 names that start with hyphens.
+
+       -A number, --after-context=number
+                 Output number lines of context after each matching  line.  If
+                 filenames and/or line numbers are being output, a hyphen sep-
+                 arator is used instead of a colon for the  context  lines.  A
+                 line  containing  "--" is output between each group of lines,
+                 unless they are in fact contiguous in  the  input  file.  The
+                 value  of number is expected to be relatively small. However,
+                 pcregrep guarantees to have up to 8K of following text avail-
+                 able for context output.
+
+       -a, --text
+                 Treat  binary  files as text. This is equivalent to --binary-
+                 files=text.
+
+       -B number, --before-context=number
+                 Output number lines of context before each matching line.  If
+                 filenames and/or line numbers are being output, a hyphen sep-
+                 arator is used instead of a colon for the  context  lines.  A
+                 line  containing  "--" is output between each group of lines,
+                 unless they are in fact contiguous in  the  input  file.  The
+                 value  of number is expected to be relatively small. However,
+                 pcregrep guarantees to have up to 8K of preceding text avail-
+                 able for context output.
+
+       --binary-files=word
+                 Specify  how binary files are to be processed. If the word is
+                 "binary" (the default),  pattern  matching  is  performed  on
+                 binary  files,  but  the  only  output is "Binary file <name>
+                 matches" when a match succeeds. If the word is "text",  which
+                 is  equivalent  to  the -a or --text option, binary files are
+                 processed in the same way as any other file.  In  this  case,
+                 when  a  match  succeeds,  the  output may be binary garbage,
+                 which can have nasty effects if sent to a  terminal.  If  the
+                 word  is  "without-match",  which  is  equivalent  to  the -I
+                 option, binary files are  not  processed  at  all;  they  are
+                 assumed not to be of interest.
+
+       --buffer-size=number
+                 Set  the  parameter that controls how much memory is used for
+                 buffering files that are being scanned.
+
+       -C number, --context=number
+                 Output number lines of context both  before  and  after  each
+                 matching  line.  This is equivalent to setting both -A and -B
+                 to the same value.
+
+       -c, --count
+                 Do not output individual lines from the files that are  being
+                 scanned; instead output the number of lines that would other-
+                 wise have been shown. If no lines are  selected,  the  number
+                 zero  is  output.  If  several files are are being scanned, a
+                 count is output for each of them. However,  if  the  --files-
+                 with-matches  option  is  also  used,  only those files whose
+                 counts are greater than zero are listed. When -c is used, the
+                 -A, -B, and -C options are ignored.
+
+       --colour, --color
+                 If this option is given without any data, it is equivalent to
+                 "--colour=auto".  If data is required, it must  be  given  in
+                 the same shell item, separated by an equals sign.
+
+       --colour=value, --color=value
+                 This option specifies under what circumstances the parts of a
+                 line that matched a pattern should be coloured in the output.
+                 By  default,  the output is not coloured. The value (which is
+                 optional, see above) may be "never", "always", or "auto".  In
+                 the  latter case, colouring happens only if the standard out-
+                 put is connected to a terminal. More resources are used  when
+                 colouring  is enabled, because pcregrep has to search for all
+                 possible matches in a line, not just one, in order to  colour
+                 them all.
+
+                 The colour that is used can be specified by setting the envi-
+                 ronment variable PCREGREP_COLOUR or PCREGREP_COLOR. The value
+                 of this variable should be a string of two numbers, separated
+                 by a semicolon. They are copied  directly  into  the  control
+                 string  for  setting  colour  on  a  terminal,  so it is your
+                 responsibility to ensure that they make sense. If neither  of
+                 the  environment  variables  is  set,  the default is "1;31",
+                 which gives red.
+
+       -D action, --devices=action
+                 If an input path is  not  a  regular  file  or  a  directory,
+                 "action"  specifies  how  it is to be processed. Valid values
+                 are "read" (the default) or "skip" (silently skip the path).
+
+       -d action, --directories=action
+                 If an input path is a directory, "action" specifies how it is
+                 to  be  processed.   Valid  values are "read" (the default in
+                 non-Windows environments, for compatibility with  GNU  grep),
+                 "recurse"  (equivalent to the -r option), or "skip" (silently
+                 skip the path, the default in Windows environments).  In  the
+                 "read"  case,  directories  are read as if they were ordinary
+                 files. In some operating systems  the  effect  of  reading  a
+                 directory like this is an immediate end-of-file; in others it
+                 may provoke an error.
+
+       -e pattern, --regex=pattern, --regexp=pattern
+                 Specify a pattern to be matched. This option can be used mul-
+                 tiple times in order to specify several patterns. It can also
+                 be used as a way of specifying a single pattern  that  starts
+                 with  a hyphen. When -e is used, no argument pattern is taken
+                 from the command line; all  arguments  are  treated  as  file
+                 names.  There is no limit to the number of patterns. They are
+                 applied to each line in the order in which they  are  defined
+                 until one matches.
+
+                 If  -f is used with -e, the command line patterns are matched
+                 first, followed by the patterns from the file(s), independent
+                 of  the order in which these options are specified. Note that
+                 multiple use of -e is not the same as a single  pattern  with
+                 alternatives. For example, X|Y finds the first character in a
+                 line that is X or Y, whereas if the two  patterns  are  given
+                 separately,  with X first, pcregrep finds X if it is present,
+                 even if it follows Y in the line. It finds Y only if there is
+                 no  X  in  the line. This matters only if you are using -o or
+                 --colo(u)r to show the part(s) of the line that matched.
+
+       --exclude=pattern
+                 Files (but not directories) whose names match the pattern are
+                 skipped  without  being processed. This applies to all files,
+                 whether listed on the command  line,  obtained  from  --file-
+                 list, or by scanning a directory. The pattern is a PCRE regu-
+                 lar expression, and is matched against the final component of
+                 the  file  name,  not  the  entire  path.  The -F, -w, and -x
+                 options do not apply to this pattern. The option may be given
+                 any number of times in order to specify multiple patterns. If
+                 a file name matches both an --include and an  --exclude  pat-
+                 tern, it is excluded. There is no short form for this option.
+
+       --exclude-from=filename
+                 Treat  each  non-empty  line  of  the file as the data for an
+                 --exclude option. What constitutes a newline when reading the
+                 file  is the operating system's default. The --newline option
+                 has no effect on this option. This option may be  given  more
+                 than once in order to specify a number of files to read.
+
+       --exclude-dir=pattern
+                 Directories whose names match the pattern are skipped without
+                 being processed, whatever  the  setting  of  the  --recursive
+                 option.  This  applies  to all directories, whether listed on
+                 the command line, obtained from --file-list, or by scanning a
+                 parent  directory.  The pattern is a PCRE regular expression,
+                 and is matched against the final component of  the  directory
+                 name,  not the entire path. The -F, -w, and -x options do not
+                 apply to this pattern. The option may be given any number  of
+                 times  in order to specify more than one pattern. If a direc-
+                 tory matches both  --include-dir  and  --exclude-dir,  it  is
+                 excluded. There is no short form for this option.
+
+       -F, --fixed-strings
+                 Interpret  each  data-matching  pattern  as  a  list of fixed
+                 strings, separated by  newlines,  instead  of  as  a  regular
+                 expression.  What  constitutes  a newline for this purpose is
+                 controlled by the --newline option. The -w (match as a  word)
+                 and  -x (match whole line) options can be used with -F.  They
+                 apply to each of the fixed strings. A line is selected if any
+                 of the fixed strings are found in it (subject to -w or -x, if
+                 present). This option applies only to the patterns  that  are
+                 matched  against  the contents of files; it does not apply to
+                 patterns specified by  any  of  the  --include  or  --exclude
+                 options.
+
+       -f filename, --file=filename
+                 Read  patterns  from  the  file, one per line, and match them
+                 against each line of input. What constitutes a  newline  when
+                 reading  the  file  is  the  operating  system's default. The
+                 --newline option has no effect on this option. Trailing white
+                 space is removed from each line, and blank lines are ignored.
+                 An empty file contains  no  patterns  and  therefore  matches
+                 nothing. See also the comments about multiple patterns versus
+                 a single pattern with alternatives in the description  of  -e
+                 above.
+
+                 If  this  option  is  given more than once, all the specified
+                 files are read. A data line is output if any of the  patterns
+                 match  it.  A  filename  can  be given as "-" to refer to the
+                 standard input. When -f is used, patterns  specified  on  the
+                 command  line  using  -e may also be present; they are tested
+                 before the file's patterns.  However,  no  other  pattern  is
+                 taken from the command line; all arguments are treated as the
+                 names of paths to be searched.
+
+       --file-list=filename
+                 Read a list of  files  and/or  directories  that  are  to  be
+                 scanned  from  the  given  file, one per line. Trailing white
+                 space is removed from each line, and blank lines are ignored.
+                 These  paths  are processed before any that are listed on the
+                 command line. The filename can be given as "-"  to  refer  to
+                 the standard input.  If --file and --file-list are both spec-
+                 ified as "-", patterns are read first. This  is  useful  only
+                 when  the  standard  input  is a terminal, from which further
+                 lines (the list of files) can be read  after  an  end-of-file
+                 indication.  If  this option is given more than once, all the
+                 specified files are read.
+
+       --file-offsets
+                 Instead of showing lines or parts of lines that  match,  show
+                 each  match  as  an  offset  from the start of the file and a
+                 length, separated by a comma. In this  mode,  no  context  is
+                 shown.  That  is,  the -A, -B, and -C options are ignored. If
+                 there is more than one match in a line, each of them is shown
+                 separately.  This  option  is mutually exclusive with --line-
+                 offsets and --only-matching.
+
+       -H, --with-filename
+                 Force the inclusion of the filename at the  start  of  output
+                 lines  when searching a single file. By default, the filename
+                 is not shown in this case. For matching lines,  the  filename
+                 is followed by a colon; for context lines, a hyphen separator
+                 is used. If a line number is also being  output,  it  follows
+                 the file name.
+
+       -h, --no-filename
+                 Suppress  the output filenames when searching multiple files.
+                 By default, filenames  are  shown  when  multiple  files  are
+                 searched.  For  matching lines, the filename is followed by a
+                 colon; for context lines, a hyphen separator is used.   If  a
+                 line number is also being output, it follows the file name.
+
+       --help    Output  a  help  message, giving brief details of the command
+                 options and file type support, and then exit.  Anything  else
+                 on the command line is ignored.
+
+       -I        Treat  binary  files as never matching. This is equivalent to
+                 --binary-files=without-match.
+
+       -i, --ignore-case
+                 Ignore upper/lower case distinctions during comparisons.
+
+       --include=pattern
+                 If any --include patterns are specified, the only files  that
+                 are  processed  are those that match one of the patterns (and
+                 do not match an --exclude  pattern).  This  option  does  not
+                 affect  directories,  but  it  applies  to all files, whether
+                 listed on the command line, obtained from --file-list, or  by
+                 scanning  a  directory. The pattern is a PCRE regular expres-
+                 sion, and is matched against the final component of the  file
+                 name,  not the entire path. The -F, -w, and -x options do not
+                 apply to this pattern. The option may be given any number  of
+                 times.  If  a  file  name  matches  both  an --include and an
+                 --exclude pattern, it is excluded.  There is  no  short  form
+                 for this option.
+
+       --include-from=filename
+                 Treat  each  non-empty  line  of  the file as the data for an
+                 --include option. What constitutes a newline for this purpose
+                 is  the  operating system's default. The --newline option has
+                 no effect on this option. This option may be given any number
+                 of times; all the files are read.
+
+       --include-dir=pattern
+                 If  any --include-dir patterns are specified, the only direc-
+                 tories that are processed are those that  match  one  of  the
+                 patterns  (and  do  not match an --exclude-dir pattern). This
+                 applies to all directories, whether  listed  on  the  command
+                 line,  obtained  from  --file-list,  or  by scanning a parent
+                 directory. The pattern is a PCRE regular expression,  and  is
+                 matched  against  the  final component of the directory name,
+                 not the entire path. The -F, -w, and -x options do not  apply
+                 to this pattern. The option may be given any number of times.
+                 If a directory matches both --include-dir and  --exclude-dir,
+                 it is excluded. There is no short form for this option.
+
+       -L, --files-without-match
+                 Instead  of  outputting lines from the files, just output the
+                 names of the files that do not contain any lines  that  would
+                 have  been  output. Each file name is output once, on a sepa-
+                 rate line.
+
+       -l, --files-with-matches
+                 Instead of outputting lines from the files, just  output  the
+                 names of the files containing lines that would have been out-
+                 put. Each file name is  output  once,  on  a  separate  line.
+                 Searching  normally stops as soon as a matching line is found
+                 in a file. However, if the -c (count) option  is  also  used,
+                 matching  continues in order to obtain the correct count, and
+                 those files that have at least one  match  are  listed  along
+                 with their counts. Using this option with -c is a way of sup-
+                 pressing the listing of files with no matches.
+
+       --label=name
+                 This option supplies a name to be used for the standard input
+                 when file names are being output. If not supplied, "(standard
+                 input)" is used. There is no short form for this option.
+
+       --line-buffered
+                 When this option is given, input is read and  processed  line
+                 by  line,  and  the  output  is  flushed after each write. By
+                 default, input is read in large chunks, unless  pcregrep  can
+                 determine  that  it is reading from a terminal (which is cur-
+                 rently possible only in Unix-like  environments).  Output  to
+                 terminal  is  normally automatically flushed by the operating
+                 system. This option can be useful when the input or output is
+                 attached  to a pipe and you do not want pcregrep to buffer up
+                 large amounts of data. However, its use will  affect  perfor-
+                 mance, and the -M (multiline) option ceases to work.
+
+       --line-offsets
+                 Instead  of  showing lines or parts of lines that match, show
+                 each match as a line number, the offset from the start of the
+                 line,  and a length. The line number is terminated by a colon
+                 (as usual; see the -n option), and the offset and length  are
+                 separated  by  a  comma.  In  this mode, no context is shown.
+                 That is, the -A, -B, and -C options are ignored. If there  is
+                 more  than  one  match in a line, each of them is shown sepa-
+                 rately. This option is mutually exclusive with --file-offsets
+                 and --only-matching.
+
+       --locale=locale-name
+                 This  option specifies a locale to be used for pattern match-
+                 ing. It overrides the value in the LC_ALL or  LC_CTYPE  envi-
+                 ronment  variables.  If  no  locale  is  specified,  the PCRE
+                 library's default (usually the "C" locale) is used. There  is
+                 no short form for this option.
+
+       --match-limit=number
+                 Processing  some  regular  expression  patterns can require a
+                 very large amount of memory, leading in some cases to a  pro-
+                 gram  crash  if  not enough is available.  Other patterns may
+                 take a very long time to search  for  all  possible  matching
+                 strings.  The pcre_exec() function that is called by pcregrep
+                 to do the matching has two  parameters  that  can  limit  the
+                 resources that it uses.
+
+                 The   --match-limit  option  provides  a  means  of  limiting
+                 resource usage when processing patterns that are not going to
+                 match, but which have a very large number of possibilities in
+                 their search trees. The classic example  is  a  pattern  that
+                 uses  nested unlimited repeats. Internally, PCRE uses a func-
+                 tion called match()  which  it  calls  repeatedly  (sometimes
+                 recursively).  The  limit  set by --match-limit is imposed on
+                 the number of times this function is called during  a  match,
+                 which  has  the effect of limiting the amount of backtracking
+                 that can take place.
+
+                 The --recursion-limit option is similar to --match-limit, but
+                 instead of limiting the total number of times that match() is
+                 called, it limits the depth of recursive calls, which in turn
+                 limits  the  amount of memory that can be used. The recursion
+                 depth is a smaller number than the  total  number  of  calls,
+                 because not all calls to match() are recursive. This limit is
+                 of use only if it is set smaller than --match-limit.
+
+                 There are no short forms for these options. The default  set-
+                 tings  are  specified when the PCRE library is compiled, with
+                 the default default being 10 million.
+
+       -M, --multiline
+                 Allow patterns to match more than one line. When this  option
+                 is given, patterns may usefully contain literal newline char-
+                 acters and internal occurrences of ^ and  $  characters.  The
+                 output  for  a  successful match may consist of more than one
+                 line, the last of which is the one in which the match  ended.
+                 If the matched string ends with a newline sequence the output
+                 ends at the end of that line.
+
+                 When this option is set, the PCRE library is called in  "mul-
+                 tiline"  mode.   There is a limit to the number of lines that
+                 can be matched, imposed by the way that pcregrep buffers  the
+                 input  file as it scans it. However, pcregrep ensures that at
+                 least 8K characters or the rest of the document (whichever is
+                 the  shorter)  are  available for forward matching, and simi-
+                 larly the previous 8K characters (or all the previous charac-
+                 ters,  if  fewer  than 8K) are guaranteed to be available for
+                 lookbehind assertions. This option does not work  when  input
+                 is read line by line (see --line-buffered.)
+
+       -N newline-type, --newline=newline-type
+                 The  PCRE  library  supports  five  different conventions for
+                 indicating the ends of lines. They are  the  single-character
+                 sequences  CR  (carriage  return) and LF (linefeed), the two-
+                 character sequence CRLF, an "anycrlf" convention, which  rec-
+                 ognizes  any  of the preceding three types, and an "any" con-
+                 vention, in which any Unicode line ending sequence is assumed
+                 to  end a line. The Unicode sequences are the three just men-
+                 tioned, plus  VT  (vertical  tab,  U+000B),  FF  (form  feed,
+                 U+000C),   NEL  (next  line,  U+0085),  LS  (line  separator,
+                 U+2028), and PS (paragraph separator, U+2029).
+
+                 When  the  PCRE  library  is  built,  a  default  line-ending
+                 sequence   is  specified.   This  is  normally  the  standard
+                 sequence for the operating system. Unless otherwise specified
+                 by  this  option,  pcregrep  uses the library's default.  The
+                 possible values for this option are CR, LF, CRLF, ANYCRLF, or
+                 ANY.  This  makes  it  possible to use pcregrep to scan files
+                 that have come from other environments without having to mod-
+                 ify  their  line  endings.  If the data that is being scanned
+                 does not agree with the convention set by this option,  pcre-
+                 grep  may  behave in strange ways. Note that this option does
+                 not apply to files specified by the  -f,  --exclude-from,  or
+                 --include-from options, which are expected to use the operat-
+                 ing system's standard newline sequence.
+
+       -n, --line-number
+                 Precede each output line by its line number in the file, fol-
+                 lowed  by  a colon for matching lines or a hyphen for context
+                 lines. If the filename is also being output, it precedes  the
+                 line number. This option is forced if --line-offsets is used.
+
+       --no-jit  If  the  PCRE  library is built with support for just-in-time
+                 compiling (which speeds up matching), pcregrep  automatically
+                 makes use of this, unless it was explicitly disabled at build
+                 time. This option can be used to disable the use  of  JIT  at
+                 run  time. It is provided for testing and working round prob-
+                 lems.  It should never be needed in normal use.
+
+       -o, --only-matching
+                 Show only the part of the line that matched a pattern instead
+                 of  the  whole  line. In this mode, no context is shown. That
+                 is, the -A, -B, and -C options are ignored. If there is  more
+                 than  one  match in a line, each of them is shown separately.
+                 If -o is combined with -v (invert the sense of the  match  to
+                 find  non-matching  lines),  no  output is generated, but the
+                 return code is set appropriately. If the matched  portion  of
+                 the  line is empty, nothing is output unless the file name or
+                 line number are being printed, in which case they  are  shown
+                 on an otherwise empty line. This option is mutually exclusive
+                 with --file-offsets and --line-offsets.
+
+       -onumber, --only-matching=number
+                 Show only the part of the line  that  matched  the  capturing
+                 parentheses of the given number. Up to 32 capturing parenthe-
+                 ses are supported, and -o0 is equivalent to -o without a num-
+                 ber.  Because  these options can be given without an argument
+                 (see above), if an argument is present, it must be  given  in
+                 the  same  shell item, for example, -o3 or --only-matching=2.
+                 The comments given for the non-argument case above also apply
+                 to  this  case. If the specified capturing parentheses do not
+                 exist in the pattern, or were not set in the  match,  nothing
+                 is  output  unless  the  file  name  or line number are being
+                 printed.
+
+                 If this option is given multiple times,  multiple  substrings
+                 are  output, in the order the options are given. For example,
+                 -o3 -o1 -o3 causes the substrings matched by capturing paren-
+                 theses  3  and  1  and then 3 again to be output. By default,
+                 there is no separator (but see the next option).
+
+       --om-separator=text
+                 Specify a separating string for multiple occurrences  of  -o.
+                 The  default is an empty string. Separating strings are never
+                 coloured.
+
+       -q, --quiet
+                 Work quietly, that is, display nothing except error messages.
+                 The  exit  status  indicates  whether or not any matches were
+                 found.
+
+       -r, --recursive
+                 If any given path is a directory, recursively scan the  files
+                 it  contains, taking note of any --include and --exclude set-
+                 tings. By default, a directory is read as a normal  file;  in
+                 some  operating  systems this gives an immediate end-of-file.
+                 This option is a shorthand  for  setting  the  -d  option  to
+                 "recurse".
+
+       --recursion-limit=number
+                 See --match-limit above.
+
+       -s, --no-messages
+                 Suppress  error  messages  about  non-existent  or unreadable
+                 files. Such files are quietly skipped.  However,  the  return
+                 code is still 2, even if matches were found in other files.
+
+       -u, --utf-8
+                 Operate  in UTF-8 mode. This option is available only if PCRE
+                 has been compiled with UTF-8 support. All patterns (including
+                 those  for  any --exclude and --include options) and all sub-
+                 ject lines that are scanned must be valid  strings  of  UTF-8
+                 characters.
+
+       -V, --version
+                 Write the version numbers of pcregrep and the PCRE library to
+                 the standard output and then exit. Anything else on the  com-
+                 mand line is ignored.
+
+       -v, --invert-match
+                 Invert  the  sense  of  the match, so that lines which do not
+                 match any of the patterns are the ones that are found.
+
+       -w, --word-regex, --word-regexp
+                 Force the patterns to match only whole words. This is equiva-
+                 lent  to  having \b at the start and end of the pattern. This
+                 option applies only to the patterns that are matched  against
+                 the  contents  of files; it does not apply to patterns speci-
+                 fied by any of the --include or --exclude options.
+
+       -x, --line-regex, --line-regexp
+                 Force the patterns to be anchored (each must  start  matching
+                 at  the beginning of a line) and in addition, require them to
+                 match entire lines. This is equivalent  to  having  ^  and  $
+                 characters at the start and end of each alternative branch in
+                 every pattern. This option applies only to the patterns  that
+                 are  matched against the contents of files; it does not apply
+                 to patterns specified by any of the  --include  or  --exclude
+                 options.
+
+
+ENVIRONMENT VARIABLES
+
+       The  environment  variables  LC_ALL  and LC_CTYPE are examined, in that
+       order, for a locale. The first one that is set is  used.  This  can  be
+       overridden  by  the  --locale  option.  If  no  locale is set, the PCRE
+       library's default (usually the "C" locale) is used.
+
+
+NEWLINES
+
+       The -N (--newline) option allows pcregrep to scan files with  different
+       newline conventions from the default. Any parts of the input files that
+       are written to the standard output are copied identically,  with  what-
+       ever  newline sequences they have in the input. However, the setting of
+       this option does not affect the interpretation of  files  specified  by
+       the -f, --exclude-from, or --include-from options, which are assumed to
+       use the operating system's  standard  newline  sequence,  nor  does  it
+       affect  the  way in which pcregrep writes informational messages to the
+       standard error and output streams. For these it uses the string "\n" to
+       indicate  newlines,  relying on the C I/O library to convert this to an
+       appropriate sequence.
+
+
+OPTIONS COMPATIBILITY
+
+       Many of the short and long forms of pcregrep's options are the same  as
+       in  the GNU grep program. Any long option of the form --xxx-regexp (GNU
+       terminology) is also available as --xxx-regex (PCRE terminology).  How-
+       ever,  the  --file-list, --file-offsets, --include-dir, --line-offsets,
+       --locale, --match-limit, -M, --multiline, -N,  --newline,  --om-separa-
+       tor,  --recursion-limit,  -u, and --utf-8 options are specific to pcre-
+       grep, as is the use of the  --only-matching  option  with  a  capturing
+       parentheses number.
+
+       Although  most  of the common options work the same way, a few are dif-
+       ferent in pcregrep. For example, the --include option's argument  is  a
+       glob  for  GNU grep, but a regular expression for pcregrep. If both the
+       -c and -l options are given, GNU grep lists only  file  names,  without
+       counts, but pcregrep gives the counts.
+
+
+OPTIONS WITH DATA
+
+       There are four different ways in which an option with data can be spec-
+       ified.  If a short form option is used, the  data  may  follow  immedi-
+       ately, or (with one exception) in the next command line item. For exam-
+       ple:
+
+         -f/some/file
+         -f /some/file
+
+       The exception is the -o option, which may appear with or without  data.
+       Because  of this, if data is present, it must follow immediately in the
+       same item, for example -o3.
+
+       If a long form option is used, the data may appear in the same  command
+       line  item,  separated by an equals character, or (with two exceptions)
+       it may appear in the next command line item. For example:
+
+         --file=/some/file
+         --file /some/file
+
+       Note, however, that if you want to supply a file name beginning with  ~
+       as  data  in  a  shell  command,  and have the shell expand ~ to a home
+       directory, you must separate the file name from the option, because the
+       shell does not treat ~ specially unless it is at the start of an item.
+
+       The  exceptions  to the above are the --colour (or --color) and --only-
+       matching options, for which the data  is  optional.  If  one  of  these
+       options  does  have  data, it must be given in the first form, using an
+       equals character. Otherwise pcregrep will assume that it has no data.
+
+
+MATCHING ERRORS
+
+       It is possible to supply a regular expression that takes  a  very  long
+       time  to  fail  to  match certain lines. Such patterns normally involve
+       nested indefinite repeats, for example: (a+)*\d when matched against  a
+       line  of  a's  with  no  final  digit. The PCRE matching function has a
+       resource limit that causes it to abort in these circumstances. If  this
+       happens, pcregrep outputs an error message and the line that caused the
+       problem to the standard error stream. If there are more  than  20  such
+       errors, pcregrep gives up.
+
+       The  --match-limit  option  of  pcregrep can be used to set the overall
+       resource limit; there is a second option called --recursion-limit  that
+       sets  a limit on the amount of memory (usually stack) that is used (see
+       the discussion of these options above).
+
+
+DIAGNOSTICS
+
+       Exit status is 0 if any matches were found, 1 if no matches were found,
+       and  2  for syntax errors, overlong lines, non-existent or inaccessible
+       files (even if matches were found in other files) or too many  matching
+       errors. Using the -s option to suppress error messages about inaccessi-
+       ble files does not affect the return code.
+
+
+SEE ALSO
+
+       pcrepattern(3), pcresyntax(3), pcretest(1).
+
+
+AUTHOR
+
+       Philip Hazel
+       University Computing Service
+       Cambridge CB2 3QH, England.
+
+
+REVISION
+
+       Last updated: 03 April 2014
+       Copyright (c) 1997-2014 University of Cambridge.
diff --git a/client/3rd/ShadowSocks/ShadowSocks/pcre/armv7/share/doc/pcre/pcretest.txt b/client/3rd/ShadowSocks/ShadowSocks/pcre/armv7/share/doc/pcre/pcretest.txt
new file mode 100644
index 00000000..6d7305cf
--- /dev/null
+++ b/client/3rd/ShadowSocks/ShadowSocks/pcre/armv7/share/doc/pcre/pcretest.txt
@@ -0,0 +1,1091 @@
+PCRETEST(1)                 General Commands Manual                PCRETEST(1)
+
+
+
+NAME
+       pcretest - a program for testing Perl-compatible regular expressions.
+
+SYNOPSIS
+
+       pcretest [options] [input file [output file]]
+
+       pcretest  was written as a test program for the PCRE regular expression
+       library itself, but it can also be used for experimenting with  regular
+       expressions.  This document describes the features of the test program;
+       for details of the regular expressions themselves, see the  pcrepattern
+       documentation. For details of the PCRE library function calls and their
+       options, see the pcreapi , pcre16 and pcre32 documentation.
+
+       The input for pcretest is a sequence of regular expression patterns and
+       strings  to be matched, as described below. The output shows the result
+       of each match. Options on the command line  and  the  patterns  control
+       PCRE options and exactly what is output.
+
+       As  PCRE has evolved, it has acquired many different features, and as a
+       result, pcretest now has rather a lot of obscure  options  for  testing
+       every possible feature. Some of these options are specifically designed
+       for use in conjunction with the test script and  data  files  that  are
+       distributed  as  part of PCRE, and are unlikely to be of use otherwise.
+       They are all documented here, but without much justification.
+
+
+INPUT DATA FORMAT
+
+       Input to pcretest is processed line by line, either by  calling  the  C
+       library's fgets() function, or via the libreadline library (see below).
+       In Unix-like environments, fgets() treats any bytes other than  newline
+       as  data characters. However, in some Windows environments character 26
+       (hex 1A) causes an immediate end of file, and no further data is  read.
+       For  maximum  portability,  therefore,  it  is safest to use only ASCII
+       characters in pcretest input files.
+
+       The input is processed using using C's string functions,  so  must  not
+       contain  binary  zeroes, even though in Unix-like environments, fgets()
+       treats any bytes other than newline as data characters.
+
+
+PCRE's 8-BIT, 16-BIT AND 32-BIT LIBRARIES
+
+       From release 8.30, two separate PCRE libraries can be built. The origi-
+       nal  one  supports  8-bit  character  strings, whereas the newer 16-bit
+       library supports  character  strings  encoded  in  16-bit  units.  From
+       release  8.32,  a  third  library  can  be  built, supporting character
+       strings encoded in 32-bit units. The pcretest program can  be  used  to
+       test all three libraries. However, it is itself still an 8-bit program,
+       reading 8-bit input and writing 8-bit output.  When testing the  16-bit
+       or  32-bit  library, the patterns and data strings are converted to 16-
+       or 32-bit format before being passed to  the  PCRE  library  functions.
+       Results are converted to 8-bit for output.
+
+       References to functions and structures of the form pcre[16|32]_xx below
+       mean "pcre_xx when using the 8-bit library, pcre16_xx  when  using  the
+       16-bit library, or pcre32_xx when using the 32-bit library".
+
+
+COMMAND LINE OPTIONS
+
+       -8        If  both the 8-bit library has been built, this option causes
+                 the 8-bit library to be used (which is the default);  if  the
+                 8-bit  library  has  not  been  built,  this option causes an
+                 error.
+
+       -16       If both the 8-bit or the 32-bit,  and  the  16-bit  libraries
+                 have  been built, this option causes the 16-bit library to be
+                 used. If only the 16-bit library has been built, this is  the
+                 default  (so  has no effect). If only the 8-bit or the 32-bit
+                 library has been built, this option causes an error.
+
+       -32       If both the 8-bit or the 16-bit,  and  the  32-bit  libraries
+                 have  been built, this option causes the 32-bit library to be
+                 used. If only the 32-bit library has been built, this is  the
+                 default  (so  has no effect). If only the 8-bit or the 16-bit
+                 library has been built, this option causes an error.
+
+       -b        Behave as if each pattern has the /B (show byte  code)  modi-
+                 fier; the internal form is output after compilation.
+
+       -C        Output the version number of the PCRE library, and all avail-
+                 able  information  about  the  optional  features  that   are
+                 included,  and  then  exit  with  zero  exit  code. All other
+                 options are ignored.
+
+       -C option Output information about a specific build-time  option,  then
+                 exit.  This functionality is intended for use in scripts such
+                 as RunTest. The following options output the  value  and  set
+                 the exit code as indicated:
+
+                   ebcdic-nl  the code for LF (= NL) in an EBCDIC environment:
+                                0x15 or 0x25
+                                0 if used in an ASCII environment
+                                exit code is always 0
+                   linksize   the configured internal link size (2, 3, or 4)
+                                exit code is set to the link size
+                   newline    the default newline setting:
+                                CR, LF, CRLF, ANYCRLF, or ANY
+                                exit code is always 0
+                   bsr        the default setting for what \R matches:
+                                ANYCRLF or ANY
+                                exit code is always 0
+
+                 The  following  options output 1 for true or 0 for false, and
+                 set the exit code to the same value:
+
+                   ebcdic     compiled for an EBCDIC environment
+                   jit        just-in-time support is available
+                   pcre16     the 16-bit library was built
+                   pcre32     the 32-bit library was built
+                   pcre8      the 8-bit library was built
+                   ucp        Unicode property support is available
+                   utf        UTF-8 and/or UTF-16 and/or UTF-32 support
+                                is available
+
+                 If an unknown option is given, an error  message  is  output;
+                 the exit code is 0.
+
+       -d        Behave  as  if  each pattern has the /D (debug) modifier; the
+                 internal form and information about the compiled  pattern  is
+                 output after compilation; -d is equivalent to -b -i.
+
+       -dfa      Behave  as if each data line contains the \D escape sequence;
+                 this    causes    the    alternative    matching    function,
+                 pcre[16|32]_dfa_exec(),  to  be  used instead of the standard
+                 pcre[16|32]_exec() function (more detail is given below).
+
+       -help     Output a brief summary these options and then exit.
+
+       -i        Behave as if each pattern has the  /I  modifier;  information
+                 about the compiled pattern is given after compilation.
+
+       -M        Behave  as if each data line contains the \M escape sequence;
+                 this causes PCRE to  discover  the  minimum  MATCH_LIMIT  and
+                 MATCH_LIMIT_RECURSION  settings by calling pcre[16|32]_exec()
+                 repeatedly with different limits.
+
+       -m        Output the size of each compiled pattern after  it  has  been
+                 compiled.  This  is  equivalent  to adding /M to each regular
+                 expression. The size is given in bytes for both libraries.
+
+       -O        Behave as if each pattern has the /O modifier, that  is  dis-
+                 able auto-possessification for all patterns.
+
+       -o osize  Set  the number of elements in the output vector that is used
+                 when calling pcre[16|32]_exec() or pcre[16|32]_dfa_exec()  to
+                 be  osize.  The  default  value is 45, which is enough for 14
+                 capturing subexpressions for pcre[16|32]_exec() or 22 differ-
+                 ent  matches for pcre[16|32]_dfa_exec().  The vector size can
+                 be changed for individual matching calls by including  \O  in
+                 the data line (see below).
+
+       -p        Behave  as  if  each  pattern  has the /P modifier; the POSIX
+                 wrapper API is used to call PCRE. None of the  other  options
+                 has  any  effect when -p is set. This option can be used only
+                 with the 8-bit library.
+
+       -q        Do not output the version number of pcretest at the start  of
+                 execution.
+
+       -S size   On  Unix-like  systems, set the size of the run-time stack to
+                 size megabytes.
+
+       -s or -s+ Behave as if each pattern  has  the  /S  modifier;  in  other
+                 words,  force each pattern to be studied. If -s+ is used, all
+                 the JIT compile options are  passed  to  pcre[16|32]_study(),
+                 causing  just-in-time  optimization  to  be  set  up if it is
+                 available, for both full and partial matching.  Specific  JIT
+                 compile options can be selected by following -s+ with a digit
+                 in the range 1 to 7, which selects the JIT compile  modes  as
+                 follows:
+
+                   1  normal match only
+                   2  soft partial match only
+                   3  normal match and soft partial match
+                   4  hard partial match only
+                   6  soft and hard partial match
+                   7  all three modes (default)
+
+                 If  -s++  is used instead of -s+ (with or without a following
+                 digit), the text "(JIT)" is added to the  first  output  line
+                 after a match or no match when JIT-compiled code was actually
+                 used.
+
+                 Note that there are pattern options  that  can  override  -s,
+                 either specifying no studying at all, or suppressing JIT com-
+                 pilation.
+
+                 If the /I or /D option is present on  a  pattern  (requesting
+                 output  about  the  compiled  pattern), information about the
+                 result of studying is not included when  studying  is  caused
+                 only  by  -s  and neither -i nor -d is present on the command
+                 line. This behaviour means that the output  from  tests  that
+                 are  run with and without -s should be identical, except when
+                 options that output information about the actual running of a
+                 match are set.
+
+                 The  -M,  -t,  and  -tm options, which give information about
+                 resources used, are likely to produce different  output  with
+                 and  without  -s.  Output may also differ if the /C option is
+                 present on an individual pattern. This uses callouts to trace
+                 the  the  matching process, and this may be different between
+                 studied and non-studied patterns.  If  the  pattern  contains
+                 (*MARK)  items  there  may  also be differences, for the same
+                 reason. The -s command line option can be overridden for spe-
+                 cific  patterns that should never be studied (see the /S pat-
+                 tern modifier below).
+
+       -t        Run each compile, study, and match many times with  a  timer,
+                 and  output  the resulting times per compile, study, or match
+                 (in milliseconds). Do not set -m with -t,  because  you  will
+                 then get the size output a zillion times, and the timing will
+                 be distorted. You can control the number of  iterations  that
+                 are used for timing by following -t with a number (as a sepa-
+                 rate item on the command line). For example, "-t 1000"  iter-
+                 ates 1000 times.  The default is to iterate 500000 times.
+
+       -tm       This is like -t except that it times only the matching phase,
+                 not the compile or study phases.
+
+       -T -TM    These behave like -t and -tm, but in addition, at the end  of
+                 a run, the total times for all compiles, studies, and matches
+                 are output.
+
+
+DESCRIPTION
+
+       If pcretest is given two filename arguments, it reads  from  the  first
+       and writes to the second. If it is given only one filename argument, it
+       reads from that file and writes to stdout.  Otherwise,  it  reads  from
+       stdin  and  writes to stdout, and prompts for each line of input, using
+       "re>" to prompt for regular expressions, and "data>" to prompt for data
+       lines.
+
+       When  pcretest  is  built,  a  configuration option can specify that it
+       should be linked with the libreadline library. When this  is  done,  if
+       the input is from a terminal, it is read using the readline() function.
+       This provides line-editing and history facilities. The output from  the
+       -help option states whether or not readline() will be used.
+
+       The program handles any number of sets of input on a single input file.
+       Each set starts with a regular expression, and continues with any  num-
+       ber of data lines to be matched against that pattern.
+
+       Each  data line is matched separately and independently. If you want to
+       do multi-line matches, you have to use the \n escape sequence (or \r or
+       \r\n, etc., depending on the newline setting) in a single line of input
+       to encode the newline sequences. There is no limit  on  the  length  of
+       data  lines;  the  input  buffer is automatically extended if it is too
+       small.
+
+       An empty line signals the end of the data lines, at which point  a  new
+       regular  expression is read. The regular expressions are given enclosed
+       in any non-alphanumeric delimiters other than backslash, for example:
+
+         /(a|bc)x+yz/
+
+       White space before the initial delimiter is ignored. A regular  expres-
+       sion  may be continued over several input lines, in which case the new-
+       line characters are included within it. It is possible to  include  the
+       delimiter within the pattern by escaping it, for example
+
+         /abc\/def/
+
+       If  you  do  so, the escape and the delimiter form part of the pattern,
+       but since delimiters are always non-alphanumeric, this does not  affect
+       its  interpretation.   If the terminating delimiter is immediately fol-
+       lowed by a backslash, for example,
+
+         /abc/\
+
+       then a backslash is added to the end of the pattern. This  is  done  to
+       provide  a  way of testing the error condition that arises if a pattern
+       finishes with a backslash, because
+
+         /abc\/
+
+       is interpreted as the first line of a pattern that starts with  "abc/",
+       causing pcretest to read the next line as a continuation of the regular
+       expression.
+
+
+PATTERN MODIFIERS
+
+       A pattern may be followed by any number of modifiers, which are  mostly
+       single  characters,  though  some  of these can be qualified by further
+       characters.  Following Perl usage, these are referred to below as,  for
+       example,  "the  /i  modifier", even though the delimiter of the pattern
+       need not always be a slash, and no slash is  used  when  writing  modi-
+       fiers.  White  space may appear between the final pattern delimiter and
+       the first modifier, and between the modifiers  themselves.  For  refer-
+       ence,  here  is  a  complete  list of modifiers. They fall into several
+       groups that are described in detail in the following sections.
+
+         /8              set UTF mode
+         /9              set PCRE_NEVER_UTF (locks out UTF mode)
+         /?              disable UTF validity check
+         /+              show remainder of subject after match
+         /=              show all captures (not just those that are set)
+
+         /A              set PCRE_ANCHORED
+         /B              show compiled code
+         /C              set PCRE_AUTO_CALLOUT
+         /D              same as /B plus /I
+         /E              set PCRE_DOLLAR_ENDONLY
+         /F              flip byte order in compiled pattern
+         /f              set PCRE_FIRSTLINE
+         /G              find all matches (shorten string)
+         /g              find all matches (use startoffset)
+         /I              show information about pattern
+         /i              set PCRE_CASELESS
+         /J              set PCRE_DUPNAMES
+         /K              show backtracking control names
+         /L              set locale
+         /M              show compiled memory size
+         /m              set PCRE_MULTILINE
+         /N              set PCRE_NO_AUTO_CAPTURE
+         /O              set PCRE_NO_AUTO_POSSESS
+         /P              use the POSIX wrapper
+         /Q              test external stack check function
+         /S              study the pattern after compilation
+         /s              set PCRE_DOTALL
+         /T              select character tables
+         /U              set PCRE_UNGREEDY
+         /W              set PCRE_UCP
+         /X              set PCRE_EXTRA
+         /x              set PCRE_EXTENDED
+         /Y              set PCRE_NO_START_OPTIMIZE
+         /Z              don't show lengths in /B output
+
+         /<any>          set PCRE_NEWLINE_ANY
+         /<anycrlf>      set PCRE_NEWLINE_ANYCRLF
+         /<cr>           set PCRE_NEWLINE_CR
+         /<crlf>         set PCRE_NEWLINE_CRLF
+         /<lf>           set PCRE_NEWLINE_LF
+         /<bsr_anycrlf>  set PCRE_BSR_ANYCRLF
+         /<bsr_unicode>  set PCRE_BSR_UNICODE
+         /<JS>           set PCRE_JAVASCRIPT_COMPAT
+
+
+   Perl-compatible modifiers
+
+       The /i, /m, /s, and /x modifiers set the PCRE_CASELESS, PCRE_MULTILINE,
+       PCRE_DOTALL,    or    PCRE_EXTENDED    options,    respectively,   when
+       pcre[16|32]_compile() is called. These four modifier letters  have  the
+       same effect as they do in Perl. For example:
+
+         /caseless/i
+
+
+   Modifiers for other PCRE options
+
+       The  following  table  shows additional modifiers for setting PCRE com-
+       pile-time options that do not correspond to anything in Perl:
+
+         /8              PCRE_UTF8           ) when using the 8-bit
+         /?              PCRE_NO_UTF8_CHECK  )   library
+
+         /8              PCRE_UTF16          ) when using the 16-bit
+         /?              PCRE_NO_UTF16_CHECK )   library
+
+         /8              PCRE_UTF32          ) when using the 32-bit
+         /?              PCRE_NO_UTF32_CHECK )   library
+
+         /9              PCRE_NEVER_UTF
+         /A              PCRE_ANCHORED
+         /C              PCRE_AUTO_CALLOUT
+         /E              PCRE_DOLLAR_ENDONLY
+         /f              PCRE_FIRSTLINE
+         /J              PCRE_DUPNAMES
+         /N              PCRE_NO_AUTO_CAPTURE
+         /O              PCRE_NO_AUTO_POSSESS
+         /U              PCRE_UNGREEDY
+         /W              PCRE_UCP
+         /X              PCRE_EXTRA
+         /Y              PCRE_NO_START_OPTIMIZE
+         /<any>          PCRE_NEWLINE_ANY
+         /<anycrlf>      PCRE_NEWLINE_ANYCRLF
+         /<cr>           PCRE_NEWLINE_CR
+         /<crlf>         PCRE_NEWLINE_CRLF
+         /<lf>           PCRE_NEWLINE_LF
+         /<bsr_anycrlf>  PCRE_BSR_ANYCRLF
+         /<bsr_unicode>  PCRE_BSR_UNICODE
+         /<JS>           PCRE_JAVASCRIPT_COMPAT
+
+       The modifiers that are enclosed in angle brackets are  literal  strings
+       as  shown,  including the angle brackets, but the letters within can be
+       in either case.  This example sets multiline matching with CRLF as  the
+       line ending sequence:
+
+         /^abc/m<CRLF>
+
+       As  well  as  turning  on  the  PCRE_UTF8/16/32 option, the /8 modifier
+       causes all non-printing characters in  output  strings  to  be  printed
+       using the \x{hh...} notation. Otherwise, those less than 0x100 are out-
+       put in hex without the curly brackets.
+
+       Full details of the PCRE options are given in  the  pcreapi  documenta-
+       tion.
+
+   Finding all matches in a string
+
+       Searching  for  all  possible matches within each subject string can be
+       requested by the /g or /G modifier. After  finding  a  match,  PCRE  is
+       called again to search the remainder of the subject string. The differ-
+       ence between /g and /G is that the former uses the startoffset argument
+       to  pcre[16|32]_exec()  to  start  searching  at a new point within the
+       entire string (which is in effect what Perl does), whereas  the  latter
+       passes  over  a  shortened  substring.  This  makes a difference to the
+       matching process if the pattern  begins  with  a  lookbehind  assertion
+       (including \b or \B).
+
+       If  any  call  to  pcre[16|32]_exec() in a /g or /G sequence matches an
+       empty string, the next call is done with the PCRE_NOTEMPTY_ATSTART  and
+       PCRE_ANCHORED  flags  set  in  order  to search for another, non-empty,
+       match at the same point. If this second match fails, the  start  offset
+       is  advanced,  and  the  normal match is retried. This imitates the way
+       Perl handles such cases when using the /g modifier or the split() func-
+       tion.  Normally,  the start offset is advanced by one character, but if
+       the newline convention recognizes CRLF as a newline,  and  the  current
+       character is CR followed by LF, an advance of two is used.
+
+   Other modifiers
+
+       There are yet more modifiers for controlling the way pcretest operates.
+
+       The  /+ modifier requests that as well as outputting the substring that
+       matched the entire pattern, pcretest  should  in  addition  output  the
+       remainder  of  the  subject  string. This is useful for tests where the
+       subject contains multiple copies of the same substring. If the +  modi-
+       fier  appears  twice, the same action is taken for captured substrings.
+       In each case the remainder is output on the following line with a  plus
+       character  following  the  capture number. Note that this modifier must
+       not immediately follow the /S modifier because /S+ and /S++ have  other
+       meanings.
+
+       The  /=  modifier  requests  that  the values of all potential captured
+       parentheses be output after a match. By default, only those up  to  the
+       highest one actually used in the match are output (corresponding to the
+       return code from pcre[16|32]_exec()). Values in the offsets vector cor-
+       responding  to higher numbers should be set to -1, and these are output
+       as "<unset>". This modifier gives a way of checking that this  is  hap-
+       pening.
+
+       The  /B modifier is a debugging feature. It requests that pcretest out-
+       put a representation of the compiled code after  compilation.  Normally
+       this  information  contains length and offset values; however, if /Z is
+       also present, this data is replaced by spaces. This is a  special  fea-
+       ture  for  use  in the automatic test scripts; it ensures that the same
+       output is generated for different internal link sizes.
+
+       The /D modifier is a PCRE debugging feature, and is equivalent to  /BI,
+       that is, both the /B and the /I modifiers.
+
+       The  /F  modifier  causes pcretest to flip the byte order of the 2-byte
+       and 4-byte fields in the compiled pattern. This facility is for testing
+       the  feature  in PCRE that allows it to execute patterns that were com-
+       piled on a host with a different endianness. This feature is not avail-
+       able  when the POSIX interface to PCRE is being used, that is, when the
+       /P pattern modifier is specified. See also the section about saving and
+       reloading compiled patterns below.
+
+       The  /I  modifier  requests  that pcretest output information about the
+       compiled pattern (whether it is anchored, has a fixed first  character,
+       and  so  on). It does this by calling pcre[16|32]_fullinfo() after com-
+       piling a pattern. If the pattern is studied, the results  of  that  are
+       also output. In this output, the word "char" means a non-UTF character,
+       that is, the value of a single data item  (8-bit,  16-bit,  or  32-bit,
+       depending on the library that is being tested).
+
+       The  /K modifier requests pcretest to show names from backtracking con-
+       trol verbs that are  returned  from  calls  to  pcre[16|32]_exec().  It
+       causes  pcretest  to  create  a  pcre[16|32]_extra block if one has not
+       already been created by a call to pcre[16|32]_study(), and to  set  the
+       PCRE_EXTRA_MARK  flag  and  the  mark  field within it, every time that
+       pcre[16|32]_exec() is called. If  the  variable  that  the  mark  field
+       points  to  is  non-NULL  for  a  match,  non-match,  or partial match,
+       pcretest prints the string to which it points. For  a  match,  this  is
+       shown  on  a  line  by itself, tagged with "MK:". For a non-match it is
+       added to the message.
+
+       The /L modifier must be followed directly by the name of a locale,  for
+       example,
+
+         /pattern/Lfr_FR
+
+       For this reason, it must be the last modifier. The given locale is set,
+       pcre[16|32]_maketables() is called to build a set of  character  tables
+       for  the  locale, and this is then passed to pcre[16|32]_compile() when
+       compiling the regular expression. Without an /L (or /T) modifier,  NULL
+       is  passed  as  the  tables  pointer;  that  is, /L applies only to the
+       expression on which it appears.
+
+       The /M modifier causes the size in bytes of the memory  block  used  to
+       hold  the compiled pattern to be output. This does not include the size
+       of the pcre[16|32] block; it is just the actual compiled data.  If  the
+       pattern is successfully studied with the PCRE_STUDY_JIT_COMPILE option,
+       the size of the JIT compiled code is also output.
+
+       The /Q modifier is used to test the use of pcre_stack_guard. It must be
+       followed  by '0' or '1', specifying the return code to be given from an
+       external function that is passed to PCRE and used  for  stack  checking
+       during compilation (see the pcreapi documentation for details).
+
+       The  /S  modifier  causes  pcre[16|32]_study()  to  be called after the
+       expression has been compiled, and the results used when the  expression
+       is matched. There are a number of qualifying characters that may follow
+       /S.  They may appear in any order.
+
+       If /S is followed by an exclamation mark, pcre[16|32]_study() is called
+       with  the PCRE_STUDY_EXTRA_NEEDED option, causing it always to return a
+       pcre_extra block, even when studying discovers no useful information.
+
+       If /S is followed by a second S character, it suppresses studying, even
+       if  it  was  requested  externally  by the -s command line option. This
+       makes it possible to specify that certain patterns are always  studied,
+       and others are never studied, independently of -s. This feature is used
+       in the test files in a few cases where the output is different when the
+       pattern is studied.
+
+       If  the  /S  modifier  is  followed  by  a  +  character,  the  call to
+       pcre[16|32]_study() is made with all the JIT study options,  requesting
+       just-in-time  optimization  support if it is available, for both normal
+       and partial matching. If you want to restrict the JIT compiling  modes,
+       you can follow /S+ with a digit in the range 1 to 7:
+
+         1  normal match only
+         2  soft partial match only
+         3  normal match and soft partial match
+         4  hard partial match only
+         6  soft and hard partial match
+         7  all three modes (default)
+
+       If /S++ is used instead of /S+ (with or without a following digit), the
+       text "(JIT)" is added to the first output line  after  a  match  or  no
+       match when JIT-compiled code was actually used.
+
+       Note  that  there  is  also  an independent /+ modifier; it must not be
+       given immediately after /S or /S+ because this will be misinterpreted.
+
+       If JIT studying is successful, the compiled JIT code will automatically
+       be  used  when pcre[16|32]_exec() is run, except when incompatible run-
+       time options are specified. For more details, see the pcrejit  documen-
+       tation.  See also the \J escape sequence below for a way of setting the
+       size of the JIT stack.
+
+       Finally, if /S is followed by a minus  character,  JIT  compilation  is
+       suppressed,  even if it was requested externally by the -s command line
+       option. This makes it possible to specify that JIT is never to be  used
+       for certain patterns.
+
+       The  /T  modifier  must be followed by a single digit. It causes a spe-
+       cific set of built-in character tables to be passed to pcre[16|32]_com-
+       pile().  It  is used in the standard PCRE tests to check behaviour with
+       different character tables. The digit specifies the tables as follows:
+
+         0   the default ASCII tables, as distributed in
+               pcre_chartables.c.dist
+         1   a set of tables defining ISO 8859 characters
+
+       In table 1, some characters whose codes are greater than 128 are  iden-
+       tified as letters, digits, spaces, etc.
+
+   Using the POSIX wrapper API
+
+       The  /P modifier causes pcretest to call PCRE via the POSIX wrapper API
+       rather than its native API. This supports only the 8-bit library.  When
+       /P  is set, the following modifiers set options for the regcomp() func-
+       tion:
+
+         /i    REG_ICASE
+         /m    REG_NEWLINE
+         /N    REG_NOSUB
+         /s    REG_DOTALL     )
+         /U    REG_UNGREEDY   ) These options are not part of
+         /W    REG_UCP        )   the POSIX standard
+         /8    REG_UTF8       )
+
+       The /+ modifier works as  described  above.  All  other  modifiers  are
+       ignored.
+
+   Locking out certain modifiers
+
+       PCRE  can be compiled with or without support for certain features such
+       as UTF-8/16/32 or Unicode properties. Accordingly, the  standard  tests
+       are  split  up  into  a number of different files that are selected for
+       running depending on which features are available.  When  updating  the
+       tests, it is all too easy to put a new test into the wrong file by mis-
+       take; for example, to put a test that requires UTF support into a  file
+       that  is used when it is not available. To help detect such mistakes as
+       early as possible, there is a facility for locking out  specific  modi-
+       fiers. If an input line for pcretest starts with the string "< forbid "
+       the following sequence of characters is taken as a  list  of  forbidden
+       modifiers. For example, in the test files that must not use UTF or Uni-
+       code property support, this line appears:
+
+         < forbid 8W
+
+       This locks out the /8 and /W modifiers. An immediate error is given  if
+       they  are  subsequently encountered. If the character string contains <
+       but not >, all the multi-character modifiers  that  begin  with  <  are
+       locked  out.  Otherwise,  such modifiers must be explicitly listed, for
+       example:
+
+         < forbid <JS><cr>
+
+       There must be a single space between < and "forbid" for this feature to
+       be  recognised.  If  there  is not, the line is interpreted either as a
+       request to re-load a pre-compiled pattern (see  "SAVING  AND  RELOADING
+       COMPILED  PATTERNS"  below) or, if there is a another < character, as a
+       pattern that uses < as its delimiter.
+
+
+DATA LINES
+
+       Before each data line is  passed  to  pcre[16|32]_exec(),  leading  and
+       trailing  white space is removed, and it is then scanned for \ escapes.
+       Some of these are pretty esoteric features, intended for  checking  out
+       some  of the more complicated features of PCRE. If you are just testing
+       "ordinary" regular expressions, you probably don't need any  of  these.
+       The following escapes are recognized:
+
+         \a         alarm (BEL, \x07)
+         \b         backspace (\x08)
+         \e         escape (\x27)
+         \f         form feed (\x0c)
+         \n         newline (\x0a)
+         \qdd       set the PCRE_MATCH_LIMIT limit to dd
+                      (any number of digits)
+         \r         carriage return (\x0d)
+         \t         tab (\x09)
+         \v         vertical tab (\x0b)
+         \nnn       octal character (up to 3 octal digits); always
+                      a byte unless > 255 in UTF-8 or 16-bit or 32-bit mode
+         \o{dd...}  octal character (any number of octal digits}
+         \xhh       hexadecimal byte (up to 2 hex digits)
+         \x{hh...}  hexadecimal character (any number of hex digits)
+         \A         pass the PCRE_ANCHORED option to pcre[16|32]_exec()
+                      or pcre[16|32]_dfa_exec()
+         \B         pass the PCRE_NOTBOL option to pcre[16|32]_exec()
+                      or pcre[16|32]_dfa_exec()
+         \Cdd       call pcre[16|32]_copy_substring() for substring dd
+                      after a successful match (number less than 32)
+         \Cname     call pcre[16|32]_copy_named_substring() for substring
+                      "name" after a successful match (name termin-
+                      ated by next non alphanumeric character)
+         \C+        show the current captured substrings at callout
+                      time
+         \C-        do not supply a callout function
+         \C!n       return 1 instead of 0 when callout number n is
+                      reached
+         \C!n!m     return 1 instead of 0 when callout number n is
+                      reached for the nth time
+         \C*n       pass the number n (may be negative) as callout
+                      data; this is used as the callout return value
+         \D         use the pcre[16|32]_dfa_exec() match function
+         \F         only shortest match for pcre[16|32]_dfa_exec()
+         \Gdd       call pcre[16|32]_get_substring() for substring dd
+                      after a successful match (number less than 32)
+         \Gname     call pcre[16|32]_get_named_substring() for substring
+                      "name" after a successful match (name termin-
+                      ated by next non-alphanumeric character)
+         \Jdd       set up a JIT stack of dd kilobytes maximum (any
+                      number of digits)
+         \L         call pcre[16|32]_get_substringlist() after a
+                      successful match
+         \M         discover the minimum MATCH_LIMIT and
+                      MATCH_LIMIT_RECURSION settings
+         \N         pass the PCRE_NOTEMPTY option to pcre[16|32]_exec()
+                      or pcre[16|32]_dfa_exec(); if used twice, pass the
+                      PCRE_NOTEMPTY_ATSTART option
+         \Odd       set the size of the output vector passed to
+                      pcre[16|32]_exec() to dd (any number of digits)
+         \P         pass the PCRE_PARTIAL_SOFT option to pcre[16|32]_exec()
+                      or pcre[16|32]_dfa_exec(); if used twice, pass the
+                      PCRE_PARTIAL_HARD option
+         \Qdd       set the PCRE_MATCH_LIMIT_RECURSION limit to dd
+                      (any number of digits)
+         \R         pass the PCRE_DFA_RESTART option to pcre[16|32]_dfa_exec()
+         \S         output details of memory get/free calls during matching
+         \Y             pass     the    PCRE_NO_START_OPTIMIZE    option    to
+       pcre[16|32]_exec()
+                      or pcre[16|32]_dfa_exec()
+         \Z         pass the PCRE_NOTEOL option to pcre[16|32]_exec()
+                      or pcre[16|32]_dfa_exec()
+         \?         pass the PCRE_NO_UTF[8|16|32]_CHECK option to
+                      pcre[16|32]_exec() or pcre[16|32]_dfa_exec()
+         \>dd       start the match at offset dd (optional "-"; then
+                      any number of digits); this sets the startoffset
+                      argument        for        pcre[16|32]_exec()         or
+       pcre[16|32]_dfa_exec()
+         \<cr>      pass the PCRE_NEWLINE_CR option to pcre[16|32]_exec()
+                      or pcre[16|32]_dfa_exec()
+         \<lf>      pass the PCRE_NEWLINE_LF option to pcre[16|32]_exec()
+                      or pcre[16|32]_dfa_exec()
+         \<crlf>    pass the PCRE_NEWLINE_CRLF option to pcre[16|32]_exec()
+                      or pcre[16|32]_dfa_exec()
+         \<anycrlf> pass the PCRE_NEWLINE_ANYCRLF option to pcre[16|32]_exec()
+                      or pcre[16|32]_dfa_exec()
+         \<any>     pass the PCRE_NEWLINE_ANY option to pcre[16|32]_exec()
+                      or pcre[16|32]_dfa_exec()
+
+       The  use of \x{hh...} is not dependent on the use of the /8 modifier on
+       the pattern. It is recognized always. There may be any number of  hexa-
+       decimal  digits  inside  the  braces; invalid values provoke error mes-
+       sages.
+
+       Note that \xhh specifies one byte rather than one  character  in  UTF-8
+       mode;  this  makes it possible to construct invalid UTF-8 sequences for
+       testing purposes. On the other hand, \x{hh} is interpreted as  a  UTF-8
+       character  in UTF-8 mode, generating more than one byte if the value is
+       greater than 127.  When testing the 8-bit library not  in  UTF-8  mode,
+       \x{hh} generates one byte for values less than 256, and causes an error
+       for greater values.
+
+       In UTF-16 mode, all 4-digit \x{hhhh} values are accepted. This makes it
+       possible to construct invalid UTF-16 sequences for testing purposes.
+
+       In  UTF-32  mode,  all  4- to 8-digit \x{...} values are accepted. This
+       makes it possible to construct invalid  UTF-32  sequences  for  testing
+       purposes.
+
+       The  escapes  that  specify  line ending sequences are literal strings,
+       exactly as shown. No more than one newline setting should be present in
+       any data line.
+
+       A  backslash  followed by anything else just escapes the anything else.
+       If the very last character is a backslash, it is ignored. This gives  a
+       way  of  passing  an empty line as data, since a real empty line termi-
+       nates the data input.
+
+       The \J escape provides a way of setting the maximum stack size that  is
+       used  by the just-in-time optimization code. It is ignored if JIT opti-
+       mization is not being used. Providing a stack that is larger  than  the
+       default 32K is necessary only for very complicated patterns.
+
+       If \M is present, pcretest calls pcre[16|32]_exec() several times, with
+       different values in the match_limit and match_limit_recursion fields of
+       the  pcre[16|32]_extra  data structure, until it finds the minimum num-
+       bers for each parameter that allow pcre[16|32]_exec() to complete with-
+       out  error.  Because  this  is testing a specific feature of the normal
+       interpretive pcre[16|32]_exec() execution, the use of any JIT optimiza-
+       tion  that might have been set up by the /S+ qualifier of -s+ option is
+       disabled.
+
+       The match_limit number is a measure of the amount of backtracking  that
+       takes  place,  and  checking it out can be instructive. For most simple
+       matches, the number is quite small, but for patterns  with  very  large
+       numbers  of  matching  possibilities,  it can become large very quickly
+       with increasing length of  subject  string.  The  match_limit_recursion
+       number  is  a  measure  of how much stack (or, if PCRE is compiled with
+       NO_RECURSE, how much heap) memory  is  needed  to  complete  the  match
+       attempt.
+
+       When  \O  is  used, the value specified may be higher or lower than the
+       size set by the -O command line option (or defaulted to 45); \O applies
+       only  to  the  call  of  pcre[16|32]_exec()  for  the  line in which it
+       appears.
+
+       If the /P modifier was present on the pattern, causing the POSIX  wrap-
+       per  API  to  be  used, the only option-setting sequences that have any
+       effect are \B,  \N,  and  \Z,  causing  REG_NOTBOL,  REG_NOTEMPTY,  and
+       REG_NOTEOL, respectively, to be passed to regexec().
+
+
+THE ALTERNATIVE MATCHING FUNCTION
+
+       By   default,  pcretest  uses  the  standard  PCRE  matching  function,
+       pcre[16|32]_exec() to match each  data  line.  PCRE  also  supports  an
+       alternative  matching  function, pcre[16|32]_dfa_test(), which operates
+       in a different way, and has some restrictions. The differences  between
+       the two functions are described in the pcrematching documentation.
+
+       If  a data line contains the \D escape sequence, or if the command line
+       contains the -dfa option, the alternative matching  function  is  used.
+       This function finds all possible matches at a given point. If, however,
+       the \F escape sequence is present in the data line, it stops after  the
+       first match is found. This is always the shortest possible match.
+
+
+DEFAULT OUTPUT FROM PCRETEST
+
+       This  section  describes  the output when the normal matching function,
+       pcre[16|32]_exec(), is being used.
+
+       When a match succeeds, pcretest outputs the list of captured substrings
+       that  pcre[16|32]_exec() returns, starting with number 0 for the string
+       that matched the whole pattern. Otherwise, it outputs "No  match"  when
+       the  return is PCRE_ERROR_NOMATCH, and "Partial match:" followed by the
+       partially   matching   substring   when   pcre[16|32]_exec()    returns
+       PCRE_ERROR_PARTIAL.  (Note  that  this is the entire substring that was
+       inspected during the partial match; it may  include  characters  before
+       the  actual  match  start  if a lookbehind assertion, \K, \b, or \B was
+       involved.) For any other return, pcretest  outputs  the  PCRE  negative
+       error  number  and a short descriptive phrase. If the error is a failed
+       UTF string check, the offset of the start of the failing character  and
+       the  reason  code are also output, provided that the size of the output
+       vector is at least two. Here is an example of an  interactive  pcretest
+       run.
+
+         $ pcretest
+         PCRE version 8.13 2011-04-30
+
+           re> /^abc(\d+)/
+         data> abc123
+          0: abc123
+          1: 123
+         data> xyz
+         No match
+
+       Unset capturing substrings that are not followed by one that is set are
+       not returned by pcre[16|32]_exec(), and are not shown by  pcretest.  In
+       the following example, there are two capturing substrings, but when the
+       first data line is matched, the second, unset substring is  not  shown.
+       An  "internal" unset substring is shown as "<unset>", as for the second
+       data line.
+
+           re> /(a)|(b)/
+         data> a
+          0: a
+          1: a
+         data> b
+          0: b
+          1: <unset>
+          2: b
+
+       If the strings contain any non-printing characters, they are output  as
+       \xhh  escapes  if  the  value is less than 256 and UTF mode is not set.
+       Otherwise they are output as \x{hh...} escapes. See below for the defi-
+       nition  of non-printing characters. If the pattern has the /+ modifier,
+       the output for substring 0 is followed by the the rest of  the  subject
+       string, identified by "0+" like this:
+
+           re> /cat/+
+         data> cataract
+          0: cat
+          0+ aract
+
+       If  the  pattern  has  the /g or /G modifier, the results of successive
+       matching attempts are output in sequence, like this:
+
+           re> /\Bi(\w\w)/g
+         data> Mississippi
+          0: iss
+          1: ss
+          0: iss
+          1: ss
+          0: ipp
+          1: pp
+
+       "No match" is output only if the first match attempt fails. Here is  an
+       example  of a failure message (the offset 4 that is specified by \>4 is
+       past the end of the subject string):
+
+           re> /xyz/
+         data> xyz\>4
+         Error -24 (bad offset value)
+
+       If any of the sequences \C, \G, or \L are present in a data  line  that
+       is  successfully  matched,  the substrings extracted by the convenience
+       functions are output with C, G, or L after the string number instead of
+       a colon. This is in addition to the normal full list. The string length
+       (that is, the return from the extraction function) is given  in  paren-
+       theses after each string for \C and \G.
+
+       Note that whereas patterns can be continued over several lines (a plain
+       ">" prompt is used for continuations), data lines may not. However new-
+       lines  can  be included in data by means of the \n escape (or \r, \r\n,
+       etc., depending on the newline sequence setting).
+
+
+OUTPUT FROM THE ALTERNATIVE MATCHING FUNCTION
+
+       When the alternative matching function, pcre[16|32]_dfa_exec(), is used
+       (by  means  of the \D escape sequence or the -dfa command line option),
+       the output consists of a list of all the  matches  that  start  at  the
+       first point in the subject where there is at least one match. For exam-
+       ple:
+
+           re> /(tang|tangerine|tan)/
+         data> yellow tangerine\D
+          0: tangerine
+          1: tang
+          2: tan
+
+       (Using the normal matching function on this data  finds  only  "tang".)
+       The  longest matching string is always given first (and numbered zero).
+       After a PCRE_ERROR_PARTIAL return, the output is "Partial match:", fol-
+       lowed  by  the  partially  matching  substring.  (Note that this is the
+       entire substring that was inspected during the partial  match;  it  may
+       include characters before the actual match start if a lookbehind asser-
+       tion, \K, \b, or \B was involved.)
+
+       If /g is present on the pattern, the search for further matches resumes
+       at the end of the longest match. For example:
+
+           re> /(tang|tangerine|tan)/g
+         data> yellow tangerine and tangy sultana\D
+          0: tangerine
+          1: tang
+          2: tan
+          0: tang
+          1: tan
+          0: tan
+
+       Since  the  matching  function  does not support substring capture, the
+       escape sequences that are concerned with captured  substrings  are  not
+       relevant.
+
+
+RESTARTING AFTER A PARTIAL MATCH
+
+       When the alternative matching function has given the PCRE_ERROR_PARTIAL
+       return, indicating that the subject partially matched the pattern,  you
+       can  restart  the match with additional subject data by means of the \R
+       escape sequence. For example:
+
+           re> /^\d?\d(jan|feb|mar|apr|may|jun|jul|aug|sep|oct|nov|dec)\d\d$/
+         data> 23ja\P\D
+         Partial match: 23ja
+         data> n05\R\D
+          0: n05
+
+       For further information about partial  matching,  see  the  pcrepartial
+       documentation.
+
+
+CALLOUTS
+
+       If  the pattern contains any callout requests, pcretest's callout func-
+       tion is called during matching. This works  with  both  matching  func-
+       tions. By default, the called function displays the callout number, the
+       start and current positions in the text at the callout  time,  and  the
+       next pattern item to be tested. For example:
+
+         --->pqrabcdef
+           0    ^  ^     \d
+
+       This  output  indicates  that  callout  number  0  occurred for a match
+       attempt starting at the fourth character of the  subject  string,  when
+       the pointer was at the seventh character of the data, and when the next
+       pattern item was \d. Just one circumflex is output  if  the  start  and
+       current positions are the same.
+
+       Callouts numbered 255 are assumed to be automatic callouts, inserted as
+       a result of the /C pattern modifier. In this case, instead  of  showing
+       the  callout  number, the offset in the pattern, preceded by a plus, is
+       output. For example:
+
+           re> /\d?[A-E]\*/C
+         data> E*
+         --->E*
+          +0 ^      \d?
+          +3 ^      [A-E]
+          +8 ^^     \*
+         +10 ^ ^
+          0: E*
+
+       If a pattern contains (*MARK) items, an additional line is output when-
+       ever  a  change  of  latest mark is passed to the callout function. For
+       example:
+
+           re> /a(*MARK:X)bc/C
+         data> abc
+         --->abc
+          +0 ^       a
+          +1 ^^      (*MARK:X)
+         +10 ^^      b
+         Latest Mark: X
+         +11 ^ ^     c
+         +12 ^  ^
+          0: abc
+
+       The mark changes between matching "a" and "b", but stays the  same  for
+       the  rest  of  the match, so nothing more is output. If, as a result of
+       backtracking, the mark reverts to being unset, the  text  "<unset>"  is
+       output.
+
+       The  callout  function  in pcretest returns zero (carry on matching) by
+       default, but you can use a \C item in a data line (as described  above)
+       to change this and other parameters of the callout.
+
+       Inserting  callouts can be helpful when using pcretest to check compli-
+       cated regular expressions. For further information about callouts,  see
+       the pcrecallout documentation.
+
+
+NON-PRINTING CHARACTERS
+
+       When  pcretest is outputting text in the compiled version of a pattern,
+       bytes other than 32-126 are always treated as  non-printing  characters
+       are are therefore shown as hex escapes.
+
+       When  pcretest  is  outputting text that is a matched part of a subject
+       string, it behaves in the same way, unless a different locale has  been
+       set  for  the  pattern  (using  the  /L  modifier).  In  this case, the
+       isprint() function to distinguish printing and non-printing characters.
+
+
+SAVING AND RELOADING COMPILED PATTERNS
+
+       The facilities described in this section are  not  available  when  the
+       POSIX  interface  to  PCRE  is being used, that is, when the /P pattern
+       modifier is specified.
+
+       When the POSIX interface is not in use, you can cause pcretest to write
+       a  compiled  pattern to a file, by following the modifiers with > and a
+       file name.  For example:
+
+         /pattern/im >/some/file
+
+       See the pcreprecompile documentation for a discussion about saving  and
+       re-using  compiled patterns.  Note that if the pattern was successfully
+       studied with JIT optimization, the JIT data cannot be saved.
+
+       The data that is written is binary.  The  first  eight  bytes  are  the
+       length  of  the  compiled  pattern  data  followed by the length of the
+       optional study data, each written as four  bytes  in  big-endian  order
+       (most  significant  byte  first). If there is no study data (either the
+       pattern was not studied, or studying did not return any data), the sec-
+       ond  length  is  zero. The lengths are followed by an exact copy of the
+       compiled pattern. If there is additional study  data,  this  (excluding
+       any  JIT  data)  follows  immediately after the compiled pattern. After
+       writing the file, pcretest expects to read a new pattern.
+
+       A saved pattern can be reloaded into pcretest by  specifying  <  and  a
+       file  name  instead  of a pattern. There must be no space between < and
+       the file name, which must not  contain  a  <  character,  as  otherwise
+       pcretest  will  interpret  the line as a pattern delimited by < charac-
+       ters. For example:
+
+          re> </some/file
+         Compiled pattern loaded from /some/file
+         No study data
+
+       If the pattern was previously studied with the  JIT  optimization,  the
+       JIT  information cannot be saved and restored, and so is lost. When the
+       pattern has been loaded, pcretest proceeds to read data  lines  in  the
+       usual way.
+
+       You  can copy a file written by pcretest to a different host and reload
+       it there, even if the new host has opposite endianness to  the  one  on
+       which  the pattern was compiled. For example, you can compile on an i86
+       machine and run on a SPARC machine. When a pattern  is  reloaded  on  a
+       host with different endianness, the confirmation message is changed to:
+
+         Compiled pattern (byte-inverted) loaded from /some/file
+
+       The test suite contains some saved pre-compiled patterns with different
+       endianness. These are reloaded using "<!" instead  of  just  "<".  This
+       suppresses the "(byte-inverted)" text so that the output is the same on
+       all hosts. It also forces debugging output once the  pattern  has  been
+       reloaded.
+
+       File  names  for  saving and reloading can be absolute or relative, but
+       note that the shell facility of expanding a file name that starts  with
+       a tilde (~) is not available.
+
+       The  ability to save and reload files in pcretest is intended for test-
+       ing and experimentation. It is not intended for production use  because
+       only  a  single pattern can be written to a file. Furthermore, there is
+       no facility for supplying  custom  character  tables  for  use  with  a
+       reloaded  pattern.  If  the  original  pattern was compiled with custom
+       tables, an attempt to match a subject string using a  reloaded  pattern
+       is  likely to cause pcretest to crash.  Finally, if you attempt to load
+       a file that is not in the correct format, the result is undefined.
+
+
+SEE ALSO
+
+       pcre(3), pcre16(3),  pcre32(3),  pcreapi(3),  pcrecallout(3),  pcrejit,
+       pcrematching(3), pcrepartial(d), pcrepattern(3), pcreprecompile(3).
+
+
+AUTHOR
+
+       Philip Hazel
+       University Computing Service
+       Cambridge CB2 3QH, England.
+
+
+REVISION
+
+       Last updated: 23 February 2017
+       Copyright (c) 1997-2017 University of Cambridge.
diff --git a/client/3rd/ShadowSocks/ShadowSocks/pcre/armv7/share/man/man1/pcre-config.1 b/client/3rd/ShadowSocks/ShadowSocks/pcre/armv7/share/man/man1/pcre-config.1
new file mode 100644
index 00000000..52eb4fb2
--- /dev/null
+++ b/client/3rd/ShadowSocks/ShadowSocks/pcre/armv7/share/man/man1/pcre-config.1
@@ -0,0 +1,92 @@
+.TH PCRE-CONFIG 1 "01 January 2012" "PCRE 8.30"
+.SH NAME
+pcre-config - program to return PCRE configuration
+.SH SYNOPSIS
+.rs
+.sp
+.nf
+.B pcre-config  [--prefix] [--exec-prefix] [--version] [--libs]
+.B "            [--libs16] [--libs32] [--libs-cpp] [--libs-posix]"
+.B "            [--cflags] [--cflags-posix]"
+.fi
+.
+.
+.SH DESCRIPTION
+.rs
+.sp
+\fBpcre-config\fP returns the configuration of the installed PCRE
+libraries and the options required to compile a program to use them. Some of
+the options apply only to the 8-bit, or 16-bit, or 32-bit libraries,
+respectively, and are
+not available if only one of those libraries has been built. If an unavailable
+option is encountered, the "usage" information is output.
+.
+.
+.SH OPTIONS
+.rs
+.TP 10
+\fB--prefix\fP
+Writes the directory prefix used in the PCRE installation for architecture
+independent files (\fI/usr\fP on many systems, \fI/usr/local\fP on some
+systems) to the standard output.
+.TP 10
+\fB--exec-prefix\fP
+Writes the directory prefix used in the PCRE installation for architecture
+dependent files (normally the same as \fB--prefix\fP) to the standard output.
+.TP 10
+\fB--version\fP
+Writes the version number of the installed PCRE libraries to the standard
+output.
+.TP 10
+\fB--libs\fP
+Writes to the standard output the command line options required to link
+with the 8-bit PCRE library (\fB-lpcre\fP on many systems).
+.TP 10
+\fB--libs16\fP
+Writes to the standard output the command line options required to link
+with the 16-bit PCRE library (\fB-lpcre16\fP on many systems).
+.TP 10
+\fB--libs32\fP
+Writes to the standard output the command line options required to link
+with the 32-bit PCRE library (\fB-lpcre32\fP on many systems).
+.TP 10
+\fB--libs-cpp\fP
+Writes to the standard output the command line options required to link with
+PCRE's C++ wrapper library (\fB-lpcrecpp\fP \fB-lpcre\fP on many
+systems).
+.TP 10
+\fB--libs-posix\fP
+Writes to the standard output the command line options required to link with
+PCRE's POSIX API wrapper library (\fB-lpcreposix\fP \fB-lpcre\fP on many
+systems).
+.TP 10
+\fB--cflags\fP
+Writes to the standard output the command line options required to compile
+files that use PCRE (this may include some \fB-I\fP options, but is blank on
+many systems).
+.TP 10
+\fB--cflags-posix\fP
+Writes to the standard output the command line options required to compile
+files that use PCRE's POSIX API wrapper library (this may include some \fB-I\fP
+options, but is blank on many systems).
+.
+.
+.SH "SEE ALSO"
+.rs
+.sp
+\fBpcre(3)\fP
+.
+.
+.SH AUTHOR
+.rs
+.sp
+This manual page was originally written by Mark Baker for the Debian GNU/Linux
+system. It has been subsequently revised as a generic PCRE man page.
+.
+.
+.SH REVISION
+.rs
+.sp
+.nf
+Last updated: 24 June 2012
+.fi
diff --git a/client/3rd/ShadowSocks/ShadowSocks/pcre/armv7/share/man/man1/pcregrep.1 b/client/3rd/ShadowSocks/ShadowSocks/pcre/armv7/share/man/man1/pcregrep.1
new file mode 100644
index 00000000..98866754
--- /dev/null
+++ b/client/3rd/ShadowSocks/ShadowSocks/pcre/armv7/share/man/man1/pcregrep.1
@@ -0,0 +1,683 @@
+.TH PCREGREP 1 "03 April 2014" "PCRE 8.35"
+.SH NAME
+pcregrep - a grep with Perl-compatible regular expressions.
+.SH SYNOPSIS
+.B pcregrep [options] [long options] [pattern] [path1 path2 ...]
+.
+.SH DESCRIPTION
+.rs
+.sp
+\fBpcregrep\fP searches files for character patterns, in the same way as other
+grep commands do, but it uses the PCRE regular expression library to support
+patterns that are compatible with the regular expressions of Perl 5. See
+.\" HREF
+\fBpcresyntax\fP(3)
+.\"
+for a quick-reference summary of pattern syntax, or
+.\" HREF
+\fBpcrepattern\fP(3)
+.\"
+for a full description of the syntax and semantics of the regular expressions
+that PCRE supports.
+.P
+Patterns, whether supplied on the command line or in a separate file, are given
+without delimiters. For example:
+.sp
+  pcregrep Thursday /etc/motd
+.sp
+If you attempt to use delimiters (for example, by surrounding a pattern with
+slashes, as is common in Perl scripts), they are interpreted as part of the
+pattern. Quotes can of course be used to delimit patterns on the command line
+because they are interpreted by the shell, and indeed quotes are required if a
+pattern contains white space or shell metacharacters.
+.P
+The first argument that follows any option settings is treated as the single
+pattern to be matched when neither \fB-e\fP nor \fB-f\fP is present.
+Conversely, when one or both of these options are used to specify patterns, all
+arguments are treated as path names. At least one of \fB-e\fP, \fB-f\fP, or an
+argument pattern must be provided.
+.P
+If no files are specified, \fBpcregrep\fP reads the standard input. The
+standard input can also be referenced by a name consisting of a single hyphen.
+For example:
+.sp
+  pcregrep some-pattern /file1 - /file3
+.sp
+By default, each line that matches a pattern is copied to the standard
+output, and if there is more than one file, the file name is output at the
+start of each line, followed by a colon. However, there are options that can
+change how \fBpcregrep\fP behaves. In particular, the \fB-M\fP option makes it
+possible to search for patterns that span line boundaries. What defines a line
+boundary is controlled by the \fB-N\fP (\fB--newline\fP) option.
+.P
+The amount of memory used for buffering files that are being scanned is
+controlled by a parameter that can be set by the \fB--buffer-size\fP option.
+The default value for this parameter is specified when \fBpcregrep\fP is built,
+with the default default being 20K. A block of memory three times this size is
+used (to allow for buffering "before" and "after" lines). An error occurs if a
+line overflows the buffer.
+.P
+Patterns can be no longer than 8K or BUFSIZ bytes, whichever is the greater.
+BUFSIZ is defined in \fB<stdio.h>\fP. When there is more than one pattern
+(specified by the use of \fB-e\fP and/or \fB-f\fP), each pattern is applied to
+each line in the order in which they are defined, except that all the \fB-e\fP
+patterns are tried before the \fB-f\fP patterns.
+.P
+By default, as soon as one pattern matches a line, no further patterns are
+considered. However, if \fB--colour\fP (or \fB--color\fP) is used to colour the
+matching substrings, or if \fB--only-matching\fP, \fB--file-offsets\fP, or
+\fB--line-offsets\fP is used to output only the part of the line that matched
+(either shown literally, or as an offset), scanning resumes immediately
+following the match, so that further matches on the same line can be found. If
+there are multiple patterns, they are all tried on the remainder of the line,
+but patterns that follow the one that matched are not tried on the earlier part
+of the line.
+.P
+This behaviour means that the order in which multiple patterns are specified
+can affect the output when one of the above options is used. This is no longer
+the same behaviour as GNU grep, which now manages to display earlier matches
+for later patterns (as long as there is no overlap).
+.P
+Patterns that can match an empty string are accepted, but empty string
+matches are never recognized. An example is the pattern "(super)?(man)?", in
+which all components are optional. This pattern finds all occurrences of both
+"super" and "man"; the output differs from matching with "super|man" when only
+the matching substrings are being shown.
+.P
+If the \fBLC_ALL\fP or \fBLC_CTYPE\fP environment variable is set,
+\fBpcregrep\fP uses the value to set a locale when calling the PCRE library.
+The \fB--locale\fP option can be used to override this.
+.
+.
+.SH "SUPPORT FOR COMPRESSED FILES"
+.rs
+.sp
+It is possible to compile \fBpcregrep\fP so that it uses \fBlibz\fP or
+\fBlibbz2\fP to read files whose names end in \fB.gz\fP or \fB.bz2\fP,
+respectively. You can find out whether your binary has support for one or both
+of these file types by running it with the \fB--help\fP option. If the
+appropriate support is not present, files are treated as plain text. The
+standard input is always so treated.
+.
+.
+.SH "BINARY FILES"
+.rs
+.sp
+By default, a file that contains a binary zero byte within the first 1024 bytes
+is identified as a binary file, and is processed specially. (GNU grep also
+identifies binary files in this manner.) See the \fB--binary-files\fP option
+for a means of changing the way binary files are handled.
+.
+.
+.SH OPTIONS
+.rs
+.sp
+The order in which some of the options appear can affect the output. For
+example, both the \fB-h\fP and \fB-l\fP options affect the printing of file
+names. Whichever comes later in the command line will be the one that takes
+effect. Similarly, except where noted below, if an option is given twice, the
+later setting is used. Numerical values for options may be followed by K or M,
+to signify multiplication by 1024 or 1024*1024 respectively.
+.TP 10
+\fB--\fP
+This terminates the list of options. It is useful if the next item on the
+command line starts with a hyphen but is not an option. This allows for the
+processing of patterns and filenames that start with hyphens.
+.TP
+\fB-A\fP \fInumber\fP, \fB--after-context=\fP\fInumber\fP
+Output \fInumber\fP lines of context after each matching line. If filenames
+and/or line numbers are being output, a hyphen separator is used instead of a
+colon for the context lines. A line containing "--" is output between each
+group of lines, unless they are in fact contiguous in the input file. The value
+of \fInumber\fP is expected to be relatively small. However, \fBpcregrep\fP
+guarantees to have up to 8K of following text available for context output.
+.TP
+\fB-a\fP, \fB--text\fP
+Treat binary files as text. This is equivalent to
+\fB--binary-files\fP=\fItext\fP.
+.TP
+\fB-B\fP \fInumber\fP, \fB--before-context=\fP\fInumber\fP
+Output \fInumber\fP lines of context before each matching line. If filenames
+and/or line numbers are being output, a hyphen separator is used instead of a
+colon for the context lines. A line containing "--" is output between each
+group of lines, unless they are in fact contiguous in the input file. The value
+of \fInumber\fP is expected to be relatively small. However, \fBpcregrep\fP
+guarantees to have up to 8K of preceding text available for context output.
+.TP
+\fB--binary-files=\fP\fIword\fP
+Specify how binary files are to be processed. If the word is "binary" (the
+default), pattern matching is performed on binary files, but the only output is
+"Binary file <name> matches" when a match succeeds. If the word is "text",
+which is equivalent to the \fB-a\fP or \fB--text\fP option, binary files are
+processed in the same way as any other file. In this case, when a match
+succeeds, the output may be binary garbage, which can have nasty effects if
+sent to a terminal. If the word is "without-match", which is equivalent to the
+\fB-I\fP option, binary files are not processed at all; they are assumed not to
+be of interest.
+.TP
+\fB--buffer-size=\fP\fInumber\fP
+Set the parameter that controls how much memory is used for buffering files
+that are being scanned.
+.TP
+\fB-C\fP \fInumber\fP, \fB--context=\fP\fInumber\fP
+Output \fInumber\fP lines of context both before and after each matching line.
+This is equivalent to setting both \fB-A\fP and \fB-B\fP to the same value.
+.TP
+\fB-c\fP, \fB--count\fP
+Do not output individual lines from the files that are being scanned; instead
+output the number of lines that would otherwise have been shown. If no lines
+are selected, the number zero is output. If several files are are being
+scanned, a count is output for each of them. However, if the
+\fB--files-with-matches\fP option is also used, only those files whose counts
+are greater than zero are listed. When \fB-c\fP is used, the \fB-A\fP,
+\fB-B\fP, and \fB-C\fP options are ignored.
+.TP
+\fB--colour\fP, \fB--color\fP
+If this option is given without any data, it is equivalent to "--colour=auto".
+If data is required, it must be given in the same shell item, separated by an
+equals sign.
+.TP
+\fB--colour=\fP\fIvalue\fP, \fB--color=\fP\fIvalue\fP
+This option specifies under what circumstances the parts of a line that matched
+a pattern should be coloured in the output. By default, the output is not
+coloured. The value (which is optional, see above) may be "never", "always", or
+"auto". In the latter case, colouring happens only if the standard output is
+connected to a terminal. More resources are used when colouring is enabled,
+because \fBpcregrep\fP has to search for all possible matches in a line, not
+just one, in order to colour them all.
+.sp
+The colour that is used can be specified by setting the environment variable
+PCREGREP_COLOUR or PCREGREP_COLOR. The value of this variable should be a
+string of two numbers, separated by a semicolon. They are copied directly into
+the control string for setting colour on a terminal, so it is your
+responsibility to ensure that they make sense. If neither of the environment
+variables is set, the default is "1;31", which gives red.
+.TP
+\fB-D\fP \fIaction\fP, \fB--devices=\fP\fIaction\fP
+If an input path is not a regular file or a directory, "action" specifies how
+it is to be processed. Valid values are "read" (the default) or "skip"
+(silently skip the path).
+.TP
+\fB-d\fP \fIaction\fP, \fB--directories=\fP\fIaction\fP
+If an input path is a directory, "action" specifies how it is to be processed.
+Valid values are "read" (the default in non-Windows environments, for
+compatibility with GNU grep), "recurse" (equivalent to the \fB-r\fP option), or
+"skip" (silently skip the path, the default in Windows environments). In the
+"read" case, directories are read as if they were ordinary files. In some
+operating systems the effect of reading a directory like this is an immediate
+end-of-file; in others it may provoke an error.
+.TP
+\fB-e\fP \fIpattern\fP, \fB--regex=\fP\fIpattern\fP, \fB--regexp=\fP\fIpattern\fP
+Specify a pattern to be matched. This option can be used multiple times in
+order to specify several patterns. It can also be used as a way of specifying a
+single pattern that starts with a hyphen. When \fB-e\fP is used, no argument
+pattern is taken from the command line; all arguments are treated as file
+names. There is no limit to the number of patterns. They are applied to each
+line in the order in which they are defined until one matches.
+.sp
+If \fB-f\fP is used with \fB-e\fP, the command line patterns are matched first,
+followed by the patterns from the file(s), independent of the order in which
+these options are specified. Note that multiple use of \fB-e\fP is not the same
+as a single pattern with alternatives. For example, X|Y finds the first
+character in a line that is X or Y, whereas if the two patterns are given
+separately, with X first, \fBpcregrep\fP finds X if it is present, even if it
+follows Y in the line. It finds Y only if there is no X in the line. This
+matters only if you are using \fB-o\fP or \fB--colo(u)r\fP to show the part(s)
+of the line that matched.
+.TP
+\fB--exclude\fP=\fIpattern\fP
+Files (but not directories) whose names match the pattern are skipped without
+being processed. This applies to all files, whether listed on the command line,
+obtained from \fB--file-list\fP, or by scanning a directory. The pattern is a
+PCRE regular expression, and is matched against the final component of the file
+name, not the entire path. The \fB-F\fP, \fB-w\fP, and \fB-x\fP options do not
+apply to this pattern. The option may be given any number of times in order to
+specify multiple patterns. If a file name matches both an \fB--include\fP
+and an \fB--exclude\fP pattern, it is excluded. There is no short form for this
+option.
+.TP
+\fB--exclude-from=\fP\fIfilename\fP
+Treat each non-empty line of the file as the data for an \fB--exclude\fP
+option. What constitutes a newline when reading the file is the operating
+system's default. The \fB--newline\fP option has no effect on this option. This
+option may be given more than once in order to specify a number of files to
+read.
+.TP
+\fB--exclude-dir\fP=\fIpattern\fP
+Directories whose names match the pattern are skipped without being processed,
+whatever the setting of the \fB--recursive\fP option. This applies to all
+directories, whether listed on the command line, obtained from
+\fB--file-list\fP, or by scanning a parent directory. The pattern is a PCRE
+regular expression, and is matched against the final component of the directory
+name, not the entire path. The \fB-F\fP, \fB-w\fP, and \fB-x\fP options do not
+apply to this pattern. The option may be given any number of times in order to
+specify more than one pattern. If a directory matches both \fB--include-dir\fP
+and \fB--exclude-dir\fP, it is excluded. There is no short form for this
+option.
+.TP
+\fB-F\fP, \fB--fixed-strings\fP
+Interpret each data-matching pattern as a list of fixed strings, separated by
+newlines, instead of as a regular expression. What constitutes a newline for
+this purpose is controlled by the \fB--newline\fP option. The \fB-w\fP (match
+as a word) and \fB-x\fP (match whole line) options can be used with \fB-F\fP.
+They apply to each of the fixed strings. A line is selected if any of the fixed
+strings are found in it (subject to \fB-w\fP or \fB-x\fP, if present). This
+option applies only to the patterns that are matched against the contents of
+files; it does not apply to patterns specified by any of the \fB--include\fP or
+\fB--exclude\fP options.
+.TP
+\fB-f\fP \fIfilename\fP, \fB--file=\fP\fIfilename\fP
+Read patterns from the file, one per line, and match them against
+each line of input. What constitutes a newline when reading the file is the
+operating system's default. The \fB--newline\fP option has no effect on this
+option. Trailing white space is removed from each line, and blank lines are
+ignored. An empty file contains no patterns and therefore matches nothing. See
+also the comments about multiple patterns versus a single pattern with
+alternatives in the description of \fB-e\fP above.
+.sp
+If this option is given more than once, all the specified files are
+read. A data line is output if any of the patterns match it. A filename can
+be given as "-" to refer to the standard input. When \fB-f\fP is used, patterns
+specified on the command line using \fB-e\fP may also be present; they are
+tested before the file's patterns. However, no other pattern is taken from the
+command line; all arguments are treated as the names of paths to be searched.
+.TP
+\fB--file-list\fP=\fIfilename\fP
+Read a list of files and/or directories that are to be scanned from the given
+file, one per line. Trailing white space is removed from each line, and blank
+lines are ignored. These paths are processed before any that are listed on the
+command line. The filename can be given as "-" to refer to the standard input.
+If \fB--file\fP and \fB--file-list\fP are both specified as "-", patterns are
+read first. This is useful only when the standard input is a terminal, from
+which further lines (the list of files) can be read after an end-of-file
+indication. If this option is given more than once, all the specified files are
+read.
+.TP
+\fB--file-offsets\fP
+Instead of showing lines or parts of lines that match, show each match as an
+offset from the start of the file and a length, separated by a comma. In this
+mode, no context is shown. That is, the \fB-A\fP, \fB-B\fP, and \fB-C\fP
+options are ignored. If there is more than one match in a line, each of them is
+shown separately. This option is mutually exclusive with \fB--line-offsets\fP
+and \fB--only-matching\fP.
+.TP
+\fB-H\fP, \fB--with-filename\fP
+Force the inclusion of the filename at the start of output lines when searching
+a single file. By default, the filename is not shown in this case. For matching
+lines, the filename is followed by a colon; for context lines, a hyphen
+separator is used. If a line number is also being output, it follows the file
+name.
+.TP
+\fB-h\fP, \fB--no-filename\fP
+Suppress the output filenames when searching multiple files. By default,
+filenames are shown when multiple files are searched. For matching lines, the
+filename is followed by a colon; for context lines, a hyphen separator is used.
+If a line number is also being output, it follows the file name.
+.TP
+\fB--help\fP
+Output a help message, giving brief details of the command options and file
+type support, and then exit. Anything else on the command line is
+ignored.
+.TP
+\fB-I\fP
+Treat binary files as never matching. This is equivalent to
+\fB--binary-files\fP=\fIwithout-match\fP.
+.TP
+\fB-i\fP, \fB--ignore-case\fP
+Ignore upper/lower case distinctions during comparisons.
+.TP
+\fB--include\fP=\fIpattern\fP
+If any \fB--include\fP patterns are specified, the only files that are
+processed are those that match one of the patterns (and do not match an
+\fB--exclude\fP pattern). This option does not affect directories, but it
+applies to all files, whether listed on the command line, obtained from
+\fB--file-list\fP, or by scanning a directory. The pattern is a PCRE regular
+expression, and is matched against the final component of the file name, not
+the entire path. The \fB-F\fP, \fB-w\fP, and \fB-x\fP options do not apply to
+this pattern. The option may be given any number of times. If a file name
+matches both an \fB--include\fP and an \fB--exclude\fP pattern, it is excluded.
+There is no short form for this option.
+.TP
+\fB--include-from=\fP\fIfilename\fP
+Treat each non-empty line of the file as the data for an \fB--include\fP
+option. What constitutes a newline for this purpose is the operating system's
+default. The \fB--newline\fP option has no effect on this option. This option
+may be given any number of times; all the files are read.
+.TP
+\fB--include-dir\fP=\fIpattern\fP
+If any \fB--include-dir\fP patterns are specified, the only directories that
+are processed are those that match one of the patterns (and do not match an
+\fB--exclude-dir\fP pattern). This applies to all directories, whether listed
+on the command line, obtained from \fB--file-list\fP, or by scanning a parent
+directory. The pattern is a PCRE regular expression, and is matched against the
+final component of the directory name, not the entire path. The \fB-F\fP,
+\fB-w\fP, and \fB-x\fP options do not apply to this pattern. The option may be
+given any number of times. If a directory matches both \fB--include-dir\fP and
+\fB--exclude-dir\fP, it is excluded. There is no short form for this option.
+.TP
+\fB-L\fP, \fB--files-without-match\fP
+Instead of outputting lines from the files, just output the names of the files
+that do not contain any lines that would have been output. Each file name is
+output once, on a separate line.
+.TP
+\fB-l\fP, \fB--files-with-matches\fP
+Instead of outputting lines from the files, just output the names of the files
+containing lines that would have been output. Each file name is output
+once, on a separate line. Searching normally stops as soon as a matching line
+is found in a file. However, if the \fB-c\fP (count) option is also used,
+matching continues in order to obtain the correct count, and those files that
+have at least one match are listed along with their counts. Using this option
+with \fB-c\fP is a way of suppressing the listing of files with no matches.
+.TP
+\fB--label\fP=\fIname\fP
+This option supplies a name to be used for the standard input when file names
+are being output. If not supplied, "(standard input)" is used. There is no
+short form for this option.
+.TP
+\fB--line-buffered\fP
+When this option is given, input is read and processed line by line, and the
+output is flushed after each write. By default, input is read in large chunks,
+unless \fBpcregrep\fP can determine that it is reading from a terminal (which
+is currently possible only in Unix-like environments). Output to terminal is
+normally automatically flushed by the operating system. This option can be
+useful when the input or output is attached to a pipe and you do not want
+\fBpcregrep\fP to buffer up large amounts of data. However, its use will affect
+performance, and the \fB-M\fP (multiline) option ceases to work.
+.TP
+\fB--line-offsets\fP
+Instead of showing lines or parts of lines that match, show each match as a
+line number, the offset from the start of the line, and a length. The line
+number is terminated by a colon (as usual; see the \fB-n\fP option), and the
+offset and length are separated by a comma. In this mode, no context is shown.
+That is, the \fB-A\fP, \fB-B\fP, and \fB-C\fP options are ignored. If there is
+more than one match in a line, each of them is shown separately. This option is
+mutually exclusive with \fB--file-offsets\fP and \fB--only-matching\fP.
+.TP
+\fB--locale\fP=\fIlocale-name\fP
+This option specifies a locale to be used for pattern matching. It overrides
+the value in the \fBLC_ALL\fP or \fBLC_CTYPE\fP environment variables. If no
+locale is specified, the PCRE library's default (usually the "C" locale) is
+used. There is no short form for this option.
+.TP
+\fB--match-limit\fP=\fInumber\fP
+Processing some regular expression patterns can require a very large amount of
+memory, leading in some cases to a program crash if not enough is available.
+Other patterns may take a very long time to search for all possible matching
+strings. The \fBpcre_exec()\fP function that is called by \fBpcregrep\fP to do
+the matching has two parameters that can limit the resources that it uses.
+.sp
+The \fB--match-limit\fP option provides a means of limiting resource usage
+when processing patterns that are not going to match, but which have a very
+large number of possibilities in their search trees. The classic example is a
+pattern that uses nested unlimited repeats. Internally, PCRE uses a function
+called \fBmatch()\fP which it calls repeatedly (sometimes recursively). The
+limit set by \fB--match-limit\fP is imposed on the number of times this
+function is called during a match, which has the effect of limiting the amount
+of backtracking that can take place.
+.sp
+The \fB--recursion-limit\fP option is similar to \fB--match-limit\fP, but
+instead of limiting the total number of times that \fBmatch()\fP is called, it
+limits the depth of recursive calls, which in turn limits the amount of memory
+that can be used. The recursion depth is a smaller number than the total number
+of calls, because not all calls to \fBmatch()\fP are recursive. This limit is
+of use only if it is set smaller than \fB--match-limit\fP.
+.sp
+There are no short forms for these options. The default settings are specified
+when the PCRE library is compiled, with the default default being 10 million.
+.TP
+\fB-M\fP, \fB--multiline\fP
+Allow patterns to match more than one line. When this option is given, patterns
+may usefully contain literal newline characters and internal occurrences of ^
+and $ characters. The output for a successful match may consist of more than
+one line, the last of which is the one in which the match ended. If the matched
+string ends with a newline sequence the output ends at the end of that line.
+.sp
+When this option is set, the PCRE library is called in "multiline" mode.
+There is a limit to the number of lines that can be matched, imposed by the way
+that \fBpcregrep\fP buffers the input file as it scans it. However,
+\fBpcregrep\fP ensures that at least 8K characters or the rest of the document
+(whichever is the shorter) are available for forward matching, and similarly
+the previous 8K characters (or all the previous characters, if fewer than 8K)
+are guaranteed to be available for lookbehind assertions. This option does not
+work when input is read line by line (see \fP--line-buffered\fP.)
+.TP
+\fB-N\fP \fInewline-type\fP, \fB--newline\fP=\fInewline-type\fP
+The PCRE library supports five different conventions for indicating
+the ends of lines. They are the single-character sequences CR (carriage return)
+and LF (linefeed), the two-character sequence CRLF, an "anycrlf" convention,
+which recognizes any of the preceding three types, and an "any" convention, in
+which any Unicode line ending sequence is assumed to end a line. The Unicode
+sequences are the three just mentioned, plus VT (vertical tab, U+000B), FF
+(form feed, U+000C), NEL (next line, U+0085), LS (line separator, U+2028), and
+PS (paragraph separator, U+2029).
+.sp
+When the PCRE library is built, a default line-ending sequence is specified.
+This is normally the standard sequence for the operating system. Unless
+otherwise specified by this option, \fBpcregrep\fP uses the library's default.
+The possible values for this option are CR, LF, CRLF, ANYCRLF, or ANY. This
+makes it possible to use \fBpcregrep\fP to scan files that have come from other
+environments without having to modify their line endings. If the data that is
+being scanned does not agree with the convention set by this option,
+\fBpcregrep\fP may behave in strange ways. Note that this option does not
+apply to files specified by the \fB-f\fP, \fB--exclude-from\fP, or
+\fB--include-from\fP options, which are expected to use the operating system's
+standard newline sequence.
+.TP
+\fB-n\fP, \fB--line-number\fP
+Precede each output line by its line number in the file, followed by a colon
+for matching lines or a hyphen for context lines. If the filename is also being
+output, it precedes the line number. This option is forced if
+\fB--line-offsets\fP is used.
+.TP
+\fB--no-jit\fP
+If the PCRE library is built with support for just-in-time compiling (which
+speeds up matching), \fBpcregrep\fP automatically makes use of this, unless it
+was explicitly disabled at build time. This option can be used to disable the
+use of JIT at run time. It is provided for testing and working round problems.
+It should never be needed in normal use.
+.TP
+\fB-o\fP, \fB--only-matching\fP
+Show only the part of the line that matched a pattern instead of the whole
+line. In this mode, no context is shown. That is, the \fB-A\fP, \fB-B\fP, and
+\fB-C\fP options are ignored. If there is more than one match in a line, each
+of them is shown separately. If \fB-o\fP is combined with \fB-v\fP (invert the
+sense of the match to find non-matching lines), no output is generated, but the
+return code is set appropriately. If the matched portion of the line is empty,
+nothing is output unless the file name or line number are being printed, in
+which case they are shown on an otherwise empty line. This option is mutually
+exclusive with \fB--file-offsets\fP and \fB--line-offsets\fP.
+.TP
+\fB-o\fP\fInumber\fP, \fB--only-matching\fP=\fInumber\fP
+Show only the part of the line that matched the capturing parentheses of the
+given number. Up to 32 capturing parentheses are supported, and -o0 is
+equivalent to \fB-o\fP without a number. Because these options can be given
+without an argument (see above), if an argument is present, it must be given in
+the same shell item, for example, -o3 or --only-matching=2. The comments given
+for the non-argument case above also apply to this case. If the specified
+capturing parentheses do not exist in the pattern, or were not set in the
+match, nothing is output unless the file name or line number are being printed.
+.sp
+If this option is given multiple times, multiple substrings are output, in the
+order the options are given. For example, -o3 -o1 -o3 causes the substrings
+matched by capturing parentheses 3 and 1 and then 3 again to be output. By
+default, there is no separator (but see the next option).
+.TP
+\fB--om-separator\fP=\fItext\fP
+Specify a separating string for multiple occurrences of \fB-o\fP. The default
+is an empty string. Separating strings are never coloured.
+.TP
+\fB-q\fP, \fB--quiet\fP
+Work quietly, that is, display nothing except error messages. The exit
+status indicates whether or not any matches were found.
+.TP
+\fB-r\fP, \fB--recursive\fP
+If any given path is a directory, recursively scan the files it contains,
+taking note of any \fB--include\fP and \fB--exclude\fP settings. By default, a
+directory is read as a normal file; in some operating systems this gives an
+immediate end-of-file. This option is a shorthand for setting the \fB-d\fP
+option to "recurse".
+.TP
+\fB--recursion-limit\fP=\fInumber\fP
+See \fB--match-limit\fP above.
+.TP
+\fB-s\fP, \fB--no-messages\fP
+Suppress error messages about non-existent or unreadable files. Such files are
+quietly skipped. However, the return code is still 2, even if matches were
+found in other files.
+.TP
+\fB-u\fP, \fB--utf-8\fP
+Operate in UTF-8 mode. This option is available only if PCRE has been compiled
+with UTF-8 support. All patterns (including those for any \fB--exclude\fP and
+\fB--include\fP options) and all subject lines that are scanned must be valid
+strings of UTF-8 characters.
+.TP
+\fB-V\fP, \fB--version\fP
+Write the version numbers of \fBpcregrep\fP and the PCRE library to the
+standard output and then exit. Anything else on the command line is
+ignored.
+.TP
+\fB-v\fP, \fB--invert-match\fP
+Invert the sense of the match, so that lines which do \fInot\fP match any of
+the patterns are the ones that are found.
+.TP
+\fB-w\fP, \fB--word-regex\fP, \fB--word-regexp\fP
+Force the patterns to match only whole words. This is equivalent to having \eb
+at the start and end of the pattern. This option applies only to the patterns
+that are matched against the contents of files; it does not apply to patterns
+specified by any of the \fB--include\fP or \fB--exclude\fP options.
+.TP
+\fB-x\fP, \fB--line-regex\fP, \fB--line-regexp\fP
+Force the patterns to be anchored (each must start matching at the beginning of
+a line) and in addition, require them to match entire lines. This is equivalent
+to having ^ and $ characters at the start and end of each alternative branch in
+every pattern. This option applies only to the patterns that are matched
+against the contents of files; it does not apply to patterns specified by any
+of the \fB--include\fP or \fB--exclude\fP options.
+.
+.
+.SH "ENVIRONMENT VARIABLES"
+.rs
+.sp
+The environment variables \fBLC_ALL\fP and \fBLC_CTYPE\fP are examined, in that
+order, for a locale. The first one that is set is used. This can be overridden
+by the \fB--locale\fP option. If no locale is set, the PCRE library's default
+(usually the "C" locale) is used.
+.
+.
+.SH "NEWLINES"
+.rs
+.sp
+The \fB-N\fP (\fB--newline\fP) option allows \fBpcregrep\fP to scan files with
+different newline conventions from the default. Any parts of the input files
+that are written to the standard output are copied identically, with whatever
+newline sequences they have in the input. However, the setting of this option
+does not affect the interpretation of files specified by the \fB-f\fP,
+\fB--exclude-from\fP, or \fB--include-from\fP options, which are assumed to use
+the operating system's standard newline sequence, nor does it affect the way in
+which \fBpcregrep\fP writes informational messages to the standard error and
+output streams. For these it uses the string "\en" to indicate newlines,
+relying on the C I/O library to convert this to an appropriate sequence.
+.
+.
+.SH "OPTIONS COMPATIBILITY"
+.rs
+.sp
+Many of the short and long forms of \fBpcregrep\fP's options are the same
+as in the GNU \fBgrep\fP program. Any long option of the form
+\fB--xxx-regexp\fP (GNU terminology) is also available as \fB--xxx-regex\fP
+(PCRE terminology). However, the \fB--file-list\fP, \fB--file-offsets\fP,
+\fB--include-dir\fP, \fB--line-offsets\fP, \fB--locale\fP, \fB--match-limit\fP,
+\fB-M\fP, \fB--multiline\fP, \fB-N\fP, \fB--newline\fP, \fB--om-separator\fP,
+\fB--recursion-limit\fP, \fB-u\fP, and \fB--utf-8\fP options are specific to
+\fBpcregrep\fP, as is the use of the \fB--only-matching\fP option with a
+capturing parentheses number.
+.P
+Although most of the common options work the same way, a few are different in
+\fBpcregrep\fP. For example, the \fB--include\fP option's argument is a glob
+for GNU \fBgrep\fP, but a regular expression for \fBpcregrep\fP. If both the
+\fB-c\fP and \fB-l\fP options are given, GNU grep lists only file names,
+without counts, but \fBpcregrep\fP gives the counts.
+.
+.
+.SH "OPTIONS WITH DATA"
+.rs
+.sp
+There are four different ways in which an option with data can be specified.
+If a short form option is used, the data may follow immediately, or (with one
+exception) in the next command line item. For example:
+.sp
+  -f/some/file
+  -f /some/file
+.sp
+The exception is the \fB-o\fP option, which may appear with or without data.
+Because of this, if data is present, it must follow immediately in the same
+item, for example -o3.
+.P
+If a long form option is used, the data may appear in the same command line
+item, separated by an equals character, or (with two exceptions) it may appear
+in the next command line item. For example:
+.sp
+  --file=/some/file
+  --file /some/file
+.sp
+Note, however, that if you want to supply a file name beginning with ~ as data
+in a shell command, and have the shell expand ~ to a home directory, you must
+separate the file name from the option, because the shell does not treat ~
+specially unless it is at the start of an item.
+.P
+The exceptions to the above are the \fB--colour\fP (or \fB--color\fP) and
+\fB--only-matching\fP options, for which the data is optional. If one of these
+options does have data, it must be given in the first form, using an equals
+character. Otherwise \fBpcregrep\fP will assume that it has no data.
+.
+.
+.SH "MATCHING ERRORS"
+.rs
+.sp
+It is possible to supply a regular expression that takes a very long time to
+fail to match certain lines. Such patterns normally involve nested indefinite
+repeats, for example: (a+)*\ed when matched against a line of a's with no final
+digit. The PCRE matching function has a resource limit that causes it to abort
+in these circumstances. If this happens, \fBpcregrep\fP outputs an error
+message and the line that caused the problem to the standard error stream. If
+there are more than 20 such errors, \fBpcregrep\fP gives up.
+.P
+The \fB--match-limit\fP option of \fBpcregrep\fP can be used to set the overall
+resource limit; there is a second option called \fB--recursion-limit\fP that
+sets a limit on the amount of memory (usually stack) that is used (see the
+discussion of these options above).
+.
+.
+.SH DIAGNOSTICS
+.rs
+.sp
+Exit status is 0 if any matches were found, 1 if no matches were found, and 2
+for syntax errors, overlong lines, non-existent or inaccessible files (even if
+matches were found in other files) or too many matching errors. Using the
+\fB-s\fP option to suppress error messages about inaccessible files does not
+affect the return code.
+.
+.
+.SH "SEE ALSO"
+.rs
+.sp
+\fBpcrepattern\fP(3), \fBpcresyntax\fP(3), \fBpcretest\fP(1).
+.
+.
+.SH AUTHOR
+.rs
+.sp
+.nf
+Philip Hazel
+University Computing Service
+Cambridge CB2 3QH, England.
+.fi
+.
+.
+.SH REVISION
+.rs
+.sp
+.nf
+Last updated: 03 April 2014
+Copyright (c) 1997-2014 University of Cambridge.
+.fi
diff --git a/client/3rd/ShadowSocks/ShadowSocks/pcre/armv7/share/man/man1/pcretest.1 b/client/3rd/ShadowSocks/ShadowSocks/pcre/armv7/share/man/man1/pcretest.1
new file mode 100644
index 00000000..ea7457c0
--- /dev/null
+++ b/client/3rd/ShadowSocks/ShadowSocks/pcre/armv7/share/man/man1/pcretest.1
@@ -0,0 +1,1160 @@
+.TH PCRETEST 1 "23 February 2017" "PCRE 8.41"
+.SH NAME
+pcretest - a program for testing Perl-compatible regular expressions.
+.SH SYNOPSIS
+.rs
+.sp
+.B pcretest "[options] [input file [output file]]"
+.sp
+\fBpcretest\fP was written as a test program for the PCRE regular expression
+library itself, but it can also be used for experimenting with regular
+expressions. This document describes the features of the test program; for
+details of the regular expressions themselves, see the
+.\" HREF
+\fBpcrepattern\fP
+.\"
+documentation. For details of the PCRE library function calls and their
+options, see the
+.\" HREF
+\fBpcreapi\fP
+.\"
+,
+.\" HREF
+\fBpcre16\fP
+and
+.\" HREF
+\fBpcre32\fP
+.\"
+documentation.
+.P
+The input for \fBpcretest\fP is a sequence of regular expression patterns and
+strings to be matched, as described below. The output shows the result of each
+match. Options on the command line and the patterns control PCRE options and
+exactly what is output.
+.P
+As PCRE has evolved, it has acquired many different features, and as a result,
+\fBpcretest\fP now has rather a lot of obscure options for testing every
+possible feature. Some of these options are specifically designed for use in
+conjunction with the test script and data files that are distributed as part of
+PCRE, and are unlikely to be of use otherwise. They are all documented here,
+but without much justification.
+.
+.
+.SH "INPUT DATA FORMAT"
+.rs
+.sp
+Input to \fBpcretest\fP is processed line by line, either by calling the C
+library's \fBfgets()\fP function, or via the \fBlibreadline\fP library (see
+below). In Unix-like environments, \fBfgets()\fP treats any bytes other than
+newline as data characters. However, in some Windows environments character 26
+(hex 1A) causes an immediate end of file, and no further data is read. For
+maximum portability, therefore, it is safest to use only ASCII characters in
+\fBpcretest\fP input files.
+.P
+The input is processed using using C's string functions, so must not
+contain binary zeroes, even though in Unix-like environments, \fBfgets()\fP
+treats any bytes other than newline as data characters.
+.
+.
+.SH "PCRE's 8-BIT, 16-BIT AND 32-BIT LIBRARIES"
+.rs
+.sp
+From release 8.30, two separate PCRE libraries can be built. The original one
+supports 8-bit character strings, whereas the newer 16-bit library supports
+character strings encoded in 16-bit units. From release 8.32, a third library
+can be built, supporting character strings encoded in 32-bit units. The
+\fBpcretest\fP program can be used to test all three libraries. However, it is
+itself still an 8-bit program, reading 8-bit input and writing 8-bit output.
+When testing the 16-bit or 32-bit library, the patterns and data strings are
+converted to 16- or 32-bit format before being passed to the PCRE library
+functions. Results are converted to 8-bit for output.
+.P
+References to functions and structures of the form \fBpcre[16|32]_xx\fP below
+mean "\fBpcre_xx\fP when using the 8-bit library, \fBpcre16_xx\fP when using
+the 16-bit library, or \fBpcre32_xx\fP when using the 32-bit library".
+.
+.
+.SH "COMMAND LINE OPTIONS"
+.rs
+.TP 10
+\fB-8\fP
+If both the 8-bit library has been built, this option causes the 8-bit library
+to be used (which is the default); if the 8-bit library has not been built,
+this option causes an error.
+.TP 10
+\fB-16\fP
+If both the 8-bit or the 32-bit, and the 16-bit libraries have been built, this
+option causes the 16-bit library to be used. If only the 16-bit library has been
+built, this is the default (so has no effect). If only the 8-bit or the 32-bit
+library has been built, this option causes an error.
+.TP 10
+\fB-32\fP
+If both the 8-bit or the 16-bit, and the 32-bit libraries have been built, this
+option causes the 32-bit library to be used. If only the 32-bit library has been
+built, this is the default (so has no effect). If only the 8-bit or the 16-bit
+library has been built, this option causes an error.
+.TP 10
+\fB-b\fP
+Behave as if each pattern has the \fB/B\fP (show byte code) modifier; the
+internal form is output after compilation.
+.TP 10
+\fB-C\fP
+Output the version number of the PCRE library, and all available information
+about the optional features that are included, and then exit with zero exit
+code. All other options are ignored.
+.TP 10
+\fB-C\fP \fIoption\fP
+Output information about a specific build-time option, then exit. This
+functionality is intended for use in scripts such as \fBRunTest\fP. The
+following options output the value and set the exit code as indicated:
+.sp
+  ebcdic-nl  the code for LF (= NL) in an EBCDIC environment:
+               0x15 or 0x25
+               0 if used in an ASCII environment
+               exit code is always 0
+  linksize   the configured internal link size (2, 3, or 4)
+               exit code is set to the link size
+  newline    the default newline setting:
+               CR, LF, CRLF, ANYCRLF, or ANY
+               exit code is always 0
+  bsr        the default setting for what \eR matches:
+               ANYCRLF or ANY
+               exit code is always 0
+.sp
+The following options output 1 for true or 0 for false, and set the exit code
+to the same value:
+.sp
+  ebcdic     compiled for an EBCDIC environment
+  jit        just-in-time support is available
+  pcre16     the 16-bit library was built
+  pcre32     the 32-bit library was built
+  pcre8      the 8-bit library was built
+  ucp        Unicode property support is available
+  utf        UTF-8 and/or UTF-16 and/or UTF-32 support
+               is available
+.sp
+If an unknown option is given, an error message is output; the exit code is 0.
+.TP 10
+\fB-d\fP
+Behave as if each pattern has the \fB/D\fP (debug) modifier; the internal
+form and information about the compiled pattern is output after compilation;
+\fB-d\fP is equivalent to \fB-b -i\fP.
+.TP 10
+\fB-dfa\fP
+Behave as if each data line contains the \eD escape sequence; this causes the
+alternative matching function, \fBpcre[16|32]_dfa_exec()\fP, to be used instead
+of the standard \fBpcre[16|32]_exec()\fP function (more detail is given below).
+.TP 10
+\fB-help\fP
+Output a brief summary these options and then exit.
+.TP 10
+\fB-i\fP
+Behave as if each pattern has the \fB/I\fP modifier; information about the
+compiled pattern is given after compilation.
+.TP 10
+\fB-M\fP
+Behave as if each data line contains the \eM escape sequence; this causes
+PCRE to discover the minimum MATCH_LIMIT and MATCH_LIMIT_RECURSION settings by
+calling \fBpcre[16|32]_exec()\fP repeatedly with different limits.
+.TP 10
+\fB-m\fP
+Output the size of each compiled pattern after it has been compiled. This is
+equivalent to adding \fB/M\fP to each regular expression. The size is given in
+bytes for both libraries.
+.TP 10
+\fB-O\fP
+Behave as if each pattern has the \fB/O\fP modifier, that is disable
+auto-possessification for all patterns.
+.TP 10
+\fB-o\fP \fIosize\fP
+Set the number of elements in the output vector that is used when calling
+\fBpcre[16|32]_exec()\fP or \fBpcre[16|32]_dfa_exec()\fP to be \fIosize\fP. The
+default value is 45, which is enough for 14 capturing subexpressions for
+\fBpcre[16|32]_exec()\fP or 22 different matches for
+\fBpcre[16|32]_dfa_exec()\fP.
+The vector size can be changed for individual matching calls by including \eO
+in the data line (see below).
+.TP 10
+\fB-p\fP
+Behave as if each pattern has the \fB/P\fP modifier; the POSIX wrapper API is
+used to call PCRE. None of the other options has any effect when \fB-p\fP is
+set. This option can be used only with the 8-bit library.
+.TP 10
+\fB-q\fP
+Do not output the version number of \fBpcretest\fP at the start of execution.
+.TP 10
+\fB-S\fP \fIsize\fP
+On Unix-like systems, set the size of the run-time stack to \fIsize\fP
+megabytes.
+.TP 10
+\fB-s\fP or \fB-s+\fP
+Behave as if each pattern has the \fB/S\fP modifier; in other words, force each
+pattern to be studied. If \fB-s+\fP is used, all the JIT compile options are
+passed to \fBpcre[16|32]_study()\fP, causing just-in-time optimization to be set
+up if it is available, for both full and partial matching. Specific JIT compile
+options can be selected by following \fB-s+\fP with a digit in the range 1 to
+7, which selects the JIT compile modes as follows:
+.sp
+  1  normal match only
+  2  soft partial match only
+  3  normal match and soft partial match
+  4  hard partial match only
+  6  soft and hard partial match
+  7  all three modes (default)
+.sp
+If \fB-s++\fP is used instead of \fB-s+\fP (with or without a following digit),
+the text "(JIT)" is added to the first output line after a match or no match
+when JIT-compiled code was actually used.
+.sp
+Note that there are pattern options that can override \fB-s\fP, either
+specifying no studying at all, or suppressing JIT compilation.
+.sp
+If the \fB/I\fP or \fB/D\fP option is present on a pattern (requesting output
+about the compiled pattern), information about the result of studying is not
+included when studying is caused only by \fB-s\fP and neither \fB-i\fP nor
+\fB-d\fP is present on the command line. This behaviour means that the output
+from tests that are run with and without \fB-s\fP should be identical, except
+when options that output information about the actual running of a match are
+set.
+.sp
+The \fB-M\fP, \fB-t\fP, and \fB-tm\fP options, which give information about
+resources used, are likely to produce different output with and without
+\fB-s\fP. Output may also differ if the \fB/C\fP option is present on an
+individual pattern. This uses callouts to trace the the matching process, and
+this may be different between studied and non-studied patterns. If the pattern
+contains (*MARK) items there may also be differences, for the same reason. The
+\fB-s\fP command line option can be overridden for specific patterns that
+should never be studied (see the \fB/S\fP pattern modifier below).
+.TP 10
+\fB-t\fP
+Run each compile, study, and match many times with a timer, and output the
+resulting times per compile, study, or match (in milliseconds). Do not set
+\fB-m\fP with \fB-t\fP, because you will then get the size output a zillion
+times, and the timing will be distorted. You can control the number of
+iterations that are used for timing by following \fB-t\fP with a number (as a
+separate item on the command line). For example, "-t 1000" iterates 1000 times.
+The default is to iterate 500000 times.
+.TP 10
+\fB-tm\fP
+This is like \fB-t\fP except that it times only the matching phase, not the
+compile or study phases.
+.TP 10
+\fB-T\fP \fB-TM\fP
+These behave like \fB-t\fP and \fB-tm\fP, but in addition, at the end of a run,
+the total times for all compiles, studies, and matches are output.
+.
+.
+.SH DESCRIPTION
+.rs
+.sp
+If \fBpcretest\fP is given two filename arguments, it reads from the first and
+writes to the second. If it is given only one filename argument, it reads from
+that file and writes to stdout. Otherwise, it reads from stdin and writes to
+stdout, and prompts for each line of input, using "re>" to prompt for regular
+expressions, and "data>" to prompt for data lines.
+.P
+When \fBpcretest\fP is built, a configuration option can specify that it should
+be linked with the \fBlibreadline\fP library. When this is done, if the input
+is from a terminal, it is read using the \fBreadline()\fP function. This
+provides line-editing and history facilities. The output from the \fB-help\fP
+option states whether or not \fBreadline()\fP will be used.
+.P
+The program handles any number of sets of input on a single input file. Each
+set starts with a regular expression, and continues with any number of data
+lines to be matched against that pattern.
+.P
+Each data line is matched separately and independently. If you want to do
+multi-line matches, you have to use the \en escape sequence (or \er or \er\en,
+etc., depending on the newline setting) in a single line of input to encode the
+newline sequences. There is no limit on the length of data lines; the input
+buffer is automatically extended if it is too small.
+.P
+An empty line signals the end of the data lines, at which point a new regular
+expression is read. The regular expressions are given enclosed in any
+non-alphanumeric delimiters other than backslash, for example:
+.sp
+  /(a|bc)x+yz/
+.sp
+White space before the initial delimiter is ignored. A regular expression may
+be continued over several input lines, in which case the newline characters are
+included within it. It is possible to include the delimiter within the pattern
+by escaping it, for example
+.sp
+  /abc\e/def/
+.sp
+If you do so, the escape and the delimiter form part of the pattern, but since
+delimiters are always non-alphanumeric, this does not affect its interpretation.
+If the terminating delimiter is immediately followed by a backslash, for
+example,
+.sp
+  /abc/\e
+.sp
+then a backslash is added to the end of the pattern. This is done to provide a
+way of testing the error condition that arises if a pattern finishes with a
+backslash, because
+.sp
+  /abc\e/
+.sp
+is interpreted as the first line of a pattern that starts with "abc/", causing
+pcretest to read the next line as a continuation of the regular expression.
+.
+.
+.SH "PATTERN MODIFIERS"
+.rs
+.sp
+A pattern may be followed by any number of modifiers, which are mostly single
+characters, though some of these can be qualified by further characters.
+Following Perl usage, these are referred to below as, for example, "the
+\fB/i\fP modifier", even though the delimiter of the pattern need not always be
+a slash, and no slash is used when writing modifiers. White space may appear
+between the final pattern delimiter and the first modifier, and between the
+modifiers themselves. For reference, here is a complete list of modifiers. They
+fall into several groups that are described in detail in the following
+sections.
+.sp
+  \fB/8\fP              set UTF mode
+  \fB/9\fP              set PCRE_NEVER_UTF (locks out UTF mode)
+  \fB/?\fP              disable UTF validity check
+  \fB/+\fP              show remainder of subject after match
+  \fB/=\fP              show all captures (not just those that are set)
+.sp
+  \fB/A\fP              set PCRE_ANCHORED
+  \fB/B\fP              show compiled code
+  \fB/C\fP              set PCRE_AUTO_CALLOUT
+  \fB/D\fP              same as \fB/B\fP plus \fB/I\fP
+  \fB/E\fP              set PCRE_DOLLAR_ENDONLY
+  \fB/F\fP              flip byte order in compiled pattern
+  \fB/f\fP              set PCRE_FIRSTLINE
+  \fB/G\fP              find all matches (shorten string)
+  \fB/g\fP              find all matches (use startoffset)
+  \fB/I\fP              show information about pattern
+  \fB/i\fP              set PCRE_CASELESS
+  \fB/J\fP              set PCRE_DUPNAMES
+  \fB/K\fP              show backtracking control names
+  \fB/L\fP              set locale
+  \fB/M\fP              show compiled memory size
+  \fB/m\fP              set PCRE_MULTILINE
+  \fB/N\fP              set PCRE_NO_AUTO_CAPTURE
+  \fB/O\fP              set PCRE_NO_AUTO_POSSESS
+  \fB/P\fP              use the POSIX wrapper
+  \fB/Q\fP              test external stack check function
+  \fB/S\fP              study the pattern after compilation
+  \fB/s\fP              set PCRE_DOTALL
+  \fB/T\fP              select character tables
+  \fB/U\fP              set PCRE_UNGREEDY
+  \fB/W\fP              set PCRE_UCP
+  \fB/X\fP              set PCRE_EXTRA
+  \fB/x\fP              set PCRE_EXTENDED
+  \fB/Y\fP              set PCRE_NO_START_OPTIMIZE
+  \fB/Z\fP              don't show lengths in \fB/B\fP output
+.sp
+  \fB/<any>\fP          set PCRE_NEWLINE_ANY
+  \fB/<anycrlf>\fP      set PCRE_NEWLINE_ANYCRLF
+  \fB/<cr>\fP           set PCRE_NEWLINE_CR
+  \fB/<crlf>\fP         set PCRE_NEWLINE_CRLF
+  \fB/<lf>\fP           set PCRE_NEWLINE_LF
+  \fB/<bsr_anycrlf>\fP  set PCRE_BSR_ANYCRLF
+  \fB/<bsr_unicode>\fP  set PCRE_BSR_UNICODE
+  \fB/<JS>\fP           set PCRE_JAVASCRIPT_COMPAT
+.sp
+.
+.
+.SS "Perl-compatible modifiers"
+.rs
+.sp
+The \fB/i\fP, \fB/m\fP, \fB/s\fP, and \fB/x\fP modifiers set the PCRE_CASELESS,
+PCRE_MULTILINE, PCRE_DOTALL, or PCRE_EXTENDED options, respectively, when
+\fBpcre[16|32]_compile()\fP is called. These four modifier letters have the same
+effect as they do in Perl. For example:
+.sp
+  /caseless/i
+.sp
+.
+.
+.SS "Modifiers for other PCRE options"
+.rs
+.sp
+The following table shows additional modifiers for setting PCRE compile-time
+options that do not correspond to anything in Perl:
+.sp
+  \fB/8\fP              PCRE_UTF8           ) when using the 8-bit
+  \fB/?\fP              PCRE_NO_UTF8_CHECK  )   library
+.sp
+  \fB/8\fP              PCRE_UTF16          ) when using the 16-bit
+  \fB/?\fP              PCRE_NO_UTF16_CHECK )   library
+.sp
+  \fB/8\fP              PCRE_UTF32          ) when using the 32-bit
+  \fB/?\fP              PCRE_NO_UTF32_CHECK )   library
+.sp
+  \fB/9\fP              PCRE_NEVER_UTF
+  \fB/A\fP              PCRE_ANCHORED
+  \fB/C\fP              PCRE_AUTO_CALLOUT
+  \fB/E\fP              PCRE_DOLLAR_ENDONLY
+  \fB/f\fP              PCRE_FIRSTLINE
+  \fB/J\fP              PCRE_DUPNAMES
+  \fB/N\fP              PCRE_NO_AUTO_CAPTURE
+  \fB/O\fP              PCRE_NO_AUTO_POSSESS
+  \fB/U\fP              PCRE_UNGREEDY
+  \fB/W\fP              PCRE_UCP
+  \fB/X\fP              PCRE_EXTRA
+  \fB/Y\fP              PCRE_NO_START_OPTIMIZE
+  \fB/<any>\fP          PCRE_NEWLINE_ANY
+  \fB/<anycrlf>\fP      PCRE_NEWLINE_ANYCRLF
+  \fB/<cr>\fP           PCRE_NEWLINE_CR
+  \fB/<crlf>\fP         PCRE_NEWLINE_CRLF
+  \fB/<lf>\fP           PCRE_NEWLINE_LF
+  \fB/<bsr_anycrlf>\fP  PCRE_BSR_ANYCRLF
+  \fB/<bsr_unicode>\fP  PCRE_BSR_UNICODE
+  \fB/<JS>\fP           PCRE_JAVASCRIPT_COMPAT
+.sp
+The modifiers that are enclosed in angle brackets are literal strings as shown,
+including the angle brackets, but the letters within can be in either case.
+This example sets multiline matching with CRLF as the line ending sequence:
+.sp
+  /^abc/m<CRLF>
+.sp
+As well as turning on the PCRE_UTF8/16/32 option, the \fB/8\fP modifier causes
+all non-printing characters in output strings to be printed using the
+\ex{hh...} notation. Otherwise, those less than 0x100 are output in hex without
+the curly brackets.
+.P
+Full details of the PCRE options are given in the
+.\" HREF
+\fBpcreapi\fP
+.\"
+documentation.
+.
+.
+.SS "Finding all matches in a string"
+.rs
+.sp
+Searching for all possible matches within each subject string can be requested
+by the \fB/g\fP or \fB/G\fP modifier. After finding a match, PCRE is called
+again to search the remainder of the subject string. The difference between
+\fB/g\fP and \fB/G\fP is that the former uses the \fIstartoffset\fP argument to
+\fBpcre[16|32]_exec()\fP to start searching at a new point within the entire
+string (which is in effect what Perl does), whereas the latter passes over a
+shortened substring. This makes a difference to the matching process if the
+pattern begins with a lookbehind assertion (including \eb or \eB).
+.P
+If any call to \fBpcre[16|32]_exec()\fP in a \fB/g\fP or \fB/G\fP sequence matches
+an empty string, the next call is done with the PCRE_NOTEMPTY_ATSTART and
+PCRE_ANCHORED flags set in order to search for another, non-empty, match at the
+same point. If this second match fails, the start offset is advanced, and the
+normal match is retried. This imitates the way Perl handles such cases when
+using the \fB/g\fP modifier or the \fBsplit()\fP function. Normally, the start
+offset is advanced by one character, but if the newline convention recognizes
+CRLF as a newline, and the current character is CR followed by LF, an advance
+of two is used.
+.
+.
+.SS "Other modifiers"
+.rs
+.sp
+There are yet more modifiers for controlling the way \fBpcretest\fP
+operates.
+.P
+The \fB/+\fP modifier requests that as well as outputting the substring that
+matched the entire pattern, \fBpcretest\fP should in addition output the
+remainder of the subject string. This is useful for tests where the subject
+contains multiple copies of the same substring. If the \fB+\fP modifier appears
+twice, the same action is taken for captured substrings. In each case the
+remainder is output on the following line with a plus character following the
+capture number. Note that this modifier must not immediately follow the /S
+modifier because /S+ and /S++ have other meanings.
+.P
+The \fB/=\fP modifier requests that the values of all potential captured
+parentheses be output after a match. By default, only those up to the highest
+one actually used in the match are output (corresponding to the return code
+from \fBpcre[16|32]_exec()\fP). Values in the offsets vector corresponding to
+higher numbers should be set to -1, and these are output as "<unset>". This
+modifier gives a way of checking that this is happening.
+.P
+The \fB/B\fP modifier is a debugging feature. It requests that \fBpcretest\fP
+output a representation of the compiled code after compilation. Normally this
+information contains length and offset values; however, if \fB/Z\fP is also
+present, this data is replaced by spaces. This is a special feature for use in
+the automatic test scripts; it ensures that the same output is generated for
+different internal link sizes.
+.P
+The \fB/D\fP modifier is a PCRE debugging feature, and is equivalent to
+\fB/BI\fP, that is, both the \fB/B\fP and the \fB/I\fP modifiers.
+.P
+The \fB/F\fP modifier causes \fBpcretest\fP to flip the byte order of the
+2-byte and 4-byte fields in the compiled pattern. This facility is for testing
+the feature in PCRE that allows it to execute patterns that were compiled on a
+host with a different endianness. This feature is not available when the POSIX
+interface to PCRE is being used, that is, when the \fB/P\fP pattern modifier is
+specified. See also the section about saving and reloading compiled patterns
+below.
+.P
+The \fB/I\fP modifier requests that \fBpcretest\fP output information about the
+compiled pattern (whether it is anchored, has a fixed first character, and
+so on). It does this by calling \fBpcre[16|32]_fullinfo()\fP after compiling a
+pattern. If the pattern is studied, the results of that are also output. In
+this output, the word "char" means a non-UTF character, that is, the value of a
+single data item (8-bit, 16-bit, or 32-bit, depending on the library that is
+being tested).
+.P
+The \fB/K\fP modifier requests \fBpcretest\fP to show names from backtracking
+control verbs that are returned from calls to \fBpcre[16|32]_exec()\fP. It causes
+\fBpcretest\fP to create a \fBpcre[16|32]_extra\fP block if one has not already
+been created by a call to \fBpcre[16|32]_study()\fP, and to set the
+PCRE_EXTRA_MARK flag and the \fBmark\fP field within it, every time that
+\fBpcre[16|32]_exec()\fP is called. If the variable that the \fBmark\fP field
+points to is non-NULL for a match, non-match, or partial match, \fBpcretest\fP
+prints the string to which it points. For a match, this is shown on a line by
+itself, tagged with "MK:". For a non-match it is added to the message.
+.P
+The \fB/L\fP modifier must be followed directly by the name of a locale, for
+example,
+.sp
+  /pattern/Lfr_FR
+.sp
+For this reason, it must be the last modifier. The given locale is set,
+\fBpcre[16|32]_maketables()\fP is called to build a set of character tables for
+the locale, and this is then passed to \fBpcre[16|32]_compile()\fP when compiling
+the regular expression. Without an \fB/L\fP (or \fB/T\fP) modifier, NULL is
+passed as the tables pointer; that is, \fB/L\fP applies only to the expression
+on which it appears.
+.P
+The \fB/M\fP modifier causes the size in bytes of the memory block used to hold
+the compiled pattern to be output. This does not include the size of the
+\fBpcre[16|32]\fP block; it is just the actual compiled data. If the pattern is
+successfully studied with the PCRE_STUDY_JIT_COMPILE option, the size of the
+JIT compiled code is also output.
+.P
+The \fB/Q\fP modifier is used to test the use of \fBpcre_stack_guard\fP. It
+must be followed by '0' or '1', specifying the return code to be given from an
+external function that is passed to PCRE and used for stack checking during
+compilation (see the
+.\" HREF
+\fBpcreapi\fP
+.\"
+documentation for details).
+.P
+The \fB/S\fP modifier causes \fBpcre[16|32]_study()\fP to be called after the
+expression has been compiled, and the results used when the expression is
+matched. There are a number of qualifying characters that may follow \fB/S\fP.
+They may appear in any order.
+.P
+If \fB/S\fP is followed by an exclamation mark, \fBpcre[16|32]_study()\fP is
+called with the PCRE_STUDY_EXTRA_NEEDED option, causing it always to return a
+\fBpcre_extra\fP block, even when studying discovers no useful information.
+.P
+If \fB/S\fP is followed by a second S character, it suppresses studying, even
+if it was requested externally by the \fB-s\fP command line option. This makes
+it possible to specify that certain patterns are always studied, and others are
+never studied, independently of \fB-s\fP. This feature is used in the test
+files in a few cases where the output is different when the pattern is studied.
+.P
+If the \fB/S\fP modifier is followed by a + character, the call to
+\fBpcre[16|32]_study()\fP is made with all the JIT study options, requesting
+just-in-time optimization support if it is available, for both normal and
+partial matching. If you want to restrict the JIT compiling modes, you can
+follow \fB/S+\fP with a digit in the range 1 to 7:
+.sp
+  1  normal match only
+  2  soft partial match only
+  3  normal match and soft partial match
+  4  hard partial match only
+  6  soft and hard partial match
+  7  all three modes (default)
+.sp
+If \fB/S++\fP is used instead of \fB/S+\fP (with or without a following digit),
+the text "(JIT)" is added to the first output line after a match or no match
+when JIT-compiled code was actually used.
+.P
+Note that there is also an independent \fB/+\fP modifier; it must not be given
+immediately after \fB/S\fP or \fB/S+\fP because this will be misinterpreted.
+.P
+If JIT studying is successful, the compiled JIT code will automatically be used
+when \fBpcre[16|32]_exec()\fP is run, except when incompatible run-time options
+are specified. For more details, see the
+.\" HREF
+\fBpcrejit\fP
+.\"
+documentation. See also the \fB\eJ\fP escape sequence below for a way of
+setting the size of the JIT stack.
+.P
+Finally, if \fB/S\fP is followed by a minus character, JIT compilation is
+suppressed, even if it was requested externally by the \fB-s\fP command line
+option. This makes it possible to specify that JIT is never to be used for
+certain patterns.
+.P
+The \fB/T\fP modifier must be followed by a single digit. It causes a specific
+set of built-in character tables to be passed to \fBpcre[16|32]_compile()\fP. It
+is used in the standard PCRE tests to check behaviour with different character
+tables. The digit specifies the tables as follows:
+.sp
+  0   the default ASCII tables, as distributed in
+        pcre_chartables.c.dist
+  1   a set of tables defining ISO 8859 characters
+.sp
+In table 1, some characters whose codes are greater than 128 are identified as
+letters, digits, spaces, etc.
+.
+.
+.SS "Using the POSIX wrapper API"
+.rs
+.sp
+The \fB/P\fP modifier causes \fBpcretest\fP to call PCRE via the POSIX wrapper
+API rather than its native API. This supports only the 8-bit library. When
+\fB/P\fP is set, the following modifiers set options for the \fBregcomp()\fP
+function:
+.sp
+  /i    REG_ICASE
+  /m    REG_NEWLINE
+  /N    REG_NOSUB
+  /s    REG_DOTALL     )
+  /U    REG_UNGREEDY   ) These options are not part of
+  /W    REG_UCP        )   the POSIX standard
+  /8    REG_UTF8       )
+.sp
+The \fB/+\fP modifier works as described above. All other modifiers are
+ignored.
+.
+.
+.SS "Locking out certain modifiers"
+.rs
+.sp
+PCRE can be compiled with or without support for certain features such as
+UTF-8/16/32 or Unicode properties. Accordingly, the standard tests are split up
+into a number of different files that are selected for running depending on
+which features are available. When updating the tests, it is all too easy to
+put a new test into the wrong file by mistake; for example, to put a test that
+requires UTF support into a file that is used when it is not available. To help
+detect such mistakes as early as possible, there is a facility for locking out
+specific modifiers. If an input line for \fBpcretest\fP starts with the string
+"< forbid " the following sequence of characters is taken as a list of
+forbidden modifiers. For example, in the test files that must not use UTF or
+Unicode property support, this line appears:
+.sp
+  < forbid 8W
+.sp
+This locks out the /8 and /W modifiers. An immediate error is given if they are
+subsequently encountered. If the character string contains < but not >, all the
+multi-character modifiers that begin with < are locked out. Otherwise, such
+modifiers must be explicitly listed, for example:
+.sp
+  < forbid <JS><cr>
+.sp
+There must be a single space between < and "forbid" for this feature to be
+recognised. If there is not, the line is interpreted either as a request to
+re-load a pre-compiled pattern (see "SAVING AND RELOADING COMPILED PATTERNS"
+below) or, if there is a another < character, as a pattern that uses < as its
+delimiter.
+.
+.
+.SH "DATA LINES"
+.rs
+.sp
+Before each data line is passed to \fBpcre[16|32]_exec()\fP, leading and trailing
+white space is removed, and it is then scanned for \e escapes. Some of these
+are pretty esoteric features, intended for checking out some of the more
+complicated features of PCRE. If you are just testing "ordinary" regular
+expressions, you probably don't need any of these. The following escapes are
+recognized:
+.sp
+  \ea         alarm (BEL, \ex07)
+  \eb         backspace (\ex08)
+  \ee         escape (\ex27)
+  \ef         form feed (\ex0c)
+  \en         newline (\ex0a)
+.\" JOIN
+  \eqdd       set the PCRE_MATCH_LIMIT limit to dd
+               (any number of digits)
+  \er         carriage return (\ex0d)
+  \et         tab (\ex09)
+  \ev         vertical tab (\ex0b)
+  \ennn       octal character (up to 3 octal digits); always
+               a byte unless > 255 in UTF-8 or 16-bit or 32-bit mode
+  \eo{dd...}  octal character (any number of octal digits}
+  \exhh       hexadecimal byte (up to 2 hex digits)
+  \ex{hh...}  hexadecimal character (any number of hex digits)
+.\" JOIN
+  \eA         pass the PCRE_ANCHORED option to \fBpcre[16|32]_exec()\fP
+               or \fBpcre[16|32]_dfa_exec()\fP
+.\" JOIN
+  \eB         pass the PCRE_NOTBOL option to \fBpcre[16|32]_exec()\fP
+               or \fBpcre[16|32]_dfa_exec()\fP
+.\" JOIN
+  \eCdd       call pcre[16|32]_copy_substring() for substring dd
+               after a successful match (number less than 32)
+.\" JOIN
+  \eCname     call pcre[16|32]_copy_named_substring() for substring
+               "name" after a successful match (name termin-
+               ated by next non alphanumeric character)
+.\" JOIN
+  \eC+        show the current captured substrings at callout
+               time
+  \eC-        do not supply a callout function
+.\" JOIN
+  \eC!n       return 1 instead of 0 when callout number n is
+               reached
+.\" JOIN
+  \eC!n!m     return 1 instead of 0 when callout number n is
+               reached for the nth time
+.\" JOIN
+  \eC*n       pass the number n (may be negative) as callout
+               data; this is used as the callout return value
+  \eD         use the \fBpcre[16|32]_dfa_exec()\fP match function
+  \eF         only shortest match for \fBpcre[16|32]_dfa_exec()\fP
+.\" JOIN
+  \eGdd       call pcre[16|32]_get_substring() for substring dd
+               after a successful match (number less than 32)
+.\" JOIN
+  \eGname     call pcre[16|32]_get_named_substring() for substring
+               "name" after a successful match (name termin-
+               ated by next non-alphanumeric character)
+.\" JOIN
+  \eJdd       set up a JIT stack of dd kilobytes maximum (any
+               number of digits)
+.\" JOIN
+  \eL         call pcre[16|32]_get_substringlist() after a
+               successful match
+.\" JOIN
+  \eM         discover the minimum MATCH_LIMIT and
+               MATCH_LIMIT_RECURSION settings
+.\" JOIN
+  \eN         pass the PCRE_NOTEMPTY option to \fBpcre[16|32]_exec()\fP
+               or \fBpcre[16|32]_dfa_exec()\fP; if used twice, pass the
+               PCRE_NOTEMPTY_ATSTART option
+.\" JOIN
+  \eOdd       set the size of the output vector passed to
+               \fBpcre[16|32]_exec()\fP to dd (any number of digits)
+.\" JOIN
+  \eP         pass the PCRE_PARTIAL_SOFT option to \fBpcre[16|32]_exec()\fP
+               or \fBpcre[16|32]_dfa_exec()\fP; if used twice, pass the
+               PCRE_PARTIAL_HARD option
+.\" JOIN
+  \eQdd       set the PCRE_MATCH_LIMIT_RECURSION limit to dd
+               (any number of digits)
+  \eR         pass the PCRE_DFA_RESTART option to \fBpcre[16|32]_dfa_exec()\fP
+  \eS         output details of memory get/free calls during matching
+.\" JOIN
+  \eY         pass the PCRE_NO_START_OPTIMIZE option to \fBpcre[16|32]_exec()\fP
+               or \fBpcre[16|32]_dfa_exec()\fP
+.\" JOIN
+  \eZ         pass the PCRE_NOTEOL option to \fBpcre[16|32]_exec()\fP
+               or \fBpcre[16|32]_dfa_exec()\fP
+.\" JOIN
+  \e?         pass the PCRE_NO_UTF[8|16|32]_CHECK option to
+               \fBpcre[16|32]_exec()\fP or \fBpcre[16|32]_dfa_exec()\fP
+.\" JOIN
+  \e>dd       start the match at offset dd (optional "-"; then
+               any number of digits); this sets the \fIstartoffset\fP
+               argument for \fBpcre[16|32]_exec()\fP or \fBpcre[16|32]_dfa_exec()\fP
+.\" JOIN
+  \e<cr>      pass the PCRE_NEWLINE_CR option to \fBpcre[16|32]_exec()\fP
+               or \fBpcre[16|32]_dfa_exec()\fP
+.\" JOIN
+  \e<lf>      pass the PCRE_NEWLINE_LF option to \fBpcre[16|32]_exec()\fP
+               or \fBpcre[16|32]_dfa_exec()\fP
+.\" JOIN
+  \e<crlf>    pass the PCRE_NEWLINE_CRLF option to \fBpcre[16|32]_exec()\fP
+               or \fBpcre[16|32]_dfa_exec()\fP
+.\" JOIN
+  \e<anycrlf> pass the PCRE_NEWLINE_ANYCRLF option to \fBpcre[16|32]_exec()\fP
+               or \fBpcre[16|32]_dfa_exec()\fP
+.\" JOIN
+  \e<any>     pass the PCRE_NEWLINE_ANY option to \fBpcre[16|32]_exec()\fP
+               or \fBpcre[16|32]_dfa_exec()\fP
+.sp
+The use of \ex{hh...} is not dependent on the use of the \fB/8\fP modifier on
+the pattern. It is recognized always. There may be any number of hexadecimal
+digits inside the braces; invalid values provoke error messages.
+.P
+Note that \exhh specifies one byte rather than one character in UTF-8 mode;
+this makes it possible to construct invalid UTF-8 sequences for testing
+purposes. On the other hand, \ex{hh} is interpreted as a UTF-8 character in
+UTF-8 mode, generating more than one byte if the value is greater than 127.
+When testing the 8-bit library not in UTF-8 mode, \ex{hh} generates one byte
+for values less than 256, and causes an error for greater values.
+.P
+In UTF-16 mode, all 4-digit \ex{hhhh} values are accepted. This makes it
+possible to construct invalid UTF-16 sequences for testing purposes.
+.P
+In UTF-32 mode, all 4- to 8-digit \ex{...} values are accepted. This makes it
+possible to construct invalid UTF-32 sequences for testing purposes.
+.P
+The escapes that specify line ending sequences are literal strings, exactly as
+shown. No more than one newline setting should be present in any data line.
+.P
+A backslash followed by anything else just escapes the anything else. If
+the very last character is a backslash, it is ignored. This gives a way of
+passing an empty line as data, since a real empty line terminates the data
+input.
+.P
+The \fB\eJ\fP escape provides a way of setting the maximum stack size that is
+used by the just-in-time optimization code. It is ignored if JIT optimization
+is not being used. Providing a stack that is larger than the default 32K is
+necessary only for very complicated patterns.
+.P
+If \eM is present, \fBpcretest\fP calls \fBpcre[16|32]_exec()\fP several times,
+with different values in the \fImatch_limit\fP and \fImatch_limit_recursion\fP
+fields of the \fBpcre[16|32]_extra\fP data structure, until it finds the minimum
+numbers for each parameter that allow \fBpcre[16|32]_exec()\fP to complete without
+error. Because this is testing a specific feature of the normal interpretive
+\fBpcre[16|32]_exec()\fP execution, the use of any JIT optimization that might
+have been set up by the \fB/S+\fP qualifier of \fB-s+\fP option is disabled.
+.P
+The \fImatch_limit\fP number is a measure of the amount of backtracking
+that takes place, and checking it out can be instructive. For most simple
+matches, the number is quite small, but for patterns with very large numbers of
+matching possibilities, it can become large very quickly with increasing length
+of subject string. The \fImatch_limit_recursion\fP number is a measure of how
+much stack (or, if PCRE is compiled with NO_RECURSE, how much heap) memory is
+needed to complete the match attempt.
+.P
+When \eO is used, the value specified may be higher or lower than the size set
+by the \fB-O\fP command line option (or defaulted to 45); \eO applies only to
+the call of \fBpcre[16|32]_exec()\fP for the line in which it appears.
+.P
+If the \fB/P\fP modifier was present on the pattern, causing the POSIX wrapper
+API to be used, the only option-setting sequences that have any effect are \eB,
+\eN, and \eZ, causing REG_NOTBOL, REG_NOTEMPTY, and REG_NOTEOL, respectively,
+to be passed to \fBregexec()\fP.
+.
+.
+.SH "THE ALTERNATIVE MATCHING FUNCTION"
+.rs
+.sp
+By default, \fBpcretest\fP uses the standard PCRE matching function,
+\fBpcre[16|32]_exec()\fP to match each data line. PCRE also supports an
+alternative matching function, \fBpcre[16|32]_dfa_test()\fP, which operates in a
+different way, and has some restrictions. The differences between the two
+functions are described in the
+.\" HREF
+\fBpcrematching\fP
+.\"
+documentation.
+.P
+If a data line contains the \eD escape sequence, or if the command line
+contains the \fB-dfa\fP option, the alternative matching function is used.
+This function finds all possible matches at a given point. If, however, the \eF
+escape sequence is present in the data line, it stops after the first match is
+found. This is always the shortest possible match.
+.
+.
+.SH "DEFAULT OUTPUT FROM PCRETEST"
+.rs
+.sp
+This section describes the output when the normal matching function,
+\fBpcre[16|32]_exec()\fP, is being used.
+.P
+When a match succeeds, \fBpcretest\fP outputs the list of captured substrings
+that \fBpcre[16|32]_exec()\fP returns, starting with number 0 for the string that
+matched the whole pattern. Otherwise, it outputs "No match" when the return is
+PCRE_ERROR_NOMATCH, and "Partial match:" followed by the partially matching
+substring when \fBpcre[16|32]_exec()\fP returns PCRE_ERROR_PARTIAL. (Note that
+this is the entire substring that was inspected during the partial match; it
+may include characters before the actual match start if a lookbehind assertion,
+\eK, \eb, or \eB was involved.) For any other return, \fBpcretest\fP outputs
+the PCRE negative error number and a short descriptive phrase. If the error is
+a failed UTF string check, the offset of the start of the failing character and
+the reason code are also output, provided that the size of the output vector is
+at least two. Here is an example of an interactive \fBpcretest\fP run.
+.sp
+  $ pcretest
+  PCRE version 8.13 2011-04-30
+.sp
+    re> /^abc(\ed+)/
+  data> abc123
+   0: abc123
+   1: 123
+  data> xyz
+  No match
+.sp
+Unset capturing substrings that are not followed by one that is set are not
+returned by \fBpcre[16|32]_exec()\fP, and are not shown by \fBpcretest\fP. In the
+following example, there are two capturing substrings, but when the first data
+line is matched, the second, unset substring is not shown. An "internal" unset
+substring is shown as "<unset>", as for the second data line.
+.sp
+    re> /(a)|(b)/
+  data> a
+   0: a
+   1: a
+  data> b
+   0: b
+   1: <unset>
+   2: b
+.sp
+If the strings contain any non-printing characters, they are output as \exhh
+escapes if the value is less than 256 and UTF mode is not set. Otherwise they
+are output as \ex{hh...} escapes. See below for the definition of non-printing
+characters. If the pattern has the \fB/+\fP modifier, the output for substring
+0 is followed by the the rest of the subject string, identified by "0+" like
+this:
+.sp
+    re> /cat/+
+  data> cataract
+   0: cat
+   0+ aract
+.sp
+If the pattern has the \fB/g\fP or \fB/G\fP modifier, the results of successive
+matching attempts are output in sequence, like this:
+.sp
+    re> /\eBi(\ew\ew)/g
+  data> Mississippi
+   0: iss
+   1: ss
+   0: iss
+   1: ss
+   0: ipp
+   1: pp
+.sp
+"No match" is output only if the first match attempt fails. Here is an example
+of a failure message (the offset 4 that is specified by \e>4 is past the end of
+the subject string):
+.sp
+    re> /xyz/
+  data> xyz\e>4
+  Error -24 (bad offset value)
+.P
+If any of the sequences \fB\eC\fP, \fB\eG\fP, or \fB\eL\fP are present in a
+data line that is successfully matched, the substrings extracted by the
+convenience functions are output with C, G, or L after the string number
+instead of a colon. This is in addition to the normal full list. The string
+length (that is, the return from the extraction function) is given in
+parentheses after each string for \fB\eC\fP and \fB\eG\fP.
+.P
+Note that whereas patterns can be continued over several lines (a plain ">"
+prompt is used for continuations), data lines may not. However newlines can be
+included in data by means of the \en escape (or \er, \er\en, etc., depending on
+the newline sequence setting).
+.
+.
+.
+.SH "OUTPUT FROM THE ALTERNATIVE MATCHING FUNCTION"
+.rs
+.sp
+When the alternative matching function, \fBpcre[16|32]_dfa_exec()\fP, is used (by
+means of the \eD escape sequence or the \fB-dfa\fP command line option), the
+output consists of a list of all the matches that start at the first point in
+the subject where there is at least one match. For example:
+.sp
+    re> /(tang|tangerine|tan)/
+  data> yellow tangerine\eD
+   0: tangerine
+   1: tang
+   2: tan
+.sp
+(Using the normal matching function on this data finds only "tang".) The
+longest matching string is always given first (and numbered zero). After a
+PCRE_ERROR_PARTIAL return, the output is "Partial match:", followed by the
+partially matching substring. (Note that this is the entire substring that was
+inspected during the partial match; it may include characters before the actual
+match start if a lookbehind assertion, \eK, \eb, or \eB was involved.)
+.P
+If \fB/g\fP is present on the pattern, the search for further matches resumes
+at the end of the longest match. For example:
+.sp
+    re> /(tang|tangerine|tan)/g
+  data> yellow tangerine and tangy sultana\eD
+   0: tangerine
+   1: tang
+   2: tan
+   0: tang
+   1: tan
+   0: tan
+.sp
+Since the matching function does not support substring capture, the escape
+sequences that are concerned with captured substrings are not relevant.
+.
+.
+.SH "RESTARTING AFTER A PARTIAL MATCH"
+.rs
+.sp
+When the alternative matching function has given the PCRE_ERROR_PARTIAL return,
+indicating that the subject partially matched the pattern, you can restart the
+match with additional subject data by means of the \eR escape sequence. For
+example:
+.sp
+    re> /^\ed?\ed(jan|feb|mar|apr|may|jun|jul|aug|sep|oct|nov|dec)\ed\ed$/
+  data> 23ja\eP\eD
+  Partial match: 23ja
+  data> n05\eR\eD
+   0: n05
+.sp
+For further information about partial matching, see the
+.\" HREF
+\fBpcrepartial\fP
+.\"
+documentation.
+.
+.
+.SH CALLOUTS
+.rs
+.sp
+If the pattern contains any callout requests, \fBpcretest\fP's callout function
+is called during matching. This works with both matching functions. By default,
+the called function displays the callout number, the start and current
+positions in the text at the callout time, and the next pattern item to be
+tested. For example:
+.sp
+  --->pqrabcdef
+    0    ^  ^     \ed
+.sp
+This output indicates that callout number 0 occurred for a match attempt
+starting at the fourth character of the subject string, when the pointer was at
+the seventh character of the data, and when the next pattern item was \ed. Just
+one circumflex is output if the start and current positions are the same.
+.P
+Callouts numbered 255 are assumed to be automatic callouts, inserted as a
+result of the \fB/C\fP pattern modifier. In this case, instead of showing the
+callout number, the offset in the pattern, preceded by a plus, is output. For
+example:
+.sp
+    re> /\ed?[A-E]\e*/C
+  data> E*
+  --->E*
+   +0 ^      \ed?
+   +3 ^      [A-E]
+   +8 ^^     \e*
+  +10 ^ ^
+   0: E*
+.sp
+If a pattern contains (*MARK) items, an additional line is output whenever
+a change of latest mark is passed to the callout function. For example:
+.sp
+    re> /a(*MARK:X)bc/C
+  data> abc
+  --->abc
+   +0 ^       a
+   +1 ^^      (*MARK:X)
+  +10 ^^      b
+  Latest Mark: X
+  +11 ^ ^     c
+  +12 ^  ^
+   0: abc
+.sp
+The mark changes between matching "a" and "b", but stays the same for the rest
+of the match, so nothing more is output. If, as a result of backtracking, the
+mark reverts to being unset, the text "<unset>" is output.
+.P
+The callout function in \fBpcretest\fP returns zero (carry on matching) by
+default, but you can use a \eC item in a data line (as described above) to
+change this and other parameters of the callout.
+.P
+Inserting callouts can be helpful when using \fBpcretest\fP to check
+complicated regular expressions. For further information about callouts, see
+the
+.\" HREF
+\fBpcrecallout\fP
+.\"
+documentation.
+.
+.
+.
+.SH "NON-PRINTING CHARACTERS"
+.rs
+.sp
+When \fBpcretest\fP is outputting text in the compiled version of a pattern,
+bytes other than 32-126 are always treated as non-printing characters are are
+therefore shown as hex escapes.
+.P
+When \fBpcretest\fP is outputting text that is a matched part of a subject
+string, it behaves in the same way, unless a different locale has been set for
+the pattern (using the \fB/L\fP modifier). In this case, the \fBisprint()\fP
+function to distinguish printing and non-printing characters.
+.
+.
+.
+.SH "SAVING AND RELOADING COMPILED PATTERNS"
+.rs
+.sp
+The facilities described in this section are not available when the POSIX
+interface to PCRE is being used, that is, when the \fB/P\fP pattern modifier is
+specified.
+.P
+When the POSIX interface is not in use, you can cause \fBpcretest\fP to write a
+compiled pattern to a file, by following the modifiers with > and a file name.
+For example:
+.sp
+  /pattern/im >/some/file
+.sp
+See the
+.\" HREF
+\fBpcreprecompile\fP
+.\"
+documentation for a discussion about saving and re-using compiled patterns.
+Note that if the pattern was successfully studied with JIT optimization, the
+JIT data cannot be saved.
+.P
+The data that is written is binary. The first eight bytes are the length of the
+compiled pattern data followed by the length of the optional study data, each
+written as four bytes in big-endian order (most significant byte first). If
+there is no study data (either the pattern was not studied, or studying did not
+return any data), the second length is zero. The lengths are followed by an
+exact copy of the compiled pattern. If there is additional study data, this
+(excluding any JIT data) follows immediately after the compiled pattern. After
+writing the file, \fBpcretest\fP expects to read a new pattern.
+.P
+A saved pattern can be reloaded into \fBpcretest\fP by specifying < and a file
+name instead of a pattern. There must be no space between < and the file name,
+which must not contain a < character, as otherwise \fBpcretest\fP will
+interpret the line as a pattern delimited by < characters. For example:
+.sp
+   re> </some/file
+  Compiled pattern loaded from /some/file
+  No study data
+.sp
+If the pattern was previously studied with the JIT optimization, the JIT
+information cannot be saved and restored, and so is lost. When the pattern has
+been loaded, \fBpcretest\fP proceeds to read data lines in the usual way.
+.P
+You can copy a file written by \fBpcretest\fP to a different host and reload it
+there, even if the new host has opposite endianness to the one on which the
+pattern was compiled. For example, you can compile on an i86 machine and run on
+a SPARC machine. When a pattern is reloaded on a host with different
+endianness, the confirmation message is changed to:
+.sp
+  Compiled pattern (byte-inverted) loaded from /some/file
+.sp
+The test suite contains some saved pre-compiled patterns with different
+endianness. These are reloaded using "<!" instead of just "<". This suppresses
+the "(byte-inverted)" text so that the output is the same on all hosts. It also
+forces debugging output once the pattern has been reloaded.
+.P
+File names for saving and reloading can be absolute or relative, but note that
+the shell facility of expanding a file name that starts with a tilde (~) is not
+available.
+.P
+The ability to save and reload files in \fBpcretest\fP is intended for testing
+and experimentation. It is not intended for production use because only a
+single pattern can be written to a file. Furthermore, there is no facility for
+supplying custom character tables for use with a reloaded pattern. If the
+original pattern was compiled with custom tables, an attempt to match a subject
+string using a reloaded pattern is likely to cause \fBpcretest\fP to crash.
+Finally, if you attempt to load a file that is not in the correct format, the
+result is undefined.
+.
+.
+.SH "SEE ALSO"
+.rs
+.sp
+\fBpcre\fP(3), \fBpcre16\fP(3), \fBpcre32\fP(3), \fBpcreapi\fP(3),
+\fBpcrecallout\fP(3),
+\fBpcrejit\fP, \fBpcrematching\fP(3), \fBpcrepartial\fP(d),
+\fBpcrepattern\fP(3), \fBpcreprecompile\fP(3).
+.
+.
+.SH AUTHOR
+.rs
+.sp
+.nf
+Philip Hazel
+University Computing Service
+Cambridge CB2 3QH, England.
+.fi
+.
+.
+.SH REVISION
+.rs
+.sp
+.nf
+Last updated: 23 February 2017
+Copyright (c) 1997-2017 University of Cambridge.
+.fi
diff --git a/client/3rd/ShadowSocks/ShadowSocks/pcre/armv7/share/man/man3/pcre.3 b/client/3rd/ShadowSocks/ShadowSocks/pcre/armv7/share/man/man3/pcre.3
new file mode 100644
index 00000000..0f2837e7
--- /dev/null
+++ b/client/3rd/ShadowSocks/ShadowSocks/pcre/armv7/share/man/man3/pcre.3
@@ -0,0 +1,230 @@
+.TH PCRE 3 "10 February 2015" "PCRE 8.37"
+.SH NAME
+PCRE - Perl-compatible regular expressions (original API)
+.SH "PLEASE TAKE NOTE"
+.rs
+.sp
+This document relates to PCRE releases that use the original API,
+with library names libpcre, libpcre16, and libpcre32. January 2015 saw the
+first release of a new API, known as PCRE2, with release numbers starting at
+10.00 and library names libpcre2-8, libpcre2-16, and libpcre2-32. The old
+libraries (now called PCRE1) are still being maintained for bug fixes, but
+there will be no new development. New projects are advised to use the new PCRE2
+libraries.
+.
+.
+.SH INTRODUCTION
+.rs
+.sp
+The PCRE library is a set of functions that implement regular expression
+pattern matching using the same syntax and semantics as Perl, with just a few
+differences. Some features that appeared in Python and PCRE before they
+appeared in Perl are also available using the Python syntax, there is some
+support for one or two .NET and Oniguruma syntax items, and there is an option
+for requesting some minor changes that give better JavaScript compatibility.
+.P
+Starting with release 8.30, it is possible to compile two separate PCRE
+libraries: the original, which supports 8-bit character strings (including
+UTF-8 strings), and a second library that supports 16-bit character strings
+(including UTF-16 strings). The build process allows either one or both to be
+built. The majority of the work to make this possible was done by Zoltan
+Herczeg.
+.P
+Starting with release 8.32 it is possible to compile a third separate PCRE
+library that supports 32-bit character strings (including UTF-32 strings). The
+build process allows any combination of the 8-, 16- and 32-bit libraries. The
+work to make this possible was done by Christian Persch.
+.P
+The three libraries contain identical sets of functions, except that the names
+in the 16-bit library start with \fBpcre16_\fP instead of \fBpcre_\fP, and the
+names in the 32-bit library start with \fBpcre32_\fP instead of \fBpcre_\fP. To
+avoid over-complication and reduce the documentation maintenance load, most of
+the documentation describes the 8-bit library, with the differences for the
+16-bit and 32-bit libraries described separately in the
+.\" HREF
+\fBpcre16\fP
+and
+.\" HREF
+\fBpcre32\fP
+.\"
+pages. References to functions or structures of the form \fIpcre[16|32]_xxx\fP
+should be read as meaning "\fIpcre_xxx\fP when using the 8-bit library,
+\fIpcre16_xxx\fP when using the 16-bit library, or \fIpcre32_xxx\fP when using
+the 32-bit library".
+.P
+The current implementation of PCRE corresponds approximately with Perl 5.12,
+including support for UTF-8/16/32 encoded strings and Unicode general category
+properties. However, UTF-8/16/32 and Unicode support has to be explicitly
+enabled; it is not the default. The Unicode tables correspond to Unicode
+release 6.3.0.
+.P
+In addition to the Perl-compatible matching function, PCRE contains an
+alternative function that matches the same compiled patterns in a different
+way. In certain circumstances, the alternative function has some advantages.
+For a discussion of the two matching algorithms, see the
+.\" HREF
+\fBpcrematching\fP
+.\"
+page.
+.P
+PCRE is written in C and released as a C library. A number of people have
+written wrappers and interfaces of various kinds. In particular, Google Inc.
+have provided a comprehensive C++ wrapper for the 8-bit library. This is now
+included as part of the PCRE distribution. The
+.\" HREF
+\fBpcrecpp\fP
+.\"
+page has details of this interface. Other people's contributions can be found
+in the \fIContrib\fP directory at the primary FTP site, which is:
+.sp
+.\" HTML <a href="ftp://ftp.csx.cam.ac.uk/pub/software/programming/pcre">
+.\" </a>
+ftp://ftp.csx.cam.ac.uk/pub/software/programming/pcre
+.\"
+.P
+Details of exactly which Perl regular expression features are and are not
+supported by PCRE are given in separate documents. See the
+.\" HREF
+\fBpcrepattern\fP
+.\"
+and
+.\" HREF
+\fBpcrecompat\fP
+.\"
+pages. There is a syntax summary in the
+.\" HREF
+\fBpcresyntax\fP
+.\"
+page.
+.P
+Some features of PCRE can be included, excluded, or changed when the library is
+built. The
+.\" HREF
+\fBpcre_config()\fP
+.\"
+function makes it possible for a client to discover which features are
+available. The features themselves are described in the
+.\" HREF
+\fBpcrebuild\fP
+.\"
+page. Documentation about building PCRE for various operating systems can be
+found in the
+.\" HTML <a href="README.txt">
+.\" </a>
+\fBREADME\fP
+.\"
+and
+.\" HTML <a href="NON-AUTOTOOLS-BUILD.txt">
+.\" </a>
+\fBNON-AUTOTOOLS_BUILD\fP
+.\"
+files in the source distribution.
+.P
+The libraries contains a number of undocumented internal functions and data
+tables that are used by more than one of the exported external functions, but
+which are not intended for use by external callers. Their names all begin with
+"_pcre_" or "_pcre16_" or "_pcre32_", which hopefully will not provoke any name
+clashes. In some environments, it is possible to control which external symbols
+are exported when a shared library is built, and in these cases the
+undocumented symbols are not exported.
+.
+.
+.SH "SECURITY CONSIDERATIONS"
+.rs
+.sp
+If you are using PCRE in a non-UTF application that permits users to supply
+arbitrary patterns for compilation, you should be aware of a feature that
+allows users to turn on UTF support from within a pattern, provided that PCRE
+was built with UTF support. For example, an 8-bit pattern that begins with
+"(*UTF8)" or "(*UTF)" turns on UTF-8 mode, which interprets patterns and
+subjects as strings of UTF-8 characters instead of individual 8-bit characters.
+This causes both the pattern and any data against which it is matched to be
+checked for UTF-8 validity. If the data string is very long, such a check might
+use sufficiently many resources as to cause your application to lose
+performance.
+.P
+One way of guarding against this possibility is to use the
+\fBpcre_fullinfo()\fP function to check the compiled pattern's options for UTF.
+Alternatively, from release 8.33, you can set the PCRE_NEVER_UTF option at
+compile time. This causes an compile time error if a pattern contains a
+UTF-setting sequence.
+.P
+If your application is one that supports UTF, be aware that validity checking
+can take time. If the same data string is to be matched many times, you can use
+the PCRE_NO_UTF[8|16|32]_CHECK option for the second and subsequent matches to
+save redundant checks.
+.P
+Another way that performance can be hit is by running a pattern that has a very
+large search tree against a string that will never match. Nested unlimited
+repeats in a pattern are a common example. PCRE provides some protection
+against this: see the PCRE_EXTRA_MATCH_LIMIT feature in the
+.\" HREF
+\fBpcreapi\fP
+.\"
+page.
+.
+.
+.SH "USER DOCUMENTATION"
+.rs
+.sp
+The user documentation for PCRE comprises a number of different sections. In
+the "man" format, each of these is a separate "man page". In the HTML format,
+each is a separate page, linked from the index page. In the plain text format,
+the descriptions of the \fBpcregrep\fP and \fBpcretest\fP programs are in files
+called \fBpcregrep.txt\fP and \fBpcretest.txt\fP, respectively. The remaining
+sections, except for the \fBpcredemo\fP section (which is a program listing),
+are concatenated in \fBpcre.txt\fP, for ease of searching. The sections are as
+follows:
+.sp
+  pcre              this document
+  pcre-config       show PCRE installation configuration information
+  pcre16            details of the 16-bit library
+  pcre32            details of the 32-bit library
+  pcreapi           details of PCRE's native C API
+  pcrebuild         building PCRE
+  pcrecallout       details of the callout feature
+  pcrecompat        discussion of Perl compatibility
+  pcrecpp           details of the C++ wrapper for the 8-bit library
+  pcredemo          a demonstration C program that uses PCRE
+  pcregrep          description of the \fBpcregrep\fP command (8-bit only)
+  pcrejit           discussion of the just-in-time optimization support
+  pcrelimits        details of size and other limits
+  pcrematching      discussion of the two matching algorithms
+  pcrepartial       details of the partial matching facility
+.\" JOIN
+  pcrepattern       syntax and semantics of supported
+                      regular expressions
+  pcreperform       discussion of performance issues
+  pcreposix         the POSIX-compatible C API for the 8-bit library
+  pcreprecompile    details of saving and re-using precompiled patterns
+  pcresample        discussion of the pcredemo program
+  pcrestack         discussion of stack usage
+  pcresyntax        quick syntax reference
+  pcretest          description of the \fBpcretest\fP testing command
+  pcreunicode       discussion of Unicode and UTF-8/16/32 support
+.sp
+In the "man" and HTML formats, there is also a short page for each C library
+function, listing its arguments and results.
+.
+.
+.SH AUTHOR
+.rs
+.sp
+.nf
+Philip Hazel
+University Computing Service
+Cambridge CB2 3QH, England.
+.fi
+.P
+Putting an actual email address here seems to have been a spam magnet, so I've
+taken it away. If you want to email me, use my two initials, followed by the
+two digits 10, at the domain cam.ac.uk.
+.
+.
+.SH REVISION
+.rs
+.sp
+.nf
+Last updated: 10 February 2015
+Copyright (c) 1997-2015 University of Cambridge.
+.fi
diff --git a/client/3rd/ShadowSocks/ShadowSocks/pcre/armv7/share/man/man3/pcre16.3 b/client/3rd/ShadowSocks/ShadowSocks/pcre/armv7/share/man/man3/pcre16.3
new file mode 100644
index 00000000..85126a67
--- /dev/null
+++ b/client/3rd/ShadowSocks/ShadowSocks/pcre/armv7/share/man/man3/pcre16.3
@@ -0,0 +1,371 @@
+.TH PCRE 3 "12 May 2013" "PCRE 8.33"
+.SH NAME
+PCRE - Perl-compatible regular expressions
+.sp
+.B #include <pcre.h>
+.
+.
+.SH "PCRE 16-BIT API BASIC FUNCTIONS"
+.rs
+.sp
+.nf
+.B pcre16 *pcre16_compile(PCRE_SPTR16 \fIpattern\fP, int \fIoptions\fP,
+.B "     const char **\fIerrptr\fP, int *\fIerroffset\fP,"
+.B "     const unsigned char *\fItableptr\fP);"
+.sp
+.B pcre16 *pcre16_compile2(PCRE_SPTR16 \fIpattern\fP, int \fIoptions\fP,
+.B "     int *\fIerrorcodeptr\fP,"
+.B "     const char **\fIerrptr\fP, int *\fIerroffset\fP,"
+.B "     const unsigned char *\fItableptr\fP);"
+.sp
+.B pcre16_extra *pcre16_study(const pcre16 *\fIcode\fP, int \fIoptions\fP,
+.B "     const char **\fIerrptr\fP);"
+.sp
+.B void pcre16_free_study(pcre16_extra *\fIextra\fP);
+.sp
+.B int pcre16_exec(const pcre16 *\fIcode\fP, "const pcre16_extra *\fIextra\fP,"
+.B "     PCRE_SPTR16 \fIsubject\fP, int \fIlength\fP, int \fIstartoffset\fP,"
+.B "     int \fIoptions\fP, int *\fIovector\fP, int \fIovecsize\fP);"
+.sp
+.B int pcre16_dfa_exec(const pcre16 *\fIcode\fP, "const pcre16_extra *\fIextra\fP,"
+.B "     PCRE_SPTR16 \fIsubject\fP, int \fIlength\fP, int \fIstartoffset\fP,"
+.B "     int \fIoptions\fP, int *\fIovector\fP, int \fIovecsize\fP,"
+.B "     int *\fIworkspace\fP, int \fIwscount\fP);"
+.fi
+.
+.
+.SH "PCRE 16-BIT API STRING EXTRACTION FUNCTIONS"
+.rs
+.sp
+.nf
+.B int pcre16_copy_named_substring(const pcre16 *\fIcode\fP,
+.B "     PCRE_SPTR16 \fIsubject\fP, int *\fIovector\fP,"
+.B "     int \fIstringcount\fP, PCRE_SPTR16 \fIstringname\fP,"
+.B "     PCRE_UCHAR16 *\fIbuffer\fP, int \fIbuffersize\fP);"
+.sp
+.B int pcre16_copy_substring(PCRE_SPTR16 \fIsubject\fP, int *\fIovector\fP,
+.B "     int \fIstringcount\fP, int \fIstringnumber\fP, PCRE_UCHAR16 *\fIbuffer\fP,"
+.B "     int \fIbuffersize\fP);"
+.sp
+.B int pcre16_get_named_substring(const pcre16 *\fIcode\fP,
+.B "     PCRE_SPTR16 \fIsubject\fP, int *\fIovector\fP,"
+.B "     int \fIstringcount\fP, PCRE_SPTR16 \fIstringname\fP,"
+.B "     PCRE_SPTR16 *\fIstringptr\fP);"
+.sp
+.B int pcre16_get_stringnumber(const pcre16 *\fIcode\fP,
+.B "     PCRE_SPTR16 \fIname\fP);
+.sp
+.B int pcre16_get_stringtable_entries(const pcre16 *\fIcode\fP,
+.B "     PCRE_SPTR16 \fIname\fP, PCRE_UCHAR16 **\fIfirst\fP, PCRE_UCHAR16 **\fIlast\fP);"
+.sp
+.B int pcre16_get_substring(PCRE_SPTR16 \fIsubject\fP, int *\fIovector\fP,
+.B "     int \fIstringcount\fP, int \fIstringnumber\fP,"
+.B "     PCRE_SPTR16 *\fIstringptr\fP);"
+.sp
+.B int pcre16_get_substring_list(PCRE_SPTR16 \fIsubject\fP,
+.B "     int *\fIovector\fP, int \fIstringcount\fP, PCRE_SPTR16 **\fIlistptr\fP);"
+.sp
+.B void pcre16_free_substring(PCRE_SPTR16 \fIstringptr\fP);
+.sp
+.B void pcre16_free_substring_list(PCRE_SPTR16 *\fIstringptr\fP);
+.fi
+.
+.
+.SH "PCRE 16-BIT API AUXILIARY FUNCTIONS"
+.rs
+.sp
+.nf
+.B pcre16_jit_stack *pcre16_jit_stack_alloc(int \fIstartsize\fP, int \fImaxsize\fP);
+.sp
+.B void pcre16_jit_stack_free(pcre16_jit_stack *\fIstack\fP);
+.sp
+.B void pcre16_assign_jit_stack(pcre16_extra *\fIextra\fP,
+.B "     pcre16_jit_callback \fIcallback\fP, void *\fIdata\fP);"
+.sp
+.B const unsigned char *pcre16_maketables(void);
+.sp
+.B int pcre16_fullinfo(const pcre16 *\fIcode\fP, "const pcre16_extra *\fIextra\fP,"
+.B "     int \fIwhat\fP, void *\fIwhere\fP);"
+.sp
+.B int pcre16_refcount(pcre16 *\fIcode\fP, int \fIadjust\fP);
+.sp
+.B int pcre16_config(int \fIwhat\fP, void *\fIwhere\fP);
+.sp
+.B const char *pcre16_version(void);
+.sp
+.B int pcre16_pattern_to_host_byte_order(pcre16 *\fIcode\fP,
+.B "     pcre16_extra *\fIextra\fP, const unsigned char *\fItables\fP);"
+.fi
+.
+.
+.SH "PCRE 16-BIT API INDIRECTED FUNCTIONS"
+.rs
+.sp
+.nf
+.B void *(*pcre16_malloc)(size_t);
+.sp
+.B void (*pcre16_free)(void *);
+.sp
+.B void *(*pcre16_stack_malloc)(size_t);
+.sp
+.B void (*pcre16_stack_free)(void *);
+.sp
+.B int (*pcre16_callout)(pcre16_callout_block *);
+.fi
+.
+.
+.SH "PCRE 16-BIT API 16-BIT-ONLY FUNCTION"
+.rs
+.sp
+.nf
+.B int pcre16_utf16_to_host_byte_order(PCRE_UCHAR16 *\fIoutput\fP,
+.B "     PCRE_SPTR16 \fIinput\fP, int \fIlength\fP, int *\fIbyte_order\fP,"
+.B "     int \fIkeep_boms\fP);"
+.fi
+.
+.
+.SH "THE PCRE 16-BIT LIBRARY"
+.rs
+.sp
+Starting with release 8.30, it is possible to compile a PCRE library that
+supports 16-bit character strings, including UTF-16 strings, as well as or
+instead of the original 8-bit library. The majority of the work to make this
+possible was done by Zoltan Herczeg. The two libraries contain identical sets
+of functions, used in exactly the same way. Only the names of the functions and
+the data types of their arguments and results are different. To avoid
+over-complication and reduce the documentation maintenance load, most of the
+PCRE documentation describes the 8-bit library, with only occasional references
+to the 16-bit library. This page describes what is different when you use the
+16-bit library.
+.P
+WARNING: A single application can be linked with both libraries, but you must
+take care when processing any particular pattern to use functions from just one
+library. For example, if you want to study a pattern that was compiled with
+\fBpcre16_compile()\fP, you must do so with \fBpcre16_study()\fP, not
+\fBpcre_study()\fP, and you must free the study data with
+\fBpcre16_free_study()\fP.
+.
+.
+.SH "THE HEADER FILE"
+.rs
+.sp
+There is only one header file, \fBpcre.h\fP. It contains prototypes for all the
+functions in all libraries, as well as definitions of flags, structures, error
+codes, etc.
+.
+.
+.SH "THE LIBRARY NAME"
+.rs
+.sp
+In Unix-like systems, the 16-bit library is called \fBlibpcre16\fP, and can
+normally be accesss by adding \fB-lpcre16\fP to the command for linking an
+application that uses PCRE.
+.
+.
+.SH "STRING TYPES"
+.rs
+.sp
+In the 8-bit library, strings are passed to PCRE library functions as vectors
+of bytes with the C type "char *". In the 16-bit library, strings are passed as
+vectors of unsigned 16-bit quantities. The macro PCRE_UCHAR16 specifies an
+appropriate data type, and PCRE_SPTR16 is defined as "const PCRE_UCHAR16 *". In
+very many environments, "short int" is a 16-bit data type. When PCRE is built,
+it defines PCRE_UCHAR16 as "unsigned short int", but checks that it really is a
+16-bit data type. If it is not, the build fails with an error message telling
+the maintainer to modify the definition appropriately.
+.
+.
+.SH "STRUCTURE TYPES"
+.rs
+.sp
+The types of the opaque structures that are used for compiled 16-bit patterns
+and JIT stacks are \fBpcre16\fP and \fBpcre16_jit_stack\fP respectively. The
+type of the user-accessible structure that is returned by \fBpcre16_study()\fP
+is \fBpcre16_extra\fP, and the type of the structure that is used for passing
+data to a callout function is \fBpcre16_callout_block\fP. These structures
+contain the same fields, with the same names, as their 8-bit counterparts. The
+only difference is that pointers to character strings are 16-bit instead of
+8-bit types.
+.
+.
+.SH "16-BIT FUNCTIONS"
+.rs
+.sp
+For every function in the 8-bit library there is a corresponding function in
+the 16-bit library with a name that starts with \fBpcre16_\fP instead of
+\fBpcre_\fP. The prototypes are listed above. In addition, there is one extra
+function, \fBpcre16_utf16_to_host_byte_order()\fP. This is a utility function
+that converts a UTF-16 character string to host byte order if necessary. The
+other 16-bit functions expect the strings they are passed to be in host byte
+order.
+.P
+The \fIinput\fP and \fIoutput\fP arguments of
+\fBpcre16_utf16_to_host_byte_order()\fP may point to the same address, that is,
+conversion in place is supported. The output buffer must be at least as long as
+the input.
+.P
+The \fIlength\fP argument specifies the number of 16-bit data units in the
+input string; a negative value specifies a zero-terminated string.
+.P
+If \fIbyte_order\fP is NULL, it is assumed that the string starts off in host
+byte order. This may be changed by byte-order marks (BOMs) anywhere in the
+string (commonly as the first character).
+.P
+If \fIbyte_order\fP is not NULL, a non-zero value of the integer to which it
+points means that the input starts off in host byte order, otherwise the
+opposite order is assumed. Again, BOMs in the string can change this. The final
+byte order is passed back at the end of processing.
+.P
+If \fIkeep_boms\fP is not zero, byte-order mark characters (0xfeff) are copied
+into the output string. Otherwise they are discarded.
+.P
+The result of the function is the number of 16-bit units placed into the output
+buffer, including the zero terminator if the string was zero-terminated.
+.
+.
+.SH "SUBJECT STRING OFFSETS"
+.rs
+.sp
+The lengths and starting offsets of subject strings must be specified in 16-bit
+data units, and the offsets within subject strings that are returned by the
+matching functions are in also 16-bit units rather than bytes.
+.
+.
+.SH "NAMED SUBPATTERNS"
+.rs
+.sp
+The name-to-number translation table that is maintained for named subpatterns
+uses 16-bit characters. The \fBpcre16_get_stringtable_entries()\fP function
+returns the length of each entry in the table as the number of 16-bit data
+units.
+.
+.
+.SH "OPTION NAMES"
+.rs
+.sp
+There are two new general option names, PCRE_UTF16 and PCRE_NO_UTF16_CHECK,
+which correspond to PCRE_UTF8 and PCRE_NO_UTF8_CHECK in the 8-bit library. In
+fact, these new options define the same bits in the options word. There is a
+discussion about the
+.\" HTML <a href="pcreunicode.html#utf16strings">
+.\" </a>
+validity of UTF-16 strings
+.\"
+in the
+.\" HREF
+\fBpcreunicode\fP
+.\"
+page.
+.P
+For the \fBpcre16_config()\fP function there is an option PCRE_CONFIG_UTF16
+that returns 1 if UTF-16 support is configured, otherwise 0. If this option is
+given to \fBpcre_config()\fP or \fBpcre32_config()\fP, or if the
+PCRE_CONFIG_UTF8 or PCRE_CONFIG_UTF32 option is given to \fBpcre16_config()\fP,
+the result is the PCRE_ERROR_BADOPTION error.
+.
+.
+.SH "CHARACTER CODES"
+.rs
+.sp
+In 16-bit mode, when PCRE_UTF16 is not set, character values are treated in the
+same way as in 8-bit, non UTF-8 mode, except, of course, that they can range
+from 0 to 0xffff instead of 0 to 0xff. Character types for characters less than
+0xff can therefore be influenced by the locale in the same way as before.
+Characters greater than 0xff have only one case, and no "type" (such as letter
+or digit).
+.P
+In UTF-16 mode, the character code is Unicode, in the range 0 to 0x10ffff, with
+the exception of values in the range 0xd800 to 0xdfff because those are
+"surrogate" values that are used in pairs to encode values greater than 0xffff.
+.P
+A UTF-16 string can indicate its endianness by special code knows as a
+byte-order mark (BOM). The PCRE functions do not handle this, expecting strings
+to be in host byte order. A utility function called
+\fBpcre16_utf16_to_host_byte_order()\fP is provided to help with this (see
+above).
+.
+.
+.SH "ERROR NAMES"
+.rs
+.sp
+The errors PCRE_ERROR_BADUTF16_OFFSET and PCRE_ERROR_SHORTUTF16 correspond to
+their 8-bit counterparts. The error PCRE_ERROR_BADMODE is given when a compiled
+pattern is passed to a function that processes patterns in the other
+mode, for example, if a pattern compiled with \fBpcre_compile()\fP is passed to
+\fBpcre16_exec()\fP.
+.P
+There are new error codes whose names begin with PCRE_UTF16_ERR for invalid
+UTF-16 strings, corresponding to the PCRE_UTF8_ERR codes for UTF-8 strings that
+are described in the section entitled
+.\" HTML <a href="pcreapi.html#badutf8reasons">
+.\" </a>
+"Reason codes for invalid UTF-8 strings"
+.\"
+in the main
+.\" HREF
+\fBpcreapi\fP
+.\"
+page. The UTF-16 errors are:
+.sp
+  PCRE_UTF16_ERR1  Missing low surrogate at end of string
+  PCRE_UTF16_ERR2  Invalid low surrogate follows high surrogate
+  PCRE_UTF16_ERR3  Isolated low surrogate
+  PCRE_UTF16_ERR4  Non-character
+.
+.
+.SH "ERROR TEXTS"
+.rs
+.sp
+If there is an error while compiling a pattern, the error text that is passed
+back by \fBpcre16_compile()\fP or \fBpcre16_compile2()\fP is still an 8-bit
+character string, zero-terminated.
+.
+.
+.SH "CALLOUTS"
+.rs
+.sp
+The \fIsubject\fP and \fImark\fP fields in the callout block that is passed to
+a callout function point to 16-bit vectors.
+.
+.
+.SH "TESTING"
+.rs
+.sp
+The \fBpcretest\fP program continues to operate with 8-bit input and output
+files, but it can be used for testing the 16-bit library. If it is run with the
+command line option \fB-16\fP, patterns and subject strings are converted from
+8-bit to 16-bit before being passed to PCRE, and the 16-bit library functions
+are used instead of the 8-bit ones. Returned 16-bit strings are converted to
+8-bit for output. If both the 8-bit and the 32-bit libraries were not compiled,
+\fBpcretest\fP defaults to 16-bit and the \fB-16\fP option is ignored.
+.P
+When PCRE is being built, the \fBRunTest\fP script that is called by "make
+check" uses the \fBpcretest\fP \fB-C\fP option to discover which of the 8-bit,
+16-bit and 32-bit libraries has been built, and runs the tests appropriately.
+.
+.
+.SH "NOT SUPPORTED IN 16-BIT MODE"
+.rs
+.sp
+Not all the features of the 8-bit library are available with the 16-bit
+library. The C++ and POSIX wrapper functions support only the 8-bit library,
+and the \fBpcregrep\fP program is at present 8-bit only.
+.
+.
+.SH AUTHOR
+.rs
+.sp
+.nf
+Philip Hazel
+University Computing Service
+Cambridge CB2 3QH, England.
+.fi
+.
+.
+.SH REVISION
+.rs
+.sp
+.nf
+Last updated: 12 May 2013
+Copyright (c) 1997-2013 University of Cambridge.
+.fi
diff --git a/client/3rd/ShadowSocks/ShadowSocks/pcre/armv7/share/man/man3/pcre16_assign_jit_stack.3 b/client/3rd/ShadowSocks/ShadowSocks/pcre/armv7/share/man/man3/pcre16_assign_jit_stack.3
new file mode 120000
index 00000000..40c8775a
--- /dev/null
+++ b/client/3rd/ShadowSocks/ShadowSocks/pcre/armv7/share/man/man3/pcre16_assign_jit_stack.3
@@ -0,0 +1 @@
+pcre_assign_jit_stack.3
\ No newline at end of file
diff --git a/client/3rd/ShadowSocks/ShadowSocks/pcre/armv7/share/man/man3/pcre16_compile.3 b/client/3rd/ShadowSocks/ShadowSocks/pcre/armv7/share/man/man3/pcre16_compile.3
new file mode 120000
index 00000000..9364e751
--- /dev/null
+++ b/client/3rd/ShadowSocks/ShadowSocks/pcre/armv7/share/man/man3/pcre16_compile.3
@@ -0,0 +1 @@
+pcre_compile.3
\ No newline at end of file
diff --git a/client/3rd/ShadowSocks/ShadowSocks/pcre/armv7/share/man/man3/pcre16_compile2.3 b/client/3rd/ShadowSocks/ShadowSocks/pcre/armv7/share/man/man3/pcre16_compile2.3
new file mode 120000
index 00000000..2d6aff35
--- /dev/null
+++ b/client/3rd/ShadowSocks/ShadowSocks/pcre/armv7/share/man/man3/pcre16_compile2.3
@@ -0,0 +1 @@
+pcre_compile2.3
\ No newline at end of file
diff --git a/client/3rd/ShadowSocks/ShadowSocks/pcre/armv7/share/man/man3/pcre16_config.3 b/client/3rd/ShadowSocks/ShadowSocks/pcre/armv7/share/man/man3/pcre16_config.3
new file mode 120000
index 00000000..db964059
--- /dev/null
+++ b/client/3rd/ShadowSocks/ShadowSocks/pcre/armv7/share/man/man3/pcre16_config.3
@@ -0,0 +1 @@
+pcre_config.3
\ No newline at end of file
diff --git a/client/3rd/ShadowSocks/ShadowSocks/pcre/armv7/share/man/man3/pcre16_copy_named_substring.3 b/client/3rd/ShadowSocks/ShadowSocks/pcre/armv7/share/man/man3/pcre16_copy_named_substring.3
new file mode 120000
index 00000000..c15b9774
--- /dev/null
+++ b/client/3rd/ShadowSocks/ShadowSocks/pcre/armv7/share/man/man3/pcre16_copy_named_substring.3
@@ -0,0 +1 @@
+pcre_copy_named_substring.3
\ No newline at end of file
diff --git a/client/3rd/ShadowSocks/ShadowSocks/pcre/armv7/share/man/man3/pcre16_copy_substring.3 b/client/3rd/ShadowSocks/ShadowSocks/pcre/armv7/share/man/man3/pcre16_copy_substring.3
new file mode 120000
index 00000000..98d1f84d
--- /dev/null
+++ b/client/3rd/ShadowSocks/ShadowSocks/pcre/armv7/share/man/man3/pcre16_copy_substring.3
@@ -0,0 +1 @@
+pcre_copy_substring.3
\ No newline at end of file
diff --git a/client/3rd/ShadowSocks/ShadowSocks/pcre/armv7/share/man/man3/pcre16_dfa_exec.3 b/client/3rd/ShadowSocks/ShadowSocks/pcre/armv7/share/man/man3/pcre16_dfa_exec.3
new file mode 120000
index 00000000..ed408df0
--- /dev/null
+++ b/client/3rd/ShadowSocks/ShadowSocks/pcre/armv7/share/man/man3/pcre16_dfa_exec.3
@@ -0,0 +1 @@
+pcre_dfa_exec.3
\ No newline at end of file
diff --git a/client/3rd/ShadowSocks/ShadowSocks/pcre/armv7/share/man/man3/pcre16_exec.3 b/client/3rd/ShadowSocks/ShadowSocks/pcre/armv7/share/man/man3/pcre16_exec.3
new file mode 120000
index 00000000..ebaa2527
--- /dev/null
+++ b/client/3rd/ShadowSocks/ShadowSocks/pcre/armv7/share/man/man3/pcre16_exec.3
@@ -0,0 +1 @@
+pcre_exec.3
\ No newline at end of file
diff --git a/client/3rd/ShadowSocks/ShadowSocks/pcre/armv7/share/man/man3/pcre16_free_study.3 b/client/3rd/ShadowSocks/ShadowSocks/pcre/armv7/share/man/man3/pcre16_free_study.3
new file mode 120000
index 00000000..4c53ea9f
--- /dev/null
+++ b/client/3rd/ShadowSocks/ShadowSocks/pcre/armv7/share/man/man3/pcre16_free_study.3
@@ -0,0 +1 @@
+pcre_free_study.3
\ No newline at end of file
diff --git a/client/3rd/ShadowSocks/ShadowSocks/pcre/armv7/share/man/man3/pcre16_free_substring.3 b/client/3rd/ShadowSocks/ShadowSocks/pcre/armv7/share/man/man3/pcre16_free_substring.3
new file mode 120000
index 00000000..48567bfb
--- /dev/null
+++ b/client/3rd/ShadowSocks/ShadowSocks/pcre/armv7/share/man/man3/pcre16_free_substring.3
@@ -0,0 +1 @@
+pcre_free_substring.3
\ No newline at end of file
diff --git a/client/3rd/ShadowSocks/ShadowSocks/pcre/armv7/share/man/man3/pcre16_free_substring_list.3 b/client/3rd/ShadowSocks/ShadowSocks/pcre/armv7/share/man/man3/pcre16_free_substring_list.3
new file mode 120000
index 00000000..84b7b7e5
--- /dev/null
+++ b/client/3rd/ShadowSocks/ShadowSocks/pcre/armv7/share/man/man3/pcre16_free_substring_list.3
@@ -0,0 +1 @@
+pcre_free_substring_list.3
\ No newline at end of file
diff --git a/client/3rd/ShadowSocks/ShadowSocks/pcre/armv7/share/man/man3/pcre16_fullinfo.3 b/client/3rd/ShadowSocks/ShadowSocks/pcre/armv7/share/man/man3/pcre16_fullinfo.3
new file mode 120000
index 00000000..b7386a98
--- /dev/null
+++ b/client/3rd/ShadowSocks/ShadowSocks/pcre/armv7/share/man/man3/pcre16_fullinfo.3
@@ -0,0 +1 @@
+pcre_fullinfo.3
\ No newline at end of file
diff --git a/client/3rd/ShadowSocks/ShadowSocks/pcre/armv7/share/man/man3/pcre16_get_named_substring.3 b/client/3rd/ShadowSocks/ShadowSocks/pcre/armv7/share/man/man3/pcre16_get_named_substring.3
new file mode 120000
index 00000000..c095ca50
--- /dev/null
+++ b/client/3rd/ShadowSocks/ShadowSocks/pcre/armv7/share/man/man3/pcre16_get_named_substring.3
@@ -0,0 +1 @@
+pcre_get_named_substring.3
\ No newline at end of file
diff --git a/client/3rd/ShadowSocks/ShadowSocks/pcre/armv7/share/man/man3/pcre16_get_stringnumber.3 b/client/3rd/ShadowSocks/ShadowSocks/pcre/armv7/share/man/man3/pcre16_get_stringnumber.3
new file mode 120000
index 00000000..f8e81d32
--- /dev/null
+++ b/client/3rd/ShadowSocks/ShadowSocks/pcre/armv7/share/man/man3/pcre16_get_stringnumber.3
@@ -0,0 +1 @@
+pcre_get_stringnumber.3
\ No newline at end of file
diff --git a/client/3rd/ShadowSocks/ShadowSocks/pcre/armv7/share/man/man3/pcre16_get_stringtable_entries.3 b/client/3rd/ShadowSocks/ShadowSocks/pcre/armv7/share/man/man3/pcre16_get_stringtable_entries.3
new file mode 120000
index 00000000..9f8cc4a7
--- /dev/null
+++ b/client/3rd/ShadowSocks/ShadowSocks/pcre/armv7/share/man/man3/pcre16_get_stringtable_entries.3
@@ -0,0 +1 @@
+pcre_get_stringtable_entries.3
\ No newline at end of file
diff --git a/client/3rd/ShadowSocks/ShadowSocks/pcre/armv7/share/man/man3/pcre16_get_substring.3 b/client/3rd/ShadowSocks/ShadowSocks/pcre/armv7/share/man/man3/pcre16_get_substring.3
new file mode 120000
index 00000000..26383b5d
--- /dev/null
+++ b/client/3rd/ShadowSocks/ShadowSocks/pcre/armv7/share/man/man3/pcre16_get_substring.3
@@ -0,0 +1 @@
+pcre_get_substring.3
\ No newline at end of file
diff --git a/client/3rd/ShadowSocks/ShadowSocks/pcre/armv7/share/man/man3/pcre16_get_substring_list.3 b/client/3rd/ShadowSocks/ShadowSocks/pcre/armv7/share/man/man3/pcre16_get_substring_list.3
new file mode 120000
index 00000000..2faa865f
--- /dev/null
+++ b/client/3rd/ShadowSocks/ShadowSocks/pcre/armv7/share/man/man3/pcre16_get_substring_list.3
@@ -0,0 +1 @@
+pcre_get_substring_list.3
\ No newline at end of file
diff --git a/client/3rd/ShadowSocks/ShadowSocks/pcre/armv7/share/man/man3/pcre16_jit_exec.3 b/client/3rd/ShadowSocks/ShadowSocks/pcre/armv7/share/man/man3/pcre16_jit_exec.3
new file mode 120000
index 00000000..59089ada
--- /dev/null
+++ b/client/3rd/ShadowSocks/ShadowSocks/pcre/armv7/share/man/man3/pcre16_jit_exec.3
@@ -0,0 +1 @@
+pcre_jit_exec.3
\ No newline at end of file
diff --git a/client/3rd/ShadowSocks/ShadowSocks/pcre/armv7/share/man/man3/pcre16_jit_stack_alloc.3 b/client/3rd/ShadowSocks/ShadowSocks/pcre/armv7/share/man/man3/pcre16_jit_stack_alloc.3
new file mode 120000
index 00000000..dab43b82
--- /dev/null
+++ b/client/3rd/ShadowSocks/ShadowSocks/pcre/armv7/share/man/man3/pcre16_jit_stack_alloc.3
@@ -0,0 +1 @@
+pcre_jit_stack_alloc.3
\ No newline at end of file
diff --git a/client/3rd/ShadowSocks/ShadowSocks/pcre/armv7/share/man/man3/pcre16_jit_stack_free.3 b/client/3rd/ShadowSocks/ShadowSocks/pcre/armv7/share/man/man3/pcre16_jit_stack_free.3
new file mode 120000
index 00000000..e92aa310
--- /dev/null
+++ b/client/3rd/ShadowSocks/ShadowSocks/pcre/armv7/share/man/man3/pcre16_jit_stack_free.3
@@ -0,0 +1 @@
+pcre_jit_stack_free.3
\ No newline at end of file
diff --git a/client/3rd/ShadowSocks/ShadowSocks/pcre/armv7/share/man/man3/pcre16_maketables.3 b/client/3rd/ShadowSocks/ShadowSocks/pcre/armv7/share/man/man3/pcre16_maketables.3
new file mode 120000
index 00000000..3b6308e2
--- /dev/null
+++ b/client/3rd/ShadowSocks/ShadowSocks/pcre/armv7/share/man/man3/pcre16_maketables.3
@@ -0,0 +1 @@
+pcre_maketables.3
\ No newline at end of file
diff --git a/client/3rd/ShadowSocks/ShadowSocks/pcre/armv7/share/man/man3/pcre16_pattern_to_host_byte_order.3 b/client/3rd/ShadowSocks/ShadowSocks/pcre/armv7/share/man/man3/pcre16_pattern_to_host_byte_order.3
new file mode 120000
index 00000000..6540917e
--- /dev/null
+++ b/client/3rd/ShadowSocks/ShadowSocks/pcre/armv7/share/man/man3/pcre16_pattern_to_host_byte_order.3
@@ -0,0 +1 @@
+pcre_pattern_to_host_byte_order.3
\ No newline at end of file
diff --git a/client/3rd/ShadowSocks/ShadowSocks/pcre/armv7/share/man/man3/pcre16_refcount.3 b/client/3rd/ShadowSocks/ShadowSocks/pcre/armv7/share/man/man3/pcre16_refcount.3
new file mode 120000
index 00000000..63cece3f
--- /dev/null
+++ b/client/3rd/ShadowSocks/ShadowSocks/pcre/armv7/share/man/man3/pcre16_refcount.3
@@ -0,0 +1 @@
+pcre_refcount.3
\ No newline at end of file
diff --git a/client/3rd/ShadowSocks/ShadowSocks/pcre/armv7/share/man/man3/pcre16_study.3 b/client/3rd/ShadowSocks/ShadowSocks/pcre/armv7/share/man/man3/pcre16_study.3
new file mode 120000
index 00000000..9871217f
--- /dev/null
+++ b/client/3rd/ShadowSocks/ShadowSocks/pcre/armv7/share/man/man3/pcre16_study.3
@@ -0,0 +1 @@
+pcre_study.3
\ No newline at end of file
diff --git a/client/3rd/ShadowSocks/ShadowSocks/pcre/armv7/share/man/man3/pcre16_utf16_to_host_byte_order.3 b/client/3rd/ShadowSocks/ShadowSocks/pcre/armv7/share/man/man3/pcre16_utf16_to_host_byte_order.3
new file mode 120000
index 00000000..d9233991
--- /dev/null
+++ b/client/3rd/ShadowSocks/ShadowSocks/pcre/armv7/share/man/man3/pcre16_utf16_to_host_byte_order.3
@@ -0,0 +1 @@
+pcre_utf16_to_host_byte_order.3
\ No newline at end of file
diff --git a/client/3rd/ShadowSocks/ShadowSocks/pcre/armv7/share/man/man3/pcre16_version.3 b/client/3rd/ShadowSocks/ShadowSocks/pcre/armv7/share/man/man3/pcre16_version.3
new file mode 120000
index 00000000..c31893c6
--- /dev/null
+++ b/client/3rd/ShadowSocks/ShadowSocks/pcre/armv7/share/man/man3/pcre16_version.3
@@ -0,0 +1 @@
+pcre_version.3
\ No newline at end of file
diff --git a/client/3rd/ShadowSocks/ShadowSocks/pcre/armv7/share/man/man3/pcre32.3 b/client/3rd/ShadowSocks/ShadowSocks/pcre/armv7/share/man/man3/pcre32.3
new file mode 100644
index 00000000..7cde8c08
--- /dev/null
+++ b/client/3rd/ShadowSocks/ShadowSocks/pcre/armv7/share/man/man3/pcre32.3
@@ -0,0 +1,369 @@
+.TH PCRE 3 "12 May 2013" "PCRE 8.33"
+.SH NAME
+PCRE - Perl-compatible regular expressions
+.sp
+.B #include <pcre.h>
+.
+.
+.SH "PCRE 32-BIT API BASIC FUNCTIONS"
+.rs
+.sp
+.nf
+.B pcre32 *pcre32_compile(PCRE_SPTR32 \fIpattern\fP, int \fIoptions\fP,
+.B "     const char **\fIerrptr\fP, int *\fIerroffset\fP,"
+.B "     const unsigned char *\fItableptr\fP);"
+.sp
+.B pcre32 *pcre32_compile2(PCRE_SPTR32 \fIpattern\fP, int \fIoptions\fP,
+.B "     int *\fIerrorcodeptr\fP,"
+.B "     const unsigned char *\fItableptr\fP);"
+.sp
+.B pcre32_extra *pcre32_study(const pcre32 *\fIcode\fP, int \fIoptions\fP,
+.B "     const char **\fIerrptr\fP);"
+.sp
+.B void pcre32_free_study(pcre32_extra *\fIextra\fP);
+.sp
+.B int pcre32_exec(const pcre32 *\fIcode\fP, "const pcre32_extra *\fIextra\fP,"
+.B "     PCRE_SPTR32 \fIsubject\fP, int \fIlength\fP, int \fIstartoffset\fP,"
+.B "     int \fIoptions\fP, int *\fIovector\fP, int \fIovecsize\fP);"
+.sp
+.B int pcre32_dfa_exec(const pcre32 *\fIcode\fP, "const pcre32_extra *\fIextra\fP,"
+.B "     PCRE_SPTR32 \fIsubject\fP, int \fIlength\fP, int \fIstartoffset\fP,"
+.B "     int \fIoptions\fP, int *\fIovector\fP, int \fIovecsize\fP,"
+.B "     int *\fIworkspace\fP, int \fIwscount\fP);"
+.fi
+.
+.
+.SH "PCRE 32-BIT API STRING EXTRACTION FUNCTIONS"
+.rs
+.sp
+.nf
+.B int pcre32_copy_named_substring(const pcre32 *\fIcode\fP,
+.B "     PCRE_SPTR32 \fIsubject\fP, int *\fIovector\fP,"
+.B "     int \fIstringcount\fP, PCRE_SPTR32 \fIstringname\fP,"
+.B "     PCRE_UCHAR32 *\fIbuffer\fP, int \fIbuffersize\fP);"
+.sp
+.B int pcre32_copy_substring(PCRE_SPTR32 \fIsubject\fP, int *\fIovector\fP,
+.B "     int \fIstringcount\fP, int \fIstringnumber\fP, PCRE_UCHAR32 *\fIbuffer\fP,"
+.B "     int \fIbuffersize\fP);"
+.sp
+.B int pcre32_get_named_substring(const pcre32 *\fIcode\fP,
+.B "     PCRE_SPTR32 \fIsubject\fP, int *\fIovector\fP,"
+.B "     int \fIstringcount\fP, PCRE_SPTR32 \fIstringname\fP,"
+.B "     PCRE_SPTR32 *\fIstringptr\fP);"
+.sp
+.B int pcre32_get_stringnumber(const pcre32 *\fIcode\fP,
+.B "     PCRE_SPTR32 \fIname\fP);"
+.sp
+.B int pcre32_get_stringtable_entries(const pcre32 *\fIcode\fP,
+.B "     PCRE_SPTR32 \fIname\fP, PCRE_UCHAR32 **\fIfirst\fP, PCRE_UCHAR32 **\fIlast\fP);"
+.sp
+.B int pcre32_get_substring(PCRE_SPTR32 \fIsubject\fP, int *\fIovector\fP,
+.B "     int \fIstringcount\fP, int \fIstringnumber\fP,"
+.B "     PCRE_SPTR32 *\fIstringptr\fP);"
+.sp
+.B int pcre32_get_substring_list(PCRE_SPTR32 \fIsubject\fP,
+.B "     int *\fIovector\fP, int \fIstringcount\fP, PCRE_SPTR32 **\fIlistptr\fP);"
+.sp
+.B void pcre32_free_substring(PCRE_SPTR32 \fIstringptr\fP);
+.sp
+.B void pcre32_free_substring_list(PCRE_SPTR32 *\fIstringptr\fP);
+.fi
+.
+.
+.SH "PCRE 32-BIT API AUXILIARY FUNCTIONS"
+.rs
+.sp
+.nf
+.B pcre32_jit_stack *pcre32_jit_stack_alloc(int \fIstartsize\fP, int \fImaxsize\fP);
+.sp
+.B void pcre32_jit_stack_free(pcre32_jit_stack *\fIstack\fP);
+.sp
+.B void pcre32_assign_jit_stack(pcre32_extra *\fIextra\fP,
+.B "     pcre32_jit_callback \fIcallback\fP, void *\fIdata\fP);"
+.sp
+.B const unsigned char *pcre32_maketables(void);
+.sp
+.B int pcre32_fullinfo(const pcre32 *\fIcode\fP, "const pcre32_extra *\fIextra\fP,"
+.B "     int \fIwhat\fP, void *\fIwhere\fP);"
+.sp
+.B int pcre32_refcount(pcre32 *\fIcode\fP, int \fIadjust\fP);
+.sp
+.B int pcre32_config(int \fIwhat\fP, void *\fIwhere\fP);
+.sp
+.B const char *pcre32_version(void);
+.sp
+.B int pcre32_pattern_to_host_byte_order(pcre32 *\fIcode\fP,
+.B "     pcre32_extra *\fIextra\fP, const unsigned char *\fItables\fP);"
+.fi
+.
+.
+.SH "PCRE 32-BIT API INDIRECTED FUNCTIONS"
+.rs
+.sp
+.nf
+.B void *(*pcre32_malloc)(size_t);
+.sp
+.B void (*pcre32_free)(void *);
+.sp
+.B void *(*pcre32_stack_malloc)(size_t);
+.sp
+.B void (*pcre32_stack_free)(void *);
+.sp
+.B int (*pcre32_callout)(pcre32_callout_block *);
+.fi
+.
+.
+.SH "PCRE 32-BIT API 32-BIT-ONLY FUNCTION"
+.rs
+.sp
+.nf
+.B int pcre32_utf32_to_host_byte_order(PCRE_UCHAR32 *\fIoutput\fP,
+.B "     PCRE_SPTR32 \fIinput\fP, int \fIlength\fP, int *\fIbyte_order\fP,"
+.B "     int \fIkeep_boms\fP);"
+.fi
+.
+.
+.SH "THE PCRE 32-BIT LIBRARY"
+.rs
+.sp
+Starting with release 8.32, it is possible to compile a PCRE library that
+supports 32-bit character strings, including UTF-32 strings, as well as or
+instead of the original 8-bit library. This work was done by Christian Persch,
+based on the work done by Zoltan Herczeg for the 16-bit library. All three
+libraries contain identical sets of functions, used in exactly the same way.
+Only the names of the functions and the data types of their arguments and
+results are different. To avoid over-complication and reduce the documentation
+maintenance load, most of the PCRE documentation describes the 8-bit library,
+with only occasional references to the 16-bit and 32-bit libraries. This page
+describes what is different when you use the 32-bit library.
+.P
+WARNING: A single application can be linked with all or any of the three
+libraries, but you must take care when processing any particular pattern
+to use functions from just one library. For example, if you want to study
+a pattern that was compiled with \fBpcre32_compile()\fP, you must do so
+with \fBpcre32_study()\fP, not \fBpcre_study()\fP, and you must free the
+study data with \fBpcre32_free_study()\fP.
+.
+.
+.SH "THE HEADER FILE"
+.rs
+.sp
+There is only one header file, \fBpcre.h\fP. It contains prototypes for all the
+functions in all libraries, as well as definitions of flags, structures, error
+codes, etc.
+.
+.
+.SH "THE LIBRARY NAME"
+.rs
+.sp
+In Unix-like systems, the 32-bit library is called \fBlibpcre32\fP, and can
+normally be accesss by adding \fB-lpcre32\fP to the command for linking an
+application that uses PCRE.
+.
+.
+.SH "STRING TYPES"
+.rs
+.sp
+In the 8-bit library, strings are passed to PCRE library functions as vectors
+of bytes with the C type "char *". In the 32-bit library, strings are passed as
+vectors of unsigned 32-bit quantities. The macro PCRE_UCHAR32 specifies an
+appropriate data type, and PCRE_SPTR32 is defined as "const PCRE_UCHAR32 *". In
+very many environments, "unsigned int" is a 32-bit data type. When PCRE is
+built, it defines PCRE_UCHAR32 as "unsigned int", but checks that it really is
+a 32-bit data type. If it is not, the build fails with an error message telling
+the maintainer to modify the definition appropriately.
+.
+.
+.SH "STRUCTURE TYPES"
+.rs
+.sp
+The types of the opaque structures that are used for compiled 32-bit patterns
+and JIT stacks are \fBpcre32\fP and \fBpcre32_jit_stack\fP respectively. The
+type of the user-accessible structure that is returned by \fBpcre32_study()\fP
+is \fBpcre32_extra\fP, and the type of the structure that is used for passing
+data to a callout function is \fBpcre32_callout_block\fP. These structures
+contain the same fields, with the same names, as their 8-bit counterparts. The
+only difference is that pointers to character strings are 32-bit instead of
+8-bit types.
+.
+.
+.SH "32-BIT FUNCTIONS"
+.rs
+.sp
+For every function in the 8-bit library there is a corresponding function in
+the 32-bit library with a name that starts with \fBpcre32_\fP instead of
+\fBpcre_\fP. The prototypes are listed above. In addition, there is one extra
+function, \fBpcre32_utf32_to_host_byte_order()\fP. This is a utility function
+that converts a UTF-32 character string to host byte order if necessary. The
+other 32-bit functions expect the strings they are passed to be in host byte
+order.
+.P
+The \fIinput\fP and \fIoutput\fP arguments of
+\fBpcre32_utf32_to_host_byte_order()\fP may point to the same address, that is,
+conversion in place is supported. The output buffer must be at least as long as
+the input.
+.P
+The \fIlength\fP argument specifies the number of 32-bit data units in the
+input string; a negative value specifies a zero-terminated string.
+.P
+If \fIbyte_order\fP is NULL, it is assumed that the string starts off in host
+byte order. This may be changed by byte-order marks (BOMs) anywhere in the
+string (commonly as the first character).
+.P
+If \fIbyte_order\fP is not NULL, a non-zero value of the integer to which it
+points means that the input starts off in host byte order, otherwise the
+opposite order is assumed. Again, BOMs in the string can change this. The final
+byte order is passed back at the end of processing.
+.P
+If \fIkeep_boms\fP is not zero, byte-order mark characters (0xfeff) are copied
+into the output string. Otherwise they are discarded.
+.P
+The result of the function is the number of 32-bit units placed into the output
+buffer, including the zero terminator if the string was zero-terminated.
+.
+.
+.SH "SUBJECT STRING OFFSETS"
+.rs
+.sp
+The lengths and starting offsets of subject strings must be specified in 32-bit
+data units, and the offsets within subject strings that are returned by the
+matching functions are in also 32-bit units rather than bytes.
+.
+.
+.SH "NAMED SUBPATTERNS"
+.rs
+.sp
+The name-to-number translation table that is maintained for named subpatterns
+uses 32-bit characters. The \fBpcre32_get_stringtable_entries()\fP function
+returns the length of each entry in the table as the number of 32-bit data
+units.
+.
+.
+.SH "OPTION NAMES"
+.rs
+.sp
+There are two new general option names, PCRE_UTF32 and PCRE_NO_UTF32_CHECK,
+which correspond to PCRE_UTF8 and PCRE_NO_UTF8_CHECK in the 8-bit library. In
+fact, these new options define the same bits in the options word. There is a
+discussion about the
+.\" HTML <a href="pcreunicode.html#utf32strings">
+.\" </a>
+validity of UTF-32 strings
+.\"
+in the
+.\" HREF
+\fBpcreunicode\fP
+.\"
+page.
+.P
+For the \fBpcre32_config()\fP function there is an option PCRE_CONFIG_UTF32
+that returns 1 if UTF-32 support is configured, otherwise 0. If this option is
+given to \fBpcre_config()\fP or \fBpcre16_config()\fP, or if the
+PCRE_CONFIG_UTF8 or PCRE_CONFIG_UTF16 option is given to \fBpcre32_config()\fP,
+the result is the PCRE_ERROR_BADOPTION error.
+.
+.
+.SH "CHARACTER CODES"
+.rs
+.sp
+In 32-bit mode, when PCRE_UTF32 is not set, character values are treated in the
+same way as in 8-bit, non UTF-8 mode, except, of course, that they can range
+from 0 to 0x7fffffff instead of 0 to 0xff. Character types for characters less
+than 0xff can therefore be influenced by the locale in the same way as before.
+Characters greater than 0xff have only one case, and no "type" (such as letter
+or digit).
+.P
+In UTF-32 mode, the character code is Unicode, in the range 0 to 0x10ffff, with
+the exception of values in the range 0xd800 to 0xdfff because those are
+"surrogate" values that are ill-formed in UTF-32.
+.P
+A UTF-32 string can indicate its endianness by special code knows as a
+byte-order mark (BOM). The PCRE functions do not handle this, expecting strings
+to be in host byte order. A utility function called
+\fBpcre32_utf32_to_host_byte_order()\fP is provided to help with this (see
+above).
+.
+.
+.SH "ERROR NAMES"
+.rs
+.sp
+The error PCRE_ERROR_BADUTF32 corresponds to its 8-bit counterpart.
+The error PCRE_ERROR_BADMODE is given when a compiled
+pattern is passed to a function that processes patterns in the other
+mode, for example, if a pattern compiled with \fBpcre_compile()\fP is passed to
+\fBpcre32_exec()\fP.
+.P
+There are new error codes whose names begin with PCRE_UTF32_ERR for invalid
+UTF-32 strings, corresponding to the PCRE_UTF8_ERR codes for UTF-8 strings that
+are described in the section entitled
+.\" HTML <a href="pcreapi.html#badutf8reasons">
+.\" </a>
+"Reason codes for invalid UTF-8 strings"
+.\"
+in the main
+.\" HREF
+\fBpcreapi\fP
+.\"
+page. The UTF-32 errors are:
+.sp
+  PCRE_UTF32_ERR1  Surrogate character (range from 0xd800 to 0xdfff)
+  PCRE_UTF32_ERR2  Non-character
+  PCRE_UTF32_ERR3  Character > 0x10ffff
+.
+.
+.SH "ERROR TEXTS"
+.rs
+.sp
+If there is an error while compiling a pattern, the error text that is passed
+back by \fBpcre32_compile()\fP or \fBpcre32_compile2()\fP is still an 8-bit
+character string, zero-terminated.
+.
+.
+.SH "CALLOUTS"
+.rs
+.sp
+The \fIsubject\fP and \fImark\fP fields in the callout block that is passed to
+a callout function point to 32-bit vectors.
+.
+.
+.SH "TESTING"
+.rs
+.sp
+The \fBpcretest\fP program continues to operate with 8-bit input and output
+files, but it can be used for testing the 32-bit library. If it is run with the
+command line option \fB-32\fP, patterns and subject strings are converted from
+8-bit to 32-bit before being passed to PCRE, and the 32-bit library functions
+are used instead of the 8-bit ones. Returned 32-bit strings are converted to
+8-bit for output. If both the 8-bit and the 16-bit libraries were not compiled,
+\fBpcretest\fP defaults to 32-bit and the \fB-32\fP option is ignored.
+.P
+When PCRE is being built, the \fBRunTest\fP script that is called by "make
+check" uses the \fBpcretest\fP \fB-C\fP option to discover which of the 8-bit,
+16-bit and 32-bit libraries has been built, and runs the tests appropriately.
+.
+.
+.SH "NOT SUPPORTED IN 32-BIT MODE"
+.rs
+.sp
+Not all the features of the 8-bit library are available with the 32-bit
+library. The C++ and POSIX wrapper functions support only the 8-bit library,
+and the \fBpcregrep\fP program is at present 8-bit only.
+.
+.
+.SH AUTHOR
+.rs
+.sp
+.nf
+Philip Hazel
+University Computing Service
+Cambridge CB2 3QH, England.
+.fi
+.
+.
+.SH REVISION
+.rs
+.sp
+.nf
+Last updated: 12 May 2013
+Copyright (c) 1997-2013 University of Cambridge.
+.fi
diff --git a/client/3rd/ShadowSocks/ShadowSocks/pcre/armv7/share/man/man3/pcre32_assign_jit_stack.3 b/client/3rd/ShadowSocks/ShadowSocks/pcre/armv7/share/man/man3/pcre32_assign_jit_stack.3
new file mode 120000
index 00000000..40c8775a
--- /dev/null
+++ b/client/3rd/ShadowSocks/ShadowSocks/pcre/armv7/share/man/man3/pcre32_assign_jit_stack.3
@@ -0,0 +1 @@
+pcre_assign_jit_stack.3
\ No newline at end of file
diff --git a/client/3rd/ShadowSocks/ShadowSocks/pcre/armv7/share/man/man3/pcre32_compile.3 b/client/3rd/ShadowSocks/ShadowSocks/pcre/armv7/share/man/man3/pcre32_compile.3
new file mode 120000
index 00000000..9364e751
--- /dev/null
+++ b/client/3rd/ShadowSocks/ShadowSocks/pcre/armv7/share/man/man3/pcre32_compile.3
@@ -0,0 +1 @@
+pcre_compile.3
\ No newline at end of file
diff --git a/client/3rd/ShadowSocks/ShadowSocks/pcre/armv7/share/man/man3/pcre32_compile2.3 b/client/3rd/ShadowSocks/ShadowSocks/pcre/armv7/share/man/man3/pcre32_compile2.3
new file mode 120000
index 00000000..2d6aff35
--- /dev/null
+++ b/client/3rd/ShadowSocks/ShadowSocks/pcre/armv7/share/man/man3/pcre32_compile2.3
@@ -0,0 +1 @@
+pcre_compile2.3
\ No newline at end of file
diff --git a/client/3rd/ShadowSocks/ShadowSocks/pcre/armv7/share/man/man3/pcre32_config.3 b/client/3rd/ShadowSocks/ShadowSocks/pcre/armv7/share/man/man3/pcre32_config.3
new file mode 120000
index 00000000..db964059
--- /dev/null
+++ b/client/3rd/ShadowSocks/ShadowSocks/pcre/armv7/share/man/man3/pcre32_config.3
@@ -0,0 +1 @@
+pcre_config.3
\ No newline at end of file
diff --git a/client/3rd/ShadowSocks/ShadowSocks/pcre/armv7/share/man/man3/pcre32_copy_named_substring.3 b/client/3rd/ShadowSocks/ShadowSocks/pcre/armv7/share/man/man3/pcre32_copy_named_substring.3
new file mode 120000
index 00000000..c15b9774
--- /dev/null
+++ b/client/3rd/ShadowSocks/ShadowSocks/pcre/armv7/share/man/man3/pcre32_copy_named_substring.3
@@ -0,0 +1 @@
+pcre_copy_named_substring.3
\ No newline at end of file
diff --git a/client/3rd/ShadowSocks/ShadowSocks/pcre/armv7/share/man/man3/pcre32_copy_substring.3 b/client/3rd/ShadowSocks/ShadowSocks/pcre/armv7/share/man/man3/pcre32_copy_substring.3
new file mode 120000
index 00000000..98d1f84d
--- /dev/null
+++ b/client/3rd/ShadowSocks/ShadowSocks/pcre/armv7/share/man/man3/pcre32_copy_substring.3
@@ -0,0 +1 @@
+pcre_copy_substring.3
\ No newline at end of file
diff --git a/client/3rd/ShadowSocks/ShadowSocks/pcre/armv7/share/man/man3/pcre32_dfa_exec.3 b/client/3rd/ShadowSocks/ShadowSocks/pcre/armv7/share/man/man3/pcre32_dfa_exec.3
new file mode 120000
index 00000000..ed408df0
--- /dev/null
+++ b/client/3rd/ShadowSocks/ShadowSocks/pcre/armv7/share/man/man3/pcre32_dfa_exec.3
@@ -0,0 +1 @@
+pcre_dfa_exec.3
\ No newline at end of file
diff --git a/client/3rd/ShadowSocks/ShadowSocks/pcre/armv7/share/man/man3/pcre32_exec.3 b/client/3rd/ShadowSocks/ShadowSocks/pcre/armv7/share/man/man3/pcre32_exec.3
new file mode 120000
index 00000000..ebaa2527
--- /dev/null
+++ b/client/3rd/ShadowSocks/ShadowSocks/pcre/armv7/share/man/man3/pcre32_exec.3
@@ -0,0 +1 @@
+pcre_exec.3
\ No newline at end of file
diff --git a/client/3rd/ShadowSocks/ShadowSocks/pcre/armv7/share/man/man3/pcre32_free_study.3 b/client/3rd/ShadowSocks/ShadowSocks/pcre/armv7/share/man/man3/pcre32_free_study.3
new file mode 120000
index 00000000..4c53ea9f
--- /dev/null
+++ b/client/3rd/ShadowSocks/ShadowSocks/pcre/armv7/share/man/man3/pcre32_free_study.3
@@ -0,0 +1 @@
+pcre_free_study.3
\ No newline at end of file
diff --git a/client/3rd/ShadowSocks/ShadowSocks/pcre/armv7/share/man/man3/pcre32_free_substring.3 b/client/3rd/ShadowSocks/ShadowSocks/pcre/armv7/share/man/man3/pcre32_free_substring.3
new file mode 120000
index 00000000..48567bfb
--- /dev/null
+++ b/client/3rd/ShadowSocks/ShadowSocks/pcre/armv7/share/man/man3/pcre32_free_substring.3
@@ -0,0 +1 @@
+pcre_free_substring.3
\ No newline at end of file
diff --git a/client/3rd/ShadowSocks/ShadowSocks/pcre/armv7/share/man/man3/pcre32_free_substring_list.3 b/client/3rd/ShadowSocks/ShadowSocks/pcre/armv7/share/man/man3/pcre32_free_substring_list.3
new file mode 120000
index 00000000..84b7b7e5
--- /dev/null
+++ b/client/3rd/ShadowSocks/ShadowSocks/pcre/armv7/share/man/man3/pcre32_free_substring_list.3
@@ -0,0 +1 @@
+pcre_free_substring_list.3
\ No newline at end of file
diff --git a/client/3rd/ShadowSocks/ShadowSocks/pcre/armv7/share/man/man3/pcre32_fullinfo.3 b/client/3rd/ShadowSocks/ShadowSocks/pcre/armv7/share/man/man3/pcre32_fullinfo.3
new file mode 120000
index 00000000..b7386a98
--- /dev/null
+++ b/client/3rd/ShadowSocks/ShadowSocks/pcre/armv7/share/man/man3/pcre32_fullinfo.3
@@ -0,0 +1 @@
+pcre_fullinfo.3
\ No newline at end of file
diff --git a/client/3rd/ShadowSocks/ShadowSocks/pcre/armv7/share/man/man3/pcre32_get_named_substring.3 b/client/3rd/ShadowSocks/ShadowSocks/pcre/armv7/share/man/man3/pcre32_get_named_substring.3
new file mode 120000
index 00000000..c095ca50
--- /dev/null
+++ b/client/3rd/ShadowSocks/ShadowSocks/pcre/armv7/share/man/man3/pcre32_get_named_substring.3
@@ -0,0 +1 @@
+pcre_get_named_substring.3
\ No newline at end of file
diff --git a/client/3rd/ShadowSocks/ShadowSocks/pcre/armv7/share/man/man3/pcre32_get_stringnumber.3 b/client/3rd/ShadowSocks/ShadowSocks/pcre/armv7/share/man/man3/pcre32_get_stringnumber.3
new file mode 120000
index 00000000..f8e81d32
--- /dev/null
+++ b/client/3rd/ShadowSocks/ShadowSocks/pcre/armv7/share/man/man3/pcre32_get_stringnumber.3
@@ -0,0 +1 @@
+pcre_get_stringnumber.3
\ No newline at end of file
diff --git a/client/3rd/ShadowSocks/ShadowSocks/pcre/armv7/share/man/man3/pcre32_get_stringtable_entries.3 b/client/3rd/ShadowSocks/ShadowSocks/pcre/armv7/share/man/man3/pcre32_get_stringtable_entries.3
new file mode 120000
index 00000000..9f8cc4a7
--- /dev/null
+++ b/client/3rd/ShadowSocks/ShadowSocks/pcre/armv7/share/man/man3/pcre32_get_stringtable_entries.3
@@ -0,0 +1 @@
+pcre_get_stringtable_entries.3
\ No newline at end of file
diff --git a/client/3rd/ShadowSocks/ShadowSocks/pcre/armv7/share/man/man3/pcre32_get_substring.3 b/client/3rd/ShadowSocks/ShadowSocks/pcre/armv7/share/man/man3/pcre32_get_substring.3
new file mode 120000
index 00000000..26383b5d
--- /dev/null
+++ b/client/3rd/ShadowSocks/ShadowSocks/pcre/armv7/share/man/man3/pcre32_get_substring.3
@@ -0,0 +1 @@
+pcre_get_substring.3
\ No newline at end of file
diff --git a/client/3rd/ShadowSocks/ShadowSocks/pcre/armv7/share/man/man3/pcre32_get_substring_list.3 b/client/3rd/ShadowSocks/ShadowSocks/pcre/armv7/share/man/man3/pcre32_get_substring_list.3
new file mode 120000
index 00000000..2faa865f
--- /dev/null
+++ b/client/3rd/ShadowSocks/ShadowSocks/pcre/armv7/share/man/man3/pcre32_get_substring_list.3
@@ -0,0 +1 @@
+pcre_get_substring_list.3
\ No newline at end of file
diff --git a/client/3rd/ShadowSocks/ShadowSocks/pcre/armv7/share/man/man3/pcre32_jit_exec.3 b/client/3rd/ShadowSocks/ShadowSocks/pcre/armv7/share/man/man3/pcre32_jit_exec.3
new file mode 120000
index 00000000..59089ada
--- /dev/null
+++ b/client/3rd/ShadowSocks/ShadowSocks/pcre/armv7/share/man/man3/pcre32_jit_exec.3
@@ -0,0 +1 @@
+pcre_jit_exec.3
\ No newline at end of file
diff --git a/client/3rd/ShadowSocks/ShadowSocks/pcre/armv7/share/man/man3/pcre32_jit_stack_alloc.3 b/client/3rd/ShadowSocks/ShadowSocks/pcre/armv7/share/man/man3/pcre32_jit_stack_alloc.3
new file mode 120000
index 00000000..dab43b82
--- /dev/null
+++ b/client/3rd/ShadowSocks/ShadowSocks/pcre/armv7/share/man/man3/pcre32_jit_stack_alloc.3
@@ -0,0 +1 @@
+pcre_jit_stack_alloc.3
\ No newline at end of file
diff --git a/client/3rd/ShadowSocks/ShadowSocks/pcre/armv7/share/man/man3/pcre32_jit_stack_free.3 b/client/3rd/ShadowSocks/ShadowSocks/pcre/armv7/share/man/man3/pcre32_jit_stack_free.3
new file mode 120000
index 00000000..e92aa310
--- /dev/null
+++ b/client/3rd/ShadowSocks/ShadowSocks/pcre/armv7/share/man/man3/pcre32_jit_stack_free.3
@@ -0,0 +1 @@
+pcre_jit_stack_free.3
\ No newline at end of file
diff --git a/client/3rd/ShadowSocks/ShadowSocks/pcre/armv7/share/man/man3/pcre32_maketables.3 b/client/3rd/ShadowSocks/ShadowSocks/pcre/armv7/share/man/man3/pcre32_maketables.3
new file mode 120000
index 00000000..3b6308e2
--- /dev/null
+++ b/client/3rd/ShadowSocks/ShadowSocks/pcre/armv7/share/man/man3/pcre32_maketables.3
@@ -0,0 +1 @@
+pcre_maketables.3
\ No newline at end of file
diff --git a/client/3rd/ShadowSocks/ShadowSocks/pcre/armv7/share/man/man3/pcre32_pattern_to_host_byte_order.3 b/client/3rd/ShadowSocks/ShadowSocks/pcre/armv7/share/man/man3/pcre32_pattern_to_host_byte_order.3
new file mode 120000
index 00000000..6540917e
--- /dev/null
+++ b/client/3rd/ShadowSocks/ShadowSocks/pcre/armv7/share/man/man3/pcre32_pattern_to_host_byte_order.3
@@ -0,0 +1 @@
+pcre_pattern_to_host_byte_order.3
\ No newline at end of file
diff --git a/client/3rd/ShadowSocks/ShadowSocks/pcre/armv7/share/man/man3/pcre32_refcount.3 b/client/3rd/ShadowSocks/ShadowSocks/pcre/armv7/share/man/man3/pcre32_refcount.3
new file mode 120000
index 00000000..63cece3f
--- /dev/null
+++ b/client/3rd/ShadowSocks/ShadowSocks/pcre/armv7/share/man/man3/pcre32_refcount.3
@@ -0,0 +1 @@
+pcre_refcount.3
\ No newline at end of file
diff --git a/client/3rd/ShadowSocks/ShadowSocks/pcre/armv7/share/man/man3/pcre32_study.3 b/client/3rd/ShadowSocks/ShadowSocks/pcre/armv7/share/man/man3/pcre32_study.3
new file mode 120000
index 00000000..9871217f
--- /dev/null
+++ b/client/3rd/ShadowSocks/ShadowSocks/pcre/armv7/share/man/man3/pcre32_study.3
@@ -0,0 +1 @@
+pcre_study.3
\ No newline at end of file
diff --git a/client/3rd/ShadowSocks/ShadowSocks/pcre/armv7/share/man/man3/pcre32_utf32_to_host_byte_order.3 b/client/3rd/ShadowSocks/ShadowSocks/pcre/armv7/share/man/man3/pcre32_utf32_to_host_byte_order.3
new file mode 120000
index 00000000..e9699f5f
--- /dev/null
+++ b/client/3rd/ShadowSocks/ShadowSocks/pcre/armv7/share/man/man3/pcre32_utf32_to_host_byte_order.3
@@ -0,0 +1 @@
+pcre_utf32_to_host_byte_order.3
\ No newline at end of file
diff --git a/client/3rd/ShadowSocks/ShadowSocks/pcre/armv7/share/man/man3/pcre32_version.3 b/client/3rd/ShadowSocks/ShadowSocks/pcre/armv7/share/man/man3/pcre32_version.3
new file mode 120000
index 00000000..c31893c6
--- /dev/null
+++ b/client/3rd/ShadowSocks/ShadowSocks/pcre/armv7/share/man/man3/pcre32_version.3
@@ -0,0 +1 @@
+pcre_version.3
\ No newline at end of file
diff --git a/client/3rd/ShadowSocks/ShadowSocks/pcre/armv7/share/man/man3/pcre_assign_jit_stack.3 b/client/3rd/ShadowSocks/ShadowSocks/pcre/armv7/share/man/man3/pcre_assign_jit_stack.3
new file mode 100644
index 00000000..0ecf6f2c
--- /dev/null
+++ b/client/3rd/ShadowSocks/ShadowSocks/pcre/armv7/share/man/man3/pcre_assign_jit_stack.3
@@ -0,0 +1,59 @@
+.TH PCRE_ASSIGN_JIT_STACK 3 "24 June 2012" "PCRE 8.30"
+.SH NAME
+PCRE - Perl-compatible regular expressions
+.SH SYNOPSIS
+.rs
+.sp
+.B #include <pcre.h>
+.PP
+.nf
+.B void pcre_assign_jit_stack(pcre_extra *\fIextra\fP,
+.B "     pcre_jit_callback \fIcallback\fP, void *\fIdata\fP);"
+.sp
+.B void pcre16_assign_jit_stack(pcre16_extra *\fIextra\fP,
+.B "     pcre16_jit_callback \fIcallback\fP, void *\fIdata\fP);"
+.sp
+.B void pcre32_assign_jit_stack(pcre32_extra *\fIextra\fP,
+.B "     pcre32_jit_callback \fIcallback\fP, void *\fIdata\fP);"
+.fi
+.
+.SH DESCRIPTION
+.rs
+.sp
+This function provides control over the memory used as a stack at run-time by a
+call to \fBpcre[16|32]_exec()\fP with a pattern that has been successfully
+compiled with JIT optimization. The arguments are:
+.sp
+  extra     the data pointer returned by \fBpcre[16|32]_study()\fP
+  callback  a callback function
+  data      a JIT stack or a value to be passed to the callback
+              function
+.P
+If \fIcallback\fP is NULL and \fIdata\fP is NULL, an internal 32K block on
+the machine stack is used.
+.P
+If \fIcallback\fP is NULL and \fIdata\fP is not NULL, \fIdata\fP must
+be a valid JIT stack, the result of calling \fBpcre[16|32]_jit_stack_alloc()\fP.
+.P
+If \fIcallback\fP not NULL, it is called with \fIdata\fP as an argument at
+the start of matching, in order to set up a JIT stack. If the result is NULL,
+the internal 32K stack is used; otherwise the return value must be a valid JIT
+stack, the result of calling \fBpcre[16|32]_jit_stack_alloc()\fP.
+.P
+You may safely assign the same JIT stack to multiple patterns, as long as they
+are all matched in the same thread. In a multithread application, each thread
+must use its own JIT stack. For more details, see the
+.\" HREF
+\fBpcrejit\fP
+.\"
+page.
+.P
+There is a complete description of the PCRE native API in the
+.\" HREF
+\fBpcreapi\fP
+.\"
+page and a description of the POSIX API in the
+.\" HREF
+\fBpcreposix\fP
+.\"
+page.
diff --git a/client/3rd/ShadowSocks/ShadowSocks/pcre/armv7/share/man/man3/pcre_compile.3 b/client/3rd/ShadowSocks/ShadowSocks/pcre/armv7/share/man/man3/pcre_compile.3
new file mode 100644
index 00000000..5c16ebe2
--- /dev/null
+++ b/client/3rd/ShadowSocks/ShadowSocks/pcre/armv7/share/man/man3/pcre_compile.3
@@ -0,0 +1,96 @@
+.TH PCRE_COMPILE 3 "01 October 2013" "PCRE 8.34"
+.SH NAME
+PCRE - Perl-compatible regular expressions
+.SH SYNOPSIS
+.rs
+.sp
+.B #include <pcre.h>
+.PP
+.nf
+.B pcre *pcre_compile(const char *\fIpattern\fP, int \fIoptions\fP,
+.B "     const char **\fIerrptr\fP, int *\fIerroffset\fP,"
+.B "     const unsigned char *\fItableptr\fP);"
+.sp
+.B pcre16 *pcre16_compile(PCRE_SPTR16 \fIpattern\fP, int \fIoptions\fP,
+.B "     const char **\fIerrptr\fP, int *\fIerroffset\fP,"
+.B "     const unsigned char *\fItableptr\fP);"
+.sp
+.B pcre32 *pcre32_compile(PCRE_SPTR32 \fIpattern\fP, int \fIoptions\fP,
+.B "     const char **\fIerrptr\fP, int *\fIerroffset\fP,"
+.B "     const unsigned char *\fItableptr\fP);"
+.fi
+.
+.SH DESCRIPTION
+.rs
+.sp
+This function compiles a regular expression into an internal form. It is the
+same as \fBpcre[16|32]_compile2()\fP, except for the absence of the
+\fIerrorcodeptr\fP argument. Its arguments are:
+.sp
+  \fIpattern\fP       A zero-terminated string containing the
+                  regular expression to be compiled
+  \fIoptions\fP       Zero or more option bits
+  \fIerrptr\fP        Where to put an error message
+  \fIerroffset\fP     Offset in pattern where error was found
+  \fItableptr\fP      Pointer to character tables, or NULL to
+                  use the built-in default
+.sp
+The option bits are:
+.sp
+  PCRE_ANCHORED           Force pattern anchoring
+  PCRE_AUTO_CALLOUT       Compile automatic callouts
+  PCRE_BSR_ANYCRLF        \eR matches only CR, LF, or CRLF
+  PCRE_BSR_UNICODE        \eR matches all Unicode line endings
+  PCRE_CASELESS           Do caseless matching
+  PCRE_DOLLAR_ENDONLY     $ not to match newline at end
+  PCRE_DOTALL             . matches anything including NL
+  PCRE_DUPNAMES           Allow duplicate names for subpatterns
+  PCRE_EXTENDED           Ignore white space and # comments
+  PCRE_EXTRA              PCRE extra features
+                            (not much use currently)
+  PCRE_FIRSTLINE          Force matching to be before newline
+  PCRE_JAVASCRIPT_COMPAT  JavaScript compatibility
+  PCRE_MULTILINE          ^ and $ match newlines within data
+  PCRE_NEVER_UTF          Lock out UTF, e.g. via (*UTF)
+  PCRE_NEWLINE_ANY        Recognize any Unicode newline sequence
+  PCRE_NEWLINE_ANYCRLF    Recognize CR, LF, and CRLF as newline
+                            sequences
+  PCRE_NEWLINE_CR         Set CR as the newline sequence
+  PCRE_NEWLINE_CRLF       Set CRLF as the newline sequence
+  PCRE_NEWLINE_LF         Set LF as the newline sequence
+  PCRE_NO_AUTO_CAPTURE    Disable numbered capturing paren-
+                            theses (named ones available)
+  PCRE_NO_AUTO_POSSESS    Disable auto-possessification
+  PCRE_NO_START_OPTIMIZE  Disable match-time start optimizations
+  PCRE_NO_UTF16_CHECK     Do not check the pattern for UTF-16
+                            validity (only relevant if
+                            PCRE_UTF16 is set)
+  PCRE_NO_UTF32_CHECK     Do not check the pattern for UTF-32
+                            validity (only relevant if
+                            PCRE_UTF32 is set)
+  PCRE_NO_UTF8_CHECK      Do not check the pattern for UTF-8
+                            validity (only relevant if
+                            PCRE_UTF8 is set)
+  PCRE_UCP                Use Unicode properties for \ed, \ew, etc.
+  PCRE_UNGREEDY           Invert greediness of quantifiers
+  PCRE_UTF16              Run in \fBpcre16_compile()\fP UTF-16 mode
+  PCRE_UTF32              Run in \fBpcre32_compile()\fP UTF-32 mode
+  PCRE_UTF8               Run in \fBpcre_compile()\fP UTF-8 mode
+.sp
+PCRE must be built with UTF support in order to use PCRE_UTF8/16/32 and
+PCRE_NO_UTF8/16/32_CHECK, and with UCP support if PCRE_UCP is used.
+.P
+The yield of the function is a pointer to a private data structure that
+contains the compiled pattern, or NULL if an error was detected. Note that
+compiling regular expressions with one version of PCRE for use with a different
+version is not guaranteed to work and may cause crashes.
+.P
+There is a complete description of the PCRE native API in the
+.\" HREF
+\fBpcreapi\fP
+.\"
+page and a description of the POSIX API in the
+.\" HREF
+\fBpcreposix\fP
+.\"
+page.
diff --git a/client/3rd/ShadowSocks/ShadowSocks/pcre/armv7/share/man/man3/pcre_compile2.3 b/client/3rd/ShadowSocks/ShadowSocks/pcre/armv7/share/man/man3/pcre_compile2.3
new file mode 100644
index 00000000..37742018
--- /dev/null
+++ b/client/3rd/ShadowSocks/ShadowSocks/pcre/armv7/share/man/man3/pcre_compile2.3
@@ -0,0 +1,101 @@
+.TH PCRE_COMPILE2 3 "01 October 2013" "PCRE 8.34"
+.SH NAME
+PCRE - Perl-compatible regular expressions
+.SH SYNOPSIS
+.rs
+.sp
+.B #include <pcre.h>
+.PP
+.nf
+.B pcre *pcre_compile2(const char *\fIpattern\fP, int \fIoptions\fP,
+.B "     int *\fIerrorcodeptr\fP,"
+.B "     const char **\fIerrptr\fP, int *\fIerroffset\fP,"
+.B "     const unsigned char *\fItableptr\fP);"
+.sp
+.B pcre16 *pcre16_compile2(PCRE_SPTR16 \fIpattern\fP, int \fIoptions\fP,
+.B "     int *\fIerrorcodeptr\fP,"
+.B "     const char **\fIerrptr\fP, int *\fIerroffset\fP,"
+.B "     const unsigned char *\fItableptr\fP);"
+.sp
+.B pcre32 *pcre32_compile2(PCRE_SPTR32 \fIpattern\fP, int \fIoptions\fP,
+.B "     int *\fIerrorcodeptr\fP,£
+.B "     const char **\fIerrptr\fP, int *\fIerroffset\fP,"
+.B "     const unsigned char *\fItableptr\fP);"
+.fi
+.
+.SH DESCRIPTION
+.rs
+.sp
+This function compiles a regular expression into an internal form. It is the
+same as \fBpcre[16|32]_compile()\fP, except for the addition of the
+\fIerrorcodeptr\fP argument. The arguments are:
+.
+.sp
+  \fIpattern\fP       A zero-terminated string containing the
+                  regular expression to be compiled
+  \fIoptions\fP       Zero or more option bits
+  \fIerrorcodeptr\fP  Where to put an error code
+  \fIerrptr\fP        Where to put an error message
+  \fIerroffset\fP     Offset in pattern where error was found
+  \fItableptr\fP      Pointer to character tables, or NULL to
+                  use the built-in default
+.sp
+The option bits are:
+.sp
+  PCRE_ANCHORED           Force pattern anchoring
+  PCRE_AUTO_CALLOUT       Compile automatic callouts
+  PCRE_BSR_ANYCRLF        \eR matches only CR, LF, or CRLF
+  PCRE_BSR_UNICODE        \eR matches all Unicode line endings
+  PCRE_CASELESS           Do caseless matching
+  PCRE_DOLLAR_ENDONLY     $ not to match newline at end
+  PCRE_DOTALL             . matches anything including NL
+  PCRE_DUPNAMES           Allow duplicate names for subpatterns
+  PCRE_EXTENDED           Ignore white space and # comments
+  PCRE_EXTRA              PCRE extra features
+                            (not much use currently)
+  PCRE_FIRSTLINE          Force matching to be before newline
+  PCRE_JAVASCRIPT_COMPAT  JavaScript compatibility
+  PCRE_MULTILINE          ^ and $ match newlines within data
+  PCRE_NEVER_UTF          Lock out UTF, e.g. via (*UTF)
+  PCRE_NEWLINE_ANY        Recognize any Unicode newline sequence
+  PCRE_NEWLINE_ANYCRLF    Recognize CR, LF, and CRLF as newline
+                            sequences
+  PCRE_NEWLINE_CR         Set CR as the newline sequence
+  PCRE_NEWLINE_CRLF       Set CRLF as the newline sequence
+  PCRE_NEWLINE_LF         Set LF as the newline sequence
+  PCRE_NO_AUTO_CAPTURE    Disable numbered capturing paren-
+                            theses (named ones available)
+  PCRE_NO_AUTO_POSSESS    Disable auto-possessification
+  PCRE_NO_START_OPTIMIZE  Disable match-time start optimizations
+  PCRE_NO_UTF16_CHECK     Do not check the pattern for UTF-16
+                            validity (only relevant if
+                            PCRE_UTF16 is set)
+  PCRE_NO_UTF32_CHECK     Do not check the pattern for UTF-32
+                            validity (only relevant if
+                            PCRE_UTF32 is set)
+  PCRE_NO_UTF8_CHECK      Do not check the pattern for UTF-8
+                            validity (only relevant if
+                            PCRE_UTF8 is set)
+  PCRE_UCP                Use Unicode properties for \ed, \ew, etc.
+  PCRE_UNGREEDY           Invert greediness of quantifiers
+  PCRE_UTF16              Run \fBpcre16_compile()\fP in UTF-16 mode
+  PCRE_UTF32              Run \fBpcre32_compile()\fP in UTF-32 mode
+  PCRE_UTF8               Run \fBpcre_compile()\fP in UTF-8 mode
+.sp
+PCRE must be built with UTF support in order to use PCRE_UTF8/16/32 and
+PCRE_NO_UTF8/16/32_CHECK, and with UCP support if PCRE_UCP is used.
+.P
+The yield of the function is a pointer to a private data structure that
+contains the compiled pattern, or NULL if an error was detected. Note that
+compiling regular expressions with one version of PCRE for use with a different
+version is not guaranteed to work and may cause crashes.
+.P
+There is a complete description of the PCRE native API in the
+.\" HREF
+\fBpcreapi\fP
+.\"
+page and a description of the POSIX API in the
+.\" HREF
+\fBpcreposix\fP
+.\"
+page.
diff --git a/client/3rd/ShadowSocks/ShadowSocks/pcre/armv7/share/man/man3/pcre_config.3 b/client/3rd/ShadowSocks/ShadowSocks/pcre/armv7/share/man/man3/pcre_config.3
new file mode 100644
index 00000000..d14ffdad
--- /dev/null
+++ b/client/3rd/ShadowSocks/ShadowSocks/pcre/armv7/share/man/man3/pcre_config.3
@@ -0,0 +1,79 @@
+.TH PCRE_CONFIG 3 "20 April 2014" "PCRE 8.36"
+.SH NAME
+PCRE - Perl-compatible regular expressions
+.SH SYNOPSIS
+.rs
+.sp
+.B #include <pcre.h>
+.PP
+.SM
+.B int pcre_config(int \fIwhat\fP, void *\fIwhere\fP);
+.PP
+.B int pcre16_config(int \fIwhat\fP, void *\fIwhere\fP);
+.PP
+.B int pcre32_config(int \fIwhat\fP, void *\fIwhere\fP);
+.
+.SH DESCRIPTION
+.rs
+.sp
+This function makes it possible for a client program to find out which optional
+features are available in the version of the PCRE library it is using. The
+arguments are as follows:
+.sp
+  \fIwhat\fP     A code specifying what information is required
+  \fIwhere\fP    Points to where to put the data
+.sp
+The \fIwhere\fP argument must point to an integer variable, except for
+PCRE_CONFIG_MATCH_LIMIT, PCRE_CONFIG_MATCH_LIMIT_RECURSION, and
+PCRE_CONFIG_PARENS_LIMIT, when it must point to an unsigned long integer,
+and for PCRE_CONFIG_JITTARGET, when it must point to a const char*.
+The available codes are:
+.sp
+  PCRE_CONFIG_JIT           Availability of just-in-time compiler
+                              support (1=yes 0=no)
+  PCRE_CONFIG_JITTARGET     String containing information about the
+                              target architecture for the JIT compiler,
+                              or NULL if there is no JIT support
+  PCRE_CONFIG_LINK_SIZE     Internal link size: 2, 3, or 4
+  PCRE_CONFIG_PARENS_LIMIT  Parentheses nesting limit
+  PCRE_CONFIG_MATCH_LIMIT   Internal resource limit
+  PCRE_CONFIG_MATCH_LIMIT_RECURSION
+                            Internal recursion depth limit
+  PCRE_CONFIG_NEWLINE       Value of the default newline sequence:
+                                13 (0x000d)    for CR
+                                10 (0x000a)    for LF
+                              3338 (0x0d0a)    for CRLF
+                                -2             for ANYCRLF
+                                -1             for ANY
+  PCRE_CONFIG_BSR           Indicates what \eR matches by default:
+                                 0             all Unicode line endings
+                                 1             CR, LF, or CRLF only
+  PCRE_CONFIG_POSIX_MALLOC_THRESHOLD
+                            Threshold of return slots, above which
+                              \fBmalloc()\fP is used by the POSIX API
+  PCRE_CONFIG_STACKRECURSE  Recursion implementation (1=stack 0=heap)
+  PCRE_CONFIG_UTF16         Availability of UTF-16 support (1=yes
+                               0=no); option for \fBpcre16_config()\fP
+  PCRE_CONFIG_UTF32         Availability of UTF-32 support (1=yes
+                               0=no); option for \fBpcre32_config()\fP
+  PCRE_CONFIG_UTF8          Availability of UTF-8 support (1=yes 0=no);
+                              option for \fBpcre_config()\fP
+  PCRE_CONFIG_UNICODE_PROPERTIES
+                            Availability of Unicode property support
+                              (1=yes 0=no)
+.sp
+The function yields 0 on success or PCRE_ERROR_BADOPTION otherwise. That error
+is also given if PCRE_CONFIG_UTF16 or PCRE_CONFIG_UTF32 is passed to
+\fBpcre_config()\fP, if PCRE_CONFIG_UTF8 or PCRE_CONFIG_UTF32 is passed to
+\fBpcre16_config()\fP, or if PCRE_CONFIG_UTF8 or PCRE_CONFIG_UTF16 is passed to
+\fBpcre32_config()\fP.
+.P
+There is a complete description of the PCRE native API in the
+.\" HREF
+\fBpcreapi\fP
+.\"
+page and a description of the POSIX API in the
+.\" HREF
+\fBpcreposix\fP
+.\"
+page.
diff --git a/client/3rd/ShadowSocks/ShadowSocks/pcre/armv7/share/man/man3/pcre_copy_named_substring.3 b/client/3rd/ShadowSocks/ShadowSocks/pcre/armv7/share/man/man3/pcre_copy_named_substring.3
new file mode 100644
index 00000000..52582aec
--- /dev/null
+++ b/client/3rd/ShadowSocks/ShadowSocks/pcre/armv7/share/man/man3/pcre_copy_named_substring.3
@@ -0,0 +1,51 @@
+.TH PCRE_COPY_NAMED_SUBSTRING 3 "24 June 2012" "PCRE 8.30"
+.SH NAME
+PCRE - Perl-compatible regular expressions
+.SH SYNOPSIS
+.rs
+.sp
+.B #include <pcre.h>
+.PP
+.nf
+.B int pcre_copy_named_substring(const pcre *\fIcode\fP,
+.B "     const char *\fIsubject\fP, int *\fIovector\fP,"
+.B "     int \fIstringcount\fP, const char *\fIstringname\fP,"
+.B "     char *\fIbuffer\fP, int \fIbuffersize\fP);"
+.sp
+.B int pcre16_copy_named_substring(const pcre16 *\fIcode\fP,
+.B "     PCRE_SPTR16 \fIsubject\fP, int *\fIovector\fP,"
+.B "     int \fIstringcount\fP, PCRE_SPTR16 \fIstringname\fP,"
+.B "     PCRE_UCHAR16 *\fIbuffer\fP, int \fIbuffersize\fP);"
+.sp
+.B int pcre32_copy_named_substring(const pcre32 *\fIcode\fP,
+.B "     PCRE_SPTR32 \fIsubject\fP, int *\fIovector\fP,"
+.B "     int \fIstringcount\fP, PCRE_SPTR32 \fIstringname\fP,"
+.B "     PCRE_UCHAR32 *\fIbuffer\fP, int \fIbuffersize\fP);"
+.fi
+.
+.SH DESCRIPTION
+.rs
+.sp
+This is a convenience function for extracting a captured substring, identified
+by name, into a given buffer. The arguments are:
+.sp
+  \fIcode\fP          Pattern that was successfully matched
+  \fIsubject\fP       Subject that has been successfully matched
+  \fIovector\fP       Offset vector that \fBpcre[16|32]_exec()\fP used
+  \fIstringcount\fP   Value returned by \fBpcre[16|32]_exec()\fP
+  \fIstringname\fP    Name of the required substring
+  \fIbuffer\fP        Buffer to receive the string
+  \fIbuffersize\fP    Size of buffer
+.sp
+The yield is the length of the substring, PCRE_ERROR_NOMEMORY if the buffer was
+too small, or PCRE_ERROR_NOSUBSTRING if the string name is invalid.
+.P
+There is a complete description of the PCRE native API in the
+.\" HREF
+\fBpcreapi\fP
+.\"
+page and a description of the POSIX API in the
+.\" HREF
+\fBpcreposix\fP
+.\"
+page.
diff --git a/client/3rd/ShadowSocks/ShadowSocks/pcre/armv7/share/man/man3/pcre_copy_substring.3 b/client/3rd/ShadowSocks/ShadowSocks/pcre/armv7/share/man/man3/pcre_copy_substring.3
new file mode 100644
index 00000000..83af6e80
--- /dev/null
+++ b/client/3rd/ShadowSocks/ShadowSocks/pcre/armv7/share/man/man3/pcre_copy_substring.3
@@ -0,0 +1,47 @@
+.TH PCRE_COPY_SUBSTRING 3 "24 June 2012" "PCRE 8.30"
+.SH NAME
+PCRE - Perl-compatible regular expressions
+.SH SYNOPSIS
+.rs
+.sp
+.B #include <pcre.h>
+.PP
+.nf
+.B int pcre_copy_substring(const char *\fIsubject\fP, int *\fIovector\fP,
+.B "     int \fIstringcount\fP, int \fIstringnumber\fP, char *\fIbuffer\fP,"
+.B "     int \fIbuffersize\fP);"
+.sp
+.B int pcre16_copy_substring(PCRE_SPTR16 \fIsubject\fP, int *\fIovector\fP,
+.B "     int \fIstringcount\fP, int \fIstringnumber\fP, PCRE_UCHAR16 *\fIbuffer\fP,"
+.B "     int \fIbuffersize\fP);"
+.sp
+.B int pcre32_copy_substring(PCRE_SPTR32 \fIsubject\fP, int *\fIovector\fP,
+.B "     int \fIstringcount\fP, int \fIstringnumber\fP, PCRE_UCHAR32 *\fIbuffer\fP,"
+.B "     int \fIbuffersize\fP);"
+.fi
+.
+.SH DESCRIPTION
+.rs
+.sp
+This is a convenience function for extracting a captured substring into a given
+buffer. The arguments are:
+.sp
+  \fIsubject\fP       Subject that has been successfully matched
+  \fIovector\fP       Offset vector that \fBpcre[16|32]_exec()\fP used
+  \fIstringcount\fP   Value returned by \fBpcre[16|32]_exec()\fP
+  \fIstringnumber\fP  Number of the required substring
+  \fIbuffer\fP        Buffer to receive the string
+  \fIbuffersize\fP    Size of buffer
+.sp
+The yield is the length of the string, PCRE_ERROR_NOMEMORY if the buffer was
+too small, or PCRE_ERROR_NOSUBSTRING if the string number is invalid.
+.P
+There is a complete description of the PCRE native API in the
+.\" HREF
+\fBpcreapi\fP
+.\"
+page and a description of the POSIX API in the
+.\" HREF
+\fBpcreposix\fP
+.\"
+page.
diff --git a/client/3rd/ShadowSocks/ShadowSocks/pcre/armv7/share/man/man3/pcre_dfa_exec.3 b/client/3rd/ShadowSocks/ShadowSocks/pcre/armv7/share/man/man3/pcre_dfa_exec.3
new file mode 100644
index 00000000..39c2e836
--- /dev/null
+++ b/client/3rd/ShadowSocks/ShadowSocks/pcre/armv7/share/man/man3/pcre_dfa_exec.3
@@ -0,0 +1,118 @@
+.TH PCRE_DFA_EXEC 3 "12 May 2013" "PCRE 8.33"
+.SH NAME
+PCRE - Perl-compatible regular expressions
+.SH SYNOPSIS
+.rs
+.sp
+.B #include <pcre.h>
+.PP
+.nf
+.B int pcre_dfa_exec(const pcre *\fIcode\fP, "const pcre_extra *\fIextra\fP,"
+.B "     const char *\fIsubject\fP, int \fIlength\fP, int \fIstartoffset\fP,"
+.B "     int \fIoptions\fP, int *\fIovector\fP, int \fIovecsize\fP,"
+.B "     int *\fIworkspace\fP, int \fIwscount\fP);"
+.sp
+.B int pcre16_dfa_exec(const pcre16 *\fIcode\fP, "const pcre16_extra *\fIextra\fP,"
+.B "     PCRE_SPTR16 \fIsubject\fP, int \fIlength\fP, int \fIstartoffset\fP,"
+.B "     int \fIoptions\fP, int *\fIovector\fP, int \fIovecsize\fP,"
+.B "     int *\fIworkspace\fP, int \fIwscount\fP);"
+.sp
+.B int pcre32_dfa_exec(const pcre32 *\fIcode\fP, "const pcre32_extra *\fIextra\fP,"
+.B "     PCRE_SPTR32 \fIsubject\fP, int \fIlength\fP, int \fIstartoffset\fP,"
+.B "     int \fIoptions\fP, int *\fIovector\fP, int \fIovecsize\fP,"
+.B "     int *\fIworkspace\fP, int \fIwscount\fP);"
+.fi
+.
+.SH DESCRIPTION
+.rs
+.sp
+This function matches a compiled regular expression against a given subject
+string, using an alternative matching algorithm that scans the subject string
+just once (\fInot\fP Perl-compatible). Note that the main, Perl-compatible,
+matching function is \fBpcre[16|32]_exec()\fP. The arguments for this function
+are:
+.sp
+  \fIcode\fP         Points to the compiled pattern
+  \fIextra\fP        Points to an associated \fBpcre[16|32]_extra\fP structure,
+                 or is NULL
+  \fIsubject\fP      Points to the subject string
+  \fIlength\fP       Length of the subject string
+  \fIstartoffset\fP  Offset in the subject at which to start matching
+  \fIoptions\fP      Option bits
+  \fIovector\fP      Points to a vector of ints for result offsets
+  \fIovecsize\fP     Number of elements in the vector
+  \fIworkspace\fP    Points to a vector of ints used as working space
+  \fIwscount\fP      Number of elements in the vector
+.sp
+The units for \fIlength\fP and \fIstartoffset\fP are bytes for
+\fBpcre_exec()\fP, 16-bit data items for \fBpcre16_exec()\fP, and 32-bit items
+for \fBpcre32_exec()\fP. The options are:
+.sp
+  PCRE_ANCHORED          Match only at the first position
+  PCRE_BSR_ANYCRLF       \eR matches only CR, LF, or CRLF
+  PCRE_BSR_UNICODE       \eR matches all Unicode line endings
+  PCRE_NEWLINE_ANY       Recognize any Unicode newline sequence
+  PCRE_NEWLINE_ANYCRLF   Recognize CR, LF, & CRLF as newline sequences
+  PCRE_NEWLINE_CR        Recognize CR as the only newline sequence
+  PCRE_NEWLINE_CRLF      Recognize CRLF as the only newline sequence
+  PCRE_NEWLINE_LF        Recognize LF as the only newline sequence
+  PCRE_NOTBOL            Subject is not the beginning of a line
+  PCRE_NOTEOL            Subject is not the end of a line
+  PCRE_NOTEMPTY          An empty string is not a valid match
+  PCRE_NOTEMPTY_ATSTART  An empty string at the start of the subject
+                           is not a valid match
+  PCRE_NO_START_OPTIMIZE Do not do "start-match" optimizations
+  PCRE_NO_UTF16_CHECK    Do not check the subject for UTF-16
+                           validity (only relevant if PCRE_UTF16
+                           was set at compile time)
+  PCRE_NO_UTF32_CHECK    Do not check the subject for UTF-32
+                           validity (only relevant if PCRE_UTF32
+                           was set at compile time)
+  PCRE_NO_UTF8_CHECK     Do not check the subject for UTF-8
+                           validity (only relevant if PCRE_UTF8
+                           was set at compile time)
+  PCRE_PARTIAL           ) Return PCRE_ERROR_PARTIAL for a partial
+  PCRE_PARTIAL_SOFT      )   match if no full matches are found
+  PCRE_PARTIAL_HARD      Return PCRE_ERROR_PARTIAL for a partial match
+                           even if there is a full match as well
+  PCRE_DFA_SHORTEST      Return only the shortest match
+  PCRE_DFA_RESTART       Restart after a partial match
+.sp
+There are restrictions on what may appear in a pattern when using this matching
+function. Details are given in the
+.\" HREF
+\fBpcrematching\fP
+.\"
+documentation. For details of partial matching, see the
+.\" HREF
+\fBpcrepartial\fP
+.\"
+page.
+.P
+A \fBpcre[16|32]_extra\fP structure contains the following fields:
+.sp
+  \fIflags\fP            Bits indicating which fields are set
+  \fIstudy_data\fP       Opaque data from \fBpcre[16|32]_study()\fP
+  \fImatch_limit\fP      Limit on internal resource use
+  \fImatch_limit_recursion\fP  Limit on internal recursion depth
+  \fIcallout_data\fP     Opaque data passed back to callouts
+  \fItables\fP           Points to character tables or is NULL
+  \fImark\fP             For passing back a *MARK pointer
+  \fIexecutable_jit\fP   Opaque data from JIT compilation
+.sp
+The flag bits are PCRE_EXTRA_STUDY_DATA, PCRE_EXTRA_MATCH_LIMIT,
+PCRE_EXTRA_MATCH_LIMIT_RECURSION, PCRE_EXTRA_CALLOUT_DATA,
+PCRE_EXTRA_TABLES, PCRE_EXTRA_MARK and PCRE_EXTRA_EXECUTABLE_JIT. For this
+matching function, the \fImatch_limit\fP and \fImatch_limit_recursion\fP fields
+are not used, and must not be set. The PCRE_EXTRA_EXECUTABLE_JIT flag and
+the corresponding variable are ignored.
+.P
+There is a complete description of the PCRE native API in the
+.\" HREF
+\fBpcreapi\fP
+.\"
+page and a description of the POSIX API in the
+.\" HREF
+\fBpcreposix\fP
+.\"
+page.
diff --git a/client/3rd/ShadowSocks/ShadowSocks/pcre/armv7/share/man/man3/pcre_exec.3 b/client/3rd/ShadowSocks/ShadowSocks/pcre/armv7/share/man/man3/pcre_exec.3
new file mode 100644
index 00000000..4686bd6d
--- /dev/null
+++ b/client/3rd/ShadowSocks/ShadowSocks/pcre/armv7/share/man/man3/pcre_exec.3
@@ -0,0 +1,99 @@
+.TH PCRE_EXEC 3 "12 May 2013" "PCRE 8.33"
+.SH NAME
+PCRE - Perl-compatible regular expressions
+.SH SYNOPSIS
+.rs
+.sp
+.B #include <pcre.h>
+.PP
+.nf
+.B int pcre_exec(const pcre *\fIcode\fP, "const pcre_extra *\fIextra\fP,"
+.B "     const char *\fIsubject\fP, int \fIlength\fP, int \fIstartoffset\fP,"
+.B "     int \fIoptions\fP, int *\fIovector\fP, int \fIovecsize\fP);"
+.sp
+.B int pcre16_exec(const pcre16 *\fIcode\fP, "const pcre16_extra *\fIextra\fP,"
+.B "     PCRE_SPTR16 \fIsubject\fP, int \fIlength\fP, int \fIstartoffset\fP,"
+.B "     int \fIoptions\fP, int *\fIovector\fP, int \fIovecsize\fP);"
+.sp
+.B int pcre32_exec(const pcre32 *\fIcode\fP, "const pcre32_extra *\fIextra\fP,"
+.B "     PCRE_SPTR32 \fIsubject\fP, int \fIlength\fP, int \fIstartoffset\fP,"
+.B "     int \fIoptions\fP, int *\fIovector\fP, int \fIovecsize\fP);"
+.fi
+.
+.SH DESCRIPTION
+.rs
+.sp
+This function matches a compiled regular expression against a given subject
+string, using a matching algorithm that is similar to Perl's. It returns
+offsets to captured substrings. Its arguments are:
+.sp
+  \fIcode\fP         Points to the compiled pattern
+  \fIextra\fP        Points to an associated \fBpcre[16|32]_extra\fP structure,
+                 or is NULL
+  \fIsubject\fP      Points to the subject string
+  \fIlength\fP       Length of the subject string
+  \fIstartoffset\fP  Offset in the subject at which to start matching
+  \fIoptions\fP      Option bits
+  \fIovector\fP      Points to a vector of ints for result offsets
+  \fIovecsize\fP     Number of elements in the vector (a multiple of 3)
+.sp
+The units for \fIlength\fP and \fIstartoffset\fP are bytes for
+\fBpcre_exec()\fP, 16-bit data items for \fBpcre16_exec()\fP, and 32-bit items
+for \fBpcre32_exec()\fP. The options are:
+.sp
+  PCRE_ANCHORED          Match only at the first position
+  PCRE_BSR_ANYCRLF       \eR matches only CR, LF, or CRLF
+  PCRE_BSR_UNICODE       \eR matches all Unicode line endings
+  PCRE_NEWLINE_ANY       Recognize any Unicode newline sequence
+  PCRE_NEWLINE_ANYCRLF   Recognize CR, LF, & CRLF as newline sequences
+  PCRE_NEWLINE_CR        Recognize CR as the only newline sequence
+  PCRE_NEWLINE_CRLF      Recognize CRLF as the only newline sequence
+  PCRE_NEWLINE_LF        Recognize LF as the only newline sequence
+  PCRE_NOTBOL            Subject string is not the beginning of a line
+  PCRE_NOTEOL            Subject string is not the end of a line
+  PCRE_NOTEMPTY          An empty string is not a valid match
+  PCRE_NOTEMPTY_ATSTART  An empty string at the start of the subject
+                           is not a valid match
+  PCRE_NO_START_OPTIMIZE Do not do "start-match" optimizations
+  PCRE_NO_UTF16_CHECK    Do not check the subject for UTF-16
+                           validity (only relevant if PCRE_UTF16
+                           was set at compile time)
+  PCRE_NO_UTF32_CHECK    Do not check the subject for UTF-32
+                           validity (only relevant if PCRE_UTF32
+                           was set at compile time)
+  PCRE_NO_UTF8_CHECK     Do not check the subject for UTF-8
+                           validity (only relevant if PCRE_UTF8
+                           was set at compile time)
+  PCRE_PARTIAL           ) Return PCRE_ERROR_PARTIAL for a partial
+  PCRE_PARTIAL_SOFT      )   match if no full matches are found
+  PCRE_PARTIAL_HARD      Return PCRE_ERROR_PARTIAL for a partial match
+                           if that is found before a full match
+.sp
+For details of partial matching, see the
+.\" HREF
+\fBpcrepartial\fP
+.\"
+page. A \fBpcre_extra\fP structure contains the following fields:
+.sp
+  \fIflags\fP            Bits indicating which fields are set
+  \fIstudy_data\fP       Opaque data from \fBpcre[16|32]_study()\fP
+  \fImatch_limit\fP      Limit on internal resource use
+  \fImatch_limit_recursion\fP  Limit on internal recursion depth
+  \fIcallout_data\fP     Opaque data passed back to callouts
+  \fItables\fP           Points to character tables or is NULL
+  \fImark\fP             For passing back a *MARK pointer
+  \fIexecutable_jit\fP   Opaque data from JIT compilation
+.sp
+The flag bits are PCRE_EXTRA_STUDY_DATA, PCRE_EXTRA_MATCH_LIMIT,
+PCRE_EXTRA_MATCH_LIMIT_RECURSION, PCRE_EXTRA_CALLOUT_DATA,
+PCRE_EXTRA_TABLES, PCRE_EXTRA_MARK and PCRE_EXTRA_EXECUTABLE_JIT.
+.P
+There is a complete description of the PCRE native API in the
+.\" HREF
+\fBpcreapi\fP
+.\"
+page and a description of the POSIX API in the
+.\" HREF
+\fBpcreposix\fP
+.\"
+page.
diff --git a/client/3rd/ShadowSocks/ShadowSocks/pcre/armv7/share/man/man3/pcre_free_study.3 b/client/3rd/ShadowSocks/ShadowSocks/pcre/armv7/share/man/man3/pcre_free_study.3
new file mode 100644
index 00000000..8826b735
--- /dev/null
+++ b/client/3rd/ShadowSocks/ShadowSocks/pcre/armv7/share/man/man3/pcre_free_study.3
@@ -0,0 +1,31 @@
+.TH PCRE_FREE_STUDY 3 "24 June 2012" "PCRE 8.30"
+.SH NAME
+PCRE - Perl-compatible regular expressions
+.SH SYNOPSIS
+.rs
+.sp
+.B #include <pcre.h>
+.PP
+.SM
+.B void pcre_free_study(pcre_extra *\fIextra\fP);
+.PP
+.B void pcre16_free_study(pcre16_extra *\fIextra\fP);
+.PP
+.B void pcre32_free_study(pcre32_extra *\fIextra\fP);
+.
+.SH DESCRIPTION
+.rs
+.sp
+This function is used to free the memory used for the data generated by a call
+to \fBpcre[16|32]_study()\fP when it is no longer needed. The argument must be the
+result of such a call.
+.P
+There is a complete description of the PCRE native API in the
+.\" HREF
+\fBpcreapi\fP
+.\"
+page and a description of the POSIX API in the
+.\" HREF
+\fBpcreposix\fP
+.\"
+page.
diff --git a/client/3rd/ShadowSocks/ShadowSocks/pcre/armv7/share/man/man3/pcre_free_substring.3 b/client/3rd/ShadowSocks/ShadowSocks/pcre/armv7/share/man/man3/pcre_free_substring.3
new file mode 100644
index 00000000..88c04019
--- /dev/null
+++ b/client/3rd/ShadowSocks/ShadowSocks/pcre/armv7/share/man/man3/pcre_free_substring.3
@@ -0,0 +1,31 @@
+.TH PCRE_FREE_SUBSTRING 3 "24 June 2012" "PCRE 8.30"
+.SH NAME
+PCRE - Perl-compatible regular expressions
+.SH SYNOPSIS
+.rs
+.sp
+.B #include <pcre.h>
+.PP
+.SM
+.B void pcre_free_substring(const char *\fIstringptr\fP);
+.PP
+.B void pcre16_free_substring(PCRE_SPTR16 \fIstringptr\fP);
+.PP
+.B void pcre32_free_substring(PCRE_SPTR32 \fIstringptr\fP);
+.
+.SH DESCRIPTION
+.rs
+.sp
+This is a convenience function for freeing the store obtained by a previous
+call to \fBpcre[16|32]_get_substring()\fP or \fBpcre[16|32]_get_named_substring()\fP.
+Its only argument is a pointer to the string.
+.P
+There is a complete description of the PCRE native API in the
+.\" HREF
+\fBpcreapi\fP
+.\"
+page and a description of the POSIX API in the
+.\" HREF
+\fBpcreposix\fP
+.\"
+page.
diff --git a/client/3rd/ShadowSocks/ShadowSocks/pcre/armv7/share/man/man3/pcre_free_substring_list.3 b/client/3rd/ShadowSocks/ShadowSocks/pcre/armv7/share/man/man3/pcre_free_substring_list.3
new file mode 100644
index 00000000..248b4bd0
--- /dev/null
+++ b/client/3rd/ShadowSocks/ShadowSocks/pcre/armv7/share/man/man3/pcre_free_substring_list.3
@@ -0,0 +1,31 @@
+.TH PCRE_FREE_SUBSTRING_LIST 3 "24 June 2012" "PCRE 8.30"
+.SH NAME
+PCRE - Perl-compatible regular expressions
+.SH SYNOPSIS
+.rs
+.sp
+.B #include <pcre.h>
+.PP
+.SM
+.B void pcre_free_substring_list(const char **\fIstringptr\fP);
+.PP
+.B void pcre16_free_substring_list(PCRE_SPTR16 *\fIstringptr\fP);
+.PP
+.B void pcre32_free_substring_list(PCRE_SPTR32 *\fIstringptr\fP);
+.
+.SH DESCRIPTION
+.rs
+.sp
+This is a convenience function for freeing the store obtained by a previous
+call to \fBpcre[16|32]_get_substring_list()\fP. Its only argument is a pointer to
+the list of string pointers.
+.P
+There is a complete description of the PCRE native API in the
+.\" HREF
+\fBpcreapi\fP
+.\"
+page and a description of the POSIX API in the
+.\" HREF
+\fBpcreposix\fP
+.\"
+page.
diff --git a/client/3rd/ShadowSocks/ShadowSocks/pcre/armv7/share/man/man3/pcre_fullinfo.3 b/client/3rd/ShadowSocks/ShadowSocks/pcre/armv7/share/man/man3/pcre_fullinfo.3
new file mode 100644
index 00000000..c9b2c656
--- /dev/null
+++ b/client/3rd/ShadowSocks/ShadowSocks/pcre/armv7/share/man/man3/pcre_fullinfo.3
@@ -0,0 +1,103 @@
+.TH PCRE_FULLINFO 3 "21 April 2014" "PCRE 8.36"
+.SH NAME
+PCRE - Perl-compatible regular expressions
+.SH SYNOPSIS
+.rs
+.sp
+.B #include <pcre.h>
+.PP
+.nf
+.B int pcre_fullinfo(const pcre *\fIcode\fP, "const pcre_extra *\fIextra\fP,"
+.B "     int \fIwhat\fP, void *\fIwhere\fP);"
+.sp
+.B int pcre16_fullinfo(const pcre16 *\fIcode\fP, "const pcre16_extra *\fIextra\fP,"
+.B "     int \fIwhat\fP, void *\fIwhere\fP);"
+.sp
+.B int pcre32_fullinfo(const pcre32 *\fIcode\fP, "const pcre32_extra *\fIextra\fP,"
+.B "     int \fIwhat\fP, void *\fIwhere\fP);"
+.fi
+.
+.SH DESCRIPTION
+.rs
+.sp
+This function returns information about a compiled pattern. Its arguments are:
+.sp
+  \fIcode\fP                      Compiled regular expression
+  \fIextra\fP                     Result of \fBpcre[16|32]_study()\fP or NULL
+  \fIwhat\fP                      What information is required
+  \fIwhere\fP                     Where to put the information
+.sp
+The following information is available:
+.sp
+  PCRE_INFO_BACKREFMAX      Number of highest back reference
+  PCRE_INFO_CAPTURECOUNT    Number of capturing subpatterns
+  PCRE_INFO_DEFAULT_TABLES  Pointer to default tables
+  PCRE_INFO_FIRSTBYTE       Fixed first data unit for a match, or
+                              -1 for start of string
+                                 or after newline, or
+                              -2 otherwise
+  PCRE_INFO_FIRSTTABLE      Table of first data units (after studying)
+  PCRE_INFO_HASCRORLF       Return 1 if explicit CR or LF matches exist
+  PCRE_INFO_JCHANGED        Return 1 if (?J) or (?-J) was used
+  PCRE_INFO_JIT             Return 1 after successful JIT compilation
+  PCRE_INFO_JITSIZE         Size of JIT compiled code
+  PCRE_INFO_LASTLITERAL     Literal last data unit required
+  PCRE_INFO_MINLENGTH       Lower bound length of matching strings
+  PCRE_INFO_MATCHEMPTY      Return 1 if the pattern can match an empty string,
+                               0 otherwise
+  PCRE_INFO_MATCHLIMIT      Match limit if set, otherwise PCRE_RROR_UNSET
+  PCRE_INFO_MAXLOOKBEHIND   Length (in characters) of the longest lookbehind assertion
+  PCRE_INFO_NAMECOUNT       Number of named subpatterns
+  PCRE_INFO_NAMEENTRYSIZE   Size of name table entry
+  PCRE_INFO_NAMETABLE       Pointer to name table
+  PCRE_INFO_OKPARTIAL       Return 1 if partial matching can be tried
+                              (always returns 1 after release 8.00)
+  PCRE_INFO_OPTIONS         Option bits used for compilation
+  PCRE_INFO_SIZE            Size of compiled pattern
+  PCRE_INFO_STUDYSIZE       Size of study data
+  PCRE_INFO_FIRSTCHARACTER      Fixed first data unit for a match
+  PCRE_INFO_FIRSTCHARACTERFLAGS Returns
+                                  1 if there is a first data character set, which can
+                                    then be retrieved using PCRE_INFO_FIRSTCHARACTER,
+                                  2 if the first character is at the start of the data
+                                    string or after a newline, and
+                                  0 otherwise
+  PCRE_INFO_RECURSIONLIMIT    Recursion limit if set, otherwise PCRE_ERROR_UNSET
+  PCRE_INFO_REQUIREDCHAR      Literal last data unit required
+  PCRE_INFO_REQUIREDCHARFLAGS Returns 1 if the last data character is set (which can then
+                              be retrieved using PCRE_INFO_REQUIREDCHAR); 0 otherwise
+.sp
+The \fIwhere\fP argument must point to an integer variable, except for the
+following \fIwhat\fP values:
+.sp
+  PCRE_INFO_DEFAULT_TABLES  const uint8_t *
+  PCRE_INFO_FIRSTCHARACTER  uint32_t
+  PCRE_INFO_FIRSTTABLE      const uint8_t *
+  PCRE_INFO_JITSIZE         size_t
+  PCRE_INFO_MATCHLIMIT      uint32_t
+  PCRE_INFO_NAMETABLE       PCRE_SPTR16           (16-bit library)
+  PCRE_INFO_NAMETABLE       PCRE_SPTR32           (32-bit library)
+  PCRE_INFO_NAMETABLE       const unsigned char * (8-bit library)
+  PCRE_INFO_OPTIONS         unsigned long int
+  PCRE_INFO_SIZE            size_t
+  PCRE_INFO_STUDYSIZE       size_t
+  PCRE_INFO_RECURSIONLIMIT  uint32_t
+  PCRE_INFO_REQUIREDCHAR    uint32_t
+.sp
+The yield of the function is zero on success or:
+.sp
+  PCRE_ERROR_NULL           the argument \fIcode\fP was NULL
+                            the argument \fIwhere\fP was NULL
+  PCRE_ERROR_BADMAGIC       the "magic number" was not found
+  PCRE_ERROR_BADOPTION      the value of \fIwhat\fP was invalid
+  PCRE_ERROR_UNSET          the option was not set
+.P
+There is a complete description of the PCRE native API in the
+.\" HREF
+\fBpcreapi\fP
+.\"
+page and a description of the POSIX API in the
+.\" HREF
+\fBpcreposix\fP
+.\"
+page.
diff --git a/client/3rd/ShadowSocks/ShadowSocks/pcre/armv7/share/man/man3/pcre_get_named_substring.3 b/client/3rd/ShadowSocks/ShadowSocks/pcre/armv7/share/man/man3/pcre_get_named_substring.3
new file mode 100644
index 00000000..84d4ee7d
--- /dev/null
+++ b/client/3rd/ShadowSocks/ShadowSocks/pcre/armv7/share/man/man3/pcre_get_named_substring.3
@@ -0,0 +1,54 @@
+.TH PCRE_GET_NAMED_SUBSTRING 3 "24 June 2012" "PCRE 8.30"
+.SH NAME
+PCRE - Perl-compatible regular expressions
+.SH SYNOPSIS
+.rs
+.sp
+.B #include <pcre.h>
+.PP
+.nf
+.B int pcre_get_named_substring(const pcre *\fIcode\fP,
+.B "     const char *\fIsubject\fP, int *\fIovector\fP,"
+.B "     int \fIstringcount\fP, const char *\fIstringname\fP,"
+.B "     const char **\fIstringptr\fP);"
+.sp
+.B int pcre16_get_named_substring(const pcre16 *\fIcode\fP,
+.B "     PCRE_SPTR16 \fIsubject\fP, int *\fIovector\fP,"
+.B "     int \fIstringcount\fP, PCRE_SPTR16 \fIstringname\fP,"
+.B "     PCRE_SPTR16 *\fIstringptr\fP);"
+.sp
+.B int pcre32_get_named_substring(const pcre32 *\fIcode\fP,
+.B "     PCRE_SPTR32 \fIsubject\fP, int *\fIovector\fP,"
+.B "     int \fIstringcount\fP, PCRE_SPTR32 \fIstringname\fP,"
+.B "     PCRE_SPTR32 *\fIstringptr\fP);"
+.fi
+.
+.SH DESCRIPTION
+.rs
+.sp
+This is a convenience function for extracting a captured substring by name. The
+arguments are:
+.sp
+  \fIcode\fP          Compiled pattern
+  \fIsubject\fP       Subject that has been successfully matched
+  \fIovector\fP       Offset vector that \fBpcre[16|32]_exec()\fP used
+  \fIstringcount\fP   Value returned by \fBpcre[16|32]_exec()\fP
+  \fIstringname\fP    Name of the required substring
+  \fIstringptr\fP     Where to put the string pointer
+.sp
+The memory in which the substring is placed is obtained by calling
+\fBpcre[16|32]_malloc()\fP. The convenience function
+\fBpcre[16|32]_free_substring()\fP can be used to free it when it is no longer
+needed. The yield of the function is the length of the extracted substring,
+PCRE_ERROR_NOMEMORY if sufficient memory could not be obtained, or
+PCRE_ERROR_NOSUBSTRING if the string name is invalid.
+.P
+There is a complete description of the PCRE native API in the
+.\" HREF
+\fBpcreapi\fP
+.\"
+page and a description of the POSIX API in the
+.\" HREF
+\fBpcreposix\fP
+.\"
+page.
diff --git a/client/3rd/ShadowSocks/ShadowSocks/pcre/armv7/share/man/man3/pcre_get_stringnumber.3 b/client/3rd/ShadowSocks/ShadowSocks/pcre/armv7/share/man/man3/pcre_get_stringnumber.3
new file mode 100644
index 00000000..9fc5291d
--- /dev/null
+++ b/client/3rd/ShadowSocks/ShadowSocks/pcre/armv7/share/man/man3/pcre_get_stringnumber.3
@@ -0,0 +1,43 @@
+.TH PCRE_GET_STRINGNUMBER 3 "24 June 2012" "PCRE 8.30"
+.SH NAME
+PCRE - Perl-compatible regular expressions
+.SH SYNOPSIS
+.rs
+.sp
+.B #include <pcre.h>
+.PP
+.nf
+.B int pcre_get_stringnumber(const pcre *\fIcode\fP,
+.B "     const char *\fIname\fP);"
+.sp
+.B int pcre16_get_stringnumber(const pcre16 *\fIcode\fP,
+.B "     PCRE_SPTR16 \fIname\fP);"
+.sp
+.B int pcre32_get_stringnumber(const pcre32 *\fIcode\fP,
+.B "     PCRE_SPTR32 \fIname\fP);"
+.fi
+.
+.SH DESCRIPTION
+.rs
+.sp
+This convenience function finds the number of a named substring capturing
+parenthesis in a compiled pattern. Its arguments are:
+.sp
+  \fIcode\fP    Compiled regular expression
+  \fIname\fP    Name whose number is required
+.sp
+The yield of the function is the number of the parenthesis if the name is
+found, or PCRE_ERROR_NOSUBSTRING otherwise. When duplicate names are allowed
+(PCRE_DUPNAMES is set), it is not defined which of the numbers is returned by
+\fBpcre[16|32]_get_stringnumber()\fP. You can obtain the complete list by calling
+\fBpcre[16|32]_get_stringtable_entries()\fP.
+.P
+There is a complete description of the PCRE native API in the
+.\" HREF
+\fBpcreapi\fP
+.\"
+page and a description of the POSIX API in the
+.\" HREF
+\fBpcreposix\fP
+.\"
+page.
diff --git a/client/3rd/ShadowSocks/ShadowSocks/pcre/armv7/share/man/man3/pcre_get_stringtable_entries.3 b/client/3rd/ShadowSocks/ShadowSocks/pcre/armv7/share/man/man3/pcre_get_stringtable_entries.3
new file mode 100644
index 00000000..5c58c90c
--- /dev/null
+++ b/client/3rd/ShadowSocks/ShadowSocks/pcre/armv7/share/man/man3/pcre_get_stringtable_entries.3
@@ -0,0 +1,46 @@
+.TH PCRE_GET_STRINGTABLE_ENTRIES 3 "24 June 2012" "PCRE 8.30"
+.SH NAME
+PCRE - Perl-compatible regular expressions
+.SH SYNOPSIS
+.rs
+.sp
+.B #include <pcre.h>
+.PP
+.nf
+.B int pcre_get_stringtable_entries(const pcre *\fIcode\fP,
+.B "     const char *\fIname\fP, char **\fIfirst\fP, char **\fIlast\fP);"
+.sp
+.B int pcre16_get_stringtable_entries(const pcre16 *\fIcode\fP,
+.B "     PCRE_SPTR16 \fIname\fP, PCRE_UCHAR16 **\fIfirst\fP, PCRE_UCHAR16 **\fIlast\fP);"
+.sp
+.B int pcre32_get_stringtable_entries(const pcre32 *\fIcode\fP,
+.B "     PCRE_SPTR32 \fIname\fP, PCRE_UCHAR32 **\fIfirst\fP, PCRE_UCHAR32 **\fIlast\fP);"
+.fi
+.
+.SH DESCRIPTION
+.rs
+.sp
+This convenience function finds, for a compiled pattern, the first and last
+entries for a given name in the table that translates capturing parenthesis
+names into numbers. When names are required to be unique (PCRE_DUPNAMES is
+\fInot\fP set), it is usually easier to use \fBpcre[16|32]_get_stringnumber()\fP
+instead.
+.sp
+  \fIcode\fP    Compiled regular expression
+  \fIname\fP    Name whose entries required
+  \fIfirst\fP   Where to return a pointer to the first entry
+  \fIlast\fP    Where to return a pointer to the last entry
+.sp
+The yield of the function is the length of each entry, or
+PCRE_ERROR_NOSUBSTRING if none are found.
+.P
+There is a complete description of the PCRE native API, including the format of
+the table entries, in the
+.\" HREF
+\fBpcreapi\fP
+.\"
+page, and a description of the POSIX API in the
+.\" HREF
+\fBpcreposix\fP
+.\"
+page.
diff --git a/client/3rd/ShadowSocks/ShadowSocks/pcre/armv7/share/man/man3/pcre_get_substring.3 b/client/3rd/ShadowSocks/ShadowSocks/pcre/armv7/share/man/man3/pcre_get_substring.3
new file mode 100644
index 00000000..1e62b2c0
--- /dev/null
+++ b/client/3rd/ShadowSocks/ShadowSocks/pcre/armv7/share/man/man3/pcre_get_substring.3
@@ -0,0 +1,50 @@
+.TH PCRE_GET_SUBSTRING 3 "24 June 2012" "PCRE 8.30"
+.SH NAME
+PCRE - Perl-compatible regular expressions
+.SH SYNOPSIS
+.rs
+.sp
+.B #include <pcre.h>
+.PP
+.nf
+.B int pcre_get_substring(const char *\fIsubject\fP, int *\fIovector\fP,
+.B "     int \fIstringcount\fP, int \fIstringnumber\fP,"
+.B "     const char **\fIstringptr\fP);"
+.sp
+.B int pcre16_get_substring(PCRE_SPTR16 \fIsubject\fP, int *\fIovector\fP,
+.B "     int \fIstringcount\fP, int \fIstringnumber\fP,"
+.B "     PCRE_SPTR16 *\fIstringptr\fP);"
+.sp
+.B int pcre32_get_substring(PCRE_SPTR32 \fIsubject\fP, int *\fIovector\fP,
+.B "     int \fIstringcount\fP, int \fIstringnumber\fP,"
+.B "     PCRE_SPTR32 *\fIstringptr\fP);"
+.fi
+.
+.SH DESCRIPTION
+.rs
+.sp
+This is a convenience function for extracting a captured substring. The
+arguments are:
+.sp
+  \fIsubject\fP       Subject that has been successfully matched
+  \fIovector\fP       Offset vector that \fBpcre[16|32]_exec()\fP used
+  \fIstringcount\fP   Value returned by \fBpcre[16|32]_exec()\fP
+  \fIstringnumber\fP  Number of the required substring
+  \fIstringptr\fP     Where to put the string pointer
+.sp
+The memory in which the substring is placed is obtained by calling
+\fBpcre[16|32]_malloc()\fP. The convenience function
+\fBpcre[16|32]_free_substring()\fP can be used to free it when it is no longer
+needed. The yield of the function is the length of the substring,
+PCRE_ERROR_NOMEMORY if sufficient memory could not be obtained, or
+PCRE_ERROR_NOSUBSTRING if the string number is invalid.
+.P
+There is a complete description of the PCRE native API in the
+.\" HREF
+\fBpcreapi\fP
+.\"
+page and a description of the POSIX API in the
+.\" HREF
+\fBpcreposix\fP
+.\"
+page.
diff --git a/client/3rd/ShadowSocks/ShadowSocks/pcre/armv7/share/man/man3/pcre_get_substring_list.3 b/client/3rd/ShadowSocks/ShadowSocks/pcre/armv7/share/man/man3/pcre_get_substring_list.3
new file mode 100644
index 00000000..511a4a39
--- /dev/null
+++ b/client/3rd/ShadowSocks/ShadowSocks/pcre/armv7/share/man/man3/pcre_get_substring_list.3
@@ -0,0 +1,47 @@
+.TH PCRE_GET_SUBSTRING_LIST 3 "24 June 2012" "PCRE 8.30"
+.SH NAME
+PCRE - Perl-compatible regular expressions
+.SH SYNOPSIS
+.rs
+.sp
+.B #include <pcre.h>
+.PP
+.nf
+.B int pcre_get_substring_list(const char *\fIsubject\fP,
+.B "     int *\fIovector\fP, int \fIstringcount\fP, const char ***\fIlistptr\fP);"
+.sp
+.B int pcre16_get_substring_list(PCRE_SPTR16 \fIsubject\fP,
+.B "     int *\fIovector\fP, int \fIstringcount\fP, PCRE_SPTR16 **\fIlistptr\fP);"
+.sp
+.B int pcre32_get_substring_list(PCRE_SPTR32 \fIsubject\fP,
+.B "     int *\fIovector\fP, int \fIstringcount\fP, PCRE_SPTR32 **\fIlistptr\fP);"
+.fi
+.
+.SH DESCRIPTION
+.rs
+.sp
+This is a convenience function for extracting a list of all the captured
+substrings. The arguments are:
+.sp
+  \fIsubject\fP       Subject that has been successfully matched
+  \fIovector\fP       Offset vector that \fBpcre[16|32]_exec\fP used
+  \fIstringcount\fP   Value returned by \fBpcre[16|32]_exec\fP
+  \fIlistptr\fP       Where to put a pointer to the list
+.sp
+The memory in which the substrings and the list are placed is obtained by
+calling \fBpcre[16|32]_malloc()\fP. The convenience function
+\fBpcre[16|32]_free_substring_list()\fP can be used to free it when it is no
+longer needed. A pointer to a list of pointers is put in the variable whose
+address is in \fIlistptr\fP. The list is terminated by a NULL pointer. The
+yield of the function is zero on success or PCRE_ERROR_NOMEMORY if sufficient
+memory could not be obtained.
+.P
+There is a complete description of the PCRE native API in the
+.\" HREF
+\fBpcreapi\fP
+.\"
+page and a description of the POSIX API in the
+.\" HREF
+\fBpcreposix\fP
+.\"
+page.
diff --git a/client/3rd/ShadowSocks/ShadowSocks/pcre/armv7/share/man/man3/pcre_jit_exec.3 b/client/3rd/ShadowSocks/ShadowSocks/pcre/armv7/share/man/man3/pcre_jit_exec.3
new file mode 100644
index 00000000..ba851681
--- /dev/null
+++ b/client/3rd/ShadowSocks/ShadowSocks/pcre/armv7/share/man/man3/pcre_jit_exec.3
@@ -0,0 +1,96 @@
+.TH PCRE_EXEC 3 "31 October 2012" "PCRE 8.30"
+.SH NAME
+PCRE - Perl-compatible regular expressions
+.SH SYNOPSIS
+.rs
+.sp
+.B #include <pcre.h>
+.PP
+.nf
+.B int pcre_jit_exec(const pcre *\fIcode\fP, "const pcre_extra *\fIextra\fP,"
+.B "     const char *\fIsubject\fP, int \fIlength\fP, int \fIstartoffset\fP,"
+.B "     int \fIoptions\fP, int *\fIovector\fP, int \fIovecsize\fP,"
+.B "     pcre_jit_stack *\fIjstack\fP);"
+.sp
+.B int pcre16_jit_exec(const pcre16 *\fIcode\fP, "const pcre16_extra *\fIextra\fP,"
+.B "     PCRE_SPTR16 \fIsubject\fP, int \fIlength\fP, int \fIstartoffset\fP,"
+.B "     int \fIoptions\fP, int *\fIovector\fP, int \fIovecsize\fP,"
+.B "     pcre_jit_stack *\fIjstack\fP);"
+.sp
+.B int pcre32_jit_exec(const pcre32 *\fIcode\fP, "const pcre32_extra *\fIextra\fP,"
+.B "     PCRE_SPTR32 \fIsubject\fP, int \fIlength\fP, int \fIstartoffset\fP,"
+.B "     int \fIoptions\fP, int *\fIovector\fP, int \fIovecsize\fP,"
+.B "     pcre_jit_stack *\fIjstack\fP);"
+.fi
+.
+.SH DESCRIPTION
+.rs
+.sp
+This function matches a compiled regular expression that has been successfully
+studied with one of the JIT options against a given subject string, using a
+matching algorithm that is similar to Perl's. It is a "fast path" interface to
+JIT, and it bypasses some of the sanity checks that \fBpcre_exec()\fP applies.
+It returns offsets to captured substrings. Its arguments are:
+.sp
+  \fIcode\fP         Points to the compiled pattern
+  \fIextra\fP        Points to an associated \fBpcre[16|32]_extra\fP structure,
+                 or is NULL
+  \fIsubject\fP      Points to the subject string
+  \fIlength\fP       Length of the subject string, in bytes
+  \fIstartoffset\fP  Offset in bytes in the subject at which to
+                 start matching
+  \fIoptions\fP      Option bits
+  \fIovector\fP      Points to a vector of ints for result offsets
+  \fIovecsize\fP     Number of elements in the vector (a multiple of 3)
+  \fIjstack\fP       Pointer to a JIT stack
+.sp
+The allowed options are:
+.sp
+  PCRE_NOTBOL            Subject string is not the beginning of a line
+  PCRE_NOTEOL            Subject string is not the end of a line
+  PCRE_NOTEMPTY          An empty string is not a valid match
+  PCRE_NOTEMPTY_ATSTART  An empty string at the start of the subject
+                           is not a valid match
+  PCRE_NO_UTF16_CHECK    Do not check the subject for UTF-16
+                           validity (only relevant if PCRE_UTF16
+                           was set at compile time)
+  PCRE_NO_UTF32_CHECK    Do not check the subject for UTF-32
+                           validity (only relevant if PCRE_UTF32
+                           was set at compile time)
+  PCRE_NO_UTF8_CHECK     Do not check the subject for UTF-8
+                           validity (only relevant if PCRE_UTF8
+                           was set at compile time)
+  PCRE_PARTIAL           ) Return PCRE_ERROR_PARTIAL for a partial
+  PCRE_PARTIAL_SOFT      )   match if no full matches are found
+  PCRE_PARTIAL_HARD      Return PCRE_ERROR_PARTIAL for a partial match
+                           if that is found before a full match
+.sp
+However, the PCRE_NO_UTF[8|16|32]_CHECK options have no effect, as this check
+is never applied. For details of partial matching, see the
+.\" HREF
+\fBpcrepartial\fP
+.\"
+page. A \fBpcre_extra\fP structure contains the following fields:
+.sp
+  \fIflags\fP            Bits indicating which fields are set
+  \fIstudy_data\fP       Opaque data from \fBpcre[16|32]_study()\fP
+  \fImatch_limit\fP      Limit on internal resource use
+  \fImatch_limit_recursion\fP  Limit on internal recursion depth
+  \fIcallout_data\fP     Opaque data passed back to callouts
+  \fItables\fP           Points to character tables or is NULL
+  \fImark\fP             For passing back a *MARK pointer
+  \fIexecutable_jit\fP   Opaque data from JIT compilation
+.sp
+The flag bits are PCRE_EXTRA_STUDY_DATA, PCRE_EXTRA_MATCH_LIMIT,
+PCRE_EXTRA_MATCH_LIMIT_RECURSION, PCRE_EXTRA_CALLOUT_DATA,
+PCRE_EXTRA_TABLES, PCRE_EXTRA_MARK and PCRE_EXTRA_EXECUTABLE_JIT.
+.P
+There is a complete description of the PCRE native API in the
+.\" HREF
+\fBpcreapi\fP
+.\"
+page and a description of the JIT API in the
+.\" HREF
+\fBpcrejit\fP
+.\"
+page.
diff --git a/client/3rd/ShadowSocks/ShadowSocks/pcre/armv7/share/man/man3/pcre_jit_stack_alloc.3 b/client/3rd/ShadowSocks/ShadowSocks/pcre/armv7/share/man/man3/pcre_jit_stack_alloc.3
new file mode 100644
index 00000000..11c97a0f
--- /dev/null
+++ b/client/3rd/ShadowSocks/ShadowSocks/pcre/armv7/share/man/man3/pcre_jit_stack_alloc.3
@@ -0,0 +1,43 @@
+.TH PCRE_JIT_STACK_ALLOC 3 "24 June 2012" "PCRE 8.30"
+.SH NAME
+PCRE - Perl-compatible regular expressions
+.SH SYNOPSIS
+.rs
+.sp
+.B #include <pcre.h>
+.PP
+.nf
+.B pcre_jit_stack *pcre_jit_stack_alloc(int \fIstartsize\fP,
+.B "     int \fImaxsize\fP);"
+.sp
+.B pcre16_jit_stack *pcre16_jit_stack_alloc(int \fIstartsize\fP,
+.B "     int \fImaxsize\fP);"
+.sp
+.B pcre32_jit_stack *pcre32_jit_stack_alloc(int \fIstartsize\fP,
+.B "     int \fImaxsize\fP);"
+.fi
+.
+.SH DESCRIPTION
+.rs
+.sp
+This function is used to create a stack for use by the code compiled by the JIT
+optimization of \fBpcre[16|32]_study()\fP. The arguments are a starting size for
+the stack, and a maximum size to which it is allowed to grow. The result can be
+passed to the JIT run-time code by \fBpcre[16|32]_assign_jit_stack()\fP, or that
+function can set up a callback for obtaining a stack. A maximum stack size of
+512K to 1M should be more than enough for any pattern. For more details, see
+the
+.\" HREF
+\fBpcrejit\fP
+.\"
+page.
+.P
+There is a complete description of the PCRE native API in the
+.\" HREF
+\fBpcreapi\fP
+.\"
+page and a description of the POSIX API in the
+.\" HREF
+\fBpcreposix\fP
+.\"
+page.
diff --git a/client/3rd/ShadowSocks/ShadowSocks/pcre/armv7/share/man/man3/pcre_jit_stack_free.3 b/client/3rd/ShadowSocks/ShadowSocks/pcre/armv7/share/man/man3/pcre_jit_stack_free.3
new file mode 100644
index 00000000..494724e8
--- /dev/null
+++ b/client/3rd/ShadowSocks/ShadowSocks/pcre/armv7/share/man/man3/pcre_jit_stack_free.3
@@ -0,0 +1,35 @@
+.TH PCRE_JIT_STACK_FREE 3 "24 June 2012" "PCRE 8.30"
+.SH NAME
+PCRE - Perl-compatible regular expressions
+.SH SYNOPSIS
+.rs
+.sp
+.B #include <pcre.h>
+.PP
+.SM
+.B void pcre_jit_stack_free(pcre_jit_stack *\fIstack\fP);
+.PP
+.B void pcre16_jit_stack_free(pcre16_jit_stack *\fIstack\fP);
+.PP
+.B void pcre32_jit_stack_free(pcre32_jit_stack *\fIstack\fP);
+.
+.SH DESCRIPTION
+.rs
+.sp
+This function is used to free a JIT stack that was created by
+\fBpcre[16|32]_jit_stack_alloc()\fP when it is no longer needed. For more details,
+see the
+.\" HREF
+\fBpcrejit\fP
+.\"
+page.
+.P
+There is a complete description of the PCRE native API in the
+.\" HREF
+\fBpcreapi\fP
+.\"
+page and a description of the POSIX API in the
+.\" HREF
+\fBpcreposix\fP
+.\"
+page.
diff --git a/client/3rd/ShadowSocks/ShadowSocks/pcre/armv7/share/man/man3/pcre_maketables.3 b/client/3rd/ShadowSocks/ShadowSocks/pcre/armv7/share/man/man3/pcre_maketables.3
new file mode 100644
index 00000000..b2c3d23a
--- /dev/null
+++ b/client/3rd/ShadowSocks/ShadowSocks/pcre/armv7/share/man/man3/pcre_maketables.3
@@ -0,0 +1,33 @@
+.TH PCRE_MAKETABLES 3 "24 June 2012" "PCRE 8.30"
+.SH NAME
+PCRE - Perl-compatible regular expressions
+.SH SYNOPSIS
+.rs
+.sp
+.B #include <pcre.h>
+.PP
+.SM
+.B const unsigned char *pcre_maketables(void);
+.PP
+.B const unsigned char *pcre16_maketables(void);
+.PP
+.B const unsigned char *pcre32_maketables(void);
+.
+.SH DESCRIPTION
+.rs
+.sp
+This function builds a set of character tables for character values less than
+256. These can be passed to \fBpcre[16|32]_compile()\fP to override PCRE's
+internal, built-in tables (which were made by \fBpcre[16|32]_maketables()\fP when
+PCRE was compiled). You might want to do this if you are using a non-standard
+locale. The function yields a pointer to the tables.
+.P
+There is a complete description of the PCRE native API in the
+.\" HREF
+\fBpcreapi\fP
+.\"
+page and a description of the POSIX API in the
+.\" HREF
+\fBpcreposix\fP
+.\"
+page.
diff --git a/client/3rd/ShadowSocks/ShadowSocks/pcre/armv7/share/man/man3/pcre_pattern_to_host_byte_order.3 b/client/3rd/ShadowSocks/ShadowSocks/pcre/armv7/share/man/man3/pcre_pattern_to_host_byte_order.3
new file mode 100644
index 00000000..b0c41c38
--- /dev/null
+++ b/client/3rd/ShadowSocks/ShadowSocks/pcre/armv7/share/man/man3/pcre_pattern_to_host_byte_order.3
@@ -0,0 +1,44 @@
+.TH PCRE_PATTERN_TO_HOST_BYTE_ORDER 3 "24 June 2012" "PCRE 8.30"
+.SH NAME
+PCRE - Perl-compatible regular expressions
+.SH SYNOPSIS
+.rs
+.sp
+.B #include <pcre.h>
+.PP
+.nf
+.B int pcre_pattern_to_host_byte_order(pcre *\fIcode\fP,
+.B "     pcre_extra *\fIextra\fP, const unsigned char *\fItables\fP);"
+.sp
+.B int pcre16_pattern_to_host_byte_order(pcre16 *\fIcode\fP,
+.B "     pcre16_extra *\fIextra\fP, const unsigned char *\fItables\fP);"
+.sp
+.B int pcre32_pattern_to_host_byte_order(pcre32 *\fIcode\fP,
+.B "     pcre32_extra *\fIextra\fP, const unsigned char *\fItables\fP);"
+.fi
+.
+.SH DESCRIPTION
+.rs
+.sp
+This function ensures that the bytes in 2-byte and 4-byte values in a compiled
+pattern are in the correct order for the current host. It is useful when a
+pattern that has been compiled on one host is transferred to another that might
+have different endianness. The arguments are:
+.sp
+  \fIcode\fP         A compiled regular expression
+  \fIextra\fP        Points to an associated \fBpcre[16|32]_extra\fP structure,
+                 or is NULL
+  \fItables\fP       Pointer to character tables, or NULL to
+                 set the built-in default
+.sp
+The result is 0 for success, a negative PCRE_ERROR_xxx value otherwise.
+.P
+There is a complete description of the PCRE native API in the
+.\" HREF
+\fBpcreapi\fP
+.\"
+page and a description of the POSIX API in the
+.\" HREF
+\fBpcreposix\fP
+.\"
+page.
diff --git a/client/3rd/ShadowSocks/ShadowSocks/pcre/armv7/share/man/man3/pcre_refcount.3 b/client/3rd/ShadowSocks/ShadowSocks/pcre/armv7/share/man/man3/pcre_refcount.3
new file mode 100644
index 00000000..45a41fef
--- /dev/null
+++ b/client/3rd/ShadowSocks/ShadowSocks/pcre/armv7/share/man/man3/pcre_refcount.3
@@ -0,0 +1,36 @@
+.TH PCRE_REFCOUNT 3 "24 June 2012" "PCRE 8.30"
+.SH NAME
+PCRE - Perl-compatible regular expressions
+.SH SYNOPSIS
+.rs
+.sp
+.B #include <pcre.h>
+.PP
+.SM
+.B int pcre_refcount(pcre *\fIcode\fP, int \fIadjust\fP);
+.PP
+.B int pcre16_refcount(pcre16 *\fIcode\fP, int \fIadjust\fP);
+.PP
+.B int pcre32_refcount(pcre32 *\fIcode\fP, int \fIadjust\fP);
+.
+.SH DESCRIPTION
+.rs
+.sp
+This function is used to maintain a reference count inside a data block that
+contains a compiled pattern. Its arguments are:
+.sp
+  \fIcode\fP                      Compiled regular expression
+  \fIadjust\fP                    Adjustment to reference value
+.sp
+The yield of the function is the adjusted reference value, which is constrained
+to lie between 0 and 65535.
+.P
+There is a complete description of the PCRE native API in the
+.\" HREF
+\fBpcreapi\fP
+.\"
+page and a description of the POSIX API in the
+.\" HREF
+\fBpcreposix\fP
+.\"
+page.
diff --git a/client/3rd/ShadowSocks/ShadowSocks/pcre/armv7/share/man/man3/pcre_study.3 b/client/3rd/ShadowSocks/ShadowSocks/pcre/armv7/share/man/man3/pcre_study.3
new file mode 100644
index 00000000..1200e0a6
--- /dev/null
+++ b/client/3rd/ShadowSocks/ShadowSocks/pcre/armv7/share/man/man3/pcre_study.3
@@ -0,0 +1,54 @@
+.TH PCRE_STUDY 3 " 24 June 2012" "PCRE 8.30"
+.SH NAME
+PCRE - Perl-compatible regular expressions
+.SH SYNOPSIS
+.rs
+.sp
+.B #include <pcre.h>
+.PP
+.nf
+.B pcre_extra *pcre_study(const pcre *\fIcode\fP, int \fIoptions\fP,
+.B "     const char **\fIerrptr\fP);"
+.sp
+.B pcre16_extra *pcre16_study(const pcre16 *\fIcode\fP, int \fIoptions\fP,
+.B "     const char **\fIerrptr\fP);"
+.sp
+.B pcre32_extra *pcre32_study(const pcre32 *\fIcode\fP, int \fIoptions\fP,
+.B "     const char **\fIerrptr\fP);"
+.fi
+.
+.SH DESCRIPTION
+.rs
+.sp
+This function studies a compiled pattern, to see if additional information can
+be extracted that might speed up matching. Its arguments are:
+.sp
+  \fIcode\fP       A compiled regular expression
+  \fIoptions\fP    Options for \fBpcre[16|32]_study()\fP
+  \fIerrptr\fP     Where to put an error message
+.sp
+If the function succeeds, it returns a value that can be passed to
+\fBpcre[16|32]_exec()\fP or \fBpcre[16|32]_dfa_exec()\fP via their \fIextra\fP
+arguments.
+.P
+If the function returns NULL, either it could not find any additional
+information, or there was an error. You can tell the difference by looking at
+the error value. It is NULL in first case.
+.P
+The only option is PCRE_STUDY_JIT_COMPILE. It requests just-in-time compilation
+if possible. If PCRE has been compiled without JIT support, this option is
+ignored. See the
+.\" HREF
+\fBpcrejit\fP
+.\"
+page for further details.
+.P
+There is a complete description of the PCRE native API in the
+.\" HREF
+\fBpcreapi\fP
+.\"
+page and a description of the POSIX API in the
+.\" HREF
+\fBpcreposix\fP
+.\"
+page.
diff --git a/client/3rd/ShadowSocks/ShadowSocks/pcre/armv7/share/man/man3/pcre_utf16_to_host_byte_order.3 b/client/3rd/ShadowSocks/ShadowSocks/pcre/armv7/share/man/man3/pcre_utf16_to_host_byte_order.3
new file mode 100644
index 00000000..1851b619
--- /dev/null
+++ b/client/3rd/ShadowSocks/ShadowSocks/pcre/armv7/share/man/man3/pcre_utf16_to_host_byte_order.3
@@ -0,0 +1,45 @@
+.TH PCRE_UTF16_TO_HOST_BYTE_ORDER 3 "21 January 2012" "PCRE 8.30"
+.SH NAME
+PCRE - Perl-compatible regular expressions
+.SH SYNOPSIS
+.rs
+.sp
+.B #include <pcre.h>
+.PP
+.nf
+.B int pcre16_utf16_to_host_byte_order(PCRE_UCHAR16 *\fIoutput\fP,
+.B "     PCRE_SPTR16 \fIinput\fP, int \fIlength\fP, int *\fIhost_byte_order\fP,"
+.B "     int \fIkeep_boms\fP);"
+.fi
+.
+.
+.SH DESCRIPTION
+.rs
+.sp
+This function, which exists only in the 16-bit library, converts a UTF-16
+string to the correct order for the current host, taking account of any byte
+order marks (BOMs) within the string. Its arguments are:
+.sp
+  \fIoutput\fP           pointer to output buffer, may be the same as \fIinput\fP
+  \fIinput\fP            pointer to input buffer
+  \fIlength\fP           number of 16-bit units in the input, or negative for
+                     a zero-terminated string
+  \fIhost_byte_order\fP  a NULL value or a non-zero value pointed to means
+                     start in host byte order
+  \fIkeep_boms\fP        if non-zero, BOMs are copied to the output string
+.sp
+The result of the function is the number of 16-bit units placed into the output
+buffer, including the zero terminator if the string was zero-terminated.
+.P
+If \fIhost_byte_order\fP is not NULL, it is set to indicate the byte order that
+is current at the end of the string.
+.P
+There is a complete description of the PCRE native API in the
+.\" HREF
+\fBpcreapi\fP
+.\"
+page and a description of the POSIX API in the
+.\" HREF
+\fBpcreposix\fP
+.\"
+page.
diff --git a/client/3rd/ShadowSocks/ShadowSocks/pcre/armv7/share/man/man3/pcre_utf32_to_host_byte_order.3 b/client/3rd/ShadowSocks/ShadowSocks/pcre/armv7/share/man/man3/pcre_utf32_to_host_byte_order.3
new file mode 100644
index 00000000..a415dcf5
--- /dev/null
+++ b/client/3rd/ShadowSocks/ShadowSocks/pcre/armv7/share/man/man3/pcre_utf32_to_host_byte_order.3
@@ -0,0 +1,45 @@
+.TH PCRE_UTF32_TO_HOST_BYTE_ORDER 3 "24 June 2012" "PCRE 8.30"
+.SH NAME
+PCRE - Perl-compatible regular expressions
+.SH SYNOPSIS
+.rs
+.sp
+.B #include <pcre.h>
+.PP
+.nf
+.B int pcre32_utf32_to_host_byte_order(PCRE_UCHAR32 *\fIoutput\fP,
+.B "     PCRE_SPTR32 \fIinput\fP, int \fIlength\fP, int *\fIhost_byte_order\fP,"
+.B "     int \fIkeep_boms\fP);"
+.fi
+.
+.
+.SH DESCRIPTION
+.rs
+.sp
+This function, which exists only in the 32-bit library, converts a UTF-32
+string to the correct order for the current host, taking account of any byte
+order marks (BOMs) within the string. Its arguments are:
+.sp
+  \fIoutput\fP           pointer to output buffer, may be the same as \fIinput\fP
+  \fIinput\fP            pointer to input buffer
+  \fIlength\fP           number of 32-bit units in the input, or negative for
+                     a zero-terminated string
+  \fIhost_byte_order\fP  a NULL value or a non-zero value pointed to means
+                     start in host byte order
+  \fIkeep_boms\fP        if non-zero, BOMs are copied to the output string
+.sp
+The result of the function is the number of 32-bit units placed into the output
+buffer, including the zero terminator if the string was zero-terminated.
+.P
+If \fIhost_byte_order\fP is not NULL, it is set to indicate the byte order that
+is current at the end of the string.
+.P
+There is a complete description of the PCRE native API in the
+.\" HREF
+\fBpcreapi\fP
+.\"
+page and a description of the POSIX API in the
+.\" HREF
+\fBpcreposix\fP
+.\"
+page.
diff --git a/client/3rd/ShadowSocks/ShadowSocks/pcre/armv7/share/man/man3/pcre_version.3 b/client/3rd/ShadowSocks/ShadowSocks/pcre/armv7/share/man/man3/pcre_version.3
new file mode 100644
index 00000000..0f4973f9
--- /dev/null
+++ b/client/3rd/ShadowSocks/ShadowSocks/pcre/armv7/share/man/man3/pcre_version.3
@@ -0,0 +1,31 @@
+.TH PCRE_VERSION 3 "24 June 2012" "PCRE 8.30"
+.SH NAME
+PCRE - Perl-compatible regular expressions
+.SH SYNOPSIS
+.rs
+.sp
+.B #include <pcre.h>
+.PP
+.SM
+.B const char *pcre_version(void);
+.PP
+.B const char *pcre16_version(void);
+.PP
+.B const char *pcre32_version(void);
+.
+.SH DESCRIPTION
+.rs
+.sp
+This function (even in the 16-bit and 32-bit libraries) returns a
+zero-terminated, 8-bit character string that gives the version number of the
+PCRE library and the date of its release.
+.P
+There is a complete description of the PCRE native API in the
+.\" HREF
+\fBpcreapi\fP
+.\"
+page and a description of the POSIX API in the
+.\" HREF
+\fBpcreposix\fP
+.\"
+page.
diff --git a/client/3rd/ShadowSocks/ShadowSocks/pcre/armv7/share/man/man3/pcreapi.3 b/client/3rd/ShadowSocks/ShadowSocks/pcre/armv7/share/man/man3/pcreapi.3
new file mode 100644
index 00000000..6e7c7c6e
--- /dev/null
+++ b/client/3rd/ShadowSocks/ShadowSocks/pcre/armv7/share/man/man3/pcreapi.3
@@ -0,0 +1,2918 @@
+.TH PCREAPI 3 "18 December 2015" "PCRE 8.39"
+.SH NAME
+PCRE - Perl-compatible regular expressions
+.sp
+.B #include <pcre.h>
+.
+.
+.SH "PCRE NATIVE API BASIC FUNCTIONS"
+.rs
+.sp
+.nf
+.B pcre *pcre_compile(const char *\fIpattern\fP, int \fIoptions\fP,
+.B "     const char **\fIerrptr\fP, int *\fIerroffset\fP,"
+.B "     const unsigned char *\fItableptr\fP);"
+.sp
+.B pcre *pcre_compile2(const char *\fIpattern\fP, int \fIoptions\fP,
+.B "     int *\fIerrorcodeptr\fP,"
+.B "     const char **\fIerrptr\fP, int *\fIerroffset\fP,"
+.B "     const unsigned char *\fItableptr\fP);"
+.sp
+.B pcre_extra *pcre_study(const pcre *\fIcode\fP, int \fIoptions\fP,
+.B "     const char **\fIerrptr\fP);"
+.sp
+.B void pcre_free_study(pcre_extra *\fIextra\fP);
+.sp
+.B int pcre_exec(const pcre *\fIcode\fP, "const pcre_extra *\fIextra\fP,"
+.B "     const char *\fIsubject\fP, int \fIlength\fP, int \fIstartoffset\fP,"
+.B "     int \fIoptions\fP, int *\fIovector\fP, int \fIovecsize\fP);"
+.sp
+.B int pcre_dfa_exec(const pcre *\fIcode\fP, "const pcre_extra *\fIextra\fP,"
+.B "     const char *\fIsubject\fP, int \fIlength\fP, int \fIstartoffset\fP,"
+.B "     int \fIoptions\fP, int *\fIovector\fP, int \fIovecsize\fP,"
+.B "     int *\fIworkspace\fP, int \fIwscount\fP);"
+.fi
+.
+.
+.SH "PCRE NATIVE API STRING EXTRACTION FUNCTIONS"
+.rs
+.sp
+.nf
+.B int pcre_copy_named_substring(const pcre *\fIcode\fP,
+.B "     const char *\fIsubject\fP, int *\fIovector\fP,"
+.B "     int \fIstringcount\fP, const char *\fIstringname\fP,"
+.B "     char *\fIbuffer\fP, int \fIbuffersize\fP);"
+.sp
+.B int pcre_copy_substring(const char *\fIsubject\fP, int *\fIovector\fP,
+.B "     int \fIstringcount\fP, int \fIstringnumber\fP, char *\fIbuffer\fP,"
+.B "     int \fIbuffersize\fP);"
+.sp
+.B int pcre_get_named_substring(const pcre *\fIcode\fP,
+.B "     const char *\fIsubject\fP, int *\fIovector\fP,"
+.B "     int \fIstringcount\fP, const char *\fIstringname\fP,"
+.B "     const char **\fIstringptr\fP);"
+.sp
+.B int pcre_get_stringnumber(const pcre *\fIcode\fP,
+.B "     const char *\fIname\fP);"
+.sp
+.B int pcre_get_stringtable_entries(const pcre *\fIcode\fP,
+.B "     const char *\fIname\fP, char **\fIfirst\fP, char **\fIlast\fP);"
+.sp
+.B int pcre_get_substring(const char *\fIsubject\fP, int *\fIovector\fP,
+.B "     int \fIstringcount\fP, int \fIstringnumber\fP,"
+.B "     const char **\fIstringptr\fP);"
+.sp
+.B int pcre_get_substring_list(const char *\fIsubject\fP,
+.B "     int *\fIovector\fP, int \fIstringcount\fP, const char ***\fIlistptr\fP);"
+.sp
+.B void pcre_free_substring(const char *\fIstringptr\fP);
+.sp
+.B void pcre_free_substring_list(const char **\fIstringptr\fP);
+.fi
+.
+.
+.SH "PCRE NATIVE API AUXILIARY FUNCTIONS"
+.rs
+.sp
+.nf
+.B int pcre_jit_exec(const pcre *\fIcode\fP, "const pcre_extra *\fIextra\fP,"
+.B "     const char *\fIsubject\fP, int \fIlength\fP, int \fIstartoffset\fP,"
+.B "     int \fIoptions\fP, int *\fIovector\fP, int \fIovecsize\fP,"
+.B "     pcre_jit_stack *\fIjstack\fP);"
+.sp
+.B pcre_jit_stack *pcre_jit_stack_alloc(int \fIstartsize\fP, int \fImaxsize\fP);
+.sp
+.B void pcre_jit_stack_free(pcre_jit_stack *\fIstack\fP);
+.sp
+.B void pcre_assign_jit_stack(pcre_extra *\fIextra\fP,
+.B "     pcre_jit_callback \fIcallback\fP, void *\fIdata\fP);"
+.sp
+.B const unsigned char *pcre_maketables(void);
+.sp
+.B int pcre_fullinfo(const pcre *\fIcode\fP, "const pcre_extra *\fIextra\fP,"
+.B "     int \fIwhat\fP, void *\fIwhere\fP);"
+.sp
+.B int pcre_refcount(pcre *\fIcode\fP, int \fIadjust\fP);
+.sp
+.B int pcre_config(int \fIwhat\fP, void *\fIwhere\fP);
+.sp
+.B const char *pcre_version(void);
+.sp
+.B int pcre_pattern_to_host_byte_order(pcre *\fIcode\fP,
+.B "     pcre_extra *\fIextra\fP, const unsigned char *\fItables\fP);"
+.fi
+.
+.
+.SH "PCRE NATIVE API INDIRECTED FUNCTIONS"
+.rs
+.sp
+.nf
+.B void *(*pcre_malloc)(size_t);
+.sp
+.B void (*pcre_free)(void *);
+.sp
+.B void *(*pcre_stack_malloc)(size_t);
+.sp
+.B void (*pcre_stack_free)(void *);
+.sp
+.B int (*pcre_callout)(pcre_callout_block *);
+.sp
+.B int (*pcre_stack_guard)(void);
+.fi
+.
+.
+.SH "PCRE 8-BIT, 16-BIT, AND 32-BIT LIBRARIES"
+.rs
+.sp
+As well as support for 8-bit character strings, PCRE also supports 16-bit
+strings (from release 8.30) and 32-bit strings (from release 8.32), by means of
+two additional libraries. They can be built as well as, or instead of, the
+8-bit library. To avoid too much complication, this document describes the
+8-bit versions of the functions, with only occasional references to the 16-bit
+and 32-bit libraries.
+.P
+The 16-bit and 32-bit functions operate in the same way as their 8-bit
+counterparts; they just use different data types for their arguments and
+results, and their names start with \fBpcre16_\fP or \fBpcre32_\fP instead of
+\fBpcre_\fP. For every option that has UTF8 in its name (for example,
+PCRE_UTF8), there are corresponding 16-bit and 32-bit names with UTF8 replaced
+by UTF16 or UTF32, respectively. This facility is in fact just cosmetic; the
+16-bit and 32-bit option names define the same bit values.
+.P
+References to bytes and UTF-8 in this document should be read as references to
+16-bit data units and UTF-16 when using the 16-bit library, or 32-bit data
+units and UTF-32 when using the 32-bit library, unless specified otherwise.
+More details of the specific differences for the 16-bit and 32-bit libraries
+are given in the
+.\" HREF
+\fBpcre16\fP
+.\"
+and
+.\" HREF
+\fBpcre32\fP
+.\"
+pages.
+.
+.
+.SH "PCRE API OVERVIEW"
+.rs
+.sp
+PCRE has its own native API, which is described in this document. There are
+also some wrapper functions (for the 8-bit library only) that correspond to the
+POSIX regular expression API, but they do not give access to all the
+functionality. They are described in the
+.\" HREF
+\fBpcreposix\fP
+.\"
+documentation. Both of these APIs define a set of C function calls. A C++
+wrapper (again for the 8-bit library only) is also distributed with PCRE. It is
+documented in the
+.\" HREF
+\fBpcrecpp\fP
+.\"
+page.
+.P
+The native API C function prototypes are defined in the header file
+\fBpcre.h\fP, and on Unix-like systems the (8-bit) library itself is called
+\fBlibpcre\fP. It can normally be accessed by adding \fB-lpcre\fP to the
+command for linking an application that uses PCRE. The header file defines the
+macros PCRE_MAJOR and PCRE_MINOR to contain the major and minor release numbers
+for the library. Applications can use these to include support for different
+releases of PCRE.
+.P
+In a Windows environment, if you want to statically link an application program
+against a non-dll \fBpcre.a\fP file, you must define PCRE_STATIC before
+including \fBpcre.h\fP or \fBpcrecpp.h\fP, because otherwise the
+\fBpcre_malloc()\fP and \fBpcre_free()\fP exported functions will be declared
+\fB__declspec(dllimport)\fP, with unwanted results.
+.P
+The functions \fBpcre_compile()\fP, \fBpcre_compile2()\fP, \fBpcre_study()\fP,
+and \fBpcre_exec()\fP are used for compiling and matching regular expressions
+in a Perl-compatible manner. A sample program that demonstrates the simplest
+way of using them is provided in the file called \fIpcredemo.c\fP in the PCRE
+source distribution. A listing of this program is given in the
+.\" HREF
+\fBpcredemo\fP
+.\"
+documentation, and the
+.\" HREF
+\fBpcresample\fP
+.\"
+documentation describes how to compile and run it.
+.P
+Just-in-time compiler support is an optional feature of PCRE that can be built
+in appropriate hardware environments. It greatly speeds up the matching
+performance of many patterns. Simple programs can easily request that it be
+used if available, by setting an option that is ignored when it is not
+relevant. More complicated programs might need to make use of the functions
+\fBpcre_jit_stack_alloc()\fP, \fBpcre_jit_stack_free()\fP, and
+\fBpcre_assign_jit_stack()\fP in order to control the JIT code's memory usage.
+.P
+From release 8.32 there is also a direct interface for JIT execution, which
+gives improved performance. The JIT-specific functions are discussed in the
+.\" HREF
+\fBpcrejit\fP
+.\"
+documentation.
+.P
+A second matching function, \fBpcre_dfa_exec()\fP, which is not
+Perl-compatible, is also provided. This uses a different algorithm for the
+matching. The alternative algorithm finds all possible matches (at a given
+point in the subject), and scans the subject just once (unless there are
+lookbehind assertions). However, this algorithm does not return captured
+substrings. A description of the two matching algorithms and their advantages
+and disadvantages is given in the
+.\" HREF
+\fBpcrematching\fP
+.\"
+documentation.
+.P
+In addition to the main compiling and matching functions, there are convenience
+functions for extracting captured substrings from a subject string that is
+matched by \fBpcre_exec()\fP. They are:
+.sp
+  \fBpcre_copy_substring()\fP
+  \fBpcre_copy_named_substring()\fP
+  \fBpcre_get_substring()\fP
+  \fBpcre_get_named_substring()\fP
+  \fBpcre_get_substring_list()\fP
+  \fBpcre_get_stringnumber()\fP
+  \fBpcre_get_stringtable_entries()\fP
+.sp
+\fBpcre_free_substring()\fP and \fBpcre_free_substring_list()\fP are also
+provided, to free the memory used for extracted strings.
+.P
+The function \fBpcre_maketables()\fP is used to build a set of character tables
+in the current locale for passing to \fBpcre_compile()\fP, \fBpcre_exec()\fP,
+or \fBpcre_dfa_exec()\fP. This is an optional facility that is provided for
+specialist use. Most commonly, no special tables are passed, in which case
+internal tables that are generated when PCRE is built are used.
+.P
+The function \fBpcre_fullinfo()\fP is used to find out information about a
+compiled pattern. The function \fBpcre_version()\fP returns a pointer to a
+string containing the version of PCRE and its date of release.
+.P
+The function \fBpcre_refcount()\fP maintains a reference count in a data block
+containing a compiled pattern. This is provided for the benefit of
+object-oriented applications.
+.P
+The global variables \fBpcre_malloc\fP and \fBpcre_free\fP initially contain
+the entry points of the standard \fBmalloc()\fP and \fBfree()\fP functions,
+respectively. PCRE calls the memory management functions via these variables,
+so a calling program can replace them if it wishes to intercept the calls. This
+should be done before calling any PCRE functions.
+.P
+The global variables \fBpcre_stack_malloc\fP and \fBpcre_stack_free\fP are also
+indirections to memory management functions. These special functions are used
+only when PCRE is compiled to use the heap for remembering data, instead of
+recursive function calls, when running the \fBpcre_exec()\fP function. See the
+.\" HREF
+\fBpcrebuild\fP
+.\"
+documentation for details of how to do this. It is a non-standard way of
+building PCRE, for use in environments that have limited stacks. Because of the
+greater use of memory management, it runs more slowly. Separate functions are
+provided so that special-purpose external code can be used for this case. When
+used, these functions always allocate memory blocks of the same size. There is
+a discussion about PCRE's stack usage in the
+.\" HREF
+\fBpcrestack\fP
+.\"
+documentation.
+.P
+The global variable \fBpcre_callout\fP initially contains NULL. It can be set
+by the caller to a "callout" function, which PCRE will then call at specified
+points during a matching operation. Details are given in the
+.\" HREF
+\fBpcrecallout\fP
+.\"
+documentation.
+.P
+The global variable \fBpcre_stack_guard\fP initially contains NULL. It can be
+set by the caller to a function that is called by PCRE whenever it starts
+to compile a parenthesized part of a pattern. When parentheses are nested, PCRE
+uses recursive function calls, which use up the system stack. This function is
+provided so that applications with restricted stacks can force a compilation
+error if the stack runs out. The function should return zero if all is well, or
+non-zero to force an error.
+.
+.
+.\" HTML <a name="newlines"></a>
+.SH NEWLINES
+.rs
+.sp
+PCRE supports five different conventions for indicating line breaks in
+strings: a single CR (carriage return) character, a single LF (linefeed)
+character, the two-character sequence CRLF, any of the three preceding, or any
+Unicode newline sequence. The Unicode newline sequences are the three just
+mentioned, plus the single characters VT (vertical tab, U+000B), FF (form feed,
+U+000C), NEL (next line, U+0085), LS (line separator, U+2028), and PS
+(paragraph separator, U+2029).
+.P
+Each of the first three conventions is used by at least one operating system as
+its standard newline sequence. When PCRE is built, a default can be specified.
+The default default is LF, which is the Unix standard. When PCRE is run, the
+default can be overridden, either when a pattern is compiled, or when it is
+matched.
+.P
+At compile time, the newline convention can be specified by the \fIoptions\fP
+argument of \fBpcre_compile()\fP, or it can be specified by special text at the
+start of the pattern itself; this overrides any other settings. See the
+.\" HREF
+\fBpcrepattern\fP
+.\"
+page for details of the special character sequences.
+.P
+In the PCRE documentation the word "newline" is used to mean "the character or
+pair of characters that indicate a line break". The choice of newline
+convention affects the handling of the dot, circumflex, and dollar
+metacharacters, the handling of #-comments in /x mode, and, when CRLF is a
+recognized line ending sequence, the match position advancement for a
+non-anchored pattern. There is more detail about this in the
+.\" HTML <a href="#execoptions">
+.\" </a>
+section on \fBpcre_exec()\fP options
+.\"
+below.
+.P
+The choice of newline convention does not affect the interpretation of
+the \en or \er escape sequences, nor does it affect what \eR matches, which is
+controlled in a similar way, but by separate options.
+.
+.
+.SH MULTITHREADING
+.rs
+.sp
+The PCRE functions can be used in multi-threading applications, with the
+proviso that the memory management functions pointed to by \fBpcre_malloc\fP,
+\fBpcre_free\fP, \fBpcre_stack_malloc\fP, and \fBpcre_stack_free\fP, and the
+callout and stack-checking functions pointed to by \fBpcre_callout\fP and
+\fBpcre_stack_guard\fP, are shared by all threads.
+.P
+The compiled form of a regular expression is not altered during matching, so
+the same compiled pattern can safely be used by several threads at once.
+.P
+If the just-in-time optimization feature is being used, it needs separate
+memory stack areas for each thread. See the
+.\" HREF
+\fBpcrejit\fP
+.\"
+documentation for more details.
+.
+.
+.SH "SAVING PRECOMPILED PATTERNS FOR LATER USE"
+.rs
+.sp
+The compiled form of a regular expression can be saved and re-used at a later
+time, possibly by a different program, and even on a host other than the one on
+which it was compiled. Details are given in the
+.\" HREF
+\fBpcreprecompile\fP
+.\"
+documentation, which includes a description of the
+\fBpcre_pattern_to_host_byte_order()\fP function. However, compiling a regular
+expression with one version of PCRE for use with a different version is not
+guaranteed to work and may cause crashes.
+.
+.
+.SH "CHECKING BUILD-TIME OPTIONS"
+.rs
+.sp
+.B int pcre_config(int \fIwhat\fP, void *\fIwhere\fP);
+.PP
+The function \fBpcre_config()\fP makes it possible for a PCRE client to
+discover which optional features have been compiled into the PCRE library. The
+.\" HREF
+\fBpcrebuild\fP
+.\"
+documentation has more details about these optional features.
+.P
+The first argument for \fBpcre_config()\fP is an integer, specifying which
+information is required; the second argument is a pointer to a variable into
+which the information is placed. The returned value is zero on success, or the
+negative error code PCRE_ERROR_BADOPTION if the value in the first argument is
+not recognized. The following information is available:
+.sp
+  PCRE_CONFIG_UTF8
+.sp
+The output is an integer that is set to one if UTF-8 support is available;
+otherwise it is set to zero. This value should normally be given to the 8-bit
+version of this function, \fBpcre_config()\fP. If it is given to the 16-bit
+or 32-bit version of this function, the result is PCRE_ERROR_BADOPTION.
+.sp
+  PCRE_CONFIG_UTF16
+.sp
+The output is an integer that is set to one if UTF-16 support is available;
+otherwise it is set to zero. This value should normally be given to the 16-bit
+version of this function, \fBpcre16_config()\fP. If it is given to the 8-bit
+or 32-bit version of this function, the result is PCRE_ERROR_BADOPTION.
+.sp
+  PCRE_CONFIG_UTF32
+.sp
+The output is an integer that is set to one if UTF-32 support is available;
+otherwise it is set to zero. This value should normally be given to the 32-bit
+version of this function, \fBpcre32_config()\fP. If it is given to the 8-bit
+or 16-bit version of this function, the result is PCRE_ERROR_BADOPTION.
+.sp
+  PCRE_CONFIG_UNICODE_PROPERTIES
+.sp
+The output is an integer that is set to one if support for Unicode character
+properties is available; otherwise it is set to zero.
+.sp
+  PCRE_CONFIG_JIT
+.sp
+The output is an integer that is set to one if support for just-in-time
+compiling is available; otherwise it is set to zero.
+.sp
+  PCRE_CONFIG_JITTARGET
+.sp
+The output is a pointer to a zero-terminated "const char *" string. If JIT
+support is available, the string contains the name of the architecture for
+which the JIT compiler is configured, for example "x86 32bit (little endian +
+unaligned)". If JIT support is not available, the result is NULL.
+.sp
+  PCRE_CONFIG_NEWLINE
+.sp
+The output is an integer whose value specifies the default character sequence
+that is recognized as meaning "newline". The values that are supported in
+ASCII/Unicode environments are: 10 for LF, 13 for CR, 3338 for CRLF, -2 for
+ANYCRLF, and -1 for ANY. In EBCDIC environments, CR, ANYCRLF, and ANY yield the
+same values. However, the value for LF is normally 21, though some EBCDIC
+environments use 37. The corresponding values for CRLF are 3349 and 3365. The
+default should normally correspond to the standard sequence for your operating
+system.
+.sp
+  PCRE_CONFIG_BSR
+.sp
+The output is an integer whose value indicates what character sequences the \eR
+escape sequence matches by default. A value of 0 means that \eR matches any
+Unicode line ending sequence; a value of 1 means that \eR matches only CR, LF,
+or CRLF. The default can be overridden when a pattern is compiled or matched.
+.sp
+  PCRE_CONFIG_LINK_SIZE
+.sp
+The output is an integer that contains the number of bytes used for internal
+linkage in compiled regular expressions. For the 8-bit library, the value can
+be 2, 3, or 4. For the 16-bit library, the value is either 2 or 4 and is still
+a number of bytes. For the 32-bit library, the value is either 2 or 4 and is
+still a number of bytes. The default value of 2 is sufficient for all but the
+most massive patterns, since it allows the compiled pattern to be up to 64K in
+size. Larger values allow larger regular expressions to be compiled, at the
+expense of slower matching.
+.sp
+  PCRE_CONFIG_POSIX_MALLOC_THRESHOLD
+.sp
+The output is an integer that contains the threshold above which the POSIX
+interface uses \fBmalloc()\fP for output vectors. Further details are given in
+the
+.\" HREF
+\fBpcreposix\fP
+.\"
+documentation.
+.sp
+  PCRE_CONFIG_PARENS_LIMIT
+.sp
+The output is a long integer that gives the maximum depth of nesting of
+parentheses (of any kind) in a pattern. This limit is imposed to cap the amount
+of system stack used when a pattern is compiled. It is specified when PCRE is
+built; the default is 250. This limit does not take into account the stack that
+may already be used by the calling application. For finer control over
+compilation stack usage, you can set a pointer to an external checking function
+in \fBpcre_stack_guard\fP.
+.sp
+  PCRE_CONFIG_MATCH_LIMIT
+.sp
+The output is a long integer that gives the default limit for the number of
+internal matching function calls in a \fBpcre_exec()\fP execution. Further
+details are given with \fBpcre_exec()\fP below.
+.sp
+  PCRE_CONFIG_MATCH_LIMIT_RECURSION
+.sp
+The output is a long integer that gives the default limit for the depth of
+recursion when calling the internal matching function in a \fBpcre_exec()\fP
+execution. Further details are given with \fBpcre_exec()\fP below.
+.sp
+  PCRE_CONFIG_STACKRECURSE
+.sp
+The output is an integer that is set to one if internal recursion when running
+\fBpcre_exec()\fP is implemented by recursive function calls that use the stack
+to remember their state. This is the usual way that PCRE is compiled. The
+output is zero if PCRE was compiled to use blocks of data on the heap instead
+of recursive function calls. In this case, \fBpcre_stack_malloc\fP and
+\fBpcre_stack_free\fP are called to manage memory blocks on the heap, thus
+avoiding the use of the stack.
+.
+.
+.SH "COMPILING A PATTERN"
+.rs
+.sp
+.nf
+.B pcre *pcre_compile(const char *\fIpattern\fP, int \fIoptions\fP,
+.B "     const char **\fIerrptr\fP, int *\fIerroffset\fP,"
+.B "     const unsigned char *\fItableptr\fP);"
+.sp
+.B pcre *pcre_compile2(const char *\fIpattern\fP, int \fIoptions\fP,
+.B "     int *\fIerrorcodeptr\fP,"
+.B "     const char **\fIerrptr\fP, int *\fIerroffset\fP,"
+.B "     const unsigned char *\fItableptr\fP);"
+.fi
+.P
+Either of the functions \fBpcre_compile()\fP or \fBpcre_compile2()\fP can be
+called to compile a pattern into an internal form. The only difference between
+the two interfaces is that \fBpcre_compile2()\fP has an additional argument,
+\fIerrorcodeptr\fP, via which a numerical error code can be returned. To avoid
+too much repetition, we refer just to \fBpcre_compile()\fP below, but the
+information applies equally to \fBpcre_compile2()\fP.
+.P
+The pattern is a C string terminated by a binary zero, and is passed in the
+\fIpattern\fP argument. A pointer to a single block of memory that is obtained
+via \fBpcre_malloc\fP is returned. This contains the compiled code and related
+data. The \fBpcre\fP type is defined for the returned block; this is a typedef
+for a structure whose contents are not externally defined. It is up to the
+caller to free the memory (via \fBpcre_free\fP) when it is no longer required.
+.P
+Although the compiled code of a PCRE regex is relocatable, that is, it does not
+depend on memory location, the complete \fBpcre\fP data block is not
+fully relocatable, because it may contain a copy of the \fItableptr\fP
+argument, which is an address (see below).
+.P
+The \fIoptions\fP argument contains various bit settings that affect the
+compilation. It should be zero if no options are required. The available
+options are described below. Some of them (in particular, those that are
+compatible with Perl, but some others as well) can also be set and unset from
+within the pattern (see the detailed description in the
+.\" HREF
+\fBpcrepattern\fP
+.\"
+documentation). For those options that can be different in different parts of
+the pattern, the contents of the \fIoptions\fP argument specifies their
+settings at the start of compilation and execution. The PCRE_ANCHORED,
+PCRE_BSR_\fIxxx\fP, PCRE_NEWLINE_\fIxxx\fP, PCRE_NO_UTF8_CHECK, and
+PCRE_NO_START_OPTIMIZE options can be set at the time of matching as well as at
+compile time.
+.P
+If \fIerrptr\fP is NULL, \fBpcre_compile()\fP returns NULL immediately.
+Otherwise, if compilation of a pattern fails, \fBpcre_compile()\fP returns
+NULL, and sets the variable pointed to by \fIerrptr\fP to point to a textual
+error message. This is a static string that is part of the library. You must
+not try to free it. Normally, the offset from the start of the pattern to the
+data unit that was being processed when the error was discovered is placed in
+the variable pointed to by \fIerroffset\fP, which must not be NULL (if it is,
+an immediate error is given). However, for an invalid UTF-8 or UTF-16 string,
+the offset is that of the first data unit of the failing character.
+.P
+Some errors are not detected until the whole pattern has been scanned; in these
+cases, the offset passed back is the length of the pattern. Note that the
+offset is in data units, not characters, even in a UTF mode. It may sometimes
+point into the middle of a UTF-8 or UTF-16 character.
+.P
+If \fBpcre_compile2()\fP is used instead of \fBpcre_compile()\fP, and the
+\fIerrorcodeptr\fP argument is not NULL, a non-zero error code number is
+returned via this argument in the event of an error. This is in addition to the
+textual error message. Error codes and messages are listed below.
+.P
+If the final argument, \fItableptr\fP, is NULL, PCRE uses a default set of
+character tables that are built when PCRE is compiled, using the default C
+locale. Otherwise, \fItableptr\fP must be an address that is the result of a
+call to \fBpcre_maketables()\fP. This value is stored with the compiled
+pattern, and used again by \fBpcre_exec()\fP and \fBpcre_dfa_exec()\fP when the
+pattern is matched. For more discussion, see the section on locale support
+below.
+.P
+This code fragment shows a typical straightforward call to \fBpcre_compile()\fP:
+.sp
+  pcre *re;
+  const char *error;
+  int erroffset;
+  re = pcre_compile(
+    "^A.*Z",          /* the pattern */
+    0,                /* default options */
+    &error,           /* for error message */
+    &erroffset,       /* for error offset */
+    NULL);            /* use default character tables */
+.sp
+The following names for option bits are defined in the \fBpcre.h\fP header
+file:
+.sp
+  PCRE_ANCHORED
+.sp
+If this bit is set, the pattern is forced to be "anchored", that is, it is
+constrained to match only at the first matching point in the string that is
+being searched (the "subject string"). This effect can also be achieved by
+appropriate constructs in the pattern itself, which is the only way to do it in
+Perl.
+.sp
+  PCRE_AUTO_CALLOUT
+.sp
+If this bit is set, \fBpcre_compile()\fP automatically inserts callout items,
+all with number 255, before each pattern item. For discussion of the callout
+facility, see the
+.\" HREF
+\fBpcrecallout\fP
+.\"
+documentation.
+.sp
+  PCRE_BSR_ANYCRLF
+  PCRE_BSR_UNICODE
+.sp
+These options (which are mutually exclusive) control what the \eR escape
+sequence matches. The choice is either to match only CR, LF, or CRLF, or to
+match any Unicode newline sequence. The default is specified when PCRE is
+built. It can be overridden from within the pattern, or by setting an option
+when a compiled pattern is matched.
+.sp
+  PCRE_CASELESS
+.sp
+If this bit is set, letters in the pattern match both upper and lower case
+letters. It is equivalent to Perl's /i option, and it can be changed within a
+pattern by a (?i) option setting. In UTF-8 mode, PCRE always understands the
+concept of case for characters whose values are less than 128, so caseless
+matching is always possible. For characters with higher values, the concept of
+case is supported if PCRE is compiled with Unicode property support, but not
+otherwise. If you want to use caseless matching for characters 128 and above,
+you must ensure that PCRE is compiled with Unicode property support as well as
+with UTF-8 support.
+.sp
+  PCRE_DOLLAR_ENDONLY
+.sp
+If this bit is set, a dollar metacharacter in the pattern matches only at the
+end of the subject string. Without this option, a dollar also matches
+immediately before a newline at the end of the string (but not before any other
+newlines). The PCRE_DOLLAR_ENDONLY option is ignored if PCRE_MULTILINE is set.
+There is no equivalent to this option in Perl, and no way to set it within a
+pattern.
+.sp
+  PCRE_DOTALL
+.sp
+If this bit is set, a dot metacharacter in the pattern matches a character of
+any value, including one that indicates a newline. However, it only ever
+matches one character, even if newlines are coded as CRLF. Without this option,
+a dot does not match when the current position is at a newline. This option is
+equivalent to Perl's /s option, and it can be changed within a pattern by a
+(?s) option setting. A negative class such as [^a] always matches newline
+characters, independent of the setting of this option.
+.sp
+  PCRE_DUPNAMES
+.sp
+If this bit is set, names used to identify capturing subpatterns need not be
+unique. This can be helpful for certain types of pattern when it is known that
+only one instance of the named subpattern can ever be matched. There are more
+details of named subpatterns below; see also the
+.\" HREF
+\fBpcrepattern\fP
+.\"
+documentation.
+.sp
+  PCRE_EXTENDED
+.sp
+If this bit is set, most white space characters in the pattern are totally
+ignored except when escaped or inside a character class. However, white space
+is not allowed within sequences such as (?> that introduce various
+parenthesized subpatterns, nor within a numerical quantifier such as {1,3}.
+However, ignorable white space is permitted between an item and a following
+quantifier and between a quantifier and a following + that indicates
+possessiveness.
+.P
+White space did not used to include the VT character (code 11), because Perl
+did not treat this character as white space. However, Perl changed at release
+5.18, so PCRE followed at release 8.34, and VT is now treated as white space.
+.P
+PCRE_EXTENDED also causes characters between an unescaped # outside a character
+class and the next newline, inclusive, to be ignored. PCRE_EXTENDED is
+equivalent to Perl's /x option, and it can be changed within a pattern by a
+(?x) option setting.
+.P
+Which characters are interpreted as newlines is controlled by the options
+passed to \fBpcre_compile()\fP or by a special sequence at the start of the
+pattern, as described in the section entitled
+.\" HTML <a href="pcrepattern.html#newlines">
+.\" </a>
+"Newline conventions"
+.\"
+in the \fBpcrepattern\fP documentation. Note that the end of this type of
+comment is a literal newline sequence in the pattern; escape sequences that
+happen to represent a newline do not count.
+.P
+This option makes it possible to include comments inside complicated patterns.
+Note, however, that this applies only to data characters. White space characters
+may never appear within special character sequences in a pattern, for example
+within the sequence (?( that introduces a conditional subpattern.
+.sp
+  PCRE_EXTRA
+.sp
+This option was invented in order to turn on additional functionality of PCRE
+that is incompatible with Perl, but it is currently of very little use. When
+set, any backslash in a pattern that is followed by a letter that has no
+special meaning causes an error, thus reserving these combinations for future
+expansion. By default, as in Perl, a backslash followed by a letter with no
+special meaning is treated as a literal. (Perl can, however, be persuaded to
+give an error for this, by running it with the -w option.) There are at present
+no other features controlled by this option. It can also be set by a (?X)
+option setting within a pattern.
+.sp
+  PCRE_FIRSTLINE
+.sp
+If this option is set, an unanchored pattern is required to match before or at
+the first newline in the subject string, though the matched text may continue
+over the newline.
+.sp
+  PCRE_JAVASCRIPT_COMPAT
+.sp
+If this option is set, PCRE's behaviour is changed in some ways so that it is
+compatible with JavaScript rather than Perl. The changes are as follows:
+.P
+(1) A lone closing square bracket in a pattern causes a compile-time error,
+because this is illegal in JavaScript (by default it is treated as a data
+character). Thus, the pattern AB]CD becomes illegal when this option is set.
+.P
+(2) At run time, a back reference to an unset subpattern group matches an empty
+string (by default this causes the current matching alternative to fail). A
+pattern such as (\e1)(a) succeeds when this option is set (assuming it can find
+an "a" in the subject), whereas it fails by default, for Perl compatibility.
+.P
+(3) \eU matches an upper case "U" character; by default \eU causes a compile
+time error (Perl uses \eU to upper case subsequent characters).
+.P
+(4) \eu matches a lower case "u" character unless it is followed by four
+hexadecimal digits, in which case the hexadecimal number defines the code point
+to match. By default, \eu causes a compile time error (Perl uses it to upper
+case the following character).
+.P
+(5) \ex matches a lower case "x" character unless it is followed by two
+hexadecimal digits, in which case the hexadecimal number defines the code point
+to match. By default, as in Perl, a hexadecimal number is always expected after
+\ex, but it may have zero, one, or two digits (so, for example, \exz matches a
+binary zero character followed by z).
+.sp
+  PCRE_MULTILINE
+.sp
+By default, for the purposes of matching "start of line" and "end of line",
+PCRE treats the subject string as consisting of a single line of characters,
+even if it actually contains newlines. The "start of line" metacharacter (^)
+matches only at the start of the string, and the "end of line" metacharacter
+($) matches only at the end of the string, or before a terminating newline
+(except when PCRE_DOLLAR_ENDONLY is set). Note, however, that unless
+PCRE_DOTALL is set, the "any character" metacharacter (.) does not match at a
+newline. This behaviour (for ^, $, and dot) is the same as Perl.
+.P
+When PCRE_MULTILINE it is set, the "start of line" and "end of line" constructs
+match immediately following or immediately before internal newlines in the
+subject string, respectively, as well as at the very start and end. This is
+equivalent to Perl's /m option, and it can be changed within a pattern by a
+(?m) option setting. If there are no newlines in a subject string, or no
+occurrences of ^ or $ in a pattern, setting PCRE_MULTILINE has no effect.
+.sp
+  PCRE_NEVER_UTF
+.sp
+This option locks out interpretation of the pattern as UTF-8 (or UTF-16 or
+UTF-32 in the 16-bit and 32-bit libraries). In particular, it prevents the
+creator of the pattern from switching to UTF interpretation by starting the
+pattern with (*UTF). This may be useful in applications that process patterns
+from external sources. The combination of PCRE_UTF8 and PCRE_NEVER_UTF also
+causes an error.
+.sp
+  PCRE_NEWLINE_CR
+  PCRE_NEWLINE_LF
+  PCRE_NEWLINE_CRLF
+  PCRE_NEWLINE_ANYCRLF
+  PCRE_NEWLINE_ANY
+.sp
+These options override the default newline definition that was chosen when PCRE
+was built. Setting the first or the second specifies that a newline is
+indicated by a single character (CR or LF, respectively). Setting
+PCRE_NEWLINE_CRLF specifies that a newline is indicated by the two-character
+CRLF sequence. Setting PCRE_NEWLINE_ANYCRLF specifies that any of the three
+preceding sequences should be recognized. Setting PCRE_NEWLINE_ANY specifies
+that any Unicode newline sequence should be recognized.
+.P
+In an ASCII/Unicode environment, the Unicode newline sequences are the three
+just mentioned, plus the single characters VT (vertical tab, U+000B), FF (form
+feed, U+000C), NEL (next line, U+0085), LS (line separator, U+2028), and PS
+(paragraph separator, U+2029). For the 8-bit library, the last two are
+recognized only in UTF-8 mode.
+.P
+When PCRE is compiled to run in an EBCDIC (mainframe) environment, the code for
+CR is 0x0d, the same as ASCII. However, the character code for LF is normally
+0x15, though in some EBCDIC environments 0x25 is used. Whichever of these is
+not LF is made to correspond to Unicode's NEL character. EBCDIC codes are all
+less than 256. For more details, see the
+.\" HREF
+\fBpcrebuild\fP
+.\"
+documentation.
+.P
+The newline setting in the options word uses three bits that are treated
+as a number, giving eight possibilities. Currently only six are used (default
+plus the five values above). This means that if you set more than one newline
+option, the combination may or may not be sensible. For example,
+PCRE_NEWLINE_CR with PCRE_NEWLINE_LF is equivalent to PCRE_NEWLINE_CRLF, but
+other combinations may yield unused numbers and cause an error.
+.P
+The only time that a line break in a pattern is specially recognized when
+compiling is when PCRE_EXTENDED is set. CR and LF are white space characters,
+and so are ignored in this mode. Also, an unescaped # outside a character class
+indicates a comment that lasts until after the next line break sequence. In
+other circumstances, line break sequences in patterns are treated as literal
+data.
+.P
+The newline option that is set at compile time becomes the default that is used
+for \fBpcre_exec()\fP and \fBpcre_dfa_exec()\fP, but it can be overridden.
+.sp
+  PCRE_NO_AUTO_CAPTURE
+.sp
+If this option is set, it disables the use of numbered capturing parentheses in
+the pattern. Any opening parenthesis that is not followed by ? behaves as if it
+were followed by ?: but named parentheses can still be used for capturing (and
+they acquire numbers in the usual way). There is no equivalent of this option
+in Perl.
+.sp
+  PCRE_NO_AUTO_POSSESS
+.sp
+If this option is set, it disables "auto-possessification". This is an
+optimization that, for example, turns a+b into a++b in order to avoid
+backtracks into a+ that can never be successful. However, if callouts are in
+use, auto-possessification means that some of them are never taken. You can set
+this option if you want the matching functions to do a full unoptimized search
+and run all the callouts, but it is mainly provided for testing purposes.
+.sp
+  PCRE_NO_START_OPTIMIZE
+.sp
+This is an option that acts at matching time; that is, it is really an option
+for \fBpcre_exec()\fP or \fBpcre_dfa_exec()\fP. If it is set at compile time,
+it is remembered with the compiled pattern and assumed at matching time. This
+is necessary if you want to use JIT execution, because the JIT compiler needs
+to know whether or not this option is set. For details see the discussion of
+PCRE_NO_START_OPTIMIZE
+.\" HTML <a href="#execoptions">
+.\" </a>
+below.
+.\"
+.sp
+  PCRE_UCP
+.sp
+This option changes the way PCRE processes \eB, \eb, \eD, \ed, \eS, \es, \eW,
+\ew, and some of the POSIX character classes. By default, only ASCII characters
+are recognized, but if PCRE_UCP is set, Unicode properties are used instead to
+classify characters. More details are given in the section on
+.\" HTML <a href="pcre.html#genericchartypes">
+.\" </a>
+generic character types
+.\"
+in the
+.\" HREF
+\fBpcrepattern\fP
+.\"
+page. If you set PCRE_UCP, matching one of the items it affects takes much
+longer. The option is available only if PCRE has been compiled with Unicode
+property support.
+.sp
+  PCRE_UNGREEDY
+.sp
+This option inverts the "greediness" of the quantifiers so that they are not
+greedy by default, but become greedy if followed by "?". It is not compatible
+with Perl. It can also be set by a (?U) option setting within the pattern.
+.sp
+  PCRE_UTF8
+.sp
+This option causes PCRE to regard both the pattern and the subject as strings
+of UTF-8 characters instead of single-byte strings. However, it is available
+only when PCRE is built to include UTF support. If not, the use of this option
+provokes an error. Details of how this option changes the behaviour of PCRE are
+given in the
+.\" HREF
+\fBpcreunicode\fP
+.\"
+page.
+.sp
+  PCRE_NO_UTF8_CHECK
+.sp
+When PCRE_UTF8 is set, the validity of the pattern as a UTF-8 string is
+automatically checked. There is a discussion about the
+.\" HTML <a href="pcreunicode.html#utf8strings">
+.\" </a>
+validity of UTF-8 strings
+.\"
+in the
+.\" HREF
+\fBpcreunicode\fP
+.\"
+page. If an invalid UTF-8 sequence is found, \fBpcre_compile()\fP returns an
+error. If you already know that your pattern is valid, and you want to skip
+this check for performance reasons, you can set the PCRE_NO_UTF8_CHECK option.
+When it is set, the effect of passing an invalid UTF-8 string as a pattern is
+undefined. It may cause your program to crash or loop. Note that this option
+can also be passed to \fBpcre_exec()\fP and \fBpcre_dfa_exec()\fP, to suppress
+the validity checking of subject strings only. If the same string is being
+matched many times, the option can be safely set for the second and subsequent
+matchings to improve performance.
+.
+.
+.SH "COMPILATION ERROR CODES"
+.rs
+.sp
+The following table lists the error codes than may be returned by
+\fBpcre_compile2()\fP, along with the error messages that may be returned by
+both compiling functions. Note that error messages are always 8-bit ASCII
+strings, even in 16-bit or 32-bit mode. As PCRE has developed, some error codes
+have fallen out of use. To avoid confusion, they have not been re-used.
+.sp
+   0  no error
+   1  \e at end of pattern
+   2  \ec at end of pattern
+   3  unrecognized character follows \e
+   4  numbers out of order in {} quantifier
+   5  number too big in {} quantifier
+   6  missing terminating ] for character class
+   7  invalid escape sequence in character class
+   8  range out of order in character class
+   9  nothing to repeat
+  10  [this code is not in use]
+  11  internal error: unexpected repeat
+  12  unrecognized character after (? or (?-
+  13  POSIX named classes are supported only within a class
+  14  missing )
+  15  reference to non-existent subpattern
+  16  erroffset passed as NULL
+  17  unknown option bit(s) set
+  18  missing ) after comment
+  19  [this code is not in use]
+  20  regular expression is too large
+  21  failed to get memory
+  22  unmatched parentheses
+  23  internal error: code overflow
+  24  unrecognized character after (?<
+  25  lookbehind assertion is not fixed length
+  26  malformed number or name after (?(
+  27  conditional group contains more than two branches
+  28  assertion expected after (?(
+  29  (?R or (?[+-]digits must be followed by )
+  30  unknown POSIX class name
+  31  POSIX collating elements are not supported
+  32  this version of PCRE is compiled without UTF support
+  33  [this code is not in use]
+  34  character value in \ex{} or \eo{} is too large
+  35  invalid condition (?(0)
+  36  \eC not allowed in lookbehind assertion
+  37  PCRE does not support \eL, \el, \eN{name}, \eU, or \eu
+  38  number after (?C is > 255
+  39  closing ) for (?C expected
+  40  recursive call could loop indefinitely
+  41  unrecognized character after (?P
+  42  syntax error in subpattern name (missing terminator)
+  43  two named subpatterns have the same name
+  44  invalid UTF-8 string (specifically UTF-8)
+  45  support for \eP, \ep, and \eX has not been compiled
+  46  malformed \eP or \ep sequence
+  47  unknown property name after \eP or \ep
+  48  subpattern name is too long (maximum 32 characters)
+  49  too many named subpatterns (maximum 10000)
+  50  [this code is not in use]
+  51  octal value is greater than \e377 in 8-bit non-UTF-8 mode
+  52  internal error: overran compiling workspace
+  53  internal error: previously-checked referenced subpattern
+        not found
+  54  DEFINE group contains more than one branch
+  55  repeating a DEFINE group is not allowed
+  56  inconsistent NEWLINE options
+  57  \eg is not followed by a braced, angle-bracketed, or quoted
+        name/number or by a plain number
+  58  a numbered reference must not be zero
+  59  an argument is not allowed for (*ACCEPT), (*FAIL), or (*COMMIT)
+  60  (*VERB) not recognized or malformed
+  61  number is too big
+  62  subpattern name expected
+  63  digit expected after (?+
+  64  ] is an invalid data character in JavaScript compatibility mode
+  65  different names for subpatterns of the same number are
+        not allowed
+  66  (*MARK) must have an argument
+  67  this version of PCRE is not compiled with Unicode property
+        support
+  68  \ec must be followed by an ASCII character
+  69  \ek is not followed by a braced, angle-bracketed, or quoted name
+  70  internal error: unknown opcode in find_fixedlength()
+  71  \eN is not supported in a class
+  72  too many forward references
+  73  disallowed Unicode code point (>= 0xd800 && <= 0xdfff)
+  74  invalid UTF-16 string (specifically UTF-16)
+  75  name is too long in (*MARK), (*PRUNE), (*SKIP), or (*THEN)
+  76  character value in \eu.... sequence is too large
+  77  invalid UTF-32 string (specifically UTF-32)
+  78  setting UTF is disabled by the application
+  79  non-hex character in \ex{} (closing brace missing?)
+  80  non-octal character in \eo{} (closing brace missing?)
+  81  missing opening brace after \eo
+  82  parentheses are too deeply nested
+  83  invalid range in character class
+  84  group name must start with a non-digit
+  85  parentheses are too deeply nested (stack check)
+.sp
+The numbers 32 and 10000 in errors 48 and 49 are defaults; different values may
+be used if the limits were changed when PCRE was built.
+.
+.
+.\" HTML <a name="studyingapattern"></a>
+.SH "STUDYING A PATTERN"
+.rs
+.sp
+.nf
+.B pcre_extra *pcre_study(const pcre *\fIcode\fP, int \fIoptions\fP,
+.B "     const char **\fIerrptr\fP);"
+.fi
+.PP
+If a compiled pattern is going to be used several times, it is worth spending
+more time analyzing it in order to speed up the time taken for matching. The
+function \fBpcre_study()\fP takes a pointer to a compiled pattern as its first
+argument. If studying the pattern produces additional information that will
+help speed up matching, \fBpcre_study()\fP returns a pointer to a
+\fBpcre_extra\fP block, in which the \fIstudy_data\fP field points to the
+results of the study.
+.P
+The returned value from \fBpcre_study()\fP can be passed directly to
+\fBpcre_exec()\fP or \fBpcre_dfa_exec()\fP. However, a \fBpcre_extra\fP block
+also contains other fields that can be set by the caller before the block is
+passed; these are described
+.\" HTML <a href="#extradata">
+.\" </a>
+below
+.\"
+in the section on matching a pattern.
+.P
+If studying the pattern does not produce any useful information,
+\fBpcre_study()\fP returns NULL by default. In that circumstance, if the
+calling program wants to pass any of the other fields to \fBpcre_exec()\fP or
+\fBpcre_dfa_exec()\fP, it must set up its own \fBpcre_extra\fP block. However,
+if \fBpcre_study()\fP is called with the PCRE_STUDY_EXTRA_NEEDED option, it
+returns a \fBpcre_extra\fP block even if studying did not find any additional
+information. It may still return NULL, however, if an error occurs in
+\fBpcre_study()\fP.
+.P
+The second argument of \fBpcre_study()\fP contains option bits. There are three
+further options in addition to PCRE_STUDY_EXTRA_NEEDED:
+.sp
+  PCRE_STUDY_JIT_COMPILE
+  PCRE_STUDY_JIT_PARTIAL_HARD_COMPILE
+  PCRE_STUDY_JIT_PARTIAL_SOFT_COMPILE
+.sp
+If any of these are set, and the just-in-time compiler is available, the
+pattern is further compiled into machine code that executes much faster than
+the \fBpcre_exec()\fP interpretive matching function. If the just-in-time
+compiler is not available, these options are ignored. All undefined bits in the
+\fIoptions\fP argument must be zero.
+.P
+JIT compilation is a heavyweight optimization. It can take some time for
+patterns to be analyzed, and for one-off matches and simple patterns the
+benefit of faster execution might be offset by a much slower study time.
+Not all patterns can be optimized by the JIT compiler. For those that cannot be
+handled, matching automatically falls back to the \fBpcre_exec()\fP
+interpreter. For more details, see the
+.\" HREF
+\fBpcrejit\fP
+.\"
+documentation.
+.P
+The third argument for \fBpcre_study()\fP is a pointer for an error message. If
+studying succeeds (even if no data is returned), the variable it points to is
+set to NULL. Otherwise it is set to point to a textual error message. This is a
+static string that is part of the library. You must not try to free it. You
+should test the error pointer for NULL after calling \fBpcre_study()\fP, to be
+sure that it has run successfully.
+.P
+When you are finished with a pattern, you can free the memory used for the
+study data by calling \fBpcre_free_study()\fP. This function was added to the
+API for release 8.20. For earlier versions, the memory could be freed with
+\fBpcre_free()\fP, just like the pattern itself. This will still work in cases
+where JIT optimization is not used, but it is advisable to change to the new
+function when convenient.
+.P
+This is a typical way in which \fBpcre_study\fP() is used (except that in a
+real application there should be tests for errors):
+.sp
+  int rc;
+  pcre *re;
+  pcre_extra *sd;
+  re = pcre_compile("pattern", 0, &error, &erroroffset, NULL);
+  sd = pcre_study(
+    re,             /* result of pcre_compile() */
+    0,              /* no options */
+    &error);        /* set to NULL or points to a message */
+  rc = pcre_exec(   /* see below for details of pcre_exec() options */
+    re, sd, "subject", 7, 0, 0, ovector, 30);
+  ...
+  pcre_free_study(sd);
+  pcre_free(re);
+.sp
+Studying a pattern does two things: first, a lower bound for the length of
+subject string that is needed to match the pattern is computed. This does not
+mean that there are any strings of that length that match, but it does
+guarantee that no shorter strings match. The value is used to avoid wasting
+time by trying to match strings that are shorter than the lower bound. You can
+find out the value in a calling program via the \fBpcre_fullinfo()\fP function.
+.P
+Studying a pattern is also useful for non-anchored patterns that do not have a
+single fixed starting character. A bitmap of possible starting bytes is
+created. This speeds up finding a position in the subject at which to start
+matching. (In 16-bit mode, the bitmap is used for 16-bit values less than 256.
+In 32-bit mode, the bitmap is used for 32-bit values less than 256.)
+.P
+These two optimizations apply to both \fBpcre_exec()\fP and
+\fBpcre_dfa_exec()\fP, and the information is also used by the JIT compiler.
+The optimizations can be disabled by setting the PCRE_NO_START_OPTIMIZE option.
+You might want to do this if your pattern contains callouts or (*MARK) and you
+want to make use of these facilities in cases where matching fails.
+.P
+PCRE_NO_START_OPTIMIZE can be specified at either compile time or execution
+time. However, if PCRE_NO_START_OPTIMIZE is passed to \fBpcre_exec()\fP, (that
+is, after any JIT compilation has happened) JIT execution is disabled. For JIT
+execution to work with PCRE_NO_START_OPTIMIZE, the option must be set at
+compile time.
+.P
+There is a longer discussion of PCRE_NO_START_OPTIMIZE
+.\" HTML <a href="#execoptions">
+.\" </a>
+below.
+.\"
+.
+.
+.\" HTML <a name="localesupport"></a>
+.SH "LOCALE SUPPORT"
+.rs
+.sp
+PCRE handles caseless matching, and determines whether characters are letters,
+digits, or whatever, by reference to a set of tables, indexed by character
+code point. When running in UTF-8 mode, or in the 16- or 32-bit libraries, this
+applies only to characters with code points less than 256. By default,
+higher-valued code points never match escapes such as \ew or \ed. However, if
+PCRE is built with Unicode property support, all characters can be tested with
+\ep and \eP, or, alternatively, the PCRE_UCP option can be set when a pattern
+is compiled; this causes \ew and friends to use Unicode property support
+instead of the built-in tables.
+.P
+The use of locales with Unicode is discouraged. If you are handling characters
+with code points greater than 128, you should either use Unicode support, or
+use locales, but not try to mix the two.
+.P
+PCRE contains an internal set of tables that are used when the final argument
+of \fBpcre_compile()\fP is NULL. These are sufficient for many applications.
+Normally, the internal tables recognize only ASCII characters. However, when
+PCRE is built, it is possible to cause the internal tables to be rebuilt in the
+default "C" locale of the local system, which may cause them to be different.
+.P
+The internal tables can always be overridden by tables supplied by the
+application that calls PCRE. These may be created in a different locale from
+the default. As more and more applications change to using Unicode, the need
+for this locale support is expected to die away.
+.P
+External tables are built by calling the \fBpcre_maketables()\fP function,
+which has no arguments, in the relevant locale. The result can then be passed
+to \fBpcre_compile()\fP as often as necessary. For example, to build and use
+tables that are appropriate for the French locale (where accented characters
+with values greater than 128 are treated as letters), the following code could
+be used:
+.sp
+  setlocale(LC_CTYPE, "fr_FR");
+  tables = pcre_maketables();
+  re = pcre_compile(..., tables);
+.sp
+The locale name "fr_FR" is used on Linux and other Unix-like systems; if you
+are using Windows, the name for the French locale is "french".
+.P
+When \fBpcre_maketables()\fP runs, the tables are built in memory that is
+obtained via \fBpcre_malloc\fP. It is the caller's responsibility to ensure
+that the memory containing the tables remains available for as long as it is
+needed.
+.P
+The pointer that is passed to \fBpcre_compile()\fP is saved with the compiled
+pattern, and the same tables are used via this pointer by \fBpcre_study()\fP
+and also by \fBpcre_exec()\fP and \fBpcre_dfa_exec()\fP. Thus, for any single
+pattern, compilation, studying and matching all happen in the same locale, but
+different patterns can be processed in different locales.
+.P
+It is possible to pass a table pointer or NULL (indicating the use of the
+internal tables) to \fBpcre_exec()\fP or \fBpcre_dfa_exec()\fP (see the
+discussion below in the section on matching a pattern). This facility is
+provided for use with pre-compiled patterns that have been saved and reloaded.
+Character tables are not saved with patterns, so if a non-standard table was
+used at compile time, it must be provided again when the reloaded pattern is
+matched. Attempting to use this facility to match a pattern in a different
+locale from the one in which it was compiled is likely to lead to anomalous
+(usually incorrect) results.
+.
+.
+.\" HTML <a name="infoaboutpattern"></a>
+.SH "INFORMATION ABOUT A PATTERN"
+.rs
+.sp
+.nf
+.B int pcre_fullinfo(const pcre *\fIcode\fP, "const pcre_extra *\fIextra\fP,"
+.B "     int \fIwhat\fP, void *\fIwhere\fP);"
+.fi
+.PP
+The \fBpcre_fullinfo()\fP function returns information about a compiled
+pattern. It replaces the \fBpcre_info()\fP function, which was removed from the
+library at version 8.30, after more than 10 years of obsolescence.
+.P
+The first argument for \fBpcre_fullinfo()\fP is a pointer to the compiled
+pattern. The second argument is the result of \fBpcre_study()\fP, or NULL if
+the pattern was not studied. The third argument specifies which piece of
+information is required, and the fourth argument is a pointer to a variable
+to receive the data. The yield of the function is zero for success, or one of
+the following negative numbers:
+.sp
+  PCRE_ERROR_NULL           the argument \fIcode\fP was NULL
+                            the argument \fIwhere\fP was NULL
+  PCRE_ERROR_BADMAGIC       the "magic number" was not found
+  PCRE_ERROR_BADENDIANNESS  the pattern was compiled with different
+                            endianness
+  PCRE_ERROR_BADOPTION      the value of \fIwhat\fP was invalid
+  PCRE_ERROR_UNSET          the requested field is not set
+.sp
+The "magic number" is placed at the start of each compiled pattern as an simple
+check against passing an arbitrary memory pointer. The endianness error can
+occur if a compiled pattern is saved and reloaded on a different host. Here is
+a typical call of \fBpcre_fullinfo()\fP, to obtain the length of the compiled
+pattern:
+.sp
+  int rc;
+  size_t length;
+  rc = pcre_fullinfo(
+    re,               /* result of pcre_compile() */
+    sd,               /* result of pcre_study(), or NULL */
+    PCRE_INFO_SIZE,   /* what is required */
+    &length);         /* where to put the data */
+.sp
+The possible values for the third argument are defined in \fBpcre.h\fP, and are
+as follows:
+.sp
+  PCRE_INFO_BACKREFMAX
+.sp
+Return the number of the highest back reference in the pattern. The fourth
+argument should point to an \fBint\fP variable. Zero is returned if there are
+no back references.
+.sp
+  PCRE_INFO_CAPTURECOUNT
+.sp
+Return the number of capturing subpatterns in the pattern. The fourth argument
+should point to an \fBint\fP variable.
+.sp
+  PCRE_INFO_DEFAULT_TABLES
+.sp
+Return a pointer to the internal default character tables within PCRE. The
+fourth argument should point to an \fBunsigned char *\fP variable. This
+information call is provided for internal use by the \fBpcre_study()\fP
+function. External callers can cause PCRE to use its internal tables by passing
+a NULL table pointer.
+.sp
+  PCRE_INFO_FIRSTBYTE (deprecated)
+.sp
+Return information about the first data unit of any matched string, for a
+non-anchored pattern. The name of this option refers to the 8-bit library,
+where data units are bytes. The fourth argument should point to an \fBint\fP
+variable. Negative values are used for special cases. However, this means that
+when the 32-bit library is in non-UTF-32 mode, the full 32-bit range of
+characters cannot be returned. For this reason, this value is deprecated; use
+PCRE_INFO_FIRSTCHARACTERFLAGS and PCRE_INFO_FIRSTCHARACTER instead.
+.P
+If there is a fixed first value, for example, the letter "c" from a pattern
+such as (cat|cow|coyote), its value is returned. In the 8-bit library, the
+value is always less than 256. In the 16-bit library the value can be up to
+0xffff. In the 32-bit library the value can be up to 0x10ffff.
+.P
+If there is no fixed first value, and if either
+.sp
+(a) the pattern was compiled with the PCRE_MULTILINE option, and every branch
+starts with "^", or
+.sp
+(b) every branch of the pattern starts with ".*" and PCRE_DOTALL is not set
+(if it were set, the pattern would be anchored),
+.sp
+-1 is returned, indicating that the pattern matches only at the start of a
+subject string or after any newline within the string. Otherwise -2 is
+returned. For anchored patterns, -2 is returned.
+.sp
+  PCRE_INFO_FIRSTCHARACTER
+.sp
+Return the value of the first data unit (non-UTF character) of any matched
+string in the situation where PCRE_INFO_FIRSTCHARACTERFLAGS returns 1;
+otherwise return 0. The fourth argument should point to an \fBuint_t\fP
+variable.
+.P
+In the 8-bit library, the value is always less than 256. In the 16-bit library
+the value can be up to 0xffff. In the 32-bit library in UTF-32 mode the value
+can be up to 0x10ffff, and up to 0xffffffff when not using UTF-32 mode.
+.sp
+  PCRE_INFO_FIRSTCHARACTERFLAGS
+.sp
+Return information about the first data unit of any matched string, for a
+non-anchored pattern. The fourth argument should point to an \fBint\fP
+variable.
+.P
+If there is a fixed first value, for example, the letter "c" from a pattern
+such as (cat|cow|coyote), 1 is returned, and the character value can be
+retrieved using PCRE_INFO_FIRSTCHARACTER. If there is no fixed first value, and
+if either
+.sp
+(a) the pattern was compiled with the PCRE_MULTILINE option, and every branch
+starts with "^", or
+.sp
+(b) every branch of the pattern starts with ".*" and PCRE_DOTALL is not set
+(if it were set, the pattern would be anchored),
+.sp
+2 is returned, indicating that the pattern matches only at the start of a
+subject string or after any newline within the string. Otherwise 0 is
+returned. For anchored patterns, 0 is returned.
+.sp
+  PCRE_INFO_FIRSTTABLE
+.sp
+If the pattern was studied, and this resulted in the construction of a 256-bit
+table indicating a fixed set of values for the first data unit in any matching
+string, a pointer to the table is returned. Otherwise NULL is returned. The
+fourth argument should point to an \fBunsigned char *\fP variable.
+.sp
+  PCRE_INFO_HASCRORLF
+.sp
+Return 1 if the pattern contains any explicit matches for CR or LF characters,
+otherwise 0. The fourth argument should point to an \fBint\fP variable. An
+explicit match is either a literal CR or LF character, or \er or \en.
+.sp
+  PCRE_INFO_JCHANGED
+.sp
+Return 1 if the (?J) or (?-J) option setting is used in the pattern, otherwise
+0. The fourth argument should point to an \fBint\fP variable. (?J) and
+(?-J) set and unset the local PCRE_DUPNAMES option, respectively.
+.sp
+  PCRE_INFO_JIT
+.sp
+Return 1 if the pattern was studied with one of the JIT options, and
+just-in-time compiling was successful. The fourth argument should point to an
+\fBint\fP variable. A return value of 0 means that JIT support is not available
+in this version of PCRE, or that the pattern was not studied with a JIT option,
+or that the JIT compiler could not handle this particular pattern. See the
+.\" HREF
+\fBpcrejit\fP
+.\"
+documentation for details of what can and cannot be handled.
+.sp
+  PCRE_INFO_JITSIZE
+.sp
+If the pattern was successfully studied with a JIT option, return the size of
+the JIT compiled code, otherwise return zero. The fourth argument should point
+to a \fBsize_t\fP variable.
+.sp
+  PCRE_INFO_LASTLITERAL
+.sp
+Return the value of the rightmost literal data unit that must exist in any
+matched string, other than at its start, if such a value has been recorded. The
+fourth argument should point to an \fBint\fP variable. If there is no such
+value, -1 is returned. For anchored patterns, a last literal value is recorded
+only if it follows something of variable length. For example, for the pattern
+/^a\ed+z\ed+/ the returned value is "z", but for /^a\edz\ed/ the returned value
+is -1.
+.P
+Since for the 32-bit library using the non-UTF-32 mode, this function is unable
+to return the full 32-bit range of characters, this value is deprecated;
+instead the PCRE_INFO_REQUIREDCHARFLAGS and PCRE_INFO_REQUIREDCHAR values should
+be used.
+.sp
+  PCRE_INFO_MATCH_EMPTY
+.sp
+Return 1 if the pattern can match an empty string, otherwise 0. The fourth
+argument should point to an \fBint\fP variable.
+.sp
+  PCRE_INFO_MATCHLIMIT
+.sp
+If the pattern set a match limit by including an item of the form
+(*LIMIT_MATCH=nnnn) at the start, the value is returned. The fourth argument
+should point to an unsigned 32-bit integer. If no such value has been set, the
+call to \fBpcre_fullinfo()\fP returns the error PCRE_ERROR_UNSET.
+.sp
+  PCRE_INFO_MAXLOOKBEHIND
+.sp
+Return the number of characters (NB not data units) in the longest lookbehind
+assertion in the pattern. This information is useful when doing multi-segment
+matching using the partial matching facilities. Note that the simple assertions
+\eb and \eB require a one-character lookbehind. \eA also registers a
+one-character lookbehind, though it does not actually inspect the previous
+character. This is to ensure that at least one character from the old segment
+is retained when a new segment is processed. Otherwise, if there are no
+lookbehinds in the pattern, \eA might match incorrectly at the start of a new
+segment.
+.sp
+  PCRE_INFO_MINLENGTH
+.sp
+If the pattern was studied and a minimum length for matching subject strings
+was computed, its value is returned. Otherwise the returned value is -1. The
+value is a number of characters, which in UTF mode may be different from the
+number of data units. The fourth argument should point to an \fBint\fP
+variable. A non-negative value is a lower bound to the length of any matching
+string. There may not be any strings of that length that do actually match, but
+every string that does match is at least that long.
+.sp
+  PCRE_INFO_NAMECOUNT
+  PCRE_INFO_NAMEENTRYSIZE
+  PCRE_INFO_NAMETABLE
+.sp
+PCRE supports the use of named as well as numbered capturing parentheses. The
+names are just an additional way of identifying the parentheses, which still
+acquire numbers. Several convenience functions such as
+\fBpcre_get_named_substring()\fP are provided for extracting captured
+substrings by name. It is also possible to extract the data directly, by first
+converting the name to a number in order to access the correct pointers in the
+output vector (described with \fBpcre_exec()\fP below). To do the conversion,
+you need to use the name-to-number map, which is described by these three
+values.
+.P
+The map consists of a number of fixed-size entries. PCRE_INFO_NAMECOUNT gives
+the number of entries, and PCRE_INFO_NAMEENTRYSIZE gives the size of each
+entry; both of these return an \fBint\fP value. The entry size depends on the
+length of the longest name. PCRE_INFO_NAMETABLE returns a pointer to the first
+entry of the table. This is a pointer to \fBchar\fP in the 8-bit library, where
+the first two bytes of each entry are the number of the capturing parenthesis,
+most significant byte first. In the 16-bit library, the pointer points to
+16-bit data units, the first of which contains the parenthesis number. In the
+32-bit library, the pointer points to 32-bit data units, the first of which
+contains the parenthesis number. The rest of the entry is the corresponding
+name, zero terminated.
+.P
+The names are in alphabetical order. If (?| is used to create multiple groups
+with the same number, as described in the
+.\" HTML <a href="pcrepattern.html#dupsubpatternnumber">
+.\" </a>
+section on duplicate subpattern numbers
+.\"
+in the
+.\" HREF
+\fBpcrepattern\fP
+.\"
+page, the groups may be given the same name, but there is only one entry in the
+table. Different names for groups of the same number are not permitted.
+Duplicate names for subpatterns with different numbers are permitted,
+but only if PCRE_DUPNAMES is set. They appear in the table in the order in
+which they were found in the pattern. In the absence of (?| this is the order
+of increasing number; when (?| is used this is not necessarily the case because
+later subpatterns may have lower numbers.
+.P
+As a simple example of the name/number table, consider the following pattern
+after compilation by the 8-bit library (assume PCRE_EXTENDED is set, so white
+space - including newlines - is ignored):
+.sp
+.\" JOIN
+  (?<date> (?<year>(\ed\ed)?\ed\ed) -
+  (?<month>\ed\ed) - (?<day>\ed\ed) )
+.sp
+There are four named subpatterns, so the table has four entries, and each entry
+in the table is eight bytes long. The table is as follows, with non-printing
+bytes shows in hexadecimal, and undefined bytes shown as ??:
+.sp
+  00 01 d  a  t  e  00 ??
+  00 05 d  a  y  00 ?? ??
+  00 04 m  o  n  t  h  00
+  00 02 y  e  a  r  00 ??
+.sp
+When writing code to extract data from named subpatterns using the
+name-to-number map, remember that the length of the entries is likely to be
+different for each compiled pattern.
+.sp
+  PCRE_INFO_OKPARTIAL
+.sp
+Return 1 if the pattern can be used for partial matching with
+\fBpcre_exec()\fP, otherwise 0. The fourth argument should point to an
+\fBint\fP variable. From release 8.00, this always returns 1, because the
+restrictions that previously applied to partial matching have been lifted. The
+.\" HREF
+\fBpcrepartial\fP
+.\"
+documentation gives details of partial matching.
+.sp
+  PCRE_INFO_OPTIONS
+.sp
+Return a copy of the options with which the pattern was compiled. The fourth
+argument should point to an \fBunsigned long int\fP variable. These option bits
+are those specified in the call to \fBpcre_compile()\fP, modified by any
+top-level option settings at the start of the pattern itself. In other words,
+they are the options that will be in force when matching starts. For example,
+if the pattern /(?im)abc(?-i)d/ is compiled with the PCRE_EXTENDED option, the
+result is PCRE_CASELESS, PCRE_MULTILINE, and PCRE_EXTENDED.
+.P
+A pattern is automatically anchored by PCRE if all of its top-level
+alternatives begin with one of the following:
+.sp
+  ^     unless PCRE_MULTILINE is set
+  \eA    always
+  \eG    always
+.\" JOIN
+  .*    if PCRE_DOTALL is set and there are no back
+          references to the subpattern in which .* appears
+.sp
+For such patterns, the PCRE_ANCHORED bit is set in the options returned by
+\fBpcre_fullinfo()\fP.
+.sp
+  PCRE_INFO_RECURSIONLIMIT
+.sp
+If the pattern set a recursion limit by including an item of the form
+(*LIMIT_RECURSION=nnnn) at the start, the value is returned. The fourth
+argument should point to an unsigned 32-bit integer. If no such value has been
+set, the call to \fBpcre_fullinfo()\fP returns the error PCRE_ERROR_UNSET.
+.sp
+  PCRE_INFO_SIZE
+.sp
+Return the size of the compiled pattern in bytes (for all three libraries). The
+fourth argument should point to a \fBsize_t\fP variable. This value does not
+include the size of the \fBpcre\fP structure that is returned by
+\fBpcre_compile()\fP. The value that is passed as the argument to
+\fBpcre_malloc()\fP when \fBpcre_compile()\fP is getting memory in which to
+place the compiled data is the value returned by this option plus the size of
+the \fBpcre\fP structure. Studying a compiled pattern, with or without JIT,
+does not alter the value returned by this option.
+.sp
+  PCRE_INFO_STUDYSIZE
+.sp
+Return the size in bytes (for all three libraries) of the data block pointed to
+by the \fIstudy_data\fP field in a \fBpcre_extra\fP block. If \fBpcre_extra\fP
+is NULL, or there is no study data, zero is returned. The fourth argument
+should point to a \fBsize_t\fP variable. The \fIstudy_data\fP field is set by
+\fBpcre_study()\fP to record information that will speed up matching (see the
+section entitled
+.\" HTML <a href="#studyingapattern">
+.\" </a>
+"Studying a pattern"
+.\"
+above). The format of the \fIstudy_data\fP block is private, but its length
+is made available via this option so that it can be saved and restored (see the
+.\" HREF
+\fBpcreprecompile\fP
+.\"
+documentation for details).
+.sp
+  PCRE_INFO_REQUIREDCHARFLAGS
+.sp
+Returns 1 if there is a rightmost literal data unit that must exist in any
+matched string, other than at its start. The fourth argument should  point to
+an \fBint\fP variable. If there is no such value, 0 is returned. If returning
+1, the character value itself can be retrieved using PCRE_INFO_REQUIREDCHAR.
+.P
+For anchored patterns, a last literal value is recorded only if it follows
+something of variable length. For example, for the pattern /^a\ed+z\ed+/ the
+returned value 1 (with "z" returned from PCRE_INFO_REQUIREDCHAR), but for
+/^a\edz\ed/ the returned value is 0.
+.sp
+  PCRE_INFO_REQUIREDCHAR
+.sp
+Return the value of the rightmost literal data unit that must exist in any
+matched string, other than at its start, if such a value has been recorded. The
+fourth argument should point to an \fBuint32_t\fP variable. If there is no such
+value, 0 is returned.
+.
+.
+.SH "REFERENCE COUNTS"
+.rs
+.sp
+.B int pcre_refcount(pcre *\fIcode\fP, int \fIadjust\fP);
+.PP
+The \fBpcre_refcount()\fP function is used to maintain a reference count in the
+data block that contains a compiled pattern. It is provided for the benefit of
+applications that operate in an object-oriented manner, where different parts
+of the application may be using the same compiled pattern, but you want to free
+the block when they are all done.
+.P
+When a pattern is compiled, the reference count field is initialized to zero.
+It is changed only by calling this function, whose action is to add the
+\fIadjust\fP value (which may be positive or negative) to it. The yield of the
+function is the new value. However, the value of the count is constrained to
+lie between 0 and 65535, inclusive. If the new value is outside these limits,
+it is forced to the appropriate limit value.
+.P
+Except when it is zero, the reference count is not correctly preserved if a
+pattern is compiled on one host and then transferred to a host whose byte-order
+is different. (This seems a highly unlikely scenario.)
+.
+.
+.SH "MATCHING A PATTERN: THE TRADITIONAL FUNCTION"
+.rs
+.sp
+.nf
+.B int pcre_exec(const pcre *\fIcode\fP, "const pcre_extra *\fIextra\fP,"
+.B "     const char *\fIsubject\fP," int \fIlength\fP, int \fIstartoffset\fP,
+.B "     int \fIoptions\fP, int *\fIovector\fP, int \fIovecsize\fP);"
+.fi
+.P
+The function \fBpcre_exec()\fP is called to match a subject string against a
+compiled pattern, which is passed in the \fIcode\fP argument. If the
+pattern was studied, the result of the study should be passed in the
+\fIextra\fP argument. You can call \fBpcre_exec()\fP with the same \fIcode\fP
+and \fIextra\fP arguments as many times as you like, in order to match
+different subject strings with the same pattern.
+.P
+This function is the main matching facility of the library, and it operates in
+a Perl-like manner. For specialist use there is also an alternative matching
+function, which is described
+.\" HTML <a href="#dfamatch">
+.\" </a>
+below
+.\"
+in the section about the \fBpcre_dfa_exec()\fP function.
+.P
+In most applications, the pattern will have been compiled (and optionally
+studied) in the same process that calls \fBpcre_exec()\fP. However, it is
+possible to save compiled patterns and study data, and then use them later
+in different processes, possibly even on different hosts. For a discussion
+about this, see the
+.\" HREF
+\fBpcreprecompile\fP
+.\"
+documentation.
+.P
+Here is an example of a simple call to \fBpcre_exec()\fP:
+.sp
+  int rc;
+  int ovector[30];
+  rc = pcre_exec(
+    re,             /* result of pcre_compile() */
+    NULL,           /* we didn't study the pattern */
+    "some string",  /* the subject string */
+    11,             /* the length of the subject string */
+    0,              /* start at offset 0 in the subject */
+    0,              /* default options */
+    ovector,        /* vector of integers for substring information */
+    30);            /* number of elements (NOT size in bytes) */
+.
+.
+.\" HTML <a name="extradata"></a>
+.SS "Extra data for \fBpcre_exec()\fR"
+.rs
+.sp
+If the \fIextra\fP argument is not NULL, it must point to a \fBpcre_extra\fP
+data block. The \fBpcre_study()\fP function returns such a block (when it
+doesn't return NULL), but you can also create one for yourself, and pass
+additional information in it. The \fBpcre_extra\fP block contains the following
+fields (not necessarily in this order):
+.sp
+  unsigned long int \fIflags\fP;
+  void *\fIstudy_data\fP;
+  void *\fIexecutable_jit\fP;
+  unsigned long int \fImatch_limit\fP;
+  unsigned long int \fImatch_limit_recursion\fP;
+  void *\fIcallout_data\fP;
+  const unsigned char *\fItables\fP;
+  unsigned char **\fImark\fP;
+.sp
+In the 16-bit version of this structure, the \fImark\fP field has type
+"PCRE_UCHAR16 **".
+.sp
+In the 32-bit version of this structure, the \fImark\fP field has type
+"PCRE_UCHAR32 **".
+.P
+The \fIflags\fP field is used to specify which of the other fields are set. The
+flag bits are:
+.sp
+  PCRE_EXTRA_CALLOUT_DATA
+  PCRE_EXTRA_EXECUTABLE_JIT
+  PCRE_EXTRA_MARK
+  PCRE_EXTRA_MATCH_LIMIT
+  PCRE_EXTRA_MATCH_LIMIT_RECURSION
+  PCRE_EXTRA_STUDY_DATA
+  PCRE_EXTRA_TABLES
+.sp
+Other flag bits should be set to zero. The \fIstudy_data\fP field and sometimes
+the \fIexecutable_jit\fP field are set in the \fBpcre_extra\fP block that is
+returned by \fBpcre_study()\fP, together with the appropriate flag bits. You
+should not set these yourself, but you may add to the block by setting other
+fields and their corresponding flag bits.
+.P
+The \fImatch_limit\fP field provides a means of preventing PCRE from using up a
+vast amount of resources when running patterns that are not going to match,
+but which have a very large number of possibilities in their search trees. The
+classic example is a pattern that uses nested unlimited repeats.
+.P
+Internally, \fBpcre_exec()\fP uses a function called \fBmatch()\fP, which it
+calls repeatedly (sometimes recursively). The limit set by \fImatch_limit\fP is
+imposed on the number of times this function is called during a match, which
+has the effect of limiting the amount of backtracking that can take place. For
+patterns that are not anchored, the count restarts from zero for each position
+in the subject string.
+.P
+When \fBpcre_exec()\fP is called with a pattern that was successfully studied
+with a JIT option, the way that the matching is executed is entirely different.
+However, there is still the possibility of runaway matching that goes on for a
+very long time, and so the \fImatch_limit\fP value is also used in this case
+(but in a different way) to limit how long the matching can continue.
+.P
+The default value for the limit can be set when PCRE is built; the default
+default is 10 million, which handles all but the most extreme cases. You can
+override the default by suppling \fBpcre_exec()\fP with a \fBpcre_extra\fP
+block in which \fImatch_limit\fP is set, and PCRE_EXTRA_MATCH_LIMIT is set in
+the \fIflags\fP field. If the limit is exceeded, \fBpcre_exec()\fP returns
+PCRE_ERROR_MATCHLIMIT.
+.P
+A value for the match limit may also be supplied by an item at the start of a
+pattern of the form
+.sp
+  (*LIMIT_MATCH=d)
+.sp
+where d is a decimal number. However, such a setting is ignored unless d is
+less than the limit set by the caller of \fBpcre_exec()\fP or, if no such limit
+is set, less than the default.
+.P
+The \fImatch_limit_recursion\fP field is similar to \fImatch_limit\fP, but
+instead of limiting the total number of times that \fBmatch()\fP is called, it
+limits the depth of recursion. The recursion depth is a smaller number than the
+total number of calls, because not all calls to \fBmatch()\fP are recursive.
+This limit is of use only if it is set smaller than \fImatch_limit\fP.
+.P
+Limiting the recursion depth limits the amount of machine stack that can be
+used, or, when PCRE has been compiled to use memory on the heap instead of the
+stack, the amount of heap memory that can be used. This limit is not relevant,
+and is ignored, when matching is done using JIT compiled code.
+.P
+The default value for \fImatch_limit_recursion\fP can be set when PCRE is
+built; the default default is the same value as the default for
+\fImatch_limit\fP. You can override the default by suppling \fBpcre_exec()\fP
+with a \fBpcre_extra\fP block in which \fImatch_limit_recursion\fP is set, and
+PCRE_EXTRA_MATCH_LIMIT_RECURSION is set in the \fIflags\fP field. If the limit
+is exceeded, \fBpcre_exec()\fP returns PCRE_ERROR_RECURSIONLIMIT.
+.P
+A value for the recursion limit may also be supplied by an item at the start of
+a pattern of the form
+.sp
+  (*LIMIT_RECURSION=d)
+.sp
+where d is a decimal number. However, such a setting is ignored unless d is
+less than the limit set by the caller of \fBpcre_exec()\fP or, if no such limit
+is set, less than the default.
+.P
+The \fIcallout_data\fP field is used in conjunction with the "callout" feature,
+and is described in the
+.\" HREF
+\fBpcrecallout\fP
+.\"
+documentation.
+.P
+The \fItables\fP field is provided for use with patterns that have been
+pre-compiled using custom character tables, saved to disc or elsewhere, and
+then reloaded, because the tables that were used to compile a pattern are not
+saved with it. See the
+.\" HREF
+\fBpcreprecompile\fP
+.\"
+documentation for a discussion of saving compiled patterns for later use. If
+NULL is passed using this mechanism, it forces PCRE's internal tables to be
+used.
+.P
+\fBWarning:\fP The tables that \fBpcre_exec()\fP uses must be the same as those
+that were used when the pattern was compiled. If this is not the case, the
+behaviour of \fBpcre_exec()\fP is undefined. Therefore, when a pattern is
+compiled and matched in the same process, this field should never be set. In
+this (the most common) case, the correct table pointer is automatically passed
+with the compiled pattern from \fBpcre_compile()\fP to \fBpcre_exec()\fP.
+.P
+If PCRE_EXTRA_MARK is set in the \fIflags\fP field, the \fImark\fP field must
+be set to point to a suitable variable. If the pattern contains any
+backtracking control verbs such as (*MARK:NAME), and the execution ends up with
+a name to pass back, a pointer to the name string (zero terminated) is placed
+in the variable pointed to by the \fImark\fP field. The names are within the
+compiled pattern; if you wish to retain such a name you must copy it before
+freeing the memory of a compiled pattern. If there is no name to pass back, the
+variable pointed to by the \fImark\fP field is set to NULL. For details of the
+backtracking control verbs, see the section entitled
+.\" HTML <a href="pcrepattern#backtrackcontrol">
+.\" </a>
+"Backtracking control"
+.\"
+in the
+.\" HREF
+\fBpcrepattern\fP
+.\"
+documentation.
+.
+.
+.\" HTML <a name="execoptions"></a>
+.SS "Option bits for \fBpcre_exec()\fP"
+.rs
+.sp
+The unused bits of the \fIoptions\fP argument for \fBpcre_exec()\fP must be
+zero. The only bits that may be set are PCRE_ANCHORED, PCRE_NEWLINE_\fIxxx\fP,
+PCRE_NOTBOL, PCRE_NOTEOL, PCRE_NOTEMPTY, PCRE_NOTEMPTY_ATSTART,
+PCRE_NO_START_OPTIMIZE, PCRE_NO_UTF8_CHECK, PCRE_PARTIAL_HARD, and
+PCRE_PARTIAL_SOFT.
+.P
+If the pattern was successfully studied with one of the just-in-time (JIT)
+compile options, the only supported options for JIT execution are
+PCRE_NO_UTF8_CHECK, PCRE_NOTBOL, PCRE_NOTEOL, PCRE_NOTEMPTY,
+PCRE_NOTEMPTY_ATSTART, PCRE_PARTIAL_HARD, and PCRE_PARTIAL_SOFT. If an
+unsupported option is used, JIT execution is disabled and the normal
+interpretive code in \fBpcre_exec()\fP is run.
+.sp
+  PCRE_ANCHORED
+.sp
+The PCRE_ANCHORED option limits \fBpcre_exec()\fP to matching at the first
+matching position. If a pattern was compiled with PCRE_ANCHORED, or turned out
+to be anchored by virtue of its contents, it cannot be made unachored at
+matching time.
+.sp
+  PCRE_BSR_ANYCRLF
+  PCRE_BSR_UNICODE
+.sp
+These options (which are mutually exclusive) control what the \eR escape
+sequence matches. The choice is either to match only CR, LF, or CRLF, or to
+match any Unicode newline sequence. These options override the choice that was
+made or defaulted when the pattern was compiled.
+.sp
+  PCRE_NEWLINE_CR
+  PCRE_NEWLINE_LF
+  PCRE_NEWLINE_CRLF
+  PCRE_NEWLINE_ANYCRLF
+  PCRE_NEWLINE_ANY
+.sp
+These options override the newline definition that was chosen or defaulted when
+the pattern was compiled. For details, see the description of
+\fBpcre_compile()\fP above. During matching, the newline choice affects the
+behaviour of the dot, circumflex, and dollar metacharacters. It may also alter
+the way the match position is advanced after a match failure for an unanchored
+pattern.
+.P
+When PCRE_NEWLINE_CRLF, PCRE_NEWLINE_ANYCRLF, or PCRE_NEWLINE_ANY is set, and a
+match attempt for an unanchored pattern fails when the current position is at a
+CRLF sequence, and the pattern contains no explicit matches for CR or LF
+characters, the match position is advanced by two characters instead of one, in
+other words, to after the CRLF.
+.P
+The above rule is a compromise that makes the most common cases work as
+expected. For example, if the pattern is .+A (and the PCRE_DOTALL option is not
+set), it does not match the string "\er\enA" because, after failing at the
+start, it skips both the CR and the LF before retrying. However, the pattern
+[\er\en]A does match that string, because it contains an explicit CR or LF
+reference, and so advances only by one character after the first failure.
+.P
+An explicit match for CR of LF is either a literal appearance of one of those
+characters, or one of the \er or \en escape sequences. Implicit matches such as
+[^X] do not count, nor does \es (which includes CR and LF in the characters
+that it matches).
+.P
+Notwithstanding the above, anomalous effects may still occur when CRLF is a
+valid newline sequence and explicit \er or \en escapes appear in the pattern.
+.sp
+  PCRE_NOTBOL
+.sp
+This option specifies that first character of the subject string is not the
+beginning of a line, so the circumflex metacharacter should not match before
+it. Setting this without PCRE_MULTILINE (at compile time) causes circumflex
+never to match. This option affects only the behaviour of the circumflex
+metacharacter. It does not affect \eA.
+.sp
+  PCRE_NOTEOL
+.sp
+This option specifies that the end of the subject string is not the end of a
+line, so the dollar metacharacter should not match it nor (except in multiline
+mode) a newline immediately before it. Setting this without PCRE_MULTILINE (at
+compile time) causes dollar never to match. This option affects only the
+behaviour of the dollar metacharacter. It does not affect \eZ or \ez.
+.sp
+  PCRE_NOTEMPTY
+.sp
+An empty string is not considered to be a valid match if this option is set. If
+there are alternatives in the pattern, they are tried. If all the alternatives
+match the empty string, the entire match fails. For example, if the pattern
+.sp
+  a?b?
+.sp
+is applied to a string not beginning with "a" or "b", it matches an empty
+string at the start of the subject. With PCRE_NOTEMPTY set, this match is not
+valid, so PCRE searches further into the string for occurrences of "a" or "b".
+.sp
+  PCRE_NOTEMPTY_ATSTART
+.sp
+This is like PCRE_NOTEMPTY, except that an empty string match that is not at
+the start of the subject is permitted. If the pattern is anchored, such a match
+can occur only if the pattern contains \eK.
+.P
+Perl has no direct equivalent of PCRE_NOTEMPTY or PCRE_NOTEMPTY_ATSTART, but it
+does make a special case of a pattern match of the empty string within its
+\fBsplit()\fP function, and when using the /g modifier. It is possible to
+emulate Perl's behaviour after matching a null string by first trying the match
+again at the same offset with PCRE_NOTEMPTY_ATSTART and PCRE_ANCHORED, and then
+if that fails, by advancing the starting offset (see below) and trying an
+ordinary match again. There is some code that demonstrates how to do this in
+the
+.\" HREF
+\fBpcredemo\fP
+.\"
+sample program. In the most general case, you have to check to see if the
+newline convention recognizes CRLF as a newline, and if so, and the current
+character is CR followed by LF, advance the starting offset by two characters
+instead of one.
+.sp
+  PCRE_NO_START_OPTIMIZE
+.sp
+There are a number of optimizations that \fBpcre_exec()\fP uses at the start of
+a match, in order to speed up the process. For example, if it is known that an
+unanchored match must start with a specific character, it searches the subject
+for that character, and fails immediately if it cannot find it, without
+actually running the main matching function. This means that a special item
+such as (*COMMIT) at the start of a pattern is not considered until after a
+suitable starting point for the match has been found. Also, when callouts or
+(*MARK) items are in use, these "start-up" optimizations can cause them to be
+skipped if the pattern is never actually used. The start-up optimizations are
+in effect a pre-scan of the subject that takes place before the pattern is run.
+.P
+The PCRE_NO_START_OPTIMIZE option disables the start-up optimizations, possibly
+causing performance to suffer, but ensuring that in cases where the result is
+"no match", the callouts do occur, and that items such as (*COMMIT) and (*MARK)
+are considered at every possible starting position in the subject string. If
+PCRE_NO_START_OPTIMIZE is set at compile time, it cannot be unset at matching
+time. The use of PCRE_NO_START_OPTIMIZE at matching time (that is, passing it
+to \fBpcre_exec()\fP) disables JIT execution; in this situation, matching is
+always done using interpretively.
+.P
+Setting PCRE_NO_START_OPTIMIZE can change the outcome of a matching operation.
+Consider the pattern
+.sp
+  (*COMMIT)ABC
+.sp
+When this is compiled, PCRE records the fact that a match must start with the
+character "A". Suppose the subject string is "DEFABC". The start-up
+optimization scans along the subject, finds "A" and runs the first match
+attempt from there. The (*COMMIT) item means that the pattern must match the
+current starting position, which in this case, it does. However, if the same
+match is run with PCRE_NO_START_OPTIMIZE set, the initial scan along the
+subject string does not happen. The first match attempt is run starting from
+"D" and when this fails, (*COMMIT) prevents any further matches being tried, so
+the overall result is "no match". If the pattern is studied, more start-up
+optimizations may be used. For example, a minimum length for the subject may be
+recorded. Consider the pattern
+.sp
+  (*MARK:A)(X|Y)
+.sp
+The minimum length for a match is one character. If the subject is "ABC", there
+will be attempts to match "ABC", "BC", "C", and then finally an empty string.
+If the pattern is studied, the final attempt does not take place, because PCRE
+knows that the subject is too short, and so the (*MARK) is never encountered.
+In this case, studying the pattern does not affect the overall match result,
+which is still "no match", but it does affect the auxiliary information that is
+returned.
+.sp
+  PCRE_NO_UTF8_CHECK
+.sp
+When PCRE_UTF8 is set at compile time, the validity of the subject as a UTF-8
+string is automatically checked when \fBpcre_exec()\fP is subsequently called.
+The entire string is checked before any other processing takes place. The value
+of \fIstartoffset\fP is also checked to ensure that it points to the start of a
+UTF-8 character. There is a discussion about the
+.\" HTML <a href="pcreunicode.html#utf8strings">
+.\" </a>
+validity of UTF-8 strings
+.\"
+in the
+.\" HREF
+\fBpcreunicode\fP
+.\"
+page. If an invalid sequence of bytes is found, \fBpcre_exec()\fP returns the
+error PCRE_ERROR_BADUTF8 or, if PCRE_PARTIAL_HARD is set and the problem is a
+truncated character at the end of the subject, PCRE_ERROR_SHORTUTF8. In both
+cases, information about the precise nature of the error may also be returned
+(see the descriptions of these errors in the section entitled \fIError return
+values from\fP \fBpcre_exec()\fP
+.\" HTML <a href="#errorlist">
+.\" </a>
+below).
+.\"
+If \fIstartoffset\fP contains a value that does not point to the start of a
+UTF-8 character (or to the end of the subject), PCRE_ERROR_BADUTF8_OFFSET is
+returned.
+.P
+If you already know that your subject is valid, and you want to skip these
+checks for performance reasons, you can set the PCRE_NO_UTF8_CHECK option when
+calling \fBpcre_exec()\fP. You might want to do this for the second and
+subsequent calls to \fBpcre_exec()\fP if you are making repeated calls to find
+all the matches in a single subject string. However, you should be sure that
+the value of \fIstartoffset\fP points to the start of a character (or the end
+of the subject). When PCRE_NO_UTF8_CHECK is set, the effect of passing an
+invalid string as a subject or an invalid value of \fIstartoffset\fP is
+undefined. Your program may crash or loop.
+.sp
+  PCRE_PARTIAL_HARD
+  PCRE_PARTIAL_SOFT
+.sp
+These options turn on the partial matching feature. For backwards
+compatibility, PCRE_PARTIAL is a synonym for PCRE_PARTIAL_SOFT. A partial match
+occurs if the end of the subject string is reached successfully, but there are
+not enough subject characters to complete the match. If this happens when
+PCRE_PARTIAL_SOFT (but not PCRE_PARTIAL_HARD) is set, matching continues by
+testing any remaining alternatives. Only if no complete match can be found is
+PCRE_ERROR_PARTIAL returned instead of PCRE_ERROR_NOMATCH. In other words,
+PCRE_PARTIAL_SOFT says that the caller is prepared to handle a partial match,
+but only if no complete match can be found.
+.P
+If PCRE_PARTIAL_HARD is set, it overrides PCRE_PARTIAL_SOFT. In this case, if a
+partial match is found, \fBpcre_exec()\fP immediately returns
+PCRE_ERROR_PARTIAL, without considering any other alternatives. In other words,
+when PCRE_PARTIAL_HARD is set, a partial match is considered to be more
+important that an alternative complete match.
+.P
+In both cases, the portion of the string that was inspected when the partial
+match was found is set as the first matching string. There is a more detailed
+discussion of partial and multi-segment matching, with examples, in the
+.\" HREF
+\fBpcrepartial\fP
+.\"
+documentation.
+.
+.
+.SS "The string to be matched by \fBpcre_exec()\fP"
+.rs
+.sp
+The subject string is passed to \fBpcre_exec()\fP as a pointer in
+\fIsubject\fP, a length in \fIlength\fP, and a starting offset in
+\fIstartoffset\fP. The units for \fIlength\fP and \fIstartoffset\fP are bytes
+for the 8-bit library, 16-bit data items for the 16-bit library, and 32-bit
+data items for the 32-bit library.
+.P
+If \fIstartoffset\fP is negative or greater than the length of the subject,
+\fBpcre_exec()\fP returns PCRE_ERROR_BADOFFSET. When the starting offset is
+zero, the search for a match starts at the beginning of the subject, and this
+is by far the most common case. In UTF-8 or UTF-16 mode, the offset must point
+to the start of a character, or the end of the subject (in UTF-32 mode, one
+data unit equals one character, so all offsets are valid). Unlike the pattern
+string, the subject may contain binary zeroes.
+.P
+A non-zero starting offset is useful when searching for another match in the
+same subject by calling \fBpcre_exec()\fP again after a previous success.
+Setting \fIstartoffset\fP differs from just passing over a shortened string and
+setting PCRE_NOTBOL in the case of a pattern that begins with any kind of
+lookbehind. For example, consider the pattern
+.sp
+  \eBiss\eB
+.sp
+which finds occurrences of "iss" in the middle of words. (\eB matches only if
+the current position in the subject is not a word boundary.) When applied to
+the string "Mississipi" the first call to \fBpcre_exec()\fP finds the first
+occurrence. If \fBpcre_exec()\fP is called again with just the remainder of the
+subject, namely "issipi", it does not match, because \eB is always false at the
+start of the subject, which is deemed to be a word boundary. However, if
+\fBpcre_exec()\fP is passed the entire string again, but with \fIstartoffset\fP
+set to 4, it finds the second occurrence of "iss" because it is able to look
+behind the starting point to discover that it is preceded by a letter.
+.P
+Finding all the matches in a subject is tricky when the pattern can match an
+empty string. It is possible to emulate Perl's /g behaviour by first trying the
+match again at the same offset, with the PCRE_NOTEMPTY_ATSTART and
+PCRE_ANCHORED options, and then if that fails, advancing the starting offset
+and trying an ordinary match again. There is some code that demonstrates how to
+do this in the
+.\" HREF
+\fBpcredemo\fP
+.\"
+sample program. In the most general case, you have to check to see if the
+newline convention recognizes CRLF as a newline, and if so, and the current
+character is CR followed by LF, advance the starting offset by two characters
+instead of one.
+.P
+If a non-zero starting offset is passed when the pattern is anchored, one
+attempt to match at the given offset is made. This can only succeed if the
+pattern does not require the match to be at the start of the subject.
+.
+.
+.SS "How \fBpcre_exec()\fP returns captured substrings"
+.rs
+.sp
+In general, a pattern matches a certain portion of the subject, and in
+addition, further substrings from the subject may be picked out by parts of the
+pattern. Following the usage in Jeffrey Friedl's book, this is called
+"capturing" in what follows, and the phrase "capturing subpattern" is used for
+a fragment of a pattern that picks out a substring. PCRE supports several other
+kinds of parenthesized subpattern that do not cause substrings to be captured.
+.P
+Captured substrings are returned to the caller via a vector of integers whose
+address is passed in \fIovector\fP. The number of elements in the vector is
+passed in \fIovecsize\fP, which must be a non-negative number. \fBNote\fP: this
+argument is NOT the size of \fIovector\fP in bytes.
+.P
+The first two-thirds of the vector is used to pass back captured substrings,
+each substring using a pair of integers. The remaining third of the vector is
+used as workspace by \fBpcre_exec()\fP while matching capturing subpatterns,
+and is not available for passing back information. The number passed in
+\fIovecsize\fP should always be a multiple of three. If it is not, it is
+rounded down.
+.P
+When a match is successful, information about captured substrings is returned
+in pairs of integers, starting at the beginning of \fIovector\fP, and
+continuing up to two-thirds of its length at the most. The first element of
+each pair is set to the offset of the first character in a substring, and the
+second is set to the offset of the first character after the end of a
+substring. These values are always data unit offsets, even in UTF mode. They
+are byte offsets in the 8-bit library, 16-bit data item offsets in the 16-bit
+library, and 32-bit data item offsets in the 32-bit library. \fBNote\fP: they
+are not character counts.
+.P
+The first pair of integers, \fIovector[0]\fP and \fIovector[1]\fP, identify the
+portion of the subject string matched by the entire pattern. The next pair is
+used for the first capturing subpattern, and so on. The value returned by
+\fBpcre_exec()\fP is one more than the highest numbered pair that has been set.
+For example, if two substrings have been captured, the returned value is 3. If
+there are no capturing subpatterns, the return value from a successful match is
+1, indicating that just the first pair of offsets has been set.
+.P
+If a capturing subpattern is matched repeatedly, it is the last portion of the
+string that it matched that is returned.
+.P
+If the vector is too small to hold all the captured substring offsets, it is
+used as far as possible (up to two-thirds of its length), and the function
+returns a value of zero. If neither the actual string matched nor any captured
+substrings are of interest, \fBpcre_exec()\fP may be called with \fIovector\fP
+passed as NULL and \fIovecsize\fP as zero. However, if the pattern contains
+back references and the \fIovector\fP is not big enough to remember the related
+substrings, PCRE has to get additional memory for use during matching. Thus it
+is usually advisable to supply an \fIovector\fP of reasonable size.
+.P
+There are some cases where zero is returned (indicating vector overflow) when
+in fact the vector is exactly the right size for the final match. For example,
+consider the pattern
+.sp
+  (a)(?:(b)c|bd)
+.sp
+If a vector of 6 elements (allowing for only 1 captured substring) is given
+with subject string "abd", \fBpcre_exec()\fP will try to set the second
+captured string, thereby recording a vector overflow, before failing to match
+"c" and backing up to try the second alternative. The zero return, however,
+does correctly indicate that the maximum number of slots (namely 2) have been
+filled. In similar cases where there is temporary overflow, but the final
+number of used slots is actually less than the maximum, a non-zero value is
+returned.
+.P
+The \fBpcre_fullinfo()\fP function can be used to find out how many capturing
+subpatterns there are in a compiled pattern. The smallest size for
+\fIovector\fP that will allow for \fIn\fP captured substrings, in addition to
+the offsets of the substring matched by the whole pattern, is (\fIn\fP+1)*3.
+.P
+It is possible for capturing subpattern number \fIn+1\fP to match some part of
+the subject when subpattern \fIn\fP has not been used at all. For example, if
+the string "abc" is matched against the pattern (a|(z))(bc) the return from the
+function is 4, and subpatterns 1 and 3 are matched, but 2 is not. When this
+happens, both values in the offset pairs corresponding to unused subpatterns
+are set to -1.
+.P
+Offset values that correspond to unused subpatterns at the end of the
+expression are also set to -1. For example, if the string "abc" is matched
+against the pattern (abc)(x(yz)?)? subpatterns 2 and 3 are not matched. The
+return from the function is 2, because the highest used capturing subpattern
+number is 1, and the offsets for for the second and third capturing subpatterns
+(assuming the vector is large enough, of course) are set to -1.
+.P
+\fBNote\fP: Elements in the first two-thirds of \fIovector\fP that do not
+correspond to capturing parentheses in the pattern are never changed. That is,
+if a pattern contains \fIn\fP capturing parentheses, no more than
+\fIovector[0]\fP to \fIovector[2n+1]\fP are set by \fBpcre_exec()\fP. The other
+elements (in the first two-thirds) retain whatever values they previously had.
+.P
+Some convenience functions are provided for extracting the captured substrings
+as separate strings. These are described below.
+.
+.
+.\" HTML <a name="errorlist"></a>
+.SS "Error return values from \fBpcre_exec()\fP"
+.rs
+.sp
+If \fBpcre_exec()\fP fails, it returns a negative number. The following are
+defined in the header file:
+.sp
+  PCRE_ERROR_NOMATCH        (-1)
+.sp
+The subject string did not match the pattern.
+.sp
+  PCRE_ERROR_NULL           (-2)
+.sp
+Either \fIcode\fP or \fIsubject\fP was passed as NULL, or \fIovector\fP was
+NULL and \fIovecsize\fP was not zero.
+.sp
+  PCRE_ERROR_BADOPTION      (-3)
+.sp
+An unrecognized bit was set in the \fIoptions\fP argument.
+.sp
+  PCRE_ERROR_BADMAGIC       (-4)
+.sp
+PCRE stores a 4-byte "magic number" at the start of the compiled code, to catch
+the case when it is passed a junk pointer and to detect when a pattern that was
+compiled in an environment of one endianness is run in an environment with the
+other endianness. This is the error that PCRE gives when the magic number is
+not present.
+.sp
+  PCRE_ERROR_UNKNOWN_OPCODE (-5)
+.sp
+While running the pattern match, an unknown item was encountered in the
+compiled pattern. This error could be caused by a bug in PCRE or by overwriting
+of the compiled pattern.
+.sp
+  PCRE_ERROR_NOMEMORY       (-6)
+.sp
+If a pattern contains back references, but the \fIovector\fP that is passed to
+\fBpcre_exec()\fP is not big enough to remember the referenced substrings, PCRE
+gets a block of memory at the start of matching to use for this purpose. If the
+call via \fBpcre_malloc()\fP fails, this error is given. The memory is
+automatically freed at the end of matching.
+.P
+This error is also given if \fBpcre_stack_malloc()\fP fails in
+\fBpcre_exec()\fP. This can happen only when PCRE has been compiled with
+\fB--disable-stack-for-recursion\fP.
+.sp
+  PCRE_ERROR_NOSUBSTRING    (-7)
+.sp
+This error is used by the \fBpcre_copy_substring()\fP,
+\fBpcre_get_substring()\fP, and \fBpcre_get_substring_list()\fP functions (see
+below). It is never returned by \fBpcre_exec()\fP.
+.sp
+  PCRE_ERROR_MATCHLIMIT     (-8)
+.sp
+The backtracking limit, as specified by the \fImatch_limit\fP field in a
+\fBpcre_extra\fP structure (or defaulted) was reached. See the description
+above.
+.sp
+  PCRE_ERROR_CALLOUT        (-9)
+.sp
+This error is never generated by \fBpcre_exec()\fP itself. It is provided for
+use by callout functions that want to yield a distinctive error code. See the
+.\" HREF
+\fBpcrecallout\fP
+.\"
+documentation for details.
+.sp
+  PCRE_ERROR_BADUTF8        (-10)
+.sp
+A string that contains an invalid UTF-8 byte sequence was passed as a subject,
+and the PCRE_NO_UTF8_CHECK option was not set. If the size of the output vector
+(\fIovecsize\fP) is at least 2, the byte offset to the start of the the invalid
+UTF-8 character is placed in the first element, and a reason code is placed in
+the second element. The reason codes are listed in the
+.\" HTML <a href="#badutf8reasons">
+.\" </a>
+following section.
+.\"
+For backward compatibility, if PCRE_PARTIAL_HARD is set and the problem is a
+truncated UTF-8 character at the end of the subject (reason codes 1 to 5),
+PCRE_ERROR_SHORTUTF8 is returned instead of PCRE_ERROR_BADUTF8.
+.sp
+  PCRE_ERROR_BADUTF8_OFFSET (-11)
+.sp
+The UTF-8 byte sequence that was passed as a subject was checked and found to
+be valid (the PCRE_NO_UTF8_CHECK option was not set), but the value of
+\fIstartoffset\fP did not point to the beginning of a UTF-8 character or the
+end of the subject.
+.sp
+  PCRE_ERROR_PARTIAL        (-12)
+.sp
+The subject string did not match, but it did match partially. See the
+.\" HREF
+\fBpcrepartial\fP
+.\"
+documentation for details of partial matching.
+.sp
+  PCRE_ERROR_BADPARTIAL     (-13)
+.sp
+This code is no longer in use. It was formerly returned when the PCRE_PARTIAL
+option was used with a compiled pattern containing items that were not
+supported for partial matching. From release 8.00 onwards, there are no
+restrictions on partial matching.
+.sp
+  PCRE_ERROR_INTERNAL       (-14)
+.sp
+An unexpected internal error has occurred. This error could be caused by a bug
+in PCRE or by overwriting of the compiled pattern.
+.sp
+  PCRE_ERROR_BADCOUNT       (-15)
+.sp
+This error is given if the value of the \fIovecsize\fP argument is negative.
+.sp
+  PCRE_ERROR_RECURSIONLIMIT (-21)
+.sp
+The internal recursion limit, as specified by the \fImatch_limit_recursion\fP
+field in a \fBpcre_extra\fP structure (or defaulted) was reached. See the
+description above.
+.sp
+  PCRE_ERROR_BADNEWLINE     (-23)
+.sp
+An invalid combination of PCRE_NEWLINE_\fIxxx\fP options was given.
+.sp
+  PCRE_ERROR_BADOFFSET      (-24)
+.sp
+The value of \fIstartoffset\fP was negative or greater than the length of the
+subject, that is, the value in \fIlength\fP.
+.sp
+  PCRE_ERROR_SHORTUTF8      (-25)
+.sp
+This error is returned instead of PCRE_ERROR_BADUTF8 when the subject string
+ends with a truncated UTF-8 character and the PCRE_PARTIAL_HARD option is set.
+Information about the failure is returned as for PCRE_ERROR_BADUTF8. It is in
+fact sufficient to detect this case, but this special error code for
+PCRE_PARTIAL_HARD precedes the implementation of returned information; it is
+retained for backwards compatibility.
+.sp
+  PCRE_ERROR_RECURSELOOP    (-26)
+.sp
+This error is returned when \fBpcre_exec()\fP detects a recursion loop within
+the pattern. Specifically, it means that either the whole pattern or a
+subpattern has been called recursively for the second time at the same position
+in the subject string. Some simple patterns that might do this are detected and
+faulted at compile time, but more complicated cases, in particular mutual
+recursions between two different subpatterns, cannot be detected until run
+time.
+.sp
+  PCRE_ERROR_JIT_STACKLIMIT (-27)
+.sp
+This error is returned when a pattern that was successfully studied using a
+JIT compile option is being matched, but the memory available for the
+just-in-time processing stack is not large enough. See the
+.\" HREF
+\fBpcrejit\fP
+.\"
+documentation for more details.
+.sp
+  PCRE_ERROR_BADMODE        (-28)
+.sp
+This error is given if a pattern that was compiled by the 8-bit library is
+passed to a 16-bit or 32-bit library function, or vice versa.
+.sp
+  PCRE_ERROR_BADENDIANNESS  (-29)
+.sp
+This error is given if a pattern that was compiled and saved is reloaded on a
+host with different endianness. The utility function
+\fBpcre_pattern_to_host_byte_order()\fP can be used to convert such a pattern
+so that it runs on the new host.
+.sp
+  PCRE_ERROR_JIT_BADOPTION
+.sp
+This error is returned when a pattern that was successfully studied using a JIT
+compile option is being matched, but the matching mode (partial or complete
+match) does not correspond to any JIT compilation mode. When the JIT fast path
+function is used, this error may be also given for invalid options. See the
+.\" HREF
+\fBpcrejit\fP
+.\"
+documentation for more details.
+.sp
+  PCRE_ERROR_BADLENGTH      (-32)
+.sp
+This error is given if \fBpcre_exec()\fP is called with a negative value for
+the \fIlength\fP argument.
+.P
+Error numbers -16 to -20, -22, and 30 are not used by \fBpcre_exec()\fP.
+.
+.
+.\" HTML <a name="badutf8reasons"></a>
+.SS "Reason codes for invalid UTF-8 strings"
+.rs
+.sp
+This section applies only to the 8-bit library. The corresponding information
+for the 16-bit and 32-bit libraries is given in the
+.\" HREF
+\fBpcre16\fP
+.\"
+and
+.\" HREF
+\fBpcre32\fP
+.\"
+pages.
+.P
+When \fBpcre_exec()\fP returns either PCRE_ERROR_BADUTF8 or
+PCRE_ERROR_SHORTUTF8, and the size of the output vector (\fIovecsize\fP) is at
+least 2, the offset of the start of the invalid UTF-8 character is placed in
+the first output vector element (\fIovector[0]\fP) and a reason code is placed
+in the second element (\fIovector[1]\fP). The reason codes are given names in
+the \fBpcre.h\fP header file:
+.sp
+  PCRE_UTF8_ERR1
+  PCRE_UTF8_ERR2
+  PCRE_UTF8_ERR3
+  PCRE_UTF8_ERR4
+  PCRE_UTF8_ERR5
+.sp
+The string ends with a truncated UTF-8 character; the code specifies how many
+bytes are missing (1 to 5). Although RFC 3629 restricts UTF-8 characters to be
+no longer than 4 bytes, the encoding scheme (originally defined by RFC 2279)
+allows for up to 6 bytes, and this is checked first; hence the possibility of
+4 or 5 missing bytes.
+.sp
+  PCRE_UTF8_ERR6
+  PCRE_UTF8_ERR7
+  PCRE_UTF8_ERR8
+  PCRE_UTF8_ERR9
+  PCRE_UTF8_ERR10
+.sp
+The two most significant bits of the 2nd, 3rd, 4th, 5th, or 6th byte of the
+character do not have the binary value 0b10 (that is, either the most
+significant bit is 0, or the next bit is 1).
+.sp
+  PCRE_UTF8_ERR11
+  PCRE_UTF8_ERR12
+.sp
+A character that is valid by the RFC 2279 rules is either 5 or 6 bytes long;
+these code points are excluded by RFC 3629.
+.sp
+  PCRE_UTF8_ERR13
+.sp
+A 4-byte character has a value greater than 0x10fff; these code points are
+excluded by RFC 3629.
+.sp
+  PCRE_UTF8_ERR14
+.sp
+A 3-byte character has a value in the range 0xd800 to 0xdfff; this range of
+code points are reserved by RFC 3629 for use with UTF-16, and so are excluded
+from UTF-8.
+.sp
+  PCRE_UTF8_ERR15
+  PCRE_UTF8_ERR16
+  PCRE_UTF8_ERR17
+  PCRE_UTF8_ERR18
+  PCRE_UTF8_ERR19
+.sp
+A 2-, 3-, 4-, 5-, or 6-byte character is "overlong", that is, it codes for a
+value that can be represented by fewer bytes, which is invalid. For example,
+the two bytes 0xc0, 0xae give the value 0x2e, whose correct coding uses just
+one byte.
+.sp
+  PCRE_UTF8_ERR20
+.sp
+The two most significant bits of the first byte of a character have the binary
+value 0b10 (that is, the most significant bit is 1 and the second is 0). Such a
+byte can only validly occur as the second or subsequent byte of a multi-byte
+character.
+.sp
+  PCRE_UTF8_ERR21
+.sp
+The first byte of a character has the value 0xfe or 0xff. These values can
+never occur in a valid UTF-8 string.
+.sp
+  PCRE_UTF8_ERR22
+.sp
+This error code was formerly used when the presence of a so-called
+"non-character" caused an error. Unicode corrigendum #9 makes it clear that
+such characters should not cause a string to be rejected, and so this code is
+no longer in use and is never returned.
+.
+.
+.SH "EXTRACTING CAPTURED SUBSTRINGS BY NUMBER"
+.rs
+.sp
+.nf
+.B int pcre_copy_substring(const char *\fIsubject\fP, int *\fIovector\fP,
+.B "     int \fIstringcount\fP, int \fIstringnumber\fP, char *\fIbuffer\fP,"
+.B "     int \fIbuffersize\fP);"
+.sp
+.B int pcre_get_substring(const char *\fIsubject\fP, int *\fIovector\fP,
+.B "     int \fIstringcount\fP, int \fIstringnumber\fP,"
+.B "     const char **\fIstringptr\fP);"
+.sp
+.B int pcre_get_substring_list(const char *\fIsubject\fP,
+.B "     int *\fIovector\fP, int \fIstringcount\fP, const char ***\fIlistptr\fP);"
+.fi
+.PP
+Captured substrings can be accessed directly by using the offsets returned by
+\fBpcre_exec()\fP in \fIovector\fP. For convenience, the functions
+\fBpcre_copy_substring()\fP, \fBpcre_get_substring()\fP, and
+\fBpcre_get_substring_list()\fP are provided for extracting captured substrings
+as new, separate, zero-terminated strings. These functions identify substrings
+by number. The next section describes functions for extracting named
+substrings.
+.P
+A substring that contains a binary zero is correctly extracted and has a
+further zero added on the end, but the result is not, of course, a C string.
+However, you can process such a string by referring to the length that is
+returned by \fBpcre_copy_substring()\fP and \fBpcre_get_substring()\fP.
+Unfortunately, the interface to \fBpcre_get_substring_list()\fP is not adequate
+for handling strings containing binary zeros, because the end of the final
+string is not independently indicated.
+.P
+The first three arguments are the same for all three of these functions:
+\fIsubject\fP is the subject string that has just been successfully matched,
+\fIovector\fP is a pointer to the vector of integer offsets that was passed to
+\fBpcre_exec()\fP, and \fIstringcount\fP is the number of substrings that were
+captured by the match, including the substring that matched the entire regular
+expression. This is the value returned by \fBpcre_exec()\fP if it is greater
+than zero. If \fBpcre_exec()\fP returned zero, indicating that it ran out of
+space in \fIovector\fP, the value passed as \fIstringcount\fP should be the
+number of elements in the vector divided by three.
+.P
+The functions \fBpcre_copy_substring()\fP and \fBpcre_get_substring()\fP
+extract a single substring, whose number is given as \fIstringnumber\fP. A
+value of zero extracts the substring that matched the entire pattern, whereas
+higher values extract the captured substrings. For \fBpcre_copy_substring()\fP,
+the string is placed in \fIbuffer\fP, whose length is given by
+\fIbuffersize\fP, while for \fBpcre_get_substring()\fP a new block of memory is
+obtained via \fBpcre_malloc\fP, and its address is returned via
+\fIstringptr\fP. The yield of the function is the length of the string, not
+including the terminating zero, or one of these error codes:
+.sp
+  PCRE_ERROR_NOMEMORY       (-6)
+.sp
+The buffer was too small for \fBpcre_copy_substring()\fP, or the attempt to get
+memory failed for \fBpcre_get_substring()\fP.
+.sp
+  PCRE_ERROR_NOSUBSTRING    (-7)
+.sp
+There is no substring whose number is \fIstringnumber\fP.
+.P
+The \fBpcre_get_substring_list()\fP function extracts all available substrings
+and builds a list of pointers to them. All this is done in a single block of
+memory that is obtained via \fBpcre_malloc\fP. The address of the memory block
+is returned via \fIlistptr\fP, which is also the start of the list of string
+pointers. The end of the list is marked by a NULL pointer. The yield of the
+function is zero if all went well, or the error code
+.sp
+  PCRE_ERROR_NOMEMORY       (-6)
+.sp
+if the attempt to get the memory block failed.
+.P
+When any of these functions encounter a substring that is unset, which can
+happen when capturing subpattern number \fIn+1\fP matches some part of the
+subject, but subpattern \fIn\fP has not been used at all, they return an empty
+string. This can be distinguished from a genuine zero-length substring by
+inspecting the appropriate offset in \fIovector\fP, which is negative for unset
+substrings.
+.P
+The two convenience functions \fBpcre_free_substring()\fP and
+\fBpcre_free_substring_list()\fP can be used to free the memory returned by
+a previous call of \fBpcre_get_substring()\fP or
+\fBpcre_get_substring_list()\fP, respectively. They do nothing more than call
+the function pointed to by \fBpcre_free\fP, which of course could be called
+directly from a C program. However, PCRE is used in some situations where it is
+linked via a special interface to another programming language that cannot use
+\fBpcre_free\fP directly; it is for these cases that the functions are
+provided.
+.
+.
+.SH "EXTRACTING CAPTURED SUBSTRINGS BY NAME"
+.rs
+.sp
+.nf
+.B int pcre_get_stringnumber(const pcre *\fIcode\fP,
+.B "     const char *\fIname\fP);"
+.sp
+.B int pcre_copy_named_substring(const pcre *\fIcode\fP,
+.B "     const char *\fIsubject\fP, int *\fIovector\fP,"
+.B "     int \fIstringcount\fP, const char *\fIstringname\fP,"
+.B "     char *\fIbuffer\fP, int \fIbuffersize\fP);"
+.sp
+.B int pcre_get_named_substring(const pcre *\fIcode\fP,
+.B "     const char *\fIsubject\fP, int *\fIovector\fP,"
+.B "     int \fIstringcount\fP, const char *\fIstringname\fP,"
+.B "     const char **\fIstringptr\fP);"
+.fi
+.PP
+To extract a substring by name, you first have to find associated number.
+For example, for this pattern
+.sp
+  (a+)b(?<xxx>\ed+)...
+.sp
+the number of the subpattern called "xxx" is 2. If the name is known to be
+unique (PCRE_DUPNAMES was not set), you can find the number from the name by
+calling \fBpcre_get_stringnumber()\fP. The first argument is the compiled
+pattern, and the second is the name. The yield of the function is the
+subpattern number, or PCRE_ERROR_NOSUBSTRING (-7) if there is no subpattern of
+that name.
+.P
+Given the number, you can extract the substring directly, or use one of the
+functions described in the previous section. For convenience, there are also
+two functions that do the whole job.
+.P
+Most of the arguments of \fBpcre_copy_named_substring()\fP and
+\fBpcre_get_named_substring()\fP are the same as those for the similarly named
+functions that extract by number. As these are described in the previous
+section, they are not re-described here. There are just two differences:
+.P
+First, instead of a substring number, a substring name is given. Second, there
+is an extra argument, given at the start, which is a pointer to the compiled
+pattern. This is needed in order to gain access to the name-to-number
+translation table.
+.P
+These functions call \fBpcre_get_stringnumber()\fP, and if it succeeds, they
+then call \fBpcre_copy_substring()\fP or \fBpcre_get_substring()\fP, as
+appropriate. \fBNOTE:\fP If PCRE_DUPNAMES is set and there are duplicate names,
+the behaviour may not be what you want (see the next section).
+.P
+\fBWarning:\fP If the pattern uses the (?| feature to set up multiple
+subpatterns with the same number, as described in the
+.\" HTML <a href="pcrepattern.html#dupsubpatternnumber">
+.\" </a>
+section on duplicate subpattern numbers
+.\"
+in the
+.\" HREF
+\fBpcrepattern\fP
+.\"
+page, you cannot use names to distinguish the different subpatterns, because
+names are not included in the compiled code. The matching process uses only
+numbers. For this reason, the use of different names for subpatterns of the
+same number causes an error at compile time.
+.
+.
+.SH "DUPLICATE SUBPATTERN NAMES"
+.rs
+.sp
+.nf
+.B int pcre_get_stringtable_entries(const pcre *\fIcode\fP,
+.B "     const char *\fIname\fP, char **\fIfirst\fP, char **\fIlast\fP);"
+.fi
+.PP
+When a pattern is compiled with the PCRE_DUPNAMES option, names for subpatterns
+are not required to be unique. (Duplicate names are always allowed for
+subpatterns with the same number, created by using the (?| feature. Indeed, if
+such subpatterns are named, they are required to use the same names.)
+.P
+Normally, patterns with duplicate names are such that in any one match, only
+one of the named subpatterns participates. An example is shown in the
+.\" HREF
+\fBpcrepattern\fP
+.\"
+documentation.
+.P
+When duplicates are present, \fBpcre_copy_named_substring()\fP and
+\fBpcre_get_named_substring()\fP return the first substring corresponding to
+the given name that is set. If none are set, PCRE_ERROR_NOSUBSTRING (-7) is
+returned; no data is returned. The \fBpcre_get_stringnumber()\fP function
+returns one of the numbers that are associated with the name, but it is not
+defined which it is.
+.P
+If you want to get full details of all captured substrings for a given name,
+you must use the \fBpcre_get_stringtable_entries()\fP function. The first
+argument is the compiled pattern, and the second is the name. The third and
+fourth are pointers to variables which are updated by the function. After it
+has run, they point to the first and last entries in the name-to-number table
+for the given name. The function itself returns the length of each entry, or
+PCRE_ERROR_NOSUBSTRING (-7) if there are none. The format of the table is
+described above in the section entitled \fIInformation about a pattern\fP
+.\" HTML <a href="#infoaboutpattern">
+.\" </a>
+above.
+.\"
+Given all the relevant entries for the name, you can extract each of their
+numbers, and hence the captured data, if any.
+.
+.
+.SH "FINDING ALL POSSIBLE MATCHES"
+.rs
+.sp
+The traditional matching function uses a similar algorithm to Perl, which stops
+when it finds the first match, starting at a given point in the subject. If you
+want to find all possible matches, or the longest possible match, consider
+using the alternative matching function (see below) instead. If you cannot use
+the alternative function, but still need to find all possible matches, you
+can kludge it up by making use of the callout facility, which is described in
+the
+.\" HREF
+\fBpcrecallout\fP
+.\"
+documentation.
+.P
+What you have to do is to insert a callout right at the end of the pattern.
+When your callout function is called, extract and save the current matched
+substring. Then return 1, which forces \fBpcre_exec()\fP to backtrack and try
+other alternatives. Ultimately, when it runs out of matches, \fBpcre_exec()\fP
+will yield PCRE_ERROR_NOMATCH.
+.
+.
+.SH "OBTAINING AN ESTIMATE OF STACK USAGE"
+.rs
+.sp
+Matching certain patterns using \fBpcre_exec()\fP can use a lot of process
+stack, which in certain environments can be rather limited in size. Some users
+find it helpful to have an estimate of the amount of stack that is used by
+\fBpcre_exec()\fP, to help them set recursion limits, as described in the
+.\" HREF
+\fBpcrestack\fP
+.\"
+documentation. The estimate that is output by \fBpcretest\fP when called with
+the \fB-m\fP and \fB-C\fP options is obtained by calling \fBpcre_exec\fP with
+the values NULL, NULL, NULL, -999, and -999 for its first five arguments.
+.P
+Normally, if its first argument is NULL, \fBpcre_exec()\fP immediately returns
+the negative error code PCRE_ERROR_NULL, but with this special combination of
+arguments, it returns instead a negative number whose absolute value is the
+approximate stack frame size in bytes. (A negative number is used so that it is
+clear that no match has happened.) The value is approximate because in some
+cases, recursive calls to \fBpcre_exec()\fP occur when there are one or two
+additional variables on the stack.
+.P
+If PCRE has been compiled to use the heap instead of the stack for recursion,
+the value returned is the size of each block that is obtained from the heap.
+.
+.
+.\" HTML <a name="dfamatch"></a>
+.SH "MATCHING A PATTERN: THE ALTERNATIVE FUNCTION"
+.rs
+.sp
+.nf
+.B int pcre_dfa_exec(const pcre *\fIcode\fP, "const pcre_extra *\fIextra\fP,"
+.B "     const char *\fIsubject\fP, int \fIlength\fP, int \fIstartoffset\fP,"
+.B "     int \fIoptions\fP, int *\fIovector\fP, int \fIovecsize\fP,"
+.B "     int *\fIworkspace\fP, int \fIwscount\fP);"
+.fi
+.P
+The function \fBpcre_dfa_exec()\fP is called to match a subject string against
+a compiled pattern, using a matching algorithm that scans the subject string
+just once, and does not backtrack. This has different characteristics to the
+normal algorithm, and is not compatible with Perl. Some of the features of PCRE
+patterns are not supported. Nevertheless, there are times when this kind of
+matching can be useful. For a discussion of the two matching algorithms, and a
+list of features that \fBpcre_dfa_exec()\fP does not support, see the
+.\" HREF
+\fBpcrematching\fP
+.\"
+documentation.
+.P
+The arguments for the \fBpcre_dfa_exec()\fP function are the same as for
+\fBpcre_exec()\fP, plus two extras. The \fIovector\fP argument is used in a
+different way, and this is described below. The other common arguments are used
+in the same way as for \fBpcre_exec()\fP, so their description is not repeated
+here.
+.P
+The two additional arguments provide workspace for the function. The workspace
+vector should contain at least 20 elements. It is used for keeping track of
+multiple paths through the pattern tree. More workspace will be needed for
+patterns and subjects where there are a lot of potential matches.
+.P
+Here is an example of a simple call to \fBpcre_dfa_exec()\fP:
+.sp
+  int rc;
+  int ovector[10];
+  int wspace[20];
+  rc = pcre_dfa_exec(
+    re,             /* result of pcre_compile() */
+    NULL,           /* we didn't study the pattern */
+    "some string",  /* the subject string */
+    11,             /* the length of the subject string */
+    0,              /* start at offset 0 in the subject */
+    0,              /* default options */
+    ovector,        /* vector of integers for substring information */
+    10,             /* number of elements (NOT size in bytes) */
+    wspace,         /* working space vector */
+    20);            /* number of elements (NOT size in bytes) */
+.
+.SS "Option bits for \fBpcre_dfa_exec()\fP"
+.rs
+.sp
+The unused bits of the \fIoptions\fP argument for \fBpcre_dfa_exec()\fP must be
+zero. The only bits that may be set are PCRE_ANCHORED, PCRE_NEWLINE_\fIxxx\fP,
+PCRE_NOTBOL, PCRE_NOTEOL, PCRE_NOTEMPTY, PCRE_NOTEMPTY_ATSTART,
+PCRE_NO_UTF8_CHECK, PCRE_BSR_ANYCRLF, PCRE_BSR_UNICODE, PCRE_NO_START_OPTIMIZE,
+PCRE_PARTIAL_HARD, PCRE_PARTIAL_SOFT, PCRE_DFA_SHORTEST, and PCRE_DFA_RESTART.
+All but the last four of these are exactly the same as for \fBpcre_exec()\fP,
+so their description is not repeated here.
+.sp
+  PCRE_PARTIAL_HARD
+  PCRE_PARTIAL_SOFT
+.sp
+These have the same general effect as they do for \fBpcre_exec()\fP, but the
+details are slightly different. When PCRE_PARTIAL_HARD is set for
+\fBpcre_dfa_exec()\fP, it returns PCRE_ERROR_PARTIAL if the end of the subject
+is reached and there is still at least one matching possibility that requires
+additional characters. This happens even if some complete matches have also
+been found. When PCRE_PARTIAL_SOFT is set, the return code PCRE_ERROR_NOMATCH
+is converted into PCRE_ERROR_PARTIAL if the end of the subject is reached,
+there have been no complete matches, but there is still at least one matching
+possibility. The portion of the string that was inspected when the longest
+partial match was found is set as the first matching string in both cases.
+There is a more detailed discussion of partial and multi-segment matching, with
+examples, in the
+.\" HREF
+\fBpcrepartial\fP
+.\"
+documentation.
+.sp
+  PCRE_DFA_SHORTEST
+.sp
+Setting the PCRE_DFA_SHORTEST option causes the matching algorithm to stop as
+soon as it has found one match. Because of the way the alternative algorithm
+works, this is necessarily the shortest possible match at the first possible
+matching point in the subject string.
+.sp
+  PCRE_DFA_RESTART
+.sp
+When \fBpcre_dfa_exec()\fP returns a partial match, it is possible to call it
+again, with additional subject characters, and have it continue with the same
+match. The PCRE_DFA_RESTART option requests this action; when it is set, the
+\fIworkspace\fP and \fIwscount\fP options must reference the same vector as
+before because data about the match so far is left in them after a partial
+match. There is more discussion of this facility in the
+.\" HREF
+\fBpcrepartial\fP
+.\"
+documentation.
+.
+.
+.SS "Successful returns from \fBpcre_dfa_exec()\fP"
+.rs
+.sp
+When \fBpcre_dfa_exec()\fP succeeds, it may have matched more than one
+substring in the subject. Note, however, that all the matches from one run of
+the function start at the same point in the subject. The shorter matches are
+all initial substrings of the longer matches. For example, if the pattern
+.sp
+  <.*>
+.sp
+is matched against the string
+.sp
+  This is <something> <something else> <something further> no more
+.sp
+the three matched strings are
+.sp
+  <something>
+  <something> <something else>
+  <something> <something else> <something further>
+.sp
+On success, the yield of the function is a number greater than zero, which is
+the number of matched substrings. The substrings themselves are returned in
+\fIovector\fP. Each string uses two elements; the first is the offset to the
+start, and the second is the offset to the end. In fact, all the strings have
+the same start offset. (Space could have been saved by giving this only once,
+but it was decided to retain some compatibility with the way \fBpcre_exec()\fP
+returns data, even though the meaning of the strings is different.)
+.P
+The strings are returned in reverse order of length; that is, the longest
+matching string is given first. If there were too many matches to fit into
+\fIovector\fP, the yield of the function is zero, and the vector is filled with
+the longest matches. Unlike \fBpcre_exec()\fP, \fBpcre_dfa_exec()\fP can use
+the entire \fIovector\fP for returning matched strings.
+.P
+NOTE: PCRE's "auto-possessification" optimization usually applies to character
+repeats at the end of a pattern (as well as internally). For example, the
+pattern "a\ed+" is compiled as if it were "a\ed++" because there is no point
+even considering the possibility of backtracking into the repeated digits. For
+DFA matching, this means that only one possible match is found. If you really
+do want multiple matches in such cases, either use an ungreedy repeat
+("a\ed+?") or set the PCRE_NO_AUTO_POSSESS option when compiling.
+.
+.
+.SS "Error returns from \fBpcre_dfa_exec()\fP"
+.rs
+.sp
+The \fBpcre_dfa_exec()\fP function returns a negative number when it fails.
+Many of the errors are the same as for \fBpcre_exec()\fP, and these are
+described
+.\" HTML <a href="#errorlist">
+.\" </a>
+above.
+.\"
+There are in addition the following errors that are specific to
+\fBpcre_dfa_exec()\fP:
+.sp
+  PCRE_ERROR_DFA_UITEM      (-16)
+.sp
+This return is given if \fBpcre_dfa_exec()\fP encounters an item in the pattern
+that it does not support, for instance, the use of \eC or a back reference.
+.sp
+  PCRE_ERROR_DFA_UCOND      (-17)
+.sp
+This return is given if \fBpcre_dfa_exec()\fP encounters a condition item that
+uses a back reference for the condition, or a test for recursion in a specific
+group. These are not supported.
+.sp
+  PCRE_ERROR_DFA_UMLIMIT    (-18)
+.sp
+This return is given if \fBpcre_dfa_exec()\fP is called with an \fIextra\fP
+block that contains a setting of the \fImatch_limit\fP or
+\fImatch_limit_recursion\fP fields. This is not supported (these fields are
+meaningless for DFA matching).
+.sp
+  PCRE_ERROR_DFA_WSSIZE     (-19)
+.sp
+This return is given if \fBpcre_dfa_exec()\fP runs out of space in the
+\fIworkspace\fP vector.
+.sp
+  PCRE_ERROR_DFA_RECURSE    (-20)
+.sp
+When a recursive subpattern is processed, the matching function calls itself
+recursively, using private vectors for \fIovector\fP and \fIworkspace\fP. This
+error is given if the output vector is not large enough. This should be
+extremely rare, as a vector of size 1000 is used.
+.sp
+  PCRE_ERROR_DFA_BADRESTART (-30)
+.sp
+When \fBpcre_dfa_exec()\fP is called with the \fBPCRE_DFA_RESTART\fP option,
+some plausibility checks are made on the contents of the workspace, which
+should contain data about the previous partial match. If any of these checks
+fail, this error is given.
+.
+.
+.SH "SEE ALSO"
+.rs
+.sp
+\fBpcre16\fP(3), \fBpcre32\fP(3), \fBpcrebuild\fP(3), \fBpcrecallout\fP(3),
+\fBpcrecpp(3)\fP(3), \fBpcrematching\fP(3), \fBpcrepartial\fP(3),
+\fBpcreposix\fP(3), \fBpcreprecompile\fP(3), \fBpcresample\fP(3),
+\fBpcrestack\fP(3).
+.
+.
+.SH AUTHOR
+.rs
+.sp
+.nf
+Philip Hazel
+University Computing Service
+Cambridge CB2 3QH, England.
+.fi
+.
+.
+.SH REVISION
+.rs
+.sp
+.nf
+Last updated: 18 December 2015
+Copyright (c) 1997-2015 University of Cambridge.
+.fi
diff --git a/client/3rd/ShadowSocks/ShadowSocks/pcre/armv7/share/man/man3/pcrebuild.3 b/client/3rd/ShadowSocks/ShadowSocks/pcre/armv7/share/man/man3/pcrebuild.3
new file mode 100644
index 00000000..403f2ae3
--- /dev/null
+++ b/client/3rd/ShadowSocks/ShadowSocks/pcre/armv7/share/man/man3/pcrebuild.3
@@ -0,0 +1,550 @@
+.TH PCREBUILD 3 "12 May 2013" "PCRE 8.33"
+.SH NAME
+PCRE - Perl-compatible regular expressions
+.
+.
+.SH "BUILDING PCRE"
+.rs
+.sp
+PCRE is distributed with a \fBconfigure\fP script that can be used to build the
+library in Unix-like environments using the applications known as Autotools.
+Also in the distribution are files to support building using \fBCMake\fP
+instead of \fBconfigure\fP. The text file
+.\" HTML <a href="README.txt">
+.\" </a>
+\fBREADME\fP
+.\"
+contains general information about building with Autotools (some of which is
+repeated below), and also has some comments about building on various operating
+systems. There is a lot more information about building PCRE without using
+Autotools (including information about using \fBCMake\fP and building "by
+hand") in the text file called
+.\" HTML <a href="NON-AUTOTOOLS-BUILD.txt">
+.\" </a>
+\fBNON-AUTOTOOLS-BUILD\fP.
+.\"
+You should consult this file as well as the
+.\" HTML <a href="README.txt">
+.\" </a>
+\fBREADME\fP
+.\"
+file if you are building in a non-Unix-like environment.
+.
+.
+.SH "PCRE BUILD-TIME OPTIONS"
+.rs
+.sp
+The rest of this document describes the optional features of PCRE that can be
+selected when the library is compiled. It assumes use of the \fBconfigure\fP
+script, where the optional features are selected or deselected by providing
+options to \fBconfigure\fP before running the \fBmake\fP command. However, the
+same options can be selected in both Unix-like and non-Unix-like environments
+using the GUI facility of \fBcmake-gui\fP if you are using \fBCMake\fP instead
+of \fBconfigure\fP to build PCRE.
+.P
+If you are not using Autotools or \fBCMake\fP, option selection can be done by
+editing the \fBconfig.h\fP file, or by passing parameter settings to the
+compiler, as described in
+.\" HTML <a href="NON-AUTOTOOLS-BUILD.txt">
+.\" </a>
+\fBNON-AUTOTOOLS-BUILD\fP.
+.\"
+.P
+The complete list of options for \fBconfigure\fP (which includes the standard
+ones such as the selection of the installation directory) can be obtained by
+running
+.sp
+  ./configure --help
+.sp
+The following sections include descriptions of options whose names begin with
+--enable or --disable. These settings specify changes to the defaults for the
+\fBconfigure\fP command. Because of the way that \fBconfigure\fP works,
+--enable and --disable always come in pairs, so the complementary option always
+exists as well, but as it specifies the default, it is not described.
+.
+.
+.SH "BUILDING 8-BIT, 16-BIT AND 32-BIT LIBRARIES"
+.rs
+.sp
+By default, a library called \fBlibpcre\fP is built, containing functions that
+take string arguments contained in vectors of bytes, either as single-byte
+characters, or interpreted as UTF-8 strings. You can also build a separate
+library, called \fBlibpcre16\fP, in which strings are contained in vectors of
+16-bit data units and interpreted either as single-unit characters or UTF-16
+strings, by adding
+.sp
+  --enable-pcre16
+.sp
+to the \fBconfigure\fP command. You can also build yet another separate
+library, called \fBlibpcre32\fP, in which strings are contained in vectors of
+32-bit data units and interpreted either as single-unit characters or UTF-32
+strings, by adding
+.sp
+  --enable-pcre32
+.sp
+to the \fBconfigure\fP command. If you do not want the 8-bit library, add
+.sp
+  --disable-pcre8
+.sp
+as well. At least one of the three libraries must be built. Note that the C++
+and POSIX wrappers are for the 8-bit library only, and that \fBpcregrep\fP is
+an 8-bit program. None of these are built if you select only the 16-bit or
+32-bit libraries.
+.
+.
+.SH "BUILDING SHARED AND STATIC LIBRARIES"
+.rs
+.sp
+The Autotools PCRE building process uses \fBlibtool\fP to build both shared and
+static libraries by default. You can suppress one of these by adding one of
+.sp
+  --disable-shared
+  --disable-static
+.sp
+to the \fBconfigure\fP command, as required.
+.
+.
+.SH "C++ SUPPORT"
+.rs
+.sp
+By default, if the 8-bit library is being built, the \fBconfigure\fP script
+will search for a C++ compiler and C++ header files. If it finds them, it
+automatically builds the C++ wrapper library (which supports only 8-bit
+strings). You can disable this by adding
+.sp
+  --disable-cpp
+.sp
+to the \fBconfigure\fP command.
+.
+.
+.SH "UTF-8, UTF-16 AND UTF-32 SUPPORT"
+.rs
+.sp
+To build PCRE with support for UTF Unicode character strings, add
+.sp
+  --enable-utf
+.sp
+to the \fBconfigure\fP command. This setting applies to all three libraries,
+adding support for UTF-8 to the 8-bit library, support for UTF-16 to the 16-bit
+library, and support for UTF-32 to the to the 32-bit library. There are no
+separate options for enabling UTF-8, UTF-16 and UTF-32 independently because
+that would allow ridiculous settings such as requesting UTF-16 support while
+building only the 8-bit library. It is not possible to build one library with
+UTF support and another without in the same configuration. (For backwards
+compatibility, --enable-utf8 is a synonym of --enable-utf.)
+.P
+Of itself, this setting does not make PCRE treat strings as UTF-8, UTF-16 or
+UTF-32. As well as compiling PCRE with this option, you also have have to set
+the PCRE_UTF8, PCRE_UTF16 or PCRE_UTF32 option (as appropriate) when you call
+one of the pattern compiling functions.
+.P
+If you set --enable-utf when compiling in an EBCDIC environment, PCRE expects
+its input to be either ASCII or UTF-8 (depending on the run-time option). It is
+not possible to support both EBCDIC and UTF-8 codes in the same version of the
+library. Consequently, --enable-utf and --enable-ebcdic are mutually
+exclusive.
+.
+.
+.SH "UNICODE CHARACTER PROPERTY SUPPORT"
+.rs
+.sp
+UTF support allows the libraries to process character codepoints up to 0x10ffff
+in the strings that they handle. On its own, however, it does not provide any
+facilities for accessing the properties of such characters. If you want to be
+able to use the pattern escapes \eP, \ep, and \eX, which refer to Unicode
+character properties, you must add
+.sp
+  --enable-unicode-properties
+.sp
+to the \fBconfigure\fP command. This implies UTF support, even if you have
+not explicitly requested it.
+.P
+Including Unicode property support adds around 30K of tables to the PCRE
+library. Only the general category properties such as \fILu\fP and \fINd\fP are
+supported. Details are given in the
+.\" HREF
+\fBpcrepattern\fP
+.\"
+documentation.
+.
+.
+.SH "JUST-IN-TIME COMPILER SUPPORT"
+.rs
+.sp
+Just-in-time compiler support is included in the build by specifying
+.sp
+  --enable-jit
+.sp
+This support is available only for certain hardware architectures. If this
+option is set for an unsupported architecture, a compile time error occurs.
+See the
+.\" HREF
+\fBpcrejit\fP
+.\"
+documentation for a discussion of JIT usage. When JIT support is enabled,
+pcregrep automatically makes use of it, unless you add
+.sp
+  --disable-pcregrep-jit
+.sp
+to the "configure" command.
+.
+.
+.SH "CODE VALUE OF NEWLINE"
+.rs
+.sp
+By default, PCRE interprets the linefeed (LF) character as indicating the end
+of a line. This is the normal newline character on Unix-like systems. You can
+compile PCRE to use carriage return (CR) instead, by adding
+.sp
+  --enable-newline-is-cr
+.sp
+to the \fBconfigure\fP command. There is also a --enable-newline-is-lf option,
+which explicitly specifies linefeed as the newline character.
+.sp
+Alternatively, you can specify that line endings are to be indicated by the two
+character sequence CRLF. If you want this, add
+.sp
+  --enable-newline-is-crlf
+.sp
+to the \fBconfigure\fP command. There is a fourth option, specified by
+.sp
+  --enable-newline-is-anycrlf
+.sp
+which causes PCRE to recognize any of the three sequences CR, LF, or CRLF as
+indicating a line ending. Finally, a fifth option, specified by
+.sp
+  --enable-newline-is-any
+.sp
+causes PCRE to recognize any Unicode newline sequence.
+.P
+Whatever line ending convention is selected when PCRE is built can be
+overridden when the library functions are called. At build time it is
+conventional to use the standard for your operating system.
+.
+.
+.SH "WHAT \eR MATCHES"
+.rs
+.sp
+By default, the sequence \eR in a pattern matches any Unicode newline sequence,
+whatever has been selected as the line ending sequence. If you specify
+.sp
+  --enable-bsr-anycrlf
+.sp
+the default is changed so that \eR matches only CR, LF, or CRLF. Whatever is
+selected when PCRE is built can be overridden when the library functions are
+called.
+.
+.
+.SH "POSIX MALLOC USAGE"
+.rs
+.sp
+When the 8-bit library is called through the POSIX interface (see the
+.\" HREF
+\fBpcreposix\fP
+.\"
+documentation), additional working storage is required for holding the pointers
+to capturing substrings, because PCRE requires three integers per substring,
+whereas the POSIX interface provides only two. If the number of expected
+substrings is small, the wrapper function uses space on the stack, because this
+is faster than using \fBmalloc()\fP for each call. The default threshold above
+which the stack is no longer used is 10; it can be changed by adding a setting
+such as
+.sp
+  --with-posix-malloc-threshold=20
+.sp
+to the \fBconfigure\fP command.
+.
+.
+.SH "HANDLING VERY LARGE PATTERNS"
+.rs
+.sp
+Within a compiled pattern, offset values are used to point from one part to
+another (for example, from an opening parenthesis to an alternation
+metacharacter). By default, in the 8-bit and 16-bit libraries, two-byte values
+are used for these offsets, leading to a maximum size for a compiled pattern of
+around 64K. This is sufficient to handle all but the most gigantic patterns.
+Nevertheless, some people do want to process truly enormous patterns, so it is
+possible to compile PCRE to use three-byte or four-byte offsets by adding a
+setting such as
+.sp
+  --with-link-size=3
+.sp
+to the \fBconfigure\fP command. The value given must be 2, 3, or 4. For the
+16-bit library, a value of 3 is rounded up to 4. In these libraries, using
+longer offsets slows down the operation of PCRE because it has to load
+additional data when handling them. For the 32-bit library the value is always
+4 and cannot be overridden; the value of --with-link-size is ignored.
+.
+.
+.SH "AVOIDING EXCESSIVE STACK USAGE"
+.rs
+.sp
+When matching with the \fBpcre_exec()\fP function, PCRE implements backtracking
+by making recursive calls to an internal function called \fBmatch()\fP. In
+environments where the size of the stack is limited, this can severely limit
+PCRE's operation. (The Unix environment does not usually suffer from this
+problem, but it may sometimes be necessary to increase the maximum stack size.
+There is a discussion in the
+.\" HREF
+\fBpcrestack\fP
+.\"
+documentation.) An alternative approach to recursion that uses memory from the
+heap to remember data, instead of using recursive function calls, has been
+implemented to work round the problem of limited stack size. If you want to
+build a version of PCRE that works this way, add
+.sp
+  --disable-stack-for-recursion
+.sp
+to the \fBconfigure\fP command. With this configuration, PCRE will use the
+\fBpcre_stack_malloc\fP and \fBpcre_stack_free\fP variables to call memory
+management functions. By default these point to \fBmalloc()\fP and
+\fBfree()\fP, but you can replace the pointers so that your own functions are
+used instead.
+.P
+Separate functions are provided rather than using \fBpcre_malloc\fP and
+\fBpcre_free\fP because the usage is very predictable: the block sizes
+requested are always the same, and the blocks are always freed in reverse
+order. A calling program might be able to implement optimized functions that
+perform better than \fBmalloc()\fP and \fBfree()\fP. PCRE runs noticeably more
+slowly when built in this way. This option affects only the \fBpcre_exec()\fP
+function; it is not relevant for \fBpcre_dfa_exec()\fP.
+.
+.
+.SH "LIMITING PCRE RESOURCE USAGE"
+.rs
+.sp
+Internally, PCRE has a function called \fBmatch()\fP, which it calls repeatedly
+(sometimes recursively) when matching a pattern with the \fBpcre_exec()\fP
+function. By controlling the maximum number of times this function may be
+called during a single matching operation, a limit can be placed on the
+resources used by a single call to \fBpcre_exec()\fP. The limit can be changed
+at run time, as described in the
+.\" HREF
+\fBpcreapi\fP
+.\"
+documentation. The default is 10 million, but this can be changed by adding a
+setting such as
+.sp
+  --with-match-limit=500000
+.sp
+to the \fBconfigure\fP command. This setting has no effect on the
+\fBpcre_dfa_exec()\fP matching function.
+.P
+In some environments it is desirable to limit the depth of recursive calls of
+\fBmatch()\fP more strictly than the total number of calls, in order to
+restrict the maximum amount of stack (or heap, if --disable-stack-for-recursion
+is specified) that is used. A second limit controls this; it defaults to the
+value that is set for --with-match-limit, which imposes no additional
+constraints. However, you can set a lower limit by adding, for example,
+.sp
+  --with-match-limit-recursion=10000
+.sp
+to the \fBconfigure\fP command. This value can also be overridden at run time.
+.
+.
+.SH "CREATING CHARACTER TABLES AT BUILD TIME"
+.rs
+.sp
+PCRE uses fixed tables for processing characters whose code values are less
+than 256. By default, PCRE is built with a set of tables that are distributed
+in the file \fIpcre_chartables.c.dist\fP. These tables are for ASCII codes
+only. If you add
+.sp
+  --enable-rebuild-chartables
+.sp
+to the \fBconfigure\fP command, the distributed tables are no longer used.
+Instead, a program called \fBdftables\fP is compiled and run. This outputs the
+source for new set of tables, created in the default locale of your C run-time
+system. (This method of replacing the tables does not work if you are cross
+compiling, because \fBdftables\fP is run on the local host. If you need to
+create alternative tables when cross compiling, you will have to do so "by
+hand".)
+.
+.
+.SH "USING EBCDIC CODE"
+.rs
+.sp
+PCRE assumes by default that it will run in an environment where the character
+code is ASCII (or Unicode, which is a superset of ASCII). This is the case for
+most computer operating systems. PCRE can, however, be compiled to run in an
+EBCDIC environment by adding
+.sp
+  --enable-ebcdic
+.sp
+to the \fBconfigure\fP command. This setting implies
+--enable-rebuild-chartables. You should only use it if you know that you are in
+an EBCDIC environment (for example, an IBM mainframe operating system). The
+--enable-ebcdic option is incompatible with --enable-utf.
+.P
+The EBCDIC character that corresponds to an ASCII LF is assumed to have the
+value 0x15 by default. However, in some EBCDIC environments, 0x25 is used. In
+such an environment you should use
+.sp
+  --enable-ebcdic-nl25
+.sp
+as well as, or instead of, --enable-ebcdic. The EBCDIC character for CR has the
+same value as in ASCII, namely, 0x0d. Whichever of 0x15 and 0x25 is \fInot\fP
+chosen as LF is made to correspond to the Unicode NEL character (which, in
+Unicode, is 0x85).
+.P
+The options that select newline behaviour, such as --enable-newline-is-cr,
+and equivalent run-time options, refer to these character values in an EBCDIC
+environment.
+.
+.
+.SH "PCREGREP OPTIONS FOR COMPRESSED FILE SUPPORT"
+.rs
+.sp
+By default, \fBpcregrep\fP reads all files as plain text. You can build it so
+that it recognizes files whose names end in \fB.gz\fP or \fB.bz2\fP, and reads
+them with \fBlibz\fP or \fBlibbz2\fP, respectively, by adding one or both of
+.sp
+  --enable-pcregrep-libz
+  --enable-pcregrep-libbz2
+.sp
+to the \fBconfigure\fP command. These options naturally require that the
+relevant libraries are installed on your system. Configuration will fail if
+they are not.
+.
+.
+.SH "PCREGREP BUFFER SIZE"
+.rs
+.sp
+\fBpcregrep\fP uses an internal buffer to hold a "window" on the file it is
+scanning, in order to be able to output "before" and "after" lines when it
+finds a match. The size of the buffer is controlled by a parameter whose
+default value is 20K. The buffer itself is three times this size, but because
+of the way it is used for holding "before" lines, the longest line that is
+guaranteed to be processable is the parameter size. You can change the default
+parameter value by adding, for example,
+.sp
+  --with-pcregrep-bufsize=50K
+.sp
+to the \fBconfigure\fP command. The caller of \fPpcregrep\fP can, however,
+override this value by specifying a run-time option.
+.
+.
+.SH "PCRETEST OPTION FOR LIBREADLINE SUPPORT"
+.rs
+.sp
+If you add
+.sp
+  --enable-pcretest-libreadline
+.sp
+to the \fBconfigure\fP command, \fBpcretest\fP is linked with the
+\fBlibreadline\fP library, and when its input is from a terminal, it reads it
+using the \fBreadline()\fP function. This provides line-editing and history
+facilities. Note that \fBlibreadline\fP is GPL-licensed, so if you distribute a
+binary of \fBpcretest\fP linked in this way, there may be licensing issues.
+.P
+Setting this option causes the \fB-lreadline\fP option to be added to the
+\fBpcretest\fP build. In many operating environments with a sytem-installed
+\fBlibreadline\fP this is sufficient. However, in some environments (e.g.
+if an unmodified distribution version of readline is in use), some extra
+configuration may be necessary. The INSTALL file for \fBlibreadline\fP says
+this:
+.sp
+  "Readline uses the termcap functions, but does not link with the
+  termcap or curses library itself, allowing applications which link
+  with readline the to choose an appropriate library."
+.sp
+If your environment has not been set up so that an appropriate library is
+automatically included, you may need to add something like
+.sp
+  LIBS="-ncurses"
+.sp
+immediately before the \fBconfigure\fP command.
+.
+.
+.SH "DEBUGGING WITH VALGRIND SUPPORT"
+.rs
+.sp
+By adding the
+.sp
+  --enable-valgrind
+.sp
+option to to the \fBconfigure\fP command, PCRE will use valgrind annotations
+to mark certain memory regions as unaddressable. This allows it to detect
+invalid memory accesses, and is mostly useful for debugging PCRE itself.
+.
+.
+.SH "CODE COVERAGE REPORTING"
+.rs
+.sp
+If your C compiler is gcc, you can build a version of PCRE that can generate a
+code coverage report for its test suite. To enable this, you must install
+\fBlcov\fP version 1.6 or above. Then specify
+.sp
+  --enable-coverage
+.sp
+to the \fBconfigure\fP command and build PCRE in the usual way.
+.P
+Note that using \fBccache\fP (a caching C compiler) is incompatible with code
+coverage reporting. If you have configured \fBccache\fP to run automatically
+on your system, you must set the environment variable
+.sp
+  CCACHE_DISABLE=1
+.sp
+before running \fBmake\fP to build PCRE, so that \fBccache\fP is not used.
+.P
+When --enable-coverage is used, the following addition targets are added to the
+\fIMakefile\fP:
+.sp
+  make coverage
+.sp
+This creates a fresh coverage report for the PCRE test suite. It is equivalent
+to running "make coverage-reset", "make coverage-baseline", "make check", and
+then "make coverage-report".
+.sp
+  make coverage-reset
+.sp
+This zeroes the coverage counters, but does nothing else.
+.sp
+  make coverage-baseline
+.sp
+This captures baseline coverage information.
+.sp
+  make coverage-report
+.sp
+This creates the coverage report.
+.sp
+  make coverage-clean-report
+.sp
+This removes the generated coverage report without cleaning the coverage data
+itself.
+.sp
+  make coverage-clean-data
+.sp
+This removes the captured coverage data without removing the coverage files
+created at compile time (*.gcno).
+.sp
+  make coverage-clean
+.sp
+This cleans all coverage data including the generated coverage report. For more
+information about code coverage, see the \fBgcov\fP and \fBlcov\fP
+documentation.
+.
+.
+.SH "SEE ALSO"
+.rs
+.sp
+\fBpcreapi\fP(3), \fBpcre16\fP, \fBpcre32\fP, \fBpcre_config\fP(3).
+.
+.
+.SH AUTHOR
+.rs
+.sp
+.nf
+Philip Hazel
+University Computing Service
+Cambridge CB2 3QH, England.
+.fi
+.
+.
+.SH REVISION
+.rs
+.sp
+.nf
+Last updated: 12 May 2013
+Copyright (c) 1997-2013 University of Cambridge.
+.fi
diff --git a/client/3rd/ShadowSocks/ShadowSocks/pcre/armv7/share/man/man3/pcrecallout.3 b/client/3rd/ShadowSocks/ShadowSocks/pcre/armv7/share/man/man3/pcrecallout.3
new file mode 100644
index 00000000..8ebc9959
--- /dev/null
+++ b/client/3rd/ShadowSocks/ShadowSocks/pcre/armv7/share/man/man3/pcrecallout.3
@@ -0,0 +1,255 @@
+.TH PCRECALLOUT 3 "12 November 2013" "PCRE 8.34"
+.SH NAME
+PCRE - Perl-compatible regular expressions
+.SH SYNOPSIS
+.rs
+.sp
+.B #include <pcre.h>
+.PP
+.SM
+.B int (*pcre_callout)(pcre_callout_block *);
+.PP
+.B int (*pcre16_callout)(pcre16_callout_block *);
+.PP
+.B int (*pcre32_callout)(pcre32_callout_block *);
+.
+.SH DESCRIPTION
+.rs
+.sp
+PCRE provides a feature called "callout", which is a means of temporarily
+passing control to the caller of PCRE in the middle of pattern matching. The
+caller of PCRE provides an external function by putting its entry point in the
+global variable \fIpcre_callout\fP (\fIpcre16_callout\fP for the 16-bit
+library, \fIpcre32_callout\fP for the 32-bit library). By default, this
+variable contains NULL, which disables all calling out.
+.P
+Within a regular expression, (?C) indicates the points at which the external
+function is to be called. Different callout points can be identified by putting
+a number less than 256 after the letter C. The default value is zero.
+For example, this pattern has two callout points:
+.sp
+  (?C1)abc(?C2)def
+.sp
+If the PCRE_AUTO_CALLOUT option bit is set when a pattern is compiled, PCRE
+automatically inserts callouts, all with number 255, before each item in the
+pattern. For example, if PCRE_AUTO_CALLOUT is used with the pattern
+.sp
+  A(\ed{2}|--)
+.sp
+it is processed as if it were
+.sp
+(?C255)A(?C255)((?C255)\ed{2}(?C255)|(?C255)-(?C255)-(?C255))(?C255)
+.sp
+Notice that there is a callout before and after each parenthesis and
+alternation bar. If the pattern contains a conditional group whose condition is
+an assertion, an automatic callout is inserted immediately before the
+condition. Such a callout may also be inserted explicitly, for example:
+.sp
+  (?(?C9)(?=a)ab|de)
+.sp
+This applies only to assertion conditions (because they are themselves
+independent groups).
+.P
+Automatic callouts can be used for tracking the progress of pattern matching.
+The
+.\" HREF
+\fBpcretest\fP
+.\"
+program has a pattern qualifier (/C) that sets automatic callouts; when it is
+used, the output indicates how the pattern is being matched. This is useful
+information when you are trying to optimize the performance of a particular
+pattern.
+.
+.
+.SH "MISSING CALLOUTS"
+.rs
+.sp
+You should be aware that, because of optimizations in the way PCRE compiles and
+matches patterns, callouts sometimes do not happen exactly as you might expect.
+.P
+At compile time, PCRE "auto-possessifies" repeated items when it knows that
+what follows cannot be part of the repeat. For example, a+[bc] is compiled as
+if it were a++[bc]. The \fBpcretest\fP output when this pattern is anchored and
+then applied with automatic callouts to the string "aaaa" is:
+.sp
+  --->aaaa
+   +0 ^        ^
+   +1 ^        a+
+   +3 ^   ^    [bc]
+  No match
+.sp
+This indicates that when matching [bc] fails, there is no backtracking into a+
+and therefore the callouts that would be taken for the backtracks do not occur.
+You can disable the auto-possessify feature by passing PCRE_NO_AUTO_POSSESS
+to \fBpcre_compile()\fP, or starting the pattern with (*NO_AUTO_POSSESS). If
+this is done in \fBpcretest\fP (using the /O qualifier), the output changes to
+this:
+.sp
+  --->aaaa
+   +0 ^        ^
+   +1 ^        a+
+   +3 ^   ^    [bc]
+   +3 ^  ^     [bc]
+   +3 ^ ^      [bc]
+   +3 ^^       [bc]
+  No match
+.sp
+This time, when matching [bc] fails, the matcher backtracks into a+ and tries
+again, repeatedly, until a+ itself fails.
+.P
+Other optimizations that provide fast "no match" results also affect callouts.
+For example, if the pattern is
+.sp
+  ab(?C4)cd
+.sp
+PCRE knows that any matching string must contain the letter "d". If the subject
+string is "abyz", the lack of "d" means that matching doesn't ever start, and
+the callout is never reached. However, with "abyd", though the result is still
+no match, the callout is obeyed.
+.P
+If the pattern is studied, PCRE knows the minimum length of a matching string,
+and will immediately give a "no match" return without actually running a match
+if the subject is not long enough, or, for unanchored patterns, if it has
+been scanned far enough.
+.P
+You can disable these optimizations by passing the PCRE_NO_START_OPTIMIZE
+option to the matching function, or by starting the pattern with
+(*NO_START_OPT). This slows down the matching process, but does ensure that
+callouts such as the example above are obeyed.
+.
+.
+.SH "THE CALLOUT INTERFACE"
+.rs
+.sp
+During matching, when PCRE reaches a callout point, the external function
+defined by \fIpcre_callout\fP or \fIpcre[16|32]_callout\fP is called (if it is
+set). This applies to both normal and DFA matching. The only argument to the
+callout function is a pointer to a \fBpcre_callout\fP or
+\fBpcre[16|32]_callout\fP block. These structures contains the following
+fields:
+.sp
+  int           \fIversion\fP;
+  int           \fIcallout_number\fP;
+  int          *\fIoffset_vector\fP;
+  const char   *\fIsubject\fP;           (8-bit version)
+  PCRE_SPTR16   \fIsubject\fP;           (16-bit version)
+  PCRE_SPTR32   \fIsubject\fP;           (32-bit version)
+  int           \fIsubject_length\fP;
+  int           \fIstart_match\fP;
+  int           \fIcurrent_position\fP;
+  int           \fIcapture_top\fP;
+  int           \fIcapture_last\fP;
+  void         *\fIcallout_data\fP;
+  int           \fIpattern_position\fP;
+  int           \fInext_item_length\fP;
+  const unsigned char *\fImark\fP;       (8-bit version)
+  const PCRE_UCHAR16  *\fImark\fP;       (16-bit version)
+  const PCRE_UCHAR32  *\fImark\fP;       (32-bit version)
+.sp
+The \fIversion\fP field is an integer containing the version number of the
+block format. The initial version was 0; the current version is 2. The version
+number will change again in future if additional fields are added, but the
+intention is never to remove any of the existing fields.
+.P
+The \fIcallout_number\fP field contains the number of the callout, as compiled
+into the pattern (that is, the number after ?C for manual callouts, and 255 for
+automatically generated callouts).
+.P
+The \fIoffset_vector\fP field is a pointer to the vector of offsets that was
+passed by the caller to the matching function. When \fBpcre_exec()\fP or
+\fBpcre[16|32]_exec()\fP is used, the contents can be inspected, in order to
+extract substrings that have been matched so far, in the same way as for
+extracting substrings after a match has completed. For the DFA matching
+functions, this field is not useful.
+.P
+The \fIsubject\fP and \fIsubject_length\fP fields contain copies of the values
+that were passed to the matching function.
+.P
+The \fIstart_match\fP field normally contains the offset within the subject at
+which the current match attempt started. However, if the escape sequence \eK
+has been encountered, this value is changed to reflect the modified starting
+point. If the pattern is not anchored, the callout function may be called
+several times from the same point in the pattern for different starting points
+in the subject.
+.P
+The \fIcurrent_position\fP field contains the offset within the subject of the
+current match pointer.
+.P
+When the \fBpcre_exec()\fP or \fBpcre[16|32]_exec()\fP is used, the
+\fIcapture_top\fP field contains one more than the number of the highest
+numbered captured substring so far. If no substrings have been captured, the
+value of \fIcapture_top\fP is one. This is always the case when the DFA
+functions are used, because they do not support captured substrings.
+.P
+The \fIcapture_last\fP field contains the number of the most recently captured
+substring. However, when a recursion exits, the value reverts to what it was
+outside the recursion, as do the values of all captured substrings. If no
+substrings have been captured, the value of \fIcapture_last\fP is -1. This is
+always the case for the DFA matching functions.
+.P
+The \fIcallout_data\fP field contains a value that is passed to a matching
+function specifically so that it can be passed back in callouts. It is passed
+in the \fIcallout_data\fP field of a \fBpcre_extra\fP or \fBpcre[16|32]_extra\fP
+data structure. If no such data was passed, the value of \fIcallout_data\fP in
+a callout block is NULL. There is a description of the \fBpcre_extra\fP
+structure in the
+.\" HREF
+\fBpcreapi\fP
+.\"
+documentation.
+.P
+The \fIpattern_position\fP field is present from version 1 of the callout
+structure. It contains the offset to the next item to be matched in the pattern
+string.
+.P
+The \fInext_item_length\fP field is present from version 1 of the callout
+structure. It contains the length of the next item to be matched in the pattern
+string. When the callout immediately precedes an alternation bar, a closing
+parenthesis, or the end of the pattern, the length is zero. When the callout
+precedes an opening parenthesis, the length is that of the entire subpattern.
+.P
+The \fIpattern_position\fP and \fInext_item_length\fP fields are intended to
+help in distinguishing between different automatic callouts, which all have the
+same callout number. However, they are set for all callouts.
+.P
+The \fImark\fP field is present from version 2 of the callout structure. In
+callouts from \fBpcre_exec()\fP or \fBpcre[16|32]_exec()\fP it contains a
+pointer to the zero-terminated name of the most recently passed (*MARK),
+(*PRUNE), or (*THEN) item in the match, or NULL if no such items have been
+passed. Instances of (*PRUNE) or (*THEN) without a name do not obliterate a
+previous (*MARK). In callouts from the DFA matching functions this field always
+contains NULL.
+.
+.
+.SH "RETURN VALUES"
+.rs
+.sp
+The external callout function returns an integer to PCRE. If the value is zero,
+matching proceeds as normal. If the value is greater than zero, matching fails
+at the current point, but the testing of other matching possibilities goes
+ahead, just as if a lookahead assertion had failed. If the value is less than
+zero, the match is abandoned, the matching function returns the negative value.
+.P
+Negative values should normally be chosen from the set of PCRE_ERROR_xxx
+values. In particular, PCRE_ERROR_NOMATCH forces a standard "no match" failure.
+The error number PCRE_ERROR_CALLOUT is reserved for use by callout functions;
+it will never be used by PCRE itself.
+.
+.
+.SH AUTHOR
+.rs
+.sp
+.nf
+Philip Hazel
+University Computing Service
+Cambridge CB2 3QH, England.
+.fi
+.
+.
+.SH REVISION
+.rs
+.sp
+.nf
+Last updated: 12 November 2013
+Copyright (c) 1997-2013 University of Cambridge.
+.fi
diff --git a/client/3rd/ShadowSocks/ShadowSocks/pcre/armv7/share/man/man3/pcrecompat.3 b/client/3rd/ShadowSocks/ShadowSocks/pcre/armv7/share/man/man3/pcrecompat.3
new file mode 100644
index 00000000..6156e776
--- /dev/null
+++ b/client/3rd/ShadowSocks/ShadowSocks/pcre/armv7/share/man/man3/pcrecompat.3
@@ -0,0 +1,200 @@
+.TH PCRECOMPAT 3 "10 November 2013" "PCRE 8.34"
+.SH NAME
+PCRE - Perl-compatible regular expressions
+.SH "DIFFERENCES BETWEEN PCRE AND PERL"
+.rs
+.sp
+This document describes the differences in the ways that PCRE and Perl handle
+regular expressions. The differences described here are with respect to Perl
+versions 5.10 and above.
+.P
+1. PCRE has only a subset of Perl's Unicode support. Details of what it does
+have are given in the
+.\" HREF
+\fBpcreunicode\fP
+.\"
+page.
+.P
+2. PCRE allows repeat quantifiers only on parenthesized assertions, but they do
+not mean what you might think. For example, (?!a){3} does not assert that the
+next three characters are not "a". It just asserts that the next character is
+not "a" three times (in principle: PCRE optimizes this to run the assertion
+just once). Perl allows repeat quantifiers on other assertions such as \eb, but
+these do not seem to have any use.
+.P
+3. Capturing subpatterns that occur inside negative lookahead assertions are
+counted, but their entries in the offsets vector are never set. Perl sometimes
+(but not always) sets its numerical variables from inside negative assertions.
+.P
+4. Though binary zero characters are supported in the subject string, they are
+not allowed in a pattern string because it is passed as a normal C string,
+terminated by zero. The escape sequence \e0 can be used in the pattern to
+represent a binary zero.
+.P
+5. The following Perl escape sequences are not supported: \el, \eu, \eL,
+\eU, and \eN when followed by a character name or Unicode value. (\eN on its
+own, matching a non-newline character, is supported.) In fact these are
+implemented by Perl's general string-handling and are not part of its pattern
+matching engine. If any of these are encountered by PCRE, an error is
+generated by default. However, if the PCRE_JAVASCRIPT_COMPAT option is set,
+\eU and \eu are interpreted as JavaScript interprets them.
+.P
+6. The Perl escape sequences \ep, \eP, and \eX are supported only if PCRE is
+built with Unicode character property support. The properties that can be
+tested with \ep and \eP are limited to the general category properties such as
+Lu and Nd, script names such as Greek or Han, and the derived properties Any
+and L&. PCRE does support the Cs (surrogate) property, which Perl does not; the
+Perl documentation says "Because Perl hides the need for the user to understand
+the internal representation of Unicode characters, there is no need to
+implement the somewhat messy concept of surrogates."
+.P
+7. PCRE does support the \eQ...\eE escape for quoting substrings. Characters in
+between are treated as literals. This is slightly different from Perl in that $
+and @ are also handled as literals inside the quotes. In Perl, they cause
+variable interpolation (but of course PCRE does not have variables). Note the
+following examples:
+.sp
+    Pattern            PCRE matches      Perl matches
+.sp
+.\" JOIN
+    \eQabc$xyz\eE        abc$xyz           abc followed by the
+                                           contents of $xyz
+    \eQabc\e$xyz\eE       abc\e$xyz          abc\e$xyz
+    \eQabc\eE\e$\eQxyz\eE   abc$xyz           abc$xyz
+.sp
+The \eQ...\eE sequence is recognized both inside and outside character classes.
+.P
+8. Fairly obviously, PCRE does not support the (?{code}) and (??{code})
+constructions. However, there is support for recursive patterns. This is not
+available in Perl 5.8, but it is in Perl 5.10. Also, the PCRE "callout"
+feature allows an external function to be called during pattern matching. See
+the
+.\" HREF
+\fBpcrecallout\fP
+.\"
+documentation for details.
+.P
+9. Subpatterns that are called as subroutines (whether or not recursively) are
+always treated as atomic groups in PCRE. This is like Python, but unlike Perl.
+Captured values that are set outside a subroutine call can be reference from
+inside in PCRE, but not in Perl. There is a discussion that explains these
+differences in more detail in the
+.\" HTML <a href="pcrepattern.html#recursiondifference">
+.\" </a>
+section on recursion differences from Perl
+.\"
+in the
+.\" HREF
+\fBpcrepattern\fP
+.\"
+page.
+.P
+10. If any of the backtracking control verbs are used in a subpattern that is
+called as a subroutine (whether or not recursively), their effect is confined
+to that subpattern; it does not extend to the surrounding pattern. This is not
+always the case in Perl. In particular, if (*THEN) is present in a group that
+is called as a subroutine, its action is limited to that group, even if the
+group does not contain any | characters. Note that such subpatterns are
+processed as anchored at the point where they are tested.
+.P
+11. If a pattern contains more than one backtracking control verb, the first
+one that is backtracked onto acts. For example, in the pattern
+A(*COMMIT)B(*PRUNE)C a failure in B triggers (*COMMIT), but a failure in C
+triggers (*PRUNE). Perl's behaviour is more complex; in many cases it is the
+same as PCRE, but there are examples where it differs.
+.P
+12. Most backtracking verbs in assertions have their normal actions. They are
+not confined to the assertion.
+.P
+13. There are some differences that are concerned with the settings of captured
+strings when part of a pattern is repeated. For example, matching "aba" against
+the pattern /^(a(b)?)+$/ in Perl leaves $2 unset, but in PCRE it is set to "b".
+.P
+14. PCRE's handling of duplicate subpattern numbers and duplicate subpattern
+names is not as general as Perl's. This is a consequence of the fact the PCRE
+works internally just with numbers, using an external table to translate
+between numbers and names. In particular, a pattern such as (?|(?<a>A)|(?<b>B),
+where the two capturing parentheses have the same number but different names,
+is not supported, and causes an error at compile time. If it were allowed, it
+would not be possible to distinguish which parentheses matched, because both
+names map to capturing subpattern number 1. To avoid this confusing situation,
+an error is given at compile time.
+.P
+15. Perl recognizes comments in some places that PCRE does not, for example,
+between the ( and ? at the start of a subpattern. If the /x modifier is set,
+Perl allows white space between ( and ? (though current Perls warn that this is
+deprecated) but PCRE never does, even if the PCRE_EXTENDED option is set.
+.P
+16. Perl, when in warning mode, gives warnings for character classes such as
+[A-\ed] or [a-[:digit:]]. It then treats the hyphens as literals. PCRE has no
+warning features, so it gives an error in these cases because they are almost
+certainly user mistakes.
+.P
+17. In PCRE, the upper/lower case character properties Lu and Ll are not
+affected when case-independent matching is specified. For example, \ep{Lu}
+always matches an upper case letter. I think Perl has changed in this respect;
+in the release at the time of writing (5.16), \ep{Lu} and \ep{Ll} match all
+letters, regardless of case, when case independence is specified.
+.P
+18. PCRE provides some extensions to the Perl regular expression facilities.
+Perl 5.10 includes new features that are not in earlier versions of Perl, some
+of which (such as named parentheses) have been in PCRE for some time. This list
+is with respect to Perl 5.10:
+.sp
+(a) Although lookbehind assertions in PCRE must match fixed length strings,
+each alternative branch of a lookbehind assertion can match a different length
+of string. Perl requires them all to have the same length.
+.sp
+(b) If PCRE_DOLLAR_ENDONLY is set and PCRE_MULTILINE is not set, the $
+meta-character matches only at the very end of the string.
+.sp
+(c) If PCRE_EXTRA is set, a backslash followed by a letter with no special
+meaning is faulted. Otherwise, like Perl, the backslash is quietly ignored.
+(Perl can be made to issue a warning.)
+.sp
+(d) If PCRE_UNGREEDY is set, the greediness of the repetition quantifiers is
+inverted, that is, by default they are not greedy, but if followed by a
+question mark they are.
+.sp
+(e) PCRE_ANCHORED can be used at matching time to force a pattern to be tried
+only at the first matching position in the subject string.
+.sp
+(f) The PCRE_NOTBOL, PCRE_NOTEOL, PCRE_NOTEMPTY, PCRE_NOTEMPTY_ATSTART, and
+PCRE_NO_AUTO_CAPTURE options for \fBpcre_exec()\fP have no Perl equivalents.
+.sp
+(g) The \eR escape sequence can be restricted to match only CR, LF, or CRLF
+by the PCRE_BSR_ANYCRLF option.
+.sp
+(h) The callout facility is PCRE-specific.
+.sp
+(i) The partial matching facility is PCRE-specific.
+.sp
+(j) Patterns compiled by PCRE can be saved and re-used at a later time, even on
+different hosts that have the other endianness. However, this does not apply to
+optimized data created by the just-in-time compiler.
+.sp
+(k) The alternative matching functions (\fBpcre_dfa_exec()\fP,
+\fBpcre16_dfa_exec()\fP and \fBpcre32_dfa_exec()\fP,) match in a different way
+and are not Perl-compatible.
+.sp
+(l) PCRE recognizes some special sequences such as (*CR) at the start of
+a pattern that set overall options that cannot be changed within the pattern.
+.
+.
+.SH AUTHOR
+.rs
+.sp
+.nf
+Philip Hazel
+University Computing Service
+Cambridge CB2 3QH, England.
+.fi
+.
+.
+.SH REVISION
+.rs
+.sp
+.nf
+Last updated: 10 November 2013
+Copyright (c) 1997-2013 University of Cambridge.
+.fi
diff --git a/client/3rd/ShadowSocks/ShadowSocks/pcre/armv7/share/man/man3/pcrecpp.3 b/client/3rd/ShadowSocks/ShadowSocks/pcre/armv7/share/man/man3/pcrecpp.3
new file mode 100644
index 00000000..fbddd86a
--- /dev/null
+++ b/client/3rd/ShadowSocks/ShadowSocks/pcre/armv7/share/man/man3/pcrecpp.3
@@ -0,0 +1,348 @@
+.TH PCRECPP 3 "08 January 2012" "PCRE 8.30"
+.SH NAME
+PCRE - Perl-compatible regular expressions.
+.SH "SYNOPSIS OF C++ WRAPPER"
+.rs
+.sp
+.B #include <pcrecpp.h>
+.
+.SH DESCRIPTION
+.rs
+.sp
+The C++ wrapper for PCRE was provided by Google Inc. Some additional
+functionality was added by Giuseppe Maxia. This brief man page was constructed
+from the notes in the \fIpcrecpp.h\fP file, which should be consulted for
+further details. Note that the C++ wrapper supports only the original 8-bit
+PCRE library. There is no 16-bit or 32-bit support at present.
+.
+.
+.SH "MATCHING INTERFACE"
+.rs
+.sp
+The "FullMatch" operation checks that supplied text matches a supplied pattern
+exactly. If pointer arguments are supplied, it copies matched sub-strings that
+match sub-patterns into them.
+.sp
+  Example: successful match
+     pcrecpp::RE re("h.*o");
+     re.FullMatch("hello");
+.sp
+  Example: unsuccessful match (requires full match):
+     pcrecpp::RE re("e");
+     !re.FullMatch("hello");
+.sp
+  Example: creating a temporary RE object:
+     pcrecpp::RE("h.*o").FullMatch("hello");
+.sp
+You can pass in a "const char*" or a "string" for "text". The examples below
+tend to use a const char*. You can, as in the different examples above, store
+the RE object explicitly in a variable or use a temporary RE object. The
+examples below use one mode or the other arbitrarily. Either could correctly be
+used for any of these examples.
+.P
+You must supply extra pointer arguments to extract matched subpieces.
+.sp
+  Example: extracts "ruby" into "s" and 1234 into "i"
+     int i;
+     string s;
+     pcrecpp::RE re("(\e\ew+):(\e\ed+)");
+     re.FullMatch("ruby:1234", &s, &i);
+.sp
+  Example: does not try to extract any extra sub-patterns
+     re.FullMatch("ruby:1234", &s);
+.sp
+  Example: does not try to extract into NULL
+     re.FullMatch("ruby:1234", NULL, &i);
+.sp
+  Example: integer overflow causes failure
+     !re.FullMatch("ruby:1234567891234", NULL, &i);
+.sp
+  Example: fails because there aren't enough sub-patterns:
+     !pcrecpp::RE("\e\ew+:\e\ed+").FullMatch("ruby:1234", &s);
+.sp
+  Example: fails because string cannot be stored in integer
+     !pcrecpp::RE("(.*)").FullMatch("ruby", &i);
+.sp
+The provided pointer arguments can be pointers to any scalar numeric
+type, or one of:
+.sp
+   string        (matched piece is copied to string)
+   StringPiece   (StringPiece is mutated to point to matched piece)
+   T             (where "bool T::ParseFrom(const char*, int)" exists)
+   NULL          (the corresponding matched sub-pattern is not copied)
+.sp
+The function returns true iff all of the following conditions are satisfied:
+.sp
+  a. "text" matches "pattern" exactly;
+.sp
+  b. The number of matched sub-patterns is >= number of supplied
+     pointers;
+.sp
+  c. The "i"th argument has a suitable type for holding the
+     string captured as the "i"th sub-pattern. If you pass in
+     void * NULL for the "i"th argument, or a non-void * NULL
+     of the correct type, or pass fewer arguments than the
+     number of sub-patterns, "i"th captured sub-pattern is
+     ignored.
+.sp
+CAVEAT: An optional sub-pattern that does not exist in the matched
+string is assigned the empty string. Therefore, the following will
+return false (because the empty string is not a valid number):
+.sp
+   int number;
+   pcrecpp::RE::FullMatch("abc", "[a-z]+(\e\ed+)?", &number);
+.sp
+The matching interface supports at most 16 arguments per call.
+If you need more, consider using the more general interface
+\fBpcrecpp::RE::DoMatch\fP. See \fBpcrecpp.h\fP for the signature for
+\fBDoMatch\fP.
+.P
+NOTE: Do not use \fBno_arg\fP, which is used internally to mark the end of a
+list of optional arguments, as a placeholder for missing arguments, as this can
+lead to segfaults.
+.
+.
+.SH "QUOTING METACHARACTERS"
+.rs
+.sp
+You can use the "QuoteMeta" operation to insert backslashes before all
+potentially meaningful characters in a string. The returned string, used as a
+regular expression, will exactly match the original string.
+.sp
+  Example:
+     string quoted = RE::QuoteMeta(unquoted);
+.sp
+Note that it's legal to escape a character even if it has no special meaning in
+a regular expression -- so this function does that. (This also makes it
+identical to the perl function of the same name; see "perldoc -f quotemeta".)
+For example, "1.5-2.0?" becomes "1\e.5\e-2\e.0\e?".
+.
+.SH "PARTIAL MATCHES"
+.rs
+.sp
+You can use the "PartialMatch" operation when you want the pattern
+to match any substring of the text.
+.sp
+  Example: simple search for a string:
+     pcrecpp::RE("ell").PartialMatch("hello");
+.sp
+  Example: find first number in a string:
+     int number;
+     pcrecpp::RE re("(\e\ed+)");
+     re.PartialMatch("x*100 + 20", &number);
+     assert(number == 100);
+.
+.
+.SH "UTF-8 AND THE MATCHING INTERFACE"
+.rs
+.sp
+By default, pattern and text are plain text, one byte per character. The UTF8
+flag, passed to the constructor, causes both pattern and string to be treated
+as UTF-8 text, still a byte stream but potentially multiple bytes per
+character. In practice, the text is likelier to be UTF-8 than the pattern, but
+the match returned may depend on the UTF8 flag, so always use it when matching
+UTF8 text. For example, "." will match one byte normally but with UTF8 set may
+match up to three bytes of a multi-byte character.
+.sp
+  Example:
+     pcrecpp::RE_Options options;
+     options.set_utf8();
+     pcrecpp::RE re(utf8_pattern, options);
+     re.FullMatch(utf8_string);
+.sp
+  Example: using the convenience function UTF8():
+     pcrecpp::RE re(utf8_pattern, pcrecpp::UTF8());
+     re.FullMatch(utf8_string);
+.sp
+NOTE: The UTF8 flag is ignored if pcre was not configured with the
+      --enable-utf8 flag.
+.
+.
+.SH "PASSING MODIFIERS TO THE REGULAR EXPRESSION ENGINE"
+.rs
+.sp
+PCRE defines some modifiers to change the behavior of the regular expression
+engine. The C++ wrapper defines an auxiliary class, RE_Options, as a vehicle to
+pass such modifiers to a RE class. Currently, the following modifiers are
+supported:
+.sp
+   modifier              description               Perl corresponding
+.sp
+   PCRE_CASELESS         case insensitive match      /i
+   PCRE_MULTILINE        multiple lines match        /m
+   PCRE_DOTALL           dot matches newlines        /s
+   PCRE_DOLLAR_ENDONLY   $ matches only at end       N/A
+   PCRE_EXTRA            strict escape parsing       N/A
+   PCRE_EXTENDED         ignore white spaces         /x
+   PCRE_UTF8             handles UTF8 chars          built-in
+   PCRE_UNGREEDY         reverses * and *?           N/A
+   PCRE_NO_AUTO_CAPTURE  disables capturing parens   N/A (*)
+.sp
+(*) Both Perl and PCRE allow non capturing parentheses by means of the
+"?:" modifier within the pattern itself. e.g. (?:ab|cd) does not
+capture, while (ab|cd) does.
+.P
+For a full account on how each modifier works, please check the
+PCRE API reference page.
+.P
+For each modifier, there are two member functions whose name is made
+out of the modifier in lowercase, without the "PCRE_" prefix. For
+instance, PCRE_CASELESS is handled by
+.sp
+  bool caseless()
+.sp
+which returns true if the modifier is set, and
+.sp
+  RE_Options & set_caseless(bool)
+.sp
+which sets or unsets the modifier. Moreover, PCRE_EXTRA_MATCH_LIMIT can be
+accessed through the \fBset_match_limit()\fP and \fBmatch_limit()\fP member
+functions. Setting \fImatch_limit\fP to a non-zero value will limit the
+execution of pcre to keep it from doing bad things like blowing the stack or
+taking an eternity to return a result. A value of 5000 is good enough to stop
+stack blowup in a 2MB thread stack. Setting \fImatch_limit\fP to zero disables
+match limiting. Alternatively, you can call \fBmatch_limit_recursion()\fP
+which uses PCRE_EXTRA_MATCH_LIMIT_RECURSION to limit how much PCRE
+recurses. \fBmatch_limit()\fP limits the number of matches PCRE does;
+\fBmatch_limit_recursion()\fP limits the depth of internal recursion, and
+therefore the amount of stack that is used.
+.P
+Normally, to pass one or more modifiers to a RE class, you declare
+a \fIRE_Options\fP object, set the appropriate options, and pass this
+object to a RE constructor. Example:
+.sp
+   RE_Options opt;
+   opt.set_caseless(true);
+   if (RE("HELLO", opt).PartialMatch("hello world")) ...
+.sp
+RE_options has two constructors. The default constructor takes no arguments and
+creates a set of flags that are off by default. The optional parameter
+\fIoption_flags\fP is to facilitate transfer of legacy code from C programs.
+This lets you do
+.sp
+   RE(pattern,
+     RE_Options(PCRE_CASELESS|PCRE_MULTILINE)).PartialMatch(str);
+.sp
+However, new code is better off doing
+.sp
+   RE(pattern,
+     RE_Options().set_caseless(true).set_multiline(true))
+       .PartialMatch(str);
+.sp
+If you are going to pass one of the most used modifiers, there are some
+convenience functions that return a RE_Options class with the
+appropriate modifier already set: \fBCASELESS()\fP, \fBUTF8()\fP,
+\fBMULTILINE()\fP, \fBDOTALL\fP(), and \fBEXTENDED()\fP.
+.P
+If you need to set several options at once, and you don't want to go through
+the pains of declaring a RE_Options object and setting several options, there
+is a parallel method that give you such ability on the fly. You can concatenate
+several \fBset_xxxxx()\fP member functions, since each of them returns a
+reference to its class object. For example, to pass PCRE_CASELESS,
+PCRE_EXTENDED, and PCRE_MULTILINE to a RE with one statement, you may write:
+.sp
+   RE(" ^ xyz \e\es+ .* blah$",
+     RE_Options()
+       .set_caseless(true)
+       .set_extended(true)
+       .set_multiline(true)).PartialMatch(sometext);
+.sp
+.
+.
+.SH "SCANNING TEXT INCREMENTALLY"
+.rs
+.sp
+The "Consume" operation may be useful if you want to repeatedly
+match regular expressions at the front of a string and skip over
+them as they match. This requires use of the "StringPiece" type,
+which represents a sub-range of a real string. Like RE, StringPiece
+is defined in the pcrecpp namespace.
+.sp
+  Example: read lines of the form "var = value" from a string.
+     string contents = ...;                 // Fill string somehow
+     pcrecpp::StringPiece input(contents);  // Wrap in a StringPiece
+.sp
+     string var;
+     int value;
+     pcrecpp::RE re("(\e\ew+) = (\e\ed+)\en");
+     while (re.Consume(&input, &var, &value)) {
+       ...;
+     }
+.sp
+Each successful call to "Consume" will set "var/value", and also
+advance "input" so it points past the matched text.
+.P
+The "FindAndConsume" operation is similar to "Consume" but does not
+anchor your match at the beginning of the string. For example, you
+could extract all words from a string by repeatedly calling
+.sp
+  pcrecpp::RE("(\e\ew+)").FindAndConsume(&input, &word)
+.
+.
+.SH "PARSING HEX/OCTAL/C-RADIX NUMBERS"
+.rs
+.sp
+By default, if you pass a pointer to a numeric value, the
+corresponding text is interpreted as a base-10 number. You can
+instead wrap the pointer with a call to one of the operators Hex(),
+Octal(), or CRadix() to interpret the text in another base. The
+CRadix operator interprets C-style "0" (base-8) and "0x" (base-16)
+prefixes, but defaults to base-10.
+.sp
+  Example:
+    int a, b, c, d;
+    pcrecpp::RE re("(.*) (.*) (.*) (.*)");
+    re.FullMatch("100 40 0100 0x40",
+                 pcrecpp::Octal(&a), pcrecpp::Hex(&b),
+                 pcrecpp::CRadix(&c), pcrecpp::CRadix(&d));
+.sp
+will leave 64 in a, b, c, and d.
+.
+.
+.SH "REPLACING PARTS OF STRINGS"
+.rs
+.sp
+You can replace the first match of "pattern" in "str" with "rewrite".
+Within "rewrite", backslash-escaped digits (\e1 to \e9) can be
+used to insert text matching corresponding parenthesized group
+from the pattern. \e0 in "rewrite" refers to the entire matching
+text. For example:
+.sp
+  string s = "yabba dabba doo";
+  pcrecpp::RE("b+").Replace("d", &s);
+.sp
+will leave "s" containing "yada dabba doo". The result is true if the pattern
+matches and a replacement occurs, false otherwise.
+.P
+\fBGlobalReplace\fP is like \fBReplace\fP except that it replaces all
+occurrences of the pattern in the string with the rewrite. Replacements are
+not subject to re-matching. For example:
+.sp
+  string s = "yabba dabba doo";
+  pcrecpp::RE("b+").GlobalReplace("d", &s);
+.sp
+will leave "s" containing "yada dada doo". It returns the number of
+replacements made.
+.P
+\fBExtract\fP is like \fBReplace\fP, except that if the pattern matches,
+"rewrite" is copied into "out" (an additional argument) with substitutions.
+The non-matching portions of "text" are ignored. Returns true iff a match
+occurred and the extraction happened successfully;  if no match occurs, the
+string is left unaffected.
+.
+.
+.SH AUTHOR
+.rs
+.sp
+.nf
+The C++ wrapper was contributed by Google Inc.
+Copyright (c) 2007 Google Inc.
+.fi
+.
+.
+.SH REVISION
+.rs
+.sp
+.nf
+Last updated: 08 January 2012
+.fi
diff --git a/client/3rd/ShadowSocks/ShadowSocks/pcre/armv7/share/man/man3/pcredemo.3 b/client/3rd/ShadowSocks/ShadowSocks/pcre/armv7/share/man/man3/pcredemo.3
new file mode 100644
index 00000000..194629b1
--- /dev/null
+++ b/client/3rd/ShadowSocks/ShadowSocks/pcre/armv7/share/man/man3/pcredemo.3
@@ -0,0 +1,424 @@
+.\" Start example.
+.de EX
+.  nr mE \\n(.f
+.  nf
+.  nh
+.  ft CW
+..
+.
+.
+.\" End example.
+.de EE
+.  ft \\n(mE
+.  fi
+.  hy \\n(HY
+..
+.
+.EX
+/*************************************************
+*           PCRE DEMONSTRATION PROGRAM           *
+*************************************************/
+
+/* This is a demonstration program to illustrate the most straightforward ways
+of calling the PCRE regular expression library from a C program. See the
+pcresample documentation for a short discussion ("man pcresample" if you have
+the PCRE man pages installed).
+
+In Unix-like environments, if PCRE is installed in your standard system
+libraries, you should be able to compile this program using this command:
+
+gcc -Wall pcredemo.c -lpcre -o pcredemo
+
+If PCRE is not installed in a standard place, it is likely to be installed with
+support for the pkg-config mechanism. If you have pkg-config, you can compile
+this program using this command:
+
+gcc -Wall pcredemo.c `pkg-config --cflags --libs libpcre` -o pcredemo
+
+If you do not have pkg-config, you may have to use this:
+
+gcc -Wall pcredemo.c -I/usr/local/include -L/usr/local/lib \e
+  -R/usr/local/lib -lpcre -o pcredemo
+
+Replace "/usr/local/include" and "/usr/local/lib" with wherever the include and
+library files for PCRE are installed on your system. Only some operating
+systems (e.g. Solaris) use the -R option.
+
+Building under Windows:
+
+If you want to statically link this program against a non-dll .a file, you must
+define PCRE_STATIC before including pcre.h, otherwise the pcre_malloc() and
+pcre_free() exported functions will be declared __declspec(dllimport), with
+unwanted results. So in this environment, uncomment the following line. */
+
+/* #define PCRE_STATIC */
+
+#include <stdio.h>
+#include <string.h>
+#include <pcre.h>
+
+#define OVECCOUNT 30    /* should be a multiple of 3 */
+
+
+int main(int argc, char **argv)
+{
+pcre *re;
+const char *error;
+char *pattern;
+char *subject;
+unsigned char *name_table;
+unsigned int option_bits;
+int erroffset;
+int find_all;
+int crlf_is_newline;
+int namecount;
+int name_entry_size;
+int ovector[OVECCOUNT];
+int subject_length;
+int rc, i;
+int utf8;
+
+
+/**************************************************************************
+* First, sort out the command line. There is only one possible option at  *
+* the moment, "-g" to request repeated matching to find all occurrences,  *
+* like Perl's /g option. We set the variable find_all to a non-zero value *
+* if the -g option is present. Apart from that, there must be exactly two *
+* arguments.                                                              *
+**************************************************************************/
+
+find_all = 0;
+for (i = 1; i < argc; i++)
+  {
+  if (strcmp(argv[i], "-g") == 0) find_all = 1;
+    else break;
+  }
+
+/* After the options, we require exactly two arguments, which are the pattern,
+and the subject string. */
+
+if (argc - i != 2)
+  {
+  printf("Two arguments required: a regex and a subject string\en");
+  return 1;
+  }
+
+pattern = argv[i];
+subject = argv[i+1];
+subject_length = (int)strlen(subject);
+
+
+/*************************************************************************
+* Now we are going to compile the regular expression pattern, and handle *
+* and errors that are detected.                                          *
+*************************************************************************/
+
+re = pcre_compile(
+  pattern,              /* the pattern */
+  0,                    /* default options */
+  &error,               /* for error message */
+  &erroffset,           /* for error offset */
+  NULL);                /* use default character tables */
+
+/* Compilation failed: print the error message and exit */
+
+if (re == NULL)
+  {
+  printf("PCRE compilation failed at offset %d: %s\en", erroffset, error);
+  return 1;
+  }
+
+
+/*************************************************************************
+* If the compilation succeeded, we call PCRE again, in order to do a     *
+* pattern match against the subject string. This does just ONE match. If *
+* further matching is needed, it will be done below.                     *
+*************************************************************************/
+
+rc = pcre_exec(
+  re,                   /* the compiled pattern */
+  NULL,                 /* no extra data - we didn't study the pattern */
+  subject,              /* the subject string */
+  subject_length,       /* the length of the subject */
+  0,                    /* start at offset 0 in the subject */
+  0,                    /* default options */
+  ovector,              /* output vector for substring information */
+  OVECCOUNT);           /* number of elements in the output vector */
+
+/* Matching failed: handle error cases */
+
+if (rc < 0)
+  {
+  switch(rc)
+    {
+    case PCRE_ERROR_NOMATCH: printf("No match\en"); break;
+    /*
+    Handle other special cases if you like
+    */
+    default: printf("Matching error %d\en", rc); break;
+    }
+  pcre_free(re);     /* Release memory used for the compiled pattern */
+  return 1;
+  }
+
+/* Match succeded */
+
+printf("\enMatch succeeded at offset %d\en", ovector[0]);
+
+
+/*************************************************************************
+* We have found the first match within the subject string. If the output *
+* vector wasn't big enough, say so. Then output any substrings that were *
+* captured.                                                              *
+*************************************************************************/
+
+/* The output vector wasn't big enough */
+
+if (rc == 0)
+  {
+  rc = OVECCOUNT/3;
+  printf("ovector only has room for %d captured substrings\en", rc - 1);
+  }
+
+/* Show substrings stored in the output vector by number. Obviously, in a real
+application you might want to do things other than print them. */
+
+for (i = 0; i < rc; i++)
+  {
+  char *substring_start = subject + ovector[2*i];
+  int substring_length = ovector[2*i+1] - ovector[2*i];
+  printf("%2d: %.*s\en", i, substring_length, substring_start);
+  }
+
+
+/**************************************************************************
+* That concludes the basic part of this demonstration program. We have    *
+* compiled a pattern, and performed a single match. The code that follows *
+* shows first how to access named substrings, and then how to code for    *
+* repeated matches on the same subject.                                   *
+**************************************************************************/
+
+/* See if there are any named substrings, and if so, show them by name. First
+we have to extract the count of named parentheses from the pattern. */
+
+(void)pcre_fullinfo(
+  re,                   /* the compiled pattern */
+  NULL,                 /* no extra data - we didn't study the pattern */
+  PCRE_INFO_NAMECOUNT,  /* number of named substrings */
+  &namecount);          /* where to put the answer */
+
+if (namecount <= 0) printf("No named substrings\en"); else
+  {
+  unsigned char *tabptr;
+  printf("Named substrings\en");
+
+  /* Before we can access the substrings, we must extract the table for
+  translating names to numbers, and the size of each entry in the table. */
+
+  (void)pcre_fullinfo(
+    re,                       /* the compiled pattern */
+    NULL,                     /* no extra data - we didn't study the pattern */
+    PCRE_INFO_NAMETABLE,      /* address of the table */
+    &name_table);             /* where to put the answer */
+
+  (void)pcre_fullinfo(
+    re,                       /* the compiled pattern */
+    NULL,                     /* no extra data - we didn't study the pattern */
+    PCRE_INFO_NAMEENTRYSIZE,  /* size of each entry in the table */
+    &name_entry_size);        /* where to put the answer */
+
+  /* Now we can scan the table and, for each entry, print the number, the name,
+  and the substring itself. */
+
+  tabptr = name_table;
+  for (i = 0; i < namecount; i++)
+    {
+    int n = (tabptr[0] << 8) | tabptr[1];
+    printf("(%d) %*s: %.*s\en", n, name_entry_size - 3, tabptr + 2,
+      ovector[2*n+1] - ovector[2*n], subject + ovector[2*n]);
+    tabptr += name_entry_size;
+    }
+  }
+
+
+/*************************************************************************
+* If the "-g" option was given on the command line, we want to continue  *
+* to search for additional matches in the subject string, in a similar   *
+* way to the /g option in Perl. This turns out to be trickier than you   *
+* might think because of the possibility of matching an empty string.    *
+* What happens is as follows:                                            *
+*                                                                        *
+* If the previous match was NOT for an empty string, we can just start   *
+* the next match at the end of the previous one.                         *
+*                                                                        *
+* If the previous match WAS for an empty string, we can't do that, as it *
+* would lead to an infinite loop. Instead, a special call of pcre_exec() *
+* is made with the PCRE_NOTEMPTY_ATSTART and PCRE_ANCHORED flags set.    *
+* The first of these tells PCRE that an empty string at the start of the *
+* subject is not a valid match; other possibilities must be tried. The   *
+* second flag restricts PCRE to one match attempt at the initial string  *
+* position. If this match succeeds, an alternative to the empty string   *
+* match has been found, and we can print it and proceed round the loop,  *
+* advancing by the length of whatever was found. If this match does not  *
+* succeed, we still stay in the loop, advancing by just one character.   *
+* In UTF-8 mode, which can be set by (*UTF8) in the pattern, this may be *
+* more than one byte.                                                    *
+*                                                                        *
+* However, there is a complication concerned with newlines. When the     *
+* newline convention is such that CRLF is a valid newline, we must       *
+* advance by two characters rather than one. The newline convention can  *
+* be set in the regex by (*CR), etc.; if not, we must find the default.  *
+*************************************************************************/
+
+if (!find_all)     /* Check for -g */
+  {
+  pcre_free(re);   /* Release the memory used for the compiled pattern */
+  return 0;        /* Finish unless -g was given */
+  }
+
+/* Before running the loop, check for UTF-8 and whether CRLF is a valid newline
+sequence. First, find the options with which the regex was compiled; extract
+the UTF-8 state, and mask off all but the newline options. */
+
+(void)pcre_fullinfo(re, NULL, PCRE_INFO_OPTIONS, &option_bits);
+utf8 = option_bits & PCRE_UTF8;
+option_bits &= PCRE_NEWLINE_CR|PCRE_NEWLINE_LF|PCRE_NEWLINE_CRLF|
+               PCRE_NEWLINE_ANY|PCRE_NEWLINE_ANYCRLF;
+
+/* If no newline options were set, find the default newline convention from the
+build configuration. */
+
+if (option_bits == 0)
+  {
+  int d;
+  (void)pcre_config(PCRE_CONFIG_NEWLINE, &d);
+  /* Note that these values are always the ASCII ones, even in
+  EBCDIC environments. CR = 13, NL = 10. */
+  option_bits = (d == 13)? PCRE_NEWLINE_CR :
+          (d == 10)? PCRE_NEWLINE_LF :
+          (d == (13<<8 | 10))? PCRE_NEWLINE_CRLF :
+          (d == -2)? PCRE_NEWLINE_ANYCRLF :
+          (d == -1)? PCRE_NEWLINE_ANY : 0;
+  }
+
+/* See if CRLF is a valid newline sequence. */
+
+crlf_is_newline =
+     option_bits == PCRE_NEWLINE_ANY ||
+     option_bits == PCRE_NEWLINE_CRLF ||
+     option_bits == PCRE_NEWLINE_ANYCRLF;
+
+/* Loop for second and subsequent matches */
+
+for (;;)
+  {
+  int options = 0;                 /* Normally no options */
+  int start_offset = ovector[1];   /* Start at end of previous match */
+
+  /* If the previous match was for an empty string, we are finished if we are
+  at the end of the subject. Otherwise, arrange to run another match at the
+  same point to see if a non-empty match can be found. */
+
+  if (ovector[0] == ovector[1])
+    {
+    if (ovector[0] == subject_length) break;
+    options = PCRE_NOTEMPTY_ATSTART | PCRE_ANCHORED;
+    }
+
+  /* Run the next matching operation */
+
+  rc = pcre_exec(
+    re,                   /* the compiled pattern */
+    NULL,                 /* no extra data - we didn't study the pattern */
+    subject,              /* the subject string */
+    subject_length,       /* the length of the subject */
+    start_offset,         /* starting offset in the subject */
+    options,              /* options */
+    ovector,              /* output vector for substring information */
+    OVECCOUNT);           /* number of elements in the output vector */
+
+  /* This time, a result of NOMATCH isn't an error. If the value in "options"
+  is zero, it just means we have found all possible matches, so the loop ends.
+  Otherwise, it means we have failed to find a non-empty-string match at a
+  point where there was a previous empty-string match. In this case, we do what
+  Perl does: advance the matching position by one character, and continue. We
+  do this by setting the "end of previous match" offset, because that is picked
+  up at the top of the loop as the point at which to start again.
+
+  There are two complications: (a) When CRLF is a valid newline sequence, and
+  the current position is just before it, advance by an extra byte. (b)
+  Otherwise we must ensure that we skip an entire UTF-8 character if we are in
+  UTF-8 mode. */
+
+  if (rc == PCRE_ERROR_NOMATCH)
+    {
+    if (options == 0) break;                    /* All matches found */
+    ovector[1] = start_offset + 1;              /* Advance one byte */
+    if (crlf_is_newline &&                      /* If CRLF is newline & */
+        start_offset < subject_length - 1 &&    /* we are at CRLF, */
+        subject[start_offset] == '\er' &&
+        subject[start_offset + 1] == '\en')
+      ovector[1] += 1;                          /* Advance by one more. */
+    else if (utf8)                              /* Otherwise, ensure we */
+      {                                         /* advance a whole UTF-8 */
+      while (ovector[1] < subject_length)       /* character. */
+        {
+        if ((subject[ovector[1]] & 0xc0) != 0x80) break;
+        ovector[1] += 1;
+        }
+      }
+    continue;    /* Go round the loop again */
+    }
+
+  /* Other matching errors are not recoverable. */
+
+  if (rc < 0)
+    {
+    printf("Matching error %d\en", rc);
+    pcre_free(re);    /* Release memory used for the compiled pattern */
+    return 1;
+    }
+
+  /* Match succeded */
+
+  printf("\enMatch succeeded again at offset %d\en", ovector[0]);
+
+  /* The match succeeded, but the output vector wasn't big enough. */
+
+  if (rc == 0)
+    {
+    rc = OVECCOUNT/3;
+    printf("ovector only has room for %d captured substrings\en", rc - 1);
+    }
+
+  /* As before, show substrings stored in the output vector by number, and then
+  also any named substrings. */
+
+  for (i = 0; i < rc; i++)
+    {
+    char *substring_start = subject + ovector[2*i];
+    int substring_length = ovector[2*i+1] - ovector[2*i];
+    printf("%2d: %.*s\en", i, substring_length, substring_start);
+    }
+
+  if (namecount <= 0) printf("No named substrings\en"); else
+    {
+    unsigned char *tabptr = name_table;
+    printf("Named substrings\en");
+    for (i = 0; i < namecount; i++)
+      {
+      int n = (tabptr[0] << 8) | tabptr[1];
+      printf("(%d) %*s: %.*s\en", n, name_entry_size - 3, tabptr + 2,
+        ovector[2*n+1] - ovector[2*n], subject + ovector[2*n]);
+      tabptr += name_entry_size;
+      }
+    }
+  }      /* End of loop to find second and subsequent matches */
+
+printf("\en");
+pcre_free(re);       /* Release memory used for the compiled pattern */
+return 0;
+}
+
+/* End of pcredemo.c */
+.EE
diff --git a/client/3rd/ShadowSocks/ShadowSocks/pcre/armv7/share/man/man3/pcrejit.3 b/client/3rd/ShadowSocks/ShadowSocks/pcre/armv7/share/man/man3/pcrejit.3
new file mode 100644
index 00000000..3b785f0f
--- /dev/null
+++ b/client/3rd/ShadowSocks/ShadowSocks/pcre/armv7/share/man/man3/pcrejit.3
@@ -0,0 +1,473 @@
+.TH PCREJIT 3 "05 July 2017" "PCRE 8.41"
+.SH NAME
+PCRE - Perl-compatible regular expressions
+.SH "PCRE JUST-IN-TIME COMPILER SUPPORT"
+.rs
+.sp
+Just-in-time compiling is a heavyweight optimization that can greatly speed up
+pattern matching. However, it comes at the cost of extra processing before the
+match is performed. Therefore, it is of most benefit when the same pattern is
+going to be matched many times. This does not necessarily mean many calls of a
+matching function; if the pattern is not anchored, matching attempts may take
+place many times at various positions in the subject, even for a single call.
+Therefore, if the subject string is very long, it may still pay to use JIT for
+one-off matches.
+.P
+JIT support applies only to the traditional Perl-compatible matching function.
+It does not apply when the DFA matching function is being used. The code for
+this support was written by Zoltan Herczeg.
+.
+.
+.SH "8-BIT, 16-BIT AND 32-BIT SUPPORT"
+.rs
+.sp
+JIT support is available for all of the 8-bit, 16-bit and 32-bit PCRE
+libraries. To keep this documentation simple, only the 8-bit interface is
+described in what follows. If you are using the 16-bit library, substitute the
+16-bit functions and 16-bit structures (for example, \fIpcre16_jit_stack\fP
+instead of \fIpcre_jit_stack\fP). If you are using the 32-bit library,
+substitute the 32-bit functions and 32-bit structures (for example,
+\fIpcre32_jit_stack\fP instead of \fIpcre_jit_stack\fP).
+.
+.
+.SH "AVAILABILITY OF JIT SUPPORT"
+.rs
+.sp
+JIT support is an optional feature of PCRE. The "configure" option --enable-jit
+(or equivalent CMake option) must be set when PCRE is built if you want to use
+JIT. The support is limited to the following hardware platforms:
+.sp
+  ARM v5, v7, and Thumb2
+  Intel x86 32-bit and 64-bit
+  MIPS 32-bit
+  Power PC 32-bit and 64-bit
+  SPARC 32-bit (experimental)
+.sp
+If --enable-jit is set on an unsupported platform, compilation fails.
+.P
+A program that is linked with PCRE 8.20 or later can tell if JIT support is
+available by calling \fBpcre_config()\fP with the PCRE_CONFIG_JIT option. The
+result is 1 when JIT is available, and 0 otherwise. However, a simple program
+does not need to check this in order to use JIT. The normal API is implemented
+in a way that falls back to the interpretive code if JIT is not available. For
+programs that need the best possible performance, there is also a "fast path"
+API that is JIT-specific.
+.P
+If your program may sometimes be linked with versions of PCRE that are older
+than 8.20, but you want to use JIT when it is available, you can test the
+values of PCRE_MAJOR and PCRE_MINOR, or the existence of a JIT macro such as
+PCRE_CONFIG_JIT, for compile-time control of your code. Also beware that the
+\fBpcre_jit_exec()\fP function was not available at all before 8.32,
+and may not be available at all if PCRE isn't compiled with
+--enable-jit. See the "JIT FAST PATH API" section below for details.
+.
+.
+.SH "SIMPLE USE OF JIT"
+.rs
+.sp
+You have to do two things to make use of the JIT support in the simplest way:
+.sp
+  (1) Call \fBpcre_study()\fP with the PCRE_STUDY_JIT_COMPILE option for
+      each compiled pattern, and pass the resulting \fBpcre_extra\fP block to
+      \fBpcre_exec()\fP.
+.sp
+  (2) Use \fBpcre_free_study()\fP to free the \fBpcre_extra\fP block when it is
+      no longer needed, instead of just freeing it yourself. This ensures that
+      any JIT data is also freed.
+.sp
+For a program that may be linked with pre-8.20 versions of PCRE, you can insert
+.sp
+  #ifndef PCRE_STUDY_JIT_COMPILE
+  #define PCRE_STUDY_JIT_COMPILE 0
+  #endif
+.sp
+so that no option is passed to \fBpcre_study()\fP, and then use something like
+this to free the study data:
+.sp
+  #ifdef PCRE_CONFIG_JIT
+      pcre_free_study(study_ptr);
+  #else
+      pcre_free(study_ptr);
+  #endif
+.sp
+PCRE_STUDY_JIT_COMPILE requests the JIT compiler to generate code for complete
+matches. If you want to run partial matches using the PCRE_PARTIAL_HARD or
+PCRE_PARTIAL_SOFT options of \fBpcre_exec()\fP, you should set one or both of
+the following options in addition to, or instead of, PCRE_STUDY_JIT_COMPILE
+when you call \fBpcre_study()\fP:
+.sp
+  PCRE_STUDY_JIT_PARTIAL_HARD_COMPILE
+  PCRE_STUDY_JIT_PARTIAL_SOFT_COMPILE
+.sp
+If using \fBpcre_jit_exec()\fP and supporting a pre-8.32 version of
+PCRE, you can insert:
+.sp
+   #if PCRE_MAJOR >= 8 && PCRE_MINOR >= 32
+   pcre_jit_exec(...);
+   #else
+   pcre_exec(...)
+   #endif
+.sp
+but as described in the "JIT FAST PATH API" section below this assumes
+version 8.32 and later are compiled with --enable-jit, which may
+break.
+.sp
+The JIT compiler generates different optimized code for each of the three
+modes (normal, soft partial, hard partial). When \fBpcre_exec()\fP is called,
+the appropriate code is run if it is available. Otherwise, the pattern is
+matched using interpretive code.
+.P
+In some circumstances you may need to call additional functions. These are
+described in the section entitled
+.\" HTML <a href="#stackcontrol">
+.\" </a>
+"Controlling the JIT stack"
+.\"
+below.
+.P
+If JIT support is not available, PCRE_STUDY_JIT_COMPILE etc. are ignored, and
+no JIT data is created. Otherwise, the compiled pattern is passed to the JIT
+compiler, which turns it into machine code that executes much faster than the
+normal interpretive code. When \fBpcre_exec()\fP is passed a \fBpcre_extra\fP
+block containing a pointer to JIT code of the appropriate mode (normal or
+hard/soft partial), it obeys that code instead of running the interpreter. The
+result is identical, but the compiled JIT code runs much faster.
+.P
+There are some \fBpcre_exec()\fP options that are not supported for JIT
+execution. There are also some pattern items that JIT cannot handle. Details
+are given below. In both cases, execution automatically falls back to the
+interpretive code. If you want to know whether JIT was actually used for a
+particular match, you should arrange for a JIT callback function to be set up
+as described in the section entitled
+.\" HTML <a href="#stackcontrol">
+.\" </a>
+"Controlling the JIT stack"
+.\"
+below, even if you do not need to supply a non-default JIT stack. Such a
+callback function is called whenever JIT code is about to be obeyed. If the
+execution options are not right for JIT execution, the callback function is not
+obeyed.
+.P
+If the JIT compiler finds an unsupported item, no JIT data is generated. You
+can find out if JIT execution is available after studying a pattern by calling
+\fBpcre_fullinfo()\fP with the PCRE_INFO_JIT option. A result of 1 means that
+JIT compilation was successful. A result of 0 means that JIT support is not
+available, or the pattern was not studied with PCRE_STUDY_JIT_COMPILE etc., or
+the JIT compiler was not able to handle the pattern.
+.P
+Once a pattern has been studied, with or without JIT, it can be used as many
+times as you like for matching different subject strings.
+.
+.
+.SH "UNSUPPORTED OPTIONS AND PATTERN ITEMS"
+.rs
+.sp
+The only \fBpcre_exec()\fP options that are supported for JIT execution are
+PCRE_NO_UTF8_CHECK, PCRE_NO_UTF16_CHECK, PCRE_NO_UTF32_CHECK, PCRE_NOTBOL,
+PCRE_NOTEOL, PCRE_NOTEMPTY, PCRE_NOTEMPTY_ATSTART, PCRE_PARTIAL_HARD, and
+PCRE_PARTIAL_SOFT.
+.P
+The only unsupported pattern items are \eC (match a single data unit) when
+running in a UTF mode, and a callout immediately before an assertion condition
+in a conditional group.
+.
+.
+.SH "RETURN VALUES FROM JIT EXECUTION"
+.rs
+.sp
+When a pattern is matched using JIT execution, the return values are the same
+as those given by the interpretive \fBpcre_exec()\fP code, with the addition of
+one new error code: PCRE_ERROR_JIT_STACKLIMIT. This means that the memory used
+for the JIT stack was insufficient. See
+.\" HTML <a href="#stackcontrol">
+.\" </a>
+"Controlling the JIT stack"
+.\"
+below for a discussion of JIT stack usage. For compatibility with the
+interpretive \fBpcre_exec()\fP code, no more than two-thirds of the
+\fIovector\fP argument is used for passing back captured substrings.
+.P
+The error code PCRE_ERROR_MATCHLIMIT is returned by the JIT code if searching a
+very large pattern tree goes on for too long, as it is in the same circumstance
+when JIT is not used, but the details of exactly what is counted are not the
+same. The PCRE_ERROR_RECURSIONLIMIT error code is never returned by JIT
+execution.
+.
+.
+.SH "SAVING AND RESTORING COMPILED PATTERNS"
+.rs
+.sp
+The code that is generated by the JIT compiler is architecture-specific, and is
+also position dependent. For those reasons it cannot be saved (in a file or
+database) and restored later like the bytecode and other data of a compiled
+pattern. Saving and restoring compiled patterns is not something many people
+do. More detail about this facility is given in the
+.\" HREF
+\fBpcreprecompile\fP
+.\"
+documentation. It should be possible to run \fBpcre_study()\fP on a saved and
+restored pattern, and thereby recreate the JIT data, but because JIT
+compilation uses significant resources, it is probably not worth doing this;
+you might as well recompile the original pattern.
+.
+.
+.\" HTML <a name="stackcontrol"></a>
+.SH "CONTROLLING THE JIT STACK"
+.rs
+.sp
+When the compiled JIT code runs, it needs a block of memory to use as a stack.
+By default, it uses 32K on the machine stack. However, some large or
+complicated patterns need more than this. The error PCRE_ERROR_JIT_STACKLIMIT
+is given when there is not enough stack. Three functions are provided for
+managing blocks of memory for use as JIT stacks. There is further discussion
+about the use of JIT stacks in the section entitled
+.\" HTML <a href="#stackcontrol">
+.\" </a>
+"JIT stack FAQ"
+.\"
+below.
+.P
+The \fBpcre_jit_stack_alloc()\fP function creates a JIT stack. Its arguments
+are a starting size and a maximum size, and it returns a pointer to an opaque
+structure of type \fBpcre_jit_stack\fP, or NULL if there is an error. The
+\fBpcre_jit_stack_free()\fP function can be used to free a stack that is no
+longer needed. (For the technically minded: the address space is allocated by
+mmap or VirtualAlloc.)
+.P
+JIT uses far less memory for recursion than the interpretive code,
+and a maximum stack size of 512K to 1M should be more than enough for any
+pattern.
+.P
+The \fBpcre_assign_jit_stack()\fP function specifies which stack JIT code
+should use. Its arguments are as follows:
+.sp
+  pcre_extra         *extra
+  pcre_jit_callback  callback
+  void               *data
+.sp
+The \fIextra\fP argument must be the result of studying a pattern with
+PCRE_STUDY_JIT_COMPILE etc. There are three cases for the values of the other
+two options:
+.sp
+  (1) If \fIcallback\fP is NULL and \fIdata\fP is NULL, an internal 32K block
+      on the machine stack is used.
+.sp
+  (2) If \fIcallback\fP is NULL and \fIdata\fP is not NULL, \fIdata\fP must be
+      a valid JIT stack, the result of calling \fBpcre_jit_stack_alloc()\fP.
+.sp
+  (3) If \fIcallback\fP is not NULL, it must point to a function that is
+      called with \fIdata\fP as an argument at the start of matching, in
+      order to set up a JIT stack. If the return from the callback
+      function is NULL, the internal 32K stack is used; otherwise the
+      return value must be a valid JIT stack, the result of calling
+      \fBpcre_jit_stack_alloc()\fP.
+.sp
+A callback function is obeyed whenever JIT code is about to be run; it is not
+obeyed when \fBpcre_exec()\fP is called with options that are incompatible for
+JIT execution. A callback function can therefore be used to determine whether a
+match operation was executed by JIT or by the interpreter.
+.P
+You may safely use the same JIT stack for more than one pattern (either by
+assigning directly or by callback), as long as the patterns are all matched
+sequentially in the same thread. In a multithread application, if you do not
+specify a JIT stack, or if you assign or pass back NULL from a callback, that
+is thread-safe, because each thread has its own machine stack. However, if you
+assign or pass back a non-NULL JIT stack, this must be a different stack for
+each thread so that the application is thread-safe.
+.P
+Strictly speaking, even more is allowed. You can assign the same non-NULL stack
+to any number of patterns as long as they are not used for matching by multiple
+threads at the same time. For example, you can assign the same stack to all
+compiled patterns, and use a global mutex in the callback to wait until the
+stack is available for use. However, this is an inefficient solution, and not
+recommended.
+.P
+This is a suggestion for how a multithreaded program that needs to set up
+non-default JIT stacks might operate:
+.sp
+  During thread initalization
+    thread_local_var = pcre_jit_stack_alloc(...)
+.sp
+  During thread exit
+    pcre_jit_stack_free(thread_local_var)
+.sp
+  Use a one-line callback function
+    return thread_local_var
+.sp
+All the functions described in this section do nothing if JIT is not available,
+and \fBpcre_assign_jit_stack()\fP does nothing unless the \fBextra\fP argument
+is non-NULL and points to a \fBpcre_extra\fP block that is the result of a
+successful study with PCRE_STUDY_JIT_COMPILE etc.
+.
+.
+.\" HTML <a name="stackfaq"></a>
+.SH "JIT STACK FAQ"
+.rs
+.sp
+(1) Why do we need JIT stacks?
+.sp
+PCRE (and JIT) is a recursive, depth-first engine, so it needs a stack where
+the local data of the current node is pushed before checking its child nodes.
+Allocating real machine stack on some platforms is difficult. For example, the
+stack chain needs to be updated every time if we extend the stack on PowerPC.
+Although it is possible, its updating time overhead decreases performance. So
+we do the recursion in memory.
+.P
+(2) Why don't we simply allocate blocks of memory with \fBmalloc()\fP?
+.sp
+Modern operating systems have a nice feature: they can reserve an address space
+instead of allocating memory. We can safely allocate memory pages inside this
+address space, so the stack could grow without moving memory data (this is
+important because of pointers). Thus we can allocate 1M address space, and use
+only a single memory page (usually 4K) if that is enough. However, we can still
+grow up to 1M anytime if needed.
+.P
+(3) Who "owns" a JIT stack?
+.sp
+The owner of the stack is the user program, not the JIT studied pattern or
+anything else. The user program must ensure that if a stack is used by
+\fBpcre_exec()\fP, (that is, it is assigned to the pattern currently running),
+that stack must not be used by any other threads (to avoid overwriting the same
+memory area). The best practice for multithreaded programs is to allocate a
+stack for each thread, and return this stack through the JIT callback function.
+.P
+(4) When should a JIT stack be freed?
+.sp
+You can free a JIT stack at any time, as long as it will not be used by
+\fBpcre_exec()\fP again. When you assign the stack to a pattern, only a pointer
+is set. There is no reference counting or any other magic. You can free the
+patterns and stacks in any order, anytime. Just \fIdo not\fP call
+\fBpcre_exec()\fP with a pattern pointing to an already freed stack, as that
+will cause SEGFAULT. (Also, do not free a stack currently used by
+\fBpcre_exec()\fP in another thread). You can also replace the stack for a
+pattern at any time. You can even free the previous stack before assigning a
+replacement.
+.P
+(5) Should I allocate/free a stack every time before/after calling
+\fBpcre_exec()\fP?
+.sp
+No, because this is too costly in terms of resources. However, you could
+implement some clever idea which release the stack if it is not used in let's
+say two minutes. The JIT callback can help to achieve this without keeping a
+list of the currently JIT studied patterns.
+.P
+(6) OK, the stack is for long term memory allocation. But what happens if a
+pattern causes stack overflow with a stack of 1M? Is that 1M kept until the
+stack is freed?
+.sp
+Especially on embedded sytems, it might be a good idea to release memory
+sometimes without freeing the stack. There is no API for this at the moment.
+Probably a function call which returns with the currently allocated memory for
+any stack and another which allows releasing memory (shrinking the stack) would
+be a good idea if someone needs this.
+.P
+(7) This is too much of a headache. Isn't there any better solution for JIT
+stack handling?
+.sp
+No, thanks to Windows. If POSIX threads were used everywhere, we could throw
+out this complicated API.
+.
+.
+.SH "EXAMPLE CODE"
+.rs
+.sp
+This is a single-threaded example that specifies a JIT stack without using a
+callback.
+.sp
+  int rc;
+  int ovector[30];
+  pcre *re;
+  pcre_extra *extra;
+  pcre_jit_stack *jit_stack;
+.sp
+  re = pcre_compile(pattern, 0, &error, &erroffset, NULL);
+  /* Check for errors */
+  extra = pcre_study(re, PCRE_STUDY_JIT_COMPILE, &error);
+  jit_stack = pcre_jit_stack_alloc(32*1024, 512*1024);
+  /* Check for error (NULL) */
+  pcre_assign_jit_stack(extra, NULL, jit_stack);
+  rc = pcre_exec(re, extra, subject, length, 0, 0, ovector, 30);
+  /* Check results */
+  pcre_free(re);
+  pcre_free_study(extra);
+  pcre_jit_stack_free(jit_stack);
+.sp
+.
+.
+.SH "JIT FAST PATH API"
+.rs
+.sp
+Because the API described above falls back to interpreted execution when JIT is
+not available, it is convenient for programs that are written for general use
+in many environments. However, calling JIT via \fBpcre_exec()\fP does have a
+performance impact. Programs that are written for use where JIT is known to be
+available, and which need the best possible performance, can instead use a
+"fast path" API to call JIT execution directly instead of calling
+\fBpcre_exec()\fP (obviously only for patterns that have been successfully
+studied by JIT).
+.P
+The fast path function is called \fBpcre_jit_exec()\fP, and it takes exactly
+the same arguments as \fBpcre_exec()\fP, plus one additional argument that
+must point to a JIT stack. The JIT stack arrangements described above do not
+apply. The return values are the same as for \fBpcre_exec()\fP.
+.P
+When you call \fBpcre_exec()\fP, as well as testing for invalid options, a
+number of other sanity checks are performed on the arguments. For example, if
+the subject pointer is NULL, or its length is negative, an immediate error is
+given. Also, unless PCRE_NO_UTF[8|16|32] is set, a UTF subject string is tested
+for validity. In the interests of speed, these checks do not happen on the JIT
+fast path, and if invalid data is passed, the result is undefined.
+.P
+Bypassing the sanity checks and the \fBpcre_exec()\fP wrapping can give
+speedups of more than 10%.
+.P
+Note that the \fBpcre_jit_exec()\fP function is not available in versions of
+PCRE before 8.32 (released in November 2012). If you need to support versions
+that old you must either use the slower \fBpcre_exec()\fP, or switch between
+the two codepaths by checking the values of PCRE_MAJOR and PCRE_MINOR.
+.P
+Due to an unfortunate implementation oversight, even in versions 8.32
+and later there will be no \fBpcre_jit_exec()\fP stub function defined
+when PCRE is compiled with --disable-jit, which is the default, and
+there's no way to detect whether PCRE was compiled with --enable-jit
+via a macro.
+.P
+If you need to support versions older than 8.32, or versions that may
+not build with --enable-jit, you must either use the slower
+\fBpcre_exec()\fP, or switch between the two codepaths by checking the
+values of PCRE_MAJOR and PCRE_MINOR.
+.P
+Switching between the two by checking the version assumes that all the
+versions being targeted are built with --enable-jit. To also support
+builds that may use --disable-jit either \fBpcre_exec()\fP must be
+used, or a compile-time check for JIT via \fBpcre_config()\fP (which
+assumes the runtime environment will be the same), or as the Git
+project decided to do, simply assume that \fBpcre_jit_exec()\fP is
+present in 8.32 or later unless a compile-time flag is provided, see
+the "grep: un-break building with PCRE >= 8.32 without --enable-jit"
+commit in git.git for an example of that.
+.
+.
+.SH "SEE ALSO"
+.rs
+.sp
+\fBpcreapi\fP(3)
+.
+.
+.SH AUTHOR
+.rs
+.sp
+.nf
+Philip Hazel (FAQ by Zoltan Herczeg)
+University Computing Service
+Cambridge CB2 3QH, England.
+.fi
+.
+.
+.SH REVISION
+.rs
+.sp
+.nf
+Last updated: 05 July 2017
+Copyright (c) 1997-2017 University of Cambridge.
+.fi
diff --git a/client/3rd/ShadowSocks/ShadowSocks/pcre/armv7/share/man/man3/pcrelimits.3 b/client/3rd/ShadowSocks/ShadowSocks/pcre/armv7/share/man/man3/pcrelimits.3
new file mode 100644
index 00000000..423d6a27
--- /dev/null
+++ b/client/3rd/ShadowSocks/ShadowSocks/pcre/armv7/share/man/man3/pcrelimits.3
@@ -0,0 +1,71 @@
+.TH PCRELIMITS 3 "05 November 2013" "PCRE 8.34"
+.SH NAME
+PCRE - Perl-compatible regular expressions
+.SH "SIZE AND OTHER LIMITATIONS"
+.rs
+.sp
+There are some size limitations in PCRE but it is hoped that they will never in
+practice be relevant.
+.P
+The maximum length of a compiled pattern is approximately 64K data units (bytes
+for the 8-bit library, 16-bit units for the 16-bit library, and 32-bit units for
+the 32-bit library) if PCRE is compiled with the default internal linkage size,
+which is 2 bytes for the 8-bit and 16-bit libraries, and 4 bytes for the 32-bit
+library. If you want to process regular expressions that are truly enormous,
+you can compile PCRE with an internal linkage size of 3 or 4 (when building the
+16-bit or 32-bit library, 3 is rounded up to 4). See the \fBREADME\fP file in
+the source distribution and the
+.\" HREF
+\fBpcrebuild\fP
+.\"
+documentation for details. In these cases the limit is substantially larger.
+However, the speed of execution is slower.
+.P
+All values in repeating quantifiers must be less than 65536.
+.P
+There is no limit to the number of parenthesized subpatterns, but there can be
+no more than 65535 capturing subpatterns. There is, however, a limit to the
+depth of nesting of parenthesized subpatterns of all kinds. This is imposed in
+order to limit the amount of system stack used at compile time. The limit can
+be specified when PCRE is built; the default is 250.
+.P
+There is a limit to the number of forward references to subsequent subpatterns
+of around 200,000. Repeated forward references with fixed upper limits, for
+example, (?2){0,100} when subpattern number 2 is to the right, are included in
+the count. There is no limit to the number of backward references.
+.P
+The maximum length of name for a named subpattern is 32 characters, and the
+maximum number of named subpatterns is 10000.
+.P
+The maximum length of a name in a (*MARK), (*PRUNE), (*SKIP), or (*THEN) verb
+is 255 for the 8-bit library and 65535 for the 16-bit and 32-bit libraries.
+.P
+The maximum length of a subject string is the largest positive number that an
+integer variable can hold. However, when using the traditional matching
+function, PCRE uses recursion to handle subpatterns and indefinite repetition.
+This means that the available stack space may limit the size of a subject
+string that can be processed by certain patterns. For a discussion of stack
+issues, see the
+.\" HREF
+\fBpcrestack\fP
+.\"
+documentation.
+.
+.
+.SH AUTHOR
+.rs
+.sp
+.nf
+Philip Hazel
+University Computing Service
+Cambridge CB2 3QH, England.
+.fi
+.
+.
+.SH REVISION
+.rs
+.sp
+.nf
+Last updated: 05 November 2013
+Copyright (c) 1997-2013 University of Cambridge.
+.fi
diff --git a/client/3rd/ShadowSocks/ShadowSocks/pcre/armv7/share/man/man3/pcrematching.3 b/client/3rd/ShadowSocks/ShadowSocks/pcre/armv7/share/man/man3/pcrematching.3
new file mode 100644
index 00000000..268baf9b
--- /dev/null
+++ b/client/3rd/ShadowSocks/ShadowSocks/pcre/armv7/share/man/man3/pcrematching.3
@@ -0,0 +1,214 @@
+.TH PCREMATCHING 3 "12 November 2013" "PCRE 8.34"
+.SH NAME
+PCRE - Perl-compatible regular expressions
+.SH "PCRE MATCHING ALGORITHMS"
+.rs
+.sp
+This document describes the two different algorithms that are available in PCRE
+for matching a compiled regular expression against a given subject string. The
+"standard" algorithm is the one provided by the \fBpcre_exec()\fP,
+\fBpcre16_exec()\fP and \fBpcre32_exec()\fP functions. These work in the same
+as as Perl's matching function, and provide a Perl-compatible matching operation.
+The just-in-time (JIT) optimization that is described in the
+.\" HREF
+\fBpcrejit\fP
+.\"
+documentation is compatible with these functions.
+.P
+An alternative algorithm is provided by the \fBpcre_dfa_exec()\fP,
+\fBpcre16_dfa_exec()\fP and \fBpcre32_dfa_exec()\fP functions; they operate in
+a different way, and are not Perl-compatible. This alternative has advantages
+and disadvantages compared with the standard algorithm, and these are described
+below.
+.P
+When there is only one possible way in which a given subject string can match a
+pattern, the two algorithms give the same answer. A difference arises, however,
+when there are multiple possibilities. For example, if the pattern
+.sp
+  ^<.*>
+.sp
+is matched against the string
+.sp
+  <something> <something else> <something further>
+.sp
+there are three possible answers. The standard algorithm finds only one of
+them, whereas the alternative algorithm finds all three.
+.
+.
+.SH "REGULAR EXPRESSIONS AS TREES"
+.rs
+.sp
+The set of strings that are matched by a regular expression can be represented
+as a tree structure. An unlimited repetition in the pattern makes the tree of
+infinite size, but it is still a tree. Matching the pattern to a given subject
+string (from a given starting point) can be thought of as a search of the tree.
+There are two ways to search a tree: depth-first and breadth-first, and these
+correspond to the two matching algorithms provided by PCRE.
+.
+.
+.SH "THE STANDARD MATCHING ALGORITHM"
+.rs
+.sp
+In the terminology of Jeffrey Friedl's book "Mastering Regular
+Expressions", the standard algorithm is an "NFA algorithm". It conducts a
+depth-first search of the pattern tree. That is, it proceeds along a single
+path through the tree, checking that the subject matches what is required. When
+there is a mismatch, the algorithm tries any alternatives at the current point,
+and if they all fail, it backs up to the previous branch point in the tree, and
+tries the next alternative branch at that level. This often involves backing up
+(moving to the left) in the subject string as well. The order in which
+repetition branches are tried is controlled by the greedy or ungreedy nature of
+the quantifier.
+.P
+If a leaf node is reached, a matching string has been found, and at that point
+the algorithm stops. Thus, if there is more than one possible match, this
+algorithm returns the first one that it finds. Whether this is the shortest,
+the longest, or some intermediate length depends on the way the greedy and
+ungreedy repetition quantifiers are specified in the pattern.
+.P
+Because it ends up with a single path through the tree, it is relatively
+straightforward for this algorithm to keep track of the substrings that are
+matched by portions of the pattern in parentheses. This provides support for
+capturing parentheses and back references.
+.
+.
+.SH "THE ALTERNATIVE MATCHING ALGORITHM"
+.rs
+.sp
+This algorithm conducts a breadth-first search of the tree. Starting from the
+first matching point in the subject, it scans the subject string from left to
+right, once, character by character, and as it does this, it remembers all the
+paths through the tree that represent valid matches. In Friedl's terminology,
+this is a kind of "DFA algorithm", though it is not implemented as a
+traditional finite state machine (it keeps multiple states active
+simultaneously).
+.P
+Although the general principle of this matching algorithm is that it scans the
+subject string only once, without backtracking, there is one exception: when a
+lookaround assertion is encountered, the characters following or preceding the
+current point have to be independently inspected.
+.P
+The scan continues until either the end of the subject is reached, or there are
+no more unterminated paths. At this point, terminated paths represent the
+different matching possibilities (if there are none, the match has failed).
+Thus, if there is more than one possible match, this algorithm finds all of
+them, and in particular, it finds the longest. The matches are returned in
+decreasing order of length. There is an option to stop the algorithm after the
+first match (which is necessarily the shortest) is found.
+.P
+Note that all the matches that are found start at the same point in the
+subject. If the pattern
+.sp
+  cat(er(pillar)?)?
+.sp
+is matched against the string "the caterpillar catchment", the result will be
+the three strings "caterpillar", "cater", and "cat" that start at the fifth
+character of the subject. The algorithm does not automatically move on to find
+matches that start at later positions.
+.P
+PCRE's "auto-possessification" optimization usually applies to character
+repeats at the end of a pattern (as well as internally). For example, the
+pattern "a\ed+" is compiled as if it were "a\ed++" because there is no point
+even considering the possibility of backtracking into the repeated digits. For
+DFA matching, this means that only one possible match is found. If you really
+do want multiple matches in such cases, either use an ungreedy repeat
+("a\ed+?") or set the PCRE_NO_AUTO_POSSESS option when compiling.
+.P
+There are a number of features of PCRE regular expressions that are not
+supported by the alternative matching algorithm. They are as follows:
+.P
+1. Because the algorithm finds all possible matches, the greedy or ungreedy
+nature of repetition quantifiers is not relevant. Greedy and ungreedy
+quantifiers are treated in exactly the same way. However, possessive
+quantifiers can make a difference when what follows could also match what is
+quantified, for example in a pattern like this:
+.sp
+  ^a++\ew!
+.sp
+This pattern matches "aaab!" but not "aaa!", which would be matched by a
+non-possessive quantifier. Similarly, if an atomic group is present, it is
+matched as if it were a standalone pattern at the current point, and the
+longest match is then "locked in" for the rest of the overall pattern.
+.P
+2. When dealing with multiple paths through the tree simultaneously, it is not
+straightforward to keep track of captured substrings for the different matching
+possibilities, and PCRE's implementation of this algorithm does not attempt to
+do this. This means that no captured substrings are available.
+.P
+3. Because no substrings are captured, back references within the pattern are
+not supported, and cause errors if encountered.
+.P
+4. For the same reason, conditional expressions that use a backreference as the
+condition or test for a specific group recursion are not supported.
+.P
+5. Because many paths through the tree may be active, the \eK escape sequence,
+which resets the start of the match when encountered (but may be on some paths
+and not on others), is not supported. It causes an error if encountered.
+.P
+6. Callouts are supported, but the value of the \fIcapture_top\fP field is
+always 1, and the value of the \fIcapture_last\fP field is always -1.
+.P
+7. The \eC escape sequence, which (in the standard algorithm) always matches a
+single data unit, even in UTF-8, UTF-16 or UTF-32 modes, is not supported in
+these modes, because the alternative algorithm moves through the subject string
+one character (not data unit) at a time, for all active paths through the tree.
+.P
+8. Except for (*FAIL), the backtracking control verbs such as (*PRUNE) are not
+supported. (*FAIL) is supported, and behaves like a failing negative assertion.
+.
+.
+.SH "ADVANTAGES OF THE ALTERNATIVE ALGORITHM"
+.rs
+.sp
+Using the alternative matching algorithm provides the following advantages:
+.P
+1. All possible matches (at a single point in the subject) are automatically
+found, and in particular, the longest match is found. To find more than one
+match using the standard algorithm, you have to do kludgy things with
+callouts.
+.P
+2. Because the alternative algorithm scans the subject string just once, and
+never needs to backtrack (except for lookbehinds), it is possible to pass very
+long subject strings to the matching function in several pieces, checking for
+partial matching each time. Although it is possible to do multi-segment
+matching using the standard algorithm by retaining partially matched
+substrings, it is more complicated. The
+.\" HREF
+\fBpcrepartial\fP
+.\"
+documentation gives details of partial matching and discusses multi-segment
+matching.
+.
+.
+.SH "DISADVANTAGES OF THE ALTERNATIVE ALGORITHM"
+.rs
+.sp
+The alternative algorithm suffers from a number of disadvantages:
+.P
+1. It is substantially slower than the standard algorithm. This is partly
+because it has to search for all possible matches, but is also because it is
+less susceptible to optimization.
+.P
+2. Capturing parentheses and back references are not supported.
+.P
+3. Although atomic groups are supported, their use does not provide the
+performance advantage that it does for the standard algorithm.
+.
+.
+.SH AUTHOR
+.rs
+.sp
+.nf
+Philip Hazel
+University Computing Service
+Cambridge CB2 3QH, England.
+.fi
+.
+.
+.SH REVISION
+.rs
+.sp
+.nf
+Last updated: 12 November 2013
+Copyright (c) 1997-2012 University of Cambridge.
+.fi
diff --git a/client/3rd/ShadowSocks/ShadowSocks/pcre/armv7/share/man/man3/pcrepartial.3 b/client/3rd/ShadowSocks/ShadowSocks/pcre/armv7/share/man/man3/pcrepartial.3
new file mode 100644
index 00000000..14d0124f
--- /dev/null
+++ b/client/3rd/ShadowSocks/ShadowSocks/pcre/armv7/share/man/man3/pcrepartial.3
@@ -0,0 +1,476 @@
+.TH PCREPARTIAL 3 "02 July 2013" "PCRE 8.34"
+.SH NAME
+PCRE - Perl-compatible regular expressions
+.SH "PARTIAL MATCHING IN PCRE"
+.rs
+.sp
+In normal use of PCRE, if the subject string that is passed to a matching
+function matches as far as it goes, but is too short to match the entire
+pattern, PCRE_ERROR_NOMATCH is returned. There are circumstances where it might
+be helpful to distinguish this case from other cases in which there is no
+match.
+.P
+Consider, for example, an application where a human is required to type in data
+for a field with specific formatting requirements. An example might be a date
+in the form \fIddmmmyy\fP, defined by this pattern:
+.sp
+  ^\ed?\ed(jan|feb|mar|apr|may|jun|jul|aug|sep|oct|nov|dec)\ed\ed$
+.sp
+If the application sees the user's keystrokes one by one, and can check that
+what has been typed so far is potentially valid, it is able to raise an error
+as soon as a mistake is made, by beeping and not reflecting the character that
+has been typed, for example. This immediate feedback is likely to be a better
+user interface than a check that is delayed until the entire string has been
+entered. Partial matching can also be useful when the subject string is very
+long and is not all available at once.
+.P
+PCRE supports partial matching by means of the PCRE_PARTIAL_SOFT and
+PCRE_PARTIAL_HARD options, which can be set when calling any of the matching
+functions. For backwards compatibility, PCRE_PARTIAL is a synonym for
+PCRE_PARTIAL_SOFT. The essential difference between the two options is whether
+or not a partial match is preferred to an alternative complete match, though
+the details differ between the two types of matching function. If both options
+are set, PCRE_PARTIAL_HARD takes precedence.
+.P
+If you want to use partial matching with just-in-time optimized code, you must
+call \fBpcre_study()\fP, \fBpcre16_study()\fP or  \fBpcre32_study()\fP with one
+or both of these options:
+.sp
+  PCRE_STUDY_JIT_PARTIAL_SOFT_COMPILE
+  PCRE_STUDY_JIT_PARTIAL_HARD_COMPILE
+.sp
+PCRE_STUDY_JIT_COMPILE should also be set if you are going to run non-partial
+matches on the same pattern. If the appropriate JIT study mode has not been set
+for a match, the interpretive matching code is used.
+.P
+Setting a partial matching option disables two of PCRE's standard
+optimizations. PCRE remembers the last literal data unit in a pattern, and
+abandons matching immediately if it is not present in the subject string. This
+optimization cannot be used for a subject string that might match only
+partially. If the pattern was studied, PCRE knows the minimum length of a
+matching string, and does not bother to run the matching function on shorter
+strings. This optimization is also disabled for partial matching.
+.
+.
+.SH "PARTIAL MATCHING USING pcre_exec() OR pcre[16|32]_exec()"
+.rs
+.sp
+A partial match occurs during a call to \fBpcre_exec()\fP or
+\fBpcre[16|32]_exec()\fP when the end of the subject string is reached
+successfully, but matching cannot continue because more characters are needed.
+However, at least one character in the subject must have been inspected. This
+character need not form part of the final matched string; lookbehind assertions
+and the \eK escape sequence provide ways of inspecting characters before the
+start of a matched substring. The requirement for inspecting at least one
+character exists because an empty string can always be matched; without such a
+restriction there would always be a partial match of an empty string at the end
+of the subject.
+.P
+If there are at least two slots in the offsets vector when a partial match is
+returned, the first slot is set to the offset of the earliest character that
+was inspected. For convenience, the second offset points to the end of the
+subject so that a substring can easily be identified. If there are at least
+three slots in the offsets vector, the third slot is set to the offset of the
+character where matching started.
+.P
+For the majority of patterns, the contents of the first and third slots will be
+the same. However, for patterns that contain lookbehind assertions, or begin
+with \eb or \eB, characters before the one where matching started may have been
+inspected while carrying out the match. For example, consider this pattern:
+.sp
+  /(?<=abc)123/
+.sp
+This pattern matches "123", but only if it is preceded by "abc". If the subject
+string is "xyzabc12", the first two offsets after a partial match are for the
+substring "abc12", because all these characters were inspected. However, the
+third offset is set to 6, because that is the offset where matching began.
+.P
+What happens when a partial match is identified depends on which of the two
+partial matching options are set.
+.
+.
+.SS "PCRE_PARTIAL_SOFT WITH pcre_exec() OR pcre[16|32]_exec()"
+.rs
+.sp
+If PCRE_PARTIAL_SOFT is set when \fBpcre_exec()\fP or \fBpcre[16|32]_exec()\fP
+identifies a partial match, the partial match is remembered, but matching
+continues as normal, and other alternatives in the pattern are tried. If no
+complete match can be found, PCRE_ERROR_PARTIAL is returned instead of
+PCRE_ERROR_NOMATCH.
+.P
+This option is "soft" because it prefers a complete match over a partial match.
+All the various matching items in a pattern behave as if the subject string is
+potentially complete. For example, \ez, \eZ, and $ match at the end of the
+subject, as normal, and for \eb and \eB the end of the subject is treated as a
+non-alphanumeric.
+.P
+If there is more than one partial match, the first one that was found provides
+the data that is returned. Consider this pattern:
+.sp
+  /123\ew+X|dogY/
+.sp
+If this is matched against the subject string "abc123dog", both
+alternatives fail to match, but the end of the subject is reached during
+matching, so PCRE_ERROR_PARTIAL is returned. The offsets are set to 3 and 9,
+identifying "123dog" as the first partial match that was found. (In this
+example, there are two partial matches, because "dog" on its own partially
+matches the second alternative.)
+.
+.
+.SS "PCRE_PARTIAL_HARD WITH pcre_exec() OR pcre[16|32]_exec()"
+.rs
+.sp
+If PCRE_PARTIAL_HARD is set for \fBpcre_exec()\fP or \fBpcre[16|32]_exec()\fP,
+PCRE_ERROR_PARTIAL is returned as soon as a partial match is found, without
+continuing to search for possible complete matches. This option is "hard"
+because it prefers an earlier partial match over a later complete match. For
+this reason, the assumption is made that the end of the supplied subject string
+may not be the true end of the available data, and so, if \ez, \eZ, \eb, \eB,
+or $ are encountered at the end of the subject, the result is
+PCRE_ERROR_PARTIAL, provided that at least one character in the subject has
+been inspected.
+.P
+Setting PCRE_PARTIAL_HARD also affects the way UTF-8 and UTF-16
+subject strings are checked for validity. Normally, an invalid sequence
+causes the error PCRE_ERROR_BADUTF8 or PCRE_ERROR_BADUTF16. However, in the
+special case of a truncated character at the end of the subject,
+PCRE_ERROR_SHORTUTF8 or PCRE_ERROR_SHORTUTF16 is returned when
+PCRE_PARTIAL_HARD is set.
+.
+.
+.SS "Comparing hard and soft partial matching"
+.rs
+.sp
+The difference between the two partial matching options can be illustrated by a
+pattern such as:
+.sp
+  /dog(sbody)?/
+.sp
+This matches either "dog" or "dogsbody", greedily (that is, it prefers the
+longer string if possible). If it is matched against the string "dog" with
+PCRE_PARTIAL_SOFT, it yields a complete match for "dog". However, if
+PCRE_PARTIAL_HARD is set, the result is PCRE_ERROR_PARTIAL. On the other hand,
+if the pattern is made ungreedy the result is different:
+.sp
+  /dog(sbody)??/
+.sp
+In this case the result is always a complete match because that is found first,
+and matching never continues after finding a complete match. It might be easier
+to follow this explanation by thinking of the two patterns like this:
+.sp
+  /dog(sbody)?/    is the same as  /dogsbody|dog/
+  /dog(sbody)??/   is the same as  /dog|dogsbody/
+.sp
+The second pattern will never match "dogsbody", because it will always find the
+shorter match first.
+.
+.
+.SH "PARTIAL MATCHING USING pcre_dfa_exec() OR pcre[16|32]_dfa_exec()"
+.rs
+.sp
+The DFA functions move along the subject string character by character, without
+backtracking, searching for all possible matches simultaneously. If the end of
+the subject is reached before the end of the pattern, there is the possibility
+of a partial match, again provided that at least one character has been
+inspected.
+.P
+When PCRE_PARTIAL_SOFT is set, PCRE_ERROR_PARTIAL is returned only if there
+have been no complete matches. Otherwise, the complete matches are returned.
+However, if PCRE_PARTIAL_HARD is set, a partial match takes precedence over any
+complete matches. The portion of the string that was inspected when the longest
+partial match was found is set as the first matching string, provided there are
+at least two slots in the offsets vector.
+.P
+Because the DFA functions always search for all possible matches, and there is
+no difference between greedy and ungreedy repetition, their behaviour is
+different from the standard functions when PCRE_PARTIAL_HARD is set. Consider
+the string "dog" matched against the ungreedy pattern shown above:
+.sp
+  /dog(sbody)??/
+.sp
+Whereas the standard functions stop as soon as they find the complete match for
+"dog", the DFA functions also find the partial match for "dogsbody", and so
+return that when PCRE_PARTIAL_HARD is set.
+.
+.
+.SH "PARTIAL MATCHING AND WORD BOUNDARIES"
+.rs
+.sp
+If a pattern ends with one of sequences \eb or \eB, which test for word
+boundaries, partial matching with PCRE_PARTIAL_SOFT can give counter-intuitive
+results. Consider this pattern:
+.sp
+  /\ebcat\eb/
+.sp
+This matches "cat", provided there is a word boundary at either end. If the
+subject string is "the cat", the comparison of the final "t" with a following
+character cannot take place, so a partial match is found. However, normal
+matching carries on, and \eb matches at the end of the subject when the last
+character is a letter, so a complete match is found. The result, therefore, is
+\fInot\fP PCRE_ERROR_PARTIAL. Using PCRE_PARTIAL_HARD in this case does yield
+PCRE_ERROR_PARTIAL, because then the partial match takes precedence.
+.
+.
+.SH "FORMERLY RESTRICTED PATTERNS"
+.rs
+.sp
+For releases of PCRE prior to 8.00, because of the way certain internal
+optimizations were implemented in the \fBpcre_exec()\fP function, the
+PCRE_PARTIAL option (predecessor of PCRE_PARTIAL_SOFT) could not be used with
+all patterns. From release 8.00 onwards, the restrictions no longer apply, and
+partial matching with can be requested for any pattern.
+.P
+Items that were formerly restricted were repeated single characters and
+repeated metasequences. If PCRE_PARTIAL was set for a pattern that did not
+conform to the restrictions, \fBpcre_exec()\fP returned the error code
+PCRE_ERROR_BADPARTIAL (-13). This error code is no longer in use. The
+PCRE_INFO_OKPARTIAL call to \fBpcre_fullinfo()\fP to find out if a compiled
+pattern can be used for partial matching now always returns 1.
+.
+.
+.SH "EXAMPLE OF PARTIAL MATCHING USING PCRETEST"
+.rs
+.sp
+If the escape sequence \eP is present in a \fBpcretest\fP data line, the
+PCRE_PARTIAL_SOFT option is used for the match. Here is a run of \fBpcretest\fP
+that uses the date example quoted above:
+.sp
+    re> /^\ed?\ed(jan|feb|mar|apr|may|jun|jul|aug|sep|oct|nov|dec)\ed\ed$/
+  data> 25jun04\eP
+   0: 25jun04
+   1: jun
+  data> 25dec3\eP
+  Partial match: 23dec3
+  data> 3ju\eP
+  Partial match: 3ju
+  data> 3juj\eP
+  No match
+  data> j\eP
+  No match
+.sp
+The first data string is matched completely, so \fBpcretest\fP shows the
+matched substrings. The remaining four strings do not match the complete
+pattern, but the first two are partial matches. Similar output is obtained
+if DFA matching is used.
+.P
+If the escape sequence \eP is present more than once in a \fBpcretest\fP data
+line, the PCRE_PARTIAL_HARD option is set for the match.
+.
+.
+.SH "MULTI-SEGMENT MATCHING WITH pcre_dfa_exec() OR pcre[16|32]_dfa_exec()"
+.rs
+.sp
+When a partial match has been found using a DFA matching function, it is
+possible to continue the match by providing additional subject data and calling
+the function again with the same compiled regular expression, this time setting
+the PCRE_DFA_RESTART option. You must pass the same working space as before,
+because this is where details of the previous partial match are stored. Here is
+an example using \fBpcretest\fP, using the \eR escape sequence to set the
+PCRE_DFA_RESTART option (\eD specifies the use of the DFA matching function):
+.sp
+    re> /^\ed?\ed(jan|feb|mar|apr|may|jun|jul|aug|sep|oct|nov|dec)\ed\ed$/
+  data> 23ja\eP\eD
+  Partial match: 23ja
+  data> n05\eR\eD
+   0: n05
+.sp
+The first call has "23ja" as the subject, and requests partial matching; the
+second call has "n05" as the subject for the continued (restarted) match.
+Notice that when the match is complete, only the last part is shown; PCRE does
+not retain the previously partially-matched string. It is up to the calling
+program to do that if it needs to.
+.P
+That means that, for an unanchored pattern, if a continued match fails, it is
+not possible to try again at a new starting point. All this facility is capable
+of doing is continuing with the previous match attempt. In the previous
+example, if the second set of data is "ug23" the result is no match, even
+though there would be a match for "aug23" if the entire string were given at
+once. Depending on the application, this may or may not be what you want.
+The only way to allow for starting again at the next character is to retain the
+matched part of the subject and try a new complete match.
+.P
+You can set the PCRE_PARTIAL_SOFT or PCRE_PARTIAL_HARD options with
+PCRE_DFA_RESTART to continue partial matching over multiple segments. This
+facility can be used to pass very long subject strings to the DFA matching
+functions.
+.
+.
+.SH "MULTI-SEGMENT MATCHING WITH pcre_exec() OR pcre[16|32]_exec()"
+.rs
+.sp
+From release 8.00, the standard matching functions can also be used to do
+multi-segment matching. Unlike the DFA functions, it is not possible to
+restart the previous match with a new segment of data. Instead, new data must
+be added to the previous subject string, and the entire match re-run, starting
+from the point where the partial match occurred. Earlier data can be discarded.
+.P
+It is best to use PCRE_PARTIAL_HARD in this situation, because it does not
+treat the end of a segment as the end of the subject when matching \ez, \eZ,
+\eb, \eB, and $. Consider an unanchored pattern that matches dates:
+.sp
+    re> /\ed?\ed(jan|feb|mar|apr|may|jun|jul|aug|sep|oct|nov|dec)\ed\ed/
+  data> The date is 23ja\eP\eP
+  Partial match: 23ja
+.sp
+At this stage, an application could discard the text preceding "23ja", add on
+text from the next segment, and call the matching function again. Unlike the
+DFA matching functions, the entire matching string must always be available,
+and the complete matching process occurs for each call, so more memory and more
+processing time is needed.
+.P
+\fBNote:\fP If the pattern contains lookbehind assertions, or \eK, or starts
+with \eb or \eB, the string that is returned for a partial match includes
+characters that precede the start of what would be returned for a complete
+match, because it contains all the characters that were inspected during the
+partial match.
+.
+.
+.SH "ISSUES WITH MULTI-SEGMENT MATCHING"
+.rs
+.sp
+Certain types of pattern may give problems with multi-segment matching,
+whichever matching function is used.
+.P
+1. If the pattern contains a test for the beginning of a line, you need to pass
+the PCRE_NOTBOL option when the subject string for any call does start at the
+beginning of a line. There is also a PCRE_NOTEOL option, but in practice when
+doing multi-segment matching you should be using PCRE_PARTIAL_HARD, which
+includes the effect of PCRE_NOTEOL.
+.P
+2. Lookbehind assertions that have already been obeyed are catered for in the
+offsets that are returned for a partial match. However a lookbehind assertion
+later in the pattern could require even earlier characters to be inspected. You
+can handle this case by using the PCRE_INFO_MAXLOOKBEHIND option of the
+\fBpcre_fullinfo()\fP or \fBpcre[16|32]_fullinfo()\fP functions to obtain the
+length of the longest lookbehind in the pattern. This length is given in
+characters, not bytes. If you always retain at least that many characters
+before the partially matched string, all should be well. (Of course, near the
+start of the subject, fewer characters may be present; in that case all
+characters should be retained.)
+.P
+From release 8.33, there is a more accurate way of deciding which characters to
+retain. Instead of subtracting the length of the longest lookbehind from the
+earliest inspected character (\fIoffsets[0]\fP), the match start position
+(\fIoffsets[2]\fP) should be used, and the next match attempt started at the
+\fIoffsets[2]\fP character by setting the \fIstartoffset\fP argument of
+\fBpcre_exec()\fP or \fBpcre_dfa_exec()\fP.
+.P
+For example, if the pattern "(?<=123)abc" is partially
+matched against the string "xx123a", the three offset values returned are 2, 6,
+and 5. This indicates that the matching process that gave a partial match
+started at offset 5, but the characters "123a" were all inspected. The maximum
+lookbehind for that pattern is 3, so taking that away from 5 shows that we need
+only keep "123a", and the next match attempt can be started at offset 3 (that
+is, at "a") when further characters have been added. When the match start is
+not the earliest inspected character, \fBpcretest\fP shows it explicitly:
+.sp
+    re> "(?<=123)abc"
+  data> xx123a\eP\eP
+  Partial match at offset 5: 123a
+.P
+3. Because a partial match must always contain at least one character, what
+might be considered a partial match of an empty string actually gives a "no
+match" result. For example:
+.sp
+    re> /c(?<=abc)x/
+  data> ab\eP
+  No match
+.sp
+If the next segment begins "cx", a match should be found, but this will only
+happen if characters from the previous segment are retained. For this reason, a
+"no match" result should be interpreted as "partial match of an empty string"
+when the pattern contains lookbehinds.
+.P
+4. Matching a subject string that is split into multiple segments may not
+always produce exactly the same result as matching over one single long string,
+especially when PCRE_PARTIAL_SOFT is used. The section "Partial Matching and
+Word Boundaries" above describes an issue that arises if the pattern ends with
+\eb or \eB. Another kind of difference may occur when there are multiple
+matching possibilities, because (for PCRE_PARTIAL_SOFT) a partial match result
+is given only when there are no completed matches. This means that as soon as
+the shortest match has been found, continuation to a new subject segment is no
+longer possible. Consider again this \fBpcretest\fP example:
+.sp
+    re> /dog(sbody)?/
+  data> dogsb\eP
+   0: dog
+  data> do\eP\eD
+  Partial match: do
+  data> gsb\eR\eP\eD
+   0: g
+  data> dogsbody\eD
+   0: dogsbody
+   1: dog
+.sp
+The first data line passes the string "dogsb" to a standard matching function,
+setting the PCRE_PARTIAL_SOFT option. Although the string is a partial match
+for "dogsbody", the result is not PCRE_ERROR_PARTIAL, because the shorter
+string "dog" is a complete match. Similarly, when the subject is presented to
+a DFA matching function in several parts ("do" and "gsb" being the first two)
+the match stops when "dog" has been found, and it is not possible to continue.
+On the other hand, if "dogsbody" is presented as a single string, a DFA
+matching function finds both matches.
+.P
+Because of these problems, it is best to use PCRE_PARTIAL_HARD when matching
+multi-segment data. The example above then behaves differently:
+.sp
+    re> /dog(sbody)?/
+  data> dogsb\eP\eP
+  Partial match: dogsb
+  data> do\eP\eD
+  Partial match: do
+  data> gsb\eR\eP\eP\eD
+  Partial match: gsb
+.sp
+5. Patterns that contain alternatives at the top level which do not all start
+with the same pattern item may not work as expected when PCRE_DFA_RESTART is
+used. For example, consider this pattern:
+.sp
+  1234|3789
+.sp
+If the first part of the subject is "ABC123", a partial match of the first
+alternative is found at offset 3. There is no partial match for the second
+alternative, because such a match does not start at the same point in the
+subject string. Attempting to continue with the string "7890" does not yield a
+match because only those alternatives that match at one point in the subject
+are remembered. The problem arises because the start of the second alternative
+matches within the first alternative. There is no problem with anchored
+patterns or patterns such as:
+.sp
+  1234|ABCD
+.sp
+where no string can be a partial match for both alternatives. This is not a
+problem if a standard matching function is used, because the entire match has
+to be rerun each time:
+.sp
+    re> /1234|3789/
+  data> ABC123\eP\eP
+  Partial match: 123
+  data> 1237890
+   0: 3789
+.sp
+Of course, instead of using PCRE_DFA_RESTART, the same technique of re-running
+the entire match can also be used with the DFA matching functions. Another
+possibility is to work with two buffers. If a partial match at offset \fIn\fP
+in the first buffer is followed by "no match" when PCRE_DFA_RESTART is used on
+the second buffer, you can then try a new match starting at offset \fIn+1\fP in
+the first buffer.
+.
+.
+.SH AUTHOR
+.rs
+.sp
+.nf
+Philip Hazel
+University Computing Service
+Cambridge CB2 3QH, England.
+.fi
+.
+.
+.SH REVISION
+.rs
+.sp
+.nf
+Last updated: 02 July 2013
+Copyright (c) 1997-2013 University of Cambridge.
+.fi
diff --git a/client/3rd/ShadowSocks/ShadowSocks/pcre/armv7/share/man/man3/pcrepattern.3 b/client/3rd/ShadowSocks/ShadowSocks/pcre/armv7/share/man/man3/pcrepattern.3
new file mode 100644
index 00000000..97df217f
--- /dev/null
+++ b/client/3rd/ShadowSocks/ShadowSocks/pcre/armv7/share/man/man3/pcrepattern.3
@@ -0,0 +1,3304 @@
+.TH PCREPATTERN 3 "23 October 2016" "PCRE 8.40"
+.SH NAME
+PCRE - Perl-compatible regular expressions
+.SH "PCRE REGULAR EXPRESSION DETAILS"
+.rs
+.sp
+The syntax and semantics of the regular expressions that are supported by PCRE
+are described in detail below. There is a quick-reference syntax summary in the
+.\" HREF
+\fBpcresyntax\fP
+.\"
+page. PCRE tries to match Perl syntax and semantics as closely as it can. PCRE
+also supports some alternative regular expression syntax (which does not
+conflict with the Perl syntax) in order to provide some compatibility with
+regular expressions in Python, .NET, and Oniguruma.
+.P
+Perl's regular expressions are described in its own documentation, and
+regular expressions in general are covered in a number of books, some of which
+have copious examples. Jeffrey Friedl's "Mastering Regular Expressions",
+published by O'Reilly, covers regular expressions in great detail. This
+description of PCRE's regular expressions is intended as reference material.
+.P
+This document discusses the patterns that are supported by PCRE when one its
+main matching functions, \fBpcre_exec()\fP (8-bit) or \fBpcre[16|32]_exec()\fP
+(16- or 32-bit), is used. PCRE also has alternative matching functions,
+\fBpcre_dfa_exec()\fP and \fBpcre[16|32_dfa_exec()\fP, which match using a
+different algorithm that is not Perl-compatible. Some of the features discussed
+below are not available when DFA matching is used. The advantages and
+disadvantages of the alternative functions, and how they differ from the normal
+functions, are discussed in the
+.\" HREF
+\fBpcrematching\fP
+.\"
+page.
+.
+.
+.SH "SPECIAL START-OF-PATTERN ITEMS"
+.rs
+.sp
+A number of options that can be passed to \fBpcre_compile()\fP can also be set
+by special items at the start of a pattern. These are not Perl-compatible, but
+are provided to make these options accessible to pattern writers who are not
+able to change the program that processes the pattern. Any number of these
+items may appear, but they must all be together right at the start of the
+pattern string, and the letters must be in upper case.
+.
+.
+.SS "UTF support"
+.rs
+.sp
+The original operation of PCRE was on strings of one-byte characters. However,
+there is now also support for UTF-8 strings in the original library, an
+extra library that supports 16-bit and UTF-16 character strings, and a
+third library that supports 32-bit and UTF-32 character strings. To use these
+features, PCRE must be built to include appropriate support. When using UTF
+strings you must either call the compiling function with the PCRE_UTF8,
+PCRE_UTF16, or PCRE_UTF32 option, or the pattern must start with one of
+these special sequences:
+.sp
+  (*UTF8)
+  (*UTF16)
+  (*UTF32)
+  (*UTF)
+.sp
+(*UTF) is a generic sequence that can be used with any of the libraries.
+Starting a pattern with such a sequence is equivalent to setting the relevant
+option. How setting a UTF mode affects pattern matching is mentioned in several
+places below. There is also a summary of features in the
+.\" HREF
+\fBpcreunicode\fP
+.\"
+page.
+.P
+Some applications that allow their users to supply patterns may wish to
+restrict them to non-UTF data for security reasons. If the PCRE_NEVER_UTF
+option is set at compile time, (*UTF) etc. are not allowed, and their
+appearance causes an error.
+.
+.
+.SS "Unicode property support"
+.rs
+.sp
+Another special sequence that may appear at the start of a pattern is (*UCP).
+This has the same effect as setting the PCRE_UCP option: it causes sequences
+such as \ed and \ew to use Unicode properties to determine character types,
+instead of recognizing only characters with codes less than 128 via a lookup
+table.
+.
+.
+.SS "Disabling auto-possessification"
+.rs
+.sp
+If a pattern starts with (*NO_AUTO_POSSESS), it has the same effect as setting
+the PCRE_NO_AUTO_POSSESS option at compile time. This stops PCRE from making
+quantifiers possessive when what follows cannot match the repeated item. For
+example, by default a+b is treated as a++b. For more details, see the
+.\" HREF
+\fBpcreapi\fP
+.\"
+documentation.
+.
+.
+.SS "Disabling start-up optimizations"
+.rs
+.sp
+If a pattern starts with (*NO_START_OPT), it has the same effect as setting the
+PCRE_NO_START_OPTIMIZE option either at compile or matching time. This disables
+several optimizations for quickly reaching "no match" results. For more
+details, see the
+.\" HREF
+\fBpcreapi\fP
+.\"
+documentation.
+.
+.
+.\" HTML <a name="newlines"></a>
+.SS "Newline conventions"
+.rs
+.sp
+PCRE supports five different conventions for indicating line breaks in
+strings: a single CR (carriage return) character, a single LF (linefeed)
+character, the two-character sequence CRLF, any of the three preceding, or any
+Unicode newline sequence. The
+.\" HREF
+\fBpcreapi\fP
+.\"
+page has
+.\" HTML <a href="pcreapi.html#newlines">
+.\" </a>
+further discussion
+.\"
+about newlines, and shows how to set the newline convention in the
+\fIoptions\fP arguments for the compiling and matching functions.
+.P
+It is also possible to specify a newline convention by starting a pattern
+string with one of the following five sequences:
+.sp
+  (*CR)        carriage return
+  (*LF)        linefeed
+  (*CRLF)      carriage return, followed by linefeed
+  (*ANYCRLF)   any of the three above
+  (*ANY)       all Unicode newline sequences
+.sp
+These override the default and the options given to the compiling function. For
+example, on a Unix system where LF is the default newline sequence, the pattern
+.sp
+  (*CR)a.b
+.sp
+changes the convention to CR. That pattern matches "a\enb" because LF is no
+longer a newline. If more than one of these settings is present, the last one
+is used.
+.P
+The newline convention affects where the circumflex and dollar assertions are
+true. It also affects the interpretation of the dot metacharacter when
+PCRE_DOTALL is not set, and the behaviour of \eN. However, it does not affect
+what the \eR escape sequence matches. By default, this is any Unicode newline
+sequence, for Perl compatibility. However, this can be changed; see the
+description of \eR in the section entitled
+.\" HTML <a href="#newlineseq">
+.\" </a>
+"Newline sequences"
+.\"
+below. A change of \eR setting can be combined with a change of newline
+convention.
+.
+.
+.SS "Setting match and recursion limits"
+.rs
+.sp
+The caller of \fBpcre_exec()\fP can set a limit on the number of times the
+internal \fBmatch()\fP function is called and on the maximum depth of
+recursive calls. These facilities are provided to catch runaway matches that
+are provoked by patterns with huge matching trees (a typical example is a
+pattern with nested unlimited repeats) and to avoid running out of system stack
+by too much recursion. When one of these limits is reached, \fBpcre_exec()\fP
+gives an error return. The limits can also be set by items at the start of the
+pattern of the form
+.sp
+  (*LIMIT_MATCH=d)
+  (*LIMIT_RECURSION=d)
+.sp
+where d is any number of decimal digits. However, the value of the setting must
+be less than the value set (or defaulted) by the caller of \fBpcre_exec()\fP
+for it to have any effect. In other words, the pattern writer can lower the
+limits set by the programmer, but not raise them. If there is more than one
+setting of one of these limits, the lower value is used.
+.
+.
+.SH "EBCDIC CHARACTER CODES"
+.rs
+.sp
+PCRE can be compiled to run in an environment that uses EBCDIC as its character
+code rather than ASCII or Unicode (typically a mainframe system). In the
+sections below, character code values are ASCII or Unicode; in an EBCDIC
+environment these characters may have different code values, and there are no
+code points greater than 255.
+.
+.
+.SH "CHARACTERS AND METACHARACTERS"
+.rs
+.sp
+A regular expression is a pattern that is matched against a subject string from
+left to right. Most characters stand for themselves in a pattern, and match the
+corresponding characters in the subject. As a trivial example, the pattern
+.sp
+  The quick brown fox
+.sp
+matches a portion of a subject string that is identical to itself. When
+caseless matching is specified (the PCRE_CASELESS option), letters are matched
+independently of case. In a UTF mode, PCRE always understands the concept of
+case for characters whose values are less than 128, so caseless matching is
+always possible. For characters with higher values, the concept of case is
+supported if PCRE is compiled with Unicode property support, but not otherwise.
+If you want to use caseless matching for characters 128 and above, you must
+ensure that PCRE is compiled with Unicode property support as well as with
+UTF support.
+.P
+The power of regular expressions comes from the ability to include alternatives
+and repetitions in the pattern. These are encoded in the pattern by the use of
+\fImetacharacters\fP, which do not stand for themselves but instead are
+interpreted in some special way.
+.P
+There are two different sets of metacharacters: those that are recognized
+anywhere in the pattern except within square brackets, and those that are
+recognized within square brackets. Outside square brackets, the metacharacters
+are as follows:
+.sp
+  \e      general escape character with several uses
+  ^      assert start of string (or line, in multiline mode)
+  $      assert end of string (or line, in multiline mode)
+  .      match any character except newline (by default)
+  [      start character class definition
+  |      start of alternative branch
+  (      start subpattern
+  )      end subpattern
+  ?      extends the meaning of (
+         also 0 or 1 quantifier
+         also quantifier minimizer
+  *      0 or more quantifier
+  +      1 or more quantifier
+         also "possessive quantifier"
+  {      start min/max quantifier
+.sp
+Part of a pattern that is in square brackets is called a "character class". In
+a character class the only metacharacters are:
+.sp
+  \e      general escape character
+  ^      negate the class, but only if the first character
+  -      indicates character range
+.\" JOIN
+  [      POSIX character class (only if followed by POSIX
+           syntax)
+  ]      terminates the character class
+.sp
+The following sections describe the use of each of the metacharacters.
+.
+.
+.SH BACKSLASH
+.rs
+.sp
+The backslash character has several uses. Firstly, if it is followed by a
+character that is not a number or a letter, it takes away any special meaning
+that character may have. This use of backslash as an escape character applies
+both inside and outside character classes.
+.P
+For example, if you want to match a * character, you write \e* in the pattern.
+This escaping action applies whether or not the following character would
+otherwise be interpreted as a metacharacter, so it is always safe to precede a
+non-alphanumeric with backslash to specify that it stands for itself. In
+particular, if you want to match a backslash, you write \e\e.
+.P
+In a UTF mode, only ASCII numbers and letters have any special meaning after a
+backslash. All other characters (in particular, those whose codepoints are
+greater than 127) are treated as literals.
+.P
+If a pattern is compiled with the PCRE_EXTENDED option, most white space in the
+pattern (other than in a character class), and characters between a # outside a
+character class and the next newline, inclusive, are ignored. An escaping
+backslash can be used to include a white space or # character as part of the
+pattern.
+.P
+If you want to remove the special meaning from a sequence of characters, you
+can do so by putting them between \eQ and \eE. This is different from Perl in
+that $ and @ are handled as literals in \eQ...\eE sequences in PCRE, whereas in
+Perl, $ and @ cause variable interpolation. Note the following examples:
+.sp
+  Pattern            PCRE matches   Perl matches
+.sp
+.\" JOIN
+  \eQabc$xyz\eE        abc$xyz        abc followed by the
+                                      contents of $xyz
+  \eQabc\e$xyz\eE       abc\e$xyz       abc\e$xyz
+  \eQabc\eE\e$\eQxyz\eE   abc$xyz        abc$xyz
+.sp
+The \eQ...\eE sequence is recognized both inside and outside character classes.
+An isolated \eE that is not preceded by \eQ is ignored. If \eQ is not followed
+by \eE later in the pattern, the literal interpretation continues to the end of
+the pattern (that is, \eE is assumed at the end). If the isolated \eQ is inside
+a character class, this causes an error, because the character class is not
+terminated.
+.
+.
+.\" HTML <a name="digitsafterbackslash"></a>
+.SS "Non-printing characters"
+.rs
+.sp
+A second use of backslash provides a way of encoding non-printing characters
+in patterns in a visible manner. There is no restriction on the appearance of
+non-printing characters, apart from the binary zero that terminates a pattern,
+but when a pattern is being prepared by text editing, it is often easier to use
+one of the following escape sequences than the binary character it represents.
+In an ASCII or Unicode environment, these escapes are as follows:
+.sp
+  \ea        alarm, that is, the BEL character (hex 07)
+  \ecx       "control-x", where x is any ASCII character
+  \ee        escape (hex 1B)
+  \ef        form feed (hex 0C)
+  \en        linefeed (hex 0A)
+  \er        carriage return (hex 0D)
+  \et        tab (hex 09)
+  \e0dd      character with octal code 0dd
+  \eddd      character with octal code ddd, or back reference
+  \eo{ddd..} character with octal code ddd..
+  \exhh      character with hex code hh
+  \ex{hhh..} character with hex code hhh.. (non-JavaScript mode)
+  \euhhhh    character with hex code hhhh (JavaScript mode only)
+.sp
+The precise effect of \ecx on ASCII characters is as follows: if x is a lower
+case letter, it is converted to upper case. Then bit 6 of the character (hex
+40) is inverted. Thus \ecA to \ecZ become hex 01 to hex 1A (A is 41, Z is 5A),
+but \ec{ becomes hex 3B ({ is 7B), and \ec; becomes hex 7B (; is 3B). If the
+data item (byte or 16-bit value) following \ec has a value greater than 127, a
+compile-time error occurs. This locks out non-ASCII characters in all modes.
+.P
+When PCRE is compiled in EBCDIC mode, \ea, \ee, \ef, \en, \er, and \et
+generate the appropriate EBCDIC code values. The \ec escape is processed
+as specified for Perl in the \fBperlebcdic\fP document. The only characters
+that are allowed after \ec are A-Z, a-z, or one of @, [, \e, ], ^, _, or ?. Any
+other character provokes a compile-time error. The sequence \ec@ encodes
+character code 0; after \ec the letters (in either case) encode characters 1-26
+(hex 01 to hex 1A); [, \e, ], ^, and _ encode characters 27-31 (hex 1B to hex
+1F), and \ec? becomes either 255 (hex FF) or 95 (hex 5F).
+.P
+Thus, apart from \ec?, these escapes generate the same character code values as
+they do in an ASCII environment, though the meanings of the values mostly
+differ. For example, \ecG always generates code value 7, which is BEL in ASCII
+but DEL in EBCDIC.
+.P
+The sequence \ec? generates DEL (127, hex 7F) in an ASCII environment, but
+because 127 is not a control character in EBCDIC, Perl makes it generate the
+APC character. Unfortunately, there are several variants of EBCDIC. In most of
+them the APC character has the value 255 (hex FF), but in the one Perl calls
+POSIX-BC its value is 95 (hex 5F). If certain other characters have POSIX-BC
+values, PCRE makes \ec? generate 95; otherwise it generates 255.
+.P
+After \e0 up to two further octal digits are read. If there are fewer than two
+digits, just those that are present are used. Thus the sequence \e0\ex\e015
+specifies two binary zeros followed by a CR character (code value 13). Make
+sure you supply two digits after the initial zero if the pattern character that
+follows is itself an octal digit.
+.P
+The escape \eo must be followed by a sequence of octal digits, enclosed in
+braces. An error occurs if this is not the case. This escape is a recent
+addition to Perl; it provides way of specifying character code points as octal
+numbers greater than 0777, and it also allows octal numbers and back references
+to be unambiguously specified.
+.P
+For greater clarity and unambiguity, it is best to avoid following \e by a
+digit greater than zero. Instead, use \eo{} or \ex{} to specify character
+numbers, and \eg{} to specify back references. The following paragraphs
+describe the old, ambiguous syntax.
+.P
+The handling of a backslash followed by a digit other than 0 is complicated,
+and Perl has changed in recent releases, causing PCRE also to change. Outside a
+character class, PCRE reads the digit and any following digits as a decimal
+number. If the number is less than 8, or if there have been at least that many
+previous capturing left parentheses in the expression, the entire sequence is
+taken as a \fIback reference\fP. A description of how this works is given
+.\" HTML <a href="#backreferences">
+.\" </a>
+later,
+.\"
+following the discussion of
+.\" HTML <a href="#subpattern">
+.\" </a>
+parenthesized subpatterns.
+.\"
+.P
+Inside a character class, or if the decimal number following \e is greater than
+7 and there have not been that many capturing subpatterns, PCRE handles \e8 and
+\e9 as the literal characters "8" and "9", and otherwise re-reads up to three
+octal digits following the backslash, using them to generate a data character.
+Any subsequent digits stand for themselves. For example:
+.sp
+  \e040   is another way of writing an ASCII space
+.\" JOIN
+  \e40    is the same, provided there are fewer than 40
+            previous capturing subpatterns
+  \e7     is always a back reference
+.\" JOIN
+  \e11    might be a back reference, or another way of
+            writing a tab
+  \e011   is always a tab
+  \e0113  is a tab followed by the character "3"
+.\" JOIN
+  \e113   might be a back reference, otherwise the
+            character with octal code 113
+.\" JOIN
+  \e377   might be a back reference, otherwise
+            the value 255 (decimal)
+.\" JOIN
+  \e81    is either a back reference, or the two
+            characters "8" and "1"
+.sp
+Note that octal values of 100 or greater that are specified using this syntax
+must not be introduced by a leading zero, because no more than three octal
+digits are ever read.
+.P
+By default, after \ex that is not followed by {, from zero to two hexadecimal
+digits are read (letters can be in upper or lower case). Any number of
+hexadecimal digits may appear between \ex{ and }. If a character other than
+a hexadecimal digit appears between \ex{ and }, or if there is no terminating
+}, an error occurs.
+.P
+If the PCRE_JAVASCRIPT_COMPAT option is set, the interpretation of \ex is
+as just described only when it is followed by two hexadecimal digits.
+Otherwise, it matches a literal "x" character. In JavaScript mode, support for
+code points greater than 256 is provided by \eu, which must be followed by
+four hexadecimal digits; otherwise it matches a literal "u" character.
+.P
+Characters whose value is less than 256 can be defined by either of the two
+syntaxes for \ex (or by \eu in JavaScript mode). There is no difference in the
+way they are handled. For example, \exdc is exactly the same as \ex{dc} (or
+\eu00dc in JavaScript mode).
+.
+.
+.SS "Constraints on character values"
+.rs
+.sp
+Characters that are specified using octal or hexadecimal numbers are
+limited to certain values, as follows:
+.sp
+  8-bit non-UTF mode    less than 0x100
+  8-bit UTF-8 mode      less than 0x10ffff and a valid codepoint
+  16-bit non-UTF mode   less than 0x10000
+  16-bit UTF-16 mode    less than 0x10ffff and a valid codepoint
+  32-bit non-UTF mode   less than 0x100000000
+  32-bit UTF-32 mode    less than 0x10ffff and a valid codepoint
+.sp
+Invalid Unicode codepoints are the range 0xd800 to 0xdfff (the so-called
+"surrogate" codepoints), and 0xffef.
+.
+.
+.SS "Escape sequences in character classes"
+.rs
+.sp
+All the sequences that define a single character value can be used both inside
+and outside character classes. In addition, inside a character class, \eb is
+interpreted as the backspace character (hex 08).
+.P
+\eN is not allowed in a character class. \eB, \eR, and \eX are not special
+inside a character class. Like other unrecognized escape sequences, they are
+treated as the literal characters "B", "R", and "X" by default, but cause an
+error if the PCRE_EXTRA option is set. Outside a character class, these
+sequences have different meanings.
+.
+.
+.SS "Unsupported escape sequences"
+.rs
+.sp
+In Perl, the sequences \el, \eL, \eu, and \eU are recognized by its string
+handler and used to modify the case of following characters. By default, PCRE
+does not support these escape sequences. However, if the PCRE_JAVASCRIPT_COMPAT
+option is set, \eU matches a "U" character, and \eu can be used to define a
+character by code point, as described in the previous section.
+.
+.
+.SS "Absolute and relative back references"
+.rs
+.sp
+The sequence \eg followed by an unsigned or a negative number, optionally
+enclosed in braces, is an absolute or relative back reference. A named back
+reference can be coded as \eg{name}. Back references are discussed
+.\" HTML <a href="#backreferences">
+.\" </a>
+later,
+.\"
+following the discussion of
+.\" HTML <a href="#subpattern">
+.\" </a>
+parenthesized subpatterns.
+.\"
+.
+.
+.SS "Absolute and relative subroutine calls"
+.rs
+.sp
+For compatibility with Oniguruma, the non-Perl syntax \eg followed by a name or
+a number enclosed either in angle brackets or single quotes, is an alternative
+syntax for referencing a subpattern as a "subroutine". Details are discussed
+.\" HTML <a href="#onigurumasubroutines">
+.\" </a>
+later.
+.\"
+Note that \eg{...} (Perl syntax) and \eg<...> (Oniguruma syntax) are \fInot\fP
+synonymous. The former is a back reference; the latter is a
+.\" HTML <a href="#subpatternsassubroutines">
+.\" </a>
+subroutine
+.\"
+call.
+.
+.
+.\" HTML <a name="genericchartypes"></a>
+.SS "Generic character types"
+.rs
+.sp
+Another use of backslash is for specifying generic character types:
+.sp
+  \ed     any decimal digit
+  \eD     any character that is not a decimal digit
+  \eh     any horizontal white space character
+  \eH     any character that is not a horizontal white space character
+  \es     any white space character
+  \eS     any character that is not a white space character
+  \ev     any vertical white space character
+  \eV     any character that is not a vertical white space character
+  \ew     any "word" character
+  \eW     any "non-word" character
+.sp
+There is also the single sequence \eN, which matches a non-newline character.
+This is the same as
+.\" HTML <a href="#fullstopdot">
+.\" </a>
+the "." metacharacter
+.\"
+when PCRE_DOTALL is not set. Perl also uses \eN to match characters by name;
+PCRE does not support this.
+.P
+Each pair of lower and upper case escape sequences partitions the complete set
+of characters into two disjoint sets. Any given character matches one, and only
+one, of each pair. The sequences can appear both inside and outside character
+classes. They each match one character of the appropriate type. If the current
+matching point is at the end of the subject string, all of them fail, because
+there is no character to match.
+.P
+For compatibility with Perl, \es did not used to match the VT character (code
+11), which made it different from the the POSIX "space" class. However, Perl
+added VT at release 5.18, and PCRE followed suit at release 8.34. The default
+\es characters are now HT (9), LF (10), VT (11), FF (12), CR (13), and space
+(32), which are defined as white space in the "C" locale. This list may vary if
+locale-specific matching is taking place. For example, in some locales the
+"non-breaking space" character (\exA0) is recognized as white space, and in
+others the VT character is not.
+.P
+A "word" character is an underscore or any character that is a letter or digit.
+By default, the definition of letters and digits is controlled by PCRE's
+low-valued character tables, and may vary if locale-specific matching is taking
+place (see
+.\" HTML <a href="pcreapi.html#localesupport">
+.\" </a>
+"Locale support"
+.\"
+in the
+.\" HREF
+\fBpcreapi\fP
+.\"
+page). For example, in a French locale such as "fr_FR" in Unix-like systems,
+or "french" in Windows, some character codes greater than 127 are used for
+accented letters, and these are then matched by \ew. The use of locales with
+Unicode is discouraged.
+.P
+By default, characters whose code points are greater than 127 never match \ed,
+\es, or \ew, and always match \eD, \eS, and \eW, although this may vary for
+characters in the range 128-255 when locale-specific matching is happening.
+These escape sequences retain their original meanings from before Unicode
+support was available, mainly for efficiency reasons. If PCRE is compiled with
+Unicode property support, and the PCRE_UCP option is set, the behaviour is
+changed so that Unicode properties are used to determine character types, as
+follows:
+.sp
+  \ed  any character that matches \ep{Nd} (decimal digit)
+  \es  any character that matches \ep{Z} or \eh or \ev
+  \ew  any character that matches \ep{L} or \ep{N}, plus underscore
+.sp
+The upper case escapes match the inverse sets of characters. Note that \ed
+matches only decimal digits, whereas \ew matches any Unicode digit, as well as
+any Unicode letter, and underscore. Note also that PCRE_UCP affects \eb, and
+\eB because they are defined in terms of \ew and \eW. Matching these sequences
+is noticeably slower when PCRE_UCP is set.
+.P
+The sequences \eh, \eH, \ev, and \eV are features that were added to Perl at
+release 5.10. In contrast to the other sequences, which match only ASCII
+characters by default, these always match certain high-valued code points,
+whether or not PCRE_UCP is set. The horizontal space characters are:
+.sp
+  U+0009     Horizontal tab (HT)
+  U+0020     Space
+  U+00A0     Non-break space
+  U+1680     Ogham space mark
+  U+180E     Mongolian vowel separator
+  U+2000     En quad
+  U+2001     Em quad
+  U+2002     En space
+  U+2003     Em space
+  U+2004     Three-per-em space
+  U+2005     Four-per-em space
+  U+2006     Six-per-em space
+  U+2007     Figure space
+  U+2008     Punctuation space
+  U+2009     Thin space
+  U+200A     Hair space
+  U+202F     Narrow no-break space
+  U+205F     Medium mathematical space
+  U+3000     Ideographic space
+.sp
+The vertical space characters are:
+.sp
+  U+000A     Linefeed (LF)
+  U+000B     Vertical tab (VT)
+  U+000C     Form feed (FF)
+  U+000D     Carriage return (CR)
+  U+0085     Next line (NEL)
+  U+2028     Line separator
+  U+2029     Paragraph separator
+.sp
+In 8-bit, non-UTF-8 mode, only the characters with codepoints less than 256 are
+relevant.
+.
+.
+.\" HTML <a name="newlineseq"></a>
+.SS "Newline sequences"
+.rs
+.sp
+Outside a character class, by default, the escape sequence \eR matches any
+Unicode newline sequence. In 8-bit non-UTF-8 mode \eR is equivalent to the
+following:
+.sp
+  (?>\er\en|\en|\ex0b|\ef|\er|\ex85)
+.sp
+This is an example of an "atomic group", details of which are given
+.\" HTML <a href="#atomicgroup">
+.\" </a>
+below.
+.\"
+This particular group matches either the two-character sequence CR followed by
+LF, or one of the single characters LF (linefeed, U+000A), VT (vertical tab,
+U+000B), FF (form feed, U+000C), CR (carriage return, U+000D), or NEL (next
+line, U+0085). The two-character sequence is treated as a single unit that
+cannot be split.
+.P
+In other modes, two additional characters whose codepoints are greater than 255
+are added: LS (line separator, U+2028) and PS (paragraph separator, U+2029).
+Unicode character property support is not needed for these characters to be
+recognized.
+.P
+It is possible to restrict \eR to match only CR, LF, or CRLF (instead of the
+complete set of Unicode line endings) by setting the option PCRE_BSR_ANYCRLF
+either at compile time or when the pattern is matched. (BSR is an abbrevation
+for "backslash R".) This can be made the default when PCRE is built; if this is
+the case, the other behaviour can be requested via the PCRE_BSR_UNICODE option.
+It is also possible to specify these settings by starting a pattern string with
+one of the following sequences:
+.sp
+  (*BSR_ANYCRLF)   CR, LF, or CRLF only
+  (*BSR_UNICODE)   any Unicode newline sequence
+.sp
+These override the default and the options given to the compiling function, but
+they can themselves be overridden by options given to a matching function. Note
+that these special settings, which are not Perl-compatible, are recognized only
+at the very start of a pattern, and that they must be in upper case. If more
+than one of them is present, the last one is used. They can be combined with a
+change of newline convention; for example, a pattern can start with:
+.sp
+  (*ANY)(*BSR_ANYCRLF)
+.sp
+They can also be combined with the (*UTF8), (*UTF16), (*UTF32), (*UTF) or
+(*UCP) special sequences. Inside a character class, \eR is treated as an
+unrecognized escape sequence, and so matches the letter "R" by default, but
+causes an error if PCRE_EXTRA is set.
+.
+.
+.\" HTML <a name="uniextseq"></a>
+.SS Unicode character properties
+.rs
+.sp
+When PCRE is built with Unicode character property support, three additional
+escape sequences that match characters with specific properties are available.
+When in 8-bit non-UTF-8 mode, these sequences are of course limited to testing
+characters whose codepoints are less than 256, but they do work in this mode.
+The extra escape sequences are:
+.sp
+  \ep{\fIxx\fP}   a character with the \fIxx\fP property
+  \eP{\fIxx\fP}   a character without the \fIxx\fP property
+  \eX       a Unicode extended grapheme cluster
+.sp
+The property names represented by \fIxx\fP above are limited to the Unicode
+script names, the general category properties, "Any", which matches any
+character (including newline), and some special PCRE properties (described
+in the
+.\" HTML <a href="#extraprops">
+.\" </a>
+next section).
+.\"
+Other Perl properties such as "InMusicalSymbols" are not currently supported by
+PCRE. Note that \eP{Any} does not match any characters, so always causes a
+match failure.
+.P
+Sets of Unicode characters are defined as belonging to certain scripts. A
+character from one of these sets can be matched using a script name. For
+example:
+.sp
+  \ep{Greek}
+  \eP{Han}
+.sp
+Those that are not part of an identified script are lumped together as
+"Common". The current list of scripts is:
+.P
+Arabic,
+Armenian,
+Avestan,
+Balinese,
+Bamum,
+Bassa_Vah,
+Batak,
+Bengali,
+Bopomofo,
+Brahmi,
+Braille,
+Buginese,
+Buhid,
+Canadian_Aboriginal,
+Carian,
+Caucasian_Albanian,
+Chakma,
+Cham,
+Cherokee,
+Common,
+Coptic,
+Cuneiform,
+Cypriot,
+Cyrillic,
+Deseret,
+Devanagari,
+Duployan,
+Egyptian_Hieroglyphs,
+Elbasan,
+Ethiopic,
+Georgian,
+Glagolitic,
+Gothic,
+Grantha,
+Greek,
+Gujarati,
+Gurmukhi,
+Han,
+Hangul,
+Hanunoo,
+Hebrew,
+Hiragana,
+Imperial_Aramaic,
+Inherited,
+Inscriptional_Pahlavi,
+Inscriptional_Parthian,
+Javanese,
+Kaithi,
+Kannada,
+Katakana,
+Kayah_Li,
+Kharoshthi,
+Khmer,
+Khojki,
+Khudawadi,
+Lao,
+Latin,
+Lepcha,
+Limbu,
+Linear_A,
+Linear_B,
+Lisu,
+Lycian,
+Lydian,
+Mahajani,
+Malayalam,
+Mandaic,
+Manichaean,
+Meetei_Mayek,
+Mende_Kikakui,
+Meroitic_Cursive,
+Meroitic_Hieroglyphs,
+Miao,
+Modi,
+Mongolian,
+Mro,
+Myanmar,
+Nabataean,
+New_Tai_Lue,
+Nko,
+Ogham,
+Ol_Chiki,
+Old_Italic,
+Old_North_Arabian,
+Old_Permic,
+Old_Persian,
+Old_South_Arabian,
+Old_Turkic,
+Oriya,
+Osmanya,
+Pahawh_Hmong,
+Palmyrene,
+Pau_Cin_Hau,
+Phags_Pa,
+Phoenician,
+Psalter_Pahlavi,
+Rejang,
+Runic,
+Samaritan,
+Saurashtra,
+Sharada,
+Shavian,
+Siddham,
+Sinhala,
+Sora_Sompeng,
+Sundanese,
+Syloti_Nagri,
+Syriac,
+Tagalog,
+Tagbanwa,
+Tai_Le,
+Tai_Tham,
+Tai_Viet,
+Takri,
+Tamil,
+Telugu,
+Thaana,
+Thai,
+Tibetan,
+Tifinagh,
+Tirhuta,
+Ugaritic,
+Vai,
+Warang_Citi,
+Yi.
+.P
+Each character has exactly one Unicode general category property, specified by
+a two-letter abbreviation. For compatibility with Perl, negation can be
+specified by including a circumflex between the opening brace and the property
+name. For example, \ep{^Lu} is the same as \eP{Lu}.
+.P
+If only one letter is specified with \ep or \eP, it includes all the general
+category properties that start with that letter. In this case, in the absence
+of negation, the curly brackets in the escape sequence are optional; these two
+examples have the same effect:
+.sp
+  \ep{L}
+  \epL
+.sp
+The following general category property codes are supported:
+.sp
+  C     Other
+  Cc    Control
+  Cf    Format
+  Cn    Unassigned
+  Co    Private use
+  Cs    Surrogate
+.sp
+  L     Letter
+  Ll    Lower case letter
+  Lm    Modifier letter
+  Lo    Other letter
+  Lt    Title case letter
+  Lu    Upper case letter
+.sp
+  M     Mark
+  Mc    Spacing mark
+  Me    Enclosing mark
+  Mn    Non-spacing mark
+.sp
+  N     Number
+  Nd    Decimal number
+  Nl    Letter number
+  No    Other number
+.sp
+  P     Punctuation
+  Pc    Connector punctuation
+  Pd    Dash punctuation
+  Pe    Close punctuation
+  Pf    Final punctuation
+  Pi    Initial punctuation
+  Po    Other punctuation
+  Ps    Open punctuation
+.sp
+  S     Symbol
+  Sc    Currency symbol
+  Sk    Modifier symbol
+  Sm    Mathematical symbol
+  So    Other symbol
+.sp
+  Z     Separator
+  Zl    Line separator
+  Zp    Paragraph separator
+  Zs    Space separator
+.sp
+The special property L& is also supported: it matches a character that has
+the Lu, Ll, or Lt property, in other words, a letter that is not classified as
+a modifier or "other".
+.P
+The Cs (Surrogate) property applies only to characters in the range U+D800 to
+U+DFFF. Such characters are not valid in Unicode strings and so
+cannot be tested by PCRE, unless UTF validity checking has been turned off
+(see the discussion of PCRE_NO_UTF8_CHECK, PCRE_NO_UTF16_CHECK and
+PCRE_NO_UTF32_CHECK in the
+.\" HREF
+\fBpcreapi\fP
+.\"
+page). Perl does not support the Cs property.
+.P
+The long synonyms for property names that Perl supports (such as \ep{Letter})
+are not supported by PCRE, nor is it permitted to prefix any of these
+properties with "Is".
+.P
+No character that is in the Unicode table has the Cn (unassigned) property.
+Instead, this property is assumed for any code point that is not in the
+Unicode table.
+.P
+Specifying caseless matching does not affect these escape sequences. For
+example, \ep{Lu} always matches only upper case letters. This is different from
+the behaviour of current versions of Perl.
+.P
+Matching characters by Unicode property is not fast, because PCRE has to do a
+multistage table lookup in order to find a character's property. That is why
+the traditional escape sequences such as \ed and \ew do not use Unicode
+properties in PCRE by default, though you can make them do so by setting the
+PCRE_UCP option or by starting the pattern with (*UCP).
+.
+.
+.SS Extended grapheme clusters
+.rs
+.sp
+The \eX escape matches any number of Unicode characters that form an "extended
+grapheme cluster", and treats the sequence as an atomic group
+.\" HTML <a href="#atomicgroup">
+.\" </a>
+(see below).
+.\"
+Up to and including release 8.31, PCRE matched an earlier, simpler definition
+that was equivalent to
+.sp
+  (?>\ePM\epM*)
+.sp
+That is, it matched a character without the "mark" property, followed by zero
+or more characters with the "mark" property. Characters with the "mark"
+property are typically non-spacing accents that affect the preceding character.
+.P
+This simple definition was extended in Unicode to include more complicated
+kinds of composite character by giving each character a grapheme breaking
+property, and creating rules that use these properties to define the boundaries
+of extended grapheme clusters. In releases of PCRE later than 8.31, \eX matches
+one of these clusters.
+.P
+\eX always matches at least one character. Then it decides whether to add
+additional characters according to the following rules for ending a cluster:
+.P
+1. End at the end of the subject string.
+.P
+2. Do not end between CR and LF; otherwise end after any control character.
+.P
+3. Do not break Hangul (a Korean script) syllable sequences. Hangul characters
+are of five types: L, V, T, LV, and LVT. An L character may be followed by an
+L, V, LV, or LVT character; an LV or V character may be followed by a V or T
+character; an LVT or T character may be follwed only by a T character.
+.P
+4. Do not end before extending characters or spacing marks. Characters with
+the "mark" property always have the "extend" grapheme breaking property.
+.P
+5. Do not end after prepend characters.
+.P
+6. Otherwise, end the cluster.
+.
+.
+.\" HTML <a name="extraprops"></a>
+.SS PCRE's additional properties
+.rs
+.sp
+As well as the standard Unicode properties described above, PCRE supports four
+more that make it possible to convert traditional escape sequences such as \ew
+and \es to use Unicode properties. PCRE uses these non-standard, non-Perl
+properties internally when PCRE_UCP is set. However, they may also be used
+explicitly. These properties are:
+.sp
+  Xan   Any alphanumeric character
+  Xps   Any POSIX space character
+  Xsp   Any Perl space character
+  Xwd   Any Perl "word" character
+.sp
+Xan matches characters that have either the L (letter) or the N (number)
+property. Xps matches the characters tab, linefeed, vertical tab, form feed, or
+carriage return, and any other character that has the Z (separator) property.
+Xsp is the same as Xps; it used to exclude vertical tab, for Perl
+compatibility, but Perl changed, and so PCRE followed at release 8.34. Xwd
+matches the same characters as Xan, plus underscore.
+.P
+There is another non-standard property, Xuc, which matches any character that
+can be represented by a Universal Character Name in C++ and other programming
+languages. These are the characters $, @, ` (grave accent), and all characters
+with Unicode code points greater than or equal to U+00A0, except for the
+surrogates U+D800 to U+DFFF. Note that most base (ASCII) characters are
+excluded. (Universal Character Names are of the form \euHHHH or \eUHHHHHHHH
+where H is a hexadecimal digit. Note that the Xuc property does not match these
+sequences but the characters that they represent.)
+.
+.
+.\" HTML <a name="resetmatchstart"></a>
+.SS "Resetting the match start"
+.rs
+.sp
+The escape sequence \eK causes any previously matched characters not to be
+included in the final matched sequence. For example, the pattern:
+.sp
+  foo\eKbar
+.sp
+matches "foobar", but reports that it has matched "bar". This feature is
+similar to a lookbehind assertion
+.\" HTML <a href="#lookbehind">
+.\" </a>
+(described below).
+.\"
+However, in this case, the part of the subject before the real match does not
+have to be of fixed length, as lookbehind assertions do. The use of \eK does
+not interfere with the setting of
+.\" HTML <a href="#subpattern">
+.\" </a>
+captured substrings.
+.\"
+For example, when the pattern
+.sp
+  (foo)\eKbar
+.sp
+matches "foobar", the first substring is still set to "foo".
+.P
+Perl documents that the use of \eK within assertions is "not well defined". In
+PCRE, \eK is acted upon when it occurs inside positive assertions, but is
+ignored in negative assertions. Note that when a pattern such as (?=ab\eK)
+matches, the reported start of the match can be greater than the end of the
+match.
+.
+.
+.\" HTML <a name="smallassertions"></a>
+.SS "Simple assertions"
+.rs
+.sp
+The final use of backslash is for certain simple assertions. An assertion
+specifies a condition that has to be met at a particular point in a match,
+without consuming any characters from the subject string. The use of
+subpatterns for more complicated assertions is described
+.\" HTML <a href="#bigassertions">
+.\" </a>
+below.
+.\"
+The backslashed assertions are:
+.sp
+  \eb     matches at a word boundary
+  \eB     matches when not at a word boundary
+  \eA     matches at the start of the subject
+  \eZ     matches at the end of the subject
+          also matches before a newline at the end of the subject
+  \ez     matches only at the end of the subject
+  \eG     matches at the first matching position in the subject
+.sp
+Inside a character class, \eb has a different meaning; it matches the backspace
+character. If any other of these assertions appears in a character class, by
+default it matches the corresponding literal character (for example, \eB
+matches the letter B). However, if the PCRE_EXTRA option is set, an "invalid
+escape sequence" error is generated instead.
+.P
+A word boundary is a position in the subject string where the current character
+and the previous character do not both match \ew or \eW (i.e. one matches
+\ew and the other matches \eW), or the start or end of the string if the
+first or last character matches \ew, respectively. In a UTF mode, the meanings
+of \ew and \eW can be changed by setting the PCRE_UCP option. When this is
+done, it also affects \eb and \eB. Neither PCRE nor Perl has a separate "start
+of word" or "end of word" metasequence. However, whatever follows \eb normally
+determines which it is. For example, the fragment \eba matches "a" at the start
+of a word.
+.P
+The \eA, \eZ, and \ez assertions differ from the traditional circumflex and
+dollar (described in the next section) in that they only ever match at the very
+start and end of the subject string, whatever options are set. Thus, they are
+independent of multiline mode. These three assertions are not affected by the
+PCRE_NOTBOL or PCRE_NOTEOL options, which affect only the behaviour of the
+circumflex and dollar metacharacters. However, if the \fIstartoffset\fP
+argument of \fBpcre_exec()\fP is non-zero, indicating that matching is to start
+at a point other than the beginning of the subject, \eA can never match. The
+difference between \eZ and \ez is that \eZ matches before a newline at the end
+of the string as well as at the very end, whereas \ez matches only at the end.
+.P
+The \eG assertion is true only when the current matching position is at the
+start point of the match, as specified by the \fIstartoffset\fP argument of
+\fBpcre_exec()\fP. It differs from \eA when the value of \fIstartoffset\fP is
+non-zero. By calling \fBpcre_exec()\fP multiple times with appropriate
+arguments, you can mimic Perl's /g option, and it is in this kind of
+implementation where \eG can be useful.
+.P
+Note, however, that PCRE's interpretation of \eG, as the start of the current
+match, is subtly different from Perl's, which defines it as the end of the
+previous match. In Perl, these can be different when the previously matched
+string was empty. Because PCRE does just one match at a time, it cannot
+reproduce this behaviour.
+.P
+If all the alternatives of a pattern begin with \eG, the expression is anchored
+to the starting match position, and the "anchored" flag is set in the compiled
+regular expression.
+.
+.
+.SH "CIRCUMFLEX AND DOLLAR"
+.rs
+.sp
+The circumflex and dollar metacharacters are zero-width assertions. That is,
+they test for a particular condition being true without consuming any
+characters from the subject string.
+.P
+Outside a character class, in the default matching mode, the circumflex
+character is an assertion that is true only if the current matching point is at
+the start of the subject string. If the \fIstartoffset\fP argument of
+\fBpcre_exec()\fP is non-zero, circumflex can never match if the PCRE_MULTILINE
+option is unset. Inside a character class, circumflex has an entirely different
+meaning
+.\" HTML <a href="#characterclass">
+.\" </a>
+(see below).
+.\"
+.P
+Circumflex need not be the first character of the pattern if a number of
+alternatives are involved, but it should be the first thing in each alternative
+in which it appears if the pattern is ever to match that branch. If all
+possible alternatives start with a circumflex, that is, if the pattern is
+constrained to match only at the start of the subject, it is said to be an
+"anchored" pattern. (There are also other constructs that can cause a pattern
+to be anchored.)
+.P
+The dollar character is an assertion that is true only if the current matching
+point is at the end of the subject string, or immediately before a newline at
+the end of the string (by default). Note, however, that it does not actually
+match the newline. Dollar need not be the last character of the pattern if a
+number of alternatives are involved, but it should be the last item in any
+branch in which it appears. Dollar has no special meaning in a character class.
+.P
+The meaning of dollar can be changed so that it matches only at the very end of
+the string, by setting the PCRE_DOLLAR_ENDONLY option at compile time. This
+does not affect the \eZ assertion.
+.P
+The meanings of the circumflex and dollar characters are changed if the
+PCRE_MULTILINE option is set. When this is the case, a circumflex matches
+immediately after internal newlines as well as at the start of the subject
+string. It does not match after a newline that ends the string. A dollar
+matches before any newlines in the string, as well as at the very end, when
+PCRE_MULTILINE is set. When newline is specified as the two-character
+sequence CRLF, isolated CR and LF characters do not indicate newlines.
+.P
+For example, the pattern /^abc$/ matches the subject string "def\enabc" (where
+\en represents a newline) in multiline mode, but not otherwise. Consequently,
+patterns that are anchored in single line mode because all branches start with
+^ are not anchored in multiline mode, and a match for circumflex is possible
+when the \fIstartoffset\fP argument of \fBpcre_exec()\fP is non-zero. The
+PCRE_DOLLAR_ENDONLY option is ignored if PCRE_MULTILINE is set.
+.P
+Note that the sequences \eA, \eZ, and \ez can be used to match the start and
+end of the subject in both modes, and if all branches of a pattern start with
+\eA it is always anchored, whether or not PCRE_MULTILINE is set.
+.
+.
+.\" HTML <a name="fullstopdot"></a>
+.SH "FULL STOP (PERIOD, DOT) AND \eN"
+.rs
+.sp
+Outside a character class, a dot in the pattern matches any one character in
+the subject string except (by default) a character that signifies the end of a
+line.
+.P
+When a line ending is defined as a single character, dot never matches that
+character; when the two-character sequence CRLF is used, dot does not match CR
+if it is immediately followed by LF, but otherwise it matches all characters
+(including isolated CRs and LFs). When any Unicode line endings are being
+recognized, dot does not match CR or LF or any of the other line ending
+characters.
+.P
+The behaviour of dot with regard to newlines can be changed. If the PCRE_DOTALL
+option is set, a dot matches any one character, without exception. If the
+two-character sequence CRLF is present in the subject string, it takes two dots
+to match it.
+.P
+The handling of dot is entirely independent of the handling of circumflex and
+dollar, the only relationship being that they both involve newlines. Dot has no
+special meaning in a character class.
+.P
+The escape sequence \eN behaves like a dot, except that it is not affected by
+the PCRE_DOTALL option. In other words, it matches any character except one
+that signifies the end of a line. Perl also uses \eN to match characters by
+name; PCRE does not support this.
+.
+.
+.SH "MATCHING A SINGLE DATA UNIT"
+.rs
+.sp
+Outside a character class, the escape sequence \eC matches any one data unit,
+whether or not a UTF mode is set. In the 8-bit library, one data unit is one
+byte; in the 16-bit library it is a 16-bit unit; in the 32-bit library it is
+a 32-bit unit. Unlike a dot, \eC always
+matches line-ending characters. The feature is provided in Perl in order to
+match individual bytes in UTF-8 mode, but it is unclear how it can usefully be
+used. Because \eC breaks up characters into individual data units, matching one
+unit with \eC in a UTF mode means that the rest of the string may start with a
+malformed UTF character. This has undefined results, because PCRE assumes that
+it is dealing with valid UTF strings (and by default it checks this at the
+start of processing unless the PCRE_NO_UTF8_CHECK, PCRE_NO_UTF16_CHECK or
+PCRE_NO_UTF32_CHECK option is used).
+.P
+PCRE does not allow \eC to appear in lookbehind assertions
+.\" HTML <a href="#lookbehind">
+.\" </a>
+(described below)
+.\"
+in a UTF mode, because this would make it impossible to calculate the length of
+the lookbehind.
+.P
+In general, the \eC escape sequence is best avoided. However, one
+way of using it that avoids the problem of malformed UTF characters is to use a
+lookahead to check the length of the next character, as in this pattern, which
+could be used with a UTF-8 string (ignore white space and line breaks):
+.sp
+  (?| (?=[\ex00-\ex7f])(\eC) |
+      (?=[\ex80-\ex{7ff}])(\eC)(\eC) |
+      (?=[\ex{800}-\ex{ffff}])(\eC)(\eC)(\eC) |
+      (?=[\ex{10000}-\ex{1fffff}])(\eC)(\eC)(\eC)(\eC))
+.sp
+A group that starts with (?| resets the capturing parentheses numbers in each
+alternative (see
+.\" HTML <a href="#dupsubpatternnumber">
+.\" </a>
+"Duplicate Subpattern Numbers"
+.\"
+below). The assertions at the start of each branch check the next UTF-8
+character for values whose encoding uses 1, 2, 3, or 4 bytes, respectively. The
+character's individual bytes are then captured by the appropriate number of
+groups.
+.
+.
+.\" HTML <a name="characterclass"></a>
+.SH "SQUARE BRACKETS AND CHARACTER CLASSES"
+.rs
+.sp
+An opening square bracket introduces a character class, terminated by a closing
+square bracket. A closing square bracket on its own is not special by default.
+However, if the PCRE_JAVASCRIPT_COMPAT option is set, a lone closing square
+bracket causes a compile-time error. If a closing square bracket is required as
+a member of the class, it should be the first data character in the class
+(after an initial circumflex, if present) or escaped with a backslash.
+.P
+A character class matches a single character in the subject. In a UTF mode, the
+character may be more than one data unit long. A matched character must be in
+the set of characters defined by the class, unless the first character in the
+class definition is a circumflex, in which case the subject character must not
+be in the set defined by the class. If a circumflex is actually required as a
+member of the class, ensure it is not the first character, or escape it with a
+backslash.
+.P
+For example, the character class [aeiou] matches any lower case vowel, while
+[^aeiou] matches any character that is not a lower case vowel. Note that a
+circumflex is just a convenient notation for specifying the characters that
+are in the class by enumerating those that are not. A class that starts with a
+circumflex is not an assertion; it still consumes a character from the subject
+string, and therefore it fails if the current pointer is at the end of the
+string.
+.P
+In UTF-8 (UTF-16, UTF-32) mode, characters with values greater than 255 (0xffff)
+can be included in a class as a literal string of data units, or by using the
+\ex{ escaping mechanism.
+.P
+When caseless matching is set, any letters in a class represent both their
+upper case and lower case versions, so for example, a caseless [aeiou] matches
+"A" as well as "a", and a caseless [^aeiou] does not match "A", whereas a
+caseful version would. In a UTF mode, PCRE always understands the concept of
+case for characters whose values are less than 128, so caseless matching is
+always possible. For characters with higher values, the concept of case is
+supported if PCRE is compiled with Unicode property support, but not otherwise.
+If you want to use caseless matching in a UTF mode for characters 128 and
+above, you must ensure that PCRE is compiled with Unicode property support as
+well as with UTF support.
+.P
+Characters that might indicate line breaks are never treated in any special way
+when matching character classes, whatever line-ending sequence is in use, and
+whatever setting of the PCRE_DOTALL and PCRE_MULTILINE options is used. A class
+such as [^a] always matches one of these characters.
+.P
+The minus (hyphen) character can be used to specify a range of characters in a
+character class. For example, [d-m] matches any letter between d and m,
+inclusive. If a minus character is required in a class, it must be escaped with
+a backslash or appear in a position where it cannot be interpreted as
+indicating a range, typically as the first or last character in the class, or
+immediately after a range. For example, [b-d-z] matches letters in the range b
+to d, a hyphen character, or z.
+.P
+It is not possible to have the literal character "]" as the end character of a
+range. A pattern such as [W-]46] is interpreted as a class of two characters
+("W" and "-") followed by a literal string "46]", so it would match "W46]" or
+"-46]". However, if the "]" is escaped with a backslash it is interpreted as
+the end of range, so [W-\e]46] is interpreted as a class containing a range
+followed by two other characters. The octal or hexadecimal representation of
+"]" can also be used to end a range.
+.P
+An error is generated if a POSIX character class (see below) or an escape
+sequence other than one that defines a single character appears at a point
+where a range ending character is expected. For example, [z-\exff] is valid,
+but [A-\ed] and [A-[:digit:]] are not.
+.P
+Ranges operate in the collating sequence of character values. They can also be
+used for characters specified numerically, for example [\e000-\e037]. Ranges
+can include any characters that are valid for the current mode.
+.P
+If a range that includes letters is used when caseless matching is set, it
+matches the letters in either case. For example, [W-c] is equivalent to
+[][\e\e^_`wxyzabc], matched caselessly, and in a non-UTF mode, if character
+tables for a French locale are in use, [\exc8-\excb] matches accented E
+characters in both cases. In UTF modes, PCRE supports the concept of case for
+characters with values greater than 128 only when it is compiled with Unicode
+property support.
+.P
+The character escape sequences \ed, \eD, \eh, \eH, \ep, \eP, \es, \eS, \ev,
+\eV, \ew, and \eW may appear in a character class, and add the characters that
+they match to the class. For example, [\edABCDEF] matches any hexadecimal
+digit. In UTF modes, the PCRE_UCP option affects the meanings of \ed, \es, \ew
+and their upper case partners, just as it does when they appear outside a
+character class, as described in the section entitled
+.\" HTML <a href="#genericchartypes">
+.\" </a>
+"Generic character types"
+.\"
+above. The escape sequence \eb has a different meaning inside a character
+class; it matches the backspace character. The sequences \eB, \eN, \eR, and \eX
+are not special inside a character class. Like any other unrecognized escape
+sequences, they are treated as the literal characters "B", "N", "R", and "X" by
+default, but cause an error if the PCRE_EXTRA option is set.
+.P
+A circumflex can conveniently be used with the upper case character types to
+specify a more restricted set of characters than the matching lower case type.
+For example, the class [^\eW_] matches any letter or digit, but not underscore,
+whereas [\ew] includes underscore. A positive character class should be read as
+"something OR something OR ..." and a negative class as "NOT something AND NOT
+something AND NOT ...".
+.P
+The only metacharacters that are recognized in character classes are backslash,
+hyphen (only where it can be interpreted as specifying a range), circumflex
+(only at the start), opening square bracket (only when it can be interpreted as
+introducing a POSIX class name, or for a special compatibility feature - see
+the next two sections), and the terminating closing square bracket. However,
+escaping other non-alphanumeric characters does no harm.
+.
+.
+.SH "POSIX CHARACTER CLASSES"
+.rs
+.sp
+Perl supports the POSIX notation for character classes. This uses names
+enclosed by [: and :] within the enclosing square brackets. PCRE also supports
+this notation. For example,
+.sp
+  [01[:alpha:]%]
+.sp
+matches "0", "1", any alphabetic character, or "%". The supported class names
+are:
+.sp
+  alnum    letters and digits
+  alpha    letters
+  ascii    character codes 0 - 127
+  blank    space or tab only
+  cntrl    control characters
+  digit    decimal digits (same as \ed)
+  graph    printing characters, excluding space
+  lower    lower case letters
+  print    printing characters, including space
+  punct    printing characters, excluding letters and digits and space
+  space    white space (the same as \es from PCRE 8.34)
+  upper    upper case letters
+  word     "word" characters (same as \ew)
+  xdigit   hexadecimal digits
+.sp
+The default "space" characters are HT (9), LF (10), VT (11), FF (12), CR (13),
+and space (32). If locale-specific matching is taking place, the list of space
+characters may be different; there may be fewer or more of them. "Space" used
+to be different to \es, which did not include VT, for Perl compatibility.
+However, Perl changed at release 5.18, and PCRE followed at release 8.34.
+"Space" and \es now match the same set of characters.
+.P
+The name "word" is a Perl extension, and "blank" is a GNU extension from Perl
+5.8. Another Perl extension is negation, which is indicated by a ^ character
+after the colon. For example,
+.sp
+  [12[:^digit:]]
+.sp
+matches "1", "2", or any non-digit. PCRE (and Perl) also recognize the POSIX
+syntax [.ch.] and [=ch=] where "ch" is a "collating element", but these are not
+supported, and an error is given if they are encountered.
+.P
+By default, characters with values greater than 128 do not match any of the
+POSIX character classes. However, if the PCRE_UCP option is passed to
+\fBpcre_compile()\fP, some of the classes are changed so that Unicode character
+properties are used. This is achieved by replacing certain POSIX classes by
+other sequences, as follows:
+.sp
+  [:alnum:]  becomes  \ep{Xan}
+  [:alpha:]  becomes  \ep{L}
+  [:blank:]  becomes  \eh
+  [:digit:]  becomes  \ep{Nd}
+  [:lower:]  becomes  \ep{Ll}
+  [:space:]  becomes  \ep{Xps}
+  [:upper:]  becomes  \ep{Lu}
+  [:word:]   becomes  \ep{Xwd}
+.sp
+Negated versions, such as [:^alpha:] use \eP instead of \ep. Three other POSIX
+classes are handled specially in UCP mode:
+.TP 10
+[:graph:]
+This matches characters that have glyphs that mark the page when printed. In
+Unicode property terms, it matches all characters with the L, M, N, P, S, or Cf
+properties, except for:
+.sp
+  U+061C           Arabic Letter Mark
+  U+180E           Mongolian Vowel Separator
+  U+2066 - U+2069  Various "isolate"s
+.sp
+.TP 10
+[:print:]
+This matches the same characters as [:graph:] plus space characters that are
+not controls, that is, characters with the Zs property.
+.TP 10
+[:punct:]
+This matches all characters that have the Unicode P (punctuation) property,
+plus those characters whose code points are less than 128 that have the S
+(Symbol) property.
+.P
+The other POSIX classes are unchanged, and match only characters with code
+points less than 128.
+.
+.
+.SH "COMPATIBILITY FEATURE FOR WORD BOUNDARIES"
+.rs
+.sp
+In the POSIX.2 compliant library that was included in 4.4BSD Unix, the ugly
+syntax [[:<:]] and [[:>:]] is used for matching "start of word" and "end of
+word". PCRE treats these items as follows:
+.sp
+  [[:<:]]  is converted to  \eb(?=\ew)
+  [[:>:]]  is converted to  \eb(?<=\ew)
+.sp
+Only these exact character sequences are recognized. A sequence such as
+[a[:<:]b] provokes error for an unrecognized POSIX class name. This support is
+not compatible with Perl. It is provided to help migrations from other
+environments, and is best not used in any new patterns. Note that \eb matches
+at the start and the end of a word (see
+.\" HTML <a href="#smallassertions">
+.\" </a>
+"Simple assertions"
+.\"
+above), and in a Perl-style pattern the preceding or following character
+normally shows which is wanted, without the need for the assertions that are
+used above in order to give exactly the POSIX behaviour.
+.
+.
+.SH "VERTICAL BAR"
+.rs
+.sp
+Vertical bar characters are used to separate alternative patterns. For example,
+the pattern
+.sp
+  gilbert|sullivan
+.sp
+matches either "gilbert" or "sullivan". Any number of alternatives may appear,
+and an empty alternative is permitted (matching the empty string). The matching
+process tries each alternative in turn, from left to right, and the first one
+that succeeds is used. If the alternatives are within a subpattern
+.\" HTML <a href="#subpattern">
+.\" </a>
+(defined below),
+.\"
+"succeeds" means matching the rest of the main pattern as well as the
+alternative in the subpattern.
+.
+.
+.SH "INTERNAL OPTION SETTING"
+.rs
+.sp
+The settings of the PCRE_CASELESS, PCRE_MULTILINE, PCRE_DOTALL, and
+PCRE_EXTENDED options (which are Perl-compatible) can be changed from within
+the pattern by a sequence of Perl option letters enclosed between "(?" and ")".
+The option letters are
+.sp
+  i  for PCRE_CASELESS
+  m  for PCRE_MULTILINE
+  s  for PCRE_DOTALL
+  x  for PCRE_EXTENDED
+.sp
+For example, (?im) sets caseless, multiline matching. It is also possible to
+unset these options by preceding the letter with a hyphen, and a combined
+setting and unsetting such as (?im-sx), which sets PCRE_CASELESS and
+PCRE_MULTILINE while unsetting PCRE_DOTALL and PCRE_EXTENDED, is also
+permitted. If a letter appears both before and after the hyphen, the option is
+unset.
+.P
+The PCRE-specific options PCRE_DUPNAMES, PCRE_UNGREEDY, and PCRE_EXTRA can be
+changed in the same way as the Perl-compatible options by using the characters
+J, U and X respectively.
+.P
+When one of these option changes occurs at top level (that is, not inside
+subpattern parentheses), the change applies to the remainder of the pattern
+that follows. An option change within a subpattern (see below for a description
+of subpatterns) affects only that part of the subpattern that follows it, so
+.sp
+  (a(?i)b)c
+.sp
+matches abc and aBc and no other strings (assuming PCRE_CASELESS is not used).
+By this means, options can be made to have different settings in different
+parts of the pattern. Any changes made in one alternative do carry on
+into subsequent branches within the same subpattern. For example,
+.sp
+  (a(?i)b|c)
+.sp
+matches "ab", "aB", "c", and "C", even though when matching "C" the first
+branch is abandoned before the option setting. This is because the effects of
+option settings happen at compile time. There would be some very weird
+behaviour otherwise.
+.P
+\fBNote:\fP There are other PCRE-specific options that can be set by the
+application when the compiling or matching functions are called. In some cases
+the pattern can contain special leading sequences such as (*CRLF) to override
+what the application has set or what has been defaulted. Details are given in
+the section entitled
+.\" HTML <a href="#newlineseq">
+.\" </a>
+"Newline sequences"
+.\"
+above. There are also the (*UTF8), (*UTF16),(*UTF32), and (*UCP) leading
+sequences that can be used to set UTF and Unicode property modes; they are
+equivalent to setting the PCRE_UTF8, PCRE_UTF16, PCRE_UTF32 and the PCRE_UCP
+options, respectively. The (*UTF) sequence is a generic version that can be
+used with any of the libraries. However, the application can set the
+PCRE_NEVER_UTF option, which locks out the use of the (*UTF) sequences.
+.
+.
+.\" HTML <a name="subpattern"></a>
+.SH SUBPATTERNS
+.rs
+.sp
+Subpatterns are delimited by parentheses (round brackets), which can be nested.
+Turning part of a pattern into a subpattern does two things:
+.sp
+1. It localizes a set of alternatives. For example, the pattern
+.sp
+  cat(aract|erpillar|)
+.sp
+matches "cataract", "caterpillar", or "cat". Without the parentheses, it would
+match "cataract", "erpillar" or an empty string.
+.sp
+2. It sets up the subpattern as a capturing subpattern. This means that, when
+the whole pattern matches, that portion of the subject string that matched the
+subpattern is passed back to the caller via the \fIovector\fP argument of the
+matching function. (This applies only to the traditional matching functions;
+the DFA matching functions do not support capturing.)
+.P
+Opening parentheses are counted from left to right (starting from 1) to obtain
+numbers for the capturing subpatterns. For example, if the string "the red
+king" is matched against the pattern
+.sp
+  the ((red|white) (king|queen))
+.sp
+the captured substrings are "red king", "red", and "king", and are numbered 1,
+2, and 3, respectively.
+.P
+The fact that plain parentheses fulfil two functions is not always helpful.
+There are often times when a grouping subpattern is required without a
+capturing requirement. If an opening parenthesis is followed by a question mark
+and a colon, the subpattern does not do any capturing, and is not counted when
+computing the number of any subsequent capturing subpatterns. For example, if
+the string "the white queen" is matched against the pattern
+.sp
+  the ((?:red|white) (king|queen))
+.sp
+the captured substrings are "white queen" and "queen", and are numbered 1 and
+2. The maximum number of capturing subpatterns is 65535.
+.P
+As a convenient shorthand, if any option settings are required at the start of
+a non-capturing subpattern, the option letters may appear between the "?" and
+the ":". Thus the two patterns
+.sp
+  (?i:saturday|sunday)
+  (?:(?i)saturday|sunday)
+.sp
+match exactly the same set of strings. Because alternative branches are tried
+from left to right, and options are not reset until the end of the subpattern
+is reached, an option setting in one branch does affect subsequent branches, so
+the above patterns match "SUNDAY" as well as "Saturday".
+.
+.
+.\" HTML <a name="dupsubpatternnumber"></a>
+.SH "DUPLICATE SUBPATTERN NUMBERS"
+.rs
+.sp
+Perl 5.10 introduced a feature whereby each alternative in a subpattern uses
+the same numbers for its capturing parentheses. Such a subpattern starts with
+(?| and is itself a non-capturing subpattern. For example, consider this
+pattern:
+.sp
+  (?|(Sat)ur|(Sun))day
+.sp
+Because the two alternatives are inside a (?| group, both sets of capturing
+parentheses are numbered one. Thus, when the pattern matches, you can look
+at captured substring number one, whichever alternative matched. This construct
+is useful when you want to capture part, but not all, of one of a number of
+alternatives. Inside a (?| group, parentheses are numbered as usual, but the
+number is reset at the start of each branch. The numbers of any capturing
+parentheses that follow the subpattern start after the highest number used in
+any branch. The following example is taken from the Perl documentation. The
+numbers underneath show in which buffer the captured content will be stored.
+.sp
+  # before  ---------------branch-reset----------- after
+  / ( a )  (?| x ( y ) z | (p (q) r) | (t) u (v) ) ( z ) /x
+  # 1            2         2  3        2     3     4
+.sp
+A back reference to a numbered subpattern uses the most recent value that is
+set for that number by any subpattern. The following pattern matches "abcabc"
+or "defdef":
+.sp
+  /(?|(abc)|(def))\e1/
+.sp
+In contrast, a subroutine call to a numbered subpattern always refers to the
+first one in the pattern with the given number. The following pattern matches
+"abcabc" or "defabc":
+.sp
+  /(?|(abc)|(def))(?1)/
+.sp
+If a
+.\" HTML <a href="#conditions">
+.\" </a>
+condition test
+.\"
+for a subpattern's having matched refers to a non-unique number, the test is
+true if any of the subpatterns of that number have matched.
+.P
+An alternative approach to using this "branch reset" feature is to use
+duplicate named subpatterns, as described in the next section.
+.
+.
+.SH "NAMED SUBPATTERNS"
+.rs
+.sp
+Identifying capturing parentheses by number is simple, but it can be very hard
+to keep track of the numbers in complicated regular expressions. Furthermore,
+if an expression is modified, the numbers may change. To help with this
+difficulty, PCRE supports the naming of subpatterns. This feature was not
+added to Perl until release 5.10. Python had the feature earlier, and PCRE
+introduced it at release 4.0, using the Python syntax. PCRE now supports both
+the Perl and the Python syntax. Perl allows identically numbered subpatterns to
+have different names, but PCRE does not.
+.P
+In PCRE, a subpattern can be named in one of three ways: (?<name>...) or
+(?'name'...) as in Perl, or (?P<name>...) as in Python. References to capturing
+parentheses from other parts of the pattern, such as
+.\" HTML <a href="#backreferences">
+.\" </a>
+back references,
+.\"
+.\" HTML <a href="#recursion">
+.\" </a>
+recursion,
+.\"
+and
+.\" HTML <a href="#conditions">
+.\" </a>
+conditions,
+.\"
+can be made by name as well as by number.
+.P
+Names consist of up to 32 alphanumeric characters and underscores, but must
+start with a non-digit. Named capturing parentheses are still allocated numbers
+as well as names, exactly as if the names were not present. The PCRE API
+provides function calls for extracting the name-to-number translation table
+from a compiled pattern. There is also a convenience function for extracting a
+captured substring by name.
+.P
+By default, a name must be unique within a pattern, but it is possible to relax
+this constraint by setting the PCRE_DUPNAMES option at compile time. (Duplicate
+names are also always permitted for subpatterns with the same number, set up as
+described in the previous section.) Duplicate names can be useful for patterns
+where only one instance of the named parentheses can match. Suppose you want to
+match the name of a weekday, either as a 3-letter abbreviation or as the full
+name, and in both cases you want to extract the abbreviation. This pattern
+(ignoring the line breaks) does the job:
+.sp
+  (?<DN>Mon|Fri|Sun)(?:day)?|
+  (?<DN>Tue)(?:sday)?|
+  (?<DN>Wed)(?:nesday)?|
+  (?<DN>Thu)(?:rsday)?|
+  (?<DN>Sat)(?:urday)?
+.sp
+There are five capturing substrings, but only one is ever set after a match.
+(An alternative way of solving this problem is to use a "branch reset"
+subpattern, as described in the previous section.)
+.P
+The convenience function for extracting the data by name returns the substring
+for the first (and in this example, the only) subpattern of that name that
+matched. This saves searching to find which numbered subpattern it was.
+.P
+If you make a back reference to a non-unique named subpattern from elsewhere in
+the pattern, the subpatterns to which the name refers are checked in the order
+in which they appear in the overall pattern. The first one that is set is used
+for the reference. For example, this pattern matches both "foofoo" and
+"barbar" but not "foobar" or "barfoo":
+.sp
+  (?:(?<n>foo)|(?<n>bar))\ek<n>
+.sp
+.P
+If you make a subroutine call to a non-unique named subpattern, the one that
+corresponds to the first occurrence of the name is used. In the absence of
+duplicate numbers (see the previous section) this is the one with the lowest
+number.
+.P
+If you use a named reference in a condition
+test (see the
+.\"
+.\" HTML <a href="#conditions">
+.\" </a>
+section about conditions
+.\"
+below), either to check whether a subpattern has matched, or to check for
+recursion, all subpatterns with the same name are tested. If the condition is
+true for any one of them, the overall condition is true. This is the same
+behaviour as testing by number. For further details of the interfaces for
+handling named subpatterns, see the
+.\" HREF
+\fBpcreapi\fP
+.\"
+documentation.
+.P
+\fBWarning:\fP You cannot use different names to distinguish between two
+subpatterns with the same number because PCRE uses only the numbers when
+matching. For this reason, an error is given at compile time if different names
+are given to subpatterns with the same number. However, you can always give the
+same name to subpatterns with the same number, even when PCRE_DUPNAMES is not
+set.
+.
+.
+.SH REPETITION
+.rs
+.sp
+Repetition is specified by quantifiers, which can follow any of the following
+items:
+.sp
+  a literal data character
+  the dot metacharacter
+  the \eC escape sequence
+  the \eX escape sequence
+  the \eR escape sequence
+  an escape such as \ed or \epL that matches a single character
+  a character class
+  a back reference (see next section)
+  a parenthesized subpattern (including assertions)
+  a subroutine call to a subpattern (recursive or otherwise)
+.sp
+The general repetition quantifier specifies a minimum and maximum number of
+permitted matches, by giving the two numbers in curly brackets (braces),
+separated by a comma. The numbers must be less than 65536, and the first must
+be less than or equal to the second. For example:
+.sp
+  z{2,4}
+.sp
+matches "zz", "zzz", or "zzzz". A closing brace on its own is not a special
+character. If the second number is omitted, but the comma is present, there is
+no upper limit; if the second number and the comma are both omitted, the
+quantifier specifies an exact number of required matches. Thus
+.sp
+  [aeiou]{3,}
+.sp
+matches at least 3 successive vowels, but may match many more, while
+.sp
+  \ed{8}
+.sp
+matches exactly 8 digits. An opening curly bracket that appears in a position
+where a quantifier is not allowed, or one that does not match the syntax of a
+quantifier, is taken as a literal character. For example, {,6} is not a
+quantifier, but a literal string of four characters.
+.P
+In UTF modes, quantifiers apply to characters rather than to individual data
+units. Thus, for example, \ex{100}{2} matches two characters, each of
+which is represented by a two-byte sequence in a UTF-8 string. Similarly,
+\eX{3} matches three Unicode extended grapheme clusters, each of which may be
+several data units long (and they may be of different lengths).
+.P
+The quantifier {0} is permitted, causing the expression to behave as if the
+previous item and the quantifier were not present. This may be useful for
+subpatterns that are referenced as
+.\" HTML <a href="#subpatternsassubroutines">
+.\" </a>
+subroutines
+.\"
+from elsewhere in the pattern (but see also the section entitled
+.\" HTML <a href="#subdefine">
+.\" </a>
+"Defining subpatterns for use by reference only"
+.\"
+below). Items other than subpatterns that have a {0} quantifier are omitted
+from the compiled pattern.
+.P
+For convenience, the three most common quantifiers have single-character
+abbreviations:
+.sp
+  *    is equivalent to {0,}
+  +    is equivalent to {1,}
+  ?    is equivalent to {0,1}
+.sp
+It is possible to construct infinite loops by following a subpattern that can
+match no characters with a quantifier that has no upper limit, for example:
+.sp
+  (a?)*
+.sp
+Earlier versions of Perl and PCRE used to give an error at compile time for
+such patterns. However, because there are cases where this can be useful, such
+patterns are now accepted, but if any repetition of the subpattern does in fact
+match no characters, the loop is forcibly broken.
+.P
+By default, the quantifiers are "greedy", that is, they match as much as
+possible (up to the maximum number of permitted times), without causing the
+rest of the pattern to fail. The classic example of where this gives problems
+is in trying to match comments in C programs. These appear between /* and */
+and within the comment, individual * and / characters may appear. An attempt to
+match C comments by applying the pattern
+.sp
+  /\e*.*\e*/
+.sp
+to the string
+.sp
+  /* first comment */  not comment  /* second comment */
+.sp
+fails, because it matches the entire string owing to the greediness of the .*
+item.
+.P
+However, if a quantifier is followed by a question mark, it ceases to be
+greedy, and instead matches the minimum number of times possible, so the
+pattern
+.sp
+  /\e*.*?\e*/
+.sp
+does the right thing with the C comments. The meaning of the various
+quantifiers is not otherwise changed, just the preferred number of matches.
+Do not confuse this use of question mark with its use as a quantifier in its
+own right. Because it has two uses, it can sometimes appear doubled, as in
+.sp
+  \ed??\ed
+.sp
+which matches one digit by preference, but can match two if that is the only
+way the rest of the pattern matches.
+.P
+If the PCRE_UNGREEDY option is set (an option that is not available in Perl),
+the quantifiers are not greedy by default, but individual ones can be made
+greedy by following them with a question mark. In other words, it inverts the
+default behaviour.
+.P
+When a parenthesized subpattern is quantified with a minimum repeat count that
+is greater than 1 or with a limited maximum, more memory is required for the
+compiled pattern, in proportion to the size of the minimum or maximum.
+.P
+If a pattern starts with .* or .{0,} and the PCRE_DOTALL option (equivalent
+to Perl's /s) is set, thus allowing the dot to match newlines, the pattern is
+implicitly anchored, because whatever follows will be tried against every
+character position in the subject string, so there is no point in retrying the
+overall match at any position after the first. PCRE normally treats such a
+pattern as though it were preceded by \eA.
+.P
+In cases where it is known that the subject string contains no newlines, it is
+worth setting PCRE_DOTALL in order to obtain this optimization, or
+alternatively using ^ to indicate anchoring explicitly.
+.P
+However, there are some cases where the optimization cannot be used. When .*
+is inside capturing parentheses that are the subject of a back reference
+elsewhere in the pattern, a match at the start may fail where a later one
+succeeds. Consider, for example:
+.sp
+  (.*)abc\e1
+.sp
+If the subject is "xyz123abc123" the match point is the fourth character. For
+this reason, such a pattern is not implicitly anchored.
+.P
+Another case where implicit anchoring is not applied is when the leading .* is
+inside an atomic group. Once again, a match at the start may fail where a later
+one succeeds. Consider this pattern:
+.sp
+  (?>.*?a)b
+.sp
+It matches "ab" in the subject "aab". The use of the backtracking control verbs
+(*PRUNE) and (*SKIP) also disable this optimization.
+.P
+When a capturing subpattern is repeated, the value captured is the substring
+that matched the final iteration. For example, after
+.sp
+  (tweedle[dume]{3}\es*)+
+.sp
+has matched "tweedledum tweedledee" the value of the captured substring is
+"tweedledee". However, if there are nested capturing subpatterns, the
+corresponding captured values may have been set in previous iterations. For
+example, after
+.sp
+  /(a|(b))+/
+.sp
+matches "aba" the value of the second captured substring is "b".
+.
+.
+.\" HTML <a name="atomicgroup"></a>
+.SH "ATOMIC GROUPING AND POSSESSIVE QUANTIFIERS"
+.rs
+.sp
+With both maximizing ("greedy") and minimizing ("ungreedy" or "lazy")
+repetition, failure of what follows normally causes the repeated item to be
+re-evaluated to see if a different number of repeats allows the rest of the
+pattern to match. Sometimes it is useful to prevent this, either to change the
+nature of the match, or to cause it fail earlier than it otherwise might, when
+the author of the pattern knows there is no point in carrying on.
+.P
+Consider, for example, the pattern \ed+foo when applied to the subject line
+.sp
+  123456bar
+.sp
+After matching all 6 digits and then failing to match "foo", the normal
+action of the matcher is to try again with only 5 digits matching the \ed+
+item, and then with 4, and so on, before ultimately failing. "Atomic grouping"
+(a term taken from Jeffrey Friedl's book) provides the means for specifying
+that once a subpattern has matched, it is not to be re-evaluated in this way.
+.P
+If we use atomic grouping for the previous example, the matcher gives up
+immediately on failing to match "foo" the first time. The notation is a kind of
+special parenthesis, starting with (?> as in this example:
+.sp
+  (?>\ed+)foo
+.sp
+This kind of parenthesis "locks up" the  part of the pattern it contains once
+it has matched, and a failure further into the pattern is prevented from
+backtracking into it. Backtracking past it to previous items, however, works as
+normal.
+.P
+An alternative description is that a subpattern of this type matches the string
+of characters that an identical standalone pattern would match, if anchored at
+the current point in the subject string.
+.P
+Atomic grouping subpatterns are not capturing subpatterns. Simple cases such as
+the above example can be thought of as a maximizing repeat that must swallow
+everything it can. So, while both \ed+ and \ed+? are prepared to adjust the
+number of digits they match in order to make the rest of the pattern match,
+(?>\ed+) can only match an entire sequence of digits.
+.P
+Atomic groups in general can of course contain arbitrarily complicated
+subpatterns, and can be nested. However, when the subpattern for an atomic
+group is just a single repeated item, as in the example above, a simpler
+notation, called a "possessive quantifier" can be used. This consists of an
+additional + character following a quantifier. Using this notation, the
+previous example can be rewritten as
+.sp
+  \ed++foo
+.sp
+Note that a possessive quantifier can be used with an entire group, for
+example:
+.sp
+  (abc|xyz){2,3}+
+.sp
+Possessive quantifiers are always greedy; the setting of the PCRE_UNGREEDY
+option is ignored. They are a convenient notation for the simpler forms of
+atomic group. However, there is no difference in the meaning of a possessive
+quantifier and the equivalent atomic group, though there may be a performance
+difference; possessive quantifiers should be slightly faster.
+.P
+The possessive quantifier syntax is an extension to the Perl 5.8 syntax.
+Jeffrey Friedl originated the idea (and the name) in the first edition of his
+book. Mike McCloskey liked it, so implemented it when he built Sun's Java
+package, and PCRE copied it from there. It ultimately found its way into Perl
+at release 5.10.
+.P
+PCRE has an optimization that automatically "possessifies" certain simple
+pattern constructs. For example, the sequence A+B is treated as A++B because
+there is no point in backtracking into a sequence of A's when B must follow.
+.P
+When a pattern contains an unlimited repeat inside a subpattern that can itself
+be repeated an unlimited number of times, the use of an atomic group is the
+only way to avoid some failing matches taking a very long time indeed. The
+pattern
+.sp
+  (\eD+|<\ed+>)*[!?]
+.sp
+matches an unlimited number of substrings that either consist of non-digits, or
+digits enclosed in <>, followed by either ! or ?. When it matches, it runs
+quickly. However, if it is applied to
+.sp
+  aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa
+.sp
+it takes a long time before reporting failure. This is because the string can
+be divided between the internal \eD+ repeat and the external * repeat in a
+large number of ways, and all have to be tried. (The example uses [!?] rather
+than a single character at the end, because both PCRE and Perl have an
+optimization that allows for fast failure when a single character is used. They
+remember the last single character that is required for a match, and fail early
+if it is not present in the string.) If the pattern is changed so that it uses
+an atomic group, like this:
+.sp
+  ((?>\eD+)|<\ed+>)*[!?]
+.sp
+sequences of non-digits cannot be broken, and failure happens quickly.
+.
+.
+.\" HTML <a name="backreferences"></a>
+.SH "BACK REFERENCES"
+.rs
+.sp
+Outside a character class, a backslash followed by a digit greater than 0 (and
+possibly further digits) is a back reference to a capturing subpattern earlier
+(that is, to its left) in the pattern, provided there have been that many
+previous capturing left parentheses.
+.P
+However, if the decimal number following the backslash is less than 10, it is
+always taken as a back reference, and causes an error only if there are not
+that many capturing left parentheses in the entire pattern. In other words, the
+parentheses that are referenced need not be to the left of the reference for
+numbers less than 10. A "forward back reference" of this type can make sense
+when a repetition is involved and the subpattern to the right has participated
+in an earlier iteration.
+.P
+It is not possible to have a numerical "forward back reference" to a subpattern
+whose number is 10 or more using this syntax because a sequence such as \e50 is
+interpreted as a character defined in octal. See the subsection entitled
+"Non-printing characters"
+.\" HTML <a href="#digitsafterbackslash">
+.\" </a>
+above
+.\"
+for further details of the handling of digits following a backslash. There is
+no such problem when named parentheses are used. A back reference to any
+subpattern is possible using named parentheses (see below).
+.P
+Another way of avoiding the ambiguity inherent in the use of digits following a
+backslash is to use the \eg escape sequence. This escape must be followed by an
+unsigned number or a negative number, optionally enclosed in braces. These
+examples are all identical:
+.sp
+  (ring), \e1
+  (ring), \eg1
+  (ring), \eg{1}
+.sp
+An unsigned number specifies an absolute reference without the ambiguity that
+is present in the older syntax. It is also useful when literal digits follow
+the reference. A negative number is a relative reference. Consider this
+example:
+.sp
+  (abc(def)ghi)\eg{-1}
+.sp
+The sequence \eg{-1} is a reference to the most recently started capturing
+subpattern before \eg, that is, is it equivalent to \e2 in this example.
+Similarly, \eg{-2} would be equivalent to \e1. The use of relative references
+can be helpful in long patterns, and also in patterns that are created by
+joining together fragments that contain references within themselves.
+.P
+A back reference matches whatever actually matched the capturing subpattern in
+the current subject string, rather than anything matching the subpattern
+itself (see
+.\" HTML <a href="#subpatternsassubroutines">
+.\" </a>
+"Subpatterns as subroutines"
+.\"
+below for a way of doing that). So the pattern
+.sp
+  (sens|respons)e and \e1ibility
+.sp
+matches "sense and sensibility" and "response and responsibility", but not
+"sense and responsibility". If caseful matching is in force at the time of the
+back reference, the case of letters is relevant. For example,
+.sp
+  ((?i)rah)\es+\e1
+.sp
+matches "rah rah" and "RAH RAH", but not "RAH rah", even though the original
+capturing subpattern is matched caselessly.
+.P
+There are several different ways of writing back references to named
+subpatterns. The .NET syntax \ek{name} and the Perl syntax \ek<name> or
+\ek'name' are supported, as is the Python syntax (?P=name). Perl 5.10's unified
+back reference syntax, in which \eg can be used for both numeric and named
+references, is also supported. We could rewrite the above example in any of
+the following ways:
+.sp
+  (?<p1>(?i)rah)\es+\ek<p1>
+  (?'p1'(?i)rah)\es+\ek{p1}
+  (?P<p1>(?i)rah)\es+(?P=p1)
+  (?<p1>(?i)rah)\es+\eg{p1}
+.sp
+A subpattern that is referenced by name may appear in the pattern before or
+after the reference.
+.P
+There may be more than one back reference to the same subpattern. If a
+subpattern has not actually been used in a particular match, any back
+references to it always fail by default. For example, the pattern
+.sp
+  (a|(bc))\e2
+.sp
+always fails if it starts to match "a" rather than "bc". However, if the
+PCRE_JAVASCRIPT_COMPAT option is set at compile time, a back reference to an
+unset value matches an empty string.
+.P
+Because there may be many capturing parentheses in a pattern, all digits
+following a backslash are taken as part of a potential back reference number.
+If the pattern continues with a digit character, some delimiter must be used to
+terminate the back reference. If the PCRE_EXTENDED option is set, this can be
+white space. Otherwise, the \eg{ syntax or an empty comment (see
+.\" HTML <a href="#comments">
+.\" </a>
+"Comments"
+.\"
+below) can be used.
+.
+.SS "Recursive back references"
+.rs
+.sp
+A back reference that occurs inside the parentheses to which it refers fails
+when the subpattern is first used, so, for example, (a\e1) never matches.
+However, such references can be useful inside repeated subpatterns. For
+example, the pattern
+.sp
+  (a|b\e1)+
+.sp
+matches any number of "a"s and also "aba", "ababbaa" etc. At each iteration of
+the subpattern, the back reference matches the character string corresponding
+to the previous iteration. In order for this to work, the pattern must be such
+that the first iteration does not need to match the back reference. This can be
+done using alternation, as in the example above, or by a quantifier with a
+minimum of zero.
+.P
+Back references of this type cause the group that they reference to be treated
+as an
+.\" HTML <a href="#atomicgroup">
+.\" </a>
+atomic group.
+.\"
+Once the whole group has been matched, a subsequent matching failure cannot
+cause backtracking into the middle of the group.
+.
+.
+.\" HTML <a name="bigassertions"></a>
+.SH ASSERTIONS
+.rs
+.sp
+An assertion is a test on the characters following or preceding the current
+matching point that does not actually consume any characters. The simple
+assertions coded as \eb, \eB, \eA, \eG, \eZ, \ez, ^ and $ are described
+.\" HTML <a href="#smallassertions">
+.\" </a>
+above.
+.\"
+.P
+More complicated assertions are coded as subpatterns. There are two kinds:
+those that look ahead of the current position in the subject string, and those
+that look behind it. An assertion subpattern is matched in the normal way,
+except that it does not cause the current matching position to be changed.
+.P
+Assertion subpatterns are not capturing subpatterns. If such an assertion
+contains capturing subpatterns within it, these are counted for the purposes of
+numbering the capturing subpatterns in the whole pattern. However, substring
+capturing is carried out only for positive assertions. (Perl sometimes, but not
+always, does do capturing in negative assertions.)
+.P
+WARNING: If a positive assertion containing one or more capturing subpatterns
+succeeds, but failure to match later in the pattern causes backtracking over
+this assertion, the captures within the assertion are reset only if no higher
+numbered captures are already set. This is, unfortunately, a fundamental
+limitation of the current implementation, and as PCRE1 is now in
+maintenance-only status, it is unlikely ever to change.
+.P
+For compatibility with Perl, assertion subpatterns may be repeated; though
+it makes no sense to assert the same thing several times, the side effect of
+capturing parentheses may occasionally be useful. In practice, there only three
+cases:
+.sp
+(1) If the quantifier is {0}, the assertion is never obeyed during matching.
+However, it may contain internal capturing parenthesized groups that are called
+from elsewhere via the
+.\" HTML <a href="#subpatternsassubroutines">
+.\" </a>
+subroutine mechanism.
+.\"
+.sp
+(2) If quantifier is {0,n} where n is greater than zero, it is treated as if it
+were {0,1}. At run time, the rest of the pattern match is tried with and
+without the assertion, the order depending on the greediness of the quantifier.
+.sp
+(3) If the minimum repetition is greater than zero, the quantifier is ignored.
+The assertion is obeyed just once when encountered during matching.
+.
+.
+.SS "Lookahead assertions"
+.rs
+.sp
+Lookahead assertions start with (?= for positive assertions and (?! for
+negative assertions. For example,
+.sp
+  \ew+(?=;)
+.sp
+matches a word followed by a semicolon, but does not include the semicolon in
+the match, and
+.sp
+  foo(?!bar)
+.sp
+matches any occurrence of "foo" that is not followed by "bar". Note that the
+apparently similar pattern
+.sp
+  (?!foo)bar
+.sp
+does not find an occurrence of "bar" that is preceded by something other than
+"foo"; it finds any occurrence of "bar" whatsoever, because the assertion
+(?!foo) is always true when the next three characters are "bar". A
+lookbehind assertion is needed to achieve the other effect.
+.P
+If you want to force a matching failure at some point in a pattern, the most
+convenient way to do it is with (?!) because an empty string always matches, so
+an assertion that requires there not to be an empty string must always fail.
+The backtracking control verb (*FAIL) or (*F) is a synonym for (?!).
+.
+.
+.\" HTML <a name="lookbehind"></a>
+.SS "Lookbehind assertions"
+.rs
+.sp
+Lookbehind assertions start with (?<= for positive assertions and (?<! for
+negative assertions. For example,
+.sp
+  (?<!foo)bar
+.sp
+does find an occurrence of "bar" that is not preceded by "foo". The contents of
+a lookbehind assertion are restricted such that all the strings it matches must
+have a fixed length. However, if there are several top-level alternatives, they
+do not all have to have the same fixed length. Thus
+.sp
+  (?<=bullock|donkey)
+.sp
+is permitted, but
+.sp
+  (?<!dogs?|cats?)
+.sp
+causes an error at compile time. Branches that match different length strings
+are permitted only at the top level of a lookbehind assertion. This is an
+extension compared with Perl, which requires all branches to match the same
+length of string. An assertion such as
+.sp
+  (?<=ab(c|de))
+.sp
+is not permitted, because its single top-level branch can match two different
+lengths, but it is acceptable to PCRE if rewritten to use two top-level
+branches:
+.sp
+  (?<=abc|abde)
+.sp
+In some cases, the escape sequence \eK
+.\" HTML <a href="#resetmatchstart">
+.\" </a>
+(see above)
+.\"
+can be used instead of a lookbehind assertion to get round the fixed-length
+restriction.
+.P
+The implementation of lookbehind assertions is, for each alternative, to
+temporarily move the current position back by the fixed length and then try to
+match. If there are insufficient characters before the current position, the
+assertion fails.
+.P
+In a UTF mode, PCRE does not allow the \eC escape (which matches a single data
+unit even in a UTF mode) to appear in lookbehind assertions, because it makes
+it impossible to calculate the length of the lookbehind. The \eX and \eR
+escapes, which can match different numbers of data units, are also not
+permitted.
+.P
+.\" HTML <a href="#subpatternsassubroutines">
+.\" </a>
+"Subroutine"
+.\"
+calls (see below) such as (?2) or (?&X) are permitted in lookbehinds, as long
+as the subpattern matches a fixed-length string.
+.\" HTML <a href="#recursion">
+.\" </a>
+Recursion,
+.\"
+however, is not supported.
+.P
+Possessive quantifiers can be used in conjunction with lookbehind assertions to
+specify efficient matching of fixed-length strings at the end of subject
+strings. Consider a simple pattern such as
+.sp
+  abcd$
+.sp
+when applied to a long string that does not match. Because matching proceeds
+from left to right, PCRE will look for each "a" in the subject and then see if
+what follows matches the rest of the pattern. If the pattern is specified as
+.sp
+  ^.*abcd$
+.sp
+the initial .* matches the entire string at first, but when this fails (because
+there is no following "a"), it backtracks to match all but the last character,
+then all but the last two characters, and so on. Once again the search for "a"
+covers the entire string, from right to left, so we are no better off. However,
+if the pattern is written as
+.sp
+  ^.*+(?<=abcd)
+.sp
+there can be no backtracking for the .*+ item; it can match only the entire
+string. The subsequent lookbehind assertion does a single test on the last four
+characters. If it fails, the match fails immediately. For long strings, this
+approach makes a significant difference to the processing time.
+.
+.
+.SS "Using multiple assertions"
+.rs
+.sp
+Several assertions (of any sort) may occur in succession. For example,
+.sp
+  (?<=\ed{3})(?<!999)foo
+.sp
+matches "foo" preceded by three digits that are not "999". Notice that each of
+the assertions is applied independently at the same point in the subject
+string. First there is a check that the previous three characters are all
+digits, and then there is a check that the same three characters are not "999".
+This pattern does \fInot\fP match "foo" preceded by six characters, the first
+of which are digits and the last three of which are not "999". For example, it
+doesn't match "123abcfoo". A pattern to do that is
+.sp
+  (?<=\ed{3}...)(?<!999)foo
+.sp
+This time the first assertion looks at the preceding six characters, checking
+that the first three are digits, and then the second assertion checks that the
+preceding three characters are not "999".
+.P
+Assertions can be nested in any combination. For example,
+.sp
+  (?<=(?<!foo)bar)baz
+.sp
+matches an occurrence of "baz" that is preceded by "bar" which in turn is not
+preceded by "foo", while
+.sp
+  (?<=\ed{3}(?!999)...)foo
+.sp
+is another pattern that matches "foo" preceded by three digits and any three
+characters that are not "999".
+.
+.
+.\" HTML <a name="conditions"></a>
+.SH "CONDITIONAL SUBPATTERNS"
+.rs
+.sp
+It is possible to cause the matching process to obey a subpattern
+conditionally or to choose between two alternative subpatterns, depending on
+the result of an assertion, or whether a specific capturing subpattern has
+already been matched. The two possible forms of conditional subpattern are:
+.sp
+  (?(condition)yes-pattern)
+  (?(condition)yes-pattern|no-pattern)
+.sp
+If the condition is satisfied, the yes-pattern is used; otherwise the
+no-pattern (if present) is used. If there are more than two alternatives in the
+subpattern, a compile-time error occurs. Each of the two alternatives may
+itself contain nested subpatterns of any form, including conditional
+subpatterns; the restriction to two alternatives applies only at the level of
+the condition. This pattern fragment is an example where the alternatives are
+complex:
+.sp
+  (?(1) (A|B|C) | (D | (?(2)E|F) | E) )
+.sp
+.P
+There are four kinds of condition: references to subpatterns, references to
+recursion, a pseudo-condition called DEFINE, and assertions.
+.
+.SS "Checking for a used subpattern by number"
+.rs
+.sp
+If the text between the parentheses consists of a sequence of digits, the
+condition is true if a capturing subpattern of that number has previously
+matched. If there is more than one capturing subpattern with the same number
+(see the earlier
+.\"
+.\" HTML <a href="#recursion">
+.\" </a>
+section about duplicate subpattern numbers),
+.\"
+the condition is true if any of them have matched. An alternative notation is
+to precede the digits with a plus or minus sign. In this case, the subpattern
+number is relative rather than absolute. The most recently opened parentheses
+can be referenced by (?(-1), the next most recent by (?(-2), and so on. Inside
+loops it can also make sense to refer to subsequent groups. The next
+parentheses to be opened can be referenced as (?(+1), and so on. (The value
+zero in any of these forms is not used; it provokes a compile-time error.)
+.P
+Consider the following pattern, which contains non-significant white space to
+make it more readable (assume the PCRE_EXTENDED option) and to divide it into
+three parts for ease of discussion:
+.sp
+  ( \e( )?    [^()]+    (?(1) \e) )
+.sp
+The first part matches an optional opening parenthesis, and if that
+character is present, sets it as the first captured substring. The second part
+matches one or more characters that are not parentheses. The third part is a
+conditional subpattern that tests whether or not the first set of parentheses
+matched. If they did, that is, if subject started with an opening parenthesis,
+the condition is true, and so the yes-pattern is executed and a closing
+parenthesis is required. Otherwise, since no-pattern is not present, the
+subpattern matches nothing. In other words, this pattern matches a sequence of
+non-parentheses, optionally enclosed in parentheses.
+.P
+If you were embedding this pattern in a larger one, you could use a relative
+reference:
+.sp
+  ...other stuff... ( \e( )?    [^()]+    (?(-1) \e) ) ...
+.sp
+This makes the fragment independent of the parentheses in the larger pattern.
+.
+.SS "Checking for a used subpattern by name"
+.rs
+.sp
+Perl uses the syntax (?(<name>)...) or (?('name')...) to test for a used
+subpattern by name. For compatibility with earlier versions of PCRE, which had
+this facility before Perl, the syntax (?(name)...) is also recognized.
+.P
+Rewriting the above example to use a named subpattern gives this:
+.sp
+  (?<OPEN> \e( )?    [^()]+    (?(<OPEN>) \e) )
+.sp
+If the name used in a condition of this kind is a duplicate, the test is
+applied to all subpatterns of the same name, and is true if any one of them has
+matched.
+.
+.SS "Checking for pattern recursion"
+.rs
+.sp
+If the condition is the string (R), and there is no subpattern with the name R,
+the condition is true if a recursive call to the whole pattern or any
+subpattern has been made. If digits or a name preceded by ampersand follow the
+letter R, for example:
+.sp
+  (?(R3)...) or (?(R&name)...)
+.sp
+the condition is true if the most recent recursion is into a subpattern whose
+number or name is given. This condition does not check the entire recursion
+stack. If the name used in a condition of this kind is a duplicate, the test is
+applied to all subpatterns of the same name, and is true if any one of them is
+the most recent recursion.
+.P
+At "top level", all these recursion test conditions are false.
+.\" HTML <a href="#recursion">
+.\" </a>
+The syntax for recursive patterns
+.\"
+is described below.
+.
+.\" HTML <a name="subdefine"></a>
+.SS "Defining subpatterns for use by reference only"
+.rs
+.sp
+If the condition is the string (DEFINE), and there is no subpattern with the
+name DEFINE, the condition is always false. In this case, there may be only one
+alternative in the subpattern. It is always skipped if control reaches this
+point in the pattern; the idea of DEFINE is that it can be used to define
+subroutines that can be referenced from elsewhere. (The use of
+.\" HTML <a href="#subpatternsassubroutines">
+.\" </a>
+subroutines
+.\"
+is described below.) For example, a pattern to match an IPv4 address such as
+"192.168.23.245" could be written like this (ignore white space and line
+breaks):
+.sp
+  (?(DEFINE) (?<byte> 2[0-4]\ed | 25[0-5] | 1\ed\ed | [1-9]?\ed) )
+  \eb (?&byte) (\e.(?&byte)){3} \eb
+.sp
+The first part of the pattern is a DEFINE group inside which a another group
+named "byte" is defined. This matches an individual component of an IPv4
+address (a number less than 256). When matching takes place, this part of the
+pattern is skipped because DEFINE acts like a false condition. The rest of the
+pattern uses references to the named group to match the four dot-separated
+components of an IPv4 address, insisting on a word boundary at each end.
+.
+.SS "Assertion conditions"
+.rs
+.sp
+If the condition is not in any of the above formats, it must be an assertion.
+This may be a positive or negative lookahead or lookbehind assertion. Consider
+this pattern, again containing non-significant white space, and with the two
+alternatives on the second line:
+.sp
+  (?(?=[^a-z]*[a-z])
+  \ed{2}-[a-z]{3}-\ed{2}  |  \ed{2}-\ed{2}-\ed{2} )
+.sp
+The condition is a positive lookahead assertion that matches an optional
+sequence of non-letters followed by a letter. In other words, it tests for the
+presence of at least one letter in the subject. If a letter is found, the
+subject is matched against the first alternative; otherwise it is matched
+against the second. This pattern matches strings in one of the two forms
+dd-aaa-dd or dd-dd-dd, where aaa are letters and dd are digits.
+.
+.
+.\" HTML <a name="comments"></a>
+.SH COMMENTS
+.rs
+.sp
+There are two ways of including comments in patterns that are processed by
+PCRE. In both cases, the start of the comment must not be in a character class,
+nor in the middle of any other sequence of related characters such as (?: or a
+subpattern name or number. The characters that make up a comment play no part
+in the pattern matching.
+.P
+The sequence (?# marks the start of a comment that continues up to the next
+closing parenthesis. Nested parentheses are not permitted. If the PCRE_EXTENDED
+option is set, an unescaped # character also introduces a comment, which in
+this case continues to immediately after the next newline character or
+character sequence in the pattern. Which characters are interpreted as newlines
+is controlled by the options passed to a compiling function or by a special
+sequence at the start of the pattern, as described in the section entitled
+.\" HTML <a href="#newlines">
+.\" </a>
+"Newline conventions"
+.\"
+above. Note that the end of this type of comment is a literal newline sequence
+in the pattern; escape sequences that happen to represent a newline do not
+count. For example, consider this pattern when PCRE_EXTENDED is set, and the
+default newline convention is in force:
+.sp
+  abc #comment \en still comment
+.sp
+On encountering the # character, \fBpcre_compile()\fP skips along, looking for
+a newline in the pattern. The sequence \en is still literal at this stage, so
+it does not terminate the comment. Only an actual character with the code value
+0x0a (the default newline) does so.
+.
+.
+.\" HTML <a name="recursion"></a>
+.SH "RECURSIVE PATTERNS"
+.rs
+.sp
+Consider the problem of matching a string in parentheses, allowing for
+unlimited nested parentheses. Without the use of recursion, the best that can
+be done is to use a pattern that matches up to some fixed depth of nesting. It
+is not possible to handle an arbitrary nesting depth.
+.P
+For some time, Perl has provided a facility that allows regular expressions to
+recurse (amongst other things). It does this by interpolating Perl code in the
+expression at run time, and the code can refer to the expression itself. A Perl
+pattern using code interpolation to solve the parentheses problem can be
+created like this:
+.sp
+  $re = qr{\e( (?: (?>[^()]+) | (?p{$re}) )* \e)}x;
+.sp
+The (?p{...}) item interpolates Perl code at run time, and in this case refers
+recursively to the pattern in which it appears.
+.P
+Obviously, PCRE cannot support the interpolation of Perl code. Instead, it
+supports special syntax for recursion of the entire pattern, and also for
+individual subpattern recursion. After its introduction in PCRE and Python,
+this kind of recursion was subsequently introduced into Perl at release 5.10.
+.P
+A special item that consists of (? followed by a number greater than zero and a
+closing parenthesis is a recursive subroutine call of the subpattern of the
+given number, provided that it occurs inside that subpattern. (If not, it is a
+.\" HTML <a href="#subpatternsassubroutines">
+.\" </a>
+non-recursive subroutine
+.\"
+call, which is described in the next section.) The special item (?R) or (?0) is
+a recursive call of the entire regular expression.
+.P
+This PCRE pattern solves the nested parentheses problem (assume the
+PCRE_EXTENDED option is set so that white space is ignored):
+.sp
+  \e( ( [^()]++ | (?R) )* \e)
+.sp
+First it matches an opening parenthesis. Then it matches any number of
+substrings which can either be a sequence of non-parentheses, or a recursive
+match of the pattern itself (that is, a correctly parenthesized substring).
+Finally there is a closing parenthesis. Note the use of a possessive quantifier
+to avoid backtracking into sequences of non-parentheses.
+.P
+If this were part of a larger pattern, you would not want to recurse the entire
+pattern, so instead you could use this:
+.sp
+  ( \e( ( [^()]++ | (?1) )* \e) )
+.sp
+We have put the pattern into parentheses, and caused the recursion to refer to
+them instead of the whole pattern.
+.P
+In a larger pattern, keeping track of parenthesis numbers can be tricky. This
+is made easier by the use of relative references. Instead of (?1) in the
+pattern above you can write (?-2) to refer to the second most recently opened
+parentheses preceding the recursion. In other words, a negative number counts
+capturing parentheses leftwards from the point at which it is encountered.
+.P
+It is also possible to refer to subsequently opened parentheses, by writing
+references such as (?+2). However, these cannot be recursive because the
+reference is not inside the parentheses that are referenced. They are always
+.\" HTML <a href="#subpatternsassubroutines">
+.\" </a>
+non-recursive subroutine
+.\"
+calls, as described in the next section.
+.P
+An alternative approach is to use named parentheses instead. The Perl syntax
+for this is (?&name); PCRE's earlier syntax (?P>name) is also supported. We
+could rewrite the above example as follows:
+.sp
+  (?<pn> \e( ( [^()]++ | (?&pn) )* \e) )
+.sp
+If there is more than one subpattern with the same name, the earliest one is
+used.
+.P
+This particular example pattern that we have been looking at contains nested
+unlimited repeats, and so the use of a possessive quantifier for matching
+strings of non-parentheses is important when applying the pattern to strings
+that do not match. For example, when this pattern is applied to
+.sp
+  (aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa()
+.sp
+it yields "no match" quickly. However, if a possessive quantifier is not used,
+the match runs for a very long time indeed because there are so many different
+ways the + and * repeats can carve up the subject, and all have to be tested
+before failure can be reported.
+.P
+At the end of a match, the values of capturing parentheses are those from
+the outermost level. If you want to obtain intermediate values, a callout
+function can be used (see below and the
+.\" HREF
+\fBpcrecallout\fP
+.\"
+documentation). If the pattern above is matched against
+.sp
+  (ab(cd)ef)
+.sp
+the value for the inner capturing parentheses (numbered 2) is "ef", which is
+the last value taken on at the top level. If a capturing subpattern is not
+matched at the top level, its final captured value is unset, even if it was
+(temporarily) set at a deeper level during the matching process.
+.P
+If there are more than 15 capturing parentheses in a pattern, PCRE has to
+obtain extra memory to store data during a recursion, which it does by using
+\fBpcre_malloc\fP, freeing it via \fBpcre_free\fP afterwards. If no memory can
+be obtained, the match fails with the PCRE_ERROR_NOMEMORY error.
+.P
+Do not confuse the (?R) item with the condition (R), which tests for recursion.
+Consider this pattern, which matches text in angle brackets, allowing for
+arbitrary nesting. Only digits are allowed in nested brackets (that is, when
+recursing), whereas any characters are permitted at the outer level.
+.sp
+  < (?: (?(R) \ed++  | [^<>]*+) | (?R)) * >
+.sp
+In this pattern, (?(R) is the start of a conditional subpattern, with two
+different alternatives for the recursive and non-recursive cases. The (?R) item
+is the actual recursive call.
+.
+.
+.\" HTML <a name="recursiondifference"></a>
+.SS "Differences in recursion processing between PCRE and Perl"
+.rs
+.sp
+Recursion processing in PCRE differs from Perl in two important ways. In PCRE
+(like Python, but unlike Perl), a recursive subpattern call is always treated
+as an atomic group. That is, once it has matched some of the subject string, it
+is never re-entered, even if it contains untried alternatives and there is a
+subsequent matching failure. This can be illustrated by the following pattern,
+which purports to match a palindromic string that contains an odd number of
+characters (for example, "a", "aba", "abcba", "abcdcba"):
+.sp
+  ^(.|(.)(?1)\e2)$
+.sp
+The idea is that it either matches a single character, or two identical
+characters surrounding a sub-palindrome. In Perl, this pattern works; in PCRE
+it does not if the pattern is longer than three characters. Consider the
+subject string "abcba":
+.P
+At the top level, the first character is matched, but as it is not at the end
+of the string, the first alternative fails; the second alternative is taken
+and the recursion kicks in. The recursive call to subpattern 1 successfully
+matches the next character ("b"). (Note that the beginning and end of line
+tests are not part of the recursion).
+.P
+Back at the top level, the next character ("c") is compared with what
+subpattern 2 matched, which was "a". This fails. Because the recursion is
+treated as an atomic group, there are now no backtracking points, and so the
+entire match fails. (Perl is able, at this point, to re-enter the recursion and
+try the second alternative.) However, if the pattern is written with the
+alternatives in the other order, things are different:
+.sp
+  ^((.)(?1)\e2|.)$
+.sp
+This time, the recursing alternative is tried first, and continues to recurse
+until it runs out of characters, at which point the recursion fails. But this
+time we do have another alternative to try at the higher level. That is the big
+difference: in the previous case the remaining alternative is at a deeper
+recursion level, which PCRE cannot use.
+.P
+To change the pattern so that it matches all palindromic strings, not just
+those with an odd number of characters, it is tempting to change the pattern to
+this:
+.sp
+  ^((.)(?1)\e2|.?)$
+.sp
+Again, this works in Perl, but not in PCRE, and for the same reason. When a
+deeper recursion has matched a single character, it cannot be entered again in
+order to match an empty string. The solution is to separate the two cases, and
+write out the odd and even cases as alternatives at the higher level:
+.sp
+  ^(?:((.)(?1)\e2|)|((.)(?3)\e4|.))
+.sp
+If you want to match typical palindromic phrases, the pattern has to ignore all
+non-word characters, which can be done like this:
+.sp
+  ^\eW*+(?:((.)\eW*+(?1)\eW*+\e2|)|((.)\eW*+(?3)\eW*+\e4|\eW*+.\eW*+))\eW*+$
+.sp
+If run with the PCRE_CASELESS option, this pattern matches phrases such as "A
+man, a plan, a canal: Panama!" and it works well in both PCRE and Perl. Note
+the use of the possessive quantifier *+ to avoid backtracking into sequences of
+non-word characters. Without this, PCRE takes a great deal longer (ten times or
+more) to match typical phrases, and Perl takes so long that you think it has
+gone into a loop.
+.P
+\fBWARNING\fP: The palindrome-matching patterns above work only if the subject
+string does not start with a palindrome that is shorter than the entire string.
+For example, although "abcba" is correctly matched, if the subject is "ababa",
+PCRE finds the palindrome "aba" at the start, then fails at top level because
+the end of the string does not follow. Once again, it cannot jump back into the
+recursion to try other alternatives, so the entire match fails.
+.P
+The second way in which PCRE and Perl differ in their recursion processing is
+in the handling of captured values. In Perl, when a subpattern is called
+recursively or as a subpattern (see the next section), it has no access to any
+values that were captured outside the recursion, whereas in PCRE these values
+can be referenced. Consider this pattern:
+.sp
+  ^(.)(\e1|a(?2))
+.sp
+In PCRE, this pattern matches "bab". The first capturing parentheses match "b",
+then in the second group, when the back reference \e1 fails to match "b", the
+second alternative matches "a" and then recurses. In the recursion, \e1 does
+now match "b" and so the whole match succeeds. In Perl, the pattern fails to
+match because inside the recursive call \e1 cannot access the externally set
+value.
+.
+.
+.\" HTML <a name="subpatternsassubroutines"></a>
+.SH "SUBPATTERNS AS SUBROUTINES"
+.rs
+.sp
+If the syntax for a recursive subpattern call (either by number or by
+name) is used outside the parentheses to which it refers, it operates like a
+subroutine in a programming language. The called subpattern may be defined
+before or after the reference. A numbered reference can be absolute or
+relative, as in these examples:
+.sp
+  (...(absolute)...)...(?2)...
+  (...(relative)...)...(?-1)...
+  (...(?+1)...(relative)...
+.sp
+An earlier example pointed out that the pattern
+.sp
+  (sens|respons)e and \e1ibility
+.sp
+matches "sense and sensibility" and "response and responsibility", but not
+"sense and responsibility". If instead the pattern
+.sp
+  (sens|respons)e and (?1)ibility
+.sp
+is used, it does match "sense and responsibility" as well as the other two
+strings. Another example is given in the discussion of DEFINE above.
+.P
+All subroutine calls, whether recursive or not, are always treated as atomic
+groups. That is, once a subroutine has matched some of the subject string, it
+is never re-entered, even if it contains untried alternatives and there is a
+subsequent matching failure. Any capturing parentheses that are set during the
+subroutine call revert to their previous values afterwards.
+.P
+Processing options such as case-independence are fixed when a subpattern is
+defined, so if it is used as a subroutine, such options cannot be changed for
+different calls. For example, consider this pattern:
+.sp
+  (abc)(?i:(?-1))
+.sp
+It matches "abcabc". It does not match "abcABC" because the change of
+processing option does not affect the called subpattern.
+.
+.
+.\" HTML <a name="onigurumasubroutines"></a>
+.SH "ONIGURUMA SUBROUTINE SYNTAX"
+.rs
+.sp
+For compatibility with Oniguruma, the non-Perl syntax \eg followed by a name or
+a number enclosed either in angle brackets or single quotes, is an alternative
+syntax for referencing a subpattern as a subroutine, possibly recursively. Here
+are two of the examples used above, rewritten using this syntax:
+.sp
+  (?<pn> \e( ( (?>[^()]+) | \eg<pn> )* \e) )
+  (sens|respons)e and \eg'1'ibility
+.sp
+PCRE supports an extension to Oniguruma: if a number is preceded by a
+plus or a minus sign it is taken as a relative reference. For example:
+.sp
+  (abc)(?i:\eg<-1>)
+.sp
+Note that \eg{...} (Perl syntax) and \eg<...> (Oniguruma syntax) are \fInot\fP
+synonymous. The former is a back reference; the latter is a subroutine call.
+.
+.
+.SH CALLOUTS
+.rs
+.sp
+Perl has a feature whereby using the sequence (?{...}) causes arbitrary Perl
+code to be obeyed in the middle of matching a regular expression. This makes it
+possible, amongst other things, to extract different substrings that match the
+same pair of parentheses when there is a repetition.
+.P
+PCRE provides a similar feature, but of course it cannot obey arbitrary Perl
+code. The feature is called "callout". The caller of PCRE provides an external
+function by putting its entry point in the global variable \fIpcre_callout\fP
+(8-bit library) or \fIpcre[16|32]_callout\fP (16-bit or 32-bit library).
+By default, this variable contains NULL, which disables all calling out.
+.P
+Within a regular expression, (?C) indicates the points at which the external
+function is to be called. If you want to identify different callout points, you
+can put a number less than 256 after the letter C. The default value is zero.
+For example, this pattern has two callout points:
+.sp
+  (?C1)abc(?C2)def
+.sp
+If the PCRE_AUTO_CALLOUT flag is passed to a compiling function, callouts are
+automatically installed before each item in the pattern. They are all numbered
+255. If there is a conditional group in the pattern whose condition is an
+assertion, an additional callout is inserted just before the condition. An
+explicit callout may also be set at this position, as in this example:
+.sp
+  (?(?C9)(?=a)abc|def)
+.sp
+Note that this applies only to assertion conditions, not to other types of
+condition.
+.P
+During matching, when PCRE reaches a callout point, the external function is
+called. It is provided with the number of the callout, the position in the
+pattern, and, optionally, one item of data originally supplied by the caller of
+the matching function. The callout function may cause matching to proceed, to
+backtrack, or to fail altogether.
+.P
+By default, PCRE implements a number of optimizations at compile time and
+matching time, and one side-effect is that sometimes callouts are skipped. If
+you need all possible callouts to happen, you need to set options that disable
+the relevant optimizations. More details, and a complete description of the
+interface to the callout function, are given in the
+.\" HREF
+\fBpcrecallout\fP
+.\"
+documentation.
+.
+.
+.\" HTML <a name="backtrackcontrol"></a>
+.SH "BACKTRACKING CONTROL"
+.rs
+.sp
+Perl 5.10 introduced a number of "Special Backtracking Control Verbs", which
+are still described in the Perl documentation as "experimental and subject to
+change or removal in a future version of Perl". It goes on to say: "Their usage
+in production code should be noted to avoid problems during upgrades." The same
+remarks apply to the PCRE features described in this section.
+.P
+The new verbs make use of what was previously invalid syntax: an opening
+parenthesis followed by an asterisk. They are generally of the form
+(*VERB) or (*VERB:NAME). Some may take either form, possibly behaving
+differently depending on whether or not a name is present. A name is any
+sequence of characters that does not include a closing parenthesis. The maximum
+length of name is 255 in the 8-bit library and 65535 in the 16-bit and 32-bit
+libraries. If the name is empty, that is, if the closing parenthesis
+immediately follows the colon, the effect is as if the colon were not there.
+Any number of these verbs may occur in a pattern.
+.P
+Since these verbs are specifically related to backtracking, most of them can be
+used only when the pattern is to be matched using one of the traditional
+matching functions, because these use a backtracking algorithm. With the
+exception of (*FAIL), which behaves like a failing negative assertion, the
+backtracking control verbs cause an error if encountered by a DFA matching
+function.
+.P
+The behaviour of these verbs in
+.\" HTML <a href="#btrepeat">
+.\" </a>
+repeated groups,
+.\"
+.\" HTML <a href="#btassert">
+.\" </a>
+assertions,
+.\"
+and in
+.\" HTML <a href="#btsub">
+.\" </a>
+subpatterns called as subroutines
+.\"
+(whether or not recursively) is documented below.
+.
+.
+.\" HTML <a name="nooptimize"></a>
+.SS "Optimizations that affect backtracking verbs"
+.rs
+.sp
+PCRE contains some optimizations that are used to speed up matching by running
+some checks at the start of each match attempt. For example, it may know the
+minimum length of matching subject, or that a particular character must be
+present. When one of these optimizations bypasses the running of a match, any
+included backtracking verbs will not, of course, be processed. You can suppress
+the start-of-match optimizations by setting the PCRE_NO_START_OPTIMIZE option
+when calling \fBpcre_compile()\fP or \fBpcre_exec()\fP, or by starting the
+pattern with (*NO_START_OPT). There is more discussion of this option in the
+section entitled
+.\" HTML <a href="pcreapi.html#execoptions">
+.\" </a>
+"Option bits for \fBpcre_exec()\fP"
+.\"
+in the
+.\" HREF
+\fBpcreapi\fP
+.\"
+documentation.
+.P
+Experiments with Perl suggest that it too has similar optimizations, sometimes
+leading to anomalous results.
+.
+.
+.SS "Verbs that act immediately"
+.rs
+.sp
+The following verbs act as soon as they are encountered. They may not be
+followed by a name.
+.sp
+   (*ACCEPT)
+.sp
+This verb causes the match to end successfully, skipping the remainder of the
+pattern. However, when it is inside a subpattern that is called as a
+subroutine, only that subpattern is ended successfully. Matching then continues
+at the outer level. If (*ACCEPT) in triggered in a positive assertion, the
+assertion succeeds; in a negative assertion, the assertion fails.
+.P
+If (*ACCEPT) is inside capturing parentheses, the data so far is captured. For
+example:
+.sp
+  A((?:A|B(*ACCEPT)|C)D)
+.sp
+This matches "AB", "AAD", or "ACD"; when it matches "AB", "B" is captured by
+the outer parentheses.
+.sp
+  (*FAIL) or (*F)
+.sp
+This verb causes a matching failure, forcing backtracking to occur. It is
+equivalent to (?!) but easier to read. The Perl documentation notes that it is
+probably useful only when combined with (?{}) or (??{}). Those are, of course,
+Perl features that are not present in PCRE. The nearest equivalent is the
+callout feature, as for example in this pattern:
+.sp
+  a+(?C)(*FAIL)
+.sp
+A match with the string "aaaa" always fails, but the callout is taken before
+each backtrack happens (in this example, 10 times).
+.
+.
+.SS "Recording which path was taken"
+.rs
+.sp
+There is one verb whose main purpose is to track how a match was arrived at,
+though it also has a secondary use in conjunction with advancing the match
+starting point (see (*SKIP) below).
+.sp
+  (*MARK:NAME) or (*:NAME)
+.sp
+A name is always required with this verb. There may be as many instances of
+(*MARK) as you like in a pattern, and their names do not have to be unique.
+.P
+When a match succeeds, the name of the last-encountered (*MARK:NAME),
+(*PRUNE:NAME), or (*THEN:NAME) on the matching path is passed back to the
+caller as described in the section entitled
+.\" HTML <a href="pcreapi.html#extradata">
+.\" </a>
+"Extra data for \fBpcre_exec()\fP"
+.\"
+in the
+.\" HREF
+\fBpcreapi\fP
+.\"
+documentation. Here is an example of \fBpcretest\fP output, where the /K
+modifier requests the retrieval and outputting of (*MARK) data:
+.sp
+    re> /X(*MARK:A)Y|X(*MARK:B)Z/K
+  data> XY
+   0: XY
+  MK: A
+  XZ
+   0: XZ
+  MK: B
+.sp
+The (*MARK) name is tagged with "MK:" in this output, and in this example it
+indicates which of the two alternatives matched. This is a more efficient way
+of obtaining this information than putting each alternative in its own
+capturing parentheses.
+.P
+If a verb with a name is encountered in a positive assertion that is true, the
+name is recorded and passed back if it is the last-encountered. This does not
+happen for negative assertions or failing positive assertions.
+.P
+After a partial match or a failed match, the last encountered name in the
+entire match process is returned. For example:
+.sp
+    re> /X(*MARK:A)Y|X(*MARK:B)Z/K
+  data> XP
+  No match, mark = B
+.sp
+Note that in this unanchored example the mark is retained from the match
+attempt that started at the letter "X" in the subject. Subsequent match
+attempts starting at "P" and then with an empty string do not get as far as the
+(*MARK) item, but nevertheless do not reset it.
+.P
+If you are interested in (*MARK) values after failed matches, you should
+probably set the PCRE_NO_START_OPTIMIZE option
+.\" HTML <a href="#nooptimize">
+.\" </a>
+(see above)
+.\"
+to ensure that the match is always attempted.
+.
+.
+.SS "Verbs that act after backtracking"
+.rs
+.sp
+The following verbs do nothing when they are encountered. Matching continues
+with what follows, but if there is no subsequent match, causing a backtrack to
+the verb, a failure is forced. That is, backtracking cannot pass to the left of
+the verb. However, when one of these verbs appears inside an atomic group or an
+assertion that is true, its effect is confined to that group, because once the
+group has been matched, there is never any backtracking into it. In this
+situation, backtracking can "jump back" to the left of the entire atomic group
+or assertion. (Remember also, as stated above, that this localization also
+applies in subroutine calls.)
+.P
+These verbs differ in exactly what kind of failure occurs when backtracking
+reaches them. The behaviour described below is what happens when the verb is
+not in a subroutine or an assertion. Subsequent sections cover these special
+cases.
+.sp
+  (*COMMIT)
+.sp
+This verb, which may not be followed by a name, causes the whole match to fail
+outright if there is a later matching failure that causes backtracking to reach
+it. Even if the pattern is unanchored, no further attempts to find a match by
+advancing the starting point take place. If (*COMMIT) is the only backtracking
+verb that is encountered, once it has been passed \fBpcre_exec()\fP is
+committed to finding a match at the current starting point, or not at all. For
+example:
+.sp
+  a+(*COMMIT)b
+.sp
+This matches "xxaab" but not "aacaab". It can be thought of as a kind of
+dynamic anchor, or "I've started, so I must finish." The name of the most
+recently passed (*MARK) in the path is passed back when (*COMMIT) forces a
+match failure.
+.P
+If there is more than one backtracking verb in a pattern, a different one that
+follows (*COMMIT) may be triggered first, so merely passing (*COMMIT) during a
+match does not always guarantee that a match must be at this starting point.
+.P
+Note that (*COMMIT) at the start of a pattern is not the same as an anchor,
+unless PCRE's start-of-match optimizations are turned off, as shown in this
+output from \fBpcretest\fP:
+.sp
+    re> /(*COMMIT)abc/
+  data> xyzabc
+   0: abc
+  data> xyzabc\eY
+  No match
+.sp
+For this pattern, PCRE knows that any match must start with "a", so the
+optimization skips along the subject to "a" before applying the pattern to the
+first set of data. The match attempt then succeeds. In the second set of data,
+the escape sequence \eY is interpreted by the \fBpcretest\fP program. It causes
+the PCRE_NO_START_OPTIMIZE option to be set when \fBpcre_exec()\fP is called.
+This disables the optimization that skips along to the first character. The
+pattern is now applied starting at "x", and so the (*COMMIT) causes the match
+to fail without trying any other starting points.
+.sp
+  (*PRUNE) or (*PRUNE:NAME)
+.sp
+This verb causes the match to fail at the current starting position in the
+subject if there is a later matching failure that causes backtracking to reach
+it. If the pattern is unanchored, the normal "bumpalong" advance to the next
+starting character then happens. Backtracking can occur as usual to the left of
+(*PRUNE), before it is reached, or when matching to the right of (*PRUNE), but
+if there is no match to the right, backtracking cannot cross (*PRUNE). In
+simple cases, the use of (*PRUNE) is just an alternative to an atomic group or
+possessive quantifier, but there are some uses of (*PRUNE) that cannot be
+expressed in any other way. In an anchored pattern (*PRUNE) has the same effect
+as (*COMMIT).
+.P
+The behaviour of (*PRUNE:NAME) is the not the same as (*MARK:NAME)(*PRUNE).
+It is like (*MARK:NAME) in that the name is remembered for passing back to the
+caller. However, (*SKIP:NAME) searches only for names set with (*MARK).
+.sp
+  (*SKIP)
+.sp
+This verb, when given without a name, is like (*PRUNE), except that if the
+pattern is unanchored, the "bumpalong" advance is not to the next character,
+but to the position in the subject where (*SKIP) was encountered. (*SKIP)
+signifies that whatever text was matched leading up to it cannot be part of a
+successful match. Consider:
+.sp
+  a+(*SKIP)b
+.sp
+If the subject is "aaaac...", after the first match attempt fails (starting at
+the first character in the string), the starting point skips on to start the
+next attempt at "c". Note that a possessive quantifer does not have the same
+effect as this example; although it would suppress backtracking during the
+first match attempt, the second attempt would start at the second character
+instead of skipping on to "c".
+.sp
+  (*SKIP:NAME)
+.sp
+When (*SKIP) has an associated name, its behaviour is modified. When it is
+triggered, the previous path through the pattern is searched for the most
+recent (*MARK) that has the same name. If one is found, the "bumpalong" advance
+is to the subject position that corresponds to that (*MARK) instead of to where
+(*SKIP) was encountered. If no (*MARK) with a matching name is found, the
+(*SKIP) is ignored.
+.P
+Note that (*SKIP:NAME) searches only for names set by (*MARK:NAME). It ignores
+names that are set by (*PRUNE:NAME) or (*THEN:NAME).
+.sp
+  (*THEN) or (*THEN:NAME)
+.sp
+This verb causes a skip to the next innermost alternative when backtracking
+reaches it. That is, it cancels any further backtracking within the current
+alternative. Its name comes from the observation that it can be used for a
+pattern-based if-then-else block:
+.sp
+  ( COND1 (*THEN) FOO | COND2 (*THEN) BAR | COND3 (*THEN) BAZ ) ...
+.sp
+If the COND1 pattern matches, FOO is tried (and possibly further items after
+the end of the group if FOO succeeds); on failure, the matcher skips to the
+second alternative and tries COND2, without backtracking into COND1. If that
+succeeds and BAR fails, COND3 is tried. If subsequently BAZ fails, there are no
+more alternatives, so there is a backtrack to whatever came before the entire
+group. If (*THEN) is not inside an alternation, it acts like (*PRUNE).
+.P
+The behaviour of (*THEN:NAME) is the not the same as (*MARK:NAME)(*THEN).
+It is like (*MARK:NAME) in that the name is remembered for passing back to the
+caller. However, (*SKIP:NAME) searches only for names set with (*MARK).
+.P
+A subpattern that does not contain a | character is just a part of the
+enclosing alternative; it is not a nested alternation with only one
+alternative. The effect of (*THEN) extends beyond such a subpattern to the
+enclosing alternative. Consider this pattern, where A, B, etc. are complex
+pattern fragments that do not contain any | characters at this level:
+.sp
+  A (B(*THEN)C) | D
+.sp
+If A and B are matched, but there is a failure in C, matching does not
+backtrack into A; instead it moves to the next alternative, that is, D.
+However, if the subpattern containing (*THEN) is given an alternative, it
+behaves differently:
+.sp
+  A (B(*THEN)C | (*FAIL)) | D
+.sp
+The effect of (*THEN) is now confined to the inner subpattern. After a failure
+in C, matching moves to (*FAIL), which causes the whole subpattern to fail
+because there are no more alternatives to try. In this case, matching does now
+backtrack into A.
+.P
+Note that a conditional subpattern is not considered as having two
+alternatives, because only one is ever used. In other words, the | character in
+a conditional subpattern has a different meaning. Ignoring white space,
+consider:
+.sp
+  ^.*? (?(?=a) a | b(*THEN)c )
+.sp
+If the subject is "ba", this pattern does not match. Because .*? is ungreedy,
+it initially matches zero characters. The condition (?=a) then fails, the
+character "b" is matched, but "c" is not. At this point, matching does not
+backtrack to .*? as might perhaps be expected from the presence of the |
+character. The conditional subpattern is part of the single alternative that
+comprises the whole pattern, and so the match fails. (If there was a backtrack
+into .*?, allowing it to match "b", the match would succeed.)
+.P
+The verbs just described provide four different "strengths" of control when
+subsequent matching fails. (*THEN) is the weakest, carrying on the match at the
+next alternative. (*PRUNE) comes next, failing the match at the current
+starting position, but allowing an advance to the next character (for an
+unanchored pattern). (*SKIP) is similar, except that the advance may be more
+than one character. (*COMMIT) is the strongest, causing the entire match to
+fail.
+.
+.
+.SS "More than one backtracking verb"
+.rs
+.sp
+If more than one backtracking verb is present in a pattern, the one that is
+backtracked onto first acts. For example, consider this pattern, where A, B,
+etc. are complex pattern fragments:
+.sp
+  (A(*COMMIT)B(*THEN)C|ABD)
+.sp
+If A matches but B fails, the backtrack to (*COMMIT) causes the entire match to
+fail. However, if A and B match, but C fails, the backtrack to (*THEN) causes
+the next alternative (ABD) to be tried. This behaviour is consistent, but is
+not always the same as Perl's. It means that if two or more backtracking verbs
+appear in succession, all the the last of them has no effect. Consider this
+example:
+.sp
+  ...(*COMMIT)(*PRUNE)...
+.sp
+If there is a matching failure to the right, backtracking onto (*PRUNE) causes
+it to be triggered, and its action is taken. There can never be a backtrack
+onto (*COMMIT).
+.
+.
+.\" HTML <a name="btrepeat"></a>
+.SS "Backtracking verbs in repeated groups"
+.rs
+.sp
+PCRE differs from Perl in its handling of backtracking verbs in repeated
+groups. For example, consider:
+.sp
+  /(a(*COMMIT)b)+ac/
+.sp
+If the subject is "abac", Perl matches, but PCRE fails because the (*COMMIT) in
+the second repeat of the group acts.
+.
+.
+.\" HTML <a name="btassert"></a>
+.SS "Backtracking verbs in assertions"
+.rs
+.sp
+(*FAIL) in an assertion has its normal effect: it forces an immediate backtrack.
+.P
+(*ACCEPT) in a positive assertion causes the assertion to succeed without any
+further processing. In a negative assertion, (*ACCEPT) causes the assertion to
+fail without any further processing.
+.P
+The other backtracking verbs are not treated specially if they appear in a
+positive assertion. In particular, (*THEN) skips to the next alternative in the
+innermost enclosing group that has alternations, whether or not this is within
+the assertion.
+.P
+Negative assertions are, however, different, in order to ensure that changing a
+positive assertion into a negative assertion changes its result. Backtracking
+into (*COMMIT), (*SKIP), or (*PRUNE) causes a negative assertion to be true,
+without considering any further alternative branches in the assertion.
+Backtracking into (*THEN) causes it to skip to the next enclosing alternative
+within the assertion (the normal behaviour), but if the assertion does not have
+such an alternative, (*THEN) behaves like (*PRUNE).
+.
+.
+.\" HTML <a name="btsub"></a>
+.SS "Backtracking verbs in subroutines"
+.rs
+.sp
+These behaviours occur whether or not the subpattern is called recursively.
+Perl's treatment of subroutines is different in some cases.
+.P
+(*FAIL) in a subpattern called as a subroutine has its normal effect: it forces
+an immediate backtrack.
+.P
+(*ACCEPT) in a subpattern called as a subroutine causes the subroutine match to
+succeed without any further processing. Matching then continues after the
+subroutine call.
+.P
+(*COMMIT), (*SKIP), and (*PRUNE) in a subpattern called as a subroutine cause
+the subroutine match to fail.
+.P
+(*THEN) skips to the next alternative in the innermost enclosing group within
+the subpattern that has alternatives. If there is no such group within the
+subpattern, (*THEN) causes the subroutine match to fail.
+.
+.
+.SH "SEE ALSO"
+.rs
+.sp
+\fBpcreapi\fP(3), \fBpcrecallout\fP(3), \fBpcrematching\fP(3),
+\fBpcresyntax\fP(3), \fBpcre\fP(3), \fBpcre16(3)\fP, \fBpcre32(3)\fP.
+.
+.
+.SH AUTHOR
+.rs
+.sp
+.nf
+Philip Hazel
+University Computing Service
+Cambridge CB2 3QH, England.
+.fi
+.
+.
+.SH REVISION
+.rs
+.sp
+.nf
+Last updated: 23 October 2016
+Copyright (c) 1997-2016 University of Cambridge.
+.fi
diff --git a/client/3rd/ShadowSocks/ShadowSocks/pcre/armv7/share/man/man3/pcreperform.3 b/client/3rd/ShadowSocks/ShadowSocks/pcre/armv7/share/man/man3/pcreperform.3
new file mode 100644
index 00000000..fb2aa959
--- /dev/null
+++ b/client/3rd/ShadowSocks/ShadowSocks/pcre/armv7/share/man/man3/pcreperform.3
@@ -0,0 +1,177 @@
+.TH PCREPERFORM 3 "09 January 2012" "PCRE 8.30"
+.SH NAME
+PCRE - Perl-compatible regular expressions
+.SH "PCRE PERFORMANCE"
+.rs
+.sp
+Two aspects of performance are discussed below: memory usage and processing
+time. The way you express your pattern as a regular expression can affect both
+of them.
+.
+.SH "COMPILED PATTERN MEMORY USAGE"
+.rs
+.sp
+Patterns are compiled by PCRE into a reasonably efficient interpretive code, so
+that most simple patterns do not use much memory. However, there is one case
+where the memory usage of a compiled pattern can be unexpectedly large. If a
+parenthesized subpattern has a quantifier with a minimum greater than 1 and/or
+a limited maximum, the whole subpattern is repeated in the compiled code. For
+example, the pattern
+.sp
+  (abc|def){2,4}
+.sp
+is compiled as if it were
+.sp
+  (abc|def)(abc|def)((abc|def)(abc|def)?)?
+.sp
+(Technical aside: It is done this way so that backtrack points within each of
+the repetitions can be independently maintained.)
+.P
+For regular expressions whose quantifiers use only small numbers, this is not
+usually a problem. However, if the numbers are large, and particularly if such
+repetitions are nested, the memory usage can become an embarrassment. For
+example, the very simple pattern
+.sp
+  ((ab){1,1000}c){1,3}
+.sp
+uses 51K bytes when compiled using the 8-bit library. When PCRE is compiled
+with its default internal pointer size of two bytes, the size limit on a
+compiled pattern is 64K data units, and this is reached with the above pattern
+if the outer repetition is increased from 3 to 4. PCRE can be compiled to use
+larger internal pointers and thus handle larger compiled patterns, but it is
+better to try to rewrite your pattern to use less memory if you can.
+.P
+One way of reducing the memory usage for such patterns is to make use of PCRE's
+.\" HTML <a href="pcrepattern.html#subpatternsassubroutines">
+.\" </a>
+"subroutine"
+.\"
+facility. Re-writing the above pattern as
+.sp
+  ((ab)(?2){0,999}c)(?1){0,2}
+.sp
+reduces the memory requirements to 18K, and indeed it remains under 20K even
+with the outer repetition increased to 100. However, this pattern is not
+exactly equivalent, because the "subroutine" calls are treated as
+.\" HTML <a href="pcrepattern.html#atomicgroup">
+.\" </a>
+atomic groups
+.\"
+into which there can be no backtracking if there is a subsequent matching
+failure. Therefore, PCRE cannot do this kind of rewriting automatically.
+Furthermore, there is a noticeable loss of speed when executing the modified
+pattern. Nevertheless, if the atomic grouping is not a problem and the loss of
+speed is acceptable, this kind of rewriting will allow you to process patterns
+that PCRE cannot otherwise handle.
+.
+.
+.SH "STACK USAGE AT RUN TIME"
+.rs
+.sp
+When \fBpcre_exec()\fP or \fBpcre[16|32]_exec()\fP is used for matching, certain
+kinds of pattern can cause it to use large amounts of the process stack. In
+some environments the default process stack is quite small, and if it runs out
+the result is often SIGSEGV. This issue is probably the most frequently raised
+problem with PCRE. Rewriting your pattern can often help. The
+.\" HREF
+\fBpcrestack\fP
+.\"
+documentation discusses this issue in detail.
+.
+.
+.SH "PROCESSING TIME"
+.rs
+.sp
+Certain items in regular expression patterns are processed more efficiently
+than others. It is more efficient to use a character class like [aeiou] than a
+set of single-character alternatives such as (a|e|i|o|u). In general, the
+simplest construction that provides the required behaviour is usually the most
+efficient. Jeffrey Friedl's book contains a lot of useful general discussion
+about optimizing regular expressions for efficient performance. This document
+contains a few observations about PCRE.
+.P
+Using Unicode character properties (the \ep, \eP, and \eX escapes) is slow,
+because PCRE has to use a multi-stage table lookup whenever it needs a
+character's property. If you can find an alternative pattern that does not use
+character properties, it will probably be faster.
+.P
+By default, the escape sequences \eb, \ed, \es, and \ew, and the POSIX
+character classes such as [:alpha:] do not use Unicode properties, partly for
+backwards compatibility, and partly for performance reasons. However, you can
+set PCRE_UCP if you want Unicode character properties to be used. This can
+double the matching time for items such as \ed, when matched with
+a traditional matching function; the performance loss is less with
+a DFA matching function, and in both cases there is not much difference for
+\eb.
+.P
+When a pattern begins with .* not in parentheses, or in parentheses that are
+not the subject of a backreference, and the PCRE_DOTALL option is set, the
+pattern is implicitly anchored by PCRE, since it can match only at the start of
+a subject string. However, if PCRE_DOTALL is not set, PCRE cannot make this
+optimization, because the . metacharacter does not then match a newline, and if
+the subject string contains newlines, the pattern may match from the character
+immediately following one of them instead of from the very start. For example,
+the pattern
+.sp
+  .*second
+.sp
+matches the subject "first\enand second" (where \en stands for a newline
+character), with the match starting at the seventh character. In order to do
+this, PCRE has to retry the match starting after every newline in the subject.
+.P
+If you are using such a pattern with subject strings that do not contain
+newlines, the best performance is obtained by setting PCRE_DOTALL, or starting
+the pattern with ^.* or ^.*? to indicate explicit anchoring. That saves PCRE
+from having to scan along the subject looking for a newline to restart at.
+.P
+Beware of patterns that contain nested indefinite repeats. These can take a
+long time to run when applied to a string that does not match. Consider the
+pattern fragment
+.sp
+  ^(a+)*
+.sp
+This can match "aaaa" in 16 different ways, and this number increases very
+rapidly as the string gets longer. (The * repeat can match 0, 1, 2, 3, or 4
+times, and for each of those cases other than 0 or 4, the + repeats can match
+different numbers of times.) When the remainder of the pattern is such that the
+entire match is going to fail, PCRE has in principle to try every possible
+variation, and this can take an extremely long time, even for relatively short
+strings.
+.P
+An optimization catches some of the more simple cases such as
+.sp
+  (a+)*b
+.sp
+where a literal character follows. Before embarking on the standard matching
+procedure, PCRE checks that there is a "b" later in the subject string, and if
+there is not, it fails the match immediately. However, when there is no
+following literal this optimization cannot be used. You can see the difference
+by comparing the behaviour of
+.sp
+  (a+)*\ed
+.sp
+with the pattern above. The former gives a failure almost instantly when
+applied to a whole line of "a" characters, whereas the latter takes an
+appreciable time with strings longer than about 20 characters.
+.P
+In many cases, the solution to this kind of performance issue is to use an
+atomic group or a possessive quantifier.
+.
+.
+.SH AUTHOR
+.rs
+.sp
+.nf
+Philip Hazel
+University Computing Service
+Cambridge CB2 3QH, England.
+.fi
+.
+.
+.SH REVISION
+.rs
+.sp
+.nf
+Last updated: 25 August 2012
+Copyright (c) 1997-2012 University of Cambridge.
+.fi
diff --git a/client/3rd/ShadowSocks/ShadowSocks/pcre/armv7/share/man/man3/pcreposix.3 b/client/3rd/ShadowSocks/ShadowSocks/pcre/armv7/share/man/man3/pcreposix.3
new file mode 100644
index 00000000..77890f36
--- /dev/null
+++ b/client/3rd/ShadowSocks/ShadowSocks/pcre/armv7/share/man/man3/pcreposix.3
@@ -0,0 +1,267 @@
+.TH PCREPOSIX 3 "09 January 2012" "PCRE 8.30"
+.SH NAME
+PCRE - Perl-compatible regular expressions.
+.SH "SYNOPSIS"
+.rs
+.sp
+.B #include <pcreposix.h>
+.PP
+.nf
+.B int regcomp(regex_t *\fIpreg\fP, const char *\fIpattern\fP,
+.B "     int \fIcflags\fP);"
+.sp
+.B int regexec(regex_t *\fIpreg\fP, const char *\fIstring\fP,
+.B "     size_t \fInmatch\fP, regmatch_t \fIpmatch\fP[], int \fIeflags\fP);"
+.B "     size_t regerror(int \fIerrcode\fP, const regex_t *\fIpreg\fP,"
+.B "     char *\fIerrbuf\fP, size_t \fIerrbuf_size\fP);"
+.sp
+.B void regfree(regex_t *\fIpreg\fP);
+.fi
+.
+.SH DESCRIPTION
+.rs
+.sp
+This set of functions provides a POSIX-style API for the PCRE regular
+expression 8-bit library. See the
+.\" HREF
+\fBpcreapi\fP
+.\"
+documentation for a description of PCRE's native API, which contains much
+additional functionality. There is no POSIX-style wrapper for PCRE's 16-bit
+and 32-bit library.
+.P
+The functions described here are just wrapper functions that ultimately call
+the PCRE native API. Their prototypes are defined in the \fBpcreposix.h\fP
+header file, and on Unix systems the library itself is called
+\fBpcreposix.a\fP, so can be accessed by adding \fB-lpcreposix\fP to the
+command for linking an application that uses them. Because the POSIX functions
+call the native ones, it is also necessary to add \fB-lpcre\fP.
+.P
+I have implemented only those POSIX option bits that can be reasonably mapped
+to PCRE native options. In addition, the option REG_EXTENDED is defined with
+the value zero. This has no effect, but since programs that are written to the
+POSIX interface often use it, this makes it easier to slot in PCRE as a
+replacement library. Other POSIX options are not even defined.
+.P
+There are also some other options that are not defined by POSIX. These have
+been added at the request of users who want to make use of certain
+PCRE-specific features via the POSIX calling interface.
+.P
+When PCRE is called via these functions, it is only the API that is POSIX-like
+in style. The syntax and semantics of the regular expressions themselves are
+still those of Perl, subject to the setting of various PCRE options, as
+described below. "POSIX-like in style" means that the API approximates to the
+POSIX definition; it is not fully POSIX-compatible, and in multi-byte encoding
+domains it is probably even less compatible.
+.P
+The header for these functions is supplied as \fBpcreposix.h\fP to avoid any
+potential clash with other POSIX libraries. It can, of course, be renamed or
+aliased as \fBregex.h\fP, which is the "correct" name. It provides two
+structure types, \fIregex_t\fP for compiled internal forms, and
+\fIregmatch_t\fP for returning captured substrings. It also defines some
+constants whose names start with "REG_"; these are used for setting options and
+identifying error codes.
+.
+.
+.SH "COMPILING A PATTERN"
+.rs
+.sp
+The function \fBregcomp()\fP is called to compile a pattern into an
+internal form. The pattern is a C string terminated by a binary zero, and
+is passed in the argument \fIpattern\fP. The \fIpreg\fP argument is a pointer
+to a \fBregex_t\fP structure that is used as a base for storing information
+about the compiled regular expression.
+.P
+The argument \fIcflags\fP is either zero, or contains one or more of the bits
+defined by the following macros:
+.sp
+  REG_DOTALL
+.sp
+The PCRE_DOTALL option is set when the regular expression is passed for
+compilation to the native function. Note that REG_DOTALL is not part of the
+POSIX standard.
+.sp
+  REG_ICASE
+.sp
+The PCRE_CASELESS option is set when the regular expression is passed for
+compilation to the native function.
+.sp
+  REG_NEWLINE
+.sp
+The PCRE_MULTILINE option is set when the regular expression is passed for
+compilation to the native function. Note that this does \fInot\fP mimic the
+defined POSIX behaviour for REG_NEWLINE (see the following section).
+.sp
+  REG_NOSUB
+.sp
+The PCRE_NO_AUTO_CAPTURE option is set when the regular expression is passed
+for compilation to the native function. In addition, when a pattern that is
+compiled with this flag is passed to \fBregexec()\fP for matching, the
+\fInmatch\fP and \fIpmatch\fP arguments are ignored, and no captured strings
+are returned.
+.sp
+  REG_UCP
+.sp
+The PCRE_UCP option is set when the regular expression is passed for
+compilation to the native function. This causes PCRE to use Unicode properties
+when matchine \ed, \ew, etc., instead of just recognizing ASCII values. Note
+that REG_UTF8 is not part of the POSIX standard.
+.sp
+  REG_UNGREEDY
+.sp
+The PCRE_UNGREEDY option is set when the regular expression is passed for
+compilation to the native function. Note that REG_UNGREEDY is not part of the
+POSIX standard.
+.sp
+  REG_UTF8
+.sp
+The PCRE_UTF8 option is set when the regular expression is passed for
+compilation to the native function. This causes the pattern itself and all data
+strings used for matching it to be treated as UTF-8 strings. Note that REG_UTF8
+is not part of the POSIX standard.
+.P
+In the absence of these flags, no options are passed to the native function.
+This means the the regex is compiled with PCRE default semantics. In
+particular, the way it handles newline characters in the subject string is the
+Perl way, not the POSIX way. Note that setting PCRE_MULTILINE has only
+\fIsome\fP of the effects specified for REG_NEWLINE. It does not affect the way
+newlines are matched by . (they are not) or by a negative class such as [^a]
+(they are).
+.P
+The yield of \fBregcomp()\fP is zero on success, and non-zero otherwise. The
+\fIpreg\fP structure is filled in on success, and one member of the structure
+is public: \fIre_nsub\fP contains the number of capturing subpatterns in
+the regular expression. Various error codes are defined in the header file.
+.P
+NOTE: If the yield of \fBregcomp()\fP is non-zero, you must not attempt to
+use the contents of the \fIpreg\fP structure. If, for example, you pass it to
+\fBregexec()\fP, the result is undefined and your program is likely to crash.
+.
+.
+.SH "MATCHING NEWLINE CHARACTERS"
+.rs
+.sp
+This area is not simple, because POSIX and Perl take different views of things.
+It is not possible to get PCRE to obey POSIX semantics, but then PCRE was never
+intended to be a POSIX engine. The following table lists the different
+possibilities for matching newline characters in PCRE:
+.sp
+                          Default   Change with
+.sp
+  . matches newline          no     PCRE_DOTALL
+  newline matches [^a]       yes    not changeable
+  $ matches \en at end        yes    PCRE_DOLLARENDONLY
+  $ matches \en in middle     no     PCRE_MULTILINE
+  ^ matches \en in middle     no     PCRE_MULTILINE
+.sp
+This is the equivalent table for POSIX:
+.sp
+                          Default   Change with
+.sp
+  . matches newline          yes    REG_NEWLINE
+  newline matches [^a]       yes    REG_NEWLINE
+  $ matches \en at end        no     REG_NEWLINE
+  $ matches \en in middle     no     REG_NEWLINE
+  ^ matches \en in middle     no     REG_NEWLINE
+.sp
+PCRE's behaviour is the same as Perl's, except that there is no equivalent for
+PCRE_DOLLAR_ENDONLY in Perl. In both PCRE and Perl, there is no way to stop
+newline from matching [^a].
+.P
+The default POSIX newline handling can be obtained by setting PCRE_DOTALL and
+PCRE_DOLLAR_ENDONLY, but there is no way to make PCRE behave exactly as for the
+REG_NEWLINE action.
+.
+.
+.SH "MATCHING A PATTERN"
+.rs
+.sp
+The function \fBregexec()\fP is called to match a compiled pattern \fIpreg\fP
+against a given \fIstring\fP, which is by default terminated by a zero byte
+(but see REG_STARTEND below), subject to the options in \fIeflags\fP. These can
+be:
+.sp
+  REG_NOTBOL
+.sp
+The PCRE_NOTBOL option is set when calling the underlying PCRE matching
+function.
+.sp
+  REG_NOTEMPTY
+.sp
+The PCRE_NOTEMPTY option is set when calling the underlying PCRE matching
+function. Note that REG_NOTEMPTY is not part of the POSIX standard. However,
+setting this option can give more POSIX-like behaviour in some situations.
+.sp
+  REG_NOTEOL
+.sp
+The PCRE_NOTEOL option is set when calling the underlying PCRE matching
+function.
+.sp
+  REG_STARTEND
+.sp
+The string is considered to start at \fIstring\fP + \fIpmatch[0].rm_so\fP and
+to have a terminating NUL located at \fIstring\fP + \fIpmatch[0].rm_eo\fP
+(there need not actually be a NUL at that location), regardless of the value of
+\fInmatch\fP. This is a BSD extension, compatible with but not specified by
+IEEE Standard 1003.2 (POSIX.2), and should be used with caution in software
+intended to be portable to other systems. Note that a non-zero \fIrm_so\fP does
+not imply REG_NOTBOL; REG_STARTEND affects only the location of the string, not
+how it is matched.
+.P
+If the pattern was compiled with the REG_NOSUB flag, no data about any matched
+strings is returned. The \fInmatch\fP and \fIpmatch\fP arguments of
+\fBregexec()\fP are ignored.
+.P
+If the value of \fInmatch\fP is zero, or if the value \fIpmatch\fP is NULL,
+no data about any matched strings is returned.
+.P
+Otherwise,the portion of the string that was matched, and also any captured
+substrings, are returned via the \fIpmatch\fP argument, which points to an
+array of \fInmatch\fP structures of type \fIregmatch_t\fP, containing the
+members \fIrm_so\fP and \fIrm_eo\fP. These contain the offset to the first
+character of each substring and the offset to the first character after the end
+of each substring, respectively. The 0th element of the vector relates to the
+entire portion of \fIstring\fP that was matched; subsequent elements relate to
+the capturing subpatterns of the regular expression. Unused entries in the
+array have both structure members set to -1.
+.P
+A successful match yields a zero return; various error codes are defined in the
+header file, of which REG_NOMATCH is the "expected" failure code.
+.
+.
+.SH "ERROR MESSAGES"
+.rs
+.sp
+The \fBregerror()\fP function maps a non-zero errorcode from either
+\fBregcomp()\fP or \fBregexec()\fP to a printable message. If \fIpreg\fP is not
+NULL, the error should have arisen from the use of that structure. A message
+terminated by a binary zero is placed in \fIerrbuf\fP. The length of the
+message, including the zero, is limited to \fIerrbuf_size\fP. The yield of the
+function is the size of buffer needed to hold the whole message.
+.
+.
+.SH MEMORY USAGE
+.rs
+.sp
+Compiling a regular expression causes memory to be allocated and associated
+with the \fIpreg\fP structure. The function \fBregfree()\fP frees all such
+memory, after which \fIpreg\fP may no longer be used as a compiled expression.
+.
+.
+.SH AUTHOR
+.rs
+.sp
+.nf
+Philip Hazel
+University Computing Service
+Cambridge CB2 3QH, England.
+.fi
+.
+.
+.SH REVISION
+.rs
+.sp
+.nf
+Last updated: 09 January 2012
+Copyright (c) 1997-2012 University of Cambridge.
+.fi
diff --git a/client/3rd/ShadowSocks/ShadowSocks/pcre/armv7/share/man/man3/pcreprecompile.3 b/client/3rd/ShadowSocks/ShadowSocks/pcre/armv7/share/man/man3/pcreprecompile.3
new file mode 100644
index 00000000..40f257a9
--- /dev/null
+++ b/client/3rd/ShadowSocks/ShadowSocks/pcre/armv7/share/man/man3/pcreprecompile.3
@@ -0,0 +1,155 @@
+.TH PCREPRECOMPILE 3 "12 November 2013" "PCRE 8.34"
+.SH NAME
+PCRE - Perl-compatible regular expressions
+.SH "SAVING AND RE-USING PRECOMPILED PCRE PATTERNS"
+.rs
+.sp
+If you are running an application that uses a large number of regular
+expression patterns, it may be useful to store them in a precompiled form
+instead of having to compile them every time the application is run.
+If you are not using any private character tables (see the
+.\" HREF
+\fBpcre_maketables()\fP
+.\"
+documentation), this is relatively straightforward. If you are using private
+tables, it is a little bit more complicated. However, if you are using the
+just-in-time optimization feature, it is not possible to save and reload the
+JIT data.
+.P
+If you save compiled patterns to a file, you can copy them to a different host
+and run them there. If the two hosts have different endianness (byte order),
+you should run the \fBpcre[16|32]_pattern_to_host_byte_order()\fP function on the
+new host before trying to match the pattern. The matching functions return
+PCRE_ERROR_BADENDIANNESS if they detect a pattern with the wrong endianness.
+.P
+Compiling regular expressions with one version of PCRE for use with a different
+version is not guaranteed to work and may cause crashes, and saving and
+restoring a compiled pattern loses any JIT optimization data.
+.
+.
+.SH "SAVING A COMPILED PATTERN"
+.rs
+.sp
+The value returned by \fBpcre[16|32]_compile()\fP points to a single block of
+memory that holds the compiled pattern and associated data. You can find the
+length of this block in bytes by calling \fBpcre[16|32]_fullinfo()\fP with an
+argument of PCRE_INFO_SIZE. You can then save the data in any appropriate
+manner. Here is sample code for the 8-bit library that compiles a pattern and
+writes it to a file. It assumes that the variable \fIfd\fP refers to a file
+that is open for output:
+.sp
+  int erroroffset, rc, size;
+  char *error;
+  pcre *re;
+.sp
+  re = pcre_compile("my pattern", 0, &error, &erroroffset, NULL);
+  if (re == NULL) { ... handle errors ... }
+  rc = pcre_fullinfo(re, NULL, PCRE_INFO_SIZE, &size);
+  if (rc < 0) { ... handle errors ... }
+  rc = fwrite(re, 1, size, fd);
+  if (rc != size) { ... handle errors ... }
+.sp
+In this example, the bytes that comprise the compiled pattern are copied
+exactly. Note that this is binary data that may contain any of the 256 possible
+byte values. On systems that make a distinction between binary and non-binary
+data, be sure that the file is opened for binary output.
+.P
+If you want to write more than one pattern to a file, you will have to devise a
+way of separating them. For binary data, preceding each pattern with its length
+is probably the most straightforward approach. Another possibility is to write
+out the data in hexadecimal instead of binary, one pattern to a line.
+.P
+Saving compiled patterns in a file is only one possible way of storing them for
+later use. They could equally well be saved in a database, or in the memory of
+some daemon process that passes them via sockets to the processes that want
+them.
+.P
+If the pattern has been studied, it is also possible to save the normal study
+data in a similar way to the compiled pattern itself. However, if the
+PCRE_STUDY_JIT_COMPILE was used, the just-in-time data that is created cannot
+be saved because it is too dependent on the current environment. When studying
+generates additional information, \fBpcre[16|32]_study()\fP returns a pointer to a
+\fBpcre[16|32]_extra\fP data block. Its format is defined in the
+.\" HTML <a href="pcreapi.html#extradata">
+.\" </a>
+section on matching a pattern
+.\"
+in the
+.\" HREF
+\fBpcreapi\fP
+.\"
+documentation. The \fIstudy_data\fP field points to the binary study data, and
+this is what you must save (not the \fBpcre[16|32]_extra\fP block itself). The
+length of the study data can be obtained by calling \fBpcre[16|32]_fullinfo()\fP
+with an argument of PCRE_INFO_STUDYSIZE. Remember to check that
+\fBpcre[16|32]_study()\fP did return a non-NULL value before trying to save the
+study data.
+.
+.
+.SH "RE-USING A PRECOMPILED PATTERN"
+.rs
+.sp
+Re-using a precompiled pattern is straightforward. Having reloaded it into main
+memory, called \fBpcre[16|32]_pattern_to_host_byte_order()\fP if necessary, you
+pass its pointer to \fBpcre[16|32]_exec()\fP or \fBpcre[16|32]_dfa_exec()\fP in
+the usual way.
+.P
+However, if you passed a pointer to custom character tables when the pattern
+was compiled (the \fItableptr\fP argument of \fBpcre[16|32]_compile()\fP), you
+must now pass a similar pointer to \fBpcre[16|32]_exec()\fP or
+\fBpcre[16|32]_dfa_exec()\fP, because the value saved with the compiled pattern
+will obviously be nonsense. A field in a \fBpcre[16|32]_extra()\fP block is used
+to pass this data, as described in the
+.\" HTML <a href="pcreapi.html#extradata">
+.\" </a>
+section on matching a pattern
+.\"
+in the
+.\" HREF
+\fBpcreapi\fP
+.\"
+documentation.
+.P
+\fBWarning:\fP The tables that \fBpcre_exec()\fP and \fBpcre_dfa_exec()\fP use
+must be the same as those that were used when the pattern was compiled. If this
+is not the case, the behaviour is undefined.
+.P
+If you did not provide custom character tables when the pattern was compiled,
+the pointer in the compiled pattern is NULL, which causes the matching
+functions to use PCRE's internal tables. Thus, you do not need to take any
+special action at run time in this case.
+.P
+If you saved study data with the compiled pattern, you need to create your own
+\fBpcre[16|32]_extra\fP data block and set the \fIstudy_data\fP field to point
+to the reloaded study data. You must also set the PCRE_EXTRA_STUDY_DATA bit in
+the \fIflags\fP field to indicate that study data is present. Then pass the
+\fBpcre[16|32]_extra\fP block to the matching function in the usual way. If the
+pattern was studied for just-in-time optimization, that data cannot be saved,
+and so is lost by a save/restore cycle.
+.
+.
+.SH "COMPATIBILITY WITH DIFFERENT PCRE RELEASES"
+.rs
+.sp
+In general, it is safest to recompile all saved patterns when you update to a
+new PCRE release, though not all updates actually require this.
+.
+.
+.
+.SH AUTHOR
+.rs
+.sp
+.nf
+Philip Hazel
+University Computing Service
+Cambridge CB2 3QH, England.
+.fi
+.
+.
+.SH REVISION
+.rs
+.sp
+.nf
+Last updated: 12 November 2013
+Copyright (c) 1997-2013 University of Cambridge.
+.fi
diff --git a/client/3rd/ShadowSocks/ShadowSocks/pcre/armv7/share/man/man3/pcresample.3 b/client/3rd/ShadowSocks/ShadowSocks/pcre/armv7/share/man/man3/pcresample.3
new file mode 100644
index 00000000..d7fe7ec5
--- /dev/null
+++ b/client/3rd/ShadowSocks/ShadowSocks/pcre/armv7/share/man/man3/pcresample.3
@@ -0,0 +1,99 @@
+.TH PCRESAMPLE 3 "10 January 2012" "PCRE 8.30"
+.SH NAME
+PCRE - Perl-compatible regular expressions
+.SH "PCRE SAMPLE PROGRAM"
+.rs
+.sp
+A simple, complete demonstration program, to get you started with using PCRE,
+is supplied in the file \fIpcredemo.c\fP in the PCRE distribution. A listing of
+this program is given in the
+.\" HREF
+\fBpcredemo\fP
+.\"
+documentation. If you do not have a copy of the PCRE distribution, you can save
+this listing to re-create \fIpcredemo.c\fP.
+.P
+The demonstration program, which uses the original PCRE 8-bit library, compiles
+the regular expression that is its first argument, and matches it against the
+subject string in its second argument. No PCRE options are set, and default
+character tables are used. If matching succeeds, the program outputs the
+portion of the subject that matched, together with the contents of any captured
+substrings.
+.P
+If the -g option is given on the command line, the program then goes on to
+check for further matches of the same regular expression in the same subject
+string. The logic is a little bit tricky because of the possibility of matching
+an empty string. Comments in the code explain what is going on.
+.P
+If PCRE is installed in the standard include and library directories for your
+operating system, you should be able to compile the demonstration program using
+this command:
+.sp
+  gcc -o pcredemo pcredemo.c -lpcre
+.sp
+If PCRE is installed elsewhere, you may need to add additional options to the
+command line. For example, on a Unix-like system that has PCRE installed in
+\fI/usr/local\fP, you can compile the demonstration program using a command
+like this:
+.sp
+.\" JOINSH
+  gcc -o pcredemo -I/usr/local/include pcredemo.c \e
+      -L/usr/local/lib -lpcre
+.sp
+In a Windows environment, if you want to statically link the program against a
+non-dll \fBpcre.a\fP file, you must uncomment the line that defines PCRE_STATIC
+before including \fBpcre.h\fP, because otherwise the \fBpcre_malloc()\fP and
+\fBpcre_free()\fP exported functions will be declared
+\fB__declspec(dllimport)\fP, with unwanted results.
+.P
+Once you have compiled and linked the demonstration program, you can run simple
+tests like this:
+.sp
+  ./pcredemo 'cat|dog' 'the cat sat on the mat'
+  ./pcredemo -g 'cat|dog' 'the dog sat on the cat'
+.sp
+Note that there is a much more comprehensive test program, called
+.\" HREF
+\fBpcretest\fP,
+.\"
+which supports many more facilities for testing regular expressions and both
+PCRE libraries. The
+.\" HREF
+\fBpcredemo\fP
+.\"
+program is provided as a simple coding example.
+.P
+If you try to run
+.\" HREF
+\fBpcredemo\fP
+.\"
+when PCRE is not installed in the standard library directory, you may get an
+error like this on some operating systems (e.g. Solaris):
+.sp
+  ld.so.1: a.out: fatal: libpcre.so.0: open failed: No such file or directory
+.sp
+This is caused by the way shared library support works on those systems. You
+need to add
+.sp
+  -R/usr/local/lib
+.sp
+(for example) to the compile command to get round this problem.
+.
+.
+.SH AUTHOR
+.rs
+.sp
+.nf
+Philip Hazel
+University Computing Service
+Cambridge CB2 3QH, England.
+.fi
+.
+.
+.SH REVISION
+.rs
+.sp
+.nf
+Last updated: 10 January 2012
+Copyright (c) 1997-2012 University of Cambridge.
+.fi
diff --git a/client/3rd/ShadowSocks/ShadowSocks/pcre/armv7/share/man/man3/pcrestack.3 b/client/3rd/ShadowSocks/ShadowSocks/pcre/armv7/share/man/man3/pcrestack.3
new file mode 100644
index 00000000..798f0bca
--- /dev/null
+++ b/client/3rd/ShadowSocks/ShadowSocks/pcre/armv7/share/man/man3/pcrestack.3
@@ -0,0 +1,215 @@
+.TH PCRESTACK 3 "24 June 2012" "PCRE 8.30"
+.SH NAME
+PCRE - Perl-compatible regular expressions
+.SH "PCRE DISCUSSION OF STACK USAGE"
+.rs
+.sp
+When you call \fBpcre[16|32]_exec()\fP, it makes use of an internal function
+called \fBmatch()\fP. This calls itself recursively at branch points in the
+pattern, in order to remember the state of the match so that it can back up and
+try a different alternative if the first one fails. As matching proceeds deeper
+and deeper into the tree of possibilities, the recursion depth increases. The
+\fBmatch()\fP function is also called in other circumstances, for example,
+whenever a parenthesized sub-pattern is entered, and in certain cases of
+repetition.
+.P
+Not all calls of \fBmatch()\fP increase the recursion depth; for an item such
+as a* it may be called several times at the same level, after matching
+different numbers of a's. Furthermore, in a number of cases where the result of
+the recursive call would immediately be passed back as the result of the
+current call (a "tail recursion"), the function is just restarted instead.
+.P
+The above comments apply when \fBpcre[16|32]_exec()\fP is run in its normal
+interpretive manner. If the pattern was studied with the
+PCRE_STUDY_JIT_COMPILE option, and just-in-time compiling was successful, and
+the options passed to \fBpcre[16|32]_exec()\fP were not incompatible, the matching
+process uses the JIT-compiled code instead of the \fBmatch()\fP function. In
+this case, the memory requirements are handled entirely differently. See the
+.\" HREF
+\fBpcrejit\fP
+.\"
+documentation for details.
+.P
+The \fBpcre[16|32]_dfa_exec()\fP function operates in an entirely different way,
+and uses recursion only when there is a regular expression recursion or
+subroutine call in the pattern. This includes the processing of assertion and
+"once-only" subpatterns, which are handled like subroutine calls. Normally,
+these are never very deep, and the limit on the complexity of
+\fBpcre[16|32]_dfa_exec()\fP is controlled by the amount of workspace it is given.
+However, it is possible to write patterns with runaway infinite recursions;
+such patterns will cause \fBpcre[16|32]_dfa_exec()\fP to run out of stack. At
+present, there is no protection against this.
+.P
+The comments that follow do NOT apply to \fBpcre[16|32]_dfa_exec()\fP; they are
+relevant only for \fBpcre[16|32]_exec()\fP without the JIT optimization.
+.
+.
+.SS "Reducing \fBpcre[16|32]_exec()\fP's stack usage"
+.rs
+.sp
+Each time that \fBmatch()\fP is actually called recursively, it uses memory
+from the process stack. For certain kinds of pattern and data, very large
+amounts of stack may be needed, despite the recognition of "tail recursion".
+You can often reduce the amount of recursion, and therefore the amount of stack
+used, by modifying the pattern that is being matched. Consider, for example,
+this pattern:
+.sp
+  ([^<]|<(?!inet))+
+.sp
+It matches from wherever it starts until it encounters "<inet" or the end of
+the data, and is the kind of pattern that might be used when processing an XML
+file. Each iteration of the outer parentheses matches either one character that
+is not "<" or a "<" that is not followed by "inet". However, each time a
+parenthesis is processed, a recursion occurs, so this formulation uses a stack
+frame for each matched character. For a long string, a lot of stack is
+required. Consider now this rewritten pattern, which matches exactly the same
+strings:
+.sp
+  ([^<]++|<(?!inet))+
+.sp
+This uses very much less stack, because runs of characters that do not contain
+"<" are "swallowed" in one item inside the parentheses. Recursion happens only
+when a "<" character that is not followed by "inet" is encountered (and we
+assume this is relatively rare). A possessive quantifier is used to stop any
+backtracking into the runs of non-"<" characters, but that is not related to
+stack usage.
+.P
+This example shows that one way of avoiding stack problems when matching long
+subject strings is to write repeated parenthesized subpatterns to match more
+than one character whenever possible.
+.
+.
+.SS "Compiling PCRE to use heap instead of stack for \fBpcre[16|32]_exec()\fP"
+.rs
+.sp
+In environments where stack memory is constrained, you might want to compile
+PCRE to use heap memory instead of stack for remembering back-up points when
+\fBpcre[16|32]_exec()\fP is running. This makes it run a lot more slowly, however.
+Details of how to do this are given in the
+.\" HREF
+\fBpcrebuild\fP
+.\"
+documentation. When built in this way, instead of using the stack, PCRE obtains
+and frees memory by calling the functions that are pointed to by the
+\fBpcre[16|32]_stack_malloc\fP and \fBpcre[16|32]_stack_free\fP variables. By
+default, these point to \fBmalloc()\fP and \fBfree()\fP, but you can replace
+the pointers to cause PCRE to use your own functions. Since the block sizes are
+always the same, and are always freed in reverse order, it may be possible to
+implement customized memory handlers that are more efficient than the standard
+functions.
+.
+.
+.SS "Limiting \fBpcre[16|32]_exec()\fP's stack usage"
+.rs
+.sp
+You can set limits on the number of times that \fBmatch()\fP is called, both in
+total and recursively. If a limit is exceeded, \fBpcre[16|32]_exec()\fP returns an
+error code. Setting suitable limits should prevent it from running out of
+stack. The default values of the limits are very large, and unlikely ever to
+operate. They can be changed when PCRE is built, and they can also be set when
+\fBpcre[16|32]_exec()\fP is called. For details of these interfaces, see the
+.\" HREF
+\fBpcrebuild\fP
+.\"
+documentation and the
+.\" HTML <a href="pcreapi.html#extradata">
+.\" </a>
+section on extra data for \fBpcre[16|32]_exec()\fP
+.\"
+in the
+.\" HREF
+\fBpcreapi\fP
+.\"
+documentation.
+.P
+As a very rough rule of thumb, you should reckon on about 500 bytes per
+recursion. Thus, if you want to limit your stack usage to 8Mb, you should set
+the limit at 16000 recursions. A 64Mb stack, on the other hand, can support
+around 128000 recursions.
+.P
+In Unix-like environments, the \fBpcretest\fP test program has a command line
+option (\fB-S\fP) that can be used to increase the size of its stack. As long
+as the stack is large enough, another option (\fB-M\fP) can be used to find the
+smallest limits that allow a particular pattern to match a given subject
+string. This is done by calling \fBpcre[16|32]_exec()\fP repeatedly with different
+limits.
+.
+.
+.SS "Obtaining an estimate of stack usage"
+.rs
+.sp
+The actual amount of stack used per recursion can vary quite a lot, depending
+on the compiler that was used to build PCRE and the optimization or debugging
+options that were set for it. The rule of thumb value of 500 bytes mentioned
+above may be larger or smaller than what is actually needed. A better
+approximation can be obtained by running this command:
+.sp
+  pcretest -m -C
+.sp
+The \fB-C\fP option causes \fBpcretest\fP to output information about the
+options with which PCRE was compiled. When \fB-m\fP is also given (before
+\fB-C\fP), information about stack use is given in a line like this:
+.sp
+  Match recursion uses stack: approximate frame size = 640 bytes
+.sp
+The value is approximate because some recursions need a bit more (up to perhaps
+16 more bytes).
+.P
+If the above command is given when PCRE is compiled to use the heap instead of
+the stack for recursion, the value that is output is the size of each block
+that is obtained from the heap.
+.
+.
+.SS "Changing stack size in Unix-like systems"
+.rs
+.sp
+In Unix-like environments, there is not often a problem with the stack unless
+very long strings are involved, though the default limit on stack size varies
+from system to system. Values from 8Mb to 64Mb are common. You can find your
+default limit by running the command:
+.sp
+  ulimit -s
+.sp
+Unfortunately, the effect of running out of stack is often SIGSEGV, though
+sometimes a more explicit error message is given. You can normally increase the
+limit on stack size by code such as this:
+.sp
+  struct rlimit rlim;
+  getrlimit(RLIMIT_STACK, &rlim);
+  rlim.rlim_cur = 100*1024*1024;
+  setrlimit(RLIMIT_STACK, &rlim);
+.sp
+This reads the current limits (soft and hard) using \fBgetrlimit()\fP, then
+attempts to increase the soft limit to 100Mb using \fBsetrlimit()\fP. You must
+do this before calling \fBpcre[16|32]_exec()\fP.
+.
+.
+.SS "Changing stack size in Mac OS X"
+.rs
+.sp
+Using \fBsetrlimit()\fP, as described above, should also work on Mac OS X. It
+is also possible to set a stack size when linking a program. There is a
+discussion about stack sizes in Mac OS X at this web site:
+.\" HTML <a href="http://developer.apple.com/qa/qa2005/qa1419.html">
+.\" </a>
+http://developer.apple.com/qa/qa2005/qa1419.html.
+.\"
+.
+.
+.SH AUTHOR
+.rs
+.sp
+.nf
+Philip Hazel
+University Computing Service
+Cambridge CB2 3QH, England.
+.fi
+.
+.
+.SH REVISION
+.rs
+.sp
+.nf
+Last updated: 24 June 2012
+Copyright (c) 1997-2012 University of Cambridge.
+.fi
diff --git a/client/3rd/ShadowSocks/ShadowSocks/pcre/armv7/share/man/man3/pcresyntax.3 b/client/3rd/ShadowSocks/ShadowSocks/pcre/armv7/share/man/man3/pcresyntax.3
new file mode 100644
index 00000000..0850369f
--- /dev/null
+++ b/client/3rd/ShadowSocks/ShadowSocks/pcre/armv7/share/man/man3/pcresyntax.3
@@ -0,0 +1,540 @@
+.TH PCRESYNTAX 3 "08 January 2014" "PCRE 8.35"
+.SH NAME
+PCRE - Perl-compatible regular expressions
+.SH "PCRE REGULAR EXPRESSION SYNTAX SUMMARY"
+.rs
+.sp
+The full syntax and semantics of the regular expressions that are supported by
+PCRE are described in the
+.\" HREF
+\fBpcrepattern\fP
+.\"
+documentation. This document contains a quick-reference summary of the syntax.
+.
+.
+.SH "QUOTING"
+.rs
+.sp
+  \ex         where x is non-alphanumeric is a literal x
+  \eQ...\eE    treat enclosed characters as literal
+.
+.
+.SH "CHARACTERS"
+.rs
+.sp
+  \ea         alarm, that is, the BEL character (hex 07)
+  \ecx        "control-x", where x is any ASCII character
+  \ee         escape (hex 1B)
+  \ef         form feed (hex 0C)
+  \en         newline (hex 0A)
+  \er         carriage return (hex 0D)
+  \et         tab (hex 09)
+  \e0dd       character with octal code 0dd
+  \eddd       character with octal code ddd, or backreference
+  \eo{ddd..}  character with octal code ddd..
+  \exhh       character with hex code hh
+  \ex{hhh..}  character with hex code hhh..
+.sp
+Note that \e0dd is always an octal code, and that \e8 and \e9 are the literal
+characters "8" and "9".
+.
+.
+.SH "CHARACTER TYPES"
+.rs
+.sp
+  .          any character except newline;
+               in dotall mode, any character whatsoever
+  \eC         one data unit, even in UTF mode (best avoided)
+  \ed         a decimal digit
+  \eD         a character that is not a decimal digit
+  \eh         a horizontal white space character
+  \eH         a character that is not a horizontal white space character
+  \eN         a character that is not a newline
+  \ep{\fIxx\fP}     a character with the \fIxx\fP property
+  \eP{\fIxx\fP}     a character without the \fIxx\fP property
+  \eR         a newline sequence
+  \es         a white space character
+  \eS         a character that is not a white space character
+  \ev         a vertical white space character
+  \eV         a character that is not a vertical white space character
+  \ew         a "word" character
+  \eW         a "non-word" character
+  \eX         a Unicode extended grapheme cluster
+.sp
+By default, \ed, \es, and \ew match only ASCII characters, even in UTF-8 mode
+or in the 16- bit and 32-bit libraries. However, if locale-specific matching is
+happening, \es and \ew may also match characters with code points in the range
+128-255. If the PCRE_UCP option is set, the behaviour of these escape sequences
+is changed to use Unicode properties and they match many more characters.
+.
+.
+.SH "GENERAL CATEGORY PROPERTIES FOR \ep and \eP"
+.rs
+.sp
+  C          Other
+  Cc         Control
+  Cf         Format
+  Cn         Unassigned
+  Co         Private use
+  Cs         Surrogate
+.sp
+  L          Letter
+  Ll         Lower case letter
+  Lm         Modifier letter
+  Lo         Other letter
+  Lt         Title case letter
+  Lu         Upper case letter
+  L&         Ll, Lu, or Lt
+.sp
+  M          Mark
+  Mc         Spacing mark
+  Me         Enclosing mark
+  Mn         Non-spacing mark
+.sp
+  N          Number
+  Nd         Decimal number
+  Nl         Letter number
+  No         Other number
+.sp
+  P          Punctuation
+  Pc         Connector punctuation
+  Pd         Dash punctuation
+  Pe         Close punctuation
+  Pf         Final punctuation
+  Pi         Initial punctuation
+  Po         Other punctuation
+  Ps         Open punctuation
+.sp
+  S          Symbol
+  Sc         Currency symbol
+  Sk         Modifier symbol
+  Sm         Mathematical symbol
+  So         Other symbol
+.sp
+  Z          Separator
+  Zl         Line separator
+  Zp         Paragraph separator
+  Zs         Space separator
+.
+.
+.SH "PCRE SPECIAL CATEGORY PROPERTIES FOR \ep and \eP"
+.rs
+.sp
+  Xan        Alphanumeric: union of properties L and N
+  Xps        POSIX space: property Z or tab, NL, VT, FF, CR
+  Xsp        Perl space: property Z or tab, NL, VT, FF, CR
+  Xuc        Univerally-named character: one that can be
+               represented by a Universal Character Name
+  Xwd        Perl word: property Xan or underscore
+.sp
+Perl and POSIX space are now the same. Perl added VT to its space character set
+at release 5.18 and PCRE changed at release 8.34.
+.
+.
+.SH "SCRIPT NAMES FOR \ep AND \eP"
+.rs
+.sp
+Arabic,
+Armenian,
+Avestan,
+Balinese,
+Bamum,
+Bassa_Vah,
+Batak,
+Bengali,
+Bopomofo,
+Brahmi,
+Braille,
+Buginese,
+Buhid,
+Canadian_Aboriginal,
+Carian,
+Caucasian_Albanian,
+Chakma,
+Cham,
+Cherokee,
+Common,
+Coptic,
+Cuneiform,
+Cypriot,
+Cyrillic,
+Deseret,
+Devanagari,
+Duployan,
+Egyptian_Hieroglyphs,
+Elbasan,
+Ethiopic,
+Georgian,
+Glagolitic,
+Gothic,
+Grantha,
+Greek,
+Gujarati,
+Gurmukhi,
+Han,
+Hangul,
+Hanunoo,
+Hebrew,
+Hiragana,
+Imperial_Aramaic,
+Inherited,
+Inscriptional_Pahlavi,
+Inscriptional_Parthian,
+Javanese,
+Kaithi,
+Kannada,
+Katakana,
+Kayah_Li,
+Kharoshthi,
+Khmer,
+Khojki,
+Khudawadi,
+Lao,
+Latin,
+Lepcha,
+Limbu,
+Linear_A,
+Linear_B,
+Lisu,
+Lycian,
+Lydian,
+Mahajani,
+Malayalam,
+Mandaic,
+Manichaean,
+Meetei_Mayek,
+Mende_Kikakui,
+Meroitic_Cursive,
+Meroitic_Hieroglyphs,
+Miao,
+Modi,
+Mongolian,
+Mro,
+Myanmar,
+Nabataean,
+New_Tai_Lue,
+Nko,
+Ogham,
+Ol_Chiki,
+Old_Italic,
+Old_North_Arabian,
+Old_Permic,
+Old_Persian,
+Old_South_Arabian,
+Old_Turkic,
+Oriya,
+Osmanya,
+Pahawh_Hmong,
+Palmyrene,
+Pau_Cin_Hau,
+Phags_Pa,
+Phoenician,
+Psalter_Pahlavi,
+Rejang,
+Runic,
+Samaritan,
+Saurashtra,
+Sharada,
+Shavian,
+Siddham,
+Sinhala,
+Sora_Sompeng,
+Sundanese,
+Syloti_Nagri,
+Syriac,
+Tagalog,
+Tagbanwa,
+Tai_Le,
+Tai_Tham,
+Tai_Viet,
+Takri,
+Tamil,
+Telugu,
+Thaana,
+Thai,
+Tibetan,
+Tifinagh,
+Tirhuta,
+Ugaritic,
+Vai,
+Warang_Citi,
+Yi.
+.
+.
+.SH "CHARACTER CLASSES"
+.rs
+.sp
+  [...]       positive character class
+  [^...]      negative character class
+  [x-y]       range (can be used for hex characters)
+  [[:xxx:]]   positive POSIX named set
+  [[:^xxx:]]  negative POSIX named set
+.sp
+  alnum       alphanumeric
+  alpha       alphabetic
+  ascii       0-127
+  blank       space or tab
+  cntrl       control character
+  digit       decimal digit
+  graph       printing, excluding space
+  lower       lower case letter
+  print       printing, including space
+  punct       printing, excluding alphanumeric
+  space       white space
+  upper       upper case letter
+  word        same as \ew
+  xdigit      hexadecimal digit
+.sp
+In PCRE, POSIX character set names recognize only ASCII characters by default,
+but some of them use Unicode properties if PCRE_UCP is set. You can use
+\eQ...\eE inside a character class.
+.
+.
+.SH "QUANTIFIERS"
+.rs
+.sp
+  ?           0 or 1, greedy
+  ?+          0 or 1, possessive
+  ??          0 or 1, lazy
+  *           0 or more, greedy
+  *+          0 or more, possessive
+  *?          0 or more, lazy
+  +           1 or more, greedy
+  ++          1 or more, possessive
+  +?          1 or more, lazy
+  {n}         exactly n
+  {n,m}       at least n, no more than m, greedy
+  {n,m}+      at least n, no more than m, possessive
+  {n,m}?      at least n, no more than m, lazy
+  {n,}        n or more, greedy
+  {n,}+       n or more, possessive
+  {n,}?       n or more, lazy
+.
+.
+.SH "ANCHORS AND SIMPLE ASSERTIONS"
+.rs
+.sp
+  \eb          word boundary
+  \eB          not a word boundary
+  ^           start of subject
+               also after internal newline in multiline mode
+  \eA          start of subject
+  $           end of subject
+               also before newline at end of subject
+               also before internal newline in multiline mode
+  \eZ          end of subject
+               also before newline at end of subject
+  \ez          end of subject
+  \eG          first matching position in subject
+.
+.
+.SH "MATCH POINT RESET"
+.rs
+.sp
+  \eK          reset start of match
+.sp
+\eK is honoured in positive assertions, but ignored in negative ones.
+.
+.
+.SH "ALTERNATION"
+.rs
+.sp
+  expr|expr|expr...
+.
+.
+.SH "CAPTURING"
+.rs
+.sp
+  (...)           capturing group
+  (?<name>...)    named capturing group (Perl)
+  (?'name'...)    named capturing group (Perl)
+  (?P<name>...)   named capturing group (Python)
+  (?:...)         non-capturing group
+  (?|...)         non-capturing group; reset group numbers for
+                   capturing groups in each alternative
+.
+.
+.SH "ATOMIC GROUPS"
+.rs
+.sp
+  (?>...)         atomic, non-capturing group
+.
+.
+.
+.
+.SH "COMMENT"
+.rs
+.sp
+  (?#....)        comment (not nestable)
+.
+.
+.SH "OPTION SETTING"
+.rs
+.sp
+  (?i)            caseless
+  (?J)            allow duplicate names
+  (?m)            multiline
+  (?s)            single line (dotall)
+  (?U)            default ungreedy (lazy)
+  (?x)            extended (ignore white space)
+  (?-...)         unset option(s)
+.sp
+The following are recognized only at the very start of a pattern or after one
+of the newline or \eR options with similar syntax. More than one of them may
+appear.
+.sp
+  (*LIMIT_MATCH=d) set the match limit to d (decimal number)
+  (*LIMIT_RECURSION=d) set the recursion limit to d (decimal number)
+  (*NO_AUTO_POSSESS) no auto-possessification (PCRE_NO_AUTO_POSSESS)
+  (*NO_START_OPT) no start-match optimization (PCRE_NO_START_OPTIMIZE)
+  (*UTF8)         set UTF-8 mode: 8-bit library (PCRE_UTF8)
+  (*UTF16)        set UTF-16 mode: 16-bit library (PCRE_UTF16)
+  (*UTF32)        set UTF-32 mode: 32-bit library (PCRE_UTF32)
+  (*UTF)          set appropriate UTF mode for the library in use
+  (*UCP)          set PCRE_UCP (use Unicode properties for \ed etc)
+.sp
+Note that LIMIT_MATCH and LIMIT_RECURSION can only reduce the value of the
+limits set by the caller of pcre_exec(), not increase them.
+.
+.
+.SH "NEWLINE CONVENTION"
+.rs
+.sp
+These are recognized only at the very start of the pattern or after option
+settings with a similar syntax.
+.sp
+  (*CR)           carriage return only
+  (*LF)           linefeed only
+  (*CRLF)         carriage return followed by linefeed
+  (*ANYCRLF)      all three of the above
+  (*ANY)          any Unicode newline sequence
+.
+.
+.SH "WHAT \eR MATCHES"
+.rs
+.sp
+These are recognized only at the very start of the pattern or after option
+setting with a similar syntax.
+.sp
+  (*BSR_ANYCRLF)  CR, LF, or CRLF
+  (*BSR_UNICODE)  any Unicode newline sequence
+.
+.
+.SH "LOOKAHEAD AND LOOKBEHIND ASSERTIONS"
+.rs
+.sp
+  (?=...)         positive look ahead
+  (?!...)         negative look ahead
+  (?<=...)        positive look behind
+  (?<!...)        negative look behind
+.sp
+Each top-level branch of a look behind must be of a fixed length.
+.
+.
+.SH "BACKREFERENCES"
+.rs
+.sp
+  \en              reference by number (can be ambiguous)
+  \egn             reference by number
+  \eg{n}           reference by number
+  \eg{-n}          relative reference by number
+  \ek<name>        reference by name (Perl)
+  \ek'name'        reference by name (Perl)
+  \eg{name}        reference by name (Perl)
+  \ek{name}        reference by name (.NET)
+  (?P=name)       reference by name (Python)
+.
+.
+.SH "SUBROUTINE REFERENCES (POSSIBLY RECURSIVE)"
+.rs
+.sp
+  (?R)            recurse whole pattern
+  (?n)            call subpattern by absolute number
+  (?+n)           call subpattern by relative number
+  (?-n)           call subpattern by relative number
+  (?&name)        call subpattern by name (Perl)
+  (?P>name)       call subpattern by name (Python)
+  \eg<name>        call subpattern by name (Oniguruma)
+  \eg'name'        call subpattern by name (Oniguruma)
+  \eg<n>           call subpattern by absolute number (Oniguruma)
+  \eg'n'           call subpattern by absolute number (Oniguruma)
+  \eg<+n>          call subpattern by relative number (PCRE extension)
+  \eg'+n'          call subpattern by relative number (PCRE extension)
+  \eg<-n>          call subpattern by relative number (PCRE extension)
+  \eg'-n'          call subpattern by relative number (PCRE extension)
+.
+.
+.SH "CONDITIONAL PATTERNS"
+.rs
+.sp
+  (?(condition)yes-pattern)
+  (?(condition)yes-pattern|no-pattern)
+.sp
+  (?(n)...        absolute reference condition
+  (?(+n)...       relative reference condition
+  (?(-n)...       relative reference condition
+  (?(<name>)...   named reference condition (Perl)
+  (?('name')...   named reference condition (Perl)
+  (?(name)...     named reference condition (PCRE)
+  (?(R)...        overall recursion condition
+  (?(Rn)...       specific group recursion condition
+  (?(R&name)...   specific recursion condition
+  (?(DEFINE)...   define subpattern for reference
+  (?(assert)...   assertion condition
+.
+.
+.SH "BACKTRACKING CONTROL"
+.rs
+.sp
+The following act immediately they are reached:
+.sp
+  (*ACCEPT)       force successful match
+  (*FAIL)         force backtrack; synonym (*F)
+  (*MARK:NAME)    set name to be passed back; synonym (*:NAME)
+.sp
+The following act only when a subsequent match failure causes a backtrack to
+reach them. They all force a match failure, but they differ in what happens
+afterwards. Those that advance the start-of-match point do so only if the
+pattern is not anchored.
+.sp
+  (*COMMIT)       overall failure, no advance of starting point
+  (*PRUNE)        advance to next starting character
+  (*PRUNE:NAME)   equivalent to (*MARK:NAME)(*PRUNE)
+  (*SKIP)         advance to current matching position
+  (*SKIP:NAME)    advance to position corresponding to an earlier
+                  (*MARK:NAME); if not found, the (*SKIP) is ignored
+  (*THEN)         local failure, backtrack to next alternation
+  (*THEN:NAME)    equivalent to (*MARK:NAME)(*THEN)
+.
+.
+.SH "CALLOUTS"
+.rs
+.sp
+  (?C)      callout
+  (?Cn)     callout with data n
+.
+.
+.SH "SEE ALSO"
+.rs
+.sp
+\fBpcrepattern\fP(3), \fBpcreapi\fP(3), \fBpcrecallout\fP(3),
+\fBpcrematching\fP(3), \fBpcre\fP(3).
+.
+.
+.SH AUTHOR
+.rs
+.sp
+.nf
+Philip Hazel
+University Computing Service
+Cambridge CB2 3QH, England.
+.fi
+.
+.
+.SH REVISION
+.rs
+.sp
+.nf
+Last updated: 08 January 2014
+Copyright (c) 1997-2014 University of Cambridge.
+.fi
diff --git a/client/3rd/ShadowSocks/ShadowSocks/pcre/armv7/share/man/man3/pcreunicode.3 b/client/3rd/ShadowSocks/ShadowSocks/pcre/armv7/share/man/man3/pcreunicode.3
new file mode 100644
index 00000000..cb5e5269
--- /dev/null
+++ b/client/3rd/ShadowSocks/ShadowSocks/pcre/armv7/share/man/man3/pcreunicode.3
@@ -0,0 +1,249 @@
+.TH PCREUNICODE 3 "27 February 2013" "PCRE 8.33"
+.SH NAME
+PCRE - Perl-compatible regular expressions
+.SH "UTF-8, UTF-16, UTF-32, AND UNICODE PROPERTY SUPPORT"
+.rs
+.sp
+As well as UTF-8 support, PCRE also supports UTF-16 (from release 8.30) and
+UTF-32 (from release 8.32), by means of two additional libraries. They can be
+built as well as, or instead of, the 8-bit library.
+.
+.
+.SH "UTF-8 SUPPORT"
+.rs
+.sp
+In order process UTF-8 strings, you must build PCRE's 8-bit library with UTF
+support, and, in addition, you must call
+.\" HREF
+\fBpcre_compile()\fP
+.\"
+with the PCRE_UTF8 option flag, or the pattern must start with the sequence
+(*UTF8) or (*UTF). When either of these is the case, both the pattern and any
+subject strings that are matched against it are treated as UTF-8 strings
+instead of strings of individual 1-byte characters.
+.
+.
+.SH "UTF-16 AND UTF-32 SUPPORT"
+.rs
+.sp
+In order process UTF-16 or UTF-32 strings, you must build PCRE's 16-bit or
+32-bit library with UTF support, and, in addition, you must call
+.\" HREF
+\fBpcre16_compile()\fP
+.\"
+or
+.\" HREF
+\fBpcre32_compile()\fP
+.\"
+with the PCRE_UTF16 or PCRE_UTF32 option flag, as appropriate. Alternatively,
+the pattern must start with the sequence (*UTF16), (*UTF32), as appropriate, or
+(*UTF), which can be used with either library. When UTF mode is set, both the
+pattern and any subject strings that are matched against it are treated as
+UTF-16 or UTF-32 strings instead of strings of individual 16-bit or 32-bit
+characters.
+.
+.
+.SH "UTF SUPPORT OVERHEAD"
+.rs
+.sp
+If you compile PCRE with UTF support, but do not use it at run time, the
+library will be a bit bigger, but the additional run time overhead is limited
+to testing the PCRE_UTF[8|16|32] flag occasionally, so should not be very big.
+.
+.
+.SH "UNICODE PROPERTY SUPPORT"
+.rs
+.sp
+If PCRE is built with Unicode character property support (which implies UTF
+support), the escape sequences \ep{..}, \eP{..}, and \eX can be used.
+The available properties that can be tested are limited to the general
+category properties such as Lu for an upper case letter or Nd for a decimal
+number, the Unicode script names such as Arabic or Han, and the derived
+properties Any and L&. Full lists is given in the
+.\" HREF
+\fBpcrepattern\fP
+.\"
+and
+.\" HREF
+\fBpcresyntax\fP
+.\"
+documentation. Only the short names for properties are supported. For example,
+\ep{L} matches a letter. Its Perl synonym, \ep{Letter}, is not supported.
+Furthermore, in Perl, many properties may optionally be prefixed by "Is", for
+compatibility with Perl 5.6. PCRE does not support this.
+.
+.
+.\" HTML <a name="utf8strings"></a>
+.SS "Validity of UTF-8 strings"
+.rs
+.sp
+When you set the PCRE_UTF8 flag, the byte strings passed as patterns and
+subjects are (by default) checked for validity on entry to the relevant
+functions. The entire string is checked before any other processing takes
+place. From release 7.3 of PCRE, the check is according the rules of RFC 3629,
+which are themselves derived from the Unicode specification. Earlier releases
+of PCRE followed the rules of RFC 2279, which allows the full range of 31-bit
+values (0 to 0x7FFFFFFF). The current check allows only values in the range U+0
+to U+10FFFF, excluding the surrogate area. (From release 8.33 the so-called
+"non-character" code points are no longer excluded because Unicode corrigendum
+#9 makes it clear that they should not be.)
+.P
+Characters in the "Surrogate Area" of Unicode are reserved for use by UTF-16,
+where they are used in pairs to encode codepoints with values greater than
+0xFFFF. The code points that are encoded by UTF-16 pairs are available
+independently in the UTF-8 and UTF-32 encodings. (In other words, the whole
+surrogate thing is a fudge for UTF-16 which unfortunately messes up UTF-8 and
+UTF-32.)
+.P
+If an invalid UTF-8 string is passed to PCRE, an error return is given. At
+compile time, the only additional information is the offset to the first byte
+of the failing character. The run-time functions \fBpcre_exec()\fP and
+\fBpcre_dfa_exec()\fP also pass back this information, as well as a more
+detailed reason code if the caller has provided memory in which to do this.
+.P
+In some situations, you may already know that your strings are valid, and
+therefore want to skip these checks in order to improve performance, for
+example in the case of a long subject string that is being scanned repeatedly.
+If you set the PCRE_NO_UTF8_CHECK flag at compile time or at run time, PCRE
+assumes that the pattern or subject it is given (respectively) contains only
+valid UTF-8 codes. In this case, it does not diagnose an invalid UTF-8 string.
+.P
+Note that passing PCRE_NO_UTF8_CHECK to \fBpcre_compile()\fP just disables the
+check for the pattern; it does not also apply to subject strings. If you want
+to disable the check for a subject string you must pass this option to
+\fBpcre_exec()\fP or \fBpcre_dfa_exec()\fP.
+.P
+If you pass an invalid UTF-8 string when PCRE_NO_UTF8_CHECK is set, the result
+is undefined and your program may crash.
+.
+.
+.\" HTML <a name="utf16strings"></a>
+.SS "Validity of UTF-16 strings"
+.rs
+.sp
+When you set the PCRE_UTF16 flag, the strings of 16-bit data units that are
+passed as patterns and subjects are (by default) checked for validity on entry
+to the relevant functions. Values other than those in the surrogate range
+U+D800 to U+DFFF are independent code points. Values in the surrogate range
+must be used in pairs in the correct manner.
+.P
+If an invalid UTF-16 string is passed to PCRE, an error return is given. At
+compile time, the only additional information is the offset to the first data
+unit of the failing character. The run-time functions \fBpcre16_exec()\fP and
+\fBpcre16_dfa_exec()\fP also pass back this information, as well as a more
+detailed reason code if the caller has provided memory in which to do this.
+.P
+In some situations, you may already know that your strings are valid, and
+therefore want to skip these checks in order to improve performance. If you set
+the PCRE_NO_UTF16_CHECK flag at compile time or at run time, PCRE assumes that
+the pattern or subject it is given (respectively) contains only valid UTF-16
+sequences. In this case, it does not diagnose an invalid UTF-16 string.
+However, if an invalid string is passed, the result is undefined.
+.
+.
+.\" HTML <a name="utf32strings"></a>
+.SS "Validity of UTF-32 strings"
+.rs
+.sp
+When you set the PCRE_UTF32 flag, the strings of 32-bit data units that are
+passed as patterns and subjects are (by default) checked for validity on entry
+to the relevant functions.  This check allows only values in the range U+0
+to U+10FFFF, excluding the surrogate area U+D800 to U+DFFF.
+.P
+If an invalid UTF-32 string is passed to PCRE, an error return is given. At
+compile time, the only additional information is the offset to the first data
+unit of the failing character. The run-time functions \fBpcre32_exec()\fP and
+\fBpcre32_dfa_exec()\fP also pass back this information, as well as a more
+detailed reason code if the caller has provided memory in which to do this.
+.P
+In some situations, you may already know that your strings are valid, and
+therefore want to skip these checks in order to improve performance. If you set
+the PCRE_NO_UTF32_CHECK flag at compile time or at run time, PCRE assumes that
+the pattern or subject it is given (respectively) contains only valid UTF-32
+sequences. In this case, it does not diagnose an invalid UTF-32 string.
+However, if an invalid string is passed, the result is undefined.
+.
+.
+.SS "General comments about UTF modes"
+.rs
+.sp
+1. Codepoints less than 256 can be specified in patterns by either braced or
+unbraced hexadecimal escape sequences (for example, \ex{b3} or \exb3). Larger
+values have to use braced sequences.
+.P
+2. Octal numbers up to \e777 are recognized, and in UTF-8 mode they match
+two-byte characters for values greater than \e177.
+.P
+3. Repeat quantifiers apply to complete UTF characters, not to individual
+data units, for example: \ex{100}{3}.
+.P
+4. The dot metacharacter matches one UTF character instead of a single data
+unit.
+.P
+5. The escape sequence \eC can be used to match a single byte in UTF-8 mode, or
+a single 16-bit data unit in UTF-16 mode, or a single 32-bit data unit in
+UTF-32 mode, but its use can lead to some strange effects because it breaks up
+multi-unit characters (see the description of \eC in the
+.\" HREF
+\fBpcrepattern\fP
+.\"
+documentation). The use of \eC is not supported in the alternative matching
+function \fBpcre[16|32]_dfa_exec()\fP, nor is it supported in UTF mode by the
+JIT optimization of \fBpcre[16|32]_exec()\fP. If JIT optimization is requested
+for a UTF pattern that contains \eC, it will not succeed, and so the matching
+will be carried out by the normal interpretive function.
+.P
+6. The character escapes \eb, \eB, \ed, \eD, \es, \eS, \ew, and \eW correctly
+test characters of any code value, but, by default, the characters that PCRE
+recognizes as digits, spaces, or word characters remain the same set as in
+non-UTF mode, all with values less than 256. This remains true even when PCRE
+is built to include Unicode property support, because to do otherwise would
+slow down PCRE in many common cases. Note in particular that this applies to
+\eb and \eB, because they are defined in terms of \ew and \eW. If you really
+want to test for a wider sense of, say, "digit", you can use explicit Unicode
+property tests such as \ep{Nd}. Alternatively, if you set the PCRE_UCP option,
+the way that the character escapes work is changed so that Unicode properties
+are used to determine which characters match. There are more details in the
+section on
+.\" HTML <a href="pcrepattern.html#genericchartypes">
+.\" </a>
+generic character types
+.\"
+in the
+.\" HREF
+\fBpcrepattern\fP
+.\"
+documentation.
+.P
+7. Similarly, characters that match the POSIX named character classes are all
+low-valued characters, unless the PCRE_UCP option is set.
+.P
+8. However, the horizontal and vertical white space matching escapes (\eh, \eH,
+\ev, and \eV) do match all the appropriate Unicode characters, whether or not
+PCRE_UCP is set.
+.P
+9. Case-insensitive matching applies only to characters whose values are less
+than 128, unless PCRE is built with Unicode property support. A few Unicode
+characters such as Greek sigma have more than two codepoints that are
+case-equivalent. Up to and including PCRE release 8.31, only one-to-one case
+mappings were supported, but later releases (with Unicode property support) do
+treat as case-equivalent all versions of characters such as Greek sigma.
+.
+.
+.SH AUTHOR
+.rs
+.sp
+.nf
+Philip Hazel
+University Computing Service
+Cambridge CB2 3QH, England.
+.fi
+.
+.
+.SH REVISION
+.rs
+.sp
+.nf
+Last updated: 27 February 2013
+Copyright (c) 1997-2013 University of Cambridge.
+.fi
diff --git a/client/3rd/ShadowSocks/ShadowSocks/pcre/armv7s/bin/pcre-config b/client/3rd/ShadowSocks/ShadowSocks/pcre/armv7s/bin/pcre-config
new file mode 100755
index 00000000..282d092b
--- /dev/null
+++ b/client/3rd/ShadowSocks/ShadowSocks/pcre/armv7s/bin/pcre-config
@@ -0,0 +1,133 @@
+#!/bin/sh
+
+prefix=/Users/sanchez/work/vied/ios/vpn/playground/ss-libev-build/ShadowSocks-libev-iOS/ShadowSocks-libev-iOS/pcre/pcre/armv7s
+exec_prefix=${prefix}
+exec_prefix_set=no
+
+cflags="[--cflags]"
+
+if test yes = yes ; then
+  libs="[--libs-cpp]"
+else
+  libs=
+fi
+
+if test no = yes ; then
+  libs="[--libs16] $libs"
+fi
+
+if test no = yes ; then
+  libs="[--libs32] $libs"
+fi
+
+if test yes = yes ; then
+  libs="[--libs] [--libs-posix] $libs"
+  cflags="$cflags [--cflags-posix]"
+fi
+
+usage="Usage: pcre-config [--prefix] [--exec-prefix] [--version] $libs $cflags"
+
+if test $# -eq 0; then
+      echo "${usage}" 1>&2
+      exit 1
+fi
+
+libR=
+case `uname -s` in
+  *SunOS*)
+  libR=" -R${exec_prefix}/lib"
+  ;;
+  *BSD*)
+  libR=" -Wl,-R${exec_prefix}/lib"
+  ;;
+esac
+
+libS=
+if test ${exec_prefix}/lib != /usr/lib ; then
+  libS=-L${exec_prefix}/lib
+fi
+
+while test $# -gt 0; do
+  case "$1" in
+  -*=*) optarg=`echo "$1" | sed 's/[-_a-zA-Z0-9]*=//'` ;;
+  *) optarg= ;;
+  esac
+
+  case $1 in
+    --prefix=*)
+      prefix=$optarg
+      if test $exec_prefix_set = no ; then
+        exec_prefix=$optarg
+      fi
+      ;;
+    --prefix)
+      echo $prefix
+      ;;
+    --exec-prefix=*)
+      exec_prefix=$optarg
+      exec_prefix_set=yes
+      ;;
+    --exec-prefix)
+      echo $exec_prefix
+      ;;
+    --version)
+      echo 8.41
+      ;;
+    --cflags)
+      if test ${prefix}/include != /usr/include ; then
+        includes=-I${prefix}/include
+      fi
+      echo $includes -DPCRE_STATIC
+      ;;
+    --cflags-posix)
+      if test yes = yes ; then
+        if test ${prefix}/include != /usr/include ; then
+          includes=-I${prefix}/include
+        fi
+        echo $includes -DPCRE_STATIC
+      else
+        echo "${usage}" 1>&2
+      fi
+      ;;
+    --libs-posix)
+      if test yes = yes ; then
+        echo $libS$libR -lpcreposix -lpcre
+      else
+        echo "${usage}" 1>&2
+      fi
+      ;;
+    --libs)
+      if test yes = yes ; then
+        echo $libS$libR -lpcre
+      else
+        echo "${usage}" 1>&2
+      fi
+      ;;
+    --libs16)
+      if test no = yes ; then
+        echo $libS$libR -lpcre16
+      else
+        echo "${usage}" 1>&2
+      fi
+      ;;
+    --libs32)
+      if test no = yes ; then
+        echo $libS$libR -lpcre32
+      else
+        echo "${usage}" 1>&2
+      fi
+      ;;
+    --libs-cpp)
+      if test yes = yes ; then
+        echo $libS$libR -lpcrecpp -lpcre
+      else
+        echo "${usage}" 1>&2
+      fi
+      ;;
+    *)
+      echo "${usage}" 1>&2
+      exit 1
+      ;;
+  esac
+  shift
+done
diff --git a/client/3rd/ShadowSocks/ShadowSocks/pcre/armv7s/bin/pcregrep b/client/3rd/ShadowSocks/ShadowSocks/pcre/armv7s/bin/pcregrep
new file mode 100755
index 00000000..85eb7a3f
Binary files /dev/null and b/client/3rd/ShadowSocks/ShadowSocks/pcre/armv7s/bin/pcregrep differ
diff --git a/client/3rd/ShadowSocks/ShadowSocks/pcre/armv7s/bin/pcretest b/client/3rd/ShadowSocks/ShadowSocks/pcre/armv7s/bin/pcretest
new file mode 100755
index 00000000..05c6e4eb
Binary files /dev/null and b/client/3rd/ShadowSocks/ShadowSocks/pcre/armv7s/bin/pcretest differ
diff --git a/client/3rd/ShadowSocks/ShadowSocks/pcre/armv7s/include/pcre.h b/client/3rd/ShadowSocks/ShadowSocks/pcre/armv7s/include/pcre.h
new file mode 100644
index 00000000..442c6bdb
--- /dev/null
+++ b/client/3rd/ShadowSocks/ShadowSocks/pcre/armv7s/include/pcre.h
@@ -0,0 +1,677 @@
+/*************************************************
+*       Perl-Compatible Regular Expressions      *
+*************************************************/
+
+/* This is the public header file for the PCRE library, to be #included by
+applications that call the PCRE functions.
+
+           Copyright (c) 1997-2014 University of Cambridge
+
+-----------------------------------------------------------------------------
+Redistribution and use in source and binary forms, with or without
+modification, are permitted provided that the following conditions are met:
+
+    * Redistributions of source code must retain the above copyright notice,
+      this list of conditions and the following disclaimer.
+
+    * Redistributions in binary form must reproduce the above copyright
+      notice, this list of conditions and the following disclaimer in the
+      documentation and/or other materials provided with the distribution.
+
+    * Neither the name of the University of Cambridge nor the names of its
+      contributors may be used to endorse or promote products derived from
+      this software without specific prior written permission.
+
+THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS"
+AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT OWNER OR CONTRIBUTORS BE
+LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR
+CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF
+SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS
+INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN
+CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
+ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE
+POSSIBILITY OF SUCH DAMAGE.
+-----------------------------------------------------------------------------
+*/
+
+#ifndef _PCRE_H
+#define _PCRE_H
+
+/* The current PCRE version information. */
+
+#define PCRE_MAJOR          8
+#define PCRE_MINOR          41
+#define PCRE_PRERELEASE     
+#define PCRE_DATE           2017-07-05
+
+/* When an application links to a PCRE DLL in Windows, the symbols that are
+imported have to be identified as such. When building PCRE, the appropriate
+export setting is defined in pcre_internal.h, which includes this file. So we
+don't change existing definitions of PCRE_EXP_DECL and PCRECPP_EXP_DECL. */
+
+#if defined(_WIN32) && !defined(PCRE_STATIC)
+#  ifndef PCRE_EXP_DECL
+#    define PCRE_EXP_DECL  extern __declspec(dllimport)
+#  endif
+#  ifdef __cplusplus
+#    ifndef PCRECPP_EXP_DECL
+#      define PCRECPP_EXP_DECL  extern __declspec(dllimport)
+#    endif
+#    ifndef PCRECPP_EXP_DEFN
+#      define PCRECPP_EXP_DEFN  __declspec(dllimport)
+#    endif
+#  endif
+#endif
+
+/* By default, we use the standard "extern" declarations. */
+
+#ifndef PCRE_EXP_DECL
+#  ifdef __cplusplus
+#    define PCRE_EXP_DECL  extern "C"
+#  else
+#    define PCRE_EXP_DECL  extern
+#  endif
+#endif
+
+#ifdef __cplusplus
+#  ifndef PCRECPP_EXP_DECL
+#    define PCRECPP_EXP_DECL  extern
+#  endif
+#  ifndef PCRECPP_EXP_DEFN
+#    define PCRECPP_EXP_DEFN
+#  endif
+#endif
+
+/* Have to include stdlib.h in order to ensure that size_t is defined;
+it is needed here for malloc. */
+
+#include <stdlib.h>
+
+/* Allow for C++ users */
+
+#ifdef __cplusplus
+extern "C" {
+#endif
+
+/* Public options. Some are compile-time only, some are run-time only, and some
+are both. Most of the compile-time options are saved with the compiled regex so
+that they can be inspected during studying (and therefore JIT compiling). Note
+that pcre_study() has its own set of options. Originally, all the options
+defined here used distinct bits. However, almost all the bits in a 32-bit word
+are now used, so in order to conserve them, option bits that were previously
+only recognized at matching time (i.e. by pcre_exec() or pcre_dfa_exec()) may
+also be used for compile-time options that affect only compiling and are not
+relevant for studying or JIT compiling.
+
+Some options for pcre_compile() change its behaviour but do not affect the
+behaviour of the execution functions. Other options are passed through to the
+execution functions and affect their behaviour, with or without affecting the
+behaviour of pcre_compile().
+
+Options that can be passed to pcre_compile() are tagged Cx below, with these
+variants:
+
+C1   Affects compile only
+C2   Does not affect compile; affects exec, dfa_exec
+C3   Affects compile, exec, dfa_exec
+C4   Affects compile, exec, dfa_exec, study
+C5   Affects compile, exec, study
+
+Options that can be set for pcre_exec() and/or pcre_dfa_exec() are flagged with
+E and D, respectively. They take precedence over C3, C4, and C5 settings passed
+from pcre_compile(). Those that are compatible with JIT execution are flagged
+with J. */
+
+#define PCRE_CASELESS           0x00000001  /* C1       */
+#define PCRE_MULTILINE          0x00000002  /* C1       */
+#define PCRE_DOTALL             0x00000004  /* C1       */
+#define PCRE_EXTENDED           0x00000008  /* C1       */
+#define PCRE_ANCHORED           0x00000010  /* C4 E D   */
+#define PCRE_DOLLAR_ENDONLY     0x00000020  /* C2       */
+#define PCRE_EXTRA              0x00000040  /* C1       */
+#define PCRE_NOTBOL             0x00000080  /*    E D J */
+#define PCRE_NOTEOL             0x00000100  /*    E D J */
+#define PCRE_UNGREEDY           0x00000200  /* C1       */
+#define PCRE_NOTEMPTY           0x00000400  /*    E D J */
+#define PCRE_UTF8               0x00000800  /* C4        )          */
+#define PCRE_UTF16              0x00000800  /* C4        ) Synonyms */
+#define PCRE_UTF32              0x00000800  /* C4        )          */
+#define PCRE_NO_AUTO_CAPTURE    0x00001000  /* C1       */
+#define PCRE_NO_UTF8_CHECK      0x00002000  /* C1 E D J  )          */
+#define PCRE_NO_UTF16_CHECK     0x00002000  /* C1 E D J  ) Synonyms */
+#define PCRE_NO_UTF32_CHECK     0x00002000  /* C1 E D J  )          */
+#define PCRE_AUTO_CALLOUT       0x00004000  /* C1       */
+#define PCRE_PARTIAL_SOFT       0x00008000  /*    E D J  ) Synonyms */
+#define PCRE_PARTIAL            0x00008000  /*    E D J  )          */
+
+/* This pair use the same bit. */
+#define PCRE_NEVER_UTF          0x00010000  /* C1        ) Overlaid */
+#define PCRE_DFA_SHORTEST       0x00010000  /*      D    ) Overlaid */
+
+/* This pair use the same bit. */
+#define PCRE_NO_AUTO_POSSESS    0x00020000  /* C1        ) Overlaid */
+#define PCRE_DFA_RESTART        0x00020000  /*      D    ) Overlaid */
+
+#define PCRE_FIRSTLINE          0x00040000  /* C3       */
+#define PCRE_DUPNAMES           0x00080000  /* C1       */
+#define PCRE_NEWLINE_CR         0x00100000  /* C3 E D   */
+#define PCRE_NEWLINE_LF         0x00200000  /* C3 E D   */
+#define PCRE_NEWLINE_CRLF       0x00300000  /* C3 E D   */
+#define PCRE_NEWLINE_ANY        0x00400000  /* C3 E D   */
+#define PCRE_NEWLINE_ANYCRLF    0x00500000  /* C3 E D   */
+#define PCRE_BSR_ANYCRLF        0x00800000  /* C3 E D   */
+#define PCRE_BSR_UNICODE        0x01000000  /* C3 E D   */
+#define PCRE_JAVASCRIPT_COMPAT  0x02000000  /* C5       */
+#define PCRE_NO_START_OPTIMIZE  0x04000000  /* C2 E D    ) Synonyms */
+#define PCRE_NO_START_OPTIMISE  0x04000000  /* C2 E D    )          */
+#define PCRE_PARTIAL_HARD       0x08000000  /*    E D J */
+#define PCRE_NOTEMPTY_ATSTART   0x10000000  /*    E D J */
+#define PCRE_UCP                0x20000000  /* C3       */
+
+/* Exec-time and get/set-time error codes */
+
+#define PCRE_ERROR_NOMATCH          (-1)
+#define PCRE_ERROR_NULL             (-2)
+#define PCRE_ERROR_BADOPTION        (-3)
+#define PCRE_ERROR_BADMAGIC         (-4)
+#define PCRE_ERROR_UNKNOWN_OPCODE   (-5)
+#define PCRE_ERROR_UNKNOWN_NODE     (-5)  /* For backward compatibility */
+#define PCRE_ERROR_NOMEMORY         (-6)
+#define PCRE_ERROR_NOSUBSTRING      (-7)
+#define PCRE_ERROR_MATCHLIMIT       (-8)
+#define PCRE_ERROR_CALLOUT          (-9)  /* Never used by PCRE itself */
+#define PCRE_ERROR_BADUTF8         (-10)  /* Same for 8/16/32 */
+#define PCRE_ERROR_BADUTF16        (-10)  /* Same for 8/16/32 */
+#define PCRE_ERROR_BADUTF32        (-10)  /* Same for 8/16/32 */
+#define PCRE_ERROR_BADUTF8_OFFSET  (-11)  /* Same for 8/16 */
+#define PCRE_ERROR_BADUTF16_OFFSET (-11)  /* Same for 8/16 */
+#define PCRE_ERROR_PARTIAL         (-12)
+#define PCRE_ERROR_BADPARTIAL      (-13)
+#define PCRE_ERROR_INTERNAL        (-14)
+#define PCRE_ERROR_BADCOUNT        (-15)
+#define PCRE_ERROR_DFA_UITEM       (-16)
+#define PCRE_ERROR_DFA_UCOND       (-17)
+#define PCRE_ERROR_DFA_UMLIMIT     (-18)
+#define PCRE_ERROR_DFA_WSSIZE      (-19)
+#define PCRE_ERROR_DFA_RECURSE     (-20)
+#define PCRE_ERROR_RECURSIONLIMIT  (-21)
+#define PCRE_ERROR_NULLWSLIMIT     (-22)  /* No longer actually used */
+#define PCRE_ERROR_BADNEWLINE      (-23)
+#define PCRE_ERROR_BADOFFSET       (-24)
+#define PCRE_ERROR_SHORTUTF8       (-25)
+#define PCRE_ERROR_SHORTUTF16      (-25)  /* Same for 8/16 */
+#define PCRE_ERROR_RECURSELOOP     (-26)
+#define PCRE_ERROR_JIT_STACKLIMIT  (-27)
+#define PCRE_ERROR_BADMODE         (-28)
+#define PCRE_ERROR_BADENDIANNESS   (-29)
+#define PCRE_ERROR_DFA_BADRESTART  (-30)
+#define PCRE_ERROR_JIT_BADOPTION   (-31)
+#define PCRE_ERROR_BADLENGTH       (-32)
+#define PCRE_ERROR_UNSET           (-33)
+
+/* Specific error codes for UTF-8 validity checks */
+
+#define PCRE_UTF8_ERR0               0
+#define PCRE_UTF8_ERR1               1
+#define PCRE_UTF8_ERR2               2
+#define PCRE_UTF8_ERR3               3
+#define PCRE_UTF8_ERR4               4
+#define PCRE_UTF8_ERR5               5
+#define PCRE_UTF8_ERR6               6
+#define PCRE_UTF8_ERR7               7
+#define PCRE_UTF8_ERR8               8
+#define PCRE_UTF8_ERR9               9
+#define PCRE_UTF8_ERR10             10
+#define PCRE_UTF8_ERR11             11
+#define PCRE_UTF8_ERR12             12
+#define PCRE_UTF8_ERR13             13
+#define PCRE_UTF8_ERR14             14
+#define PCRE_UTF8_ERR15             15
+#define PCRE_UTF8_ERR16             16
+#define PCRE_UTF8_ERR17             17
+#define PCRE_UTF8_ERR18             18
+#define PCRE_UTF8_ERR19             19
+#define PCRE_UTF8_ERR20             20
+#define PCRE_UTF8_ERR21             21
+#define PCRE_UTF8_ERR22             22  /* Unused (was non-character) */
+
+/* Specific error codes for UTF-16 validity checks */
+
+#define PCRE_UTF16_ERR0              0
+#define PCRE_UTF16_ERR1              1
+#define PCRE_UTF16_ERR2              2
+#define PCRE_UTF16_ERR3              3
+#define PCRE_UTF16_ERR4              4  /* Unused (was non-character) */
+
+/* Specific error codes for UTF-32 validity checks */
+
+#define PCRE_UTF32_ERR0              0
+#define PCRE_UTF32_ERR1              1
+#define PCRE_UTF32_ERR2              2  /* Unused (was non-character) */
+#define PCRE_UTF32_ERR3              3
+
+/* Request types for pcre_fullinfo() */
+
+#define PCRE_INFO_OPTIONS            0
+#define PCRE_INFO_SIZE               1
+#define PCRE_INFO_CAPTURECOUNT       2
+#define PCRE_INFO_BACKREFMAX         3
+#define PCRE_INFO_FIRSTBYTE          4
+#define PCRE_INFO_FIRSTCHAR          4  /* For backwards compatibility */
+#define PCRE_INFO_FIRSTTABLE         5
+#define PCRE_INFO_LASTLITERAL        6
+#define PCRE_INFO_NAMEENTRYSIZE      7
+#define PCRE_INFO_NAMECOUNT          8
+#define PCRE_INFO_NAMETABLE          9
+#define PCRE_INFO_STUDYSIZE         10
+#define PCRE_INFO_DEFAULT_TABLES    11
+#define PCRE_INFO_OKPARTIAL         12
+#define PCRE_INFO_JCHANGED          13
+#define PCRE_INFO_HASCRORLF         14
+#define PCRE_INFO_MINLENGTH         15
+#define PCRE_INFO_JIT               16
+#define PCRE_INFO_JITSIZE           17
+#define PCRE_INFO_MAXLOOKBEHIND     18
+#define PCRE_INFO_FIRSTCHARACTER    19
+#define PCRE_INFO_FIRSTCHARACTERFLAGS 20
+#define PCRE_INFO_REQUIREDCHAR      21
+#define PCRE_INFO_REQUIREDCHARFLAGS 22
+#define PCRE_INFO_MATCHLIMIT        23
+#define PCRE_INFO_RECURSIONLIMIT    24
+#define PCRE_INFO_MATCH_EMPTY       25
+
+/* Request types for pcre_config(). Do not re-arrange, in order to remain
+compatible. */
+
+#define PCRE_CONFIG_UTF8                    0
+#define PCRE_CONFIG_NEWLINE                 1
+#define PCRE_CONFIG_LINK_SIZE               2
+#define PCRE_CONFIG_POSIX_MALLOC_THRESHOLD  3
+#define PCRE_CONFIG_MATCH_LIMIT             4
+#define PCRE_CONFIG_STACKRECURSE            5
+#define PCRE_CONFIG_UNICODE_PROPERTIES      6
+#define PCRE_CONFIG_MATCH_LIMIT_RECURSION   7
+#define PCRE_CONFIG_BSR                     8
+#define PCRE_CONFIG_JIT                     9
+#define PCRE_CONFIG_UTF16                  10
+#define PCRE_CONFIG_JITTARGET              11
+#define PCRE_CONFIG_UTF32                  12
+#define PCRE_CONFIG_PARENS_LIMIT           13
+
+/* Request types for pcre_study(). Do not re-arrange, in order to remain
+compatible. */
+
+#define PCRE_STUDY_JIT_COMPILE                0x0001
+#define PCRE_STUDY_JIT_PARTIAL_SOFT_COMPILE   0x0002
+#define PCRE_STUDY_JIT_PARTIAL_HARD_COMPILE   0x0004
+#define PCRE_STUDY_EXTRA_NEEDED               0x0008
+
+/* Bit flags for the pcre[16|32]_extra structure. Do not re-arrange or redefine
+these bits, just add new ones on the end, in order to remain compatible. */
+
+#define PCRE_EXTRA_STUDY_DATA             0x0001
+#define PCRE_EXTRA_MATCH_LIMIT            0x0002
+#define PCRE_EXTRA_CALLOUT_DATA           0x0004
+#define PCRE_EXTRA_TABLES                 0x0008
+#define PCRE_EXTRA_MATCH_LIMIT_RECURSION  0x0010
+#define PCRE_EXTRA_MARK                   0x0020
+#define PCRE_EXTRA_EXECUTABLE_JIT         0x0040
+
+/* Types */
+
+struct real_pcre;                 /* declaration; the definition is private  */
+typedef struct real_pcre pcre;
+
+struct real_pcre16;               /* declaration; the definition is private  */
+typedef struct real_pcre16 pcre16;
+
+struct real_pcre32;               /* declaration; the definition is private  */
+typedef struct real_pcre32 pcre32;
+
+struct real_pcre_jit_stack;       /* declaration; the definition is private  */
+typedef struct real_pcre_jit_stack pcre_jit_stack;
+
+struct real_pcre16_jit_stack;     /* declaration; the definition is private  */
+typedef struct real_pcre16_jit_stack pcre16_jit_stack;
+
+struct real_pcre32_jit_stack;     /* declaration; the definition is private  */
+typedef struct real_pcre32_jit_stack pcre32_jit_stack;
+
+/* If PCRE is compiled with 16 bit character support, PCRE_UCHAR16 must contain
+a 16 bit wide signed data type. Otherwise it can be a dummy data type since
+pcre16 functions are not implemented. There is a check for this in pcre_internal.h. */
+#ifndef PCRE_UCHAR16
+#define PCRE_UCHAR16 unsigned short
+#endif
+
+#ifndef PCRE_SPTR16
+#define PCRE_SPTR16 const PCRE_UCHAR16 *
+#endif
+
+/* If PCRE is compiled with 32 bit character support, PCRE_UCHAR32 must contain
+a 32 bit wide signed data type. Otherwise it can be a dummy data type since
+pcre32 functions are not implemented. There is a check for this in pcre_internal.h. */
+#ifndef PCRE_UCHAR32
+#define PCRE_UCHAR32 unsigned int
+#endif
+
+#ifndef PCRE_SPTR32
+#define PCRE_SPTR32 const PCRE_UCHAR32 *
+#endif
+
+/* When PCRE is compiled as a C++ library, the subject pointer type can be
+replaced with a custom type. For conventional use, the public interface is a
+const char *. */
+
+#ifndef PCRE_SPTR
+#define PCRE_SPTR const char *
+#endif
+
+/* The structure for passing additional data to pcre_exec(). This is defined in
+such as way as to be extensible. Always add new fields at the end, in order to
+remain compatible. */
+
+typedef struct pcre_extra {
+  unsigned long int flags;        /* Bits for which fields are set */
+  void *study_data;               /* Opaque data from pcre_study() */
+  unsigned long int match_limit;  /* Maximum number of calls to match() */
+  void *callout_data;             /* Data passed back in callouts */
+  const unsigned char *tables;    /* Pointer to character tables */
+  unsigned long int match_limit_recursion; /* Max recursive calls to match() */
+  unsigned char **mark;           /* For passing back a mark pointer */
+  void *executable_jit;           /* Contains a pointer to a compiled jit code */
+} pcre_extra;
+
+/* Same structure as above, but with 16 bit char pointers. */
+
+typedef struct pcre16_extra {
+  unsigned long int flags;        /* Bits for which fields are set */
+  void *study_data;               /* Opaque data from pcre_study() */
+  unsigned long int match_limit;  /* Maximum number of calls to match() */
+  void *callout_data;             /* Data passed back in callouts */
+  const unsigned char *tables;    /* Pointer to character tables */
+  unsigned long int match_limit_recursion; /* Max recursive calls to match() */
+  PCRE_UCHAR16 **mark;            /* For passing back a mark pointer */
+  void *executable_jit;           /* Contains a pointer to a compiled jit code */
+} pcre16_extra;
+
+/* Same structure as above, but with 32 bit char pointers. */
+
+typedef struct pcre32_extra {
+  unsigned long int flags;        /* Bits for which fields are set */
+  void *study_data;               /* Opaque data from pcre_study() */
+  unsigned long int match_limit;  /* Maximum number of calls to match() */
+  void *callout_data;             /* Data passed back in callouts */
+  const unsigned char *tables;    /* Pointer to character tables */
+  unsigned long int match_limit_recursion; /* Max recursive calls to match() */
+  PCRE_UCHAR32 **mark;            /* For passing back a mark pointer */
+  void *executable_jit;           /* Contains a pointer to a compiled jit code */
+} pcre32_extra;
+
+/* The structure for passing out data via the pcre_callout_function. We use a
+structure so that new fields can be added on the end in future versions,
+without changing the API of the function, thereby allowing old clients to work
+without modification. */
+
+typedef struct pcre_callout_block {
+  int          version;           /* Identifies version of block */
+  /* ------------------------ Version 0 ------------------------------- */
+  int          callout_number;    /* Number compiled into pattern */
+  int         *offset_vector;     /* The offset vector */
+  PCRE_SPTR    subject;           /* The subject being matched */
+  int          subject_length;    /* The length of the subject */
+  int          start_match;       /* Offset to start of this match attempt */
+  int          current_position;  /* Where we currently are in the subject */
+  int          capture_top;       /* Max current capture */
+  int          capture_last;      /* Most recently closed capture */
+  void        *callout_data;      /* Data passed in with the call */
+  /* ------------------- Added for Version 1 -------------------------- */
+  int          pattern_position;  /* Offset to next item in the pattern */
+  int          next_item_length;  /* Length of next item in the pattern */
+  /* ------------------- Added for Version 2 -------------------------- */
+  const unsigned char *mark;      /* Pointer to current mark or NULL    */
+  /* ------------------------------------------------------------------ */
+} pcre_callout_block;
+
+/* Same structure as above, but with 16 bit char pointers. */
+
+typedef struct pcre16_callout_block {
+  int          version;           /* Identifies version of block */
+  /* ------------------------ Version 0 ------------------------------- */
+  int          callout_number;    /* Number compiled into pattern */
+  int         *offset_vector;     /* The offset vector */
+  PCRE_SPTR16  subject;           /* The subject being matched */
+  int          subject_length;    /* The length of the subject */
+  int          start_match;       /* Offset to start of this match attempt */
+  int          current_position;  /* Where we currently are in the subject */
+  int          capture_top;       /* Max current capture */
+  int          capture_last;      /* Most recently closed capture */
+  void        *callout_data;      /* Data passed in with the call */
+  /* ------------------- Added for Version 1 -------------------------- */
+  int          pattern_position;  /* Offset to next item in the pattern */
+  int          next_item_length;  /* Length of next item in the pattern */
+  /* ------------------- Added for Version 2 -------------------------- */
+  const PCRE_UCHAR16 *mark;       /* Pointer to current mark or NULL    */
+  /* ------------------------------------------------------------------ */
+} pcre16_callout_block;
+
+/* Same structure as above, but with 32 bit char pointers. */
+
+typedef struct pcre32_callout_block {
+  int          version;           /* Identifies version of block */
+  /* ------------------------ Version 0 ------------------------------- */
+  int          callout_number;    /* Number compiled into pattern */
+  int         *offset_vector;     /* The offset vector */
+  PCRE_SPTR32  subject;           /* The subject being matched */
+  int          subject_length;    /* The length of the subject */
+  int          start_match;       /* Offset to start of this match attempt */
+  int          current_position;  /* Where we currently are in the subject */
+  int          capture_top;       /* Max current capture */
+  int          capture_last;      /* Most recently closed capture */
+  void        *callout_data;      /* Data passed in with the call */
+  /* ------------------- Added for Version 1 -------------------------- */
+  int          pattern_position;  /* Offset to next item in the pattern */
+  int          next_item_length;  /* Length of next item in the pattern */
+  /* ------------------- Added for Version 2 -------------------------- */
+  const PCRE_UCHAR32 *mark;       /* Pointer to current mark or NULL    */
+  /* ------------------------------------------------------------------ */
+} pcre32_callout_block;
+
+/* Indirection for store get and free functions. These can be set to
+alternative malloc/free functions if required. Special ones are used in the
+non-recursive case for "frames". There is also an optional callout function
+that is triggered by the (?) regex item. For Virtual Pascal, these definitions
+have to take another form. */
+
+#ifndef VPCOMPAT
+PCRE_EXP_DECL void *(*pcre_malloc)(size_t);
+PCRE_EXP_DECL void  (*pcre_free)(void *);
+PCRE_EXP_DECL void *(*pcre_stack_malloc)(size_t);
+PCRE_EXP_DECL void  (*pcre_stack_free)(void *);
+PCRE_EXP_DECL int   (*pcre_callout)(pcre_callout_block *);
+PCRE_EXP_DECL int   (*pcre_stack_guard)(void);
+
+PCRE_EXP_DECL void *(*pcre16_malloc)(size_t);
+PCRE_EXP_DECL void  (*pcre16_free)(void *);
+PCRE_EXP_DECL void *(*pcre16_stack_malloc)(size_t);
+PCRE_EXP_DECL void  (*pcre16_stack_free)(void *);
+PCRE_EXP_DECL int   (*pcre16_callout)(pcre16_callout_block *);
+PCRE_EXP_DECL int   (*pcre16_stack_guard)(void);
+
+PCRE_EXP_DECL void *(*pcre32_malloc)(size_t);
+PCRE_EXP_DECL void  (*pcre32_free)(void *);
+PCRE_EXP_DECL void *(*pcre32_stack_malloc)(size_t);
+PCRE_EXP_DECL void  (*pcre32_stack_free)(void *);
+PCRE_EXP_DECL int   (*pcre32_callout)(pcre32_callout_block *);
+PCRE_EXP_DECL int   (*pcre32_stack_guard)(void);
+#else   /* VPCOMPAT */
+PCRE_EXP_DECL void *pcre_malloc(size_t);
+PCRE_EXP_DECL void  pcre_free(void *);
+PCRE_EXP_DECL void *pcre_stack_malloc(size_t);
+PCRE_EXP_DECL void  pcre_stack_free(void *);
+PCRE_EXP_DECL int   pcre_callout(pcre_callout_block *);
+PCRE_EXP_DECL int   pcre_stack_guard(void);
+
+PCRE_EXP_DECL void *pcre16_malloc(size_t);
+PCRE_EXP_DECL void  pcre16_free(void *);
+PCRE_EXP_DECL void *pcre16_stack_malloc(size_t);
+PCRE_EXP_DECL void  pcre16_stack_free(void *);
+PCRE_EXP_DECL int   pcre16_callout(pcre16_callout_block *);
+PCRE_EXP_DECL int   pcre16_stack_guard(void);
+
+PCRE_EXP_DECL void *pcre32_malloc(size_t);
+PCRE_EXP_DECL void  pcre32_free(void *);
+PCRE_EXP_DECL void *pcre32_stack_malloc(size_t);
+PCRE_EXP_DECL void  pcre32_stack_free(void *);
+PCRE_EXP_DECL int   pcre32_callout(pcre32_callout_block *);
+PCRE_EXP_DECL int   pcre32_stack_guard(void);
+#endif  /* VPCOMPAT */
+
+/* User defined callback which provides a stack just before the match starts. */
+
+typedef pcre_jit_stack *(*pcre_jit_callback)(void *);
+typedef pcre16_jit_stack *(*pcre16_jit_callback)(void *);
+typedef pcre32_jit_stack *(*pcre32_jit_callback)(void *);
+
+/* Exported PCRE functions */
+
+PCRE_EXP_DECL pcre *pcre_compile(const char *, int, const char **, int *,
+                  const unsigned char *);
+PCRE_EXP_DECL pcre16 *pcre16_compile(PCRE_SPTR16, int, const char **, int *,
+                  const unsigned char *);
+PCRE_EXP_DECL pcre32 *pcre32_compile(PCRE_SPTR32, int, const char **, int *,
+                  const unsigned char *);
+PCRE_EXP_DECL pcre *pcre_compile2(const char *, int, int *, const char **,
+                  int *, const unsigned char *);
+PCRE_EXP_DECL pcre16 *pcre16_compile2(PCRE_SPTR16, int, int *, const char **,
+                  int *, const unsigned char *);
+PCRE_EXP_DECL pcre32 *pcre32_compile2(PCRE_SPTR32, int, int *, const char **,
+                  int *, const unsigned char *);
+PCRE_EXP_DECL int  pcre_config(int, void *);
+PCRE_EXP_DECL int  pcre16_config(int, void *);
+PCRE_EXP_DECL int  pcre32_config(int, void *);
+PCRE_EXP_DECL int  pcre_copy_named_substring(const pcre *, const char *,
+                  int *, int, const char *, char *, int);
+PCRE_EXP_DECL int  pcre16_copy_named_substring(const pcre16 *, PCRE_SPTR16,
+                  int *, int, PCRE_SPTR16, PCRE_UCHAR16 *, int);
+PCRE_EXP_DECL int  pcre32_copy_named_substring(const pcre32 *, PCRE_SPTR32,
+                  int *, int, PCRE_SPTR32, PCRE_UCHAR32 *, int);
+PCRE_EXP_DECL int  pcre_copy_substring(const char *, int *, int, int,
+                  char *, int);
+PCRE_EXP_DECL int  pcre16_copy_substring(PCRE_SPTR16, int *, int, int,
+                  PCRE_UCHAR16 *, int);
+PCRE_EXP_DECL int  pcre32_copy_substring(PCRE_SPTR32, int *, int, int,
+                  PCRE_UCHAR32 *, int);
+PCRE_EXP_DECL int  pcre_dfa_exec(const pcre *, const pcre_extra *,
+                  const char *, int, int, int, int *, int , int *, int);
+PCRE_EXP_DECL int  pcre16_dfa_exec(const pcre16 *, const pcre16_extra *,
+                  PCRE_SPTR16, int, int, int, int *, int , int *, int);
+PCRE_EXP_DECL int  pcre32_dfa_exec(const pcre32 *, const pcre32_extra *,
+                  PCRE_SPTR32, int, int, int, int *, int , int *, int);
+PCRE_EXP_DECL int  pcre_exec(const pcre *, const pcre_extra *, PCRE_SPTR,
+                   int, int, int, int *, int);
+PCRE_EXP_DECL int  pcre16_exec(const pcre16 *, const pcre16_extra *,
+                   PCRE_SPTR16, int, int, int, int *, int);
+PCRE_EXP_DECL int  pcre32_exec(const pcre32 *, const pcre32_extra *,
+                   PCRE_SPTR32, int, int, int, int *, int);
+PCRE_EXP_DECL int  pcre_jit_exec(const pcre *, const pcre_extra *,
+                   PCRE_SPTR, int, int, int, int *, int,
+                   pcre_jit_stack *);
+PCRE_EXP_DECL int  pcre16_jit_exec(const pcre16 *, const pcre16_extra *,
+                   PCRE_SPTR16, int, int, int, int *, int,
+                   pcre16_jit_stack *);
+PCRE_EXP_DECL int  pcre32_jit_exec(const pcre32 *, const pcre32_extra *,
+                   PCRE_SPTR32, int, int, int, int *, int,
+                   pcre32_jit_stack *);
+PCRE_EXP_DECL void pcre_free_substring(const char *);
+PCRE_EXP_DECL void pcre16_free_substring(PCRE_SPTR16);
+PCRE_EXP_DECL void pcre32_free_substring(PCRE_SPTR32);
+PCRE_EXP_DECL void pcre_free_substring_list(const char **);
+PCRE_EXP_DECL void pcre16_free_substring_list(PCRE_SPTR16 *);
+PCRE_EXP_DECL void pcre32_free_substring_list(PCRE_SPTR32 *);
+PCRE_EXP_DECL int  pcre_fullinfo(const pcre *, const pcre_extra *, int,
+                  void *);
+PCRE_EXP_DECL int  pcre16_fullinfo(const pcre16 *, const pcre16_extra *, int,
+                  void *);
+PCRE_EXP_DECL int  pcre32_fullinfo(const pcre32 *, const pcre32_extra *, int,
+                  void *);
+PCRE_EXP_DECL int  pcre_get_named_substring(const pcre *, const char *,
+                  int *, int, const char *, const char **);
+PCRE_EXP_DECL int  pcre16_get_named_substring(const pcre16 *, PCRE_SPTR16,
+                  int *, int, PCRE_SPTR16, PCRE_SPTR16 *);
+PCRE_EXP_DECL int  pcre32_get_named_substring(const pcre32 *, PCRE_SPTR32,
+                  int *, int, PCRE_SPTR32, PCRE_SPTR32 *);
+PCRE_EXP_DECL int  pcre_get_stringnumber(const pcre *, const char *);
+PCRE_EXP_DECL int  pcre16_get_stringnumber(const pcre16 *, PCRE_SPTR16);
+PCRE_EXP_DECL int  pcre32_get_stringnumber(const pcre32 *, PCRE_SPTR32);
+PCRE_EXP_DECL int  pcre_get_stringtable_entries(const pcre *, const char *,
+                  char **, char **);
+PCRE_EXP_DECL int  pcre16_get_stringtable_entries(const pcre16 *, PCRE_SPTR16,
+                  PCRE_UCHAR16 **, PCRE_UCHAR16 **);
+PCRE_EXP_DECL int  pcre32_get_stringtable_entries(const pcre32 *, PCRE_SPTR32,
+                  PCRE_UCHAR32 **, PCRE_UCHAR32 **);
+PCRE_EXP_DECL int  pcre_get_substring(const char *, int *, int, int,
+                  const char **);
+PCRE_EXP_DECL int  pcre16_get_substring(PCRE_SPTR16, int *, int, int,
+                  PCRE_SPTR16 *);
+PCRE_EXP_DECL int  pcre32_get_substring(PCRE_SPTR32, int *, int, int,
+                  PCRE_SPTR32 *);
+PCRE_EXP_DECL int  pcre_get_substring_list(const char *, int *, int,
+                  const char ***);
+PCRE_EXP_DECL int  pcre16_get_substring_list(PCRE_SPTR16, int *, int,
+                  PCRE_SPTR16 **);
+PCRE_EXP_DECL int  pcre32_get_substring_list(PCRE_SPTR32, int *, int,
+                  PCRE_SPTR32 **);
+PCRE_EXP_DECL const unsigned char *pcre_maketables(void);
+PCRE_EXP_DECL const unsigned char *pcre16_maketables(void);
+PCRE_EXP_DECL const unsigned char *pcre32_maketables(void);
+PCRE_EXP_DECL int  pcre_refcount(pcre *, int);
+PCRE_EXP_DECL int  pcre16_refcount(pcre16 *, int);
+PCRE_EXP_DECL int  pcre32_refcount(pcre32 *, int);
+PCRE_EXP_DECL pcre_extra *pcre_study(const pcre *, int, const char **);
+PCRE_EXP_DECL pcre16_extra *pcre16_study(const pcre16 *, int, const char **);
+PCRE_EXP_DECL pcre32_extra *pcre32_study(const pcre32 *, int, const char **);
+PCRE_EXP_DECL void pcre_free_study(pcre_extra *);
+PCRE_EXP_DECL void pcre16_free_study(pcre16_extra *);
+PCRE_EXP_DECL void pcre32_free_study(pcre32_extra *);
+PCRE_EXP_DECL const char *pcre_version(void);
+PCRE_EXP_DECL const char *pcre16_version(void);
+PCRE_EXP_DECL const char *pcre32_version(void);
+
+/* Utility functions for byte order swaps. */
+PCRE_EXP_DECL int  pcre_pattern_to_host_byte_order(pcre *, pcre_extra *,
+                  const unsigned char *);
+PCRE_EXP_DECL int  pcre16_pattern_to_host_byte_order(pcre16 *, pcre16_extra *,
+                  const unsigned char *);
+PCRE_EXP_DECL int  pcre32_pattern_to_host_byte_order(pcre32 *, pcre32_extra *,
+                  const unsigned char *);
+PCRE_EXP_DECL int  pcre16_utf16_to_host_byte_order(PCRE_UCHAR16 *,
+                  PCRE_SPTR16, int, int *, int);
+PCRE_EXP_DECL int  pcre32_utf32_to_host_byte_order(PCRE_UCHAR32 *,
+                  PCRE_SPTR32, int, int *, int);
+
+/* JIT compiler related functions. */
+
+PCRE_EXP_DECL pcre_jit_stack *pcre_jit_stack_alloc(int, int);
+PCRE_EXP_DECL pcre16_jit_stack *pcre16_jit_stack_alloc(int, int);
+PCRE_EXP_DECL pcre32_jit_stack *pcre32_jit_stack_alloc(int, int);
+PCRE_EXP_DECL void pcre_jit_stack_free(pcre_jit_stack *);
+PCRE_EXP_DECL void pcre16_jit_stack_free(pcre16_jit_stack *);
+PCRE_EXP_DECL void pcre32_jit_stack_free(pcre32_jit_stack *);
+PCRE_EXP_DECL void pcre_assign_jit_stack(pcre_extra *,
+                  pcre_jit_callback, void *);
+PCRE_EXP_DECL void pcre16_assign_jit_stack(pcre16_extra *,
+                  pcre16_jit_callback, void *);
+PCRE_EXP_DECL void pcre32_assign_jit_stack(pcre32_extra *,
+                  pcre32_jit_callback, void *);
+PCRE_EXP_DECL void pcre_jit_free_unused_memory(void);
+PCRE_EXP_DECL void pcre16_jit_free_unused_memory(void);
+PCRE_EXP_DECL void pcre32_jit_free_unused_memory(void);
+
+#ifdef __cplusplus
+}  /* extern "C" */
+#endif
+
+#endif /* End of pcre.h */
diff --git a/client/3rd/ShadowSocks/ShadowSocks/pcre/armv7s/include/pcre_scanner.h b/client/3rd/ShadowSocks/ShadowSocks/pcre/armv7s/include/pcre_scanner.h
new file mode 100644
index 00000000..5617e451
--- /dev/null
+++ b/client/3rd/ShadowSocks/ShadowSocks/pcre/armv7s/include/pcre_scanner.h
@@ -0,0 +1,172 @@
+// Copyright (c) 2005, Google Inc.
+// All rights reserved.
+//
+// Redistribution and use in source and binary forms, with or without
+// modification, are permitted provided that the following conditions are
+// met:
+//
+//     * Redistributions of source code must retain the above copyright
+// notice, this list of conditions and the following disclaimer.
+//     * Redistributions in binary form must reproduce the above
+// copyright notice, this list of conditions and the following disclaimer
+// in the documentation and/or other materials provided with the
+// distribution.
+//     * Neither the name of Google Inc. nor the names of its
+// contributors may be used to endorse or promote products derived from
+// this software without specific prior written permission.
+//
+// THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS
+// "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT
+// LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR
+// A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT
+// OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
+// SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT
+// LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,
+// DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY
+// THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
+// (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE
+// OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
+//
+// Author: Sanjay Ghemawat
+//
+// Regular-expression based scanner for parsing an input stream.
+//
+// Example 1: parse a sequence of "var = number" entries from input:
+//
+//      Scanner scanner(input);
+//      string var;
+//      int number;
+//      scanner.SetSkipExpression("\\s+"); // Skip any white space we encounter
+//      while (scanner.Consume("(\\w+) = (\\d+)", &var, &number)) {
+//        ...;
+//      }
+
+#ifndef _PCRE_SCANNER_H
+#define _PCRE_SCANNER_H
+
+#include <assert.h>
+#include <string>
+#include <vector>
+
+#include <pcrecpp.h>
+#include <pcre_stringpiece.h>
+
+namespace pcrecpp {
+
+class PCRECPP_EXP_DEFN Scanner {
+ public:
+  Scanner();
+  explicit Scanner(const std::string& input);
+  ~Scanner();
+
+  // Return current line number.  The returned line-number is
+  // one-based.  I.e. it returns 1 + the number of consumed newlines.
+  //
+  // Note: this method may be slow.  It may take time proportional to
+  // the size of the input.
+  int LineNumber() const;
+
+  // Return the byte-offset that the scanner is looking in the
+  // input data;
+  int Offset() const;
+
+  // Return true iff the start of the remaining input matches "re"
+  bool LookingAt(const RE& re) const;
+
+  // Return true iff all of the following are true
+  //    a. the start of the remaining input matches "re",
+  //    b. if any arguments are supplied, matched sub-patterns can be
+  //       parsed and stored into the arguments.
+  // If it returns true, it skips over the matched input and any
+  // following input that matches the "skip" regular expression.
+  bool Consume(const RE& re,
+               const Arg& arg0 = RE::no_arg,
+               const Arg& arg1 = RE::no_arg,
+               const Arg& arg2 = RE::no_arg
+               // TODO: Allow more arguments?
+               );
+
+  // Set the "skip" regular expression.  If after consuming some data,
+  // a prefix of the input matches this RE, it is automatically
+  // skipped.  For example, a programming language scanner would use
+  // a skip RE that matches white space and comments.
+  //
+  //    scanner.SetSkipExpression("\\s+|//.*|/[*](.|\n)*?[*]/");
+  //
+  // Skipping repeats as long as it succeeds.  We used to let people do
+  // this by writing "(...)*" in the regular expression, but that added
+  // up to lots of recursive calls within the pcre library, so now we
+  // control repetition explicitly via the function call API.
+  //
+  // You can pass NULL for "re" if you do not want any data to be skipped.
+  void Skip(const char* re);   // DEPRECATED; does *not* repeat
+  void SetSkipExpression(const char* re);
+
+  // Temporarily pause "skip"ing. This
+  //   Skip("Foo"); code ; DisableSkip(); code; EnableSkip()
+  // is similar to
+  //   Skip("Foo"); code ; Skip(NULL); code ; Skip("Foo");
+  // but avoids creating/deleting new RE objects.
+  void DisableSkip();
+
+  // Reenable previously paused skipping.  Any prefix of the input
+  // that matches the skip pattern is immediately dropped.
+  void EnableSkip();
+
+  /***** Special wrappers around SetSkip() for some common idioms *****/
+
+  // Arranges to skip whitespace, C comments, C++ comments.
+  // The overall RE is a disjunction of the following REs:
+  //    \\s                     whitespace
+  //    //.*\n                  C++ comment
+  //    /[*](.|\n)*?[*]/        C comment (x*? means minimal repetitions of x)
+  // We get repetition via the semantics of SetSkipExpression, not by using *
+  void SkipCXXComments() {
+    SetSkipExpression("\\s|//.*\n|/[*](?:\n|.)*?[*]/");
+  }
+
+  void set_save_comments(bool comments) {
+    save_comments_ = comments;
+  }
+
+  bool save_comments() {
+    return save_comments_;
+  }
+
+  // Append to vector ranges the comments found in the
+  // byte range [start,end] (inclusive) of the input data.
+  // Only comments that were extracted entirely within that
+  // range are returned: no range splitting of atomically-extracted
+  // comments is performed.
+  void GetComments(int start, int end, std::vector<StringPiece> *ranges);
+
+  // Append to vector ranges the comments added
+  // since the last time this was called. This
+  // functionality is provided for efficiency when
+  // interleaving scanning with parsing.
+  void GetNextComments(std::vector<StringPiece> *ranges);
+
+ private:
+  std::string   data_;          // All the input data
+  StringPiece   input_;         // Unprocessed input
+  RE*           skip_;          // If non-NULL, RE for skipping input
+  bool          should_skip_;   // If true, use skip_
+  bool          skip_repeat_;   // If true, repeat skip_ as long as it works
+  bool          save_comments_; // If true, aggregate the skip expression
+
+  // the skipped comments
+  // TODO: later consider requiring that the StringPieces be added
+  // in order by their start position
+  std::vector<StringPiece> *comments_;
+
+  // the offset into comments_ that has been returned by GetNextComments
+  int           comments_offset_;
+
+  // helper function to consume *skip_ and honour
+  // save_comments_
+  void ConsumeSkip();
+};
+
+}   // namespace pcrecpp
+
+#endif /* _PCRE_SCANNER_H */
diff --git a/client/3rd/ShadowSocks/ShadowSocks/pcre/armv7s/include/pcre_stringpiece.h b/client/3rd/ShadowSocks/ShadowSocks/pcre/armv7s/include/pcre_stringpiece.h
new file mode 100644
index 00000000..cb94f52a
--- /dev/null
+++ b/client/3rd/ShadowSocks/ShadowSocks/pcre/armv7s/include/pcre_stringpiece.h
@@ -0,0 +1,180 @@
+// Copyright (c) 2005, Google Inc.
+// All rights reserved.
+//
+// Redistribution and use in source and binary forms, with or without
+// modification, are permitted provided that the following conditions are
+// met:
+//
+//     * Redistributions of source code must retain the above copyright
+// notice, this list of conditions and the following disclaimer.
+//     * Redistributions in binary form must reproduce the above
+// copyright notice, this list of conditions and the following disclaimer
+// in the documentation and/or other materials provided with the
+// distribution.
+//     * Neither the name of Google Inc. nor the names of its
+// contributors may be used to endorse or promote products derived from
+// this software without specific prior written permission.
+//
+// THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS
+// "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT
+// LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR
+// A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT
+// OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
+// SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT
+// LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,
+// DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY
+// THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
+// (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE
+// OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
+//
+// Author: Sanjay Ghemawat
+//
+// A string like object that points into another piece of memory.
+// Useful for providing an interface that allows clients to easily
+// pass in either a "const char*" or a "string".
+//
+// Arghh!  I wish C++ literals were automatically of type "string".
+
+#ifndef _PCRE_STRINGPIECE_H
+#define _PCRE_STRINGPIECE_H
+
+#include <cstring>
+#include <string>
+#include <iosfwd>    // for ostream forward-declaration
+
+#if 0
+#define HAVE_TYPE_TRAITS
+#include <type_traits.h>
+#elif 0
+#define HAVE_TYPE_TRAITS
+#include <bits/type_traits.h>
+#endif
+
+#include <pcre.h>
+
+namespace pcrecpp {
+
+using std::memcmp;
+using std::strlen;
+using std::string;
+
+class PCRECPP_EXP_DEFN StringPiece {
+ private:
+  const char*   ptr_;
+  int           length_;
+
+ public:
+  // We provide non-explicit singleton constructors so users can pass
+  // in a "const char*" or a "string" wherever a "StringPiece" is
+  // expected.
+  StringPiece()
+    : ptr_(NULL), length_(0) { }
+  StringPiece(const char* str)
+    : ptr_(str), length_(static_cast<int>(strlen(ptr_))) { }
+  StringPiece(const unsigned char* str)
+    : ptr_(reinterpret_cast<const char*>(str)),
+      length_(static_cast<int>(strlen(ptr_))) { }
+  StringPiece(const string& str)
+    : ptr_(str.data()), length_(static_cast<int>(str.size())) { }
+  StringPiece(const char* offset, int len)
+    : ptr_(offset), length_(len) { }
+
+  // data() may return a pointer to a buffer with embedded NULs, and the
+  // returned buffer may or may not be null terminated.  Therefore it is
+  // typically a mistake to pass data() to a routine that expects a NUL
+  // terminated string.  Use "as_string().c_str()" if you really need to do
+  // this.  Or better yet, change your routine so it does not rely on NUL
+  // termination.
+  const char* data() const { return ptr_; }
+  int size() const { return length_; }
+  bool empty() const { return length_ == 0; }
+
+  void clear() { ptr_ = NULL; length_ = 0; }
+  void set(const char* buffer, int len) { ptr_ = buffer; length_ = len; }
+  void set(const char* str) {
+    ptr_ = str;
+    length_ = static_cast<int>(strlen(str));
+  }
+  void set(const void* buffer, int len) {
+    ptr_ = reinterpret_cast<const char*>(buffer);
+    length_ = len;
+  }
+
+  char operator[](int i) const { return ptr_[i]; }
+
+  void remove_prefix(int n) {
+    ptr_ += n;
+    length_ -= n;
+  }
+
+  void remove_suffix(int n) {
+    length_ -= n;
+  }
+
+  bool operator==(const StringPiece& x) const {
+    return ((length_ == x.length_) &&
+            (memcmp(ptr_, x.ptr_, length_) == 0));
+  }
+  bool operator!=(const StringPiece& x) const {
+    return !(*this == x);
+  }
+
+#define STRINGPIECE_BINARY_PREDICATE(cmp,auxcmp)                             \
+  bool operator cmp (const StringPiece& x) const {                           \
+    int r = memcmp(ptr_, x.ptr_, length_ < x.length_ ? length_ : x.length_); \
+    return ((r auxcmp 0) || ((r == 0) && (length_ cmp x.length_)));          \
+  }
+  STRINGPIECE_BINARY_PREDICATE(<,  <);
+  STRINGPIECE_BINARY_PREDICATE(<=, <);
+  STRINGPIECE_BINARY_PREDICATE(>=, >);
+  STRINGPIECE_BINARY_PREDICATE(>,  >);
+#undef STRINGPIECE_BINARY_PREDICATE
+
+  int compare(const StringPiece& x) const {
+    int r = memcmp(ptr_, x.ptr_, length_ < x.length_ ? length_ : x.length_);
+    if (r == 0) {
+      if (length_ < x.length_) r = -1;
+      else if (length_ > x.length_) r = +1;
+    }
+    return r;
+  }
+
+  string as_string() const {
+    return string(data(), size());
+  }
+
+  void CopyToString(string* target) const {
+    target->assign(ptr_, length_);
+  }
+
+  // Does "this" start with "x"
+  bool starts_with(const StringPiece& x) const {
+    return ((length_ >= x.length_) && (memcmp(ptr_, x.ptr_, x.length_) == 0));
+  }
+};
+
+}   // namespace pcrecpp
+
+// ------------------------------------------------------------------
+// Functions used to create STL containers that use StringPiece
+//  Remember that a StringPiece's lifetime had better be less than
+//  that of the underlying string or char*.  If it is not, then you
+//  cannot safely store a StringPiece into an STL container
+// ------------------------------------------------------------------
+
+#ifdef HAVE_TYPE_TRAITS
+// This makes vector<StringPiece> really fast for some STL implementations
+template<> struct __type_traits<pcrecpp::StringPiece> {
+  typedef __true_type    has_trivial_default_constructor;
+  typedef __true_type    has_trivial_copy_constructor;
+  typedef __true_type    has_trivial_assignment_operator;
+  typedef __true_type    has_trivial_destructor;
+  typedef __true_type    is_POD_type;
+};
+#endif
+
+// allow StringPiece to be logged
+PCRECPP_EXP_DECL std::ostream& operator<<(std::ostream& o,
+                                          const pcrecpp::StringPiece& piece);
+
+#endif /* _PCRE_STRINGPIECE_H */
diff --git a/client/3rd/ShadowSocks/ShadowSocks/pcre/armv7s/include/pcrecpp.h b/client/3rd/ShadowSocks/ShadowSocks/pcre/armv7s/include/pcrecpp.h
new file mode 100644
index 00000000..3e594b0d
--- /dev/null
+++ b/client/3rd/ShadowSocks/ShadowSocks/pcre/armv7s/include/pcrecpp.h
@@ -0,0 +1,710 @@
+// Copyright (c) 2005, Google Inc.
+// All rights reserved.
+//
+// Redistribution and use in source and binary forms, with or without
+// modification, are permitted provided that the following conditions are
+// met:
+//
+//     * Redistributions of source code must retain the above copyright
+// notice, this list of conditions and the following disclaimer.
+//     * Redistributions in binary form must reproduce the above
+// copyright notice, this list of conditions and the following disclaimer
+// in the documentation and/or other materials provided with the
+// distribution.
+//     * Neither the name of Google Inc. nor the names of its
+// contributors may be used to endorse or promote products derived from
+// this software without specific prior written permission.
+//
+// THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS
+// "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT
+// LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR
+// A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT
+// OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
+// SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT
+// LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,
+// DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY
+// THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
+// (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE
+// OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
+//
+// Author: Sanjay Ghemawat
+// Support for PCRE_XXX modifiers added by Giuseppe Maxia, July 2005
+
+#ifndef _PCRECPP_H
+#define _PCRECPP_H
+
+// C++ interface to the pcre regular-expression library.  RE supports
+// Perl-style regular expressions (with extensions like \d, \w, \s,
+// ...).
+//
+// -----------------------------------------------------------------------
+// REGEXP SYNTAX:
+//
+// This module is part of the pcre library and hence supports its syntax
+// for regular expressions.
+//
+// The syntax is pretty similar to Perl's.  For those not familiar
+// with Perl's regular expressions, here are some examples of the most
+// commonly used extensions:
+//
+//   "hello (\\w+) world"  -- \w matches a "word" character
+//   "version (\\d+)"      -- \d matches a digit
+//   "hello\\s+world"      -- \s matches any whitespace character
+//   "\\b(\\w+)\\b"        -- \b matches empty string at a word boundary
+//   "(?i)hello"           -- (?i) turns on case-insensitive matching
+//   "/\\*(.*?)\\*/"       -- .*? matches . minimum no. of times possible
+//
+// -----------------------------------------------------------------------
+// MATCHING INTERFACE:
+//
+// The "FullMatch" operation checks that supplied text matches a
+// supplied pattern exactly.
+//
+// Example: successful match
+//    pcrecpp::RE re("h.*o");
+//    re.FullMatch("hello");
+//
+// Example: unsuccessful match (requires full match):
+//    pcrecpp::RE re("e");
+//    !re.FullMatch("hello");
+//
+// Example: creating a temporary RE object:
+//    pcrecpp::RE("h.*o").FullMatch("hello");
+//
+// You can pass in a "const char*" or a "string" for "text".  The
+// examples below tend to use a const char*.
+//
+// You can, as in the different examples above, store the RE object
+// explicitly in a variable or use a temporary RE object.  The
+// examples below use one mode or the other arbitrarily.  Either
+// could correctly be used for any of these examples.
+//
+// -----------------------------------------------------------------------
+// MATCHING WITH SUB-STRING EXTRACTION:
+//
+// You can supply extra pointer arguments to extract matched subpieces.
+//
+// Example: extracts "ruby" into "s" and 1234 into "i"
+//    int i;
+//    string s;
+//    pcrecpp::RE re("(\\w+):(\\d+)");
+//    re.FullMatch("ruby:1234", &s, &i);
+//
+// Example: does not try to extract any extra sub-patterns
+//    re.FullMatch("ruby:1234", &s);
+//
+// Example: does not try to extract into NULL
+//    re.FullMatch("ruby:1234", NULL, &i);
+//
+// Example: integer overflow causes failure
+//    !re.FullMatch("ruby:1234567891234", NULL, &i);
+//
+// Example: fails because there aren't enough sub-patterns:
+//    !pcrecpp::RE("\\w+:\\d+").FullMatch("ruby:1234", &s);
+//
+// Example: fails because string cannot be stored in integer
+//    !pcrecpp::RE("(.*)").FullMatch("ruby", &i);
+//
+// The provided pointer arguments can be pointers to any scalar numeric
+// type, or one of
+//    string        (matched piece is copied to string)
+//    StringPiece   (StringPiece is mutated to point to matched piece)
+//    T             (where "bool T::ParseFrom(const char*, int)" exists)
+//    NULL          (the corresponding matched sub-pattern is not copied)
+//
+// CAVEAT: An optional sub-pattern that does not exist in the matched
+// string is assigned the empty string.  Therefore, the following will
+// return false (because the empty string is not a valid number):
+//    int number;
+//    pcrecpp::RE::FullMatch("abc", "[a-z]+(\\d+)?", &number);
+//
+// -----------------------------------------------------------------------
+// DO_MATCH
+//
+// The matching interface supports at most 16 arguments per call.
+// If you need more, consider using the more general interface
+// pcrecpp::RE::DoMatch().  See pcrecpp.h for the signature for DoMatch.
+//
+// -----------------------------------------------------------------------
+// PARTIAL MATCHES
+//
+// You can use the "PartialMatch" operation when you want the pattern
+// to match any substring of the text.
+//
+// Example: simple search for a string:
+//    pcrecpp::RE("ell").PartialMatch("hello");
+//
+// Example: find first number in a string:
+//    int number;
+//    pcrecpp::RE re("(\\d+)");
+//    re.PartialMatch("x*100 + 20", &number);
+//    assert(number == 100);
+//
+// -----------------------------------------------------------------------
+// UTF-8 AND THE MATCHING INTERFACE:
+//
+// By default, pattern and text are plain text, one byte per character.
+// The UTF8 flag, passed to the constructor, causes both pattern
+// and string to be treated as UTF-8 text, still a byte stream but
+// potentially multiple bytes per character. In practice, the text
+// is likelier to be UTF-8 than the pattern, but the match returned
+// may depend on the UTF8 flag, so always use it when matching
+// UTF8 text.  E.g., "." will match one byte normally but with UTF8
+// set may match up to three bytes of a multi-byte character.
+//
+// Example:
+//    pcrecpp::RE_Options options;
+//    options.set_utf8();
+//    pcrecpp::RE re(utf8_pattern, options);
+//    re.FullMatch(utf8_string);
+//
+// Example: using the convenience function UTF8():
+//    pcrecpp::RE re(utf8_pattern, pcrecpp::UTF8());
+//    re.FullMatch(utf8_string);
+//
+// NOTE: The UTF8 option is ignored if pcre was not configured with the
+//       --enable-utf8 flag.
+//
+// -----------------------------------------------------------------------
+// PASSING MODIFIERS TO THE REGULAR EXPRESSION ENGINE
+//
+// PCRE defines some modifiers to change the behavior of the regular
+// expression engine.
+// The C++ wrapper defines an auxiliary class, RE_Options, as a vehicle
+// to pass such modifiers to a RE class.
+//
+// Currently, the following modifiers are supported
+//
+//    modifier              description               Perl corresponding
+//
+//    PCRE_CASELESS         case insensitive match    /i
+//    PCRE_MULTILINE        multiple lines match      /m
+//    PCRE_DOTALL           dot matches newlines      /s
+//    PCRE_DOLLAR_ENDONLY   $ matches only at end     N/A
+//    PCRE_EXTRA            strict escape parsing     N/A
+//    PCRE_EXTENDED         ignore whitespaces        /x
+//    PCRE_UTF8             handles UTF8 chars        built-in
+//    PCRE_UNGREEDY         reverses * and *?         N/A
+//    PCRE_NO_AUTO_CAPTURE  disables matching parens  N/A (*)
+//
+// (For a full account on how each modifier works, please check the
+// PCRE API reference manual).
+//
+// (*) Both Perl and PCRE allow non matching parentheses by means of the
+// "?:" modifier within the pattern itself. e.g. (?:ab|cd) does not
+// capture, while (ab|cd) does.
+//
+// For each modifier, there are two member functions whose name is made
+// out of the modifier in lowercase, without the "PCRE_" prefix. For
+// instance, PCRE_CASELESS is handled by
+//    bool caseless(),
+// which returns true if the modifier is set, and
+//    RE_Options & set_caseless(bool),
+// which sets or unsets the modifier.
+//
+// Moreover, PCRE_EXTRA_MATCH_LIMIT can be accessed through the
+// set_match_limit() and match_limit() member functions.
+// Setting match_limit to a non-zero value will limit the executation of
+// pcre to keep it from doing bad things like blowing the stack or taking
+// an eternity to return a result.  A value of 5000 is good enough to stop
+// stack blowup in a 2MB thread stack.  Setting match_limit to zero will
+// disable match limiting.  Alternately, you can set match_limit_recursion()
+// which uses PCRE_EXTRA_MATCH_LIMIT_RECURSION to limit how much pcre
+// recurses.  match_limit() caps the number of matches pcre does;
+// match_limit_recrusion() caps the depth of recursion.
+//
+// Normally, to pass one or more modifiers to a RE class, you declare
+// a RE_Options object, set the appropriate options, and pass this
+// object to a RE constructor. Example:
+//
+//    RE_options opt;
+//    opt.set_caseless(true);
+//
+//    if (RE("HELLO", opt).PartialMatch("hello world")) ...
+//
+// RE_options has two constructors. The default constructor takes no
+// arguments and creates a set of flags that are off by default.
+//
+// The optional parameter 'option_flags' is to facilitate transfer
+// of legacy code from C programs.  This lets you do
+//    RE(pattern, RE_Options(PCRE_CASELESS|PCRE_MULTILINE)).PartialMatch(str);
+//
+// But new code is better off doing
+//    RE(pattern,
+//      RE_Options().set_caseless(true).set_multiline(true)).PartialMatch(str);
+// (See below)
+//
+// If you are going to pass one of the most used modifiers, there are some
+// convenience functions that return a RE_Options class with the
+// appropriate modifier already set:
+// CASELESS(), UTF8(), MULTILINE(), DOTALL(), EXTENDED()
+//
+// If you need to set several options at once, and you don't want to go
+// through the pains of declaring a RE_Options object and setting several
+// options, there is a parallel method that give you such ability on the
+// fly. You can concatenate several set_xxxxx member functions, since each
+// of them returns a reference to its class object.  e.g.: to pass
+// PCRE_CASELESS, PCRE_EXTENDED, and PCRE_MULTILINE to a RE with one
+// statement, you may write
+//
+//    RE(" ^ xyz \\s+ .* blah$", RE_Options()
+//                            .set_caseless(true)
+//                            .set_extended(true)
+//                            .set_multiline(true)).PartialMatch(sometext);
+//
+// -----------------------------------------------------------------------
+// SCANNING TEXT INCREMENTALLY
+//
+// The "Consume" operation may be useful if you want to repeatedly
+// match regular expressions at the front of a string and skip over
+// them as they match.  This requires use of the "StringPiece" type,
+// which represents a sub-range of a real string.  Like RE, StringPiece
+// is defined in the pcrecpp namespace.
+//
+// Example: read lines of the form "var = value" from a string.
+//    string contents = ...;                 // Fill string somehow
+//    pcrecpp::StringPiece input(contents);  // Wrap in a StringPiece
+//
+//    string var;
+//    int value;
+//    pcrecpp::RE re("(\\w+) = (\\d+)\n");
+//    while (re.Consume(&input, &var, &value)) {
+//      ...;
+//    }
+//
+// Each successful call to "Consume" will set "var/value", and also
+// advance "input" so it points past the matched text.
+//
+// The "FindAndConsume" operation is similar to "Consume" but does not
+// anchor your match at the beginning of the string.  For example, you
+// could extract all words from a string by repeatedly calling
+//     pcrecpp::RE("(\\w+)").FindAndConsume(&input, &word)
+//
+// -----------------------------------------------------------------------
+// PARSING HEX/OCTAL/C-RADIX NUMBERS
+//
+// By default, if you pass a pointer to a numeric value, the
+// corresponding text is interpreted as a base-10 number.  You can
+// instead wrap the pointer with a call to one of the operators Hex(),
+// Octal(), or CRadix() to interpret the text in another base.  The
+// CRadix operator interprets C-style "0" (base-8) and "0x" (base-16)
+// prefixes, but defaults to base-10.
+//
+// Example:
+//   int a, b, c, d;
+//   pcrecpp::RE re("(.*) (.*) (.*) (.*)");
+//   re.FullMatch("100 40 0100 0x40",
+//                pcrecpp::Octal(&a), pcrecpp::Hex(&b),
+//                pcrecpp::CRadix(&c), pcrecpp::CRadix(&d));
+// will leave 64 in a, b, c, and d.
+//
+// -----------------------------------------------------------------------
+// REPLACING PARTS OF STRINGS
+//
+// You can replace the first match of "pattern" in "str" with
+// "rewrite".  Within "rewrite", backslash-escaped digits (\1 to \9)
+// can be used to insert text matching corresponding parenthesized
+// group from the pattern.  \0 in "rewrite" refers to the entire
+// matching text.  E.g.,
+//
+//   string s = "yabba dabba doo";
+//   pcrecpp::RE("b+").Replace("d", &s);
+//
+// will leave "s" containing "yada dabba doo".  The result is true if
+// the pattern matches and a replacement occurs, or false otherwise.
+//
+// GlobalReplace() is like Replace(), except that it replaces all
+// occurrences of the pattern in the string with the rewrite.
+// Replacements are not subject to re-matching.  E.g.,
+//
+//   string s = "yabba dabba doo";
+//   pcrecpp::RE("b+").GlobalReplace("d", &s);
+//
+// will leave "s" containing "yada dada doo".  It returns the number
+// of replacements made.
+//
+// Extract() is like Replace(), except that if the pattern matches,
+// "rewrite" is copied into "out" (an additional argument) with
+// substitutions.  The non-matching portions of "text" are ignored.
+// Returns true iff a match occurred and the extraction happened
+// successfully.  If no match occurs, the string is left unaffected.
+
+
+#include <string>
+#include <pcre.h>
+#include <pcrecpparg.h>   // defines the Arg class
+// This isn't technically needed here, but we include it
+// anyway so folks who include pcrecpp.h don't have to.
+#include <pcre_stringpiece.h>
+
+namespace pcrecpp {
+
+#define PCRE_SET_OR_CLEAR(b, o) \
+    if (b) all_options_ |= (o); else all_options_ &= ~(o); \
+    return *this
+
+#define PCRE_IS_SET(o)  \
+        (all_options_ & o) == o
+
+/***** Compiling regular expressions: the RE class *****/
+
+// RE_Options allow you to set options to be passed along to pcre,
+// along with other options we put on top of pcre.
+// Only 9 modifiers, plus match_limit and match_limit_recursion,
+// are supported now.
+class PCRECPP_EXP_DEFN RE_Options {
+ public:
+  // constructor
+  RE_Options() : match_limit_(0), match_limit_recursion_(0), all_options_(0) {}
+
+  // alternative constructor.
+  // To facilitate transfer of legacy code from C programs
+  //
+  // This lets you do
+  //    RE(pattern, RE_Options(PCRE_CASELESS|PCRE_MULTILINE)).PartialMatch(str);
+  // But new code is better off doing
+  //    RE(pattern,
+  //      RE_Options().set_caseless(true).set_multiline(true)).PartialMatch(str);
+  RE_Options(int option_flags) : match_limit_(0), match_limit_recursion_(0),
+                                 all_options_(option_flags) {}
+  // we're fine with the default destructor, copy constructor, etc.
+
+  // accessors and mutators
+  int match_limit() const { return match_limit_; };
+  RE_Options &set_match_limit(int limit) {
+    match_limit_ = limit;
+    return *this;
+  }
+
+  int match_limit_recursion() const { return match_limit_recursion_; };
+  RE_Options &set_match_limit_recursion(int limit) {
+    match_limit_recursion_ = limit;
+    return *this;
+  }
+
+  bool caseless() const {
+    return PCRE_IS_SET(PCRE_CASELESS);
+  }
+  RE_Options &set_caseless(bool x) {
+    PCRE_SET_OR_CLEAR(x, PCRE_CASELESS);
+  }
+
+  bool multiline() const {
+    return PCRE_IS_SET(PCRE_MULTILINE);
+  }
+  RE_Options &set_multiline(bool x) {
+    PCRE_SET_OR_CLEAR(x, PCRE_MULTILINE);
+  }
+
+  bool dotall() const {
+    return PCRE_IS_SET(PCRE_DOTALL);
+  }
+  RE_Options &set_dotall(bool x) {
+    PCRE_SET_OR_CLEAR(x, PCRE_DOTALL);
+  }
+
+  bool extended() const {
+    return PCRE_IS_SET(PCRE_EXTENDED);
+  }
+  RE_Options &set_extended(bool x) {
+    PCRE_SET_OR_CLEAR(x, PCRE_EXTENDED);
+  }
+
+  bool dollar_endonly() const {
+    return PCRE_IS_SET(PCRE_DOLLAR_ENDONLY);
+  }
+  RE_Options &set_dollar_endonly(bool x) {
+    PCRE_SET_OR_CLEAR(x, PCRE_DOLLAR_ENDONLY);
+  }
+
+  bool extra() const {
+    return PCRE_IS_SET(PCRE_EXTRA);
+  }
+  RE_Options &set_extra(bool x) {
+    PCRE_SET_OR_CLEAR(x, PCRE_EXTRA);
+  }
+
+  bool ungreedy() const {
+    return PCRE_IS_SET(PCRE_UNGREEDY);
+  }
+  RE_Options &set_ungreedy(bool x) {
+    PCRE_SET_OR_CLEAR(x, PCRE_UNGREEDY);
+  }
+
+  bool utf8() const {
+    return PCRE_IS_SET(PCRE_UTF8);
+  }
+  RE_Options &set_utf8(bool x) {
+    PCRE_SET_OR_CLEAR(x, PCRE_UTF8);
+  }
+
+  bool no_auto_capture() const {
+    return PCRE_IS_SET(PCRE_NO_AUTO_CAPTURE);
+  }
+  RE_Options &set_no_auto_capture(bool x) {
+    PCRE_SET_OR_CLEAR(x, PCRE_NO_AUTO_CAPTURE);
+  }
+
+  RE_Options &set_all_options(int opt) {
+    all_options_ = opt;
+    return *this;
+  }
+  int all_options() const {
+    return all_options_ ;
+  }
+
+  // TODO: add other pcre flags
+
+ private:
+  int match_limit_;
+  int match_limit_recursion_;
+  int all_options_;
+};
+
+// These functions return some common RE_Options
+static inline RE_Options UTF8() {
+  return RE_Options().set_utf8(true);
+}
+
+static inline RE_Options CASELESS() {
+  return RE_Options().set_caseless(true);
+}
+static inline RE_Options MULTILINE() {
+  return RE_Options().set_multiline(true);
+}
+
+static inline RE_Options DOTALL() {
+  return RE_Options().set_dotall(true);
+}
+
+static inline RE_Options EXTENDED() {
+  return RE_Options().set_extended(true);
+}
+
+// Interface for regular expression matching.  Also corresponds to a
+// pre-compiled regular expression.  An "RE" object is safe for
+// concurrent use by multiple threads.
+class PCRECPP_EXP_DEFN RE {
+ public:
+  // We provide implicit conversions from strings so that users can
+  // pass in a string or a "const char*" wherever an "RE" is expected.
+  RE(const string& pat) { Init(pat, NULL); }
+  RE(const string& pat, const RE_Options& option) { Init(pat, &option); }
+  RE(const char* pat) { Init(pat, NULL); }
+  RE(const char* pat, const RE_Options& option) { Init(pat, &option); }
+  RE(const unsigned char* pat) {
+    Init(reinterpret_cast<const char*>(pat), NULL);
+  }
+  RE(const unsigned char* pat, const RE_Options& option) {
+    Init(reinterpret_cast<const char*>(pat), &option);
+  }
+
+  // Copy constructor & assignment - note that these are expensive
+  // because they recompile the expression.
+  RE(const RE& re) { Init(re.pattern_, &re.options_); }
+  const RE& operator=(const RE& re) {
+    if (this != &re) {
+      Cleanup();
+
+      // This is the code that originally came from Google
+      // Init(re.pattern_.c_str(), &re.options_);
+
+      // This is the replacement from Ari Pollak
+      Init(re.pattern_, &re.options_);
+    }
+    return *this;
+  }
+
+
+  ~RE();
+
+  // The string specification for this RE.  E.g.
+  //   RE re("ab*c?d+");
+  //   re.pattern();    // "ab*c?d+"
+  const string& pattern() const { return pattern_; }
+
+  // If RE could not be created properly, returns an error string.
+  // Else returns the empty string.
+  const string& error() const { return *error_; }
+
+  /***** The useful part: the matching interface *****/
+
+  // This is provided so one can do pattern.ReplaceAll() just as
+  // easily as ReplaceAll(pattern-text, ....)
+
+  bool FullMatch(const StringPiece& text,
+                 const Arg& ptr1 = no_arg,
+                 const Arg& ptr2 = no_arg,
+                 const Arg& ptr3 = no_arg,
+                 const Arg& ptr4 = no_arg,
+                 const Arg& ptr5 = no_arg,
+                 const Arg& ptr6 = no_arg,
+                 const Arg& ptr7 = no_arg,
+                 const Arg& ptr8 = no_arg,
+                 const Arg& ptr9 = no_arg,
+                 const Arg& ptr10 = no_arg,
+                 const Arg& ptr11 = no_arg,
+                 const Arg& ptr12 = no_arg,
+                 const Arg& ptr13 = no_arg,
+                 const Arg& ptr14 = no_arg,
+                 const Arg& ptr15 = no_arg,
+                 const Arg& ptr16 = no_arg) const;
+
+  bool PartialMatch(const StringPiece& text,
+                    const Arg& ptr1 = no_arg,
+                    const Arg& ptr2 = no_arg,
+                    const Arg& ptr3 = no_arg,
+                    const Arg& ptr4 = no_arg,
+                    const Arg& ptr5 = no_arg,
+                    const Arg& ptr6 = no_arg,
+                    const Arg& ptr7 = no_arg,
+                    const Arg& ptr8 = no_arg,
+                    const Arg& ptr9 = no_arg,
+                    const Arg& ptr10 = no_arg,
+                    const Arg& ptr11 = no_arg,
+                    const Arg& ptr12 = no_arg,
+                    const Arg& ptr13 = no_arg,
+                    const Arg& ptr14 = no_arg,
+                    const Arg& ptr15 = no_arg,
+                    const Arg& ptr16 = no_arg) const;
+
+  bool Consume(StringPiece* input,
+               const Arg& ptr1 = no_arg,
+               const Arg& ptr2 = no_arg,
+               const Arg& ptr3 = no_arg,
+               const Arg& ptr4 = no_arg,
+               const Arg& ptr5 = no_arg,
+               const Arg& ptr6 = no_arg,
+               const Arg& ptr7 = no_arg,
+               const Arg& ptr8 = no_arg,
+               const Arg& ptr9 = no_arg,
+               const Arg& ptr10 = no_arg,
+               const Arg& ptr11 = no_arg,
+               const Arg& ptr12 = no_arg,
+               const Arg& ptr13 = no_arg,
+               const Arg& ptr14 = no_arg,
+               const Arg& ptr15 = no_arg,
+               const Arg& ptr16 = no_arg) const;
+
+  bool FindAndConsume(StringPiece* input,
+                      const Arg& ptr1 = no_arg,
+                      const Arg& ptr2 = no_arg,
+                      const Arg& ptr3 = no_arg,
+                      const Arg& ptr4 = no_arg,
+                      const Arg& ptr5 = no_arg,
+                      const Arg& ptr6 = no_arg,
+                      const Arg& ptr7 = no_arg,
+                      const Arg& ptr8 = no_arg,
+                      const Arg& ptr9 = no_arg,
+                      const Arg& ptr10 = no_arg,
+                      const Arg& ptr11 = no_arg,
+                      const Arg& ptr12 = no_arg,
+                      const Arg& ptr13 = no_arg,
+                      const Arg& ptr14 = no_arg,
+                      const Arg& ptr15 = no_arg,
+                      const Arg& ptr16 = no_arg) const;
+
+  bool Replace(const StringPiece& rewrite,
+               string *str) const;
+
+  int GlobalReplace(const StringPiece& rewrite,
+                    string *str) const;
+
+  bool Extract(const StringPiece &rewrite,
+               const StringPiece &text,
+               string *out) const;
+
+  // Escapes all potentially meaningful regexp characters in
+  // 'unquoted'.  The returned string, used as a regular expression,
+  // will exactly match the original string.  For example,
+  //           1.5-2.0?
+  // may become:
+  //           1\.5\-2\.0\?
+  // Note QuoteMeta behaves the same as perl's QuoteMeta function,
+  // *except* that it escapes the NUL character (\0) as backslash + 0,
+  // rather than backslash + NUL.
+  static string QuoteMeta(const StringPiece& unquoted);
+
+
+  /***** Generic matching interface *****/
+
+  // Type of match (TODO: Should be restructured as part of RE_Options)
+  enum Anchor {
+    UNANCHORED,         // No anchoring
+    ANCHOR_START,       // Anchor at start only
+    ANCHOR_BOTH         // Anchor at start and end
+  };
+
+  // General matching routine.  Stores the length of the match in
+  // "*consumed" if successful.
+  bool DoMatch(const StringPiece& text,
+               Anchor anchor,
+               int* consumed,
+               const Arg* const* args, int n) const;
+
+  // Return the number of capturing subpatterns, or -1 if the
+  // regexp wasn't valid on construction.
+  int NumberOfCapturingGroups() const;
+
+  // The default value for an argument, to indicate the end of the argument
+  // list. This must be used only in optional argument defaults. It should NOT
+  // be passed explicitly. Some people have tried to use it like this:
+  //
+  //   FullMatch(x, y, &z, no_arg, &w);
+  //
+  // This is a mistake, and will not work.
+  static Arg no_arg;
+
+ private:
+
+  void Init(const string& pattern, const RE_Options* options);
+  void Cleanup();
+
+  // Match against "text", filling in "vec" (up to "vecsize" * 2/3) with
+  // pairs of integers for the beginning and end positions of matched
+  // text.  The first pair corresponds to the entire matched text;
+  // subsequent pairs correspond, in order, to parentheses-captured
+  // matches.  Returns the number of pairs (one more than the number of
+  // the last subpattern with a match) if matching was successful
+  // and zero if the match failed.
+  // I.e. for RE("(foo)|(bar)|(baz)") it will return 2, 3, and 4 when matching
+  // against "foo", "bar", and "baz" respectively.
+  // When matching RE("(foo)|hello") against "hello", it will return 1.
+  // But the values for all subpattern are filled in into "vec".
+  int TryMatch(const StringPiece& text,
+               int startpos,
+               Anchor anchor,
+               bool empty_ok,
+               int *vec,
+               int vecsize) const;
+
+  // Append the "rewrite" string, with backslash subsitutions from "text"
+  // and "vec", to string "out".
+  bool Rewrite(string *out,
+               const StringPiece& rewrite,
+               const StringPiece& text,
+               int *vec,
+               int veclen) const;
+
+  // internal implementation for DoMatch
+  bool DoMatchImpl(const StringPiece& text,
+                   Anchor anchor,
+                   int* consumed,
+                   const Arg* const args[],
+                   int n,
+                   int* vec,
+                   int vecsize) const;
+
+  // Compile the regexp for the specified anchoring mode
+  pcre* Compile(Anchor anchor);
+
+  string        pattern_;
+  RE_Options    options_;
+  pcre*         re_full_;       // For full matches
+  pcre*         re_partial_;    // For partial matches
+  const string* error_;         // Error indicator (or points to empty string)
+};
+
+}   // namespace pcrecpp
+
+#endif /* _PCRECPP_H */
diff --git a/client/3rd/ShadowSocks/ShadowSocks/pcre/armv7s/include/pcrecpparg.h b/client/3rd/ShadowSocks/ShadowSocks/pcre/armv7s/include/pcrecpparg.h
new file mode 100644
index 00000000..b4f9c3f4
--- /dev/null
+++ b/client/3rd/ShadowSocks/ShadowSocks/pcre/armv7s/include/pcrecpparg.h
@@ -0,0 +1,174 @@
+// Copyright (c) 2005, Google Inc.
+// All rights reserved.
+//
+// Redistribution and use in source and binary forms, with or without
+// modification, are permitted provided that the following conditions are
+// met:
+//
+//     * Redistributions of source code must retain the above copyright
+// notice, this list of conditions and the following disclaimer.
+//     * Redistributions in binary form must reproduce the above
+// copyright notice, this list of conditions and the following disclaimer
+// in the documentation and/or other materials provided with the
+// distribution.
+//     * Neither the name of Google Inc. nor the names of its
+// contributors may be used to endorse or promote products derived from
+// this software without specific prior written permission.
+//
+// THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS
+// "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT
+// LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR
+// A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT
+// OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
+// SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT
+// LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,
+// DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY
+// THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
+// (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE
+// OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
+//
+// Author: Sanjay Ghemawat
+
+#ifndef _PCRECPPARG_H
+#define _PCRECPPARG_H
+
+#include <stdlib.h>    // for NULL
+#include <string>
+
+#include <pcre.h>
+
+namespace pcrecpp {
+
+class StringPiece;
+
+// Hex/Octal/Binary?
+
+// Special class for parsing into objects that define a ParseFrom() method
+template <class T>
+class _RE_MatchObject {
+ public:
+  static inline bool Parse(const char* str, int n, void* dest) {
+    if (dest == NULL) return true;
+    T* object = reinterpret_cast<T*>(dest);
+    return object->ParseFrom(str, n);
+  }
+};
+
+class PCRECPP_EXP_DEFN Arg {
+ public:
+  // Empty constructor so we can declare arrays of Arg
+  Arg();
+
+  // Constructor specially designed for NULL arguments
+  Arg(void*);
+
+  typedef bool (*Parser)(const char* str, int n, void* dest);
+
+// Type-specific parsers
+#define PCRE_MAKE_PARSER(type,name)                             \
+  Arg(type* p) : arg_(p), parser_(name) { }                     \
+  Arg(type* p, Parser parser) : arg_(p), parser_(parser) { }
+
+
+  PCRE_MAKE_PARSER(char,               parse_char);
+  PCRE_MAKE_PARSER(unsigned char,      parse_uchar);
+  PCRE_MAKE_PARSER(short,              parse_short);
+  PCRE_MAKE_PARSER(unsigned short,     parse_ushort);
+  PCRE_MAKE_PARSER(int,                parse_int);
+  PCRE_MAKE_PARSER(unsigned int,       parse_uint);
+  PCRE_MAKE_PARSER(long,               parse_long);
+  PCRE_MAKE_PARSER(unsigned long,      parse_ulong);
+#if 1
+  PCRE_MAKE_PARSER(long long,          parse_longlong);
+#endif
+#if 1
+  PCRE_MAKE_PARSER(unsigned long long, parse_ulonglong);
+#endif
+  PCRE_MAKE_PARSER(float,              parse_float);
+  PCRE_MAKE_PARSER(double,             parse_double);
+  PCRE_MAKE_PARSER(std::string,        parse_string);
+  PCRE_MAKE_PARSER(StringPiece,        parse_stringpiece);
+
+#undef PCRE_MAKE_PARSER
+
+  // Generic constructor
+  template <class T> Arg(T*, Parser parser);
+  // Generic constructor template
+  template <class T> Arg(T* p)
+    : arg_(p), parser_(_RE_MatchObject<T>::Parse) {
+  }
+
+  // Parse the data
+  bool Parse(const char* str, int n) const;
+
+ private:
+  void*         arg_;
+  Parser        parser_;
+
+  static bool parse_null          (const char* str, int n, void* dest);
+  static bool parse_char          (const char* str, int n, void* dest);
+  static bool parse_uchar         (const char* str, int n, void* dest);
+  static bool parse_float         (const char* str, int n, void* dest);
+  static bool parse_double        (const char* str, int n, void* dest);
+  static bool parse_string        (const char* str, int n, void* dest);
+  static bool parse_stringpiece   (const char* str, int n, void* dest);
+
+#define PCRE_DECLARE_INTEGER_PARSER(name)                                   \
+ private:                                                                   \
+  static bool parse_ ## name(const char* str, int n, void* dest);           \
+  static bool parse_ ## name ## _radix(                                     \
+    const char* str, int n, void* dest, int radix);                         \
+ public:                                                                    \
+  static bool parse_ ## name ## _hex(const char* str, int n, void* dest);   \
+  static bool parse_ ## name ## _octal(const char* str, int n, void* dest); \
+  static bool parse_ ## name ## _cradix(const char* str, int n, void* dest)
+
+  PCRE_DECLARE_INTEGER_PARSER(short);
+  PCRE_DECLARE_INTEGER_PARSER(ushort);
+  PCRE_DECLARE_INTEGER_PARSER(int);
+  PCRE_DECLARE_INTEGER_PARSER(uint);
+  PCRE_DECLARE_INTEGER_PARSER(long);
+  PCRE_DECLARE_INTEGER_PARSER(ulong);
+  PCRE_DECLARE_INTEGER_PARSER(longlong);
+  PCRE_DECLARE_INTEGER_PARSER(ulonglong);
+
+#undef PCRE_DECLARE_INTEGER_PARSER
+};
+
+inline Arg::Arg() : arg_(NULL), parser_(parse_null) { }
+inline Arg::Arg(void* p) : arg_(p), parser_(parse_null) { }
+
+inline bool Arg::Parse(const char* str, int n) const {
+  return (*parser_)(str, n, arg_);
+}
+
+// This part of the parser, appropriate only for ints, deals with bases
+#define MAKE_INTEGER_PARSER(type, name) \
+  inline Arg Hex(type* ptr) { \
+    return Arg(ptr, Arg::parse_ ## name ## _hex); } \
+  inline Arg Octal(type* ptr) { \
+    return Arg(ptr, Arg::parse_ ## name ## _octal); } \
+  inline Arg CRadix(type* ptr) { \
+    return Arg(ptr, Arg::parse_ ## name ## _cradix); }
+
+MAKE_INTEGER_PARSER(short,              short)     /*                        */
+MAKE_INTEGER_PARSER(unsigned short,     ushort)    /*                        */
+MAKE_INTEGER_PARSER(int,                int)       /* Don't use semicolons   */
+MAKE_INTEGER_PARSER(unsigned int,       uint)      /* after these statement  */
+MAKE_INTEGER_PARSER(long,               long)      /* because they can cause */
+MAKE_INTEGER_PARSER(unsigned long,      ulong)     /* compiler warnings if   */
+#if 1                          /* the checking level is  */
+MAKE_INTEGER_PARSER(long long,          longlong)  /* turned up high enough. */
+#endif                                             /*                        */
+#if 1                         /*                        */
+MAKE_INTEGER_PARSER(unsigned long long, ulonglong) /*                        */
+#endif
+
+#undef PCRE_IS_SET
+#undef PCRE_SET_OR_CLEAR
+#undef MAKE_INTEGER_PARSER
+
+}   // namespace pcrecpp
+
+
+#endif /* _PCRECPPARG_H */
diff --git a/client/3rd/ShadowSocks/ShadowSocks/pcre/armv7s/include/pcreposix.h b/client/3rd/ShadowSocks/ShadowSocks/pcre/armv7s/include/pcreposix.h
new file mode 100644
index 00000000..c77c0b05
--- /dev/null
+++ b/client/3rd/ShadowSocks/ShadowSocks/pcre/armv7s/include/pcreposix.h
@@ -0,0 +1,146 @@
+/*************************************************
+*       Perl-Compatible Regular Expressions      *
+*************************************************/
+
+#ifndef _PCREPOSIX_H
+#define _PCREPOSIX_H
+
+/* This is the header for the POSIX wrapper interface to the PCRE Perl-
+Compatible Regular Expression library. It defines the things POSIX says should
+be there. I hope.
+
+            Copyright (c) 1997-2012 University of Cambridge
+
+-----------------------------------------------------------------------------
+Redistribution and use in source and binary forms, with or without
+modification, are permitted provided that the following conditions are met:
+
+    * Redistributions of source code must retain the above copyright notice,
+      this list of conditions and the following disclaimer.
+
+    * Redistributions in binary form must reproduce the above copyright
+      notice, this list of conditions and the following disclaimer in the
+      documentation and/or other materials provided with the distribution.
+
+    * Neither the name of the University of Cambridge nor the names of its
+      contributors may be used to endorse or promote products derived from
+      this software without specific prior written permission.
+
+THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS"
+AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT OWNER OR CONTRIBUTORS BE
+LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR
+CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF
+SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS
+INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN
+CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
+ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE
+POSSIBILITY OF SUCH DAMAGE.
+-----------------------------------------------------------------------------
+*/
+
+/* Have to include stdlib.h in order to ensure that size_t is defined. */
+
+#include <stdlib.h>
+
+/* Allow for C++ users */
+
+#ifdef __cplusplus
+extern "C" {
+#endif
+
+/* Options, mostly defined by POSIX, but with some extras. */
+
+#define REG_ICASE     0x0001   /* Maps to PCRE_CASELESS */
+#define REG_NEWLINE   0x0002   /* Maps to PCRE_MULTILINE */
+#define REG_NOTBOL    0x0004   /* Maps to PCRE_NOTBOL */
+#define REG_NOTEOL    0x0008   /* Maps to PCRE_NOTEOL */
+#define REG_DOTALL    0x0010   /* NOT defined by POSIX; maps to PCRE_DOTALL */
+#define REG_NOSUB     0x0020   /* Maps to PCRE_NO_AUTO_CAPTURE */
+#define REG_UTF8      0x0040   /* NOT defined by POSIX; maps to PCRE_UTF8 */
+#define REG_STARTEND  0x0080   /* BSD feature: pass subject string by so,eo */
+#define REG_NOTEMPTY  0x0100   /* NOT defined by POSIX; maps to PCRE_NOTEMPTY */
+#define REG_UNGREEDY  0x0200   /* NOT defined by POSIX; maps to PCRE_UNGREEDY */
+#define REG_UCP       0x0400   /* NOT defined by POSIX; maps to PCRE_UCP */
+
+/* This is not used by PCRE, but by defining it we make it easier
+to slot PCRE into existing programs that make POSIX calls. */
+
+#define REG_EXTENDED  0
+
+/* Error values. Not all these are relevant or used by the wrapper. */
+
+enum {
+  REG_ASSERT = 1,  /* internal error ? */
+  REG_BADBR,       /* invalid repeat counts in {} */
+  REG_BADPAT,      /* pattern error */
+  REG_BADRPT,      /* ? * + invalid */
+  REG_EBRACE,      /* unbalanced {} */
+  REG_EBRACK,      /* unbalanced [] */
+  REG_ECOLLATE,    /* collation error - not relevant */
+  REG_ECTYPE,      /* bad class */
+  REG_EESCAPE,     /* bad escape sequence */
+  REG_EMPTY,       /* empty expression */
+  REG_EPAREN,      /* unbalanced () */
+  REG_ERANGE,      /* bad range inside [] */
+  REG_ESIZE,       /* expression too big */
+  REG_ESPACE,      /* failed to get memory */
+  REG_ESUBREG,     /* bad back reference */
+  REG_INVARG,      /* bad argument */
+  REG_NOMATCH      /* match failed */
+};
+
+
+/* The structure representing a compiled regular expression. */
+
+typedef struct {
+  void *re_pcre;
+  size_t re_nsub;
+  size_t re_erroffset;
+} regex_t;
+
+/* The structure in which a captured offset is returned. */
+
+typedef int regoff_t;
+
+typedef struct {
+  regoff_t rm_so;
+  regoff_t rm_eo;
+} regmatch_t;
+
+/* When an application links to a PCRE DLL in Windows, the symbols that are
+imported have to be identified as such. When building PCRE, the appropriate
+export settings are needed, and are set in pcreposix.c before including this
+file. */
+
+#if defined(_WIN32) && !defined(PCRE_STATIC) && !defined(PCREPOSIX_EXP_DECL)
+#  define PCREPOSIX_EXP_DECL  extern __declspec(dllimport)
+#  define PCREPOSIX_EXP_DEFN  __declspec(dllimport)
+#endif
+
+/* By default, we use the standard "extern" declarations. */
+
+#ifndef PCREPOSIX_EXP_DECL
+#  ifdef __cplusplus
+#    define PCREPOSIX_EXP_DECL  extern "C"
+#    define PCREPOSIX_EXP_DEFN  extern "C"
+#  else
+#    define PCREPOSIX_EXP_DECL  extern
+#    define PCREPOSIX_EXP_DEFN  extern
+#  endif
+#endif
+
+/* The functions */
+
+PCREPOSIX_EXP_DECL int regcomp(regex_t *, const char *, int);
+PCREPOSIX_EXP_DECL int regexec(const regex_t *, const char *, size_t,
+                     regmatch_t *, int);
+PCREPOSIX_EXP_DECL size_t regerror(int, const regex_t *, char *, size_t);
+PCREPOSIX_EXP_DECL void regfree(regex_t *);
+
+#ifdef __cplusplus
+}   /* extern "C" */
+#endif
+
+#endif /* End of pcreposix.h */
diff --git a/client/3rd/ShadowSocks/ShadowSocks/pcre/armv7s/lib/libpcre.a b/client/3rd/ShadowSocks/ShadowSocks/pcre/armv7s/lib/libpcre.a
new file mode 100644
index 00000000..42892ba5
Binary files /dev/null and b/client/3rd/ShadowSocks/ShadowSocks/pcre/armv7s/lib/libpcre.a differ
diff --git a/client/3rd/ShadowSocks/ShadowSocks/pcre/armv7s/lib/libpcre.la b/client/3rd/ShadowSocks/ShadowSocks/pcre/armv7s/lib/libpcre.la
new file mode 100755
index 00000000..b86c0d8a
--- /dev/null
+++ b/client/3rd/ShadowSocks/ShadowSocks/pcre/armv7s/lib/libpcre.la
@@ -0,0 +1,41 @@
+# libpcre.la - a libtool library file
+# Generated by libtool (GNU libtool) 2.4.6
+#
+# Please DO NOT delete this file!
+# It is necessary for linking the library.
+
+# The name that we can dlopen(3).
+dlname=''
+
+# Names of this library.
+library_names=''
+
+# The name of the static archive.
+old_library='libpcre.a'
+
+# Linker flags that cannot go in dependency_libs.
+inherited_linker_flags=' '
+
+# Libraries that this one depends upon.
+dependency_libs=' -L/Applications/Xcode.app/Contents/Developer/Platforms/iPhoneOS.platform/Developer/SDKs/iPhoneOS15.2.sdk/usr/lib'
+
+# Names of additional weak libraries provided by this library
+weak_library_names=''
+
+# Version information for libpcre.
+current=3
+age=2
+revision=9
+
+# Is this an already installed library?
+installed=yes
+
+# Should we warn about portability when linking against -modules?
+shouldnotlink=no
+
+# Files to dlopen/dlpreopen
+dlopen=''
+dlpreopen=''
+
+# Directory that this library needs to be installed in:
+libdir='/Users/sanchez/work/vied/ios/vpn/playground/ss-libev-build/ShadowSocks-libev-iOS/ShadowSocks-libev-iOS/pcre/pcre/armv7s/lib'
diff --git a/client/3rd/ShadowSocks/ShadowSocks/pcre/armv7s/lib/libpcrecpp.a b/client/3rd/ShadowSocks/ShadowSocks/pcre/armv7s/lib/libpcrecpp.a
new file mode 100644
index 00000000..54f87466
Binary files /dev/null and b/client/3rd/ShadowSocks/ShadowSocks/pcre/armv7s/lib/libpcrecpp.a differ
diff --git a/client/3rd/ShadowSocks/ShadowSocks/pcre/armv7s/lib/libpcrecpp.la b/client/3rd/ShadowSocks/ShadowSocks/pcre/armv7s/lib/libpcrecpp.la
new file mode 100755
index 00000000..3cd34fa9
--- /dev/null
+++ b/client/3rd/ShadowSocks/ShadowSocks/pcre/armv7s/lib/libpcrecpp.la
@@ -0,0 +1,41 @@
+# libpcrecpp.la - a libtool library file
+# Generated by libtool (GNU libtool) 2.4.6
+#
+# Please DO NOT delete this file!
+# It is necessary for linking the library.
+
+# The name that we can dlopen(3).
+dlname=''
+
+# Names of this library.
+library_names=''
+
+# The name of the static archive.
+old_library='libpcrecpp.a'
+
+# Linker flags that cannot go in dependency_libs.
+inherited_linker_flags=' '
+
+# Libraries that this one depends upon.
+dependency_libs=' -L/Applications/Xcode.app/Contents/Developer/Platforms/iPhoneOS.platform/Developer/SDKs/iPhoneOS15.2.sdk/usr/lib /Users/sanchez/work/vied/ios/vpn/playground/ss-libev-build/ShadowSocks-libev-iOS/ShadowSocks-libev-iOS/pcre/pcre/armv7s/lib/libpcre.la'
+
+# Names of additional weak libraries provided by this library
+weak_library_names=''
+
+# Version information for libpcrecpp.
+current=0
+age=0
+revision=1
+
+# Is this an already installed library?
+installed=yes
+
+# Should we warn about portability when linking against -modules?
+shouldnotlink=no
+
+# Files to dlopen/dlpreopen
+dlopen=''
+dlpreopen=''
+
+# Directory that this library needs to be installed in:
+libdir='/Users/sanchez/work/vied/ios/vpn/playground/ss-libev-build/ShadowSocks-libev-iOS/ShadowSocks-libev-iOS/pcre/pcre/armv7s/lib'
diff --git a/client/3rd/ShadowSocks/ShadowSocks/pcre/armv7s/lib/libpcreposix.a b/client/3rd/ShadowSocks/ShadowSocks/pcre/armv7s/lib/libpcreposix.a
new file mode 100644
index 00000000..ed1f00e4
Binary files /dev/null and b/client/3rd/ShadowSocks/ShadowSocks/pcre/armv7s/lib/libpcreposix.a differ
diff --git a/client/3rd/ShadowSocks/ShadowSocks/pcre/armv7s/lib/libpcreposix.la b/client/3rd/ShadowSocks/ShadowSocks/pcre/armv7s/lib/libpcreposix.la
new file mode 100755
index 00000000..d8769cb7
--- /dev/null
+++ b/client/3rd/ShadowSocks/ShadowSocks/pcre/armv7s/lib/libpcreposix.la
@@ -0,0 +1,41 @@
+# libpcreposix.la - a libtool library file
+# Generated by libtool (GNU libtool) 2.4.6
+#
+# Please DO NOT delete this file!
+# It is necessary for linking the library.
+
+# The name that we can dlopen(3).
+dlname=''
+
+# Names of this library.
+library_names=''
+
+# The name of the static archive.
+old_library='libpcreposix.a'
+
+# Linker flags that cannot go in dependency_libs.
+inherited_linker_flags=' '
+
+# Libraries that this one depends upon.
+dependency_libs=' -L/Applications/Xcode.app/Contents/Developer/Platforms/iPhoneOS.platform/Developer/SDKs/iPhoneOS15.2.sdk/usr/lib /Users/sanchez/work/vied/ios/vpn/playground/ss-libev-build/ShadowSocks-libev-iOS/ShadowSocks-libev-iOS/pcre/pcre/armv7s/lib/libpcre.la'
+
+# Names of additional weak libraries provided by this library
+weak_library_names=''
+
+# Version information for libpcreposix.
+current=0
+age=0
+revision=5
+
+# Is this an already installed library?
+installed=yes
+
+# Should we warn about portability when linking against -modules?
+shouldnotlink=no
+
+# Files to dlopen/dlpreopen
+dlopen=''
+dlpreopen=''
+
+# Directory that this library needs to be installed in:
+libdir='/Users/sanchez/work/vied/ios/vpn/playground/ss-libev-build/ShadowSocks-libev-iOS/ShadowSocks-libev-iOS/pcre/pcre/armv7s/lib'
diff --git a/client/3rd/ShadowSocks/ShadowSocks/pcre/armv7s/lib/pkgconfig/libpcre.pc b/client/3rd/ShadowSocks/ShadowSocks/pcre/armv7s/lib/pkgconfig/libpcre.pc
new file mode 100644
index 00000000..a6eb4e39
--- /dev/null
+++ b/client/3rd/ShadowSocks/ShadowSocks/pcre/armv7s/lib/pkgconfig/libpcre.pc
@@ -0,0 +1,13 @@
+# Package Information for pkg-config
+
+prefix=/Users/sanchez/work/vied/ios/vpn/playground/ss-libev-build/ShadowSocks-libev-iOS/ShadowSocks-libev-iOS/pcre/pcre/armv7s
+exec_prefix=${prefix}
+libdir=${exec_prefix}/lib
+includedir=${prefix}/include
+
+Name: libpcre
+Description: PCRE - Perl compatible regular expressions C library with 8 bit character support
+Version: 8.41
+Libs: -L${libdir} -lpcre
+Libs.private:  
+Cflags: -I${includedir} -DPCRE_STATIC
diff --git a/client/3rd/ShadowSocks/ShadowSocks/pcre/armv7s/lib/pkgconfig/libpcrecpp.pc b/client/3rd/ShadowSocks/ShadowSocks/pcre/armv7s/lib/pkgconfig/libpcrecpp.pc
new file mode 100644
index 00000000..19a74c88
--- /dev/null
+++ b/client/3rd/ShadowSocks/ShadowSocks/pcre/armv7s/lib/pkgconfig/libpcrecpp.pc
@@ -0,0 +1,12 @@
+# Package Information for pkg-config
+
+prefix=/Users/sanchez/work/vied/ios/vpn/playground/ss-libev-build/ShadowSocks-libev-iOS/ShadowSocks-libev-iOS/pcre/pcre/armv7s
+exec_prefix=${prefix}
+libdir=${exec_prefix}/lib
+includedir=${prefix}/include
+
+Name: libpcrecpp
+Description: PCRECPP - C++ wrapper for PCRE
+Version: 8.41
+Libs: -L${libdir} -lpcre -lpcrecpp
+Cflags: -I${includedir} -DPCRE_STATIC
diff --git a/client/3rd/ShadowSocks/ShadowSocks/pcre/armv7s/lib/pkgconfig/libpcreposix.pc b/client/3rd/ShadowSocks/ShadowSocks/pcre/armv7s/lib/pkgconfig/libpcreposix.pc
new file mode 100644
index 00000000..f6755fc3
--- /dev/null
+++ b/client/3rd/ShadowSocks/ShadowSocks/pcre/armv7s/lib/pkgconfig/libpcreposix.pc
@@ -0,0 +1,13 @@
+# Package Information for pkg-config
+
+prefix=/Users/sanchez/work/vied/ios/vpn/playground/ss-libev-build/ShadowSocks-libev-iOS/ShadowSocks-libev-iOS/pcre/pcre/armv7s
+exec_prefix=${prefix}
+libdir=${exec_prefix}/lib
+includedir=${prefix}/include
+
+Name: libpcreposix
+Description: PCREPosix - Posix compatible interface to libpcre
+Version: 8.41
+Libs: -L${libdir} -lpcreposix
+Cflags: -I${includedir} -DPCRE_STATIC
+Requires.private: libpcre
diff --git a/client/3rd/ShadowSocks/ShadowSocks/pcre/armv7s/share/doc/pcre/AUTHORS b/client/3rd/ShadowSocks/ShadowSocks/pcre/armv7s/share/doc/pcre/AUTHORS
new file mode 100644
index 00000000..291657ca
--- /dev/null
+++ b/client/3rd/ShadowSocks/ShadowSocks/pcre/armv7s/share/doc/pcre/AUTHORS
@@ -0,0 +1,45 @@
+THE MAIN PCRE LIBRARY
+---------------------
+
+Written by:       Philip Hazel
+Email local part: ph10
+Email domain:     cam.ac.uk
+
+University of Cambridge Computing Service,
+Cambridge, England.
+
+Copyright (c) 1997-2017 University of Cambridge
+All rights reserved
+
+
+PCRE JUST-IN-TIME COMPILATION SUPPORT
+-------------------------------------
+
+Written by:       Zoltan Herczeg
+Email local part: hzmester
+Emain domain:     freemail.hu
+
+Copyright(c) 2010-2017 Zoltan Herczeg
+All rights reserved.
+
+
+STACK-LESS JUST-IN-TIME COMPILER
+--------------------------------
+
+Written by:       Zoltan Herczeg
+Email local part: hzmester
+Emain domain:     freemail.hu
+
+Copyright(c) 2009-2017 Zoltan Herczeg
+All rights reserved.
+
+
+THE C++ WRAPPER LIBRARY
+-----------------------
+
+Written by:       Google Inc.
+
+Copyright (c) 2007-2012 Google Inc
+All rights reserved
+
+####
diff --git a/client/3rd/ShadowSocks/ShadowSocks/pcre/armv7s/share/doc/pcre/COPYING b/client/3rd/ShadowSocks/ShadowSocks/pcre/armv7s/share/doc/pcre/COPYING
new file mode 100644
index 00000000..58eed01b
--- /dev/null
+++ b/client/3rd/ShadowSocks/ShadowSocks/pcre/armv7s/share/doc/pcre/COPYING
@@ -0,0 +1,5 @@
+PCRE LICENCE
+
+Please see the file LICENCE in the PCRE distribution for licensing details.
+
+End
diff --git a/client/3rd/ShadowSocks/ShadowSocks/pcre/armv7s/share/doc/pcre/ChangeLog b/client/3rd/ShadowSocks/ShadowSocks/pcre/armv7s/share/doc/pcre/ChangeLog
new file mode 100644
index 00000000..590a7542
--- /dev/null
+++ b/client/3rd/ShadowSocks/ShadowSocks/pcre/armv7s/share/doc/pcre/ChangeLog
@@ -0,0 +1,6104 @@
+ChangeLog for PCRE
+------------------
+
+Note that the PCRE 8.xx series (PCRE1) is now in a bugfix-only state. All
+development is happening in the PCRE2 10.xx series.
+
+Version 8.41 05-July-2017
+-------------------------
+
+1.  Fixed typo in CMakeLists.txt (wrong number of arguments for
+PCRE_STATIC_RUNTIME (affects MSVC only).
+
+2.  Issue 1 for 8.40 below was not correctly fixed. If pcregrep in multiline
+mode with --only-matching matched several lines, it restarted scanning at the
+next line instead of moving on to the end of the matched string, which can be
+several lines after the start.
+
+3.  Fix a missing else in the JIT compiler reported by 'idaifish'.
+
+4.  A (?# style comment is now ignored between a basic quantifier and a
+following '+' or '?' (example: /X+(?#comment)?Y/.
+
+5.  Avoid use of a potentially overflowing buffer in pcregrep (patch by Petr
+Pisar).
+
+6.  Fuzzers have reported issues in pcretest. These are NOT serious (it is,
+after all, just a test program). However, to stop the reports, some easy ones
+are fixed:
+
+    (a) Check for values < 256 when calling isprint() in pcretest.
+    (b) Give an error for too big a number after \O.
+
+7.  In the 32-bit library in non-UTF mode, an attempt to find a Unicode
+property for a character with a code point greater than 0x10ffff (the Unicode
+maximum) caused a crash.
+
+8. The alternative matching function, pcre_dfa_exec() misbehaved if it
+encountered a character class with a possessive repeat, for example [a-f]{3}+.
+
+9. When pcretest called pcre_copy_substring() in 32-bit mode, it set the buffer
+length incorrectly, which could result in buffer overflow.
+
+10. Remove redundant line of code (accidentally left in ages ago).
+
+11. Applied C++ patch from Irfan Adilovic to guard 'using std::' directives
+with namespace pcrecpp (Bugzilla #2084).
+
+12. Remove a duplication typo in pcre_tables.c.
+
+13. Fix returned offsets from regexec() when REG_STARTEND is used with a
+starting offset greater than zero.
+
+
+Version 8.40 11-January-2017
+----------------------------
+
+1.  Using -o with -M in pcregrep could cause unnecessary repeated output when
+    the match extended over a line boundary.
+
+2.  Applied Chris Wilson's second patch (Bugzilla #1681) to CMakeLists.txt for
+    MSVC static compilation, putting the first patch under a new option.
+
+3.  Fix register overwite in JIT when SSE2 acceleration is enabled.
+
+4.  Ignore "show all captures" (/=) for DFA matching.
+
+5.  Fix JIT unaligned accesses on x86. Patch by Marc Mutz.
+
+6.  In any wide-character mode (8-bit UTF or any 16-bit or 32-bit mode),
+    without PCRE_UCP set, a negative character type such as \D in a positive
+    class should cause all characters greater than 255 to match, whatever else
+    is in the class. There was a bug that caused this not to happen if a
+    Unicode property item was added to such a class, for example [\D\P{Nd}] or
+    [\W\pL].
+
+7.  When pcretest was outputing information from a callout, the caret indicator
+    for the current position in the subject line was incorrect if it was after
+    an escape sequence for a character whose code point was greater than
+    \x{ff}.
+
+8.  A pattern such as (?<RA>abc)(?(R)xyz) was incorrectly compiled such that
+    the conditional was interpreted as a reference to capturing group 1 instead
+    of a test for recursion. Any group whose name began with R was
+    misinterpreted in this way. (The reference interpretation should only
+    happen if the group's name is precisely "R".)
+
+9.  A number of bugs have been mended relating to match start-up optimizations
+    when the first thing in a pattern is a positive lookahead. These all
+    applied only when PCRE_NO_START_OPTIMIZE was *not* set:
+
+    (a) A pattern such as (?=.*X)X$ was incorrectly optimized as if it needed
+        both an initial 'X' and a following 'X'.
+    (b) Some patterns starting with an assertion that started with .* were
+        incorrectly optimized as having to match at the start of the subject or
+        after a newline. There are cases where this is not true, for example,
+        (?=.*[A-Z])(?=.{8,16})(?!.*[\s]) matches after the start in lines that
+        start with spaces. Starting .* in an assertion is no longer taken as an
+        indication of matching at the start (or after a newline).
+
+
+Version 8.39 14-June-2016
+-------------------------
+
+1.  If PCRE_AUTO_CALLOUT was set on a pattern that had a (?# comment between
+    an item and its qualifier (for example, A(?#comment)?B) pcre_compile()
+    misbehaved. This bug was found by the LLVM fuzzer.
+
+2.  Similar to the above, if an isolated \E was present between an item and its
+    qualifier when PCRE_AUTO_CALLOUT was set, pcre_compile() misbehaved. This
+    bug was found by the LLVM fuzzer.
+
+3.  Further to 8.38/46, negated classes such as [^[:^ascii:]\d] were also not
+    working correctly in UCP mode.
+
+4.  The POSIX wrapper function regexec() crashed if the option REG_STARTEND
+    was set when the pmatch argument was NULL. It now returns REG_INVARG.
+
+5.  Allow for up to 32-bit numbers in the ordin() function in pcregrep.
+
+6.  An empty \Q\E sequence between an item and its qualifier caused
+    pcre_compile() to misbehave when auto callouts were enabled. This bug was
+    found by the LLVM fuzzer.
+
+7.  If a pattern that was compiled with PCRE_EXTENDED started with white
+    space or a #-type comment that was followed by (?-x), which turns off
+    PCRE_EXTENDED, and there was no subsequent (?x) to turn it on again,
+    pcre_compile() assumed that (?-x) applied to the whole pattern and
+    consequently mis-compiled it. This bug was found by the LLVM fuzzer.
+
+8.  A call of pcre_copy_named_substring() for a named substring whose number
+    was greater than the space in the ovector could cause a crash.
+
+9.  Yet another buffer overflow bug involved duplicate named groups with a
+    group that reset capture numbers (compare 8.38/7 below). Once again, I have
+    just allowed for more memory, even if not needed. (A proper fix is
+    implemented in PCRE2, but it involves a lot of refactoring.)
+
+10. pcre_get_substring_list() crashed if the use of \K in a match caused the
+    start of the match to be earlier than the end.
+
+11. Migrating appropriate PCRE2 JIT improvements to PCRE.
+
+12. A pattern such as /(?<=((?C)0))/, which has a callout inside a lookbehind
+    assertion, caused pcretest to generate incorrect output, and also to read
+    uninitialized memory (detected by ASAN or valgrind).
+
+13. A pattern that included (*ACCEPT) in the middle of a sufficiently deeply
+    nested set of parentheses of sufficient size caused an overflow of the
+    compiling workspace (which was diagnosed, but of course is not desirable).
+
+14. And yet another buffer overflow bug involving duplicate named groups, this
+    time nested, with a nested back reference. Yet again, I have just allowed
+    for more memory, because anything more needs all the refactoring that has
+    been done for PCRE2. An example pattern that provoked this bug is:
+    /((?J)(?'R'(?'R'(?'R'(?'R'(?'R'(?|(\k'R'))))))))/ and the bug was
+    registered as CVE-2016-1283.
+
+15. pcretest went into a loop if global matching was requested with an ovector
+    size less than 2. It now gives an error message. This bug was found by
+    afl-fuzz.
+
+16. An invalid pattern fragment such as (?(?C)0 was not diagnosing an error
+    ("assertion expected") when (?(?C) was not followed by an opening
+    parenthesis.
+
+17. Fixed typo ("&&" for "&") in pcre_study(). Fortunately, this could not
+    actually affect anything, by sheer luck.
+
+18. Applied Chris Wilson's patch (Bugzilla #1681) to CMakeLists.txt for MSVC
+    static compilation.
+
+19. Modified the RunTest script to incorporate a valgrind suppressions file so
+    that certain errors, provoked by the SSE2 instruction set when JIT is used,
+    are ignored.
+
+20. A racing condition is fixed in JIT reported by Mozilla.
+
+21. Minor code refactor to avoid "array subscript is below array bounds"
+    compiler warning.
+
+22. Minor code refactor to avoid "left shift of negative number" warning.
+
+23. Fix typo causing compile error when 16- or 32-bit JIT is compiled without
+    UCP support.
+
+24. Refactor to avoid compiler warnings in pcrecpp.cc.
+
+25. Refactor to fix a typo in pcre_jit_test.c
+
+26. Patch to support compiling pcrecpp.cc with Intel compiler.
+
+
+Version 8.38 23-November-2015
+-----------------------------
+
+1.  If a group that contained a recursive back reference also contained a
+    forward reference subroutine call followed by a non-forward-reference
+    subroutine call, for example /.((?2)(?R)\1)()/, pcre_compile() failed to
+    compile correct code, leading to undefined behaviour or an internally
+    detected error. This bug was discovered by the LLVM fuzzer.
+
+2.  Quantification of certain items (e.g. atomic back references) could cause
+    incorrect code to be compiled when recursive forward references were
+    involved. For example, in this pattern: /(?1)()((((((\1++))\x85)+)|))/.
+    This bug was discovered by the LLVM fuzzer.
+
+3.  A repeated conditional group whose condition was a reference by name caused
+    a buffer overflow if there was more than one group with the given name.
+    This bug was discovered by the LLVM fuzzer.
+
+4.  A recursive back reference by name within a group that had the same name as
+    another group caused a buffer overflow. For example:
+    /(?J)(?'d'(?'d'\g{d}))/. This bug was discovered by the LLVM fuzzer.
+
+5.  A forward reference by name to a group whose number is the same as the
+    current group, for example in this pattern: /(?|(\k'Pm')|(?'Pm'))/, caused
+    a buffer overflow at compile time. This bug was discovered by the LLVM
+    fuzzer.
+
+6.  A lookbehind assertion within a set of mutually recursive subpatterns could
+    provoke a buffer overflow. This bug was discovered by the LLVM fuzzer.
+
+7.  Another buffer overflow bug involved duplicate named groups with a
+    reference between their definition, with a group that reset capture
+    numbers, for example: /(?J:(?|(?'R')(\k'R')|((?'R'))))/. This has been
+    fixed by always allowing for more memory, even if not needed. (A proper fix
+    is implemented in PCRE2, but it involves more refactoring.)
+
+8.  There was no check for integer overflow in subroutine calls such as (?123).
+
+9.  The table entry for \l in EBCDIC environments was incorrect, leading to its
+    being treated as a literal 'l' instead of causing an error.
+
+10. There was a buffer overflow if pcre_exec() was called with an ovector of
+    size 1. This bug was found by american fuzzy lop.
+
+11. If a non-capturing group containing a conditional group that could match
+    an empty string was repeated, it was not identified as matching an empty
+    string itself. For example: /^(?:(?(1)x|)+)+$()/.
+
+12. In an EBCDIC environment, pcretest was mishandling the escape sequences
+    \a and \e in test subject lines.
+
+13. In an EBCDIC environment, \a in a pattern was converted to the ASCII
+    instead of the EBCDIC value.
+
+14. The handling of \c in an EBCDIC environment has been revised so that it is
+    now compatible with the specification in Perl's perlebcdic page.
+
+15. The EBCDIC character 0x41 is a non-breaking space, equivalent to 0xa0 in
+    ASCII/Unicode. This has now been added to the list of characters that are
+    recognized as white space in EBCDIC.
+
+16. When PCRE was compiled without UCP support, the use of \p and \P gave an
+    error (correctly) when used outside a class, but did not give an error
+    within a class.
+
+17. \h within a class was incorrectly compiled in EBCDIC environments.
+
+18. A pattern with an unmatched closing parenthesis that contained a backward
+    assertion which itself contained a forward reference caused buffer
+    overflow. And example pattern is: /(?=di(?<=(?1))|(?=(.))))/.
+
+19. JIT should return with error when the compiled pattern requires more stack
+    space than the maximum.
+
+20. A possessively repeated conditional group that could match an empty string,
+    for example, /(?(R))*+/, was incorrectly compiled.
+
+21. Fix infinite recursion in the JIT compiler when certain patterns such as
+    /(?:|a|){100}x/ are analysed.
+
+22. Some patterns with character classes involving [: and \\ were incorrectly
+    compiled and could cause reading from uninitialized memory or an incorrect
+    error diagnosis.
+
+23. Pathological patterns containing many nested occurrences of [: caused
+    pcre_compile() to run for a very long time.
+
+24. A conditional group with only one branch has an implicit empty alternative
+    branch and must therefore be treated as potentially matching an empty
+    string.
+
+25. If (?R was followed by - or + incorrect behaviour happened instead of a
+    diagnostic.
+
+26. Arrange to give up on finding the minimum matching length for overly
+    complex patterns.
+
+27. Similar to (4) above: in a pattern with duplicated named groups and an
+    occurrence of (?| it is possible for an apparently non-recursive back
+    reference to become recursive if a later named group with the relevant
+    number is encountered. This could lead to a buffer overflow. Wen Guanxing
+    from Venustech ADLAB discovered this bug.
+
+28. If pcregrep was given the -q option with -c or -l, or when handling a
+    binary file, it incorrectly wrote output to stdout.
+
+29. The JIT compiler did not restore the control verb head in case of *THEN
+    control verbs. This issue was found by Karl Skomski with a custom LLVM
+    fuzzer.
+
+30. Error messages for syntax errors following \g and \k were giving inaccurate
+    offsets in the pattern.
+
+31. Added a check for integer overflow in conditions (?(<digits>) and
+    (?(R<digits>). This omission was discovered by Karl Skomski with the LLVM
+    fuzzer.
+
+32. Handling recursive references such as (?2) when the reference is to a group
+    later in the pattern uses code that is very hacked about and error-prone.
+    It has been re-written for PCRE2. Here in PCRE1, a check has been added to
+    give an internal error if it is obvious that compiling has gone wrong.
+
+33. The JIT compiler should not check repeats after a {0,1} repeat byte code.
+    This issue was found by Karl Skomski with a custom LLVM fuzzer.
+
+34. The JIT compiler should restore the control chain for empty possessive
+    repeats. This issue was found by Karl Skomski with a custom LLVM fuzzer.
+
+35. Match limit check added to JIT recursion. This issue was found by Karl
+    Skomski with a custom LLVM fuzzer.
+
+36. Yet another case similar to 27 above has been circumvented by an
+    unconditional allocation of extra memory. This issue is fixed "properly" in
+    PCRE2 by refactoring the way references are handled. Wen Guanxing
+    from Venustech ADLAB discovered this bug.
+
+37. Fix two assertion fails in JIT. These issues were found by Karl Skomski
+    with a custom LLVM fuzzer.
+
+38. Fixed a corner case of range optimization in JIT.
+
+39. An incorrect error "overran compiling workspace" was given if there were
+    exactly enough group forward references such that the last one extended
+    into the workspace safety margin. The next one would have expanded the
+    workspace. The test for overflow was not including the safety margin.
+
+40. A match limit issue is fixed in JIT which was found by Karl Skomski
+    with a custom LLVM fuzzer.
+
+41. Remove the use of /dev/null in testdata/testinput2, because it doesn't
+    work under Windows. (Why has it taken so long for anyone to notice?)
+
+42. In a character class such as [\W\p{Any}] where both a negative-type escape
+    ("not a word character") and a property escape were present, the property
+    escape was being ignored.
+
+43. Fix crash caused by very long (*MARK) or (*THEN) names.
+
+44. A sequence such as [[:punct:]b] that is, a POSIX character class followed
+    by a single ASCII character in a class item, was incorrectly compiled in
+    UCP mode. The POSIX class got lost, but only if the single character
+    followed it.
+
+45. [:punct:] in UCP mode was matching some characters in the range 128-255
+    that should not have been matched.
+
+46. If [:^ascii:] or [:^xdigit:] or [:^cntrl:] are present in a non-negated
+    class, all characters with code points greater than 255 are in the class.
+    When a Unicode property was also in the class (if PCRE_UCP is set, escapes
+    such as \w are turned into Unicode properties), wide characters were not
+    correctly handled, and could fail to match.
+
+
+Version 8.37 28-April-2015
+--------------------------
+
+1.  When an (*ACCEPT) is triggered inside capturing parentheses, it arranges
+    for those parentheses to be closed with whatever has been captured so far.
+    However, it was failing to mark any other groups between the hightest
+    capture so far and the currrent group as "unset". Thus, the ovector for
+    those groups contained whatever was previously there. An example is the
+    pattern /(x)|((*ACCEPT))/ when matched against "abcd".
+
+2.  If an assertion condition was quantified with a minimum of zero (an odd
+    thing to do, but it happened), SIGSEGV or other misbehaviour could occur.
+
+3.  If a pattern in pcretest input had the P (POSIX) modifier followed by an
+    unrecognized modifier, a crash could occur.
+
+4.  An attempt to do global matching in pcretest with a zero-length ovector
+    caused a crash.
+
+5.  Fixed a memory leak during matching that could occur for a subpattern
+    subroutine call (recursive or otherwise) if the number of captured groups
+    that had to be saved was greater than ten.
+
+6.  Catch a bad opcode during auto-possessification after compiling a bad UTF
+    string with NO_UTF_CHECK. This is a tidyup, not a bug fix, as passing bad
+    UTF with NO_UTF_CHECK is documented as having an undefined outcome.
+
+7.  A UTF pattern containing a "not" match of a non-ASCII character and a
+    subroutine reference could loop at compile time. Example: /[^\xff]((?1))/.
+
+8. When a pattern is compiled, it remembers the highest back reference so that
+   when matching, if the ovector is too small, extra memory can be obtained to
+   use instead. A conditional subpattern whose condition is a check on a
+   capture having happened, such as, for example in the pattern
+   /^(?:(a)|b)(?(1)A|B)/, is another kind of back reference, but it was not
+   setting the highest backreference number. This mattered only if pcre_exec()
+   was called with an ovector that was too small to hold the capture, and there
+   was no other kind of back reference (a situation which is probably quite
+   rare). The effect of the bug was that the condition was always treated as
+   FALSE when the capture could not be consulted, leading to a incorrect
+   behaviour by pcre_exec(). This bug has been fixed.
+
+9. A reference to a duplicated named group (either a back reference or a test
+   for being set in a conditional) that occurred in a part of the pattern where
+   PCRE_DUPNAMES was not set caused the amount of memory needed for the pattern
+   to be incorrectly calculated, leading to overwriting.
+
+10. A mutually recursive set of back references such as (\2)(\1) caused a
+    segfault at study time (while trying to find the minimum matching length).
+    The infinite loop is now broken (with the minimum length unset, that is,
+    zero).
+
+11. If an assertion that was used as a condition was quantified with a minimum
+    of zero, matching went wrong. In particular, if the whole group had
+    unlimited repetition and could match an empty string, a segfault was
+    likely. The pattern (?(?=0)?)+ is an example that caused this. Perl allows
+    assertions to be quantified, but not if they are being used as conditions,
+    so the above pattern is faulted by Perl. PCRE has now been changed so that
+    it also rejects such patterns.
+
+12. A possessive capturing group such as (a)*+ with a minimum repeat of zero
+    failed to allow the zero-repeat case if pcre2_exec() was called with an
+    ovector too small to capture the group.
+
+13. Fixed two bugs in pcretest that were discovered by fuzzing and reported by
+    Red Hat Product Security:
+
+    (a) A crash if /K and /F were both set with the option to save the compiled
+    pattern.
+
+    (b) Another crash if the option to print captured substrings in a callout
+    was combined with setting a null ovector, for example \O\C+ as a subject
+    string.
+
+14. A pattern such as "((?2){0,1999}())?", which has a group containing a
+    forward reference repeated a large (but limited) number of times within a
+    repeated outer group that has a zero minimum quantifier, caused incorrect
+    code to be compiled, leading to the error "internal error:
+    previously-checked referenced subpattern not found" when an incorrect
+    memory address was read. This bug was reported as "heap overflow",
+    discovered by Kai Lu of Fortinet's FortiGuard Labs and given the CVE number
+    CVE-2015-2325.
+
+23. A pattern such as "((?+1)(\1))/" containing a forward reference subroutine
+    call within a group that also contained a recursive back reference caused
+    incorrect code to be compiled. This bug was reported as "heap overflow",
+    discovered by Kai Lu of Fortinet's FortiGuard Labs, and given the CVE
+    number CVE-2015-2326.
+
+24. Computing the size of the JIT read-only data in advance has been a source
+    of various issues, and new ones are still appear unfortunately. To fix
+    existing and future issues, size computation is eliminated from the code,
+    and replaced by on-demand memory allocation.
+
+25. A pattern such as /(?i)[A-`]/, where characters in the other case are
+    adjacent to the end of the range, and the range contained characters with
+    more than one other case, caused incorrect behaviour when compiled in UTF
+    mode. In that example, the range a-j was left out of the class.
+
+26. Fix JIT compilation of conditional blocks, which assertion
+    is converted to (*FAIL). E.g: /(?(?!))/.
+
+27. The pattern /(?(?!)^)/ caused references to random memory. This bug was
+    discovered by the LLVM fuzzer.
+
+28. The assertion (?!) is optimized to (*FAIL). This was not handled correctly
+    when this assertion was used as a condition, for example (?(?!)a|b). In
+    pcre2_match() it worked by luck; in pcre2_dfa_match() it gave an incorrect
+    error about an unsupported item.
+
+29. For some types of pattern, for example /Z*(|d*){216}/, the auto-
+    possessification code could take exponential time to complete. A recursion
+    depth limit of 1000 has been imposed to limit the resources used by this
+    optimization.
+
+30. A pattern such as /(*UTF)[\S\V\H]/, which contains a negated special class
+    such as \S in non-UCP mode, explicit wide characters (> 255) can be ignored
+    because \S ensures they are all in the class. The code for doing this was
+    interacting badly with the code for computing the amount of space needed to
+    compile the pattern, leading to a buffer overflow. This bug was discovered
+    by the LLVM fuzzer.
+
+31. A pattern such as /((?2)+)((?1))/ which has mutual recursion nested inside
+    other kinds of group caused stack overflow at compile time. This bug was
+    discovered by the LLVM fuzzer.
+
+32. A pattern such as /(?1)(?#?'){8}(a)/ which had a parenthesized comment
+    between a subroutine call and its quantifier was incorrectly compiled,
+    leading to buffer overflow or other errors. This bug was discovered by the
+    LLVM fuzzer.
+
+33. The illegal pattern /(?(?<E>.*!.*)?)/ was not being diagnosed as missing an
+    assertion after (?(. The code was failing to check the character after
+    (?(?< for the ! or = that would indicate a lookbehind assertion. This bug
+    was discovered by the LLVM fuzzer.
+
+34. A pattern such as /X((?2)()*+){2}+/ which has a possessive quantifier with
+    a fixed maximum following a group that contains a subroutine reference was
+    incorrectly compiled and could trigger buffer overflow. This bug was
+    discovered by the LLVM fuzzer.
+
+35. A mutual recursion within a lookbehind assertion such as (?<=((?2))((?1)))
+    caused a stack overflow instead of the diagnosis of a non-fixed length
+    lookbehind assertion. This bug was discovered by the LLVM fuzzer.
+
+36. The use of \K in a positive lookbehind assertion in a non-anchored pattern
+    (e.g. /(?<=\Ka)/) could make pcregrep loop.
+
+37. There was a similar problem to 36 in pcretest for global matches.
+
+38. If a greedy quantified \X was preceded by \C in UTF mode (e.g. \C\X*),
+    and a subsequent item in the pattern caused a non-match, backtracking over
+    the repeated \X did not stop, but carried on past the start of the subject,
+    causing reference to random memory and/or a segfault. There were also some
+    other cases where backtracking after \C could crash. This set of bugs was
+    discovered by the LLVM fuzzer.
+
+39. The function for finding the minimum length of a matching string could take
+    a very long time if mutual recursion was present many times in a pattern,
+    for example, /((?2){73}(?2))((?1))/. A better mutual recursion detection
+    method has been implemented. This infelicity was discovered by the LLVM
+    fuzzer.
+
+40. Static linking against the PCRE library using the pkg-config module was
+    failing on missing pthread symbols.
+
+
+Version 8.36 26-September-2014
+------------------------------
+
+1.  Got rid of some compiler warnings in the C++ modules that were shown up by
+    -Wmissing-field-initializers and -Wunused-parameter.
+
+2.  The tests for quantifiers being too big (greater than 65535) were being
+    applied after reading the number, and stupidly assuming that integer
+    overflow would give a negative number. The tests are now applied as the
+    numbers are read.
+
+3.  Tidy code in pcre_exec.c where two branches that used to be different are
+    now the same.
+
+4.  The JIT compiler did not generate match limit checks for certain
+    bracketed expressions with quantifiers. This may lead to exponential
+    backtracking, instead of returning with PCRE_ERROR_MATCHLIMIT. This
+    issue should be resolved now.
+
+5.  Fixed an issue, which occures when nested alternatives are optimized
+    with table jumps.
+
+6.  Inserted two casts and changed some ints to size_t in the light of some
+    reported 64-bit compiler warnings (Bugzilla 1477).
+
+7.  Fixed a bug concerned with zero-minimum possessive groups that could match
+    an empty string, which sometimes were behaving incorrectly in the
+    interpreter (though correctly in the JIT matcher). This pcretest input is
+    an example:
+
+      '\A(?:[^"]++|"(?:[^"]*+|"")*+")++'
+      NON QUOTED "QUOT""ED" AFTER "NOT MATCHED
+
+    the interpreter was reporting a match of 'NON QUOTED ' only, whereas the
+    JIT matcher and Perl both matched 'NON QUOTED "QUOT""ED" AFTER '. The test
+    for an empty string was breaking the inner loop and carrying on at a lower
+    level, when possessive repeated groups should always return to a higher
+    level as they have no backtrack points in them. The empty string test now
+    occurs at the outer level.
+
+8.  Fixed a bug that was incorrectly auto-possessifying \w+ in the pattern
+    ^\w+(?>\s*)(?<=\w) which caused it not to match "test test".
+
+9.  Give a compile-time error for \o{} (as Perl does) and for \x{} (which Perl
+    doesn't).
+
+10. Change 8.34/15 introduced a bug that caused the amount of memory needed
+    to hold a pattern to be incorrectly computed (too small) when there were
+    named back references to duplicated names. This could cause "internal
+    error: code overflow" or "double free or corruption" or other memory
+    handling errors.
+
+11. When named subpatterns had the same prefixes, back references could be
+    confused. For example, in this pattern:
+
+      /(?P<Name>a)?(?P<Name2>b)?(?(<Name>)c|d)*l/
+
+    the reference to 'Name' was incorrectly treated as a reference to a
+    duplicate name.
+
+12. A pattern such as /^s?c/mi8 where the optional character has more than
+    one "other case" was incorrectly compiled such that it would only try to
+    match starting at "c".
+
+13. When a pattern starting with \s was studied, VT was not included in the
+    list of possible starting characters; this should have been part of the
+    8.34/18 patch.
+
+14. If a character class started [\Qx]... where x is any character, the class
+    was incorrectly terminated at the ].
+
+15. If a pattern that started with a caseless match for a character with more
+    than one "other case" was studied, PCRE did not set up the starting code
+    unit bit map for the list of possible characters. Now it does. This is an
+    optimization improvement, not a bug fix.
+
+16. The Unicode data tables have been updated to Unicode 7.0.0.
+
+17. Fixed a number of memory leaks in pcregrep.
+
+18. Avoid a compiler warning (from some compilers) for a function call with
+    a cast that removes "const" from an lvalue by using an intermediate
+    variable (to which the compiler does not object).
+
+19. Incorrect code was compiled if a group that contained an internal recursive
+    back reference was optional (had quantifier with a minimum of zero). This
+    example compiled incorrect code: /(((a\2)|(a*)\g<-1>))*/ and other examples
+    caused segmentation faults because of stack overflows at compile time.
+
+20. A pattern such as /((?(R)a|(?1)))+/, which contains a recursion within a
+    group that is quantified with an indefinite repeat, caused a compile-time
+    loop which used up all the system stack and provoked a segmentation fault.
+    This was not the same bug as 19 above.
+
+21. Add PCRECPP_EXP_DECL declaration to operator<< in pcre_stringpiece.h.
+    Patch by Mike Frysinger.
+
+
+Version 8.35 04-April-2014
+--------------------------
+
+1.  A new flag is set, when property checks are present in an XCLASS.
+    When this flag is not set, PCRE can perform certain optimizations
+    such as studying these XCLASS-es.
+
+2.  The auto-possessification of character sets were improved: a normal
+    and an extended character set can be compared now. Furthermore
+    the JIT compiler optimizes more character set checks.
+
+3.  Got rid of some compiler warnings for potentially uninitialized variables
+    that show up only when compiled with -O2.
+
+4.  A pattern such as (?=ab\K) that uses \K in an assertion can set the start
+    of a match later then the end of the match. The pcretest program was not
+    handling the case sensibly - it was outputting from the start to the next
+    binary zero. It now reports this situation in a message, and outputs the
+    text from the end to the start.
+
+5.  Fast forward search is improved in JIT. Instead of the first three
+    characters, any three characters with fixed position can be searched.
+    Search order: first, last, middle.
+
+6.  Improve character range checks in JIT. Characters are read by an inprecise
+    function now, which returns with an unknown value if the character code is
+    above a certain threshold (e.g: 256). The only limitation is that the value
+    must be bigger than the threshold as well. This function is useful when
+    the characters above the threshold are handled in the same way.
+
+7.  The macros whose names start with RAWUCHAR are placeholders for a future
+    mode in which only the bottom 21 bits of 32-bit data items are used. To
+    make this more memorable for those maintaining the code, the names have
+    been changed to start with UCHAR21, and an extensive comment has been added
+    to their definition.
+
+8.  Add missing (new) files sljitNativeTILEGX.c and sljitNativeTILEGX-encoder.c
+    to the export list in Makefile.am (they were accidentally omitted from the
+    8.34 tarball).
+
+9.  The informational output from pcretest used the phrase "starting byte set"
+    which is inappropriate for the 16-bit and 32-bit libraries. As the output
+    for "first char" and "need char" really means "non-UTF-char", I've changed
+    "byte" to "char", and slightly reworded the output. The documentation about
+    these values has also been (I hope) clarified.
+
+10. Another JIT related optimization: use table jumps for selecting the correct
+    backtracking path, when more than four alternatives are present inside a
+    bracket.
+
+11. Empty match is not possible, when the minimum length is greater than zero,
+    and there is no \K in the pattern. JIT should avoid empty match checks in
+    such cases.
+
+12. In a caseless character class with UCP support, when a character with more
+    than one alternative case was not the first character of a range, not all
+    the alternative cases were added to the class. For example, s and \x{17f}
+    are both alternative cases for S: the class [RST] was handled correctly,
+    but [R-T] was not.
+
+13. The configure.ac file always checked for pthread support when JIT was
+    enabled. This is not used in Windows, so I have put this test inside a
+    check for the presence of windows.h (which was already tested for).
+
+14. Improve pattern prefix search by a simplified Boyer-Moore algorithm in JIT.
+    The algorithm provides a way to skip certain starting offsets, and usually
+    faster than linear prefix searches.
+
+15. Change 13 for 8.20 updated RunTest to check for the 'fr' locale as well
+    as for 'fr_FR' and 'french'. For some reason, however, it then used the
+    Windows-specific input and output files, which have 'french' screwed in.
+    So this could never have worked. One of the problems with locales is that
+    they aren't always the same. I have now updated RunTest so that it checks
+    the output of the locale test (test 3) against three different output
+    files, and it allows the test to pass if any one of them matches. With luck
+    this should make the test pass on some versions of Solaris where it was
+    failing. Because of the uncertainty, the script did not used to stop if
+    test 3 failed; it now does. If further versions of a French locale ever
+    come to light, they can now easily be added.
+
+16. If --with-pcregrep-bufsize was given a non-integer value such as "50K",
+    there was a message during ./configure, but it did not stop. This now
+    provokes an error. The invalid example in README has been corrected.
+    If a value less than the minimum is given, the minimum value has always
+    been used, but now a warning is given.
+
+17. If --enable-bsr-anycrlf was set, the special 16/32-bit test failed. This
+    was a bug in the test system, which is now fixed. Also, the list of various
+    configurations that are tested for each release did not have one with both
+    16/32 bits and --enable-bar-anycrlf. It now does.
+
+18. pcretest was missing "-C bsr" for displaying the \R default setting.
+
+19. Little endian PowerPC systems are supported now by the JIT compiler.
+
+20. The fast forward newline mechanism could enter to an infinite loop on
+    certain invalid UTF-8 input. Although we don't support these cases
+    this issue can be fixed by a performance optimization.
+
+21. Change 33 of 8.34 is not sufficient to ensure stack safety because it does
+    not take account if existing stack usage. There is now a new global
+    variable called pcre_stack_guard that can be set to point to an external
+    function to check stack availability. It is called at the start of
+    processing every parenthesized group.
+
+22. A typo in the code meant that in ungreedy mode the max/min qualifier
+    behaved like a min-possessive qualifier, and, for example, /a{1,3}b/U did
+    not match "ab".
+
+23. When UTF was disabled, the JIT program reported some incorrect compile
+    errors. These messages are silenced now.
+
+24. Experimental support for ARM-64 and MIPS-64 has been added to the JIT
+    compiler.
+
+25. Change all the temporary files used in RunGrepTest to be different to those
+    used by RunTest so that the tests can be run simultaneously, for example by
+    "make -j check".
+
+
+Version 8.34 15-December-2013
+-----------------------------
+
+1.  Add pcre[16|32]_jit_free_unused_memory to forcibly free unused JIT
+    executable memory. Patch inspired by Carsten Klein.
+
+2.  ./configure --enable-coverage defined SUPPORT_GCOV in config.h, although
+    this macro is never tested and has no effect, because the work to support
+    coverage involves only compiling and linking options and special targets in
+    the Makefile. The comment in config.h implied that defining the macro would
+    enable coverage support, which is totally false. There was also support for
+    setting this macro in the CMake files (my fault, I just copied it from
+    configure). SUPPORT_GCOV has now been removed.
+
+3.  Make a small performance improvement in strlen16() and strlen32() in
+    pcretest.
+
+4.  Change 36 for 8.33 left some unreachable statements in pcre_exec.c,
+    detected by the Solaris compiler (gcc doesn't seem to be able to diagnose
+    these cases). There was also one in pcretest.c.
+
+5.  Cleaned up a "may be uninitialized" compiler warning in pcre_exec.c.
+
+6.  In UTF mode, the code for checking whether a group could match an empty
+    string (which is used for indefinitely repeated groups to allow for
+    breaking an infinite loop) was broken when the group contained a repeated
+    negated single-character class with a character that occupied more than one
+    data item and had a minimum repetition of zero (for example, [^\x{100}]* in
+    UTF-8 mode). The effect was undefined: the group might or might not be
+    deemed as matching an empty string, or the program might have crashed.
+
+7.  The code for checking whether a group could match an empty string was not
+    recognizing that \h, \H, \v, \V, and \R must match a character.
+
+8.  Implemented PCRE_INFO_MATCH_EMPTY, which yields 1 if the pattern can match
+    an empty string. If it can, pcretest shows this in its information output.
+
+9.  Fixed two related bugs that applied to Unicode extended grapheme clusters
+    that were repeated with a maximizing qualifier (e.g. \X* or \X{2,5}) when
+    matched by pcre_exec() without using JIT:
+
+    (a) If the rest of the pattern did not match after a maximal run of
+        grapheme clusters, the code for backing up to try with fewer of them
+        did not always back up over a full grapheme when characters that do not
+        have the modifier quality were involved, e.g. Hangul syllables.
+
+    (b) If the match point in a subject started with modifier character, and
+        there was no match, the code could incorrectly back up beyond the match
+        point, and potentially beyond the first character in the subject,
+        leading to a segfault or an incorrect match result.
+
+10. A conditional group with an assertion condition could lead to PCRE
+    recording an incorrect first data item for a match if no other first data
+    item was recorded. For example, the pattern (?(?=ab)ab) recorded "a" as a
+    first data item, and therefore matched "ca" after "c" instead of at the
+    start.
+
+11. Change 40 for 8.33 (allowing pcregrep to find empty strings) showed up a
+    bug that caused the command "echo a | ./pcregrep -M '|a'" to loop.
+
+12. The source of pcregrep now includes z/OS-specific code so that it can be
+    compiled for z/OS as part of the special z/OS distribution.
+
+13. Added the -T and -TM options to pcretest.
+
+14. The code in pcre_compile.c for creating the table of named capturing groups
+    has been refactored. Instead of creating the table dynamically during the
+    actual compiling pass, the information is remembered during the pre-compile
+    pass (on the stack unless there are more than 20 named groups, in which
+    case malloc() is used) and the whole table is created before the actual
+    compile happens. This has simplified the code (it is now nearly 150 lines
+    shorter) and prepared the way for better handling of references to groups
+    with duplicate names.
+
+15. A back reference to a named subpattern when there is more than one of the
+    same name now checks them in the order in which they appear in the pattern.
+    The first one that is set is used for the reference. Previously only the
+    first one was inspected. This change makes PCRE more compatible with Perl.
+
+16. Unicode character properties were updated from Unicode 6.3.0.
+
+17. The compile-time code for auto-possessification has been refactored, based
+    on a patch by Zoltan Herczeg. It now happens after instead of during
+    compilation. The code is cleaner, and more cases are handled. The option
+    PCRE_NO_AUTO_POSSESS is added for testing purposes, and the -O and /O
+    options in pcretest are provided to set it. It can also be set by
+    (*NO_AUTO_POSSESS) at the start of a pattern.
+
+18. The character VT has been added to the default ("C" locale) set of
+    characters that match \s and are generally treated as white space,
+    following this same change in Perl 5.18. There is now no difference between
+    "Perl space" and "POSIX space". Whether VT is treated as white space in
+    other locales depends on the locale.
+
+19. The code for checking named groups as conditions, either for being set or
+    for being recursed, has been refactored (this is related to 14 and 15
+    above). Processing unduplicated named groups should now be as fast at
+    numerical groups, and processing duplicated groups should be faster than
+    before.
+
+20. Two patches to the CMake build system, by Alexander Barkov:
+
+      (1) Replace the "source" command by "." in CMakeLists.txt because
+          "source" is a bash-ism.
+
+      (2) Add missing HAVE_STDINT_H and HAVE_INTTYPES_H to config-cmake.h.in;
+          without these the CMake build does not work on Solaris.
+
+21. Perl has changed its handling of \8 and \9. If there is no previously
+    encountered capturing group of those numbers, they are treated as the
+    literal characters 8 and 9 instead of a binary zero followed by the
+    literals. PCRE now does the same.
+
+22. Following Perl, added \o{} to specify codepoints in octal, making it
+    possible to specify values greater than 0777 and also making them
+    unambiguous.
+
+23. Perl now gives an error for missing closing braces after \x{... instead of
+    treating the string as literal. PCRE now does the same.
+
+24. RunTest used to grumble if an inappropriate test was selected explicitly,
+    but just skip it when running all tests. This make it awkward to run ranges
+    of tests when one of them was inappropriate. Now it just skips any
+    inappropriate tests, as it always did when running all tests.
+
+25. If PCRE_AUTO_CALLOUT and PCRE_UCP were set for a pattern that contained
+    character types such as \d or \w, too many callouts were inserted, and the
+    data that they returned was rubbish.
+
+26. In UCP mode, \s was not matching two of the characters that Perl matches,
+    namely NEL (U+0085) and MONGOLIAN VOWEL SEPARATOR (U+180E), though they
+    were matched by \h. The code has now been refactored so that the lists of
+    the horizontal and vertical whitespace characters used for \h and \v (which
+    are defined only in one place) are now also used for \s.
+
+27. Add JIT support for the 64 bit TileGX architecture.
+    Patch by Jiong Wang (Tilera Corporation).
+
+28. Possessive quantifiers for classes (both explicit and automatically
+    generated) now use special opcodes instead of wrapping in ONCE brackets.
+
+29. Whereas an item such as A{4}+ ignored the possessivenes of the quantifier
+    (because it's meaningless), this was not happening when PCRE_CASELESS was
+    set. Not wrong, but inefficient.
+
+30. Updated perltest.pl to add /u (force Unicode mode) when /W (use Unicode
+    properties for \w, \d, etc) is present in a test regex. Otherwise if the
+    test contains no characters greater than 255, Perl doesn't realise it
+    should be using Unicode semantics.
+
+31. Upgraded the handling of the POSIX classes [:graph:], [:print:], and
+    [:punct:] when PCRE_UCP is set so as to include the same characters as Perl
+    does in Unicode mode.
+
+32. Added the "forbid" facility to pcretest so that putting tests into the
+    wrong test files can sometimes be quickly detected.
+
+33. There is now a limit (default 250) on the depth of nesting of parentheses.
+    This limit is imposed to control the amount of system stack used at compile
+    time. It can be changed at build time by --with-parens-nest-limit=xxx or
+    the equivalent in CMake.
+
+34. Character classes such as [A-\d] or [a-[:digit:]] now cause compile-time
+    errors. Perl warns for these when in warning mode, but PCRE has no facility
+    for giving warnings.
+
+35. Change 34 for 8.13 allowed quantifiers on assertions, because Perl does.
+    However, this was not working for (?!) because it is optimized to (*FAIL),
+    for which PCRE does not allow quantifiers. The optimization is now disabled
+    when a quantifier follows (?!). I can't see any use for this, but it makes
+    things uniform.
+
+36. Perl no longer allows group names to start with digits, so I have made this
+    change also in PCRE. It simplifies the code a bit.
+
+37. In extended mode, Perl ignores spaces before a + that indicates a
+    possessive quantifier. PCRE allowed a space before the quantifier, but not
+    before the possessive +. It now does.
+
+38. The use of \K (reset reported match start) within a repeated possessive
+    group such as (a\Kb)*+ was not working.
+
+40. Document that the same character tables must be used at compile time and
+    run time, and that the facility to pass tables to pcre_exec() and
+    pcre_dfa_exec() is for use only with saved/restored patterns.
+
+41. Applied Jeff Trawick's patch CMakeLists.txt, which "provides two new
+    features for Builds with MSVC:
+
+    1. Support pcre.rc and/or pcreposix.rc (as is already done for MinGW
+       builds). The .rc files can be used to set FileDescription and many other
+       attributes.
+
+    2. Add an option (-DINSTALL_MSVC_PDB) to enable installation of .pdb files.
+       This allows higher-level build scripts which want .pdb files to avoid
+       hard-coding the exact files needed."
+
+42. Added support for [[:<:]] and [[:>:]] as used in the BSD POSIX library to
+    mean "start of word" and "end of word", respectively, as a transition aid.
+
+43. A minimizing repeat of a class containing codepoints greater than 255 in
+    non-UTF 16-bit or 32-bit modes caused an internal error when PCRE was
+    compiled to use the heap for recursion.
+
+44. Got rid of some compiler warnings for unused variables when UTF but not UCP
+    is configured.
+
+
+Version 8.33 28-May-2013
+------------------------
+
+1.  Added 'U' to some constants that are compared to unsigned integers, to
+    avoid compiler signed/unsigned warnings. Added (int) casts to unsigned
+    variables that are added to signed variables, to ensure the result is
+    signed and can be negated.
+
+2.  Applied patch by Daniel Richard G for quashing MSVC warnings to the
+    CMake config files.
+
+3.  Revise the creation of config.h.generic so that all boolean macros are
+    #undefined, whereas non-boolean macros are #ifndef/#endif-ed. This makes
+    overriding via -D on the command line possible.
+
+4.  Changing the definition of the variable "op" in pcre_exec.c from pcre_uchar
+    to unsigned int is reported to make a quite noticeable speed difference in
+    a specific Windows environment. Testing on Linux did also appear to show
+    some benefit (and it is clearly not harmful). Also fixed the definition of
+    Xop which should be unsigned.
+
+5.  Related to (4), changing the definition of the intermediate variable cc
+    in repeated character loops from pcre_uchar to pcre_uint32 also gave speed
+    improvements.
+
+6.  Fix forward search in JIT when link size is 3 or greater. Also removed some
+    unnecessary spaces.
+
+7.  Adjust autogen.sh and configure.ac to lose warnings given by automake 1.12
+    and later.
+
+8.  Fix two buffer over read issues in 16 and 32 bit modes. Affects JIT only.
+
+9.  Optimizing fast_forward_start_bits in JIT.
+
+10. Adding support for callouts in JIT, and fixing some issues revealed
+    during this work. Namely:
+
+    (a) Unoptimized capturing brackets incorrectly reset on backtrack.
+
+    (b) Minimum length was not checked before the matching is started.
+
+11. The value of capture_last that is passed to callouts was incorrect in some
+    cases when there was a capture on one path that was subsequently abandoned
+    after a backtrack. Also, the capture_last value is now reset after a
+    recursion, since all captures are also reset in this case.
+
+12. The interpreter no longer returns the "too many substrings" error in the
+    case when an overflowing capture is in a branch that is subsequently
+    abandoned after a backtrack.
+
+13. In the pathological case when an offset vector of size 2 is used, pcretest
+    now prints out the matched string after a yield of 0 or 1.
+
+14. Inlining subpatterns in recursions, when certain conditions are fulfilled.
+    Only supported by the JIT compiler at the moment.
+
+15. JIT compiler now supports 32 bit Macs thanks to Lawrence Velazquez.
+
+16. Partial matches now set offsets[2] to the "bumpalong" value, that is, the
+    offset of the starting point of the matching process, provided the offsets
+    vector is large enough.
+
+17. The \A escape now records a lookbehind value of 1, though its execution
+    does not actually inspect the previous character. This is to ensure that,
+    in partial multi-segment matching, at least one character from the old
+    segment is retained when a new segment is processed. Otherwise, if there
+    are no lookbehinds in the pattern, \A might match incorrectly at the start
+    of a new segment.
+
+18. Added some #ifdef __VMS code into pcretest.c to help VMS implementations.
+
+19. Redefined some pcre_uchar variables in pcre_exec.c as pcre_uint32; this
+    gives some modest performance improvement in 8-bit mode.
+
+20. Added the PCRE-specific property \p{Xuc} for matching characters that can
+    be expressed in certain programming languages using Universal Character
+    Names.
+
+21. Unicode validation has been updated in the light of Unicode Corrigendum #9,
+    which points out that "non characters" are not "characters that may not
+    appear in Unicode strings" but rather "characters that are reserved for
+    internal use and have only local meaning".
+
+22. When a pattern was compiled with automatic callouts (PCRE_AUTO_CALLOUT) and
+    there was a conditional group that depended on an assertion, if the
+    assertion was false, the callout that immediately followed the alternation
+    in the condition was skipped when pcre_exec() was used for matching.
+
+23. Allow an explicit callout to be inserted before an assertion that is the
+    condition for a conditional group, for compatibility with automatic
+    callouts, which always insert a callout at this point.
+
+24. In 8.31, (*COMMIT) was confined to within a recursive subpattern. Perl also
+    confines (*SKIP) and (*PRUNE) in the same way, and this has now been done.
+
+25. (*PRUNE) is now supported by the JIT compiler.
+
+26. Fix infinite loop when /(?<=(*SKIP)ac)a/ is matched against aa.
+
+27. Fix the case where there are two or more SKIPs with arguments that may be
+    ignored.
+
+28. (*SKIP) is now supported by the JIT compiler.
+
+29. (*THEN) is now supported by the JIT compiler.
+
+30. Update RunTest with additional test selector options.
+
+31. The way PCRE handles backtracking verbs has been changed in two ways.
+
+    (1) Previously, in something like (*COMMIT)(*SKIP), COMMIT would override
+    SKIP. Now, PCRE acts on whichever backtracking verb is reached first by
+    backtracking. In some cases this makes it more Perl-compatible, but Perl's
+    rather obscure rules do not always do the same thing.
+
+    (2) Previously, backtracking verbs were confined within assertions. This is
+    no longer the case for positive assertions, except for (*ACCEPT). Again,
+    this sometimes improves Perl compatibility, and sometimes does not.
+
+32. A number of tests that were in test 2 because Perl did things differently
+    have been moved to test 1, because either Perl or PCRE has changed, and
+    these tests are now compatible.
+
+32. Backtracking control verbs are now handled in the same way in JIT and
+    interpreter.
+
+33. An opening parenthesis in a MARK/PRUNE/SKIP/THEN name in a pattern that
+    contained a forward subroutine reference caused a compile error.
+
+34. Auto-detect and optimize limited repetitions in JIT.
+
+35. Implement PCRE_NEVER_UTF to lock out the use of UTF, in particular,
+    blocking (*UTF) etc.
+
+36. In the interpreter, maximizing pattern repetitions for characters and
+    character types now use tail recursion, which reduces stack usage.
+
+37. The value of the max lookbehind was not correctly preserved if a compiled
+    and saved regex was reloaded on a host of different endianness.
+
+38. Implemented (*LIMIT_MATCH) and (*LIMIT_RECURSION). As part of the extension
+    of the compiled pattern block, expand the flags field from 16 to 32 bits
+    because it was almost full.
+
+39. Try madvise first before posix_madvise.
+
+40. Change 7 for PCRE 7.9 made it impossible for pcregrep to find empty lines
+    with a pattern such as ^$. It has taken 4 years for anybody to notice! The
+    original change locked out all matches of empty strings. This has been
+    changed so that one match of an empty string per line is recognized.
+    Subsequent searches on the same line (for colouring or for --only-matching,
+    for example) do not recognize empty strings.
+
+41. Applied a user patch to fix a number of spelling mistakes in comments.
+
+42. Data lines longer than 65536 caused pcretest to crash.
+
+43. Clarified the data type for length and startoffset arguments for pcre_exec
+    and pcre_dfa_exec in the function-specific man pages, where they were
+    explicitly stated to be in bytes, never having been updated. I also added
+    some clarification to the pcreapi man page.
+
+44. A call to pcre_dfa_exec() with an output vector size less than 2 caused
+    a segmentation fault.
+
+
+Version 8.32 30-November-2012
+-----------------------------
+
+1.  Improved JIT compiler optimizations for first character search and single
+    character iterators.
+
+2.  Supporting IBM XL C compilers for PPC architectures in the JIT compiler.
+    Patch by Daniel Richard G.
+
+3.  Single character iterator optimizations in the JIT compiler.
+
+4.  Improved JIT compiler optimizations for character ranges.
+
+5.  Rename the "leave" variable names to "quit" to improve WinCE compatibility.
+    Reported by Giuseppe D'Angelo.
+
+6.  The PCRE_STARTLINE bit, indicating that a match can occur only at the start
+    of a line, was being set incorrectly in cases where .* appeared inside
+    atomic brackets at the start of a pattern, or where there was a subsequent
+    *PRUNE or *SKIP.
+
+7.  Improved instruction cache flush for POWER/PowerPC.
+    Patch by Daniel Richard G.
+
+8.  Fixed a number of issues in pcregrep, making it more compatible with GNU
+    grep:
+
+    (a) There is now no limit to the number of patterns to be matched.
+
+    (b) An error is given if a pattern is too long.
+
+    (c) Multiple uses of --exclude, --exclude-dir, --include, and --include-dir
+        are now supported.
+
+    (d) --exclude-from and --include-from (multiple use) have been added.
+
+    (e) Exclusions and inclusions now apply to all files and directories, not
+        just to those obtained from scanning a directory recursively.
+
+    (f) Multiple uses of -f and --file-list are now supported.
+
+    (g) In a Windows environment, the default for -d has been changed from
+        "read" (the GNU grep default) to "skip", because otherwise the presence
+        of a directory in the file list provokes an error.
+
+    (h) The documentation has been revised and clarified in places.
+
+9.  Improve the matching speed of capturing brackets.
+
+10. Changed the meaning of \X so that it now matches a Unicode extended
+    grapheme cluster.
+
+11. Patch by Daniel Richard G to the autoconf files to add a macro for sorting
+    out POSIX threads when JIT support is configured.
+
+12. Added support for PCRE_STUDY_EXTRA_NEEDED.
+
+13. In the POSIX wrapper regcomp() function, setting re_nsub field in the preg
+    structure could go wrong in environments where size_t is not the same size
+    as int.
+
+14. Applied user-supplied patch to pcrecpp.cc to allow PCRE_NO_UTF8_CHECK to be
+    set.
+
+15. The EBCDIC support had decayed; later updates to the code had included
+    explicit references to (e.g.) \x0a instead of CHAR_LF. There has been a
+    general tidy up of EBCDIC-related issues, and the documentation was also
+    not quite right. There is now a test that can be run on ASCII systems to
+    check some of the EBCDIC-related things (but is it not a full test).
+
+16. The new PCRE_STUDY_EXTRA_NEEDED option is now used by pcregrep, resulting
+    in a small tidy to the code.
+
+17. Fix JIT tests when UTF is disabled and both 8 and 16 bit mode are enabled.
+
+18. If the --only-matching (-o) option in pcregrep is specified multiple
+    times, each one causes appropriate output. For example, -o1 -o2 outputs the
+    substrings matched by the 1st and 2nd capturing parentheses. A separating
+    string can be specified by --om-separator (default empty).
+
+19. Improving the first n character searches.
+
+20. Turn case lists for horizontal and vertical white space into macros so that
+    they are defined only once.
+
+21. This set of changes together give more compatible Unicode case-folding
+    behaviour for characters that have more than one other case when UCP
+    support is available.
+
+    (a) The Unicode property table now has offsets into a new table of sets of
+        three or more characters that are case-equivalent. The MultiStage2.py
+        script that generates these tables (the pcre_ucd.c file) now scans
+        CaseFolding.txt instead of UnicodeData.txt for character case
+        information.
+
+    (b) The code for adding characters or ranges of characters to a character
+        class has been abstracted into a generalized function that also handles
+        case-independence. In UTF-mode with UCP support, this uses the new data
+        to handle characters with more than one other case.
+
+    (c) A bug that is fixed as a result of (b) is that codepoints less than 256
+        whose other case is greater than 256 are now correctly matched
+        caselessly. Previously, the high codepoint matched the low one, but not
+        vice versa.
+
+    (d) The processing of \h, \H, \v, and \ in character classes now makes use
+        of the new class addition function, using character lists defined as
+        macros alongside the case definitions of 20 above.
+
+    (e) Caseless back references now work with characters that have more than
+        one other case.
+
+    (f) General caseless matching of characters with more than one other case
+        is supported.
+
+22. Unicode character properties were updated from Unicode 6.2.0
+
+23. Improved CMake support under Windows. Patch by Daniel Richard G.
+
+24. Add support for 32-bit character strings, and UTF-32
+
+25. Major JIT compiler update (code refactoring and bugfixing).
+    Experimental Sparc 32 support is added.
+
+26. Applied a modified version of Daniel Richard G's patch to create
+    pcre.h.generic and config.h.generic by "make" instead of in the
+    PrepareRelease script.
+
+27. Added a definition for CHAR_NULL (helpful for the z/OS port), and use it in
+    pcre_compile.c when checking for a zero character.
+
+28. Introducing a native interface for JIT. Through this interface, the compiled
+    machine code can be directly executed. The purpose of this interface is to
+    provide fast pattern matching, so several sanity checks are not performed.
+    However, feature tests are still performed. The new interface provides
+    1.4x speedup compared to the old one.
+
+29. If pcre_exec() or pcre_dfa_exec() was called with a negative value for
+    the subject string length, the error given was PCRE_ERROR_BADOFFSET, which
+    was confusing. There is now a new error PCRE_ERROR_BADLENGTH for this case.
+
+30. In 8-bit UTF-8 mode, pcretest failed to give an error for data codepoints
+    greater than 0x7fffffff (which cannot be represented in UTF-8, even under
+    the "old" RFC 2279). Instead, it ended up passing a negative length to
+    pcre_exec().
+
+31. Add support for GCC's visibility feature to hide internal functions.
+
+32. Running "pcretest -C pcre8" or "pcretest -C pcre16" gave a spurious error
+    "unknown -C option" after outputting 0 or 1.
+
+33. There is now support for generating a code coverage report for the test
+    suite in environments where gcc is the compiler and lcov is installed. This
+    is mainly for the benefit of the developers.
+
+34. If PCRE is built with --enable-valgrind, certain memory regions are marked
+    unaddressable using valgrind annotations, allowing valgrind to detect
+    invalid memory accesses. This is mainly for the benefit of the developers.
+
+25. (*UTF) can now be used to start a pattern in any of the three libraries.
+
+26. Give configure error if --enable-cpp but no C++ compiler found.
+
+
+Version 8.31 06-July-2012
+-------------------------
+
+1.  Fixing a wrong JIT test case and some compiler warnings.
+
+2.  Removed a bashism from the RunTest script.
+
+3.  Add a cast to pcre_exec.c to fix the warning "unary minus operator applied
+    to unsigned type, result still unsigned" that was given by an MS compiler
+    on encountering the code "-sizeof(xxx)".
+
+4.  Partial matching support is added to the JIT compiler.
+
+5.  Fixed several bugs concerned with partial matching of items that consist
+    of more than one character:
+
+    (a) /^(..)\1/ did not partially match "aba" because checking references was
+        done on an "all or nothing" basis. This also applied to repeated
+        references.
+
+    (b) \R did not give a hard partial match if \r was found at the end of the
+        subject.
+
+    (c) \X did not give a hard partial match after matching one or more
+        characters at the end of the subject.
+
+    (d) When newline was set to CRLF, a pattern such as /a$/ did not recognize
+        a partial match for the string "\r".
+
+    (e) When newline was set to CRLF, the metacharacter "." did not recognize
+        a partial match for a CR character at the end of the subject string.
+
+6.  If JIT is requested using /S++ or -s++ (instead of just /S+ or -s+) when
+    running pcretest, the text "(JIT)" added to the output whenever JIT is
+    actually used to run the match.
+
+7.  Individual JIT compile options can be set in pcretest by following -s+[+]
+    or /S+[+] with a digit between 1 and 7.
+
+8.  OP_NOT now supports any UTF character not just single-byte ones.
+
+9.  (*MARK) control verb is now supported by the JIT compiler.
+
+10. The command "./RunTest list" lists the available tests without actually
+    running any of them. (Because I keep forgetting what they all are.)
+
+11. Add PCRE_INFO_MAXLOOKBEHIND.
+
+12. Applied a (slightly modified) user-supplied patch that improves performance
+    when the heap is used for recursion (compiled with --disable-stack-for-
+    recursion). Instead of malloc and free for each heap frame each time a
+    logical recursion happens, frames are retained on a chain and re-used where
+    possible. This sometimes gives as much as 30% improvement.
+
+13. As documented, (*COMMIT) is now confined to within a recursive subpattern
+    call.
+
+14. As documented, (*COMMIT) is now confined to within a positive assertion.
+
+15. It is now possible to link pcretest with libedit as an alternative to
+    libreadline.
+
+16. (*COMMIT) control verb is now supported by the JIT compiler.
+
+17. The Unicode data tables have been updated to Unicode 6.1.0.
+
+18. Added --file-list option to pcregrep.
+
+19. Added binary file support to pcregrep, including the -a, --binary-files,
+    -I, and --text options.
+
+20. The madvise function is renamed for posix_madvise for QNX compatibility
+    reasons. Fixed by Giuseppe D'Angelo.
+
+21. Fixed a bug for backward assertions with REVERSE 0 in the JIT compiler.
+
+22. Changed the option for creating symbolic links for 16-bit man pages from
+    -s to -sf so that re-installing does not cause issues.
+
+23. Support PCRE_NO_START_OPTIMIZE in JIT as (*MARK) support requires it.
+
+24. Fixed a very old bug in pcretest that caused errors with restarted DFA
+    matches in certain environments (the workspace was not being correctly
+    retained). Also added to pcre_dfa_exec() a simple plausibility check on
+    some of the workspace data at the beginning of a restart.
+
+25. \s*\R was auto-possessifying the \s* when it should not, whereas \S*\R
+    was not doing so when it should - probably a typo introduced by SVN 528
+    (change 8.10/14).
+
+26. When PCRE_UCP was not set, \w+\x{c4} was incorrectly auto-possessifying the
+    \w+ when the character tables indicated that \x{c4} was a word character.
+    There were several related cases, all because the tests for doing a table
+    lookup were testing for characters less than 127 instead of 255.
+
+27. If a pattern contains capturing parentheses that are not used in a match,
+    their slots in the ovector are set to -1. For those that are higher than
+    any matched groups, this happens at the end of processing. In the case when
+    there were back references that the ovector was too small to contain
+    (causing temporary malloc'd memory to be used during matching), and the
+    highest capturing number was not used, memory off the end of the ovector
+    was incorrectly being set to -1. (It was using the size of the temporary
+    memory instead of the true size.)
+
+28. To catch bugs like 27 using valgrind, when pcretest is asked to specify an
+    ovector size, it uses memory at the end of the block that it has got.
+
+29. Check for an overlong MARK name and give an error at compile time. The
+    limit is 255 for the 8-bit library and 65535 for the 16-bit library.
+
+30. JIT compiler update.
+
+31. JIT is now supported on jailbroken iOS devices. Thanks for Ruiger
+    Rill for the patch.
+
+32. Put spaces around SLJIT_PRINT_D in the JIT compiler. Required by CXX11.
+
+33. Variable renamings in the PCRE-JIT compiler. No functionality change.
+
+34. Fixed typos in pcregrep: in two places there was SUPPORT_LIBZ2 instead of
+    SUPPORT_LIBBZ2. This caused a build problem when bzip2 but not gzip (zlib)
+    was enabled.
+
+35. Improve JIT code generation for greedy plus quantifier.
+
+36. When /((?:a?)*)*c/ or /((?>a?)*)*c/ was matched against "aac", it set group
+    1 to "aa" instead of to an empty string. The bug affected repeated groups
+    that could potentially match an empty string.
+
+37. Optimizing single character iterators in JIT.
+
+38. Wide characters specified with \uxxxx in JavaScript mode are now subject to
+    the same checks as \x{...} characters in non-JavaScript mode. Specifically,
+    codepoints that are too big for the mode are faulted, and in a UTF mode,
+    disallowed codepoints are also faulted.
+
+39. If PCRE was compiled with UTF support, in three places in the DFA
+    matcher there was code that should only have been obeyed in UTF mode, but
+    was being obeyed unconditionally. In 8-bit mode this could cause incorrect
+    processing when bytes with values greater than 127 were present. In 16-bit
+    mode the bug would be provoked by values in the range 0xfc00 to 0xdc00. In
+    both cases the values are those that cannot be the first data item in a UTF
+    character. The three items that might have provoked this were recursions,
+    possessively repeated groups, and atomic groups.
+
+40. Ensure that libpcre is explicitly listed in the link commands for pcretest
+    and pcregrep, because some OS require shared objects to be explicitly
+    passed to ld, causing the link step to fail if they are not.
+
+41. There were two incorrect #ifdefs in pcre_study.c, meaning that, in 16-bit
+    mode, patterns that started with \h* or \R* might be incorrectly matched.
+
+
+Version 8.30 04-February-2012
+-----------------------------
+
+1.  Renamed "isnumber" as "is_a_number" because in some Mac environments this
+    name is defined in ctype.h.
+
+2.  Fixed a bug in fixed-length calculation for lookbehinds that would show up
+    only in quite long subpatterns.
+
+3.  Removed the function pcre_info(), which has been obsolete and deprecated
+    since it was replaced by pcre_fullinfo() in February 2000.
+
+4.  For a non-anchored pattern, if (*SKIP) was given with a name that did not
+    match a (*MARK), and the match failed at the start of the subject, a
+    reference to memory before the start of the subject could occur. This bug
+    was introduced by fix 17 of release 8.21.
+
+5.  A reference to an unset group with zero minimum repetition was giving
+    totally wrong answers (in non-JavaScript-compatibility mode). For example,
+    /(another)?(\1?)test/ matched against "hello world test". This bug was
+    introduced in release 8.13.
+
+6.  Add support for 16-bit character strings (a large amount of work involving
+    many changes and refactorings).
+
+7.  RunGrepTest failed on msys because \r\n was replaced by whitespace when the
+    command "pattern=`printf 'xxx\r\njkl'`" was run. The pattern is now taken
+    from a file.
+
+8.  Ovector size of 2 is also supported by JIT based pcre_exec (the ovector size
+    rounding is not applied in this particular case).
+
+9.  The invalid Unicode surrogate codepoints U+D800 to U+DFFF are now rejected
+    if they appear, or are escaped, in patterns.
+
+10. Get rid of a number of -Wunused-but-set-variable warnings.
+
+11. The pattern /(?=(*:x))(q|)/ matches an empty string, and returns the mark
+    "x". The similar pattern /(?=(*:x))((*:y)q|)/ did not return a mark at all.
+    Oddly, Perl behaves the same way. PCRE has been fixed so that this pattern
+    also returns the mark "x". This bug applied to capturing parentheses,
+    non-capturing parentheses, and atomic parentheses. It also applied to some
+    assertions.
+
+12. Stephen Kelly's patch to CMakeLists.txt allows it to parse the version
+    information out of configure.ac instead of relying on pcre.h.generic, which
+    is not stored in the repository.
+
+13. Applied Dmitry V. Levin's patch for a more portable method for linking with
+    -lreadline.
+
+14. ZH added PCRE_CONFIG_JITTARGET; added its output to pcretest -C.
+
+15. Applied Graycode's patch to put the top-level frame on the stack rather
+    than the heap when not using the stack for recursion. This gives a
+    performance improvement in many cases when recursion is not deep.
+
+16. Experimental code added to "pcretest -C" to output the stack frame size.
+
+
+Version 8.21 12-Dec-2011
+------------------------
+
+1.  Updating the JIT compiler.
+
+2.  JIT compiler now supports OP_NCREF, OP_RREF and OP_NRREF. New test cases
+    are added as well.
+
+3.  Fix cache-flush issue on PowerPC (It is still an experimental JIT port).
+    PCRE_EXTRA_TABLES is not suported by JIT, and should be checked before
+    calling _pcre_jit_exec. Some extra comments are added.
+
+4.  (*MARK) settings inside atomic groups that do not contain any capturing
+    parentheses, for example, (?>a(*:m)), were not being passed out. This bug
+    was introduced by change 18 for 8.20.
+
+5.  Supporting of \x, \U and \u in JavaScript compatibility mode based on the
+    ECMA-262 standard.
+
+6.  Lookbehinds such as (?<=a{2}b) that contained a fixed repetition were
+    erroneously being rejected as "not fixed length" if PCRE_CASELESS was set.
+    This bug was probably introduced by change 9 of 8.13.
+
+7.  While fixing 6 above, I noticed that a number of other items were being
+    incorrectly rejected as "not fixed length". This arose partly because newer
+    opcodes had not been added to the fixed-length checking code. I have (a)
+    corrected the bug and added tests for these items, and (b) arranged for an
+    error to occur if an unknown opcode is encountered while checking for fixed
+    length instead of just assuming "not fixed length". The items that were
+    rejected were: (*ACCEPT), (*COMMIT), (*FAIL), (*MARK), (*PRUNE), (*SKIP),
+    (*THEN), \h, \H, \v, \V, and single character negative classes with fixed
+    repetitions, e.g. [^a]{3}, with and without PCRE_CASELESS.
+
+8.  A possessively repeated conditional subpattern such as (?(?=c)c|d)++ was
+    being incorrectly compiled and would have given unpredicatble results.
+
+9.  A possessively repeated subpattern with minimum repeat count greater than
+    one behaved incorrectly. For example, (A){2,}+ behaved as if it was
+    (A)(A)++ which meant that, after a subsequent mismatch, backtracking into
+    the first (A) could occur when it should not.
+
+10. Add a cast and remove a redundant test from the code.
+
+11. JIT should use pcre_malloc/pcre_free for allocation.
+
+12. Updated pcre-config so that it no longer shows -L/usr/lib, which seems
+    best practice nowadays, and helps with cross-compiling. (If the exec_prefix
+    is anything other than /usr, -L is still shown).
+
+13. In non-UTF-8 mode, \C is now supported in lookbehinds and DFA matching.
+
+14. Perl does not support \N without a following name in a [] class; PCRE now
+    also gives an error.
+
+15. If a forward reference was repeated with an upper limit of around 2000,
+    it caused the error "internal error: overran compiling workspace". The
+    maximum number of forward references (including repeats) was limited by the
+    internal workspace, and dependent on the LINK_SIZE. The code has been
+    rewritten so that the workspace expands (via pcre_malloc) if necessary, and
+    the default depends on LINK_SIZE. There is a new upper limit (for safety)
+    of around 200,000 forward references. While doing this, I also speeded up
+    the filling in of repeated forward references.
+
+16. A repeated forward reference in a pattern such as (a)(?2){2}(.) was
+    incorrectly expecting the subject to contain another "a" after the start.
+
+17. When (*SKIP:name) is activated without a corresponding (*MARK:name) earlier
+    in the match, the SKIP should be ignored. This was not happening; instead
+    the SKIP was being treated as NOMATCH. For patterns such as
+    /A(*MARK:A)A+(*SKIP:B)Z|AAC/ this meant that the AAC branch was never
+    tested.
+
+18. The behaviour of (*MARK), (*PRUNE), and (*THEN) has been reworked and is
+    now much more compatible with Perl, in particular in cases where the result
+    is a non-match for a non-anchored pattern. For example, if
+    /b(*:m)f|a(*:n)w/ is matched against "abc", the non-match returns the name
+    "m", where previously it did not return a name. A side effect of this
+    change is that for partial matches, the last encountered mark name is
+    returned, as for non matches. A number of tests that were previously not
+    Perl-compatible have been moved into the Perl-compatible test files. The
+    refactoring has had the pleasing side effect of removing one argument from
+    the match() function, thus reducing its stack requirements.
+
+19. If the /S+ option was used in pcretest to study a pattern using JIT,
+    subsequent uses of /S (without +) incorrectly behaved like /S+.
+
+21. Retrieve executable code size support for the JIT compiler and fixing
+    some warnings.
+
+22. A caseless match of a UTF-8 character whose other case uses fewer bytes did
+    not work when the shorter character appeared right at the end of the
+    subject string.
+
+23. Added some (int) casts to non-JIT modules to reduce warnings on 64-bit
+    systems.
+
+24. Added PCRE_INFO_JITSIZE to pass on the value from (21) above, and also
+    output it when the /M option is used in pcretest.
+
+25. The CheckMan script was not being included in the distribution. Also, added
+    an explicit "perl" to run Perl scripts from the PrepareRelease script
+    because this is reportedly needed in Windows.
+
+26. If study data was being save in a file and studying had not found a set of
+    "starts with" bytes for the pattern, the data written to the file (though
+    never used) was taken from uninitialized memory and so caused valgrind to
+    complain.
+
+27. Updated RunTest.bat as provided by Sheri Pierce.
+
+28. Fixed a possible uninitialized memory bug in pcre_jit_compile.c.
+
+29. Computation of memory usage for the table of capturing group names was
+    giving an unnecessarily large value.
+
+
+Version 8.20 21-Oct-2011
+------------------------
+
+1.  Change 37 of 8.13 broke patterns like [:a]...[b:] because it thought it had
+    a POSIX class. After further experiments with Perl, which convinced me that
+    Perl has bugs and confusions, a closing square bracket is no longer allowed
+    in a POSIX name. This bug also affected patterns with classes that started
+    with full stops.
+
+2.  If a pattern such as /(a)b|ac/ is matched against "ac", there is no
+    captured substring, but while checking the failing first alternative,
+    substring 1 is temporarily captured. If the output vector supplied to
+    pcre_exec() was not big enough for this capture, the yield of the function
+    was still zero ("insufficient space for captured substrings"). This cannot
+    be totally fixed without adding another stack variable, which seems a lot
+    of expense for a edge case. However, I have improved the situation in cases
+    such as /(a)(b)x|abc/ matched against "abc", where the return code
+    indicates that fewer than the maximum number of slots in the ovector have
+    been set.
+
+3.  Related to (2) above: when there are more back references in a pattern than
+    slots in the output vector, pcre_exec() uses temporary memory during
+    matching, and copies in the captures as far as possible afterwards. It was
+    using the entire output vector, but this conflicts with the specification
+    that only 2/3 is used for passing back captured substrings. Now it uses
+    only the first 2/3, for compatibility. This is, of course, another edge
+    case.
+
+4.  Zoltan Herczeg's just-in-time compiler support has been integrated into the
+    main code base, and can be used by building with --enable-jit. When this is
+    done, pcregrep automatically uses it unless --disable-pcregrep-jit or the
+    runtime --no-jit option is given.
+
+5.  When the number of matches in a pcre_dfa_exec() run exactly filled the
+    ovector, the return from the function was zero, implying that there were
+    other matches that did not fit. The correct "exactly full" value is now
+    returned.
+
+6.  If a subpattern that was called recursively or as a subroutine contained
+    (*PRUNE) or any other control that caused it to give a non-standard return,
+    invalid errors such as "Error -26 (nested recursion at the same subject
+    position)" or even infinite loops could occur.
+
+7.  If a pattern such as /a(*SKIP)c|b(*ACCEPT)|/ was studied, it stopped
+    computing the minimum length on reaching *ACCEPT, and so ended up with the
+    wrong value of 1 rather than 0. Further investigation indicates that
+    computing a minimum subject length in the presence of *ACCEPT is difficult
+    (think back references, subroutine calls), and so I have changed the code
+    so that no minimum is registered for a pattern that contains *ACCEPT.
+
+8.  If (*THEN) was present in the first (true) branch of a conditional group,
+    it was not handled as intended. [But see 16 below.]
+
+9.  Replaced RunTest.bat and CMakeLists.txt with improved versions provided by
+    Sheri Pierce.
+
+10. A pathological pattern such as /(*ACCEPT)a/ was miscompiled, thinking that
+    the first byte in a match must be "a".
+
+11. Change 17 for 8.13 increased the recursion depth for patterns like
+    /a(?:.)*?a/ drastically. I've improved things by remembering whether a
+    pattern contains any instances of (*THEN). If it does not, the old
+    optimizations are restored. It would be nice to do this on a per-group
+    basis, but at the moment that is not feasible.
+
+12. In some environments, the output of pcretest -C is CRLF terminated. This
+    broke RunTest's code that checks for the link size. A single white space
+    character after the value is now allowed for.
+
+13. RunTest now checks for the "fr" locale as well as for "fr_FR" and "french".
+    For "fr", it uses the Windows-specific input and output files.
+
+14. If (*THEN) appeared in a group that was called recursively or as a
+    subroutine, it did not work as intended. [But see next item.]
+
+15. Consider the pattern /A (B(*THEN)C) | D/ where A, B, C, and D are complex
+    pattern fragments (but not containing any | characters). If A and B are
+    matched, but there is a failure in C so that it backtracks to (*THEN), PCRE
+    was behaving differently to Perl. PCRE backtracked into A, but Perl goes to
+    D. In other words, Perl considers parentheses that do not contain any |
+    characters to be part of a surrounding alternative, whereas PCRE was
+    treading (B(*THEN)C) the same as (B(*THEN)C|(*FAIL)) -- which Perl handles
+    differently. PCRE now behaves in the same way as Perl, except in the case
+    of subroutine/recursion calls such as (?1) which have in any case always
+    been different (but PCRE had them first :-).
+
+16. Related to 15 above: Perl does not treat the | in a conditional group as
+    creating alternatives. Such a group is treated in the same way as an
+    ordinary group without any | characters when processing (*THEN). PCRE has
+    been changed to match Perl's behaviour.
+
+17. If a user had set PCREGREP_COLO(U)R to something other than 1:31, the
+    RunGrepTest script failed.
+
+18. Change 22 for version 13 caused atomic groups to use more stack. This is
+    inevitable for groups that contain captures, but it can lead to a lot of
+    stack use in large patterns. The old behaviour has been restored for atomic
+    groups that do not contain any capturing parentheses.
+
+19. If the PCRE_NO_START_OPTIMIZE option was set for pcre_compile(), it did not
+    suppress the check for a minimum subject length at run time. (If it was
+    given to pcre_exec() or pcre_dfa_exec() it did work.)
+
+20. Fixed an ASCII-dependent infelicity in pcretest that would have made it
+    fail to work when decoding hex characters in data strings in EBCDIC
+    environments.
+
+21. It appears that in at least one Mac OS environment, the isxdigit() function
+    is implemented as a macro that evaluates to its argument more than once,
+    contravening the C 90 Standard (I haven't checked a later standard). There
+    was an instance in pcretest which caused it to go wrong when processing
+    \x{...} escapes in subject strings. The has been rewritten to avoid using
+    things like p++ in the argument of isxdigit().
+
+
+Version 8.13 16-Aug-2011
+------------------------
+
+1.  The Unicode data tables have been updated to Unicode 6.0.0.
+
+2.  Two minor typos in pcre_internal.h have been fixed.
+
+3.  Added #include <string.h> to pcre_scanner_unittest.cc, pcrecpp.cc, and
+    pcrecpp_unittest.cc. They are needed for strcmp(), memset(), and strchr()
+    in some environments (e.g. Solaris 10/SPARC using Sun Studio 12U2).
+
+4.  There were a number of related bugs in the code for matching backrefences
+    caselessly in UTF-8 mode when codes for the characters concerned were
+    different numbers of bytes. For example, U+023A and U+2C65 are an upper
+    and lower case pair, using 2 and 3 bytes, respectively. The main bugs were:
+    (a) A reference to 3 copies of a 2-byte code matched only 2 of a 3-byte
+    code. (b) A reference to 2 copies of a 3-byte code would not match 2 of a
+    2-byte code at the end of the subject (it thought there wasn't enough data
+    left).
+
+5.  Comprehensive information about what went wrong is now returned by
+    pcre_exec() and pcre_dfa_exec() when the UTF-8 string check fails, as long
+    as the output vector has at least 2 elements. The offset of the start of
+    the failing character and a reason code are placed in the vector.
+
+6.  When the UTF-8 string check fails for pcre_compile(), the offset that is
+    now returned is for the first byte of the failing character, instead of the
+    last byte inspected. This is an incompatible change, but I hope it is small
+    enough not to be a problem. It makes the returned offset consistent with
+    pcre_exec() and pcre_dfa_exec().
+
+7.  pcretest now gives a text phrase as well as the error number when
+    pcre_exec() or pcre_dfa_exec() fails; if the error is a UTF-8 check
+    failure, the offset and reason code are output.
+
+8.  When \R was used with a maximizing quantifier it failed to skip backwards
+    over a \r\n pair if the subsequent match failed. Instead, it just skipped
+    back over a single character (\n). This seems wrong (because it treated the
+    two characters as a single entity when going forwards), conflicts with the
+    documentation that \R is equivalent to (?>\r\n|\n|...etc), and makes the
+    behaviour of \R* different to (\R)*, which also seems wrong. The behaviour
+    has been changed.
+
+9.  Some internal refactoring has changed the processing so that the handling
+    of the PCRE_CASELESS and PCRE_MULTILINE options is done entirely at compile
+    time (the PCRE_DOTALL option was changed this way some time ago: version
+    7.7 change 16). This has made it possible to abolish the OP_OPT op code,
+    which was always a bit of a fudge. It also means that there is one less
+    argument for the match() function, which reduces its stack requirements
+    slightly. This change also fixes an incompatibility with Perl: the pattern
+    (?i:([^b]))(?1) should not match "ab", but previously PCRE gave a match.
+
+10. More internal refactoring has drastically reduced the number of recursive
+    calls to match() for possessively repeated groups such as (abc)++ when
+    using pcre_exec().
+
+11. While implementing 10, a number of bugs in the handling of groups were
+    discovered and fixed:
+
+    (?<=(a)+) was not diagnosed as invalid (non-fixed-length lookbehind).
+    (a|)*(?1) gave a compile-time internal error.
+    ((a|)+)+  did not notice that the outer group could match an empty string.
+    (^a|^)+   was not marked as anchored.
+    (.*a|.*)+ was not marked as matching at start or after a newline.
+
+12. Yet more internal refactoring has removed another argument from the match()
+    function. Special calls to this function are now indicated by setting a
+    value in a variable in the "match data" data block.
+
+13. Be more explicit in pcre_study() instead of relying on "default" for
+    opcodes that mean there is no starting character; this means that when new
+    ones are added and accidentally left out of pcre_study(), testing should
+    pick them up.
+
+14. The -s option of pcretest has been documented for ages as being an old
+    synonym of -m (show memory usage). I have changed it to mean "force study
+    for every regex", that is, assume /S for every regex. This is similar to -i
+    and -d etc. It's slightly incompatible, but I'm hoping nobody is still
+    using it. It makes it easier to run collections of tests with and without
+    study enabled, and thereby test pcre_study() more easily. All the standard
+    tests are now run with and without -s (but some patterns can be marked as
+    "never study" - see 20 below).
+
+15. When (*ACCEPT) was used in a subpattern that was called recursively, the
+    restoration of the capturing data to the outer values was not happening
+    correctly.
+
+16. If a recursively called subpattern ended with (*ACCEPT) and matched an
+    empty string, and PCRE_NOTEMPTY was set, pcre_exec() thought the whole
+    pattern had matched an empty string, and so incorrectly returned a no
+    match.
+
+17. There was optimizing code for the last branch of non-capturing parentheses,
+    and also for the obeyed branch of a conditional subexpression, which used
+    tail recursion to cut down on stack usage. Unfortunately, now that there is
+    the possibility of (*THEN) occurring in these branches, tail recursion is
+    no longer possible because the return has to be checked for (*THEN). These
+    two optimizations have therefore been removed. [But see 8.20/11 above.]
+
+18. If a pattern containing \R was studied, it was assumed that \R always
+    matched two bytes, thus causing the minimum subject length to be
+    incorrectly computed because \R can also match just one byte.
+
+19. If a pattern containing (*ACCEPT) was studied, the minimum subject length
+    was incorrectly computed.
+
+20. If /S is present twice on a test pattern in pcretest input, it now
+    *disables* studying, thereby overriding the use of -s on the command line
+    (see 14 above). This is necessary for one or two tests to keep the output
+    identical in both cases.
+
+21. When (*ACCEPT) was used in an assertion that matched an empty string and
+    PCRE_NOTEMPTY was set, PCRE applied the non-empty test to the assertion.
+
+22. When an atomic group that contained a capturing parenthesis was
+    successfully matched, but the branch in which it appeared failed, the
+    capturing was not being forgotten if a higher numbered group was later
+    captured. For example, /(?>(a))b|(a)c/ when matching "ac" set capturing
+    group 1 to "a", when in fact it should be unset. This applied to multi-
+    branched capturing and non-capturing groups, repeated or not, and also to
+    positive assertions (capturing in negative assertions does not happen
+    in PCRE) and also to nested atomic groups.
+
+23. Add the ++ qualifier feature to pcretest, to show the remainder of the
+    subject after a captured substring, to make it easier to tell which of a
+    number of identical substrings has been captured.
+
+24. The way atomic groups are processed by pcre_exec() has been changed so that
+    if they are repeated, backtracking one repetition now resets captured
+    values correctly. For example, if ((?>(a+)b)+aabab) is matched against
+    "aaaabaaabaabab" the value of captured group 2 is now correctly recorded as
+    "aaa". Previously, it would have been "a". As part of this code
+    refactoring, the way recursive calls are handled has also been changed.
+
+25. If an assertion condition captured any substrings, they were not passed
+    back unless some other capturing happened later. For example, if
+    (?(?=(a))a) was matched against "a", no capturing was returned.
+
+26. When studying a pattern that contained subroutine calls or assertions,
+    the code for finding the minimum length of a possible match was handling
+    direct recursions such as (xxx(?1)|yyy) but not mutual recursions (where
+    group 1 called group 2 while simultaneously a separate group 2 called group
+    1). A stack overflow occurred in this case. I have fixed this by limiting
+    the recursion depth to 10.
+
+27. Updated RunTest.bat in the distribution to the version supplied by Tom
+    Fortmann. This supports explicit test numbers on the command line, and has
+    argument validation and error reporting.
+
+28. An instance of \X with an unlimited repeat could fail if at any point the
+    first character it looked at was a mark character.
+
+29. Some minor code refactoring concerning Unicode properties and scripts
+    should reduce the stack requirement of match() slightly.
+
+30. Added the '=' option to pcretest to check the setting of unused capturing
+    slots at the end of the pattern, which are documented as being -1, but are
+    not included in the return count.
+
+31. If \k was not followed by a braced, angle-bracketed, or quoted name, PCRE
+    compiled something random. Now it gives a compile-time error (as does
+    Perl).
+
+32. A *MARK encountered during the processing of a positive assertion is now
+    recorded and passed back (compatible with Perl).
+
+33. If --only-matching or --colour was set on a pcregrep call whose pattern
+    had alternative anchored branches, the search for a second match in a line
+    was done as if at the line start. Thus, for example, /^01|^02/ incorrectly
+    matched the line "0102" twice. The same bug affected patterns that started
+    with a backwards assertion. For example /\b01|\b02/ also matched "0102"
+    twice.
+
+34. Previously, PCRE did not allow quantification of assertions. However, Perl
+    does, and because of capturing effects, quantifying parenthesized
+    assertions may at times be useful. Quantifiers are now allowed for
+    parenthesized assertions.
+
+35. A minor code tidy in pcre_compile() when checking options for \R usage.
+
+36. \g was being checked for fancy things in a character class, when it should
+    just be a literal "g".
+
+37. PCRE was rejecting [:a[:digit:]] whereas Perl was not. It seems that the
+    appearance of a nested POSIX class supersedes an apparent external class.
+    For example, [:a[:digit:]b:] matches "a", "b", ":", or a digit. Also,
+    unescaped square brackets may also appear as part of class names. For
+    example, [:a[:abc]b:] gives unknown class "[:abc]b:]". PCRE now behaves
+    more like Perl. (But see 8.20/1 above.)
+
+38. PCRE was giving an error for \N with a braced quantifier such as {1,} (this
+    was because it thought it was \N{name}, which is not supported).
+
+39. Add minix to OS list not supporting the -S option in pcretest.
+
+40. PCRE tries to detect cases of infinite recursion at compile time, but it
+    cannot analyze patterns in sufficient detail to catch mutual recursions
+    such as ((?1))((?2)). There is now a runtime test that gives an error if a
+    subgroup is called recursively as a subpattern for a second time at the
+    same position in the subject string. In previous releases this might have
+    been caught by the recursion limit, or it might have run out of stack.
+
+41. A pattern such as /(?(R)a+|(?R)b)/ is quite safe, as the recursion can
+    happen only once. PCRE was, however incorrectly giving a compile time error
+    "recursive call could loop indefinitely" because it cannot analyze the
+    pattern in sufficient detail. The compile time test no longer happens when
+    PCRE is compiling a conditional subpattern, but actual runaway loops are
+    now caught at runtime (see 40 above).
+
+42. It seems that Perl allows any characters other than a closing parenthesis
+    to be part of the NAME in (*MARK:NAME) and other backtracking verbs. PCRE
+    has been changed to be the same.
+
+43. Updated configure.ac to put in more quoting round AC_LANG_PROGRAM etc. so
+    as not to get warnings when autogen.sh is called. Also changed
+    AC_PROG_LIBTOOL (deprecated) to LT_INIT (the current macro).
+
+44. To help people who use pcregrep to scan files containing exceedingly long
+    lines, the following changes have been made:
+
+    (a) The default value of the buffer size parameter has been increased from
+        8K to 20K. (The actual buffer used is three times this size.)
+
+    (b) The default can be changed by ./configure --with-pcregrep-bufsize when
+        PCRE is built.
+
+    (c) A --buffer-size=n option has been added to pcregrep, to allow the size
+        to be set at run time.
+
+    (d) Numerical values in pcregrep options can be followed by K or M, for
+        example --buffer-size=50K.
+
+    (e) If a line being scanned overflows pcregrep's buffer, an error is now
+        given and the return code is set to 2.
+
+45. Add a pointer to the latest mark to the callout data block.
+
+46. The pattern /.(*F)/, when applied to "abc" with PCRE_PARTIAL_HARD, gave a
+    partial match of an empty string instead of no match. This was specific to
+    the use of ".".
+
+47. The pattern /f.*/8s, when applied to "for" with PCRE_PARTIAL_HARD, gave a
+    complete match instead of a partial match. This bug was dependent on both
+    the PCRE_UTF8 and PCRE_DOTALL options being set.
+
+48. For a pattern such as /\babc|\bdef/ pcre_study() was failing to set up the
+    starting byte set, because \b was not being ignored.
+
+
+Version 8.12 15-Jan-2011
+------------------------
+
+1.  Fixed some typos in the markup of the man pages, and wrote a script that
+    checks for such things as part of the documentation building process.
+
+2.  On a big-endian 64-bit system, pcregrep did not correctly process the
+    --match-limit and --recursion-limit options (added for 8.11). In
+    particular, this made one of the standard tests fail. (The integer value
+    went into the wrong half of a long int.)
+
+3.  If the --colour option was given to pcregrep with -v (invert match), it
+    did strange things, either producing crazy output, or crashing. It should,
+    of course, ignore a request for colour when reporting lines that do not
+    match.
+
+4.  Another pcregrep bug caused similar problems if --colour was specified with
+    -M (multiline) and the pattern match finished with a line ending.
+
+5.  In pcregrep, when a pattern that ended with a literal newline sequence was
+    matched in multiline mode, the following line was shown as part of the
+    match. This seems wrong, so I have changed it.
+
+6.  Another pcregrep bug in multiline mode, when --colour was specified, caused
+    the check for further matches in the same line (so they could be coloured)
+    to overrun the end of the current line. If another match was found, it was
+    incorrectly shown (and then shown again when found in the next line).
+
+7.  If pcregrep was compiled under Windows, there was a reference to the
+    function pcregrep_exit() before it was defined. I am assuming this was
+    the cause of the "error C2371: 'pcregrep_exit' : redefinition;" that was
+    reported by a user. I've moved the definition above the reference.
+
+
+Version 8.11 10-Dec-2010
+------------------------
+
+1.  (*THEN) was not working properly if there were untried alternatives prior
+    to it in the current branch. For example, in ((a|b)(*THEN)(*F)|c..) it
+    backtracked to try for "b" instead of moving to the next alternative branch
+    at the same level (in this case, to look for "c"). The Perl documentation
+    is clear that when (*THEN) is backtracked onto, it goes to the "next
+    alternative in the innermost enclosing group".
+
+2.  (*COMMIT) was not overriding (*THEN), as it does in Perl. In a pattern
+    such as   (A(*COMMIT)B(*THEN)C|D)  any failure after matching A should
+    result in overall failure. Similarly, (*COMMIT) now overrides (*PRUNE) and
+    (*SKIP), (*SKIP) overrides (*PRUNE) and (*THEN), and (*PRUNE) overrides
+    (*THEN).
+
+3.  If \s appeared in a character class, it removed the VT character from
+    the class, even if it had been included by some previous item, for example
+    in [\x00-\xff\s]. (This was a bug related to the fact that VT is not part
+    of \s, but is part of the POSIX "space" class.)
+
+4.  A partial match never returns an empty string (because you can always
+    match an empty string at the end of the subject); however the checking for
+    an empty string was starting at the "start of match" point. This has been
+    changed to the "earliest inspected character" point, because the returned
+    data for a partial match starts at this character. This means that, for
+    example, /(?<=abc)def/ gives a partial match for the subject "abc"
+    (previously it gave "no match").
+
+5.  Changes have been made to the way PCRE_PARTIAL_HARD affects the matching
+    of $, \z, \Z, \b, and \B. If the match point is at the end of the string,
+    previously a full match would be given. However, setting PCRE_PARTIAL_HARD
+    has an implication that the given string is incomplete (because a partial
+    match is preferred over a full match). For this reason, these items now
+    give a partial match in this situation. [Aside: previously, the one case
+    /t\b/ matched against "cat" with PCRE_PARTIAL_HARD set did return a partial
+    match rather than a full match, which was wrong by the old rules, but is
+    now correct.]
+
+6.  There was a bug in the handling of #-introduced comments, recognized when
+    PCRE_EXTENDED is set, when PCRE_NEWLINE_ANY and PCRE_UTF8 were also set.
+    If a UTF-8 multi-byte character included the byte 0x85 (e.g. +U0445, whose
+    UTF-8 encoding is 0xd1,0x85), this was misinterpreted as a newline when
+    scanning for the end of the comment. (*Character* 0x85 is an "any" newline,
+    but *byte* 0x85 is not, in UTF-8 mode). This bug was present in several
+    places in pcre_compile().
+
+7.  Related to (6) above, when pcre_compile() was skipping #-introduced
+    comments when looking ahead for named forward references to subpatterns,
+    the only newline sequence it recognized was NL. It now handles newlines
+    according to the set newline convention.
+
+8.  SunOS4 doesn't have strerror() or strtoul(); pcregrep dealt with the
+    former, but used strtoul(), whereas pcretest avoided strtoul() but did not
+    cater for a lack of strerror(). These oversights have been fixed.
+
+9.  Added --match-limit and --recursion-limit to pcregrep.
+
+10. Added two casts needed to build with Visual Studio when NO_RECURSE is set.
+
+11. When the -o option was used, pcregrep was setting a return code of 1, even
+    when matches were found, and --line-buffered was not being honoured.
+
+12. Added an optional parentheses number to the -o and --only-matching options
+    of pcregrep.
+
+13. Imitating Perl's /g action for multiple matches is tricky when the pattern
+    can match an empty string. The code to do it in pcretest and pcredemo
+    needed fixing:
+
+    (a) When the newline convention was "crlf", pcretest got it wrong, skipping
+        only one byte after an empty string match just before CRLF (this case
+        just got forgotten; "any" and "anycrlf" were OK).
+
+    (b) The pcretest code also had a bug, causing it to loop forever in UTF-8
+        mode when an empty string match preceded an ASCII character followed by
+        a non-ASCII character. (The code for advancing by one character rather
+        than one byte was nonsense.)
+
+    (c) The pcredemo.c sample program did not have any code at all to handle
+        the cases when CRLF is a valid newline sequence.
+
+14. Neither pcre_exec() nor pcre_dfa_exec() was checking that the value given
+    as a starting offset was within the subject string. There is now a new
+    error, PCRE_ERROR_BADOFFSET, which is returned if the starting offset is
+    negative or greater than the length of the string. In order to test this,
+    pcretest is extended to allow the setting of negative starting offsets.
+
+15. In both pcre_exec() and pcre_dfa_exec() the code for checking that the
+    starting offset points to the beginning of a UTF-8 character was
+    unnecessarily clumsy. I tidied it up.
+
+16. Added PCRE_ERROR_SHORTUTF8 to make it possible to distinguish between a
+    bad UTF-8 sequence and one that is incomplete when using PCRE_PARTIAL_HARD.
+
+17. Nobody had reported that the --include_dir option, which was added in
+    release 7.7 should have been called --include-dir (hyphen, not underscore)
+    for compatibility with GNU grep. I have changed it to --include-dir, but
+    left --include_dir as an undocumented synonym, and the same for
+    --exclude-dir, though that is not available in GNU grep, at least as of
+    release 2.5.4.
+
+18. At a user's suggestion, the macros GETCHAR and friends (which pick up UTF-8
+    characters from a string of bytes) have been redefined so as not to use
+    loops, in order to improve performance in some environments. At the same
+    time, I abstracted some of the common code into auxiliary macros to save
+    repetition (this should not affect the compiled code).
+
+19. If \c was followed by a multibyte UTF-8 character, bad things happened. A
+    compile-time error is now given if \c is not followed by an ASCII
+    character, that is, a byte less than 128. (In EBCDIC mode, the code is
+    different, and any byte value is allowed.)
+
+20. Recognize (*NO_START_OPT) at the start of a pattern to set the PCRE_NO_
+    START_OPTIMIZE option, which is now allowed at compile time - but just
+    passed through to pcre_exec() or pcre_dfa_exec(). This makes it available
+    to pcregrep and other applications that have no direct access to PCRE
+    options. The new /Y option in pcretest sets this option when calling
+    pcre_compile().
+
+21. Change 18 of release 8.01 broke the use of named subpatterns for recursive
+    back references. Groups containing recursive back references were forced to
+    be atomic by that change, but in the case of named groups, the amount of
+    memory required was incorrectly computed, leading to "Failed: internal
+    error: code overflow". This has been fixed.
+
+22. Some patches to pcre_stringpiece.h, pcre_stringpiece_unittest.cc, and
+    pcretest.c, to avoid build problems in some Borland environments.
+
+
+Version 8.10 25-Jun-2010
+------------------------
+
+1.  Added support for (*MARK:ARG) and for ARG additions to PRUNE, SKIP, and
+    THEN.
+
+2.  (*ACCEPT) was not working when inside an atomic group.
+
+3.  Inside a character class, \B is treated as a literal by default, but
+    faulted if PCRE_EXTRA is set. This mimics Perl's behaviour (the -w option
+    causes the error). The code is unchanged, but I tidied the documentation.
+
+4.  Inside a character class, PCRE always treated \R and \X as literals,
+    whereas Perl faults them if its -w option is set. I have changed PCRE so
+    that it faults them when PCRE_EXTRA is set.
+
+5.  Added support for \N, which always matches any character other than
+    newline. (It is the same as "." when PCRE_DOTALL is not set.)
+
+6.  When compiling pcregrep with newer versions of gcc which may have
+    FORTIFY_SOURCE set, several warnings "ignoring return value of 'fwrite',
+    declared with attribute warn_unused_result" were given. Just casting the
+    result to (void) does not stop the warnings; a more elaborate fudge is
+    needed. I've used a macro to implement this.
+
+7.  Minor change to pcretest.c to avoid a compiler warning.
+
+8.  Added four artifical Unicode properties to help with an option to make
+    \s etc use properties (see next item). The new properties are: Xan
+    (alphanumeric), Xsp (Perl space), Xps (POSIX space), and Xwd (word).
+
+9.  Added PCRE_UCP to make \b, \d, \s, \w, and certain POSIX character classes
+    use Unicode properties. (*UCP) at the start of a pattern can be used to set
+    this option. Modified pcretest to add /W to test this facility. Added
+    REG_UCP to make it available via the POSIX interface.
+
+10. Added --line-buffered to pcregrep.
+
+11. In UTF-8 mode, if a pattern that was compiled with PCRE_CASELESS was
+    studied, and the match started with a letter with a code point greater than
+    127 whose first byte was different to the first byte of the other case of
+    the letter, the other case of this starting letter was not recognized
+    (#976).
+
+12. If a pattern that was studied started with a repeated Unicode property
+    test, for example, \p{Nd}+, there was the theoretical possibility of
+    setting up an incorrect bitmap of starting bytes, but fortunately it could
+    not have actually happened in practice until change 8 above was made (it
+    added property types that matched character-matching opcodes).
+
+13. pcre_study() now recognizes \h, \v, and \R when constructing a bit map of
+    possible starting bytes for non-anchored patterns.
+
+14. Extended the "auto-possessify" feature of pcre_compile(). It now recognizes
+    \R, and also a number of cases that involve Unicode properties, both
+    explicit and implicit when PCRE_UCP is set.
+
+15. If a repeated Unicode property match (e.g. \p{Lu}*) was used with non-UTF-8
+    input, it could crash or give wrong results if characters with values
+    greater than 0xc0 were present in the subject string. (Detail: it assumed
+    UTF-8 input when processing these items.)
+
+16. Added a lot of (int) casts to avoid compiler warnings in systems where
+    size_t is 64-bit (#991).
+
+17. Added a check for running out of memory when PCRE is compiled with
+    --disable-stack-for-recursion (#990).
+
+18. If the last data line in a file for pcretest does not have a newline on
+    the end, a newline was missing in the output.
+
+19. The default pcre_chartables.c file recognizes only ASCII characters (values
+    less than 128) in its various bitmaps. However, there is a facility for
+    generating tables according to the current locale when PCRE is compiled. It
+    turns out that in some environments, 0x85 and 0xa0, which are Unicode space
+    characters, are recognized by isspace() and therefore were getting set in
+    these tables, and indeed these tables seem to approximate to ISO 8859. This
+    caused a problem in UTF-8 mode when pcre_study() was used to create a list
+    of bytes that can start a match. For \s, it was including 0x85 and 0xa0,
+    which of course cannot start UTF-8 characters. I have changed the code so
+    that only real ASCII characters (less than 128) and the correct starting
+    bytes for UTF-8 encodings are set for characters greater than 127 when in
+    UTF-8 mode. (When PCRE_UCP is set - see 9 above - the code is different
+    altogether.)
+
+20. Added the /T option to pcretest so as to be able to run tests with non-
+    standard character tables, thus making it possible to include the tests
+    used for 19 above in the standard set of tests.
+
+21. A pattern such as (?&t)(?#()(?(DEFINE)(?<t>a)) which has a forward
+    reference to a subpattern the other side of a comment that contains an
+    opening parenthesis caused either an internal compiling error, or a
+    reference to the wrong subpattern.
+
+
+Version 8.02 19-Mar-2010
+------------------------
+
+1.  The Unicode data tables have been updated to Unicode 5.2.0.
+
+2.  Added the option --libs-cpp to pcre-config, but only when C++ support is
+    configured.
+
+3.  Updated the licensing terms in the pcregexp.pas file, as agreed with the
+    original author of that file, following a query about its status.
+
+4.  On systems that do not have stdint.h (e.g. Solaris), check for and include
+    inttypes.h instead. This fixes a bug that was introduced by change 8.01/8.
+
+5.  A pattern such as (?&t)*+(?(DEFINE)(?<t>.)) which has a possessive
+    quantifier applied to a forward-referencing subroutine call, could compile
+    incorrect code or give the error "internal error: previously-checked
+    referenced subpattern not found".
+
+6.  Both MS Visual Studio and Symbian OS have problems with initializing
+    variables to point to external functions. For these systems, therefore,
+    pcre_malloc etc. are now initialized to local functions that call the
+    relevant global functions.
+
+7.  There were two entries missing in the vectors called coptable and poptable
+    in pcre_dfa_exec.c. This could lead to memory accesses outsize the vectors.
+    I've fixed the data, and added a kludgy way of testing at compile time that
+    the lengths are correct (equal to the number of opcodes).
+
+8.  Following on from 7, I added a similar kludge to check the length of the
+    eint vector in pcreposix.c.
+
+9.  Error texts for pcre_compile() are held as one long string to avoid too
+    much relocation at load time. To find a text, the string is searched,
+    counting zeros. There was no check for running off the end of the string,
+    which could happen if a new error number was added without updating the
+    string.
+
+10. \K gave a compile-time error if it appeared in a lookbehind assersion.
+
+11. \K was not working if it appeared in an atomic group or in a group that
+    was called as a "subroutine", or in an assertion. Perl 5.11 documents that
+    \K is "not well defined" if used in an assertion. PCRE now accepts it if
+    the assertion is positive, but not if it is negative.
+
+12. Change 11 fortuitously reduced the size of the stack frame used in the
+    "match()" function of pcre_exec.c by one pointer. Forthcoming
+    implementation of support for (*MARK) will need an extra pointer on the
+    stack; I have reserved it now, so that the stack frame size does not
+    decrease.
+
+13. A pattern such as (?P<L1>(?P<L2>0)|(?P>L2)(?P>L1)) in which the only other
+    item in branch that calls a recursion is a subroutine call - as in the
+    second branch in the above example - was incorrectly given the compile-
+    time error "recursive call could loop indefinitely" because pcre_compile()
+    was not correctly checking the subroutine for matching a non-empty string.
+
+14. The checks for overrunning compiling workspace could trigger after an
+    overrun had occurred. This is a "should never occur" error, but it can be
+    triggered by pathological patterns such as hundreds of nested parentheses.
+    The checks now trigger 100 bytes before the end of the workspace.
+
+15. Fix typo in configure.ac: "srtoq" should be "strtoq".
+
+
+Version 8.01 19-Jan-2010
+------------------------
+
+1.  If a pattern contained a conditional subpattern with only one branch (in
+    particular, this includes all (*DEFINE) patterns), a call to pcre_study()
+    computed the wrong minimum data length (which is of course zero for such
+    subpatterns). This could cause incorrect "no match" results.
+
+2.  For patterns such as (?i)a(?-i)b|c where an option setting at the start of
+    the pattern is reset in the first branch, pcre_compile() failed with
+    "internal error: code overflow at offset...". This happened only when
+    the reset was to the original external option setting. (An optimization
+    abstracts leading options settings into an external setting, which was the
+    cause of this.)
+
+3.  A pattern such as ^(?!a(*SKIP)b) where a negative assertion contained one
+    of the verbs SKIP, PRUNE, or COMMIT, did not work correctly. When the
+    assertion pattern did not match (meaning that the assertion was true), it
+    was incorrectly treated as false if the SKIP had been reached during the
+    matching. This also applied to assertions used as conditions.
+
+4.  If an item that is not supported by pcre_dfa_exec() was encountered in an
+    assertion subpattern, including such a pattern used as a condition,
+    unpredictable results occurred, instead of the error return
+    PCRE_ERROR_DFA_UITEM.
+
+5.  The C++ GlobalReplace function was not working like Perl for the special
+    situation when an empty string is matched. It now does the fancy magic
+    stuff that is necessary.
+
+6.  In pcre_internal.h, obsolete includes to setjmp.h and stdarg.h have been
+    removed. (These were left over from very, very early versions of PCRE.)
+
+7.  Some cosmetic changes to the code to make life easier when compiling it
+    as part of something else:
+
+    (a) Change DEBUG to PCRE_DEBUG.
+
+    (b) In pcre_compile(), rename the member of the "branch_chain" structure
+        called "current" as "current_branch", to prevent a collision with the
+        Linux macro when compiled as a kernel module.
+
+    (c) In pcre_study(), rename the function set_bit() as set_table_bit(), to
+        prevent a collision with the Linux macro when compiled as a kernel
+        module.
+
+8.  In pcre_compile() there are some checks for integer overflows that used to
+    cast potentially large values to (double). This has been changed to that
+    when building, a check for int64_t is made, and if it is found, it is used
+    instead, thus avoiding the use of floating point arithmetic. (There is no
+    other use of FP in PCRE.) If int64_t is not found, the fallback is to
+    double.
+
+9.  Added two casts to avoid signed/unsigned warnings from VS Studio Express
+    2005 (difference between two addresses compared to an unsigned value).
+
+10. Change the standard AC_CHECK_LIB test for libbz2 in configure.ac to a
+    custom one, because of the following reported problem in Windows:
+
+      - libbz2 uses the Pascal calling convention (WINAPI) for the functions
+          under Win32.
+      - The standard autoconf AC_CHECK_LIB fails to include "bzlib.h",
+          therefore missing the function definition.
+      - The compiler thus generates a "C" signature for the test function.
+      - The linker fails to find the "C" function.
+      - PCRE fails to configure if asked to do so against libbz2.
+
+11. When running libtoolize from libtool-2.2.6b as part of autogen.sh, these
+    messages were output:
+
+      Consider adding `AC_CONFIG_MACRO_DIR([m4])' to configure.ac and
+      rerunning libtoolize, to keep the correct libtool macros in-tree.
+      Consider adding `-I m4' to ACLOCAL_AMFLAGS in Makefile.am.
+
+    I have done both of these things.
+
+12. Although pcre_dfa_exec() does not use nearly as much stack as pcre_exec()
+    most of the time, it *can* run out if it is given a pattern that contains a
+    runaway infinite recursion. I updated the discussion in the pcrestack man
+    page.
+
+13. Now that we have gone to the x.xx style of version numbers, the minor
+    version may start with zero. Using 08 or 09 is a bad idea because users
+    might check the value of PCRE_MINOR in their code, and 08 or 09 may be
+    interpreted as invalid octal numbers. I've updated the previous comment in
+    configure.ac, and also added a check that gives an error if 08 or 09 are
+    used.
+
+14. Change 8.00/11 was not quite complete: code had been accidentally omitted,
+    causing partial matching to fail when the end of the subject matched \W
+    in a UTF-8 pattern where \W was quantified with a minimum of 3.
+
+15. There were some discrepancies between the declarations in pcre_internal.h
+    of _pcre_is_newline(), _pcre_was_newline(), and _pcre_valid_utf8() and
+    their definitions. The declarations used "const uschar *" and the
+    definitions used USPTR. Even though USPTR is normally defined as "const
+    unsigned char *" (and uschar is typedeffed as "unsigned char"), it was
+    reported that: "This difference in casting confuses some C++ compilers, for
+    example, SunCC recognizes above declarations as different functions and
+    generates broken code for hbpcre." I have changed the declarations to use
+    USPTR.
+
+16. GNU libtool is named differently on some systems. The autogen.sh script now
+    tries several variants such as glibtoolize (MacOSX) and libtoolize1x
+    (FreeBSD).
+
+17. Applied Craig's patch that fixes an HP aCC compile error in pcre 8.00
+    (strtoXX undefined when compiling pcrecpp.cc). The patch contains this
+    comment: "Figure out how to create a longlong from a string: strtoll and
+    equivalent. It's not enough to call AC_CHECK_FUNCS: hpux has a strtoll, for
+    instance, but it only takes 2 args instead of 3!"
+
+18. A subtle bug concerned with back references has been fixed by a change of
+    specification, with a corresponding code fix. A pattern such as
+    ^(xa|=?\1a)+$ which contains a back reference inside the group to which it
+    refers, was giving matches when it shouldn't. For example, xa=xaaa would
+    match that pattern. Interestingly, Perl (at least up to 5.11.3) has the
+    same bug. Such groups have to be quantified to be useful, or contained
+    inside another quantified group. (If there's no repetition, the reference
+    can never match.) The problem arises because, having left the group and
+    moved on to the rest of the pattern, a later failure that backtracks into
+    the group uses the captured value from the final iteration of the group
+    rather than the correct earlier one. I have fixed this in PCRE by forcing
+    any group that contains a reference to itself to be an atomic group; that
+    is, there cannot be any backtracking into it once it has completed. This is
+    similar to recursive and subroutine calls.
+
+
+Version 8.00 19-Oct-09
+----------------------
+
+1.  The table for translating pcre_compile() error codes into POSIX error codes
+    was out-of-date, and there was no check on the pcre_compile() error code
+    being within the table. This could lead to an OK return being given in
+    error.
+
+2.  Changed the call to open a subject file in pcregrep from fopen(pathname,
+    "r") to fopen(pathname, "rb"), which fixed a problem with some of the tests
+    in a Windows environment.
+
+3.  The pcregrep --count option prints the count for each file even when it is
+    zero, as does GNU grep. However, pcregrep was also printing all files when
+    --files-with-matches was added. Now, when both options are given, it prints
+    counts only for those files that have at least one match. (GNU grep just
+    prints the file name in this circumstance, but including the count seems
+    more useful - otherwise, why use --count?) Also ensured that the
+    combination -clh just lists non-zero counts, with no names.
+
+4.  The long form of the pcregrep -F option was incorrectly implemented as
+    --fixed_strings instead of --fixed-strings. This is an incompatible change,
+    but it seems right to fix it, and I didn't think it was worth preserving
+    the old behaviour.
+
+5.  The command line items --regex=pattern and --regexp=pattern were not
+    recognized by pcregrep, which required --regex pattern or --regexp pattern
+    (with a space rather than an '='). The man page documented the '=' forms,
+    which are compatible with GNU grep; these now work.
+
+6.  No libpcreposix.pc file was created for pkg-config; there was just
+    libpcre.pc and libpcrecpp.pc. The omission has been rectified.
+
+7.  Added #ifndef SUPPORT_UCP into the pcre_ucd.c module, to reduce its size
+    when UCP support is not needed, by modifying the Python script that
+    generates it from Unicode data files. This should not matter if the module
+    is correctly used as a library, but I received one complaint about 50K of
+    unwanted data. My guess is that the person linked everything into his
+    program rather than using a library. Anyway, it does no harm.
+
+8.  A pattern such as /\x{123}{2,2}+/8 was incorrectly compiled; the trigger
+    was a minimum greater than 1 for a wide character in a possessive
+    repetition. The same bug could also affect patterns like /(\x{ff}{0,2})*/8
+    which had an unlimited repeat of a nested, fixed maximum repeat of a wide
+    character. Chaos in the form of incorrect output or a compiling loop could
+    result.
+
+9.  The restrictions on what a pattern can contain when partial matching is
+    requested for pcre_exec() have been removed. All patterns can now be
+    partially matched by this function. In addition, if there are at least two
+    slots in the offset vector, the offset of the earliest inspected character
+    for the match and the offset of the end of the subject are set in them when
+    PCRE_ERROR_PARTIAL is returned.
+
+10. Partial matching has been split into two forms: PCRE_PARTIAL_SOFT, which is
+    synonymous with PCRE_PARTIAL, for backwards compatibility, and
+    PCRE_PARTIAL_HARD, which causes a partial match to supersede a full match,
+    and may be more useful for multi-segment matching.
+
+11. Partial matching with pcre_exec() is now more intuitive. A partial match
+    used to be given if ever the end of the subject was reached; now it is
+    given only if matching could not proceed because another character was
+    needed. This makes a difference in some odd cases such as Z(*FAIL) with the
+    string "Z", which now yields "no match" instead of "partial match". In the
+    case of pcre_dfa_exec(), "no match" is given if every matching path for the
+    final character ended with (*FAIL).
+
+12. Restarting a match using pcre_dfa_exec() after a partial match did not work
+    if the pattern had a "must contain" character that was already found in the
+    earlier partial match, unless partial matching was again requested. For
+    example, with the pattern /dog.(body)?/, the "must contain" character is
+    "g". If the first part-match was for the string "dog", restarting with
+    "sbody" failed. This bug has been fixed.
+
+13. The string returned by pcre_dfa_exec() after a partial match has been
+    changed so that it starts at the first inspected character rather than the
+    first character of the match. This makes a difference only if the pattern
+    starts with a lookbehind assertion or \b or \B (\K is not supported by
+    pcre_dfa_exec()). It's an incompatible change, but it makes the two
+    matching functions compatible, and I think it's the right thing to do.
+
+14. Added a pcredemo man page, created automatically from the pcredemo.c file,
+    so that the demonstration program is easily available in environments where
+    PCRE has not been installed from source.
+
+15. Arranged to add -DPCRE_STATIC to cflags in libpcre.pc, libpcreposix.cp,
+    libpcrecpp.pc and pcre-config when PCRE is not compiled as a shared
+    library.
+
+16. Added REG_UNGREEDY to the pcreposix interface, at the request of a user.
+    It maps to PCRE_UNGREEDY. It is not, of course, POSIX-compatible, but it
+    is not the first non-POSIX option to be added. Clearly some people find
+    these options useful.
+
+17. If a caller to the POSIX matching function regexec() passes a non-zero
+    value for nmatch with a NULL value for pmatch, the value of
+    nmatch is forced to zero.
+
+18. RunGrepTest did not have a test for the availability of the -u option of
+    the diff command, as RunTest does. It now checks in the same way as
+    RunTest, and also checks for the -b option.
+
+19. If an odd number of negated classes containing just a single character
+    interposed, within parentheses, between a forward reference to a named
+    subpattern and the definition of the subpattern, compilation crashed with
+    an internal error, complaining that it could not find the referenced
+    subpattern. An example of a crashing pattern is /(?&A)(([^m])(?<A>))/.
+    [The bug was that it was starting one character too far in when skipping
+    over the character class, thus treating the ] as data rather than
+    terminating the class. This meant it could skip too much.]
+
+20. Added PCRE_NOTEMPTY_ATSTART in order to be able to correctly implement the
+    /g option in pcretest when the pattern contains \K, which makes it possible
+    to have an empty string match not at the start, even when the pattern is
+    anchored. Updated pcretest and pcredemo to use this option.
+
+21. If the maximum number of capturing subpatterns in a recursion was greater
+    than the maximum at the outer level, the higher number was returned, but
+    with unset values at the outer level. The correct (outer level) value is
+    now given.
+
+22. If (*ACCEPT) appeared inside capturing parentheses, previous releases of
+    PCRE did not set those parentheses (unlike Perl). I have now found a way to
+    make it do so. The string so far is captured, making this feature
+    compatible with Perl.
+
+23. The tests have been re-organized, adding tests 11 and 12, to make it
+    possible to check the Perl 5.10 features against Perl 5.10.
+
+24. Perl 5.10 allows subroutine calls in lookbehinds, as long as the subroutine
+    pattern matches a fixed length string. PCRE did not allow this; now it
+    does. Neither allows recursion.
+
+25. I finally figured out how to implement a request to provide the minimum
+    length of subject string that was needed in order to match a given pattern.
+    (It was back references and recursion that I had previously got hung up
+    on.) This code has now been added to pcre_study(); it finds a lower bound
+    to the length of subject needed. It is not necessarily the greatest lower
+    bound, but using it to avoid searching strings that are too short does give
+    some useful speed-ups. The value is available to calling programs via
+    pcre_fullinfo().
+
+26. While implementing 25, I discovered to my embarrassment that pcretest had
+    not been passing the result of pcre_study() to pcre_dfa_exec(), so the
+    study optimizations had never been tested with that matching function.
+    Oops. What is worse, even when it was passed study data, there was a bug in
+    pcre_dfa_exec() that meant it never actually used it. Double oops. There
+    were also very few tests of studied patterns with pcre_dfa_exec().
+
+27. If (?| is used to create subpatterns with duplicate numbers, they are now
+    allowed to have the same name, even if PCRE_DUPNAMES is not set. However,
+    on the other side of the coin, they are no longer allowed to have different
+    names, because these cannot be distinguished in PCRE, and this has caused
+    confusion. (This is a difference from Perl.)
+
+28. When duplicate subpattern names are present (necessarily with different
+    numbers, as required by 27 above), and a test is made by name in a
+    conditional pattern, either for a subpattern having been matched, or for
+    recursion in such a pattern, all the associated numbered subpatterns are
+    tested, and the overall condition is true if the condition is true for any
+    one of them. This is the way Perl works, and is also more like the way
+    testing by number works.
+
+
+Version 7.9 11-Apr-09
+---------------------
+
+1.  When building with support for bzlib/zlib (pcregrep) and/or readline
+    (pcretest), all targets were linked against these libraries. This included
+    libpcre, libpcreposix, and libpcrecpp, even though they do not use these
+    libraries. This caused unwanted dependencies to be created. This problem
+    has been fixed, and now only pcregrep is linked with bzlib/zlib and only
+    pcretest is linked with readline.
+
+2.  The "typedef int BOOL" in pcre_internal.h that was included inside the
+    "#ifndef FALSE" condition by an earlier change (probably 7.8/18) has been
+    moved outside it again, because FALSE and TRUE are already defined in AIX,
+    but BOOL is not.
+
+3.  The pcre_config() function was treating the PCRE_MATCH_LIMIT and
+    PCRE_MATCH_LIMIT_RECURSION values as ints, when they should be long ints.
+
+4.  The pcregrep documentation said spaces were inserted as well as colons (or
+    hyphens) following file names and line numbers when outputting matching
+    lines. This is not true; no spaces are inserted. I have also clarified the
+    wording for the --colour (or --color) option.
+
+5.  In pcregrep, when --colour was used with -o, the list of matching strings
+    was not coloured; this is different to GNU grep, so I have changed it to be
+    the same.
+
+6.  When --colo(u)r was used in pcregrep, only the first matching substring in
+    each matching line was coloured. Now it goes on to look for further matches
+    of any of the test patterns, which is the same behaviour as GNU grep.
+
+7.  A pattern that could match an empty string could cause pcregrep to loop; it
+    doesn't make sense to accept an empty string match in pcregrep, so I have
+    locked it out (using PCRE's PCRE_NOTEMPTY option). By experiment, this
+    seems to be how GNU grep behaves. [But see later change 40 for release
+    8.33.]
+
+8.  The pattern (?(?=.*b)b|^) was incorrectly compiled as "match must be at
+    start or after a newline", because the conditional assertion was not being
+    correctly handled. The rule now is that both the assertion and what follows
+    in the first alternative must satisfy the test.
+
+9.  If auto-callout was enabled in a pattern with a conditional group whose
+    condition was an assertion, PCRE could crash during matching, both with
+    pcre_exec() and pcre_dfa_exec().
+
+10. The PCRE_DOLLAR_ENDONLY option was not working when pcre_dfa_exec() was
+    used for matching.
+
+11. Unicode property support in character classes was not working for
+    characters (bytes) greater than 127 when not in UTF-8 mode.
+
+12. Added the -M command line option to pcretest.
+
+14. Added the non-standard REG_NOTEMPTY option to the POSIX interface.
+
+15. Added the PCRE_NO_START_OPTIMIZE match-time option.
+
+16. Added comments and documentation about mis-use of no_arg in the C++
+    wrapper.
+
+17. Implemented support for UTF-8 encoding in EBCDIC environments, a patch
+    from Martin Jerabek that uses macro names for all relevant character and
+    string constants.
+
+18. Added to pcre_internal.h two configuration checks: (a) If both EBCDIC and
+    SUPPORT_UTF8 are set, give an error; (b) If SUPPORT_UCP is set without
+    SUPPORT_UTF8, define SUPPORT_UTF8. The "configure" script handles both of
+    these, but not everybody uses configure.
+
+19. A conditional group that had only one branch was not being correctly
+    recognized as an item that could match an empty string. This meant that an
+    enclosing group might also not be so recognized, causing infinite looping
+    (and probably a segfault) for patterns such as ^"((?(?=[a])[^"])|b)*"$
+    with the subject "ab", where knowledge that the repeated group can match
+    nothing is needed in order to break the loop.
+
+20. If a pattern that was compiled with callouts was matched using pcre_dfa_
+    exec(), but without supplying a callout function, matching went wrong.
+
+21. If PCRE_ERROR_MATCHLIMIT occurred during a recursion, there was a memory
+    leak if the size of the offset vector was greater than 30. When the vector
+    is smaller, the saved offsets during recursion go onto a local stack
+    vector, but for larger vectors malloc() is used. It was failing to free
+    when the recursion yielded PCRE_ERROR_MATCH_LIMIT (or any other "abnormal"
+    error, in fact).
+
+22. There was a missing #ifdef SUPPORT_UTF8 round one of the variables in the
+    heapframe that is used only when UTF-8 support is enabled. This caused no
+    problem, but was untidy.
+
+23. Steven Van Ingelgem's patch to CMakeLists.txt to change the name
+    CMAKE_BINARY_DIR to PROJECT_BINARY_DIR so that it works when PCRE is
+    included within another project.
+
+24. Steven Van Ingelgem's patches to add more options to the CMake support,
+    slightly modified by me:
+
+      (a) PCRE_BUILD_TESTS can be set OFF not to build the tests, including
+          not building pcregrep.
+
+      (b) PCRE_BUILD_PCREGREP can be see OFF not to build pcregrep, but only
+          if PCRE_BUILD_TESTS is also set OFF, because the tests use pcregrep.
+
+25. Forward references, both numeric and by name, in patterns that made use of
+    duplicate group numbers, could behave incorrectly or give incorrect errors,
+    because when scanning forward to find the reference group, PCRE was not
+    taking into account the duplicate group numbers. A pattern such as
+    ^X(?3)(a)(?|(b)|(q))(Y) is an example.
+
+26. Changed a few more instances of "const unsigned char *" to USPTR, making
+    the feature of a custom pointer more persuasive (as requested by a user).
+
+27. Wrapped the definitions of fileno and isatty for Windows, which appear in
+    pcretest.c, inside #ifndefs, because it seems they are sometimes already
+    pre-defined.
+
+28. Added support for (*UTF8) at the start of a pattern.
+
+29. Arrange for flags added by the "release type" setting in CMake to be shown
+    in the configuration summary.
+
+
+Version 7.8 05-Sep-08
+---------------------
+
+1.  Replaced UCP searching code with optimized version as implemented for Ad
+    Muncher (http://www.admuncher.com/) by Peter Kankowski. This uses a two-
+    stage table and inline lookup instead of a function, giving speed ups of 2
+    to 5 times on some simple patterns that I tested. Permission was given to
+    distribute the MultiStage2.py script that generates the tables (it's not in
+    the tarball, but is in the Subversion repository).
+
+2.  Updated the Unicode datatables to Unicode 5.1.0. This adds yet more
+    scripts.
+
+3.  Change 12 for 7.7 introduced a bug in pcre_study() when a pattern contained
+    a group with a zero qualifier. The result of the study could be incorrect,
+    or the function might crash, depending on the pattern.
+
+4.  Caseless matching was not working for non-ASCII characters in back
+    references. For example, /(\x{de})\1/8i was not matching \x{de}\x{fe}.
+    It now works when Unicode Property Support is available.
+
+5.  In pcretest, an escape such as \x{de} in the data was always generating
+    a UTF-8 string, even in non-UTF-8 mode. Now it generates a single byte in
+    non-UTF-8 mode. If the value is greater than 255, it gives a warning about
+    truncation.
+
+6.  Minor bugfix in pcrecpp.cc (change "" == ... to NULL == ...).
+
+7.  Added two (int) casts to pcregrep when printing the difference of two
+    pointers, in case they are 64-bit values.
+
+8.  Added comments about Mac OS X stack usage to the pcrestack man page and to
+    test 2 if it fails.
+
+9.  Added PCRE_CALL_CONVENTION just before the names of all exported functions,
+    and a #define of that name to empty if it is not externally set. This is to
+    allow users of MSVC to set it if necessary.
+
+10. The PCRE_EXP_DEFN macro which precedes exported functions was missing from
+    the convenience functions in the pcre_get.c source file.
+
+11. An option change at the start of a pattern that had top-level alternatives
+    could cause overwriting and/or a crash. This command provoked a crash in
+    some environments:
+
+      printf "/(?i)[\xc3\xa9\xc3\xbd]|[\xc3\xa9\xc3\xbdA]/8\n" | pcretest
+
+    This potential security problem was recorded as CVE-2008-2371.
+
+12. For a pattern where the match had to start at the beginning or immediately
+    after a newline (e.g /.*anything/ without the DOTALL flag), pcre_exec() and
+    pcre_dfa_exec() could read past the end of the passed subject if there was
+    no match. To help with detecting such bugs (e.g. with valgrind), I modified
+    pcretest so that it places the subject at the end of its malloc-ed buffer.
+
+13. The change to pcretest in 12 above threw up a couple more cases when pcre_
+    exec() might read past the end of the data buffer in UTF-8 mode.
+
+14. A similar bug to 7.3/2 existed when the PCRE_FIRSTLINE option was set and
+    the data contained the byte 0x85 as part of a UTF-8 character within its
+    first line. This applied both to normal and DFA matching.
+
+15. Lazy qualifiers were not working in some cases in UTF-8 mode. For example,
+    /^[^d]*?$/8 failed to match "abc".
+
+16. Added a missing copyright notice to pcrecpp_internal.h.
+
+17. Make it more clear in the documentation that values returned from
+    pcre_exec() in ovector are byte offsets, not character counts.
+
+18. Tidied a few places to stop certain compilers from issuing warnings.
+
+19. Updated the Virtual Pascal + BCC files to compile the latest v7.7, as
+    supplied by Stefan Weber. I made a further small update for 7.8 because
+    there is a change of source arrangements: the pcre_searchfuncs.c module is
+    replaced by pcre_ucd.c.
+
+
+Version 7.7 07-May-08
+---------------------
+
+1.  Applied Craig's patch to sort out a long long problem: "If we can't convert
+    a string to a long long, pretend we don't even have a long long." This is
+    done by checking for the strtoq, strtoll, and _strtoi64 functions.
+
+2.  Applied Craig's patch to pcrecpp.cc to restore ABI compatibility with
+    pre-7.6 versions, which defined a global no_arg variable instead of putting
+    it in the RE class. (See also #8 below.)
+
+3.  Remove a line of dead code, identified by coverity and reported by Nuno
+    Lopes.
+
+4.  Fixed two related pcregrep bugs involving -r with --include or --exclude:
+
+    (1) The include/exclude patterns were being applied to the whole pathnames
+        of files, instead of just to the final components.
+
+    (2) If there was more than one level of directory, the subdirectories were
+        skipped unless they satisfied the include/exclude conditions. This is
+        inconsistent with GNU grep (and could even be seen as contrary to the
+        pcregrep specification - which I improved to make it absolutely clear).
+        The action now is always to scan all levels of directory, and just
+        apply the include/exclude patterns to regular files.
+
+5.  Added the --include_dir and --exclude_dir patterns to pcregrep, and used
+    --exclude_dir in the tests to avoid scanning .svn directories.
+
+6.  Applied Craig's patch to the QuoteMeta function so that it escapes the
+    NUL character as backslash + 0 rather than backslash + NUL, because PCRE
+    doesn't support NULs in patterns.
+
+7.  Added some missing "const"s to declarations of static tables in
+    pcre_compile.c and pcre_dfa_exec.c.
+
+8.  Applied Craig's patch to pcrecpp.cc to fix a problem in OS X that was
+    caused by fix #2  above. (Subsequently also a second patch to fix the
+    first patch. And a third patch - this was a messy problem.)
+
+9.  Applied Craig's patch to remove the use of push_back().
+
+10. Applied Alan Lehotsky's patch to add REG_STARTEND support to the POSIX
+    matching function regexec().
+
+11. Added support for the Oniguruma syntax \g<name>, \g<n>, \g'name', \g'n',
+    which, however, unlike Perl's \g{...}, are subroutine calls, not back
+    references. PCRE supports relative numbers with this syntax (I don't think
+    Oniguruma does).
+
+12. Previously, a group with a zero repeat such as (...){0} was completely
+    omitted from the compiled regex. However, this means that if the group
+    was called as a subroutine from elsewhere in the pattern, things went wrong
+    (an internal error was given). Such groups are now left in the compiled
+    pattern, with a new opcode that causes them to be skipped at execution
+    time.
+
+13. Added the PCRE_JAVASCRIPT_COMPAT option. This makes the following changes
+    to the way PCRE behaves:
+
+    (a) A lone ] character is dis-allowed (Perl treats it as data).
+
+    (b) A back reference to an unmatched subpattern matches an empty string
+        (Perl fails the current match path).
+
+    (c) A data ] in a character class must be notated as \] because if the
+        first data character in a class is ], it defines an empty class. (In
+        Perl it is not possible to have an empty class.) The empty class []
+        never matches; it forces failure and is equivalent to (*FAIL) or (?!).
+        The negative empty class [^] matches any one character, independently
+        of the DOTALL setting.
+
+14. A pattern such as /(?2)[]a()b](abc)/ which had a forward reference to a
+    non-existent subpattern following a character class starting with ']' and
+    containing () gave an internal compiling error instead of "reference to
+    non-existent subpattern". Fortunately, when the pattern did exist, the
+    compiled code was correct. (When scanning forwards to check for the
+    existence of the subpattern, it was treating the data ']' as terminating
+    the class, so got the count wrong. When actually compiling, the reference
+    was subsequently set up correctly.)
+
+15. The "always fail" assertion (?!) is optimzed to (*FAIL) by pcre_compile;
+    it was being rejected as not supported by pcre_dfa_exec(), even though
+    other assertions are supported. I have made pcre_dfa_exec() support
+    (*FAIL).
+
+16. The implementation of 13c above involved the invention of a new opcode,
+    OP_ALLANY, which is like OP_ANY but doesn't check the /s flag. Since /s
+    cannot be changed at match time, I realized I could make a small
+    improvement to matching performance by compiling OP_ALLANY instead of
+    OP_ANY for "." when DOTALL was set, and then removing the runtime tests
+    on the OP_ANY path.
+
+17. Compiling pcretest on Windows with readline support failed without the
+    following two fixes: (1) Make the unistd.h include conditional on
+    HAVE_UNISTD_H; (2) #define isatty and fileno as _isatty and _fileno.
+
+18. Changed CMakeLists.txt and cmake/FindReadline.cmake to arrange for the
+    ncurses library to be included for pcretest when ReadLine support is
+    requested, but also to allow for it to be overridden. This patch came from
+    Daniel Bergstr�m.
+
+19. There was a typo in the file ucpinternal.h where f0_rangeflag was defined
+    as 0x00f00000 instead of 0x00800000. Luckily, this would not have caused
+    any errors with the current Unicode tables. Thanks to Peter Kankowski for
+    spotting this.
+
+
+Version 7.6 28-Jan-08
+---------------------
+
+1.  A character class containing a very large number of characters with
+    codepoints greater than 255 (in UTF-8 mode, of course) caused a buffer
+    overflow.
+
+2.  Patch to cut out the "long long" test in pcrecpp_unittest when
+    HAVE_LONG_LONG is not defined.
+
+3.  Applied Christian Ehrlicher's patch to update the CMake build files to
+    bring them up to date and include new features. This patch includes:
+
+    - Fixed PH's badly added libz and libbz2 support.
+    - Fixed a problem with static linking.
+    - Added pcredemo. [But later removed - see 7 below.]
+    - Fixed dftables problem and added an option.
+    - Added a number of HAVE_XXX tests, including HAVE_WINDOWS_H and
+        HAVE_LONG_LONG.
+    - Added readline support for pcretest.
+    - Added an listing of the option settings after cmake has run.
+
+4.  A user submitted a patch to Makefile that makes it easy to create
+    "pcre.dll" under mingw when using Configure/Make. I added stuff to
+    Makefile.am that cause it to include this special target, without
+    affecting anything else. Note that the same mingw target plus all
+    the other distribution libraries and programs are now supported
+    when configuring with CMake (see 6 below) instead of with
+    Configure/Make.
+
+5.  Applied Craig's patch that moves no_arg into the RE class in the C++ code.
+    This is an attempt to solve the reported problem "pcrecpp::no_arg is not
+    exported in the Windows port". It has not yet been confirmed that the patch
+    solves the problem, but it does no harm.
+
+6.  Applied Sheri's patch to CMakeLists.txt to add NON_STANDARD_LIB_PREFIX and
+    NON_STANDARD_LIB_SUFFIX for dll names built with mingw when configured
+    with CMake, and also correct the comment about stack recursion.
+
+7.  Remove the automatic building of pcredemo from the ./configure system and
+    from CMakeLists.txt. The whole idea of pcredemo.c is that it is an example
+    of a program that users should build themselves after PCRE is installed, so
+    building it automatically is not really right. What is more, it gave
+    trouble in some build environments.
+
+8.  Further tidies to CMakeLists.txt from Sheri and Christian.
+
+
+Version 7.5 10-Jan-08
+---------------------
+
+1.  Applied a patch from Craig: "This patch makes it possible to 'ignore'
+    values in parens when parsing an RE using the C++ wrapper."
+
+2.  Negative specials like \S did not work in character classes in UTF-8 mode.
+    Characters greater than 255 were excluded from the class instead of being
+    included.
+
+3.  The same bug as (2) above applied to negated POSIX classes such as
+    [:^space:].
+
+4.  PCRECPP_STATIC was referenced in pcrecpp_internal.h, but nowhere was it
+    defined or documented. It seems to have been a typo for PCRE_STATIC, so
+    I have changed it.
+
+5.  The construct (?&) was not diagnosed as a syntax error (it referenced the
+    first named subpattern) and a construct such as (?&a) would reference the
+    first named subpattern whose name started with "a" (in other words, the
+    length check was missing). Both these problems are fixed. "Subpattern name
+    expected" is now given for (?&) (a zero-length name), and this patch also
+    makes it give the same error for \k'' (previously it complained that that
+    was a reference to a non-existent subpattern).
+
+6.  The erroneous patterns (?+-a) and (?-+a) give different error messages;
+    this is right because (?- can be followed by option settings as well as by
+    digits. I have, however, made the messages clearer.
+
+7.  Patterns such as (?(1)a|b) (a pattern that contains fewer subpatterns
+    than the number used in the conditional) now cause a compile-time error.
+    This is actually not compatible with Perl, which accepts such patterns, but
+    treats the conditional as always being FALSE (as PCRE used to), but it
+    seems to me that giving a diagnostic is better.
+
+8.  Change "alphameric" to the more common word "alphanumeric" in comments
+    and messages.
+
+9.  Fix two occurrences of "backslash" in comments that should have been
+    "backspace".
+
+10. Remove two redundant lines of code that can never be obeyed (their function
+    was moved elsewhere).
+
+11. The program that makes PCRE's Unicode character property table had a bug
+    which caused it to generate incorrect table entries for sequences of
+    characters that have the same character type, but are in different scripts.
+    It amalgamated them into a single range, with the script of the first of
+    them. In other words, some characters were in the wrong script. There were
+    thirteen such cases, affecting characters in the following ranges:
+
+      U+002b0 - U+002c1
+      U+0060c - U+0060d
+      U+0061e - U+00612
+      U+0064b - U+0065e
+      U+0074d - U+0076d
+      U+01800 - U+01805
+      U+01d00 - U+01d77
+      U+01d9b - U+01dbf
+      U+0200b - U+0200f
+      U+030fc - U+030fe
+      U+03260 - U+0327f
+      U+0fb46 - U+0fbb1
+      U+10450 - U+1049d
+
+12. The -o option (show only the matching part of a line) for pcregrep was not
+    compatible with GNU grep in that, if there was more than one match in a
+    line, it showed only the first of them. It now behaves in the same way as
+    GNU grep.
+
+13. If the -o and -v options were combined for pcregrep, it printed a blank
+    line for every non-matching line. GNU grep prints nothing, and pcregrep now
+    does the same. The return code can be used to tell if there were any
+    non-matching lines.
+
+14. Added --file-offsets and --line-offsets to pcregrep.
+
+15. The pattern (?=something)(?R) was not being diagnosed as a potentially
+    infinitely looping recursion. The bug was that positive lookaheads were not
+    being skipped when checking for a possible empty match (negative lookaheads
+    and both kinds of lookbehind were skipped).
+
+16. Fixed two typos in the Windows-only code in pcregrep.c, and moved the
+    inclusion of <windows.h> to before rather than after the definition of
+    INVALID_FILE_ATTRIBUTES (patch from David Byron).
+
+17. Specifying a possessive quantifier with a specific limit for a Unicode
+    character property caused pcre_compile() to compile bad code, which led at
+    runtime to PCRE_ERROR_INTERNAL (-14). Examples of patterns that caused this
+    are: /\p{Zl}{2,3}+/8 and /\p{Cc}{2}+/8. It was the possessive "+" that
+    caused the error; without that there was no problem.
+
+18. Added --enable-pcregrep-libz and --enable-pcregrep-libbz2.
+
+19. Added --enable-pcretest-libreadline.
+
+20. In pcrecpp.cc, the variable 'count' was incremented twice in
+    RE::GlobalReplace(). As a result, the number of replacements returned was
+    double what it should be. I removed one of the increments, but Craig sent a
+    later patch that removed the other one (the right fix) and added unit tests
+    that check the return values (which was not done before).
+
+21. Several CMake things:
+
+    (1) Arranged that, when cmake is used on Unix, the libraries end up with
+        the names libpcre and libpcreposix, not just pcre and pcreposix.
+
+    (2) The above change means that pcretest and pcregrep are now correctly
+        linked with the newly-built libraries, not previously installed ones.
+
+    (3) Added PCRE_SUPPORT_LIBREADLINE, PCRE_SUPPORT_LIBZ, PCRE_SUPPORT_LIBBZ2.
+
+22. In UTF-8 mode, with newline set to "any", a pattern such as .*a.*=.b.*
+    crashed when matching a string such as a\x{2029}b (note that \x{2029} is a
+    UTF-8 newline character). The key issue is that the pattern starts .*;
+    this means that the match must be either at the beginning, or after a
+    newline. The bug was in the code for advancing after a failed match and
+    checking that the new position followed a newline. It was not taking
+    account of UTF-8 characters correctly.
+
+23. PCRE was behaving differently from Perl in the way it recognized POSIX
+    character classes. PCRE was not treating the sequence [:...:] as a
+    character class unless the ... were all letters. Perl, however, seems to
+    allow any characters between [: and :], though of course it rejects as
+    unknown any "names" that contain non-letters, because all the known class
+    names consist only of letters. Thus, Perl gives an error for [[:1234:]],
+    for example, whereas PCRE did not - it did not recognize a POSIX character
+    class. This seemed a bit dangerous, so the code has been changed to be
+    closer to Perl. The behaviour is not identical to Perl, because PCRE will
+    diagnose an unknown class for, for example, [[:l\ower:]] where Perl will
+    treat it as [[:lower:]]. However, PCRE does now give "unknown" errors where
+    Perl does, and where it didn't before.
+
+24. Rewrite so as to remove the single use of %n from pcregrep because in some
+    Windows environments %n is disabled by default.
+
+
+Version 7.4 21-Sep-07
+---------------------
+
+1.  Change 7.3/28 was implemented for classes by looking at the bitmap. This
+    means that a class such as [\s] counted as "explicit reference to CR or
+    LF". That isn't really right - the whole point of the change was to try to
+    help when there was an actual mention of one of the two characters. So now
+    the change happens only if \r or \n (or a literal CR or LF) character is
+    encountered.
+
+2.  The 32-bit options word was also used for 6 internal flags, but the numbers
+    of both had grown to the point where there were only 3 bits left.
+    Fortunately, there was spare space in the data structure, and so I have
+    moved the internal flags into a new 16-bit field to free up more option
+    bits.
+
+3.  The appearance of (?J) at the start of a pattern set the DUPNAMES option,
+    but did not set the internal JCHANGED flag - either of these is enough to
+    control the way the "get" function works - but the PCRE_INFO_JCHANGED
+    facility is supposed to tell if (?J) was ever used, so now (?J) at the
+    start sets both bits.
+
+4.  Added options (at build time, compile time, exec time) to change \R from
+    matching any Unicode line ending sequence to just matching CR, LF, or CRLF.
+
+5.  doc/pcresyntax.html was missing from the distribution.
+
+6.  Put back the definition of PCRE_ERROR_NULLWSLIMIT, for backward
+    compatibility, even though it is no longer used.
+
+7.  Added macro for snprintf to pcrecpp_unittest.cc and also for strtoll and
+    strtoull to pcrecpp.cc to select the available functions in WIN32 when the
+    windows.h file is present (where different names are used). [This was
+    reversed later after testing - see 16 below.]
+
+8.  Changed all #include <config.h> to #include "config.h". There were also
+    some further <pcre.h> cases that I changed to "pcre.h".
+
+9.  When pcregrep was used with the --colour option, it missed the line ending
+    sequence off the lines that it output.
+
+10. It was pointed out to me that arrays of string pointers cause lots of
+    relocations when a shared library is dynamically loaded. A technique of
+    using a single long string with a table of offsets can drastically reduce
+    these. I have refactored PCRE in four places to do this. The result is
+    dramatic:
+
+      Originally:                          290
+      After changing UCP table:            187
+      After changing error message table:   43
+      After changing table of "verbs"       36
+      After changing table of Posix names   22
+
+    Thanks to the folks working on Gregex for glib for this insight.
+
+11. --disable-stack-for-recursion caused compiling to fail unless -enable-
+    unicode-properties was also set.
+
+12. Updated the tests so that they work when \R is defaulted to ANYCRLF.
+
+13. Added checks for ANY and ANYCRLF to pcrecpp.cc where it previously
+    checked only for CRLF.
+
+14. Added casts to pcretest.c to avoid compiler warnings.
+
+15. Added Craig's patch to various pcrecpp modules to avoid compiler warnings.
+
+16. Added Craig's patch to remove the WINDOWS_H tests, that were not working,
+    and instead check for _strtoi64 explicitly, and avoid the use of snprintf()
+    entirely. This removes changes made in 7 above.
+
+17. The CMake files have been updated, and there is now more information about
+    building with CMake in the NON-UNIX-USE document.
+
+
+Version 7.3 28-Aug-07
+---------------------
+
+ 1. In the rejigging of the build system that eventually resulted in 7.1, the
+    line "#include <pcre.h>" was included in pcre_internal.h. The use of angle
+    brackets there is not right, since it causes compilers to look for an
+    installed pcre.h, not the version that is in the source that is being
+    compiled (which of course may be different). I have changed it back to:
+
+      #include "pcre.h"
+
+    I have a vague recollection that the change was concerned with compiling in
+    different directories, but in the new build system, that is taken care of
+    by the VPATH setting the Makefile.
+
+ 2. The pattern .*$ when run in not-DOTALL UTF-8 mode with newline=any failed
+    when the subject happened to end in the byte 0x85 (e.g. if the last
+    character was \x{1ec5}). *Character* 0x85 is one of the "any" newline
+    characters but of course it shouldn't be taken as a newline when it is part
+    of another character. The bug was that, for an unlimited repeat of . in
+    not-DOTALL UTF-8 mode, PCRE was advancing by bytes rather than by
+    characters when looking for a newline.
+
+ 3. A small performance improvement in the DOTALL UTF-8 mode .* case.
+
+ 4. Debugging: adjusted the names of opcodes for different kinds of parentheses
+    in debug output.
+
+ 5. Arrange to use "%I64d" instead of "%lld" and "%I64u" instead of "%llu" for
+    long printing in the pcrecpp unittest when running under MinGW.
+
+ 6. ESC_K was left out of the EBCDIC table.
+
+ 7. Change 7.0/38 introduced a new limit on the number of nested non-capturing
+    parentheses; I made it 1000, which seemed large enough. Unfortunately, the
+    limit also applies to "virtual nesting" when a pattern is recursive, and in
+    this case 1000 isn't so big. I have been able to remove this limit at the
+    expense of backing off one optimization in certain circumstances. Normally,
+    when pcre_exec() would call its internal match() function recursively and
+    immediately return the result unconditionally, it uses a "tail recursion"
+    feature to save stack. However, when a subpattern that can match an empty
+    string has an unlimited repetition quantifier, it no longer makes this
+    optimization. That gives it a stack frame in which to save the data for
+    checking that an empty string has been matched. Previously this was taken
+    from the 1000-entry workspace that had been reserved. So now there is no
+    explicit limit, but more stack is used.
+
+ 8. Applied Daniel's patches to solve problems with the import/export magic
+    syntax that is required for Windows, and which was going wrong for the
+    pcreposix and pcrecpp parts of the library. These were overlooked when this
+    problem was solved for the main library.
+
+ 9. There were some crude static tests to avoid integer overflow when computing
+    the size of patterns that contain repeated groups with explicit upper
+    limits. As the maximum quantifier is 65535, the maximum group length was
+    set at 30,000 so that the product of these two numbers did not overflow a
+    32-bit integer. However, it turns out that people want to use groups that
+    are longer than 30,000 bytes (though not repeat them that many times).
+    Change 7.0/17 (the refactoring of the way the pattern size is computed) has
+    made it possible to implement the integer overflow checks in a much more
+    dynamic way, which I have now done. The artificial limitation on group
+    length has been removed - we now have only the limit on the total length of
+    the compiled pattern, which depends on the LINK_SIZE setting.
+
+10. Fixed a bug in the documentation for get/copy named substring when
+    duplicate names are permitted. If none of the named substrings are set, the
+    functions return PCRE_ERROR_NOSUBSTRING (7); the doc said they returned an
+    empty string.
+
+11. Because Perl interprets \Q...\E at a high level, and ignores orphan \E
+    instances, patterns such as [\Q\E] or [\E] or even [^\E] cause an error,
+    because the ] is interpreted as the first data character and the
+    terminating ] is not found. PCRE has been made compatible with Perl in this
+    regard. Previously, it interpreted [\Q\E] as an empty class, and [\E] could
+    cause memory overwriting.
+
+10. Like Perl, PCRE automatically breaks an unlimited repeat after an empty
+    string has been matched (to stop an infinite loop). It was not recognizing
+    a conditional subpattern that could match an empty string if that
+    subpattern was within another subpattern. For example, it looped when
+    trying to match  (((?(1)X|))*)  but it was OK with  ((?(1)X|)*)  where the
+    condition was not nested. This bug has been fixed.
+
+12. A pattern like \X?\d or \P{L}?\d in non-UTF-8 mode could cause a backtrack
+    past the start of the subject in the presence of bytes with the top bit
+    set, for example "\x8aBCD".
+
+13. Added Perl 5.10 experimental backtracking controls (*FAIL), (*F), (*PRUNE),
+    (*SKIP), (*THEN), (*COMMIT), and (*ACCEPT).
+
+14. Optimized (?!) to (*FAIL).
+
+15. Updated the test for a valid UTF-8 string to conform to the later RFC 3629.
+    This restricts code points to be within the range 0 to 0x10FFFF, excluding
+    the "low surrogate" sequence 0xD800 to 0xDFFF. Previously, PCRE allowed the
+    full range 0 to 0x7FFFFFFF, as defined by RFC 2279. Internally, it still
+    does: it's just the validity check that is more restrictive.
+
+16. Inserted checks for integer overflows during escape sequence (backslash)
+    processing, and also fixed erroneous offset values for syntax errors during
+    backslash processing.
+
+17. Fixed another case of looking too far back in non-UTF-8 mode (cf 12 above)
+    for patterns like [\PPP\x8a]{1,}\x80 with the subject "A\x80".
+
+18. An unterminated class in a pattern like (?1)\c[ with a "forward reference"
+    caused an overrun.
+
+19. A pattern like (?:[\PPa*]*){8,} which had an "extended class" (one with
+    something other than just ASCII characters) inside a group that had an
+    unlimited repeat caused a loop at compile time (while checking to see
+    whether the group could match an empty string).
+
+20. Debugging a pattern containing \p or \P could cause a crash. For example,
+    [\P{Any}] did so. (Error in the code for printing property names.)
+
+21. An orphan \E inside a character class could cause a crash.
+
+22. A repeated capturing bracket such as (A)? could cause a wild memory
+    reference during compilation.
+
+23. There are several functions in pcre_compile() that scan along a compiled
+    expression for various reasons (e.g. to see if it's fixed length for look
+    behind). There were bugs in these functions when a repeated \p or \P was
+    present in the pattern. These operators have additional parameters compared
+    with \d, etc, and these were not being taken into account when moving along
+    the compiled data. Specifically:
+
+    (a) A item such as \p{Yi}{3} in a lookbehind was not treated as fixed
+        length.
+
+    (b) An item such as \pL+ within a repeated group could cause crashes or
+        loops.
+
+    (c) A pattern such as \p{Yi}+(\P{Yi}+)(?1) could give an incorrect
+        "reference to non-existent subpattern" error.
+
+    (d) A pattern like (\P{Yi}{2}\277)? could loop at compile time.
+
+24. A repeated \S or \W in UTF-8 mode could give wrong answers when multibyte
+    characters were involved (for example /\S{2}/8g with "A\x{a3}BC").
+
+25. Using pcregrep in multiline, inverted mode (-Mv) caused it to loop.
+
+26. Patterns such as [\P{Yi}A] which include \p or \P and just one other
+    character were causing crashes (broken optimization).
+
+27. Patterns such as (\P{Yi}*\277)* (group with possible zero repeat containing
+    \p or \P) caused a compile-time loop.
+
+28. More problems have arisen in unanchored patterns when CRLF is a valid line
+    break. For example, the unstudied pattern [\r\n]A does not match the string
+    "\r\nA" because change 7.0/46 below moves the current point on by two
+    characters after failing to match at the start. However, the pattern \nA
+    *does* match, because it doesn't start till \n, and if [\r\n]A is studied,
+    the same is true. There doesn't seem any very clean way out of this, but
+    what I have chosen to do makes the common cases work: PCRE now takes note
+    of whether there can be an explicit match for \r or \n anywhere in the
+    pattern, and if so, 7.0/46 no longer applies. As part of this change,
+    there's a new PCRE_INFO_HASCRORLF option for finding out whether a compiled
+    pattern has explicit CR or LF references.
+
+29. Added (*CR) etc for changing newline setting at start of pattern.
+
+
+Version 7.2 19-Jun-07
+---------------------
+
+ 1. If the fr_FR locale cannot be found for test 3, try the "french" locale,
+    which is apparently normally available under Windows.
+
+ 2. Re-jig the pcregrep tests with different newline settings in an attempt
+    to make them independent of the local environment's newline setting.
+
+ 3. Add code to configure.ac to remove -g from the CFLAGS default settings.
+
+ 4. Some of the "internals" tests were previously cut out when the link size
+    was not 2, because the output contained actual offsets. The recent new
+    "Z" feature of pcretest means that these can be cut out, making the tests
+    usable with all link sizes.
+
+ 5. Implemented Stan Switzer's goto replacement for longjmp() when not using
+    stack recursion. This gives a massive performance boost under BSD, but just
+    a small improvement under Linux. However, it saves one field in the frame
+    in all cases.
+
+ 6. Added more features from the forthcoming Perl 5.10:
+
+    (a) (?-n) (where n is a string of digits) is a relative subroutine or
+        recursion call. It refers to the nth most recently opened parentheses.
+
+    (b) (?+n) is also a relative subroutine call; it refers to the nth next
+        to be opened parentheses.
+
+    (c) Conditions that refer to capturing parentheses can be specified
+        relatively, for example, (?(-2)... or (?(+3)...
+
+    (d) \K resets the start of the current match so that everything before
+        is not part of it.
+
+    (e) \k{name} is synonymous with \k<name> and \k'name' (.NET compatible).
+
+    (f) \g{name} is another synonym - part of Perl 5.10's unification of
+        reference syntax.
+
+    (g) (?| introduces a group in which the numbering of parentheses in each
+        alternative starts with the same number.
+
+    (h) \h, \H, \v, and \V match horizontal and vertical whitespace.
+
+ 7. Added two new calls to pcre_fullinfo(): PCRE_INFO_OKPARTIAL and
+    PCRE_INFO_JCHANGED.
+
+ 8. A pattern such as  (.*(.)?)*  caused pcre_exec() to fail by either not
+    terminating or by crashing. Diagnosed by Viktor Griph; it was in the code
+    for detecting groups that can match an empty string.
+
+ 9. A pattern with a very large number of alternatives (more than several
+    hundred) was running out of internal workspace during the pre-compile
+    phase, where pcre_compile() figures out how much memory will be needed. A
+    bit of new cunning has reduced the workspace needed for groups with
+    alternatives. The 1000-alternative test pattern now uses 12 bytes of
+    workspace instead of running out of the 4096 that are available.
+
+10. Inserted some missing (unsigned int) casts to get rid of compiler warnings.
+
+11. Applied patch from Google to remove an optimization that didn't quite work.
+    The report of the bug said:
+
+      pcrecpp::RE("a*").FullMatch("aaa") matches, while
+      pcrecpp::RE("a*?").FullMatch("aaa") does not, and
+      pcrecpp::RE("a*?\\z").FullMatch("aaa") does again.
+
+12. If \p or \P was used in non-UTF-8 mode on a character greater than 127
+    it matched the wrong number of bytes.
+
+
+Version 7.1 24-Apr-07
+---------------------
+
+ 1. Applied Bob Rossi and Daniel G's patches to convert the build system to one
+    that is more "standard", making use of automake and other Autotools. There
+    is some re-arrangement of the files and adjustment of comments consequent
+    on this.
+
+ 2. Part of the patch fixed a problem with the pcregrep tests. The test of -r
+    for recursive directory scanning broke on some systems because the files
+    are not scanned in any specific order and on different systems the order
+    was different. A call to "sort" has been inserted into RunGrepTest for the
+    approprate test as a short-term fix. In the longer term there may be an
+    alternative.
+
+ 3. I had an email from Eric Raymond about problems translating some of PCRE's
+    man pages to HTML (despite the fact that I distribute HTML pages, some
+    people do their own conversions for various reasons). The problems
+    concerned the use of low-level troff macros .br and .in. I have therefore
+    removed all such uses from the man pages (some were redundant, some could
+    be replaced by .nf/.fi pairs). The 132html script that I use to generate
+    HTML has been updated to handle .nf/.fi and to complain if it encounters
+    .br or .in.
+
+ 4. Updated comments in configure.ac that get placed in config.h.in and also
+    arranged for config.h to be included in the distribution, with the name
+    config.h.generic, for the benefit of those who have to compile without
+    Autotools (compare pcre.h, which is now distributed as pcre.h.generic).
+
+ 5. Updated the support (such as it is) for Virtual Pascal, thanks to Stefan
+    Weber: (1) pcre_internal.h was missing some function renames; (2) updated
+    makevp.bat for the current PCRE, using the additional files
+    makevp_c.txt, makevp_l.txt, and pcregexp.pas.
+
+ 6. A Windows user reported a minor discrepancy with test 2, which turned out
+    to be caused by a trailing space on an input line that had got lost in his
+    copy. The trailing space was an accident, so I've just removed it.
+
+ 7. Add -Wl,-R... flags in pcre-config.in for *BSD* systems, as I'm told
+    that is needed.
+
+ 8. Mark ucp_table (in ucptable.h) and ucp_gentype (in pcre_ucp_searchfuncs.c)
+    as "const" (a) because they are and (b) because it helps the PHP
+    maintainers who have recently made a script to detect big data structures
+    in the php code that should be moved to the .rodata section. I remembered
+    to update Builducptable as well, so it won't revert if ucptable.h is ever
+    re-created.
+
+ 9. Added some extra #ifdef SUPPORT_UTF8 conditionals into pcretest.c,
+    pcre_printint.src, pcre_compile.c, pcre_study.c, and pcre_tables.c, in
+    order to be able to cut out the UTF-8 tables in the latter when UTF-8
+    support is not required. This saves 1.5-2K of code, which is important in
+    some applications.
+
+    Later: more #ifdefs are needed in pcre_ord2utf8.c and pcre_valid_utf8.c
+    so as not to refer to the tables, even though these functions will never be
+    called when UTF-8 support is disabled. Otherwise there are problems with a
+    shared library.
+
+10. Fixed two bugs in the emulated memmove() function in pcre_internal.h:
+
+    (a) It was defining its arguments as char * instead of void *.
+
+    (b) It was assuming that all moves were upwards in memory; this was true
+        a long time ago when I wrote it, but is no longer the case.
+
+    The emulated memove() is provided for those environments that have neither
+    memmove() nor bcopy(). I didn't think anyone used it these days, but that
+    is clearly not the case, as these two bugs were recently reported.
+
+11. The script PrepareRelease is now distributed: it calls 132html, CleanTxt,
+    and Detrail to create the HTML documentation, the .txt form of the man
+    pages, and it removes trailing spaces from listed files. It also creates
+    pcre.h.generic and config.h.generic from pcre.h and config.h. In the latter
+    case, it wraps all the #defines with #ifndefs. This script should be run
+    before "make dist".
+
+12. Fixed two fairly obscure bugs concerned with quantified caseless matching
+    with Unicode property support.
+
+    (a) For a maximizing quantifier, if the two different cases of the
+        character were of different lengths in their UTF-8 codings (there are
+        some cases like this - I found 11), and the matching function had to
+        back up over a mixture of the two cases, it incorrectly assumed they
+        were both the same length.
+
+    (b) When PCRE was configured to use the heap rather than the stack for
+        recursion during matching, it was not correctly preserving the data for
+        the other case of a UTF-8 character when checking ahead for a match
+        while processing a minimizing repeat. If the check also involved
+        matching a wide character, but failed, corruption could cause an
+        erroneous result when trying to check for a repeat of the original
+        character.
+
+13. Some tidying changes to the testing mechanism:
+
+    (a) The RunTest script now detects the internal link size and whether there
+        is UTF-8 and UCP support by running ./pcretest -C instead of relying on
+        values substituted by "configure". (The RunGrepTest script already did
+        this for UTF-8.) The configure.ac script no longer substitutes the
+        relevant variables.
+
+    (b) The debugging options /B and /D in pcretest show the compiled bytecode
+        with length and offset values. This means that the output is different
+        for different internal link sizes. Test 2 is skipped for link sizes
+        other than 2 because of this, bypassing the problem. Unfortunately,
+        there was also a test in test 3 (the locale tests) that used /B and
+        failed for link sizes other than 2. Rather than cut the whole test out,
+        I have added a new /Z option to pcretest that replaces the length and
+        offset values with spaces. This is now used to make test 3 independent
+        of link size. (Test 2 will be tidied up later.)
+
+14. If erroroffset was passed as NULL to pcre_compile, it provoked a
+    segmentation fault instead of returning the appropriate error message.
+
+15. In multiline mode when the newline sequence was set to "any", the pattern
+    ^$ would give a match between the \r and \n of a subject such as "A\r\nB".
+    This doesn't seem right; it now treats the CRLF combination as the line
+    ending, and so does not match in that case. It's only a pattern such as ^$
+    that would hit this one: something like ^ABC$ would have failed after \r
+    and then tried again after \r\n.
+
+16. Changed the comparison command for RunGrepTest from "diff -u" to "diff -ub"
+    in an attempt to make files that differ only in their line terminators
+    compare equal. This works on Linux.
+
+17. Under certain error circumstances pcregrep might try to free random memory
+    as it exited. This is now fixed, thanks to valgrind.
+
+19. In pcretest, if the pattern /(?m)^$/g<any> was matched against the string
+    "abc\r\n\r\n", it found an unwanted second match after the second \r. This
+    was because its rules for how to advance for /g after matching an empty
+    string at the end of a line did not allow for this case. They now check for
+    it specially.
+
+20. pcretest is supposed to handle patterns and data of any length, by
+    extending its buffers when necessary. It was getting this wrong when the
+    buffer for a data line had to be extended.
+
+21. Added PCRE_NEWLINE_ANYCRLF which is like ANY, but matches only CR, LF, or
+    CRLF as a newline sequence.
+
+22. Code for handling Unicode properties in pcre_dfa_exec() wasn't being cut
+    out by #ifdef SUPPORT_UCP. This did no harm, as it could never be used, but
+    I have nevertheless tidied it up.
+
+23. Added some casts to kill warnings from HP-UX ia64 compiler.
+
+24. Added a man page for pcre-config.
+
+
+Version 7.0 19-Dec-06
+---------------------
+
+ 1. Fixed a signed/unsigned compiler warning in pcre_compile.c, shown up by
+    moving to gcc 4.1.1.
+
+ 2. The -S option for pcretest uses setrlimit(); I had omitted to #include
+    sys/time.h, which is documented as needed for this function. It doesn't
+    seem to matter on Linux, but it showed up on some releases of OS X.
+
+ 3. It seems that there are systems where bytes whose values are greater than
+    127 match isprint() in the "C" locale. The "C" locale should be the
+    default when a C program starts up. In most systems, only ASCII printing
+    characters match isprint(). This difference caused the output from pcretest
+    to vary, making some of the tests fail. I have changed pcretest so that:
+
+    (a) When it is outputting text in the compiled version of a pattern, bytes
+        other than 32-126 are always shown as hex escapes.
+
+    (b) When it is outputting text that is a matched part of a subject string,
+        it does the same, unless a different locale has been set for the match
+        (using the /L modifier). In this case, it uses isprint() to decide.
+
+ 4. Fixed a major bug that caused incorrect computation of the amount of memory
+    required for a compiled pattern when options that changed within the
+    pattern affected the logic of the preliminary scan that determines the
+    length. The relevant options are -x, and -i in UTF-8 mode. The result was
+    that the computed length was too small. The symptoms of this bug were
+    either the PCRE error "internal error: code overflow" from pcre_compile(),
+    or a glibc crash with a message such as "pcretest: free(): invalid next
+    size (fast)". Examples of patterns that provoked this bug (shown in
+    pcretest format) are:
+
+      /(?-x: )/x
+      /(?x)(?-x: \s*#\s*)/
+      /((?i)[\x{c0}])/8
+      /(?i:[\x{c0}])/8
+
+    HOWEVER: Change 17 below makes this fix obsolete as the memory computation
+    is now done differently.
+
+ 5. Applied patches from Google to: (a) add a QuoteMeta function to the C++
+    wrapper classes; (b) implement a new function in the C++ scanner that is
+    more efficient than the old way of doing things because it avoids levels of
+    recursion in the regex matching; (c) add a paragraph to the documentation
+    for the FullMatch() function.
+
+ 6. The escape sequence \n was being treated as whatever was defined as
+    "newline". Not only was this contrary to the documentation, which states
+    that \n is character 10 (hex 0A), but it also went horribly wrong when
+    "newline" was defined as CRLF. This has been fixed.
+
+ 7. In pcre_dfa_exec.c the value of an unsigned integer (the variable called c)
+    was being set to -1 for the "end of line" case (supposedly a value that no
+    character can have). Though this value is never used (the check for end of
+    line is "zero bytes in current character"), it caused compiler complaints.
+    I've changed it to 0xffffffff.
+
+ 8. In pcre_version.c, the version string was being built by a sequence of
+    C macros that, in the event of PCRE_PRERELEASE being defined as an empty
+    string (as it is for production releases) called a macro with an empty
+    argument. The C standard says the result of this is undefined. The gcc
+    compiler treats it as an empty string (which was what was wanted) but it is
+    reported that Visual C gives an error. The source has been hacked around to
+    avoid this problem.
+
+ 9. On the advice of a Windows user, included <io.h> and <fcntl.h> in Windows
+    builds of pcretest, and changed the call to _setmode() to use _O_BINARY
+    instead of 0x8000. Made all the #ifdefs test both _WIN32 and WIN32 (not all
+    of them did).
+
+10. Originally, pcretest opened its input and output without "b"; then I was
+    told that "b" was needed in some environments, so it was added for release
+    5.0 to both the input and output. (It makes no difference on Unix-like
+    systems.) Later I was told that it is wrong for the input on Windows. I've
+    now abstracted the modes into two macros, to make it easier to fiddle with
+    them, and removed "b" from the input mode under Windows.
+
+11. Added pkgconfig support for the C++ wrapper library, libpcrecpp.
+
+12. Added -help and --help to pcretest as an official way of being reminded
+    of the options.
+
+13. Removed some redundant semicolons after macro calls in pcrecpparg.h.in
+    and pcrecpp.cc because they annoy compilers at high warning levels.
+
+14. A bit of tidying/refactoring in pcre_exec.c in the main bumpalong loop.
+
+15. Fixed an occurrence of == in configure.ac that should have been = (shell
+    scripts are not C programs :-) and which was not noticed because it works
+    on Linux.
+
+16. pcretest is supposed to handle any length of pattern and data line (as one
+    line or as a continued sequence of lines) by extending its input buffer if
+    necessary. This feature was broken for very long pattern lines, leading to
+    a string of junk being passed to pcre_compile() if the pattern was longer
+    than about 50K.
+
+17. I have done a major re-factoring of the way pcre_compile() computes the
+    amount of memory needed for a compiled pattern. Previously, there was code
+    that made a preliminary scan of the pattern in order to do this. That was
+    OK when PCRE was new, but as the facilities have expanded, it has become
+    harder and harder to keep it in step with the real compile phase, and there
+    have been a number of bugs (see for example, 4 above). I have now found a
+    cunning way of running the real compile function in a "fake" mode that
+    enables it to compute how much memory it would need, while actually only
+    ever using a few hundred bytes of working memory and without too many
+    tests of the mode. This should make future maintenance and development
+    easier. A side effect of this work is that the limit of 200 on the nesting
+    depth of parentheses has been removed (though this was never a serious
+    limitation, I suspect). However, there is a downside: pcre_compile() now
+    runs more slowly than before (30% or more, depending on the pattern). I
+    hope this isn't a big issue. There is no effect on runtime performance.
+
+18. Fixed a minor bug in pcretest: if a pattern line was not terminated by a
+    newline (only possible for the last line of a file) and it was a
+    pattern that set a locale (followed by /Lsomething), pcretest crashed.
+
+19. Added additional timing features to pcretest. (1) The -tm option now times
+    matching only, not compiling. (2) Both -t and -tm can be followed, as a
+    separate command line item, by a number that specifies the number of
+    repeats to use when timing. The default is 50000; this gives better
+    precision, but takes uncomfortably long for very large patterns.
+
+20. Extended pcre_study() to be more clever in cases where a branch of a
+    subpattern has no definite first character. For example, (a*|b*)[cd] would
+    previously give no result from pcre_study(). Now it recognizes that the
+    first character must be a, b, c, or d.
+
+21. There was an incorrect error "recursive call could loop indefinitely" if
+    a subpattern (or the entire pattern) that was being tested for matching an
+    empty string contained only one non-empty item after a nested subpattern.
+    For example, the pattern (?>\x{100}*)\d(?R) provoked this error
+    incorrectly, because the \d was being skipped in the check.
+
+22. The pcretest program now has a new pattern option /B and a command line
+    option -b, which is equivalent to adding /B to every pattern. This causes
+    it to show the compiled bytecode, without the additional information that
+    -d shows. The effect of -d is now the same as -b with -i (and similarly, /D
+    is the same as /B/I).
+
+23. A new optimization is now able automatically to treat some sequences such
+    as a*b as a*+b. More specifically, if something simple (such as a character
+    or a simple class like \d) has an unlimited quantifier, and is followed by
+    something that cannot possibly match the quantified thing, the quantifier
+    is automatically "possessified".
+
+24. A recursive reference to a subpattern whose number was greater than 39
+    went wrong under certain circumstances in UTF-8 mode. This bug could also
+    have affected the operation of pcre_study().
+
+25. Realized that a little bit of performance could be had by replacing
+    (c & 0xc0) == 0xc0 with c >= 0xc0 when processing UTF-8 characters.
+
+26. Timing data from pcretest is now shown to 4 decimal places instead of 3.
+
+27. Possessive quantifiers such as a++ were previously implemented by turning
+    them into atomic groups such as ($>a+). Now they have their own opcodes,
+    which improves performance. This includes the automatically created ones
+    from 23 above.
+
+28. A pattern such as (?=(\w+))\1: which simulates an atomic group using a
+    lookahead was broken if it was not anchored. PCRE was mistakenly expecting
+    the first matched character to be a colon. This applied both to named and
+    numbered groups.
+
+29. The ucpinternal.h header file was missing its idempotency #ifdef.
+
+30. I was sent a "project" file called libpcre.a.dev which I understand makes
+    building PCRE on Windows easier, so I have included it in the distribution.
+
+31. There is now a check in pcretest against a ridiculously large number being
+    returned by pcre_exec() or pcre_dfa_exec(). If this happens in a /g or /G
+    loop, the loop is abandoned.
+
+32. Forward references to subpatterns in conditions such as (?(2)...) where
+    subpattern 2 is defined later cause pcre_compile() to search forwards in
+    the pattern for the relevant set of parentheses. This search went wrong
+    when there were unescaped parentheses in a character class, parentheses
+    escaped with \Q...\E, or parentheses in a #-comment in /x mode.
+
+33. "Subroutine" calls and backreferences were previously restricted to
+    referencing subpatterns earlier in the regex. This restriction has now
+    been removed.
+
+34. Added a number of extra features that are going to be in Perl 5.10. On the
+    whole, these are just syntactic alternatives for features that PCRE had
+    previously implemented using the Python syntax or my own invention. The
+    other formats are all retained for compatibility.
+
+    (a) Named groups can now be defined as (?<name>...) or (?'name'...) as well
+        as (?P<name>...). The new forms, as well as being in Perl 5.10, are
+        also .NET compatible.
+
+    (b) A recursion or subroutine call to a named group can now be defined as
+        (?&name) as well as (?P>name).
+
+    (c) A backreference to a named group can now be defined as \k<name> or
+        \k'name' as well as (?P=name). The new forms, as well as being in Perl
+        5.10, are also .NET compatible.
+
+    (d) A conditional reference to a named group can now use the syntax
+        (?(<name>) or (?('name') as well as (?(name).
+
+    (e) A "conditional group" of the form (?(DEFINE)...) can be used to define
+        groups (named and numbered) that are never evaluated inline, but can be
+        called as "subroutines" from elsewhere. In effect, the DEFINE condition
+        is always false. There may be only one alternative in such a group.
+
+    (f) A test for recursion can be given as (?(R1).. or (?(R&name)... as well
+        as the simple (?(R). The condition is true only if the most recent
+        recursion is that of the given number or name. It does not search out
+        through the entire recursion stack.
+
+    (g) The escape \gN or \g{N} has been added, where N is a positive or
+        negative number, specifying an absolute or relative reference.
+
+35. Tidied to get rid of some further signed/unsigned compiler warnings and
+    some "unreachable code" warnings.
+
+36. Updated the Unicode property tables to Unicode version 5.0.0. Amongst other
+    things, this adds five new scripts.
+
+37. Perl ignores orphaned \E escapes completely. PCRE now does the same.
+    There were also incompatibilities regarding the handling of \Q..\E inside
+    character classes, for example with patterns like [\Qa\E-\Qz\E] where the
+    hyphen was adjacent to \Q or \E. I hope I've cleared all this up now.
+
+38. Like Perl, PCRE detects when an indefinitely repeated parenthesized group
+    matches an empty string, and forcibly breaks the loop. There were bugs in
+    this code in non-simple cases. For a pattern such as  ^(a()*)*  matched
+    against  aaaa  the result was just "a" rather than "aaaa", for example. Two
+    separate and independent bugs (that affected different cases) have been
+    fixed.
+
+39. Refactored the code to abolish the use of different opcodes for small
+    capturing bracket numbers. This is a tidy that I avoided doing when I
+    removed the limit on the number of capturing brackets for 3.5 back in 2001.
+    The new approach is not only tidier, it makes it possible to reduce the
+    memory needed to fix the previous bug (38).
+
+40. Implemented PCRE_NEWLINE_ANY to recognize any of the Unicode newline
+    sequences (http://unicode.org/unicode/reports/tr18/) as "newline" when
+    processing dot, circumflex, or dollar metacharacters, or #-comments in /x
+    mode.
+
+41. Add \R to match any Unicode newline sequence, as suggested in the Unicode
+    report.
+
+42. Applied patch, originally from Ari Pollak, modified by Google, to allow
+    copy construction and assignment in the C++ wrapper.
+
+43. Updated pcregrep to support "--newline=any". In the process, I fixed a
+    couple of bugs that could have given wrong results in the "--newline=crlf"
+    case.
+
+44. Added a number of casts and did some reorganization of signed/unsigned int
+    variables following suggestions from Dair Grant. Also renamed the variable
+    "this" as "item" because it is a C++ keyword.
+
+45. Arranged for dftables to add
+
+      #include "pcre_internal.h"
+
+    to pcre_chartables.c because without it, gcc 4.x may remove the array
+    definition from the final binary if PCRE is built into a static library and
+    dead code stripping is activated.
+
+46. For an unanchored pattern, if a match attempt fails at the start of a
+    newline sequence, and the newline setting is CRLF or ANY, and the next two
+    characters are CRLF, advance by two characters instead of one.
+
+
+Version 6.7 04-Jul-06
+---------------------
+
+ 1. In order to handle tests when input lines are enormously long, pcretest has
+    been re-factored so that it automatically extends its buffers when
+    necessary. The code is crude, but this _is_ just a test program. The
+    default size has been increased from 32K to 50K.
+
+ 2. The code in pcre_study() was using the value of the re argument before
+    testing it for NULL. (Of course, in any sensible call of the function, it
+    won't be NULL.)
+
+ 3. The memmove() emulation function in pcre_internal.h, which is used on
+    systems that lack both memmove() and bcopy() - that is, hardly ever -
+    was missing a "static" storage class specifier.
+
+ 4. When UTF-8 mode was not set, PCRE looped when compiling certain patterns
+    containing an extended class (one that cannot be represented by a bitmap
+    because it contains high-valued characters or Unicode property items, e.g.
+    [\pZ]). Almost always one would set UTF-8 mode when processing such a
+    pattern, but PCRE should not loop if you do not (it no longer does).
+    [Detail: two cases were found: (a) a repeated subpattern containing an
+    extended class; (b) a recursive reference to a subpattern that followed a
+    previous extended class. It wasn't skipping over the extended class
+    correctly when UTF-8 mode was not set.]
+
+ 5. A negated single-character class was not being recognized as fixed-length
+    in lookbehind assertions such as (?<=[^f]), leading to an incorrect
+    compile error "lookbehind assertion is not fixed length".
+
+ 6. The RunPerlTest auxiliary script was showing an unexpected difference
+    between PCRE and Perl for UTF-8 tests. It turns out that it is hard to
+    write a Perl script that can interpret lines of an input file either as
+    byte characters or as UTF-8, which is what "perltest" was being required to
+    do for the non-UTF-8 and UTF-8 tests, respectively. Essentially what you
+    can't do is switch easily at run time between having the "use utf8;" pragma
+    or not. In the end, I fudged it by using the RunPerlTest script to insert
+    "use utf8;" explicitly for the UTF-8 tests.
+
+ 7. In multiline (/m) mode, PCRE was matching ^ after a terminating newline at
+    the end of the subject string, contrary to the documentation and to what
+    Perl does. This was true of both matching functions. Now it matches only at
+    the start of the subject and immediately after *internal* newlines.
+
+ 8. A call of pcre_fullinfo() from pcretest to get the option bits was passing
+    a pointer to an int instead of a pointer to an unsigned long int. This
+    caused problems on 64-bit systems.
+
+ 9. Applied a patch from the folks at Google to pcrecpp.cc, to fix "another
+    instance of the 'standard' template library not being so standard".
+
+10. There was no check on the number of named subpatterns nor the maximum
+    length of a subpattern name. The product of these values is used to compute
+    the size of the memory block for a compiled pattern. By supplying a very
+    long subpattern name and a large number of named subpatterns, the size
+    computation could be caused to overflow. This is now prevented by limiting
+    the length of names to 32 characters, and the number of named subpatterns
+    to 10,000.
+
+11. Subpatterns that are repeated with specific counts have to be replicated in
+    the compiled pattern. The size of memory for this was computed from the
+    length of the subpattern and the repeat count. The latter is limited to
+    65535, but there was no limit on the former, meaning that integer overflow
+    could in principle occur. The compiled length of a repeated subpattern is
+    now limited to 30,000 bytes in order to prevent this.
+
+12. Added the optional facility to have named substrings with the same name.
+
+13. Added the ability to use a named substring as a condition, using the
+    Python syntax: (?(name)yes|no). This overloads (?(R)... and names that
+    are numbers (not recommended). Forward references are permitted.
+
+14. Added forward references in named backreferences (if you see what I mean).
+
+15. In UTF-8 mode, with the PCRE_DOTALL option set, a quantified dot in the
+    pattern could run off the end of the subject. For example, the pattern
+    "(?s)(.{1,5})"8 did this with the subject "ab".
+
+16. If PCRE_DOTALL or PCRE_MULTILINE were set, pcre_dfa_exec() behaved as if
+    PCRE_CASELESS was set when matching characters that were quantified with ?
+    or *.
+
+17. A character class other than a single negated character that had a minimum
+    but no maximum quantifier - for example [ab]{6,} - was not handled
+    correctly by pce_dfa_exec(). It would match only one character.
+
+18. A valid (though odd) pattern that looked like a POSIX character
+    class but used an invalid character after [ (for example [[,abc,]]) caused
+    pcre_compile() to give the error "Failed: internal error: code overflow" or
+    in some cases to crash with a glibc free() error. This could even happen if
+    the pattern terminated after [[ but there just happened to be a sequence of
+    letters, a binary zero, and a closing ] in the memory that followed.
+
+19. Perl's treatment of octal escapes in the range \400 to \777 has changed
+    over the years. Originally (before any Unicode support), just the bottom 8
+    bits were taken. Thus, for example, \500 really meant \100. Nowadays the
+    output from "man perlunicode" includes this:
+
+      The regular expression compiler produces polymorphic opcodes.  That
+      is, the pattern adapts to the data and automatically switches to
+      the Unicode character scheme when presented with Unicode data--or
+      instead uses a traditional byte scheme when presented with byte
+      data.
+
+    Sadly, a wide octal escape does not cause a switch, and in a string with
+    no other multibyte characters, these octal escapes are treated as before.
+    Thus, in Perl, the pattern  /\500/ actually matches \100 but the pattern
+    /\500|\x{1ff}/ matches \500 or \777 because the whole thing is treated as a
+    Unicode string.
+
+    I have not perpetrated such confusion in PCRE. Up till now, it took just
+    the bottom 8 bits, as in old Perl. I have now made octal escapes with
+    values greater than \377 illegal in non-UTF-8 mode. In UTF-8 mode they
+    translate to the appropriate multibyte character.
+
+29. Applied some refactoring to reduce the number of warnings from Microsoft
+    and Borland compilers. This has included removing the fudge introduced
+    seven years ago for the OS/2 compiler (see 2.02/2 below) because it caused
+    a warning about an unused variable.
+
+21. PCRE has not included VT (character 0x0b) in the set of whitespace
+    characters since release 4.0, because Perl (from release 5.004) does not.
+    [Or at least, is documented not to: some releases seem to be in conflict
+    with the documentation.] However, when a pattern was studied with
+    pcre_study() and all its branches started with \s, PCRE still included VT
+    as a possible starting character. Of course, this did no harm; it just
+    caused an unnecessary match attempt.
+
+22. Removed a now-redundant internal flag bit that recorded the fact that case
+    dependency changed within the pattern. This was once needed for "required
+    byte" processing, but is no longer used. This recovers a now-scarce options
+    bit. Also moved the least significant internal flag bit to the most-
+    significant bit of the word, which was not previously used (hangover from
+    the days when it was an int rather than a uint) to free up another bit for
+    the future.
+
+23. Added support for CRLF line endings as well as CR and LF. As well as the
+    default being selectable at build time, it can now be changed at runtime
+    via the PCRE_NEWLINE_xxx flags. There are now options for pcregrep to
+    specify that it is scanning data with non-default line endings.
+
+24. Changed the definition of CXXLINK to make it agree with the definition of
+    LINK in the Makefile, by replacing LDFLAGS to CXXFLAGS.
+
+25. Applied Ian Taylor's patches to avoid using another stack frame for tail
+    recursions. This makes a big different to stack usage for some patterns.
+
+26. If a subpattern containing a named recursion or subroutine reference such
+    as (?P>B) was quantified, for example (xxx(?P>B)){3}, the calculation of
+    the space required for the compiled pattern went wrong and gave too small a
+    value. Depending on the environment, this could lead to "Failed: internal
+    error: code overflow at offset 49" or "glibc detected double free or
+    corruption" errors.
+
+27. Applied patches from Google (a) to support the new newline modes and (b) to
+    advance over multibyte UTF-8 characters in GlobalReplace.
+
+28. Change free() to pcre_free() in pcredemo.c. Apparently this makes a
+    difference for some implementation of PCRE in some Windows version.
+
+29. Added some extra testing facilities to pcretest:
+
+    \q<number>   in a data line sets the "match limit" value
+    \Q<number>   in a data line sets the "match recursion limt" value
+    -S <number>  sets the stack size, where <number> is in megabytes
+
+    The -S option isn't available for Windows.
+
+
+Version 6.6 06-Feb-06
+---------------------
+
+ 1. Change 16(a) for 6.5 broke things, because PCRE_DATA_SCOPE was not defined
+    in pcreposix.h. I have copied the definition from pcre.h.
+
+ 2. Change 25 for 6.5 broke compilation in a build directory out-of-tree
+    because pcre.h is no longer a built file.
+
+ 3. Added Jeff Friedl's additional debugging patches to pcregrep. These are
+    not normally included in the compiled code.
+
+
+Version 6.5 01-Feb-06
+---------------------
+
+ 1. When using the partial match feature with pcre_dfa_exec(), it was not
+    anchoring the second and subsequent partial matches at the new starting
+    point. This could lead to incorrect results. For example, with the pattern
+    /1234/, partially matching against "123" and then "a4" gave a match.
+
+ 2. Changes to pcregrep:
+
+    (a) All non-match returns from pcre_exec() were being treated as failures
+        to match the line. Now, unless the error is PCRE_ERROR_NOMATCH, an
+        error message is output. Some extra information is given for the
+        PCRE_ERROR_MATCHLIMIT and PCRE_ERROR_RECURSIONLIMIT errors, which are
+        probably the only errors that are likely to be caused by users (by
+        specifying a regex that has nested indefinite repeats, for instance).
+        If there are more than 20 of these errors, pcregrep is abandoned.
+
+    (b) A binary zero was treated as data while matching, but terminated the
+        output line if it was written out. This has been fixed: binary zeroes
+        are now no different to any other data bytes.
+
+    (c) Whichever of the LC_ALL or LC_CTYPE environment variables is set is
+        used to set a locale for matching. The --locale=xxxx long option has
+        been added (no short equivalent) to specify a locale explicitly on the
+        pcregrep command, overriding the environment variables.
+
+    (d) When -B was used with -n, some line numbers in the output were one less
+        than they should have been.
+
+    (e) Added the -o (--only-matching) option.
+
+    (f) If -A or -C was used with -c (count only), some lines of context were
+        accidentally printed for the final match.
+
+    (g) Added the -H (--with-filename) option.
+
+    (h) The combination of options -rh failed to suppress file names for files
+        that were found from directory arguments.
+
+    (i) Added the -D (--devices) and -d (--directories) options.
+
+    (j) Added the -F (--fixed-strings) option.
+
+    (k) Allow "-" to be used as a file name for -f as well as for a data file.
+
+    (l) Added the --colo(u)r option.
+
+    (m) Added Jeffrey Friedl's -S testing option, but within #ifdefs so that it
+        is not present by default.
+
+ 3. A nasty bug was discovered in the handling of recursive patterns, that is,
+    items such as (?R) or (?1), when the recursion could match a number of
+    alternatives. If it matched one of the alternatives, but subsequently,
+    outside the recursion, there was a failure, the code tried to back up into
+    the recursion. However, because of the way PCRE is implemented, this is not
+    possible, and the result was an incorrect result from the match.
+
+    In order to prevent this happening, the specification of recursion has
+    been changed so that all such subpatterns are automatically treated as
+    atomic groups. Thus, for example, (?R) is treated as if it were (?>(?R)).
+
+ 4. I had overlooked the fact that, in some locales, there are characters for
+    which isalpha() is true but neither isupper() nor islower() are true. In
+    the fr_FR locale, for instance, the \xAA and \xBA characters (ordmasculine
+    and ordfeminine) are like this. This affected the treatment of \w and \W
+    when they appeared in character classes, but not when they appeared outside
+    a character class. The bit map for "word" characters is now created
+    separately from the results of isalnum() instead of just taking it from the
+    upper, lower, and digit maps. (Plus the underscore character, of course.)
+
+ 5. The above bug also affected the handling of POSIX character classes such as
+    [[:alpha:]] and [[:alnum:]]. These do not have their own bit maps in PCRE's
+    permanent tables. Instead, the bit maps for such a class were previously
+    created as the appropriate unions of the upper, lower, and digit bitmaps.
+    Now they are created by subtraction from the [[:word:]] class, which has
+    its own bitmap.
+
+ 6. The [[:blank:]] character class matches horizontal, but not vertical space.
+    It is created by subtracting the vertical space characters (\x09, \x0a,
+    \x0b, \x0c) from the [[:space:]] bitmap. Previously, however, the
+    subtraction was done in the overall bitmap for a character class, meaning
+    that a class such as [\x0c[:blank:]] was incorrect because \x0c would not
+    be recognized. This bug has been fixed.
+
+ 7. Patches from the folks at Google:
+
+      (a) pcrecpp.cc: "to handle a corner case that may or may not happen in
+      real life, but is still worth protecting against".
+
+      (b) pcrecpp.cc: "corrects a bug when negative radixes are used with
+      regular expressions".
+
+      (c) pcre_scanner.cc: avoid use of std::count() because not all systems
+      have it.
+
+      (d) Split off pcrecpparg.h from pcrecpp.h and had the former built by
+      "configure" and the latter not, in order to fix a problem somebody had
+      with compiling the Arg class on HP-UX.
+
+      (e) Improve the error-handling of the C++ wrapper a little bit.
+
+      (f) New tests for checking recursion limiting.
+
+ 8. The pcre_memmove() function, which is used only if the environment does not
+    have a standard memmove() function (and is therefore rarely compiled),
+    contained two bugs: (a) use of int instead of size_t, and (b) it was not
+    returning a result (though PCRE never actually uses the result).
+
+ 9. In the POSIX regexec() interface, if nmatch is specified as a ridiculously
+    large number - greater than INT_MAX/(3*sizeof(int)) - REG_ESPACE is
+    returned instead of calling malloc() with an overflowing number that would
+    most likely cause subsequent chaos.
+
+10. The debugging option of pcretest was not showing the NO_AUTO_CAPTURE flag.
+
+11. The POSIX flag REG_NOSUB is now supported. When a pattern that was compiled
+    with this option is matched, the nmatch and pmatch options of regexec() are
+    ignored.
+
+12. Added REG_UTF8 to the POSIX interface. This is not defined by POSIX, but is
+    provided in case anyone wants to the the POSIX interface with UTF-8
+    strings.
+
+13. Added CXXLDFLAGS to the Makefile parameters to provide settings only on the
+    C++ linking (needed for some HP-UX environments).
+
+14. Avoid compiler warnings in get_ucpname() when compiled without UCP support
+    (unused parameter) and in the pcre_printint() function (omitted "default"
+    switch label when the default is to do nothing).
+
+15. Added some code to make it possible, when PCRE is compiled as a C++
+    library, to replace subject pointers for pcre_exec() with a smart pointer
+    class, thus making it possible to process discontinuous strings.
+
+16. The two macros PCRE_EXPORT and PCRE_DATA_SCOPE are confusing, and perform
+    much the same function. They were added by different people who were trying
+    to make PCRE easy to compile on non-Unix systems. It has been suggested
+    that PCRE_EXPORT be abolished now that there is more automatic apparatus
+    for compiling on Windows systems. I have therefore replaced it with
+    PCRE_DATA_SCOPE. This is set automatically for Windows; if not set it
+    defaults to "extern" for C or "extern C" for C++, which works fine on
+    Unix-like systems. It is now possible to override the value of PCRE_DATA_
+    SCOPE with something explicit in config.h. In addition:
+
+    (a) pcreposix.h still had just "extern" instead of either of these macros;
+        I have replaced it with PCRE_DATA_SCOPE.
+
+    (b) Functions such as _pcre_xclass(), which are internal to the library,
+        but external in the C sense, all had PCRE_EXPORT in their definitions.
+        This is apparently wrong for the Windows case, so I have removed it.
+        (It makes no difference on Unix-like systems.)
+
+17. Added a new limit, MATCH_LIMIT_RECURSION, which limits the depth of nesting
+    of recursive calls to match(). This is different to MATCH_LIMIT because
+    that limits the total number of calls to match(), not all of which increase
+    the depth of recursion. Limiting the recursion depth limits the amount of
+    stack (or heap if NO_RECURSE is set) that is used. The default can be set
+    when PCRE is compiled, and changed at run time. A patch from Google adds
+    this functionality to the C++ interface.
+
+18. Changes to the handling of Unicode character properties:
+
+    (a) Updated the table to Unicode 4.1.0.
+
+    (b) Recognize characters that are not in the table as "Cn" (undefined).
+
+    (c) I revised the way the table is implemented to a much improved format
+        which includes recognition of ranges. It now supports the ranges that
+        are defined in UnicodeData.txt, and it also amalgamates other
+        characters into ranges. This has reduced the number of entries in the
+        table from around 16,000 to around 3,000, thus reducing its size
+        considerably. I realized I did not need to use a tree structure after
+        all - a binary chop search is just as efficient. Having reduced the
+        number of entries, I extended their size from 6 bytes to 8 bytes to
+        allow for more data.
+
+    (d) Added support for Unicode script names via properties such as \p{Han}.
+
+19. In UTF-8 mode, a backslash followed by a non-Ascii character was not
+    matching that character.
+
+20. When matching a repeated Unicode property with a minimum greater than zero,
+    (for example \pL{2,}), PCRE could look past the end of the subject if it
+    reached it while seeking the minimum number of characters. This could
+    happen only if some of the characters were more than one byte long, because
+    there is a check for at least the minimum number of bytes.
+
+21. Refactored the implementation of \p and \P so as to be more general, to
+    allow for more different types of property in future. This has changed the
+    compiled form incompatibly. Anybody with saved compiled patterns that use
+    \p or \P will have to recompile them.
+
+22. Added "Any" and "L&" to the supported property types.
+
+23. Recognize \x{...} as a code point specifier, even when not in UTF-8 mode,
+    but give a compile time error if the value is greater than 0xff.
+
+24. The man pages for pcrepartial, pcreprecompile, and pcre_compile2 were
+    accidentally not being installed or uninstalled.
+
+25. The pcre.h file was built from pcre.h.in, but the only changes that were
+    made were to insert the current release number. This seemed silly, because
+    it made things harder for people building PCRE on systems that don't run
+    "configure". I have turned pcre.h into a distributed file, no longer built
+    by "configure", with the version identification directly included. There is
+    no longer a pcre.h.in file.
+
+    However, this change necessitated a change to the pcre-config script as
+    well. It is built from pcre-config.in, and one of the substitutions was the
+    release number. I have updated configure.ac so that ./configure now finds
+    the release number by grepping pcre.h.
+
+26. Added the ability to run the tests under valgrind.
+
+
+Version 6.4 05-Sep-05
+---------------------
+
+ 1. Change 6.0/10/(l) to pcregrep introduced a bug that caused separator lines
+    "--" to be printed when multiple files were scanned, even when none of the
+    -A, -B, or -C options were used. This is not compatible with Gnu grep, so I
+    consider it to be a bug, and have restored the previous behaviour.
+
+ 2. A couple of code tidies to get rid of compiler warnings.
+
+ 3. The pcretest program used to cheat by referring to symbols in the library
+    whose names begin with _pcre_. These are internal symbols that are not
+    really supposed to be visible externally, and in some environments it is
+    possible to suppress them. The cheating is now confined to including
+    certain files from the library's source, which is a bit cleaner.
+
+ 4. Renamed pcre.in as pcre.h.in to go with pcrecpp.h.in; it also makes the
+    file's purpose clearer.
+
+ 5. Reorganized pcre_ucp_findchar().
+
+
+Version 6.3 15-Aug-05
+---------------------
+
+ 1. The file libpcre.pc.in did not have general read permission in the tarball.
+
+ 2. There were some problems when building without C++ support:
+
+    (a) If C++ support was not built, "make install" and "make test" still
+        tried to test it.
+
+    (b) There were problems when the value of CXX was explicitly set. Some
+        changes have been made to try to fix these, and ...
+
+    (c) --disable-cpp can now be used to explicitly disable C++ support.
+
+    (d) The use of @CPP_OBJ@ directly caused a blank line preceded by a
+        backslash in a target when C++ was disabled. This confuses some
+        versions of "make", apparently. Using an intermediate variable solves
+        this. (Same for CPP_LOBJ.)
+
+ 3. $(LINK_FOR_BUILD) now includes $(CFLAGS_FOR_BUILD) and $(LINK)
+    (non-Windows) now includes $(CFLAGS) because these flags are sometimes
+    necessary on certain architectures.
+
+ 4. Added a setting of -export-symbols-regex to the link command to remove
+    those symbols that are exported in the C sense, but actually are local
+    within the library, and not documented. Their names all begin with
+    "_pcre_". This is not a perfect job, because (a) we have to except some
+    symbols that pcretest ("illegally") uses, and (b) the facility isn't always
+    available (and never for static libraries). I have made a note to try to
+    find a way round (a) in the future.
+
+
+Version 6.2 01-Aug-05
+---------------------
+
+ 1. There was no test for integer overflow of quantifier values. A construction
+    such as {1111111111111111} would give undefined results. What is worse, if
+    a minimum quantifier for a parenthesized subpattern overflowed and became
+    negative, the calculation of the memory size went wrong. This could have
+    led to memory overwriting.
+
+ 2. Building PCRE using VPATH was broken. Hopefully it is now fixed.
+
+ 3. Added "b" to the 2nd argument of fopen() in dftables.c, for non-Unix-like
+    operating environments where this matters.
+
+ 4. Applied Giuseppe Maxia's patch to add additional features for controlling
+    PCRE options from within the C++ wrapper.
+
+ 5. Named capturing subpatterns were not being correctly counted when a pattern
+    was compiled. This caused two problems: (a) If there were more than 100
+    such subpatterns, the calculation of the memory needed for the whole
+    compiled pattern went wrong, leading to an overflow error. (b) Numerical
+    back references of the form \12, where the number was greater than 9, were
+    not recognized as back references, even though there were sufficient
+    previous subpatterns.
+
+ 6. Two minor patches to pcrecpp.cc in order to allow it to compile on older
+    versions of gcc, e.g. 2.95.4.
+
+
+Version 6.1 21-Jun-05
+---------------------
+
+ 1. There was one reference to the variable "posix" in pcretest.c that was not
+    surrounded by "#if !defined NOPOSIX".
+
+ 2. Make it possible to compile pcretest without DFA support, UTF8 support, or
+    the cross-check on the old pcre_info() function, for the benefit of the
+    cut-down version of PCRE that is currently imported into Exim.
+
+ 3. A (silly) pattern starting with (?i)(?-i) caused an internal space
+    allocation error. I've done the easy fix, which wastes 2 bytes for sensible
+    patterns that start (?i) but I don't think that matters. The use of (?i) is
+    just an example; this all applies to the other options as well.
+
+ 4. Since libtool seems to echo the compile commands it is issuing, the output
+    from "make" can be reduced a bit by putting "@" in front of each libtool
+    compile command.
+
+ 5. Patch from the folks at Google for configure.in to be a bit more thorough
+    in checking for a suitable C++ installation before trying to compile the
+    C++ stuff. This should fix a reported problem when a compiler was present,
+    but no suitable headers.
+
+ 6. The man pages all had just "PCRE" as their title. I have changed them to
+    be the relevant file name. I have also arranged that these names are
+    retained in the file doc/pcre.txt, which is a concatenation in text format
+    of all the man pages except the little individual ones for each function.
+
+ 7. The NON-UNIX-USE file had not been updated for the different set of source
+    files that come with release 6. I also added a few comments about the C++
+    wrapper.
+
+
+Version 6.0 07-Jun-05
+---------------------
+
+ 1. Some minor internal re-organization to help with my DFA experiments.
+
+ 2. Some missing #ifdef SUPPORT_UCP conditionals in pcretest and printint that
+    didn't matter for the library itself when fully configured, but did matter
+    when compiling without UCP support, or within Exim, where the ucp files are
+    not imported.
+
+ 3. Refactoring of the library code to split up the various functions into
+    different source modules. The addition of the new DFA matching code (see
+    below) to a single monolithic source would have made it really too
+    unwieldy, quite apart from causing all the code to be include in a
+    statically linked application, when only some functions are used. This is
+    relevant even without the DFA addition now that patterns can be compiled in
+    one application and matched in another.
+
+    The downside of splitting up is that there have to be some external
+    functions and data tables that are used internally in different modules of
+    the library but which are not part of the API. These have all had their
+    names changed to start with "_pcre_" so that they are unlikely to clash
+    with other external names.
+
+ 4. Added an alternate matching function, pcre_dfa_exec(), which matches using
+    a different (DFA) algorithm. Although it is slower than the original
+    function, it does have some advantages for certain types of matching
+    problem.
+
+ 5. Upgrades to pcretest in order to test the features of pcre_dfa_exec(),
+    including restarting after a partial match.
+
+ 6. A patch for pcregrep that defines INVALID_FILE_ATTRIBUTES if it is not
+    defined when compiling for Windows was sent to me. I have put it into the
+    code, though I have no means of testing or verifying it.
+
+ 7. Added the pcre_refcount() auxiliary function.
+
+ 8. Added the PCRE_FIRSTLINE option. This constrains an unanchored pattern to
+    match before or at the first newline in the subject string. In pcretest,
+    the /f option on a pattern can be used to set this.
+
+ 9. A repeated \w when used in UTF-8 mode with characters greater than 256
+    would behave wrongly. This has been present in PCRE since release 4.0.
+
+10. A number of changes to the pcregrep command:
+
+    (a) Refactored how -x works; insert ^(...)$ instead of setting
+        PCRE_ANCHORED and checking the length, in preparation for adding
+        something similar for -w.
+
+    (b) Added the -w (match as a word) option.
+
+    (c) Refactored the way lines are read and buffered so as to have more
+        than one at a time available.
+
+    (d) Implemented a pcregrep test script.
+
+    (e) Added the -M (multiline match) option. This allows patterns to match
+        over several lines of the subject. The buffering ensures that at least
+        8K, or the rest of the document (whichever is the shorter) is available
+        for matching (and similarly the previous 8K for lookbehind assertions).
+
+    (f) Changed the --help output so that it now says
+
+          -w, --word-regex(p)
+
+        instead of two lines, one with "regex" and the other with "regexp"
+        because that confused at least one person since the short forms are the
+        same. (This required a bit of code, as the output is generated
+        automatically from a table. It wasn't just a text change.)
+
+    (g) -- can be used to terminate pcregrep options if the next thing isn't an
+        option but starts with a hyphen. Could be a pattern or a path name
+        starting with a hyphen, for instance.
+
+    (h) "-" can be given as a file name to represent stdin.
+
+    (i) When file names are being printed, "(standard input)" is used for
+        the standard input, for compatibility with GNU grep. Previously
+        "<stdin>" was used.
+
+    (j) The option --label=xxx can be used to supply a name to be used for
+        stdin when file names are being printed. There is no short form.
+
+    (k) Re-factored the options decoding logic because we are going to add
+        two more options that take data. Such options can now be given in four
+        different ways, e.g. "-fname", "-f name", "--file=name", "--file name".
+
+    (l) Added the -A, -B, and -C options for requesting that lines of context
+        around matches be printed.
+
+    (m) Added the -L option to print the names of files that do not contain
+        any matching lines, that is, the complement of -l.
+
+    (n) The return code is 2 if any file cannot be opened, but pcregrep does
+        continue to scan other files.
+
+    (o) The -s option was incorrectly implemented. For compatibility with other
+        greps, it now suppresses the error message for a non-existent or non-
+        accessible file (but not the return code). There is a new option called
+        -q that suppresses the output of matching lines, which was what -s was
+        previously doing.
+
+    (p) Added --include and --exclude options to specify files for inclusion
+        and exclusion when recursing.
+
+11. The Makefile was not using the Autoconf-supported LDFLAGS macro properly.
+    Hopefully, it now does.
+
+12. Missing cast in pcre_study().
+
+13. Added an "uninstall" target to the makefile.
+
+14. Replaced "extern" in the function prototypes in Makefile.in with
+    "PCRE_DATA_SCOPE", which defaults to 'extern' or 'extern "C"' in the Unix
+    world, but is set differently for Windows.
+
+15. Added a second compiling function called pcre_compile2(). The only
+    difference is that it has an extra argument, which is a pointer to an
+    integer error code. When there is a compile-time failure, this is set
+    non-zero, in addition to the error test pointer being set to point to an
+    error message. The new argument may be NULL if no error number is required
+    (but then you may as well call pcre_compile(), which is now just a
+    wrapper). This facility is provided because some applications need a
+    numeric error indication, but it has also enabled me to tidy up the way
+    compile-time errors are handled in the POSIX wrapper.
+
+16. Added VPATH=.libs to the makefile; this should help when building with one
+    prefix path and installing with another. (Or so I'm told by someone who
+    knows more about this stuff than I do.)
+
+17. Added a new option, REG_DOTALL, to the POSIX function regcomp(). This
+    passes PCRE_DOTALL to the pcre_compile() function, making the "." character
+    match everything, including newlines. This is not POSIX-compatible, but
+    somebody wanted the feature. From pcretest it can be activated by using
+    both the P and the s flags.
+
+18. AC_PROG_LIBTOOL appeared twice in Makefile.in. Removed one.
+
+19. libpcre.pc was being incorrectly installed as executable.
+
+20. A couple of places in pcretest check for end-of-line by looking for '\n';
+    it now also looks for '\r' so that it will work unmodified on Windows.
+
+21. Added Google's contributed C++ wrapper to the distribution.
+
+22. Added some untidy missing memory free() calls in pcretest, to keep
+    Electric Fence happy when testing.
+
+
+
+Version 5.0 13-Sep-04
+---------------------
+
+ 1. Internal change: literal characters are no longer packed up into items
+    containing multiple characters in a single byte-string. Each character
+    is now matched using a separate opcode. However, there may be more than one
+    byte in the character in UTF-8 mode.
+
+ 2. The pcre_callout_block structure has two new fields: pattern_position and
+    next_item_length. These contain the offset in the pattern to the next match
+    item, and its length, respectively.
+
+ 3. The PCRE_AUTO_CALLOUT option for pcre_compile() requests the automatic
+    insertion of callouts before each pattern item. Added the /C option to
+    pcretest to make use of this.
+
+ 4. On the advice of a Windows user, the lines
+
+      #if defined(_WIN32) || defined(WIN32)
+      _setmode( _fileno( stdout ), 0x8000 );
+      #endif  /* defined(_WIN32) || defined(WIN32) */
+
+    have been added to the source of pcretest. This apparently does useful
+    magic in relation to line terminators.
+
+ 5. Changed "r" and "w" in the calls to fopen() in pcretest to "rb" and "wb"
+    for the benefit of those environments where the "b" makes a difference.
+
+ 6. The icc compiler has the same options as gcc, but "configure" doesn't seem
+    to know about it. I have put a hack into configure.in that adds in code
+    to set GCC=yes if CC=icc. This seems to end up at a point in the
+    generated configure script that is early enough to affect the setting of
+    compiler options, which is what is needed, but I have no means of testing
+    whether it really works. (The user who reported this had patched the
+    generated configure script, which of course I cannot do.)
+
+    LATER: After change 22 below (new libtool files), the configure script
+    seems to know about icc (and also ecc). Therefore, I have commented out
+    this hack in configure.in.
+
+ 7. Added support for pkg-config (2 patches were sent in).
+
+ 8. Negated POSIX character classes that used a combination of internal tables
+    were completely broken. These were [[:^alpha:]], [[:^alnum:]], and
+    [[:^ascii]]. Typically, they would match almost any characters. The other
+    POSIX classes were not broken in this way.
+
+ 9. Matching the pattern "\b.*?" against "ab cd", starting at offset 1, failed
+    to find the match, as PCRE was deluded into thinking that the match had to
+    start at the start point or following a newline. The same bug applied to
+    patterns with negative forward assertions or any backward assertions
+    preceding ".*" at the start, unless the pattern required a fixed first
+    character. This was a failing pattern: "(?!.bcd).*". The bug is now fixed.
+
+10. In UTF-8 mode, when moving forwards in the subject after a failed match
+    starting at the last subject character, bytes beyond the end of the subject
+    string were read.
+
+11. Renamed the variable "class" as "classbits" to make life easier for C++
+    users. (Previously there was a macro definition, but it apparently wasn't
+    enough.)
+
+12. Added the new field "tables" to the extra data so that tables can be passed
+    in at exec time, or the internal tables can be re-selected. This allows
+    a compiled regex to be saved and re-used at a later time by a different
+    program that might have everything at different addresses.
+
+13. Modified the pcre-config script so that, when run on Solaris, it shows a
+    -R library as well as a -L library.
+
+14. The debugging options of pcretest (-d on the command line or D on a
+    pattern) showed incorrect output for anything following an extended class
+    that contained multibyte characters and which was followed by a quantifier.
+
+15. Added optional support for general category Unicode character properties
+    via the \p, \P, and \X escapes. Unicode property support implies UTF-8
+    support. It adds about 90K to the size of the library. The meanings of the
+    inbuilt class escapes such as \d and \s have NOT been changed.
+
+16. Updated pcredemo.c to include calls to free() to release the memory for the
+    compiled pattern.
+
+17. The generated file chartables.c was being created in the source directory
+    instead of in the building directory. This caused the build to fail if the
+    source directory was different from the building directory, and was
+    read-only.
+
+18. Added some sample Win commands from Mark Tetrode into the NON-UNIX-USE
+    file. No doubt somebody will tell me if they don't make sense... Also added
+    Dan Mooney's comments about building on OpenVMS.
+
+19. Added support for partial matching via the PCRE_PARTIAL option for
+    pcre_exec() and the \P data escape in pcretest.
+
+20. Extended pcretest with 3 new pattern features:
+
+    (i)   A pattern option of the form ">rest-of-line" causes pcretest to
+          write the compiled pattern to the file whose name is "rest-of-line".
+          This is a straight binary dump of the data, with the saved pointer to
+          the character tables forced to be NULL. The study data, if any, is
+          written too. After writing, pcretest reads a new pattern.
+
+    (ii)  If, instead of a pattern, "<rest-of-line" is given, pcretest reads a
+          compiled pattern from the given file. There must not be any
+          occurrences of "<" in the file name (pretty unlikely); if there are,
+          pcretest will instead treat the initial "<" as a pattern delimiter.
+          After reading in the pattern, pcretest goes on to read data lines as
+          usual.
+
+    (iii) The F pattern option causes pcretest to flip the bytes in the 32-bit
+          and 16-bit fields in a compiled pattern, to simulate a pattern that
+          was compiled on a host of opposite endianness.
+
+21. The pcre-exec() function can now cope with patterns that were compiled on
+    hosts of opposite endianness, with this restriction:
+
+      As for any compiled expression that is saved and used later, the tables
+      pointer field cannot be preserved; the extra_data field in the arguments
+      to pcre_exec() should be used to pass in a tables address if a value
+      other than the default internal tables were used at compile time.
+
+22. Calling pcre_exec() with a negative value of the "ovecsize" parameter is
+    now diagnosed as an error. Previously, most of the time, a negative number
+    would have been treated as zero, but if in addition "ovector" was passed as
+    NULL, a crash could occur.
+
+23. Updated the files ltmain.sh, config.sub, config.guess, and aclocal.m4 with
+    new versions from the libtool 1.5 distribution (the last one is a copy of
+    a file called libtool.m4). This seems to have fixed the need to patch
+    "configure" to support Darwin 1.3 (which I used to do). However, I still
+    had to patch ltmain.sh to ensure that ${SED} is set (it isn't on my
+    workstation).
+
+24. Changed the PCRE licence to be the more standard "BSD" licence.
+
+
+Version 4.5 01-Dec-03
+---------------------
+
+ 1. There has been some re-arrangement of the code for the match() function so
+    that it can be compiled in a version that does not call itself recursively.
+    Instead, it keeps those local variables that need separate instances for
+    each "recursion" in a frame on the heap, and gets/frees frames whenever it
+    needs to "recurse". Keeping track of where control must go is done by means
+    of setjmp/longjmp. The whole thing is implemented by a set of macros that
+    hide most of the details from the main code, and operates only if
+    NO_RECURSE is defined while compiling pcre.c. If PCRE is built using the
+    "configure" mechanism, "--disable-stack-for-recursion" turns on this way of
+    operating.
+
+    To make it easier for callers to provide specially tailored get/free
+    functions for this usage, two new functions, pcre_stack_malloc, and
+    pcre_stack_free, are used. They are always called in strict stacking order,
+    and the size of block requested is always the same.
+
+    The PCRE_CONFIG_STACKRECURSE info parameter can be used to find out whether
+    PCRE has been compiled to use the stack or the heap for recursion. The
+    -C option of pcretest uses this to show which version is compiled.
+
+    A new data escape \S, is added to pcretest; it causes the amounts of store
+    obtained and freed by both kinds of malloc/free at match time to be added
+    to the output.
+
+ 2. Changed the locale test to use "fr_FR" instead of "fr" because that's
+    what's available on my current Linux desktop machine.
+
+ 3. When matching a UTF-8 string, the test for a valid string at the start has
+    been extended. If start_offset is not zero, PCRE now checks that it points
+    to a byte that is the start of a UTF-8 character. If not, it returns
+    PCRE_ERROR_BADUTF8_OFFSET (-11). Note: the whole string is still checked;
+    this is necessary because there may be backward assertions in the pattern.
+    When matching the same subject several times, it may save resources to use
+    PCRE_NO_UTF8_CHECK on all but the first call if the string is long.
+
+ 4. The code for checking the validity of UTF-8 strings has been tightened so
+    that it rejects (a) strings containing 0xfe or 0xff bytes and (b) strings
+    containing "overlong sequences".
+
+ 5. Fixed a bug (appearing twice) that I could not find any way of exploiting!
+    I had written "if ((digitab[*p++] && chtab_digit) == 0)" where the "&&"
+    should have been "&", but it just so happened that all the cases this let
+    through by mistake were picked up later in the function.
+
+ 6. I had used a variable called "isblank" - this is a C99 function, causing
+    some compilers to warn. To avoid this, I renamed it (as "blankclass").
+
+ 7. Cosmetic: (a) only output another newline at the end of pcretest if it is
+    prompting; (b) run "./pcretest /dev/null" at the start of the test script
+    so the version is shown; (c) stop "make test" echoing "./RunTest".
+
+ 8. Added patches from David Burgess to enable PCRE to run on EBCDIC systems.
+
+ 9. The prototype for memmove() for systems that don't have it was using
+    size_t, but the inclusion of the header that defines size_t was later. I've
+    moved the #includes for the C headers earlier to avoid this.
+
+10. Added some adjustments to the code to make it easier to compiler on certain
+    special systems:
+
+      (a) Some "const" qualifiers were missing.
+      (b) Added the macro EXPORT before all exported functions; by default this
+          is defined to be empty.
+      (c) Changed the dftables auxiliary program (that builds chartables.c) so
+          that it reads its output file name as an argument instead of writing
+          to the standard output and assuming this can be redirected.
+
+11. In UTF-8 mode, if a recursive reference (e.g. (?1)) followed a character
+    class containing characters with values greater than 255, PCRE compilation
+    went into a loop.
+
+12. A recursive reference to a subpattern that was within another subpattern
+    that had a minimum quantifier of zero caused PCRE to crash. For example,
+    (x(y(?2))z)? provoked this bug with a subject that got as far as the
+    recursion. If the recursively-called subpattern itself had a zero repeat,
+    that was OK.
+
+13. In pcretest, the buffer for reading a data line was set at 30K, but the
+    buffer into which it was copied (for escape processing) was still set at
+    1024, so long lines caused crashes.
+
+14. A pattern such as /[ab]{1,3}+/ failed to compile, giving the error
+    "internal error: code overflow...". This applied to any character class
+    that was followed by a possessive quantifier.
+
+15. Modified the Makefile to add libpcre.la as a prerequisite for
+    libpcreposix.la because I was told this is needed for a parallel build to
+    work.
+
+16. If a pattern that contained .* following optional items at the start was
+    studied, the wrong optimizing data was generated, leading to matching
+    errors. For example, studying /[ab]*.*c/ concluded, erroneously, that any
+    matching string must start with a or b or c. The correct conclusion for
+    this pattern is that a match can start with any character.
+
+
+Version 4.4 13-Aug-03
+---------------------
+
+ 1. In UTF-8 mode, a character class containing characters with values between
+    127 and 255 was not handled correctly if the compiled pattern was studied.
+    In fixing this, I have also improved the studying algorithm for such
+    classes (slightly).
+
+ 2. Three internal functions had redundant arguments passed to them. Removal
+    might give a very teeny performance improvement.
+
+ 3. Documentation bug: the value of the capture_top field in a callout is *one
+    more than* the number of the hightest numbered captured substring.
+
+ 4. The Makefile linked pcretest and pcregrep with -lpcre, which could result
+    in incorrectly linking with a previously installed version. They now link
+    explicitly with libpcre.la.
+
+ 5. configure.in no longer needs to recognize Cygwin specially.
+
+ 6. A problem in pcre.in for Windows platforms is fixed.
+
+ 7. If a pattern was successfully studied, and the -d (or /D) flag was given to
+    pcretest, it used to include the size of the study block as part of its
+    output. Unfortunately, the structure contains a field that has a different
+    size on different hardware architectures. This meant that the tests that
+    showed this size failed. As the block is currently always of a fixed size,
+    this information isn't actually particularly useful in pcretest output, so
+    I have just removed it.
+
+ 8. Three pre-processor statements accidentally did not start in column 1.
+    Sadly, there are *still* compilers around that complain, even though
+    standard C has not required this for well over a decade. Sigh.
+
+ 9. In pcretest, the code for checking callouts passed small integers in the
+    callout_data field, which is a void * field. However, some picky compilers
+    complained about the casts involved for this on 64-bit systems. Now
+    pcretest passes the address of the small integer instead, which should get
+    rid of the warnings.
+
+10. By default, when in UTF-8 mode, PCRE now checks for valid UTF-8 strings at
+    both compile and run time, and gives an error if an invalid UTF-8 sequence
+    is found. There is a option for disabling this check in cases where the
+    string is known to be correct and/or the maximum performance is wanted.
+
+11. In response to a bug report, I changed one line in Makefile.in from
+
+        -Wl,--out-implib,.libs/lib@WIN_PREFIX@pcreposix.dll.a \
+    to
+        -Wl,--out-implib,.libs/@WIN_PREFIX@libpcreposix.dll.a \
+
+    to look similar to other lines, but I have no way of telling whether this
+    is the right thing to do, as I do not use Windows. No doubt I'll get told
+    if it's wrong...
+
+
+Version 4.3 21-May-03
+---------------------
+
+1. Two instances of @WIN_PREFIX@ omitted from the Windows targets in the
+   Makefile.
+
+2. Some refactoring to improve the quality of the code:
+
+   (i)   The utf8_table... variables are now declared "const".
+
+   (ii)  The code for \cx, which used the "case flipping" table to upper case
+         lower case letters, now just substracts 32. This is ASCII-specific,
+         but the whole concept of \cx is ASCII-specific, so it seems
+         reasonable.
+
+   (iii) PCRE was using its character types table to recognize decimal and
+         hexadecimal digits in the pattern. This is silly, because it handles
+         only 0-9, a-f, and A-F, but the character types table is locale-
+         specific, which means strange things might happen. A private
+         table is now used for this - though it costs 256 bytes, a table is
+         much faster than multiple explicit tests. Of course, the standard
+         character types table is still used for matching digits in subject
+         strings against \d.
+
+   (iv)  Strictly, the identifier ESC_t is reserved by POSIX (all identifiers
+         ending in _t are). So I've renamed it as ESC_tee.
+
+3. The first argument for regexec() in the POSIX wrapper should have been
+   defined as "const".
+
+4. Changed pcretest to use malloc() for its buffers so that they can be
+   Electric Fenced for debugging.
+
+5. There were several places in the code where, in UTF-8 mode, PCRE would try
+   to read one or more bytes before the start of the subject string. Often this
+   had no effect on PCRE's behaviour, but in some circumstances it could
+   provoke a segmentation fault.
+
+6. A lookbehind at the start of a pattern in UTF-8 mode could also cause PCRE
+   to try to read one or more bytes before the start of the subject string.
+
+7. A lookbehind in a pattern matched in non-UTF-8 mode on a PCRE compiled with
+   UTF-8 support could misbehave in various ways if the subject string
+   contained bytes with the 0x80 bit set and the 0x40 bit unset in a lookbehind
+   area. (PCRE was not checking for the UTF-8 mode flag, and trying to move
+   back over UTF-8 characters.)
+
+
+Version 4.2 14-Apr-03
+---------------------
+
+1. Typo "#if SUPPORT_UTF8" instead of "#ifdef SUPPORT_UTF8" fixed.
+
+2. Changes to the building process, supplied by Ronald Landheer-Cieslak
+     [ON_WINDOWS]: new variable, "#" on non-Windows platforms
+     [NOT_ON_WINDOWS]: new variable, "#" on Windows platforms
+     [WIN_PREFIX]: new variable, "cyg" for Cygwin
+     * Makefile.in: use autoconf substitution for OBJEXT, EXEEXT, BUILD_OBJEXT
+       and BUILD_EXEEXT
+     Note: automatic setting of the BUILD variables is not yet working
+     set CPPFLAGS and BUILD_CPPFLAGS (but don't use yet) - should be used at
+       compile-time but not at link-time
+     [LINK]: use for linking executables only
+     make different versions for Windows and non-Windows
+     [LINKLIB]: new variable, copy of UNIX-style LINK, used for linking
+       libraries
+     [LINK_FOR_BUILD]: new variable
+     [OBJEXT]: use throughout
+     [EXEEXT]: use throughout
+     <winshared>: new target
+     <wininstall>: new target
+     <dftables.o>: use native compiler
+     <dftables>: use native linker
+     <install>: handle Windows platform correctly
+     <clean>: ditto
+     <check>: ditto
+     copy DLL to top builddir before testing
+
+   As part of these changes, -no-undefined was removed again. This was reported
+   to give trouble on HP-UX 11.0, so getting rid of it seems like a good idea
+   in any case.
+
+3. Some tidies to get rid of compiler warnings:
+
+   . In the match_data structure, match_limit was an unsigned long int, whereas
+     match_call_count was an int. I've made them both unsigned long ints.
+
+   . In pcretest the fact that a const uschar * doesn't automatically cast to
+     a void * provoked a warning.
+
+   . Turning on some more compiler warnings threw up some "shadow" variables
+     and a few more missing casts.
+
+4. If PCRE was complied with UTF-8 support, but called without the PCRE_UTF8
+   option, a class that contained a single character with a value between 128
+   and 255 (e.g. /[\xFF]/) caused PCRE to crash.
+
+5. If PCRE was compiled with UTF-8 support, but called without the PCRE_UTF8
+   option, a class that contained several characters, but with at least one
+   whose value was between 128 and 255 caused PCRE to crash.
+
+
+Version 4.1 12-Mar-03
+---------------------
+
+1. Compiling with gcc -pedantic found a couple of places where casts were
+needed, and a string in dftables.c that was longer than standard compilers are
+required to support.
+
+2. Compiling with Sun's compiler found a few more places where the code could
+be tidied up in order to avoid warnings.
+
+3. The variables for cross-compiling were called HOST_CC and HOST_CFLAGS; the
+first of these names is deprecated in the latest Autoconf in favour of the name
+CC_FOR_BUILD, because "host" is typically used to mean the system on which the
+compiled code will be run. I can't find a reference for HOST_CFLAGS, but by
+analogy I have changed it to CFLAGS_FOR_BUILD.
+
+4. Added -no-undefined to the linking command in the Makefile, because this is
+apparently helpful for Windows. To make it work, also added "-L. -lpcre" to the
+linking step for the pcreposix library.
+
+5. PCRE was failing to diagnose the case of two named groups with the same
+name.
+
+6. A problem with one of PCRE's optimizations was discovered. PCRE remembers a
+literal character that is needed in the subject for a match, and scans along to
+ensure that it is present before embarking on the full matching process. This
+saves time in cases of nested unlimited repeats that are never going to match.
+Problem: the scan can take a lot of time if the subject is very long (e.g.
+megabytes), thus penalizing straightforward matches. It is now done only if the
+amount of subject to be scanned is less than 1000 bytes.
+
+7. A lesser problem with the same optimization is that it was recording the
+first character of an anchored pattern as "needed", thus provoking a search
+right along the subject, even when the first match of the pattern was going to
+fail. The "needed" character is now not set for anchored patterns, unless it
+follows something in the pattern that is of non-fixed length. Thus, it still
+fulfils its original purpose of finding quick non-matches in cases of nested
+unlimited repeats, but isn't used for simple anchored patterns such as /^abc/.
+
+
+Version 4.0 17-Feb-03
+---------------------
+
+1. If a comment in an extended regex that started immediately after a meta-item
+extended to the end of string, PCRE compiled incorrect data. This could lead to
+all kinds of weird effects. Example: /#/ was bad; /()#/ was bad; /a#/ was not.
+
+2. Moved to autoconf 2.53 and libtool 1.4.2.
+
+3. Perl 5.8 no longer needs "use utf8" for doing UTF-8 things. Consequently,
+the special perltest8 script is no longer needed - all the tests can be run
+from a single perltest script.
+
+4. From 5.004, Perl has not included the VT character (0x0b) in the set defined
+by \s. It has now been removed in PCRE. This means it isn't recognized as
+whitespace in /x regexes too, which is the same as Perl. Note that the POSIX
+class [:space:] *does* include VT, thereby creating a mess.
+
+5. Added the class [:blank:] (a GNU extension from Perl 5.8) to match only
+space and tab.
+
+6. Perl 5.005 was a long time ago. It's time to amalgamate the tests that use
+its new features into the main test script, reducing the number of scripts.
+
+7. Perl 5.8 has changed the meaning of patterns like /a(?i)b/. Earlier versions
+were backward compatible, and made the (?i) apply to the whole pattern, as if
+/i were given. Now it behaves more logically, and applies the option setting
+only to what follows. PCRE has been changed to follow suit. However, if it
+finds options settings right at the start of the pattern, it extracts them into
+the global options, as before. Thus, they show up in the info data.
+
+8. Added support for the \Q...\E escape sequence. Characters in between are
+treated as literals. This is slightly different from Perl in that $ and @ are
+also handled as literals inside the quotes. In Perl, they will cause variable
+interpolation. Note the following examples:
+
+    Pattern            PCRE matches      Perl matches
+
+    \Qabc$xyz\E        abc$xyz           abc followed by the contents of $xyz
+    \Qabc\$xyz\E       abc\$xyz          abc\$xyz
+    \Qabc\E\$\Qxyz\E   abc$xyz           abc$xyz
+
+For compatibility with Perl, \Q...\E sequences are recognized inside character
+classes as well as outside them.
+
+9. Re-organized 3 code statements in pcretest to avoid "overflow in
+floating-point constant arithmetic" warnings from a Microsoft compiler. Added a
+(size_t) cast to one statement in pcretest and one in pcreposix to avoid
+signed/unsigned warnings.
+
+10. SunOS4 doesn't have strtoul(). This was used only for unpicking the -o
+option for pcretest, so I've replaced it by a simple function that does just
+that job.
+
+11. pcregrep was ending with code 0 instead of 2 for the commands "pcregrep" or
+"pcregrep -".
+
+12. Added "possessive quantifiers" ?+, *+, ++, and {,}+ which come from Sun's
+Java package. This provides some syntactic sugar for simple cases of what my
+documentation calls "once-only subpatterns". A pattern such as x*+ is the same
+as (?>x*). In other words, if what is inside (?>...) is just a single repeated
+item, you can use this simplified notation. Note that only makes sense with
+greedy quantifiers. Consequently, the use of the possessive quantifier forces
+greediness, whatever the setting of the PCRE_UNGREEDY option.
+
+13. A change of greediness default within a pattern was not taking effect at
+the current level for patterns like /(b+(?U)a+)/. It did apply to parenthesized
+subpatterns that followed. Patterns like /b+(?U)a+/ worked because the option
+was abstracted outside.
+
+14. PCRE now supports the \G assertion. It is true when the current matching
+position is at the start point of the match. This differs from \A when the
+starting offset is non-zero. Used with the /g option of pcretest (or similar
+code), it works in the same way as it does for Perl's /g option. If all
+alternatives of a regex begin with \G, the expression is anchored to the start
+match position, and the "anchored" flag is set in the compiled expression.
+
+15. Some bugs concerning the handling of certain option changes within patterns
+have been fixed. These applied to options other than (?ims). For example,
+"a(?x: b c )d" did not match "XabcdY" but did match "Xa b c dY". It should have
+been the other way round. Some of this was related to change 7 above.
+
+16. PCRE now gives errors for /[.x.]/ and /[=x=]/ as unsupported POSIX
+features, as Perl does. Previously, PCRE gave the warnings only for /[[.x.]]/
+and /[[=x=]]/. PCRE now also gives an error for /[:name:]/ because it supports
+POSIX classes only within a class (e.g. /[[:alpha:]]/).
+
+17. Added support for Perl's \C escape. This matches one byte, even in UTF8
+mode. Unlike ".", it always matches newline, whatever the setting of
+PCRE_DOTALL. However, PCRE does not permit \C to appear in lookbehind
+assertions. Perl allows it, but it doesn't (in general) work because it can't
+calculate the length of the lookbehind. At least, that's the case for Perl
+5.8.0 - I've been told they are going to document that it doesn't work in
+future.
+
+18. Added an error diagnosis for escapes that PCRE does not support: these are
+\L, \l, \N, \P, \p, \U, \u, and \X.
+
+19. Although correctly diagnosing a missing ']' in a character class, PCRE was
+reading past the end of the pattern in cases such as /[abcd/.
+
+20. PCRE was getting more memory than necessary for patterns with classes that
+contained both POSIX named classes and other characters, e.g. /[[:space:]abc/.
+
+21. Added some code, conditional on #ifdef VPCOMPAT, to make life easier for
+compiling PCRE for use with Virtual Pascal.
+
+22. Small fix to the Makefile to make it work properly if the build is done
+outside the source tree.
+
+23. Added a new extension: a condition to go with recursion. If a conditional
+subpattern starts with (?(R) the "true" branch is used if recursion has
+happened, whereas the "false" branch is used only at the top level.
+
+24. When there was a very long string of literal characters (over 255 bytes
+without UTF support, over 250 bytes with UTF support), the computation of how
+much memory was required could be incorrect, leading to segfaults or other
+strange effects.
+
+25. PCRE was incorrectly assuming anchoring (either to start of subject or to
+start of line for a non-DOTALL pattern) when a pattern started with (.*) and
+there was a subsequent back reference to those brackets. This meant that, for
+example, /(.*)\d+\1/ failed to match "abc123bc". Unfortunately, it isn't
+possible to check for precisely this case. All we can do is abandon the
+optimization if .* occurs inside capturing brackets when there are any back
+references whatsoever. (See below for a better fix that came later.)
+
+26. The handling of the optimization for finding the first character of a
+non-anchored pattern, and for finding a character that is required later in the
+match were failing in some cases. This didn't break the matching; it just
+failed to optimize when it could. The way this is done has been re-implemented.
+
+27. Fixed typo in error message for invalid (?R item (it said "(?p").
+
+28. Added a new feature that provides some of the functionality that Perl
+provides with (?{...}). The facility is termed a "callout". The way it is done
+in PCRE is for the caller to provide an optional function, by setting
+pcre_callout to its entry point. Like pcre_malloc and pcre_free, this is a
+global variable. By default it is unset, which disables all calling out. To get
+the function called, the regex must include (?C) at appropriate points. This
+is, in fact, equivalent to (?C0), and any number <= 255 may be given with (?C).
+This provides a means of identifying different callout points. When PCRE
+reaches such a point in the regex, if pcre_callout has been set, the external
+function is called. It is provided with data in a structure called
+pcre_callout_block, which is defined in pcre.h. If the function returns 0,
+matching continues; if it returns a non-zero value, the match at the current
+point fails. However, backtracking will occur if possible. [This was changed
+later and other features added - see item 49 below.]
+
+29. pcretest is upgraded to test the callout functionality. It provides a
+callout function that displays information. By default, it shows the start of
+the match and the current position in the text. There are some new data escapes
+to vary what happens:
+
+    \C+         in addition, show current contents of captured substrings
+    \C-         do not supply a callout function
+    \C!n        return 1 when callout number n is reached
+    \C!n!m      return 1 when callout number n is reached for the mth time
+
+30. If pcregrep was called with the -l option and just a single file name, it
+output "<stdin>" if a match was found, instead of the file name.
+
+31. Improve the efficiency of the POSIX API to PCRE. If the number of capturing
+slots is less than POSIX_MALLOC_THRESHOLD, use a block on the stack to pass to
+pcre_exec(). This saves a malloc/free per call. The default value of
+POSIX_MALLOC_THRESHOLD is 10; it can be changed by --with-posix-malloc-threshold
+when configuring.
+
+32. The default maximum size of a compiled pattern is 64K. There have been a
+few cases of people hitting this limit. The code now uses macros to handle the
+storing of links as offsets within the compiled pattern. It defaults to 2-byte
+links, but this can be changed to 3 or 4 bytes by --with-link-size when
+configuring. Tests 2 and 5 work only with 2-byte links because they output
+debugging information about compiled patterns.
+
+33. Internal code re-arrangements:
+
+(a) Moved the debugging function for printing out a compiled regex into
+    its own source file (printint.c) and used #include to pull it into
+    pcretest.c and, when DEBUG is defined, into pcre.c, instead of having two
+    separate copies.
+
+(b) Defined the list of op-code names for debugging as a macro in
+    internal.h so that it is next to the definition of the opcodes.
+
+(c) Defined a table of op-code lengths for simpler skipping along compiled
+    code. This is again a macro in internal.h so that it is next to the
+    definition of the opcodes.
+
+34. Added support for recursive calls to individual subpatterns, along the
+lines of Robin Houston's patch (but implemented somewhat differently).
+
+35. Further mods to the Makefile to help Win32. Also, added code to pcregrep to
+allow it to read and process whole directories in Win32. This code was
+contributed by Lionel Fourquaux; it has not been tested by me.
+
+36. Added support for named subpatterns. The Python syntax (?P<name>...) is
+used to name a group. Names consist of alphanumerics and underscores, and must
+be unique. Back references use the syntax (?P=name) and recursive calls use
+(?P>name) which is a PCRE extension to the Python extension. Groups still have
+numbers. The function pcre_fullinfo() can be used after compilation to extract
+a name/number map. There are three relevant calls:
+
+  PCRE_INFO_NAMEENTRYSIZE        yields the size of each entry in the map
+  PCRE_INFO_NAMECOUNT            yields the number of entries
+  PCRE_INFO_NAMETABLE            yields a pointer to the map.
+
+The map is a vector of fixed-size entries. The size of each entry depends on
+the length of the longest name used. The first two bytes of each entry are the
+group number, most significant byte first. There follows the corresponding
+name, zero terminated. The names are in alphabetical order.
+
+37. Make the maximum literal string in the compiled code 250 for the non-UTF-8
+case instead of 255. Making it the same both with and without UTF-8 support
+means that the same test output works with both.
+
+38. There was a case of malloc(0) in the POSIX testing code in pcretest. Avoid
+calling malloc() with a zero argument.
+
+39. Change 25 above had to resort to a heavy-handed test for the .* anchoring
+optimization. I've improved things by keeping a bitmap of backreferences with
+numbers 1-31 so that if .* occurs inside capturing brackets that are not in
+fact referenced, the optimization can be applied. It is unlikely that a
+relevant occurrence of .* (i.e. one which might indicate anchoring or forcing
+the match to follow \n) will appear inside brackets with a number greater than
+31, but if it does, any back reference > 31 suppresses the optimization.
+
+40. Added a new compile-time option PCRE_NO_AUTO_CAPTURE. This has the effect
+of disabling numbered capturing parentheses. Any opening parenthesis that is
+not followed by ? behaves as if it were followed by ?: but named parentheses
+can still be used for capturing (and they will acquire numbers in the usual
+way).
+
+41. Redesigned the return codes from the match() function into yes/no/error so
+that errors can be passed back from deep inside the nested calls. A malloc
+failure while inside a recursive subpattern call now causes the
+PCRE_ERROR_NOMEMORY return instead of quietly going wrong.
+
+42. It is now possible to set a limit on the number of times the match()
+function is called in a call to pcre_exec(). This facility makes it possible to
+limit the amount of recursion and backtracking, though not in a directly
+obvious way, because the match() function is used in a number of different
+circumstances. The count starts from zero for each position in the subject
+string (for non-anchored patterns). The default limit is, for compatibility, a
+large number, namely 10 000 000. You can change this in two ways:
+
+(a) When configuring PCRE before making, you can use --with-match-limit=n
+    to set a default value for the compiled library.
+
+(b) For each call to pcre_exec(), you can pass a pcre_extra block in which
+    a different value is set. See 45 below.
+
+If the limit is exceeded, pcre_exec() returns PCRE_ERROR_MATCHLIMIT.
+
+43. Added a new function pcre_config(int, void *) to enable run-time extraction
+of things that can be changed at compile time. The first argument specifies
+what is wanted and the second points to where the information is to be placed.
+The current list of available information is:
+
+  PCRE_CONFIG_UTF8
+
+The output is an integer that is set to one if UTF-8 support is available;
+otherwise it is set to zero.
+
+  PCRE_CONFIG_NEWLINE
+
+The output is an integer that it set to the value of the code that is used for
+newline. It is either LF (10) or CR (13).
+
+  PCRE_CONFIG_LINK_SIZE
+
+The output is an integer that contains the number of bytes used for internal
+linkage in compiled expressions. The value is 2, 3, or 4. See item 32 above.
+
+  PCRE_CONFIG_POSIX_MALLOC_THRESHOLD
+
+The output is an integer that contains the threshold above which the POSIX
+interface uses malloc() for output vectors. See item 31 above.
+
+  PCRE_CONFIG_MATCH_LIMIT
+
+The output is an unsigned integer that contains the default limit of the number
+of match() calls in a pcre_exec() execution. See 42 above.
+
+44. pcretest has been upgraded by the addition of the -C option. This causes it
+to extract all the available output from the new pcre_config() function, and to
+output it. The program then exits immediately.
+
+45. A need has arisen to pass over additional data with calls to pcre_exec() in
+order to support additional features. One way would have been to define
+pcre_exec2() (for example) with extra arguments, but this would not have been
+extensible, and would also have required all calls to the original function to
+be mapped to the new one. Instead, I have chosen to extend the mechanism that
+is used for passing in "extra" data from pcre_study().
+
+The pcre_extra structure is now exposed and defined in pcre.h. It currently
+contains the following fields:
+
+  flags         a bitmap indicating which of the following fields are set
+  study_data    opaque data from pcre_study()
+  match_limit   a way of specifying a limit on match() calls for a specific
+                  call to pcre_exec()
+  callout_data  data for callouts (see 49 below)
+
+The flag bits are also defined in pcre.h, and are
+
+  PCRE_EXTRA_STUDY_DATA
+  PCRE_EXTRA_MATCH_LIMIT
+  PCRE_EXTRA_CALLOUT_DATA
+
+The pcre_study() function now returns one of these new pcre_extra blocks, with
+the actual study data pointed to by the study_data field, and the
+PCRE_EXTRA_STUDY_DATA flag set. This can be passed directly to pcre_exec() as
+before. That is, this change is entirely upwards-compatible and requires no
+change to existing code.
+
+If you want to pass in additional data to pcre_exec(), you can either place it
+in a pcre_extra block provided by pcre_study(), or create your own pcre_extra
+block.
+
+46. pcretest has been extended to test the PCRE_EXTRA_MATCH_LIMIT feature. If a
+data string contains the escape sequence \M, pcretest calls pcre_exec() several
+times with different match limits, until it finds the minimum value needed for
+pcre_exec() to complete. The value is then output. This can be instructive; for
+most simple matches the number is quite small, but for pathological cases it
+gets very large very quickly.
+
+47. There's a new option for pcre_fullinfo() called PCRE_INFO_STUDYSIZE. It
+returns the size of the data block pointed to by the study_data field in a
+pcre_extra block, that is, the value that was passed as the argument to
+pcre_malloc() when PCRE was getting memory in which to place the information
+created by pcre_study(). The fourth argument should point to a size_t variable.
+pcretest has been extended so that this information is shown after a successful
+pcre_study() call when information about the compiled regex is being displayed.
+
+48. Cosmetic change to Makefile: there's no need to have / after $(DESTDIR)
+because what follows is always an absolute path. (Later: it turns out that this
+is more than cosmetic for MinGW, because it doesn't like empty path
+components.)
+
+49. Some changes have been made to the callout feature (see 28 above):
+
+(i)  A callout function now has three choices for what it returns:
+
+       0  =>  success, carry on matching
+     > 0  =>  failure at this point, but backtrack if possible
+     < 0  =>  serious error, return this value from pcre_exec()
+
+     Negative values should normally be chosen from the set of PCRE_ERROR_xxx
+     values. In particular, returning PCRE_ERROR_NOMATCH forces a standard
+     "match failed" error. The error number PCRE_ERROR_CALLOUT is reserved for
+     use by callout functions. It will never be used by PCRE itself.
+
+(ii) The pcre_extra structure (see 45 above) has a void * field called
+     callout_data, with corresponding flag bit PCRE_EXTRA_CALLOUT_DATA. The
+     pcre_callout_block structure has a field of the same name. The contents of
+     the field passed in the pcre_extra structure are passed to the callout
+     function in the corresponding field in the callout block. This makes it
+     easier to use the same callout-containing regex from multiple threads. For
+     testing, the pcretest program has a new data escape
+
+       \C*n        pass the number n (may be negative) as callout_data
+
+     If the callout function in pcretest receives a non-zero value as
+     callout_data, it returns that value.
+
+50. Makefile wasn't handling CFLAGS properly when compiling dftables. Also,
+there were some redundant $(CFLAGS) in commands that are now specified as
+$(LINK), which already includes $(CFLAGS).
+
+51. Extensions to UTF-8 support are listed below. These all apply when (a) PCRE
+has been compiled with UTF-8 support *and* pcre_compile() has been compiled
+with the PCRE_UTF8 flag. Patterns that are compiled without that flag assume
+one-byte characters throughout. Note that case-insensitive matching applies
+only to characters whose values are less than 256. PCRE doesn't support the
+notion of cases for higher-valued characters.
+
+(i)   A character class whose characters are all within 0-255 is handled as
+      a bit map, and the map is inverted for negative classes. Previously, a
+      character > 255 always failed to match such a class; however it should
+      match if the class was a negative one (e.g. [^ab]). This has been fixed.
+
+(ii)  A negated character class with a single character < 255 is coded as
+      "not this character" (OP_NOT). This wasn't working properly when the test
+      character was multibyte, either singly or repeated.
+
+(iii) Repeats of multibyte characters are now handled correctly in UTF-8
+      mode, for example: \x{100}{2,3}.
+
+(iv)  The character escapes \b, \B, \d, \D, \s, \S, \w, and \W (either
+      singly or repeated) now correctly test multibyte characters. However,
+      PCRE doesn't recognize any characters with values greater than 255 as
+      digits, spaces, or word characters. Such characters always match \D, \S,
+      and \W, and never match \d, \s, or \w.
+
+(v)   Classes may now contain characters and character ranges with values
+      greater than 255. For example: [ab\x{100}-\x{400}].
+
+(vi)  pcregrep now has a --utf-8 option (synonym -u) which makes it call
+      PCRE in UTF-8 mode.
+
+52. The info request value PCRE_INFO_FIRSTCHAR has been renamed
+PCRE_INFO_FIRSTBYTE because it is a byte value. However, the old name is
+retained for backwards compatibility. (Note that LASTLITERAL is also a byte
+value.)
+
+53. The single man page has become too large. I have therefore split it up into
+a number of separate man pages. These also give rise to individual HTML pages;
+these are now put in a separate directory, and there is an index.html page that
+lists them all. Some hyperlinking between the pages has been installed.
+
+54. Added convenience functions for handling named capturing parentheses.
+
+55. Unknown escapes inside character classes (e.g. [\M]) and escapes that
+aren't interpreted therein (e.g. [\C]) are literals in Perl. This is now also
+true in PCRE, except when the PCRE_EXTENDED option is set, in which case they
+are faulted.
+
+56. Introduced HOST_CC and HOST_CFLAGS which can be set in the environment when
+calling configure. These values are used when compiling the dftables.c program
+which is run to generate the source of the default character tables. They
+default to the values of CC and CFLAGS. If you are cross-compiling PCRE,
+you will need to set these values.
+
+57. Updated the building process for Windows DLL, as provided by Fred Cox.
+
+
+Version 3.9 02-Jan-02
+---------------------
+
+1. A bit of extraneous text had somehow crept into the pcregrep documentation.
+
+2. If --disable-static was given, the building process failed when trying to
+build pcretest and pcregrep. (For some reason it was using libtool to compile
+them, which is not right, as they aren't part of the library.)
+
+
+Version 3.8 18-Dec-01
+---------------------
+
+1. The experimental UTF-8 code was completely screwed up. It was packing the
+bytes in the wrong order. How dumb can you get?
+
+
+Version 3.7 29-Oct-01
+---------------------
+
+1. In updating pcretest to check change 1 of version 3.6, I screwed up.
+This caused pcretest, when used on the test data, to segfault. Unfortunately,
+this didn't happen under Solaris 8, where I normally test things.
+
+2. The Makefile had to be changed to make it work on BSD systems, where 'make'
+doesn't seem to recognize that ./xxx and xxx are the same file. (This entry
+isn't in ChangeLog distributed with 3.7 because I forgot when I hastily made
+this fix an hour or so after the initial 3.7 release.)
+
+
+Version 3.6 23-Oct-01
+---------------------
+
+1. Crashed with /(sens|respons)e and \1ibility/ and "sense and sensibility" if
+offsets passed as NULL with zero offset count.
+
+2. The config.guess and config.sub files had not been updated when I moved to
+the latest autoconf.
+
+
+Version 3.5 15-Aug-01
+---------------------
+
+1. Added some missing #if !defined NOPOSIX conditionals in pcretest.c that
+had been forgotten.
+
+2. By using declared but undefined structures, we can avoid using "void"
+definitions in pcre.h while keeping the internal definitions of the structures
+private.
+
+3. The distribution is now built using autoconf 2.50 and libtool 1.4. From a
+user point of view, this means that both static and shared libraries are built
+by default, but this can be individually controlled. More of the work of
+handling this static/shared cases is now inside libtool instead of PCRE's make
+file.
+
+4. The pcretest utility is now installed along with pcregrep because it is
+useful for users (to test regexs) and by doing this, it automatically gets
+relinked by libtool. The documentation has been turned into a man page, so
+there are now .1, .txt, and .html versions in /doc.
+
+5. Upgrades to pcregrep:
+   (i)   Added long-form option names like gnu grep.
+   (ii)  Added --help to list all options with an explanatory phrase.
+   (iii) Added -r, --recursive to recurse into sub-directories.
+   (iv)  Added -f, --file to read patterns from a file.
+
+6. pcre_exec() was referring to its "code" argument before testing that
+argument for NULL (and giving an error if it was NULL).
+
+7. Upgraded Makefile.in to allow for compiling in a different directory from
+the source directory.
+
+8. Tiny buglet in pcretest: when pcre_fullinfo() was called to retrieve the
+options bits, the pointer it was passed was to an int instead of to an unsigned
+long int. This mattered only on 64-bit systems.
+
+9. Fixed typo (3.4/1) in pcre.h again. Sigh. I had changed pcre.h (which is
+generated) instead of pcre.in, which it its source. Also made the same change
+in several of the .c files.
+
+10. A new release of gcc defines printf() as a macro, which broke pcretest
+because it had an ifdef in the middle of a string argument for printf(). Fixed
+by using separate calls to printf().
+
+11. Added --enable-newline-is-cr and --enable-newline-is-lf to the configure
+script, to force use of CR or LF instead of \n in the source. On non-Unix
+systems, the value can be set in config.h.
+
+12. The limit of 200 on non-capturing parentheses is a _nesting_ limit, not an
+absolute limit. Changed the text of the error message to make this clear, and
+likewise updated the man page.
+
+13. The limit of 99 on the number of capturing subpatterns has been removed.
+The new limit is 65535, which I hope will not be a "real" limit.
+
+
+Version 3.4 22-Aug-00
+---------------------
+
+1. Fixed typo in pcre.h: unsigned const char * changed to const unsigned char *.
+
+2. Diagnose condition (?(0) as an error instead of crashing on matching.
+
+
+Version 3.3 01-Aug-00
+---------------------
+
+1. If an octal character was given, but the value was greater than \377, it
+was not getting masked to the least significant bits, as documented. This could
+lead to crashes in some systems.
+
+2. Perl 5.6 (if not earlier versions) accepts classes like [a-\d] and treats
+the hyphen as a literal. PCRE used to give an error; it now behaves like Perl.
+
+3. Added the functions pcre_free_substring() and pcre_free_substring_list().
+These just pass their arguments on to (pcre_free)(), but they are provided
+because some uses of PCRE bind it to non-C systems that can call its functions,
+but cannot call free() or pcre_free() directly.
+
+4. Add "make test" as a synonym for "make check". Corrected some comments in
+the Makefile.
+
+5. Add $(DESTDIR)/ in front of all the paths in the "install" target in the
+Makefile.
+
+6. Changed the name of pgrep to pcregrep, because Solaris has introduced a
+command called pgrep for grepping around the active processes.
+
+7. Added the beginnings of support for UTF-8 character strings.
+
+8. Arranged for the Makefile to pass over the settings of CC, CFLAGS, and
+RANLIB to ./ltconfig so that they are used by libtool. I think these are all
+the relevant ones. (AR is not passed because ./ltconfig does its own figuring
+out for the ar command.)
+
+
+Version 3.2 12-May-00
+---------------------
+
+This is purely a bug fixing release.
+
+1. If the pattern /((Z)+|A)*/ was matched agained ZABCDEFG it matched Z instead
+of ZA. This was just one example of several cases that could provoke this bug,
+which was introduced by change 9 of version 2.00. The code for breaking
+infinite loops after an iteration that matches an empty string was't working
+correctly.
+
+2. The pcretest program was not imitating Perl correctly for the pattern /a*/g
+when matched against abbab (for example). After matching an empty string, it
+wasn't forcing anchoring when setting PCRE_NOTEMPTY for the next attempt; this
+caused it to match further down the string than it should.
+
+3. The code contained an inclusion of sys/types.h. It isn't clear why this
+was there because it doesn't seem to be needed, and it causes trouble on some
+systems, as it is not a Standard C header. It has been removed.
+
+4. Made 4 silly changes to the source to avoid stupid compiler warnings that
+were reported on the Macintosh. The changes were from
+
+  while ((c = *(++ptr)) != 0 && c != '\n');
+to
+  while ((c = *(++ptr)) != 0 && c != '\n') ;
+
+Totally extraordinary, but if that's what it takes...
+
+5. PCRE is being used in one environment where neither memmove() nor bcopy() is
+available. Added HAVE_BCOPY and an autoconf test for it; if neither
+HAVE_MEMMOVE nor HAVE_BCOPY is set, use a built-in emulation function which
+assumes the way PCRE uses memmove() (always moving upwards).
+
+6. PCRE is being used in one environment where strchr() is not available. There
+was only one use in pcre.c, and writing it out to avoid strchr() probably gives
+faster code anyway.
+
+
+Version 3.1 09-Feb-00
+---------------------
+
+The only change in this release is the fixing of some bugs in Makefile.in for
+the "install" target:
+
+(1) It was failing to install pcreposix.h.
+
+(2) It was overwriting the pcre.3 man page with the pcreposix.3 man page.
+
+
+Version 3.0 01-Feb-00
+---------------------
+
+1. Add support for the /+ modifier to perltest (to output $` like it does in
+pcretest).
+
+2. Add support for the /g modifier to perltest.
+
+3. Fix pcretest so that it behaves even more like Perl for /g when the pattern
+matches null strings.
+
+4. Fix perltest so that it doesn't do unwanted things when fed an empty
+pattern. Perl treats empty patterns specially - it reuses the most recent
+pattern, which is not what we want. Replace // by /(?#)/ in order to avoid this
+effect.
+
+5. The POSIX interface was broken in that it was just handing over the POSIX
+captured string vector to pcre_exec(), but (since release 2.00) PCRE has
+required a bigger vector, with some working space on the end. This means that
+the POSIX wrapper now has to get and free some memory, and copy the results.
+
+6. Added some simple autoconf support, placing the test data and the
+documentation in separate directories, re-organizing some of the
+information files, and making it build pcre-config (a GNU standard). Also added
+libtool support for building PCRE as a shared library, which is now the
+default.
+
+7. Got rid of the leading zero in the definition of PCRE_MINOR because 08 and
+09 are not valid octal constants. Single digits will be used for minor values
+less than 10.
+
+8. Defined REG_EXTENDED and REG_NOSUB as zero in the POSIX header, so that
+existing programs that set these in the POSIX interface can use PCRE without
+modification.
+
+9. Added a new function, pcre_fullinfo() with an extensible interface. It can
+return all that pcre_info() returns, plus additional data. The pcre_info()
+function is retained for compatibility, but is considered to be obsolete.
+
+10. Added experimental recursion feature (?R) to handle one common case that
+Perl 5.6 will be able to do with (?p{...}).
+
+11. Added support for POSIX character classes like [:alpha:], which Perl is
+adopting.
+
+
+Version 2.08 31-Aug-99
+----------------------
+
+1. When startoffset was not zero and the pattern began with ".*", PCRE was not
+trying to match at the startoffset position, but instead was moving forward to
+the next newline as if a previous match had failed.
+
+2. pcretest was not making use of PCRE_NOTEMPTY when repeating for /g and /G,
+and could get into a loop if a null string was matched other than at the start
+of the subject.
+
+3. Added definitions of PCRE_MAJOR and PCRE_MINOR to pcre.h so the version can
+be distinguished at compile time, and for completeness also added PCRE_DATE.
+
+5. Added Paul Sokolovsky's minor changes to make it easy to compile a Win32 DLL
+in GnuWin32 environments.
+
+
+Version 2.07 29-Jul-99
+----------------------
+
+1. The documentation is now supplied in plain text form and HTML as well as in
+the form of man page sources.
+
+2. C++ compilers don't like assigning (void *) values to other pointer types.
+In particular this affects malloc(). Although there is no problem in Standard
+C, I've put in casts to keep C++ compilers happy.
+
+3. Typo on pcretest.c; a cast of (unsigned char *) in the POSIX regexec() call
+should be (const char *).
+
+4. If NOPOSIX is defined, pcretest.c compiles without POSIX support. This may
+be useful for non-Unix systems who don't want to bother with the POSIX stuff.
+However, I haven't made this a standard facility. The documentation doesn't
+mention it, and the Makefile doesn't support it.
+
+5. The Makefile now contains an "install" target, with editable destinations at
+the top of the file. The pcretest program is not installed.
+
+6. pgrep -V now gives the PCRE version number and date.
+
+7. Fixed bug: a zero repetition after a literal string (e.g. /abcde{0}/) was
+causing the entire string to be ignored, instead of just the last character.
+
+8. If a pattern like /"([^\\"]+|\\.)*"/ is applied in the normal way to a
+non-matching string, it can take a very, very long time, even for strings of
+quite modest length, because of the nested recursion. PCRE now does better in
+some of these cases. It does this by remembering the last required literal
+character in the pattern, and pre-searching the subject to ensure it is present
+before running the real match. In other words, it applies a heuristic to detect
+some types of certain failure quickly, and in the above example, if presented
+with a string that has no trailing " it gives "no match" very quickly.
+
+9. A new runtime option PCRE_NOTEMPTY causes null string matches to be ignored;
+other alternatives are tried instead.
+
+
+Version 2.06 09-Jun-99
+----------------------
+
+1. Change pcretest's output for amount of store used to show just the code
+space, because the remainder (the data block) varies in size between 32-bit and
+64-bit systems.
+
+2. Added an extra argument to pcre_exec() to supply an offset in the subject to
+start matching at. This allows lookbehinds to work when searching for multiple
+occurrences in a string.
+
+3. Added additional options to pcretest for testing multiple occurrences:
+
+   /+   outputs the rest of the string that follows a match
+   /g   loops for multiple occurrences, using the new startoffset argument
+   /G   loops for multiple occurrences by passing an incremented pointer
+
+4. PCRE wasn't doing the "first character" optimization for patterns starting
+with \b or \B, though it was doing it for other lookbehind assertions. That is,
+it wasn't noticing that a match for a pattern such as /\bxyz/ has to start with
+the letter 'x'. On long subject strings, this gives a significant speed-up.
+
+
+Version 2.05 21-Apr-99
+----------------------
+
+1. Changed the type of magic_number from int to long int so that it works
+properly on 16-bit systems.
+
+2. Fixed a bug which caused patterns starting with .* not to work correctly
+when the subject string contained newline characters. PCRE was assuming
+anchoring for such patterns in all cases, which is not correct because .* will
+not pass a newline unless PCRE_DOTALL is set. It now assumes anchoring only if
+DOTALL is set at top level; otherwise it knows that patterns starting with .*
+must be retried after every newline in the subject.
+
+
+Version 2.04 18-Feb-99
+----------------------
+
+1. For parenthesized subpatterns with repeats whose minimum was zero, the
+computation of the store needed to hold the pattern was incorrect (too large).
+If such patterns were nested a few deep, this could multiply and become a real
+problem.
+
+2. Added /M option to pcretest to show the memory requirement of a specific
+pattern. Made -m a synonym of -s (which does this globally) for compatibility.
+
+3. Subpatterns of the form (regex){n,m} (i.e. limited maximum) were being
+compiled in such a way that the backtracking after subsequent failure was
+pessimal. Something like (a){0,3} was compiled as (a)?(a)?(a)? instead of
+((a)((a)(a)?)?)? with disastrous performance if the maximum was of any size.
+
+
+Version 2.03 02-Feb-99
+----------------------
+
+1. Fixed typo and small mistake in man page.
+
+2. Added 4th condition (GPL supersedes if conflict) and created separate
+LICENCE file containing the conditions.
+
+3. Updated pcretest so that patterns such as /abc\/def/ work like they do in
+Perl, that is the internal \ allows the delimiter to be included in the
+pattern. Locked out the use of \ as a delimiter. If \ immediately follows
+the final delimiter, add \ to the end of the pattern (to test the error).
+
+4. Added the convenience functions for extracting substrings after a successful
+match. Updated pcretest to make it able to test these functions.
+
+
+Version 2.02 14-Jan-99
+----------------------
+
+1. Initialized the working variables associated with each extraction so that
+their saving and restoring doesn't refer to uninitialized store.
+
+2. Put dummy code into study.c in order to trick the optimizer of the IBM C
+compiler for OS/2 into generating correct code. Apparently IBM isn't going to
+fix the problem.
+
+3. Pcretest: the timing code wasn't using LOOPREPEAT for timing execution
+calls, and wasn't printing the correct value for compiling calls. Increased the
+default value of LOOPREPEAT, and the number of significant figures in the
+times.
+
+4. Changed "/bin/rm" in the Makefile to "-rm" so it works on Windows NT.
+
+5. Renamed "deftables" as "dftables" to get it down to 8 characters, to avoid
+a building problem on Windows NT with a FAT file system.
+
+
+Version 2.01 21-Oct-98
+----------------------
+
+1. Changed the API for pcre_compile() to allow for the provision of a pointer
+to character tables built by pcre_maketables() in the current locale. If NULL
+is passed, the default tables are used.
+
+
+Version 2.00 24-Sep-98
+----------------------
+
+1. Since the (>?) facility is in Perl 5.005, don't require PCRE_EXTRA to enable
+it any more.
+
+2. Allow quantification of (?>) groups, and make it work correctly.
+
+3. The first character computation wasn't working for (?>) groups.
+
+4. Correct the implementation of \Z (it is permitted to match on the \n at the
+end of the subject) and add 5.005's \z, which really does match only at the
+very end of the subject.
+
+5. Remove the \X "cut" facility; Perl doesn't have it, and (?> is neater.
+
+6. Remove the ability to specify CASELESS, MULTILINE, DOTALL, and
+DOLLAR_END_ONLY at runtime, to make it possible to implement the Perl 5.005
+localized options. All options to pcre_study() were also removed.
+
+7. Add other new features from 5.005:
+
+   $(?<=           positive lookbehind
+   $(?<!           negative lookbehind
+   (?imsx-imsx)    added the unsetting capability
+                   such a setting is global if at outer level; local otherwise
+   (?imsx-imsx:)   non-capturing groups with option setting
+   (?(cond)re|re)  conditional pattern matching
+
+   A backreference to itself in a repeated group matches the previous
+   captured string.
+
+8. General tidying up of studying (both automatic and via "study")
+consequential on the addition of new assertions.
+
+9. As in 5.005, unlimited repeated groups that could match an empty substring
+are no longer faulted at compile time. Instead, the loop is forcibly broken at
+runtime if any iteration does actually match an empty substring.
+
+10. Include the RunTest script in the distribution.
+
+11. Added tests from the Perl 5.005_02 distribution. This showed up a few
+discrepancies, some of which were old and were also with respect to 5.004. They
+have now been fixed.
+
+
+Version 1.09 28-Apr-98
+----------------------
+
+1. A negated single character class followed by a quantifier with a minimum
+value of one (e.g.  [^x]{1,6}  ) was not compiled correctly. This could lead to
+program crashes, or just wrong answers. This did not apply to negated classes
+containing more than one character, or to minima other than one.
+
+
+Version 1.08 27-Mar-98
+----------------------
+
+1. Add PCRE_UNGREEDY to invert the greediness of quantifiers.
+
+2. Add (?U) and (?X) to set PCRE_UNGREEDY and PCRE_EXTRA respectively. The
+latter must appear before anything that relies on it in the pattern.
+
+
+Version 1.07 16-Feb-98
+----------------------
+
+1. A pattern such as /((a)*)*/ was not being diagnosed as in error (unlimited
+repeat of a potentially empty string).
+
+
+Version 1.06 23-Jan-98
+----------------------
+
+1. Added Markus Oberhumer's little patches for C++.
+
+2. Literal strings longer than 255 characters were broken.
+
+
+Version 1.05 23-Dec-97
+----------------------
+
+1. Negated character classes containing more than one character were failing if
+PCRE_CASELESS was set at run time.
+
+
+Version 1.04 19-Dec-97
+----------------------
+
+1. Corrected the man page, where some "const" qualifiers had been omitted.
+
+2. Made debugging output print "{0,xxx}" instead of just "{,xxx}" to agree with
+input syntax.
+
+3. Fixed memory leak which occurred when a regex with back references was
+matched with an offsets vector that wasn't big enough. The temporary memory
+that is used in this case wasn't being freed if the match failed.
+
+4. Tidied pcretest to ensure it frees memory that it gets.
+
+5. Temporary memory was being obtained in the case where the passed offsets
+vector was exactly big enough.
+
+6. Corrected definition of offsetof() from change 5 below.
+
+7. I had screwed up change 6 below and broken the rules for the use of
+setjmp(). Now fixed.
+
+
+Version 1.03 18-Dec-97
+----------------------
+
+1. A erroneous regex with a missing opening parenthesis was correctly
+diagnosed, but PCRE attempted to access brastack[-1], which could cause crashes
+on some systems.
+
+2. Replaced offsetof(real_pcre, code) by offsetof(real_pcre, code[0]) because
+it was reported that one broken compiler failed on the former because "code" is
+also an independent variable.
+
+3. The erroneous regex a[]b caused an array overrun reference.
+
+4. A regex ending with a one-character negative class (e.g. /[^k]$/) did not
+fail on data ending with that character. (It was going on too far, and checking
+the next character, typically a binary zero.) This was specific to the
+optimized code for single-character negative classes.
+
+5. Added a contributed patch from the TIN world which does the following:
+
+  + Add an undef for memmove, in case the the system defines a macro for it.
+
+  + Add a definition of offsetof(), in case there isn't one. (I don't know
+    the reason behind this - offsetof() is part of the ANSI standard - but
+    it does no harm).
+
+  + Reduce the ifdef's in pcre.c using macro DPRINTF, thereby eliminating
+    most of the places where whitespace preceded '#'. I have given up and
+    allowed the remaining 2 cases to be at the margin.
+
+  + Rename some variables in pcre to eliminate shadowing. This seems very
+    pedantic, but does no harm, of course.
+
+6. Moved the call to setjmp() into its own function, to get rid of warnings
+from gcc -Wall, and avoided calling it at all unless PCRE_EXTRA is used.
+
+7. Constructs such as \d{8,} were compiling into the equivalent of
+\d{8}\d{0,65527} instead of \d{8}\d* which didn't make much difference to the
+outcome, but in this particular case used more store than had been allocated,
+which caused the bug to be discovered because it threw up an internal error.
+
+8. The debugging code in both pcre and pcretest for outputting the compiled
+form of a regex was going wrong in the case of back references followed by
+curly-bracketed repeats.
+
+
+Version 1.02 12-Dec-97
+----------------------
+
+1. Typos in pcre.3 and comments in the source fixed.
+
+2. Applied a contributed patch to get rid of places where it used to remove
+'const' from variables, and fixed some signed/unsigned and uninitialized
+variable warnings.
+
+3. Added the "runtest" target to Makefile.
+
+4. Set default compiler flag to -O2 rather than just -O.
+
+
+Version 1.01 19-Nov-97
+----------------------
+
+1. PCRE was failing to diagnose unlimited repeat of empty string for patterns
+like /([ab]*)*/, that is, for classes with more than one character in them.
+
+2. Likewise, it wasn't diagnosing patterns with "once-only" subpatterns, such
+as /((?>a*))*/ (a PCRE_EXTRA facility).
+
+
+Version 1.00 18-Nov-97
+----------------------
+
+1. Added compile-time macros to support systems such as SunOS4 which don't have
+memmove() or strerror() but have other things that can be used instead.
+
+2. Arranged that "make clean" removes the executables.
+
+
+Version 0.99 27-Oct-97
+----------------------
+
+1. Fixed bug in code for optimizing classes with only one character. It was
+initializing a 32-byte map regardless, which could cause it to run off the end
+of the memory it had got.
+
+2. Added, conditional on PCRE_EXTRA, the proposed (?>REGEX) construction.
+
+
+Version 0.98 22-Oct-97
+----------------------
+
+1. Fixed bug in code for handling temporary memory usage when there are more
+back references than supplied space in the ovector. This could cause segfaults.
+
+
+Version 0.97 21-Oct-97
+----------------------
+
+1. Added the \X "cut" facility, conditional on PCRE_EXTRA.
+
+2. Optimized negated single characters not to use a bit map.
+
+3. Brought error texts together as macro definitions; clarified some of them;
+fixed one that was wrong - it said "range out of order" when it meant "invalid
+escape sequence".
+
+4. Changed some char * arguments to const char *.
+
+5. Added PCRE_NOTBOL and PCRE_NOTEOL (from POSIX).
+
+6. Added the POSIX-style API wrapper in pcreposix.a and testing facilities in
+pcretest.
+
+
+Version 0.96 16-Oct-97
+----------------------
+
+1. Added a simple "pgrep" utility to the distribution.
+
+2. Fixed an incompatibility with Perl: "{" is now treated as a normal character
+unless it appears in one of the precise forms "{ddd}", "{ddd,}", or "{ddd,ddd}"
+where "ddd" means "one or more decimal digits".
+
+3. Fixed serious bug. If a pattern had a back reference, but the call to
+pcre_exec() didn't supply a large enough ovector to record the related
+identifying subpattern, the match always failed. PCRE now remembers the number
+of the largest back reference, and gets some temporary memory in which to save
+the offsets during matching if necessary, in order to ensure that
+backreferences always work.
+
+4. Increased the compatibility with Perl in a number of ways:
+
+  (a) . no longer matches \n by default; an option PCRE_DOTALL is provided
+      to request this handling. The option can be set at compile or exec time.
+
+  (b) $ matches before a terminating newline by default; an option
+      PCRE_DOLLAR_ENDONLY is provided to override this (but not in multiline
+      mode). The option can be set at compile or exec time.
+
+  (c) The handling of \ followed by a digit other than 0 is now supposed to be
+      the same as Perl's. If the decimal number it represents is less than 10
+      or there aren't that many previous left capturing parentheses, an octal
+      escape is read. Inside a character class, it's always an octal escape,
+      even if it is a single digit.
+
+  (d) An escaped but undefined alphabetic character is taken as a literal,
+      unless PCRE_EXTRA is set. Currently this just reserves the remaining
+      escapes.
+
+  (e) {0} is now permitted. (The previous item is removed from the compiled
+      pattern).
+
+5. Changed all the names of code files so that the basic parts are no longer
+than 10 characters, and abolished the teeny "globals.c" file.
+
+6. Changed the handling of character classes; they are now done with a 32-byte
+bit map always.
+
+7. Added the -d and /D options to pcretest to make it possible to look at the
+internals of compilation without having to recompile pcre.
+
+
+Version 0.95 23-Sep-97
+----------------------
+
+1. Fixed bug in pre-pass concerning escaped "normal" characters such as \x5c or
+\x20 at the start of a run of normal characters. These were being treated as
+real characters, instead of the source characters being re-checked.
+
+
+Version 0.94 18-Sep-97
+----------------------
+
+1. The functions are now thread-safe, with the caveat that the global variables
+containing pointers to malloc() and free() or alternative functions are the
+same for all threads.
+
+2. Get pcre_study() to generate a bitmap of initial characters for non-
+anchored patterns when this is possible, and use it if passed to pcre_exec().
+
+
+Version 0.93 15-Sep-97
+----------------------
+
+1. /(b)|(:+)/ was computing an incorrect first character.
+
+2. Add pcre_study() to the API and the passing of pcre_extra to pcre_exec(),
+but not actually doing anything yet.
+
+3. Treat "-" characters in classes that cannot be part of ranges as literals,
+as Perl does (e.g. [-az] or [az-]).
+
+4. Set the anchored flag if a branch starts with .* or .*? because that tests
+all possible positions.
+
+5. Split up into different modules to avoid including unneeded functions in a
+compiled binary. However, compile and exec are still in one module. The "study"
+function is split off.
+
+6. The character tables are now in a separate module whose source is generated
+by an auxiliary program - but can then be edited by hand if required. There are
+now no calls to isalnum(), isspace(), isdigit(), isxdigit(), tolower() or
+toupper() in the code.
+
+7. Turn the malloc/free funtions variables into pcre_malloc and pcre_free and
+make them global. Abolish the function for setting them, as the caller can now
+set them directly.
+
+
+Version 0.92 11-Sep-97
+----------------------
+
+1. A repeat with a fixed maximum and a minimum of 1 for an ordinary character
+(e.g. /a{1,3}/) was broken (I mis-optimized it).
+
+2. Caseless matching was not working in character classes if the characters in
+the pattern were in upper case.
+
+3. Make ranges like [W-c] work in the same way as Perl for caseless matching.
+
+4. Make PCRE_ANCHORED public and accept as a compile option.
+
+5. Add an options word to pcre_exec() and accept PCRE_ANCHORED and
+PCRE_CASELESS at run time. Add escapes \A and \I to pcretest to cause it to
+pass them.
+
+6. Give an error if bad option bits passed at compile or run time.
+
+7. Add PCRE_MULTILINE at compile and exec time, and (?m) as well. Add \M to
+pcretest to cause it to pass that flag.
+
+8. Add pcre_info(), to get the number of identifying subpatterns, the stored
+options, and the first character, if set.
+
+9. Recognize C+ or C{n,m} where n >= 1 as providing a fixed starting character.
+
+
+Version 0.91 10-Sep-97
+----------------------
+
+1. PCRE was failing to diagnose unlimited repeats of subpatterns that could
+match the empty string as in /(a*)*/. It was looping and ultimately crashing.
+
+2. PCRE was looping on encountering an indefinitely repeated back reference to
+a subpattern that had matched an empty string, e.g. /(a|)\1*/. It now does what
+Perl does - treats the match as successful.
+
+****
diff --git a/client/3rd/ShadowSocks/ShadowSocks/pcre/armv7s/share/doc/pcre/LICENCE b/client/3rd/ShadowSocks/ShadowSocks/pcre/armv7s/share/doc/pcre/LICENCE
new file mode 100644
index 00000000..dd9071a8
--- /dev/null
+++ b/client/3rd/ShadowSocks/ShadowSocks/pcre/armv7s/share/doc/pcre/LICENCE
@@ -0,0 +1,93 @@
+PCRE LICENCE
+------------
+
+PCRE is a library of functions to support regular expressions whose syntax
+and semantics are as close as possible to those of the Perl 5 language.
+
+Release 8 of PCRE is distributed under the terms of the "BSD" licence, as
+specified below. The documentation for PCRE, supplied in the "doc"
+directory, is distributed under the same terms as the software itself. The data
+in the testdata directory is not copyrighted and is in the public domain.
+
+The basic library functions are written in C and are freestanding. Also
+included in the distribution is a set of C++ wrapper functions, and a
+just-in-time compiler that can be used to optimize pattern matching. These
+are both optional features that can be omitted when the library is built.
+
+
+THE BASIC LIBRARY FUNCTIONS
+---------------------------
+
+Written by:       Philip Hazel
+Email local part: ph10
+Email domain:     cam.ac.uk
+
+University of Cambridge Computing Service,
+Cambridge, England.
+
+Copyright (c) 1997-2017 University of Cambridge
+All rights reserved.
+
+
+PCRE JUST-IN-TIME COMPILATION SUPPORT
+-------------------------------------
+
+Written by:       Zoltan Herczeg
+Email local part: hzmester
+Emain domain:     freemail.hu
+
+Copyright(c) 2010-2017 Zoltan Herczeg
+All rights reserved.
+
+
+STACK-LESS JUST-IN-TIME COMPILER
+--------------------------------
+
+Written by:       Zoltan Herczeg
+Email local part: hzmester
+Emain domain:     freemail.hu
+
+Copyright(c) 2009-2017 Zoltan Herczeg
+All rights reserved.
+
+
+THE C++ WRAPPER FUNCTIONS
+-------------------------
+
+Contributed by:   Google Inc.
+
+Copyright (c) 2007-2012, Google Inc.
+All rights reserved.
+
+
+THE "BSD" LICENCE
+-----------------
+
+Redistribution and use in source and binary forms, with or without
+modification, are permitted provided that the following conditions are met:
+
+    * Redistributions of source code must retain the above copyright notice,
+      this list of conditions and the following disclaimer.
+
+    * Redistributions in binary form must reproduce the above copyright
+      notice, this list of conditions and the following disclaimer in the
+      documentation and/or other materials provided with the distribution.
+
+    * Neither the name of the University of Cambridge nor the name of Google
+      Inc. nor the names of their contributors may be used to endorse or
+      promote products derived from this software without specific prior
+      written permission.
+
+THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS"
+AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT OWNER OR CONTRIBUTORS BE
+LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR
+CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF
+SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS
+INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN
+CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
+ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE
+POSSIBILITY OF SUCH DAMAGE.
+
+End
diff --git a/client/3rd/ShadowSocks/ShadowSocks/pcre/armv7s/share/doc/pcre/NEWS b/client/3rd/ShadowSocks/ShadowSocks/pcre/armv7s/share/doc/pcre/NEWS
new file mode 100644
index 00000000..36be07cb
--- /dev/null
+++ b/client/3rd/ShadowSocks/ShadowSocks/pcre/armv7s/share/doc/pcre/NEWS
@@ -0,0 +1,737 @@
+News about PCRE releases
+------------------------
+
+Release 8.41 13-June-2017
+-------------------------
+
+This is a bug-fix release.
+
+
+Release 8.40 11-January-2017
+----------------------------
+
+This is a bug-fix release.
+
+
+Release 8.39 14-June-2016
+-------------------------
+
+Some appropriate PCRE2 JIT improvements have been retro-fitted to PCRE1. Apart
+from that, this is another bug-fix release. Note that this library (now called
+PCRE1) is now being maintained for bug fixes only. New projects are advised to
+use the new PCRE2 libraries.
+
+
+Release 8.38 23-November-2015
+-----------------------------
+
+This is bug-fix release. Note that this library (now called PCRE1) is now being
+maintained for bug fixes only. New projects are advised to use the new PCRE2
+libraries.
+
+
+Release 8.37 28-April-2015
+--------------------------
+
+This is bug-fix release. Note that this library (now called PCRE1) is now being
+maintained for bug fixes only. New projects are advised to use the new PCRE2
+libraries.
+
+
+Release 8.36 26-September-2014
+------------------------------
+
+This is primarily a bug-fix release. However, in addition, the Unicode data
+tables have been updated to Unicode 7.0.0.
+
+
+Release 8.35 04-April-2014
+--------------------------
+
+There have been performance improvements for classes containing non-ASCII
+characters and the "auto-possessification" feature has been extended. Other
+minor improvements have been implemented and bugs fixed. There is a new callout
+feature to enable applications to do detailed stack checks at compile time, to
+avoid running out of stack for deeply nested parentheses. The JIT compiler has
+been extended with experimental support for ARM-64, MIPS-64, and PPC-LE.
+
+
+Release 8.34 15-December-2013
+-----------------------------
+
+As well as fixing the inevitable bugs, performance has been improved by
+refactoring and extending the amount of "auto-possessification" that PCRE does.
+Other notable changes:
+
+.  Implemented PCRE_INFO_MATCH_EMPTY, which yields 1 if the pattern can match
+   an empty string. If it can, pcretest shows this in its information output.
+
+.  A back reference to a named subpattern when there is more than one of the
+   same name now checks them in the order in which they appear in the pattern.
+   The first one that is set is used for the reference. Previously only the
+   first one was inspected. This change makes PCRE more compatible with Perl.
+
+.  Unicode character properties were updated from Unicode 6.3.0.
+
+.  The character VT has been added to the set of characters that match \s and
+   are generally treated as white space, following this same change in Perl
+   5.18. There is now no difference between "Perl space" and "POSIX space".
+
+.  Perl has changed its handling of \8 and \9. If there is no previously
+   encountered capturing group of those numbers, they are treated as the
+   literal characters 8 and 9 instead of a binary zero followed by the
+   literals. PCRE now does the same.
+
+.  Following Perl, added \o{} to specify codepoints in octal, making it
+   possible to specify values greater than 0777 and also making them
+   unambiguous.
+
+.  In UCP mode, \s was not matching two of the characters that Perl matches,
+   namely NEL (U+0085) and MONGOLIAN VOWEL SEPARATOR (U+180E), though they
+   were matched by \h.
+
+.  Add JIT support for the 64 bit TileGX architecture.
+
+.  Upgraded the handling of the POSIX classes [:graph:], [:print:], and
+   [:punct:] when PCRE_UCP is set so as to include the same characters as Perl
+   does in Unicode mode.
+
+.  Perl no longer allows group names to start with digits, so I have made this
+   change also in PCRE.
+
+.  Added support for [[:<:]] and [[:>:]] as used in the BSD POSIX library to
+   mean "start of word" and "end of word", respectively, as a transition aid.
+
+
+Release 8.33 28-May-2013
+--------------------------
+
+A number of bugs are fixed, and some performance improvements have been made.
+There are also some new features, of which these are the most important:
+
+.  The behaviour of the backtracking verbs has been rationalized and
+   documented in more detail.
+
+.  JIT now supports callouts and all of the backtracking verbs.
+
+.  Unicode validation has been updated in the light of Unicode Corrigendum #9,
+   which points out that "non characters" are not "characters that may not
+   appear in Unicode strings" but rather "characters that are reserved for
+   internal use and have only local meaning".
+
+.  (*LIMIT_MATCH=d) and (*LIMIT_RECURSION=d) have been added so that the
+   creator of a pattern can specify lower (but not higher) limits for the
+   matching process.
+
+.  The PCRE_NEVER_UTF option is available to prevent pattern-writers from using
+   the (*UTF) feature, as this could be a security issue.
+
+
+Release 8.32 30-November-2012
+-----------------------------
+
+This release fixes a number of bugs, but also has some new features. These are
+the highlights:
+
+.  There is now support for 32-bit character strings and UTF-32. Like the
+   16-bit support, this is done by compiling a separate 32-bit library.
+
+.  \X now matches a Unicode extended grapheme cluster.
+
+.  Case-independent matching of Unicode characters that have more than one
+   "other case" now makes all three (or more) characters equivalent. This
+   applies, for example, to Greek Sigma, which has two lowercase versions.
+
+.  Unicode character properties are updated to Unicode 6.2.0.
+
+.  The EBCDIC support, which had decayed, has had a spring clean.
+
+.  A number of JIT optimizations have been added, which give faster JIT
+   execution speed. In addition, a new direct interface to JIT execution is
+   available. This bypasses some of the sanity checks of pcre_exec() to give a
+   noticeable speed-up.
+
+.  A number of issues in pcregrep have been fixed, making it more compatible
+   with GNU grep. In particular, --exclude and --include (and variants) apply
+   to all files now, not just those obtained from scanning a directory
+   recursively. In Windows environments, the default action for directories is
+   now "skip" instead of "read" (which provokes an error).
+
+.  If the --only-matching (-o) option in pcregrep is specified multiple
+   times, each one causes appropriate output. For example, -o1 -o2 outputs the
+   substrings matched by the 1st and 2nd capturing parentheses. A separating
+   string can be specified by --om-separator (default empty).
+
+.  When PCRE is built via Autotools using a version of gcc that has the
+   "visibility" feature, it is used to hide internal library functions that are
+   not part of the public API.
+
+
+Release 8.31 06-July-2012
+-------------------------
+
+This is mainly a bug-fixing release, with a small number of developments:
+
+. The JIT compiler now supports partial matching and the (*MARK) and
+  (*COMMIT) verbs.
+
+. PCRE_INFO_MAXLOOKBEHIND can be used to find the longest lookbehind in a
+  pattern.
+
+. There should be a performance improvement when using the heap instead of the
+  stack for recursion.
+
+. pcregrep can now be linked with libedit as an alternative to libreadline.
+
+. pcregrep now has a --file-list option where the list of files to scan is
+  given as a file.
+
+. pcregrep now recognizes binary files and there are related options.
+
+. The Unicode tables have been updated to 6.1.0.
+
+As always, the full list of changes is in the ChangeLog file.
+
+
+Release 8.30 04-February-2012
+-----------------------------
+
+Release 8.30 introduces a major new feature: support for 16-bit character
+strings, compiled as a separate library. There are a few changes to the
+8-bit library, in addition to some bug fixes.
+
+. The pcre_info() function, which has been obsolete for over 10 years, has
+  been removed.
+
+. When a compiled pattern was saved to a file and later reloaded on a host
+  with different endianness, PCRE used automatically to swap the bytes in some
+  of the data fields. With the advent of the 16-bit library, where more of this
+  swapping is needed, it is no longer done automatically. Instead, the bad
+  endianness is detected and a specific error is given. The user can then call
+  a new function called pcre_pattern_to_host_byte_order() (or an equivalent
+  16-bit function) to do the swap.
+
+. In UTF-8 mode, the values 0xd800 to 0xdfff are not legal Unicode
+  code points and are now faulted. (They are the so-called "surrogates"
+  that are reserved for coding high values in UTF-16.)
+
+
+Release 8.21 12-Dec-2011
+------------------------
+
+This is almost entirely a bug-fix release. The only new feature is the ability
+to obtain the size of the memory used by the JIT compiler.
+
+
+Release 8.20 21-Oct-2011
+------------------------
+
+The main change in this release is the inclusion of Zoltan Herczeg's
+just-in-time compiler support, which can be accessed by building PCRE with
+--enable-jit. Large performance benefits can be had in many situations. 8.20
+also fixes an unfortunate bug that was introduced in 8.13 as well as tidying up
+a number of infelicities and differences from Perl.
+
+
+Release 8.13 16-Aug-2011
+------------------------
+
+This is mainly a bug-fix release. There has been a lot of internal refactoring.
+The Unicode tables have been updated. The only new feature in the library is
+the passing of *MARK information to callouts. Some additions have been made to
+pcretest to make testing easier and more comprehensive. There is a new option
+for pcregrep to adjust its internal buffer size.
+
+
+Release 8.12 15-Jan-2011
+------------------------
+
+This release fixes some bugs in pcregrep, one of which caused the tests to fail
+on 64-bit big-endian systems. There are no changes to the code of the library.
+
+
+Release 8.11 10-Dec-2010
+------------------------
+
+A number of bugs in the library and in pcregrep have been fixed. As always, see
+ChangeLog for details. The following are the non-bug-fix changes:
+
+. Added --match-limit and --recursion-limit to pcregrep.
+
+. Added an optional parentheses number to the -o and --only-matching options
+  of pcregrep.
+
+. Changed the way PCRE_PARTIAL_HARD affects the matching of $, \z, \Z, \b, and
+  \B.
+
+. Added PCRE_ERROR_SHORTUTF8 to make it possible to distinguish between a
+  bad UTF-8 sequence and one that is incomplete when using PCRE_PARTIAL_HARD.
+
+. Recognize (*NO_START_OPT) at the start of a pattern to set the PCRE_NO_
+  START_OPTIMIZE option, which is now allowed at compile time
+
+
+Release 8.10 25-Jun-2010
+------------------------
+
+There are two major additions: support for (*MARK) and friends, and the option
+PCRE_UCP, which changes the behaviour of \b, \d, \s, and \w (and their
+opposites) so that they make use of Unicode properties. There are also a number
+of lesser new features, and several bugs have been fixed. A new option,
+--line-buffered, has been added to pcregrep, for use when it is connected to
+pipes.
+
+
+Release 8.02 19-Mar-2010
+------------------------
+
+Another bug-fix release.
+
+
+Release 8.01 19-Jan-2010
+------------------------
+
+This is a bug-fix release. Several bugs in the code itself and some bugs and
+infelicities in the build system have been fixed.
+
+
+Release 8.00 19-Oct-09
+----------------------
+
+Bugs have been fixed in the library and in pcregrep. There are also some
+enhancements. Restrictions on patterns used for partial matching have been
+removed, extra information is given for partial matches, the partial matching
+process has been improved, and an option to make a partial match override a
+full match is available. The "study" process has been enhanced by finding a
+lower bound matching length. Groups with duplicate numbers may now have
+duplicated names without the use of PCRE_DUPNAMES. However, they may not have
+different names. The documentation has been revised to reflect these changes.
+The version number has been expanded to 3 digits as it is clear that the rate
+of change is not slowing down.
+
+
+Release 7.9 11-Apr-09
+---------------------
+
+Mostly bugfixes and tidies with just a couple of minor functional additions.
+
+
+Release 7.8 05-Sep-08
+---------------------
+
+More bug fixes, plus a performance improvement in Unicode character property
+lookup.
+
+
+Release 7.7 07-May-08
+---------------------
+
+This is once again mainly a bug-fix release, but there are a couple of new
+features.
+
+
+Release 7.6 28-Jan-08
+---------------------
+
+The main reason for having this release so soon after 7.5 is because it fixes a
+potential buffer overflow problem in pcre_compile() when run in UTF-8 mode. In
+addition, the CMake configuration files have been brought up to date.
+
+
+Release 7.5 10-Jan-08
+---------------------
+
+This is mainly a bug-fix release. However the ability to link pcregrep with
+libz or libbz2 and the ability to link pcretest with libreadline have been
+added. Also the --line-offsets and --file-offsets options were added to
+pcregrep.
+
+
+Release 7.4 21-Sep-07
+---------------------
+
+The only change of specification is the addition of options to control whether
+\R matches any Unicode line ending (the default) or just CR, LF, and CRLF.
+Otherwise, the changes are bug fixes and a refactoring to reduce the number of
+relocations needed in a shared library. There have also been some documentation
+updates, in particular, some more information about using CMake to build PCRE
+has been added to the NON-UNIX-USE file.
+
+
+Release 7.3 28-Aug-07
+---------------------
+
+Most changes are bug fixes. Some that are not:
+
+1. There is some support for Perl 5.10's experimental "backtracking control
+   verbs" such as (*PRUNE).
+
+2. UTF-8 checking is now as per RFC 3629 instead of RFC 2279; this is more
+   restrictive in the strings it accepts.
+
+3. Checking for potential integer overflow has been made more dynamic, and as a
+   consequence there is no longer a hard limit on the size of a subpattern that
+   has a limited repeat count.
+
+4. When CRLF is a valid line-ending sequence, pcre_exec() and pcre_dfa_exec()
+   no longer advance by two characters instead of one when an unanchored match
+   fails at CRLF if there are explicit CR or LF matches within the pattern.
+   This gets rid of some anomalous effects that previously occurred.
+
+5. Some PCRE-specific settings for varying the newline options at the start of
+   a pattern have been added.
+
+
+Release 7.2 19-Jun-07
+---------------------
+
+WARNING: saved patterns that were compiled by earlier versions of PCRE must be
+recompiled for use with 7.2 (necessitated by the addition of \K, \h, \H, \v,
+and \V).
+
+Correction to the notes for 7.1: the note about shared libraries for Windows is
+wrong. Previously, three libraries were built, but each could function
+independently. For example, the pcreposix library also included all the
+functions from the basic pcre library. The change is that the three libraries
+are no longer independent. They are like the Unix libraries. To use the
+pcreposix functions, for example, you need to link with both the pcreposix and
+the basic pcre library.
+
+Some more features from Perl 5.10 have been added:
+
+  (?-n) and (?+n) relative references for recursion and subroutines.
+
+  (?(-n) and (?(+n) relative references as conditions.
+
+  \k{name} and \g{name} are synonyms for \k<name>.
+
+  \K to reset the start of the matched string; for example, (foo)\Kbar
+  matches bar preceded by foo, but only sets bar as the matched string.
+
+  (?| introduces a group where the capturing parentheses in each alternative
+  start from the same number; for example, (?|(abc)|(xyz)) sets capturing
+  parentheses number 1 in both cases.
+
+  \h, \H, \v, \V match horizontal and vertical whitespace, respectively.
+
+
+Release 7.1 24-Apr-07
+---------------------
+
+There is only one new feature in this release: a linebreak setting of
+PCRE_NEWLINE_ANYCRLF. It is a cut-down version of PCRE_NEWLINE_ANY, which
+recognizes only CRLF, CR, and LF as linebreaks.
+
+A few bugs are fixed (see ChangeLog for details), but the major change is a
+complete re-implementation of the build system. This now has full Autotools
+support and so is now "standard" in some sense. It should help with compiling
+PCRE in a wide variety of environments.
+
+NOTE: when building shared libraries for Windows, three dlls are now built,
+called libpcre, libpcreposix, and libpcrecpp. Previously, everything was
+included in a single dll.
+
+Another important change is that the dftables auxiliary program is no longer
+compiled and run at "make" time by default. Instead, a default set of character
+tables (assuming ASCII coding) is used. If you want to use dftables to generate
+the character tables as previously, add --enable-rebuild-chartables to the
+"configure" command. You must do this if you are compiling PCRE to run on a
+system that uses EBCDIC code.
+
+There is a discussion about character tables in the README file. The default is
+not to use dftables so that that there is no problem when cross-compiling.
+
+
+Release 7.0 19-Dec-06
+---------------------
+
+This release has a new major number because there have been some internal
+upheavals to facilitate the addition of new optimizations and other facilities,
+and to make subsequent maintenance and extension easier. Compilation is likely
+to be a bit slower, but there should be no major effect on runtime performance.
+Previously compiled patterns are NOT upwards compatible with this release. If
+you have saved compiled patterns from a previous release, you will have to
+re-compile them. Important changes that are visible to users are:
+
+1. The Unicode property tables have been updated to Unicode 5.0.0, which adds
+   some more scripts.
+
+2. The option PCRE_NEWLINE_ANY causes PCRE to recognize any Unicode newline
+   sequence as a newline.
+
+3. The \R escape matches a single Unicode newline sequence as a single unit.
+
+4. New features that will appear in Perl 5.10 are now in PCRE. These include
+   alternative Perl syntax for named parentheses, and Perl syntax for
+   recursion.
+
+5. The C++ wrapper interface has been extended by the addition of a
+   QuoteMeta function and the ability to allow copy construction and
+   assignment.
+
+For a complete list of changes, see the ChangeLog file.
+
+
+Release 6.7 04-Jul-06
+---------------------
+
+The main additions to this release are the ability to use the same name for
+multiple sets of parentheses, and support for CRLF line endings in both the
+library and pcregrep (and in pcretest for testing).
+
+Thanks to Ian Taylor, the stack usage for many kinds of pattern has been
+significantly reduced for certain subject strings.
+
+
+Release 6.5 01-Feb-06
+---------------------
+
+Important changes in this release:
+
+1. A number of new features have been added to pcregrep.
+
+2. The Unicode property tables have been updated to Unicode 4.1.0, and the
+   supported properties have been extended with script names such as "Arabic",
+   and the derived properties "Any" and "L&". This has necessitated a change to
+   the interal format of compiled patterns. Any saved compiled patterns that
+   use \p or \P must be recompiled.
+
+3. The specification of recursion in patterns has been changed so that all
+   recursive subpatterns are automatically treated as atomic groups. Thus, for
+   example, (?R) is treated as if it were (?>(?R)). This is necessary because
+   otherwise there are situations where recursion does not work.
+
+See the ChangeLog for a complete list of changes, which include a number of bug
+fixes and tidies.
+
+
+Release 6.0 07-Jun-05
+---------------------
+
+The release number has been increased to 6.0 because of the addition of several
+major new pieces of functionality.
+
+A new function, pcre_dfa_exec(), which implements pattern matching using a DFA
+algorithm, has been added. This has a number of advantages for certain cases,
+though it does run more slowly, and lacks the ability to capture substrings. On
+the other hand, it does find all matches, not just the first, and it works
+better for partial matching. The pcrematching man page discusses the
+differences.
+
+The pcretest program has been enhanced so that it can make use of the new
+pcre_dfa_exec() matching function and the extra features it provides.
+
+The distribution now includes a C++ wrapper library. This is built
+automatically if a C++ compiler is found. The pcrecpp man page discusses this
+interface.
+
+The code itself has been re-organized into many more files, one for each
+function, so it no longer requires everything to be linked in when static
+linkage is used. As a consequence, some internal functions have had to have
+their names exposed. These functions all have names starting with _pcre_. They
+are undocumented, and are not intended for use by outside callers.
+
+The pcregrep program has been enhanced with new functionality such as
+multiline-matching and options for output more matching context. See the
+ChangeLog for a complete list of changes to the library and the utility
+programs.
+
+
+Release 5.0 13-Sep-04
+---------------------
+
+The licence under which PCRE is released has been changed to the more
+conventional "BSD" licence.
+
+In the code, some bugs have been fixed, and there are also some major changes
+in this release (which is why I've increased the number to 5.0). Some changes
+are internal rearrangements, and some provide a number of new facilities. The
+new features are:
+
+1. There's an "automatic callout" feature that inserts callouts before every
+   item in the regex, and there's a new callout field that gives the position
+   in the pattern - useful for debugging and tracing.
+
+2. The extra_data structure can now be used to pass in a set of character
+   tables at exec time. This is useful if compiled regex are saved and re-used
+   at a later time when the tables may not be at the same address. If the
+   default internal tables are used, the pointer saved with the compiled
+   pattern is now set to NULL, which means that you don't need to do anything
+   special unless you are using custom tables.
+
+3. It is possible, with some restrictions on the content of the regex, to
+   request "partial" matching. A special return code is given if all of the
+   subject string matched part of the regex. This could be useful for testing
+   an input field as it is being typed.
+
+4. There is now some optional support for Unicode character properties, which
+   means that the patterns items such as \p{Lu} and \X can now be used. Only
+   the general category properties are supported. If PCRE is compiled with this
+   support, an additional 90K data structure is include, which increases the
+   size of the library dramatically.
+
+5. There is support for saving compiled patterns and re-using them later.
+
+6. There is support for running regular expressions that were compiled on a
+   different host with the opposite endianness.
+
+7. The pcretest program has been extended to accommodate the new features.
+
+The main internal rearrangement is that sequences of literal characters are no
+longer handled as strings. Instead, each character is handled on its own. This
+makes some UTF-8 handling easier, and makes the support of partial matching
+possible. Compiled patterns containing long literal strings will be larger as a
+result of this change; I hope that performance will not be much affected.
+
+
+Release 4.5 01-Dec-03
+---------------------
+
+Again mainly a bug-fix and tidying release, with only a couple of new features:
+
+1. It's possible now to compile PCRE so that it does not use recursive
+function calls when matching. Instead it gets memory from the heap. This slows
+things down, but may be necessary on systems with limited stacks.
+
+2. UTF-8 string checking has been tightened to reject overlong sequences and to
+check that a starting offset points to the start of a character. Failure of the
+latter returns a new error code: PCRE_ERROR_BADUTF8_OFFSET.
+
+3. PCRE can now be compiled for systems that use EBCDIC code.
+
+
+Release 4.4 21-Aug-03
+---------------------
+
+This is mainly a bug-fix and tidying release. The only new feature is that PCRE
+checks UTF-8 strings for validity by default. There is an option to suppress
+this, just in case anybody wants that teeny extra bit of performance.
+
+
+Releases 4.1 - 4.3
+------------------
+
+Sorry, I forgot about updating the NEWS file for these releases. Please take a
+look at ChangeLog.
+
+
+Release 4.0 17-Feb-03
+---------------------
+
+There have been a lot of changes for the 4.0 release, adding additional
+functionality and mending bugs. Below is a list of the highlights of the new
+functionality. For full details of these features, please consult the
+documentation. For a complete list of changes, see the ChangeLog file.
+
+1. Support for Perl's \Q...\E escapes.
+
+2. "Possessive quantifiers" ?+, *+, ++, and {,}+ which come from Sun's Java
+package. They provide some syntactic sugar for simple cases of "atomic
+grouping".
+
+3. Support for the \G assertion. It is true when the current matching position
+is at the start point of the match.
+
+4. A new feature that provides some of the functionality that Perl provides
+with (?{...}). The facility is termed a "callout". The way it is done in PCRE
+is for the caller to provide an optional function, by setting pcre_callout to
+its entry point. To get the function called, the regex must include (?C) at
+appropriate points.
+
+5. Support for recursive calls to individual subpatterns. This makes it really
+easy to get totally confused.
+
+6. Support for named subpatterns. The Python syntax (?P<name>...) is used to
+name a group.
+
+7. Several extensions to UTF-8 support; it is now fairly complete. There is an
+option for pcregrep to make it operate in UTF-8 mode.
+
+8. The single man page has been split into a number of separate man pages.
+These also give rise to individual HTML pages which are put in a separate
+directory. There is an index.html page that lists them all. Some hyperlinking
+between the pages has been installed.
+
+
+Release 3.5 15-Aug-01
+---------------------
+
+1. The configuring system has been upgraded to use later versions of autoconf
+and libtool. By default it builds both a shared and a static library if the OS
+supports it. You can use --disable-shared or --disable-static on the configure
+command if you want only one of them.
+
+2. The pcretest utility is now installed along with pcregrep because it is
+useful for users (to test regexs) and by doing this, it automatically gets
+relinked by libtool. The documentation has been turned into a man page, so
+there are now .1, .txt, and .html versions in /doc.
+
+3. Upgrades to pcregrep:
+   (i)   Added long-form option names like gnu grep.
+   (ii)  Added --help to list all options with an explanatory phrase.
+   (iii) Added -r, --recursive to recurse into sub-directories.
+   (iv)  Added -f, --file to read patterns from a file.
+
+4. Added --enable-newline-is-cr and --enable-newline-is-lf to the configure
+script, to force use of CR or LF instead of \n in the source. On non-Unix
+systems, the value can be set in config.h.
+
+5. The limit of 200 on non-capturing parentheses is a _nesting_ limit, not an
+absolute limit. Changed the text of the error message to make this clear, and
+likewise updated the man page.
+
+6. The limit of 99 on the number of capturing subpatterns has been removed.
+The new limit is 65535, which I hope will not be a "real" limit.
+
+
+Release 3.3 01-Aug-00
+---------------------
+
+There is some support for UTF-8 character strings. This is incomplete and
+experimental. The documentation describes what is and what is not implemented.
+Otherwise, this is just a bug-fixing release.
+
+
+Release 3.0 01-Feb-00
+---------------------
+
+1. A "configure" script is now used to configure PCRE for Unix systems. It
+builds a Makefile, a config.h file, and the pcre-config script.
+
+2. PCRE is built as a shared library by default.
+
+3. There is support for POSIX classes such as [:alpha:].
+
+5. There is an experimental recursion feature.
+
+----------------------------------------------------------------------------
+          IMPORTANT FOR THOSE UPGRADING FROM VERSIONS BEFORE 2.00
+
+Please note that there has been a change in the API such that a larger
+ovector is required at matching time, to provide some additional workspace.
+The new man page has details. This change was necessary in order to support
+some of the new functionality in Perl 5.005.
+
+          IMPORTANT FOR THOSE UPGRADING FROM VERSION 2.00
+
+Another (I hope this is the last!) change has been made to the API for the
+pcre_compile() function. An additional argument has been added to make it
+possible to pass over a pointer to character tables built in the current
+locale by pcre_maketables(). To use the default tables, this new argument
+should be passed as NULL.
+
+          IMPORTANT FOR THOSE UPGRADING FROM VERSION 2.05
+
+Yet another (and again I hope this really is the last) change has been made
+to the API for the pcre_exec() function. An additional argument has been
+added to make it possible to start the match other than at the start of the
+subject string. This is important if there are lookbehinds. The new man
+page has the details, but you just want to convert existing programs, all
+you need to do is to stick in a new fifth argument to pcre_exec(), with a
+value of zero. For example, change
+
+  pcre_exec(pattern, extra, subject, length, options, ovec, ovecsize)
+to
+  pcre_exec(pattern, extra, subject, length, 0, options, ovec, ovecsize)
+
+****
diff --git a/client/3rd/ShadowSocks/ShadowSocks/pcre/armv7s/share/doc/pcre/README b/client/3rd/ShadowSocks/ShadowSocks/pcre/armv7s/share/doc/pcre/README
new file mode 100644
index 00000000..4887ebf3
--- /dev/null
+++ b/client/3rd/ShadowSocks/ShadowSocks/pcre/armv7s/share/doc/pcre/README
@@ -0,0 +1,1002 @@
+README file for PCRE (Perl-compatible regular expression library)
+-----------------------------------------------------------------
+
+NOTE: This set of files relates to PCRE releases that use the original API,
+with library names libpcre, libpcre16, and libpcre32. January 2015 saw the
+first release of a new API, known as PCRE2, with release numbers starting at
+10.00 and library names libpcre2-8, libpcre2-16, and libpcre2-32. The old
+libraries (now called PCRE1) are still being maintained for bug fixes, but
+there will be no new development. New projects are advised to use the new PCRE2
+libraries.
+
+
+The latest release of PCRE1 is always available in three alternative formats
+from:
+
+  ftp://ftp.csx.cam.ac.uk/pub/software/programming/pcre/pcre-xxx.tar.gz
+  ftp://ftp.csx.cam.ac.uk/pub/software/programming/pcre/pcre-xxx.tar.bz2
+  ftp://ftp.csx.cam.ac.uk/pub/software/programming/pcre/pcre-xxx.zip
+
+There is a mailing list for discussion about the development of PCRE at
+pcre-dev@exim.org. You can access the archives and subscribe or manage your
+subscription here:
+
+   https://lists.exim.org/mailman/listinfo/pcre-dev
+
+Please read the NEWS file if you are upgrading from a previous release.
+The contents of this README file are:
+
+  The PCRE APIs
+  Documentation for PCRE
+  Contributions by users of PCRE
+  Building PCRE on non-Unix-like systems
+  Building PCRE without using autotools
+  Building PCRE using autotools
+  Retrieving configuration information
+  Shared libraries
+  Cross-compiling using autotools
+  Using HP's ANSI C++ compiler (aCC)
+  Compiling in Tru64 using native compilers
+  Using Sun's compilers for Solaris
+  Using PCRE from MySQL
+  Making new tarballs
+  Testing PCRE
+  Character tables
+  File manifest
+
+
+The PCRE APIs
+-------------
+
+PCRE is written in C, and it has its own API. There are three sets of
+functions, one for the 8-bit library, which processes strings of bytes, one for
+the 16-bit library, which processes strings of 16-bit values, and one for the
+32-bit library, which processes strings of 32-bit values. The distribution also
+includes a set of C++ wrapper functions (see the pcrecpp man page for details),
+courtesy of Google Inc., which can be used to call the 8-bit PCRE library from
+C++. Other C++ wrappers have been created from time to time. See, for example:
+https://github.com/YasserAsmi/regexp, which aims to be simple and similar in
+style to the C API.
+
+The distribution also contains a set of C wrapper functions (again, just for
+the 8-bit library) that are based on the POSIX regular expression API (see the
+pcreposix man page). These end up in the library called libpcreposix. Note that
+this just provides a POSIX calling interface to PCRE; the regular expressions
+themselves still follow Perl syntax and semantics. The POSIX API is restricted,
+and does not give full access to all of PCRE's facilities.
+
+The header file for the POSIX-style functions is called pcreposix.h. The
+official POSIX name is regex.h, but I did not want to risk possible problems
+with existing files of that name by distributing it that way. To use PCRE with
+an existing program that uses the POSIX API, pcreposix.h will have to be
+renamed or pointed at by a link.
+
+If you are using the POSIX interface to PCRE and there is already a POSIX regex
+library installed on your system, as well as worrying about the regex.h header
+file (as mentioned above), you must also take care when linking programs to
+ensure that they link with PCRE's libpcreposix library. Otherwise they may pick
+up the POSIX functions of the same name from the other library.
+
+One way of avoiding this confusion is to compile PCRE with the addition of
+-Dregcomp=PCREregcomp (and similarly for the other POSIX functions) to the
+compiler flags (CFLAGS if you are using "configure" -- see below). This has the
+effect of renaming the functions so that the names no longer clash. Of course,
+you have to do the same thing for your applications, or write them using the
+new names.
+
+
+Documentation for PCRE
+----------------------
+
+If you install PCRE in the normal way on a Unix-like system, you will end up
+with a set of man pages whose names all start with "pcre". The one that is just
+called "pcre" lists all the others. In addition to these man pages, the PCRE
+documentation is supplied in two other forms:
+
+  1. There are files called doc/pcre.txt, doc/pcregrep.txt, and
+     doc/pcretest.txt in the source distribution. The first of these is a
+     concatenation of the text forms of all the section 3 man pages except
+     the listing of pcredemo.c and those that summarize individual functions.
+     The other two are the text forms of the section 1 man pages for the
+     pcregrep and pcretest commands. These text forms are provided for ease of
+     scanning with text editors or similar tools. They are installed in
+     <prefix>/share/doc/pcre, where <prefix> is the installation prefix
+     (defaulting to /usr/local).
+
+  2. A set of files containing all the documentation in HTML form, hyperlinked
+     in various ways, and rooted in a file called index.html, is distributed in
+     doc/html and installed in <prefix>/share/doc/pcre/html.
+
+Users of PCRE have contributed files containing the documentation for various
+releases in CHM format. These can be found in the Contrib directory of the FTP
+site (see next section).
+
+
+Contributions by users of PCRE
+------------------------------
+
+You can find contributions from PCRE users in the directory
+
+  ftp://ftp.csx.cam.ac.uk/pub/software/programming/pcre/Contrib
+
+There is a README file giving brief descriptions of what they are. Some are
+complete in themselves; others are pointers to URLs containing relevant files.
+Some of this material is likely to be well out-of-date. Several of the earlier
+contributions provided support for compiling PCRE on various flavours of
+Windows (I myself do not use Windows). Nowadays there is more Windows support
+in the standard distribution, so these contibutions have been archived.
+
+A PCRE user maintains downloadable Windows binaries of the pcregrep and
+pcretest programs here:
+
+  http://www.rexegg.com/pcregrep-pcretest.html
+
+
+Building PCRE on non-Unix-like systems
+--------------------------------------
+
+For a non-Unix-like system, please read the comments in the file
+NON-AUTOTOOLS-BUILD, though if your system supports the use of "configure" and
+"make" you may be able to build PCRE using autotools in the same way as for
+many Unix-like systems.
+
+PCRE can also be configured using the GUI facility provided by CMake's
+cmake-gui command. This creates Makefiles, solution files, etc. The file
+NON-AUTOTOOLS-BUILD has information about CMake.
+
+PCRE has been compiled on many different operating systems. It should be
+straightforward to build PCRE on any system that has a Standard C compiler and
+library, because it uses only Standard C functions.
+
+
+Building PCRE without using autotools
+-------------------------------------
+
+The use of autotools (in particular, libtool) is problematic in some
+environments, even some that are Unix or Unix-like. See the NON-AUTOTOOLS-BUILD
+file for ways of building PCRE without using autotools.
+
+
+Building PCRE using autotools
+-----------------------------
+
+If you are using HP's ANSI C++ compiler (aCC), please see the special note
+in the section entitled "Using HP's ANSI C++ compiler (aCC)" below.
+
+The following instructions assume the use of the widely used "configure; make;
+make install" (autotools) process.
+
+To build PCRE on system that supports autotools, first run the "configure"
+command from the PCRE distribution directory, with your current directory set
+to the directory where you want the files to be created. This command is a
+standard GNU "autoconf" configuration script, for which generic instructions
+are supplied in the file INSTALL.
+
+Most commonly, people build PCRE within its own distribution directory, and in
+this case, on many systems, just running "./configure" is sufficient. However,
+the usual methods of changing standard defaults are available. For example:
+
+CFLAGS='-O2 -Wall' ./configure --prefix=/opt/local
+
+This command specifies that the C compiler should be run with the flags '-O2
+-Wall' instead of the default, and that "make install" should install PCRE
+under /opt/local instead of the default /usr/local.
+
+If you want to build in a different directory, just run "configure" with that
+directory as current. For example, suppose you have unpacked the PCRE source
+into /source/pcre/pcre-xxx, but you want to build it in /build/pcre/pcre-xxx:
+
+cd /build/pcre/pcre-xxx
+/source/pcre/pcre-xxx/configure
+
+PCRE is written in C and is normally compiled as a C library. However, it is
+possible to build it as a C++ library, though the provided building apparatus
+does not have any features to support this.
+
+There are some optional features that can be included or omitted from the PCRE
+library. They are also documented in the pcrebuild man page.
+
+. By default, both shared and static libraries are built. You can change this
+  by adding one of these options to the "configure" command:
+
+  --disable-shared
+  --disable-static
+
+  (See also "Shared libraries on Unix-like systems" below.)
+
+. By default, only the 8-bit library is built. If you add --enable-pcre16 to
+  the "configure" command, the 16-bit library is also built. If you add
+  --enable-pcre32 to the "configure" command, the 32-bit library is also built.
+  If you want only the 16-bit or 32-bit library, use --disable-pcre8 to disable
+  building the 8-bit library.
+
+. If you are building the 8-bit library and want to suppress the building of
+  the C++ wrapper library, you can add --disable-cpp to the "configure"
+  command. Otherwise, when "configure" is run without --disable-pcre8, it will
+  try to find a C++ compiler and C++ header files, and if it succeeds, it will
+  try to build the C++ wrapper.
+
+. If you want to include support for just-in-time compiling, which can give
+  large performance improvements on certain platforms, add --enable-jit to the
+  "configure" command. This support is available only for certain hardware
+  architectures. If you try to enable it on an unsupported architecture, there
+  will be a compile time error.
+
+. When JIT support is enabled, pcregrep automatically makes use of it, unless
+  you add --disable-pcregrep-jit to the "configure" command.
+
+. If you want to make use of the support for UTF-8 Unicode character strings in
+  the 8-bit library, or UTF-16 Unicode character strings in the 16-bit library,
+  or UTF-32 Unicode character strings in the 32-bit library, you must add
+  --enable-utf to the "configure" command. Without it, the code for handling
+  UTF-8, UTF-16 and UTF-8 is not included in the relevant library. Even
+  when --enable-utf is included, the use of a UTF encoding still has to be
+  enabled by an option at run time. When PCRE is compiled with this option, its
+  input can only either be ASCII or UTF-8/16/32, even when running on EBCDIC
+  platforms. It is not possible to use both --enable-utf and --enable-ebcdic at
+  the same time.
+
+. There are no separate options for enabling UTF-8, UTF-16 and UTF-32
+  independently because that would allow ridiculous settings such as requesting
+  UTF-16 support while building only the 8-bit library. However, the option
+  --enable-utf8 is retained for backwards compatibility with earlier releases
+  that did not support 16-bit or 32-bit character strings. It is synonymous with
+  --enable-utf. It is not possible to configure one library with UTF support
+  and the other without in the same configuration.
+
+. If, in addition to support for UTF-8/16/32 character strings, you want to
+  include support for the \P, \p, and \X sequences that recognize Unicode
+  character properties, you must add --enable-unicode-properties to the
+  "configure" command. This adds about 30K to the size of the library (in the
+  form of a property table); only the basic two-letter properties such as Lu
+  are supported.
+
+. You can build PCRE to recognize either CR or LF or the sequence CRLF or any
+  of the preceding, or any of the Unicode newline sequences as indicating the
+  end of a line. Whatever you specify at build time is the default; the caller
+  of PCRE can change the selection at run time. The default newline indicator
+  is a single LF character (the Unix standard). You can specify the default
+  newline indicator by adding --enable-newline-is-cr or --enable-newline-is-lf
+  or --enable-newline-is-crlf or --enable-newline-is-anycrlf or
+  --enable-newline-is-any to the "configure" command, respectively.
+
+  If you specify --enable-newline-is-cr or --enable-newline-is-crlf, some of
+  the standard tests will fail, because the lines in the test files end with
+  LF. Even if the files are edited to change the line endings, there are likely
+  to be some failures. With --enable-newline-is-anycrlf or
+  --enable-newline-is-any, many tests should succeed, but there may be some
+  failures.
+
+. By default, the sequence \R in a pattern matches any Unicode line ending
+  sequence. This is independent of the option specifying what PCRE considers to
+  be the end of a line (see above). However, the caller of PCRE can restrict \R
+  to match only CR, LF, or CRLF. You can make this the default by adding
+  --enable-bsr-anycrlf to the "configure" command (bsr = "backslash R").
+
+. When called via the POSIX interface, PCRE uses malloc() to get additional
+  storage for processing capturing parentheses if there are more than 10 of
+  them in a pattern. You can increase this threshold by setting, for example,
+
+  --with-posix-malloc-threshold=20
+
+  on the "configure" command.
+
+. PCRE has a counter that limits the depth of nesting of parentheses in a
+  pattern. This limits the amount of system stack that a pattern uses when it
+  is compiled. The default is 250, but you can change it by setting, for
+  example,
+
+  --with-parens-nest-limit=500
+
+. PCRE has a counter that can be set to limit the amount of resources it uses
+  when matching a pattern. If the limit is exceeded during a match, the match
+  fails. The default is ten million. You can change the default by setting, for
+  example,
+
+  --with-match-limit=500000
+
+  on the "configure" command. This is just the default; individual calls to
+  pcre_exec() can supply their own value. There is more discussion on the
+  pcreapi man page.
+
+. There is a separate counter that limits the depth of recursive function calls
+  during a matching process. This also has a default of ten million, which is
+  essentially "unlimited". You can change the default by setting, for example,
+
+  --with-match-limit-recursion=500000
+
+  Recursive function calls use up the runtime stack; running out of stack can
+  cause programs to crash in strange ways. There is a discussion about stack
+  sizes in the pcrestack man page.
+
+. The default maximum compiled pattern size is around 64K. You can increase
+  this by adding --with-link-size=3 to the "configure" command. In the 8-bit
+  library, PCRE then uses three bytes instead of two for offsets to different
+  parts of the compiled pattern. In the 16-bit library, --with-link-size=3 is
+  the same as --with-link-size=4, which (in both libraries) uses four-byte
+  offsets. Increasing the internal link size reduces performance. In the 32-bit
+  library, the only supported link size is 4.
+
+. You can build PCRE so that its internal match() function that is called from
+  pcre_exec() does not call itself recursively. Instead, it uses memory blocks
+  obtained from the heap via the special functions pcre_stack_malloc() and
+  pcre_stack_free() to save data that would otherwise be saved on the stack. To
+  build PCRE like this, use
+
+  --disable-stack-for-recursion
+
+  on the "configure" command. PCRE runs more slowly in this mode, but it may be
+  necessary in environments with limited stack sizes. This applies only to the
+  normal execution of the pcre_exec() function; if JIT support is being
+  successfully used, it is not relevant. Equally, it does not apply to
+  pcre_dfa_exec(), which does not use deeply nested recursion. There is a
+  discussion about stack sizes in the pcrestack man page.
+
+. For speed, PCRE uses four tables for manipulating and identifying characters
+  whose code point values are less than 256. By default, it uses a set of
+  tables for ASCII encoding that is part of the distribution. If you specify
+
+  --enable-rebuild-chartables
+
+  a program called dftables is compiled and run in the default C locale when
+  you obey "make". It builds a source file called pcre_chartables.c. If you do
+  not specify this option, pcre_chartables.c is created as a copy of
+  pcre_chartables.c.dist. See "Character tables" below for further information.
+
+. It is possible to compile PCRE for use on systems that use EBCDIC as their
+  character code (as opposed to ASCII/Unicode) by specifying
+
+  --enable-ebcdic
+
+  This automatically implies --enable-rebuild-chartables (see above). However,
+  when PCRE is built this way, it always operates in EBCDIC. It cannot support
+  both EBCDIC and UTF-8/16/32. There is a second option, --enable-ebcdic-nl25,
+  which specifies that the code value for the EBCDIC NL character is 0x25
+  instead of the default 0x15.
+
+. In environments where valgrind is installed, if you specify
+
+  --enable-valgrind
+
+  PCRE will use valgrind annotations to mark certain memory regions as
+  unaddressable. This allows it to detect invalid memory accesses, and is
+  mostly useful for debugging PCRE itself.
+
+. In environments where the gcc compiler is used and lcov version 1.6 or above
+  is installed, if you specify
+
+  --enable-coverage
+
+  the build process implements a code coverage report for the test suite. The
+  report is generated by running "make coverage". If ccache is installed on
+  your system, it must be disabled when building PCRE for coverage reporting.
+  You can do this by setting the environment variable CCACHE_DISABLE=1 before
+  running "make" to build PCRE. There is more information about coverage
+  reporting in the "pcrebuild" documentation.
+
+. The pcregrep program currently supports only 8-bit data files, and so
+  requires the 8-bit PCRE library. It is possible to compile pcregrep to use
+  libz and/or libbz2, in order to read .gz and .bz2 files (respectively), by
+  specifying one or both of
+
+  --enable-pcregrep-libz
+  --enable-pcregrep-libbz2
+
+  Of course, the relevant libraries must be installed on your system.
+
+. The default size (in bytes) of the internal buffer used by pcregrep can be
+  set by, for example:
+
+  --with-pcregrep-bufsize=51200
+
+  The value must be a plain integer. The default is 20480.
+
+. It is possible to compile pcretest so that it links with the libreadline
+  or libedit libraries, by specifying, respectively,
+
+  --enable-pcretest-libreadline or --enable-pcretest-libedit
+
+  If this is done, when pcretest's input is from a terminal, it reads it using
+  the readline() function. This provides line-editing and history facilities.
+  Note that libreadline is GPL-licenced, so if you distribute a binary of
+  pcretest linked in this way, there may be licensing issues. These can be
+  avoided by linking with libedit (which has a BSD licence) instead.
+
+  Enabling libreadline causes the -lreadline option to be added to the pcretest
+  build. In many operating environments with a sytem-installed readline
+  library this is sufficient. However, in some environments (e.g. if an
+  unmodified distribution version of readline is in use), it may be necessary
+  to specify something like LIBS="-lncurses" as well. This is because, to quote
+  the readline INSTALL, "Readline uses the termcap functions, but does not link
+  with the termcap or curses library itself, allowing applications which link
+  with readline the to choose an appropriate library." If you get error
+  messages about missing functions tgetstr, tgetent, tputs, tgetflag, or tgoto,
+  this is the problem, and linking with the ncurses library should fix it.
+
+The "configure" script builds the following files for the basic C library:
+
+. Makefile             the makefile that builds the library
+. config.h             build-time configuration options for the library
+. pcre.h               the public PCRE header file
+. pcre-config          script that shows the building settings such as CFLAGS
+                         that were set for "configure"
+. libpcre.pc         ) data for the pkg-config command
+. libpcre16.pc       )
+. libpcre32.pc       )
+. libpcreposix.pc    )
+. libtool              script that builds shared and/or static libraries
+
+Versions of config.h and pcre.h are distributed in the PCRE tarballs under the
+names config.h.generic and pcre.h.generic. These are provided for those who
+have to built PCRE without using "configure" or CMake. If you use "configure"
+or CMake, the .generic versions are not used.
+
+When building the 8-bit library, if a C++ compiler is found, the following
+files are also built:
+
+. libpcrecpp.pc        data for the pkg-config command
+. pcrecpparg.h         header file for calling PCRE via the C++ wrapper
+. pcre_stringpiece.h   header for the C++ "stringpiece" functions
+
+The "configure" script also creates config.status, which is an executable
+script that can be run to recreate the configuration, and config.log, which
+contains compiler output from tests that "configure" runs.
+
+Once "configure" has run, you can run "make". This builds the the libraries
+libpcre, libpcre16 and/or libpcre32, and a test program called pcretest. If you
+enabled JIT support with --enable-jit, a test program called pcre_jit_test is
+built as well.
+
+If the 8-bit library is built, libpcreposix and the pcregrep command are also
+built, and if a C++ compiler was found on your system, and you did not disable
+it with --disable-cpp, "make" builds the C++ wrapper library, which is called
+libpcrecpp, as well as some test programs called pcrecpp_unittest,
+pcre_scanner_unittest, and pcre_stringpiece_unittest.
+
+The command "make check" runs all the appropriate tests. Details of the PCRE
+tests are given below in a separate section of this document.
+
+You can use "make install" to install PCRE into live directories on your
+system. The following are installed (file names are all relative to the
+<prefix> that is set when "configure" is run):
+
+  Commands (bin):
+    pcretest
+    pcregrep (if 8-bit support is enabled)
+    pcre-config
+
+  Libraries (lib):
+    libpcre16     (if 16-bit support is enabled)
+    libpcre32     (if 32-bit support is enabled)
+    libpcre       (if 8-bit support is enabled)
+    libpcreposix  (if 8-bit support is enabled)
+    libpcrecpp    (if 8-bit and C++ support is enabled)
+
+  Configuration information (lib/pkgconfig):
+    libpcre16.pc
+    libpcre32.pc
+    libpcre.pc
+    libpcreposix.pc
+    libpcrecpp.pc (if C++ support is enabled)
+
+  Header files (include):
+    pcre.h
+    pcreposix.h
+    pcre_scanner.h      )
+    pcre_stringpiece.h  ) if C++ support is enabled
+    pcrecpp.h           )
+    pcrecpparg.h        )
+
+  Man pages (share/man/man{1,3}):
+    pcregrep.1
+    pcretest.1
+    pcre-config.1
+    pcre.3
+    pcre*.3 (lots more pages, all starting "pcre")
+
+  HTML documentation (share/doc/pcre/html):
+    index.html
+    *.html (lots more pages, hyperlinked from index.html)
+
+  Text file documentation (share/doc/pcre):
+    AUTHORS
+    COPYING
+    ChangeLog
+    LICENCE
+    NEWS
+    README
+    pcre.txt         (a concatenation of the man(3) pages)
+    pcretest.txt     the pcretest man page
+    pcregrep.txt     the pcregrep man page
+    pcre-config.txt  the pcre-config man page
+
+If you want to remove PCRE from your system, you can run "make uninstall".
+This removes all the files that "make install" installed. However, it does not
+remove any directories, because these are often shared with other programs.
+
+
+Retrieving configuration information
+------------------------------------
+
+Running "make install" installs the command pcre-config, which can be used to
+recall information about the PCRE configuration and installation. For example:
+
+  pcre-config --version
+
+prints the version number, and
+
+  pcre-config --libs
+
+outputs information about where the library is installed. This command can be
+included in makefiles for programs that use PCRE, saving the programmer from
+having to remember too many details.
+
+The pkg-config command is another system for saving and retrieving information
+about installed libraries. Instead of separate commands for each library, a
+single command is used. For example:
+
+  pkg-config --cflags pcre
+
+The data is held in *.pc files that are installed in a directory called
+<prefix>/lib/pkgconfig.
+
+
+Shared libraries
+----------------
+
+The default distribution builds PCRE as shared libraries and static libraries,
+as long as the operating system supports shared libraries. Shared library
+support relies on the "libtool" script which is built as part of the
+"configure" process.
+
+The libtool script is used to compile and link both shared and static
+libraries. They are placed in a subdirectory called .libs when they are newly
+built. The programs pcretest and pcregrep are built to use these uninstalled
+libraries (by means of wrapper scripts in the case of shared libraries). When
+you use "make install" to install shared libraries, pcregrep and pcretest are
+automatically re-built to use the newly installed shared libraries before being
+installed themselves. However, the versions left in the build directory still
+use the uninstalled libraries.
+
+To build PCRE using static libraries only you must use --disable-shared when
+configuring it. For example:
+
+./configure --prefix=/usr/gnu --disable-shared
+
+Then run "make" in the usual way. Similarly, you can use --disable-static to
+build only shared libraries.
+
+
+Cross-compiling using autotools
+-------------------------------
+
+You can specify CC and CFLAGS in the normal way to the "configure" command, in
+order to cross-compile PCRE for some other host. However, you should NOT
+specify --enable-rebuild-chartables, because if you do, the dftables.c source
+file is compiled and run on the local host, in order to generate the inbuilt
+character tables (the pcre_chartables.c file). This will probably not work,
+because dftables.c needs to be compiled with the local compiler, not the cross
+compiler.
+
+When --enable-rebuild-chartables is not specified, pcre_chartables.c is created
+by making a copy of pcre_chartables.c.dist, which is a default set of tables
+that assumes ASCII code. Cross-compiling with the default tables should not be
+a problem.
+
+If you need to modify the character tables when cross-compiling, you should
+move pcre_chartables.c.dist out of the way, then compile dftables.c by hand and
+run it on the local host to make a new version of pcre_chartables.c.dist.
+Then when you cross-compile PCRE this new version of the tables will be used.
+
+
+Using HP's ANSI C++ compiler (aCC)
+----------------------------------
+
+Unless C++ support is disabled by specifying the "--disable-cpp" option of the
+"configure" script, you must include the "-AA" option in the CXXFLAGS
+environment variable in order for the C++ components to compile correctly.
+
+Also, note that the aCC compiler on PA-RISC platforms may have a defect whereby
+needed libraries fail to get included when specifying the "-AA" compiler
+option. If you experience unresolved symbols when linking the C++ programs,
+use the workaround of specifying the following environment variable prior to
+running the "configure" script:
+
+  CXXLDFLAGS="-lstd_v2 -lCsup_v2"
+
+
+Compiling in Tru64 using native compilers
+-----------------------------------------
+
+The following error may occur when compiling with native compilers in the Tru64
+operating system:
+
+  CXX    libpcrecpp_la-pcrecpp.lo
+cxx: Error: /usr/lib/cmplrs/cxx/V7.1-006/include/cxx/iosfwd, line 58: #error
+          directive: "cannot include iosfwd -- define __USE_STD_IOSTREAM to
+          override default - see section 7.1.2 of the C++ Using Guide"
+#error "cannot include iosfwd -- define __USE_STD_IOSTREAM to override default
+- see section 7.1.2 of the C++ Using Guide"
+
+This may be followed by other errors, complaining that 'namespace "std" has no
+member'. The solution to this is to add the line
+
+#define __USE_STD_IOSTREAM 1
+
+to the config.h file.
+
+
+Using Sun's compilers for Solaris
+---------------------------------
+
+A user reports that the following configurations work on Solaris 9 sparcv9 and
+Solaris 9 x86 (32-bit):
+
+  Solaris 9 sparcv9: ./configure --disable-cpp CC=/bin/cc CFLAGS="-m64 -g"
+  Solaris 9 x86:     ./configure --disable-cpp CC=/bin/cc CFLAGS="-g"
+
+
+Using PCRE from MySQL
+---------------------
+
+On systems where both PCRE and MySQL are installed, it is possible to make use
+of PCRE from within MySQL, as an alternative to the built-in pattern matching.
+There is a web page that tells you how to do this:
+
+  http://www.mysqludf.org/lib_mysqludf_preg/index.php
+
+
+Making new tarballs
+-------------------
+
+The command "make dist" creates three PCRE tarballs, in tar.gz, tar.bz2, and
+zip formats. The command "make distcheck" does the same, but then does a trial
+build of the new distribution to ensure that it works.
+
+If you have modified any of the man page sources in the doc directory, you
+should first run the PrepareRelease script before making a distribution. This
+script creates the .txt and HTML forms of the documentation from the man pages.
+
+
+Testing PCRE
+------------
+
+To test the basic PCRE library on a Unix-like system, run the RunTest script.
+There is another script called RunGrepTest that tests the options of the
+pcregrep command. If the C++ wrapper library is built, three test programs
+called pcrecpp_unittest, pcre_scanner_unittest, and pcre_stringpiece_unittest
+are also built. When JIT support is enabled, another test program called
+pcre_jit_test is built.
+
+Both the scripts and all the program tests are run if you obey "make check" or
+"make test". For other environments, see the instructions in
+NON-AUTOTOOLS-BUILD.
+
+The RunTest script runs the pcretest test program (which is documented in its
+own man page) on each of the relevant testinput files in the testdata
+directory, and compares the output with the contents of the corresponding
+testoutput files. RunTest uses a file called testtry to hold the main output
+from pcretest. Other files whose names begin with "test" are used as working
+files in some tests.
+
+Some tests are relevant only when certain build-time options were selected. For
+example, the tests for UTF-8/16/32 support are run only if --enable-utf was
+used. RunTest outputs a comment when it skips a test.
+
+Many of the tests that are not skipped are run up to three times. The second
+run forces pcre_study() to be called for all patterns except for a few in some
+tests that are marked "never study" (see the pcretest program for how this is
+done). If JIT support is available, the non-DFA tests are run a third time,
+this time with a forced pcre_study() with the PCRE_STUDY_JIT_COMPILE option.
+This testing can be suppressed by putting "nojit" on the RunTest command line.
+
+The entire set of tests is run once for each of the 8-bit, 16-bit and 32-bit
+libraries that are enabled. If you want to run just one set of tests, call
+RunTest with either the -8, -16 or -32 option.
+
+If valgrind is installed, you can run the tests under it by putting "valgrind"
+on the RunTest command line. To run pcretest on just one or more specific test
+files, give their numbers as arguments to RunTest, for example:
+
+  RunTest 2 7 11
+
+You can also specify ranges of tests such as 3-6 or 3- (meaning 3 to the
+end), or a number preceded by ~ to exclude a test. For example:
+
+  Runtest 3-15 ~10
+
+This runs tests 3 to 15, excluding test 10, and just ~13 runs all the tests
+except test 13. Whatever order the arguments are in, the tests are always run
+in numerical order.
+
+You can also call RunTest with the single argument "list" to cause it to output
+a list of tests.
+
+The first test file can be fed directly into the perltest.pl script to check
+that Perl gives the same results. The only difference you should see is in the
+first few lines, where the Perl version is given instead of the PCRE version.
+
+The second set of tests check pcre_fullinfo(), pcre_study(),
+pcre_copy_substring(), pcre_get_substring(), pcre_get_substring_list(), error
+detection, and run-time flags that are specific to PCRE, as well as the POSIX
+wrapper API. It also uses the debugging flags to check some of the internals of
+pcre_compile().
+
+If you build PCRE with a locale setting that is not the standard C locale, the
+character tables may be different (see next paragraph). In some cases, this may
+cause failures in the second set of tests. For example, in a locale where the
+isprint() function yields TRUE for characters in the range 128-255, the use of
+[:isascii:] inside a character class defines a different set of characters, and
+this shows up in this test as a difference in the compiled code, which is being
+listed for checking. Where the comparison test output contains [\x00-\x7f] the
+test will contain [\x00-\xff], and similarly in some other cases. This is not a
+bug in PCRE.
+
+The third set of tests checks pcre_maketables(), the facility for building a
+set of character tables for a specific locale and using them instead of the
+default tables. The tests make use of the "fr_FR" (French) locale. Before
+running the test, the script checks for the presence of this locale by running
+the "locale" command. If that command fails, or if it doesn't include "fr_FR"
+in the list of available locales, the third test cannot be run, and a comment
+is output to say why. If running this test produces instances of the error
+
+  ** Failed to set locale "fr_FR"
+
+in the comparison output, it means that locale is not available on your system,
+despite being listed by "locale". This does not mean that PCRE is broken.
+
+[If you are trying to run this test on Windows, you may be able to get it to
+work by changing "fr_FR" to "french" everywhere it occurs. Alternatively, use
+RunTest.bat. The version of RunTest.bat included with PCRE 7.4 and above uses
+Windows versions of test 2. More info on using RunTest.bat is included in the
+document entitled NON-UNIX-USE.]
+
+The fourth and fifth tests check the UTF-8/16/32 support and error handling and
+internal UTF features of PCRE that are not relevant to Perl, respectively. The
+sixth and seventh tests do the same for Unicode character properties support.
+
+The eighth, ninth, and tenth tests check the pcre_dfa_exec() alternative
+matching function, in non-UTF-8/16/32 mode, UTF-8/16/32 mode, and UTF-8/16/32
+mode with Unicode property support, respectively.
+
+The eleventh test checks some internal offsets and code size features; it is
+run only when the default "link size" of 2 is set (in other cases the sizes
+change) and when Unicode property support is enabled.
+
+The twelfth test is run only when JIT support is available, and the thirteenth
+test is run only when JIT support is not available. They test some JIT-specific
+features such as information output from pcretest about JIT compilation.
+
+The fourteenth, fifteenth, and sixteenth tests are run only in 8-bit mode, and
+the seventeenth, eighteenth, and nineteenth tests are run only in 16/32-bit
+mode. These are tests that generate different output in the two modes. They are
+for general cases, UTF-8/16/32 support, and Unicode property support,
+respectively.
+
+The twentieth test is run only in 16/32-bit mode. It tests some specific
+16/32-bit features of the DFA matching engine.
+
+The twenty-first and twenty-second tests are run only in 16/32-bit mode, when
+the link size is set to 2 for the 16-bit library. They test reloading
+pre-compiled patterns.
+
+The twenty-third and twenty-fourth tests are run only in 16-bit mode. They are
+for general cases, and UTF-16 support, respectively.
+
+The twenty-fifth and twenty-sixth tests are run only in 32-bit mode. They are
+for general cases, and UTF-32 support, respectively.
+
+
+Character tables
+----------------
+
+For speed, PCRE uses four tables for manipulating and identifying characters
+whose code point values are less than 256. The final argument of the
+pcre_compile() function is a pointer to a block of memory containing the
+concatenated tables. A call to pcre_maketables() can be used to generate a set
+of tables in the current locale. If the final argument for pcre_compile() is
+passed as NULL, a set of default tables that is built into the binary is used.
+
+The source file called pcre_chartables.c contains the default set of tables. By
+default, this is created as a copy of pcre_chartables.c.dist, which contains
+tables for ASCII coding. However, if --enable-rebuild-chartables is specified
+for ./configure, a different version of pcre_chartables.c is built by the
+program dftables (compiled from dftables.c), which uses the ANSI C character
+handling functions such as isalnum(), isalpha(), isupper(), islower(), etc. to
+build the table sources. This means that the default C locale which is set for
+your system will control the contents of these default tables. You can change
+the default tables by editing pcre_chartables.c and then re-building PCRE. If
+you do this, you should take care to ensure that the file does not get
+automatically re-generated. The best way to do this is to move
+pcre_chartables.c.dist out of the way and replace it with your customized
+tables.
+
+When the dftables program is run as a result of --enable-rebuild-chartables,
+it uses the default C locale that is set on your system. It does not pay
+attention to the LC_xxx environment variables. In other words, it uses the
+system's default locale rather than whatever the compiling user happens to have
+set. If you really do want to build a source set of character tables in a
+locale that is specified by the LC_xxx variables, you can run the dftables
+program by hand with the -L option. For example:
+
+  ./dftables -L pcre_chartables.c.special
+
+The first two 256-byte tables provide lower casing and case flipping functions,
+respectively. The next table consists of three 32-byte bit maps which identify
+digits, "word" characters, and white space, respectively. These are used when
+building 32-byte bit maps that represent character classes for code points less
+than 256.
+
+The final 256-byte table has bits indicating various character types, as
+follows:
+
+    1   white space character
+    2   letter
+    4   decimal digit
+    8   hexadecimal digit
+   16   alphanumeric or '_'
+  128   regular expression metacharacter or binary zero
+
+You should not alter the set of characters that contain the 128 bit, as that
+will cause PCRE to malfunction.
+
+
+File manifest
+-------------
+
+The distribution should contain the files listed below. Where a file name is
+given as pcre[16|32]_xxx it means that there are three files, one with the name
+pcre_xxx, one with the name pcre16_xx, and a third with the name pcre32_xxx.
+
+(A) Source files of the PCRE library functions and their headers:
+
+  dftables.c              auxiliary program for building pcre_chartables.c
+                          when --enable-rebuild-chartables is specified
+
+  pcre_chartables.c.dist  a default set of character tables that assume ASCII
+                          coding; used, unless --enable-rebuild-chartables is
+                          specified, by copying to pcre[16]_chartables.c
+
+  pcreposix.c                )
+  pcre[16|32]_byte_order.c   )
+  pcre[16|32]_compile.c      )
+  pcre[16|32]_config.c       )
+  pcre[16|32]_dfa_exec.c     )
+  pcre[16|32]_exec.c         )
+  pcre[16|32]_fullinfo.c     )
+  pcre[16|32]_get.c          ) sources for the functions in the library,
+  pcre[16|32]_globals.c      )   and some internal functions that they use
+  pcre[16|32]_jit_compile.c  )
+  pcre[16|32]_maketables.c   )
+  pcre[16|32]_newline.c      )
+  pcre[16|32]_refcount.c     )
+  pcre[16|32]_string_utils.c )
+  pcre[16|32]_study.c        )
+  pcre[16|32]_tables.c       )
+  pcre[16|32]_ucd.c          )
+  pcre[16|32]_version.c      )
+  pcre[16|32]_xclass.c       )
+  pcre_ord2utf8.c            )
+  pcre_valid_utf8.c          )
+  pcre16_ord2utf16.c         )
+  pcre16_utf16_utils.c       )
+  pcre16_valid_utf16.c       )
+  pcre32_utf32_utils.c       )
+  pcre32_valid_utf32.c       )
+
+  pcre[16|32]_printint.c     ) debugging function that is used by pcretest,
+                             )   and can also be #included in pcre_compile()
+
+  pcre.h.in               template for pcre.h when built by "configure"
+  pcreposix.h             header for the external POSIX wrapper API
+  pcre_internal.h         header for internal use
+  sljit/*                 16 files that make up the JIT compiler
+  ucp.h                   header for Unicode property handling
+
+  config.h.in             template for config.h, which is built by "configure"
+
+  pcrecpp.h               public header file for the C++ wrapper
+  pcrecpparg.h.in         template for another C++ header file
+  pcre_scanner.h          public header file for C++ scanner functions
+  pcrecpp.cc              )
+  pcre_scanner.cc         ) source for the C++ wrapper library
+
+  pcre_stringpiece.h.in   template for pcre_stringpiece.h, the header for the
+                            C++ stringpiece functions
+  pcre_stringpiece.cc     source for the C++ stringpiece functions
+
+(B) Source files for programs that use PCRE:
+
+  pcredemo.c              simple demonstration of coding calls to PCRE
+  pcregrep.c              source of a grep utility that uses PCRE
+  pcretest.c              comprehensive test program
+
+(C) Auxiliary files:
+
+  132html                 script to turn "man" pages into HTML
+  AUTHORS                 information about the author of PCRE
+  ChangeLog               log of changes to the code
+  CleanTxt                script to clean nroff output for txt man pages
+  Detrail                 script to remove trailing spaces
+  HACKING                 some notes about the internals of PCRE
+  INSTALL                 generic installation instructions
+  LICENCE                 conditions for the use of PCRE
+  COPYING                 the same, using GNU's standard name
+  Makefile.in             ) template for Unix Makefile, which is built by
+                          )   "configure"
+  Makefile.am             ) the automake input that was used to create
+                          )   Makefile.in
+  NEWS                    important changes in this release
+  NON-UNIX-USE            the previous name for NON-AUTOTOOLS-BUILD
+  NON-AUTOTOOLS-BUILD     notes on building PCRE without using autotools
+  PrepareRelease          script to make preparations for "make dist"
+  README                  this file
+  RunTest                 a Unix shell script for running tests
+  RunGrepTest             a Unix shell script for pcregrep tests
+  aclocal.m4              m4 macros (generated by "aclocal")
+  config.guess            ) files used by libtool,
+  config.sub              )   used only when building a shared library
+  configure               a configuring shell script (built by autoconf)
+  configure.ac            ) the autoconf input that was used to build
+                          )   "configure" and config.h
+  depcomp                 ) script to find program dependencies, generated by
+                          )   automake
+  doc/*.3                 man page sources for PCRE
+  doc/*.1                 man page sources for pcregrep and pcretest
+  doc/index.html.src      the base HTML page
+  doc/html/*              HTML documentation
+  doc/pcre.txt            plain text version of the man pages
+  doc/pcretest.txt        plain text documentation of test program
+  doc/perltest.txt        plain text documentation of Perl test program
+  install-sh              a shell script for installing files
+  libpcre16.pc.in         template for libpcre16.pc for pkg-config
+  libpcre32.pc.in         template for libpcre32.pc for pkg-config
+  libpcre.pc.in           template for libpcre.pc for pkg-config
+  libpcreposix.pc.in      template for libpcreposix.pc for pkg-config
+  libpcrecpp.pc.in        template for libpcrecpp.pc for pkg-config
+  ltmain.sh               file used to build a libtool script
+  missing                 ) common stub for a few missing GNU programs while
+                          )   installing, generated by automake
+  mkinstalldirs           script for making install directories
+  perltest.pl             Perl test program
+  pcre-config.in          source of script which retains PCRE information
+  pcre_jit_test.c         test program for the JIT compiler
+  pcrecpp_unittest.cc          )
+  pcre_scanner_unittest.cc     ) test programs for the C++ wrapper
+  pcre_stringpiece_unittest.cc )
+  testdata/testinput*     test data for main library tests
+  testdata/testoutput*    expected test results
+  testdata/grep*          input and output for pcregrep tests
+  testdata/*              other supporting test files
+
+(D) Auxiliary files for cmake support
+
+  cmake/COPYING-CMAKE-SCRIPTS
+  cmake/FindPackageHandleStandardArgs.cmake
+  cmake/FindEditline.cmake
+  cmake/FindReadline.cmake
+  CMakeLists.txt
+  config-cmake.h.in
+
+(E) Auxiliary files for VPASCAL
+
+  makevp.bat
+  makevp_c.txt
+  makevp_l.txt
+  pcregexp.pas
+
+(F) Auxiliary files for building PCRE "by hand"
+
+  pcre.h.generic          ) a version of the public PCRE header file
+                          )   for use in non-"configure" environments
+  config.h.generic        ) a version of config.h for use in non-"configure"
+                          )   environments
+
+(F) Miscellaneous
+
+  RunTest.bat            a script for running tests under Windows
+
+Philip Hazel
+Email local part: ph10
+Email domain: cam.ac.uk
+Last updated: 10 February 2015
diff --git a/client/3rd/ShadowSocks/ShadowSocks/pcre/armv7s/share/doc/pcre/html/NON-AUTOTOOLS-BUILD.txt b/client/3rd/ShadowSocks/ShadowSocks/pcre/armv7s/share/doc/pcre/html/NON-AUTOTOOLS-BUILD.txt
new file mode 100644
index 00000000..39100591
--- /dev/null
+++ b/client/3rd/ShadowSocks/ShadowSocks/pcre/armv7s/share/doc/pcre/html/NON-AUTOTOOLS-BUILD.txt
@@ -0,0 +1,772 @@
+Building PCRE without using autotools
+-------------------------------------
+
+NOTE: This document relates to PCRE releases that use the original API, with
+library names libpcre, libpcre16, and libpcre32. January 2015 saw the first
+release of a new API, known as PCRE2, with release numbers starting at 10.00
+and library names libpcre2-8, libpcre2-16, and libpcre2-32. The old libraries
+(now called PCRE1) are still being maintained for bug fixes, but there will be
+no new development. New projects are advised to use the new PCRE2 libraries.
+
+
+This document contains the following sections:
+
+  General
+  Generic instructions for the PCRE C library
+  The C++ wrapper functions
+  Building for virtual Pascal
+  Stack size in Windows environments
+  Linking programs in Windows environments
+  Calling conventions in Windows environments
+  Comments about Win32 builds
+  Building PCRE on Windows with CMake
+  Use of relative paths with CMake on Windows
+  Testing with RunTest.bat
+  Building under Windows CE with Visual Studio 200x
+  Building under Windows with BCC5.5
+  Building using Borland C++ Builder 2007 (CB2007) and higher
+  Building PCRE on OpenVMS
+  Building PCRE on Stratus OpenVOS
+  Building PCRE on native z/OS and z/VM
+
+
+GENERAL
+
+I (Philip Hazel) have no experience of Windows or VMS sytems and how their
+libraries work. The items in the PCRE distribution and Makefile that relate to
+anything other than Linux systems are untested by me.
+
+There are some other comments and files (including some documentation in CHM
+format) in the Contrib directory on the FTP site:
+
+  ftp://ftp.csx.cam.ac.uk/pub/software/programming/pcre/Contrib
+
+The basic PCRE library consists entirely of code written in Standard C, and so
+should compile successfully on any system that has a Standard C compiler and
+library. The C++ wrapper functions are a separate issue (see below).
+
+The PCRE distribution includes a "configure" file for use by the configure/make
+(autotools) build system, as found in many Unix-like environments. The README
+file contains information about the options for "configure".
+
+There is also support for CMake, which some users prefer, especially in Windows
+environments, though it can also be run in Unix-like environments. See the
+section entitled "Building PCRE on Windows with CMake" below.
+
+Versions of config.h and pcre.h are distributed in the PCRE tarballs under the
+names config.h.generic and pcre.h.generic. These are provided for those who
+build PCRE without using "configure" or CMake. If you use "configure" or CMake,
+the .generic versions are not used.
+
+
+GENERIC INSTRUCTIONS FOR THE PCRE C LIBRARY
+
+The following are generic instructions for building the PCRE C library "by
+hand". If you are going to use CMake, this section does not apply to you; you
+can skip ahead to the CMake section.
+
+ (1) Copy or rename the file config.h.generic as config.h, and edit the macro
+     settings that it contains to whatever is appropriate for your environment.
+
+     In particular, you can alter the definition of the NEWLINE macro to
+     specify what character(s) you want to be interpreted as line terminators.
+     In an EBCDIC environment, you MUST change NEWLINE, because its default
+     value is 10, an ASCII LF. The usual EBCDIC newline character is 21 (0x15,
+     NL), though in some cases it may be 37 (0x25).
+
+     When you compile any of the PCRE modules, you must specify -DHAVE_CONFIG_H
+     to your compiler so that config.h is included in the sources.
+
+     An alternative approach is not to edit config.h, but to use -D on the
+     compiler command line to make any changes that you need to the
+     configuration options. In this case -DHAVE_CONFIG_H must not be set.
+
+     NOTE: There have been occasions when the way in which certain parameters
+     in config.h are used has changed between releases. (In the configure/make
+     world, this is handled automatically.) When upgrading to a new release,
+     you are strongly advised to review config.h.generic before re-using what
+     you had previously.
+
+ (2) Copy or rename the file pcre.h.generic as pcre.h.
+
+ (3) EITHER:
+       Copy or rename file pcre_chartables.c.dist as pcre_chartables.c.
+
+     OR:
+       Compile dftables.c as a stand-alone program (using -DHAVE_CONFIG_H if
+       you have set up config.h), and then run it with the single argument
+       "pcre_chartables.c". This generates a set of standard character tables
+       and writes them to that file. The tables are generated using the default
+       C locale for your system. If you want to use a locale that is specified
+       by LC_xxx environment variables, add the -L option to the dftables
+       command. You must use this method if you are building on a system that
+       uses EBCDIC code.
+
+     The tables in pcre_chartables.c are defaults. The caller of PCRE can
+     specify alternative tables at run time.
+
+ (4) Ensure that you have the following header files:
+
+       pcre_internal.h
+       ucp.h
+
+ (5) For an 8-bit library, compile the following source files, setting
+     -DHAVE_CONFIG_H as a compiler option if you have set up config.h with your
+     configuration, or else use other -D settings to change the configuration
+     as required.
+
+       pcre_byte_order.c
+       pcre_chartables.c
+       pcre_compile.c
+       pcre_config.c
+       pcre_dfa_exec.c
+       pcre_exec.c
+       pcre_fullinfo.c
+       pcre_get.c
+       pcre_globals.c
+       pcre_jit_compile.c
+       pcre_maketables.c
+       pcre_newline.c
+       pcre_ord2utf8.c
+       pcre_refcount.c
+       pcre_string_utils.c
+       pcre_study.c
+       pcre_tables.c
+       pcre_ucd.c
+       pcre_valid_utf8.c
+       pcre_version.c
+       pcre_xclass.c
+
+     Make sure that you include -I. in the compiler command (or equivalent for
+     an unusual compiler) so that all included PCRE header files are first
+     sought in the current directory. Otherwise you run the risk of picking up
+     a previously-installed file from somewhere else.
+
+     Note that you must still compile pcre_jit_compile.c, even if you have not
+     defined SUPPORT_JIT in config.h, because when JIT support is not
+     configured, dummy functions are compiled. When JIT support IS configured,
+     pcre_jit_compile.c #includes sources from the sljit subdirectory, where
+     there should be 16 files, all of whose names begin with "sljit".
+
+ (6) Now link all the compiled code into an object library in whichever form
+     your system keeps such libraries. This is the basic PCRE C 8-bit library.
+     If your system has static and shared libraries, you may have to do this
+     once for each type.
+
+ (7) If you want to build a 16-bit library (as well as, or instead of the 8-bit
+     or 32-bit libraries) repeat steps 5-6 with the following files:
+
+       pcre16_byte_order.c
+       pcre16_chartables.c
+       pcre16_compile.c
+       pcre16_config.c
+       pcre16_dfa_exec.c
+       pcre16_exec.c
+       pcre16_fullinfo.c
+       pcre16_get.c
+       pcre16_globals.c
+       pcre16_jit_compile.c
+       pcre16_maketables.c
+       pcre16_newline.c
+       pcre16_ord2utf16.c
+       pcre16_refcount.c
+       pcre16_string_utils.c
+       pcre16_study.c
+       pcre16_tables.c
+       pcre16_ucd.c
+       pcre16_utf16_utils.c
+       pcre16_valid_utf16.c
+       pcre16_version.c
+       pcre16_xclass.c
+
+ (8) If you want to build a 32-bit library (as well as, or instead of the 8-bit
+     or 16-bit libraries) repeat steps 5-6 with the following files:
+
+       pcre32_byte_order.c
+       pcre32_chartables.c
+       pcre32_compile.c
+       pcre32_config.c
+       pcre32_dfa_exec.c
+       pcre32_exec.c
+       pcre32_fullinfo.c
+       pcre32_get.c
+       pcre32_globals.c
+       pcre32_jit_compile.c
+       pcre32_maketables.c
+       pcre32_newline.c
+       pcre32_ord2utf32.c
+       pcre32_refcount.c
+       pcre32_string_utils.c
+       pcre32_study.c
+       pcre32_tables.c
+       pcre32_ucd.c
+       pcre32_utf32_utils.c
+       pcre32_valid_utf32.c
+       pcre32_version.c
+       pcre32_xclass.c
+
+ (9) If you want to build the POSIX wrapper functions (which apply only to the
+     8-bit library), ensure that you have the pcreposix.h file and then compile
+     pcreposix.c (remembering -DHAVE_CONFIG_H if necessary). Link the result
+     (on its own) as the pcreposix library.
+
+(10) The pcretest program can be linked with any combination of the 8-bit,
+     16-bit and 32-bit libraries (depending on what you selected in config.h).
+     Compile pcretest.c and pcre_printint.c (again, don't forget
+     -DHAVE_CONFIG_H) and link them together with the appropriate library/ies.
+     If you compiled an 8-bit library, pcretest also needs the pcreposix
+     wrapper library unless you compiled it with -DNOPOSIX.
+
+(11) Run pcretest on the testinput files in the testdata directory, and check
+     that the output matches the corresponding testoutput files. There are
+     comments about what each test does in the section entitled "Testing PCRE"
+     in the README file. If you compiled more than one of the 8-bit, 16-bit and
+     32-bit libraries, you need to run pcretest with the -16 option to do
+     16-bit tests and with the -32 option to do 32-bit tests.
+
+     Some tests are relevant only when certain build-time options are selected.
+     For example, test 4 is for UTF-8/UTF-16/UTF-32 support, and will not run
+     if you have built PCRE without it. See the comments at the start of each
+     testinput file. If you have a suitable Unix-like shell, the RunTest script
+     will run the appropriate tests for you. The command "RunTest list" will
+     output a list of all the tests.
+
+     Note that the supplied files are in Unix format, with just LF characters
+     as line terminators. You may need to edit them to change this if your
+     system uses a different convention. If you are using Windows, you probably
+     should use the wintestinput3 file instead of testinput3 (and the
+     corresponding output file). This is a locale test; wintestinput3 sets the
+     locale to "french" rather than "fr_FR", and there some minor output
+     differences.
+
+(12) If you have built PCRE with SUPPORT_JIT, the JIT features will be tested
+     by the testdata files. However, you might also like to build and run
+     the freestanding JIT test program, pcre_jit_test.c.
+
+(13) If you want to use the pcregrep command, compile and link pcregrep.c; it
+     uses only the basic 8-bit PCRE library (it does not need the pcreposix
+     library).
+
+
+THE C++ WRAPPER FUNCTIONS
+
+The PCRE distribution also contains some C++ wrapper functions and tests,
+applicable to the 8-bit library, which were contributed by Google Inc. On a
+system that can use "configure" and "make", the functions are automatically
+built into a library called pcrecpp. It should be straightforward to compile
+the .cc files manually on other systems. The files called xxx_unittest.cc are
+test programs for each of the corresponding xxx.cc files.
+
+
+BUILDING FOR VIRTUAL PASCAL
+
+A script for building PCRE using Borland's C++ compiler for use with VPASCAL
+was contributed by Alexander Tokarev. Stefan Weber updated the script and added
+additional files. The following files in the distribution are for building PCRE
+for use with VP/Borland: makevp_c.txt, makevp_l.txt, makevp.bat, pcregexp.pas.
+
+
+STACK SIZE IN WINDOWS ENVIRONMENTS
+
+The default processor stack size of 1Mb in some Windows environments is too
+small for matching patterns that need much recursion. In particular, test 2 may
+fail because of this. Normally, running out of stack causes a crash, but there
+have been cases where the test program has just died silently. See your linker
+documentation for how to increase stack size if you experience problems. The
+Linux default of 8Mb is a reasonable choice for the stack, though even that can
+be too small for some pattern/subject combinations.
+
+PCRE has a compile configuration option to disable the use of stack for
+recursion so that heap is used instead. However, pattern matching is
+significantly slower when this is done. There is more about stack usage in the
+"pcrestack" documentation.
+
+
+LINKING PROGRAMS IN WINDOWS ENVIRONMENTS
+
+If you want to statically link a program against a PCRE library in the form of
+a non-dll .a file, you must define PCRE_STATIC before including pcre.h or
+pcrecpp.h, otherwise the pcre_malloc() and pcre_free() exported functions will
+be declared __declspec(dllimport), with unwanted results.
+
+
+CALLING CONVENTIONS IN WINDOWS ENVIRONMENTS
+
+It is possible to compile programs to use different calling conventions using
+MSVC. Search the web for "calling conventions" for more information. To make it
+easier to change the calling convention for the exported functions in the
+PCRE library, the macro PCRE_CALL_CONVENTION is present in all the external
+definitions. It can be set externally when compiling (e.g. in CFLAGS). If it is
+not set, it defaults to empty; the default calling convention is then used
+(which is what is wanted most of the time).
+
+
+COMMENTS ABOUT WIN32 BUILDS (see also "BUILDING PCRE ON WINDOWS WITH CMAKE")
+
+There are two ways of building PCRE using the "configure, make, make install"
+paradigm on Windows systems: using MinGW or using Cygwin. These are not at all
+the same thing; they are completely different from each other. There is also
+support for building using CMake, which some users find a more straightforward
+way of building PCRE under Windows.
+
+The MinGW home page (http://www.mingw.org/) says this:
+
+  MinGW: A collection of freely available and freely distributable Windows
+  specific header files and import libraries combined with GNU toolsets that
+  allow one to produce native Windows programs that do not rely on any
+  3rd-party C runtime DLLs.
+
+The Cygwin home page (http://www.cygwin.com/) says this:
+
+  Cygwin is a Linux-like environment for Windows. It consists of two parts:
+
+  . A DLL (cygwin1.dll) which acts as a Linux API emulation layer providing
+    substantial Linux API functionality
+
+  . A collection of tools which provide Linux look and feel.
+
+  The Cygwin DLL currently works with all recent, commercially released x86 32
+  bit and 64 bit versions of Windows, with the exception of Windows CE.
+
+On both MinGW and Cygwin, PCRE should build correctly using:
+
+  ./configure && make && make install
+
+This should create two libraries called libpcre and libpcreposix, and, if you
+have enabled building the C++ wrapper, a third one called libpcrecpp. These are
+independent libraries: when you link with libpcreposix or libpcrecpp you must
+also link with libpcre, which contains the basic functions. (Some earlier
+releases of PCRE included the basic libpcre functions in libpcreposix. This no
+longer happens.)
+
+A user submitted a special-purpose patch that makes it easy to create
+"pcre.dll" under mingw32 using the "msys" environment. It provides "pcre.dll"
+as a special target. If you use this target, no other files are built, and in
+particular, the pcretest and pcregrep programs are not built. An example of how
+this might be used is:
+
+  ./configure --enable-utf --disable-cpp CFLAGS="-03 -s"; make pcre.dll
+
+Using Cygwin's compiler generates libraries and executables that depend on
+cygwin1.dll. If a library that is generated this way is distributed,
+cygwin1.dll has to be distributed as well. Since cygwin1.dll is under the GPL
+licence, this forces not only PCRE to be under the GPL, but also the entire
+application. A distributor who wants to keep their own code proprietary must
+purchase an appropriate Cygwin licence.
+
+MinGW has no such restrictions. The MinGW compiler generates a library or
+executable that can run standalone on Windows without any third party dll or
+licensing issues.
+
+But there is more complication:
+
+If a Cygwin user uses the -mno-cygwin Cygwin gcc flag, what that really does is
+to tell Cygwin's gcc to use the MinGW gcc. Cygwin's gcc is only acting as a
+front end to MinGW's gcc (if you install Cygwin's gcc, you get both Cygwin's
+gcc and MinGW's gcc). So, a user can:
+
+. Build native binaries by using MinGW or by getting Cygwin and using
+  -mno-cygwin.
+
+. Build binaries that depend on cygwin1.dll by using Cygwin with the normal
+  compiler flags.
+
+The test files that are supplied with PCRE are in UNIX format, with LF
+characters as line terminators. Unless your PCRE library uses a default newline
+option that includes LF as a valid newline, it may be necessary to change the
+line terminators in the test files to get some of the tests to work.
+
+
+BUILDING PCRE ON WINDOWS WITH CMAKE
+
+CMake is an alternative configuration facility that can be used instead of
+"configure". CMake creates project files (make files, solution files, etc.)
+tailored to numerous development environments, including Visual Studio,
+Borland, Msys, MinGW, NMake, and Unix. If possible, use short paths with no
+spaces in the names for your CMake installation and your PCRE source and build
+directories.
+
+The following instructions were contributed by a PCRE user. If they are not
+followed exactly, errors may occur. In the event that errors do occur, it is
+recommended that you delete the CMake cache before attempting to repeat the
+CMake build process. In the CMake GUI, the cache can be deleted by selecting
+"File > Delete Cache".
+
+1.  Install the latest CMake version available from http://www.cmake.org/, and
+    ensure that cmake\bin is on your path.
+
+2.  Unzip (retaining folder structure) the PCRE source tree into a source
+    directory such as C:\pcre. You should ensure your local date and time
+    is not earlier than the file dates in your source dir if the release is
+    very new.
+
+3.  Create a new, empty build directory, preferably a subdirectory of the
+    source dir. For example, C:\pcre\pcre-xx\build.
+
+4.  Run cmake-gui from the Shell envirornment of your build tool, for example,
+    Msys for Msys/MinGW or Visual Studio Command Prompt for VC/VC++. Do not try
+    to start Cmake from the Windows Start menu, as this can lead to errors.
+
+5.  Enter C:\pcre\pcre-xx and C:\pcre\pcre-xx\build for the source and build
+    directories, respectively.
+
+6.  Hit the "Configure" button.
+
+7.  Select the particular IDE / build tool that you are using (Visual
+    Studio, MSYS makefiles, MinGW makefiles, etc.)
+
+8.  The GUI will then list several configuration options. This is where
+    you can enable UTF-8 support or other PCRE optional features.
+
+9.  Hit "Configure" again. The adjacent "Generate" button should now be
+    active.
+
+10. Hit "Generate".
+
+11. The build directory should now contain a usable build system, be it a
+    solution file for Visual Studio, makefiles for MinGW, etc. Exit from
+    cmake-gui and use the generated build system with your compiler or IDE.
+    E.g., for MinGW you can run "make", or for Visual Studio, open the PCRE
+    solution, select the desired configuration (Debug, or Release, etc.) and
+    build the ALL_BUILD project.
+
+12. If during configuration with cmake-gui you've elected to build the test
+    programs, you can execute them by building the test project. E.g., for
+    MinGW: "make test"; for Visual Studio build the RUN_TESTS project. The
+    most recent build configuration is targeted by the tests. A summary of
+    test results is presented. Complete test output is subsequently
+    available for review in Testing\Temporary under your build dir.
+
+
+USE OF RELATIVE PATHS WITH CMAKE ON WINDOWS
+
+A PCRE user comments as follows: I thought that others may want to know the
+current state of CMAKE_USE_RELATIVE_PATHS support on Windows. Here it is:
+
+-- AdditionalIncludeDirectories is only partially modified (only the
+   first path - see below)
+-- Only some of the contained file paths are modified - shown below for
+   pcre.vcproj
+-- It properly modifies
+
+I am sure CMake people can fix that if they want to. Until then one will
+need to replace existing absolute paths in project files with relative
+paths manually (e.g. from VS) - relative to project file location. I did
+just that before being told to try CMAKE_USE_RELATIVE_PATHS. Not a big
+deal.
+
+AdditionalIncludeDirectories="E:\builds\pcre\build;E:\builds\pcre\pcre-7.5;"
+AdditionalIncludeDirectories=".;E:\builds\pcre\pcre-7.5;"
+
+RelativePath="pcre.h"
+RelativePath="pcre_chartables.c"
+RelativePath="pcre_chartables.c.rule"
+
+
+TESTING WITH RUNTEST.BAT
+
+If configured with CMake, building the test project ("make test" or building
+ALL_TESTS in Visual Studio) creates (and runs) pcre_test.bat (and depending
+on your configuration options, possibly other test programs) in the build
+directory. Pcre_test.bat runs RunTest.Bat with correct source and exe paths.
+
+For manual testing with RunTest.bat, provided the build dir is a subdirectory
+of the source directory: Open command shell window. Chdir to the location
+of your pcretest.exe and pcregrep.exe programs. Call RunTest.bat with
+"..\RunTest.Bat" or "..\..\RunTest.bat" as appropriate.
+
+To run only a particular test with RunTest.Bat provide a test number argument.
+
+Otherwise:
+
+1. Copy RunTest.bat into the directory where pcretest.exe and pcregrep.exe
+   have been created.
+
+2. Edit RunTest.bat to indentify the full or relative location of
+   the pcre source (wherein which the testdata folder resides), e.g.:
+
+   set srcdir=C:\pcre\pcre-8.20
+
+3. In a Windows command environment, chdir to the location of your bat and
+   exe programs.
+
+4. Run RunTest.bat. Test outputs will automatically be compared to expected
+   results, and discrepancies will be identified in the console output.
+
+To independently test the just-in-time compiler, run pcre_jit_test.exe.
+To test pcrecpp, run pcrecpp_unittest.exe, pcre_stringpiece_unittest.exe and
+pcre_scanner_unittest.exe.
+
+
+BUILDING UNDER WINDOWS CE WITH VISUAL STUDIO 200x
+
+Vincent Richomme sent a zip archive of files to help with this process. They
+can be found in the file "pcre-vsbuild.zip" in the Contrib directory of the FTP
+site.
+
+
+BUILDING UNDER WINDOWS WITH BCC5.5
+
+Michael Roy sent these comments about building PCRE under Windows with BCC5.5:
+
+Some of the core BCC libraries have a version of PCRE from 1998 built in, which
+can lead to pcre_exec() giving an erroneous PCRE_ERROR_NULL from a version
+mismatch. I'm including an easy workaround below, if you'd like to include it
+in the non-unix instructions:
+
+When linking a project with BCC5.5, pcre.lib must be included before any of the
+libraries cw32.lib, cw32i.lib, cw32mt.lib, and cw32mti.lib on the command line.
+
+
+BUILDING USING BORLAND C++ BUILDER 2007 (CB2007) AND HIGHER
+
+A PCRE user sent these comments about this environment (see also the comment
+from another user that follows them):
+
+The XE versions of C++ Builder come with a RegularExpressionsCore class which
+contain a version of TPerlRegEx. However, direct use of the C PCRE library may
+be desirable.
+
+The default makevp.bat, however, supplied with PCRE builds a version of PCRE
+that is not usable with any version of C++ Builder because the compiler ships
+with an embedded version of PCRE, version 2.01 from 1998! [See also the note
+about BCC5.5 above.] If you want to use PCRE you'll need to rename the
+functions (pcre_compile to pcre_compile_bcc, etc) or do as I have done and just
+use the 16 bit versions. I'm using std::wstring everywhere anyway. Since the
+embedded version of PCRE does not have the 16 bit function names, there is no
+conflict.
+
+Building PCRE using a C++ Builder static library project file (recommended):
+
+1. Rename or remove pcre.h, pcreposi.h, and pcreposix.h from your C++ Builder
+original include path.
+
+2. Download PCRE from pcre.org and extract to a directory.
+
+3. Rename pcre_chartables.c.dist to pcre_chartables.c, pcre.h.generic to
+pcre.h, and config.h.generic to config.h.
+
+4. Edit pcre.h and pcre_config.c so that they include config.h.
+
+5. Edit config.h like so:
+
+Comment out the following lines:
+#define PACKAGE "pcre"
+#define PACKAGE_BUGREPORT ""
+#define PACKAGE_NAME "PCRE"
+#define PACKAGE_STRING "PCRE 8.32"
+#define PACKAGE_TARNAME "pcre"
+#define PACKAGE_URL ""
+#define PACKAGE_VERSION "8.32"
+
+Add the following lines:
+#ifndef SUPPORT_UTF
+#define SUPPORT_UTF 100 // any value is fine
+#endif
+
+#ifndef SUPPORT_UCP
+#define SUPPORT_UCP 101 // any value is fine
+#endif
+
+#ifndef SUPPORT_UCP
+#define SUPPORT_PCRE16 102 // any value is fine
+#endif
+
+#ifndef SUPPORT_UTF8
+#define SUPPORT_UTF8 103 // any value is fine
+#endif
+
+6. Build a C++ Builder project using the IDE. Go to File / New / Other and
+choose Static Library. You can name it pcre.cbproj or whatever. Now set your
+paths by going to Project / Options. Set the Include path. Do this from the
+"Base" option to apply to both Release and Debug builds. Now add the following
+files to the project:
+
+pcre.h
+pcre16_byte_order.c
+pcre16_chartables.c
+pcre16_compile.c
+pcre16_config.c
+pcre16_dfa_exec.c
+pcre16_exec.c
+pcre16_fullinfo.c
+pcre16_get.c
+pcre16_globals.c
+pcre16_maketables.c
+pcre16_newline.c
+pcre16_ord2utf16.c
+pcre16_printint.c
+pcre16_refcount.c
+pcre16_string_utils.c
+pcre16_study.c
+pcre16_tables.c
+pcre16_ucd.c
+pcre16_utf16_utils.c
+pcre16_valid_utf16.c
+pcre16_version.c
+pcre16_xclass.c
+
+//Optional
+pcre_version.c
+
+7. After compiling the .lib file, copy the .lib and header files to a project
+you want to use PCRE with. Enjoy.
+
+Optional ... Building PCRE using the makevp.bat file:
+
+1. Edit makevp_c.txt and makevp_l.txt and change all the names to the 16 bit
+versions.
+
+2. Edit makevp.bat and set the path to C++ Builder. Run makevp.bat.
+
+Another PCRE user added this comment:
+
+Another approach I successfully used for some years with BCB 5 and 6 was to
+make sure that include and library paths of PCRE are configured before the
+default paths of the IDE in the dialogs where one can manage those paths.
+Afterwards one can open the project files using a text editor and manually add
+the self created library for pcre itself, pcrecpp doesn't ship with the IDE, in
+the library nodes where the IDE manages its own libraries to link against in
+front of the IDE-own libraries. This way one can use the default PCRE function
+names without getting access violations on runtime.
+
+  <ALLLIB value="libpcre.lib $(LIBFILES) $(LIBRARIES) import32.lib cp32mt.lib"/>
+
+
+BUILDING PCRE ON OPENVMS
+
+Stephen Hoffman sent the following, in December 2012:
+
+"Here <http://labs.hoffmanlabs.com/node/1847> is a very short write-up on the
+OpenVMS port and here
+
+<http://labs.hoffmanlabs.com/labsnotes/pcre-vms-8_32.zip>
+
+is a zip with the OpenVMS files, and with one modified testing-related PCRE
+file." This is a port of PCRE 8.32.
+
+Earlier, Dan Mooney sent the following comments about building PCRE on OpenVMS.
+They relate to an older version of PCRE that used fewer source files, so the
+exact commands will need changing. See the current list of source files above.
+
+"It was quite easy to compile and link the library. I don't have a formal
+make file but the attached file [reproduced below] contains the OpenVMS DCL
+commands I used to build the library. I had to add #define
+POSIX_MALLOC_THRESHOLD 10 to pcre.h since it was not defined anywhere.
+
+The library was built on:
+O/S: HP OpenVMS v7.3-1
+Compiler: Compaq C v6.5-001-48BCD
+Linker: vA13-01
+
+The test results did not match 100% due to the issues you mention in your
+documentation regarding isprint(), iscntrl(), isgraph() and ispunct(). I
+modified some of the character tables temporarily and was able to get the
+results to match. Tests using the fr locale did not match since I don't have
+that locale loaded. The study size was always reported to be 3 less than the
+value in the standard test output files."
+
+=========================
+$! This DCL procedure builds PCRE on OpenVMS
+$!
+$! I followed the instructions in the non-unix-use file in the distribution.
+$!
+$ COMPILE == "CC/LIST/NOMEMBER_ALIGNMENT/PREFIX_LIBRARY_ENTRIES=ALL_ENTRIES
+$ COMPILE DFTABLES.C
+$ LINK/EXE=DFTABLES.EXE DFTABLES.OBJ
+$ RUN DFTABLES.EXE/OUTPUT=CHARTABLES.C
+$ COMPILE MAKETABLES.C
+$ COMPILE GET.C
+$ COMPILE STUDY.C
+$! I had to set POSIX_MALLOC_THRESHOLD to 10 in PCRE.H since the symbol
+$! did not seem to be defined anywhere.
+$! I edited pcre.h and added #DEFINE SUPPORT_UTF8 to enable UTF8 support.
+$ COMPILE PCRE.C
+$ LIB/CREATE PCRE MAKETABLES.OBJ, GET.OBJ, STUDY.OBJ, PCRE.OBJ
+$! I had to set POSIX_MALLOC_THRESHOLD to 10 in PCRE.H since the symbol
+$! did not seem to be defined anywhere.
+$ COMPILE PCREPOSIX.C
+$ LIB/CREATE PCREPOSIX PCREPOSIX.OBJ
+$ COMPILE PCRETEST.C
+$ LINK/EXE=PCRETEST.EXE PCRETEST.OBJ, PCRE/LIB, PCREPOSIX/LIB
+$! C programs that want access to command line arguments must be
+$! defined as a symbol
+$ PCRETEST :== "$ SYS$ROADSUSERS:[DMOONEY.REGEXP]PCRETEST.EXE"
+$! Arguments must be enclosed in quotes.
+$ PCRETEST "-C"
+$! Test results:
+$!
+$!   The test results did not match 100%. The functions isprint(), iscntrl(),
+$!   isgraph() and ispunct() on OpenVMS must not produce the same results
+$!   as the system that built the test output files provided with the
+$!   distribution.
+$!
+$!   The study size did not match and was always 3 less on OpenVMS.
+$!
+$!   Locale could not be set to fr
+$!
+=========================
+
+
+BUILDING PCRE ON STRATUS OPENVOS
+
+These notes on the port of PCRE to VOS (lightly edited) were supplied by
+Ashutosh Warikoo, whose email address has the local part awarikoo and the
+domain nse.co.in. The port was for version 7.9 in August 2009.
+
+1.   Building PCRE
+
+I built pcre on OpenVOS Release 17.0.1at using GNU Tools 3.4a without any
+problems. I used the following packages to build PCRE:
+
+  ftp://ftp.stratus.com/pub/vos/posix/ga/posix.save.evf.gz
+
+Please read and follow the instructions that come with these packages. To start
+the build of pcre, from the root of the package type:
+
+  ./build.sh
+
+2. Installing PCRE
+
+Once you have successfully built PCRE, login to the SysAdmin group, switch to
+the root user, and type
+
+  [ !create_dir (master_disk)>usr   --if needed ]
+  [ !create_dir (master_disk)>usr>local   --if needed ]
+    !gmake install
+
+This installs PCRE and its man pages into /usr/local. You can add
+(master_disk)>usr>local>bin to your command search paths, or if you are in
+BASH, add /usr/local/bin to the PATH environment variable.
+
+4. Restrictions
+
+This port requires readline library optionally. However during the build I
+faced some yet unexplored errors while linking with readline. As it was an
+optional component I chose to disable it.
+
+5. Known Problems
+
+I ran the test suite, but you will have to be your own judge of whether this
+command, and this port, suits your purposes. If you find any problems that
+appear to be related to the port itself, please let me know. Please see the
+build.log file in the root of the package also.
+
+
+BUILDING PCRE ON NATIVE Z/OS AND Z/VM
+
+z/OS and z/VM are operating systems for mainframe computers, produced by IBM.
+The character code used is EBCDIC, not ASCII or Unicode. In z/OS, UNIX APIs and
+applications can be supported through UNIX System Services, and in such an
+environment PCRE can be built in the same way as in other systems. However, in
+native z/OS (without UNIX System Services) and in z/VM, special ports are
+required. For details, please see this web site:
+
+  http://www.zaconsultants.net
+
+You may download PCRE from WWW.CBTTAPE.ORG, file 882.  Everything, source and
+executable, is in EBCDIC and native z/OS file formats and this is the
+recommended download site.
+
+==========================
+Last Updated: 25 June 2015
diff --git a/client/3rd/ShadowSocks/ShadowSocks/pcre/armv7s/share/doc/pcre/html/README.txt b/client/3rd/ShadowSocks/ShadowSocks/pcre/armv7s/share/doc/pcre/html/README.txt
new file mode 100644
index 00000000..4887ebf3
--- /dev/null
+++ b/client/3rd/ShadowSocks/ShadowSocks/pcre/armv7s/share/doc/pcre/html/README.txt
@@ -0,0 +1,1002 @@
+README file for PCRE (Perl-compatible regular expression library)
+-----------------------------------------------------------------
+
+NOTE: This set of files relates to PCRE releases that use the original API,
+with library names libpcre, libpcre16, and libpcre32. January 2015 saw the
+first release of a new API, known as PCRE2, with release numbers starting at
+10.00 and library names libpcre2-8, libpcre2-16, and libpcre2-32. The old
+libraries (now called PCRE1) are still being maintained for bug fixes, but
+there will be no new development. New projects are advised to use the new PCRE2
+libraries.
+
+
+The latest release of PCRE1 is always available in three alternative formats
+from:
+
+  ftp://ftp.csx.cam.ac.uk/pub/software/programming/pcre/pcre-xxx.tar.gz
+  ftp://ftp.csx.cam.ac.uk/pub/software/programming/pcre/pcre-xxx.tar.bz2
+  ftp://ftp.csx.cam.ac.uk/pub/software/programming/pcre/pcre-xxx.zip
+
+There is a mailing list for discussion about the development of PCRE at
+pcre-dev@exim.org. You can access the archives and subscribe or manage your
+subscription here:
+
+   https://lists.exim.org/mailman/listinfo/pcre-dev
+
+Please read the NEWS file if you are upgrading from a previous release.
+The contents of this README file are:
+
+  The PCRE APIs
+  Documentation for PCRE
+  Contributions by users of PCRE
+  Building PCRE on non-Unix-like systems
+  Building PCRE without using autotools
+  Building PCRE using autotools
+  Retrieving configuration information
+  Shared libraries
+  Cross-compiling using autotools
+  Using HP's ANSI C++ compiler (aCC)
+  Compiling in Tru64 using native compilers
+  Using Sun's compilers for Solaris
+  Using PCRE from MySQL
+  Making new tarballs
+  Testing PCRE
+  Character tables
+  File manifest
+
+
+The PCRE APIs
+-------------
+
+PCRE is written in C, and it has its own API. There are three sets of
+functions, one for the 8-bit library, which processes strings of bytes, one for
+the 16-bit library, which processes strings of 16-bit values, and one for the
+32-bit library, which processes strings of 32-bit values. The distribution also
+includes a set of C++ wrapper functions (see the pcrecpp man page for details),
+courtesy of Google Inc., which can be used to call the 8-bit PCRE library from
+C++. Other C++ wrappers have been created from time to time. See, for example:
+https://github.com/YasserAsmi/regexp, which aims to be simple and similar in
+style to the C API.
+
+The distribution also contains a set of C wrapper functions (again, just for
+the 8-bit library) that are based on the POSIX regular expression API (see the
+pcreposix man page). These end up in the library called libpcreposix. Note that
+this just provides a POSIX calling interface to PCRE; the regular expressions
+themselves still follow Perl syntax and semantics. The POSIX API is restricted,
+and does not give full access to all of PCRE's facilities.
+
+The header file for the POSIX-style functions is called pcreposix.h. The
+official POSIX name is regex.h, but I did not want to risk possible problems
+with existing files of that name by distributing it that way. To use PCRE with
+an existing program that uses the POSIX API, pcreposix.h will have to be
+renamed or pointed at by a link.
+
+If you are using the POSIX interface to PCRE and there is already a POSIX regex
+library installed on your system, as well as worrying about the regex.h header
+file (as mentioned above), you must also take care when linking programs to
+ensure that they link with PCRE's libpcreposix library. Otherwise they may pick
+up the POSIX functions of the same name from the other library.
+
+One way of avoiding this confusion is to compile PCRE with the addition of
+-Dregcomp=PCREregcomp (and similarly for the other POSIX functions) to the
+compiler flags (CFLAGS if you are using "configure" -- see below). This has the
+effect of renaming the functions so that the names no longer clash. Of course,
+you have to do the same thing for your applications, or write them using the
+new names.
+
+
+Documentation for PCRE
+----------------------
+
+If you install PCRE in the normal way on a Unix-like system, you will end up
+with a set of man pages whose names all start with "pcre". The one that is just
+called "pcre" lists all the others. In addition to these man pages, the PCRE
+documentation is supplied in two other forms:
+
+  1. There are files called doc/pcre.txt, doc/pcregrep.txt, and
+     doc/pcretest.txt in the source distribution. The first of these is a
+     concatenation of the text forms of all the section 3 man pages except
+     the listing of pcredemo.c and those that summarize individual functions.
+     The other two are the text forms of the section 1 man pages for the
+     pcregrep and pcretest commands. These text forms are provided for ease of
+     scanning with text editors or similar tools. They are installed in
+     <prefix>/share/doc/pcre, where <prefix> is the installation prefix
+     (defaulting to /usr/local).
+
+  2. A set of files containing all the documentation in HTML form, hyperlinked
+     in various ways, and rooted in a file called index.html, is distributed in
+     doc/html and installed in <prefix>/share/doc/pcre/html.
+
+Users of PCRE have contributed files containing the documentation for various
+releases in CHM format. These can be found in the Contrib directory of the FTP
+site (see next section).
+
+
+Contributions by users of PCRE
+------------------------------
+
+You can find contributions from PCRE users in the directory
+
+  ftp://ftp.csx.cam.ac.uk/pub/software/programming/pcre/Contrib
+
+There is a README file giving brief descriptions of what they are. Some are
+complete in themselves; others are pointers to URLs containing relevant files.
+Some of this material is likely to be well out-of-date. Several of the earlier
+contributions provided support for compiling PCRE on various flavours of
+Windows (I myself do not use Windows). Nowadays there is more Windows support
+in the standard distribution, so these contibutions have been archived.
+
+A PCRE user maintains downloadable Windows binaries of the pcregrep and
+pcretest programs here:
+
+  http://www.rexegg.com/pcregrep-pcretest.html
+
+
+Building PCRE on non-Unix-like systems
+--------------------------------------
+
+For a non-Unix-like system, please read the comments in the file
+NON-AUTOTOOLS-BUILD, though if your system supports the use of "configure" and
+"make" you may be able to build PCRE using autotools in the same way as for
+many Unix-like systems.
+
+PCRE can also be configured using the GUI facility provided by CMake's
+cmake-gui command. This creates Makefiles, solution files, etc. The file
+NON-AUTOTOOLS-BUILD has information about CMake.
+
+PCRE has been compiled on many different operating systems. It should be
+straightforward to build PCRE on any system that has a Standard C compiler and
+library, because it uses only Standard C functions.
+
+
+Building PCRE without using autotools
+-------------------------------------
+
+The use of autotools (in particular, libtool) is problematic in some
+environments, even some that are Unix or Unix-like. See the NON-AUTOTOOLS-BUILD
+file for ways of building PCRE without using autotools.
+
+
+Building PCRE using autotools
+-----------------------------
+
+If you are using HP's ANSI C++ compiler (aCC), please see the special note
+in the section entitled "Using HP's ANSI C++ compiler (aCC)" below.
+
+The following instructions assume the use of the widely used "configure; make;
+make install" (autotools) process.
+
+To build PCRE on system that supports autotools, first run the "configure"
+command from the PCRE distribution directory, with your current directory set
+to the directory where you want the files to be created. This command is a
+standard GNU "autoconf" configuration script, for which generic instructions
+are supplied in the file INSTALL.
+
+Most commonly, people build PCRE within its own distribution directory, and in
+this case, on many systems, just running "./configure" is sufficient. However,
+the usual methods of changing standard defaults are available. For example:
+
+CFLAGS='-O2 -Wall' ./configure --prefix=/opt/local
+
+This command specifies that the C compiler should be run with the flags '-O2
+-Wall' instead of the default, and that "make install" should install PCRE
+under /opt/local instead of the default /usr/local.
+
+If you want to build in a different directory, just run "configure" with that
+directory as current. For example, suppose you have unpacked the PCRE source
+into /source/pcre/pcre-xxx, but you want to build it in /build/pcre/pcre-xxx:
+
+cd /build/pcre/pcre-xxx
+/source/pcre/pcre-xxx/configure
+
+PCRE is written in C and is normally compiled as a C library. However, it is
+possible to build it as a C++ library, though the provided building apparatus
+does not have any features to support this.
+
+There are some optional features that can be included or omitted from the PCRE
+library. They are also documented in the pcrebuild man page.
+
+. By default, both shared and static libraries are built. You can change this
+  by adding one of these options to the "configure" command:
+
+  --disable-shared
+  --disable-static
+
+  (See also "Shared libraries on Unix-like systems" below.)
+
+. By default, only the 8-bit library is built. If you add --enable-pcre16 to
+  the "configure" command, the 16-bit library is also built. If you add
+  --enable-pcre32 to the "configure" command, the 32-bit library is also built.
+  If you want only the 16-bit or 32-bit library, use --disable-pcre8 to disable
+  building the 8-bit library.
+
+. If you are building the 8-bit library and want to suppress the building of
+  the C++ wrapper library, you can add --disable-cpp to the "configure"
+  command. Otherwise, when "configure" is run without --disable-pcre8, it will
+  try to find a C++ compiler and C++ header files, and if it succeeds, it will
+  try to build the C++ wrapper.
+
+. If you want to include support for just-in-time compiling, which can give
+  large performance improvements on certain platforms, add --enable-jit to the
+  "configure" command. This support is available only for certain hardware
+  architectures. If you try to enable it on an unsupported architecture, there
+  will be a compile time error.
+
+. When JIT support is enabled, pcregrep automatically makes use of it, unless
+  you add --disable-pcregrep-jit to the "configure" command.
+
+. If you want to make use of the support for UTF-8 Unicode character strings in
+  the 8-bit library, or UTF-16 Unicode character strings in the 16-bit library,
+  or UTF-32 Unicode character strings in the 32-bit library, you must add
+  --enable-utf to the "configure" command. Without it, the code for handling
+  UTF-8, UTF-16 and UTF-8 is not included in the relevant library. Even
+  when --enable-utf is included, the use of a UTF encoding still has to be
+  enabled by an option at run time. When PCRE is compiled with this option, its
+  input can only either be ASCII or UTF-8/16/32, even when running on EBCDIC
+  platforms. It is not possible to use both --enable-utf and --enable-ebcdic at
+  the same time.
+
+. There are no separate options for enabling UTF-8, UTF-16 and UTF-32
+  independently because that would allow ridiculous settings such as requesting
+  UTF-16 support while building only the 8-bit library. However, the option
+  --enable-utf8 is retained for backwards compatibility with earlier releases
+  that did not support 16-bit or 32-bit character strings. It is synonymous with
+  --enable-utf. It is not possible to configure one library with UTF support
+  and the other without in the same configuration.
+
+. If, in addition to support for UTF-8/16/32 character strings, you want to
+  include support for the \P, \p, and \X sequences that recognize Unicode
+  character properties, you must add --enable-unicode-properties to the
+  "configure" command. This adds about 30K to the size of the library (in the
+  form of a property table); only the basic two-letter properties such as Lu
+  are supported.
+
+. You can build PCRE to recognize either CR or LF or the sequence CRLF or any
+  of the preceding, or any of the Unicode newline sequences as indicating the
+  end of a line. Whatever you specify at build time is the default; the caller
+  of PCRE can change the selection at run time. The default newline indicator
+  is a single LF character (the Unix standard). You can specify the default
+  newline indicator by adding --enable-newline-is-cr or --enable-newline-is-lf
+  or --enable-newline-is-crlf or --enable-newline-is-anycrlf or
+  --enable-newline-is-any to the "configure" command, respectively.
+
+  If you specify --enable-newline-is-cr or --enable-newline-is-crlf, some of
+  the standard tests will fail, because the lines in the test files end with
+  LF. Even if the files are edited to change the line endings, there are likely
+  to be some failures. With --enable-newline-is-anycrlf or
+  --enable-newline-is-any, many tests should succeed, but there may be some
+  failures.
+
+. By default, the sequence \R in a pattern matches any Unicode line ending
+  sequence. This is independent of the option specifying what PCRE considers to
+  be the end of a line (see above). However, the caller of PCRE can restrict \R
+  to match only CR, LF, or CRLF. You can make this the default by adding
+  --enable-bsr-anycrlf to the "configure" command (bsr = "backslash R").
+
+. When called via the POSIX interface, PCRE uses malloc() to get additional
+  storage for processing capturing parentheses if there are more than 10 of
+  them in a pattern. You can increase this threshold by setting, for example,
+
+  --with-posix-malloc-threshold=20
+
+  on the "configure" command.
+
+. PCRE has a counter that limits the depth of nesting of parentheses in a
+  pattern. This limits the amount of system stack that a pattern uses when it
+  is compiled. The default is 250, but you can change it by setting, for
+  example,
+
+  --with-parens-nest-limit=500
+
+. PCRE has a counter that can be set to limit the amount of resources it uses
+  when matching a pattern. If the limit is exceeded during a match, the match
+  fails. The default is ten million. You can change the default by setting, for
+  example,
+
+  --with-match-limit=500000
+
+  on the "configure" command. This is just the default; individual calls to
+  pcre_exec() can supply their own value. There is more discussion on the
+  pcreapi man page.
+
+. There is a separate counter that limits the depth of recursive function calls
+  during a matching process. This also has a default of ten million, which is
+  essentially "unlimited". You can change the default by setting, for example,
+
+  --with-match-limit-recursion=500000
+
+  Recursive function calls use up the runtime stack; running out of stack can
+  cause programs to crash in strange ways. There is a discussion about stack
+  sizes in the pcrestack man page.
+
+. The default maximum compiled pattern size is around 64K. You can increase
+  this by adding --with-link-size=3 to the "configure" command. In the 8-bit
+  library, PCRE then uses three bytes instead of two for offsets to different
+  parts of the compiled pattern. In the 16-bit library, --with-link-size=3 is
+  the same as --with-link-size=4, which (in both libraries) uses four-byte
+  offsets. Increasing the internal link size reduces performance. In the 32-bit
+  library, the only supported link size is 4.
+
+. You can build PCRE so that its internal match() function that is called from
+  pcre_exec() does not call itself recursively. Instead, it uses memory blocks
+  obtained from the heap via the special functions pcre_stack_malloc() and
+  pcre_stack_free() to save data that would otherwise be saved on the stack. To
+  build PCRE like this, use
+
+  --disable-stack-for-recursion
+
+  on the "configure" command. PCRE runs more slowly in this mode, but it may be
+  necessary in environments with limited stack sizes. This applies only to the
+  normal execution of the pcre_exec() function; if JIT support is being
+  successfully used, it is not relevant. Equally, it does not apply to
+  pcre_dfa_exec(), which does not use deeply nested recursion. There is a
+  discussion about stack sizes in the pcrestack man page.
+
+. For speed, PCRE uses four tables for manipulating and identifying characters
+  whose code point values are less than 256. By default, it uses a set of
+  tables for ASCII encoding that is part of the distribution. If you specify
+
+  --enable-rebuild-chartables
+
+  a program called dftables is compiled and run in the default C locale when
+  you obey "make". It builds a source file called pcre_chartables.c. If you do
+  not specify this option, pcre_chartables.c is created as a copy of
+  pcre_chartables.c.dist. See "Character tables" below for further information.
+
+. It is possible to compile PCRE for use on systems that use EBCDIC as their
+  character code (as opposed to ASCII/Unicode) by specifying
+
+  --enable-ebcdic
+
+  This automatically implies --enable-rebuild-chartables (see above). However,
+  when PCRE is built this way, it always operates in EBCDIC. It cannot support
+  both EBCDIC and UTF-8/16/32. There is a second option, --enable-ebcdic-nl25,
+  which specifies that the code value for the EBCDIC NL character is 0x25
+  instead of the default 0x15.
+
+. In environments where valgrind is installed, if you specify
+
+  --enable-valgrind
+
+  PCRE will use valgrind annotations to mark certain memory regions as
+  unaddressable. This allows it to detect invalid memory accesses, and is
+  mostly useful for debugging PCRE itself.
+
+. In environments where the gcc compiler is used and lcov version 1.6 or above
+  is installed, if you specify
+
+  --enable-coverage
+
+  the build process implements a code coverage report for the test suite. The
+  report is generated by running "make coverage". If ccache is installed on
+  your system, it must be disabled when building PCRE for coverage reporting.
+  You can do this by setting the environment variable CCACHE_DISABLE=1 before
+  running "make" to build PCRE. There is more information about coverage
+  reporting in the "pcrebuild" documentation.
+
+. The pcregrep program currently supports only 8-bit data files, and so
+  requires the 8-bit PCRE library. It is possible to compile pcregrep to use
+  libz and/or libbz2, in order to read .gz and .bz2 files (respectively), by
+  specifying one or both of
+
+  --enable-pcregrep-libz
+  --enable-pcregrep-libbz2
+
+  Of course, the relevant libraries must be installed on your system.
+
+. The default size (in bytes) of the internal buffer used by pcregrep can be
+  set by, for example:
+
+  --with-pcregrep-bufsize=51200
+
+  The value must be a plain integer. The default is 20480.
+
+. It is possible to compile pcretest so that it links with the libreadline
+  or libedit libraries, by specifying, respectively,
+
+  --enable-pcretest-libreadline or --enable-pcretest-libedit
+
+  If this is done, when pcretest's input is from a terminal, it reads it using
+  the readline() function. This provides line-editing and history facilities.
+  Note that libreadline is GPL-licenced, so if you distribute a binary of
+  pcretest linked in this way, there may be licensing issues. These can be
+  avoided by linking with libedit (which has a BSD licence) instead.
+
+  Enabling libreadline causes the -lreadline option to be added to the pcretest
+  build. In many operating environments with a sytem-installed readline
+  library this is sufficient. However, in some environments (e.g. if an
+  unmodified distribution version of readline is in use), it may be necessary
+  to specify something like LIBS="-lncurses" as well. This is because, to quote
+  the readline INSTALL, "Readline uses the termcap functions, but does not link
+  with the termcap or curses library itself, allowing applications which link
+  with readline the to choose an appropriate library." If you get error
+  messages about missing functions tgetstr, tgetent, tputs, tgetflag, or tgoto,
+  this is the problem, and linking with the ncurses library should fix it.
+
+The "configure" script builds the following files for the basic C library:
+
+. Makefile             the makefile that builds the library
+. config.h             build-time configuration options for the library
+. pcre.h               the public PCRE header file
+. pcre-config          script that shows the building settings such as CFLAGS
+                         that were set for "configure"
+. libpcre.pc         ) data for the pkg-config command
+. libpcre16.pc       )
+. libpcre32.pc       )
+. libpcreposix.pc    )
+. libtool              script that builds shared and/or static libraries
+
+Versions of config.h and pcre.h are distributed in the PCRE tarballs under the
+names config.h.generic and pcre.h.generic. These are provided for those who
+have to built PCRE without using "configure" or CMake. If you use "configure"
+or CMake, the .generic versions are not used.
+
+When building the 8-bit library, if a C++ compiler is found, the following
+files are also built:
+
+. libpcrecpp.pc        data for the pkg-config command
+. pcrecpparg.h         header file for calling PCRE via the C++ wrapper
+. pcre_stringpiece.h   header for the C++ "stringpiece" functions
+
+The "configure" script also creates config.status, which is an executable
+script that can be run to recreate the configuration, and config.log, which
+contains compiler output from tests that "configure" runs.
+
+Once "configure" has run, you can run "make". This builds the the libraries
+libpcre, libpcre16 and/or libpcre32, and a test program called pcretest. If you
+enabled JIT support with --enable-jit, a test program called pcre_jit_test is
+built as well.
+
+If the 8-bit library is built, libpcreposix and the pcregrep command are also
+built, and if a C++ compiler was found on your system, and you did not disable
+it with --disable-cpp, "make" builds the C++ wrapper library, which is called
+libpcrecpp, as well as some test programs called pcrecpp_unittest,
+pcre_scanner_unittest, and pcre_stringpiece_unittest.
+
+The command "make check" runs all the appropriate tests. Details of the PCRE
+tests are given below in a separate section of this document.
+
+You can use "make install" to install PCRE into live directories on your
+system. The following are installed (file names are all relative to the
+<prefix> that is set when "configure" is run):
+
+  Commands (bin):
+    pcretest
+    pcregrep (if 8-bit support is enabled)
+    pcre-config
+
+  Libraries (lib):
+    libpcre16     (if 16-bit support is enabled)
+    libpcre32     (if 32-bit support is enabled)
+    libpcre       (if 8-bit support is enabled)
+    libpcreposix  (if 8-bit support is enabled)
+    libpcrecpp    (if 8-bit and C++ support is enabled)
+
+  Configuration information (lib/pkgconfig):
+    libpcre16.pc
+    libpcre32.pc
+    libpcre.pc
+    libpcreposix.pc
+    libpcrecpp.pc (if C++ support is enabled)
+
+  Header files (include):
+    pcre.h
+    pcreposix.h
+    pcre_scanner.h      )
+    pcre_stringpiece.h  ) if C++ support is enabled
+    pcrecpp.h           )
+    pcrecpparg.h        )
+
+  Man pages (share/man/man{1,3}):
+    pcregrep.1
+    pcretest.1
+    pcre-config.1
+    pcre.3
+    pcre*.3 (lots more pages, all starting "pcre")
+
+  HTML documentation (share/doc/pcre/html):
+    index.html
+    *.html (lots more pages, hyperlinked from index.html)
+
+  Text file documentation (share/doc/pcre):
+    AUTHORS
+    COPYING
+    ChangeLog
+    LICENCE
+    NEWS
+    README
+    pcre.txt         (a concatenation of the man(3) pages)
+    pcretest.txt     the pcretest man page
+    pcregrep.txt     the pcregrep man page
+    pcre-config.txt  the pcre-config man page
+
+If you want to remove PCRE from your system, you can run "make uninstall".
+This removes all the files that "make install" installed. However, it does not
+remove any directories, because these are often shared with other programs.
+
+
+Retrieving configuration information
+------------------------------------
+
+Running "make install" installs the command pcre-config, which can be used to
+recall information about the PCRE configuration and installation. For example:
+
+  pcre-config --version
+
+prints the version number, and
+
+  pcre-config --libs
+
+outputs information about where the library is installed. This command can be
+included in makefiles for programs that use PCRE, saving the programmer from
+having to remember too many details.
+
+The pkg-config command is another system for saving and retrieving information
+about installed libraries. Instead of separate commands for each library, a
+single command is used. For example:
+
+  pkg-config --cflags pcre
+
+The data is held in *.pc files that are installed in a directory called
+<prefix>/lib/pkgconfig.
+
+
+Shared libraries
+----------------
+
+The default distribution builds PCRE as shared libraries and static libraries,
+as long as the operating system supports shared libraries. Shared library
+support relies on the "libtool" script which is built as part of the
+"configure" process.
+
+The libtool script is used to compile and link both shared and static
+libraries. They are placed in a subdirectory called .libs when they are newly
+built. The programs pcretest and pcregrep are built to use these uninstalled
+libraries (by means of wrapper scripts in the case of shared libraries). When
+you use "make install" to install shared libraries, pcregrep and pcretest are
+automatically re-built to use the newly installed shared libraries before being
+installed themselves. However, the versions left in the build directory still
+use the uninstalled libraries.
+
+To build PCRE using static libraries only you must use --disable-shared when
+configuring it. For example:
+
+./configure --prefix=/usr/gnu --disable-shared
+
+Then run "make" in the usual way. Similarly, you can use --disable-static to
+build only shared libraries.
+
+
+Cross-compiling using autotools
+-------------------------------
+
+You can specify CC and CFLAGS in the normal way to the "configure" command, in
+order to cross-compile PCRE for some other host. However, you should NOT
+specify --enable-rebuild-chartables, because if you do, the dftables.c source
+file is compiled and run on the local host, in order to generate the inbuilt
+character tables (the pcre_chartables.c file). This will probably not work,
+because dftables.c needs to be compiled with the local compiler, not the cross
+compiler.
+
+When --enable-rebuild-chartables is not specified, pcre_chartables.c is created
+by making a copy of pcre_chartables.c.dist, which is a default set of tables
+that assumes ASCII code. Cross-compiling with the default tables should not be
+a problem.
+
+If you need to modify the character tables when cross-compiling, you should
+move pcre_chartables.c.dist out of the way, then compile dftables.c by hand and
+run it on the local host to make a new version of pcre_chartables.c.dist.
+Then when you cross-compile PCRE this new version of the tables will be used.
+
+
+Using HP's ANSI C++ compiler (aCC)
+----------------------------------
+
+Unless C++ support is disabled by specifying the "--disable-cpp" option of the
+"configure" script, you must include the "-AA" option in the CXXFLAGS
+environment variable in order for the C++ components to compile correctly.
+
+Also, note that the aCC compiler on PA-RISC platforms may have a defect whereby
+needed libraries fail to get included when specifying the "-AA" compiler
+option. If you experience unresolved symbols when linking the C++ programs,
+use the workaround of specifying the following environment variable prior to
+running the "configure" script:
+
+  CXXLDFLAGS="-lstd_v2 -lCsup_v2"
+
+
+Compiling in Tru64 using native compilers
+-----------------------------------------
+
+The following error may occur when compiling with native compilers in the Tru64
+operating system:
+
+  CXX    libpcrecpp_la-pcrecpp.lo
+cxx: Error: /usr/lib/cmplrs/cxx/V7.1-006/include/cxx/iosfwd, line 58: #error
+          directive: "cannot include iosfwd -- define __USE_STD_IOSTREAM to
+          override default - see section 7.1.2 of the C++ Using Guide"
+#error "cannot include iosfwd -- define __USE_STD_IOSTREAM to override default
+- see section 7.1.2 of the C++ Using Guide"
+
+This may be followed by other errors, complaining that 'namespace "std" has no
+member'. The solution to this is to add the line
+
+#define __USE_STD_IOSTREAM 1
+
+to the config.h file.
+
+
+Using Sun's compilers for Solaris
+---------------------------------
+
+A user reports that the following configurations work on Solaris 9 sparcv9 and
+Solaris 9 x86 (32-bit):
+
+  Solaris 9 sparcv9: ./configure --disable-cpp CC=/bin/cc CFLAGS="-m64 -g"
+  Solaris 9 x86:     ./configure --disable-cpp CC=/bin/cc CFLAGS="-g"
+
+
+Using PCRE from MySQL
+---------------------
+
+On systems where both PCRE and MySQL are installed, it is possible to make use
+of PCRE from within MySQL, as an alternative to the built-in pattern matching.
+There is a web page that tells you how to do this:
+
+  http://www.mysqludf.org/lib_mysqludf_preg/index.php
+
+
+Making new tarballs
+-------------------
+
+The command "make dist" creates three PCRE tarballs, in tar.gz, tar.bz2, and
+zip formats. The command "make distcheck" does the same, but then does a trial
+build of the new distribution to ensure that it works.
+
+If you have modified any of the man page sources in the doc directory, you
+should first run the PrepareRelease script before making a distribution. This
+script creates the .txt and HTML forms of the documentation from the man pages.
+
+
+Testing PCRE
+------------
+
+To test the basic PCRE library on a Unix-like system, run the RunTest script.
+There is another script called RunGrepTest that tests the options of the
+pcregrep command. If the C++ wrapper library is built, three test programs
+called pcrecpp_unittest, pcre_scanner_unittest, and pcre_stringpiece_unittest
+are also built. When JIT support is enabled, another test program called
+pcre_jit_test is built.
+
+Both the scripts and all the program tests are run if you obey "make check" or
+"make test". For other environments, see the instructions in
+NON-AUTOTOOLS-BUILD.
+
+The RunTest script runs the pcretest test program (which is documented in its
+own man page) on each of the relevant testinput files in the testdata
+directory, and compares the output with the contents of the corresponding
+testoutput files. RunTest uses a file called testtry to hold the main output
+from pcretest. Other files whose names begin with "test" are used as working
+files in some tests.
+
+Some tests are relevant only when certain build-time options were selected. For
+example, the tests for UTF-8/16/32 support are run only if --enable-utf was
+used. RunTest outputs a comment when it skips a test.
+
+Many of the tests that are not skipped are run up to three times. The second
+run forces pcre_study() to be called for all patterns except for a few in some
+tests that are marked "never study" (see the pcretest program for how this is
+done). If JIT support is available, the non-DFA tests are run a third time,
+this time with a forced pcre_study() with the PCRE_STUDY_JIT_COMPILE option.
+This testing can be suppressed by putting "nojit" on the RunTest command line.
+
+The entire set of tests is run once for each of the 8-bit, 16-bit and 32-bit
+libraries that are enabled. If you want to run just one set of tests, call
+RunTest with either the -8, -16 or -32 option.
+
+If valgrind is installed, you can run the tests under it by putting "valgrind"
+on the RunTest command line. To run pcretest on just one or more specific test
+files, give their numbers as arguments to RunTest, for example:
+
+  RunTest 2 7 11
+
+You can also specify ranges of tests such as 3-6 or 3- (meaning 3 to the
+end), or a number preceded by ~ to exclude a test. For example:
+
+  Runtest 3-15 ~10
+
+This runs tests 3 to 15, excluding test 10, and just ~13 runs all the tests
+except test 13. Whatever order the arguments are in, the tests are always run
+in numerical order.
+
+You can also call RunTest with the single argument "list" to cause it to output
+a list of tests.
+
+The first test file can be fed directly into the perltest.pl script to check
+that Perl gives the same results. The only difference you should see is in the
+first few lines, where the Perl version is given instead of the PCRE version.
+
+The second set of tests check pcre_fullinfo(), pcre_study(),
+pcre_copy_substring(), pcre_get_substring(), pcre_get_substring_list(), error
+detection, and run-time flags that are specific to PCRE, as well as the POSIX
+wrapper API. It also uses the debugging flags to check some of the internals of
+pcre_compile().
+
+If you build PCRE with a locale setting that is not the standard C locale, the
+character tables may be different (see next paragraph). In some cases, this may
+cause failures in the second set of tests. For example, in a locale where the
+isprint() function yields TRUE for characters in the range 128-255, the use of
+[:isascii:] inside a character class defines a different set of characters, and
+this shows up in this test as a difference in the compiled code, which is being
+listed for checking. Where the comparison test output contains [\x00-\x7f] the
+test will contain [\x00-\xff], and similarly in some other cases. This is not a
+bug in PCRE.
+
+The third set of tests checks pcre_maketables(), the facility for building a
+set of character tables for a specific locale and using them instead of the
+default tables. The tests make use of the "fr_FR" (French) locale. Before
+running the test, the script checks for the presence of this locale by running
+the "locale" command. If that command fails, or if it doesn't include "fr_FR"
+in the list of available locales, the third test cannot be run, and a comment
+is output to say why. If running this test produces instances of the error
+
+  ** Failed to set locale "fr_FR"
+
+in the comparison output, it means that locale is not available on your system,
+despite being listed by "locale". This does not mean that PCRE is broken.
+
+[If you are trying to run this test on Windows, you may be able to get it to
+work by changing "fr_FR" to "french" everywhere it occurs. Alternatively, use
+RunTest.bat. The version of RunTest.bat included with PCRE 7.4 and above uses
+Windows versions of test 2. More info on using RunTest.bat is included in the
+document entitled NON-UNIX-USE.]
+
+The fourth and fifth tests check the UTF-8/16/32 support and error handling and
+internal UTF features of PCRE that are not relevant to Perl, respectively. The
+sixth and seventh tests do the same for Unicode character properties support.
+
+The eighth, ninth, and tenth tests check the pcre_dfa_exec() alternative
+matching function, in non-UTF-8/16/32 mode, UTF-8/16/32 mode, and UTF-8/16/32
+mode with Unicode property support, respectively.
+
+The eleventh test checks some internal offsets and code size features; it is
+run only when the default "link size" of 2 is set (in other cases the sizes
+change) and when Unicode property support is enabled.
+
+The twelfth test is run only when JIT support is available, and the thirteenth
+test is run only when JIT support is not available. They test some JIT-specific
+features such as information output from pcretest about JIT compilation.
+
+The fourteenth, fifteenth, and sixteenth tests are run only in 8-bit mode, and
+the seventeenth, eighteenth, and nineteenth tests are run only in 16/32-bit
+mode. These are tests that generate different output in the two modes. They are
+for general cases, UTF-8/16/32 support, and Unicode property support,
+respectively.
+
+The twentieth test is run only in 16/32-bit mode. It tests some specific
+16/32-bit features of the DFA matching engine.
+
+The twenty-first and twenty-second tests are run only in 16/32-bit mode, when
+the link size is set to 2 for the 16-bit library. They test reloading
+pre-compiled patterns.
+
+The twenty-third and twenty-fourth tests are run only in 16-bit mode. They are
+for general cases, and UTF-16 support, respectively.
+
+The twenty-fifth and twenty-sixth tests are run only in 32-bit mode. They are
+for general cases, and UTF-32 support, respectively.
+
+
+Character tables
+----------------
+
+For speed, PCRE uses four tables for manipulating and identifying characters
+whose code point values are less than 256. The final argument of the
+pcre_compile() function is a pointer to a block of memory containing the
+concatenated tables. A call to pcre_maketables() can be used to generate a set
+of tables in the current locale. If the final argument for pcre_compile() is
+passed as NULL, a set of default tables that is built into the binary is used.
+
+The source file called pcre_chartables.c contains the default set of tables. By
+default, this is created as a copy of pcre_chartables.c.dist, which contains
+tables for ASCII coding. However, if --enable-rebuild-chartables is specified
+for ./configure, a different version of pcre_chartables.c is built by the
+program dftables (compiled from dftables.c), which uses the ANSI C character
+handling functions such as isalnum(), isalpha(), isupper(), islower(), etc. to
+build the table sources. This means that the default C locale which is set for
+your system will control the contents of these default tables. You can change
+the default tables by editing pcre_chartables.c and then re-building PCRE. If
+you do this, you should take care to ensure that the file does not get
+automatically re-generated. The best way to do this is to move
+pcre_chartables.c.dist out of the way and replace it with your customized
+tables.
+
+When the dftables program is run as a result of --enable-rebuild-chartables,
+it uses the default C locale that is set on your system. It does not pay
+attention to the LC_xxx environment variables. In other words, it uses the
+system's default locale rather than whatever the compiling user happens to have
+set. If you really do want to build a source set of character tables in a
+locale that is specified by the LC_xxx variables, you can run the dftables
+program by hand with the -L option. For example:
+
+  ./dftables -L pcre_chartables.c.special
+
+The first two 256-byte tables provide lower casing and case flipping functions,
+respectively. The next table consists of three 32-byte bit maps which identify
+digits, "word" characters, and white space, respectively. These are used when
+building 32-byte bit maps that represent character classes for code points less
+than 256.
+
+The final 256-byte table has bits indicating various character types, as
+follows:
+
+    1   white space character
+    2   letter
+    4   decimal digit
+    8   hexadecimal digit
+   16   alphanumeric or '_'
+  128   regular expression metacharacter or binary zero
+
+You should not alter the set of characters that contain the 128 bit, as that
+will cause PCRE to malfunction.
+
+
+File manifest
+-------------
+
+The distribution should contain the files listed below. Where a file name is
+given as pcre[16|32]_xxx it means that there are three files, one with the name
+pcre_xxx, one with the name pcre16_xx, and a third with the name pcre32_xxx.
+
+(A) Source files of the PCRE library functions and their headers:
+
+  dftables.c              auxiliary program for building pcre_chartables.c
+                          when --enable-rebuild-chartables is specified
+
+  pcre_chartables.c.dist  a default set of character tables that assume ASCII
+                          coding; used, unless --enable-rebuild-chartables is
+                          specified, by copying to pcre[16]_chartables.c
+
+  pcreposix.c                )
+  pcre[16|32]_byte_order.c   )
+  pcre[16|32]_compile.c      )
+  pcre[16|32]_config.c       )
+  pcre[16|32]_dfa_exec.c     )
+  pcre[16|32]_exec.c         )
+  pcre[16|32]_fullinfo.c     )
+  pcre[16|32]_get.c          ) sources for the functions in the library,
+  pcre[16|32]_globals.c      )   and some internal functions that they use
+  pcre[16|32]_jit_compile.c  )
+  pcre[16|32]_maketables.c   )
+  pcre[16|32]_newline.c      )
+  pcre[16|32]_refcount.c     )
+  pcre[16|32]_string_utils.c )
+  pcre[16|32]_study.c        )
+  pcre[16|32]_tables.c       )
+  pcre[16|32]_ucd.c          )
+  pcre[16|32]_version.c      )
+  pcre[16|32]_xclass.c       )
+  pcre_ord2utf8.c            )
+  pcre_valid_utf8.c          )
+  pcre16_ord2utf16.c         )
+  pcre16_utf16_utils.c       )
+  pcre16_valid_utf16.c       )
+  pcre32_utf32_utils.c       )
+  pcre32_valid_utf32.c       )
+
+  pcre[16|32]_printint.c     ) debugging function that is used by pcretest,
+                             )   and can also be #included in pcre_compile()
+
+  pcre.h.in               template for pcre.h when built by "configure"
+  pcreposix.h             header for the external POSIX wrapper API
+  pcre_internal.h         header for internal use
+  sljit/*                 16 files that make up the JIT compiler
+  ucp.h                   header for Unicode property handling
+
+  config.h.in             template for config.h, which is built by "configure"
+
+  pcrecpp.h               public header file for the C++ wrapper
+  pcrecpparg.h.in         template for another C++ header file
+  pcre_scanner.h          public header file for C++ scanner functions
+  pcrecpp.cc              )
+  pcre_scanner.cc         ) source for the C++ wrapper library
+
+  pcre_stringpiece.h.in   template for pcre_stringpiece.h, the header for the
+                            C++ stringpiece functions
+  pcre_stringpiece.cc     source for the C++ stringpiece functions
+
+(B) Source files for programs that use PCRE:
+
+  pcredemo.c              simple demonstration of coding calls to PCRE
+  pcregrep.c              source of a grep utility that uses PCRE
+  pcretest.c              comprehensive test program
+
+(C) Auxiliary files:
+
+  132html                 script to turn "man" pages into HTML
+  AUTHORS                 information about the author of PCRE
+  ChangeLog               log of changes to the code
+  CleanTxt                script to clean nroff output for txt man pages
+  Detrail                 script to remove trailing spaces
+  HACKING                 some notes about the internals of PCRE
+  INSTALL                 generic installation instructions
+  LICENCE                 conditions for the use of PCRE
+  COPYING                 the same, using GNU's standard name
+  Makefile.in             ) template for Unix Makefile, which is built by
+                          )   "configure"
+  Makefile.am             ) the automake input that was used to create
+                          )   Makefile.in
+  NEWS                    important changes in this release
+  NON-UNIX-USE            the previous name for NON-AUTOTOOLS-BUILD
+  NON-AUTOTOOLS-BUILD     notes on building PCRE without using autotools
+  PrepareRelease          script to make preparations for "make dist"
+  README                  this file
+  RunTest                 a Unix shell script for running tests
+  RunGrepTest             a Unix shell script for pcregrep tests
+  aclocal.m4              m4 macros (generated by "aclocal")
+  config.guess            ) files used by libtool,
+  config.sub              )   used only when building a shared library
+  configure               a configuring shell script (built by autoconf)
+  configure.ac            ) the autoconf input that was used to build
+                          )   "configure" and config.h
+  depcomp                 ) script to find program dependencies, generated by
+                          )   automake
+  doc/*.3                 man page sources for PCRE
+  doc/*.1                 man page sources for pcregrep and pcretest
+  doc/index.html.src      the base HTML page
+  doc/html/*              HTML documentation
+  doc/pcre.txt            plain text version of the man pages
+  doc/pcretest.txt        plain text documentation of test program
+  doc/perltest.txt        plain text documentation of Perl test program
+  install-sh              a shell script for installing files
+  libpcre16.pc.in         template for libpcre16.pc for pkg-config
+  libpcre32.pc.in         template for libpcre32.pc for pkg-config
+  libpcre.pc.in           template for libpcre.pc for pkg-config
+  libpcreposix.pc.in      template for libpcreposix.pc for pkg-config
+  libpcrecpp.pc.in        template for libpcrecpp.pc for pkg-config
+  ltmain.sh               file used to build a libtool script
+  missing                 ) common stub for a few missing GNU programs while
+                          )   installing, generated by automake
+  mkinstalldirs           script for making install directories
+  perltest.pl             Perl test program
+  pcre-config.in          source of script which retains PCRE information
+  pcre_jit_test.c         test program for the JIT compiler
+  pcrecpp_unittest.cc          )
+  pcre_scanner_unittest.cc     ) test programs for the C++ wrapper
+  pcre_stringpiece_unittest.cc )
+  testdata/testinput*     test data for main library tests
+  testdata/testoutput*    expected test results
+  testdata/grep*          input and output for pcregrep tests
+  testdata/*              other supporting test files
+
+(D) Auxiliary files for cmake support
+
+  cmake/COPYING-CMAKE-SCRIPTS
+  cmake/FindPackageHandleStandardArgs.cmake
+  cmake/FindEditline.cmake
+  cmake/FindReadline.cmake
+  CMakeLists.txt
+  config-cmake.h.in
+
+(E) Auxiliary files for VPASCAL
+
+  makevp.bat
+  makevp_c.txt
+  makevp_l.txt
+  pcregexp.pas
+
+(F) Auxiliary files for building PCRE "by hand"
+
+  pcre.h.generic          ) a version of the public PCRE header file
+                          )   for use in non-"configure" environments
+  config.h.generic        ) a version of config.h for use in non-"configure"
+                          )   environments
+
+(F) Miscellaneous
+
+  RunTest.bat            a script for running tests under Windows
+
+Philip Hazel
+Email local part: ph10
+Email domain: cam.ac.uk
+Last updated: 10 February 2015
diff --git a/client/3rd/ShadowSocks/ShadowSocks/pcre/armv7s/share/doc/pcre/html/index.html b/client/3rd/ShadowSocks/ShadowSocks/pcre/armv7s/share/doc/pcre/html/index.html
new file mode 100644
index 00000000..352c55df
--- /dev/null
+++ b/client/3rd/ShadowSocks/ShadowSocks/pcre/armv7s/share/doc/pcre/html/index.html
@@ -0,0 +1,185 @@
+<html>
+<!-- This is a manually maintained file that is the root of the HTML version of
+     the PCRE documentation. When the HTML documents are built from the man
+     page versions, the entire doc/html directory is emptied, this file is then
+     copied into doc/html/index.html, and the remaining files therein are
+     created by the 132html script.
+-->
+<head>
+<title>PCRE specification</title>
+</head>
+<body bgcolor="#FFFFFF" text="#00005A" link="#0066FF" alink="#3399FF" vlink="#2222BB">
+<h1>Perl-compatible Regular Expressions (PCRE)</h1>
+<p>
+The HTML documentation for PCRE consists of a number of pages that are listed
+below in alphabetical order. If you are new to PCRE, please read the first one
+first.
+</p>
+
+<table>
+<tr><td><a href="pcre.html">pcre</a></td>
+    <td>&nbsp;&nbsp;Introductory page</td></tr>
+
+<tr><td><a href="pcre-config.html">pcre-config</a></td>
+    <td>&nbsp;&nbsp;Information about the installation configuration</td></tr>
+
+<tr><td><a href="pcre16.html">pcre16</a></td>
+    <td>&nbsp;&nbsp;Discussion of the 16-bit PCRE library</td></tr>
+
+<tr><td><a href="pcre32.html">pcre32</a></td>
+    <td>&nbsp;&nbsp;Discussion of the 32-bit PCRE library</td></tr>
+
+<tr><td><a href="pcreapi.html">pcreapi</a></td>
+    <td>&nbsp;&nbsp;PCRE's native API</td></tr>
+
+<tr><td><a href="pcrebuild.html">pcrebuild</a></td>
+    <td>&nbsp;&nbsp;Building PCRE</td></tr>
+
+<tr><td><a href="pcrecallout.html">pcrecallout</a></td>
+    <td>&nbsp;&nbsp;The <i>callout</i> facility</td></tr>
+
+<tr><td><a href="pcrecompat.html">pcrecompat</a></td>
+    <td>&nbsp;&nbsp;Compability with Perl</td></tr>
+
+<tr><td><a href="pcrecpp.html">pcrecpp</a></td>
+    <td>&nbsp;&nbsp;The C++ wrapper for the PCRE library</td></tr>
+
+<tr><td><a href="pcredemo.html">pcredemo</a></td>
+    <td>&nbsp;&nbsp;A demonstration C program that uses the PCRE library</td></tr>
+
+<tr><td><a href="pcregrep.html">pcregrep</a></td>
+    <td>&nbsp;&nbsp;The <b>pcregrep</b> command</td></tr>
+
+<tr><td><a href="pcrejit.html">pcrejit</a></td>
+    <td>&nbsp;&nbsp;Discussion of the just-in-time optimization support</td></tr>
+
+<tr><td><a href="pcrelimits.html">pcrelimits</a></td>
+    <td>&nbsp;&nbsp;Details of size and other limits</td></tr>
+
+<tr><td><a href="pcrematching.html">pcrematching</a></td>
+    <td>&nbsp;&nbsp;Discussion of the two matching algorithms</td></tr>
+
+<tr><td><a href="pcrepartial.html">pcrepartial</a></td>
+    <td>&nbsp;&nbsp;Using PCRE for partial matching</td></tr>
+
+<tr><td><a href="pcrepattern.html">pcrepattern</a></td>
+    <td>&nbsp;&nbsp;Specification of the regular expressions supported by PCRE</td></tr>
+
+<tr><td><a href="pcreperform.html">pcreperform</a></td>
+    <td>&nbsp;&nbsp;Some comments on performance</td></tr>
+
+<tr><td><a href="pcreposix.html">pcreposix</a></td>
+    <td>&nbsp;&nbsp;The POSIX API to the PCRE 8-bit library</td></tr>
+
+<tr><td><a href="pcreprecompile.html">pcreprecompile</a></td>
+    <td>&nbsp;&nbsp;How to save and re-use compiled patterns</td></tr>
+
+<tr><td><a href="pcresample.html">pcresample</a></td>
+    <td>&nbsp;&nbsp;Discussion of the pcredemo program</td></tr>
+
+<tr><td><a href="pcrestack.html">pcrestack</a></td>
+    <td>&nbsp;&nbsp;Discussion of PCRE's stack usage</td></tr>
+
+<tr><td><a href="pcresyntax.html">pcresyntax</a></td>
+    <td>&nbsp;&nbsp;Syntax quick-reference summary</td></tr>
+
+<tr><td><a href="pcretest.html">pcretest</a></td>
+    <td>&nbsp;&nbsp;The <b>pcretest</b> command for testing PCRE</td></tr>
+
+<tr><td><a href="pcreunicode.html">pcreunicode</a></td>
+    <td>&nbsp;&nbsp;Discussion of Unicode and UTF-8/UTF-16/UTF-32 support</td></tr>
+</table>
+
+<p>
+There are also individual pages that summarize the interface for each function
+in the library. There is a single page for each triple of 8-bit/16-bit/32-bit
+functions.
+</p>
+
+<table>
+
+<tr><td><a href="pcre_assign_jit_stack.html">pcre_assign_jit_stack</a></td>
+    <td>&nbsp;&nbsp;Assign stack for JIT matching</td></tr>
+
+<tr><td><a href="pcre_compile.html">pcre_compile</a></td>
+    <td>&nbsp;&nbsp;Compile a regular expression</td></tr>
+
+<tr><td><a href="pcre_compile2.html">pcre_compile2</a></td>
+    <td>&nbsp;&nbsp;Compile a regular expression (alternate interface)</td></tr>
+
+<tr><td><a href="pcre_config.html">pcre_config</a></td>
+    <td>&nbsp;&nbsp;Show build-time configuration options</td></tr>
+
+<tr><td><a href="pcre_copy_named_substring.html">pcre_copy_named_substring</a></td>
+    <td>&nbsp;&nbsp;Extract named substring into given buffer</td></tr>
+
+<tr><td><a href="pcre_copy_substring.html">pcre_copy_substring</a></td>
+    <td>&nbsp;&nbsp;Extract numbered substring into given buffer</td></tr>
+
+<tr><td><a href="pcre_dfa_exec.html">pcre_dfa_exec</a></td>
+    <td>&nbsp;&nbsp;Match a compiled pattern to a subject string
+    (DFA algorithm; <i>not</i> Perl compatible)</td></tr>
+
+<tr><td><a href="pcre_exec.html">pcre_exec</a></td>
+    <td>&nbsp;&nbsp;Match a compiled pattern to a subject string
+    (Perl compatible)</td></tr>
+
+<tr><td><a href="pcre_free_study.html">pcre_free_study</a></td>
+    <td>&nbsp;&nbsp;Free study data</td></tr>
+
+<tr><td><a href="pcre_free_substring.html">pcre_free_substring</a></td>
+    <td>&nbsp;&nbsp;Free extracted substring</td></tr>
+
+<tr><td><a href="pcre_free_substring_list.html">pcre_free_substring_list</a></td>
+    <td>&nbsp;&nbsp;Free list of extracted substrings</td></tr>
+
+<tr><td><a href="pcre_fullinfo.html">pcre_fullinfo</a></td>
+    <td>&nbsp;&nbsp;Extract information about a pattern</td></tr>
+
+<tr><td><a href="pcre_get_named_substring.html">pcre_get_named_substring</a></td>
+    <td>&nbsp;&nbsp;Extract named substring into new memory</td></tr>
+
+<tr><td><a href="pcre_get_stringnumber.html">pcre_get_stringnumber</a></td>
+    <td>&nbsp;&nbsp;Convert captured string name to number</td></tr>
+
+<tr><td><a href="pcre_get_stringtable_entries.html">pcre_get_stringtable_entries</a></td>
+    <td>&nbsp;&nbsp;Find table entries for given string name</td></tr>
+
+<tr><td><a href="pcre_get_substring.html">pcre_get_substring</a></td>
+    <td>&nbsp;&nbsp;Extract numbered substring into new memory</td></tr>
+
+<tr><td><a href="pcre_get_substring_list.html">pcre_get_substring_list</a></td>
+    <td>&nbsp;&nbsp;Extract all substrings into new memory</td></tr>
+
+<tr><td><a href="pcre_jit_exec.html">pcre_jit_exec</a></td>
+    <td>&nbsp;&nbsp;Fast path interface to JIT matching</td></tr>
+
+<tr><td><a href="pcre_jit_stack_alloc.html">pcre_jit_stack_alloc</a></td>
+    <td>&nbsp;&nbsp;Create a stack for JIT matching</td></tr>
+
+<tr><td><a href="pcre_jit_stack_free.html">pcre_jit_stack_free</a></td>
+    <td>&nbsp;&nbsp;Free a JIT matching stack</td></tr>
+
+<tr><td><a href="pcre_maketables.html">pcre_maketables</a></td>
+    <td>&nbsp;&nbsp;Build character tables in current locale</td></tr>
+
+<tr><td><a href="pcre_pattern_to_host_byte_order.html">pcre_pattern_to_host_byte_order</a></td>
+    <td>&nbsp;&nbsp;Convert compiled pattern to host byte order if necessary</td></tr>
+
+<tr><td><a href="pcre_refcount.html">pcre_refcount</a></td>
+    <td>&nbsp;&nbsp;Maintain reference count in compiled pattern</td></tr>
+
+<tr><td><a href="pcre_study.html">pcre_study</a></td>
+    <td>&nbsp;&nbsp;Study a compiled pattern</td></tr>
+
+<tr><td><a href="pcre_utf16_to_host_byte_order.html">pcre_utf16_to_host_byte_order</a></td>
+    <td>&nbsp;&nbsp;Convert UTF-16 string to host byte order if necessary</td></tr>
+
+<tr><td><a href="pcre_utf32_to_host_byte_order.html">pcre_utf32_to_host_byte_order</a></td>
+    <td>&nbsp;&nbsp;Convert UTF-32 string to host byte order if necessary</td></tr>
+
+<tr><td><a href="pcre_version.html">pcre_version</a></td>
+    <td>&nbsp;&nbsp;Return PCRE version and release date</td></tr>
+</table>
+
+</html>
diff --git a/client/3rd/ShadowSocks/ShadowSocks/pcre/armv7s/share/doc/pcre/html/pcre-config.html b/client/3rd/ShadowSocks/ShadowSocks/pcre/armv7s/share/doc/pcre/html/pcre-config.html
new file mode 100644
index 00000000..56a80604
--- /dev/null
+++ b/client/3rd/ShadowSocks/ShadowSocks/pcre/armv7s/share/doc/pcre/html/pcre-config.html
@@ -0,0 +1,109 @@
+<html>
+<head>
+<title>pcre-config specification</title>
+</head>
+<body bgcolor="#FFFFFF" text="#00005A" link="#0066FF" alink="#3399FF" vlink="#2222BB">
+<h1>pcre-config man page</h1>
+<p>
+Return to the <a href="index.html">PCRE index page</a>.
+</p>
+<p>
+This page is part of the PCRE HTML documentation. It was generated automatically
+from the original man page. If there is any nonsense in it, please consult the
+man page, in case the conversion went wrong.
+<br>
+<ul>
+<li><a name="TOC1" href="#SEC1">SYNOPSIS</a>
+<li><a name="TOC2" href="#SEC2">DESCRIPTION</a>
+<li><a name="TOC3" href="#SEC3">OPTIONS</a>
+<li><a name="TOC4" href="#SEC4">SEE ALSO</a>
+<li><a name="TOC5" href="#SEC5">AUTHOR</a>
+<li><a name="TOC6" href="#SEC6">REVISION</a>
+</ul>
+<br><a name="SEC1" href="#TOC1">SYNOPSIS</a><br>
+<P>
+<b>pcre-config  [--prefix] [--exec-prefix] [--version] [--libs]</b>
+<b>            [--libs16] [--libs32] [--libs-cpp] [--libs-posix]</b>
+<b>            [--cflags] [--cflags-posix]</b>
+</P>
+<br><a name="SEC2" href="#TOC1">DESCRIPTION</a><br>
+<P>
+<b>pcre-config</b> returns the configuration of the installed PCRE
+libraries and the options required to compile a program to use them. Some of
+the options apply only to the 8-bit, or 16-bit, or 32-bit libraries,
+respectively, and are
+not available if only one of those libraries has been built. If an unavailable
+option is encountered, the "usage" information is output.
+</P>
+<br><a name="SEC3" href="#TOC1">OPTIONS</a><br>
+<P>
+<b>--prefix</b>
+Writes the directory prefix used in the PCRE installation for architecture
+independent files (<i>/usr</i> on many systems, <i>/usr/local</i> on some
+systems) to the standard output.
+</P>
+<P>
+<b>--exec-prefix</b>
+Writes the directory prefix used in the PCRE installation for architecture
+dependent files (normally the same as <b>--prefix</b>) to the standard output.
+</P>
+<P>
+<b>--version</b>
+Writes the version number of the installed PCRE libraries to the standard
+output.
+</P>
+<P>
+<b>--libs</b>
+Writes to the standard output the command line options required to link
+with the 8-bit PCRE library (<b>-lpcre</b> on many systems).
+</P>
+<P>
+<b>--libs16</b>
+Writes to the standard output the command line options required to link
+with the 16-bit PCRE library (<b>-lpcre16</b> on many systems).
+</P>
+<P>
+<b>--libs32</b>
+Writes to the standard output the command line options required to link
+with the 32-bit PCRE library (<b>-lpcre32</b> on many systems).
+</P>
+<P>
+<b>--libs-cpp</b>
+Writes to the standard output the command line options required to link with
+PCRE's C++ wrapper library (<b>-lpcrecpp</b> <b>-lpcre</b> on many
+systems).
+</P>
+<P>
+<b>--libs-posix</b>
+Writes to the standard output the command line options required to link with
+PCRE's POSIX API wrapper library (<b>-lpcreposix</b> <b>-lpcre</b> on many
+systems).
+</P>
+<P>
+<b>--cflags</b>
+Writes to the standard output the command line options required to compile
+files that use PCRE (this may include some <b>-I</b> options, but is blank on
+many systems).
+</P>
+<P>
+<b>--cflags-posix</b>
+Writes to the standard output the command line options required to compile
+files that use PCRE's POSIX API wrapper library (this may include some <b>-I</b>
+options, but is blank on many systems).
+</P>
+<br><a name="SEC4" href="#TOC1">SEE ALSO</a><br>
+<P>
+<b>pcre(3)</b>
+</P>
+<br><a name="SEC5" href="#TOC1">AUTHOR</a><br>
+<P>
+This manual page was originally written by Mark Baker for the Debian GNU/Linux
+system. It has been subsequently revised as a generic PCRE man page.
+</P>
+<br><a name="SEC6" href="#TOC1">REVISION</a><br>
+<P>
+Last updated: 24 June 2012
+<br>
+<p>
+Return to the <a href="index.html">PCRE index page</a>.
+</p>
diff --git a/client/3rd/ShadowSocks/ShadowSocks/pcre/armv7s/share/doc/pcre/html/pcre.html b/client/3rd/ShadowSocks/ShadowSocks/pcre/armv7s/share/doc/pcre/html/pcre.html
new file mode 100644
index 00000000..c87b1066
--- /dev/null
+++ b/client/3rd/ShadowSocks/ShadowSocks/pcre/armv7s/share/doc/pcre/html/pcre.html
@@ -0,0 +1,224 @@
+<html>
+<head>
+<title>pcre specification</title>
+</head>
+<body bgcolor="#FFFFFF" text="#00005A" link="#0066FF" alink="#3399FF" vlink="#2222BB">
+<h1>pcre man page</h1>
+<p>
+Return to the <a href="index.html">PCRE index page</a>.
+</p>
+<p>
+This page is part of the PCRE HTML documentation. It was generated automatically
+from the original man page. If there is any nonsense in it, please consult the
+man page, in case the conversion went wrong.
+<br>
+<ul>
+<li><a name="TOC1" href="#SEC1">PLEASE TAKE NOTE</a>
+<li><a name="TOC2" href="#SEC2">INTRODUCTION</a>
+<li><a name="TOC3" href="#SEC3">SECURITY CONSIDERATIONS</a>
+<li><a name="TOC4" href="#SEC4">USER DOCUMENTATION</a>
+<li><a name="TOC5" href="#SEC5">AUTHOR</a>
+<li><a name="TOC6" href="#SEC6">REVISION</a>
+</ul>
+<br><a name="SEC1" href="#TOC1">PLEASE TAKE NOTE</a><br>
+<P>
+This document relates to PCRE releases that use the original API,
+with library names libpcre, libpcre16, and libpcre32. January 2015 saw the
+first release of a new API, known as PCRE2, with release numbers starting at
+10.00 and library names libpcre2-8, libpcre2-16, and libpcre2-32. The old
+libraries (now called PCRE1) are still being maintained for bug fixes, but
+there will be no new development. New projects are advised to use the new PCRE2
+libraries.
+</P>
+<br><a name="SEC2" href="#TOC1">INTRODUCTION</a><br>
+<P>
+The PCRE library is a set of functions that implement regular expression
+pattern matching using the same syntax and semantics as Perl, with just a few
+differences. Some features that appeared in Python and PCRE before they
+appeared in Perl are also available using the Python syntax, there is some
+support for one or two .NET and Oniguruma syntax items, and there is an option
+for requesting some minor changes that give better JavaScript compatibility.
+</P>
+<P>
+Starting with release 8.30, it is possible to compile two separate PCRE
+libraries: the original, which supports 8-bit character strings (including
+UTF-8 strings), and a second library that supports 16-bit character strings
+(including UTF-16 strings). The build process allows either one or both to be
+built. The majority of the work to make this possible was done by Zoltan
+Herczeg.
+</P>
+<P>
+Starting with release 8.32 it is possible to compile a third separate PCRE
+library that supports 32-bit character strings (including UTF-32 strings). The
+build process allows any combination of the 8-, 16- and 32-bit libraries. The
+work to make this possible was done by Christian Persch.
+</P>
+<P>
+The three libraries contain identical sets of functions, except that the names
+in the 16-bit library start with <b>pcre16_</b> instead of <b>pcre_</b>, and the
+names in the 32-bit library start with <b>pcre32_</b> instead of <b>pcre_</b>. To
+avoid over-complication and reduce the documentation maintenance load, most of
+the documentation describes the 8-bit library, with the differences for the
+16-bit and 32-bit libraries described separately in the
+<a href="pcre16.html"><b>pcre16</b></a>
+and
+<a href="pcre32.html"><b>pcre32</b></a>
+pages. References to functions or structures of the form <i>pcre[16|32]_xxx</i>
+should be read as meaning "<i>pcre_xxx</i> when using the 8-bit library,
+<i>pcre16_xxx</i> when using the 16-bit library, or <i>pcre32_xxx</i> when using
+the 32-bit library".
+</P>
+<P>
+The current implementation of PCRE corresponds approximately with Perl 5.12,
+including support for UTF-8/16/32 encoded strings and Unicode general category
+properties. However, UTF-8/16/32 and Unicode support has to be explicitly
+enabled; it is not the default. The Unicode tables correspond to Unicode
+release 6.3.0.
+</P>
+<P>
+In addition to the Perl-compatible matching function, PCRE contains an
+alternative function that matches the same compiled patterns in a different
+way. In certain circumstances, the alternative function has some advantages.
+For a discussion of the two matching algorithms, see the
+<a href="pcrematching.html"><b>pcrematching</b></a>
+page.
+</P>
+<P>
+PCRE is written in C and released as a C library. A number of people have
+written wrappers and interfaces of various kinds. In particular, Google Inc.
+have provided a comprehensive C++ wrapper for the 8-bit library. This is now
+included as part of the PCRE distribution. The
+<a href="pcrecpp.html"><b>pcrecpp</b></a>
+page has details of this interface. Other people's contributions can be found
+in the <i>Contrib</i> directory at the primary FTP site, which is:
+<a href="ftp://ftp.csx.cam.ac.uk/pub/software/programming/pcre">ftp://ftp.csx.cam.ac.uk/pub/software/programming/pcre</a>
+</P>
+<P>
+Details of exactly which Perl regular expression features are and are not
+supported by PCRE are given in separate documents. See the
+<a href="pcrepattern.html"><b>pcrepattern</b></a>
+and
+<a href="pcrecompat.html"><b>pcrecompat</b></a>
+pages. There is a syntax summary in the
+<a href="pcresyntax.html"><b>pcresyntax</b></a>
+page.
+</P>
+<P>
+Some features of PCRE can be included, excluded, or changed when the library is
+built. The
+<a href="pcre_config.html"><b>pcre_config()</b></a>
+function makes it possible for a client to discover which features are
+available. The features themselves are described in the
+<a href="pcrebuild.html"><b>pcrebuild</b></a>
+page. Documentation about building PCRE for various operating systems can be
+found in the
+<a href="README.txt"><b>README</b></a>
+and
+<a href="NON-AUTOTOOLS-BUILD.txt"><b>NON-AUTOTOOLS_BUILD</b></a>
+files in the source distribution.
+</P>
+<P>
+The libraries contains a number of undocumented internal functions and data
+tables that are used by more than one of the exported external functions, but
+which are not intended for use by external callers. Their names all begin with
+"_pcre_" or "_pcre16_" or "_pcre32_", which hopefully will not provoke any name
+clashes. In some environments, it is possible to control which external symbols
+are exported when a shared library is built, and in these cases the
+undocumented symbols are not exported.
+</P>
+<br><a name="SEC3" href="#TOC1">SECURITY CONSIDERATIONS</a><br>
+<P>
+If you are using PCRE in a non-UTF application that permits users to supply
+arbitrary patterns for compilation, you should be aware of a feature that
+allows users to turn on UTF support from within a pattern, provided that PCRE
+was built with UTF support. For example, an 8-bit pattern that begins with
+"(*UTF8)" or "(*UTF)" turns on UTF-8 mode, which interprets patterns and
+subjects as strings of UTF-8 characters instead of individual 8-bit characters.
+This causes both the pattern and any data against which it is matched to be
+checked for UTF-8 validity. If the data string is very long, such a check might
+use sufficiently many resources as to cause your application to lose
+performance.
+</P>
+<P>
+One way of guarding against this possibility is to use the
+<b>pcre_fullinfo()</b> function to check the compiled pattern's options for UTF.
+Alternatively, from release 8.33, you can set the PCRE_NEVER_UTF option at
+compile time. This causes an compile time error if a pattern contains a
+UTF-setting sequence.
+</P>
+<P>
+If your application is one that supports UTF, be aware that validity checking
+can take time. If the same data string is to be matched many times, you can use
+the PCRE_NO_UTF[8|16|32]_CHECK option for the second and subsequent matches to
+save redundant checks.
+</P>
+<P>
+Another way that performance can be hit is by running a pattern that has a very
+large search tree against a string that will never match. Nested unlimited
+repeats in a pattern are a common example. PCRE provides some protection
+against this: see the PCRE_EXTRA_MATCH_LIMIT feature in the
+<a href="pcreapi.html"><b>pcreapi</b></a>
+page.
+</P>
+<br><a name="SEC4" href="#TOC1">USER DOCUMENTATION</a><br>
+<P>
+The user documentation for PCRE comprises a number of different sections. In
+the "man" format, each of these is a separate "man page". In the HTML format,
+each is a separate page, linked from the index page. In the plain text format,
+the descriptions of the <b>pcregrep</b> and <b>pcretest</b> programs are in files
+called <b>pcregrep.txt</b> and <b>pcretest.txt</b>, respectively. The remaining
+sections, except for the <b>pcredemo</b> section (which is a program listing),
+are concatenated in <b>pcre.txt</b>, for ease of searching. The sections are as
+follows:
+<pre>
+  pcre              this document
+  pcre-config       show PCRE installation configuration information
+  pcre16            details of the 16-bit library
+  pcre32            details of the 32-bit library
+  pcreapi           details of PCRE's native C API
+  pcrebuild         building PCRE
+  pcrecallout       details of the callout feature
+  pcrecompat        discussion of Perl compatibility
+  pcrecpp           details of the C++ wrapper for the 8-bit library
+  pcredemo          a demonstration C program that uses PCRE
+  pcregrep          description of the <b>pcregrep</b> command (8-bit only)
+  pcrejit           discussion of the just-in-time optimization support
+  pcrelimits        details of size and other limits
+  pcrematching      discussion of the two matching algorithms
+  pcrepartial       details of the partial matching facility
+  pcrepattern       syntax and semantics of supported regular expressions
+  pcreperform       discussion of performance issues
+  pcreposix         the POSIX-compatible C API for the 8-bit library
+  pcreprecompile    details of saving and re-using precompiled patterns
+  pcresample        discussion of the pcredemo program
+  pcrestack         discussion of stack usage
+  pcresyntax        quick syntax reference
+  pcretest          description of the <b>pcretest</b> testing command
+  pcreunicode       discussion of Unicode and UTF-8/16/32 support
+</pre>
+In the "man" and HTML formats, there is also a short page for each C library
+function, listing its arguments and results.
+</P>
+<br><a name="SEC5" href="#TOC1">AUTHOR</a><br>
+<P>
+Philip Hazel
+<br>
+University Computing Service
+<br>
+Cambridge CB2 3QH, England.
+<br>
+</P>
+<P>
+Putting an actual email address here seems to have been a spam magnet, so I've
+taken it away. If you want to email me, use my two initials, followed by the
+two digits 10, at the domain cam.ac.uk.
+</P>
+<br><a name="SEC6" href="#TOC1">REVISION</a><br>
+<P>
+Last updated: 10 February 2015
+<br>
+Copyright &copy; 1997-2015 University of Cambridge.
+<br>
+<p>
+Return to the <a href="index.html">PCRE index page</a>.
+</p>
diff --git a/client/3rd/ShadowSocks/ShadowSocks/pcre/armv7s/share/doc/pcre/html/pcre16.html b/client/3rd/ShadowSocks/ShadowSocks/pcre/armv7s/share/doc/pcre/html/pcre16.html
new file mode 100644
index 00000000..f00859f0
--- /dev/null
+++ b/client/3rd/ShadowSocks/ShadowSocks/pcre/armv7s/share/doc/pcre/html/pcre16.html
@@ -0,0 +1,384 @@
+<html>
+<head>
+<title>pcre16 specification</title>
+</head>
+<body bgcolor="#FFFFFF" text="#00005A" link="#0066FF" alink="#3399FF" vlink="#2222BB">
+<h1>pcre16 man page</h1>
+<p>
+Return to the <a href="index.html">PCRE index page</a>.
+</p>
+<p>
+This page is part of the PCRE HTML documentation. It was generated automatically
+from the original man page. If there is any nonsense in it, please consult the
+man page, in case the conversion went wrong.
+<br>
+<ul>
+<li><a name="TOC1" href="#SEC1">PCRE 16-BIT API BASIC FUNCTIONS</a>
+<li><a name="TOC2" href="#SEC2">PCRE 16-BIT API STRING EXTRACTION FUNCTIONS</a>
+<li><a name="TOC3" href="#SEC3">PCRE 16-BIT API AUXILIARY FUNCTIONS</a>
+<li><a name="TOC4" href="#SEC4">PCRE 16-BIT API INDIRECTED FUNCTIONS</a>
+<li><a name="TOC5" href="#SEC5">PCRE 16-BIT API 16-BIT-ONLY FUNCTION</a>
+<li><a name="TOC6" href="#SEC6">THE PCRE 16-BIT LIBRARY</a>
+<li><a name="TOC7" href="#SEC7">THE HEADER FILE</a>
+<li><a name="TOC8" href="#SEC8">THE LIBRARY NAME</a>
+<li><a name="TOC9" href="#SEC9">STRING TYPES</a>
+<li><a name="TOC10" href="#SEC10">STRUCTURE TYPES</a>
+<li><a name="TOC11" href="#SEC11">16-BIT FUNCTIONS</a>
+<li><a name="TOC12" href="#SEC12">SUBJECT STRING OFFSETS</a>
+<li><a name="TOC13" href="#SEC13">NAMED SUBPATTERNS</a>
+<li><a name="TOC14" href="#SEC14">OPTION NAMES</a>
+<li><a name="TOC15" href="#SEC15">CHARACTER CODES</a>
+<li><a name="TOC16" href="#SEC16">ERROR NAMES</a>
+<li><a name="TOC17" href="#SEC17">ERROR TEXTS</a>
+<li><a name="TOC18" href="#SEC18">CALLOUTS</a>
+<li><a name="TOC19" href="#SEC19">TESTING</a>
+<li><a name="TOC20" href="#SEC20">NOT SUPPORTED IN 16-BIT MODE</a>
+<li><a name="TOC21" href="#SEC21">AUTHOR</a>
+<li><a name="TOC22" href="#SEC22">REVISION</a>
+</ul>
+<P>
+<b>#include &#60;pcre.h&#62;</b>
+</P>
+<br><a name="SEC1" href="#TOC1">PCRE 16-BIT API BASIC FUNCTIONS</a><br>
+<P>
+<b>pcre16 *pcre16_compile(PCRE_SPTR16 <i>pattern</i>, int <i>options</i>,</b>
+<b>     const char **<i>errptr</i>, int *<i>erroffset</i>,</b>
+<b>     const unsigned char *<i>tableptr</i>);</b>
+<br>
+<br>
+<b>pcre16 *pcre16_compile2(PCRE_SPTR16 <i>pattern</i>, int <i>options</i>,</b>
+<b>     int *<i>errorcodeptr</i>,</b>
+<b>     const char **<i>errptr</i>, int *<i>erroffset</i>,</b>
+<b>     const unsigned char *<i>tableptr</i>);</b>
+<br>
+<br>
+<b>pcre16_extra *pcre16_study(const pcre16 *<i>code</i>, int <i>options</i>,</b>
+<b>     const char **<i>errptr</i>);</b>
+<br>
+<br>
+<b>void pcre16_free_study(pcre16_extra *<i>extra</i>);</b>
+<br>
+<br>
+<b>int pcre16_exec(const pcre16 *<i>code</i>, const pcre16_extra *<i>extra</i>,</b>
+<b>     PCRE_SPTR16 <i>subject</i>, int <i>length</i>, int <i>startoffset</i>,</b>
+<b>     int <i>options</i>, int *<i>ovector</i>, int <i>ovecsize</i>);</b>
+<br>
+<br>
+<b>int pcre16_dfa_exec(const pcre16 *<i>code</i>, const pcre16_extra *<i>extra</i>,</b>
+<b>     PCRE_SPTR16 <i>subject</i>, int <i>length</i>, int <i>startoffset</i>,</b>
+<b>     int <i>options</i>, int *<i>ovector</i>, int <i>ovecsize</i>,</b>
+<b>     int *<i>workspace</i>, int <i>wscount</i>);</b>
+</P>
+<br><a name="SEC2" href="#TOC1">PCRE 16-BIT API STRING EXTRACTION FUNCTIONS</a><br>
+<P>
+<b>int pcre16_copy_named_substring(const pcre16 *<i>code</i>,</b>
+<b>     PCRE_SPTR16 <i>subject</i>, int *<i>ovector</i>,</b>
+<b>     int <i>stringcount</i>, PCRE_SPTR16 <i>stringname</i>,</b>
+<b>     PCRE_UCHAR16 *<i>buffer</i>, int <i>buffersize</i>);</b>
+<br>
+<br>
+<b>int pcre16_copy_substring(PCRE_SPTR16 <i>subject</i>, int *<i>ovector</i>,</b>
+<b>     int <i>stringcount</i>, int <i>stringnumber</i>, PCRE_UCHAR16 *<i>buffer</i>,</b>
+<b>     int <i>buffersize</i>);</b>
+<br>
+<br>
+<b>int pcre16_get_named_substring(const pcre16 *<i>code</i>,</b>
+<b>     PCRE_SPTR16 <i>subject</i>, int *<i>ovector</i>,</b>
+<b>     int <i>stringcount</i>, PCRE_SPTR16 <i>stringname</i>,</b>
+<b>     PCRE_SPTR16 *<i>stringptr</i>);</b>
+<br>
+<br>
+<b>int pcre16_get_stringnumber(const pcre16 *<i>code</i>,</b>
+<b>"     PCRE_SPTR16 <i>name</i>);</b>
+<br>
+<br>
+<b>int pcre16_get_stringtable_entries(const pcre16 *<i>code</i>,</b>
+<b>     PCRE_SPTR16 <i>name</i>, PCRE_UCHAR16 **<i>first</i>, PCRE_UCHAR16 **<i>last</i>);</b>
+<br>
+<br>
+<b>int pcre16_get_substring(PCRE_SPTR16 <i>subject</i>, int *<i>ovector</i>,</b>
+<b>     int <i>stringcount</i>, int <i>stringnumber</i>,</b>
+<b>     PCRE_SPTR16 *<i>stringptr</i>);</b>
+<br>
+<br>
+<b>int pcre16_get_substring_list(PCRE_SPTR16 <i>subject</i>,</b>
+<b>     int *<i>ovector</i>, int <i>stringcount</i>, PCRE_SPTR16 **<i>listptr</i>);</b>
+<br>
+<br>
+<b>void pcre16_free_substring(PCRE_SPTR16 <i>stringptr</i>);</b>
+<br>
+<br>
+<b>void pcre16_free_substring_list(PCRE_SPTR16 *<i>stringptr</i>);</b>
+</P>
+<br><a name="SEC3" href="#TOC1">PCRE 16-BIT API AUXILIARY FUNCTIONS</a><br>
+<P>
+<b>pcre16_jit_stack *pcre16_jit_stack_alloc(int <i>startsize</i>, int <i>maxsize</i>);</b>
+<br>
+<br>
+<b>void pcre16_jit_stack_free(pcre16_jit_stack *<i>stack</i>);</b>
+<br>
+<br>
+<b>void pcre16_assign_jit_stack(pcre16_extra *<i>extra</i>,</b>
+<b>     pcre16_jit_callback <i>callback</i>, void *<i>data</i>);</b>
+<br>
+<br>
+<b>const unsigned char *pcre16_maketables(void);</b>
+<br>
+<br>
+<b>int pcre16_fullinfo(const pcre16 *<i>code</i>, const pcre16_extra *<i>extra</i>,</b>
+<b>     int <i>what</i>, void *<i>where</i>);</b>
+<br>
+<br>
+<b>int pcre16_refcount(pcre16 *<i>code</i>, int <i>adjust</i>);</b>
+<br>
+<br>
+<b>int pcre16_config(int <i>what</i>, void *<i>where</i>);</b>
+<br>
+<br>
+<b>const char *pcre16_version(void);</b>
+<br>
+<br>
+<b>int pcre16_pattern_to_host_byte_order(pcre16 *<i>code</i>,</b>
+<b>     pcre16_extra *<i>extra</i>, const unsigned char *<i>tables</i>);</b>
+</P>
+<br><a name="SEC4" href="#TOC1">PCRE 16-BIT API INDIRECTED FUNCTIONS</a><br>
+<P>
+<b>void *(*pcre16_malloc)(size_t);</b>
+<br>
+<br>
+<b>void (*pcre16_free)(void *);</b>
+<br>
+<br>
+<b>void *(*pcre16_stack_malloc)(size_t);</b>
+<br>
+<br>
+<b>void (*pcre16_stack_free)(void *);</b>
+<br>
+<br>
+<b>int (*pcre16_callout)(pcre16_callout_block *);</b>
+</P>
+<br><a name="SEC5" href="#TOC1">PCRE 16-BIT API 16-BIT-ONLY FUNCTION</a><br>
+<P>
+<b>int pcre16_utf16_to_host_byte_order(PCRE_UCHAR16 *<i>output</i>,</b>
+<b>     PCRE_SPTR16 <i>input</i>, int <i>length</i>, int *<i>byte_order</i>,</b>
+<b>     int <i>keep_boms</i>);</b>
+</P>
+<br><a name="SEC6" href="#TOC1">THE PCRE 16-BIT LIBRARY</a><br>
+<P>
+Starting with release 8.30, it is possible to compile a PCRE library that
+supports 16-bit character strings, including UTF-16 strings, as well as or
+instead of the original 8-bit library. The majority of the work to make this
+possible was done by Zoltan Herczeg. The two libraries contain identical sets
+of functions, used in exactly the same way. Only the names of the functions and
+the data types of their arguments and results are different. To avoid
+over-complication and reduce the documentation maintenance load, most of the
+PCRE documentation describes the 8-bit library, with only occasional references
+to the 16-bit library. This page describes what is different when you use the
+16-bit library.
+</P>
+<P>
+WARNING: A single application can be linked with both libraries, but you must
+take care when processing any particular pattern to use functions from just one
+library. For example, if you want to study a pattern that was compiled with
+<b>pcre16_compile()</b>, you must do so with <b>pcre16_study()</b>, not
+<b>pcre_study()</b>, and you must free the study data with
+<b>pcre16_free_study()</b>.
+</P>
+<br><a name="SEC7" href="#TOC1">THE HEADER FILE</a><br>
+<P>
+There is only one header file, <b>pcre.h</b>. It contains prototypes for all the
+functions in all libraries, as well as definitions of flags, structures, error
+codes, etc.
+</P>
+<br><a name="SEC8" href="#TOC1">THE LIBRARY NAME</a><br>
+<P>
+In Unix-like systems, the 16-bit library is called <b>libpcre16</b>, and can
+normally be accesss by adding <b>-lpcre16</b> to the command for linking an
+application that uses PCRE.
+</P>
+<br><a name="SEC9" href="#TOC1">STRING TYPES</a><br>
+<P>
+In the 8-bit library, strings are passed to PCRE library functions as vectors
+of bytes with the C type "char *". In the 16-bit library, strings are passed as
+vectors of unsigned 16-bit quantities. The macro PCRE_UCHAR16 specifies an
+appropriate data type, and PCRE_SPTR16 is defined as "const PCRE_UCHAR16 *". In
+very many environments, "short int" is a 16-bit data type. When PCRE is built,
+it defines PCRE_UCHAR16 as "unsigned short int", but checks that it really is a
+16-bit data type. If it is not, the build fails with an error message telling
+the maintainer to modify the definition appropriately.
+</P>
+<br><a name="SEC10" href="#TOC1">STRUCTURE TYPES</a><br>
+<P>
+The types of the opaque structures that are used for compiled 16-bit patterns
+and JIT stacks are <b>pcre16</b> and <b>pcre16_jit_stack</b> respectively. The
+type of the user-accessible structure that is returned by <b>pcre16_study()</b>
+is <b>pcre16_extra</b>, and the type of the structure that is used for passing
+data to a callout function is <b>pcre16_callout_block</b>. These structures
+contain the same fields, with the same names, as their 8-bit counterparts. The
+only difference is that pointers to character strings are 16-bit instead of
+8-bit types.
+</P>
+<br><a name="SEC11" href="#TOC1">16-BIT FUNCTIONS</a><br>
+<P>
+For every function in the 8-bit library there is a corresponding function in
+the 16-bit library with a name that starts with <b>pcre16_</b> instead of
+<b>pcre_</b>. The prototypes are listed above. In addition, there is one extra
+function, <b>pcre16_utf16_to_host_byte_order()</b>. This is a utility function
+that converts a UTF-16 character string to host byte order if necessary. The
+other 16-bit functions expect the strings they are passed to be in host byte
+order.
+</P>
+<P>
+The <i>input</i> and <i>output</i> arguments of
+<b>pcre16_utf16_to_host_byte_order()</b> may point to the same address, that is,
+conversion in place is supported. The output buffer must be at least as long as
+the input.
+</P>
+<P>
+The <i>length</i> argument specifies the number of 16-bit data units in the
+input string; a negative value specifies a zero-terminated string.
+</P>
+<P>
+If <i>byte_order</i> is NULL, it is assumed that the string starts off in host
+byte order. This may be changed by byte-order marks (BOMs) anywhere in the
+string (commonly as the first character).
+</P>
+<P>
+If <i>byte_order</i> is not NULL, a non-zero value of the integer to which it
+points means that the input starts off in host byte order, otherwise the
+opposite order is assumed. Again, BOMs in the string can change this. The final
+byte order is passed back at the end of processing.
+</P>
+<P>
+If <i>keep_boms</i> is not zero, byte-order mark characters (0xfeff) are copied
+into the output string. Otherwise they are discarded.
+</P>
+<P>
+The result of the function is the number of 16-bit units placed into the output
+buffer, including the zero terminator if the string was zero-terminated.
+</P>
+<br><a name="SEC12" href="#TOC1">SUBJECT STRING OFFSETS</a><br>
+<P>
+The lengths and starting offsets of subject strings must be specified in 16-bit
+data units, and the offsets within subject strings that are returned by the
+matching functions are in also 16-bit units rather than bytes.
+</P>
+<br><a name="SEC13" href="#TOC1">NAMED SUBPATTERNS</a><br>
+<P>
+The name-to-number translation table that is maintained for named subpatterns
+uses 16-bit characters. The <b>pcre16_get_stringtable_entries()</b> function
+returns the length of each entry in the table as the number of 16-bit data
+units.
+</P>
+<br><a name="SEC14" href="#TOC1">OPTION NAMES</a><br>
+<P>
+There are two new general option names, PCRE_UTF16 and PCRE_NO_UTF16_CHECK,
+which correspond to PCRE_UTF8 and PCRE_NO_UTF8_CHECK in the 8-bit library. In
+fact, these new options define the same bits in the options word. There is a
+discussion about the
+<a href="pcreunicode.html#utf16strings">validity of UTF-16 strings</a>
+in the
+<a href="pcreunicode.html"><b>pcreunicode</b></a>
+page.
+</P>
+<P>
+For the <b>pcre16_config()</b> function there is an option PCRE_CONFIG_UTF16
+that returns 1 if UTF-16 support is configured, otherwise 0. If this option is
+given to <b>pcre_config()</b> or <b>pcre32_config()</b>, or if the
+PCRE_CONFIG_UTF8 or PCRE_CONFIG_UTF32 option is given to <b>pcre16_config()</b>,
+the result is the PCRE_ERROR_BADOPTION error.
+</P>
+<br><a name="SEC15" href="#TOC1">CHARACTER CODES</a><br>
+<P>
+In 16-bit mode, when PCRE_UTF16 is not set, character values are treated in the
+same way as in 8-bit, non UTF-8 mode, except, of course, that they can range
+from 0 to 0xffff instead of 0 to 0xff. Character types for characters less than
+0xff can therefore be influenced by the locale in the same way as before.
+Characters greater than 0xff have only one case, and no "type" (such as letter
+or digit).
+</P>
+<P>
+In UTF-16 mode, the character code is Unicode, in the range 0 to 0x10ffff, with
+the exception of values in the range 0xd800 to 0xdfff because those are
+"surrogate" values that are used in pairs to encode values greater than 0xffff.
+</P>
+<P>
+A UTF-16 string can indicate its endianness by special code knows as a
+byte-order mark (BOM). The PCRE functions do not handle this, expecting strings
+to be in host byte order. A utility function called
+<b>pcre16_utf16_to_host_byte_order()</b> is provided to help with this (see
+above).
+</P>
+<br><a name="SEC16" href="#TOC1">ERROR NAMES</a><br>
+<P>
+The errors PCRE_ERROR_BADUTF16_OFFSET and PCRE_ERROR_SHORTUTF16 correspond to
+their 8-bit counterparts. The error PCRE_ERROR_BADMODE is given when a compiled
+pattern is passed to a function that processes patterns in the other
+mode, for example, if a pattern compiled with <b>pcre_compile()</b> is passed to
+<b>pcre16_exec()</b>.
+</P>
+<P>
+There are new error codes whose names begin with PCRE_UTF16_ERR for invalid
+UTF-16 strings, corresponding to the PCRE_UTF8_ERR codes for UTF-8 strings that
+are described in the section entitled
+<a href="pcreapi.html#badutf8reasons">"Reason codes for invalid UTF-8 strings"</a>
+in the main
+<a href="pcreapi.html"><b>pcreapi</b></a>
+page. The UTF-16 errors are:
+<pre>
+  PCRE_UTF16_ERR1  Missing low surrogate at end of string
+  PCRE_UTF16_ERR2  Invalid low surrogate follows high surrogate
+  PCRE_UTF16_ERR3  Isolated low surrogate
+  PCRE_UTF16_ERR4  Non-character
+</PRE>
+</P>
+<br><a name="SEC17" href="#TOC1">ERROR TEXTS</a><br>
+<P>
+If there is an error while compiling a pattern, the error text that is passed
+back by <b>pcre16_compile()</b> or <b>pcre16_compile2()</b> is still an 8-bit
+character string, zero-terminated.
+</P>
+<br><a name="SEC18" href="#TOC1">CALLOUTS</a><br>
+<P>
+The <i>subject</i> and <i>mark</i> fields in the callout block that is passed to
+a callout function point to 16-bit vectors.
+</P>
+<br><a name="SEC19" href="#TOC1">TESTING</a><br>
+<P>
+The <b>pcretest</b> program continues to operate with 8-bit input and output
+files, but it can be used for testing the 16-bit library. If it is run with the
+command line option <b>-16</b>, patterns and subject strings are converted from
+8-bit to 16-bit before being passed to PCRE, and the 16-bit library functions
+are used instead of the 8-bit ones. Returned 16-bit strings are converted to
+8-bit for output. If both the 8-bit and the 32-bit libraries were not compiled,
+<b>pcretest</b> defaults to 16-bit and the <b>-16</b> option is ignored.
+</P>
+<P>
+When PCRE is being built, the <b>RunTest</b> script that is called by "make
+check" uses the <b>pcretest</b> <b>-C</b> option to discover which of the 8-bit,
+16-bit and 32-bit libraries has been built, and runs the tests appropriately.
+</P>
+<br><a name="SEC20" href="#TOC1">NOT SUPPORTED IN 16-BIT MODE</a><br>
+<P>
+Not all the features of the 8-bit library are available with the 16-bit
+library. The C++ and POSIX wrapper functions support only the 8-bit library,
+and the <b>pcregrep</b> program is at present 8-bit only.
+</P>
+<br><a name="SEC21" href="#TOC1">AUTHOR</a><br>
+<P>
+Philip Hazel
+<br>
+University Computing Service
+<br>
+Cambridge CB2 3QH, England.
+<br>
+</P>
+<br><a name="SEC22" href="#TOC1">REVISION</a><br>
+<P>
+Last updated: 12 May 2013
+<br>
+Copyright &copy; 1997-2013 University of Cambridge.
+<br>
+<p>
+Return to the <a href="index.html">PCRE index page</a>.
+</p>
diff --git a/client/3rd/ShadowSocks/ShadowSocks/pcre/armv7s/share/doc/pcre/html/pcre32.html b/client/3rd/ShadowSocks/ShadowSocks/pcre/armv7s/share/doc/pcre/html/pcre32.html
new file mode 100644
index 00000000..f96876e7
--- /dev/null
+++ b/client/3rd/ShadowSocks/ShadowSocks/pcre/armv7s/share/doc/pcre/html/pcre32.html
@@ -0,0 +1,382 @@
+<html>
+<head>
+<title>pcre32 specification</title>
+</head>
+<body bgcolor="#FFFFFF" text="#00005A" link="#0066FF" alink="#3399FF" vlink="#2222BB">
+<h1>pcre32 man page</h1>
+<p>
+Return to the <a href="index.html">PCRE index page</a>.
+</p>
+<p>
+This page is part of the PCRE HTML documentation. It was generated automatically
+from the original man page. If there is any nonsense in it, please consult the
+man page, in case the conversion went wrong.
+<br>
+<ul>
+<li><a name="TOC1" href="#SEC1">PCRE 32-BIT API BASIC FUNCTIONS</a>
+<li><a name="TOC2" href="#SEC2">PCRE 32-BIT API STRING EXTRACTION FUNCTIONS</a>
+<li><a name="TOC3" href="#SEC3">PCRE 32-BIT API AUXILIARY FUNCTIONS</a>
+<li><a name="TOC4" href="#SEC4">PCRE 32-BIT API INDIRECTED FUNCTIONS</a>
+<li><a name="TOC5" href="#SEC5">PCRE 32-BIT API 32-BIT-ONLY FUNCTION</a>
+<li><a name="TOC6" href="#SEC6">THE PCRE 32-BIT LIBRARY</a>
+<li><a name="TOC7" href="#SEC7">THE HEADER FILE</a>
+<li><a name="TOC8" href="#SEC8">THE LIBRARY NAME</a>
+<li><a name="TOC9" href="#SEC9">STRING TYPES</a>
+<li><a name="TOC10" href="#SEC10">STRUCTURE TYPES</a>
+<li><a name="TOC11" href="#SEC11">32-BIT FUNCTIONS</a>
+<li><a name="TOC12" href="#SEC12">SUBJECT STRING OFFSETS</a>
+<li><a name="TOC13" href="#SEC13">NAMED SUBPATTERNS</a>
+<li><a name="TOC14" href="#SEC14">OPTION NAMES</a>
+<li><a name="TOC15" href="#SEC15">CHARACTER CODES</a>
+<li><a name="TOC16" href="#SEC16">ERROR NAMES</a>
+<li><a name="TOC17" href="#SEC17">ERROR TEXTS</a>
+<li><a name="TOC18" href="#SEC18">CALLOUTS</a>
+<li><a name="TOC19" href="#SEC19">TESTING</a>
+<li><a name="TOC20" href="#SEC20">NOT SUPPORTED IN 32-BIT MODE</a>
+<li><a name="TOC21" href="#SEC21">AUTHOR</a>
+<li><a name="TOC22" href="#SEC22">REVISION</a>
+</ul>
+<P>
+<b>#include &#60;pcre.h&#62;</b>
+</P>
+<br><a name="SEC1" href="#TOC1">PCRE 32-BIT API BASIC FUNCTIONS</a><br>
+<P>
+<b>pcre32 *pcre32_compile(PCRE_SPTR32 <i>pattern</i>, int <i>options</i>,</b>
+<b>     const char **<i>errptr</i>, int *<i>erroffset</i>,</b>
+<b>     const unsigned char *<i>tableptr</i>);</b>
+<br>
+<br>
+<b>pcre32 *pcre32_compile2(PCRE_SPTR32 <i>pattern</i>, int <i>options</i>,</b>
+<b>     int *<i>errorcodeptr</i>,</b>
+<b>     const unsigned char *<i>tableptr</i>);</b>
+<br>
+<br>
+<b>pcre32_extra *pcre32_study(const pcre32 *<i>code</i>, int <i>options</i>,</b>
+<b>     const char **<i>errptr</i>);</b>
+<br>
+<br>
+<b>void pcre32_free_study(pcre32_extra *<i>extra</i>);</b>
+<br>
+<br>
+<b>int pcre32_exec(const pcre32 *<i>code</i>, const pcre32_extra *<i>extra</i>,</b>
+<b>     PCRE_SPTR32 <i>subject</i>, int <i>length</i>, int <i>startoffset</i>,</b>
+<b>     int <i>options</i>, int *<i>ovector</i>, int <i>ovecsize</i>);</b>
+<br>
+<br>
+<b>int pcre32_dfa_exec(const pcre32 *<i>code</i>, const pcre32_extra *<i>extra</i>,</b>
+<b>     PCRE_SPTR32 <i>subject</i>, int <i>length</i>, int <i>startoffset</i>,</b>
+<b>     int <i>options</i>, int *<i>ovector</i>, int <i>ovecsize</i>,</b>
+<b>     int *<i>workspace</i>, int <i>wscount</i>);</b>
+</P>
+<br><a name="SEC2" href="#TOC1">PCRE 32-BIT API STRING EXTRACTION FUNCTIONS</a><br>
+<P>
+<b>int pcre32_copy_named_substring(const pcre32 *<i>code</i>,</b>
+<b>     PCRE_SPTR32 <i>subject</i>, int *<i>ovector</i>,</b>
+<b>     int <i>stringcount</i>, PCRE_SPTR32 <i>stringname</i>,</b>
+<b>     PCRE_UCHAR32 *<i>buffer</i>, int <i>buffersize</i>);</b>
+<br>
+<br>
+<b>int pcre32_copy_substring(PCRE_SPTR32 <i>subject</i>, int *<i>ovector</i>,</b>
+<b>     int <i>stringcount</i>, int <i>stringnumber</i>, PCRE_UCHAR32 *<i>buffer</i>,</b>
+<b>     int <i>buffersize</i>);</b>
+<br>
+<br>
+<b>int pcre32_get_named_substring(const pcre32 *<i>code</i>,</b>
+<b>     PCRE_SPTR32 <i>subject</i>, int *<i>ovector</i>,</b>
+<b>     int <i>stringcount</i>, PCRE_SPTR32 <i>stringname</i>,</b>
+<b>     PCRE_SPTR32 *<i>stringptr</i>);</b>
+<br>
+<br>
+<b>int pcre32_get_stringnumber(const pcre32 *<i>code</i>,</b>
+<b>     PCRE_SPTR32 <i>name</i>);</b>
+<br>
+<br>
+<b>int pcre32_get_stringtable_entries(const pcre32 *<i>code</i>,</b>
+<b>     PCRE_SPTR32 <i>name</i>, PCRE_UCHAR32 **<i>first</i>, PCRE_UCHAR32 **<i>last</i>);</b>
+<br>
+<br>
+<b>int pcre32_get_substring(PCRE_SPTR32 <i>subject</i>, int *<i>ovector</i>,</b>
+<b>     int <i>stringcount</i>, int <i>stringnumber</i>,</b>
+<b>     PCRE_SPTR32 *<i>stringptr</i>);</b>
+<br>
+<br>
+<b>int pcre32_get_substring_list(PCRE_SPTR32 <i>subject</i>,</b>
+<b>     int *<i>ovector</i>, int <i>stringcount</i>, PCRE_SPTR32 **<i>listptr</i>);</b>
+<br>
+<br>
+<b>void pcre32_free_substring(PCRE_SPTR32 <i>stringptr</i>);</b>
+<br>
+<br>
+<b>void pcre32_free_substring_list(PCRE_SPTR32 *<i>stringptr</i>);</b>
+</P>
+<br><a name="SEC3" href="#TOC1">PCRE 32-BIT API AUXILIARY FUNCTIONS</a><br>
+<P>
+<b>pcre32_jit_stack *pcre32_jit_stack_alloc(int <i>startsize</i>, int <i>maxsize</i>);</b>
+<br>
+<br>
+<b>void pcre32_jit_stack_free(pcre32_jit_stack *<i>stack</i>);</b>
+<br>
+<br>
+<b>void pcre32_assign_jit_stack(pcre32_extra *<i>extra</i>,</b>
+<b>     pcre32_jit_callback <i>callback</i>, void *<i>data</i>);</b>
+<br>
+<br>
+<b>const unsigned char *pcre32_maketables(void);</b>
+<br>
+<br>
+<b>int pcre32_fullinfo(const pcre32 *<i>code</i>, const pcre32_extra *<i>extra</i>,</b>
+<b>     int <i>what</i>, void *<i>where</i>);</b>
+<br>
+<br>
+<b>int pcre32_refcount(pcre32 *<i>code</i>, int <i>adjust</i>);</b>
+<br>
+<br>
+<b>int pcre32_config(int <i>what</i>, void *<i>where</i>);</b>
+<br>
+<br>
+<b>const char *pcre32_version(void);</b>
+<br>
+<br>
+<b>int pcre32_pattern_to_host_byte_order(pcre32 *<i>code</i>,</b>
+<b>     pcre32_extra *<i>extra</i>, const unsigned char *<i>tables</i>);</b>
+</P>
+<br><a name="SEC4" href="#TOC1">PCRE 32-BIT API INDIRECTED FUNCTIONS</a><br>
+<P>
+<b>void *(*pcre32_malloc)(size_t);</b>
+<br>
+<br>
+<b>void (*pcre32_free)(void *);</b>
+<br>
+<br>
+<b>void *(*pcre32_stack_malloc)(size_t);</b>
+<br>
+<br>
+<b>void (*pcre32_stack_free)(void *);</b>
+<br>
+<br>
+<b>int (*pcre32_callout)(pcre32_callout_block *);</b>
+</P>
+<br><a name="SEC5" href="#TOC1">PCRE 32-BIT API 32-BIT-ONLY FUNCTION</a><br>
+<P>
+<b>int pcre32_utf32_to_host_byte_order(PCRE_UCHAR32 *<i>output</i>,</b>
+<b>     PCRE_SPTR32 <i>input</i>, int <i>length</i>, int *<i>byte_order</i>,</b>
+<b>     int <i>keep_boms</i>);</b>
+</P>
+<br><a name="SEC6" href="#TOC1">THE PCRE 32-BIT LIBRARY</a><br>
+<P>
+Starting with release 8.32, it is possible to compile a PCRE library that
+supports 32-bit character strings, including UTF-32 strings, as well as or
+instead of the original 8-bit library. This work was done by Christian Persch,
+based on the work done by Zoltan Herczeg for the 16-bit library. All three
+libraries contain identical sets of functions, used in exactly the same way.
+Only the names of the functions and the data types of their arguments and
+results are different. To avoid over-complication and reduce the documentation
+maintenance load, most of the PCRE documentation describes the 8-bit library,
+with only occasional references to the 16-bit and 32-bit libraries. This page
+describes what is different when you use the 32-bit library.
+</P>
+<P>
+WARNING: A single application can be linked with all or any of the three
+libraries, but you must take care when processing any particular pattern
+to use functions from just one library. For example, if you want to study
+a pattern that was compiled with <b>pcre32_compile()</b>, you must do so
+with <b>pcre32_study()</b>, not <b>pcre_study()</b>, and you must free the
+study data with <b>pcre32_free_study()</b>.
+</P>
+<br><a name="SEC7" href="#TOC1">THE HEADER FILE</a><br>
+<P>
+There is only one header file, <b>pcre.h</b>. It contains prototypes for all the
+functions in all libraries, as well as definitions of flags, structures, error
+codes, etc.
+</P>
+<br><a name="SEC8" href="#TOC1">THE LIBRARY NAME</a><br>
+<P>
+In Unix-like systems, the 32-bit library is called <b>libpcre32</b>, and can
+normally be accesss by adding <b>-lpcre32</b> to the command for linking an
+application that uses PCRE.
+</P>
+<br><a name="SEC9" href="#TOC1">STRING TYPES</a><br>
+<P>
+In the 8-bit library, strings are passed to PCRE library functions as vectors
+of bytes with the C type "char *". In the 32-bit library, strings are passed as
+vectors of unsigned 32-bit quantities. The macro PCRE_UCHAR32 specifies an
+appropriate data type, and PCRE_SPTR32 is defined as "const PCRE_UCHAR32 *". In
+very many environments, "unsigned int" is a 32-bit data type. When PCRE is
+built, it defines PCRE_UCHAR32 as "unsigned int", but checks that it really is
+a 32-bit data type. If it is not, the build fails with an error message telling
+the maintainer to modify the definition appropriately.
+</P>
+<br><a name="SEC10" href="#TOC1">STRUCTURE TYPES</a><br>
+<P>
+The types of the opaque structures that are used for compiled 32-bit patterns
+and JIT stacks are <b>pcre32</b> and <b>pcre32_jit_stack</b> respectively. The
+type of the user-accessible structure that is returned by <b>pcre32_study()</b>
+is <b>pcre32_extra</b>, and the type of the structure that is used for passing
+data to a callout function is <b>pcre32_callout_block</b>. These structures
+contain the same fields, with the same names, as their 8-bit counterparts. The
+only difference is that pointers to character strings are 32-bit instead of
+8-bit types.
+</P>
+<br><a name="SEC11" href="#TOC1">32-BIT FUNCTIONS</a><br>
+<P>
+For every function in the 8-bit library there is a corresponding function in
+the 32-bit library with a name that starts with <b>pcre32_</b> instead of
+<b>pcre_</b>. The prototypes are listed above. In addition, there is one extra
+function, <b>pcre32_utf32_to_host_byte_order()</b>. This is a utility function
+that converts a UTF-32 character string to host byte order if necessary. The
+other 32-bit functions expect the strings they are passed to be in host byte
+order.
+</P>
+<P>
+The <i>input</i> and <i>output</i> arguments of
+<b>pcre32_utf32_to_host_byte_order()</b> may point to the same address, that is,
+conversion in place is supported. The output buffer must be at least as long as
+the input.
+</P>
+<P>
+The <i>length</i> argument specifies the number of 32-bit data units in the
+input string; a negative value specifies a zero-terminated string.
+</P>
+<P>
+If <i>byte_order</i> is NULL, it is assumed that the string starts off in host
+byte order. This may be changed by byte-order marks (BOMs) anywhere in the
+string (commonly as the first character).
+</P>
+<P>
+If <i>byte_order</i> is not NULL, a non-zero value of the integer to which it
+points means that the input starts off in host byte order, otherwise the
+opposite order is assumed. Again, BOMs in the string can change this. The final
+byte order is passed back at the end of processing.
+</P>
+<P>
+If <i>keep_boms</i> is not zero, byte-order mark characters (0xfeff) are copied
+into the output string. Otherwise they are discarded.
+</P>
+<P>
+The result of the function is the number of 32-bit units placed into the output
+buffer, including the zero terminator if the string was zero-terminated.
+</P>
+<br><a name="SEC12" href="#TOC1">SUBJECT STRING OFFSETS</a><br>
+<P>
+The lengths and starting offsets of subject strings must be specified in 32-bit
+data units, and the offsets within subject strings that are returned by the
+matching functions are in also 32-bit units rather than bytes.
+</P>
+<br><a name="SEC13" href="#TOC1">NAMED SUBPATTERNS</a><br>
+<P>
+The name-to-number translation table that is maintained for named subpatterns
+uses 32-bit characters. The <b>pcre32_get_stringtable_entries()</b> function
+returns the length of each entry in the table as the number of 32-bit data
+units.
+</P>
+<br><a name="SEC14" href="#TOC1">OPTION NAMES</a><br>
+<P>
+There are two new general option names, PCRE_UTF32 and PCRE_NO_UTF32_CHECK,
+which correspond to PCRE_UTF8 and PCRE_NO_UTF8_CHECK in the 8-bit library. In
+fact, these new options define the same bits in the options word. There is a
+discussion about the
+<a href="pcreunicode.html#utf32strings">validity of UTF-32 strings</a>
+in the
+<a href="pcreunicode.html"><b>pcreunicode</b></a>
+page.
+</P>
+<P>
+For the <b>pcre32_config()</b> function there is an option PCRE_CONFIG_UTF32
+that returns 1 if UTF-32 support is configured, otherwise 0. If this option is
+given to <b>pcre_config()</b> or <b>pcre16_config()</b>, or if the
+PCRE_CONFIG_UTF8 or PCRE_CONFIG_UTF16 option is given to <b>pcre32_config()</b>,
+the result is the PCRE_ERROR_BADOPTION error.
+</P>
+<br><a name="SEC15" href="#TOC1">CHARACTER CODES</a><br>
+<P>
+In 32-bit mode, when PCRE_UTF32 is not set, character values are treated in the
+same way as in 8-bit, non UTF-8 mode, except, of course, that they can range
+from 0 to 0x7fffffff instead of 0 to 0xff. Character types for characters less
+than 0xff can therefore be influenced by the locale in the same way as before.
+Characters greater than 0xff have only one case, and no "type" (such as letter
+or digit).
+</P>
+<P>
+In UTF-32 mode, the character code is Unicode, in the range 0 to 0x10ffff, with
+the exception of values in the range 0xd800 to 0xdfff because those are
+"surrogate" values that are ill-formed in UTF-32.
+</P>
+<P>
+A UTF-32 string can indicate its endianness by special code knows as a
+byte-order mark (BOM). The PCRE functions do not handle this, expecting strings
+to be in host byte order. A utility function called
+<b>pcre32_utf32_to_host_byte_order()</b> is provided to help with this (see
+above).
+</P>
+<br><a name="SEC16" href="#TOC1">ERROR NAMES</a><br>
+<P>
+The error PCRE_ERROR_BADUTF32 corresponds to its 8-bit counterpart.
+The error PCRE_ERROR_BADMODE is given when a compiled
+pattern is passed to a function that processes patterns in the other
+mode, for example, if a pattern compiled with <b>pcre_compile()</b> is passed to
+<b>pcre32_exec()</b>.
+</P>
+<P>
+There are new error codes whose names begin with PCRE_UTF32_ERR for invalid
+UTF-32 strings, corresponding to the PCRE_UTF8_ERR codes for UTF-8 strings that
+are described in the section entitled
+<a href="pcreapi.html#badutf8reasons">"Reason codes for invalid UTF-8 strings"</a>
+in the main
+<a href="pcreapi.html"><b>pcreapi</b></a>
+page. The UTF-32 errors are:
+<pre>
+  PCRE_UTF32_ERR1  Surrogate character (range from 0xd800 to 0xdfff)
+  PCRE_UTF32_ERR2  Non-character
+  PCRE_UTF32_ERR3  Character &#62; 0x10ffff
+</PRE>
+</P>
+<br><a name="SEC17" href="#TOC1">ERROR TEXTS</a><br>
+<P>
+If there is an error while compiling a pattern, the error text that is passed
+back by <b>pcre32_compile()</b> or <b>pcre32_compile2()</b> is still an 8-bit
+character string, zero-terminated.
+</P>
+<br><a name="SEC18" href="#TOC1">CALLOUTS</a><br>
+<P>
+The <i>subject</i> and <i>mark</i> fields in the callout block that is passed to
+a callout function point to 32-bit vectors.
+</P>
+<br><a name="SEC19" href="#TOC1">TESTING</a><br>
+<P>
+The <b>pcretest</b> program continues to operate with 8-bit input and output
+files, but it can be used for testing the 32-bit library. If it is run with the
+command line option <b>-32</b>, patterns and subject strings are converted from
+8-bit to 32-bit before being passed to PCRE, and the 32-bit library functions
+are used instead of the 8-bit ones. Returned 32-bit strings are converted to
+8-bit for output. If both the 8-bit and the 16-bit libraries were not compiled,
+<b>pcretest</b> defaults to 32-bit and the <b>-32</b> option is ignored.
+</P>
+<P>
+When PCRE is being built, the <b>RunTest</b> script that is called by "make
+check" uses the <b>pcretest</b> <b>-C</b> option to discover which of the 8-bit,
+16-bit and 32-bit libraries has been built, and runs the tests appropriately.
+</P>
+<br><a name="SEC20" href="#TOC1">NOT SUPPORTED IN 32-BIT MODE</a><br>
+<P>
+Not all the features of the 8-bit library are available with the 32-bit
+library. The C++ and POSIX wrapper functions support only the 8-bit library,
+and the <b>pcregrep</b> program is at present 8-bit only.
+</P>
+<br><a name="SEC21" href="#TOC1">AUTHOR</a><br>
+<P>
+Philip Hazel
+<br>
+University Computing Service
+<br>
+Cambridge CB2 3QH, England.
+<br>
+</P>
+<br><a name="SEC22" href="#TOC1">REVISION</a><br>
+<P>
+Last updated: 12 May 2013
+<br>
+Copyright &copy; 1997-2013 University of Cambridge.
+<br>
+<p>
+Return to the <a href="index.html">PCRE index page</a>.
+</p>
diff --git a/client/3rd/ShadowSocks/ShadowSocks/pcre/armv7s/share/doc/pcre/html/pcre_assign_jit_stack.html b/client/3rd/ShadowSocks/ShadowSocks/pcre/armv7s/share/doc/pcre/html/pcre_assign_jit_stack.html
new file mode 100644
index 00000000..b2eef704
--- /dev/null
+++ b/client/3rd/ShadowSocks/ShadowSocks/pcre/armv7s/share/doc/pcre/html/pcre_assign_jit_stack.html
@@ -0,0 +1,76 @@
+<html>
+<head>
+<title>pcre_assign_jit_stack specification</title>
+</head>
+<body bgcolor="#FFFFFF" text="#00005A" link="#0066FF" alink="#3399FF" vlink="#2222BB">
+<h1>pcre_assign_jit_stack man page</h1>
+<p>
+Return to the <a href="index.html">PCRE index page</a>.
+</p>
+<p>
+This page is part of the PCRE HTML documentation. It was generated automatically
+from the original man page. If there is any nonsense in it, please consult the
+man page, in case the conversion went wrong.
+<br>
+<br><b>
+SYNOPSIS
+</b><br>
+<P>
+<b>#include &#60;pcre.h&#62;</b>
+</P>
+<P>
+<b>void pcre_assign_jit_stack(pcre_extra *<i>extra</i>,</b>
+<b>     pcre_jit_callback <i>callback</i>, void *<i>data</i>);</b>
+<br>
+<br>
+<b>void pcre16_assign_jit_stack(pcre16_extra *<i>extra</i>,</b>
+<b>     pcre16_jit_callback <i>callback</i>, void *<i>data</i>);</b>
+<br>
+<br>
+<b>void pcre32_assign_jit_stack(pcre32_extra *<i>extra</i>,</b>
+<b>     pcre32_jit_callback <i>callback</i>, void *<i>data</i>);</b>
+</P>
+<br><b>
+DESCRIPTION
+</b><br>
+<P>
+This function provides control over the memory used as a stack at run-time by a
+call to <b>pcre[16|32]_exec()</b> with a pattern that has been successfully
+compiled with JIT optimization. The arguments are:
+<pre>
+  extra     the data pointer returned by <b>pcre[16|32]_study()</b>
+  callback  a callback function
+  data      a JIT stack or a value to be passed to the callback
+              function
+</PRE>
+</P>
+<P>
+If <i>callback</i> is NULL and <i>data</i> is NULL, an internal 32K block on
+the machine stack is used.
+</P>
+<P>
+If <i>callback</i> is NULL and <i>data</i> is not NULL, <i>data</i> must
+be a valid JIT stack, the result of calling <b>pcre[16|32]_jit_stack_alloc()</b>.
+</P>
+<P>
+If <i>callback</i> not NULL, it is called with <i>data</i> as an argument at
+the start of matching, in order to set up a JIT stack. If the result is NULL,
+the internal 32K stack is used; otherwise the return value must be a valid JIT
+stack, the result of calling <b>pcre[16|32]_jit_stack_alloc()</b>.
+</P>
+<P>
+You may safely assign the same JIT stack to multiple patterns, as long as they
+are all matched in the same thread. In a multithread application, each thread
+must use its own JIT stack. For more details, see the
+<a href="pcrejit.html"><b>pcrejit</b></a>
+page.
+</P>
+<P>
+There is a complete description of the PCRE native API in the
+<a href="pcreapi.html"><b>pcreapi</b></a>
+page and a description of the POSIX API in the
+<a href="pcreposix.html"><b>pcreposix</b></a>
+page.
+<p>
+Return to the <a href="index.html">PCRE index page</a>.
+</p>
diff --git a/client/3rd/ShadowSocks/ShadowSocks/pcre/armv7s/share/doc/pcre/html/pcre_compile.html b/client/3rd/ShadowSocks/ShadowSocks/pcre/armv7s/share/doc/pcre/html/pcre_compile.html
new file mode 100644
index 00000000..95b4bec6
--- /dev/null
+++ b/client/3rd/ShadowSocks/ShadowSocks/pcre/armv7s/share/doc/pcre/html/pcre_compile.html
@@ -0,0 +1,111 @@
+<html>
+<head>
+<title>pcre_compile specification</title>
+</head>
+<body bgcolor="#FFFFFF" text="#00005A" link="#0066FF" alink="#3399FF" vlink="#2222BB">
+<h1>pcre_compile man page</h1>
+<p>
+Return to the <a href="index.html">PCRE index page</a>.
+</p>
+<p>
+This page is part of the PCRE HTML documentation. It was generated automatically
+from the original man page. If there is any nonsense in it, please consult the
+man page, in case the conversion went wrong.
+<br>
+<br><b>
+SYNOPSIS
+</b><br>
+<P>
+<b>#include &#60;pcre.h&#62;</b>
+</P>
+<P>
+<b>pcre *pcre_compile(const char *<i>pattern</i>, int <i>options</i>,</b>
+<b>     const char **<i>errptr</i>, int *<i>erroffset</i>,</b>
+<b>     const unsigned char *<i>tableptr</i>);</b>
+<br>
+<br>
+<b>pcre16 *pcre16_compile(PCRE_SPTR16 <i>pattern</i>, int <i>options</i>,</b>
+<b>     const char **<i>errptr</i>, int *<i>erroffset</i>,</b>
+<b>     const unsigned char *<i>tableptr</i>);</b>
+<br>
+<br>
+<b>pcre32 *pcre32_compile(PCRE_SPTR32 <i>pattern</i>, int <i>options</i>,</b>
+<b>     const char **<i>errptr</i>, int *<i>erroffset</i>,</b>
+<b>     const unsigned char *<i>tableptr</i>);</b>
+</P>
+<br><b>
+DESCRIPTION
+</b><br>
+<P>
+This function compiles a regular expression into an internal form. It is the
+same as <b>pcre[16|32]_compile2()</b>, except for the absence of the
+<i>errorcodeptr</i> argument. Its arguments are:
+<pre>
+  <i>pattern</i>       A zero-terminated string containing the
+                  regular expression to be compiled
+  <i>options</i>       Zero or more option bits
+  <i>errptr</i>        Where to put an error message
+  <i>erroffset</i>     Offset in pattern where error was found
+  <i>tableptr</i>      Pointer to character tables, or NULL to
+                  use the built-in default
+</pre>
+The option bits are:
+<pre>
+  PCRE_ANCHORED           Force pattern anchoring
+  PCRE_AUTO_CALLOUT       Compile automatic callouts
+  PCRE_BSR_ANYCRLF        \R matches only CR, LF, or CRLF
+  PCRE_BSR_UNICODE        \R matches all Unicode line endings
+  PCRE_CASELESS           Do caseless matching
+  PCRE_DOLLAR_ENDONLY     $ not to match newline at end
+  PCRE_DOTALL             . matches anything including NL
+  PCRE_DUPNAMES           Allow duplicate names for subpatterns
+  PCRE_EXTENDED           Ignore white space and # comments
+  PCRE_EXTRA              PCRE extra features
+                            (not much use currently)
+  PCRE_FIRSTLINE          Force matching to be before newline
+  PCRE_JAVASCRIPT_COMPAT  JavaScript compatibility
+  PCRE_MULTILINE          ^ and $ match newlines within data
+  PCRE_NEVER_UTF          Lock out UTF, e.g. via (*UTF)
+  PCRE_NEWLINE_ANY        Recognize any Unicode newline sequence
+  PCRE_NEWLINE_ANYCRLF    Recognize CR, LF, and CRLF as newline
+                            sequences
+  PCRE_NEWLINE_CR         Set CR as the newline sequence
+  PCRE_NEWLINE_CRLF       Set CRLF as the newline sequence
+  PCRE_NEWLINE_LF         Set LF as the newline sequence
+  PCRE_NO_AUTO_CAPTURE    Disable numbered capturing paren-
+                            theses (named ones available)
+  PCRE_NO_AUTO_POSSESS    Disable auto-possessification
+  PCRE_NO_START_OPTIMIZE  Disable match-time start optimizations
+  PCRE_NO_UTF16_CHECK     Do not check the pattern for UTF-16
+                            validity (only relevant if
+                            PCRE_UTF16 is set)
+  PCRE_NO_UTF32_CHECK     Do not check the pattern for UTF-32
+                            validity (only relevant if
+                            PCRE_UTF32 is set)
+  PCRE_NO_UTF8_CHECK      Do not check the pattern for UTF-8
+                            validity (only relevant if
+                            PCRE_UTF8 is set)
+  PCRE_UCP                Use Unicode properties for \d, \w, etc.
+  PCRE_UNGREEDY           Invert greediness of quantifiers
+  PCRE_UTF16              Run in <b>pcre16_compile()</b> UTF-16 mode
+  PCRE_UTF32              Run in <b>pcre32_compile()</b> UTF-32 mode
+  PCRE_UTF8               Run in <b>pcre_compile()</b> UTF-8 mode
+</pre>
+PCRE must be built with UTF support in order to use PCRE_UTF8/16/32 and
+PCRE_NO_UTF8/16/32_CHECK, and with UCP support if PCRE_UCP is used.
+</P>
+<P>
+The yield of the function is a pointer to a private data structure that
+contains the compiled pattern, or NULL if an error was detected. Note that
+compiling regular expressions with one version of PCRE for use with a different
+version is not guaranteed to work and may cause crashes.
+</P>
+<P>
+There is a complete description of the PCRE native API in the
+<a href="pcreapi.html"><b>pcreapi</b></a>
+page and a description of the POSIX API in the
+<a href="pcreposix.html"><b>pcreposix</b></a>
+page.
+<p>
+Return to the <a href="index.html">PCRE index page</a>.
+</p>
diff --git a/client/3rd/ShadowSocks/ShadowSocks/pcre/armv7s/share/doc/pcre/html/pcre_compile2.html b/client/3rd/ShadowSocks/ShadowSocks/pcre/armv7s/share/doc/pcre/html/pcre_compile2.html
new file mode 100644
index 00000000..9cd56a23
--- /dev/null
+++ b/client/3rd/ShadowSocks/ShadowSocks/pcre/armv7s/share/doc/pcre/html/pcre_compile2.html
@@ -0,0 +1,115 @@
+<html>
+<head>
+<title>pcre_compile2 specification</title>
+</head>
+<body bgcolor="#FFFFFF" text="#00005A" link="#0066FF" alink="#3399FF" vlink="#2222BB">
+<h1>pcre_compile2 man page</h1>
+<p>
+Return to the <a href="index.html">PCRE index page</a>.
+</p>
+<p>
+This page is part of the PCRE HTML documentation. It was generated automatically
+from the original man page. If there is any nonsense in it, please consult the
+man page, in case the conversion went wrong.
+<br>
+<br><b>
+SYNOPSIS
+</b><br>
+<P>
+<b>#include &#60;pcre.h&#62;</b>
+</P>
+<P>
+<b>pcre *pcre_compile2(const char *<i>pattern</i>, int <i>options</i>,</b>
+<b>     int *<i>errorcodeptr</i>,</b>
+<b>     const char **<i>errptr</i>, int *<i>erroffset</i>,</b>
+<b>     const unsigned char *<i>tableptr</i>);</b>
+<br>
+<br>
+<b>pcre16 *pcre16_compile2(PCRE_SPTR16 <i>pattern</i>, int <i>options</i>,</b>
+<b>     int *<i>errorcodeptr</i>,</b>
+<b>     const char **<i>errptr</i>, int *<i>erroffset</i>,</b>
+<b>     const unsigned char *<i>tableptr</i>);</b>
+<br>
+<br>
+<b>pcre32 *pcre32_compile2(PCRE_SPTR32 <i>pattern</i>, int <i>options</i>,</b>
+<b>"     int *<i>errorcodeptr</i>,£</b>
+<b>     const char **<i>errptr</i>, int *<i>erroffset</i>,</b>
+<b>     const unsigned char *<i>tableptr</i>);</b>
+</P>
+<br><b>
+DESCRIPTION
+</b><br>
+<P>
+This function compiles a regular expression into an internal form. It is the
+same as <b>pcre[16|32]_compile()</b>, except for the addition of the
+<i>errorcodeptr</i> argument. The arguments are:
+<pre>
+  <i>pattern</i>       A zero-terminated string containing the
+                  regular expression to be compiled
+  <i>options</i>       Zero or more option bits
+  <i>errorcodeptr</i>  Where to put an error code
+  <i>errptr</i>        Where to put an error message
+  <i>erroffset</i>     Offset in pattern where error was found
+  <i>tableptr</i>      Pointer to character tables, or NULL to
+                  use the built-in default
+</pre>
+The option bits are:
+<pre>
+  PCRE_ANCHORED           Force pattern anchoring
+  PCRE_AUTO_CALLOUT       Compile automatic callouts
+  PCRE_BSR_ANYCRLF        \R matches only CR, LF, or CRLF
+  PCRE_BSR_UNICODE        \R matches all Unicode line endings
+  PCRE_CASELESS           Do caseless matching
+  PCRE_DOLLAR_ENDONLY     $ not to match newline at end
+  PCRE_DOTALL             . matches anything including NL
+  PCRE_DUPNAMES           Allow duplicate names for subpatterns
+  PCRE_EXTENDED           Ignore white space and # comments
+  PCRE_EXTRA              PCRE extra features
+                            (not much use currently)
+  PCRE_FIRSTLINE          Force matching to be before newline
+  PCRE_JAVASCRIPT_COMPAT  JavaScript compatibility
+  PCRE_MULTILINE          ^ and $ match newlines within data
+  PCRE_NEVER_UTF          Lock out UTF, e.g. via (*UTF)
+  PCRE_NEWLINE_ANY        Recognize any Unicode newline sequence
+  PCRE_NEWLINE_ANYCRLF    Recognize CR, LF, and CRLF as newline
+                            sequences
+  PCRE_NEWLINE_CR         Set CR as the newline sequence
+  PCRE_NEWLINE_CRLF       Set CRLF as the newline sequence
+  PCRE_NEWLINE_LF         Set LF as the newline sequence
+  PCRE_NO_AUTO_CAPTURE    Disable numbered capturing paren-
+                            theses (named ones available)
+  PCRE_NO_AUTO_POSSESS    Disable auto-possessification
+  PCRE_NO_START_OPTIMIZE  Disable match-time start optimizations
+  PCRE_NO_UTF16_CHECK     Do not check the pattern for UTF-16
+                            validity (only relevant if
+                            PCRE_UTF16 is set)
+  PCRE_NO_UTF32_CHECK     Do not check the pattern for UTF-32
+                            validity (only relevant if
+                            PCRE_UTF32 is set)
+  PCRE_NO_UTF8_CHECK      Do not check the pattern for UTF-8
+                            validity (only relevant if
+                            PCRE_UTF8 is set)
+  PCRE_UCP                Use Unicode properties for \d, \w, etc.
+  PCRE_UNGREEDY           Invert greediness of quantifiers
+  PCRE_UTF16              Run <b>pcre16_compile()</b> in UTF-16 mode
+  PCRE_UTF32              Run <b>pcre32_compile()</b> in UTF-32 mode
+  PCRE_UTF8               Run <b>pcre_compile()</b> in UTF-8 mode
+</pre>
+PCRE must be built with UTF support in order to use PCRE_UTF8/16/32 and
+PCRE_NO_UTF8/16/32_CHECK, and with UCP support if PCRE_UCP is used.
+</P>
+<P>
+The yield of the function is a pointer to a private data structure that
+contains the compiled pattern, or NULL if an error was detected. Note that
+compiling regular expressions with one version of PCRE for use with a different
+version is not guaranteed to work and may cause crashes.
+</P>
+<P>
+There is a complete description of the PCRE native API in the
+<a href="pcreapi.html"><b>pcreapi</b></a>
+page and a description of the POSIX API in the
+<a href="pcreposix.html"><b>pcreposix</b></a>
+page.
+<p>
+Return to the <a href="index.html">PCRE index page</a>.
+</p>
diff --git a/client/3rd/ShadowSocks/ShadowSocks/pcre/armv7s/share/doc/pcre/html/pcre_config.html b/client/3rd/ShadowSocks/ShadowSocks/pcre/armv7s/share/doc/pcre/html/pcre_config.html
new file mode 100644
index 00000000..72fb9caa
--- /dev/null
+++ b/client/3rd/ShadowSocks/ShadowSocks/pcre/armv7s/share/doc/pcre/html/pcre_config.html
@@ -0,0 +1,94 @@
+<html>
+<head>
+<title>pcre_config specification</title>
+</head>
+<body bgcolor="#FFFFFF" text="#00005A" link="#0066FF" alink="#3399FF" vlink="#2222BB">
+<h1>pcre_config man page</h1>
+<p>
+Return to the <a href="index.html">PCRE index page</a>.
+</p>
+<p>
+This page is part of the PCRE HTML documentation. It was generated automatically
+from the original man page. If there is any nonsense in it, please consult the
+man page, in case the conversion went wrong.
+<br>
+<br><b>
+SYNOPSIS
+</b><br>
+<P>
+<b>#include &#60;pcre.h&#62;</b>
+</P>
+<P>
+<b>int pcre_config(int <i>what</i>, void *<i>where</i>);</b>
+</P>
+<P>
+<b>int pcre16_config(int <i>what</i>, void *<i>where</i>);</b>
+</P>
+<P>
+<b>int pcre32_config(int <i>what</i>, void *<i>where</i>);</b>
+</P>
+<br><b>
+DESCRIPTION
+</b><br>
+<P>
+This function makes it possible for a client program to find out which optional
+features are available in the version of the PCRE library it is using. The
+arguments are as follows:
+<pre>
+  <i>what</i>     A code specifying what information is required
+  <i>where</i>    Points to where to put the data
+</pre>
+The <i>where</i> argument must point to an integer variable, except for
+PCRE_CONFIG_MATCH_LIMIT, PCRE_CONFIG_MATCH_LIMIT_RECURSION, and
+PCRE_CONFIG_PARENS_LIMIT, when it must point to an unsigned long integer,
+and for PCRE_CONFIG_JITTARGET, when it must point to a const char*.
+The available codes are:
+<pre>
+  PCRE_CONFIG_JIT           Availability of just-in-time compiler
+                              support (1=yes 0=no)
+  PCRE_CONFIG_JITTARGET     String containing information about the
+                              target architecture for the JIT compiler,
+                              or NULL if there is no JIT support
+  PCRE_CONFIG_LINK_SIZE     Internal link size: 2, 3, or 4
+  PCRE_CONFIG_PARENS_LIMIT  Parentheses nesting limit
+  PCRE_CONFIG_MATCH_LIMIT   Internal resource limit
+  PCRE_CONFIG_MATCH_LIMIT_RECURSION
+                            Internal recursion depth limit
+  PCRE_CONFIG_NEWLINE       Value of the default newline sequence:
+                                13 (0x000d)    for CR
+                                10 (0x000a)    for LF
+                              3338 (0x0d0a)    for CRLF
+                                -2             for ANYCRLF
+                                -1             for ANY
+  PCRE_CONFIG_BSR           Indicates what \R matches by default:
+                                 0             all Unicode line endings
+                                 1             CR, LF, or CRLF only
+  PCRE_CONFIG_POSIX_MALLOC_THRESHOLD
+                            Threshold of return slots, above which
+                              <b>malloc()</b> is used by the POSIX API
+  PCRE_CONFIG_STACKRECURSE  Recursion implementation (1=stack 0=heap)
+  PCRE_CONFIG_UTF16         Availability of UTF-16 support (1=yes
+                               0=no); option for <b>pcre16_config()</b>
+  PCRE_CONFIG_UTF32         Availability of UTF-32 support (1=yes
+                               0=no); option for <b>pcre32_config()</b>
+  PCRE_CONFIG_UTF8          Availability of UTF-8 support (1=yes 0=no);
+                              option for <b>pcre_config()</b>
+  PCRE_CONFIG_UNICODE_PROPERTIES
+                            Availability of Unicode property support
+                              (1=yes 0=no)
+</pre>
+The function yields 0 on success or PCRE_ERROR_BADOPTION otherwise. That error
+is also given if PCRE_CONFIG_UTF16 or PCRE_CONFIG_UTF32 is passed to
+<b>pcre_config()</b>, if PCRE_CONFIG_UTF8 or PCRE_CONFIG_UTF32 is passed to
+<b>pcre16_config()</b>, or if PCRE_CONFIG_UTF8 or PCRE_CONFIG_UTF16 is passed to
+<b>pcre32_config()</b>.
+</P>
+<P>
+There is a complete description of the PCRE native API in the
+<a href="pcreapi.html"><b>pcreapi</b></a>
+page and a description of the POSIX API in the
+<a href="pcreposix.html"><b>pcreposix</b></a>
+page.
+<p>
+Return to the <a href="index.html">PCRE index page</a>.
+</p>
diff --git a/client/3rd/ShadowSocks/ShadowSocks/pcre/armv7s/share/doc/pcre/html/pcre_copy_named_substring.html b/client/3rd/ShadowSocks/ShadowSocks/pcre/armv7s/share/doc/pcre/html/pcre_copy_named_substring.html
new file mode 100644
index 00000000..77b48043
--- /dev/null
+++ b/client/3rd/ShadowSocks/ShadowSocks/pcre/armv7s/share/doc/pcre/html/pcre_copy_named_substring.html
@@ -0,0 +1,65 @@
+<html>
+<head>
+<title>pcre_copy_named_substring specification</title>
+</head>
+<body bgcolor="#FFFFFF" text="#00005A" link="#0066FF" alink="#3399FF" vlink="#2222BB">
+<h1>pcre_copy_named_substring man page</h1>
+<p>
+Return to the <a href="index.html">PCRE index page</a>.
+</p>
+<p>
+This page is part of the PCRE HTML documentation. It was generated automatically
+from the original man page. If there is any nonsense in it, please consult the
+man page, in case the conversion went wrong.
+<br>
+<br><b>
+SYNOPSIS
+</b><br>
+<P>
+<b>#include &#60;pcre.h&#62;</b>
+</P>
+<P>
+<b>int pcre_copy_named_substring(const pcre *<i>code</i>,</b>
+<b>     const char *<i>subject</i>, int *<i>ovector</i>,</b>
+<b>     int <i>stringcount</i>, const char *<i>stringname</i>,</b>
+<b>     char *<i>buffer</i>, int <i>buffersize</i>);</b>
+<br>
+<br>
+<b>int pcre16_copy_named_substring(const pcre16 *<i>code</i>,</b>
+<b>     PCRE_SPTR16 <i>subject</i>, int *<i>ovector</i>,</b>
+<b>     int <i>stringcount</i>, PCRE_SPTR16 <i>stringname</i>,</b>
+<b>     PCRE_UCHAR16 *<i>buffer</i>, int <i>buffersize</i>);</b>
+<br>
+<br>
+<b>int pcre32_copy_named_substring(const pcre32 *<i>code</i>,</b>
+<b>     PCRE_SPTR32 <i>subject</i>, int *<i>ovector</i>,</b>
+<b>     int <i>stringcount</i>, PCRE_SPTR32 <i>stringname</i>,</b>
+<b>     PCRE_UCHAR32 *<i>buffer</i>, int <i>buffersize</i>);</b>
+</P>
+<br><b>
+DESCRIPTION
+</b><br>
+<P>
+This is a convenience function for extracting a captured substring, identified
+by name, into a given buffer. The arguments are:
+<pre>
+  <i>code</i>          Pattern that was successfully matched
+  <i>subject</i>       Subject that has been successfully matched
+  <i>ovector</i>       Offset vector that <b>pcre[16|32]_exec()</b> used
+  <i>stringcount</i>   Value returned by <b>pcre[16|32]_exec()</b>
+  <i>stringname</i>    Name of the required substring
+  <i>buffer</i>        Buffer to receive the string
+  <i>buffersize</i>    Size of buffer
+</pre>
+The yield is the length of the substring, PCRE_ERROR_NOMEMORY if the buffer was
+too small, or PCRE_ERROR_NOSUBSTRING if the string name is invalid.
+</P>
+<P>
+There is a complete description of the PCRE native API in the
+<a href="pcreapi.html"><b>pcreapi</b></a>
+page and a description of the POSIX API in the
+<a href="pcreposix.html"><b>pcreposix</b></a>
+page.
+<p>
+Return to the <a href="index.html">PCRE index page</a>.
+</p>
diff --git a/client/3rd/ShadowSocks/ShadowSocks/pcre/armv7s/share/doc/pcre/html/pcre_copy_substring.html b/client/3rd/ShadowSocks/ShadowSocks/pcre/armv7s/share/doc/pcre/html/pcre_copy_substring.html
new file mode 100644
index 00000000..ecaebe85
--- /dev/null
+++ b/client/3rd/ShadowSocks/ShadowSocks/pcre/armv7s/share/doc/pcre/html/pcre_copy_substring.html
@@ -0,0 +1,61 @@
+<html>
+<head>
+<title>pcre_copy_substring specification</title>
+</head>
+<body bgcolor="#FFFFFF" text="#00005A" link="#0066FF" alink="#3399FF" vlink="#2222BB">
+<h1>pcre_copy_substring man page</h1>
+<p>
+Return to the <a href="index.html">PCRE index page</a>.
+</p>
+<p>
+This page is part of the PCRE HTML documentation. It was generated automatically
+from the original man page. If there is any nonsense in it, please consult the
+man page, in case the conversion went wrong.
+<br>
+<br><b>
+SYNOPSIS
+</b><br>
+<P>
+<b>#include &#60;pcre.h&#62;</b>
+</P>
+<P>
+<b>int pcre_copy_substring(const char *<i>subject</i>, int *<i>ovector</i>,</b>
+<b>     int <i>stringcount</i>, int <i>stringnumber</i>, char *<i>buffer</i>,</b>
+<b>     int <i>buffersize</i>);</b>
+<br>
+<br>
+<b>int pcre16_copy_substring(PCRE_SPTR16 <i>subject</i>, int *<i>ovector</i>,</b>
+<b>     int <i>stringcount</i>, int <i>stringnumber</i>, PCRE_UCHAR16 *<i>buffer</i>,</b>
+<b>     int <i>buffersize</i>);</b>
+<br>
+<br>
+<b>int pcre32_copy_substring(PCRE_SPTR32 <i>subject</i>, int *<i>ovector</i>,</b>
+<b>     int <i>stringcount</i>, int <i>stringnumber</i>, PCRE_UCHAR32 *<i>buffer</i>,</b>
+<b>     int <i>buffersize</i>);</b>
+</P>
+<br><b>
+DESCRIPTION
+</b><br>
+<P>
+This is a convenience function for extracting a captured substring into a given
+buffer. The arguments are:
+<pre>
+  <i>subject</i>       Subject that has been successfully matched
+  <i>ovector</i>       Offset vector that <b>pcre[16|32]_exec()</b> used
+  <i>stringcount</i>   Value returned by <b>pcre[16|32]_exec()</b>
+  <i>stringnumber</i>  Number of the required substring
+  <i>buffer</i>        Buffer to receive the string
+  <i>buffersize</i>    Size of buffer
+</pre>
+The yield is the length of the string, PCRE_ERROR_NOMEMORY if the buffer was
+too small, or PCRE_ERROR_NOSUBSTRING if the string number is invalid.
+</P>
+<P>
+There is a complete description of the PCRE native API in the
+<a href="pcreapi.html"><b>pcreapi</b></a>
+page and a description of the POSIX API in the
+<a href="pcreposix.html"><b>pcreposix</b></a>
+page.
+<p>
+Return to the <a href="index.html">PCRE index page</a>.
+</p>
diff --git a/client/3rd/ShadowSocks/ShadowSocks/pcre/armv7s/share/doc/pcre/html/pcre_dfa_exec.html b/client/3rd/ShadowSocks/ShadowSocks/pcre/armv7s/share/doc/pcre/html/pcre_dfa_exec.html
new file mode 100644
index 00000000..5fff6a7e
--- /dev/null
+++ b/client/3rd/ShadowSocks/ShadowSocks/pcre/armv7s/share/doc/pcre/html/pcre_dfa_exec.html
@@ -0,0 +1,129 @@
+<html>
+<head>
+<title>pcre_dfa_exec specification</title>
+</head>
+<body bgcolor="#FFFFFF" text="#00005A" link="#0066FF" alink="#3399FF" vlink="#2222BB">
+<h1>pcre_dfa_exec man page</h1>
+<p>
+Return to the <a href="index.html">PCRE index page</a>.
+</p>
+<p>
+This page is part of the PCRE HTML documentation. It was generated automatically
+from the original man page. If there is any nonsense in it, please consult the
+man page, in case the conversion went wrong.
+<br>
+<br><b>
+SYNOPSIS
+</b><br>
+<P>
+<b>#include &#60;pcre.h&#62;</b>
+</P>
+<P>
+<b>int pcre_dfa_exec(const pcre *<i>code</i>, const pcre_extra *<i>extra</i>,</b>
+<b>     const char *<i>subject</i>, int <i>length</i>, int <i>startoffset</i>,</b>
+<b>     int <i>options</i>, int *<i>ovector</i>, int <i>ovecsize</i>,</b>
+<b>     int *<i>workspace</i>, int <i>wscount</i>);</b>
+<br>
+<br>
+<b>int pcre16_dfa_exec(const pcre16 *<i>code</i>, const pcre16_extra *<i>extra</i>,</b>
+<b>     PCRE_SPTR16 <i>subject</i>, int <i>length</i>, int <i>startoffset</i>,</b>
+<b>     int <i>options</i>, int *<i>ovector</i>, int <i>ovecsize</i>,</b>
+<b>     int *<i>workspace</i>, int <i>wscount</i>);</b>
+<br>
+<br>
+<b>int pcre32_dfa_exec(const pcre32 *<i>code</i>, const pcre32_extra *<i>extra</i>,</b>
+<b>     PCRE_SPTR32 <i>subject</i>, int <i>length</i>, int <i>startoffset</i>,</b>
+<b>     int <i>options</i>, int *<i>ovector</i>, int <i>ovecsize</i>,</b>
+<b>     int *<i>workspace</i>, int <i>wscount</i>);</b>
+</P>
+<br><b>
+DESCRIPTION
+</b><br>
+<P>
+This function matches a compiled regular expression against a given subject
+string, using an alternative matching algorithm that scans the subject string
+just once (<i>not</i> Perl-compatible). Note that the main, Perl-compatible,
+matching function is <b>pcre[16|32]_exec()</b>. The arguments for this function
+are:
+<pre>
+  <i>code</i>         Points to the compiled pattern
+  <i>extra</i>        Points to an associated <b>pcre[16|32]_extra</b> structure,
+                 or is NULL
+  <i>subject</i>      Points to the subject string
+  <i>length</i>       Length of the subject string
+  <i>startoffset</i>  Offset in the subject at which to start matching
+  <i>options</i>      Option bits
+  <i>ovector</i>      Points to a vector of ints for result offsets
+  <i>ovecsize</i>     Number of elements in the vector
+  <i>workspace</i>    Points to a vector of ints used as working space
+  <i>wscount</i>      Number of elements in the vector
+</pre>
+The units for <i>length</i> and <i>startoffset</i> are bytes for
+<b>pcre_exec()</b>, 16-bit data items for <b>pcre16_exec()</b>, and 32-bit items
+for <b>pcre32_exec()</b>. The options are:
+<pre>
+  PCRE_ANCHORED          Match only at the first position
+  PCRE_BSR_ANYCRLF       \R matches only CR, LF, or CRLF
+  PCRE_BSR_UNICODE       \R matches all Unicode line endings
+  PCRE_NEWLINE_ANY       Recognize any Unicode newline sequence
+  PCRE_NEWLINE_ANYCRLF   Recognize CR, LF, & CRLF as newline sequences
+  PCRE_NEWLINE_CR        Recognize CR as the only newline sequence
+  PCRE_NEWLINE_CRLF      Recognize CRLF as the only newline sequence
+  PCRE_NEWLINE_LF        Recognize LF as the only newline sequence
+  PCRE_NOTBOL            Subject is not the beginning of a line
+  PCRE_NOTEOL            Subject is not the end of a line
+  PCRE_NOTEMPTY          An empty string is not a valid match
+  PCRE_NOTEMPTY_ATSTART  An empty string at the start of the subject
+                           is not a valid match
+  PCRE_NO_START_OPTIMIZE Do not do "start-match" optimizations
+  PCRE_NO_UTF16_CHECK    Do not check the subject for UTF-16
+                           validity (only relevant if PCRE_UTF16
+                           was set at compile time)
+  PCRE_NO_UTF32_CHECK    Do not check the subject for UTF-32
+                           validity (only relevant if PCRE_UTF32
+                           was set at compile time)
+  PCRE_NO_UTF8_CHECK     Do not check the subject for UTF-8
+                           validity (only relevant if PCRE_UTF8
+                           was set at compile time)
+  PCRE_PARTIAL           ) Return PCRE_ERROR_PARTIAL for a partial
+  PCRE_PARTIAL_SOFT      )   match if no full matches are found
+  PCRE_PARTIAL_HARD      Return PCRE_ERROR_PARTIAL for a partial match
+                           even if there is a full match as well
+  PCRE_DFA_SHORTEST      Return only the shortest match
+  PCRE_DFA_RESTART       Restart after a partial match
+</pre>
+There are restrictions on what may appear in a pattern when using this matching
+function. Details are given in the
+<a href="pcrematching.html"><b>pcrematching</b></a>
+documentation. For details of partial matching, see the
+<a href="pcrepartial.html"><b>pcrepartial</b></a>
+page.
+</P>
+<P>
+A <b>pcre[16|32]_extra</b> structure contains the following fields:
+<pre>
+  <i>flags</i>            Bits indicating which fields are set
+  <i>study_data</i>       Opaque data from <b>pcre[16|32]_study()</b>
+  <i>match_limit</i>      Limit on internal resource use
+  <i>match_limit_recursion</i>  Limit on internal recursion depth
+  <i>callout_data</i>     Opaque data passed back to callouts
+  <i>tables</i>           Points to character tables or is NULL
+  <i>mark</i>             For passing back a *MARK pointer
+  <i>executable_jit</i>   Opaque data from JIT compilation
+</pre>
+The flag bits are PCRE_EXTRA_STUDY_DATA, PCRE_EXTRA_MATCH_LIMIT,
+PCRE_EXTRA_MATCH_LIMIT_RECURSION, PCRE_EXTRA_CALLOUT_DATA,
+PCRE_EXTRA_TABLES, PCRE_EXTRA_MARK and PCRE_EXTRA_EXECUTABLE_JIT. For this
+matching function, the <i>match_limit</i> and <i>match_limit_recursion</i> fields
+are not used, and must not be set. The PCRE_EXTRA_EXECUTABLE_JIT flag and
+the corresponding variable are ignored.
+</P>
+<P>
+There is a complete description of the PCRE native API in the
+<a href="pcreapi.html"><b>pcreapi</b></a>
+page and a description of the POSIX API in the
+<a href="pcreposix.html"><b>pcreposix</b></a>
+page.
+<p>
+Return to the <a href="index.html">PCRE index page</a>.
+</p>
diff --git a/client/3rd/ShadowSocks/ShadowSocks/pcre/armv7s/share/doc/pcre/html/pcre_exec.html b/client/3rd/ShadowSocks/ShadowSocks/pcre/armv7s/share/doc/pcre/html/pcre_exec.html
new file mode 100644
index 00000000..18e1a13f
--- /dev/null
+++ b/client/3rd/ShadowSocks/ShadowSocks/pcre/armv7s/share/doc/pcre/html/pcre_exec.html
@@ -0,0 +1,111 @@
+<html>
+<head>
+<title>pcre_exec specification</title>
+</head>
+<body bgcolor="#FFFFFF" text="#00005A" link="#0066FF" alink="#3399FF" vlink="#2222BB">
+<h1>pcre_exec man page</h1>
+<p>
+Return to the <a href="index.html">PCRE index page</a>.
+</p>
+<p>
+This page is part of the PCRE HTML documentation. It was generated automatically
+from the original man page. If there is any nonsense in it, please consult the
+man page, in case the conversion went wrong.
+<br>
+<br><b>
+SYNOPSIS
+</b><br>
+<P>
+<b>#include &#60;pcre.h&#62;</b>
+</P>
+<P>
+<b>int pcre_exec(const pcre *<i>code</i>, const pcre_extra *<i>extra</i>,</b>
+<b>     const char *<i>subject</i>, int <i>length</i>, int <i>startoffset</i>,</b>
+<b>     int <i>options</i>, int *<i>ovector</i>, int <i>ovecsize</i>);</b>
+<br>
+<br>
+<b>int pcre16_exec(const pcre16 *<i>code</i>, const pcre16_extra *<i>extra</i>,</b>
+<b>     PCRE_SPTR16 <i>subject</i>, int <i>length</i>, int <i>startoffset</i>,</b>
+<b>     int <i>options</i>, int *<i>ovector</i>, int <i>ovecsize</i>);</b>
+<br>
+<br>
+<b>int pcre32_exec(const pcre32 *<i>code</i>, const pcre32_extra *<i>extra</i>,</b>
+<b>     PCRE_SPTR32 <i>subject</i>, int <i>length</i>, int <i>startoffset</i>,</b>
+<b>     int <i>options</i>, int *<i>ovector</i>, int <i>ovecsize</i>);</b>
+</P>
+<br><b>
+DESCRIPTION
+</b><br>
+<P>
+This function matches a compiled regular expression against a given subject
+string, using a matching algorithm that is similar to Perl's. It returns
+offsets to captured substrings. Its arguments are:
+<pre>
+  <i>code</i>         Points to the compiled pattern
+  <i>extra</i>        Points to an associated <b>pcre[16|32]_extra</b> structure,
+                 or is NULL
+  <i>subject</i>      Points to the subject string
+  <i>length</i>       Length of the subject string
+  <i>startoffset</i>  Offset in the subject at which to start matching
+  <i>options</i>      Option bits
+  <i>ovector</i>      Points to a vector of ints for result offsets
+  <i>ovecsize</i>     Number of elements in the vector (a multiple of 3)
+</pre>
+The units for <i>length</i> and <i>startoffset</i> are bytes for
+<b>pcre_exec()</b>, 16-bit data items for <b>pcre16_exec()</b>, and 32-bit items
+for <b>pcre32_exec()</b>. The options are:
+<pre>
+  PCRE_ANCHORED          Match only at the first position
+  PCRE_BSR_ANYCRLF       \R matches only CR, LF, or CRLF
+  PCRE_BSR_UNICODE       \R matches all Unicode line endings
+  PCRE_NEWLINE_ANY       Recognize any Unicode newline sequence
+  PCRE_NEWLINE_ANYCRLF   Recognize CR, LF, & CRLF as newline sequences
+  PCRE_NEWLINE_CR        Recognize CR as the only newline sequence
+  PCRE_NEWLINE_CRLF      Recognize CRLF as the only newline sequence
+  PCRE_NEWLINE_LF        Recognize LF as the only newline sequence
+  PCRE_NOTBOL            Subject string is not the beginning of a line
+  PCRE_NOTEOL            Subject string is not the end of a line
+  PCRE_NOTEMPTY          An empty string is not a valid match
+  PCRE_NOTEMPTY_ATSTART  An empty string at the start of the subject
+                           is not a valid match
+  PCRE_NO_START_OPTIMIZE Do not do "start-match" optimizations
+  PCRE_NO_UTF16_CHECK    Do not check the subject for UTF-16
+                           validity (only relevant if PCRE_UTF16
+                           was set at compile time)
+  PCRE_NO_UTF32_CHECK    Do not check the subject for UTF-32
+                           validity (only relevant if PCRE_UTF32
+                           was set at compile time)
+  PCRE_NO_UTF8_CHECK     Do not check the subject for UTF-8
+                           validity (only relevant if PCRE_UTF8
+                           was set at compile time)
+  PCRE_PARTIAL           ) Return PCRE_ERROR_PARTIAL for a partial
+  PCRE_PARTIAL_SOFT      )   match if no full matches are found
+  PCRE_PARTIAL_HARD      Return PCRE_ERROR_PARTIAL for a partial match
+                           if that is found before a full match
+</pre>
+For details of partial matching, see the
+<a href="pcrepartial.html"><b>pcrepartial</b></a>
+page. A <b>pcre_extra</b> structure contains the following fields:
+<pre>
+  <i>flags</i>            Bits indicating which fields are set
+  <i>study_data</i>       Opaque data from <b>pcre[16|32]_study()</b>
+  <i>match_limit</i>      Limit on internal resource use
+  <i>match_limit_recursion</i>  Limit on internal recursion depth
+  <i>callout_data</i>     Opaque data passed back to callouts
+  <i>tables</i>           Points to character tables or is NULL
+  <i>mark</i>             For passing back a *MARK pointer
+  <i>executable_jit</i>   Opaque data from JIT compilation
+</pre>
+The flag bits are PCRE_EXTRA_STUDY_DATA, PCRE_EXTRA_MATCH_LIMIT,
+PCRE_EXTRA_MATCH_LIMIT_RECURSION, PCRE_EXTRA_CALLOUT_DATA,
+PCRE_EXTRA_TABLES, PCRE_EXTRA_MARK and PCRE_EXTRA_EXECUTABLE_JIT.
+</P>
+<P>
+There is a complete description of the PCRE native API in the
+<a href="pcreapi.html"><b>pcreapi</b></a>
+page and a description of the POSIX API in the
+<a href="pcreposix.html"><b>pcreposix</b></a>
+page.
+<p>
+Return to the <a href="index.html">PCRE index page</a>.
+</p>
diff --git a/client/3rd/ShadowSocks/ShadowSocks/pcre/armv7s/share/doc/pcre/html/pcre_free_study.html b/client/3rd/ShadowSocks/ShadowSocks/pcre/armv7s/share/doc/pcre/html/pcre_free_study.html
new file mode 100644
index 00000000..7f9e10e8
--- /dev/null
+++ b/client/3rd/ShadowSocks/ShadowSocks/pcre/armv7s/share/doc/pcre/html/pcre_free_study.html
@@ -0,0 +1,46 @@
+<html>
+<head>
+<title>pcre_free_study specification</title>
+</head>
+<body bgcolor="#FFFFFF" text="#00005A" link="#0066FF" alink="#3399FF" vlink="#2222BB">
+<h1>pcre_free_study man page</h1>
+<p>
+Return to the <a href="index.html">PCRE index page</a>.
+</p>
+<p>
+This page is part of the PCRE HTML documentation. It was generated automatically
+from the original man page. If there is any nonsense in it, please consult the
+man page, in case the conversion went wrong.
+<br>
+<br><b>
+SYNOPSIS
+</b><br>
+<P>
+<b>#include &#60;pcre.h&#62;</b>
+</P>
+<P>
+<b>void pcre_free_study(pcre_extra *<i>extra</i>);</b>
+</P>
+<P>
+<b>void pcre16_free_study(pcre16_extra *<i>extra</i>);</b>
+</P>
+<P>
+<b>void pcre32_free_study(pcre32_extra *<i>extra</i>);</b>
+</P>
+<br><b>
+DESCRIPTION
+</b><br>
+<P>
+This function is used to free the memory used for the data generated by a call
+to <b>pcre[16|32]_study()</b> when it is no longer needed. The argument must be the
+result of such a call.
+</P>
+<P>
+There is a complete description of the PCRE native API in the
+<a href="pcreapi.html"><b>pcreapi</b></a>
+page and a description of the POSIX API in the
+<a href="pcreposix.html"><b>pcreposix</b></a>
+page.
+<p>
+Return to the <a href="index.html">PCRE index page</a>.
+</p>
diff --git a/client/3rd/ShadowSocks/ShadowSocks/pcre/armv7s/share/doc/pcre/html/pcre_free_substring.html b/client/3rd/ShadowSocks/ShadowSocks/pcre/armv7s/share/doc/pcre/html/pcre_free_substring.html
new file mode 100644
index 00000000..1fe66107
--- /dev/null
+++ b/client/3rd/ShadowSocks/ShadowSocks/pcre/armv7s/share/doc/pcre/html/pcre_free_substring.html
@@ -0,0 +1,46 @@
+<html>
+<head>
+<title>pcre_free_substring specification</title>
+</head>
+<body bgcolor="#FFFFFF" text="#00005A" link="#0066FF" alink="#3399FF" vlink="#2222BB">
+<h1>pcre_free_substring man page</h1>
+<p>
+Return to the <a href="index.html">PCRE index page</a>.
+</p>
+<p>
+This page is part of the PCRE HTML documentation. It was generated automatically
+from the original man page. If there is any nonsense in it, please consult the
+man page, in case the conversion went wrong.
+<br>
+<br><b>
+SYNOPSIS
+</b><br>
+<P>
+<b>#include &#60;pcre.h&#62;</b>
+</P>
+<P>
+<b>void pcre_free_substring(const char *<i>stringptr</i>);</b>
+</P>
+<P>
+<b>void pcre16_free_substring(PCRE_SPTR16 <i>stringptr</i>);</b>
+</P>
+<P>
+<b>void pcre32_free_substring(PCRE_SPTR32 <i>stringptr</i>);</b>
+</P>
+<br><b>
+DESCRIPTION
+</b><br>
+<P>
+This is a convenience function for freeing the store obtained by a previous
+call to <b>pcre[16|32]_get_substring()</b> or <b>pcre[16|32]_get_named_substring()</b>.
+Its only argument is a pointer to the string.
+</P>
+<P>
+There is a complete description of the PCRE native API in the
+<a href="pcreapi.html"><b>pcreapi</b></a>
+page and a description of the POSIX API in the
+<a href="pcreposix.html"><b>pcreposix</b></a>
+page.
+<p>
+Return to the <a href="index.html">PCRE index page</a>.
+</p>
diff --git a/client/3rd/ShadowSocks/ShadowSocks/pcre/armv7s/share/doc/pcre/html/pcre_free_substring_list.html b/client/3rd/ShadowSocks/ShadowSocks/pcre/armv7s/share/doc/pcre/html/pcre_free_substring_list.html
new file mode 100644
index 00000000..c0861780
--- /dev/null
+++ b/client/3rd/ShadowSocks/ShadowSocks/pcre/armv7s/share/doc/pcre/html/pcre_free_substring_list.html
@@ -0,0 +1,46 @@
+<html>
+<head>
+<title>pcre_free_substring_list specification</title>
+</head>
+<body bgcolor="#FFFFFF" text="#00005A" link="#0066FF" alink="#3399FF" vlink="#2222BB">
+<h1>pcre_free_substring_list man page</h1>
+<p>
+Return to the <a href="index.html">PCRE index page</a>.
+</p>
+<p>
+This page is part of the PCRE HTML documentation. It was generated automatically
+from the original man page. If there is any nonsense in it, please consult the
+man page, in case the conversion went wrong.
+<br>
+<br><b>
+SYNOPSIS
+</b><br>
+<P>
+<b>#include &#60;pcre.h&#62;</b>
+</P>
+<P>
+<b>void pcre_free_substring_list(const char **<i>stringptr</i>);</b>
+</P>
+<P>
+<b>void pcre16_free_substring_list(PCRE_SPTR16 *<i>stringptr</i>);</b>
+</P>
+<P>
+<b>void pcre32_free_substring_list(PCRE_SPTR32 *<i>stringptr</i>);</b>
+</P>
+<br><b>
+DESCRIPTION
+</b><br>
+<P>
+This is a convenience function for freeing the store obtained by a previous
+call to <b>pcre[16|32]_get_substring_list()</b>. Its only argument is a pointer to
+the list of string pointers.
+</P>
+<P>
+There is a complete description of the PCRE native API in the
+<a href="pcreapi.html"><b>pcreapi</b></a>
+page and a description of the POSIX API in the
+<a href="pcreposix.html"><b>pcreposix</b></a>
+page.
+<p>
+Return to the <a href="index.html">PCRE index page</a>.
+</p>
diff --git a/client/3rd/ShadowSocks/ShadowSocks/pcre/armv7s/share/doc/pcre/html/pcre_fullinfo.html b/client/3rd/ShadowSocks/ShadowSocks/pcre/armv7s/share/doc/pcre/html/pcre_fullinfo.html
new file mode 100644
index 00000000..2b7c72b3
--- /dev/null
+++ b/client/3rd/ShadowSocks/ShadowSocks/pcre/armv7s/share/doc/pcre/html/pcre_fullinfo.html
@@ -0,0 +1,118 @@
+<html>
+<head>
+<title>pcre_fullinfo specification</title>
+</head>
+<body bgcolor="#FFFFFF" text="#00005A" link="#0066FF" alink="#3399FF" vlink="#2222BB">
+<h1>pcre_fullinfo man page</h1>
+<p>
+Return to the <a href="index.html">PCRE index page</a>.
+</p>
+<p>
+This page is part of the PCRE HTML documentation. It was generated automatically
+from the original man page. If there is any nonsense in it, please consult the
+man page, in case the conversion went wrong.
+<br>
+<br><b>
+SYNOPSIS
+</b><br>
+<P>
+<b>#include &#60;pcre.h&#62;</b>
+</P>
+<P>
+<b>int pcre_fullinfo(const pcre *<i>code</i>, const pcre_extra *<i>extra</i>,</b>
+<b>     int <i>what</i>, void *<i>where</i>);</b>
+<br>
+<br>
+<b>int pcre16_fullinfo(const pcre16 *<i>code</i>, const pcre16_extra *<i>extra</i>,</b>
+<b>     int <i>what</i>, void *<i>where</i>);</b>
+<br>
+<br>
+<b>int pcre32_fullinfo(const pcre32 *<i>code</i>, const pcre32_extra *<i>extra</i>,</b>
+<b>     int <i>what</i>, void *<i>where</i>);</b>
+</P>
+<br><b>
+DESCRIPTION
+</b><br>
+<P>
+This function returns information about a compiled pattern. Its arguments are:
+<pre>
+  <i>code</i>                      Compiled regular expression
+  <i>extra</i>                     Result of <b>pcre[16|32]_study()</b> or NULL
+  <i>what</i>                      What information is required
+  <i>where</i>                     Where to put the information
+</pre>
+The following information is available:
+<pre>
+  PCRE_INFO_BACKREFMAX      Number of highest back reference
+  PCRE_INFO_CAPTURECOUNT    Number of capturing subpatterns
+  PCRE_INFO_DEFAULT_TABLES  Pointer to default tables
+  PCRE_INFO_FIRSTBYTE       Fixed first data unit for a match, or
+                              -1 for start of string
+                                 or after newline, or
+                              -2 otherwise
+  PCRE_INFO_FIRSTTABLE      Table of first data units (after studying)
+  PCRE_INFO_HASCRORLF       Return 1 if explicit CR or LF matches exist
+  PCRE_INFO_JCHANGED        Return 1 if (?J) or (?-J) was used
+  PCRE_INFO_JIT             Return 1 after successful JIT compilation
+  PCRE_INFO_JITSIZE         Size of JIT compiled code
+  PCRE_INFO_LASTLITERAL     Literal last data unit required
+  PCRE_INFO_MINLENGTH       Lower bound length of matching strings
+  PCRE_INFO_MATCHEMPTY      Return 1 if the pattern can match an empty string,
+                               0 otherwise
+  PCRE_INFO_MATCHLIMIT      Match limit if set, otherwise PCRE_RROR_UNSET
+  PCRE_INFO_MAXLOOKBEHIND   Length (in characters) of the longest lookbehind assertion
+  PCRE_INFO_NAMECOUNT       Number of named subpatterns
+  PCRE_INFO_NAMEENTRYSIZE   Size of name table entry
+  PCRE_INFO_NAMETABLE       Pointer to name table
+  PCRE_INFO_OKPARTIAL       Return 1 if partial matching can be tried
+                              (always returns 1 after release 8.00)
+  PCRE_INFO_OPTIONS         Option bits used for compilation
+  PCRE_INFO_SIZE            Size of compiled pattern
+  PCRE_INFO_STUDYSIZE       Size of study data
+  PCRE_INFO_FIRSTCHARACTER      Fixed first data unit for a match
+  PCRE_INFO_FIRSTCHARACTERFLAGS Returns
+                                  1 if there is a first data character set, which can
+                                    then be retrieved using PCRE_INFO_FIRSTCHARACTER,
+                                  2 if the first character is at the start of the data
+                                    string or after a newline, and
+                                  0 otherwise
+  PCRE_INFO_RECURSIONLIMIT    Recursion limit if set, otherwise PCRE_ERROR_UNSET
+  PCRE_INFO_REQUIREDCHAR      Literal last data unit required
+  PCRE_INFO_REQUIREDCHARFLAGS Returns 1 if the last data character is set (which can then
+                              be retrieved using PCRE_INFO_REQUIREDCHAR); 0 otherwise
+</pre>
+The <i>where</i> argument must point to an integer variable, except for the
+following <i>what</i> values:
+<pre>
+  PCRE_INFO_DEFAULT_TABLES  const uint8_t *
+  PCRE_INFO_FIRSTCHARACTER  uint32_t
+  PCRE_INFO_FIRSTTABLE      const uint8_t *
+  PCRE_INFO_JITSIZE         size_t
+  PCRE_INFO_MATCHLIMIT      uint32_t
+  PCRE_INFO_NAMETABLE       PCRE_SPTR16           (16-bit library)
+  PCRE_INFO_NAMETABLE       PCRE_SPTR32           (32-bit library)
+  PCRE_INFO_NAMETABLE       const unsigned char * (8-bit library)
+  PCRE_INFO_OPTIONS         unsigned long int
+  PCRE_INFO_SIZE            size_t
+  PCRE_INFO_STUDYSIZE       size_t
+  PCRE_INFO_RECURSIONLIMIT  uint32_t
+  PCRE_INFO_REQUIREDCHAR    uint32_t
+</pre>
+The yield of the function is zero on success or:
+<pre>
+  PCRE_ERROR_NULL           the argument <i>code</i> was NULL
+                            the argument <i>where</i> was NULL
+  PCRE_ERROR_BADMAGIC       the "magic number" was not found
+  PCRE_ERROR_BADOPTION      the value of <i>what</i> was invalid
+  PCRE_ERROR_UNSET          the option was not set
+</PRE>
+</P>
+<P>
+There is a complete description of the PCRE native API in the
+<a href="pcreapi.html"><b>pcreapi</b></a>
+page and a description of the POSIX API in the
+<a href="pcreposix.html"><b>pcreposix</b></a>
+page.
+<p>
+Return to the <a href="index.html">PCRE index page</a>.
+</p>
diff --git a/client/3rd/ShadowSocks/ShadowSocks/pcre/armv7s/share/doc/pcre/html/pcre_get_named_substring.html b/client/3rd/ShadowSocks/ShadowSocks/pcre/armv7s/share/doc/pcre/html/pcre_get_named_substring.html
new file mode 100644
index 00000000..72924d9b
--- /dev/null
+++ b/client/3rd/ShadowSocks/ShadowSocks/pcre/armv7s/share/doc/pcre/html/pcre_get_named_substring.html
@@ -0,0 +1,68 @@
+<html>
+<head>
+<title>pcre_get_named_substring specification</title>
+</head>
+<body bgcolor="#FFFFFF" text="#00005A" link="#0066FF" alink="#3399FF" vlink="#2222BB">
+<h1>pcre_get_named_substring man page</h1>
+<p>
+Return to the <a href="index.html">PCRE index page</a>.
+</p>
+<p>
+This page is part of the PCRE HTML documentation. It was generated automatically
+from the original man page. If there is any nonsense in it, please consult the
+man page, in case the conversion went wrong.
+<br>
+<br><b>
+SYNOPSIS
+</b><br>
+<P>
+<b>#include &#60;pcre.h&#62;</b>
+</P>
+<P>
+<b>int pcre_get_named_substring(const pcre *<i>code</i>,</b>
+<b>     const char *<i>subject</i>, int *<i>ovector</i>,</b>
+<b>     int <i>stringcount</i>, const char *<i>stringname</i>,</b>
+<b>     const char **<i>stringptr</i>);</b>
+<br>
+<br>
+<b>int pcre16_get_named_substring(const pcre16 *<i>code</i>,</b>
+<b>     PCRE_SPTR16 <i>subject</i>, int *<i>ovector</i>,</b>
+<b>     int <i>stringcount</i>, PCRE_SPTR16 <i>stringname</i>,</b>
+<b>     PCRE_SPTR16 *<i>stringptr</i>);</b>
+<br>
+<br>
+<b>int pcre32_get_named_substring(const pcre32 *<i>code</i>,</b>
+<b>     PCRE_SPTR32 <i>subject</i>, int *<i>ovector</i>,</b>
+<b>     int <i>stringcount</i>, PCRE_SPTR32 <i>stringname</i>,</b>
+<b>     PCRE_SPTR32 *<i>stringptr</i>);</b>
+</P>
+<br><b>
+DESCRIPTION
+</b><br>
+<P>
+This is a convenience function for extracting a captured substring by name. The
+arguments are:
+<pre>
+  <i>code</i>          Compiled pattern
+  <i>subject</i>       Subject that has been successfully matched
+  <i>ovector</i>       Offset vector that <b>pcre[16|32]_exec()</b> used
+  <i>stringcount</i>   Value returned by <b>pcre[16|32]_exec()</b>
+  <i>stringname</i>    Name of the required substring
+  <i>stringptr</i>     Where to put the string pointer
+</pre>
+The memory in which the substring is placed is obtained by calling
+<b>pcre[16|32]_malloc()</b>. The convenience function
+<b>pcre[16|32]_free_substring()</b> can be used to free it when it is no longer
+needed. The yield of the function is the length of the extracted substring,
+PCRE_ERROR_NOMEMORY if sufficient memory could not be obtained, or
+PCRE_ERROR_NOSUBSTRING if the string name is invalid.
+</P>
+<P>
+There is a complete description of the PCRE native API in the
+<a href="pcreapi.html"><b>pcreapi</b></a>
+page and a description of the POSIX API in the
+<a href="pcreposix.html"><b>pcreposix</b></a>
+page.
+<p>
+Return to the <a href="index.html">PCRE index page</a>.
+</p>
diff --git a/client/3rd/ShadowSocks/ShadowSocks/pcre/armv7s/share/doc/pcre/html/pcre_get_stringnumber.html b/client/3rd/ShadowSocks/ShadowSocks/pcre/armv7s/share/doc/pcre/html/pcre_get_stringnumber.html
new file mode 100644
index 00000000..7324d782
--- /dev/null
+++ b/client/3rd/ShadowSocks/ShadowSocks/pcre/armv7s/share/doc/pcre/html/pcre_get_stringnumber.html
@@ -0,0 +1,57 @@
+<html>
+<head>
+<title>pcre_get_stringnumber specification</title>
+</head>
+<body bgcolor="#FFFFFF" text="#00005A" link="#0066FF" alink="#3399FF" vlink="#2222BB">
+<h1>pcre_get_stringnumber man page</h1>
+<p>
+Return to the <a href="index.html">PCRE index page</a>.
+</p>
+<p>
+This page is part of the PCRE HTML documentation. It was generated automatically
+from the original man page. If there is any nonsense in it, please consult the
+man page, in case the conversion went wrong.
+<br>
+<br><b>
+SYNOPSIS
+</b><br>
+<P>
+<b>#include &#60;pcre.h&#62;</b>
+</P>
+<P>
+<b>int pcre_get_stringnumber(const pcre *<i>code</i>,</b>
+<b>     const char *<i>name</i>);</b>
+<br>
+<br>
+<b>int pcre16_get_stringnumber(const pcre16 *<i>code</i>,</b>
+<b>     PCRE_SPTR16 <i>name</i>);</b>
+<br>
+<br>
+<b>int pcre32_get_stringnumber(const pcre32 *<i>code</i>,</b>
+<b>     PCRE_SPTR32 <i>name</i>);</b>
+</P>
+<br><b>
+DESCRIPTION
+</b><br>
+<P>
+This convenience function finds the number of a named substring capturing
+parenthesis in a compiled pattern. Its arguments are:
+<pre>
+  <i>code</i>    Compiled regular expression
+  <i>name</i>    Name whose number is required
+</pre>
+The yield of the function is the number of the parenthesis if the name is
+found, or PCRE_ERROR_NOSUBSTRING otherwise. When duplicate names are allowed
+(PCRE_DUPNAMES is set), it is not defined which of the numbers is returned by
+<b>pcre[16|32]_get_stringnumber()</b>. You can obtain the complete list by calling
+<b>pcre[16|32]_get_stringtable_entries()</b>.
+</P>
+<P>
+There is a complete description of the PCRE native API in the
+<a href="pcreapi.html"><b>pcreapi</b></a>
+page and a description of the POSIX API in the
+<a href="pcreposix.html"><b>pcreposix</b></a>
+page.
+<p>
+Return to the <a href="index.html">PCRE index page</a>.
+</p>
diff --git a/client/3rd/ShadowSocks/ShadowSocks/pcre/armv7s/share/doc/pcre/html/pcre_get_stringtable_entries.html b/client/3rd/ShadowSocks/ShadowSocks/pcre/armv7s/share/doc/pcre/html/pcre_get_stringtable_entries.html
new file mode 100644
index 00000000..79906798
--- /dev/null
+++ b/client/3rd/ShadowSocks/ShadowSocks/pcre/armv7s/share/doc/pcre/html/pcre_get_stringtable_entries.html
@@ -0,0 +1,60 @@
+<html>
+<head>
+<title>pcre_get_stringtable_entries specification</title>
+</head>
+<body bgcolor="#FFFFFF" text="#00005A" link="#0066FF" alink="#3399FF" vlink="#2222BB">
+<h1>pcre_get_stringtable_entries man page</h1>
+<p>
+Return to the <a href="index.html">PCRE index page</a>.
+</p>
+<p>
+This page is part of the PCRE HTML documentation. It was generated automatically
+from the original man page. If there is any nonsense in it, please consult the
+man page, in case the conversion went wrong.
+<br>
+<br><b>
+SYNOPSIS
+</b><br>
+<P>
+<b>#include &#60;pcre.h&#62;</b>
+</P>
+<P>
+<b>int pcre_get_stringtable_entries(const pcre *<i>code</i>,</b>
+<b>     const char *<i>name</i>, char **<i>first</i>, char **<i>last</i>);</b>
+<br>
+<br>
+<b>int pcre16_get_stringtable_entries(const pcre16 *<i>code</i>,</b>
+<b>     PCRE_SPTR16 <i>name</i>, PCRE_UCHAR16 **<i>first</i>, PCRE_UCHAR16 **<i>last</i>);</b>
+<br>
+<br>
+<b>int pcre32_get_stringtable_entries(const pcre32 *<i>code</i>,</b>
+<b>     PCRE_SPTR32 <i>name</i>, PCRE_UCHAR32 **<i>first</i>, PCRE_UCHAR32 **<i>last</i>);</b>
+</P>
+<br><b>
+DESCRIPTION
+</b><br>
+<P>
+This convenience function finds, for a compiled pattern, the first and last
+entries for a given name in the table that translates capturing parenthesis
+names into numbers. When names are required to be unique (PCRE_DUPNAMES is
+<i>not</i> set), it is usually easier to use <b>pcre[16|32]_get_stringnumber()</b>
+instead.
+<pre>
+  <i>code</i>    Compiled regular expression
+  <i>name</i>    Name whose entries required
+  <i>first</i>   Where to return a pointer to the first entry
+  <i>last</i>    Where to return a pointer to the last entry
+</pre>
+The yield of the function is the length of each entry, or
+PCRE_ERROR_NOSUBSTRING if none are found.
+</P>
+<P>
+There is a complete description of the PCRE native API, including the format of
+the table entries, in the
+<a href="pcreapi.html"><b>pcreapi</b></a>
+page, and a description of the POSIX API in the
+<a href="pcreposix.html"><b>pcreposix</b></a>
+page.
+<p>
+Return to the <a href="index.html">PCRE index page</a>.
+</p>
diff --git a/client/3rd/ShadowSocks/ShadowSocks/pcre/armv7s/share/doc/pcre/html/pcre_get_substring.html b/client/3rd/ShadowSocks/ShadowSocks/pcre/armv7s/share/doc/pcre/html/pcre_get_substring.html
new file mode 100644
index 00000000..1a8e4f5a
--- /dev/null
+++ b/client/3rd/ShadowSocks/ShadowSocks/pcre/armv7s/share/doc/pcre/html/pcre_get_substring.html
@@ -0,0 +1,64 @@
+<html>
+<head>
+<title>pcre_get_substring specification</title>
+</head>
+<body bgcolor="#FFFFFF" text="#00005A" link="#0066FF" alink="#3399FF" vlink="#2222BB">
+<h1>pcre_get_substring man page</h1>
+<p>
+Return to the <a href="index.html">PCRE index page</a>.
+</p>
+<p>
+This page is part of the PCRE HTML documentation. It was generated automatically
+from the original man page. If there is any nonsense in it, please consult the
+man page, in case the conversion went wrong.
+<br>
+<br><b>
+SYNOPSIS
+</b><br>
+<P>
+<b>#include &#60;pcre.h&#62;</b>
+</P>
+<P>
+<b>int pcre_get_substring(const char *<i>subject</i>, int *<i>ovector</i>,</b>
+<b>     int <i>stringcount</i>, int <i>stringnumber</i>,</b>
+<b>     const char **<i>stringptr</i>);</b>
+<br>
+<br>
+<b>int pcre16_get_substring(PCRE_SPTR16 <i>subject</i>, int *<i>ovector</i>,</b>
+<b>     int <i>stringcount</i>, int <i>stringnumber</i>,</b>
+<b>     PCRE_SPTR16 *<i>stringptr</i>);</b>
+<br>
+<br>
+<b>int pcre32_get_substring(PCRE_SPTR32 <i>subject</i>, int *<i>ovector</i>,</b>
+<b>     int <i>stringcount</i>, int <i>stringnumber</i>,</b>
+<b>     PCRE_SPTR32 *<i>stringptr</i>);</b>
+</P>
+<br><b>
+DESCRIPTION
+</b><br>
+<P>
+This is a convenience function for extracting a captured substring. The
+arguments are:
+<pre>
+  <i>subject</i>       Subject that has been successfully matched
+  <i>ovector</i>       Offset vector that <b>pcre[16|32]_exec()</b> used
+  <i>stringcount</i>   Value returned by <b>pcre[16|32]_exec()</b>
+  <i>stringnumber</i>  Number of the required substring
+  <i>stringptr</i>     Where to put the string pointer
+</pre>
+The memory in which the substring is placed is obtained by calling
+<b>pcre[16|32]_malloc()</b>. The convenience function
+<b>pcre[16|32]_free_substring()</b> can be used to free it when it is no longer
+needed. The yield of the function is the length of the substring,
+PCRE_ERROR_NOMEMORY if sufficient memory could not be obtained, or
+PCRE_ERROR_NOSUBSTRING if the string number is invalid.
+</P>
+<P>
+There is a complete description of the PCRE native API in the
+<a href="pcreapi.html"><b>pcreapi</b></a>
+page and a description of the POSIX API in the
+<a href="pcreposix.html"><b>pcreposix</b></a>
+page.
+<p>
+Return to the <a href="index.html">PCRE index page</a>.
+</p>
diff --git a/client/3rd/ShadowSocks/ShadowSocks/pcre/armv7s/share/doc/pcre/html/pcre_get_substring_list.html b/client/3rd/ShadowSocks/ShadowSocks/pcre/armv7s/share/doc/pcre/html/pcre_get_substring_list.html
new file mode 100644
index 00000000..7e8c6bc8
--- /dev/null
+++ b/client/3rd/ShadowSocks/ShadowSocks/pcre/armv7s/share/doc/pcre/html/pcre_get_substring_list.html
@@ -0,0 +1,61 @@
+<html>
+<head>
+<title>pcre_get_substring_list specification</title>
+</head>
+<body bgcolor="#FFFFFF" text="#00005A" link="#0066FF" alink="#3399FF" vlink="#2222BB">
+<h1>pcre_get_substring_list man page</h1>
+<p>
+Return to the <a href="index.html">PCRE index page</a>.
+</p>
+<p>
+This page is part of the PCRE HTML documentation. It was generated automatically
+from the original man page. If there is any nonsense in it, please consult the
+man page, in case the conversion went wrong.
+<br>
+<br><b>
+SYNOPSIS
+</b><br>
+<P>
+<b>#include &#60;pcre.h&#62;</b>
+</P>
+<P>
+<b>int pcre_get_substring_list(const char *<i>subject</i>,</b>
+<b>     int *<i>ovector</i>, int <i>stringcount</i>, const char ***<i>listptr</i>);</b>
+<br>
+<br>
+<b>int pcre16_get_substring_list(PCRE_SPTR16 <i>subject</i>,</b>
+<b>     int *<i>ovector</i>, int <i>stringcount</i>, PCRE_SPTR16 **<i>listptr</i>);</b>
+<br>
+<br>
+<b>int pcre32_get_substring_list(PCRE_SPTR32 <i>subject</i>,</b>
+<b>     int *<i>ovector</i>, int <i>stringcount</i>, PCRE_SPTR32 **<i>listptr</i>);</b>
+</P>
+<br><b>
+DESCRIPTION
+</b><br>
+<P>
+This is a convenience function for extracting a list of all the captured
+substrings. The arguments are:
+<pre>
+  <i>subject</i>       Subject that has been successfully matched
+  <i>ovector</i>       Offset vector that <b>pcre[16|32]_exec</b> used
+  <i>stringcount</i>   Value returned by <b>pcre[16|32]_exec</b>
+  <i>listptr</i>       Where to put a pointer to the list
+</pre>
+The memory in which the substrings and the list are placed is obtained by
+calling <b>pcre[16|32]_malloc()</b>. The convenience function
+<b>pcre[16|32]_free_substring_list()</b> can be used to free it when it is no
+longer needed. A pointer to a list of pointers is put in the variable whose
+address is in <i>listptr</i>. The list is terminated by a NULL pointer. The
+yield of the function is zero on success or PCRE_ERROR_NOMEMORY if sufficient
+memory could not be obtained.
+</P>
+<P>
+There is a complete description of the PCRE native API in the
+<a href="pcreapi.html"><b>pcreapi</b></a>
+page and a description of the POSIX API in the
+<a href="pcreposix.html"><b>pcreposix</b></a>
+page.
+<p>
+Return to the <a href="index.html">PCRE index page</a>.
+</p>
diff --git a/client/3rd/ShadowSocks/ShadowSocks/pcre/armv7s/share/doc/pcre/html/pcre_jit_exec.html b/client/3rd/ShadowSocks/ShadowSocks/pcre/armv7s/share/doc/pcre/html/pcre_jit_exec.html
new file mode 100644
index 00000000..4ebb0cbc
--- /dev/null
+++ b/client/3rd/ShadowSocks/ShadowSocks/pcre/armv7s/share/doc/pcre/html/pcre_jit_exec.html
@@ -0,0 +1,108 @@
+<html>
+<head>
+<title>pcre_jit_exec specification</title>
+</head>
+<body bgcolor="#FFFFFF" text="#00005A" link="#0066FF" alink="#3399FF" vlink="#2222BB">
+<h1>pcre_jit_exec man page</h1>
+<p>
+Return to the <a href="index.html">PCRE index page</a>.
+</p>
+<p>
+This page is part of the PCRE HTML documentation. It was generated automatically
+from the original man page. If there is any nonsense in it, please consult the
+man page, in case the conversion went wrong.
+<br>
+<br><b>
+SYNOPSIS
+</b><br>
+<P>
+<b>#include &#60;pcre.h&#62;</b>
+</P>
+<P>
+<b>int pcre_jit_exec(const pcre *<i>code</i>, const pcre_extra *<i>extra</i>,</b>
+<b>     const char *<i>subject</i>, int <i>length</i>, int <i>startoffset</i>,</b>
+<b>     int <i>options</i>, int *<i>ovector</i>, int <i>ovecsize</i>,</b>
+<b>     pcre_jit_stack *<i>jstack</i>);</b>
+<br>
+<br>
+<b>int pcre16_jit_exec(const pcre16 *<i>code</i>, const pcre16_extra *<i>extra</i>,</b>
+<b>     PCRE_SPTR16 <i>subject</i>, int <i>length</i>, int <i>startoffset</i>,</b>
+<b>     int <i>options</i>, int *<i>ovector</i>, int <i>ovecsize</i>,</b>
+<b>     pcre_jit_stack *<i>jstack</i>);</b>
+<br>
+<br>
+<b>int pcre32_jit_exec(const pcre32 *<i>code</i>, const pcre32_extra *<i>extra</i>,</b>
+<b>     PCRE_SPTR32 <i>subject</i>, int <i>length</i>, int <i>startoffset</i>,</b>
+<b>     int <i>options</i>, int *<i>ovector</i>, int <i>ovecsize</i>,</b>
+<b>     pcre_jit_stack *<i>jstack</i>);</b>
+</P>
+<br><b>
+DESCRIPTION
+</b><br>
+<P>
+This function matches a compiled regular expression that has been successfully
+studied with one of the JIT options against a given subject string, using a
+matching algorithm that is similar to Perl's. It is a "fast path" interface to
+JIT, and it bypasses some of the sanity checks that <b>pcre_exec()</b> applies.
+It returns offsets to captured substrings. Its arguments are:
+<pre>
+  <i>code</i>         Points to the compiled pattern
+  <i>extra</i>        Points to an associated <b>pcre[16|32]_extra</b> structure,
+                 or is NULL
+  <i>subject</i>      Points to the subject string
+  <i>length</i>       Length of the subject string, in bytes
+  <i>startoffset</i>  Offset in bytes in the subject at which to
+                 start matching
+  <i>options</i>      Option bits
+  <i>ovector</i>      Points to a vector of ints for result offsets
+  <i>ovecsize</i>     Number of elements in the vector (a multiple of 3)
+  <i>jstack</i>       Pointer to a JIT stack
+</pre>
+The allowed options are:
+<pre>
+  PCRE_NOTBOL            Subject string is not the beginning of a line
+  PCRE_NOTEOL            Subject string is not the end of a line
+  PCRE_NOTEMPTY          An empty string is not a valid match
+  PCRE_NOTEMPTY_ATSTART  An empty string at the start of the subject
+                           is not a valid match
+  PCRE_NO_UTF16_CHECK    Do not check the subject for UTF-16
+                           validity (only relevant if PCRE_UTF16
+                           was set at compile time)
+  PCRE_NO_UTF32_CHECK    Do not check the subject for UTF-32
+                           validity (only relevant if PCRE_UTF32
+                           was set at compile time)
+  PCRE_NO_UTF8_CHECK     Do not check the subject for UTF-8
+                           validity (only relevant if PCRE_UTF8
+                           was set at compile time)
+  PCRE_PARTIAL           ) Return PCRE_ERROR_PARTIAL for a partial
+  PCRE_PARTIAL_SOFT      )   match if no full matches are found
+  PCRE_PARTIAL_HARD      Return PCRE_ERROR_PARTIAL for a partial match
+                           if that is found before a full match
+</pre>
+However, the PCRE_NO_UTF[8|16|32]_CHECK options have no effect, as this check
+is never applied. For details of partial matching, see the
+<a href="pcrepartial.html"><b>pcrepartial</b></a>
+page. A <b>pcre_extra</b> structure contains the following fields:
+<pre>
+  <i>flags</i>            Bits indicating which fields are set
+  <i>study_data</i>       Opaque data from <b>pcre[16|32]_study()</b>
+  <i>match_limit</i>      Limit on internal resource use
+  <i>match_limit_recursion</i>  Limit on internal recursion depth
+  <i>callout_data</i>     Opaque data passed back to callouts
+  <i>tables</i>           Points to character tables or is NULL
+  <i>mark</i>             For passing back a *MARK pointer
+  <i>executable_jit</i>   Opaque data from JIT compilation
+</pre>
+The flag bits are PCRE_EXTRA_STUDY_DATA, PCRE_EXTRA_MATCH_LIMIT,
+PCRE_EXTRA_MATCH_LIMIT_RECURSION, PCRE_EXTRA_CALLOUT_DATA,
+PCRE_EXTRA_TABLES, PCRE_EXTRA_MARK and PCRE_EXTRA_EXECUTABLE_JIT.
+</P>
+<P>
+There is a complete description of the PCRE native API in the
+<a href="pcreapi.html"><b>pcreapi</b></a>
+page and a description of the JIT API in the
+<a href="pcrejit.html"><b>pcrejit</b></a>
+page.
+<p>
+Return to the <a href="index.html">PCRE index page</a>.
+</p>
diff --git a/client/3rd/ShadowSocks/ShadowSocks/pcre/armv7s/share/doc/pcre/html/pcre_jit_stack_alloc.html b/client/3rd/ShadowSocks/ShadowSocks/pcre/armv7s/share/doc/pcre/html/pcre_jit_stack_alloc.html
new file mode 100644
index 00000000..23ba4507
--- /dev/null
+++ b/client/3rd/ShadowSocks/ShadowSocks/pcre/armv7s/share/doc/pcre/html/pcre_jit_stack_alloc.html
@@ -0,0 +1,55 @@
+<html>
+<head>
+<title>pcre_jit_stack_alloc specification</title>
+</head>
+<body bgcolor="#FFFFFF" text="#00005A" link="#0066FF" alink="#3399FF" vlink="#2222BB">
+<h1>pcre_jit_stack_alloc man page</h1>
+<p>
+Return to the <a href="index.html">PCRE index page</a>.
+</p>
+<p>
+This page is part of the PCRE HTML documentation. It was generated automatically
+from the original man page. If there is any nonsense in it, please consult the
+man page, in case the conversion went wrong.
+<br>
+<br><b>
+SYNOPSIS
+</b><br>
+<P>
+<b>#include &#60;pcre.h&#62;</b>
+</P>
+<P>
+<b>pcre_jit_stack *pcre_jit_stack_alloc(int <i>startsize</i>,</b>
+<b>     int <i>maxsize</i>);</b>
+<br>
+<br>
+<b>pcre16_jit_stack *pcre16_jit_stack_alloc(int <i>startsize</i>,</b>
+<b>     int <i>maxsize</i>);</b>
+<br>
+<br>
+<b>pcre32_jit_stack *pcre32_jit_stack_alloc(int <i>startsize</i>,</b>
+<b>     int <i>maxsize</i>);</b>
+</P>
+<br><b>
+DESCRIPTION
+</b><br>
+<P>
+This function is used to create a stack for use by the code compiled by the JIT
+optimization of <b>pcre[16|32]_study()</b>. The arguments are a starting size for
+the stack, and a maximum size to which it is allowed to grow. The result can be
+passed to the JIT run-time code by <b>pcre[16|32]_assign_jit_stack()</b>, or that
+function can set up a callback for obtaining a stack. A maximum stack size of
+512K to 1M should be more than enough for any pattern. For more details, see
+the
+<a href="pcrejit.html"><b>pcrejit</b></a>
+page.
+</P>
+<P>
+There is a complete description of the PCRE native API in the
+<a href="pcreapi.html"><b>pcreapi</b></a>
+page and a description of the POSIX API in the
+<a href="pcreposix.html"><b>pcreposix</b></a>
+page.
+<p>
+Return to the <a href="index.html">PCRE index page</a>.
+</p>
diff --git a/client/3rd/ShadowSocks/ShadowSocks/pcre/armv7s/share/doc/pcre/html/pcre_jit_stack_free.html b/client/3rd/ShadowSocks/ShadowSocks/pcre/armv7s/share/doc/pcre/html/pcre_jit_stack_free.html
new file mode 100644
index 00000000..8bd06e46
--- /dev/null
+++ b/client/3rd/ShadowSocks/ShadowSocks/pcre/armv7s/share/doc/pcre/html/pcre_jit_stack_free.html
@@ -0,0 +1,48 @@
+<html>
+<head>
+<title>pcre_jit_stack_free specification</title>
+</head>
+<body bgcolor="#FFFFFF" text="#00005A" link="#0066FF" alink="#3399FF" vlink="#2222BB">
+<h1>pcre_jit_stack_free man page</h1>
+<p>
+Return to the <a href="index.html">PCRE index page</a>.
+</p>
+<p>
+This page is part of the PCRE HTML documentation. It was generated automatically
+from the original man page. If there is any nonsense in it, please consult the
+man page, in case the conversion went wrong.
+<br>
+<br><b>
+SYNOPSIS
+</b><br>
+<P>
+<b>#include &#60;pcre.h&#62;</b>
+</P>
+<P>
+<b>void pcre_jit_stack_free(pcre_jit_stack *<i>stack</i>);</b>
+</P>
+<P>
+<b>void pcre16_jit_stack_free(pcre16_jit_stack *<i>stack</i>);</b>
+</P>
+<P>
+<b>void pcre32_jit_stack_free(pcre32_jit_stack *<i>stack</i>);</b>
+</P>
+<br><b>
+DESCRIPTION
+</b><br>
+<P>
+This function is used to free a JIT stack that was created by
+<b>pcre[16|32]_jit_stack_alloc()</b> when it is no longer needed. For more details,
+see the
+<a href="pcrejit.html"><b>pcrejit</b></a>
+page.
+</P>
+<P>
+There is a complete description of the PCRE native API in the
+<a href="pcreapi.html"><b>pcreapi</b></a>
+page and a description of the POSIX API in the
+<a href="pcreposix.html"><b>pcreposix</b></a>
+page.
+<p>
+Return to the <a href="index.html">PCRE index page</a>.
+</p>
diff --git a/client/3rd/ShadowSocks/ShadowSocks/pcre/armv7s/share/doc/pcre/html/pcre_maketables.html b/client/3rd/ShadowSocks/ShadowSocks/pcre/armv7s/share/doc/pcre/html/pcre_maketables.html
new file mode 100644
index 00000000..3a7b5ebc
--- /dev/null
+++ b/client/3rd/ShadowSocks/ShadowSocks/pcre/armv7s/share/doc/pcre/html/pcre_maketables.html
@@ -0,0 +1,48 @@
+<html>
+<head>
+<title>pcre_maketables specification</title>
+</head>
+<body bgcolor="#FFFFFF" text="#00005A" link="#0066FF" alink="#3399FF" vlink="#2222BB">
+<h1>pcre_maketables man page</h1>
+<p>
+Return to the <a href="index.html">PCRE index page</a>.
+</p>
+<p>
+This page is part of the PCRE HTML documentation. It was generated automatically
+from the original man page. If there is any nonsense in it, please consult the
+man page, in case the conversion went wrong.
+<br>
+<br><b>
+SYNOPSIS
+</b><br>
+<P>
+<b>#include &#60;pcre.h&#62;</b>
+</P>
+<P>
+<b>const unsigned char *pcre_maketables(void);</b>
+</P>
+<P>
+<b>const unsigned char *pcre16_maketables(void);</b>
+</P>
+<P>
+<b>const unsigned char *pcre32_maketables(void);</b>
+</P>
+<br><b>
+DESCRIPTION
+</b><br>
+<P>
+This function builds a set of character tables for character values less than
+256. These can be passed to <b>pcre[16|32]_compile()</b> to override PCRE's
+internal, built-in tables (which were made by <b>pcre[16|32]_maketables()</b> when
+PCRE was compiled). You might want to do this if you are using a non-standard
+locale. The function yields a pointer to the tables.
+</P>
+<P>
+There is a complete description of the PCRE native API in the
+<a href="pcreapi.html"><b>pcreapi</b></a>
+page and a description of the POSIX API in the
+<a href="pcreposix.html"><b>pcreposix</b></a>
+page.
+<p>
+Return to the <a href="index.html">PCRE index page</a>.
+</p>
diff --git a/client/3rd/ShadowSocks/ShadowSocks/pcre/armv7s/share/doc/pcre/html/pcre_pattern_to_host_byte_order.html b/client/3rd/ShadowSocks/ShadowSocks/pcre/armv7s/share/doc/pcre/html/pcre_pattern_to_host_byte_order.html
new file mode 100644
index 00000000..1b1c8037
--- /dev/null
+++ b/client/3rd/ShadowSocks/ShadowSocks/pcre/armv7s/share/doc/pcre/html/pcre_pattern_to_host_byte_order.html
@@ -0,0 +1,58 @@
+<html>
+<head>
+<title>pcre_pattern_to_host_byte_order specification</title>
+</head>
+<body bgcolor="#FFFFFF" text="#00005A" link="#0066FF" alink="#3399FF" vlink="#2222BB">
+<h1>pcre_pattern_to_host_byte_order man page</h1>
+<p>
+Return to the <a href="index.html">PCRE index page</a>.
+</p>
+<p>
+This page is part of the PCRE HTML documentation. It was generated automatically
+from the original man page. If there is any nonsense in it, please consult the
+man page, in case the conversion went wrong.
+<br>
+<br><b>
+SYNOPSIS
+</b><br>
+<P>
+<b>#include &#60;pcre.h&#62;</b>
+</P>
+<P>
+<b>int pcre_pattern_to_host_byte_order(pcre *<i>code</i>,</b>
+<b>     pcre_extra *<i>extra</i>, const unsigned char *<i>tables</i>);</b>
+<br>
+<br>
+<b>int pcre16_pattern_to_host_byte_order(pcre16 *<i>code</i>,</b>
+<b>     pcre16_extra *<i>extra</i>, const unsigned char *<i>tables</i>);</b>
+<br>
+<br>
+<b>int pcre32_pattern_to_host_byte_order(pcre32 *<i>code</i>,</b>
+<b>     pcre32_extra *<i>extra</i>, const unsigned char *<i>tables</i>);</b>
+</P>
+<br><b>
+DESCRIPTION
+</b><br>
+<P>
+This function ensures that the bytes in 2-byte and 4-byte values in a compiled
+pattern are in the correct order for the current host. It is useful when a
+pattern that has been compiled on one host is transferred to another that might
+have different endianness. The arguments are:
+<pre>
+  <i>code</i>         A compiled regular expression
+  <i>extra</i>        Points to an associated <b>pcre[16|32]_extra</b> structure,
+                 or is NULL
+  <i>tables</i>       Pointer to character tables, or NULL to
+                 set the built-in default
+</pre>
+The result is 0 for success, a negative PCRE_ERROR_xxx value otherwise.
+</P>
+<P>
+There is a complete description of the PCRE native API in the
+<a href="pcreapi.html"><b>pcreapi</b></a>
+page and a description of the POSIX API in the
+<a href="pcreposix.html"><b>pcreposix</b></a>
+page.
+<p>
+Return to the <a href="index.html">PCRE index page</a>.
+</p>
diff --git a/client/3rd/ShadowSocks/ShadowSocks/pcre/armv7s/share/doc/pcre/html/pcre_refcount.html b/client/3rd/ShadowSocks/ShadowSocks/pcre/armv7s/share/doc/pcre/html/pcre_refcount.html
new file mode 100644
index 00000000..bfb92e6d
--- /dev/null
+++ b/client/3rd/ShadowSocks/ShadowSocks/pcre/armv7s/share/doc/pcre/html/pcre_refcount.html
@@ -0,0 +1,51 @@
+<html>
+<head>
+<title>pcre_refcount specification</title>
+</head>
+<body bgcolor="#FFFFFF" text="#00005A" link="#0066FF" alink="#3399FF" vlink="#2222BB">
+<h1>pcre_refcount man page</h1>
+<p>
+Return to the <a href="index.html">PCRE index page</a>.
+</p>
+<p>
+This page is part of the PCRE HTML documentation. It was generated automatically
+from the original man page. If there is any nonsense in it, please consult the
+man page, in case the conversion went wrong.
+<br>
+<br><b>
+SYNOPSIS
+</b><br>
+<P>
+<b>#include &#60;pcre.h&#62;</b>
+</P>
+<P>
+<b>int pcre_refcount(pcre *<i>code</i>, int <i>adjust</i>);</b>
+</P>
+<P>
+<b>int pcre16_refcount(pcre16 *<i>code</i>, int <i>adjust</i>);</b>
+</P>
+<P>
+<b>int pcre32_refcount(pcre32 *<i>code</i>, int <i>adjust</i>);</b>
+</P>
+<br><b>
+DESCRIPTION
+</b><br>
+<P>
+This function is used to maintain a reference count inside a data block that
+contains a compiled pattern. Its arguments are:
+<pre>
+  <i>code</i>                      Compiled regular expression
+  <i>adjust</i>                    Adjustment to reference value
+</pre>
+The yield of the function is the adjusted reference value, which is constrained
+to lie between 0 and 65535.
+</P>
+<P>
+There is a complete description of the PCRE native API in the
+<a href="pcreapi.html"><b>pcreapi</b></a>
+page and a description of the POSIX API in the
+<a href="pcreposix.html"><b>pcreposix</b></a>
+page.
+<p>
+Return to the <a href="index.html">PCRE index page</a>.
+</p>
diff --git a/client/3rd/ShadowSocks/ShadowSocks/pcre/armv7s/share/doc/pcre/html/pcre_study.html b/client/3rd/ShadowSocks/ShadowSocks/pcre/armv7s/share/doc/pcre/html/pcre_study.html
new file mode 100644
index 00000000..af82f114
--- /dev/null
+++ b/client/3rd/ShadowSocks/ShadowSocks/pcre/armv7s/share/doc/pcre/html/pcre_study.html
@@ -0,0 +1,68 @@
+<html>
+<head>
+<title>pcre_study specification</title>
+</head>
+<body bgcolor="#FFFFFF" text="#00005A" link="#0066FF" alink="#3399FF" vlink="#2222BB">
+<h1>pcre_study man page</h1>
+<p>
+Return to the <a href="index.html">PCRE index page</a>.
+</p>
+<p>
+This page is part of the PCRE HTML documentation. It was generated automatically
+from the original man page. If there is any nonsense in it, please consult the
+man page, in case the conversion went wrong.
+<br>
+<br><b>
+SYNOPSIS
+</b><br>
+<P>
+<b>#include &#60;pcre.h&#62;</b>
+</P>
+<P>
+<b>pcre_extra *pcre_study(const pcre *<i>code</i>, int <i>options</i>,</b>
+<b>     const char **<i>errptr</i>);</b>
+<br>
+<br>
+<b>pcre16_extra *pcre16_study(const pcre16 *<i>code</i>, int <i>options</i>,</b>
+<b>     const char **<i>errptr</i>);</b>
+<br>
+<br>
+<b>pcre32_extra *pcre32_study(const pcre32 *<i>code</i>, int <i>options</i>,</b>
+<b>     const char **<i>errptr</i>);</b>
+</P>
+<br><b>
+DESCRIPTION
+</b><br>
+<P>
+This function studies a compiled pattern, to see if additional information can
+be extracted that might speed up matching. Its arguments are:
+<pre>
+  <i>code</i>       A compiled regular expression
+  <i>options</i>    Options for <b>pcre[16|32]_study()</b>
+  <i>errptr</i>     Where to put an error message
+</pre>
+If the function succeeds, it returns a value that can be passed to
+<b>pcre[16|32]_exec()</b> or <b>pcre[16|32]_dfa_exec()</b> via their <i>extra</i>
+arguments.
+</P>
+<P>
+If the function returns NULL, either it could not find any additional
+information, or there was an error. You can tell the difference by looking at
+the error value. It is NULL in first case.
+</P>
+<P>
+The only option is PCRE_STUDY_JIT_COMPILE. It requests just-in-time compilation
+if possible. If PCRE has been compiled without JIT support, this option is
+ignored. See the
+<a href="pcrejit.html"><b>pcrejit</b></a>
+page for further details.
+</P>
+<P>
+There is a complete description of the PCRE native API in the
+<a href="pcreapi.html"><b>pcreapi</b></a>
+page and a description of the POSIX API in the
+<a href="pcreposix.html"><b>pcreposix</b></a>
+page.
+<p>
+Return to the <a href="index.html">PCRE index page</a>.
+</p>
diff --git a/client/3rd/ShadowSocks/ShadowSocks/pcre/armv7s/share/doc/pcre/html/pcre_utf16_to_host_byte_order.html b/client/3rd/ShadowSocks/ShadowSocks/pcre/armv7s/share/doc/pcre/html/pcre_utf16_to_host_byte_order.html
new file mode 100644
index 00000000..18e7788f
--- /dev/null
+++ b/client/3rd/ShadowSocks/ShadowSocks/pcre/armv7s/share/doc/pcre/html/pcre_utf16_to_host_byte_order.html
@@ -0,0 +1,57 @@
+<html>
+<head>
+<title>pcre_utf16_to_host_byte_order specification</title>
+</head>
+<body bgcolor="#FFFFFF" text="#00005A" link="#0066FF" alink="#3399FF" vlink="#2222BB">
+<h1>pcre_utf16_to_host_byte_order man page</h1>
+<p>
+Return to the <a href="index.html">PCRE index page</a>.
+</p>
+<p>
+This page is part of the PCRE HTML documentation. It was generated automatically
+from the original man page. If there is any nonsense in it, please consult the
+man page, in case the conversion went wrong.
+<br>
+<br><b>
+SYNOPSIS
+</b><br>
+<P>
+<b>#include &#60;pcre.h&#62;</b>
+</P>
+<P>
+<b>int pcre16_utf16_to_host_byte_order(PCRE_UCHAR16 *<i>output</i>,</b>
+<b>     PCRE_SPTR16 <i>input</i>, int <i>length</i>, int *<i>host_byte_order</i>,</b>
+<b>     int <i>keep_boms</i>);</b>
+</P>
+<br><b>
+DESCRIPTION
+</b><br>
+<P>
+This function, which exists only in the 16-bit library, converts a UTF-16
+string to the correct order for the current host, taking account of any byte
+order marks (BOMs) within the string. Its arguments are:
+<pre>
+  <i>output</i>           pointer to output buffer, may be the same as <i>input</i>
+  <i>input</i>            pointer to input buffer
+  <i>length</i>           number of 16-bit units in the input, or negative for
+                     a zero-terminated string
+  <i>host_byte_order</i>  a NULL value or a non-zero value pointed to means
+                     start in host byte order
+  <i>keep_boms</i>        if non-zero, BOMs are copied to the output string
+</pre>
+The result of the function is the number of 16-bit units placed into the output
+buffer, including the zero terminator if the string was zero-terminated.
+</P>
+<P>
+If <i>host_byte_order</i> is not NULL, it is set to indicate the byte order that
+is current at the end of the string.
+</P>
+<P>
+There is a complete description of the PCRE native API in the
+<a href="pcreapi.html"><b>pcreapi</b></a>
+page and a description of the POSIX API in the
+<a href="pcreposix.html"><b>pcreposix</b></a>
+page.
+<p>
+Return to the <a href="index.html">PCRE index page</a>.
+</p>
diff --git a/client/3rd/ShadowSocks/ShadowSocks/pcre/armv7s/share/doc/pcre/html/pcre_utf32_to_host_byte_order.html b/client/3rd/ShadowSocks/ShadowSocks/pcre/armv7s/share/doc/pcre/html/pcre_utf32_to_host_byte_order.html
new file mode 100644
index 00000000..772ae40c
--- /dev/null
+++ b/client/3rd/ShadowSocks/ShadowSocks/pcre/armv7s/share/doc/pcre/html/pcre_utf32_to_host_byte_order.html
@@ -0,0 +1,57 @@
+<html>
+<head>
+<title>pcre_utf32_to_host_byte_order specification</title>
+</head>
+<body bgcolor="#FFFFFF" text="#00005A" link="#0066FF" alink="#3399FF" vlink="#2222BB">
+<h1>pcre_utf32_to_host_byte_order man page</h1>
+<p>
+Return to the <a href="index.html">PCRE index page</a>.
+</p>
+<p>
+This page is part of the PCRE HTML documentation. It was generated automatically
+from the original man page. If there is any nonsense in it, please consult the
+man page, in case the conversion went wrong.
+<br>
+<br><b>
+SYNOPSIS
+</b><br>
+<P>
+<b>#include &#60;pcre.h&#62;</b>
+</P>
+<P>
+<b>int pcre32_utf32_to_host_byte_order(PCRE_UCHAR32 *<i>output</i>,</b>
+<b>     PCRE_SPTR32 <i>input</i>, int <i>length</i>, int *<i>host_byte_order</i>,</b>
+<b>     int <i>keep_boms</i>);</b>
+</P>
+<br><b>
+DESCRIPTION
+</b><br>
+<P>
+This function, which exists only in the 32-bit library, converts a UTF-32
+string to the correct order for the current host, taking account of any byte
+order marks (BOMs) within the string. Its arguments are:
+<pre>
+  <i>output</i>           pointer to output buffer, may be the same as <i>input</i>
+  <i>input</i>            pointer to input buffer
+  <i>length</i>           number of 32-bit units in the input, or negative for
+                     a zero-terminated string
+  <i>host_byte_order</i>  a NULL value or a non-zero value pointed to means
+                     start in host byte order
+  <i>keep_boms</i>        if non-zero, BOMs are copied to the output string
+</pre>
+The result of the function is the number of 32-bit units placed into the output
+buffer, including the zero terminator if the string was zero-terminated.
+</P>
+<P>
+If <i>host_byte_order</i> is not NULL, it is set to indicate the byte order that
+is current at the end of the string.
+</P>
+<P>
+There is a complete description of the PCRE native API in the
+<a href="pcreapi.html"><b>pcreapi</b></a>
+page and a description of the POSIX API in the
+<a href="pcreposix.html"><b>pcreposix</b></a>
+page.
+<p>
+Return to the <a href="index.html">PCRE index page</a>.
+</p>
diff --git a/client/3rd/ShadowSocks/ShadowSocks/pcre/armv7s/share/doc/pcre/html/pcre_version.html b/client/3rd/ShadowSocks/ShadowSocks/pcre/armv7s/share/doc/pcre/html/pcre_version.html
new file mode 100644
index 00000000..d33e7189
--- /dev/null
+++ b/client/3rd/ShadowSocks/ShadowSocks/pcre/armv7s/share/doc/pcre/html/pcre_version.html
@@ -0,0 +1,46 @@
+<html>
+<head>
+<title>pcre_version specification</title>
+</head>
+<body bgcolor="#FFFFFF" text="#00005A" link="#0066FF" alink="#3399FF" vlink="#2222BB">
+<h1>pcre_version man page</h1>
+<p>
+Return to the <a href="index.html">PCRE index page</a>.
+</p>
+<p>
+This page is part of the PCRE HTML documentation. It was generated automatically
+from the original man page. If there is any nonsense in it, please consult the
+man page, in case the conversion went wrong.
+<br>
+<br><b>
+SYNOPSIS
+</b><br>
+<P>
+<b>#include &#60;pcre.h&#62;</b>
+</P>
+<P>
+<b>const char *pcre_version(void);</b>
+</P>
+<P>
+<b>const char *pcre16_version(void);</b>
+</P>
+<P>
+<b>const char *pcre32_version(void);</b>
+</P>
+<br><b>
+DESCRIPTION
+</b><br>
+<P>
+This function (even in the 16-bit and 32-bit libraries) returns a
+zero-terminated, 8-bit character string that gives the version number of the
+PCRE library and the date of its release.
+</P>
+<P>
+There is a complete description of the PCRE native API in the
+<a href="pcreapi.html"><b>pcreapi</b></a>
+page and a description of the POSIX API in the
+<a href="pcreposix.html"><b>pcreposix</b></a>
+page.
+<p>
+Return to the <a href="index.html">PCRE index page</a>.
+</p>
diff --git a/client/3rd/ShadowSocks/ShadowSocks/pcre/armv7s/share/doc/pcre/html/pcreapi.html b/client/3rd/ShadowSocks/ShadowSocks/pcre/armv7s/share/doc/pcre/html/pcreapi.html
new file mode 100644
index 00000000..2d7adf18
--- /dev/null
+++ b/client/3rd/ShadowSocks/ShadowSocks/pcre/armv7s/share/doc/pcre/html/pcreapi.html
@@ -0,0 +1,2921 @@
+<html>
+<head>
+<title>pcreapi specification</title>
+</head>
+<body bgcolor="#FFFFFF" text="#00005A" link="#0066FF" alink="#3399FF" vlink="#2222BB">
+<h1>pcreapi man page</h1>
+<p>
+Return to the <a href="index.html">PCRE index page</a>.
+</p>
+<p>
+This page is part of the PCRE HTML documentation. It was generated automatically
+from the original man page. If there is any nonsense in it, please consult the
+man page, in case the conversion went wrong.
+<br>
+<ul>
+<li><a name="TOC1" href="#SEC1">PCRE NATIVE API BASIC FUNCTIONS</a>
+<li><a name="TOC2" href="#SEC2">PCRE NATIVE API STRING EXTRACTION FUNCTIONS</a>
+<li><a name="TOC3" href="#SEC3">PCRE NATIVE API AUXILIARY FUNCTIONS</a>
+<li><a name="TOC4" href="#SEC4">PCRE NATIVE API INDIRECTED FUNCTIONS</a>
+<li><a name="TOC5" href="#SEC5">PCRE 8-BIT, 16-BIT, AND 32-BIT LIBRARIES</a>
+<li><a name="TOC6" href="#SEC6">PCRE API OVERVIEW</a>
+<li><a name="TOC7" href="#SEC7">NEWLINES</a>
+<li><a name="TOC8" href="#SEC8">MULTITHREADING</a>
+<li><a name="TOC9" href="#SEC9">SAVING PRECOMPILED PATTERNS FOR LATER USE</a>
+<li><a name="TOC10" href="#SEC10">CHECKING BUILD-TIME OPTIONS</a>
+<li><a name="TOC11" href="#SEC11">COMPILING A PATTERN</a>
+<li><a name="TOC12" href="#SEC12">COMPILATION ERROR CODES</a>
+<li><a name="TOC13" href="#SEC13">STUDYING A PATTERN</a>
+<li><a name="TOC14" href="#SEC14">LOCALE SUPPORT</a>
+<li><a name="TOC15" href="#SEC15">INFORMATION ABOUT A PATTERN</a>
+<li><a name="TOC16" href="#SEC16">REFERENCE COUNTS</a>
+<li><a name="TOC17" href="#SEC17">MATCHING A PATTERN: THE TRADITIONAL FUNCTION</a>
+<li><a name="TOC18" href="#SEC18">EXTRACTING CAPTURED SUBSTRINGS BY NUMBER</a>
+<li><a name="TOC19" href="#SEC19">EXTRACTING CAPTURED SUBSTRINGS BY NAME</a>
+<li><a name="TOC20" href="#SEC20">DUPLICATE SUBPATTERN NAMES</a>
+<li><a name="TOC21" href="#SEC21">FINDING ALL POSSIBLE MATCHES</a>
+<li><a name="TOC22" href="#SEC22">OBTAINING AN ESTIMATE OF STACK USAGE</a>
+<li><a name="TOC23" href="#SEC23">MATCHING A PATTERN: THE ALTERNATIVE FUNCTION</a>
+<li><a name="TOC24" href="#SEC24">SEE ALSO</a>
+<li><a name="TOC25" href="#SEC25">AUTHOR</a>
+<li><a name="TOC26" href="#SEC26">REVISION</a>
+</ul>
+<P>
+<b>#include &#60;pcre.h&#62;</b>
+</P>
+<br><a name="SEC1" href="#TOC1">PCRE NATIVE API BASIC FUNCTIONS</a><br>
+<P>
+<b>pcre *pcre_compile(const char *<i>pattern</i>, int <i>options</i>,</b>
+<b>     const char **<i>errptr</i>, int *<i>erroffset</i>,</b>
+<b>     const unsigned char *<i>tableptr</i>);</b>
+<br>
+<br>
+<b>pcre *pcre_compile2(const char *<i>pattern</i>, int <i>options</i>,</b>
+<b>     int *<i>errorcodeptr</i>,</b>
+<b>     const char **<i>errptr</i>, int *<i>erroffset</i>,</b>
+<b>     const unsigned char *<i>tableptr</i>);</b>
+<br>
+<br>
+<b>pcre_extra *pcre_study(const pcre *<i>code</i>, int <i>options</i>,</b>
+<b>     const char **<i>errptr</i>);</b>
+<br>
+<br>
+<b>void pcre_free_study(pcre_extra *<i>extra</i>);</b>
+<br>
+<br>
+<b>int pcre_exec(const pcre *<i>code</i>, const pcre_extra *<i>extra</i>,</b>
+<b>     const char *<i>subject</i>, int <i>length</i>, int <i>startoffset</i>,</b>
+<b>     int <i>options</i>, int *<i>ovector</i>, int <i>ovecsize</i>);</b>
+<br>
+<br>
+<b>int pcre_dfa_exec(const pcre *<i>code</i>, const pcre_extra *<i>extra</i>,</b>
+<b>     const char *<i>subject</i>, int <i>length</i>, int <i>startoffset</i>,</b>
+<b>     int <i>options</i>, int *<i>ovector</i>, int <i>ovecsize</i>,</b>
+<b>     int *<i>workspace</i>, int <i>wscount</i>);</b>
+</P>
+<br><a name="SEC2" href="#TOC1">PCRE NATIVE API STRING EXTRACTION FUNCTIONS</a><br>
+<P>
+<b>int pcre_copy_named_substring(const pcre *<i>code</i>,</b>
+<b>     const char *<i>subject</i>, int *<i>ovector</i>,</b>
+<b>     int <i>stringcount</i>, const char *<i>stringname</i>,</b>
+<b>     char *<i>buffer</i>, int <i>buffersize</i>);</b>
+<br>
+<br>
+<b>int pcre_copy_substring(const char *<i>subject</i>, int *<i>ovector</i>,</b>
+<b>     int <i>stringcount</i>, int <i>stringnumber</i>, char *<i>buffer</i>,</b>
+<b>     int <i>buffersize</i>);</b>
+<br>
+<br>
+<b>int pcre_get_named_substring(const pcre *<i>code</i>,</b>
+<b>     const char *<i>subject</i>, int *<i>ovector</i>,</b>
+<b>     int <i>stringcount</i>, const char *<i>stringname</i>,</b>
+<b>     const char **<i>stringptr</i>);</b>
+<br>
+<br>
+<b>int pcre_get_stringnumber(const pcre *<i>code</i>,</b>
+<b>     const char *<i>name</i>);</b>
+<br>
+<br>
+<b>int pcre_get_stringtable_entries(const pcre *<i>code</i>,</b>
+<b>     const char *<i>name</i>, char **<i>first</i>, char **<i>last</i>);</b>
+<br>
+<br>
+<b>int pcre_get_substring(const char *<i>subject</i>, int *<i>ovector</i>,</b>
+<b>     int <i>stringcount</i>, int <i>stringnumber</i>,</b>
+<b>     const char **<i>stringptr</i>);</b>
+<br>
+<br>
+<b>int pcre_get_substring_list(const char *<i>subject</i>,</b>
+<b>     int *<i>ovector</i>, int <i>stringcount</i>, const char ***<i>listptr</i>);</b>
+<br>
+<br>
+<b>void pcre_free_substring(const char *<i>stringptr</i>);</b>
+<br>
+<br>
+<b>void pcre_free_substring_list(const char **<i>stringptr</i>);</b>
+</P>
+<br><a name="SEC3" href="#TOC1">PCRE NATIVE API AUXILIARY FUNCTIONS</a><br>
+<P>
+<b>int pcre_jit_exec(const pcre *<i>code</i>, const pcre_extra *<i>extra</i>,</b>
+<b>     const char *<i>subject</i>, int <i>length</i>, int <i>startoffset</i>,</b>
+<b>     int <i>options</i>, int *<i>ovector</i>, int <i>ovecsize</i>,</b>
+<b>     pcre_jit_stack *<i>jstack</i>);</b>
+<br>
+<br>
+<b>pcre_jit_stack *pcre_jit_stack_alloc(int <i>startsize</i>, int <i>maxsize</i>);</b>
+<br>
+<br>
+<b>void pcre_jit_stack_free(pcre_jit_stack *<i>stack</i>);</b>
+<br>
+<br>
+<b>void pcre_assign_jit_stack(pcre_extra *<i>extra</i>,</b>
+<b>     pcre_jit_callback <i>callback</i>, void *<i>data</i>);</b>
+<br>
+<br>
+<b>const unsigned char *pcre_maketables(void);</b>
+<br>
+<br>
+<b>int pcre_fullinfo(const pcre *<i>code</i>, const pcre_extra *<i>extra</i>,</b>
+<b>     int <i>what</i>, void *<i>where</i>);</b>
+<br>
+<br>
+<b>int pcre_refcount(pcre *<i>code</i>, int <i>adjust</i>);</b>
+<br>
+<br>
+<b>int pcre_config(int <i>what</i>, void *<i>where</i>);</b>
+<br>
+<br>
+<b>const char *pcre_version(void);</b>
+<br>
+<br>
+<b>int pcre_pattern_to_host_byte_order(pcre *<i>code</i>,</b>
+<b>     pcre_extra *<i>extra</i>, const unsigned char *<i>tables</i>);</b>
+</P>
+<br><a name="SEC4" href="#TOC1">PCRE NATIVE API INDIRECTED FUNCTIONS</a><br>
+<P>
+<b>void *(*pcre_malloc)(size_t);</b>
+<br>
+<br>
+<b>void (*pcre_free)(void *);</b>
+<br>
+<br>
+<b>void *(*pcre_stack_malloc)(size_t);</b>
+<br>
+<br>
+<b>void (*pcre_stack_free)(void *);</b>
+<br>
+<br>
+<b>int (*pcre_callout)(pcre_callout_block *);</b>
+<br>
+<br>
+<b>int (*pcre_stack_guard)(void);</b>
+</P>
+<br><a name="SEC5" href="#TOC1">PCRE 8-BIT, 16-BIT, AND 32-BIT LIBRARIES</a><br>
+<P>
+As well as support for 8-bit character strings, PCRE also supports 16-bit
+strings (from release 8.30) and 32-bit strings (from release 8.32), by means of
+two additional libraries. They can be built as well as, or instead of, the
+8-bit library. To avoid too much complication, this document describes the
+8-bit versions of the functions, with only occasional references to the 16-bit
+and 32-bit libraries.
+</P>
+<P>
+The 16-bit and 32-bit functions operate in the same way as their 8-bit
+counterparts; they just use different data types for their arguments and
+results, and their names start with <b>pcre16_</b> or <b>pcre32_</b> instead of
+<b>pcre_</b>. For every option that has UTF8 in its name (for example,
+PCRE_UTF8), there are corresponding 16-bit and 32-bit names with UTF8 replaced
+by UTF16 or UTF32, respectively. This facility is in fact just cosmetic; the
+16-bit and 32-bit option names define the same bit values.
+</P>
+<P>
+References to bytes and UTF-8 in this document should be read as references to
+16-bit data units and UTF-16 when using the 16-bit library, or 32-bit data
+units and UTF-32 when using the 32-bit library, unless specified otherwise.
+More details of the specific differences for the 16-bit and 32-bit libraries
+are given in the
+<a href="pcre16.html"><b>pcre16</b></a>
+and
+<a href="pcre32.html"><b>pcre32</b></a>
+pages.
+</P>
+<br><a name="SEC6" href="#TOC1">PCRE API OVERVIEW</a><br>
+<P>
+PCRE has its own native API, which is described in this document. There are
+also some wrapper functions (for the 8-bit library only) that correspond to the
+POSIX regular expression API, but they do not give access to all the
+functionality. They are described in the
+<a href="pcreposix.html"><b>pcreposix</b></a>
+documentation. Both of these APIs define a set of C function calls. A C++
+wrapper (again for the 8-bit library only) is also distributed with PCRE. It is
+documented in the
+<a href="pcrecpp.html"><b>pcrecpp</b></a>
+page.
+</P>
+<P>
+The native API C function prototypes are defined in the header file
+<b>pcre.h</b>, and on Unix-like systems the (8-bit) library itself is called
+<b>libpcre</b>. It can normally be accessed by adding <b>-lpcre</b> to the
+command for linking an application that uses PCRE. The header file defines the
+macros PCRE_MAJOR and PCRE_MINOR to contain the major and minor release numbers
+for the library. Applications can use these to include support for different
+releases of PCRE.
+</P>
+<P>
+In a Windows environment, if you want to statically link an application program
+against a non-dll <b>pcre.a</b> file, you must define PCRE_STATIC before
+including <b>pcre.h</b> or <b>pcrecpp.h</b>, because otherwise the
+<b>pcre_malloc()</b> and <b>pcre_free()</b> exported functions will be declared
+<b>__declspec(dllimport)</b>, with unwanted results.
+</P>
+<P>
+The functions <b>pcre_compile()</b>, <b>pcre_compile2()</b>, <b>pcre_study()</b>,
+and <b>pcre_exec()</b> are used for compiling and matching regular expressions
+in a Perl-compatible manner. A sample program that demonstrates the simplest
+way of using them is provided in the file called <i>pcredemo.c</i> in the PCRE
+source distribution. A listing of this program is given in the
+<a href="pcredemo.html"><b>pcredemo</b></a>
+documentation, and the
+<a href="pcresample.html"><b>pcresample</b></a>
+documentation describes how to compile and run it.
+</P>
+<P>
+Just-in-time compiler support is an optional feature of PCRE that can be built
+in appropriate hardware environments. It greatly speeds up the matching
+performance of many patterns. Simple programs can easily request that it be
+used if available, by setting an option that is ignored when it is not
+relevant. More complicated programs might need to make use of the functions
+<b>pcre_jit_stack_alloc()</b>, <b>pcre_jit_stack_free()</b>, and
+<b>pcre_assign_jit_stack()</b> in order to control the JIT code's memory usage.
+</P>
+<P>
+From release 8.32 there is also a direct interface for JIT execution, which
+gives improved performance. The JIT-specific functions are discussed in the
+<a href="pcrejit.html"><b>pcrejit</b></a>
+documentation.
+</P>
+<P>
+A second matching function, <b>pcre_dfa_exec()</b>, which is not
+Perl-compatible, is also provided. This uses a different algorithm for the
+matching. The alternative algorithm finds all possible matches (at a given
+point in the subject), and scans the subject just once (unless there are
+lookbehind assertions). However, this algorithm does not return captured
+substrings. A description of the two matching algorithms and their advantages
+and disadvantages is given in the
+<a href="pcrematching.html"><b>pcrematching</b></a>
+documentation.
+</P>
+<P>
+In addition to the main compiling and matching functions, there are convenience
+functions for extracting captured substrings from a subject string that is
+matched by <b>pcre_exec()</b>. They are:
+<pre>
+  <b>pcre_copy_substring()</b>
+  <b>pcre_copy_named_substring()</b>
+  <b>pcre_get_substring()</b>
+  <b>pcre_get_named_substring()</b>
+  <b>pcre_get_substring_list()</b>
+  <b>pcre_get_stringnumber()</b>
+  <b>pcre_get_stringtable_entries()</b>
+</pre>
+<b>pcre_free_substring()</b> and <b>pcre_free_substring_list()</b> are also
+provided, to free the memory used for extracted strings.
+</P>
+<P>
+The function <b>pcre_maketables()</b> is used to build a set of character tables
+in the current locale for passing to <b>pcre_compile()</b>, <b>pcre_exec()</b>,
+or <b>pcre_dfa_exec()</b>. This is an optional facility that is provided for
+specialist use. Most commonly, no special tables are passed, in which case
+internal tables that are generated when PCRE is built are used.
+</P>
+<P>
+The function <b>pcre_fullinfo()</b> is used to find out information about a
+compiled pattern. The function <b>pcre_version()</b> returns a pointer to a
+string containing the version of PCRE and its date of release.
+</P>
+<P>
+The function <b>pcre_refcount()</b> maintains a reference count in a data block
+containing a compiled pattern. This is provided for the benefit of
+object-oriented applications.
+</P>
+<P>
+The global variables <b>pcre_malloc</b> and <b>pcre_free</b> initially contain
+the entry points of the standard <b>malloc()</b> and <b>free()</b> functions,
+respectively. PCRE calls the memory management functions via these variables,
+so a calling program can replace them if it wishes to intercept the calls. This
+should be done before calling any PCRE functions.
+</P>
+<P>
+The global variables <b>pcre_stack_malloc</b> and <b>pcre_stack_free</b> are also
+indirections to memory management functions. These special functions are used
+only when PCRE is compiled to use the heap for remembering data, instead of
+recursive function calls, when running the <b>pcre_exec()</b> function. See the
+<a href="pcrebuild.html"><b>pcrebuild</b></a>
+documentation for details of how to do this. It is a non-standard way of
+building PCRE, for use in environments that have limited stacks. Because of the
+greater use of memory management, it runs more slowly. Separate functions are
+provided so that special-purpose external code can be used for this case. When
+used, these functions always allocate memory blocks of the same size. There is
+a discussion about PCRE's stack usage in the
+<a href="pcrestack.html"><b>pcrestack</b></a>
+documentation.
+</P>
+<P>
+The global variable <b>pcre_callout</b> initially contains NULL. It can be set
+by the caller to a "callout" function, which PCRE will then call at specified
+points during a matching operation. Details are given in the
+<a href="pcrecallout.html"><b>pcrecallout</b></a>
+documentation.
+</P>
+<P>
+The global variable <b>pcre_stack_guard</b> initially contains NULL. It can be
+set by the caller to a function that is called by PCRE whenever it starts
+to compile a parenthesized part of a pattern. When parentheses are nested, PCRE
+uses recursive function calls, which use up the system stack. This function is
+provided so that applications with restricted stacks can force a compilation
+error if the stack runs out. The function should return zero if all is well, or
+non-zero to force an error.
+<a name="newlines"></a></P>
+<br><a name="SEC7" href="#TOC1">NEWLINES</a><br>
+<P>
+PCRE supports five different conventions for indicating line breaks in
+strings: a single CR (carriage return) character, a single LF (linefeed)
+character, the two-character sequence CRLF, any of the three preceding, or any
+Unicode newline sequence. The Unicode newline sequences are the three just
+mentioned, plus the single characters VT (vertical tab, U+000B), FF (form feed,
+U+000C), NEL (next line, U+0085), LS (line separator, U+2028), and PS
+(paragraph separator, U+2029).
+</P>
+<P>
+Each of the first three conventions is used by at least one operating system as
+its standard newline sequence. When PCRE is built, a default can be specified.
+The default default is LF, which is the Unix standard. When PCRE is run, the
+default can be overridden, either when a pattern is compiled, or when it is
+matched.
+</P>
+<P>
+At compile time, the newline convention can be specified by the <i>options</i>
+argument of <b>pcre_compile()</b>, or it can be specified by special text at the
+start of the pattern itself; this overrides any other settings. See the
+<a href="pcrepattern.html"><b>pcrepattern</b></a>
+page for details of the special character sequences.
+</P>
+<P>
+In the PCRE documentation the word "newline" is used to mean "the character or
+pair of characters that indicate a line break". The choice of newline
+convention affects the handling of the dot, circumflex, and dollar
+metacharacters, the handling of #-comments in /x mode, and, when CRLF is a
+recognized line ending sequence, the match position advancement for a
+non-anchored pattern. There is more detail about this in the
+<a href="#execoptions">section on <b>pcre_exec()</b> options</a>
+below.
+</P>
+<P>
+The choice of newline convention does not affect the interpretation of
+the \n or \r escape sequences, nor does it affect what \R matches, which is
+controlled in a similar way, but by separate options.
+</P>
+<br><a name="SEC8" href="#TOC1">MULTITHREADING</a><br>
+<P>
+The PCRE functions can be used in multi-threading applications, with the
+proviso that the memory management functions pointed to by <b>pcre_malloc</b>,
+<b>pcre_free</b>, <b>pcre_stack_malloc</b>, and <b>pcre_stack_free</b>, and the
+callout and stack-checking functions pointed to by <b>pcre_callout</b> and
+<b>pcre_stack_guard</b>, are shared by all threads.
+</P>
+<P>
+The compiled form of a regular expression is not altered during matching, so
+the same compiled pattern can safely be used by several threads at once.
+</P>
+<P>
+If the just-in-time optimization feature is being used, it needs separate
+memory stack areas for each thread. See the
+<a href="pcrejit.html"><b>pcrejit</b></a>
+documentation for more details.
+</P>
+<br><a name="SEC9" href="#TOC1">SAVING PRECOMPILED PATTERNS FOR LATER USE</a><br>
+<P>
+The compiled form of a regular expression can be saved and re-used at a later
+time, possibly by a different program, and even on a host other than the one on
+which it was compiled. Details are given in the
+<a href="pcreprecompile.html"><b>pcreprecompile</b></a>
+documentation, which includes a description of the
+<b>pcre_pattern_to_host_byte_order()</b> function. However, compiling a regular
+expression with one version of PCRE for use with a different version is not
+guaranteed to work and may cause crashes.
+</P>
+<br><a name="SEC10" href="#TOC1">CHECKING BUILD-TIME OPTIONS</a><br>
+<P>
+<b>int pcre_config(int <i>what</i>, void *<i>where</i>);</b>
+</P>
+<P>
+The function <b>pcre_config()</b> makes it possible for a PCRE client to
+discover which optional features have been compiled into the PCRE library. The
+<a href="pcrebuild.html"><b>pcrebuild</b></a>
+documentation has more details about these optional features.
+</P>
+<P>
+The first argument for <b>pcre_config()</b> is an integer, specifying which
+information is required; the second argument is a pointer to a variable into
+which the information is placed. The returned value is zero on success, or the
+negative error code PCRE_ERROR_BADOPTION if the value in the first argument is
+not recognized. The following information is available:
+<pre>
+  PCRE_CONFIG_UTF8
+</pre>
+The output is an integer that is set to one if UTF-8 support is available;
+otherwise it is set to zero. This value should normally be given to the 8-bit
+version of this function, <b>pcre_config()</b>. If it is given to the 16-bit
+or 32-bit version of this function, the result is PCRE_ERROR_BADOPTION.
+<pre>
+  PCRE_CONFIG_UTF16
+</pre>
+The output is an integer that is set to one if UTF-16 support is available;
+otherwise it is set to zero. This value should normally be given to the 16-bit
+version of this function, <b>pcre16_config()</b>. If it is given to the 8-bit
+or 32-bit version of this function, the result is PCRE_ERROR_BADOPTION.
+<pre>
+  PCRE_CONFIG_UTF32
+</pre>
+The output is an integer that is set to one if UTF-32 support is available;
+otherwise it is set to zero. This value should normally be given to the 32-bit
+version of this function, <b>pcre32_config()</b>. If it is given to the 8-bit
+or 16-bit version of this function, the result is PCRE_ERROR_BADOPTION.
+<pre>
+  PCRE_CONFIG_UNICODE_PROPERTIES
+</pre>
+The output is an integer that is set to one if support for Unicode character
+properties is available; otherwise it is set to zero.
+<pre>
+  PCRE_CONFIG_JIT
+</pre>
+The output is an integer that is set to one if support for just-in-time
+compiling is available; otherwise it is set to zero.
+<pre>
+  PCRE_CONFIG_JITTARGET
+</pre>
+The output is a pointer to a zero-terminated "const char *" string. If JIT
+support is available, the string contains the name of the architecture for
+which the JIT compiler is configured, for example "x86 32bit (little endian +
+unaligned)". If JIT support is not available, the result is NULL.
+<pre>
+  PCRE_CONFIG_NEWLINE
+</pre>
+The output is an integer whose value specifies the default character sequence
+that is recognized as meaning "newline". The values that are supported in
+ASCII/Unicode environments are: 10 for LF, 13 for CR, 3338 for CRLF, -2 for
+ANYCRLF, and -1 for ANY. In EBCDIC environments, CR, ANYCRLF, and ANY yield the
+same values. However, the value for LF is normally 21, though some EBCDIC
+environments use 37. The corresponding values for CRLF are 3349 and 3365. The
+default should normally correspond to the standard sequence for your operating
+system.
+<pre>
+  PCRE_CONFIG_BSR
+</pre>
+The output is an integer whose value indicates what character sequences the \R
+escape sequence matches by default. A value of 0 means that \R matches any
+Unicode line ending sequence; a value of 1 means that \R matches only CR, LF,
+or CRLF. The default can be overridden when a pattern is compiled or matched.
+<pre>
+  PCRE_CONFIG_LINK_SIZE
+</pre>
+The output is an integer that contains the number of bytes used for internal
+linkage in compiled regular expressions. For the 8-bit library, the value can
+be 2, 3, or 4. For the 16-bit library, the value is either 2 or 4 and is still
+a number of bytes. For the 32-bit library, the value is either 2 or 4 and is
+still a number of bytes. The default value of 2 is sufficient for all but the
+most massive patterns, since it allows the compiled pattern to be up to 64K in
+size. Larger values allow larger regular expressions to be compiled, at the
+expense of slower matching.
+<pre>
+  PCRE_CONFIG_POSIX_MALLOC_THRESHOLD
+</pre>
+The output is an integer that contains the threshold above which the POSIX
+interface uses <b>malloc()</b> for output vectors. Further details are given in
+the
+<a href="pcreposix.html"><b>pcreposix</b></a>
+documentation.
+<pre>
+  PCRE_CONFIG_PARENS_LIMIT
+</pre>
+The output is a long integer that gives the maximum depth of nesting of
+parentheses (of any kind) in a pattern. This limit is imposed to cap the amount
+of system stack used when a pattern is compiled. It is specified when PCRE is
+built; the default is 250. This limit does not take into account the stack that
+may already be used by the calling application. For finer control over
+compilation stack usage, you can set a pointer to an external checking function
+in <b>pcre_stack_guard</b>.
+<pre>
+  PCRE_CONFIG_MATCH_LIMIT
+</pre>
+The output is a long integer that gives the default limit for the number of
+internal matching function calls in a <b>pcre_exec()</b> execution. Further
+details are given with <b>pcre_exec()</b> below.
+<pre>
+  PCRE_CONFIG_MATCH_LIMIT_RECURSION
+</pre>
+The output is a long integer that gives the default limit for the depth of
+recursion when calling the internal matching function in a <b>pcre_exec()</b>
+execution. Further details are given with <b>pcre_exec()</b> below.
+<pre>
+  PCRE_CONFIG_STACKRECURSE
+</pre>
+The output is an integer that is set to one if internal recursion when running
+<b>pcre_exec()</b> is implemented by recursive function calls that use the stack
+to remember their state. This is the usual way that PCRE is compiled. The
+output is zero if PCRE was compiled to use blocks of data on the heap instead
+of recursive function calls. In this case, <b>pcre_stack_malloc</b> and
+<b>pcre_stack_free</b> are called to manage memory blocks on the heap, thus
+avoiding the use of the stack.
+</P>
+<br><a name="SEC11" href="#TOC1">COMPILING A PATTERN</a><br>
+<P>
+<b>pcre *pcre_compile(const char *<i>pattern</i>, int <i>options</i>,</b>
+<b>     const char **<i>errptr</i>, int *<i>erroffset</i>,</b>
+<b>     const unsigned char *<i>tableptr</i>);</b>
+<br>
+<br>
+<b>pcre *pcre_compile2(const char *<i>pattern</i>, int <i>options</i>,</b>
+<b>     int *<i>errorcodeptr</i>,</b>
+<b>     const char **<i>errptr</i>, int *<i>erroffset</i>,</b>
+<b>     const unsigned char *<i>tableptr</i>);</b>
+</P>
+<P>
+Either of the functions <b>pcre_compile()</b> or <b>pcre_compile2()</b> can be
+called to compile a pattern into an internal form. The only difference between
+the two interfaces is that <b>pcre_compile2()</b> has an additional argument,
+<i>errorcodeptr</i>, via which a numerical error code can be returned. To avoid
+too much repetition, we refer just to <b>pcre_compile()</b> below, but the
+information applies equally to <b>pcre_compile2()</b>.
+</P>
+<P>
+The pattern is a C string terminated by a binary zero, and is passed in the
+<i>pattern</i> argument. A pointer to a single block of memory that is obtained
+via <b>pcre_malloc</b> is returned. This contains the compiled code and related
+data. The <b>pcre</b> type is defined for the returned block; this is a typedef
+for a structure whose contents are not externally defined. It is up to the
+caller to free the memory (via <b>pcre_free</b>) when it is no longer required.
+</P>
+<P>
+Although the compiled code of a PCRE regex is relocatable, that is, it does not
+depend on memory location, the complete <b>pcre</b> data block is not
+fully relocatable, because it may contain a copy of the <i>tableptr</i>
+argument, which is an address (see below).
+</P>
+<P>
+The <i>options</i> argument contains various bit settings that affect the
+compilation. It should be zero if no options are required. The available
+options are described below. Some of them (in particular, those that are
+compatible with Perl, but some others as well) can also be set and unset from
+within the pattern (see the detailed description in the
+<a href="pcrepattern.html"><b>pcrepattern</b></a>
+documentation). For those options that can be different in different parts of
+the pattern, the contents of the <i>options</i> argument specifies their
+settings at the start of compilation and execution. The PCRE_ANCHORED,
+PCRE_BSR_<i>xxx</i>, PCRE_NEWLINE_<i>xxx</i>, PCRE_NO_UTF8_CHECK, and
+PCRE_NO_START_OPTIMIZE options can be set at the time of matching as well as at
+compile time.
+</P>
+<P>
+If <i>errptr</i> is NULL, <b>pcre_compile()</b> returns NULL immediately.
+Otherwise, if compilation of a pattern fails, <b>pcre_compile()</b> returns
+NULL, and sets the variable pointed to by <i>errptr</i> to point to a textual
+error message. This is a static string that is part of the library. You must
+not try to free it. Normally, the offset from the start of the pattern to the
+data unit that was being processed when the error was discovered is placed in
+the variable pointed to by <i>erroffset</i>, which must not be NULL (if it is,
+an immediate error is given). However, for an invalid UTF-8 or UTF-16 string,
+the offset is that of the first data unit of the failing character.
+</P>
+<P>
+Some errors are not detected until the whole pattern has been scanned; in these
+cases, the offset passed back is the length of the pattern. Note that the
+offset is in data units, not characters, even in a UTF mode. It may sometimes
+point into the middle of a UTF-8 or UTF-16 character.
+</P>
+<P>
+If <b>pcre_compile2()</b> is used instead of <b>pcre_compile()</b>, and the
+<i>errorcodeptr</i> argument is not NULL, a non-zero error code number is
+returned via this argument in the event of an error. This is in addition to the
+textual error message. Error codes and messages are listed below.
+</P>
+<P>
+If the final argument, <i>tableptr</i>, is NULL, PCRE uses a default set of
+character tables that are built when PCRE is compiled, using the default C
+locale. Otherwise, <i>tableptr</i> must be an address that is the result of a
+call to <b>pcre_maketables()</b>. This value is stored with the compiled
+pattern, and used again by <b>pcre_exec()</b> and <b>pcre_dfa_exec()</b> when the
+pattern is matched. For more discussion, see the section on locale support
+below.
+</P>
+<P>
+This code fragment shows a typical straightforward call to <b>pcre_compile()</b>:
+<pre>
+  pcre *re;
+  const char *error;
+  int erroffset;
+  re = pcre_compile(
+    "^A.*Z",          /* the pattern */
+    0,                /* default options */
+    &error,           /* for error message */
+    &erroffset,       /* for error offset */
+    NULL);            /* use default character tables */
+</pre>
+The following names for option bits are defined in the <b>pcre.h</b> header
+file:
+<pre>
+  PCRE_ANCHORED
+</pre>
+If this bit is set, the pattern is forced to be "anchored", that is, it is
+constrained to match only at the first matching point in the string that is
+being searched (the "subject string"). This effect can also be achieved by
+appropriate constructs in the pattern itself, which is the only way to do it in
+Perl.
+<pre>
+  PCRE_AUTO_CALLOUT
+</pre>
+If this bit is set, <b>pcre_compile()</b> automatically inserts callout items,
+all with number 255, before each pattern item. For discussion of the callout
+facility, see the
+<a href="pcrecallout.html"><b>pcrecallout</b></a>
+documentation.
+<pre>
+  PCRE_BSR_ANYCRLF
+  PCRE_BSR_UNICODE
+</pre>
+These options (which are mutually exclusive) control what the \R escape
+sequence matches. The choice is either to match only CR, LF, or CRLF, or to
+match any Unicode newline sequence. The default is specified when PCRE is
+built. It can be overridden from within the pattern, or by setting an option
+when a compiled pattern is matched.
+<pre>
+  PCRE_CASELESS
+</pre>
+If this bit is set, letters in the pattern match both upper and lower case
+letters. It is equivalent to Perl's /i option, and it can be changed within a
+pattern by a (?i) option setting. In UTF-8 mode, PCRE always understands the
+concept of case for characters whose values are less than 128, so caseless
+matching is always possible. For characters with higher values, the concept of
+case is supported if PCRE is compiled with Unicode property support, but not
+otherwise. If you want to use caseless matching for characters 128 and above,
+you must ensure that PCRE is compiled with Unicode property support as well as
+with UTF-8 support.
+<pre>
+  PCRE_DOLLAR_ENDONLY
+</pre>
+If this bit is set, a dollar metacharacter in the pattern matches only at the
+end of the subject string. Without this option, a dollar also matches
+immediately before a newline at the end of the string (but not before any other
+newlines). The PCRE_DOLLAR_ENDONLY option is ignored if PCRE_MULTILINE is set.
+There is no equivalent to this option in Perl, and no way to set it within a
+pattern.
+<pre>
+  PCRE_DOTALL
+</pre>
+If this bit is set, a dot metacharacter in the pattern matches a character of
+any value, including one that indicates a newline. However, it only ever
+matches one character, even if newlines are coded as CRLF. Without this option,
+a dot does not match when the current position is at a newline. This option is
+equivalent to Perl's /s option, and it can be changed within a pattern by a
+(?s) option setting. A negative class such as [^a] always matches newline
+characters, independent of the setting of this option.
+<pre>
+  PCRE_DUPNAMES
+</pre>
+If this bit is set, names used to identify capturing subpatterns need not be
+unique. This can be helpful for certain types of pattern when it is known that
+only one instance of the named subpattern can ever be matched. There are more
+details of named subpatterns below; see also the
+<a href="pcrepattern.html"><b>pcrepattern</b></a>
+documentation.
+<pre>
+  PCRE_EXTENDED
+</pre>
+If this bit is set, most white space characters in the pattern are totally
+ignored except when escaped or inside a character class. However, white space
+is not allowed within sequences such as (?&#62; that introduce various
+parenthesized subpatterns, nor within a numerical quantifier such as {1,3}.
+However, ignorable white space is permitted between an item and a following
+quantifier and between a quantifier and a following + that indicates
+possessiveness.
+</P>
+<P>
+White space did not used to include the VT character (code 11), because Perl
+did not treat this character as white space. However, Perl changed at release
+5.18, so PCRE followed at release 8.34, and VT is now treated as white space.
+</P>
+<P>
+PCRE_EXTENDED also causes characters between an unescaped # outside a character
+class and the next newline, inclusive, to be ignored. PCRE_EXTENDED is
+equivalent to Perl's /x option, and it can be changed within a pattern by a
+(?x) option setting.
+</P>
+<P>
+Which characters are interpreted as newlines is controlled by the options
+passed to <b>pcre_compile()</b> or by a special sequence at the start of the
+pattern, as described in the section entitled
+<a href="pcrepattern.html#newlines">"Newline conventions"</a>
+in the <b>pcrepattern</b> documentation. Note that the end of this type of
+comment is a literal newline sequence in the pattern; escape sequences that
+happen to represent a newline do not count.
+</P>
+<P>
+This option makes it possible to include comments inside complicated patterns.
+Note, however, that this applies only to data characters. White space characters
+may never appear within special character sequences in a pattern, for example
+within the sequence (?( that introduces a conditional subpattern.
+<pre>
+  PCRE_EXTRA
+</pre>
+This option was invented in order to turn on additional functionality of PCRE
+that is incompatible with Perl, but it is currently of very little use. When
+set, any backslash in a pattern that is followed by a letter that has no
+special meaning causes an error, thus reserving these combinations for future
+expansion. By default, as in Perl, a backslash followed by a letter with no
+special meaning is treated as a literal. (Perl can, however, be persuaded to
+give an error for this, by running it with the -w option.) There are at present
+no other features controlled by this option. It can also be set by a (?X)
+option setting within a pattern.
+<pre>
+  PCRE_FIRSTLINE
+</pre>
+If this option is set, an unanchored pattern is required to match before or at
+the first newline in the subject string, though the matched text may continue
+over the newline.
+<pre>
+  PCRE_JAVASCRIPT_COMPAT
+</pre>
+If this option is set, PCRE's behaviour is changed in some ways so that it is
+compatible with JavaScript rather than Perl. The changes are as follows:
+</P>
+<P>
+(1) A lone closing square bracket in a pattern causes a compile-time error,
+because this is illegal in JavaScript (by default it is treated as a data
+character). Thus, the pattern AB]CD becomes illegal when this option is set.
+</P>
+<P>
+(2) At run time, a back reference to an unset subpattern group matches an empty
+string (by default this causes the current matching alternative to fail). A
+pattern such as (\1)(a) succeeds when this option is set (assuming it can find
+an "a" in the subject), whereas it fails by default, for Perl compatibility.
+</P>
+<P>
+(3) \U matches an upper case "U" character; by default \U causes a compile
+time error (Perl uses \U to upper case subsequent characters).
+</P>
+<P>
+(4) \u matches a lower case "u" character unless it is followed by four
+hexadecimal digits, in which case the hexadecimal number defines the code point
+to match. By default, \u causes a compile time error (Perl uses it to upper
+case the following character).
+</P>
+<P>
+(5) \x matches a lower case "x" character unless it is followed by two
+hexadecimal digits, in which case the hexadecimal number defines the code point
+to match. By default, as in Perl, a hexadecimal number is always expected after
+\x, but it may have zero, one, or two digits (so, for example, \xz matches a
+binary zero character followed by z).
+<pre>
+  PCRE_MULTILINE
+</pre>
+By default, for the purposes of matching "start of line" and "end of line",
+PCRE treats the subject string as consisting of a single line of characters,
+even if it actually contains newlines. The "start of line" metacharacter (^)
+matches only at the start of the string, and the "end of line" metacharacter
+($) matches only at the end of the string, or before a terminating newline
+(except when PCRE_DOLLAR_ENDONLY is set). Note, however, that unless
+PCRE_DOTALL is set, the "any character" metacharacter (.) does not match at a
+newline. This behaviour (for ^, $, and dot) is the same as Perl.
+</P>
+<P>
+When PCRE_MULTILINE it is set, the "start of line" and "end of line" constructs
+match immediately following or immediately before internal newlines in the
+subject string, respectively, as well as at the very start and end. This is
+equivalent to Perl's /m option, and it can be changed within a pattern by a
+(?m) option setting. If there are no newlines in a subject string, or no
+occurrences of ^ or $ in a pattern, setting PCRE_MULTILINE has no effect.
+<pre>
+  PCRE_NEVER_UTF
+</pre>
+This option locks out interpretation of the pattern as UTF-8 (or UTF-16 or
+UTF-32 in the 16-bit and 32-bit libraries). In particular, it prevents the
+creator of the pattern from switching to UTF interpretation by starting the
+pattern with (*UTF). This may be useful in applications that process patterns
+from external sources. The combination of PCRE_UTF8 and PCRE_NEVER_UTF also
+causes an error.
+<pre>
+  PCRE_NEWLINE_CR
+  PCRE_NEWLINE_LF
+  PCRE_NEWLINE_CRLF
+  PCRE_NEWLINE_ANYCRLF
+  PCRE_NEWLINE_ANY
+</pre>
+These options override the default newline definition that was chosen when PCRE
+was built. Setting the first or the second specifies that a newline is
+indicated by a single character (CR or LF, respectively). Setting
+PCRE_NEWLINE_CRLF specifies that a newline is indicated by the two-character
+CRLF sequence. Setting PCRE_NEWLINE_ANYCRLF specifies that any of the three
+preceding sequences should be recognized. Setting PCRE_NEWLINE_ANY specifies
+that any Unicode newline sequence should be recognized.
+</P>
+<P>
+In an ASCII/Unicode environment, the Unicode newline sequences are the three
+just mentioned, plus the single characters VT (vertical tab, U+000B), FF (form
+feed, U+000C), NEL (next line, U+0085), LS (line separator, U+2028), and PS
+(paragraph separator, U+2029). For the 8-bit library, the last two are
+recognized only in UTF-8 mode.
+</P>
+<P>
+When PCRE is compiled to run in an EBCDIC (mainframe) environment, the code for
+CR is 0x0d, the same as ASCII. However, the character code for LF is normally
+0x15, though in some EBCDIC environments 0x25 is used. Whichever of these is
+not LF is made to correspond to Unicode's NEL character. EBCDIC codes are all
+less than 256. For more details, see the
+<a href="pcrebuild.html"><b>pcrebuild</b></a>
+documentation.
+</P>
+<P>
+The newline setting in the options word uses three bits that are treated
+as a number, giving eight possibilities. Currently only six are used (default
+plus the five values above). This means that if you set more than one newline
+option, the combination may or may not be sensible. For example,
+PCRE_NEWLINE_CR with PCRE_NEWLINE_LF is equivalent to PCRE_NEWLINE_CRLF, but
+other combinations may yield unused numbers and cause an error.
+</P>
+<P>
+The only time that a line break in a pattern is specially recognized when
+compiling is when PCRE_EXTENDED is set. CR and LF are white space characters,
+and so are ignored in this mode. Also, an unescaped # outside a character class
+indicates a comment that lasts until after the next line break sequence. In
+other circumstances, line break sequences in patterns are treated as literal
+data.
+</P>
+<P>
+The newline option that is set at compile time becomes the default that is used
+for <b>pcre_exec()</b> and <b>pcre_dfa_exec()</b>, but it can be overridden.
+<pre>
+  PCRE_NO_AUTO_CAPTURE
+</pre>
+If this option is set, it disables the use of numbered capturing parentheses in
+the pattern. Any opening parenthesis that is not followed by ? behaves as if it
+were followed by ?: but named parentheses can still be used for capturing (and
+they acquire numbers in the usual way). There is no equivalent of this option
+in Perl.
+<pre>
+  PCRE_NO_AUTO_POSSESS
+</pre>
+If this option is set, it disables "auto-possessification". This is an
+optimization that, for example, turns a+b into a++b in order to avoid
+backtracks into a+ that can never be successful. However, if callouts are in
+use, auto-possessification means that some of them are never taken. You can set
+this option if you want the matching functions to do a full unoptimized search
+and run all the callouts, but it is mainly provided for testing purposes.
+<pre>
+  PCRE_NO_START_OPTIMIZE
+</pre>
+This is an option that acts at matching time; that is, it is really an option
+for <b>pcre_exec()</b> or <b>pcre_dfa_exec()</b>. If it is set at compile time,
+it is remembered with the compiled pattern and assumed at matching time. This
+is necessary if you want to use JIT execution, because the JIT compiler needs
+to know whether or not this option is set. For details see the discussion of
+PCRE_NO_START_OPTIMIZE
+<a href="#execoptions">below.</a>
+<pre>
+  PCRE_UCP
+</pre>
+This option changes the way PCRE processes \B, \b, \D, \d, \S, \s, \W,
+\w, and some of the POSIX character classes. By default, only ASCII characters
+are recognized, but if PCRE_UCP is set, Unicode properties are used instead to
+classify characters. More details are given in the section on
+<a href="pcre.html#genericchartypes">generic character types</a>
+in the
+<a href="pcrepattern.html"><b>pcrepattern</b></a>
+page. If you set PCRE_UCP, matching one of the items it affects takes much
+longer. The option is available only if PCRE has been compiled with Unicode
+property support.
+<pre>
+  PCRE_UNGREEDY
+</pre>
+This option inverts the "greediness" of the quantifiers so that they are not
+greedy by default, but become greedy if followed by "?". It is not compatible
+with Perl. It can also be set by a (?U) option setting within the pattern.
+<pre>
+  PCRE_UTF8
+</pre>
+This option causes PCRE to regard both the pattern and the subject as strings
+of UTF-8 characters instead of single-byte strings. However, it is available
+only when PCRE is built to include UTF support. If not, the use of this option
+provokes an error. Details of how this option changes the behaviour of PCRE are
+given in the
+<a href="pcreunicode.html"><b>pcreunicode</b></a>
+page.
+<pre>
+  PCRE_NO_UTF8_CHECK
+</pre>
+When PCRE_UTF8 is set, the validity of the pattern as a UTF-8 string is
+automatically checked. There is a discussion about the
+<a href="pcreunicode.html#utf8strings">validity of UTF-8 strings</a>
+in the
+<a href="pcreunicode.html"><b>pcreunicode</b></a>
+page. If an invalid UTF-8 sequence is found, <b>pcre_compile()</b> returns an
+error. If you already know that your pattern is valid, and you want to skip
+this check for performance reasons, you can set the PCRE_NO_UTF8_CHECK option.
+When it is set, the effect of passing an invalid UTF-8 string as a pattern is
+undefined. It may cause your program to crash or loop. Note that this option
+can also be passed to <b>pcre_exec()</b> and <b>pcre_dfa_exec()</b>, to suppress
+the validity checking of subject strings only. If the same string is being
+matched many times, the option can be safely set for the second and subsequent
+matchings to improve performance.
+</P>
+<br><a name="SEC12" href="#TOC1">COMPILATION ERROR CODES</a><br>
+<P>
+The following table lists the error codes than may be returned by
+<b>pcre_compile2()</b>, along with the error messages that may be returned by
+both compiling functions. Note that error messages are always 8-bit ASCII
+strings, even in 16-bit or 32-bit mode. As PCRE has developed, some error codes
+have fallen out of use. To avoid confusion, they have not been re-used.
+<pre>
+   0  no error
+   1  \ at end of pattern
+   2  \c at end of pattern
+   3  unrecognized character follows \
+   4  numbers out of order in {} quantifier
+   5  number too big in {} quantifier
+   6  missing terminating ] for character class
+   7  invalid escape sequence in character class
+   8  range out of order in character class
+   9  nothing to repeat
+  10  [this code is not in use]
+  11  internal error: unexpected repeat
+  12  unrecognized character after (? or (?-
+  13  POSIX named classes are supported only within a class
+  14  missing )
+  15  reference to non-existent subpattern
+  16  erroffset passed as NULL
+  17  unknown option bit(s) set
+  18  missing ) after comment
+  19  [this code is not in use]
+  20  regular expression is too large
+  21  failed to get memory
+  22  unmatched parentheses
+  23  internal error: code overflow
+  24  unrecognized character after (?&#60;
+  25  lookbehind assertion is not fixed length
+  26  malformed number or name after (?(
+  27  conditional group contains more than two branches
+  28  assertion expected after (?(
+  29  (?R or (?[+-]digits must be followed by )
+  30  unknown POSIX class name
+  31  POSIX collating elements are not supported
+  32  this version of PCRE is compiled without UTF support
+  33  [this code is not in use]
+  34  character value in \x{} or \o{} is too large
+  35  invalid condition (?(0)
+  36  \C not allowed in lookbehind assertion
+  37  PCRE does not support \L, \l, \N{name}, \U, or \u
+  38  number after (?C is &#62; 255
+  39  closing ) for (?C expected
+  40  recursive call could loop indefinitely
+  41  unrecognized character after (?P
+  42  syntax error in subpattern name (missing terminator)
+  43  two named subpatterns have the same name
+  44  invalid UTF-8 string (specifically UTF-8)
+  45  support for \P, \p, and \X has not been compiled
+  46  malformed \P or \p sequence
+  47  unknown property name after \P or \p
+  48  subpattern name is too long (maximum 32 characters)
+  49  too many named subpatterns (maximum 10000)
+  50  [this code is not in use]
+  51  octal value is greater than \377 in 8-bit non-UTF-8 mode
+  52  internal error: overran compiling workspace
+  53  internal error: previously-checked referenced subpattern
+        not found
+  54  DEFINE group contains more than one branch
+  55  repeating a DEFINE group is not allowed
+  56  inconsistent NEWLINE options
+  57  \g is not followed by a braced, angle-bracketed, or quoted
+        name/number or by a plain number
+  58  a numbered reference must not be zero
+  59  an argument is not allowed for (*ACCEPT), (*FAIL), or (*COMMIT)
+  60  (*VERB) not recognized or malformed
+  61  number is too big
+  62  subpattern name expected
+  63  digit expected after (?+
+  64  ] is an invalid data character in JavaScript compatibility mode
+  65  different names for subpatterns of the same number are
+        not allowed
+  66  (*MARK) must have an argument
+  67  this version of PCRE is not compiled with Unicode property
+        support
+  68  \c must be followed by an ASCII character
+  69  \k is not followed by a braced, angle-bracketed, or quoted name
+  70  internal error: unknown opcode in find_fixedlength()
+  71  \N is not supported in a class
+  72  too many forward references
+  73  disallowed Unicode code point (&#62;= 0xd800 && &#60;= 0xdfff)
+  74  invalid UTF-16 string (specifically UTF-16)
+  75  name is too long in (*MARK), (*PRUNE), (*SKIP), or (*THEN)
+  76  character value in \u.... sequence is too large
+  77  invalid UTF-32 string (specifically UTF-32)
+  78  setting UTF is disabled by the application
+  79  non-hex character in \x{} (closing brace missing?)
+  80  non-octal character in \o{} (closing brace missing?)
+  81  missing opening brace after \o
+  82  parentheses are too deeply nested
+  83  invalid range in character class
+  84  group name must start with a non-digit
+  85  parentheses are too deeply nested (stack check)
+</pre>
+The numbers 32 and 10000 in errors 48 and 49 are defaults; different values may
+be used if the limits were changed when PCRE was built.
+<a name="studyingapattern"></a></P>
+<br><a name="SEC13" href="#TOC1">STUDYING A PATTERN</a><br>
+<P>
+<b>pcre_extra *pcre_study(const pcre *<i>code</i>, int <i>options</i>,</b>
+<b>     const char **<i>errptr</i>);</b>
+</P>
+<P>
+If a compiled pattern is going to be used several times, it is worth spending
+more time analyzing it in order to speed up the time taken for matching. The
+function <b>pcre_study()</b> takes a pointer to a compiled pattern as its first
+argument. If studying the pattern produces additional information that will
+help speed up matching, <b>pcre_study()</b> returns a pointer to a
+<b>pcre_extra</b> block, in which the <i>study_data</i> field points to the
+results of the study.
+</P>
+<P>
+The returned value from <b>pcre_study()</b> can be passed directly to
+<b>pcre_exec()</b> or <b>pcre_dfa_exec()</b>. However, a <b>pcre_extra</b> block
+also contains other fields that can be set by the caller before the block is
+passed; these are described
+<a href="#extradata">below</a>
+in the section on matching a pattern.
+</P>
+<P>
+If studying the pattern does not produce any useful information,
+<b>pcre_study()</b> returns NULL by default. In that circumstance, if the
+calling program wants to pass any of the other fields to <b>pcre_exec()</b> or
+<b>pcre_dfa_exec()</b>, it must set up its own <b>pcre_extra</b> block. However,
+if <b>pcre_study()</b> is called with the PCRE_STUDY_EXTRA_NEEDED option, it
+returns a <b>pcre_extra</b> block even if studying did not find any additional
+information. It may still return NULL, however, if an error occurs in
+<b>pcre_study()</b>.
+</P>
+<P>
+The second argument of <b>pcre_study()</b> contains option bits. There are three
+further options in addition to PCRE_STUDY_EXTRA_NEEDED:
+<pre>
+  PCRE_STUDY_JIT_COMPILE
+  PCRE_STUDY_JIT_PARTIAL_HARD_COMPILE
+  PCRE_STUDY_JIT_PARTIAL_SOFT_COMPILE
+</pre>
+If any of these are set, and the just-in-time compiler is available, the
+pattern is further compiled into machine code that executes much faster than
+the <b>pcre_exec()</b> interpretive matching function. If the just-in-time
+compiler is not available, these options are ignored. All undefined bits in the
+<i>options</i> argument must be zero.
+</P>
+<P>
+JIT compilation is a heavyweight optimization. It can take some time for
+patterns to be analyzed, and for one-off matches and simple patterns the
+benefit of faster execution might be offset by a much slower study time.
+Not all patterns can be optimized by the JIT compiler. For those that cannot be
+handled, matching automatically falls back to the <b>pcre_exec()</b>
+interpreter. For more details, see the
+<a href="pcrejit.html"><b>pcrejit</b></a>
+documentation.
+</P>
+<P>
+The third argument for <b>pcre_study()</b> is a pointer for an error message. If
+studying succeeds (even if no data is returned), the variable it points to is
+set to NULL. Otherwise it is set to point to a textual error message. This is a
+static string that is part of the library. You must not try to free it. You
+should test the error pointer for NULL after calling <b>pcre_study()</b>, to be
+sure that it has run successfully.
+</P>
+<P>
+When you are finished with a pattern, you can free the memory used for the
+study data by calling <b>pcre_free_study()</b>. This function was added to the
+API for release 8.20. For earlier versions, the memory could be freed with
+<b>pcre_free()</b>, just like the pattern itself. This will still work in cases
+where JIT optimization is not used, but it is advisable to change to the new
+function when convenient.
+</P>
+<P>
+This is a typical way in which <b>pcre_study</b>() is used (except that in a
+real application there should be tests for errors):
+<pre>
+  int rc;
+  pcre *re;
+  pcre_extra *sd;
+  re = pcre_compile("pattern", 0, &error, &erroroffset, NULL);
+  sd = pcre_study(
+    re,             /* result of pcre_compile() */
+    0,              /* no options */
+    &error);        /* set to NULL or points to a message */
+  rc = pcre_exec(   /* see below for details of pcre_exec() options */
+    re, sd, "subject", 7, 0, 0, ovector, 30);
+  ...
+  pcre_free_study(sd);
+  pcre_free(re);
+</pre>
+Studying a pattern does two things: first, a lower bound for the length of
+subject string that is needed to match the pattern is computed. This does not
+mean that there are any strings of that length that match, but it does
+guarantee that no shorter strings match. The value is used to avoid wasting
+time by trying to match strings that are shorter than the lower bound. You can
+find out the value in a calling program via the <b>pcre_fullinfo()</b> function.
+</P>
+<P>
+Studying a pattern is also useful for non-anchored patterns that do not have a
+single fixed starting character. A bitmap of possible starting bytes is
+created. This speeds up finding a position in the subject at which to start
+matching. (In 16-bit mode, the bitmap is used for 16-bit values less than 256.
+In 32-bit mode, the bitmap is used for 32-bit values less than 256.)
+</P>
+<P>
+These two optimizations apply to both <b>pcre_exec()</b> and
+<b>pcre_dfa_exec()</b>, and the information is also used by the JIT compiler.
+The optimizations can be disabled by setting the PCRE_NO_START_OPTIMIZE option.
+You might want to do this if your pattern contains callouts or (*MARK) and you
+want to make use of these facilities in cases where matching fails.
+</P>
+<P>
+PCRE_NO_START_OPTIMIZE can be specified at either compile time or execution
+time. However, if PCRE_NO_START_OPTIMIZE is passed to <b>pcre_exec()</b>, (that
+is, after any JIT compilation has happened) JIT execution is disabled. For JIT
+execution to work with PCRE_NO_START_OPTIMIZE, the option must be set at
+compile time.
+</P>
+<P>
+There is a longer discussion of PCRE_NO_START_OPTIMIZE
+<a href="#execoptions">below.</a>
+<a name="localesupport"></a></P>
+<br><a name="SEC14" href="#TOC1">LOCALE SUPPORT</a><br>
+<P>
+PCRE handles caseless matching, and determines whether characters are letters,
+digits, or whatever, by reference to a set of tables, indexed by character
+code point. When running in UTF-8 mode, or in the 16- or 32-bit libraries, this
+applies only to characters with code points less than 256. By default,
+higher-valued code points never match escapes such as \w or \d. However, if
+PCRE is built with Unicode property support, all characters can be tested with
+\p and \P, or, alternatively, the PCRE_UCP option can be set when a pattern
+is compiled; this causes \w and friends to use Unicode property support
+instead of the built-in tables.
+</P>
+<P>
+The use of locales with Unicode is discouraged. If you are handling characters
+with code points greater than 128, you should either use Unicode support, or
+use locales, but not try to mix the two.
+</P>
+<P>
+PCRE contains an internal set of tables that are used when the final argument
+of <b>pcre_compile()</b> is NULL. These are sufficient for many applications.
+Normally, the internal tables recognize only ASCII characters. However, when
+PCRE is built, it is possible to cause the internal tables to be rebuilt in the
+default "C" locale of the local system, which may cause them to be different.
+</P>
+<P>
+The internal tables can always be overridden by tables supplied by the
+application that calls PCRE. These may be created in a different locale from
+the default. As more and more applications change to using Unicode, the need
+for this locale support is expected to die away.
+</P>
+<P>
+External tables are built by calling the <b>pcre_maketables()</b> function,
+which has no arguments, in the relevant locale. The result can then be passed
+to <b>pcre_compile()</b> as often as necessary. For example, to build and use
+tables that are appropriate for the French locale (where accented characters
+with values greater than 128 are treated as letters), the following code could
+be used:
+<pre>
+  setlocale(LC_CTYPE, "fr_FR");
+  tables = pcre_maketables();
+  re = pcre_compile(..., tables);
+</pre>
+The locale name "fr_FR" is used on Linux and other Unix-like systems; if you
+are using Windows, the name for the French locale is "french".
+</P>
+<P>
+When <b>pcre_maketables()</b> runs, the tables are built in memory that is
+obtained via <b>pcre_malloc</b>. It is the caller's responsibility to ensure
+that the memory containing the tables remains available for as long as it is
+needed.
+</P>
+<P>
+The pointer that is passed to <b>pcre_compile()</b> is saved with the compiled
+pattern, and the same tables are used via this pointer by <b>pcre_study()</b>
+and also by <b>pcre_exec()</b> and <b>pcre_dfa_exec()</b>. Thus, for any single
+pattern, compilation, studying and matching all happen in the same locale, but
+different patterns can be processed in different locales.
+</P>
+<P>
+It is possible to pass a table pointer or NULL (indicating the use of the
+internal tables) to <b>pcre_exec()</b> or <b>pcre_dfa_exec()</b> (see the
+discussion below in the section on matching a pattern). This facility is
+provided for use with pre-compiled patterns that have been saved and reloaded.
+Character tables are not saved with patterns, so if a non-standard table was
+used at compile time, it must be provided again when the reloaded pattern is
+matched. Attempting to use this facility to match a pattern in a different
+locale from the one in which it was compiled is likely to lead to anomalous
+(usually incorrect) results.
+<a name="infoaboutpattern"></a></P>
+<br><a name="SEC15" href="#TOC1">INFORMATION ABOUT A PATTERN</a><br>
+<P>
+<b>int pcre_fullinfo(const pcre *<i>code</i>, const pcre_extra *<i>extra</i>,</b>
+<b>     int <i>what</i>, void *<i>where</i>);</b>
+</P>
+<P>
+The <b>pcre_fullinfo()</b> function returns information about a compiled
+pattern. It replaces the <b>pcre_info()</b> function, which was removed from the
+library at version 8.30, after more than 10 years of obsolescence.
+</P>
+<P>
+The first argument for <b>pcre_fullinfo()</b> is a pointer to the compiled
+pattern. The second argument is the result of <b>pcre_study()</b>, or NULL if
+the pattern was not studied. The third argument specifies which piece of
+information is required, and the fourth argument is a pointer to a variable
+to receive the data. The yield of the function is zero for success, or one of
+the following negative numbers:
+<pre>
+  PCRE_ERROR_NULL           the argument <i>code</i> was NULL
+                            the argument <i>where</i> was NULL
+  PCRE_ERROR_BADMAGIC       the "magic number" was not found
+  PCRE_ERROR_BADENDIANNESS  the pattern was compiled with different
+                            endianness
+  PCRE_ERROR_BADOPTION      the value of <i>what</i> was invalid
+  PCRE_ERROR_UNSET          the requested field is not set
+</pre>
+The "magic number" is placed at the start of each compiled pattern as an simple
+check against passing an arbitrary memory pointer. The endianness error can
+occur if a compiled pattern is saved and reloaded on a different host. Here is
+a typical call of <b>pcre_fullinfo()</b>, to obtain the length of the compiled
+pattern:
+<pre>
+  int rc;
+  size_t length;
+  rc = pcre_fullinfo(
+    re,               /* result of pcre_compile() */
+    sd,               /* result of pcre_study(), or NULL */
+    PCRE_INFO_SIZE,   /* what is required */
+    &length);         /* where to put the data */
+</pre>
+The possible values for the third argument are defined in <b>pcre.h</b>, and are
+as follows:
+<pre>
+  PCRE_INFO_BACKREFMAX
+</pre>
+Return the number of the highest back reference in the pattern. The fourth
+argument should point to an <b>int</b> variable. Zero is returned if there are
+no back references.
+<pre>
+  PCRE_INFO_CAPTURECOUNT
+</pre>
+Return the number of capturing subpatterns in the pattern. The fourth argument
+should point to an <b>int</b> variable.
+<pre>
+  PCRE_INFO_DEFAULT_TABLES
+</pre>
+Return a pointer to the internal default character tables within PCRE. The
+fourth argument should point to an <b>unsigned char *</b> variable. This
+information call is provided for internal use by the <b>pcre_study()</b>
+function. External callers can cause PCRE to use its internal tables by passing
+a NULL table pointer.
+<pre>
+  PCRE_INFO_FIRSTBYTE (deprecated)
+</pre>
+Return information about the first data unit of any matched string, for a
+non-anchored pattern. The name of this option refers to the 8-bit library,
+where data units are bytes. The fourth argument should point to an <b>int</b>
+variable. Negative values are used for special cases. However, this means that
+when the 32-bit library is in non-UTF-32 mode, the full 32-bit range of
+characters cannot be returned. For this reason, this value is deprecated; use
+PCRE_INFO_FIRSTCHARACTERFLAGS and PCRE_INFO_FIRSTCHARACTER instead.
+</P>
+<P>
+If there is a fixed first value, for example, the letter "c" from a pattern
+such as (cat|cow|coyote), its value is returned. In the 8-bit library, the
+value is always less than 256. In the 16-bit library the value can be up to
+0xffff. In the 32-bit library the value can be up to 0x10ffff.
+</P>
+<P>
+If there is no fixed first value, and if either
+<br>
+<br>
+(a) the pattern was compiled with the PCRE_MULTILINE option, and every branch
+starts with "^", or
+<br>
+<br>
+(b) every branch of the pattern starts with ".*" and PCRE_DOTALL is not set
+(if it were set, the pattern would be anchored),
+<br>
+<br>
+-1 is returned, indicating that the pattern matches only at the start of a
+subject string or after any newline within the string. Otherwise -2 is
+returned. For anchored patterns, -2 is returned.
+<pre>
+  PCRE_INFO_FIRSTCHARACTER
+</pre>
+Return the value of the first data unit (non-UTF character) of any matched
+string in the situation where PCRE_INFO_FIRSTCHARACTERFLAGS returns 1;
+otherwise return 0. The fourth argument should point to an <b>uint_t</b>
+variable.
+</P>
+<P>
+In the 8-bit library, the value is always less than 256. In the 16-bit library
+the value can be up to 0xffff. In the 32-bit library in UTF-32 mode the value
+can be up to 0x10ffff, and up to 0xffffffff when not using UTF-32 mode.
+<pre>
+  PCRE_INFO_FIRSTCHARACTERFLAGS
+</pre>
+Return information about the first data unit of any matched string, for a
+non-anchored pattern. The fourth argument should point to an <b>int</b>
+variable.
+</P>
+<P>
+If there is a fixed first value, for example, the letter "c" from a pattern
+such as (cat|cow|coyote), 1 is returned, and the character value can be
+retrieved using PCRE_INFO_FIRSTCHARACTER. If there is no fixed first value, and
+if either
+<br>
+<br>
+(a) the pattern was compiled with the PCRE_MULTILINE option, and every branch
+starts with "^", or
+<br>
+<br>
+(b) every branch of the pattern starts with ".*" and PCRE_DOTALL is not set
+(if it were set, the pattern would be anchored),
+<br>
+<br>
+2 is returned, indicating that the pattern matches only at the start of a
+subject string or after any newline within the string. Otherwise 0 is
+returned. For anchored patterns, 0 is returned.
+<pre>
+  PCRE_INFO_FIRSTTABLE
+</pre>
+If the pattern was studied, and this resulted in the construction of a 256-bit
+table indicating a fixed set of values for the first data unit in any matching
+string, a pointer to the table is returned. Otherwise NULL is returned. The
+fourth argument should point to an <b>unsigned char *</b> variable.
+<pre>
+  PCRE_INFO_HASCRORLF
+</pre>
+Return 1 if the pattern contains any explicit matches for CR or LF characters,
+otherwise 0. The fourth argument should point to an <b>int</b> variable. An
+explicit match is either a literal CR or LF character, or \r or \n.
+<pre>
+  PCRE_INFO_JCHANGED
+</pre>
+Return 1 if the (?J) or (?-J) option setting is used in the pattern, otherwise
+0. The fourth argument should point to an <b>int</b> variable. (?J) and
+(?-J) set and unset the local PCRE_DUPNAMES option, respectively.
+<pre>
+  PCRE_INFO_JIT
+</pre>
+Return 1 if the pattern was studied with one of the JIT options, and
+just-in-time compiling was successful. The fourth argument should point to an
+<b>int</b> variable. A return value of 0 means that JIT support is not available
+in this version of PCRE, or that the pattern was not studied with a JIT option,
+or that the JIT compiler could not handle this particular pattern. See the
+<a href="pcrejit.html"><b>pcrejit</b></a>
+documentation for details of what can and cannot be handled.
+<pre>
+  PCRE_INFO_JITSIZE
+</pre>
+If the pattern was successfully studied with a JIT option, return the size of
+the JIT compiled code, otherwise return zero. The fourth argument should point
+to a <b>size_t</b> variable.
+<pre>
+  PCRE_INFO_LASTLITERAL
+</pre>
+Return the value of the rightmost literal data unit that must exist in any
+matched string, other than at its start, if such a value has been recorded. The
+fourth argument should point to an <b>int</b> variable. If there is no such
+value, -1 is returned. For anchored patterns, a last literal value is recorded
+only if it follows something of variable length. For example, for the pattern
+/^a\d+z\d+/ the returned value is "z", but for /^a\dz\d/ the returned value
+is -1.
+</P>
+<P>
+Since for the 32-bit library using the non-UTF-32 mode, this function is unable
+to return the full 32-bit range of characters, this value is deprecated;
+instead the PCRE_INFO_REQUIREDCHARFLAGS and PCRE_INFO_REQUIREDCHAR values should
+be used.
+<pre>
+  PCRE_INFO_MATCH_EMPTY
+</pre>
+Return 1 if the pattern can match an empty string, otherwise 0. The fourth
+argument should point to an <b>int</b> variable.
+<pre>
+  PCRE_INFO_MATCHLIMIT
+</pre>
+If the pattern set a match limit by including an item of the form
+(*LIMIT_MATCH=nnnn) at the start, the value is returned. The fourth argument
+should point to an unsigned 32-bit integer. If no such value has been set, the
+call to <b>pcre_fullinfo()</b> returns the error PCRE_ERROR_UNSET.
+<pre>
+  PCRE_INFO_MAXLOOKBEHIND
+</pre>
+Return the number of characters (NB not data units) in the longest lookbehind
+assertion in the pattern. This information is useful when doing multi-segment
+matching using the partial matching facilities. Note that the simple assertions
+\b and \B require a one-character lookbehind. \A also registers a
+one-character lookbehind, though it does not actually inspect the previous
+character. This is to ensure that at least one character from the old segment
+is retained when a new segment is processed. Otherwise, if there are no
+lookbehinds in the pattern, \A might match incorrectly at the start of a new
+segment.
+<pre>
+  PCRE_INFO_MINLENGTH
+</pre>
+If the pattern was studied and a minimum length for matching subject strings
+was computed, its value is returned. Otherwise the returned value is -1. The
+value is a number of characters, which in UTF mode may be different from the
+number of data units. The fourth argument should point to an <b>int</b>
+variable. A non-negative value is a lower bound to the length of any matching
+string. There may not be any strings of that length that do actually match, but
+every string that does match is at least that long.
+<pre>
+  PCRE_INFO_NAMECOUNT
+  PCRE_INFO_NAMEENTRYSIZE
+  PCRE_INFO_NAMETABLE
+</pre>
+PCRE supports the use of named as well as numbered capturing parentheses. The
+names are just an additional way of identifying the parentheses, which still
+acquire numbers. Several convenience functions such as
+<b>pcre_get_named_substring()</b> are provided for extracting captured
+substrings by name. It is also possible to extract the data directly, by first
+converting the name to a number in order to access the correct pointers in the
+output vector (described with <b>pcre_exec()</b> below). To do the conversion,
+you need to use the name-to-number map, which is described by these three
+values.
+</P>
+<P>
+The map consists of a number of fixed-size entries. PCRE_INFO_NAMECOUNT gives
+the number of entries, and PCRE_INFO_NAMEENTRYSIZE gives the size of each
+entry; both of these return an <b>int</b> value. The entry size depends on the
+length of the longest name. PCRE_INFO_NAMETABLE returns a pointer to the first
+entry of the table. This is a pointer to <b>char</b> in the 8-bit library, where
+the first two bytes of each entry are the number of the capturing parenthesis,
+most significant byte first. In the 16-bit library, the pointer points to
+16-bit data units, the first of which contains the parenthesis number. In the
+32-bit library, the pointer points to 32-bit data units, the first of which
+contains the parenthesis number. The rest of the entry is the corresponding
+name, zero terminated.
+</P>
+<P>
+The names are in alphabetical order. If (?| is used to create multiple groups
+with the same number, as described in the
+<a href="pcrepattern.html#dupsubpatternnumber">section on duplicate subpattern numbers</a>
+in the
+<a href="pcrepattern.html"><b>pcrepattern</b></a>
+page, the groups may be given the same name, but there is only one entry in the
+table. Different names for groups of the same number are not permitted.
+Duplicate names for subpatterns with different numbers are permitted,
+but only if PCRE_DUPNAMES is set. They appear in the table in the order in
+which they were found in the pattern. In the absence of (?| this is the order
+of increasing number; when (?| is used this is not necessarily the case because
+later subpatterns may have lower numbers.
+</P>
+<P>
+As a simple example of the name/number table, consider the following pattern
+after compilation by the 8-bit library (assume PCRE_EXTENDED is set, so white
+space - including newlines - is ignored):
+<pre>
+  (?&#60;date&#62; (?&#60;year&#62;(\d\d)?\d\d) - (?&#60;month&#62;\d\d) - (?&#60;day&#62;\d\d) )
+</pre>
+There are four named subpatterns, so the table has four entries, and each entry
+in the table is eight bytes long. The table is as follows, with non-printing
+bytes shows in hexadecimal, and undefined bytes shown as ??:
+<pre>
+  00 01 d  a  t  e  00 ??
+  00 05 d  a  y  00 ?? ??
+  00 04 m  o  n  t  h  00
+  00 02 y  e  a  r  00 ??
+</pre>
+When writing code to extract data from named subpatterns using the
+name-to-number map, remember that the length of the entries is likely to be
+different for each compiled pattern.
+<pre>
+  PCRE_INFO_OKPARTIAL
+</pre>
+Return 1 if the pattern can be used for partial matching with
+<b>pcre_exec()</b>, otherwise 0. The fourth argument should point to an
+<b>int</b> variable. From release 8.00, this always returns 1, because the
+restrictions that previously applied to partial matching have been lifted. The
+<a href="pcrepartial.html"><b>pcrepartial</b></a>
+documentation gives details of partial matching.
+<pre>
+  PCRE_INFO_OPTIONS
+</pre>
+Return a copy of the options with which the pattern was compiled. The fourth
+argument should point to an <b>unsigned long int</b> variable. These option bits
+are those specified in the call to <b>pcre_compile()</b>, modified by any
+top-level option settings at the start of the pattern itself. In other words,
+they are the options that will be in force when matching starts. For example,
+if the pattern /(?im)abc(?-i)d/ is compiled with the PCRE_EXTENDED option, the
+result is PCRE_CASELESS, PCRE_MULTILINE, and PCRE_EXTENDED.
+</P>
+<P>
+A pattern is automatically anchored by PCRE if all of its top-level
+alternatives begin with one of the following:
+<pre>
+  ^     unless PCRE_MULTILINE is set
+  \A    always
+  \G    always
+  .*    if PCRE_DOTALL is set and there are no back references to the subpattern in which .* appears
+</pre>
+For such patterns, the PCRE_ANCHORED bit is set in the options returned by
+<b>pcre_fullinfo()</b>.
+<pre>
+  PCRE_INFO_RECURSIONLIMIT
+</pre>
+If the pattern set a recursion limit by including an item of the form
+(*LIMIT_RECURSION=nnnn) at the start, the value is returned. The fourth
+argument should point to an unsigned 32-bit integer. If no such value has been
+set, the call to <b>pcre_fullinfo()</b> returns the error PCRE_ERROR_UNSET.
+<pre>
+  PCRE_INFO_SIZE
+</pre>
+Return the size of the compiled pattern in bytes (for all three libraries). The
+fourth argument should point to a <b>size_t</b> variable. This value does not
+include the size of the <b>pcre</b> structure that is returned by
+<b>pcre_compile()</b>. The value that is passed as the argument to
+<b>pcre_malloc()</b> when <b>pcre_compile()</b> is getting memory in which to
+place the compiled data is the value returned by this option plus the size of
+the <b>pcre</b> structure. Studying a compiled pattern, with or without JIT,
+does not alter the value returned by this option.
+<pre>
+  PCRE_INFO_STUDYSIZE
+</pre>
+Return the size in bytes (for all three libraries) of the data block pointed to
+by the <i>study_data</i> field in a <b>pcre_extra</b> block. If <b>pcre_extra</b>
+is NULL, or there is no study data, zero is returned. The fourth argument
+should point to a <b>size_t</b> variable. The <i>study_data</i> field is set by
+<b>pcre_study()</b> to record information that will speed up matching (see the
+section entitled
+<a href="#studyingapattern">"Studying a pattern"</a>
+above). The format of the <i>study_data</i> block is private, but its length
+is made available via this option so that it can be saved and restored (see the
+<a href="pcreprecompile.html"><b>pcreprecompile</b></a>
+documentation for details).
+<pre>
+  PCRE_INFO_REQUIREDCHARFLAGS
+</pre>
+Returns 1 if there is a rightmost literal data unit that must exist in any
+matched string, other than at its start. The fourth argument should  point to
+an <b>int</b> variable. If there is no such value, 0 is returned. If returning
+1, the character value itself can be retrieved using PCRE_INFO_REQUIREDCHAR.
+</P>
+<P>
+For anchored patterns, a last literal value is recorded only if it follows
+something of variable length. For example, for the pattern /^a\d+z\d+/ the
+returned value 1 (with "z" returned from PCRE_INFO_REQUIREDCHAR), but for
+/^a\dz\d/ the returned value is 0.
+<pre>
+  PCRE_INFO_REQUIREDCHAR
+</pre>
+Return the value of the rightmost literal data unit that must exist in any
+matched string, other than at its start, if such a value has been recorded. The
+fourth argument should point to an <b>uint32_t</b> variable. If there is no such
+value, 0 is returned.
+</P>
+<br><a name="SEC16" href="#TOC1">REFERENCE COUNTS</a><br>
+<P>
+<b>int pcre_refcount(pcre *<i>code</i>, int <i>adjust</i>);</b>
+</P>
+<P>
+The <b>pcre_refcount()</b> function is used to maintain a reference count in the
+data block that contains a compiled pattern. It is provided for the benefit of
+applications that operate in an object-oriented manner, where different parts
+of the application may be using the same compiled pattern, but you want to free
+the block when they are all done.
+</P>
+<P>
+When a pattern is compiled, the reference count field is initialized to zero.
+It is changed only by calling this function, whose action is to add the
+<i>adjust</i> value (which may be positive or negative) to it. The yield of the
+function is the new value. However, the value of the count is constrained to
+lie between 0 and 65535, inclusive. If the new value is outside these limits,
+it is forced to the appropriate limit value.
+</P>
+<P>
+Except when it is zero, the reference count is not correctly preserved if a
+pattern is compiled on one host and then transferred to a host whose byte-order
+is different. (This seems a highly unlikely scenario.)
+</P>
+<br><a name="SEC17" href="#TOC1">MATCHING A PATTERN: THE TRADITIONAL FUNCTION</a><br>
+<P>
+<b>int pcre_exec(const pcre *<i>code</i>, const pcre_extra *<i>extra</i>,</b>
+<b>     const char *<i>subject</i>, int <i>length</i>, int <i>startoffset</i>,</b>
+<b>     int <i>options</i>, int *<i>ovector</i>, int <i>ovecsize</i>);</b>
+</P>
+<P>
+The function <b>pcre_exec()</b> is called to match a subject string against a
+compiled pattern, which is passed in the <i>code</i> argument. If the
+pattern was studied, the result of the study should be passed in the
+<i>extra</i> argument. You can call <b>pcre_exec()</b> with the same <i>code</i>
+and <i>extra</i> arguments as many times as you like, in order to match
+different subject strings with the same pattern.
+</P>
+<P>
+This function is the main matching facility of the library, and it operates in
+a Perl-like manner. For specialist use there is also an alternative matching
+function, which is described
+<a href="#dfamatch">below</a>
+in the section about the <b>pcre_dfa_exec()</b> function.
+</P>
+<P>
+In most applications, the pattern will have been compiled (and optionally
+studied) in the same process that calls <b>pcre_exec()</b>. However, it is
+possible to save compiled patterns and study data, and then use them later
+in different processes, possibly even on different hosts. For a discussion
+about this, see the
+<a href="pcreprecompile.html"><b>pcreprecompile</b></a>
+documentation.
+</P>
+<P>
+Here is an example of a simple call to <b>pcre_exec()</b>:
+<pre>
+  int rc;
+  int ovector[30];
+  rc = pcre_exec(
+    re,             /* result of pcre_compile() */
+    NULL,           /* we didn't study the pattern */
+    "some string",  /* the subject string */
+    11,             /* the length of the subject string */
+    0,              /* start at offset 0 in the subject */
+    0,              /* default options */
+    ovector,        /* vector of integers for substring information */
+    30);            /* number of elements (NOT size in bytes) */
+<a name="extradata"></a></PRE>
+</P>
+<br><b>
+Extra data for <b>pcre_exec()</b>
+</b><br>
+<P>
+If the <i>extra</i> argument is not NULL, it must point to a <b>pcre_extra</b>
+data block. The <b>pcre_study()</b> function returns such a block (when it
+doesn't return NULL), but you can also create one for yourself, and pass
+additional information in it. The <b>pcre_extra</b> block contains the following
+fields (not necessarily in this order):
+<pre>
+  unsigned long int <i>flags</i>;
+  void *<i>study_data</i>;
+  void *<i>executable_jit</i>;
+  unsigned long int <i>match_limit</i>;
+  unsigned long int <i>match_limit_recursion</i>;
+  void *<i>callout_data</i>;
+  const unsigned char *<i>tables</i>;
+  unsigned char **<i>mark</i>;
+</pre>
+In the 16-bit version of this structure, the <i>mark</i> field has type
+"PCRE_UCHAR16 **".
+<br>
+<br>
+In the 32-bit version of this structure, the <i>mark</i> field has type
+"PCRE_UCHAR32 **".
+</P>
+<P>
+The <i>flags</i> field is used to specify which of the other fields are set. The
+flag bits are:
+<pre>
+  PCRE_EXTRA_CALLOUT_DATA
+  PCRE_EXTRA_EXECUTABLE_JIT
+  PCRE_EXTRA_MARK
+  PCRE_EXTRA_MATCH_LIMIT
+  PCRE_EXTRA_MATCH_LIMIT_RECURSION
+  PCRE_EXTRA_STUDY_DATA
+  PCRE_EXTRA_TABLES
+</pre>
+Other flag bits should be set to zero. The <i>study_data</i> field and sometimes
+the <i>executable_jit</i> field are set in the <b>pcre_extra</b> block that is
+returned by <b>pcre_study()</b>, together with the appropriate flag bits. You
+should not set these yourself, but you may add to the block by setting other
+fields and their corresponding flag bits.
+</P>
+<P>
+The <i>match_limit</i> field provides a means of preventing PCRE from using up a
+vast amount of resources when running patterns that are not going to match,
+but which have a very large number of possibilities in their search trees. The
+classic example is a pattern that uses nested unlimited repeats.
+</P>
+<P>
+Internally, <b>pcre_exec()</b> uses a function called <b>match()</b>, which it
+calls repeatedly (sometimes recursively). The limit set by <i>match_limit</i> is
+imposed on the number of times this function is called during a match, which
+has the effect of limiting the amount of backtracking that can take place. For
+patterns that are not anchored, the count restarts from zero for each position
+in the subject string.
+</P>
+<P>
+When <b>pcre_exec()</b> is called with a pattern that was successfully studied
+with a JIT option, the way that the matching is executed is entirely different.
+However, there is still the possibility of runaway matching that goes on for a
+very long time, and so the <i>match_limit</i> value is also used in this case
+(but in a different way) to limit how long the matching can continue.
+</P>
+<P>
+The default value for the limit can be set when PCRE is built; the default
+default is 10 million, which handles all but the most extreme cases. You can
+override the default by suppling <b>pcre_exec()</b> with a <b>pcre_extra</b>
+block in which <i>match_limit</i> is set, and PCRE_EXTRA_MATCH_LIMIT is set in
+the <i>flags</i> field. If the limit is exceeded, <b>pcre_exec()</b> returns
+PCRE_ERROR_MATCHLIMIT.
+</P>
+<P>
+A value for the match limit may also be supplied by an item at the start of a
+pattern of the form
+<pre>
+  (*LIMIT_MATCH=d)
+</pre>
+where d is a decimal number. However, such a setting is ignored unless d is
+less than the limit set by the caller of <b>pcre_exec()</b> or, if no such limit
+is set, less than the default.
+</P>
+<P>
+The <i>match_limit_recursion</i> field is similar to <i>match_limit</i>, but
+instead of limiting the total number of times that <b>match()</b> is called, it
+limits the depth of recursion. The recursion depth is a smaller number than the
+total number of calls, because not all calls to <b>match()</b> are recursive.
+This limit is of use only if it is set smaller than <i>match_limit</i>.
+</P>
+<P>
+Limiting the recursion depth limits the amount of machine stack that can be
+used, or, when PCRE has been compiled to use memory on the heap instead of the
+stack, the amount of heap memory that can be used. This limit is not relevant,
+and is ignored, when matching is done using JIT compiled code.
+</P>
+<P>
+The default value for <i>match_limit_recursion</i> can be set when PCRE is
+built; the default default is the same value as the default for
+<i>match_limit</i>. You can override the default by suppling <b>pcre_exec()</b>
+with a <b>pcre_extra</b> block in which <i>match_limit_recursion</i> is set, and
+PCRE_EXTRA_MATCH_LIMIT_RECURSION is set in the <i>flags</i> field. If the limit
+is exceeded, <b>pcre_exec()</b> returns PCRE_ERROR_RECURSIONLIMIT.
+</P>
+<P>
+A value for the recursion limit may also be supplied by an item at the start of
+a pattern of the form
+<pre>
+  (*LIMIT_RECURSION=d)
+</pre>
+where d is a decimal number. However, such a setting is ignored unless d is
+less than the limit set by the caller of <b>pcre_exec()</b> or, if no such limit
+is set, less than the default.
+</P>
+<P>
+The <i>callout_data</i> field is used in conjunction with the "callout" feature,
+and is described in the
+<a href="pcrecallout.html"><b>pcrecallout</b></a>
+documentation.
+</P>
+<P>
+The <i>tables</i> field is provided for use with patterns that have been
+pre-compiled using custom character tables, saved to disc or elsewhere, and
+then reloaded, because the tables that were used to compile a pattern are not
+saved with it. See the
+<a href="pcreprecompile.html"><b>pcreprecompile</b></a>
+documentation for a discussion of saving compiled patterns for later use. If
+NULL is passed using this mechanism, it forces PCRE's internal tables to be
+used.
+</P>
+<P>
+<b>Warning:</b> The tables that <b>pcre_exec()</b> uses must be the same as those
+that were used when the pattern was compiled. If this is not the case, the
+behaviour of <b>pcre_exec()</b> is undefined. Therefore, when a pattern is
+compiled and matched in the same process, this field should never be set. In
+this (the most common) case, the correct table pointer is automatically passed
+with the compiled pattern from <b>pcre_compile()</b> to <b>pcre_exec()</b>.
+</P>
+<P>
+If PCRE_EXTRA_MARK is set in the <i>flags</i> field, the <i>mark</i> field must
+be set to point to a suitable variable. If the pattern contains any
+backtracking control verbs such as (*MARK:NAME), and the execution ends up with
+a name to pass back, a pointer to the name string (zero terminated) is placed
+in the variable pointed to by the <i>mark</i> field. The names are within the
+compiled pattern; if you wish to retain such a name you must copy it before
+freeing the memory of a compiled pattern. If there is no name to pass back, the
+variable pointed to by the <i>mark</i> field is set to NULL. For details of the
+backtracking control verbs, see the section entitled
+<a href="pcrepattern#backtrackcontrol">"Backtracking control"</a>
+in the
+<a href="pcrepattern.html"><b>pcrepattern</b></a>
+documentation.
+<a name="execoptions"></a></P>
+<br><b>
+Option bits for <b>pcre_exec()</b>
+</b><br>
+<P>
+The unused bits of the <i>options</i> argument for <b>pcre_exec()</b> must be
+zero. The only bits that may be set are PCRE_ANCHORED, PCRE_NEWLINE_<i>xxx</i>,
+PCRE_NOTBOL, PCRE_NOTEOL, PCRE_NOTEMPTY, PCRE_NOTEMPTY_ATSTART,
+PCRE_NO_START_OPTIMIZE, PCRE_NO_UTF8_CHECK, PCRE_PARTIAL_HARD, and
+PCRE_PARTIAL_SOFT.
+</P>
+<P>
+If the pattern was successfully studied with one of the just-in-time (JIT)
+compile options, the only supported options for JIT execution are
+PCRE_NO_UTF8_CHECK, PCRE_NOTBOL, PCRE_NOTEOL, PCRE_NOTEMPTY,
+PCRE_NOTEMPTY_ATSTART, PCRE_PARTIAL_HARD, and PCRE_PARTIAL_SOFT. If an
+unsupported option is used, JIT execution is disabled and the normal
+interpretive code in <b>pcre_exec()</b> is run.
+<pre>
+  PCRE_ANCHORED
+</pre>
+The PCRE_ANCHORED option limits <b>pcre_exec()</b> to matching at the first
+matching position. If a pattern was compiled with PCRE_ANCHORED, or turned out
+to be anchored by virtue of its contents, it cannot be made unachored at
+matching time.
+<pre>
+  PCRE_BSR_ANYCRLF
+  PCRE_BSR_UNICODE
+</pre>
+These options (which are mutually exclusive) control what the \R escape
+sequence matches. The choice is either to match only CR, LF, or CRLF, or to
+match any Unicode newline sequence. These options override the choice that was
+made or defaulted when the pattern was compiled.
+<pre>
+  PCRE_NEWLINE_CR
+  PCRE_NEWLINE_LF
+  PCRE_NEWLINE_CRLF
+  PCRE_NEWLINE_ANYCRLF
+  PCRE_NEWLINE_ANY
+</pre>
+These options override the newline definition that was chosen or defaulted when
+the pattern was compiled. For details, see the description of
+<b>pcre_compile()</b> above. During matching, the newline choice affects the
+behaviour of the dot, circumflex, and dollar metacharacters. It may also alter
+the way the match position is advanced after a match failure for an unanchored
+pattern.
+</P>
+<P>
+When PCRE_NEWLINE_CRLF, PCRE_NEWLINE_ANYCRLF, or PCRE_NEWLINE_ANY is set, and a
+match attempt for an unanchored pattern fails when the current position is at a
+CRLF sequence, and the pattern contains no explicit matches for CR or LF
+characters, the match position is advanced by two characters instead of one, in
+other words, to after the CRLF.
+</P>
+<P>
+The above rule is a compromise that makes the most common cases work as
+expected. For example, if the pattern is .+A (and the PCRE_DOTALL option is not
+set), it does not match the string "\r\nA" because, after failing at the
+start, it skips both the CR and the LF before retrying. However, the pattern
+[\r\n]A does match that string, because it contains an explicit CR or LF
+reference, and so advances only by one character after the first failure.
+</P>
+<P>
+An explicit match for CR of LF is either a literal appearance of one of those
+characters, or one of the \r or \n escape sequences. Implicit matches such as
+[^X] do not count, nor does \s (which includes CR and LF in the characters
+that it matches).
+</P>
+<P>
+Notwithstanding the above, anomalous effects may still occur when CRLF is a
+valid newline sequence and explicit \r or \n escapes appear in the pattern.
+<pre>
+  PCRE_NOTBOL
+</pre>
+This option specifies that first character of the subject string is not the
+beginning of a line, so the circumflex metacharacter should not match before
+it. Setting this without PCRE_MULTILINE (at compile time) causes circumflex
+never to match. This option affects only the behaviour of the circumflex
+metacharacter. It does not affect \A.
+<pre>
+  PCRE_NOTEOL
+</pre>
+This option specifies that the end of the subject string is not the end of a
+line, so the dollar metacharacter should not match it nor (except in multiline
+mode) a newline immediately before it. Setting this without PCRE_MULTILINE (at
+compile time) causes dollar never to match. This option affects only the
+behaviour of the dollar metacharacter. It does not affect \Z or \z.
+<pre>
+  PCRE_NOTEMPTY
+</pre>
+An empty string is not considered to be a valid match if this option is set. If
+there are alternatives in the pattern, they are tried. If all the alternatives
+match the empty string, the entire match fails. For example, if the pattern
+<pre>
+  a?b?
+</pre>
+is applied to a string not beginning with "a" or "b", it matches an empty
+string at the start of the subject. With PCRE_NOTEMPTY set, this match is not
+valid, so PCRE searches further into the string for occurrences of "a" or "b".
+<pre>
+  PCRE_NOTEMPTY_ATSTART
+</pre>
+This is like PCRE_NOTEMPTY, except that an empty string match that is not at
+the start of the subject is permitted. If the pattern is anchored, such a match
+can occur only if the pattern contains \K.
+</P>
+<P>
+Perl has no direct equivalent of PCRE_NOTEMPTY or PCRE_NOTEMPTY_ATSTART, but it
+does make a special case of a pattern match of the empty string within its
+<b>split()</b> function, and when using the /g modifier. It is possible to
+emulate Perl's behaviour after matching a null string by first trying the match
+again at the same offset with PCRE_NOTEMPTY_ATSTART and PCRE_ANCHORED, and then
+if that fails, by advancing the starting offset (see below) and trying an
+ordinary match again. There is some code that demonstrates how to do this in
+the
+<a href="pcredemo.html"><b>pcredemo</b></a>
+sample program. In the most general case, you have to check to see if the
+newline convention recognizes CRLF as a newline, and if so, and the current
+character is CR followed by LF, advance the starting offset by two characters
+instead of one.
+<pre>
+  PCRE_NO_START_OPTIMIZE
+</pre>
+There are a number of optimizations that <b>pcre_exec()</b> uses at the start of
+a match, in order to speed up the process. For example, if it is known that an
+unanchored match must start with a specific character, it searches the subject
+for that character, and fails immediately if it cannot find it, without
+actually running the main matching function. This means that a special item
+such as (*COMMIT) at the start of a pattern is not considered until after a
+suitable starting point for the match has been found. Also, when callouts or
+(*MARK) items are in use, these "start-up" optimizations can cause them to be
+skipped if the pattern is never actually used. The start-up optimizations are
+in effect a pre-scan of the subject that takes place before the pattern is run.
+</P>
+<P>
+The PCRE_NO_START_OPTIMIZE option disables the start-up optimizations, possibly
+causing performance to suffer, but ensuring that in cases where the result is
+"no match", the callouts do occur, and that items such as (*COMMIT) and (*MARK)
+are considered at every possible starting position in the subject string. If
+PCRE_NO_START_OPTIMIZE is set at compile time, it cannot be unset at matching
+time. The use of PCRE_NO_START_OPTIMIZE at matching time (that is, passing it
+to <b>pcre_exec()</b>) disables JIT execution; in this situation, matching is
+always done using interpretively.
+</P>
+<P>
+Setting PCRE_NO_START_OPTIMIZE can change the outcome of a matching operation.
+Consider the pattern
+<pre>
+  (*COMMIT)ABC
+</pre>
+When this is compiled, PCRE records the fact that a match must start with the
+character "A". Suppose the subject string is "DEFABC". The start-up
+optimization scans along the subject, finds "A" and runs the first match
+attempt from there. The (*COMMIT) item means that the pattern must match the
+current starting position, which in this case, it does. However, if the same
+match is run with PCRE_NO_START_OPTIMIZE set, the initial scan along the
+subject string does not happen. The first match attempt is run starting from
+"D" and when this fails, (*COMMIT) prevents any further matches being tried, so
+the overall result is "no match". If the pattern is studied, more start-up
+optimizations may be used. For example, a minimum length for the subject may be
+recorded. Consider the pattern
+<pre>
+  (*MARK:A)(X|Y)
+</pre>
+The minimum length for a match is one character. If the subject is "ABC", there
+will be attempts to match "ABC", "BC", "C", and then finally an empty string.
+If the pattern is studied, the final attempt does not take place, because PCRE
+knows that the subject is too short, and so the (*MARK) is never encountered.
+In this case, studying the pattern does not affect the overall match result,
+which is still "no match", but it does affect the auxiliary information that is
+returned.
+<pre>
+  PCRE_NO_UTF8_CHECK
+</pre>
+When PCRE_UTF8 is set at compile time, the validity of the subject as a UTF-8
+string is automatically checked when <b>pcre_exec()</b> is subsequently called.
+The entire string is checked before any other processing takes place. The value
+of <i>startoffset</i> is also checked to ensure that it points to the start of a
+UTF-8 character. There is a discussion about the
+<a href="pcreunicode.html#utf8strings">validity of UTF-8 strings</a>
+in the
+<a href="pcreunicode.html"><b>pcreunicode</b></a>
+page. If an invalid sequence of bytes is found, <b>pcre_exec()</b> returns the
+error PCRE_ERROR_BADUTF8 or, if PCRE_PARTIAL_HARD is set and the problem is a
+truncated character at the end of the subject, PCRE_ERROR_SHORTUTF8. In both
+cases, information about the precise nature of the error may also be returned
+(see the descriptions of these errors in the section entitled \fIError return
+values from\fP <b>pcre_exec()</b>
+<a href="#errorlist">below).</a>
+If <i>startoffset</i> contains a value that does not point to the start of a
+UTF-8 character (or to the end of the subject), PCRE_ERROR_BADUTF8_OFFSET is
+returned.
+</P>
+<P>
+If you already know that your subject is valid, and you want to skip these
+checks for performance reasons, you can set the PCRE_NO_UTF8_CHECK option when
+calling <b>pcre_exec()</b>. You might want to do this for the second and
+subsequent calls to <b>pcre_exec()</b> if you are making repeated calls to find
+all the matches in a single subject string. However, you should be sure that
+the value of <i>startoffset</i> points to the start of a character (or the end
+of the subject). When PCRE_NO_UTF8_CHECK is set, the effect of passing an
+invalid string as a subject or an invalid value of <i>startoffset</i> is
+undefined. Your program may crash or loop.
+<pre>
+  PCRE_PARTIAL_HARD
+  PCRE_PARTIAL_SOFT
+</pre>
+These options turn on the partial matching feature. For backwards
+compatibility, PCRE_PARTIAL is a synonym for PCRE_PARTIAL_SOFT. A partial match
+occurs if the end of the subject string is reached successfully, but there are
+not enough subject characters to complete the match. If this happens when
+PCRE_PARTIAL_SOFT (but not PCRE_PARTIAL_HARD) is set, matching continues by
+testing any remaining alternatives. Only if no complete match can be found is
+PCRE_ERROR_PARTIAL returned instead of PCRE_ERROR_NOMATCH. In other words,
+PCRE_PARTIAL_SOFT says that the caller is prepared to handle a partial match,
+but only if no complete match can be found.
+</P>
+<P>
+If PCRE_PARTIAL_HARD is set, it overrides PCRE_PARTIAL_SOFT. In this case, if a
+partial match is found, <b>pcre_exec()</b> immediately returns
+PCRE_ERROR_PARTIAL, without considering any other alternatives. In other words,
+when PCRE_PARTIAL_HARD is set, a partial match is considered to be more
+important that an alternative complete match.
+</P>
+<P>
+In both cases, the portion of the string that was inspected when the partial
+match was found is set as the first matching string. There is a more detailed
+discussion of partial and multi-segment matching, with examples, in the
+<a href="pcrepartial.html"><b>pcrepartial</b></a>
+documentation.
+</P>
+<br><b>
+The string to be matched by <b>pcre_exec()</b>
+</b><br>
+<P>
+The subject string is passed to <b>pcre_exec()</b> as a pointer in
+<i>subject</i>, a length in <i>length</i>, and a starting offset in
+<i>startoffset</i>. The units for <i>length</i> and <i>startoffset</i> are bytes
+for the 8-bit library, 16-bit data items for the 16-bit library, and 32-bit
+data items for the 32-bit library.
+</P>
+<P>
+If <i>startoffset</i> is negative or greater than the length of the subject,
+<b>pcre_exec()</b> returns PCRE_ERROR_BADOFFSET. When the starting offset is
+zero, the search for a match starts at the beginning of the subject, and this
+is by far the most common case. In UTF-8 or UTF-16 mode, the offset must point
+to the start of a character, or the end of the subject (in UTF-32 mode, one
+data unit equals one character, so all offsets are valid). Unlike the pattern
+string, the subject may contain binary zeroes.
+</P>
+<P>
+A non-zero starting offset is useful when searching for another match in the
+same subject by calling <b>pcre_exec()</b> again after a previous success.
+Setting <i>startoffset</i> differs from just passing over a shortened string and
+setting PCRE_NOTBOL in the case of a pattern that begins with any kind of
+lookbehind. For example, consider the pattern
+<pre>
+  \Biss\B
+</pre>
+which finds occurrences of "iss" in the middle of words. (\B matches only if
+the current position in the subject is not a word boundary.) When applied to
+the string "Mississipi" the first call to <b>pcre_exec()</b> finds the first
+occurrence. If <b>pcre_exec()</b> is called again with just the remainder of the
+subject, namely "issipi", it does not match, because \B is always false at the
+start of the subject, which is deemed to be a word boundary. However, if
+<b>pcre_exec()</b> is passed the entire string again, but with <i>startoffset</i>
+set to 4, it finds the second occurrence of "iss" because it is able to look
+behind the starting point to discover that it is preceded by a letter.
+</P>
+<P>
+Finding all the matches in a subject is tricky when the pattern can match an
+empty string. It is possible to emulate Perl's /g behaviour by first trying the
+match again at the same offset, with the PCRE_NOTEMPTY_ATSTART and
+PCRE_ANCHORED options, and then if that fails, advancing the starting offset
+and trying an ordinary match again. There is some code that demonstrates how to
+do this in the
+<a href="pcredemo.html"><b>pcredemo</b></a>
+sample program. In the most general case, you have to check to see if the
+newline convention recognizes CRLF as a newline, and if so, and the current
+character is CR followed by LF, advance the starting offset by two characters
+instead of one.
+</P>
+<P>
+If a non-zero starting offset is passed when the pattern is anchored, one
+attempt to match at the given offset is made. This can only succeed if the
+pattern does not require the match to be at the start of the subject.
+</P>
+<br><b>
+How <b>pcre_exec()</b> returns captured substrings
+</b><br>
+<P>
+In general, a pattern matches a certain portion of the subject, and in
+addition, further substrings from the subject may be picked out by parts of the
+pattern. Following the usage in Jeffrey Friedl's book, this is called
+"capturing" in what follows, and the phrase "capturing subpattern" is used for
+a fragment of a pattern that picks out a substring. PCRE supports several other
+kinds of parenthesized subpattern that do not cause substrings to be captured.
+</P>
+<P>
+Captured substrings are returned to the caller via a vector of integers whose
+address is passed in <i>ovector</i>. The number of elements in the vector is
+passed in <i>ovecsize</i>, which must be a non-negative number. <b>Note</b>: this
+argument is NOT the size of <i>ovector</i> in bytes.
+</P>
+<P>
+The first two-thirds of the vector is used to pass back captured substrings,
+each substring using a pair of integers. The remaining third of the vector is
+used as workspace by <b>pcre_exec()</b> while matching capturing subpatterns,
+and is not available for passing back information. The number passed in
+<i>ovecsize</i> should always be a multiple of three. If it is not, it is
+rounded down.
+</P>
+<P>
+When a match is successful, information about captured substrings is returned
+in pairs of integers, starting at the beginning of <i>ovector</i>, and
+continuing up to two-thirds of its length at the most. The first element of
+each pair is set to the offset of the first character in a substring, and the
+second is set to the offset of the first character after the end of a
+substring. These values are always data unit offsets, even in UTF mode. They
+are byte offsets in the 8-bit library, 16-bit data item offsets in the 16-bit
+library, and 32-bit data item offsets in the 32-bit library. <b>Note</b>: they
+are not character counts.
+</P>
+<P>
+The first pair of integers, <i>ovector[0]</i> and <i>ovector[1]</i>, identify the
+portion of the subject string matched by the entire pattern. The next pair is
+used for the first capturing subpattern, and so on. The value returned by
+<b>pcre_exec()</b> is one more than the highest numbered pair that has been set.
+For example, if two substrings have been captured, the returned value is 3. If
+there are no capturing subpatterns, the return value from a successful match is
+1, indicating that just the first pair of offsets has been set.
+</P>
+<P>
+If a capturing subpattern is matched repeatedly, it is the last portion of the
+string that it matched that is returned.
+</P>
+<P>
+If the vector is too small to hold all the captured substring offsets, it is
+used as far as possible (up to two-thirds of its length), and the function
+returns a value of zero. If neither the actual string matched nor any captured
+substrings are of interest, <b>pcre_exec()</b> may be called with <i>ovector</i>
+passed as NULL and <i>ovecsize</i> as zero. However, if the pattern contains
+back references and the <i>ovector</i> is not big enough to remember the related
+substrings, PCRE has to get additional memory for use during matching. Thus it
+is usually advisable to supply an <i>ovector</i> of reasonable size.
+</P>
+<P>
+There are some cases where zero is returned (indicating vector overflow) when
+in fact the vector is exactly the right size for the final match. For example,
+consider the pattern
+<pre>
+  (a)(?:(b)c|bd)
+</pre>
+If a vector of 6 elements (allowing for only 1 captured substring) is given
+with subject string "abd", <b>pcre_exec()</b> will try to set the second
+captured string, thereby recording a vector overflow, before failing to match
+"c" and backing up to try the second alternative. The zero return, however,
+does correctly indicate that the maximum number of slots (namely 2) have been
+filled. In similar cases where there is temporary overflow, but the final
+number of used slots is actually less than the maximum, a non-zero value is
+returned.
+</P>
+<P>
+The <b>pcre_fullinfo()</b> function can be used to find out how many capturing
+subpatterns there are in a compiled pattern. The smallest size for
+<i>ovector</i> that will allow for <i>n</i> captured substrings, in addition to
+the offsets of the substring matched by the whole pattern, is (<i>n</i>+1)*3.
+</P>
+<P>
+It is possible for capturing subpattern number <i>n+1</i> to match some part of
+the subject when subpattern <i>n</i> has not been used at all. For example, if
+the string "abc" is matched against the pattern (a|(z))(bc) the return from the
+function is 4, and subpatterns 1 and 3 are matched, but 2 is not. When this
+happens, both values in the offset pairs corresponding to unused subpatterns
+are set to -1.
+</P>
+<P>
+Offset values that correspond to unused subpatterns at the end of the
+expression are also set to -1. For example, if the string "abc" is matched
+against the pattern (abc)(x(yz)?)? subpatterns 2 and 3 are not matched. The
+return from the function is 2, because the highest used capturing subpattern
+number is 1, and the offsets for for the second and third capturing subpatterns
+(assuming the vector is large enough, of course) are set to -1.
+</P>
+<P>
+<b>Note</b>: Elements in the first two-thirds of <i>ovector</i> that do not
+correspond to capturing parentheses in the pattern are never changed. That is,
+if a pattern contains <i>n</i> capturing parentheses, no more than
+<i>ovector[0]</i> to <i>ovector[2n+1]</i> are set by <b>pcre_exec()</b>. The other
+elements (in the first two-thirds) retain whatever values they previously had.
+</P>
+<P>
+Some convenience functions are provided for extracting the captured substrings
+as separate strings. These are described below.
+<a name="errorlist"></a></P>
+<br><b>
+Error return values from <b>pcre_exec()</b>
+</b><br>
+<P>
+If <b>pcre_exec()</b> fails, it returns a negative number. The following are
+defined in the header file:
+<pre>
+  PCRE_ERROR_NOMATCH        (-1)
+</pre>
+The subject string did not match the pattern.
+<pre>
+  PCRE_ERROR_NULL           (-2)
+</pre>
+Either <i>code</i> or <i>subject</i> was passed as NULL, or <i>ovector</i> was
+NULL and <i>ovecsize</i> was not zero.
+<pre>
+  PCRE_ERROR_BADOPTION      (-3)
+</pre>
+An unrecognized bit was set in the <i>options</i> argument.
+<pre>
+  PCRE_ERROR_BADMAGIC       (-4)
+</pre>
+PCRE stores a 4-byte "magic number" at the start of the compiled code, to catch
+the case when it is passed a junk pointer and to detect when a pattern that was
+compiled in an environment of one endianness is run in an environment with the
+other endianness. This is the error that PCRE gives when the magic number is
+not present.
+<pre>
+  PCRE_ERROR_UNKNOWN_OPCODE (-5)
+</pre>
+While running the pattern match, an unknown item was encountered in the
+compiled pattern. This error could be caused by a bug in PCRE or by overwriting
+of the compiled pattern.
+<pre>
+  PCRE_ERROR_NOMEMORY       (-6)
+</pre>
+If a pattern contains back references, but the <i>ovector</i> that is passed to
+<b>pcre_exec()</b> is not big enough to remember the referenced substrings, PCRE
+gets a block of memory at the start of matching to use for this purpose. If the
+call via <b>pcre_malloc()</b> fails, this error is given. The memory is
+automatically freed at the end of matching.
+</P>
+<P>
+This error is also given if <b>pcre_stack_malloc()</b> fails in
+<b>pcre_exec()</b>. This can happen only when PCRE has been compiled with
+<b>--disable-stack-for-recursion</b>.
+<pre>
+  PCRE_ERROR_NOSUBSTRING    (-7)
+</pre>
+This error is used by the <b>pcre_copy_substring()</b>,
+<b>pcre_get_substring()</b>, and <b>pcre_get_substring_list()</b> functions (see
+below). It is never returned by <b>pcre_exec()</b>.
+<pre>
+  PCRE_ERROR_MATCHLIMIT     (-8)
+</pre>
+The backtracking limit, as specified by the <i>match_limit</i> field in a
+<b>pcre_extra</b> structure (or defaulted) was reached. See the description
+above.
+<pre>
+  PCRE_ERROR_CALLOUT        (-9)
+</pre>
+This error is never generated by <b>pcre_exec()</b> itself. It is provided for
+use by callout functions that want to yield a distinctive error code. See the
+<a href="pcrecallout.html"><b>pcrecallout</b></a>
+documentation for details.
+<pre>
+  PCRE_ERROR_BADUTF8        (-10)
+</pre>
+A string that contains an invalid UTF-8 byte sequence was passed as a subject,
+and the PCRE_NO_UTF8_CHECK option was not set. If the size of the output vector
+(<i>ovecsize</i>) is at least 2, the byte offset to the start of the the invalid
+UTF-8 character is placed in the first element, and a reason code is placed in
+the second element. The reason codes are listed in the
+<a href="#badutf8reasons">following section.</a>
+For backward compatibility, if PCRE_PARTIAL_HARD is set and the problem is a
+truncated UTF-8 character at the end of the subject (reason codes 1 to 5),
+PCRE_ERROR_SHORTUTF8 is returned instead of PCRE_ERROR_BADUTF8.
+<pre>
+  PCRE_ERROR_BADUTF8_OFFSET (-11)
+</pre>
+The UTF-8 byte sequence that was passed as a subject was checked and found to
+be valid (the PCRE_NO_UTF8_CHECK option was not set), but the value of
+<i>startoffset</i> did not point to the beginning of a UTF-8 character or the
+end of the subject.
+<pre>
+  PCRE_ERROR_PARTIAL        (-12)
+</pre>
+The subject string did not match, but it did match partially. See the
+<a href="pcrepartial.html"><b>pcrepartial</b></a>
+documentation for details of partial matching.
+<pre>
+  PCRE_ERROR_BADPARTIAL     (-13)
+</pre>
+This code is no longer in use. It was formerly returned when the PCRE_PARTIAL
+option was used with a compiled pattern containing items that were not
+supported for partial matching. From release 8.00 onwards, there are no
+restrictions on partial matching.
+<pre>
+  PCRE_ERROR_INTERNAL       (-14)
+</pre>
+An unexpected internal error has occurred. This error could be caused by a bug
+in PCRE or by overwriting of the compiled pattern.
+<pre>
+  PCRE_ERROR_BADCOUNT       (-15)
+</pre>
+This error is given if the value of the <i>ovecsize</i> argument is negative.
+<pre>
+  PCRE_ERROR_RECURSIONLIMIT (-21)
+</pre>
+The internal recursion limit, as specified by the <i>match_limit_recursion</i>
+field in a <b>pcre_extra</b> structure (or defaulted) was reached. See the
+description above.
+<pre>
+  PCRE_ERROR_BADNEWLINE     (-23)
+</pre>
+An invalid combination of PCRE_NEWLINE_<i>xxx</i> options was given.
+<pre>
+  PCRE_ERROR_BADOFFSET      (-24)
+</pre>
+The value of <i>startoffset</i> was negative or greater than the length of the
+subject, that is, the value in <i>length</i>.
+<pre>
+  PCRE_ERROR_SHORTUTF8      (-25)
+</pre>
+This error is returned instead of PCRE_ERROR_BADUTF8 when the subject string
+ends with a truncated UTF-8 character and the PCRE_PARTIAL_HARD option is set.
+Information about the failure is returned as for PCRE_ERROR_BADUTF8. It is in
+fact sufficient to detect this case, but this special error code for
+PCRE_PARTIAL_HARD precedes the implementation of returned information; it is
+retained for backwards compatibility.
+<pre>
+  PCRE_ERROR_RECURSELOOP    (-26)
+</pre>
+This error is returned when <b>pcre_exec()</b> detects a recursion loop within
+the pattern. Specifically, it means that either the whole pattern or a
+subpattern has been called recursively for the second time at the same position
+in the subject string. Some simple patterns that might do this are detected and
+faulted at compile time, but more complicated cases, in particular mutual
+recursions between two different subpatterns, cannot be detected until run
+time.
+<pre>
+  PCRE_ERROR_JIT_STACKLIMIT (-27)
+</pre>
+This error is returned when a pattern that was successfully studied using a
+JIT compile option is being matched, but the memory available for the
+just-in-time processing stack is not large enough. See the
+<a href="pcrejit.html"><b>pcrejit</b></a>
+documentation for more details.
+<pre>
+  PCRE_ERROR_BADMODE        (-28)
+</pre>
+This error is given if a pattern that was compiled by the 8-bit library is
+passed to a 16-bit or 32-bit library function, or vice versa.
+<pre>
+  PCRE_ERROR_BADENDIANNESS  (-29)
+</pre>
+This error is given if a pattern that was compiled and saved is reloaded on a
+host with different endianness. The utility function
+<b>pcre_pattern_to_host_byte_order()</b> can be used to convert such a pattern
+so that it runs on the new host.
+<pre>
+  PCRE_ERROR_JIT_BADOPTION
+</pre>
+This error is returned when a pattern that was successfully studied using a JIT
+compile option is being matched, but the matching mode (partial or complete
+match) does not correspond to any JIT compilation mode. When the JIT fast path
+function is used, this error may be also given for invalid options. See the
+<a href="pcrejit.html"><b>pcrejit</b></a>
+documentation for more details.
+<pre>
+  PCRE_ERROR_BADLENGTH      (-32)
+</pre>
+This error is given if <b>pcre_exec()</b> is called with a negative value for
+the <i>length</i> argument.
+</P>
+<P>
+Error numbers -16 to -20, -22, and 30 are not used by <b>pcre_exec()</b>.
+<a name="badutf8reasons"></a></P>
+<br><b>
+Reason codes for invalid UTF-8 strings
+</b><br>
+<P>
+This section applies only to the 8-bit library. The corresponding information
+for the 16-bit and 32-bit libraries is given in the
+<a href="pcre16.html"><b>pcre16</b></a>
+and
+<a href="pcre32.html"><b>pcre32</b></a>
+pages.
+</P>
+<P>
+When <b>pcre_exec()</b> returns either PCRE_ERROR_BADUTF8 or
+PCRE_ERROR_SHORTUTF8, and the size of the output vector (<i>ovecsize</i>) is at
+least 2, the offset of the start of the invalid UTF-8 character is placed in
+the first output vector element (<i>ovector[0]</i>) and a reason code is placed
+in the second element (<i>ovector[1]</i>). The reason codes are given names in
+the <b>pcre.h</b> header file:
+<pre>
+  PCRE_UTF8_ERR1
+  PCRE_UTF8_ERR2
+  PCRE_UTF8_ERR3
+  PCRE_UTF8_ERR4
+  PCRE_UTF8_ERR5
+</pre>
+The string ends with a truncated UTF-8 character; the code specifies how many
+bytes are missing (1 to 5). Although RFC 3629 restricts UTF-8 characters to be
+no longer than 4 bytes, the encoding scheme (originally defined by RFC 2279)
+allows for up to 6 bytes, and this is checked first; hence the possibility of
+4 or 5 missing bytes.
+<pre>
+  PCRE_UTF8_ERR6
+  PCRE_UTF8_ERR7
+  PCRE_UTF8_ERR8
+  PCRE_UTF8_ERR9
+  PCRE_UTF8_ERR10
+</pre>
+The two most significant bits of the 2nd, 3rd, 4th, 5th, or 6th byte of the
+character do not have the binary value 0b10 (that is, either the most
+significant bit is 0, or the next bit is 1).
+<pre>
+  PCRE_UTF8_ERR11
+  PCRE_UTF8_ERR12
+</pre>
+A character that is valid by the RFC 2279 rules is either 5 or 6 bytes long;
+these code points are excluded by RFC 3629.
+<pre>
+  PCRE_UTF8_ERR13
+</pre>
+A 4-byte character has a value greater than 0x10fff; these code points are
+excluded by RFC 3629.
+<pre>
+  PCRE_UTF8_ERR14
+</pre>
+A 3-byte character has a value in the range 0xd800 to 0xdfff; this range of
+code points are reserved by RFC 3629 for use with UTF-16, and so are excluded
+from UTF-8.
+<pre>
+  PCRE_UTF8_ERR15
+  PCRE_UTF8_ERR16
+  PCRE_UTF8_ERR17
+  PCRE_UTF8_ERR18
+  PCRE_UTF8_ERR19
+</pre>
+A 2-, 3-, 4-, 5-, or 6-byte character is "overlong", that is, it codes for a
+value that can be represented by fewer bytes, which is invalid. For example,
+the two bytes 0xc0, 0xae give the value 0x2e, whose correct coding uses just
+one byte.
+<pre>
+  PCRE_UTF8_ERR20
+</pre>
+The two most significant bits of the first byte of a character have the binary
+value 0b10 (that is, the most significant bit is 1 and the second is 0). Such a
+byte can only validly occur as the second or subsequent byte of a multi-byte
+character.
+<pre>
+  PCRE_UTF8_ERR21
+</pre>
+The first byte of a character has the value 0xfe or 0xff. These values can
+never occur in a valid UTF-8 string.
+<pre>
+  PCRE_UTF8_ERR22
+</pre>
+This error code was formerly used when the presence of a so-called
+"non-character" caused an error. Unicode corrigendum #9 makes it clear that
+such characters should not cause a string to be rejected, and so this code is
+no longer in use and is never returned.
+</P>
+<br><a name="SEC18" href="#TOC1">EXTRACTING CAPTURED SUBSTRINGS BY NUMBER</a><br>
+<P>
+<b>int pcre_copy_substring(const char *<i>subject</i>, int *<i>ovector</i>,</b>
+<b>     int <i>stringcount</i>, int <i>stringnumber</i>, char *<i>buffer</i>,</b>
+<b>     int <i>buffersize</i>);</b>
+<br>
+<br>
+<b>int pcre_get_substring(const char *<i>subject</i>, int *<i>ovector</i>,</b>
+<b>     int <i>stringcount</i>, int <i>stringnumber</i>,</b>
+<b>     const char **<i>stringptr</i>);</b>
+<br>
+<br>
+<b>int pcre_get_substring_list(const char *<i>subject</i>,</b>
+<b>     int *<i>ovector</i>, int <i>stringcount</i>, const char ***<i>listptr</i>);</b>
+</P>
+<P>
+Captured substrings can be accessed directly by using the offsets returned by
+<b>pcre_exec()</b> in <i>ovector</i>. For convenience, the functions
+<b>pcre_copy_substring()</b>, <b>pcre_get_substring()</b>, and
+<b>pcre_get_substring_list()</b> are provided for extracting captured substrings
+as new, separate, zero-terminated strings. These functions identify substrings
+by number. The next section describes functions for extracting named
+substrings.
+</P>
+<P>
+A substring that contains a binary zero is correctly extracted and has a
+further zero added on the end, but the result is not, of course, a C string.
+However, you can process such a string by referring to the length that is
+returned by <b>pcre_copy_substring()</b> and <b>pcre_get_substring()</b>.
+Unfortunately, the interface to <b>pcre_get_substring_list()</b> is not adequate
+for handling strings containing binary zeros, because the end of the final
+string is not independently indicated.
+</P>
+<P>
+The first three arguments are the same for all three of these functions:
+<i>subject</i> is the subject string that has just been successfully matched,
+<i>ovector</i> is a pointer to the vector of integer offsets that was passed to
+<b>pcre_exec()</b>, and <i>stringcount</i> is the number of substrings that were
+captured by the match, including the substring that matched the entire regular
+expression. This is the value returned by <b>pcre_exec()</b> if it is greater
+than zero. If <b>pcre_exec()</b> returned zero, indicating that it ran out of
+space in <i>ovector</i>, the value passed as <i>stringcount</i> should be the
+number of elements in the vector divided by three.
+</P>
+<P>
+The functions <b>pcre_copy_substring()</b> and <b>pcre_get_substring()</b>
+extract a single substring, whose number is given as <i>stringnumber</i>. A
+value of zero extracts the substring that matched the entire pattern, whereas
+higher values extract the captured substrings. For <b>pcre_copy_substring()</b>,
+the string is placed in <i>buffer</i>, whose length is given by
+<i>buffersize</i>, while for <b>pcre_get_substring()</b> a new block of memory is
+obtained via <b>pcre_malloc</b>, and its address is returned via
+<i>stringptr</i>. The yield of the function is the length of the string, not
+including the terminating zero, or one of these error codes:
+<pre>
+  PCRE_ERROR_NOMEMORY       (-6)
+</pre>
+The buffer was too small for <b>pcre_copy_substring()</b>, or the attempt to get
+memory failed for <b>pcre_get_substring()</b>.
+<pre>
+  PCRE_ERROR_NOSUBSTRING    (-7)
+</pre>
+There is no substring whose number is <i>stringnumber</i>.
+</P>
+<P>
+The <b>pcre_get_substring_list()</b> function extracts all available substrings
+and builds a list of pointers to them. All this is done in a single block of
+memory that is obtained via <b>pcre_malloc</b>. The address of the memory block
+is returned via <i>listptr</i>, which is also the start of the list of string
+pointers. The end of the list is marked by a NULL pointer. The yield of the
+function is zero if all went well, or the error code
+<pre>
+  PCRE_ERROR_NOMEMORY       (-6)
+</pre>
+if the attempt to get the memory block failed.
+</P>
+<P>
+When any of these functions encounter a substring that is unset, which can
+happen when capturing subpattern number <i>n+1</i> matches some part of the
+subject, but subpattern <i>n</i> has not been used at all, they return an empty
+string. This can be distinguished from a genuine zero-length substring by
+inspecting the appropriate offset in <i>ovector</i>, which is negative for unset
+substrings.
+</P>
+<P>
+The two convenience functions <b>pcre_free_substring()</b> and
+<b>pcre_free_substring_list()</b> can be used to free the memory returned by
+a previous call of <b>pcre_get_substring()</b> or
+<b>pcre_get_substring_list()</b>, respectively. They do nothing more than call
+the function pointed to by <b>pcre_free</b>, which of course could be called
+directly from a C program. However, PCRE is used in some situations where it is
+linked via a special interface to another programming language that cannot use
+<b>pcre_free</b> directly; it is for these cases that the functions are
+provided.
+</P>
+<br><a name="SEC19" href="#TOC1">EXTRACTING CAPTURED SUBSTRINGS BY NAME</a><br>
+<P>
+<b>int pcre_get_stringnumber(const pcre *<i>code</i>,</b>
+<b>     const char *<i>name</i>);</b>
+<br>
+<br>
+<b>int pcre_copy_named_substring(const pcre *<i>code</i>,</b>
+<b>     const char *<i>subject</i>, int *<i>ovector</i>,</b>
+<b>     int <i>stringcount</i>, const char *<i>stringname</i>,</b>
+<b>     char *<i>buffer</i>, int <i>buffersize</i>);</b>
+<br>
+<br>
+<b>int pcre_get_named_substring(const pcre *<i>code</i>,</b>
+<b>     const char *<i>subject</i>, int *<i>ovector</i>,</b>
+<b>     int <i>stringcount</i>, const char *<i>stringname</i>,</b>
+<b>     const char **<i>stringptr</i>);</b>
+</P>
+<P>
+To extract a substring by name, you first have to find associated number.
+For example, for this pattern
+<pre>
+  (a+)b(?&#60;xxx&#62;\d+)...
+</pre>
+the number of the subpattern called "xxx" is 2. If the name is known to be
+unique (PCRE_DUPNAMES was not set), you can find the number from the name by
+calling <b>pcre_get_stringnumber()</b>. The first argument is the compiled
+pattern, and the second is the name. The yield of the function is the
+subpattern number, or PCRE_ERROR_NOSUBSTRING (-7) if there is no subpattern of
+that name.
+</P>
+<P>
+Given the number, you can extract the substring directly, or use one of the
+functions described in the previous section. For convenience, there are also
+two functions that do the whole job.
+</P>
+<P>
+Most of the arguments of <b>pcre_copy_named_substring()</b> and
+<b>pcre_get_named_substring()</b> are the same as those for the similarly named
+functions that extract by number. As these are described in the previous
+section, they are not re-described here. There are just two differences:
+</P>
+<P>
+First, instead of a substring number, a substring name is given. Second, there
+is an extra argument, given at the start, which is a pointer to the compiled
+pattern. This is needed in order to gain access to the name-to-number
+translation table.
+</P>
+<P>
+These functions call <b>pcre_get_stringnumber()</b>, and if it succeeds, they
+then call <b>pcre_copy_substring()</b> or <b>pcre_get_substring()</b>, as
+appropriate. <b>NOTE:</b> If PCRE_DUPNAMES is set and there are duplicate names,
+the behaviour may not be what you want (see the next section).
+</P>
+<P>
+<b>Warning:</b> If the pattern uses the (?| feature to set up multiple
+subpatterns with the same number, as described in the
+<a href="pcrepattern.html#dupsubpatternnumber">section on duplicate subpattern numbers</a>
+in the
+<a href="pcrepattern.html"><b>pcrepattern</b></a>
+page, you cannot use names to distinguish the different subpatterns, because
+names are not included in the compiled code. The matching process uses only
+numbers. For this reason, the use of different names for subpatterns of the
+same number causes an error at compile time.
+</P>
+<br><a name="SEC20" href="#TOC1">DUPLICATE SUBPATTERN NAMES</a><br>
+<P>
+<b>int pcre_get_stringtable_entries(const pcre *<i>code</i>,</b>
+<b>     const char *<i>name</i>, char **<i>first</i>, char **<i>last</i>);</b>
+</P>
+<P>
+When a pattern is compiled with the PCRE_DUPNAMES option, names for subpatterns
+are not required to be unique. (Duplicate names are always allowed for
+subpatterns with the same number, created by using the (?| feature. Indeed, if
+such subpatterns are named, they are required to use the same names.)
+</P>
+<P>
+Normally, patterns with duplicate names are such that in any one match, only
+one of the named subpatterns participates. An example is shown in the
+<a href="pcrepattern.html"><b>pcrepattern</b></a>
+documentation.
+</P>
+<P>
+When duplicates are present, <b>pcre_copy_named_substring()</b> and
+<b>pcre_get_named_substring()</b> return the first substring corresponding to
+the given name that is set. If none are set, PCRE_ERROR_NOSUBSTRING (-7) is
+returned; no data is returned. The <b>pcre_get_stringnumber()</b> function
+returns one of the numbers that are associated with the name, but it is not
+defined which it is.
+</P>
+<P>
+If you want to get full details of all captured substrings for a given name,
+you must use the <b>pcre_get_stringtable_entries()</b> function. The first
+argument is the compiled pattern, and the second is the name. The third and
+fourth are pointers to variables which are updated by the function. After it
+has run, they point to the first and last entries in the name-to-number table
+for the given name. The function itself returns the length of each entry, or
+PCRE_ERROR_NOSUBSTRING (-7) if there are none. The format of the table is
+described above in the section entitled <i>Information about a pattern</i>
+<a href="#infoaboutpattern">above.</a>
+Given all the relevant entries for the name, you can extract each of their
+numbers, and hence the captured data, if any.
+</P>
+<br><a name="SEC21" href="#TOC1">FINDING ALL POSSIBLE MATCHES</a><br>
+<P>
+The traditional matching function uses a similar algorithm to Perl, which stops
+when it finds the first match, starting at a given point in the subject. If you
+want to find all possible matches, or the longest possible match, consider
+using the alternative matching function (see below) instead. If you cannot use
+the alternative function, but still need to find all possible matches, you
+can kludge it up by making use of the callout facility, which is described in
+the
+<a href="pcrecallout.html"><b>pcrecallout</b></a>
+documentation.
+</P>
+<P>
+What you have to do is to insert a callout right at the end of the pattern.
+When your callout function is called, extract and save the current matched
+substring. Then return 1, which forces <b>pcre_exec()</b> to backtrack and try
+other alternatives. Ultimately, when it runs out of matches, <b>pcre_exec()</b>
+will yield PCRE_ERROR_NOMATCH.
+</P>
+<br><a name="SEC22" href="#TOC1">OBTAINING AN ESTIMATE OF STACK USAGE</a><br>
+<P>
+Matching certain patterns using <b>pcre_exec()</b> can use a lot of process
+stack, which in certain environments can be rather limited in size. Some users
+find it helpful to have an estimate of the amount of stack that is used by
+<b>pcre_exec()</b>, to help them set recursion limits, as described in the
+<a href="pcrestack.html"><b>pcrestack</b></a>
+documentation. The estimate that is output by <b>pcretest</b> when called with
+the <b>-m</b> and <b>-C</b> options is obtained by calling <b>pcre_exec</b> with
+the values NULL, NULL, NULL, -999, and -999 for its first five arguments.
+</P>
+<P>
+Normally, if its first argument is NULL, <b>pcre_exec()</b> immediately returns
+the negative error code PCRE_ERROR_NULL, but with this special combination of
+arguments, it returns instead a negative number whose absolute value is the
+approximate stack frame size in bytes. (A negative number is used so that it is
+clear that no match has happened.) The value is approximate because in some
+cases, recursive calls to <b>pcre_exec()</b> occur when there are one or two
+additional variables on the stack.
+</P>
+<P>
+If PCRE has been compiled to use the heap instead of the stack for recursion,
+the value returned is the size of each block that is obtained from the heap.
+<a name="dfamatch"></a></P>
+<br><a name="SEC23" href="#TOC1">MATCHING A PATTERN: THE ALTERNATIVE FUNCTION</a><br>
+<P>
+<b>int pcre_dfa_exec(const pcre *<i>code</i>, const pcre_extra *<i>extra</i>,</b>
+<b>     const char *<i>subject</i>, int <i>length</i>, int <i>startoffset</i>,</b>
+<b>     int <i>options</i>, int *<i>ovector</i>, int <i>ovecsize</i>,</b>
+<b>     int *<i>workspace</i>, int <i>wscount</i>);</b>
+</P>
+<P>
+The function <b>pcre_dfa_exec()</b> is called to match a subject string against
+a compiled pattern, using a matching algorithm that scans the subject string
+just once, and does not backtrack. This has different characteristics to the
+normal algorithm, and is not compatible with Perl. Some of the features of PCRE
+patterns are not supported. Nevertheless, there are times when this kind of
+matching can be useful. For a discussion of the two matching algorithms, and a
+list of features that <b>pcre_dfa_exec()</b> does not support, see the
+<a href="pcrematching.html"><b>pcrematching</b></a>
+documentation.
+</P>
+<P>
+The arguments for the <b>pcre_dfa_exec()</b> function are the same as for
+<b>pcre_exec()</b>, plus two extras. The <i>ovector</i> argument is used in a
+different way, and this is described below. The other common arguments are used
+in the same way as for <b>pcre_exec()</b>, so their description is not repeated
+here.
+</P>
+<P>
+The two additional arguments provide workspace for the function. The workspace
+vector should contain at least 20 elements. It is used for keeping track of
+multiple paths through the pattern tree. More workspace will be needed for
+patterns and subjects where there are a lot of potential matches.
+</P>
+<P>
+Here is an example of a simple call to <b>pcre_dfa_exec()</b>:
+<pre>
+  int rc;
+  int ovector[10];
+  int wspace[20];
+  rc = pcre_dfa_exec(
+    re,             /* result of pcre_compile() */
+    NULL,           /* we didn't study the pattern */
+    "some string",  /* the subject string */
+    11,             /* the length of the subject string */
+    0,              /* start at offset 0 in the subject */
+    0,              /* default options */
+    ovector,        /* vector of integers for substring information */
+    10,             /* number of elements (NOT size in bytes) */
+    wspace,         /* working space vector */
+    20);            /* number of elements (NOT size in bytes) */
+</PRE>
+</P>
+<br><b>
+Option bits for <b>pcre_dfa_exec()</b>
+</b><br>
+<P>
+The unused bits of the <i>options</i> argument for <b>pcre_dfa_exec()</b> must be
+zero. The only bits that may be set are PCRE_ANCHORED, PCRE_NEWLINE_<i>xxx</i>,
+PCRE_NOTBOL, PCRE_NOTEOL, PCRE_NOTEMPTY, PCRE_NOTEMPTY_ATSTART,
+PCRE_NO_UTF8_CHECK, PCRE_BSR_ANYCRLF, PCRE_BSR_UNICODE, PCRE_NO_START_OPTIMIZE,
+PCRE_PARTIAL_HARD, PCRE_PARTIAL_SOFT, PCRE_DFA_SHORTEST, and PCRE_DFA_RESTART.
+All but the last four of these are exactly the same as for <b>pcre_exec()</b>,
+so their description is not repeated here.
+<pre>
+  PCRE_PARTIAL_HARD
+  PCRE_PARTIAL_SOFT
+</pre>
+These have the same general effect as they do for <b>pcre_exec()</b>, but the
+details are slightly different. When PCRE_PARTIAL_HARD is set for
+<b>pcre_dfa_exec()</b>, it returns PCRE_ERROR_PARTIAL if the end of the subject
+is reached and there is still at least one matching possibility that requires
+additional characters. This happens even if some complete matches have also
+been found. When PCRE_PARTIAL_SOFT is set, the return code PCRE_ERROR_NOMATCH
+is converted into PCRE_ERROR_PARTIAL if the end of the subject is reached,
+there have been no complete matches, but there is still at least one matching
+possibility. The portion of the string that was inspected when the longest
+partial match was found is set as the first matching string in both cases.
+There is a more detailed discussion of partial and multi-segment matching, with
+examples, in the
+<a href="pcrepartial.html"><b>pcrepartial</b></a>
+documentation.
+<pre>
+  PCRE_DFA_SHORTEST
+</pre>
+Setting the PCRE_DFA_SHORTEST option causes the matching algorithm to stop as
+soon as it has found one match. Because of the way the alternative algorithm
+works, this is necessarily the shortest possible match at the first possible
+matching point in the subject string.
+<pre>
+  PCRE_DFA_RESTART
+</pre>
+When <b>pcre_dfa_exec()</b> returns a partial match, it is possible to call it
+again, with additional subject characters, and have it continue with the same
+match. The PCRE_DFA_RESTART option requests this action; when it is set, the
+<i>workspace</i> and <i>wscount</i> options must reference the same vector as
+before because data about the match so far is left in them after a partial
+match. There is more discussion of this facility in the
+<a href="pcrepartial.html"><b>pcrepartial</b></a>
+documentation.
+</P>
+<br><b>
+Successful returns from <b>pcre_dfa_exec()</b>
+</b><br>
+<P>
+When <b>pcre_dfa_exec()</b> succeeds, it may have matched more than one
+substring in the subject. Note, however, that all the matches from one run of
+the function start at the same point in the subject. The shorter matches are
+all initial substrings of the longer matches. For example, if the pattern
+<pre>
+  &#60;.*&#62;
+</pre>
+is matched against the string
+<pre>
+  This is &#60;something&#62; &#60;something else&#62; &#60;something further&#62; no more
+</pre>
+the three matched strings are
+<pre>
+  &#60;something&#62;
+  &#60;something&#62; &#60;something else&#62;
+  &#60;something&#62; &#60;something else&#62; &#60;something further&#62;
+</pre>
+On success, the yield of the function is a number greater than zero, which is
+the number of matched substrings. The substrings themselves are returned in
+<i>ovector</i>. Each string uses two elements; the first is the offset to the
+start, and the second is the offset to the end. In fact, all the strings have
+the same start offset. (Space could have been saved by giving this only once,
+but it was decided to retain some compatibility with the way <b>pcre_exec()</b>
+returns data, even though the meaning of the strings is different.)
+</P>
+<P>
+The strings are returned in reverse order of length; that is, the longest
+matching string is given first. If there were too many matches to fit into
+<i>ovector</i>, the yield of the function is zero, and the vector is filled with
+the longest matches. Unlike <b>pcre_exec()</b>, <b>pcre_dfa_exec()</b> can use
+the entire <i>ovector</i> for returning matched strings.
+</P>
+<P>
+NOTE: PCRE's "auto-possessification" optimization usually applies to character
+repeats at the end of a pattern (as well as internally). For example, the
+pattern "a\d+" is compiled as if it were "a\d++" because there is no point
+even considering the possibility of backtracking into the repeated digits. For
+DFA matching, this means that only one possible match is found. If you really
+do want multiple matches in such cases, either use an ungreedy repeat
+("a\d+?") or set the PCRE_NO_AUTO_POSSESS option when compiling.
+</P>
+<br><b>
+Error returns from <b>pcre_dfa_exec()</b>
+</b><br>
+<P>
+The <b>pcre_dfa_exec()</b> function returns a negative number when it fails.
+Many of the errors are the same as for <b>pcre_exec()</b>, and these are
+described
+<a href="#errorlist">above.</a>
+There are in addition the following errors that are specific to
+<b>pcre_dfa_exec()</b>:
+<pre>
+  PCRE_ERROR_DFA_UITEM      (-16)
+</pre>
+This return is given if <b>pcre_dfa_exec()</b> encounters an item in the pattern
+that it does not support, for instance, the use of \C or a back reference.
+<pre>
+  PCRE_ERROR_DFA_UCOND      (-17)
+</pre>
+This return is given if <b>pcre_dfa_exec()</b> encounters a condition item that
+uses a back reference for the condition, or a test for recursion in a specific
+group. These are not supported.
+<pre>
+  PCRE_ERROR_DFA_UMLIMIT    (-18)
+</pre>
+This return is given if <b>pcre_dfa_exec()</b> is called with an <i>extra</i>
+block that contains a setting of the <i>match_limit</i> or
+<i>match_limit_recursion</i> fields. This is not supported (these fields are
+meaningless for DFA matching).
+<pre>
+  PCRE_ERROR_DFA_WSSIZE     (-19)
+</pre>
+This return is given if <b>pcre_dfa_exec()</b> runs out of space in the
+<i>workspace</i> vector.
+<pre>
+  PCRE_ERROR_DFA_RECURSE    (-20)
+</pre>
+When a recursive subpattern is processed, the matching function calls itself
+recursively, using private vectors for <i>ovector</i> and <i>workspace</i>. This
+error is given if the output vector is not large enough. This should be
+extremely rare, as a vector of size 1000 is used.
+<pre>
+  PCRE_ERROR_DFA_BADRESTART (-30)
+</pre>
+When <b>pcre_dfa_exec()</b> is called with the <b>PCRE_DFA_RESTART</b> option,
+some plausibility checks are made on the contents of the workspace, which
+should contain data about the previous partial match. If any of these checks
+fail, this error is given.
+</P>
+<br><a name="SEC24" href="#TOC1">SEE ALSO</a><br>
+<P>
+<b>pcre16</b>(3), <b>pcre32</b>(3), <b>pcrebuild</b>(3), <b>pcrecallout</b>(3),
+<b>pcrecpp(3)</b>(3), <b>pcrematching</b>(3), <b>pcrepartial</b>(3),
+<b>pcreposix</b>(3), <b>pcreprecompile</b>(3), <b>pcresample</b>(3),
+<b>pcrestack</b>(3).
+</P>
+<br><a name="SEC25" href="#TOC1">AUTHOR</a><br>
+<P>
+Philip Hazel
+<br>
+University Computing Service
+<br>
+Cambridge CB2 3QH, England.
+<br>
+</P>
+<br><a name="SEC26" href="#TOC1">REVISION</a><br>
+<P>
+Last updated: 18 December 2015
+<br>
+Copyright &copy; 1997-2015 University of Cambridge.
+<br>
+<p>
+Return to the <a href="index.html">PCRE index page</a>.
+</p>
diff --git a/client/3rd/ShadowSocks/ShadowSocks/pcre/armv7s/share/doc/pcre/html/pcrebuild.html b/client/3rd/ShadowSocks/ShadowSocks/pcre/armv7s/share/doc/pcre/html/pcrebuild.html
new file mode 100644
index 00000000..03c8cbe0
--- /dev/null
+++ b/client/3rd/ShadowSocks/ShadowSocks/pcre/armv7s/share/doc/pcre/html/pcrebuild.html
@@ -0,0 +1,534 @@
+<html>
+<head>
+<title>pcrebuild specification</title>
+</head>
+<body bgcolor="#FFFFFF" text="#00005A" link="#0066FF" alink="#3399FF" vlink="#2222BB">
+<h1>pcrebuild man page</h1>
+<p>
+Return to the <a href="index.html">PCRE index page</a>.
+</p>
+<p>
+This page is part of the PCRE HTML documentation. It was generated automatically
+from the original man page. If there is any nonsense in it, please consult the
+man page, in case the conversion went wrong.
+<br>
+<ul>
+<li><a name="TOC1" href="#SEC1">BUILDING PCRE</a>
+<li><a name="TOC2" href="#SEC2">PCRE BUILD-TIME OPTIONS</a>
+<li><a name="TOC3" href="#SEC3">BUILDING 8-BIT, 16-BIT AND 32-BIT LIBRARIES</a>
+<li><a name="TOC4" href="#SEC4">BUILDING SHARED AND STATIC LIBRARIES</a>
+<li><a name="TOC5" href="#SEC5">C++ SUPPORT</a>
+<li><a name="TOC6" href="#SEC6">UTF-8, UTF-16 AND UTF-32 SUPPORT</a>
+<li><a name="TOC7" href="#SEC7">UNICODE CHARACTER PROPERTY SUPPORT</a>
+<li><a name="TOC8" href="#SEC8">JUST-IN-TIME COMPILER SUPPORT</a>
+<li><a name="TOC9" href="#SEC9">CODE VALUE OF NEWLINE</a>
+<li><a name="TOC10" href="#SEC10">WHAT \R MATCHES</a>
+<li><a name="TOC11" href="#SEC11">POSIX MALLOC USAGE</a>
+<li><a name="TOC12" href="#SEC12">HANDLING VERY LARGE PATTERNS</a>
+<li><a name="TOC13" href="#SEC13">AVOIDING EXCESSIVE STACK USAGE</a>
+<li><a name="TOC14" href="#SEC14">LIMITING PCRE RESOURCE USAGE</a>
+<li><a name="TOC15" href="#SEC15">CREATING CHARACTER TABLES AT BUILD TIME</a>
+<li><a name="TOC16" href="#SEC16">USING EBCDIC CODE</a>
+<li><a name="TOC17" href="#SEC17">PCREGREP OPTIONS FOR COMPRESSED FILE SUPPORT</a>
+<li><a name="TOC18" href="#SEC18">PCREGREP BUFFER SIZE</a>
+<li><a name="TOC19" href="#SEC19">PCRETEST OPTION FOR LIBREADLINE SUPPORT</a>
+<li><a name="TOC20" href="#SEC20">DEBUGGING WITH VALGRIND SUPPORT</a>
+<li><a name="TOC21" href="#SEC21">CODE COVERAGE REPORTING</a>
+<li><a name="TOC22" href="#SEC22">SEE ALSO</a>
+<li><a name="TOC23" href="#SEC23">AUTHOR</a>
+<li><a name="TOC24" href="#SEC24">REVISION</a>
+</ul>
+<br><a name="SEC1" href="#TOC1">BUILDING PCRE</a><br>
+<P>
+PCRE is distributed with a <b>configure</b> script that can be used to build the
+library in Unix-like environments using the applications known as Autotools.
+Also in the distribution are files to support building using <b>CMake</b>
+instead of <b>configure</b>. The text file
+<a href="README.txt"><b>README</b></a>
+contains general information about building with Autotools (some of which is
+repeated below), and also has some comments about building on various operating
+systems. There is a lot more information about building PCRE without using
+Autotools (including information about using <b>CMake</b> and building "by
+hand") in the text file called
+<a href="NON-AUTOTOOLS-BUILD.txt"><b>NON-AUTOTOOLS-BUILD</b>.</a>
+You should consult this file as well as the
+<a href="README.txt"><b>README</b></a>
+file if you are building in a non-Unix-like environment.
+</P>
+<br><a name="SEC2" href="#TOC1">PCRE BUILD-TIME OPTIONS</a><br>
+<P>
+The rest of this document describes the optional features of PCRE that can be
+selected when the library is compiled. It assumes use of the <b>configure</b>
+script, where the optional features are selected or deselected by providing
+options to <b>configure</b> before running the <b>make</b> command. However, the
+same options can be selected in both Unix-like and non-Unix-like environments
+using the GUI facility of <b>cmake-gui</b> if you are using <b>CMake</b> instead
+of <b>configure</b> to build PCRE.
+</P>
+<P>
+If you are not using Autotools or <b>CMake</b>, option selection can be done by
+editing the <b>config.h</b> file, or by passing parameter settings to the
+compiler, as described in
+<a href="NON-AUTOTOOLS-BUILD.txt"><b>NON-AUTOTOOLS-BUILD</b>.</a>
+</P>
+<P>
+The complete list of options for <b>configure</b> (which includes the standard
+ones such as the selection of the installation directory) can be obtained by
+running
+<pre>
+  ./configure --help
+</pre>
+The following sections include descriptions of options whose names begin with
+--enable or --disable. These settings specify changes to the defaults for the
+<b>configure</b> command. Because of the way that <b>configure</b> works,
+--enable and --disable always come in pairs, so the complementary option always
+exists as well, but as it specifies the default, it is not described.
+</P>
+<br><a name="SEC3" href="#TOC1">BUILDING 8-BIT, 16-BIT AND 32-BIT LIBRARIES</a><br>
+<P>
+By default, a library called <b>libpcre</b> is built, containing functions that
+take string arguments contained in vectors of bytes, either as single-byte
+characters, or interpreted as UTF-8 strings. You can also build a separate
+library, called <b>libpcre16</b>, in which strings are contained in vectors of
+16-bit data units and interpreted either as single-unit characters or UTF-16
+strings, by adding
+<pre>
+  --enable-pcre16
+</pre>
+to the <b>configure</b> command. You can also build yet another separate
+library, called <b>libpcre32</b>, in which strings are contained in vectors of
+32-bit data units and interpreted either as single-unit characters or UTF-32
+strings, by adding
+<pre>
+  --enable-pcre32
+</pre>
+to the <b>configure</b> command. If you do not want the 8-bit library, add
+<pre>
+  --disable-pcre8
+</pre>
+as well. At least one of the three libraries must be built. Note that the C++
+and POSIX wrappers are for the 8-bit library only, and that <b>pcregrep</b> is
+an 8-bit program. None of these are built if you select only the 16-bit or
+32-bit libraries.
+</P>
+<br><a name="SEC4" href="#TOC1">BUILDING SHARED AND STATIC LIBRARIES</a><br>
+<P>
+The Autotools PCRE building process uses <b>libtool</b> to build both shared and
+static libraries by default. You can suppress one of these by adding one of
+<pre>
+  --disable-shared
+  --disable-static
+</pre>
+to the <b>configure</b> command, as required.
+</P>
+<br><a name="SEC5" href="#TOC1">C++ SUPPORT</a><br>
+<P>
+By default, if the 8-bit library is being built, the <b>configure</b> script
+will search for a C++ compiler and C++ header files. If it finds them, it
+automatically builds the C++ wrapper library (which supports only 8-bit
+strings). You can disable this by adding
+<pre>
+  --disable-cpp
+</pre>
+to the <b>configure</b> command.
+</P>
+<br><a name="SEC6" href="#TOC1">UTF-8, UTF-16 AND UTF-32 SUPPORT</a><br>
+<P>
+To build PCRE with support for UTF Unicode character strings, add
+<pre>
+  --enable-utf
+</pre>
+to the <b>configure</b> command. This setting applies to all three libraries,
+adding support for UTF-8 to the 8-bit library, support for UTF-16 to the 16-bit
+library, and support for UTF-32 to the to the 32-bit library. There are no
+separate options for enabling UTF-8, UTF-16 and UTF-32 independently because
+that would allow ridiculous settings such as requesting UTF-16 support while
+building only the 8-bit library. It is not possible to build one library with
+UTF support and another without in the same configuration. (For backwards
+compatibility, --enable-utf8 is a synonym of --enable-utf.)
+</P>
+<P>
+Of itself, this setting does not make PCRE treat strings as UTF-8, UTF-16 or
+UTF-32. As well as compiling PCRE with this option, you also have have to set
+the PCRE_UTF8, PCRE_UTF16 or PCRE_UTF32 option (as appropriate) when you call
+one of the pattern compiling functions.
+</P>
+<P>
+If you set --enable-utf when compiling in an EBCDIC environment, PCRE expects
+its input to be either ASCII or UTF-8 (depending on the run-time option). It is
+not possible to support both EBCDIC and UTF-8 codes in the same version of the
+library. Consequently, --enable-utf and --enable-ebcdic are mutually
+exclusive.
+</P>
+<br><a name="SEC7" href="#TOC1">UNICODE CHARACTER PROPERTY SUPPORT</a><br>
+<P>
+UTF support allows the libraries to process character codepoints up to 0x10ffff
+in the strings that they handle. On its own, however, it does not provide any
+facilities for accessing the properties of such characters. If you want to be
+able to use the pattern escapes \P, \p, and \X, which refer to Unicode
+character properties, you must add
+<pre>
+  --enable-unicode-properties
+</pre>
+to the <b>configure</b> command. This implies UTF support, even if you have
+not explicitly requested it.
+</P>
+<P>
+Including Unicode property support adds around 30K of tables to the PCRE
+library. Only the general category properties such as <i>Lu</i> and <i>Nd</i> are
+supported. Details are given in the
+<a href="pcrepattern.html"><b>pcrepattern</b></a>
+documentation.
+</P>
+<br><a name="SEC8" href="#TOC1">JUST-IN-TIME COMPILER SUPPORT</a><br>
+<P>
+Just-in-time compiler support is included in the build by specifying
+<pre>
+  --enable-jit
+</pre>
+This support is available only for certain hardware architectures. If this
+option is set for an unsupported architecture, a compile time error occurs.
+See the
+<a href="pcrejit.html"><b>pcrejit</b></a>
+documentation for a discussion of JIT usage. When JIT support is enabled,
+pcregrep automatically makes use of it, unless you add
+<pre>
+  --disable-pcregrep-jit
+</pre>
+to the "configure" command.
+</P>
+<br><a name="SEC9" href="#TOC1">CODE VALUE OF NEWLINE</a><br>
+<P>
+By default, PCRE interprets the linefeed (LF) character as indicating the end
+of a line. This is the normal newline character on Unix-like systems. You can
+compile PCRE to use carriage return (CR) instead, by adding
+<pre>
+  --enable-newline-is-cr
+</pre>
+to the <b>configure</b> command. There is also a --enable-newline-is-lf option,
+which explicitly specifies linefeed as the newline character.
+<br>
+<br>
+Alternatively, you can specify that line endings are to be indicated by the two
+character sequence CRLF. If you want this, add
+<pre>
+  --enable-newline-is-crlf
+</pre>
+to the <b>configure</b> command. There is a fourth option, specified by
+<pre>
+  --enable-newline-is-anycrlf
+</pre>
+which causes PCRE to recognize any of the three sequences CR, LF, or CRLF as
+indicating a line ending. Finally, a fifth option, specified by
+<pre>
+  --enable-newline-is-any
+</pre>
+causes PCRE to recognize any Unicode newline sequence.
+</P>
+<P>
+Whatever line ending convention is selected when PCRE is built can be
+overridden when the library functions are called. At build time it is
+conventional to use the standard for your operating system.
+</P>
+<br><a name="SEC10" href="#TOC1">WHAT \R MATCHES</a><br>
+<P>
+By default, the sequence \R in a pattern matches any Unicode newline sequence,
+whatever has been selected as the line ending sequence. If you specify
+<pre>
+  --enable-bsr-anycrlf
+</pre>
+the default is changed so that \R matches only CR, LF, or CRLF. Whatever is
+selected when PCRE is built can be overridden when the library functions are
+called.
+</P>
+<br><a name="SEC11" href="#TOC1">POSIX MALLOC USAGE</a><br>
+<P>
+When the 8-bit library is called through the POSIX interface (see the
+<a href="pcreposix.html"><b>pcreposix</b></a>
+documentation), additional working storage is required for holding the pointers
+to capturing substrings, because PCRE requires three integers per substring,
+whereas the POSIX interface provides only two. If the number of expected
+substrings is small, the wrapper function uses space on the stack, because this
+is faster than using <b>malloc()</b> for each call. The default threshold above
+which the stack is no longer used is 10; it can be changed by adding a setting
+such as
+<pre>
+  --with-posix-malloc-threshold=20
+</pre>
+to the <b>configure</b> command.
+</P>
+<br><a name="SEC12" href="#TOC1">HANDLING VERY LARGE PATTERNS</a><br>
+<P>
+Within a compiled pattern, offset values are used to point from one part to
+another (for example, from an opening parenthesis to an alternation
+metacharacter). By default, in the 8-bit and 16-bit libraries, two-byte values
+are used for these offsets, leading to a maximum size for a compiled pattern of
+around 64K. This is sufficient to handle all but the most gigantic patterns.
+Nevertheless, some people do want to process truly enormous patterns, so it is
+possible to compile PCRE to use three-byte or four-byte offsets by adding a
+setting such as
+<pre>
+  --with-link-size=3
+</pre>
+to the <b>configure</b> command. The value given must be 2, 3, or 4. For the
+16-bit library, a value of 3 is rounded up to 4. In these libraries, using
+longer offsets slows down the operation of PCRE because it has to load
+additional data when handling them. For the 32-bit library the value is always
+4 and cannot be overridden; the value of --with-link-size is ignored.
+</P>
+<br><a name="SEC13" href="#TOC1">AVOIDING EXCESSIVE STACK USAGE</a><br>
+<P>
+When matching with the <b>pcre_exec()</b> function, PCRE implements backtracking
+by making recursive calls to an internal function called <b>match()</b>. In
+environments where the size of the stack is limited, this can severely limit
+PCRE's operation. (The Unix environment does not usually suffer from this
+problem, but it may sometimes be necessary to increase the maximum stack size.
+There is a discussion in the
+<a href="pcrestack.html"><b>pcrestack</b></a>
+documentation.) An alternative approach to recursion that uses memory from the
+heap to remember data, instead of using recursive function calls, has been
+implemented to work round the problem of limited stack size. If you want to
+build a version of PCRE that works this way, add
+<pre>
+  --disable-stack-for-recursion
+</pre>
+to the <b>configure</b> command. With this configuration, PCRE will use the
+<b>pcre_stack_malloc</b> and <b>pcre_stack_free</b> variables to call memory
+management functions. By default these point to <b>malloc()</b> and
+<b>free()</b>, but you can replace the pointers so that your own functions are
+used instead.
+</P>
+<P>
+Separate functions are provided rather than using <b>pcre_malloc</b> and
+<b>pcre_free</b> because the usage is very predictable: the block sizes
+requested are always the same, and the blocks are always freed in reverse
+order. A calling program might be able to implement optimized functions that
+perform better than <b>malloc()</b> and <b>free()</b>. PCRE runs noticeably more
+slowly when built in this way. This option affects only the <b>pcre_exec()</b>
+function; it is not relevant for <b>pcre_dfa_exec()</b>.
+</P>
+<br><a name="SEC14" href="#TOC1">LIMITING PCRE RESOURCE USAGE</a><br>
+<P>
+Internally, PCRE has a function called <b>match()</b>, which it calls repeatedly
+(sometimes recursively) when matching a pattern with the <b>pcre_exec()</b>
+function. By controlling the maximum number of times this function may be
+called during a single matching operation, a limit can be placed on the
+resources used by a single call to <b>pcre_exec()</b>. The limit can be changed
+at run time, as described in the
+<a href="pcreapi.html"><b>pcreapi</b></a>
+documentation. The default is 10 million, but this can be changed by adding a
+setting such as
+<pre>
+  --with-match-limit=500000
+</pre>
+to the <b>configure</b> command. This setting has no effect on the
+<b>pcre_dfa_exec()</b> matching function.
+</P>
+<P>
+In some environments it is desirable to limit the depth of recursive calls of
+<b>match()</b> more strictly than the total number of calls, in order to
+restrict the maximum amount of stack (or heap, if --disable-stack-for-recursion
+is specified) that is used. A second limit controls this; it defaults to the
+value that is set for --with-match-limit, which imposes no additional
+constraints. However, you can set a lower limit by adding, for example,
+<pre>
+  --with-match-limit-recursion=10000
+</pre>
+to the <b>configure</b> command. This value can also be overridden at run time.
+</P>
+<br><a name="SEC15" href="#TOC1">CREATING CHARACTER TABLES AT BUILD TIME</a><br>
+<P>
+PCRE uses fixed tables for processing characters whose code values are less
+than 256. By default, PCRE is built with a set of tables that are distributed
+in the file <i>pcre_chartables.c.dist</i>. These tables are for ASCII codes
+only. If you add
+<pre>
+  --enable-rebuild-chartables
+</pre>
+to the <b>configure</b> command, the distributed tables are no longer used.
+Instead, a program called <b>dftables</b> is compiled and run. This outputs the
+source for new set of tables, created in the default locale of your C run-time
+system. (This method of replacing the tables does not work if you are cross
+compiling, because <b>dftables</b> is run on the local host. If you need to
+create alternative tables when cross compiling, you will have to do so "by
+hand".)
+</P>
+<br><a name="SEC16" href="#TOC1">USING EBCDIC CODE</a><br>
+<P>
+PCRE assumes by default that it will run in an environment where the character
+code is ASCII (or Unicode, which is a superset of ASCII). This is the case for
+most computer operating systems. PCRE can, however, be compiled to run in an
+EBCDIC environment by adding
+<pre>
+  --enable-ebcdic
+</pre>
+to the <b>configure</b> command. This setting implies
+--enable-rebuild-chartables. You should only use it if you know that you are in
+an EBCDIC environment (for example, an IBM mainframe operating system). The
+--enable-ebcdic option is incompatible with --enable-utf.
+</P>
+<P>
+The EBCDIC character that corresponds to an ASCII LF is assumed to have the
+value 0x15 by default. However, in some EBCDIC environments, 0x25 is used. In
+such an environment you should use
+<pre>
+  --enable-ebcdic-nl25
+</pre>
+as well as, or instead of, --enable-ebcdic. The EBCDIC character for CR has the
+same value as in ASCII, namely, 0x0d. Whichever of 0x15 and 0x25 is <i>not</i>
+chosen as LF is made to correspond to the Unicode NEL character (which, in
+Unicode, is 0x85).
+</P>
+<P>
+The options that select newline behaviour, such as --enable-newline-is-cr,
+and equivalent run-time options, refer to these character values in an EBCDIC
+environment.
+</P>
+<br><a name="SEC17" href="#TOC1">PCREGREP OPTIONS FOR COMPRESSED FILE SUPPORT</a><br>
+<P>
+By default, <b>pcregrep</b> reads all files as plain text. You can build it so
+that it recognizes files whose names end in <b>.gz</b> or <b>.bz2</b>, and reads
+them with <b>libz</b> or <b>libbz2</b>, respectively, by adding one or both of
+<pre>
+  --enable-pcregrep-libz
+  --enable-pcregrep-libbz2
+</pre>
+to the <b>configure</b> command. These options naturally require that the
+relevant libraries are installed on your system. Configuration will fail if
+they are not.
+</P>
+<br><a name="SEC18" href="#TOC1">PCREGREP BUFFER SIZE</a><br>
+<P>
+<b>pcregrep</b> uses an internal buffer to hold a "window" on the file it is
+scanning, in order to be able to output "before" and "after" lines when it
+finds a match. The size of the buffer is controlled by a parameter whose
+default value is 20K. The buffer itself is three times this size, but because
+of the way it is used for holding "before" lines, the longest line that is
+guaranteed to be processable is the parameter size. You can change the default
+parameter value by adding, for example,
+<pre>
+  --with-pcregrep-bufsize=50K
+</pre>
+to the <b>configure</b> command. The caller of \fPpcregrep\fP can, however,
+override this value by specifying a run-time option.
+</P>
+<br><a name="SEC19" href="#TOC1">PCRETEST OPTION FOR LIBREADLINE SUPPORT</a><br>
+<P>
+If you add
+<pre>
+  --enable-pcretest-libreadline
+</pre>
+to the <b>configure</b> command, <b>pcretest</b> is linked with the
+<b>libreadline</b> library, and when its input is from a terminal, it reads it
+using the <b>readline()</b> function. This provides line-editing and history
+facilities. Note that <b>libreadline</b> is GPL-licensed, so if you distribute a
+binary of <b>pcretest</b> linked in this way, there may be licensing issues.
+</P>
+<P>
+Setting this option causes the <b>-lreadline</b> option to be added to the
+<b>pcretest</b> build. In many operating environments with a sytem-installed
+<b>libreadline</b> this is sufficient. However, in some environments (e.g.
+if an unmodified distribution version of readline is in use), some extra
+configuration may be necessary. The INSTALL file for <b>libreadline</b> says
+this:
+<pre>
+  "Readline uses the termcap functions, but does not link with the
+  termcap or curses library itself, allowing applications which link
+  with readline the to choose an appropriate library."
+</pre>
+If your environment has not been set up so that an appropriate library is
+automatically included, you may need to add something like
+<pre>
+  LIBS="-ncurses"
+</pre>
+immediately before the <b>configure</b> command.
+</P>
+<br><a name="SEC20" href="#TOC1">DEBUGGING WITH VALGRIND SUPPORT</a><br>
+<P>
+By adding the
+<pre>
+  --enable-valgrind
+</pre>
+option to to the <b>configure</b> command, PCRE will use valgrind annotations
+to mark certain memory regions as unaddressable. This allows it to detect
+invalid memory accesses, and is mostly useful for debugging PCRE itself.
+</P>
+<br><a name="SEC21" href="#TOC1">CODE COVERAGE REPORTING</a><br>
+<P>
+If your C compiler is gcc, you can build a version of PCRE that can generate a
+code coverage report for its test suite. To enable this, you must install
+<b>lcov</b> version 1.6 or above. Then specify
+<pre>
+  --enable-coverage
+</pre>
+to the <b>configure</b> command and build PCRE in the usual way.
+</P>
+<P>
+Note that using <b>ccache</b> (a caching C compiler) is incompatible with code
+coverage reporting. If you have configured <b>ccache</b> to run automatically
+on your system, you must set the environment variable
+<pre>
+  CCACHE_DISABLE=1
+</pre>
+before running <b>make</b> to build PCRE, so that <b>ccache</b> is not used.
+</P>
+<P>
+When --enable-coverage is used, the following addition targets are added to the
+<i>Makefile</i>:
+<pre>
+  make coverage
+</pre>
+This creates a fresh coverage report for the PCRE test suite. It is equivalent
+to running "make coverage-reset", "make coverage-baseline", "make check", and
+then "make coverage-report".
+<pre>
+  make coverage-reset
+</pre>
+This zeroes the coverage counters, but does nothing else.
+<pre>
+  make coverage-baseline
+</pre>
+This captures baseline coverage information.
+<pre>
+  make coverage-report
+</pre>
+This creates the coverage report.
+<pre>
+  make coverage-clean-report
+</pre>
+This removes the generated coverage report without cleaning the coverage data
+itself.
+<pre>
+  make coverage-clean-data
+</pre>
+This removes the captured coverage data without removing the coverage files
+created at compile time (*.gcno).
+<pre>
+  make coverage-clean
+</pre>
+This cleans all coverage data including the generated coverage report. For more
+information about code coverage, see the <b>gcov</b> and <b>lcov</b>
+documentation.
+</P>
+<br><a name="SEC22" href="#TOC1">SEE ALSO</a><br>
+<P>
+<b>pcreapi</b>(3), <b>pcre16</b>, <b>pcre32</b>, <b>pcre_config</b>(3).
+</P>
+<br><a name="SEC23" href="#TOC1">AUTHOR</a><br>
+<P>
+Philip Hazel
+<br>
+University Computing Service
+<br>
+Cambridge CB2 3QH, England.
+<br>
+</P>
+<br><a name="SEC24" href="#TOC1">REVISION</a><br>
+<P>
+Last updated: 12 May 2013
+<br>
+Copyright &copy; 1997-2013 University of Cambridge.
+<br>
+<p>
+Return to the <a href="index.html">PCRE index page</a>.
+</p>
diff --git a/client/3rd/ShadowSocks/ShadowSocks/pcre/armv7s/share/doc/pcre/html/pcrecallout.html b/client/3rd/ShadowSocks/ShadowSocks/pcre/armv7s/share/doc/pcre/html/pcrecallout.html
new file mode 100644
index 00000000..53a937f5
--- /dev/null
+++ b/client/3rd/ShadowSocks/ShadowSocks/pcre/armv7s/share/doc/pcre/html/pcrecallout.html
@@ -0,0 +1,286 @@
+<html>
+<head>
+<title>pcrecallout specification</title>
+</head>
+<body bgcolor="#FFFFFF" text="#00005A" link="#0066FF" alink="#3399FF" vlink="#2222BB">
+<h1>pcrecallout man page</h1>
+<p>
+Return to the <a href="index.html">PCRE index page</a>.
+</p>
+<p>
+This page is part of the PCRE HTML documentation. It was generated automatically
+from the original man page. If there is any nonsense in it, please consult the
+man page, in case the conversion went wrong.
+<br>
+<ul>
+<li><a name="TOC1" href="#SEC1">SYNOPSIS</a>
+<li><a name="TOC2" href="#SEC2">DESCRIPTION</a>
+<li><a name="TOC3" href="#SEC3">MISSING CALLOUTS</a>
+<li><a name="TOC4" href="#SEC4">THE CALLOUT INTERFACE</a>
+<li><a name="TOC5" href="#SEC5">RETURN VALUES</a>
+<li><a name="TOC6" href="#SEC6">AUTHOR</a>
+<li><a name="TOC7" href="#SEC7">REVISION</a>
+</ul>
+<br><a name="SEC1" href="#TOC1">SYNOPSIS</a><br>
+<P>
+<b>#include &#60;pcre.h&#62;</b>
+</P>
+<P>
+<b>int (*pcre_callout)(pcre_callout_block *);</b>
+</P>
+<P>
+<b>int (*pcre16_callout)(pcre16_callout_block *);</b>
+</P>
+<P>
+<b>int (*pcre32_callout)(pcre32_callout_block *);</b>
+</P>
+<br><a name="SEC2" href="#TOC1">DESCRIPTION</a><br>
+<P>
+PCRE provides a feature called "callout", which is a means of temporarily
+passing control to the caller of PCRE in the middle of pattern matching. The
+caller of PCRE provides an external function by putting its entry point in the
+global variable <i>pcre_callout</i> (<i>pcre16_callout</i> for the 16-bit
+library, <i>pcre32_callout</i> for the 32-bit library). By default, this
+variable contains NULL, which disables all calling out.
+</P>
+<P>
+Within a regular expression, (?C) indicates the points at which the external
+function is to be called. Different callout points can be identified by putting
+a number less than 256 after the letter C. The default value is zero.
+For example, this pattern has two callout points:
+<pre>
+  (?C1)abc(?C2)def
+</pre>
+If the PCRE_AUTO_CALLOUT option bit is set when a pattern is compiled, PCRE
+automatically inserts callouts, all with number 255, before each item in the
+pattern. For example, if PCRE_AUTO_CALLOUT is used with the pattern
+<pre>
+  A(\d{2}|--)
+</pre>
+it is processed as if it were
+<br>
+<br>
+(?C255)A(?C255)((?C255)\d{2}(?C255)|(?C255)-(?C255)-(?C255))(?C255)
+<br>
+<br>
+Notice that there is a callout before and after each parenthesis and
+alternation bar. If the pattern contains a conditional group whose condition is
+an assertion, an automatic callout is inserted immediately before the
+condition. Such a callout may also be inserted explicitly, for example:
+<pre>
+  (?(?C9)(?=a)ab|de)
+</pre>
+This applies only to assertion conditions (because they are themselves
+independent groups).
+</P>
+<P>
+Automatic callouts can be used for tracking the progress of pattern matching.
+The
+<a href="pcretest.html"><b>pcretest</b></a>
+program has a pattern qualifier (/C) that sets automatic callouts; when it is
+used, the output indicates how the pattern is being matched. This is useful
+information when you are trying to optimize the performance of a particular
+pattern.
+</P>
+<br><a name="SEC3" href="#TOC1">MISSING CALLOUTS</a><br>
+<P>
+You should be aware that, because of optimizations in the way PCRE compiles and
+matches patterns, callouts sometimes do not happen exactly as you might expect.
+</P>
+<P>
+At compile time, PCRE "auto-possessifies" repeated items when it knows that
+what follows cannot be part of the repeat. For example, a+[bc] is compiled as
+if it were a++[bc]. The <b>pcretest</b> output when this pattern is anchored and
+then applied with automatic callouts to the string "aaaa" is:
+<pre>
+  ---&#62;aaaa
+   +0 ^        ^
+   +1 ^        a+
+   +3 ^   ^    [bc]
+  No match
+</pre>
+This indicates that when matching [bc] fails, there is no backtracking into a+
+and therefore the callouts that would be taken for the backtracks do not occur.
+You can disable the auto-possessify feature by passing PCRE_NO_AUTO_POSSESS
+to <b>pcre_compile()</b>, or starting the pattern with (*NO_AUTO_POSSESS). If
+this is done in <b>pcretest</b> (using the /O qualifier), the output changes to
+this:
+<pre>
+  ---&#62;aaaa
+   +0 ^        ^
+   +1 ^        a+
+   +3 ^   ^    [bc]
+   +3 ^  ^     [bc]
+   +3 ^ ^      [bc]
+   +3 ^^       [bc]
+  No match
+</pre>
+This time, when matching [bc] fails, the matcher backtracks into a+ and tries
+again, repeatedly, until a+ itself fails.
+</P>
+<P>
+Other optimizations that provide fast "no match" results also affect callouts.
+For example, if the pattern is
+<pre>
+  ab(?C4)cd
+</pre>
+PCRE knows that any matching string must contain the letter "d". If the subject
+string is "abyz", the lack of "d" means that matching doesn't ever start, and
+the callout is never reached. However, with "abyd", though the result is still
+no match, the callout is obeyed.
+</P>
+<P>
+If the pattern is studied, PCRE knows the minimum length of a matching string,
+and will immediately give a "no match" return without actually running a match
+if the subject is not long enough, or, for unanchored patterns, if it has
+been scanned far enough.
+</P>
+<P>
+You can disable these optimizations by passing the PCRE_NO_START_OPTIMIZE
+option to the matching function, or by starting the pattern with
+(*NO_START_OPT). This slows down the matching process, but does ensure that
+callouts such as the example above are obeyed.
+</P>
+<br><a name="SEC4" href="#TOC1">THE CALLOUT INTERFACE</a><br>
+<P>
+During matching, when PCRE reaches a callout point, the external function
+defined by <i>pcre_callout</i> or <i>pcre[16|32]_callout</i> is called (if it is
+set). This applies to both normal and DFA matching. The only argument to the
+callout function is a pointer to a <b>pcre_callout</b> or
+<b>pcre[16|32]_callout</b> block. These structures contains the following
+fields:
+<pre>
+  int           <i>version</i>;
+  int           <i>callout_number</i>;
+  int          *<i>offset_vector</i>;
+  const char   *<i>subject</i>;           (8-bit version)
+  PCRE_SPTR16   <i>subject</i>;           (16-bit version)
+  PCRE_SPTR32   <i>subject</i>;           (32-bit version)
+  int           <i>subject_length</i>;
+  int           <i>start_match</i>;
+  int           <i>current_position</i>;
+  int           <i>capture_top</i>;
+  int           <i>capture_last</i>;
+  void         *<i>callout_data</i>;
+  int           <i>pattern_position</i>;
+  int           <i>next_item_length</i>;
+  const unsigned char *<i>mark</i>;       (8-bit version)
+  const PCRE_UCHAR16  *<i>mark</i>;       (16-bit version)
+  const PCRE_UCHAR32  *<i>mark</i>;       (32-bit version)
+</pre>
+The <i>version</i> field is an integer containing the version number of the
+block format. The initial version was 0; the current version is 2. The version
+number will change again in future if additional fields are added, but the
+intention is never to remove any of the existing fields.
+</P>
+<P>
+The <i>callout_number</i> field contains the number of the callout, as compiled
+into the pattern (that is, the number after ?C for manual callouts, and 255 for
+automatically generated callouts).
+</P>
+<P>
+The <i>offset_vector</i> field is a pointer to the vector of offsets that was
+passed by the caller to the matching function. When <b>pcre_exec()</b> or
+<b>pcre[16|32]_exec()</b> is used, the contents can be inspected, in order to
+extract substrings that have been matched so far, in the same way as for
+extracting substrings after a match has completed. For the DFA matching
+functions, this field is not useful.
+</P>
+<P>
+The <i>subject</i> and <i>subject_length</i> fields contain copies of the values
+that were passed to the matching function.
+</P>
+<P>
+The <i>start_match</i> field normally contains the offset within the subject at
+which the current match attempt started. However, if the escape sequence \K
+has been encountered, this value is changed to reflect the modified starting
+point. If the pattern is not anchored, the callout function may be called
+several times from the same point in the pattern for different starting points
+in the subject.
+</P>
+<P>
+The <i>current_position</i> field contains the offset within the subject of the
+current match pointer.
+</P>
+<P>
+When the <b>pcre_exec()</b> or <b>pcre[16|32]_exec()</b> is used, the
+<i>capture_top</i> field contains one more than the number of the highest
+numbered captured substring so far. If no substrings have been captured, the
+value of <i>capture_top</i> is one. This is always the case when the DFA
+functions are used, because they do not support captured substrings.
+</P>
+<P>
+The <i>capture_last</i> field contains the number of the most recently captured
+substring. However, when a recursion exits, the value reverts to what it was
+outside the recursion, as do the values of all captured substrings. If no
+substrings have been captured, the value of <i>capture_last</i> is -1. This is
+always the case for the DFA matching functions.
+</P>
+<P>
+The <i>callout_data</i> field contains a value that is passed to a matching
+function specifically so that it can be passed back in callouts. It is passed
+in the <i>callout_data</i> field of a <b>pcre_extra</b> or <b>pcre[16|32]_extra</b>
+data structure. If no such data was passed, the value of <i>callout_data</i> in
+a callout block is NULL. There is a description of the <b>pcre_extra</b>
+structure in the
+<a href="pcreapi.html"><b>pcreapi</b></a>
+documentation.
+</P>
+<P>
+The <i>pattern_position</i> field is present from version 1 of the callout
+structure. It contains the offset to the next item to be matched in the pattern
+string.
+</P>
+<P>
+The <i>next_item_length</i> field is present from version 1 of the callout
+structure. It contains the length of the next item to be matched in the pattern
+string. When the callout immediately precedes an alternation bar, a closing
+parenthesis, or the end of the pattern, the length is zero. When the callout
+precedes an opening parenthesis, the length is that of the entire subpattern.
+</P>
+<P>
+The <i>pattern_position</i> and <i>next_item_length</i> fields are intended to
+help in distinguishing between different automatic callouts, which all have the
+same callout number. However, they are set for all callouts.
+</P>
+<P>
+The <i>mark</i> field is present from version 2 of the callout structure. In
+callouts from <b>pcre_exec()</b> or <b>pcre[16|32]_exec()</b> it contains a
+pointer to the zero-terminated name of the most recently passed (*MARK),
+(*PRUNE), or (*THEN) item in the match, or NULL if no such items have been
+passed. Instances of (*PRUNE) or (*THEN) without a name do not obliterate a
+previous (*MARK). In callouts from the DFA matching functions this field always
+contains NULL.
+</P>
+<br><a name="SEC5" href="#TOC1">RETURN VALUES</a><br>
+<P>
+The external callout function returns an integer to PCRE. If the value is zero,
+matching proceeds as normal. If the value is greater than zero, matching fails
+at the current point, but the testing of other matching possibilities goes
+ahead, just as if a lookahead assertion had failed. If the value is less than
+zero, the match is abandoned, the matching function returns the negative value.
+</P>
+<P>
+Negative values should normally be chosen from the set of PCRE_ERROR_xxx
+values. In particular, PCRE_ERROR_NOMATCH forces a standard "no match" failure.
+The error number PCRE_ERROR_CALLOUT is reserved for use by callout functions;
+it will never be used by PCRE itself.
+</P>
+<br><a name="SEC6" href="#TOC1">AUTHOR</a><br>
+<P>
+Philip Hazel
+<br>
+University Computing Service
+<br>
+Cambridge CB2 3QH, England.
+<br>
+</P>
+<br><a name="SEC7" href="#TOC1">REVISION</a><br>
+<P>
+Last updated: 12 November 2013
+<br>
+Copyright &copy; 1997-2013 University of Cambridge.
+<br>
+<p>
+Return to the <a href="index.html">PCRE index page</a>.
+</p>
diff --git a/client/3rd/ShadowSocks/ShadowSocks/pcre/armv7s/share/doc/pcre/html/pcrecompat.html b/client/3rd/ShadowSocks/ShadowSocks/pcre/armv7s/share/doc/pcre/html/pcrecompat.html
new file mode 100644
index 00000000..d95570ef
--- /dev/null
+++ b/client/3rd/ShadowSocks/ShadowSocks/pcre/armv7s/share/doc/pcre/html/pcrecompat.html
@@ -0,0 +1,235 @@
+<html>
+<head>
+<title>pcrecompat specification</title>
+</head>
+<body bgcolor="#FFFFFF" text="#00005A" link="#0066FF" alink="#3399FF" vlink="#2222BB">
+<h1>pcrecompat man page</h1>
+<p>
+Return to the <a href="index.html">PCRE index page</a>.
+</p>
+<p>
+This page is part of the PCRE HTML documentation. It was generated automatically
+from the original man page. If there is any nonsense in it, please consult the
+man page, in case the conversion went wrong.
+<br>
+<br><b>
+DIFFERENCES BETWEEN PCRE AND PERL
+</b><br>
+<P>
+This document describes the differences in the ways that PCRE and Perl handle
+regular expressions. The differences described here are with respect to Perl
+versions 5.10 and above.
+</P>
+<P>
+1. PCRE has only a subset of Perl's Unicode support. Details of what it does
+have are given in the
+<a href="pcreunicode.html"><b>pcreunicode</b></a>
+page.
+</P>
+<P>
+2. PCRE allows repeat quantifiers only on parenthesized assertions, but they do
+not mean what you might think. For example, (?!a){3} does not assert that the
+next three characters are not "a". It just asserts that the next character is
+not "a" three times (in principle: PCRE optimizes this to run the assertion
+just once). Perl allows repeat quantifiers on other assertions such as \b, but
+these do not seem to have any use.
+</P>
+<P>
+3. Capturing subpatterns that occur inside negative lookahead assertions are
+counted, but their entries in the offsets vector are never set. Perl sometimes
+(but not always) sets its numerical variables from inside negative assertions.
+</P>
+<P>
+4. Though binary zero characters are supported in the subject string, they are
+not allowed in a pattern string because it is passed as a normal C string,
+terminated by zero. The escape sequence \0 can be used in the pattern to
+represent a binary zero.
+</P>
+<P>
+5. The following Perl escape sequences are not supported: \l, \u, \L,
+\U, and \N when followed by a character name or Unicode value. (\N on its
+own, matching a non-newline character, is supported.) In fact these are
+implemented by Perl's general string-handling and are not part of its pattern
+matching engine. If any of these are encountered by PCRE, an error is
+generated by default. However, if the PCRE_JAVASCRIPT_COMPAT option is set,
+\U and \u are interpreted as JavaScript interprets them.
+</P>
+<P>
+6. The Perl escape sequences \p, \P, and \X are supported only if PCRE is
+built with Unicode character property support. The properties that can be
+tested with \p and \P are limited to the general category properties such as
+Lu and Nd, script names such as Greek or Han, and the derived properties Any
+and L&. PCRE does support the Cs (surrogate) property, which Perl does not; the
+Perl documentation says "Because Perl hides the need for the user to understand
+the internal representation of Unicode characters, there is no need to
+implement the somewhat messy concept of surrogates."
+</P>
+<P>
+7. PCRE does support the \Q...\E escape for quoting substrings. Characters in
+between are treated as literals. This is slightly different from Perl in that $
+and @ are also handled as literals inside the quotes. In Perl, they cause
+variable interpolation (but of course PCRE does not have variables). Note the
+following examples:
+<pre>
+    Pattern            PCRE matches      Perl matches
+
+    \Qabc$xyz\E        abc$xyz           abc followed by the contents of $xyz
+    \Qabc\$xyz\E       abc\$xyz          abc\$xyz
+    \Qabc\E\$\Qxyz\E   abc$xyz           abc$xyz
+</pre>
+The \Q...\E sequence is recognized both inside and outside character classes.
+</P>
+<P>
+8. Fairly obviously, PCRE does not support the (?{code}) and (??{code})
+constructions. However, there is support for recursive patterns. This is not
+available in Perl 5.8, but it is in Perl 5.10. Also, the PCRE "callout"
+feature allows an external function to be called during pattern matching. See
+the
+<a href="pcrecallout.html"><b>pcrecallout</b></a>
+documentation for details.
+</P>
+<P>
+9. Subpatterns that are called as subroutines (whether or not recursively) are
+always treated as atomic groups in PCRE. This is like Python, but unlike Perl.
+Captured values that are set outside a subroutine call can be reference from
+inside in PCRE, but not in Perl. There is a discussion that explains these
+differences in more detail in the
+<a href="pcrepattern.html#recursiondifference">section on recursion differences from Perl</a>
+in the
+<a href="pcrepattern.html"><b>pcrepattern</b></a>
+page.
+</P>
+<P>
+10. If any of the backtracking control verbs are used in a subpattern that is
+called as a subroutine (whether or not recursively), their effect is confined
+to that subpattern; it does not extend to the surrounding pattern. This is not
+always the case in Perl. In particular, if (*THEN) is present in a group that
+is called as a subroutine, its action is limited to that group, even if the
+group does not contain any | characters. Note that such subpatterns are
+processed as anchored at the point where they are tested.
+</P>
+<P>
+11. If a pattern contains more than one backtracking control verb, the first
+one that is backtracked onto acts. For example, in the pattern
+A(*COMMIT)B(*PRUNE)C a failure in B triggers (*COMMIT), but a failure in C
+triggers (*PRUNE). Perl's behaviour is more complex; in many cases it is the
+same as PCRE, but there are examples where it differs.
+</P>
+<P>
+12. Most backtracking verbs in assertions have their normal actions. They are
+not confined to the assertion.
+</P>
+<P>
+13. There are some differences that are concerned with the settings of captured
+strings when part of a pattern is repeated. For example, matching "aba" against
+the pattern /^(a(b)?)+$/ in Perl leaves $2 unset, but in PCRE it is set to "b".
+</P>
+<P>
+14. PCRE's handling of duplicate subpattern numbers and duplicate subpattern
+names is not as general as Perl's. This is a consequence of the fact the PCRE
+works internally just with numbers, using an external table to translate
+between numbers and names. In particular, a pattern such as (?|(?&#60;a&#62;A)|(?&#60;b&#62;B),
+where the two capturing parentheses have the same number but different names,
+is not supported, and causes an error at compile time. If it were allowed, it
+would not be possible to distinguish which parentheses matched, because both
+names map to capturing subpattern number 1. To avoid this confusing situation,
+an error is given at compile time.
+</P>
+<P>
+15. Perl recognizes comments in some places that PCRE does not, for example,
+between the ( and ? at the start of a subpattern. If the /x modifier is set,
+Perl allows white space between ( and ? (though current Perls warn that this is
+deprecated) but PCRE never does, even if the PCRE_EXTENDED option is set.
+</P>
+<P>
+16. Perl, when in warning mode, gives warnings for character classes such as
+[A-\d] or [a-[:digit:]]. It then treats the hyphens as literals. PCRE has no
+warning features, so it gives an error in these cases because they are almost
+certainly user mistakes.
+</P>
+<P>
+17. In PCRE, the upper/lower case character properties Lu and Ll are not
+affected when case-independent matching is specified. For example, \p{Lu}
+always matches an upper case letter. I think Perl has changed in this respect;
+in the release at the time of writing (5.16), \p{Lu} and \p{Ll} match all
+letters, regardless of case, when case independence is specified.
+</P>
+<P>
+18. PCRE provides some extensions to the Perl regular expression facilities.
+Perl 5.10 includes new features that are not in earlier versions of Perl, some
+of which (such as named parentheses) have been in PCRE for some time. This list
+is with respect to Perl 5.10:
+<br>
+<br>
+(a) Although lookbehind assertions in PCRE must match fixed length strings,
+each alternative branch of a lookbehind assertion can match a different length
+of string. Perl requires them all to have the same length.
+<br>
+<br>
+(b) If PCRE_DOLLAR_ENDONLY is set and PCRE_MULTILINE is not set, the $
+meta-character matches only at the very end of the string.
+<br>
+<br>
+(c) If PCRE_EXTRA is set, a backslash followed by a letter with no special
+meaning is faulted. Otherwise, like Perl, the backslash is quietly ignored.
+(Perl can be made to issue a warning.)
+<br>
+<br>
+(d) If PCRE_UNGREEDY is set, the greediness of the repetition quantifiers is
+inverted, that is, by default they are not greedy, but if followed by a
+question mark they are.
+<br>
+<br>
+(e) PCRE_ANCHORED can be used at matching time to force a pattern to be tried
+only at the first matching position in the subject string.
+<br>
+<br>
+(f) The PCRE_NOTBOL, PCRE_NOTEOL, PCRE_NOTEMPTY, PCRE_NOTEMPTY_ATSTART, and
+PCRE_NO_AUTO_CAPTURE options for <b>pcre_exec()</b> have no Perl equivalents.
+<br>
+<br>
+(g) The \R escape sequence can be restricted to match only CR, LF, or CRLF
+by the PCRE_BSR_ANYCRLF option.
+<br>
+<br>
+(h) The callout facility is PCRE-specific.
+<br>
+<br>
+(i) The partial matching facility is PCRE-specific.
+<br>
+<br>
+(j) Patterns compiled by PCRE can be saved and re-used at a later time, even on
+different hosts that have the other endianness. However, this does not apply to
+optimized data created by the just-in-time compiler.
+<br>
+<br>
+(k) The alternative matching functions (<b>pcre_dfa_exec()</b>,
+<b>pcre16_dfa_exec()</b> and <b>pcre32_dfa_exec()</b>,) match in a different way
+and are not Perl-compatible.
+<br>
+<br>
+(l) PCRE recognizes some special sequences such as (*CR) at the start of
+a pattern that set overall options that cannot be changed within the pattern.
+</P>
+<br><b>
+AUTHOR
+</b><br>
+<P>
+Philip Hazel
+<br>
+University Computing Service
+<br>
+Cambridge CB2 3QH, England.
+<br>
+</P>
+<br><b>
+REVISION
+</b><br>
+<P>
+Last updated: 10 November 2013
+<br>
+Copyright &copy; 1997-2013 University of Cambridge.
+<br>
+<p>
+Return to the <a href="index.html">PCRE index page</a>.
+</p>
diff --git a/client/3rd/ShadowSocks/ShadowSocks/pcre/armv7s/share/doc/pcre/html/pcrecpp.html b/client/3rd/ShadowSocks/ShadowSocks/pcre/armv7s/share/doc/pcre/html/pcrecpp.html
new file mode 100644
index 00000000..b7eac3a3
--- /dev/null
+++ b/client/3rd/ShadowSocks/ShadowSocks/pcre/armv7s/share/doc/pcre/html/pcrecpp.html
@@ -0,0 +1,368 @@
+<html>
+<head>
+<title>pcrecpp specification</title>
+</head>
+<body bgcolor="#FFFFFF" text="#00005A" link="#0066FF" alink="#3399FF" vlink="#2222BB">
+<h1>pcrecpp man page</h1>
+<p>
+Return to the <a href="index.html">PCRE index page</a>.
+</p>
+<p>
+This page is part of the PCRE HTML documentation. It was generated automatically
+from the original man page. If there is any nonsense in it, please consult the
+man page, in case the conversion went wrong.
+<br>
+<ul>
+<li><a name="TOC1" href="#SEC1">SYNOPSIS OF C++ WRAPPER</a>
+<li><a name="TOC2" href="#SEC2">DESCRIPTION</a>
+<li><a name="TOC3" href="#SEC3">MATCHING INTERFACE</a>
+<li><a name="TOC4" href="#SEC4">QUOTING METACHARACTERS</a>
+<li><a name="TOC5" href="#SEC5">PARTIAL MATCHES</a>
+<li><a name="TOC6" href="#SEC6">UTF-8 AND THE MATCHING INTERFACE</a>
+<li><a name="TOC7" href="#SEC7">PASSING MODIFIERS TO THE REGULAR EXPRESSION ENGINE</a>
+<li><a name="TOC8" href="#SEC8">SCANNING TEXT INCREMENTALLY</a>
+<li><a name="TOC9" href="#SEC9">PARSING HEX/OCTAL/C-RADIX NUMBERS</a>
+<li><a name="TOC10" href="#SEC10">REPLACING PARTS OF STRINGS</a>
+<li><a name="TOC11" href="#SEC11">AUTHOR</a>
+<li><a name="TOC12" href="#SEC12">REVISION</a>
+</ul>
+<br><a name="SEC1" href="#TOC1">SYNOPSIS OF C++ WRAPPER</a><br>
+<P>
+<b>#include &#60;pcrecpp.h&#62;</b>
+</P>
+<br><a name="SEC2" href="#TOC1">DESCRIPTION</a><br>
+<P>
+The C++ wrapper for PCRE was provided by Google Inc. Some additional
+functionality was added by Giuseppe Maxia. This brief man page was constructed
+from the notes in the <i>pcrecpp.h</i> file, which should be consulted for
+further details. Note that the C++ wrapper supports only the original 8-bit
+PCRE library. There is no 16-bit or 32-bit support at present.
+</P>
+<br><a name="SEC3" href="#TOC1">MATCHING INTERFACE</a><br>
+<P>
+The "FullMatch" operation checks that supplied text matches a supplied pattern
+exactly. If pointer arguments are supplied, it copies matched sub-strings that
+match sub-patterns into them.
+<pre>
+  Example: successful match
+     pcrecpp::RE re("h.*o");
+     re.FullMatch("hello");
+
+  Example: unsuccessful match (requires full match):
+     pcrecpp::RE re("e");
+     !re.FullMatch("hello");
+
+  Example: creating a temporary RE object:
+     pcrecpp::RE("h.*o").FullMatch("hello");
+</pre>
+You can pass in a "const char*" or a "string" for "text". The examples below
+tend to use a const char*. You can, as in the different examples above, store
+the RE object explicitly in a variable or use a temporary RE object. The
+examples below use one mode or the other arbitrarily. Either could correctly be
+used for any of these examples.
+</P>
+<P>
+You must supply extra pointer arguments to extract matched subpieces.
+<pre>
+  Example: extracts "ruby" into "s" and 1234 into "i"
+     int i;
+     string s;
+     pcrecpp::RE re("(\\w+):(\\d+)");
+     re.FullMatch("ruby:1234", &s, &i);
+
+  Example: does not try to extract any extra sub-patterns
+     re.FullMatch("ruby:1234", &s);
+
+  Example: does not try to extract into NULL
+     re.FullMatch("ruby:1234", NULL, &i);
+
+  Example: integer overflow causes failure
+     !re.FullMatch("ruby:1234567891234", NULL, &i);
+
+  Example: fails because there aren't enough sub-patterns:
+     !pcrecpp::RE("\\w+:\\d+").FullMatch("ruby:1234", &s);
+
+  Example: fails because string cannot be stored in integer
+     !pcrecpp::RE("(.*)").FullMatch("ruby", &i);
+</pre>
+The provided pointer arguments can be pointers to any scalar numeric
+type, or one of:
+<pre>
+   string        (matched piece is copied to string)
+   StringPiece   (StringPiece is mutated to point to matched piece)
+   T             (where "bool T::ParseFrom(const char*, int)" exists)
+   NULL          (the corresponding matched sub-pattern is not copied)
+</pre>
+The function returns true iff all of the following conditions are satisfied:
+<pre>
+  a. "text" matches "pattern" exactly;
+
+  b. The number of matched sub-patterns is &#62;= number of supplied
+     pointers;
+
+  c. The "i"th argument has a suitable type for holding the
+     string captured as the "i"th sub-pattern. If you pass in
+     void * NULL for the "i"th argument, or a non-void * NULL
+     of the correct type, or pass fewer arguments than the
+     number of sub-patterns, "i"th captured sub-pattern is
+     ignored.
+</pre>
+CAVEAT: An optional sub-pattern that does not exist in the matched
+string is assigned the empty string. Therefore, the following will
+return false (because the empty string is not a valid number):
+<pre>
+   int number;
+   pcrecpp::RE::FullMatch("abc", "[a-z]+(\\d+)?", &number);
+</pre>
+The matching interface supports at most 16 arguments per call.
+If you need more, consider using the more general interface
+<b>pcrecpp::RE::DoMatch</b>. See <b>pcrecpp.h</b> for the signature for
+<b>DoMatch</b>.
+</P>
+<P>
+NOTE: Do not use <b>no_arg</b>, which is used internally to mark the end of a
+list of optional arguments, as a placeholder for missing arguments, as this can
+lead to segfaults.
+</P>
+<br><a name="SEC4" href="#TOC1">QUOTING METACHARACTERS</a><br>
+<P>
+You can use the "QuoteMeta" operation to insert backslashes before all
+potentially meaningful characters in a string. The returned string, used as a
+regular expression, will exactly match the original string.
+<pre>
+  Example:
+     string quoted = RE::QuoteMeta(unquoted);
+</pre>
+Note that it's legal to escape a character even if it has no special meaning in
+a regular expression -- so this function does that. (This also makes it
+identical to the perl function of the same name; see "perldoc -f quotemeta".)
+For example, "1.5-2.0?" becomes "1\.5\-2\.0\?".
+</P>
+<br><a name="SEC5" href="#TOC1">PARTIAL MATCHES</a><br>
+<P>
+You can use the "PartialMatch" operation when you want the pattern
+to match any substring of the text.
+<pre>
+  Example: simple search for a string:
+     pcrecpp::RE("ell").PartialMatch("hello");
+
+  Example: find first number in a string:
+     int number;
+     pcrecpp::RE re("(\\d+)");
+     re.PartialMatch("x*100 + 20", &number);
+     assert(number == 100);
+</PRE>
+</P>
+<br><a name="SEC6" href="#TOC1">UTF-8 AND THE MATCHING INTERFACE</a><br>
+<P>
+By default, pattern and text are plain text, one byte per character. The UTF8
+flag, passed to the constructor, causes both pattern and string to be treated
+as UTF-8 text, still a byte stream but potentially multiple bytes per
+character. In practice, the text is likelier to be UTF-8 than the pattern, but
+the match returned may depend on the UTF8 flag, so always use it when matching
+UTF8 text. For example, "." will match one byte normally but with UTF8 set may
+match up to three bytes of a multi-byte character.
+<pre>
+  Example:
+     pcrecpp::RE_Options options;
+     options.set_utf8();
+     pcrecpp::RE re(utf8_pattern, options);
+     re.FullMatch(utf8_string);
+
+  Example: using the convenience function UTF8():
+     pcrecpp::RE re(utf8_pattern, pcrecpp::UTF8());
+     re.FullMatch(utf8_string);
+</pre>
+NOTE: The UTF8 flag is ignored if pcre was not configured with the
+<pre>
+      --enable-utf8 flag.
+</PRE>
+</P>
+<br><a name="SEC7" href="#TOC1">PASSING MODIFIERS TO THE REGULAR EXPRESSION ENGINE</a><br>
+<P>
+PCRE defines some modifiers to change the behavior of the regular expression
+engine. The C++ wrapper defines an auxiliary class, RE_Options, as a vehicle to
+pass such modifiers to a RE class. Currently, the following modifiers are
+supported:
+<pre>
+   modifier              description               Perl corresponding
+
+   PCRE_CASELESS         case insensitive match      /i
+   PCRE_MULTILINE        multiple lines match        /m
+   PCRE_DOTALL           dot matches newlines        /s
+   PCRE_DOLLAR_ENDONLY   $ matches only at end       N/A
+   PCRE_EXTRA            strict escape parsing       N/A
+   PCRE_EXTENDED         ignore white spaces         /x
+   PCRE_UTF8             handles UTF8 chars          built-in
+   PCRE_UNGREEDY         reverses * and *?           N/A
+   PCRE_NO_AUTO_CAPTURE  disables capturing parens   N/A (*)
+</pre>
+(*) Both Perl and PCRE allow non capturing parentheses by means of the
+"?:" modifier within the pattern itself. e.g. (?:ab|cd) does not
+capture, while (ab|cd) does.
+</P>
+<P>
+For a full account on how each modifier works, please check the
+PCRE API reference page.
+</P>
+<P>
+For each modifier, there are two member functions whose name is made
+out of the modifier in lowercase, without the "PCRE_" prefix. For
+instance, PCRE_CASELESS is handled by
+<pre>
+  bool caseless()
+</pre>
+which returns true if the modifier is set, and
+<pre>
+  RE_Options & set_caseless(bool)
+</pre>
+which sets or unsets the modifier. Moreover, PCRE_EXTRA_MATCH_LIMIT can be
+accessed through the <b>set_match_limit()</b> and <b>match_limit()</b> member
+functions. Setting <i>match_limit</i> to a non-zero value will limit the
+execution of pcre to keep it from doing bad things like blowing the stack or
+taking an eternity to return a result. A value of 5000 is good enough to stop
+stack blowup in a 2MB thread stack. Setting <i>match_limit</i> to zero disables
+match limiting. Alternatively, you can call <b>match_limit_recursion()</b>
+which uses PCRE_EXTRA_MATCH_LIMIT_RECURSION to limit how much PCRE
+recurses. <b>match_limit()</b> limits the number of matches PCRE does;
+<b>match_limit_recursion()</b> limits the depth of internal recursion, and
+therefore the amount of stack that is used.
+</P>
+<P>
+Normally, to pass one or more modifiers to a RE class, you declare
+a <i>RE_Options</i> object, set the appropriate options, and pass this
+object to a RE constructor. Example:
+<pre>
+   RE_Options opt;
+   opt.set_caseless(true);
+   if (RE("HELLO", opt).PartialMatch("hello world")) ...
+</pre>
+RE_options has two constructors. The default constructor takes no arguments and
+creates a set of flags that are off by default. The optional parameter
+<i>option_flags</i> is to facilitate transfer of legacy code from C programs.
+This lets you do
+<pre>
+   RE(pattern,
+     RE_Options(PCRE_CASELESS|PCRE_MULTILINE)).PartialMatch(str);
+</pre>
+However, new code is better off doing
+<pre>
+   RE(pattern,
+     RE_Options().set_caseless(true).set_multiline(true))
+       .PartialMatch(str);
+</pre>
+If you are going to pass one of the most used modifiers, there are some
+convenience functions that return a RE_Options class with the
+appropriate modifier already set: <b>CASELESS()</b>, <b>UTF8()</b>,
+<b>MULTILINE()</b>, <b>DOTALL</b>(), and <b>EXTENDED()</b>.
+</P>
+<P>
+If you need to set several options at once, and you don't want to go through
+the pains of declaring a RE_Options object and setting several options, there
+is a parallel method that give you such ability on the fly. You can concatenate
+several <b>set_xxxxx()</b> member functions, since each of them returns a
+reference to its class object. For example, to pass PCRE_CASELESS,
+PCRE_EXTENDED, and PCRE_MULTILINE to a RE with one statement, you may write:
+<pre>
+   RE(" ^ xyz \\s+ .* blah$",
+     RE_Options()
+       .set_caseless(true)
+       .set_extended(true)
+       .set_multiline(true)).PartialMatch(sometext);
+
+</PRE>
+</P>
+<br><a name="SEC8" href="#TOC1">SCANNING TEXT INCREMENTALLY</a><br>
+<P>
+The "Consume" operation may be useful if you want to repeatedly
+match regular expressions at the front of a string and skip over
+them as they match. This requires use of the "StringPiece" type,
+which represents a sub-range of a real string. Like RE, StringPiece
+is defined in the pcrecpp namespace.
+<pre>
+  Example: read lines of the form "var = value" from a string.
+     string contents = ...;                 // Fill string somehow
+     pcrecpp::StringPiece input(contents);  // Wrap in a StringPiece
+
+     string var;
+     int value;
+     pcrecpp::RE re("(\\w+) = (\\d+)\n");
+     while (re.Consume(&input, &var, &value)) {
+       ...;
+     }
+</pre>
+Each successful call to "Consume" will set "var/value", and also
+advance "input" so it points past the matched text.
+</P>
+<P>
+The "FindAndConsume" operation is similar to "Consume" but does not
+anchor your match at the beginning of the string. For example, you
+could extract all words from a string by repeatedly calling
+<pre>
+  pcrecpp::RE("(\\w+)").FindAndConsume(&input, &word)
+</PRE>
+</P>
+<br><a name="SEC9" href="#TOC1">PARSING HEX/OCTAL/C-RADIX NUMBERS</a><br>
+<P>
+By default, if you pass a pointer to a numeric value, the
+corresponding text is interpreted as a base-10 number. You can
+instead wrap the pointer with a call to one of the operators Hex(),
+Octal(), or CRadix() to interpret the text in another base. The
+CRadix operator interprets C-style "0" (base-8) and "0x" (base-16)
+prefixes, but defaults to base-10.
+<pre>
+  Example:
+    int a, b, c, d;
+    pcrecpp::RE re("(.*) (.*) (.*) (.*)");
+    re.FullMatch("100 40 0100 0x40",
+                 pcrecpp::Octal(&a), pcrecpp::Hex(&b),
+                 pcrecpp::CRadix(&c), pcrecpp::CRadix(&d));
+</pre>
+will leave 64 in a, b, c, and d.
+</P>
+<br><a name="SEC10" href="#TOC1">REPLACING PARTS OF STRINGS</a><br>
+<P>
+You can replace the first match of "pattern" in "str" with "rewrite".
+Within "rewrite", backslash-escaped digits (\1 to \9) can be
+used to insert text matching corresponding parenthesized group
+from the pattern. \0 in "rewrite" refers to the entire matching
+text. For example:
+<pre>
+  string s = "yabba dabba doo";
+  pcrecpp::RE("b+").Replace("d", &s);
+</pre>
+will leave "s" containing "yada dabba doo". The result is true if the pattern
+matches and a replacement occurs, false otherwise.
+</P>
+<P>
+<b>GlobalReplace</b> is like <b>Replace</b> except that it replaces all
+occurrences of the pattern in the string with the rewrite. Replacements are
+not subject to re-matching. For example:
+<pre>
+  string s = "yabba dabba doo";
+  pcrecpp::RE("b+").GlobalReplace("d", &s);
+</pre>
+will leave "s" containing "yada dada doo". It returns the number of
+replacements made.
+</P>
+<P>
+<b>Extract</b> is like <b>Replace</b>, except that if the pattern matches,
+"rewrite" is copied into "out" (an additional argument) with substitutions.
+The non-matching portions of "text" are ignored. Returns true iff a match
+occurred and the extraction happened successfully;  if no match occurs, the
+string is left unaffected.
+</P>
+<br><a name="SEC11" href="#TOC1">AUTHOR</a><br>
+<P>
+The C++ wrapper was contributed by Google Inc.
+<br>
+Copyright &copy; 2007 Google Inc.
+<br>
+</P>
+<br><a name="SEC12" href="#TOC1">REVISION</a><br>
+<P>
+Last updated: 08 January 2012
+<br>
+<p>
+Return to the <a href="index.html">PCRE index page</a>.
+</p>
diff --git a/client/3rd/ShadowSocks/ShadowSocks/pcre/armv7s/share/doc/pcre/html/pcredemo.html b/client/3rd/ShadowSocks/ShadowSocks/pcre/armv7s/share/doc/pcre/html/pcredemo.html
new file mode 100644
index 00000000..894a9308
--- /dev/null
+++ b/client/3rd/ShadowSocks/ShadowSocks/pcre/armv7s/share/doc/pcre/html/pcredemo.html
@@ -0,0 +1,426 @@
+<html>
+<head>
+<title>pcredemo specification</title>
+</head>
+<body bgcolor="#FFFFFF" text="#00005A" link="#0066FF" alink="#3399FF" vlink="#2222BB">
+<h1>pcredemo man page</h1>
+<p>
+Return to the <a href="index.html">PCRE index page</a>.
+</p>
+<p>
+This page is part of the PCRE HTML documentation. It was generated automatically
+from the original man page. If there is any nonsense in it, please consult the
+man page, in case the conversion went wrong.
+<br>
+<ul>
+</ul>
+<PRE>
+/*************************************************
+*           PCRE DEMONSTRATION PROGRAM           *
+*************************************************/
+
+/* This is a demonstration program to illustrate the most straightforward ways
+of calling the PCRE regular expression library from a C program. See the
+pcresample documentation for a short discussion ("man pcresample" if you have
+the PCRE man pages installed).
+
+In Unix-like environments, if PCRE is installed in your standard system
+libraries, you should be able to compile this program using this command:
+
+gcc -Wall pcredemo.c -lpcre -o pcredemo
+
+If PCRE is not installed in a standard place, it is likely to be installed with
+support for the pkg-config mechanism. If you have pkg-config, you can compile
+this program using this command:
+
+gcc -Wall pcredemo.c `pkg-config --cflags --libs libpcre` -o pcredemo
+
+If you do not have pkg-config, you may have to use this:
+
+gcc -Wall pcredemo.c -I/usr/local/include -L/usr/local/lib \
+  -R/usr/local/lib -lpcre -o pcredemo
+
+Replace "/usr/local/include" and "/usr/local/lib" with wherever the include and
+library files for PCRE are installed on your system. Only some operating
+systems (e.g. Solaris) use the -R option.
+
+Building under Windows:
+
+If you want to statically link this program against a non-dll .a file, you must
+define PCRE_STATIC before including pcre.h, otherwise the pcre_malloc() and
+pcre_free() exported functions will be declared __declspec(dllimport), with
+unwanted results. So in this environment, uncomment the following line. */
+
+/* #define PCRE_STATIC */
+
+#include &lt;stdio.h&gt;
+#include &lt;string.h&gt;
+#include &lt;pcre.h&gt;
+
+#define OVECCOUNT 30    /* should be a multiple of 3 */
+
+
+int main(int argc, char **argv)
+{
+pcre *re;
+const char *error;
+char *pattern;
+char *subject;
+unsigned char *name_table;
+unsigned int option_bits;
+int erroffset;
+int find_all;
+int crlf_is_newline;
+int namecount;
+int name_entry_size;
+int ovector[OVECCOUNT];
+int subject_length;
+int rc, i;
+int utf8;
+
+
+/**************************************************************************
+* First, sort out the command line. There is only one possible option at  *
+* the moment, "-g" to request repeated matching to find all occurrences,  *
+* like Perl's /g option. We set the variable find_all to a non-zero value *
+* if the -g option is present. Apart from that, there must be exactly two *
+* arguments.                                                              *
+**************************************************************************/
+
+find_all = 0;
+for (i = 1; i &lt; argc; i++)
+  {
+  if (strcmp(argv[i], "-g") == 0) find_all = 1;
+    else break;
+  }
+
+/* After the options, we require exactly two arguments, which are the pattern,
+and the subject string. */
+
+if (argc - i != 2)
+  {
+  printf("Two arguments required: a regex and a subject string\n");
+  return 1;
+  }
+
+pattern = argv[i];
+subject = argv[i+1];
+subject_length = (int)strlen(subject);
+
+
+/*************************************************************************
+* Now we are going to compile the regular expression pattern, and handle *
+* and errors that are detected.                                          *
+*************************************************************************/
+
+re = pcre_compile(
+  pattern,              /* the pattern */
+  0,                    /* default options */
+  &amp;error,               /* for error message */
+  &amp;erroffset,           /* for error offset */
+  NULL);                /* use default character tables */
+
+/* Compilation failed: print the error message and exit */
+
+if (re == NULL)
+  {
+  printf("PCRE compilation failed at offset %d: %s\n", erroffset, error);
+  return 1;
+  }
+
+
+/*************************************************************************
+* If the compilation succeeded, we call PCRE again, in order to do a     *
+* pattern match against the subject string. This does just ONE match. If *
+* further matching is needed, it will be done below.                     *
+*************************************************************************/
+
+rc = pcre_exec(
+  re,                   /* the compiled pattern */
+  NULL,                 /* no extra data - we didn't study the pattern */
+  subject,              /* the subject string */
+  subject_length,       /* the length of the subject */
+  0,                    /* start at offset 0 in the subject */
+  0,                    /* default options */
+  ovector,              /* output vector for substring information */
+  OVECCOUNT);           /* number of elements in the output vector */
+
+/* Matching failed: handle error cases */
+
+if (rc &lt; 0)
+  {
+  switch(rc)
+    {
+    case PCRE_ERROR_NOMATCH: printf("No match\n"); break;
+    /*
+    Handle other special cases if you like
+    */
+    default: printf("Matching error %d\n", rc); break;
+    }
+  pcre_free(re);     /* Release memory used for the compiled pattern */
+  return 1;
+  }
+
+/* Match succeded */
+
+printf("\nMatch succeeded at offset %d\n", ovector[0]);
+
+
+/*************************************************************************
+* We have found the first match within the subject string. If the output *
+* vector wasn't big enough, say so. Then output any substrings that were *
+* captured.                                                              *
+*************************************************************************/
+
+/* The output vector wasn't big enough */
+
+if (rc == 0)
+  {
+  rc = OVECCOUNT/3;
+  printf("ovector only has room for %d captured substrings\n", rc - 1);
+  }
+
+/* Show substrings stored in the output vector by number. Obviously, in a real
+application you might want to do things other than print them. */
+
+for (i = 0; i &lt; rc; i++)
+  {
+  char *substring_start = subject + ovector[2*i];
+  int substring_length = ovector[2*i+1] - ovector[2*i];
+  printf("%2d: %.*s\n", i, substring_length, substring_start);
+  }
+
+
+/**************************************************************************
+* That concludes the basic part of this demonstration program. We have    *
+* compiled a pattern, and performed a single match. The code that follows *
+* shows first how to access named substrings, and then how to code for    *
+* repeated matches on the same subject.                                   *
+**************************************************************************/
+
+/* See if there are any named substrings, and if so, show them by name. First
+we have to extract the count of named parentheses from the pattern. */
+
+(void)pcre_fullinfo(
+  re,                   /* the compiled pattern */
+  NULL,                 /* no extra data - we didn't study the pattern */
+  PCRE_INFO_NAMECOUNT,  /* number of named substrings */
+  &amp;namecount);          /* where to put the answer */
+
+if (namecount &lt;= 0) printf("No named substrings\n"); else
+  {
+  unsigned char *tabptr;
+  printf("Named substrings\n");
+
+  /* Before we can access the substrings, we must extract the table for
+  translating names to numbers, and the size of each entry in the table. */
+
+  (void)pcre_fullinfo(
+    re,                       /* the compiled pattern */
+    NULL,                     /* no extra data - we didn't study the pattern */
+    PCRE_INFO_NAMETABLE,      /* address of the table */
+    &amp;name_table);             /* where to put the answer */
+
+  (void)pcre_fullinfo(
+    re,                       /* the compiled pattern */
+    NULL,                     /* no extra data - we didn't study the pattern */
+    PCRE_INFO_NAMEENTRYSIZE,  /* size of each entry in the table */
+    &amp;name_entry_size);        /* where to put the answer */
+
+  /* Now we can scan the table and, for each entry, print the number, the name,
+  and the substring itself. */
+
+  tabptr = name_table;
+  for (i = 0; i &lt; namecount; i++)
+    {
+    int n = (tabptr[0] &lt;&lt; 8) | tabptr[1];
+    printf("(%d) %*s: %.*s\n", n, name_entry_size - 3, tabptr + 2,
+      ovector[2*n+1] - ovector[2*n], subject + ovector[2*n]);
+    tabptr += name_entry_size;
+    }
+  }
+
+
+/*************************************************************************
+* If the "-g" option was given on the command line, we want to continue  *
+* to search for additional matches in the subject string, in a similar   *
+* way to the /g option in Perl. This turns out to be trickier than you   *
+* might think because of the possibility of matching an empty string.    *
+* What happens is as follows:                                            *
+*                                                                        *
+* If the previous match was NOT for an empty string, we can just start   *
+* the next match at the end of the previous one.                         *
+*                                                                        *
+* If the previous match WAS for an empty string, we can't do that, as it *
+* would lead to an infinite loop. Instead, a special call of pcre_exec() *
+* is made with the PCRE_NOTEMPTY_ATSTART and PCRE_ANCHORED flags set.    *
+* The first of these tells PCRE that an empty string at the start of the *
+* subject is not a valid match; other possibilities must be tried. The   *
+* second flag restricts PCRE to one match attempt at the initial string  *
+* position. If this match succeeds, an alternative to the empty string   *
+* match has been found, and we can print it and proceed round the loop,  *
+* advancing by the length of whatever was found. If this match does not  *
+* succeed, we still stay in the loop, advancing by just one character.   *
+* In UTF-8 mode, which can be set by (*UTF8) in the pattern, this may be *
+* more than one byte.                                                    *
+*                                                                        *
+* However, there is a complication concerned with newlines. When the     *
+* newline convention is such that CRLF is a valid newline, we must       *
+* advance by two characters rather than one. The newline convention can  *
+* be set in the regex by (*CR), etc.; if not, we must find the default.  *
+*************************************************************************/
+
+if (!find_all)     /* Check for -g */
+  {
+  pcre_free(re);   /* Release the memory used for the compiled pattern */
+  return 0;        /* Finish unless -g was given */
+  }
+
+/* Before running the loop, check for UTF-8 and whether CRLF is a valid newline
+sequence. First, find the options with which the regex was compiled; extract
+the UTF-8 state, and mask off all but the newline options. */
+
+(void)pcre_fullinfo(re, NULL, PCRE_INFO_OPTIONS, &amp;option_bits);
+utf8 = option_bits &amp; PCRE_UTF8;
+option_bits &amp;= PCRE_NEWLINE_CR|PCRE_NEWLINE_LF|PCRE_NEWLINE_CRLF|
+               PCRE_NEWLINE_ANY|PCRE_NEWLINE_ANYCRLF;
+
+/* If no newline options were set, find the default newline convention from the
+build configuration. */
+
+if (option_bits == 0)
+  {
+  int d;
+  (void)pcre_config(PCRE_CONFIG_NEWLINE, &amp;d);
+  /* Note that these values are always the ASCII ones, even in
+  EBCDIC environments. CR = 13, NL = 10. */
+  option_bits = (d == 13)? PCRE_NEWLINE_CR :
+          (d == 10)? PCRE_NEWLINE_LF :
+          (d == (13&lt;&lt;8 | 10))? PCRE_NEWLINE_CRLF :
+          (d == -2)? PCRE_NEWLINE_ANYCRLF :
+          (d == -1)? PCRE_NEWLINE_ANY : 0;
+  }
+
+/* See if CRLF is a valid newline sequence. */
+
+crlf_is_newline =
+     option_bits == PCRE_NEWLINE_ANY ||
+     option_bits == PCRE_NEWLINE_CRLF ||
+     option_bits == PCRE_NEWLINE_ANYCRLF;
+
+/* Loop for second and subsequent matches */
+
+for (;;)
+  {
+  int options = 0;                 /* Normally no options */
+  int start_offset = ovector[1];   /* Start at end of previous match */
+
+  /* If the previous match was for an empty string, we are finished if we are
+  at the end of the subject. Otherwise, arrange to run another match at the
+  same point to see if a non-empty match can be found. */
+
+  if (ovector[0] == ovector[1])
+    {
+    if (ovector[0] == subject_length) break;
+    options = PCRE_NOTEMPTY_ATSTART | PCRE_ANCHORED;
+    }
+
+  /* Run the next matching operation */
+
+  rc = pcre_exec(
+    re,                   /* the compiled pattern */
+    NULL,                 /* no extra data - we didn't study the pattern */
+    subject,              /* the subject string */
+    subject_length,       /* the length of the subject */
+    start_offset,         /* starting offset in the subject */
+    options,              /* options */
+    ovector,              /* output vector for substring information */
+    OVECCOUNT);           /* number of elements in the output vector */
+
+  /* This time, a result of NOMATCH isn't an error. If the value in "options"
+  is zero, it just means we have found all possible matches, so the loop ends.
+  Otherwise, it means we have failed to find a non-empty-string match at a
+  point where there was a previous empty-string match. In this case, we do what
+  Perl does: advance the matching position by one character, and continue. We
+  do this by setting the "end of previous match" offset, because that is picked
+  up at the top of the loop as the point at which to start again.
+
+  There are two complications: (a) When CRLF is a valid newline sequence, and
+  the current position is just before it, advance by an extra byte. (b)
+  Otherwise we must ensure that we skip an entire UTF-8 character if we are in
+  UTF-8 mode. */
+
+  if (rc == PCRE_ERROR_NOMATCH)
+    {
+    if (options == 0) break;                    /* All matches found */
+    ovector[1] = start_offset + 1;              /* Advance one byte */
+    if (crlf_is_newline &amp;&amp;                      /* If CRLF is newline &amp; */
+        start_offset &lt; subject_length - 1 &amp;&amp;    /* we are at CRLF, */
+        subject[start_offset] == '\r' &amp;&amp;
+        subject[start_offset + 1] == '\n')
+      ovector[1] += 1;                          /* Advance by one more. */
+    else if (utf8)                              /* Otherwise, ensure we */
+      {                                         /* advance a whole UTF-8 */
+      while (ovector[1] &lt; subject_length)       /* character. */
+        {
+        if ((subject[ovector[1]] &amp; 0xc0) != 0x80) break;
+        ovector[1] += 1;
+        }
+      }
+    continue;    /* Go round the loop again */
+    }
+
+  /* Other matching errors are not recoverable. */
+
+  if (rc &lt; 0)
+    {
+    printf("Matching error %d\n", rc);
+    pcre_free(re);    /* Release memory used for the compiled pattern */
+    return 1;
+    }
+
+  /* Match succeded */
+
+  printf("\nMatch succeeded again at offset %d\n", ovector[0]);
+
+  /* The match succeeded, but the output vector wasn't big enough. */
+
+  if (rc == 0)
+    {
+    rc = OVECCOUNT/3;
+    printf("ovector only has room for %d captured substrings\n", rc - 1);
+    }
+
+  /* As before, show substrings stored in the output vector by number, and then
+  also any named substrings. */
+
+  for (i = 0; i &lt; rc; i++)
+    {
+    char *substring_start = subject + ovector[2*i];
+    int substring_length = ovector[2*i+1] - ovector[2*i];
+    printf("%2d: %.*s\n", i, substring_length, substring_start);
+    }
+
+  if (namecount &lt;= 0) printf("No named substrings\n"); else
+    {
+    unsigned char *tabptr = name_table;
+    printf("Named substrings\n");
+    for (i = 0; i &lt; namecount; i++)
+      {
+      int n = (tabptr[0] &lt;&lt; 8) | tabptr[1];
+      printf("(%d) %*s: %.*s\n", n, name_entry_size - 3, tabptr + 2,
+        ovector[2*n+1] - ovector[2*n], subject + ovector[2*n]);
+      tabptr += name_entry_size;
+      }
+    }
+  }      /* End of loop to find second and subsequent matches */
+
+printf("\n");
+pcre_free(re);       /* Release memory used for the compiled pattern */
+return 0;
+}
+
+/* End of pcredemo.c */
+<p>
+Return to the <a href="index.html">PCRE index page</a>.
+</p>
diff --git a/client/3rd/ShadowSocks/ShadowSocks/pcre/armv7s/share/doc/pcre/html/pcregrep.html b/client/3rd/ShadowSocks/ShadowSocks/pcre/armv7s/share/doc/pcre/html/pcregrep.html
new file mode 100644
index 00000000..dacbb499
--- /dev/null
+++ b/client/3rd/ShadowSocks/ShadowSocks/pcre/armv7s/share/doc/pcre/html/pcregrep.html
@@ -0,0 +1,759 @@
+<html>
+<head>
+<title>pcregrep specification</title>
+</head>
+<body bgcolor="#FFFFFF" text="#00005A" link="#0066FF" alink="#3399FF" vlink="#2222BB">
+<h1>pcregrep man page</h1>
+<p>
+Return to the <a href="index.html">PCRE index page</a>.
+</p>
+<p>
+This page is part of the PCRE HTML documentation. It was generated automatically
+from the original man page. If there is any nonsense in it, please consult the
+man page, in case the conversion went wrong.
+<br>
+<ul>
+<li><a name="TOC1" href="#SEC1">SYNOPSIS</a>
+<li><a name="TOC2" href="#SEC2">DESCRIPTION</a>
+<li><a name="TOC3" href="#SEC3">SUPPORT FOR COMPRESSED FILES</a>
+<li><a name="TOC4" href="#SEC4">BINARY FILES</a>
+<li><a name="TOC5" href="#SEC5">OPTIONS</a>
+<li><a name="TOC6" href="#SEC6">ENVIRONMENT VARIABLES</a>
+<li><a name="TOC7" href="#SEC7">NEWLINES</a>
+<li><a name="TOC8" href="#SEC8">OPTIONS COMPATIBILITY</a>
+<li><a name="TOC9" href="#SEC9">OPTIONS WITH DATA</a>
+<li><a name="TOC10" href="#SEC10">MATCHING ERRORS</a>
+<li><a name="TOC11" href="#SEC11">DIAGNOSTICS</a>
+<li><a name="TOC12" href="#SEC12">SEE ALSO</a>
+<li><a name="TOC13" href="#SEC13">AUTHOR</a>
+<li><a name="TOC14" href="#SEC14">REVISION</a>
+</ul>
+<br><a name="SEC1" href="#TOC1">SYNOPSIS</a><br>
+<P>
+<b>pcregrep [options] [long options] [pattern] [path1 path2 ...]</b>
+</P>
+<br><a name="SEC2" href="#TOC1">DESCRIPTION</a><br>
+<P>
+<b>pcregrep</b> searches files for character patterns, in the same way as other
+grep commands do, but it uses the PCRE regular expression library to support
+patterns that are compatible with the regular expressions of Perl 5. See
+<a href="pcresyntax.html"><b>pcresyntax</b>(3)</a>
+for a quick-reference summary of pattern syntax, or
+<a href="pcrepattern.html"><b>pcrepattern</b>(3)</a>
+for a full description of the syntax and semantics of the regular expressions
+that PCRE supports.
+</P>
+<P>
+Patterns, whether supplied on the command line or in a separate file, are given
+without delimiters. For example:
+<pre>
+  pcregrep Thursday /etc/motd
+</pre>
+If you attempt to use delimiters (for example, by surrounding a pattern with
+slashes, as is common in Perl scripts), they are interpreted as part of the
+pattern. Quotes can of course be used to delimit patterns on the command line
+because they are interpreted by the shell, and indeed quotes are required if a
+pattern contains white space or shell metacharacters.
+</P>
+<P>
+The first argument that follows any option settings is treated as the single
+pattern to be matched when neither <b>-e</b> nor <b>-f</b> is present.
+Conversely, when one or both of these options are used to specify patterns, all
+arguments are treated as path names. At least one of <b>-e</b>, <b>-f</b>, or an
+argument pattern must be provided.
+</P>
+<P>
+If no files are specified, <b>pcregrep</b> reads the standard input. The
+standard input can also be referenced by a name consisting of a single hyphen.
+For example:
+<pre>
+  pcregrep some-pattern /file1 - /file3
+</pre>
+By default, each line that matches a pattern is copied to the standard
+output, and if there is more than one file, the file name is output at the
+start of each line, followed by a colon. However, there are options that can
+change how <b>pcregrep</b> behaves. In particular, the <b>-M</b> option makes it
+possible to search for patterns that span line boundaries. What defines a line
+boundary is controlled by the <b>-N</b> (<b>--newline</b>) option.
+</P>
+<P>
+The amount of memory used for buffering files that are being scanned is
+controlled by a parameter that can be set by the <b>--buffer-size</b> option.
+The default value for this parameter is specified when <b>pcregrep</b> is built,
+with the default default being 20K. A block of memory three times this size is
+used (to allow for buffering "before" and "after" lines). An error occurs if a
+line overflows the buffer.
+</P>
+<P>
+Patterns can be no longer than 8K or BUFSIZ bytes, whichever is the greater.
+BUFSIZ is defined in <b>&#60;stdio.h&#62;</b>. When there is more than one pattern
+(specified by the use of <b>-e</b> and/or <b>-f</b>), each pattern is applied to
+each line in the order in which they are defined, except that all the <b>-e</b>
+patterns are tried before the <b>-f</b> patterns.
+</P>
+<P>
+By default, as soon as one pattern matches a line, no further patterns are
+considered. However, if <b>--colour</b> (or <b>--color</b>) is used to colour the
+matching substrings, or if <b>--only-matching</b>, <b>--file-offsets</b>, or
+<b>--line-offsets</b> is used to output only the part of the line that matched
+(either shown literally, or as an offset), scanning resumes immediately
+following the match, so that further matches on the same line can be found. If
+there are multiple patterns, they are all tried on the remainder of the line,
+but patterns that follow the one that matched are not tried on the earlier part
+of the line.
+</P>
+<P>
+This behaviour means that the order in which multiple patterns are specified
+can affect the output when one of the above options is used. This is no longer
+the same behaviour as GNU grep, which now manages to display earlier matches
+for later patterns (as long as there is no overlap).
+</P>
+<P>
+Patterns that can match an empty string are accepted, but empty string
+matches are never recognized. An example is the pattern "(super)?(man)?", in
+which all components are optional. This pattern finds all occurrences of both
+"super" and "man"; the output differs from matching with "super|man" when only
+the matching substrings are being shown.
+</P>
+<P>
+If the <b>LC_ALL</b> or <b>LC_CTYPE</b> environment variable is set,
+<b>pcregrep</b> uses the value to set a locale when calling the PCRE library.
+The <b>--locale</b> option can be used to override this.
+</P>
+<br><a name="SEC3" href="#TOC1">SUPPORT FOR COMPRESSED FILES</a><br>
+<P>
+It is possible to compile <b>pcregrep</b> so that it uses <b>libz</b> or
+<b>libbz2</b> to read files whose names end in <b>.gz</b> or <b>.bz2</b>,
+respectively. You can find out whether your binary has support for one or both
+of these file types by running it with the <b>--help</b> option. If the
+appropriate support is not present, files are treated as plain text. The
+standard input is always so treated.
+</P>
+<br><a name="SEC4" href="#TOC1">BINARY FILES</a><br>
+<P>
+By default, a file that contains a binary zero byte within the first 1024 bytes
+is identified as a binary file, and is processed specially. (GNU grep also
+identifies binary files in this manner.) See the <b>--binary-files</b> option
+for a means of changing the way binary files are handled.
+</P>
+<br><a name="SEC5" href="#TOC1">OPTIONS</a><br>
+<P>
+The order in which some of the options appear can affect the output. For
+example, both the <b>-h</b> and <b>-l</b> options affect the printing of file
+names. Whichever comes later in the command line will be the one that takes
+effect. Similarly, except where noted below, if an option is given twice, the
+later setting is used. Numerical values for options may be followed by K or M,
+to signify multiplication by 1024 or 1024*1024 respectively.
+</P>
+<P>
+<b>--</b>
+This terminates the list of options. It is useful if the next item on the
+command line starts with a hyphen but is not an option. This allows for the
+processing of patterns and filenames that start with hyphens.
+</P>
+<P>
+<b>-A</b> <i>number</i>, <b>--after-context=</b><i>number</i>
+Output <i>number</i> lines of context after each matching line. If filenames
+and/or line numbers are being output, a hyphen separator is used instead of a
+colon for the context lines. A line containing "--" is output between each
+group of lines, unless they are in fact contiguous in the input file. The value
+of <i>number</i> is expected to be relatively small. However, <b>pcregrep</b>
+guarantees to have up to 8K of following text available for context output.
+</P>
+<P>
+<b>-a</b>, <b>--text</b>
+Treat binary files as text. This is equivalent to
+<b>--binary-files</b>=<i>text</i>.
+</P>
+<P>
+<b>-B</b> <i>number</i>, <b>--before-context=</b><i>number</i>
+Output <i>number</i> lines of context before each matching line. If filenames
+and/or line numbers are being output, a hyphen separator is used instead of a
+colon for the context lines. A line containing "--" is output between each
+group of lines, unless they are in fact contiguous in the input file. The value
+of <i>number</i> is expected to be relatively small. However, <b>pcregrep</b>
+guarantees to have up to 8K of preceding text available for context output.
+</P>
+<P>
+<b>--binary-files=</b><i>word</i>
+Specify how binary files are to be processed. If the word is "binary" (the
+default), pattern matching is performed on binary files, but the only output is
+"Binary file &#60;name&#62; matches" when a match succeeds. If the word is "text",
+which is equivalent to the <b>-a</b> or <b>--text</b> option, binary files are
+processed in the same way as any other file. In this case, when a match
+succeeds, the output may be binary garbage, which can have nasty effects if
+sent to a terminal. If the word is "without-match", which is equivalent to the
+<b>-I</b> option, binary files are not processed at all; they are assumed not to
+be of interest.
+</P>
+<P>
+<b>--buffer-size=</b><i>number</i>
+Set the parameter that controls how much memory is used for buffering files
+that are being scanned.
+</P>
+<P>
+<b>-C</b> <i>number</i>, <b>--context=</b><i>number</i>
+Output <i>number</i> lines of context both before and after each matching line.
+This is equivalent to setting both <b>-A</b> and <b>-B</b> to the same value.
+</P>
+<P>
+<b>-c</b>, <b>--count</b>
+Do not output individual lines from the files that are being scanned; instead
+output the number of lines that would otherwise have been shown. If no lines
+are selected, the number zero is output. If several files are are being
+scanned, a count is output for each of them. However, if the
+<b>--files-with-matches</b> option is also used, only those files whose counts
+are greater than zero are listed. When <b>-c</b> is used, the <b>-A</b>,
+<b>-B</b>, and <b>-C</b> options are ignored.
+</P>
+<P>
+<b>--colour</b>, <b>--color</b>
+If this option is given without any data, it is equivalent to "--colour=auto".
+If data is required, it must be given in the same shell item, separated by an
+equals sign.
+</P>
+<P>
+<b>--colour=</b><i>value</i>, <b>--color=</b><i>value</i>
+This option specifies under what circumstances the parts of a line that matched
+a pattern should be coloured in the output. By default, the output is not
+coloured. The value (which is optional, see above) may be "never", "always", or
+"auto". In the latter case, colouring happens only if the standard output is
+connected to a terminal. More resources are used when colouring is enabled,
+because <b>pcregrep</b> has to search for all possible matches in a line, not
+just one, in order to colour them all.
+<br>
+<br>
+The colour that is used can be specified by setting the environment variable
+PCREGREP_COLOUR or PCREGREP_COLOR. The value of this variable should be a
+string of two numbers, separated by a semicolon. They are copied directly into
+the control string for setting colour on a terminal, so it is your
+responsibility to ensure that they make sense. If neither of the environment
+variables is set, the default is "1;31", which gives red.
+</P>
+<P>
+<b>-D</b> <i>action</i>, <b>--devices=</b><i>action</i>
+If an input path is not a regular file or a directory, "action" specifies how
+it is to be processed. Valid values are "read" (the default) or "skip"
+(silently skip the path).
+</P>
+<P>
+<b>-d</b> <i>action</i>, <b>--directories=</b><i>action</i>
+If an input path is a directory, "action" specifies how it is to be processed.
+Valid values are "read" (the default in non-Windows environments, for
+compatibility with GNU grep), "recurse" (equivalent to the <b>-r</b> option), or
+"skip" (silently skip the path, the default in Windows environments). In the
+"read" case, directories are read as if they were ordinary files. In some
+operating systems the effect of reading a directory like this is an immediate
+end-of-file; in others it may provoke an error.
+</P>
+<P>
+<b>-e</b> <i>pattern</i>, <b>--regex=</b><i>pattern</i>, <b>--regexp=</b><i>pattern</i>
+Specify a pattern to be matched. This option can be used multiple times in
+order to specify several patterns. It can also be used as a way of specifying a
+single pattern that starts with a hyphen. When <b>-e</b> is used, no argument
+pattern is taken from the command line; all arguments are treated as file
+names. There is no limit to the number of patterns. They are applied to each
+line in the order in which they are defined until one matches.
+<br>
+<br>
+If <b>-f</b> is used with <b>-e</b>, the command line patterns are matched first,
+followed by the patterns from the file(s), independent of the order in which
+these options are specified. Note that multiple use of <b>-e</b> is not the same
+as a single pattern with alternatives. For example, X|Y finds the first
+character in a line that is X or Y, whereas if the two patterns are given
+separately, with X first, <b>pcregrep</b> finds X if it is present, even if it
+follows Y in the line. It finds Y only if there is no X in the line. This
+matters only if you are using <b>-o</b> or <b>--colo(u)r</b> to show the part(s)
+of the line that matched.
+</P>
+<P>
+<b>--exclude</b>=<i>pattern</i>
+Files (but not directories) whose names match the pattern are skipped without
+being processed. This applies to all files, whether listed on the command line,
+obtained from <b>--file-list</b>, or by scanning a directory. The pattern is a
+PCRE regular expression, and is matched against the final component of the file
+name, not the entire path. The <b>-F</b>, <b>-w</b>, and <b>-x</b> options do not
+apply to this pattern. The option may be given any number of times in order to
+specify multiple patterns. If a file name matches both an <b>--include</b>
+and an <b>--exclude</b> pattern, it is excluded. There is no short form for this
+option.
+</P>
+<P>
+<b>--exclude-from=</b><i>filename</i>
+Treat each non-empty line of the file as the data for an <b>--exclude</b>
+option. What constitutes a newline when reading the file is the operating
+system's default. The <b>--newline</b> option has no effect on this option. This
+option may be given more than once in order to specify a number of files to
+read.
+</P>
+<P>
+<b>--exclude-dir</b>=<i>pattern</i>
+Directories whose names match the pattern are skipped without being processed,
+whatever the setting of the <b>--recursive</b> option. This applies to all
+directories, whether listed on the command line, obtained from
+<b>--file-list</b>, or by scanning a parent directory. The pattern is a PCRE
+regular expression, and is matched against the final component of the directory
+name, not the entire path. The <b>-F</b>, <b>-w</b>, and <b>-x</b> options do not
+apply to this pattern. The option may be given any number of times in order to
+specify more than one pattern. If a directory matches both <b>--include-dir</b>
+and <b>--exclude-dir</b>, it is excluded. There is no short form for this
+option.
+</P>
+<P>
+<b>-F</b>, <b>--fixed-strings</b>
+Interpret each data-matching pattern as a list of fixed strings, separated by
+newlines, instead of as a regular expression. What constitutes a newline for
+this purpose is controlled by the <b>--newline</b> option. The <b>-w</b> (match
+as a word) and <b>-x</b> (match whole line) options can be used with <b>-F</b>.
+They apply to each of the fixed strings. A line is selected if any of the fixed
+strings are found in it (subject to <b>-w</b> or <b>-x</b>, if present). This
+option applies only to the patterns that are matched against the contents of
+files; it does not apply to patterns specified by any of the <b>--include</b> or
+<b>--exclude</b> options.
+</P>
+<P>
+<b>-f</b> <i>filename</i>, <b>--file=</b><i>filename</i>
+Read patterns from the file, one per line, and match them against
+each line of input. What constitutes a newline when reading the file is the
+operating system's default. The <b>--newline</b> option has no effect on this
+option. Trailing white space is removed from each line, and blank lines are
+ignored. An empty file contains no patterns and therefore matches nothing. See
+also the comments about multiple patterns versus a single pattern with
+alternatives in the description of <b>-e</b> above.
+<br>
+<br>
+If this option is given more than once, all the specified files are
+read. A data line is output if any of the patterns match it. A filename can
+be given as "-" to refer to the standard input. When <b>-f</b> is used, patterns
+specified on the command line using <b>-e</b> may also be present; they are
+tested before the file's patterns. However, no other pattern is taken from the
+command line; all arguments are treated as the names of paths to be searched.
+</P>
+<P>
+<b>--file-list</b>=<i>filename</i>
+Read a list of files and/or directories that are to be scanned from the given
+file, one per line. Trailing white space is removed from each line, and blank
+lines are ignored. These paths are processed before any that are listed on the
+command line. The filename can be given as "-" to refer to the standard input.
+If <b>--file</b> and <b>--file-list</b> are both specified as "-", patterns are
+read first. This is useful only when the standard input is a terminal, from
+which further lines (the list of files) can be read after an end-of-file
+indication. If this option is given more than once, all the specified files are
+read.
+</P>
+<P>
+<b>--file-offsets</b>
+Instead of showing lines or parts of lines that match, show each match as an
+offset from the start of the file and a length, separated by a comma. In this
+mode, no context is shown. That is, the <b>-A</b>, <b>-B</b>, and <b>-C</b>
+options are ignored. If there is more than one match in a line, each of them is
+shown separately. This option is mutually exclusive with <b>--line-offsets</b>
+and <b>--only-matching</b>.
+</P>
+<P>
+<b>-H</b>, <b>--with-filename</b>
+Force the inclusion of the filename at the start of output lines when searching
+a single file. By default, the filename is not shown in this case. For matching
+lines, the filename is followed by a colon; for context lines, a hyphen
+separator is used. If a line number is also being output, it follows the file
+name.
+</P>
+<P>
+<b>-h</b>, <b>--no-filename</b>
+Suppress the output filenames when searching multiple files. By default,
+filenames are shown when multiple files are searched. For matching lines, the
+filename is followed by a colon; for context lines, a hyphen separator is used.
+If a line number is also being output, it follows the file name.
+</P>
+<P>
+<b>--help</b>
+Output a help message, giving brief details of the command options and file
+type support, and then exit. Anything else on the command line is
+ignored.
+</P>
+<P>
+<b>-I</b>
+Treat binary files as never matching. This is equivalent to
+<b>--binary-files</b>=<i>without-match</i>.
+</P>
+<P>
+<b>-i</b>, <b>--ignore-case</b>
+Ignore upper/lower case distinctions during comparisons.
+</P>
+<P>
+<b>--include</b>=<i>pattern</i>
+If any <b>--include</b> patterns are specified, the only files that are
+processed are those that match one of the patterns (and do not match an
+<b>--exclude</b> pattern). This option does not affect directories, but it
+applies to all files, whether listed on the command line, obtained from
+<b>--file-list</b>, or by scanning a directory. The pattern is a PCRE regular
+expression, and is matched against the final component of the file name, not
+the entire path. The <b>-F</b>, <b>-w</b>, and <b>-x</b> options do not apply to
+this pattern. The option may be given any number of times. If a file name
+matches both an <b>--include</b> and an <b>--exclude</b> pattern, it is excluded.
+There is no short form for this option.
+</P>
+<P>
+<b>--include-from=</b><i>filename</i>
+Treat each non-empty line of the file as the data for an <b>--include</b>
+option. What constitutes a newline for this purpose is the operating system's
+default. The <b>--newline</b> option has no effect on this option. This option
+may be given any number of times; all the files are read.
+</P>
+<P>
+<b>--include-dir</b>=<i>pattern</i>
+If any <b>--include-dir</b> patterns are specified, the only directories that
+are processed are those that match one of the patterns (and do not match an
+<b>--exclude-dir</b> pattern). This applies to all directories, whether listed
+on the command line, obtained from <b>--file-list</b>, or by scanning a parent
+directory. The pattern is a PCRE regular expression, and is matched against the
+final component of the directory name, not the entire path. The <b>-F</b>,
+<b>-w</b>, and <b>-x</b> options do not apply to this pattern. The option may be
+given any number of times. If a directory matches both <b>--include-dir</b> and
+<b>--exclude-dir</b>, it is excluded. There is no short form for this option.
+</P>
+<P>
+<b>-L</b>, <b>--files-without-match</b>
+Instead of outputting lines from the files, just output the names of the files
+that do not contain any lines that would have been output. Each file name is
+output once, on a separate line.
+</P>
+<P>
+<b>-l</b>, <b>--files-with-matches</b>
+Instead of outputting lines from the files, just output the names of the files
+containing lines that would have been output. Each file name is output
+once, on a separate line. Searching normally stops as soon as a matching line
+is found in a file. However, if the <b>-c</b> (count) option is also used,
+matching continues in order to obtain the correct count, and those files that
+have at least one match are listed along with their counts. Using this option
+with <b>-c</b> is a way of suppressing the listing of files with no matches.
+</P>
+<P>
+<b>--label</b>=<i>name</i>
+This option supplies a name to be used for the standard input when file names
+are being output. If not supplied, "(standard input)" is used. There is no
+short form for this option.
+</P>
+<P>
+<b>--line-buffered</b>
+When this option is given, input is read and processed line by line, and the
+output is flushed after each write. By default, input is read in large chunks,
+unless <b>pcregrep</b> can determine that it is reading from a terminal (which
+is currently possible only in Unix-like environments). Output to terminal is
+normally automatically flushed by the operating system. This option can be
+useful when the input or output is attached to a pipe and you do not want
+<b>pcregrep</b> to buffer up large amounts of data. However, its use will affect
+performance, and the <b>-M</b> (multiline) option ceases to work.
+</P>
+<P>
+<b>--line-offsets</b>
+Instead of showing lines or parts of lines that match, show each match as a
+line number, the offset from the start of the line, and a length. The line
+number is terminated by a colon (as usual; see the <b>-n</b> option), and the
+offset and length are separated by a comma. In this mode, no context is shown.
+That is, the <b>-A</b>, <b>-B</b>, and <b>-C</b> options are ignored. If there is
+more than one match in a line, each of them is shown separately. This option is
+mutually exclusive with <b>--file-offsets</b> and <b>--only-matching</b>.
+</P>
+<P>
+<b>--locale</b>=<i>locale-name</i>
+This option specifies a locale to be used for pattern matching. It overrides
+the value in the <b>LC_ALL</b> or <b>LC_CTYPE</b> environment variables. If no
+locale is specified, the PCRE library's default (usually the "C" locale) is
+used. There is no short form for this option.
+</P>
+<P>
+<b>--match-limit</b>=<i>number</i>
+Processing some regular expression patterns can require a very large amount of
+memory, leading in some cases to a program crash if not enough is available.
+Other patterns may take a very long time to search for all possible matching
+strings. The <b>pcre_exec()</b> function that is called by <b>pcregrep</b> to do
+the matching has two parameters that can limit the resources that it uses.
+<br>
+<br>
+The <b>--match-limit</b> option provides a means of limiting resource usage
+when processing patterns that are not going to match, but which have a very
+large number of possibilities in their search trees. The classic example is a
+pattern that uses nested unlimited repeats. Internally, PCRE uses a function
+called <b>match()</b> which it calls repeatedly (sometimes recursively). The
+limit set by <b>--match-limit</b> is imposed on the number of times this
+function is called during a match, which has the effect of limiting the amount
+of backtracking that can take place.
+<br>
+<br>
+The <b>--recursion-limit</b> option is similar to <b>--match-limit</b>, but
+instead of limiting the total number of times that <b>match()</b> is called, it
+limits the depth of recursive calls, which in turn limits the amount of memory
+that can be used. The recursion depth is a smaller number than the total number
+of calls, because not all calls to <b>match()</b> are recursive. This limit is
+of use only if it is set smaller than <b>--match-limit</b>.
+<br>
+<br>
+There are no short forms for these options. The default settings are specified
+when the PCRE library is compiled, with the default default being 10 million.
+</P>
+<P>
+<b>-M</b>, <b>--multiline</b>
+Allow patterns to match more than one line. When this option is given, patterns
+may usefully contain literal newline characters and internal occurrences of ^
+and $ characters. The output for a successful match may consist of more than
+one line, the last of which is the one in which the match ended. If the matched
+string ends with a newline sequence the output ends at the end of that line.
+<br>
+<br>
+When this option is set, the PCRE library is called in "multiline" mode.
+There is a limit to the number of lines that can be matched, imposed by the way
+that <b>pcregrep</b> buffers the input file as it scans it. However,
+<b>pcregrep</b> ensures that at least 8K characters or the rest of the document
+(whichever is the shorter) are available for forward matching, and similarly
+the previous 8K characters (or all the previous characters, if fewer than 8K)
+are guaranteed to be available for lookbehind assertions. This option does not
+work when input is read line by line (see \fP--line-buffered\fP.)
+</P>
+<P>
+<b>-N</b> <i>newline-type</i>, <b>--newline</b>=<i>newline-type</i>
+The PCRE library supports five different conventions for indicating
+the ends of lines. They are the single-character sequences CR (carriage return)
+and LF (linefeed), the two-character sequence CRLF, an "anycrlf" convention,
+which recognizes any of the preceding three types, and an "any" convention, in
+which any Unicode line ending sequence is assumed to end a line. The Unicode
+sequences are the three just mentioned, plus VT (vertical tab, U+000B), FF
+(form feed, U+000C), NEL (next line, U+0085), LS (line separator, U+2028), and
+PS (paragraph separator, U+2029).
+<br>
+<br>
+When the PCRE library is built, a default line-ending sequence is specified.
+This is normally the standard sequence for the operating system. Unless
+otherwise specified by this option, <b>pcregrep</b> uses the library's default.
+The possible values for this option are CR, LF, CRLF, ANYCRLF, or ANY. This
+makes it possible to use <b>pcregrep</b> to scan files that have come from other
+environments without having to modify their line endings. If the data that is
+being scanned does not agree with the convention set by this option,
+<b>pcregrep</b> may behave in strange ways. Note that this option does not
+apply to files specified by the <b>-f</b>, <b>--exclude-from</b>, or
+<b>--include-from</b> options, which are expected to use the operating system's
+standard newline sequence.
+</P>
+<P>
+<b>-n</b>, <b>--line-number</b>
+Precede each output line by its line number in the file, followed by a colon
+for matching lines or a hyphen for context lines. If the filename is also being
+output, it precedes the line number. This option is forced if
+<b>--line-offsets</b> is used.
+</P>
+<P>
+<b>--no-jit</b>
+If the PCRE library is built with support for just-in-time compiling (which
+speeds up matching), <b>pcregrep</b> automatically makes use of this, unless it
+was explicitly disabled at build time. This option can be used to disable the
+use of JIT at run time. It is provided for testing and working round problems.
+It should never be needed in normal use.
+</P>
+<P>
+<b>-o</b>, <b>--only-matching</b>
+Show only the part of the line that matched a pattern instead of the whole
+line. In this mode, no context is shown. That is, the <b>-A</b>, <b>-B</b>, and
+<b>-C</b> options are ignored. If there is more than one match in a line, each
+of them is shown separately. If <b>-o</b> is combined with <b>-v</b> (invert the
+sense of the match to find non-matching lines), no output is generated, but the
+return code is set appropriately. If the matched portion of the line is empty,
+nothing is output unless the file name or line number are being printed, in
+which case they are shown on an otherwise empty line. This option is mutually
+exclusive with <b>--file-offsets</b> and <b>--line-offsets</b>.
+</P>
+<P>
+<b>-o</b><i>number</i>, <b>--only-matching</b>=<i>number</i>
+Show only the part of the line that matched the capturing parentheses of the
+given number. Up to 32 capturing parentheses are supported, and -o0 is
+equivalent to <b>-o</b> without a number. Because these options can be given
+without an argument (see above), if an argument is present, it must be given in
+the same shell item, for example, -o3 or --only-matching=2. The comments given
+for the non-argument case above also apply to this case. If the specified
+capturing parentheses do not exist in the pattern, or were not set in the
+match, nothing is output unless the file name or line number are being printed.
+<br>
+<br>
+If this option is given multiple times, multiple substrings are output, in the
+order the options are given. For example, -o3 -o1 -o3 causes the substrings
+matched by capturing parentheses 3 and 1 and then 3 again to be output. By
+default, there is no separator (but see the next option).
+</P>
+<P>
+<b>--om-separator</b>=<i>text</i>
+Specify a separating string for multiple occurrences of <b>-o</b>. The default
+is an empty string. Separating strings are never coloured.
+</P>
+<P>
+<b>-q</b>, <b>--quiet</b>
+Work quietly, that is, display nothing except error messages. The exit
+status indicates whether or not any matches were found.
+</P>
+<P>
+<b>-r</b>, <b>--recursive</b>
+If any given path is a directory, recursively scan the files it contains,
+taking note of any <b>--include</b> and <b>--exclude</b> settings. By default, a
+directory is read as a normal file; in some operating systems this gives an
+immediate end-of-file. This option is a shorthand for setting the <b>-d</b>
+option to "recurse".
+</P>
+<P>
+<b>--recursion-limit</b>=<i>number</i>
+See <b>--match-limit</b> above.
+</P>
+<P>
+<b>-s</b>, <b>--no-messages</b>
+Suppress error messages about non-existent or unreadable files. Such files are
+quietly skipped. However, the return code is still 2, even if matches were
+found in other files.
+</P>
+<P>
+<b>-u</b>, <b>--utf-8</b>
+Operate in UTF-8 mode. This option is available only if PCRE has been compiled
+with UTF-8 support. All patterns (including those for any <b>--exclude</b> and
+<b>--include</b> options) and all subject lines that are scanned must be valid
+strings of UTF-8 characters.
+</P>
+<P>
+<b>-V</b>, <b>--version</b>
+Write the version numbers of <b>pcregrep</b> and the PCRE library to the
+standard output and then exit. Anything else on the command line is
+ignored.
+</P>
+<P>
+<b>-v</b>, <b>--invert-match</b>
+Invert the sense of the match, so that lines which do <i>not</i> match any of
+the patterns are the ones that are found.
+</P>
+<P>
+<b>-w</b>, <b>--word-regex</b>, <b>--word-regexp</b>
+Force the patterns to match only whole words. This is equivalent to having \b
+at the start and end of the pattern. This option applies only to the patterns
+that are matched against the contents of files; it does not apply to patterns
+specified by any of the <b>--include</b> or <b>--exclude</b> options.
+</P>
+<P>
+<b>-x</b>, <b>--line-regex</b>, <b>--line-regexp</b>
+Force the patterns to be anchored (each must start matching at the beginning of
+a line) and in addition, require them to match entire lines. This is equivalent
+to having ^ and $ characters at the start and end of each alternative branch in
+every pattern. This option applies only to the patterns that are matched
+against the contents of files; it does not apply to patterns specified by any
+of the <b>--include</b> or <b>--exclude</b> options.
+</P>
+<br><a name="SEC6" href="#TOC1">ENVIRONMENT VARIABLES</a><br>
+<P>
+The environment variables <b>LC_ALL</b> and <b>LC_CTYPE</b> are examined, in that
+order, for a locale. The first one that is set is used. This can be overridden
+by the <b>--locale</b> option. If no locale is set, the PCRE library's default
+(usually the "C" locale) is used.
+</P>
+<br><a name="SEC7" href="#TOC1">NEWLINES</a><br>
+<P>
+The <b>-N</b> (<b>--newline</b>) option allows <b>pcregrep</b> to scan files with
+different newline conventions from the default. Any parts of the input files
+that are written to the standard output are copied identically, with whatever
+newline sequences they have in the input. However, the setting of this option
+does not affect the interpretation of files specified by the <b>-f</b>,
+<b>--exclude-from</b>, or <b>--include-from</b> options, which are assumed to use
+the operating system's standard newline sequence, nor does it affect the way in
+which <b>pcregrep</b> writes informational messages to the standard error and
+output streams. For these it uses the string "\n" to indicate newlines,
+relying on the C I/O library to convert this to an appropriate sequence.
+</P>
+<br><a name="SEC8" href="#TOC1">OPTIONS COMPATIBILITY</a><br>
+<P>
+Many of the short and long forms of <b>pcregrep</b>'s options are the same
+as in the GNU <b>grep</b> program. Any long option of the form
+<b>--xxx-regexp</b> (GNU terminology) is also available as <b>--xxx-regex</b>
+(PCRE terminology). However, the <b>--file-list</b>, <b>--file-offsets</b>,
+<b>--include-dir</b>, <b>--line-offsets</b>, <b>--locale</b>, <b>--match-limit</b>,
+<b>-M</b>, <b>--multiline</b>, <b>-N</b>, <b>--newline</b>, <b>--om-separator</b>,
+<b>--recursion-limit</b>, <b>-u</b>, and <b>--utf-8</b> options are specific to
+<b>pcregrep</b>, as is the use of the <b>--only-matching</b> option with a
+capturing parentheses number.
+</P>
+<P>
+Although most of the common options work the same way, a few are different in
+<b>pcregrep</b>. For example, the <b>--include</b> option's argument is a glob
+for GNU <b>grep</b>, but a regular expression for <b>pcregrep</b>. If both the
+<b>-c</b> and <b>-l</b> options are given, GNU grep lists only file names,
+without counts, but <b>pcregrep</b> gives the counts.
+</P>
+<br><a name="SEC9" href="#TOC1">OPTIONS WITH DATA</a><br>
+<P>
+There are four different ways in which an option with data can be specified.
+If a short form option is used, the data may follow immediately, or (with one
+exception) in the next command line item. For example:
+<pre>
+  -f/some/file
+  -f /some/file
+</pre>
+The exception is the <b>-o</b> option, which may appear with or without data.
+Because of this, if data is present, it must follow immediately in the same
+item, for example -o3.
+</P>
+<P>
+If a long form option is used, the data may appear in the same command line
+item, separated by an equals character, or (with two exceptions) it may appear
+in the next command line item. For example:
+<pre>
+  --file=/some/file
+  --file /some/file
+</pre>
+Note, however, that if you want to supply a file name beginning with ~ as data
+in a shell command, and have the shell expand ~ to a home directory, you must
+separate the file name from the option, because the shell does not treat ~
+specially unless it is at the start of an item.
+</P>
+<P>
+The exceptions to the above are the <b>--colour</b> (or <b>--color</b>) and
+<b>--only-matching</b> options, for which the data is optional. If one of these
+options does have data, it must be given in the first form, using an equals
+character. Otherwise <b>pcregrep</b> will assume that it has no data.
+</P>
+<br><a name="SEC10" href="#TOC1">MATCHING ERRORS</a><br>
+<P>
+It is possible to supply a regular expression that takes a very long time to
+fail to match certain lines. Such patterns normally involve nested indefinite
+repeats, for example: (a+)*\d when matched against a line of a's with no final
+digit. The PCRE matching function has a resource limit that causes it to abort
+in these circumstances. If this happens, <b>pcregrep</b> outputs an error
+message and the line that caused the problem to the standard error stream. If
+there are more than 20 such errors, <b>pcregrep</b> gives up.
+</P>
+<P>
+The <b>--match-limit</b> option of <b>pcregrep</b> can be used to set the overall
+resource limit; there is a second option called <b>--recursion-limit</b> that
+sets a limit on the amount of memory (usually stack) that is used (see the
+discussion of these options above).
+</P>
+<br><a name="SEC11" href="#TOC1">DIAGNOSTICS</a><br>
+<P>
+Exit status is 0 if any matches were found, 1 if no matches were found, and 2
+for syntax errors, overlong lines, non-existent or inaccessible files (even if
+matches were found in other files) or too many matching errors. Using the
+<b>-s</b> option to suppress error messages about inaccessible files does not
+affect the return code.
+</P>
+<br><a name="SEC12" href="#TOC1">SEE ALSO</a><br>
+<P>
+<b>pcrepattern</b>(3), <b>pcresyntax</b>(3), <b>pcretest</b>(1).
+</P>
+<br><a name="SEC13" href="#TOC1">AUTHOR</a><br>
+<P>
+Philip Hazel
+<br>
+University Computing Service
+<br>
+Cambridge CB2 3QH, England.
+<br>
+</P>
+<br><a name="SEC14" href="#TOC1">REVISION</a><br>
+<P>
+Last updated: 03 April 2014
+<br>
+Copyright &copy; 1997-2014 University of Cambridge.
+<br>
+<p>
+Return to the <a href="index.html">PCRE index page</a>.
+</p>
diff --git a/client/3rd/ShadowSocks/ShadowSocks/pcre/armv7s/share/doc/pcre/html/pcrejit.html b/client/3rd/ShadowSocks/ShadowSocks/pcre/armv7s/share/doc/pcre/html/pcrejit.html
new file mode 100644
index 00000000..abb34252
--- /dev/null
+++ b/client/3rd/ShadowSocks/ShadowSocks/pcre/armv7s/share/doc/pcre/html/pcrejit.html
@@ -0,0 +1,499 @@
+<html>
+<head>
+<title>pcrejit specification</title>
+</head>
+<body bgcolor="#FFFFFF" text="#00005A" link="#0066FF" alink="#3399FF" vlink="#2222BB">
+<h1>pcrejit man page</h1>
+<p>
+Return to the <a href="index.html">PCRE index page</a>.
+</p>
+<p>
+This page is part of the PCRE HTML documentation. It was generated automatically
+from the original man page. If there is any nonsense in it, please consult the
+man page, in case the conversion went wrong.
+<br>
+<ul>
+<li><a name="TOC1" href="#SEC1">PCRE JUST-IN-TIME COMPILER SUPPORT</a>
+<li><a name="TOC2" href="#SEC2">8-BIT, 16-BIT AND 32-BIT SUPPORT</a>
+<li><a name="TOC3" href="#SEC3">AVAILABILITY OF JIT SUPPORT</a>
+<li><a name="TOC4" href="#SEC4">SIMPLE USE OF JIT</a>
+<li><a name="TOC5" href="#SEC5">UNSUPPORTED OPTIONS AND PATTERN ITEMS</a>
+<li><a name="TOC6" href="#SEC6">RETURN VALUES FROM JIT EXECUTION</a>
+<li><a name="TOC7" href="#SEC7">SAVING AND RESTORING COMPILED PATTERNS</a>
+<li><a name="TOC8" href="#SEC8">CONTROLLING THE JIT STACK</a>
+<li><a name="TOC9" href="#SEC9">JIT STACK FAQ</a>
+<li><a name="TOC10" href="#SEC10">EXAMPLE CODE</a>
+<li><a name="TOC11" href="#SEC11">JIT FAST PATH API</a>
+<li><a name="TOC12" href="#SEC12">SEE ALSO</a>
+<li><a name="TOC13" href="#SEC13">AUTHOR</a>
+<li><a name="TOC14" href="#SEC14">REVISION</a>
+</ul>
+<br><a name="SEC1" href="#TOC1">PCRE JUST-IN-TIME COMPILER SUPPORT</a><br>
+<P>
+Just-in-time compiling is a heavyweight optimization that can greatly speed up
+pattern matching. However, it comes at the cost of extra processing before the
+match is performed. Therefore, it is of most benefit when the same pattern is
+going to be matched many times. This does not necessarily mean many calls of a
+matching function; if the pattern is not anchored, matching attempts may take
+place many times at various positions in the subject, even for a single call.
+Therefore, if the subject string is very long, it may still pay to use JIT for
+one-off matches.
+</P>
+<P>
+JIT support applies only to the traditional Perl-compatible matching function.
+It does not apply when the DFA matching function is being used. The code for
+this support was written by Zoltan Herczeg.
+</P>
+<br><a name="SEC2" href="#TOC1">8-BIT, 16-BIT AND 32-BIT SUPPORT</a><br>
+<P>
+JIT support is available for all of the 8-bit, 16-bit and 32-bit PCRE
+libraries. To keep this documentation simple, only the 8-bit interface is
+described in what follows. If you are using the 16-bit library, substitute the
+16-bit functions and 16-bit structures (for example, <i>pcre16_jit_stack</i>
+instead of <i>pcre_jit_stack</i>). If you are using the 32-bit library,
+substitute the 32-bit functions and 32-bit structures (for example,
+<i>pcre32_jit_stack</i> instead of <i>pcre_jit_stack</i>).
+</P>
+<br><a name="SEC3" href="#TOC1">AVAILABILITY OF JIT SUPPORT</a><br>
+<P>
+JIT support is an optional feature of PCRE. The "configure" option --enable-jit
+(or equivalent CMake option) must be set when PCRE is built if you want to use
+JIT. The support is limited to the following hardware platforms:
+<pre>
+  ARM v5, v7, and Thumb2
+  Intel x86 32-bit and 64-bit
+  MIPS 32-bit
+  Power PC 32-bit and 64-bit
+  SPARC 32-bit (experimental)
+</pre>
+If --enable-jit is set on an unsupported platform, compilation fails.
+</P>
+<P>
+A program that is linked with PCRE 8.20 or later can tell if JIT support is
+available by calling <b>pcre_config()</b> with the PCRE_CONFIG_JIT option. The
+result is 1 when JIT is available, and 0 otherwise. However, a simple program
+does not need to check this in order to use JIT. The normal API is implemented
+in a way that falls back to the interpretive code if JIT is not available. For
+programs that need the best possible performance, there is also a "fast path"
+API that is JIT-specific.
+</P>
+<P>
+If your program may sometimes be linked with versions of PCRE that are older
+than 8.20, but you want to use JIT when it is available, you can test the
+values of PCRE_MAJOR and PCRE_MINOR, or the existence of a JIT macro such as
+PCRE_CONFIG_JIT, for compile-time control of your code. Also beware that the
+<b>pcre_jit_exec()</b> function was not available at all before 8.32,
+and may not be available at all if PCRE isn't compiled with
+--enable-jit. See the "JIT FAST PATH API" section below for details.
+</P>
+<br><a name="SEC4" href="#TOC1">SIMPLE USE OF JIT</a><br>
+<P>
+You have to do two things to make use of the JIT support in the simplest way:
+<pre>
+  (1) Call <b>pcre_study()</b> with the PCRE_STUDY_JIT_COMPILE option for
+      each compiled pattern, and pass the resulting <b>pcre_extra</b> block to
+      <b>pcre_exec()</b>.
+
+  (2) Use <b>pcre_free_study()</b> to free the <b>pcre_extra</b> block when it is
+      no longer needed, instead of just freeing it yourself. This ensures that
+      any JIT data is also freed.
+</pre>
+For a program that may be linked with pre-8.20 versions of PCRE, you can insert
+<pre>
+  #ifndef PCRE_STUDY_JIT_COMPILE
+  #define PCRE_STUDY_JIT_COMPILE 0
+  #endif
+</pre>
+so that no option is passed to <b>pcre_study()</b>, and then use something like
+this to free the study data:
+<pre>
+  #ifdef PCRE_CONFIG_JIT
+      pcre_free_study(study_ptr);
+  #else
+      pcre_free(study_ptr);
+  #endif
+</pre>
+PCRE_STUDY_JIT_COMPILE requests the JIT compiler to generate code for complete
+matches. If you want to run partial matches using the PCRE_PARTIAL_HARD or
+PCRE_PARTIAL_SOFT options of <b>pcre_exec()</b>, you should set one or both of
+the following options in addition to, or instead of, PCRE_STUDY_JIT_COMPILE
+when you call <b>pcre_study()</b>:
+<pre>
+  PCRE_STUDY_JIT_PARTIAL_HARD_COMPILE
+  PCRE_STUDY_JIT_PARTIAL_SOFT_COMPILE
+</pre>
+If using <b>pcre_jit_exec()</b> and supporting a pre-8.32 version of
+PCRE, you can insert:
+<pre>
+   #if PCRE_MAJOR &#62;= 8 && PCRE_MINOR &#62;= 32
+   pcre_jit_exec(...);
+   #else
+   pcre_exec(...)
+   #endif
+</pre>
+but as described in the "JIT FAST PATH API" section below this assumes
+version 8.32 and later are compiled with --enable-jit, which may
+break.
+<br>
+<br>
+The JIT compiler generates different optimized code for each of the three
+modes (normal, soft partial, hard partial). When <b>pcre_exec()</b> is called,
+the appropriate code is run if it is available. Otherwise, the pattern is
+matched using interpretive code.
+</P>
+<P>
+In some circumstances you may need to call additional functions. These are
+described in the section entitled
+<a href="#stackcontrol">"Controlling the JIT stack"</a>
+below.
+</P>
+<P>
+If JIT support is not available, PCRE_STUDY_JIT_COMPILE etc. are ignored, and
+no JIT data is created. Otherwise, the compiled pattern is passed to the JIT
+compiler, which turns it into machine code that executes much faster than the
+normal interpretive code. When <b>pcre_exec()</b> is passed a <b>pcre_extra</b>
+block containing a pointer to JIT code of the appropriate mode (normal or
+hard/soft partial), it obeys that code instead of running the interpreter. The
+result is identical, but the compiled JIT code runs much faster.
+</P>
+<P>
+There are some <b>pcre_exec()</b> options that are not supported for JIT
+execution. There are also some pattern items that JIT cannot handle. Details
+are given below. In both cases, execution automatically falls back to the
+interpretive code. If you want to know whether JIT was actually used for a
+particular match, you should arrange for a JIT callback function to be set up
+as described in the section entitled
+<a href="#stackcontrol">"Controlling the JIT stack"</a>
+below, even if you do not need to supply a non-default JIT stack. Such a
+callback function is called whenever JIT code is about to be obeyed. If the
+execution options are not right for JIT execution, the callback function is not
+obeyed.
+</P>
+<P>
+If the JIT compiler finds an unsupported item, no JIT data is generated. You
+can find out if JIT execution is available after studying a pattern by calling
+<b>pcre_fullinfo()</b> with the PCRE_INFO_JIT option. A result of 1 means that
+JIT compilation was successful. A result of 0 means that JIT support is not
+available, or the pattern was not studied with PCRE_STUDY_JIT_COMPILE etc., or
+the JIT compiler was not able to handle the pattern.
+</P>
+<P>
+Once a pattern has been studied, with or without JIT, it can be used as many
+times as you like for matching different subject strings.
+</P>
+<br><a name="SEC5" href="#TOC1">UNSUPPORTED OPTIONS AND PATTERN ITEMS</a><br>
+<P>
+The only <b>pcre_exec()</b> options that are supported for JIT execution are
+PCRE_NO_UTF8_CHECK, PCRE_NO_UTF16_CHECK, PCRE_NO_UTF32_CHECK, PCRE_NOTBOL,
+PCRE_NOTEOL, PCRE_NOTEMPTY, PCRE_NOTEMPTY_ATSTART, PCRE_PARTIAL_HARD, and
+PCRE_PARTIAL_SOFT.
+</P>
+<P>
+The only unsupported pattern items are \C (match a single data unit) when
+running in a UTF mode, and a callout immediately before an assertion condition
+in a conditional group.
+</P>
+<br><a name="SEC6" href="#TOC1">RETURN VALUES FROM JIT EXECUTION</a><br>
+<P>
+When a pattern is matched using JIT execution, the return values are the same
+as those given by the interpretive <b>pcre_exec()</b> code, with the addition of
+one new error code: PCRE_ERROR_JIT_STACKLIMIT. This means that the memory used
+for the JIT stack was insufficient. See
+<a href="#stackcontrol">"Controlling the JIT stack"</a>
+below for a discussion of JIT stack usage. For compatibility with the
+interpretive <b>pcre_exec()</b> code, no more than two-thirds of the
+<i>ovector</i> argument is used for passing back captured substrings.
+</P>
+<P>
+The error code PCRE_ERROR_MATCHLIMIT is returned by the JIT code if searching a
+very large pattern tree goes on for too long, as it is in the same circumstance
+when JIT is not used, but the details of exactly what is counted are not the
+same. The PCRE_ERROR_RECURSIONLIMIT error code is never returned by JIT
+execution.
+</P>
+<br><a name="SEC7" href="#TOC1">SAVING AND RESTORING COMPILED PATTERNS</a><br>
+<P>
+The code that is generated by the JIT compiler is architecture-specific, and is
+also position dependent. For those reasons it cannot be saved (in a file or
+database) and restored later like the bytecode and other data of a compiled
+pattern. Saving and restoring compiled patterns is not something many people
+do. More detail about this facility is given in the
+<a href="pcreprecompile.html"><b>pcreprecompile</b></a>
+documentation. It should be possible to run <b>pcre_study()</b> on a saved and
+restored pattern, and thereby recreate the JIT data, but because JIT
+compilation uses significant resources, it is probably not worth doing this;
+you might as well recompile the original pattern.
+<a name="stackcontrol"></a></P>
+<br><a name="SEC8" href="#TOC1">CONTROLLING THE JIT STACK</a><br>
+<P>
+When the compiled JIT code runs, it needs a block of memory to use as a stack.
+By default, it uses 32K on the machine stack. However, some large or
+complicated patterns need more than this. The error PCRE_ERROR_JIT_STACKLIMIT
+is given when there is not enough stack. Three functions are provided for
+managing blocks of memory for use as JIT stacks. There is further discussion
+about the use of JIT stacks in the section entitled
+<a href="#stackcontrol">"JIT stack FAQ"</a>
+below.
+</P>
+<P>
+The <b>pcre_jit_stack_alloc()</b> function creates a JIT stack. Its arguments
+are a starting size and a maximum size, and it returns a pointer to an opaque
+structure of type <b>pcre_jit_stack</b>, or NULL if there is an error. The
+<b>pcre_jit_stack_free()</b> function can be used to free a stack that is no
+longer needed. (For the technically minded: the address space is allocated by
+mmap or VirtualAlloc.)
+</P>
+<P>
+JIT uses far less memory for recursion than the interpretive code,
+and a maximum stack size of 512K to 1M should be more than enough for any
+pattern.
+</P>
+<P>
+The <b>pcre_assign_jit_stack()</b> function specifies which stack JIT code
+should use. Its arguments are as follows:
+<pre>
+  pcre_extra         *extra
+  pcre_jit_callback  callback
+  void               *data
+</pre>
+The <i>extra</i> argument must be the result of studying a pattern with
+PCRE_STUDY_JIT_COMPILE etc. There are three cases for the values of the other
+two options:
+<pre>
+  (1) If <i>callback</i> is NULL and <i>data</i> is NULL, an internal 32K block
+      on the machine stack is used.
+
+  (2) If <i>callback</i> is NULL and <i>data</i> is not NULL, <i>data</i> must be
+      a valid JIT stack, the result of calling <b>pcre_jit_stack_alloc()</b>.
+
+  (3) If <i>callback</i> is not NULL, it must point to a function that is
+      called with <i>data</i> as an argument at the start of matching, in
+      order to set up a JIT stack. If the return from the callback
+      function is NULL, the internal 32K stack is used; otherwise the
+      return value must be a valid JIT stack, the result of calling
+      <b>pcre_jit_stack_alloc()</b>.
+</pre>
+A callback function is obeyed whenever JIT code is about to be run; it is not
+obeyed when <b>pcre_exec()</b> is called with options that are incompatible for
+JIT execution. A callback function can therefore be used to determine whether a
+match operation was executed by JIT or by the interpreter.
+</P>
+<P>
+You may safely use the same JIT stack for more than one pattern (either by
+assigning directly or by callback), as long as the patterns are all matched
+sequentially in the same thread. In a multithread application, if you do not
+specify a JIT stack, or if you assign or pass back NULL from a callback, that
+is thread-safe, because each thread has its own machine stack. However, if you
+assign or pass back a non-NULL JIT stack, this must be a different stack for
+each thread so that the application is thread-safe.
+</P>
+<P>
+Strictly speaking, even more is allowed. You can assign the same non-NULL stack
+to any number of patterns as long as they are not used for matching by multiple
+threads at the same time. For example, you can assign the same stack to all
+compiled patterns, and use a global mutex in the callback to wait until the
+stack is available for use. However, this is an inefficient solution, and not
+recommended.
+</P>
+<P>
+This is a suggestion for how a multithreaded program that needs to set up
+non-default JIT stacks might operate:
+<pre>
+  During thread initalization
+    thread_local_var = pcre_jit_stack_alloc(...)
+
+  During thread exit
+    pcre_jit_stack_free(thread_local_var)
+
+  Use a one-line callback function
+    return thread_local_var
+</pre>
+All the functions described in this section do nothing if JIT is not available,
+and <b>pcre_assign_jit_stack()</b> does nothing unless the <b>extra</b> argument
+is non-NULL and points to a <b>pcre_extra</b> block that is the result of a
+successful study with PCRE_STUDY_JIT_COMPILE etc.
+<a name="stackfaq"></a></P>
+<br><a name="SEC9" href="#TOC1">JIT STACK FAQ</a><br>
+<P>
+(1) Why do we need JIT stacks?
+<br>
+<br>
+PCRE (and JIT) is a recursive, depth-first engine, so it needs a stack where
+the local data of the current node is pushed before checking its child nodes.
+Allocating real machine stack on some platforms is difficult. For example, the
+stack chain needs to be updated every time if we extend the stack on PowerPC.
+Although it is possible, its updating time overhead decreases performance. So
+we do the recursion in memory.
+</P>
+<P>
+(2) Why don't we simply allocate blocks of memory with <b>malloc()</b>?
+<br>
+<br>
+Modern operating systems have a nice feature: they can reserve an address space
+instead of allocating memory. We can safely allocate memory pages inside this
+address space, so the stack could grow without moving memory data (this is
+important because of pointers). Thus we can allocate 1M address space, and use
+only a single memory page (usually 4K) if that is enough. However, we can still
+grow up to 1M anytime if needed.
+</P>
+<P>
+(3) Who "owns" a JIT stack?
+<br>
+<br>
+The owner of the stack is the user program, not the JIT studied pattern or
+anything else. The user program must ensure that if a stack is used by
+<b>pcre_exec()</b>, (that is, it is assigned to the pattern currently running),
+that stack must not be used by any other threads (to avoid overwriting the same
+memory area). The best practice for multithreaded programs is to allocate a
+stack for each thread, and return this stack through the JIT callback function.
+</P>
+<P>
+(4) When should a JIT stack be freed?
+<br>
+<br>
+You can free a JIT stack at any time, as long as it will not be used by
+<b>pcre_exec()</b> again. When you assign the stack to a pattern, only a pointer
+is set. There is no reference counting or any other magic. You can free the
+patterns and stacks in any order, anytime. Just <i>do not</i> call
+<b>pcre_exec()</b> with a pattern pointing to an already freed stack, as that
+will cause SEGFAULT. (Also, do not free a stack currently used by
+<b>pcre_exec()</b> in another thread). You can also replace the stack for a
+pattern at any time. You can even free the previous stack before assigning a
+replacement.
+</P>
+<P>
+(5) Should I allocate/free a stack every time before/after calling
+<b>pcre_exec()</b>?
+<br>
+<br>
+No, because this is too costly in terms of resources. However, you could
+implement some clever idea which release the stack if it is not used in let's
+say two minutes. The JIT callback can help to achieve this without keeping a
+list of the currently JIT studied patterns.
+</P>
+<P>
+(6) OK, the stack is for long term memory allocation. But what happens if a
+pattern causes stack overflow with a stack of 1M? Is that 1M kept until the
+stack is freed?
+<br>
+<br>
+Especially on embedded sytems, it might be a good idea to release memory
+sometimes without freeing the stack. There is no API for this at the moment.
+Probably a function call which returns with the currently allocated memory for
+any stack and another which allows releasing memory (shrinking the stack) would
+be a good idea if someone needs this.
+</P>
+<P>
+(7) This is too much of a headache. Isn't there any better solution for JIT
+stack handling?
+<br>
+<br>
+No, thanks to Windows. If POSIX threads were used everywhere, we could throw
+out this complicated API.
+</P>
+<br><a name="SEC10" href="#TOC1">EXAMPLE CODE</a><br>
+<P>
+This is a single-threaded example that specifies a JIT stack without using a
+callback.
+<pre>
+  int rc;
+  int ovector[30];
+  pcre *re;
+  pcre_extra *extra;
+  pcre_jit_stack *jit_stack;
+
+  re = pcre_compile(pattern, 0, &error, &erroffset, NULL);
+  /* Check for errors */
+  extra = pcre_study(re, PCRE_STUDY_JIT_COMPILE, &error);
+  jit_stack = pcre_jit_stack_alloc(32*1024, 512*1024);
+  /* Check for error (NULL) */
+  pcre_assign_jit_stack(extra, NULL, jit_stack);
+  rc = pcre_exec(re, extra, subject, length, 0, 0, ovector, 30);
+  /* Check results */
+  pcre_free(re);
+  pcre_free_study(extra);
+  pcre_jit_stack_free(jit_stack);
+
+</PRE>
+</P>
+<br><a name="SEC11" href="#TOC1">JIT FAST PATH API</a><br>
+<P>
+Because the API described above falls back to interpreted execution when JIT is
+not available, it is convenient for programs that are written for general use
+in many environments. However, calling JIT via <b>pcre_exec()</b> does have a
+performance impact. Programs that are written for use where JIT is known to be
+available, and which need the best possible performance, can instead use a
+"fast path" API to call JIT execution directly instead of calling
+<b>pcre_exec()</b> (obviously only for patterns that have been successfully
+studied by JIT).
+</P>
+<P>
+The fast path function is called <b>pcre_jit_exec()</b>, and it takes exactly
+the same arguments as <b>pcre_exec()</b>, plus one additional argument that
+must point to a JIT stack. The JIT stack arrangements described above do not
+apply. The return values are the same as for <b>pcre_exec()</b>.
+</P>
+<P>
+When you call <b>pcre_exec()</b>, as well as testing for invalid options, a
+number of other sanity checks are performed on the arguments. For example, if
+the subject pointer is NULL, or its length is negative, an immediate error is
+given. Also, unless PCRE_NO_UTF[8|16|32] is set, a UTF subject string is tested
+for validity. In the interests of speed, these checks do not happen on the JIT
+fast path, and if invalid data is passed, the result is undefined.
+</P>
+<P>
+Bypassing the sanity checks and the <b>pcre_exec()</b> wrapping can give
+speedups of more than 10%.
+</P>
+<P>
+Note that the <b>pcre_jit_exec()</b> function is not available in versions of
+PCRE before 8.32 (released in November 2012). If you need to support versions
+that old you must either use the slower <b>pcre_exec()</b>, or switch between
+the two codepaths by checking the values of PCRE_MAJOR and PCRE_MINOR.
+</P>
+<P>
+Due to an unfortunate implementation oversight, even in versions 8.32
+and later there will be no <b>pcre_jit_exec()</b> stub function defined
+when PCRE is compiled with --disable-jit, which is the default, and
+there's no way to detect whether PCRE was compiled with --enable-jit
+via a macro.
+</P>
+<P>
+If you need to support versions older than 8.32, or versions that may
+not build with --enable-jit, you must either use the slower
+<b>pcre_exec()</b>, or switch between the two codepaths by checking the
+values of PCRE_MAJOR and PCRE_MINOR.
+</P>
+<P>
+Switching between the two by checking the version assumes that all the
+versions being targeted are built with --enable-jit. To also support
+builds that may use --disable-jit either <b>pcre_exec()</b> must be
+used, or a compile-time check for JIT via <b>pcre_config()</b> (which
+assumes the runtime environment will be the same), or as the Git
+project decided to do, simply assume that <b>pcre_jit_exec()</b> is
+present in 8.32 or later unless a compile-time flag is provided, see
+the "grep: un-break building with PCRE &#62;= 8.32 without --enable-jit"
+commit in git.git for an example of that.
+</P>
+<br><a name="SEC12" href="#TOC1">SEE ALSO</a><br>
+<P>
+<b>pcreapi</b>(3)
+</P>
+<br><a name="SEC13" href="#TOC1">AUTHOR</a><br>
+<P>
+Philip Hazel (FAQ by Zoltan Herczeg)
+<br>
+University Computing Service
+<br>
+Cambridge CB2 3QH, England.
+<br>
+</P>
+<br><a name="SEC14" href="#TOC1">REVISION</a><br>
+<P>
+Last updated: 05 July 2017
+<br>
+Copyright &copy; 1997-2017 University of Cambridge.
+<br>
+<p>
+Return to the <a href="index.html">PCRE index page</a>.
+</p>
diff --git a/client/3rd/ShadowSocks/ShadowSocks/pcre/armv7s/share/doc/pcre/html/pcrelimits.html b/client/3rd/ShadowSocks/ShadowSocks/pcre/armv7s/share/doc/pcre/html/pcrelimits.html
new file mode 100644
index 00000000..ee5ebf03
--- /dev/null
+++ b/client/3rd/ShadowSocks/ShadowSocks/pcre/armv7s/share/doc/pcre/html/pcrelimits.html
@@ -0,0 +1,90 @@
+<html>
+<head>
+<title>pcrelimits specification</title>
+</head>
+<body bgcolor="#FFFFFF" text="#00005A" link="#0066FF" alink="#3399FF" vlink="#2222BB">
+<h1>pcrelimits man page</h1>
+<p>
+Return to the <a href="index.html">PCRE index page</a>.
+</p>
+<p>
+This page is part of the PCRE HTML documentation. It was generated automatically
+from the original man page. If there is any nonsense in it, please consult the
+man page, in case the conversion went wrong.
+<br>
+<br><b>
+SIZE AND OTHER LIMITATIONS
+</b><br>
+<P>
+There are some size limitations in PCRE but it is hoped that they will never in
+practice be relevant.
+</P>
+<P>
+The maximum length of a compiled pattern is approximately 64K data units (bytes
+for the 8-bit library, 16-bit units for the 16-bit library, and 32-bit units for
+the 32-bit library) if PCRE is compiled with the default internal linkage size,
+which is 2 bytes for the 8-bit and 16-bit libraries, and 4 bytes for the 32-bit
+library. If you want to process regular expressions that are truly enormous,
+you can compile PCRE with an internal linkage size of 3 or 4 (when building the
+16-bit or 32-bit library, 3 is rounded up to 4). See the <b>README</b> file in
+the source distribution and the
+<a href="pcrebuild.html"><b>pcrebuild</b></a>
+documentation for details. In these cases the limit is substantially larger.
+However, the speed of execution is slower.
+</P>
+<P>
+All values in repeating quantifiers must be less than 65536.
+</P>
+<P>
+There is no limit to the number of parenthesized subpatterns, but there can be
+no more than 65535 capturing subpatterns. There is, however, a limit to the
+depth of nesting of parenthesized subpatterns of all kinds. This is imposed in
+order to limit the amount of system stack used at compile time. The limit can
+be specified when PCRE is built; the default is 250.
+</P>
+<P>
+There is a limit to the number of forward references to subsequent subpatterns
+of around 200,000. Repeated forward references with fixed upper limits, for
+example, (?2){0,100} when subpattern number 2 is to the right, are included in
+the count. There is no limit to the number of backward references.
+</P>
+<P>
+The maximum length of name for a named subpattern is 32 characters, and the
+maximum number of named subpatterns is 10000.
+</P>
+<P>
+The maximum length of a name in a (*MARK), (*PRUNE), (*SKIP), or (*THEN) verb
+is 255 for the 8-bit library and 65535 for the 16-bit and 32-bit libraries.
+</P>
+<P>
+The maximum length of a subject string is the largest positive number that an
+integer variable can hold. However, when using the traditional matching
+function, PCRE uses recursion to handle subpatterns and indefinite repetition.
+This means that the available stack space may limit the size of a subject
+string that can be processed by certain patterns. For a discussion of stack
+issues, see the
+<a href="pcrestack.html"><b>pcrestack</b></a>
+documentation.
+</P>
+<br><b>
+AUTHOR
+</b><br>
+<P>
+Philip Hazel
+<br>
+University Computing Service
+<br>
+Cambridge CB2 3QH, England.
+<br>
+</P>
+<br><b>
+REVISION
+</b><br>
+<P>
+Last updated: 05 November 2013
+<br>
+Copyright &copy; 1997-2013 University of Cambridge.
+<br>
+<p>
+Return to the <a href="index.html">PCRE index page</a>.
+</p>
diff --git a/client/3rd/ShadowSocks/ShadowSocks/pcre/armv7s/share/doc/pcre/html/pcrematching.html b/client/3rd/ShadowSocks/ShadowSocks/pcre/armv7s/share/doc/pcre/html/pcrematching.html
new file mode 100644
index 00000000..a1af39b6
--- /dev/null
+++ b/client/3rd/ShadowSocks/ShadowSocks/pcre/armv7s/share/doc/pcre/html/pcrematching.html
@@ -0,0 +1,242 @@
+<html>
+<head>
+<title>pcrematching specification</title>
+</head>
+<body bgcolor="#FFFFFF" text="#00005A" link="#0066FF" alink="#3399FF" vlink="#2222BB">
+<h1>pcrematching man page</h1>
+<p>
+Return to the <a href="index.html">PCRE index page</a>.
+</p>
+<p>
+This page is part of the PCRE HTML documentation. It was generated automatically
+from the original man page. If there is any nonsense in it, please consult the
+man page, in case the conversion went wrong.
+<br>
+<ul>
+<li><a name="TOC1" href="#SEC1">PCRE MATCHING ALGORITHMS</a>
+<li><a name="TOC2" href="#SEC2">REGULAR EXPRESSIONS AS TREES</a>
+<li><a name="TOC3" href="#SEC3">THE STANDARD MATCHING ALGORITHM</a>
+<li><a name="TOC4" href="#SEC4">THE ALTERNATIVE MATCHING ALGORITHM</a>
+<li><a name="TOC5" href="#SEC5">ADVANTAGES OF THE ALTERNATIVE ALGORITHM</a>
+<li><a name="TOC6" href="#SEC6">DISADVANTAGES OF THE ALTERNATIVE ALGORITHM</a>
+<li><a name="TOC7" href="#SEC7">AUTHOR</a>
+<li><a name="TOC8" href="#SEC8">REVISION</a>
+</ul>
+<br><a name="SEC1" href="#TOC1">PCRE MATCHING ALGORITHMS</a><br>
+<P>
+This document describes the two different algorithms that are available in PCRE
+for matching a compiled regular expression against a given subject string. The
+"standard" algorithm is the one provided by the <b>pcre_exec()</b>,
+<b>pcre16_exec()</b> and <b>pcre32_exec()</b> functions. These work in the same
+as as Perl's matching function, and provide a Perl-compatible matching operation.
+The just-in-time (JIT) optimization that is described in the
+<a href="pcrejit.html"><b>pcrejit</b></a>
+documentation is compatible with these functions.
+</P>
+<P>
+An alternative algorithm is provided by the <b>pcre_dfa_exec()</b>,
+<b>pcre16_dfa_exec()</b> and <b>pcre32_dfa_exec()</b> functions; they operate in
+a different way, and are not Perl-compatible. This alternative has advantages
+and disadvantages compared with the standard algorithm, and these are described
+below.
+</P>
+<P>
+When there is only one possible way in which a given subject string can match a
+pattern, the two algorithms give the same answer. A difference arises, however,
+when there are multiple possibilities. For example, if the pattern
+<pre>
+  ^&#60;.*&#62;
+</pre>
+is matched against the string
+<pre>
+  &#60;something&#62; &#60;something else&#62; &#60;something further&#62;
+</pre>
+there are three possible answers. The standard algorithm finds only one of
+them, whereas the alternative algorithm finds all three.
+</P>
+<br><a name="SEC2" href="#TOC1">REGULAR EXPRESSIONS AS TREES</a><br>
+<P>
+The set of strings that are matched by a regular expression can be represented
+as a tree structure. An unlimited repetition in the pattern makes the tree of
+infinite size, but it is still a tree. Matching the pattern to a given subject
+string (from a given starting point) can be thought of as a search of the tree.
+There are two ways to search a tree: depth-first and breadth-first, and these
+correspond to the two matching algorithms provided by PCRE.
+</P>
+<br><a name="SEC3" href="#TOC1">THE STANDARD MATCHING ALGORITHM</a><br>
+<P>
+In the terminology of Jeffrey Friedl's book "Mastering Regular
+Expressions", the standard algorithm is an "NFA algorithm". It conducts a
+depth-first search of the pattern tree. That is, it proceeds along a single
+path through the tree, checking that the subject matches what is required. When
+there is a mismatch, the algorithm tries any alternatives at the current point,
+and if they all fail, it backs up to the previous branch point in the tree, and
+tries the next alternative branch at that level. This often involves backing up
+(moving to the left) in the subject string as well. The order in which
+repetition branches are tried is controlled by the greedy or ungreedy nature of
+the quantifier.
+</P>
+<P>
+If a leaf node is reached, a matching string has been found, and at that point
+the algorithm stops. Thus, if there is more than one possible match, this
+algorithm returns the first one that it finds. Whether this is the shortest,
+the longest, or some intermediate length depends on the way the greedy and
+ungreedy repetition quantifiers are specified in the pattern.
+</P>
+<P>
+Because it ends up with a single path through the tree, it is relatively
+straightforward for this algorithm to keep track of the substrings that are
+matched by portions of the pattern in parentheses. This provides support for
+capturing parentheses and back references.
+</P>
+<br><a name="SEC4" href="#TOC1">THE ALTERNATIVE MATCHING ALGORITHM</a><br>
+<P>
+This algorithm conducts a breadth-first search of the tree. Starting from the
+first matching point in the subject, it scans the subject string from left to
+right, once, character by character, and as it does this, it remembers all the
+paths through the tree that represent valid matches. In Friedl's terminology,
+this is a kind of "DFA algorithm", though it is not implemented as a
+traditional finite state machine (it keeps multiple states active
+simultaneously).
+</P>
+<P>
+Although the general principle of this matching algorithm is that it scans the
+subject string only once, without backtracking, there is one exception: when a
+lookaround assertion is encountered, the characters following or preceding the
+current point have to be independently inspected.
+</P>
+<P>
+The scan continues until either the end of the subject is reached, or there are
+no more unterminated paths. At this point, terminated paths represent the
+different matching possibilities (if there are none, the match has failed).
+Thus, if there is more than one possible match, this algorithm finds all of
+them, and in particular, it finds the longest. The matches are returned in
+decreasing order of length. There is an option to stop the algorithm after the
+first match (which is necessarily the shortest) is found.
+</P>
+<P>
+Note that all the matches that are found start at the same point in the
+subject. If the pattern
+<pre>
+  cat(er(pillar)?)?
+</pre>
+is matched against the string "the caterpillar catchment", the result will be
+the three strings "caterpillar", "cater", and "cat" that start at the fifth
+character of the subject. The algorithm does not automatically move on to find
+matches that start at later positions.
+</P>
+<P>
+PCRE's "auto-possessification" optimization usually applies to character
+repeats at the end of a pattern (as well as internally). For example, the
+pattern "a\d+" is compiled as if it were "a\d++" because there is no point
+even considering the possibility of backtracking into the repeated digits. For
+DFA matching, this means that only one possible match is found. If you really
+do want multiple matches in such cases, either use an ungreedy repeat
+("a\d+?") or set the PCRE_NO_AUTO_POSSESS option when compiling.
+</P>
+<P>
+There are a number of features of PCRE regular expressions that are not
+supported by the alternative matching algorithm. They are as follows:
+</P>
+<P>
+1. Because the algorithm finds all possible matches, the greedy or ungreedy
+nature of repetition quantifiers is not relevant. Greedy and ungreedy
+quantifiers are treated in exactly the same way. However, possessive
+quantifiers can make a difference when what follows could also match what is
+quantified, for example in a pattern like this:
+<pre>
+  ^a++\w!
+</pre>
+This pattern matches "aaab!" but not "aaa!", which would be matched by a
+non-possessive quantifier. Similarly, if an atomic group is present, it is
+matched as if it were a standalone pattern at the current point, and the
+longest match is then "locked in" for the rest of the overall pattern.
+</P>
+<P>
+2. When dealing with multiple paths through the tree simultaneously, it is not
+straightforward to keep track of captured substrings for the different matching
+possibilities, and PCRE's implementation of this algorithm does not attempt to
+do this. This means that no captured substrings are available.
+</P>
+<P>
+3. Because no substrings are captured, back references within the pattern are
+not supported, and cause errors if encountered.
+</P>
+<P>
+4. For the same reason, conditional expressions that use a backreference as the
+condition or test for a specific group recursion are not supported.
+</P>
+<P>
+5. Because many paths through the tree may be active, the \K escape sequence,
+which resets the start of the match when encountered (but may be on some paths
+and not on others), is not supported. It causes an error if encountered.
+</P>
+<P>
+6. Callouts are supported, but the value of the <i>capture_top</i> field is
+always 1, and the value of the <i>capture_last</i> field is always -1.
+</P>
+<P>
+7. The \C escape sequence, which (in the standard algorithm) always matches a
+single data unit, even in UTF-8, UTF-16 or UTF-32 modes, is not supported in
+these modes, because the alternative algorithm moves through the subject string
+one character (not data unit) at a time, for all active paths through the tree.
+</P>
+<P>
+8. Except for (*FAIL), the backtracking control verbs such as (*PRUNE) are not
+supported. (*FAIL) is supported, and behaves like a failing negative assertion.
+</P>
+<br><a name="SEC5" href="#TOC1">ADVANTAGES OF THE ALTERNATIVE ALGORITHM</a><br>
+<P>
+Using the alternative matching algorithm provides the following advantages:
+</P>
+<P>
+1. All possible matches (at a single point in the subject) are automatically
+found, and in particular, the longest match is found. To find more than one
+match using the standard algorithm, you have to do kludgy things with
+callouts.
+</P>
+<P>
+2. Because the alternative algorithm scans the subject string just once, and
+never needs to backtrack (except for lookbehinds), it is possible to pass very
+long subject strings to the matching function in several pieces, checking for
+partial matching each time. Although it is possible to do multi-segment
+matching using the standard algorithm by retaining partially matched
+substrings, it is more complicated. The
+<a href="pcrepartial.html"><b>pcrepartial</b></a>
+documentation gives details of partial matching and discusses multi-segment
+matching.
+</P>
+<br><a name="SEC6" href="#TOC1">DISADVANTAGES OF THE ALTERNATIVE ALGORITHM</a><br>
+<P>
+The alternative algorithm suffers from a number of disadvantages:
+</P>
+<P>
+1. It is substantially slower than the standard algorithm. This is partly
+because it has to search for all possible matches, but is also because it is
+less susceptible to optimization.
+</P>
+<P>
+2. Capturing parentheses and back references are not supported.
+</P>
+<P>
+3. Although atomic groups are supported, their use does not provide the
+performance advantage that it does for the standard algorithm.
+</P>
+<br><a name="SEC7" href="#TOC1">AUTHOR</a><br>
+<P>
+Philip Hazel
+<br>
+University Computing Service
+<br>
+Cambridge CB2 3QH, England.
+<br>
+</P>
+<br><a name="SEC8" href="#TOC1">REVISION</a><br>
+<P>
+Last updated: 12 November 2013
+<br>
+Copyright &copy; 1997-2012 University of Cambridge.
+<br>
+<p>
+Return to the <a href="index.html">PCRE index page</a>.
+</p>
diff --git a/client/3rd/ShadowSocks/ShadowSocks/pcre/armv7s/share/doc/pcre/html/pcrepartial.html b/client/3rd/ShadowSocks/ShadowSocks/pcre/armv7s/share/doc/pcre/html/pcrepartial.html
new file mode 100644
index 00000000..4faeafcb
--- /dev/null
+++ b/client/3rd/ShadowSocks/ShadowSocks/pcre/armv7s/share/doc/pcre/html/pcrepartial.html
@@ -0,0 +1,509 @@
+<html>
+<head>
+<title>pcrepartial specification</title>
+</head>
+<body bgcolor="#FFFFFF" text="#00005A" link="#0066FF" alink="#3399FF" vlink="#2222BB">
+<h1>pcrepartial man page</h1>
+<p>
+Return to the <a href="index.html">PCRE index page</a>.
+</p>
+<p>
+This page is part of the PCRE HTML documentation. It was generated automatically
+from the original man page. If there is any nonsense in it, please consult the
+man page, in case the conversion went wrong.
+<br>
+<ul>
+<li><a name="TOC1" href="#SEC1">PARTIAL MATCHING IN PCRE</a>
+<li><a name="TOC2" href="#SEC2">PARTIAL MATCHING USING pcre_exec() OR pcre[16|32]_exec()</a>
+<li><a name="TOC3" href="#SEC3">PARTIAL MATCHING USING pcre_dfa_exec() OR pcre[16|32]_dfa_exec()</a>
+<li><a name="TOC4" href="#SEC4">PARTIAL MATCHING AND WORD BOUNDARIES</a>
+<li><a name="TOC5" href="#SEC5">FORMERLY RESTRICTED PATTERNS</a>
+<li><a name="TOC6" href="#SEC6">EXAMPLE OF PARTIAL MATCHING USING PCRETEST</a>
+<li><a name="TOC7" href="#SEC7">MULTI-SEGMENT MATCHING WITH pcre_dfa_exec() OR pcre[16|32]_dfa_exec()</a>
+<li><a name="TOC8" href="#SEC8">MULTI-SEGMENT MATCHING WITH pcre_exec() OR pcre[16|32]_exec()</a>
+<li><a name="TOC9" href="#SEC9">ISSUES WITH MULTI-SEGMENT MATCHING</a>
+<li><a name="TOC10" href="#SEC10">AUTHOR</a>
+<li><a name="TOC11" href="#SEC11">REVISION</a>
+</ul>
+<br><a name="SEC1" href="#TOC1">PARTIAL MATCHING IN PCRE</a><br>
+<P>
+In normal use of PCRE, if the subject string that is passed to a matching
+function matches as far as it goes, but is too short to match the entire
+pattern, PCRE_ERROR_NOMATCH is returned. There are circumstances where it might
+be helpful to distinguish this case from other cases in which there is no
+match.
+</P>
+<P>
+Consider, for example, an application where a human is required to type in data
+for a field with specific formatting requirements. An example might be a date
+in the form <i>ddmmmyy</i>, defined by this pattern:
+<pre>
+  ^\d?\d(jan|feb|mar|apr|may|jun|jul|aug|sep|oct|nov|dec)\d\d$
+</pre>
+If the application sees the user's keystrokes one by one, and can check that
+what has been typed so far is potentially valid, it is able to raise an error
+as soon as a mistake is made, by beeping and not reflecting the character that
+has been typed, for example. This immediate feedback is likely to be a better
+user interface than a check that is delayed until the entire string has been
+entered. Partial matching can also be useful when the subject string is very
+long and is not all available at once.
+</P>
+<P>
+PCRE supports partial matching by means of the PCRE_PARTIAL_SOFT and
+PCRE_PARTIAL_HARD options, which can be set when calling any of the matching
+functions. For backwards compatibility, PCRE_PARTIAL is a synonym for
+PCRE_PARTIAL_SOFT. The essential difference between the two options is whether
+or not a partial match is preferred to an alternative complete match, though
+the details differ between the two types of matching function. If both options
+are set, PCRE_PARTIAL_HARD takes precedence.
+</P>
+<P>
+If you want to use partial matching with just-in-time optimized code, you must
+call <b>pcre_study()</b>, <b>pcre16_study()</b> or  <b>pcre32_study()</b> with one
+or both of these options:
+<pre>
+  PCRE_STUDY_JIT_PARTIAL_SOFT_COMPILE
+  PCRE_STUDY_JIT_PARTIAL_HARD_COMPILE
+</pre>
+PCRE_STUDY_JIT_COMPILE should also be set if you are going to run non-partial
+matches on the same pattern. If the appropriate JIT study mode has not been set
+for a match, the interpretive matching code is used.
+</P>
+<P>
+Setting a partial matching option disables two of PCRE's standard
+optimizations. PCRE remembers the last literal data unit in a pattern, and
+abandons matching immediately if it is not present in the subject string. This
+optimization cannot be used for a subject string that might match only
+partially. If the pattern was studied, PCRE knows the minimum length of a
+matching string, and does not bother to run the matching function on shorter
+strings. This optimization is also disabled for partial matching.
+</P>
+<br><a name="SEC2" href="#TOC1">PARTIAL MATCHING USING pcre_exec() OR pcre[16|32]_exec()</a><br>
+<P>
+A partial match occurs during a call to <b>pcre_exec()</b> or
+<b>pcre[16|32]_exec()</b> when the end of the subject string is reached
+successfully, but matching cannot continue because more characters are needed.
+However, at least one character in the subject must have been inspected. This
+character need not form part of the final matched string; lookbehind assertions
+and the \K escape sequence provide ways of inspecting characters before the
+start of a matched substring. The requirement for inspecting at least one
+character exists because an empty string can always be matched; without such a
+restriction there would always be a partial match of an empty string at the end
+of the subject.
+</P>
+<P>
+If there are at least two slots in the offsets vector when a partial match is
+returned, the first slot is set to the offset of the earliest character that
+was inspected. For convenience, the second offset points to the end of the
+subject so that a substring can easily be identified. If there are at least
+three slots in the offsets vector, the third slot is set to the offset of the
+character where matching started.
+</P>
+<P>
+For the majority of patterns, the contents of the first and third slots will be
+the same. However, for patterns that contain lookbehind assertions, or begin
+with \b or \B, characters before the one where matching started may have been
+inspected while carrying out the match. For example, consider this pattern:
+<pre>
+  /(?&#60;=abc)123/
+</pre>
+This pattern matches "123", but only if it is preceded by "abc". If the subject
+string is "xyzabc12", the first two offsets after a partial match are for the
+substring "abc12", because all these characters were inspected. However, the
+third offset is set to 6, because that is the offset where matching began.
+</P>
+<P>
+What happens when a partial match is identified depends on which of the two
+partial matching options are set.
+</P>
+<br><b>
+PCRE_PARTIAL_SOFT WITH pcre_exec() OR pcre[16|32]_exec()
+</b><br>
+<P>
+If PCRE_PARTIAL_SOFT is set when <b>pcre_exec()</b> or <b>pcre[16|32]_exec()</b>
+identifies a partial match, the partial match is remembered, but matching
+continues as normal, and other alternatives in the pattern are tried. If no
+complete match can be found, PCRE_ERROR_PARTIAL is returned instead of
+PCRE_ERROR_NOMATCH.
+</P>
+<P>
+This option is "soft" because it prefers a complete match over a partial match.
+All the various matching items in a pattern behave as if the subject string is
+potentially complete. For example, \z, \Z, and $ match at the end of the
+subject, as normal, and for \b and \B the end of the subject is treated as a
+non-alphanumeric.
+</P>
+<P>
+If there is more than one partial match, the first one that was found provides
+the data that is returned. Consider this pattern:
+<pre>
+  /123\w+X|dogY/
+</pre>
+If this is matched against the subject string "abc123dog", both
+alternatives fail to match, but the end of the subject is reached during
+matching, so PCRE_ERROR_PARTIAL is returned. The offsets are set to 3 and 9,
+identifying "123dog" as the first partial match that was found. (In this
+example, there are two partial matches, because "dog" on its own partially
+matches the second alternative.)
+</P>
+<br><b>
+PCRE_PARTIAL_HARD WITH pcre_exec() OR pcre[16|32]_exec()
+</b><br>
+<P>
+If PCRE_PARTIAL_HARD is set for <b>pcre_exec()</b> or <b>pcre[16|32]_exec()</b>,
+PCRE_ERROR_PARTIAL is returned as soon as a partial match is found, without
+continuing to search for possible complete matches. This option is "hard"
+because it prefers an earlier partial match over a later complete match. For
+this reason, the assumption is made that the end of the supplied subject string
+may not be the true end of the available data, and so, if \z, \Z, \b, \B,
+or $ are encountered at the end of the subject, the result is
+PCRE_ERROR_PARTIAL, provided that at least one character in the subject has
+been inspected.
+</P>
+<P>
+Setting PCRE_PARTIAL_HARD also affects the way UTF-8 and UTF-16
+subject strings are checked for validity. Normally, an invalid sequence
+causes the error PCRE_ERROR_BADUTF8 or PCRE_ERROR_BADUTF16. However, in the
+special case of a truncated character at the end of the subject,
+PCRE_ERROR_SHORTUTF8 or PCRE_ERROR_SHORTUTF16 is returned when
+PCRE_PARTIAL_HARD is set.
+</P>
+<br><b>
+Comparing hard and soft partial matching
+</b><br>
+<P>
+The difference between the two partial matching options can be illustrated by a
+pattern such as:
+<pre>
+  /dog(sbody)?/
+</pre>
+This matches either "dog" or "dogsbody", greedily (that is, it prefers the
+longer string if possible). If it is matched against the string "dog" with
+PCRE_PARTIAL_SOFT, it yields a complete match for "dog". However, if
+PCRE_PARTIAL_HARD is set, the result is PCRE_ERROR_PARTIAL. On the other hand,
+if the pattern is made ungreedy the result is different:
+<pre>
+  /dog(sbody)??/
+</pre>
+In this case the result is always a complete match because that is found first,
+and matching never continues after finding a complete match. It might be easier
+to follow this explanation by thinking of the two patterns like this:
+<pre>
+  /dog(sbody)?/    is the same as  /dogsbody|dog/
+  /dog(sbody)??/   is the same as  /dog|dogsbody/
+</pre>
+The second pattern will never match "dogsbody", because it will always find the
+shorter match first.
+</P>
+<br><a name="SEC3" href="#TOC1">PARTIAL MATCHING USING pcre_dfa_exec() OR pcre[16|32]_dfa_exec()</a><br>
+<P>
+The DFA functions move along the subject string character by character, without
+backtracking, searching for all possible matches simultaneously. If the end of
+the subject is reached before the end of the pattern, there is the possibility
+of a partial match, again provided that at least one character has been
+inspected.
+</P>
+<P>
+When PCRE_PARTIAL_SOFT is set, PCRE_ERROR_PARTIAL is returned only if there
+have been no complete matches. Otherwise, the complete matches are returned.
+However, if PCRE_PARTIAL_HARD is set, a partial match takes precedence over any
+complete matches. The portion of the string that was inspected when the longest
+partial match was found is set as the first matching string, provided there are
+at least two slots in the offsets vector.
+</P>
+<P>
+Because the DFA functions always search for all possible matches, and there is
+no difference between greedy and ungreedy repetition, their behaviour is
+different from the standard functions when PCRE_PARTIAL_HARD is set. Consider
+the string "dog" matched against the ungreedy pattern shown above:
+<pre>
+  /dog(sbody)??/
+</pre>
+Whereas the standard functions stop as soon as they find the complete match for
+"dog", the DFA functions also find the partial match for "dogsbody", and so
+return that when PCRE_PARTIAL_HARD is set.
+</P>
+<br><a name="SEC4" href="#TOC1">PARTIAL MATCHING AND WORD BOUNDARIES</a><br>
+<P>
+If a pattern ends with one of sequences \b or \B, which test for word
+boundaries, partial matching with PCRE_PARTIAL_SOFT can give counter-intuitive
+results. Consider this pattern:
+<pre>
+  /\bcat\b/
+</pre>
+This matches "cat", provided there is a word boundary at either end. If the
+subject string is "the cat", the comparison of the final "t" with a following
+character cannot take place, so a partial match is found. However, normal
+matching carries on, and \b matches at the end of the subject when the last
+character is a letter, so a complete match is found. The result, therefore, is
+<i>not</i> PCRE_ERROR_PARTIAL. Using PCRE_PARTIAL_HARD in this case does yield
+PCRE_ERROR_PARTIAL, because then the partial match takes precedence.
+</P>
+<br><a name="SEC5" href="#TOC1">FORMERLY RESTRICTED PATTERNS</a><br>
+<P>
+For releases of PCRE prior to 8.00, because of the way certain internal
+optimizations were implemented in the <b>pcre_exec()</b> function, the
+PCRE_PARTIAL option (predecessor of PCRE_PARTIAL_SOFT) could not be used with
+all patterns. From release 8.00 onwards, the restrictions no longer apply, and
+partial matching with can be requested for any pattern.
+</P>
+<P>
+Items that were formerly restricted were repeated single characters and
+repeated metasequences. If PCRE_PARTIAL was set for a pattern that did not
+conform to the restrictions, <b>pcre_exec()</b> returned the error code
+PCRE_ERROR_BADPARTIAL (-13). This error code is no longer in use. The
+PCRE_INFO_OKPARTIAL call to <b>pcre_fullinfo()</b> to find out if a compiled
+pattern can be used for partial matching now always returns 1.
+</P>
+<br><a name="SEC6" href="#TOC1">EXAMPLE OF PARTIAL MATCHING USING PCRETEST</a><br>
+<P>
+If the escape sequence \P is present in a <b>pcretest</b> data line, the
+PCRE_PARTIAL_SOFT option is used for the match. Here is a run of <b>pcretest</b>
+that uses the date example quoted above:
+<pre>
+    re&#62; /^\d?\d(jan|feb|mar|apr|may|jun|jul|aug|sep|oct|nov|dec)\d\d$/
+  data&#62; 25jun04\P
+   0: 25jun04
+   1: jun
+  data&#62; 25dec3\P
+  Partial match: 23dec3
+  data&#62; 3ju\P
+  Partial match: 3ju
+  data&#62; 3juj\P
+  No match
+  data&#62; j\P
+  No match
+</pre>
+The first data string is matched completely, so <b>pcretest</b> shows the
+matched substrings. The remaining four strings do not match the complete
+pattern, but the first two are partial matches. Similar output is obtained
+if DFA matching is used.
+</P>
+<P>
+If the escape sequence \P is present more than once in a <b>pcretest</b> data
+line, the PCRE_PARTIAL_HARD option is set for the match.
+</P>
+<br><a name="SEC7" href="#TOC1">MULTI-SEGMENT MATCHING WITH pcre_dfa_exec() OR pcre[16|32]_dfa_exec()</a><br>
+<P>
+When a partial match has been found using a DFA matching function, it is
+possible to continue the match by providing additional subject data and calling
+the function again with the same compiled regular expression, this time setting
+the PCRE_DFA_RESTART option. You must pass the same working space as before,
+because this is where details of the previous partial match are stored. Here is
+an example using <b>pcretest</b>, using the \R escape sequence to set the
+PCRE_DFA_RESTART option (\D specifies the use of the DFA matching function):
+<pre>
+    re&#62; /^\d?\d(jan|feb|mar|apr|may|jun|jul|aug|sep|oct|nov|dec)\d\d$/
+  data&#62; 23ja\P\D
+  Partial match: 23ja
+  data&#62; n05\R\D
+   0: n05
+</pre>
+The first call has "23ja" as the subject, and requests partial matching; the
+second call has "n05" as the subject for the continued (restarted) match.
+Notice that when the match is complete, only the last part is shown; PCRE does
+not retain the previously partially-matched string. It is up to the calling
+program to do that if it needs to.
+</P>
+<P>
+That means that, for an unanchored pattern, if a continued match fails, it is
+not possible to try again at a new starting point. All this facility is capable
+of doing is continuing with the previous match attempt. In the previous
+example, if the second set of data is "ug23" the result is no match, even
+though there would be a match for "aug23" if the entire string were given at
+once. Depending on the application, this may or may not be what you want.
+The only way to allow for starting again at the next character is to retain the
+matched part of the subject and try a new complete match.
+</P>
+<P>
+You can set the PCRE_PARTIAL_SOFT or PCRE_PARTIAL_HARD options with
+PCRE_DFA_RESTART to continue partial matching over multiple segments. This
+facility can be used to pass very long subject strings to the DFA matching
+functions.
+</P>
+<br><a name="SEC8" href="#TOC1">MULTI-SEGMENT MATCHING WITH pcre_exec() OR pcre[16|32]_exec()</a><br>
+<P>
+From release 8.00, the standard matching functions can also be used to do
+multi-segment matching. Unlike the DFA functions, it is not possible to
+restart the previous match with a new segment of data. Instead, new data must
+be added to the previous subject string, and the entire match re-run, starting
+from the point where the partial match occurred. Earlier data can be discarded.
+</P>
+<P>
+It is best to use PCRE_PARTIAL_HARD in this situation, because it does not
+treat the end of a segment as the end of the subject when matching \z, \Z,
+\b, \B, and $. Consider an unanchored pattern that matches dates:
+<pre>
+    re&#62; /\d?\d(jan|feb|mar|apr|may|jun|jul|aug|sep|oct|nov|dec)\d\d/
+  data&#62; The date is 23ja\P\P
+  Partial match: 23ja
+</pre>
+At this stage, an application could discard the text preceding "23ja", add on
+text from the next segment, and call the matching function again. Unlike the
+DFA matching functions, the entire matching string must always be available,
+and the complete matching process occurs for each call, so more memory and more
+processing time is needed.
+</P>
+<P>
+<b>Note:</b> If the pattern contains lookbehind assertions, or \K, or starts
+with \b or \B, the string that is returned for a partial match includes
+characters that precede the start of what would be returned for a complete
+match, because it contains all the characters that were inspected during the
+partial match.
+</P>
+<br><a name="SEC9" href="#TOC1">ISSUES WITH MULTI-SEGMENT MATCHING</a><br>
+<P>
+Certain types of pattern may give problems with multi-segment matching,
+whichever matching function is used.
+</P>
+<P>
+1. If the pattern contains a test for the beginning of a line, you need to pass
+the PCRE_NOTBOL option when the subject string for any call does start at the
+beginning of a line. There is also a PCRE_NOTEOL option, but in practice when
+doing multi-segment matching you should be using PCRE_PARTIAL_HARD, which
+includes the effect of PCRE_NOTEOL.
+</P>
+<P>
+2. Lookbehind assertions that have already been obeyed are catered for in the
+offsets that are returned for a partial match. However a lookbehind assertion
+later in the pattern could require even earlier characters to be inspected. You
+can handle this case by using the PCRE_INFO_MAXLOOKBEHIND option of the
+<b>pcre_fullinfo()</b> or <b>pcre[16|32]_fullinfo()</b> functions to obtain the
+length of the longest lookbehind in the pattern. This length is given in
+characters, not bytes. If you always retain at least that many characters
+before the partially matched string, all should be well. (Of course, near the
+start of the subject, fewer characters may be present; in that case all
+characters should be retained.)
+</P>
+<P>
+From release 8.33, there is a more accurate way of deciding which characters to
+retain. Instead of subtracting the length of the longest lookbehind from the
+earliest inspected character (<i>offsets[0]</i>), the match start position
+(<i>offsets[2]</i>) should be used, and the next match attempt started at the
+<i>offsets[2]</i> character by setting the <i>startoffset</i> argument of
+<b>pcre_exec()</b> or <b>pcre_dfa_exec()</b>.
+</P>
+<P>
+For example, if the pattern "(?&#60;=123)abc" is partially
+matched against the string "xx123a", the three offset values returned are 2, 6,
+and 5. This indicates that the matching process that gave a partial match
+started at offset 5, but the characters "123a" were all inspected. The maximum
+lookbehind for that pattern is 3, so taking that away from 5 shows that we need
+only keep "123a", and the next match attempt can be started at offset 3 (that
+is, at "a") when further characters have been added. When the match start is
+not the earliest inspected character, <b>pcretest</b> shows it explicitly:
+<pre>
+    re&#62; "(?&#60;=123)abc"
+  data&#62; xx123a\P\P
+  Partial match at offset 5: 123a
+</PRE>
+</P>
+<P>
+3. Because a partial match must always contain at least one character, what
+might be considered a partial match of an empty string actually gives a "no
+match" result. For example:
+<pre>
+    re&#62; /c(?&#60;=abc)x/
+  data&#62; ab\P
+  No match
+</pre>
+If the next segment begins "cx", a match should be found, but this will only
+happen if characters from the previous segment are retained. For this reason, a
+"no match" result should be interpreted as "partial match of an empty string"
+when the pattern contains lookbehinds.
+</P>
+<P>
+4. Matching a subject string that is split into multiple segments may not
+always produce exactly the same result as matching over one single long string,
+especially when PCRE_PARTIAL_SOFT is used. The section "Partial Matching and
+Word Boundaries" above describes an issue that arises if the pattern ends with
+\b or \B. Another kind of difference may occur when there are multiple
+matching possibilities, because (for PCRE_PARTIAL_SOFT) a partial match result
+is given only when there are no completed matches. This means that as soon as
+the shortest match has been found, continuation to a new subject segment is no
+longer possible. Consider again this <b>pcretest</b> example:
+<pre>
+    re&#62; /dog(sbody)?/
+  data&#62; dogsb\P
+   0: dog
+  data&#62; do\P\D
+  Partial match: do
+  data&#62; gsb\R\P\D
+   0: g
+  data&#62; dogsbody\D
+   0: dogsbody
+   1: dog
+</pre>
+The first data line passes the string "dogsb" to a standard matching function,
+setting the PCRE_PARTIAL_SOFT option. Although the string is a partial match
+for "dogsbody", the result is not PCRE_ERROR_PARTIAL, because the shorter
+string "dog" is a complete match. Similarly, when the subject is presented to
+a DFA matching function in several parts ("do" and "gsb" being the first two)
+the match stops when "dog" has been found, and it is not possible to continue.
+On the other hand, if "dogsbody" is presented as a single string, a DFA
+matching function finds both matches.
+</P>
+<P>
+Because of these problems, it is best to use PCRE_PARTIAL_HARD when matching
+multi-segment data. The example above then behaves differently:
+<pre>
+    re&#62; /dog(sbody)?/
+  data&#62; dogsb\P\P
+  Partial match: dogsb
+  data&#62; do\P\D
+  Partial match: do
+  data&#62; gsb\R\P\P\D
+  Partial match: gsb
+</pre>
+5. Patterns that contain alternatives at the top level which do not all start
+with the same pattern item may not work as expected when PCRE_DFA_RESTART is
+used. For example, consider this pattern:
+<pre>
+  1234|3789
+</pre>
+If the first part of the subject is "ABC123", a partial match of the first
+alternative is found at offset 3. There is no partial match for the second
+alternative, because such a match does not start at the same point in the
+subject string. Attempting to continue with the string "7890" does not yield a
+match because only those alternatives that match at one point in the subject
+are remembered. The problem arises because the start of the second alternative
+matches within the first alternative. There is no problem with anchored
+patterns or patterns such as:
+<pre>
+  1234|ABCD
+</pre>
+where no string can be a partial match for both alternatives. This is not a
+problem if a standard matching function is used, because the entire match has
+to be rerun each time:
+<pre>
+    re&#62; /1234|3789/
+  data&#62; ABC123\P\P
+  Partial match: 123
+  data&#62; 1237890
+   0: 3789
+</pre>
+Of course, instead of using PCRE_DFA_RESTART, the same technique of re-running
+the entire match can also be used with the DFA matching functions. Another
+possibility is to work with two buffers. If a partial match at offset <i>n</i>
+in the first buffer is followed by "no match" when PCRE_DFA_RESTART is used on
+the second buffer, you can then try a new match starting at offset <i>n+1</i> in
+the first buffer.
+</P>
+<br><a name="SEC10" href="#TOC1">AUTHOR</a><br>
+<P>
+Philip Hazel
+<br>
+University Computing Service
+<br>
+Cambridge CB2 3QH, England.
+<br>
+</P>
+<br><a name="SEC11" href="#TOC1">REVISION</a><br>
+<P>
+Last updated: 02 July 2013
+<br>
+Copyright &copy; 1997-2013 University of Cambridge.
+<br>
+<p>
+Return to the <a href="index.html">PCRE index page</a>.
+</p>
diff --git a/client/3rd/ShadowSocks/ShadowSocks/pcre/armv7s/share/doc/pcre/html/pcrepattern.html b/client/3rd/ShadowSocks/ShadowSocks/pcre/armv7s/share/doc/pcre/html/pcrepattern.html
new file mode 100644
index 00000000..96fc7298
--- /dev/null
+++ b/client/3rd/ShadowSocks/ShadowSocks/pcre/armv7s/share/doc/pcre/html/pcrepattern.html
@@ -0,0 +1,3276 @@
+<html>
+<head>
+<title>pcrepattern specification</title>
+</head>
+<body bgcolor="#FFFFFF" text="#00005A" link="#0066FF" alink="#3399FF" vlink="#2222BB">
+<h1>pcrepattern man page</h1>
+<p>
+Return to the <a href="index.html">PCRE index page</a>.
+</p>
+<p>
+This page is part of the PCRE HTML documentation. It was generated automatically
+from the original man page. If there is any nonsense in it, please consult the
+man page, in case the conversion went wrong.
+<br>
+<ul>
+<li><a name="TOC1" href="#SEC1">PCRE REGULAR EXPRESSION DETAILS</a>
+<li><a name="TOC2" href="#SEC2">SPECIAL START-OF-PATTERN ITEMS</a>
+<li><a name="TOC3" href="#SEC3">EBCDIC CHARACTER CODES</a>
+<li><a name="TOC4" href="#SEC4">CHARACTERS AND METACHARACTERS</a>
+<li><a name="TOC5" href="#SEC5">BACKSLASH</a>
+<li><a name="TOC6" href="#SEC6">CIRCUMFLEX AND DOLLAR</a>
+<li><a name="TOC7" href="#SEC7">FULL STOP (PERIOD, DOT) AND \N</a>
+<li><a name="TOC8" href="#SEC8">MATCHING A SINGLE DATA UNIT</a>
+<li><a name="TOC9" href="#SEC9">SQUARE BRACKETS AND CHARACTER CLASSES</a>
+<li><a name="TOC10" href="#SEC10">POSIX CHARACTER CLASSES</a>
+<li><a name="TOC11" href="#SEC11">COMPATIBILITY FEATURE FOR WORD BOUNDARIES</a>
+<li><a name="TOC12" href="#SEC12">VERTICAL BAR</a>
+<li><a name="TOC13" href="#SEC13">INTERNAL OPTION SETTING</a>
+<li><a name="TOC14" href="#SEC14">SUBPATTERNS</a>
+<li><a name="TOC15" href="#SEC15">DUPLICATE SUBPATTERN NUMBERS</a>
+<li><a name="TOC16" href="#SEC16">NAMED SUBPATTERNS</a>
+<li><a name="TOC17" href="#SEC17">REPETITION</a>
+<li><a name="TOC18" href="#SEC18">ATOMIC GROUPING AND POSSESSIVE QUANTIFIERS</a>
+<li><a name="TOC19" href="#SEC19">BACK REFERENCES</a>
+<li><a name="TOC20" href="#SEC20">ASSERTIONS</a>
+<li><a name="TOC21" href="#SEC21">CONDITIONAL SUBPATTERNS</a>
+<li><a name="TOC22" href="#SEC22">COMMENTS</a>
+<li><a name="TOC23" href="#SEC23">RECURSIVE PATTERNS</a>
+<li><a name="TOC24" href="#SEC24">SUBPATTERNS AS SUBROUTINES</a>
+<li><a name="TOC25" href="#SEC25">ONIGURUMA SUBROUTINE SYNTAX</a>
+<li><a name="TOC26" href="#SEC26">CALLOUTS</a>
+<li><a name="TOC27" href="#SEC27">BACKTRACKING CONTROL</a>
+<li><a name="TOC28" href="#SEC28">SEE ALSO</a>
+<li><a name="TOC29" href="#SEC29">AUTHOR</a>
+<li><a name="TOC30" href="#SEC30">REVISION</a>
+</ul>
+<br><a name="SEC1" href="#TOC1">PCRE REGULAR EXPRESSION DETAILS</a><br>
+<P>
+The syntax and semantics of the regular expressions that are supported by PCRE
+are described in detail below. There is a quick-reference syntax summary in the
+<a href="pcresyntax.html"><b>pcresyntax</b></a>
+page. PCRE tries to match Perl syntax and semantics as closely as it can. PCRE
+also supports some alternative regular expression syntax (which does not
+conflict with the Perl syntax) in order to provide some compatibility with
+regular expressions in Python, .NET, and Oniguruma.
+</P>
+<P>
+Perl's regular expressions are described in its own documentation, and
+regular expressions in general are covered in a number of books, some of which
+have copious examples. Jeffrey Friedl's "Mastering Regular Expressions",
+published by O'Reilly, covers regular expressions in great detail. This
+description of PCRE's regular expressions is intended as reference material.
+</P>
+<P>
+This document discusses the patterns that are supported by PCRE when one its
+main matching functions, <b>pcre_exec()</b> (8-bit) or <b>pcre[16|32]_exec()</b>
+(16- or 32-bit), is used. PCRE also has alternative matching functions,
+<b>pcre_dfa_exec()</b> and <b>pcre[16|32_dfa_exec()</b>, which match using a
+different algorithm that is not Perl-compatible. Some of the features discussed
+below are not available when DFA matching is used. The advantages and
+disadvantages of the alternative functions, and how they differ from the normal
+functions, are discussed in the
+<a href="pcrematching.html"><b>pcrematching</b></a>
+page.
+</P>
+<br><a name="SEC2" href="#TOC1">SPECIAL START-OF-PATTERN ITEMS</a><br>
+<P>
+A number of options that can be passed to <b>pcre_compile()</b> can also be set
+by special items at the start of a pattern. These are not Perl-compatible, but
+are provided to make these options accessible to pattern writers who are not
+able to change the program that processes the pattern. Any number of these
+items may appear, but they must all be together right at the start of the
+pattern string, and the letters must be in upper case.
+</P>
+<br><b>
+UTF support
+</b><br>
+<P>
+The original operation of PCRE was on strings of one-byte characters. However,
+there is now also support for UTF-8 strings in the original library, an
+extra library that supports 16-bit and UTF-16 character strings, and a
+third library that supports 32-bit and UTF-32 character strings. To use these
+features, PCRE must be built to include appropriate support. When using UTF
+strings you must either call the compiling function with the PCRE_UTF8,
+PCRE_UTF16, or PCRE_UTF32 option, or the pattern must start with one of
+these special sequences:
+<pre>
+  (*UTF8)
+  (*UTF16)
+  (*UTF32)
+  (*UTF)
+</pre>
+(*UTF) is a generic sequence that can be used with any of the libraries.
+Starting a pattern with such a sequence is equivalent to setting the relevant
+option. How setting a UTF mode affects pattern matching is mentioned in several
+places below. There is also a summary of features in the
+<a href="pcreunicode.html"><b>pcreunicode</b></a>
+page.
+</P>
+<P>
+Some applications that allow their users to supply patterns may wish to
+restrict them to non-UTF data for security reasons. If the PCRE_NEVER_UTF
+option is set at compile time, (*UTF) etc. are not allowed, and their
+appearance causes an error.
+</P>
+<br><b>
+Unicode property support
+</b><br>
+<P>
+Another special sequence that may appear at the start of a pattern is (*UCP).
+This has the same effect as setting the PCRE_UCP option: it causes sequences
+such as \d and \w to use Unicode properties to determine character types,
+instead of recognizing only characters with codes less than 128 via a lookup
+table.
+</P>
+<br><b>
+Disabling auto-possessification
+</b><br>
+<P>
+If a pattern starts with (*NO_AUTO_POSSESS), it has the same effect as setting
+the PCRE_NO_AUTO_POSSESS option at compile time. This stops PCRE from making
+quantifiers possessive when what follows cannot match the repeated item. For
+example, by default a+b is treated as a++b. For more details, see the
+<a href="pcreapi.html"><b>pcreapi</b></a>
+documentation.
+</P>
+<br><b>
+Disabling start-up optimizations
+</b><br>
+<P>
+If a pattern starts with (*NO_START_OPT), it has the same effect as setting the
+PCRE_NO_START_OPTIMIZE option either at compile or matching time. This disables
+several optimizations for quickly reaching "no match" results. For more
+details, see the
+<a href="pcreapi.html"><b>pcreapi</b></a>
+documentation.
+<a name="newlines"></a></P>
+<br><b>
+Newline conventions
+</b><br>
+<P>
+PCRE supports five different conventions for indicating line breaks in
+strings: a single CR (carriage return) character, a single LF (linefeed)
+character, the two-character sequence CRLF, any of the three preceding, or any
+Unicode newline sequence. The
+<a href="pcreapi.html"><b>pcreapi</b></a>
+page has
+<a href="pcreapi.html#newlines">further discussion</a>
+about newlines, and shows how to set the newline convention in the
+<i>options</i> arguments for the compiling and matching functions.
+</P>
+<P>
+It is also possible to specify a newline convention by starting a pattern
+string with one of the following five sequences:
+<pre>
+  (*CR)        carriage return
+  (*LF)        linefeed
+  (*CRLF)      carriage return, followed by linefeed
+  (*ANYCRLF)   any of the three above
+  (*ANY)       all Unicode newline sequences
+</pre>
+These override the default and the options given to the compiling function. For
+example, on a Unix system where LF is the default newline sequence, the pattern
+<pre>
+  (*CR)a.b
+</pre>
+changes the convention to CR. That pattern matches "a\nb" because LF is no
+longer a newline. If more than one of these settings is present, the last one
+is used.
+</P>
+<P>
+The newline convention affects where the circumflex and dollar assertions are
+true. It also affects the interpretation of the dot metacharacter when
+PCRE_DOTALL is not set, and the behaviour of \N. However, it does not affect
+what the \R escape sequence matches. By default, this is any Unicode newline
+sequence, for Perl compatibility. However, this can be changed; see the
+description of \R in the section entitled
+<a href="#newlineseq">"Newline sequences"</a>
+below. A change of \R setting can be combined with a change of newline
+convention.
+</P>
+<br><b>
+Setting match and recursion limits
+</b><br>
+<P>
+The caller of <b>pcre_exec()</b> can set a limit on the number of times the
+internal <b>match()</b> function is called and on the maximum depth of
+recursive calls. These facilities are provided to catch runaway matches that
+are provoked by patterns with huge matching trees (a typical example is a
+pattern with nested unlimited repeats) and to avoid running out of system stack
+by too much recursion. When one of these limits is reached, <b>pcre_exec()</b>
+gives an error return. The limits can also be set by items at the start of the
+pattern of the form
+<pre>
+  (*LIMIT_MATCH=d)
+  (*LIMIT_RECURSION=d)
+</pre>
+where d is any number of decimal digits. However, the value of the setting must
+be less than the value set (or defaulted) by the caller of <b>pcre_exec()</b>
+for it to have any effect. In other words, the pattern writer can lower the
+limits set by the programmer, but not raise them. If there is more than one
+setting of one of these limits, the lower value is used.
+</P>
+<br><a name="SEC3" href="#TOC1">EBCDIC CHARACTER CODES</a><br>
+<P>
+PCRE can be compiled to run in an environment that uses EBCDIC as its character
+code rather than ASCII or Unicode (typically a mainframe system). In the
+sections below, character code values are ASCII or Unicode; in an EBCDIC
+environment these characters may have different code values, and there are no
+code points greater than 255.
+</P>
+<br><a name="SEC4" href="#TOC1">CHARACTERS AND METACHARACTERS</a><br>
+<P>
+A regular expression is a pattern that is matched against a subject string from
+left to right. Most characters stand for themselves in a pattern, and match the
+corresponding characters in the subject. As a trivial example, the pattern
+<pre>
+  The quick brown fox
+</pre>
+matches a portion of a subject string that is identical to itself. When
+caseless matching is specified (the PCRE_CASELESS option), letters are matched
+independently of case. In a UTF mode, PCRE always understands the concept of
+case for characters whose values are less than 128, so caseless matching is
+always possible. For characters with higher values, the concept of case is
+supported if PCRE is compiled with Unicode property support, but not otherwise.
+If you want to use caseless matching for characters 128 and above, you must
+ensure that PCRE is compiled with Unicode property support as well as with
+UTF support.
+</P>
+<P>
+The power of regular expressions comes from the ability to include alternatives
+and repetitions in the pattern. These are encoded in the pattern by the use of
+<i>metacharacters</i>, which do not stand for themselves but instead are
+interpreted in some special way.
+</P>
+<P>
+There are two different sets of metacharacters: those that are recognized
+anywhere in the pattern except within square brackets, and those that are
+recognized within square brackets. Outside square brackets, the metacharacters
+are as follows:
+<pre>
+  \      general escape character with several uses
+  ^      assert start of string (or line, in multiline mode)
+  $      assert end of string (or line, in multiline mode)
+  .      match any character except newline (by default)
+  [      start character class definition
+  |      start of alternative branch
+  (      start subpattern
+  )      end subpattern
+  ?      extends the meaning of (
+         also 0 or 1 quantifier
+         also quantifier minimizer
+  *      0 or more quantifier
+  +      1 or more quantifier
+         also "possessive quantifier"
+  {      start min/max quantifier
+</pre>
+Part of a pattern that is in square brackets is called a "character class". In
+a character class the only metacharacters are:
+<pre>
+  \      general escape character
+  ^      negate the class, but only if the first character
+  -      indicates character range
+  [      POSIX character class (only if followed by POSIX syntax)
+  ]      terminates the character class
+</pre>
+The following sections describe the use of each of the metacharacters.
+</P>
+<br><a name="SEC5" href="#TOC1">BACKSLASH</a><br>
+<P>
+The backslash character has several uses. Firstly, if it is followed by a
+character that is not a number or a letter, it takes away any special meaning
+that character may have. This use of backslash as an escape character applies
+both inside and outside character classes.
+</P>
+<P>
+For example, if you want to match a * character, you write \* in the pattern.
+This escaping action applies whether or not the following character would
+otherwise be interpreted as a metacharacter, so it is always safe to precede a
+non-alphanumeric with backslash to specify that it stands for itself. In
+particular, if you want to match a backslash, you write \\.
+</P>
+<P>
+In a UTF mode, only ASCII numbers and letters have any special meaning after a
+backslash. All other characters (in particular, those whose codepoints are
+greater than 127) are treated as literals.
+</P>
+<P>
+If a pattern is compiled with the PCRE_EXTENDED option, most white space in the
+pattern (other than in a character class), and characters between a # outside a
+character class and the next newline, inclusive, are ignored. An escaping
+backslash can be used to include a white space or # character as part of the
+pattern.
+</P>
+<P>
+If you want to remove the special meaning from a sequence of characters, you
+can do so by putting them between \Q and \E. This is different from Perl in
+that $ and @ are handled as literals in \Q...\E sequences in PCRE, whereas in
+Perl, $ and @ cause variable interpolation. Note the following examples:
+<pre>
+  Pattern            PCRE matches   Perl matches
+
+  \Qabc$xyz\E        abc$xyz        abc followed by the contents of $xyz
+  \Qabc\$xyz\E       abc\$xyz       abc\$xyz
+  \Qabc\E\$\Qxyz\E   abc$xyz        abc$xyz
+</pre>
+The \Q...\E sequence is recognized both inside and outside character classes.
+An isolated \E that is not preceded by \Q is ignored. If \Q is not followed
+by \E later in the pattern, the literal interpretation continues to the end of
+the pattern (that is, \E is assumed at the end). If the isolated \Q is inside
+a character class, this causes an error, because the character class is not
+terminated.
+<a name="digitsafterbackslash"></a></P>
+<br><b>
+Non-printing characters
+</b><br>
+<P>
+A second use of backslash provides a way of encoding non-printing characters
+in patterns in a visible manner. There is no restriction on the appearance of
+non-printing characters, apart from the binary zero that terminates a pattern,
+but when a pattern is being prepared by text editing, it is often easier to use
+one of the following escape sequences than the binary character it represents.
+In an ASCII or Unicode environment, these escapes are as follows:
+<pre>
+  \a        alarm, that is, the BEL character (hex 07)
+  \cx       "control-x", where x is any ASCII character
+  \e        escape (hex 1B)
+  \f        form feed (hex 0C)
+  \n        linefeed (hex 0A)
+  \r        carriage return (hex 0D)
+  \t        tab (hex 09)
+  \0dd      character with octal code 0dd
+  \ddd      character with octal code ddd, or back reference
+  \o{ddd..} character with octal code ddd..
+  \xhh      character with hex code hh
+  \x{hhh..} character with hex code hhh.. (non-JavaScript mode)
+  \uhhhh    character with hex code hhhh (JavaScript mode only)
+</pre>
+The precise effect of \cx on ASCII characters is as follows: if x is a lower
+case letter, it is converted to upper case. Then bit 6 of the character (hex
+40) is inverted. Thus \cA to \cZ become hex 01 to hex 1A (A is 41, Z is 5A),
+but \c{ becomes hex 3B ({ is 7B), and \c; becomes hex 7B (; is 3B). If the
+data item (byte or 16-bit value) following \c has a value greater than 127, a
+compile-time error occurs. This locks out non-ASCII characters in all modes.
+</P>
+<P>
+When PCRE is compiled in EBCDIC mode, \a, \e, \f, \n, \r, and \t
+generate the appropriate EBCDIC code values. The \c escape is processed
+as specified for Perl in the <b>perlebcdic</b> document. The only characters
+that are allowed after \c are A-Z, a-z, or one of @, [, \, ], ^, _, or ?. Any
+other character provokes a compile-time error. The sequence \c@ encodes
+character code 0; after \c the letters (in either case) encode characters 1-26
+(hex 01 to hex 1A); [, \, ], ^, and _ encode characters 27-31 (hex 1B to hex
+1F), and \c? becomes either 255 (hex FF) or 95 (hex 5F).
+</P>
+<P>
+Thus, apart from \c?, these escapes generate the same character code values as
+they do in an ASCII environment, though the meanings of the values mostly
+differ. For example, \cG always generates code value 7, which is BEL in ASCII
+but DEL in EBCDIC.
+</P>
+<P>
+The sequence \c? generates DEL (127, hex 7F) in an ASCII environment, but
+because 127 is not a control character in EBCDIC, Perl makes it generate the
+APC character. Unfortunately, there are several variants of EBCDIC. In most of
+them the APC character has the value 255 (hex FF), but in the one Perl calls
+POSIX-BC its value is 95 (hex 5F). If certain other characters have POSIX-BC
+values, PCRE makes \c? generate 95; otherwise it generates 255.
+</P>
+<P>
+After \0 up to two further octal digits are read. If there are fewer than two
+digits, just those that are present are used. Thus the sequence \0\x\015
+specifies two binary zeros followed by a CR character (code value 13). Make
+sure you supply two digits after the initial zero if the pattern character that
+follows is itself an octal digit.
+</P>
+<P>
+The escape \o must be followed by a sequence of octal digits, enclosed in
+braces. An error occurs if this is not the case. This escape is a recent
+addition to Perl; it provides way of specifying character code points as octal
+numbers greater than 0777, and it also allows octal numbers and back references
+to be unambiguously specified.
+</P>
+<P>
+For greater clarity and unambiguity, it is best to avoid following \ by a
+digit greater than zero. Instead, use \o{} or \x{} to specify character
+numbers, and \g{} to specify back references. The following paragraphs
+describe the old, ambiguous syntax.
+</P>
+<P>
+The handling of a backslash followed by a digit other than 0 is complicated,
+and Perl has changed in recent releases, causing PCRE also to change. Outside a
+character class, PCRE reads the digit and any following digits as a decimal
+number. If the number is less than 8, or if there have been at least that many
+previous capturing left parentheses in the expression, the entire sequence is
+taken as a <i>back reference</i>. A description of how this works is given
+<a href="#backreferences">later,</a>
+following the discussion of
+<a href="#subpattern">parenthesized subpatterns.</a>
+</P>
+<P>
+Inside a character class, or if the decimal number following \ is greater than
+7 and there have not been that many capturing subpatterns, PCRE handles \8 and
+\9 as the literal characters "8" and "9", and otherwise re-reads up to three
+octal digits following the backslash, using them to generate a data character.
+Any subsequent digits stand for themselves. For example:
+<pre>
+  \040   is another way of writing an ASCII space
+  \40    is the same, provided there are fewer than 40 previous capturing subpatterns
+  \7     is always a back reference
+  \11    might be a back reference, or another way of writing a tab
+  \011   is always a tab
+  \0113  is a tab followed by the character "3"
+  \113   might be a back reference, otherwise the character with octal code 113
+  \377   might be a back reference, otherwise the value 255 (decimal)
+  \81    is either a back reference, or the two characters "8" and "1"
+</pre>
+Note that octal values of 100 or greater that are specified using this syntax
+must not be introduced by a leading zero, because no more than three octal
+digits are ever read.
+</P>
+<P>
+By default, after \x that is not followed by {, from zero to two hexadecimal
+digits are read (letters can be in upper or lower case). Any number of
+hexadecimal digits may appear between \x{ and }. If a character other than
+a hexadecimal digit appears between \x{ and }, or if there is no terminating
+}, an error occurs.
+</P>
+<P>
+If the PCRE_JAVASCRIPT_COMPAT option is set, the interpretation of \x is
+as just described only when it is followed by two hexadecimal digits.
+Otherwise, it matches a literal "x" character. In JavaScript mode, support for
+code points greater than 256 is provided by \u, which must be followed by
+four hexadecimal digits; otherwise it matches a literal "u" character.
+</P>
+<P>
+Characters whose value is less than 256 can be defined by either of the two
+syntaxes for \x (or by \u in JavaScript mode). There is no difference in the
+way they are handled. For example, \xdc is exactly the same as \x{dc} (or
+\u00dc in JavaScript mode).
+</P>
+<br><b>
+Constraints on character values
+</b><br>
+<P>
+Characters that are specified using octal or hexadecimal numbers are
+limited to certain values, as follows:
+<pre>
+  8-bit non-UTF mode    less than 0x100
+  8-bit UTF-8 mode      less than 0x10ffff and a valid codepoint
+  16-bit non-UTF mode   less than 0x10000
+  16-bit UTF-16 mode    less than 0x10ffff and a valid codepoint
+  32-bit non-UTF mode   less than 0x100000000
+  32-bit UTF-32 mode    less than 0x10ffff and a valid codepoint
+</pre>
+Invalid Unicode codepoints are the range 0xd800 to 0xdfff (the so-called
+"surrogate" codepoints), and 0xffef.
+</P>
+<br><b>
+Escape sequences in character classes
+</b><br>
+<P>
+All the sequences that define a single character value can be used both inside
+and outside character classes. In addition, inside a character class, \b is
+interpreted as the backspace character (hex 08).
+</P>
+<P>
+\N is not allowed in a character class. \B, \R, and \X are not special
+inside a character class. Like other unrecognized escape sequences, they are
+treated as the literal characters "B", "R", and "X" by default, but cause an
+error if the PCRE_EXTRA option is set. Outside a character class, these
+sequences have different meanings.
+</P>
+<br><b>
+Unsupported escape sequences
+</b><br>
+<P>
+In Perl, the sequences \l, \L, \u, and \U are recognized by its string
+handler and used to modify the case of following characters. By default, PCRE
+does not support these escape sequences. However, if the PCRE_JAVASCRIPT_COMPAT
+option is set, \U matches a "U" character, and \u can be used to define a
+character by code point, as described in the previous section.
+</P>
+<br><b>
+Absolute and relative back references
+</b><br>
+<P>
+The sequence \g followed by an unsigned or a negative number, optionally
+enclosed in braces, is an absolute or relative back reference. A named back
+reference can be coded as \g{name}. Back references are discussed
+<a href="#backreferences">later,</a>
+following the discussion of
+<a href="#subpattern">parenthesized subpatterns.</a>
+</P>
+<br><b>
+Absolute and relative subroutine calls
+</b><br>
+<P>
+For compatibility with Oniguruma, the non-Perl syntax \g followed by a name or
+a number enclosed either in angle brackets or single quotes, is an alternative
+syntax for referencing a subpattern as a "subroutine". Details are discussed
+<a href="#onigurumasubroutines">later.</a>
+Note that \g{...} (Perl syntax) and \g&#60;...&#62; (Oniguruma syntax) are <i>not</i>
+synonymous. The former is a back reference; the latter is a
+<a href="#subpatternsassubroutines">subroutine</a>
+call.
+<a name="genericchartypes"></a></P>
+<br><b>
+Generic character types
+</b><br>
+<P>
+Another use of backslash is for specifying generic character types:
+<pre>
+  \d     any decimal digit
+  \D     any character that is not a decimal digit
+  \h     any horizontal white space character
+  \H     any character that is not a horizontal white space character
+  \s     any white space character
+  \S     any character that is not a white space character
+  \v     any vertical white space character
+  \V     any character that is not a vertical white space character
+  \w     any "word" character
+  \W     any "non-word" character
+</pre>
+There is also the single sequence \N, which matches a non-newline character.
+This is the same as
+<a href="#fullstopdot">the "." metacharacter</a>
+when PCRE_DOTALL is not set. Perl also uses \N to match characters by name;
+PCRE does not support this.
+</P>
+<P>
+Each pair of lower and upper case escape sequences partitions the complete set
+of characters into two disjoint sets. Any given character matches one, and only
+one, of each pair. The sequences can appear both inside and outside character
+classes. They each match one character of the appropriate type. If the current
+matching point is at the end of the subject string, all of them fail, because
+there is no character to match.
+</P>
+<P>
+For compatibility with Perl, \s did not used to match the VT character (code
+11), which made it different from the the POSIX "space" class. However, Perl
+added VT at release 5.18, and PCRE followed suit at release 8.34. The default
+\s characters are now HT (9), LF (10), VT (11), FF (12), CR (13), and space
+(32), which are defined as white space in the "C" locale. This list may vary if
+locale-specific matching is taking place. For example, in some locales the
+"non-breaking space" character (\xA0) is recognized as white space, and in
+others the VT character is not.
+</P>
+<P>
+A "word" character is an underscore or any character that is a letter or digit.
+By default, the definition of letters and digits is controlled by PCRE's
+low-valued character tables, and may vary if locale-specific matching is taking
+place (see
+<a href="pcreapi.html#localesupport">"Locale support"</a>
+in the
+<a href="pcreapi.html"><b>pcreapi</b></a>
+page). For example, in a French locale such as "fr_FR" in Unix-like systems,
+or "french" in Windows, some character codes greater than 127 are used for
+accented letters, and these are then matched by \w. The use of locales with
+Unicode is discouraged.
+</P>
+<P>
+By default, characters whose code points are greater than 127 never match \d,
+\s, or \w, and always match \D, \S, and \W, although this may vary for
+characters in the range 128-255 when locale-specific matching is happening.
+These escape sequences retain their original meanings from before Unicode
+support was available, mainly for efficiency reasons. If PCRE is compiled with
+Unicode property support, and the PCRE_UCP option is set, the behaviour is
+changed so that Unicode properties are used to determine character types, as
+follows:
+<pre>
+  \d  any character that matches \p{Nd} (decimal digit)
+  \s  any character that matches \p{Z} or \h or \v
+  \w  any character that matches \p{L} or \p{N}, plus underscore
+</pre>
+The upper case escapes match the inverse sets of characters. Note that \d
+matches only decimal digits, whereas \w matches any Unicode digit, as well as
+any Unicode letter, and underscore. Note also that PCRE_UCP affects \b, and
+\B because they are defined in terms of \w and \W. Matching these sequences
+is noticeably slower when PCRE_UCP is set.
+</P>
+<P>
+The sequences \h, \H, \v, and \V are features that were added to Perl at
+release 5.10. In contrast to the other sequences, which match only ASCII
+characters by default, these always match certain high-valued code points,
+whether or not PCRE_UCP is set. The horizontal space characters are:
+<pre>
+  U+0009     Horizontal tab (HT)
+  U+0020     Space
+  U+00A0     Non-break space
+  U+1680     Ogham space mark
+  U+180E     Mongolian vowel separator
+  U+2000     En quad
+  U+2001     Em quad
+  U+2002     En space
+  U+2003     Em space
+  U+2004     Three-per-em space
+  U+2005     Four-per-em space
+  U+2006     Six-per-em space
+  U+2007     Figure space
+  U+2008     Punctuation space
+  U+2009     Thin space
+  U+200A     Hair space
+  U+202F     Narrow no-break space
+  U+205F     Medium mathematical space
+  U+3000     Ideographic space
+</pre>
+The vertical space characters are:
+<pre>
+  U+000A     Linefeed (LF)
+  U+000B     Vertical tab (VT)
+  U+000C     Form feed (FF)
+  U+000D     Carriage return (CR)
+  U+0085     Next line (NEL)
+  U+2028     Line separator
+  U+2029     Paragraph separator
+</pre>
+In 8-bit, non-UTF-8 mode, only the characters with codepoints less than 256 are
+relevant.
+<a name="newlineseq"></a></P>
+<br><b>
+Newline sequences
+</b><br>
+<P>
+Outside a character class, by default, the escape sequence \R matches any
+Unicode newline sequence. In 8-bit non-UTF-8 mode \R is equivalent to the
+following:
+<pre>
+  (?&#62;\r\n|\n|\x0b|\f|\r|\x85)
+</pre>
+This is an example of an "atomic group", details of which are given
+<a href="#atomicgroup">below.</a>
+This particular group matches either the two-character sequence CR followed by
+LF, or one of the single characters LF (linefeed, U+000A), VT (vertical tab,
+U+000B), FF (form feed, U+000C), CR (carriage return, U+000D), or NEL (next
+line, U+0085). The two-character sequence is treated as a single unit that
+cannot be split.
+</P>
+<P>
+In other modes, two additional characters whose codepoints are greater than 255
+are added: LS (line separator, U+2028) and PS (paragraph separator, U+2029).
+Unicode character property support is not needed for these characters to be
+recognized.
+</P>
+<P>
+It is possible to restrict \R to match only CR, LF, or CRLF (instead of the
+complete set of Unicode line endings) by setting the option PCRE_BSR_ANYCRLF
+either at compile time or when the pattern is matched. (BSR is an abbrevation
+for "backslash R".) This can be made the default when PCRE is built; if this is
+the case, the other behaviour can be requested via the PCRE_BSR_UNICODE option.
+It is also possible to specify these settings by starting a pattern string with
+one of the following sequences:
+<pre>
+  (*BSR_ANYCRLF)   CR, LF, or CRLF only
+  (*BSR_UNICODE)   any Unicode newline sequence
+</pre>
+These override the default and the options given to the compiling function, but
+they can themselves be overridden by options given to a matching function. Note
+that these special settings, which are not Perl-compatible, are recognized only
+at the very start of a pattern, and that they must be in upper case. If more
+than one of them is present, the last one is used. They can be combined with a
+change of newline convention; for example, a pattern can start with:
+<pre>
+  (*ANY)(*BSR_ANYCRLF)
+</pre>
+They can also be combined with the (*UTF8), (*UTF16), (*UTF32), (*UTF) or
+(*UCP) special sequences. Inside a character class, \R is treated as an
+unrecognized escape sequence, and so matches the letter "R" by default, but
+causes an error if PCRE_EXTRA is set.
+<a name="uniextseq"></a></P>
+<br><b>
+Unicode character properties
+</b><br>
+<P>
+When PCRE is built with Unicode character property support, three additional
+escape sequences that match characters with specific properties are available.
+When in 8-bit non-UTF-8 mode, these sequences are of course limited to testing
+characters whose codepoints are less than 256, but they do work in this mode.
+The extra escape sequences are:
+<pre>
+  \p{<i>xx</i>}   a character with the <i>xx</i> property
+  \P{<i>xx</i>}   a character without the <i>xx</i> property
+  \X       a Unicode extended grapheme cluster
+</pre>
+The property names represented by <i>xx</i> above are limited to the Unicode
+script names, the general category properties, "Any", which matches any
+character (including newline), and some special PCRE properties (described
+in the
+<a href="#extraprops">next section).</a>
+Other Perl properties such as "InMusicalSymbols" are not currently supported by
+PCRE. Note that \P{Any} does not match any characters, so always causes a
+match failure.
+</P>
+<P>
+Sets of Unicode characters are defined as belonging to certain scripts. A
+character from one of these sets can be matched using a script name. For
+example:
+<pre>
+  \p{Greek}
+  \P{Han}
+</pre>
+Those that are not part of an identified script are lumped together as
+"Common". The current list of scripts is:
+</P>
+<P>
+Arabic,
+Armenian,
+Avestan,
+Balinese,
+Bamum,
+Bassa_Vah,
+Batak,
+Bengali,
+Bopomofo,
+Brahmi,
+Braille,
+Buginese,
+Buhid,
+Canadian_Aboriginal,
+Carian,
+Caucasian_Albanian,
+Chakma,
+Cham,
+Cherokee,
+Common,
+Coptic,
+Cuneiform,
+Cypriot,
+Cyrillic,
+Deseret,
+Devanagari,
+Duployan,
+Egyptian_Hieroglyphs,
+Elbasan,
+Ethiopic,
+Georgian,
+Glagolitic,
+Gothic,
+Grantha,
+Greek,
+Gujarati,
+Gurmukhi,
+Han,
+Hangul,
+Hanunoo,
+Hebrew,
+Hiragana,
+Imperial_Aramaic,
+Inherited,
+Inscriptional_Pahlavi,
+Inscriptional_Parthian,
+Javanese,
+Kaithi,
+Kannada,
+Katakana,
+Kayah_Li,
+Kharoshthi,
+Khmer,
+Khojki,
+Khudawadi,
+Lao,
+Latin,
+Lepcha,
+Limbu,
+Linear_A,
+Linear_B,
+Lisu,
+Lycian,
+Lydian,
+Mahajani,
+Malayalam,
+Mandaic,
+Manichaean,
+Meetei_Mayek,
+Mende_Kikakui,
+Meroitic_Cursive,
+Meroitic_Hieroglyphs,
+Miao,
+Modi,
+Mongolian,
+Mro,
+Myanmar,
+Nabataean,
+New_Tai_Lue,
+Nko,
+Ogham,
+Ol_Chiki,
+Old_Italic,
+Old_North_Arabian,
+Old_Permic,
+Old_Persian,
+Old_South_Arabian,
+Old_Turkic,
+Oriya,
+Osmanya,
+Pahawh_Hmong,
+Palmyrene,
+Pau_Cin_Hau,
+Phags_Pa,
+Phoenician,
+Psalter_Pahlavi,
+Rejang,
+Runic,
+Samaritan,
+Saurashtra,
+Sharada,
+Shavian,
+Siddham,
+Sinhala,
+Sora_Sompeng,
+Sundanese,
+Syloti_Nagri,
+Syriac,
+Tagalog,
+Tagbanwa,
+Tai_Le,
+Tai_Tham,
+Tai_Viet,
+Takri,
+Tamil,
+Telugu,
+Thaana,
+Thai,
+Tibetan,
+Tifinagh,
+Tirhuta,
+Ugaritic,
+Vai,
+Warang_Citi,
+Yi.
+</P>
+<P>
+Each character has exactly one Unicode general category property, specified by
+a two-letter abbreviation. For compatibility with Perl, negation can be
+specified by including a circumflex between the opening brace and the property
+name. For example, \p{^Lu} is the same as \P{Lu}.
+</P>
+<P>
+If only one letter is specified with \p or \P, it includes all the general
+category properties that start with that letter. In this case, in the absence
+of negation, the curly brackets in the escape sequence are optional; these two
+examples have the same effect:
+<pre>
+  \p{L}
+  \pL
+</pre>
+The following general category property codes are supported:
+<pre>
+  C     Other
+  Cc    Control
+  Cf    Format
+  Cn    Unassigned
+  Co    Private use
+  Cs    Surrogate
+
+  L     Letter
+  Ll    Lower case letter
+  Lm    Modifier letter
+  Lo    Other letter
+  Lt    Title case letter
+  Lu    Upper case letter
+
+  M     Mark
+  Mc    Spacing mark
+  Me    Enclosing mark
+  Mn    Non-spacing mark
+
+  N     Number
+  Nd    Decimal number
+  Nl    Letter number
+  No    Other number
+
+  P     Punctuation
+  Pc    Connector punctuation
+  Pd    Dash punctuation
+  Pe    Close punctuation
+  Pf    Final punctuation
+  Pi    Initial punctuation
+  Po    Other punctuation
+  Ps    Open punctuation
+
+  S     Symbol
+  Sc    Currency symbol
+  Sk    Modifier symbol
+  Sm    Mathematical symbol
+  So    Other symbol
+
+  Z     Separator
+  Zl    Line separator
+  Zp    Paragraph separator
+  Zs    Space separator
+</pre>
+The special property L& is also supported: it matches a character that has
+the Lu, Ll, or Lt property, in other words, a letter that is not classified as
+a modifier or "other".
+</P>
+<P>
+The Cs (Surrogate) property applies only to characters in the range U+D800 to
+U+DFFF. Such characters are not valid in Unicode strings and so
+cannot be tested by PCRE, unless UTF validity checking has been turned off
+(see the discussion of PCRE_NO_UTF8_CHECK, PCRE_NO_UTF16_CHECK and
+PCRE_NO_UTF32_CHECK in the
+<a href="pcreapi.html"><b>pcreapi</b></a>
+page). Perl does not support the Cs property.
+</P>
+<P>
+The long synonyms for property names that Perl supports (such as \p{Letter})
+are not supported by PCRE, nor is it permitted to prefix any of these
+properties with "Is".
+</P>
+<P>
+No character that is in the Unicode table has the Cn (unassigned) property.
+Instead, this property is assumed for any code point that is not in the
+Unicode table.
+</P>
+<P>
+Specifying caseless matching does not affect these escape sequences. For
+example, \p{Lu} always matches only upper case letters. This is different from
+the behaviour of current versions of Perl.
+</P>
+<P>
+Matching characters by Unicode property is not fast, because PCRE has to do a
+multistage table lookup in order to find a character's property. That is why
+the traditional escape sequences such as \d and \w do not use Unicode
+properties in PCRE by default, though you can make them do so by setting the
+PCRE_UCP option or by starting the pattern with (*UCP).
+</P>
+<br><b>
+Extended grapheme clusters
+</b><br>
+<P>
+The \X escape matches any number of Unicode characters that form an "extended
+grapheme cluster", and treats the sequence as an atomic group
+<a href="#atomicgroup">(see below).</a>
+Up to and including release 8.31, PCRE matched an earlier, simpler definition
+that was equivalent to
+<pre>
+  (?&#62;\PM\pM*)
+</pre>
+That is, it matched a character without the "mark" property, followed by zero
+or more characters with the "mark" property. Characters with the "mark"
+property are typically non-spacing accents that affect the preceding character.
+</P>
+<P>
+This simple definition was extended in Unicode to include more complicated
+kinds of composite character by giving each character a grapheme breaking
+property, and creating rules that use these properties to define the boundaries
+of extended grapheme clusters. In releases of PCRE later than 8.31, \X matches
+one of these clusters.
+</P>
+<P>
+\X always matches at least one character. Then it decides whether to add
+additional characters according to the following rules for ending a cluster:
+</P>
+<P>
+1. End at the end of the subject string.
+</P>
+<P>
+2. Do not end between CR and LF; otherwise end after any control character.
+</P>
+<P>
+3. Do not break Hangul (a Korean script) syllable sequences. Hangul characters
+are of five types: L, V, T, LV, and LVT. An L character may be followed by an
+L, V, LV, or LVT character; an LV or V character may be followed by a V or T
+character; an LVT or T character may be follwed only by a T character.
+</P>
+<P>
+4. Do not end before extending characters or spacing marks. Characters with
+the "mark" property always have the "extend" grapheme breaking property.
+</P>
+<P>
+5. Do not end after prepend characters.
+</P>
+<P>
+6. Otherwise, end the cluster.
+<a name="extraprops"></a></P>
+<br><b>
+PCRE's additional properties
+</b><br>
+<P>
+As well as the standard Unicode properties described above, PCRE supports four
+more that make it possible to convert traditional escape sequences such as \w
+and \s to use Unicode properties. PCRE uses these non-standard, non-Perl
+properties internally when PCRE_UCP is set. However, they may also be used
+explicitly. These properties are:
+<pre>
+  Xan   Any alphanumeric character
+  Xps   Any POSIX space character
+  Xsp   Any Perl space character
+  Xwd   Any Perl "word" character
+</pre>
+Xan matches characters that have either the L (letter) or the N (number)
+property. Xps matches the characters tab, linefeed, vertical tab, form feed, or
+carriage return, and any other character that has the Z (separator) property.
+Xsp is the same as Xps; it used to exclude vertical tab, for Perl
+compatibility, but Perl changed, and so PCRE followed at release 8.34. Xwd
+matches the same characters as Xan, plus underscore.
+</P>
+<P>
+There is another non-standard property, Xuc, which matches any character that
+can be represented by a Universal Character Name in C++ and other programming
+languages. These are the characters $, @, ` (grave accent), and all characters
+with Unicode code points greater than or equal to U+00A0, except for the
+surrogates U+D800 to U+DFFF. Note that most base (ASCII) characters are
+excluded. (Universal Character Names are of the form \uHHHH or \UHHHHHHHH
+where H is a hexadecimal digit. Note that the Xuc property does not match these
+sequences but the characters that they represent.)
+<a name="resetmatchstart"></a></P>
+<br><b>
+Resetting the match start
+</b><br>
+<P>
+The escape sequence \K causes any previously matched characters not to be
+included in the final matched sequence. For example, the pattern:
+<pre>
+  foo\Kbar
+</pre>
+matches "foobar", but reports that it has matched "bar". This feature is
+similar to a lookbehind assertion
+<a href="#lookbehind">(described below).</a>
+However, in this case, the part of the subject before the real match does not
+have to be of fixed length, as lookbehind assertions do. The use of \K does
+not interfere with the setting of
+<a href="#subpattern">captured substrings.</a>
+For example, when the pattern
+<pre>
+  (foo)\Kbar
+</pre>
+matches "foobar", the first substring is still set to "foo".
+</P>
+<P>
+Perl documents that the use of \K within assertions is "not well defined". In
+PCRE, \K is acted upon when it occurs inside positive assertions, but is
+ignored in negative assertions. Note that when a pattern such as (?=ab\K)
+matches, the reported start of the match can be greater than the end of the
+match.
+<a name="smallassertions"></a></P>
+<br><b>
+Simple assertions
+</b><br>
+<P>
+The final use of backslash is for certain simple assertions. An assertion
+specifies a condition that has to be met at a particular point in a match,
+without consuming any characters from the subject string. The use of
+subpatterns for more complicated assertions is described
+<a href="#bigassertions">below.</a>
+The backslashed assertions are:
+<pre>
+  \b     matches at a word boundary
+  \B     matches when not at a word boundary
+  \A     matches at the start of the subject
+  \Z     matches at the end of the subject
+          also matches before a newline at the end of the subject
+  \z     matches only at the end of the subject
+  \G     matches at the first matching position in the subject
+</pre>
+Inside a character class, \b has a different meaning; it matches the backspace
+character. If any other of these assertions appears in a character class, by
+default it matches the corresponding literal character (for example, \B
+matches the letter B). However, if the PCRE_EXTRA option is set, an "invalid
+escape sequence" error is generated instead.
+</P>
+<P>
+A word boundary is a position in the subject string where the current character
+and the previous character do not both match \w or \W (i.e. one matches
+\w and the other matches \W), or the start or end of the string if the
+first or last character matches \w, respectively. In a UTF mode, the meanings
+of \w and \W can be changed by setting the PCRE_UCP option. When this is
+done, it also affects \b and \B. Neither PCRE nor Perl has a separate "start
+of word" or "end of word" metasequence. However, whatever follows \b normally
+determines which it is. For example, the fragment \ba matches "a" at the start
+of a word.
+</P>
+<P>
+The \A, \Z, and \z assertions differ from the traditional circumflex and
+dollar (described in the next section) in that they only ever match at the very
+start and end of the subject string, whatever options are set. Thus, they are
+independent of multiline mode. These three assertions are not affected by the
+PCRE_NOTBOL or PCRE_NOTEOL options, which affect only the behaviour of the
+circumflex and dollar metacharacters. However, if the <i>startoffset</i>
+argument of <b>pcre_exec()</b> is non-zero, indicating that matching is to start
+at a point other than the beginning of the subject, \A can never match. The
+difference between \Z and \z is that \Z matches before a newline at the end
+of the string as well as at the very end, whereas \z matches only at the end.
+</P>
+<P>
+The \G assertion is true only when the current matching position is at the
+start point of the match, as specified by the <i>startoffset</i> argument of
+<b>pcre_exec()</b>. It differs from \A when the value of <i>startoffset</i> is
+non-zero. By calling <b>pcre_exec()</b> multiple times with appropriate
+arguments, you can mimic Perl's /g option, and it is in this kind of
+implementation where \G can be useful.
+</P>
+<P>
+Note, however, that PCRE's interpretation of \G, as the start of the current
+match, is subtly different from Perl's, which defines it as the end of the
+previous match. In Perl, these can be different when the previously matched
+string was empty. Because PCRE does just one match at a time, it cannot
+reproduce this behaviour.
+</P>
+<P>
+If all the alternatives of a pattern begin with \G, the expression is anchored
+to the starting match position, and the "anchored" flag is set in the compiled
+regular expression.
+</P>
+<br><a name="SEC6" href="#TOC1">CIRCUMFLEX AND DOLLAR</a><br>
+<P>
+The circumflex and dollar metacharacters are zero-width assertions. That is,
+they test for a particular condition being true without consuming any
+characters from the subject string.
+</P>
+<P>
+Outside a character class, in the default matching mode, the circumflex
+character is an assertion that is true only if the current matching point is at
+the start of the subject string. If the <i>startoffset</i> argument of
+<b>pcre_exec()</b> is non-zero, circumflex can never match if the PCRE_MULTILINE
+option is unset. Inside a character class, circumflex has an entirely different
+meaning
+<a href="#characterclass">(see below).</a>
+</P>
+<P>
+Circumflex need not be the first character of the pattern if a number of
+alternatives are involved, but it should be the first thing in each alternative
+in which it appears if the pattern is ever to match that branch. If all
+possible alternatives start with a circumflex, that is, if the pattern is
+constrained to match only at the start of the subject, it is said to be an
+"anchored" pattern. (There are also other constructs that can cause a pattern
+to be anchored.)
+</P>
+<P>
+The dollar character is an assertion that is true only if the current matching
+point is at the end of the subject string, or immediately before a newline at
+the end of the string (by default). Note, however, that it does not actually
+match the newline. Dollar need not be the last character of the pattern if a
+number of alternatives are involved, but it should be the last item in any
+branch in which it appears. Dollar has no special meaning in a character class.
+</P>
+<P>
+The meaning of dollar can be changed so that it matches only at the very end of
+the string, by setting the PCRE_DOLLAR_ENDONLY option at compile time. This
+does not affect the \Z assertion.
+</P>
+<P>
+The meanings of the circumflex and dollar characters are changed if the
+PCRE_MULTILINE option is set. When this is the case, a circumflex matches
+immediately after internal newlines as well as at the start of the subject
+string. It does not match after a newline that ends the string. A dollar
+matches before any newlines in the string, as well as at the very end, when
+PCRE_MULTILINE is set. When newline is specified as the two-character
+sequence CRLF, isolated CR and LF characters do not indicate newlines.
+</P>
+<P>
+For example, the pattern /^abc$/ matches the subject string "def\nabc" (where
+\n represents a newline) in multiline mode, but not otherwise. Consequently,
+patterns that are anchored in single line mode because all branches start with
+^ are not anchored in multiline mode, and a match for circumflex is possible
+when the <i>startoffset</i> argument of <b>pcre_exec()</b> is non-zero. The
+PCRE_DOLLAR_ENDONLY option is ignored if PCRE_MULTILINE is set.
+</P>
+<P>
+Note that the sequences \A, \Z, and \z can be used to match the start and
+end of the subject in both modes, and if all branches of a pattern start with
+\A it is always anchored, whether or not PCRE_MULTILINE is set.
+<a name="fullstopdot"></a></P>
+<br><a name="SEC7" href="#TOC1">FULL STOP (PERIOD, DOT) AND \N</a><br>
+<P>
+Outside a character class, a dot in the pattern matches any one character in
+the subject string except (by default) a character that signifies the end of a
+line.
+</P>
+<P>
+When a line ending is defined as a single character, dot never matches that
+character; when the two-character sequence CRLF is used, dot does not match CR
+if it is immediately followed by LF, but otherwise it matches all characters
+(including isolated CRs and LFs). When any Unicode line endings are being
+recognized, dot does not match CR or LF or any of the other line ending
+characters.
+</P>
+<P>
+The behaviour of dot with regard to newlines can be changed. If the PCRE_DOTALL
+option is set, a dot matches any one character, without exception. If the
+two-character sequence CRLF is present in the subject string, it takes two dots
+to match it.
+</P>
+<P>
+The handling of dot is entirely independent of the handling of circumflex and
+dollar, the only relationship being that they both involve newlines. Dot has no
+special meaning in a character class.
+</P>
+<P>
+The escape sequence \N behaves like a dot, except that it is not affected by
+the PCRE_DOTALL option. In other words, it matches any character except one
+that signifies the end of a line. Perl also uses \N to match characters by
+name; PCRE does not support this.
+</P>
+<br><a name="SEC8" href="#TOC1">MATCHING A SINGLE DATA UNIT</a><br>
+<P>
+Outside a character class, the escape sequence \C matches any one data unit,
+whether or not a UTF mode is set. In the 8-bit library, one data unit is one
+byte; in the 16-bit library it is a 16-bit unit; in the 32-bit library it is
+a 32-bit unit. Unlike a dot, \C always
+matches line-ending characters. The feature is provided in Perl in order to
+match individual bytes in UTF-8 mode, but it is unclear how it can usefully be
+used. Because \C breaks up characters into individual data units, matching one
+unit with \C in a UTF mode means that the rest of the string may start with a
+malformed UTF character. This has undefined results, because PCRE assumes that
+it is dealing with valid UTF strings (and by default it checks this at the
+start of processing unless the PCRE_NO_UTF8_CHECK, PCRE_NO_UTF16_CHECK or
+PCRE_NO_UTF32_CHECK option is used).
+</P>
+<P>
+PCRE does not allow \C to appear in lookbehind assertions
+<a href="#lookbehind">(described below)</a>
+in a UTF mode, because this would make it impossible to calculate the length of
+the lookbehind.
+</P>
+<P>
+In general, the \C escape sequence is best avoided. However, one
+way of using it that avoids the problem of malformed UTF characters is to use a
+lookahead to check the length of the next character, as in this pattern, which
+could be used with a UTF-8 string (ignore white space and line breaks):
+<pre>
+  (?| (?=[\x00-\x7f])(\C) |
+      (?=[\x80-\x{7ff}])(\C)(\C) |
+      (?=[\x{800}-\x{ffff}])(\C)(\C)(\C) |
+      (?=[\x{10000}-\x{1fffff}])(\C)(\C)(\C)(\C))
+</pre>
+A group that starts with (?| resets the capturing parentheses numbers in each
+alternative (see
+<a href="#dupsubpatternnumber">"Duplicate Subpattern Numbers"</a>
+below). The assertions at the start of each branch check the next UTF-8
+character for values whose encoding uses 1, 2, 3, or 4 bytes, respectively. The
+character's individual bytes are then captured by the appropriate number of
+groups.
+<a name="characterclass"></a></P>
+<br><a name="SEC9" href="#TOC1">SQUARE BRACKETS AND CHARACTER CLASSES</a><br>
+<P>
+An opening square bracket introduces a character class, terminated by a closing
+square bracket. A closing square bracket on its own is not special by default.
+However, if the PCRE_JAVASCRIPT_COMPAT option is set, a lone closing square
+bracket causes a compile-time error. If a closing square bracket is required as
+a member of the class, it should be the first data character in the class
+(after an initial circumflex, if present) or escaped with a backslash.
+</P>
+<P>
+A character class matches a single character in the subject. In a UTF mode, the
+character may be more than one data unit long. A matched character must be in
+the set of characters defined by the class, unless the first character in the
+class definition is a circumflex, in which case the subject character must not
+be in the set defined by the class. If a circumflex is actually required as a
+member of the class, ensure it is not the first character, or escape it with a
+backslash.
+</P>
+<P>
+For example, the character class [aeiou] matches any lower case vowel, while
+[^aeiou] matches any character that is not a lower case vowel. Note that a
+circumflex is just a convenient notation for specifying the characters that
+are in the class by enumerating those that are not. A class that starts with a
+circumflex is not an assertion; it still consumes a character from the subject
+string, and therefore it fails if the current pointer is at the end of the
+string.
+</P>
+<P>
+In UTF-8 (UTF-16, UTF-32) mode, characters with values greater than 255 (0xffff)
+can be included in a class as a literal string of data units, or by using the
+\x{ escaping mechanism.
+</P>
+<P>
+When caseless matching is set, any letters in a class represent both their
+upper case and lower case versions, so for example, a caseless [aeiou] matches
+"A" as well as "a", and a caseless [^aeiou] does not match "A", whereas a
+caseful version would. In a UTF mode, PCRE always understands the concept of
+case for characters whose values are less than 128, so caseless matching is
+always possible. For characters with higher values, the concept of case is
+supported if PCRE is compiled with Unicode property support, but not otherwise.
+If you want to use caseless matching in a UTF mode for characters 128 and
+above, you must ensure that PCRE is compiled with Unicode property support as
+well as with UTF support.
+</P>
+<P>
+Characters that might indicate line breaks are never treated in any special way
+when matching character classes, whatever line-ending sequence is in use, and
+whatever setting of the PCRE_DOTALL and PCRE_MULTILINE options is used. A class
+such as [^a] always matches one of these characters.
+</P>
+<P>
+The minus (hyphen) character can be used to specify a range of characters in a
+character class. For example, [d-m] matches any letter between d and m,
+inclusive. If a minus character is required in a class, it must be escaped with
+a backslash or appear in a position where it cannot be interpreted as
+indicating a range, typically as the first or last character in the class, or
+immediately after a range. For example, [b-d-z] matches letters in the range b
+to d, a hyphen character, or z.
+</P>
+<P>
+It is not possible to have the literal character "]" as the end character of a
+range. A pattern such as [W-]46] is interpreted as a class of two characters
+("W" and "-") followed by a literal string "46]", so it would match "W46]" or
+"-46]". However, if the "]" is escaped with a backslash it is interpreted as
+the end of range, so [W-\]46] is interpreted as a class containing a range
+followed by two other characters. The octal or hexadecimal representation of
+"]" can also be used to end a range.
+</P>
+<P>
+An error is generated if a POSIX character class (see below) or an escape
+sequence other than one that defines a single character appears at a point
+where a range ending character is expected. For example, [z-\xff] is valid,
+but [A-\d] and [A-[:digit:]] are not.
+</P>
+<P>
+Ranges operate in the collating sequence of character values. They can also be
+used for characters specified numerically, for example [\000-\037]. Ranges
+can include any characters that are valid for the current mode.
+</P>
+<P>
+If a range that includes letters is used when caseless matching is set, it
+matches the letters in either case. For example, [W-c] is equivalent to
+[][\\^_`wxyzabc], matched caselessly, and in a non-UTF mode, if character
+tables for a French locale are in use, [\xc8-\xcb] matches accented E
+characters in both cases. In UTF modes, PCRE supports the concept of case for
+characters with values greater than 128 only when it is compiled with Unicode
+property support.
+</P>
+<P>
+The character escape sequences \d, \D, \h, \H, \p, \P, \s, \S, \v,
+\V, \w, and \W may appear in a character class, and add the characters that
+they match to the class. For example, [\dABCDEF] matches any hexadecimal
+digit. In UTF modes, the PCRE_UCP option affects the meanings of \d, \s, \w
+and their upper case partners, just as it does when they appear outside a
+character class, as described in the section entitled
+<a href="#genericchartypes">"Generic character types"</a>
+above. The escape sequence \b has a different meaning inside a character
+class; it matches the backspace character. The sequences \B, \N, \R, and \X
+are not special inside a character class. Like any other unrecognized escape
+sequences, they are treated as the literal characters "B", "N", "R", and "X" by
+default, but cause an error if the PCRE_EXTRA option is set.
+</P>
+<P>
+A circumflex can conveniently be used with the upper case character types to
+specify a more restricted set of characters than the matching lower case type.
+For example, the class [^\W_] matches any letter or digit, but not underscore,
+whereas [\w] includes underscore. A positive character class should be read as
+"something OR something OR ..." and a negative class as "NOT something AND NOT
+something AND NOT ...".
+</P>
+<P>
+The only metacharacters that are recognized in character classes are backslash,
+hyphen (only where it can be interpreted as specifying a range), circumflex
+(only at the start), opening square bracket (only when it can be interpreted as
+introducing a POSIX class name, or for a special compatibility feature - see
+the next two sections), and the terminating closing square bracket. However,
+escaping other non-alphanumeric characters does no harm.
+</P>
+<br><a name="SEC10" href="#TOC1">POSIX CHARACTER CLASSES</a><br>
+<P>
+Perl supports the POSIX notation for character classes. This uses names
+enclosed by [: and :] within the enclosing square brackets. PCRE also supports
+this notation. For example,
+<pre>
+  [01[:alpha:]%]
+</pre>
+matches "0", "1", any alphabetic character, or "%". The supported class names
+are:
+<pre>
+  alnum    letters and digits
+  alpha    letters
+  ascii    character codes 0 - 127
+  blank    space or tab only
+  cntrl    control characters
+  digit    decimal digits (same as \d)
+  graph    printing characters, excluding space
+  lower    lower case letters
+  print    printing characters, including space
+  punct    printing characters, excluding letters and digits and space
+  space    white space (the same as \s from PCRE 8.34)
+  upper    upper case letters
+  word     "word" characters (same as \w)
+  xdigit   hexadecimal digits
+</pre>
+The default "space" characters are HT (9), LF (10), VT (11), FF (12), CR (13),
+and space (32). If locale-specific matching is taking place, the list of space
+characters may be different; there may be fewer or more of them. "Space" used
+to be different to \s, which did not include VT, for Perl compatibility.
+However, Perl changed at release 5.18, and PCRE followed at release 8.34.
+"Space" and \s now match the same set of characters.
+</P>
+<P>
+The name "word" is a Perl extension, and "blank" is a GNU extension from Perl
+5.8. Another Perl extension is negation, which is indicated by a ^ character
+after the colon. For example,
+<pre>
+  [12[:^digit:]]
+</pre>
+matches "1", "2", or any non-digit. PCRE (and Perl) also recognize the POSIX
+syntax [.ch.] and [=ch=] where "ch" is a "collating element", but these are not
+supported, and an error is given if they are encountered.
+</P>
+<P>
+By default, characters with values greater than 128 do not match any of the
+POSIX character classes. However, if the PCRE_UCP option is passed to
+<b>pcre_compile()</b>, some of the classes are changed so that Unicode character
+properties are used. This is achieved by replacing certain POSIX classes by
+other sequences, as follows:
+<pre>
+  [:alnum:]  becomes  \p{Xan}
+  [:alpha:]  becomes  \p{L}
+  [:blank:]  becomes  \h
+  [:digit:]  becomes  \p{Nd}
+  [:lower:]  becomes  \p{Ll}
+  [:space:]  becomes  \p{Xps}
+  [:upper:]  becomes  \p{Lu}
+  [:word:]   becomes  \p{Xwd}
+</pre>
+Negated versions, such as [:^alpha:] use \P instead of \p. Three other POSIX
+classes are handled specially in UCP mode:
+</P>
+<P>
+[:graph:]
+This matches characters that have glyphs that mark the page when printed. In
+Unicode property terms, it matches all characters with the L, M, N, P, S, or Cf
+properties, except for:
+<pre>
+  U+061C           Arabic Letter Mark
+  U+180E           Mongolian Vowel Separator
+  U+2066 - U+2069  Various "isolate"s
+
+</PRE>
+</P>
+<P>
+[:print:]
+This matches the same characters as [:graph:] plus space characters that are
+not controls, that is, characters with the Zs property.
+</P>
+<P>
+[:punct:]
+This matches all characters that have the Unicode P (punctuation) property,
+plus those characters whose code points are less than 128 that have the S
+(Symbol) property.
+</P>
+<P>
+The other POSIX classes are unchanged, and match only characters with code
+points less than 128.
+</P>
+<br><a name="SEC11" href="#TOC1">COMPATIBILITY FEATURE FOR WORD BOUNDARIES</a><br>
+<P>
+In the POSIX.2 compliant library that was included in 4.4BSD Unix, the ugly
+syntax [[:&#60;:]] and [[:&#62;:]] is used for matching "start of word" and "end of
+word". PCRE treats these items as follows:
+<pre>
+  [[:&#60;:]]  is converted to  \b(?=\w)
+  [[:&#62;:]]  is converted to  \b(?&#60;=\w)
+</pre>
+Only these exact character sequences are recognized. A sequence such as
+[a[:&#60;:]b] provokes error for an unrecognized POSIX class name. This support is
+not compatible with Perl. It is provided to help migrations from other
+environments, and is best not used in any new patterns. Note that \b matches
+at the start and the end of a word (see
+<a href="#smallassertions">"Simple assertions"</a>
+above), and in a Perl-style pattern the preceding or following character
+normally shows which is wanted, without the need for the assertions that are
+used above in order to give exactly the POSIX behaviour.
+</P>
+<br><a name="SEC12" href="#TOC1">VERTICAL BAR</a><br>
+<P>
+Vertical bar characters are used to separate alternative patterns. For example,
+the pattern
+<pre>
+  gilbert|sullivan
+</pre>
+matches either "gilbert" or "sullivan". Any number of alternatives may appear,
+and an empty alternative is permitted (matching the empty string). The matching
+process tries each alternative in turn, from left to right, and the first one
+that succeeds is used. If the alternatives are within a subpattern
+<a href="#subpattern">(defined below),</a>
+"succeeds" means matching the rest of the main pattern as well as the
+alternative in the subpattern.
+</P>
+<br><a name="SEC13" href="#TOC1">INTERNAL OPTION SETTING</a><br>
+<P>
+The settings of the PCRE_CASELESS, PCRE_MULTILINE, PCRE_DOTALL, and
+PCRE_EXTENDED options (which are Perl-compatible) can be changed from within
+the pattern by a sequence of Perl option letters enclosed between "(?" and ")".
+The option letters are
+<pre>
+  i  for PCRE_CASELESS
+  m  for PCRE_MULTILINE
+  s  for PCRE_DOTALL
+  x  for PCRE_EXTENDED
+</pre>
+For example, (?im) sets caseless, multiline matching. It is also possible to
+unset these options by preceding the letter with a hyphen, and a combined
+setting and unsetting such as (?im-sx), which sets PCRE_CASELESS and
+PCRE_MULTILINE while unsetting PCRE_DOTALL and PCRE_EXTENDED, is also
+permitted. If a letter appears both before and after the hyphen, the option is
+unset.
+</P>
+<P>
+The PCRE-specific options PCRE_DUPNAMES, PCRE_UNGREEDY, and PCRE_EXTRA can be
+changed in the same way as the Perl-compatible options by using the characters
+J, U and X respectively.
+</P>
+<P>
+When one of these option changes occurs at top level (that is, not inside
+subpattern parentheses), the change applies to the remainder of the pattern
+that follows. An option change within a subpattern (see below for a description
+of subpatterns) affects only that part of the subpattern that follows it, so
+<pre>
+  (a(?i)b)c
+</pre>
+matches abc and aBc and no other strings (assuming PCRE_CASELESS is not used).
+By this means, options can be made to have different settings in different
+parts of the pattern. Any changes made in one alternative do carry on
+into subsequent branches within the same subpattern. For example,
+<pre>
+  (a(?i)b|c)
+</pre>
+matches "ab", "aB", "c", and "C", even though when matching "C" the first
+branch is abandoned before the option setting. This is because the effects of
+option settings happen at compile time. There would be some very weird
+behaviour otherwise.
+</P>
+<P>
+<b>Note:</b> There are other PCRE-specific options that can be set by the
+application when the compiling or matching functions are called. In some cases
+the pattern can contain special leading sequences such as (*CRLF) to override
+what the application has set or what has been defaulted. Details are given in
+the section entitled
+<a href="#newlineseq">"Newline sequences"</a>
+above. There are also the (*UTF8), (*UTF16),(*UTF32), and (*UCP) leading
+sequences that can be used to set UTF and Unicode property modes; they are
+equivalent to setting the PCRE_UTF8, PCRE_UTF16, PCRE_UTF32 and the PCRE_UCP
+options, respectively. The (*UTF) sequence is a generic version that can be
+used with any of the libraries. However, the application can set the
+PCRE_NEVER_UTF option, which locks out the use of the (*UTF) sequences.
+<a name="subpattern"></a></P>
+<br><a name="SEC14" href="#TOC1">SUBPATTERNS</a><br>
+<P>
+Subpatterns are delimited by parentheses (round brackets), which can be nested.
+Turning part of a pattern into a subpattern does two things:
+<br>
+<br>
+1. It localizes a set of alternatives. For example, the pattern
+<pre>
+  cat(aract|erpillar|)
+</pre>
+matches "cataract", "caterpillar", or "cat". Without the parentheses, it would
+match "cataract", "erpillar" or an empty string.
+<br>
+<br>
+2. It sets up the subpattern as a capturing subpattern. This means that, when
+the whole pattern matches, that portion of the subject string that matched the
+subpattern is passed back to the caller via the <i>ovector</i> argument of the
+matching function. (This applies only to the traditional matching functions;
+the DFA matching functions do not support capturing.)
+</P>
+<P>
+Opening parentheses are counted from left to right (starting from 1) to obtain
+numbers for the capturing subpatterns. For example, if the string "the red
+king" is matched against the pattern
+<pre>
+  the ((red|white) (king|queen))
+</pre>
+the captured substrings are "red king", "red", and "king", and are numbered 1,
+2, and 3, respectively.
+</P>
+<P>
+The fact that plain parentheses fulfil two functions is not always helpful.
+There are often times when a grouping subpattern is required without a
+capturing requirement. If an opening parenthesis is followed by a question mark
+and a colon, the subpattern does not do any capturing, and is not counted when
+computing the number of any subsequent capturing subpatterns. For example, if
+the string "the white queen" is matched against the pattern
+<pre>
+  the ((?:red|white) (king|queen))
+</pre>
+the captured substrings are "white queen" and "queen", and are numbered 1 and
+2. The maximum number of capturing subpatterns is 65535.
+</P>
+<P>
+As a convenient shorthand, if any option settings are required at the start of
+a non-capturing subpattern, the option letters may appear between the "?" and
+the ":". Thus the two patterns
+<pre>
+  (?i:saturday|sunday)
+  (?:(?i)saturday|sunday)
+</pre>
+match exactly the same set of strings. Because alternative branches are tried
+from left to right, and options are not reset until the end of the subpattern
+is reached, an option setting in one branch does affect subsequent branches, so
+the above patterns match "SUNDAY" as well as "Saturday".
+<a name="dupsubpatternnumber"></a></P>
+<br><a name="SEC15" href="#TOC1">DUPLICATE SUBPATTERN NUMBERS</a><br>
+<P>
+Perl 5.10 introduced a feature whereby each alternative in a subpattern uses
+the same numbers for its capturing parentheses. Such a subpattern starts with
+(?| and is itself a non-capturing subpattern. For example, consider this
+pattern:
+<pre>
+  (?|(Sat)ur|(Sun))day
+</pre>
+Because the two alternatives are inside a (?| group, both sets of capturing
+parentheses are numbered one. Thus, when the pattern matches, you can look
+at captured substring number one, whichever alternative matched. This construct
+is useful when you want to capture part, but not all, of one of a number of
+alternatives. Inside a (?| group, parentheses are numbered as usual, but the
+number is reset at the start of each branch. The numbers of any capturing
+parentheses that follow the subpattern start after the highest number used in
+any branch. The following example is taken from the Perl documentation. The
+numbers underneath show in which buffer the captured content will be stored.
+<pre>
+  # before  ---------------branch-reset----------- after
+  / ( a )  (?| x ( y ) z | (p (q) r) | (t) u (v) ) ( z ) /x
+  # 1            2         2  3        2     3     4
+</pre>
+A back reference to a numbered subpattern uses the most recent value that is
+set for that number by any subpattern. The following pattern matches "abcabc"
+or "defdef":
+<pre>
+  /(?|(abc)|(def))\1/
+</pre>
+In contrast, a subroutine call to a numbered subpattern always refers to the
+first one in the pattern with the given number. The following pattern matches
+"abcabc" or "defabc":
+<pre>
+  /(?|(abc)|(def))(?1)/
+</pre>
+If a
+<a href="#conditions">condition test</a>
+for a subpattern's having matched refers to a non-unique number, the test is
+true if any of the subpatterns of that number have matched.
+</P>
+<P>
+An alternative approach to using this "branch reset" feature is to use
+duplicate named subpatterns, as described in the next section.
+</P>
+<br><a name="SEC16" href="#TOC1">NAMED SUBPATTERNS</a><br>
+<P>
+Identifying capturing parentheses by number is simple, but it can be very hard
+to keep track of the numbers in complicated regular expressions. Furthermore,
+if an expression is modified, the numbers may change. To help with this
+difficulty, PCRE supports the naming of subpatterns. This feature was not
+added to Perl until release 5.10. Python had the feature earlier, and PCRE
+introduced it at release 4.0, using the Python syntax. PCRE now supports both
+the Perl and the Python syntax. Perl allows identically numbered subpatterns to
+have different names, but PCRE does not.
+</P>
+<P>
+In PCRE, a subpattern can be named in one of three ways: (?&#60;name&#62;...) or
+(?'name'...) as in Perl, or (?P&#60;name&#62;...) as in Python. References to capturing
+parentheses from other parts of the pattern, such as
+<a href="#backreferences">back references,</a>
+<a href="#recursion">recursion,</a>
+and
+<a href="#conditions">conditions,</a>
+can be made by name as well as by number.
+</P>
+<P>
+Names consist of up to 32 alphanumeric characters and underscores, but must
+start with a non-digit. Named capturing parentheses are still allocated numbers
+as well as names, exactly as if the names were not present. The PCRE API
+provides function calls for extracting the name-to-number translation table
+from a compiled pattern. There is also a convenience function for extracting a
+captured substring by name.
+</P>
+<P>
+By default, a name must be unique within a pattern, but it is possible to relax
+this constraint by setting the PCRE_DUPNAMES option at compile time. (Duplicate
+names are also always permitted for subpatterns with the same number, set up as
+described in the previous section.) Duplicate names can be useful for patterns
+where only one instance of the named parentheses can match. Suppose you want to
+match the name of a weekday, either as a 3-letter abbreviation or as the full
+name, and in both cases you want to extract the abbreviation. This pattern
+(ignoring the line breaks) does the job:
+<pre>
+  (?&#60;DN&#62;Mon|Fri|Sun)(?:day)?|
+  (?&#60;DN&#62;Tue)(?:sday)?|
+  (?&#60;DN&#62;Wed)(?:nesday)?|
+  (?&#60;DN&#62;Thu)(?:rsday)?|
+  (?&#60;DN&#62;Sat)(?:urday)?
+</pre>
+There are five capturing substrings, but only one is ever set after a match.
+(An alternative way of solving this problem is to use a "branch reset"
+subpattern, as described in the previous section.)
+</P>
+<P>
+The convenience function for extracting the data by name returns the substring
+for the first (and in this example, the only) subpattern of that name that
+matched. This saves searching to find which numbered subpattern it was.
+</P>
+<P>
+If you make a back reference to a non-unique named subpattern from elsewhere in
+the pattern, the subpatterns to which the name refers are checked in the order
+in which they appear in the overall pattern. The first one that is set is used
+for the reference. For example, this pattern matches both "foofoo" and
+"barbar" but not "foobar" or "barfoo":
+<pre>
+  (?:(?&#60;n&#62;foo)|(?&#60;n&#62;bar))\k&#60;n&#62;
+
+</PRE>
+</P>
+<P>
+If you make a subroutine call to a non-unique named subpattern, the one that
+corresponds to the first occurrence of the name is used. In the absence of
+duplicate numbers (see the previous section) this is the one with the lowest
+number.
+</P>
+<P>
+If you use a named reference in a condition
+test (see the
+<a href="#conditions">section about conditions</a>
+below), either to check whether a subpattern has matched, or to check for
+recursion, all subpatterns with the same name are tested. If the condition is
+true for any one of them, the overall condition is true. This is the same
+behaviour as testing by number. For further details of the interfaces for
+handling named subpatterns, see the
+<a href="pcreapi.html"><b>pcreapi</b></a>
+documentation.
+</P>
+<P>
+<b>Warning:</b> You cannot use different names to distinguish between two
+subpatterns with the same number because PCRE uses only the numbers when
+matching. For this reason, an error is given at compile time if different names
+are given to subpatterns with the same number. However, you can always give the
+same name to subpatterns with the same number, even when PCRE_DUPNAMES is not
+set.
+</P>
+<br><a name="SEC17" href="#TOC1">REPETITION</a><br>
+<P>
+Repetition is specified by quantifiers, which can follow any of the following
+items:
+<pre>
+  a literal data character
+  the dot metacharacter
+  the \C escape sequence
+  the \X escape sequence
+  the \R escape sequence
+  an escape such as \d or \pL that matches a single character
+  a character class
+  a back reference (see next section)
+  a parenthesized subpattern (including assertions)
+  a subroutine call to a subpattern (recursive or otherwise)
+</pre>
+The general repetition quantifier specifies a minimum and maximum number of
+permitted matches, by giving the two numbers in curly brackets (braces),
+separated by a comma. The numbers must be less than 65536, and the first must
+be less than or equal to the second. For example:
+<pre>
+  z{2,4}
+</pre>
+matches "zz", "zzz", or "zzzz". A closing brace on its own is not a special
+character. If the second number is omitted, but the comma is present, there is
+no upper limit; if the second number and the comma are both omitted, the
+quantifier specifies an exact number of required matches. Thus
+<pre>
+  [aeiou]{3,}
+</pre>
+matches at least 3 successive vowels, but may match many more, while
+<pre>
+  \d{8}
+</pre>
+matches exactly 8 digits. An opening curly bracket that appears in a position
+where a quantifier is not allowed, or one that does not match the syntax of a
+quantifier, is taken as a literal character. For example, {,6} is not a
+quantifier, but a literal string of four characters.
+</P>
+<P>
+In UTF modes, quantifiers apply to characters rather than to individual data
+units. Thus, for example, \x{100}{2} matches two characters, each of
+which is represented by a two-byte sequence in a UTF-8 string. Similarly,
+\X{3} matches three Unicode extended grapheme clusters, each of which may be
+several data units long (and they may be of different lengths).
+</P>
+<P>
+The quantifier {0} is permitted, causing the expression to behave as if the
+previous item and the quantifier were not present. This may be useful for
+subpatterns that are referenced as
+<a href="#subpatternsassubroutines">subroutines</a>
+from elsewhere in the pattern (but see also the section entitled
+<a href="#subdefine">"Defining subpatterns for use by reference only"</a>
+below). Items other than subpatterns that have a {0} quantifier are omitted
+from the compiled pattern.
+</P>
+<P>
+For convenience, the three most common quantifiers have single-character
+abbreviations:
+<pre>
+  *    is equivalent to {0,}
+  +    is equivalent to {1,}
+  ?    is equivalent to {0,1}
+</pre>
+It is possible to construct infinite loops by following a subpattern that can
+match no characters with a quantifier that has no upper limit, for example:
+<pre>
+  (a?)*
+</pre>
+Earlier versions of Perl and PCRE used to give an error at compile time for
+such patterns. However, because there are cases where this can be useful, such
+patterns are now accepted, but if any repetition of the subpattern does in fact
+match no characters, the loop is forcibly broken.
+</P>
+<P>
+By default, the quantifiers are "greedy", that is, they match as much as
+possible (up to the maximum number of permitted times), without causing the
+rest of the pattern to fail. The classic example of where this gives problems
+is in trying to match comments in C programs. These appear between /* and */
+and within the comment, individual * and / characters may appear. An attempt to
+match C comments by applying the pattern
+<pre>
+  /\*.*\*/
+</pre>
+to the string
+<pre>
+  /* first comment */  not comment  /* second comment */
+</pre>
+fails, because it matches the entire string owing to the greediness of the .*
+item.
+</P>
+<P>
+However, if a quantifier is followed by a question mark, it ceases to be
+greedy, and instead matches the minimum number of times possible, so the
+pattern
+<pre>
+  /\*.*?\*/
+</pre>
+does the right thing with the C comments. The meaning of the various
+quantifiers is not otherwise changed, just the preferred number of matches.
+Do not confuse this use of question mark with its use as a quantifier in its
+own right. Because it has two uses, it can sometimes appear doubled, as in
+<pre>
+  \d??\d
+</pre>
+which matches one digit by preference, but can match two if that is the only
+way the rest of the pattern matches.
+</P>
+<P>
+If the PCRE_UNGREEDY option is set (an option that is not available in Perl),
+the quantifiers are not greedy by default, but individual ones can be made
+greedy by following them with a question mark. In other words, it inverts the
+default behaviour.
+</P>
+<P>
+When a parenthesized subpattern is quantified with a minimum repeat count that
+is greater than 1 or with a limited maximum, more memory is required for the
+compiled pattern, in proportion to the size of the minimum or maximum.
+</P>
+<P>
+If a pattern starts with .* or .{0,} and the PCRE_DOTALL option (equivalent
+to Perl's /s) is set, thus allowing the dot to match newlines, the pattern is
+implicitly anchored, because whatever follows will be tried against every
+character position in the subject string, so there is no point in retrying the
+overall match at any position after the first. PCRE normally treats such a
+pattern as though it were preceded by \A.
+</P>
+<P>
+In cases where it is known that the subject string contains no newlines, it is
+worth setting PCRE_DOTALL in order to obtain this optimization, or
+alternatively using ^ to indicate anchoring explicitly.
+</P>
+<P>
+However, there are some cases where the optimization cannot be used. When .*
+is inside capturing parentheses that are the subject of a back reference
+elsewhere in the pattern, a match at the start may fail where a later one
+succeeds. Consider, for example:
+<pre>
+  (.*)abc\1
+</pre>
+If the subject is "xyz123abc123" the match point is the fourth character. For
+this reason, such a pattern is not implicitly anchored.
+</P>
+<P>
+Another case where implicit anchoring is not applied is when the leading .* is
+inside an atomic group. Once again, a match at the start may fail where a later
+one succeeds. Consider this pattern:
+<pre>
+  (?&#62;.*?a)b
+</pre>
+It matches "ab" in the subject "aab". The use of the backtracking control verbs
+(*PRUNE) and (*SKIP) also disable this optimization.
+</P>
+<P>
+When a capturing subpattern is repeated, the value captured is the substring
+that matched the final iteration. For example, after
+<pre>
+  (tweedle[dume]{3}\s*)+
+</pre>
+has matched "tweedledum tweedledee" the value of the captured substring is
+"tweedledee". However, if there are nested capturing subpatterns, the
+corresponding captured values may have been set in previous iterations. For
+example, after
+<pre>
+  /(a|(b))+/
+</pre>
+matches "aba" the value of the second captured substring is "b".
+<a name="atomicgroup"></a></P>
+<br><a name="SEC18" href="#TOC1">ATOMIC GROUPING AND POSSESSIVE QUANTIFIERS</a><br>
+<P>
+With both maximizing ("greedy") and minimizing ("ungreedy" or "lazy")
+repetition, failure of what follows normally causes the repeated item to be
+re-evaluated to see if a different number of repeats allows the rest of the
+pattern to match. Sometimes it is useful to prevent this, either to change the
+nature of the match, or to cause it fail earlier than it otherwise might, when
+the author of the pattern knows there is no point in carrying on.
+</P>
+<P>
+Consider, for example, the pattern \d+foo when applied to the subject line
+<pre>
+  123456bar
+</pre>
+After matching all 6 digits and then failing to match "foo", the normal
+action of the matcher is to try again with only 5 digits matching the \d+
+item, and then with 4, and so on, before ultimately failing. "Atomic grouping"
+(a term taken from Jeffrey Friedl's book) provides the means for specifying
+that once a subpattern has matched, it is not to be re-evaluated in this way.
+</P>
+<P>
+If we use atomic grouping for the previous example, the matcher gives up
+immediately on failing to match "foo" the first time. The notation is a kind of
+special parenthesis, starting with (?&#62; as in this example:
+<pre>
+  (?&#62;\d+)foo
+</pre>
+This kind of parenthesis "locks up" the  part of the pattern it contains once
+it has matched, and a failure further into the pattern is prevented from
+backtracking into it. Backtracking past it to previous items, however, works as
+normal.
+</P>
+<P>
+An alternative description is that a subpattern of this type matches the string
+of characters that an identical standalone pattern would match, if anchored at
+the current point in the subject string.
+</P>
+<P>
+Atomic grouping subpatterns are not capturing subpatterns. Simple cases such as
+the above example can be thought of as a maximizing repeat that must swallow
+everything it can. So, while both \d+ and \d+? are prepared to adjust the
+number of digits they match in order to make the rest of the pattern match,
+(?&#62;\d+) can only match an entire sequence of digits.
+</P>
+<P>
+Atomic groups in general can of course contain arbitrarily complicated
+subpatterns, and can be nested. However, when the subpattern for an atomic
+group is just a single repeated item, as in the example above, a simpler
+notation, called a "possessive quantifier" can be used. This consists of an
+additional + character following a quantifier. Using this notation, the
+previous example can be rewritten as
+<pre>
+  \d++foo
+</pre>
+Note that a possessive quantifier can be used with an entire group, for
+example:
+<pre>
+  (abc|xyz){2,3}+
+</pre>
+Possessive quantifiers are always greedy; the setting of the PCRE_UNGREEDY
+option is ignored. They are a convenient notation for the simpler forms of
+atomic group. However, there is no difference in the meaning of a possessive
+quantifier and the equivalent atomic group, though there may be a performance
+difference; possessive quantifiers should be slightly faster.
+</P>
+<P>
+The possessive quantifier syntax is an extension to the Perl 5.8 syntax.
+Jeffrey Friedl originated the idea (and the name) in the first edition of his
+book. Mike McCloskey liked it, so implemented it when he built Sun's Java
+package, and PCRE copied it from there. It ultimately found its way into Perl
+at release 5.10.
+</P>
+<P>
+PCRE has an optimization that automatically "possessifies" certain simple
+pattern constructs. For example, the sequence A+B is treated as A++B because
+there is no point in backtracking into a sequence of A's when B must follow.
+</P>
+<P>
+When a pattern contains an unlimited repeat inside a subpattern that can itself
+be repeated an unlimited number of times, the use of an atomic group is the
+only way to avoid some failing matches taking a very long time indeed. The
+pattern
+<pre>
+  (\D+|&#60;\d+&#62;)*[!?]
+</pre>
+matches an unlimited number of substrings that either consist of non-digits, or
+digits enclosed in &#60;&#62;, followed by either ! or ?. When it matches, it runs
+quickly. However, if it is applied to
+<pre>
+  aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa
+</pre>
+it takes a long time before reporting failure. This is because the string can
+be divided between the internal \D+ repeat and the external * repeat in a
+large number of ways, and all have to be tried. (The example uses [!?] rather
+than a single character at the end, because both PCRE and Perl have an
+optimization that allows for fast failure when a single character is used. They
+remember the last single character that is required for a match, and fail early
+if it is not present in the string.) If the pattern is changed so that it uses
+an atomic group, like this:
+<pre>
+  ((?&#62;\D+)|&#60;\d+&#62;)*[!?]
+</pre>
+sequences of non-digits cannot be broken, and failure happens quickly.
+<a name="backreferences"></a></P>
+<br><a name="SEC19" href="#TOC1">BACK REFERENCES</a><br>
+<P>
+Outside a character class, a backslash followed by a digit greater than 0 (and
+possibly further digits) is a back reference to a capturing subpattern earlier
+(that is, to its left) in the pattern, provided there have been that many
+previous capturing left parentheses.
+</P>
+<P>
+However, if the decimal number following the backslash is less than 10, it is
+always taken as a back reference, and causes an error only if there are not
+that many capturing left parentheses in the entire pattern. In other words, the
+parentheses that are referenced need not be to the left of the reference for
+numbers less than 10. A "forward back reference" of this type can make sense
+when a repetition is involved and the subpattern to the right has participated
+in an earlier iteration.
+</P>
+<P>
+It is not possible to have a numerical "forward back reference" to a subpattern
+whose number is 10 or more using this syntax because a sequence such as \50 is
+interpreted as a character defined in octal. See the subsection entitled
+"Non-printing characters"
+<a href="#digitsafterbackslash">above</a>
+for further details of the handling of digits following a backslash. There is
+no such problem when named parentheses are used. A back reference to any
+subpattern is possible using named parentheses (see below).
+</P>
+<P>
+Another way of avoiding the ambiguity inherent in the use of digits following a
+backslash is to use the \g escape sequence. This escape must be followed by an
+unsigned number or a negative number, optionally enclosed in braces. These
+examples are all identical:
+<pre>
+  (ring), \1
+  (ring), \g1
+  (ring), \g{1}
+</pre>
+An unsigned number specifies an absolute reference without the ambiguity that
+is present in the older syntax. It is also useful when literal digits follow
+the reference. A negative number is a relative reference. Consider this
+example:
+<pre>
+  (abc(def)ghi)\g{-1}
+</pre>
+The sequence \g{-1} is a reference to the most recently started capturing
+subpattern before \g, that is, is it equivalent to \2 in this example.
+Similarly, \g{-2} would be equivalent to \1. The use of relative references
+can be helpful in long patterns, and also in patterns that are created by
+joining together fragments that contain references within themselves.
+</P>
+<P>
+A back reference matches whatever actually matched the capturing subpattern in
+the current subject string, rather than anything matching the subpattern
+itself (see
+<a href="#subpatternsassubroutines">"Subpatterns as subroutines"</a>
+below for a way of doing that). So the pattern
+<pre>
+  (sens|respons)e and \1ibility
+</pre>
+matches "sense and sensibility" and "response and responsibility", but not
+"sense and responsibility". If caseful matching is in force at the time of the
+back reference, the case of letters is relevant. For example,
+<pre>
+  ((?i)rah)\s+\1
+</pre>
+matches "rah rah" and "RAH RAH", but not "RAH rah", even though the original
+capturing subpattern is matched caselessly.
+</P>
+<P>
+There are several different ways of writing back references to named
+subpatterns. The .NET syntax \k{name} and the Perl syntax \k&#60;name&#62; or
+\k'name' are supported, as is the Python syntax (?P=name). Perl 5.10's unified
+back reference syntax, in which \g can be used for both numeric and named
+references, is also supported. We could rewrite the above example in any of
+the following ways:
+<pre>
+  (?&#60;p1&#62;(?i)rah)\s+\k&#60;p1&#62;
+  (?'p1'(?i)rah)\s+\k{p1}
+  (?P&#60;p1&#62;(?i)rah)\s+(?P=p1)
+  (?&#60;p1&#62;(?i)rah)\s+\g{p1}
+</pre>
+A subpattern that is referenced by name may appear in the pattern before or
+after the reference.
+</P>
+<P>
+There may be more than one back reference to the same subpattern. If a
+subpattern has not actually been used in a particular match, any back
+references to it always fail by default. For example, the pattern
+<pre>
+  (a|(bc))\2
+</pre>
+always fails if it starts to match "a" rather than "bc". However, if the
+PCRE_JAVASCRIPT_COMPAT option is set at compile time, a back reference to an
+unset value matches an empty string.
+</P>
+<P>
+Because there may be many capturing parentheses in a pattern, all digits
+following a backslash are taken as part of a potential back reference number.
+If the pattern continues with a digit character, some delimiter must be used to
+terminate the back reference. If the PCRE_EXTENDED option is set, this can be
+white space. Otherwise, the \g{ syntax or an empty comment (see
+<a href="#comments">"Comments"</a>
+below) can be used.
+</P>
+<br><b>
+Recursive back references
+</b><br>
+<P>
+A back reference that occurs inside the parentheses to which it refers fails
+when the subpattern is first used, so, for example, (a\1) never matches.
+However, such references can be useful inside repeated subpatterns. For
+example, the pattern
+<pre>
+  (a|b\1)+
+</pre>
+matches any number of "a"s and also "aba", "ababbaa" etc. At each iteration of
+the subpattern, the back reference matches the character string corresponding
+to the previous iteration. In order for this to work, the pattern must be such
+that the first iteration does not need to match the back reference. This can be
+done using alternation, as in the example above, or by a quantifier with a
+minimum of zero.
+</P>
+<P>
+Back references of this type cause the group that they reference to be treated
+as an
+<a href="#atomicgroup">atomic group.</a>
+Once the whole group has been matched, a subsequent matching failure cannot
+cause backtracking into the middle of the group.
+<a name="bigassertions"></a></P>
+<br><a name="SEC20" href="#TOC1">ASSERTIONS</a><br>
+<P>
+An assertion is a test on the characters following or preceding the current
+matching point that does not actually consume any characters. The simple
+assertions coded as \b, \B, \A, \G, \Z, \z, ^ and $ are described
+<a href="#smallassertions">above.</a>
+</P>
+<P>
+More complicated assertions are coded as subpatterns. There are two kinds:
+those that look ahead of the current position in the subject string, and those
+that look behind it. An assertion subpattern is matched in the normal way,
+except that it does not cause the current matching position to be changed.
+</P>
+<P>
+Assertion subpatterns are not capturing subpatterns. If such an assertion
+contains capturing subpatterns within it, these are counted for the purposes of
+numbering the capturing subpatterns in the whole pattern. However, substring
+capturing is carried out only for positive assertions. (Perl sometimes, but not
+always, does do capturing in negative assertions.)
+</P>
+<P>
+WARNING: If a positive assertion containing one or more capturing subpatterns
+succeeds, but failure to match later in the pattern causes backtracking over
+this assertion, the captures within the assertion are reset only if no higher
+numbered captures are already set. This is, unfortunately, a fundamental
+limitation of the current implementation, and as PCRE1 is now in
+maintenance-only status, it is unlikely ever to change.
+</P>
+<P>
+For compatibility with Perl, assertion subpatterns may be repeated; though
+it makes no sense to assert the same thing several times, the side effect of
+capturing parentheses may occasionally be useful. In practice, there only three
+cases:
+<br>
+<br>
+(1) If the quantifier is {0}, the assertion is never obeyed during matching.
+However, it may contain internal capturing parenthesized groups that are called
+from elsewhere via the
+<a href="#subpatternsassubroutines">subroutine mechanism.</a>
+<br>
+<br>
+(2) If quantifier is {0,n} where n is greater than zero, it is treated as if it
+were {0,1}. At run time, the rest of the pattern match is tried with and
+without the assertion, the order depending on the greediness of the quantifier.
+<br>
+<br>
+(3) If the minimum repetition is greater than zero, the quantifier is ignored.
+The assertion is obeyed just once when encountered during matching.
+</P>
+<br><b>
+Lookahead assertions
+</b><br>
+<P>
+Lookahead assertions start with (?= for positive assertions and (?! for
+negative assertions. For example,
+<pre>
+  \w+(?=;)
+</pre>
+matches a word followed by a semicolon, but does not include the semicolon in
+the match, and
+<pre>
+  foo(?!bar)
+</pre>
+matches any occurrence of "foo" that is not followed by "bar". Note that the
+apparently similar pattern
+<pre>
+  (?!foo)bar
+</pre>
+does not find an occurrence of "bar" that is preceded by something other than
+"foo"; it finds any occurrence of "bar" whatsoever, because the assertion
+(?!foo) is always true when the next three characters are "bar". A
+lookbehind assertion is needed to achieve the other effect.
+</P>
+<P>
+If you want to force a matching failure at some point in a pattern, the most
+convenient way to do it is with (?!) because an empty string always matches, so
+an assertion that requires there not to be an empty string must always fail.
+The backtracking control verb (*FAIL) or (*F) is a synonym for (?!).
+<a name="lookbehind"></a></P>
+<br><b>
+Lookbehind assertions
+</b><br>
+<P>
+Lookbehind assertions start with (?&#60;= for positive assertions and (?&#60;! for
+negative assertions. For example,
+<pre>
+  (?&#60;!foo)bar
+</pre>
+does find an occurrence of "bar" that is not preceded by "foo". The contents of
+a lookbehind assertion are restricted such that all the strings it matches must
+have a fixed length. However, if there are several top-level alternatives, they
+do not all have to have the same fixed length. Thus
+<pre>
+  (?&#60;=bullock|donkey)
+</pre>
+is permitted, but
+<pre>
+  (?&#60;!dogs?|cats?)
+</pre>
+causes an error at compile time. Branches that match different length strings
+are permitted only at the top level of a lookbehind assertion. This is an
+extension compared with Perl, which requires all branches to match the same
+length of string. An assertion such as
+<pre>
+  (?&#60;=ab(c|de))
+</pre>
+is not permitted, because its single top-level branch can match two different
+lengths, but it is acceptable to PCRE if rewritten to use two top-level
+branches:
+<pre>
+  (?&#60;=abc|abde)
+</pre>
+In some cases, the escape sequence \K
+<a href="#resetmatchstart">(see above)</a>
+can be used instead of a lookbehind assertion to get round the fixed-length
+restriction.
+</P>
+<P>
+The implementation of lookbehind assertions is, for each alternative, to
+temporarily move the current position back by the fixed length and then try to
+match. If there are insufficient characters before the current position, the
+assertion fails.
+</P>
+<P>
+In a UTF mode, PCRE does not allow the \C escape (which matches a single data
+unit even in a UTF mode) to appear in lookbehind assertions, because it makes
+it impossible to calculate the length of the lookbehind. The \X and \R
+escapes, which can match different numbers of data units, are also not
+permitted.
+</P>
+<P>
+<a href="#subpatternsassubroutines">"Subroutine"</a>
+calls (see below) such as (?2) or (?&X) are permitted in lookbehinds, as long
+as the subpattern matches a fixed-length string.
+<a href="#recursion">Recursion,</a>
+however, is not supported.
+</P>
+<P>
+Possessive quantifiers can be used in conjunction with lookbehind assertions to
+specify efficient matching of fixed-length strings at the end of subject
+strings. Consider a simple pattern such as
+<pre>
+  abcd$
+</pre>
+when applied to a long string that does not match. Because matching proceeds
+from left to right, PCRE will look for each "a" in the subject and then see if
+what follows matches the rest of the pattern. If the pattern is specified as
+<pre>
+  ^.*abcd$
+</pre>
+the initial .* matches the entire string at first, but when this fails (because
+there is no following "a"), it backtracks to match all but the last character,
+then all but the last two characters, and so on. Once again the search for "a"
+covers the entire string, from right to left, so we are no better off. However,
+if the pattern is written as
+<pre>
+  ^.*+(?&#60;=abcd)
+</pre>
+there can be no backtracking for the .*+ item; it can match only the entire
+string. The subsequent lookbehind assertion does a single test on the last four
+characters. If it fails, the match fails immediately. For long strings, this
+approach makes a significant difference to the processing time.
+</P>
+<br><b>
+Using multiple assertions
+</b><br>
+<P>
+Several assertions (of any sort) may occur in succession. For example,
+<pre>
+  (?&#60;=\d{3})(?&#60;!999)foo
+</pre>
+matches "foo" preceded by three digits that are not "999". Notice that each of
+the assertions is applied independently at the same point in the subject
+string. First there is a check that the previous three characters are all
+digits, and then there is a check that the same three characters are not "999".
+This pattern does <i>not</i> match "foo" preceded by six characters, the first
+of which are digits and the last three of which are not "999". For example, it
+doesn't match "123abcfoo". A pattern to do that is
+<pre>
+  (?&#60;=\d{3}...)(?&#60;!999)foo
+</pre>
+This time the first assertion looks at the preceding six characters, checking
+that the first three are digits, and then the second assertion checks that the
+preceding three characters are not "999".
+</P>
+<P>
+Assertions can be nested in any combination. For example,
+<pre>
+  (?&#60;=(?&#60;!foo)bar)baz
+</pre>
+matches an occurrence of "baz" that is preceded by "bar" which in turn is not
+preceded by "foo", while
+<pre>
+  (?&#60;=\d{3}(?!999)...)foo
+</pre>
+is another pattern that matches "foo" preceded by three digits and any three
+characters that are not "999".
+<a name="conditions"></a></P>
+<br><a name="SEC21" href="#TOC1">CONDITIONAL SUBPATTERNS</a><br>
+<P>
+It is possible to cause the matching process to obey a subpattern
+conditionally or to choose between two alternative subpatterns, depending on
+the result of an assertion, or whether a specific capturing subpattern has
+already been matched. The two possible forms of conditional subpattern are:
+<pre>
+  (?(condition)yes-pattern)
+  (?(condition)yes-pattern|no-pattern)
+</pre>
+If the condition is satisfied, the yes-pattern is used; otherwise the
+no-pattern (if present) is used. If there are more than two alternatives in the
+subpattern, a compile-time error occurs. Each of the two alternatives may
+itself contain nested subpatterns of any form, including conditional
+subpatterns; the restriction to two alternatives applies only at the level of
+the condition. This pattern fragment is an example where the alternatives are
+complex:
+<pre>
+  (?(1) (A|B|C) | (D | (?(2)E|F) | E) )
+
+</PRE>
+</P>
+<P>
+There are four kinds of condition: references to subpatterns, references to
+recursion, a pseudo-condition called DEFINE, and assertions.
+</P>
+<br><b>
+Checking for a used subpattern by number
+</b><br>
+<P>
+If the text between the parentheses consists of a sequence of digits, the
+condition is true if a capturing subpattern of that number has previously
+matched. If there is more than one capturing subpattern with the same number
+(see the earlier
+<a href="#recursion">section about duplicate subpattern numbers),</a>
+the condition is true if any of them have matched. An alternative notation is
+to precede the digits with a plus or minus sign. In this case, the subpattern
+number is relative rather than absolute. The most recently opened parentheses
+can be referenced by (?(-1), the next most recent by (?(-2), and so on. Inside
+loops it can also make sense to refer to subsequent groups. The next
+parentheses to be opened can be referenced as (?(+1), and so on. (The value
+zero in any of these forms is not used; it provokes a compile-time error.)
+</P>
+<P>
+Consider the following pattern, which contains non-significant white space to
+make it more readable (assume the PCRE_EXTENDED option) and to divide it into
+three parts for ease of discussion:
+<pre>
+  ( \( )?    [^()]+    (?(1) \) )
+</pre>
+The first part matches an optional opening parenthesis, and if that
+character is present, sets it as the first captured substring. The second part
+matches one or more characters that are not parentheses. The third part is a
+conditional subpattern that tests whether or not the first set of parentheses
+matched. If they did, that is, if subject started with an opening parenthesis,
+the condition is true, and so the yes-pattern is executed and a closing
+parenthesis is required. Otherwise, since no-pattern is not present, the
+subpattern matches nothing. In other words, this pattern matches a sequence of
+non-parentheses, optionally enclosed in parentheses.
+</P>
+<P>
+If you were embedding this pattern in a larger one, you could use a relative
+reference:
+<pre>
+  ...other stuff... ( \( )?    [^()]+    (?(-1) \) ) ...
+</pre>
+This makes the fragment independent of the parentheses in the larger pattern.
+</P>
+<br><b>
+Checking for a used subpattern by name
+</b><br>
+<P>
+Perl uses the syntax (?(&#60;name&#62;)...) or (?('name')...) to test for a used
+subpattern by name. For compatibility with earlier versions of PCRE, which had
+this facility before Perl, the syntax (?(name)...) is also recognized.
+</P>
+<P>
+Rewriting the above example to use a named subpattern gives this:
+<pre>
+  (?&#60;OPEN&#62; \( )?    [^()]+    (?(&#60;OPEN&#62;) \) )
+</pre>
+If the name used in a condition of this kind is a duplicate, the test is
+applied to all subpatterns of the same name, and is true if any one of them has
+matched.
+</P>
+<br><b>
+Checking for pattern recursion
+</b><br>
+<P>
+If the condition is the string (R), and there is no subpattern with the name R,
+the condition is true if a recursive call to the whole pattern or any
+subpattern has been made. If digits or a name preceded by ampersand follow the
+letter R, for example:
+<pre>
+  (?(R3)...) or (?(R&name)...)
+</pre>
+the condition is true if the most recent recursion is into a subpattern whose
+number or name is given. This condition does not check the entire recursion
+stack. If the name used in a condition of this kind is a duplicate, the test is
+applied to all subpatterns of the same name, and is true if any one of them is
+the most recent recursion.
+</P>
+<P>
+At "top level", all these recursion test conditions are false.
+<a href="#recursion">The syntax for recursive patterns</a>
+is described below.
+<a name="subdefine"></a></P>
+<br><b>
+Defining subpatterns for use by reference only
+</b><br>
+<P>
+If the condition is the string (DEFINE), and there is no subpattern with the
+name DEFINE, the condition is always false. In this case, there may be only one
+alternative in the subpattern. It is always skipped if control reaches this
+point in the pattern; the idea of DEFINE is that it can be used to define
+subroutines that can be referenced from elsewhere. (The use of
+<a href="#subpatternsassubroutines">subroutines</a>
+is described below.) For example, a pattern to match an IPv4 address such as
+"192.168.23.245" could be written like this (ignore white space and line
+breaks):
+<pre>
+  (?(DEFINE) (?&#60;byte&#62; 2[0-4]\d | 25[0-5] | 1\d\d | [1-9]?\d) )
+  \b (?&byte) (\.(?&byte)){3} \b
+</pre>
+The first part of the pattern is a DEFINE group inside which a another group
+named "byte" is defined. This matches an individual component of an IPv4
+address (a number less than 256). When matching takes place, this part of the
+pattern is skipped because DEFINE acts like a false condition. The rest of the
+pattern uses references to the named group to match the four dot-separated
+components of an IPv4 address, insisting on a word boundary at each end.
+</P>
+<br><b>
+Assertion conditions
+</b><br>
+<P>
+If the condition is not in any of the above formats, it must be an assertion.
+This may be a positive or negative lookahead or lookbehind assertion. Consider
+this pattern, again containing non-significant white space, and with the two
+alternatives on the second line:
+<pre>
+  (?(?=[^a-z]*[a-z])
+  \d{2}-[a-z]{3}-\d{2}  |  \d{2}-\d{2}-\d{2} )
+</pre>
+The condition is a positive lookahead assertion that matches an optional
+sequence of non-letters followed by a letter. In other words, it tests for the
+presence of at least one letter in the subject. If a letter is found, the
+subject is matched against the first alternative; otherwise it is matched
+against the second. This pattern matches strings in one of the two forms
+dd-aaa-dd or dd-dd-dd, where aaa are letters and dd are digits.
+<a name="comments"></a></P>
+<br><a name="SEC22" href="#TOC1">COMMENTS</a><br>
+<P>
+There are two ways of including comments in patterns that are processed by
+PCRE. In both cases, the start of the comment must not be in a character class,
+nor in the middle of any other sequence of related characters such as (?: or a
+subpattern name or number. The characters that make up a comment play no part
+in the pattern matching.
+</P>
+<P>
+The sequence (?# marks the start of a comment that continues up to the next
+closing parenthesis. Nested parentheses are not permitted. If the PCRE_EXTENDED
+option is set, an unescaped # character also introduces a comment, which in
+this case continues to immediately after the next newline character or
+character sequence in the pattern. Which characters are interpreted as newlines
+is controlled by the options passed to a compiling function or by a special
+sequence at the start of the pattern, as described in the section entitled
+<a href="#newlines">"Newline conventions"</a>
+above. Note that the end of this type of comment is a literal newline sequence
+in the pattern; escape sequences that happen to represent a newline do not
+count. For example, consider this pattern when PCRE_EXTENDED is set, and the
+default newline convention is in force:
+<pre>
+  abc #comment \n still comment
+</pre>
+On encountering the # character, <b>pcre_compile()</b> skips along, looking for
+a newline in the pattern. The sequence \n is still literal at this stage, so
+it does not terminate the comment. Only an actual character with the code value
+0x0a (the default newline) does so.
+<a name="recursion"></a></P>
+<br><a name="SEC23" href="#TOC1">RECURSIVE PATTERNS</a><br>
+<P>
+Consider the problem of matching a string in parentheses, allowing for
+unlimited nested parentheses. Without the use of recursion, the best that can
+be done is to use a pattern that matches up to some fixed depth of nesting. It
+is not possible to handle an arbitrary nesting depth.
+</P>
+<P>
+For some time, Perl has provided a facility that allows regular expressions to
+recurse (amongst other things). It does this by interpolating Perl code in the
+expression at run time, and the code can refer to the expression itself. A Perl
+pattern using code interpolation to solve the parentheses problem can be
+created like this:
+<pre>
+  $re = qr{\( (?: (?&#62;[^()]+) | (?p{$re}) )* \)}x;
+</pre>
+The (?p{...}) item interpolates Perl code at run time, and in this case refers
+recursively to the pattern in which it appears.
+</P>
+<P>
+Obviously, PCRE cannot support the interpolation of Perl code. Instead, it
+supports special syntax for recursion of the entire pattern, and also for
+individual subpattern recursion. After its introduction in PCRE and Python,
+this kind of recursion was subsequently introduced into Perl at release 5.10.
+</P>
+<P>
+A special item that consists of (? followed by a number greater than zero and a
+closing parenthesis is a recursive subroutine call of the subpattern of the
+given number, provided that it occurs inside that subpattern. (If not, it is a
+<a href="#subpatternsassubroutines">non-recursive subroutine</a>
+call, which is described in the next section.) The special item (?R) or (?0) is
+a recursive call of the entire regular expression.
+</P>
+<P>
+This PCRE pattern solves the nested parentheses problem (assume the
+PCRE_EXTENDED option is set so that white space is ignored):
+<pre>
+  \( ( [^()]++ | (?R) )* \)
+</pre>
+First it matches an opening parenthesis. Then it matches any number of
+substrings which can either be a sequence of non-parentheses, or a recursive
+match of the pattern itself (that is, a correctly parenthesized substring).
+Finally there is a closing parenthesis. Note the use of a possessive quantifier
+to avoid backtracking into sequences of non-parentheses.
+</P>
+<P>
+If this were part of a larger pattern, you would not want to recurse the entire
+pattern, so instead you could use this:
+<pre>
+  ( \( ( [^()]++ | (?1) )* \) )
+</pre>
+We have put the pattern into parentheses, and caused the recursion to refer to
+them instead of the whole pattern.
+</P>
+<P>
+In a larger pattern, keeping track of parenthesis numbers can be tricky. This
+is made easier by the use of relative references. Instead of (?1) in the
+pattern above you can write (?-2) to refer to the second most recently opened
+parentheses preceding the recursion. In other words, a negative number counts
+capturing parentheses leftwards from the point at which it is encountered.
+</P>
+<P>
+It is also possible to refer to subsequently opened parentheses, by writing
+references such as (?+2). However, these cannot be recursive because the
+reference is not inside the parentheses that are referenced. They are always
+<a href="#subpatternsassubroutines">non-recursive subroutine</a>
+calls, as described in the next section.
+</P>
+<P>
+An alternative approach is to use named parentheses instead. The Perl syntax
+for this is (?&name); PCRE's earlier syntax (?P&#62;name) is also supported. We
+could rewrite the above example as follows:
+<pre>
+  (?&#60;pn&#62; \( ( [^()]++ | (?&pn) )* \) )
+</pre>
+If there is more than one subpattern with the same name, the earliest one is
+used.
+</P>
+<P>
+This particular example pattern that we have been looking at contains nested
+unlimited repeats, and so the use of a possessive quantifier for matching
+strings of non-parentheses is important when applying the pattern to strings
+that do not match. For example, when this pattern is applied to
+<pre>
+  (aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa()
+</pre>
+it yields "no match" quickly. However, if a possessive quantifier is not used,
+the match runs for a very long time indeed because there are so many different
+ways the + and * repeats can carve up the subject, and all have to be tested
+before failure can be reported.
+</P>
+<P>
+At the end of a match, the values of capturing parentheses are those from
+the outermost level. If you want to obtain intermediate values, a callout
+function can be used (see below and the
+<a href="pcrecallout.html"><b>pcrecallout</b></a>
+documentation). If the pattern above is matched against
+<pre>
+  (ab(cd)ef)
+</pre>
+the value for the inner capturing parentheses (numbered 2) is "ef", which is
+the last value taken on at the top level. If a capturing subpattern is not
+matched at the top level, its final captured value is unset, even if it was
+(temporarily) set at a deeper level during the matching process.
+</P>
+<P>
+If there are more than 15 capturing parentheses in a pattern, PCRE has to
+obtain extra memory to store data during a recursion, which it does by using
+<b>pcre_malloc</b>, freeing it via <b>pcre_free</b> afterwards. If no memory can
+be obtained, the match fails with the PCRE_ERROR_NOMEMORY error.
+</P>
+<P>
+Do not confuse the (?R) item with the condition (R), which tests for recursion.
+Consider this pattern, which matches text in angle brackets, allowing for
+arbitrary nesting. Only digits are allowed in nested brackets (that is, when
+recursing), whereas any characters are permitted at the outer level.
+<pre>
+  &#60; (?: (?(R) \d++  | [^&#60;&#62;]*+) | (?R)) * &#62;
+</pre>
+In this pattern, (?(R) is the start of a conditional subpattern, with two
+different alternatives for the recursive and non-recursive cases. The (?R) item
+is the actual recursive call.
+<a name="recursiondifference"></a></P>
+<br><b>
+Differences in recursion processing between PCRE and Perl
+</b><br>
+<P>
+Recursion processing in PCRE differs from Perl in two important ways. In PCRE
+(like Python, but unlike Perl), a recursive subpattern call is always treated
+as an atomic group. That is, once it has matched some of the subject string, it
+is never re-entered, even if it contains untried alternatives and there is a
+subsequent matching failure. This can be illustrated by the following pattern,
+which purports to match a palindromic string that contains an odd number of
+characters (for example, "a", "aba", "abcba", "abcdcba"):
+<pre>
+  ^(.|(.)(?1)\2)$
+</pre>
+The idea is that it either matches a single character, or two identical
+characters surrounding a sub-palindrome. In Perl, this pattern works; in PCRE
+it does not if the pattern is longer than three characters. Consider the
+subject string "abcba":
+</P>
+<P>
+At the top level, the first character is matched, but as it is not at the end
+of the string, the first alternative fails; the second alternative is taken
+and the recursion kicks in. The recursive call to subpattern 1 successfully
+matches the next character ("b"). (Note that the beginning and end of line
+tests are not part of the recursion).
+</P>
+<P>
+Back at the top level, the next character ("c") is compared with what
+subpattern 2 matched, which was "a". This fails. Because the recursion is
+treated as an atomic group, there are now no backtracking points, and so the
+entire match fails. (Perl is able, at this point, to re-enter the recursion and
+try the second alternative.) However, if the pattern is written with the
+alternatives in the other order, things are different:
+<pre>
+  ^((.)(?1)\2|.)$
+</pre>
+This time, the recursing alternative is tried first, and continues to recurse
+until it runs out of characters, at which point the recursion fails. But this
+time we do have another alternative to try at the higher level. That is the big
+difference: in the previous case the remaining alternative is at a deeper
+recursion level, which PCRE cannot use.
+</P>
+<P>
+To change the pattern so that it matches all palindromic strings, not just
+those with an odd number of characters, it is tempting to change the pattern to
+this:
+<pre>
+  ^((.)(?1)\2|.?)$
+</pre>
+Again, this works in Perl, but not in PCRE, and for the same reason. When a
+deeper recursion has matched a single character, it cannot be entered again in
+order to match an empty string. The solution is to separate the two cases, and
+write out the odd and even cases as alternatives at the higher level:
+<pre>
+  ^(?:((.)(?1)\2|)|((.)(?3)\4|.))
+</pre>
+If you want to match typical palindromic phrases, the pattern has to ignore all
+non-word characters, which can be done like this:
+<pre>
+  ^\W*+(?:((.)\W*+(?1)\W*+\2|)|((.)\W*+(?3)\W*+\4|\W*+.\W*+))\W*+$
+</pre>
+If run with the PCRE_CASELESS option, this pattern matches phrases such as "A
+man, a plan, a canal: Panama!" and it works well in both PCRE and Perl. Note
+the use of the possessive quantifier *+ to avoid backtracking into sequences of
+non-word characters. Without this, PCRE takes a great deal longer (ten times or
+more) to match typical phrases, and Perl takes so long that you think it has
+gone into a loop.
+</P>
+<P>
+<b>WARNING</b>: The palindrome-matching patterns above work only if the subject
+string does not start with a palindrome that is shorter than the entire string.
+For example, although "abcba" is correctly matched, if the subject is "ababa",
+PCRE finds the palindrome "aba" at the start, then fails at top level because
+the end of the string does not follow. Once again, it cannot jump back into the
+recursion to try other alternatives, so the entire match fails.
+</P>
+<P>
+The second way in which PCRE and Perl differ in their recursion processing is
+in the handling of captured values. In Perl, when a subpattern is called
+recursively or as a subpattern (see the next section), it has no access to any
+values that were captured outside the recursion, whereas in PCRE these values
+can be referenced. Consider this pattern:
+<pre>
+  ^(.)(\1|a(?2))
+</pre>
+In PCRE, this pattern matches "bab". The first capturing parentheses match "b",
+then in the second group, when the back reference \1 fails to match "b", the
+second alternative matches "a" and then recurses. In the recursion, \1 does
+now match "b" and so the whole match succeeds. In Perl, the pattern fails to
+match because inside the recursive call \1 cannot access the externally set
+value.
+<a name="subpatternsassubroutines"></a></P>
+<br><a name="SEC24" href="#TOC1">SUBPATTERNS AS SUBROUTINES</a><br>
+<P>
+If the syntax for a recursive subpattern call (either by number or by
+name) is used outside the parentheses to which it refers, it operates like a
+subroutine in a programming language. The called subpattern may be defined
+before or after the reference. A numbered reference can be absolute or
+relative, as in these examples:
+<pre>
+  (...(absolute)...)...(?2)...
+  (...(relative)...)...(?-1)...
+  (...(?+1)...(relative)...
+</pre>
+An earlier example pointed out that the pattern
+<pre>
+  (sens|respons)e and \1ibility
+</pre>
+matches "sense and sensibility" and "response and responsibility", but not
+"sense and responsibility". If instead the pattern
+<pre>
+  (sens|respons)e and (?1)ibility
+</pre>
+is used, it does match "sense and responsibility" as well as the other two
+strings. Another example is given in the discussion of DEFINE above.
+</P>
+<P>
+All subroutine calls, whether recursive or not, are always treated as atomic
+groups. That is, once a subroutine has matched some of the subject string, it
+is never re-entered, even if it contains untried alternatives and there is a
+subsequent matching failure. Any capturing parentheses that are set during the
+subroutine call revert to their previous values afterwards.
+</P>
+<P>
+Processing options such as case-independence are fixed when a subpattern is
+defined, so if it is used as a subroutine, such options cannot be changed for
+different calls. For example, consider this pattern:
+<pre>
+  (abc)(?i:(?-1))
+</pre>
+It matches "abcabc". It does not match "abcABC" because the change of
+processing option does not affect the called subpattern.
+<a name="onigurumasubroutines"></a></P>
+<br><a name="SEC25" href="#TOC1">ONIGURUMA SUBROUTINE SYNTAX</a><br>
+<P>
+For compatibility with Oniguruma, the non-Perl syntax \g followed by a name or
+a number enclosed either in angle brackets or single quotes, is an alternative
+syntax for referencing a subpattern as a subroutine, possibly recursively. Here
+are two of the examples used above, rewritten using this syntax:
+<pre>
+  (?&#60;pn&#62; \( ( (?&#62;[^()]+) | \g&#60;pn&#62; )* \) )
+  (sens|respons)e and \g'1'ibility
+</pre>
+PCRE supports an extension to Oniguruma: if a number is preceded by a
+plus or a minus sign it is taken as a relative reference. For example:
+<pre>
+  (abc)(?i:\g&#60;-1&#62;)
+</pre>
+Note that \g{...} (Perl syntax) and \g&#60;...&#62; (Oniguruma syntax) are <i>not</i>
+synonymous. The former is a back reference; the latter is a subroutine call.
+</P>
+<br><a name="SEC26" href="#TOC1">CALLOUTS</a><br>
+<P>
+Perl has a feature whereby using the sequence (?{...}) causes arbitrary Perl
+code to be obeyed in the middle of matching a regular expression. This makes it
+possible, amongst other things, to extract different substrings that match the
+same pair of parentheses when there is a repetition.
+</P>
+<P>
+PCRE provides a similar feature, but of course it cannot obey arbitrary Perl
+code. The feature is called "callout". The caller of PCRE provides an external
+function by putting its entry point in the global variable <i>pcre_callout</i>
+(8-bit library) or <i>pcre[16|32]_callout</i> (16-bit or 32-bit library).
+By default, this variable contains NULL, which disables all calling out.
+</P>
+<P>
+Within a regular expression, (?C) indicates the points at which the external
+function is to be called. If you want to identify different callout points, you
+can put a number less than 256 after the letter C. The default value is zero.
+For example, this pattern has two callout points:
+<pre>
+  (?C1)abc(?C2)def
+</pre>
+If the PCRE_AUTO_CALLOUT flag is passed to a compiling function, callouts are
+automatically installed before each item in the pattern. They are all numbered
+255. If there is a conditional group in the pattern whose condition is an
+assertion, an additional callout is inserted just before the condition. An
+explicit callout may also be set at this position, as in this example:
+<pre>
+  (?(?C9)(?=a)abc|def)
+</pre>
+Note that this applies only to assertion conditions, not to other types of
+condition.
+</P>
+<P>
+During matching, when PCRE reaches a callout point, the external function is
+called. It is provided with the number of the callout, the position in the
+pattern, and, optionally, one item of data originally supplied by the caller of
+the matching function. The callout function may cause matching to proceed, to
+backtrack, or to fail altogether.
+</P>
+<P>
+By default, PCRE implements a number of optimizations at compile time and
+matching time, and one side-effect is that sometimes callouts are skipped. If
+you need all possible callouts to happen, you need to set options that disable
+the relevant optimizations. More details, and a complete description of the
+interface to the callout function, are given in the
+<a href="pcrecallout.html"><b>pcrecallout</b></a>
+documentation.
+<a name="backtrackcontrol"></a></P>
+<br><a name="SEC27" href="#TOC1">BACKTRACKING CONTROL</a><br>
+<P>
+Perl 5.10 introduced a number of "Special Backtracking Control Verbs", which
+are still described in the Perl documentation as "experimental and subject to
+change or removal in a future version of Perl". It goes on to say: "Their usage
+in production code should be noted to avoid problems during upgrades." The same
+remarks apply to the PCRE features described in this section.
+</P>
+<P>
+The new verbs make use of what was previously invalid syntax: an opening
+parenthesis followed by an asterisk. They are generally of the form
+(*VERB) or (*VERB:NAME). Some may take either form, possibly behaving
+differently depending on whether or not a name is present. A name is any
+sequence of characters that does not include a closing parenthesis. The maximum
+length of name is 255 in the 8-bit library and 65535 in the 16-bit and 32-bit
+libraries. If the name is empty, that is, if the closing parenthesis
+immediately follows the colon, the effect is as if the colon were not there.
+Any number of these verbs may occur in a pattern.
+</P>
+<P>
+Since these verbs are specifically related to backtracking, most of them can be
+used only when the pattern is to be matched using one of the traditional
+matching functions, because these use a backtracking algorithm. With the
+exception of (*FAIL), which behaves like a failing negative assertion, the
+backtracking control verbs cause an error if encountered by a DFA matching
+function.
+</P>
+<P>
+The behaviour of these verbs in
+<a href="#btrepeat">repeated groups,</a>
+<a href="#btassert">assertions,</a>
+and in
+<a href="#btsub">subpatterns called as subroutines</a>
+(whether or not recursively) is documented below.
+<a name="nooptimize"></a></P>
+<br><b>
+Optimizations that affect backtracking verbs
+</b><br>
+<P>
+PCRE contains some optimizations that are used to speed up matching by running
+some checks at the start of each match attempt. For example, it may know the
+minimum length of matching subject, or that a particular character must be
+present. When one of these optimizations bypasses the running of a match, any
+included backtracking verbs will not, of course, be processed. You can suppress
+the start-of-match optimizations by setting the PCRE_NO_START_OPTIMIZE option
+when calling <b>pcre_compile()</b> or <b>pcre_exec()</b>, or by starting the
+pattern with (*NO_START_OPT). There is more discussion of this option in the
+section entitled
+<a href="pcreapi.html#execoptions">"Option bits for <b>pcre_exec()</b>"</a>
+in the
+<a href="pcreapi.html"><b>pcreapi</b></a>
+documentation.
+</P>
+<P>
+Experiments with Perl suggest that it too has similar optimizations, sometimes
+leading to anomalous results.
+</P>
+<br><b>
+Verbs that act immediately
+</b><br>
+<P>
+The following verbs act as soon as they are encountered. They may not be
+followed by a name.
+<pre>
+   (*ACCEPT)
+</pre>
+This verb causes the match to end successfully, skipping the remainder of the
+pattern. However, when it is inside a subpattern that is called as a
+subroutine, only that subpattern is ended successfully. Matching then continues
+at the outer level. If (*ACCEPT) in triggered in a positive assertion, the
+assertion succeeds; in a negative assertion, the assertion fails.
+</P>
+<P>
+If (*ACCEPT) is inside capturing parentheses, the data so far is captured. For
+example:
+<pre>
+  A((?:A|B(*ACCEPT)|C)D)
+</pre>
+This matches "AB", "AAD", or "ACD"; when it matches "AB", "B" is captured by
+the outer parentheses.
+<pre>
+  (*FAIL) or (*F)
+</pre>
+This verb causes a matching failure, forcing backtracking to occur. It is
+equivalent to (?!) but easier to read. The Perl documentation notes that it is
+probably useful only when combined with (?{}) or (??{}). Those are, of course,
+Perl features that are not present in PCRE. The nearest equivalent is the
+callout feature, as for example in this pattern:
+<pre>
+  a+(?C)(*FAIL)
+</pre>
+A match with the string "aaaa" always fails, but the callout is taken before
+each backtrack happens (in this example, 10 times).
+</P>
+<br><b>
+Recording which path was taken
+</b><br>
+<P>
+There is one verb whose main purpose is to track how a match was arrived at,
+though it also has a secondary use in conjunction with advancing the match
+starting point (see (*SKIP) below).
+<pre>
+  (*MARK:NAME) or (*:NAME)
+</pre>
+A name is always required with this verb. There may be as many instances of
+(*MARK) as you like in a pattern, and their names do not have to be unique.
+</P>
+<P>
+When a match succeeds, the name of the last-encountered (*MARK:NAME),
+(*PRUNE:NAME), or (*THEN:NAME) on the matching path is passed back to the
+caller as described in the section entitled
+<a href="pcreapi.html#extradata">"Extra data for <b>pcre_exec()</b>"</a>
+in the
+<a href="pcreapi.html"><b>pcreapi</b></a>
+documentation. Here is an example of <b>pcretest</b> output, where the /K
+modifier requests the retrieval and outputting of (*MARK) data:
+<pre>
+    re&#62; /X(*MARK:A)Y|X(*MARK:B)Z/K
+  data&#62; XY
+   0: XY
+  MK: A
+  XZ
+   0: XZ
+  MK: B
+</pre>
+The (*MARK) name is tagged with "MK:" in this output, and in this example it
+indicates which of the two alternatives matched. This is a more efficient way
+of obtaining this information than putting each alternative in its own
+capturing parentheses.
+</P>
+<P>
+If a verb with a name is encountered in a positive assertion that is true, the
+name is recorded and passed back if it is the last-encountered. This does not
+happen for negative assertions or failing positive assertions.
+</P>
+<P>
+After a partial match or a failed match, the last encountered name in the
+entire match process is returned. For example:
+<pre>
+    re&#62; /X(*MARK:A)Y|X(*MARK:B)Z/K
+  data&#62; XP
+  No match, mark = B
+</pre>
+Note that in this unanchored example the mark is retained from the match
+attempt that started at the letter "X" in the subject. Subsequent match
+attempts starting at "P" and then with an empty string do not get as far as the
+(*MARK) item, but nevertheless do not reset it.
+</P>
+<P>
+If you are interested in (*MARK) values after failed matches, you should
+probably set the PCRE_NO_START_OPTIMIZE option
+<a href="#nooptimize">(see above)</a>
+to ensure that the match is always attempted.
+</P>
+<br><b>
+Verbs that act after backtracking
+</b><br>
+<P>
+The following verbs do nothing when they are encountered. Matching continues
+with what follows, but if there is no subsequent match, causing a backtrack to
+the verb, a failure is forced. That is, backtracking cannot pass to the left of
+the verb. However, when one of these verbs appears inside an atomic group or an
+assertion that is true, its effect is confined to that group, because once the
+group has been matched, there is never any backtracking into it. In this
+situation, backtracking can "jump back" to the left of the entire atomic group
+or assertion. (Remember also, as stated above, that this localization also
+applies in subroutine calls.)
+</P>
+<P>
+These verbs differ in exactly what kind of failure occurs when backtracking
+reaches them. The behaviour described below is what happens when the verb is
+not in a subroutine or an assertion. Subsequent sections cover these special
+cases.
+<pre>
+  (*COMMIT)
+</pre>
+This verb, which may not be followed by a name, causes the whole match to fail
+outright if there is a later matching failure that causes backtracking to reach
+it. Even if the pattern is unanchored, no further attempts to find a match by
+advancing the starting point take place. If (*COMMIT) is the only backtracking
+verb that is encountered, once it has been passed <b>pcre_exec()</b> is
+committed to finding a match at the current starting point, or not at all. For
+example:
+<pre>
+  a+(*COMMIT)b
+</pre>
+This matches "xxaab" but not "aacaab". It can be thought of as a kind of
+dynamic anchor, or "I've started, so I must finish." The name of the most
+recently passed (*MARK) in the path is passed back when (*COMMIT) forces a
+match failure.
+</P>
+<P>
+If there is more than one backtracking verb in a pattern, a different one that
+follows (*COMMIT) may be triggered first, so merely passing (*COMMIT) during a
+match does not always guarantee that a match must be at this starting point.
+</P>
+<P>
+Note that (*COMMIT) at the start of a pattern is not the same as an anchor,
+unless PCRE's start-of-match optimizations are turned off, as shown in this
+output from <b>pcretest</b>:
+<pre>
+    re&#62; /(*COMMIT)abc/
+  data&#62; xyzabc
+   0: abc
+  data&#62; xyzabc\Y
+  No match
+</pre>
+For this pattern, PCRE knows that any match must start with "a", so the
+optimization skips along the subject to "a" before applying the pattern to the
+first set of data. The match attempt then succeeds. In the second set of data,
+the escape sequence \Y is interpreted by the <b>pcretest</b> program. It causes
+the PCRE_NO_START_OPTIMIZE option to be set when <b>pcre_exec()</b> is called.
+This disables the optimization that skips along to the first character. The
+pattern is now applied starting at "x", and so the (*COMMIT) causes the match
+to fail without trying any other starting points.
+<pre>
+  (*PRUNE) or (*PRUNE:NAME)
+</pre>
+This verb causes the match to fail at the current starting position in the
+subject if there is a later matching failure that causes backtracking to reach
+it. If the pattern is unanchored, the normal "bumpalong" advance to the next
+starting character then happens. Backtracking can occur as usual to the left of
+(*PRUNE), before it is reached, or when matching to the right of (*PRUNE), but
+if there is no match to the right, backtracking cannot cross (*PRUNE). In
+simple cases, the use of (*PRUNE) is just an alternative to an atomic group or
+possessive quantifier, but there are some uses of (*PRUNE) that cannot be
+expressed in any other way. In an anchored pattern (*PRUNE) has the same effect
+as (*COMMIT).
+</P>
+<P>
+The behaviour of (*PRUNE:NAME) is the not the same as (*MARK:NAME)(*PRUNE).
+It is like (*MARK:NAME) in that the name is remembered for passing back to the
+caller. However, (*SKIP:NAME) searches only for names set with (*MARK).
+<pre>
+  (*SKIP)
+</pre>
+This verb, when given without a name, is like (*PRUNE), except that if the
+pattern is unanchored, the "bumpalong" advance is not to the next character,
+but to the position in the subject where (*SKIP) was encountered. (*SKIP)
+signifies that whatever text was matched leading up to it cannot be part of a
+successful match. Consider:
+<pre>
+  a+(*SKIP)b
+</pre>
+If the subject is "aaaac...", after the first match attempt fails (starting at
+the first character in the string), the starting point skips on to start the
+next attempt at "c". Note that a possessive quantifer does not have the same
+effect as this example; although it would suppress backtracking during the
+first match attempt, the second attempt would start at the second character
+instead of skipping on to "c".
+<pre>
+  (*SKIP:NAME)
+</pre>
+When (*SKIP) has an associated name, its behaviour is modified. When it is
+triggered, the previous path through the pattern is searched for the most
+recent (*MARK) that has the same name. If one is found, the "bumpalong" advance
+is to the subject position that corresponds to that (*MARK) instead of to where
+(*SKIP) was encountered. If no (*MARK) with a matching name is found, the
+(*SKIP) is ignored.
+</P>
+<P>
+Note that (*SKIP:NAME) searches only for names set by (*MARK:NAME). It ignores
+names that are set by (*PRUNE:NAME) or (*THEN:NAME).
+<pre>
+  (*THEN) or (*THEN:NAME)
+</pre>
+This verb causes a skip to the next innermost alternative when backtracking
+reaches it. That is, it cancels any further backtracking within the current
+alternative. Its name comes from the observation that it can be used for a
+pattern-based if-then-else block:
+<pre>
+  ( COND1 (*THEN) FOO | COND2 (*THEN) BAR | COND3 (*THEN) BAZ ) ...
+</pre>
+If the COND1 pattern matches, FOO is tried (and possibly further items after
+the end of the group if FOO succeeds); on failure, the matcher skips to the
+second alternative and tries COND2, without backtracking into COND1. If that
+succeeds and BAR fails, COND3 is tried. If subsequently BAZ fails, there are no
+more alternatives, so there is a backtrack to whatever came before the entire
+group. If (*THEN) is not inside an alternation, it acts like (*PRUNE).
+</P>
+<P>
+The behaviour of (*THEN:NAME) is the not the same as (*MARK:NAME)(*THEN).
+It is like (*MARK:NAME) in that the name is remembered for passing back to the
+caller. However, (*SKIP:NAME) searches only for names set with (*MARK).
+</P>
+<P>
+A subpattern that does not contain a | character is just a part of the
+enclosing alternative; it is not a nested alternation with only one
+alternative. The effect of (*THEN) extends beyond such a subpattern to the
+enclosing alternative. Consider this pattern, where A, B, etc. are complex
+pattern fragments that do not contain any | characters at this level:
+<pre>
+  A (B(*THEN)C) | D
+</pre>
+If A and B are matched, but there is a failure in C, matching does not
+backtrack into A; instead it moves to the next alternative, that is, D.
+However, if the subpattern containing (*THEN) is given an alternative, it
+behaves differently:
+<pre>
+  A (B(*THEN)C | (*FAIL)) | D
+</pre>
+The effect of (*THEN) is now confined to the inner subpattern. After a failure
+in C, matching moves to (*FAIL), which causes the whole subpattern to fail
+because there are no more alternatives to try. In this case, matching does now
+backtrack into A.
+</P>
+<P>
+Note that a conditional subpattern is not considered as having two
+alternatives, because only one is ever used. In other words, the | character in
+a conditional subpattern has a different meaning. Ignoring white space,
+consider:
+<pre>
+  ^.*? (?(?=a) a | b(*THEN)c )
+</pre>
+If the subject is "ba", this pattern does not match. Because .*? is ungreedy,
+it initially matches zero characters. The condition (?=a) then fails, the
+character "b" is matched, but "c" is not. At this point, matching does not
+backtrack to .*? as might perhaps be expected from the presence of the |
+character. The conditional subpattern is part of the single alternative that
+comprises the whole pattern, and so the match fails. (If there was a backtrack
+into .*?, allowing it to match "b", the match would succeed.)
+</P>
+<P>
+The verbs just described provide four different "strengths" of control when
+subsequent matching fails. (*THEN) is the weakest, carrying on the match at the
+next alternative. (*PRUNE) comes next, failing the match at the current
+starting position, but allowing an advance to the next character (for an
+unanchored pattern). (*SKIP) is similar, except that the advance may be more
+than one character. (*COMMIT) is the strongest, causing the entire match to
+fail.
+</P>
+<br><b>
+More than one backtracking verb
+</b><br>
+<P>
+If more than one backtracking verb is present in a pattern, the one that is
+backtracked onto first acts. For example, consider this pattern, where A, B,
+etc. are complex pattern fragments:
+<pre>
+  (A(*COMMIT)B(*THEN)C|ABD)
+</pre>
+If A matches but B fails, the backtrack to (*COMMIT) causes the entire match to
+fail. However, if A and B match, but C fails, the backtrack to (*THEN) causes
+the next alternative (ABD) to be tried. This behaviour is consistent, but is
+not always the same as Perl's. It means that if two or more backtracking verbs
+appear in succession, all the the last of them has no effect. Consider this
+example:
+<pre>
+  ...(*COMMIT)(*PRUNE)...
+</pre>
+If there is a matching failure to the right, backtracking onto (*PRUNE) causes
+it to be triggered, and its action is taken. There can never be a backtrack
+onto (*COMMIT).
+<a name="btrepeat"></a></P>
+<br><b>
+Backtracking verbs in repeated groups
+</b><br>
+<P>
+PCRE differs from Perl in its handling of backtracking verbs in repeated
+groups. For example, consider:
+<pre>
+  /(a(*COMMIT)b)+ac/
+</pre>
+If the subject is "abac", Perl matches, but PCRE fails because the (*COMMIT) in
+the second repeat of the group acts.
+<a name="btassert"></a></P>
+<br><b>
+Backtracking verbs in assertions
+</b><br>
+<P>
+(*FAIL) in an assertion has its normal effect: it forces an immediate backtrack.
+</P>
+<P>
+(*ACCEPT) in a positive assertion causes the assertion to succeed without any
+further processing. In a negative assertion, (*ACCEPT) causes the assertion to
+fail without any further processing.
+</P>
+<P>
+The other backtracking verbs are not treated specially if they appear in a
+positive assertion. In particular, (*THEN) skips to the next alternative in the
+innermost enclosing group that has alternations, whether or not this is within
+the assertion.
+</P>
+<P>
+Negative assertions are, however, different, in order to ensure that changing a
+positive assertion into a negative assertion changes its result. Backtracking
+into (*COMMIT), (*SKIP), or (*PRUNE) causes a negative assertion to be true,
+without considering any further alternative branches in the assertion.
+Backtracking into (*THEN) causes it to skip to the next enclosing alternative
+within the assertion (the normal behaviour), but if the assertion does not have
+such an alternative, (*THEN) behaves like (*PRUNE).
+<a name="btsub"></a></P>
+<br><b>
+Backtracking verbs in subroutines
+</b><br>
+<P>
+These behaviours occur whether or not the subpattern is called recursively.
+Perl's treatment of subroutines is different in some cases.
+</P>
+<P>
+(*FAIL) in a subpattern called as a subroutine has its normal effect: it forces
+an immediate backtrack.
+</P>
+<P>
+(*ACCEPT) in a subpattern called as a subroutine causes the subroutine match to
+succeed without any further processing. Matching then continues after the
+subroutine call.
+</P>
+<P>
+(*COMMIT), (*SKIP), and (*PRUNE) in a subpattern called as a subroutine cause
+the subroutine match to fail.
+</P>
+<P>
+(*THEN) skips to the next alternative in the innermost enclosing group within
+the subpattern that has alternatives. If there is no such group within the
+subpattern, (*THEN) causes the subroutine match to fail.
+</P>
+<br><a name="SEC28" href="#TOC1">SEE ALSO</a><br>
+<P>
+<b>pcreapi</b>(3), <b>pcrecallout</b>(3), <b>pcrematching</b>(3),
+<b>pcresyntax</b>(3), <b>pcre</b>(3), <b>pcre16(3)</b>, <b>pcre32(3)</b>.
+</P>
+<br><a name="SEC29" href="#TOC1">AUTHOR</a><br>
+<P>
+Philip Hazel
+<br>
+University Computing Service
+<br>
+Cambridge CB2 3QH, England.
+<br>
+</P>
+<br><a name="SEC30" href="#TOC1">REVISION</a><br>
+<P>
+Last updated: 23 October 2016
+<br>
+Copyright &copy; 1997-2016 University of Cambridge.
+<br>
+<p>
+Return to the <a href="index.html">PCRE index page</a>.
+</p>
diff --git a/client/3rd/ShadowSocks/ShadowSocks/pcre/armv7s/share/doc/pcre/html/pcreperform.html b/client/3rd/ShadowSocks/ShadowSocks/pcre/armv7s/share/doc/pcre/html/pcreperform.html
new file mode 100644
index 00000000..dda207f9
--- /dev/null
+++ b/client/3rd/ShadowSocks/ShadowSocks/pcre/armv7s/share/doc/pcre/html/pcreperform.html
@@ -0,0 +1,195 @@
+<html>
+<head>
+<title>pcreperform specification</title>
+</head>
+<body bgcolor="#FFFFFF" text="#00005A" link="#0066FF" alink="#3399FF" vlink="#2222BB">
+<h1>pcreperform man page</h1>
+<p>
+Return to the <a href="index.html">PCRE index page</a>.
+</p>
+<p>
+This page is part of the PCRE HTML documentation. It was generated automatically
+from the original man page. If there is any nonsense in it, please consult the
+man page, in case the conversion went wrong.
+<br>
+<br><b>
+PCRE PERFORMANCE
+</b><br>
+<P>
+Two aspects of performance are discussed below: memory usage and processing
+time. The way you express your pattern as a regular expression can affect both
+of them.
+</P>
+<br><b>
+COMPILED PATTERN MEMORY USAGE
+</b><br>
+<P>
+Patterns are compiled by PCRE into a reasonably efficient interpretive code, so
+that most simple patterns do not use much memory. However, there is one case
+where the memory usage of a compiled pattern can be unexpectedly large. If a
+parenthesized subpattern has a quantifier with a minimum greater than 1 and/or
+a limited maximum, the whole subpattern is repeated in the compiled code. For
+example, the pattern
+<pre>
+  (abc|def){2,4}
+</pre>
+is compiled as if it were
+<pre>
+  (abc|def)(abc|def)((abc|def)(abc|def)?)?
+</pre>
+(Technical aside: It is done this way so that backtrack points within each of
+the repetitions can be independently maintained.)
+</P>
+<P>
+For regular expressions whose quantifiers use only small numbers, this is not
+usually a problem. However, if the numbers are large, and particularly if such
+repetitions are nested, the memory usage can become an embarrassment. For
+example, the very simple pattern
+<pre>
+  ((ab){1,1000}c){1,3}
+</pre>
+uses 51K bytes when compiled using the 8-bit library. When PCRE is compiled
+with its default internal pointer size of two bytes, the size limit on a
+compiled pattern is 64K data units, and this is reached with the above pattern
+if the outer repetition is increased from 3 to 4. PCRE can be compiled to use
+larger internal pointers and thus handle larger compiled patterns, but it is
+better to try to rewrite your pattern to use less memory if you can.
+</P>
+<P>
+One way of reducing the memory usage for such patterns is to make use of PCRE's
+<a href="pcrepattern.html#subpatternsassubroutines">"subroutine"</a>
+facility. Re-writing the above pattern as
+<pre>
+  ((ab)(?2){0,999}c)(?1){0,2}
+</pre>
+reduces the memory requirements to 18K, and indeed it remains under 20K even
+with the outer repetition increased to 100. However, this pattern is not
+exactly equivalent, because the "subroutine" calls are treated as
+<a href="pcrepattern.html#atomicgroup">atomic groups</a>
+into which there can be no backtracking if there is a subsequent matching
+failure. Therefore, PCRE cannot do this kind of rewriting automatically.
+Furthermore, there is a noticeable loss of speed when executing the modified
+pattern. Nevertheless, if the atomic grouping is not a problem and the loss of
+speed is acceptable, this kind of rewriting will allow you to process patterns
+that PCRE cannot otherwise handle.
+</P>
+<br><b>
+STACK USAGE AT RUN TIME
+</b><br>
+<P>
+When <b>pcre_exec()</b> or <b>pcre[16|32]_exec()</b> is used for matching, certain
+kinds of pattern can cause it to use large amounts of the process stack. In
+some environments the default process stack is quite small, and if it runs out
+the result is often SIGSEGV. This issue is probably the most frequently raised
+problem with PCRE. Rewriting your pattern can often help. The
+<a href="pcrestack.html"><b>pcrestack</b></a>
+documentation discusses this issue in detail.
+</P>
+<br><b>
+PROCESSING TIME
+</b><br>
+<P>
+Certain items in regular expression patterns are processed more efficiently
+than others. It is more efficient to use a character class like [aeiou] than a
+set of single-character alternatives such as (a|e|i|o|u). In general, the
+simplest construction that provides the required behaviour is usually the most
+efficient. Jeffrey Friedl's book contains a lot of useful general discussion
+about optimizing regular expressions for efficient performance. This document
+contains a few observations about PCRE.
+</P>
+<P>
+Using Unicode character properties (the \p, \P, and \X escapes) is slow,
+because PCRE has to use a multi-stage table lookup whenever it needs a
+character's property. If you can find an alternative pattern that does not use
+character properties, it will probably be faster.
+</P>
+<P>
+By default, the escape sequences \b, \d, \s, and \w, and the POSIX
+character classes such as [:alpha:] do not use Unicode properties, partly for
+backwards compatibility, and partly for performance reasons. However, you can
+set PCRE_UCP if you want Unicode character properties to be used. This can
+double the matching time for items such as \d, when matched with
+a traditional matching function; the performance loss is less with
+a DFA matching function, and in both cases there is not much difference for
+\b.
+</P>
+<P>
+When a pattern begins with .* not in parentheses, or in parentheses that are
+not the subject of a backreference, and the PCRE_DOTALL option is set, the
+pattern is implicitly anchored by PCRE, since it can match only at the start of
+a subject string. However, if PCRE_DOTALL is not set, PCRE cannot make this
+optimization, because the . metacharacter does not then match a newline, and if
+the subject string contains newlines, the pattern may match from the character
+immediately following one of them instead of from the very start. For example,
+the pattern
+<pre>
+  .*second
+</pre>
+matches the subject "first\nand second" (where \n stands for a newline
+character), with the match starting at the seventh character. In order to do
+this, PCRE has to retry the match starting after every newline in the subject.
+</P>
+<P>
+If you are using such a pattern with subject strings that do not contain
+newlines, the best performance is obtained by setting PCRE_DOTALL, or starting
+the pattern with ^.* or ^.*? to indicate explicit anchoring. That saves PCRE
+from having to scan along the subject looking for a newline to restart at.
+</P>
+<P>
+Beware of patterns that contain nested indefinite repeats. These can take a
+long time to run when applied to a string that does not match. Consider the
+pattern fragment
+<pre>
+  ^(a+)*
+</pre>
+This can match "aaaa" in 16 different ways, and this number increases very
+rapidly as the string gets longer. (The * repeat can match 0, 1, 2, 3, or 4
+times, and for each of those cases other than 0 or 4, the + repeats can match
+different numbers of times.) When the remainder of the pattern is such that the
+entire match is going to fail, PCRE has in principle to try every possible
+variation, and this can take an extremely long time, even for relatively short
+strings.
+</P>
+<P>
+An optimization catches some of the more simple cases such as
+<pre>
+  (a+)*b
+</pre>
+where a literal character follows. Before embarking on the standard matching
+procedure, PCRE checks that there is a "b" later in the subject string, and if
+there is not, it fails the match immediately. However, when there is no
+following literal this optimization cannot be used. You can see the difference
+by comparing the behaviour of
+<pre>
+  (a+)*\d
+</pre>
+with the pattern above. The former gives a failure almost instantly when
+applied to a whole line of "a" characters, whereas the latter takes an
+appreciable time with strings longer than about 20 characters.
+</P>
+<P>
+In many cases, the solution to this kind of performance issue is to use an
+atomic group or a possessive quantifier.
+</P>
+<br><b>
+AUTHOR
+</b><br>
+<P>
+Philip Hazel
+<br>
+University Computing Service
+<br>
+Cambridge CB2 3QH, England.
+<br>
+</P>
+<br><b>
+REVISION
+</b><br>
+<P>
+Last updated: 25 August 2012
+<br>
+Copyright &copy; 1997-2012 University of Cambridge.
+<br>
+<p>
+Return to the <a href="index.html">PCRE index page</a>.
+</p>
diff --git a/client/3rd/ShadowSocks/ShadowSocks/pcre/armv7s/share/doc/pcre/html/pcreposix.html b/client/3rd/ShadowSocks/ShadowSocks/pcre/armv7s/share/doc/pcre/html/pcreposix.html
new file mode 100644
index 00000000..18924cf7
--- /dev/null
+++ b/client/3rd/ShadowSocks/ShadowSocks/pcre/armv7s/share/doc/pcre/html/pcreposix.html
@@ -0,0 +1,290 @@
+<html>
+<head>
+<title>pcreposix specification</title>
+</head>
+<body bgcolor="#FFFFFF" text="#00005A" link="#0066FF" alink="#3399FF" vlink="#2222BB">
+<h1>pcreposix man page</h1>
+<p>
+Return to the <a href="index.html">PCRE index page</a>.
+</p>
+<p>
+This page is part of the PCRE HTML documentation. It was generated automatically
+from the original man page. If there is any nonsense in it, please consult the
+man page, in case the conversion went wrong.
+<br>
+<ul>
+<li><a name="TOC1" href="#SEC1">SYNOPSIS</a>
+<li><a name="TOC2" href="#SEC2">DESCRIPTION</a>
+<li><a name="TOC3" href="#SEC3">COMPILING A PATTERN</a>
+<li><a name="TOC4" href="#SEC4">MATCHING NEWLINE CHARACTERS</a>
+<li><a name="TOC5" href="#SEC5">MATCHING A PATTERN</a>
+<li><a name="TOC6" href="#SEC6">ERROR MESSAGES</a>
+<li><a name="TOC7" href="#SEC7">MEMORY USAGE</a>
+<li><a name="TOC8" href="#SEC8">AUTHOR</a>
+<li><a name="TOC9" href="#SEC9">REVISION</a>
+</ul>
+<br><a name="SEC1" href="#TOC1">SYNOPSIS</a><br>
+<P>
+<b>#include &#60;pcreposix.h&#62;</b>
+</P>
+<P>
+<b>int regcomp(regex_t *<i>preg</i>, const char *<i>pattern</i>,</b>
+<b>     int <i>cflags</i>);</b>
+<br>
+<br>
+<b>int regexec(regex_t *<i>preg</i>, const char *<i>string</i>,</b>
+<b>     size_t <i>nmatch</i>, regmatch_t <i>pmatch</i>[], int <i>eflags</i>);</b>
+<b>     size_t regerror(int <i>errcode</i>, const regex_t *<i>preg</i>,</b>
+<b>     char *<i>errbuf</i>, size_t <i>errbuf_size</i>);</b>
+<br>
+<br>
+<b>void regfree(regex_t *<i>preg</i>);</b>
+</P>
+<br><a name="SEC2" href="#TOC1">DESCRIPTION</a><br>
+<P>
+This set of functions provides a POSIX-style API for the PCRE regular
+expression 8-bit library. See the
+<a href="pcreapi.html"><b>pcreapi</b></a>
+documentation for a description of PCRE's native API, which contains much
+additional functionality. There is no POSIX-style wrapper for PCRE's 16-bit
+and 32-bit library.
+</P>
+<P>
+The functions described here are just wrapper functions that ultimately call
+the PCRE native API. Their prototypes are defined in the <b>pcreposix.h</b>
+header file, and on Unix systems the library itself is called
+<b>pcreposix.a</b>, so can be accessed by adding <b>-lpcreposix</b> to the
+command for linking an application that uses them. Because the POSIX functions
+call the native ones, it is also necessary to add <b>-lpcre</b>.
+</P>
+<P>
+I have implemented only those POSIX option bits that can be reasonably mapped
+to PCRE native options. In addition, the option REG_EXTENDED is defined with
+the value zero. This has no effect, but since programs that are written to the
+POSIX interface often use it, this makes it easier to slot in PCRE as a
+replacement library. Other POSIX options are not even defined.
+</P>
+<P>
+There are also some other options that are not defined by POSIX. These have
+been added at the request of users who want to make use of certain
+PCRE-specific features via the POSIX calling interface.
+</P>
+<P>
+When PCRE is called via these functions, it is only the API that is POSIX-like
+in style. The syntax and semantics of the regular expressions themselves are
+still those of Perl, subject to the setting of various PCRE options, as
+described below. "POSIX-like in style" means that the API approximates to the
+POSIX definition; it is not fully POSIX-compatible, and in multi-byte encoding
+domains it is probably even less compatible.
+</P>
+<P>
+The header for these functions is supplied as <b>pcreposix.h</b> to avoid any
+potential clash with other POSIX libraries. It can, of course, be renamed or
+aliased as <b>regex.h</b>, which is the "correct" name. It provides two
+structure types, <i>regex_t</i> for compiled internal forms, and
+<i>regmatch_t</i> for returning captured substrings. It also defines some
+constants whose names start with "REG_"; these are used for setting options and
+identifying error codes.
+</P>
+<br><a name="SEC3" href="#TOC1">COMPILING A PATTERN</a><br>
+<P>
+The function <b>regcomp()</b> is called to compile a pattern into an
+internal form. The pattern is a C string terminated by a binary zero, and
+is passed in the argument <i>pattern</i>. The <i>preg</i> argument is a pointer
+to a <b>regex_t</b> structure that is used as a base for storing information
+about the compiled regular expression.
+</P>
+<P>
+The argument <i>cflags</i> is either zero, or contains one or more of the bits
+defined by the following macros:
+<pre>
+  REG_DOTALL
+</pre>
+The PCRE_DOTALL option is set when the regular expression is passed for
+compilation to the native function. Note that REG_DOTALL is not part of the
+POSIX standard.
+<pre>
+  REG_ICASE
+</pre>
+The PCRE_CASELESS option is set when the regular expression is passed for
+compilation to the native function.
+<pre>
+  REG_NEWLINE
+</pre>
+The PCRE_MULTILINE option is set when the regular expression is passed for
+compilation to the native function. Note that this does <i>not</i> mimic the
+defined POSIX behaviour for REG_NEWLINE (see the following section).
+<pre>
+  REG_NOSUB
+</pre>
+The PCRE_NO_AUTO_CAPTURE option is set when the regular expression is passed
+for compilation to the native function. In addition, when a pattern that is
+compiled with this flag is passed to <b>regexec()</b> for matching, the
+<i>nmatch</i> and <i>pmatch</i> arguments are ignored, and no captured strings
+are returned.
+<pre>
+  REG_UCP
+</pre>
+The PCRE_UCP option is set when the regular expression is passed for
+compilation to the native function. This causes PCRE to use Unicode properties
+when matchine \d, \w, etc., instead of just recognizing ASCII values. Note
+that REG_UTF8 is not part of the POSIX standard.
+<pre>
+  REG_UNGREEDY
+</pre>
+The PCRE_UNGREEDY option is set when the regular expression is passed for
+compilation to the native function. Note that REG_UNGREEDY is not part of the
+POSIX standard.
+<pre>
+  REG_UTF8
+</pre>
+The PCRE_UTF8 option is set when the regular expression is passed for
+compilation to the native function. This causes the pattern itself and all data
+strings used for matching it to be treated as UTF-8 strings. Note that REG_UTF8
+is not part of the POSIX standard.
+</P>
+<P>
+In the absence of these flags, no options are passed to the native function.
+This means the the regex is compiled with PCRE default semantics. In
+particular, the way it handles newline characters in the subject string is the
+Perl way, not the POSIX way. Note that setting PCRE_MULTILINE has only
+<i>some</i> of the effects specified for REG_NEWLINE. It does not affect the way
+newlines are matched by . (they are not) or by a negative class such as [^a]
+(they are).
+</P>
+<P>
+The yield of <b>regcomp()</b> is zero on success, and non-zero otherwise. The
+<i>preg</i> structure is filled in on success, and one member of the structure
+is public: <i>re_nsub</i> contains the number of capturing subpatterns in
+the regular expression. Various error codes are defined in the header file.
+</P>
+<P>
+NOTE: If the yield of <b>regcomp()</b> is non-zero, you must not attempt to
+use the contents of the <i>preg</i> structure. If, for example, you pass it to
+<b>regexec()</b>, the result is undefined and your program is likely to crash.
+</P>
+<br><a name="SEC4" href="#TOC1">MATCHING NEWLINE CHARACTERS</a><br>
+<P>
+This area is not simple, because POSIX and Perl take different views of things.
+It is not possible to get PCRE to obey POSIX semantics, but then PCRE was never
+intended to be a POSIX engine. The following table lists the different
+possibilities for matching newline characters in PCRE:
+<pre>
+                          Default   Change with
+
+  . matches newline          no     PCRE_DOTALL
+  newline matches [^a]       yes    not changeable
+  $ matches \n at end        yes    PCRE_DOLLARENDONLY
+  $ matches \n in middle     no     PCRE_MULTILINE
+  ^ matches \n in middle     no     PCRE_MULTILINE
+</pre>
+This is the equivalent table for POSIX:
+<pre>
+                          Default   Change with
+
+  . matches newline          yes    REG_NEWLINE
+  newline matches [^a]       yes    REG_NEWLINE
+  $ matches \n at end        no     REG_NEWLINE
+  $ matches \n in middle     no     REG_NEWLINE
+  ^ matches \n in middle     no     REG_NEWLINE
+</pre>
+PCRE's behaviour is the same as Perl's, except that there is no equivalent for
+PCRE_DOLLAR_ENDONLY in Perl. In both PCRE and Perl, there is no way to stop
+newline from matching [^a].
+</P>
+<P>
+The default POSIX newline handling can be obtained by setting PCRE_DOTALL and
+PCRE_DOLLAR_ENDONLY, but there is no way to make PCRE behave exactly as for the
+REG_NEWLINE action.
+</P>
+<br><a name="SEC5" href="#TOC1">MATCHING A PATTERN</a><br>
+<P>
+The function <b>regexec()</b> is called to match a compiled pattern <i>preg</i>
+against a given <i>string</i>, which is by default terminated by a zero byte
+(but see REG_STARTEND below), subject to the options in <i>eflags</i>. These can
+be:
+<pre>
+  REG_NOTBOL
+</pre>
+The PCRE_NOTBOL option is set when calling the underlying PCRE matching
+function.
+<pre>
+  REG_NOTEMPTY
+</pre>
+The PCRE_NOTEMPTY option is set when calling the underlying PCRE matching
+function. Note that REG_NOTEMPTY is not part of the POSIX standard. However,
+setting this option can give more POSIX-like behaviour in some situations.
+<pre>
+  REG_NOTEOL
+</pre>
+The PCRE_NOTEOL option is set when calling the underlying PCRE matching
+function.
+<pre>
+  REG_STARTEND
+</pre>
+The string is considered to start at <i>string</i> + <i>pmatch[0].rm_so</i> and
+to have a terminating NUL located at <i>string</i> + <i>pmatch[0].rm_eo</i>
+(there need not actually be a NUL at that location), regardless of the value of
+<i>nmatch</i>. This is a BSD extension, compatible with but not specified by
+IEEE Standard 1003.2 (POSIX.2), and should be used with caution in software
+intended to be portable to other systems. Note that a non-zero <i>rm_so</i> does
+not imply REG_NOTBOL; REG_STARTEND affects only the location of the string, not
+how it is matched.
+</P>
+<P>
+If the pattern was compiled with the REG_NOSUB flag, no data about any matched
+strings is returned. The <i>nmatch</i> and <i>pmatch</i> arguments of
+<b>regexec()</b> are ignored.
+</P>
+<P>
+If the value of <i>nmatch</i> is zero, or if the value <i>pmatch</i> is NULL,
+no data about any matched strings is returned.
+</P>
+<P>
+Otherwise,the portion of the string that was matched, and also any captured
+substrings, are returned via the <i>pmatch</i> argument, which points to an
+array of <i>nmatch</i> structures of type <i>regmatch_t</i>, containing the
+members <i>rm_so</i> and <i>rm_eo</i>. These contain the offset to the first
+character of each substring and the offset to the first character after the end
+of each substring, respectively. The 0th element of the vector relates to the
+entire portion of <i>string</i> that was matched; subsequent elements relate to
+the capturing subpatterns of the regular expression. Unused entries in the
+array have both structure members set to -1.
+</P>
+<P>
+A successful match yields a zero return; various error codes are defined in the
+header file, of which REG_NOMATCH is the "expected" failure code.
+</P>
+<br><a name="SEC6" href="#TOC1">ERROR MESSAGES</a><br>
+<P>
+The <b>regerror()</b> function maps a non-zero errorcode from either
+<b>regcomp()</b> or <b>regexec()</b> to a printable message. If <i>preg</i> is not
+NULL, the error should have arisen from the use of that structure. A message
+terminated by a binary zero is placed in <i>errbuf</i>. The length of the
+message, including the zero, is limited to <i>errbuf_size</i>. The yield of the
+function is the size of buffer needed to hold the whole message.
+</P>
+<br><a name="SEC7" href="#TOC1">MEMORY USAGE</a><br>
+<P>
+Compiling a regular expression causes memory to be allocated and associated
+with the <i>preg</i> structure. The function <b>regfree()</b> frees all such
+memory, after which <i>preg</i> may no longer be used as a compiled expression.
+</P>
+<br><a name="SEC8" href="#TOC1">AUTHOR</a><br>
+<P>
+Philip Hazel
+<br>
+University Computing Service
+<br>
+Cambridge CB2 3QH, England.
+<br>
+</P>
+<br><a name="SEC9" href="#TOC1">REVISION</a><br>
+<P>
+Last updated: 09 January 2012
+<br>
+Copyright &copy; 1997-2012 University of Cambridge.
+<br>
+<p>
+Return to the <a href="index.html">PCRE index page</a>.
+</p>
diff --git a/client/3rd/ShadowSocks/ShadowSocks/pcre/armv7s/share/doc/pcre/html/pcreprecompile.html b/client/3rd/ShadowSocks/ShadowSocks/pcre/armv7s/share/doc/pcre/html/pcreprecompile.html
new file mode 100644
index 00000000..decb1d6c
--- /dev/null
+++ b/client/3rd/ShadowSocks/ShadowSocks/pcre/armv7s/share/doc/pcre/html/pcreprecompile.html
@@ -0,0 +1,163 @@
+<html>
+<head>
+<title>pcreprecompile specification</title>
+</head>
+<body bgcolor="#FFFFFF" text="#00005A" link="#0066FF" alink="#3399FF" vlink="#2222BB">
+<h1>pcreprecompile man page</h1>
+<p>
+Return to the <a href="index.html">PCRE index page</a>.
+</p>
+<p>
+This page is part of the PCRE HTML documentation. It was generated automatically
+from the original man page. If there is any nonsense in it, please consult the
+man page, in case the conversion went wrong.
+<br>
+<ul>
+<li><a name="TOC1" href="#SEC1">SAVING AND RE-USING PRECOMPILED PCRE PATTERNS</a>
+<li><a name="TOC2" href="#SEC2">SAVING A COMPILED PATTERN</a>
+<li><a name="TOC3" href="#SEC3">RE-USING A PRECOMPILED PATTERN</a>
+<li><a name="TOC4" href="#SEC4">COMPATIBILITY WITH DIFFERENT PCRE RELEASES</a>
+<li><a name="TOC5" href="#SEC5">AUTHOR</a>
+<li><a name="TOC6" href="#SEC6">REVISION</a>
+</ul>
+<br><a name="SEC1" href="#TOC1">SAVING AND RE-USING PRECOMPILED PCRE PATTERNS</a><br>
+<P>
+If you are running an application that uses a large number of regular
+expression patterns, it may be useful to store them in a precompiled form
+instead of having to compile them every time the application is run.
+If you are not using any private character tables (see the
+<a href="pcre_maketables.html"><b>pcre_maketables()</b></a>
+documentation), this is relatively straightforward. If you are using private
+tables, it is a little bit more complicated. However, if you are using the
+just-in-time optimization feature, it is not possible to save and reload the
+JIT data.
+</P>
+<P>
+If you save compiled patterns to a file, you can copy them to a different host
+and run them there. If the two hosts have different endianness (byte order),
+you should run the <b>pcre[16|32]_pattern_to_host_byte_order()</b> function on the
+new host before trying to match the pattern. The matching functions return
+PCRE_ERROR_BADENDIANNESS if they detect a pattern with the wrong endianness.
+</P>
+<P>
+Compiling regular expressions with one version of PCRE for use with a different
+version is not guaranteed to work and may cause crashes, and saving and
+restoring a compiled pattern loses any JIT optimization data.
+</P>
+<br><a name="SEC2" href="#TOC1">SAVING A COMPILED PATTERN</a><br>
+<P>
+The value returned by <b>pcre[16|32]_compile()</b> points to a single block of
+memory that holds the compiled pattern and associated data. You can find the
+length of this block in bytes by calling <b>pcre[16|32]_fullinfo()</b> with an
+argument of PCRE_INFO_SIZE. You can then save the data in any appropriate
+manner. Here is sample code for the 8-bit library that compiles a pattern and
+writes it to a file. It assumes that the variable <i>fd</i> refers to a file
+that is open for output:
+<pre>
+  int erroroffset, rc, size;
+  char *error;
+  pcre *re;
+
+  re = pcre_compile("my pattern", 0, &error, &erroroffset, NULL);
+  if (re == NULL) { ... handle errors ... }
+  rc = pcre_fullinfo(re, NULL, PCRE_INFO_SIZE, &size);
+  if (rc &#60; 0) { ... handle errors ... }
+  rc = fwrite(re, 1, size, fd);
+  if (rc != size) { ... handle errors ... }
+</pre>
+In this example, the bytes that comprise the compiled pattern are copied
+exactly. Note that this is binary data that may contain any of the 256 possible
+byte values. On systems that make a distinction between binary and non-binary
+data, be sure that the file is opened for binary output.
+</P>
+<P>
+If you want to write more than one pattern to a file, you will have to devise a
+way of separating them. For binary data, preceding each pattern with its length
+is probably the most straightforward approach. Another possibility is to write
+out the data in hexadecimal instead of binary, one pattern to a line.
+</P>
+<P>
+Saving compiled patterns in a file is only one possible way of storing them for
+later use. They could equally well be saved in a database, or in the memory of
+some daemon process that passes them via sockets to the processes that want
+them.
+</P>
+<P>
+If the pattern has been studied, it is also possible to save the normal study
+data in a similar way to the compiled pattern itself. However, if the
+PCRE_STUDY_JIT_COMPILE was used, the just-in-time data that is created cannot
+be saved because it is too dependent on the current environment. When studying
+generates additional information, <b>pcre[16|32]_study()</b> returns a pointer to a
+<b>pcre[16|32]_extra</b> data block. Its format is defined in the
+<a href="pcreapi.html#extradata">section on matching a pattern</a>
+in the
+<a href="pcreapi.html"><b>pcreapi</b></a>
+documentation. The <i>study_data</i> field points to the binary study data, and
+this is what you must save (not the <b>pcre[16|32]_extra</b> block itself). The
+length of the study data can be obtained by calling <b>pcre[16|32]_fullinfo()</b>
+with an argument of PCRE_INFO_STUDYSIZE. Remember to check that
+<b>pcre[16|32]_study()</b> did return a non-NULL value before trying to save the
+study data.
+</P>
+<br><a name="SEC3" href="#TOC1">RE-USING A PRECOMPILED PATTERN</a><br>
+<P>
+Re-using a precompiled pattern is straightforward. Having reloaded it into main
+memory, called <b>pcre[16|32]_pattern_to_host_byte_order()</b> if necessary, you
+pass its pointer to <b>pcre[16|32]_exec()</b> or <b>pcre[16|32]_dfa_exec()</b> in
+the usual way.
+</P>
+<P>
+However, if you passed a pointer to custom character tables when the pattern
+was compiled (the <i>tableptr</i> argument of <b>pcre[16|32]_compile()</b>), you
+must now pass a similar pointer to <b>pcre[16|32]_exec()</b> or
+<b>pcre[16|32]_dfa_exec()</b>, because the value saved with the compiled pattern
+will obviously be nonsense. A field in a <b>pcre[16|32]_extra()</b> block is used
+to pass this data, as described in the
+<a href="pcreapi.html#extradata">section on matching a pattern</a>
+in the
+<a href="pcreapi.html"><b>pcreapi</b></a>
+documentation.
+</P>
+<P>
+<b>Warning:</b> The tables that <b>pcre_exec()</b> and <b>pcre_dfa_exec()</b> use
+must be the same as those that were used when the pattern was compiled. If this
+is not the case, the behaviour is undefined.
+</P>
+<P>
+If you did not provide custom character tables when the pattern was compiled,
+the pointer in the compiled pattern is NULL, which causes the matching
+functions to use PCRE's internal tables. Thus, you do not need to take any
+special action at run time in this case.
+</P>
+<P>
+If you saved study data with the compiled pattern, you need to create your own
+<b>pcre[16|32]_extra</b> data block and set the <i>study_data</i> field to point
+to the reloaded study data. You must also set the PCRE_EXTRA_STUDY_DATA bit in
+the <i>flags</i> field to indicate that study data is present. Then pass the
+<b>pcre[16|32]_extra</b> block to the matching function in the usual way. If the
+pattern was studied for just-in-time optimization, that data cannot be saved,
+and so is lost by a save/restore cycle.
+</P>
+<br><a name="SEC4" href="#TOC1">COMPATIBILITY WITH DIFFERENT PCRE RELEASES</a><br>
+<P>
+In general, it is safest to recompile all saved patterns when you update to a
+new PCRE release, though not all updates actually require this.
+</P>
+<br><a name="SEC5" href="#TOC1">AUTHOR</a><br>
+<P>
+Philip Hazel
+<br>
+University Computing Service
+<br>
+Cambridge CB2 3QH, England.
+<br>
+</P>
+<br><a name="SEC6" href="#TOC1">REVISION</a><br>
+<P>
+Last updated: 12 November 2013
+<br>
+Copyright &copy; 1997-2013 University of Cambridge.
+<br>
+<p>
+Return to the <a href="index.html">PCRE index page</a>.
+</p>
diff --git a/client/3rd/ShadowSocks/ShadowSocks/pcre/armv7s/share/doc/pcre/html/pcresample.html b/client/3rd/ShadowSocks/ShadowSocks/pcre/armv7s/share/doc/pcre/html/pcresample.html
new file mode 100644
index 00000000..aca9184e
--- /dev/null
+++ b/client/3rd/ShadowSocks/ShadowSocks/pcre/armv7s/share/doc/pcre/html/pcresample.html
@@ -0,0 +1,110 @@
+<html>
+<head>
+<title>pcresample specification</title>
+</head>
+<body bgcolor="#FFFFFF" text="#00005A" link="#0066FF" alink="#3399FF" vlink="#2222BB">
+<h1>pcresample man page</h1>
+<p>
+Return to the <a href="index.html">PCRE index page</a>.
+</p>
+<p>
+This page is part of the PCRE HTML documentation. It was generated automatically
+from the original man page. If there is any nonsense in it, please consult the
+man page, in case the conversion went wrong.
+<br>
+<br><b>
+PCRE SAMPLE PROGRAM
+</b><br>
+<P>
+A simple, complete demonstration program, to get you started with using PCRE,
+is supplied in the file <i>pcredemo.c</i> in the PCRE distribution. A listing of
+this program is given in the
+<a href="pcredemo.html"><b>pcredemo</b></a>
+documentation. If you do not have a copy of the PCRE distribution, you can save
+this listing to re-create <i>pcredemo.c</i>.
+</P>
+<P>
+The demonstration program, which uses the original PCRE 8-bit library, compiles
+the regular expression that is its first argument, and matches it against the
+subject string in its second argument. No PCRE options are set, and default
+character tables are used. If matching succeeds, the program outputs the
+portion of the subject that matched, together with the contents of any captured
+substrings.
+</P>
+<P>
+If the -g option is given on the command line, the program then goes on to
+check for further matches of the same regular expression in the same subject
+string. The logic is a little bit tricky because of the possibility of matching
+an empty string. Comments in the code explain what is going on.
+</P>
+<P>
+If PCRE is installed in the standard include and library directories for your
+operating system, you should be able to compile the demonstration program using
+this command:
+<pre>
+  gcc -o pcredemo pcredemo.c -lpcre
+</pre>
+If PCRE is installed elsewhere, you may need to add additional options to the
+command line. For example, on a Unix-like system that has PCRE installed in
+<i>/usr/local</i>, you can compile the demonstration program using a command
+like this:
+<pre>
+  gcc -o pcredemo -I/usr/local/include pcredemo.c -L/usr/local/lib -lpcre
+</pre>
+In a Windows environment, if you want to statically link the program against a
+non-dll <b>pcre.a</b> file, you must uncomment the line that defines PCRE_STATIC
+before including <b>pcre.h</b>, because otherwise the <b>pcre_malloc()</b> and
+<b>pcre_free()</b> exported functions will be declared
+<b>__declspec(dllimport)</b>, with unwanted results.
+</P>
+<P>
+Once you have compiled and linked the demonstration program, you can run simple
+tests like this:
+<pre>
+  ./pcredemo 'cat|dog' 'the cat sat on the mat'
+  ./pcredemo -g 'cat|dog' 'the dog sat on the cat'
+</pre>
+Note that there is a much more comprehensive test program, called
+<a href="pcretest.html"><b>pcretest</b>,</a>
+which supports many more facilities for testing regular expressions and both
+PCRE libraries. The
+<a href="pcredemo.html"><b>pcredemo</b></a>
+program is provided as a simple coding example.
+</P>
+<P>
+If you try to run
+<a href="pcredemo.html"><b>pcredemo</b></a>
+when PCRE is not installed in the standard library directory, you may get an
+error like this on some operating systems (e.g. Solaris):
+<pre>
+  ld.so.1: a.out: fatal: libpcre.so.0: open failed: No such file or directory
+</pre>
+This is caused by the way shared library support works on those systems. You
+need to add
+<pre>
+  -R/usr/local/lib
+</pre>
+(for example) to the compile command to get round this problem.
+</P>
+<br><b>
+AUTHOR
+</b><br>
+<P>
+Philip Hazel
+<br>
+University Computing Service
+<br>
+Cambridge CB2 3QH, England.
+<br>
+</P>
+<br><b>
+REVISION
+</b><br>
+<P>
+Last updated: 10 January 2012
+<br>
+Copyright &copy; 1997-2012 University of Cambridge.
+<br>
+<p>
+Return to the <a href="index.html">PCRE index page</a>.
+</p>
diff --git a/client/3rd/ShadowSocks/ShadowSocks/pcre/armv7s/share/doc/pcre/html/pcrestack.html b/client/3rd/ShadowSocks/ShadowSocks/pcre/armv7s/share/doc/pcre/html/pcrestack.html
new file mode 100644
index 00000000..af6406d0
--- /dev/null
+++ b/client/3rd/ShadowSocks/ShadowSocks/pcre/armv7s/share/doc/pcre/html/pcrestack.html
@@ -0,0 +1,225 @@
+<html>
+<head>
+<title>pcrestack specification</title>
+</head>
+<body bgcolor="#FFFFFF" text="#00005A" link="#0066FF" alink="#3399FF" vlink="#2222BB">
+<h1>pcrestack man page</h1>
+<p>
+Return to the <a href="index.html">PCRE index page</a>.
+</p>
+<p>
+This page is part of the PCRE HTML documentation. It was generated automatically
+from the original man page. If there is any nonsense in it, please consult the
+man page, in case the conversion went wrong.
+<br>
+<br><b>
+PCRE DISCUSSION OF STACK USAGE
+</b><br>
+<P>
+When you call <b>pcre[16|32]_exec()</b>, it makes use of an internal function
+called <b>match()</b>. This calls itself recursively at branch points in the
+pattern, in order to remember the state of the match so that it can back up and
+try a different alternative if the first one fails. As matching proceeds deeper
+and deeper into the tree of possibilities, the recursion depth increases. The
+<b>match()</b> function is also called in other circumstances, for example,
+whenever a parenthesized sub-pattern is entered, and in certain cases of
+repetition.
+</P>
+<P>
+Not all calls of <b>match()</b> increase the recursion depth; for an item such
+as a* it may be called several times at the same level, after matching
+different numbers of a's. Furthermore, in a number of cases where the result of
+the recursive call would immediately be passed back as the result of the
+current call (a "tail recursion"), the function is just restarted instead.
+</P>
+<P>
+The above comments apply when <b>pcre[16|32]_exec()</b> is run in its normal
+interpretive manner. If the pattern was studied with the
+PCRE_STUDY_JIT_COMPILE option, and just-in-time compiling was successful, and
+the options passed to <b>pcre[16|32]_exec()</b> were not incompatible, the matching
+process uses the JIT-compiled code instead of the <b>match()</b> function. In
+this case, the memory requirements are handled entirely differently. See the
+<a href="pcrejit.html"><b>pcrejit</b></a>
+documentation for details.
+</P>
+<P>
+The <b>pcre[16|32]_dfa_exec()</b> function operates in an entirely different way,
+and uses recursion only when there is a regular expression recursion or
+subroutine call in the pattern. This includes the processing of assertion and
+"once-only" subpatterns, which are handled like subroutine calls. Normally,
+these are never very deep, and the limit on the complexity of
+<b>pcre[16|32]_dfa_exec()</b> is controlled by the amount of workspace it is given.
+However, it is possible to write patterns with runaway infinite recursions;
+such patterns will cause <b>pcre[16|32]_dfa_exec()</b> to run out of stack. At
+present, there is no protection against this.
+</P>
+<P>
+The comments that follow do NOT apply to <b>pcre[16|32]_dfa_exec()</b>; they are
+relevant only for <b>pcre[16|32]_exec()</b> without the JIT optimization.
+</P>
+<br><b>
+Reducing <b>pcre[16|32]_exec()</b>'s stack usage
+</b><br>
+<P>
+Each time that <b>match()</b> is actually called recursively, it uses memory
+from the process stack. For certain kinds of pattern and data, very large
+amounts of stack may be needed, despite the recognition of "tail recursion".
+You can often reduce the amount of recursion, and therefore the amount of stack
+used, by modifying the pattern that is being matched. Consider, for example,
+this pattern:
+<pre>
+  ([^&#60;]|&#60;(?!inet))+
+</pre>
+It matches from wherever it starts until it encounters "&#60;inet" or the end of
+the data, and is the kind of pattern that might be used when processing an XML
+file. Each iteration of the outer parentheses matches either one character that
+is not "&#60;" or a "&#60;" that is not followed by "inet". However, each time a
+parenthesis is processed, a recursion occurs, so this formulation uses a stack
+frame for each matched character. For a long string, a lot of stack is
+required. Consider now this rewritten pattern, which matches exactly the same
+strings:
+<pre>
+  ([^&#60;]++|&#60;(?!inet))+
+</pre>
+This uses very much less stack, because runs of characters that do not contain
+"&#60;" are "swallowed" in one item inside the parentheses. Recursion happens only
+when a "&#60;" character that is not followed by "inet" is encountered (and we
+assume this is relatively rare). A possessive quantifier is used to stop any
+backtracking into the runs of non-"&#60;" characters, but that is not related to
+stack usage.
+</P>
+<P>
+This example shows that one way of avoiding stack problems when matching long
+subject strings is to write repeated parenthesized subpatterns to match more
+than one character whenever possible.
+</P>
+<br><b>
+Compiling PCRE to use heap instead of stack for <b>pcre[16|32]_exec()</b>
+</b><br>
+<P>
+In environments where stack memory is constrained, you might want to compile
+PCRE to use heap memory instead of stack for remembering back-up points when
+<b>pcre[16|32]_exec()</b> is running. This makes it run a lot more slowly, however.
+Details of how to do this are given in the
+<a href="pcrebuild.html"><b>pcrebuild</b></a>
+documentation. When built in this way, instead of using the stack, PCRE obtains
+and frees memory by calling the functions that are pointed to by the
+<b>pcre[16|32]_stack_malloc</b> and <b>pcre[16|32]_stack_free</b> variables. By
+default, these point to <b>malloc()</b> and <b>free()</b>, but you can replace
+the pointers to cause PCRE to use your own functions. Since the block sizes are
+always the same, and are always freed in reverse order, it may be possible to
+implement customized memory handlers that are more efficient than the standard
+functions.
+</P>
+<br><b>
+Limiting <b>pcre[16|32]_exec()</b>'s stack usage
+</b><br>
+<P>
+You can set limits on the number of times that <b>match()</b> is called, both in
+total and recursively. If a limit is exceeded, <b>pcre[16|32]_exec()</b> returns an
+error code. Setting suitable limits should prevent it from running out of
+stack. The default values of the limits are very large, and unlikely ever to
+operate. They can be changed when PCRE is built, and they can also be set when
+<b>pcre[16|32]_exec()</b> is called. For details of these interfaces, see the
+<a href="pcrebuild.html"><b>pcrebuild</b></a>
+documentation and the
+<a href="pcreapi.html#extradata">section on extra data for <b>pcre[16|32]_exec()</b></a>
+in the
+<a href="pcreapi.html"><b>pcreapi</b></a>
+documentation.
+</P>
+<P>
+As a very rough rule of thumb, you should reckon on about 500 bytes per
+recursion. Thus, if you want to limit your stack usage to 8Mb, you should set
+the limit at 16000 recursions. A 64Mb stack, on the other hand, can support
+around 128000 recursions.
+</P>
+<P>
+In Unix-like environments, the <b>pcretest</b> test program has a command line
+option (<b>-S</b>) that can be used to increase the size of its stack. As long
+as the stack is large enough, another option (<b>-M</b>) can be used to find the
+smallest limits that allow a particular pattern to match a given subject
+string. This is done by calling <b>pcre[16|32]_exec()</b> repeatedly with different
+limits.
+</P>
+<br><b>
+Obtaining an estimate of stack usage
+</b><br>
+<P>
+The actual amount of stack used per recursion can vary quite a lot, depending
+on the compiler that was used to build PCRE and the optimization or debugging
+options that were set for it. The rule of thumb value of 500 bytes mentioned
+above may be larger or smaller than what is actually needed. A better
+approximation can be obtained by running this command:
+<pre>
+  pcretest -m -C
+</pre>
+The <b>-C</b> option causes <b>pcretest</b> to output information about the
+options with which PCRE was compiled. When <b>-m</b> is also given (before
+<b>-C</b>), information about stack use is given in a line like this:
+<pre>
+  Match recursion uses stack: approximate frame size = 640 bytes
+</pre>
+The value is approximate because some recursions need a bit more (up to perhaps
+16 more bytes).
+</P>
+<P>
+If the above command is given when PCRE is compiled to use the heap instead of
+the stack for recursion, the value that is output is the size of each block
+that is obtained from the heap.
+</P>
+<br><b>
+Changing stack size in Unix-like systems
+</b><br>
+<P>
+In Unix-like environments, there is not often a problem with the stack unless
+very long strings are involved, though the default limit on stack size varies
+from system to system. Values from 8Mb to 64Mb are common. You can find your
+default limit by running the command:
+<pre>
+  ulimit -s
+</pre>
+Unfortunately, the effect of running out of stack is often SIGSEGV, though
+sometimes a more explicit error message is given. You can normally increase the
+limit on stack size by code such as this:
+<pre>
+  struct rlimit rlim;
+  getrlimit(RLIMIT_STACK, &rlim);
+  rlim.rlim_cur = 100*1024*1024;
+  setrlimit(RLIMIT_STACK, &rlim);
+</pre>
+This reads the current limits (soft and hard) using <b>getrlimit()</b>, then
+attempts to increase the soft limit to 100Mb using <b>setrlimit()</b>. You must
+do this before calling <b>pcre[16|32]_exec()</b>.
+</P>
+<br><b>
+Changing stack size in Mac OS X
+</b><br>
+<P>
+Using <b>setrlimit()</b>, as described above, should also work on Mac OS X. It
+is also possible to set a stack size when linking a program. There is a
+discussion about stack sizes in Mac OS X at this web site:
+<a href="http://developer.apple.com/qa/qa2005/qa1419.html">http://developer.apple.com/qa/qa2005/qa1419.html.</a>
+</P>
+<br><b>
+AUTHOR
+</b><br>
+<P>
+Philip Hazel
+<br>
+University Computing Service
+<br>
+Cambridge CB2 3QH, England.
+<br>
+</P>
+<br><b>
+REVISION
+</b><br>
+<P>
+Last updated: 24 June 2012
+<br>
+Copyright &copy; 1997-2012 University of Cambridge.
+<br>
+<p>
+Return to the <a href="index.html">PCRE index page</a>.
+</p>
diff --git a/client/3rd/ShadowSocks/ShadowSocks/pcre/armv7s/share/doc/pcre/html/pcresyntax.html b/client/3rd/ShadowSocks/ShadowSocks/pcre/armv7s/share/doc/pcre/html/pcresyntax.html
new file mode 100644
index 00000000..5896b9e0
--- /dev/null
+++ b/client/3rd/ShadowSocks/ShadowSocks/pcre/armv7s/share/doc/pcre/html/pcresyntax.html
@@ -0,0 +1,561 @@
+<html>
+<head>
+<title>pcresyntax specification</title>
+</head>
+<body bgcolor="#FFFFFF" text="#00005A" link="#0066FF" alink="#3399FF" vlink="#2222BB">
+<h1>pcresyntax man page</h1>
+<p>
+Return to the <a href="index.html">PCRE index page</a>.
+</p>
+<p>
+This page is part of the PCRE HTML documentation. It was generated automatically
+from the original man page. If there is any nonsense in it, please consult the
+man page, in case the conversion went wrong.
+<br>
+<ul>
+<li><a name="TOC1" href="#SEC1">PCRE REGULAR EXPRESSION SYNTAX SUMMARY</a>
+<li><a name="TOC2" href="#SEC2">QUOTING</a>
+<li><a name="TOC3" href="#SEC3">CHARACTERS</a>
+<li><a name="TOC4" href="#SEC4">CHARACTER TYPES</a>
+<li><a name="TOC5" href="#SEC5">GENERAL CATEGORY PROPERTIES FOR \p and \P</a>
+<li><a name="TOC6" href="#SEC6">PCRE SPECIAL CATEGORY PROPERTIES FOR \p and \P</a>
+<li><a name="TOC7" href="#SEC7">SCRIPT NAMES FOR \p AND \P</a>
+<li><a name="TOC8" href="#SEC8">CHARACTER CLASSES</a>
+<li><a name="TOC9" href="#SEC9">QUANTIFIERS</a>
+<li><a name="TOC10" href="#SEC10">ANCHORS AND SIMPLE ASSERTIONS</a>
+<li><a name="TOC11" href="#SEC11">MATCH POINT RESET</a>
+<li><a name="TOC12" href="#SEC12">ALTERNATION</a>
+<li><a name="TOC13" href="#SEC13">CAPTURING</a>
+<li><a name="TOC14" href="#SEC14">ATOMIC GROUPS</a>
+<li><a name="TOC15" href="#SEC15">COMMENT</a>
+<li><a name="TOC16" href="#SEC16">OPTION SETTING</a>
+<li><a name="TOC17" href="#SEC17">NEWLINE CONVENTION</a>
+<li><a name="TOC18" href="#SEC18">WHAT \R MATCHES</a>
+<li><a name="TOC19" href="#SEC19">LOOKAHEAD AND LOOKBEHIND ASSERTIONS</a>
+<li><a name="TOC20" href="#SEC20">BACKREFERENCES</a>
+<li><a name="TOC21" href="#SEC21">SUBROUTINE REFERENCES (POSSIBLY RECURSIVE)</a>
+<li><a name="TOC22" href="#SEC22">CONDITIONAL PATTERNS</a>
+<li><a name="TOC23" href="#SEC23">BACKTRACKING CONTROL</a>
+<li><a name="TOC24" href="#SEC24">CALLOUTS</a>
+<li><a name="TOC25" href="#SEC25">SEE ALSO</a>
+<li><a name="TOC26" href="#SEC26">AUTHOR</a>
+<li><a name="TOC27" href="#SEC27">REVISION</a>
+</ul>
+<br><a name="SEC1" href="#TOC1">PCRE REGULAR EXPRESSION SYNTAX SUMMARY</a><br>
+<P>
+The full syntax and semantics of the regular expressions that are supported by
+PCRE are described in the
+<a href="pcrepattern.html"><b>pcrepattern</b></a>
+documentation. This document contains a quick-reference summary of the syntax.
+</P>
+<br><a name="SEC2" href="#TOC1">QUOTING</a><br>
+<P>
+<pre>
+  \x         where x is non-alphanumeric is a literal x
+  \Q...\E    treat enclosed characters as literal
+</PRE>
+</P>
+<br><a name="SEC3" href="#TOC1">CHARACTERS</a><br>
+<P>
+<pre>
+  \a         alarm, that is, the BEL character (hex 07)
+  \cx        "control-x", where x is any ASCII character
+  \e         escape (hex 1B)
+  \f         form feed (hex 0C)
+  \n         newline (hex 0A)
+  \r         carriage return (hex 0D)
+  \t         tab (hex 09)
+  \0dd       character with octal code 0dd
+  \ddd       character with octal code ddd, or backreference
+  \o{ddd..}  character with octal code ddd..
+  \xhh       character with hex code hh
+  \x{hhh..}  character with hex code hhh..
+</pre>
+Note that \0dd is always an octal code, and that \8 and \9 are the literal
+characters "8" and "9".
+</P>
+<br><a name="SEC4" href="#TOC1">CHARACTER TYPES</a><br>
+<P>
+<pre>
+  .          any character except newline;
+               in dotall mode, any character whatsoever
+  \C         one data unit, even in UTF mode (best avoided)
+  \d         a decimal digit
+  \D         a character that is not a decimal digit
+  \h         a horizontal white space character
+  \H         a character that is not a horizontal white space character
+  \N         a character that is not a newline
+  \p{<i>xx</i>}     a character with the <i>xx</i> property
+  \P{<i>xx</i>}     a character without the <i>xx</i> property
+  \R         a newline sequence
+  \s         a white space character
+  \S         a character that is not a white space character
+  \v         a vertical white space character
+  \V         a character that is not a vertical white space character
+  \w         a "word" character
+  \W         a "non-word" character
+  \X         a Unicode extended grapheme cluster
+</pre>
+By default, \d, \s, and \w match only ASCII characters, even in UTF-8 mode
+or in the 16- bit and 32-bit libraries. However, if locale-specific matching is
+happening, \s and \w may also match characters with code points in the range
+128-255. If the PCRE_UCP option is set, the behaviour of these escape sequences
+is changed to use Unicode properties and they match many more characters.
+</P>
+<br><a name="SEC5" href="#TOC1">GENERAL CATEGORY PROPERTIES FOR \p and \P</a><br>
+<P>
+<pre>
+  C          Other
+  Cc         Control
+  Cf         Format
+  Cn         Unassigned
+  Co         Private use
+  Cs         Surrogate
+
+  L          Letter
+  Ll         Lower case letter
+  Lm         Modifier letter
+  Lo         Other letter
+  Lt         Title case letter
+  Lu         Upper case letter
+  L&         Ll, Lu, or Lt
+
+  M          Mark
+  Mc         Spacing mark
+  Me         Enclosing mark
+  Mn         Non-spacing mark
+
+  N          Number
+  Nd         Decimal number
+  Nl         Letter number
+  No         Other number
+
+  P          Punctuation
+  Pc         Connector punctuation
+  Pd         Dash punctuation
+  Pe         Close punctuation
+  Pf         Final punctuation
+  Pi         Initial punctuation
+  Po         Other punctuation
+  Ps         Open punctuation
+
+  S          Symbol
+  Sc         Currency symbol
+  Sk         Modifier symbol
+  Sm         Mathematical symbol
+  So         Other symbol
+
+  Z          Separator
+  Zl         Line separator
+  Zp         Paragraph separator
+  Zs         Space separator
+</PRE>
+</P>
+<br><a name="SEC6" href="#TOC1">PCRE SPECIAL CATEGORY PROPERTIES FOR \p and \P</a><br>
+<P>
+<pre>
+  Xan        Alphanumeric: union of properties L and N
+  Xps        POSIX space: property Z or tab, NL, VT, FF, CR
+  Xsp        Perl space: property Z or tab, NL, VT, FF, CR
+  Xuc        Univerally-named character: one that can be
+               represented by a Universal Character Name
+  Xwd        Perl word: property Xan or underscore
+</pre>
+Perl and POSIX space are now the same. Perl added VT to its space character set
+at release 5.18 and PCRE changed at release 8.34.
+</P>
+<br><a name="SEC7" href="#TOC1">SCRIPT NAMES FOR \p AND \P</a><br>
+<P>
+Arabic,
+Armenian,
+Avestan,
+Balinese,
+Bamum,
+Bassa_Vah,
+Batak,
+Bengali,
+Bopomofo,
+Brahmi,
+Braille,
+Buginese,
+Buhid,
+Canadian_Aboriginal,
+Carian,
+Caucasian_Albanian,
+Chakma,
+Cham,
+Cherokee,
+Common,
+Coptic,
+Cuneiform,
+Cypriot,
+Cyrillic,
+Deseret,
+Devanagari,
+Duployan,
+Egyptian_Hieroglyphs,
+Elbasan,
+Ethiopic,
+Georgian,
+Glagolitic,
+Gothic,
+Grantha,
+Greek,
+Gujarati,
+Gurmukhi,
+Han,
+Hangul,
+Hanunoo,
+Hebrew,
+Hiragana,
+Imperial_Aramaic,
+Inherited,
+Inscriptional_Pahlavi,
+Inscriptional_Parthian,
+Javanese,
+Kaithi,
+Kannada,
+Katakana,
+Kayah_Li,
+Kharoshthi,
+Khmer,
+Khojki,
+Khudawadi,
+Lao,
+Latin,
+Lepcha,
+Limbu,
+Linear_A,
+Linear_B,
+Lisu,
+Lycian,
+Lydian,
+Mahajani,
+Malayalam,
+Mandaic,
+Manichaean,
+Meetei_Mayek,
+Mende_Kikakui,
+Meroitic_Cursive,
+Meroitic_Hieroglyphs,
+Miao,
+Modi,
+Mongolian,
+Mro,
+Myanmar,
+Nabataean,
+New_Tai_Lue,
+Nko,
+Ogham,
+Ol_Chiki,
+Old_Italic,
+Old_North_Arabian,
+Old_Permic,
+Old_Persian,
+Old_South_Arabian,
+Old_Turkic,
+Oriya,
+Osmanya,
+Pahawh_Hmong,
+Palmyrene,
+Pau_Cin_Hau,
+Phags_Pa,
+Phoenician,
+Psalter_Pahlavi,
+Rejang,
+Runic,
+Samaritan,
+Saurashtra,
+Sharada,
+Shavian,
+Siddham,
+Sinhala,
+Sora_Sompeng,
+Sundanese,
+Syloti_Nagri,
+Syriac,
+Tagalog,
+Tagbanwa,
+Tai_Le,
+Tai_Tham,
+Tai_Viet,
+Takri,
+Tamil,
+Telugu,
+Thaana,
+Thai,
+Tibetan,
+Tifinagh,
+Tirhuta,
+Ugaritic,
+Vai,
+Warang_Citi,
+Yi.
+</P>
+<br><a name="SEC8" href="#TOC1">CHARACTER CLASSES</a><br>
+<P>
+<pre>
+  [...]       positive character class
+  [^...]      negative character class
+  [x-y]       range (can be used for hex characters)
+  [[:xxx:]]   positive POSIX named set
+  [[:^xxx:]]  negative POSIX named set
+
+  alnum       alphanumeric
+  alpha       alphabetic
+  ascii       0-127
+  blank       space or tab
+  cntrl       control character
+  digit       decimal digit
+  graph       printing, excluding space
+  lower       lower case letter
+  print       printing, including space
+  punct       printing, excluding alphanumeric
+  space       white space
+  upper       upper case letter
+  word        same as \w
+  xdigit      hexadecimal digit
+</pre>
+In PCRE, POSIX character set names recognize only ASCII characters by default,
+but some of them use Unicode properties if PCRE_UCP is set. You can use
+\Q...\E inside a character class.
+</P>
+<br><a name="SEC9" href="#TOC1">QUANTIFIERS</a><br>
+<P>
+<pre>
+  ?           0 or 1, greedy
+  ?+          0 or 1, possessive
+  ??          0 or 1, lazy
+  *           0 or more, greedy
+  *+          0 or more, possessive
+  *?          0 or more, lazy
+  +           1 or more, greedy
+  ++          1 or more, possessive
+  +?          1 or more, lazy
+  {n}         exactly n
+  {n,m}       at least n, no more than m, greedy
+  {n,m}+      at least n, no more than m, possessive
+  {n,m}?      at least n, no more than m, lazy
+  {n,}        n or more, greedy
+  {n,}+       n or more, possessive
+  {n,}?       n or more, lazy
+</PRE>
+</P>
+<br><a name="SEC10" href="#TOC1">ANCHORS AND SIMPLE ASSERTIONS</a><br>
+<P>
+<pre>
+  \b          word boundary
+  \B          not a word boundary
+  ^           start of subject
+               also after internal newline in multiline mode
+  \A          start of subject
+  $           end of subject
+               also before newline at end of subject
+               also before internal newline in multiline mode
+  \Z          end of subject
+               also before newline at end of subject
+  \z          end of subject
+  \G          first matching position in subject
+</PRE>
+</P>
+<br><a name="SEC11" href="#TOC1">MATCH POINT RESET</a><br>
+<P>
+<pre>
+  \K          reset start of match
+</pre>
+\K is honoured in positive assertions, but ignored in negative ones.
+</P>
+<br><a name="SEC12" href="#TOC1">ALTERNATION</a><br>
+<P>
+<pre>
+  expr|expr|expr...
+</PRE>
+</P>
+<br><a name="SEC13" href="#TOC1">CAPTURING</a><br>
+<P>
+<pre>
+  (...)           capturing group
+  (?&#60;name&#62;...)    named capturing group (Perl)
+  (?'name'...)    named capturing group (Perl)
+  (?P&#60;name&#62;...)   named capturing group (Python)
+  (?:...)         non-capturing group
+  (?|...)         non-capturing group; reset group numbers for
+                   capturing groups in each alternative
+</PRE>
+</P>
+<br><a name="SEC14" href="#TOC1">ATOMIC GROUPS</a><br>
+<P>
+<pre>
+  (?&#62;...)         atomic, non-capturing group
+</PRE>
+</P>
+<br><a name="SEC15" href="#TOC1">COMMENT</a><br>
+<P>
+<pre>
+  (?#....)        comment (not nestable)
+</PRE>
+</P>
+<br><a name="SEC16" href="#TOC1">OPTION SETTING</a><br>
+<P>
+<pre>
+  (?i)            caseless
+  (?J)            allow duplicate names
+  (?m)            multiline
+  (?s)            single line (dotall)
+  (?U)            default ungreedy (lazy)
+  (?x)            extended (ignore white space)
+  (?-...)         unset option(s)
+</pre>
+The following are recognized only at the very start of a pattern or after one
+of the newline or \R options with similar syntax. More than one of them may
+appear.
+<pre>
+  (*LIMIT_MATCH=d) set the match limit to d (decimal number)
+  (*LIMIT_RECURSION=d) set the recursion limit to d (decimal number)
+  (*NO_AUTO_POSSESS) no auto-possessification (PCRE_NO_AUTO_POSSESS)
+  (*NO_START_OPT) no start-match optimization (PCRE_NO_START_OPTIMIZE)
+  (*UTF8)         set UTF-8 mode: 8-bit library (PCRE_UTF8)
+  (*UTF16)        set UTF-16 mode: 16-bit library (PCRE_UTF16)
+  (*UTF32)        set UTF-32 mode: 32-bit library (PCRE_UTF32)
+  (*UTF)          set appropriate UTF mode for the library in use
+  (*UCP)          set PCRE_UCP (use Unicode properties for \d etc)
+</pre>
+Note that LIMIT_MATCH and LIMIT_RECURSION can only reduce the value of the
+limits set by the caller of pcre_exec(), not increase them.
+</P>
+<br><a name="SEC17" href="#TOC1">NEWLINE CONVENTION</a><br>
+<P>
+These are recognized only at the very start of the pattern or after option
+settings with a similar syntax.
+<pre>
+  (*CR)           carriage return only
+  (*LF)           linefeed only
+  (*CRLF)         carriage return followed by linefeed
+  (*ANYCRLF)      all three of the above
+  (*ANY)          any Unicode newline sequence
+</PRE>
+</P>
+<br><a name="SEC18" href="#TOC1">WHAT \R MATCHES</a><br>
+<P>
+These are recognized only at the very start of the pattern or after option
+setting with a similar syntax.
+<pre>
+  (*BSR_ANYCRLF)  CR, LF, or CRLF
+  (*BSR_UNICODE)  any Unicode newline sequence
+</PRE>
+</P>
+<br><a name="SEC19" href="#TOC1">LOOKAHEAD AND LOOKBEHIND ASSERTIONS</a><br>
+<P>
+<pre>
+  (?=...)         positive look ahead
+  (?!...)         negative look ahead
+  (?&#60;=...)        positive look behind
+  (?&#60;!...)        negative look behind
+</pre>
+Each top-level branch of a look behind must be of a fixed length.
+</P>
+<br><a name="SEC20" href="#TOC1">BACKREFERENCES</a><br>
+<P>
+<pre>
+  \n              reference by number (can be ambiguous)
+  \gn             reference by number
+  \g{n}           reference by number
+  \g{-n}          relative reference by number
+  \k&#60;name&#62;        reference by name (Perl)
+  \k'name'        reference by name (Perl)
+  \g{name}        reference by name (Perl)
+  \k{name}        reference by name (.NET)
+  (?P=name)       reference by name (Python)
+</PRE>
+</P>
+<br><a name="SEC21" href="#TOC1">SUBROUTINE REFERENCES (POSSIBLY RECURSIVE)</a><br>
+<P>
+<pre>
+  (?R)            recurse whole pattern
+  (?n)            call subpattern by absolute number
+  (?+n)           call subpattern by relative number
+  (?-n)           call subpattern by relative number
+  (?&name)        call subpattern by name (Perl)
+  (?P&#62;name)       call subpattern by name (Python)
+  \g&#60;name&#62;        call subpattern by name (Oniguruma)
+  \g'name'        call subpattern by name (Oniguruma)
+  \g&#60;n&#62;           call subpattern by absolute number (Oniguruma)
+  \g'n'           call subpattern by absolute number (Oniguruma)
+  \g&#60;+n&#62;          call subpattern by relative number (PCRE extension)
+  \g'+n'          call subpattern by relative number (PCRE extension)
+  \g&#60;-n&#62;          call subpattern by relative number (PCRE extension)
+  \g'-n'          call subpattern by relative number (PCRE extension)
+</PRE>
+</P>
+<br><a name="SEC22" href="#TOC1">CONDITIONAL PATTERNS</a><br>
+<P>
+<pre>
+  (?(condition)yes-pattern)
+  (?(condition)yes-pattern|no-pattern)
+
+  (?(n)...        absolute reference condition
+  (?(+n)...       relative reference condition
+  (?(-n)...       relative reference condition
+  (?(&#60;name&#62;)...   named reference condition (Perl)
+  (?('name')...   named reference condition (Perl)
+  (?(name)...     named reference condition (PCRE)
+  (?(R)...        overall recursion condition
+  (?(Rn)...       specific group recursion condition
+  (?(R&name)...   specific recursion condition
+  (?(DEFINE)...   define subpattern for reference
+  (?(assert)...   assertion condition
+</PRE>
+</P>
+<br><a name="SEC23" href="#TOC1">BACKTRACKING CONTROL</a><br>
+<P>
+The following act immediately they are reached:
+<pre>
+  (*ACCEPT)       force successful match
+  (*FAIL)         force backtrack; synonym (*F)
+  (*MARK:NAME)    set name to be passed back; synonym (*:NAME)
+</pre>
+The following act only when a subsequent match failure causes a backtrack to
+reach them. They all force a match failure, but they differ in what happens
+afterwards. Those that advance the start-of-match point do so only if the
+pattern is not anchored.
+<pre>
+  (*COMMIT)       overall failure, no advance of starting point
+  (*PRUNE)        advance to next starting character
+  (*PRUNE:NAME)   equivalent to (*MARK:NAME)(*PRUNE)
+  (*SKIP)         advance to current matching position
+  (*SKIP:NAME)    advance to position corresponding to an earlier
+                  (*MARK:NAME); if not found, the (*SKIP) is ignored
+  (*THEN)         local failure, backtrack to next alternation
+  (*THEN:NAME)    equivalent to (*MARK:NAME)(*THEN)
+</PRE>
+</P>
+<br><a name="SEC24" href="#TOC1">CALLOUTS</a><br>
+<P>
+<pre>
+  (?C)      callout
+  (?Cn)     callout with data n
+</PRE>
+</P>
+<br><a name="SEC25" href="#TOC1">SEE ALSO</a><br>
+<P>
+<b>pcrepattern</b>(3), <b>pcreapi</b>(3), <b>pcrecallout</b>(3),
+<b>pcrematching</b>(3), <b>pcre</b>(3).
+</P>
+<br><a name="SEC26" href="#TOC1">AUTHOR</a><br>
+<P>
+Philip Hazel
+<br>
+University Computing Service
+<br>
+Cambridge CB2 3QH, England.
+<br>
+</P>
+<br><a name="SEC27" href="#TOC1">REVISION</a><br>
+<P>
+Last updated: 08 January 2014
+<br>
+Copyright &copy; 1997-2014 University of Cambridge.
+<br>
+<p>
+Return to the <a href="index.html">PCRE index page</a>.
+</p>
diff --git a/client/3rd/ShadowSocks/ShadowSocks/pcre/armv7s/share/doc/pcre/html/pcretest.html b/client/3rd/ShadowSocks/ShadowSocks/pcre/armv7s/share/doc/pcre/html/pcretest.html
new file mode 100644
index 00000000..ba540d3c
--- /dev/null
+++ b/client/3rd/ShadowSocks/ShadowSocks/pcre/armv7s/share/doc/pcre/html/pcretest.html
@@ -0,0 +1,1163 @@
+<html>
+<head>
+<title>pcretest specification</title>
+</head>
+<body bgcolor="#FFFFFF" text="#00005A" link="#0066FF" alink="#3399FF" vlink="#2222BB">
+<h1>pcretest man page</h1>
+<p>
+Return to the <a href="index.html">PCRE index page</a>.
+</p>
+<p>
+This page is part of the PCRE HTML documentation. It was generated automatically
+from the original man page. If there is any nonsense in it, please consult the
+man page, in case the conversion went wrong.
+<br>
+<ul>
+<li><a name="TOC1" href="#SEC1">SYNOPSIS</a>
+<li><a name="TOC2" href="#SEC2">INPUT DATA FORMAT</a>
+<li><a name="TOC3" href="#SEC3">PCRE's 8-BIT, 16-BIT AND 32-BIT LIBRARIES</a>
+<li><a name="TOC4" href="#SEC4">COMMAND LINE OPTIONS</a>
+<li><a name="TOC5" href="#SEC5">DESCRIPTION</a>
+<li><a name="TOC6" href="#SEC6">PATTERN MODIFIERS</a>
+<li><a name="TOC7" href="#SEC7">DATA LINES</a>
+<li><a name="TOC8" href="#SEC8">THE ALTERNATIVE MATCHING FUNCTION</a>
+<li><a name="TOC9" href="#SEC9">DEFAULT OUTPUT FROM PCRETEST</a>
+<li><a name="TOC10" href="#SEC10">OUTPUT FROM THE ALTERNATIVE MATCHING FUNCTION</a>
+<li><a name="TOC11" href="#SEC11">RESTARTING AFTER A PARTIAL MATCH</a>
+<li><a name="TOC12" href="#SEC12">CALLOUTS</a>
+<li><a name="TOC13" href="#SEC13">NON-PRINTING CHARACTERS</a>
+<li><a name="TOC14" href="#SEC14">SAVING AND RELOADING COMPILED PATTERNS</a>
+<li><a name="TOC15" href="#SEC15">SEE ALSO</a>
+<li><a name="TOC16" href="#SEC16">AUTHOR</a>
+<li><a name="TOC17" href="#SEC17">REVISION</a>
+</ul>
+<br><a name="SEC1" href="#TOC1">SYNOPSIS</a><br>
+<P>
+<b>pcretest [options] [input file [output file]]</b>
+<br>
+<br>
+<b>pcretest</b> was written as a test program for the PCRE regular expression
+library itself, but it can also be used for experimenting with regular
+expressions. This document describes the features of the test program; for
+details of the regular expressions themselves, see the
+<a href="pcrepattern.html"><b>pcrepattern</b></a>
+documentation. For details of the PCRE library function calls and their
+options, see the
+<a href="pcreapi.html"><b>pcreapi</b></a>
+,
+<a href="pcre16.html"><b>pcre16</b></a>
+and
+<a href="pcre32.html"><b>pcre32</b></a>
+documentation.
+</P>
+<P>
+The input for <b>pcretest</b> is a sequence of regular expression patterns and
+strings to be matched, as described below. The output shows the result of each
+match. Options on the command line and the patterns control PCRE options and
+exactly what is output.
+</P>
+<P>
+As PCRE has evolved, it has acquired many different features, and as a result,
+<b>pcretest</b> now has rather a lot of obscure options for testing every
+possible feature. Some of these options are specifically designed for use in
+conjunction with the test script and data files that are distributed as part of
+PCRE, and are unlikely to be of use otherwise. They are all documented here,
+but without much justification.
+</P>
+<br><a name="SEC2" href="#TOC1">INPUT DATA FORMAT</a><br>
+<P>
+Input to <b>pcretest</b> is processed line by line, either by calling the C
+library's <b>fgets()</b> function, or via the <b>libreadline</b> library (see
+below). In Unix-like environments, <b>fgets()</b> treats any bytes other than
+newline as data characters. However, in some Windows environments character 26
+(hex 1A) causes an immediate end of file, and no further data is read. For
+maximum portability, therefore, it is safest to use only ASCII characters in
+<b>pcretest</b> input files.
+</P>
+<P>
+The input is processed using using C's string functions, so must not
+contain binary zeroes, even though in Unix-like environments, <b>fgets()</b>
+treats any bytes other than newline as data characters.
+</P>
+<br><a name="SEC3" href="#TOC1">PCRE's 8-BIT, 16-BIT AND 32-BIT LIBRARIES</a><br>
+<P>
+From release 8.30, two separate PCRE libraries can be built. The original one
+supports 8-bit character strings, whereas the newer 16-bit library supports
+character strings encoded in 16-bit units. From release 8.32, a third library
+can be built, supporting character strings encoded in 32-bit units. The
+<b>pcretest</b> program can be used to test all three libraries. However, it is
+itself still an 8-bit program, reading 8-bit input and writing 8-bit output.
+When testing the 16-bit or 32-bit library, the patterns and data strings are
+converted to 16- or 32-bit format before being passed to the PCRE library
+functions. Results are converted to 8-bit for output.
+</P>
+<P>
+References to functions and structures of the form <b>pcre[16|32]_xx</b> below
+mean "<b>pcre_xx</b> when using the 8-bit library, <b>pcre16_xx</b> when using
+the 16-bit library, or <b>pcre32_xx</b> when using the 32-bit library".
+</P>
+<br><a name="SEC4" href="#TOC1">COMMAND LINE OPTIONS</a><br>
+<P>
+<b>-8</b>
+If both the 8-bit library has been built, this option causes the 8-bit library
+to be used (which is the default); if the 8-bit library has not been built,
+this option causes an error.
+</P>
+<P>
+<b>-16</b>
+If both the 8-bit or the 32-bit, and the 16-bit libraries have been built, this
+option causes the 16-bit library to be used. If only the 16-bit library has been
+built, this is the default (so has no effect). If only the 8-bit or the 32-bit
+library has been built, this option causes an error.
+</P>
+<P>
+<b>-32</b>
+If both the 8-bit or the 16-bit, and the 32-bit libraries have been built, this
+option causes the 32-bit library to be used. If only the 32-bit library has been
+built, this is the default (so has no effect). If only the 8-bit or the 16-bit
+library has been built, this option causes an error.
+</P>
+<P>
+<b>-b</b>
+Behave as if each pattern has the <b>/B</b> (show byte code) modifier; the
+internal form is output after compilation.
+</P>
+<P>
+<b>-C</b>
+Output the version number of the PCRE library, and all available information
+about the optional features that are included, and then exit with zero exit
+code. All other options are ignored.
+</P>
+<P>
+<b>-C</b> <i>option</i>
+Output information about a specific build-time option, then exit. This
+functionality is intended for use in scripts such as <b>RunTest</b>. The
+following options output the value and set the exit code as indicated:
+<pre>
+  ebcdic-nl  the code for LF (= NL) in an EBCDIC environment:
+               0x15 or 0x25
+               0 if used in an ASCII environment
+               exit code is always 0
+  linksize   the configured internal link size (2, 3, or 4)
+               exit code is set to the link size
+  newline    the default newline setting:
+               CR, LF, CRLF, ANYCRLF, or ANY
+               exit code is always 0
+  bsr        the default setting for what \R matches:
+               ANYCRLF or ANY
+               exit code is always 0
+</pre>
+The following options output 1 for true or 0 for false, and set the exit code
+to the same value:
+<pre>
+  ebcdic     compiled for an EBCDIC environment
+  jit        just-in-time support is available
+  pcre16     the 16-bit library was built
+  pcre32     the 32-bit library was built
+  pcre8      the 8-bit library was built
+  ucp        Unicode property support is available
+  utf        UTF-8 and/or UTF-16 and/or UTF-32 support
+               is available
+</pre>
+If an unknown option is given, an error message is output; the exit code is 0.
+</P>
+<P>
+<b>-d</b>
+Behave as if each pattern has the <b>/D</b> (debug) modifier; the internal
+form and information about the compiled pattern is output after compilation;
+<b>-d</b> is equivalent to <b>-b -i</b>.
+</P>
+<P>
+<b>-dfa</b>
+Behave as if each data line contains the \D escape sequence; this causes the
+alternative matching function, <b>pcre[16|32]_dfa_exec()</b>, to be used instead
+of the standard <b>pcre[16|32]_exec()</b> function (more detail is given below).
+</P>
+<P>
+<b>-help</b>
+Output a brief summary these options and then exit.
+</P>
+<P>
+<b>-i</b>
+Behave as if each pattern has the <b>/I</b> modifier; information about the
+compiled pattern is given after compilation.
+</P>
+<P>
+<b>-M</b>
+Behave as if each data line contains the \M escape sequence; this causes
+PCRE to discover the minimum MATCH_LIMIT and MATCH_LIMIT_RECURSION settings by
+calling <b>pcre[16|32]_exec()</b> repeatedly with different limits.
+</P>
+<P>
+<b>-m</b>
+Output the size of each compiled pattern after it has been compiled. This is
+equivalent to adding <b>/M</b> to each regular expression. The size is given in
+bytes for both libraries.
+</P>
+<P>
+<b>-O</b>
+Behave as if each pattern has the <b>/O</b> modifier, that is disable
+auto-possessification for all patterns.
+</P>
+<P>
+<b>-o</b> <i>osize</i>
+Set the number of elements in the output vector that is used when calling
+<b>pcre[16|32]_exec()</b> or <b>pcre[16|32]_dfa_exec()</b> to be <i>osize</i>. The
+default value is 45, which is enough for 14 capturing subexpressions for
+<b>pcre[16|32]_exec()</b> or 22 different matches for
+<b>pcre[16|32]_dfa_exec()</b>.
+The vector size can be changed for individual matching calls by including \O
+in the data line (see below).
+</P>
+<P>
+<b>-p</b>
+Behave as if each pattern has the <b>/P</b> modifier; the POSIX wrapper API is
+used to call PCRE. None of the other options has any effect when <b>-p</b> is
+set. This option can be used only with the 8-bit library.
+</P>
+<P>
+<b>-q</b>
+Do not output the version number of <b>pcretest</b> at the start of execution.
+</P>
+<P>
+<b>-S</b> <i>size</i>
+On Unix-like systems, set the size of the run-time stack to <i>size</i>
+megabytes.
+</P>
+<P>
+<b>-s</b> or <b>-s+</b>
+Behave as if each pattern has the <b>/S</b> modifier; in other words, force each
+pattern to be studied. If <b>-s+</b> is used, all the JIT compile options are
+passed to <b>pcre[16|32]_study()</b>, causing just-in-time optimization to be set
+up if it is available, for both full and partial matching. Specific JIT compile
+options can be selected by following <b>-s+</b> with a digit in the range 1 to
+7, which selects the JIT compile modes as follows:
+<pre>
+  1  normal match only
+  2  soft partial match only
+  3  normal match and soft partial match
+  4  hard partial match only
+  6  soft and hard partial match
+  7  all three modes (default)
+</pre>
+If <b>-s++</b> is used instead of <b>-s+</b> (with or without a following digit),
+the text "(JIT)" is added to the first output line after a match or no match
+when JIT-compiled code was actually used.
+<br>
+<br>
+Note that there are pattern options that can override <b>-s</b>, either
+specifying no studying at all, or suppressing JIT compilation.
+<br>
+<br>
+If the <b>/I</b> or <b>/D</b> option is present on a pattern (requesting output
+about the compiled pattern), information about the result of studying is not
+included when studying is caused only by <b>-s</b> and neither <b>-i</b> nor
+<b>-d</b> is present on the command line. This behaviour means that the output
+from tests that are run with and without <b>-s</b> should be identical, except
+when options that output information about the actual running of a match are
+set.
+<br>
+<br>
+The <b>-M</b>, <b>-t</b>, and <b>-tm</b> options, which give information about
+resources used, are likely to produce different output with and without
+<b>-s</b>. Output may also differ if the <b>/C</b> option is present on an
+individual pattern. This uses callouts to trace the the matching process, and
+this may be different between studied and non-studied patterns. If the pattern
+contains (*MARK) items there may also be differences, for the same reason. The
+<b>-s</b> command line option can be overridden for specific patterns that
+should never be studied (see the <b>/S</b> pattern modifier below).
+</P>
+<P>
+<b>-t</b>
+Run each compile, study, and match many times with a timer, and output the
+resulting times per compile, study, or match (in milliseconds). Do not set
+<b>-m</b> with <b>-t</b>, because you will then get the size output a zillion
+times, and the timing will be distorted. You can control the number of
+iterations that are used for timing by following <b>-t</b> with a number (as a
+separate item on the command line). For example, "-t 1000" iterates 1000 times.
+The default is to iterate 500000 times.
+</P>
+<P>
+<b>-tm</b>
+This is like <b>-t</b> except that it times only the matching phase, not the
+compile or study phases.
+</P>
+<P>
+<b>-T</b> <b>-TM</b>
+These behave like <b>-t</b> and <b>-tm</b>, but in addition, at the end of a run,
+the total times for all compiles, studies, and matches are output.
+</P>
+<br><a name="SEC5" href="#TOC1">DESCRIPTION</a><br>
+<P>
+If <b>pcretest</b> is given two filename arguments, it reads from the first and
+writes to the second. If it is given only one filename argument, it reads from
+that file and writes to stdout. Otherwise, it reads from stdin and writes to
+stdout, and prompts for each line of input, using "re&#62;" to prompt for regular
+expressions, and "data&#62;" to prompt for data lines.
+</P>
+<P>
+When <b>pcretest</b> is built, a configuration option can specify that it should
+be linked with the <b>libreadline</b> library. When this is done, if the input
+is from a terminal, it is read using the <b>readline()</b> function. This
+provides line-editing and history facilities. The output from the <b>-help</b>
+option states whether or not <b>readline()</b> will be used.
+</P>
+<P>
+The program handles any number of sets of input on a single input file. Each
+set starts with a regular expression, and continues with any number of data
+lines to be matched against that pattern.
+</P>
+<P>
+Each data line is matched separately and independently. If you want to do
+multi-line matches, you have to use the \n escape sequence (or \r or \r\n,
+etc., depending on the newline setting) in a single line of input to encode the
+newline sequences. There is no limit on the length of data lines; the input
+buffer is automatically extended if it is too small.
+</P>
+<P>
+An empty line signals the end of the data lines, at which point a new regular
+expression is read. The regular expressions are given enclosed in any
+non-alphanumeric delimiters other than backslash, for example:
+<pre>
+  /(a|bc)x+yz/
+</pre>
+White space before the initial delimiter is ignored. A regular expression may
+be continued over several input lines, in which case the newline characters are
+included within it. It is possible to include the delimiter within the pattern
+by escaping it, for example
+<pre>
+  /abc\/def/
+</pre>
+If you do so, the escape and the delimiter form part of the pattern, but since
+delimiters are always non-alphanumeric, this does not affect its interpretation.
+If the terminating delimiter is immediately followed by a backslash, for
+example,
+<pre>
+  /abc/\
+</pre>
+then a backslash is added to the end of the pattern. This is done to provide a
+way of testing the error condition that arises if a pattern finishes with a
+backslash, because
+<pre>
+  /abc\/
+</pre>
+is interpreted as the first line of a pattern that starts with "abc/", causing
+pcretest to read the next line as a continuation of the regular expression.
+</P>
+<br><a name="SEC6" href="#TOC1">PATTERN MODIFIERS</a><br>
+<P>
+A pattern may be followed by any number of modifiers, which are mostly single
+characters, though some of these can be qualified by further characters.
+Following Perl usage, these are referred to below as, for example, "the
+<b>/i</b> modifier", even though the delimiter of the pattern need not always be
+a slash, and no slash is used when writing modifiers. White space may appear
+between the final pattern delimiter and the first modifier, and between the
+modifiers themselves. For reference, here is a complete list of modifiers. They
+fall into several groups that are described in detail in the following
+sections.
+<pre>
+  <b>/8</b>              set UTF mode
+  <b>/9</b>              set PCRE_NEVER_UTF (locks out UTF mode)
+  <b>/?</b>              disable UTF validity check
+  <b>/+</b>              show remainder of subject after match
+  <b>/=</b>              show all captures (not just those that are set)
+
+  <b>/A</b>              set PCRE_ANCHORED
+  <b>/B</b>              show compiled code
+  <b>/C</b>              set PCRE_AUTO_CALLOUT
+  <b>/D</b>              same as <b>/B</b> plus <b>/I</b>
+  <b>/E</b>              set PCRE_DOLLAR_ENDONLY
+  <b>/F</b>              flip byte order in compiled pattern
+  <b>/f</b>              set PCRE_FIRSTLINE
+  <b>/G</b>              find all matches (shorten string)
+  <b>/g</b>              find all matches (use startoffset)
+  <b>/I</b>              show information about pattern
+  <b>/i</b>              set PCRE_CASELESS
+  <b>/J</b>              set PCRE_DUPNAMES
+  <b>/K</b>              show backtracking control names
+  <b>/L</b>              set locale
+  <b>/M</b>              show compiled memory size
+  <b>/m</b>              set PCRE_MULTILINE
+  <b>/N</b>              set PCRE_NO_AUTO_CAPTURE
+  <b>/O</b>              set PCRE_NO_AUTO_POSSESS
+  <b>/P</b>              use the POSIX wrapper
+  <b>/Q</b>              test external stack check function
+  <b>/S</b>              study the pattern after compilation
+  <b>/s</b>              set PCRE_DOTALL
+  <b>/T</b>              select character tables
+  <b>/U</b>              set PCRE_UNGREEDY
+  <b>/W</b>              set PCRE_UCP
+  <b>/X</b>              set PCRE_EXTRA
+  <b>/x</b>              set PCRE_EXTENDED
+  <b>/Y</b>              set PCRE_NO_START_OPTIMIZE
+  <b>/Z</b>              don't show lengths in <b>/B</b> output
+
+  <b>/&#60;any&#62;</b>          set PCRE_NEWLINE_ANY
+  <b>/&#60;anycrlf&#62;</b>      set PCRE_NEWLINE_ANYCRLF
+  <b>/&#60;cr&#62;</b>           set PCRE_NEWLINE_CR
+  <b>/&#60;crlf&#62;</b>         set PCRE_NEWLINE_CRLF
+  <b>/&#60;lf&#62;</b>           set PCRE_NEWLINE_LF
+  <b>/&#60;bsr_anycrlf&#62;</b>  set PCRE_BSR_ANYCRLF
+  <b>/&#60;bsr_unicode&#62;</b>  set PCRE_BSR_UNICODE
+  <b>/&#60;JS&#62;</b>           set PCRE_JAVASCRIPT_COMPAT
+
+</PRE>
+</P>
+<br><b>
+Perl-compatible modifiers
+</b><br>
+<P>
+The <b>/i</b>, <b>/m</b>, <b>/s</b>, and <b>/x</b> modifiers set the PCRE_CASELESS,
+PCRE_MULTILINE, PCRE_DOTALL, or PCRE_EXTENDED options, respectively, when
+<b>pcre[16|32]_compile()</b> is called. These four modifier letters have the same
+effect as they do in Perl. For example:
+<pre>
+  /caseless/i
+
+</PRE>
+</P>
+<br><b>
+Modifiers for other PCRE options
+</b><br>
+<P>
+The following table shows additional modifiers for setting PCRE compile-time
+options that do not correspond to anything in Perl:
+<pre>
+  <b>/8</b>              PCRE_UTF8           ) when using the 8-bit
+  <b>/?</b>              PCRE_NO_UTF8_CHECK  )   library
+
+  <b>/8</b>              PCRE_UTF16          ) when using the 16-bit
+  <b>/?</b>              PCRE_NO_UTF16_CHECK )   library
+
+  <b>/8</b>              PCRE_UTF32          ) when using the 32-bit
+  <b>/?</b>              PCRE_NO_UTF32_CHECK )   library
+
+  <b>/9</b>              PCRE_NEVER_UTF
+  <b>/A</b>              PCRE_ANCHORED
+  <b>/C</b>              PCRE_AUTO_CALLOUT
+  <b>/E</b>              PCRE_DOLLAR_ENDONLY
+  <b>/f</b>              PCRE_FIRSTLINE
+  <b>/J</b>              PCRE_DUPNAMES
+  <b>/N</b>              PCRE_NO_AUTO_CAPTURE
+  <b>/O</b>              PCRE_NO_AUTO_POSSESS
+  <b>/U</b>              PCRE_UNGREEDY
+  <b>/W</b>              PCRE_UCP
+  <b>/X</b>              PCRE_EXTRA
+  <b>/Y</b>              PCRE_NO_START_OPTIMIZE
+  <b>/&#60;any&#62;</b>          PCRE_NEWLINE_ANY
+  <b>/&#60;anycrlf&#62;</b>      PCRE_NEWLINE_ANYCRLF
+  <b>/&#60;cr&#62;</b>           PCRE_NEWLINE_CR
+  <b>/&#60;crlf&#62;</b>         PCRE_NEWLINE_CRLF
+  <b>/&#60;lf&#62;</b>           PCRE_NEWLINE_LF
+  <b>/&#60;bsr_anycrlf&#62;</b>  PCRE_BSR_ANYCRLF
+  <b>/&#60;bsr_unicode&#62;</b>  PCRE_BSR_UNICODE
+  <b>/&#60;JS&#62;</b>           PCRE_JAVASCRIPT_COMPAT
+</pre>
+The modifiers that are enclosed in angle brackets are literal strings as shown,
+including the angle brackets, but the letters within can be in either case.
+This example sets multiline matching with CRLF as the line ending sequence:
+<pre>
+  /^abc/m&#60;CRLF&#62;
+</pre>
+As well as turning on the PCRE_UTF8/16/32 option, the <b>/8</b> modifier causes
+all non-printing characters in output strings to be printed using the
+\x{hh...} notation. Otherwise, those less than 0x100 are output in hex without
+the curly brackets.
+</P>
+<P>
+Full details of the PCRE options are given in the
+<a href="pcreapi.html"><b>pcreapi</b></a>
+documentation.
+</P>
+<br><b>
+Finding all matches in a string
+</b><br>
+<P>
+Searching for all possible matches within each subject string can be requested
+by the <b>/g</b> or <b>/G</b> modifier. After finding a match, PCRE is called
+again to search the remainder of the subject string. The difference between
+<b>/g</b> and <b>/G</b> is that the former uses the <i>startoffset</i> argument to
+<b>pcre[16|32]_exec()</b> to start searching at a new point within the entire
+string (which is in effect what Perl does), whereas the latter passes over a
+shortened substring. This makes a difference to the matching process if the
+pattern begins with a lookbehind assertion (including \b or \B).
+</P>
+<P>
+If any call to <b>pcre[16|32]_exec()</b> in a <b>/g</b> or <b>/G</b> sequence matches
+an empty string, the next call is done with the PCRE_NOTEMPTY_ATSTART and
+PCRE_ANCHORED flags set in order to search for another, non-empty, match at the
+same point. If this second match fails, the start offset is advanced, and the
+normal match is retried. This imitates the way Perl handles such cases when
+using the <b>/g</b> modifier or the <b>split()</b> function. Normally, the start
+offset is advanced by one character, but if the newline convention recognizes
+CRLF as a newline, and the current character is CR followed by LF, an advance
+of two is used.
+</P>
+<br><b>
+Other modifiers
+</b><br>
+<P>
+There are yet more modifiers for controlling the way <b>pcretest</b>
+operates.
+</P>
+<P>
+The <b>/+</b> modifier requests that as well as outputting the substring that
+matched the entire pattern, <b>pcretest</b> should in addition output the
+remainder of the subject string. This is useful for tests where the subject
+contains multiple copies of the same substring. If the <b>+</b> modifier appears
+twice, the same action is taken for captured substrings. In each case the
+remainder is output on the following line with a plus character following the
+capture number. Note that this modifier must not immediately follow the /S
+modifier because /S+ and /S++ have other meanings.
+</P>
+<P>
+The <b>/=</b> modifier requests that the values of all potential captured
+parentheses be output after a match. By default, only those up to the highest
+one actually used in the match are output (corresponding to the return code
+from <b>pcre[16|32]_exec()</b>). Values in the offsets vector corresponding to
+higher numbers should be set to -1, and these are output as "&#60;unset&#62;". This
+modifier gives a way of checking that this is happening.
+</P>
+<P>
+The <b>/B</b> modifier is a debugging feature. It requests that <b>pcretest</b>
+output a representation of the compiled code after compilation. Normally this
+information contains length and offset values; however, if <b>/Z</b> is also
+present, this data is replaced by spaces. This is a special feature for use in
+the automatic test scripts; it ensures that the same output is generated for
+different internal link sizes.
+</P>
+<P>
+The <b>/D</b> modifier is a PCRE debugging feature, and is equivalent to
+<b>/BI</b>, that is, both the <b>/B</b> and the <b>/I</b> modifiers.
+</P>
+<P>
+The <b>/F</b> modifier causes <b>pcretest</b> to flip the byte order of the
+2-byte and 4-byte fields in the compiled pattern. This facility is for testing
+the feature in PCRE that allows it to execute patterns that were compiled on a
+host with a different endianness. This feature is not available when the POSIX
+interface to PCRE is being used, that is, when the <b>/P</b> pattern modifier is
+specified. See also the section about saving and reloading compiled patterns
+below.
+</P>
+<P>
+The <b>/I</b> modifier requests that <b>pcretest</b> output information about the
+compiled pattern (whether it is anchored, has a fixed first character, and
+so on). It does this by calling <b>pcre[16|32]_fullinfo()</b> after compiling a
+pattern. If the pattern is studied, the results of that are also output. In
+this output, the word "char" means a non-UTF character, that is, the value of a
+single data item (8-bit, 16-bit, or 32-bit, depending on the library that is
+being tested).
+</P>
+<P>
+The <b>/K</b> modifier requests <b>pcretest</b> to show names from backtracking
+control verbs that are returned from calls to <b>pcre[16|32]_exec()</b>. It causes
+<b>pcretest</b> to create a <b>pcre[16|32]_extra</b> block if one has not already
+been created by a call to <b>pcre[16|32]_study()</b>, and to set the
+PCRE_EXTRA_MARK flag and the <b>mark</b> field within it, every time that
+<b>pcre[16|32]_exec()</b> is called. If the variable that the <b>mark</b> field
+points to is non-NULL for a match, non-match, or partial match, <b>pcretest</b>
+prints the string to which it points. For a match, this is shown on a line by
+itself, tagged with "MK:". For a non-match it is added to the message.
+</P>
+<P>
+The <b>/L</b> modifier must be followed directly by the name of a locale, for
+example,
+<pre>
+  /pattern/Lfr_FR
+</pre>
+For this reason, it must be the last modifier. The given locale is set,
+<b>pcre[16|32]_maketables()</b> is called to build a set of character tables for
+the locale, and this is then passed to <b>pcre[16|32]_compile()</b> when compiling
+the regular expression. Without an <b>/L</b> (or <b>/T</b>) modifier, NULL is
+passed as the tables pointer; that is, <b>/L</b> applies only to the expression
+on which it appears.
+</P>
+<P>
+The <b>/M</b> modifier causes the size in bytes of the memory block used to hold
+the compiled pattern to be output. This does not include the size of the
+<b>pcre[16|32]</b> block; it is just the actual compiled data. If the pattern is
+successfully studied with the PCRE_STUDY_JIT_COMPILE option, the size of the
+JIT compiled code is also output.
+</P>
+<P>
+The <b>/Q</b> modifier is used to test the use of <b>pcre_stack_guard</b>. It
+must be followed by '0' or '1', specifying the return code to be given from an
+external function that is passed to PCRE and used for stack checking during
+compilation (see the
+<a href="pcreapi.html"><b>pcreapi</b></a>
+documentation for details).
+</P>
+<P>
+The <b>/S</b> modifier causes <b>pcre[16|32]_study()</b> to be called after the
+expression has been compiled, and the results used when the expression is
+matched. There are a number of qualifying characters that may follow <b>/S</b>.
+They may appear in any order.
+</P>
+<P>
+If <b>/S</b> is followed by an exclamation mark, <b>pcre[16|32]_study()</b> is
+called with the PCRE_STUDY_EXTRA_NEEDED option, causing it always to return a
+<b>pcre_extra</b> block, even when studying discovers no useful information.
+</P>
+<P>
+If <b>/S</b> is followed by a second S character, it suppresses studying, even
+if it was requested externally by the <b>-s</b> command line option. This makes
+it possible to specify that certain patterns are always studied, and others are
+never studied, independently of <b>-s</b>. This feature is used in the test
+files in a few cases where the output is different when the pattern is studied.
+</P>
+<P>
+If the <b>/S</b> modifier is followed by a + character, the call to
+<b>pcre[16|32]_study()</b> is made with all the JIT study options, requesting
+just-in-time optimization support if it is available, for both normal and
+partial matching. If you want to restrict the JIT compiling modes, you can
+follow <b>/S+</b> with a digit in the range 1 to 7:
+<pre>
+  1  normal match only
+  2  soft partial match only
+  3  normal match and soft partial match
+  4  hard partial match only
+  6  soft and hard partial match
+  7  all three modes (default)
+</pre>
+If <b>/S++</b> is used instead of <b>/S+</b> (with or without a following digit),
+the text "(JIT)" is added to the first output line after a match or no match
+when JIT-compiled code was actually used.
+</P>
+<P>
+Note that there is also an independent <b>/+</b> modifier; it must not be given
+immediately after <b>/S</b> or <b>/S+</b> because this will be misinterpreted.
+</P>
+<P>
+If JIT studying is successful, the compiled JIT code will automatically be used
+when <b>pcre[16|32]_exec()</b> is run, except when incompatible run-time options
+are specified. For more details, see the
+<a href="pcrejit.html"><b>pcrejit</b></a>
+documentation. See also the <b>\J</b> escape sequence below for a way of
+setting the size of the JIT stack.
+</P>
+<P>
+Finally, if <b>/S</b> is followed by a minus character, JIT compilation is
+suppressed, even if it was requested externally by the <b>-s</b> command line
+option. This makes it possible to specify that JIT is never to be used for
+certain patterns.
+</P>
+<P>
+The <b>/T</b> modifier must be followed by a single digit. It causes a specific
+set of built-in character tables to be passed to <b>pcre[16|32]_compile()</b>. It
+is used in the standard PCRE tests to check behaviour with different character
+tables. The digit specifies the tables as follows:
+<pre>
+  0   the default ASCII tables, as distributed in
+        pcre_chartables.c.dist
+  1   a set of tables defining ISO 8859 characters
+</pre>
+In table 1, some characters whose codes are greater than 128 are identified as
+letters, digits, spaces, etc.
+</P>
+<br><b>
+Using the POSIX wrapper API
+</b><br>
+<P>
+The <b>/P</b> modifier causes <b>pcretest</b> to call PCRE via the POSIX wrapper
+API rather than its native API. This supports only the 8-bit library. When
+<b>/P</b> is set, the following modifiers set options for the <b>regcomp()</b>
+function:
+<pre>
+  /i    REG_ICASE
+  /m    REG_NEWLINE
+  /N    REG_NOSUB
+  /s    REG_DOTALL     )
+  /U    REG_UNGREEDY   ) These options are not part of
+  /W    REG_UCP        )   the POSIX standard
+  /8    REG_UTF8       )
+</pre>
+The <b>/+</b> modifier works as described above. All other modifiers are
+ignored.
+</P>
+<br><b>
+Locking out certain modifiers
+</b><br>
+<P>
+PCRE can be compiled with or without support for certain features such as
+UTF-8/16/32 or Unicode properties. Accordingly, the standard tests are split up
+into a number of different files that are selected for running depending on
+which features are available. When updating the tests, it is all too easy to
+put a new test into the wrong file by mistake; for example, to put a test that
+requires UTF support into a file that is used when it is not available. To help
+detect such mistakes as early as possible, there is a facility for locking out
+specific modifiers. If an input line for <b>pcretest</b> starts with the string
+"&#60; forbid " the following sequence of characters is taken as a list of
+forbidden modifiers. For example, in the test files that must not use UTF or
+Unicode property support, this line appears:
+<pre>
+  &#60; forbid 8W
+</pre>
+This locks out the /8 and /W modifiers. An immediate error is given if they are
+subsequently encountered. If the character string contains &#60; but not &#62;, all the
+multi-character modifiers that begin with &#60; are locked out. Otherwise, such
+modifiers must be explicitly listed, for example:
+<pre>
+  &#60; forbid &#60;JS&#62;&#60;cr&#62;
+</pre>
+There must be a single space between &#60; and "forbid" for this feature to be
+recognised. If there is not, the line is interpreted either as a request to
+re-load a pre-compiled pattern (see "SAVING AND RELOADING COMPILED PATTERNS"
+below) or, if there is a another &#60; character, as a pattern that uses &#60; as its
+delimiter.
+</P>
+<br><a name="SEC7" href="#TOC1">DATA LINES</a><br>
+<P>
+Before each data line is passed to <b>pcre[16|32]_exec()</b>, leading and trailing
+white space is removed, and it is then scanned for \ escapes. Some of these
+are pretty esoteric features, intended for checking out some of the more
+complicated features of PCRE. If you are just testing "ordinary" regular
+expressions, you probably don't need any of these. The following escapes are
+recognized:
+<pre>
+  \a         alarm (BEL, \x07)
+  \b         backspace (\x08)
+  \e         escape (\x27)
+  \f         form feed (\x0c)
+  \n         newline (\x0a)
+  \qdd       set the PCRE_MATCH_LIMIT limit to dd (any number of digits)
+  \r         carriage return (\x0d)
+  \t         tab (\x09)
+  \v         vertical tab (\x0b)
+  \nnn       octal character (up to 3 octal digits); always
+               a byte unless &#62; 255 in UTF-8 or 16-bit or 32-bit mode
+  \o{dd...}  octal character (any number of octal digits}
+  \xhh       hexadecimal byte (up to 2 hex digits)
+  \x{hh...}  hexadecimal character (any number of hex digits)
+  \A         pass the PCRE_ANCHORED option to <b>pcre[16|32]_exec()</b> or <b>pcre[16|32]_dfa_exec()</b>
+  \B         pass the PCRE_NOTBOL option to <b>pcre[16|32]_exec()</b> or <b>pcre[16|32]_dfa_exec()</b>
+  \Cdd       call pcre[16|32]_copy_substring() for substring dd after a successful match (number less than 32)
+  \Cname     call pcre[16|32]_copy_named_substring() for substring "name" after a successful match (name termin-
+               ated by next non alphanumeric character)
+  \C+        show the current captured substrings at callout time
+  \C-        do not supply a callout function
+  \C!n       return 1 instead of 0 when callout number n is reached
+  \C!n!m     return 1 instead of 0 when callout number n is reached for the nth time
+  \C*n       pass the number n (may be negative) as callout data; this is used as the callout return value
+  \D         use the <b>pcre[16|32]_dfa_exec()</b> match function
+  \F         only shortest match for <b>pcre[16|32]_dfa_exec()</b>
+  \Gdd       call pcre[16|32]_get_substring() for substring dd after a successful match (number less than 32)
+  \Gname     call pcre[16|32]_get_named_substring() for substring "name" after a successful match (name termin-
+               ated by next non-alphanumeric character)
+  \Jdd       set up a JIT stack of dd kilobytes maximum (any number of digits)
+  \L         call pcre[16|32]_get_substringlist() after a successful match
+  \M         discover the minimum MATCH_LIMIT and MATCH_LIMIT_RECURSION settings
+  \N         pass the PCRE_NOTEMPTY option to <b>pcre[16|32]_exec()</b> or <b>pcre[16|32]_dfa_exec()</b>; if used twice, pass the
+               PCRE_NOTEMPTY_ATSTART option
+  \Odd       set the size of the output vector passed to <b>pcre[16|32]_exec()</b> to dd (any number of digits)
+  \P         pass the PCRE_PARTIAL_SOFT option to <b>pcre[16|32]_exec()</b> or <b>pcre[16|32]_dfa_exec()</b>; if used twice, pass the
+               PCRE_PARTIAL_HARD option
+  \Qdd       set the PCRE_MATCH_LIMIT_RECURSION limit to dd (any number of digits)
+  \R         pass the PCRE_DFA_RESTART option to <b>pcre[16|32]_dfa_exec()</b>
+  \S         output details of memory get/free calls during matching
+  \Y         pass the PCRE_NO_START_OPTIMIZE option to <b>pcre[16|32]_exec()</b> or <b>pcre[16|32]_dfa_exec()</b>
+  \Z         pass the PCRE_NOTEOL option to <b>pcre[16|32]_exec()</b> or <b>pcre[16|32]_dfa_exec()</b>
+  \?         pass the PCRE_NO_UTF[8|16|32]_CHECK option to <b>pcre[16|32]_exec()</b> or <b>pcre[16|32]_dfa_exec()</b>
+  \&#62;dd       start the match at offset dd (optional "-"; then any number of digits); this sets the <i>startoffset</i>
+               argument for <b>pcre[16|32]_exec()</b> or <b>pcre[16|32]_dfa_exec()</b>
+  \&#60;cr&#62;      pass the PCRE_NEWLINE_CR option to <b>pcre[16|32]_exec()</b> or <b>pcre[16|32]_dfa_exec()</b>
+  \&#60;lf&#62;      pass the PCRE_NEWLINE_LF option to <b>pcre[16|32]_exec()</b> or <b>pcre[16|32]_dfa_exec()</b>
+  \&#60;crlf&#62;    pass the PCRE_NEWLINE_CRLF option to <b>pcre[16|32]_exec()</b> or <b>pcre[16|32]_dfa_exec()</b>
+  \&#60;anycrlf&#62; pass the PCRE_NEWLINE_ANYCRLF option to <b>pcre[16|32]_exec()</b> or <b>pcre[16|32]_dfa_exec()</b>
+  \&#60;any&#62;     pass the PCRE_NEWLINE_ANY option to <b>pcre[16|32]_exec()</b> or <b>pcre[16|32]_dfa_exec()</b>
+</pre>
+The use of \x{hh...} is not dependent on the use of the <b>/8</b> modifier on
+the pattern. It is recognized always. There may be any number of hexadecimal
+digits inside the braces; invalid values provoke error messages.
+</P>
+<P>
+Note that \xhh specifies one byte rather than one character in UTF-8 mode;
+this makes it possible to construct invalid UTF-8 sequences for testing
+purposes. On the other hand, \x{hh} is interpreted as a UTF-8 character in
+UTF-8 mode, generating more than one byte if the value is greater than 127.
+When testing the 8-bit library not in UTF-8 mode, \x{hh} generates one byte
+for values less than 256, and causes an error for greater values.
+</P>
+<P>
+In UTF-16 mode, all 4-digit \x{hhhh} values are accepted. This makes it
+possible to construct invalid UTF-16 sequences for testing purposes.
+</P>
+<P>
+In UTF-32 mode, all 4- to 8-digit \x{...} values are accepted. This makes it
+possible to construct invalid UTF-32 sequences for testing purposes.
+</P>
+<P>
+The escapes that specify line ending sequences are literal strings, exactly as
+shown. No more than one newline setting should be present in any data line.
+</P>
+<P>
+A backslash followed by anything else just escapes the anything else. If
+the very last character is a backslash, it is ignored. This gives a way of
+passing an empty line as data, since a real empty line terminates the data
+input.
+</P>
+<P>
+The <b>\J</b> escape provides a way of setting the maximum stack size that is
+used by the just-in-time optimization code. It is ignored if JIT optimization
+is not being used. Providing a stack that is larger than the default 32K is
+necessary only for very complicated patterns.
+</P>
+<P>
+If \M is present, <b>pcretest</b> calls <b>pcre[16|32]_exec()</b> several times,
+with different values in the <i>match_limit</i> and <i>match_limit_recursion</i>
+fields of the <b>pcre[16|32]_extra</b> data structure, until it finds the minimum
+numbers for each parameter that allow <b>pcre[16|32]_exec()</b> to complete without
+error. Because this is testing a specific feature of the normal interpretive
+<b>pcre[16|32]_exec()</b> execution, the use of any JIT optimization that might
+have been set up by the <b>/S+</b> qualifier of <b>-s+</b> option is disabled.
+</P>
+<P>
+The <i>match_limit</i> number is a measure of the amount of backtracking
+that takes place, and checking it out can be instructive. For most simple
+matches, the number is quite small, but for patterns with very large numbers of
+matching possibilities, it can become large very quickly with increasing length
+of subject string. The <i>match_limit_recursion</i> number is a measure of how
+much stack (or, if PCRE is compiled with NO_RECURSE, how much heap) memory is
+needed to complete the match attempt.
+</P>
+<P>
+When \O is used, the value specified may be higher or lower than the size set
+by the <b>-O</b> command line option (or defaulted to 45); \O applies only to
+the call of <b>pcre[16|32]_exec()</b> for the line in which it appears.
+</P>
+<P>
+If the <b>/P</b> modifier was present on the pattern, causing the POSIX wrapper
+API to be used, the only option-setting sequences that have any effect are \B,
+\N, and \Z, causing REG_NOTBOL, REG_NOTEMPTY, and REG_NOTEOL, respectively,
+to be passed to <b>regexec()</b>.
+</P>
+<br><a name="SEC8" href="#TOC1">THE ALTERNATIVE MATCHING FUNCTION</a><br>
+<P>
+By default, <b>pcretest</b> uses the standard PCRE matching function,
+<b>pcre[16|32]_exec()</b> to match each data line. PCRE also supports an
+alternative matching function, <b>pcre[16|32]_dfa_test()</b>, which operates in a
+different way, and has some restrictions. The differences between the two
+functions are described in the
+<a href="pcrematching.html"><b>pcrematching</b></a>
+documentation.
+</P>
+<P>
+If a data line contains the \D escape sequence, or if the command line
+contains the <b>-dfa</b> option, the alternative matching function is used.
+This function finds all possible matches at a given point. If, however, the \F
+escape sequence is present in the data line, it stops after the first match is
+found. This is always the shortest possible match.
+</P>
+<br><a name="SEC9" href="#TOC1">DEFAULT OUTPUT FROM PCRETEST</a><br>
+<P>
+This section describes the output when the normal matching function,
+<b>pcre[16|32]_exec()</b>, is being used.
+</P>
+<P>
+When a match succeeds, <b>pcretest</b> outputs the list of captured substrings
+that <b>pcre[16|32]_exec()</b> returns, starting with number 0 for the string that
+matched the whole pattern. Otherwise, it outputs "No match" when the return is
+PCRE_ERROR_NOMATCH, and "Partial match:" followed by the partially matching
+substring when <b>pcre[16|32]_exec()</b> returns PCRE_ERROR_PARTIAL. (Note that
+this is the entire substring that was inspected during the partial match; it
+may include characters before the actual match start if a lookbehind assertion,
+\K, \b, or \B was involved.) For any other return, <b>pcretest</b> outputs
+the PCRE negative error number and a short descriptive phrase. If the error is
+a failed UTF string check, the offset of the start of the failing character and
+the reason code are also output, provided that the size of the output vector is
+at least two. Here is an example of an interactive <b>pcretest</b> run.
+<pre>
+  $ pcretest
+  PCRE version 8.13 2011-04-30
+
+    re&#62; /^abc(\d+)/
+  data&#62; abc123
+   0: abc123
+   1: 123
+  data&#62; xyz
+  No match
+</pre>
+Unset capturing substrings that are not followed by one that is set are not
+returned by <b>pcre[16|32]_exec()</b>, and are not shown by <b>pcretest</b>. In the
+following example, there are two capturing substrings, but when the first data
+line is matched, the second, unset substring is not shown. An "internal" unset
+substring is shown as "&#60;unset&#62;", as for the second data line.
+<pre>
+    re&#62; /(a)|(b)/
+  data&#62; a
+   0: a
+   1: a
+  data&#62; b
+   0: b
+   1: &#60;unset&#62;
+   2: b
+</pre>
+If the strings contain any non-printing characters, they are output as \xhh
+escapes if the value is less than 256 and UTF mode is not set. Otherwise they
+are output as \x{hh...} escapes. See below for the definition of non-printing
+characters. If the pattern has the <b>/+</b> modifier, the output for substring
+0 is followed by the the rest of the subject string, identified by "0+" like
+this:
+<pre>
+    re&#62; /cat/+
+  data&#62; cataract
+   0: cat
+   0+ aract
+</pre>
+If the pattern has the <b>/g</b> or <b>/G</b> modifier, the results of successive
+matching attempts are output in sequence, like this:
+<pre>
+    re&#62; /\Bi(\w\w)/g
+  data&#62; Mississippi
+   0: iss
+   1: ss
+   0: iss
+   1: ss
+   0: ipp
+   1: pp
+</pre>
+"No match" is output only if the first match attempt fails. Here is an example
+of a failure message (the offset 4 that is specified by \&#62;4 is past the end of
+the subject string):
+<pre>
+    re&#62; /xyz/
+  data&#62; xyz\&#62;4
+  Error -24 (bad offset value)
+</PRE>
+</P>
+<P>
+If any of the sequences <b>\C</b>, <b>\G</b>, or <b>\L</b> are present in a
+data line that is successfully matched, the substrings extracted by the
+convenience functions are output with C, G, or L after the string number
+instead of a colon. This is in addition to the normal full list. The string
+length (that is, the return from the extraction function) is given in
+parentheses after each string for <b>\C</b> and <b>\G</b>.
+</P>
+<P>
+Note that whereas patterns can be continued over several lines (a plain "&#62;"
+prompt is used for continuations), data lines may not. However newlines can be
+included in data by means of the \n escape (or \r, \r\n, etc., depending on
+the newline sequence setting).
+</P>
+<br><a name="SEC10" href="#TOC1">OUTPUT FROM THE ALTERNATIVE MATCHING FUNCTION</a><br>
+<P>
+When the alternative matching function, <b>pcre[16|32]_dfa_exec()</b>, is used (by
+means of the \D escape sequence or the <b>-dfa</b> command line option), the
+output consists of a list of all the matches that start at the first point in
+the subject where there is at least one match. For example:
+<pre>
+    re&#62; /(tang|tangerine|tan)/
+  data&#62; yellow tangerine\D
+   0: tangerine
+   1: tang
+   2: tan
+</pre>
+(Using the normal matching function on this data finds only "tang".) The
+longest matching string is always given first (and numbered zero). After a
+PCRE_ERROR_PARTIAL return, the output is "Partial match:", followed by the
+partially matching substring. (Note that this is the entire substring that was
+inspected during the partial match; it may include characters before the actual
+match start if a lookbehind assertion, \K, \b, or \B was involved.)
+</P>
+<P>
+If <b>/g</b> is present on the pattern, the search for further matches resumes
+at the end of the longest match. For example:
+<pre>
+    re&#62; /(tang|tangerine|tan)/g
+  data&#62; yellow tangerine and tangy sultana\D
+   0: tangerine
+   1: tang
+   2: tan
+   0: tang
+   1: tan
+   0: tan
+</pre>
+Since the matching function does not support substring capture, the escape
+sequences that are concerned with captured substrings are not relevant.
+</P>
+<br><a name="SEC11" href="#TOC1">RESTARTING AFTER A PARTIAL MATCH</a><br>
+<P>
+When the alternative matching function has given the PCRE_ERROR_PARTIAL return,
+indicating that the subject partially matched the pattern, you can restart the
+match with additional subject data by means of the \R escape sequence. For
+example:
+<pre>
+    re&#62; /^\d?\d(jan|feb|mar|apr|may|jun|jul|aug|sep|oct|nov|dec)\d\d$/
+  data&#62; 23ja\P\D
+  Partial match: 23ja
+  data&#62; n05\R\D
+   0: n05
+</pre>
+For further information about partial matching, see the
+<a href="pcrepartial.html"><b>pcrepartial</b></a>
+documentation.
+</P>
+<br><a name="SEC12" href="#TOC1">CALLOUTS</a><br>
+<P>
+If the pattern contains any callout requests, <b>pcretest</b>'s callout function
+is called during matching. This works with both matching functions. By default,
+the called function displays the callout number, the start and current
+positions in the text at the callout time, and the next pattern item to be
+tested. For example:
+<pre>
+  ---&#62;pqrabcdef
+    0    ^  ^     \d
+</pre>
+This output indicates that callout number 0 occurred for a match attempt
+starting at the fourth character of the subject string, when the pointer was at
+the seventh character of the data, and when the next pattern item was \d. Just
+one circumflex is output if the start and current positions are the same.
+</P>
+<P>
+Callouts numbered 255 are assumed to be automatic callouts, inserted as a
+result of the <b>/C</b> pattern modifier. In this case, instead of showing the
+callout number, the offset in the pattern, preceded by a plus, is output. For
+example:
+<pre>
+    re&#62; /\d?[A-E]\*/C
+  data&#62; E*
+  ---&#62;E*
+   +0 ^      \d?
+   +3 ^      [A-E]
+   +8 ^^     \*
+  +10 ^ ^
+   0: E*
+</pre>
+If a pattern contains (*MARK) items, an additional line is output whenever
+a change of latest mark is passed to the callout function. For example:
+<pre>
+    re&#62; /a(*MARK:X)bc/C
+  data&#62; abc
+  ---&#62;abc
+   +0 ^       a
+   +1 ^^      (*MARK:X)
+  +10 ^^      b
+  Latest Mark: X
+  +11 ^ ^     c
+  +12 ^  ^
+   0: abc
+</pre>
+The mark changes between matching "a" and "b", but stays the same for the rest
+of the match, so nothing more is output. If, as a result of backtracking, the
+mark reverts to being unset, the text "&#60;unset&#62;" is output.
+</P>
+<P>
+The callout function in <b>pcretest</b> returns zero (carry on matching) by
+default, but you can use a \C item in a data line (as described above) to
+change this and other parameters of the callout.
+</P>
+<P>
+Inserting callouts can be helpful when using <b>pcretest</b> to check
+complicated regular expressions. For further information about callouts, see
+the
+<a href="pcrecallout.html"><b>pcrecallout</b></a>
+documentation.
+</P>
+<br><a name="SEC13" href="#TOC1">NON-PRINTING CHARACTERS</a><br>
+<P>
+When <b>pcretest</b> is outputting text in the compiled version of a pattern,
+bytes other than 32-126 are always treated as non-printing characters are are
+therefore shown as hex escapes.
+</P>
+<P>
+When <b>pcretest</b> is outputting text that is a matched part of a subject
+string, it behaves in the same way, unless a different locale has been set for
+the pattern (using the <b>/L</b> modifier). In this case, the <b>isprint()</b>
+function to distinguish printing and non-printing characters.
+</P>
+<br><a name="SEC14" href="#TOC1">SAVING AND RELOADING COMPILED PATTERNS</a><br>
+<P>
+The facilities described in this section are not available when the POSIX
+interface to PCRE is being used, that is, when the <b>/P</b> pattern modifier is
+specified.
+</P>
+<P>
+When the POSIX interface is not in use, you can cause <b>pcretest</b> to write a
+compiled pattern to a file, by following the modifiers with &#62; and a file name.
+For example:
+<pre>
+  /pattern/im &#62;/some/file
+</pre>
+See the
+<a href="pcreprecompile.html"><b>pcreprecompile</b></a>
+documentation for a discussion about saving and re-using compiled patterns.
+Note that if the pattern was successfully studied with JIT optimization, the
+JIT data cannot be saved.
+</P>
+<P>
+The data that is written is binary. The first eight bytes are the length of the
+compiled pattern data followed by the length of the optional study data, each
+written as four bytes in big-endian order (most significant byte first). If
+there is no study data (either the pattern was not studied, or studying did not
+return any data), the second length is zero. The lengths are followed by an
+exact copy of the compiled pattern. If there is additional study data, this
+(excluding any JIT data) follows immediately after the compiled pattern. After
+writing the file, <b>pcretest</b> expects to read a new pattern.
+</P>
+<P>
+A saved pattern can be reloaded into <b>pcretest</b> by specifying &#60; and a file
+name instead of a pattern. There must be no space between &#60; and the file name,
+which must not contain a &#60; character, as otherwise <b>pcretest</b> will
+interpret the line as a pattern delimited by &#60; characters. For example:
+<pre>
+   re&#62; &#60;/some/file
+  Compiled pattern loaded from /some/file
+  No study data
+</pre>
+If the pattern was previously studied with the JIT optimization, the JIT
+information cannot be saved and restored, and so is lost. When the pattern has
+been loaded, <b>pcretest</b> proceeds to read data lines in the usual way.
+</P>
+<P>
+You can copy a file written by <b>pcretest</b> to a different host and reload it
+there, even if the new host has opposite endianness to the one on which the
+pattern was compiled. For example, you can compile on an i86 machine and run on
+a SPARC machine. When a pattern is reloaded on a host with different
+endianness, the confirmation message is changed to:
+<pre>
+  Compiled pattern (byte-inverted) loaded from /some/file
+</pre>
+The test suite contains some saved pre-compiled patterns with different
+endianness. These are reloaded using "&#60;!" instead of just "&#60;". This suppresses
+the "(byte-inverted)" text so that the output is the same on all hosts. It also
+forces debugging output once the pattern has been reloaded.
+</P>
+<P>
+File names for saving and reloading can be absolute or relative, but note that
+the shell facility of expanding a file name that starts with a tilde (~) is not
+available.
+</P>
+<P>
+The ability to save and reload files in <b>pcretest</b> is intended for testing
+and experimentation. It is not intended for production use because only a
+single pattern can be written to a file. Furthermore, there is no facility for
+supplying custom character tables for use with a reloaded pattern. If the
+original pattern was compiled with custom tables, an attempt to match a subject
+string using a reloaded pattern is likely to cause <b>pcretest</b> to crash.
+Finally, if you attempt to load a file that is not in the correct format, the
+result is undefined.
+</P>
+<br><a name="SEC15" href="#TOC1">SEE ALSO</a><br>
+<P>
+<b>pcre</b>(3), <b>pcre16</b>(3), <b>pcre32</b>(3), <b>pcreapi</b>(3),
+<b>pcrecallout</b>(3),
+<b>pcrejit</b>, <b>pcrematching</b>(3), <b>pcrepartial</b>(d),
+<b>pcrepattern</b>(3), <b>pcreprecompile</b>(3).
+</P>
+<br><a name="SEC16" href="#TOC1">AUTHOR</a><br>
+<P>
+Philip Hazel
+<br>
+University Computing Service
+<br>
+Cambridge CB2 3QH, England.
+<br>
+</P>
+<br><a name="SEC17" href="#TOC1">REVISION</a><br>
+<P>
+Last updated: 23 February 2017
+<br>
+Copyright &copy; 1997-2017 University of Cambridge.
+<br>
+<p>
+Return to the <a href="index.html">PCRE index page</a>.
+</p>
diff --git a/client/3rd/ShadowSocks/ShadowSocks/pcre/armv7s/share/doc/pcre/html/pcreunicode.html b/client/3rd/ShadowSocks/ShadowSocks/pcre/armv7s/share/doc/pcre/html/pcreunicode.html
new file mode 100644
index 00000000..ab36bc61
--- /dev/null
+++ b/client/3rd/ShadowSocks/ShadowSocks/pcre/armv7s/share/doc/pcre/html/pcreunicode.html
@@ -0,0 +1,262 @@
+<html>
+<head>
+<title>pcreunicode specification</title>
+</head>
+<body bgcolor="#FFFFFF" text="#00005A" link="#0066FF" alink="#3399FF" vlink="#2222BB">
+<h1>pcreunicode man page</h1>
+<p>
+Return to the <a href="index.html">PCRE index page</a>.
+</p>
+<p>
+This page is part of the PCRE HTML documentation. It was generated automatically
+from the original man page. If there is any nonsense in it, please consult the
+man page, in case the conversion went wrong.
+<br>
+<br><b>
+UTF-8, UTF-16, UTF-32, AND UNICODE PROPERTY SUPPORT
+</b><br>
+<P>
+As well as UTF-8 support, PCRE also supports UTF-16 (from release 8.30) and
+UTF-32 (from release 8.32), by means of two additional libraries. They can be
+built as well as, or instead of, the 8-bit library.
+</P>
+<br><b>
+UTF-8 SUPPORT
+</b><br>
+<P>
+In order process UTF-8 strings, you must build PCRE's 8-bit library with UTF
+support, and, in addition, you must call
+<a href="pcre_compile.html"><b>pcre_compile()</b></a>
+with the PCRE_UTF8 option flag, or the pattern must start with the sequence
+(*UTF8) or (*UTF). When either of these is the case, both the pattern and any
+subject strings that are matched against it are treated as UTF-8 strings
+instead of strings of individual 1-byte characters.
+</P>
+<br><b>
+UTF-16 AND UTF-32 SUPPORT
+</b><br>
+<P>
+In order process UTF-16 or UTF-32 strings, you must build PCRE's 16-bit or
+32-bit library with UTF support, and, in addition, you must call
+<a href="pcre16_compile.html"><b>pcre16_compile()</b></a>
+or
+<a href="pcre32_compile.html"><b>pcre32_compile()</b></a>
+with the PCRE_UTF16 or PCRE_UTF32 option flag, as appropriate. Alternatively,
+the pattern must start with the sequence (*UTF16), (*UTF32), as appropriate, or
+(*UTF), which can be used with either library. When UTF mode is set, both the
+pattern and any subject strings that are matched against it are treated as
+UTF-16 or UTF-32 strings instead of strings of individual 16-bit or 32-bit
+characters.
+</P>
+<br><b>
+UTF SUPPORT OVERHEAD
+</b><br>
+<P>
+If you compile PCRE with UTF support, but do not use it at run time, the
+library will be a bit bigger, but the additional run time overhead is limited
+to testing the PCRE_UTF[8|16|32] flag occasionally, so should not be very big.
+</P>
+<br><b>
+UNICODE PROPERTY SUPPORT
+</b><br>
+<P>
+If PCRE is built with Unicode character property support (which implies UTF
+support), the escape sequences \p{..}, \P{..}, and \X can be used.
+The available properties that can be tested are limited to the general
+category properties such as Lu for an upper case letter or Nd for a decimal
+number, the Unicode script names such as Arabic or Han, and the derived
+properties Any and L&. Full lists is given in the
+<a href="pcrepattern.html"><b>pcrepattern</b></a>
+and
+<a href="pcresyntax.html"><b>pcresyntax</b></a>
+documentation. Only the short names for properties are supported. For example,
+\p{L} matches a letter. Its Perl synonym, \p{Letter}, is not supported.
+Furthermore, in Perl, many properties may optionally be prefixed by "Is", for
+compatibility with Perl 5.6. PCRE does not support this.
+<a name="utf8strings"></a></P>
+<br><b>
+Validity of UTF-8 strings
+</b><br>
+<P>
+When you set the PCRE_UTF8 flag, the byte strings passed as patterns and
+subjects are (by default) checked for validity on entry to the relevant
+functions. The entire string is checked before any other processing takes
+place. From release 7.3 of PCRE, the check is according the rules of RFC 3629,
+which are themselves derived from the Unicode specification. Earlier releases
+of PCRE followed the rules of RFC 2279, which allows the full range of 31-bit
+values (0 to 0x7FFFFFFF). The current check allows only values in the range U+0
+to U+10FFFF, excluding the surrogate area. (From release 8.33 the so-called
+"non-character" code points are no longer excluded because Unicode corrigendum
+#9 makes it clear that they should not be.)
+</P>
+<P>
+Characters in the "Surrogate Area" of Unicode are reserved for use by UTF-16,
+where they are used in pairs to encode codepoints with values greater than
+0xFFFF. The code points that are encoded by UTF-16 pairs are available
+independently in the UTF-8 and UTF-32 encodings. (In other words, the whole
+surrogate thing is a fudge for UTF-16 which unfortunately messes up UTF-8 and
+UTF-32.)
+</P>
+<P>
+If an invalid UTF-8 string is passed to PCRE, an error return is given. At
+compile time, the only additional information is the offset to the first byte
+of the failing character. The run-time functions <b>pcre_exec()</b> and
+<b>pcre_dfa_exec()</b> also pass back this information, as well as a more
+detailed reason code if the caller has provided memory in which to do this.
+</P>
+<P>
+In some situations, you may already know that your strings are valid, and
+therefore want to skip these checks in order to improve performance, for
+example in the case of a long subject string that is being scanned repeatedly.
+If you set the PCRE_NO_UTF8_CHECK flag at compile time or at run time, PCRE
+assumes that the pattern or subject it is given (respectively) contains only
+valid UTF-8 codes. In this case, it does not diagnose an invalid UTF-8 string.
+</P>
+<P>
+Note that passing PCRE_NO_UTF8_CHECK to <b>pcre_compile()</b> just disables the
+check for the pattern; it does not also apply to subject strings. If you want
+to disable the check for a subject string you must pass this option to
+<b>pcre_exec()</b> or <b>pcre_dfa_exec()</b>.
+</P>
+<P>
+If you pass an invalid UTF-8 string when PCRE_NO_UTF8_CHECK is set, the result
+is undefined and your program may crash.
+<a name="utf16strings"></a></P>
+<br><b>
+Validity of UTF-16 strings
+</b><br>
+<P>
+When you set the PCRE_UTF16 flag, the strings of 16-bit data units that are
+passed as patterns and subjects are (by default) checked for validity on entry
+to the relevant functions. Values other than those in the surrogate range
+U+D800 to U+DFFF are independent code points. Values in the surrogate range
+must be used in pairs in the correct manner.
+</P>
+<P>
+If an invalid UTF-16 string is passed to PCRE, an error return is given. At
+compile time, the only additional information is the offset to the first data
+unit of the failing character. The run-time functions <b>pcre16_exec()</b> and
+<b>pcre16_dfa_exec()</b> also pass back this information, as well as a more
+detailed reason code if the caller has provided memory in which to do this.
+</P>
+<P>
+In some situations, you may already know that your strings are valid, and
+therefore want to skip these checks in order to improve performance. If you set
+the PCRE_NO_UTF16_CHECK flag at compile time or at run time, PCRE assumes that
+the pattern or subject it is given (respectively) contains only valid UTF-16
+sequences. In this case, it does not diagnose an invalid UTF-16 string.
+However, if an invalid string is passed, the result is undefined.
+<a name="utf32strings"></a></P>
+<br><b>
+Validity of UTF-32 strings
+</b><br>
+<P>
+When you set the PCRE_UTF32 flag, the strings of 32-bit data units that are
+passed as patterns and subjects are (by default) checked for validity on entry
+to the relevant functions.  This check allows only values in the range U+0
+to U+10FFFF, excluding the surrogate area U+D800 to U+DFFF.
+</P>
+<P>
+If an invalid UTF-32 string is passed to PCRE, an error return is given. At
+compile time, the only additional information is the offset to the first data
+unit of the failing character. The run-time functions <b>pcre32_exec()</b> and
+<b>pcre32_dfa_exec()</b> also pass back this information, as well as a more
+detailed reason code if the caller has provided memory in which to do this.
+</P>
+<P>
+In some situations, you may already know that your strings are valid, and
+therefore want to skip these checks in order to improve performance. If you set
+the PCRE_NO_UTF32_CHECK flag at compile time or at run time, PCRE assumes that
+the pattern or subject it is given (respectively) contains only valid UTF-32
+sequences. In this case, it does not diagnose an invalid UTF-32 string.
+However, if an invalid string is passed, the result is undefined.
+</P>
+<br><b>
+General comments about UTF modes
+</b><br>
+<P>
+1. Codepoints less than 256 can be specified in patterns by either braced or
+unbraced hexadecimal escape sequences (for example, \x{b3} or \xb3). Larger
+values have to use braced sequences.
+</P>
+<P>
+2. Octal numbers up to \777 are recognized, and in UTF-8 mode they match
+two-byte characters for values greater than \177.
+</P>
+<P>
+3. Repeat quantifiers apply to complete UTF characters, not to individual
+data units, for example: \x{100}{3}.
+</P>
+<P>
+4. The dot metacharacter matches one UTF character instead of a single data
+unit.
+</P>
+<P>
+5. The escape sequence \C can be used to match a single byte in UTF-8 mode, or
+a single 16-bit data unit in UTF-16 mode, or a single 32-bit data unit in
+UTF-32 mode, but its use can lead to some strange effects because it breaks up
+multi-unit characters (see the description of \C in the
+<a href="pcrepattern.html"><b>pcrepattern</b></a>
+documentation). The use of \C is not supported in the alternative matching
+function <b>pcre[16|32]_dfa_exec()</b>, nor is it supported in UTF mode by the
+JIT optimization of <b>pcre[16|32]_exec()</b>. If JIT optimization is requested
+for a UTF pattern that contains \C, it will not succeed, and so the matching
+will be carried out by the normal interpretive function.
+</P>
+<P>
+6. The character escapes \b, \B, \d, \D, \s, \S, \w, and \W correctly
+test characters of any code value, but, by default, the characters that PCRE
+recognizes as digits, spaces, or word characters remain the same set as in
+non-UTF mode, all with values less than 256. This remains true even when PCRE
+is built to include Unicode property support, because to do otherwise would
+slow down PCRE in many common cases. Note in particular that this applies to
+\b and \B, because they are defined in terms of \w and \W. If you really
+want to test for a wider sense of, say, "digit", you can use explicit Unicode
+property tests such as \p{Nd}. Alternatively, if you set the PCRE_UCP option,
+the way that the character escapes work is changed so that Unicode properties
+are used to determine which characters match. There are more details in the
+section on
+<a href="pcrepattern.html#genericchartypes">generic character types</a>
+in the
+<a href="pcrepattern.html"><b>pcrepattern</b></a>
+documentation.
+</P>
+<P>
+7. Similarly, characters that match the POSIX named character classes are all
+low-valued characters, unless the PCRE_UCP option is set.
+</P>
+<P>
+8. However, the horizontal and vertical white space matching escapes (\h, \H,
+\v, and \V) do match all the appropriate Unicode characters, whether or not
+PCRE_UCP is set.
+</P>
+<P>
+9. Case-insensitive matching applies only to characters whose values are less
+than 128, unless PCRE is built with Unicode property support. A few Unicode
+characters such as Greek sigma have more than two codepoints that are
+case-equivalent. Up to and including PCRE release 8.31, only one-to-one case
+mappings were supported, but later releases (with Unicode property support) do
+treat as case-equivalent all versions of characters such as Greek sigma.
+</P>
+<br><b>
+AUTHOR
+</b><br>
+<P>
+Philip Hazel
+<br>
+University Computing Service
+<br>
+Cambridge CB2 3QH, England.
+<br>
+</P>
+<br><b>
+REVISION
+</b><br>
+<P>
+Last updated: 27 February 2013
+<br>
+Copyright &copy; 1997-2013 University of Cambridge.
+<br>
+<p>
+Return to the <a href="index.html">PCRE index page</a>.
+</p>
diff --git a/client/3rd/ShadowSocks/ShadowSocks/pcre/armv7s/share/doc/pcre/pcre-config.txt b/client/3rd/ShadowSocks/ShadowSocks/pcre/armv7s/share/doc/pcre/pcre-config.txt
new file mode 100644
index 00000000..8503ab0e
--- /dev/null
+++ b/client/3rd/ShadowSocks/ShadowSocks/pcre/armv7s/share/doc/pcre/pcre-config.txt
@@ -0,0 +1,86 @@
+PCRE-CONFIG(1)              General Commands Manual             PCRE-CONFIG(1)
+
+
+
+NAME
+       pcre-config - program to return PCRE configuration
+
+SYNOPSIS
+
+       pcre-config [--prefix] [--exec-prefix] [--version] [--libs]
+                   [--libs16] [--libs32] [--libs-cpp] [--libs-posix]
+                   [--cflags] [--cflags-posix]
+
+
+DESCRIPTION
+
+       pcre-config  returns  the configuration of the installed PCRE libraries
+       and the options required to compile a program to use them. Some of  the
+       options  apply  only  to  the  8-bit,  or  16-bit, or 32-bit libraries,
+       respectively, and are not available if only one of those libraries  has
+       been built. If an unavailable option is encountered, the "usage" infor-
+       mation is output.
+
+
+OPTIONS
+
+       --prefix  Writes the directory prefix used in the PCRE installation for
+                 architecture   independent   files  (/usr  on  many  systems,
+                 /usr/local on some systems) to the standard output.
+
+       --exec-prefix
+                 Writes the directory prefix used in the PCRE installation for
+                 architecture  dependent files (normally the same as --prefix)
+                 to the standard output.
+
+       --version Writes the version number of the installed PCRE libraries  to
+                 the standard output.
+
+       --libs    Writes  to  the  standard  output  the  command  line options
+                 required to link with the 8-bit PCRE library (-lpcre on  many
+                 systems).
+
+       --libs16  Writes  to  the  standard  output  the  command  line options
+                 required to link with the 16-bit PCRE  library  (-lpcre16  on
+                 many systems).
+
+       --libs32  Writes  to  the  standard  output  the  command  line options
+                 required to link with the 32-bit PCRE  library  (-lpcre32  on
+                 many systems).
+
+       --libs-cpp
+                 Writes  to  the  standard  output  the  command  line options
+                 required to link with PCRE's C++ wrapper  library  (-lpcrecpp
+                 -lpcre on many systems).
+
+       --libs-posix
+                 Writes  to  the  standard  output  the  command  line options
+                 required to  link  with  PCRE's  POSIX  API  wrapper  library
+                 (-lpcreposix -lpcre on many systems).
+
+       --cflags  Writes  to  the  standard  output  the  command  line options
+                 required to compile files that use  PCRE  (this  may  include
+                 some -I options, but is blank on many systems).
+
+       --cflags-posix
+                 Writes  to  the  standard  output  the  command  line options
+                 required to compile files that use PCRE's POSIX  API  wrapper
+                 library  (this  may  include some -I options, but is blank on
+                 many systems).
+
+
+SEE ALSO
+
+       pcre(3)
+
+
+AUTHOR
+
+       This manual page was originally written by Mark Baker  for  the  Debian
+       GNU/Linux  system.  It  has been subsequently revised as a generic PCRE
+       man page.
+
+
+REVISION
+
+       Last updated: 24 June 2012
diff --git a/client/3rd/ShadowSocks/ShadowSocks/pcre/armv7s/share/doc/pcre/pcre.txt b/client/3rd/ShadowSocks/ShadowSocks/pcre/armv7s/share/doc/pcre/pcre.txt
new file mode 100644
index 00000000..c027538f
--- /dev/null
+++ b/client/3rd/ShadowSocks/ShadowSocks/pcre/armv7s/share/doc/pcre/pcre.txt
@@ -0,0 +1,10502 @@
+-----------------------------------------------------------------------------
+This file contains a concatenation of the PCRE man pages, converted to plain
+text format for ease of searching with a text editor, or for use on systems
+that do not have a man page processor. The small individual files that give
+synopses of each function in the library have not been included. Neither has
+the pcredemo program. There are separate text files for the pcregrep and
+pcretest commands.
+-----------------------------------------------------------------------------
+
+
+PCRE(3)                    Library Functions Manual                    PCRE(3)
+
+
+
+NAME
+       PCRE - Perl-compatible regular expressions (original API)
+
+PLEASE TAKE NOTE
+
+       This  document relates to PCRE releases that use the original API, with
+       library names libpcre, libpcre16, and libpcre32. January 2015  saw  the
+       first release of a new API, known as PCRE2, with release numbers start-
+       ing  at  10.00  and  library   names   libpcre2-8,   libpcre2-16,   and
+       libpcre2-32. The old libraries (now called PCRE1) are still being main-
+       tained for bug fixes,  but  there  will  be  no  new  development.  New
+       projects are advised to use the new PCRE2 libraries.
+
+
+INTRODUCTION
+
+       The  PCRE  library is a set of functions that implement regular expres-
+       sion pattern matching using the same syntax and semantics as Perl, with
+       just  a few differences. Some features that appeared in Python and PCRE
+       before they appeared in Perl are also available using the  Python  syn-
+       tax,  there  is  some  support for one or two .NET and Oniguruma syntax
+       items, and there is an option for requesting some  minor  changes  that
+       give better JavaScript compatibility.
+
+       Starting with release 8.30, it is possible to compile two separate PCRE
+       libraries:  the  original,  which  supports  8-bit  character   strings
+       (including  UTF-8  strings),  and a second library that supports 16-bit
+       character strings (including UTF-16 strings). The build process  allows
+       either  one  or both to be built. The majority of the work to make this
+       possible was done by Zoltan Herczeg.
+
+       Starting with release 8.32 it is possible to compile a  third  separate
+       PCRE  library  that supports 32-bit character strings (including UTF-32
+       strings). The build process allows any combination of the 8-,  16-  and
+       32-bit  libraries. The work to make this possible was done by Christian
+       Persch.
+
+       The three libraries contain identical sets of  functions,  except  that
+       the  names  in  the 16-bit library start with pcre16_ instead of pcre_,
+       and the names in the 32-bit  library  start  with  pcre32_  instead  of
+       pcre_.  To avoid over-complication and reduce the documentation mainte-
+       nance load, most of the documentation describes the 8-bit library, with
+       the  differences  for  the  16-bit and 32-bit libraries described sepa-
+       rately in the pcre16 and  pcre32  pages.  References  to  functions  or
+       structures  of  the  form  pcre[16|32]_xxx  should  be  read as meaning
+       "pcre_xxx when using the  8-bit  library,  pcre16_xxx  when  using  the
+       16-bit library, or pcre32_xxx when using the 32-bit library".
+
+       The  current implementation of PCRE corresponds approximately with Perl
+       5.12, including support for UTF-8/16/32  encoded  strings  and  Unicode
+       general  category  properties. However, UTF-8/16/32 and Unicode support
+       has to be explicitly enabled; it is not the default. The Unicode tables
+       correspond to Unicode release 6.3.0.
+
+       In  addition to the Perl-compatible matching function, PCRE contains an
+       alternative function that matches the same compiled patterns in a  dif-
+       ferent way. In certain circumstances, the alternative function has some
+       advantages.  For a discussion of the two matching algorithms,  see  the
+       pcrematching page.
+
+       PCRE  is  written  in C and released as a C library. A number of people
+       have written wrappers and interfaces of various kinds.  In  particular,
+       Google  Inc.   have  provided a comprehensive C++ wrapper for the 8-bit
+       library. This is now included as part of  the  PCRE  distribution.  The
+       pcrecpp  page  has  details of this interface. Other people's contribu-
+       tions can be found in the Contrib directory at the  primary  FTP  site,
+       which is:
+
+       ftp://ftp.csx.cam.ac.uk/pub/software/programming/pcre
+
+       Details  of  exactly which Perl regular expression features are and are
+       not supported by PCRE are given in separate documents. See the pcrepat-
+       tern  and pcrecompat pages. There is a syntax summary in the pcresyntax
+       page.
+
+       Some features of PCRE can be included, excluded, or  changed  when  the
+       library  is  built.  The pcre_config() function makes it possible for a
+       client to discover which features are  available.  The  features  them-
+       selves  are described in the pcrebuild page. Documentation about build-
+       ing PCRE for various operating systems can be found in the  README  and
+       NON-AUTOTOOLS_BUILD files in the source distribution.
+
+       The  libraries contains a number of undocumented internal functions and
+       data tables that are used by more than one  of  the  exported  external
+       functions,  but  which  are  not  intended for use by external callers.
+       Their names all begin with "_pcre_" or "_pcre16_" or "_pcre32_",  which
+       hopefully  will  not provoke any name clashes. In some environments, it
+       is possible to control which  external  symbols  are  exported  when  a
+       shared  library  is  built, and in these cases the undocumented symbols
+       are not exported.
+
+
+SECURITY CONSIDERATIONS
+
+       If you are using PCRE in a non-UTF application that  permits  users  to
+       supply  arbitrary  patterns  for  compilation, you should be aware of a
+       feature that allows users to turn on UTF support from within a pattern,
+       provided  that  PCRE  was built with UTF support. For example, an 8-bit
+       pattern that begins with "(*UTF8)" or "(*UTF)"  turns  on  UTF-8  mode,
+       which  interprets  patterns and subjects as strings of UTF-8 characters
+       instead of individual 8-bit characters.  This causes both  the  pattern
+       and any data against which it is matched to be checked for UTF-8 valid-
+       ity. If the data string is very long, such a  check  might  use  suffi-
+       ciently  many  resources  as  to cause your application to lose perfor-
+       mance.
+
+       One  way  of  guarding  against  this  possibility  is   to   use   the
+       pcre_fullinfo()  function  to  check the compiled pattern's options for
+       UTF.  Alternatively, from release 8.33, you can set the  PCRE_NEVER_UTF
+       option  at compile time. This causes an compile time error if a pattern
+       contains a UTF-setting sequence.
+
+       If your application is one that supports UTF, be  aware  that  validity
+       checking  can  take time. If the same data string is to be matched many
+       times, you can use the PCRE_NO_UTF[8|16|32]_CHECK option for the second
+       and subsequent matches to save redundant checks.
+
+       Another  way  that  performance can be hit is by running a pattern that
+       has a very large search tree against a string that  will  never  match.
+       Nested  unlimited  repeats in a pattern are a common example. PCRE pro-
+       vides some protection against this: see the PCRE_EXTRA_MATCH_LIMIT fea-
+       ture in the pcreapi page.
+
+
+USER DOCUMENTATION
+
+       The  user  documentation  for PCRE comprises a number of different sec-
+       tions. In the "man" format, each of these is a separate "man page".  In
+       the  HTML  format, each is a separate page, linked from the index page.
+       In the plain text format, the descriptions of the pcregrep and pcretest
+       programs  are  in  files  called pcregrep.txt and pcretest.txt, respec-
+       tively. The remaining sections, except for the pcredemo section  (which
+       is  a  program  listing),  are  concatenated  in  pcre.txt, for ease of
+       searching. The sections are as follows:
+
+         pcre              this document
+         pcre-config       show PCRE installation configuration information
+         pcre16            details of the 16-bit library
+         pcre32            details of the 32-bit library
+         pcreapi           details of PCRE's native C API
+         pcrebuild         building PCRE
+         pcrecallout       details of the callout feature
+         pcrecompat        discussion of Perl compatibility
+         pcrecpp           details of the C++ wrapper for the 8-bit library
+         pcredemo          a demonstration C program that uses PCRE
+         pcregrep          description of the pcregrep command (8-bit only)
+         pcrejit           discussion of the just-in-time optimization support
+         pcrelimits        details of size and other limits
+         pcrematching      discussion of the two matching algorithms
+         pcrepartial       details of the partial matching facility
+         pcrepattern       syntax and semantics of supported
+                             regular expressions
+         pcreperform       discussion of performance issues
+         pcreposix         the POSIX-compatible C API for the 8-bit library
+         pcreprecompile    details of saving and re-using precompiled patterns
+         pcresample        discussion of the pcredemo program
+         pcrestack         discussion of stack usage
+         pcresyntax        quick syntax reference
+         pcretest          description of the pcretest testing command
+         pcreunicode       discussion of Unicode and UTF-8/16/32 support
+
+       In the "man" and HTML formats, there is also a short page  for  each  C
+       library function, listing its arguments and results.
+
+
+AUTHOR
+
+       Philip Hazel
+       University Computing Service
+       Cambridge CB2 3QH, England.
+
+       Putting  an actual email address here seems to have been a spam magnet,
+       so I've taken it away. If you want to email me, use  my  two  initials,
+       followed by the two digits 10, at the domain cam.ac.uk.
+
+
+REVISION
+
+       Last updated: 10 February 2015
+       Copyright (c) 1997-2015 University of Cambridge.
+------------------------------------------------------------------------------
+
+
+PCRE(3)                    Library Functions Manual                    PCRE(3)
+
+
+
+NAME
+       PCRE - Perl-compatible regular expressions
+
+       #include <pcre.h>
+
+
+PCRE 16-BIT API BASIC FUNCTIONS
+
+       pcre16 *pcre16_compile(PCRE_SPTR16 pattern, int options,
+            const char **errptr, int *erroffset,
+            const unsigned char *tableptr);
+
+       pcre16 *pcre16_compile2(PCRE_SPTR16 pattern, int options,
+            int *errorcodeptr,
+            const char **errptr, int *erroffset,
+            const unsigned char *tableptr);
+
+       pcre16_extra *pcre16_study(const pcre16 *code, int options,
+            const char **errptr);
+
+       void pcre16_free_study(pcre16_extra *extra);
+
+       int pcre16_exec(const pcre16 *code, const pcre16_extra *extra,
+            PCRE_SPTR16 subject, int length, int startoffset,
+            int options, int *ovector, int ovecsize);
+
+       int pcre16_dfa_exec(const pcre16 *code, const pcre16_extra *extra,
+            PCRE_SPTR16 subject, int length, int startoffset,
+            int options, int *ovector, int ovecsize,
+            int *workspace, int wscount);
+
+
+PCRE 16-BIT API STRING EXTRACTION FUNCTIONS
+
+       int pcre16_copy_named_substring(const pcre16 *code,
+            PCRE_SPTR16 subject, int *ovector,
+            int stringcount, PCRE_SPTR16 stringname,
+            PCRE_UCHAR16 *buffer, int buffersize);
+
+       int pcre16_copy_substring(PCRE_SPTR16 subject, int *ovector,
+            int stringcount, int stringnumber, PCRE_UCHAR16 *buffer,
+            int buffersize);
+
+       int pcre16_get_named_substring(const pcre16 *code,
+            PCRE_SPTR16 subject, int *ovector,
+            int stringcount, PCRE_SPTR16 stringname,
+            PCRE_SPTR16 *stringptr);
+
+       int pcre16_get_stringnumber(const pcre16 *code,
+            PCRE_SPTR16 name);
+
+       int pcre16_get_stringtable_entries(const pcre16 *code,
+            PCRE_SPTR16 name, PCRE_UCHAR16 **first, PCRE_UCHAR16 **last);
+
+       int pcre16_get_substring(PCRE_SPTR16 subject, int *ovector,
+            int stringcount, int stringnumber,
+            PCRE_SPTR16 *stringptr);
+
+       int pcre16_get_substring_list(PCRE_SPTR16 subject,
+            int *ovector, int stringcount, PCRE_SPTR16 **listptr);
+
+       void pcre16_free_substring(PCRE_SPTR16 stringptr);
+
+       void pcre16_free_substring_list(PCRE_SPTR16 *stringptr);
+
+
+PCRE 16-BIT API AUXILIARY FUNCTIONS
+
+       pcre16_jit_stack *pcre16_jit_stack_alloc(int startsize, int maxsize);
+
+       void pcre16_jit_stack_free(pcre16_jit_stack *stack);
+
+       void pcre16_assign_jit_stack(pcre16_extra *extra,
+            pcre16_jit_callback callback, void *data);
+
+       const unsigned char *pcre16_maketables(void);
+
+       int pcre16_fullinfo(const pcre16 *code, const pcre16_extra *extra,
+            int what, void *where);
+
+       int pcre16_refcount(pcre16 *code, int adjust);
+
+       int pcre16_config(int what, void *where);
+
+       const char *pcre16_version(void);
+
+       int pcre16_pattern_to_host_byte_order(pcre16 *code,
+            pcre16_extra *extra, const unsigned char *tables);
+
+
+PCRE 16-BIT API INDIRECTED FUNCTIONS
+
+       void *(*pcre16_malloc)(size_t);
+
+       void (*pcre16_free)(void *);
+
+       void *(*pcre16_stack_malloc)(size_t);
+
+       void (*pcre16_stack_free)(void *);
+
+       int (*pcre16_callout)(pcre16_callout_block *);
+
+
+PCRE 16-BIT API 16-BIT-ONLY FUNCTION
+
+       int pcre16_utf16_to_host_byte_order(PCRE_UCHAR16 *output,
+            PCRE_SPTR16 input, int length, int *byte_order,
+            int keep_boms);
+
+
+THE PCRE 16-BIT LIBRARY
+
+       Starting  with  release  8.30, it is possible to compile a PCRE library
+       that supports 16-bit character strings, including  UTF-16  strings,  as
+       well  as  or instead of the original 8-bit library. The majority of the
+       work to make  this  possible  was  done  by  Zoltan  Herczeg.  The  two
+       libraries contain identical sets of functions, used in exactly the same
+       way. Only the names of the functions and the data types of their  argu-
+       ments  and results are different. To avoid over-complication and reduce
+       the documentation maintenance load,  most  of  the  PCRE  documentation
+       describes  the  8-bit  library,  with only occasional references to the
+       16-bit library. This page describes what is different when you use  the
+       16-bit library.
+
+       WARNING:  A  single  application can be linked with both libraries, but
+       you must take care when processing any particular pattern to use  func-
+       tions  from  just one library. For example, if you want to study a pat-
+       tern that was compiled with  pcre16_compile(),  you  must  do  so  with
+       pcre16_study(), not pcre_study(), and you must free the study data with
+       pcre16_free_study().
+
+
+THE HEADER FILE
+
+       There is only one header file, pcre.h. It contains prototypes  for  all
+       the functions in all libraries, as well as definitions of flags, struc-
+       tures, error codes, etc.
+
+
+THE LIBRARY NAME
+
+       In Unix-like systems, the 16-bit library is called libpcre16,  and  can
+       normally  be  accesss  by adding -lpcre16 to the command for linking an
+       application that uses PCRE.
+
+
+STRING TYPES
+
+       In the 8-bit library, strings are passed to PCRE library  functions  as
+       vectors  of  bytes  with  the  C  type "char *". In the 16-bit library,
+       strings are passed as vectors of unsigned 16-bit quantities. The  macro
+       PCRE_UCHAR16  specifies  an  appropriate  data type, and PCRE_SPTR16 is
+       defined as "const PCRE_UCHAR16 *". In very  many  environments,  "short
+       int" is a 16-bit data type. When PCRE is built, it defines PCRE_UCHAR16
+       as "unsigned short int", but checks that it really  is  a  16-bit  data
+       type.  If  it is not, the build fails with an error message telling the
+       maintainer to modify the definition appropriately.
+
+
+STRUCTURE TYPES
+
+       The types of the opaque structures that are used  for  compiled  16-bit
+       patterns  and  JIT stacks are pcre16 and pcre16_jit_stack respectively.
+       The  type  of  the  user-accessible  structure  that  is  returned   by
+       pcre16_study()  is  pcre16_extra, and the type of the structure that is
+       used for passing data to a callout  function  is  pcre16_callout_block.
+       These structures contain the same fields, with the same names, as their
+       8-bit counterparts. The only difference is that pointers  to  character
+       strings are 16-bit instead of 8-bit types.
+
+
+16-BIT FUNCTIONS
+
+       For  every function in the 8-bit library there is a corresponding func-
+       tion in the 16-bit library with a name that starts with pcre16_ instead
+       of  pcre_.  The  prototypes are listed above. In addition, there is one
+       extra function, pcre16_utf16_to_host_byte_order(). This  is  a  utility
+       function  that converts a UTF-16 character string to host byte order if
+       necessary. The other 16-bit  functions  expect  the  strings  they  are
+       passed to be in host byte order.
+
+       The input and output arguments of pcre16_utf16_to_host_byte_order() may
+       point to the same address, that is, conversion in place  is  supported.
+       The output buffer must be at least as long as the input.
+
+       The  length  argument  specifies the number of 16-bit data units in the
+       input string; a negative value specifies a zero-terminated string.
+
+       If byte_order is NULL, it is assumed that the string starts off in host
+       byte  order. This may be changed by byte-order marks (BOMs) anywhere in
+       the string (commonly as the first character).
+
+       If byte_order is not NULL, a non-zero value of the integer to which  it
+       points  means  that  the input starts off in host byte order, otherwise
+       the opposite order is assumed. Again, BOMs in  the  string  can  change
+       this. The final byte order is passed back at the end of processing.
+
+       If  keep_boms  is  not  zero,  byte-order  mark characters (0xfeff) are
+       copied into the output string. Otherwise they are discarded.
+
+       The result of the function is the number of 16-bit  units  placed  into
+       the  output  buffer,  including  the  zero terminator if the string was
+       zero-terminated.
+
+
+SUBJECT STRING OFFSETS
+
+       The lengths and starting offsets of subject strings must  be  specified
+       in  16-bit  data units, and the offsets within subject strings that are
+       returned by the matching functions are in also 16-bit units rather than
+       bytes.
+
+
+NAMED SUBPATTERNS
+
+       The  name-to-number translation table that is maintained for named sub-
+       patterns uses 16-bit characters.  The  pcre16_get_stringtable_entries()
+       function returns the length of each entry in the table as the number of
+       16-bit data units.
+
+
+OPTION NAMES
+
+       There   are   two   new   general   option   names,   PCRE_UTF16    and
+       PCRE_NO_UTF16_CHECK,     which     correspond    to    PCRE_UTF8    and
+       PCRE_NO_UTF8_CHECK in the 8-bit library. In  fact,  these  new  options
+       define  the  same bits in the options word. There is a discussion about
+       the validity of UTF-16 strings in the pcreunicode page.
+
+       For the pcre16_config() function there is an  option  PCRE_CONFIG_UTF16
+       that  returns  1  if UTF-16 support is configured, otherwise 0. If this
+       option  is  given  to  pcre_config()  or  pcre32_config(),  or  if  the
+       PCRE_CONFIG_UTF8  or  PCRE_CONFIG_UTF32  option is given to pcre16_con-
+       fig(), the result is the PCRE_ERROR_BADOPTION error.
+
+
+CHARACTER CODES
+
+       In 16-bit mode, when  PCRE_UTF16  is  not  set,  character  values  are
+       treated in the same way as in 8-bit, non UTF-8 mode, except, of course,
+       that they can range from 0 to 0xffff instead of 0  to  0xff.  Character
+       types  for characters less than 0xff can therefore be influenced by the
+       locale in the same way as before.  Characters greater  than  0xff  have
+       only one case, and no "type" (such as letter or digit).
+
+       In  UTF-16  mode,  the  character  code  is  Unicode, in the range 0 to
+       0x10ffff, with the exception of values in the range  0xd800  to  0xdfff
+       because  those  are "surrogate" values that are used in pairs to encode
+       values greater than 0xffff.
+
+       A UTF-16 string can indicate its endianness by special code knows as  a
+       byte-order mark (BOM). The PCRE functions do not handle this, expecting
+       strings  to  be  in  host  byte  order.  A  utility   function   called
+       pcre16_utf16_to_host_byte_order()  is  provided  to help with this (see
+       above).
+
+
+ERROR NAMES
+
+       The errors PCRE_ERROR_BADUTF16_OFFSET and PCRE_ERROR_SHORTUTF16  corre-
+       spond  to  their  8-bit  counterparts.  The error PCRE_ERROR_BADMODE is
+       given when a compiled pattern is passed to a  function  that  processes
+       patterns  in  the  other  mode, for example, if a pattern compiled with
+       pcre_compile() is passed to pcre16_exec().
+
+       There are new error codes whose names  begin  with  PCRE_UTF16_ERR  for
+       invalid  UTF-16  strings,  corresponding to the PCRE_UTF8_ERR codes for
+       UTF-8 strings that are described in the section entitled "Reason  codes
+       for  invalid UTF-8 strings" in the main pcreapi page. The UTF-16 errors
+       are:
+
+         PCRE_UTF16_ERR1  Missing low surrogate at end of string
+         PCRE_UTF16_ERR2  Invalid low surrogate follows high surrogate
+         PCRE_UTF16_ERR3  Isolated low surrogate
+         PCRE_UTF16_ERR4  Non-character
+
+
+ERROR TEXTS
+
+       If there is an error while compiling a pattern, the error text that  is
+       passed  back by pcre16_compile() or pcre16_compile2() is still an 8-bit
+       character string, zero-terminated.
+
+
+CALLOUTS
+
+       The subject and mark fields in the callout block that is  passed  to  a
+       callout function point to 16-bit vectors.
+
+
+TESTING
+
+       The  pcretest  program continues to operate with 8-bit input and output
+       files, but it can be used for testing the 16-bit library. If it is  run
+       with the command line option -16, patterns and subject strings are con-
+       verted from 8-bit to 16-bit before being passed to PCRE, and the 16-bit
+       library  functions  are used instead of the 8-bit ones. Returned 16-bit
+       strings are converted to 8-bit for output. If both the  8-bit  and  the
+       32-bit libraries were not compiled, pcretest defaults to 16-bit and the
+       -16 option is ignored.
+
+       When PCRE is being built, the RunTest script that is  called  by  "make
+       check"  uses  the  pcretest  -C  option to discover which of the 8-bit,
+       16-bit and 32-bit libraries has been built, and runs the  tests  appro-
+       priately.
+
+
+NOT SUPPORTED IN 16-BIT MODE
+
+       Not all the features of the 8-bit library are available with the 16-bit
+       library. The C++ and POSIX wrapper functions  support  only  the  8-bit
+       library, and the pcregrep program is at present 8-bit only.
+
+
+AUTHOR
+
+       Philip Hazel
+       University Computing Service
+       Cambridge CB2 3QH, England.
+
+
+REVISION
+
+       Last updated: 12 May 2013
+       Copyright (c) 1997-2013 University of Cambridge.
+------------------------------------------------------------------------------
+
+
+PCRE(3)                    Library Functions Manual                    PCRE(3)
+
+
+
+NAME
+       PCRE - Perl-compatible regular expressions
+
+       #include <pcre.h>
+
+
+PCRE 32-BIT API BASIC FUNCTIONS
+
+       pcre32 *pcre32_compile(PCRE_SPTR32 pattern, int options,
+            const char **errptr, int *erroffset,
+            const unsigned char *tableptr);
+
+       pcre32 *pcre32_compile2(PCRE_SPTR32 pattern, int options,
+            int *errorcodeptr,
+            const unsigned char *tableptr);
+
+       pcre32_extra *pcre32_study(const pcre32 *code, int options,
+            const char **errptr);
+
+       void pcre32_free_study(pcre32_extra *extra);
+
+       int pcre32_exec(const pcre32 *code, const pcre32_extra *extra,
+            PCRE_SPTR32 subject, int length, int startoffset,
+            int options, int *ovector, int ovecsize);
+
+       int pcre32_dfa_exec(const pcre32 *code, const pcre32_extra *extra,
+            PCRE_SPTR32 subject, int length, int startoffset,
+            int options, int *ovector, int ovecsize,
+            int *workspace, int wscount);
+
+
+PCRE 32-BIT API STRING EXTRACTION FUNCTIONS
+
+       int pcre32_copy_named_substring(const pcre32 *code,
+            PCRE_SPTR32 subject, int *ovector,
+            int stringcount, PCRE_SPTR32 stringname,
+            PCRE_UCHAR32 *buffer, int buffersize);
+
+       int pcre32_copy_substring(PCRE_SPTR32 subject, int *ovector,
+            int stringcount, int stringnumber, PCRE_UCHAR32 *buffer,
+            int buffersize);
+
+       int pcre32_get_named_substring(const pcre32 *code,
+            PCRE_SPTR32 subject, int *ovector,
+            int stringcount, PCRE_SPTR32 stringname,
+            PCRE_SPTR32 *stringptr);
+
+       int pcre32_get_stringnumber(const pcre32 *code,
+            PCRE_SPTR32 name);
+
+       int pcre32_get_stringtable_entries(const pcre32 *code,
+            PCRE_SPTR32 name, PCRE_UCHAR32 **first, PCRE_UCHAR32 **last);
+
+       int pcre32_get_substring(PCRE_SPTR32 subject, int *ovector,
+            int stringcount, int stringnumber,
+            PCRE_SPTR32 *stringptr);
+
+       int pcre32_get_substring_list(PCRE_SPTR32 subject,
+            int *ovector, int stringcount, PCRE_SPTR32 **listptr);
+
+       void pcre32_free_substring(PCRE_SPTR32 stringptr);
+
+       void pcre32_free_substring_list(PCRE_SPTR32 *stringptr);
+
+
+PCRE 32-BIT API AUXILIARY FUNCTIONS
+
+       pcre32_jit_stack *pcre32_jit_stack_alloc(int startsize, int maxsize);
+
+       void pcre32_jit_stack_free(pcre32_jit_stack *stack);
+
+       void pcre32_assign_jit_stack(pcre32_extra *extra,
+            pcre32_jit_callback callback, void *data);
+
+       const unsigned char *pcre32_maketables(void);
+
+       int pcre32_fullinfo(const pcre32 *code, const pcre32_extra *extra,
+            int what, void *where);
+
+       int pcre32_refcount(pcre32 *code, int adjust);
+
+       int pcre32_config(int what, void *where);
+
+       const char *pcre32_version(void);
+
+       int pcre32_pattern_to_host_byte_order(pcre32 *code,
+            pcre32_extra *extra, const unsigned char *tables);
+
+
+PCRE 32-BIT API INDIRECTED FUNCTIONS
+
+       void *(*pcre32_malloc)(size_t);
+
+       void (*pcre32_free)(void *);
+
+       void *(*pcre32_stack_malloc)(size_t);
+
+       void (*pcre32_stack_free)(void *);
+
+       int (*pcre32_callout)(pcre32_callout_block *);
+
+
+PCRE 32-BIT API 32-BIT-ONLY FUNCTION
+
+       int pcre32_utf32_to_host_byte_order(PCRE_UCHAR32 *output,
+            PCRE_SPTR32 input, int length, int *byte_order,
+            int keep_boms);
+
+
+THE PCRE 32-BIT LIBRARY
+
+       Starting  with  release  8.32, it is possible to compile a PCRE library
+       that supports 32-bit character strings, including  UTF-32  strings,  as
+       well as or instead of the original 8-bit library. This work was done by
+       Christian Persch, based on the work done  by  Zoltan  Herczeg  for  the
+       16-bit  library.  All  three  libraries contain identical sets of func-
+       tions, used in exactly the same way.  Only the names of  the  functions
+       and  the  data  types  of their arguments and results are different. To
+       avoid over-complication and reduce the documentation maintenance  load,
+       most  of  the PCRE documentation describes the 8-bit library, with only
+       occasional references to the 16-bit and  32-bit  libraries.  This  page
+       describes what is different when you use the 32-bit library.
+
+       WARNING:  A  single  application  can  be linked with all or any of the
+       three libraries, but you must take care when processing any  particular
+       pattern  to  use  functions  from just one library. For example, if you
+       want to study a pattern that was compiled  with  pcre32_compile(),  you
+       must do so with pcre32_study(), not pcre_study(), and you must free the
+       study data with pcre32_free_study().
+
+
+THE HEADER FILE
+
+       There is only one header file, pcre.h. It contains prototypes  for  all
+       the functions in all libraries, as well as definitions of flags, struc-
+       tures, error codes, etc.
+
+
+THE LIBRARY NAME
+
+       In Unix-like systems, the 32-bit library is called libpcre32,  and  can
+       normally  be  accesss  by adding -lpcre32 to the command for linking an
+       application that uses PCRE.
+
+
+STRING TYPES
+
+       In the 8-bit library, strings are passed to PCRE library  functions  as
+       vectors  of  bytes  with  the  C  type "char *". In the 32-bit library,
+       strings are passed as vectors of unsigned 32-bit quantities. The  macro
+       PCRE_UCHAR32  specifies  an  appropriate  data type, and PCRE_SPTR32 is
+       defined as "const PCRE_UCHAR32 *". In very many environments, "unsigned
+       int" is a 32-bit data type. When PCRE is built, it defines PCRE_UCHAR32
+       as "unsigned int", but checks that it really is a 32-bit data type.  If
+       it is not, the build fails with an error message telling the maintainer
+       to modify the definition appropriately.
+
+
+STRUCTURE TYPES
+
+       The types of the opaque structures that are used  for  compiled  32-bit
+       patterns  and  JIT stacks are pcre32 and pcre32_jit_stack respectively.
+       The  type  of  the  user-accessible  structure  that  is  returned   by
+       pcre32_study()  is  pcre32_extra, and the type of the structure that is
+       used for passing data to a callout  function  is  pcre32_callout_block.
+       These structures contain the same fields, with the same names, as their
+       8-bit counterparts. The only difference is that pointers  to  character
+       strings are 32-bit instead of 8-bit types.
+
+
+32-BIT FUNCTIONS
+
+       For  every function in the 8-bit library there is a corresponding func-
+       tion in the 32-bit library with a name that starts with pcre32_ instead
+       of  pcre_.  The  prototypes are listed above. In addition, there is one
+       extra function, pcre32_utf32_to_host_byte_order(). This  is  a  utility
+       function  that converts a UTF-32 character string to host byte order if
+       necessary. The other 32-bit  functions  expect  the  strings  they  are
+       passed to be in host byte order.
+
+       The input and output arguments of pcre32_utf32_to_host_byte_order() may
+       point to the same address, that is, conversion in place  is  supported.
+       The output buffer must be at least as long as the input.
+
+       The  length  argument  specifies the number of 32-bit data units in the
+       input string; a negative value specifies a zero-terminated string.
+
+       If byte_order is NULL, it is assumed that the string starts off in host
+       byte  order. This may be changed by byte-order marks (BOMs) anywhere in
+       the string (commonly as the first character).
+
+       If byte_order is not NULL, a non-zero value of the integer to which  it
+       points  means  that  the input starts off in host byte order, otherwise
+       the opposite order is assumed. Again, BOMs in  the  string  can  change
+       this. The final byte order is passed back at the end of processing.
+
+       If  keep_boms  is  not  zero,  byte-order  mark characters (0xfeff) are
+       copied into the output string. Otherwise they are discarded.
+
+       The result of the function is the number of 32-bit  units  placed  into
+       the  output  buffer,  including  the  zero terminator if the string was
+       zero-terminated.
+
+
+SUBJECT STRING OFFSETS
+
+       The lengths and starting offsets of subject strings must  be  specified
+       in  32-bit  data units, and the offsets within subject strings that are
+       returned by the matching functions are in also 32-bit units rather than
+       bytes.
+
+
+NAMED SUBPATTERNS
+
+       The  name-to-number translation table that is maintained for named sub-
+       patterns uses 32-bit characters.  The  pcre32_get_stringtable_entries()
+       function returns the length of each entry in the table as the number of
+       32-bit data units.
+
+
+OPTION NAMES
+
+       There   are   two   new   general   option   names,   PCRE_UTF32    and
+       PCRE_NO_UTF32_CHECK,     which     correspond    to    PCRE_UTF8    and
+       PCRE_NO_UTF8_CHECK in the 8-bit library. In  fact,  these  new  options
+       define  the  same bits in the options word. There is a discussion about
+       the validity of UTF-32 strings in the pcreunicode page.
+
+       For the pcre32_config() function there is an  option  PCRE_CONFIG_UTF32
+       that  returns  1  if UTF-32 support is configured, otherwise 0. If this
+       option  is  given  to  pcre_config()  or  pcre16_config(),  or  if  the
+       PCRE_CONFIG_UTF8  or  PCRE_CONFIG_UTF16  option is given to pcre32_con-
+       fig(), the result is the PCRE_ERROR_BADOPTION error.
+
+
+CHARACTER CODES
+
+       In 32-bit mode, when  PCRE_UTF32  is  not  set,  character  values  are
+       treated in the same way as in 8-bit, non UTF-8 mode, except, of course,
+       that they can range from 0 to 0x7fffffff instead of 0 to 0xff.  Charac-
+       ter  types for characters less than 0xff can therefore be influenced by
+       the locale in the same way as before.   Characters  greater  than  0xff
+       have only one case, and no "type" (such as letter or digit).
+
+       In  UTF-32  mode,  the  character  code  is  Unicode, in the range 0 to
+       0x10ffff, with the exception of values in the range  0xd800  to  0xdfff
+       because those are "surrogate" values that are ill-formed in UTF-32.
+
+       A  UTF-32 string can indicate its endianness by special code knows as a
+       byte-order mark (BOM). The PCRE functions do not handle this, expecting
+       strings   to   be  in  host  byte  order.  A  utility  function  called
+       pcre32_utf32_to_host_byte_order() is provided to help  with  this  (see
+       above).
+
+
+ERROR NAMES
+
+       The  error  PCRE_ERROR_BADUTF32  corresponds  to its 8-bit counterpart.
+       The error PCRE_ERROR_BADMODE is given when a compiled pattern is passed
+       to  a  function that processes patterns in the other mode, for example,
+       if a pattern compiled with pcre_compile() is passed to pcre32_exec().
+
+       There are new error codes whose names  begin  with  PCRE_UTF32_ERR  for
+       invalid  UTF-32  strings,  corresponding to the PCRE_UTF8_ERR codes for
+       UTF-8 strings that are described in the section entitled "Reason  codes
+       for  invalid UTF-8 strings" in the main pcreapi page. The UTF-32 errors
+       are:
+
+         PCRE_UTF32_ERR1  Surrogate character (range from 0xd800 to 0xdfff)
+         PCRE_UTF32_ERR2  Non-character
+         PCRE_UTF32_ERR3  Character > 0x10ffff
+
+
+ERROR TEXTS
+
+       If there is an error while compiling a pattern, the error text that  is
+       passed  back by pcre32_compile() or pcre32_compile2() is still an 8-bit
+       character string, zero-terminated.
+
+
+CALLOUTS
+
+       The subject and mark fields in the callout block that is  passed  to  a
+       callout function point to 32-bit vectors.
+
+
+TESTING
+
+       The  pcretest  program continues to operate with 8-bit input and output
+       files, but it can be used for testing the 32-bit library. If it is  run
+       with the command line option -32, patterns and subject strings are con-
+       verted from 8-bit to 32-bit before being passed to PCRE, and the 32-bit
+       library  functions  are used instead of the 8-bit ones. Returned 32-bit
+       strings are converted to 8-bit for output. If both the  8-bit  and  the
+       16-bit libraries were not compiled, pcretest defaults to 32-bit and the
+       -32 option is ignored.
+
+       When PCRE is being built, the RunTest script that is  called  by  "make
+       check"  uses  the  pcretest  -C  option to discover which of the 8-bit,
+       16-bit and 32-bit libraries has been built, and runs the  tests  appro-
+       priately.
+
+
+NOT SUPPORTED IN 32-BIT MODE
+
+       Not all the features of the 8-bit library are available with the 32-bit
+       library. The C++ and POSIX wrapper functions  support  only  the  8-bit
+       library, and the pcregrep program is at present 8-bit only.
+
+
+AUTHOR
+
+       Philip Hazel
+       University Computing Service
+       Cambridge CB2 3QH, England.
+
+
+REVISION
+
+       Last updated: 12 May 2013
+       Copyright (c) 1997-2013 University of Cambridge.
+------------------------------------------------------------------------------
+
+
+PCREBUILD(3)               Library Functions Manual               PCREBUILD(3)
+
+
+
+NAME
+       PCRE - Perl-compatible regular expressions
+
+BUILDING PCRE
+
+       PCRE  is  distributed with a configure script that can be used to build
+       the library in Unix-like environments using the applications  known  as
+       Autotools.   Also  in  the  distribution  are files to support building
+       using CMake instead of configure. The text file README contains general
+       information  about  building  with Autotools (some of which is repeated
+       below), and also has some comments about building on various  operating
+       systems.  There  is  a lot more information about building PCRE without
+       using Autotools (including information about using CMake  and  building
+       "by  hand")  in  the  text file called NON-AUTOTOOLS-BUILD.  You should
+       consult this file as well as the README file if you are building  in  a
+       non-Unix-like environment.
+
+
+PCRE BUILD-TIME OPTIONS
+
+       The  rest of this document describes the optional features of PCRE that
+       can be selected when the library is compiled. It  assumes  use  of  the
+       configure  script,  where  the  optional features are selected or dese-
+       lected by providing options to configure before running the  make  com-
+       mand.  However,  the same options can be selected in both Unix-like and
+       non-Unix-like environments using the GUI facility of cmake-gui  if  you
+       are using CMake instead of configure to build PCRE.
+
+       If  you  are not using Autotools or CMake, option selection can be done
+       by editing the config.h file, or by passing parameter settings  to  the
+       compiler, as described in NON-AUTOTOOLS-BUILD.
+
+       The complete list of options for configure (which includes the standard
+       ones such as the  selection  of  the  installation  directory)  can  be
+       obtained by running
+
+         ./configure --help
+
+       The  following  sections  include  descriptions  of options whose names
+       begin with --enable or --disable. These settings specify changes to the
+       defaults  for  the configure command. Because of the way that configure
+       works, --enable and --disable always come in pairs, so  the  complemen-
+       tary  option always exists as well, but as it specifies the default, it
+       is not described.
+
+
+BUILDING 8-BIT, 16-BIT AND 32-BIT LIBRARIES
+
+       By default, a library called libpcre  is  built,  containing  functions
+       that  take  string  arguments  contained in vectors of bytes, either as
+       single-byte characters, or interpreted as UTF-8 strings. You  can  also
+       build  a  separate library, called libpcre16, in which strings are con-
+       tained in vectors of 16-bit data units and interpreted either  as  sin-
+       gle-unit characters or UTF-16 strings, by adding
+
+         --enable-pcre16
+
+       to  the  configure  command.  You  can  also build yet another separate
+       library, called libpcre32, in which strings are contained in vectors of
+       32-bit  data  units and interpreted either as single-unit characters or
+       UTF-32 strings, by adding
+
+         --enable-pcre32
+
+       to the configure command. If you do not want the 8-bit library, add
+
+         --disable-pcre8
+
+       as well. At least one of the three libraries must be built.  Note  that
+       the  C++  and  POSIX  wrappers are for the 8-bit library only, and that
+       pcregrep is an 8-bit program. None of these are  built  if  you  select
+       only the 16-bit or 32-bit libraries.
+
+
+BUILDING SHARED AND STATIC LIBRARIES
+
+       The  Autotools  PCRE building process uses libtool to build both shared
+       and static libraries by default. You  can  suppress  one  of  these  by
+       adding one of
+
+         --disable-shared
+         --disable-static
+
+       to the configure command, as required.
+
+
+C++ SUPPORT
+
+       By  default,  if the 8-bit library is being built, the configure script
+       will search for a C++ compiler and C++ header files. If it finds  them,
+       it  automatically  builds  the C++ wrapper library (which supports only
+       8-bit strings). You can disable this by adding
+
+         --disable-cpp
+
+       to the configure command.
+
+
+UTF-8, UTF-16 AND UTF-32 SUPPORT
+
+       To build PCRE with support for UTF Unicode character strings, add
+
+         --enable-utf
+
+       to the configure command. This setting applies to all three  libraries,
+       adding  support  for  UTF-8 to the 8-bit library, support for UTF-16 to
+       the 16-bit library, and  support  for  UTF-32  to  the  to  the  32-bit
+       library.  There  are no separate options for enabling UTF-8, UTF-16 and
+       UTF-32 independently because that would allow ridiculous settings  such
+       as  requesting UTF-16 support while building only the 8-bit library. It
+       is not possible to build one library with UTF support and another with-
+       out  in the same configuration. (For backwards compatibility, --enable-
+       utf8 is a synonym of --enable-utf.)
+
+       Of itself, this setting does not make  PCRE  treat  strings  as  UTF-8,
+       UTF-16  or UTF-32. As well as compiling PCRE with this option, you also
+       have have to set the PCRE_UTF8, PCRE_UTF16  or  PCRE_UTF32  option  (as
+       appropriate) when you call one of the pattern compiling functions.
+
+       If  you  set --enable-utf when compiling in an EBCDIC environment, PCRE
+       expects its input to be either ASCII or UTF-8 (depending  on  the  run-
+       time option). It is not possible to support both EBCDIC and UTF-8 codes
+       in the same version of  the  library.  Consequently,  --enable-utf  and
+       --enable-ebcdic are mutually exclusive.
+
+
+UNICODE CHARACTER PROPERTY SUPPORT
+
+       UTF  support allows the libraries to process character codepoints up to
+       0x10ffff in the strings that they handle. On its own, however, it  does
+       not provide any facilities for accessing the properties of such charac-
+       ters. If you want to be able to use the pattern escapes \P, \p, and \X,
+       which refer to Unicode character properties, you must add
+
+         --enable-unicode-properties
+
+       to  the  configure  command. This implies UTF support, even if you have
+       not explicitly requested it.
+
+       Including Unicode property support adds around 30K  of  tables  to  the
+       PCRE  library.  Only  the general category properties such as Lu and Nd
+       are supported. Details are given in the pcrepattern documentation.
+
+
+JUST-IN-TIME COMPILER SUPPORT
+
+       Just-in-time compiler support is included in the build by specifying
+
+         --enable-jit
+
+       This support is available only for certain hardware  architectures.  If
+       this  option  is  set  for  an unsupported architecture, a compile time
+       error occurs.  See the pcrejit documentation for a  discussion  of  JIT
+       usage. When JIT support is enabled, pcregrep automatically makes use of
+       it, unless you add
+
+         --disable-pcregrep-jit
+
+       to the "configure" command.
+
+
+CODE VALUE OF NEWLINE
+
+       By default, PCRE interprets the linefeed (LF) character  as  indicating
+       the  end  of  a line. This is the normal newline character on Unix-like
+       systems. You can compile PCRE to use carriage return (CR)  instead,  by
+       adding
+
+         --enable-newline-is-cr
+
+       to  the  configure  command.  There  is  also  a --enable-newline-is-lf
+       option, which explicitly specifies linefeed as the newline character.
+
+       Alternatively, you can specify that line endings are to be indicated by
+       the two character sequence CRLF. If you want this, add
+
+         --enable-newline-is-crlf
+
+       to the configure command. There is a fourth option, specified by
+
+         --enable-newline-is-anycrlf
+
+       which  causes  PCRE  to recognize any of the three sequences CR, LF, or
+       CRLF as indicating a line ending. Finally, a fifth option, specified by
+
+         --enable-newline-is-any
+
+       causes PCRE to recognize any Unicode newline sequence.
+
+       Whatever line ending convention is selected when PCRE is built  can  be
+       overridden  when  the library functions are called. At build time it is
+       conventional to use the standard for your operating system.
+
+
+WHAT \R MATCHES
+
+       By default, the sequence \R in a pattern matches  any  Unicode  newline
+       sequence,  whatever  has  been selected as the line ending sequence. If
+       you specify
+
+         --enable-bsr-anycrlf
+
+       the default is changed so that \R matches only CR, LF, or  CRLF.  What-
+       ever  is selected when PCRE is built can be overridden when the library
+       functions are called.
+
+
+POSIX MALLOC USAGE
+
+       When the 8-bit library is called through the POSIX interface  (see  the
+       pcreposix  documentation),  additional  working storage is required for
+       holding the pointers to capturing  substrings,  because  PCRE  requires
+       three integers per substring, whereas the POSIX interface provides only
+       two. If the number of expected substrings is small, the  wrapper  func-
+       tion  uses  space  on the stack, because this is faster than using mal-
+       loc() for each call. The default threshold above which the stack is  no
+       longer used is 10; it can be changed by adding a setting such as
+
+         --with-posix-malloc-threshold=20
+
+       to the configure command.
+
+
+HANDLING VERY LARGE PATTERNS
+
+       Within  a  compiled  pattern,  offset values are used to point from one
+       part to another (for example, from an opening parenthesis to an  alter-
+       nation  metacharacter).  By default, in the 8-bit and 16-bit libraries,
+       two-byte values are used for these offsets, leading to a  maximum  size
+       for  a compiled pattern of around 64K. This is sufficient to handle all
+       but the most gigantic patterns.  Nevertheless, some people do  want  to
+       process  truly  enormous patterns, so it is possible to compile PCRE to
+       use three-byte or four-byte offsets by adding a setting such as
+
+         --with-link-size=3
+
+       to the configure command. The value given must be 2, 3, or 4.  For  the
+       16-bit  library,  a  value of 3 is rounded up to 4. In these libraries,
+       using longer offsets slows down the operation of PCRE because it has to
+       load  additional  data  when  handling them. For the 32-bit library the
+       value is always 4 and cannot be overridden; the value  of  --with-link-
+       size is ignored.
+
+
+AVOIDING EXCESSIVE STACK USAGE
+
+       When matching with the pcre_exec() function, PCRE implements backtrack-
+       ing by making recursive calls to an internal function  called  match().
+       In  environments  where  the size of the stack is limited, this can se-
+       verely limit PCRE's operation. (The Unix environment does  not  usually
+       suffer from this problem, but it may sometimes be necessary to increase
+       the maximum stack size.  There is a discussion in the  pcrestack  docu-
+       mentation.)  An alternative approach to recursion that uses memory from
+       the heap to remember data, instead of using recursive  function  calls,
+       has  been  implemented to work round the problem of limited stack size.
+       If you want to build a version of PCRE that works this way, add
+
+         --disable-stack-for-recursion
+
+       to the configure command. With this configuration, PCRE  will  use  the
+       pcre_stack_malloc  and pcre_stack_free variables to call memory manage-
+       ment functions. By default these point to malloc() and free(), but  you
+       can replace the pointers so that your own functions are used instead.
+
+       Separate  functions  are  provided  rather  than  using pcre_malloc and
+       pcre_free because the  usage  is  very  predictable:  the  block  sizes
+       requested  are  always  the  same,  and  the blocks are always freed in
+       reverse order. A calling program might be able to  implement  optimized
+       functions  that  perform  better  than  malloc()  and free(). PCRE runs
+       noticeably more slowly when built in this way. This option affects only
+       the pcre_exec() function; it is not relevant for pcre_dfa_exec().
+
+
+LIMITING PCRE RESOURCE USAGE
+
+       Internally,  PCRE has a function called match(), which it calls repeat-
+       edly  (sometimes  recursively)  when  matching  a  pattern   with   the
+       pcre_exec()  function.  By controlling the maximum number of times this
+       function may be called during a single matching operation, a limit  can
+       be  placed  on  the resources used by a single call to pcre_exec(). The
+       limit can be changed at run time, as described in the pcreapi  documen-
+       tation.  The default is 10 million, but this can be changed by adding a
+       setting such as
+
+         --with-match-limit=500000
+
+       to  the  configure  command.  This  setting  has  no  effect   on   the
+       pcre_dfa_exec() matching function.
+
+       In  some  environments  it is desirable to limit the depth of recursive
+       calls of match() more strictly than the total number of calls, in order
+       to  restrict  the maximum amount of stack (or heap, if --disable-stack-
+       for-recursion is specified) that is used. A second limit controls this;
+       it  defaults  to  the  value  that is set for --with-match-limit, which
+       imposes no additional constraints. However, you can set a  lower  limit
+       by adding, for example,
+
+         --with-match-limit-recursion=10000
+
+       to  the  configure  command.  This  value can also be overridden at run
+       time.
+
+
+CREATING CHARACTER TABLES AT BUILD TIME
+
+       PCRE uses fixed tables for processing characters whose code values  are
+       less  than 256. By default, PCRE is built with a set of tables that are
+       distributed in the file pcre_chartables.c.dist. These  tables  are  for
+       ASCII codes only. If you add
+
+         --enable-rebuild-chartables
+
+       to  the  configure  command, the distributed tables are no longer used.
+       Instead, a program called dftables is compiled and  run.  This  outputs
+       the source for new set of tables, created in the default locale of your
+       C run-time system. (This method of replacing the tables does  not  work
+       if  you are cross compiling, because dftables is run on the local host.
+       If you need to create alternative tables when cross compiling, you will
+       have to do so "by hand".)
+
+
+USING EBCDIC CODE
+
+       PCRE  assumes  by  default that it will run in an environment where the
+       character code is ASCII (or Unicode, which is  a  superset  of  ASCII).
+       This  is  the  case for most computer operating systems. PCRE can, how-
+       ever, be compiled to run in an EBCDIC environment by adding
+
+         --enable-ebcdic
+
+       to the configure command. This setting implies --enable-rebuild-charta-
+       bles.  You  should  only  use  it if you know that you are in an EBCDIC
+       environment (for example,  an  IBM  mainframe  operating  system).  The
+       --enable-ebcdic option is incompatible with --enable-utf.
+
+       The EBCDIC character that corresponds to an ASCII LF is assumed to have
+       the value 0x15 by default. However, in some EBCDIC  environments,  0x25
+       is used. In such an environment you should use
+
+         --enable-ebcdic-nl25
+
+       as well as, or instead of, --enable-ebcdic. The EBCDIC character for CR
+       has the same value as in ASCII, namely, 0x0d.  Whichever  of  0x15  and
+       0x25 is not chosen as LF is made to correspond to the Unicode NEL char-
+       acter (which, in Unicode, is 0x85).
+
+       The options that select newline behaviour, such as --enable-newline-is-
+       cr, and equivalent run-time options, refer to these character values in
+       an EBCDIC environment.
+
+
+PCREGREP OPTIONS FOR COMPRESSED FILE SUPPORT
+
+       By default, pcregrep reads all files as plain text. You can build it so
+       that it recognizes files whose names end in .gz or .bz2, and reads them
+       with libz or libbz2, respectively, by adding one or both of
+
+         --enable-pcregrep-libz
+         --enable-pcregrep-libbz2
+
+       to the configure command. These options naturally require that the rel-
+       evant  libraries  are installed on your system. Configuration will fail
+       if they are not.
+
+
+PCREGREP BUFFER SIZE
+
+       pcregrep uses an internal buffer to hold a "window" on the file  it  is
+       scanning, in order to be able to output "before" and "after" lines when
+       it finds a match. The size of the buffer is controlled by  a  parameter
+       whose default value is 20K. The buffer itself is three times this size,
+       but because of the way it is used for holding "before" lines, the long-
+       est  line  that  is guaranteed to be processable is the parameter size.
+       You can change the default parameter value by adding, for example,
+
+         --with-pcregrep-bufsize=50K
+
+       to the configure command. The caller of pcregrep can, however, override
+       this value by specifying a run-time option.
+
+
+PCRETEST OPTION FOR LIBREADLINE SUPPORT
+
+       If you add
+
+         --enable-pcretest-libreadline
+
+       to  the  configure  command,  pcretest  is  linked with the libreadline
+       library, and when its input is from a terminal, it reads it  using  the
+       readline() function. This provides line-editing and history facilities.
+       Note that libreadline is GPL-licensed, so if you distribute a binary of
+       pcretest linked in this way, there may be licensing issues.
+
+       Setting  this  option  causes  the -lreadline option to be added to the
+       pcretest build. In many operating environments with  a  sytem-installed
+       libreadline this is sufficient. However, in some environments (e.g.  if
+       an unmodified distribution version of readline is in use),  some  extra
+       configuration  may  be necessary. The INSTALL file for libreadline says
+       this:
+
+         "Readline uses the termcap functions, but does not link with the
+         termcap or curses library itself, allowing applications which link
+         with readline the to choose an appropriate library."
+
+       If your environment has not been set up so that an appropriate  library
+       is automatically included, you may need to add something like
+
+         LIBS="-ncurses"
+
+       immediately before the configure command.
+
+
+DEBUGGING WITH VALGRIND SUPPORT
+
+       By adding the
+
+         --enable-valgrind
+
+       option  to to the configure command, PCRE will use valgrind annotations
+       to mark certain memory regions as  unaddressable.  This  allows  it  to
+       detect invalid memory accesses, and is mostly useful for debugging PCRE
+       itself.
+
+
+CODE COVERAGE REPORTING
+
+       If your C compiler is gcc, you can build a version  of  PCRE  that  can
+       generate a code coverage report for its test suite. To enable this, you
+       must install lcov version 1.6 or above. Then specify
+
+         --enable-coverage
+
+       to the configure command and build PCRE in the usual way.
+
+       Note that using ccache (a caching C compiler) is incompatible with code
+       coverage  reporting. If you have configured ccache to run automatically
+       on your system, you must set the environment variable
+
+         CCACHE_DISABLE=1
+
+       before running make to build PCRE, so that ccache is not used.
+
+       When --enable-coverage is used,  the  following  addition  targets  are
+       added to the Makefile:
+
+         make coverage
+
+       This  creates  a  fresh  coverage report for the PCRE test suite. It is
+       equivalent to running "make coverage-reset", "make  coverage-baseline",
+       "make check", and then "make coverage-report".
+
+         make coverage-reset
+
+       This zeroes the coverage counters, but does nothing else.
+
+         make coverage-baseline
+
+       This captures baseline coverage information.
+
+         make coverage-report
+
+       This creates the coverage report.
+
+         make coverage-clean-report
+
+       This  removes the generated coverage report without cleaning the cover-
+       age data itself.
+
+         make coverage-clean-data
+
+       This removes the captured coverage data without removing  the  coverage
+       files created at compile time (*.gcno).
+
+         make coverage-clean
+
+       This  cleans all coverage data including the generated coverage report.
+       For more information about code coverage, see the gcov and  lcov  docu-
+       mentation.
+
+
+SEE ALSO
+
+       pcreapi(3), pcre16, pcre32, pcre_config(3).
+
+
+AUTHOR
+
+       Philip Hazel
+       University Computing Service
+       Cambridge CB2 3QH, England.
+
+
+REVISION
+
+       Last updated: 12 May 2013
+       Copyright (c) 1997-2013 University of Cambridge.
+------------------------------------------------------------------------------
+
+
+PCREMATCHING(3)            Library Functions Manual            PCREMATCHING(3)
+
+
+
+NAME
+       PCRE - Perl-compatible regular expressions
+
+PCRE MATCHING ALGORITHMS
+
+       This document describes the two different algorithms that are available
+       in PCRE for matching a compiled regular expression against a given sub-
+       ject  string.  The  "standard"  algorithm  is  the  one provided by the
+       pcre_exec(), pcre16_exec() and pcre32_exec() functions. These  work  in
+       the  same as as Perl's matching function, and provide a Perl-compatible
+       matching  operation.   The  just-in-time  (JIT)  optimization  that  is
+       described  in  the pcrejit documentation is compatible with these func-
+       tions.
+
+       An  alternative  algorithm  is   provided   by   the   pcre_dfa_exec(),
+       pcre16_dfa_exec()  and  pcre32_dfa_exec()  functions; they operate in a
+       different way, and are not Perl-compatible. This alternative has advan-
+       tages and disadvantages compared with the standard algorithm, and these
+       are described below.
+
+       When there is only one possible way in which a given subject string can
+       match  a pattern, the two algorithms give the same answer. A difference
+       arises, however, when there are multiple possibilities. For example, if
+       the pattern
+
+         ^<.*>
+
+       is matched against the string
+
+         <something> <something else> <something further>
+
+       there are three possible answers. The standard algorithm finds only one
+       of them, whereas the alternative algorithm finds all three.
+
+
+REGULAR EXPRESSIONS AS TREES
+
+       The set of strings that are matched by a regular expression can be rep-
+       resented  as  a  tree structure. An unlimited repetition in the pattern
+       makes the tree of infinite size, but it is still a tree.  Matching  the
+       pattern  to a given subject string (from a given starting point) can be
+       thought of as a search of the tree.  There are two  ways  to  search  a
+       tree:  depth-first  and  breadth-first, and these correspond to the two
+       matching algorithms provided by PCRE.
+
+
+THE STANDARD MATCHING ALGORITHM
+
+       In the terminology of Jeffrey Friedl's book "Mastering Regular  Expres-
+       sions",  the  standard  algorithm  is an "NFA algorithm". It conducts a
+       depth-first search of the pattern tree. That is, it  proceeds  along  a
+       single path through the tree, checking that the subject matches what is
+       required. When there is a mismatch, the algorithm  tries  any  alterna-
+       tives  at  the  current point, and if they all fail, it backs up to the
+       previous branch point in the  tree,  and  tries  the  next  alternative
+       branch  at  that  level.  This often involves backing up (moving to the
+       left) in the subject string as well.  The  order  in  which  repetition
+       branches  are  tried  is controlled by the greedy or ungreedy nature of
+       the quantifier.
+
+       If a leaf node is reached, a matching string has  been  found,  and  at
+       that  point the algorithm stops. Thus, if there is more than one possi-
+       ble match, this algorithm returns the first one that it finds.  Whether
+       this  is the shortest, the longest, or some intermediate length depends
+       on the way the greedy and ungreedy repetition quantifiers are specified
+       in the pattern.
+
+       Because  it  ends  up  with a single path through the tree, it is rela-
+       tively straightforward for this algorithm to keep  track  of  the  sub-
+       strings  that  are  matched  by portions of the pattern in parentheses.
+       This provides support for capturing parentheses and back references.
+
+
+THE ALTERNATIVE MATCHING ALGORITHM
+
+       This algorithm conducts a breadth-first search of  the  tree.  Starting
+       from  the  first  matching  point  in the subject, it scans the subject
+       string from left to right, once, character by character, and as it does
+       this,  it remembers all the paths through the tree that represent valid
+       matches. In Friedl's terminology, this is a kind  of  "DFA  algorithm",
+       though  it is not implemented as a traditional finite state machine (it
+       keeps multiple states active simultaneously).
+
+       Although the general principle of this matching algorithm  is  that  it
+       scans  the subject string only once, without backtracking, there is one
+       exception: when a lookaround assertion is encountered,  the  characters
+       following  or  preceding  the  current  point  have to be independently
+       inspected.
+
+       The scan continues until either the end of the subject is  reached,  or
+       there  are  no more unterminated paths. At this point, terminated paths
+       represent the different matching possibilities (if there are none,  the
+       match  has  failed).   Thus,  if there is more than one possible match,
+       this algorithm finds all of them, and in particular, it finds the long-
+       est.  The  matches are returned in decreasing order of length. There is
+       an option to stop the algorithm after the first match (which is  neces-
+       sarily the shortest) is found.
+
+       Note that all the matches that are found start at the same point in the
+       subject. If the pattern
+
+         cat(er(pillar)?)?
+
+       is matched against the string "the caterpillar catchment",  the  result
+       will  be the three strings "caterpillar", "cater", and "cat" that start
+       at the fifth character of the subject. The algorithm does not automati-
+       cally move on to find matches that start at later positions.
+
+       PCRE's  "auto-possessification" optimization usually applies to charac-
+       ter repeats at the end of a pattern (as well as internally). For  exam-
+       ple, the pattern "a\d+" is compiled as if it were "a\d++" because there
+       is no point even considering the possibility of backtracking  into  the
+       repeated  digits.  For  DFA matching, this means that only one possible
+       match is found. If you really do want multiple matches in  such  cases,
+       either use an ungreedy repeat ("a\d+?") or set the PCRE_NO_AUTO_POSSESS
+       option when compiling.
+
+       There are a number of features of PCRE regular expressions that are not
+       supported by the alternative matching algorithm. They are as follows:
+
+       1.  Because  the  algorithm  finds  all possible matches, the greedy or
+       ungreedy nature of repetition quantifiers is not relevant.  Greedy  and
+       ungreedy quantifiers are treated in exactly the same way. However, pos-
+       sessive quantifiers can make a difference when what follows could  also
+       match what is quantified, for example in a pattern like this:
+
+         ^a++\w!
+
+       This  pattern matches "aaab!" but not "aaa!", which would be matched by
+       a non-possessive quantifier. Similarly, if an atomic group is  present,
+       it  is matched as if it were a standalone pattern at the current point,
+       and the longest match is then "locked in" for the rest of  the  overall
+       pattern.
+
+       2. When dealing with multiple paths through the tree simultaneously, it
+       is not straightforward to keep track of  captured  substrings  for  the
+       different  matching  possibilities,  and  PCRE's implementation of this
+       algorithm does not attempt to do this. This means that no captured sub-
+       strings are available.
+
+       3.  Because no substrings are captured, back references within the pat-
+       tern are not supported, and cause errors if encountered.
+
+       4. For the same reason, conditional expressions that use  a  backrefer-
+       ence  as  the  condition or test for a specific group recursion are not
+       supported.
+
+       5. Because many paths through the tree may be  active,  the  \K  escape
+       sequence, which resets the start of the match when encountered (but may
+       be on some paths and not on others), is not  supported.  It  causes  an
+       error if encountered.
+
+       6.  Callouts  are  supported, but the value of the capture_top field is
+       always 1, and the value of the capture_last field is always -1.
+
+       7. The \C escape sequence, which (in  the  standard  algorithm)  always
+       matches  a  single data unit, even in UTF-8, UTF-16 or UTF-32 modes, is
+       not supported in these modes, because the alternative  algorithm  moves
+       through the subject string one character (not data unit) at a time, for
+       all active paths through the tree.
+
+       8. Except for (*FAIL), the backtracking control verbs such as  (*PRUNE)
+       are  not  supported.  (*FAIL)  is supported, and behaves like a failing
+       negative assertion.
+
+
+ADVANTAGES OF THE ALTERNATIVE ALGORITHM
+
+       Using the alternative matching algorithm provides the following  advan-
+       tages:
+
+       1. All possible matches (at a single point in the subject) are automat-
+       ically found, and in particular, the longest match is  found.  To  find
+       more than one match using the standard algorithm, you have to do kludgy
+       things with callouts.
+
+       2. Because the alternative algorithm  scans  the  subject  string  just
+       once, and never needs to backtrack (except for lookbehinds), it is pos-
+       sible to pass very long subject strings to  the  matching  function  in
+       several pieces, checking for partial matching each time. Although it is
+       possible to do multi-segment matching using the standard  algorithm  by
+       retaining  partially  matched  substrings,  it is more complicated. The
+       pcrepartial documentation gives details of partial  matching  and  dis-
+       cusses multi-segment matching.
+
+
+DISADVANTAGES OF THE ALTERNATIVE ALGORITHM
+
+       The alternative algorithm suffers from a number of disadvantages:
+
+       1.  It  is  substantially  slower  than the standard algorithm. This is
+       partly because it has to search for all possible matches, but  is  also
+       because it is less susceptible to optimization.
+
+       2. Capturing parentheses and back references are not supported.
+
+       3. Although atomic groups are supported, their use does not provide the
+       performance advantage that it does for the standard algorithm.
+
+
+AUTHOR
+
+       Philip Hazel
+       University Computing Service
+       Cambridge CB2 3QH, England.
+
+
+REVISION
+
+       Last updated: 12 November 2013
+       Copyright (c) 1997-2012 University of Cambridge.
+------------------------------------------------------------------------------
+
+
+PCREAPI(3)                 Library Functions Manual                 PCREAPI(3)
+
+
+
+NAME
+       PCRE - Perl-compatible regular expressions
+
+       #include <pcre.h>
+
+
+PCRE NATIVE API BASIC FUNCTIONS
+
+       pcre *pcre_compile(const char *pattern, int options,
+            const char **errptr, int *erroffset,
+            const unsigned char *tableptr);
+
+       pcre *pcre_compile2(const char *pattern, int options,
+            int *errorcodeptr,
+            const char **errptr, int *erroffset,
+            const unsigned char *tableptr);
+
+       pcre_extra *pcre_study(const pcre *code, int options,
+            const char **errptr);
+
+       void pcre_free_study(pcre_extra *extra);
+
+       int pcre_exec(const pcre *code, const pcre_extra *extra,
+            const char *subject, int length, int startoffset,
+            int options, int *ovector, int ovecsize);
+
+       int pcre_dfa_exec(const pcre *code, const pcre_extra *extra,
+            const char *subject, int length, int startoffset,
+            int options, int *ovector, int ovecsize,
+            int *workspace, int wscount);
+
+
+PCRE NATIVE API STRING EXTRACTION FUNCTIONS
+
+       int pcre_copy_named_substring(const pcre *code,
+            const char *subject, int *ovector,
+            int stringcount, const char *stringname,
+            char *buffer, int buffersize);
+
+       int pcre_copy_substring(const char *subject, int *ovector,
+            int stringcount, int stringnumber, char *buffer,
+            int buffersize);
+
+       int pcre_get_named_substring(const pcre *code,
+            const char *subject, int *ovector,
+            int stringcount, const char *stringname,
+            const char **stringptr);
+
+       int pcre_get_stringnumber(const pcre *code,
+            const char *name);
+
+       int pcre_get_stringtable_entries(const pcre *code,
+            const char *name, char **first, char **last);
+
+       int pcre_get_substring(const char *subject, int *ovector,
+            int stringcount, int stringnumber,
+            const char **stringptr);
+
+       int pcre_get_substring_list(const char *subject,
+            int *ovector, int stringcount, const char ***listptr);
+
+       void pcre_free_substring(const char *stringptr);
+
+       void pcre_free_substring_list(const char **stringptr);
+
+
+PCRE NATIVE API AUXILIARY FUNCTIONS
+
+       int pcre_jit_exec(const pcre *code, const pcre_extra *extra,
+            const char *subject, int length, int startoffset,
+            int options, int *ovector, int ovecsize,
+            pcre_jit_stack *jstack);
+
+       pcre_jit_stack *pcre_jit_stack_alloc(int startsize, int maxsize);
+
+       void pcre_jit_stack_free(pcre_jit_stack *stack);
+
+       void pcre_assign_jit_stack(pcre_extra *extra,
+            pcre_jit_callback callback, void *data);
+
+       const unsigned char *pcre_maketables(void);
+
+       int pcre_fullinfo(const pcre *code, const pcre_extra *extra,
+            int what, void *where);
+
+       int pcre_refcount(pcre *code, int adjust);
+
+       int pcre_config(int what, void *where);
+
+       const char *pcre_version(void);
+
+       int pcre_pattern_to_host_byte_order(pcre *code,
+            pcre_extra *extra, const unsigned char *tables);
+
+
+PCRE NATIVE API INDIRECTED FUNCTIONS
+
+       void *(*pcre_malloc)(size_t);
+
+       void (*pcre_free)(void *);
+
+       void *(*pcre_stack_malloc)(size_t);
+
+       void (*pcre_stack_free)(void *);
+
+       int (*pcre_callout)(pcre_callout_block *);
+
+       int (*pcre_stack_guard)(void);
+
+
+PCRE 8-BIT, 16-BIT, AND 32-BIT LIBRARIES
+
+       As  well  as  support  for  8-bit character strings, PCRE also supports
+       16-bit strings (from release 8.30) and  32-bit  strings  (from  release
+       8.32),  by means of two additional libraries. They can be built as well
+       as, or instead of, the 8-bit library. To avoid too  much  complication,
+       this  document describes the 8-bit versions of the functions, with only
+       occasional references to the 16-bit and 32-bit libraries.
+
+       The 16-bit and 32-bit functions operate in the same way as their  8-bit
+       counterparts;  they  just  use different data types for their arguments
+       and results, and their names start with pcre16_ or pcre32_  instead  of
+       pcre_.  For  every  option  that  has  UTF8  in  its name (for example,
+       PCRE_UTF8), there are corresponding 16-bit and 32-bit names  with  UTF8
+       replaced by UTF16 or UTF32, respectively. This facility is in fact just
+       cosmetic; the 16-bit and 32-bit option names define the same  bit  val-
+       ues.
+
+       References to bytes and UTF-8 in this document should be read as refer-
+       ences to 16-bit data units and UTF-16 when using the 16-bit library, or
+       32-bit  data  units  and  UTF-32  when using the 32-bit library, unless
+       specified otherwise.  More details of the specific differences for  the
+       16-bit and 32-bit libraries are given in the pcre16 and pcre32 pages.
+
+
+PCRE API OVERVIEW
+
+       PCRE has its own native API, which is described in this document. There
+       are also some wrapper functions (for the 8-bit library only) that  cor-
+       respond  to  the  POSIX  regular  expression  API, but they do not give
+       access to all the functionality. They are described  in  the  pcreposix
+       documentation.  Both  of these APIs define a set of C function calls. A
+       C++ wrapper (again for the 8-bit library only) is also distributed with
+       PCRE. It is documented in the pcrecpp page.
+
+       The  native  API  C  function prototypes are defined in the header file
+       pcre.h, and on Unix-like systems the (8-bit) library itself  is  called
+       libpcre.  It  can  normally be accessed by adding -lpcre to the command
+       for linking an application that uses PCRE. The header file defines  the
+       macros PCRE_MAJOR and PCRE_MINOR to contain the major and minor release
+       numbers for the library. Applications can use these to include  support
+       for different releases of PCRE.
+
+       In a Windows environment, if you want to statically link an application
+       program against a non-dll pcre.a  file,  you  must  define  PCRE_STATIC
+       before  including  pcre.h or pcrecpp.h, because otherwise the pcre_mal-
+       loc()   and   pcre_free()   exported   functions   will   be   declared
+       __declspec(dllimport), with unwanted results.
+
+       The   functions   pcre_compile(),  pcre_compile2(),  pcre_study(),  and
+       pcre_exec() are used for compiling and matching regular expressions  in
+       a  Perl-compatible  manner. A sample program that demonstrates the sim-
+       plest way of using them is provided in the file  called  pcredemo.c  in
+       the PCRE source distribution. A listing of this program is given in the
+       pcredemo documentation, and the pcresample documentation describes  how
+       to compile and run it.
+
+       Just-in-time  compiler  support is an optional feature of PCRE that can
+       be built in appropriate hardware environments. It greatly speeds up the
+       matching  performance  of  many  patterns.  Simple  programs can easily
+       request that it be used if available, by  setting  an  option  that  is
+       ignored  when  it is not relevant. More complicated programs might need
+       to    make    use    of    the    functions     pcre_jit_stack_alloc(),
+       pcre_jit_stack_free(),  and pcre_assign_jit_stack() in order to control
+       the JIT code's memory usage.
+
+       From release 8.32 there is also a direct interface for  JIT  execution,
+       which  gives  improved performance. The JIT-specific functions are dis-
+       cussed in the pcrejit documentation.
+
+       A second matching function, pcre_dfa_exec(), which is not Perl-compati-
+       ble,  is  also provided. This uses a different algorithm for the match-
+       ing. The alternative algorithm finds all possible matches (at  a  given
+       point  in  the  subject), and scans the subject just once (unless there
+       are lookbehind assertions). However, this  algorithm  does  not  return
+       captured  substrings.  A description of the two matching algorithms and
+       their advantages and disadvantages is given in the  pcrematching  docu-
+       mentation.
+
+       In  addition  to  the  main compiling and matching functions, there are
+       convenience functions for extracting captured substrings from a subject
+       string that is matched by pcre_exec(). They are:
+
+         pcre_copy_substring()
+         pcre_copy_named_substring()
+         pcre_get_substring()
+         pcre_get_named_substring()
+         pcre_get_substring_list()
+         pcre_get_stringnumber()
+         pcre_get_stringtable_entries()
+
+       pcre_free_substring() and pcre_free_substring_list() are also provided,
+       to free the memory used for extracted strings.
+
+       The function pcre_maketables() is used to  build  a  set  of  character
+       tables   in   the   current   locale  for  passing  to  pcre_compile(),
+       pcre_exec(), or pcre_dfa_exec(). This is an optional facility  that  is
+       provided  for  specialist  use.  Most  commonly,  no special tables are
+       passed, in which case internal tables that are generated when  PCRE  is
+       built are used.
+
+       The  function  pcre_fullinfo()  is used to find out information about a
+       compiled pattern. The function pcre_version() returns a  pointer  to  a
+       string containing the version of PCRE and its date of release.
+
+       The  function  pcre_refcount()  maintains  a  reference count in a data
+       block containing a compiled pattern. This is provided for  the  benefit
+       of object-oriented applications.
+
+       The  global  variables  pcre_malloc and pcre_free initially contain the
+       entry points of the standard malloc()  and  free()  functions,  respec-
+       tively. PCRE calls the memory management functions via these variables,
+       so a calling program can replace them if it  wishes  to  intercept  the
+       calls. This should be done before calling any PCRE functions.
+
+       The  global  variables  pcre_stack_malloc  and pcre_stack_free are also
+       indirections to memory management functions.  These  special  functions
+       are  used  only  when  PCRE is compiled to use the heap for remembering
+       data, instead of recursive function calls, when running the pcre_exec()
+       function.  See  the  pcrebuild  documentation  for details of how to do
+       this. It is a non-standard way of building PCRE, for  use  in  environ-
+       ments  that  have  limited stacks. Because of the greater use of memory
+       management, it runs more slowly. Separate  functions  are  provided  so
+       that  special-purpose  external  code  can  be used for this case. When
+       used, these functions always allocate memory blocks of the  same  size.
+       There  is  a discussion about PCRE's stack usage in the pcrestack docu-
+       mentation.
+
+       The global variable pcre_callout initially contains NULL. It can be set
+       by  the  caller  to  a "callout" function, which PCRE will then call at
+       specified points during a matching operation. Details are given in  the
+       pcrecallout documentation.
+
+       The global variable pcre_stack_guard initially contains NULL. It can be
+       set by the caller to a function that is  called  by  PCRE  whenever  it
+       starts  to  compile a parenthesized part of a pattern. When parentheses
+       are nested, PCRE uses recursive function calls, which use up the system
+       stack.  This  function is provided so that applications with restricted
+       stacks can force a compilation error if the stack runs out.  The  func-
+       tion should return zero if all is well, or non-zero to force an error.
+
+
+NEWLINES
+
+       PCRE  supports five different conventions for indicating line breaks in
+       strings: a single CR (carriage return) character, a  single  LF  (line-
+       feed) character, the two-character sequence CRLF, any of the three pre-
+       ceding, or any Unicode newline sequence. The Unicode newline  sequences
+       are  the  three just mentioned, plus the single characters VT (vertical
+       tab, U+000B), FF (form feed, U+000C), NEL (next line, U+0085), LS (line
+       separator, U+2028), and PS (paragraph separator, U+2029).
+
+       Each  of  the first three conventions is used by at least one operating
+       system as its standard newline sequence. When PCRE is built, a  default
+       can  be  specified.  The default default is LF, which is the Unix stan-
+       dard. When PCRE is run, the default can be overridden,  either  when  a
+       pattern is compiled, or when it is matched.
+
+       At compile time, the newline convention can be specified by the options
+       argument of pcre_compile(), or it can be specified by special  text  at
+       the start of the pattern itself; this overrides any other settings. See
+       the pcrepattern page for details of the special character sequences.
+
+       In the PCRE documentation the word "newline" is used to mean "the char-
+       acter  or pair of characters that indicate a line break". The choice of
+       newline convention affects the handling of  the  dot,  circumflex,  and
+       dollar metacharacters, the handling of #-comments in /x mode, and, when
+       CRLF is a recognized line ending sequence, the match position  advance-
+       ment for a non-anchored pattern. There is more detail about this in the
+       section on pcre_exec() options below.
+
+       The choice of newline convention does not affect the interpretation  of
+       the  \n  or  \r  escape  sequences, nor does it affect what \R matches,
+       which is controlled in a similar way, but by separate options.
+
+
+MULTITHREADING
+
+       The PCRE functions can be used in  multi-threading  applications,  with
+       the  proviso  that  the  memory  management  functions  pointed  to  by
+       pcre_malloc, pcre_free, pcre_stack_malloc, and pcre_stack_free, and the
+       callout  and  stack-checking  functions  pointed to by pcre_callout and
+       pcre_stack_guard, are shared by all threads.
+
+       The compiled form of a regular expression is not altered during  match-
+       ing, so the same compiled pattern can safely be used by several threads
+       at once.
+
+       If the just-in-time optimization feature is being used, it needs  sepa-
+       rate  memory stack areas for each thread. See the pcrejit documentation
+       for more details.
+
+
+SAVING PRECOMPILED PATTERNS FOR LATER USE
+
+       The compiled form of a regular expression can be saved and re-used at a
+       later  time,  possibly by a different program, and even on a host other
+       than the one on which  it  was  compiled.  Details  are  given  in  the
+       pcreprecompile  documentation,  which  includes  a  description  of the
+       pcre_pattern_to_host_byte_order() function. However, compiling a  regu-
+       lar  expression  with one version of PCRE for use with a different ver-
+       sion is not guaranteed to work and may cause crashes.
+
+
+CHECKING BUILD-TIME OPTIONS
+
+       int pcre_config(int what, void *where);
+
+       The function pcre_config() makes it possible for a PCRE client to  dis-
+       cover which optional features have been compiled into the PCRE library.
+       The pcrebuild documentation has more details about these optional  fea-
+       tures.
+
+       The  first  argument  for pcre_config() is an integer, specifying which
+       information is required; the second argument is a pointer to a variable
+       into  which  the  information  is placed. The returned value is zero on
+       success, or the negative error code PCRE_ERROR_BADOPTION if  the  value
+       in  the  first argument is not recognized. The following information is
+       available:
+
+         PCRE_CONFIG_UTF8
+
+       The output is an integer that is set to one if UTF-8 support is  avail-
+       able;  otherwise it is set to zero. This value should normally be given
+       to the 8-bit version of this function, pcre_config(). If it is given to
+       the   16-bit  or  32-bit  version  of  this  function,  the  result  is
+       PCRE_ERROR_BADOPTION.
+
+         PCRE_CONFIG_UTF16
+
+       The output is an integer that is set to one if UTF-16 support is avail-
+       able;  otherwise it is set to zero. This value should normally be given
+       to the 16-bit version of this function, pcre16_config(). If it is given
+       to  the  8-bit  or  32-bit  version  of  this  function,  the result is
+       PCRE_ERROR_BADOPTION.
+
+         PCRE_CONFIG_UTF32
+
+       The output is an integer that is set to one if UTF-32 support is avail-
+       able;  otherwise it is set to zero. This value should normally be given
+       to the 32-bit version of this function, pcre32_config(). If it is given
+       to  the  8-bit  or  16-bit  version  of  this  function,  the result is
+       PCRE_ERROR_BADOPTION.
+
+         PCRE_CONFIG_UNICODE_PROPERTIES
+
+       The output is an integer that is set to  one  if  support  for  Unicode
+       character properties is available; otherwise it is set to zero.
+
+         PCRE_CONFIG_JIT
+
+       The output is an integer that is set to one if support for just-in-time
+       compiling is available; otherwise it is set to zero.
+
+         PCRE_CONFIG_JITTARGET
+
+       The output is a pointer to a zero-terminated "const char *" string.  If
+       JIT support is available, the string contains the name of the architec-
+       ture for which the JIT compiler is configured, for example  "x86  32bit
+       (little  endian  +  unaligned)".  If  JIT support is not available, the
+       result is NULL.
+
+         PCRE_CONFIG_NEWLINE
+
+       The output is an integer whose value specifies  the  default  character
+       sequence  that  is recognized as meaning "newline". The values that are
+       supported in ASCII/Unicode environments are: 10 for LF, 13 for CR, 3338
+       for  CRLF,  -2 for ANYCRLF, and -1 for ANY. In EBCDIC environments, CR,
+       ANYCRLF, and ANY yield the same values. However, the value  for  LF  is
+       normally  21, though some EBCDIC environments use 37. The corresponding
+       values for CRLF are 3349 and 3365. The default should  normally  corre-
+       spond to the standard sequence for your operating system.
+
+         PCRE_CONFIG_BSR
+
+       The output is an integer whose value indicates what character sequences
+       the \R escape sequence matches by default. A value of 0 means  that  \R
+       matches  any  Unicode  line ending sequence; a value of 1 means that \R
+       matches only CR, LF, or CRLF. The default can be overridden when a pat-
+       tern is compiled or matched.
+
+         PCRE_CONFIG_LINK_SIZE
+
+       The  output  is  an  integer that contains the number of bytes used for
+       internal  linkage  in  compiled  regular  expressions.  For  the  8-bit
+       library, the value can be 2, 3, or 4. For the 16-bit library, the value
+       is either 2 or 4 and is  still  a  number  of  bytes.  For  the  32-bit
+       library, the value is either 2 or 4 and is still a number of bytes. The
+       default value of 2 is sufficient for all but the most massive patterns,
+       since  it  allows  the compiled pattern to be up to 64K in size. Larger
+       values allow larger regular expressions to be compiled, at the  expense
+       of slower matching.
+
+         PCRE_CONFIG_POSIX_MALLOC_THRESHOLD
+
+       The  output  is  an integer that contains the threshold above which the
+       POSIX interface uses malloc() for output vectors. Further  details  are
+       given in the pcreposix documentation.
+
+         PCRE_CONFIG_PARENS_LIMIT
+
+       The output is a long integer that gives the maximum depth of nesting of
+       parentheses (of any kind) in a pattern. This limit is  imposed  to  cap
+       the amount of system stack used when a pattern is compiled. It is spec-
+       ified when PCRE is built; the default is 250. This limit does not  take
+       into account the stack that may already be used by the calling applica-
+       tion. For finer control over compilation stack usage,  you  can  set  a
+       pointer to an external checking function in pcre_stack_guard.
+
+         PCRE_CONFIG_MATCH_LIMIT
+
+       The  output is a long integer that gives the default limit for the num-
+       ber of internal matching function calls  in  a  pcre_exec()  execution.
+       Further details are given with pcre_exec() below.
+
+         PCRE_CONFIG_MATCH_LIMIT_RECURSION
+
+       The output is a long integer that gives the default limit for the depth
+       of  recursion  when  calling  the  internal  matching  function  in   a
+       pcre_exec()  execution.  Further  details  are  given  with pcre_exec()
+       below.
+
+         PCRE_CONFIG_STACKRECURSE
+
+       The output is an integer that is set to one if internal recursion  when
+       running pcre_exec() is implemented by recursive function calls that use
+       the stack to remember their state. This is the usual way that  PCRE  is
+       compiled. The output is zero if PCRE was compiled to use blocks of data
+       on the  heap  instead  of  recursive  function  calls.  In  this  case,
+       pcre_stack_malloc  and  pcre_stack_free  are  called  to  manage memory
+       blocks on the heap, thus avoiding the use of the stack.
+
+
+COMPILING A PATTERN
+
+       pcre *pcre_compile(const char *pattern, int options,
+            const char **errptr, int *erroffset,
+            const unsigned char *tableptr);
+
+       pcre *pcre_compile2(const char *pattern, int options,
+            int *errorcodeptr,
+            const char **errptr, int *erroffset,
+            const unsigned char *tableptr);
+
+       Either of the functions pcre_compile() or pcre_compile2() can be called
+       to compile a pattern into an internal form. The only difference between
+       the two interfaces is that pcre_compile2() has an additional  argument,
+       errorcodeptr,  via  which  a  numerical  error code can be returned. To
+       avoid too much repetition, we refer just to pcre_compile()  below,  but
+       the information applies equally to pcre_compile2().
+
+       The pattern is a C string terminated by a binary zero, and is passed in
+       the pattern argument. A pointer to a single block  of  memory  that  is
+       obtained  via  pcre_malloc is returned. This contains the compiled code
+       and related data. The pcre type is defined for the returned block; this
+       is a typedef for a structure whose contents are not externally defined.
+       It is up to the caller to free the memory (via pcre_free) when it is no
+       longer required.
+
+       Although  the compiled code of a PCRE regex is relocatable, that is, it
+       does not depend on memory location, the complete pcre data block is not
+       fully  relocatable, because it may contain a copy of the tableptr argu-
+       ment, which is an address (see below).
+
+       The options argument contains various bit settings that affect the com-
+       pilation.  It  should be zero if no options are required. The available
+       options are described below. Some of them (in  particular,  those  that
+       are  compatible with Perl, but some others as well) can also be set and
+       unset from within the pattern (see  the  detailed  description  in  the
+       pcrepattern  documentation). For those options that can be different in
+       different parts of the pattern, the contents of  the  options  argument
+       specifies their settings at the start of compilation and execution. The
+       PCRE_ANCHORED, PCRE_BSR_xxx, PCRE_NEWLINE_xxx, PCRE_NO_UTF8_CHECK,  and
+       PCRE_NO_START_OPTIMIZE  options  can  be set at the time of matching as
+       well as at compile time.
+
+       If errptr is NULL, pcre_compile() returns NULL immediately.  Otherwise,
+       if  compilation  of  a  pattern fails, pcre_compile() returns NULL, and
+       sets the variable pointed to by errptr to point to a textual error mes-
+       sage. This is a static string that is part of the library. You must not
+       try to free it. Normally, the offset from the start of the  pattern  to
+       the data unit that was being processed when the error was discovered is
+       placed in the variable pointed to by erroffset, which must not be  NULL
+       (if  it is, an immediate error is given). However, for an invalid UTF-8
+       or UTF-16 string, the offset is that of the  first  data  unit  of  the
+       failing character.
+
+       Some  errors are not detected until the whole pattern has been scanned;
+       in these cases, the offset passed back is the length  of  the  pattern.
+       Note  that  the  offset is in data units, not characters, even in a UTF
+       mode. It may sometimes point into the middle of a UTF-8 or UTF-16 char-
+       acter.
+
+       If  pcre_compile2()  is  used instead of pcre_compile(), and the error-
+       codeptr argument is not NULL, a non-zero error code number is  returned
+       via  this argument in the event of an error. This is in addition to the
+       textual error message. Error codes and messages are listed below.
+
+       If the final argument, tableptr, is NULL, PCRE uses a  default  set  of
+       character  tables  that  are  built  when  PCRE  is compiled, using the
+       default C locale. Otherwise, tableptr must be an address  that  is  the
+       result  of  a  call to pcre_maketables(). This value is stored with the
+       compiled pattern, and used again  by  pcre_exec()  and  pcre_dfa_exec()
+       when  the  pattern  is matched. For more discussion, see the section on
+       locale support below.
+
+       This code fragment shows a typical straightforward  call  to  pcre_com-
+       pile():
+
+         pcre *re;
+         const char *error;
+         int erroffset;
+         re = pcre_compile(
+           "^A.*Z",          /* the pattern */
+           0,                /* default options */
+           &error,           /* for error message */
+           &erroffset,       /* for error offset */
+           NULL);            /* use default character tables */
+
+       The  following  names  for option bits are defined in the pcre.h header
+       file:
+
+         PCRE_ANCHORED
+
+       If this bit is set, the pattern is forced to be "anchored", that is, it
+       is  constrained to match only at the first matching point in the string
+       that is being searched (the "subject string"). This effect can also  be
+       achieved  by appropriate constructs in the pattern itself, which is the
+       only way to do it in Perl.
+
+         PCRE_AUTO_CALLOUT
+
+       If this bit is set, pcre_compile() automatically inserts callout items,
+       all  with  number  255, before each pattern item. For discussion of the
+       callout facility, see the pcrecallout documentation.
+
+         PCRE_BSR_ANYCRLF
+         PCRE_BSR_UNICODE
+
+       These options (which are mutually exclusive) control what the \R escape
+       sequence  matches.  The choice is either to match only CR, LF, or CRLF,
+       or to match any Unicode newline sequence. The default is specified when
+       PCRE is built. It can be overridden from within the pattern, or by set-
+       ting an option when a compiled pattern is matched.
+
+         PCRE_CASELESS
+
+       If this bit is set, letters in the pattern match both upper  and  lower
+       case  letters.  It  is  equivalent  to  Perl's /i option, and it can be
+       changed within a pattern by a (?i) option setting. In UTF-8 mode,  PCRE
+       always  understands the concept of case for characters whose values are
+       less than 128, so caseless matching is always possible. For  characters
+       with  higher  values,  the concept of case is supported if PCRE is com-
+       piled with Unicode property support, but not otherwise. If you want  to
+       use  caseless  matching  for  characters 128 and above, you must ensure
+       that PCRE is compiled with Unicode property support  as  well  as  with
+       UTF-8 support.
+
+         PCRE_DOLLAR_ENDONLY
+
+       If  this bit is set, a dollar metacharacter in the pattern matches only
+       at the end of the subject string. Without this option,  a  dollar  also
+       matches  immediately before a newline at the end of the string (but not
+       before any other newlines). The PCRE_DOLLAR_ENDONLY option  is  ignored
+       if  PCRE_MULTILINE  is  set.   There is no equivalent to this option in
+       Perl, and no way to set it within a pattern.
+
+         PCRE_DOTALL
+
+       If this bit is set, a dot metacharacter in the pattern matches a  char-
+       acter of any value, including one that indicates a newline. However, it
+       only ever matches one character, even if newlines are  coded  as  CRLF.
+       Without  this option, a dot does not match when the current position is
+       at a newline. This option is equivalent to Perl's /s option, and it can
+       be  changed within a pattern by a (?s) option setting. A negative class
+       such as [^a] always matches newline characters, independent of the set-
+       ting of this option.
+
+         PCRE_DUPNAMES
+
+       If  this  bit is set, names used to identify capturing subpatterns need
+       not be unique. This can be helpful for certain types of pattern when it
+       is  known  that  only  one instance of the named subpattern can ever be
+       matched. There are more details of named subpatterns  below;  see  also
+       the pcrepattern documentation.
+
+         PCRE_EXTENDED
+
+       If  this  bit  is  set,  most white space characters in the pattern are
+       totally ignored except when escaped or inside a character  class.  How-
+       ever,  white  space  is  not  allowed within sequences such as (?> that
+       introduce various parenthesized subpatterns,  nor  within  a  numerical
+       quantifier  such as {1,3}.  However, ignorable white space is permitted
+       between an item and a following quantifier and between a quantifier and
+       a following + that indicates possessiveness.
+
+       White space did not used to include the VT character (code 11), because
+       Perl did not treat this character as white space. However, Perl changed
+       at  release  5.18,  so  PCRE  followed  at  release 8.34, and VT is now
+       treated as white space.
+
+       PCRE_EXTENDED also causes characters between an unescaped #  outside  a
+       character  class  and  the  next  newline,  inclusive,  to  be ignored.
+       PCRE_EXTENDED is equivalent to Perl's /x option, and it can be  changed
+       within a pattern by a (?x) option setting.
+
+       Which  characters  are  interpreted  as  newlines  is controlled by the
+       options passed to pcre_compile() or by a special sequence at the  start
+       of  the  pattern, as described in the section entitled "Newline conven-
+       tions" in the pcrepattern documentation. Note that the end of this type
+       of  comment  is  a  literal  newline  sequence  in  the pattern; escape
+       sequences that happen to represent a newline do not count.
+
+       This option makes it possible to include  comments  inside  complicated
+       patterns.   Note,  however,  that this applies only to data characters.
+       White space  characters  may  never  appear  within  special  character
+       sequences in a pattern, for example within the sequence (?( that intro-
+       duces a conditional subpattern.
+
+         PCRE_EXTRA
+
+       This option was invented in order to turn on  additional  functionality
+       of  PCRE  that  is  incompatible with Perl, but it is currently of very
+       little use. When set, any backslash in a pattern that is followed by  a
+       letter  that  has  no  special  meaning causes an error, thus reserving
+       these combinations for future expansion. By  default,  as  in  Perl,  a
+       backslash  followed by a letter with no special meaning is treated as a
+       literal. (Perl can, however, be persuaded to give an error for this, by
+       running  it with the -w option.) There are at present no other features
+       controlled by this option. It can also be set by a (?X) option  setting
+       within a pattern.
+
+         PCRE_FIRSTLINE
+
+       If  this  option  is  set,  an  unanchored pattern is required to match
+       before or at the first  newline  in  the  subject  string,  though  the
+       matched text may continue over the newline.
+
+         PCRE_JAVASCRIPT_COMPAT
+
+       If this option is set, PCRE's behaviour is changed in some ways so that
+       it is compatible with JavaScript rather than Perl. The changes  are  as
+       follows:
+
+       (1)  A  lone  closing square bracket in a pattern causes a compile-time
+       error, because this is illegal in JavaScript (by default it is  treated
+       as a data character). Thus, the pattern AB]CD becomes illegal when this
+       option is set.
+
+       (2) At run time, a back reference to an unset subpattern group  matches
+       an  empty  string (by default this causes the current matching alterna-
+       tive to fail). A pattern such as (\1)(a) succeeds when this  option  is
+       set  (assuming  it can find an "a" in the subject), whereas it fails by
+       default, for Perl compatibility.
+
+       (3) \U matches an upper case "U" character; by default \U causes a com-
+       pile time error (Perl uses \U to upper case subsequent characters).
+
+       (4) \u matches a lower case "u" character unless it is followed by four
+       hexadecimal digits, in which case the hexadecimal  number  defines  the
+       code  point  to match. By default, \u causes a compile time error (Perl
+       uses it to upper case the following character).
+
+       (5) \x matches a lower case "x" character unless it is followed by  two
+       hexadecimal  digits,  in  which case the hexadecimal number defines the
+       code point to match. By default, as in Perl, a  hexadecimal  number  is
+       always expected after \x, but it may have zero, one, or two digits (so,
+       for example, \xz matches a binary zero character followed by z).
+
+         PCRE_MULTILINE
+
+       By default, for the purposes of matching "start of line"  and  "end  of
+       line", PCRE treats the subject string as consisting of a single line of
+       characters, even if it actually contains newlines. The "start of  line"
+       metacharacter (^) matches only at the start of the string, and the "end
+       of line" metacharacter ($) matches only at the end of  the  string,  or
+       before  a terminating newline (except when PCRE_DOLLAR_ENDONLY is set).
+       Note, however, that unless PCRE_DOTALL  is  set,  the  "any  character"
+       metacharacter  (.)  does not match at a newline. This behaviour (for ^,
+       $, and dot) is the same as Perl.
+
+       When PCRE_MULTILINE it is set, the "start of line" and  "end  of  line"
+       constructs  match  immediately following or immediately before internal
+       newlines in the subject string, respectively, as well as  at  the  very
+       start  and  end.  This is equivalent to Perl's /m option, and it can be
+       changed within a pattern by a (?m) option setting. If there are no new-
+       lines  in  a  subject string, or no occurrences of ^ or $ in a pattern,
+       setting PCRE_MULTILINE has no effect.
+
+         PCRE_NEVER_UTF
+
+       This option locks out interpretation of the pattern as UTF-8 (or UTF-16
+       or  UTF-32  in the 16-bit and 32-bit libraries). In particular, it pre-
+       vents the creator of the pattern from switching to  UTF  interpretation
+       by starting the pattern with (*UTF). This may be useful in applications
+       that  process  patterns  from  external  sources.  The  combination  of
+       PCRE_UTF8 and PCRE_NEVER_UTF also causes an error.
+
+         PCRE_NEWLINE_CR
+         PCRE_NEWLINE_LF
+         PCRE_NEWLINE_CRLF
+         PCRE_NEWLINE_ANYCRLF
+         PCRE_NEWLINE_ANY
+
+       These  options  override the default newline definition that was chosen
+       when PCRE was built. Setting the first or the second specifies  that  a
+       newline  is  indicated  by a single character (CR or LF, respectively).
+       Setting PCRE_NEWLINE_CRLF specifies that a newline is indicated by  the
+       two-character  CRLF  sequence.  Setting  PCRE_NEWLINE_ANYCRLF specifies
+       that any of the three preceding sequences should be recognized. Setting
+       PCRE_NEWLINE_ANY  specifies that any Unicode newline sequence should be
+       recognized.
+
+       In an ASCII/Unicode environment, the Unicode newline sequences are  the
+       three  just  mentioned,  plus  the  single characters VT (vertical tab,
+       U+000B), FF (form feed, U+000C), NEL (next line, U+0085), LS (line sep-
+       arator,  U+2028),  and  PS (paragraph separator, U+2029). For the 8-bit
+       library, the last two are recognized only in UTF-8 mode.
+
+       When PCRE is compiled to run in an EBCDIC (mainframe) environment,  the
+       code for CR is 0x0d, the same as ASCII. However, the character code for
+       LF is normally 0x15, though in some EBCDIC environments 0x25  is  used.
+       Whichever  of  these  is  not LF is made to correspond to Unicode's NEL
+       character. EBCDIC codes are all less than 256. For  more  details,  see
+       the pcrebuild documentation.
+
+       The  newline  setting  in  the  options  word  uses three bits that are
+       treated as a number, giving eight possibilities. Currently only six are
+       used  (default  plus the five values above). This means that if you set
+       more than one newline option, the combination may or may not be  sensi-
+       ble. For example, PCRE_NEWLINE_CR with PCRE_NEWLINE_LF is equivalent to
+       PCRE_NEWLINE_CRLF, but other combinations may yield unused numbers  and
+       cause an error.
+
+       The  only  time  that a line break in a pattern is specially recognized
+       when compiling is when PCRE_EXTENDED is set. CR and LF are white  space
+       characters,  and so are ignored in this mode. Also, an unescaped # out-
+       side a character class indicates a comment that lasts until  after  the
+       next  line break sequence. In other circumstances, line break sequences
+       in patterns are treated as literal data.
+
+       The newline option that is set at compile time becomes the default that
+       is used for pcre_exec() and pcre_dfa_exec(), but it can be overridden.
+
+         PCRE_NO_AUTO_CAPTURE
+
+       If this option is set, it disables the use of numbered capturing paren-
+       theses in the pattern. Any opening parenthesis that is not followed  by
+       ?  behaves as if it were followed by ?: but named parentheses can still
+       be used for capturing (and they acquire  numbers  in  the  usual  way).
+       There is no equivalent of this option in Perl.
+
+         PCRE_NO_AUTO_POSSESS
+
+       If  this option is set, it disables "auto-possessification". This is an
+       optimization that, for example, turns a+b into a++b in order  to  avoid
+       backtracks  into  a+ that can never be successful. However, if callouts
+       are in use, auto-possessification means that some  of  them  are  never
+       taken. You can set this option if you want the matching functions to do
+       a full unoptimized search and run all the callouts, but  it  is  mainly
+       provided for testing purposes.
+
+         PCRE_NO_START_OPTIMIZE
+
+       This  is an option that acts at matching time; that is, it is really an
+       option for pcre_exec() or pcre_dfa_exec(). If  it  is  set  at  compile
+       time,  it is remembered with the compiled pattern and assumed at match-
+       ing time. This is necessary if you want to use JIT  execution,  because
+       the  JIT  compiler needs to know whether or not this option is set. For
+       details see the discussion of PCRE_NO_START_OPTIMIZE below.
+
+         PCRE_UCP
+
+       This option changes the way PCRE processes \B, \b, \D, \d, \S, \s,  \W,
+       \w,  and  some  of  the POSIX character classes. By default, only ASCII
+       characters are recognized, but if PCRE_UCP is set,  Unicode  properties
+       are  used instead to classify characters. More details are given in the
+       section on generic character types in the pcrepattern page. If you  set
+       PCRE_UCP,  matching  one of the items it affects takes much longer. The
+       option is available only if PCRE has been compiled with  Unicode  prop-
+       erty support.
+
+         PCRE_UNGREEDY
+
+       This  option  inverts  the "greediness" of the quantifiers so that they
+       are not greedy by default, but become greedy if followed by "?". It  is
+       not  compatible  with Perl. It can also be set by a (?U) option setting
+       within the pattern.
+
+         PCRE_UTF8
+
+       This option causes PCRE to regard both the pattern and the  subject  as
+       strings of UTF-8 characters instead of single-byte strings. However, it
+       is available only when PCRE is built to include UTF  support.  If  not,
+       the  use  of  this option provokes an error. Details of how this option
+       changes the behaviour of PCRE are given in the pcreunicode page.
+
+         PCRE_NO_UTF8_CHECK
+
+       When PCRE_UTF8 is set, the validity of the pattern as a UTF-8 string is
+       automatically  checked.  There  is  a  discussion about the validity of
+       UTF-8 strings in the pcreunicode page. If an invalid UTF-8 sequence  is
+       found,  pcre_compile()  returns an error. If you already know that your
+       pattern is valid, and you want to skip this check for performance  rea-
+       sons,  you  can set the PCRE_NO_UTF8_CHECK option.  When it is set, the
+       effect of passing an invalid UTF-8 string as a pattern is undefined. It
+       may cause your program to crash or loop. Note that this option can also
+       be passed to pcre_exec() and pcre_dfa_exec(), to suppress the  validity
+       checking  of  subject strings only. If the same string is being matched
+       many times, the option can be safely set for the second and  subsequent
+       matchings to improve performance.
+
+
+COMPILATION ERROR CODES
+
+       The  following  table  lists  the  error  codes than may be returned by
+       pcre_compile2(), along with the error messages that may be returned  by
+       both  compiling  functions.  Note  that error messages are always 8-bit
+       ASCII strings, even in 16-bit or 32-bit mode. As  PCRE  has  developed,
+       some  error codes have fallen out of use. To avoid confusion, they have
+       not been re-used.
+
+          0  no error
+          1  \ at end of pattern
+          2  \c at end of pattern
+          3  unrecognized character follows \
+          4  numbers out of order in {} quantifier
+          5  number too big in {} quantifier
+          6  missing terminating ] for character class
+          7  invalid escape sequence in character class
+          8  range out of order in character class
+          9  nothing to repeat
+         10  [this code is not in use]
+         11  internal error: unexpected repeat
+         12  unrecognized character after (? or (?-
+         13  POSIX named classes are supported only within a class
+         14  missing )
+         15  reference to non-existent subpattern
+         16  erroffset passed as NULL
+         17  unknown option bit(s) set
+         18  missing ) after comment
+         19  [this code is not in use]
+         20  regular expression is too large
+         21  failed to get memory
+         22  unmatched parentheses
+         23  internal error: code overflow
+         24  unrecognized character after (?<
+         25  lookbehind assertion is not fixed length
+         26  malformed number or name after (?(
+         27  conditional group contains more than two branches
+         28  assertion expected after (?(
+         29  (?R or (?[+-]digits must be followed by )
+         30  unknown POSIX class name
+         31  POSIX collating elements are not supported
+         32  this version of PCRE is compiled without UTF support
+         33  [this code is not in use]
+         34  character value in \x{} or \o{} is too large
+         35  invalid condition (?(0)
+         36  \C not allowed in lookbehind assertion
+         37  PCRE does not support \L, \l, \N{name}, \U, or \u
+         38  number after (?C is > 255
+         39  closing ) for (?C expected
+         40  recursive call could loop indefinitely
+         41  unrecognized character after (?P
+         42  syntax error in subpattern name (missing terminator)
+         43  two named subpatterns have the same name
+         44  invalid UTF-8 string (specifically UTF-8)
+         45  support for \P, \p, and \X has not been compiled
+         46  malformed \P or \p sequence
+         47  unknown property name after \P or \p
+         48  subpattern name is too long (maximum 32 characters)
+         49  too many named subpatterns (maximum 10000)
+         50  [this code is not in use]
+         51  octal value is greater than \377 in 8-bit non-UTF-8 mode
+         52  internal error: overran compiling workspace
+         53  internal error: previously-checked referenced subpattern
+               not found
+         54  DEFINE group contains more than one branch
+         55  repeating a DEFINE group is not allowed
+         56  inconsistent NEWLINE options
+         57  \g is not followed by a braced, angle-bracketed, or quoted
+               name/number or by a plain number
+         58  a numbered reference must not be zero
+         59  an argument is not allowed for (*ACCEPT), (*FAIL), or (*COMMIT)
+         60  (*VERB) not recognized or malformed
+         61  number is too big
+         62  subpattern name expected
+         63  digit expected after (?+
+         64  ] is an invalid data character in JavaScript compatibility mode
+         65  different names for subpatterns of the same number are
+               not allowed
+         66  (*MARK) must have an argument
+         67  this version of PCRE is not compiled with Unicode property
+               support
+         68  \c must be followed by an ASCII character
+         69  \k is not followed by a braced, angle-bracketed, or quoted name
+         70  internal error: unknown opcode in find_fixedlength()
+         71  \N is not supported in a class
+         72  too many forward references
+         73  disallowed Unicode code point (>= 0xd800 && <= 0xdfff)
+         74  invalid UTF-16 string (specifically UTF-16)
+         75  name is too long in (*MARK), (*PRUNE), (*SKIP), or (*THEN)
+         76  character value in \u.... sequence is too large
+         77  invalid UTF-32 string (specifically UTF-32)
+         78  setting UTF is disabled by the application
+         79  non-hex character in \x{} (closing brace missing?)
+         80  non-octal character in \o{} (closing brace missing?)
+         81  missing opening brace after \o
+         82  parentheses are too deeply nested
+         83  invalid range in character class
+         84  group name must start with a non-digit
+         85  parentheses are too deeply nested (stack check)
+
+       The numbers 32 and 10000 in errors 48 and 49  are  defaults;  different
+       values may be used if the limits were changed when PCRE was built.
+
+
+STUDYING A PATTERN
+
+       pcre_extra *pcre_study(const pcre *code, int options,
+            const char **errptr);
+
+       If  a  compiled  pattern is going to be used several times, it is worth
+       spending more time analyzing it in order to speed up the time taken for
+       matching.  The function pcre_study() takes a pointer to a compiled pat-
+       tern as its first argument. If studying the pattern produces additional
+       information  that  will  help speed up matching, pcre_study() returns a
+       pointer to a pcre_extra block, in which the study_data field points  to
+       the results of the study.
+
+       The  returned  value  from  pcre_study()  can  be  passed  directly  to
+       pcre_exec() or pcre_dfa_exec(). However, a pcre_extra block  also  con-
+       tains  other  fields  that can be set by the caller before the block is
+       passed; these are described below in the section on matching a pattern.
+
+       If studying the  pattern  does  not  produce  any  useful  information,
+       pcre_study()  returns  NULL  by  default.  In that circumstance, if the
+       calling program wants to pass any of the other fields to pcre_exec() or
+       pcre_dfa_exec(),  it  must set up its own pcre_extra block. However, if
+       pcre_study() is called  with  the  PCRE_STUDY_EXTRA_NEEDED  option,  it
+       returns a pcre_extra block even if studying did not find any additional
+       information. It may still return NULL, however, if an error  occurs  in
+       pcre_study().
+
+       The  second  argument  of  pcre_study() contains option bits. There are
+       three further options in addition to PCRE_STUDY_EXTRA_NEEDED:
+
+         PCRE_STUDY_JIT_COMPILE
+         PCRE_STUDY_JIT_PARTIAL_HARD_COMPILE
+         PCRE_STUDY_JIT_PARTIAL_SOFT_COMPILE
+
+       If any of these are set, and the just-in-time  compiler  is  available,
+       the  pattern  is  further compiled into machine code that executes much
+       faster than the pcre_exec()  interpretive  matching  function.  If  the
+       just-in-time  compiler is not available, these options are ignored. All
+       undefined bits in the options argument must be zero.
+
+       JIT compilation is a heavyweight optimization. It can  take  some  time
+       for  patterns  to  be analyzed, and for one-off matches and simple pat-
+       terns the benefit of faster execution might be offset by a much  slower
+       study time.  Not all patterns can be optimized by the JIT compiler. For
+       those that cannot be handled, matching automatically falls back to  the
+       pcre_exec()  interpreter.  For more details, see the pcrejit documenta-
+       tion.
+
+       The third argument for pcre_study() is a pointer for an error  message.
+       If  studying  succeeds  (even  if no data is returned), the variable it
+       points to is set to NULL. Otherwise it is set to  point  to  a  textual
+       error message. This is a static string that is part of the library. You
+       must not try to free it. You should test the  error  pointer  for  NULL
+       after calling pcre_study(), to be sure that it has run successfully.
+
+       When  you are finished with a pattern, you can free the memory used for
+       the study data by calling pcre_free_study(). This function was added to
+       the  API  for  release  8.20. For earlier versions, the memory could be
+       freed with pcre_free(), just like the pattern itself. This  will  still
+       work  in  cases where JIT optimization is not used, but it is advisable
+       to change to the new function when convenient.
+
+       This is a typical way in which pcre_study() is used (except that  in  a
+       real application there should be tests for errors):
+
+         int rc;
+         pcre *re;
+         pcre_extra *sd;
+         re = pcre_compile("pattern", 0, &error, &erroroffset, NULL);
+         sd = pcre_study(
+           re,             /* result of pcre_compile() */
+           0,              /* no options */
+           &error);        /* set to NULL or points to a message */
+         rc = pcre_exec(   /* see below for details of pcre_exec() options */
+           re, sd, "subject", 7, 0, 0, ovector, 30);
+         ...
+         pcre_free_study(sd);
+         pcre_free(re);
+
+       Studying a pattern does two things: first, a lower bound for the length
+       of subject string that is needed to match the pattern is computed. This
+       does not mean that there are any strings of that length that match, but
+       it does guarantee that no shorter strings match. The value is  used  to
+       avoid wasting time by trying to match strings that are shorter than the
+       lower bound. You can find out the value in a calling  program  via  the
+       pcre_fullinfo() function.
+
+       Studying a pattern is also useful for non-anchored patterns that do not
+       have a single fixed starting character. A bitmap of  possible  starting
+       bytes  is  created. This speeds up finding a position in the subject at
+       which to start matching. (In 16-bit mode, the bitmap is used for 16-bit
+       values  less  than  256.  In 32-bit mode, the bitmap is used for 32-bit
+       values less than 256.)
+
+       These two optimizations apply to both pcre_exec() and  pcre_dfa_exec(),
+       and  the  information  is also used by the JIT compiler.  The optimiza-
+       tions can be disabled by  setting  the  PCRE_NO_START_OPTIMIZE  option.
+       You  might want to do this if your pattern contains callouts or (*MARK)
+       and you want to make use of these facilities in  cases  where  matching
+       fails.
+
+       PCRE_NO_START_OPTIMIZE  can be specified at either compile time or exe-
+       cution  time.  However,  if   PCRE_NO_START_OPTIMIZE   is   passed   to
+       pcre_exec(), (that is, after any JIT compilation has happened) JIT exe-
+       cution is disabled. For JIT execution to work with  PCRE_NO_START_OPTI-
+       MIZE, the option must be set at compile time.
+
+       There is a longer discussion of PCRE_NO_START_OPTIMIZE below.
+
+
+LOCALE SUPPORT
+
+       PCRE  handles  caseless matching, and determines whether characters are
+       letters, digits, or whatever, by reference to a set of tables,  indexed
+       by  character  code point. When running in UTF-8 mode, or in the 16- or
+       32-bit libraries, this applies only to characters with code points less
+       than  256.  By  default,  higher-valued code points never match escapes
+       such as \w or \d. However, if PCRE is built with Unicode property  sup-
+       port,  all  characters can be tested with \p and \P, or, alternatively,
+       the PCRE_UCP option can be set when a pattern is compiled; this  causes
+       \w  and friends to use Unicode property support instead of the built-in
+       tables.
+
+       The use of locales with Unicode is discouraged.  If  you  are  handling
+       characters  with  code  points  greater than 128, you should either use
+       Unicode support, or use locales, but not try to mix the two.
+
+       PCRE contains an internal set of tables that are used  when  the  final
+       argument  of  pcre_compile()  is  NULL.  These  are sufficient for many
+       applications.  Normally, the internal tables recognize only ASCII char-
+       acters. However, when PCRE is built, it is possible to cause the inter-
+       nal tables to be rebuilt in the default "C" locale of the local system,
+       which may cause them to be different.
+
+       The  internal tables can always be overridden by tables supplied by the
+       application that calls PCRE. These may be created in a different locale
+       from  the  default.  As more and more applications change to using Uni-
+       code, the need for this locale support is expected to die away.
+
+       External tables are built by calling  the  pcre_maketables()  function,
+       which  has no arguments, in the relevant locale. The result can then be
+       passed to pcre_compile() as often as necessary. For example,  to  build
+       and  use  tables  that  are  appropriate  for  the French locale (where
+       accented characters with values greater than 128 are  treated  as  let-
+       ters), the following code could be used:
+
+         setlocale(LC_CTYPE, "fr_FR");
+         tables = pcre_maketables();
+         re = pcre_compile(..., tables);
+
+       The  locale  name "fr_FR" is used on Linux and other Unix-like systems;
+       if you are using Windows, the name for the French locale is "french".
+
+       When pcre_maketables() runs, the tables are built  in  memory  that  is
+       obtained  via  pcre_malloc. It is the caller's responsibility to ensure
+       that the memory containing the tables remains available for as long  as
+       it is needed.
+
+       The pointer that is passed to pcre_compile() is saved with the compiled
+       pattern, and the same tables are used via this pointer by  pcre_study()
+       and  also by pcre_exec() and pcre_dfa_exec(). Thus, for any single pat-
+       tern, compilation, studying and matching all happen in the same locale,
+       but different patterns can be processed in different locales.
+
+       It  is  possible to pass a table pointer or NULL (indicating the use of
+       the internal tables) to pcre_exec() or pcre_dfa_exec() (see the discus-
+       sion below in the section on matching a pattern). This facility is pro-
+       vided for use with pre-compiled  patterns  that  have  been  saved  and
+       reloaded.   Character  tables are not saved with patterns, so if a non-
+       standard table was used at compile time, it must be provided again when
+       the  reloaded  pattern  is  matched. Attempting to use this facility to
+       match a pattern in a different locale from the one in which it was com-
+       piled is likely to lead to anomalous (usually incorrect) results.
+
+
+INFORMATION ABOUT A PATTERN
+
+       int pcre_fullinfo(const pcre *code, const pcre_extra *extra,
+            int what, void *where);
+
+       The  pcre_fullinfo() function returns information about a compiled pat-
+       tern. It replaces the pcre_info() function, which was removed from  the
+       library at version 8.30, after more than 10 years of obsolescence.
+
+       The  first  argument  for  pcre_fullinfo() is a pointer to the compiled
+       pattern. The second argument is the result of pcre_study(), or NULL  if
+       the  pattern  was not studied. The third argument specifies which piece
+       of information is required, and the fourth argument is a pointer  to  a
+       variable  to  receive  the  data. The yield of the function is zero for
+       success, or one of the following negative numbers:
+
+         PCRE_ERROR_NULL           the argument code was NULL
+                                   the argument where was NULL
+         PCRE_ERROR_BADMAGIC       the "magic number" was not found
+         PCRE_ERROR_BADENDIANNESS  the pattern was compiled with different
+                                   endianness
+         PCRE_ERROR_BADOPTION      the value of what was invalid
+         PCRE_ERROR_UNSET          the requested field is not set
+
+       The "magic number" is placed at the start of each compiled  pattern  as
+       an  simple check against passing an arbitrary memory pointer. The endi-
+       anness error can occur if a compiled pattern is saved and reloaded on a
+       different  host.  Here  is a typical call of pcre_fullinfo(), to obtain
+       the length of the compiled pattern:
+
+         int rc;
+         size_t length;
+         rc = pcre_fullinfo(
+           re,               /* result of pcre_compile() */
+           sd,               /* result of pcre_study(), or NULL */
+           PCRE_INFO_SIZE,   /* what is required */
+           &length);         /* where to put the data */
+
+       The possible values for the third argument are defined in  pcre.h,  and
+       are as follows:
+
+         PCRE_INFO_BACKREFMAX
+
+       Return  the  number  of  the highest back reference in the pattern. The
+       fourth argument should point to an int variable. Zero  is  returned  if
+       there are no back references.
+
+         PCRE_INFO_CAPTURECOUNT
+
+       Return  the  number of capturing subpatterns in the pattern. The fourth
+       argument should point to an int variable.
+
+         PCRE_INFO_DEFAULT_TABLES
+
+       Return a pointer to the internal default character tables within  PCRE.
+       The  fourth  argument should point to an unsigned char * variable. This
+       information call is provided for internal use by the pcre_study() func-
+       tion.  External  callers  can  cause PCRE to use its internal tables by
+       passing a NULL table pointer.
+
+         PCRE_INFO_FIRSTBYTE (deprecated)
+
+       Return information about the first data unit of any matched string, for
+       a  non-anchored  pattern.  The  name of this option refers to the 8-bit
+       library, where data units are bytes. The fourth argument  should  point
+       to  an  int  variable. Negative values are used for special cases. How-
+       ever, this means that when the 32-bit library is  in  non-UTF-32  mode,
+       the  full  32-bit range of characters cannot be returned. For this rea-
+       son, this value is deprecated;  use  PCRE_INFO_FIRSTCHARACTERFLAGS  and
+       PCRE_INFO_FIRSTCHARACTER instead.
+
+       If  there  is  a  fixed first value, for example, the letter "c" from a
+       pattern such as (cat|cow|coyote), its value is returned. In  the  8-bit
+       library,  the  value is always less than 256. In the 16-bit library the
+       value can be up to 0xffff. In the 32-bit library the value can be up to
+       0x10ffff.
+
+       If there is no fixed first value, and if either
+
+       (a)  the pattern was compiled with the PCRE_MULTILINE option, and every
+       branch starts with "^", or
+
+       (b) every branch of the pattern starts with ".*" and PCRE_DOTALL is not
+       set (if it were set, the pattern would be anchored),
+
+       -1  is  returned, indicating that the pattern matches only at the start
+       of a subject string or after any newline within the  string.  Otherwise
+       -2 is returned. For anchored patterns, -2 is returned.
+
+         PCRE_INFO_FIRSTCHARACTER
+
+       Return  the  value  of  the  first data unit (non-UTF character) of any
+       matched string in  the  situation  where  PCRE_INFO_FIRSTCHARACTERFLAGS
+       returns  1;  otherwise return 0. The fourth argument should point to an
+       uint_t variable.
+
+       In the 8-bit library, the value is always less than 256. In the  16-bit
+       library  the value can be up to 0xffff. In the 32-bit library in UTF-32
+       mode the value can be up to 0x10ffff, and up  to  0xffffffff  when  not
+       using UTF-32 mode.
+
+         PCRE_INFO_FIRSTCHARACTERFLAGS
+
+       Return information about the first data unit of any matched string, for
+       a non-anchored pattern. The fourth argument  should  point  to  an  int
+       variable.
+
+       If  there  is  a  fixed first value, for example, the letter "c" from a
+       pattern such as (cat|cow|coyote), 1  is  returned,  and  the  character
+       value  can  be retrieved using PCRE_INFO_FIRSTCHARACTER. If there is no
+       fixed first value, and if either
+
+       (a) the pattern was compiled with the PCRE_MULTILINE option, and  every
+       branch starts with "^", or
+
+       (b) every branch of the pattern starts with ".*" and PCRE_DOTALL is not
+       set (if it were set, the pattern would be anchored),
+
+       2 is returned, indicating that the pattern matches only at the start of
+       a subject string or after any newline within the string. Otherwise 0 is
+       returned. For anchored patterns, 0 is returned.
+
+         PCRE_INFO_FIRSTTABLE
+
+       If the pattern was studied, and this resulted in the construction of  a
+       256-bit  table indicating a fixed set of values for the first data unit
+       in any matching string, a pointer to the table is  returned.  Otherwise
+       NULL  is returned. The fourth argument should point to an unsigned char
+       * variable.
+
+         PCRE_INFO_HASCRORLF
+
+       Return 1 if the pattern contains any explicit  matches  for  CR  or  LF
+       characters,  otherwise  0.  The  fourth argument should point to an int
+       variable. An explicit match is either a literal CR or LF character,  or
+       \r or \n.
+
+         PCRE_INFO_JCHANGED
+
+       Return  1  if  the (?J) or (?-J) option setting is used in the pattern,
+       otherwise 0. The fourth argument should point to an int variable.  (?J)
+       and (?-J) set and unset the local PCRE_DUPNAMES option, respectively.
+
+         PCRE_INFO_JIT
+
+       Return  1  if  the pattern was studied with one of the JIT options, and
+       just-in-time compiling was successful. The fourth argument should point
+       to  an  int variable. A return value of 0 means that JIT support is not
+       available in this version of PCRE, or that the pattern was not  studied
+       with  a JIT option, or that the JIT compiler could not handle this par-
+       ticular pattern. See the pcrejit documentation for details of what  can
+       and cannot be handled.
+
+         PCRE_INFO_JITSIZE
+
+       If  the  pattern was successfully studied with a JIT option, return the
+       size of the JIT compiled code, otherwise return zero. The fourth  argu-
+       ment should point to a size_t variable.
+
+         PCRE_INFO_LASTLITERAL
+
+       Return  the value of the rightmost literal data unit that must exist in
+       any matched string, other than at its start, if such a value  has  been
+       recorded. The fourth argument should point to an int variable. If there
+       is no such value, -1 is returned. For anchored patterns, a last literal
+       value  is recorded only if it follows something of variable length. For
+       example, for the pattern /^a\d+z\d+/ the returned value is "z", but for
+       /^a\dz\d/ the returned value is -1.
+
+       Since  for  the 32-bit library using the non-UTF-32 mode, this function
+       is unable to return the full 32-bit range of characters, this value  is
+       deprecated;     instead     the     PCRE_INFO_REQUIREDCHARFLAGS     and
+       PCRE_INFO_REQUIREDCHAR values should be used.
+
+         PCRE_INFO_MATCH_EMPTY
+
+       Return 1 if the pattern can match an empty  string,  otherwise  0.  The
+       fourth argument should point to an int variable.
+
+         PCRE_INFO_MATCHLIMIT
+
+       If  the  pattern  set  a  match  limit by including an item of the form
+       (*LIMIT_MATCH=nnnn) at the start, the value  is  returned.  The  fourth
+       argument  should  point to an unsigned 32-bit integer. If no such value
+       has  been  set,  the  call  to  pcre_fullinfo()   returns   the   error
+       PCRE_ERROR_UNSET.
+
+         PCRE_INFO_MAXLOOKBEHIND
+
+       Return  the  number  of  characters  (NB not data units) in the longest
+       lookbehind assertion in the pattern. This information  is  useful  when
+       doing  multi-segment  matching  using  the partial matching facilities.
+       Note that the simple assertions \b and \B require a one-character look-
+       behind.  \A  also  registers a one-character lookbehind, though it does
+       not actually inspect the previous character. This is to ensure that  at
+       least one character from the old segment is retained when a new segment
+       is processed. Otherwise, if there are no lookbehinds in the pattern, \A
+       might match incorrectly at the start of a new segment.
+
+         PCRE_INFO_MINLENGTH
+
+       If  the  pattern  was studied and a minimum length for matching subject
+       strings was computed, its value is  returned.  Otherwise  the  returned
+       value is -1. The value is a number of characters, which in UTF mode may
+       be different from the number of data units. The fourth argument  should
+       point  to an int variable. A non-negative value is a lower bound to the
+       length of any matching string. There may not be  any  strings  of  that
+       length  that  do actually match, but every string that does match is at
+       least that long.
+
+         PCRE_INFO_NAMECOUNT
+         PCRE_INFO_NAMEENTRYSIZE
+         PCRE_INFO_NAMETABLE
+
+       PCRE supports the use of named as well as numbered capturing  parenthe-
+       ses.  The names are just an additional way of identifying the parenthe-
+       ses, which still acquire numbers. Several convenience functions such as
+       pcre_get_named_substring()  are  provided  for extracting captured sub-
+       strings by name. It is also possible to extract the data  directly,  by
+       first  converting  the  name to a number in order to access the correct
+       pointers in the output vector (described with pcre_exec() below). To do
+       the  conversion,  you  need  to  use  the  name-to-number map, which is
+       described by these three values.
+
+       The map consists of a number of fixed-size entries. PCRE_INFO_NAMECOUNT
+       gives the number of entries, and PCRE_INFO_NAMEENTRYSIZE gives the size
+       of each entry; both of these  return  an  int  value.  The  entry  size
+       depends  on the length of the longest name. PCRE_INFO_NAMETABLE returns
+       a pointer to the first entry of the table. This is a pointer to char in
+       the 8-bit library, where the first two bytes of each entry are the num-
+       ber of the capturing parenthesis, most significant byte first.  In  the
+       16-bit  library,  the pointer points to 16-bit data units, the first of
+       which contains the parenthesis  number.  In  the  32-bit  library,  the
+       pointer  points  to  32-bit data units, the first of which contains the
+       parenthesis number. The rest of the entry is  the  corresponding  name,
+       zero terminated.
+
+       The  names are in alphabetical order. If (?| is used to create multiple
+       groups with the same number, as described in the section  on  duplicate
+       subpattern numbers in the pcrepattern page, the groups may be given the
+       same name, but there is only one entry in the  table.  Different  names
+       for  groups  of the same number are not permitted.  Duplicate names for
+       subpatterns with different numbers are permitted, but only if PCRE_DUP-
+       NAMES  is set. They appear in the table in the order in which they were
+       found in the pattern. In the absence  of  (?|  this  is  the  order  of
+       increasing  number;  when  (?| is used this is not necessarily the case
+       because later subpatterns may have lower numbers.
+
+       As a simple example of the name/number table,  consider  the  following
+       pattern after compilation by the 8-bit library (assume PCRE_EXTENDED is
+       set, so white space - including newlines - is ignored):
+
+         (?<date> (?<year>(\d\d)?\d\d) -
+         (?<month>\d\d) - (?<day>\d\d) )
+
+       There are four named subpatterns, so the table has  four  entries,  and
+       each  entry  in the table is eight bytes long. The table is as follows,
+       with non-printing bytes shows in hexadecimal, and undefined bytes shown
+       as ??:
+
+         00 01 d  a  t  e  00 ??
+         00 05 d  a  y  00 ?? ??
+         00 04 m  o  n  t  h  00
+         00 02 y  e  a  r  00 ??
+
+       When  writing  code  to  extract  data from named subpatterns using the
+       name-to-number map, remember that the length of the entries  is  likely
+       to be different for each compiled pattern.
+
+         PCRE_INFO_OKPARTIAL
+
+       Return  1  if  the  pattern  can  be  used  for  partial  matching with
+       pcre_exec(), otherwise 0. The fourth argument should point  to  an  int
+       variable.  From  release  8.00,  this  always  returns  1,  because the
+       restrictions that previously applied  to  partial  matching  have  been
+       lifted.  The  pcrepartial documentation gives details of partial match-
+       ing.
+
+         PCRE_INFO_OPTIONS
+
+       Return a copy of the options with which the pattern was  compiled.  The
+       fourth  argument  should  point to an unsigned long int variable. These
+       option bits are those specified in the call to pcre_compile(), modified
+       by any top-level option settings at the start of the pattern itself. In
+       other words, they are the options that will be in force  when  matching
+       starts.  For  example, if the pattern /(?im)abc(?-i)d/ is compiled with
+       the PCRE_EXTENDED option, the result is PCRE_CASELESS,  PCRE_MULTILINE,
+       and PCRE_EXTENDED.
+
+       A  pattern  is  automatically  anchored by PCRE if all of its top-level
+       alternatives begin with one of the following:
+
+         ^     unless PCRE_MULTILINE is set
+         \A    always
+         \G    always
+         .*    if PCRE_DOTALL is set and there are no back
+                 references to the subpattern in which .* appears
+
+       For such patterns, the PCRE_ANCHORED bit is set in the options returned
+       by pcre_fullinfo().
+
+         PCRE_INFO_RECURSIONLIMIT
+
+       If  the  pattern set a recursion limit by including an item of the form
+       (*LIMIT_RECURSION=nnnn) at the start, the value is returned. The fourth
+       argument  should  point to an unsigned 32-bit integer. If no such value
+       has  been  set,  the  call  to  pcre_fullinfo()   returns   the   error
+       PCRE_ERROR_UNSET.
+
+         PCRE_INFO_SIZE
+
+       Return  the  size  of  the  compiled  pattern  in  bytes (for all three
+       libraries). The fourth argument should point to a size_t variable. This
+       value  does not include the size of the pcre structure that is returned
+       by pcre_compile().  The  value  that  is  passed  as  the  argument  to
+       pcre_malloc()  when  pcre_compile() is getting memory in which to place
+       the compiled data is the value returned by this option plus the size of
+       the  pcre  structure. Studying a compiled pattern, with or without JIT,
+       does not alter the value returned by this option.
+
+         PCRE_INFO_STUDYSIZE
+
+       Return the size in bytes (for all three libraries) of  the  data  block
+       pointed to by the study_data field in a pcre_extra block. If pcre_extra
+       is NULL, or there is no study data, zero is returned. The fourth  argu-
+       ment  should point to a size_t variable. The study_data field is set by
+       pcre_study() to record information that will speed up matching (see the
+       section  entitled  "Studying  a  pattern"  above).  The  format  of the
+       study_data block is private, but its length is made available via  this
+       option  so  that  it  can be saved and restored (see the pcreprecompile
+       documentation for details).
+
+         PCRE_INFO_REQUIREDCHARFLAGS
+
+       Returns 1 if there is a rightmost literal data unit that must exist  in
+       any matched string, other than at its start. The fourth argument should
+       point to an int variable. If there is no such value, 0 is returned.  If
+       returning  1,  the  character  value  itself  can  be  retrieved  using
+       PCRE_INFO_REQUIREDCHAR.
+
+       For anchored patterns, a last literal value is recorded only if it fol-
+       lows  something  of  variable  length.  For  example,  for  the pattern
+       /^a\d+z\d+/  the   returned   value   1   (with   "z"   returned   from
+       PCRE_INFO_REQUIREDCHAR), but for /^a\dz\d/ the returned value is 0.
+
+         PCRE_INFO_REQUIREDCHAR
+
+       Return  the value of the rightmost literal data unit that must exist in
+       any matched string, other than at its start, if such a value  has  been
+       recorded.  The fourth argument should point to an uint32_t variable. If
+       there is no such value, 0 is returned.
+
+
+REFERENCE COUNTS
+
+       int pcre_refcount(pcre *code, int adjust);
+
+       The pcre_refcount() function is used to maintain a reference  count  in
+       the data block that contains a compiled pattern. It is provided for the
+       benefit of applications that  operate  in  an  object-oriented  manner,
+       where different parts of the application may be using the same compiled
+       pattern, but you want to free the block when they are all done.
+
+       When a pattern is compiled, the reference count field is initialized to
+       zero.   It is changed only by calling this function, whose action is to
+       add the adjust value (which may be positive or  negative)  to  it.  The
+       yield of the function is the new value. However, the value of the count
+       is constrained to lie between 0 and 65535, inclusive. If the new  value
+       is outside these limits, it is forced to the appropriate limit value.
+
+       Except  when it is zero, the reference count is not correctly preserved
+       if a pattern is compiled on one host and then  transferred  to  a  host
+       whose byte-order is different. (This seems a highly unlikely scenario.)
+
+
+MATCHING A PATTERN: THE TRADITIONAL FUNCTION
+
+       int pcre_exec(const pcre *code, const pcre_extra *extra,
+            const char *subject, int length, int startoffset,
+            int options, int *ovector, int ovecsize);
+
+       The  function pcre_exec() is called to match a subject string against a
+       compiled pattern, which is passed in the code argument. If the  pattern
+       was  studied,  the  result  of  the study should be passed in the extra
+       argument. You can call pcre_exec() with the same code and  extra  argu-
+       ments  as  many  times as you like, in order to match different subject
+       strings with the same pattern.
+
+       This function is the main matching facility  of  the  library,  and  it
+       operates  in  a  Perl-like  manner. For specialist use there is also an
+       alternative matching function, which is described below in the  section
+       about the pcre_dfa_exec() function.
+
+       In  most applications, the pattern will have been compiled (and option-
+       ally studied) in the same process that calls pcre_exec().  However,  it
+       is possible to save compiled patterns and study data, and then use them
+       later in different processes, possibly even on different hosts.  For  a
+       discussion about this, see the pcreprecompile documentation.
+
+       Here is an example of a simple call to pcre_exec():
+
+         int rc;
+         int ovector[30];
+         rc = pcre_exec(
+           re,             /* result of pcre_compile() */
+           NULL,           /* we didn't study the pattern */
+           "some string",  /* the subject string */
+           11,             /* the length of the subject string */
+           0,              /* start at offset 0 in the subject */
+           0,              /* default options */
+           ovector,        /* vector of integers for substring information */
+           30);            /* number of elements (NOT size in bytes) */
+
+   Extra data for pcre_exec()
+
+       If  the  extra argument is not NULL, it must point to a pcre_extra data
+       block. The pcre_study() function returns such a block (when it  doesn't
+       return  NULL), but you can also create one for yourself, and pass addi-
+       tional information in it. The pcre_extra block contains  the  following
+       fields (not necessarily in this order):
+
+         unsigned long int flags;
+         void *study_data;
+         void *executable_jit;
+         unsigned long int match_limit;
+         unsigned long int match_limit_recursion;
+         void *callout_data;
+         const unsigned char *tables;
+         unsigned char **mark;
+
+       In  the  16-bit  version  of  this  structure,  the mark field has type
+       "PCRE_UCHAR16 **".
+
+       In the 32-bit version of  this  structure,  the  mark  field  has  type
+       "PCRE_UCHAR32 **".
+
+       The  flags  field is used to specify which of the other fields are set.
+       The flag bits are:
+
+         PCRE_EXTRA_CALLOUT_DATA
+         PCRE_EXTRA_EXECUTABLE_JIT
+         PCRE_EXTRA_MARK
+         PCRE_EXTRA_MATCH_LIMIT
+         PCRE_EXTRA_MATCH_LIMIT_RECURSION
+         PCRE_EXTRA_STUDY_DATA
+         PCRE_EXTRA_TABLES
+
+       Other flag bits should be set to zero. The study_data field  and  some-
+       times  the executable_jit field are set in the pcre_extra block that is
+       returned by pcre_study(), together with the appropriate flag bits.  You
+       should  not set these yourself, but you may add to the block by setting
+       other fields and their corresponding flag bits.
+
+       The match_limit field provides a means of preventing PCRE from using up
+       a  vast amount of resources when running patterns that are not going to
+       match, but which have a very large number  of  possibilities  in  their
+       search  trees. The classic example is a pattern that uses nested unlim-
+       ited repeats.
+
+       Internally, pcre_exec() uses a function called match(), which it  calls
+       repeatedly  (sometimes  recursively).  The  limit set by match_limit is
+       imposed on the number of times this function is called during a  match,
+       which  has  the  effect of limiting the amount of backtracking that can
+       take place. For patterns that are not anchored, the count restarts from
+       zero for each position in the subject string.
+
+       When pcre_exec() is called with a pattern that was successfully studied
+       with a JIT option, the way that the matching is  executed  is  entirely
+       different.  However, there is still the possibility of runaway matching
+       that goes on for a very long time, and so the match_limit value is also
+       used in this case (but in a different way) to limit how long the match-
+       ing can continue.
+
+       The default value for the limit can be set  when  PCRE  is  built;  the
+       default  default  is 10 million, which handles all but the most extreme
+       cases. You can override the default  by  suppling  pcre_exec()  with  a
+       pcre_extra     block    in    which    match_limit    is    set,    and
+       PCRE_EXTRA_MATCH_LIMIT is set in the  flags  field.  If  the  limit  is
+       exceeded, pcre_exec() returns PCRE_ERROR_MATCHLIMIT.
+
+       A  value  for  the  match  limit may also be supplied by an item at the
+       start of a pattern of the form
+
+         (*LIMIT_MATCH=d)
+
+       where d is a decimal number. However, such a setting is ignored  unless
+       d  is  less  than  the limit set by the caller of pcre_exec() or, if no
+       such limit is set, less than the default.
+
+       The match_limit_recursion field is similar to match_limit, but  instead
+       of limiting the total number of times that match() is called, it limits
+       the depth of recursion. The recursion depth is a  smaller  number  than
+       the  total number of calls, because not all calls to match() are recur-
+       sive.  This limit is of use only if it is set smaller than match_limit.
+
+       Limiting the recursion depth limits the amount of  machine  stack  that
+       can  be used, or, when PCRE has been compiled to use memory on the heap
+       instead of the stack, the amount of heap memory that can be used.  This
+       limit  is not relevant, and is ignored, when matching is done using JIT
+       compiled code.
+
+       The default value for match_limit_recursion can be  set  when  PCRE  is
+       built;  the  default  default  is  the  same  value  as the default for
+       match_limit. You can override the default by suppling pcre_exec()  with
+       a   pcre_extra   block  in  which  match_limit_recursion  is  set,  and
+       PCRE_EXTRA_MATCH_LIMIT_RECURSION is set in  the  flags  field.  If  the
+       limit is exceeded, pcre_exec() returns PCRE_ERROR_RECURSIONLIMIT.
+
+       A  value for the recursion limit may also be supplied by an item at the
+       start of a pattern of the form
+
+         (*LIMIT_RECURSION=d)
+
+       where d is a decimal number. However, such a setting is ignored  unless
+       d  is  less  than  the limit set by the caller of pcre_exec() or, if no
+       such limit is set, less than the default.
+
+       The callout_data field is used in conjunction with the  "callout"  fea-
+       ture, and is described in the pcrecallout documentation.
+
+       The  tables field is provided for use with patterns that have been pre-
+       compiled using custom character tables, saved to disc or elsewhere, and
+       then  reloaded,  because the tables that were used to compile a pattern
+       are not saved with it. See the pcreprecompile documentation for a  dis-
+       cussion  of  saving  compiled patterns for later use. If NULL is passed
+       using this mechanism, it forces PCRE's internal tables to be used.
+
+       Warning: The tables that pcre_exec() uses must be  the  same  as  those
+       that  were used when the pattern was compiled. If this is not the case,
+       the behaviour of pcre_exec() is undefined. Therefore, when a pattern is
+       compiled  and  matched  in the same process, this field should never be
+       set. In this (the most common) case, the correct table pointer is auto-
+       matically  passed  with  the  compiled  pattern  from pcre_compile() to
+       pcre_exec().
+
+       If PCRE_EXTRA_MARK is set in the flags field, the mark  field  must  be
+       set  to point to a suitable variable. If the pattern contains any back-
+       tracking control verbs such as (*MARK:NAME), and the execution ends  up
+       with  a  name  to  pass back, a pointer to the name string (zero termi-
+       nated) is placed in the variable pointed to  by  the  mark  field.  The
+       names  are  within  the  compiled pattern; if you wish to retain such a
+       name you must copy it before freeing the memory of a compiled  pattern.
+       If  there  is no name to pass back, the variable pointed to by the mark
+       field is set to NULL. For details of the  backtracking  control  verbs,
+       see the section entitled "Backtracking control" in the pcrepattern doc-
+       umentation.
+
+   Option bits for pcre_exec()
+
+       The unused bits of the options argument for pcre_exec() must  be  zero.
+       The  only  bits  that  may  be set are PCRE_ANCHORED, PCRE_NEWLINE_xxx,
+       PCRE_NOTBOL,   PCRE_NOTEOL,    PCRE_NOTEMPTY,    PCRE_NOTEMPTY_ATSTART,
+       PCRE_NO_START_OPTIMIZE,   PCRE_NO_UTF8_CHECK,   PCRE_PARTIAL_HARD,  and
+       PCRE_PARTIAL_SOFT.
+
+       If the pattern was successfully studied with one  of  the  just-in-time
+       (JIT) compile options, the only supported options for JIT execution are
+       PCRE_NO_UTF8_CHECK,    PCRE_NOTBOL,     PCRE_NOTEOL,     PCRE_NOTEMPTY,
+       PCRE_NOTEMPTY_ATSTART,  PCRE_PARTIAL_HARD, and PCRE_PARTIAL_SOFT. If an
+       unsupported option is used, JIT execution is disabled  and  the  normal
+       interpretive code in pcre_exec() is run.
+
+         PCRE_ANCHORED
+
+       The  PCRE_ANCHORED  option  limits pcre_exec() to matching at the first
+       matching position. If a pattern was  compiled  with  PCRE_ANCHORED,  or
+       turned  out to be anchored by virtue of its contents, it cannot be made
+       unachored at matching time.
+
+         PCRE_BSR_ANYCRLF
+         PCRE_BSR_UNICODE
+
+       These options (which are mutually exclusive) control what the \R escape
+       sequence  matches.  The choice is either to match only CR, LF, or CRLF,
+       or to match any Unicode newline sequence. These  options  override  the
+       choice that was made or defaulted when the pattern was compiled.
+
+         PCRE_NEWLINE_CR
+         PCRE_NEWLINE_LF
+         PCRE_NEWLINE_CRLF
+         PCRE_NEWLINE_ANYCRLF
+         PCRE_NEWLINE_ANY
+
+       These  options  override  the  newline  definition  that  was chosen or
+       defaulted when the pattern was compiled. For details, see the  descrip-
+       tion  of  pcre_compile()  above.  During  matching,  the newline choice
+       affects the behaviour of the dot, circumflex,  and  dollar  metacharac-
+       ters.  It may also alter the way the match position is advanced after a
+       match failure for an unanchored pattern.
+
+       When PCRE_NEWLINE_CRLF, PCRE_NEWLINE_ANYCRLF,  or  PCRE_NEWLINE_ANY  is
+       set,  and a match attempt for an unanchored pattern fails when the cur-
+       rent position is at a  CRLF  sequence,  and  the  pattern  contains  no
+       explicit  matches  for  CR  or  LF  characters,  the  match position is
+       advanced by two characters instead of one, in other words, to after the
+       CRLF.
+
+       The above rule is a compromise that makes the most common cases work as
+       expected. For example, if the  pattern  is  .+A  (and  the  PCRE_DOTALL
+       option is not set), it does not match the string "\r\nA" because, after
+       failing at the start, it skips both the CR and the LF before  retrying.
+       However,  the  pattern  [\r\n]A does match that string, because it con-
+       tains an explicit CR or LF reference, and so advances only by one char-
+       acter after the first failure.
+
+       An explicit match for CR of LF is either a literal appearance of one of
+       those characters, or one of the \r or  \n  escape  sequences.  Implicit
+       matches  such  as [^X] do not count, nor does \s (which includes CR and
+       LF in the characters that it matches).
+
+       Notwithstanding the above, anomalous effects may still occur when  CRLF
+       is a valid newline sequence and explicit \r or \n escapes appear in the
+       pattern.
+
+         PCRE_NOTBOL
+
+       This option specifies that first character of the subject string is not
+       the  beginning  of  a  line, so the circumflex metacharacter should not
+       match before it. Setting this without PCRE_MULTILINE (at compile  time)
+       causes  circumflex  never to match. This option affects only the behav-
+       iour of the circumflex metacharacter. It does not affect \A.
+
+         PCRE_NOTEOL
+
+       This option specifies that the end of the subject string is not the end
+       of  a line, so the dollar metacharacter should not match it nor (except
+       in multiline mode) a newline immediately before it. Setting this  with-
+       out PCRE_MULTILINE (at compile time) causes dollar never to match. This
+       option affects only the behaviour of the dollar metacharacter. It  does
+       not affect \Z or \z.
+
+         PCRE_NOTEMPTY
+
+       An empty string is not considered to be a valid match if this option is
+       set. If there are alternatives in the pattern, they are tried.  If  all
+       the  alternatives  match  the empty string, the entire match fails. For
+       example, if the pattern
+
+         a?b?
+
+       is applied to a string not beginning with "a" or  "b",  it  matches  an
+       empty  string at the start of the subject. With PCRE_NOTEMPTY set, this
+       match is not valid, so PCRE searches further into the string for occur-
+       rences of "a" or "b".
+
+         PCRE_NOTEMPTY_ATSTART
+
+       This  is  like PCRE_NOTEMPTY, except that an empty string match that is
+       not at the start of  the  subject  is  permitted.  If  the  pattern  is
+       anchored, such a match can occur only if the pattern contains \K.
+
+       Perl     has    no    direct    equivalent    of    PCRE_NOTEMPTY    or
+       PCRE_NOTEMPTY_ATSTART, but it does make a special  case  of  a  pattern
+       match  of  the empty string within its split() function, and when using
+       the /g modifier. It is  possible  to  emulate  Perl's  behaviour  after
+       matching a null string by first trying the match again at the same off-
+       set with PCRE_NOTEMPTY_ATSTART and  PCRE_ANCHORED,  and  then  if  that
+       fails, by advancing the starting offset (see below) and trying an ordi-
+       nary match again. There is some code that demonstrates how to  do  this
+       in  the  pcredemo sample program. In the most general case, you have to
+       check to see if the newline convention recognizes CRLF  as  a  newline,
+       and  if so, and the current character is CR followed by LF, advance the
+       starting offset by two characters instead of one.
+
+         PCRE_NO_START_OPTIMIZE
+
+       There are a number of optimizations that pcre_exec() uses at the  start
+       of  a  match,  in  order to speed up the process. For example, if it is
+       known that an unanchored match must start with a specific character, it
+       searches  the  subject  for that character, and fails immediately if it
+       cannot find it, without actually running the  main  matching  function.
+       This means that a special item such as (*COMMIT) at the start of a pat-
+       tern is not considered until after a suitable starting  point  for  the
+       match  has been found. Also, when callouts or (*MARK) items are in use,
+       these "start-up" optimizations can cause them to be skipped if the pat-
+       tern is never actually used. The start-up optimizations are in effect a
+       pre-scan of the subject that takes place before the pattern is run.
+
+       The PCRE_NO_START_OPTIMIZE option disables the start-up  optimizations,
+       possibly  causing  performance  to  suffer,  but ensuring that in cases
+       where the result is "no match", the callouts do occur, and  that  items
+       such as (*COMMIT) and (*MARK) are considered at every possible starting
+       position in the subject string. If  PCRE_NO_START_OPTIMIZE  is  set  at
+       compile  time,  it  cannot  be  unset  at  matching  time.  The  use of
+       PCRE_NO_START_OPTIMIZE  at  matching  time  (that  is,  passing  it  to
+       pcre_exec())  disables  JIT  execution;  in this situation, matching is
+       always done using interpretively.
+
+       Setting PCRE_NO_START_OPTIMIZE can change the  outcome  of  a  matching
+       operation.  Consider the pattern
+
+         (*COMMIT)ABC
+
+       When  this  is  compiled, PCRE records the fact that a match must start
+       with the character "A". Suppose the subject  string  is  "DEFABC".  The
+       start-up  optimization  scans along the subject, finds "A" and runs the
+       first match attempt from there. The (*COMMIT) item means that the  pat-
+       tern  must  match the current starting position, which in this case, it
+       does. However, if the same match  is  run  with  PCRE_NO_START_OPTIMIZE
+       set,  the  initial  scan  along the subject string does not happen. The
+       first match attempt is run starting  from  "D"  and  when  this  fails,
+       (*COMMIT)  prevents  any  further  matches  being tried, so the overall
+       result is "no match". If the pattern is studied,  more  start-up  opti-
+       mizations  may  be  used. For example, a minimum length for the subject
+       may be recorded. Consider the pattern
+
+         (*MARK:A)(X|Y)
+
+       The minimum length for a match is one  character.  If  the  subject  is
+       "ABC",  there  will  be  attempts  to  match "ABC", "BC", "C", and then
+       finally an empty string.  If the pattern is studied, the final  attempt
+       does  not take place, because PCRE knows that the subject is too short,
+       and so the (*MARK) is never encountered.  In this  case,  studying  the
+       pattern  does  not  affect the overall match result, which is still "no
+       match", but it does affect the auxiliary information that is returned.
+
+         PCRE_NO_UTF8_CHECK
+
+       When PCRE_UTF8 is set at compile time, the validity of the subject as a
+       UTF-8  string is automatically checked when pcre_exec() is subsequently
+       called.  The entire string is checked before any other processing takes
+       place.  The  value  of  startoffset  is  also checked to ensure that it
+       points to the start of a UTF-8 character. There is a  discussion  about
+       the  validity  of  UTF-8 strings in the pcreunicode page. If an invalid
+       sequence  of  bytes   is   found,   pcre_exec()   returns   the   error
+       PCRE_ERROR_BADUTF8 or, if PCRE_PARTIAL_HARD is set and the problem is a
+       truncated character at the end of the subject, PCRE_ERROR_SHORTUTF8. In
+       both  cases, information about the precise nature of the error may also
+       be returned (see the descriptions of these errors in the section  enti-
+       tled  Error return values from pcre_exec() below).  If startoffset con-
+       tains a value that does not point to the start of a UTF-8 character (or
+       to the end of the subject), PCRE_ERROR_BADUTF8_OFFSET is returned.
+
+       If  you  already  know that your subject is valid, and you want to skip
+       these   checks   for   performance   reasons,   you   can    set    the
+       PCRE_NO_UTF8_CHECK  option  when calling pcre_exec(). You might want to
+       do this for the second and subsequent calls to pcre_exec() if  you  are
+       making  repeated  calls  to  find  all  the matches in a single subject
+       string. However, you should be  sure  that  the  value  of  startoffset
+       points  to  the  start of a character (or the end of the subject). When
+       PCRE_NO_UTF8_CHECK is set, the effect of passing an invalid string as a
+       subject  or  an invalid value of startoffset is undefined. Your program
+       may crash or loop.
+
+         PCRE_PARTIAL_HARD
+         PCRE_PARTIAL_SOFT
+
+       These options turn on the partial matching feature. For backwards  com-
+       patibility,  PCRE_PARTIAL is a synonym for PCRE_PARTIAL_SOFT. A partial
+       match occurs if the end of the subject string is reached  successfully,
+       but  there  are not enough subject characters to complete the match. If
+       this happens when PCRE_PARTIAL_SOFT (but not PCRE_PARTIAL_HARD) is set,
+       matching  continues  by  testing any remaining alternatives. Only if no
+       complete match can be found is PCRE_ERROR_PARTIAL returned  instead  of
+       PCRE_ERROR_NOMATCH.  In  other  words,  PCRE_PARTIAL_SOFT says that the
+       caller is prepared to handle a partial match, but only if  no  complete
+       match can be found.
+
+       If  PCRE_PARTIAL_HARD  is  set, it overrides PCRE_PARTIAL_SOFT. In this
+       case, if a partial match  is  found,  pcre_exec()  immediately  returns
+       PCRE_ERROR_PARTIAL,  without  considering  any  other  alternatives. In
+       other words, when PCRE_PARTIAL_HARD is set, a partial match is  consid-
+       ered to be more important that an alternative complete match.
+
+       In  both  cases,  the portion of the string that was inspected when the
+       partial match was found is set as the first matching string. There is a
+       more  detailed  discussion  of partial and multi-segment matching, with
+       examples, in the pcrepartial documentation.
+
+   The string to be matched by pcre_exec()
+
+       The subject string is passed to pcre_exec() as a pointer in subject,  a
+       length  in  length, and a starting offset in startoffset. The units for
+       length and startoffset are bytes for the  8-bit  library,  16-bit  data
+       items  for  the  16-bit  library,  and 32-bit data items for the 32-bit
+       library.
+
+       If startoffset is negative or greater than the length of  the  subject,
+       pcre_exec()  returns  PCRE_ERROR_BADOFFSET. When the starting offset is
+       zero, the search for a match starts at the beginning  of  the  subject,
+       and  this  is by far the most common case. In UTF-8 or UTF-16 mode, the
+       offset must point to the start of a character, or the end of  the  sub-
+       ject  (in  UTF-32 mode, one data unit equals one character, so all off-
+       sets are valid). Unlike the pattern string,  the  subject  may  contain
+       binary zeroes.
+
+       A  non-zero  starting offset is useful when searching for another match
+       in the same subject by calling pcre_exec() again after a previous  suc-
+       cess.   Setting  startoffset differs from just passing over a shortened
+       string and setting PCRE_NOTBOL in the case of  a  pattern  that  begins
+       with any kind of lookbehind. For example, consider the pattern
+
+         \Biss\B
+
+       which  finds  occurrences  of "iss" in the middle of words. (\B matches
+       only if the current position in the subject is not  a  word  boundary.)
+       When  applied  to the string "Mississipi" the first call to pcre_exec()
+       finds the first occurrence. If pcre_exec() is called  again  with  just
+       the  remainder  of  the  subject,  namely  "issipi", it does not match,
+       because \B is always false at the start of the subject, which is deemed
+       to  be  a  word  boundary. However, if pcre_exec() is passed the entire
+       string again, but with startoffset set to 4, it finds the second occur-
+       rence  of "iss" because it is able to look behind the starting point to
+       discover that it is preceded by a letter.
+
+       Finding all the matches in a subject is tricky  when  the  pattern  can
+       match an empty string. It is possible to emulate Perl's /g behaviour by
+       first  trying  the  match  again  at  the   same   offset,   with   the
+       PCRE_NOTEMPTY_ATSTART  and  PCRE_ANCHORED  options,  and  then  if that
+       fails, advancing the starting  offset  and  trying  an  ordinary  match
+       again. There is some code that demonstrates how to do this in the pcre-
+       demo sample program. In the most general case, you have to check to see
+       if  the newline convention recognizes CRLF as a newline, and if so, and
+       the current character is CR followed by LF, advance the starting offset
+       by two characters instead of one.
+
+       If  a  non-zero starting offset is passed when the pattern is anchored,
+       one attempt to match at the given offset is made. This can only succeed
+       if  the  pattern  does  not require the match to be at the start of the
+       subject.
+
+   How pcre_exec() returns captured substrings
+
+       In general, a pattern matches a certain portion of the subject, and  in
+       addition,  further  substrings  from  the  subject may be picked out by
+       parts of the pattern. Following the usage  in  Jeffrey  Friedl's  book,
+       this  is  called "capturing" in what follows, and the phrase "capturing
+       subpattern" is used for a fragment of a pattern that picks out  a  sub-
+       string.  PCRE  supports several other kinds of parenthesized subpattern
+       that do not cause substrings to be captured.
+
+       Captured substrings are returned to the caller via a vector of integers
+       whose  address is passed in ovector. The number of elements in the vec-
+       tor is passed in ovecsize, which must be a non-negative  number.  Note:
+       this argument is NOT the size of ovector in bytes.
+
+       The  first  two-thirds of the vector is used to pass back captured sub-
+       strings, each substring using a pair of integers. The  remaining  third
+       of  the  vector is used as workspace by pcre_exec() while matching cap-
+       turing subpatterns, and is not available for passing back  information.
+       The  number passed in ovecsize should always be a multiple of three. If
+       it is not, it is rounded down.
+
+       When a match is successful, information about  captured  substrings  is
+       returned  in  pairs  of integers, starting at the beginning of ovector,
+       and continuing up to two-thirds of its length at the  most.  The  first
+       element  of  each pair is set to the offset of the first character in a
+       substring, and the second is set to the offset of the  first  character
+       after  the  end  of a substring. These values are always data unit off-
+       sets, even in UTF mode. They are byte offsets  in  the  8-bit  library,
+       16-bit  data  item  offsets in the 16-bit library, and 32-bit data item
+       offsets in the 32-bit library. Note: they are not character counts.
+
+       The first pair of integers, ovector[0]  and  ovector[1],  identify  the
+       portion  of  the subject string matched by the entire pattern. The next
+       pair is used for the first capturing subpattern, and so on.  The  value
+       returned by pcre_exec() is one more than the highest numbered pair that
+       has been set.  For example, if two substrings have been  captured,  the
+       returned  value is 3. If there are no capturing subpatterns, the return
+       value from a successful match is 1, indicating that just the first pair
+       of offsets has been set.
+
+       If a capturing subpattern is matched repeatedly, it is the last portion
+       of the string that it matched that is returned.
+
+       If the vector is too small to hold all the captured substring  offsets,
+       it is used as far as possible (up to two-thirds of its length), and the
+       function returns a value of zero. If neither the actual string  matched
+       nor  any captured substrings are of interest, pcre_exec() may be called
+       with ovector passed as NULL and ovecsize as zero. However, if the  pat-
+       tern  contains  back  references  and  the ovector is not big enough to
+       remember the related substrings, PCRE has to get additional memory  for
+       use  during matching. Thus it is usually advisable to supply an ovector
+       of reasonable size.
+
+       There are some cases where zero is returned  (indicating  vector  over-
+       flow)  when  in fact the vector is exactly the right size for the final
+       match. For example, consider the pattern
+
+         (a)(?:(b)c|bd)
+
+       If a vector of 6 elements (allowing for only 1 captured  substring)  is
+       given with subject string "abd", pcre_exec() will try to set the second
+       captured string, thereby recording a vector overflow, before failing to
+       match  "c"  and  backing  up  to  try  the second alternative. The zero
+       return, however, does correctly indicate that  the  maximum  number  of
+       slots (namely 2) have been filled. In similar cases where there is tem-
+       porary overflow, but the final number of used slots  is  actually  less
+       than the maximum, a non-zero value is returned.
+
+       The pcre_fullinfo() function can be used to find out how many capturing
+       subpatterns there are in a compiled  pattern.  The  smallest  size  for
+       ovector  that  will allow for n captured substrings, in addition to the
+       offsets of the substring matched by the whole pattern, is (n+1)*3.
+
+       It is possible for capturing subpattern number n+1 to match  some  part
+       of the subject when subpattern n has not been used at all. For example,
+       if the string "abc" is matched  against  the  pattern  (a|(z))(bc)  the
+       return from the function is 4, and subpatterns 1 and 3 are matched, but
+       2 is not. When this happens, both values in  the  offset  pairs  corre-
+       sponding to unused subpatterns are set to -1.
+
+       Offset  values  that correspond to unused subpatterns at the end of the
+       expression are also set to -1. For example,  if  the  string  "abc"  is
+       matched  against the pattern (abc)(x(yz)?)? subpatterns 2 and 3 are not
+       matched. The return from the function is 2, because  the  highest  used
+       capturing  subpattern  number  is 1, and the offsets for for the second
+       and third capturing subpatterns (assuming the vector is  large  enough,
+       of course) are set to -1.
+
+       Note:  Elements  in  the first two-thirds of ovector that do not corre-
+       spond to capturing parentheses in the pattern are never  changed.  That
+       is,  if  a pattern contains n capturing parentheses, no more than ovec-
+       tor[0] to ovector[2n+1] are set by pcre_exec(). The other elements  (in
+       the first two-thirds) retain whatever values they previously had.
+
+       Some  convenience  functions  are  provided for extracting the captured
+       substrings as separate strings. These are described below.
+
+   Error return values from pcre_exec()
+
+       If pcre_exec() fails, it returns a negative number. The  following  are
+       defined in the header file:
+
+         PCRE_ERROR_NOMATCH        (-1)
+
+       The subject string did not match the pattern.
+
+         PCRE_ERROR_NULL           (-2)
+
+       Either  code  or  subject  was  passed as NULL, or ovector was NULL and
+       ovecsize was not zero.
+
+         PCRE_ERROR_BADOPTION      (-3)
+
+       An unrecognized bit was set in the options argument.
+
+         PCRE_ERROR_BADMAGIC       (-4)
+
+       PCRE stores a 4-byte "magic number" at the start of the compiled  code,
+       to catch the case when it is passed a junk pointer and to detect when a
+       pattern that was compiled in an environment of one endianness is run in
+       an  environment  with the other endianness. This is the error that PCRE
+       gives when the magic number is not present.
+
+         PCRE_ERROR_UNKNOWN_OPCODE (-5)
+
+       While running the pattern match, an unknown item was encountered in the
+       compiled  pattern.  This  error  could be caused by a bug in PCRE or by
+       overwriting of the compiled pattern.
+
+         PCRE_ERROR_NOMEMORY       (-6)
+
+       If a pattern contains back references, but the ovector that  is  passed
+       to pcre_exec() is not big enough to remember the referenced substrings,
+       PCRE gets a block of memory at the start of matching to  use  for  this
+       purpose.  If the call via pcre_malloc() fails, this error is given. The
+       memory is automatically freed at the end of matching.
+
+       This error is also given if pcre_stack_malloc() fails  in  pcre_exec().
+       This  can happen only when PCRE has been compiled with --disable-stack-
+       for-recursion.
+
+         PCRE_ERROR_NOSUBSTRING    (-7)
+
+       This error is used by the pcre_copy_substring(),  pcre_get_substring(),
+       and  pcre_get_substring_list()  functions  (see  below).  It  is  never
+       returned by pcre_exec().
+
+         PCRE_ERROR_MATCHLIMIT     (-8)
+
+       The backtracking limit, as specified by  the  match_limit  field  in  a
+       pcre_extra  structure  (or  defaulted) was reached. See the description
+       above.
+
+         PCRE_ERROR_CALLOUT        (-9)
+
+       This error is never generated by pcre_exec() itself. It is provided for
+       use  by  callout functions that want to yield a distinctive error code.
+       See the pcrecallout documentation for details.
+
+         PCRE_ERROR_BADUTF8        (-10)
+
+       A string that contains an invalid UTF-8 byte sequence was passed  as  a
+       subject,  and the PCRE_NO_UTF8_CHECK option was not set. If the size of
+       the output vector (ovecsize) is at least 2,  the  byte  offset  to  the
+       start  of  the  the invalid UTF-8 character is placed in the first ele-
+       ment, and a reason code is placed in the  second  element.  The  reason
+       codes are listed in the following section.  For backward compatibility,
+       if PCRE_PARTIAL_HARD is set and the problem is a truncated UTF-8  char-
+       acter   at   the   end   of   the   subject  (reason  codes  1  to  5),
+       PCRE_ERROR_SHORTUTF8 is returned instead of PCRE_ERROR_BADUTF8.
+
+         PCRE_ERROR_BADUTF8_OFFSET (-11)
+
+       The UTF-8 byte sequence that was passed as a subject  was  checked  and
+       found  to be valid (the PCRE_NO_UTF8_CHECK option was not set), but the
+       value of startoffset did not point to the beginning of a UTF-8  charac-
+       ter or the end of the subject.
+
+         PCRE_ERROR_PARTIAL        (-12)
+
+       The  subject  string did not match, but it did match partially. See the
+       pcrepartial documentation for details of partial matching.
+
+         PCRE_ERROR_BADPARTIAL     (-13)
+
+       This code is no longer in  use.  It  was  formerly  returned  when  the
+       PCRE_PARTIAL  option  was used with a compiled pattern containing items
+       that were  not  supported  for  partial  matching.  From  release  8.00
+       onwards, there are no restrictions on partial matching.
+
+         PCRE_ERROR_INTERNAL       (-14)
+
+       An  unexpected  internal error has occurred. This error could be caused
+       by a bug in PCRE or by overwriting of the compiled pattern.
+
+         PCRE_ERROR_BADCOUNT       (-15)
+
+       This error is given if the value of the ovecsize argument is negative.
+
+         PCRE_ERROR_RECURSIONLIMIT (-21)
+
+       The internal recursion limit, as specified by the match_limit_recursion
+       field  in  a  pcre_extra  structure (or defaulted) was reached. See the
+       description above.
+
+         PCRE_ERROR_BADNEWLINE     (-23)
+
+       An invalid combination of PCRE_NEWLINE_xxx options was given.
+
+         PCRE_ERROR_BADOFFSET      (-24)
+
+       The value of startoffset was negative or greater than the length of the
+       subject, that is, the value in length.
+
+         PCRE_ERROR_SHORTUTF8      (-25)
+
+       This  error  is returned instead of PCRE_ERROR_BADUTF8 when the subject
+       string ends with a truncated UTF-8 character and the  PCRE_PARTIAL_HARD
+       option  is  set.   Information  about  the  failure  is returned as for
+       PCRE_ERROR_BADUTF8. It is in fact sufficient to detect this  case,  but
+       this  special error code for PCRE_PARTIAL_HARD precedes the implementa-
+       tion of returned information; it is retained for backwards  compatibil-
+       ity.
+
+         PCRE_ERROR_RECURSELOOP    (-26)
+
+       This error is returned when pcre_exec() detects a recursion loop within
+       the pattern. Specifically, it means that either the whole pattern or  a
+       subpattern  has been called recursively for the second time at the same
+       position in the subject string. Some simple patterns that might do this
+       are  detected  and faulted at compile time, but more complicated cases,
+       in particular mutual recursions between two different subpatterns, can-
+       not be detected until run time.
+
+         PCRE_ERROR_JIT_STACKLIMIT (-27)
+
+       This  error  is  returned  when a pattern that was successfully studied
+       using a JIT compile option is being matched, but the  memory  available
+       for  the  just-in-time  processing  stack  is not large enough. See the
+       pcrejit documentation for more details.
+
+         PCRE_ERROR_BADMODE        (-28)
+
+       This error is given if a pattern that was compiled by the 8-bit library
+       is passed to a 16-bit or 32-bit library function, or vice versa.
+
+         PCRE_ERROR_BADENDIANNESS  (-29)
+
+       This  error  is  given  if  a  pattern  that  was compiled and saved is
+       reloaded on a host with  different  endianness.  The  utility  function
+       pcre_pattern_to_host_byte_order() can be used to convert such a pattern
+       so that it runs on the new host.
+
+         PCRE_ERROR_JIT_BADOPTION
+
+       This error is returned when a pattern  that  was  successfully  studied
+       using  a  JIT  compile  option  is being matched, but the matching mode
+       (partial or complete match) does not correspond to any JIT  compilation
+       mode.  When  the JIT fast path function is used, this error may be also
+       given for invalid options.  See  the  pcrejit  documentation  for  more
+       details.
+
+         PCRE_ERROR_BADLENGTH      (-32)
+
+       This  error is given if pcre_exec() is called with a negative value for
+       the length argument.
+
+       Error numbers -16 to -20, -22, and 30 are not used by pcre_exec().
+
+   Reason codes for invalid UTF-8 strings
+
+       This section applies only  to  the  8-bit  library.  The  corresponding
+       information  for the 16-bit and 32-bit libraries is given in the pcre16
+       and pcre32 pages.
+
+       When pcre_exec() returns either PCRE_ERROR_BADUTF8 or PCRE_ERROR_SHORT-
+       UTF8,  and  the size of the output vector (ovecsize) is at least 2, the
+       offset of the start of the invalid UTF-8 character  is  placed  in  the
+       first output vector element (ovector[0]) and a reason code is placed in
+       the second element (ovector[1]). The reason codes are  given  names  in
+       the pcre.h header file:
+
+         PCRE_UTF8_ERR1
+         PCRE_UTF8_ERR2
+         PCRE_UTF8_ERR3
+         PCRE_UTF8_ERR4
+         PCRE_UTF8_ERR5
+
+       The  string  ends  with a truncated UTF-8 character; the code specifies
+       how many bytes are missing (1 to 5). Although RFC 3629 restricts  UTF-8
+       characters  to  be  no longer than 4 bytes, the encoding scheme (origi-
+       nally defined by RFC 2279) allows for  up  to  6  bytes,  and  this  is
+       checked first; hence the possibility of 4 or 5 missing bytes.
+
+         PCRE_UTF8_ERR6
+         PCRE_UTF8_ERR7
+         PCRE_UTF8_ERR8
+         PCRE_UTF8_ERR9
+         PCRE_UTF8_ERR10
+
+       The two most significant bits of the 2nd, 3rd, 4th, 5th, or 6th byte of
+       the character do not have the binary value 0b10 (that  is,  either  the
+       most significant bit is 0, or the next bit is 1).
+
+         PCRE_UTF8_ERR11
+         PCRE_UTF8_ERR12
+
+       A  character that is valid by the RFC 2279 rules is either 5 or 6 bytes
+       long; these code points are excluded by RFC 3629.
+
+         PCRE_UTF8_ERR13
+
+       A 4-byte character has a value greater than 0x10fff; these code  points
+       are excluded by RFC 3629.
+
+         PCRE_UTF8_ERR14
+
+       A  3-byte  character  has  a  value in the range 0xd800 to 0xdfff; this
+       range of code points are reserved by RFC 3629 for use with UTF-16,  and
+       so are excluded from UTF-8.
+
+         PCRE_UTF8_ERR15
+         PCRE_UTF8_ERR16
+         PCRE_UTF8_ERR17
+         PCRE_UTF8_ERR18
+         PCRE_UTF8_ERR19
+
+       A  2-, 3-, 4-, 5-, or 6-byte character is "overlong", that is, it codes
+       for a value that can be represented by fewer bytes, which  is  invalid.
+       For  example,  the two bytes 0xc0, 0xae give the value 0x2e, whose cor-
+       rect coding uses just one byte.
+
+         PCRE_UTF8_ERR20
+
+       The two most significant bits of the first byte of a character have the
+       binary  value 0b10 (that is, the most significant bit is 1 and the sec-
+       ond is 0). Such a byte can only validly occur as the second  or  subse-
+       quent byte of a multi-byte character.
+
+         PCRE_UTF8_ERR21
+
+       The  first byte of a character has the value 0xfe or 0xff. These values
+       can never occur in a valid UTF-8 string.
+
+         PCRE_UTF8_ERR22
+
+       This error code was formerly used when  the  presence  of  a  so-called
+       "non-character"  caused an error. Unicode corrigendum #9 makes it clear
+       that such characters should not cause a string to be rejected,  and  so
+       this code is no longer in use and is never returned.
+
+
+EXTRACTING CAPTURED SUBSTRINGS BY NUMBER
+
+       int pcre_copy_substring(const char *subject, int *ovector,
+            int stringcount, int stringnumber, char *buffer,
+            int buffersize);
+
+       int pcre_get_substring(const char *subject, int *ovector,
+            int stringcount, int stringnumber,
+            const char **stringptr);
+
+       int pcre_get_substring_list(const char *subject,
+            int *ovector, int stringcount, const char ***listptr);
+
+       Captured  substrings  can  be  accessed  directly  by using the offsets
+       returned by pcre_exec() in  ovector.  For  convenience,  the  functions
+       pcre_copy_substring(),    pcre_get_substring(),    and    pcre_get_sub-
+       string_list() are provided for extracting captured substrings  as  new,
+       separate,  zero-terminated strings. These functions identify substrings
+       by number. The next section describes functions  for  extracting  named
+       substrings.
+
+       A  substring that contains a binary zero is correctly extracted and has
+       a further zero added on the end, but the result is not, of course, a  C
+       string.   However,  you  can  process such a string by referring to the
+       length that is  returned  by  pcre_copy_substring()  and  pcre_get_sub-
+       string().  Unfortunately, the interface to pcre_get_substring_list() is
+       not adequate for handling strings containing binary zeros, because  the
+       end of the final string is not independently indicated.
+
+       The  first  three  arguments  are the same for all three of these func-
+       tions: subject is the subject string that has  just  been  successfully
+       matched, ovector is a pointer to the vector of integer offsets that was
+       passed to pcre_exec(), and stringcount is the number of substrings that
+       were  captured  by  the match, including the substring that matched the
+       entire regular expression. This is the value returned by pcre_exec() if
+       it  is greater than zero. If pcre_exec() returned zero, indicating that
+       it ran out of space in ovector, the value passed as stringcount  should
+       be the number of elements in the vector divided by three.
+
+       The  functions pcre_copy_substring() and pcre_get_substring() extract a
+       single substring, whose number is given as  stringnumber.  A  value  of
+       zero  extracts  the  substring that matched the entire pattern, whereas
+       higher values  extract  the  captured  substrings.  For  pcre_copy_sub-
+       string(),  the  string  is  placed  in buffer, whose length is given by
+       buffersize, while for pcre_get_substring() a new  block  of  memory  is
+       obtained  via  pcre_malloc,  and its address is returned via stringptr.
+       The yield of the function is the length of the  string,  not  including
+       the terminating zero, or one of these error codes:
+
+         PCRE_ERROR_NOMEMORY       (-6)
+
+       The  buffer  was too small for pcre_copy_substring(), or the attempt to
+       get memory failed for pcre_get_substring().
+
+         PCRE_ERROR_NOSUBSTRING    (-7)
+
+       There is no substring whose number is stringnumber.
+
+       The pcre_get_substring_list()  function  extracts  all  available  sub-
+       strings  and  builds  a list of pointers to them. All this is done in a
+       single block of memory that is obtained via pcre_malloc. The address of
+       the  memory  block  is returned via listptr, which is also the start of
+       the list of string pointers. The end of the list is marked  by  a  NULL
+       pointer.  The  yield  of  the function is zero if all went well, or the
+       error code
+
+         PCRE_ERROR_NOMEMORY       (-6)
+
+       if the attempt to get the memory block failed.
+
+       When any of these functions encounter a substring that is unset,  which
+       can  happen  when  capturing subpattern number n+1 matches some part of
+       the subject, but subpattern n has not been used at all, they return  an
+       empty string. This can be distinguished from a genuine zero-length sub-
+       string by inspecting the appropriate offset in ovector, which is  nega-
+       tive for unset substrings.
+
+       The  two convenience functions pcre_free_substring() and pcre_free_sub-
+       string_list() can be used to free the memory  returned  by  a  previous
+       call  of  pcre_get_substring()  or  pcre_get_substring_list(),  respec-
+       tively. They do nothing more than  call  the  function  pointed  to  by
+       pcre_free,  which  of course could be called directly from a C program.
+       However, PCRE is used in some situations where it is linked via a  spe-
+       cial   interface  to  another  programming  language  that  cannot  use
+       pcre_free directly; it is for these cases that the functions  are  pro-
+       vided.
+
+
+EXTRACTING CAPTURED SUBSTRINGS BY NAME
+
+       int pcre_get_stringnumber(const pcre *code,
+            const char *name);
+
+       int pcre_copy_named_substring(const pcre *code,
+            const char *subject, int *ovector,
+            int stringcount, const char *stringname,
+            char *buffer, int buffersize);
+
+       int pcre_get_named_substring(const pcre *code,
+            const char *subject, int *ovector,
+            int stringcount, const char *stringname,
+            const char **stringptr);
+
+       To  extract a substring by name, you first have to find associated num-
+       ber.  For example, for this pattern
+
+         (a+)b(?<xxx>\d+)...
+
+       the number of the subpattern called "xxx" is 2. If the name is known to
+       be unique (PCRE_DUPNAMES was not set), you can find the number from the
+       name by calling pcre_get_stringnumber(). The first argument is the com-
+       piled pattern, and the second is the name. The yield of the function is
+       the subpattern number, or PCRE_ERROR_NOSUBSTRING (-7) if  there  is  no
+       subpattern of that name.
+
+       Given the number, you can extract the substring directly, or use one of
+       the functions described in the previous section. For convenience, there
+       are also two functions that do the whole job.
+
+       Most    of    the    arguments   of   pcre_copy_named_substring()   and
+       pcre_get_named_substring() are the same  as  those  for  the  similarly
+       named  functions  that extract by number. As these are described in the
+       previous section, they are not re-described here. There  are  just  two
+       differences:
+
+       First,  instead  of a substring number, a substring name is given. Sec-
+       ond, there is an extra argument, given at the start, which is a pointer
+       to  the compiled pattern. This is needed in order to gain access to the
+       name-to-number translation table.
+
+       These functions call pcre_get_stringnumber(), and if it succeeds,  they
+       then  call  pcre_copy_substring() or pcre_get_substring(), as appropri-
+       ate. NOTE: If PCRE_DUPNAMES is set and there are duplicate  names,  the
+       behaviour may not be what you want (see the next section).
+
+       Warning: If the pattern uses the (?| feature to set up multiple subpat-
+       terns with the same number, as described in the  section  on  duplicate
+       subpattern  numbers  in  the  pcrepattern page, you cannot use names to
+       distinguish the different subpatterns, because names are  not  included
+       in  the compiled code. The matching process uses only numbers. For this
+       reason, the use of different names for subpatterns of the  same  number
+       causes an error at compile time.
+
+
+DUPLICATE SUBPATTERN NAMES
+
+       int pcre_get_stringtable_entries(const pcre *code,
+            const char *name, char **first, char **last);
+
+       When  a  pattern  is  compiled with the PCRE_DUPNAMES option, names for
+       subpatterns are not required to be unique. (Duplicate names are  always
+       allowed  for subpatterns with the same number, created by using the (?|
+       feature. Indeed, if such subpatterns are named, they  are  required  to
+       use the same names.)
+
+       Normally, patterns with duplicate names are such that in any one match,
+       only one of the named subpatterns participates. An example is shown  in
+       the pcrepattern documentation.
+
+       When    duplicates   are   present,   pcre_copy_named_substring()   and
+       pcre_get_named_substring() return the first substring corresponding  to
+       the  given  name  that  is set. If none are set, PCRE_ERROR_NOSUBSTRING
+       (-7) is returned; no  data  is  returned.  The  pcre_get_stringnumber()
+       function  returns one of the numbers that are associated with the name,
+       but it is not defined which it is.
+
+       If you want to get full details of all captured substrings for a  given
+       name,  you  must  use  the pcre_get_stringtable_entries() function. The
+       first argument is the compiled pattern, and the second is the name. The
+       third  and  fourth  are  pointers to variables which are updated by the
+       function. After it has run, they point to the first and last entries in
+       the  name-to-number  table  for  the  given  name.  The function itself
+       returns the length of each entry,  or  PCRE_ERROR_NOSUBSTRING  (-7)  if
+       there  are none. The format of the table is described above in the sec-
+       tion entitled Information about a pattern above.  Given all  the  rele-
+       vant  entries  for the name, you can extract each of their numbers, and
+       hence the captured data, if any.
+
+
+FINDING ALL POSSIBLE MATCHES
+
+       The traditional matching function uses a  similar  algorithm  to  Perl,
+       which stops when it finds the first match, starting at a given point in
+       the subject. If you want to find all possible matches, or  the  longest
+       possible  match,  consider using the alternative matching function (see
+       below) instead. If you cannot use the alternative function,  but  still
+       need  to  find all possible matches, you can kludge it up by making use
+       of the callout facility, which is described in the pcrecallout documen-
+       tation.
+
+       What you have to do is to insert a callout right at the end of the pat-
+       tern.  When your callout function is called, extract and save the  cur-
+       rent  matched  substring.  Then  return  1, which forces pcre_exec() to
+       backtrack and try other alternatives. Ultimately, when it runs  out  of
+       matches, pcre_exec() will yield PCRE_ERROR_NOMATCH.
+
+
+OBTAINING AN ESTIMATE OF STACK USAGE
+
+       Matching  certain  patterns  using pcre_exec() can use a lot of process
+       stack, which in certain environments can be  rather  limited  in  size.
+       Some  users  find it helpful to have an estimate of the amount of stack
+       that is used by pcre_exec(), to help  them  set  recursion  limits,  as
+       described  in  the pcrestack documentation. The estimate that is output
+       by pcretest when called with the -m and -C options is obtained by call-
+       ing  pcre_exec with the values NULL, NULL, NULL, -999, and -999 for its
+       first five arguments.
+
+       Normally, if  its  first  argument  is  NULL,  pcre_exec()  immediately
+       returns  the negative error code PCRE_ERROR_NULL, but with this special
+       combination of arguments, it returns instead a  negative  number  whose
+       absolute  value  is the approximate stack frame size in bytes. (A nega-
+       tive number is used so that it is clear that no  match  has  happened.)
+       The  value  is  approximate  because  in some cases, recursive calls to
+       pcre_exec() occur when there are one or two additional variables on the
+       stack.
+
+       If  PCRE  has  been  compiled  to use the heap instead of the stack for
+       recursion, the value returned  is  the  size  of  each  block  that  is
+       obtained from the heap.
+
+
+MATCHING A PATTERN: THE ALTERNATIVE FUNCTION
+
+       int pcre_dfa_exec(const pcre *code, const pcre_extra *extra,
+            const char *subject, int length, int startoffset,
+            int options, int *ovector, int ovecsize,
+            int *workspace, int wscount);
+
+       The  function  pcre_dfa_exec()  is  called  to  match  a subject string
+       against a compiled pattern, using a matching algorithm that  scans  the
+       subject  string  just  once, and does not backtrack. This has different
+       characteristics to the normal algorithm, and  is  not  compatible  with
+       Perl.  Some  of the features of PCRE patterns are not supported. Never-
+       theless, there are times when this kind of matching can be useful.  For
+       a  discussion  of  the  two matching algorithms, and a list of features
+       that pcre_dfa_exec() does not support, see the pcrematching  documenta-
+       tion.
+
+       The  arguments  for  the  pcre_dfa_exec()  function are the same as for
+       pcre_exec(), plus two extras. The ovector argument is used in a differ-
+       ent  way,  and  this is described below. The other common arguments are
+       used in the same way as for pcre_exec(), so their  description  is  not
+       repeated here.
+
+       The  two  additional  arguments provide workspace for the function. The
+       workspace vector should contain at least 20 elements. It  is  used  for
+       keeping  track  of  multiple  paths  through  the  pattern  tree.  More
+       workspace will be needed for patterns and subjects where  there  are  a
+       lot of potential matches.
+
+       Here is an example of a simple call to pcre_dfa_exec():
+
+         int rc;
+         int ovector[10];
+         int wspace[20];
+         rc = pcre_dfa_exec(
+           re,             /* result of pcre_compile() */
+           NULL,           /* we didn't study the pattern */
+           "some string",  /* the subject string */
+           11,             /* the length of the subject string */
+           0,              /* start at offset 0 in the subject */
+           0,              /* default options */
+           ovector,        /* vector of integers for substring information */
+           10,             /* number of elements (NOT size in bytes) */
+           wspace,         /* working space vector */
+           20);            /* number of elements (NOT size in bytes) */
+
+   Option bits for pcre_dfa_exec()
+
+       The  unused  bits  of  the options argument for pcre_dfa_exec() must be
+       zero. The only bits  that  may  be  set  are  PCRE_ANCHORED,  PCRE_NEW-
+       LINE_xxx,        PCRE_NOTBOL,        PCRE_NOTEOL,        PCRE_NOTEMPTY,
+       PCRE_NOTEMPTY_ATSTART,      PCRE_NO_UTF8_CHECK,       PCRE_BSR_ANYCRLF,
+       PCRE_BSR_UNICODE,  PCRE_NO_START_OPTIMIZE, PCRE_PARTIAL_HARD, PCRE_PAR-
+       TIAL_SOFT, PCRE_DFA_SHORTEST, and PCRE_DFA_RESTART.  All but  the  last
+       four  of  these  are  exactly  the  same  as  for pcre_exec(), so their
+       description is not repeated here.
+
+         PCRE_PARTIAL_HARD
+         PCRE_PARTIAL_SOFT
+
+       These have the same general effect as they do for pcre_exec(), but  the
+       details  are  slightly  different.  When  PCRE_PARTIAL_HARD  is set for
+       pcre_dfa_exec(), it returns PCRE_ERROR_PARTIAL if the end of  the  sub-
+       ject  is  reached  and there is still at least one matching possibility
+       that requires additional characters. This happens even if some complete
+       matches have also been found. When PCRE_PARTIAL_SOFT is set, the return
+       code PCRE_ERROR_NOMATCH is converted into PCRE_ERROR_PARTIAL if the end
+       of  the  subject  is  reached, there have been no complete matches, but
+       there is still at least one matching possibility. The  portion  of  the
+       string  that  was inspected when the longest partial match was found is
+       set as the first matching string  in  both  cases.   There  is  a  more
+       detailed  discussion  of partial and multi-segment matching, with exam-
+       ples, in the pcrepartial documentation.
+
+         PCRE_DFA_SHORTEST
+
+       Setting the PCRE_DFA_SHORTEST option causes the matching  algorithm  to
+       stop as soon as it has found one match. Because of the way the alterna-
+       tive algorithm works, this is necessarily the shortest  possible  match
+       at the first possible matching point in the subject string.
+
+         PCRE_DFA_RESTART
+
+       When pcre_dfa_exec() returns a partial match, it is possible to call it
+       again, with additional subject characters, and have  it  continue  with
+       the  same match. The PCRE_DFA_RESTART option requests this action; when
+       it is set, the workspace and wscount options must  reference  the  same
+       vector  as  before  because data about the match so far is left in them
+       after a partial match. There is more discussion of this facility in the
+       pcrepartial documentation.
+
+   Successful returns from pcre_dfa_exec()
+
+       When  pcre_dfa_exec()  succeeds, it may have matched more than one sub-
+       string in the subject. Note, however, that all the matches from one run
+       of  the  function  start  at the same point in the subject. The shorter
+       matches are all initial substrings of the longer matches. For  example,
+       if the pattern
+
+         <.*>
+
+       is matched against the string
+
+         This is <something> <something else> <something further> no more
+
+       the three matched strings are
+
+         <something>
+         <something> <something else>
+         <something> <something else> <something further>
+
+       On  success,  the  yield of the function is a number greater than zero,
+       which is the number of matched substrings.  The  substrings  themselves
+       are  returned  in  ovector. Each string uses two elements; the first is
+       the offset to the start, and the second is the offset to  the  end.  In
+       fact,  all  the  strings  have the same start offset. (Space could have
+       been saved by giving this only once, but it was decided to retain  some
+       compatibility  with  the  way pcre_exec() returns data, even though the
+       meaning of the strings is different.)
+
+       The strings are returned in reverse order of length; that is, the long-
+       est  matching  string is given first. If there were too many matches to
+       fit into ovector, the yield of the function is zero, and the vector  is
+       filled  with  the  longest matches. Unlike pcre_exec(), pcre_dfa_exec()
+       can use the entire ovector for returning matched strings.
+
+       NOTE: PCRE's "auto-possessification" optimization  usually  applies  to
+       character  repeats at the end of a pattern (as well as internally). For
+       example, the pattern "a\d+" is compiled as if it were  "a\d++"  because
+       there is no point even considering the possibility of backtracking into
+       the repeated digits. For DFA matching, this means that only one  possi-
+       ble  match  is  found.  If  you really do want multiple matches in such
+       cases,  either  use  an  ungreedy   repeat   ("a\d+?")   or   set   the
+       PCRE_NO_AUTO_POSSESS option when compiling.
+
+   Error returns from pcre_dfa_exec()
+
+       The  pcre_dfa_exec()  function returns a negative number when it fails.
+       Many of the errors are the same  as  for  pcre_exec(),  and  these  are
+       described  above.   There are in addition the following errors that are
+       specific to pcre_dfa_exec():
+
+         PCRE_ERROR_DFA_UITEM      (-16)
+
+       This return is given if pcre_dfa_exec() encounters an item in the  pat-
+       tern  that  it  does not support, for instance, the use of \C or a back
+       reference.
+
+         PCRE_ERROR_DFA_UCOND      (-17)
+
+       This return is given if pcre_dfa_exec()  encounters  a  condition  item
+       that  uses  a back reference for the condition, or a test for recursion
+       in a specific group. These are not supported.
+
+         PCRE_ERROR_DFA_UMLIMIT    (-18)
+
+       This return is given if pcre_dfa_exec() is called with an  extra  block
+       that  contains  a  setting  of the match_limit or match_limit_recursion
+       fields. This is not supported (these fields  are  meaningless  for  DFA
+       matching).
+
+         PCRE_ERROR_DFA_WSSIZE     (-19)
+
+       This  return  is  given  if  pcre_dfa_exec()  runs  out of space in the
+       workspace vector.
+
+         PCRE_ERROR_DFA_RECURSE    (-20)
+
+       When a recursive subpattern is processed, the matching  function  calls
+       itself  recursively,  using  private vectors for ovector and workspace.
+       This error is given if the output vector  is  not  large  enough.  This
+       should be extremely rare, as a vector of size 1000 is used.
+
+         PCRE_ERROR_DFA_BADRESTART (-30)
+
+       When  pcre_dfa_exec()  is called with the PCRE_DFA_RESTART option, some
+       plausibility checks are made on the contents of  the  workspace,  which
+       should  contain  data about the previous partial match. If any of these
+       checks fail, this error is given.
+
+
+SEE ALSO
+
+       pcre16(3),  pcre32(3),  pcrebuild(3),  pcrecallout(3),   pcrecpp(3)(3),
+       pcrematching(3), pcrepartial(3), pcreposix(3), pcreprecompile(3), pcre-
+       sample(3), pcrestack(3).
+
+
+AUTHOR
+
+       Philip Hazel
+       University Computing Service
+       Cambridge CB2 3QH, England.
+
+
+REVISION
+
+       Last updated: 18 December 2015
+       Copyright (c) 1997-2015 University of Cambridge.
+------------------------------------------------------------------------------
+
+
+PCRECALLOUT(3)             Library Functions Manual             PCRECALLOUT(3)
+
+
+
+NAME
+       PCRE - Perl-compatible regular expressions
+
+SYNOPSIS
+
+       #include <pcre.h>
+
+       int (*pcre_callout)(pcre_callout_block *);
+
+       int (*pcre16_callout)(pcre16_callout_block *);
+
+       int (*pcre32_callout)(pcre32_callout_block *);
+
+
+DESCRIPTION
+
+       PCRE provides a feature called "callout", which is a means of temporar-
+       ily passing control to the caller of PCRE  in  the  middle  of  pattern
+       matching.  The  caller of PCRE provides an external function by putting
+       its entry point in the global variable pcre_callout (pcre16_callout for
+       the 16-bit library, pcre32_callout for the 32-bit library). By default,
+       this variable contains NULL, which disables all calling out.
+
+       Within a regular expression, (?C) indicates the  points  at  which  the
+       external  function  is  to  be  called. Different callout points can be
+       identified by putting a number less than 256 after the  letter  C.  The
+       default  value  is  zero.   For  example,  this pattern has two callout
+       points:
+
+         (?C1)abc(?C2)def
+
+       If the PCRE_AUTO_CALLOUT option bit is set when a pattern is  compiled,
+       PCRE  automatically  inserts callouts, all with number 255, before each
+       item in the pattern. For example, if PCRE_AUTO_CALLOUT is used with the
+       pattern
+
+         A(\d{2}|--)
+
+       it is processed as if it were
+
+       (?C255)A(?C255)((?C255)\d{2}(?C255)|(?C255)-(?C255)-(?C255))(?C255)
+
+       Notice  that  there  is a callout before and after each parenthesis and
+       alternation bar. If the pattern contains a conditional group whose con-
+       dition  is  an  assertion, an automatic callout is inserted immediately
+       before the condition. Such a callout may also be  inserted  explicitly,
+       for example:
+
+         (?(?C9)(?=a)ab|de)
+
+       This  applies only to assertion conditions (because they are themselves
+       independent groups).
+
+       Automatic callouts can be used for tracking  the  progress  of  pattern
+       matching.   The pcretest program has a pattern qualifier (/C) that sets
+       automatic callouts; when it is used, the output indicates how the  pat-
+       tern  is  being matched. This is useful information when you are trying
+       to optimize the performance of a particular pattern.
+
+
+MISSING CALLOUTS
+
+       You should be aware that, because of optimizations in the way PCRE com-
+       piles and matches patterns, callouts sometimes do not happen exactly as
+       you might expect.
+
+       At compile time, PCRE "auto-possessifies" repeated items when it  knows
+       that  what follows cannot be part of the repeat. For example, a+[bc] is
+       compiled as if it were a++[bc]. The pcretest output when  this  pattern
+       is  anchored  and  then  applied  with automatic callouts to the string
+       "aaaa" is:
+
+         --->aaaa
+          +0 ^        ^
+          +1 ^        a+
+          +3 ^   ^    [bc]
+         No match
+
+       This indicates that when matching [bc] fails, there is no  backtracking
+       into  a+  and  therefore the callouts that would be taken for the back-
+       tracks do not occur.  You can disable the  auto-possessify  feature  by
+       passing PCRE_NO_AUTO_POSSESS to pcre_compile(), or starting the pattern
+       with (*NO_AUTO_POSSESS). If this is done  in  pcretest  (using  the  /O
+       qualifier), the output changes to this:
+
+         --->aaaa
+          +0 ^        ^
+          +1 ^        a+
+          +3 ^   ^    [bc]
+          +3 ^  ^     [bc]
+          +3 ^ ^      [bc]
+          +3 ^^       [bc]
+         No match
+
+       This time, when matching [bc] fails, the matcher backtracks into a+ and
+       tries again, repeatedly, until a+ itself fails.
+
+       Other optimizations that provide fast "no match"  results  also  affect
+       callouts.  For example, if the pattern is
+
+         ab(?C4)cd
+
+       PCRE knows that any matching string must contain the letter "d". If the
+       subject string is "abyz", the lack of "d" means that  matching  doesn't
+       ever  start,  and  the  callout is never reached. However, with "abyd",
+       though the result is still no match, the callout is obeyed.
+
+       If the pattern is studied, PCRE knows the minimum length of a  matching
+       string,  and will immediately give a "no match" return without actually
+       running a match if the subject is not long enough, or,  for  unanchored
+       patterns, if it has been scanned far enough.
+
+       You  can disable these optimizations by passing the PCRE_NO_START_OPTI-
+       MIZE option to the matching function, or by starting the  pattern  with
+       (*NO_START_OPT).  This slows down the matching process, but does ensure
+       that callouts such as the example above are obeyed.
+
+
+THE CALLOUT INTERFACE
+
+       During matching, when PCRE reaches a callout point, the external  func-
+       tion defined by pcre_callout or pcre[16|32]_callout is called (if it is
+       set). This applies to both normal and DFA matching. The  only  argument
+       to   the   callout   function   is  a  pointer  to  a  pcre_callout  or
+       pcre[16|32]_callout block.  These  structures  contains  the  following
+       fields:
+
+         int           version;
+         int           callout_number;
+         int          *offset_vector;
+         const char   *subject;           (8-bit version)
+         PCRE_SPTR16   subject;           (16-bit version)
+         PCRE_SPTR32   subject;           (32-bit version)
+         int           subject_length;
+         int           start_match;
+         int           current_position;
+         int           capture_top;
+         int           capture_last;
+         void         *callout_data;
+         int           pattern_position;
+         int           next_item_length;
+         const unsigned char *mark;       (8-bit version)
+         const PCRE_UCHAR16  *mark;       (16-bit version)
+         const PCRE_UCHAR32  *mark;       (32-bit version)
+
+       The  version  field  is an integer containing the version number of the
+       block format. The initial version was 0; the current version is 2.  The
+       version  number  will  change  again in future if additional fields are
+       added, but the intention is never to remove any of the existing fields.
+
+       The callout_number field contains the number of the  callout,  as  com-
+       piled  into  the pattern (that is, the number after ?C for manual call-
+       outs, and 255 for automatically generated callouts).
+
+       The offset_vector field is a pointer to the vector of offsets that  was
+       passed  by  the  caller  to  the matching function. When pcre_exec() or
+       pcre[16|32]_exec() is used, the contents can be inspected, in order  to
+       extract  substrings  that  have been matched so far, in the same way as
+       for extracting substrings after a match  has  completed.  For  the  DFA
+       matching functions, this field is not useful.
+
+       The subject and subject_length fields contain copies of the values that
+       were passed to the matching function.
+
+       The start_match field normally contains the offset within  the  subject
+       at  which  the  current  match  attempt started. However, if the escape
+       sequence \K has been encountered, this value is changed to reflect  the
+       modified  starting  point.  If the pattern is not anchored, the callout
+       function may be called several times from the same point in the pattern
+       for different starting points in the subject.
+
+       The  current_position  field  contains the offset within the subject of
+       the current match pointer.
+
+       When the pcre_exec() or pcre[16|32]_exec()  is  used,  the  capture_top
+       field  contains  one  more than the number of the highest numbered cap-
+       tured substring so far. If no substrings have been captured, the  value
+       of  capture_top  is one. This is always the case when the DFA functions
+       are used, because they do not support captured substrings.
+
+       The capture_last field contains the number of the  most  recently  cap-
+       tured  substring. However, when a recursion exits, the value reverts to
+       what it was outside the recursion, as do the  values  of  all  captured
+       substrings.  If  no  substrings  have  been captured, the value of cap-
+       ture_last is -1. This is always the case for  the  DFA  matching  func-
+       tions.
+
+       The  callout_data  field  contains a value that is passed to a matching
+       function specifically so that it can be passed back in callouts. It  is
+       passed  in  the callout_data field of a pcre_extra or pcre[16|32]_extra
+       data structure. If no such data was passed, the value  of  callout_data
+       in  a  callout  block is NULL. There is a description of the pcre_extra
+       structure in the pcreapi documentation.
+
+       The pattern_position field is present from version  1  of  the  callout
+       structure. It contains the offset to the next item to be matched in the
+       pattern string.
+
+       The next_item_length field is present from version  1  of  the  callout
+       structure. It contains the length of the next item to be matched in the
+       pattern string. When the callout immediately  precedes  an  alternation
+       bar,  a  closing  parenthesis, or the end of the pattern, the length is
+       zero. When the callout precedes an opening parenthesis, the  length  is
+       that of the entire subpattern.
+
+       The  pattern_position  and next_item_length fields are intended to help
+       in distinguishing between different automatic callouts, which all  have
+       the same callout number. However, they are set for all callouts.
+
+       The  mark  field is present from version 2 of the callout structure. In
+       callouts from pcre_exec() or pcre[16|32]_exec() it contains  a  pointer
+       to  the  zero-terminated  name  of  the  most  recently passed (*MARK),
+       (*PRUNE), or (*THEN) item in the match, or NULL if no such  items  have
+       been  passed.  Instances  of  (*PRUNE) or (*THEN) without a name do not
+       obliterate a previous (*MARK). In callouts from the DFA matching  func-
+       tions this field always contains NULL.
+
+
+RETURN VALUES
+
+       The  external callout function returns an integer to PCRE. If the value
+       is zero, matching proceeds as normal. If  the  value  is  greater  than
+       zero,  matching  fails  at  the current point, but the testing of other
+       matching possibilities goes ahead, just as if a lookahead assertion had
+       failed.  If  the  value  is less than zero, the match is abandoned, the
+       matching function returns the negative value.
+
+       Negative  values  should  normally  be   chosen   from   the   set   of
+       PCRE_ERROR_xxx values. In particular, PCRE_ERROR_NOMATCH forces a stan-
+       dard "no  match"  failure.   The  error  number  PCRE_ERROR_CALLOUT  is
+       reserved  for  use  by callout functions; it will never be used by PCRE
+       itself.
+
+
+AUTHOR
+
+       Philip Hazel
+       University Computing Service
+       Cambridge CB2 3QH, England.
+
+
+REVISION
+
+       Last updated: 12 November 2013
+       Copyright (c) 1997-2013 University of Cambridge.
+------------------------------------------------------------------------------
+
+
+PCRECOMPAT(3)              Library Functions Manual              PCRECOMPAT(3)
+
+
+
+NAME
+       PCRE - Perl-compatible regular expressions
+
+DIFFERENCES BETWEEN PCRE AND PERL
+
+       This  document describes the differences in the ways that PCRE and Perl
+       handle regular expressions. The differences  described  here  are  with
+       respect to Perl versions 5.10 and above.
+
+       1. PCRE has only a subset of Perl's Unicode support. Details of what it
+       does have are given in the pcreunicode page.
+
+       2. PCRE allows repeat quantifiers only on parenthesized assertions, but
+       they  do  not mean what you might think. For example, (?!a){3} does not
+       assert that the next three characters are not "a". It just asserts that
+       the next character is not "a" three times (in principle: PCRE optimizes
+       this to run the assertion just once). Perl allows repeat quantifiers on
+       other assertions such as \b, but these do not seem to have any use.
+
+       3.  Capturing  subpatterns  that occur inside negative lookahead asser-
+       tions are counted, but their entries in the offsets  vector  are  never
+       set.  Perl sometimes (but not always) sets its numerical variables from
+       inside negative assertions.
+
+       4. Though binary zero characters are supported in the  subject  string,
+       they are not allowed in a pattern string because it is passed as a nor-
+       mal C string, terminated by zero. The escape sequence \0 can be used in
+       the pattern to represent a binary zero.
+
+       5.  The  following Perl escape sequences are not supported: \l, \u, \L,
+       \U, and \N when followed by a character name or Unicode value.  (\N  on
+       its own, matching a non-newline character, is supported.) In fact these
+       are implemented by Perl's general string-handling and are not  part  of
+       its  pattern  matching engine. If any of these are encountered by PCRE,
+       an error is generated by default. However, if the  PCRE_JAVASCRIPT_COM-
+       PAT  option  is set, \U and \u are interpreted as JavaScript interprets
+       them.
+
+       6. The Perl escape sequences \p, \P, and \X are supported only if  PCRE
+       is  built  with Unicode character property support. The properties that
+       can be tested with \p and \P are limited to the general category  prop-
+       erties  such  as  Lu and Nd, script names such as Greek or Han, and the
+       derived properties Any and L&. PCRE does  support  the  Cs  (surrogate)
+       property,  which  Perl  does  not; the Perl documentation says "Because
+       Perl hides the need for the user to understand the internal representa-
+       tion  of Unicode characters, there is no need to implement the somewhat
+       messy concept of surrogates."
+
+       7. PCRE does support the \Q...\E escape for quoting substrings. Charac-
+       ters  in  between  are  treated as literals. This is slightly different
+       from Perl in that $ and @ are  also  handled  as  literals  inside  the
+       quotes.  In Perl, they cause variable interpolation (but of course PCRE
+       does not have variables). Note the following examples:
+
+           Pattern            PCRE matches      Perl matches
+
+           \Qabc$xyz\E        abc$xyz           abc followed by the
+                                                  contents of $xyz
+           \Qabc\$xyz\E       abc\$xyz          abc\$xyz
+           \Qabc\E\$\Qxyz\E   abc$xyz           abc$xyz
+
+       The \Q...\E sequence is recognized both inside  and  outside  character
+       classes.
+
+       8. Fairly obviously, PCRE does not support the (?{code}) and (??{code})
+       constructions. However, there is support for recursive  patterns.  This
+       is  not  available  in Perl 5.8, but it is in Perl 5.10. Also, the PCRE
+       "callout" feature allows an external function to be called during  pat-
+       tern matching. See the pcrecallout documentation for details.
+
+       9.  Subpatterns  that  are called as subroutines (whether or not recur-
+       sively) are always treated as atomic  groups  in  PCRE.  This  is  like
+       Python,  but  unlike Perl.  Captured values that are set outside a sub-
+       routine call can be reference from inside in PCRE,  but  not  in  Perl.
+       There is a discussion that explains these differences in more detail in
+       the section on recursion differences from Perl in the pcrepattern page.
+
+       10. If any of the backtracking control verbs are used in  a  subpattern
+       that  is  called  as  a  subroutine (whether or not recursively), their
+       effect is confined to that subpattern; it does not extend to  the  sur-
+       rounding  pattern.  This is not always the case in Perl. In particular,
+       if (*THEN) is present in a group that is called as  a  subroutine,  its
+       action is limited to that group, even if the group does not contain any
+       | characters. Note that such subpatterns are processed as  anchored  at
+       the point where they are tested.
+
+       11.  If a pattern contains more than one backtracking control verb, the
+       first one that is backtracked onto acts. For example,  in  the  pattern
+       A(*COMMIT)B(*PRUNE)C  a  failure in B triggers (*COMMIT), but a failure
+       in C triggers (*PRUNE). Perl's behaviour is more complex; in many cases
+       it is the same as PCRE, but there are examples where it differs.
+
+       12.  Most  backtracking  verbs in assertions have their normal actions.
+       They are not confined to the assertion.
+
+       13. There are some differences that are concerned with the settings  of
+       captured  strings  when  part  of  a  pattern is repeated. For example,
+       matching "aba" against the  pattern  /^(a(b)?)+$/  in  Perl  leaves  $2
+       unset, but in PCRE it is set to "b".
+
+       14.  PCRE's handling of duplicate subpattern numbers and duplicate sub-
+       pattern names is not as general as Perl's. This is a consequence of the
+       fact the PCRE works internally just with numbers, using an external ta-
+       ble to translate between numbers and names. In  particular,  a  pattern
+       such  as  (?|(?<a>A)|(?<b>B),  where the two capturing parentheses have
+       the same number but different names, is not supported,  and  causes  an
+       error  at compile time. If it were allowed, it would not be possible to
+       distinguish which parentheses matched, because both names map  to  cap-
+       turing subpattern number 1. To avoid this confusing situation, an error
+       is given at compile time.
+
+       15. Perl recognizes comments in some places that  PCRE  does  not,  for
+       example,  between  the  ( and ? at the start of a subpattern. If the /x
+       modifier is set, Perl allows white space between ( and ?  (though  cur-
+       rent  Perls  warn that this is deprecated) but PCRE never does, even if
+       the PCRE_EXTENDED option is set.
+
+       16. Perl, when in warning mode, gives warnings  for  character  classes
+       such  as  [A-\d] or [a-[:digit:]]. It then treats the hyphens as liter-
+       als. PCRE has no warning features, so it gives an error in these  cases
+       because they are almost certainly user mistakes.
+
+       17.  In  PCRE,  the upper/lower case character properties Lu and Ll are
+       not affected when case-independent matching is specified. For  example,
+       \p{Lu} always matches an upper case letter. I think Perl has changed in
+       this respect; in the release at the time of writing (5.16), \p{Lu}  and
+       \p{Ll} match all letters, regardless of case, when case independence is
+       specified.
+
+       18. PCRE provides some extensions to the Perl regular expression facil-
+       ities.   Perl  5.10  includes new features that are not in earlier ver-
+       sions of Perl, some of which (such as named parentheses) have  been  in
+       PCRE for some time. This list is with respect to Perl 5.10:
+
+       (a)  Although  lookbehind  assertions  in  PCRE must match fixed length
+       strings, each alternative branch of a lookbehind assertion can match  a
+       different  length  of  string.  Perl requires them all to have the same
+       length.
+
+       (b) If PCRE_DOLLAR_ENDONLY is set and PCRE_MULTILINE is not set, the  $
+       meta-character matches only at the very end of the string.
+
+       (c) If PCRE_EXTRA is set, a backslash followed by a letter with no spe-
+       cial meaning is faulted. Otherwise, like Perl, the backslash is quietly
+       ignored.  (Perl can be made to issue a warning.)
+
+       (d)  If  PCRE_UNGREEDY is set, the greediness of the repetition quanti-
+       fiers is inverted, that is, by default they are not greedy, but if fol-
+       lowed by a question mark they are.
+
+       (e) PCRE_ANCHORED can be used at matching time to force a pattern to be
+       tried only at the first matching position in the subject string.
+
+       (f) The PCRE_NOTBOL, PCRE_NOTEOL, PCRE_NOTEMPTY, PCRE_NOTEMPTY_ATSTART,
+       and  PCRE_NO_AUTO_CAPTURE  options for pcre_exec() have no Perl equiva-
+       lents.
+
+       (g) The \R escape sequence can be restricted to match only CR,  LF,  or
+       CRLF by the PCRE_BSR_ANYCRLF option.
+
+       (h) The callout facility is PCRE-specific.
+
+       (i) The partial matching facility is PCRE-specific.
+
+       (j) Patterns compiled by PCRE can be saved and re-used at a later time,
+       even on different hosts that have the other endianness.  However,  this
+       does not apply to optimized data created by the just-in-time compiler.
+
+       (k)    The    alternative    matching    functions    (pcre_dfa_exec(),
+       pcre16_dfa_exec() and pcre32_dfa_exec(),) match in a different way  and
+       are not Perl-compatible.
+
+       (l)  PCRE  recognizes some special sequences such as (*CR) at the start
+       of a pattern that set overall options that cannot be changed within the
+       pattern.
+
+
+AUTHOR
+
+       Philip Hazel
+       University Computing Service
+       Cambridge CB2 3QH, England.
+
+
+REVISION
+
+       Last updated: 10 November 2013
+       Copyright (c) 1997-2013 University of Cambridge.
+------------------------------------------------------------------------------
+
+
+PCREPATTERN(3)             Library Functions Manual             PCREPATTERN(3)
+
+
+
+NAME
+       PCRE - Perl-compatible regular expressions
+
+PCRE REGULAR EXPRESSION DETAILS
+
+       The  syntax and semantics of the regular expressions that are supported
+       by PCRE are described in detail below. There is a quick-reference  syn-
+       tax summary in the pcresyntax page. PCRE tries to match Perl syntax and
+       semantics as closely as it can. PCRE  also  supports  some  alternative
+       regular  expression  syntax (which does not conflict with the Perl syn-
+       tax) in order to provide some compatibility with regular expressions in
+       Python, .NET, and Oniguruma.
+
+       Perl's  regular expressions are described in its own documentation, and
+       regular expressions in general are covered in a number of  books,  some
+       of  which  have  copious  examples. Jeffrey Friedl's "Mastering Regular
+       Expressions", published by  O'Reilly,  covers  regular  expressions  in
+       great  detail.  This  description  of  PCRE's  regular  expressions  is
+       intended as reference material.
+
+       This document discusses the patterns that are supported  by  PCRE  when
+       one    its    main   matching   functions,   pcre_exec()   (8-bit)   or
+       pcre[16|32]_exec() (16- or 32-bit), is used. PCRE also has  alternative
+       matching  functions,  pcre_dfa_exec()  and pcre[16|32_dfa_exec(), which
+       match using a different algorithm that is not Perl-compatible. Some  of
+       the  features  discussed  below  are not available when DFA matching is
+       used. The advantages and disadvantages of  the  alternative  functions,
+       and  how  they  differ  from the normal functions, are discussed in the
+       pcrematching page.
+
+
+SPECIAL START-OF-PATTERN ITEMS
+
+       A number of options that can be passed to pcre_compile()  can  also  be
+       set by special items at the start of a pattern. These are not Perl-com-
+       patible, but are provided to make these options accessible  to  pattern
+       writers  who are not able to change the program that processes the pat-
+       tern. Any number of these items  may  appear,  but  they  must  all  be
+       together right at the start of the pattern string, and the letters must
+       be in upper case.
+
+   UTF support
+
+       The original operation of PCRE was on strings of  one-byte  characters.
+       However,  there  is  now also support for UTF-8 strings in the original
+       library, an extra library that supports  16-bit  and  UTF-16  character
+       strings,  and a third library that supports 32-bit and UTF-32 character
+       strings. To use these features, PCRE must be built to include appropri-
+       ate  support. When using UTF strings you must either call the compiling
+       function with the PCRE_UTF8, PCRE_UTF16, or PCRE_UTF32 option,  or  the
+       pattern must start with one of these special sequences:
+
+         (*UTF8)
+         (*UTF16)
+         (*UTF32)
+         (*UTF)
+
+       (*UTF)  is  a  generic  sequence  that  can  be  used  with  any of the
+       libraries.  Starting a pattern with such a sequence  is  equivalent  to
+       setting  the  relevant  option.  How setting a UTF mode affects pattern
+       matching is mentioned in several places below. There is also a  summary
+       of features in the pcreunicode page.
+
+       Some applications that allow their users to supply patterns may wish to
+       restrict  them  to  non-UTF  data  for   security   reasons.   If   the
+       PCRE_NEVER_UTF  option  is  set  at  compile  time, (*UTF) etc. are not
+       allowed, and their appearance causes an error.
+
+   Unicode property support
+
+       Another special sequence that may appear at the start of a  pattern  is
+       (*UCP).   This  has  the same effect as setting the PCRE_UCP option: it
+       causes sequences such as \d and \w to use Unicode properties to  deter-
+       mine character types, instead of recognizing only characters with codes
+       less than 128 via a lookup table.
+
+   Disabling auto-possessification
+
+       If a pattern starts with (*NO_AUTO_POSSESS), it has the same effect  as
+       setting  the  PCRE_NO_AUTO_POSSESS  option  at compile time. This stops
+       PCRE from making quantifiers possessive when what follows cannot  match
+       the  repeated item. For example, by default a+b is treated as a++b. For
+       more details, see the pcreapi documentation.
+
+   Disabling start-up optimizations
+
+       If a pattern starts with (*NO_START_OPT), it has  the  same  effect  as
+       setting the PCRE_NO_START_OPTIMIZE option either at compile or matching
+       time. This disables several  optimizations  for  quickly  reaching  "no
+       match" results. For more details, see the pcreapi documentation.
+
+   Newline conventions
+
+       PCRE  supports five different conventions for indicating line breaks in
+       strings: a single CR (carriage return) character, a  single  LF  (line-
+       feed) character, the two-character sequence CRLF, any of the three pre-
+       ceding, or any Unicode newline sequence. The pcreapi page  has  further
+       discussion  about newlines, and shows how to set the newline convention
+       in the options arguments for the compiling and matching functions.
+
+       It is also possible to specify a newline convention by starting a  pat-
+       tern string with one of the following five sequences:
+
+         (*CR)        carriage return
+         (*LF)        linefeed
+         (*CRLF)      carriage return, followed by linefeed
+         (*ANYCRLF)   any of the three above
+         (*ANY)       all Unicode newline sequences
+
+       These override the default and the options given to the compiling func-
+       tion. For example, on a Unix system where LF  is  the  default  newline
+       sequence, the pattern
+
+         (*CR)a.b
+
+       changes the convention to CR. That pattern matches "a\nb" because LF is
+       no longer a newline. If more than one of these settings is present, the
+       last one is used.
+
+       The  newline  convention affects where the circumflex and dollar asser-
+       tions are true. It also affects the interpretation of the dot metachar-
+       acter when PCRE_DOTALL is not set, and the behaviour of \N. However, it
+       does not affect what the \R escape sequence matches. By  default,  this
+       is  any Unicode newline sequence, for Perl compatibility. However, this
+       can be changed; see the description of \R in the section entitled "New-
+       line  sequences"  below.  A change of \R setting can be combined with a
+       change of newline convention.
+
+   Setting match and recursion limits
+
+       The caller of pcre_exec() can set a limit on the number  of  times  the
+       internal  match() function is called and on the maximum depth of recur-
+       sive calls. These facilities are provided to catch runaway matches that
+       are provoked by patterns with huge matching trees (a typical example is
+       a pattern with nested unlimited repeats) and to avoid  running  out  of
+       system  stack  by  too  much  recursion.  When  one  of these limits is
+       reached, pcre_exec() gives an error return. The limits can also be  set
+       by items at the start of the pattern of the form
+
+         (*LIMIT_MATCH=d)
+         (*LIMIT_RECURSION=d)
+
+       where d is any number of decimal digits. However, the value of the set-
+       ting must be less than the value set (or defaulted) by  the  caller  of
+       pcre_exec()  for  it  to  have  any effect. In other words, the pattern
+       writer can lower the limits set by the programmer, but not raise  them.
+       If  there  is  more  than one setting of one of these limits, the lower
+       value is used.
+
+
+EBCDIC CHARACTER CODES
+
+       PCRE can be compiled to run in an environment that uses EBCDIC  as  its
+       character code rather than ASCII or Unicode (typically a mainframe sys-
+       tem). In the sections below, character code values are  ASCII  or  Uni-
+       code; in an EBCDIC environment these characters may have different code
+       values, and there are no code points greater than 255.
+
+
+CHARACTERS AND METACHARACTERS
+
+       A regular expression is a pattern that is  matched  against  a  subject
+       string  from  left  to right. Most characters stand for themselves in a
+       pattern, and match the corresponding characters in the  subject.  As  a
+       trivial example, the pattern
+
+         The quick brown fox
+
+       matches a portion of a subject string that is identical to itself. When
+       caseless matching is specified (the PCRE_CASELESS option), letters  are
+       matched  independently  of case. In a UTF mode, PCRE always understands
+       the concept of case for characters whose values are less than  128,  so
+       caseless  matching  is always possible. For characters with higher val-
+       ues, the concept of case is supported if PCRE is compiled with  Unicode
+       property  support,  but  not  otherwise.   If  you want to use caseless
+       matching for characters 128 and above, you must  ensure  that  PCRE  is
+       compiled with Unicode property support as well as with UTF support.
+
+       The  power  of  regular  expressions  comes from the ability to include
+       alternatives and repetitions in the pattern. These are encoded  in  the
+       pattern by the use of metacharacters, which do not stand for themselves
+       but instead are interpreted in some special way.
+
+       There are two different sets of metacharacters: those that  are  recog-
+       nized  anywhere in the pattern except within square brackets, and those
+       that are recognized within square brackets.  Outside  square  brackets,
+       the metacharacters are as follows:
+
+         \      general escape character with several uses
+         ^      assert start of string (or line, in multiline mode)
+         $      assert end of string (or line, in multiline mode)
+         .      match any character except newline (by default)
+         [      start character class definition
+         |      start of alternative branch
+         (      start subpattern
+         )      end subpattern
+         ?      extends the meaning of (
+                also 0 or 1 quantifier
+                also quantifier minimizer
+         *      0 or more quantifier
+         +      1 or more quantifier
+                also "possessive quantifier"
+         {      start min/max quantifier
+
+       Part  of  a  pattern  that is in square brackets is called a "character
+       class". In a character class the only metacharacters are:
+
+         \      general escape character
+         ^      negate the class, but only if the first character
+         -      indicates character range
+         [      POSIX character class (only if followed by POSIX
+                  syntax)
+         ]      terminates the character class
+
+       The following sections describe the use of each of the metacharacters.
+
+
+BACKSLASH
+
+       The backslash character has several uses. Firstly, if it is followed by
+       a character that is not a number or a letter, it takes away any special
+       meaning that character may have. This use of  backslash  as  an  escape
+       character applies both inside and outside character classes.
+
+       For  example,  if  you want to match a * character, you write \* in the
+       pattern.  This escaping action applies whether  or  not  the  following
+       character  would  otherwise be interpreted as a metacharacter, so it is
+       always safe to precede a non-alphanumeric  with  backslash  to  specify
+       that  it stands for itself. In particular, if you want to match a back-
+       slash, you write \\.
+
+       In a UTF mode, only ASCII numbers and letters have any special  meaning
+       after  a  backslash.  All  other characters (in particular, those whose
+       codepoints are greater than 127) are treated as literals.
+
+       If a pattern is compiled with  the  PCRE_EXTENDED  option,  most  white
+       space  in the pattern (other than in a character class), and characters
+       between a # outside a character class and the next newline,  inclusive,
+       are ignored. An escaping backslash can be used to include a white space
+       or # character as part of the pattern.
+
+       If you want to remove the special meaning from a  sequence  of  charac-
+       ters,  you can do so by putting them between \Q and \E. This is differ-
+       ent from Perl in that $ and  @  are  handled  as  literals  in  \Q...\E
+       sequences  in  PCRE, whereas in Perl, $ and @ cause variable interpola-
+       tion. Note the following examples:
+
+         Pattern            PCRE matches   Perl matches
+
+         \Qabc$xyz\E        abc$xyz        abc followed by the
+                                             contents of $xyz
+         \Qabc\$xyz\E       abc\$xyz       abc\$xyz
+         \Qabc\E\$\Qxyz\E   abc$xyz        abc$xyz
+
+       The \Q...\E sequence is recognized both inside  and  outside  character
+       classes.   An  isolated \E that is not preceded by \Q is ignored. If \Q
+       is not followed by \E later in the pattern, the literal  interpretation
+       continues  to  the  end  of  the pattern (that is, \E is assumed at the
+       end). If the isolated \Q is inside a character class,  this  causes  an
+       error, because the character class is not terminated.
+
+   Non-printing characters
+
+       A second use of backslash provides a way of encoding non-printing char-
+       acters in patterns in a visible manner. There is no restriction on  the
+       appearance  of non-printing characters, apart from the binary zero that
+       terminates a pattern, but when a pattern  is  being  prepared  by  text
+       editing,  it  is  often  easier  to  use  one  of  the following escape
+       sequences than the binary character it represents.  In an ASCII or Uni-
+       code environment, these escapes are as follows:
+
+         \a        alarm, that is, the BEL character (hex 07)
+         \cx       "control-x", where x is any ASCII character
+         \e        escape (hex 1B)
+         \f        form feed (hex 0C)
+         \n        linefeed (hex 0A)
+         \r        carriage return (hex 0D)
+         \t        tab (hex 09)
+         \0dd      character with octal code 0dd
+         \ddd      character with octal code ddd, or back reference
+         \o{ddd..} character with octal code ddd..
+         \xhh      character with hex code hh
+         \x{hhh..} character with hex code hhh.. (non-JavaScript mode)
+         \uhhhh    character with hex code hhhh (JavaScript mode only)
+
+       The  precise effect of \cx on ASCII characters is as follows: if x is a
+       lower case letter, it is converted to upper case. Then  bit  6  of  the
+       character (hex 40) is inverted. Thus \cA to \cZ become hex 01 to hex 1A
+       (A is 41, Z is 5A), but \c{ becomes hex 3B ({ is 7B), and  \c;  becomes
+       hex  7B (; is 3B). If the data item (byte or 16-bit value) following \c
+       has a value greater than 127, a compile-time error occurs.  This  locks
+       out non-ASCII characters in all modes.
+
+       When PCRE is compiled in EBCDIC mode, \a, \e, \f, \n, \r, and \t gener-
+       ate the appropriate EBCDIC code values. The \c escape is  processed  as
+       specified for Perl in the perlebcdic document. The only characters that
+       are allowed after \c are A-Z, a-z, or one of @, [, \, ], ^,  _,  or  ?.
+       Any  other  character  provokes  a compile-time error. The sequence \c@
+       encodes character code 0; after \c the letters (in either case)  encode
+       characters 1-26 (hex 01 to hex 1A); [, \, ], ^, and _ encode characters
+       27-31 (hex 1B to hex 1F), and \c? becomes either 255  (hex  FF)  or  95
+       (hex 5F).
+
+       Thus,  apart  from  \c?, these escapes generate the same character code
+       values as they do in an ASCII environment, though the meanings  of  the
+       values  mostly  differ. For example, \cG always generates code value 7,
+       which is BEL in ASCII but DEL in EBCDIC.
+
+       The sequence \c? generates DEL (127, hex 7F) in an  ASCII  environment,
+       but  because  127  is  not a control character in EBCDIC, Perl makes it
+       generate the APC character. Unfortunately, there are  several  variants
+       of  EBCDIC.  In  most  of them the APC character has the value 255 (hex
+       FF), but in the one Perl calls POSIX-BC its value is 95  (hex  5F).  If
+       certain  other characters have POSIX-BC values, PCRE makes \c? generate
+       95; otherwise it generates 255.
+
+       After \0 up to two further octal digits are read. If  there  are  fewer
+       than  two  digits,  just  those  that  are  present  are used. Thus the
+       sequence \0\x\015 specifies two binary zeros followed by a CR character
+       (code value 13). Make sure you supply two digits after the initial zero
+       if the pattern character that follows is itself an octal digit.
+
+       The escape \o must be followed by a sequence of octal digits,  enclosed
+       in  braces.  An  error occurs if this is not the case. This escape is a
+       recent addition to Perl; it provides way of specifying  character  code
+       points  as  octal  numbers  greater than 0777, and it also allows octal
+       numbers and back references to be unambiguously specified.
+
+       For greater clarity and unambiguity, it is best to avoid following \ by
+       a digit greater than zero. Instead, use \o{} or \x{} to specify charac-
+       ter numbers, and \g{} to specify back references. The  following  para-
+       graphs describe the old, ambiguous syntax.
+
+       The handling of a backslash followed by a digit other than 0 is compli-
+       cated, and Perl has changed in recent releases, causing  PCRE  also  to
+       change. Outside a character class, PCRE reads the digit and any follow-
+       ing digits as a decimal number. If the number is less  than  8,  or  if
+       there  have been at least that many previous capturing left parentheses
+       in the expression, the entire sequence is taken as a back reference.  A
+       description  of how this works is given later, following the discussion
+       of parenthesized subpatterns.
+
+       Inside a character class, or if  the  decimal  number  following  \  is
+       greater than 7 and there have not been that many capturing subpatterns,
+       PCRE handles \8 and \9 as the literal characters "8" and "9", and  oth-
+       erwise re-reads up to three octal digits following the backslash, using
+       them to generate a data character.  Any  subsequent  digits  stand  for
+       themselves. For example:
+
+         \040   is another way of writing an ASCII space
+         \40    is the same, provided there are fewer than 40
+                   previous capturing subpatterns
+         \7     is always a back reference
+         \11    might be a back reference, or another way of
+                   writing a tab
+         \011   is always a tab
+         \0113  is a tab followed by the character "3"
+         \113   might be a back reference, otherwise the
+                   character with octal code 113
+         \377   might be a back reference, otherwise
+                   the value 255 (decimal)
+         \81    is either a back reference, or the two
+                   characters "8" and "1"
+
+       Note  that octal values of 100 or greater that are specified using this
+       syntax must not be introduced by a leading zero, because no  more  than
+       three octal digits are ever read.
+
+       By  default, after \x that is not followed by {, from zero to two hexa-
+       decimal digits are read (letters can be in upper or  lower  case).  Any
+       number of hexadecimal digits may appear between \x{ and }. If a charac-
+       ter other than a hexadecimal digit appears between \x{  and  },  or  if
+       there is no terminating }, an error occurs.
+
+       If  the  PCRE_JAVASCRIPT_COMPAT option is set, the interpretation of \x
+       is as just described only when it is followed by two  hexadecimal  dig-
+       its.   Otherwise,  it  matches  a  literal "x" character. In JavaScript
+       mode, support for code points greater than 256 is provided by \u, which
+       must  be  followed  by  four hexadecimal digits; otherwise it matches a
+       literal "u" character.
+
+       Characters whose value is less than 256 can be defined by either of the
+       two  syntaxes for \x (or by \u in JavaScript mode). There is no differ-
+       ence in the way they are handled. For example, \xdc is exactly the same
+       as \x{dc} (or \u00dc in JavaScript mode).
+
+   Constraints on character values
+
+       Characters  that  are  specified using octal or hexadecimal numbers are
+       limited to certain values, as follows:
+
+         8-bit non-UTF mode    less than 0x100
+         8-bit UTF-8 mode      less than 0x10ffff and a valid codepoint
+         16-bit non-UTF mode   less than 0x10000
+         16-bit UTF-16 mode    less than 0x10ffff and a valid codepoint
+         32-bit non-UTF mode   less than 0x100000000
+         32-bit UTF-32 mode    less than 0x10ffff and a valid codepoint
+
+       Invalid Unicode codepoints are the range  0xd800  to  0xdfff  (the  so-
+       called "surrogate" codepoints), and 0xffef.
+
+   Escape sequences in character classes
+
+       All the sequences that define a single character value can be used both
+       inside and outside character classes. In addition, inside  a  character
+       class, \b is interpreted as the backspace character (hex 08).
+
+       \N  is not allowed in a character class. \B, \R, and \X are not special
+       inside a character class. Like  other  unrecognized  escape  sequences,
+       they  are  treated  as  the  literal  characters  "B",  "R", and "X" by
+       default, but cause an error if the PCRE_EXTRA option is set. Outside  a
+       character class, these sequences have different meanings.
+
+   Unsupported escape sequences
+
+       In  Perl, the sequences \l, \L, \u, and \U are recognized by its string
+       handler and used  to  modify  the  case  of  following  characters.  By
+       default,  PCRE does not support these escape sequences. However, if the
+       PCRE_JAVASCRIPT_COMPAT option is set, \U matches a "U"  character,  and
+       \u can be used to define a character by code point, as described in the
+       previous section.
+
+   Absolute and relative back references
+
+       The sequence \g followed by an unsigned or a negative  number,  option-
+       ally  enclosed  in braces, is an absolute or relative back reference. A
+       named back reference can be coded as \g{name}. Back references are dis-
+       cussed later, following the discussion of parenthesized subpatterns.
+
+   Absolute and relative subroutine calls
+
+       For  compatibility with Oniguruma, the non-Perl syntax \g followed by a
+       name or a number enclosed either in angle brackets or single quotes, is
+       an  alternative  syntax for referencing a subpattern as a "subroutine".
+       Details are discussed later.   Note  that  \g{...}  (Perl  syntax)  and
+       \g<...>  (Oniguruma  syntax)  are  not synonymous. The former is a back
+       reference; the latter is a subroutine call.
+
+   Generic character types
+
+       Another use of backslash is for specifying generic character types:
+
+         \d     any decimal digit
+         \D     any character that is not a decimal digit
+         \h     any horizontal white space character
+         \H     any character that is not a horizontal white space character
+         \s     any white space character
+         \S     any character that is not a white space character
+         \v     any vertical white space character
+         \V     any character that is not a vertical white space character
+         \w     any "word" character
+         \W     any "non-word" character
+
+       There is also the single sequence \N, which matches a non-newline char-
+       acter.   This  is the same as the "." metacharacter when PCRE_DOTALL is
+       not set. Perl also uses \N to match characters by name; PCRE  does  not
+       support this.
+
+       Each  pair of lower and upper case escape sequences partitions the com-
+       plete set of characters into two disjoint  sets.  Any  given  character
+       matches  one, and only one, of each pair. The sequences can appear both
+       inside and outside character classes. They each match one character  of
+       the  appropriate  type.  If the current matching point is at the end of
+       the subject string, all of them fail, because there is no character  to
+       match.
+
+       For  compatibility with Perl, \s did not used to match the VT character
+       (code 11), which made it different from the the  POSIX  "space"  class.
+       However,  Perl  added  VT  at  release  5.18, and PCRE followed suit at
+       release 8.34. The default \s characters are now HT  (9),  LF  (10),  VT
+       (11),  FF  (12),  CR  (13),  and space (32), which are defined as white
+       space in the "C" locale. This list may vary if locale-specific matching
+       is  taking place. For example, in some locales the "non-breaking space"
+       character (\xA0) is recognized as white space, and  in  others  the  VT
+       character is not.
+
+       A  "word"  character is an underscore or any character that is a letter
+       or digit.  By default, the definition of letters  and  digits  is  con-
+       trolled  by PCRE's low-valued character tables, and may vary if locale-
+       specific matching is taking place (see "Locale support" in the  pcreapi
+       page).  For  example,  in  a French locale such as "fr_FR" in Unix-like
+       systems, or "french" in Windows, some character codes greater than  127
+       are  used  for  accented letters, and these are then matched by \w. The
+       use of locales with Unicode is discouraged.
+
+       By default, characters whose code points are  greater  than  127  never
+       match \d, \s, or \w, and always match \D, \S, and \W, although this may
+       vary for characters in the range 128-255 when locale-specific  matching
+       is  happening.   These  escape sequences retain their original meanings
+       from before Unicode support was available, mainly for  efficiency  rea-
+       sons.  If  PCRE  is  compiled  with  Unicode  property support, and the
+       PCRE_UCP option is set, the behaviour is changed so that Unicode  prop-
+       erties are used to determine character types, as follows:
+
+         \d  any character that matches \p{Nd} (decimal digit)
+         \s  any character that matches \p{Z} or \h or \v
+         \w  any character that matches \p{L} or \p{N}, plus underscore
+
+       The  upper case escapes match the inverse sets of characters. Note that
+       \d matches only decimal digits, whereas \w matches any  Unicode  digit,
+       as  well as any Unicode letter, and underscore. Note also that PCRE_UCP
+       affects \b, and \B because they are defined in  terms  of  \w  and  \W.
+       Matching these sequences is noticeably slower when PCRE_UCP is set.
+
+       The  sequences  \h, \H, \v, and \V are features that were added to Perl
+       at release 5.10. In contrast to the other sequences, which  match  only
+       ASCII  characters  by  default,  these always match certain high-valued
+       code points, whether or not PCRE_UCP is set. The horizontal space char-
+       acters are:
+
+         U+0009     Horizontal tab (HT)
+         U+0020     Space
+         U+00A0     Non-break space
+         U+1680     Ogham space mark
+         U+180E     Mongolian vowel separator
+         U+2000     En quad
+         U+2001     Em quad
+         U+2002     En space
+         U+2003     Em space
+         U+2004     Three-per-em space
+         U+2005     Four-per-em space
+         U+2006     Six-per-em space
+         U+2007     Figure space
+         U+2008     Punctuation space
+         U+2009     Thin space
+         U+200A     Hair space
+         U+202F     Narrow no-break space
+         U+205F     Medium mathematical space
+         U+3000     Ideographic space
+
+       The vertical space characters are:
+
+         U+000A     Linefeed (LF)
+         U+000B     Vertical tab (VT)
+         U+000C     Form feed (FF)
+         U+000D     Carriage return (CR)
+         U+0085     Next line (NEL)
+         U+2028     Line separator
+         U+2029     Paragraph separator
+
+       In 8-bit, non-UTF-8 mode, only the characters with codepoints less than
+       256 are relevant.
+
+   Newline sequences
+
+       Outside a character class, by default, the escape sequence  \R  matches
+       any  Unicode newline sequence. In 8-bit non-UTF-8 mode \R is equivalent
+       to the following:
+
+         (?>\r\n|\n|\x0b|\f|\r|\x85)
+
+       This is an example of an "atomic group", details  of  which  are  given
+       below.  This particular group matches either the two-character sequence
+       CR followed by LF, or  one  of  the  single  characters  LF  (linefeed,
+       U+000A),  VT  (vertical  tab, U+000B), FF (form feed, U+000C), CR (car-
+       riage return, U+000D), or NEL (next line,  U+0085).  The  two-character
+       sequence is treated as a single unit that cannot be split.
+
+       In  other modes, two additional characters whose codepoints are greater
+       than 255 are added: LS (line separator, U+2028) and PS (paragraph sepa-
+       rator,  U+2029).   Unicode character property support is not needed for
+       these characters to be recognized.
+
+       It is possible to restrict \R to match only CR, LF, or CRLF (instead of
+       the  complete  set  of  Unicode  line  endings)  by  setting the option
+       PCRE_BSR_ANYCRLF either at compile time or when the pattern is matched.
+       (BSR is an abbrevation for "backslash R".) This can be made the default
+       when PCRE is built; if this is the case, the  other  behaviour  can  be
+       requested  via  the  PCRE_BSR_UNICODE  option.   It is also possible to
+       specify these settings by starting a pattern string  with  one  of  the
+       following sequences:
+
+         (*BSR_ANYCRLF)   CR, LF, or CRLF only
+         (*BSR_UNICODE)   any Unicode newline sequence
+
+       These override the default and the options given to the compiling func-
+       tion, but they can themselves be  overridden  by  options  given  to  a
+       matching  function.  Note  that  these  special settings, which are not
+       Perl-compatible, are recognized only at the very start  of  a  pattern,
+       and  that  they  must  be  in  upper  case. If more than one of them is
+       present, the last one is used. They can be combined with  a  change  of
+       newline convention; for example, a pattern can start with:
+
+         (*ANY)(*BSR_ANYCRLF)
+
+       They  can also be combined with the (*UTF8), (*UTF16), (*UTF32), (*UTF)
+       or (*UCP) special sequences. Inside a character class, \R is treated as
+       an  unrecognized  escape  sequence,  and  so  matches the letter "R" by
+       default, but causes an error if PCRE_EXTRA is set.
+
+   Unicode character properties
+
+       When PCRE is built with Unicode character property support, three addi-
+       tional  escape sequences that match characters with specific properties
+       are available.  When in 8-bit non-UTF-8 mode, these  sequences  are  of
+       course  limited  to  testing  characters whose codepoints are less than
+       256, but they do work in this mode.  The extra escape sequences are:
+
+         \p{xx}   a character with the xx property
+         \P{xx}   a character without the xx property
+         \X       a Unicode extended grapheme cluster
+
+       The property names represented by xx above are limited to  the  Unicode
+       script names, the general category properties, "Any", which matches any
+       character  (including  newline),  and  some  special  PCRE   properties
+       (described  in the next section).  Other Perl properties such as "InMu-
+       sicalSymbols" are not currently supported by PCRE.  Note  that  \P{Any}
+       does not match any characters, so always causes a match failure.
+
+       Sets of Unicode characters are defined as belonging to certain scripts.
+       A character from one of these sets can be matched using a script  name.
+       For example:
+
+         \p{Greek}
+         \P{Han}
+
+       Those  that are not part of an identified script are lumped together as
+       "Common". The current list of scripts is:
+
+       Arabic, Armenian, Avestan, Balinese, Bamum, Bassa_Vah, Batak,  Bengali,
+       Bopomofo,  Brahmi,  Braille, Buginese, Buhid, Canadian_Aboriginal, Car-
+       ian, Caucasian_Albanian, Chakma, Cham, Cherokee, Common, Coptic, Cunei-
+       form, Cypriot, Cyrillic, Deseret, Devanagari, Duployan, Egyptian_Hiero-
+       glyphs,  Elbasan,  Ethiopic,  Georgian,  Glagolitic,  Gothic,  Grantha,
+       Greek,  Gujarati,  Gurmukhi,  Han,  Hangul,  Hanunoo, Hebrew, Hiragana,
+       Imperial_Aramaic,    Inherited,     Inscriptional_Pahlavi,     Inscrip-
+       tional_Parthian,   Javanese,   Kaithi,   Kannada,  Katakana,  Kayah_Li,
+       Kharoshthi, Khmer, Khojki, Khudawadi, Lao, Latin, Lepcha,  Limbu,  Lin-
+       ear_A,  Linear_B,  Lisu,  Lycian, Lydian, Mahajani, Malayalam, Mandaic,
+       Manichaean,     Meetei_Mayek,     Mende_Kikakui,      Meroitic_Cursive,
+       Meroitic_Hieroglyphs,  Miao,  Modi, Mongolian, Mro, Myanmar, Nabataean,
+       New_Tai_Lue,  Nko,  Ogham,  Ol_Chiki,  Old_Italic,   Old_North_Arabian,
+       Old_Permic, Old_Persian, Old_South_Arabian, Old_Turkic, Oriya, Osmanya,
+       Pahawh_Hmong,    Palmyrene,    Pau_Cin_Hau,    Phags_Pa,    Phoenician,
+       Psalter_Pahlavi,  Rejang,  Runic,  Samaritan, Saurashtra, Sharada, Sha-
+       vian, Siddham, Sinhala, Sora_Sompeng, Sundanese, Syloti_Nagri,  Syriac,
+       Tagalog,  Tagbanwa,  Tai_Le,  Tai_Tham, Tai_Viet, Takri, Tamil, Telugu,
+       Thaana, Thai, Tibetan, Tifinagh, Tirhuta, Ugaritic,  Vai,  Warang_Citi,
+       Yi.
+
+       Each character has exactly one Unicode general category property, spec-
+       ified by a two-letter abbreviation. For compatibility with Perl,  nega-
+       tion  can  be  specified  by including a circumflex between the opening
+       brace and the property name.  For  example,  \p{^Lu}  is  the  same  as
+       \P{Lu}.
+
+       If only one letter is specified with \p or \P, it includes all the gen-
+       eral category properties that start with that letter. In this case,  in
+       the  absence of negation, the curly brackets in the escape sequence are
+       optional; these two examples have the same effect:
+
+         \p{L}
+         \pL
+
+       The following general category property codes are supported:
+
+         C     Other
+         Cc    Control
+         Cf    Format
+         Cn    Unassigned
+         Co    Private use
+         Cs    Surrogate
+
+         L     Letter
+         Ll    Lower case letter
+         Lm    Modifier letter
+         Lo    Other letter
+         Lt    Title case letter
+         Lu    Upper case letter
+
+         M     Mark
+         Mc    Spacing mark
+         Me    Enclosing mark
+         Mn    Non-spacing mark
+
+         N     Number
+         Nd    Decimal number
+         Nl    Letter number
+         No    Other number
+
+         P     Punctuation
+         Pc    Connector punctuation
+         Pd    Dash punctuation
+         Pe    Close punctuation
+         Pf    Final punctuation
+         Pi    Initial punctuation
+         Po    Other punctuation
+         Ps    Open punctuation
+
+         S     Symbol
+         Sc    Currency symbol
+         Sk    Modifier symbol
+         Sm    Mathematical symbol
+         So    Other symbol
+
+         Z     Separator
+         Zl    Line separator
+         Zp    Paragraph separator
+         Zs    Space separator
+
+       The special property L& is also supported: it matches a character  that
+       has  the  Lu,  Ll, or Lt property, in other words, a letter that is not
+       classified as a modifier or "other".
+
+       The Cs (Surrogate) property applies only to  characters  in  the  range
+       U+D800  to U+DFFF. Such characters are not valid in Unicode strings and
+       so cannot be tested by PCRE, unless  UTF  validity  checking  has  been
+       turned    off    (see    the    discussion    of    PCRE_NO_UTF8_CHECK,
+       PCRE_NO_UTF16_CHECK and PCRE_NO_UTF32_CHECK in the pcreapi page).  Perl
+       does not support the Cs property.
+
+       The  long  synonyms  for  property  names  that  Perl supports (such as
+       \p{Letter}) are not supported by PCRE, nor is it  permitted  to  prefix
+       any of these properties with "Is".
+
+       No character that is in the Unicode table has the Cn (unassigned) prop-
+       erty.  Instead, this property is assumed for any code point that is not
+       in the Unicode table.
+
+       Specifying  caseless  matching  does not affect these escape sequences.
+       For example, \p{Lu} always matches only upper  case  letters.  This  is
+       different from the behaviour of current versions of Perl.
+
+       Matching  characters  by Unicode property is not fast, because PCRE has
+       to do a multistage table lookup in order to find  a  character's  prop-
+       erty. That is why the traditional escape sequences such as \d and \w do
+       not use Unicode properties in PCRE by default, though you can make them
+       do  so  by  setting the PCRE_UCP option or by starting the pattern with
+       (*UCP).
+
+   Extended grapheme clusters
+
+       The \X escape matches any number of Unicode  characters  that  form  an
+       "extended grapheme cluster", and treats the sequence as an atomic group
+       (see below).  Up to and including release 8.31, PCRE  matched  an  ear-
+       lier, simpler definition that was equivalent to
+
+         (?>\PM\pM*)
+
+       That  is,  it matched a character without the "mark" property, followed
+       by zero or more characters with the "mark"  property.  Characters  with
+       the  "mark"  property are typically non-spacing accents that affect the
+       preceding character.
+
+       This simple definition was extended in Unicode to include more  compli-
+       cated  kinds of composite character by giving each character a grapheme
+       breaking property, and creating rules  that  use  these  properties  to
+       define  the  boundaries  of  extended grapheme clusters. In releases of
+       PCRE later than 8.31, \X matches one of these clusters.
+
+       \X always matches at least one character. Then it  decides  whether  to
+       add additional characters according to the following rules for ending a
+       cluster:
+
+       1. End at the end of the subject string.
+
+       2. Do not end between CR and LF; otherwise end after any control  char-
+       acter.
+
+       3.  Do  not  break  Hangul (a Korean script) syllable sequences. Hangul
+       characters are of five types: L, V, T, LV, and LVT. An L character  may
+       be  followed by an L, V, LV, or LVT character; an LV or V character may
+       be followed by a V or T character; an LVT or T character may be follwed
+       only by a T character.
+
+       4.  Do not end before extending characters or spacing marks. Characters
+       with the "mark" property always have  the  "extend"  grapheme  breaking
+       property.
+
+       5. Do not end after prepend characters.
+
+       6. Otherwise, end the cluster.
+
+   PCRE's additional properties
+
+       As  well  as the standard Unicode properties described above, PCRE sup-
+       ports four more that make it possible  to  convert  traditional  escape
+       sequences  such as \w and \s to use Unicode properties. PCRE uses these
+       non-standard, non-Perl properties internally when PCRE_UCP is set. How-
+       ever, they may also be used explicitly. These properties are:
+
+         Xan   Any alphanumeric character
+         Xps   Any POSIX space character
+         Xsp   Any Perl space character
+         Xwd   Any Perl "word" character
+
+       Xan  matches  characters that have either the L (letter) or the N (num-
+       ber) property. Xps matches the characters tab, linefeed, vertical  tab,
+       form  feed,  or carriage return, and any other character that has the Z
+       (separator) property.  Xsp is the same as Xps; it used to exclude  ver-
+       tical  tab,  for Perl compatibility, but Perl changed, and so PCRE fol-
+       lowed at release 8.34. Xwd matches the same  characters  as  Xan,  plus
+       underscore.
+
+       There  is another non-standard property, Xuc, which matches any charac-
+       ter that can be represented by a Universal Character Name  in  C++  and
+       other  programming  languages.  These are the characters $, @, ` (grave
+       accent), and all characters with Unicode code points  greater  than  or
+       equal  to U+00A0, except for the surrogates U+D800 to U+DFFF. Note that
+       most base (ASCII) characters are excluded. (Universal  Character  Names
+       are  of  the  form \uHHHH or \UHHHHHHHH where H is a hexadecimal digit.
+       Note that the Xuc property does not match these sequences but the char-
+       acters that they represent.)
+
+   Resetting the match start
+
+       The  escape sequence \K causes any previously matched characters not to
+       be included in the final matched sequence. For example, the pattern:
+
+         foo\Kbar
+
+       matches "foobar", but reports that it has matched "bar".  This  feature
+       is  similar  to  a lookbehind assertion (described below).  However, in
+       this case, the part of the subject before the real match does not  have
+       to  be of fixed length, as lookbehind assertions do. The use of \K does
+       not interfere with the setting of captured  substrings.   For  example,
+       when the pattern
+
+         (foo)\Kbar
+
+       matches "foobar", the first substring is still set to "foo".
+
+       Perl  documents  that  the  use  of  \K  within assertions is "not well
+       defined". In PCRE, \K is acted upon  when  it  occurs  inside  positive
+       assertions,  but  is  ignored  in negative assertions. Note that when a
+       pattern such as (?=ab\K) matches, the reported start of the  match  can
+       be greater than the end of the match.
+
+   Simple assertions
+
+       The  final use of backslash is for certain simple assertions. An asser-
+       tion specifies a condition that has to be met at a particular point  in
+       a  match, without consuming any characters from the subject string. The
+       use of subpatterns for more complicated assertions is described  below.
+       The backslashed assertions are:
+
+         \b     matches at a word boundary
+         \B     matches when not at a word boundary
+         \A     matches at the start of the subject
+         \Z     matches at the end of the subject
+                 also matches before a newline at the end of the subject
+         \z     matches only at the end of the subject
+         \G     matches at the first matching position in the subject
+
+       Inside  a  character  class, \b has a different meaning; it matches the
+       backspace character. If any other of  these  assertions  appears  in  a
+       character  class, by default it matches the corresponding literal char-
+       acter  (for  example,  \B  matches  the  letter  B).  However,  if  the
+       PCRE_EXTRA  option is set, an "invalid escape sequence" error is gener-
+       ated instead.
+
+       A word boundary is a position in the subject string where  the  current
+       character  and  the previous character do not both match \w or \W (i.e.
+       one matches \w and the other matches \W), or the start or  end  of  the
+       string  if  the  first or last character matches \w, respectively. In a
+       UTF mode, the meanings of \w and \W  can  be  changed  by  setting  the
+       PCRE_UCP  option. When this is done, it also affects \b and \B. Neither
+       PCRE nor Perl has a separate "start of word" or "end of  word"  metase-
+       quence.  However,  whatever follows \b normally determines which it is.
+       For example, the fragment \ba matches "a" at the start of a word.
+
+       The \A, \Z, and \z assertions differ from  the  traditional  circumflex
+       and dollar (described in the next section) in that they only ever match
+       at the very start and end of the subject string, whatever  options  are
+       set.  Thus,  they are independent of multiline mode. These three asser-
+       tions are not affected by the PCRE_NOTBOL or PCRE_NOTEOL options, which
+       affect  only the behaviour of the circumflex and dollar metacharacters.
+       However, if the startoffset argument of pcre_exec() is non-zero,  indi-
+       cating that matching is to start at a point other than the beginning of
+       the subject, \A can never match. The difference between \Z  and  \z  is
+       that \Z matches before a newline at the end of the string as well as at
+       the very end, whereas \z matches only at the end.
+
+       The \G assertion is true only when the current matching position is  at
+       the  start point of the match, as specified by the startoffset argument
+       of pcre_exec(). It differs from \A when the  value  of  startoffset  is
+       non-zero.  By calling pcre_exec() multiple times with appropriate argu-
+       ments, you can mimic Perl's /g option, and it is in this kind of imple-
+       mentation where \G can be useful.
+
+       Note,  however,  that  PCRE's interpretation of \G, as the start of the
+       current match, is subtly different from Perl's, which defines it as the
+       end  of  the  previous  match. In Perl, these can be different when the
+       previously matched string was empty. Because PCRE does just  one  match
+       at a time, it cannot reproduce this behaviour.
+
+       If  all  the alternatives of a pattern begin with \G, the expression is
+       anchored to the starting match position, and the "anchored" flag is set
+       in the compiled regular expression.
+
+
+CIRCUMFLEX AND DOLLAR
+
+       The  circumflex  and  dollar  metacharacters are zero-width assertions.
+       That is, they test for a particular condition being true  without  con-
+       suming any characters from the subject string.
+
+       Outside a character class, in the default matching mode, the circumflex
+       character is an assertion that is true only  if  the  current  matching
+       point  is  at the start of the subject string. If the startoffset argu-
+       ment of pcre_exec() is non-zero, circumflex  can  never  match  if  the
+       PCRE_MULTILINE  option  is  unset. Inside a character class, circumflex
+       has an entirely different meaning (see below).
+
+       Circumflex need not be the first character of the pattern if  a  number
+       of  alternatives are involved, but it should be the first thing in each
+       alternative in which it appears if the pattern is ever  to  match  that
+       branch.  If all possible alternatives start with a circumflex, that is,
+       if the pattern is constrained to match only at the start  of  the  sub-
+       ject,  it  is  said  to be an "anchored" pattern. (There are also other
+       constructs that can cause a pattern to be anchored.)
+
+       The dollar character is an assertion that is true only if  the  current
+       matching  point  is  at  the  end of the subject string, or immediately
+       before a newline at the end of the string (by default). Note,  however,
+       that  it  does  not  actually match the newline. Dollar need not be the
+       last character of the pattern if a number of alternatives are involved,
+       but  it should be the last item in any branch in which it appears. Dol-
+       lar has no special meaning in a character class.
+
+       The meaning of dollar can be changed so that it  matches  only  at  the
+       very  end  of  the string, by setting the PCRE_DOLLAR_ENDONLY option at
+       compile time. This does not affect the \Z assertion.
+
+       The meanings of the circumflex and dollar characters are changed if the
+       PCRE_MULTILINE  option  is  set.  When  this  is the case, a circumflex
+       matches immediately after internal newlines as well as at the start  of
+       the  subject  string.  It  does not match after a newline that ends the
+       string. A dollar matches before any newlines in the string, as well  as
+       at  the very end, when PCRE_MULTILINE is set. When newline is specified
+       as the two-character sequence CRLF, isolated CR and  LF  characters  do
+       not indicate newlines.
+
+       For  example, the pattern /^abc$/ matches the subject string "def\nabc"
+       (where \n represents a newline) in multiline mode, but  not  otherwise.
+       Consequently,  patterns  that  are anchored in single line mode because
+       all branches start with ^ are not anchored in  multiline  mode,  and  a
+       match  for  circumflex  is  possible  when  the startoffset argument of
+       pcre_exec() is non-zero. The PCRE_DOLLAR_ENDONLY option is  ignored  if
+       PCRE_MULTILINE is set.
+
+       Note  that  the sequences \A, \Z, and \z can be used to match the start
+       and end of the subject in both modes, and if all branches of a  pattern
+       start  with  \A it is always anchored, whether or not PCRE_MULTILINE is
+       set.
+
+
+FULL STOP (PERIOD, DOT) AND \N
+
+       Outside a character class, a dot in the pattern matches any one charac-
+       ter  in  the subject string except (by default) a character that signi-
+       fies the end of a line.
+
+       When a line ending is defined as a single character, dot never  matches
+       that  character; when the two-character sequence CRLF is used, dot does
+       not match CR if it is immediately followed  by  LF,  but  otherwise  it
+       matches  all characters (including isolated CRs and LFs). When any Uni-
+       code line endings are being recognized, dot does not match CR or LF  or
+       any of the other line ending characters.
+
+       The  behaviour  of  dot  with regard to newlines can be changed. If the
+       PCRE_DOTALL option is set, a dot matches  any  one  character,  without
+       exception. If the two-character sequence CRLF is present in the subject
+       string, it takes two dots to match it.
+
+       The handling of dot is entirely independent of the handling of  circum-
+       flex  and  dollar,  the  only relationship being that they both involve
+       newlines. Dot has no special meaning in a character class.
+
+       The escape sequence \N behaves like  a  dot,  except  that  it  is  not
+       affected  by  the  PCRE_DOTALL  option.  In other words, it matches any
+       character except one that signifies the end of a line. Perl  also  uses
+       \N to match characters by name; PCRE does not support this.
+
+
+MATCHING A SINGLE DATA UNIT
+
+       Outside  a character class, the escape sequence \C matches any one data
+       unit, whether or not a UTF mode is set. In the 8-bit library, one  data
+       unit  is  one  byte;  in the 16-bit library it is a 16-bit unit; in the
+       32-bit library it is a 32-bit unit. Unlike a  dot,  \C  always  matches
+       line-ending  characters.  The  feature  is provided in Perl in order to
+       match individual bytes in UTF-8 mode, but it is unclear how it can use-
+       fully  be  used.  Because  \C breaks up characters into individual data
+       units, matching one unit with \C in a UTF mode means that the  rest  of
+       the string may start with a malformed UTF character. This has undefined
+       results, because PCRE assumes that it is dealing with valid UTF strings
+       (and  by  default  it checks this at the start of processing unless the
+       PCRE_NO_UTF8_CHECK, PCRE_NO_UTF16_CHECK or  PCRE_NO_UTF32_CHECK  option
+       is used).
+
+       PCRE  does  not  allow \C to appear in lookbehind assertions (described
+       below) in a UTF mode, because this would make it impossible  to  calcu-
+       late the length of the lookbehind.
+
+       In general, the \C escape sequence is best avoided. However, one way of
+       using it that avoids the problem of malformed UTF characters is to  use
+       a  lookahead to check the length of the next character, as in this pat-
+       tern, which could be used with a UTF-8 string (ignore white  space  and
+       line breaks):
+
+         (?| (?=[\x00-\x7f])(\C) |
+             (?=[\x80-\x{7ff}])(\C)(\C) |
+             (?=[\x{800}-\x{ffff}])(\C)(\C)(\C) |
+             (?=[\x{10000}-\x{1fffff}])(\C)(\C)(\C)(\C))
+
+       A  group  that starts with (?| resets the capturing parentheses numbers
+       in each alternative (see "Duplicate  Subpattern  Numbers"  below).  The
+       assertions  at  the start of each branch check the next UTF-8 character
+       for values whose encoding uses 1, 2, 3, or 4 bytes,  respectively.  The
+       character's  individual bytes are then captured by the appropriate num-
+       ber of groups.
+
+
+SQUARE BRACKETS AND CHARACTER CLASSES
+
+       An opening square bracket introduces a character class, terminated by a
+       closing square bracket. A closing square bracket on its own is not spe-
+       cial by default.  However, if the PCRE_JAVASCRIPT_COMPAT option is set,
+       a lone closing square bracket causes a compile-time error. If a closing
+       square bracket is required as a member of the class, it should  be  the
+       first  data  character  in  the  class (after an initial circumflex, if
+       present) or escaped with a backslash.
+
+       A character class matches a single character in the subject. In  a  UTF
+       mode,  the  character  may  be  more than one data unit long. A matched
+       character must be in the set of characters defined by the class, unless
+       the  first  character in the class definition is a circumflex, in which
+       case the subject character must not be in the set defined by the class.
+       If  a  circumflex is actually required as a member of the class, ensure
+       it is not the first character, or escape it with a backslash.
+
+       For example, the character class [aeiou] matches any lower case  vowel,
+       while  [^aeiou]  matches  any character that is not a lower case vowel.
+       Note that a circumflex is just a convenient notation for specifying the
+       characters  that  are in the class by enumerating those that are not. A
+       class that starts with a circumflex is not an assertion; it still  con-
+       sumes  a  character  from the subject string, and therefore it fails if
+       the current pointer is at the end of the string.
+
+       In UTF-8 (UTF-16, UTF-32) mode, characters with values greater than 255
+       (0xffff)  can be included in a class as a literal string of data units,
+       or by using the \x{ escaping mechanism.
+
+       When caseless matching is set, any letters in a  class  represent  both
+       their  upper  case  and lower case versions, so for example, a caseless
+       [aeiou] matches "A" as well as "a", and a caseless  [^aeiou]  does  not
+       match  "A", whereas a caseful version would. In a UTF mode, PCRE always
+       understands the concept of case for characters whose  values  are  less
+       than  128, so caseless matching is always possible. For characters with
+       higher values, the concept of case is supported  if  PCRE  is  compiled
+       with  Unicode  property support, but not otherwise.  If you want to use
+       caseless matching in a UTF mode for characters 128 and above, you  must
+       ensure  that  PCRE is compiled with Unicode property support as well as
+       with UTF support.
+
+       Characters that might indicate line breaks are  never  treated  in  any
+       special  way  when  matching  character  classes,  whatever line-ending
+       sequence is in  use,  and  whatever  setting  of  the  PCRE_DOTALL  and
+       PCRE_MULTILINE options is used. A class such as [^a] always matches one
+       of these characters.
+
+       The minus (hyphen) character can be used to specify a range of  charac-
+       ters  in  a  character  class.  For  example,  [d-m] matches any letter
+       between d and m, inclusive. If a  minus  character  is  required  in  a
+       class,  it  must  be  escaped  with a backslash or appear in a position
+       where it cannot be interpreted as indicating a range, typically as  the
+       first or last character in the class, or immediately after a range. For
+       example, [b-d-z] matches letters in the range b to d, a hyphen  charac-
+       ter, or z.
+
+       It is not possible to have the literal character "]" as the end charac-
+       ter of a range. A pattern such as [W-]46] is interpreted as a class  of
+       two  characters ("W" and "-") followed by a literal string "46]", so it
+       would match "W46]" or "-46]". However, if the "]"  is  escaped  with  a
+       backslash  it is interpreted as the end of range, so [W-\]46] is inter-
+       preted as a class containing a range followed by two other  characters.
+       The  octal or hexadecimal representation of "]" can also be used to end
+       a range.
+
+       An error is generated if a POSIX character  class  (see  below)  or  an
+       escape  sequence other than one that defines a single character appears
+       at a point where a range ending character  is  expected.  For  example,
+       [z-\xff] is valid, but [A-\d] and [A-[:digit:]] are not.
+
+       Ranges  operate in the collating sequence of character values. They can
+       also  be  used  for  characters  specified  numerically,  for   example
+       [\000-\037].  Ranges  can include any characters that are valid for the
+       current mode.
+
+       If a range that includes letters is used when caseless matching is set,
+       it matches the letters in either case. For example, [W-c] is equivalent
+       to [][\\^_`wxyzabc], matched caselessly, and  in  a  non-UTF  mode,  if
+       character  tables  for  a French locale are in use, [\xc8-\xcb] matches
+       accented E characters in both cases. In UTF modes,  PCRE  supports  the
+       concept  of  case for characters with values greater than 128 only when
+       it is compiled with Unicode property support.
+
+       The character escape sequences \d, \D, \h, \H, \p, \P, \s, \S, \v,  \V,
+       \w, and \W may appear in a character class, and add the characters that
+       they match to the class. For example, [\dABCDEF] matches any  hexadeci-
+       mal  digit.  In  UTF modes, the PCRE_UCP option affects the meanings of
+       \d, \s, \w and their upper case partners, just as  it  does  when  they
+       appear  outside a character class, as described in the section entitled
+       "Generic character types" above. The escape sequence \b has a different
+       meaning  inside  a character class; it matches the backspace character.
+       The sequences \B, \N, \R, and \X are not  special  inside  a  character
+       class.  Like  any other unrecognized escape sequences, they are treated
+       as the literal characters "B", "N", "R", and "X" by default, but  cause
+       an error if the PCRE_EXTRA option is set.
+
+       A  circumflex  can  conveniently  be used with the upper case character
+       types to specify a more restricted set of characters than the  matching
+       lower  case  type.  For example, the class [^\W_] matches any letter or
+       digit, but not underscore, whereas [\w] includes underscore. A positive
+       character class should be read as "something OR something OR ..." and a
+       negative class as "NOT something AND NOT something AND NOT ...".
+
+       The only metacharacters that are recognized in  character  classes  are
+       backslash,  hyphen  (only  where  it can be interpreted as specifying a
+       range), circumflex (only at the start), opening  square  bracket  (only
+       when  it can be interpreted as introducing a POSIX class name, or for a
+       special compatibility feature - see the next  two  sections),  and  the
+       terminating  closing  square  bracket.  However,  escaping  other  non-
+       alphanumeric characters does no harm.
+
+
+POSIX CHARACTER CLASSES
+
+       Perl supports the POSIX notation for character classes. This uses names
+       enclosed  by  [: and :] within the enclosing square brackets. PCRE also
+       supports this notation. For example,
+
+         [01[:alpha:]%]
+
+       matches "0", "1", any alphabetic character, or "%". The supported class
+       names are:
+
+         alnum    letters and digits
+         alpha    letters
+         ascii    character codes 0 - 127
+         blank    space or tab only
+         cntrl    control characters
+         digit    decimal digits (same as \d)
+         graph    printing characters, excluding space
+         lower    lower case letters
+         print    printing characters, including space
+         punct    printing characters, excluding letters and digits and space
+         space    white space (the same as \s from PCRE 8.34)
+         upper    upper case letters
+         word     "word" characters (same as \w)
+         xdigit   hexadecimal digits
+
+       The  default  "space" characters are HT (9), LF (10), VT (11), FF (12),
+       CR (13), and space (32). If locale-specific matching is  taking  place,
+       the  list  of  space characters may be different; there may be fewer or
+       more of them. "Space" used to be different to \s, which did not include
+       VT, for Perl compatibility.  However, Perl changed at release 5.18, and
+       PCRE followed at release 8.34.  "Space" and \s now match the  same  set
+       of characters.
+
+       The  name  "word"  is  a Perl extension, and "blank" is a GNU extension
+       from Perl 5.8. Another Perl extension is negation, which  is  indicated
+       by a ^ character after the colon. For example,
+
+         [12[:^digit:]]
+
+       matches  "1", "2", or any non-digit. PCRE (and Perl) also recognize the
+       POSIX syntax [.ch.] and [=ch=] where "ch" is a "collating element", but
+       these are not supported, and an error is given if they are encountered.
+
+       By default, characters with values greater than 128 do not match any of
+       the POSIX character classes. However, if the PCRE_UCP option is  passed
+       to  pcre_compile(),  some  of  the  classes are changed so that Unicode
+       character properties are used. This is achieved  by  replacing  certain
+       POSIX classes by other sequences, as follows:
+
+         [:alnum:]  becomes  \p{Xan}
+         [:alpha:]  becomes  \p{L}
+         [:blank:]  becomes  \h
+         [:digit:]  becomes  \p{Nd}
+         [:lower:]  becomes  \p{Ll}
+         [:space:]  becomes  \p{Xps}
+         [:upper:]  becomes  \p{Lu}
+         [:word:]   becomes  \p{Xwd}
+
+       Negated  versions, such as [:^alpha:] use \P instead of \p. Three other
+       POSIX classes are handled specially in UCP mode:
+
+       [:graph:] This matches characters that have glyphs that mark  the  page
+                 when printed. In Unicode property terms, it matches all char-
+                 acters with the L, M, N, P, S, or Cf properties, except for:
+
+                   U+061C           Arabic Letter Mark
+                   U+180E           Mongolian Vowel Separator
+                   U+2066 - U+2069  Various "isolate"s
+
+
+       [:print:] This matches the same  characters  as  [:graph:]  plus  space
+                 characters  that  are  not controls, that is, characters with
+                 the Zs property.
+
+       [:punct:] This matches all characters that have the Unicode P (punctua-
+                 tion)  property,  plus those characters whose code points are
+                 less than 128 that have the S (Symbol) property.
+
+       The other POSIX classes are unchanged, and match only  characters  with
+       code points less than 128.
+
+
+COMPATIBILITY FEATURE FOR WORD BOUNDARIES
+
+       In  the POSIX.2 compliant library that was included in 4.4BSD Unix, the
+       ugly syntax [[:<:]] and [[:>:]] is used for matching  "start  of  word"
+       and "end of word". PCRE treats these items as follows:
+
+         [[:<:]]  is converted to  \b(?=\w)
+         [[:>:]]  is converted to  \b(?<=\w)
+
+       Only these exact character sequences are recognized. A sequence such as
+       [a[:<:]b] provokes error for an unrecognized  POSIX  class  name.  This
+       support  is not compatible with Perl. It is provided to help migrations
+       from other environments, and is best not used in any new patterns. Note
+       that  \b matches at the start and the end of a word (see "Simple asser-
+       tions" above), and in a Perl-style pattern the preceding  or  following
+       character  normally  shows  which  is  wanted, without the need for the
+       assertions that are used above in order to give exactly the  POSIX  be-
+       haviour.
+
+
+VERTICAL BAR
+
+       Vertical  bar characters are used to separate alternative patterns. For
+       example, the pattern
+
+         gilbert|sullivan
+
+       matches either "gilbert" or "sullivan". Any number of alternatives  may
+       appear,  and  an  empty  alternative  is  permitted (matching the empty
+       string). The matching process tries each alternative in turn, from left
+       to  right, and the first one that succeeds is used. If the alternatives
+       are within a subpattern (defined below), "succeeds" means matching  the
+       rest of the main pattern as well as the alternative in the subpattern.
+
+
+INTERNAL OPTION SETTING
+
+       The  settings  of  the  PCRE_CASELESS, PCRE_MULTILINE, PCRE_DOTALL, and
+       PCRE_EXTENDED options (which are Perl-compatible) can be  changed  from
+       within  the  pattern  by  a  sequence  of  Perl option letters enclosed
+       between "(?" and ")".  The option letters are
+
+         i  for PCRE_CASELESS
+         m  for PCRE_MULTILINE
+         s  for PCRE_DOTALL
+         x  for PCRE_EXTENDED
+
+       For example, (?im) sets caseless, multiline matching. It is also possi-
+       ble to unset these options by preceding the letter with a hyphen, and a
+       combined setting and unsetting such as (?im-sx), which sets  PCRE_CASE-
+       LESS  and PCRE_MULTILINE while unsetting PCRE_DOTALL and PCRE_EXTENDED,
+       is also permitted. If a  letter  appears  both  before  and  after  the
+       hyphen, the option is unset.
+
+       The  PCRE-specific options PCRE_DUPNAMES, PCRE_UNGREEDY, and PCRE_EXTRA
+       can be changed in the same way as the Perl-compatible options by  using
+       the characters J, U and X respectively.
+
+       When  one  of  these  option  changes occurs at top level (that is, not
+       inside subpattern parentheses), the change applies to the remainder  of
+       the  pattern  that  follows.  An option change within a subpattern (see
+       below for a description of subpatterns) affects only that part  of  the
+       subpattern that follows it, so
+
+         (a(?i)b)c
+
+       matches abc and aBc and no other strings (assuming PCRE_CASELESS is not
+       used).  By this means, options can be made to have  different  settings
+       in  different parts of the pattern. Any changes made in one alternative
+       do carry on into subsequent branches within the  same  subpattern.  For
+       example,
+
+         (a(?i)b|c)
+
+       matches  "ab",  "aB",  "c",  and "C", even though when matching "C" the
+       first branch is abandoned before the option setting.  This  is  because
+       the  effects  of option settings happen at compile time. There would be
+       some very weird behaviour otherwise.
+
+       Note: There are other PCRE-specific options that  can  be  set  by  the
+       application  when  the  compiling  or matching functions are called. In
+       some cases the pattern can contain special leading  sequences  such  as
+       (*CRLF)  to  override  what  the  application  has set or what has been
+       defaulted.  Details  are  given  in  the  section   entitled   "Newline
+       sequences"  above.  There  are also the (*UTF8), (*UTF16),(*UTF32), and
+       (*UCP) leading sequences that can be used to set UTF and Unicode  prop-
+       erty  modes;  they are equivalent to setting the PCRE_UTF8, PCRE_UTF16,
+       PCRE_UTF32 and the PCRE_UCP options, respectively. The (*UTF)  sequence
+       is  a  generic version that can be used with any of the libraries. How-
+       ever, the application can set the PCRE_NEVER_UTF  option,  which  locks
+       out the use of the (*UTF) sequences.
+
+
+SUBPATTERNS
+
+       Subpatterns are delimited by parentheses (round brackets), which can be
+       nested.  Turning part of a pattern into a subpattern does two things:
+
+       1. It localizes a set of alternatives. For example, the pattern
+
+         cat(aract|erpillar|)
+
+       matches "cataract", "caterpillar", or "cat". Without  the  parentheses,
+       it would match "cataract", "erpillar" or an empty string.
+
+       2.  It  sets  up  the  subpattern as a capturing subpattern. This means
+       that, when the whole pattern  matches,  that  portion  of  the  subject
+       string that matched the subpattern is passed back to the caller via the
+       ovector argument of the matching function. (This applies  only  to  the
+       traditional  matching functions; the DFA matching functions do not sup-
+       port capturing.)
+
+       Opening parentheses are counted from left to right (starting from 1) to
+       obtain  numbers  for  the  capturing  subpatterns.  For example, if the
+       string "the red king" is matched against the pattern
+
+         the ((red|white) (king|queen))
+
+       the captured substrings are "red king", "red", and "king", and are num-
+       bered 1, 2, and 3, respectively.
+
+       The  fact  that  plain  parentheses  fulfil two functions is not always
+       helpful.  There are often times when a grouping subpattern is  required
+       without  a capturing requirement. If an opening parenthesis is followed
+       by a question mark and a colon, the subpattern does not do any  captur-
+       ing,  and  is  not  counted when computing the number of any subsequent
+       capturing subpatterns. For example, if the string "the white queen"  is
+       matched against the pattern
+
+         the ((?:red|white) (king|queen))
+
+       the captured substrings are "white queen" and "queen", and are numbered
+       1 and 2. The maximum number of capturing subpatterns is 65535.
+
+       As a convenient shorthand, if any option settings are required  at  the
+       start  of  a  non-capturing  subpattern,  the option letters may appear
+       between the "?" and the ":". Thus the two patterns
+
+         (?i:saturday|sunday)
+         (?:(?i)saturday|sunday)
+
+       match exactly the same set of strings. Because alternative branches are
+       tried  from  left  to right, and options are not reset until the end of
+       the subpattern is reached, an option setting in one branch does  affect
+       subsequent  branches,  so  the above patterns match "SUNDAY" as well as
+       "Saturday".
+
+
+DUPLICATE SUBPATTERN NUMBERS
+
+       Perl 5.10 introduced a feature whereby each alternative in a subpattern
+       uses  the same numbers for its capturing parentheses. Such a subpattern
+       starts with (?| and is itself a non-capturing subpattern. For  example,
+       consider this pattern:
+
+         (?|(Sat)ur|(Sun))day
+
+       Because  the two alternatives are inside a (?| group, both sets of cap-
+       turing parentheses are numbered one. Thus, when  the  pattern  matches,
+       you  can  look  at captured substring number one, whichever alternative
+       matched. This construct is useful when you want to  capture  part,  but
+       not all, of one of a number of alternatives. Inside a (?| group, paren-
+       theses are numbered as usual, but the number is reset at the  start  of
+       each  branch.  The numbers of any capturing parentheses that follow the
+       subpattern start after the highest number used in any branch. The  fol-
+       lowing example is taken from the Perl documentation. The numbers under-
+       neath show in which buffer the captured content will be stored.
+
+         # before  ---------------branch-reset----------- after
+         / ( a )  (?| x ( y ) z | (p (q) r) | (t) u (v) ) ( z ) /x
+         # 1            2         2  3        2     3     4
+
+       A back reference to a numbered subpattern uses the  most  recent  value
+       that  is  set  for that number by any subpattern. The following pattern
+       matches "abcabc" or "defdef":
+
+         /(?|(abc)|(def))\1/
+
+       In contrast, a subroutine call to a numbered subpattern  always  refers
+       to  the  first  one in the pattern with the given number. The following
+       pattern matches "abcabc" or "defabc":
+
+         /(?|(abc)|(def))(?1)/
+
+       If a condition test for a subpattern's having matched refers to a  non-
+       unique  number, the test is true if any of the subpatterns of that num-
+       ber have matched.
+
+       An alternative approach to using this "branch reset" feature is to  use
+       duplicate named subpatterns, as described in the next section.
+
+
+NAMED SUBPATTERNS
+
+       Identifying  capturing  parentheses  by number is simple, but it can be
+       very hard to keep track of the numbers in complicated  regular  expres-
+       sions.  Furthermore,  if  an  expression  is  modified, the numbers may
+       change. To help with this difficulty, PCRE supports the naming of  sub-
+       patterns. This feature was not added to Perl until release 5.10. Python
+       had the feature earlier, and PCRE introduced it at release  4.0,  using
+       the  Python syntax. PCRE now supports both the Perl and the Python syn-
+       tax. Perl allows identically numbered  subpatterns  to  have  different
+       names, but PCRE does not.
+
+       In  PCRE,  a subpattern can be named in one of three ways: (?<name>...)
+       or (?'name'...) as in Perl, or (?P<name>...) as in  Python.  References
+       to  capturing parentheses from other parts of the pattern, such as back
+       references, recursion, and conditions, can be made by name as  well  as
+       by number.
+
+       Names  consist of up to 32 alphanumeric characters and underscores, but
+       must start with a non-digit.  Named  capturing  parentheses  are  still
+       allocated  numbers  as  well as names, exactly as if the names were not
+       present. The PCRE API provides function calls for extracting the  name-
+       to-number  translation  table  from a compiled pattern. There is also a
+       convenience function for extracting a captured substring by name.
+
+       By default, a name must be unique within a pattern, but it is  possible
+       to relax this constraint by setting the PCRE_DUPNAMES option at compile
+       time. (Duplicate names are also always permitted for  subpatterns  with
+       the  same  number, set up as described in the previous section.) Dupli-
+       cate names can be useful for patterns where only one  instance  of  the
+       named  parentheses  can  match. Suppose you want to match the name of a
+       weekday, either as a 3-letter abbreviation or as the full name, and  in
+       both cases you want to extract the abbreviation. This pattern (ignoring
+       the line breaks) does the job:
+
+         (?<DN>Mon|Fri|Sun)(?:day)?|
+         (?<DN>Tue)(?:sday)?|
+         (?<DN>Wed)(?:nesday)?|
+         (?<DN>Thu)(?:rsday)?|
+         (?<DN>Sat)(?:urday)?
+
+       There are five capturing substrings, but only one is ever set  after  a
+       match.  (An alternative way of solving this problem is to use a "branch
+       reset" subpattern, as described in the previous section.)
+
+       The convenience function for extracting the data by  name  returns  the
+       substring  for  the first (and in this example, the only) subpattern of
+       that name that matched. This saves searching  to  find  which  numbered
+       subpattern it was.
+
+       If  you  make  a  back  reference to a non-unique named subpattern from
+       elsewhere in the pattern, the subpatterns to which the name refers  are
+       checked  in  the order in which they appear in the overall pattern. The
+       first one that is set is used for the reference. For example, this pat-
+       tern matches both "foofoo" and "barbar" but not "foobar" or "barfoo":
+
+         (?:(?<n>foo)|(?<n>bar))\k<n>
+
+
+       If you make a subroutine call to a non-unique named subpattern, the one
+       that corresponds to the first occurrence of the name is  used.  In  the
+       absence of duplicate numbers (see the previous section) this is the one
+       with the lowest number.
+
+       If you use a named reference in a condition test (see the section about
+       conditions below), either to check whether a subpattern has matched, or
+       to check for recursion, all subpatterns with the same name are  tested.
+       If  the condition is true for any one of them, the overall condition is
+       true. This is the same behaviour as  testing  by  number.  For  further
+       details  of  the  interfaces  for  handling  named subpatterns, see the
+       pcreapi documentation.
+
+       Warning: You cannot use different names to distinguish between two sub-
+       patterns  with  the same number because PCRE uses only the numbers when
+       matching. For this reason, an error is given at compile time if differ-
+       ent  names  are given to subpatterns with the same number. However, you
+       can always give the same name to subpatterns with the same number, even
+       when PCRE_DUPNAMES is not set.
+
+
+REPETITION
+
+       Repetition  is  specified  by  quantifiers, which can follow any of the
+       following items:
+
+         a literal data character
+         the dot metacharacter
+         the \C escape sequence
+         the \X escape sequence
+         the \R escape sequence
+         an escape such as \d or \pL that matches a single character
+         a character class
+         a back reference (see next section)
+         a parenthesized subpattern (including assertions)
+         a subroutine call to a subpattern (recursive or otherwise)
+
+       The general repetition quantifier specifies a minimum and maximum  num-
+       ber  of  permitted matches, by giving the two numbers in curly brackets
+       (braces), separated by a comma. The numbers must be  less  than  65536,
+       and the first must be less than or equal to the second. For example:
+
+         z{2,4}
+
+       matches  "zz",  "zzz",  or  "zzzz". A closing brace on its own is not a
+       special character. If the second number is omitted, but  the  comma  is
+       present,  there  is  no upper limit; if the second number and the comma
+       are both omitted, the quantifier specifies an exact number of  required
+       matches. Thus
+
+         [aeiou]{3,}
+
+       matches at least 3 successive vowels, but may match many more, while
+
+         \d{8}
+
+       matches  exactly  8  digits. An opening curly bracket that appears in a
+       position where a quantifier is not allowed, or one that does not  match
+       the  syntax of a quantifier, is taken as a literal character. For exam-
+       ple, {,6} is not a quantifier, but a literal string of four characters.
+
+       In UTF modes, quantifiers apply to characters rather than to individual
+       data  units. Thus, for example, \x{100}{2} matches two characters, each
+       of which is represented by a two-byte sequence in a UTF-8 string. Simi-
+       larly,  \X{3} matches three Unicode extended grapheme clusters, each of
+       which may be several data units long (and  they  may  be  of  different
+       lengths).
+
+       The quantifier {0} is permitted, causing the expression to behave as if
+       the previous item and the quantifier were not present. This may be use-
+       ful  for  subpatterns that are referenced as subroutines from elsewhere
+       in the pattern (but see also the section entitled "Defining subpatterns
+       for  use  by  reference only" below). Items other than subpatterns that
+       have a {0} quantifier are omitted from the compiled pattern.
+
+       For convenience, the three most common quantifiers have  single-charac-
+       ter abbreviations:
+
+         *    is equivalent to {0,}
+         +    is equivalent to {1,}
+         ?    is equivalent to {0,1}
+
+       It  is  possible  to construct infinite loops by following a subpattern
+       that can match no characters with a quantifier that has no upper limit,
+       for example:
+
+         (a?)*
+
+       Earlier versions of Perl and PCRE used to give an error at compile time
+       for such patterns. However, because there are cases where this  can  be
+       useful,  such  patterns  are now accepted, but if any repetition of the
+       subpattern does in fact match no characters, the loop is forcibly  bro-
+       ken.
+
+       By  default,  the quantifiers are "greedy", that is, they match as much
+       as possible (up to the maximum  number  of  permitted  times),  without
+       causing  the  rest of the pattern to fail. The classic example of where
+       this gives problems is in trying to match comments in C programs. These
+       appear  between  /*  and  */ and within the comment, individual * and /
+       characters may appear. An attempt to match C comments by  applying  the
+       pattern
+
+         /\*.*\*/
+
+       to the string
+
+         /* first comment */  not comment  /* second comment */
+
+       fails,  because it matches the entire string owing to the greediness of
+       the .*  item.
+
+       However, if a quantifier is followed by a question mark, it  ceases  to
+       be greedy, and instead matches the minimum number of times possible, so
+       the pattern
+
+         /\*.*?\*/
+
+       does the right thing with the C comments. The meaning  of  the  various
+       quantifiers  is  not  otherwise  changed,  just the preferred number of
+       matches.  Do not confuse this use of question mark with its  use  as  a
+       quantifier  in its own right. Because it has two uses, it can sometimes
+       appear doubled, as in
+
+         \d??\d
+
+       which matches one digit by preference, but can match two if that is the
+       only way the rest of the pattern matches.
+
+       If  the PCRE_UNGREEDY option is set (an option that is not available in
+       Perl), the quantifiers are not greedy by default, but  individual  ones
+       can  be  made  greedy  by following them with a question mark. In other
+       words, it inverts the default behaviour.
+
+       When a parenthesized subpattern is quantified  with  a  minimum  repeat
+       count  that is greater than 1 or with a limited maximum, more memory is
+       required for the compiled pattern, in proportion to  the  size  of  the
+       minimum or maximum.
+
+       If a pattern starts with .* or .{0,} and the PCRE_DOTALL option (equiv-
+       alent to Perl's /s) is set, thus allowing the dot  to  match  newlines,
+       the  pattern  is  implicitly anchored, because whatever follows will be
+       tried against every character position in the subject string, so  there
+       is  no  point  in  retrying the overall match at any position after the
+       first. PCRE normally treats such a pattern as though it  were  preceded
+       by \A.
+
+       In  cases  where  it  is known that the subject string contains no new-
+       lines, it is worth setting PCRE_DOTALL in order to  obtain  this  opti-
+       mization, or alternatively using ^ to indicate anchoring explicitly.
+
+       However,  there  are  some cases where the optimization cannot be used.
+       When .*  is inside capturing parentheses that are the subject of a back
+       reference elsewhere in the pattern, a match at the start may fail where
+       a later one succeeds. Consider, for example:
+
+         (.*)abc\1
+
+       If the subject is "xyz123abc123" the match point is the fourth  charac-
+       ter. For this reason, such a pattern is not implicitly anchored.
+
+       Another  case where implicit anchoring is not applied is when the lead-
+       ing .* is inside an atomic group. Once again, a match at the start  may
+       fail where a later one succeeds. Consider this pattern:
+
+         (?>.*?a)b
+
+       It  matches "ab" in the subject "aab". The use of the backtracking con-
+       trol verbs (*PRUNE) and (*SKIP) also disable this optimization.
+
+       When a capturing subpattern is repeated, the value captured is the sub-
+       string that matched the final iteration. For example, after
+
+         (tweedle[dume]{3}\s*)+
+
+       has matched "tweedledum tweedledee" the value of the captured substring
+       is "tweedledee". However, if there are  nested  capturing  subpatterns,
+       the  corresponding captured values may have been set in previous itera-
+       tions. For example, after
+
+         /(a|(b))+/
+
+       matches "aba" the value of the second captured substring is "b".
+
+
+ATOMIC GROUPING AND POSSESSIVE QUANTIFIERS
+
+       With both maximizing ("greedy") and minimizing ("ungreedy"  or  "lazy")
+       repetition,  failure  of what follows normally causes the repeated item
+       to be re-evaluated to see if a different number of repeats  allows  the
+       rest  of  the pattern to match. Sometimes it is useful to prevent this,
+       either to change the nature of the match, or to cause it  fail  earlier
+       than  it otherwise might, when the author of the pattern knows there is
+       no point in carrying on.
+
+       Consider, for example, the pattern \d+foo when applied to  the  subject
+       line
+
+         123456bar
+
+       After matching all 6 digits and then failing to match "foo", the normal
+       action of the matcher is to try again with only 5 digits  matching  the
+       \d+  item,  and  then  with  4,  and  so on, before ultimately failing.
+       "Atomic grouping" (a term taken from Jeffrey  Friedl's  book)  provides
+       the  means for specifying that once a subpattern has matched, it is not
+       to be re-evaluated in this way.
+
+       If we use atomic grouping for the previous example, the  matcher  gives
+       up  immediately  on failing to match "foo" the first time. The notation
+       is a kind of special parenthesis, starting with (?> as in this example:
+
+         (?>\d+)foo
+
+       This kind of parenthesis "locks up" the  part of the  pattern  it  con-
+       tains  once  it  has matched, and a failure further into the pattern is
+       prevented from backtracking into it. Backtracking past it  to  previous
+       items, however, works as normal.
+
+       An  alternative  description  is that a subpattern of this type matches
+       the string of characters that an  identical  standalone  pattern  would
+       match, if anchored at the current point in the subject string.
+
+       Atomic grouping subpatterns are not capturing subpatterns. Simple cases
+       such as the above example can be thought of as a maximizing repeat that
+       must  swallow  everything  it can. So, while both \d+ and \d+? are pre-
+       pared to adjust the number of digits they match in order  to  make  the
+       rest of the pattern match, (?>\d+) can only match an entire sequence of
+       digits.
+
+       Atomic groups in general can of course contain arbitrarily  complicated
+       subpatterns,  and  can  be  nested. However, when the subpattern for an
+       atomic group is just a single repeated item, as in the example above, a
+       simpler  notation,  called  a "possessive quantifier" can be used. This
+       consists of an additional + character  following  a  quantifier.  Using
+       this notation, the previous example can be rewritten as
+
+         \d++foo
+
+       Note that a possessive quantifier can be used with an entire group, for
+       example:
+
+         (abc|xyz){2,3}+
+
+       Possessive  quantifiers  are  always  greedy;  the   setting   of   the
+       PCRE_UNGREEDY option is ignored. They are a convenient notation for the
+       simpler forms of atomic group. However, there is no difference  in  the
+       meaning  of  a  possessive  quantifier and the equivalent atomic group,
+       though there may be a performance  difference;  possessive  quantifiers
+       should be slightly faster.
+
+       The  possessive  quantifier syntax is an extension to the Perl 5.8 syn-
+       tax.  Jeffrey Friedl originated the idea (and the name)  in  the  first
+       edition of his book. Mike McCloskey liked it, so implemented it when he
+       built Sun's Java package, and PCRE copied it from there. It  ultimately
+       found its way into Perl at release 5.10.
+
+       PCRE has an optimization that automatically "possessifies" certain sim-
+       ple pattern constructs. For example, the sequence  A+B  is  treated  as
+       A++B  because  there is no point in backtracking into a sequence of A's
+       when B must follow.
+
+       When a pattern contains an unlimited repeat inside  a  subpattern  that
+       can  itself  be  repeated  an  unlimited number of times, the use of an
+       atomic group is the only way to avoid some  failing  matches  taking  a
+       very long time indeed. The pattern
+
+         (\D+|<\d+>)*[!?]
+
+       matches  an  unlimited number of substrings that either consist of non-
+       digits, or digits enclosed in <>, followed by either ! or  ?.  When  it
+       matches, it runs quickly. However, if it is applied to
+
+         aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa
+
+       it  takes  a  long  time  before reporting failure. This is because the
+       string can be divided between the internal \D+ repeat and the  external
+       *  repeat  in  a  large  number of ways, and all have to be tried. (The
+       example uses [!?] rather than a single character at  the  end,  because
+       both  PCRE  and  Perl have an optimization that allows for fast failure
+       when a single character is used. They remember the last single  charac-
+       ter  that  is required for a match, and fail early if it is not present
+       in the string.) If the pattern is changed so that  it  uses  an  atomic
+       group, like this:
+
+         ((?>\D+)|<\d+>)*[!?]
+
+       sequences of non-digits cannot be broken, and failure happens quickly.
+
+
+BACK REFERENCES
+
+       Outside a character class, a backslash followed by a digit greater than
+       0 (and possibly further digits) is a back reference to a capturing sub-
+       pattern  earlier  (that is, to its left) in the pattern, provided there
+       have been that many previous capturing left parentheses.
+
+       However, if the decimal number following the backslash is less than 10,
+       it  is  always  taken  as a back reference, and causes an error only if
+       there are not that many capturing left parentheses in the  entire  pat-
+       tern.  In  other words, the parentheses that are referenced need not be
+       to the left of the reference for numbers less than 10. A "forward  back
+       reference"  of  this  type can make sense when a repetition is involved
+       and the subpattern to the right has participated in an  earlier  itera-
+       tion.
+
+       It  is  not  possible to have a numerical "forward back reference" to a
+       subpattern whose number is 10 or  more  using  this  syntax  because  a
+       sequence  such  as  \50 is interpreted as a character defined in octal.
+       See the subsection entitled "Non-printing characters" above for further
+       details  of  the  handling of digits following a backslash. There is no
+       such problem when named parentheses are used. A back reference  to  any
+       subpattern is possible using named parentheses (see below).
+
+       Another  way  of  avoiding  the ambiguity inherent in the use of digits
+       following a backslash is to use the \g  escape  sequence.  This  escape
+       must be followed by an unsigned number or a negative number, optionally
+       enclosed in braces. These examples are all identical:
+
+         (ring), \1
+         (ring), \g1
+         (ring), \g{1}
+
+       An unsigned number specifies an absolute reference without the  ambigu-
+       ity that is present in the older syntax. It is also useful when literal
+       digits follow the reference. A negative number is a relative reference.
+       Consider this example:
+
+         (abc(def)ghi)\g{-1}
+
+       The sequence \g{-1} is a reference to the most recently started captur-
+       ing subpattern before \g, that is, is it equivalent to \2 in this exam-
+       ple.   Similarly, \g{-2} would be equivalent to \1. The use of relative
+       references can be helpful in long patterns, and also in  patterns  that
+       are  created  by  joining  together  fragments  that contain references
+       within themselves.
+
+       A back reference matches whatever actually matched the  capturing  sub-
+       pattern  in  the  current subject string, rather than anything matching
+       the subpattern itself (see "Subpatterns as subroutines" below for a way
+       of doing that). So the pattern
+
+         (sens|respons)e and \1ibility
+
+       matches  "sense and sensibility" and "response and responsibility", but
+       not "sense and responsibility". If caseful matching is in force at  the
+       time  of the back reference, the case of letters is relevant. For exam-
+       ple,
+
+         ((?i)rah)\s+\1
+
+       matches "rah rah" and "RAH RAH", but not "RAH  rah",  even  though  the
+       original capturing subpattern is matched caselessly.
+
+       There  are  several  different ways of writing back references to named
+       subpatterns. The .NET syntax \k{name} and the Perl syntax  \k<name>  or
+       \k'name'  are supported, as is the Python syntax (?P=name). Perl 5.10's
+       unified back reference syntax, in which \g can be used for both numeric
+       and  named  references,  is  also supported. We could rewrite the above
+       example in any of the following ways:
+
+         (?<p1>(?i)rah)\s+\k<p1>
+         (?'p1'(?i)rah)\s+\k{p1}
+         (?P<p1>(?i)rah)\s+(?P=p1)
+         (?<p1>(?i)rah)\s+\g{p1}
+
+       A subpattern that is referenced by  name  may  appear  in  the  pattern
+       before or after the reference.
+
+       There  may be more than one back reference to the same subpattern. If a
+       subpattern has not actually been used in a particular match,  any  back
+       references to it always fail by default. For example, the pattern
+
+         (a|(bc))\2
+
+       always  fails  if  it starts to match "a" rather than "bc". However, if
+       the PCRE_JAVASCRIPT_COMPAT option is set at compile time, a back refer-
+       ence to an unset value matches an empty string.
+
+       Because  there may be many capturing parentheses in a pattern, all dig-
+       its following a backslash are taken as part of a potential back  refer-
+       ence  number.   If  the  pattern continues with a digit character, some
+       delimiter must  be  used  to  terminate  the  back  reference.  If  the
+       PCRE_EXTENDED  option  is  set, this can be white space. Otherwise, the
+       \g{ syntax or an empty comment (see "Comments" below) can be used.
+
+   Recursive back references
+
+       A back reference that occurs inside the parentheses to which it  refers
+       fails  when  the subpattern is first used, so, for example, (a\1) never
+       matches.  However, such references can be useful inside  repeated  sub-
+       patterns. For example, the pattern
+
+         (a|b\1)+
+
+       matches any number of "a"s and also "aba", "ababbaa" etc. At each iter-
+       ation of the subpattern,  the  back  reference  matches  the  character
+       string  corresponding  to  the previous iteration. In order for this to
+       work, the pattern must be such that the first iteration does  not  need
+       to  match the back reference. This can be done using alternation, as in
+       the example above, or by a quantifier with a minimum of zero.
+
+       Back references of this type cause the group that they reference to  be
+       treated  as  an atomic group.  Once the whole group has been matched, a
+       subsequent matching failure cannot cause backtracking into  the  middle
+       of the group.
+
+
+ASSERTIONS
+
+       An  assertion  is  a  test on the characters following or preceding the
+       current matching point that does not actually consume  any  characters.
+       The  simple  assertions  coded  as  \b, \B, \A, \G, \Z, \z, ^ and $ are
+       described above.
+
+       More complicated assertions are coded as  subpatterns.  There  are  two
+       kinds:  those  that  look  ahead of the current position in the subject
+       string, and those that look  behind  it.  An  assertion  subpattern  is
+       matched  in  the  normal way, except that it does not cause the current
+       matching position to be changed.
+
+       Assertion subpatterns are not capturing subpatterns. If such an  asser-
+       tion  contains  capturing  subpatterns within it, these are counted for
+       the purposes of numbering the capturing subpatterns in the  whole  pat-
+       tern.  However,  substring  capturing  is carried out only for positive
+       assertions. (Perl sometimes, but not always, does do capturing in nega-
+       tive assertions.)
+
+       WARNING:  If a positive assertion containing one or more capturing sub-
+       patterns succeeds, but failure to match later  in  the  pattern  causes
+       backtracking over this assertion, the captures within the assertion are
+       reset only if no higher numbered captures are  already  set.  This  is,
+       unfortunately,  a fundamental limitation of the current implementation,
+       and as PCRE1 is now in maintenance-only status, it is unlikely ever  to
+       change.
+
+       For  compatibility  with  Perl,  assertion subpatterns may be repeated;
+       though it makes no sense to assert the same thing  several  times,  the
+       side  effect  of  capturing  parentheses may occasionally be useful. In
+       practice, there only three cases:
+
+       (1) If the quantifier is {0}, the  assertion  is  never  obeyed  during
+       matching.   However,  it  may  contain internal capturing parenthesized
+       groups that are called from elsewhere via the subroutine mechanism.
+
+       (2) If quantifier is {0,n} where n is greater than zero, it is  treated
+       as  if  it  were  {0,1}.  At run time, the rest of the pattern match is
+       tried with and without the assertion, the order depending on the greed-
+       iness of the quantifier.
+
+       (3)  If  the minimum repetition is greater than zero, the quantifier is
+       ignored.  The assertion is obeyed just  once  when  encountered  during
+       matching.
+
+   Lookahead assertions
+
+       Lookahead assertions start with (?= for positive assertions and (?! for
+       negative assertions. For example,
+
+         \w+(?=;)
+
+       matches a word followed by a semicolon, but does not include the  semi-
+       colon in the match, and
+
+         foo(?!bar)
+
+       matches  any  occurrence  of  "foo" that is not followed by "bar". Note
+       that the apparently similar pattern
+
+         (?!foo)bar
+
+       does not find an occurrence of "bar"  that  is  preceded  by  something
+       other  than "foo"; it finds any occurrence of "bar" whatsoever, because
+       the assertion (?!foo) is always true when the next three characters are
+       "bar". A lookbehind assertion is needed to achieve the other effect.
+
+       If you want to force a matching failure at some point in a pattern, the
+       most convenient way to do it is  with  (?!)  because  an  empty  string
+       always  matches, so an assertion that requires there not to be an empty
+       string must always fail.  The backtracking control verb (*FAIL) or (*F)
+       is a synonym for (?!).
+
+   Lookbehind assertions
+
+       Lookbehind  assertions start with (?<= for positive assertions and (?<!
+       for negative assertions. For example,
+
+         (?<!foo)bar
+
+       does find an occurrence of "bar" that is not  preceded  by  "foo".  The
+       contents  of  a  lookbehind  assertion are restricted such that all the
+       strings it matches must have a fixed length. However, if there are sev-
+       eral  top-level  alternatives,  they  do  not all have to have the same
+       fixed length. Thus
+
+         (?<=bullock|donkey)
+
+       is permitted, but
+
+         (?<!dogs?|cats?)
+
+       causes an error at compile time. Branches that match  different  length
+       strings  are permitted only at the top level of a lookbehind assertion.
+       This is an extension compared with Perl, which requires all branches to
+       match the same length of string. An assertion such as
+
+         (?<=ab(c|de))
+
+       is  not  permitted,  because  its single top-level branch can match two
+       different lengths, but it is acceptable to PCRE if rewritten to use two
+       top-level branches:
+
+         (?<=abc|abde)
+
+       In  some  cases, the escape sequence \K (see above) can be used instead
+       of a lookbehind assertion to get round the fixed-length restriction.
+
+       The implementation of lookbehind assertions is, for  each  alternative,
+       to  temporarily  move the current position back by the fixed length and
+       then try to match. If there are insufficient characters before the cur-
+       rent position, the assertion fails.
+
+       In  a UTF mode, PCRE does not allow the \C escape (which matches a sin-
+       gle data unit even in a UTF mode) to appear in  lookbehind  assertions,
+       because  it  makes it impossible to calculate the length of the lookbe-
+       hind. The \X and \R escapes, which can match different numbers of  data
+       units, are also not permitted.
+
+       "Subroutine"  calls  (see below) such as (?2) or (?&X) are permitted in
+       lookbehinds, as long as the subpattern matches a  fixed-length  string.
+       Recursion, however, is not supported.
+
+       Possessive  quantifiers  can  be  used  in  conjunction with lookbehind
+       assertions to specify efficient matching of fixed-length strings at the
+       end of subject strings. Consider a simple pattern such as
+
+         abcd$
+
+       when  applied  to  a  long string that does not match. Because matching
+       proceeds from left to right, PCRE will look for each "a" in the subject
+       and  then  see  if what follows matches the rest of the pattern. If the
+       pattern is specified as
+
+         ^.*abcd$
+
+       the initial .* matches the entire string at first, but when this  fails
+       (because there is no following "a"), it backtracks to match all but the
+       last character, then all but the last two characters, and so  on.  Once
+       again  the search for "a" covers the entire string, from right to left,
+       so we are no better off. However, if the pattern is written as
+
+         ^.*+(?<=abcd)
+
+       there can be no backtracking for the .*+ item; it can  match  only  the
+       entire  string.  The subsequent lookbehind assertion does a single test
+       on the last four characters. If it fails, the match fails  immediately.
+       For  long  strings, this approach makes a significant difference to the
+       processing time.
+
+   Using multiple assertions
+
+       Several assertions (of any sort) may occur in succession. For example,
+
+         (?<=\d{3})(?<!999)foo
+
+       matches "foo" preceded by three digits that are not "999". Notice  that
+       each  of  the  assertions is applied independently at the same point in
+       the subject string. First there is a  check  that  the  previous  three
+       characters  are  all  digits,  and  then there is a check that the same
+       three characters are not "999".  This pattern does not match "foo" pre-
+       ceded  by  six  characters,  the first of which are digits and the last
+       three of which are not "999". For example, it  doesn't  match  "123abc-
+       foo". A pattern to do that is
+
+         (?<=\d{3}...)(?<!999)foo
+
+       This  time  the  first assertion looks at the preceding six characters,
+       checking that the first three are digits, and then the second assertion
+       checks that the preceding three characters are not "999".
+
+       Assertions can be nested in any combination. For example,
+
+         (?<=(?<!foo)bar)baz
+
+       matches  an occurrence of "baz" that is preceded by "bar" which in turn
+       is not preceded by "foo", while
+
+         (?<=\d{3}(?!999)...)foo
+
+       is another pattern that matches "foo" preceded by three digits and  any
+       three characters that are not "999".
+
+
+CONDITIONAL SUBPATTERNS
+
+       It  is possible to cause the matching process to obey a subpattern con-
+       ditionally or to choose between two alternative subpatterns,  depending
+       on  the result of an assertion, or whether a specific capturing subpat-
+       tern has already been matched. The two possible  forms  of  conditional
+       subpattern are:
+
+         (?(condition)yes-pattern)
+         (?(condition)yes-pattern|no-pattern)
+
+       If  the  condition is satisfied, the yes-pattern is used; otherwise the
+       no-pattern (if present) is used. If there are more  than  two  alterna-
+       tives  in  the subpattern, a compile-time error occurs. Each of the two
+       alternatives may itself contain nested subpatterns of any form, includ-
+       ing  conditional  subpatterns;  the  restriction  to  two  alternatives
+       applies only at the level of the condition. This pattern fragment is an
+       example where the alternatives are complex:
+
+         (?(1) (A|B|C) | (D | (?(2)E|F) | E) )
+
+
+       There  are  four  kinds of condition: references to subpatterns, refer-
+       ences to recursion, a pseudo-condition called DEFINE, and assertions.
+
+   Checking for a used subpattern by number
+
+       If the text between the parentheses consists of a sequence  of  digits,
+       the condition is true if a capturing subpattern of that number has pre-
+       viously matched. If there is more than one  capturing  subpattern  with
+       the  same  number  (see  the earlier section about duplicate subpattern
+       numbers), the condition is true if any of them have matched. An  alter-
+       native  notation is to precede the digits with a plus or minus sign. In
+       this case, the subpattern number is relative rather than absolute.  The
+       most  recently opened parentheses can be referenced by (?(-1), the next
+       most recent by (?(-2), and so on. Inside loops it can also  make  sense
+       to refer to subsequent groups. The next parentheses to be opened can be
+       referenced as (?(+1), and so on. (The value zero in any of these  forms
+       is not used; it provokes a compile-time error.)
+
+       Consider  the  following  pattern, which contains non-significant white
+       space to make it more readable (assume the PCRE_EXTENDED option) and to
+       divide it into three parts for ease of discussion:
+
+         ( \( )?    [^()]+    (?(1) \) )
+
+       The  first  part  matches  an optional opening parenthesis, and if that
+       character is present, sets it as the first captured substring. The sec-
+       ond  part  matches one or more characters that are not parentheses. The
+       third part is a conditional subpattern that tests whether  or  not  the
+       first  set  of  parentheses  matched.  If they did, that is, if subject
+       started with an opening parenthesis, the condition is true, and so  the
+       yes-pattern  is  executed and a closing parenthesis is required. Other-
+       wise, since no-pattern is not present, the subpattern matches  nothing.
+       In  other  words,  this  pattern matches a sequence of non-parentheses,
+       optionally enclosed in parentheses.
+
+       If you were embedding this pattern in a larger one,  you  could  use  a
+       relative reference:
+
+         ...other stuff... ( \( )?    [^()]+    (?(-1) \) ) ...
+
+       This  makes  the  fragment independent of the parentheses in the larger
+       pattern.
+
+   Checking for a used subpattern by name
+
+       Perl uses the syntax (?(<name>)...) or (?('name')...)  to  test  for  a
+       used  subpattern  by  name.  For compatibility with earlier versions of
+       PCRE, which had this facility before Perl, the syntax  (?(name)...)  is
+       also recognized.
+
+       Rewriting the above example to use a named subpattern gives this:
+
+         (?<OPEN> \( )?    [^()]+    (?(<OPEN>) \) )
+
+       If  the  name used in a condition of this kind is a duplicate, the test
+       is applied to all subpatterns of the same name, and is true if any  one
+       of them has matched.
+
+   Checking for pattern recursion
+
+       If the condition is the string (R), and there is no subpattern with the
+       name R, the condition is true if a recursive call to the whole  pattern
+       or any subpattern has been made. If digits or a name preceded by amper-
+       sand follow the letter R, for example:
+
+         (?(R3)...) or (?(R&name)...)
+
+       the condition is true if the most recent recursion is into a subpattern
+       whose number or name is given. This condition does not check the entire
+       recursion stack. If the name used in a condition  of  this  kind  is  a
+       duplicate, the test is applied to all subpatterns of the same name, and
+       is true if any one of them is the most recent recursion.
+
+       At "top level", all these recursion test  conditions  are  false.   The
+       syntax for recursive patterns is described below.
+
+   Defining subpatterns for use by reference only
+
+       If  the  condition  is  the string (DEFINE), and there is no subpattern
+       with the name DEFINE, the condition is  always  false.  In  this  case,
+       there  may  be  only  one  alternative  in the subpattern. It is always
+       skipped if control reaches this point  in  the  pattern;  the  idea  of
+       DEFINE  is that it can be used to define subroutines that can be refer-
+       enced from elsewhere. (The use of subroutines is described below.)  For
+       example,  a  pattern  to match an IPv4 address such as "192.168.23.245"
+       could be written like this (ignore white space and line breaks):
+
+         (?(DEFINE) (?<byte> 2[0-4]\d | 25[0-5] | 1\d\d | [1-9]?\d) )
+         \b (?&byte) (\.(?&byte)){3} \b
+
+       The first part of the pattern is a DEFINE group inside which a  another
+       group  named "byte" is defined. This matches an individual component of
+       an IPv4 address (a number less than 256). When  matching  takes  place,
+       this  part  of  the pattern is skipped because DEFINE acts like a false
+       condition. The rest of the pattern uses references to the  named  group
+       to  match the four dot-separated components of an IPv4 address, insist-
+       ing on a word boundary at each end.
+
+   Assertion conditions
+
+       If the condition is not in any of the above  formats,  it  must  be  an
+       assertion.   This may be a positive or negative lookahead or lookbehind
+       assertion. Consider  this  pattern,  again  containing  non-significant
+       white space, and with the two alternatives on the second line:
+
+         (?(?=[^a-z]*[a-z])
+         \d{2}-[a-z]{3}-\d{2}  |  \d{2}-\d{2}-\d{2} )
+
+       The  condition  is  a  positive  lookahead  assertion  that  matches an
+       optional sequence of non-letters followed by a letter. In other  words,
+       it  tests  for the presence of at least one letter in the subject. If a
+       letter is found, the subject is matched against the first  alternative;
+       otherwise  it  is  matched  against  the  second.  This pattern matches
+       strings in one of the two forms dd-aaa-dd or dd-dd-dd,  where  aaa  are
+       letters and dd are digits.
+
+
+COMMENTS
+
+       There are two ways of including comments in patterns that are processed
+       by PCRE. In both cases, the start of the comment must not be in a char-
+       acter class, nor in the middle of any other sequence of related charac-
+       ters such as (?: or a subpattern name or number.  The  characters  that
+       make up a comment play no part in the pattern matching.
+
+       The  sequence (?# marks the start of a comment that continues up to the
+       next closing parenthesis. Nested parentheses are not permitted. If  the
+       PCRE_EXTENDED option is set, an unescaped # character also introduces a
+       comment, which in this case continues to  immediately  after  the  next
+       newline  character  or character sequence in the pattern. Which charac-
+       ters are interpreted as newlines is controlled by the options passed to
+       a  compiling function or by a special sequence at the start of the pat-
+       tern, as described in the section entitled "Newline conventions" above.
+       Note that the end of this type of comment is a literal newline sequence
+       in the pattern; escape sequences that happen to represent a newline  do
+       not  count.  For  example,  consider this pattern when PCRE_EXTENDED is
+       set, and the default newline convention is in force:
+
+         abc #comment \n still comment
+
+       On encountering the # character, pcre_compile()  skips  along,  looking
+       for  a newline in the pattern. The sequence \n is still literal at this
+       stage, so it does not terminate the comment. Only an  actual  character
+       with the code value 0x0a (the default newline) does so.
+
+
+RECURSIVE PATTERNS
+
+       Consider  the problem of matching a string in parentheses, allowing for
+       unlimited nested parentheses. Without the use of  recursion,  the  best
+       that  can  be  done  is  to use a pattern that matches up to some fixed
+       depth of nesting. It is not possible to  handle  an  arbitrary  nesting
+       depth.
+
+       For some time, Perl has provided a facility that allows regular expres-
+       sions to recurse (amongst other things). It does this by  interpolating
+       Perl  code in the expression at run time, and the code can refer to the
+       expression itself. A Perl pattern using code interpolation to solve the
+       parentheses problem can be created like this:
+
+         $re = qr{\( (?: (?>[^()]+) | (?p{$re}) )* \)}x;
+
+       The (?p{...}) item interpolates Perl code at run time, and in this case
+       refers recursively to the pattern in which it appears.
+
+       Obviously, PCRE cannot support the interpolation of Perl code. Instead,
+       it  supports  special  syntax  for recursion of the entire pattern, and
+       also for individual subpattern recursion.  After  its  introduction  in
+       PCRE  and  Python,  this  kind of recursion was subsequently introduced
+       into Perl at release 5.10.
+
+       A special item that consists of (? followed by a  number  greater  than
+       zero  and  a  closing parenthesis is a recursive subroutine call of the
+       subpattern of the given number, provided that  it  occurs  inside  that
+       subpattern.  (If  not,  it is a non-recursive subroutine call, which is
+       described in the next section.) The special item  (?R)  or  (?0)  is  a
+       recursive call of the entire regular expression.
+
+       This  PCRE  pattern  solves  the nested parentheses problem (assume the
+       PCRE_EXTENDED option is set so that white space is ignored):
+
+         \( ( [^()]++ | (?R) )* \)
+
+       First it matches an opening parenthesis. Then it matches any number  of
+       substrings  which  can  either  be  a sequence of non-parentheses, or a
+       recursive match of the pattern itself (that is, a  correctly  parenthe-
+       sized substring).  Finally there is a closing parenthesis. Note the use
+       of a possessive quantifier to avoid backtracking into sequences of non-
+       parentheses.
+
+       If  this  were  part of a larger pattern, you would not want to recurse
+       the entire pattern, so instead you could use this:
+
+         ( \( ( [^()]++ | (?1) )* \) )
+
+       We have put the pattern into parentheses, and caused the  recursion  to
+       refer to them instead of the whole pattern.
+
+       In  a  larger  pattern,  keeping  track  of  parenthesis numbers can be
+       tricky. This is made easier by the use of relative references.  Instead
+       of (?1) in the pattern above you can write (?-2) to refer to the second
+       most recently opened parentheses  preceding  the  recursion.  In  other
+       words,  a  negative  number counts capturing parentheses leftwards from
+       the point at which it is encountered.
+
+       It is also possible to refer to  subsequently  opened  parentheses,  by
+       writing  references  such  as (?+2). However, these cannot be recursive
+       because the reference is not inside the  parentheses  that  are  refer-
+       enced.  They are always non-recursive subroutine calls, as described in
+       the next section.
+
+       An alternative approach is to use named parentheses instead.  The  Perl
+       syntax  for  this  is (?&name); PCRE's earlier syntax (?P>name) is also
+       supported. We could rewrite the above example as follows:
+
+         (?<pn> \( ( [^()]++ | (?&pn) )* \) )
+
+       If there is more than one subpattern with the same name,  the  earliest
+       one is used.
+
+       This  particular  example pattern that we have been looking at contains
+       nested unlimited repeats, and so the use of a possessive quantifier for
+       matching strings of non-parentheses is important when applying the pat-
+       tern to strings that do not match. For example, when  this  pattern  is
+       applied to
+
+         (aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa()
+
+       it  yields  "no  match" quickly. However, if a possessive quantifier is
+       not used, the match runs for a very long time indeed because there  are
+       so  many  different  ways the + and * repeats can carve up the subject,
+       and all have to be tested before failure can be reported.
+
+       At the end of a match, the values of capturing  parentheses  are  those
+       from  the outermost level. If you want to obtain intermediate values, a
+       callout function can be used (see below and the pcrecallout  documenta-
+       tion). If the pattern above is matched against
+
+         (ab(cd)ef)
+
+       the  value  for  the  inner capturing parentheses (numbered 2) is "ef",
+       which is the last value taken on at the top level. If a capturing  sub-
+       pattern  is  not  matched at the top level, its final captured value is
+       unset, even if it was (temporarily) set at a deeper  level  during  the
+       matching process.
+
+       If  there are more than 15 capturing parentheses in a pattern, PCRE has
+       to obtain extra memory to store data during a recursion, which it  does
+       by using pcre_malloc, freeing it via pcre_free afterwards. If no memory
+       can be obtained, the match fails with the PCRE_ERROR_NOMEMORY error.
+
+       Do not confuse the (?R) item with the condition (R),  which  tests  for
+       recursion.   Consider  this pattern, which matches text in angle brack-
+       ets, allowing for arbitrary nesting. Only digits are allowed in  nested
+       brackets  (that is, when recursing), whereas any characters are permit-
+       ted at the outer level.
+
+         < (?: (?(R) \d++  | [^<>]*+) | (?R)) * >
+
+       In this pattern, (?(R) is the start of a conditional  subpattern,  with
+       two  different  alternatives for the recursive and non-recursive cases.
+       The (?R) item is the actual recursive call.
+
+   Differences in recursion processing between PCRE and Perl
+
+       Recursion processing in PCRE differs from Perl in two  important  ways.
+       In  PCRE (like Python, but unlike Perl), a recursive subpattern call is
+       always treated as an atomic group. That is, once it has matched some of
+       the subject string, it is never re-entered, even if it contains untried
+       alternatives and there is a subsequent matching failure.  This  can  be
+       illustrated  by the following pattern, which purports to match a palin-
+       dromic string that contains an odd number of characters  (for  example,
+       "a", "aba", "abcba", "abcdcba"):
+
+         ^(.|(.)(?1)\2)$
+
+       The idea is that it either matches a single character, or two identical
+       characters surrounding a sub-palindrome. In Perl, this  pattern  works;
+       in  PCRE  it  does  not if the pattern is longer than three characters.
+       Consider the subject string "abcba":
+
+       At the top level, the first character is matched, but as it is  not  at
+       the end of the string, the first alternative fails; the second alterna-
+       tive is taken and the recursion kicks in. The recursive call to subpat-
+       tern  1  successfully  matches the next character ("b"). (Note that the
+       beginning and end of line tests are not part of the recursion).
+
+       Back at the top level, the next character ("c") is compared  with  what
+       subpattern  2 matched, which was "a". This fails. Because the recursion
+       is treated as an atomic group, there are now  no  backtracking  points,
+       and  so  the  entire  match fails. (Perl is able, at this point, to re-
+       enter the recursion and try the second alternative.)  However,  if  the
+       pattern is written with the alternatives in the other order, things are
+       different:
+
+         ^((.)(?1)\2|.)$
+
+       This time, the recursing alternative is tried first, and  continues  to
+       recurse  until  it runs out of characters, at which point the recursion
+       fails. But this time we do have  another  alternative  to  try  at  the
+       higher  level.  That  is  the  big difference: in the previous case the
+       remaining alternative is at a deeper recursion level, which PCRE cannot
+       use.
+
+       To  change  the pattern so that it matches all palindromic strings, not
+       just those with an odd number of characters, it is tempting  to  change
+       the pattern to this:
+
+         ^((.)(?1)\2|.?)$
+
+       Again,  this  works  in Perl, but not in PCRE, and for the same reason.
+       When a deeper recursion has matched a single character,  it  cannot  be
+       entered  again  in  order  to match an empty string. The solution is to
+       separate the two cases, and write out the odd and even cases as  alter-
+       natives at the higher level:
+
+         ^(?:((.)(?1)\2|)|((.)(?3)\4|.))
+
+       If  you  want  to match typical palindromic phrases, the pattern has to
+       ignore all non-word characters, which can be done like this:
+
+         ^\W*+(?:((.)\W*+(?1)\W*+\2|)|((.)\W*+(?3)\W*+\4|\W*+.\W*+))\W*+$
+
+       If run with the PCRE_CASELESS option, this pattern matches phrases such
+       as "A man, a plan, a canal: Panama!" and it works well in both PCRE and
+       Perl. Note the use of the possessive quantifier *+ to avoid  backtrack-
+       ing  into  sequences of non-word characters. Without this, PCRE takes a
+       great deal longer (ten times or more) to  match  typical  phrases,  and
+       Perl takes so long that you think it has gone into a loop.
+
+       WARNING:  The  palindrome-matching patterns above work only if the sub-
+       ject string does not start with a palindrome that is shorter  than  the
+       entire  string.  For example, although "abcba" is correctly matched, if
+       the subject is "ababa", PCRE finds the palindrome "aba" at  the  start,
+       then  fails at top level because the end of the string does not follow.
+       Once again, it cannot jump back into the recursion to try other  alter-
+       natives, so the entire match fails.
+
+       The  second  way  in which PCRE and Perl differ in their recursion pro-
+       cessing is in the handling of captured values. In Perl, when a  subpat-
+       tern  is  called recursively or as a subpattern (see the next section),
+       it has no access to any values that were captured  outside  the  recur-
+       sion,  whereas  in  PCRE  these values can be referenced. Consider this
+       pattern:
+
+         ^(.)(\1|a(?2))
+
+       In PCRE, this pattern matches "bab". The  first  capturing  parentheses
+       match  "b",  then in the second group, when the back reference \1 fails
+       to match "b", the second alternative matches "a" and then recurses.  In
+       the  recursion,  \1 does now match "b" and so the whole match succeeds.
+       In Perl, the pattern fails to match because inside the  recursive  call
+       \1 cannot access the externally set value.
+
+
+SUBPATTERNS AS SUBROUTINES
+
+       If  the  syntax for a recursive subpattern call (either by number or by
+       name) is used outside the parentheses to which it refers,  it  operates
+       like  a subroutine in a programming language. The called subpattern may
+       be defined before or after the reference. A numbered reference  can  be
+       absolute or relative, as in these examples:
+
+         (...(absolute)...)...(?2)...
+         (...(relative)...)...(?-1)...
+         (...(?+1)...(relative)...
+
+       An earlier example pointed out that the pattern
+
+         (sens|respons)e and \1ibility
+
+       matches  "sense and sensibility" and "response and responsibility", but
+       not "sense and responsibility". If instead the pattern
+
+         (sens|respons)e and (?1)ibility
+
+       is used, it does match "sense and responsibility" as well as the  other
+       two  strings.  Another  example  is  given  in the discussion of DEFINE
+       above.
+
+       All subroutine calls, whether recursive or not, are always  treated  as
+       atomic  groups. That is, once a subroutine has matched some of the sub-
+       ject string, it is never re-entered, even if it contains untried alter-
+       natives  and  there  is  a  subsequent  matching failure. Any capturing
+       parentheses that are set during the subroutine  call  revert  to  their
+       previous values afterwards.
+
+       Processing  options  such as case-independence are fixed when a subpat-
+       tern is defined, so if it is used as a subroutine, such options  cannot
+       be changed for different calls. For example, consider this pattern:
+
+         (abc)(?i:(?-1))
+
+       It  matches  "abcabc". It does not match "abcABC" because the change of
+       processing option does not affect the called subpattern.
+
+
+ONIGURUMA SUBROUTINE SYNTAX
+
+       For compatibility with Oniguruma, the non-Perl syntax \g followed by  a
+       name or a number enclosed either in angle brackets or single quotes, is
+       an alternative syntax for referencing a  subpattern  as  a  subroutine,
+       possibly  recursively. Here are two of the examples used above, rewrit-
+       ten using this syntax:
+
+         (?<pn> \( ( (?>[^()]+) | \g<pn> )* \) )
+         (sens|respons)e and \g'1'ibility
+
+       PCRE supports an extension to Oniguruma: if a number is preceded  by  a
+       plus or a minus sign it is taken as a relative reference. For example:
+
+         (abc)(?i:\g<-1>)
+
+       Note  that \g{...} (Perl syntax) and \g<...> (Oniguruma syntax) are not
+       synonymous. The former is a back reference; the latter is a  subroutine
+       call.
+
+
+CALLOUTS
+
+       Perl has a feature whereby using the sequence (?{...}) causes arbitrary
+       Perl code to be obeyed in the middle of matching a regular  expression.
+       This makes it possible, amongst other things, to extract different sub-
+       strings that match the same pair of parentheses when there is a repeti-
+       tion.
+
+       PCRE provides a similar feature, but of course it cannot obey arbitrary
+       Perl code. The feature is called "callout". The caller of PCRE provides
+       an  external function by putting its entry point in the global variable
+       pcre_callout (8-bit library) or pcre[16|32]_callout (16-bit  or  32-bit
+       library).   By default, this variable contains NULL, which disables all
+       calling out.
+
+       Within a regular expression, (?C) indicates the  points  at  which  the
+       external  function  is  to be called. If you want to identify different
+       callout points, you can put a number less than 256 after the letter  C.
+       The  default  value is zero.  For example, this pattern has two callout
+       points:
+
+         (?C1)abc(?C2)def
+
+       If the PCRE_AUTO_CALLOUT flag is passed to a compiling function,  call-
+       outs  are automatically installed before each item in the pattern. They
+       are all numbered 255. If there is a conditional group  in  the  pattern
+       whose condition is an assertion, an additional callout is inserted just
+       before the condition. An explicit callout may also be set at this posi-
+       tion, as in this example:
+
+         (?(?C9)(?=a)abc|def)
+
+       Note that this applies only to assertion conditions, not to other types
+       of condition.
+
+       During matching, when PCRE reaches a callout point, the external  func-
+       tion  is  called.  It  is  provided with the number of the callout, the
+       position in the pattern, and, optionally, one item of  data  originally
+       supplied  by  the caller of the matching function. The callout function
+       may cause matching to proceed, to backtrack, or to fail altogether.
+
+       By default, PCRE implements a number of optimizations at  compile  time
+       and  matching  time, and one side-effect is that sometimes callouts are
+       skipped. If you need all possible callouts to happen, you need  to  set
+       options  that  disable  the relevant optimizations. More details, and a
+       complete description of the interface  to  the  callout  function,  are
+       given in the pcrecallout documentation.
+
+
+BACKTRACKING CONTROL
+
+       Perl  5.10 introduced a number of "Special Backtracking Control Verbs",
+       which are still described in the Perl  documentation  as  "experimental
+       and  subject to change or removal in a future version of Perl". It goes
+       on to say: "Their usage in production code should  be  noted  to  avoid
+       problems  during upgrades." The same remarks apply to the PCRE features
+       described in this section.
+
+       The new verbs make use of what was previously invalid syntax: an  open-
+       ing parenthesis followed by an asterisk. They are generally of the form
+       (*VERB) or (*VERB:NAME). Some may take either form,  possibly  behaving
+       differently  depending  on  whether or not a name is present. A name is
+       any sequence of characters that does not include a closing parenthesis.
+       The maximum length of name is 255 in the 8-bit library and 65535 in the
+       16-bit and 32-bit libraries. If the name is  empty,  that  is,  if  the
+       closing  parenthesis immediately follows the colon, the effect is as if
+       the colon were not there.  Any number of these verbs  may  occur  in  a
+       pattern.
+
+       Since  these  verbs  are  specifically related to backtracking, most of
+       them can be used only when the pattern is to be matched  using  one  of
+       the  traditional  matching  functions, because these use a backtracking
+       algorithm. With the exception of (*FAIL), which behaves like a  failing
+       negative  assertion,  the  backtracking control verbs cause an error if
+       encountered by a DFA matching function.
+
+       The behaviour of these verbs in repeated  groups,  assertions,  and  in
+       subpatterns called as subroutines (whether or not recursively) is docu-
+       mented below.
+
+   Optimizations that affect backtracking verbs
+
+       PCRE contains some optimizations that are used to speed up matching  by
+       running some checks at the start of each match attempt. For example, it
+       may know the minimum length of matching subject, or that  a  particular
+       character must be present. When one of these optimizations bypasses the
+       running of a match,  any  included  backtracking  verbs  will  not,  of
+       course, be processed. You can suppress the start-of-match optimizations
+       by setting the PCRE_NO_START_OPTIMIZE  option  when  calling  pcre_com-
+       pile() or pcre_exec(), or by starting the pattern with (*NO_START_OPT).
+       There is more discussion of this option in the section entitled "Option
+       bits for pcre_exec()" in the pcreapi documentation.
+
+       Experiments  with  Perl  suggest that it too has similar optimizations,
+       sometimes leading to anomalous results.
+
+   Verbs that act immediately
+
+       The following verbs act as soon as they are encountered. They  may  not
+       be followed by a name.
+
+          (*ACCEPT)
+
+       This  verb causes the match to end successfully, skipping the remainder
+       of the pattern. However, when it is inside a subpattern that is  called
+       as  a  subroutine, only that subpattern is ended successfully. Matching
+       then continues at the outer level. If (*ACCEPT) in triggered in a posi-
+       tive  assertion,  the  assertion succeeds; in a negative assertion, the
+       assertion fails.
+
+       If (*ACCEPT) is inside capturing parentheses, the data so far  is  cap-
+       tured. For example:
+
+         A((?:A|B(*ACCEPT)|C)D)
+
+       This  matches  "AB", "AAD", or "ACD"; when it matches "AB", "B" is cap-
+       tured by the outer parentheses.
+
+         (*FAIL) or (*F)
+
+       This verb causes a matching failure, forcing backtracking to occur.  It
+       is  equivalent to (?!) but easier to read. The Perl documentation notes
+       that it is probably useful only when combined  with  (?{})  or  (??{}).
+       Those  are,  of course, Perl features that are not present in PCRE. The
+       nearest equivalent is the callout feature, as for example in this  pat-
+       tern:
+
+         a+(?C)(*FAIL)
+
+       A  match  with the string "aaaa" always fails, but the callout is taken
+       before each backtrack happens (in this example, 10 times).
+
+   Recording which path was taken
+
+       There is one verb whose main purpose  is  to  track  how  a  match  was
+       arrived  at,  though  it  also  has a secondary use in conjunction with
+       advancing the match starting point (see (*SKIP) below).
+
+         (*MARK:NAME) or (*:NAME)
+
+       A name is always  required  with  this  verb.  There  may  be  as  many
+       instances  of  (*MARK) as you like in a pattern, and their names do not
+       have to be unique.
+
+       When a match succeeds, the name of the  last-encountered  (*MARK:NAME),
+       (*PRUNE:NAME),  or  (*THEN:NAME) on the matching path is passed back to
+       the caller as  described  in  the  section  entitled  "Extra  data  for
+       pcre_exec()"  in  the  pcreapi  documentation.  Here  is  an example of
+       pcretest output, where the /K modifier requests the retrieval and  out-
+       putting of (*MARK) data:
+
+           re> /X(*MARK:A)Y|X(*MARK:B)Z/K
+         data> XY
+          0: XY
+         MK: A
+         XZ
+          0: XZ
+         MK: B
+
+       The (*MARK) name is tagged with "MK:" in this output, and in this exam-
+       ple it indicates which of the two alternatives matched. This is a  more
+       efficient  way of obtaining this information than putting each alterna-
+       tive in its own capturing parentheses.
+
+       If a verb with a name is encountered in a positive  assertion  that  is
+       true,  the  name  is recorded and passed back if it is the last-encoun-
+       tered. This does not happen for negative assertions or failing positive
+       assertions.
+
+       After  a  partial match or a failed match, the last encountered name in
+       the entire match process is returned. For example:
+
+           re> /X(*MARK:A)Y|X(*MARK:B)Z/K
+         data> XP
+         No match, mark = B
+
+       Note that in this unanchored example the  mark  is  retained  from  the
+       match attempt that started at the letter "X" in the subject. Subsequent
+       match attempts starting at "P" and then with an empty string do not get
+       as far as the (*MARK) item, but nevertheless do not reset it.
+
+       If  you  are  interested  in  (*MARK)  values after failed matches, you
+       should probably set the PCRE_NO_START_OPTIMIZE option  (see  above)  to
+       ensure that the match is always attempted.
+
+   Verbs that act after backtracking
+
+       The following verbs do nothing when they are encountered. Matching con-
+       tinues with what follows, but if there is no subsequent match,  causing
+       a  backtrack  to  the  verb, a failure is forced. That is, backtracking
+       cannot pass to the left of the verb. However, when one of  these  verbs
+       appears inside an atomic group or an assertion that is true, its effect
+       is confined to that group, because once the  group  has  been  matched,
+       there  is never any backtracking into it. In this situation, backtrack-
+       ing can "jump back" to the left of the entire atomic  group  or  asser-
+       tion.  (Remember  also,  as  stated  above, that this localization also
+       applies in subroutine calls.)
+
+       These verbs differ in exactly what kind of failure  occurs  when  back-
+       tracking  reaches  them.  The behaviour described below is what happens
+       when the verb is not in a subroutine or an assertion.  Subsequent  sec-
+       tions cover these special cases.
+
+         (*COMMIT)
+
+       This  verb, which may not be followed by a name, causes the whole match
+       to fail outright if there is a later matching failure that causes back-
+       tracking  to  reach  it.  Even if the pattern is unanchored, no further
+       attempts to find a match by advancing the starting point take place. If
+       (*COMMIT)  is  the  only backtracking verb that is encountered, once it
+       has been passed pcre_exec() is committed to finding a match at the cur-
+       rent starting point, or not at all. For example:
+
+         a+(*COMMIT)b
+
+       This  matches  "xxaab" but not "aacaab". It can be thought of as a kind
+       of dynamic anchor, or "I've started, so I must finish." The name of the
+       most  recently passed (*MARK) in the path is passed back when (*COMMIT)
+       forces a match failure.
+
+       If there is more than one backtracking verb in a pattern,  a  different
+       one  that  follows  (*COMMIT) may be triggered first, so merely passing
+       (*COMMIT) during a match does not always guarantee that a match must be
+       at this starting point.
+
+       Note  that  (*COMMIT)  at  the start of a pattern is not the same as an
+       anchor, unless PCRE's start-of-match optimizations are turned  off,  as
+       shown in this output from pcretest:
+
+           re> /(*COMMIT)abc/
+         data> xyzabc
+          0: abc
+         data> xyzabc\Y
+         No match
+
+       For this pattern, PCRE knows that any match must start with "a", so the
+       optimization skips along the subject to "a" before applying the pattern
+       to  the first set of data. The match attempt then succeeds. In the sec-
+       ond set of data, the escape sequence \Y is interpreted by the  pcretest
+       program.  It  causes  the  PCRE_NO_START_OPTIMIZE option to be set when
+       pcre_exec() is called.  This disables the optimization that skips along
+       to the first character. The pattern is now applied starting at "x", and
+       so the (*COMMIT) causes the match to  fail  without  trying  any  other
+       starting points.
+
+         (*PRUNE) or (*PRUNE:NAME)
+
+       This  verb causes the match to fail at the current starting position in
+       the subject if there is a later matching failure that causes backtrack-
+       ing  to  reach it. If the pattern is unanchored, the normal "bumpalong"
+       advance to the next starting character then happens.  Backtracking  can
+       occur  as  usual to the left of (*PRUNE), before it is reached, or when
+       matching to the right of (*PRUNE), but if there  is  no  match  to  the
+       right,  backtracking cannot cross (*PRUNE). In simple cases, the use of
+       (*PRUNE) is just an alternative to an atomic group or possessive  quan-
+       tifier, but there are some uses of (*PRUNE) that cannot be expressed in
+       any other way. In an anchored pattern (*PRUNE) has the same  effect  as
+       (*COMMIT).
+
+       The   behaviour   of   (*PRUNE:NAME)   is   the   not   the   same   as
+       (*MARK:NAME)(*PRUNE).  It is like (*MARK:NAME)  in  that  the  name  is
+       remembered  for  passing  back  to  the  caller.  However, (*SKIP:NAME)
+       searches only for names set with (*MARK).
+
+         (*SKIP)
+
+       This verb, when given without a name, is like (*PRUNE), except that  if
+       the  pattern  is unanchored, the "bumpalong" advance is not to the next
+       character, but to the position in the subject where (*SKIP) was encoun-
+       tered.  (*SKIP)  signifies that whatever text was matched leading up to
+       it cannot be part of a successful match. Consider:
+
+         a+(*SKIP)b
+
+       If the subject is "aaaac...",  after  the  first  match  attempt  fails
+       (starting  at  the  first  character in the string), the starting point
+       skips on to start the next attempt at "c". Note that a possessive quan-
+       tifer  does not have the same effect as this example; although it would
+       suppress backtracking  during  the  first  match  attempt,  the  second
+       attempt  would  start at the second character instead of skipping on to
+       "c".
+
+         (*SKIP:NAME)
+
+       When (*SKIP) has an associated name, its behaviour is modified. When it
+       is triggered, the previous path through the pattern is searched for the
+       most recent (*MARK) that has the  same  name.  If  one  is  found,  the
+       "bumpalong" advance is to the subject position that corresponds to that
+       (*MARK) instead of to where (*SKIP) was encountered. If no (*MARK) with
+       a matching name is found, the (*SKIP) is ignored.
+
+       Note  that (*SKIP:NAME) searches only for names set by (*MARK:NAME). It
+       ignores names that are set by (*PRUNE:NAME) or (*THEN:NAME).
+
+         (*THEN) or (*THEN:NAME)
+
+       This verb causes a skip to the next innermost  alternative  when  back-
+       tracking  reaches  it.  That  is,  it  cancels any further backtracking
+       within the current alternative. Its name  comes  from  the  observation
+       that it can be used for a pattern-based if-then-else block:
+
+         ( COND1 (*THEN) FOO | COND2 (*THEN) BAR | COND3 (*THEN) BAZ ) ...
+
+       If  the COND1 pattern matches, FOO is tried (and possibly further items
+       after the end of the group if FOO succeeds); on  failure,  the  matcher
+       skips  to  the second alternative and tries COND2, without backtracking
+       into COND1. If that succeeds and BAR fails, COND3 is tried.  If  subse-
+       quently  BAZ fails, there are no more alternatives, so there is a back-
+       track to whatever came before the  entire  group.  If  (*THEN)  is  not
+       inside an alternation, it acts like (*PRUNE).
+
+       The    behaviour   of   (*THEN:NAME)   is   the   not   the   same   as
+       (*MARK:NAME)(*THEN).  It is like  (*MARK:NAME)  in  that  the  name  is
+       remembered  for  passing  back  to  the  caller.  However, (*SKIP:NAME)
+       searches only for names set with (*MARK).
+
+       A subpattern that does not contain a | character is just a part of  the
+       enclosing  alternative;  it  is  not a nested alternation with only one
+       alternative. The effect of (*THEN) extends beyond such a subpattern  to
+       the  enclosing alternative. Consider this pattern, where A, B, etc. are
+       complex pattern fragments that do not contain any | characters at  this
+       level:
+
+         A (B(*THEN)C) | D
+
+       If  A and B are matched, but there is a failure in C, matching does not
+       backtrack into A; instead it moves to the next alternative, that is, D.
+       However,  if the subpattern containing (*THEN) is given an alternative,
+       it behaves differently:
+
+         A (B(*THEN)C | (*FAIL)) | D
+
+       The effect of (*THEN) is now confined to the inner subpattern. After  a
+       failure in C, matching moves to (*FAIL), which causes the whole subpat-
+       tern to fail because there are no more alternatives  to  try.  In  this
+       case, matching does now backtrack into A.
+
+       Note  that  a  conditional  subpattern  is not considered as having two
+       alternatives, because only one is ever used.  In  other  words,  the  |
+       character in a conditional subpattern has a different meaning. Ignoring
+       white space, consider:
+
+         ^.*? (?(?=a) a | b(*THEN)c )
+
+       If the subject is "ba", this pattern does not  match.  Because  .*?  is
+       ungreedy,  it  initially  matches  zero characters. The condition (?=a)
+       then fails, the character "b" is matched,  but  "c"  is  not.  At  this
+       point,  matching does not backtrack to .*? as might perhaps be expected
+       from the presence of the | character.  The  conditional  subpattern  is
+       part of the single alternative that comprises the whole pattern, and so
+       the match fails. (If there was a backtrack into  .*?,  allowing  it  to
+       match "b", the match would succeed.)
+
+       The  verbs just described provide four different "strengths" of control
+       when subsequent matching fails. (*THEN) is the weakest, carrying on the
+       match  at  the next alternative. (*PRUNE) comes next, failing the match
+       at the current starting position, but allowing an advance to  the  next
+       character  (for an unanchored pattern). (*SKIP) is similar, except that
+       the advance may be more than one character. (*COMMIT) is the strongest,
+       causing the entire match to fail.
+
+   More than one backtracking verb
+
+       If  more  than  one  backtracking verb is present in a pattern, the one
+       that is backtracked onto first acts. For example,  consider  this  pat-
+       tern, where A, B, etc. are complex pattern fragments:
+
+         (A(*COMMIT)B(*THEN)C|ABD)
+
+       If  A matches but B fails, the backtrack to (*COMMIT) causes the entire
+       match to fail. However, if A and B match, but C fails, the backtrack to
+       (*THEN)  causes  the next alternative (ABD) to be tried. This behaviour
+       is consistent, but is not always the same as Perl's. It means  that  if
+       two  or  more backtracking verbs appear in succession, all the the last
+       of them has no effect. Consider this example:
+
+         ...(*COMMIT)(*PRUNE)...
+
+       If there is a matching failure to the right, backtracking onto (*PRUNE)
+       causes  it to be triggered, and its action is taken. There can never be
+       a backtrack onto (*COMMIT).
+
+   Backtracking verbs in repeated groups
+
+       PCRE differs from  Perl  in  its  handling  of  backtracking  verbs  in
+       repeated groups. For example, consider:
+
+         /(a(*COMMIT)b)+ac/
+
+       If  the  subject  is  "abac",  Perl matches, but PCRE fails because the
+       (*COMMIT) in the second repeat of the group acts.
+
+   Backtracking verbs in assertions
+
+       (*FAIL) in an assertion has its normal effect: it forces  an  immediate
+       backtrack.
+
+       (*ACCEPT) in a positive assertion causes the assertion to succeed with-
+       out any further processing. In a negative assertion,  (*ACCEPT)  causes
+       the assertion to fail without any further processing.
+
+       The  other  backtracking verbs are not treated specially if they appear
+       in a positive assertion. In  particular,  (*THEN)  skips  to  the  next
+       alternative  in  the  innermost  enclosing group that has alternations,
+       whether or not this is within the assertion.
+
+       Negative assertions are, however, different, in order  to  ensure  that
+       changing  a  positive  assertion  into a negative assertion changes its
+       result. Backtracking into (*COMMIT), (*SKIP), or (*PRUNE) causes a neg-
+       ative assertion to be true, without considering any further alternative
+       branches in the assertion.  Backtracking into (*THEN) causes it to skip
+       to  the next enclosing alternative within the assertion (the normal be-
+       haviour), but if the assertion  does  not  have  such  an  alternative,
+       (*THEN) behaves like (*PRUNE).
+
+   Backtracking verbs in subroutines
+
+       These  behaviours  occur whether or not the subpattern is called recur-
+       sively.  Perl's treatment of subroutines is different in some cases.
+
+       (*FAIL) in a subpattern called as a subroutine has its  normal  effect:
+       it forces an immediate backtrack.
+
+       (*ACCEPT)  in a subpattern called as a subroutine causes the subroutine
+       match to succeed without any further processing. Matching then  contin-
+       ues after the subroutine call.
+
+       (*COMMIT), (*SKIP), and (*PRUNE) in a subpattern called as a subroutine
+       cause the subroutine match to fail.
+
+       (*THEN) skips to the next alternative in the innermost enclosing  group
+       within  the subpattern that has alternatives. If there is no such group
+       within the subpattern, (*THEN) causes the subroutine match to fail.
+
+
+SEE ALSO
+
+       pcreapi(3), pcrecallout(3),  pcrematching(3),  pcresyntax(3),  pcre(3),
+       pcre16(3), pcre32(3).
+
+
+AUTHOR
+
+       Philip Hazel
+       University Computing Service
+       Cambridge CB2 3QH, England.
+
+
+REVISION
+
+       Last updated: 23 October 2016
+       Copyright (c) 1997-2016 University of Cambridge.
+------------------------------------------------------------------------------
+
+
+PCRESYNTAX(3)              Library Functions Manual              PCRESYNTAX(3)
+
+
+
+NAME
+       PCRE - Perl-compatible regular expressions
+
+PCRE REGULAR EXPRESSION SYNTAX SUMMARY
+
+       The  full syntax and semantics of the regular expressions that are sup-
+       ported by PCRE are described in  the  pcrepattern  documentation.  This
+       document contains a quick-reference summary of the syntax.
+
+
+QUOTING
+
+         \x         where x is non-alphanumeric is a literal x
+         \Q...\E    treat enclosed characters as literal
+
+
+CHARACTERS
+
+         \a         alarm, that is, the BEL character (hex 07)
+         \cx        "control-x", where x is any ASCII character
+         \e         escape (hex 1B)
+         \f         form feed (hex 0C)
+         \n         newline (hex 0A)
+         \r         carriage return (hex 0D)
+         \t         tab (hex 09)
+         \0dd       character with octal code 0dd
+         \ddd       character with octal code ddd, or backreference
+         \o{ddd..}  character with octal code ddd..
+         \xhh       character with hex code hh
+         \x{hhh..}  character with hex code hhh..
+
+       Note that \0dd is always an octal code, and that \8 and \9 are the lit-
+       eral characters "8" and "9".
+
+
+CHARACTER TYPES
+
+         .          any character except newline;
+                      in dotall mode, any character whatsoever
+         \C         one data unit, even in UTF mode (best avoided)
+         \d         a decimal digit
+         \D         a character that is not a decimal digit
+         \h         a horizontal white space character
+         \H         a character that is not a horizontal white space character
+         \N         a character that is not a newline
+         \p{xx}     a character with the xx property
+         \P{xx}     a character without the xx property
+         \R         a newline sequence
+         \s         a white space character
+         \S         a character that is not a white space character
+         \v         a vertical white space character
+         \V         a character that is not a vertical white space character
+         \w         a "word" character
+         \W         a "non-word" character
+         \X         a Unicode extended grapheme cluster
+
+       By default, \d, \s, and \w match only ASCII characters, even  in  UTF-8
+       mode  or  in  the 16- bit and 32-bit libraries. However, if locale-spe-
+       cific matching is happening, \s and \w may also match  characters  with
+       code  points  in  the range 128-255. If the PCRE_UCP option is set, the
+       behaviour of these escape sequences is changed to use  Unicode  proper-
+       ties and they match many more characters.
+
+
+GENERAL CATEGORY PROPERTIES FOR \p and \P
+
+         C          Other
+         Cc         Control
+         Cf         Format
+         Cn         Unassigned
+         Co         Private use
+         Cs         Surrogate
+
+         L          Letter
+         Ll         Lower case letter
+         Lm         Modifier letter
+         Lo         Other letter
+         Lt         Title case letter
+         Lu         Upper case letter
+         L&         Ll, Lu, or Lt
+
+         M          Mark
+         Mc         Spacing mark
+         Me         Enclosing mark
+         Mn         Non-spacing mark
+
+         N          Number
+         Nd         Decimal number
+         Nl         Letter number
+         No         Other number
+
+         P          Punctuation
+         Pc         Connector punctuation
+         Pd         Dash punctuation
+         Pe         Close punctuation
+         Pf         Final punctuation
+         Pi         Initial punctuation
+         Po         Other punctuation
+         Ps         Open punctuation
+
+         S          Symbol
+         Sc         Currency symbol
+         Sk         Modifier symbol
+         Sm         Mathematical symbol
+         So         Other symbol
+
+         Z          Separator
+         Zl         Line separator
+         Zp         Paragraph separator
+         Zs         Space separator
+
+
+PCRE SPECIAL CATEGORY PROPERTIES FOR \p and \P
+
+         Xan        Alphanumeric: union of properties L and N
+         Xps        POSIX space: property Z or tab, NL, VT, FF, CR
+         Xsp        Perl space: property Z or tab, NL, VT, FF, CR
+         Xuc        Univerally-named character: one that can be
+                      represented by a Universal Character Name
+         Xwd        Perl word: property Xan or underscore
+
+       Perl and POSIX space are now the same. Perl added VT to its space char-
+       acter set at release 5.18 and PCRE changed at release 8.34.
+
+
+SCRIPT NAMES FOR \p AND \P
+
+       Arabic, Armenian, Avestan, Balinese, Bamum, Bassa_Vah, Batak,  Bengali,
+       Bopomofo,  Brahmi,  Braille, Buginese, Buhid, Canadian_Aboriginal, Car-
+       ian, Caucasian_Albanian, Chakma, Cham, Cherokee, Common, Coptic, Cunei-
+       form, Cypriot, Cyrillic, Deseret, Devanagari, Duployan, Egyptian_Hiero-
+       glyphs,  Elbasan,  Ethiopic,  Georgian,  Glagolitic,  Gothic,  Grantha,
+       Greek,  Gujarati,  Gurmukhi,  Han,  Hangul,  Hanunoo, Hebrew, Hiragana,
+       Imperial_Aramaic,    Inherited,     Inscriptional_Pahlavi,     Inscrip-
+       tional_Parthian,   Javanese,   Kaithi,   Kannada,  Katakana,  Kayah_Li,
+       Kharoshthi, Khmer, Khojki, Khudawadi, Lao, Latin, Lepcha,  Limbu,  Lin-
+       ear_A,  Linear_B,  Lisu,  Lycian, Lydian, Mahajani, Malayalam, Mandaic,
+       Manichaean,     Meetei_Mayek,     Mende_Kikakui,      Meroitic_Cursive,
+       Meroitic_Hieroglyphs,  Miao,  Modi, Mongolian, Mro, Myanmar, Nabataean,
+       New_Tai_Lue,  Nko,  Ogham,  Ol_Chiki,  Old_Italic,   Old_North_Arabian,
+       Old_Permic, Old_Persian, Old_South_Arabian, Old_Turkic, Oriya, Osmanya,
+       Pahawh_Hmong,    Palmyrene,    Pau_Cin_Hau,    Phags_Pa,    Phoenician,
+       Psalter_Pahlavi,  Rejang,  Runic,  Samaritan, Saurashtra, Sharada, Sha-
+       vian, Siddham, Sinhala, Sora_Sompeng, Sundanese, Syloti_Nagri,  Syriac,
+       Tagalog,  Tagbanwa,  Tai_Le,  Tai_Tham, Tai_Viet, Takri, Tamil, Telugu,
+       Thaana, Thai, Tibetan, Tifinagh, Tirhuta, Ugaritic,  Vai,  Warang_Citi,
+       Yi.
+
+
+CHARACTER CLASSES
+
+         [...]       positive character class
+         [^...]      negative character class
+         [x-y]       range (can be used for hex characters)
+         [[:xxx:]]   positive POSIX named set
+         [[:^xxx:]]  negative POSIX named set
+
+         alnum       alphanumeric
+         alpha       alphabetic
+         ascii       0-127
+         blank       space or tab
+         cntrl       control character
+         digit       decimal digit
+         graph       printing, excluding space
+         lower       lower case letter
+         print       printing, including space
+         punct       printing, excluding alphanumeric
+         space       white space
+         upper       upper case letter
+         word        same as \w
+         xdigit      hexadecimal digit
+
+       In  PCRE,  POSIX character set names recognize only ASCII characters by
+       default, but some of them use Unicode properties if  PCRE_UCP  is  set.
+       You can use \Q...\E inside a character class.
+
+
+QUANTIFIERS
+
+         ?           0 or 1, greedy
+         ?+          0 or 1, possessive
+         ??          0 or 1, lazy
+         *           0 or more, greedy
+         *+          0 or more, possessive
+         *?          0 or more, lazy
+         +           1 or more, greedy
+         ++          1 or more, possessive
+         +?          1 or more, lazy
+         {n}         exactly n
+         {n,m}       at least n, no more than m, greedy
+         {n,m}+      at least n, no more than m, possessive
+         {n,m}?      at least n, no more than m, lazy
+         {n,}        n or more, greedy
+         {n,}+       n or more, possessive
+         {n,}?       n or more, lazy
+
+
+ANCHORS AND SIMPLE ASSERTIONS
+
+         \b          word boundary
+         \B          not a word boundary
+         ^           start of subject
+                      also after internal newline in multiline mode
+         \A          start of subject
+         $           end of subject
+                      also before newline at end of subject
+                      also before internal newline in multiline mode
+         \Z          end of subject
+                      also before newline at end of subject
+         \z          end of subject
+         \G          first matching position in subject
+
+
+MATCH POINT RESET
+
+         \K          reset start of match
+
+       \K is honoured in positive assertions, but ignored in negative ones.
+
+
+ALTERNATION
+
+         expr|expr|expr...
+
+
+CAPTURING
+
+         (...)           capturing group
+         (?<name>...)    named capturing group (Perl)
+         (?'name'...)    named capturing group (Perl)
+         (?P<name>...)   named capturing group (Python)
+         (?:...)         non-capturing group
+         (?|...)         non-capturing group; reset group numbers for
+                          capturing groups in each alternative
+
+
+ATOMIC GROUPS
+
+         (?>...)         atomic, non-capturing group
+
+
+COMMENT
+
+         (?#....)        comment (not nestable)
+
+
+OPTION SETTING
+
+         (?i)            caseless
+         (?J)            allow duplicate names
+         (?m)            multiline
+         (?s)            single line (dotall)
+         (?U)            default ungreedy (lazy)
+         (?x)            extended (ignore white space)
+         (?-...)         unset option(s)
+
+       The  following  are  recognized  only at the very start of a pattern or
+       after one of the newline or \R options with similar syntax.  More  than
+       one of them may appear.
+
+         (*LIMIT_MATCH=d) set the match limit to d (decimal number)
+         (*LIMIT_RECURSION=d) set the recursion limit to d (decimal number)
+         (*NO_AUTO_POSSESS) no auto-possessification (PCRE_NO_AUTO_POSSESS)
+         (*NO_START_OPT) no start-match optimization (PCRE_NO_START_OPTIMIZE)
+         (*UTF8)         set UTF-8 mode: 8-bit library (PCRE_UTF8)
+         (*UTF16)        set UTF-16 mode: 16-bit library (PCRE_UTF16)
+         (*UTF32)        set UTF-32 mode: 32-bit library (PCRE_UTF32)
+         (*UTF)          set appropriate UTF mode for the library in use
+         (*UCP)          set PCRE_UCP (use Unicode properties for \d etc)
+
+       Note  that LIMIT_MATCH and LIMIT_RECURSION can only reduce the value of
+       the limits set by the caller of pcre_exec(), not increase them.
+
+
+NEWLINE CONVENTION
+
+       These are recognized only at the very start of  the  pattern  or  after
+       option settings with a similar syntax.
+
+         (*CR)           carriage return only
+         (*LF)           linefeed only
+         (*CRLF)         carriage return followed by linefeed
+         (*ANYCRLF)      all three of the above
+         (*ANY)          any Unicode newline sequence
+
+
+WHAT \R MATCHES
+
+       These  are  recognized  only  at the very start of the pattern or after
+       option setting with a similar syntax.
+
+         (*BSR_ANYCRLF)  CR, LF, or CRLF
+         (*BSR_UNICODE)  any Unicode newline sequence
+
+
+LOOKAHEAD AND LOOKBEHIND ASSERTIONS
+
+         (?=...)         positive look ahead
+         (?!...)         negative look ahead
+         (?<=...)        positive look behind
+         (?<!...)        negative look behind
+
+       Each top-level branch of a look behind must be of a fixed length.
+
+
+BACKREFERENCES
+
+         \n              reference by number (can be ambiguous)
+         \gn             reference by number
+         \g{n}           reference by number
+         \g{-n}          relative reference by number
+         \k<name>        reference by name (Perl)
+         \k'name'        reference by name (Perl)
+         \g{name}        reference by name (Perl)
+         \k{name}        reference by name (.NET)
+         (?P=name)       reference by name (Python)
+
+
+SUBROUTINE REFERENCES (POSSIBLY RECURSIVE)
+
+         (?R)            recurse whole pattern
+         (?n)            call subpattern by absolute number
+         (?+n)           call subpattern by relative number
+         (?-n)           call subpattern by relative number
+         (?&name)        call subpattern by name (Perl)
+         (?P>name)       call subpattern by name (Python)
+         \g<name>        call subpattern by name (Oniguruma)
+         \g'name'        call subpattern by name (Oniguruma)
+         \g<n>           call subpattern by absolute number (Oniguruma)
+         \g'n'           call subpattern by absolute number (Oniguruma)
+         \g<+n>          call subpattern by relative number (PCRE extension)
+         \g'+n'          call subpattern by relative number (PCRE extension)
+         \g<-n>          call subpattern by relative number (PCRE extension)
+         \g'-n'          call subpattern by relative number (PCRE extension)
+
+
+CONDITIONAL PATTERNS
+
+         (?(condition)yes-pattern)
+         (?(condition)yes-pattern|no-pattern)
+
+         (?(n)...        absolute reference condition
+         (?(+n)...       relative reference condition
+         (?(-n)...       relative reference condition
+         (?(<name>)...   named reference condition (Perl)
+         (?('name')...   named reference condition (Perl)
+         (?(name)...     named reference condition (PCRE)
+         (?(R)...        overall recursion condition
+         (?(Rn)...       specific group recursion condition
+         (?(R&name)...   specific recursion condition
+         (?(DEFINE)...   define subpattern for reference
+         (?(assert)...   assertion condition
+
+
+BACKTRACKING CONTROL
+
+       The following act immediately they are reached:
+
+         (*ACCEPT)       force successful match
+         (*FAIL)         force backtrack; synonym (*F)
+         (*MARK:NAME)    set name to be passed back; synonym (*:NAME)
+
+       The following act only when a subsequent match failure causes  a  back-
+       track to reach them. They all force a match failure, but they differ in
+       what happens afterwards. Those that advance the start-of-match point do
+       so only if the pattern is not anchored.
+
+         (*COMMIT)       overall failure, no advance of starting point
+         (*PRUNE)        advance to next starting character
+         (*PRUNE:NAME)   equivalent to (*MARK:NAME)(*PRUNE)
+         (*SKIP)         advance to current matching position
+         (*SKIP:NAME)    advance to position corresponding to an earlier
+                         (*MARK:NAME); if not found, the (*SKIP) is ignored
+         (*THEN)         local failure, backtrack to next alternation
+         (*THEN:NAME)    equivalent to (*MARK:NAME)(*THEN)
+
+
+CALLOUTS
+
+         (?C)      callout
+         (?Cn)     callout with data n
+
+
+SEE ALSO
+
+       pcrepattern(3), pcreapi(3), pcrecallout(3), pcrematching(3), pcre(3).
+
+
+AUTHOR
+
+       Philip Hazel
+       University Computing Service
+       Cambridge CB2 3QH, England.
+
+
+REVISION
+
+       Last updated: 08 January 2014
+       Copyright (c) 1997-2014 University of Cambridge.
+------------------------------------------------------------------------------
+
+
+PCREUNICODE(3)             Library Functions Manual             PCREUNICODE(3)
+
+
+
+NAME
+       PCRE - Perl-compatible regular expressions
+
+UTF-8, UTF-16, UTF-32, AND UNICODE PROPERTY SUPPORT
+
+       As well as UTF-8 support, PCRE also supports UTF-16 (from release 8.30)
+       and UTF-32 (from release 8.32), by means of two  additional  libraries.
+       They can be built as well as, or instead of, the 8-bit library.
+
+
+UTF-8 SUPPORT
+
+       In  order  process  UTF-8  strings, you must build PCRE's 8-bit library
+       with UTF support, and, in addition, you must call  pcre_compile()  with
+       the  PCRE_UTF8 option flag, or the pattern must start with the sequence
+       (*UTF8) or (*UTF). When either of these is the case, both  the  pattern
+       and  any  subject  strings  that  are matched against it are treated as
+       UTF-8 strings instead of strings of individual 1-byte characters.
+
+
+UTF-16 AND UTF-32 SUPPORT
+
+       In order process UTF-16 or UTF-32 strings, you must build PCRE's 16-bit
+       or  32-bit  library  with  UTF support, and, in addition, you must call
+       pcre16_compile() or pcre32_compile() with the PCRE_UTF16 or  PCRE_UTF32
+       option flag, as appropriate. Alternatively, the pattern must start with
+       the sequence (*UTF16), (*UTF32), as appropriate, or (*UTF),  which  can
+       be used with either library. When UTF mode is set, both the pattern and
+       any subject strings that are matched against it are treated  as  UTF-16
+       or  UTF-32  strings  instead  of strings of individual 16-bit or 32-bit
+       characters.
+
+
+UTF SUPPORT OVERHEAD
+
+       If you compile PCRE with UTF support, but do not use it  at  run  time,
+       the  library will be a bit bigger, but the additional run time overhead
+       is limited to  testing  the  PCRE_UTF[8|16|32]  flag  occasionally,  so
+       should not be very big.
+
+
+UNICODE PROPERTY SUPPORT
+
+       If PCRE is built with Unicode character property support (which implies
+       UTF support), the escape sequences \p{..}, \P{..}, and \X can be  used.
+       The  available properties that can be tested are limited to the general
+       category properties such as Lu for an upper case letter  or  Nd  for  a
+       decimal number, the Unicode script names such as Arabic or Han, and the
+       derived properties Any and L&. Full lists is given in  the  pcrepattern
+       and  pcresyntax  documentation. Only the short names for properties are
+       supported. For example, \p{L}  matches  a  letter.  Its  Perl  synonym,
+       \p{Letter},  is  not  supported.  Furthermore, in Perl, many properties
+       may optionally be prefixed by "Is", for compatibility  with  Perl  5.6.
+       PCRE does not support this.
+
+   Validity of UTF-8 strings
+
+       When  you  set  the PCRE_UTF8 flag, the byte strings passed as patterns
+       and subjects are (by default) checked for validity on entry to the rel-
+       evant functions. The entire string is checked before any other process-
+       ing takes place. From release 7.3 of PCRE, the check is  according  the
+       rules of RFC 3629, which are themselves derived from the Unicode speci-
+       fication. Earlier releases of PCRE followed  the  rules  of  RFC  2279,
+       which  allows  the  full  range of 31-bit values (0 to 0x7FFFFFFF). The
+       current check allows only values in the range U+0 to U+10FFFF,  exclud-
+       ing  the  surrogate area. (From release 8.33 the so-called "non-charac-
+       ter" code points are no longer excluded because Unicode corrigendum  #9
+       makes it clear that they should not be.)
+
+       Characters  in  the "Surrogate Area" of Unicode are reserved for use by
+       UTF-16, where they are used in pairs to encode codepoints  with  values
+       greater  than  0xFFFF. The code points that are encoded by UTF-16 pairs
+       are available independently in the  UTF-8  and  UTF-32  encodings.  (In
+       other  words,  the  whole  surrogate  thing is a fudge for UTF-16 which
+       unfortunately messes up UTF-8 and UTF-32.)
+
+       If an invalid UTF-8 string is passed to PCRE, an error return is given.
+       At  compile  time, the only additional information is the offset to the
+       first byte of the failing character. The run-time functions pcre_exec()
+       and  pcre_dfa_exec() also pass back this information, as well as a more
+       detailed reason code if the caller has provided memory in which  to  do
+       this.
+
+       In  some  situations, you may already know that your strings are valid,
+       and therefore want to skip these checks in  order  to  improve  perfor-
+       mance,  for  example in the case of a long subject string that is being
+       scanned repeatedly.  If you set the PCRE_NO_UTF8_CHECK flag at  compile
+       time  or  at  run  time, PCRE assumes that the pattern or subject it is
+       given (respectively) contains only valid UTF-8 codes. In this case,  it
+       does not diagnose an invalid UTF-8 string.
+
+       Note  that  passing  PCRE_NO_UTF8_CHECK to pcre_compile() just disables
+       the check for the pattern; it does not also apply to  subject  strings.
+       If  you  want  to  disable the check for a subject string you must pass
+       this option to pcre_exec() or pcre_dfa_exec().
+
+       If you pass an invalid UTF-8 string when PCRE_NO_UTF8_CHECK is set, the
+       result is undefined and your program may crash.
+
+   Validity of UTF-16 strings
+
+       When you set the PCRE_UTF16 flag, the strings of 16-bit data units that
+       are passed as patterns and subjects are (by default) checked for valid-
+       ity  on entry to the relevant functions. Values other than those in the
+       surrogate range U+D800 to U+DFFF are independent code points. Values in
+       the surrogate range must be used in pairs in the correct manner.
+
+       If  an  invalid  UTF-16  string  is  passed to PCRE, an error return is
+       given. At compile time, the only additional information is  the  offset
+       to the first data unit of the failing character. The run-time functions
+       pcre16_exec() and pcre16_dfa_exec() also pass back this information, as
+       well  as  a more detailed reason code if the caller has provided memory
+       in which to do this.
+
+       In some situations, you may already know that your strings  are  valid,
+       and  therefore  want  to  skip these checks in order to improve perfor-
+       mance. If you set the PCRE_NO_UTF16_CHECK flag at compile  time  or  at
+       run time, PCRE assumes that the pattern or subject it is given (respec-
+       tively) contains only valid UTF-16 sequences. In this case, it does not
+       diagnose  an  invalid  UTF-16 string.  However, if an invalid string is
+       passed, the result is undefined.
+
+   Validity of UTF-32 strings
+
+       When you set the PCRE_UTF32 flag, the strings of 32-bit data units that
+       are passed as patterns and subjects are (by default) checked for valid-
+       ity on entry to the relevant functions.  This check allows only  values
+       in  the  range  U+0 to U+10FFFF, excluding the surrogate area U+D800 to
+       U+DFFF.
+
+       If an invalid UTF-32 string is passed  to  PCRE,  an  error  return  is
+       given.  At  compile time, the only additional information is the offset
+       to the first data unit of the failing character. The run-time functions
+       pcre32_exec() and pcre32_dfa_exec() also pass back this information, as
+       well as a more detailed reason code if the caller has  provided  memory
+       in which to do this.
+
+       In  some  situations, you may already know that your strings are valid,
+       and therefore want to skip these checks in  order  to  improve  perfor-
+       mance.  If  you  set the PCRE_NO_UTF32_CHECK flag at compile time or at
+       run time, PCRE assumes that the pattern or subject it is given (respec-
+       tively) contains only valid UTF-32 sequences. In this case, it does not
+       diagnose an invalid UTF-32 string.  However, if an  invalid  string  is
+       passed, the result is undefined.
+
+   General comments about UTF modes
+
+       1.  Codepoints  less  than  256  can be specified in patterns by either
+       braced or unbraced hexadecimal escape sequences (for example, \x{b3} or
+       \xb3). Larger values have to use braced sequences.
+
+       2.  Octal  numbers  up  to  \777 are recognized, and in UTF-8 mode they
+       match two-byte characters for values greater than \177.
+
+       3. Repeat quantifiers apply to complete UTF characters, not to individ-
+       ual data units, for example: \x{100}{3}.
+
+       4.  The dot metacharacter matches one UTF character instead of a single
+       data unit.
+
+       5. The escape sequence \C can be used to match a single byte  in  UTF-8
+       mode,  or  a single 16-bit data unit in UTF-16 mode, or a single 32-bit
+       data unit in UTF-32 mode, but its use can lead to some strange  effects
+       because  it  breaks up multi-unit characters (see the description of \C
+       in the pcrepattern documentation). The use of \C is  not  supported  in
+       the  alternative  matching  function  pcre[16|32]_dfa_exec(), nor is it
+       supported in UTF mode by the JIT optimization of pcre[16|32]_exec(). If
+       JIT  optimization  is  requested for a UTF pattern that contains \C, it
+       will not succeed, and so the matching will be carried out by the normal
+       interpretive function.
+
+       6.  The  character escapes \b, \B, \d, \D, \s, \S, \w, and \W correctly
+       test characters of any code value, but, by default, the characters that
+       PCRE  recognizes  as digits, spaces, or word characters remain the same
+       set as in non-UTF mode, all with values less  than  256.  This  remains
+       true  even  when  PCRE  is  built  to include Unicode property support,
+       because to do otherwise would slow down PCRE in many common cases. Note
+       in  particular that this applies to \b and \B, because they are defined
+       in terms of \w and \W. If you really want to test for a wider sense of,
+       say,  "digit",  you  can  use  explicit  Unicode property tests such as
+       \p{Nd}. Alternatively, if you set the PCRE_UCP option, the way that the
+       character  escapes  work is changed so that Unicode properties are used
+       to determine which characters match. There are more details in the sec-
+       tion on generic character types in the pcrepattern documentation.
+
+       7.  Similarly,  characters that match the POSIX named character classes
+       are all low-valued characters, unless the PCRE_UCP option is set.
+
+       8. However, the horizontal and vertical white  space  matching  escapes
+       (\h,  \H,  \v, and \V) do match all the appropriate Unicode characters,
+       whether or not PCRE_UCP is set.
+
+       9. Case-insensitive matching applies only to  characters  whose  values
+       are  less than 128, unless PCRE is built with Unicode property support.
+       A few Unicode characters such as Greek sigma have more than  two  code-
+       points that are case-equivalent. Up to and including PCRE release 8.31,
+       only one-to-one case mappings were supported, but later releases  (with
+       Unicode  property  support) do treat as case-equivalent all versions of
+       characters such as Greek sigma.
+
+
+AUTHOR
+
+       Philip Hazel
+       University Computing Service
+       Cambridge CB2 3QH, England.
+
+
+REVISION
+
+       Last updated: 27 February 2013
+       Copyright (c) 1997-2013 University of Cambridge.
+------------------------------------------------------------------------------
+
+
+PCREJIT(3)                 Library Functions Manual                 PCREJIT(3)
+
+
+
+NAME
+       PCRE - Perl-compatible regular expressions
+
+PCRE JUST-IN-TIME COMPILER SUPPORT
+
+       Just-in-time  compiling  is a heavyweight optimization that can greatly
+       speed up pattern matching. However, it comes at the cost of extra  pro-
+       cessing before the match is performed. Therefore, it is of most benefit
+       when the same pattern is going to be matched many times. This does  not
+       necessarily  mean  many calls of a matching function; if the pattern is
+       not anchored, matching attempts may take place many  times  at  various
+       positions  in  the  subject, even for a single call.  Therefore, if the
+       subject string is very long, it may still pay to use  JIT  for  one-off
+       matches.
+
+       JIT  support  applies  only to the traditional Perl-compatible matching
+       function.  It does not apply when the DFA matching  function  is  being
+       used. The code for this support was written by Zoltan Herczeg.
+
+
+8-BIT, 16-BIT AND 32-BIT SUPPORT
+
+       JIT  support  is available for all of the 8-bit, 16-bit and 32-bit PCRE
+       libraries. To keep this documentation simple, only the 8-bit  interface
+       is described in what follows. If you are using the 16-bit library, sub-
+       stitute the  16-bit  functions  and  16-bit  structures  (for  example,
+       pcre16_jit_stack  instead  of  pcre_jit_stack).  If  you  are using the
+       32-bit library, substitute the 32-bit functions and  32-bit  structures
+       (for example, pcre32_jit_stack instead of pcre_jit_stack).
+
+
+AVAILABILITY OF JIT SUPPORT
+
+       JIT  support  is  an  optional  feature of PCRE. The "configure" option
+       --enable-jit (or equivalent CMake option) must  be  set  when  PCRE  is
+       built  if  you want to use JIT. The support is limited to the following
+       hardware platforms:
+
+         ARM v5, v7, and Thumb2
+         Intel x86 32-bit and 64-bit
+         MIPS 32-bit
+         Power PC 32-bit and 64-bit
+         SPARC 32-bit (experimental)
+
+       If --enable-jit is set on an unsupported platform, compilation fails.
+
+       A program that is linked with PCRE 8.20 or later can tell if  JIT  sup-
+       port  is  available  by  calling pcre_config() with the PCRE_CONFIG_JIT
+       option. The result is 1 when JIT is available, and  0  otherwise.  How-
+       ever, a simple program does not need to check this in order to use JIT.
+       The normal API is implemented in a way that falls back to the interpre-
+       tive code if JIT is not available. For programs that need the best pos-
+       sible performance, there is also a "fast path"  API  that  is  JIT-spe-
+       cific.
+
+       If  your program may sometimes be linked with versions of PCRE that are
+       older than 8.20, but you want to use JIT when it is available, you  can
+       test the values of PCRE_MAJOR and PCRE_MINOR, or the existence of a JIT
+       macro such as PCRE_CONFIG_JIT, for compile-time control of  your  code.
+       Also  beware that the pcre_jit_exec() function was not available at all
+       before 8.32, and may not be available at all  if  PCRE  isn't  compiled
+       with  --enable-jit.  See  the  "JIT  FAST  PATH  API" section below for
+       details.
+
+
+SIMPLE USE OF JIT
+
+       You have to do two things to make use of the JIT support  in  the  sim-
+       plest way:
+
+         (1) Call pcre_study() with the PCRE_STUDY_JIT_COMPILE option for
+             each compiled pattern, and pass the resulting pcre_extra block to
+             pcre_exec().
+
+         (2) Use pcre_free_study() to free the pcre_extra block when it is
+             no  longer  needed,  instead  of  just  freeing it yourself. This
+       ensures that
+             any JIT data is also freed.
+
+       For a program that may be linked with pre-8.20 versions  of  PCRE,  you
+       can insert
+
+         #ifndef PCRE_STUDY_JIT_COMPILE
+         #define PCRE_STUDY_JIT_COMPILE 0
+         #endif
+
+       so  that  no  option  is passed to pcre_study(), and then use something
+       like this to free the study data:
+
+         #ifdef PCRE_CONFIG_JIT
+             pcre_free_study(study_ptr);
+         #else
+             pcre_free(study_ptr);
+         #endif
+
+       PCRE_STUDY_JIT_COMPILE requests the JIT compiler to generate  code  for
+       complete  matches.  If  you  want  to  run  partial  matches  using the
+       PCRE_PARTIAL_HARD or  PCRE_PARTIAL_SOFT  options  of  pcre_exec(),  you
+       should  set  one  or  both  of the following options in addition to, or
+       instead of, PCRE_STUDY_JIT_COMPILE when you call pcre_study():
+
+         PCRE_STUDY_JIT_PARTIAL_HARD_COMPILE
+         PCRE_STUDY_JIT_PARTIAL_SOFT_COMPILE
+
+       If using pcre_jit_exec() and supporting a pre-8.32 version of PCRE, you
+       can insert:
+
+          #if PCRE_MAJOR >= 8 && PCRE_MINOR >= 32
+          pcre_jit_exec(...);
+          #else
+          pcre_exec(...)
+          #endif
+
+       but  as described in the "JIT FAST PATH API" section below this assumes
+       version 8.32 and later are compiled with --enable-jit, which may break.
+
+       The JIT compiler generates different optimized code  for  each  of  the
+       three  modes  (normal, soft partial, hard partial). When pcre_exec() is
+       called, the appropriate code is run if it is available. Otherwise,  the
+       pattern is matched using interpretive code.
+
+       In  some circumstances you may need to call additional functions. These
+       are described in the  section  entitled  "Controlling  the  JIT  stack"
+       below.
+
+       If  JIT  support  is  not  available,  PCRE_STUDY_JIT_COMPILE  etc. are
+       ignored, and no JIT data is created. Otherwise, the compiled pattern is
+       passed  to the JIT compiler, which turns it into machine code that exe-
+       cutes much faster than the normal interpretive code.  When  pcre_exec()
+       is  passed  a  pcre_extra block containing a pointer to JIT code of the
+       appropriate mode (normal or hard/soft  partial),  it  obeys  that  code
+       instead  of  running  the interpreter. The result is identical, but the
+       compiled JIT code runs much faster.
+
+       There are some pcre_exec() options that are not supported for JIT  exe-
+       cution.  There  are  also  some  pattern  items that JIT cannot handle.
+       Details are given below. In both cases, execution  automatically  falls
+       back  to  the  interpretive  code.  If you want to know whether JIT was
+       actually used for a particular match, you  should  arrange  for  a  JIT
+       callback  function  to  be  set up as described in the section entitled
+       "Controlling the JIT stack" below, even if you do not need to supply  a
+       non-default  JIT stack. Such a callback function is called whenever JIT
+       code is about to be obeyed. If the execution options are not right  for
+       JIT execution, the callback function is not obeyed.
+
+       If  the  JIT  compiler finds an unsupported item, no JIT data is gener-
+       ated. You can find out if JIT execution is available after  studying  a
+       pattern  by  calling  pcre_fullinfo()  with the PCRE_INFO_JIT option. A
+       result of 1 means that JIT compilation was successful. A  result  of  0
+       means that JIT support is not available, or the pattern was not studied
+       with PCRE_STUDY_JIT_COMPILE etc., or the JIT compiler was not  able  to
+       handle the pattern.
+
+       Once a pattern has been studied, with or without JIT, it can be used as
+       many times as you like for matching different subject strings.
+
+
+UNSUPPORTED OPTIONS AND PATTERN ITEMS
+
+       The only pcre_exec() options that are supported for JIT  execution  are
+       PCRE_NO_UTF8_CHECK, PCRE_NO_UTF16_CHECK, PCRE_NO_UTF32_CHECK, PCRE_NOT-
+       BOL,  PCRE_NOTEOL,  PCRE_NOTEMPTY,   PCRE_NOTEMPTY_ATSTART,   PCRE_PAR-
+       TIAL_HARD, and PCRE_PARTIAL_SOFT.
+
+       The  only  unsupported  pattern items are \C (match a single data unit)
+       when running in a UTF mode, and a callout immediately before an  asser-
+       tion condition in a conditional group.
+
+
+RETURN VALUES FROM JIT EXECUTION
+
+       When  a  pattern  is matched using JIT execution, the return values are
+       the same as those given by the interpretive pcre_exec() code, with  the
+       addition  of  one new error code: PCRE_ERROR_JIT_STACKLIMIT. This means
+       that the memory used for the JIT stack was insufficient. See  "Control-
+       ling the JIT stack" below for a discussion of JIT stack usage. For com-
+       patibility with the interpretive pcre_exec() code, no  more  than  two-
+       thirds  of  the ovector argument is used for passing back captured sub-
+       strings.
+
+       The error code PCRE_ERROR_MATCHLIMIT is returned by  the  JIT  code  if
+       searching  a  very large pattern tree goes on for too long, as it is in
+       the same circumstance when JIT is not used, but the details of  exactly
+       what  is  counted are not the same. The PCRE_ERROR_RECURSIONLIMIT error
+       code is never returned by JIT execution.
+
+
+SAVING AND RESTORING COMPILED PATTERNS
+
+       The code that is generated by the  JIT  compiler  is  architecture-spe-
+       cific,  and  is also position dependent. For those reasons it cannot be
+       saved (in a file or database) and restored later like the bytecode  and
+       other  data  of  a compiled pattern. Saving and restoring compiled pat-
+       terns is not something many people do. More detail about this  facility
+       is  given in the pcreprecompile documentation. It should be possible to
+       run pcre_study() on a saved and restored pattern, and thereby  recreate
+       the  JIT  data, but because JIT compilation uses significant resources,
+       it is probably not worth doing this; you might as  well  recompile  the
+       original pattern.
+
+
+CONTROLLING THE JIT STACK
+
+       When the compiled JIT code runs, it needs a block of memory to use as a
+       stack.  By default, it uses 32K on the  machine  stack.  However,  some
+       large   or   complicated  patterns  need  more  than  this.  The  error
+       PCRE_ERROR_JIT_STACKLIMIT is given when  there  is  not  enough  stack.
+       Three  functions  are provided for managing blocks of memory for use as
+       JIT stacks. There is further discussion about the use of JIT stacks  in
+       the section entitled "JIT stack FAQ" below.
+
+       The  pcre_jit_stack_alloc() function creates a JIT stack. Its arguments
+       are a starting size and a maximum size, and it returns a pointer to  an
+       opaque  structure of type pcre_jit_stack, or NULL if there is an error.
+       The pcre_jit_stack_free() function can be used to free a stack that  is
+       no  longer  needed.  (For  the technically minded: the address space is
+       allocated by mmap or VirtualAlloc.)
+
+       JIT uses far less memory for recursion than the interpretive code,  and
+       a  maximum  stack size of 512K to 1M should be more than enough for any
+       pattern.
+
+       The pcre_assign_jit_stack() function specifies  which  stack  JIT  code
+       should use. Its arguments are as follows:
+
+         pcre_extra         *extra
+         pcre_jit_callback  callback
+         void               *data
+
+       The  extra  argument  must  be  the  result  of studying a pattern with
+       PCRE_STUDY_JIT_COMPILE etc. There are three cases for the values of the
+       other two options:
+
+         (1) If callback is NULL and data is NULL, an internal 32K block
+             on the machine stack is used.
+
+         (2) If callback is NULL and data is not NULL, data must be
+             a valid JIT stack, the result of calling pcre_jit_stack_alloc().
+
+         (3) If callback is not NULL, it must point to a function that is
+             called with data as an argument at the start of matching, in
+             order to set up a JIT stack. If the return from the callback
+             function is NULL, the internal 32K stack is used; otherwise the
+             return value must be a valid JIT stack, the result of calling
+             pcre_jit_stack_alloc().
+
+       A  callback function is obeyed whenever JIT code is about to be run; it
+       is not obeyed when pcre_exec() is called with options that  are  incom-
+       patible for JIT execution. A callback function can therefore be used to
+       determine whether a match operation was  executed  by  JIT  or  by  the
+       interpreter.
+
+       You may safely use the same JIT stack for more than one pattern (either
+       by assigning directly or by callback), as long as the patterns are  all
+       matched  sequentially in the same thread. In a multithread application,
+       if you do not specify a JIT stack, or if you assign or pass  back  NULL
+       from  a  callback, that is thread-safe, because each thread has its own
+       machine stack. However, if you assign  or  pass  back  a  non-NULL  JIT
+       stack,  this  must  be  a  different  stack for each thread so that the
+       application is thread-safe.
+
+       Strictly speaking, even more is allowed. You can assign the  same  non-
+       NULL  stack  to any number of patterns as long as they are not used for
+       matching by multiple threads at the same time.  For  example,  you  can
+       assign  the same stack to all compiled patterns, and use a global mutex
+       in the callback to wait until the stack is available for use.  However,
+       this is an inefficient solution, and not recommended.
+
+       This  is a suggestion for how a multithreaded program that needs to set
+       up non-default JIT stacks might operate:
+
+         During thread initalization
+           thread_local_var = pcre_jit_stack_alloc(...)
+
+         During thread exit
+           pcre_jit_stack_free(thread_local_var)
+
+         Use a one-line callback function
+           return thread_local_var
+
+       All the functions described in this section do nothing if  JIT  is  not
+       available,  and  pcre_assign_jit_stack()  does nothing unless the extra
+       argument is non-NULL and points to  a  pcre_extra  block  that  is  the
+       result of a successful study with PCRE_STUDY_JIT_COMPILE etc.
+
+
+JIT STACK FAQ
+
+       (1) Why do we need JIT stacks?
+
+       PCRE  (and JIT) is a recursive, depth-first engine, so it needs a stack
+       where the local data of the current node is pushed before checking  its
+       child nodes.  Allocating real machine stack on some platforms is diffi-
+       cult. For example, the stack chain needs to be updated every time if we
+       extend  the  stack  on  PowerPC.  Although it is possible, its updating
+       time overhead decreases performance. So we do the recursion in memory.
+
+       (2) Why don't we simply allocate blocks of memory with malloc()?
+
+       Modern operating systems have a  nice  feature:  they  can  reserve  an
+       address space instead of allocating memory. We can safely allocate mem-
+       ory pages inside this address space, so the stack  could  grow  without
+       moving memory data (this is important because of pointers). Thus we can
+       allocate 1M address space, and use only a single memory  page  (usually
+       4K)  if  that is enough. However, we can still grow up to 1M anytime if
+       needed.
+
+       (3) Who "owns" a JIT stack?
+
+       The owner of the stack is the user program, not the JIT studied pattern
+       or  anything else. The user program must ensure that if a stack is used
+       by pcre_exec(), (that is, it is assigned to the pattern currently  run-
+       ning), that stack must not be used by any other threads (to avoid over-
+       writing the same memory area). The best practice for multithreaded pro-
+       grams  is  to  allocate  a stack for each thread, and return this stack
+       through the JIT callback function.
+
+       (4) When should a JIT stack be freed?
+
+       You can free a JIT stack at any time, as long as it will not be used by
+       pcre_exec()  again.  When  you  assign  the  stack to a pattern, only a
+       pointer is set. There is no reference counting or any other magic.  You
+       can  free  the  patterns  and stacks in any order, anytime. Just do not
+       call pcre_exec() with a pattern pointing to an already freed stack,  as
+       that  will cause SEGFAULT. (Also, do not free a stack currently used by
+       pcre_exec() in another thread). You can also replace the  stack  for  a
+       pattern  at  any  time.  You  can  even  free the previous stack before
+       assigning a replacement.
+
+       (5) Should I allocate/free a  stack  every  time  before/after  calling
+       pcre_exec()?
+
+       No,  because  this  is  too  costly in terms of resources. However, you
+       could implement some clever idea which release the stack if it  is  not
+       used  in  let's  say  two minutes. The JIT callback can help to achieve
+       this without keeping a list of the currently JIT studied patterns.
+
+       (6) OK, the stack is for long term memory allocation. But what  happens
+       if  a pattern causes stack overflow with a stack of 1M? Is that 1M kept
+       until the stack is freed?
+
+       Especially on embedded sytems, it might be a good idea to release  mem-
+       ory  sometimes  without  freeing the stack. There is no API for this at
+       the moment.  Probably a function call which returns with the  currently
+       allocated  memory for any stack and another which allows releasing mem-
+       ory (shrinking the stack) would be a good idea if someone needs this.
+
+       (7) This is too much of a headache. Isn't there any better solution for
+       JIT stack handling?
+
+       No,  thanks to Windows. If POSIX threads were used everywhere, we could
+       throw out this complicated API.
+
+
+EXAMPLE CODE
+
+       This is a single-threaded example that specifies a  JIT  stack  without
+       using a callback.
+
+         int rc;
+         int ovector[30];
+         pcre *re;
+         pcre_extra *extra;
+         pcre_jit_stack *jit_stack;
+
+         re = pcre_compile(pattern, 0, &error, &erroffset, NULL);
+         /* Check for errors */
+         extra = pcre_study(re, PCRE_STUDY_JIT_COMPILE, &error);
+         jit_stack = pcre_jit_stack_alloc(32*1024, 512*1024);
+         /* Check for error (NULL) */
+         pcre_assign_jit_stack(extra, NULL, jit_stack);
+         rc = pcre_exec(re, extra, subject, length, 0, 0, ovector, 30);
+         /* Check results */
+         pcre_free(re);
+         pcre_free_study(extra);
+         pcre_jit_stack_free(jit_stack);
+
+
+JIT FAST PATH API
+
+       Because  the  API  described  above falls back to interpreted execution
+       when JIT is not available, it is convenient for programs that are writ-
+       ten  for  general  use  in  many environments. However, calling JIT via
+       pcre_exec() does have a performance impact. Programs that  are  written
+       for  use  where  JIT  is known to be available, and which need the best
+       possible performance, can instead use a "fast path"  API  to  call  JIT
+       execution  directly  instead of calling pcre_exec() (obviously only for
+       patterns that have been successfully studied by JIT).
+
+       The fast path function is called pcre_jit_exec(), and it takes  exactly
+       the  same  arguments  as pcre_exec(), plus one additional argument that
+       must point to a JIT stack. The JIT stack arrangements  described  above
+       do not apply. The return values are the same as for pcre_exec().
+
+       When  you  call  pcre_exec(), as well as testing for invalid options, a
+       number of other sanity checks are performed on the arguments. For exam-
+       ple,  if  the  subject  pointer  is NULL, or its length is negative, an
+       immediate error is given. Also, unless PCRE_NO_UTF[8|16|32] is  set,  a
+       UTF  subject  string is tested for validity. In the interests of speed,
+       these checks do not happen on the JIT fast path, and if invalid data is
+       passed, the result is undefined.
+
+       Bypassing  the  sanity  checks  and  the  pcre_exec() wrapping can give
+       speedups of more than 10%.
+
+       Note that the pcre_jit_exec() function is not available in versions  of
+       PCRE  before  8.32  (released in November 2012). If you need to support
+       versions that old you must either use the slower pcre_exec(), or switch
+       between  the  two  codepaths  by  checking the values of PCRE_MAJOR and
+       PCRE_MINOR.
+
+       Due to an unfortunate implementation oversight, even in  versions  8.32
+       and  later  there will be no pcre_jit_exec() stub function defined when
+       PCRE is compiled with --disable-jit, which is the default, and  there's
+       no  way  to  detect  whether  PCRE was compiled with --enable-jit via a
+       macro.
+
+       If you need to support versions older than 8.32, or versions  that  may
+       not   build   with   --enable-jit,  you  must  either  use  the  slower
+       pcre_exec(), or switch between the two codepaths by checking the values
+       of PCRE_MAJOR and PCRE_MINOR.
+
+       Switching  between the two by checking the version assumes that all the
+       versions being targeted are built with --enable-jit.  To  also  support
+       builds that may use --disable-jit either pcre_exec() must be used, or a
+       compile-time check for JIT via pcre_config() (which assumes the runtime
+       environment  will  be  the  same), or as the Git project decided to do,
+       simply assume that pcre_jit_exec() is present in 8.32 or later unless a
+       compile-time  flag  is  provided, see the "grep: un-break building with
+       PCRE >= 8.32 without --enable-jit" commit in git.git for an example  of
+       that.
+
+
+SEE ALSO
+
+       pcreapi(3)
+
+
+AUTHOR
+
+       Philip Hazel (FAQ by Zoltan Herczeg)
+       University Computing Service
+       Cambridge CB2 3QH, England.
+
+
+REVISION
+
+       Last updated: 05 July 2017
+       Copyright (c) 1997-2017 University of Cambridge.
+------------------------------------------------------------------------------
+
+
+PCREPARTIAL(3)             Library Functions Manual             PCREPARTIAL(3)
+
+
+
+NAME
+       PCRE - Perl-compatible regular expressions
+
+PARTIAL MATCHING IN PCRE
+
+       In normal use of PCRE, if the subject string that is passed to a match-
+       ing function matches as far as it goes, but is too short to  match  the
+       entire pattern, PCRE_ERROR_NOMATCH is returned. There are circumstances
+       where it might be helpful to distinguish this case from other cases  in
+       which there is no match.
+
+       Consider, for example, an application where a human is required to type
+       in data for a field with specific formatting requirements.  An  example
+       might be a date in the form ddmmmyy, defined by this pattern:
+
+         ^\d?\d(jan|feb|mar|apr|may|jun|jul|aug|sep|oct|nov|dec)\d\d$
+
+       If the application sees the user's keystrokes one by one, and can check
+       that what has been typed so far is potentially valid,  it  is  able  to
+       raise  an  error  as  soon  as  a  mistake  is made, by beeping and not
+       reflecting the character that has been typed, for example. This immedi-
+       ate  feedback is likely to be a better user interface than a check that
+       is delayed until the entire string has been entered.  Partial  matching
+       can  also be useful when the subject string is very long and is not all
+       available at once.
+
+       PCRE supports partial matching by means of  the  PCRE_PARTIAL_SOFT  and
+       PCRE_PARTIAL_HARD  options,  which  can  be set when calling any of the
+       matching functions. For backwards compatibility, PCRE_PARTIAL is a syn-
+       onym  for  PCRE_PARTIAL_SOFT.  The essential difference between the two
+       options is whether or not a partial match is preferred to  an  alterna-
+       tive complete match, though the details differ between the two types of
+       matching function. If both options  are  set,  PCRE_PARTIAL_HARD  takes
+       precedence.
+
+       If  you  want to use partial matching with just-in-time optimized code,
+       you must call pcre_study(), pcre16_study() or  pcre32_study() with  one
+       or both of these options:
+
+         PCRE_STUDY_JIT_PARTIAL_SOFT_COMPILE
+         PCRE_STUDY_JIT_PARTIAL_HARD_COMPILE
+
+       PCRE_STUDY_JIT_COMPILE  should also be set if you are going to run non-
+       partial matches on the same pattern. If the appropriate JIT study  mode
+       has not been set for a match, the interpretive matching code is used.
+
+       Setting a partial matching option disables two of PCRE's standard opti-
+       mizations. PCRE remembers the last literal data unit in a pattern,  and
+       abandons  matching  immediately  if  it  is  not present in the subject
+       string. This optimization cannot be used  for  a  subject  string  that
+       might  match only partially. If the pattern was studied, PCRE knows the
+       minimum length of a matching string, and does not  bother  to  run  the
+       matching  function  on  shorter strings. This optimization is also dis-
+       abled for partial matching.
+
+
+PARTIAL MATCHING USING pcre_exec() OR pcre[16|32]_exec()
+
+       A  partial   match   occurs   during   a   call   to   pcre_exec()   or
+       pcre[16|32]_exec()  when  the end of the subject string is reached suc-
+       cessfully, but matching cannot continue  because  more  characters  are
+       needed.   However, at least one character in the subject must have been
+       inspected. This character need not  form  part  of  the  final  matched
+       string;  lookbehind  assertions and the \K escape sequence provide ways
+       of inspecting characters before the start of a matched  substring.  The
+       requirement  for  inspecting  at  least one character exists because an
+       empty string can always be matched; without such  a  restriction  there
+       would  always  be  a partial match of an empty string at the end of the
+       subject.
+
+       If there are at least two slots in the offsets vector  when  a  partial
+       match  is returned, the first slot is set to the offset of the earliest
+       character that was inspected. For convenience, the second offset points
+       to the end of the subject so that a substring can easily be identified.
+       If there are at least three slots in the offsets vector, the third slot
+       is set to the offset of the character where matching started.
+
+       For the majority of patterns, the contents of the first and third slots
+       will be the same. However, for patterns that contain lookbehind  asser-
+       tions, or begin with \b or \B, characters before the one where matching
+       started may have been inspected while carrying out the match. For exam-
+       ple, consider this pattern:
+
+         /(?<=abc)123/
+
+       This pattern matches "123", but only if it is preceded by "abc". If the
+       subject string is "xyzabc12", the first two  offsets  after  a  partial
+       match  are for the substring "abc12", because all these characters were
+       inspected. However, the third offset is set to 6, because that  is  the
+       offset where matching began.
+
+       What happens when a partial match is identified depends on which of the
+       two partial matching options are set.
+
+   PCRE_PARTIAL_SOFT WITH pcre_exec() OR pcre[16|32]_exec()
+
+       If PCRE_PARTIAL_SOFT is  set  when  pcre_exec()  or  pcre[16|32]_exec()
+       identifies a partial match, the partial match is remembered, but match-
+       ing continues as normal, and other  alternatives  in  the  pattern  are
+       tried.  If  no  complete  match  can  be  found,  PCRE_ERROR_PARTIAL is
+       returned instead of PCRE_ERROR_NOMATCH.
+
+       This option is "soft" because it prefers a complete match over  a  par-
+       tial  match.   All the various matching items in a pattern behave as if
+       the subject string is potentially complete. For example, \z, \Z, and  $
+       match  at  the end of the subject, as normal, and for \b and \B the end
+       of the subject is treated as a non-alphanumeric.
+
+       If there is more than one partial match, the first one that  was  found
+       provides the data that is returned. Consider this pattern:
+
+         /123\w+X|dogY/
+
+       If  this is matched against the subject string "abc123dog", both alter-
+       natives fail to match, but the end of the  subject  is  reached  during
+       matching,  so  PCRE_ERROR_PARTIAL is returned. The offsets are set to 3
+       and 9, identifying "123dog" as the first partial match that was  found.
+       (In  this  example, there are two partial matches, because "dog" on its
+       own partially matches the second alternative.)
+
+   PCRE_PARTIAL_HARD WITH pcre_exec() OR pcre[16|32]_exec()
+
+       If PCRE_PARTIAL_HARD is  set  for  pcre_exec()  or  pcre[16|32]_exec(),
+       PCRE_ERROR_PARTIAL  is  returned  as  soon as a partial match is found,
+       without continuing to search for possible complete matches. This option
+       is "hard" because it prefers an earlier partial match over a later com-
+       plete match. For this reason, the assumption is made that  the  end  of
+       the  supplied  subject  string may not be the true end of the available
+       data, and so, if \z, \Z, \b, \B, or $ are encountered at the end of the
+       subject,  the  result is PCRE_ERROR_PARTIAL, provided that at least one
+       character in the subject has been inspected.
+
+       Setting PCRE_PARTIAL_HARD also affects the way UTF-8 and UTF-16 subject
+       strings  are checked for validity. Normally, an invalid sequence causes
+       the error PCRE_ERROR_BADUTF8 or PCRE_ERROR_BADUTF16.  However,  in  the
+       special  case  of  a  truncated  character  at  the end of the subject,
+       PCRE_ERROR_SHORTUTF8  or   PCRE_ERROR_SHORTUTF16   is   returned   when
+       PCRE_PARTIAL_HARD is set.
+
+   Comparing hard and soft partial matching
+
+       The  difference  between the two partial matching options can be illus-
+       trated by a pattern such as:
+
+         /dog(sbody)?/
+
+       This matches either "dog" or "dogsbody", greedily (that is, it  prefers
+       the  longer  string  if  possible). If it is matched against the string
+       "dog" with PCRE_PARTIAL_SOFT, it yields a  complete  match  for  "dog".
+       However, if PCRE_PARTIAL_HARD is set, the result is PCRE_ERROR_PARTIAL.
+       On the other hand, if the pattern is made ungreedy the result  is  dif-
+       ferent:
+
+         /dog(sbody)??/
+
+       In  this  case  the  result  is always a complete match because that is
+       found first, and matching never  continues  after  finding  a  complete
+       match. It might be easier to follow this explanation by thinking of the
+       two patterns like this:
+
+         /dog(sbody)?/    is the same as  /dogsbody|dog/
+         /dog(sbody)??/   is the same as  /dog|dogsbody/
+
+       The second pattern will never match "dogsbody", because it will  always
+       find the shorter match first.
+
+
+PARTIAL MATCHING USING pcre_dfa_exec() OR pcre[16|32]_dfa_exec()
+
+       The DFA functions move along the subject string character by character,
+       without backtracking, searching for  all  possible  matches  simultane-
+       ously.  If the end of the subject is reached before the end of the pat-
+       tern, there is the possibility of a partial match, again provided  that
+       at least one character has been inspected.
+
+       When  PCRE_PARTIAL_SOFT  is set, PCRE_ERROR_PARTIAL is returned only if
+       there have been no complete matches. Otherwise,  the  complete  matches
+       are  returned.   However,  if PCRE_PARTIAL_HARD is set, a partial match
+       takes precedence over any complete matches. The portion of  the  string
+       that  was  inspected when the longest partial match was found is set as
+       the first matching string, provided there are at least two slots in the
+       offsets vector.
+
+       Because  the  DFA functions always search for all possible matches, and
+       there is no difference between greedy and  ungreedy  repetition,  their
+       behaviour  is  different  from  the  standard  functions when PCRE_PAR-
+       TIAL_HARD is  set.  Consider  the  string  "dog"  matched  against  the
+       ungreedy pattern shown above:
+
+         /dog(sbody)??/
+
+       Whereas  the  standard functions stop as soon as they find the complete
+       match for "dog", the DFA functions also  find  the  partial  match  for
+       "dogsbody", and so return that when PCRE_PARTIAL_HARD is set.
+
+
+PARTIAL MATCHING AND WORD BOUNDARIES
+
+       If  a  pattern ends with one of sequences \b or \B, which test for word
+       boundaries, partial matching with PCRE_PARTIAL_SOFT can  give  counter-
+       intuitive results. Consider this pattern:
+
+         /\bcat\b/
+
+       This matches "cat", provided there is a word boundary at either end. If
+       the subject string is "the cat", the comparison of the final "t" with a
+       following  character  cannot  take  place, so a partial match is found.
+       However, normal matching carries on, and \b matches at the end  of  the
+       subject  when  the  last  character is a letter, so a complete match is
+       found.  The  result,  therefore,  is  not   PCRE_ERROR_PARTIAL.   Using
+       PCRE_PARTIAL_HARD  in  this case does yield PCRE_ERROR_PARTIAL, because
+       then the partial match takes precedence.
+
+
+FORMERLY RESTRICTED PATTERNS
+
+       For releases of PCRE prior to 8.00, because of the way certain internal
+       optimizations   were  implemented  in  the  pcre_exec()  function,  the
+       PCRE_PARTIAL option (predecessor of  PCRE_PARTIAL_SOFT)  could  not  be
+       used  with all patterns. From release 8.00 onwards, the restrictions no
+       longer apply, and partial matching with can be requested for  any  pat-
+       tern.
+
+       Items that were formerly restricted were repeated single characters and
+       repeated metasequences. If PCRE_PARTIAL was set for a pattern that  did
+       not  conform  to  the restrictions, pcre_exec() returned the error code
+       PCRE_ERROR_BADPARTIAL (-13). This error code is no longer in  use.  The
+       PCRE_INFO_OKPARTIAL  call  to pcre_fullinfo() to find out if a compiled
+       pattern can be used for partial matching now always returns 1.
+
+
+EXAMPLE OF PARTIAL MATCHING USING PCRETEST
+
+       If the escape sequence \P is present  in  a  pcretest  data  line,  the
+       PCRE_PARTIAL_SOFT  option  is  used  for  the  match.  Here is a run of
+       pcretest that uses the date example quoted above:
+
+           re> /^\d?\d(jan|feb|mar|apr|may|jun|jul|aug|sep|oct|nov|dec)\d\d$/
+         data> 25jun04\P
+          0: 25jun04
+          1: jun
+         data> 25dec3\P
+         Partial match: 23dec3
+         data> 3ju\P
+         Partial match: 3ju
+         data> 3juj\P
+         No match
+         data> j\P
+         No match
+
+       The first data string is matched  completely,  so  pcretest  shows  the
+       matched  substrings.  The  remaining four strings do not match the com-
+       plete pattern, but the first two are partial matches. Similar output is
+       obtained if DFA matching is used.
+
+       If  the escape sequence \P is present more than once in a pcretest data
+       line, the PCRE_PARTIAL_HARD option is set for the match.
+
+
+MULTI-SEGMENT MATCHING WITH pcre_dfa_exec() OR pcre[16|32]_dfa_exec()
+
+       When a partial match has been found using a DFA matching  function,  it
+       is  possible to continue the match by providing additional subject data
+       and calling the function again with the same compiled  regular  expres-
+       sion,  this time setting the PCRE_DFA_RESTART option. You must pass the
+       same working space as before, because this is where details of the pre-
+       vious  partial  match  are  stored.  Here is an example using pcretest,
+       using the \R escape sequence to set  the  PCRE_DFA_RESTART  option  (\D
+       specifies the use of the DFA matching function):
+
+           re> /^\d?\d(jan|feb|mar|apr|may|jun|jul|aug|sep|oct|nov|dec)\d\d$/
+         data> 23ja\P\D
+         Partial match: 23ja
+         data> n05\R\D
+          0: n05
+
+       The  first  call has "23ja" as the subject, and requests partial match-
+       ing; the second call  has  "n05"  as  the  subject  for  the  continued
+       (restarted)  match.   Notice  that when the match is complete, only the
+       last part is shown; PCRE does  not  retain  the  previously  partially-
+       matched  string. It is up to the calling program to do that if it needs
+       to.
+
+       That means that, for an unanchored pattern, if a continued match fails,
+       it  is  not  possible  to  try  again at a new starting point. All this
+       facility is capable of doing is  continuing  with  the  previous  match
+       attempt.  In  the previous example, if the second set of data is "ug23"
+       the result is no match, even though there would be a match for  "aug23"
+       if  the entire string were given at once. Depending on the application,
+       this may or may not be what you want.  The only way to allow for start-
+       ing  again  at  the next character is to retain the matched part of the
+       subject and try a new complete match.
+
+       You can set the PCRE_PARTIAL_SOFT  or  PCRE_PARTIAL_HARD  options  with
+       PCRE_DFA_RESTART  to  continue partial matching over multiple segments.
+       This facility can be used to pass very long subject strings to the  DFA
+       matching functions.
+
+
+MULTI-SEGMENT MATCHING WITH pcre_exec() OR pcre[16|32]_exec()
+
+       From  release 8.00, the standard matching functions can also be used to
+       do multi-segment matching. Unlike the DFA functions, it is not possible
+       to  restart the previous match with a new segment of data. Instead, new
+       data must be added to the previous subject string, and the entire match
+       re-run,  starting from the point where the partial match occurred. Ear-
+       lier data can be discarded.
+
+       It is best to use PCRE_PARTIAL_HARD in this situation, because it  does
+       not  treat the end of a segment as the end of the subject when matching
+       \z, \Z, \b, \B, and $. Consider  an  unanchored  pattern  that  matches
+       dates:
+
+           re> /\d?\d(jan|feb|mar|apr|may|jun|jul|aug|sep|oct|nov|dec)\d\d/
+         data> The date is 23ja\P\P
+         Partial match: 23ja
+
+       At  this stage, an application could discard the text preceding "23ja",
+       add on text from the next  segment,  and  call  the  matching  function
+       again.  Unlike  the  DFA matching functions, the entire matching string
+       must always be available, and the complete matching process occurs  for
+       each call, so more memory and more processing time is needed.
+
+       Note:  If  the pattern contains lookbehind assertions, or \K, or starts
+       with \b or \B, the string that is returned for a partial match includes
+       characters  that precede the start of what would be returned for a com-
+       plete match, because it contains all the characters that were inspected
+       during the partial match.
+
+
+ISSUES WITH MULTI-SEGMENT MATCHING
+
+       Certain types of pattern may give problems with multi-segment matching,
+       whichever matching function is used.
+
+       1. If the pattern contains a test for the beginning of a line, you need
+       to  pass  the  PCRE_NOTBOL  option when the subject string for any call
+       does start at the beginning of a line.  There  is  also  a  PCRE_NOTEOL
+       option, but in practice when doing multi-segment matching you should be
+       using PCRE_PARTIAL_HARD, which includes the effect of PCRE_NOTEOL.
+
+       2. Lookbehind assertions that have already been obeyed are catered  for
+       in the offsets that are returned for a partial match. However a lookbe-
+       hind assertion later in the pattern could require even earlier  charac-
+       ters   to  be  inspected.  You  can  handle  this  case  by  using  the
+       PCRE_INFO_MAXLOOKBEHIND    option    of    the    pcre_fullinfo()    or
+       pcre[16|32]_fullinfo()  functions  to  obtain the length of the longest
+       lookbehind in the pattern. This length  is  given  in  characters,  not
+       bytes.  If  you  always retain at least that many characters before the
+       partially matched string, all should be  well.  (Of  course,  near  the
+       start of the subject, fewer characters may be present; in that case all
+       characters should be retained.)
+
+       From release 8.33, there is a more accurate way of deciding which char-
+       acters  to  retain.  Instead  of  subtracting the length of the longest
+       lookbehind from the  earliest  inspected  character  (offsets[0]),  the
+       match  start  position  (offsets[2]) should be used, and the next match
+       attempt started at the offsets[2] character by setting the  startoffset
+       argument of pcre_exec() or pcre_dfa_exec().
+
+       For  example, if the pattern "(?<=123)abc" is partially matched against
+       the string "xx123a", the three offset values returned are 2, 6, and  5.
+       This  indicates  that  the  matching  process that gave a partial match
+       started at offset 5, but the characters "123a" were all inspected.  The
+       maximum  lookbehind  for  that pattern is 3, so taking that away from 5
+       shows that we need only keep "123a", and the next match attempt can  be
+       started at offset 3 (that is, at "a") when further characters have been
+       added. When the match start is not the  earliest  inspected  character,
+       pcretest shows it explicitly:
+
+           re> "(?<=123)abc"
+         data> xx123a\P\P
+         Partial match at offset 5: 123a
+
+       3.  Because a partial match must always contain at least one character,
+       what might be considered a partial match of an  empty  string  actually
+       gives a "no match" result. For example:
+
+           re> /c(?<=abc)x/
+         data> ab\P
+         No match
+
+       If the next segment begins "cx", a match should be found, but this will
+       only happen if characters from the previous segment are  retained.  For
+       this  reason,  a  "no  match"  result should be interpreted as "partial
+       match of an empty string" when the pattern contains lookbehinds.
+
+       4. Matching a subject string that is split into multiple  segments  may
+       not  always produce exactly the same result as matching over one single
+       long string, especially when PCRE_PARTIAL_SOFT  is  used.  The  section
+       "Partial  Matching  and  Word Boundaries" above describes an issue that
+       arises if the pattern ends with \b or \B. Another  kind  of  difference
+       may  occur when there are multiple matching possibilities, because (for
+       PCRE_PARTIAL_SOFT) a partial match result is given only when there  are
+       no completed matches. This means that as soon as the shortest match has
+       been found, continuation to a new subject segment is no  longer  possi-
+       ble. Consider again this pcretest example:
+
+           re> /dog(sbody)?/
+         data> dogsb\P
+          0: dog
+         data> do\P\D
+         Partial match: do
+         data> gsb\R\P\D
+          0: g
+         data> dogsbody\D
+          0: dogsbody
+          1: dog
+
+       The  first  data  line passes the string "dogsb" to a standard matching
+       function, setting the PCRE_PARTIAL_SOFT option. Although the string  is
+       a  partial  match for "dogsbody", the result is not PCRE_ERROR_PARTIAL,
+       because the shorter string "dog" is a complete match.  Similarly,  when
+       the  subject  is  presented to a DFA matching function in several parts
+       ("do" and "gsb" being the first two) the match  stops  when  "dog"  has
+       been  found, and it is not possible to continue.  On the other hand, if
+       "dogsbody" is presented as a single string,  a  DFA  matching  function
+       finds both matches.
+
+       Because  of  these  problems,  it is best to use PCRE_PARTIAL_HARD when
+       matching multi-segment data. The example  above  then  behaves  differ-
+       ently:
+
+           re> /dog(sbody)?/
+         data> dogsb\P\P
+         Partial match: dogsb
+         data> do\P\D
+         Partial match: do
+         data> gsb\R\P\P\D
+         Partial match: gsb
+
+       5. Patterns that contain alternatives at the top level which do not all
+       start with the  same  pattern  item  may  not  work  as  expected  when
+       PCRE_DFA_RESTART is used. For example, consider this pattern:
+
+         1234|3789
+
+       If  the  first  part of the subject is "ABC123", a partial match of the
+       first alternative is found at offset 3. There is no partial  match  for
+       the second alternative, because such a match does not start at the same
+       point in the subject string. Attempting to  continue  with  the  string
+       "7890"  does  not  yield  a  match because only those alternatives that
+       match at one point in the subject are remembered.  The  problem  arises
+       because  the  start  of the second alternative matches within the first
+       alternative. There is no problem with  anchored  patterns  or  patterns
+       such as:
+
+         1234|ABCD
+
+       where  no  string can be a partial match for both alternatives. This is
+       not a problem if a standard matching  function  is  used,  because  the
+       entire match has to be rerun each time:
+
+           re> /1234|3789/
+         data> ABC123\P\P
+         Partial match: 123
+         data> 1237890
+          0: 3789
+
+       Of course, instead of using PCRE_DFA_RESTART, the same technique of re-
+       running the entire match can also be used with the DFA  matching  func-
+       tions.  Another  possibility  is to work with two buffers. If a partial
+       match at offset n in the first buffer is followed by  "no  match"  when
+       PCRE_DFA_RESTART  is  used on the second buffer, you can then try a new
+       match starting at offset n+1 in the first buffer.
+
+
+AUTHOR
+
+       Philip Hazel
+       University Computing Service
+       Cambridge CB2 3QH, England.
+
+
+REVISION
+
+       Last updated: 02 July 2013
+       Copyright (c) 1997-2013 University of Cambridge.
+------------------------------------------------------------------------------
+
+
+PCREPRECOMPILE(3)          Library Functions Manual          PCREPRECOMPILE(3)
+
+
+
+NAME
+       PCRE - Perl-compatible regular expressions
+
+SAVING AND RE-USING PRECOMPILED PCRE PATTERNS
+
+       If  you  are running an application that uses a large number of regular
+       expression patterns, it may be useful to store them  in  a  precompiled
+       form  instead  of  having to compile them every time the application is
+       run.  If you are not  using  any  private  character  tables  (see  the
+       pcre_maketables()  documentation),  this is relatively straightforward.
+       If you are using private tables, it is a little bit  more  complicated.
+       However,  if you are using the just-in-time optimization feature, it is
+       not possible to save and reload the JIT data.
+
+       If you save compiled patterns to a file, you can copy them to a differ-
+       ent host and run them there. If the two hosts have different endianness
+       (byte    order),    you     should     run     the     pcre[16|32]_pat-
+       tern_to_host_byte_order()  function  on  the  new host before trying to
+       match the pattern. The matching functions return  PCRE_ERROR_BADENDIAN-
+       NESS if they detect a pattern with the wrong endianness.
+
+       Compiling  regular  expressions with one version of PCRE for use with a
+       different version is not guaranteed to work and may cause crashes,  and
+       saving  and  restoring  a  compiled  pattern loses any JIT optimization
+       data.
+
+
+SAVING A COMPILED PATTERN
+
+       The value returned by pcre[16|32]_compile() points to a single block of
+       memory  that  holds  the  compiled pattern and associated data. You can
+       find   the   length   of   this   block    in    bytes    by    calling
+       pcre[16|32]_fullinfo() with an argument of PCRE_INFO_SIZE. You can then
+       save the data in any appropriate manner. Here is sample  code  for  the
+       8-bit  library  that  compiles  a  pattern  and writes it to a file. It
+       assumes that the variable fd refers to a file that is open for output:
+
+         int erroroffset, rc, size;
+         char *error;
+         pcre *re;
+
+         re = pcre_compile("my pattern", 0, &error, &erroroffset, NULL);
+         if (re == NULL) { ... handle errors ... }
+         rc = pcre_fullinfo(re, NULL, PCRE_INFO_SIZE, &size);
+         if (rc < 0) { ... handle errors ... }
+         rc = fwrite(re, 1, size, fd);
+         if (rc != size) { ... handle errors ... }
+
+       In this example, the bytes  that  comprise  the  compiled  pattern  are
+       copied  exactly.  Note that this is binary data that may contain any of
+       the 256 possible byte  values.  On  systems  that  make  a  distinction
+       between binary and non-binary data, be sure that the file is opened for
+       binary output.
+
+       If you want to write more than one pattern to a file, you will have  to
+       devise  a  way of separating them. For binary data, preceding each pat-
+       tern with its length is probably  the  most  straightforward  approach.
+       Another  possibility is to write out the data in hexadecimal instead of
+       binary, one pattern to a line.
+
+       Saving compiled patterns in a file is only one possible way of  storing
+       them  for later use. They could equally well be saved in a database, or
+       in the memory of some daemon process that passes them  via  sockets  to
+       the processes that want them.
+
+       If the pattern has been studied, it is also possible to save the normal
+       study data in a similar way to the compiled pattern itself. However, if
+       the PCRE_STUDY_JIT_COMPILE was used, the just-in-time data that is cre-
+       ated cannot be saved because it is too dependent on the  current  envi-
+       ronment.    When    studying    generates    additional    information,
+       pcre[16|32]_study() returns  a  pointer  to  a  pcre[16|32]_extra  data
+       block.  Its  format  is defined in the section on matching a pattern in
+       the pcreapi documentation. The study_data field points  to  the  binary
+       study  data,  and this is what you must save (not the pcre[16|32]_extra
+       block itself). The length of the study data can be obtained by  calling
+       pcre[16|32]_fullinfo()  with an argument of PCRE_INFO_STUDYSIZE. Remem-
+       ber to check that  pcre[16|32]_study()  did  return  a  non-NULL  value
+       before trying to save the study data.
+
+
+RE-USING A PRECOMPILED PATTERN
+
+       Re-using  a  precompiled pattern is straightforward. Having reloaded it
+       into main memory,  called  pcre[16|32]_pattern_to_host_byte_order()  if
+       necessary,    you   pass   its   pointer   to   pcre[16|32]_exec()   or
+       pcre[16|32]_dfa_exec() in the usual way.
+
+       However, if you passed a pointer to custom character  tables  when  the
+       pattern  was compiled (the tableptr argument of pcre[16|32]_compile()),
+       you  must  now  pass  a  similar  pointer  to   pcre[16|32]_exec()   or
+       pcre[16|32]_dfa_exec(),  because the value saved with the compiled pat-
+       tern will obviously be nonsense. A field in a pcre[16|32]_extra() block
+       is  used  to  pass this data, as described in the section on matching a
+       pattern in the pcreapi documentation.
+
+       Warning: The tables that pcre_exec() and pcre_dfa_exec()  use  must  be
+       the same as those that were used when the pattern was compiled. If this
+       is not the case, the behaviour is undefined.
+
+       If you did not provide custom character tables  when  the  pattern  was
+       compiled, the pointer in the compiled pattern is NULL, which causes the
+       matching functions to use PCRE's internal tables. Thus, you do not need
+       to take any special action at run time in this case.
+
+       If  you  saved study data with the compiled pattern, you need to create
+       your own pcre[16|32]_extra data block and set the study_data  field  to
+       point   to   the   reloaded   study   data.   You  must  also  set  the
+       PCRE_EXTRA_STUDY_DATA bit in the flags field  to  indicate  that  study
+       data  is present. Then pass the pcre[16|32]_extra block to the matching
+       function in the usual way. If the pattern was studied for  just-in-time
+       optimization,  that  data  cannot  be  saved,  and  so  is  lost  by  a
+       save/restore cycle.
+
+
+COMPATIBILITY WITH DIFFERENT PCRE RELEASES
+
+       In general, it is safest to  recompile  all  saved  patterns  when  you
+       update  to  a new PCRE release, though not all updates actually require
+       this.
+
+
+AUTHOR
+
+       Philip Hazel
+       University Computing Service
+       Cambridge CB2 3QH, England.
+
+
+REVISION
+
+       Last updated: 12 November 2013
+       Copyright (c) 1997-2013 University of Cambridge.
+------------------------------------------------------------------------------
+
+
+PCREPERFORM(3)             Library Functions Manual             PCREPERFORM(3)
+
+
+
+NAME
+       PCRE - Perl-compatible regular expressions
+
+PCRE PERFORMANCE
+
+       Two  aspects  of performance are discussed below: memory usage and pro-
+       cessing time. The way you express your pattern as a regular  expression
+       can affect both of them.
+
+
+COMPILED PATTERN MEMORY USAGE
+
+       Patterns  are compiled by PCRE into a reasonably efficient interpretive
+       code, so that most simple patterns do not  use  much  memory.  However,
+       there  is  one case where the memory usage of a compiled pattern can be
+       unexpectedly large. If a parenthesized subpattern has a quantifier with
+       a minimum greater than 1 and/or a limited maximum, the whole subpattern
+       is repeated in the compiled code. For example, the pattern
+
+         (abc|def){2,4}
+
+       is compiled as if it were
+
+         (abc|def)(abc|def)((abc|def)(abc|def)?)?
+
+       (Technical aside: It is done this way so that backtrack  points  within
+       each of the repetitions can be independently maintained.)
+
+       For  regular expressions whose quantifiers use only small numbers, this
+       is not usually a problem. However, if the numbers are large,  and  par-
+       ticularly  if  such repetitions are nested, the memory usage can become
+       an embarrassment. For example, the very simple pattern
+
+         ((ab){1,1000}c){1,3}
+
+       uses 51K bytes when compiled using the 8-bit library. When PCRE is com-
+       piled  with  its  default  internal pointer size of two bytes, the size
+       limit on a compiled pattern is 64K data units, and this is reached with
+       the  above  pattern  if  the outer repetition is increased from 3 to 4.
+       PCRE can be compiled to use larger internal pointers  and  thus  handle
+       larger  compiled patterns, but it is better to try to rewrite your pat-
+       tern to use less memory if you can.
+
+       One way of reducing the memory usage for such patterns is to  make  use
+       of PCRE's "subroutine" facility. Re-writing the above pattern as
+
+         ((ab)(?2){0,999}c)(?1){0,2}
+
+       reduces the memory requirements to 18K, and indeed it remains under 20K
+       even with the outer repetition increased to 100. However, this  pattern
+       is  not  exactly equivalent, because the "subroutine" calls are treated
+       as atomic groups into which there can be no backtracking if there is  a
+       subsequent  matching  failure.  Therefore,  PCRE cannot do this kind of
+       rewriting automatically.  Furthermore, there is a  noticeable  loss  of
+       speed  when executing the modified pattern. Nevertheless, if the atomic
+       grouping is not a problem and the loss of  speed  is  acceptable,  this
+       kind  of  rewriting will allow you to process patterns that PCRE cannot
+       otherwise handle.
+
+
+STACK USAGE AT RUN TIME
+
+       When pcre_exec() or pcre[16|32]_exec() is used  for  matching,  certain
+       kinds  of  pattern  can  cause  it  to use large amounts of the process
+       stack. In some environments the default process stack is  quite  small,
+       and  if it runs out the result is often SIGSEGV. This issue is probably
+       the most frequently raised problem with PCRE.  Rewriting  your  pattern
+       can  often  help.  The  pcrestack documentation discusses this issue in
+       detail.
+
+
+PROCESSING TIME
+
+       Certain items in regular expression patterns are processed  more  effi-
+       ciently than others. It is more efficient to use a character class like
+       [aeiou]  than  a  set  of   single-character   alternatives   such   as
+       (a|e|i|o|u).  In  general,  the simplest construction that provides the
+       required behaviour is usually the most efficient. Jeffrey Friedl's book
+       contains  a  lot  of useful general discussion about optimizing regular
+       expressions for efficient performance. This  document  contains  a  few
+       observations about PCRE.
+
+       Using  Unicode  character  properties  (the  \p, \P, and \X escapes) is
+       slow, because PCRE has to use a multi-stage table  lookup  whenever  it
+       needs  a  character's  property. If you can find an alternative pattern
+       that does not use character properties, it will probably be faster.
+
+       By default, the escape sequences \b, \d, \s,  and  \w,  and  the  POSIX
+       character  classes  such  as  [:alpha:]  do not use Unicode properties,
+       partly for backwards compatibility, and partly for performance reasons.
+       However,  you can set PCRE_UCP if you want Unicode character properties
+       to be used. This can double the matching time for  items  such  as  \d,
+       when matched with a traditional matching function; the performance loss
+       is less with a DFA matching function, and in both cases  there  is  not
+       much difference for \b.
+
+       When  a  pattern  begins  with .* not in parentheses, or in parentheses
+       that are not the subject of a backreference, and the PCRE_DOTALL option
+       is  set, the pattern is implicitly anchored by PCRE, since it can match
+       only at the start of a subject string. However, if PCRE_DOTALL  is  not
+       set,  PCRE  cannot  make this optimization, because the . metacharacter
+       does not then match a newline, and if the subject string contains  new-
+       lines,  the  pattern may match from the character immediately following
+       one of them instead of from the very start. For example, the pattern
+
+         .*second
+
+       matches the subject "first\nand second" (where \n stands for a  newline
+       character),  with the match starting at the seventh character. In order
+       to do this, PCRE has to retry the match starting after every newline in
+       the subject.
+
+       If  you  are using such a pattern with subject strings that do not con-
+       tain newlines, the best performance is obtained by setting PCRE_DOTALL,
+       or  starting  the pattern with ^.* or ^.*? to indicate explicit anchor-
+       ing. That saves PCRE from having to scan along the subject looking  for
+       a newline to restart at.
+
+       Beware  of  patterns  that contain nested indefinite repeats. These can
+       take a long time to run when applied to a string that does  not  match.
+       Consider the pattern fragment
+
+         ^(a+)*
+
+       This  can  match "aaaa" in 16 different ways, and this number increases
+       very rapidly as the string gets longer. (The * repeat can match  0,  1,
+       2,  3, or 4 times, and for each of those cases other than 0 or 4, the +
+       repeats can match different numbers of times.) When  the  remainder  of
+       the pattern is such that the entire match is going to fail, PCRE has in
+       principle to try  every  possible  variation,  and  this  can  take  an
+       extremely long time, even for relatively short strings.
+
+       An optimization catches some of the more simple cases such as
+
+         (a+)*b
+
+       where  a  literal  character  follows. Before embarking on the standard
+       matching procedure, PCRE checks that there is a "b" later in  the  sub-
+       ject  string, and if there is not, it fails the match immediately. How-
+       ever, when there is no following literal this  optimization  cannot  be
+       used. You can see the difference by comparing the behaviour of
+
+         (a+)*\d
+
+       with  the  pattern  above.  The former gives a failure almost instantly
+       when applied to a whole line of  "a"  characters,  whereas  the  latter
+       takes an appreciable time with strings longer than about 20 characters.
+
+       In many cases, the solution to this kind of performance issue is to use
+       an atomic group or a possessive quantifier.
+
+
+AUTHOR
+
+       Philip Hazel
+       University Computing Service
+       Cambridge CB2 3QH, England.
+
+
+REVISION
+
+       Last updated: 25 August 2012
+       Copyright (c) 1997-2012 University of Cambridge.
+------------------------------------------------------------------------------
+
+
+PCREPOSIX(3)               Library Functions Manual               PCREPOSIX(3)
+
+
+
+NAME
+       PCRE - Perl-compatible regular expressions.
+
+SYNOPSIS
+
+       #include <pcreposix.h>
+
+       int regcomp(regex_t *preg, const char *pattern,
+            int cflags);
+
+       int regexec(regex_t *preg, const char *string,
+            size_t nmatch, regmatch_t pmatch[], int eflags);
+            size_t regerror(int errcode, const regex_t *preg,
+            char *errbuf, size_t errbuf_size);
+
+       void regfree(regex_t *preg);
+
+
+DESCRIPTION
+
+       This  set  of functions provides a POSIX-style API for the PCRE regular
+       expression 8-bit library. See the pcreapi documentation for a  descrip-
+       tion  of  PCRE's native API, which contains much additional functional-
+       ity. There is no POSIX-style  wrapper  for  PCRE's  16-bit  and  32-bit
+       library.
+
+       The functions described here are just wrapper functions that ultimately
+       call  the  PCRE  native  API.  Their  prototypes  are  defined  in  the
+       pcreposix.h  header  file,  and  on  Unix systems the library itself is
+       called pcreposix.a, so can be accessed by  adding  -lpcreposix  to  the
+       command  for  linking  an application that uses them. Because the POSIX
+       functions call the native ones, it is also necessary to add -lpcre.
+
+       I have implemented only those POSIX option bits that can be  reasonably
+       mapped  to PCRE native options. In addition, the option REG_EXTENDED is
+       defined with the value zero. This has no  effect,  but  since  programs
+       that  are  written  to  the POSIX interface often use it, this makes it
+       easier to slot in PCRE as a replacement library.  Other  POSIX  options
+       are not even defined.
+
+       There  are also some other options that are not defined by POSIX. These
+       have been added at the request of users who want to make use of certain
+       PCRE-specific features via the POSIX calling interface.
+
+       When  PCRE  is  called  via these functions, it is only the API that is
+       POSIX-like in style. The syntax and semantics of  the  regular  expres-
+       sions  themselves  are  still  those of Perl, subject to the setting of
+       various PCRE options, as described below. "POSIX-like in  style"  means
+       that  the  API  approximates  to  the POSIX definition; it is not fully
+       POSIX-compatible, and in multi-byte encoding  domains  it  is  probably
+       even less compatible.
+
+       The  header for these functions is supplied as pcreposix.h to avoid any
+       potential clash with other POSIX  libraries.  It  can,  of  course,  be
+       renamed or aliased as regex.h, which is the "correct" name. It provides
+       two structure types, regex_t for  compiled  internal  forms,  and  reg-
+       match_t  for  returning  captured substrings. It also defines some con-
+       stants whose names start  with  "REG_";  these  are  used  for  setting
+       options and identifying error codes.
+
+
+COMPILING A PATTERN
+
+       The  function regcomp() is called to compile a pattern into an internal
+       form. The pattern is a C string terminated by a  binary  zero,  and  is
+       passed  in  the  argument  pattern. The preg argument is a pointer to a
+       regex_t structure that is used as a base for storing information  about
+       the compiled regular expression.
+
+       The argument cflags is either zero, or contains one or more of the bits
+       defined by the following macros:
+
+         REG_DOTALL
+
+       The PCRE_DOTALL option is set when the regular expression is passed for
+       compilation to the native function. Note that REG_DOTALL is not part of
+       the POSIX standard.
+
+         REG_ICASE
+
+       The PCRE_CASELESS option is set when the regular expression  is  passed
+       for compilation to the native function.
+
+         REG_NEWLINE
+
+       The  PCRE_MULTILINE option is set when the regular expression is passed
+       for compilation to the native function. Note that this does  not  mimic
+       the  defined  POSIX  behaviour  for REG_NEWLINE (see the following sec-
+       tion).
+
+         REG_NOSUB
+
+       The PCRE_NO_AUTO_CAPTURE option is set when the regular  expression  is
+       passed for compilation to the native function. In addition, when a pat-
+       tern that is compiled with this flag is passed to regexec() for  match-
+       ing,  the  nmatch  and  pmatch  arguments  are ignored, and no captured
+       strings are returned.
+
+         REG_UCP
+
+       The PCRE_UCP option is set when the regular expression  is  passed  for
+       compilation  to  the  native  function. This causes PCRE to use Unicode
+       properties when matchine \d, \w,  etc.,  instead  of  just  recognizing
+       ASCII values. Note that REG_UTF8 is not part of the POSIX standard.
+
+         REG_UNGREEDY
+
+       The  PCRE_UNGREEDY  option is set when the regular expression is passed
+       for compilation to the native function. Note that REG_UNGREEDY  is  not
+       part of the POSIX standard.
+
+         REG_UTF8
+
+       The  PCRE_UTF8  option is set when the regular expression is passed for
+       compilation to the native function. This causes the pattern itself  and
+       all  data  strings used for matching it to be treated as UTF-8 strings.
+       Note that REG_UTF8 is not part of the POSIX standard.
+
+       In the absence of these flags, no options  are  passed  to  the  native
+       function.   This  means  the  the  regex  is compiled with PCRE default
+       semantics. In particular, the way it handles newline characters in  the
+       subject  string  is  the Perl way, not the POSIX way. Note that setting
+       PCRE_MULTILINE has only some of the effects specified for  REG_NEWLINE.
+       It  does not affect the way newlines are matched by . (they are not) or
+       by a negative class such as [^a] (they are).
+
+       The yield of regcomp() is zero on success, and non-zero otherwise.  The
+       preg structure is filled in on success, and one member of the structure
+       is public: re_nsub contains the number of capturing subpatterns in  the
+       regular expression. Various error codes are defined in the header file.
+
+       NOTE:  If  the  yield of regcomp() is non-zero, you must not attempt to
+       use the contents of the preg structure. If, for example, you pass it to
+       regexec(), the result is undefined and your program is likely to crash.
+
+
+MATCHING NEWLINE CHARACTERS
+
+       This area is not simple, because POSIX and Perl take different views of
+       things.  It is not possible to get PCRE to obey  POSIX  semantics,  but
+       then  PCRE was never intended to be a POSIX engine. The following table
+       lists the different possibilities for matching  newline  characters  in
+       PCRE:
+
+                                 Default   Change with
+
+         . matches newline          no     PCRE_DOTALL
+         newline matches [^a]       yes    not changeable
+         $ matches \n at end        yes    PCRE_DOLLARENDONLY
+         $ matches \n in middle     no     PCRE_MULTILINE
+         ^ matches \n in middle     no     PCRE_MULTILINE
+
+       This is the equivalent table for POSIX:
+
+                                 Default   Change with
+
+         . matches newline          yes    REG_NEWLINE
+         newline matches [^a]       yes    REG_NEWLINE
+         $ matches \n at end        no     REG_NEWLINE
+         $ matches \n in middle     no     REG_NEWLINE
+         ^ matches \n in middle     no     REG_NEWLINE
+
+       PCRE's behaviour is the same as Perl's, except that there is no equiva-
+       lent for PCRE_DOLLAR_ENDONLY in Perl. In both PCRE and Perl,  there  is
+       no way to stop newline from matching [^a].
+
+       The   default  POSIX  newline  handling  can  be  obtained  by  setting
+       PCRE_DOTALL and PCRE_DOLLAR_ENDONLY, but there is no way to  make  PCRE
+       behave exactly as for the REG_NEWLINE action.
+
+
+MATCHING A PATTERN
+
+       The  function  regexec()  is  called  to  match a compiled pattern preg
+       against a given string, which is by default terminated by a  zero  byte
+       (but  see  REG_STARTEND below), subject to the options in eflags. These
+       can be:
+
+         REG_NOTBOL
+
+       The PCRE_NOTBOL option is set when calling the underlying PCRE matching
+       function.
+
+         REG_NOTEMPTY
+
+       The PCRE_NOTEMPTY option is set when calling the underlying PCRE match-
+       ing function. Note that REG_NOTEMPTY is not part of the POSIX standard.
+       However, setting this option can give more POSIX-like behaviour in some
+       situations.
+
+         REG_NOTEOL
+
+       The PCRE_NOTEOL option is set when calling the underlying PCRE matching
+       function.
+
+         REG_STARTEND
+
+       The  string  is  considered to start at string + pmatch[0].rm_so and to
+       have a terminating NUL located at string + pmatch[0].rm_eo (there  need
+       not  actually  be  a  NUL at that location), regardless of the value of
+       nmatch. This is a BSD extension, compatible with but not  specified  by
+       IEEE  Standard  1003.2  (POSIX.2),  and  should be used with caution in
+       software intended to be portable to other systems. Note that a non-zero
+       rm_so does not imply REG_NOTBOL; REG_STARTEND affects only the location
+       of the string, not how it is matched.
+
+       If the pattern was compiled with the REG_NOSUB flag, no data about  any
+       matched  strings  is  returned.  The  nmatch  and  pmatch  arguments of
+       regexec() are ignored.
+
+       If the value of nmatch is zero, or if the value pmatch is NULL, no data
+       about any matched strings is returned.
+
+       Otherwise,the portion of the string that was matched, and also any cap-
+       tured substrings, are returned via the pmatch argument, which points to
+       an  array  of nmatch structures of type regmatch_t, containing the mem-
+       bers rm_so and rm_eo. These contain the offset to the  first  character
+       of  each  substring and the offset to the first character after the end
+       of each substring, respectively. The 0th element of the vector  relates
+       to  the  entire portion of string that was matched; subsequent elements
+       relate to the capturing subpatterns of the regular  expression.  Unused
+       entries in the array have both structure members set to -1.
+
+       A  successful  match  yields  a  zero  return;  various error codes are
+       defined in the header file, of  which  REG_NOMATCH  is  the  "expected"
+       failure code.
+
+
+ERROR MESSAGES
+
+       The regerror() function maps a non-zero errorcode from either regcomp()
+       or regexec() to a printable message. If preg is  not  NULL,  the  error
+       should have arisen from the use of that structure. A message terminated
+       by a binary zero is placed  in  errbuf.  The  length  of  the  message,
+       including  the  zero, is limited to errbuf_size. The yield of the func-
+       tion is the size of buffer needed to hold the whole message.
+
+
+MEMORY USAGE
+
+       Compiling a regular expression causes memory to be allocated and  asso-
+       ciated  with  the preg structure. The function regfree() frees all such
+       memory, after which preg may no longer be used as  a  compiled  expres-
+       sion.
+
+
+AUTHOR
+
+       Philip Hazel
+       University Computing Service
+       Cambridge CB2 3QH, England.
+
+
+REVISION
+
+       Last updated: 09 January 2012
+       Copyright (c) 1997-2012 University of Cambridge.
+------------------------------------------------------------------------------
+
+
+PCRECPP(3)                 Library Functions Manual                 PCRECPP(3)
+
+
+
+NAME
+       PCRE - Perl-compatible regular expressions.
+
+SYNOPSIS OF C++ WRAPPER
+
+       #include <pcrecpp.h>
+
+
+DESCRIPTION
+
+       The  C++  wrapper  for PCRE was provided by Google Inc. Some additional
+       functionality was added by Giuseppe Maxia. This brief man page was con-
+       structed  from  the  notes  in the pcrecpp.h file, which should be con-
+       sulted for further details. Note that the C++ wrapper supports only the
+       original  8-bit  PCRE  library. There is no 16-bit or 32-bit support at
+       present.
+
+
+MATCHING INTERFACE
+
+       The "FullMatch" operation checks that supplied text matches a  supplied
+       pattern  exactly.  If pointer arguments are supplied, it copies matched
+       sub-strings that match sub-patterns into them.
+
+         Example: successful match
+            pcrecpp::RE re("h.*o");
+            re.FullMatch("hello");
+
+         Example: unsuccessful match (requires full match):
+            pcrecpp::RE re("e");
+            !re.FullMatch("hello");
+
+         Example: creating a temporary RE object:
+            pcrecpp::RE("h.*o").FullMatch("hello");
+
+       You can pass in a "const char*" or a "string" for "text". The  examples
+       below  tend to use a const char*. You can, as in the different examples
+       above, store the RE object explicitly in a variable or use a  temporary
+       RE  object.  The  examples below use one mode or the other arbitrarily.
+       Either could correctly be used for any of these examples.
+
+       You must supply extra pointer arguments to extract matched subpieces.
+
+         Example: extracts "ruby" into "s" and 1234 into "i"
+            int i;
+            string s;
+            pcrecpp::RE re("(\\w+):(\\d+)");
+            re.FullMatch("ruby:1234", &s, &i);
+
+         Example: does not try to extract any extra sub-patterns
+            re.FullMatch("ruby:1234", &s);
+
+         Example: does not try to extract into NULL
+            re.FullMatch("ruby:1234", NULL, &i);
+
+         Example: integer overflow causes failure
+            !re.FullMatch("ruby:1234567891234", NULL, &i);
+
+         Example: fails because there aren't enough sub-patterns:
+            !pcrecpp::RE("\\w+:\\d+").FullMatch("ruby:1234", &s);
+
+         Example: fails because string cannot be stored in integer
+            !pcrecpp::RE("(.*)").FullMatch("ruby", &i);
+
+       The provided pointer arguments can be pointers to  any  scalar  numeric
+       type, or one of:
+
+          string        (matched piece is copied to string)
+          StringPiece   (StringPiece is mutated to point to matched piece)
+          T             (where "bool T::ParseFrom(const char*, int)" exists)
+          NULL          (the corresponding matched sub-pattern is not copied)
+
+       The  function returns true iff all of the following conditions are sat-
+       isfied:
+
+         a. "text" matches "pattern" exactly;
+
+         b. The number of matched sub-patterns is >= number of supplied
+            pointers;
+
+         c. The "i"th argument has a suitable type for holding the
+            string captured as the "i"th sub-pattern. If you pass in
+            void * NULL for the "i"th argument, or a non-void * NULL
+            of the correct type, or pass fewer arguments than the
+            number of sub-patterns, "i"th captured sub-pattern is
+            ignored.
+
+       CAVEAT: An optional sub-pattern that does  not  exist  in  the  matched
+       string  is  assigned  the  empty  string. Therefore, the following will
+       return false (because the empty string is not a valid number):
+
+          int number;
+          pcrecpp::RE::FullMatch("abc", "[a-z]+(\\d+)?", &number);
+
+       The matching interface supports at most 16 arguments per call.  If  you
+       need    more,    consider    using    the    more   general   interface
+       pcrecpp::RE::DoMatch. See pcrecpp.h for the signature for DoMatch.
+
+       NOTE: Do not use no_arg, which is used internally to mark the end of  a
+       list  of optional arguments, as a placeholder for missing arguments, as
+       this can lead to segfaults.
+
+
+QUOTING METACHARACTERS
+
+       You can use the "QuoteMeta" operation to insert backslashes before  all
+       potentially  meaningful  characters  in  a string. The returned string,
+       used as a regular expression, will exactly match the original string.
+
+         Example:
+            string quoted = RE::QuoteMeta(unquoted);
+
+       Note that it's legal to escape a character even if it  has  no  special
+       meaning  in  a  regular expression -- so this function does that. (This
+       also makes it identical to the perl function  of  the  same  name;  see
+       "perldoc    -f    quotemeta".)    For   example,   "1.5-2.0?"   becomes
+       "1\.5\-2\.0\?".
+
+
+PARTIAL MATCHES
+
+       You can use the "PartialMatch" operation when you want the  pattern  to
+       match any substring of the text.
+
+         Example: simple search for a string:
+            pcrecpp::RE("ell").PartialMatch("hello");
+
+         Example: find first number in a string:
+            int number;
+            pcrecpp::RE re("(\\d+)");
+            re.PartialMatch("x*100 + 20", &number);
+            assert(number == 100);
+
+
+UTF-8 AND THE MATCHING INTERFACE
+
+       By  default,  pattern  and text are plain text, one byte per character.
+       The UTF8 flag, passed to  the  constructor,  causes  both  pattern  and
+       string to be treated as UTF-8 text, still a byte stream but potentially
+       multiple bytes per character. In practice, the text is likelier  to  be
+       UTF-8  than  the pattern, but the match returned may depend on the UTF8
+       flag, so always use it when matching UTF8 text. For example,  "."  will
+       match  one  byte normally but with UTF8 set may match up to three bytes
+       of a multi-byte character.
+
+         Example:
+            pcrecpp::RE_Options options;
+            options.set_utf8();
+            pcrecpp::RE re(utf8_pattern, options);
+            re.FullMatch(utf8_string);
+
+         Example: using the convenience function UTF8():
+            pcrecpp::RE re(utf8_pattern, pcrecpp::UTF8());
+            re.FullMatch(utf8_string);
+
+       NOTE: The UTF8 flag is ignored if pcre was not configured with the
+             --enable-utf8 flag.
+
+
+PASSING MODIFIERS TO THE REGULAR EXPRESSION ENGINE
+
+       PCRE defines some modifiers to  change  the  behavior  of  the  regular
+       expression   engine.  The  C++  wrapper  defines  an  auxiliary  class,
+       RE_Options, as a vehicle to pass such modifiers to  a  RE  class.  Cur-
+       rently, the following modifiers are supported:
+
+          modifier              description               Perl corresponding
+
+          PCRE_CASELESS         case insensitive match      /i
+          PCRE_MULTILINE        multiple lines match        /m
+          PCRE_DOTALL           dot matches newlines        /s
+          PCRE_DOLLAR_ENDONLY   $ matches only at end       N/A
+          PCRE_EXTRA            strict escape parsing       N/A
+          PCRE_EXTENDED         ignore white spaces         /x
+          PCRE_UTF8             handles UTF8 chars          built-in
+          PCRE_UNGREEDY         reverses * and *?           N/A
+          PCRE_NO_AUTO_CAPTURE  disables capturing parens   N/A (*)
+
+       (*)  Both Perl and PCRE allow non capturing parentheses by means of the
+       "?:" modifier within the pattern itself. e.g. (?:ab|cd) does  not  cap-
+       ture, while (ab|cd) does.
+
+       For  a  full  account on how each modifier works, please check the PCRE
+       API reference page.
+
+       For each modifier, there are two member functions whose  name  is  made
+       out  of  the  modifier  in  lowercase,  without the "PCRE_" prefix. For
+       instance, PCRE_CASELESS is handled by
+
+         bool caseless()
+
+       which returns true if the modifier is set, and
+
+         RE_Options & set_caseless(bool)
+
+       which sets or unsets the modifier. Moreover, PCRE_EXTRA_MATCH_LIMIT can
+       be  accessed  through  the  set_match_limit()  and match_limit() member
+       functions. Setting match_limit to a non-zero value will limit the  exe-
+       cution  of pcre to keep it from doing bad things like blowing the stack
+       or taking an eternity to return a result.  A  value  of  5000  is  good
+       enough  to stop stack blowup in a 2MB thread stack. Setting match_limit
+       to  zero  disables  match  limiting.  Alternatively,   you   can   call
+       match_limit_recursion()  which uses PCRE_EXTRA_MATCH_LIMIT_RECURSION to
+       limit how much  PCRE  recurses.  match_limit()  limits  the  number  of
+       matches PCRE does; match_limit_recursion() limits the depth of internal
+       recursion, and therefore the amount of stack that is used.
+
+       Normally, to pass one or more modifiers to a RE class,  you  declare  a
+       RE_Options object, set the appropriate options, and pass this object to
+       a RE constructor. Example:
+
+          RE_Options opt;
+          opt.set_caseless(true);
+          if (RE("HELLO", opt).PartialMatch("hello world")) ...
+
+       RE_options has two constructors. The default constructor takes no argu-
+       ments  and creates a set of flags that are off by default. The optional
+       parameter option_flags is to facilitate transfer of legacy code from  C
+       programs.  This lets you do
+
+          RE(pattern,
+            RE_Options(PCRE_CASELESS|PCRE_MULTILINE)).PartialMatch(str);
+
+       However, new code is better off doing
+
+          RE(pattern,
+            RE_Options().set_caseless(true).set_multiline(true))
+              .PartialMatch(str);
+
+       If you are going to pass one of the most used modifiers, there are some
+       convenience functions that return a RE_Options class with the appropri-
+       ate  modifier  already  set: CASELESS(), UTF8(), MULTILINE(), DOTALL(),
+       and EXTENDED().
+
+       If you need to set several options at once, and you don't  want  to  go
+       through  the pains of declaring a RE_Options object and setting several
+       options, there is a parallel method that give you such ability  on  the
+       fly.  You  can  concatenate several set_xxxxx() member functions, since
+       each of them returns a reference to its class object. For  example,  to
+       pass  PCRE_CASELESS, PCRE_EXTENDED, and PCRE_MULTILINE to a RE with one
+       statement, you may write:
+
+          RE(" ^ xyz \\s+ .* blah$",
+            RE_Options()
+              .set_caseless(true)
+              .set_extended(true)
+              .set_multiline(true)).PartialMatch(sometext);
+
+
+SCANNING TEXT INCREMENTALLY
+
+       The "Consume" operation may be useful if you want to  repeatedly  match
+       regular expressions at the front of a string and skip over them as they
+       match. This requires use of the "StringPiece" type, which represents  a
+       sub-range  of  a  real  string.  Like RE, StringPiece is defined in the
+       pcrecpp namespace.
+
+         Example: read lines of the form "var = value" from a string.
+            string contents = ...;                 // Fill string somehow
+            pcrecpp::StringPiece input(contents);  // Wrap in a StringPiece
+
+            string var;
+            int value;
+            pcrecpp::RE re("(\\w+) = (\\d+)\n");
+            while (re.Consume(&input, &var, &value)) {
+              ...;
+            }
+
+       Each successful call  to  "Consume"  will  set  "var/value",  and  also
+       advance "input" so it points past the matched text.
+
+       The  "FindAndConsume"  operation  is  similar to "Consume" but does not
+       anchor your match at the beginning of  the  string.  For  example,  you
+       could extract all words from a string by repeatedly calling
+
+         pcrecpp::RE("(\\w+)").FindAndConsume(&input, &word)
+
+
+PARSING HEX/OCTAL/C-RADIX NUMBERS
+
+       By default, if you pass a pointer to a numeric value, the corresponding
+       text is interpreted as a base-10  number.  You  can  instead  wrap  the
+       pointer with a call to one of the operators Hex(), Octal(), or CRadix()
+       to interpret the text in another base. The CRadix  operator  interprets
+       C-style  "0"  (base-8)  and  "0x"  (base-16)  prefixes, but defaults to
+       base-10.
+
+         Example:
+           int a, b, c, d;
+           pcrecpp::RE re("(.*) (.*) (.*) (.*)");
+           re.FullMatch("100 40 0100 0x40",
+                        pcrecpp::Octal(&a), pcrecpp::Hex(&b),
+                        pcrecpp::CRadix(&c), pcrecpp::CRadix(&d));
+
+       will leave 64 in a, b, c, and d.
+
+
+REPLACING PARTS OF STRINGS
+
+       You can replace the first match of "pattern" in "str"  with  "rewrite".
+       Within  "rewrite",  backslash-escaped  digits (\1 to \9) can be used to
+       insert text matching corresponding parenthesized group  from  the  pat-
+       tern. \0 in "rewrite" refers to the entire matching text. For example:
+
+         string s = "yabba dabba doo";
+         pcrecpp::RE("b+").Replace("d", &s);
+
+       will  leave  "s" containing "yada dabba doo". The result is true if the
+       pattern matches and a replacement occurs, false otherwise.
+
+       GlobalReplace is like Replace except that it replaces  all  occurrences
+       of  the  pattern  in  the string with the rewrite. Replacements are not
+       subject to re-matching. For example:
+
+         string s = "yabba dabba doo";
+         pcrecpp::RE("b+").GlobalReplace("d", &s);
+
+       will leave "s" containing "yada dada doo". It  returns  the  number  of
+       replacements made.
+
+       Extract  is like Replace, except that if the pattern matches, "rewrite"
+       is copied into "out" (an additional argument) with substitutions.   The
+       non-matching  portions  of "text" are ignored. Returns true iff a match
+       occurred and the extraction happened successfully;  if no match occurs,
+       the string is left unaffected.
+
+
+AUTHOR
+
+       The C++ wrapper was contributed by Google Inc.
+       Copyright (c) 2007 Google Inc.
+
+
+REVISION
+
+       Last updated: 08 January 2012
+------------------------------------------------------------------------------
+
+
+PCRESAMPLE(3)              Library Functions Manual              PCRESAMPLE(3)
+
+
+
+NAME
+       PCRE - Perl-compatible regular expressions
+
+PCRE SAMPLE PROGRAM
+
+       A simple, complete demonstration program, to get you started with using
+       PCRE, is supplied in the file pcredemo.c in the  PCRE  distribution.  A
+       listing  of this program is given in the pcredemo documentation. If you
+       do not have a copy of the PCRE distribution, you can save this  listing
+       to re-create pcredemo.c.
+
+       The  demonstration program, which uses the original PCRE 8-bit library,
+       compiles the regular expression that is its first argument, and matches
+       it  against  the subject string in its second argument. No PCRE options
+       are set, and default character tables are used. If  matching  succeeds,
+       the  program  outputs the portion of the subject that matched, together
+       with the contents of any captured substrings.
+
+       If the -g option is given on the command line, the program then goes on
+       to check for further matches of the same regular expression in the same
+       subject string. The logic is a little bit tricky because of the  possi-
+       bility  of  matching an empty string. Comments in the code explain what
+       is going on.
+
+       If PCRE is installed in the standard include  and  library  directories
+       for your operating system, you should be able to compile the demonstra-
+       tion program using this command:
+
+         gcc -o pcredemo pcredemo.c -lpcre
+
+       If PCRE is installed elsewhere, you may need to add additional  options
+       to  the  command line. For example, on a Unix-like system that has PCRE
+       installed in /usr/local, you  can  compile  the  demonstration  program
+       using a command like this:
+
+         gcc -o pcredemo -I/usr/local/include pcredemo.c \
+             -L/usr/local/lib -lpcre
+
+       In  a  Windows  environment, if you want to statically link the program
+       against a non-dll pcre.a file, you must uncomment the line that defines
+       PCRE_STATIC  before  including  pcre.h, because otherwise the pcre_mal-
+       loc()   and   pcre_free()   exported   functions   will   be   declared
+       __declspec(dllimport), with unwanted results.
+
+       Once  you  have  compiled and linked the demonstration program, you can
+       run simple tests like this:
+
+         ./pcredemo 'cat|dog' 'the cat sat on the mat'
+         ./pcredemo -g 'cat|dog' 'the dog sat on the cat'
+
+       Note that there is a  much  more  comprehensive  test  program,  called
+       pcretest,  which  supports  many  more  facilities  for testing regular
+       expressions and both PCRE libraries. The pcredemo program  is  provided
+       as a simple coding example.
+
+       If  you  try to run pcredemo when PCRE is not installed in the standard
+       library directory, you may get an error like  this  on  some  operating
+       systems (e.g. Solaris):
+
+         ld.so.1:  a.out:  fatal:  libpcre.so.0:  open failed: No such file or
+       directory
+
+       This is caused by the way shared library support works  on  those  sys-
+       tems. You need to add
+
+         -R/usr/local/lib
+
+       (for example) to the compile command to get round this problem.
+
+
+AUTHOR
+
+       Philip Hazel
+       University Computing Service
+       Cambridge CB2 3QH, England.
+
+
+REVISION
+
+       Last updated: 10 January 2012
+       Copyright (c) 1997-2012 University of Cambridge.
+------------------------------------------------------------------------------
+PCRELIMITS(3)              Library Functions Manual              PCRELIMITS(3)
+
+
+
+NAME
+       PCRE - Perl-compatible regular expressions
+
+SIZE AND OTHER LIMITATIONS
+
+       There  are some size limitations in PCRE but it is hoped that they will
+       never in practice be relevant.
+
+       The maximum length of a compiled  pattern  is  approximately  64K  data
+       units  (bytes  for  the  8-bit  library,  16-bit  units  for the 16-bit
+       library, and 32-bit units for the 32-bit library) if PCRE  is  compiled
+       with  the default internal linkage size, which is 2 bytes for the 8-bit
+       and 16-bit libraries, and 4 bytes for the 32-bit library. If  you  want
+       to process regular expressions that are truly enormous, you can compile
+       PCRE with an internal linkage size of 3 or 4 (when building the  16-bit
+       or  32-bit  library,  3 is rounded up to 4). See the README file in the
+       source distribution and the pcrebuild  documentation  for  details.  In
+       these  cases  the limit is substantially larger.  However, the speed of
+       execution is slower.
+
+       All values in repeating quantifiers must be less than 65536.
+
+       There is no limit to the number of parenthesized subpatterns, but there
+       can  be  no more than 65535 capturing subpatterns. There is, however, a
+       limit to the depth of  nesting  of  parenthesized  subpatterns  of  all
+       kinds.  This  is  imposed  in order to limit the amount of system stack
+       used at compile time. The limit can be specified when  PCRE  is  built;
+       the default is 250.
+
+       There is a limit to the number of forward references to subsequent sub-
+       patterns of around 200,000.  Repeated  forward  references  with  fixed
+       upper  limits,  for example, (?2){0,100} when subpattern number 2 is to
+       the right, are included in the count. There is no limit to  the  number
+       of backward references.
+
+       The maximum length of name for a named subpattern is 32 characters, and
+       the maximum number of named subpatterns is 10000.
+
+       The maximum length of a  name  in  a  (*MARK),  (*PRUNE),  (*SKIP),  or
+       (*THEN)  verb is 255 for the 8-bit library and 65535 for the 16-bit and
+       32-bit libraries.
+
+       The maximum length of a subject string is the largest  positive  number
+       that  an integer variable can hold. However, when using the traditional
+       matching function, PCRE uses recursion to handle subpatterns and indef-
+       inite  repetition.  This means that the available stack space may limit
+       the size of a subject string that can be processed by certain patterns.
+       For a discussion of stack issues, see the pcrestack documentation.
+
+
+AUTHOR
+
+       Philip Hazel
+       University Computing Service
+       Cambridge CB2 3QH, England.
+
+
+REVISION
+
+       Last updated: 05 November 2013
+       Copyright (c) 1997-2013 University of Cambridge.
+------------------------------------------------------------------------------
+
+
+PCRESTACK(3)               Library Functions Manual               PCRESTACK(3)
+
+
+
+NAME
+       PCRE - Perl-compatible regular expressions
+
+PCRE DISCUSSION OF STACK USAGE
+
+       When  you call pcre[16|32]_exec(), it makes use of an internal function
+       called match(). This calls itself recursively at branch points  in  the
+       pattern,  in  order  to  remember the state of the match so that it can
+       back up and try a different alternative if  the  first  one  fails.  As
+       matching proceeds deeper and deeper into the tree of possibilities, the
+       recursion depth increases. The match() function is also called in other
+       circumstances,  for  example,  whenever  a parenthesized sub-pattern is
+       entered, and in certain cases of repetition.
+
+       Not all calls of match() increase the recursion depth; for an item such
+       as  a* it may be called several times at the same level, after matching
+       different numbers of a's. Furthermore, in a number of cases  where  the
+       result  of  the  recursive call would immediately be passed back as the
+       result of the current call (a "tail recursion"), the function  is  just
+       restarted instead.
+
+       The  above  comments apply when pcre[16|32]_exec() is run in its normal
+       interpretive  manner.   If   the   pattern   was   studied   with   the
+       PCRE_STUDY_JIT_COMPILE  option, and just-in-time compiling was success-
+       ful, and the options passed to pcre[16|32]_exec() were  not  incompati-
+       ble,  the  matching  process  uses the JIT-compiled code instead of the
+       match() function. In this case, the  memory  requirements  are  handled
+       entirely differently. See the pcrejit documentation for details.
+
+       The  pcre[16|32]_dfa_exec()  function operates in an entirely different
+       way, and uses recursion only when there is a regular expression  recur-
+       sion or subroutine call in the pattern. This includes the processing of
+       assertion and "once-only" subpatterns, which are handled  like  subrou-
+       tine  calls.  Normally, these are never very deep, and the limit on the
+       complexity of pcre[16|32]_dfa_exec() is controlled  by  the  amount  of
+       workspace  it is given.  However, it is possible to write patterns with
+       runaway    infinite    recursions;    such    patterns    will    cause
+       pcre[16|32]_dfa_exec()  to  run  out  of stack. At present, there is no
+       protection against this.
+
+       The comments that follow do NOT apply to  pcre[16|32]_dfa_exec();  they
+       are relevant only for pcre[16|32]_exec() without the JIT optimization.
+
+   Reducing pcre[16|32]_exec()'s stack usage
+
+       Each  time  that match() is actually called recursively, it uses memory
+       from the process stack. For certain kinds of  pattern  and  data,  very
+       large  amounts of stack may be needed, despite the recognition of "tail
+       recursion".  You can often reduce the amount of recursion,  and  there-
+       fore  the  amount of stack used, by modifying the pattern that is being
+       matched. Consider, for example, this pattern:
+
+         ([^<]|<(?!inet))+
+
+       It matches from wherever it starts until it encounters "<inet"  or  the
+       end  of  the  data,  and is the kind of pattern that might be used when
+       processing an XML file. Each iteration of the outer parentheses matches
+       either  one  character that is not "<" or a "<" that is not followed by
+       "inet". However, each time a  parenthesis  is  processed,  a  recursion
+       occurs, so this formulation uses a stack frame for each matched charac-
+       ter. For a long string, a lot of stack is required. Consider  now  this
+       rewritten pattern, which matches exactly the same strings:
+
+         ([^<]++|<(?!inet))+
+
+       This  uses very much less stack, because runs of characters that do not
+       contain "<" are "swallowed" in one item inside the parentheses.  Recur-
+       sion  happens  only when a "<" character that is not followed by "inet"
+       is encountered (and we assume this is relatively  rare).  A  possessive
+       quantifier  is  used  to stop any backtracking into the runs of non-"<"
+       characters, but that is not related to stack usage.
+
+       This example shows that one way of avoiding stack problems when  match-
+       ing long subject strings is to write repeated parenthesized subpatterns
+       to match more than one character whenever possible.
+
+   Compiling PCRE to use heap instead of stack for pcre[16|32]_exec()
+
+       In environments where stack memory is constrained, you  might  want  to
+       compile  PCRE to use heap memory instead of stack for remembering back-
+       up points when pcre[16|32]_exec() is running. This makes it run  a  lot
+       more slowly, however.  Details of how to do this are given in the pcre-
+       build documentation. When built in  this  way,  instead  of  using  the
+       stack,  PCRE obtains and frees memory by calling the functions that are
+       pointed to by the pcre[16|32]_stack_malloc  and  pcre[16|32]_stack_free
+       variables.  By default, these point to malloc() and free(), but you can
+       replace the pointers to cause PCRE to use your own functions. Since the
+       block sizes are always the same, and are always freed in reverse order,
+       it may be possible to implement customized  memory  handlers  that  are
+       more efficient than the standard functions.
+
+   Limiting pcre[16|32]_exec()'s stack usage
+
+       You  can set limits on the number of times that match() is called, both
+       in total and recursively. If a limit  is  exceeded,  pcre[16|32]_exec()
+       returns  an  error code. Setting suitable limits should prevent it from
+       running out of stack. The default values of the limits are very  large,
+       and  unlikely  ever to operate. They can be changed when PCRE is built,
+       and they can also be set when pcre[16|32]_exec() is called. For details
+       of these interfaces, see the pcrebuild documentation and the section on
+       extra data for pcre[16|32]_exec() in the pcreapi documentation.
+
+       As a very rough rule of thumb, you should reckon on about 500 bytes per
+       recursion.  Thus,  if  you  want  to limit your stack usage to 8Mb, you
+       should set the limit at 16000 recursions. A 64Mb stack,  on  the  other
+       hand, can support around 128000 recursions.
+
+       In Unix-like environments, the pcretest test program has a command line
+       option (-S) that can be used to increase the size of its stack. As long
+       as  the  stack is large enough, another option (-M) can be used to find
+       the smallest limits that allow a particular pattern to  match  a  given
+       subject  string.  This is done by calling pcre[16|32]_exec() repeatedly
+       with different limits.
+
+   Obtaining an estimate of stack usage
+
+       The actual amount of stack used per recursion can  vary  quite  a  lot,
+       depending on the compiler that was used to build PCRE and the optimiza-
+       tion or debugging options that were set for it. The rule of thumb value
+       of  500  bytes  mentioned  above  may be larger or smaller than what is
+       actually needed. A better approximation can be obtained by running this
+       command:
+
+         pcretest -m -C
+
+       The  -C  option causes pcretest to output information about the options
+       with which PCRE was compiled. When -m is also given (before -C), infor-
+       mation about stack use is given in a line like this:
+
+         Match recursion uses stack: approximate frame size = 640 bytes
+
+       The value is approximate because some recursions need a bit more (up to
+       perhaps 16 more bytes).
+
+       If the above command is given when PCRE is compiled  to  use  the  heap
+       instead  of  the  stack  for recursion, the value that is output is the
+       size of each block that is obtained from the heap.
+
+   Changing stack size in Unix-like systems
+
+       In Unix-like environments, there is not often a problem with the  stack
+       unless  very  long  strings  are  involved, though the default limit on
+       stack size varies from system to system. Values from 8Mb  to  64Mb  are
+       common. You can find your default limit by running the command:
+
+         ulimit -s
+
+       Unfortunately,  the  effect  of  running out of stack is often SIGSEGV,
+       though sometimes a more explicit error message is given. You  can  nor-
+       mally increase the limit on stack size by code such as this:
+
+         struct rlimit rlim;
+         getrlimit(RLIMIT_STACK, &rlim);
+         rlim.rlim_cur = 100*1024*1024;
+         setrlimit(RLIMIT_STACK, &rlim);
+
+       This  reads  the current limits (soft and hard) using getrlimit(), then
+       attempts to increase the soft limit to  100Mb  using  setrlimit().  You
+       must do this before calling pcre[16|32]_exec().
+
+   Changing stack size in Mac OS X
+
+       Using setrlimit(), as described above, should also work on Mac OS X. It
+       is also possible to set a stack size when linking a program. There is a
+       discussion   about   stack  sizes  in  Mac  OS  X  at  this  web  site:
+       http://developer.apple.com/qa/qa2005/qa1419.html.
+
+
+AUTHOR
+
+       Philip Hazel
+       University Computing Service
+       Cambridge CB2 3QH, England.
+
+
+REVISION
+
+       Last updated: 24 June 2012
+       Copyright (c) 1997-2012 University of Cambridge.
+------------------------------------------------------------------------------
+
+
diff --git a/client/3rd/ShadowSocks/ShadowSocks/pcre/armv7s/share/doc/pcre/pcregrep.txt b/client/3rd/ShadowSocks/ShadowSocks/pcre/armv7s/share/doc/pcre/pcregrep.txt
new file mode 100644
index 00000000..97d9a7bd
--- /dev/null
+++ b/client/3rd/ShadowSocks/ShadowSocks/pcre/armv7s/share/doc/pcre/pcregrep.txt
@@ -0,0 +1,741 @@
+PCREGREP(1)                 General Commands Manual                PCREGREP(1)
+
+
+
+NAME
+       pcregrep - a grep with Perl-compatible regular expressions.
+
+SYNOPSIS
+       pcregrep [options] [long options] [pattern] [path1 path2 ...]
+
+
+DESCRIPTION
+
+       pcregrep  searches  files  for  character  patterns, in the same way as
+       other grep commands do, but it uses the PCRE regular expression library
+       to support patterns that are compatible with the regular expressions of
+       Perl 5. See pcresyntax(3) for a quick-reference summary of pattern syn-
+       tax,  or pcrepattern(3) for a full description of the syntax and seman-
+       tics of the regular expressions that PCRE supports.
+
+       Patterns, whether supplied on the command line or in a  separate  file,
+       are given without delimiters. For example:
+
+         pcregrep Thursday /etc/motd
+
+       If you attempt to use delimiters (for example, by surrounding a pattern
+       with slashes, as is common in Perl scripts), they  are  interpreted  as
+       part  of  the pattern. Quotes can of course be used to delimit patterns
+       on the command line because they are  interpreted  by  the  shell,  and
+       indeed  quotes  are required if a pattern contains white space or shell
+       metacharacters.
+
+       The first argument that follows any option settings is treated  as  the
+       single  pattern  to be matched when neither -e nor -f is present.  Con-
+       versely, when one or both of these options are  used  to  specify  pat-
+       terns, all arguments are treated as path names. At least one of -e, -f,
+       or an argument pattern must be provided.
+
+       If no files are specified, pcregrep reads the standard input. The stan-
+       dard  input  can  also  be  referenced by a name consisting of a single
+       hyphen.  For example:
+
+         pcregrep some-pattern /file1 - /file3
+
+       By default, each line that matches a pattern is copied to the  standard
+       output,  and if there is more than one file, the file name is output at
+       the start of each line, followed by a colon. However, there are options
+       that  can  change  how  pcregrep  behaves. In particular, the -M option
+       makes it possible to search for patterns  that  span  line  boundaries.
+       What  defines  a  line  boundary  is  controlled  by the -N (--newline)
+       option.
+
+       The amount of memory used for buffering files that are being scanned is
+       controlled  by a parameter that can be set by the --buffer-size option.
+       The default value for this parameter  is  specified  when  pcregrep  is
+       built,  with  the  default  default  being 20K. A block of memory three
+       times this size is used (to allow for buffering  "before"  and  "after"
+       lines). An error occurs if a line overflows the buffer.
+
+       Patterns  can  be  no  longer than 8K or BUFSIZ bytes, whichever is the
+       greater.  BUFSIZ is defined in <stdio.h>. When there is more  than  one
+       pattern (specified by the use of -e and/or -f), each pattern is applied
+       to each line in the order in which they are defined,  except  that  all
+       the -e patterns are tried before the -f patterns.
+
+       By  default, as soon as one pattern matches a line, no further patterns
+       are considered. However, if --colour (or --color) is used to colour the
+       matching  substrings, or if --only-matching, --file-offsets, or --line-
+       offsets is used to output only  the  part  of  the  line  that  matched
+       (either shown literally, or as an offset), scanning resumes immediately
+       following the match, so that further matches on the same  line  can  be
+       found.  If  there  are  multiple  patterns,  they  are all tried on the
+       remainder of the line, but patterns that follow the  one  that  matched
+       are not tried on the earlier part of the line.
+
+       This  behaviour  means  that  the  order in which multiple patterns are
+       specified can affect the output when one of the above options is  used.
+       This  is no longer the same behaviour as GNU grep, which now manages to
+       display earlier matches for later patterns (as  long  as  there  is  no
+       overlap).
+
+       Patterns  that can match an empty string are accepted, but empty string
+       matches   are   never   recognized.   An   example   is   the   pattern
+       "(super)?(man)?",  in  which  all components are optional. This pattern
+       finds all occurrences of both "super" and  "man";  the  output  differs
+       from  matching  with  "super|man" when only the matching substrings are
+       being shown.
+
+       If the LC_ALL or LC_CTYPE environment variable is  set,  pcregrep  uses
+       the  value to set a locale when calling the PCRE library.  The --locale
+       option can be used to override this.
+
+
+SUPPORT FOR COMPRESSED FILES
+
+       It is possible to compile pcregrep so that it uses libz  or  libbz2  to
+       read  files  whose names end in .gz or .bz2, respectively. You can find
+       out whether your binary has support for one or both of these file types
+       by running it with the --help option. If the appropriate support is not
+       present, files are treated as plain text. The standard input is  always
+       so treated.
+
+
+BINARY FILES
+
+       By  default,  a  file that contains a binary zero byte within the first
+       1024 bytes is identified as a binary file, and is processed  specially.
+       (GNU  grep  also  identifies  binary  files  in  this  manner.) See the
+       --binary-files option for a means of changing the way binary files  are
+       handled.
+
+
+OPTIONS
+
+       The  order  in  which some of the options appear can affect the output.
+       For example, both the -h and -l options affect  the  printing  of  file
+       names.  Whichever  comes later in the command line will be the one that
+       takes effect. Similarly, except where noted  below,  if  an  option  is
+       given  twice,  the  later setting is used. Numerical values for options
+       may be followed by K  or  M,  to  signify  multiplication  by  1024  or
+       1024*1024 respectively.
+
+       --        This terminates the list of options. It is useful if the next
+                 item on the command line starts with a hyphen but is  not  an
+                 option.  This allows for the processing of patterns and file-
+                 names that start with hyphens.
+
+       -A number, --after-context=number
+                 Output number lines of context after each matching  line.  If
+                 filenames and/or line numbers are being output, a hyphen sep-
+                 arator is used instead of a colon for the  context  lines.  A
+                 line  containing  "--" is output between each group of lines,
+                 unless they are in fact contiguous in  the  input  file.  The
+                 value  of number is expected to be relatively small. However,
+                 pcregrep guarantees to have up to 8K of following text avail-
+                 able for context output.
+
+       -a, --text
+                 Treat  binary  files as text. This is equivalent to --binary-
+                 files=text.
+
+       -B number, --before-context=number
+                 Output number lines of context before each matching line.  If
+                 filenames and/or line numbers are being output, a hyphen sep-
+                 arator is used instead of a colon for the  context  lines.  A
+                 line  containing  "--" is output between each group of lines,
+                 unless they are in fact contiguous in  the  input  file.  The
+                 value  of number is expected to be relatively small. However,
+                 pcregrep guarantees to have up to 8K of preceding text avail-
+                 able for context output.
+
+       --binary-files=word
+                 Specify  how binary files are to be processed. If the word is
+                 "binary" (the default),  pattern  matching  is  performed  on
+                 binary  files,  but  the  only  output is "Binary file <name>
+                 matches" when a match succeeds. If the word is "text",  which
+                 is  equivalent  to  the -a or --text option, binary files are
+                 processed in the same way as any other file.  In  this  case,
+                 when  a  match  succeeds,  the  output may be binary garbage,
+                 which can have nasty effects if sent to a  terminal.  If  the
+                 word  is  "without-match",  which  is  equivalent  to  the -I
+                 option, binary files are  not  processed  at  all;  they  are
+                 assumed not to be of interest.
+
+       --buffer-size=number
+                 Set  the  parameter that controls how much memory is used for
+                 buffering files that are being scanned.
+
+       -C number, --context=number
+                 Output number lines of context both  before  and  after  each
+                 matching  line.  This is equivalent to setting both -A and -B
+                 to the same value.
+
+       -c, --count
+                 Do not output individual lines from the files that are  being
+                 scanned; instead output the number of lines that would other-
+                 wise have been shown. If no lines are  selected,  the  number
+                 zero  is  output.  If  several files are are being scanned, a
+                 count is output for each of them. However,  if  the  --files-
+                 with-matches  option  is  also  used,  only those files whose
+                 counts are greater than zero are listed. When -c is used, the
+                 -A, -B, and -C options are ignored.
+
+       --colour, --color
+                 If this option is given without any data, it is equivalent to
+                 "--colour=auto".  If data is required, it must  be  given  in
+                 the same shell item, separated by an equals sign.
+
+       --colour=value, --color=value
+                 This option specifies under what circumstances the parts of a
+                 line that matched a pattern should be coloured in the output.
+                 By  default,  the output is not coloured. The value (which is
+                 optional, see above) may be "never", "always", or "auto".  In
+                 the  latter case, colouring happens only if the standard out-
+                 put is connected to a terminal. More resources are used  when
+                 colouring  is enabled, because pcregrep has to search for all
+                 possible matches in a line, not just one, in order to  colour
+                 them all.
+
+                 The colour that is used can be specified by setting the envi-
+                 ronment variable PCREGREP_COLOUR or PCREGREP_COLOR. The value
+                 of this variable should be a string of two numbers, separated
+                 by a semicolon. They are copied  directly  into  the  control
+                 string  for  setting  colour  on  a  terminal,  so it is your
+                 responsibility to ensure that they make sense. If neither  of
+                 the  environment  variables  is  set,  the default is "1;31",
+                 which gives red.
+
+       -D action, --devices=action
+                 If an input path is  not  a  regular  file  or  a  directory,
+                 "action"  specifies  how  it is to be processed. Valid values
+                 are "read" (the default) or "skip" (silently skip the path).
+
+       -d action, --directories=action
+                 If an input path is a directory, "action" specifies how it is
+                 to  be  processed.   Valid  values are "read" (the default in
+                 non-Windows environments, for compatibility with  GNU  grep),
+                 "recurse"  (equivalent to the -r option), or "skip" (silently
+                 skip the path, the default in Windows environments).  In  the
+                 "read"  case,  directories  are read as if they were ordinary
+                 files. In some operating systems  the  effect  of  reading  a
+                 directory like this is an immediate end-of-file; in others it
+                 may provoke an error.
+
+       -e pattern, --regex=pattern, --regexp=pattern
+                 Specify a pattern to be matched. This option can be used mul-
+                 tiple times in order to specify several patterns. It can also
+                 be used as a way of specifying a single pattern  that  starts
+                 with  a hyphen. When -e is used, no argument pattern is taken
+                 from the command line; all  arguments  are  treated  as  file
+                 names.  There is no limit to the number of patterns. They are
+                 applied to each line in the order in which they  are  defined
+                 until one matches.
+
+                 If  -f is used with -e, the command line patterns are matched
+                 first, followed by the patterns from the file(s), independent
+                 of  the order in which these options are specified. Note that
+                 multiple use of -e is not the same as a single  pattern  with
+                 alternatives. For example, X|Y finds the first character in a
+                 line that is X or Y, whereas if the two  patterns  are  given
+                 separately,  with X first, pcregrep finds X if it is present,
+                 even if it follows Y in the line. It finds Y only if there is
+                 no  X  in  the line. This matters only if you are using -o or
+                 --colo(u)r to show the part(s) of the line that matched.
+
+       --exclude=pattern
+                 Files (but not directories) whose names match the pattern are
+                 skipped  without  being processed. This applies to all files,
+                 whether listed on the command  line,  obtained  from  --file-
+                 list, or by scanning a directory. The pattern is a PCRE regu-
+                 lar expression, and is matched against the final component of
+                 the  file  name,  not  the  entire  path.  The -F, -w, and -x
+                 options do not apply to this pattern. The option may be given
+                 any number of times in order to specify multiple patterns. If
+                 a file name matches both an --include and an  --exclude  pat-
+                 tern, it is excluded. There is no short form for this option.
+
+       --exclude-from=filename
+                 Treat  each  non-empty  line  of  the file as the data for an
+                 --exclude option. What constitutes a newline when reading the
+                 file  is the operating system's default. The --newline option
+                 has no effect on this option. This option may be  given  more
+                 than once in order to specify a number of files to read.
+
+       --exclude-dir=pattern
+                 Directories whose names match the pattern are skipped without
+                 being processed, whatever  the  setting  of  the  --recursive
+                 option.  This  applies  to all directories, whether listed on
+                 the command line, obtained from --file-list, or by scanning a
+                 parent  directory.  The pattern is a PCRE regular expression,
+                 and is matched against the final component of  the  directory
+                 name,  not the entire path. The -F, -w, and -x options do not
+                 apply to this pattern. The option may be given any number  of
+                 times  in order to specify more than one pattern. If a direc-
+                 tory matches both  --include-dir  and  --exclude-dir,  it  is
+                 excluded. There is no short form for this option.
+
+       -F, --fixed-strings
+                 Interpret  each  data-matching  pattern  as  a  list of fixed
+                 strings, separated by  newlines,  instead  of  as  a  regular
+                 expression.  What  constitutes  a newline for this purpose is
+                 controlled by the --newline option. The -w (match as a  word)
+                 and  -x (match whole line) options can be used with -F.  They
+                 apply to each of the fixed strings. A line is selected if any
+                 of the fixed strings are found in it (subject to -w or -x, if
+                 present). This option applies only to the patterns  that  are
+                 matched  against  the contents of files; it does not apply to
+                 patterns specified by  any  of  the  --include  or  --exclude
+                 options.
+
+       -f filename, --file=filename
+                 Read  patterns  from  the  file, one per line, and match them
+                 against each line of input. What constitutes a  newline  when
+                 reading  the  file  is  the  operating  system's default. The
+                 --newline option has no effect on this option. Trailing white
+                 space is removed from each line, and blank lines are ignored.
+                 An empty file contains  no  patterns  and  therefore  matches
+                 nothing. See also the comments about multiple patterns versus
+                 a single pattern with alternatives in the description  of  -e
+                 above.
+
+                 If  this  option  is  given more than once, all the specified
+                 files are read. A data line is output if any of the  patterns
+                 match  it.  A  filename  can  be given as "-" to refer to the
+                 standard input. When -f is used, patterns  specified  on  the
+                 command  line  using  -e may also be present; they are tested
+                 before the file's patterns.  However,  no  other  pattern  is
+                 taken from the command line; all arguments are treated as the
+                 names of paths to be searched.
+
+       --file-list=filename
+                 Read a list of  files  and/or  directories  that  are  to  be
+                 scanned  from  the  given  file, one per line. Trailing white
+                 space is removed from each line, and blank lines are ignored.
+                 These  paths  are processed before any that are listed on the
+                 command line. The filename can be given as "-"  to  refer  to
+                 the standard input.  If --file and --file-list are both spec-
+                 ified as "-", patterns are read first. This  is  useful  only
+                 when  the  standard  input  is a terminal, from which further
+                 lines (the list of files) can be read  after  an  end-of-file
+                 indication.  If  this option is given more than once, all the
+                 specified files are read.
+
+       --file-offsets
+                 Instead of showing lines or parts of lines that  match,  show
+                 each  match  as  an  offset  from the start of the file and a
+                 length, separated by a comma. In this  mode,  no  context  is
+                 shown.  That  is,  the -A, -B, and -C options are ignored. If
+                 there is more than one match in a line, each of them is shown
+                 separately.  This  option  is mutually exclusive with --line-
+                 offsets and --only-matching.
+
+       -H, --with-filename
+                 Force the inclusion of the filename at the  start  of  output
+                 lines  when searching a single file. By default, the filename
+                 is not shown in this case. For matching lines,  the  filename
+                 is followed by a colon; for context lines, a hyphen separator
+                 is used. If a line number is also being  output,  it  follows
+                 the file name.
+
+       -h, --no-filename
+                 Suppress  the output filenames when searching multiple files.
+                 By default, filenames  are  shown  when  multiple  files  are
+                 searched.  For  matching lines, the filename is followed by a
+                 colon; for context lines, a hyphen separator is used.   If  a
+                 line number is also being output, it follows the file name.
+
+       --help    Output  a  help  message, giving brief details of the command
+                 options and file type support, and then exit.  Anything  else
+                 on the command line is ignored.
+
+       -I        Treat  binary  files as never matching. This is equivalent to
+                 --binary-files=without-match.
+
+       -i, --ignore-case
+                 Ignore upper/lower case distinctions during comparisons.
+
+       --include=pattern
+                 If any --include patterns are specified, the only files  that
+                 are  processed  are those that match one of the patterns (and
+                 do not match an --exclude  pattern).  This  option  does  not
+                 affect  directories,  but  it  applies  to all files, whether
+                 listed on the command line, obtained from --file-list, or  by
+                 scanning  a  directory. The pattern is a PCRE regular expres-
+                 sion, and is matched against the final component of the  file
+                 name,  not the entire path. The -F, -w, and -x options do not
+                 apply to this pattern. The option may be given any number  of
+                 times.  If  a  file  name  matches  both  an --include and an
+                 --exclude pattern, it is excluded.  There is  no  short  form
+                 for this option.
+
+       --include-from=filename
+                 Treat  each  non-empty  line  of  the file as the data for an
+                 --include option. What constitutes a newline for this purpose
+                 is  the  operating system's default. The --newline option has
+                 no effect on this option. This option may be given any number
+                 of times; all the files are read.
+
+       --include-dir=pattern
+                 If  any --include-dir patterns are specified, the only direc-
+                 tories that are processed are those that  match  one  of  the
+                 patterns  (and  do  not match an --exclude-dir pattern). This
+                 applies to all directories, whether  listed  on  the  command
+                 line,  obtained  from  --file-list,  or  by scanning a parent
+                 directory. The pattern is a PCRE regular expression,  and  is
+                 matched  against  the  final component of the directory name,
+                 not the entire path. The -F, -w, and -x options do not  apply
+                 to this pattern. The option may be given any number of times.
+                 If a directory matches both --include-dir and  --exclude-dir,
+                 it is excluded. There is no short form for this option.
+
+       -L, --files-without-match
+                 Instead  of  outputting lines from the files, just output the
+                 names of the files that do not contain any lines  that  would
+                 have  been  output. Each file name is output once, on a sepa-
+                 rate line.
+
+       -l, --files-with-matches
+                 Instead of outputting lines from the files, just  output  the
+                 names of the files containing lines that would have been out-
+                 put. Each file name is  output  once,  on  a  separate  line.
+                 Searching  normally stops as soon as a matching line is found
+                 in a file. However, if the -c (count) option  is  also  used,
+                 matching  continues in order to obtain the correct count, and
+                 those files that have at least one  match  are  listed  along
+                 with their counts. Using this option with -c is a way of sup-
+                 pressing the listing of files with no matches.
+
+       --label=name
+                 This option supplies a name to be used for the standard input
+                 when file names are being output. If not supplied, "(standard
+                 input)" is used. There is no short form for this option.
+
+       --line-buffered
+                 When this option is given, input is read and  processed  line
+                 by  line,  and  the  output  is  flushed after each write. By
+                 default, input is read in large chunks, unless  pcregrep  can
+                 determine  that  it is reading from a terminal (which is cur-
+                 rently possible only in Unix-like  environments).  Output  to
+                 terminal  is  normally automatically flushed by the operating
+                 system. This option can be useful when the input or output is
+                 attached  to a pipe and you do not want pcregrep to buffer up
+                 large amounts of data. However, its use will  affect  perfor-
+                 mance, and the -M (multiline) option ceases to work.
+
+       --line-offsets
+                 Instead  of  showing lines or parts of lines that match, show
+                 each match as a line number, the offset from the start of the
+                 line,  and a length. The line number is terminated by a colon
+                 (as usual; see the -n option), and the offset and length  are
+                 separated  by  a  comma.  In  this mode, no context is shown.
+                 That is, the -A, -B, and -C options are ignored. If there  is
+                 more  than  one  match in a line, each of them is shown sepa-
+                 rately. This option is mutually exclusive with --file-offsets
+                 and --only-matching.
+
+       --locale=locale-name
+                 This  option specifies a locale to be used for pattern match-
+                 ing. It overrides the value in the LC_ALL or  LC_CTYPE  envi-
+                 ronment  variables.  If  no  locale  is  specified,  the PCRE
+                 library's default (usually the "C" locale) is used. There  is
+                 no short form for this option.
+
+       --match-limit=number
+                 Processing  some  regular  expression  patterns can require a
+                 very large amount of memory, leading in some cases to a  pro-
+                 gram  crash  if  not enough is available.  Other patterns may
+                 take a very long time to search  for  all  possible  matching
+                 strings.  The pcre_exec() function that is called by pcregrep
+                 to do the matching has two  parameters  that  can  limit  the
+                 resources that it uses.
+
+                 The   --match-limit  option  provides  a  means  of  limiting
+                 resource usage when processing patterns that are not going to
+                 match, but which have a very large number of possibilities in
+                 their search trees. The classic example  is  a  pattern  that
+                 uses  nested unlimited repeats. Internally, PCRE uses a func-
+                 tion called match()  which  it  calls  repeatedly  (sometimes
+                 recursively).  The  limit  set by --match-limit is imposed on
+                 the number of times this function is called during  a  match,
+                 which  has  the effect of limiting the amount of backtracking
+                 that can take place.
+
+                 The --recursion-limit option is similar to --match-limit, but
+                 instead of limiting the total number of times that match() is
+                 called, it limits the depth of recursive calls, which in turn
+                 limits  the  amount of memory that can be used. The recursion
+                 depth is a smaller number than the  total  number  of  calls,
+                 because not all calls to match() are recursive. This limit is
+                 of use only if it is set smaller than --match-limit.
+
+                 There are no short forms for these options. The default  set-
+                 tings  are  specified when the PCRE library is compiled, with
+                 the default default being 10 million.
+
+       -M, --multiline
+                 Allow patterns to match more than one line. When this  option
+                 is given, patterns may usefully contain literal newline char-
+                 acters and internal occurrences of ^ and  $  characters.  The
+                 output  for  a  successful match may consist of more than one
+                 line, the last of which is the one in which the match  ended.
+                 If the matched string ends with a newline sequence the output
+                 ends at the end of that line.
+
+                 When this option is set, the PCRE library is called in  "mul-
+                 tiline"  mode.   There is a limit to the number of lines that
+                 can be matched, imposed by the way that pcregrep buffers  the
+                 input  file as it scans it. However, pcregrep ensures that at
+                 least 8K characters or the rest of the document (whichever is
+                 the  shorter)  are  available for forward matching, and simi-
+                 larly the previous 8K characters (or all the previous charac-
+                 ters,  if  fewer  than 8K) are guaranteed to be available for
+                 lookbehind assertions. This option does not work  when  input
+                 is read line by line (see --line-buffered.)
+
+       -N newline-type, --newline=newline-type
+                 The  PCRE  library  supports  five  different conventions for
+                 indicating the ends of lines. They are  the  single-character
+                 sequences  CR  (carriage  return) and LF (linefeed), the two-
+                 character sequence CRLF, an "anycrlf" convention, which  rec-
+                 ognizes  any  of the preceding three types, and an "any" con-
+                 vention, in which any Unicode line ending sequence is assumed
+                 to  end a line. The Unicode sequences are the three just men-
+                 tioned, plus  VT  (vertical  tab,  U+000B),  FF  (form  feed,
+                 U+000C),   NEL  (next  line,  U+0085),  LS  (line  separator,
+                 U+2028), and PS (paragraph separator, U+2029).
+
+                 When  the  PCRE  library  is  built,  a  default  line-ending
+                 sequence   is  specified.   This  is  normally  the  standard
+                 sequence for the operating system. Unless otherwise specified
+                 by  this  option,  pcregrep  uses the library's default.  The
+                 possible values for this option are CR, LF, CRLF, ANYCRLF, or
+                 ANY.  This  makes  it  possible to use pcregrep to scan files
+                 that have come from other environments without having to mod-
+                 ify  their  line  endings.  If the data that is being scanned
+                 does not agree with the convention set by this option,  pcre-
+                 grep  may  behave in strange ways. Note that this option does
+                 not apply to files specified by the  -f,  --exclude-from,  or
+                 --include-from options, which are expected to use the operat-
+                 ing system's standard newline sequence.
+
+       -n, --line-number
+                 Precede each output line by its line number in the file, fol-
+                 lowed  by  a colon for matching lines or a hyphen for context
+                 lines. If the filename is also being output, it precedes  the
+                 line number. This option is forced if --line-offsets is used.
+
+       --no-jit  If  the  PCRE  library is built with support for just-in-time
+                 compiling (which speeds up matching), pcregrep  automatically
+                 makes use of this, unless it was explicitly disabled at build
+                 time. This option can be used to disable the use  of  JIT  at
+                 run  time. It is provided for testing and working round prob-
+                 lems.  It should never be needed in normal use.
+
+       -o, --only-matching
+                 Show only the part of the line that matched a pattern instead
+                 of  the  whole  line. In this mode, no context is shown. That
+                 is, the -A, -B, and -C options are ignored. If there is  more
+                 than  one  match in a line, each of them is shown separately.
+                 If -o is combined with -v (invert the sense of the  match  to
+                 find  non-matching  lines),  no  output is generated, but the
+                 return code is set appropriately. If the matched  portion  of
+                 the  line is empty, nothing is output unless the file name or
+                 line number are being printed, in which case they  are  shown
+                 on an otherwise empty line. This option is mutually exclusive
+                 with --file-offsets and --line-offsets.
+
+       -onumber, --only-matching=number
+                 Show only the part of the line  that  matched  the  capturing
+                 parentheses of the given number. Up to 32 capturing parenthe-
+                 ses are supported, and -o0 is equivalent to -o without a num-
+                 ber.  Because  these options can be given without an argument
+                 (see above), if an argument is present, it must be  given  in
+                 the  same  shell item, for example, -o3 or --only-matching=2.
+                 The comments given for the non-argument case above also apply
+                 to  this  case. If the specified capturing parentheses do not
+                 exist in the pattern, or were not set in the  match,  nothing
+                 is  output  unless  the  file  name  or line number are being
+                 printed.
+
+                 If this option is given multiple times,  multiple  substrings
+                 are  output, in the order the options are given. For example,
+                 -o3 -o1 -o3 causes the substrings matched by capturing paren-
+                 theses  3  and  1  and then 3 again to be output. By default,
+                 there is no separator (but see the next option).
+
+       --om-separator=text
+                 Specify a separating string for multiple occurrences  of  -o.
+                 The  default is an empty string. Separating strings are never
+                 coloured.
+
+       -q, --quiet
+                 Work quietly, that is, display nothing except error messages.
+                 The  exit  status  indicates  whether or not any matches were
+                 found.
+
+       -r, --recursive
+                 If any given path is a directory, recursively scan the  files
+                 it  contains, taking note of any --include and --exclude set-
+                 tings. By default, a directory is read as a normal  file;  in
+                 some  operating  systems this gives an immediate end-of-file.
+                 This option is a shorthand  for  setting  the  -d  option  to
+                 "recurse".
+
+       --recursion-limit=number
+                 See --match-limit above.
+
+       -s, --no-messages
+                 Suppress  error  messages  about  non-existent  or unreadable
+                 files. Such files are quietly skipped.  However,  the  return
+                 code is still 2, even if matches were found in other files.
+
+       -u, --utf-8
+                 Operate  in UTF-8 mode. This option is available only if PCRE
+                 has been compiled with UTF-8 support. All patterns (including
+                 those  for  any --exclude and --include options) and all sub-
+                 ject lines that are scanned must be valid  strings  of  UTF-8
+                 characters.
+
+       -V, --version
+                 Write the version numbers of pcregrep and the PCRE library to
+                 the standard output and then exit. Anything else on the  com-
+                 mand line is ignored.
+
+       -v, --invert-match
+                 Invert  the  sense  of  the match, so that lines which do not
+                 match any of the patterns are the ones that are found.
+
+       -w, --word-regex, --word-regexp
+                 Force the patterns to match only whole words. This is equiva-
+                 lent  to  having \b at the start and end of the pattern. This
+                 option applies only to the patterns that are matched  against
+                 the  contents  of files; it does not apply to patterns speci-
+                 fied by any of the --include or --exclude options.
+
+       -x, --line-regex, --line-regexp
+                 Force the patterns to be anchored (each must  start  matching
+                 at  the beginning of a line) and in addition, require them to
+                 match entire lines. This is equivalent  to  having  ^  and  $
+                 characters at the start and end of each alternative branch in
+                 every pattern. This option applies only to the patterns  that
+                 are  matched against the contents of files; it does not apply
+                 to patterns specified by any of the  --include  or  --exclude
+                 options.
+
+
+ENVIRONMENT VARIABLES
+
+       The  environment  variables  LC_ALL  and LC_CTYPE are examined, in that
+       order, for a locale. The first one that is set is  used.  This  can  be
+       overridden  by  the  --locale  option.  If  no  locale is set, the PCRE
+       library's default (usually the "C" locale) is used.
+
+
+NEWLINES
+
+       The -N (--newline) option allows pcregrep to scan files with  different
+       newline conventions from the default. Any parts of the input files that
+       are written to the standard output are copied identically,  with  what-
+       ever  newline sequences they have in the input. However, the setting of
+       this option does not affect the interpretation of  files  specified  by
+       the -f, --exclude-from, or --include-from options, which are assumed to
+       use the operating system's  standard  newline  sequence,  nor  does  it
+       affect  the  way in which pcregrep writes informational messages to the
+       standard error and output streams. For these it uses the string "\n" to
+       indicate  newlines,  relying on the C I/O library to convert this to an
+       appropriate sequence.
+
+
+OPTIONS COMPATIBILITY
+
+       Many of the short and long forms of pcregrep's options are the same  as
+       in  the GNU grep program. Any long option of the form --xxx-regexp (GNU
+       terminology) is also available as --xxx-regex (PCRE terminology).  How-
+       ever,  the  --file-list, --file-offsets, --include-dir, --line-offsets,
+       --locale, --match-limit, -M, --multiline, -N,  --newline,  --om-separa-
+       tor,  --recursion-limit,  -u, and --utf-8 options are specific to pcre-
+       grep, as is the use of the  --only-matching  option  with  a  capturing
+       parentheses number.
+
+       Although  most  of the common options work the same way, a few are dif-
+       ferent in pcregrep. For example, the --include option's argument  is  a
+       glob  for  GNU grep, but a regular expression for pcregrep. If both the
+       -c and -l options are given, GNU grep lists only  file  names,  without
+       counts, but pcregrep gives the counts.
+
+
+OPTIONS WITH DATA
+
+       There are four different ways in which an option with data can be spec-
+       ified.  If a short form option is used, the  data  may  follow  immedi-
+       ately, or (with one exception) in the next command line item. For exam-
+       ple:
+
+         -f/some/file
+         -f /some/file
+
+       The exception is the -o option, which may appear with or without  data.
+       Because  of this, if data is present, it must follow immediately in the
+       same item, for example -o3.
+
+       If a long form option is used, the data may appear in the same  command
+       line  item,  separated by an equals character, or (with two exceptions)
+       it may appear in the next command line item. For example:
+
+         --file=/some/file
+         --file /some/file
+
+       Note, however, that if you want to supply a file name beginning with  ~
+       as  data  in  a  shell  command,  and have the shell expand ~ to a home
+       directory, you must separate the file name from the option, because the
+       shell does not treat ~ specially unless it is at the start of an item.
+
+       The  exceptions  to the above are the --colour (or --color) and --only-
+       matching options, for which the data  is  optional.  If  one  of  these
+       options  does  have  data, it must be given in the first form, using an
+       equals character. Otherwise pcregrep will assume that it has no data.
+
+
+MATCHING ERRORS
+
+       It is possible to supply a regular expression that takes  a  very  long
+       time  to  fail  to  match certain lines. Such patterns normally involve
+       nested indefinite repeats, for example: (a+)*\d when matched against  a
+       line  of  a's  with  no  final  digit. The PCRE matching function has a
+       resource limit that causes it to abort in these circumstances. If  this
+       happens, pcregrep outputs an error message and the line that caused the
+       problem to the standard error stream. If there are more  than  20  such
+       errors, pcregrep gives up.
+
+       The  --match-limit  option  of  pcregrep can be used to set the overall
+       resource limit; there is a second option called --recursion-limit  that
+       sets  a limit on the amount of memory (usually stack) that is used (see
+       the discussion of these options above).
+
+
+DIAGNOSTICS
+
+       Exit status is 0 if any matches were found, 1 if no matches were found,
+       and  2  for syntax errors, overlong lines, non-existent or inaccessible
+       files (even if matches were found in other files) or too many  matching
+       errors. Using the -s option to suppress error messages about inaccessi-
+       ble files does not affect the return code.
+
+
+SEE ALSO
+
+       pcrepattern(3), pcresyntax(3), pcretest(1).
+
+
+AUTHOR
+
+       Philip Hazel
+       University Computing Service
+       Cambridge CB2 3QH, England.
+
+
+REVISION
+
+       Last updated: 03 April 2014
+       Copyright (c) 1997-2014 University of Cambridge.
diff --git a/client/3rd/ShadowSocks/ShadowSocks/pcre/armv7s/share/doc/pcre/pcretest.txt b/client/3rd/ShadowSocks/ShadowSocks/pcre/armv7s/share/doc/pcre/pcretest.txt
new file mode 100644
index 00000000..6d7305cf
--- /dev/null
+++ b/client/3rd/ShadowSocks/ShadowSocks/pcre/armv7s/share/doc/pcre/pcretest.txt
@@ -0,0 +1,1091 @@
+PCRETEST(1)                 General Commands Manual                PCRETEST(1)
+
+
+
+NAME
+       pcretest - a program for testing Perl-compatible regular expressions.
+
+SYNOPSIS
+
+       pcretest [options] [input file [output file]]
+
+       pcretest  was written as a test program for the PCRE regular expression
+       library itself, but it can also be used for experimenting with  regular
+       expressions.  This document describes the features of the test program;
+       for details of the regular expressions themselves, see the  pcrepattern
+       documentation. For details of the PCRE library function calls and their
+       options, see the pcreapi , pcre16 and pcre32 documentation.
+
+       The input for pcretest is a sequence of regular expression patterns and
+       strings  to be matched, as described below. The output shows the result
+       of each match. Options on the command line  and  the  patterns  control
+       PCRE options and exactly what is output.
+
+       As  PCRE has evolved, it has acquired many different features, and as a
+       result, pcretest now has rather a lot of obscure  options  for  testing
+       every possible feature. Some of these options are specifically designed
+       for use in conjunction with the test script and  data  files  that  are
+       distributed  as  part of PCRE, and are unlikely to be of use otherwise.
+       They are all documented here, but without much justification.
+
+
+INPUT DATA FORMAT
+
+       Input to pcretest is processed line by line, either by  calling  the  C
+       library's fgets() function, or via the libreadline library (see below).
+       In Unix-like environments, fgets() treats any bytes other than  newline
+       as  data characters. However, in some Windows environments character 26
+       (hex 1A) causes an immediate end of file, and no further data is  read.
+       For  maximum  portability,  therefore,  it  is safest to use only ASCII
+       characters in pcretest input files.
+
+       The input is processed using using C's string functions,  so  must  not
+       contain  binary  zeroes, even though in Unix-like environments, fgets()
+       treats any bytes other than newline as data characters.
+
+
+PCRE's 8-BIT, 16-BIT AND 32-BIT LIBRARIES
+
+       From release 8.30, two separate PCRE libraries can be built. The origi-
+       nal  one  supports  8-bit  character  strings, whereas the newer 16-bit
+       library supports  character  strings  encoded  in  16-bit  units.  From
+       release  8.32,  a  third  library  can  be  built, supporting character
+       strings encoded in 32-bit units. The pcretest program can  be  used  to
+       test all three libraries. However, it is itself still an 8-bit program,
+       reading 8-bit input and writing 8-bit output.  When testing the  16-bit
+       or  32-bit  library, the patterns and data strings are converted to 16-
+       or 32-bit format before being passed to  the  PCRE  library  functions.
+       Results are converted to 8-bit for output.
+
+       References to functions and structures of the form pcre[16|32]_xx below
+       mean "pcre_xx when using the 8-bit library, pcre16_xx  when  using  the
+       16-bit library, or pcre32_xx when using the 32-bit library".
+
+
+COMMAND LINE OPTIONS
+
+       -8        If  both the 8-bit library has been built, this option causes
+                 the 8-bit library to be used (which is the default);  if  the
+                 8-bit  library  has  not  been  built,  this option causes an
+                 error.
+
+       -16       If both the 8-bit or the 32-bit,  and  the  16-bit  libraries
+                 have  been built, this option causes the 16-bit library to be
+                 used. If only the 16-bit library has been built, this is  the
+                 default  (so  has no effect). If only the 8-bit or the 32-bit
+                 library has been built, this option causes an error.
+
+       -32       If both the 8-bit or the 16-bit,  and  the  32-bit  libraries
+                 have  been built, this option causes the 32-bit library to be
+                 used. If only the 32-bit library has been built, this is  the
+                 default  (so  has no effect). If only the 8-bit or the 16-bit
+                 library has been built, this option causes an error.
+
+       -b        Behave as if each pattern has the /B (show byte  code)  modi-
+                 fier; the internal form is output after compilation.
+
+       -C        Output the version number of the PCRE library, and all avail-
+                 able  information  about  the  optional  features  that   are
+                 included,  and  then  exit  with  zero  exit  code. All other
+                 options are ignored.
+
+       -C option Output information about a specific build-time  option,  then
+                 exit.  This functionality is intended for use in scripts such
+                 as RunTest. The following options output the  value  and  set
+                 the exit code as indicated:
+
+                   ebcdic-nl  the code for LF (= NL) in an EBCDIC environment:
+                                0x15 or 0x25
+                                0 if used in an ASCII environment
+                                exit code is always 0
+                   linksize   the configured internal link size (2, 3, or 4)
+                                exit code is set to the link size
+                   newline    the default newline setting:
+                                CR, LF, CRLF, ANYCRLF, or ANY
+                                exit code is always 0
+                   bsr        the default setting for what \R matches:
+                                ANYCRLF or ANY
+                                exit code is always 0
+
+                 The  following  options output 1 for true or 0 for false, and
+                 set the exit code to the same value:
+
+                   ebcdic     compiled for an EBCDIC environment
+                   jit        just-in-time support is available
+                   pcre16     the 16-bit library was built
+                   pcre32     the 32-bit library was built
+                   pcre8      the 8-bit library was built
+                   ucp        Unicode property support is available
+                   utf        UTF-8 and/or UTF-16 and/or UTF-32 support
+                                is available
+
+                 If an unknown option is given, an error  message  is  output;
+                 the exit code is 0.
+
+       -d        Behave  as  if  each pattern has the /D (debug) modifier; the
+                 internal form and information about the compiled  pattern  is
+                 output after compilation; -d is equivalent to -b -i.
+
+       -dfa      Behave  as if each data line contains the \D escape sequence;
+                 this    causes    the    alternative    matching    function,
+                 pcre[16|32]_dfa_exec(),  to  be  used instead of the standard
+                 pcre[16|32]_exec() function (more detail is given below).
+
+       -help     Output a brief summary these options and then exit.
+
+       -i        Behave as if each pattern has the  /I  modifier;  information
+                 about the compiled pattern is given after compilation.
+
+       -M        Behave  as if each data line contains the \M escape sequence;
+                 this causes PCRE to  discover  the  minimum  MATCH_LIMIT  and
+                 MATCH_LIMIT_RECURSION  settings by calling pcre[16|32]_exec()
+                 repeatedly with different limits.
+
+       -m        Output the size of each compiled pattern after  it  has  been
+                 compiled.  This  is  equivalent  to adding /M to each regular
+                 expression. The size is given in bytes for both libraries.
+
+       -O        Behave as if each pattern has the /O modifier, that  is  dis-
+                 able auto-possessification for all patterns.
+
+       -o osize  Set  the number of elements in the output vector that is used
+                 when calling pcre[16|32]_exec() or pcre[16|32]_dfa_exec()  to
+                 be  osize.  The  default  value is 45, which is enough for 14
+                 capturing subexpressions for pcre[16|32]_exec() or 22 differ-
+                 ent  matches for pcre[16|32]_dfa_exec().  The vector size can
+                 be changed for individual matching calls by including  \O  in
+                 the data line (see below).
+
+       -p        Behave  as  if  each  pattern  has the /P modifier; the POSIX
+                 wrapper API is used to call PCRE. None of the  other  options
+                 has  any  effect when -p is set. This option can be used only
+                 with the 8-bit library.
+
+       -q        Do not output the version number of pcretest at the start  of
+                 execution.
+
+       -S size   On  Unix-like  systems, set the size of the run-time stack to
+                 size megabytes.
+
+       -s or -s+ Behave as if each pattern  has  the  /S  modifier;  in  other
+                 words,  force each pattern to be studied. If -s+ is used, all
+                 the JIT compile options are  passed  to  pcre[16|32]_study(),
+                 causing  just-in-time  optimization  to  be  set  up if it is
+                 available, for both full and partial matching.  Specific  JIT
+                 compile options can be selected by following -s+ with a digit
+                 in the range 1 to 7, which selects the JIT compile  modes  as
+                 follows:
+
+                   1  normal match only
+                   2  soft partial match only
+                   3  normal match and soft partial match
+                   4  hard partial match only
+                   6  soft and hard partial match
+                   7  all three modes (default)
+
+                 If  -s++  is used instead of -s+ (with or without a following
+                 digit), the text "(JIT)" is added to the  first  output  line
+                 after a match or no match when JIT-compiled code was actually
+                 used.
+
+                 Note that there are pattern options  that  can  override  -s,
+                 either specifying no studying at all, or suppressing JIT com-
+                 pilation.
+
+                 If the /I or /D option is present on  a  pattern  (requesting
+                 output  about  the  compiled  pattern), information about the
+                 result of studying is not included when  studying  is  caused
+                 only  by  -s  and neither -i nor -d is present on the command
+                 line. This behaviour means that the output  from  tests  that
+                 are  run with and without -s should be identical, except when
+                 options that output information about the actual running of a
+                 match are set.
+
+                 The  -M,  -t,  and  -tm options, which give information about
+                 resources used, are likely to produce different  output  with
+                 and  without  -s.  Output may also differ if the /C option is
+                 present on an individual pattern. This uses callouts to trace
+                 the  the  matching process, and this may be different between
+                 studied and non-studied patterns.  If  the  pattern  contains
+                 (*MARK)  items  there  may  also be differences, for the same
+                 reason. The -s command line option can be overridden for spe-
+                 cific  patterns that should never be studied (see the /S pat-
+                 tern modifier below).
+
+       -t        Run each compile, study, and match many times with  a  timer,
+                 and  output  the resulting times per compile, study, or match
+                 (in milliseconds). Do not set -m with -t,  because  you  will
+                 then get the size output a zillion times, and the timing will
+                 be distorted. You can control the number of  iterations  that
+                 are used for timing by following -t with a number (as a sepa-
+                 rate item on the command line). For example, "-t 1000"  iter-
+                 ates 1000 times.  The default is to iterate 500000 times.
+
+       -tm       This is like -t except that it times only the matching phase,
+                 not the compile or study phases.
+
+       -T -TM    These behave like -t and -tm, but in addition, at the end  of
+                 a run, the total times for all compiles, studies, and matches
+                 are output.
+
+
+DESCRIPTION
+
+       If pcretest is given two filename arguments, it reads  from  the  first
+       and writes to the second. If it is given only one filename argument, it
+       reads from that file and writes to stdout.  Otherwise,  it  reads  from
+       stdin  and  writes to stdout, and prompts for each line of input, using
+       "re>" to prompt for regular expressions, and "data>" to prompt for data
+       lines.
+
+       When  pcretest  is  built,  a  configuration option can specify that it
+       should be linked with the libreadline library. When this  is  done,  if
+       the input is from a terminal, it is read using the readline() function.
+       This provides line-editing and history facilities. The output from  the
+       -help option states whether or not readline() will be used.
+
+       The program handles any number of sets of input on a single input file.
+       Each set starts with a regular expression, and continues with any  num-
+       ber of data lines to be matched against that pattern.
+
+       Each  data line is matched separately and independently. If you want to
+       do multi-line matches, you have to use the \n escape sequence (or \r or
+       \r\n, etc., depending on the newline setting) in a single line of input
+       to encode the newline sequences. There is no limit  on  the  length  of
+       data  lines;  the  input  buffer is automatically extended if it is too
+       small.
+
+       An empty line signals the end of the data lines, at which point  a  new
+       regular  expression is read. The regular expressions are given enclosed
+       in any non-alphanumeric delimiters other than backslash, for example:
+
+         /(a|bc)x+yz/
+
+       White space before the initial delimiter is ignored. A regular  expres-
+       sion  may be continued over several input lines, in which case the new-
+       line characters are included within it. It is possible to  include  the
+       delimiter within the pattern by escaping it, for example
+
+         /abc\/def/
+
+       If  you  do  so, the escape and the delimiter form part of the pattern,
+       but since delimiters are always non-alphanumeric, this does not  affect
+       its  interpretation.   If the terminating delimiter is immediately fol-
+       lowed by a backslash, for example,
+
+         /abc/\
+
+       then a backslash is added to the end of the pattern. This  is  done  to
+       provide  a  way of testing the error condition that arises if a pattern
+       finishes with a backslash, because
+
+         /abc\/
+
+       is interpreted as the first line of a pattern that starts with  "abc/",
+       causing pcretest to read the next line as a continuation of the regular
+       expression.
+
+
+PATTERN MODIFIERS
+
+       A pattern may be followed by any number of modifiers, which are  mostly
+       single  characters,  though  some  of these can be qualified by further
+       characters.  Following Perl usage, these are referred to below as,  for
+       example,  "the  /i  modifier", even though the delimiter of the pattern
+       need not always be a slash, and no slash is  used  when  writing  modi-
+       fiers.  White  space may appear between the final pattern delimiter and
+       the first modifier, and between the modifiers  themselves.  For  refer-
+       ence,  here  is  a  complete  list of modifiers. They fall into several
+       groups that are described in detail in the following sections.
+
+         /8              set UTF mode
+         /9              set PCRE_NEVER_UTF (locks out UTF mode)
+         /?              disable UTF validity check
+         /+              show remainder of subject after match
+         /=              show all captures (not just those that are set)
+
+         /A              set PCRE_ANCHORED
+         /B              show compiled code
+         /C              set PCRE_AUTO_CALLOUT
+         /D              same as /B plus /I
+         /E              set PCRE_DOLLAR_ENDONLY
+         /F              flip byte order in compiled pattern
+         /f              set PCRE_FIRSTLINE
+         /G              find all matches (shorten string)
+         /g              find all matches (use startoffset)
+         /I              show information about pattern
+         /i              set PCRE_CASELESS
+         /J              set PCRE_DUPNAMES
+         /K              show backtracking control names
+         /L              set locale
+         /M              show compiled memory size
+         /m              set PCRE_MULTILINE
+         /N              set PCRE_NO_AUTO_CAPTURE
+         /O              set PCRE_NO_AUTO_POSSESS
+         /P              use the POSIX wrapper
+         /Q              test external stack check function
+         /S              study the pattern after compilation
+         /s              set PCRE_DOTALL
+         /T              select character tables
+         /U              set PCRE_UNGREEDY
+         /W              set PCRE_UCP
+         /X              set PCRE_EXTRA
+         /x              set PCRE_EXTENDED
+         /Y              set PCRE_NO_START_OPTIMIZE
+         /Z              don't show lengths in /B output
+
+         /<any>          set PCRE_NEWLINE_ANY
+         /<anycrlf>      set PCRE_NEWLINE_ANYCRLF
+         /<cr>           set PCRE_NEWLINE_CR
+         /<crlf>         set PCRE_NEWLINE_CRLF
+         /<lf>           set PCRE_NEWLINE_LF
+         /<bsr_anycrlf>  set PCRE_BSR_ANYCRLF
+         /<bsr_unicode>  set PCRE_BSR_UNICODE
+         /<JS>           set PCRE_JAVASCRIPT_COMPAT
+
+
+   Perl-compatible modifiers
+
+       The /i, /m, /s, and /x modifiers set the PCRE_CASELESS, PCRE_MULTILINE,
+       PCRE_DOTALL,    or    PCRE_EXTENDED    options,    respectively,   when
+       pcre[16|32]_compile() is called. These four modifier letters  have  the
+       same effect as they do in Perl. For example:
+
+         /caseless/i
+
+
+   Modifiers for other PCRE options
+
+       The  following  table  shows additional modifiers for setting PCRE com-
+       pile-time options that do not correspond to anything in Perl:
+
+         /8              PCRE_UTF8           ) when using the 8-bit
+         /?              PCRE_NO_UTF8_CHECK  )   library
+
+         /8              PCRE_UTF16          ) when using the 16-bit
+         /?              PCRE_NO_UTF16_CHECK )   library
+
+         /8              PCRE_UTF32          ) when using the 32-bit
+         /?              PCRE_NO_UTF32_CHECK )   library
+
+         /9              PCRE_NEVER_UTF
+         /A              PCRE_ANCHORED
+         /C              PCRE_AUTO_CALLOUT
+         /E              PCRE_DOLLAR_ENDONLY
+         /f              PCRE_FIRSTLINE
+         /J              PCRE_DUPNAMES
+         /N              PCRE_NO_AUTO_CAPTURE
+         /O              PCRE_NO_AUTO_POSSESS
+         /U              PCRE_UNGREEDY
+         /W              PCRE_UCP
+         /X              PCRE_EXTRA
+         /Y              PCRE_NO_START_OPTIMIZE
+         /<any>          PCRE_NEWLINE_ANY
+         /<anycrlf>      PCRE_NEWLINE_ANYCRLF
+         /<cr>           PCRE_NEWLINE_CR
+         /<crlf>         PCRE_NEWLINE_CRLF
+         /<lf>           PCRE_NEWLINE_LF
+         /<bsr_anycrlf>  PCRE_BSR_ANYCRLF
+         /<bsr_unicode>  PCRE_BSR_UNICODE
+         /<JS>           PCRE_JAVASCRIPT_COMPAT
+
+       The modifiers that are enclosed in angle brackets are  literal  strings
+       as  shown,  including the angle brackets, but the letters within can be
+       in either case.  This example sets multiline matching with CRLF as  the
+       line ending sequence:
+
+         /^abc/m<CRLF>
+
+       As  well  as  turning  on  the  PCRE_UTF8/16/32 option, the /8 modifier
+       causes all non-printing characters in  output  strings  to  be  printed
+       using the \x{hh...} notation. Otherwise, those less than 0x100 are out-
+       put in hex without the curly brackets.
+
+       Full details of the PCRE options are given in  the  pcreapi  documenta-
+       tion.
+
+   Finding all matches in a string
+
+       Searching  for  all  possible matches within each subject string can be
+       requested by the /g or /G modifier. After  finding  a  match,  PCRE  is
+       called again to search the remainder of the subject string. The differ-
+       ence between /g and /G is that the former uses the startoffset argument
+       to  pcre[16|32]_exec()  to  start  searching  at a new point within the
+       entire string (which is in effect what Perl does), whereas  the  latter
+       passes  over  a  shortened  substring.  This  makes a difference to the
+       matching process if the pattern  begins  with  a  lookbehind  assertion
+       (including \b or \B).
+
+       If  any  call  to  pcre[16|32]_exec() in a /g or /G sequence matches an
+       empty string, the next call is done with the PCRE_NOTEMPTY_ATSTART  and
+       PCRE_ANCHORED  flags  set  in  order  to search for another, non-empty,
+       match at the same point. If this second match fails, the  start  offset
+       is  advanced,  and  the  normal match is retried. This imitates the way
+       Perl handles such cases when using the /g modifier or the split() func-
+       tion.  Normally,  the start offset is advanced by one character, but if
+       the newline convention recognizes CRLF as a newline,  and  the  current
+       character is CR followed by LF, an advance of two is used.
+
+   Other modifiers
+
+       There are yet more modifiers for controlling the way pcretest operates.
+
+       The  /+ modifier requests that as well as outputting the substring that
+       matched the entire pattern, pcretest  should  in  addition  output  the
+       remainder  of  the  subject  string. This is useful for tests where the
+       subject contains multiple copies of the same substring. If the +  modi-
+       fier  appears  twice, the same action is taken for captured substrings.
+       In each case the remainder is output on the following line with a  plus
+       character  following  the  capture number. Note that this modifier must
+       not immediately follow the /S modifier because /S+ and /S++ have  other
+       meanings.
+
+       The  /=  modifier  requests  that  the values of all potential captured
+       parentheses be output after a match. By default, only those up  to  the
+       highest one actually used in the match are output (corresponding to the
+       return code from pcre[16|32]_exec()). Values in the offsets vector cor-
+       responding  to higher numbers should be set to -1, and these are output
+       as "<unset>". This modifier gives a way of checking that this  is  hap-
+       pening.
+
+       The  /B modifier is a debugging feature. It requests that pcretest out-
+       put a representation of the compiled code after  compilation.  Normally
+       this  information  contains length and offset values; however, if /Z is
+       also present, this data is replaced by spaces. This is a  special  fea-
+       ture  for  use  in the automatic test scripts; it ensures that the same
+       output is generated for different internal link sizes.
+
+       The /D modifier is a PCRE debugging feature, and is equivalent to  /BI,
+       that is, both the /B and the /I modifiers.
+
+       The  /F  modifier  causes pcretest to flip the byte order of the 2-byte
+       and 4-byte fields in the compiled pattern. This facility is for testing
+       the  feature  in PCRE that allows it to execute patterns that were com-
+       piled on a host with a different endianness. This feature is not avail-
+       able  when the POSIX interface to PCRE is being used, that is, when the
+       /P pattern modifier is specified. See also the section about saving and
+       reloading compiled patterns below.
+
+       The  /I  modifier  requests  that pcretest output information about the
+       compiled pattern (whether it is anchored, has a fixed first  character,
+       and  so  on). It does this by calling pcre[16|32]_fullinfo() after com-
+       piling a pattern. If the pattern is studied, the results  of  that  are
+       also output. In this output, the word "char" means a non-UTF character,
+       that is, the value of a single data item  (8-bit,  16-bit,  or  32-bit,
+       depending on the library that is being tested).
+
+       The  /K modifier requests pcretest to show names from backtracking con-
+       trol verbs that are  returned  from  calls  to  pcre[16|32]_exec().  It
+       causes  pcretest  to  create  a  pcre[16|32]_extra block if one has not
+       already been created by a call to pcre[16|32]_study(), and to  set  the
+       PCRE_EXTRA_MARK  flag  and  the  mark  field within it, every time that
+       pcre[16|32]_exec() is called. If  the  variable  that  the  mark  field
+       points  to  is  non-NULL  for  a  match,  non-match,  or partial match,
+       pcretest prints the string to which it points. For  a  match,  this  is
+       shown  on  a  line  by itself, tagged with "MK:". For a non-match it is
+       added to the message.
+
+       The /L modifier must be followed directly by the name of a locale,  for
+       example,
+
+         /pattern/Lfr_FR
+
+       For this reason, it must be the last modifier. The given locale is set,
+       pcre[16|32]_maketables() is called to build a set of  character  tables
+       for  the  locale, and this is then passed to pcre[16|32]_compile() when
+       compiling the regular expression. Without an /L (or /T) modifier,  NULL
+       is  passed  as  the  tables  pointer;  that  is, /L applies only to the
+       expression on which it appears.
+
+       The /M modifier causes the size in bytes of the memory  block  used  to
+       hold  the compiled pattern to be output. This does not include the size
+       of the pcre[16|32] block; it is just the actual compiled data.  If  the
+       pattern is successfully studied with the PCRE_STUDY_JIT_COMPILE option,
+       the size of the JIT compiled code is also output.
+
+       The /Q modifier is used to test the use of pcre_stack_guard. It must be
+       followed  by '0' or '1', specifying the return code to be given from an
+       external function that is passed to PCRE and used  for  stack  checking
+       during compilation (see the pcreapi documentation for details).
+
+       The  /S  modifier  causes  pcre[16|32]_study()  to  be called after the
+       expression has been compiled, and the results used when the  expression
+       is matched. There are a number of qualifying characters that may follow
+       /S.  They may appear in any order.
+
+       If /S is followed by an exclamation mark, pcre[16|32]_study() is called
+       with  the PCRE_STUDY_EXTRA_NEEDED option, causing it always to return a
+       pcre_extra block, even when studying discovers no useful information.
+
+       If /S is followed by a second S character, it suppresses studying, even
+       if  it  was  requested  externally  by the -s command line option. This
+       makes it possible to specify that certain patterns are always  studied,
+       and others are never studied, independently of -s. This feature is used
+       in the test files in a few cases where the output is different when the
+       pattern is studied.
+
+       If  the  /S  modifier  is  followed  by  a  +  character,  the  call to
+       pcre[16|32]_study() is made with all the JIT study options,  requesting
+       just-in-time  optimization  support if it is available, for both normal
+       and partial matching. If you want to restrict the JIT compiling  modes,
+       you can follow /S+ with a digit in the range 1 to 7:
+
+         1  normal match only
+         2  soft partial match only
+         3  normal match and soft partial match
+         4  hard partial match only
+         6  soft and hard partial match
+         7  all three modes (default)
+
+       If /S++ is used instead of /S+ (with or without a following digit), the
+       text "(JIT)" is added to the first output line  after  a  match  or  no
+       match when JIT-compiled code was actually used.
+
+       Note  that  there  is  also  an independent /+ modifier; it must not be
+       given immediately after /S or /S+ because this will be misinterpreted.
+
+       If JIT studying is successful, the compiled JIT code will automatically
+       be  used  when pcre[16|32]_exec() is run, except when incompatible run-
+       time options are specified. For more details, see the pcrejit  documen-
+       tation.  See also the \J escape sequence below for a way of setting the
+       size of the JIT stack.
+
+       Finally, if /S is followed by a minus  character,  JIT  compilation  is
+       suppressed,  even if it was requested externally by the -s command line
+       option. This makes it possible to specify that JIT is never to be  used
+       for certain patterns.
+
+       The  /T  modifier  must be followed by a single digit. It causes a spe-
+       cific set of built-in character tables to be passed to pcre[16|32]_com-
+       pile().  It  is used in the standard PCRE tests to check behaviour with
+       different character tables. The digit specifies the tables as follows:
+
+         0   the default ASCII tables, as distributed in
+               pcre_chartables.c.dist
+         1   a set of tables defining ISO 8859 characters
+
+       In table 1, some characters whose codes are greater than 128 are  iden-
+       tified as letters, digits, spaces, etc.
+
+   Using the POSIX wrapper API
+
+       The  /P modifier causes pcretest to call PCRE via the POSIX wrapper API
+       rather than its native API. This supports only the 8-bit library.  When
+       /P  is set, the following modifiers set options for the regcomp() func-
+       tion:
+
+         /i    REG_ICASE
+         /m    REG_NEWLINE
+         /N    REG_NOSUB
+         /s    REG_DOTALL     )
+         /U    REG_UNGREEDY   ) These options are not part of
+         /W    REG_UCP        )   the POSIX standard
+         /8    REG_UTF8       )
+
+       The /+ modifier works as  described  above.  All  other  modifiers  are
+       ignored.
+
+   Locking out certain modifiers
+
+       PCRE  can be compiled with or without support for certain features such
+       as UTF-8/16/32 or Unicode properties. Accordingly, the  standard  tests
+       are  split  up  into  a number of different files that are selected for
+       running depending on which features are available.  When  updating  the
+       tests, it is all too easy to put a new test into the wrong file by mis-
+       take; for example, to put a test that requires UTF support into a  file
+       that  is used when it is not available. To help detect such mistakes as
+       early as possible, there is a facility for locking out  specific  modi-
+       fiers. If an input line for pcretest starts with the string "< forbid "
+       the following sequence of characters is taken as a  list  of  forbidden
+       modifiers. For example, in the test files that must not use UTF or Uni-
+       code property support, this line appears:
+
+         < forbid 8W
+
+       This locks out the /8 and /W modifiers. An immediate error is given  if
+       they  are  subsequently encountered. If the character string contains <
+       but not >, all the multi-character modifiers  that  begin  with  <  are
+       locked  out.  Otherwise,  such modifiers must be explicitly listed, for
+       example:
+
+         < forbid <JS><cr>
+
+       There must be a single space between < and "forbid" for this feature to
+       be  recognised.  If  there  is not, the line is interpreted either as a
+       request to re-load a pre-compiled pattern (see  "SAVING  AND  RELOADING
+       COMPILED  PATTERNS"  below) or, if there is a another < character, as a
+       pattern that uses < as its delimiter.
+
+
+DATA LINES
+
+       Before each data line is  passed  to  pcre[16|32]_exec(),  leading  and
+       trailing  white space is removed, and it is then scanned for \ escapes.
+       Some of these are pretty esoteric features, intended for  checking  out
+       some  of the more complicated features of PCRE. If you are just testing
+       "ordinary" regular expressions, you probably don't need any  of  these.
+       The following escapes are recognized:
+
+         \a         alarm (BEL, \x07)
+         \b         backspace (\x08)
+         \e         escape (\x27)
+         \f         form feed (\x0c)
+         \n         newline (\x0a)
+         \qdd       set the PCRE_MATCH_LIMIT limit to dd
+                      (any number of digits)
+         \r         carriage return (\x0d)
+         \t         tab (\x09)
+         \v         vertical tab (\x0b)
+         \nnn       octal character (up to 3 octal digits); always
+                      a byte unless > 255 in UTF-8 or 16-bit or 32-bit mode
+         \o{dd...}  octal character (any number of octal digits}
+         \xhh       hexadecimal byte (up to 2 hex digits)
+         \x{hh...}  hexadecimal character (any number of hex digits)
+         \A         pass the PCRE_ANCHORED option to pcre[16|32]_exec()
+                      or pcre[16|32]_dfa_exec()
+         \B         pass the PCRE_NOTBOL option to pcre[16|32]_exec()
+                      or pcre[16|32]_dfa_exec()
+         \Cdd       call pcre[16|32]_copy_substring() for substring dd
+                      after a successful match (number less than 32)
+         \Cname     call pcre[16|32]_copy_named_substring() for substring
+                      "name" after a successful match (name termin-
+                      ated by next non alphanumeric character)
+         \C+        show the current captured substrings at callout
+                      time
+         \C-        do not supply a callout function
+         \C!n       return 1 instead of 0 when callout number n is
+                      reached
+         \C!n!m     return 1 instead of 0 when callout number n is
+                      reached for the nth time
+         \C*n       pass the number n (may be negative) as callout
+                      data; this is used as the callout return value
+         \D         use the pcre[16|32]_dfa_exec() match function
+         \F         only shortest match for pcre[16|32]_dfa_exec()
+         \Gdd       call pcre[16|32]_get_substring() for substring dd
+                      after a successful match (number less than 32)
+         \Gname     call pcre[16|32]_get_named_substring() for substring
+                      "name" after a successful match (name termin-
+                      ated by next non-alphanumeric character)
+         \Jdd       set up a JIT stack of dd kilobytes maximum (any
+                      number of digits)
+         \L         call pcre[16|32]_get_substringlist() after a
+                      successful match
+         \M         discover the minimum MATCH_LIMIT and
+                      MATCH_LIMIT_RECURSION settings
+         \N         pass the PCRE_NOTEMPTY option to pcre[16|32]_exec()
+                      or pcre[16|32]_dfa_exec(); if used twice, pass the
+                      PCRE_NOTEMPTY_ATSTART option
+         \Odd       set the size of the output vector passed to
+                      pcre[16|32]_exec() to dd (any number of digits)
+         \P         pass the PCRE_PARTIAL_SOFT option to pcre[16|32]_exec()
+                      or pcre[16|32]_dfa_exec(); if used twice, pass the
+                      PCRE_PARTIAL_HARD option
+         \Qdd       set the PCRE_MATCH_LIMIT_RECURSION limit to dd
+                      (any number of digits)
+         \R         pass the PCRE_DFA_RESTART option to pcre[16|32]_dfa_exec()
+         \S         output details of memory get/free calls during matching
+         \Y             pass     the    PCRE_NO_START_OPTIMIZE    option    to
+       pcre[16|32]_exec()
+                      or pcre[16|32]_dfa_exec()
+         \Z         pass the PCRE_NOTEOL option to pcre[16|32]_exec()
+                      or pcre[16|32]_dfa_exec()
+         \?         pass the PCRE_NO_UTF[8|16|32]_CHECK option to
+                      pcre[16|32]_exec() or pcre[16|32]_dfa_exec()
+         \>dd       start the match at offset dd (optional "-"; then
+                      any number of digits); this sets the startoffset
+                      argument        for        pcre[16|32]_exec()         or
+       pcre[16|32]_dfa_exec()
+         \<cr>      pass the PCRE_NEWLINE_CR option to pcre[16|32]_exec()
+                      or pcre[16|32]_dfa_exec()
+         \<lf>      pass the PCRE_NEWLINE_LF option to pcre[16|32]_exec()
+                      or pcre[16|32]_dfa_exec()
+         \<crlf>    pass the PCRE_NEWLINE_CRLF option to pcre[16|32]_exec()
+                      or pcre[16|32]_dfa_exec()
+         \<anycrlf> pass the PCRE_NEWLINE_ANYCRLF option to pcre[16|32]_exec()
+                      or pcre[16|32]_dfa_exec()
+         \<any>     pass the PCRE_NEWLINE_ANY option to pcre[16|32]_exec()
+                      or pcre[16|32]_dfa_exec()
+
+       The  use of \x{hh...} is not dependent on the use of the /8 modifier on
+       the pattern. It is recognized always. There may be any number of  hexa-
+       decimal  digits  inside  the  braces; invalid values provoke error mes-
+       sages.
+
+       Note that \xhh specifies one byte rather than one  character  in  UTF-8
+       mode;  this  makes it possible to construct invalid UTF-8 sequences for
+       testing purposes. On the other hand, \x{hh} is interpreted as  a  UTF-8
+       character  in UTF-8 mode, generating more than one byte if the value is
+       greater than 127.  When testing the 8-bit library not  in  UTF-8  mode,
+       \x{hh} generates one byte for values less than 256, and causes an error
+       for greater values.
+
+       In UTF-16 mode, all 4-digit \x{hhhh} values are accepted. This makes it
+       possible to construct invalid UTF-16 sequences for testing purposes.
+
+       In  UTF-32  mode,  all  4- to 8-digit \x{...} values are accepted. This
+       makes it possible to construct invalid  UTF-32  sequences  for  testing
+       purposes.
+
+       The  escapes  that  specify  line ending sequences are literal strings,
+       exactly as shown. No more than one newline setting should be present in
+       any data line.
+
+       A  backslash  followed by anything else just escapes the anything else.
+       If the very last character is a backslash, it is ignored. This gives  a
+       way  of  passing  an empty line as data, since a real empty line termi-
+       nates the data input.
+
+       The \J escape provides a way of setting the maximum stack size that  is
+       used  by the just-in-time optimization code. It is ignored if JIT opti-
+       mization is not being used. Providing a stack that is larger  than  the
+       default 32K is necessary only for very complicated patterns.
+
+       If \M is present, pcretest calls pcre[16|32]_exec() several times, with
+       different values in the match_limit and match_limit_recursion fields of
+       the  pcre[16|32]_extra  data structure, until it finds the minimum num-
+       bers for each parameter that allow pcre[16|32]_exec() to complete with-
+       out  error.  Because  this  is testing a specific feature of the normal
+       interpretive pcre[16|32]_exec() execution, the use of any JIT optimiza-
+       tion  that might have been set up by the /S+ qualifier of -s+ option is
+       disabled.
+
+       The match_limit number is a measure of the amount of backtracking  that
+       takes  place,  and  checking it out can be instructive. For most simple
+       matches, the number is quite small, but for patterns  with  very  large
+       numbers  of  matching  possibilities,  it can become large very quickly
+       with increasing length of  subject  string.  The  match_limit_recursion
+       number  is  a  measure  of how much stack (or, if PCRE is compiled with
+       NO_RECURSE, how much heap) memory  is  needed  to  complete  the  match
+       attempt.
+
+       When  \O  is  used, the value specified may be higher or lower than the
+       size set by the -O command line option (or defaulted to 45); \O applies
+       only  to  the  call  of  pcre[16|32]_exec()  for  the  line in which it
+       appears.
+
+       If the /P modifier was present on the pattern, causing the POSIX  wrap-
+       per  API  to  be  used, the only option-setting sequences that have any
+       effect are \B,  \N,  and  \Z,  causing  REG_NOTBOL,  REG_NOTEMPTY,  and
+       REG_NOTEOL, respectively, to be passed to regexec().
+
+
+THE ALTERNATIVE MATCHING FUNCTION
+
+       By   default,  pcretest  uses  the  standard  PCRE  matching  function,
+       pcre[16|32]_exec() to match each  data  line.  PCRE  also  supports  an
+       alternative  matching  function, pcre[16|32]_dfa_test(), which operates
+       in a different way, and has some restrictions. The differences  between
+       the two functions are described in the pcrematching documentation.
+
+       If  a data line contains the \D escape sequence, or if the command line
+       contains the -dfa option, the alternative matching  function  is  used.
+       This function finds all possible matches at a given point. If, however,
+       the \F escape sequence is present in the data line, it stops after  the
+       first match is found. This is always the shortest possible match.
+
+
+DEFAULT OUTPUT FROM PCRETEST
+
+       This  section  describes  the output when the normal matching function,
+       pcre[16|32]_exec(), is being used.
+
+       When a match succeeds, pcretest outputs the list of captured substrings
+       that  pcre[16|32]_exec() returns, starting with number 0 for the string
+       that matched the whole pattern. Otherwise, it outputs "No  match"  when
+       the  return is PCRE_ERROR_NOMATCH, and "Partial match:" followed by the
+       partially   matching   substring   when   pcre[16|32]_exec()    returns
+       PCRE_ERROR_PARTIAL.  (Note  that  this is the entire substring that was
+       inspected during the partial match; it may  include  characters  before
+       the  actual  match  start  if a lookbehind assertion, \K, \b, or \B was
+       involved.) For any other return, pcretest  outputs  the  PCRE  negative
+       error  number  and a short descriptive phrase. If the error is a failed
+       UTF string check, the offset of the start of the failing character  and
+       the  reason  code are also output, provided that the size of the output
+       vector is at least two. Here is an example of an  interactive  pcretest
+       run.
+
+         $ pcretest
+         PCRE version 8.13 2011-04-30
+
+           re> /^abc(\d+)/
+         data> abc123
+          0: abc123
+          1: 123
+         data> xyz
+         No match
+
+       Unset capturing substrings that are not followed by one that is set are
+       not returned by pcre[16|32]_exec(), and are not shown by  pcretest.  In
+       the following example, there are two capturing substrings, but when the
+       first data line is matched, the second, unset substring is  not  shown.
+       An  "internal" unset substring is shown as "<unset>", as for the second
+       data line.
+
+           re> /(a)|(b)/
+         data> a
+          0: a
+          1: a
+         data> b
+          0: b
+          1: <unset>
+          2: b
+
+       If the strings contain any non-printing characters, they are output  as
+       \xhh  escapes  if  the  value is less than 256 and UTF mode is not set.
+       Otherwise they are output as \x{hh...} escapes. See below for the defi-
+       nition  of non-printing characters. If the pattern has the /+ modifier,
+       the output for substring 0 is followed by the the rest of  the  subject
+       string, identified by "0+" like this:
+
+           re> /cat/+
+         data> cataract
+          0: cat
+          0+ aract
+
+       If  the  pattern  has  the /g or /G modifier, the results of successive
+       matching attempts are output in sequence, like this:
+
+           re> /\Bi(\w\w)/g
+         data> Mississippi
+          0: iss
+          1: ss
+          0: iss
+          1: ss
+          0: ipp
+          1: pp
+
+       "No match" is output only if the first match attempt fails. Here is  an
+       example  of a failure message (the offset 4 that is specified by \>4 is
+       past the end of the subject string):
+
+           re> /xyz/
+         data> xyz\>4
+         Error -24 (bad offset value)
+
+       If any of the sequences \C, \G, or \L are present in a data  line  that
+       is  successfully  matched,  the substrings extracted by the convenience
+       functions are output with C, G, or L after the string number instead of
+       a colon. This is in addition to the normal full list. The string length
+       (that is, the return from the extraction function) is given  in  paren-
+       theses after each string for \C and \G.
+
+       Note that whereas patterns can be continued over several lines (a plain
+       ">" prompt is used for continuations), data lines may not. However new-
+       lines  can  be included in data by means of the \n escape (or \r, \r\n,
+       etc., depending on the newline sequence setting).
+
+
+OUTPUT FROM THE ALTERNATIVE MATCHING FUNCTION
+
+       When the alternative matching function, pcre[16|32]_dfa_exec(), is used
+       (by  means  of the \D escape sequence or the -dfa command line option),
+       the output consists of a list of all the  matches  that  start  at  the
+       first point in the subject where there is at least one match. For exam-
+       ple:
+
+           re> /(tang|tangerine|tan)/
+         data> yellow tangerine\D
+          0: tangerine
+          1: tang
+          2: tan
+
+       (Using the normal matching function on this data  finds  only  "tang".)
+       The  longest matching string is always given first (and numbered zero).
+       After a PCRE_ERROR_PARTIAL return, the output is "Partial match:", fol-
+       lowed  by  the  partially  matching  substring.  (Note that this is the
+       entire substring that was inspected during the partial  match;  it  may
+       include characters before the actual match start if a lookbehind asser-
+       tion, \K, \b, or \B was involved.)
+
+       If /g is present on the pattern, the search for further matches resumes
+       at the end of the longest match. For example:
+
+           re> /(tang|tangerine|tan)/g
+         data> yellow tangerine and tangy sultana\D
+          0: tangerine
+          1: tang
+          2: tan
+          0: tang
+          1: tan
+          0: tan
+
+       Since  the  matching  function  does not support substring capture, the
+       escape sequences that are concerned with captured  substrings  are  not
+       relevant.
+
+
+RESTARTING AFTER A PARTIAL MATCH
+
+       When the alternative matching function has given the PCRE_ERROR_PARTIAL
+       return, indicating that the subject partially matched the pattern,  you
+       can  restart  the match with additional subject data by means of the \R
+       escape sequence. For example:
+
+           re> /^\d?\d(jan|feb|mar|apr|may|jun|jul|aug|sep|oct|nov|dec)\d\d$/
+         data> 23ja\P\D
+         Partial match: 23ja
+         data> n05\R\D
+          0: n05
+
+       For further information about partial  matching,  see  the  pcrepartial
+       documentation.
+
+
+CALLOUTS
+
+       If  the pattern contains any callout requests, pcretest's callout func-
+       tion is called during matching. This works  with  both  matching  func-
+       tions. By default, the called function displays the callout number, the
+       start and current positions in the text at the callout  time,  and  the
+       next pattern item to be tested. For example:
+
+         --->pqrabcdef
+           0    ^  ^     \d
+
+       This  output  indicates  that  callout  number  0  occurred for a match
+       attempt starting at the fourth character of the  subject  string,  when
+       the pointer was at the seventh character of the data, and when the next
+       pattern item was \d. Just one circumflex is output  if  the  start  and
+       current positions are the same.
+
+       Callouts numbered 255 are assumed to be automatic callouts, inserted as
+       a result of the /C pattern modifier. In this case, instead  of  showing
+       the  callout  number, the offset in the pattern, preceded by a plus, is
+       output. For example:
+
+           re> /\d?[A-E]\*/C
+         data> E*
+         --->E*
+          +0 ^      \d?
+          +3 ^      [A-E]
+          +8 ^^     \*
+         +10 ^ ^
+          0: E*
+
+       If a pattern contains (*MARK) items, an additional line is output when-
+       ever  a  change  of  latest mark is passed to the callout function. For
+       example:
+
+           re> /a(*MARK:X)bc/C
+         data> abc
+         --->abc
+          +0 ^       a
+          +1 ^^      (*MARK:X)
+         +10 ^^      b
+         Latest Mark: X
+         +11 ^ ^     c
+         +12 ^  ^
+          0: abc
+
+       The mark changes between matching "a" and "b", but stays the  same  for
+       the  rest  of  the match, so nothing more is output. If, as a result of
+       backtracking, the mark reverts to being unset, the  text  "<unset>"  is
+       output.
+
+       The  callout  function  in pcretest returns zero (carry on matching) by
+       default, but you can use a \C item in a data line (as described  above)
+       to change this and other parameters of the callout.
+
+       Inserting  callouts can be helpful when using pcretest to check compli-
+       cated regular expressions. For further information about callouts,  see
+       the pcrecallout documentation.
+
+
+NON-PRINTING CHARACTERS
+
+       When  pcretest is outputting text in the compiled version of a pattern,
+       bytes other than 32-126 are always treated as  non-printing  characters
+       are are therefore shown as hex escapes.
+
+       When  pcretest  is  outputting text that is a matched part of a subject
+       string, it behaves in the same way, unless a different locale has  been
+       set  for  the  pattern  (using  the  /L  modifier).  In  this case, the
+       isprint() function to distinguish printing and non-printing characters.
+
+
+SAVING AND RELOADING COMPILED PATTERNS
+
+       The facilities described in this section are  not  available  when  the
+       POSIX  interface  to  PCRE  is being used, that is, when the /P pattern
+       modifier is specified.
+
+       When the POSIX interface is not in use, you can cause pcretest to write
+       a  compiled  pattern to a file, by following the modifiers with > and a
+       file name.  For example:
+
+         /pattern/im >/some/file
+
+       See the pcreprecompile documentation for a discussion about saving  and
+       re-using  compiled patterns.  Note that if the pattern was successfully
+       studied with JIT optimization, the JIT data cannot be saved.
+
+       The data that is written is binary.  The  first  eight  bytes  are  the
+       length  of  the  compiled  pattern  data  followed by the length of the
+       optional study data, each written as four  bytes  in  big-endian  order
+       (most  significant  byte  first). If there is no study data (either the
+       pattern was not studied, or studying did not return any data), the sec-
+       ond  length  is  zero. The lengths are followed by an exact copy of the
+       compiled pattern. If there is additional study  data,  this  (excluding
+       any  JIT  data)  follows  immediately after the compiled pattern. After
+       writing the file, pcretest expects to read a new pattern.
+
+       A saved pattern can be reloaded into pcretest by  specifying  <  and  a
+       file  name  instead  of a pattern. There must be no space between < and
+       the file name, which must not  contain  a  <  character,  as  otherwise
+       pcretest  will  interpret  the line as a pattern delimited by < charac-
+       ters. For example:
+
+          re> </some/file
+         Compiled pattern loaded from /some/file
+         No study data
+
+       If the pattern was previously studied with the  JIT  optimization,  the
+       JIT  information cannot be saved and restored, and so is lost. When the
+       pattern has been loaded, pcretest proceeds to read data  lines  in  the
+       usual way.
+
+       You  can copy a file written by pcretest to a different host and reload
+       it there, even if the new host has opposite endianness to  the  one  on
+       which  the pattern was compiled. For example, you can compile on an i86
+       machine and run on a SPARC machine. When a pattern  is  reloaded  on  a
+       host with different endianness, the confirmation message is changed to:
+
+         Compiled pattern (byte-inverted) loaded from /some/file
+
+       The test suite contains some saved pre-compiled patterns with different
+       endianness. These are reloaded using "<!" instead  of  just  "<".  This
+       suppresses the "(byte-inverted)" text so that the output is the same on
+       all hosts. It also forces debugging output once the  pattern  has  been
+       reloaded.
+
+       File  names  for  saving and reloading can be absolute or relative, but
+       note that the shell facility of expanding a file name that starts  with
+       a tilde (~) is not available.
+
+       The  ability to save and reload files in pcretest is intended for test-
+       ing and experimentation. It is not intended for production use  because
+       only  a  single pattern can be written to a file. Furthermore, there is
+       no facility for supplying  custom  character  tables  for  use  with  a
+       reloaded  pattern.  If  the  original  pattern was compiled with custom
+       tables, an attempt to match a subject string using a  reloaded  pattern
+       is  likely to cause pcretest to crash.  Finally, if you attempt to load
+       a file that is not in the correct format, the result is undefined.
+
+
+SEE ALSO
+
+       pcre(3), pcre16(3),  pcre32(3),  pcreapi(3),  pcrecallout(3),  pcrejit,
+       pcrematching(3), pcrepartial(d), pcrepattern(3), pcreprecompile(3).
+
+
+AUTHOR
+
+       Philip Hazel
+       University Computing Service
+       Cambridge CB2 3QH, England.
+
+
+REVISION
+
+       Last updated: 23 February 2017
+       Copyright (c) 1997-2017 University of Cambridge.
diff --git a/client/3rd/ShadowSocks/ShadowSocks/pcre/armv7s/share/man/man1/pcre-config.1 b/client/3rd/ShadowSocks/ShadowSocks/pcre/armv7s/share/man/man1/pcre-config.1
new file mode 100644
index 00000000..52eb4fb2
--- /dev/null
+++ b/client/3rd/ShadowSocks/ShadowSocks/pcre/armv7s/share/man/man1/pcre-config.1
@@ -0,0 +1,92 @@
+.TH PCRE-CONFIG 1 "01 January 2012" "PCRE 8.30"
+.SH NAME
+pcre-config - program to return PCRE configuration
+.SH SYNOPSIS
+.rs
+.sp
+.nf
+.B pcre-config  [--prefix] [--exec-prefix] [--version] [--libs]
+.B "            [--libs16] [--libs32] [--libs-cpp] [--libs-posix]"
+.B "            [--cflags] [--cflags-posix]"
+.fi
+.
+.
+.SH DESCRIPTION
+.rs
+.sp
+\fBpcre-config\fP returns the configuration of the installed PCRE
+libraries and the options required to compile a program to use them. Some of
+the options apply only to the 8-bit, or 16-bit, or 32-bit libraries,
+respectively, and are
+not available if only one of those libraries has been built. If an unavailable
+option is encountered, the "usage" information is output.
+.
+.
+.SH OPTIONS
+.rs
+.TP 10
+\fB--prefix\fP
+Writes the directory prefix used in the PCRE installation for architecture
+independent files (\fI/usr\fP on many systems, \fI/usr/local\fP on some
+systems) to the standard output.
+.TP 10
+\fB--exec-prefix\fP
+Writes the directory prefix used in the PCRE installation for architecture
+dependent files (normally the same as \fB--prefix\fP) to the standard output.
+.TP 10
+\fB--version\fP
+Writes the version number of the installed PCRE libraries to the standard
+output.
+.TP 10
+\fB--libs\fP
+Writes to the standard output the command line options required to link
+with the 8-bit PCRE library (\fB-lpcre\fP on many systems).
+.TP 10
+\fB--libs16\fP
+Writes to the standard output the command line options required to link
+with the 16-bit PCRE library (\fB-lpcre16\fP on many systems).
+.TP 10
+\fB--libs32\fP
+Writes to the standard output the command line options required to link
+with the 32-bit PCRE library (\fB-lpcre32\fP on many systems).
+.TP 10
+\fB--libs-cpp\fP
+Writes to the standard output the command line options required to link with
+PCRE's C++ wrapper library (\fB-lpcrecpp\fP \fB-lpcre\fP on many
+systems).
+.TP 10
+\fB--libs-posix\fP
+Writes to the standard output the command line options required to link with
+PCRE's POSIX API wrapper library (\fB-lpcreposix\fP \fB-lpcre\fP on many
+systems).
+.TP 10
+\fB--cflags\fP
+Writes to the standard output the command line options required to compile
+files that use PCRE (this may include some \fB-I\fP options, but is blank on
+many systems).
+.TP 10
+\fB--cflags-posix\fP
+Writes to the standard output the command line options required to compile
+files that use PCRE's POSIX API wrapper library (this may include some \fB-I\fP
+options, but is blank on many systems).
+.
+.
+.SH "SEE ALSO"
+.rs
+.sp
+\fBpcre(3)\fP
+.
+.
+.SH AUTHOR
+.rs
+.sp
+This manual page was originally written by Mark Baker for the Debian GNU/Linux
+system. It has been subsequently revised as a generic PCRE man page.
+.
+.
+.SH REVISION
+.rs
+.sp
+.nf
+Last updated: 24 June 2012
+.fi
diff --git a/client/3rd/ShadowSocks/ShadowSocks/pcre/armv7s/share/man/man1/pcregrep.1 b/client/3rd/ShadowSocks/ShadowSocks/pcre/armv7s/share/man/man1/pcregrep.1
new file mode 100644
index 00000000..98866754
--- /dev/null
+++ b/client/3rd/ShadowSocks/ShadowSocks/pcre/armv7s/share/man/man1/pcregrep.1
@@ -0,0 +1,683 @@
+.TH PCREGREP 1 "03 April 2014" "PCRE 8.35"
+.SH NAME
+pcregrep - a grep with Perl-compatible regular expressions.
+.SH SYNOPSIS
+.B pcregrep [options] [long options] [pattern] [path1 path2 ...]
+.
+.SH DESCRIPTION
+.rs
+.sp
+\fBpcregrep\fP searches files for character patterns, in the same way as other
+grep commands do, but it uses the PCRE regular expression library to support
+patterns that are compatible with the regular expressions of Perl 5. See
+.\" HREF
+\fBpcresyntax\fP(3)
+.\"
+for a quick-reference summary of pattern syntax, or
+.\" HREF
+\fBpcrepattern\fP(3)
+.\"
+for a full description of the syntax and semantics of the regular expressions
+that PCRE supports.
+.P
+Patterns, whether supplied on the command line or in a separate file, are given
+without delimiters. For example:
+.sp
+  pcregrep Thursday /etc/motd
+.sp
+If you attempt to use delimiters (for example, by surrounding a pattern with
+slashes, as is common in Perl scripts), they are interpreted as part of the
+pattern. Quotes can of course be used to delimit patterns on the command line
+because they are interpreted by the shell, and indeed quotes are required if a
+pattern contains white space or shell metacharacters.
+.P
+The first argument that follows any option settings is treated as the single
+pattern to be matched when neither \fB-e\fP nor \fB-f\fP is present.
+Conversely, when one or both of these options are used to specify patterns, all
+arguments are treated as path names. At least one of \fB-e\fP, \fB-f\fP, or an
+argument pattern must be provided.
+.P
+If no files are specified, \fBpcregrep\fP reads the standard input. The
+standard input can also be referenced by a name consisting of a single hyphen.
+For example:
+.sp
+  pcregrep some-pattern /file1 - /file3
+.sp
+By default, each line that matches a pattern is copied to the standard
+output, and if there is more than one file, the file name is output at the
+start of each line, followed by a colon. However, there are options that can
+change how \fBpcregrep\fP behaves. In particular, the \fB-M\fP option makes it
+possible to search for patterns that span line boundaries. What defines a line
+boundary is controlled by the \fB-N\fP (\fB--newline\fP) option.
+.P
+The amount of memory used for buffering files that are being scanned is
+controlled by a parameter that can be set by the \fB--buffer-size\fP option.
+The default value for this parameter is specified when \fBpcregrep\fP is built,
+with the default default being 20K. A block of memory three times this size is
+used (to allow for buffering "before" and "after" lines). An error occurs if a
+line overflows the buffer.
+.P
+Patterns can be no longer than 8K or BUFSIZ bytes, whichever is the greater.
+BUFSIZ is defined in \fB<stdio.h>\fP. When there is more than one pattern
+(specified by the use of \fB-e\fP and/or \fB-f\fP), each pattern is applied to
+each line in the order in which they are defined, except that all the \fB-e\fP
+patterns are tried before the \fB-f\fP patterns.
+.P
+By default, as soon as one pattern matches a line, no further patterns are
+considered. However, if \fB--colour\fP (or \fB--color\fP) is used to colour the
+matching substrings, or if \fB--only-matching\fP, \fB--file-offsets\fP, or
+\fB--line-offsets\fP is used to output only the part of the line that matched
+(either shown literally, or as an offset), scanning resumes immediately
+following the match, so that further matches on the same line can be found. If
+there are multiple patterns, they are all tried on the remainder of the line,
+but patterns that follow the one that matched are not tried on the earlier part
+of the line.
+.P
+This behaviour means that the order in which multiple patterns are specified
+can affect the output when one of the above options is used. This is no longer
+the same behaviour as GNU grep, which now manages to display earlier matches
+for later patterns (as long as there is no overlap).
+.P
+Patterns that can match an empty string are accepted, but empty string
+matches are never recognized. An example is the pattern "(super)?(man)?", in
+which all components are optional. This pattern finds all occurrences of both
+"super" and "man"; the output differs from matching with "super|man" when only
+the matching substrings are being shown.
+.P
+If the \fBLC_ALL\fP or \fBLC_CTYPE\fP environment variable is set,
+\fBpcregrep\fP uses the value to set a locale when calling the PCRE library.
+The \fB--locale\fP option can be used to override this.
+.
+.
+.SH "SUPPORT FOR COMPRESSED FILES"
+.rs
+.sp
+It is possible to compile \fBpcregrep\fP so that it uses \fBlibz\fP or
+\fBlibbz2\fP to read files whose names end in \fB.gz\fP or \fB.bz2\fP,
+respectively. You can find out whether your binary has support for one or both
+of these file types by running it with the \fB--help\fP option. If the
+appropriate support is not present, files are treated as plain text. The
+standard input is always so treated.
+.
+.
+.SH "BINARY FILES"
+.rs
+.sp
+By default, a file that contains a binary zero byte within the first 1024 bytes
+is identified as a binary file, and is processed specially. (GNU grep also
+identifies binary files in this manner.) See the \fB--binary-files\fP option
+for a means of changing the way binary files are handled.
+.
+.
+.SH OPTIONS
+.rs
+.sp
+The order in which some of the options appear can affect the output. For
+example, both the \fB-h\fP and \fB-l\fP options affect the printing of file
+names. Whichever comes later in the command line will be the one that takes
+effect. Similarly, except where noted below, if an option is given twice, the
+later setting is used. Numerical values for options may be followed by K or M,
+to signify multiplication by 1024 or 1024*1024 respectively.
+.TP 10
+\fB--\fP
+This terminates the list of options. It is useful if the next item on the
+command line starts with a hyphen but is not an option. This allows for the
+processing of patterns and filenames that start with hyphens.
+.TP
+\fB-A\fP \fInumber\fP, \fB--after-context=\fP\fInumber\fP
+Output \fInumber\fP lines of context after each matching line. If filenames
+and/or line numbers are being output, a hyphen separator is used instead of a
+colon for the context lines. A line containing "--" is output between each
+group of lines, unless they are in fact contiguous in the input file. The value
+of \fInumber\fP is expected to be relatively small. However, \fBpcregrep\fP
+guarantees to have up to 8K of following text available for context output.
+.TP
+\fB-a\fP, \fB--text\fP
+Treat binary files as text. This is equivalent to
+\fB--binary-files\fP=\fItext\fP.
+.TP
+\fB-B\fP \fInumber\fP, \fB--before-context=\fP\fInumber\fP
+Output \fInumber\fP lines of context before each matching line. If filenames
+and/or line numbers are being output, a hyphen separator is used instead of a
+colon for the context lines. A line containing "--" is output between each
+group of lines, unless they are in fact contiguous in the input file. The value
+of \fInumber\fP is expected to be relatively small. However, \fBpcregrep\fP
+guarantees to have up to 8K of preceding text available for context output.
+.TP
+\fB--binary-files=\fP\fIword\fP
+Specify how binary files are to be processed. If the word is "binary" (the
+default), pattern matching is performed on binary files, but the only output is
+"Binary file <name> matches" when a match succeeds. If the word is "text",
+which is equivalent to the \fB-a\fP or \fB--text\fP option, binary files are
+processed in the same way as any other file. In this case, when a match
+succeeds, the output may be binary garbage, which can have nasty effects if
+sent to a terminal. If the word is "without-match", which is equivalent to the
+\fB-I\fP option, binary files are not processed at all; they are assumed not to
+be of interest.
+.TP
+\fB--buffer-size=\fP\fInumber\fP
+Set the parameter that controls how much memory is used for buffering files
+that are being scanned.
+.TP
+\fB-C\fP \fInumber\fP, \fB--context=\fP\fInumber\fP
+Output \fInumber\fP lines of context both before and after each matching line.
+This is equivalent to setting both \fB-A\fP and \fB-B\fP to the same value.
+.TP
+\fB-c\fP, \fB--count\fP
+Do not output individual lines from the files that are being scanned; instead
+output the number of lines that would otherwise have been shown. If no lines
+are selected, the number zero is output. If several files are are being
+scanned, a count is output for each of them. However, if the
+\fB--files-with-matches\fP option is also used, only those files whose counts
+are greater than zero are listed. When \fB-c\fP is used, the \fB-A\fP,
+\fB-B\fP, and \fB-C\fP options are ignored.
+.TP
+\fB--colour\fP, \fB--color\fP
+If this option is given without any data, it is equivalent to "--colour=auto".
+If data is required, it must be given in the same shell item, separated by an
+equals sign.
+.TP
+\fB--colour=\fP\fIvalue\fP, \fB--color=\fP\fIvalue\fP
+This option specifies under what circumstances the parts of a line that matched
+a pattern should be coloured in the output. By default, the output is not
+coloured. The value (which is optional, see above) may be "never", "always", or
+"auto". In the latter case, colouring happens only if the standard output is
+connected to a terminal. More resources are used when colouring is enabled,
+because \fBpcregrep\fP has to search for all possible matches in a line, not
+just one, in order to colour them all.
+.sp
+The colour that is used can be specified by setting the environment variable
+PCREGREP_COLOUR or PCREGREP_COLOR. The value of this variable should be a
+string of two numbers, separated by a semicolon. They are copied directly into
+the control string for setting colour on a terminal, so it is your
+responsibility to ensure that they make sense. If neither of the environment
+variables is set, the default is "1;31", which gives red.
+.TP
+\fB-D\fP \fIaction\fP, \fB--devices=\fP\fIaction\fP
+If an input path is not a regular file or a directory, "action" specifies how
+it is to be processed. Valid values are "read" (the default) or "skip"
+(silently skip the path).
+.TP
+\fB-d\fP \fIaction\fP, \fB--directories=\fP\fIaction\fP
+If an input path is a directory, "action" specifies how it is to be processed.
+Valid values are "read" (the default in non-Windows environments, for
+compatibility with GNU grep), "recurse" (equivalent to the \fB-r\fP option), or
+"skip" (silently skip the path, the default in Windows environments). In the
+"read" case, directories are read as if they were ordinary files. In some
+operating systems the effect of reading a directory like this is an immediate
+end-of-file; in others it may provoke an error.
+.TP
+\fB-e\fP \fIpattern\fP, \fB--regex=\fP\fIpattern\fP, \fB--regexp=\fP\fIpattern\fP
+Specify a pattern to be matched. This option can be used multiple times in
+order to specify several patterns. It can also be used as a way of specifying a
+single pattern that starts with a hyphen. When \fB-e\fP is used, no argument
+pattern is taken from the command line; all arguments are treated as file
+names. There is no limit to the number of patterns. They are applied to each
+line in the order in which they are defined until one matches.
+.sp
+If \fB-f\fP is used with \fB-e\fP, the command line patterns are matched first,
+followed by the patterns from the file(s), independent of the order in which
+these options are specified. Note that multiple use of \fB-e\fP is not the same
+as a single pattern with alternatives. For example, X|Y finds the first
+character in a line that is X or Y, whereas if the two patterns are given
+separately, with X first, \fBpcregrep\fP finds X if it is present, even if it
+follows Y in the line. It finds Y only if there is no X in the line. This
+matters only if you are using \fB-o\fP or \fB--colo(u)r\fP to show the part(s)
+of the line that matched.
+.TP
+\fB--exclude\fP=\fIpattern\fP
+Files (but not directories) whose names match the pattern are skipped without
+being processed. This applies to all files, whether listed on the command line,
+obtained from \fB--file-list\fP, or by scanning a directory. The pattern is a
+PCRE regular expression, and is matched against the final component of the file
+name, not the entire path. The \fB-F\fP, \fB-w\fP, and \fB-x\fP options do not
+apply to this pattern. The option may be given any number of times in order to
+specify multiple patterns. If a file name matches both an \fB--include\fP
+and an \fB--exclude\fP pattern, it is excluded. There is no short form for this
+option.
+.TP
+\fB--exclude-from=\fP\fIfilename\fP
+Treat each non-empty line of the file as the data for an \fB--exclude\fP
+option. What constitutes a newline when reading the file is the operating
+system's default. The \fB--newline\fP option has no effect on this option. This
+option may be given more than once in order to specify a number of files to
+read.
+.TP
+\fB--exclude-dir\fP=\fIpattern\fP
+Directories whose names match the pattern are skipped without being processed,
+whatever the setting of the \fB--recursive\fP option. This applies to all
+directories, whether listed on the command line, obtained from
+\fB--file-list\fP, or by scanning a parent directory. The pattern is a PCRE
+regular expression, and is matched against the final component of the directory
+name, not the entire path. The \fB-F\fP, \fB-w\fP, and \fB-x\fP options do not
+apply to this pattern. The option may be given any number of times in order to
+specify more than one pattern. If a directory matches both \fB--include-dir\fP
+and \fB--exclude-dir\fP, it is excluded. There is no short form for this
+option.
+.TP
+\fB-F\fP, \fB--fixed-strings\fP
+Interpret each data-matching pattern as a list of fixed strings, separated by
+newlines, instead of as a regular expression. What constitutes a newline for
+this purpose is controlled by the \fB--newline\fP option. The \fB-w\fP (match
+as a word) and \fB-x\fP (match whole line) options can be used with \fB-F\fP.
+They apply to each of the fixed strings. A line is selected if any of the fixed
+strings are found in it (subject to \fB-w\fP or \fB-x\fP, if present). This
+option applies only to the patterns that are matched against the contents of
+files; it does not apply to patterns specified by any of the \fB--include\fP or
+\fB--exclude\fP options.
+.TP
+\fB-f\fP \fIfilename\fP, \fB--file=\fP\fIfilename\fP
+Read patterns from the file, one per line, and match them against
+each line of input. What constitutes a newline when reading the file is the
+operating system's default. The \fB--newline\fP option has no effect on this
+option. Trailing white space is removed from each line, and blank lines are
+ignored. An empty file contains no patterns and therefore matches nothing. See
+also the comments about multiple patterns versus a single pattern with
+alternatives in the description of \fB-e\fP above.
+.sp
+If this option is given more than once, all the specified files are
+read. A data line is output if any of the patterns match it. A filename can
+be given as "-" to refer to the standard input. When \fB-f\fP is used, patterns
+specified on the command line using \fB-e\fP may also be present; they are
+tested before the file's patterns. However, no other pattern is taken from the
+command line; all arguments are treated as the names of paths to be searched.
+.TP
+\fB--file-list\fP=\fIfilename\fP
+Read a list of files and/or directories that are to be scanned from the given
+file, one per line. Trailing white space is removed from each line, and blank
+lines are ignored. These paths are processed before any that are listed on the
+command line. The filename can be given as "-" to refer to the standard input.
+If \fB--file\fP and \fB--file-list\fP are both specified as "-", patterns are
+read first. This is useful only when the standard input is a terminal, from
+which further lines (the list of files) can be read after an end-of-file
+indication. If this option is given more than once, all the specified files are
+read.
+.TP
+\fB--file-offsets\fP
+Instead of showing lines or parts of lines that match, show each match as an
+offset from the start of the file and a length, separated by a comma. In this
+mode, no context is shown. That is, the \fB-A\fP, \fB-B\fP, and \fB-C\fP
+options are ignored. If there is more than one match in a line, each of them is
+shown separately. This option is mutually exclusive with \fB--line-offsets\fP
+and \fB--only-matching\fP.
+.TP
+\fB-H\fP, \fB--with-filename\fP
+Force the inclusion of the filename at the start of output lines when searching
+a single file. By default, the filename is not shown in this case. For matching
+lines, the filename is followed by a colon; for context lines, a hyphen
+separator is used. If a line number is also being output, it follows the file
+name.
+.TP
+\fB-h\fP, \fB--no-filename\fP
+Suppress the output filenames when searching multiple files. By default,
+filenames are shown when multiple files are searched. For matching lines, the
+filename is followed by a colon; for context lines, a hyphen separator is used.
+If a line number is also being output, it follows the file name.
+.TP
+\fB--help\fP
+Output a help message, giving brief details of the command options and file
+type support, and then exit. Anything else on the command line is
+ignored.
+.TP
+\fB-I\fP
+Treat binary files as never matching. This is equivalent to
+\fB--binary-files\fP=\fIwithout-match\fP.
+.TP
+\fB-i\fP, \fB--ignore-case\fP
+Ignore upper/lower case distinctions during comparisons.
+.TP
+\fB--include\fP=\fIpattern\fP
+If any \fB--include\fP patterns are specified, the only files that are
+processed are those that match one of the patterns (and do not match an
+\fB--exclude\fP pattern). This option does not affect directories, but it
+applies to all files, whether listed on the command line, obtained from
+\fB--file-list\fP, or by scanning a directory. The pattern is a PCRE regular
+expression, and is matched against the final component of the file name, not
+the entire path. The \fB-F\fP, \fB-w\fP, and \fB-x\fP options do not apply to
+this pattern. The option may be given any number of times. If a file name
+matches both an \fB--include\fP and an \fB--exclude\fP pattern, it is excluded.
+There is no short form for this option.
+.TP
+\fB--include-from=\fP\fIfilename\fP
+Treat each non-empty line of the file as the data for an \fB--include\fP
+option. What constitutes a newline for this purpose is the operating system's
+default. The \fB--newline\fP option has no effect on this option. This option
+may be given any number of times; all the files are read.
+.TP
+\fB--include-dir\fP=\fIpattern\fP
+If any \fB--include-dir\fP patterns are specified, the only directories that
+are processed are those that match one of the patterns (and do not match an
+\fB--exclude-dir\fP pattern). This applies to all directories, whether listed
+on the command line, obtained from \fB--file-list\fP, or by scanning a parent
+directory. The pattern is a PCRE regular expression, and is matched against the
+final component of the directory name, not the entire path. The \fB-F\fP,
+\fB-w\fP, and \fB-x\fP options do not apply to this pattern. The option may be
+given any number of times. If a directory matches both \fB--include-dir\fP and
+\fB--exclude-dir\fP, it is excluded. There is no short form for this option.
+.TP
+\fB-L\fP, \fB--files-without-match\fP
+Instead of outputting lines from the files, just output the names of the files
+that do not contain any lines that would have been output. Each file name is
+output once, on a separate line.
+.TP
+\fB-l\fP, \fB--files-with-matches\fP
+Instead of outputting lines from the files, just output the names of the files
+containing lines that would have been output. Each file name is output
+once, on a separate line. Searching normally stops as soon as a matching line
+is found in a file. However, if the \fB-c\fP (count) option is also used,
+matching continues in order to obtain the correct count, and those files that
+have at least one match are listed along with their counts. Using this option
+with \fB-c\fP is a way of suppressing the listing of files with no matches.
+.TP
+\fB--label\fP=\fIname\fP
+This option supplies a name to be used for the standard input when file names
+are being output. If not supplied, "(standard input)" is used. There is no
+short form for this option.
+.TP
+\fB--line-buffered\fP
+When this option is given, input is read and processed line by line, and the
+output is flushed after each write. By default, input is read in large chunks,
+unless \fBpcregrep\fP can determine that it is reading from a terminal (which
+is currently possible only in Unix-like environments). Output to terminal is
+normally automatically flushed by the operating system. This option can be
+useful when the input or output is attached to a pipe and you do not want
+\fBpcregrep\fP to buffer up large amounts of data. However, its use will affect
+performance, and the \fB-M\fP (multiline) option ceases to work.
+.TP
+\fB--line-offsets\fP
+Instead of showing lines or parts of lines that match, show each match as a
+line number, the offset from the start of the line, and a length. The line
+number is terminated by a colon (as usual; see the \fB-n\fP option), and the
+offset and length are separated by a comma. In this mode, no context is shown.
+That is, the \fB-A\fP, \fB-B\fP, and \fB-C\fP options are ignored. If there is
+more than one match in a line, each of them is shown separately. This option is
+mutually exclusive with \fB--file-offsets\fP and \fB--only-matching\fP.
+.TP
+\fB--locale\fP=\fIlocale-name\fP
+This option specifies a locale to be used for pattern matching. It overrides
+the value in the \fBLC_ALL\fP or \fBLC_CTYPE\fP environment variables. If no
+locale is specified, the PCRE library's default (usually the "C" locale) is
+used. There is no short form for this option.
+.TP
+\fB--match-limit\fP=\fInumber\fP
+Processing some regular expression patterns can require a very large amount of
+memory, leading in some cases to a program crash if not enough is available.
+Other patterns may take a very long time to search for all possible matching
+strings. The \fBpcre_exec()\fP function that is called by \fBpcregrep\fP to do
+the matching has two parameters that can limit the resources that it uses.
+.sp
+The \fB--match-limit\fP option provides a means of limiting resource usage
+when processing patterns that are not going to match, but which have a very
+large number of possibilities in their search trees. The classic example is a
+pattern that uses nested unlimited repeats. Internally, PCRE uses a function
+called \fBmatch()\fP which it calls repeatedly (sometimes recursively). The
+limit set by \fB--match-limit\fP is imposed on the number of times this
+function is called during a match, which has the effect of limiting the amount
+of backtracking that can take place.
+.sp
+The \fB--recursion-limit\fP option is similar to \fB--match-limit\fP, but
+instead of limiting the total number of times that \fBmatch()\fP is called, it
+limits the depth of recursive calls, which in turn limits the amount of memory
+that can be used. The recursion depth is a smaller number than the total number
+of calls, because not all calls to \fBmatch()\fP are recursive. This limit is
+of use only if it is set smaller than \fB--match-limit\fP.
+.sp
+There are no short forms for these options. The default settings are specified
+when the PCRE library is compiled, with the default default being 10 million.
+.TP
+\fB-M\fP, \fB--multiline\fP
+Allow patterns to match more than one line. When this option is given, patterns
+may usefully contain literal newline characters and internal occurrences of ^
+and $ characters. The output for a successful match may consist of more than
+one line, the last of which is the one in which the match ended. If the matched
+string ends with a newline sequence the output ends at the end of that line.
+.sp
+When this option is set, the PCRE library is called in "multiline" mode.
+There is a limit to the number of lines that can be matched, imposed by the way
+that \fBpcregrep\fP buffers the input file as it scans it. However,
+\fBpcregrep\fP ensures that at least 8K characters or the rest of the document
+(whichever is the shorter) are available for forward matching, and similarly
+the previous 8K characters (or all the previous characters, if fewer than 8K)
+are guaranteed to be available for lookbehind assertions. This option does not
+work when input is read line by line (see \fP--line-buffered\fP.)
+.TP
+\fB-N\fP \fInewline-type\fP, \fB--newline\fP=\fInewline-type\fP
+The PCRE library supports five different conventions for indicating
+the ends of lines. They are the single-character sequences CR (carriage return)
+and LF (linefeed), the two-character sequence CRLF, an "anycrlf" convention,
+which recognizes any of the preceding three types, and an "any" convention, in
+which any Unicode line ending sequence is assumed to end a line. The Unicode
+sequences are the three just mentioned, plus VT (vertical tab, U+000B), FF
+(form feed, U+000C), NEL (next line, U+0085), LS (line separator, U+2028), and
+PS (paragraph separator, U+2029).
+.sp
+When the PCRE library is built, a default line-ending sequence is specified.
+This is normally the standard sequence for the operating system. Unless
+otherwise specified by this option, \fBpcregrep\fP uses the library's default.
+The possible values for this option are CR, LF, CRLF, ANYCRLF, or ANY. This
+makes it possible to use \fBpcregrep\fP to scan files that have come from other
+environments without having to modify their line endings. If the data that is
+being scanned does not agree with the convention set by this option,
+\fBpcregrep\fP may behave in strange ways. Note that this option does not
+apply to files specified by the \fB-f\fP, \fB--exclude-from\fP, or
+\fB--include-from\fP options, which are expected to use the operating system's
+standard newline sequence.
+.TP
+\fB-n\fP, \fB--line-number\fP
+Precede each output line by its line number in the file, followed by a colon
+for matching lines or a hyphen for context lines. If the filename is also being
+output, it precedes the line number. This option is forced if
+\fB--line-offsets\fP is used.
+.TP
+\fB--no-jit\fP
+If the PCRE library is built with support for just-in-time compiling (which
+speeds up matching), \fBpcregrep\fP automatically makes use of this, unless it
+was explicitly disabled at build time. This option can be used to disable the
+use of JIT at run time. It is provided for testing and working round problems.
+It should never be needed in normal use.
+.TP
+\fB-o\fP, \fB--only-matching\fP
+Show only the part of the line that matched a pattern instead of the whole
+line. In this mode, no context is shown. That is, the \fB-A\fP, \fB-B\fP, and
+\fB-C\fP options are ignored. If there is more than one match in a line, each
+of them is shown separately. If \fB-o\fP is combined with \fB-v\fP (invert the
+sense of the match to find non-matching lines), no output is generated, but the
+return code is set appropriately. If the matched portion of the line is empty,
+nothing is output unless the file name or line number are being printed, in
+which case they are shown on an otherwise empty line. This option is mutually
+exclusive with \fB--file-offsets\fP and \fB--line-offsets\fP.
+.TP
+\fB-o\fP\fInumber\fP, \fB--only-matching\fP=\fInumber\fP
+Show only the part of the line that matched the capturing parentheses of the
+given number. Up to 32 capturing parentheses are supported, and -o0 is
+equivalent to \fB-o\fP without a number. Because these options can be given
+without an argument (see above), if an argument is present, it must be given in
+the same shell item, for example, -o3 or --only-matching=2. The comments given
+for the non-argument case above also apply to this case. If the specified
+capturing parentheses do not exist in the pattern, or were not set in the
+match, nothing is output unless the file name or line number are being printed.
+.sp
+If this option is given multiple times, multiple substrings are output, in the
+order the options are given. For example, -o3 -o1 -o3 causes the substrings
+matched by capturing parentheses 3 and 1 and then 3 again to be output. By
+default, there is no separator (but see the next option).
+.TP
+\fB--om-separator\fP=\fItext\fP
+Specify a separating string for multiple occurrences of \fB-o\fP. The default
+is an empty string. Separating strings are never coloured.
+.TP
+\fB-q\fP, \fB--quiet\fP
+Work quietly, that is, display nothing except error messages. The exit
+status indicates whether or not any matches were found.
+.TP
+\fB-r\fP, \fB--recursive\fP
+If any given path is a directory, recursively scan the files it contains,
+taking note of any \fB--include\fP and \fB--exclude\fP settings. By default, a
+directory is read as a normal file; in some operating systems this gives an
+immediate end-of-file. This option is a shorthand for setting the \fB-d\fP
+option to "recurse".
+.TP
+\fB--recursion-limit\fP=\fInumber\fP
+See \fB--match-limit\fP above.
+.TP
+\fB-s\fP, \fB--no-messages\fP
+Suppress error messages about non-existent or unreadable files. Such files are
+quietly skipped. However, the return code is still 2, even if matches were
+found in other files.
+.TP
+\fB-u\fP, \fB--utf-8\fP
+Operate in UTF-8 mode. This option is available only if PCRE has been compiled
+with UTF-8 support. All patterns (including those for any \fB--exclude\fP and
+\fB--include\fP options) and all subject lines that are scanned must be valid
+strings of UTF-8 characters.
+.TP
+\fB-V\fP, \fB--version\fP
+Write the version numbers of \fBpcregrep\fP and the PCRE library to the
+standard output and then exit. Anything else on the command line is
+ignored.
+.TP
+\fB-v\fP, \fB--invert-match\fP
+Invert the sense of the match, so that lines which do \fInot\fP match any of
+the patterns are the ones that are found.
+.TP
+\fB-w\fP, \fB--word-regex\fP, \fB--word-regexp\fP
+Force the patterns to match only whole words. This is equivalent to having \eb
+at the start and end of the pattern. This option applies only to the patterns
+that are matched against the contents of files; it does not apply to patterns
+specified by any of the \fB--include\fP or \fB--exclude\fP options.
+.TP
+\fB-x\fP, \fB--line-regex\fP, \fB--line-regexp\fP
+Force the patterns to be anchored (each must start matching at the beginning of
+a line) and in addition, require them to match entire lines. This is equivalent
+to having ^ and $ characters at the start and end of each alternative branch in
+every pattern. This option applies only to the patterns that are matched
+against the contents of files; it does not apply to patterns specified by any
+of the \fB--include\fP or \fB--exclude\fP options.
+.
+.
+.SH "ENVIRONMENT VARIABLES"
+.rs
+.sp
+The environment variables \fBLC_ALL\fP and \fBLC_CTYPE\fP are examined, in that
+order, for a locale. The first one that is set is used. This can be overridden
+by the \fB--locale\fP option. If no locale is set, the PCRE library's default
+(usually the "C" locale) is used.
+.
+.
+.SH "NEWLINES"
+.rs
+.sp
+The \fB-N\fP (\fB--newline\fP) option allows \fBpcregrep\fP to scan files with
+different newline conventions from the default. Any parts of the input files
+that are written to the standard output are copied identically, with whatever
+newline sequences they have in the input. However, the setting of this option
+does not affect the interpretation of files specified by the \fB-f\fP,
+\fB--exclude-from\fP, or \fB--include-from\fP options, which are assumed to use
+the operating system's standard newline sequence, nor does it affect the way in
+which \fBpcregrep\fP writes informational messages to the standard error and
+output streams. For these it uses the string "\en" to indicate newlines,
+relying on the C I/O library to convert this to an appropriate sequence.
+.
+.
+.SH "OPTIONS COMPATIBILITY"
+.rs
+.sp
+Many of the short and long forms of \fBpcregrep\fP's options are the same
+as in the GNU \fBgrep\fP program. Any long option of the form
+\fB--xxx-regexp\fP (GNU terminology) is also available as \fB--xxx-regex\fP
+(PCRE terminology). However, the \fB--file-list\fP, \fB--file-offsets\fP,
+\fB--include-dir\fP, \fB--line-offsets\fP, \fB--locale\fP, \fB--match-limit\fP,
+\fB-M\fP, \fB--multiline\fP, \fB-N\fP, \fB--newline\fP, \fB--om-separator\fP,
+\fB--recursion-limit\fP, \fB-u\fP, and \fB--utf-8\fP options are specific to
+\fBpcregrep\fP, as is the use of the \fB--only-matching\fP option with a
+capturing parentheses number.
+.P
+Although most of the common options work the same way, a few are different in
+\fBpcregrep\fP. For example, the \fB--include\fP option's argument is a glob
+for GNU \fBgrep\fP, but a regular expression for \fBpcregrep\fP. If both the
+\fB-c\fP and \fB-l\fP options are given, GNU grep lists only file names,
+without counts, but \fBpcregrep\fP gives the counts.
+.
+.
+.SH "OPTIONS WITH DATA"
+.rs
+.sp
+There are four different ways in which an option with data can be specified.
+If a short form option is used, the data may follow immediately, or (with one
+exception) in the next command line item. For example:
+.sp
+  -f/some/file
+  -f /some/file
+.sp
+The exception is the \fB-o\fP option, which may appear with or without data.
+Because of this, if data is present, it must follow immediately in the same
+item, for example -o3.
+.P
+If a long form option is used, the data may appear in the same command line
+item, separated by an equals character, or (with two exceptions) it may appear
+in the next command line item. For example:
+.sp
+  --file=/some/file
+  --file /some/file
+.sp
+Note, however, that if you want to supply a file name beginning with ~ as data
+in a shell command, and have the shell expand ~ to a home directory, you must
+separate the file name from the option, because the shell does not treat ~
+specially unless it is at the start of an item.
+.P
+The exceptions to the above are the \fB--colour\fP (or \fB--color\fP) and
+\fB--only-matching\fP options, for which the data is optional. If one of these
+options does have data, it must be given in the first form, using an equals
+character. Otherwise \fBpcregrep\fP will assume that it has no data.
+.
+.
+.SH "MATCHING ERRORS"
+.rs
+.sp
+It is possible to supply a regular expression that takes a very long time to
+fail to match certain lines. Such patterns normally involve nested indefinite
+repeats, for example: (a+)*\ed when matched against a line of a's with no final
+digit. The PCRE matching function has a resource limit that causes it to abort
+in these circumstances. If this happens, \fBpcregrep\fP outputs an error
+message and the line that caused the problem to the standard error stream. If
+there are more than 20 such errors, \fBpcregrep\fP gives up.
+.P
+The \fB--match-limit\fP option of \fBpcregrep\fP can be used to set the overall
+resource limit; there is a second option called \fB--recursion-limit\fP that
+sets a limit on the amount of memory (usually stack) that is used (see the
+discussion of these options above).
+.
+.
+.SH DIAGNOSTICS
+.rs
+.sp
+Exit status is 0 if any matches were found, 1 if no matches were found, and 2
+for syntax errors, overlong lines, non-existent or inaccessible files (even if
+matches were found in other files) or too many matching errors. Using the
+\fB-s\fP option to suppress error messages about inaccessible files does not
+affect the return code.
+.
+.
+.SH "SEE ALSO"
+.rs
+.sp
+\fBpcrepattern\fP(3), \fBpcresyntax\fP(3), \fBpcretest\fP(1).
+.
+.
+.SH AUTHOR
+.rs
+.sp
+.nf
+Philip Hazel
+University Computing Service
+Cambridge CB2 3QH, England.
+.fi
+.
+.
+.SH REVISION
+.rs
+.sp
+.nf
+Last updated: 03 April 2014
+Copyright (c) 1997-2014 University of Cambridge.
+.fi
diff --git a/client/3rd/ShadowSocks/ShadowSocks/pcre/armv7s/share/man/man1/pcretest.1 b/client/3rd/ShadowSocks/ShadowSocks/pcre/armv7s/share/man/man1/pcretest.1
new file mode 100644
index 00000000..ea7457c0
--- /dev/null
+++ b/client/3rd/ShadowSocks/ShadowSocks/pcre/armv7s/share/man/man1/pcretest.1
@@ -0,0 +1,1160 @@
+.TH PCRETEST 1 "23 February 2017" "PCRE 8.41"
+.SH NAME
+pcretest - a program for testing Perl-compatible regular expressions.
+.SH SYNOPSIS
+.rs
+.sp
+.B pcretest "[options] [input file [output file]]"
+.sp
+\fBpcretest\fP was written as a test program for the PCRE regular expression
+library itself, but it can also be used for experimenting with regular
+expressions. This document describes the features of the test program; for
+details of the regular expressions themselves, see the
+.\" HREF
+\fBpcrepattern\fP
+.\"
+documentation. For details of the PCRE library function calls and their
+options, see the
+.\" HREF
+\fBpcreapi\fP
+.\"
+,
+.\" HREF
+\fBpcre16\fP
+and
+.\" HREF
+\fBpcre32\fP
+.\"
+documentation.
+.P
+The input for \fBpcretest\fP is a sequence of regular expression patterns and
+strings to be matched, as described below. The output shows the result of each
+match. Options on the command line and the patterns control PCRE options and
+exactly what is output.
+.P
+As PCRE has evolved, it has acquired many different features, and as a result,
+\fBpcretest\fP now has rather a lot of obscure options for testing every
+possible feature. Some of these options are specifically designed for use in
+conjunction with the test script and data files that are distributed as part of
+PCRE, and are unlikely to be of use otherwise. They are all documented here,
+but without much justification.
+.
+.
+.SH "INPUT DATA FORMAT"
+.rs
+.sp
+Input to \fBpcretest\fP is processed line by line, either by calling the C
+library's \fBfgets()\fP function, or via the \fBlibreadline\fP library (see
+below). In Unix-like environments, \fBfgets()\fP treats any bytes other than
+newline as data characters. However, in some Windows environments character 26
+(hex 1A) causes an immediate end of file, and no further data is read. For
+maximum portability, therefore, it is safest to use only ASCII characters in
+\fBpcretest\fP input files.
+.P
+The input is processed using using C's string functions, so must not
+contain binary zeroes, even though in Unix-like environments, \fBfgets()\fP
+treats any bytes other than newline as data characters.
+.
+.
+.SH "PCRE's 8-BIT, 16-BIT AND 32-BIT LIBRARIES"
+.rs
+.sp
+From release 8.30, two separate PCRE libraries can be built. The original one
+supports 8-bit character strings, whereas the newer 16-bit library supports
+character strings encoded in 16-bit units. From release 8.32, a third library
+can be built, supporting character strings encoded in 32-bit units. The
+\fBpcretest\fP program can be used to test all three libraries. However, it is
+itself still an 8-bit program, reading 8-bit input and writing 8-bit output.
+When testing the 16-bit or 32-bit library, the patterns and data strings are
+converted to 16- or 32-bit format before being passed to the PCRE library
+functions. Results are converted to 8-bit for output.
+.P
+References to functions and structures of the form \fBpcre[16|32]_xx\fP below
+mean "\fBpcre_xx\fP when using the 8-bit library, \fBpcre16_xx\fP when using
+the 16-bit library, or \fBpcre32_xx\fP when using the 32-bit library".
+.
+.
+.SH "COMMAND LINE OPTIONS"
+.rs
+.TP 10
+\fB-8\fP
+If both the 8-bit library has been built, this option causes the 8-bit library
+to be used (which is the default); if the 8-bit library has not been built,
+this option causes an error.
+.TP 10
+\fB-16\fP
+If both the 8-bit or the 32-bit, and the 16-bit libraries have been built, this
+option causes the 16-bit library to be used. If only the 16-bit library has been
+built, this is the default (so has no effect). If only the 8-bit or the 32-bit
+library has been built, this option causes an error.
+.TP 10
+\fB-32\fP
+If both the 8-bit or the 16-bit, and the 32-bit libraries have been built, this
+option causes the 32-bit library to be used. If only the 32-bit library has been
+built, this is the default (so has no effect). If only the 8-bit or the 16-bit
+library has been built, this option causes an error.
+.TP 10
+\fB-b\fP
+Behave as if each pattern has the \fB/B\fP (show byte code) modifier; the
+internal form is output after compilation.
+.TP 10
+\fB-C\fP
+Output the version number of the PCRE library, and all available information
+about the optional features that are included, and then exit with zero exit
+code. All other options are ignored.
+.TP 10
+\fB-C\fP \fIoption\fP
+Output information about a specific build-time option, then exit. This
+functionality is intended for use in scripts such as \fBRunTest\fP. The
+following options output the value and set the exit code as indicated:
+.sp
+  ebcdic-nl  the code for LF (= NL) in an EBCDIC environment:
+               0x15 or 0x25
+               0 if used in an ASCII environment
+               exit code is always 0
+  linksize   the configured internal link size (2, 3, or 4)
+               exit code is set to the link size
+  newline    the default newline setting:
+               CR, LF, CRLF, ANYCRLF, or ANY
+               exit code is always 0
+  bsr        the default setting for what \eR matches:
+               ANYCRLF or ANY
+               exit code is always 0
+.sp
+The following options output 1 for true or 0 for false, and set the exit code
+to the same value:
+.sp
+  ebcdic     compiled for an EBCDIC environment
+  jit        just-in-time support is available
+  pcre16     the 16-bit library was built
+  pcre32     the 32-bit library was built
+  pcre8      the 8-bit library was built
+  ucp        Unicode property support is available
+  utf        UTF-8 and/or UTF-16 and/or UTF-32 support
+               is available
+.sp
+If an unknown option is given, an error message is output; the exit code is 0.
+.TP 10
+\fB-d\fP
+Behave as if each pattern has the \fB/D\fP (debug) modifier; the internal
+form and information about the compiled pattern is output after compilation;
+\fB-d\fP is equivalent to \fB-b -i\fP.
+.TP 10
+\fB-dfa\fP
+Behave as if each data line contains the \eD escape sequence; this causes the
+alternative matching function, \fBpcre[16|32]_dfa_exec()\fP, to be used instead
+of the standard \fBpcre[16|32]_exec()\fP function (more detail is given below).
+.TP 10
+\fB-help\fP
+Output a brief summary these options and then exit.
+.TP 10
+\fB-i\fP
+Behave as if each pattern has the \fB/I\fP modifier; information about the
+compiled pattern is given after compilation.
+.TP 10
+\fB-M\fP
+Behave as if each data line contains the \eM escape sequence; this causes
+PCRE to discover the minimum MATCH_LIMIT and MATCH_LIMIT_RECURSION settings by
+calling \fBpcre[16|32]_exec()\fP repeatedly with different limits.
+.TP 10
+\fB-m\fP
+Output the size of each compiled pattern after it has been compiled. This is
+equivalent to adding \fB/M\fP to each regular expression. The size is given in
+bytes for both libraries.
+.TP 10
+\fB-O\fP
+Behave as if each pattern has the \fB/O\fP modifier, that is disable
+auto-possessification for all patterns.
+.TP 10
+\fB-o\fP \fIosize\fP
+Set the number of elements in the output vector that is used when calling
+\fBpcre[16|32]_exec()\fP or \fBpcre[16|32]_dfa_exec()\fP to be \fIosize\fP. The
+default value is 45, which is enough for 14 capturing subexpressions for
+\fBpcre[16|32]_exec()\fP or 22 different matches for
+\fBpcre[16|32]_dfa_exec()\fP.
+The vector size can be changed for individual matching calls by including \eO
+in the data line (see below).
+.TP 10
+\fB-p\fP
+Behave as if each pattern has the \fB/P\fP modifier; the POSIX wrapper API is
+used to call PCRE. None of the other options has any effect when \fB-p\fP is
+set. This option can be used only with the 8-bit library.
+.TP 10
+\fB-q\fP
+Do not output the version number of \fBpcretest\fP at the start of execution.
+.TP 10
+\fB-S\fP \fIsize\fP
+On Unix-like systems, set the size of the run-time stack to \fIsize\fP
+megabytes.
+.TP 10
+\fB-s\fP or \fB-s+\fP
+Behave as if each pattern has the \fB/S\fP modifier; in other words, force each
+pattern to be studied. If \fB-s+\fP is used, all the JIT compile options are
+passed to \fBpcre[16|32]_study()\fP, causing just-in-time optimization to be set
+up if it is available, for both full and partial matching. Specific JIT compile
+options can be selected by following \fB-s+\fP with a digit in the range 1 to
+7, which selects the JIT compile modes as follows:
+.sp
+  1  normal match only
+  2  soft partial match only
+  3  normal match and soft partial match
+  4  hard partial match only
+  6  soft and hard partial match
+  7  all three modes (default)
+.sp
+If \fB-s++\fP is used instead of \fB-s+\fP (with or without a following digit),
+the text "(JIT)" is added to the first output line after a match or no match
+when JIT-compiled code was actually used.
+.sp
+Note that there are pattern options that can override \fB-s\fP, either
+specifying no studying at all, or suppressing JIT compilation.
+.sp
+If the \fB/I\fP or \fB/D\fP option is present on a pattern (requesting output
+about the compiled pattern), information about the result of studying is not
+included when studying is caused only by \fB-s\fP and neither \fB-i\fP nor
+\fB-d\fP is present on the command line. This behaviour means that the output
+from tests that are run with and without \fB-s\fP should be identical, except
+when options that output information about the actual running of a match are
+set.
+.sp
+The \fB-M\fP, \fB-t\fP, and \fB-tm\fP options, which give information about
+resources used, are likely to produce different output with and without
+\fB-s\fP. Output may also differ if the \fB/C\fP option is present on an
+individual pattern. This uses callouts to trace the the matching process, and
+this may be different between studied and non-studied patterns. If the pattern
+contains (*MARK) items there may also be differences, for the same reason. The
+\fB-s\fP command line option can be overridden for specific patterns that
+should never be studied (see the \fB/S\fP pattern modifier below).
+.TP 10
+\fB-t\fP
+Run each compile, study, and match many times with a timer, and output the
+resulting times per compile, study, or match (in milliseconds). Do not set
+\fB-m\fP with \fB-t\fP, because you will then get the size output a zillion
+times, and the timing will be distorted. You can control the number of
+iterations that are used for timing by following \fB-t\fP with a number (as a
+separate item on the command line). For example, "-t 1000" iterates 1000 times.
+The default is to iterate 500000 times.
+.TP 10
+\fB-tm\fP
+This is like \fB-t\fP except that it times only the matching phase, not the
+compile or study phases.
+.TP 10
+\fB-T\fP \fB-TM\fP
+These behave like \fB-t\fP and \fB-tm\fP, but in addition, at the end of a run,
+the total times for all compiles, studies, and matches are output.
+.
+.
+.SH DESCRIPTION
+.rs
+.sp
+If \fBpcretest\fP is given two filename arguments, it reads from the first and
+writes to the second. If it is given only one filename argument, it reads from
+that file and writes to stdout. Otherwise, it reads from stdin and writes to
+stdout, and prompts for each line of input, using "re>" to prompt for regular
+expressions, and "data>" to prompt for data lines.
+.P
+When \fBpcretest\fP is built, a configuration option can specify that it should
+be linked with the \fBlibreadline\fP library. When this is done, if the input
+is from a terminal, it is read using the \fBreadline()\fP function. This
+provides line-editing and history facilities. The output from the \fB-help\fP
+option states whether or not \fBreadline()\fP will be used.
+.P
+The program handles any number of sets of input on a single input file. Each
+set starts with a regular expression, and continues with any number of data
+lines to be matched against that pattern.
+.P
+Each data line is matched separately and independently. If you want to do
+multi-line matches, you have to use the \en escape sequence (or \er or \er\en,
+etc., depending on the newline setting) in a single line of input to encode the
+newline sequences. There is no limit on the length of data lines; the input
+buffer is automatically extended if it is too small.
+.P
+An empty line signals the end of the data lines, at which point a new regular
+expression is read. The regular expressions are given enclosed in any
+non-alphanumeric delimiters other than backslash, for example:
+.sp
+  /(a|bc)x+yz/
+.sp
+White space before the initial delimiter is ignored. A regular expression may
+be continued over several input lines, in which case the newline characters are
+included within it. It is possible to include the delimiter within the pattern
+by escaping it, for example
+.sp
+  /abc\e/def/
+.sp
+If you do so, the escape and the delimiter form part of the pattern, but since
+delimiters are always non-alphanumeric, this does not affect its interpretation.
+If the terminating delimiter is immediately followed by a backslash, for
+example,
+.sp
+  /abc/\e
+.sp
+then a backslash is added to the end of the pattern. This is done to provide a
+way of testing the error condition that arises if a pattern finishes with a
+backslash, because
+.sp
+  /abc\e/
+.sp
+is interpreted as the first line of a pattern that starts with "abc/", causing
+pcretest to read the next line as a continuation of the regular expression.
+.
+.
+.SH "PATTERN MODIFIERS"
+.rs
+.sp
+A pattern may be followed by any number of modifiers, which are mostly single
+characters, though some of these can be qualified by further characters.
+Following Perl usage, these are referred to below as, for example, "the
+\fB/i\fP modifier", even though the delimiter of the pattern need not always be
+a slash, and no slash is used when writing modifiers. White space may appear
+between the final pattern delimiter and the first modifier, and between the
+modifiers themselves. For reference, here is a complete list of modifiers. They
+fall into several groups that are described in detail in the following
+sections.
+.sp
+  \fB/8\fP              set UTF mode
+  \fB/9\fP              set PCRE_NEVER_UTF (locks out UTF mode)
+  \fB/?\fP              disable UTF validity check
+  \fB/+\fP              show remainder of subject after match
+  \fB/=\fP              show all captures (not just those that are set)
+.sp
+  \fB/A\fP              set PCRE_ANCHORED
+  \fB/B\fP              show compiled code
+  \fB/C\fP              set PCRE_AUTO_CALLOUT
+  \fB/D\fP              same as \fB/B\fP plus \fB/I\fP
+  \fB/E\fP              set PCRE_DOLLAR_ENDONLY
+  \fB/F\fP              flip byte order in compiled pattern
+  \fB/f\fP              set PCRE_FIRSTLINE
+  \fB/G\fP              find all matches (shorten string)
+  \fB/g\fP              find all matches (use startoffset)
+  \fB/I\fP              show information about pattern
+  \fB/i\fP              set PCRE_CASELESS
+  \fB/J\fP              set PCRE_DUPNAMES
+  \fB/K\fP              show backtracking control names
+  \fB/L\fP              set locale
+  \fB/M\fP              show compiled memory size
+  \fB/m\fP              set PCRE_MULTILINE
+  \fB/N\fP              set PCRE_NO_AUTO_CAPTURE
+  \fB/O\fP              set PCRE_NO_AUTO_POSSESS
+  \fB/P\fP              use the POSIX wrapper
+  \fB/Q\fP              test external stack check function
+  \fB/S\fP              study the pattern after compilation
+  \fB/s\fP              set PCRE_DOTALL
+  \fB/T\fP              select character tables
+  \fB/U\fP              set PCRE_UNGREEDY
+  \fB/W\fP              set PCRE_UCP
+  \fB/X\fP              set PCRE_EXTRA
+  \fB/x\fP              set PCRE_EXTENDED
+  \fB/Y\fP              set PCRE_NO_START_OPTIMIZE
+  \fB/Z\fP              don't show lengths in \fB/B\fP output
+.sp
+  \fB/<any>\fP          set PCRE_NEWLINE_ANY
+  \fB/<anycrlf>\fP      set PCRE_NEWLINE_ANYCRLF
+  \fB/<cr>\fP           set PCRE_NEWLINE_CR
+  \fB/<crlf>\fP         set PCRE_NEWLINE_CRLF
+  \fB/<lf>\fP           set PCRE_NEWLINE_LF
+  \fB/<bsr_anycrlf>\fP  set PCRE_BSR_ANYCRLF
+  \fB/<bsr_unicode>\fP  set PCRE_BSR_UNICODE
+  \fB/<JS>\fP           set PCRE_JAVASCRIPT_COMPAT
+.sp
+.
+.
+.SS "Perl-compatible modifiers"
+.rs
+.sp
+The \fB/i\fP, \fB/m\fP, \fB/s\fP, and \fB/x\fP modifiers set the PCRE_CASELESS,
+PCRE_MULTILINE, PCRE_DOTALL, or PCRE_EXTENDED options, respectively, when
+\fBpcre[16|32]_compile()\fP is called. These four modifier letters have the same
+effect as they do in Perl. For example:
+.sp
+  /caseless/i
+.sp
+.
+.
+.SS "Modifiers for other PCRE options"
+.rs
+.sp
+The following table shows additional modifiers for setting PCRE compile-time
+options that do not correspond to anything in Perl:
+.sp
+  \fB/8\fP              PCRE_UTF8           ) when using the 8-bit
+  \fB/?\fP              PCRE_NO_UTF8_CHECK  )   library
+.sp
+  \fB/8\fP              PCRE_UTF16          ) when using the 16-bit
+  \fB/?\fP              PCRE_NO_UTF16_CHECK )   library
+.sp
+  \fB/8\fP              PCRE_UTF32          ) when using the 32-bit
+  \fB/?\fP              PCRE_NO_UTF32_CHECK )   library
+.sp
+  \fB/9\fP              PCRE_NEVER_UTF
+  \fB/A\fP              PCRE_ANCHORED
+  \fB/C\fP              PCRE_AUTO_CALLOUT
+  \fB/E\fP              PCRE_DOLLAR_ENDONLY
+  \fB/f\fP              PCRE_FIRSTLINE
+  \fB/J\fP              PCRE_DUPNAMES
+  \fB/N\fP              PCRE_NO_AUTO_CAPTURE
+  \fB/O\fP              PCRE_NO_AUTO_POSSESS
+  \fB/U\fP              PCRE_UNGREEDY
+  \fB/W\fP              PCRE_UCP
+  \fB/X\fP              PCRE_EXTRA
+  \fB/Y\fP              PCRE_NO_START_OPTIMIZE
+  \fB/<any>\fP          PCRE_NEWLINE_ANY
+  \fB/<anycrlf>\fP      PCRE_NEWLINE_ANYCRLF
+  \fB/<cr>\fP           PCRE_NEWLINE_CR
+  \fB/<crlf>\fP         PCRE_NEWLINE_CRLF
+  \fB/<lf>\fP           PCRE_NEWLINE_LF
+  \fB/<bsr_anycrlf>\fP  PCRE_BSR_ANYCRLF
+  \fB/<bsr_unicode>\fP  PCRE_BSR_UNICODE
+  \fB/<JS>\fP           PCRE_JAVASCRIPT_COMPAT
+.sp
+The modifiers that are enclosed in angle brackets are literal strings as shown,
+including the angle brackets, but the letters within can be in either case.
+This example sets multiline matching with CRLF as the line ending sequence:
+.sp
+  /^abc/m<CRLF>
+.sp
+As well as turning on the PCRE_UTF8/16/32 option, the \fB/8\fP modifier causes
+all non-printing characters in output strings to be printed using the
+\ex{hh...} notation. Otherwise, those less than 0x100 are output in hex without
+the curly brackets.
+.P
+Full details of the PCRE options are given in the
+.\" HREF
+\fBpcreapi\fP
+.\"
+documentation.
+.
+.
+.SS "Finding all matches in a string"
+.rs
+.sp
+Searching for all possible matches within each subject string can be requested
+by the \fB/g\fP or \fB/G\fP modifier. After finding a match, PCRE is called
+again to search the remainder of the subject string. The difference between
+\fB/g\fP and \fB/G\fP is that the former uses the \fIstartoffset\fP argument to
+\fBpcre[16|32]_exec()\fP to start searching at a new point within the entire
+string (which is in effect what Perl does), whereas the latter passes over a
+shortened substring. This makes a difference to the matching process if the
+pattern begins with a lookbehind assertion (including \eb or \eB).
+.P
+If any call to \fBpcre[16|32]_exec()\fP in a \fB/g\fP or \fB/G\fP sequence matches
+an empty string, the next call is done with the PCRE_NOTEMPTY_ATSTART and
+PCRE_ANCHORED flags set in order to search for another, non-empty, match at the
+same point. If this second match fails, the start offset is advanced, and the
+normal match is retried. This imitates the way Perl handles such cases when
+using the \fB/g\fP modifier or the \fBsplit()\fP function. Normally, the start
+offset is advanced by one character, but if the newline convention recognizes
+CRLF as a newline, and the current character is CR followed by LF, an advance
+of two is used.
+.
+.
+.SS "Other modifiers"
+.rs
+.sp
+There are yet more modifiers for controlling the way \fBpcretest\fP
+operates.
+.P
+The \fB/+\fP modifier requests that as well as outputting the substring that
+matched the entire pattern, \fBpcretest\fP should in addition output the
+remainder of the subject string. This is useful for tests where the subject
+contains multiple copies of the same substring. If the \fB+\fP modifier appears
+twice, the same action is taken for captured substrings. In each case the
+remainder is output on the following line with a plus character following the
+capture number. Note that this modifier must not immediately follow the /S
+modifier because /S+ and /S++ have other meanings.
+.P
+The \fB/=\fP modifier requests that the values of all potential captured
+parentheses be output after a match. By default, only those up to the highest
+one actually used in the match are output (corresponding to the return code
+from \fBpcre[16|32]_exec()\fP). Values in the offsets vector corresponding to
+higher numbers should be set to -1, and these are output as "<unset>". This
+modifier gives a way of checking that this is happening.
+.P
+The \fB/B\fP modifier is a debugging feature. It requests that \fBpcretest\fP
+output a representation of the compiled code after compilation. Normally this
+information contains length and offset values; however, if \fB/Z\fP is also
+present, this data is replaced by spaces. This is a special feature for use in
+the automatic test scripts; it ensures that the same output is generated for
+different internal link sizes.
+.P
+The \fB/D\fP modifier is a PCRE debugging feature, and is equivalent to
+\fB/BI\fP, that is, both the \fB/B\fP and the \fB/I\fP modifiers.
+.P
+The \fB/F\fP modifier causes \fBpcretest\fP to flip the byte order of the
+2-byte and 4-byte fields in the compiled pattern. This facility is for testing
+the feature in PCRE that allows it to execute patterns that were compiled on a
+host with a different endianness. This feature is not available when the POSIX
+interface to PCRE is being used, that is, when the \fB/P\fP pattern modifier is
+specified. See also the section about saving and reloading compiled patterns
+below.
+.P
+The \fB/I\fP modifier requests that \fBpcretest\fP output information about the
+compiled pattern (whether it is anchored, has a fixed first character, and
+so on). It does this by calling \fBpcre[16|32]_fullinfo()\fP after compiling a
+pattern. If the pattern is studied, the results of that are also output. In
+this output, the word "char" means a non-UTF character, that is, the value of a
+single data item (8-bit, 16-bit, or 32-bit, depending on the library that is
+being tested).
+.P
+The \fB/K\fP modifier requests \fBpcretest\fP to show names from backtracking
+control verbs that are returned from calls to \fBpcre[16|32]_exec()\fP. It causes
+\fBpcretest\fP to create a \fBpcre[16|32]_extra\fP block if one has not already
+been created by a call to \fBpcre[16|32]_study()\fP, and to set the
+PCRE_EXTRA_MARK flag and the \fBmark\fP field within it, every time that
+\fBpcre[16|32]_exec()\fP is called. If the variable that the \fBmark\fP field
+points to is non-NULL for a match, non-match, or partial match, \fBpcretest\fP
+prints the string to which it points. For a match, this is shown on a line by
+itself, tagged with "MK:". For a non-match it is added to the message.
+.P
+The \fB/L\fP modifier must be followed directly by the name of a locale, for
+example,
+.sp
+  /pattern/Lfr_FR
+.sp
+For this reason, it must be the last modifier. The given locale is set,
+\fBpcre[16|32]_maketables()\fP is called to build a set of character tables for
+the locale, and this is then passed to \fBpcre[16|32]_compile()\fP when compiling
+the regular expression. Without an \fB/L\fP (or \fB/T\fP) modifier, NULL is
+passed as the tables pointer; that is, \fB/L\fP applies only to the expression
+on which it appears.
+.P
+The \fB/M\fP modifier causes the size in bytes of the memory block used to hold
+the compiled pattern to be output. This does not include the size of the
+\fBpcre[16|32]\fP block; it is just the actual compiled data. If the pattern is
+successfully studied with the PCRE_STUDY_JIT_COMPILE option, the size of the
+JIT compiled code is also output.
+.P
+The \fB/Q\fP modifier is used to test the use of \fBpcre_stack_guard\fP. It
+must be followed by '0' or '1', specifying the return code to be given from an
+external function that is passed to PCRE and used for stack checking during
+compilation (see the
+.\" HREF
+\fBpcreapi\fP
+.\"
+documentation for details).
+.P
+The \fB/S\fP modifier causes \fBpcre[16|32]_study()\fP to be called after the
+expression has been compiled, and the results used when the expression is
+matched. There are a number of qualifying characters that may follow \fB/S\fP.
+They may appear in any order.
+.P
+If \fB/S\fP is followed by an exclamation mark, \fBpcre[16|32]_study()\fP is
+called with the PCRE_STUDY_EXTRA_NEEDED option, causing it always to return a
+\fBpcre_extra\fP block, even when studying discovers no useful information.
+.P
+If \fB/S\fP is followed by a second S character, it suppresses studying, even
+if it was requested externally by the \fB-s\fP command line option. This makes
+it possible to specify that certain patterns are always studied, and others are
+never studied, independently of \fB-s\fP. This feature is used in the test
+files in a few cases where the output is different when the pattern is studied.
+.P
+If the \fB/S\fP modifier is followed by a + character, the call to
+\fBpcre[16|32]_study()\fP is made with all the JIT study options, requesting
+just-in-time optimization support if it is available, for both normal and
+partial matching. If you want to restrict the JIT compiling modes, you can
+follow \fB/S+\fP with a digit in the range 1 to 7:
+.sp
+  1  normal match only
+  2  soft partial match only
+  3  normal match and soft partial match
+  4  hard partial match only
+  6  soft and hard partial match
+  7  all three modes (default)
+.sp
+If \fB/S++\fP is used instead of \fB/S+\fP (with or without a following digit),
+the text "(JIT)" is added to the first output line after a match or no match
+when JIT-compiled code was actually used.
+.P
+Note that there is also an independent \fB/+\fP modifier; it must not be given
+immediately after \fB/S\fP or \fB/S+\fP because this will be misinterpreted.
+.P
+If JIT studying is successful, the compiled JIT code will automatically be used
+when \fBpcre[16|32]_exec()\fP is run, except when incompatible run-time options
+are specified. For more details, see the
+.\" HREF
+\fBpcrejit\fP
+.\"
+documentation. See also the \fB\eJ\fP escape sequence below for a way of
+setting the size of the JIT stack.
+.P
+Finally, if \fB/S\fP is followed by a minus character, JIT compilation is
+suppressed, even if it was requested externally by the \fB-s\fP command line
+option. This makes it possible to specify that JIT is never to be used for
+certain patterns.
+.P
+The \fB/T\fP modifier must be followed by a single digit. It causes a specific
+set of built-in character tables to be passed to \fBpcre[16|32]_compile()\fP. It
+is used in the standard PCRE tests to check behaviour with different character
+tables. The digit specifies the tables as follows:
+.sp
+  0   the default ASCII tables, as distributed in
+        pcre_chartables.c.dist
+  1   a set of tables defining ISO 8859 characters
+.sp
+In table 1, some characters whose codes are greater than 128 are identified as
+letters, digits, spaces, etc.
+.
+.
+.SS "Using the POSIX wrapper API"
+.rs
+.sp
+The \fB/P\fP modifier causes \fBpcretest\fP to call PCRE via the POSIX wrapper
+API rather than its native API. This supports only the 8-bit library. When
+\fB/P\fP is set, the following modifiers set options for the \fBregcomp()\fP
+function:
+.sp
+  /i    REG_ICASE
+  /m    REG_NEWLINE
+  /N    REG_NOSUB
+  /s    REG_DOTALL     )
+  /U    REG_UNGREEDY   ) These options are not part of
+  /W    REG_UCP        )   the POSIX standard
+  /8    REG_UTF8       )
+.sp
+The \fB/+\fP modifier works as described above. All other modifiers are
+ignored.
+.
+.
+.SS "Locking out certain modifiers"
+.rs
+.sp
+PCRE can be compiled with or without support for certain features such as
+UTF-8/16/32 or Unicode properties. Accordingly, the standard tests are split up
+into a number of different files that are selected for running depending on
+which features are available. When updating the tests, it is all too easy to
+put a new test into the wrong file by mistake; for example, to put a test that
+requires UTF support into a file that is used when it is not available. To help
+detect such mistakes as early as possible, there is a facility for locking out
+specific modifiers. If an input line for \fBpcretest\fP starts with the string
+"< forbid " the following sequence of characters is taken as a list of
+forbidden modifiers. For example, in the test files that must not use UTF or
+Unicode property support, this line appears:
+.sp
+  < forbid 8W
+.sp
+This locks out the /8 and /W modifiers. An immediate error is given if they are
+subsequently encountered. If the character string contains < but not >, all the
+multi-character modifiers that begin with < are locked out. Otherwise, such
+modifiers must be explicitly listed, for example:
+.sp
+  < forbid <JS><cr>
+.sp
+There must be a single space between < and "forbid" for this feature to be
+recognised. If there is not, the line is interpreted either as a request to
+re-load a pre-compiled pattern (see "SAVING AND RELOADING COMPILED PATTERNS"
+below) or, if there is a another < character, as a pattern that uses < as its
+delimiter.
+.
+.
+.SH "DATA LINES"
+.rs
+.sp
+Before each data line is passed to \fBpcre[16|32]_exec()\fP, leading and trailing
+white space is removed, and it is then scanned for \e escapes. Some of these
+are pretty esoteric features, intended for checking out some of the more
+complicated features of PCRE. If you are just testing "ordinary" regular
+expressions, you probably don't need any of these. The following escapes are
+recognized:
+.sp
+  \ea         alarm (BEL, \ex07)
+  \eb         backspace (\ex08)
+  \ee         escape (\ex27)
+  \ef         form feed (\ex0c)
+  \en         newline (\ex0a)
+.\" JOIN
+  \eqdd       set the PCRE_MATCH_LIMIT limit to dd
+               (any number of digits)
+  \er         carriage return (\ex0d)
+  \et         tab (\ex09)
+  \ev         vertical tab (\ex0b)
+  \ennn       octal character (up to 3 octal digits); always
+               a byte unless > 255 in UTF-8 or 16-bit or 32-bit mode
+  \eo{dd...}  octal character (any number of octal digits}
+  \exhh       hexadecimal byte (up to 2 hex digits)
+  \ex{hh...}  hexadecimal character (any number of hex digits)
+.\" JOIN
+  \eA         pass the PCRE_ANCHORED option to \fBpcre[16|32]_exec()\fP
+               or \fBpcre[16|32]_dfa_exec()\fP
+.\" JOIN
+  \eB         pass the PCRE_NOTBOL option to \fBpcre[16|32]_exec()\fP
+               or \fBpcre[16|32]_dfa_exec()\fP
+.\" JOIN
+  \eCdd       call pcre[16|32]_copy_substring() for substring dd
+               after a successful match (number less than 32)
+.\" JOIN
+  \eCname     call pcre[16|32]_copy_named_substring() for substring
+               "name" after a successful match (name termin-
+               ated by next non alphanumeric character)
+.\" JOIN
+  \eC+        show the current captured substrings at callout
+               time
+  \eC-        do not supply a callout function
+.\" JOIN
+  \eC!n       return 1 instead of 0 when callout number n is
+               reached
+.\" JOIN
+  \eC!n!m     return 1 instead of 0 when callout number n is
+               reached for the nth time
+.\" JOIN
+  \eC*n       pass the number n (may be negative) as callout
+               data; this is used as the callout return value
+  \eD         use the \fBpcre[16|32]_dfa_exec()\fP match function
+  \eF         only shortest match for \fBpcre[16|32]_dfa_exec()\fP
+.\" JOIN
+  \eGdd       call pcre[16|32]_get_substring() for substring dd
+               after a successful match (number less than 32)
+.\" JOIN
+  \eGname     call pcre[16|32]_get_named_substring() for substring
+               "name" after a successful match (name termin-
+               ated by next non-alphanumeric character)
+.\" JOIN
+  \eJdd       set up a JIT stack of dd kilobytes maximum (any
+               number of digits)
+.\" JOIN
+  \eL         call pcre[16|32]_get_substringlist() after a
+               successful match
+.\" JOIN
+  \eM         discover the minimum MATCH_LIMIT and
+               MATCH_LIMIT_RECURSION settings
+.\" JOIN
+  \eN         pass the PCRE_NOTEMPTY option to \fBpcre[16|32]_exec()\fP
+               or \fBpcre[16|32]_dfa_exec()\fP; if used twice, pass the
+               PCRE_NOTEMPTY_ATSTART option
+.\" JOIN
+  \eOdd       set the size of the output vector passed to
+               \fBpcre[16|32]_exec()\fP to dd (any number of digits)
+.\" JOIN
+  \eP         pass the PCRE_PARTIAL_SOFT option to \fBpcre[16|32]_exec()\fP
+               or \fBpcre[16|32]_dfa_exec()\fP; if used twice, pass the
+               PCRE_PARTIAL_HARD option
+.\" JOIN
+  \eQdd       set the PCRE_MATCH_LIMIT_RECURSION limit to dd
+               (any number of digits)
+  \eR         pass the PCRE_DFA_RESTART option to \fBpcre[16|32]_dfa_exec()\fP
+  \eS         output details of memory get/free calls during matching
+.\" JOIN
+  \eY         pass the PCRE_NO_START_OPTIMIZE option to \fBpcre[16|32]_exec()\fP
+               or \fBpcre[16|32]_dfa_exec()\fP
+.\" JOIN
+  \eZ         pass the PCRE_NOTEOL option to \fBpcre[16|32]_exec()\fP
+               or \fBpcre[16|32]_dfa_exec()\fP
+.\" JOIN
+  \e?         pass the PCRE_NO_UTF[8|16|32]_CHECK option to
+               \fBpcre[16|32]_exec()\fP or \fBpcre[16|32]_dfa_exec()\fP
+.\" JOIN
+  \e>dd       start the match at offset dd (optional "-"; then
+               any number of digits); this sets the \fIstartoffset\fP
+               argument for \fBpcre[16|32]_exec()\fP or \fBpcre[16|32]_dfa_exec()\fP
+.\" JOIN
+  \e<cr>      pass the PCRE_NEWLINE_CR option to \fBpcre[16|32]_exec()\fP
+               or \fBpcre[16|32]_dfa_exec()\fP
+.\" JOIN
+  \e<lf>      pass the PCRE_NEWLINE_LF option to \fBpcre[16|32]_exec()\fP
+               or \fBpcre[16|32]_dfa_exec()\fP
+.\" JOIN
+  \e<crlf>    pass the PCRE_NEWLINE_CRLF option to \fBpcre[16|32]_exec()\fP
+               or \fBpcre[16|32]_dfa_exec()\fP
+.\" JOIN
+  \e<anycrlf> pass the PCRE_NEWLINE_ANYCRLF option to \fBpcre[16|32]_exec()\fP
+               or \fBpcre[16|32]_dfa_exec()\fP
+.\" JOIN
+  \e<any>     pass the PCRE_NEWLINE_ANY option to \fBpcre[16|32]_exec()\fP
+               or \fBpcre[16|32]_dfa_exec()\fP
+.sp
+The use of \ex{hh...} is not dependent on the use of the \fB/8\fP modifier on
+the pattern. It is recognized always. There may be any number of hexadecimal
+digits inside the braces; invalid values provoke error messages.
+.P
+Note that \exhh specifies one byte rather than one character in UTF-8 mode;
+this makes it possible to construct invalid UTF-8 sequences for testing
+purposes. On the other hand, \ex{hh} is interpreted as a UTF-8 character in
+UTF-8 mode, generating more than one byte if the value is greater than 127.
+When testing the 8-bit library not in UTF-8 mode, \ex{hh} generates one byte
+for values less than 256, and causes an error for greater values.
+.P
+In UTF-16 mode, all 4-digit \ex{hhhh} values are accepted. This makes it
+possible to construct invalid UTF-16 sequences for testing purposes.
+.P
+In UTF-32 mode, all 4- to 8-digit \ex{...} values are accepted. This makes it
+possible to construct invalid UTF-32 sequences for testing purposes.
+.P
+The escapes that specify line ending sequences are literal strings, exactly as
+shown. No more than one newline setting should be present in any data line.
+.P
+A backslash followed by anything else just escapes the anything else. If
+the very last character is a backslash, it is ignored. This gives a way of
+passing an empty line as data, since a real empty line terminates the data
+input.
+.P
+The \fB\eJ\fP escape provides a way of setting the maximum stack size that is
+used by the just-in-time optimization code. It is ignored if JIT optimization
+is not being used. Providing a stack that is larger than the default 32K is
+necessary only for very complicated patterns.
+.P
+If \eM is present, \fBpcretest\fP calls \fBpcre[16|32]_exec()\fP several times,
+with different values in the \fImatch_limit\fP and \fImatch_limit_recursion\fP
+fields of the \fBpcre[16|32]_extra\fP data structure, until it finds the minimum
+numbers for each parameter that allow \fBpcre[16|32]_exec()\fP to complete without
+error. Because this is testing a specific feature of the normal interpretive
+\fBpcre[16|32]_exec()\fP execution, the use of any JIT optimization that might
+have been set up by the \fB/S+\fP qualifier of \fB-s+\fP option is disabled.
+.P
+The \fImatch_limit\fP number is a measure of the amount of backtracking
+that takes place, and checking it out can be instructive. For most simple
+matches, the number is quite small, but for patterns with very large numbers of
+matching possibilities, it can become large very quickly with increasing length
+of subject string. The \fImatch_limit_recursion\fP number is a measure of how
+much stack (or, if PCRE is compiled with NO_RECURSE, how much heap) memory is
+needed to complete the match attempt.
+.P
+When \eO is used, the value specified may be higher or lower than the size set
+by the \fB-O\fP command line option (or defaulted to 45); \eO applies only to
+the call of \fBpcre[16|32]_exec()\fP for the line in which it appears.
+.P
+If the \fB/P\fP modifier was present on the pattern, causing the POSIX wrapper
+API to be used, the only option-setting sequences that have any effect are \eB,
+\eN, and \eZ, causing REG_NOTBOL, REG_NOTEMPTY, and REG_NOTEOL, respectively,
+to be passed to \fBregexec()\fP.
+.
+.
+.SH "THE ALTERNATIVE MATCHING FUNCTION"
+.rs
+.sp
+By default, \fBpcretest\fP uses the standard PCRE matching function,
+\fBpcre[16|32]_exec()\fP to match each data line. PCRE also supports an
+alternative matching function, \fBpcre[16|32]_dfa_test()\fP, which operates in a
+different way, and has some restrictions. The differences between the two
+functions are described in the
+.\" HREF
+\fBpcrematching\fP
+.\"
+documentation.
+.P
+If a data line contains the \eD escape sequence, or if the command line
+contains the \fB-dfa\fP option, the alternative matching function is used.
+This function finds all possible matches at a given point. If, however, the \eF
+escape sequence is present in the data line, it stops after the first match is
+found. This is always the shortest possible match.
+.
+.
+.SH "DEFAULT OUTPUT FROM PCRETEST"
+.rs
+.sp
+This section describes the output when the normal matching function,
+\fBpcre[16|32]_exec()\fP, is being used.
+.P
+When a match succeeds, \fBpcretest\fP outputs the list of captured substrings
+that \fBpcre[16|32]_exec()\fP returns, starting with number 0 for the string that
+matched the whole pattern. Otherwise, it outputs "No match" when the return is
+PCRE_ERROR_NOMATCH, and "Partial match:" followed by the partially matching
+substring when \fBpcre[16|32]_exec()\fP returns PCRE_ERROR_PARTIAL. (Note that
+this is the entire substring that was inspected during the partial match; it
+may include characters before the actual match start if a lookbehind assertion,
+\eK, \eb, or \eB was involved.) For any other return, \fBpcretest\fP outputs
+the PCRE negative error number and a short descriptive phrase. If the error is
+a failed UTF string check, the offset of the start of the failing character and
+the reason code are also output, provided that the size of the output vector is
+at least two. Here is an example of an interactive \fBpcretest\fP run.
+.sp
+  $ pcretest
+  PCRE version 8.13 2011-04-30
+.sp
+    re> /^abc(\ed+)/
+  data> abc123
+   0: abc123
+   1: 123
+  data> xyz
+  No match
+.sp
+Unset capturing substrings that are not followed by one that is set are not
+returned by \fBpcre[16|32]_exec()\fP, and are not shown by \fBpcretest\fP. In the
+following example, there are two capturing substrings, but when the first data
+line is matched, the second, unset substring is not shown. An "internal" unset
+substring is shown as "<unset>", as for the second data line.
+.sp
+    re> /(a)|(b)/
+  data> a
+   0: a
+   1: a
+  data> b
+   0: b
+   1: <unset>
+   2: b
+.sp
+If the strings contain any non-printing characters, they are output as \exhh
+escapes if the value is less than 256 and UTF mode is not set. Otherwise they
+are output as \ex{hh...} escapes. See below for the definition of non-printing
+characters. If the pattern has the \fB/+\fP modifier, the output for substring
+0 is followed by the the rest of the subject string, identified by "0+" like
+this:
+.sp
+    re> /cat/+
+  data> cataract
+   0: cat
+   0+ aract
+.sp
+If the pattern has the \fB/g\fP or \fB/G\fP modifier, the results of successive
+matching attempts are output in sequence, like this:
+.sp
+    re> /\eBi(\ew\ew)/g
+  data> Mississippi
+   0: iss
+   1: ss
+   0: iss
+   1: ss
+   0: ipp
+   1: pp
+.sp
+"No match" is output only if the first match attempt fails. Here is an example
+of a failure message (the offset 4 that is specified by \e>4 is past the end of
+the subject string):
+.sp
+    re> /xyz/
+  data> xyz\e>4
+  Error -24 (bad offset value)
+.P
+If any of the sequences \fB\eC\fP, \fB\eG\fP, or \fB\eL\fP are present in a
+data line that is successfully matched, the substrings extracted by the
+convenience functions are output with C, G, or L after the string number
+instead of a colon. This is in addition to the normal full list. The string
+length (that is, the return from the extraction function) is given in
+parentheses after each string for \fB\eC\fP and \fB\eG\fP.
+.P
+Note that whereas patterns can be continued over several lines (a plain ">"
+prompt is used for continuations), data lines may not. However newlines can be
+included in data by means of the \en escape (or \er, \er\en, etc., depending on
+the newline sequence setting).
+.
+.
+.
+.SH "OUTPUT FROM THE ALTERNATIVE MATCHING FUNCTION"
+.rs
+.sp
+When the alternative matching function, \fBpcre[16|32]_dfa_exec()\fP, is used (by
+means of the \eD escape sequence or the \fB-dfa\fP command line option), the
+output consists of a list of all the matches that start at the first point in
+the subject where there is at least one match. For example:
+.sp
+    re> /(tang|tangerine|tan)/
+  data> yellow tangerine\eD
+   0: tangerine
+   1: tang
+   2: tan
+.sp
+(Using the normal matching function on this data finds only "tang".) The
+longest matching string is always given first (and numbered zero). After a
+PCRE_ERROR_PARTIAL return, the output is "Partial match:", followed by the
+partially matching substring. (Note that this is the entire substring that was
+inspected during the partial match; it may include characters before the actual
+match start if a lookbehind assertion, \eK, \eb, or \eB was involved.)
+.P
+If \fB/g\fP is present on the pattern, the search for further matches resumes
+at the end of the longest match. For example:
+.sp
+    re> /(tang|tangerine|tan)/g
+  data> yellow tangerine and tangy sultana\eD
+   0: tangerine
+   1: tang
+   2: tan
+   0: tang
+   1: tan
+   0: tan
+.sp
+Since the matching function does not support substring capture, the escape
+sequences that are concerned with captured substrings are not relevant.
+.
+.
+.SH "RESTARTING AFTER A PARTIAL MATCH"
+.rs
+.sp
+When the alternative matching function has given the PCRE_ERROR_PARTIAL return,
+indicating that the subject partially matched the pattern, you can restart the
+match with additional subject data by means of the \eR escape sequence. For
+example:
+.sp
+    re> /^\ed?\ed(jan|feb|mar|apr|may|jun|jul|aug|sep|oct|nov|dec)\ed\ed$/
+  data> 23ja\eP\eD
+  Partial match: 23ja
+  data> n05\eR\eD
+   0: n05
+.sp
+For further information about partial matching, see the
+.\" HREF
+\fBpcrepartial\fP
+.\"
+documentation.
+.
+.
+.SH CALLOUTS
+.rs
+.sp
+If the pattern contains any callout requests, \fBpcretest\fP's callout function
+is called during matching. This works with both matching functions. By default,
+the called function displays the callout number, the start and current
+positions in the text at the callout time, and the next pattern item to be
+tested. For example:
+.sp
+  --->pqrabcdef
+    0    ^  ^     \ed
+.sp
+This output indicates that callout number 0 occurred for a match attempt
+starting at the fourth character of the subject string, when the pointer was at
+the seventh character of the data, and when the next pattern item was \ed. Just
+one circumflex is output if the start and current positions are the same.
+.P
+Callouts numbered 255 are assumed to be automatic callouts, inserted as a
+result of the \fB/C\fP pattern modifier. In this case, instead of showing the
+callout number, the offset in the pattern, preceded by a plus, is output. For
+example:
+.sp
+    re> /\ed?[A-E]\e*/C
+  data> E*
+  --->E*
+   +0 ^      \ed?
+   +3 ^      [A-E]
+   +8 ^^     \e*
+  +10 ^ ^
+   0: E*
+.sp
+If a pattern contains (*MARK) items, an additional line is output whenever
+a change of latest mark is passed to the callout function. For example:
+.sp
+    re> /a(*MARK:X)bc/C
+  data> abc
+  --->abc
+   +0 ^       a
+   +1 ^^      (*MARK:X)
+  +10 ^^      b
+  Latest Mark: X
+  +11 ^ ^     c
+  +12 ^  ^
+   0: abc
+.sp
+The mark changes between matching "a" and "b", but stays the same for the rest
+of the match, so nothing more is output. If, as a result of backtracking, the
+mark reverts to being unset, the text "<unset>" is output.
+.P
+The callout function in \fBpcretest\fP returns zero (carry on matching) by
+default, but you can use a \eC item in a data line (as described above) to
+change this and other parameters of the callout.
+.P
+Inserting callouts can be helpful when using \fBpcretest\fP to check
+complicated regular expressions. For further information about callouts, see
+the
+.\" HREF
+\fBpcrecallout\fP
+.\"
+documentation.
+.
+.
+.
+.SH "NON-PRINTING CHARACTERS"
+.rs
+.sp
+When \fBpcretest\fP is outputting text in the compiled version of a pattern,
+bytes other than 32-126 are always treated as non-printing characters are are
+therefore shown as hex escapes.
+.P
+When \fBpcretest\fP is outputting text that is a matched part of a subject
+string, it behaves in the same way, unless a different locale has been set for
+the pattern (using the \fB/L\fP modifier). In this case, the \fBisprint()\fP
+function to distinguish printing and non-printing characters.
+.
+.
+.
+.SH "SAVING AND RELOADING COMPILED PATTERNS"
+.rs
+.sp
+The facilities described in this section are not available when the POSIX
+interface to PCRE is being used, that is, when the \fB/P\fP pattern modifier is
+specified.
+.P
+When the POSIX interface is not in use, you can cause \fBpcretest\fP to write a
+compiled pattern to a file, by following the modifiers with > and a file name.
+For example:
+.sp
+  /pattern/im >/some/file
+.sp
+See the
+.\" HREF
+\fBpcreprecompile\fP
+.\"
+documentation for a discussion about saving and re-using compiled patterns.
+Note that if the pattern was successfully studied with JIT optimization, the
+JIT data cannot be saved.
+.P
+The data that is written is binary. The first eight bytes are the length of the
+compiled pattern data followed by the length of the optional study data, each
+written as four bytes in big-endian order (most significant byte first). If
+there is no study data (either the pattern was not studied, or studying did not
+return any data), the second length is zero. The lengths are followed by an
+exact copy of the compiled pattern. If there is additional study data, this
+(excluding any JIT data) follows immediately after the compiled pattern. After
+writing the file, \fBpcretest\fP expects to read a new pattern.
+.P
+A saved pattern can be reloaded into \fBpcretest\fP by specifying < and a file
+name instead of a pattern. There must be no space between < and the file name,
+which must not contain a < character, as otherwise \fBpcretest\fP will
+interpret the line as a pattern delimited by < characters. For example:
+.sp
+   re> </some/file
+  Compiled pattern loaded from /some/file
+  No study data
+.sp
+If the pattern was previously studied with the JIT optimization, the JIT
+information cannot be saved and restored, and so is lost. When the pattern has
+been loaded, \fBpcretest\fP proceeds to read data lines in the usual way.
+.P
+You can copy a file written by \fBpcretest\fP to a different host and reload it
+there, even if the new host has opposite endianness to the one on which the
+pattern was compiled. For example, you can compile on an i86 machine and run on
+a SPARC machine. When a pattern is reloaded on a host with different
+endianness, the confirmation message is changed to:
+.sp
+  Compiled pattern (byte-inverted) loaded from /some/file
+.sp
+The test suite contains some saved pre-compiled patterns with different
+endianness. These are reloaded using "<!" instead of just "<". This suppresses
+the "(byte-inverted)" text so that the output is the same on all hosts. It also
+forces debugging output once the pattern has been reloaded.
+.P
+File names for saving and reloading can be absolute or relative, but note that
+the shell facility of expanding a file name that starts with a tilde (~) is not
+available.
+.P
+The ability to save and reload files in \fBpcretest\fP is intended for testing
+and experimentation. It is not intended for production use because only a
+single pattern can be written to a file. Furthermore, there is no facility for
+supplying custom character tables for use with a reloaded pattern. If the
+original pattern was compiled with custom tables, an attempt to match a subject
+string using a reloaded pattern is likely to cause \fBpcretest\fP to crash.
+Finally, if you attempt to load a file that is not in the correct format, the
+result is undefined.
+.
+.
+.SH "SEE ALSO"
+.rs
+.sp
+\fBpcre\fP(3), \fBpcre16\fP(3), \fBpcre32\fP(3), \fBpcreapi\fP(3),
+\fBpcrecallout\fP(3),
+\fBpcrejit\fP, \fBpcrematching\fP(3), \fBpcrepartial\fP(d),
+\fBpcrepattern\fP(3), \fBpcreprecompile\fP(3).
+.
+.
+.SH AUTHOR
+.rs
+.sp
+.nf
+Philip Hazel
+University Computing Service
+Cambridge CB2 3QH, England.
+.fi
+.
+.
+.SH REVISION
+.rs
+.sp
+.nf
+Last updated: 23 February 2017
+Copyright (c) 1997-2017 University of Cambridge.
+.fi
diff --git a/client/3rd/ShadowSocks/ShadowSocks/pcre/armv7s/share/man/man3/pcre.3 b/client/3rd/ShadowSocks/ShadowSocks/pcre/armv7s/share/man/man3/pcre.3
new file mode 100644
index 00000000..0f2837e7
--- /dev/null
+++ b/client/3rd/ShadowSocks/ShadowSocks/pcre/armv7s/share/man/man3/pcre.3
@@ -0,0 +1,230 @@
+.TH PCRE 3 "10 February 2015" "PCRE 8.37"
+.SH NAME
+PCRE - Perl-compatible regular expressions (original API)
+.SH "PLEASE TAKE NOTE"
+.rs
+.sp
+This document relates to PCRE releases that use the original API,
+with library names libpcre, libpcre16, and libpcre32. January 2015 saw the
+first release of a new API, known as PCRE2, with release numbers starting at
+10.00 and library names libpcre2-8, libpcre2-16, and libpcre2-32. The old
+libraries (now called PCRE1) are still being maintained for bug fixes, but
+there will be no new development. New projects are advised to use the new PCRE2
+libraries.
+.
+.
+.SH INTRODUCTION
+.rs
+.sp
+The PCRE library is a set of functions that implement regular expression
+pattern matching using the same syntax and semantics as Perl, with just a few
+differences. Some features that appeared in Python and PCRE before they
+appeared in Perl are also available using the Python syntax, there is some
+support for one or two .NET and Oniguruma syntax items, and there is an option
+for requesting some minor changes that give better JavaScript compatibility.
+.P
+Starting with release 8.30, it is possible to compile two separate PCRE
+libraries: the original, which supports 8-bit character strings (including
+UTF-8 strings), and a second library that supports 16-bit character strings
+(including UTF-16 strings). The build process allows either one or both to be
+built. The majority of the work to make this possible was done by Zoltan
+Herczeg.
+.P
+Starting with release 8.32 it is possible to compile a third separate PCRE
+library that supports 32-bit character strings (including UTF-32 strings). The
+build process allows any combination of the 8-, 16- and 32-bit libraries. The
+work to make this possible was done by Christian Persch.
+.P
+The three libraries contain identical sets of functions, except that the names
+in the 16-bit library start with \fBpcre16_\fP instead of \fBpcre_\fP, and the
+names in the 32-bit library start with \fBpcre32_\fP instead of \fBpcre_\fP. To
+avoid over-complication and reduce the documentation maintenance load, most of
+the documentation describes the 8-bit library, with the differences for the
+16-bit and 32-bit libraries described separately in the
+.\" HREF
+\fBpcre16\fP
+and
+.\" HREF
+\fBpcre32\fP
+.\"
+pages. References to functions or structures of the form \fIpcre[16|32]_xxx\fP
+should be read as meaning "\fIpcre_xxx\fP when using the 8-bit library,
+\fIpcre16_xxx\fP when using the 16-bit library, or \fIpcre32_xxx\fP when using
+the 32-bit library".
+.P
+The current implementation of PCRE corresponds approximately with Perl 5.12,
+including support for UTF-8/16/32 encoded strings and Unicode general category
+properties. However, UTF-8/16/32 and Unicode support has to be explicitly
+enabled; it is not the default. The Unicode tables correspond to Unicode
+release 6.3.0.
+.P
+In addition to the Perl-compatible matching function, PCRE contains an
+alternative function that matches the same compiled patterns in a different
+way. In certain circumstances, the alternative function has some advantages.
+For a discussion of the two matching algorithms, see the
+.\" HREF
+\fBpcrematching\fP
+.\"
+page.
+.P
+PCRE is written in C and released as a C library. A number of people have
+written wrappers and interfaces of various kinds. In particular, Google Inc.
+have provided a comprehensive C++ wrapper for the 8-bit library. This is now
+included as part of the PCRE distribution. The
+.\" HREF
+\fBpcrecpp\fP
+.\"
+page has details of this interface. Other people's contributions can be found
+in the \fIContrib\fP directory at the primary FTP site, which is:
+.sp
+.\" HTML <a href="ftp://ftp.csx.cam.ac.uk/pub/software/programming/pcre">
+.\" </a>
+ftp://ftp.csx.cam.ac.uk/pub/software/programming/pcre
+.\"
+.P
+Details of exactly which Perl regular expression features are and are not
+supported by PCRE are given in separate documents. See the
+.\" HREF
+\fBpcrepattern\fP
+.\"
+and
+.\" HREF
+\fBpcrecompat\fP
+.\"
+pages. There is a syntax summary in the
+.\" HREF
+\fBpcresyntax\fP
+.\"
+page.
+.P
+Some features of PCRE can be included, excluded, or changed when the library is
+built. The
+.\" HREF
+\fBpcre_config()\fP
+.\"
+function makes it possible for a client to discover which features are
+available. The features themselves are described in the
+.\" HREF
+\fBpcrebuild\fP
+.\"
+page. Documentation about building PCRE for various operating systems can be
+found in the
+.\" HTML <a href="README.txt">
+.\" </a>
+\fBREADME\fP
+.\"
+and
+.\" HTML <a href="NON-AUTOTOOLS-BUILD.txt">
+.\" </a>
+\fBNON-AUTOTOOLS_BUILD\fP
+.\"
+files in the source distribution.
+.P
+The libraries contains a number of undocumented internal functions and data
+tables that are used by more than one of the exported external functions, but
+which are not intended for use by external callers. Their names all begin with
+"_pcre_" or "_pcre16_" or "_pcre32_", which hopefully will not provoke any name
+clashes. In some environments, it is possible to control which external symbols
+are exported when a shared library is built, and in these cases the
+undocumented symbols are not exported.
+.
+.
+.SH "SECURITY CONSIDERATIONS"
+.rs
+.sp
+If you are using PCRE in a non-UTF application that permits users to supply
+arbitrary patterns for compilation, you should be aware of a feature that
+allows users to turn on UTF support from within a pattern, provided that PCRE
+was built with UTF support. For example, an 8-bit pattern that begins with
+"(*UTF8)" or "(*UTF)" turns on UTF-8 mode, which interprets patterns and
+subjects as strings of UTF-8 characters instead of individual 8-bit characters.
+This causes both the pattern and any data against which it is matched to be
+checked for UTF-8 validity. If the data string is very long, such a check might
+use sufficiently many resources as to cause your application to lose
+performance.
+.P
+One way of guarding against this possibility is to use the
+\fBpcre_fullinfo()\fP function to check the compiled pattern's options for UTF.
+Alternatively, from release 8.33, you can set the PCRE_NEVER_UTF option at
+compile time. This causes an compile time error if a pattern contains a
+UTF-setting sequence.
+.P
+If your application is one that supports UTF, be aware that validity checking
+can take time. If the same data string is to be matched many times, you can use
+the PCRE_NO_UTF[8|16|32]_CHECK option for the second and subsequent matches to
+save redundant checks.
+.P
+Another way that performance can be hit is by running a pattern that has a very
+large search tree against a string that will never match. Nested unlimited
+repeats in a pattern are a common example. PCRE provides some protection
+against this: see the PCRE_EXTRA_MATCH_LIMIT feature in the
+.\" HREF
+\fBpcreapi\fP
+.\"
+page.
+.
+.
+.SH "USER DOCUMENTATION"
+.rs
+.sp
+The user documentation for PCRE comprises a number of different sections. In
+the "man" format, each of these is a separate "man page". In the HTML format,
+each is a separate page, linked from the index page. In the plain text format,
+the descriptions of the \fBpcregrep\fP and \fBpcretest\fP programs are in files
+called \fBpcregrep.txt\fP and \fBpcretest.txt\fP, respectively. The remaining
+sections, except for the \fBpcredemo\fP section (which is a program listing),
+are concatenated in \fBpcre.txt\fP, for ease of searching. The sections are as
+follows:
+.sp
+  pcre              this document
+  pcre-config       show PCRE installation configuration information
+  pcre16            details of the 16-bit library
+  pcre32            details of the 32-bit library
+  pcreapi           details of PCRE's native C API
+  pcrebuild         building PCRE
+  pcrecallout       details of the callout feature
+  pcrecompat        discussion of Perl compatibility
+  pcrecpp           details of the C++ wrapper for the 8-bit library
+  pcredemo          a demonstration C program that uses PCRE
+  pcregrep          description of the \fBpcregrep\fP command (8-bit only)
+  pcrejit           discussion of the just-in-time optimization support
+  pcrelimits        details of size and other limits
+  pcrematching      discussion of the two matching algorithms
+  pcrepartial       details of the partial matching facility
+.\" JOIN
+  pcrepattern       syntax and semantics of supported
+                      regular expressions
+  pcreperform       discussion of performance issues
+  pcreposix         the POSIX-compatible C API for the 8-bit library
+  pcreprecompile    details of saving and re-using precompiled patterns
+  pcresample        discussion of the pcredemo program
+  pcrestack         discussion of stack usage
+  pcresyntax        quick syntax reference
+  pcretest          description of the \fBpcretest\fP testing command
+  pcreunicode       discussion of Unicode and UTF-8/16/32 support
+.sp
+In the "man" and HTML formats, there is also a short page for each C library
+function, listing its arguments and results.
+.
+.
+.SH AUTHOR
+.rs
+.sp
+.nf
+Philip Hazel
+University Computing Service
+Cambridge CB2 3QH, England.
+.fi
+.P
+Putting an actual email address here seems to have been a spam magnet, so I've
+taken it away. If you want to email me, use my two initials, followed by the
+two digits 10, at the domain cam.ac.uk.
+.
+.
+.SH REVISION
+.rs
+.sp
+.nf
+Last updated: 10 February 2015
+Copyright (c) 1997-2015 University of Cambridge.
+.fi
diff --git a/client/3rd/ShadowSocks/ShadowSocks/pcre/armv7s/share/man/man3/pcre16.3 b/client/3rd/ShadowSocks/ShadowSocks/pcre/armv7s/share/man/man3/pcre16.3
new file mode 100644
index 00000000..85126a67
--- /dev/null
+++ b/client/3rd/ShadowSocks/ShadowSocks/pcre/armv7s/share/man/man3/pcre16.3
@@ -0,0 +1,371 @@
+.TH PCRE 3 "12 May 2013" "PCRE 8.33"
+.SH NAME
+PCRE - Perl-compatible regular expressions
+.sp
+.B #include <pcre.h>
+.
+.
+.SH "PCRE 16-BIT API BASIC FUNCTIONS"
+.rs
+.sp
+.nf
+.B pcre16 *pcre16_compile(PCRE_SPTR16 \fIpattern\fP, int \fIoptions\fP,
+.B "     const char **\fIerrptr\fP, int *\fIerroffset\fP,"
+.B "     const unsigned char *\fItableptr\fP);"
+.sp
+.B pcre16 *pcre16_compile2(PCRE_SPTR16 \fIpattern\fP, int \fIoptions\fP,
+.B "     int *\fIerrorcodeptr\fP,"
+.B "     const char **\fIerrptr\fP, int *\fIerroffset\fP,"
+.B "     const unsigned char *\fItableptr\fP);"
+.sp
+.B pcre16_extra *pcre16_study(const pcre16 *\fIcode\fP, int \fIoptions\fP,
+.B "     const char **\fIerrptr\fP);"
+.sp
+.B void pcre16_free_study(pcre16_extra *\fIextra\fP);
+.sp
+.B int pcre16_exec(const pcre16 *\fIcode\fP, "const pcre16_extra *\fIextra\fP,"
+.B "     PCRE_SPTR16 \fIsubject\fP, int \fIlength\fP, int \fIstartoffset\fP,"
+.B "     int \fIoptions\fP, int *\fIovector\fP, int \fIovecsize\fP);"
+.sp
+.B int pcre16_dfa_exec(const pcre16 *\fIcode\fP, "const pcre16_extra *\fIextra\fP,"
+.B "     PCRE_SPTR16 \fIsubject\fP, int \fIlength\fP, int \fIstartoffset\fP,"
+.B "     int \fIoptions\fP, int *\fIovector\fP, int \fIovecsize\fP,"
+.B "     int *\fIworkspace\fP, int \fIwscount\fP);"
+.fi
+.
+.
+.SH "PCRE 16-BIT API STRING EXTRACTION FUNCTIONS"
+.rs
+.sp
+.nf
+.B int pcre16_copy_named_substring(const pcre16 *\fIcode\fP,
+.B "     PCRE_SPTR16 \fIsubject\fP, int *\fIovector\fP,"
+.B "     int \fIstringcount\fP, PCRE_SPTR16 \fIstringname\fP,"
+.B "     PCRE_UCHAR16 *\fIbuffer\fP, int \fIbuffersize\fP);"
+.sp
+.B int pcre16_copy_substring(PCRE_SPTR16 \fIsubject\fP, int *\fIovector\fP,
+.B "     int \fIstringcount\fP, int \fIstringnumber\fP, PCRE_UCHAR16 *\fIbuffer\fP,"
+.B "     int \fIbuffersize\fP);"
+.sp
+.B int pcre16_get_named_substring(const pcre16 *\fIcode\fP,
+.B "     PCRE_SPTR16 \fIsubject\fP, int *\fIovector\fP,"
+.B "     int \fIstringcount\fP, PCRE_SPTR16 \fIstringname\fP,"
+.B "     PCRE_SPTR16 *\fIstringptr\fP);"
+.sp
+.B int pcre16_get_stringnumber(const pcre16 *\fIcode\fP,
+.B "     PCRE_SPTR16 \fIname\fP);
+.sp
+.B int pcre16_get_stringtable_entries(const pcre16 *\fIcode\fP,
+.B "     PCRE_SPTR16 \fIname\fP, PCRE_UCHAR16 **\fIfirst\fP, PCRE_UCHAR16 **\fIlast\fP);"
+.sp
+.B int pcre16_get_substring(PCRE_SPTR16 \fIsubject\fP, int *\fIovector\fP,
+.B "     int \fIstringcount\fP, int \fIstringnumber\fP,"
+.B "     PCRE_SPTR16 *\fIstringptr\fP);"
+.sp
+.B int pcre16_get_substring_list(PCRE_SPTR16 \fIsubject\fP,
+.B "     int *\fIovector\fP, int \fIstringcount\fP, PCRE_SPTR16 **\fIlistptr\fP);"
+.sp
+.B void pcre16_free_substring(PCRE_SPTR16 \fIstringptr\fP);
+.sp
+.B void pcre16_free_substring_list(PCRE_SPTR16 *\fIstringptr\fP);
+.fi
+.
+.
+.SH "PCRE 16-BIT API AUXILIARY FUNCTIONS"
+.rs
+.sp
+.nf
+.B pcre16_jit_stack *pcre16_jit_stack_alloc(int \fIstartsize\fP, int \fImaxsize\fP);
+.sp
+.B void pcre16_jit_stack_free(pcre16_jit_stack *\fIstack\fP);
+.sp
+.B void pcre16_assign_jit_stack(pcre16_extra *\fIextra\fP,
+.B "     pcre16_jit_callback \fIcallback\fP, void *\fIdata\fP);"
+.sp
+.B const unsigned char *pcre16_maketables(void);
+.sp
+.B int pcre16_fullinfo(const pcre16 *\fIcode\fP, "const pcre16_extra *\fIextra\fP,"
+.B "     int \fIwhat\fP, void *\fIwhere\fP);"
+.sp
+.B int pcre16_refcount(pcre16 *\fIcode\fP, int \fIadjust\fP);
+.sp
+.B int pcre16_config(int \fIwhat\fP, void *\fIwhere\fP);
+.sp
+.B const char *pcre16_version(void);
+.sp
+.B int pcre16_pattern_to_host_byte_order(pcre16 *\fIcode\fP,
+.B "     pcre16_extra *\fIextra\fP, const unsigned char *\fItables\fP);"
+.fi
+.
+.
+.SH "PCRE 16-BIT API INDIRECTED FUNCTIONS"
+.rs
+.sp
+.nf
+.B void *(*pcre16_malloc)(size_t);
+.sp
+.B void (*pcre16_free)(void *);
+.sp
+.B void *(*pcre16_stack_malloc)(size_t);
+.sp
+.B void (*pcre16_stack_free)(void *);
+.sp
+.B int (*pcre16_callout)(pcre16_callout_block *);
+.fi
+.
+.
+.SH "PCRE 16-BIT API 16-BIT-ONLY FUNCTION"
+.rs
+.sp
+.nf
+.B int pcre16_utf16_to_host_byte_order(PCRE_UCHAR16 *\fIoutput\fP,
+.B "     PCRE_SPTR16 \fIinput\fP, int \fIlength\fP, int *\fIbyte_order\fP,"
+.B "     int \fIkeep_boms\fP);"
+.fi
+.
+.
+.SH "THE PCRE 16-BIT LIBRARY"
+.rs
+.sp
+Starting with release 8.30, it is possible to compile a PCRE library that
+supports 16-bit character strings, including UTF-16 strings, as well as or
+instead of the original 8-bit library. The majority of the work to make this
+possible was done by Zoltan Herczeg. The two libraries contain identical sets
+of functions, used in exactly the same way. Only the names of the functions and
+the data types of their arguments and results are different. To avoid
+over-complication and reduce the documentation maintenance load, most of the
+PCRE documentation describes the 8-bit library, with only occasional references
+to the 16-bit library. This page describes what is different when you use the
+16-bit library.
+.P
+WARNING: A single application can be linked with both libraries, but you must
+take care when processing any particular pattern to use functions from just one
+library. For example, if you want to study a pattern that was compiled with
+\fBpcre16_compile()\fP, you must do so with \fBpcre16_study()\fP, not
+\fBpcre_study()\fP, and you must free the study data with
+\fBpcre16_free_study()\fP.
+.
+.
+.SH "THE HEADER FILE"
+.rs
+.sp
+There is only one header file, \fBpcre.h\fP. It contains prototypes for all the
+functions in all libraries, as well as definitions of flags, structures, error
+codes, etc.
+.
+.
+.SH "THE LIBRARY NAME"
+.rs
+.sp
+In Unix-like systems, the 16-bit library is called \fBlibpcre16\fP, and can
+normally be accesss by adding \fB-lpcre16\fP to the command for linking an
+application that uses PCRE.
+.
+.
+.SH "STRING TYPES"
+.rs
+.sp
+In the 8-bit library, strings are passed to PCRE library functions as vectors
+of bytes with the C type "char *". In the 16-bit library, strings are passed as
+vectors of unsigned 16-bit quantities. The macro PCRE_UCHAR16 specifies an
+appropriate data type, and PCRE_SPTR16 is defined as "const PCRE_UCHAR16 *". In
+very many environments, "short int" is a 16-bit data type. When PCRE is built,
+it defines PCRE_UCHAR16 as "unsigned short int", but checks that it really is a
+16-bit data type. If it is not, the build fails with an error message telling
+the maintainer to modify the definition appropriately.
+.
+.
+.SH "STRUCTURE TYPES"
+.rs
+.sp
+The types of the opaque structures that are used for compiled 16-bit patterns
+and JIT stacks are \fBpcre16\fP and \fBpcre16_jit_stack\fP respectively. The
+type of the user-accessible structure that is returned by \fBpcre16_study()\fP
+is \fBpcre16_extra\fP, and the type of the structure that is used for passing
+data to a callout function is \fBpcre16_callout_block\fP. These structures
+contain the same fields, with the same names, as their 8-bit counterparts. The
+only difference is that pointers to character strings are 16-bit instead of
+8-bit types.
+.
+.
+.SH "16-BIT FUNCTIONS"
+.rs
+.sp
+For every function in the 8-bit library there is a corresponding function in
+the 16-bit library with a name that starts with \fBpcre16_\fP instead of
+\fBpcre_\fP. The prototypes are listed above. In addition, there is one extra
+function, \fBpcre16_utf16_to_host_byte_order()\fP. This is a utility function
+that converts a UTF-16 character string to host byte order if necessary. The
+other 16-bit functions expect the strings they are passed to be in host byte
+order.
+.P
+The \fIinput\fP and \fIoutput\fP arguments of
+\fBpcre16_utf16_to_host_byte_order()\fP may point to the same address, that is,
+conversion in place is supported. The output buffer must be at least as long as
+the input.
+.P
+The \fIlength\fP argument specifies the number of 16-bit data units in the
+input string; a negative value specifies a zero-terminated string.
+.P
+If \fIbyte_order\fP is NULL, it is assumed that the string starts off in host
+byte order. This may be changed by byte-order marks (BOMs) anywhere in the
+string (commonly as the first character).
+.P
+If \fIbyte_order\fP is not NULL, a non-zero value of the integer to which it
+points means that the input starts off in host byte order, otherwise the
+opposite order is assumed. Again, BOMs in the string can change this. The final
+byte order is passed back at the end of processing.
+.P
+If \fIkeep_boms\fP is not zero, byte-order mark characters (0xfeff) are copied
+into the output string. Otherwise they are discarded.
+.P
+The result of the function is the number of 16-bit units placed into the output
+buffer, including the zero terminator if the string was zero-terminated.
+.
+.
+.SH "SUBJECT STRING OFFSETS"
+.rs
+.sp
+The lengths and starting offsets of subject strings must be specified in 16-bit
+data units, and the offsets within subject strings that are returned by the
+matching functions are in also 16-bit units rather than bytes.
+.
+.
+.SH "NAMED SUBPATTERNS"
+.rs
+.sp
+The name-to-number translation table that is maintained for named subpatterns
+uses 16-bit characters. The \fBpcre16_get_stringtable_entries()\fP function
+returns the length of each entry in the table as the number of 16-bit data
+units.
+.
+.
+.SH "OPTION NAMES"
+.rs
+.sp
+There are two new general option names, PCRE_UTF16 and PCRE_NO_UTF16_CHECK,
+which correspond to PCRE_UTF8 and PCRE_NO_UTF8_CHECK in the 8-bit library. In
+fact, these new options define the same bits in the options word. There is a
+discussion about the
+.\" HTML <a href="pcreunicode.html#utf16strings">
+.\" </a>
+validity of UTF-16 strings
+.\"
+in the
+.\" HREF
+\fBpcreunicode\fP
+.\"
+page.
+.P
+For the \fBpcre16_config()\fP function there is an option PCRE_CONFIG_UTF16
+that returns 1 if UTF-16 support is configured, otherwise 0. If this option is
+given to \fBpcre_config()\fP or \fBpcre32_config()\fP, or if the
+PCRE_CONFIG_UTF8 or PCRE_CONFIG_UTF32 option is given to \fBpcre16_config()\fP,
+the result is the PCRE_ERROR_BADOPTION error.
+.
+.
+.SH "CHARACTER CODES"
+.rs
+.sp
+In 16-bit mode, when PCRE_UTF16 is not set, character values are treated in the
+same way as in 8-bit, non UTF-8 mode, except, of course, that they can range
+from 0 to 0xffff instead of 0 to 0xff. Character types for characters less than
+0xff can therefore be influenced by the locale in the same way as before.
+Characters greater than 0xff have only one case, and no "type" (such as letter
+or digit).
+.P
+In UTF-16 mode, the character code is Unicode, in the range 0 to 0x10ffff, with
+the exception of values in the range 0xd800 to 0xdfff because those are
+"surrogate" values that are used in pairs to encode values greater than 0xffff.
+.P
+A UTF-16 string can indicate its endianness by special code knows as a
+byte-order mark (BOM). The PCRE functions do not handle this, expecting strings
+to be in host byte order. A utility function called
+\fBpcre16_utf16_to_host_byte_order()\fP is provided to help with this (see
+above).
+.
+.
+.SH "ERROR NAMES"
+.rs
+.sp
+The errors PCRE_ERROR_BADUTF16_OFFSET and PCRE_ERROR_SHORTUTF16 correspond to
+their 8-bit counterparts. The error PCRE_ERROR_BADMODE is given when a compiled
+pattern is passed to a function that processes patterns in the other
+mode, for example, if a pattern compiled with \fBpcre_compile()\fP is passed to
+\fBpcre16_exec()\fP.
+.P
+There are new error codes whose names begin with PCRE_UTF16_ERR for invalid
+UTF-16 strings, corresponding to the PCRE_UTF8_ERR codes for UTF-8 strings that
+are described in the section entitled
+.\" HTML <a href="pcreapi.html#badutf8reasons">
+.\" </a>
+"Reason codes for invalid UTF-8 strings"
+.\"
+in the main
+.\" HREF
+\fBpcreapi\fP
+.\"
+page. The UTF-16 errors are:
+.sp
+  PCRE_UTF16_ERR1  Missing low surrogate at end of string
+  PCRE_UTF16_ERR2  Invalid low surrogate follows high surrogate
+  PCRE_UTF16_ERR3  Isolated low surrogate
+  PCRE_UTF16_ERR4  Non-character
+.
+.
+.SH "ERROR TEXTS"
+.rs
+.sp
+If there is an error while compiling a pattern, the error text that is passed
+back by \fBpcre16_compile()\fP or \fBpcre16_compile2()\fP is still an 8-bit
+character string, zero-terminated.
+.
+.
+.SH "CALLOUTS"
+.rs
+.sp
+The \fIsubject\fP and \fImark\fP fields in the callout block that is passed to
+a callout function point to 16-bit vectors.
+.
+.
+.SH "TESTING"
+.rs
+.sp
+The \fBpcretest\fP program continues to operate with 8-bit input and output
+files, but it can be used for testing the 16-bit library. If it is run with the
+command line option \fB-16\fP, patterns and subject strings are converted from
+8-bit to 16-bit before being passed to PCRE, and the 16-bit library functions
+are used instead of the 8-bit ones. Returned 16-bit strings are converted to
+8-bit for output. If both the 8-bit and the 32-bit libraries were not compiled,
+\fBpcretest\fP defaults to 16-bit and the \fB-16\fP option is ignored.
+.P
+When PCRE is being built, the \fBRunTest\fP script that is called by "make
+check" uses the \fBpcretest\fP \fB-C\fP option to discover which of the 8-bit,
+16-bit and 32-bit libraries has been built, and runs the tests appropriately.
+.
+.
+.SH "NOT SUPPORTED IN 16-BIT MODE"
+.rs
+.sp
+Not all the features of the 8-bit library are available with the 16-bit
+library. The C++ and POSIX wrapper functions support only the 8-bit library,
+and the \fBpcregrep\fP program is at present 8-bit only.
+.
+.
+.SH AUTHOR
+.rs
+.sp
+.nf
+Philip Hazel
+University Computing Service
+Cambridge CB2 3QH, England.
+.fi
+.
+.
+.SH REVISION
+.rs
+.sp
+.nf
+Last updated: 12 May 2013
+Copyright (c) 1997-2013 University of Cambridge.
+.fi
diff --git a/client/3rd/ShadowSocks/ShadowSocks/pcre/armv7s/share/man/man3/pcre16_assign_jit_stack.3 b/client/3rd/ShadowSocks/ShadowSocks/pcre/armv7s/share/man/man3/pcre16_assign_jit_stack.3
new file mode 120000
index 00000000..40c8775a
--- /dev/null
+++ b/client/3rd/ShadowSocks/ShadowSocks/pcre/armv7s/share/man/man3/pcre16_assign_jit_stack.3
@@ -0,0 +1 @@
+pcre_assign_jit_stack.3
\ No newline at end of file
diff --git a/client/3rd/ShadowSocks/ShadowSocks/pcre/armv7s/share/man/man3/pcre16_compile.3 b/client/3rd/ShadowSocks/ShadowSocks/pcre/armv7s/share/man/man3/pcre16_compile.3
new file mode 120000
index 00000000..9364e751
--- /dev/null
+++ b/client/3rd/ShadowSocks/ShadowSocks/pcre/armv7s/share/man/man3/pcre16_compile.3
@@ -0,0 +1 @@
+pcre_compile.3
\ No newline at end of file
diff --git a/client/3rd/ShadowSocks/ShadowSocks/pcre/armv7s/share/man/man3/pcre16_compile2.3 b/client/3rd/ShadowSocks/ShadowSocks/pcre/armv7s/share/man/man3/pcre16_compile2.3
new file mode 120000
index 00000000..2d6aff35
--- /dev/null
+++ b/client/3rd/ShadowSocks/ShadowSocks/pcre/armv7s/share/man/man3/pcre16_compile2.3
@@ -0,0 +1 @@
+pcre_compile2.3
\ No newline at end of file
diff --git a/client/3rd/ShadowSocks/ShadowSocks/pcre/armv7s/share/man/man3/pcre16_config.3 b/client/3rd/ShadowSocks/ShadowSocks/pcre/armv7s/share/man/man3/pcre16_config.3
new file mode 120000
index 00000000..db964059
--- /dev/null
+++ b/client/3rd/ShadowSocks/ShadowSocks/pcre/armv7s/share/man/man3/pcre16_config.3
@@ -0,0 +1 @@
+pcre_config.3
\ No newline at end of file
diff --git a/client/3rd/ShadowSocks/ShadowSocks/pcre/armv7s/share/man/man3/pcre16_copy_named_substring.3 b/client/3rd/ShadowSocks/ShadowSocks/pcre/armv7s/share/man/man3/pcre16_copy_named_substring.3
new file mode 120000
index 00000000..c15b9774
--- /dev/null
+++ b/client/3rd/ShadowSocks/ShadowSocks/pcre/armv7s/share/man/man3/pcre16_copy_named_substring.3
@@ -0,0 +1 @@
+pcre_copy_named_substring.3
\ No newline at end of file
diff --git a/client/3rd/ShadowSocks/ShadowSocks/pcre/armv7s/share/man/man3/pcre16_copy_substring.3 b/client/3rd/ShadowSocks/ShadowSocks/pcre/armv7s/share/man/man3/pcre16_copy_substring.3
new file mode 120000
index 00000000..98d1f84d
--- /dev/null
+++ b/client/3rd/ShadowSocks/ShadowSocks/pcre/armv7s/share/man/man3/pcre16_copy_substring.3
@@ -0,0 +1 @@
+pcre_copy_substring.3
\ No newline at end of file
diff --git a/client/3rd/ShadowSocks/ShadowSocks/pcre/armv7s/share/man/man3/pcre16_dfa_exec.3 b/client/3rd/ShadowSocks/ShadowSocks/pcre/armv7s/share/man/man3/pcre16_dfa_exec.3
new file mode 120000
index 00000000..ed408df0
--- /dev/null
+++ b/client/3rd/ShadowSocks/ShadowSocks/pcre/armv7s/share/man/man3/pcre16_dfa_exec.3
@@ -0,0 +1 @@
+pcre_dfa_exec.3
\ No newline at end of file
diff --git a/client/3rd/ShadowSocks/ShadowSocks/pcre/armv7s/share/man/man3/pcre16_exec.3 b/client/3rd/ShadowSocks/ShadowSocks/pcre/armv7s/share/man/man3/pcre16_exec.3
new file mode 120000
index 00000000..ebaa2527
--- /dev/null
+++ b/client/3rd/ShadowSocks/ShadowSocks/pcre/armv7s/share/man/man3/pcre16_exec.3
@@ -0,0 +1 @@
+pcre_exec.3
\ No newline at end of file
diff --git a/client/3rd/ShadowSocks/ShadowSocks/pcre/armv7s/share/man/man3/pcre16_free_study.3 b/client/3rd/ShadowSocks/ShadowSocks/pcre/armv7s/share/man/man3/pcre16_free_study.3
new file mode 120000
index 00000000..4c53ea9f
--- /dev/null
+++ b/client/3rd/ShadowSocks/ShadowSocks/pcre/armv7s/share/man/man3/pcre16_free_study.3
@@ -0,0 +1 @@
+pcre_free_study.3
\ No newline at end of file
diff --git a/client/3rd/ShadowSocks/ShadowSocks/pcre/armv7s/share/man/man3/pcre16_free_substring.3 b/client/3rd/ShadowSocks/ShadowSocks/pcre/armv7s/share/man/man3/pcre16_free_substring.3
new file mode 120000
index 00000000..48567bfb
--- /dev/null
+++ b/client/3rd/ShadowSocks/ShadowSocks/pcre/armv7s/share/man/man3/pcre16_free_substring.3
@@ -0,0 +1 @@
+pcre_free_substring.3
\ No newline at end of file
diff --git a/client/3rd/ShadowSocks/ShadowSocks/pcre/armv7s/share/man/man3/pcre16_free_substring_list.3 b/client/3rd/ShadowSocks/ShadowSocks/pcre/armv7s/share/man/man3/pcre16_free_substring_list.3
new file mode 120000
index 00000000..84b7b7e5
--- /dev/null
+++ b/client/3rd/ShadowSocks/ShadowSocks/pcre/armv7s/share/man/man3/pcre16_free_substring_list.3
@@ -0,0 +1 @@
+pcre_free_substring_list.3
\ No newline at end of file
diff --git a/client/3rd/ShadowSocks/ShadowSocks/pcre/armv7s/share/man/man3/pcre16_fullinfo.3 b/client/3rd/ShadowSocks/ShadowSocks/pcre/armv7s/share/man/man3/pcre16_fullinfo.3
new file mode 120000
index 00000000..b7386a98
--- /dev/null
+++ b/client/3rd/ShadowSocks/ShadowSocks/pcre/armv7s/share/man/man3/pcre16_fullinfo.3
@@ -0,0 +1 @@
+pcre_fullinfo.3
\ No newline at end of file
diff --git a/client/3rd/ShadowSocks/ShadowSocks/pcre/armv7s/share/man/man3/pcre16_get_named_substring.3 b/client/3rd/ShadowSocks/ShadowSocks/pcre/armv7s/share/man/man3/pcre16_get_named_substring.3
new file mode 120000
index 00000000..c095ca50
--- /dev/null
+++ b/client/3rd/ShadowSocks/ShadowSocks/pcre/armv7s/share/man/man3/pcre16_get_named_substring.3
@@ -0,0 +1 @@
+pcre_get_named_substring.3
\ No newline at end of file
diff --git a/client/3rd/ShadowSocks/ShadowSocks/pcre/armv7s/share/man/man3/pcre16_get_stringnumber.3 b/client/3rd/ShadowSocks/ShadowSocks/pcre/armv7s/share/man/man3/pcre16_get_stringnumber.3
new file mode 120000
index 00000000..f8e81d32
--- /dev/null
+++ b/client/3rd/ShadowSocks/ShadowSocks/pcre/armv7s/share/man/man3/pcre16_get_stringnumber.3
@@ -0,0 +1 @@
+pcre_get_stringnumber.3
\ No newline at end of file
diff --git a/client/3rd/ShadowSocks/ShadowSocks/pcre/armv7s/share/man/man3/pcre16_get_stringtable_entries.3 b/client/3rd/ShadowSocks/ShadowSocks/pcre/armv7s/share/man/man3/pcre16_get_stringtable_entries.3
new file mode 120000
index 00000000..9f8cc4a7
--- /dev/null
+++ b/client/3rd/ShadowSocks/ShadowSocks/pcre/armv7s/share/man/man3/pcre16_get_stringtable_entries.3
@@ -0,0 +1 @@
+pcre_get_stringtable_entries.3
\ No newline at end of file
diff --git a/client/3rd/ShadowSocks/ShadowSocks/pcre/armv7s/share/man/man3/pcre16_get_substring.3 b/client/3rd/ShadowSocks/ShadowSocks/pcre/armv7s/share/man/man3/pcre16_get_substring.3
new file mode 120000
index 00000000..26383b5d
--- /dev/null
+++ b/client/3rd/ShadowSocks/ShadowSocks/pcre/armv7s/share/man/man3/pcre16_get_substring.3
@@ -0,0 +1 @@
+pcre_get_substring.3
\ No newline at end of file
diff --git a/client/3rd/ShadowSocks/ShadowSocks/pcre/armv7s/share/man/man3/pcre16_get_substring_list.3 b/client/3rd/ShadowSocks/ShadowSocks/pcre/armv7s/share/man/man3/pcre16_get_substring_list.3
new file mode 120000
index 00000000..2faa865f
--- /dev/null
+++ b/client/3rd/ShadowSocks/ShadowSocks/pcre/armv7s/share/man/man3/pcre16_get_substring_list.3
@@ -0,0 +1 @@
+pcre_get_substring_list.3
\ No newline at end of file
diff --git a/client/3rd/ShadowSocks/ShadowSocks/pcre/armv7s/share/man/man3/pcre16_jit_exec.3 b/client/3rd/ShadowSocks/ShadowSocks/pcre/armv7s/share/man/man3/pcre16_jit_exec.3
new file mode 120000
index 00000000..59089ada
--- /dev/null
+++ b/client/3rd/ShadowSocks/ShadowSocks/pcre/armv7s/share/man/man3/pcre16_jit_exec.3
@@ -0,0 +1 @@
+pcre_jit_exec.3
\ No newline at end of file
diff --git a/client/3rd/ShadowSocks/ShadowSocks/pcre/armv7s/share/man/man3/pcre16_jit_stack_alloc.3 b/client/3rd/ShadowSocks/ShadowSocks/pcre/armv7s/share/man/man3/pcre16_jit_stack_alloc.3
new file mode 120000
index 00000000..dab43b82
--- /dev/null
+++ b/client/3rd/ShadowSocks/ShadowSocks/pcre/armv7s/share/man/man3/pcre16_jit_stack_alloc.3
@@ -0,0 +1 @@
+pcre_jit_stack_alloc.3
\ No newline at end of file
diff --git a/client/3rd/ShadowSocks/ShadowSocks/pcre/armv7s/share/man/man3/pcre16_jit_stack_free.3 b/client/3rd/ShadowSocks/ShadowSocks/pcre/armv7s/share/man/man3/pcre16_jit_stack_free.3
new file mode 120000
index 00000000..e92aa310
--- /dev/null
+++ b/client/3rd/ShadowSocks/ShadowSocks/pcre/armv7s/share/man/man3/pcre16_jit_stack_free.3
@@ -0,0 +1 @@
+pcre_jit_stack_free.3
\ No newline at end of file
diff --git a/client/3rd/ShadowSocks/ShadowSocks/pcre/armv7s/share/man/man3/pcre16_maketables.3 b/client/3rd/ShadowSocks/ShadowSocks/pcre/armv7s/share/man/man3/pcre16_maketables.3
new file mode 120000
index 00000000..3b6308e2
--- /dev/null
+++ b/client/3rd/ShadowSocks/ShadowSocks/pcre/armv7s/share/man/man3/pcre16_maketables.3
@@ -0,0 +1 @@
+pcre_maketables.3
\ No newline at end of file
diff --git a/client/3rd/ShadowSocks/ShadowSocks/pcre/armv7s/share/man/man3/pcre16_pattern_to_host_byte_order.3 b/client/3rd/ShadowSocks/ShadowSocks/pcre/armv7s/share/man/man3/pcre16_pattern_to_host_byte_order.3
new file mode 120000
index 00000000..6540917e
--- /dev/null
+++ b/client/3rd/ShadowSocks/ShadowSocks/pcre/armv7s/share/man/man3/pcre16_pattern_to_host_byte_order.3
@@ -0,0 +1 @@
+pcre_pattern_to_host_byte_order.3
\ No newline at end of file
diff --git a/client/3rd/ShadowSocks/ShadowSocks/pcre/armv7s/share/man/man3/pcre16_refcount.3 b/client/3rd/ShadowSocks/ShadowSocks/pcre/armv7s/share/man/man3/pcre16_refcount.3
new file mode 120000
index 00000000..63cece3f
--- /dev/null
+++ b/client/3rd/ShadowSocks/ShadowSocks/pcre/armv7s/share/man/man3/pcre16_refcount.3
@@ -0,0 +1 @@
+pcre_refcount.3
\ No newline at end of file
diff --git a/client/3rd/ShadowSocks/ShadowSocks/pcre/armv7s/share/man/man3/pcre16_study.3 b/client/3rd/ShadowSocks/ShadowSocks/pcre/armv7s/share/man/man3/pcre16_study.3
new file mode 120000
index 00000000..9871217f
--- /dev/null
+++ b/client/3rd/ShadowSocks/ShadowSocks/pcre/armv7s/share/man/man3/pcre16_study.3
@@ -0,0 +1 @@
+pcre_study.3
\ No newline at end of file
diff --git a/client/3rd/ShadowSocks/ShadowSocks/pcre/armv7s/share/man/man3/pcre16_utf16_to_host_byte_order.3 b/client/3rd/ShadowSocks/ShadowSocks/pcre/armv7s/share/man/man3/pcre16_utf16_to_host_byte_order.3
new file mode 120000
index 00000000..d9233991
--- /dev/null
+++ b/client/3rd/ShadowSocks/ShadowSocks/pcre/armv7s/share/man/man3/pcre16_utf16_to_host_byte_order.3
@@ -0,0 +1 @@
+pcre_utf16_to_host_byte_order.3
\ No newline at end of file
diff --git a/client/3rd/ShadowSocks/ShadowSocks/pcre/armv7s/share/man/man3/pcre16_version.3 b/client/3rd/ShadowSocks/ShadowSocks/pcre/armv7s/share/man/man3/pcre16_version.3
new file mode 120000
index 00000000..c31893c6
--- /dev/null
+++ b/client/3rd/ShadowSocks/ShadowSocks/pcre/armv7s/share/man/man3/pcre16_version.3
@@ -0,0 +1 @@
+pcre_version.3
\ No newline at end of file
diff --git a/client/3rd/ShadowSocks/ShadowSocks/pcre/armv7s/share/man/man3/pcre32.3 b/client/3rd/ShadowSocks/ShadowSocks/pcre/armv7s/share/man/man3/pcre32.3
new file mode 100644
index 00000000..7cde8c08
--- /dev/null
+++ b/client/3rd/ShadowSocks/ShadowSocks/pcre/armv7s/share/man/man3/pcre32.3
@@ -0,0 +1,369 @@
+.TH PCRE 3 "12 May 2013" "PCRE 8.33"
+.SH NAME
+PCRE - Perl-compatible regular expressions
+.sp
+.B #include <pcre.h>
+.
+.
+.SH "PCRE 32-BIT API BASIC FUNCTIONS"
+.rs
+.sp
+.nf
+.B pcre32 *pcre32_compile(PCRE_SPTR32 \fIpattern\fP, int \fIoptions\fP,
+.B "     const char **\fIerrptr\fP, int *\fIerroffset\fP,"
+.B "     const unsigned char *\fItableptr\fP);"
+.sp
+.B pcre32 *pcre32_compile2(PCRE_SPTR32 \fIpattern\fP, int \fIoptions\fP,
+.B "     int *\fIerrorcodeptr\fP,"
+.B "     const unsigned char *\fItableptr\fP);"
+.sp
+.B pcre32_extra *pcre32_study(const pcre32 *\fIcode\fP, int \fIoptions\fP,
+.B "     const char **\fIerrptr\fP);"
+.sp
+.B void pcre32_free_study(pcre32_extra *\fIextra\fP);
+.sp
+.B int pcre32_exec(const pcre32 *\fIcode\fP, "const pcre32_extra *\fIextra\fP,"
+.B "     PCRE_SPTR32 \fIsubject\fP, int \fIlength\fP, int \fIstartoffset\fP,"
+.B "     int \fIoptions\fP, int *\fIovector\fP, int \fIovecsize\fP);"
+.sp
+.B int pcre32_dfa_exec(const pcre32 *\fIcode\fP, "const pcre32_extra *\fIextra\fP,"
+.B "     PCRE_SPTR32 \fIsubject\fP, int \fIlength\fP, int \fIstartoffset\fP,"
+.B "     int \fIoptions\fP, int *\fIovector\fP, int \fIovecsize\fP,"
+.B "     int *\fIworkspace\fP, int \fIwscount\fP);"
+.fi
+.
+.
+.SH "PCRE 32-BIT API STRING EXTRACTION FUNCTIONS"
+.rs
+.sp
+.nf
+.B int pcre32_copy_named_substring(const pcre32 *\fIcode\fP,
+.B "     PCRE_SPTR32 \fIsubject\fP, int *\fIovector\fP,"
+.B "     int \fIstringcount\fP, PCRE_SPTR32 \fIstringname\fP,"
+.B "     PCRE_UCHAR32 *\fIbuffer\fP, int \fIbuffersize\fP);"
+.sp
+.B int pcre32_copy_substring(PCRE_SPTR32 \fIsubject\fP, int *\fIovector\fP,
+.B "     int \fIstringcount\fP, int \fIstringnumber\fP, PCRE_UCHAR32 *\fIbuffer\fP,"
+.B "     int \fIbuffersize\fP);"
+.sp
+.B int pcre32_get_named_substring(const pcre32 *\fIcode\fP,
+.B "     PCRE_SPTR32 \fIsubject\fP, int *\fIovector\fP,"
+.B "     int \fIstringcount\fP, PCRE_SPTR32 \fIstringname\fP,"
+.B "     PCRE_SPTR32 *\fIstringptr\fP);"
+.sp
+.B int pcre32_get_stringnumber(const pcre32 *\fIcode\fP,
+.B "     PCRE_SPTR32 \fIname\fP);"
+.sp
+.B int pcre32_get_stringtable_entries(const pcre32 *\fIcode\fP,
+.B "     PCRE_SPTR32 \fIname\fP, PCRE_UCHAR32 **\fIfirst\fP, PCRE_UCHAR32 **\fIlast\fP);"
+.sp
+.B int pcre32_get_substring(PCRE_SPTR32 \fIsubject\fP, int *\fIovector\fP,
+.B "     int \fIstringcount\fP, int \fIstringnumber\fP,"
+.B "     PCRE_SPTR32 *\fIstringptr\fP);"
+.sp
+.B int pcre32_get_substring_list(PCRE_SPTR32 \fIsubject\fP,
+.B "     int *\fIovector\fP, int \fIstringcount\fP, PCRE_SPTR32 **\fIlistptr\fP);"
+.sp
+.B void pcre32_free_substring(PCRE_SPTR32 \fIstringptr\fP);
+.sp
+.B void pcre32_free_substring_list(PCRE_SPTR32 *\fIstringptr\fP);
+.fi
+.
+.
+.SH "PCRE 32-BIT API AUXILIARY FUNCTIONS"
+.rs
+.sp
+.nf
+.B pcre32_jit_stack *pcre32_jit_stack_alloc(int \fIstartsize\fP, int \fImaxsize\fP);
+.sp
+.B void pcre32_jit_stack_free(pcre32_jit_stack *\fIstack\fP);
+.sp
+.B void pcre32_assign_jit_stack(pcre32_extra *\fIextra\fP,
+.B "     pcre32_jit_callback \fIcallback\fP, void *\fIdata\fP);"
+.sp
+.B const unsigned char *pcre32_maketables(void);
+.sp
+.B int pcre32_fullinfo(const pcre32 *\fIcode\fP, "const pcre32_extra *\fIextra\fP,"
+.B "     int \fIwhat\fP, void *\fIwhere\fP);"
+.sp
+.B int pcre32_refcount(pcre32 *\fIcode\fP, int \fIadjust\fP);
+.sp
+.B int pcre32_config(int \fIwhat\fP, void *\fIwhere\fP);
+.sp
+.B const char *pcre32_version(void);
+.sp
+.B int pcre32_pattern_to_host_byte_order(pcre32 *\fIcode\fP,
+.B "     pcre32_extra *\fIextra\fP, const unsigned char *\fItables\fP);"
+.fi
+.
+.
+.SH "PCRE 32-BIT API INDIRECTED FUNCTIONS"
+.rs
+.sp
+.nf
+.B void *(*pcre32_malloc)(size_t);
+.sp
+.B void (*pcre32_free)(void *);
+.sp
+.B void *(*pcre32_stack_malloc)(size_t);
+.sp
+.B void (*pcre32_stack_free)(void *);
+.sp
+.B int (*pcre32_callout)(pcre32_callout_block *);
+.fi
+.
+.
+.SH "PCRE 32-BIT API 32-BIT-ONLY FUNCTION"
+.rs
+.sp
+.nf
+.B int pcre32_utf32_to_host_byte_order(PCRE_UCHAR32 *\fIoutput\fP,
+.B "     PCRE_SPTR32 \fIinput\fP, int \fIlength\fP, int *\fIbyte_order\fP,"
+.B "     int \fIkeep_boms\fP);"
+.fi
+.
+.
+.SH "THE PCRE 32-BIT LIBRARY"
+.rs
+.sp
+Starting with release 8.32, it is possible to compile a PCRE library that
+supports 32-bit character strings, including UTF-32 strings, as well as or
+instead of the original 8-bit library. This work was done by Christian Persch,
+based on the work done by Zoltan Herczeg for the 16-bit library. All three
+libraries contain identical sets of functions, used in exactly the same way.
+Only the names of the functions and the data types of their arguments and
+results are different. To avoid over-complication and reduce the documentation
+maintenance load, most of the PCRE documentation describes the 8-bit library,
+with only occasional references to the 16-bit and 32-bit libraries. This page
+describes what is different when you use the 32-bit library.
+.P
+WARNING: A single application can be linked with all or any of the three
+libraries, but you must take care when processing any particular pattern
+to use functions from just one library. For example, if you want to study
+a pattern that was compiled with \fBpcre32_compile()\fP, you must do so
+with \fBpcre32_study()\fP, not \fBpcre_study()\fP, and you must free the
+study data with \fBpcre32_free_study()\fP.
+.
+.
+.SH "THE HEADER FILE"
+.rs
+.sp
+There is only one header file, \fBpcre.h\fP. It contains prototypes for all the
+functions in all libraries, as well as definitions of flags, structures, error
+codes, etc.
+.
+.
+.SH "THE LIBRARY NAME"
+.rs
+.sp
+In Unix-like systems, the 32-bit library is called \fBlibpcre32\fP, and can
+normally be accesss by adding \fB-lpcre32\fP to the command for linking an
+application that uses PCRE.
+.
+.
+.SH "STRING TYPES"
+.rs
+.sp
+In the 8-bit library, strings are passed to PCRE library functions as vectors
+of bytes with the C type "char *". In the 32-bit library, strings are passed as
+vectors of unsigned 32-bit quantities. The macro PCRE_UCHAR32 specifies an
+appropriate data type, and PCRE_SPTR32 is defined as "const PCRE_UCHAR32 *". In
+very many environments, "unsigned int" is a 32-bit data type. When PCRE is
+built, it defines PCRE_UCHAR32 as "unsigned int", but checks that it really is
+a 32-bit data type. If it is not, the build fails with an error message telling
+the maintainer to modify the definition appropriately.
+.
+.
+.SH "STRUCTURE TYPES"
+.rs
+.sp
+The types of the opaque structures that are used for compiled 32-bit patterns
+and JIT stacks are \fBpcre32\fP and \fBpcre32_jit_stack\fP respectively. The
+type of the user-accessible structure that is returned by \fBpcre32_study()\fP
+is \fBpcre32_extra\fP, and the type of the structure that is used for passing
+data to a callout function is \fBpcre32_callout_block\fP. These structures
+contain the same fields, with the same names, as their 8-bit counterparts. The
+only difference is that pointers to character strings are 32-bit instead of
+8-bit types.
+.
+.
+.SH "32-BIT FUNCTIONS"
+.rs
+.sp
+For every function in the 8-bit library there is a corresponding function in
+the 32-bit library with a name that starts with \fBpcre32_\fP instead of
+\fBpcre_\fP. The prototypes are listed above. In addition, there is one extra
+function, \fBpcre32_utf32_to_host_byte_order()\fP. This is a utility function
+that converts a UTF-32 character string to host byte order if necessary. The
+other 32-bit functions expect the strings they are passed to be in host byte
+order.
+.P
+The \fIinput\fP and \fIoutput\fP arguments of
+\fBpcre32_utf32_to_host_byte_order()\fP may point to the same address, that is,
+conversion in place is supported. The output buffer must be at least as long as
+the input.
+.P
+The \fIlength\fP argument specifies the number of 32-bit data units in the
+input string; a negative value specifies a zero-terminated string.
+.P
+If \fIbyte_order\fP is NULL, it is assumed that the string starts off in host
+byte order. This may be changed by byte-order marks (BOMs) anywhere in the
+string (commonly as the first character).
+.P
+If \fIbyte_order\fP is not NULL, a non-zero value of the integer to which it
+points means that the input starts off in host byte order, otherwise the
+opposite order is assumed. Again, BOMs in the string can change this. The final
+byte order is passed back at the end of processing.
+.P
+If \fIkeep_boms\fP is not zero, byte-order mark characters (0xfeff) are copied
+into the output string. Otherwise they are discarded.
+.P
+The result of the function is the number of 32-bit units placed into the output
+buffer, including the zero terminator if the string was zero-terminated.
+.
+.
+.SH "SUBJECT STRING OFFSETS"
+.rs
+.sp
+The lengths and starting offsets of subject strings must be specified in 32-bit
+data units, and the offsets within subject strings that are returned by the
+matching functions are in also 32-bit units rather than bytes.
+.
+.
+.SH "NAMED SUBPATTERNS"
+.rs
+.sp
+The name-to-number translation table that is maintained for named subpatterns
+uses 32-bit characters. The \fBpcre32_get_stringtable_entries()\fP function
+returns the length of each entry in the table as the number of 32-bit data
+units.
+.
+.
+.SH "OPTION NAMES"
+.rs
+.sp
+There are two new general option names, PCRE_UTF32 and PCRE_NO_UTF32_CHECK,
+which correspond to PCRE_UTF8 and PCRE_NO_UTF8_CHECK in the 8-bit library. In
+fact, these new options define the same bits in the options word. There is a
+discussion about the
+.\" HTML <a href="pcreunicode.html#utf32strings">
+.\" </a>
+validity of UTF-32 strings
+.\"
+in the
+.\" HREF
+\fBpcreunicode\fP
+.\"
+page.
+.P
+For the \fBpcre32_config()\fP function there is an option PCRE_CONFIG_UTF32
+that returns 1 if UTF-32 support is configured, otherwise 0. If this option is
+given to \fBpcre_config()\fP or \fBpcre16_config()\fP, or if the
+PCRE_CONFIG_UTF8 or PCRE_CONFIG_UTF16 option is given to \fBpcre32_config()\fP,
+the result is the PCRE_ERROR_BADOPTION error.
+.
+.
+.SH "CHARACTER CODES"
+.rs
+.sp
+In 32-bit mode, when PCRE_UTF32 is not set, character values are treated in the
+same way as in 8-bit, non UTF-8 mode, except, of course, that they can range
+from 0 to 0x7fffffff instead of 0 to 0xff. Character types for characters less
+than 0xff can therefore be influenced by the locale in the same way as before.
+Characters greater than 0xff have only one case, and no "type" (such as letter
+or digit).
+.P
+In UTF-32 mode, the character code is Unicode, in the range 0 to 0x10ffff, with
+the exception of values in the range 0xd800 to 0xdfff because those are
+"surrogate" values that are ill-formed in UTF-32.
+.P
+A UTF-32 string can indicate its endianness by special code knows as a
+byte-order mark (BOM). The PCRE functions do not handle this, expecting strings
+to be in host byte order. A utility function called
+\fBpcre32_utf32_to_host_byte_order()\fP is provided to help with this (see
+above).
+.
+.
+.SH "ERROR NAMES"
+.rs
+.sp
+The error PCRE_ERROR_BADUTF32 corresponds to its 8-bit counterpart.
+The error PCRE_ERROR_BADMODE is given when a compiled
+pattern is passed to a function that processes patterns in the other
+mode, for example, if a pattern compiled with \fBpcre_compile()\fP is passed to
+\fBpcre32_exec()\fP.
+.P
+There are new error codes whose names begin with PCRE_UTF32_ERR for invalid
+UTF-32 strings, corresponding to the PCRE_UTF8_ERR codes for UTF-8 strings that
+are described in the section entitled
+.\" HTML <a href="pcreapi.html#badutf8reasons">
+.\" </a>
+"Reason codes for invalid UTF-8 strings"
+.\"
+in the main
+.\" HREF
+\fBpcreapi\fP
+.\"
+page. The UTF-32 errors are:
+.sp
+  PCRE_UTF32_ERR1  Surrogate character (range from 0xd800 to 0xdfff)
+  PCRE_UTF32_ERR2  Non-character
+  PCRE_UTF32_ERR3  Character > 0x10ffff
+.
+.
+.SH "ERROR TEXTS"
+.rs
+.sp
+If there is an error while compiling a pattern, the error text that is passed
+back by \fBpcre32_compile()\fP or \fBpcre32_compile2()\fP is still an 8-bit
+character string, zero-terminated.
+.
+.
+.SH "CALLOUTS"
+.rs
+.sp
+The \fIsubject\fP and \fImark\fP fields in the callout block that is passed to
+a callout function point to 32-bit vectors.
+.
+.
+.SH "TESTING"
+.rs
+.sp
+The \fBpcretest\fP program continues to operate with 8-bit input and output
+files, but it can be used for testing the 32-bit library. If it is run with the
+command line option \fB-32\fP, patterns and subject strings are converted from
+8-bit to 32-bit before being passed to PCRE, and the 32-bit library functions
+are used instead of the 8-bit ones. Returned 32-bit strings are converted to
+8-bit for output. If both the 8-bit and the 16-bit libraries were not compiled,
+\fBpcretest\fP defaults to 32-bit and the \fB-32\fP option is ignored.
+.P
+When PCRE is being built, the \fBRunTest\fP script that is called by "make
+check" uses the \fBpcretest\fP \fB-C\fP option to discover which of the 8-bit,
+16-bit and 32-bit libraries has been built, and runs the tests appropriately.
+.
+.
+.SH "NOT SUPPORTED IN 32-BIT MODE"
+.rs
+.sp
+Not all the features of the 8-bit library are available with the 32-bit
+library. The C++ and POSIX wrapper functions support only the 8-bit library,
+and the \fBpcregrep\fP program is at present 8-bit only.
+.
+.
+.SH AUTHOR
+.rs
+.sp
+.nf
+Philip Hazel
+University Computing Service
+Cambridge CB2 3QH, England.
+.fi
+.
+.
+.SH REVISION
+.rs
+.sp
+.nf
+Last updated: 12 May 2013
+Copyright (c) 1997-2013 University of Cambridge.
+.fi
diff --git a/client/3rd/ShadowSocks/ShadowSocks/pcre/armv7s/share/man/man3/pcre32_assign_jit_stack.3 b/client/3rd/ShadowSocks/ShadowSocks/pcre/armv7s/share/man/man3/pcre32_assign_jit_stack.3
new file mode 120000
index 00000000..40c8775a
--- /dev/null
+++ b/client/3rd/ShadowSocks/ShadowSocks/pcre/armv7s/share/man/man3/pcre32_assign_jit_stack.3
@@ -0,0 +1 @@
+pcre_assign_jit_stack.3
\ No newline at end of file
diff --git a/client/3rd/ShadowSocks/ShadowSocks/pcre/armv7s/share/man/man3/pcre32_compile.3 b/client/3rd/ShadowSocks/ShadowSocks/pcre/armv7s/share/man/man3/pcre32_compile.3
new file mode 120000
index 00000000..9364e751
--- /dev/null
+++ b/client/3rd/ShadowSocks/ShadowSocks/pcre/armv7s/share/man/man3/pcre32_compile.3
@@ -0,0 +1 @@
+pcre_compile.3
\ No newline at end of file
diff --git a/client/3rd/ShadowSocks/ShadowSocks/pcre/armv7s/share/man/man3/pcre32_compile2.3 b/client/3rd/ShadowSocks/ShadowSocks/pcre/armv7s/share/man/man3/pcre32_compile2.3
new file mode 120000
index 00000000..2d6aff35
--- /dev/null
+++ b/client/3rd/ShadowSocks/ShadowSocks/pcre/armv7s/share/man/man3/pcre32_compile2.3
@@ -0,0 +1 @@
+pcre_compile2.3
\ No newline at end of file
diff --git a/client/3rd/ShadowSocks/ShadowSocks/pcre/armv7s/share/man/man3/pcre32_config.3 b/client/3rd/ShadowSocks/ShadowSocks/pcre/armv7s/share/man/man3/pcre32_config.3
new file mode 120000
index 00000000..db964059
--- /dev/null
+++ b/client/3rd/ShadowSocks/ShadowSocks/pcre/armv7s/share/man/man3/pcre32_config.3
@@ -0,0 +1 @@
+pcre_config.3
\ No newline at end of file
diff --git a/client/3rd/ShadowSocks/ShadowSocks/pcre/armv7s/share/man/man3/pcre32_copy_named_substring.3 b/client/3rd/ShadowSocks/ShadowSocks/pcre/armv7s/share/man/man3/pcre32_copy_named_substring.3
new file mode 120000
index 00000000..c15b9774
--- /dev/null
+++ b/client/3rd/ShadowSocks/ShadowSocks/pcre/armv7s/share/man/man3/pcre32_copy_named_substring.3
@@ -0,0 +1 @@
+pcre_copy_named_substring.3
\ No newline at end of file
diff --git a/client/3rd/ShadowSocks/ShadowSocks/pcre/armv7s/share/man/man3/pcre32_copy_substring.3 b/client/3rd/ShadowSocks/ShadowSocks/pcre/armv7s/share/man/man3/pcre32_copy_substring.3
new file mode 120000
index 00000000..98d1f84d
--- /dev/null
+++ b/client/3rd/ShadowSocks/ShadowSocks/pcre/armv7s/share/man/man3/pcre32_copy_substring.3
@@ -0,0 +1 @@
+pcre_copy_substring.3
\ No newline at end of file
diff --git a/client/3rd/ShadowSocks/ShadowSocks/pcre/armv7s/share/man/man3/pcre32_dfa_exec.3 b/client/3rd/ShadowSocks/ShadowSocks/pcre/armv7s/share/man/man3/pcre32_dfa_exec.3
new file mode 120000
index 00000000..ed408df0
--- /dev/null
+++ b/client/3rd/ShadowSocks/ShadowSocks/pcre/armv7s/share/man/man3/pcre32_dfa_exec.3
@@ -0,0 +1 @@
+pcre_dfa_exec.3
\ No newline at end of file
diff --git a/client/3rd/ShadowSocks/ShadowSocks/pcre/armv7s/share/man/man3/pcre32_exec.3 b/client/3rd/ShadowSocks/ShadowSocks/pcre/armv7s/share/man/man3/pcre32_exec.3
new file mode 120000
index 00000000..ebaa2527
--- /dev/null
+++ b/client/3rd/ShadowSocks/ShadowSocks/pcre/armv7s/share/man/man3/pcre32_exec.3
@@ -0,0 +1 @@
+pcre_exec.3
\ No newline at end of file
diff --git a/client/3rd/ShadowSocks/ShadowSocks/pcre/armv7s/share/man/man3/pcre32_free_study.3 b/client/3rd/ShadowSocks/ShadowSocks/pcre/armv7s/share/man/man3/pcre32_free_study.3
new file mode 120000
index 00000000..4c53ea9f
--- /dev/null
+++ b/client/3rd/ShadowSocks/ShadowSocks/pcre/armv7s/share/man/man3/pcre32_free_study.3
@@ -0,0 +1 @@
+pcre_free_study.3
\ No newline at end of file
diff --git a/client/3rd/ShadowSocks/ShadowSocks/pcre/armv7s/share/man/man3/pcre32_free_substring.3 b/client/3rd/ShadowSocks/ShadowSocks/pcre/armv7s/share/man/man3/pcre32_free_substring.3
new file mode 120000
index 00000000..48567bfb
--- /dev/null
+++ b/client/3rd/ShadowSocks/ShadowSocks/pcre/armv7s/share/man/man3/pcre32_free_substring.3
@@ -0,0 +1 @@
+pcre_free_substring.3
\ No newline at end of file
diff --git a/client/3rd/ShadowSocks/ShadowSocks/pcre/armv7s/share/man/man3/pcre32_free_substring_list.3 b/client/3rd/ShadowSocks/ShadowSocks/pcre/armv7s/share/man/man3/pcre32_free_substring_list.3
new file mode 120000
index 00000000..84b7b7e5
--- /dev/null
+++ b/client/3rd/ShadowSocks/ShadowSocks/pcre/armv7s/share/man/man3/pcre32_free_substring_list.3
@@ -0,0 +1 @@
+pcre_free_substring_list.3
\ No newline at end of file
diff --git a/client/3rd/ShadowSocks/ShadowSocks/pcre/armv7s/share/man/man3/pcre32_fullinfo.3 b/client/3rd/ShadowSocks/ShadowSocks/pcre/armv7s/share/man/man3/pcre32_fullinfo.3
new file mode 120000
index 00000000..b7386a98
--- /dev/null
+++ b/client/3rd/ShadowSocks/ShadowSocks/pcre/armv7s/share/man/man3/pcre32_fullinfo.3
@@ -0,0 +1 @@
+pcre_fullinfo.3
\ No newline at end of file
diff --git a/client/3rd/ShadowSocks/ShadowSocks/pcre/armv7s/share/man/man3/pcre32_get_named_substring.3 b/client/3rd/ShadowSocks/ShadowSocks/pcre/armv7s/share/man/man3/pcre32_get_named_substring.3
new file mode 120000
index 00000000..c095ca50
--- /dev/null
+++ b/client/3rd/ShadowSocks/ShadowSocks/pcre/armv7s/share/man/man3/pcre32_get_named_substring.3
@@ -0,0 +1 @@
+pcre_get_named_substring.3
\ No newline at end of file
diff --git a/client/3rd/ShadowSocks/ShadowSocks/pcre/armv7s/share/man/man3/pcre32_get_stringnumber.3 b/client/3rd/ShadowSocks/ShadowSocks/pcre/armv7s/share/man/man3/pcre32_get_stringnumber.3
new file mode 120000
index 00000000..f8e81d32
--- /dev/null
+++ b/client/3rd/ShadowSocks/ShadowSocks/pcre/armv7s/share/man/man3/pcre32_get_stringnumber.3
@@ -0,0 +1 @@
+pcre_get_stringnumber.3
\ No newline at end of file
diff --git a/client/3rd/ShadowSocks/ShadowSocks/pcre/armv7s/share/man/man3/pcre32_get_stringtable_entries.3 b/client/3rd/ShadowSocks/ShadowSocks/pcre/armv7s/share/man/man3/pcre32_get_stringtable_entries.3
new file mode 120000
index 00000000..9f8cc4a7
--- /dev/null
+++ b/client/3rd/ShadowSocks/ShadowSocks/pcre/armv7s/share/man/man3/pcre32_get_stringtable_entries.3
@@ -0,0 +1 @@
+pcre_get_stringtable_entries.3
\ No newline at end of file
diff --git a/client/3rd/ShadowSocks/ShadowSocks/pcre/armv7s/share/man/man3/pcre32_get_substring.3 b/client/3rd/ShadowSocks/ShadowSocks/pcre/armv7s/share/man/man3/pcre32_get_substring.3
new file mode 120000
index 00000000..26383b5d
--- /dev/null
+++ b/client/3rd/ShadowSocks/ShadowSocks/pcre/armv7s/share/man/man3/pcre32_get_substring.3
@@ -0,0 +1 @@
+pcre_get_substring.3
\ No newline at end of file
diff --git a/client/3rd/ShadowSocks/ShadowSocks/pcre/armv7s/share/man/man3/pcre32_get_substring_list.3 b/client/3rd/ShadowSocks/ShadowSocks/pcre/armv7s/share/man/man3/pcre32_get_substring_list.3
new file mode 120000
index 00000000..2faa865f
--- /dev/null
+++ b/client/3rd/ShadowSocks/ShadowSocks/pcre/armv7s/share/man/man3/pcre32_get_substring_list.3
@@ -0,0 +1 @@
+pcre_get_substring_list.3
\ No newline at end of file
diff --git a/client/3rd/ShadowSocks/ShadowSocks/pcre/armv7s/share/man/man3/pcre32_jit_exec.3 b/client/3rd/ShadowSocks/ShadowSocks/pcre/armv7s/share/man/man3/pcre32_jit_exec.3
new file mode 120000
index 00000000..59089ada
--- /dev/null
+++ b/client/3rd/ShadowSocks/ShadowSocks/pcre/armv7s/share/man/man3/pcre32_jit_exec.3
@@ -0,0 +1 @@
+pcre_jit_exec.3
\ No newline at end of file
diff --git a/client/3rd/ShadowSocks/ShadowSocks/pcre/armv7s/share/man/man3/pcre32_jit_stack_alloc.3 b/client/3rd/ShadowSocks/ShadowSocks/pcre/armv7s/share/man/man3/pcre32_jit_stack_alloc.3
new file mode 120000
index 00000000..dab43b82
--- /dev/null
+++ b/client/3rd/ShadowSocks/ShadowSocks/pcre/armv7s/share/man/man3/pcre32_jit_stack_alloc.3
@@ -0,0 +1 @@
+pcre_jit_stack_alloc.3
\ No newline at end of file
diff --git a/client/3rd/ShadowSocks/ShadowSocks/pcre/armv7s/share/man/man3/pcre32_jit_stack_free.3 b/client/3rd/ShadowSocks/ShadowSocks/pcre/armv7s/share/man/man3/pcre32_jit_stack_free.3
new file mode 120000
index 00000000..e92aa310
--- /dev/null
+++ b/client/3rd/ShadowSocks/ShadowSocks/pcre/armv7s/share/man/man3/pcre32_jit_stack_free.3
@@ -0,0 +1 @@
+pcre_jit_stack_free.3
\ No newline at end of file
diff --git a/client/3rd/ShadowSocks/ShadowSocks/pcre/armv7s/share/man/man3/pcre32_maketables.3 b/client/3rd/ShadowSocks/ShadowSocks/pcre/armv7s/share/man/man3/pcre32_maketables.3
new file mode 120000
index 00000000..3b6308e2
--- /dev/null
+++ b/client/3rd/ShadowSocks/ShadowSocks/pcre/armv7s/share/man/man3/pcre32_maketables.3
@@ -0,0 +1 @@
+pcre_maketables.3
\ No newline at end of file
diff --git a/client/3rd/ShadowSocks/ShadowSocks/pcre/armv7s/share/man/man3/pcre32_pattern_to_host_byte_order.3 b/client/3rd/ShadowSocks/ShadowSocks/pcre/armv7s/share/man/man3/pcre32_pattern_to_host_byte_order.3
new file mode 120000
index 00000000..6540917e
--- /dev/null
+++ b/client/3rd/ShadowSocks/ShadowSocks/pcre/armv7s/share/man/man3/pcre32_pattern_to_host_byte_order.3
@@ -0,0 +1 @@
+pcre_pattern_to_host_byte_order.3
\ No newline at end of file
diff --git a/client/3rd/ShadowSocks/ShadowSocks/pcre/armv7s/share/man/man3/pcre32_refcount.3 b/client/3rd/ShadowSocks/ShadowSocks/pcre/armv7s/share/man/man3/pcre32_refcount.3
new file mode 120000
index 00000000..63cece3f
--- /dev/null
+++ b/client/3rd/ShadowSocks/ShadowSocks/pcre/armv7s/share/man/man3/pcre32_refcount.3
@@ -0,0 +1 @@
+pcre_refcount.3
\ No newline at end of file
diff --git a/client/3rd/ShadowSocks/ShadowSocks/pcre/armv7s/share/man/man3/pcre32_study.3 b/client/3rd/ShadowSocks/ShadowSocks/pcre/armv7s/share/man/man3/pcre32_study.3
new file mode 120000
index 00000000..9871217f
--- /dev/null
+++ b/client/3rd/ShadowSocks/ShadowSocks/pcre/armv7s/share/man/man3/pcre32_study.3
@@ -0,0 +1 @@
+pcre_study.3
\ No newline at end of file
diff --git a/client/3rd/ShadowSocks/ShadowSocks/pcre/armv7s/share/man/man3/pcre32_utf32_to_host_byte_order.3 b/client/3rd/ShadowSocks/ShadowSocks/pcre/armv7s/share/man/man3/pcre32_utf32_to_host_byte_order.3
new file mode 120000
index 00000000..e9699f5f
--- /dev/null
+++ b/client/3rd/ShadowSocks/ShadowSocks/pcre/armv7s/share/man/man3/pcre32_utf32_to_host_byte_order.3
@@ -0,0 +1 @@
+pcre_utf32_to_host_byte_order.3
\ No newline at end of file
diff --git a/client/3rd/ShadowSocks/ShadowSocks/pcre/armv7s/share/man/man3/pcre32_version.3 b/client/3rd/ShadowSocks/ShadowSocks/pcre/armv7s/share/man/man3/pcre32_version.3
new file mode 120000
index 00000000..c31893c6
--- /dev/null
+++ b/client/3rd/ShadowSocks/ShadowSocks/pcre/armv7s/share/man/man3/pcre32_version.3
@@ -0,0 +1 @@
+pcre_version.3
\ No newline at end of file
diff --git a/client/3rd/ShadowSocks/ShadowSocks/pcre/armv7s/share/man/man3/pcre_assign_jit_stack.3 b/client/3rd/ShadowSocks/ShadowSocks/pcre/armv7s/share/man/man3/pcre_assign_jit_stack.3
new file mode 100644
index 00000000..0ecf6f2c
--- /dev/null
+++ b/client/3rd/ShadowSocks/ShadowSocks/pcre/armv7s/share/man/man3/pcre_assign_jit_stack.3
@@ -0,0 +1,59 @@
+.TH PCRE_ASSIGN_JIT_STACK 3 "24 June 2012" "PCRE 8.30"
+.SH NAME
+PCRE - Perl-compatible regular expressions
+.SH SYNOPSIS
+.rs
+.sp
+.B #include <pcre.h>
+.PP
+.nf
+.B void pcre_assign_jit_stack(pcre_extra *\fIextra\fP,
+.B "     pcre_jit_callback \fIcallback\fP, void *\fIdata\fP);"
+.sp
+.B void pcre16_assign_jit_stack(pcre16_extra *\fIextra\fP,
+.B "     pcre16_jit_callback \fIcallback\fP, void *\fIdata\fP);"
+.sp
+.B void pcre32_assign_jit_stack(pcre32_extra *\fIextra\fP,
+.B "     pcre32_jit_callback \fIcallback\fP, void *\fIdata\fP);"
+.fi
+.
+.SH DESCRIPTION
+.rs
+.sp
+This function provides control over the memory used as a stack at run-time by a
+call to \fBpcre[16|32]_exec()\fP with a pattern that has been successfully
+compiled with JIT optimization. The arguments are:
+.sp
+  extra     the data pointer returned by \fBpcre[16|32]_study()\fP
+  callback  a callback function
+  data      a JIT stack or a value to be passed to the callback
+              function
+.P
+If \fIcallback\fP is NULL and \fIdata\fP is NULL, an internal 32K block on
+the machine stack is used.
+.P
+If \fIcallback\fP is NULL and \fIdata\fP is not NULL, \fIdata\fP must
+be a valid JIT stack, the result of calling \fBpcre[16|32]_jit_stack_alloc()\fP.
+.P
+If \fIcallback\fP not NULL, it is called with \fIdata\fP as an argument at
+the start of matching, in order to set up a JIT stack. If the result is NULL,
+the internal 32K stack is used; otherwise the return value must be a valid JIT
+stack, the result of calling \fBpcre[16|32]_jit_stack_alloc()\fP.
+.P
+You may safely assign the same JIT stack to multiple patterns, as long as they
+are all matched in the same thread. In a multithread application, each thread
+must use its own JIT stack. For more details, see the
+.\" HREF
+\fBpcrejit\fP
+.\"
+page.
+.P
+There is a complete description of the PCRE native API in the
+.\" HREF
+\fBpcreapi\fP
+.\"
+page and a description of the POSIX API in the
+.\" HREF
+\fBpcreposix\fP
+.\"
+page.
diff --git a/client/3rd/ShadowSocks/ShadowSocks/pcre/armv7s/share/man/man3/pcre_compile.3 b/client/3rd/ShadowSocks/ShadowSocks/pcre/armv7s/share/man/man3/pcre_compile.3
new file mode 100644
index 00000000..5c16ebe2
--- /dev/null
+++ b/client/3rd/ShadowSocks/ShadowSocks/pcre/armv7s/share/man/man3/pcre_compile.3
@@ -0,0 +1,96 @@
+.TH PCRE_COMPILE 3 "01 October 2013" "PCRE 8.34"
+.SH NAME
+PCRE - Perl-compatible regular expressions
+.SH SYNOPSIS
+.rs
+.sp
+.B #include <pcre.h>
+.PP
+.nf
+.B pcre *pcre_compile(const char *\fIpattern\fP, int \fIoptions\fP,
+.B "     const char **\fIerrptr\fP, int *\fIerroffset\fP,"
+.B "     const unsigned char *\fItableptr\fP);"
+.sp
+.B pcre16 *pcre16_compile(PCRE_SPTR16 \fIpattern\fP, int \fIoptions\fP,
+.B "     const char **\fIerrptr\fP, int *\fIerroffset\fP,"
+.B "     const unsigned char *\fItableptr\fP);"
+.sp
+.B pcre32 *pcre32_compile(PCRE_SPTR32 \fIpattern\fP, int \fIoptions\fP,
+.B "     const char **\fIerrptr\fP, int *\fIerroffset\fP,"
+.B "     const unsigned char *\fItableptr\fP);"
+.fi
+.
+.SH DESCRIPTION
+.rs
+.sp
+This function compiles a regular expression into an internal form. It is the
+same as \fBpcre[16|32]_compile2()\fP, except for the absence of the
+\fIerrorcodeptr\fP argument. Its arguments are:
+.sp
+  \fIpattern\fP       A zero-terminated string containing the
+                  regular expression to be compiled
+  \fIoptions\fP       Zero or more option bits
+  \fIerrptr\fP        Where to put an error message
+  \fIerroffset\fP     Offset in pattern where error was found
+  \fItableptr\fP      Pointer to character tables, or NULL to
+                  use the built-in default
+.sp
+The option bits are:
+.sp
+  PCRE_ANCHORED           Force pattern anchoring
+  PCRE_AUTO_CALLOUT       Compile automatic callouts
+  PCRE_BSR_ANYCRLF        \eR matches only CR, LF, or CRLF
+  PCRE_BSR_UNICODE        \eR matches all Unicode line endings
+  PCRE_CASELESS           Do caseless matching
+  PCRE_DOLLAR_ENDONLY     $ not to match newline at end
+  PCRE_DOTALL             . matches anything including NL
+  PCRE_DUPNAMES           Allow duplicate names for subpatterns
+  PCRE_EXTENDED           Ignore white space and # comments
+  PCRE_EXTRA              PCRE extra features
+                            (not much use currently)
+  PCRE_FIRSTLINE          Force matching to be before newline
+  PCRE_JAVASCRIPT_COMPAT  JavaScript compatibility
+  PCRE_MULTILINE          ^ and $ match newlines within data
+  PCRE_NEVER_UTF          Lock out UTF, e.g. via (*UTF)
+  PCRE_NEWLINE_ANY        Recognize any Unicode newline sequence
+  PCRE_NEWLINE_ANYCRLF    Recognize CR, LF, and CRLF as newline
+                            sequences
+  PCRE_NEWLINE_CR         Set CR as the newline sequence
+  PCRE_NEWLINE_CRLF       Set CRLF as the newline sequence
+  PCRE_NEWLINE_LF         Set LF as the newline sequence
+  PCRE_NO_AUTO_CAPTURE    Disable numbered capturing paren-
+                            theses (named ones available)
+  PCRE_NO_AUTO_POSSESS    Disable auto-possessification
+  PCRE_NO_START_OPTIMIZE  Disable match-time start optimizations
+  PCRE_NO_UTF16_CHECK     Do not check the pattern for UTF-16
+                            validity (only relevant if
+                            PCRE_UTF16 is set)
+  PCRE_NO_UTF32_CHECK     Do not check the pattern for UTF-32
+                            validity (only relevant if
+                            PCRE_UTF32 is set)
+  PCRE_NO_UTF8_CHECK      Do not check the pattern for UTF-8
+                            validity (only relevant if
+                            PCRE_UTF8 is set)
+  PCRE_UCP                Use Unicode properties for \ed, \ew, etc.
+  PCRE_UNGREEDY           Invert greediness of quantifiers
+  PCRE_UTF16              Run in \fBpcre16_compile()\fP UTF-16 mode
+  PCRE_UTF32              Run in \fBpcre32_compile()\fP UTF-32 mode
+  PCRE_UTF8               Run in \fBpcre_compile()\fP UTF-8 mode
+.sp
+PCRE must be built with UTF support in order to use PCRE_UTF8/16/32 and
+PCRE_NO_UTF8/16/32_CHECK, and with UCP support if PCRE_UCP is used.
+.P
+The yield of the function is a pointer to a private data structure that
+contains the compiled pattern, or NULL if an error was detected. Note that
+compiling regular expressions with one version of PCRE for use with a different
+version is not guaranteed to work and may cause crashes.
+.P
+There is a complete description of the PCRE native API in the
+.\" HREF
+\fBpcreapi\fP
+.\"
+page and a description of the POSIX API in the
+.\" HREF
+\fBpcreposix\fP
+.\"
+page.
diff --git a/client/3rd/ShadowSocks/ShadowSocks/pcre/armv7s/share/man/man3/pcre_compile2.3 b/client/3rd/ShadowSocks/ShadowSocks/pcre/armv7s/share/man/man3/pcre_compile2.3
new file mode 100644
index 00000000..37742018
--- /dev/null
+++ b/client/3rd/ShadowSocks/ShadowSocks/pcre/armv7s/share/man/man3/pcre_compile2.3
@@ -0,0 +1,101 @@
+.TH PCRE_COMPILE2 3 "01 October 2013" "PCRE 8.34"
+.SH NAME
+PCRE - Perl-compatible regular expressions
+.SH SYNOPSIS
+.rs
+.sp
+.B #include <pcre.h>
+.PP
+.nf
+.B pcre *pcre_compile2(const char *\fIpattern\fP, int \fIoptions\fP,
+.B "     int *\fIerrorcodeptr\fP,"
+.B "     const char **\fIerrptr\fP, int *\fIerroffset\fP,"
+.B "     const unsigned char *\fItableptr\fP);"
+.sp
+.B pcre16 *pcre16_compile2(PCRE_SPTR16 \fIpattern\fP, int \fIoptions\fP,
+.B "     int *\fIerrorcodeptr\fP,"
+.B "     const char **\fIerrptr\fP, int *\fIerroffset\fP,"
+.B "     const unsigned char *\fItableptr\fP);"
+.sp
+.B pcre32 *pcre32_compile2(PCRE_SPTR32 \fIpattern\fP, int \fIoptions\fP,
+.B "     int *\fIerrorcodeptr\fP,£
+.B "     const char **\fIerrptr\fP, int *\fIerroffset\fP,"
+.B "     const unsigned char *\fItableptr\fP);"
+.fi
+.
+.SH DESCRIPTION
+.rs
+.sp
+This function compiles a regular expression into an internal form. It is the
+same as \fBpcre[16|32]_compile()\fP, except for the addition of the
+\fIerrorcodeptr\fP argument. The arguments are:
+.
+.sp
+  \fIpattern\fP       A zero-terminated string containing the
+                  regular expression to be compiled
+  \fIoptions\fP       Zero or more option bits
+  \fIerrorcodeptr\fP  Where to put an error code
+  \fIerrptr\fP        Where to put an error message
+  \fIerroffset\fP     Offset in pattern where error was found
+  \fItableptr\fP      Pointer to character tables, or NULL to
+                  use the built-in default
+.sp
+The option bits are:
+.sp
+  PCRE_ANCHORED           Force pattern anchoring
+  PCRE_AUTO_CALLOUT       Compile automatic callouts
+  PCRE_BSR_ANYCRLF        \eR matches only CR, LF, or CRLF
+  PCRE_BSR_UNICODE        \eR matches all Unicode line endings
+  PCRE_CASELESS           Do caseless matching
+  PCRE_DOLLAR_ENDONLY     $ not to match newline at end
+  PCRE_DOTALL             . matches anything including NL
+  PCRE_DUPNAMES           Allow duplicate names for subpatterns
+  PCRE_EXTENDED           Ignore white space and # comments
+  PCRE_EXTRA              PCRE extra features
+                            (not much use currently)
+  PCRE_FIRSTLINE          Force matching to be before newline
+  PCRE_JAVASCRIPT_COMPAT  JavaScript compatibility
+  PCRE_MULTILINE          ^ and $ match newlines within data
+  PCRE_NEVER_UTF          Lock out UTF, e.g. via (*UTF)
+  PCRE_NEWLINE_ANY        Recognize any Unicode newline sequence
+  PCRE_NEWLINE_ANYCRLF    Recognize CR, LF, and CRLF as newline
+                            sequences
+  PCRE_NEWLINE_CR         Set CR as the newline sequence
+  PCRE_NEWLINE_CRLF       Set CRLF as the newline sequence
+  PCRE_NEWLINE_LF         Set LF as the newline sequence
+  PCRE_NO_AUTO_CAPTURE    Disable numbered capturing paren-
+                            theses (named ones available)
+  PCRE_NO_AUTO_POSSESS    Disable auto-possessification
+  PCRE_NO_START_OPTIMIZE  Disable match-time start optimizations
+  PCRE_NO_UTF16_CHECK     Do not check the pattern for UTF-16
+                            validity (only relevant if
+                            PCRE_UTF16 is set)
+  PCRE_NO_UTF32_CHECK     Do not check the pattern for UTF-32
+                            validity (only relevant if
+                            PCRE_UTF32 is set)
+  PCRE_NO_UTF8_CHECK      Do not check the pattern for UTF-8
+                            validity (only relevant if
+                            PCRE_UTF8 is set)
+  PCRE_UCP                Use Unicode properties for \ed, \ew, etc.
+  PCRE_UNGREEDY           Invert greediness of quantifiers
+  PCRE_UTF16              Run \fBpcre16_compile()\fP in UTF-16 mode
+  PCRE_UTF32              Run \fBpcre32_compile()\fP in UTF-32 mode
+  PCRE_UTF8               Run \fBpcre_compile()\fP in UTF-8 mode
+.sp
+PCRE must be built with UTF support in order to use PCRE_UTF8/16/32 and
+PCRE_NO_UTF8/16/32_CHECK, and with UCP support if PCRE_UCP is used.
+.P
+The yield of the function is a pointer to a private data structure that
+contains the compiled pattern, or NULL if an error was detected. Note that
+compiling regular expressions with one version of PCRE for use with a different
+version is not guaranteed to work and may cause crashes.
+.P
+There is a complete description of the PCRE native API in the
+.\" HREF
+\fBpcreapi\fP
+.\"
+page and a description of the POSIX API in the
+.\" HREF
+\fBpcreposix\fP
+.\"
+page.
diff --git a/client/3rd/ShadowSocks/ShadowSocks/pcre/armv7s/share/man/man3/pcre_config.3 b/client/3rd/ShadowSocks/ShadowSocks/pcre/armv7s/share/man/man3/pcre_config.3
new file mode 100644
index 00000000..d14ffdad
--- /dev/null
+++ b/client/3rd/ShadowSocks/ShadowSocks/pcre/armv7s/share/man/man3/pcre_config.3
@@ -0,0 +1,79 @@
+.TH PCRE_CONFIG 3 "20 April 2014" "PCRE 8.36"
+.SH NAME
+PCRE - Perl-compatible regular expressions
+.SH SYNOPSIS
+.rs
+.sp
+.B #include <pcre.h>
+.PP
+.SM
+.B int pcre_config(int \fIwhat\fP, void *\fIwhere\fP);
+.PP
+.B int pcre16_config(int \fIwhat\fP, void *\fIwhere\fP);
+.PP
+.B int pcre32_config(int \fIwhat\fP, void *\fIwhere\fP);
+.
+.SH DESCRIPTION
+.rs
+.sp
+This function makes it possible for a client program to find out which optional
+features are available in the version of the PCRE library it is using. The
+arguments are as follows:
+.sp
+  \fIwhat\fP     A code specifying what information is required
+  \fIwhere\fP    Points to where to put the data
+.sp
+The \fIwhere\fP argument must point to an integer variable, except for
+PCRE_CONFIG_MATCH_LIMIT, PCRE_CONFIG_MATCH_LIMIT_RECURSION, and
+PCRE_CONFIG_PARENS_LIMIT, when it must point to an unsigned long integer,
+and for PCRE_CONFIG_JITTARGET, when it must point to a const char*.
+The available codes are:
+.sp
+  PCRE_CONFIG_JIT           Availability of just-in-time compiler
+                              support (1=yes 0=no)
+  PCRE_CONFIG_JITTARGET     String containing information about the
+                              target architecture for the JIT compiler,
+                              or NULL if there is no JIT support
+  PCRE_CONFIG_LINK_SIZE     Internal link size: 2, 3, or 4
+  PCRE_CONFIG_PARENS_LIMIT  Parentheses nesting limit
+  PCRE_CONFIG_MATCH_LIMIT   Internal resource limit
+  PCRE_CONFIG_MATCH_LIMIT_RECURSION
+                            Internal recursion depth limit
+  PCRE_CONFIG_NEWLINE       Value of the default newline sequence:
+                                13 (0x000d)    for CR
+                                10 (0x000a)    for LF
+                              3338 (0x0d0a)    for CRLF
+                                -2             for ANYCRLF
+                                -1             for ANY
+  PCRE_CONFIG_BSR           Indicates what \eR matches by default:
+                                 0             all Unicode line endings
+                                 1             CR, LF, or CRLF only
+  PCRE_CONFIG_POSIX_MALLOC_THRESHOLD
+                            Threshold of return slots, above which
+                              \fBmalloc()\fP is used by the POSIX API
+  PCRE_CONFIG_STACKRECURSE  Recursion implementation (1=stack 0=heap)
+  PCRE_CONFIG_UTF16         Availability of UTF-16 support (1=yes
+                               0=no); option for \fBpcre16_config()\fP
+  PCRE_CONFIG_UTF32         Availability of UTF-32 support (1=yes
+                               0=no); option for \fBpcre32_config()\fP
+  PCRE_CONFIG_UTF8          Availability of UTF-8 support (1=yes 0=no);
+                              option for \fBpcre_config()\fP
+  PCRE_CONFIG_UNICODE_PROPERTIES
+                            Availability of Unicode property support
+                              (1=yes 0=no)
+.sp
+The function yields 0 on success or PCRE_ERROR_BADOPTION otherwise. That error
+is also given if PCRE_CONFIG_UTF16 or PCRE_CONFIG_UTF32 is passed to
+\fBpcre_config()\fP, if PCRE_CONFIG_UTF8 or PCRE_CONFIG_UTF32 is passed to
+\fBpcre16_config()\fP, or if PCRE_CONFIG_UTF8 or PCRE_CONFIG_UTF16 is passed to
+\fBpcre32_config()\fP.
+.P
+There is a complete description of the PCRE native API in the
+.\" HREF
+\fBpcreapi\fP
+.\"
+page and a description of the POSIX API in the
+.\" HREF
+\fBpcreposix\fP
+.\"
+page.
diff --git a/client/3rd/ShadowSocks/ShadowSocks/pcre/armv7s/share/man/man3/pcre_copy_named_substring.3 b/client/3rd/ShadowSocks/ShadowSocks/pcre/armv7s/share/man/man3/pcre_copy_named_substring.3
new file mode 100644
index 00000000..52582aec
--- /dev/null
+++ b/client/3rd/ShadowSocks/ShadowSocks/pcre/armv7s/share/man/man3/pcre_copy_named_substring.3
@@ -0,0 +1,51 @@
+.TH PCRE_COPY_NAMED_SUBSTRING 3 "24 June 2012" "PCRE 8.30"
+.SH NAME
+PCRE - Perl-compatible regular expressions
+.SH SYNOPSIS
+.rs
+.sp
+.B #include <pcre.h>
+.PP
+.nf
+.B int pcre_copy_named_substring(const pcre *\fIcode\fP,
+.B "     const char *\fIsubject\fP, int *\fIovector\fP,"
+.B "     int \fIstringcount\fP, const char *\fIstringname\fP,"
+.B "     char *\fIbuffer\fP, int \fIbuffersize\fP);"
+.sp
+.B int pcre16_copy_named_substring(const pcre16 *\fIcode\fP,
+.B "     PCRE_SPTR16 \fIsubject\fP, int *\fIovector\fP,"
+.B "     int \fIstringcount\fP, PCRE_SPTR16 \fIstringname\fP,"
+.B "     PCRE_UCHAR16 *\fIbuffer\fP, int \fIbuffersize\fP);"
+.sp
+.B int pcre32_copy_named_substring(const pcre32 *\fIcode\fP,
+.B "     PCRE_SPTR32 \fIsubject\fP, int *\fIovector\fP,"
+.B "     int \fIstringcount\fP, PCRE_SPTR32 \fIstringname\fP,"
+.B "     PCRE_UCHAR32 *\fIbuffer\fP, int \fIbuffersize\fP);"
+.fi
+.
+.SH DESCRIPTION
+.rs
+.sp
+This is a convenience function for extracting a captured substring, identified
+by name, into a given buffer. The arguments are:
+.sp
+  \fIcode\fP          Pattern that was successfully matched
+  \fIsubject\fP       Subject that has been successfully matched
+  \fIovector\fP       Offset vector that \fBpcre[16|32]_exec()\fP used
+  \fIstringcount\fP   Value returned by \fBpcre[16|32]_exec()\fP
+  \fIstringname\fP    Name of the required substring
+  \fIbuffer\fP        Buffer to receive the string
+  \fIbuffersize\fP    Size of buffer
+.sp
+The yield is the length of the substring, PCRE_ERROR_NOMEMORY if the buffer was
+too small, or PCRE_ERROR_NOSUBSTRING if the string name is invalid.
+.P
+There is a complete description of the PCRE native API in the
+.\" HREF
+\fBpcreapi\fP
+.\"
+page and a description of the POSIX API in the
+.\" HREF
+\fBpcreposix\fP
+.\"
+page.
diff --git a/client/3rd/ShadowSocks/ShadowSocks/pcre/armv7s/share/man/man3/pcre_copy_substring.3 b/client/3rd/ShadowSocks/ShadowSocks/pcre/armv7s/share/man/man3/pcre_copy_substring.3
new file mode 100644
index 00000000..83af6e80
--- /dev/null
+++ b/client/3rd/ShadowSocks/ShadowSocks/pcre/armv7s/share/man/man3/pcre_copy_substring.3
@@ -0,0 +1,47 @@
+.TH PCRE_COPY_SUBSTRING 3 "24 June 2012" "PCRE 8.30"
+.SH NAME
+PCRE - Perl-compatible regular expressions
+.SH SYNOPSIS
+.rs
+.sp
+.B #include <pcre.h>
+.PP
+.nf
+.B int pcre_copy_substring(const char *\fIsubject\fP, int *\fIovector\fP,
+.B "     int \fIstringcount\fP, int \fIstringnumber\fP, char *\fIbuffer\fP,"
+.B "     int \fIbuffersize\fP);"
+.sp
+.B int pcre16_copy_substring(PCRE_SPTR16 \fIsubject\fP, int *\fIovector\fP,
+.B "     int \fIstringcount\fP, int \fIstringnumber\fP, PCRE_UCHAR16 *\fIbuffer\fP,"
+.B "     int \fIbuffersize\fP);"
+.sp
+.B int pcre32_copy_substring(PCRE_SPTR32 \fIsubject\fP, int *\fIovector\fP,
+.B "     int \fIstringcount\fP, int \fIstringnumber\fP, PCRE_UCHAR32 *\fIbuffer\fP,"
+.B "     int \fIbuffersize\fP);"
+.fi
+.
+.SH DESCRIPTION
+.rs
+.sp
+This is a convenience function for extracting a captured substring into a given
+buffer. The arguments are:
+.sp
+  \fIsubject\fP       Subject that has been successfully matched
+  \fIovector\fP       Offset vector that \fBpcre[16|32]_exec()\fP used
+  \fIstringcount\fP   Value returned by \fBpcre[16|32]_exec()\fP
+  \fIstringnumber\fP  Number of the required substring
+  \fIbuffer\fP        Buffer to receive the string
+  \fIbuffersize\fP    Size of buffer
+.sp
+The yield is the length of the string, PCRE_ERROR_NOMEMORY if the buffer was
+too small, or PCRE_ERROR_NOSUBSTRING if the string number is invalid.
+.P
+There is a complete description of the PCRE native API in the
+.\" HREF
+\fBpcreapi\fP
+.\"
+page and a description of the POSIX API in the
+.\" HREF
+\fBpcreposix\fP
+.\"
+page.
diff --git a/client/3rd/ShadowSocks/ShadowSocks/pcre/armv7s/share/man/man3/pcre_dfa_exec.3 b/client/3rd/ShadowSocks/ShadowSocks/pcre/armv7s/share/man/man3/pcre_dfa_exec.3
new file mode 100644
index 00000000..39c2e836
--- /dev/null
+++ b/client/3rd/ShadowSocks/ShadowSocks/pcre/armv7s/share/man/man3/pcre_dfa_exec.3
@@ -0,0 +1,118 @@
+.TH PCRE_DFA_EXEC 3 "12 May 2013" "PCRE 8.33"
+.SH NAME
+PCRE - Perl-compatible regular expressions
+.SH SYNOPSIS
+.rs
+.sp
+.B #include <pcre.h>
+.PP
+.nf
+.B int pcre_dfa_exec(const pcre *\fIcode\fP, "const pcre_extra *\fIextra\fP,"
+.B "     const char *\fIsubject\fP, int \fIlength\fP, int \fIstartoffset\fP,"
+.B "     int \fIoptions\fP, int *\fIovector\fP, int \fIovecsize\fP,"
+.B "     int *\fIworkspace\fP, int \fIwscount\fP);"
+.sp
+.B int pcre16_dfa_exec(const pcre16 *\fIcode\fP, "const pcre16_extra *\fIextra\fP,"
+.B "     PCRE_SPTR16 \fIsubject\fP, int \fIlength\fP, int \fIstartoffset\fP,"
+.B "     int \fIoptions\fP, int *\fIovector\fP, int \fIovecsize\fP,"
+.B "     int *\fIworkspace\fP, int \fIwscount\fP);"
+.sp
+.B int pcre32_dfa_exec(const pcre32 *\fIcode\fP, "const pcre32_extra *\fIextra\fP,"
+.B "     PCRE_SPTR32 \fIsubject\fP, int \fIlength\fP, int \fIstartoffset\fP,"
+.B "     int \fIoptions\fP, int *\fIovector\fP, int \fIovecsize\fP,"
+.B "     int *\fIworkspace\fP, int \fIwscount\fP);"
+.fi
+.
+.SH DESCRIPTION
+.rs
+.sp
+This function matches a compiled regular expression against a given subject
+string, using an alternative matching algorithm that scans the subject string
+just once (\fInot\fP Perl-compatible). Note that the main, Perl-compatible,
+matching function is \fBpcre[16|32]_exec()\fP. The arguments for this function
+are:
+.sp
+  \fIcode\fP         Points to the compiled pattern
+  \fIextra\fP        Points to an associated \fBpcre[16|32]_extra\fP structure,
+                 or is NULL
+  \fIsubject\fP      Points to the subject string
+  \fIlength\fP       Length of the subject string
+  \fIstartoffset\fP  Offset in the subject at which to start matching
+  \fIoptions\fP      Option bits
+  \fIovector\fP      Points to a vector of ints for result offsets
+  \fIovecsize\fP     Number of elements in the vector
+  \fIworkspace\fP    Points to a vector of ints used as working space
+  \fIwscount\fP      Number of elements in the vector
+.sp
+The units for \fIlength\fP and \fIstartoffset\fP are bytes for
+\fBpcre_exec()\fP, 16-bit data items for \fBpcre16_exec()\fP, and 32-bit items
+for \fBpcre32_exec()\fP. The options are:
+.sp
+  PCRE_ANCHORED          Match only at the first position
+  PCRE_BSR_ANYCRLF       \eR matches only CR, LF, or CRLF
+  PCRE_BSR_UNICODE       \eR matches all Unicode line endings
+  PCRE_NEWLINE_ANY       Recognize any Unicode newline sequence
+  PCRE_NEWLINE_ANYCRLF   Recognize CR, LF, & CRLF as newline sequences
+  PCRE_NEWLINE_CR        Recognize CR as the only newline sequence
+  PCRE_NEWLINE_CRLF      Recognize CRLF as the only newline sequence
+  PCRE_NEWLINE_LF        Recognize LF as the only newline sequence
+  PCRE_NOTBOL            Subject is not the beginning of a line
+  PCRE_NOTEOL            Subject is not the end of a line
+  PCRE_NOTEMPTY          An empty string is not a valid match
+  PCRE_NOTEMPTY_ATSTART  An empty string at the start of the subject
+                           is not a valid match
+  PCRE_NO_START_OPTIMIZE Do not do "start-match" optimizations
+  PCRE_NO_UTF16_CHECK    Do not check the subject for UTF-16
+                           validity (only relevant if PCRE_UTF16
+                           was set at compile time)
+  PCRE_NO_UTF32_CHECK    Do not check the subject for UTF-32
+                           validity (only relevant if PCRE_UTF32
+                           was set at compile time)
+  PCRE_NO_UTF8_CHECK     Do not check the subject for UTF-8
+                           validity (only relevant if PCRE_UTF8
+                           was set at compile time)
+  PCRE_PARTIAL           ) Return PCRE_ERROR_PARTIAL for a partial
+  PCRE_PARTIAL_SOFT      )   match if no full matches are found
+  PCRE_PARTIAL_HARD      Return PCRE_ERROR_PARTIAL for a partial match
+                           even if there is a full match as well
+  PCRE_DFA_SHORTEST      Return only the shortest match
+  PCRE_DFA_RESTART       Restart after a partial match
+.sp
+There are restrictions on what may appear in a pattern when using this matching
+function. Details are given in the
+.\" HREF
+\fBpcrematching\fP
+.\"
+documentation. For details of partial matching, see the
+.\" HREF
+\fBpcrepartial\fP
+.\"
+page.
+.P
+A \fBpcre[16|32]_extra\fP structure contains the following fields:
+.sp
+  \fIflags\fP            Bits indicating which fields are set
+  \fIstudy_data\fP       Opaque data from \fBpcre[16|32]_study()\fP
+  \fImatch_limit\fP      Limit on internal resource use
+  \fImatch_limit_recursion\fP  Limit on internal recursion depth
+  \fIcallout_data\fP     Opaque data passed back to callouts
+  \fItables\fP           Points to character tables or is NULL
+  \fImark\fP             For passing back a *MARK pointer
+  \fIexecutable_jit\fP   Opaque data from JIT compilation
+.sp
+The flag bits are PCRE_EXTRA_STUDY_DATA, PCRE_EXTRA_MATCH_LIMIT,
+PCRE_EXTRA_MATCH_LIMIT_RECURSION, PCRE_EXTRA_CALLOUT_DATA,
+PCRE_EXTRA_TABLES, PCRE_EXTRA_MARK and PCRE_EXTRA_EXECUTABLE_JIT. For this
+matching function, the \fImatch_limit\fP and \fImatch_limit_recursion\fP fields
+are not used, and must not be set. The PCRE_EXTRA_EXECUTABLE_JIT flag and
+the corresponding variable are ignored.
+.P
+There is a complete description of the PCRE native API in the
+.\" HREF
+\fBpcreapi\fP
+.\"
+page and a description of the POSIX API in the
+.\" HREF
+\fBpcreposix\fP
+.\"
+page.
diff --git a/client/3rd/ShadowSocks/ShadowSocks/pcre/armv7s/share/man/man3/pcre_exec.3 b/client/3rd/ShadowSocks/ShadowSocks/pcre/armv7s/share/man/man3/pcre_exec.3
new file mode 100644
index 00000000..4686bd6d
--- /dev/null
+++ b/client/3rd/ShadowSocks/ShadowSocks/pcre/armv7s/share/man/man3/pcre_exec.3
@@ -0,0 +1,99 @@
+.TH PCRE_EXEC 3 "12 May 2013" "PCRE 8.33"
+.SH NAME
+PCRE - Perl-compatible regular expressions
+.SH SYNOPSIS
+.rs
+.sp
+.B #include <pcre.h>
+.PP
+.nf
+.B int pcre_exec(const pcre *\fIcode\fP, "const pcre_extra *\fIextra\fP,"
+.B "     const char *\fIsubject\fP, int \fIlength\fP, int \fIstartoffset\fP,"
+.B "     int \fIoptions\fP, int *\fIovector\fP, int \fIovecsize\fP);"
+.sp
+.B int pcre16_exec(const pcre16 *\fIcode\fP, "const pcre16_extra *\fIextra\fP,"
+.B "     PCRE_SPTR16 \fIsubject\fP, int \fIlength\fP, int \fIstartoffset\fP,"
+.B "     int \fIoptions\fP, int *\fIovector\fP, int \fIovecsize\fP);"
+.sp
+.B int pcre32_exec(const pcre32 *\fIcode\fP, "const pcre32_extra *\fIextra\fP,"
+.B "     PCRE_SPTR32 \fIsubject\fP, int \fIlength\fP, int \fIstartoffset\fP,"
+.B "     int \fIoptions\fP, int *\fIovector\fP, int \fIovecsize\fP);"
+.fi
+.
+.SH DESCRIPTION
+.rs
+.sp
+This function matches a compiled regular expression against a given subject
+string, using a matching algorithm that is similar to Perl's. It returns
+offsets to captured substrings. Its arguments are:
+.sp
+  \fIcode\fP         Points to the compiled pattern
+  \fIextra\fP        Points to an associated \fBpcre[16|32]_extra\fP structure,
+                 or is NULL
+  \fIsubject\fP      Points to the subject string
+  \fIlength\fP       Length of the subject string
+  \fIstartoffset\fP  Offset in the subject at which to start matching
+  \fIoptions\fP      Option bits
+  \fIovector\fP      Points to a vector of ints for result offsets
+  \fIovecsize\fP     Number of elements in the vector (a multiple of 3)
+.sp
+The units for \fIlength\fP and \fIstartoffset\fP are bytes for
+\fBpcre_exec()\fP, 16-bit data items for \fBpcre16_exec()\fP, and 32-bit items
+for \fBpcre32_exec()\fP. The options are:
+.sp
+  PCRE_ANCHORED          Match only at the first position
+  PCRE_BSR_ANYCRLF       \eR matches only CR, LF, or CRLF
+  PCRE_BSR_UNICODE       \eR matches all Unicode line endings
+  PCRE_NEWLINE_ANY       Recognize any Unicode newline sequence
+  PCRE_NEWLINE_ANYCRLF   Recognize CR, LF, & CRLF as newline sequences
+  PCRE_NEWLINE_CR        Recognize CR as the only newline sequence
+  PCRE_NEWLINE_CRLF      Recognize CRLF as the only newline sequence
+  PCRE_NEWLINE_LF        Recognize LF as the only newline sequence
+  PCRE_NOTBOL            Subject string is not the beginning of a line
+  PCRE_NOTEOL            Subject string is not the end of a line
+  PCRE_NOTEMPTY          An empty string is not a valid match
+  PCRE_NOTEMPTY_ATSTART  An empty string at the start of the subject
+                           is not a valid match
+  PCRE_NO_START_OPTIMIZE Do not do "start-match" optimizations
+  PCRE_NO_UTF16_CHECK    Do not check the subject for UTF-16
+                           validity (only relevant if PCRE_UTF16
+                           was set at compile time)
+  PCRE_NO_UTF32_CHECK    Do not check the subject for UTF-32
+                           validity (only relevant if PCRE_UTF32
+                           was set at compile time)
+  PCRE_NO_UTF8_CHECK     Do not check the subject for UTF-8
+                           validity (only relevant if PCRE_UTF8
+                           was set at compile time)
+  PCRE_PARTIAL           ) Return PCRE_ERROR_PARTIAL for a partial
+  PCRE_PARTIAL_SOFT      )   match if no full matches are found
+  PCRE_PARTIAL_HARD      Return PCRE_ERROR_PARTIAL for a partial match
+                           if that is found before a full match
+.sp
+For details of partial matching, see the
+.\" HREF
+\fBpcrepartial\fP
+.\"
+page. A \fBpcre_extra\fP structure contains the following fields:
+.sp
+  \fIflags\fP            Bits indicating which fields are set
+  \fIstudy_data\fP       Opaque data from \fBpcre[16|32]_study()\fP
+  \fImatch_limit\fP      Limit on internal resource use
+  \fImatch_limit_recursion\fP  Limit on internal recursion depth
+  \fIcallout_data\fP     Opaque data passed back to callouts
+  \fItables\fP           Points to character tables or is NULL
+  \fImark\fP             For passing back a *MARK pointer
+  \fIexecutable_jit\fP   Opaque data from JIT compilation
+.sp
+The flag bits are PCRE_EXTRA_STUDY_DATA, PCRE_EXTRA_MATCH_LIMIT,
+PCRE_EXTRA_MATCH_LIMIT_RECURSION, PCRE_EXTRA_CALLOUT_DATA,
+PCRE_EXTRA_TABLES, PCRE_EXTRA_MARK and PCRE_EXTRA_EXECUTABLE_JIT.
+.P
+There is a complete description of the PCRE native API in the
+.\" HREF
+\fBpcreapi\fP
+.\"
+page and a description of the POSIX API in the
+.\" HREF
+\fBpcreposix\fP
+.\"
+page.
diff --git a/client/3rd/ShadowSocks/ShadowSocks/pcre/armv7s/share/man/man3/pcre_free_study.3 b/client/3rd/ShadowSocks/ShadowSocks/pcre/armv7s/share/man/man3/pcre_free_study.3
new file mode 100644
index 00000000..8826b735
--- /dev/null
+++ b/client/3rd/ShadowSocks/ShadowSocks/pcre/armv7s/share/man/man3/pcre_free_study.3
@@ -0,0 +1,31 @@
+.TH PCRE_FREE_STUDY 3 "24 June 2012" "PCRE 8.30"
+.SH NAME
+PCRE - Perl-compatible regular expressions
+.SH SYNOPSIS
+.rs
+.sp
+.B #include <pcre.h>
+.PP
+.SM
+.B void pcre_free_study(pcre_extra *\fIextra\fP);
+.PP
+.B void pcre16_free_study(pcre16_extra *\fIextra\fP);
+.PP
+.B void pcre32_free_study(pcre32_extra *\fIextra\fP);
+.
+.SH DESCRIPTION
+.rs
+.sp
+This function is used to free the memory used for the data generated by a call
+to \fBpcre[16|32]_study()\fP when it is no longer needed. The argument must be the
+result of such a call.
+.P
+There is a complete description of the PCRE native API in the
+.\" HREF
+\fBpcreapi\fP
+.\"
+page and a description of the POSIX API in the
+.\" HREF
+\fBpcreposix\fP
+.\"
+page.
diff --git a/client/3rd/ShadowSocks/ShadowSocks/pcre/armv7s/share/man/man3/pcre_free_substring.3 b/client/3rd/ShadowSocks/ShadowSocks/pcre/armv7s/share/man/man3/pcre_free_substring.3
new file mode 100644
index 00000000..88c04019
--- /dev/null
+++ b/client/3rd/ShadowSocks/ShadowSocks/pcre/armv7s/share/man/man3/pcre_free_substring.3
@@ -0,0 +1,31 @@
+.TH PCRE_FREE_SUBSTRING 3 "24 June 2012" "PCRE 8.30"
+.SH NAME
+PCRE - Perl-compatible regular expressions
+.SH SYNOPSIS
+.rs
+.sp
+.B #include <pcre.h>
+.PP
+.SM
+.B void pcre_free_substring(const char *\fIstringptr\fP);
+.PP
+.B void pcre16_free_substring(PCRE_SPTR16 \fIstringptr\fP);
+.PP
+.B void pcre32_free_substring(PCRE_SPTR32 \fIstringptr\fP);
+.
+.SH DESCRIPTION
+.rs
+.sp
+This is a convenience function for freeing the store obtained by a previous
+call to \fBpcre[16|32]_get_substring()\fP or \fBpcre[16|32]_get_named_substring()\fP.
+Its only argument is a pointer to the string.
+.P
+There is a complete description of the PCRE native API in the
+.\" HREF
+\fBpcreapi\fP
+.\"
+page and a description of the POSIX API in the
+.\" HREF
+\fBpcreposix\fP
+.\"
+page.
diff --git a/client/3rd/ShadowSocks/ShadowSocks/pcre/armv7s/share/man/man3/pcre_free_substring_list.3 b/client/3rd/ShadowSocks/ShadowSocks/pcre/armv7s/share/man/man3/pcre_free_substring_list.3
new file mode 100644
index 00000000..248b4bd0
--- /dev/null
+++ b/client/3rd/ShadowSocks/ShadowSocks/pcre/armv7s/share/man/man3/pcre_free_substring_list.3
@@ -0,0 +1,31 @@
+.TH PCRE_FREE_SUBSTRING_LIST 3 "24 June 2012" "PCRE 8.30"
+.SH NAME
+PCRE - Perl-compatible regular expressions
+.SH SYNOPSIS
+.rs
+.sp
+.B #include <pcre.h>
+.PP
+.SM
+.B void pcre_free_substring_list(const char **\fIstringptr\fP);
+.PP
+.B void pcre16_free_substring_list(PCRE_SPTR16 *\fIstringptr\fP);
+.PP
+.B void pcre32_free_substring_list(PCRE_SPTR32 *\fIstringptr\fP);
+.
+.SH DESCRIPTION
+.rs
+.sp
+This is a convenience function for freeing the store obtained by a previous
+call to \fBpcre[16|32]_get_substring_list()\fP. Its only argument is a pointer to
+the list of string pointers.
+.P
+There is a complete description of the PCRE native API in the
+.\" HREF
+\fBpcreapi\fP
+.\"
+page and a description of the POSIX API in the
+.\" HREF
+\fBpcreposix\fP
+.\"
+page.
diff --git a/client/3rd/ShadowSocks/ShadowSocks/pcre/armv7s/share/man/man3/pcre_fullinfo.3 b/client/3rd/ShadowSocks/ShadowSocks/pcre/armv7s/share/man/man3/pcre_fullinfo.3
new file mode 100644
index 00000000..c9b2c656
--- /dev/null
+++ b/client/3rd/ShadowSocks/ShadowSocks/pcre/armv7s/share/man/man3/pcre_fullinfo.3
@@ -0,0 +1,103 @@
+.TH PCRE_FULLINFO 3 "21 April 2014" "PCRE 8.36"
+.SH NAME
+PCRE - Perl-compatible regular expressions
+.SH SYNOPSIS
+.rs
+.sp
+.B #include <pcre.h>
+.PP
+.nf
+.B int pcre_fullinfo(const pcre *\fIcode\fP, "const pcre_extra *\fIextra\fP,"
+.B "     int \fIwhat\fP, void *\fIwhere\fP);"
+.sp
+.B int pcre16_fullinfo(const pcre16 *\fIcode\fP, "const pcre16_extra *\fIextra\fP,"
+.B "     int \fIwhat\fP, void *\fIwhere\fP);"
+.sp
+.B int pcre32_fullinfo(const pcre32 *\fIcode\fP, "const pcre32_extra *\fIextra\fP,"
+.B "     int \fIwhat\fP, void *\fIwhere\fP);"
+.fi
+.
+.SH DESCRIPTION
+.rs
+.sp
+This function returns information about a compiled pattern. Its arguments are:
+.sp
+  \fIcode\fP                      Compiled regular expression
+  \fIextra\fP                     Result of \fBpcre[16|32]_study()\fP or NULL
+  \fIwhat\fP                      What information is required
+  \fIwhere\fP                     Where to put the information
+.sp
+The following information is available:
+.sp
+  PCRE_INFO_BACKREFMAX      Number of highest back reference
+  PCRE_INFO_CAPTURECOUNT    Number of capturing subpatterns
+  PCRE_INFO_DEFAULT_TABLES  Pointer to default tables
+  PCRE_INFO_FIRSTBYTE       Fixed first data unit for a match, or
+                              -1 for start of string
+                                 or after newline, or
+                              -2 otherwise
+  PCRE_INFO_FIRSTTABLE      Table of first data units (after studying)
+  PCRE_INFO_HASCRORLF       Return 1 if explicit CR or LF matches exist
+  PCRE_INFO_JCHANGED        Return 1 if (?J) or (?-J) was used
+  PCRE_INFO_JIT             Return 1 after successful JIT compilation
+  PCRE_INFO_JITSIZE         Size of JIT compiled code
+  PCRE_INFO_LASTLITERAL     Literal last data unit required
+  PCRE_INFO_MINLENGTH       Lower bound length of matching strings
+  PCRE_INFO_MATCHEMPTY      Return 1 if the pattern can match an empty string,
+                               0 otherwise
+  PCRE_INFO_MATCHLIMIT      Match limit if set, otherwise PCRE_RROR_UNSET
+  PCRE_INFO_MAXLOOKBEHIND   Length (in characters) of the longest lookbehind assertion
+  PCRE_INFO_NAMECOUNT       Number of named subpatterns
+  PCRE_INFO_NAMEENTRYSIZE   Size of name table entry
+  PCRE_INFO_NAMETABLE       Pointer to name table
+  PCRE_INFO_OKPARTIAL       Return 1 if partial matching can be tried
+                              (always returns 1 after release 8.00)
+  PCRE_INFO_OPTIONS         Option bits used for compilation
+  PCRE_INFO_SIZE            Size of compiled pattern
+  PCRE_INFO_STUDYSIZE       Size of study data
+  PCRE_INFO_FIRSTCHARACTER      Fixed first data unit for a match
+  PCRE_INFO_FIRSTCHARACTERFLAGS Returns
+                                  1 if there is a first data character set, which can
+                                    then be retrieved using PCRE_INFO_FIRSTCHARACTER,
+                                  2 if the first character is at the start of the data
+                                    string or after a newline, and
+                                  0 otherwise
+  PCRE_INFO_RECURSIONLIMIT    Recursion limit if set, otherwise PCRE_ERROR_UNSET
+  PCRE_INFO_REQUIREDCHAR      Literal last data unit required
+  PCRE_INFO_REQUIREDCHARFLAGS Returns 1 if the last data character is set (which can then
+                              be retrieved using PCRE_INFO_REQUIREDCHAR); 0 otherwise
+.sp
+The \fIwhere\fP argument must point to an integer variable, except for the
+following \fIwhat\fP values:
+.sp
+  PCRE_INFO_DEFAULT_TABLES  const uint8_t *
+  PCRE_INFO_FIRSTCHARACTER  uint32_t
+  PCRE_INFO_FIRSTTABLE      const uint8_t *
+  PCRE_INFO_JITSIZE         size_t
+  PCRE_INFO_MATCHLIMIT      uint32_t
+  PCRE_INFO_NAMETABLE       PCRE_SPTR16           (16-bit library)
+  PCRE_INFO_NAMETABLE       PCRE_SPTR32           (32-bit library)
+  PCRE_INFO_NAMETABLE       const unsigned char * (8-bit library)
+  PCRE_INFO_OPTIONS         unsigned long int
+  PCRE_INFO_SIZE            size_t
+  PCRE_INFO_STUDYSIZE       size_t
+  PCRE_INFO_RECURSIONLIMIT  uint32_t
+  PCRE_INFO_REQUIREDCHAR    uint32_t
+.sp
+The yield of the function is zero on success or:
+.sp
+  PCRE_ERROR_NULL           the argument \fIcode\fP was NULL
+                            the argument \fIwhere\fP was NULL
+  PCRE_ERROR_BADMAGIC       the "magic number" was not found
+  PCRE_ERROR_BADOPTION      the value of \fIwhat\fP was invalid
+  PCRE_ERROR_UNSET          the option was not set
+.P
+There is a complete description of the PCRE native API in the
+.\" HREF
+\fBpcreapi\fP
+.\"
+page and a description of the POSIX API in the
+.\" HREF
+\fBpcreposix\fP
+.\"
+page.
diff --git a/client/3rd/ShadowSocks/ShadowSocks/pcre/armv7s/share/man/man3/pcre_get_named_substring.3 b/client/3rd/ShadowSocks/ShadowSocks/pcre/armv7s/share/man/man3/pcre_get_named_substring.3
new file mode 100644
index 00000000..84d4ee7d
--- /dev/null
+++ b/client/3rd/ShadowSocks/ShadowSocks/pcre/armv7s/share/man/man3/pcre_get_named_substring.3
@@ -0,0 +1,54 @@
+.TH PCRE_GET_NAMED_SUBSTRING 3 "24 June 2012" "PCRE 8.30"
+.SH NAME
+PCRE - Perl-compatible regular expressions
+.SH SYNOPSIS
+.rs
+.sp
+.B #include <pcre.h>
+.PP
+.nf
+.B int pcre_get_named_substring(const pcre *\fIcode\fP,
+.B "     const char *\fIsubject\fP, int *\fIovector\fP,"
+.B "     int \fIstringcount\fP, const char *\fIstringname\fP,"
+.B "     const char **\fIstringptr\fP);"
+.sp
+.B int pcre16_get_named_substring(const pcre16 *\fIcode\fP,
+.B "     PCRE_SPTR16 \fIsubject\fP, int *\fIovector\fP,"
+.B "     int \fIstringcount\fP, PCRE_SPTR16 \fIstringname\fP,"
+.B "     PCRE_SPTR16 *\fIstringptr\fP);"
+.sp
+.B int pcre32_get_named_substring(const pcre32 *\fIcode\fP,
+.B "     PCRE_SPTR32 \fIsubject\fP, int *\fIovector\fP,"
+.B "     int \fIstringcount\fP, PCRE_SPTR32 \fIstringname\fP,"
+.B "     PCRE_SPTR32 *\fIstringptr\fP);"
+.fi
+.
+.SH DESCRIPTION
+.rs
+.sp
+This is a convenience function for extracting a captured substring by name. The
+arguments are:
+.sp
+  \fIcode\fP          Compiled pattern
+  \fIsubject\fP       Subject that has been successfully matched
+  \fIovector\fP       Offset vector that \fBpcre[16|32]_exec()\fP used
+  \fIstringcount\fP   Value returned by \fBpcre[16|32]_exec()\fP
+  \fIstringname\fP    Name of the required substring
+  \fIstringptr\fP     Where to put the string pointer
+.sp
+The memory in which the substring is placed is obtained by calling
+\fBpcre[16|32]_malloc()\fP. The convenience function
+\fBpcre[16|32]_free_substring()\fP can be used to free it when it is no longer
+needed. The yield of the function is the length of the extracted substring,
+PCRE_ERROR_NOMEMORY if sufficient memory could not be obtained, or
+PCRE_ERROR_NOSUBSTRING if the string name is invalid.
+.P
+There is a complete description of the PCRE native API in the
+.\" HREF
+\fBpcreapi\fP
+.\"
+page and a description of the POSIX API in the
+.\" HREF
+\fBpcreposix\fP
+.\"
+page.
diff --git a/client/3rd/ShadowSocks/ShadowSocks/pcre/armv7s/share/man/man3/pcre_get_stringnumber.3 b/client/3rd/ShadowSocks/ShadowSocks/pcre/armv7s/share/man/man3/pcre_get_stringnumber.3
new file mode 100644
index 00000000..9fc5291d
--- /dev/null
+++ b/client/3rd/ShadowSocks/ShadowSocks/pcre/armv7s/share/man/man3/pcre_get_stringnumber.3
@@ -0,0 +1,43 @@
+.TH PCRE_GET_STRINGNUMBER 3 "24 June 2012" "PCRE 8.30"
+.SH NAME
+PCRE - Perl-compatible regular expressions
+.SH SYNOPSIS
+.rs
+.sp
+.B #include <pcre.h>
+.PP
+.nf
+.B int pcre_get_stringnumber(const pcre *\fIcode\fP,
+.B "     const char *\fIname\fP);"
+.sp
+.B int pcre16_get_stringnumber(const pcre16 *\fIcode\fP,
+.B "     PCRE_SPTR16 \fIname\fP);"
+.sp
+.B int pcre32_get_stringnumber(const pcre32 *\fIcode\fP,
+.B "     PCRE_SPTR32 \fIname\fP);"
+.fi
+.
+.SH DESCRIPTION
+.rs
+.sp
+This convenience function finds the number of a named substring capturing
+parenthesis in a compiled pattern. Its arguments are:
+.sp
+  \fIcode\fP    Compiled regular expression
+  \fIname\fP    Name whose number is required
+.sp
+The yield of the function is the number of the parenthesis if the name is
+found, or PCRE_ERROR_NOSUBSTRING otherwise. When duplicate names are allowed
+(PCRE_DUPNAMES is set), it is not defined which of the numbers is returned by
+\fBpcre[16|32]_get_stringnumber()\fP. You can obtain the complete list by calling
+\fBpcre[16|32]_get_stringtable_entries()\fP.
+.P
+There is a complete description of the PCRE native API in the
+.\" HREF
+\fBpcreapi\fP
+.\"
+page and a description of the POSIX API in the
+.\" HREF
+\fBpcreposix\fP
+.\"
+page.
diff --git a/client/3rd/ShadowSocks/ShadowSocks/pcre/armv7s/share/man/man3/pcre_get_stringtable_entries.3 b/client/3rd/ShadowSocks/ShadowSocks/pcre/armv7s/share/man/man3/pcre_get_stringtable_entries.3
new file mode 100644
index 00000000..5c58c90c
--- /dev/null
+++ b/client/3rd/ShadowSocks/ShadowSocks/pcre/armv7s/share/man/man3/pcre_get_stringtable_entries.3
@@ -0,0 +1,46 @@
+.TH PCRE_GET_STRINGTABLE_ENTRIES 3 "24 June 2012" "PCRE 8.30"
+.SH NAME
+PCRE - Perl-compatible regular expressions
+.SH SYNOPSIS
+.rs
+.sp
+.B #include <pcre.h>
+.PP
+.nf
+.B int pcre_get_stringtable_entries(const pcre *\fIcode\fP,
+.B "     const char *\fIname\fP, char **\fIfirst\fP, char **\fIlast\fP);"
+.sp
+.B int pcre16_get_stringtable_entries(const pcre16 *\fIcode\fP,
+.B "     PCRE_SPTR16 \fIname\fP, PCRE_UCHAR16 **\fIfirst\fP, PCRE_UCHAR16 **\fIlast\fP);"
+.sp
+.B int pcre32_get_stringtable_entries(const pcre32 *\fIcode\fP,
+.B "     PCRE_SPTR32 \fIname\fP, PCRE_UCHAR32 **\fIfirst\fP, PCRE_UCHAR32 **\fIlast\fP);"
+.fi
+.
+.SH DESCRIPTION
+.rs
+.sp
+This convenience function finds, for a compiled pattern, the first and last
+entries for a given name in the table that translates capturing parenthesis
+names into numbers. When names are required to be unique (PCRE_DUPNAMES is
+\fInot\fP set), it is usually easier to use \fBpcre[16|32]_get_stringnumber()\fP
+instead.
+.sp
+  \fIcode\fP    Compiled regular expression
+  \fIname\fP    Name whose entries required
+  \fIfirst\fP   Where to return a pointer to the first entry
+  \fIlast\fP    Where to return a pointer to the last entry
+.sp
+The yield of the function is the length of each entry, or
+PCRE_ERROR_NOSUBSTRING if none are found.
+.P
+There is a complete description of the PCRE native API, including the format of
+the table entries, in the
+.\" HREF
+\fBpcreapi\fP
+.\"
+page, and a description of the POSIX API in the
+.\" HREF
+\fBpcreposix\fP
+.\"
+page.
diff --git a/client/3rd/ShadowSocks/ShadowSocks/pcre/armv7s/share/man/man3/pcre_get_substring.3 b/client/3rd/ShadowSocks/ShadowSocks/pcre/armv7s/share/man/man3/pcre_get_substring.3
new file mode 100644
index 00000000..1e62b2c0
--- /dev/null
+++ b/client/3rd/ShadowSocks/ShadowSocks/pcre/armv7s/share/man/man3/pcre_get_substring.3
@@ -0,0 +1,50 @@
+.TH PCRE_GET_SUBSTRING 3 "24 June 2012" "PCRE 8.30"
+.SH NAME
+PCRE - Perl-compatible regular expressions
+.SH SYNOPSIS
+.rs
+.sp
+.B #include <pcre.h>
+.PP
+.nf
+.B int pcre_get_substring(const char *\fIsubject\fP, int *\fIovector\fP,
+.B "     int \fIstringcount\fP, int \fIstringnumber\fP,"
+.B "     const char **\fIstringptr\fP);"
+.sp
+.B int pcre16_get_substring(PCRE_SPTR16 \fIsubject\fP, int *\fIovector\fP,
+.B "     int \fIstringcount\fP, int \fIstringnumber\fP,"
+.B "     PCRE_SPTR16 *\fIstringptr\fP);"
+.sp
+.B int pcre32_get_substring(PCRE_SPTR32 \fIsubject\fP, int *\fIovector\fP,
+.B "     int \fIstringcount\fP, int \fIstringnumber\fP,"
+.B "     PCRE_SPTR32 *\fIstringptr\fP);"
+.fi
+.
+.SH DESCRIPTION
+.rs
+.sp
+This is a convenience function for extracting a captured substring. The
+arguments are:
+.sp
+  \fIsubject\fP       Subject that has been successfully matched
+  \fIovector\fP       Offset vector that \fBpcre[16|32]_exec()\fP used
+  \fIstringcount\fP   Value returned by \fBpcre[16|32]_exec()\fP
+  \fIstringnumber\fP  Number of the required substring
+  \fIstringptr\fP     Where to put the string pointer
+.sp
+The memory in which the substring is placed is obtained by calling
+\fBpcre[16|32]_malloc()\fP. The convenience function
+\fBpcre[16|32]_free_substring()\fP can be used to free it when it is no longer
+needed. The yield of the function is the length of the substring,
+PCRE_ERROR_NOMEMORY if sufficient memory could not be obtained, or
+PCRE_ERROR_NOSUBSTRING if the string number is invalid.
+.P
+There is a complete description of the PCRE native API in the
+.\" HREF
+\fBpcreapi\fP
+.\"
+page and a description of the POSIX API in the
+.\" HREF
+\fBpcreposix\fP
+.\"
+page.
diff --git a/client/3rd/ShadowSocks/ShadowSocks/pcre/armv7s/share/man/man3/pcre_get_substring_list.3 b/client/3rd/ShadowSocks/ShadowSocks/pcre/armv7s/share/man/man3/pcre_get_substring_list.3
new file mode 100644
index 00000000..511a4a39
--- /dev/null
+++ b/client/3rd/ShadowSocks/ShadowSocks/pcre/armv7s/share/man/man3/pcre_get_substring_list.3
@@ -0,0 +1,47 @@
+.TH PCRE_GET_SUBSTRING_LIST 3 "24 June 2012" "PCRE 8.30"
+.SH NAME
+PCRE - Perl-compatible regular expressions
+.SH SYNOPSIS
+.rs
+.sp
+.B #include <pcre.h>
+.PP
+.nf
+.B int pcre_get_substring_list(const char *\fIsubject\fP,
+.B "     int *\fIovector\fP, int \fIstringcount\fP, const char ***\fIlistptr\fP);"
+.sp
+.B int pcre16_get_substring_list(PCRE_SPTR16 \fIsubject\fP,
+.B "     int *\fIovector\fP, int \fIstringcount\fP, PCRE_SPTR16 **\fIlistptr\fP);"
+.sp
+.B int pcre32_get_substring_list(PCRE_SPTR32 \fIsubject\fP,
+.B "     int *\fIovector\fP, int \fIstringcount\fP, PCRE_SPTR32 **\fIlistptr\fP);"
+.fi
+.
+.SH DESCRIPTION
+.rs
+.sp
+This is a convenience function for extracting a list of all the captured
+substrings. The arguments are:
+.sp
+  \fIsubject\fP       Subject that has been successfully matched
+  \fIovector\fP       Offset vector that \fBpcre[16|32]_exec\fP used
+  \fIstringcount\fP   Value returned by \fBpcre[16|32]_exec\fP
+  \fIlistptr\fP       Where to put a pointer to the list
+.sp
+The memory in which the substrings and the list are placed is obtained by
+calling \fBpcre[16|32]_malloc()\fP. The convenience function
+\fBpcre[16|32]_free_substring_list()\fP can be used to free it when it is no
+longer needed. A pointer to a list of pointers is put in the variable whose
+address is in \fIlistptr\fP. The list is terminated by a NULL pointer. The
+yield of the function is zero on success or PCRE_ERROR_NOMEMORY if sufficient
+memory could not be obtained.
+.P
+There is a complete description of the PCRE native API in the
+.\" HREF
+\fBpcreapi\fP
+.\"
+page and a description of the POSIX API in the
+.\" HREF
+\fBpcreposix\fP
+.\"
+page.
diff --git a/client/3rd/ShadowSocks/ShadowSocks/pcre/armv7s/share/man/man3/pcre_jit_exec.3 b/client/3rd/ShadowSocks/ShadowSocks/pcre/armv7s/share/man/man3/pcre_jit_exec.3
new file mode 100644
index 00000000..ba851681
--- /dev/null
+++ b/client/3rd/ShadowSocks/ShadowSocks/pcre/armv7s/share/man/man3/pcre_jit_exec.3
@@ -0,0 +1,96 @@
+.TH PCRE_EXEC 3 "31 October 2012" "PCRE 8.30"
+.SH NAME
+PCRE - Perl-compatible regular expressions
+.SH SYNOPSIS
+.rs
+.sp
+.B #include <pcre.h>
+.PP
+.nf
+.B int pcre_jit_exec(const pcre *\fIcode\fP, "const pcre_extra *\fIextra\fP,"
+.B "     const char *\fIsubject\fP, int \fIlength\fP, int \fIstartoffset\fP,"
+.B "     int \fIoptions\fP, int *\fIovector\fP, int \fIovecsize\fP,"
+.B "     pcre_jit_stack *\fIjstack\fP);"
+.sp
+.B int pcre16_jit_exec(const pcre16 *\fIcode\fP, "const pcre16_extra *\fIextra\fP,"
+.B "     PCRE_SPTR16 \fIsubject\fP, int \fIlength\fP, int \fIstartoffset\fP,"
+.B "     int \fIoptions\fP, int *\fIovector\fP, int \fIovecsize\fP,"
+.B "     pcre_jit_stack *\fIjstack\fP);"
+.sp
+.B int pcre32_jit_exec(const pcre32 *\fIcode\fP, "const pcre32_extra *\fIextra\fP,"
+.B "     PCRE_SPTR32 \fIsubject\fP, int \fIlength\fP, int \fIstartoffset\fP,"
+.B "     int \fIoptions\fP, int *\fIovector\fP, int \fIovecsize\fP,"
+.B "     pcre_jit_stack *\fIjstack\fP);"
+.fi
+.
+.SH DESCRIPTION
+.rs
+.sp
+This function matches a compiled regular expression that has been successfully
+studied with one of the JIT options against a given subject string, using a
+matching algorithm that is similar to Perl's. It is a "fast path" interface to
+JIT, and it bypasses some of the sanity checks that \fBpcre_exec()\fP applies.
+It returns offsets to captured substrings. Its arguments are:
+.sp
+  \fIcode\fP         Points to the compiled pattern
+  \fIextra\fP        Points to an associated \fBpcre[16|32]_extra\fP structure,
+                 or is NULL
+  \fIsubject\fP      Points to the subject string
+  \fIlength\fP       Length of the subject string, in bytes
+  \fIstartoffset\fP  Offset in bytes in the subject at which to
+                 start matching
+  \fIoptions\fP      Option bits
+  \fIovector\fP      Points to a vector of ints for result offsets
+  \fIovecsize\fP     Number of elements in the vector (a multiple of 3)
+  \fIjstack\fP       Pointer to a JIT stack
+.sp
+The allowed options are:
+.sp
+  PCRE_NOTBOL            Subject string is not the beginning of a line
+  PCRE_NOTEOL            Subject string is not the end of a line
+  PCRE_NOTEMPTY          An empty string is not a valid match
+  PCRE_NOTEMPTY_ATSTART  An empty string at the start of the subject
+                           is not a valid match
+  PCRE_NO_UTF16_CHECK    Do not check the subject for UTF-16
+                           validity (only relevant if PCRE_UTF16
+                           was set at compile time)
+  PCRE_NO_UTF32_CHECK    Do not check the subject for UTF-32
+                           validity (only relevant if PCRE_UTF32
+                           was set at compile time)
+  PCRE_NO_UTF8_CHECK     Do not check the subject for UTF-8
+                           validity (only relevant if PCRE_UTF8
+                           was set at compile time)
+  PCRE_PARTIAL           ) Return PCRE_ERROR_PARTIAL for a partial
+  PCRE_PARTIAL_SOFT      )   match if no full matches are found
+  PCRE_PARTIAL_HARD      Return PCRE_ERROR_PARTIAL for a partial match
+                           if that is found before a full match
+.sp
+However, the PCRE_NO_UTF[8|16|32]_CHECK options have no effect, as this check
+is never applied. For details of partial matching, see the
+.\" HREF
+\fBpcrepartial\fP
+.\"
+page. A \fBpcre_extra\fP structure contains the following fields:
+.sp
+  \fIflags\fP            Bits indicating which fields are set
+  \fIstudy_data\fP       Opaque data from \fBpcre[16|32]_study()\fP
+  \fImatch_limit\fP      Limit on internal resource use
+  \fImatch_limit_recursion\fP  Limit on internal recursion depth
+  \fIcallout_data\fP     Opaque data passed back to callouts
+  \fItables\fP           Points to character tables or is NULL
+  \fImark\fP             For passing back a *MARK pointer
+  \fIexecutable_jit\fP   Opaque data from JIT compilation
+.sp
+The flag bits are PCRE_EXTRA_STUDY_DATA, PCRE_EXTRA_MATCH_LIMIT,
+PCRE_EXTRA_MATCH_LIMIT_RECURSION, PCRE_EXTRA_CALLOUT_DATA,
+PCRE_EXTRA_TABLES, PCRE_EXTRA_MARK and PCRE_EXTRA_EXECUTABLE_JIT.
+.P
+There is a complete description of the PCRE native API in the
+.\" HREF
+\fBpcreapi\fP
+.\"
+page and a description of the JIT API in the
+.\" HREF
+\fBpcrejit\fP
+.\"
+page.
diff --git a/client/3rd/ShadowSocks/ShadowSocks/pcre/armv7s/share/man/man3/pcre_jit_stack_alloc.3 b/client/3rd/ShadowSocks/ShadowSocks/pcre/armv7s/share/man/man3/pcre_jit_stack_alloc.3
new file mode 100644
index 00000000..11c97a0f
--- /dev/null
+++ b/client/3rd/ShadowSocks/ShadowSocks/pcre/armv7s/share/man/man3/pcre_jit_stack_alloc.3
@@ -0,0 +1,43 @@
+.TH PCRE_JIT_STACK_ALLOC 3 "24 June 2012" "PCRE 8.30"
+.SH NAME
+PCRE - Perl-compatible regular expressions
+.SH SYNOPSIS
+.rs
+.sp
+.B #include <pcre.h>
+.PP
+.nf
+.B pcre_jit_stack *pcre_jit_stack_alloc(int \fIstartsize\fP,
+.B "     int \fImaxsize\fP);"
+.sp
+.B pcre16_jit_stack *pcre16_jit_stack_alloc(int \fIstartsize\fP,
+.B "     int \fImaxsize\fP);"
+.sp
+.B pcre32_jit_stack *pcre32_jit_stack_alloc(int \fIstartsize\fP,
+.B "     int \fImaxsize\fP);"
+.fi
+.
+.SH DESCRIPTION
+.rs
+.sp
+This function is used to create a stack for use by the code compiled by the JIT
+optimization of \fBpcre[16|32]_study()\fP. The arguments are a starting size for
+the stack, and a maximum size to which it is allowed to grow. The result can be
+passed to the JIT run-time code by \fBpcre[16|32]_assign_jit_stack()\fP, or that
+function can set up a callback for obtaining a stack. A maximum stack size of
+512K to 1M should be more than enough for any pattern. For more details, see
+the
+.\" HREF
+\fBpcrejit\fP
+.\"
+page.
+.P
+There is a complete description of the PCRE native API in the
+.\" HREF
+\fBpcreapi\fP
+.\"
+page and a description of the POSIX API in the
+.\" HREF
+\fBpcreposix\fP
+.\"
+page.
diff --git a/client/3rd/ShadowSocks/ShadowSocks/pcre/armv7s/share/man/man3/pcre_jit_stack_free.3 b/client/3rd/ShadowSocks/ShadowSocks/pcre/armv7s/share/man/man3/pcre_jit_stack_free.3
new file mode 100644
index 00000000..494724e8
--- /dev/null
+++ b/client/3rd/ShadowSocks/ShadowSocks/pcre/armv7s/share/man/man3/pcre_jit_stack_free.3
@@ -0,0 +1,35 @@
+.TH PCRE_JIT_STACK_FREE 3 "24 June 2012" "PCRE 8.30"
+.SH NAME
+PCRE - Perl-compatible regular expressions
+.SH SYNOPSIS
+.rs
+.sp
+.B #include <pcre.h>
+.PP
+.SM
+.B void pcre_jit_stack_free(pcre_jit_stack *\fIstack\fP);
+.PP
+.B void pcre16_jit_stack_free(pcre16_jit_stack *\fIstack\fP);
+.PP
+.B void pcre32_jit_stack_free(pcre32_jit_stack *\fIstack\fP);
+.
+.SH DESCRIPTION
+.rs
+.sp
+This function is used to free a JIT stack that was created by
+\fBpcre[16|32]_jit_stack_alloc()\fP when it is no longer needed. For more details,
+see the
+.\" HREF
+\fBpcrejit\fP
+.\"
+page.
+.P
+There is a complete description of the PCRE native API in the
+.\" HREF
+\fBpcreapi\fP
+.\"
+page and a description of the POSIX API in the
+.\" HREF
+\fBpcreposix\fP
+.\"
+page.
diff --git a/client/3rd/ShadowSocks/ShadowSocks/pcre/armv7s/share/man/man3/pcre_maketables.3 b/client/3rd/ShadowSocks/ShadowSocks/pcre/armv7s/share/man/man3/pcre_maketables.3
new file mode 100644
index 00000000..b2c3d23a
--- /dev/null
+++ b/client/3rd/ShadowSocks/ShadowSocks/pcre/armv7s/share/man/man3/pcre_maketables.3
@@ -0,0 +1,33 @@
+.TH PCRE_MAKETABLES 3 "24 June 2012" "PCRE 8.30"
+.SH NAME
+PCRE - Perl-compatible regular expressions
+.SH SYNOPSIS
+.rs
+.sp
+.B #include <pcre.h>
+.PP
+.SM
+.B const unsigned char *pcre_maketables(void);
+.PP
+.B const unsigned char *pcre16_maketables(void);
+.PP
+.B const unsigned char *pcre32_maketables(void);
+.
+.SH DESCRIPTION
+.rs
+.sp
+This function builds a set of character tables for character values less than
+256. These can be passed to \fBpcre[16|32]_compile()\fP to override PCRE's
+internal, built-in tables (which were made by \fBpcre[16|32]_maketables()\fP when
+PCRE was compiled). You might want to do this if you are using a non-standard
+locale. The function yields a pointer to the tables.
+.P
+There is a complete description of the PCRE native API in the
+.\" HREF
+\fBpcreapi\fP
+.\"
+page and a description of the POSIX API in the
+.\" HREF
+\fBpcreposix\fP
+.\"
+page.
diff --git a/client/3rd/ShadowSocks/ShadowSocks/pcre/armv7s/share/man/man3/pcre_pattern_to_host_byte_order.3 b/client/3rd/ShadowSocks/ShadowSocks/pcre/armv7s/share/man/man3/pcre_pattern_to_host_byte_order.3
new file mode 100644
index 00000000..b0c41c38
--- /dev/null
+++ b/client/3rd/ShadowSocks/ShadowSocks/pcre/armv7s/share/man/man3/pcre_pattern_to_host_byte_order.3
@@ -0,0 +1,44 @@
+.TH PCRE_PATTERN_TO_HOST_BYTE_ORDER 3 "24 June 2012" "PCRE 8.30"
+.SH NAME
+PCRE - Perl-compatible regular expressions
+.SH SYNOPSIS
+.rs
+.sp
+.B #include <pcre.h>
+.PP
+.nf
+.B int pcre_pattern_to_host_byte_order(pcre *\fIcode\fP,
+.B "     pcre_extra *\fIextra\fP, const unsigned char *\fItables\fP);"
+.sp
+.B int pcre16_pattern_to_host_byte_order(pcre16 *\fIcode\fP,
+.B "     pcre16_extra *\fIextra\fP, const unsigned char *\fItables\fP);"
+.sp
+.B int pcre32_pattern_to_host_byte_order(pcre32 *\fIcode\fP,
+.B "     pcre32_extra *\fIextra\fP, const unsigned char *\fItables\fP);"
+.fi
+.
+.SH DESCRIPTION
+.rs
+.sp
+This function ensures that the bytes in 2-byte and 4-byte values in a compiled
+pattern are in the correct order for the current host. It is useful when a
+pattern that has been compiled on one host is transferred to another that might
+have different endianness. The arguments are:
+.sp
+  \fIcode\fP         A compiled regular expression
+  \fIextra\fP        Points to an associated \fBpcre[16|32]_extra\fP structure,
+                 or is NULL
+  \fItables\fP       Pointer to character tables, or NULL to
+                 set the built-in default
+.sp
+The result is 0 for success, a negative PCRE_ERROR_xxx value otherwise.
+.P
+There is a complete description of the PCRE native API in the
+.\" HREF
+\fBpcreapi\fP
+.\"
+page and a description of the POSIX API in the
+.\" HREF
+\fBpcreposix\fP
+.\"
+page.
diff --git a/client/3rd/ShadowSocks/ShadowSocks/pcre/armv7s/share/man/man3/pcre_refcount.3 b/client/3rd/ShadowSocks/ShadowSocks/pcre/armv7s/share/man/man3/pcre_refcount.3
new file mode 100644
index 00000000..45a41fef
--- /dev/null
+++ b/client/3rd/ShadowSocks/ShadowSocks/pcre/armv7s/share/man/man3/pcre_refcount.3
@@ -0,0 +1,36 @@
+.TH PCRE_REFCOUNT 3 "24 June 2012" "PCRE 8.30"
+.SH NAME
+PCRE - Perl-compatible regular expressions
+.SH SYNOPSIS
+.rs
+.sp
+.B #include <pcre.h>
+.PP
+.SM
+.B int pcre_refcount(pcre *\fIcode\fP, int \fIadjust\fP);
+.PP
+.B int pcre16_refcount(pcre16 *\fIcode\fP, int \fIadjust\fP);
+.PP
+.B int pcre32_refcount(pcre32 *\fIcode\fP, int \fIadjust\fP);
+.
+.SH DESCRIPTION
+.rs
+.sp
+This function is used to maintain a reference count inside a data block that
+contains a compiled pattern. Its arguments are:
+.sp
+  \fIcode\fP                      Compiled regular expression
+  \fIadjust\fP                    Adjustment to reference value
+.sp
+The yield of the function is the adjusted reference value, which is constrained
+to lie between 0 and 65535.
+.P
+There is a complete description of the PCRE native API in the
+.\" HREF
+\fBpcreapi\fP
+.\"
+page and a description of the POSIX API in the
+.\" HREF
+\fBpcreposix\fP
+.\"
+page.
diff --git a/client/3rd/ShadowSocks/ShadowSocks/pcre/armv7s/share/man/man3/pcre_study.3 b/client/3rd/ShadowSocks/ShadowSocks/pcre/armv7s/share/man/man3/pcre_study.3
new file mode 100644
index 00000000..1200e0a6
--- /dev/null
+++ b/client/3rd/ShadowSocks/ShadowSocks/pcre/armv7s/share/man/man3/pcre_study.3
@@ -0,0 +1,54 @@
+.TH PCRE_STUDY 3 " 24 June 2012" "PCRE 8.30"
+.SH NAME
+PCRE - Perl-compatible regular expressions
+.SH SYNOPSIS
+.rs
+.sp
+.B #include <pcre.h>
+.PP
+.nf
+.B pcre_extra *pcre_study(const pcre *\fIcode\fP, int \fIoptions\fP,
+.B "     const char **\fIerrptr\fP);"
+.sp
+.B pcre16_extra *pcre16_study(const pcre16 *\fIcode\fP, int \fIoptions\fP,
+.B "     const char **\fIerrptr\fP);"
+.sp
+.B pcre32_extra *pcre32_study(const pcre32 *\fIcode\fP, int \fIoptions\fP,
+.B "     const char **\fIerrptr\fP);"
+.fi
+.
+.SH DESCRIPTION
+.rs
+.sp
+This function studies a compiled pattern, to see if additional information can
+be extracted that might speed up matching. Its arguments are:
+.sp
+  \fIcode\fP       A compiled regular expression
+  \fIoptions\fP    Options for \fBpcre[16|32]_study()\fP
+  \fIerrptr\fP     Where to put an error message
+.sp
+If the function succeeds, it returns a value that can be passed to
+\fBpcre[16|32]_exec()\fP or \fBpcre[16|32]_dfa_exec()\fP via their \fIextra\fP
+arguments.
+.P
+If the function returns NULL, either it could not find any additional
+information, or there was an error. You can tell the difference by looking at
+the error value. It is NULL in first case.
+.P
+The only option is PCRE_STUDY_JIT_COMPILE. It requests just-in-time compilation
+if possible. If PCRE has been compiled without JIT support, this option is
+ignored. See the
+.\" HREF
+\fBpcrejit\fP
+.\"
+page for further details.
+.P
+There is a complete description of the PCRE native API in the
+.\" HREF
+\fBpcreapi\fP
+.\"
+page and a description of the POSIX API in the
+.\" HREF
+\fBpcreposix\fP
+.\"
+page.
diff --git a/client/3rd/ShadowSocks/ShadowSocks/pcre/armv7s/share/man/man3/pcre_utf16_to_host_byte_order.3 b/client/3rd/ShadowSocks/ShadowSocks/pcre/armv7s/share/man/man3/pcre_utf16_to_host_byte_order.3
new file mode 100644
index 00000000..1851b619
--- /dev/null
+++ b/client/3rd/ShadowSocks/ShadowSocks/pcre/armv7s/share/man/man3/pcre_utf16_to_host_byte_order.3
@@ -0,0 +1,45 @@
+.TH PCRE_UTF16_TO_HOST_BYTE_ORDER 3 "21 January 2012" "PCRE 8.30"
+.SH NAME
+PCRE - Perl-compatible regular expressions
+.SH SYNOPSIS
+.rs
+.sp
+.B #include <pcre.h>
+.PP
+.nf
+.B int pcre16_utf16_to_host_byte_order(PCRE_UCHAR16 *\fIoutput\fP,
+.B "     PCRE_SPTR16 \fIinput\fP, int \fIlength\fP, int *\fIhost_byte_order\fP,"
+.B "     int \fIkeep_boms\fP);"
+.fi
+.
+.
+.SH DESCRIPTION
+.rs
+.sp
+This function, which exists only in the 16-bit library, converts a UTF-16
+string to the correct order for the current host, taking account of any byte
+order marks (BOMs) within the string. Its arguments are:
+.sp
+  \fIoutput\fP           pointer to output buffer, may be the same as \fIinput\fP
+  \fIinput\fP            pointer to input buffer
+  \fIlength\fP           number of 16-bit units in the input, or negative for
+                     a zero-terminated string
+  \fIhost_byte_order\fP  a NULL value or a non-zero value pointed to means
+                     start in host byte order
+  \fIkeep_boms\fP        if non-zero, BOMs are copied to the output string
+.sp
+The result of the function is the number of 16-bit units placed into the output
+buffer, including the zero terminator if the string was zero-terminated.
+.P
+If \fIhost_byte_order\fP is not NULL, it is set to indicate the byte order that
+is current at the end of the string.
+.P
+There is a complete description of the PCRE native API in the
+.\" HREF
+\fBpcreapi\fP
+.\"
+page and a description of the POSIX API in the
+.\" HREF
+\fBpcreposix\fP
+.\"
+page.
diff --git a/client/3rd/ShadowSocks/ShadowSocks/pcre/armv7s/share/man/man3/pcre_utf32_to_host_byte_order.3 b/client/3rd/ShadowSocks/ShadowSocks/pcre/armv7s/share/man/man3/pcre_utf32_to_host_byte_order.3
new file mode 100644
index 00000000..a415dcf5
--- /dev/null
+++ b/client/3rd/ShadowSocks/ShadowSocks/pcre/armv7s/share/man/man3/pcre_utf32_to_host_byte_order.3
@@ -0,0 +1,45 @@
+.TH PCRE_UTF32_TO_HOST_BYTE_ORDER 3 "24 June 2012" "PCRE 8.30"
+.SH NAME
+PCRE - Perl-compatible regular expressions
+.SH SYNOPSIS
+.rs
+.sp
+.B #include <pcre.h>
+.PP
+.nf
+.B int pcre32_utf32_to_host_byte_order(PCRE_UCHAR32 *\fIoutput\fP,
+.B "     PCRE_SPTR32 \fIinput\fP, int \fIlength\fP, int *\fIhost_byte_order\fP,"
+.B "     int \fIkeep_boms\fP);"
+.fi
+.
+.
+.SH DESCRIPTION
+.rs
+.sp
+This function, which exists only in the 32-bit library, converts a UTF-32
+string to the correct order for the current host, taking account of any byte
+order marks (BOMs) within the string. Its arguments are:
+.sp
+  \fIoutput\fP           pointer to output buffer, may be the same as \fIinput\fP
+  \fIinput\fP            pointer to input buffer
+  \fIlength\fP           number of 32-bit units in the input, or negative for
+                     a zero-terminated string
+  \fIhost_byte_order\fP  a NULL value or a non-zero value pointed to means
+                     start in host byte order
+  \fIkeep_boms\fP        if non-zero, BOMs are copied to the output string
+.sp
+The result of the function is the number of 32-bit units placed into the output
+buffer, including the zero terminator if the string was zero-terminated.
+.P
+If \fIhost_byte_order\fP is not NULL, it is set to indicate the byte order that
+is current at the end of the string.
+.P
+There is a complete description of the PCRE native API in the
+.\" HREF
+\fBpcreapi\fP
+.\"
+page and a description of the POSIX API in the
+.\" HREF
+\fBpcreposix\fP
+.\"
+page.
diff --git a/client/3rd/ShadowSocks/ShadowSocks/pcre/armv7s/share/man/man3/pcre_version.3 b/client/3rd/ShadowSocks/ShadowSocks/pcre/armv7s/share/man/man3/pcre_version.3
new file mode 100644
index 00000000..0f4973f9
--- /dev/null
+++ b/client/3rd/ShadowSocks/ShadowSocks/pcre/armv7s/share/man/man3/pcre_version.3
@@ -0,0 +1,31 @@
+.TH PCRE_VERSION 3 "24 June 2012" "PCRE 8.30"
+.SH NAME
+PCRE - Perl-compatible regular expressions
+.SH SYNOPSIS
+.rs
+.sp
+.B #include <pcre.h>
+.PP
+.SM
+.B const char *pcre_version(void);
+.PP
+.B const char *pcre16_version(void);
+.PP
+.B const char *pcre32_version(void);
+.
+.SH DESCRIPTION
+.rs
+.sp
+This function (even in the 16-bit and 32-bit libraries) returns a
+zero-terminated, 8-bit character string that gives the version number of the
+PCRE library and the date of its release.
+.P
+There is a complete description of the PCRE native API in the
+.\" HREF
+\fBpcreapi\fP
+.\"
+page and a description of the POSIX API in the
+.\" HREF
+\fBpcreposix\fP
+.\"
+page.
diff --git a/client/3rd/ShadowSocks/ShadowSocks/pcre/armv7s/share/man/man3/pcreapi.3 b/client/3rd/ShadowSocks/ShadowSocks/pcre/armv7s/share/man/man3/pcreapi.3
new file mode 100644
index 00000000..6e7c7c6e
--- /dev/null
+++ b/client/3rd/ShadowSocks/ShadowSocks/pcre/armv7s/share/man/man3/pcreapi.3
@@ -0,0 +1,2918 @@
+.TH PCREAPI 3 "18 December 2015" "PCRE 8.39"
+.SH NAME
+PCRE - Perl-compatible regular expressions
+.sp
+.B #include <pcre.h>
+.
+.
+.SH "PCRE NATIVE API BASIC FUNCTIONS"
+.rs
+.sp
+.nf
+.B pcre *pcre_compile(const char *\fIpattern\fP, int \fIoptions\fP,
+.B "     const char **\fIerrptr\fP, int *\fIerroffset\fP,"
+.B "     const unsigned char *\fItableptr\fP);"
+.sp
+.B pcre *pcre_compile2(const char *\fIpattern\fP, int \fIoptions\fP,
+.B "     int *\fIerrorcodeptr\fP,"
+.B "     const char **\fIerrptr\fP, int *\fIerroffset\fP,"
+.B "     const unsigned char *\fItableptr\fP);"
+.sp
+.B pcre_extra *pcre_study(const pcre *\fIcode\fP, int \fIoptions\fP,
+.B "     const char **\fIerrptr\fP);"
+.sp
+.B void pcre_free_study(pcre_extra *\fIextra\fP);
+.sp
+.B int pcre_exec(const pcre *\fIcode\fP, "const pcre_extra *\fIextra\fP,"
+.B "     const char *\fIsubject\fP, int \fIlength\fP, int \fIstartoffset\fP,"
+.B "     int \fIoptions\fP, int *\fIovector\fP, int \fIovecsize\fP);"
+.sp
+.B int pcre_dfa_exec(const pcre *\fIcode\fP, "const pcre_extra *\fIextra\fP,"
+.B "     const char *\fIsubject\fP, int \fIlength\fP, int \fIstartoffset\fP,"
+.B "     int \fIoptions\fP, int *\fIovector\fP, int \fIovecsize\fP,"
+.B "     int *\fIworkspace\fP, int \fIwscount\fP);"
+.fi
+.
+.
+.SH "PCRE NATIVE API STRING EXTRACTION FUNCTIONS"
+.rs
+.sp
+.nf
+.B int pcre_copy_named_substring(const pcre *\fIcode\fP,
+.B "     const char *\fIsubject\fP, int *\fIovector\fP,"
+.B "     int \fIstringcount\fP, const char *\fIstringname\fP,"
+.B "     char *\fIbuffer\fP, int \fIbuffersize\fP);"
+.sp
+.B int pcre_copy_substring(const char *\fIsubject\fP, int *\fIovector\fP,
+.B "     int \fIstringcount\fP, int \fIstringnumber\fP, char *\fIbuffer\fP,"
+.B "     int \fIbuffersize\fP);"
+.sp
+.B int pcre_get_named_substring(const pcre *\fIcode\fP,
+.B "     const char *\fIsubject\fP, int *\fIovector\fP,"
+.B "     int \fIstringcount\fP, const char *\fIstringname\fP,"
+.B "     const char **\fIstringptr\fP);"
+.sp
+.B int pcre_get_stringnumber(const pcre *\fIcode\fP,
+.B "     const char *\fIname\fP);"
+.sp
+.B int pcre_get_stringtable_entries(const pcre *\fIcode\fP,
+.B "     const char *\fIname\fP, char **\fIfirst\fP, char **\fIlast\fP);"
+.sp
+.B int pcre_get_substring(const char *\fIsubject\fP, int *\fIovector\fP,
+.B "     int \fIstringcount\fP, int \fIstringnumber\fP,"
+.B "     const char **\fIstringptr\fP);"
+.sp
+.B int pcre_get_substring_list(const char *\fIsubject\fP,
+.B "     int *\fIovector\fP, int \fIstringcount\fP, const char ***\fIlistptr\fP);"
+.sp
+.B void pcre_free_substring(const char *\fIstringptr\fP);
+.sp
+.B void pcre_free_substring_list(const char **\fIstringptr\fP);
+.fi
+.
+.
+.SH "PCRE NATIVE API AUXILIARY FUNCTIONS"
+.rs
+.sp
+.nf
+.B int pcre_jit_exec(const pcre *\fIcode\fP, "const pcre_extra *\fIextra\fP,"
+.B "     const char *\fIsubject\fP, int \fIlength\fP, int \fIstartoffset\fP,"
+.B "     int \fIoptions\fP, int *\fIovector\fP, int \fIovecsize\fP,"
+.B "     pcre_jit_stack *\fIjstack\fP);"
+.sp
+.B pcre_jit_stack *pcre_jit_stack_alloc(int \fIstartsize\fP, int \fImaxsize\fP);
+.sp
+.B void pcre_jit_stack_free(pcre_jit_stack *\fIstack\fP);
+.sp
+.B void pcre_assign_jit_stack(pcre_extra *\fIextra\fP,
+.B "     pcre_jit_callback \fIcallback\fP, void *\fIdata\fP);"
+.sp
+.B const unsigned char *pcre_maketables(void);
+.sp
+.B int pcre_fullinfo(const pcre *\fIcode\fP, "const pcre_extra *\fIextra\fP,"
+.B "     int \fIwhat\fP, void *\fIwhere\fP);"
+.sp
+.B int pcre_refcount(pcre *\fIcode\fP, int \fIadjust\fP);
+.sp
+.B int pcre_config(int \fIwhat\fP, void *\fIwhere\fP);
+.sp
+.B const char *pcre_version(void);
+.sp
+.B int pcre_pattern_to_host_byte_order(pcre *\fIcode\fP,
+.B "     pcre_extra *\fIextra\fP, const unsigned char *\fItables\fP);"
+.fi
+.
+.
+.SH "PCRE NATIVE API INDIRECTED FUNCTIONS"
+.rs
+.sp
+.nf
+.B void *(*pcre_malloc)(size_t);
+.sp
+.B void (*pcre_free)(void *);
+.sp
+.B void *(*pcre_stack_malloc)(size_t);
+.sp
+.B void (*pcre_stack_free)(void *);
+.sp
+.B int (*pcre_callout)(pcre_callout_block *);
+.sp
+.B int (*pcre_stack_guard)(void);
+.fi
+.
+.
+.SH "PCRE 8-BIT, 16-BIT, AND 32-BIT LIBRARIES"
+.rs
+.sp
+As well as support for 8-bit character strings, PCRE also supports 16-bit
+strings (from release 8.30) and 32-bit strings (from release 8.32), by means of
+two additional libraries. They can be built as well as, or instead of, the
+8-bit library. To avoid too much complication, this document describes the
+8-bit versions of the functions, with only occasional references to the 16-bit
+and 32-bit libraries.
+.P
+The 16-bit and 32-bit functions operate in the same way as their 8-bit
+counterparts; they just use different data types for their arguments and
+results, and their names start with \fBpcre16_\fP or \fBpcre32_\fP instead of
+\fBpcre_\fP. For every option that has UTF8 in its name (for example,
+PCRE_UTF8), there are corresponding 16-bit and 32-bit names with UTF8 replaced
+by UTF16 or UTF32, respectively. This facility is in fact just cosmetic; the
+16-bit and 32-bit option names define the same bit values.
+.P
+References to bytes and UTF-8 in this document should be read as references to
+16-bit data units and UTF-16 when using the 16-bit library, or 32-bit data
+units and UTF-32 when using the 32-bit library, unless specified otherwise.
+More details of the specific differences for the 16-bit and 32-bit libraries
+are given in the
+.\" HREF
+\fBpcre16\fP
+.\"
+and
+.\" HREF
+\fBpcre32\fP
+.\"
+pages.
+.
+.
+.SH "PCRE API OVERVIEW"
+.rs
+.sp
+PCRE has its own native API, which is described in this document. There are
+also some wrapper functions (for the 8-bit library only) that correspond to the
+POSIX regular expression API, but they do not give access to all the
+functionality. They are described in the
+.\" HREF
+\fBpcreposix\fP
+.\"
+documentation. Both of these APIs define a set of C function calls. A C++
+wrapper (again for the 8-bit library only) is also distributed with PCRE. It is
+documented in the
+.\" HREF
+\fBpcrecpp\fP
+.\"
+page.
+.P
+The native API C function prototypes are defined in the header file
+\fBpcre.h\fP, and on Unix-like systems the (8-bit) library itself is called
+\fBlibpcre\fP. It can normally be accessed by adding \fB-lpcre\fP to the
+command for linking an application that uses PCRE. The header file defines the
+macros PCRE_MAJOR and PCRE_MINOR to contain the major and minor release numbers
+for the library. Applications can use these to include support for different
+releases of PCRE.
+.P
+In a Windows environment, if you want to statically link an application program
+against a non-dll \fBpcre.a\fP file, you must define PCRE_STATIC before
+including \fBpcre.h\fP or \fBpcrecpp.h\fP, because otherwise the
+\fBpcre_malloc()\fP and \fBpcre_free()\fP exported functions will be declared
+\fB__declspec(dllimport)\fP, with unwanted results.
+.P
+The functions \fBpcre_compile()\fP, \fBpcre_compile2()\fP, \fBpcre_study()\fP,
+and \fBpcre_exec()\fP are used for compiling and matching regular expressions
+in a Perl-compatible manner. A sample program that demonstrates the simplest
+way of using them is provided in the file called \fIpcredemo.c\fP in the PCRE
+source distribution. A listing of this program is given in the
+.\" HREF
+\fBpcredemo\fP
+.\"
+documentation, and the
+.\" HREF
+\fBpcresample\fP
+.\"
+documentation describes how to compile and run it.
+.P
+Just-in-time compiler support is an optional feature of PCRE that can be built
+in appropriate hardware environments. It greatly speeds up the matching
+performance of many patterns. Simple programs can easily request that it be
+used if available, by setting an option that is ignored when it is not
+relevant. More complicated programs might need to make use of the functions
+\fBpcre_jit_stack_alloc()\fP, \fBpcre_jit_stack_free()\fP, and
+\fBpcre_assign_jit_stack()\fP in order to control the JIT code's memory usage.
+.P
+From release 8.32 there is also a direct interface for JIT execution, which
+gives improved performance. The JIT-specific functions are discussed in the
+.\" HREF
+\fBpcrejit\fP
+.\"
+documentation.
+.P
+A second matching function, \fBpcre_dfa_exec()\fP, which is not
+Perl-compatible, is also provided. This uses a different algorithm for the
+matching. The alternative algorithm finds all possible matches (at a given
+point in the subject), and scans the subject just once (unless there are
+lookbehind assertions). However, this algorithm does not return captured
+substrings. A description of the two matching algorithms and their advantages
+and disadvantages is given in the
+.\" HREF
+\fBpcrematching\fP
+.\"
+documentation.
+.P
+In addition to the main compiling and matching functions, there are convenience
+functions for extracting captured substrings from a subject string that is
+matched by \fBpcre_exec()\fP. They are:
+.sp
+  \fBpcre_copy_substring()\fP
+  \fBpcre_copy_named_substring()\fP
+  \fBpcre_get_substring()\fP
+  \fBpcre_get_named_substring()\fP
+  \fBpcre_get_substring_list()\fP
+  \fBpcre_get_stringnumber()\fP
+  \fBpcre_get_stringtable_entries()\fP
+.sp
+\fBpcre_free_substring()\fP and \fBpcre_free_substring_list()\fP are also
+provided, to free the memory used for extracted strings.
+.P
+The function \fBpcre_maketables()\fP is used to build a set of character tables
+in the current locale for passing to \fBpcre_compile()\fP, \fBpcre_exec()\fP,
+or \fBpcre_dfa_exec()\fP. This is an optional facility that is provided for
+specialist use. Most commonly, no special tables are passed, in which case
+internal tables that are generated when PCRE is built are used.
+.P
+The function \fBpcre_fullinfo()\fP is used to find out information about a
+compiled pattern. The function \fBpcre_version()\fP returns a pointer to a
+string containing the version of PCRE and its date of release.
+.P
+The function \fBpcre_refcount()\fP maintains a reference count in a data block
+containing a compiled pattern. This is provided for the benefit of
+object-oriented applications.
+.P
+The global variables \fBpcre_malloc\fP and \fBpcre_free\fP initially contain
+the entry points of the standard \fBmalloc()\fP and \fBfree()\fP functions,
+respectively. PCRE calls the memory management functions via these variables,
+so a calling program can replace them if it wishes to intercept the calls. This
+should be done before calling any PCRE functions.
+.P
+The global variables \fBpcre_stack_malloc\fP and \fBpcre_stack_free\fP are also
+indirections to memory management functions. These special functions are used
+only when PCRE is compiled to use the heap for remembering data, instead of
+recursive function calls, when running the \fBpcre_exec()\fP function. See the
+.\" HREF
+\fBpcrebuild\fP
+.\"
+documentation for details of how to do this. It is a non-standard way of
+building PCRE, for use in environments that have limited stacks. Because of the
+greater use of memory management, it runs more slowly. Separate functions are
+provided so that special-purpose external code can be used for this case. When
+used, these functions always allocate memory blocks of the same size. There is
+a discussion about PCRE's stack usage in the
+.\" HREF
+\fBpcrestack\fP
+.\"
+documentation.
+.P
+The global variable \fBpcre_callout\fP initially contains NULL. It can be set
+by the caller to a "callout" function, which PCRE will then call at specified
+points during a matching operation. Details are given in the
+.\" HREF
+\fBpcrecallout\fP
+.\"
+documentation.
+.P
+The global variable \fBpcre_stack_guard\fP initially contains NULL. It can be
+set by the caller to a function that is called by PCRE whenever it starts
+to compile a parenthesized part of a pattern. When parentheses are nested, PCRE
+uses recursive function calls, which use up the system stack. This function is
+provided so that applications with restricted stacks can force a compilation
+error if the stack runs out. The function should return zero if all is well, or
+non-zero to force an error.
+.
+.
+.\" HTML <a name="newlines"></a>
+.SH NEWLINES
+.rs
+.sp
+PCRE supports five different conventions for indicating line breaks in
+strings: a single CR (carriage return) character, a single LF (linefeed)
+character, the two-character sequence CRLF, any of the three preceding, or any
+Unicode newline sequence. The Unicode newline sequences are the three just
+mentioned, plus the single characters VT (vertical tab, U+000B), FF (form feed,
+U+000C), NEL (next line, U+0085), LS (line separator, U+2028), and PS
+(paragraph separator, U+2029).
+.P
+Each of the first three conventions is used by at least one operating system as
+its standard newline sequence. When PCRE is built, a default can be specified.
+The default default is LF, which is the Unix standard. When PCRE is run, the
+default can be overridden, either when a pattern is compiled, or when it is
+matched.
+.P
+At compile time, the newline convention can be specified by the \fIoptions\fP
+argument of \fBpcre_compile()\fP, or it can be specified by special text at the
+start of the pattern itself; this overrides any other settings. See the
+.\" HREF
+\fBpcrepattern\fP
+.\"
+page for details of the special character sequences.
+.P
+In the PCRE documentation the word "newline" is used to mean "the character or
+pair of characters that indicate a line break". The choice of newline
+convention affects the handling of the dot, circumflex, and dollar
+metacharacters, the handling of #-comments in /x mode, and, when CRLF is a
+recognized line ending sequence, the match position advancement for a
+non-anchored pattern. There is more detail about this in the
+.\" HTML <a href="#execoptions">
+.\" </a>
+section on \fBpcre_exec()\fP options
+.\"
+below.
+.P
+The choice of newline convention does not affect the interpretation of
+the \en or \er escape sequences, nor does it affect what \eR matches, which is
+controlled in a similar way, but by separate options.
+.
+.
+.SH MULTITHREADING
+.rs
+.sp
+The PCRE functions can be used in multi-threading applications, with the
+proviso that the memory management functions pointed to by \fBpcre_malloc\fP,
+\fBpcre_free\fP, \fBpcre_stack_malloc\fP, and \fBpcre_stack_free\fP, and the
+callout and stack-checking functions pointed to by \fBpcre_callout\fP and
+\fBpcre_stack_guard\fP, are shared by all threads.
+.P
+The compiled form of a regular expression is not altered during matching, so
+the same compiled pattern can safely be used by several threads at once.
+.P
+If the just-in-time optimization feature is being used, it needs separate
+memory stack areas for each thread. See the
+.\" HREF
+\fBpcrejit\fP
+.\"
+documentation for more details.
+.
+.
+.SH "SAVING PRECOMPILED PATTERNS FOR LATER USE"
+.rs
+.sp
+The compiled form of a regular expression can be saved and re-used at a later
+time, possibly by a different program, and even on a host other than the one on
+which it was compiled. Details are given in the
+.\" HREF
+\fBpcreprecompile\fP
+.\"
+documentation, which includes a description of the
+\fBpcre_pattern_to_host_byte_order()\fP function. However, compiling a regular
+expression with one version of PCRE for use with a different version is not
+guaranteed to work and may cause crashes.
+.
+.
+.SH "CHECKING BUILD-TIME OPTIONS"
+.rs
+.sp
+.B int pcre_config(int \fIwhat\fP, void *\fIwhere\fP);
+.PP
+The function \fBpcre_config()\fP makes it possible for a PCRE client to
+discover which optional features have been compiled into the PCRE library. The
+.\" HREF
+\fBpcrebuild\fP
+.\"
+documentation has more details about these optional features.
+.P
+The first argument for \fBpcre_config()\fP is an integer, specifying which
+information is required; the second argument is a pointer to a variable into
+which the information is placed. The returned value is zero on success, or the
+negative error code PCRE_ERROR_BADOPTION if the value in the first argument is
+not recognized. The following information is available:
+.sp
+  PCRE_CONFIG_UTF8
+.sp
+The output is an integer that is set to one if UTF-8 support is available;
+otherwise it is set to zero. This value should normally be given to the 8-bit
+version of this function, \fBpcre_config()\fP. If it is given to the 16-bit
+or 32-bit version of this function, the result is PCRE_ERROR_BADOPTION.
+.sp
+  PCRE_CONFIG_UTF16
+.sp
+The output is an integer that is set to one if UTF-16 support is available;
+otherwise it is set to zero. This value should normally be given to the 16-bit
+version of this function, \fBpcre16_config()\fP. If it is given to the 8-bit
+or 32-bit version of this function, the result is PCRE_ERROR_BADOPTION.
+.sp
+  PCRE_CONFIG_UTF32
+.sp
+The output is an integer that is set to one if UTF-32 support is available;
+otherwise it is set to zero. This value should normally be given to the 32-bit
+version of this function, \fBpcre32_config()\fP. If it is given to the 8-bit
+or 16-bit version of this function, the result is PCRE_ERROR_BADOPTION.
+.sp
+  PCRE_CONFIG_UNICODE_PROPERTIES
+.sp
+The output is an integer that is set to one if support for Unicode character
+properties is available; otherwise it is set to zero.
+.sp
+  PCRE_CONFIG_JIT
+.sp
+The output is an integer that is set to one if support for just-in-time
+compiling is available; otherwise it is set to zero.
+.sp
+  PCRE_CONFIG_JITTARGET
+.sp
+The output is a pointer to a zero-terminated "const char *" string. If JIT
+support is available, the string contains the name of the architecture for
+which the JIT compiler is configured, for example "x86 32bit (little endian +
+unaligned)". If JIT support is not available, the result is NULL.
+.sp
+  PCRE_CONFIG_NEWLINE
+.sp
+The output is an integer whose value specifies the default character sequence
+that is recognized as meaning "newline". The values that are supported in
+ASCII/Unicode environments are: 10 for LF, 13 for CR, 3338 for CRLF, -2 for
+ANYCRLF, and -1 for ANY. In EBCDIC environments, CR, ANYCRLF, and ANY yield the
+same values. However, the value for LF is normally 21, though some EBCDIC
+environments use 37. The corresponding values for CRLF are 3349 and 3365. The
+default should normally correspond to the standard sequence for your operating
+system.
+.sp
+  PCRE_CONFIG_BSR
+.sp
+The output is an integer whose value indicates what character sequences the \eR
+escape sequence matches by default. A value of 0 means that \eR matches any
+Unicode line ending sequence; a value of 1 means that \eR matches only CR, LF,
+or CRLF. The default can be overridden when a pattern is compiled or matched.
+.sp
+  PCRE_CONFIG_LINK_SIZE
+.sp
+The output is an integer that contains the number of bytes used for internal
+linkage in compiled regular expressions. For the 8-bit library, the value can
+be 2, 3, or 4. For the 16-bit library, the value is either 2 or 4 and is still
+a number of bytes. For the 32-bit library, the value is either 2 or 4 and is
+still a number of bytes. The default value of 2 is sufficient for all but the
+most massive patterns, since it allows the compiled pattern to be up to 64K in
+size. Larger values allow larger regular expressions to be compiled, at the
+expense of slower matching.
+.sp
+  PCRE_CONFIG_POSIX_MALLOC_THRESHOLD
+.sp
+The output is an integer that contains the threshold above which the POSIX
+interface uses \fBmalloc()\fP for output vectors. Further details are given in
+the
+.\" HREF
+\fBpcreposix\fP
+.\"
+documentation.
+.sp
+  PCRE_CONFIG_PARENS_LIMIT
+.sp
+The output is a long integer that gives the maximum depth of nesting of
+parentheses (of any kind) in a pattern. This limit is imposed to cap the amount
+of system stack used when a pattern is compiled. It is specified when PCRE is
+built; the default is 250. This limit does not take into account the stack that
+may already be used by the calling application. For finer control over
+compilation stack usage, you can set a pointer to an external checking function
+in \fBpcre_stack_guard\fP.
+.sp
+  PCRE_CONFIG_MATCH_LIMIT
+.sp
+The output is a long integer that gives the default limit for the number of
+internal matching function calls in a \fBpcre_exec()\fP execution. Further
+details are given with \fBpcre_exec()\fP below.
+.sp
+  PCRE_CONFIG_MATCH_LIMIT_RECURSION
+.sp
+The output is a long integer that gives the default limit for the depth of
+recursion when calling the internal matching function in a \fBpcre_exec()\fP
+execution. Further details are given with \fBpcre_exec()\fP below.
+.sp
+  PCRE_CONFIG_STACKRECURSE
+.sp
+The output is an integer that is set to one if internal recursion when running
+\fBpcre_exec()\fP is implemented by recursive function calls that use the stack
+to remember their state. This is the usual way that PCRE is compiled. The
+output is zero if PCRE was compiled to use blocks of data on the heap instead
+of recursive function calls. In this case, \fBpcre_stack_malloc\fP and
+\fBpcre_stack_free\fP are called to manage memory blocks on the heap, thus
+avoiding the use of the stack.
+.
+.
+.SH "COMPILING A PATTERN"
+.rs
+.sp
+.nf
+.B pcre *pcre_compile(const char *\fIpattern\fP, int \fIoptions\fP,
+.B "     const char **\fIerrptr\fP, int *\fIerroffset\fP,"
+.B "     const unsigned char *\fItableptr\fP);"
+.sp
+.B pcre *pcre_compile2(const char *\fIpattern\fP, int \fIoptions\fP,
+.B "     int *\fIerrorcodeptr\fP,"
+.B "     const char **\fIerrptr\fP, int *\fIerroffset\fP,"
+.B "     const unsigned char *\fItableptr\fP);"
+.fi
+.P
+Either of the functions \fBpcre_compile()\fP or \fBpcre_compile2()\fP can be
+called to compile a pattern into an internal form. The only difference between
+the two interfaces is that \fBpcre_compile2()\fP has an additional argument,
+\fIerrorcodeptr\fP, via which a numerical error code can be returned. To avoid
+too much repetition, we refer just to \fBpcre_compile()\fP below, but the
+information applies equally to \fBpcre_compile2()\fP.
+.P
+The pattern is a C string terminated by a binary zero, and is passed in the
+\fIpattern\fP argument. A pointer to a single block of memory that is obtained
+via \fBpcre_malloc\fP is returned. This contains the compiled code and related
+data. The \fBpcre\fP type is defined for the returned block; this is a typedef
+for a structure whose contents are not externally defined. It is up to the
+caller to free the memory (via \fBpcre_free\fP) when it is no longer required.
+.P
+Although the compiled code of a PCRE regex is relocatable, that is, it does not
+depend on memory location, the complete \fBpcre\fP data block is not
+fully relocatable, because it may contain a copy of the \fItableptr\fP
+argument, which is an address (see below).
+.P
+The \fIoptions\fP argument contains various bit settings that affect the
+compilation. It should be zero if no options are required. The available
+options are described below. Some of them (in particular, those that are
+compatible with Perl, but some others as well) can also be set and unset from
+within the pattern (see the detailed description in the
+.\" HREF
+\fBpcrepattern\fP
+.\"
+documentation). For those options that can be different in different parts of
+the pattern, the contents of the \fIoptions\fP argument specifies their
+settings at the start of compilation and execution. The PCRE_ANCHORED,
+PCRE_BSR_\fIxxx\fP, PCRE_NEWLINE_\fIxxx\fP, PCRE_NO_UTF8_CHECK, and
+PCRE_NO_START_OPTIMIZE options can be set at the time of matching as well as at
+compile time.
+.P
+If \fIerrptr\fP is NULL, \fBpcre_compile()\fP returns NULL immediately.
+Otherwise, if compilation of a pattern fails, \fBpcre_compile()\fP returns
+NULL, and sets the variable pointed to by \fIerrptr\fP to point to a textual
+error message. This is a static string that is part of the library. You must
+not try to free it. Normally, the offset from the start of the pattern to the
+data unit that was being processed when the error was discovered is placed in
+the variable pointed to by \fIerroffset\fP, which must not be NULL (if it is,
+an immediate error is given). However, for an invalid UTF-8 or UTF-16 string,
+the offset is that of the first data unit of the failing character.
+.P
+Some errors are not detected until the whole pattern has been scanned; in these
+cases, the offset passed back is the length of the pattern. Note that the
+offset is in data units, not characters, even in a UTF mode. It may sometimes
+point into the middle of a UTF-8 or UTF-16 character.
+.P
+If \fBpcre_compile2()\fP is used instead of \fBpcre_compile()\fP, and the
+\fIerrorcodeptr\fP argument is not NULL, a non-zero error code number is
+returned via this argument in the event of an error. This is in addition to the
+textual error message. Error codes and messages are listed below.
+.P
+If the final argument, \fItableptr\fP, is NULL, PCRE uses a default set of
+character tables that are built when PCRE is compiled, using the default C
+locale. Otherwise, \fItableptr\fP must be an address that is the result of a
+call to \fBpcre_maketables()\fP. This value is stored with the compiled
+pattern, and used again by \fBpcre_exec()\fP and \fBpcre_dfa_exec()\fP when the
+pattern is matched. For more discussion, see the section on locale support
+below.
+.P
+This code fragment shows a typical straightforward call to \fBpcre_compile()\fP:
+.sp
+  pcre *re;
+  const char *error;
+  int erroffset;
+  re = pcre_compile(
+    "^A.*Z",          /* the pattern */
+    0,                /* default options */
+    &error,           /* for error message */
+    &erroffset,       /* for error offset */
+    NULL);            /* use default character tables */
+.sp
+The following names for option bits are defined in the \fBpcre.h\fP header
+file:
+.sp
+  PCRE_ANCHORED
+.sp
+If this bit is set, the pattern is forced to be "anchored", that is, it is
+constrained to match only at the first matching point in the string that is
+being searched (the "subject string"). This effect can also be achieved by
+appropriate constructs in the pattern itself, which is the only way to do it in
+Perl.
+.sp
+  PCRE_AUTO_CALLOUT
+.sp
+If this bit is set, \fBpcre_compile()\fP automatically inserts callout items,
+all with number 255, before each pattern item. For discussion of the callout
+facility, see the
+.\" HREF
+\fBpcrecallout\fP
+.\"
+documentation.
+.sp
+  PCRE_BSR_ANYCRLF
+  PCRE_BSR_UNICODE
+.sp
+These options (which are mutually exclusive) control what the \eR escape
+sequence matches. The choice is either to match only CR, LF, or CRLF, or to
+match any Unicode newline sequence. The default is specified when PCRE is
+built. It can be overridden from within the pattern, or by setting an option
+when a compiled pattern is matched.
+.sp
+  PCRE_CASELESS
+.sp
+If this bit is set, letters in the pattern match both upper and lower case
+letters. It is equivalent to Perl's /i option, and it can be changed within a
+pattern by a (?i) option setting. In UTF-8 mode, PCRE always understands the
+concept of case for characters whose values are less than 128, so caseless
+matching is always possible. For characters with higher values, the concept of
+case is supported if PCRE is compiled with Unicode property support, but not
+otherwise. If you want to use caseless matching for characters 128 and above,
+you must ensure that PCRE is compiled with Unicode property support as well as
+with UTF-8 support.
+.sp
+  PCRE_DOLLAR_ENDONLY
+.sp
+If this bit is set, a dollar metacharacter in the pattern matches only at the
+end of the subject string. Without this option, a dollar also matches
+immediately before a newline at the end of the string (but not before any other
+newlines). The PCRE_DOLLAR_ENDONLY option is ignored if PCRE_MULTILINE is set.
+There is no equivalent to this option in Perl, and no way to set it within a
+pattern.
+.sp
+  PCRE_DOTALL
+.sp
+If this bit is set, a dot metacharacter in the pattern matches a character of
+any value, including one that indicates a newline. However, it only ever
+matches one character, even if newlines are coded as CRLF. Without this option,
+a dot does not match when the current position is at a newline. This option is
+equivalent to Perl's /s option, and it can be changed within a pattern by a
+(?s) option setting. A negative class such as [^a] always matches newline
+characters, independent of the setting of this option.
+.sp
+  PCRE_DUPNAMES
+.sp
+If this bit is set, names used to identify capturing subpatterns need not be
+unique. This can be helpful for certain types of pattern when it is known that
+only one instance of the named subpattern can ever be matched. There are more
+details of named subpatterns below; see also the
+.\" HREF
+\fBpcrepattern\fP
+.\"
+documentation.
+.sp
+  PCRE_EXTENDED
+.sp
+If this bit is set, most white space characters in the pattern are totally
+ignored except when escaped or inside a character class. However, white space
+is not allowed within sequences such as (?> that introduce various
+parenthesized subpatterns, nor within a numerical quantifier such as {1,3}.
+However, ignorable white space is permitted between an item and a following
+quantifier and between a quantifier and a following + that indicates
+possessiveness.
+.P
+White space did not used to include the VT character (code 11), because Perl
+did not treat this character as white space. However, Perl changed at release
+5.18, so PCRE followed at release 8.34, and VT is now treated as white space.
+.P
+PCRE_EXTENDED also causes characters between an unescaped # outside a character
+class and the next newline, inclusive, to be ignored. PCRE_EXTENDED is
+equivalent to Perl's /x option, and it can be changed within a pattern by a
+(?x) option setting.
+.P
+Which characters are interpreted as newlines is controlled by the options
+passed to \fBpcre_compile()\fP or by a special sequence at the start of the
+pattern, as described in the section entitled
+.\" HTML <a href="pcrepattern.html#newlines">
+.\" </a>
+"Newline conventions"
+.\"
+in the \fBpcrepattern\fP documentation. Note that the end of this type of
+comment is a literal newline sequence in the pattern; escape sequences that
+happen to represent a newline do not count.
+.P
+This option makes it possible to include comments inside complicated patterns.
+Note, however, that this applies only to data characters. White space characters
+may never appear within special character sequences in a pattern, for example
+within the sequence (?( that introduces a conditional subpattern.
+.sp
+  PCRE_EXTRA
+.sp
+This option was invented in order to turn on additional functionality of PCRE
+that is incompatible with Perl, but it is currently of very little use. When
+set, any backslash in a pattern that is followed by a letter that has no
+special meaning causes an error, thus reserving these combinations for future
+expansion. By default, as in Perl, a backslash followed by a letter with no
+special meaning is treated as a literal. (Perl can, however, be persuaded to
+give an error for this, by running it with the -w option.) There are at present
+no other features controlled by this option. It can also be set by a (?X)
+option setting within a pattern.
+.sp
+  PCRE_FIRSTLINE
+.sp
+If this option is set, an unanchored pattern is required to match before or at
+the first newline in the subject string, though the matched text may continue
+over the newline.
+.sp
+  PCRE_JAVASCRIPT_COMPAT
+.sp
+If this option is set, PCRE's behaviour is changed in some ways so that it is
+compatible with JavaScript rather than Perl. The changes are as follows:
+.P
+(1) A lone closing square bracket in a pattern causes a compile-time error,
+because this is illegal in JavaScript (by default it is treated as a data
+character). Thus, the pattern AB]CD becomes illegal when this option is set.
+.P
+(2) At run time, a back reference to an unset subpattern group matches an empty
+string (by default this causes the current matching alternative to fail). A
+pattern such as (\e1)(a) succeeds when this option is set (assuming it can find
+an "a" in the subject), whereas it fails by default, for Perl compatibility.
+.P
+(3) \eU matches an upper case "U" character; by default \eU causes a compile
+time error (Perl uses \eU to upper case subsequent characters).
+.P
+(4) \eu matches a lower case "u" character unless it is followed by four
+hexadecimal digits, in which case the hexadecimal number defines the code point
+to match. By default, \eu causes a compile time error (Perl uses it to upper
+case the following character).
+.P
+(5) \ex matches a lower case "x" character unless it is followed by two
+hexadecimal digits, in which case the hexadecimal number defines the code point
+to match. By default, as in Perl, a hexadecimal number is always expected after
+\ex, but it may have zero, one, or two digits (so, for example, \exz matches a
+binary zero character followed by z).
+.sp
+  PCRE_MULTILINE
+.sp
+By default, for the purposes of matching "start of line" and "end of line",
+PCRE treats the subject string as consisting of a single line of characters,
+even if it actually contains newlines. The "start of line" metacharacter (^)
+matches only at the start of the string, and the "end of line" metacharacter
+($) matches only at the end of the string, or before a terminating newline
+(except when PCRE_DOLLAR_ENDONLY is set). Note, however, that unless
+PCRE_DOTALL is set, the "any character" metacharacter (.) does not match at a
+newline. This behaviour (for ^, $, and dot) is the same as Perl.
+.P
+When PCRE_MULTILINE it is set, the "start of line" and "end of line" constructs
+match immediately following or immediately before internal newlines in the
+subject string, respectively, as well as at the very start and end. This is
+equivalent to Perl's /m option, and it can be changed within a pattern by a
+(?m) option setting. If there are no newlines in a subject string, or no
+occurrences of ^ or $ in a pattern, setting PCRE_MULTILINE has no effect.
+.sp
+  PCRE_NEVER_UTF
+.sp
+This option locks out interpretation of the pattern as UTF-8 (or UTF-16 or
+UTF-32 in the 16-bit and 32-bit libraries). In particular, it prevents the
+creator of the pattern from switching to UTF interpretation by starting the
+pattern with (*UTF). This may be useful in applications that process patterns
+from external sources. The combination of PCRE_UTF8 and PCRE_NEVER_UTF also
+causes an error.
+.sp
+  PCRE_NEWLINE_CR
+  PCRE_NEWLINE_LF
+  PCRE_NEWLINE_CRLF
+  PCRE_NEWLINE_ANYCRLF
+  PCRE_NEWLINE_ANY
+.sp
+These options override the default newline definition that was chosen when PCRE
+was built. Setting the first or the second specifies that a newline is
+indicated by a single character (CR or LF, respectively). Setting
+PCRE_NEWLINE_CRLF specifies that a newline is indicated by the two-character
+CRLF sequence. Setting PCRE_NEWLINE_ANYCRLF specifies that any of the three
+preceding sequences should be recognized. Setting PCRE_NEWLINE_ANY specifies
+that any Unicode newline sequence should be recognized.
+.P
+In an ASCII/Unicode environment, the Unicode newline sequences are the three
+just mentioned, plus the single characters VT (vertical tab, U+000B), FF (form
+feed, U+000C), NEL (next line, U+0085), LS (line separator, U+2028), and PS
+(paragraph separator, U+2029). For the 8-bit library, the last two are
+recognized only in UTF-8 mode.
+.P
+When PCRE is compiled to run in an EBCDIC (mainframe) environment, the code for
+CR is 0x0d, the same as ASCII. However, the character code for LF is normally
+0x15, though in some EBCDIC environments 0x25 is used. Whichever of these is
+not LF is made to correspond to Unicode's NEL character. EBCDIC codes are all
+less than 256. For more details, see the
+.\" HREF
+\fBpcrebuild\fP
+.\"
+documentation.
+.P
+The newline setting in the options word uses three bits that are treated
+as a number, giving eight possibilities. Currently only six are used (default
+plus the five values above). This means that if you set more than one newline
+option, the combination may or may not be sensible. For example,
+PCRE_NEWLINE_CR with PCRE_NEWLINE_LF is equivalent to PCRE_NEWLINE_CRLF, but
+other combinations may yield unused numbers and cause an error.
+.P
+The only time that a line break in a pattern is specially recognized when
+compiling is when PCRE_EXTENDED is set. CR and LF are white space characters,
+and so are ignored in this mode. Also, an unescaped # outside a character class
+indicates a comment that lasts until after the next line break sequence. In
+other circumstances, line break sequences in patterns are treated as literal
+data.
+.P
+The newline option that is set at compile time becomes the default that is used
+for \fBpcre_exec()\fP and \fBpcre_dfa_exec()\fP, but it can be overridden.
+.sp
+  PCRE_NO_AUTO_CAPTURE
+.sp
+If this option is set, it disables the use of numbered capturing parentheses in
+the pattern. Any opening parenthesis that is not followed by ? behaves as if it
+were followed by ?: but named parentheses can still be used for capturing (and
+they acquire numbers in the usual way). There is no equivalent of this option
+in Perl.
+.sp
+  PCRE_NO_AUTO_POSSESS
+.sp
+If this option is set, it disables "auto-possessification". This is an
+optimization that, for example, turns a+b into a++b in order to avoid
+backtracks into a+ that can never be successful. However, if callouts are in
+use, auto-possessification means that some of them are never taken. You can set
+this option if you want the matching functions to do a full unoptimized search
+and run all the callouts, but it is mainly provided for testing purposes.
+.sp
+  PCRE_NO_START_OPTIMIZE
+.sp
+This is an option that acts at matching time; that is, it is really an option
+for \fBpcre_exec()\fP or \fBpcre_dfa_exec()\fP. If it is set at compile time,
+it is remembered with the compiled pattern and assumed at matching time. This
+is necessary if you want to use JIT execution, because the JIT compiler needs
+to know whether or not this option is set. For details see the discussion of
+PCRE_NO_START_OPTIMIZE
+.\" HTML <a href="#execoptions">
+.\" </a>
+below.
+.\"
+.sp
+  PCRE_UCP
+.sp
+This option changes the way PCRE processes \eB, \eb, \eD, \ed, \eS, \es, \eW,
+\ew, and some of the POSIX character classes. By default, only ASCII characters
+are recognized, but if PCRE_UCP is set, Unicode properties are used instead to
+classify characters. More details are given in the section on
+.\" HTML <a href="pcre.html#genericchartypes">
+.\" </a>
+generic character types
+.\"
+in the
+.\" HREF
+\fBpcrepattern\fP
+.\"
+page. If you set PCRE_UCP, matching one of the items it affects takes much
+longer. The option is available only if PCRE has been compiled with Unicode
+property support.
+.sp
+  PCRE_UNGREEDY
+.sp
+This option inverts the "greediness" of the quantifiers so that they are not
+greedy by default, but become greedy if followed by "?". It is not compatible
+with Perl. It can also be set by a (?U) option setting within the pattern.
+.sp
+  PCRE_UTF8
+.sp
+This option causes PCRE to regard both the pattern and the subject as strings
+of UTF-8 characters instead of single-byte strings. However, it is available
+only when PCRE is built to include UTF support. If not, the use of this option
+provokes an error. Details of how this option changes the behaviour of PCRE are
+given in the
+.\" HREF
+\fBpcreunicode\fP
+.\"
+page.
+.sp
+  PCRE_NO_UTF8_CHECK
+.sp
+When PCRE_UTF8 is set, the validity of the pattern as a UTF-8 string is
+automatically checked. There is a discussion about the
+.\" HTML <a href="pcreunicode.html#utf8strings">
+.\" </a>
+validity of UTF-8 strings
+.\"
+in the
+.\" HREF
+\fBpcreunicode\fP
+.\"
+page. If an invalid UTF-8 sequence is found, \fBpcre_compile()\fP returns an
+error. If you already know that your pattern is valid, and you want to skip
+this check for performance reasons, you can set the PCRE_NO_UTF8_CHECK option.
+When it is set, the effect of passing an invalid UTF-8 string as a pattern is
+undefined. It may cause your program to crash or loop. Note that this option
+can also be passed to \fBpcre_exec()\fP and \fBpcre_dfa_exec()\fP, to suppress
+the validity checking of subject strings only. If the same string is being
+matched many times, the option can be safely set for the second and subsequent
+matchings to improve performance.
+.
+.
+.SH "COMPILATION ERROR CODES"
+.rs
+.sp
+The following table lists the error codes than may be returned by
+\fBpcre_compile2()\fP, along with the error messages that may be returned by
+both compiling functions. Note that error messages are always 8-bit ASCII
+strings, even in 16-bit or 32-bit mode. As PCRE has developed, some error codes
+have fallen out of use. To avoid confusion, they have not been re-used.
+.sp
+   0  no error
+   1  \e at end of pattern
+   2  \ec at end of pattern
+   3  unrecognized character follows \e
+   4  numbers out of order in {} quantifier
+   5  number too big in {} quantifier
+   6  missing terminating ] for character class
+   7  invalid escape sequence in character class
+   8  range out of order in character class
+   9  nothing to repeat
+  10  [this code is not in use]
+  11  internal error: unexpected repeat
+  12  unrecognized character after (? or (?-
+  13  POSIX named classes are supported only within a class
+  14  missing )
+  15  reference to non-existent subpattern
+  16  erroffset passed as NULL
+  17  unknown option bit(s) set
+  18  missing ) after comment
+  19  [this code is not in use]
+  20  regular expression is too large
+  21  failed to get memory
+  22  unmatched parentheses
+  23  internal error: code overflow
+  24  unrecognized character after (?<
+  25  lookbehind assertion is not fixed length
+  26  malformed number or name after (?(
+  27  conditional group contains more than two branches
+  28  assertion expected after (?(
+  29  (?R or (?[+-]digits must be followed by )
+  30  unknown POSIX class name
+  31  POSIX collating elements are not supported
+  32  this version of PCRE is compiled without UTF support
+  33  [this code is not in use]
+  34  character value in \ex{} or \eo{} is too large
+  35  invalid condition (?(0)
+  36  \eC not allowed in lookbehind assertion
+  37  PCRE does not support \eL, \el, \eN{name}, \eU, or \eu
+  38  number after (?C is > 255
+  39  closing ) for (?C expected
+  40  recursive call could loop indefinitely
+  41  unrecognized character after (?P
+  42  syntax error in subpattern name (missing terminator)
+  43  two named subpatterns have the same name
+  44  invalid UTF-8 string (specifically UTF-8)
+  45  support for \eP, \ep, and \eX has not been compiled
+  46  malformed \eP or \ep sequence
+  47  unknown property name after \eP or \ep
+  48  subpattern name is too long (maximum 32 characters)
+  49  too many named subpatterns (maximum 10000)
+  50  [this code is not in use]
+  51  octal value is greater than \e377 in 8-bit non-UTF-8 mode
+  52  internal error: overran compiling workspace
+  53  internal error: previously-checked referenced subpattern
+        not found
+  54  DEFINE group contains more than one branch
+  55  repeating a DEFINE group is not allowed
+  56  inconsistent NEWLINE options
+  57  \eg is not followed by a braced, angle-bracketed, or quoted
+        name/number or by a plain number
+  58  a numbered reference must not be zero
+  59  an argument is not allowed for (*ACCEPT), (*FAIL), or (*COMMIT)
+  60  (*VERB) not recognized or malformed
+  61  number is too big
+  62  subpattern name expected
+  63  digit expected after (?+
+  64  ] is an invalid data character in JavaScript compatibility mode
+  65  different names for subpatterns of the same number are
+        not allowed
+  66  (*MARK) must have an argument
+  67  this version of PCRE is not compiled with Unicode property
+        support
+  68  \ec must be followed by an ASCII character
+  69  \ek is not followed by a braced, angle-bracketed, or quoted name
+  70  internal error: unknown opcode in find_fixedlength()
+  71  \eN is not supported in a class
+  72  too many forward references
+  73  disallowed Unicode code point (>= 0xd800 && <= 0xdfff)
+  74  invalid UTF-16 string (specifically UTF-16)
+  75  name is too long in (*MARK), (*PRUNE), (*SKIP), or (*THEN)
+  76  character value in \eu.... sequence is too large
+  77  invalid UTF-32 string (specifically UTF-32)
+  78  setting UTF is disabled by the application
+  79  non-hex character in \ex{} (closing brace missing?)
+  80  non-octal character in \eo{} (closing brace missing?)
+  81  missing opening brace after \eo
+  82  parentheses are too deeply nested
+  83  invalid range in character class
+  84  group name must start with a non-digit
+  85  parentheses are too deeply nested (stack check)
+.sp
+The numbers 32 and 10000 in errors 48 and 49 are defaults; different values may
+be used if the limits were changed when PCRE was built.
+.
+.
+.\" HTML <a name="studyingapattern"></a>
+.SH "STUDYING A PATTERN"
+.rs
+.sp
+.nf
+.B pcre_extra *pcre_study(const pcre *\fIcode\fP, int \fIoptions\fP,
+.B "     const char **\fIerrptr\fP);"
+.fi
+.PP
+If a compiled pattern is going to be used several times, it is worth spending
+more time analyzing it in order to speed up the time taken for matching. The
+function \fBpcre_study()\fP takes a pointer to a compiled pattern as its first
+argument. If studying the pattern produces additional information that will
+help speed up matching, \fBpcre_study()\fP returns a pointer to a
+\fBpcre_extra\fP block, in which the \fIstudy_data\fP field points to the
+results of the study.
+.P
+The returned value from \fBpcre_study()\fP can be passed directly to
+\fBpcre_exec()\fP or \fBpcre_dfa_exec()\fP. However, a \fBpcre_extra\fP block
+also contains other fields that can be set by the caller before the block is
+passed; these are described
+.\" HTML <a href="#extradata">
+.\" </a>
+below
+.\"
+in the section on matching a pattern.
+.P
+If studying the pattern does not produce any useful information,
+\fBpcre_study()\fP returns NULL by default. In that circumstance, if the
+calling program wants to pass any of the other fields to \fBpcre_exec()\fP or
+\fBpcre_dfa_exec()\fP, it must set up its own \fBpcre_extra\fP block. However,
+if \fBpcre_study()\fP is called with the PCRE_STUDY_EXTRA_NEEDED option, it
+returns a \fBpcre_extra\fP block even if studying did not find any additional
+information. It may still return NULL, however, if an error occurs in
+\fBpcre_study()\fP.
+.P
+The second argument of \fBpcre_study()\fP contains option bits. There are three
+further options in addition to PCRE_STUDY_EXTRA_NEEDED:
+.sp
+  PCRE_STUDY_JIT_COMPILE
+  PCRE_STUDY_JIT_PARTIAL_HARD_COMPILE
+  PCRE_STUDY_JIT_PARTIAL_SOFT_COMPILE
+.sp
+If any of these are set, and the just-in-time compiler is available, the
+pattern is further compiled into machine code that executes much faster than
+the \fBpcre_exec()\fP interpretive matching function. If the just-in-time
+compiler is not available, these options are ignored. All undefined bits in the
+\fIoptions\fP argument must be zero.
+.P
+JIT compilation is a heavyweight optimization. It can take some time for
+patterns to be analyzed, and for one-off matches and simple patterns the
+benefit of faster execution might be offset by a much slower study time.
+Not all patterns can be optimized by the JIT compiler. For those that cannot be
+handled, matching automatically falls back to the \fBpcre_exec()\fP
+interpreter. For more details, see the
+.\" HREF
+\fBpcrejit\fP
+.\"
+documentation.
+.P
+The third argument for \fBpcre_study()\fP is a pointer for an error message. If
+studying succeeds (even if no data is returned), the variable it points to is
+set to NULL. Otherwise it is set to point to a textual error message. This is a
+static string that is part of the library. You must not try to free it. You
+should test the error pointer for NULL after calling \fBpcre_study()\fP, to be
+sure that it has run successfully.
+.P
+When you are finished with a pattern, you can free the memory used for the
+study data by calling \fBpcre_free_study()\fP. This function was added to the
+API for release 8.20. For earlier versions, the memory could be freed with
+\fBpcre_free()\fP, just like the pattern itself. This will still work in cases
+where JIT optimization is not used, but it is advisable to change to the new
+function when convenient.
+.P
+This is a typical way in which \fBpcre_study\fP() is used (except that in a
+real application there should be tests for errors):
+.sp
+  int rc;
+  pcre *re;
+  pcre_extra *sd;
+  re = pcre_compile("pattern", 0, &error, &erroroffset, NULL);
+  sd = pcre_study(
+    re,             /* result of pcre_compile() */
+    0,              /* no options */
+    &error);        /* set to NULL or points to a message */
+  rc = pcre_exec(   /* see below for details of pcre_exec() options */
+    re, sd, "subject", 7, 0, 0, ovector, 30);
+  ...
+  pcre_free_study(sd);
+  pcre_free(re);
+.sp
+Studying a pattern does two things: first, a lower bound for the length of
+subject string that is needed to match the pattern is computed. This does not
+mean that there are any strings of that length that match, but it does
+guarantee that no shorter strings match. The value is used to avoid wasting
+time by trying to match strings that are shorter than the lower bound. You can
+find out the value in a calling program via the \fBpcre_fullinfo()\fP function.
+.P
+Studying a pattern is also useful for non-anchored patterns that do not have a
+single fixed starting character. A bitmap of possible starting bytes is
+created. This speeds up finding a position in the subject at which to start
+matching. (In 16-bit mode, the bitmap is used for 16-bit values less than 256.
+In 32-bit mode, the bitmap is used for 32-bit values less than 256.)
+.P
+These two optimizations apply to both \fBpcre_exec()\fP and
+\fBpcre_dfa_exec()\fP, and the information is also used by the JIT compiler.
+The optimizations can be disabled by setting the PCRE_NO_START_OPTIMIZE option.
+You might want to do this if your pattern contains callouts or (*MARK) and you
+want to make use of these facilities in cases where matching fails.
+.P
+PCRE_NO_START_OPTIMIZE can be specified at either compile time or execution
+time. However, if PCRE_NO_START_OPTIMIZE is passed to \fBpcre_exec()\fP, (that
+is, after any JIT compilation has happened) JIT execution is disabled. For JIT
+execution to work with PCRE_NO_START_OPTIMIZE, the option must be set at
+compile time.
+.P
+There is a longer discussion of PCRE_NO_START_OPTIMIZE
+.\" HTML <a href="#execoptions">
+.\" </a>
+below.
+.\"
+.
+.
+.\" HTML <a name="localesupport"></a>
+.SH "LOCALE SUPPORT"
+.rs
+.sp
+PCRE handles caseless matching, and determines whether characters are letters,
+digits, or whatever, by reference to a set of tables, indexed by character
+code point. When running in UTF-8 mode, or in the 16- or 32-bit libraries, this
+applies only to characters with code points less than 256. By default,
+higher-valued code points never match escapes such as \ew or \ed. However, if
+PCRE is built with Unicode property support, all characters can be tested with
+\ep and \eP, or, alternatively, the PCRE_UCP option can be set when a pattern
+is compiled; this causes \ew and friends to use Unicode property support
+instead of the built-in tables.
+.P
+The use of locales with Unicode is discouraged. If you are handling characters
+with code points greater than 128, you should either use Unicode support, or
+use locales, but not try to mix the two.
+.P
+PCRE contains an internal set of tables that are used when the final argument
+of \fBpcre_compile()\fP is NULL. These are sufficient for many applications.
+Normally, the internal tables recognize only ASCII characters. However, when
+PCRE is built, it is possible to cause the internal tables to be rebuilt in the
+default "C" locale of the local system, which may cause them to be different.
+.P
+The internal tables can always be overridden by tables supplied by the
+application that calls PCRE. These may be created in a different locale from
+the default. As more and more applications change to using Unicode, the need
+for this locale support is expected to die away.
+.P
+External tables are built by calling the \fBpcre_maketables()\fP function,
+which has no arguments, in the relevant locale. The result can then be passed
+to \fBpcre_compile()\fP as often as necessary. For example, to build and use
+tables that are appropriate for the French locale (where accented characters
+with values greater than 128 are treated as letters), the following code could
+be used:
+.sp
+  setlocale(LC_CTYPE, "fr_FR");
+  tables = pcre_maketables();
+  re = pcre_compile(..., tables);
+.sp
+The locale name "fr_FR" is used on Linux and other Unix-like systems; if you
+are using Windows, the name for the French locale is "french".
+.P
+When \fBpcre_maketables()\fP runs, the tables are built in memory that is
+obtained via \fBpcre_malloc\fP. It is the caller's responsibility to ensure
+that the memory containing the tables remains available for as long as it is
+needed.
+.P
+The pointer that is passed to \fBpcre_compile()\fP is saved with the compiled
+pattern, and the same tables are used via this pointer by \fBpcre_study()\fP
+and also by \fBpcre_exec()\fP and \fBpcre_dfa_exec()\fP. Thus, for any single
+pattern, compilation, studying and matching all happen in the same locale, but
+different patterns can be processed in different locales.
+.P
+It is possible to pass a table pointer or NULL (indicating the use of the
+internal tables) to \fBpcre_exec()\fP or \fBpcre_dfa_exec()\fP (see the
+discussion below in the section on matching a pattern). This facility is
+provided for use with pre-compiled patterns that have been saved and reloaded.
+Character tables are not saved with patterns, so if a non-standard table was
+used at compile time, it must be provided again when the reloaded pattern is
+matched. Attempting to use this facility to match a pattern in a different
+locale from the one in which it was compiled is likely to lead to anomalous
+(usually incorrect) results.
+.
+.
+.\" HTML <a name="infoaboutpattern"></a>
+.SH "INFORMATION ABOUT A PATTERN"
+.rs
+.sp
+.nf
+.B int pcre_fullinfo(const pcre *\fIcode\fP, "const pcre_extra *\fIextra\fP,"
+.B "     int \fIwhat\fP, void *\fIwhere\fP);"
+.fi
+.PP
+The \fBpcre_fullinfo()\fP function returns information about a compiled
+pattern. It replaces the \fBpcre_info()\fP function, which was removed from the
+library at version 8.30, after more than 10 years of obsolescence.
+.P
+The first argument for \fBpcre_fullinfo()\fP is a pointer to the compiled
+pattern. The second argument is the result of \fBpcre_study()\fP, or NULL if
+the pattern was not studied. The third argument specifies which piece of
+information is required, and the fourth argument is a pointer to a variable
+to receive the data. The yield of the function is zero for success, or one of
+the following negative numbers:
+.sp
+  PCRE_ERROR_NULL           the argument \fIcode\fP was NULL
+                            the argument \fIwhere\fP was NULL
+  PCRE_ERROR_BADMAGIC       the "magic number" was not found
+  PCRE_ERROR_BADENDIANNESS  the pattern was compiled with different
+                            endianness
+  PCRE_ERROR_BADOPTION      the value of \fIwhat\fP was invalid
+  PCRE_ERROR_UNSET          the requested field is not set
+.sp
+The "magic number" is placed at the start of each compiled pattern as an simple
+check against passing an arbitrary memory pointer. The endianness error can
+occur if a compiled pattern is saved and reloaded on a different host. Here is
+a typical call of \fBpcre_fullinfo()\fP, to obtain the length of the compiled
+pattern:
+.sp
+  int rc;
+  size_t length;
+  rc = pcre_fullinfo(
+    re,               /* result of pcre_compile() */
+    sd,               /* result of pcre_study(), or NULL */
+    PCRE_INFO_SIZE,   /* what is required */
+    &length);         /* where to put the data */
+.sp
+The possible values for the third argument are defined in \fBpcre.h\fP, and are
+as follows:
+.sp
+  PCRE_INFO_BACKREFMAX
+.sp
+Return the number of the highest back reference in the pattern. The fourth
+argument should point to an \fBint\fP variable. Zero is returned if there are
+no back references.
+.sp
+  PCRE_INFO_CAPTURECOUNT
+.sp
+Return the number of capturing subpatterns in the pattern. The fourth argument
+should point to an \fBint\fP variable.
+.sp
+  PCRE_INFO_DEFAULT_TABLES
+.sp
+Return a pointer to the internal default character tables within PCRE. The
+fourth argument should point to an \fBunsigned char *\fP variable. This
+information call is provided for internal use by the \fBpcre_study()\fP
+function. External callers can cause PCRE to use its internal tables by passing
+a NULL table pointer.
+.sp
+  PCRE_INFO_FIRSTBYTE (deprecated)
+.sp
+Return information about the first data unit of any matched string, for a
+non-anchored pattern. The name of this option refers to the 8-bit library,
+where data units are bytes. The fourth argument should point to an \fBint\fP
+variable. Negative values are used for special cases. However, this means that
+when the 32-bit library is in non-UTF-32 mode, the full 32-bit range of
+characters cannot be returned. For this reason, this value is deprecated; use
+PCRE_INFO_FIRSTCHARACTERFLAGS and PCRE_INFO_FIRSTCHARACTER instead.
+.P
+If there is a fixed first value, for example, the letter "c" from a pattern
+such as (cat|cow|coyote), its value is returned. In the 8-bit library, the
+value is always less than 256. In the 16-bit library the value can be up to
+0xffff. In the 32-bit library the value can be up to 0x10ffff.
+.P
+If there is no fixed first value, and if either
+.sp
+(a) the pattern was compiled with the PCRE_MULTILINE option, and every branch
+starts with "^", or
+.sp
+(b) every branch of the pattern starts with ".*" and PCRE_DOTALL is not set
+(if it were set, the pattern would be anchored),
+.sp
+-1 is returned, indicating that the pattern matches only at the start of a
+subject string or after any newline within the string. Otherwise -2 is
+returned. For anchored patterns, -2 is returned.
+.sp
+  PCRE_INFO_FIRSTCHARACTER
+.sp
+Return the value of the first data unit (non-UTF character) of any matched
+string in the situation where PCRE_INFO_FIRSTCHARACTERFLAGS returns 1;
+otherwise return 0. The fourth argument should point to an \fBuint_t\fP
+variable.
+.P
+In the 8-bit library, the value is always less than 256. In the 16-bit library
+the value can be up to 0xffff. In the 32-bit library in UTF-32 mode the value
+can be up to 0x10ffff, and up to 0xffffffff when not using UTF-32 mode.
+.sp
+  PCRE_INFO_FIRSTCHARACTERFLAGS
+.sp
+Return information about the first data unit of any matched string, for a
+non-anchored pattern. The fourth argument should point to an \fBint\fP
+variable.
+.P
+If there is a fixed first value, for example, the letter "c" from a pattern
+such as (cat|cow|coyote), 1 is returned, and the character value can be
+retrieved using PCRE_INFO_FIRSTCHARACTER. If there is no fixed first value, and
+if either
+.sp
+(a) the pattern was compiled with the PCRE_MULTILINE option, and every branch
+starts with "^", or
+.sp
+(b) every branch of the pattern starts with ".*" and PCRE_DOTALL is not set
+(if it were set, the pattern would be anchored),
+.sp
+2 is returned, indicating that the pattern matches only at the start of a
+subject string or after any newline within the string. Otherwise 0 is
+returned. For anchored patterns, 0 is returned.
+.sp
+  PCRE_INFO_FIRSTTABLE
+.sp
+If the pattern was studied, and this resulted in the construction of a 256-bit
+table indicating a fixed set of values for the first data unit in any matching
+string, a pointer to the table is returned. Otherwise NULL is returned. The
+fourth argument should point to an \fBunsigned char *\fP variable.
+.sp
+  PCRE_INFO_HASCRORLF
+.sp
+Return 1 if the pattern contains any explicit matches for CR or LF characters,
+otherwise 0. The fourth argument should point to an \fBint\fP variable. An
+explicit match is either a literal CR or LF character, or \er or \en.
+.sp
+  PCRE_INFO_JCHANGED
+.sp
+Return 1 if the (?J) or (?-J) option setting is used in the pattern, otherwise
+0. The fourth argument should point to an \fBint\fP variable. (?J) and
+(?-J) set and unset the local PCRE_DUPNAMES option, respectively.
+.sp
+  PCRE_INFO_JIT
+.sp
+Return 1 if the pattern was studied with one of the JIT options, and
+just-in-time compiling was successful. The fourth argument should point to an
+\fBint\fP variable. A return value of 0 means that JIT support is not available
+in this version of PCRE, or that the pattern was not studied with a JIT option,
+or that the JIT compiler could not handle this particular pattern. See the
+.\" HREF
+\fBpcrejit\fP
+.\"
+documentation for details of what can and cannot be handled.
+.sp
+  PCRE_INFO_JITSIZE
+.sp
+If the pattern was successfully studied with a JIT option, return the size of
+the JIT compiled code, otherwise return zero. The fourth argument should point
+to a \fBsize_t\fP variable.
+.sp
+  PCRE_INFO_LASTLITERAL
+.sp
+Return the value of the rightmost literal data unit that must exist in any
+matched string, other than at its start, if such a value has been recorded. The
+fourth argument should point to an \fBint\fP variable. If there is no such
+value, -1 is returned. For anchored patterns, a last literal value is recorded
+only if it follows something of variable length. For example, for the pattern
+/^a\ed+z\ed+/ the returned value is "z", but for /^a\edz\ed/ the returned value
+is -1.
+.P
+Since for the 32-bit library using the non-UTF-32 mode, this function is unable
+to return the full 32-bit range of characters, this value is deprecated;
+instead the PCRE_INFO_REQUIREDCHARFLAGS and PCRE_INFO_REQUIREDCHAR values should
+be used.
+.sp
+  PCRE_INFO_MATCH_EMPTY
+.sp
+Return 1 if the pattern can match an empty string, otherwise 0. The fourth
+argument should point to an \fBint\fP variable.
+.sp
+  PCRE_INFO_MATCHLIMIT
+.sp
+If the pattern set a match limit by including an item of the form
+(*LIMIT_MATCH=nnnn) at the start, the value is returned. The fourth argument
+should point to an unsigned 32-bit integer. If no such value has been set, the
+call to \fBpcre_fullinfo()\fP returns the error PCRE_ERROR_UNSET.
+.sp
+  PCRE_INFO_MAXLOOKBEHIND
+.sp
+Return the number of characters (NB not data units) in the longest lookbehind
+assertion in the pattern. This information is useful when doing multi-segment
+matching using the partial matching facilities. Note that the simple assertions
+\eb and \eB require a one-character lookbehind. \eA also registers a
+one-character lookbehind, though it does not actually inspect the previous
+character. This is to ensure that at least one character from the old segment
+is retained when a new segment is processed. Otherwise, if there are no
+lookbehinds in the pattern, \eA might match incorrectly at the start of a new
+segment.
+.sp
+  PCRE_INFO_MINLENGTH
+.sp
+If the pattern was studied and a minimum length for matching subject strings
+was computed, its value is returned. Otherwise the returned value is -1. The
+value is a number of characters, which in UTF mode may be different from the
+number of data units. The fourth argument should point to an \fBint\fP
+variable. A non-negative value is a lower bound to the length of any matching
+string. There may not be any strings of that length that do actually match, but
+every string that does match is at least that long.
+.sp
+  PCRE_INFO_NAMECOUNT
+  PCRE_INFO_NAMEENTRYSIZE
+  PCRE_INFO_NAMETABLE
+.sp
+PCRE supports the use of named as well as numbered capturing parentheses. The
+names are just an additional way of identifying the parentheses, which still
+acquire numbers. Several convenience functions such as
+\fBpcre_get_named_substring()\fP are provided for extracting captured
+substrings by name. It is also possible to extract the data directly, by first
+converting the name to a number in order to access the correct pointers in the
+output vector (described with \fBpcre_exec()\fP below). To do the conversion,
+you need to use the name-to-number map, which is described by these three
+values.
+.P
+The map consists of a number of fixed-size entries. PCRE_INFO_NAMECOUNT gives
+the number of entries, and PCRE_INFO_NAMEENTRYSIZE gives the size of each
+entry; both of these return an \fBint\fP value. The entry size depends on the
+length of the longest name. PCRE_INFO_NAMETABLE returns a pointer to the first
+entry of the table. This is a pointer to \fBchar\fP in the 8-bit library, where
+the first two bytes of each entry are the number of the capturing parenthesis,
+most significant byte first. In the 16-bit library, the pointer points to
+16-bit data units, the first of which contains the parenthesis number. In the
+32-bit library, the pointer points to 32-bit data units, the first of which
+contains the parenthesis number. The rest of the entry is the corresponding
+name, zero terminated.
+.P
+The names are in alphabetical order. If (?| is used to create multiple groups
+with the same number, as described in the
+.\" HTML <a href="pcrepattern.html#dupsubpatternnumber">
+.\" </a>
+section on duplicate subpattern numbers
+.\"
+in the
+.\" HREF
+\fBpcrepattern\fP
+.\"
+page, the groups may be given the same name, but there is only one entry in the
+table. Different names for groups of the same number are not permitted.
+Duplicate names for subpatterns with different numbers are permitted,
+but only if PCRE_DUPNAMES is set. They appear in the table in the order in
+which they were found in the pattern. In the absence of (?| this is the order
+of increasing number; when (?| is used this is not necessarily the case because
+later subpatterns may have lower numbers.
+.P
+As a simple example of the name/number table, consider the following pattern
+after compilation by the 8-bit library (assume PCRE_EXTENDED is set, so white
+space - including newlines - is ignored):
+.sp
+.\" JOIN
+  (?<date> (?<year>(\ed\ed)?\ed\ed) -
+  (?<month>\ed\ed) - (?<day>\ed\ed) )
+.sp
+There are four named subpatterns, so the table has four entries, and each entry
+in the table is eight bytes long. The table is as follows, with non-printing
+bytes shows in hexadecimal, and undefined bytes shown as ??:
+.sp
+  00 01 d  a  t  e  00 ??
+  00 05 d  a  y  00 ?? ??
+  00 04 m  o  n  t  h  00
+  00 02 y  e  a  r  00 ??
+.sp
+When writing code to extract data from named subpatterns using the
+name-to-number map, remember that the length of the entries is likely to be
+different for each compiled pattern.
+.sp
+  PCRE_INFO_OKPARTIAL
+.sp
+Return 1 if the pattern can be used for partial matching with
+\fBpcre_exec()\fP, otherwise 0. The fourth argument should point to an
+\fBint\fP variable. From release 8.00, this always returns 1, because the
+restrictions that previously applied to partial matching have been lifted. The
+.\" HREF
+\fBpcrepartial\fP
+.\"
+documentation gives details of partial matching.
+.sp
+  PCRE_INFO_OPTIONS
+.sp
+Return a copy of the options with which the pattern was compiled. The fourth
+argument should point to an \fBunsigned long int\fP variable. These option bits
+are those specified in the call to \fBpcre_compile()\fP, modified by any
+top-level option settings at the start of the pattern itself. In other words,
+they are the options that will be in force when matching starts. For example,
+if the pattern /(?im)abc(?-i)d/ is compiled with the PCRE_EXTENDED option, the
+result is PCRE_CASELESS, PCRE_MULTILINE, and PCRE_EXTENDED.
+.P
+A pattern is automatically anchored by PCRE if all of its top-level
+alternatives begin with one of the following:
+.sp
+  ^     unless PCRE_MULTILINE is set
+  \eA    always
+  \eG    always
+.\" JOIN
+  .*    if PCRE_DOTALL is set and there are no back
+          references to the subpattern in which .* appears
+.sp
+For such patterns, the PCRE_ANCHORED bit is set in the options returned by
+\fBpcre_fullinfo()\fP.
+.sp
+  PCRE_INFO_RECURSIONLIMIT
+.sp
+If the pattern set a recursion limit by including an item of the form
+(*LIMIT_RECURSION=nnnn) at the start, the value is returned. The fourth
+argument should point to an unsigned 32-bit integer. If no such value has been
+set, the call to \fBpcre_fullinfo()\fP returns the error PCRE_ERROR_UNSET.
+.sp
+  PCRE_INFO_SIZE
+.sp
+Return the size of the compiled pattern in bytes (for all three libraries). The
+fourth argument should point to a \fBsize_t\fP variable. This value does not
+include the size of the \fBpcre\fP structure that is returned by
+\fBpcre_compile()\fP. The value that is passed as the argument to
+\fBpcre_malloc()\fP when \fBpcre_compile()\fP is getting memory in which to
+place the compiled data is the value returned by this option plus the size of
+the \fBpcre\fP structure. Studying a compiled pattern, with or without JIT,
+does not alter the value returned by this option.
+.sp
+  PCRE_INFO_STUDYSIZE
+.sp
+Return the size in bytes (for all three libraries) of the data block pointed to
+by the \fIstudy_data\fP field in a \fBpcre_extra\fP block. If \fBpcre_extra\fP
+is NULL, or there is no study data, zero is returned. The fourth argument
+should point to a \fBsize_t\fP variable. The \fIstudy_data\fP field is set by
+\fBpcre_study()\fP to record information that will speed up matching (see the
+section entitled
+.\" HTML <a href="#studyingapattern">
+.\" </a>
+"Studying a pattern"
+.\"
+above). The format of the \fIstudy_data\fP block is private, but its length
+is made available via this option so that it can be saved and restored (see the
+.\" HREF
+\fBpcreprecompile\fP
+.\"
+documentation for details).
+.sp
+  PCRE_INFO_REQUIREDCHARFLAGS
+.sp
+Returns 1 if there is a rightmost literal data unit that must exist in any
+matched string, other than at its start. The fourth argument should  point to
+an \fBint\fP variable. If there is no such value, 0 is returned. If returning
+1, the character value itself can be retrieved using PCRE_INFO_REQUIREDCHAR.
+.P
+For anchored patterns, a last literal value is recorded only if it follows
+something of variable length. For example, for the pattern /^a\ed+z\ed+/ the
+returned value 1 (with "z" returned from PCRE_INFO_REQUIREDCHAR), but for
+/^a\edz\ed/ the returned value is 0.
+.sp
+  PCRE_INFO_REQUIREDCHAR
+.sp
+Return the value of the rightmost literal data unit that must exist in any
+matched string, other than at its start, if such a value has been recorded. The
+fourth argument should point to an \fBuint32_t\fP variable. If there is no such
+value, 0 is returned.
+.
+.
+.SH "REFERENCE COUNTS"
+.rs
+.sp
+.B int pcre_refcount(pcre *\fIcode\fP, int \fIadjust\fP);
+.PP
+The \fBpcre_refcount()\fP function is used to maintain a reference count in the
+data block that contains a compiled pattern. It is provided for the benefit of
+applications that operate in an object-oriented manner, where different parts
+of the application may be using the same compiled pattern, but you want to free
+the block when they are all done.
+.P
+When a pattern is compiled, the reference count field is initialized to zero.
+It is changed only by calling this function, whose action is to add the
+\fIadjust\fP value (which may be positive or negative) to it. The yield of the
+function is the new value. However, the value of the count is constrained to
+lie between 0 and 65535, inclusive. If the new value is outside these limits,
+it is forced to the appropriate limit value.
+.P
+Except when it is zero, the reference count is not correctly preserved if a
+pattern is compiled on one host and then transferred to a host whose byte-order
+is different. (This seems a highly unlikely scenario.)
+.
+.
+.SH "MATCHING A PATTERN: THE TRADITIONAL FUNCTION"
+.rs
+.sp
+.nf
+.B int pcre_exec(const pcre *\fIcode\fP, "const pcre_extra *\fIextra\fP,"
+.B "     const char *\fIsubject\fP," int \fIlength\fP, int \fIstartoffset\fP,
+.B "     int \fIoptions\fP, int *\fIovector\fP, int \fIovecsize\fP);"
+.fi
+.P
+The function \fBpcre_exec()\fP is called to match a subject string against a
+compiled pattern, which is passed in the \fIcode\fP argument. If the
+pattern was studied, the result of the study should be passed in the
+\fIextra\fP argument. You can call \fBpcre_exec()\fP with the same \fIcode\fP
+and \fIextra\fP arguments as many times as you like, in order to match
+different subject strings with the same pattern.
+.P
+This function is the main matching facility of the library, and it operates in
+a Perl-like manner. For specialist use there is also an alternative matching
+function, which is described
+.\" HTML <a href="#dfamatch">
+.\" </a>
+below
+.\"
+in the section about the \fBpcre_dfa_exec()\fP function.
+.P
+In most applications, the pattern will have been compiled (and optionally
+studied) in the same process that calls \fBpcre_exec()\fP. However, it is
+possible to save compiled patterns and study data, and then use them later
+in different processes, possibly even on different hosts. For a discussion
+about this, see the
+.\" HREF
+\fBpcreprecompile\fP
+.\"
+documentation.
+.P
+Here is an example of a simple call to \fBpcre_exec()\fP:
+.sp
+  int rc;
+  int ovector[30];
+  rc = pcre_exec(
+    re,             /* result of pcre_compile() */
+    NULL,           /* we didn't study the pattern */
+    "some string",  /* the subject string */
+    11,             /* the length of the subject string */
+    0,              /* start at offset 0 in the subject */
+    0,              /* default options */
+    ovector,        /* vector of integers for substring information */
+    30);            /* number of elements (NOT size in bytes) */
+.
+.
+.\" HTML <a name="extradata"></a>
+.SS "Extra data for \fBpcre_exec()\fR"
+.rs
+.sp
+If the \fIextra\fP argument is not NULL, it must point to a \fBpcre_extra\fP
+data block. The \fBpcre_study()\fP function returns such a block (when it
+doesn't return NULL), but you can also create one for yourself, and pass
+additional information in it. The \fBpcre_extra\fP block contains the following
+fields (not necessarily in this order):
+.sp
+  unsigned long int \fIflags\fP;
+  void *\fIstudy_data\fP;
+  void *\fIexecutable_jit\fP;
+  unsigned long int \fImatch_limit\fP;
+  unsigned long int \fImatch_limit_recursion\fP;
+  void *\fIcallout_data\fP;
+  const unsigned char *\fItables\fP;
+  unsigned char **\fImark\fP;
+.sp
+In the 16-bit version of this structure, the \fImark\fP field has type
+"PCRE_UCHAR16 **".
+.sp
+In the 32-bit version of this structure, the \fImark\fP field has type
+"PCRE_UCHAR32 **".
+.P
+The \fIflags\fP field is used to specify which of the other fields are set. The
+flag bits are:
+.sp
+  PCRE_EXTRA_CALLOUT_DATA
+  PCRE_EXTRA_EXECUTABLE_JIT
+  PCRE_EXTRA_MARK
+  PCRE_EXTRA_MATCH_LIMIT
+  PCRE_EXTRA_MATCH_LIMIT_RECURSION
+  PCRE_EXTRA_STUDY_DATA
+  PCRE_EXTRA_TABLES
+.sp
+Other flag bits should be set to zero. The \fIstudy_data\fP field and sometimes
+the \fIexecutable_jit\fP field are set in the \fBpcre_extra\fP block that is
+returned by \fBpcre_study()\fP, together with the appropriate flag bits. You
+should not set these yourself, but you may add to the block by setting other
+fields and their corresponding flag bits.
+.P
+The \fImatch_limit\fP field provides a means of preventing PCRE from using up a
+vast amount of resources when running patterns that are not going to match,
+but which have a very large number of possibilities in their search trees. The
+classic example is a pattern that uses nested unlimited repeats.
+.P
+Internally, \fBpcre_exec()\fP uses a function called \fBmatch()\fP, which it
+calls repeatedly (sometimes recursively). The limit set by \fImatch_limit\fP is
+imposed on the number of times this function is called during a match, which
+has the effect of limiting the amount of backtracking that can take place. For
+patterns that are not anchored, the count restarts from zero for each position
+in the subject string.
+.P
+When \fBpcre_exec()\fP is called with a pattern that was successfully studied
+with a JIT option, the way that the matching is executed is entirely different.
+However, there is still the possibility of runaway matching that goes on for a
+very long time, and so the \fImatch_limit\fP value is also used in this case
+(but in a different way) to limit how long the matching can continue.
+.P
+The default value for the limit can be set when PCRE is built; the default
+default is 10 million, which handles all but the most extreme cases. You can
+override the default by suppling \fBpcre_exec()\fP with a \fBpcre_extra\fP
+block in which \fImatch_limit\fP is set, and PCRE_EXTRA_MATCH_LIMIT is set in
+the \fIflags\fP field. If the limit is exceeded, \fBpcre_exec()\fP returns
+PCRE_ERROR_MATCHLIMIT.
+.P
+A value for the match limit may also be supplied by an item at the start of a
+pattern of the form
+.sp
+  (*LIMIT_MATCH=d)
+.sp
+where d is a decimal number. However, such a setting is ignored unless d is
+less than the limit set by the caller of \fBpcre_exec()\fP or, if no such limit
+is set, less than the default.
+.P
+The \fImatch_limit_recursion\fP field is similar to \fImatch_limit\fP, but
+instead of limiting the total number of times that \fBmatch()\fP is called, it
+limits the depth of recursion. The recursion depth is a smaller number than the
+total number of calls, because not all calls to \fBmatch()\fP are recursive.
+This limit is of use only if it is set smaller than \fImatch_limit\fP.
+.P
+Limiting the recursion depth limits the amount of machine stack that can be
+used, or, when PCRE has been compiled to use memory on the heap instead of the
+stack, the amount of heap memory that can be used. This limit is not relevant,
+and is ignored, when matching is done using JIT compiled code.
+.P
+The default value for \fImatch_limit_recursion\fP can be set when PCRE is
+built; the default default is the same value as the default for
+\fImatch_limit\fP. You can override the default by suppling \fBpcre_exec()\fP
+with a \fBpcre_extra\fP block in which \fImatch_limit_recursion\fP is set, and
+PCRE_EXTRA_MATCH_LIMIT_RECURSION is set in the \fIflags\fP field. If the limit
+is exceeded, \fBpcre_exec()\fP returns PCRE_ERROR_RECURSIONLIMIT.
+.P
+A value for the recursion limit may also be supplied by an item at the start of
+a pattern of the form
+.sp
+  (*LIMIT_RECURSION=d)
+.sp
+where d is a decimal number. However, such a setting is ignored unless d is
+less than the limit set by the caller of \fBpcre_exec()\fP or, if no such limit
+is set, less than the default.
+.P
+The \fIcallout_data\fP field is used in conjunction with the "callout" feature,
+and is described in the
+.\" HREF
+\fBpcrecallout\fP
+.\"
+documentation.
+.P
+The \fItables\fP field is provided for use with patterns that have been
+pre-compiled using custom character tables, saved to disc or elsewhere, and
+then reloaded, because the tables that were used to compile a pattern are not
+saved with it. See the
+.\" HREF
+\fBpcreprecompile\fP
+.\"
+documentation for a discussion of saving compiled patterns for later use. If
+NULL is passed using this mechanism, it forces PCRE's internal tables to be
+used.
+.P
+\fBWarning:\fP The tables that \fBpcre_exec()\fP uses must be the same as those
+that were used when the pattern was compiled. If this is not the case, the
+behaviour of \fBpcre_exec()\fP is undefined. Therefore, when a pattern is
+compiled and matched in the same process, this field should never be set. In
+this (the most common) case, the correct table pointer is automatically passed
+with the compiled pattern from \fBpcre_compile()\fP to \fBpcre_exec()\fP.
+.P
+If PCRE_EXTRA_MARK is set in the \fIflags\fP field, the \fImark\fP field must
+be set to point to a suitable variable. If the pattern contains any
+backtracking control verbs such as (*MARK:NAME), and the execution ends up with
+a name to pass back, a pointer to the name string (zero terminated) is placed
+in the variable pointed to by the \fImark\fP field. The names are within the
+compiled pattern; if you wish to retain such a name you must copy it before
+freeing the memory of a compiled pattern. If there is no name to pass back, the
+variable pointed to by the \fImark\fP field is set to NULL. For details of the
+backtracking control verbs, see the section entitled
+.\" HTML <a href="pcrepattern#backtrackcontrol">
+.\" </a>
+"Backtracking control"
+.\"
+in the
+.\" HREF
+\fBpcrepattern\fP
+.\"
+documentation.
+.
+.
+.\" HTML <a name="execoptions"></a>
+.SS "Option bits for \fBpcre_exec()\fP"
+.rs
+.sp
+The unused bits of the \fIoptions\fP argument for \fBpcre_exec()\fP must be
+zero. The only bits that may be set are PCRE_ANCHORED, PCRE_NEWLINE_\fIxxx\fP,
+PCRE_NOTBOL, PCRE_NOTEOL, PCRE_NOTEMPTY, PCRE_NOTEMPTY_ATSTART,
+PCRE_NO_START_OPTIMIZE, PCRE_NO_UTF8_CHECK, PCRE_PARTIAL_HARD, and
+PCRE_PARTIAL_SOFT.
+.P
+If the pattern was successfully studied with one of the just-in-time (JIT)
+compile options, the only supported options for JIT execution are
+PCRE_NO_UTF8_CHECK, PCRE_NOTBOL, PCRE_NOTEOL, PCRE_NOTEMPTY,
+PCRE_NOTEMPTY_ATSTART, PCRE_PARTIAL_HARD, and PCRE_PARTIAL_SOFT. If an
+unsupported option is used, JIT execution is disabled and the normal
+interpretive code in \fBpcre_exec()\fP is run.
+.sp
+  PCRE_ANCHORED
+.sp
+The PCRE_ANCHORED option limits \fBpcre_exec()\fP to matching at the first
+matching position. If a pattern was compiled with PCRE_ANCHORED, or turned out
+to be anchored by virtue of its contents, it cannot be made unachored at
+matching time.
+.sp
+  PCRE_BSR_ANYCRLF
+  PCRE_BSR_UNICODE
+.sp
+These options (which are mutually exclusive) control what the \eR escape
+sequence matches. The choice is either to match only CR, LF, or CRLF, or to
+match any Unicode newline sequence. These options override the choice that was
+made or defaulted when the pattern was compiled.
+.sp
+  PCRE_NEWLINE_CR
+  PCRE_NEWLINE_LF
+  PCRE_NEWLINE_CRLF
+  PCRE_NEWLINE_ANYCRLF
+  PCRE_NEWLINE_ANY
+.sp
+These options override the newline definition that was chosen or defaulted when
+the pattern was compiled. For details, see the description of
+\fBpcre_compile()\fP above. During matching, the newline choice affects the
+behaviour of the dot, circumflex, and dollar metacharacters. It may also alter
+the way the match position is advanced after a match failure for an unanchored
+pattern.
+.P
+When PCRE_NEWLINE_CRLF, PCRE_NEWLINE_ANYCRLF, or PCRE_NEWLINE_ANY is set, and a
+match attempt for an unanchored pattern fails when the current position is at a
+CRLF sequence, and the pattern contains no explicit matches for CR or LF
+characters, the match position is advanced by two characters instead of one, in
+other words, to after the CRLF.
+.P
+The above rule is a compromise that makes the most common cases work as
+expected. For example, if the pattern is .+A (and the PCRE_DOTALL option is not
+set), it does not match the string "\er\enA" because, after failing at the
+start, it skips both the CR and the LF before retrying. However, the pattern
+[\er\en]A does match that string, because it contains an explicit CR or LF
+reference, and so advances only by one character after the first failure.
+.P
+An explicit match for CR of LF is either a literal appearance of one of those
+characters, or one of the \er or \en escape sequences. Implicit matches such as
+[^X] do not count, nor does \es (which includes CR and LF in the characters
+that it matches).
+.P
+Notwithstanding the above, anomalous effects may still occur when CRLF is a
+valid newline sequence and explicit \er or \en escapes appear in the pattern.
+.sp
+  PCRE_NOTBOL
+.sp
+This option specifies that first character of the subject string is not the
+beginning of a line, so the circumflex metacharacter should not match before
+it. Setting this without PCRE_MULTILINE (at compile time) causes circumflex
+never to match. This option affects only the behaviour of the circumflex
+metacharacter. It does not affect \eA.
+.sp
+  PCRE_NOTEOL
+.sp
+This option specifies that the end of the subject string is not the end of a
+line, so the dollar metacharacter should not match it nor (except in multiline
+mode) a newline immediately before it. Setting this without PCRE_MULTILINE (at
+compile time) causes dollar never to match. This option affects only the
+behaviour of the dollar metacharacter. It does not affect \eZ or \ez.
+.sp
+  PCRE_NOTEMPTY
+.sp
+An empty string is not considered to be a valid match if this option is set. If
+there are alternatives in the pattern, they are tried. If all the alternatives
+match the empty string, the entire match fails. For example, if the pattern
+.sp
+  a?b?
+.sp
+is applied to a string not beginning with "a" or "b", it matches an empty
+string at the start of the subject. With PCRE_NOTEMPTY set, this match is not
+valid, so PCRE searches further into the string for occurrences of "a" or "b".
+.sp
+  PCRE_NOTEMPTY_ATSTART
+.sp
+This is like PCRE_NOTEMPTY, except that an empty string match that is not at
+the start of the subject is permitted. If the pattern is anchored, such a match
+can occur only if the pattern contains \eK.
+.P
+Perl has no direct equivalent of PCRE_NOTEMPTY or PCRE_NOTEMPTY_ATSTART, but it
+does make a special case of a pattern match of the empty string within its
+\fBsplit()\fP function, and when using the /g modifier. It is possible to
+emulate Perl's behaviour after matching a null string by first trying the match
+again at the same offset with PCRE_NOTEMPTY_ATSTART and PCRE_ANCHORED, and then
+if that fails, by advancing the starting offset (see below) and trying an
+ordinary match again. There is some code that demonstrates how to do this in
+the
+.\" HREF
+\fBpcredemo\fP
+.\"
+sample program. In the most general case, you have to check to see if the
+newline convention recognizes CRLF as a newline, and if so, and the current
+character is CR followed by LF, advance the starting offset by two characters
+instead of one.
+.sp
+  PCRE_NO_START_OPTIMIZE
+.sp
+There are a number of optimizations that \fBpcre_exec()\fP uses at the start of
+a match, in order to speed up the process. For example, if it is known that an
+unanchored match must start with a specific character, it searches the subject
+for that character, and fails immediately if it cannot find it, without
+actually running the main matching function. This means that a special item
+such as (*COMMIT) at the start of a pattern is not considered until after a
+suitable starting point for the match has been found. Also, when callouts or
+(*MARK) items are in use, these "start-up" optimizations can cause them to be
+skipped if the pattern is never actually used. The start-up optimizations are
+in effect a pre-scan of the subject that takes place before the pattern is run.
+.P
+The PCRE_NO_START_OPTIMIZE option disables the start-up optimizations, possibly
+causing performance to suffer, but ensuring that in cases where the result is
+"no match", the callouts do occur, and that items such as (*COMMIT) and (*MARK)
+are considered at every possible starting position in the subject string. If
+PCRE_NO_START_OPTIMIZE is set at compile time, it cannot be unset at matching
+time. The use of PCRE_NO_START_OPTIMIZE at matching time (that is, passing it
+to \fBpcre_exec()\fP) disables JIT execution; in this situation, matching is
+always done using interpretively.
+.P
+Setting PCRE_NO_START_OPTIMIZE can change the outcome of a matching operation.
+Consider the pattern
+.sp
+  (*COMMIT)ABC
+.sp
+When this is compiled, PCRE records the fact that a match must start with the
+character "A". Suppose the subject string is "DEFABC". The start-up
+optimization scans along the subject, finds "A" and runs the first match
+attempt from there. The (*COMMIT) item means that the pattern must match the
+current starting position, which in this case, it does. However, if the same
+match is run with PCRE_NO_START_OPTIMIZE set, the initial scan along the
+subject string does not happen. The first match attempt is run starting from
+"D" and when this fails, (*COMMIT) prevents any further matches being tried, so
+the overall result is "no match". If the pattern is studied, more start-up
+optimizations may be used. For example, a minimum length for the subject may be
+recorded. Consider the pattern
+.sp
+  (*MARK:A)(X|Y)
+.sp
+The minimum length for a match is one character. If the subject is "ABC", there
+will be attempts to match "ABC", "BC", "C", and then finally an empty string.
+If the pattern is studied, the final attempt does not take place, because PCRE
+knows that the subject is too short, and so the (*MARK) is never encountered.
+In this case, studying the pattern does not affect the overall match result,
+which is still "no match", but it does affect the auxiliary information that is
+returned.
+.sp
+  PCRE_NO_UTF8_CHECK
+.sp
+When PCRE_UTF8 is set at compile time, the validity of the subject as a UTF-8
+string is automatically checked when \fBpcre_exec()\fP is subsequently called.
+The entire string is checked before any other processing takes place. The value
+of \fIstartoffset\fP is also checked to ensure that it points to the start of a
+UTF-8 character. There is a discussion about the
+.\" HTML <a href="pcreunicode.html#utf8strings">
+.\" </a>
+validity of UTF-8 strings
+.\"
+in the
+.\" HREF
+\fBpcreunicode\fP
+.\"
+page. If an invalid sequence of bytes is found, \fBpcre_exec()\fP returns the
+error PCRE_ERROR_BADUTF8 or, if PCRE_PARTIAL_HARD is set and the problem is a
+truncated character at the end of the subject, PCRE_ERROR_SHORTUTF8. In both
+cases, information about the precise nature of the error may also be returned
+(see the descriptions of these errors in the section entitled \fIError return
+values from\fP \fBpcre_exec()\fP
+.\" HTML <a href="#errorlist">
+.\" </a>
+below).
+.\"
+If \fIstartoffset\fP contains a value that does not point to the start of a
+UTF-8 character (or to the end of the subject), PCRE_ERROR_BADUTF8_OFFSET is
+returned.
+.P
+If you already know that your subject is valid, and you want to skip these
+checks for performance reasons, you can set the PCRE_NO_UTF8_CHECK option when
+calling \fBpcre_exec()\fP. You might want to do this for the second and
+subsequent calls to \fBpcre_exec()\fP if you are making repeated calls to find
+all the matches in a single subject string. However, you should be sure that
+the value of \fIstartoffset\fP points to the start of a character (or the end
+of the subject). When PCRE_NO_UTF8_CHECK is set, the effect of passing an
+invalid string as a subject or an invalid value of \fIstartoffset\fP is
+undefined. Your program may crash or loop.
+.sp
+  PCRE_PARTIAL_HARD
+  PCRE_PARTIAL_SOFT
+.sp
+These options turn on the partial matching feature. For backwards
+compatibility, PCRE_PARTIAL is a synonym for PCRE_PARTIAL_SOFT. A partial match
+occurs if the end of the subject string is reached successfully, but there are
+not enough subject characters to complete the match. If this happens when
+PCRE_PARTIAL_SOFT (but not PCRE_PARTIAL_HARD) is set, matching continues by
+testing any remaining alternatives. Only if no complete match can be found is
+PCRE_ERROR_PARTIAL returned instead of PCRE_ERROR_NOMATCH. In other words,
+PCRE_PARTIAL_SOFT says that the caller is prepared to handle a partial match,
+but only if no complete match can be found.
+.P
+If PCRE_PARTIAL_HARD is set, it overrides PCRE_PARTIAL_SOFT. In this case, if a
+partial match is found, \fBpcre_exec()\fP immediately returns
+PCRE_ERROR_PARTIAL, without considering any other alternatives. In other words,
+when PCRE_PARTIAL_HARD is set, a partial match is considered to be more
+important that an alternative complete match.
+.P
+In both cases, the portion of the string that was inspected when the partial
+match was found is set as the first matching string. There is a more detailed
+discussion of partial and multi-segment matching, with examples, in the
+.\" HREF
+\fBpcrepartial\fP
+.\"
+documentation.
+.
+.
+.SS "The string to be matched by \fBpcre_exec()\fP"
+.rs
+.sp
+The subject string is passed to \fBpcre_exec()\fP as a pointer in
+\fIsubject\fP, a length in \fIlength\fP, and a starting offset in
+\fIstartoffset\fP. The units for \fIlength\fP and \fIstartoffset\fP are bytes
+for the 8-bit library, 16-bit data items for the 16-bit library, and 32-bit
+data items for the 32-bit library.
+.P
+If \fIstartoffset\fP is negative or greater than the length of the subject,
+\fBpcre_exec()\fP returns PCRE_ERROR_BADOFFSET. When the starting offset is
+zero, the search for a match starts at the beginning of the subject, and this
+is by far the most common case. In UTF-8 or UTF-16 mode, the offset must point
+to the start of a character, or the end of the subject (in UTF-32 mode, one
+data unit equals one character, so all offsets are valid). Unlike the pattern
+string, the subject may contain binary zeroes.
+.P
+A non-zero starting offset is useful when searching for another match in the
+same subject by calling \fBpcre_exec()\fP again after a previous success.
+Setting \fIstartoffset\fP differs from just passing over a shortened string and
+setting PCRE_NOTBOL in the case of a pattern that begins with any kind of
+lookbehind. For example, consider the pattern
+.sp
+  \eBiss\eB
+.sp
+which finds occurrences of "iss" in the middle of words. (\eB matches only if
+the current position in the subject is not a word boundary.) When applied to
+the string "Mississipi" the first call to \fBpcre_exec()\fP finds the first
+occurrence. If \fBpcre_exec()\fP is called again with just the remainder of the
+subject, namely "issipi", it does not match, because \eB is always false at the
+start of the subject, which is deemed to be a word boundary. However, if
+\fBpcre_exec()\fP is passed the entire string again, but with \fIstartoffset\fP
+set to 4, it finds the second occurrence of "iss" because it is able to look
+behind the starting point to discover that it is preceded by a letter.
+.P
+Finding all the matches in a subject is tricky when the pattern can match an
+empty string. It is possible to emulate Perl's /g behaviour by first trying the
+match again at the same offset, with the PCRE_NOTEMPTY_ATSTART and
+PCRE_ANCHORED options, and then if that fails, advancing the starting offset
+and trying an ordinary match again. There is some code that demonstrates how to
+do this in the
+.\" HREF
+\fBpcredemo\fP
+.\"
+sample program. In the most general case, you have to check to see if the
+newline convention recognizes CRLF as a newline, and if so, and the current
+character is CR followed by LF, advance the starting offset by two characters
+instead of one.
+.P
+If a non-zero starting offset is passed when the pattern is anchored, one
+attempt to match at the given offset is made. This can only succeed if the
+pattern does not require the match to be at the start of the subject.
+.
+.
+.SS "How \fBpcre_exec()\fP returns captured substrings"
+.rs
+.sp
+In general, a pattern matches a certain portion of the subject, and in
+addition, further substrings from the subject may be picked out by parts of the
+pattern. Following the usage in Jeffrey Friedl's book, this is called
+"capturing" in what follows, and the phrase "capturing subpattern" is used for
+a fragment of a pattern that picks out a substring. PCRE supports several other
+kinds of parenthesized subpattern that do not cause substrings to be captured.
+.P
+Captured substrings are returned to the caller via a vector of integers whose
+address is passed in \fIovector\fP. The number of elements in the vector is
+passed in \fIovecsize\fP, which must be a non-negative number. \fBNote\fP: this
+argument is NOT the size of \fIovector\fP in bytes.
+.P
+The first two-thirds of the vector is used to pass back captured substrings,
+each substring using a pair of integers. The remaining third of the vector is
+used as workspace by \fBpcre_exec()\fP while matching capturing subpatterns,
+and is not available for passing back information. The number passed in
+\fIovecsize\fP should always be a multiple of three. If it is not, it is
+rounded down.
+.P
+When a match is successful, information about captured substrings is returned
+in pairs of integers, starting at the beginning of \fIovector\fP, and
+continuing up to two-thirds of its length at the most. The first element of
+each pair is set to the offset of the first character in a substring, and the
+second is set to the offset of the first character after the end of a
+substring. These values are always data unit offsets, even in UTF mode. They
+are byte offsets in the 8-bit library, 16-bit data item offsets in the 16-bit
+library, and 32-bit data item offsets in the 32-bit library. \fBNote\fP: they
+are not character counts.
+.P
+The first pair of integers, \fIovector[0]\fP and \fIovector[1]\fP, identify the
+portion of the subject string matched by the entire pattern. The next pair is
+used for the first capturing subpattern, and so on. The value returned by
+\fBpcre_exec()\fP is one more than the highest numbered pair that has been set.
+For example, if two substrings have been captured, the returned value is 3. If
+there are no capturing subpatterns, the return value from a successful match is
+1, indicating that just the first pair of offsets has been set.
+.P
+If a capturing subpattern is matched repeatedly, it is the last portion of the
+string that it matched that is returned.
+.P
+If the vector is too small to hold all the captured substring offsets, it is
+used as far as possible (up to two-thirds of its length), and the function
+returns a value of zero. If neither the actual string matched nor any captured
+substrings are of interest, \fBpcre_exec()\fP may be called with \fIovector\fP
+passed as NULL and \fIovecsize\fP as zero. However, if the pattern contains
+back references and the \fIovector\fP is not big enough to remember the related
+substrings, PCRE has to get additional memory for use during matching. Thus it
+is usually advisable to supply an \fIovector\fP of reasonable size.
+.P
+There are some cases where zero is returned (indicating vector overflow) when
+in fact the vector is exactly the right size for the final match. For example,
+consider the pattern
+.sp
+  (a)(?:(b)c|bd)
+.sp
+If a vector of 6 elements (allowing for only 1 captured substring) is given
+with subject string "abd", \fBpcre_exec()\fP will try to set the second
+captured string, thereby recording a vector overflow, before failing to match
+"c" and backing up to try the second alternative. The zero return, however,
+does correctly indicate that the maximum number of slots (namely 2) have been
+filled. In similar cases where there is temporary overflow, but the final
+number of used slots is actually less than the maximum, a non-zero value is
+returned.
+.P
+The \fBpcre_fullinfo()\fP function can be used to find out how many capturing
+subpatterns there are in a compiled pattern. The smallest size for
+\fIovector\fP that will allow for \fIn\fP captured substrings, in addition to
+the offsets of the substring matched by the whole pattern, is (\fIn\fP+1)*3.
+.P
+It is possible for capturing subpattern number \fIn+1\fP to match some part of
+the subject when subpattern \fIn\fP has not been used at all. For example, if
+the string "abc" is matched against the pattern (a|(z))(bc) the return from the
+function is 4, and subpatterns 1 and 3 are matched, but 2 is not. When this
+happens, both values in the offset pairs corresponding to unused subpatterns
+are set to -1.
+.P
+Offset values that correspond to unused subpatterns at the end of the
+expression are also set to -1. For example, if the string "abc" is matched
+against the pattern (abc)(x(yz)?)? subpatterns 2 and 3 are not matched. The
+return from the function is 2, because the highest used capturing subpattern
+number is 1, and the offsets for for the second and third capturing subpatterns
+(assuming the vector is large enough, of course) are set to -1.
+.P
+\fBNote\fP: Elements in the first two-thirds of \fIovector\fP that do not
+correspond to capturing parentheses in the pattern are never changed. That is,
+if a pattern contains \fIn\fP capturing parentheses, no more than
+\fIovector[0]\fP to \fIovector[2n+1]\fP are set by \fBpcre_exec()\fP. The other
+elements (in the first two-thirds) retain whatever values they previously had.
+.P
+Some convenience functions are provided for extracting the captured substrings
+as separate strings. These are described below.
+.
+.
+.\" HTML <a name="errorlist"></a>
+.SS "Error return values from \fBpcre_exec()\fP"
+.rs
+.sp
+If \fBpcre_exec()\fP fails, it returns a negative number. The following are
+defined in the header file:
+.sp
+  PCRE_ERROR_NOMATCH        (-1)
+.sp
+The subject string did not match the pattern.
+.sp
+  PCRE_ERROR_NULL           (-2)
+.sp
+Either \fIcode\fP or \fIsubject\fP was passed as NULL, or \fIovector\fP was
+NULL and \fIovecsize\fP was not zero.
+.sp
+  PCRE_ERROR_BADOPTION      (-3)
+.sp
+An unrecognized bit was set in the \fIoptions\fP argument.
+.sp
+  PCRE_ERROR_BADMAGIC       (-4)
+.sp
+PCRE stores a 4-byte "magic number" at the start of the compiled code, to catch
+the case when it is passed a junk pointer and to detect when a pattern that was
+compiled in an environment of one endianness is run in an environment with the
+other endianness. This is the error that PCRE gives when the magic number is
+not present.
+.sp
+  PCRE_ERROR_UNKNOWN_OPCODE (-5)
+.sp
+While running the pattern match, an unknown item was encountered in the
+compiled pattern. This error could be caused by a bug in PCRE or by overwriting
+of the compiled pattern.
+.sp
+  PCRE_ERROR_NOMEMORY       (-6)
+.sp
+If a pattern contains back references, but the \fIovector\fP that is passed to
+\fBpcre_exec()\fP is not big enough to remember the referenced substrings, PCRE
+gets a block of memory at the start of matching to use for this purpose. If the
+call via \fBpcre_malloc()\fP fails, this error is given. The memory is
+automatically freed at the end of matching.
+.P
+This error is also given if \fBpcre_stack_malloc()\fP fails in
+\fBpcre_exec()\fP. This can happen only when PCRE has been compiled with
+\fB--disable-stack-for-recursion\fP.
+.sp
+  PCRE_ERROR_NOSUBSTRING    (-7)
+.sp
+This error is used by the \fBpcre_copy_substring()\fP,
+\fBpcre_get_substring()\fP, and \fBpcre_get_substring_list()\fP functions (see
+below). It is never returned by \fBpcre_exec()\fP.
+.sp
+  PCRE_ERROR_MATCHLIMIT     (-8)
+.sp
+The backtracking limit, as specified by the \fImatch_limit\fP field in a
+\fBpcre_extra\fP structure (or defaulted) was reached. See the description
+above.
+.sp
+  PCRE_ERROR_CALLOUT        (-9)
+.sp
+This error is never generated by \fBpcre_exec()\fP itself. It is provided for
+use by callout functions that want to yield a distinctive error code. See the
+.\" HREF
+\fBpcrecallout\fP
+.\"
+documentation for details.
+.sp
+  PCRE_ERROR_BADUTF8        (-10)
+.sp
+A string that contains an invalid UTF-8 byte sequence was passed as a subject,
+and the PCRE_NO_UTF8_CHECK option was not set. If the size of the output vector
+(\fIovecsize\fP) is at least 2, the byte offset to the start of the the invalid
+UTF-8 character is placed in the first element, and a reason code is placed in
+the second element. The reason codes are listed in the
+.\" HTML <a href="#badutf8reasons">
+.\" </a>
+following section.
+.\"
+For backward compatibility, if PCRE_PARTIAL_HARD is set and the problem is a
+truncated UTF-8 character at the end of the subject (reason codes 1 to 5),
+PCRE_ERROR_SHORTUTF8 is returned instead of PCRE_ERROR_BADUTF8.
+.sp
+  PCRE_ERROR_BADUTF8_OFFSET (-11)
+.sp
+The UTF-8 byte sequence that was passed as a subject was checked and found to
+be valid (the PCRE_NO_UTF8_CHECK option was not set), but the value of
+\fIstartoffset\fP did not point to the beginning of a UTF-8 character or the
+end of the subject.
+.sp
+  PCRE_ERROR_PARTIAL        (-12)
+.sp
+The subject string did not match, but it did match partially. See the
+.\" HREF
+\fBpcrepartial\fP
+.\"
+documentation for details of partial matching.
+.sp
+  PCRE_ERROR_BADPARTIAL     (-13)
+.sp
+This code is no longer in use. It was formerly returned when the PCRE_PARTIAL
+option was used with a compiled pattern containing items that were not
+supported for partial matching. From release 8.00 onwards, there are no
+restrictions on partial matching.
+.sp
+  PCRE_ERROR_INTERNAL       (-14)
+.sp
+An unexpected internal error has occurred. This error could be caused by a bug
+in PCRE or by overwriting of the compiled pattern.
+.sp
+  PCRE_ERROR_BADCOUNT       (-15)
+.sp
+This error is given if the value of the \fIovecsize\fP argument is negative.
+.sp
+  PCRE_ERROR_RECURSIONLIMIT (-21)
+.sp
+The internal recursion limit, as specified by the \fImatch_limit_recursion\fP
+field in a \fBpcre_extra\fP structure (or defaulted) was reached. See the
+description above.
+.sp
+  PCRE_ERROR_BADNEWLINE     (-23)
+.sp
+An invalid combination of PCRE_NEWLINE_\fIxxx\fP options was given.
+.sp
+  PCRE_ERROR_BADOFFSET      (-24)
+.sp
+The value of \fIstartoffset\fP was negative or greater than the length of the
+subject, that is, the value in \fIlength\fP.
+.sp
+  PCRE_ERROR_SHORTUTF8      (-25)
+.sp
+This error is returned instead of PCRE_ERROR_BADUTF8 when the subject string
+ends with a truncated UTF-8 character and the PCRE_PARTIAL_HARD option is set.
+Information about the failure is returned as for PCRE_ERROR_BADUTF8. It is in
+fact sufficient to detect this case, but this special error code for
+PCRE_PARTIAL_HARD precedes the implementation of returned information; it is
+retained for backwards compatibility.
+.sp
+  PCRE_ERROR_RECURSELOOP    (-26)
+.sp
+This error is returned when \fBpcre_exec()\fP detects a recursion loop within
+the pattern. Specifically, it means that either the whole pattern or a
+subpattern has been called recursively for the second time at the same position
+in the subject string. Some simple patterns that might do this are detected and
+faulted at compile time, but more complicated cases, in particular mutual
+recursions between two different subpatterns, cannot be detected until run
+time.
+.sp
+  PCRE_ERROR_JIT_STACKLIMIT (-27)
+.sp
+This error is returned when a pattern that was successfully studied using a
+JIT compile option is being matched, but the memory available for the
+just-in-time processing stack is not large enough. See the
+.\" HREF
+\fBpcrejit\fP
+.\"
+documentation for more details.
+.sp
+  PCRE_ERROR_BADMODE        (-28)
+.sp
+This error is given if a pattern that was compiled by the 8-bit library is
+passed to a 16-bit or 32-bit library function, or vice versa.
+.sp
+  PCRE_ERROR_BADENDIANNESS  (-29)
+.sp
+This error is given if a pattern that was compiled and saved is reloaded on a
+host with different endianness. The utility function
+\fBpcre_pattern_to_host_byte_order()\fP can be used to convert such a pattern
+so that it runs on the new host.
+.sp
+  PCRE_ERROR_JIT_BADOPTION
+.sp
+This error is returned when a pattern that was successfully studied using a JIT
+compile option is being matched, but the matching mode (partial or complete
+match) does not correspond to any JIT compilation mode. When the JIT fast path
+function is used, this error may be also given for invalid options. See the
+.\" HREF
+\fBpcrejit\fP
+.\"
+documentation for more details.
+.sp
+  PCRE_ERROR_BADLENGTH      (-32)
+.sp
+This error is given if \fBpcre_exec()\fP is called with a negative value for
+the \fIlength\fP argument.
+.P
+Error numbers -16 to -20, -22, and 30 are not used by \fBpcre_exec()\fP.
+.
+.
+.\" HTML <a name="badutf8reasons"></a>
+.SS "Reason codes for invalid UTF-8 strings"
+.rs
+.sp
+This section applies only to the 8-bit library. The corresponding information
+for the 16-bit and 32-bit libraries is given in the
+.\" HREF
+\fBpcre16\fP
+.\"
+and
+.\" HREF
+\fBpcre32\fP
+.\"
+pages.
+.P
+When \fBpcre_exec()\fP returns either PCRE_ERROR_BADUTF8 or
+PCRE_ERROR_SHORTUTF8, and the size of the output vector (\fIovecsize\fP) is at
+least 2, the offset of the start of the invalid UTF-8 character is placed in
+the first output vector element (\fIovector[0]\fP) and a reason code is placed
+in the second element (\fIovector[1]\fP). The reason codes are given names in
+the \fBpcre.h\fP header file:
+.sp
+  PCRE_UTF8_ERR1
+  PCRE_UTF8_ERR2
+  PCRE_UTF8_ERR3
+  PCRE_UTF8_ERR4
+  PCRE_UTF8_ERR5
+.sp
+The string ends with a truncated UTF-8 character; the code specifies how many
+bytes are missing (1 to 5). Although RFC 3629 restricts UTF-8 characters to be
+no longer than 4 bytes, the encoding scheme (originally defined by RFC 2279)
+allows for up to 6 bytes, and this is checked first; hence the possibility of
+4 or 5 missing bytes.
+.sp
+  PCRE_UTF8_ERR6
+  PCRE_UTF8_ERR7
+  PCRE_UTF8_ERR8
+  PCRE_UTF8_ERR9
+  PCRE_UTF8_ERR10
+.sp
+The two most significant bits of the 2nd, 3rd, 4th, 5th, or 6th byte of the
+character do not have the binary value 0b10 (that is, either the most
+significant bit is 0, or the next bit is 1).
+.sp
+  PCRE_UTF8_ERR11
+  PCRE_UTF8_ERR12
+.sp
+A character that is valid by the RFC 2279 rules is either 5 or 6 bytes long;
+these code points are excluded by RFC 3629.
+.sp
+  PCRE_UTF8_ERR13
+.sp
+A 4-byte character has a value greater than 0x10fff; these code points are
+excluded by RFC 3629.
+.sp
+  PCRE_UTF8_ERR14
+.sp
+A 3-byte character has a value in the range 0xd800 to 0xdfff; this range of
+code points are reserved by RFC 3629 for use with UTF-16, and so are excluded
+from UTF-8.
+.sp
+  PCRE_UTF8_ERR15
+  PCRE_UTF8_ERR16
+  PCRE_UTF8_ERR17
+  PCRE_UTF8_ERR18
+  PCRE_UTF8_ERR19
+.sp
+A 2-, 3-, 4-, 5-, or 6-byte character is "overlong", that is, it codes for a
+value that can be represented by fewer bytes, which is invalid. For example,
+the two bytes 0xc0, 0xae give the value 0x2e, whose correct coding uses just
+one byte.
+.sp
+  PCRE_UTF8_ERR20
+.sp
+The two most significant bits of the first byte of a character have the binary
+value 0b10 (that is, the most significant bit is 1 and the second is 0). Such a
+byte can only validly occur as the second or subsequent byte of a multi-byte
+character.
+.sp
+  PCRE_UTF8_ERR21
+.sp
+The first byte of a character has the value 0xfe or 0xff. These values can
+never occur in a valid UTF-8 string.
+.sp
+  PCRE_UTF8_ERR22
+.sp
+This error code was formerly used when the presence of a so-called
+"non-character" caused an error. Unicode corrigendum #9 makes it clear that
+such characters should not cause a string to be rejected, and so this code is
+no longer in use and is never returned.
+.
+.
+.SH "EXTRACTING CAPTURED SUBSTRINGS BY NUMBER"
+.rs
+.sp
+.nf
+.B int pcre_copy_substring(const char *\fIsubject\fP, int *\fIovector\fP,
+.B "     int \fIstringcount\fP, int \fIstringnumber\fP, char *\fIbuffer\fP,"
+.B "     int \fIbuffersize\fP);"
+.sp
+.B int pcre_get_substring(const char *\fIsubject\fP, int *\fIovector\fP,
+.B "     int \fIstringcount\fP, int \fIstringnumber\fP,"
+.B "     const char **\fIstringptr\fP);"
+.sp
+.B int pcre_get_substring_list(const char *\fIsubject\fP,
+.B "     int *\fIovector\fP, int \fIstringcount\fP, const char ***\fIlistptr\fP);"
+.fi
+.PP
+Captured substrings can be accessed directly by using the offsets returned by
+\fBpcre_exec()\fP in \fIovector\fP. For convenience, the functions
+\fBpcre_copy_substring()\fP, \fBpcre_get_substring()\fP, and
+\fBpcre_get_substring_list()\fP are provided for extracting captured substrings
+as new, separate, zero-terminated strings. These functions identify substrings
+by number. The next section describes functions for extracting named
+substrings.
+.P
+A substring that contains a binary zero is correctly extracted and has a
+further zero added on the end, but the result is not, of course, a C string.
+However, you can process such a string by referring to the length that is
+returned by \fBpcre_copy_substring()\fP and \fBpcre_get_substring()\fP.
+Unfortunately, the interface to \fBpcre_get_substring_list()\fP is not adequate
+for handling strings containing binary zeros, because the end of the final
+string is not independently indicated.
+.P
+The first three arguments are the same for all three of these functions:
+\fIsubject\fP is the subject string that has just been successfully matched,
+\fIovector\fP is a pointer to the vector of integer offsets that was passed to
+\fBpcre_exec()\fP, and \fIstringcount\fP is the number of substrings that were
+captured by the match, including the substring that matched the entire regular
+expression. This is the value returned by \fBpcre_exec()\fP if it is greater
+than zero. If \fBpcre_exec()\fP returned zero, indicating that it ran out of
+space in \fIovector\fP, the value passed as \fIstringcount\fP should be the
+number of elements in the vector divided by three.
+.P
+The functions \fBpcre_copy_substring()\fP and \fBpcre_get_substring()\fP
+extract a single substring, whose number is given as \fIstringnumber\fP. A
+value of zero extracts the substring that matched the entire pattern, whereas
+higher values extract the captured substrings. For \fBpcre_copy_substring()\fP,
+the string is placed in \fIbuffer\fP, whose length is given by
+\fIbuffersize\fP, while for \fBpcre_get_substring()\fP a new block of memory is
+obtained via \fBpcre_malloc\fP, and its address is returned via
+\fIstringptr\fP. The yield of the function is the length of the string, not
+including the terminating zero, or one of these error codes:
+.sp
+  PCRE_ERROR_NOMEMORY       (-6)
+.sp
+The buffer was too small for \fBpcre_copy_substring()\fP, or the attempt to get
+memory failed for \fBpcre_get_substring()\fP.
+.sp
+  PCRE_ERROR_NOSUBSTRING    (-7)
+.sp
+There is no substring whose number is \fIstringnumber\fP.
+.P
+The \fBpcre_get_substring_list()\fP function extracts all available substrings
+and builds a list of pointers to them. All this is done in a single block of
+memory that is obtained via \fBpcre_malloc\fP. The address of the memory block
+is returned via \fIlistptr\fP, which is also the start of the list of string
+pointers. The end of the list is marked by a NULL pointer. The yield of the
+function is zero if all went well, or the error code
+.sp
+  PCRE_ERROR_NOMEMORY       (-6)
+.sp
+if the attempt to get the memory block failed.
+.P
+When any of these functions encounter a substring that is unset, which can
+happen when capturing subpattern number \fIn+1\fP matches some part of the
+subject, but subpattern \fIn\fP has not been used at all, they return an empty
+string. This can be distinguished from a genuine zero-length substring by
+inspecting the appropriate offset in \fIovector\fP, which is negative for unset
+substrings.
+.P
+The two convenience functions \fBpcre_free_substring()\fP and
+\fBpcre_free_substring_list()\fP can be used to free the memory returned by
+a previous call of \fBpcre_get_substring()\fP or
+\fBpcre_get_substring_list()\fP, respectively. They do nothing more than call
+the function pointed to by \fBpcre_free\fP, which of course could be called
+directly from a C program. However, PCRE is used in some situations where it is
+linked via a special interface to another programming language that cannot use
+\fBpcre_free\fP directly; it is for these cases that the functions are
+provided.
+.
+.
+.SH "EXTRACTING CAPTURED SUBSTRINGS BY NAME"
+.rs
+.sp
+.nf
+.B int pcre_get_stringnumber(const pcre *\fIcode\fP,
+.B "     const char *\fIname\fP);"
+.sp
+.B int pcre_copy_named_substring(const pcre *\fIcode\fP,
+.B "     const char *\fIsubject\fP, int *\fIovector\fP,"
+.B "     int \fIstringcount\fP, const char *\fIstringname\fP,"
+.B "     char *\fIbuffer\fP, int \fIbuffersize\fP);"
+.sp
+.B int pcre_get_named_substring(const pcre *\fIcode\fP,
+.B "     const char *\fIsubject\fP, int *\fIovector\fP,"
+.B "     int \fIstringcount\fP, const char *\fIstringname\fP,"
+.B "     const char **\fIstringptr\fP);"
+.fi
+.PP
+To extract a substring by name, you first have to find associated number.
+For example, for this pattern
+.sp
+  (a+)b(?<xxx>\ed+)...
+.sp
+the number of the subpattern called "xxx" is 2. If the name is known to be
+unique (PCRE_DUPNAMES was not set), you can find the number from the name by
+calling \fBpcre_get_stringnumber()\fP. The first argument is the compiled
+pattern, and the second is the name. The yield of the function is the
+subpattern number, or PCRE_ERROR_NOSUBSTRING (-7) if there is no subpattern of
+that name.
+.P
+Given the number, you can extract the substring directly, or use one of the
+functions described in the previous section. For convenience, there are also
+two functions that do the whole job.
+.P
+Most of the arguments of \fBpcre_copy_named_substring()\fP and
+\fBpcre_get_named_substring()\fP are the same as those for the similarly named
+functions that extract by number. As these are described in the previous
+section, they are not re-described here. There are just two differences:
+.P
+First, instead of a substring number, a substring name is given. Second, there
+is an extra argument, given at the start, which is a pointer to the compiled
+pattern. This is needed in order to gain access to the name-to-number
+translation table.
+.P
+These functions call \fBpcre_get_stringnumber()\fP, and if it succeeds, they
+then call \fBpcre_copy_substring()\fP or \fBpcre_get_substring()\fP, as
+appropriate. \fBNOTE:\fP If PCRE_DUPNAMES is set and there are duplicate names,
+the behaviour may not be what you want (see the next section).
+.P
+\fBWarning:\fP If the pattern uses the (?| feature to set up multiple
+subpatterns with the same number, as described in the
+.\" HTML <a href="pcrepattern.html#dupsubpatternnumber">
+.\" </a>
+section on duplicate subpattern numbers
+.\"
+in the
+.\" HREF
+\fBpcrepattern\fP
+.\"
+page, you cannot use names to distinguish the different subpatterns, because
+names are not included in the compiled code. The matching process uses only
+numbers. For this reason, the use of different names for subpatterns of the
+same number causes an error at compile time.
+.
+.
+.SH "DUPLICATE SUBPATTERN NAMES"
+.rs
+.sp
+.nf
+.B int pcre_get_stringtable_entries(const pcre *\fIcode\fP,
+.B "     const char *\fIname\fP, char **\fIfirst\fP, char **\fIlast\fP);"
+.fi
+.PP
+When a pattern is compiled with the PCRE_DUPNAMES option, names for subpatterns
+are not required to be unique. (Duplicate names are always allowed for
+subpatterns with the same number, created by using the (?| feature. Indeed, if
+such subpatterns are named, they are required to use the same names.)
+.P
+Normally, patterns with duplicate names are such that in any one match, only
+one of the named subpatterns participates. An example is shown in the
+.\" HREF
+\fBpcrepattern\fP
+.\"
+documentation.
+.P
+When duplicates are present, \fBpcre_copy_named_substring()\fP and
+\fBpcre_get_named_substring()\fP return the first substring corresponding to
+the given name that is set. If none are set, PCRE_ERROR_NOSUBSTRING (-7) is
+returned; no data is returned. The \fBpcre_get_stringnumber()\fP function
+returns one of the numbers that are associated with the name, but it is not
+defined which it is.
+.P
+If you want to get full details of all captured substrings for a given name,
+you must use the \fBpcre_get_stringtable_entries()\fP function. The first
+argument is the compiled pattern, and the second is the name. The third and
+fourth are pointers to variables which are updated by the function. After it
+has run, they point to the first and last entries in the name-to-number table
+for the given name. The function itself returns the length of each entry, or
+PCRE_ERROR_NOSUBSTRING (-7) if there are none. The format of the table is
+described above in the section entitled \fIInformation about a pattern\fP
+.\" HTML <a href="#infoaboutpattern">
+.\" </a>
+above.
+.\"
+Given all the relevant entries for the name, you can extract each of their
+numbers, and hence the captured data, if any.
+.
+.
+.SH "FINDING ALL POSSIBLE MATCHES"
+.rs
+.sp
+The traditional matching function uses a similar algorithm to Perl, which stops
+when it finds the first match, starting at a given point in the subject. If you
+want to find all possible matches, or the longest possible match, consider
+using the alternative matching function (see below) instead. If you cannot use
+the alternative function, but still need to find all possible matches, you
+can kludge it up by making use of the callout facility, which is described in
+the
+.\" HREF
+\fBpcrecallout\fP
+.\"
+documentation.
+.P
+What you have to do is to insert a callout right at the end of the pattern.
+When your callout function is called, extract and save the current matched
+substring. Then return 1, which forces \fBpcre_exec()\fP to backtrack and try
+other alternatives. Ultimately, when it runs out of matches, \fBpcre_exec()\fP
+will yield PCRE_ERROR_NOMATCH.
+.
+.
+.SH "OBTAINING AN ESTIMATE OF STACK USAGE"
+.rs
+.sp
+Matching certain patterns using \fBpcre_exec()\fP can use a lot of process
+stack, which in certain environments can be rather limited in size. Some users
+find it helpful to have an estimate of the amount of stack that is used by
+\fBpcre_exec()\fP, to help them set recursion limits, as described in the
+.\" HREF
+\fBpcrestack\fP
+.\"
+documentation. The estimate that is output by \fBpcretest\fP when called with
+the \fB-m\fP and \fB-C\fP options is obtained by calling \fBpcre_exec\fP with
+the values NULL, NULL, NULL, -999, and -999 for its first five arguments.
+.P
+Normally, if its first argument is NULL, \fBpcre_exec()\fP immediately returns
+the negative error code PCRE_ERROR_NULL, but with this special combination of
+arguments, it returns instead a negative number whose absolute value is the
+approximate stack frame size in bytes. (A negative number is used so that it is
+clear that no match has happened.) The value is approximate because in some
+cases, recursive calls to \fBpcre_exec()\fP occur when there are one or two
+additional variables on the stack.
+.P
+If PCRE has been compiled to use the heap instead of the stack for recursion,
+the value returned is the size of each block that is obtained from the heap.
+.
+.
+.\" HTML <a name="dfamatch"></a>
+.SH "MATCHING A PATTERN: THE ALTERNATIVE FUNCTION"
+.rs
+.sp
+.nf
+.B int pcre_dfa_exec(const pcre *\fIcode\fP, "const pcre_extra *\fIextra\fP,"
+.B "     const char *\fIsubject\fP, int \fIlength\fP, int \fIstartoffset\fP,"
+.B "     int \fIoptions\fP, int *\fIovector\fP, int \fIovecsize\fP,"
+.B "     int *\fIworkspace\fP, int \fIwscount\fP);"
+.fi
+.P
+The function \fBpcre_dfa_exec()\fP is called to match a subject string against
+a compiled pattern, using a matching algorithm that scans the subject string
+just once, and does not backtrack. This has different characteristics to the
+normal algorithm, and is not compatible with Perl. Some of the features of PCRE
+patterns are not supported. Nevertheless, there are times when this kind of
+matching can be useful. For a discussion of the two matching algorithms, and a
+list of features that \fBpcre_dfa_exec()\fP does not support, see the
+.\" HREF
+\fBpcrematching\fP
+.\"
+documentation.
+.P
+The arguments for the \fBpcre_dfa_exec()\fP function are the same as for
+\fBpcre_exec()\fP, plus two extras. The \fIovector\fP argument is used in a
+different way, and this is described below. The other common arguments are used
+in the same way as for \fBpcre_exec()\fP, so their description is not repeated
+here.
+.P
+The two additional arguments provide workspace for the function. The workspace
+vector should contain at least 20 elements. It is used for keeping track of
+multiple paths through the pattern tree. More workspace will be needed for
+patterns and subjects where there are a lot of potential matches.
+.P
+Here is an example of a simple call to \fBpcre_dfa_exec()\fP:
+.sp
+  int rc;
+  int ovector[10];
+  int wspace[20];
+  rc = pcre_dfa_exec(
+    re,             /* result of pcre_compile() */
+    NULL,           /* we didn't study the pattern */
+    "some string",  /* the subject string */
+    11,             /* the length of the subject string */
+    0,              /* start at offset 0 in the subject */
+    0,              /* default options */
+    ovector,        /* vector of integers for substring information */
+    10,             /* number of elements (NOT size in bytes) */
+    wspace,         /* working space vector */
+    20);            /* number of elements (NOT size in bytes) */
+.
+.SS "Option bits for \fBpcre_dfa_exec()\fP"
+.rs
+.sp
+The unused bits of the \fIoptions\fP argument for \fBpcre_dfa_exec()\fP must be
+zero. The only bits that may be set are PCRE_ANCHORED, PCRE_NEWLINE_\fIxxx\fP,
+PCRE_NOTBOL, PCRE_NOTEOL, PCRE_NOTEMPTY, PCRE_NOTEMPTY_ATSTART,
+PCRE_NO_UTF8_CHECK, PCRE_BSR_ANYCRLF, PCRE_BSR_UNICODE, PCRE_NO_START_OPTIMIZE,
+PCRE_PARTIAL_HARD, PCRE_PARTIAL_SOFT, PCRE_DFA_SHORTEST, and PCRE_DFA_RESTART.
+All but the last four of these are exactly the same as for \fBpcre_exec()\fP,
+so their description is not repeated here.
+.sp
+  PCRE_PARTIAL_HARD
+  PCRE_PARTIAL_SOFT
+.sp
+These have the same general effect as they do for \fBpcre_exec()\fP, but the
+details are slightly different. When PCRE_PARTIAL_HARD is set for
+\fBpcre_dfa_exec()\fP, it returns PCRE_ERROR_PARTIAL if the end of the subject
+is reached and there is still at least one matching possibility that requires
+additional characters. This happens even if some complete matches have also
+been found. When PCRE_PARTIAL_SOFT is set, the return code PCRE_ERROR_NOMATCH
+is converted into PCRE_ERROR_PARTIAL if the end of the subject is reached,
+there have been no complete matches, but there is still at least one matching
+possibility. The portion of the string that was inspected when the longest
+partial match was found is set as the first matching string in both cases.
+There is a more detailed discussion of partial and multi-segment matching, with
+examples, in the
+.\" HREF
+\fBpcrepartial\fP
+.\"
+documentation.
+.sp
+  PCRE_DFA_SHORTEST
+.sp
+Setting the PCRE_DFA_SHORTEST option causes the matching algorithm to stop as
+soon as it has found one match. Because of the way the alternative algorithm
+works, this is necessarily the shortest possible match at the first possible
+matching point in the subject string.
+.sp
+  PCRE_DFA_RESTART
+.sp
+When \fBpcre_dfa_exec()\fP returns a partial match, it is possible to call it
+again, with additional subject characters, and have it continue with the same
+match. The PCRE_DFA_RESTART option requests this action; when it is set, the
+\fIworkspace\fP and \fIwscount\fP options must reference the same vector as
+before because data about the match so far is left in them after a partial
+match. There is more discussion of this facility in the
+.\" HREF
+\fBpcrepartial\fP
+.\"
+documentation.
+.
+.
+.SS "Successful returns from \fBpcre_dfa_exec()\fP"
+.rs
+.sp
+When \fBpcre_dfa_exec()\fP succeeds, it may have matched more than one
+substring in the subject. Note, however, that all the matches from one run of
+the function start at the same point in the subject. The shorter matches are
+all initial substrings of the longer matches. For example, if the pattern
+.sp
+  <.*>
+.sp
+is matched against the string
+.sp
+  This is <something> <something else> <something further> no more
+.sp
+the three matched strings are
+.sp
+  <something>
+  <something> <something else>
+  <something> <something else> <something further>
+.sp
+On success, the yield of the function is a number greater than zero, which is
+the number of matched substrings. The substrings themselves are returned in
+\fIovector\fP. Each string uses two elements; the first is the offset to the
+start, and the second is the offset to the end. In fact, all the strings have
+the same start offset. (Space could have been saved by giving this only once,
+but it was decided to retain some compatibility with the way \fBpcre_exec()\fP
+returns data, even though the meaning of the strings is different.)
+.P
+The strings are returned in reverse order of length; that is, the longest
+matching string is given first. If there were too many matches to fit into
+\fIovector\fP, the yield of the function is zero, and the vector is filled with
+the longest matches. Unlike \fBpcre_exec()\fP, \fBpcre_dfa_exec()\fP can use
+the entire \fIovector\fP for returning matched strings.
+.P
+NOTE: PCRE's "auto-possessification" optimization usually applies to character
+repeats at the end of a pattern (as well as internally). For example, the
+pattern "a\ed+" is compiled as if it were "a\ed++" because there is no point
+even considering the possibility of backtracking into the repeated digits. For
+DFA matching, this means that only one possible match is found. If you really
+do want multiple matches in such cases, either use an ungreedy repeat
+("a\ed+?") or set the PCRE_NO_AUTO_POSSESS option when compiling.
+.
+.
+.SS "Error returns from \fBpcre_dfa_exec()\fP"
+.rs
+.sp
+The \fBpcre_dfa_exec()\fP function returns a negative number when it fails.
+Many of the errors are the same as for \fBpcre_exec()\fP, and these are
+described
+.\" HTML <a href="#errorlist">
+.\" </a>
+above.
+.\"
+There are in addition the following errors that are specific to
+\fBpcre_dfa_exec()\fP:
+.sp
+  PCRE_ERROR_DFA_UITEM      (-16)
+.sp
+This return is given if \fBpcre_dfa_exec()\fP encounters an item in the pattern
+that it does not support, for instance, the use of \eC or a back reference.
+.sp
+  PCRE_ERROR_DFA_UCOND      (-17)
+.sp
+This return is given if \fBpcre_dfa_exec()\fP encounters a condition item that
+uses a back reference for the condition, or a test for recursion in a specific
+group. These are not supported.
+.sp
+  PCRE_ERROR_DFA_UMLIMIT    (-18)
+.sp
+This return is given if \fBpcre_dfa_exec()\fP is called with an \fIextra\fP
+block that contains a setting of the \fImatch_limit\fP or
+\fImatch_limit_recursion\fP fields. This is not supported (these fields are
+meaningless for DFA matching).
+.sp
+  PCRE_ERROR_DFA_WSSIZE     (-19)
+.sp
+This return is given if \fBpcre_dfa_exec()\fP runs out of space in the
+\fIworkspace\fP vector.
+.sp
+  PCRE_ERROR_DFA_RECURSE    (-20)
+.sp
+When a recursive subpattern is processed, the matching function calls itself
+recursively, using private vectors for \fIovector\fP and \fIworkspace\fP. This
+error is given if the output vector is not large enough. This should be
+extremely rare, as a vector of size 1000 is used.
+.sp
+  PCRE_ERROR_DFA_BADRESTART (-30)
+.sp
+When \fBpcre_dfa_exec()\fP is called with the \fBPCRE_DFA_RESTART\fP option,
+some plausibility checks are made on the contents of the workspace, which
+should contain data about the previous partial match. If any of these checks
+fail, this error is given.
+.
+.
+.SH "SEE ALSO"
+.rs
+.sp
+\fBpcre16\fP(3), \fBpcre32\fP(3), \fBpcrebuild\fP(3), \fBpcrecallout\fP(3),
+\fBpcrecpp(3)\fP(3), \fBpcrematching\fP(3), \fBpcrepartial\fP(3),
+\fBpcreposix\fP(3), \fBpcreprecompile\fP(3), \fBpcresample\fP(3),
+\fBpcrestack\fP(3).
+.
+.
+.SH AUTHOR
+.rs
+.sp
+.nf
+Philip Hazel
+University Computing Service
+Cambridge CB2 3QH, England.
+.fi
+.
+.
+.SH REVISION
+.rs
+.sp
+.nf
+Last updated: 18 December 2015
+Copyright (c) 1997-2015 University of Cambridge.
+.fi
diff --git a/client/3rd/ShadowSocks/ShadowSocks/pcre/armv7s/share/man/man3/pcrebuild.3 b/client/3rd/ShadowSocks/ShadowSocks/pcre/armv7s/share/man/man3/pcrebuild.3
new file mode 100644
index 00000000..403f2ae3
--- /dev/null
+++ b/client/3rd/ShadowSocks/ShadowSocks/pcre/armv7s/share/man/man3/pcrebuild.3
@@ -0,0 +1,550 @@
+.TH PCREBUILD 3 "12 May 2013" "PCRE 8.33"
+.SH NAME
+PCRE - Perl-compatible regular expressions
+.
+.
+.SH "BUILDING PCRE"
+.rs
+.sp
+PCRE is distributed with a \fBconfigure\fP script that can be used to build the
+library in Unix-like environments using the applications known as Autotools.
+Also in the distribution are files to support building using \fBCMake\fP
+instead of \fBconfigure\fP. The text file
+.\" HTML <a href="README.txt">
+.\" </a>
+\fBREADME\fP
+.\"
+contains general information about building with Autotools (some of which is
+repeated below), and also has some comments about building on various operating
+systems. There is a lot more information about building PCRE without using
+Autotools (including information about using \fBCMake\fP and building "by
+hand") in the text file called
+.\" HTML <a href="NON-AUTOTOOLS-BUILD.txt">
+.\" </a>
+\fBNON-AUTOTOOLS-BUILD\fP.
+.\"
+You should consult this file as well as the
+.\" HTML <a href="README.txt">
+.\" </a>
+\fBREADME\fP
+.\"
+file if you are building in a non-Unix-like environment.
+.
+.
+.SH "PCRE BUILD-TIME OPTIONS"
+.rs
+.sp
+The rest of this document describes the optional features of PCRE that can be
+selected when the library is compiled. It assumes use of the \fBconfigure\fP
+script, where the optional features are selected or deselected by providing
+options to \fBconfigure\fP before running the \fBmake\fP command. However, the
+same options can be selected in both Unix-like and non-Unix-like environments
+using the GUI facility of \fBcmake-gui\fP if you are using \fBCMake\fP instead
+of \fBconfigure\fP to build PCRE.
+.P
+If you are not using Autotools or \fBCMake\fP, option selection can be done by
+editing the \fBconfig.h\fP file, or by passing parameter settings to the
+compiler, as described in
+.\" HTML <a href="NON-AUTOTOOLS-BUILD.txt">
+.\" </a>
+\fBNON-AUTOTOOLS-BUILD\fP.
+.\"
+.P
+The complete list of options for \fBconfigure\fP (which includes the standard
+ones such as the selection of the installation directory) can be obtained by
+running
+.sp
+  ./configure --help
+.sp
+The following sections include descriptions of options whose names begin with
+--enable or --disable. These settings specify changes to the defaults for the
+\fBconfigure\fP command. Because of the way that \fBconfigure\fP works,
+--enable and --disable always come in pairs, so the complementary option always
+exists as well, but as it specifies the default, it is not described.
+.
+.
+.SH "BUILDING 8-BIT, 16-BIT AND 32-BIT LIBRARIES"
+.rs
+.sp
+By default, a library called \fBlibpcre\fP is built, containing functions that
+take string arguments contained in vectors of bytes, either as single-byte
+characters, or interpreted as UTF-8 strings. You can also build a separate
+library, called \fBlibpcre16\fP, in which strings are contained in vectors of
+16-bit data units and interpreted either as single-unit characters or UTF-16
+strings, by adding
+.sp
+  --enable-pcre16
+.sp
+to the \fBconfigure\fP command. You can also build yet another separate
+library, called \fBlibpcre32\fP, in which strings are contained in vectors of
+32-bit data units and interpreted either as single-unit characters or UTF-32
+strings, by adding
+.sp
+  --enable-pcre32
+.sp
+to the \fBconfigure\fP command. If you do not want the 8-bit library, add
+.sp
+  --disable-pcre8
+.sp
+as well. At least one of the three libraries must be built. Note that the C++
+and POSIX wrappers are for the 8-bit library only, and that \fBpcregrep\fP is
+an 8-bit program. None of these are built if you select only the 16-bit or
+32-bit libraries.
+.
+.
+.SH "BUILDING SHARED AND STATIC LIBRARIES"
+.rs
+.sp
+The Autotools PCRE building process uses \fBlibtool\fP to build both shared and
+static libraries by default. You can suppress one of these by adding one of
+.sp
+  --disable-shared
+  --disable-static
+.sp
+to the \fBconfigure\fP command, as required.
+.
+.
+.SH "C++ SUPPORT"
+.rs
+.sp
+By default, if the 8-bit library is being built, the \fBconfigure\fP script
+will search for a C++ compiler and C++ header files. If it finds them, it
+automatically builds the C++ wrapper library (which supports only 8-bit
+strings). You can disable this by adding
+.sp
+  --disable-cpp
+.sp
+to the \fBconfigure\fP command.
+.
+.
+.SH "UTF-8, UTF-16 AND UTF-32 SUPPORT"
+.rs
+.sp
+To build PCRE with support for UTF Unicode character strings, add
+.sp
+  --enable-utf
+.sp
+to the \fBconfigure\fP command. This setting applies to all three libraries,
+adding support for UTF-8 to the 8-bit library, support for UTF-16 to the 16-bit
+library, and support for UTF-32 to the to the 32-bit library. There are no
+separate options for enabling UTF-8, UTF-16 and UTF-32 independently because
+that would allow ridiculous settings such as requesting UTF-16 support while
+building only the 8-bit library. It is not possible to build one library with
+UTF support and another without in the same configuration. (For backwards
+compatibility, --enable-utf8 is a synonym of --enable-utf.)
+.P
+Of itself, this setting does not make PCRE treat strings as UTF-8, UTF-16 or
+UTF-32. As well as compiling PCRE with this option, you also have have to set
+the PCRE_UTF8, PCRE_UTF16 or PCRE_UTF32 option (as appropriate) when you call
+one of the pattern compiling functions.
+.P
+If you set --enable-utf when compiling in an EBCDIC environment, PCRE expects
+its input to be either ASCII or UTF-8 (depending on the run-time option). It is
+not possible to support both EBCDIC and UTF-8 codes in the same version of the
+library. Consequently, --enable-utf and --enable-ebcdic are mutually
+exclusive.
+.
+.
+.SH "UNICODE CHARACTER PROPERTY SUPPORT"
+.rs
+.sp
+UTF support allows the libraries to process character codepoints up to 0x10ffff
+in the strings that they handle. On its own, however, it does not provide any
+facilities for accessing the properties of such characters. If you want to be
+able to use the pattern escapes \eP, \ep, and \eX, which refer to Unicode
+character properties, you must add
+.sp
+  --enable-unicode-properties
+.sp
+to the \fBconfigure\fP command. This implies UTF support, even if you have
+not explicitly requested it.
+.P
+Including Unicode property support adds around 30K of tables to the PCRE
+library. Only the general category properties such as \fILu\fP and \fINd\fP are
+supported. Details are given in the
+.\" HREF
+\fBpcrepattern\fP
+.\"
+documentation.
+.
+.
+.SH "JUST-IN-TIME COMPILER SUPPORT"
+.rs
+.sp
+Just-in-time compiler support is included in the build by specifying
+.sp
+  --enable-jit
+.sp
+This support is available only for certain hardware architectures. If this
+option is set for an unsupported architecture, a compile time error occurs.
+See the
+.\" HREF
+\fBpcrejit\fP
+.\"
+documentation for a discussion of JIT usage. When JIT support is enabled,
+pcregrep automatically makes use of it, unless you add
+.sp
+  --disable-pcregrep-jit
+.sp
+to the "configure" command.
+.
+.
+.SH "CODE VALUE OF NEWLINE"
+.rs
+.sp
+By default, PCRE interprets the linefeed (LF) character as indicating the end
+of a line. This is the normal newline character on Unix-like systems. You can
+compile PCRE to use carriage return (CR) instead, by adding
+.sp
+  --enable-newline-is-cr
+.sp
+to the \fBconfigure\fP command. There is also a --enable-newline-is-lf option,
+which explicitly specifies linefeed as the newline character.
+.sp
+Alternatively, you can specify that line endings are to be indicated by the two
+character sequence CRLF. If you want this, add
+.sp
+  --enable-newline-is-crlf
+.sp
+to the \fBconfigure\fP command. There is a fourth option, specified by
+.sp
+  --enable-newline-is-anycrlf
+.sp
+which causes PCRE to recognize any of the three sequences CR, LF, or CRLF as
+indicating a line ending. Finally, a fifth option, specified by
+.sp
+  --enable-newline-is-any
+.sp
+causes PCRE to recognize any Unicode newline sequence.
+.P
+Whatever line ending convention is selected when PCRE is built can be
+overridden when the library functions are called. At build time it is
+conventional to use the standard for your operating system.
+.
+.
+.SH "WHAT \eR MATCHES"
+.rs
+.sp
+By default, the sequence \eR in a pattern matches any Unicode newline sequence,
+whatever has been selected as the line ending sequence. If you specify
+.sp
+  --enable-bsr-anycrlf
+.sp
+the default is changed so that \eR matches only CR, LF, or CRLF. Whatever is
+selected when PCRE is built can be overridden when the library functions are
+called.
+.
+.
+.SH "POSIX MALLOC USAGE"
+.rs
+.sp
+When the 8-bit library is called through the POSIX interface (see the
+.\" HREF
+\fBpcreposix\fP
+.\"
+documentation), additional working storage is required for holding the pointers
+to capturing substrings, because PCRE requires three integers per substring,
+whereas the POSIX interface provides only two. If the number of expected
+substrings is small, the wrapper function uses space on the stack, because this
+is faster than using \fBmalloc()\fP for each call. The default threshold above
+which the stack is no longer used is 10; it can be changed by adding a setting
+such as
+.sp
+  --with-posix-malloc-threshold=20
+.sp
+to the \fBconfigure\fP command.
+.
+.
+.SH "HANDLING VERY LARGE PATTERNS"
+.rs
+.sp
+Within a compiled pattern, offset values are used to point from one part to
+another (for example, from an opening parenthesis to an alternation
+metacharacter). By default, in the 8-bit and 16-bit libraries, two-byte values
+are used for these offsets, leading to a maximum size for a compiled pattern of
+around 64K. This is sufficient to handle all but the most gigantic patterns.
+Nevertheless, some people do want to process truly enormous patterns, so it is
+possible to compile PCRE to use three-byte or four-byte offsets by adding a
+setting such as
+.sp
+  --with-link-size=3
+.sp
+to the \fBconfigure\fP command. The value given must be 2, 3, or 4. For the
+16-bit library, a value of 3 is rounded up to 4. In these libraries, using
+longer offsets slows down the operation of PCRE because it has to load
+additional data when handling them. For the 32-bit library the value is always
+4 and cannot be overridden; the value of --with-link-size is ignored.
+.
+.
+.SH "AVOIDING EXCESSIVE STACK USAGE"
+.rs
+.sp
+When matching with the \fBpcre_exec()\fP function, PCRE implements backtracking
+by making recursive calls to an internal function called \fBmatch()\fP. In
+environments where the size of the stack is limited, this can severely limit
+PCRE's operation. (The Unix environment does not usually suffer from this
+problem, but it may sometimes be necessary to increase the maximum stack size.
+There is a discussion in the
+.\" HREF
+\fBpcrestack\fP
+.\"
+documentation.) An alternative approach to recursion that uses memory from the
+heap to remember data, instead of using recursive function calls, has been
+implemented to work round the problem of limited stack size. If you want to
+build a version of PCRE that works this way, add
+.sp
+  --disable-stack-for-recursion
+.sp
+to the \fBconfigure\fP command. With this configuration, PCRE will use the
+\fBpcre_stack_malloc\fP and \fBpcre_stack_free\fP variables to call memory
+management functions. By default these point to \fBmalloc()\fP and
+\fBfree()\fP, but you can replace the pointers so that your own functions are
+used instead.
+.P
+Separate functions are provided rather than using \fBpcre_malloc\fP and
+\fBpcre_free\fP because the usage is very predictable: the block sizes
+requested are always the same, and the blocks are always freed in reverse
+order. A calling program might be able to implement optimized functions that
+perform better than \fBmalloc()\fP and \fBfree()\fP. PCRE runs noticeably more
+slowly when built in this way. This option affects only the \fBpcre_exec()\fP
+function; it is not relevant for \fBpcre_dfa_exec()\fP.
+.
+.
+.SH "LIMITING PCRE RESOURCE USAGE"
+.rs
+.sp
+Internally, PCRE has a function called \fBmatch()\fP, which it calls repeatedly
+(sometimes recursively) when matching a pattern with the \fBpcre_exec()\fP
+function. By controlling the maximum number of times this function may be
+called during a single matching operation, a limit can be placed on the
+resources used by a single call to \fBpcre_exec()\fP. The limit can be changed
+at run time, as described in the
+.\" HREF
+\fBpcreapi\fP
+.\"
+documentation. The default is 10 million, but this can be changed by adding a
+setting such as
+.sp
+  --with-match-limit=500000
+.sp
+to the \fBconfigure\fP command. This setting has no effect on the
+\fBpcre_dfa_exec()\fP matching function.
+.P
+In some environments it is desirable to limit the depth of recursive calls of
+\fBmatch()\fP more strictly than the total number of calls, in order to
+restrict the maximum amount of stack (or heap, if --disable-stack-for-recursion
+is specified) that is used. A second limit controls this; it defaults to the
+value that is set for --with-match-limit, which imposes no additional
+constraints. However, you can set a lower limit by adding, for example,
+.sp
+  --with-match-limit-recursion=10000
+.sp
+to the \fBconfigure\fP command. This value can also be overridden at run time.
+.
+.
+.SH "CREATING CHARACTER TABLES AT BUILD TIME"
+.rs
+.sp
+PCRE uses fixed tables for processing characters whose code values are less
+than 256. By default, PCRE is built with a set of tables that are distributed
+in the file \fIpcre_chartables.c.dist\fP. These tables are for ASCII codes
+only. If you add
+.sp
+  --enable-rebuild-chartables
+.sp
+to the \fBconfigure\fP command, the distributed tables are no longer used.
+Instead, a program called \fBdftables\fP is compiled and run. This outputs the
+source for new set of tables, created in the default locale of your C run-time
+system. (This method of replacing the tables does not work if you are cross
+compiling, because \fBdftables\fP is run on the local host. If you need to
+create alternative tables when cross compiling, you will have to do so "by
+hand".)
+.
+.
+.SH "USING EBCDIC CODE"
+.rs
+.sp
+PCRE assumes by default that it will run in an environment where the character
+code is ASCII (or Unicode, which is a superset of ASCII). This is the case for
+most computer operating systems. PCRE can, however, be compiled to run in an
+EBCDIC environment by adding
+.sp
+  --enable-ebcdic
+.sp
+to the \fBconfigure\fP command. This setting implies
+--enable-rebuild-chartables. You should only use it if you know that you are in
+an EBCDIC environment (for example, an IBM mainframe operating system). The
+--enable-ebcdic option is incompatible with --enable-utf.
+.P
+The EBCDIC character that corresponds to an ASCII LF is assumed to have the
+value 0x15 by default. However, in some EBCDIC environments, 0x25 is used. In
+such an environment you should use
+.sp
+  --enable-ebcdic-nl25
+.sp
+as well as, or instead of, --enable-ebcdic. The EBCDIC character for CR has the
+same value as in ASCII, namely, 0x0d. Whichever of 0x15 and 0x25 is \fInot\fP
+chosen as LF is made to correspond to the Unicode NEL character (which, in
+Unicode, is 0x85).
+.P
+The options that select newline behaviour, such as --enable-newline-is-cr,
+and equivalent run-time options, refer to these character values in an EBCDIC
+environment.
+.
+.
+.SH "PCREGREP OPTIONS FOR COMPRESSED FILE SUPPORT"
+.rs
+.sp
+By default, \fBpcregrep\fP reads all files as plain text. You can build it so
+that it recognizes files whose names end in \fB.gz\fP or \fB.bz2\fP, and reads
+them with \fBlibz\fP or \fBlibbz2\fP, respectively, by adding one or both of
+.sp
+  --enable-pcregrep-libz
+  --enable-pcregrep-libbz2
+.sp
+to the \fBconfigure\fP command. These options naturally require that the
+relevant libraries are installed on your system. Configuration will fail if
+they are not.
+.
+.
+.SH "PCREGREP BUFFER SIZE"
+.rs
+.sp
+\fBpcregrep\fP uses an internal buffer to hold a "window" on the file it is
+scanning, in order to be able to output "before" and "after" lines when it
+finds a match. The size of the buffer is controlled by a parameter whose
+default value is 20K. The buffer itself is three times this size, but because
+of the way it is used for holding "before" lines, the longest line that is
+guaranteed to be processable is the parameter size. You can change the default
+parameter value by adding, for example,
+.sp
+  --with-pcregrep-bufsize=50K
+.sp
+to the \fBconfigure\fP command. The caller of \fPpcregrep\fP can, however,
+override this value by specifying a run-time option.
+.
+.
+.SH "PCRETEST OPTION FOR LIBREADLINE SUPPORT"
+.rs
+.sp
+If you add
+.sp
+  --enable-pcretest-libreadline
+.sp
+to the \fBconfigure\fP command, \fBpcretest\fP is linked with the
+\fBlibreadline\fP library, and when its input is from a terminal, it reads it
+using the \fBreadline()\fP function. This provides line-editing and history
+facilities. Note that \fBlibreadline\fP is GPL-licensed, so if you distribute a
+binary of \fBpcretest\fP linked in this way, there may be licensing issues.
+.P
+Setting this option causes the \fB-lreadline\fP option to be added to the
+\fBpcretest\fP build. In many operating environments with a sytem-installed
+\fBlibreadline\fP this is sufficient. However, in some environments (e.g.
+if an unmodified distribution version of readline is in use), some extra
+configuration may be necessary. The INSTALL file for \fBlibreadline\fP says
+this:
+.sp
+  "Readline uses the termcap functions, but does not link with the
+  termcap or curses library itself, allowing applications which link
+  with readline the to choose an appropriate library."
+.sp
+If your environment has not been set up so that an appropriate library is
+automatically included, you may need to add something like
+.sp
+  LIBS="-ncurses"
+.sp
+immediately before the \fBconfigure\fP command.
+.
+.
+.SH "DEBUGGING WITH VALGRIND SUPPORT"
+.rs
+.sp
+By adding the
+.sp
+  --enable-valgrind
+.sp
+option to to the \fBconfigure\fP command, PCRE will use valgrind annotations
+to mark certain memory regions as unaddressable. This allows it to detect
+invalid memory accesses, and is mostly useful for debugging PCRE itself.
+.
+.
+.SH "CODE COVERAGE REPORTING"
+.rs
+.sp
+If your C compiler is gcc, you can build a version of PCRE that can generate a
+code coverage report for its test suite. To enable this, you must install
+\fBlcov\fP version 1.6 or above. Then specify
+.sp
+  --enable-coverage
+.sp
+to the \fBconfigure\fP command and build PCRE in the usual way.
+.P
+Note that using \fBccache\fP (a caching C compiler) is incompatible with code
+coverage reporting. If you have configured \fBccache\fP to run automatically
+on your system, you must set the environment variable
+.sp
+  CCACHE_DISABLE=1
+.sp
+before running \fBmake\fP to build PCRE, so that \fBccache\fP is not used.
+.P
+When --enable-coverage is used, the following addition targets are added to the
+\fIMakefile\fP:
+.sp
+  make coverage
+.sp
+This creates a fresh coverage report for the PCRE test suite. It is equivalent
+to running "make coverage-reset", "make coverage-baseline", "make check", and
+then "make coverage-report".
+.sp
+  make coverage-reset
+.sp
+This zeroes the coverage counters, but does nothing else.
+.sp
+  make coverage-baseline
+.sp
+This captures baseline coverage information.
+.sp
+  make coverage-report
+.sp
+This creates the coverage report.
+.sp
+  make coverage-clean-report
+.sp
+This removes the generated coverage report without cleaning the coverage data
+itself.
+.sp
+  make coverage-clean-data
+.sp
+This removes the captured coverage data without removing the coverage files
+created at compile time (*.gcno).
+.sp
+  make coverage-clean
+.sp
+This cleans all coverage data including the generated coverage report. For more
+information about code coverage, see the \fBgcov\fP and \fBlcov\fP
+documentation.
+.
+.
+.SH "SEE ALSO"
+.rs
+.sp
+\fBpcreapi\fP(3), \fBpcre16\fP, \fBpcre32\fP, \fBpcre_config\fP(3).
+.
+.
+.SH AUTHOR
+.rs
+.sp
+.nf
+Philip Hazel
+University Computing Service
+Cambridge CB2 3QH, England.
+.fi
+.
+.
+.SH REVISION
+.rs
+.sp
+.nf
+Last updated: 12 May 2013
+Copyright (c) 1997-2013 University of Cambridge.
+.fi
diff --git a/client/3rd/ShadowSocks/ShadowSocks/pcre/armv7s/share/man/man3/pcrecallout.3 b/client/3rd/ShadowSocks/ShadowSocks/pcre/armv7s/share/man/man3/pcrecallout.3
new file mode 100644
index 00000000..8ebc9959
--- /dev/null
+++ b/client/3rd/ShadowSocks/ShadowSocks/pcre/armv7s/share/man/man3/pcrecallout.3
@@ -0,0 +1,255 @@
+.TH PCRECALLOUT 3 "12 November 2013" "PCRE 8.34"
+.SH NAME
+PCRE - Perl-compatible regular expressions
+.SH SYNOPSIS
+.rs
+.sp
+.B #include <pcre.h>
+.PP
+.SM
+.B int (*pcre_callout)(pcre_callout_block *);
+.PP
+.B int (*pcre16_callout)(pcre16_callout_block *);
+.PP
+.B int (*pcre32_callout)(pcre32_callout_block *);
+.
+.SH DESCRIPTION
+.rs
+.sp
+PCRE provides a feature called "callout", which is a means of temporarily
+passing control to the caller of PCRE in the middle of pattern matching. The
+caller of PCRE provides an external function by putting its entry point in the
+global variable \fIpcre_callout\fP (\fIpcre16_callout\fP for the 16-bit
+library, \fIpcre32_callout\fP for the 32-bit library). By default, this
+variable contains NULL, which disables all calling out.
+.P
+Within a regular expression, (?C) indicates the points at which the external
+function is to be called. Different callout points can be identified by putting
+a number less than 256 after the letter C. The default value is zero.
+For example, this pattern has two callout points:
+.sp
+  (?C1)abc(?C2)def
+.sp
+If the PCRE_AUTO_CALLOUT option bit is set when a pattern is compiled, PCRE
+automatically inserts callouts, all with number 255, before each item in the
+pattern. For example, if PCRE_AUTO_CALLOUT is used with the pattern
+.sp
+  A(\ed{2}|--)
+.sp
+it is processed as if it were
+.sp
+(?C255)A(?C255)((?C255)\ed{2}(?C255)|(?C255)-(?C255)-(?C255))(?C255)
+.sp
+Notice that there is a callout before and after each parenthesis and
+alternation bar. If the pattern contains a conditional group whose condition is
+an assertion, an automatic callout is inserted immediately before the
+condition. Such a callout may also be inserted explicitly, for example:
+.sp
+  (?(?C9)(?=a)ab|de)
+.sp
+This applies only to assertion conditions (because they are themselves
+independent groups).
+.P
+Automatic callouts can be used for tracking the progress of pattern matching.
+The
+.\" HREF
+\fBpcretest\fP
+.\"
+program has a pattern qualifier (/C) that sets automatic callouts; when it is
+used, the output indicates how the pattern is being matched. This is useful
+information when you are trying to optimize the performance of a particular
+pattern.
+.
+.
+.SH "MISSING CALLOUTS"
+.rs
+.sp
+You should be aware that, because of optimizations in the way PCRE compiles and
+matches patterns, callouts sometimes do not happen exactly as you might expect.
+.P
+At compile time, PCRE "auto-possessifies" repeated items when it knows that
+what follows cannot be part of the repeat. For example, a+[bc] is compiled as
+if it were a++[bc]. The \fBpcretest\fP output when this pattern is anchored and
+then applied with automatic callouts to the string "aaaa" is:
+.sp
+  --->aaaa
+   +0 ^        ^
+   +1 ^        a+
+   +3 ^   ^    [bc]
+  No match
+.sp
+This indicates that when matching [bc] fails, there is no backtracking into a+
+and therefore the callouts that would be taken for the backtracks do not occur.
+You can disable the auto-possessify feature by passing PCRE_NO_AUTO_POSSESS
+to \fBpcre_compile()\fP, or starting the pattern with (*NO_AUTO_POSSESS). If
+this is done in \fBpcretest\fP (using the /O qualifier), the output changes to
+this:
+.sp
+  --->aaaa
+   +0 ^        ^
+   +1 ^        a+
+   +3 ^   ^    [bc]
+   +3 ^  ^     [bc]
+   +3 ^ ^      [bc]
+   +3 ^^       [bc]
+  No match
+.sp
+This time, when matching [bc] fails, the matcher backtracks into a+ and tries
+again, repeatedly, until a+ itself fails.
+.P
+Other optimizations that provide fast "no match" results also affect callouts.
+For example, if the pattern is
+.sp
+  ab(?C4)cd
+.sp
+PCRE knows that any matching string must contain the letter "d". If the subject
+string is "abyz", the lack of "d" means that matching doesn't ever start, and
+the callout is never reached. However, with "abyd", though the result is still
+no match, the callout is obeyed.
+.P
+If the pattern is studied, PCRE knows the minimum length of a matching string,
+and will immediately give a "no match" return without actually running a match
+if the subject is not long enough, or, for unanchored patterns, if it has
+been scanned far enough.
+.P
+You can disable these optimizations by passing the PCRE_NO_START_OPTIMIZE
+option to the matching function, or by starting the pattern with
+(*NO_START_OPT). This slows down the matching process, but does ensure that
+callouts such as the example above are obeyed.
+.
+.
+.SH "THE CALLOUT INTERFACE"
+.rs
+.sp
+During matching, when PCRE reaches a callout point, the external function
+defined by \fIpcre_callout\fP or \fIpcre[16|32]_callout\fP is called (if it is
+set). This applies to both normal and DFA matching. The only argument to the
+callout function is a pointer to a \fBpcre_callout\fP or
+\fBpcre[16|32]_callout\fP block. These structures contains the following
+fields:
+.sp
+  int           \fIversion\fP;
+  int           \fIcallout_number\fP;
+  int          *\fIoffset_vector\fP;
+  const char   *\fIsubject\fP;           (8-bit version)
+  PCRE_SPTR16   \fIsubject\fP;           (16-bit version)
+  PCRE_SPTR32   \fIsubject\fP;           (32-bit version)
+  int           \fIsubject_length\fP;
+  int           \fIstart_match\fP;
+  int           \fIcurrent_position\fP;
+  int           \fIcapture_top\fP;
+  int           \fIcapture_last\fP;
+  void         *\fIcallout_data\fP;
+  int           \fIpattern_position\fP;
+  int           \fInext_item_length\fP;
+  const unsigned char *\fImark\fP;       (8-bit version)
+  const PCRE_UCHAR16  *\fImark\fP;       (16-bit version)
+  const PCRE_UCHAR32  *\fImark\fP;       (32-bit version)
+.sp
+The \fIversion\fP field is an integer containing the version number of the
+block format. The initial version was 0; the current version is 2. The version
+number will change again in future if additional fields are added, but the
+intention is never to remove any of the existing fields.
+.P
+The \fIcallout_number\fP field contains the number of the callout, as compiled
+into the pattern (that is, the number after ?C for manual callouts, and 255 for
+automatically generated callouts).
+.P
+The \fIoffset_vector\fP field is a pointer to the vector of offsets that was
+passed by the caller to the matching function. When \fBpcre_exec()\fP or
+\fBpcre[16|32]_exec()\fP is used, the contents can be inspected, in order to
+extract substrings that have been matched so far, in the same way as for
+extracting substrings after a match has completed. For the DFA matching
+functions, this field is not useful.
+.P
+The \fIsubject\fP and \fIsubject_length\fP fields contain copies of the values
+that were passed to the matching function.
+.P
+The \fIstart_match\fP field normally contains the offset within the subject at
+which the current match attempt started. However, if the escape sequence \eK
+has been encountered, this value is changed to reflect the modified starting
+point. If the pattern is not anchored, the callout function may be called
+several times from the same point in the pattern for different starting points
+in the subject.
+.P
+The \fIcurrent_position\fP field contains the offset within the subject of the
+current match pointer.
+.P
+When the \fBpcre_exec()\fP or \fBpcre[16|32]_exec()\fP is used, the
+\fIcapture_top\fP field contains one more than the number of the highest
+numbered captured substring so far. If no substrings have been captured, the
+value of \fIcapture_top\fP is one. This is always the case when the DFA
+functions are used, because they do not support captured substrings.
+.P
+The \fIcapture_last\fP field contains the number of the most recently captured
+substring. However, when a recursion exits, the value reverts to what it was
+outside the recursion, as do the values of all captured substrings. If no
+substrings have been captured, the value of \fIcapture_last\fP is -1. This is
+always the case for the DFA matching functions.
+.P
+The \fIcallout_data\fP field contains a value that is passed to a matching
+function specifically so that it can be passed back in callouts. It is passed
+in the \fIcallout_data\fP field of a \fBpcre_extra\fP or \fBpcre[16|32]_extra\fP
+data structure. If no such data was passed, the value of \fIcallout_data\fP in
+a callout block is NULL. There is a description of the \fBpcre_extra\fP
+structure in the
+.\" HREF
+\fBpcreapi\fP
+.\"
+documentation.
+.P
+The \fIpattern_position\fP field is present from version 1 of the callout
+structure. It contains the offset to the next item to be matched in the pattern
+string.
+.P
+The \fInext_item_length\fP field is present from version 1 of the callout
+structure. It contains the length of the next item to be matched in the pattern
+string. When the callout immediately precedes an alternation bar, a closing
+parenthesis, or the end of the pattern, the length is zero. When the callout
+precedes an opening parenthesis, the length is that of the entire subpattern.
+.P
+The \fIpattern_position\fP and \fInext_item_length\fP fields are intended to
+help in distinguishing between different automatic callouts, which all have the
+same callout number. However, they are set for all callouts.
+.P
+The \fImark\fP field is present from version 2 of the callout structure. In
+callouts from \fBpcre_exec()\fP or \fBpcre[16|32]_exec()\fP it contains a
+pointer to the zero-terminated name of the most recently passed (*MARK),
+(*PRUNE), or (*THEN) item in the match, or NULL if no such items have been
+passed. Instances of (*PRUNE) or (*THEN) without a name do not obliterate a
+previous (*MARK). In callouts from the DFA matching functions this field always
+contains NULL.
+.
+.
+.SH "RETURN VALUES"
+.rs
+.sp
+The external callout function returns an integer to PCRE. If the value is zero,
+matching proceeds as normal. If the value is greater than zero, matching fails
+at the current point, but the testing of other matching possibilities goes
+ahead, just as if a lookahead assertion had failed. If the value is less than
+zero, the match is abandoned, the matching function returns the negative value.
+.P
+Negative values should normally be chosen from the set of PCRE_ERROR_xxx
+values. In particular, PCRE_ERROR_NOMATCH forces a standard "no match" failure.
+The error number PCRE_ERROR_CALLOUT is reserved for use by callout functions;
+it will never be used by PCRE itself.
+.
+.
+.SH AUTHOR
+.rs
+.sp
+.nf
+Philip Hazel
+University Computing Service
+Cambridge CB2 3QH, England.
+.fi
+.
+.
+.SH REVISION
+.rs
+.sp
+.nf
+Last updated: 12 November 2013
+Copyright (c) 1997-2013 University of Cambridge.
+.fi
diff --git a/client/3rd/ShadowSocks/ShadowSocks/pcre/armv7s/share/man/man3/pcrecompat.3 b/client/3rd/ShadowSocks/ShadowSocks/pcre/armv7s/share/man/man3/pcrecompat.3
new file mode 100644
index 00000000..6156e776
--- /dev/null
+++ b/client/3rd/ShadowSocks/ShadowSocks/pcre/armv7s/share/man/man3/pcrecompat.3
@@ -0,0 +1,200 @@
+.TH PCRECOMPAT 3 "10 November 2013" "PCRE 8.34"
+.SH NAME
+PCRE - Perl-compatible regular expressions
+.SH "DIFFERENCES BETWEEN PCRE AND PERL"
+.rs
+.sp
+This document describes the differences in the ways that PCRE and Perl handle
+regular expressions. The differences described here are with respect to Perl
+versions 5.10 and above.
+.P
+1. PCRE has only a subset of Perl's Unicode support. Details of what it does
+have are given in the
+.\" HREF
+\fBpcreunicode\fP
+.\"
+page.
+.P
+2. PCRE allows repeat quantifiers only on parenthesized assertions, but they do
+not mean what you might think. For example, (?!a){3} does not assert that the
+next three characters are not "a". It just asserts that the next character is
+not "a" three times (in principle: PCRE optimizes this to run the assertion
+just once). Perl allows repeat quantifiers on other assertions such as \eb, but
+these do not seem to have any use.
+.P
+3. Capturing subpatterns that occur inside negative lookahead assertions are
+counted, but their entries in the offsets vector are never set. Perl sometimes
+(but not always) sets its numerical variables from inside negative assertions.
+.P
+4. Though binary zero characters are supported in the subject string, they are
+not allowed in a pattern string because it is passed as a normal C string,
+terminated by zero. The escape sequence \e0 can be used in the pattern to
+represent a binary zero.
+.P
+5. The following Perl escape sequences are not supported: \el, \eu, \eL,
+\eU, and \eN when followed by a character name or Unicode value. (\eN on its
+own, matching a non-newline character, is supported.) In fact these are
+implemented by Perl's general string-handling and are not part of its pattern
+matching engine. If any of these are encountered by PCRE, an error is
+generated by default. However, if the PCRE_JAVASCRIPT_COMPAT option is set,
+\eU and \eu are interpreted as JavaScript interprets them.
+.P
+6. The Perl escape sequences \ep, \eP, and \eX are supported only if PCRE is
+built with Unicode character property support. The properties that can be
+tested with \ep and \eP are limited to the general category properties such as
+Lu and Nd, script names such as Greek or Han, and the derived properties Any
+and L&. PCRE does support the Cs (surrogate) property, which Perl does not; the
+Perl documentation says "Because Perl hides the need for the user to understand
+the internal representation of Unicode characters, there is no need to
+implement the somewhat messy concept of surrogates."
+.P
+7. PCRE does support the \eQ...\eE escape for quoting substrings. Characters in
+between are treated as literals. This is slightly different from Perl in that $
+and @ are also handled as literals inside the quotes. In Perl, they cause
+variable interpolation (but of course PCRE does not have variables). Note the
+following examples:
+.sp
+    Pattern            PCRE matches      Perl matches
+.sp
+.\" JOIN
+    \eQabc$xyz\eE        abc$xyz           abc followed by the
+                                           contents of $xyz
+    \eQabc\e$xyz\eE       abc\e$xyz          abc\e$xyz
+    \eQabc\eE\e$\eQxyz\eE   abc$xyz           abc$xyz
+.sp
+The \eQ...\eE sequence is recognized both inside and outside character classes.
+.P
+8. Fairly obviously, PCRE does not support the (?{code}) and (??{code})
+constructions. However, there is support for recursive patterns. This is not
+available in Perl 5.8, but it is in Perl 5.10. Also, the PCRE "callout"
+feature allows an external function to be called during pattern matching. See
+the
+.\" HREF
+\fBpcrecallout\fP
+.\"
+documentation for details.
+.P
+9. Subpatterns that are called as subroutines (whether or not recursively) are
+always treated as atomic groups in PCRE. This is like Python, but unlike Perl.
+Captured values that are set outside a subroutine call can be reference from
+inside in PCRE, but not in Perl. There is a discussion that explains these
+differences in more detail in the
+.\" HTML <a href="pcrepattern.html#recursiondifference">
+.\" </a>
+section on recursion differences from Perl
+.\"
+in the
+.\" HREF
+\fBpcrepattern\fP
+.\"
+page.
+.P
+10. If any of the backtracking control verbs are used in a subpattern that is
+called as a subroutine (whether or not recursively), their effect is confined
+to that subpattern; it does not extend to the surrounding pattern. This is not
+always the case in Perl. In particular, if (*THEN) is present in a group that
+is called as a subroutine, its action is limited to that group, even if the
+group does not contain any | characters. Note that such subpatterns are
+processed as anchored at the point where they are tested.
+.P
+11. If a pattern contains more than one backtracking control verb, the first
+one that is backtracked onto acts. For example, in the pattern
+A(*COMMIT)B(*PRUNE)C a failure in B triggers (*COMMIT), but a failure in C
+triggers (*PRUNE). Perl's behaviour is more complex; in many cases it is the
+same as PCRE, but there are examples where it differs.
+.P
+12. Most backtracking verbs in assertions have their normal actions. They are
+not confined to the assertion.
+.P
+13. There are some differences that are concerned with the settings of captured
+strings when part of a pattern is repeated. For example, matching "aba" against
+the pattern /^(a(b)?)+$/ in Perl leaves $2 unset, but in PCRE it is set to "b".
+.P
+14. PCRE's handling of duplicate subpattern numbers and duplicate subpattern
+names is not as general as Perl's. This is a consequence of the fact the PCRE
+works internally just with numbers, using an external table to translate
+between numbers and names. In particular, a pattern such as (?|(?<a>A)|(?<b>B),
+where the two capturing parentheses have the same number but different names,
+is not supported, and causes an error at compile time. If it were allowed, it
+would not be possible to distinguish which parentheses matched, because both
+names map to capturing subpattern number 1. To avoid this confusing situation,
+an error is given at compile time.
+.P
+15. Perl recognizes comments in some places that PCRE does not, for example,
+between the ( and ? at the start of a subpattern. If the /x modifier is set,
+Perl allows white space between ( and ? (though current Perls warn that this is
+deprecated) but PCRE never does, even if the PCRE_EXTENDED option is set.
+.P
+16. Perl, when in warning mode, gives warnings for character classes such as
+[A-\ed] or [a-[:digit:]]. It then treats the hyphens as literals. PCRE has no
+warning features, so it gives an error in these cases because they are almost
+certainly user mistakes.
+.P
+17. In PCRE, the upper/lower case character properties Lu and Ll are not
+affected when case-independent matching is specified. For example, \ep{Lu}
+always matches an upper case letter. I think Perl has changed in this respect;
+in the release at the time of writing (5.16), \ep{Lu} and \ep{Ll} match all
+letters, regardless of case, when case independence is specified.
+.P
+18. PCRE provides some extensions to the Perl regular expression facilities.
+Perl 5.10 includes new features that are not in earlier versions of Perl, some
+of which (such as named parentheses) have been in PCRE for some time. This list
+is with respect to Perl 5.10:
+.sp
+(a) Although lookbehind assertions in PCRE must match fixed length strings,
+each alternative branch of a lookbehind assertion can match a different length
+of string. Perl requires them all to have the same length.
+.sp
+(b) If PCRE_DOLLAR_ENDONLY is set and PCRE_MULTILINE is not set, the $
+meta-character matches only at the very end of the string.
+.sp
+(c) If PCRE_EXTRA is set, a backslash followed by a letter with no special
+meaning is faulted. Otherwise, like Perl, the backslash is quietly ignored.
+(Perl can be made to issue a warning.)
+.sp
+(d) If PCRE_UNGREEDY is set, the greediness of the repetition quantifiers is
+inverted, that is, by default they are not greedy, but if followed by a
+question mark they are.
+.sp
+(e) PCRE_ANCHORED can be used at matching time to force a pattern to be tried
+only at the first matching position in the subject string.
+.sp
+(f) The PCRE_NOTBOL, PCRE_NOTEOL, PCRE_NOTEMPTY, PCRE_NOTEMPTY_ATSTART, and
+PCRE_NO_AUTO_CAPTURE options for \fBpcre_exec()\fP have no Perl equivalents.
+.sp
+(g) The \eR escape sequence can be restricted to match only CR, LF, or CRLF
+by the PCRE_BSR_ANYCRLF option.
+.sp
+(h) The callout facility is PCRE-specific.
+.sp
+(i) The partial matching facility is PCRE-specific.
+.sp
+(j) Patterns compiled by PCRE can be saved and re-used at a later time, even on
+different hosts that have the other endianness. However, this does not apply to
+optimized data created by the just-in-time compiler.
+.sp
+(k) The alternative matching functions (\fBpcre_dfa_exec()\fP,
+\fBpcre16_dfa_exec()\fP and \fBpcre32_dfa_exec()\fP,) match in a different way
+and are not Perl-compatible.
+.sp
+(l) PCRE recognizes some special sequences such as (*CR) at the start of
+a pattern that set overall options that cannot be changed within the pattern.
+.
+.
+.SH AUTHOR
+.rs
+.sp
+.nf
+Philip Hazel
+University Computing Service
+Cambridge CB2 3QH, England.
+.fi
+.
+.
+.SH REVISION
+.rs
+.sp
+.nf
+Last updated: 10 November 2013
+Copyright (c) 1997-2013 University of Cambridge.
+.fi
diff --git a/client/3rd/ShadowSocks/ShadowSocks/pcre/armv7s/share/man/man3/pcrecpp.3 b/client/3rd/ShadowSocks/ShadowSocks/pcre/armv7s/share/man/man3/pcrecpp.3
new file mode 100644
index 00000000..fbddd86a
--- /dev/null
+++ b/client/3rd/ShadowSocks/ShadowSocks/pcre/armv7s/share/man/man3/pcrecpp.3
@@ -0,0 +1,348 @@
+.TH PCRECPP 3 "08 January 2012" "PCRE 8.30"
+.SH NAME
+PCRE - Perl-compatible regular expressions.
+.SH "SYNOPSIS OF C++ WRAPPER"
+.rs
+.sp
+.B #include <pcrecpp.h>
+.
+.SH DESCRIPTION
+.rs
+.sp
+The C++ wrapper for PCRE was provided by Google Inc. Some additional
+functionality was added by Giuseppe Maxia. This brief man page was constructed
+from the notes in the \fIpcrecpp.h\fP file, which should be consulted for
+further details. Note that the C++ wrapper supports only the original 8-bit
+PCRE library. There is no 16-bit or 32-bit support at present.
+.
+.
+.SH "MATCHING INTERFACE"
+.rs
+.sp
+The "FullMatch" operation checks that supplied text matches a supplied pattern
+exactly. If pointer arguments are supplied, it copies matched sub-strings that
+match sub-patterns into them.
+.sp
+  Example: successful match
+     pcrecpp::RE re("h.*o");
+     re.FullMatch("hello");
+.sp
+  Example: unsuccessful match (requires full match):
+     pcrecpp::RE re("e");
+     !re.FullMatch("hello");
+.sp
+  Example: creating a temporary RE object:
+     pcrecpp::RE("h.*o").FullMatch("hello");
+.sp
+You can pass in a "const char*" or a "string" for "text". The examples below
+tend to use a const char*. You can, as in the different examples above, store
+the RE object explicitly in a variable or use a temporary RE object. The
+examples below use one mode or the other arbitrarily. Either could correctly be
+used for any of these examples.
+.P
+You must supply extra pointer arguments to extract matched subpieces.
+.sp
+  Example: extracts "ruby" into "s" and 1234 into "i"
+     int i;
+     string s;
+     pcrecpp::RE re("(\e\ew+):(\e\ed+)");
+     re.FullMatch("ruby:1234", &s, &i);
+.sp
+  Example: does not try to extract any extra sub-patterns
+     re.FullMatch("ruby:1234", &s);
+.sp
+  Example: does not try to extract into NULL
+     re.FullMatch("ruby:1234", NULL, &i);
+.sp
+  Example: integer overflow causes failure
+     !re.FullMatch("ruby:1234567891234", NULL, &i);
+.sp
+  Example: fails because there aren't enough sub-patterns:
+     !pcrecpp::RE("\e\ew+:\e\ed+").FullMatch("ruby:1234", &s);
+.sp
+  Example: fails because string cannot be stored in integer
+     !pcrecpp::RE("(.*)").FullMatch("ruby", &i);
+.sp
+The provided pointer arguments can be pointers to any scalar numeric
+type, or one of:
+.sp
+   string        (matched piece is copied to string)
+   StringPiece   (StringPiece is mutated to point to matched piece)
+   T             (where "bool T::ParseFrom(const char*, int)" exists)
+   NULL          (the corresponding matched sub-pattern is not copied)
+.sp
+The function returns true iff all of the following conditions are satisfied:
+.sp
+  a. "text" matches "pattern" exactly;
+.sp
+  b. The number of matched sub-patterns is >= number of supplied
+     pointers;
+.sp
+  c. The "i"th argument has a suitable type for holding the
+     string captured as the "i"th sub-pattern. If you pass in
+     void * NULL for the "i"th argument, or a non-void * NULL
+     of the correct type, or pass fewer arguments than the
+     number of sub-patterns, "i"th captured sub-pattern is
+     ignored.
+.sp
+CAVEAT: An optional sub-pattern that does not exist in the matched
+string is assigned the empty string. Therefore, the following will
+return false (because the empty string is not a valid number):
+.sp
+   int number;
+   pcrecpp::RE::FullMatch("abc", "[a-z]+(\e\ed+)?", &number);
+.sp
+The matching interface supports at most 16 arguments per call.
+If you need more, consider using the more general interface
+\fBpcrecpp::RE::DoMatch\fP. See \fBpcrecpp.h\fP for the signature for
+\fBDoMatch\fP.
+.P
+NOTE: Do not use \fBno_arg\fP, which is used internally to mark the end of a
+list of optional arguments, as a placeholder for missing arguments, as this can
+lead to segfaults.
+.
+.
+.SH "QUOTING METACHARACTERS"
+.rs
+.sp
+You can use the "QuoteMeta" operation to insert backslashes before all
+potentially meaningful characters in a string. The returned string, used as a
+regular expression, will exactly match the original string.
+.sp
+  Example:
+     string quoted = RE::QuoteMeta(unquoted);
+.sp
+Note that it's legal to escape a character even if it has no special meaning in
+a regular expression -- so this function does that. (This also makes it
+identical to the perl function of the same name; see "perldoc -f quotemeta".)
+For example, "1.5-2.0?" becomes "1\e.5\e-2\e.0\e?".
+.
+.SH "PARTIAL MATCHES"
+.rs
+.sp
+You can use the "PartialMatch" operation when you want the pattern
+to match any substring of the text.
+.sp
+  Example: simple search for a string:
+     pcrecpp::RE("ell").PartialMatch("hello");
+.sp
+  Example: find first number in a string:
+     int number;
+     pcrecpp::RE re("(\e\ed+)");
+     re.PartialMatch("x*100 + 20", &number);
+     assert(number == 100);
+.
+.
+.SH "UTF-8 AND THE MATCHING INTERFACE"
+.rs
+.sp
+By default, pattern and text are plain text, one byte per character. The UTF8
+flag, passed to the constructor, causes both pattern and string to be treated
+as UTF-8 text, still a byte stream but potentially multiple bytes per
+character. In practice, the text is likelier to be UTF-8 than the pattern, but
+the match returned may depend on the UTF8 flag, so always use it when matching
+UTF8 text. For example, "." will match one byte normally but with UTF8 set may
+match up to three bytes of a multi-byte character.
+.sp
+  Example:
+     pcrecpp::RE_Options options;
+     options.set_utf8();
+     pcrecpp::RE re(utf8_pattern, options);
+     re.FullMatch(utf8_string);
+.sp
+  Example: using the convenience function UTF8():
+     pcrecpp::RE re(utf8_pattern, pcrecpp::UTF8());
+     re.FullMatch(utf8_string);
+.sp
+NOTE: The UTF8 flag is ignored if pcre was not configured with the
+      --enable-utf8 flag.
+.
+.
+.SH "PASSING MODIFIERS TO THE REGULAR EXPRESSION ENGINE"
+.rs
+.sp
+PCRE defines some modifiers to change the behavior of the regular expression
+engine. The C++ wrapper defines an auxiliary class, RE_Options, as a vehicle to
+pass such modifiers to a RE class. Currently, the following modifiers are
+supported:
+.sp
+   modifier              description               Perl corresponding
+.sp
+   PCRE_CASELESS         case insensitive match      /i
+   PCRE_MULTILINE        multiple lines match        /m
+   PCRE_DOTALL           dot matches newlines        /s
+   PCRE_DOLLAR_ENDONLY   $ matches only at end       N/A
+   PCRE_EXTRA            strict escape parsing       N/A
+   PCRE_EXTENDED         ignore white spaces         /x
+   PCRE_UTF8             handles UTF8 chars          built-in
+   PCRE_UNGREEDY         reverses * and *?           N/A
+   PCRE_NO_AUTO_CAPTURE  disables capturing parens   N/A (*)
+.sp
+(*) Both Perl and PCRE allow non capturing parentheses by means of the
+"?:" modifier within the pattern itself. e.g. (?:ab|cd) does not
+capture, while (ab|cd) does.
+.P
+For a full account on how each modifier works, please check the
+PCRE API reference page.
+.P
+For each modifier, there are two member functions whose name is made
+out of the modifier in lowercase, without the "PCRE_" prefix. For
+instance, PCRE_CASELESS is handled by
+.sp
+  bool caseless()
+.sp
+which returns true if the modifier is set, and
+.sp
+  RE_Options & set_caseless(bool)
+.sp
+which sets or unsets the modifier. Moreover, PCRE_EXTRA_MATCH_LIMIT can be
+accessed through the \fBset_match_limit()\fP and \fBmatch_limit()\fP member
+functions. Setting \fImatch_limit\fP to a non-zero value will limit the
+execution of pcre to keep it from doing bad things like blowing the stack or
+taking an eternity to return a result. A value of 5000 is good enough to stop
+stack blowup in a 2MB thread stack. Setting \fImatch_limit\fP to zero disables
+match limiting. Alternatively, you can call \fBmatch_limit_recursion()\fP
+which uses PCRE_EXTRA_MATCH_LIMIT_RECURSION to limit how much PCRE
+recurses. \fBmatch_limit()\fP limits the number of matches PCRE does;
+\fBmatch_limit_recursion()\fP limits the depth of internal recursion, and
+therefore the amount of stack that is used.
+.P
+Normally, to pass one or more modifiers to a RE class, you declare
+a \fIRE_Options\fP object, set the appropriate options, and pass this
+object to a RE constructor. Example:
+.sp
+   RE_Options opt;
+   opt.set_caseless(true);
+   if (RE("HELLO", opt).PartialMatch("hello world")) ...
+.sp
+RE_options has two constructors. The default constructor takes no arguments and
+creates a set of flags that are off by default. The optional parameter
+\fIoption_flags\fP is to facilitate transfer of legacy code from C programs.
+This lets you do
+.sp
+   RE(pattern,
+     RE_Options(PCRE_CASELESS|PCRE_MULTILINE)).PartialMatch(str);
+.sp
+However, new code is better off doing
+.sp
+   RE(pattern,
+     RE_Options().set_caseless(true).set_multiline(true))
+       .PartialMatch(str);
+.sp
+If you are going to pass one of the most used modifiers, there are some
+convenience functions that return a RE_Options class with the
+appropriate modifier already set: \fBCASELESS()\fP, \fBUTF8()\fP,
+\fBMULTILINE()\fP, \fBDOTALL\fP(), and \fBEXTENDED()\fP.
+.P
+If you need to set several options at once, and you don't want to go through
+the pains of declaring a RE_Options object and setting several options, there
+is a parallel method that give you such ability on the fly. You can concatenate
+several \fBset_xxxxx()\fP member functions, since each of them returns a
+reference to its class object. For example, to pass PCRE_CASELESS,
+PCRE_EXTENDED, and PCRE_MULTILINE to a RE with one statement, you may write:
+.sp
+   RE(" ^ xyz \e\es+ .* blah$",
+     RE_Options()
+       .set_caseless(true)
+       .set_extended(true)
+       .set_multiline(true)).PartialMatch(sometext);
+.sp
+.
+.
+.SH "SCANNING TEXT INCREMENTALLY"
+.rs
+.sp
+The "Consume" operation may be useful if you want to repeatedly
+match regular expressions at the front of a string and skip over
+them as they match. This requires use of the "StringPiece" type,
+which represents a sub-range of a real string. Like RE, StringPiece
+is defined in the pcrecpp namespace.
+.sp
+  Example: read lines of the form "var = value" from a string.
+     string contents = ...;                 // Fill string somehow
+     pcrecpp::StringPiece input(contents);  // Wrap in a StringPiece
+.sp
+     string var;
+     int value;
+     pcrecpp::RE re("(\e\ew+) = (\e\ed+)\en");
+     while (re.Consume(&input, &var, &value)) {
+       ...;
+     }
+.sp
+Each successful call to "Consume" will set "var/value", and also
+advance "input" so it points past the matched text.
+.P
+The "FindAndConsume" operation is similar to "Consume" but does not
+anchor your match at the beginning of the string. For example, you
+could extract all words from a string by repeatedly calling
+.sp
+  pcrecpp::RE("(\e\ew+)").FindAndConsume(&input, &word)
+.
+.
+.SH "PARSING HEX/OCTAL/C-RADIX NUMBERS"
+.rs
+.sp
+By default, if you pass a pointer to a numeric value, the
+corresponding text is interpreted as a base-10 number. You can
+instead wrap the pointer with a call to one of the operators Hex(),
+Octal(), or CRadix() to interpret the text in another base. The
+CRadix operator interprets C-style "0" (base-8) and "0x" (base-16)
+prefixes, but defaults to base-10.
+.sp
+  Example:
+    int a, b, c, d;
+    pcrecpp::RE re("(.*) (.*) (.*) (.*)");
+    re.FullMatch("100 40 0100 0x40",
+                 pcrecpp::Octal(&a), pcrecpp::Hex(&b),
+                 pcrecpp::CRadix(&c), pcrecpp::CRadix(&d));
+.sp
+will leave 64 in a, b, c, and d.
+.
+.
+.SH "REPLACING PARTS OF STRINGS"
+.rs
+.sp
+You can replace the first match of "pattern" in "str" with "rewrite".
+Within "rewrite", backslash-escaped digits (\e1 to \e9) can be
+used to insert text matching corresponding parenthesized group
+from the pattern. \e0 in "rewrite" refers to the entire matching
+text. For example:
+.sp
+  string s = "yabba dabba doo";
+  pcrecpp::RE("b+").Replace("d", &s);
+.sp
+will leave "s" containing "yada dabba doo". The result is true if the pattern
+matches and a replacement occurs, false otherwise.
+.P
+\fBGlobalReplace\fP is like \fBReplace\fP except that it replaces all
+occurrences of the pattern in the string with the rewrite. Replacements are
+not subject to re-matching. For example:
+.sp
+  string s = "yabba dabba doo";
+  pcrecpp::RE("b+").GlobalReplace("d", &s);
+.sp
+will leave "s" containing "yada dada doo". It returns the number of
+replacements made.
+.P
+\fBExtract\fP is like \fBReplace\fP, except that if the pattern matches,
+"rewrite" is copied into "out" (an additional argument) with substitutions.
+The non-matching portions of "text" are ignored. Returns true iff a match
+occurred and the extraction happened successfully;  if no match occurs, the
+string is left unaffected.
+.
+.
+.SH AUTHOR
+.rs
+.sp
+.nf
+The C++ wrapper was contributed by Google Inc.
+Copyright (c) 2007 Google Inc.
+.fi
+.
+.
+.SH REVISION
+.rs
+.sp
+.nf
+Last updated: 08 January 2012
+.fi
diff --git a/client/3rd/ShadowSocks/ShadowSocks/pcre/armv7s/share/man/man3/pcredemo.3 b/client/3rd/ShadowSocks/ShadowSocks/pcre/armv7s/share/man/man3/pcredemo.3
new file mode 100644
index 00000000..194629b1
--- /dev/null
+++ b/client/3rd/ShadowSocks/ShadowSocks/pcre/armv7s/share/man/man3/pcredemo.3
@@ -0,0 +1,424 @@
+.\" Start example.
+.de EX
+.  nr mE \\n(.f
+.  nf
+.  nh
+.  ft CW
+..
+.
+.
+.\" End example.
+.de EE
+.  ft \\n(mE
+.  fi
+.  hy \\n(HY
+..
+.
+.EX
+/*************************************************
+*           PCRE DEMONSTRATION PROGRAM           *
+*************************************************/
+
+/* This is a demonstration program to illustrate the most straightforward ways
+of calling the PCRE regular expression library from a C program. See the
+pcresample documentation for a short discussion ("man pcresample" if you have
+the PCRE man pages installed).
+
+In Unix-like environments, if PCRE is installed in your standard system
+libraries, you should be able to compile this program using this command:
+
+gcc -Wall pcredemo.c -lpcre -o pcredemo
+
+If PCRE is not installed in a standard place, it is likely to be installed with
+support for the pkg-config mechanism. If you have pkg-config, you can compile
+this program using this command:
+
+gcc -Wall pcredemo.c `pkg-config --cflags --libs libpcre` -o pcredemo
+
+If you do not have pkg-config, you may have to use this:
+
+gcc -Wall pcredemo.c -I/usr/local/include -L/usr/local/lib \e
+  -R/usr/local/lib -lpcre -o pcredemo
+
+Replace "/usr/local/include" and "/usr/local/lib" with wherever the include and
+library files for PCRE are installed on your system. Only some operating
+systems (e.g. Solaris) use the -R option.
+
+Building under Windows:
+
+If you want to statically link this program against a non-dll .a file, you must
+define PCRE_STATIC before including pcre.h, otherwise the pcre_malloc() and
+pcre_free() exported functions will be declared __declspec(dllimport), with
+unwanted results. So in this environment, uncomment the following line. */
+
+/* #define PCRE_STATIC */
+
+#include <stdio.h>
+#include <string.h>
+#include <pcre.h>
+
+#define OVECCOUNT 30    /* should be a multiple of 3 */
+
+
+int main(int argc, char **argv)
+{
+pcre *re;
+const char *error;
+char *pattern;
+char *subject;
+unsigned char *name_table;
+unsigned int option_bits;
+int erroffset;
+int find_all;
+int crlf_is_newline;
+int namecount;
+int name_entry_size;
+int ovector[OVECCOUNT];
+int subject_length;
+int rc, i;
+int utf8;
+
+
+/**************************************************************************
+* First, sort out the command line. There is only one possible option at  *
+* the moment, "-g" to request repeated matching to find all occurrences,  *
+* like Perl's /g option. We set the variable find_all to a non-zero value *
+* if the -g option is present. Apart from that, there must be exactly two *
+* arguments.                                                              *
+**************************************************************************/
+
+find_all = 0;
+for (i = 1; i < argc; i++)
+  {
+  if (strcmp(argv[i], "-g") == 0) find_all = 1;
+    else break;
+  }
+
+/* After the options, we require exactly two arguments, which are the pattern,
+and the subject string. */
+
+if (argc - i != 2)
+  {
+  printf("Two arguments required: a regex and a subject string\en");
+  return 1;
+  }
+
+pattern = argv[i];
+subject = argv[i+1];
+subject_length = (int)strlen(subject);
+
+
+/*************************************************************************
+* Now we are going to compile the regular expression pattern, and handle *
+* and errors that are detected.                                          *
+*************************************************************************/
+
+re = pcre_compile(
+  pattern,              /* the pattern */
+  0,                    /* default options */
+  &error,               /* for error message */
+  &erroffset,           /* for error offset */
+  NULL);                /* use default character tables */
+
+/* Compilation failed: print the error message and exit */
+
+if (re == NULL)
+  {
+  printf("PCRE compilation failed at offset %d: %s\en", erroffset, error);
+  return 1;
+  }
+
+
+/*************************************************************************
+* If the compilation succeeded, we call PCRE again, in order to do a     *
+* pattern match against the subject string. This does just ONE match. If *
+* further matching is needed, it will be done below.                     *
+*************************************************************************/
+
+rc = pcre_exec(
+  re,                   /* the compiled pattern */
+  NULL,                 /* no extra data - we didn't study the pattern */
+  subject,              /* the subject string */
+  subject_length,       /* the length of the subject */
+  0,                    /* start at offset 0 in the subject */
+  0,                    /* default options */
+  ovector,              /* output vector for substring information */
+  OVECCOUNT);           /* number of elements in the output vector */
+
+/* Matching failed: handle error cases */
+
+if (rc < 0)
+  {
+  switch(rc)
+    {
+    case PCRE_ERROR_NOMATCH: printf("No match\en"); break;
+    /*
+    Handle other special cases if you like
+    */
+    default: printf("Matching error %d\en", rc); break;
+    }
+  pcre_free(re);     /* Release memory used for the compiled pattern */
+  return 1;
+  }
+
+/* Match succeded */
+
+printf("\enMatch succeeded at offset %d\en", ovector[0]);
+
+
+/*************************************************************************
+* We have found the first match within the subject string. If the output *
+* vector wasn't big enough, say so. Then output any substrings that were *
+* captured.                                                              *
+*************************************************************************/
+
+/* The output vector wasn't big enough */
+
+if (rc == 0)
+  {
+  rc = OVECCOUNT/3;
+  printf("ovector only has room for %d captured substrings\en", rc - 1);
+  }
+
+/* Show substrings stored in the output vector by number. Obviously, in a real
+application you might want to do things other than print them. */
+
+for (i = 0; i < rc; i++)
+  {
+  char *substring_start = subject + ovector[2*i];
+  int substring_length = ovector[2*i+1] - ovector[2*i];
+  printf("%2d: %.*s\en", i, substring_length, substring_start);
+  }
+
+
+/**************************************************************************
+* That concludes the basic part of this demonstration program. We have    *
+* compiled a pattern, and performed a single match. The code that follows *
+* shows first how to access named substrings, and then how to code for    *
+* repeated matches on the same subject.                                   *
+**************************************************************************/
+
+/* See if there are any named substrings, and if so, show them by name. First
+we have to extract the count of named parentheses from the pattern. */
+
+(void)pcre_fullinfo(
+  re,                   /* the compiled pattern */
+  NULL,                 /* no extra data - we didn't study the pattern */
+  PCRE_INFO_NAMECOUNT,  /* number of named substrings */
+  &namecount);          /* where to put the answer */
+
+if (namecount <= 0) printf("No named substrings\en"); else
+  {
+  unsigned char *tabptr;
+  printf("Named substrings\en");
+
+  /* Before we can access the substrings, we must extract the table for
+  translating names to numbers, and the size of each entry in the table. */
+
+  (void)pcre_fullinfo(
+    re,                       /* the compiled pattern */
+    NULL,                     /* no extra data - we didn't study the pattern */
+    PCRE_INFO_NAMETABLE,      /* address of the table */
+    &name_table);             /* where to put the answer */
+
+  (void)pcre_fullinfo(
+    re,                       /* the compiled pattern */
+    NULL,                     /* no extra data - we didn't study the pattern */
+    PCRE_INFO_NAMEENTRYSIZE,  /* size of each entry in the table */
+    &name_entry_size);        /* where to put the answer */
+
+  /* Now we can scan the table and, for each entry, print the number, the name,
+  and the substring itself. */
+
+  tabptr = name_table;
+  for (i = 0; i < namecount; i++)
+    {
+    int n = (tabptr[0] << 8) | tabptr[1];
+    printf("(%d) %*s: %.*s\en", n, name_entry_size - 3, tabptr + 2,
+      ovector[2*n+1] - ovector[2*n], subject + ovector[2*n]);
+    tabptr += name_entry_size;
+    }
+  }
+
+
+/*************************************************************************
+* If the "-g" option was given on the command line, we want to continue  *
+* to search for additional matches in the subject string, in a similar   *
+* way to the /g option in Perl. This turns out to be trickier than you   *
+* might think because of the possibility of matching an empty string.    *
+* What happens is as follows:                                            *
+*                                                                        *
+* If the previous match was NOT for an empty string, we can just start   *
+* the next match at the end of the previous one.                         *
+*                                                                        *
+* If the previous match WAS for an empty string, we can't do that, as it *
+* would lead to an infinite loop. Instead, a special call of pcre_exec() *
+* is made with the PCRE_NOTEMPTY_ATSTART and PCRE_ANCHORED flags set.    *
+* The first of these tells PCRE that an empty string at the start of the *
+* subject is not a valid match; other possibilities must be tried. The   *
+* second flag restricts PCRE to one match attempt at the initial string  *
+* position. If this match succeeds, an alternative to the empty string   *
+* match has been found, and we can print it and proceed round the loop,  *
+* advancing by the length of whatever was found. If this match does not  *
+* succeed, we still stay in the loop, advancing by just one character.   *
+* In UTF-8 mode, which can be set by (*UTF8) in the pattern, this may be *
+* more than one byte.                                                    *
+*                                                                        *
+* However, there is a complication concerned with newlines. When the     *
+* newline convention is such that CRLF is a valid newline, we must       *
+* advance by two characters rather than one. The newline convention can  *
+* be set in the regex by (*CR), etc.; if not, we must find the default.  *
+*************************************************************************/
+
+if (!find_all)     /* Check for -g */
+  {
+  pcre_free(re);   /* Release the memory used for the compiled pattern */
+  return 0;        /* Finish unless -g was given */
+  }
+
+/* Before running the loop, check for UTF-8 and whether CRLF is a valid newline
+sequence. First, find the options with which the regex was compiled; extract
+the UTF-8 state, and mask off all but the newline options. */
+
+(void)pcre_fullinfo(re, NULL, PCRE_INFO_OPTIONS, &option_bits);
+utf8 = option_bits & PCRE_UTF8;
+option_bits &= PCRE_NEWLINE_CR|PCRE_NEWLINE_LF|PCRE_NEWLINE_CRLF|
+               PCRE_NEWLINE_ANY|PCRE_NEWLINE_ANYCRLF;
+
+/* If no newline options were set, find the default newline convention from the
+build configuration. */
+
+if (option_bits == 0)
+  {
+  int d;
+  (void)pcre_config(PCRE_CONFIG_NEWLINE, &d);
+  /* Note that these values are always the ASCII ones, even in
+  EBCDIC environments. CR = 13, NL = 10. */
+  option_bits = (d == 13)? PCRE_NEWLINE_CR :
+          (d == 10)? PCRE_NEWLINE_LF :
+          (d == (13<<8 | 10))? PCRE_NEWLINE_CRLF :
+          (d == -2)? PCRE_NEWLINE_ANYCRLF :
+          (d == -1)? PCRE_NEWLINE_ANY : 0;
+  }
+
+/* See if CRLF is a valid newline sequence. */
+
+crlf_is_newline =
+     option_bits == PCRE_NEWLINE_ANY ||
+     option_bits == PCRE_NEWLINE_CRLF ||
+     option_bits == PCRE_NEWLINE_ANYCRLF;
+
+/* Loop for second and subsequent matches */
+
+for (;;)
+  {
+  int options = 0;                 /* Normally no options */
+  int start_offset = ovector[1];   /* Start at end of previous match */
+
+  /* If the previous match was for an empty string, we are finished if we are
+  at the end of the subject. Otherwise, arrange to run another match at the
+  same point to see if a non-empty match can be found. */
+
+  if (ovector[0] == ovector[1])
+    {
+    if (ovector[0] == subject_length) break;
+    options = PCRE_NOTEMPTY_ATSTART | PCRE_ANCHORED;
+    }
+
+  /* Run the next matching operation */
+
+  rc = pcre_exec(
+    re,                   /* the compiled pattern */
+    NULL,                 /* no extra data - we didn't study the pattern */
+    subject,              /* the subject string */
+    subject_length,       /* the length of the subject */
+    start_offset,         /* starting offset in the subject */
+    options,              /* options */
+    ovector,              /* output vector for substring information */
+    OVECCOUNT);           /* number of elements in the output vector */
+
+  /* This time, a result of NOMATCH isn't an error. If the value in "options"
+  is zero, it just means we have found all possible matches, so the loop ends.
+  Otherwise, it means we have failed to find a non-empty-string match at a
+  point where there was a previous empty-string match. In this case, we do what
+  Perl does: advance the matching position by one character, and continue. We
+  do this by setting the "end of previous match" offset, because that is picked
+  up at the top of the loop as the point at which to start again.
+
+  There are two complications: (a) When CRLF is a valid newline sequence, and
+  the current position is just before it, advance by an extra byte. (b)
+  Otherwise we must ensure that we skip an entire UTF-8 character if we are in
+  UTF-8 mode. */
+
+  if (rc == PCRE_ERROR_NOMATCH)
+    {
+    if (options == 0) break;                    /* All matches found */
+    ovector[1] = start_offset + 1;              /* Advance one byte */
+    if (crlf_is_newline &&                      /* If CRLF is newline & */
+        start_offset < subject_length - 1 &&    /* we are at CRLF, */
+        subject[start_offset] == '\er' &&
+        subject[start_offset + 1] == '\en')
+      ovector[1] += 1;                          /* Advance by one more. */
+    else if (utf8)                              /* Otherwise, ensure we */
+      {                                         /* advance a whole UTF-8 */
+      while (ovector[1] < subject_length)       /* character. */
+        {
+        if ((subject[ovector[1]] & 0xc0) != 0x80) break;
+        ovector[1] += 1;
+        }
+      }
+    continue;    /* Go round the loop again */
+    }
+
+  /* Other matching errors are not recoverable. */
+
+  if (rc < 0)
+    {
+    printf("Matching error %d\en", rc);
+    pcre_free(re);    /* Release memory used for the compiled pattern */
+    return 1;
+    }
+
+  /* Match succeded */
+
+  printf("\enMatch succeeded again at offset %d\en", ovector[0]);
+
+  /* The match succeeded, but the output vector wasn't big enough. */
+
+  if (rc == 0)
+    {
+    rc = OVECCOUNT/3;
+    printf("ovector only has room for %d captured substrings\en", rc - 1);
+    }
+
+  /* As before, show substrings stored in the output vector by number, and then
+  also any named substrings. */
+
+  for (i = 0; i < rc; i++)
+    {
+    char *substring_start = subject + ovector[2*i];
+    int substring_length = ovector[2*i+1] - ovector[2*i];
+    printf("%2d: %.*s\en", i, substring_length, substring_start);
+    }
+
+  if (namecount <= 0) printf("No named substrings\en"); else
+    {
+    unsigned char *tabptr = name_table;
+    printf("Named substrings\en");
+    for (i = 0; i < namecount; i++)
+      {
+      int n = (tabptr[0] << 8) | tabptr[1];
+      printf("(%d) %*s: %.*s\en", n, name_entry_size - 3, tabptr + 2,
+        ovector[2*n+1] - ovector[2*n], subject + ovector[2*n]);
+      tabptr += name_entry_size;
+      }
+    }
+  }      /* End of loop to find second and subsequent matches */
+
+printf("\en");
+pcre_free(re);       /* Release memory used for the compiled pattern */
+return 0;
+}
+
+/* End of pcredemo.c */
+.EE
diff --git a/client/3rd/ShadowSocks/ShadowSocks/pcre/armv7s/share/man/man3/pcrejit.3 b/client/3rd/ShadowSocks/ShadowSocks/pcre/armv7s/share/man/man3/pcrejit.3
new file mode 100644
index 00000000..3b785f0f
--- /dev/null
+++ b/client/3rd/ShadowSocks/ShadowSocks/pcre/armv7s/share/man/man3/pcrejit.3
@@ -0,0 +1,473 @@
+.TH PCREJIT 3 "05 July 2017" "PCRE 8.41"
+.SH NAME
+PCRE - Perl-compatible regular expressions
+.SH "PCRE JUST-IN-TIME COMPILER SUPPORT"
+.rs
+.sp
+Just-in-time compiling is a heavyweight optimization that can greatly speed up
+pattern matching. However, it comes at the cost of extra processing before the
+match is performed. Therefore, it is of most benefit when the same pattern is
+going to be matched many times. This does not necessarily mean many calls of a
+matching function; if the pattern is not anchored, matching attempts may take
+place many times at various positions in the subject, even for a single call.
+Therefore, if the subject string is very long, it may still pay to use JIT for
+one-off matches.
+.P
+JIT support applies only to the traditional Perl-compatible matching function.
+It does not apply when the DFA matching function is being used. The code for
+this support was written by Zoltan Herczeg.
+.
+.
+.SH "8-BIT, 16-BIT AND 32-BIT SUPPORT"
+.rs
+.sp
+JIT support is available for all of the 8-bit, 16-bit and 32-bit PCRE
+libraries. To keep this documentation simple, only the 8-bit interface is
+described in what follows. If you are using the 16-bit library, substitute the
+16-bit functions and 16-bit structures (for example, \fIpcre16_jit_stack\fP
+instead of \fIpcre_jit_stack\fP). If you are using the 32-bit library,
+substitute the 32-bit functions and 32-bit structures (for example,
+\fIpcre32_jit_stack\fP instead of \fIpcre_jit_stack\fP).
+.
+.
+.SH "AVAILABILITY OF JIT SUPPORT"
+.rs
+.sp
+JIT support is an optional feature of PCRE. The "configure" option --enable-jit
+(or equivalent CMake option) must be set when PCRE is built if you want to use
+JIT. The support is limited to the following hardware platforms:
+.sp
+  ARM v5, v7, and Thumb2
+  Intel x86 32-bit and 64-bit
+  MIPS 32-bit
+  Power PC 32-bit and 64-bit
+  SPARC 32-bit (experimental)
+.sp
+If --enable-jit is set on an unsupported platform, compilation fails.
+.P
+A program that is linked with PCRE 8.20 or later can tell if JIT support is
+available by calling \fBpcre_config()\fP with the PCRE_CONFIG_JIT option. The
+result is 1 when JIT is available, and 0 otherwise. However, a simple program
+does not need to check this in order to use JIT. The normal API is implemented
+in a way that falls back to the interpretive code if JIT is not available. For
+programs that need the best possible performance, there is also a "fast path"
+API that is JIT-specific.
+.P
+If your program may sometimes be linked with versions of PCRE that are older
+than 8.20, but you want to use JIT when it is available, you can test the
+values of PCRE_MAJOR and PCRE_MINOR, or the existence of a JIT macro such as
+PCRE_CONFIG_JIT, for compile-time control of your code. Also beware that the
+\fBpcre_jit_exec()\fP function was not available at all before 8.32,
+and may not be available at all if PCRE isn't compiled with
+--enable-jit. See the "JIT FAST PATH API" section below for details.
+.
+.
+.SH "SIMPLE USE OF JIT"
+.rs
+.sp
+You have to do two things to make use of the JIT support in the simplest way:
+.sp
+  (1) Call \fBpcre_study()\fP with the PCRE_STUDY_JIT_COMPILE option for
+      each compiled pattern, and pass the resulting \fBpcre_extra\fP block to
+      \fBpcre_exec()\fP.
+.sp
+  (2) Use \fBpcre_free_study()\fP to free the \fBpcre_extra\fP block when it is
+      no longer needed, instead of just freeing it yourself. This ensures that
+      any JIT data is also freed.
+.sp
+For a program that may be linked with pre-8.20 versions of PCRE, you can insert
+.sp
+  #ifndef PCRE_STUDY_JIT_COMPILE
+  #define PCRE_STUDY_JIT_COMPILE 0
+  #endif
+.sp
+so that no option is passed to \fBpcre_study()\fP, and then use something like
+this to free the study data:
+.sp
+  #ifdef PCRE_CONFIG_JIT
+      pcre_free_study(study_ptr);
+  #else
+      pcre_free(study_ptr);
+  #endif
+.sp
+PCRE_STUDY_JIT_COMPILE requests the JIT compiler to generate code for complete
+matches. If you want to run partial matches using the PCRE_PARTIAL_HARD or
+PCRE_PARTIAL_SOFT options of \fBpcre_exec()\fP, you should set one or both of
+the following options in addition to, or instead of, PCRE_STUDY_JIT_COMPILE
+when you call \fBpcre_study()\fP:
+.sp
+  PCRE_STUDY_JIT_PARTIAL_HARD_COMPILE
+  PCRE_STUDY_JIT_PARTIAL_SOFT_COMPILE
+.sp
+If using \fBpcre_jit_exec()\fP and supporting a pre-8.32 version of
+PCRE, you can insert:
+.sp
+   #if PCRE_MAJOR >= 8 && PCRE_MINOR >= 32
+   pcre_jit_exec(...);
+   #else
+   pcre_exec(...)
+   #endif
+.sp
+but as described in the "JIT FAST PATH API" section below this assumes
+version 8.32 and later are compiled with --enable-jit, which may
+break.
+.sp
+The JIT compiler generates different optimized code for each of the three
+modes (normal, soft partial, hard partial). When \fBpcre_exec()\fP is called,
+the appropriate code is run if it is available. Otherwise, the pattern is
+matched using interpretive code.
+.P
+In some circumstances you may need to call additional functions. These are
+described in the section entitled
+.\" HTML <a href="#stackcontrol">
+.\" </a>
+"Controlling the JIT stack"
+.\"
+below.
+.P
+If JIT support is not available, PCRE_STUDY_JIT_COMPILE etc. are ignored, and
+no JIT data is created. Otherwise, the compiled pattern is passed to the JIT
+compiler, which turns it into machine code that executes much faster than the
+normal interpretive code. When \fBpcre_exec()\fP is passed a \fBpcre_extra\fP
+block containing a pointer to JIT code of the appropriate mode (normal or
+hard/soft partial), it obeys that code instead of running the interpreter. The
+result is identical, but the compiled JIT code runs much faster.
+.P
+There are some \fBpcre_exec()\fP options that are not supported for JIT
+execution. There are also some pattern items that JIT cannot handle. Details
+are given below. In both cases, execution automatically falls back to the
+interpretive code. If you want to know whether JIT was actually used for a
+particular match, you should arrange for a JIT callback function to be set up
+as described in the section entitled
+.\" HTML <a href="#stackcontrol">
+.\" </a>
+"Controlling the JIT stack"
+.\"
+below, even if you do not need to supply a non-default JIT stack. Such a
+callback function is called whenever JIT code is about to be obeyed. If the
+execution options are not right for JIT execution, the callback function is not
+obeyed.
+.P
+If the JIT compiler finds an unsupported item, no JIT data is generated. You
+can find out if JIT execution is available after studying a pattern by calling
+\fBpcre_fullinfo()\fP with the PCRE_INFO_JIT option. A result of 1 means that
+JIT compilation was successful. A result of 0 means that JIT support is not
+available, or the pattern was not studied with PCRE_STUDY_JIT_COMPILE etc., or
+the JIT compiler was not able to handle the pattern.
+.P
+Once a pattern has been studied, with or without JIT, it can be used as many
+times as you like for matching different subject strings.
+.
+.
+.SH "UNSUPPORTED OPTIONS AND PATTERN ITEMS"
+.rs
+.sp
+The only \fBpcre_exec()\fP options that are supported for JIT execution are
+PCRE_NO_UTF8_CHECK, PCRE_NO_UTF16_CHECK, PCRE_NO_UTF32_CHECK, PCRE_NOTBOL,
+PCRE_NOTEOL, PCRE_NOTEMPTY, PCRE_NOTEMPTY_ATSTART, PCRE_PARTIAL_HARD, and
+PCRE_PARTIAL_SOFT.
+.P
+The only unsupported pattern items are \eC (match a single data unit) when
+running in a UTF mode, and a callout immediately before an assertion condition
+in a conditional group.
+.
+.
+.SH "RETURN VALUES FROM JIT EXECUTION"
+.rs
+.sp
+When a pattern is matched using JIT execution, the return values are the same
+as those given by the interpretive \fBpcre_exec()\fP code, with the addition of
+one new error code: PCRE_ERROR_JIT_STACKLIMIT. This means that the memory used
+for the JIT stack was insufficient. See
+.\" HTML <a href="#stackcontrol">
+.\" </a>
+"Controlling the JIT stack"
+.\"
+below for a discussion of JIT stack usage. For compatibility with the
+interpretive \fBpcre_exec()\fP code, no more than two-thirds of the
+\fIovector\fP argument is used for passing back captured substrings.
+.P
+The error code PCRE_ERROR_MATCHLIMIT is returned by the JIT code if searching a
+very large pattern tree goes on for too long, as it is in the same circumstance
+when JIT is not used, but the details of exactly what is counted are not the
+same. The PCRE_ERROR_RECURSIONLIMIT error code is never returned by JIT
+execution.
+.
+.
+.SH "SAVING AND RESTORING COMPILED PATTERNS"
+.rs
+.sp
+The code that is generated by the JIT compiler is architecture-specific, and is
+also position dependent. For those reasons it cannot be saved (in a file or
+database) and restored later like the bytecode and other data of a compiled
+pattern. Saving and restoring compiled patterns is not something many people
+do. More detail about this facility is given in the
+.\" HREF
+\fBpcreprecompile\fP
+.\"
+documentation. It should be possible to run \fBpcre_study()\fP on a saved and
+restored pattern, and thereby recreate the JIT data, but because JIT
+compilation uses significant resources, it is probably not worth doing this;
+you might as well recompile the original pattern.
+.
+.
+.\" HTML <a name="stackcontrol"></a>
+.SH "CONTROLLING THE JIT STACK"
+.rs
+.sp
+When the compiled JIT code runs, it needs a block of memory to use as a stack.
+By default, it uses 32K on the machine stack. However, some large or
+complicated patterns need more than this. The error PCRE_ERROR_JIT_STACKLIMIT
+is given when there is not enough stack. Three functions are provided for
+managing blocks of memory for use as JIT stacks. There is further discussion
+about the use of JIT stacks in the section entitled
+.\" HTML <a href="#stackcontrol">
+.\" </a>
+"JIT stack FAQ"
+.\"
+below.
+.P
+The \fBpcre_jit_stack_alloc()\fP function creates a JIT stack. Its arguments
+are a starting size and a maximum size, and it returns a pointer to an opaque
+structure of type \fBpcre_jit_stack\fP, or NULL if there is an error. The
+\fBpcre_jit_stack_free()\fP function can be used to free a stack that is no
+longer needed. (For the technically minded: the address space is allocated by
+mmap or VirtualAlloc.)
+.P
+JIT uses far less memory for recursion than the interpretive code,
+and a maximum stack size of 512K to 1M should be more than enough for any
+pattern.
+.P
+The \fBpcre_assign_jit_stack()\fP function specifies which stack JIT code
+should use. Its arguments are as follows:
+.sp
+  pcre_extra         *extra
+  pcre_jit_callback  callback
+  void               *data
+.sp
+The \fIextra\fP argument must be the result of studying a pattern with
+PCRE_STUDY_JIT_COMPILE etc. There are three cases for the values of the other
+two options:
+.sp
+  (1) If \fIcallback\fP is NULL and \fIdata\fP is NULL, an internal 32K block
+      on the machine stack is used.
+.sp
+  (2) If \fIcallback\fP is NULL and \fIdata\fP is not NULL, \fIdata\fP must be
+      a valid JIT stack, the result of calling \fBpcre_jit_stack_alloc()\fP.
+.sp
+  (3) If \fIcallback\fP is not NULL, it must point to a function that is
+      called with \fIdata\fP as an argument at the start of matching, in
+      order to set up a JIT stack. If the return from the callback
+      function is NULL, the internal 32K stack is used; otherwise the
+      return value must be a valid JIT stack, the result of calling
+      \fBpcre_jit_stack_alloc()\fP.
+.sp
+A callback function is obeyed whenever JIT code is about to be run; it is not
+obeyed when \fBpcre_exec()\fP is called with options that are incompatible for
+JIT execution. A callback function can therefore be used to determine whether a
+match operation was executed by JIT or by the interpreter.
+.P
+You may safely use the same JIT stack for more than one pattern (either by
+assigning directly or by callback), as long as the patterns are all matched
+sequentially in the same thread. In a multithread application, if you do not
+specify a JIT stack, or if you assign or pass back NULL from a callback, that
+is thread-safe, because each thread has its own machine stack. However, if you
+assign or pass back a non-NULL JIT stack, this must be a different stack for
+each thread so that the application is thread-safe.
+.P
+Strictly speaking, even more is allowed. You can assign the same non-NULL stack
+to any number of patterns as long as they are not used for matching by multiple
+threads at the same time. For example, you can assign the same stack to all
+compiled patterns, and use a global mutex in the callback to wait until the
+stack is available for use. However, this is an inefficient solution, and not
+recommended.
+.P
+This is a suggestion for how a multithreaded program that needs to set up
+non-default JIT stacks might operate:
+.sp
+  During thread initalization
+    thread_local_var = pcre_jit_stack_alloc(...)
+.sp
+  During thread exit
+    pcre_jit_stack_free(thread_local_var)
+.sp
+  Use a one-line callback function
+    return thread_local_var
+.sp
+All the functions described in this section do nothing if JIT is not available,
+and \fBpcre_assign_jit_stack()\fP does nothing unless the \fBextra\fP argument
+is non-NULL and points to a \fBpcre_extra\fP block that is the result of a
+successful study with PCRE_STUDY_JIT_COMPILE etc.
+.
+.
+.\" HTML <a name="stackfaq"></a>
+.SH "JIT STACK FAQ"
+.rs
+.sp
+(1) Why do we need JIT stacks?
+.sp
+PCRE (and JIT) is a recursive, depth-first engine, so it needs a stack where
+the local data of the current node is pushed before checking its child nodes.
+Allocating real machine stack on some platforms is difficult. For example, the
+stack chain needs to be updated every time if we extend the stack on PowerPC.
+Although it is possible, its updating time overhead decreases performance. So
+we do the recursion in memory.
+.P
+(2) Why don't we simply allocate blocks of memory with \fBmalloc()\fP?
+.sp
+Modern operating systems have a nice feature: they can reserve an address space
+instead of allocating memory. We can safely allocate memory pages inside this
+address space, so the stack could grow without moving memory data (this is
+important because of pointers). Thus we can allocate 1M address space, and use
+only a single memory page (usually 4K) if that is enough. However, we can still
+grow up to 1M anytime if needed.
+.P
+(3) Who "owns" a JIT stack?
+.sp
+The owner of the stack is the user program, not the JIT studied pattern or
+anything else. The user program must ensure that if a stack is used by
+\fBpcre_exec()\fP, (that is, it is assigned to the pattern currently running),
+that stack must not be used by any other threads (to avoid overwriting the same
+memory area). The best practice for multithreaded programs is to allocate a
+stack for each thread, and return this stack through the JIT callback function.
+.P
+(4) When should a JIT stack be freed?
+.sp
+You can free a JIT stack at any time, as long as it will not be used by
+\fBpcre_exec()\fP again. When you assign the stack to a pattern, only a pointer
+is set. There is no reference counting or any other magic. You can free the
+patterns and stacks in any order, anytime. Just \fIdo not\fP call
+\fBpcre_exec()\fP with a pattern pointing to an already freed stack, as that
+will cause SEGFAULT. (Also, do not free a stack currently used by
+\fBpcre_exec()\fP in another thread). You can also replace the stack for a
+pattern at any time. You can even free the previous stack before assigning a
+replacement.
+.P
+(5) Should I allocate/free a stack every time before/after calling
+\fBpcre_exec()\fP?
+.sp
+No, because this is too costly in terms of resources. However, you could
+implement some clever idea which release the stack if it is not used in let's
+say two minutes. The JIT callback can help to achieve this without keeping a
+list of the currently JIT studied patterns.
+.P
+(6) OK, the stack is for long term memory allocation. But what happens if a
+pattern causes stack overflow with a stack of 1M? Is that 1M kept until the
+stack is freed?
+.sp
+Especially on embedded sytems, it might be a good idea to release memory
+sometimes without freeing the stack. There is no API for this at the moment.
+Probably a function call which returns with the currently allocated memory for
+any stack and another which allows releasing memory (shrinking the stack) would
+be a good idea if someone needs this.
+.P
+(7) This is too much of a headache. Isn't there any better solution for JIT
+stack handling?
+.sp
+No, thanks to Windows. If POSIX threads were used everywhere, we could throw
+out this complicated API.
+.
+.
+.SH "EXAMPLE CODE"
+.rs
+.sp
+This is a single-threaded example that specifies a JIT stack without using a
+callback.
+.sp
+  int rc;
+  int ovector[30];
+  pcre *re;
+  pcre_extra *extra;
+  pcre_jit_stack *jit_stack;
+.sp
+  re = pcre_compile(pattern, 0, &error, &erroffset, NULL);
+  /* Check for errors */
+  extra = pcre_study(re, PCRE_STUDY_JIT_COMPILE, &error);
+  jit_stack = pcre_jit_stack_alloc(32*1024, 512*1024);
+  /* Check for error (NULL) */
+  pcre_assign_jit_stack(extra, NULL, jit_stack);
+  rc = pcre_exec(re, extra, subject, length, 0, 0, ovector, 30);
+  /* Check results */
+  pcre_free(re);
+  pcre_free_study(extra);
+  pcre_jit_stack_free(jit_stack);
+.sp
+.
+.
+.SH "JIT FAST PATH API"
+.rs
+.sp
+Because the API described above falls back to interpreted execution when JIT is
+not available, it is convenient for programs that are written for general use
+in many environments. However, calling JIT via \fBpcre_exec()\fP does have a
+performance impact. Programs that are written for use where JIT is known to be
+available, and which need the best possible performance, can instead use a
+"fast path" API to call JIT execution directly instead of calling
+\fBpcre_exec()\fP (obviously only for patterns that have been successfully
+studied by JIT).
+.P
+The fast path function is called \fBpcre_jit_exec()\fP, and it takes exactly
+the same arguments as \fBpcre_exec()\fP, plus one additional argument that
+must point to a JIT stack. The JIT stack arrangements described above do not
+apply. The return values are the same as for \fBpcre_exec()\fP.
+.P
+When you call \fBpcre_exec()\fP, as well as testing for invalid options, a
+number of other sanity checks are performed on the arguments. For example, if
+the subject pointer is NULL, or its length is negative, an immediate error is
+given. Also, unless PCRE_NO_UTF[8|16|32] is set, a UTF subject string is tested
+for validity. In the interests of speed, these checks do not happen on the JIT
+fast path, and if invalid data is passed, the result is undefined.
+.P
+Bypassing the sanity checks and the \fBpcre_exec()\fP wrapping can give
+speedups of more than 10%.
+.P
+Note that the \fBpcre_jit_exec()\fP function is not available in versions of
+PCRE before 8.32 (released in November 2012). If you need to support versions
+that old you must either use the slower \fBpcre_exec()\fP, or switch between
+the two codepaths by checking the values of PCRE_MAJOR and PCRE_MINOR.
+.P
+Due to an unfortunate implementation oversight, even in versions 8.32
+and later there will be no \fBpcre_jit_exec()\fP stub function defined
+when PCRE is compiled with --disable-jit, which is the default, and
+there's no way to detect whether PCRE was compiled with --enable-jit
+via a macro.
+.P
+If you need to support versions older than 8.32, or versions that may
+not build with --enable-jit, you must either use the slower
+\fBpcre_exec()\fP, or switch between the two codepaths by checking the
+values of PCRE_MAJOR and PCRE_MINOR.
+.P
+Switching between the two by checking the version assumes that all the
+versions being targeted are built with --enable-jit. To also support
+builds that may use --disable-jit either \fBpcre_exec()\fP must be
+used, or a compile-time check for JIT via \fBpcre_config()\fP (which
+assumes the runtime environment will be the same), or as the Git
+project decided to do, simply assume that \fBpcre_jit_exec()\fP is
+present in 8.32 or later unless a compile-time flag is provided, see
+the "grep: un-break building with PCRE >= 8.32 without --enable-jit"
+commit in git.git for an example of that.
+.
+.
+.SH "SEE ALSO"
+.rs
+.sp
+\fBpcreapi\fP(3)
+.
+.
+.SH AUTHOR
+.rs
+.sp
+.nf
+Philip Hazel (FAQ by Zoltan Herczeg)
+University Computing Service
+Cambridge CB2 3QH, England.
+.fi
+.
+.
+.SH REVISION
+.rs
+.sp
+.nf
+Last updated: 05 July 2017
+Copyright (c) 1997-2017 University of Cambridge.
+.fi
diff --git a/client/3rd/ShadowSocks/ShadowSocks/pcre/armv7s/share/man/man3/pcrelimits.3 b/client/3rd/ShadowSocks/ShadowSocks/pcre/armv7s/share/man/man3/pcrelimits.3
new file mode 100644
index 00000000..423d6a27
--- /dev/null
+++ b/client/3rd/ShadowSocks/ShadowSocks/pcre/armv7s/share/man/man3/pcrelimits.3
@@ -0,0 +1,71 @@
+.TH PCRELIMITS 3 "05 November 2013" "PCRE 8.34"
+.SH NAME
+PCRE - Perl-compatible regular expressions
+.SH "SIZE AND OTHER LIMITATIONS"
+.rs
+.sp
+There are some size limitations in PCRE but it is hoped that they will never in
+practice be relevant.
+.P
+The maximum length of a compiled pattern is approximately 64K data units (bytes
+for the 8-bit library, 16-bit units for the 16-bit library, and 32-bit units for
+the 32-bit library) if PCRE is compiled with the default internal linkage size,
+which is 2 bytes for the 8-bit and 16-bit libraries, and 4 bytes for the 32-bit
+library. If you want to process regular expressions that are truly enormous,
+you can compile PCRE with an internal linkage size of 3 or 4 (when building the
+16-bit or 32-bit library, 3 is rounded up to 4). See the \fBREADME\fP file in
+the source distribution and the
+.\" HREF
+\fBpcrebuild\fP
+.\"
+documentation for details. In these cases the limit is substantially larger.
+However, the speed of execution is slower.
+.P
+All values in repeating quantifiers must be less than 65536.
+.P
+There is no limit to the number of parenthesized subpatterns, but there can be
+no more than 65535 capturing subpatterns. There is, however, a limit to the
+depth of nesting of parenthesized subpatterns of all kinds. This is imposed in
+order to limit the amount of system stack used at compile time. The limit can
+be specified when PCRE is built; the default is 250.
+.P
+There is a limit to the number of forward references to subsequent subpatterns
+of around 200,000. Repeated forward references with fixed upper limits, for
+example, (?2){0,100} when subpattern number 2 is to the right, are included in
+the count. There is no limit to the number of backward references.
+.P
+The maximum length of name for a named subpattern is 32 characters, and the
+maximum number of named subpatterns is 10000.
+.P
+The maximum length of a name in a (*MARK), (*PRUNE), (*SKIP), or (*THEN) verb
+is 255 for the 8-bit library and 65535 for the 16-bit and 32-bit libraries.
+.P
+The maximum length of a subject string is the largest positive number that an
+integer variable can hold. However, when using the traditional matching
+function, PCRE uses recursion to handle subpatterns and indefinite repetition.
+This means that the available stack space may limit the size of a subject
+string that can be processed by certain patterns. For a discussion of stack
+issues, see the
+.\" HREF
+\fBpcrestack\fP
+.\"
+documentation.
+.
+.
+.SH AUTHOR
+.rs
+.sp
+.nf
+Philip Hazel
+University Computing Service
+Cambridge CB2 3QH, England.
+.fi
+.
+.
+.SH REVISION
+.rs
+.sp
+.nf
+Last updated: 05 November 2013
+Copyright (c) 1997-2013 University of Cambridge.
+.fi
diff --git a/client/3rd/ShadowSocks/ShadowSocks/pcre/armv7s/share/man/man3/pcrematching.3 b/client/3rd/ShadowSocks/ShadowSocks/pcre/armv7s/share/man/man3/pcrematching.3
new file mode 100644
index 00000000..268baf9b
--- /dev/null
+++ b/client/3rd/ShadowSocks/ShadowSocks/pcre/armv7s/share/man/man3/pcrematching.3
@@ -0,0 +1,214 @@
+.TH PCREMATCHING 3 "12 November 2013" "PCRE 8.34"
+.SH NAME
+PCRE - Perl-compatible regular expressions
+.SH "PCRE MATCHING ALGORITHMS"
+.rs
+.sp
+This document describes the two different algorithms that are available in PCRE
+for matching a compiled regular expression against a given subject string. The
+"standard" algorithm is the one provided by the \fBpcre_exec()\fP,
+\fBpcre16_exec()\fP and \fBpcre32_exec()\fP functions. These work in the same
+as as Perl's matching function, and provide a Perl-compatible matching operation.
+The just-in-time (JIT) optimization that is described in the
+.\" HREF
+\fBpcrejit\fP
+.\"
+documentation is compatible with these functions.
+.P
+An alternative algorithm is provided by the \fBpcre_dfa_exec()\fP,
+\fBpcre16_dfa_exec()\fP and \fBpcre32_dfa_exec()\fP functions; they operate in
+a different way, and are not Perl-compatible. This alternative has advantages
+and disadvantages compared with the standard algorithm, and these are described
+below.
+.P
+When there is only one possible way in which a given subject string can match a
+pattern, the two algorithms give the same answer. A difference arises, however,
+when there are multiple possibilities. For example, if the pattern
+.sp
+  ^<.*>
+.sp
+is matched against the string
+.sp
+  <something> <something else> <something further>
+.sp
+there are three possible answers. The standard algorithm finds only one of
+them, whereas the alternative algorithm finds all three.
+.
+.
+.SH "REGULAR EXPRESSIONS AS TREES"
+.rs
+.sp
+The set of strings that are matched by a regular expression can be represented
+as a tree structure. An unlimited repetition in the pattern makes the tree of
+infinite size, but it is still a tree. Matching the pattern to a given subject
+string (from a given starting point) can be thought of as a search of the tree.
+There are two ways to search a tree: depth-first and breadth-first, and these
+correspond to the two matching algorithms provided by PCRE.
+.
+.
+.SH "THE STANDARD MATCHING ALGORITHM"
+.rs
+.sp
+In the terminology of Jeffrey Friedl's book "Mastering Regular
+Expressions", the standard algorithm is an "NFA algorithm". It conducts a
+depth-first search of the pattern tree. That is, it proceeds along a single
+path through the tree, checking that the subject matches what is required. When
+there is a mismatch, the algorithm tries any alternatives at the current point,
+and if they all fail, it backs up to the previous branch point in the tree, and
+tries the next alternative branch at that level. This often involves backing up
+(moving to the left) in the subject string as well. The order in which
+repetition branches are tried is controlled by the greedy or ungreedy nature of
+the quantifier.
+.P
+If a leaf node is reached, a matching string has been found, and at that point
+the algorithm stops. Thus, if there is more than one possible match, this
+algorithm returns the first one that it finds. Whether this is the shortest,
+the longest, or some intermediate length depends on the way the greedy and
+ungreedy repetition quantifiers are specified in the pattern.
+.P
+Because it ends up with a single path through the tree, it is relatively
+straightforward for this algorithm to keep track of the substrings that are
+matched by portions of the pattern in parentheses. This provides support for
+capturing parentheses and back references.
+.
+.
+.SH "THE ALTERNATIVE MATCHING ALGORITHM"
+.rs
+.sp
+This algorithm conducts a breadth-first search of the tree. Starting from the
+first matching point in the subject, it scans the subject string from left to
+right, once, character by character, and as it does this, it remembers all the
+paths through the tree that represent valid matches. In Friedl's terminology,
+this is a kind of "DFA algorithm", though it is not implemented as a
+traditional finite state machine (it keeps multiple states active
+simultaneously).
+.P
+Although the general principle of this matching algorithm is that it scans the
+subject string only once, without backtracking, there is one exception: when a
+lookaround assertion is encountered, the characters following or preceding the
+current point have to be independently inspected.
+.P
+The scan continues until either the end of the subject is reached, or there are
+no more unterminated paths. At this point, terminated paths represent the
+different matching possibilities (if there are none, the match has failed).
+Thus, if there is more than one possible match, this algorithm finds all of
+them, and in particular, it finds the longest. The matches are returned in
+decreasing order of length. There is an option to stop the algorithm after the
+first match (which is necessarily the shortest) is found.
+.P
+Note that all the matches that are found start at the same point in the
+subject. If the pattern
+.sp
+  cat(er(pillar)?)?
+.sp
+is matched against the string "the caterpillar catchment", the result will be
+the three strings "caterpillar", "cater", and "cat" that start at the fifth
+character of the subject. The algorithm does not automatically move on to find
+matches that start at later positions.
+.P
+PCRE's "auto-possessification" optimization usually applies to character
+repeats at the end of a pattern (as well as internally). For example, the
+pattern "a\ed+" is compiled as if it were "a\ed++" because there is no point
+even considering the possibility of backtracking into the repeated digits. For
+DFA matching, this means that only one possible match is found. If you really
+do want multiple matches in such cases, either use an ungreedy repeat
+("a\ed+?") or set the PCRE_NO_AUTO_POSSESS option when compiling.
+.P
+There are a number of features of PCRE regular expressions that are not
+supported by the alternative matching algorithm. They are as follows:
+.P
+1. Because the algorithm finds all possible matches, the greedy or ungreedy
+nature of repetition quantifiers is not relevant. Greedy and ungreedy
+quantifiers are treated in exactly the same way. However, possessive
+quantifiers can make a difference when what follows could also match what is
+quantified, for example in a pattern like this:
+.sp
+  ^a++\ew!
+.sp
+This pattern matches "aaab!" but not "aaa!", which would be matched by a
+non-possessive quantifier. Similarly, if an atomic group is present, it is
+matched as if it were a standalone pattern at the current point, and the
+longest match is then "locked in" for the rest of the overall pattern.
+.P
+2. When dealing with multiple paths through the tree simultaneously, it is not
+straightforward to keep track of captured substrings for the different matching
+possibilities, and PCRE's implementation of this algorithm does not attempt to
+do this. This means that no captured substrings are available.
+.P
+3. Because no substrings are captured, back references within the pattern are
+not supported, and cause errors if encountered.
+.P
+4. For the same reason, conditional expressions that use a backreference as the
+condition or test for a specific group recursion are not supported.
+.P
+5. Because many paths through the tree may be active, the \eK escape sequence,
+which resets the start of the match when encountered (but may be on some paths
+and not on others), is not supported. It causes an error if encountered.
+.P
+6. Callouts are supported, but the value of the \fIcapture_top\fP field is
+always 1, and the value of the \fIcapture_last\fP field is always -1.
+.P
+7. The \eC escape sequence, which (in the standard algorithm) always matches a
+single data unit, even in UTF-8, UTF-16 or UTF-32 modes, is not supported in
+these modes, because the alternative algorithm moves through the subject string
+one character (not data unit) at a time, for all active paths through the tree.
+.P
+8. Except for (*FAIL), the backtracking control verbs such as (*PRUNE) are not
+supported. (*FAIL) is supported, and behaves like a failing negative assertion.
+.
+.
+.SH "ADVANTAGES OF THE ALTERNATIVE ALGORITHM"
+.rs
+.sp
+Using the alternative matching algorithm provides the following advantages:
+.P
+1. All possible matches (at a single point in the subject) are automatically
+found, and in particular, the longest match is found. To find more than one
+match using the standard algorithm, you have to do kludgy things with
+callouts.
+.P
+2. Because the alternative algorithm scans the subject string just once, and
+never needs to backtrack (except for lookbehinds), it is possible to pass very
+long subject strings to the matching function in several pieces, checking for
+partial matching each time. Although it is possible to do multi-segment
+matching using the standard algorithm by retaining partially matched
+substrings, it is more complicated. The
+.\" HREF
+\fBpcrepartial\fP
+.\"
+documentation gives details of partial matching and discusses multi-segment
+matching.
+.
+.
+.SH "DISADVANTAGES OF THE ALTERNATIVE ALGORITHM"
+.rs
+.sp
+The alternative algorithm suffers from a number of disadvantages:
+.P
+1. It is substantially slower than the standard algorithm. This is partly
+because it has to search for all possible matches, but is also because it is
+less susceptible to optimization.
+.P
+2. Capturing parentheses and back references are not supported.
+.P
+3. Although atomic groups are supported, their use does not provide the
+performance advantage that it does for the standard algorithm.
+.
+.
+.SH AUTHOR
+.rs
+.sp
+.nf
+Philip Hazel
+University Computing Service
+Cambridge CB2 3QH, England.
+.fi
+.
+.
+.SH REVISION
+.rs
+.sp
+.nf
+Last updated: 12 November 2013
+Copyright (c) 1997-2012 University of Cambridge.
+.fi
diff --git a/client/3rd/ShadowSocks/ShadowSocks/pcre/armv7s/share/man/man3/pcrepartial.3 b/client/3rd/ShadowSocks/ShadowSocks/pcre/armv7s/share/man/man3/pcrepartial.3
new file mode 100644
index 00000000..14d0124f
--- /dev/null
+++ b/client/3rd/ShadowSocks/ShadowSocks/pcre/armv7s/share/man/man3/pcrepartial.3
@@ -0,0 +1,476 @@
+.TH PCREPARTIAL 3 "02 July 2013" "PCRE 8.34"
+.SH NAME
+PCRE - Perl-compatible regular expressions
+.SH "PARTIAL MATCHING IN PCRE"
+.rs
+.sp
+In normal use of PCRE, if the subject string that is passed to a matching
+function matches as far as it goes, but is too short to match the entire
+pattern, PCRE_ERROR_NOMATCH is returned. There are circumstances where it might
+be helpful to distinguish this case from other cases in which there is no
+match.
+.P
+Consider, for example, an application where a human is required to type in data
+for a field with specific formatting requirements. An example might be a date
+in the form \fIddmmmyy\fP, defined by this pattern:
+.sp
+  ^\ed?\ed(jan|feb|mar|apr|may|jun|jul|aug|sep|oct|nov|dec)\ed\ed$
+.sp
+If the application sees the user's keystrokes one by one, and can check that
+what has been typed so far is potentially valid, it is able to raise an error
+as soon as a mistake is made, by beeping and not reflecting the character that
+has been typed, for example. This immediate feedback is likely to be a better
+user interface than a check that is delayed until the entire string has been
+entered. Partial matching can also be useful when the subject string is very
+long and is not all available at once.
+.P
+PCRE supports partial matching by means of the PCRE_PARTIAL_SOFT and
+PCRE_PARTIAL_HARD options, which can be set when calling any of the matching
+functions. For backwards compatibility, PCRE_PARTIAL is a synonym for
+PCRE_PARTIAL_SOFT. The essential difference between the two options is whether
+or not a partial match is preferred to an alternative complete match, though
+the details differ between the two types of matching function. If both options
+are set, PCRE_PARTIAL_HARD takes precedence.
+.P
+If you want to use partial matching with just-in-time optimized code, you must
+call \fBpcre_study()\fP, \fBpcre16_study()\fP or  \fBpcre32_study()\fP with one
+or both of these options:
+.sp
+  PCRE_STUDY_JIT_PARTIAL_SOFT_COMPILE
+  PCRE_STUDY_JIT_PARTIAL_HARD_COMPILE
+.sp
+PCRE_STUDY_JIT_COMPILE should also be set if you are going to run non-partial
+matches on the same pattern. If the appropriate JIT study mode has not been set
+for a match, the interpretive matching code is used.
+.P
+Setting a partial matching option disables two of PCRE's standard
+optimizations. PCRE remembers the last literal data unit in a pattern, and
+abandons matching immediately if it is not present in the subject string. This
+optimization cannot be used for a subject string that might match only
+partially. If the pattern was studied, PCRE knows the minimum length of a
+matching string, and does not bother to run the matching function on shorter
+strings. This optimization is also disabled for partial matching.
+.
+.
+.SH "PARTIAL MATCHING USING pcre_exec() OR pcre[16|32]_exec()"
+.rs
+.sp
+A partial match occurs during a call to \fBpcre_exec()\fP or
+\fBpcre[16|32]_exec()\fP when the end of the subject string is reached
+successfully, but matching cannot continue because more characters are needed.
+However, at least one character in the subject must have been inspected. This
+character need not form part of the final matched string; lookbehind assertions
+and the \eK escape sequence provide ways of inspecting characters before the
+start of a matched substring. The requirement for inspecting at least one
+character exists because an empty string can always be matched; without such a
+restriction there would always be a partial match of an empty string at the end
+of the subject.
+.P
+If there are at least two slots in the offsets vector when a partial match is
+returned, the first slot is set to the offset of the earliest character that
+was inspected. For convenience, the second offset points to the end of the
+subject so that a substring can easily be identified. If there are at least
+three slots in the offsets vector, the third slot is set to the offset of the
+character where matching started.
+.P
+For the majority of patterns, the contents of the first and third slots will be
+the same. However, for patterns that contain lookbehind assertions, or begin
+with \eb or \eB, characters before the one where matching started may have been
+inspected while carrying out the match. For example, consider this pattern:
+.sp
+  /(?<=abc)123/
+.sp
+This pattern matches "123", but only if it is preceded by "abc". If the subject
+string is "xyzabc12", the first two offsets after a partial match are for the
+substring "abc12", because all these characters were inspected. However, the
+third offset is set to 6, because that is the offset where matching began.
+.P
+What happens when a partial match is identified depends on which of the two
+partial matching options are set.
+.
+.
+.SS "PCRE_PARTIAL_SOFT WITH pcre_exec() OR pcre[16|32]_exec()"
+.rs
+.sp
+If PCRE_PARTIAL_SOFT is set when \fBpcre_exec()\fP or \fBpcre[16|32]_exec()\fP
+identifies a partial match, the partial match is remembered, but matching
+continues as normal, and other alternatives in the pattern are tried. If no
+complete match can be found, PCRE_ERROR_PARTIAL is returned instead of
+PCRE_ERROR_NOMATCH.
+.P
+This option is "soft" because it prefers a complete match over a partial match.
+All the various matching items in a pattern behave as if the subject string is
+potentially complete. For example, \ez, \eZ, and $ match at the end of the
+subject, as normal, and for \eb and \eB the end of the subject is treated as a
+non-alphanumeric.
+.P
+If there is more than one partial match, the first one that was found provides
+the data that is returned. Consider this pattern:
+.sp
+  /123\ew+X|dogY/
+.sp
+If this is matched against the subject string "abc123dog", both
+alternatives fail to match, but the end of the subject is reached during
+matching, so PCRE_ERROR_PARTIAL is returned. The offsets are set to 3 and 9,
+identifying "123dog" as the first partial match that was found. (In this
+example, there are two partial matches, because "dog" on its own partially
+matches the second alternative.)
+.
+.
+.SS "PCRE_PARTIAL_HARD WITH pcre_exec() OR pcre[16|32]_exec()"
+.rs
+.sp
+If PCRE_PARTIAL_HARD is set for \fBpcre_exec()\fP or \fBpcre[16|32]_exec()\fP,
+PCRE_ERROR_PARTIAL is returned as soon as a partial match is found, without
+continuing to search for possible complete matches. This option is "hard"
+because it prefers an earlier partial match over a later complete match. For
+this reason, the assumption is made that the end of the supplied subject string
+may not be the true end of the available data, and so, if \ez, \eZ, \eb, \eB,
+or $ are encountered at the end of the subject, the result is
+PCRE_ERROR_PARTIAL, provided that at least one character in the subject has
+been inspected.
+.P
+Setting PCRE_PARTIAL_HARD also affects the way UTF-8 and UTF-16
+subject strings are checked for validity. Normally, an invalid sequence
+causes the error PCRE_ERROR_BADUTF8 or PCRE_ERROR_BADUTF16. However, in the
+special case of a truncated character at the end of the subject,
+PCRE_ERROR_SHORTUTF8 or PCRE_ERROR_SHORTUTF16 is returned when
+PCRE_PARTIAL_HARD is set.
+.
+.
+.SS "Comparing hard and soft partial matching"
+.rs
+.sp
+The difference between the two partial matching options can be illustrated by a
+pattern such as:
+.sp
+  /dog(sbody)?/
+.sp
+This matches either "dog" or "dogsbody", greedily (that is, it prefers the
+longer string if possible). If it is matched against the string "dog" with
+PCRE_PARTIAL_SOFT, it yields a complete match for "dog". However, if
+PCRE_PARTIAL_HARD is set, the result is PCRE_ERROR_PARTIAL. On the other hand,
+if the pattern is made ungreedy the result is different:
+.sp
+  /dog(sbody)??/
+.sp
+In this case the result is always a complete match because that is found first,
+and matching never continues after finding a complete match. It might be easier
+to follow this explanation by thinking of the two patterns like this:
+.sp
+  /dog(sbody)?/    is the same as  /dogsbody|dog/
+  /dog(sbody)??/   is the same as  /dog|dogsbody/
+.sp
+The second pattern will never match "dogsbody", because it will always find the
+shorter match first.
+.
+.
+.SH "PARTIAL MATCHING USING pcre_dfa_exec() OR pcre[16|32]_dfa_exec()"
+.rs
+.sp
+The DFA functions move along the subject string character by character, without
+backtracking, searching for all possible matches simultaneously. If the end of
+the subject is reached before the end of the pattern, there is the possibility
+of a partial match, again provided that at least one character has been
+inspected.
+.P
+When PCRE_PARTIAL_SOFT is set, PCRE_ERROR_PARTIAL is returned only if there
+have been no complete matches. Otherwise, the complete matches are returned.
+However, if PCRE_PARTIAL_HARD is set, a partial match takes precedence over any
+complete matches. The portion of the string that was inspected when the longest
+partial match was found is set as the first matching string, provided there are
+at least two slots in the offsets vector.
+.P
+Because the DFA functions always search for all possible matches, and there is
+no difference between greedy and ungreedy repetition, their behaviour is
+different from the standard functions when PCRE_PARTIAL_HARD is set. Consider
+the string "dog" matched against the ungreedy pattern shown above:
+.sp
+  /dog(sbody)??/
+.sp
+Whereas the standard functions stop as soon as they find the complete match for
+"dog", the DFA functions also find the partial match for "dogsbody", and so
+return that when PCRE_PARTIAL_HARD is set.
+.
+.
+.SH "PARTIAL MATCHING AND WORD BOUNDARIES"
+.rs
+.sp
+If a pattern ends with one of sequences \eb or \eB, which test for word
+boundaries, partial matching with PCRE_PARTIAL_SOFT can give counter-intuitive
+results. Consider this pattern:
+.sp
+  /\ebcat\eb/
+.sp
+This matches "cat", provided there is a word boundary at either end. If the
+subject string is "the cat", the comparison of the final "t" with a following
+character cannot take place, so a partial match is found. However, normal
+matching carries on, and \eb matches at the end of the subject when the last
+character is a letter, so a complete match is found. The result, therefore, is
+\fInot\fP PCRE_ERROR_PARTIAL. Using PCRE_PARTIAL_HARD in this case does yield
+PCRE_ERROR_PARTIAL, because then the partial match takes precedence.
+.
+.
+.SH "FORMERLY RESTRICTED PATTERNS"
+.rs
+.sp
+For releases of PCRE prior to 8.00, because of the way certain internal
+optimizations were implemented in the \fBpcre_exec()\fP function, the
+PCRE_PARTIAL option (predecessor of PCRE_PARTIAL_SOFT) could not be used with
+all patterns. From release 8.00 onwards, the restrictions no longer apply, and
+partial matching with can be requested for any pattern.
+.P
+Items that were formerly restricted were repeated single characters and
+repeated metasequences. If PCRE_PARTIAL was set for a pattern that did not
+conform to the restrictions, \fBpcre_exec()\fP returned the error code
+PCRE_ERROR_BADPARTIAL (-13). This error code is no longer in use. The
+PCRE_INFO_OKPARTIAL call to \fBpcre_fullinfo()\fP to find out if a compiled
+pattern can be used for partial matching now always returns 1.
+.
+.
+.SH "EXAMPLE OF PARTIAL MATCHING USING PCRETEST"
+.rs
+.sp
+If the escape sequence \eP is present in a \fBpcretest\fP data line, the
+PCRE_PARTIAL_SOFT option is used for the match. Here is a run of \fBpcretest\fP
+that uses the date example quoted above:
+.sp
+    re> /^\ed?\ed(jan|feb|mar|apr|may|jun|jul|aug|sep|oct|nov|dec)\ed\ed$/
+  data> 25jun04\eP
+   0: 25jun04
+   1: jun
+  data> 25dec3\eP
+  Partial match: 23dec3
+  data> 3ju\eP
+  Partial match: 3ju
+  data> 3juj\eP
+  No match
+  data> j\eP
+  No match
+.sp
+The first data string is matched completely, so \fBpcretest\fP shows the
+matched substrings. The remaining four strings do not match the complete
+pattern, but the first two are partial matches. Similar output is obtained
+if DFA matching is used.
+.P
+If the escape sequence \eP is present more than once in a \fBpcretest\fP data
+line, the PCRE_PARTIAL_HARD option is set for the match.
+.
+.
+.SH "MULTI-SEGMENT MATCHING WITH pcre_dfa_exec() OR pcre[16|32]_dfa_exec()"
+.rs
+.sp
+When a partial match has been found using a DFA matching function, it is
+possible to continue the match by providing additional subject data and calling
+the function again with the same compiled regular expression, this time setting
+the PCRE_DFA_RESTART option. You must pass the same working space as before,
+because this is where details of the previous partial match are stored. Here is
+an example using \fBpcretest\fP, using the \eR escape sequence to set the
+PCRE_DFA_RESTART option (\eD specifies the use of the DFA matching function):
+.sp
+    re> /^\ed?\ed(jan|feb|mar|apr|may|jun|jul|aug|sep|oct|nov|dec)\ed\ed$/
+  data> 23ja\eP\eD
+  Partial match: 23ja
+  data> n05\eR\eD
+   0: n05
+.sp
+The first call has "23ja" as the subject, and requests partial matching; the
+second call has "n05" as the subject for the continued (restarted) match.
+Notice that when the match is complete, only the last part is shown; PCRE does
+not retain the previously partially-matched string. It is up to the calling
+program to do that if it needs to.
+.P
+That means that, for an unanchored pattern, if a continued match fails, it is
+not possible to try again at a new starting point. All this facility is capable
+of doing is continuing with the previous match attempt. In the previous
+example, if the second set of data is "ug23" the result is no match, even
+though there would be a match for "aug23" if the entire string were given at
+once. Depending on the application, this may or may not be what you want.
+The only way to allow for starting again at the next character is to retain the
+matched part of the subject and try a new complete match.
+.P
+You can set the PCRE_PARTIAL_SOFT or PCRE_PARTIAL_HARD options with
+PCRE_DFA_RESTART to continue partial matching over multiple segments. This
+facility can be used to pass very long subject strings to the DFA matching
+functions.
+.
+.
+.SH "MULTI-SEGMENT MATCHING WITH pcre_exec() OR pcre[16|32]_exec()"
+.rs
+.sp
+From release 8.00, the standard matching functions can also be used to do
+multi-segment matching. Unlike the DFA functions, it is not possible to
+restart the previous match with a new segment of data. Instead, new data must
+be added to the previous subject string, and the entire match re-run, starting
+from the point where the partial match occurred. Earlier data can be discarded.
+.P
+It is best to use PCRE_PARTIAL_HARD in this situation, because it does not
+treat the end of a segment as the end of the subject when matching \ez, \eZ,
+\eb, \eB, and $. Consider an unanchored pattern that matches dates:
+.sp
+    re> /\ed?\ed(jan|feb|mar|apr|may|jun|jul|aug|sep|oct|nov|dec)\ed\ed/
+  data> The date is 23ja\eP\eP
+  Partial match: 23ja
+.sp
+At this stage, an application could discard the text preceding "23ja", add on
+text from the next segment, and call the matching function again. Unlike the
+DFA matching functions, the entire matching string must always be available,
+and the complete matching process occurs for each call, so more memory and more
+processing time is needed.
+.P
+\fBNote:\fP If the pattern contains lookbehind assertions, or \eK, or starts
+with \eb or \eB, the string that is returned for a partial match includes
+characters that precede the start of what would be returned for a complete
+match, because it contains all the characters that were inspected during the
+partial match.
+.
+.
+.SH "ISSUES WITH MULTI-SEGMENT MATCHING"
+.rs
+.sp
+Certain types of pattern may give problems with multi-segment matching,
+whichever matching function is used.
+.P
+1. If the pattern contains a test for the beginning of a line, you need to pass
+the PCRE_NOTBOL option when the subject string for any call does start at the
+beginning of a line. There is also a PCRE_NOTEOL option, but in practice when
+doing multi-segment matching you should be using PCRE_PARTIAL_HARD, which
+includes the effect of PCRE_NOTEOL.
+.P
+2. Lookbehind assertions that have already been obeyed are catered for in the
+offsets that are returned for a partial match. However a lookbehind assertion
+later in the pattern could require even earlier characters to be inspected. You
+can handle this case by using the PCRE_INFO_MAXLOOKBEHIND option of the
+\fBpcre_fullinfo()\fP or \fBpcre[16|32]_fullinfo()\fP functions to obtain the
+length of the longest lookbehind in the pattern. This length is given in
+characters, not bytes. If you always retain at least that many characters
+before the partially matched string, all should be well. (Of course, near the
+start of the subject, fewer characters may be present; in that case all
+characters should be retained.)
+.P
+From release 8.33, there is a more accurate way of deciding which characters to
+retain. Instead of subtracting the length of the longest lookbehind from the
+earliest inspected character (\fIoffsets[0]\fP), the match start position
+(\fIoffsets[2]\fP) should be used, and the next match attempt started at the
+\fIoffsets[2]\fP character by setting the \fIstartoffset\fP argument of
+\fBpcre_exec()\fP or \fBpcre_dfa_exec()\fP.
+.P
+For example, if the pattern "(?<=123)abc" is partially
+matched against the string "xx123a", the three offset values returned are 2, 6,
+and 5. This indicates that the matching process that gave a partial match
+started at offset 5, but the characters "123a" were all inspected. The maximum
+lookbehind for that pattern is 3, so taking that away from 5 shows that we need
+only keep "123a", and the next match attempt can be started at offset 3 (that
+is, at "a") when further characters have been added. When the match start is
+not the earliest inspected character, \fBpcretest\fP shows it explicitly:
+.sp
+    re> "(?<=123)abc"
+  data> xx123a\eP\eP
+  Partial match at offset 5: 123a
+.P
+3. Because a partial match must always contain at least one character, what
+might be considered a partial match of an empty string actually gives a "no
+match" result. For example:
+.sp
+    re> /c(?<=abc)x/
+  data> ab\eP
+  No match
+.sp
+If the next segment begins "cx", a match should be found, but this will only
+happen if characters from the previous segment are retained. For this reason, a
+"no match" result should be interpreted as "partial match of an empty string"
+when the pattern contains lookbehinds.
+.P
+4. Matching a subject string that is split into multiple segments may not
+always produce exactly the same result as matching over one single long string,
+especially when PCRE_PARTIAL_SOFT is used. The section "Partial Matching and
+Word Boundaries" above describes an issue that arises if the pattern ends with
+\eb or \eB. Another kind of difference may occur when there are multiple
+matching possibilities, because (for PCRE_PARTIAL_SOFT) a partial match result
+is given only when there are no completed matches. This means that as soon as
+the shortest match has been found, continuation to a new subject segment is no
+longer possible. Consider again this \fBpcretest\fP example:
+.sp
+    re> /dog(sbody)?/
+  data> dogsb\eP
+   0: dog
+  data> do\eP\eD
+  Partial match: do
+  data> gsb\eR\eP\eD
+   0: g
+  data> dogsbody\eD
+   0: dogsbody
+   1: dog
+.sp
+The first data line passes the string "dogsb" to a standard matching function,
+setting the PCRE_PARTIAL_SOFT option. Although the string is a partial match
+for "dogsbody", the result is not PCRE_ERROR_PARTIAL, because the shorter
+string "dog" is a complete match. Similarly, when the subject is presented to
+a DFA matching function in several parts ("do" and "gsb" being the first two)
+the match stops when "dog" has been found, and it is not possible to continue.
+On the other hand, if "dogsbody" is presented as a single string, a DFA
+matching function finds both matches.
+.P
+Because of these problems, it is best to use PCRE_PARTIAL_HARD when matching
+multi-segment data. The example above then behaves differently:
+.sp
+    re> /dog(sbody)?/
+  data> dogsb\eP\eP
+  Partial match: dogsb
+  data> do\eP\eD
+  Partial match: do
+  data> gsb\eR\eP\eP\eD
+  Partial match: gsb
+.sp
+5. Patterns that contain alternatives at the top level which do not all start
+with the same pattern item may not work as expected when PCRE_DFA_RESTART is
+used. For example, consider this pattern:
+.sp
+  1234|3789
+.sp
+If the first part of the subject is "ABC123", a partial match of the first
+alternative is found at offset 3. There is no partial match for the second
+alternative, because such a match does not start at the same point in the
+subject string. Attempting to continue with the string "7890" does not yield a
+match because only those alternatives that match at one point in the subject
+are remembered. The problem arises because the start of the second alternative
+matches within the first alternative. There is no problem with anchored
+patterns or patterns such as:
+.sp
+  1234|ABCD
+.sp
+where no string can be a partial match for both alternatives. This is not a
+problem if a standard matching function is used, because the entire match has
+to be rerun each time:
+.sp
+    re> /1234|3789/
+  data> ABC123\eP\eP
+  Partial match: 123
+  data> 1237890
+   0: 3789
+.sp
+Of course, instead of using PCRE_DFA_RESTART, the same technique of re-running
+the entire match can also be used with the DFA matching functions. Another
+possibility is to work with two buffers. If a partial match at offset \fIn\fP
+in the first buffer is followed by "no match" when PCRE_DFA_RESTART is used on
+the second buffer, you can then try a new match starting at offset \fIn+1\fP in
+the first buffer.
+.
+.
+.SH AUTHOR
+.rs
+.sp
+.nf
+Philip Hazel
+University Computing Service
+Cambridge CB2 3QH, England.
+.fi
+.
+.
+.SH REVISION
+.rs
+.sp
+.nf
+Last updated: 02 July 2013
+Copyright (c) 1997-2013 University of Cambridge.
+.fi
diff --git a/client/3rd/ShadowSocks/ShadowSocks/pcre/armv7s/share/man/man3/pcrepattern.3 b/client/3rd/ShadowSocks/ShadowSocks/pcre/armv7s/share/man/man3/pcrepattern.3
new file mode 100644
index 00000000..97df217f
--- /dev/null
+++ b/client/3rd/ShadowSocks/ShadowSocks/pcre/armv7s/share/man/man3/pcrepattern.3
@@ -0,0 +1,3304 @@
+.TH PCREPATTERN 3 "23 October 2016" "PCRE 8.40"
+.SH NAME
+PCRE - Perl-compatible regular expressions
+.SH "PCRE REGULAR EXPRESSION DETAILS"
+.rs
+.sp
+The syntax and semantics of the regular expressions that are supported by PCRE
+are described in detail below. There is a quick-reference syntax summary in the
+.\" HREF
+\fBpcresyntax\fP
+.\"
+page. PCRE tries to match Perl syntax and semantics as closely as it can. PCRE
+also supports some alternative regular expression syntax (which does not
+conflict with the Perl syntax) in order to provide some compatibility with
+regular expressions in Python, .NET, and Oniguruma.
+.P
+Perl's regular expressions are described in its own documentation, and
+regular expressions in general are covered in a number of books, some of which
+have copious examples. Jeffrey Friedl's "Mastering Regular Expressions",
+published by O'Reilly, covers regular expressions in great detail. This
+description of PCRE's regular expressions is intended as reference material.
+.P
+This document discusses the patterns that are supported by PCRE when one its
+main matching functions, \fBpcre_exec()\fP (8-bit) or \fBpcre[16|32]_exec()\fP
+(16- or 32-bit), is used. PCRE also has alternative matching functions,
+\fBpcre_dfa_exec()\fP and \fBpcre[16|32_dfa_exec()\fP, which match using a
+different algorithm that is not Perl-compatible. Some of the features discussed
+below are not available when DFA matching is used. The advantages and
+disadvantages of the alternative functions, and how they differ from the normal
+functions, are discussed in the
+.\" HREF
+\fBpcrematching\fP
+.\"
+page.
+.
+.
+.SH "SPECIAL START-OF-PATTERN ITEMS"
+.rs
+.sp
+A number of options that can be passed to \fBpcre_compile()\fP can also be set
+by special items at the start of a pattern. These are not Perl-compatible, but
+are provided to make these options accessible to pattern writers who are not
+able to change the program that processes the pattern. Any number of these
+items may appear, but they must all be together right at the start of the
+pattern string, and the letters must be in upper case.
+.
+.
+.SS "UTF support"
+.rs
+.sp
+The original operation of PCRE was on strings of one-byte characters. However,
+there is now also support for UTF-8 strings in the original library, an
+extra library that supports 16-bit and UTF-16 character strings, and a
+third library that supports 32-bit and UTF-32 character strings. To use these
+features, PCRE must be built to include appropriate support. When using UTF
+strings you must either call the compiling function with the PCRE_UTF8,
+PCRE_UTF16, or PCRE_UTF32 option, or the pattern must start with one of
+these special sequences:
+.sp
+  (*UTF8)
+  (*UTF16)
+  (*UTF32)
+  (*UTF)
+.sp
+(*UTF) is a generic sequence that can be used with any of the libraries.
+Starting a pattern with such a sequence is equivalent to setting the relevant
+option. How setting a UTF mode affects pattern matching is mentioned in several
+places below. There is also a summary of features in the
+.\" HREF
+\fBpcreunicode\fP
+.\"
+page.
+.P
+Some applications that allow their users to supply patterns may wish to
+restrict them to non-UTF data for security reasons. If the PCRE_NEVER_UTF
+option is set at compile time, (*UTF) etc. are not allowed, and their
+appearance causes an error.
+.
+.
+.SS "Unicode property support"
+.rs
+.sp
+Another special sequence that may appear at the start of a pattern is (*UCP).
+This has the same effect as setting the PCRE_UCP option: it causes sequences
+such as \ed and \ew to use Unicode properties to determine character types,
+instead of recognizing only characters with codes less than 128 via a lookup
+table.
+.
+.
+.SS "Disabling auto-possessification"
+.rs
+.sp
+If a pattern starts with (*NO_AUTO_POSSESS), it has the same effect as setting
+the PCRE_NO_AUTO_POSSESS option at compile time. This stops PCRE from making
+quantifiers possessive when what follows cannot match the repeated item. For
+example, by default a+b is treated as a++b. For more details, see the
+.\" HREF
+\fBpcreapi\fP
+.\"
+documentation.
+.
+.
+.SS "Disabling start-up optimizations"
+.rs
+.sp
+If a pattern starts with (*NO_START_OPT), it has the same effect as setting the
+PCRE_NO_START_OPTIMIZE option either at compile or matching time. This disables
+several optimizations for quickly reaching "no match" results. For more
+details, see the
+.\" HREF
+\fBpcreapi\fP
+.\"
+documentation.
+.
+.
+.\" HTML <a name="newlines"></a>
+.SS "Newline conventions"
+.rs
+.sp
+PCRE supports five different conventions for indicating line breaks in
+strings: a single CR (carriage return) character, a single LF (linefeed)
+character, the two-character sequence CRLF, any of the three preceding, or any
+Unicode newline sequence. The
+.\" HREF
+\fBpcreapi\fP
+.\"
+page has
+.\" HTML <a href="pcreapi.html#newlines">
+.\" </a>
+further discussion
+.\"
+about newlines, and shows how to set the newline convention in the
+\fIoptions\fP arguments for the compiling and matching functions.
+.P
+It is also possible to specify a newline convention by starting a pattern
+string with one of the following five sequences:
+.sp
+  (*CR)        carriage return
+  (*LF)        linefeed
+  (*CRLF)      carriage return, followed by linefeed
+  (*ANYCRLF)   any of the three above
+  (*ANY)       all Unicode newline sequences
+.sp
+These override the default and the options given to the compiling function. For
+example, on a Unix system where LF is the default newline sequence, the pattern
+.sp
+  (*CR)a.b
+.sp
+changes the convention to CR. That pattern matches "a\enb" because LF is no
+longer a newline. If more than one of these settings is present, the last one
+is used.
+.P
+The newline convention affects where the circumflex and dollar assertions are
+true. It also affects the interpretation of the dot metacharacter when
+PCRE_DOTALL is not set, and the behaviour of \eN. However, it does not affect
+what the \eR escape sequence matches. By default, this is any Unicode newline
+sequence, for Perl compatibility. However, this can be changed; see the
+description of \eR in the section entitled
+.\" HTML <a href="#newlineseq">
+.\" </a>
+"Newline sequences"
+.\"
+below. A change of \eR setting can be combined with a change of newline
+convention.
+.
+.
+.SS "Setting match and recursion limits"
+.rs
+.sp
+The caller of \fBpcre_exec()\fP can set a limit on the number of times the
+internal \fBmatch()\fP function is called and on the maximum depth of
+recursive calls. These facilities are provided to catch runaway matches that
+are provoked by patterns with huge matching trees (a typical example is a
+pattern with nested unlimited repeats) and to avoid running out of system stack
+by too much recursion. When one of these limits is reached, \fBpcre_exec()\fP
+gives an error return. The limits can also be set by items at the start of the
+pattern of the form
+.sp
+  (*LIMIT_MATCH=d)
+  (*LIMIT_RECURSION=d)
+.sp
+where d is any number of decimal digits. However, the value of the setting must
+be less than the value set (or defaulted) by the caller of \fBpcre_exec()\fP
+for it to have any effect. In other words, the pattern writer can lower the
+limits set by the programmer, but not raise them. If there is more than one
+setting of one of these limits, the lower value is used.
+.
+.
+.SH "EBCDIC CHARACTER CODES"
+.rs
+.sp
+PCRE can be compiled to run in an environment that uses EBCDIC as its character
+code rather than ASCII or Unicode (typically a mainframe system). In the
+sections below, character code values are ASCII or Unicode; in an EBCDIC
+environment these characters may have different code values, and there are no
+code points greater than 255.
+.
+.
+.SH "CHARACTERS AND METACHARACTERS"
+.rs
+.sp
+A regular expression is a pattern that is matched against a subject string from
+left to right. Most characters stand for themselves in a pattern, and match the
+corresponding characters in the subject. As a trivial example, the pattern
+.sp
+  The quick brown fox
+.sp
+matches a portion of a subject string that is identical to itself. When
+caseless matching is specified (the PCRE_CASELESS option), letters are matched
+independently of case. In a UTF mode, PCRE always understands the concept of
+case for characters whose values are less than 128, so caseless matching is
+always possible. For characters with higher values, the concept of case is
+supported if PCRE is compiled with Unicode property support, but not otherwise.
+If you want to use caseless matching for characters 128 and above, you must
+ensure that PCRE is compiled with Unicode property support as well as with
+UTF support.
+.P
+The power of regular expressions comes from the ability to include alternatives
+and repetitions in the pattern. These are encoded in the pattern by the use of
+\fImetacharacters\fP, which do not stand for themselves but instead are
+interpreted in some special way.
+.P
+There are two different sets of metacharacters: those that are recognized
+anywhere in the pattern except within square brackets, and those that are
+recognized within square brackets. Outside square brackets, the metacharacters
+are as follows:
+.sp
+  \e      general escape character with several uses
+  ^      assert start of string (or line, in multiline mode)
+  $      assert end of string (or line, in multiline mode)
+  .      match any character except newline (by default)
+  [      start character class definition
+  |      start of alternative branch
+  (      start subpattern
+  )      end subpattern
+  ?      extends the meaning of (
+         also 0 or 1 quantifier
+         also quantifier minimizer
+  *      0 or more quantifier
+  +      1 or more quantifier
+         also "possessive quantifier"
+  {      start min/max quantifier
+.sp
+Part of a pattern that is in square brackets is called a "character class". In
+a character class the only metacharacters are:
+.sp
+  \e      general escape character
+  ^      negate the class, but only if the first character
+  -      indicates character range
+.\" JOIN
+  [      POSIX character class (only if followed by POSIX
+           syntax)
+  ]      terminates the character class
+.sp
+The following sections describe the use of each of the metacharacters.
+.
+.
+.SH BACKSLASH
+.rs
+.sp
+The backslash character has several uses. Firstly, if it is followed by a
+character that is not a number or a letter, it takes away any special meaning
+that character may have. This use of backslash as an escape character applies
+both inside and outside character classes.
+.P
+For example, if you want to match a * character, you write \e* in the pattern.
+This escaping action applies whether or not the following character would
+otherwise be interpreted as a metacharacter, so it is always safe to precede a
+non-alphanumeric with backslash to specify that it stands for itself. In
+particular, if you want to match a backslash, you write \e\e.
+.P
+In a UTF mode, only ASCII numbers and letters have any special meaning after a
+backslash. All other characters (in particular, those whose codepoints are
+greater than 127) are treated as literals.
+.P
+If a pattern is compiled with the PCRE_EXTENDED option, most white space in the
+pattern (other than in a character class), and characters between a # outside a
+character class and the next newline, inclusive, are ignored. An escaping
+backslash can be used to include a white space or # character as part of the
+pattern.
+.P
+If you want to remove the special meaning from a sequence of characters, you
+can do so by putting them between \eQ and \eE. This is different from Perl in
+that $ and @ are handled as literals in \eQ...\eE sequences in PCRE, whereas in
+Perl, $ and @ cause variable interpolation. Note the following examples:
+.sp
+  Pattern            PCRE matches   Perl matches
+.sp
+.\" JOIN
+  \eQabc$xyz\eE        abc$xyz        abc followed by the
+                                      contents of $xyz
+  \eQabc\e$xyz\eE       abc\e$xyz       abc\e$xyz
+  \eQabc\eE\e$\eQxyz\eE   abc$xyz        abc$xyz
+.sp
+The \eQ...\eE sequence is recognized both inside and outside character classes.
+An isolated \eE that is not preceded by \eQ is ignored. If \eQ is not followed
+by \eE later in the pattern, the literal interpretation continues to the end of
+the pattern (that is, \eE is assumed at the end). If the isolated \eQ is inside
+a character class, this causes an error, because the character class is not
+terminated.
+.
+.
+.\" HTML <a name="digitsafterbackslash"></a>
+.SS "Non-printing characters"
+.rs
+.sp
+A second use of backslash provides a way of encoding non-printing characters
+in patterns in a visible manner. There is no restriction on the appearance of
+non-printing characters, apart from the binary zero that terminates a pattern,
+but when a pattern is being prepared by text editing, it is often easier to use
+one of the following escape sequences than the binary character it represents.
+In an ASCII or Unicode environment, these escapes are as follows:
+.sp
+  \ea        alarm, that is, the BEL character (hex 07)
+  \ecx       "control-x", where x is any ASCII character
+  \ee        escape (hex 1B)
+  \ef        form feed (hex 0C)
+  \en        linefeed (hex 0A)
+  \er        carriage return (hex 0D)
+  \et        tab (hex 09)
+  \e0dd      character with octal code 0dd
+  \eddd      character with octal code ddd, or back reference
+  \eo{ddd..} character with octal code ddd..
+  \exhh      character with hex code hh
+  \ex{hhh..} character with hex code hhh.. (non-JavaScript mode)
+  \euhhhh    character with hex code hhhh (JavaScript mode only)
+.sp
+The precise effect of \ecx on ASCII characters is as follows: if x is a lower
+case letter, it is converted to upper case. Then bit 6 of the character (hex
+40) is inverted. Thus \ecA to \ecZ become hex 01 to hex 1A (A is 41, Z is 5A),
+but \ec{ becomes hex 3B ({ is 7B), and \ec; becomes hex 7B (; is 3B). If the
+data item (byte or 16-bit value) following \ec has a value greater than 127, a
+compile-time error occurs. This locks out non-ASCII characters in all modes.
+.P
+When PCRE is compiled in EBCDIC mode, \ea, \ee, \ef, \en, \er, and \et
+generate the appropriate EBCDIC code values. The \ec escape is processed
+as specified for Perl in the \fBperlebcdic\fP document. The only characters
+that are allowed after \ec are A-Z, a-z, or one of @, [, \e, ], ^, _, or ?. Any
+other character provokes a compile-time error. The sequence \ec@ encodes
+character code 0; after \ec the letters (in either case) encode characters 1-26
+(hex 01 to hex 1A); [, \e, ], ^, and _ encode characters 27-31 (hex 1B to hex
+1F), and \ec? becomes either 255 (hex FF) or 95 (hex 5F).
+.P
+Thus, apart from \ec?, these escapes generate the same character code values as
+they do in an ASCII environment, though the meanings of the values mostly
+differ. For example, \ecG always generates code value 7, which is BEL in ASCII
+but DEL in EBCDIC.
+.P
+The sequence \ec? generates DEL (127, hex 7F) in an ASCII environment, but
+because 127 is not a control character in EBCDIC, Perl makes it generate the
+APC character. Unfortunately, there are several variants of EBCDIC. In most of
+them the APC character has the value 255 (hex FF), but in the one Perl calls
+POSIX-BC its value is 95 (hex 5F). If certain other characters have POSIX-BC
+values, PCRE makes \ec? generate 95; otherwise it generates 255.
+.P
+After \e0 up to two further octal digits are read. If there are fewer than two
+digits, just those that are present are used. Thus the sequence \e0\ex\e015
+specifies two binary zeros followed by a CR character (code value 13). Make
+sure you supply two digits after the initial zero if the pattern character that
+follows is itself an octal digit.
+.P
+The escape \eo must be followed by a sequence of octal digits, enclosed in
+braces. An error occurs if this is not the case. This escape is a recent
+addition to Perl; it provides way of specifying character code points as octal
+numbers greater than 0777, and it also allows octal numbers and back references
+to be unambiguously specified.
+.P
+For greater clarity and unambiguity, it is best to avoid following \e by a
+digit greater than zero. Instead, use \eo{} or \ex{} to specify character
+numbers, and \eg{} to specify back references. The following paragraphs
+describe the old, ambiguous syntax.
+.P
+The handling of a backslash followed by a digit other than 0 is complicated,
+and Perl has changed in recent releases, causing PCRE also to change. Outside a
+character class, PCRE reads the digit and any following digits as a decimal
+number. If the number is less than 8, or if there have been at least that many
+previous capturing left parentheses in the expression, the entire sequence is
+taken as a \fIback reference\fP. A description of how this works is given
+.\" HTML <a href="#backreferences">
+.\" </a>
+later,
+.\"
+following the discussion of
+.\" HTML <a href="#subpattern">
+.\" </a>
+parenthesized subpatterns.
+.\"
+.P
+Inside a character class, or if the decimal number following \e is greater than
+7 and there have not been that many capturing subpatterns, PCRE handles \e8 and
+\e9 as the literal characters "8" and "9", and otherwise re-reads up to three
+octal digits following the backslash, using them to generate a data character.
+Any subsequent digits stand for themselves. For example:
+.sp
+  \e040   is another way of writing an ASCII space
+.\" JOIN
+  \e40    is the same, provided there are fewer than 40
+            previous capturing subpatterns
+  \e7     is always a back reference
+.\" JOIN
+  \e11    might be a back reference, or another way of
+            writing a tab
+  \e011   is always a tab
+  \e0113  is a tab followed by the character "3"
+.\" JOIN
+  \e113   might be a back reference, otherwise the
+            character with octal code 113
+.\" JOIN
+  \e377   might be a back reference, otherwise
+            the value 255 (decimal)
+.\" JOIN
+  \e81    is either a back reference, or the two
+            characters "8" and "1"
+.sp
+Note that octal values of 100 or greater that are specified using this syntax
+must not be introduced by a leading zero, because no more than three octal
+digits are ever read.
+.P
+By default, after \ex that is not followed by {, from zero to two hexadecimal
+digits are read (letters can be in upper or lower case). Any number of
+hexadecimal digits may appear between \ex{ and }. If a character other than
+a hexadecimal digit appears between \ex{ and }, or if there is no terminating
+}, an error occurs.
+.P
+If the PCRE_JAVASCRIPT_COMPAT option is set, the interpretation of \ex is
+as just described only when it is followed by two hexadecimal digits.
+Otherwise, it matches a literal "x" character. In JavaScript mode, support for
+code points greater than 256 is provided by \eu, which must be followed by
+four hexadecimal digits; otherwise it matches a literal "u" character.
+.P
+Characters whose value is less than 256 can be defined by either of the two
+syntaxes for \ex (or by \eu in JavaScript mode). There is no difference in the
+way they are handled. For example, \exdc is exactly the same as \ex{dc} (or
+\eu00dc in JavaScript mode).
+.
+.
+.SS "Constraints on character values"
+.rs
+.sp
+Characters that are specified using octal or hexadecimal numbers are
+limited to certain values, as follows:
+.sp
+  8-bit non-UTF mode    less than 0x100
+  8-bit UTF-8 mode      less than 0x10ffff and a valid codepoint
+  16-bit non-UTF mode   less than 0x10000
+  16-bit UTF-16 mode    less than 0x10ffff and a valid codepoint
+  32-bit non-UTF mode   less than 0x100000000
+  32-bit UTF-32 mode    less than 0x10ffff and a valid codepoint
+.sp
+Invalid Unicode codepoints are the range 0xd800 to 0xdfff (the so-called
+"surrogate" codepoints), and 0xffef.
+.
+.
+.SS "Escape sequences in character classes"
+.rs
+.sp
+All the sequences that define a single character value can be used both inside
+and outside character classes. In addition, inside a character class, \eb is
+interpreted as the backspace character (hex 08).
+.P
+\eN is not allowed in a character class. \eB, \eR, and \eX are not special
+inside a character class. Like other unrecognized escape sequences, they are
+treated as the literal characters "B", "R", and "X" by default, but cause an
+error if the PCRE_EXTRA option is set. Outside a character class, these
+sequences have different meanings.
+.
+.
+.SS "Unsupported escape sequences"
+.rs
+.sp
+In Perl, the sequences \el, \eL, \eu, and \eU are recognized by its string
+handler and used to modify the case of following characters. By default, PCRE
+does not support these escape sequences. However, if the PCRE_JAVASCRIPT_COMPAT
+option is set, \eU matches a "U" character, and \eu can be used to define a
+character by code point, as described in the previous section.
+.
+.
+.SS "Absolute and relative back references"
+.rs
+.sp
+The sequence \eg followed by an unsigned or a negative number, optionally
+enclosed in braces, is an absolute or relative back reference. A named back
+reference can be coded as \eg{name}. Back references are discussed
+.\" HTML <a href="#backreferences">
+.\" </a>
+later,
+.\"
+following the discussion of
+.\" HTML <a href="#subpattern">
+.\" </a>
+parenthesized subpatterns.
+.\"
+.
+.
+.SS "Absolute and relative subroutine calls"
+.rs
+.sp
+For compatibility with Oniguruma, the non-Perl syntax \eg followed by a name or
+a number enclosed either in angle brackets or single quotes, is an alternative
+syntax for referencing a subpattern as a "subroutine". Details are discussed
+.\" HTML <a href="#onigurumasubroutines">
+.\" </a>
+later.
+.\"
+Note that \eg{...} (Perl syntax) and \eg<...> (Oniguruma syntax) are \fInot\fP
+synonymous. The former is a back reference; the latter is a
+.\" HTML <a href="#subpatternsassubroutines">
+.\" </a>
+subroutine
+.\"
+call.
+.
+.
+.\" HTML <a name="genericchartypes"></a>
+.SS "Generic character types"
+.rs
+.sp
+Another use of backslash is for specifying generic character types:
+.sp
+  \ed     any decimal digit
+  \eD     any character that is not a decimal digit
+  \eh     any horizontal white space character
+  \eH     any character that is not a horizontal white space character
+  \es     any white space character
+  \eS     any character that is not a white space character
+  \ev     any vertical white space character
+  \eV     any character that is not a vertical white space character
+  \ew     any "word" character
+  \eW     any "non-word" character
+.sp
+There is also the single sequence \eN, which matches a non-newline character.
+This is the same as
+.\" HTML <a href="#fullstopdot">
+.\" </a>
+the "." metacharacter
+.\"
+when PCRE_DOTALL is not set. Perl also uses \eN to match characters by name;
+PCRE does not support this.
+.P
+Each pair of lower and upper case escape sequences partitions the complete set
+of characters into two disjoint sets. Any given character matches one, and only
+one, of each pair. The sequences can appear both inside and outside character
+classes. They each match one character of the appropriate type. If the current
+matching point is at the end of the subject string, all of them fail, because
+there is no character to match.
+.P
+For compatibility with Perl, \es did not used to match the VT character (code
+11), which made it different from the the POSIX "space" class. However, Perl
+added VT at release 5.18, and PCRE followed suit at release 8.34. The default
+\es characters are now HT (9), LF (10), VT (11), FF (12), CR (13), and space
+(32), which are defined as white space in the "C" locale. This list may vary if
+locale-specific matching is taking place. For example, in some locales the
+"non-breaking space" character (\exA0) is recognized as white space, and in
+others the VT character is not.
+.P
+A "word" character is an underscore or any character that is a letter or digit.
+By default, the definition of letters and digits is controlled by PCRE's
+low-valued character tables, and may vary if locale-specific matching is taking
+place (see
+.\" HTML <a href="pcreapi.html#localesupport">
+.\" </a>
+"Locale support"
+.\"
+in the
+.\" HREF
+\fBpcreapi\fP
+.\"
+page). For example, in a French locale such as "fr_FR" in Unix-like systems,
+or "french" in Windows, some character codes greater than 127 are used for
+accented letters, and these are then matched by \ew. The use of locales with
+Unicode is discouraged.
+.P
+By default, characters whose code points are greater than 127 never match \ed,
+\es, or \ew, and always match \eD, \eS, and \eW, although this may vary for
+characters in the range 128-255 when locale-specific matching is happening.
+These escape sequences retain their original meanings from before Unicode
+support was available, mainly for efficiency reasons. If PCRE is compiled with
+Unicode property support, and the PCRE_UCP option is set, the behaviour is
+changed so that Unicode properties are used to determine character types, as
+follows:
+.sp
+  \ed  any character that matches \ep{Nd} (decimal digit)
+  \es  any character that matches \ep{Z} or \eh or \ev
+  \ew  any character that matches \ep{L} or \ep{N}, plus underscore
+.sp
+The upper case escapes match the inverse sets of characters. Note that \ed
+matches only decimal digits, whereas \ew matches any Unicode digit, as well as
+any Unicode letter, and underscore. Note also that PCRE_UCP affects \eb, and
+\eB because they are defined in terms of \ew and \eW. Matching these sequences
+is noticeably slower when PCRE_UCP is set.
+.P
+The sequences \eh, \eH, \ev, and \eV are features that were added to Perl at
+release 5.10. In contrast to the other sequences, which match only ASCII
+characters by default, these always match certain high-valued code points,
+whether or not PCRE_UCP is set. The horizontal space characters are:
+.sp
+  U+0009     Horizontal tab (HT)
+  U+0020     Space
+  U+00A0     Non-break space
+  U+1680     Ogham space mark
+  U+180E     Mongolian vowel separator
+  U+2000     En quad
+  U+2001     Em quad
+  U+2002     En space
+  U+2003     Em space
+  U+2004     Three-per-em space
+  U+2005     Four-per-em space
+  U+2006     Six-per-em space
+  U+2007     Figure space
+  U+2008     Punctuation space
+  U+2009     Thin space
+  U+200A     Hair space
+  U+202F     Narrow no-break space
+  U+205F     Medium mathematical space
+  U+3000     Ideographic space
+.sp
+The vertical space characters are:
+.sp
+  U+000A     Linefeed (LF)
+  U+000B     Vertical tab (VT)
+  U+000C     Form feed (FF)
+  U+000D     Carriage return (CR)
+  U+0085     Next line (NEL)
+  U+2028     Line separator
+  U+2029     Paragraph separator
+.sp
+In 8-bit, non-UTF-8 mode, only the characters with codepoints less than 256 are
+relevant.
+.
+.
+.\" HTML <a name="newlineseq"></a>
+.SS "Newline sequences"
+.rs
+.sp
+Outside a character class, by default, the escape sequence \eR matches any
+Unicode newline sequence. In 8-bit non-UTF-8 mode \eR is equivalent to the
+following:
+.sp
+  (?>\er\en|\en|\ex0b|\ef|\er|\ex85)
+.sp
+This is an example of an "atomic group", details of which are given
+.\" HTML <a href="#atomicgroup">
+.\" </a>
+below.
+.\"
+This particular group matches either the two-character sequence CR followed by
+LF, or one of the single characters LF (linefeed, U+000A), VT (vertical tab,
+U+000B), FF (form feed, U+000C), CR (carriage return, U+000D), or NEL (next
+line, U+0085). The two-character sequence is treated as a single unit that
+cannot be split.
+.P
+In other modes, two additional characters whose codepoints are greater than 255
+are added: LS (line separator, U+2028) and PS (paragraph separator, U+2029).
+Unicode character property support is not needed for these characters to be
+recognized.
+.P
+It is possible to restrict \eR to match only CR, LF, or CRLF (instead of the
+complete set of Unicode line endings) by setting the option PCRE_BSR_ANYCRLF
+either at compile time or when the pattern is matched. (BSR is an abbrevation
+for "backslash R".) This can be made the default when PCRE is built; if this is
+the case, the other behaviour can be requested via the PCRE_BSR_UNICODE option.
+It is also possible to specify these settings by starting a pattern string with
+one of the following sequences:
+.sp
+  (*BSR_ANYCRLF)   CR, LF, or CRLF only
+  (*BSR_UNICODE)   any Unicode newline sequence
+.sp
+These override the default and the options given to the compiling function, but
+they can themselves be overridden by options given to a matching function. Note
+that these special settings, which are not Perl-compatible, are recognized only
+at the very start of a pattern, and that they must be in upper case. If more
+than one of them is present, the last one is used. They can be combined with a
+change of newline convention; for example, a pattern can start with:
+.sp
+  (*ANY)(*BSR_ANYCRLF)
+.sp
+They can also be combined with the (*UTF8), (*UTF16), (*UTF32), (*UTF) or
+(*UCP) special sequences. Inside a character class, \eR is treated as an
+unrecognized escape sequence, and so matches the letter "R" by default, but
+causes an error if PCRE_EXTRA is set.
+.
+.
+.\" HTML <a name="uniextseq"></a>
+.SS Unicode character properties
+.rs
+.sp
+When PCRE is built with Unicode character property support, three additional
+escape sequences that match characters with specific properties are available.
+When in 8-bit non-UTF-8 mode, these sequences are of course limited to testing
+characters whose codepoints are less than 256, but they do work in this mode.
+The extra escape sequences are:
+.sp
+  \ep{\fIxx\fP}   a character with the \fIxx\fP property
+  \eP{\fIxx\fP}   a character without the \fIxx\fP property
+  \eX       a Unicode extended grapheme cluster
+.sp
+The property names represented by \fIxx\fP above are limited to the Unicode
+script names, the general category properties, "Any", which matches any
+character (including newline), and some special PCRE properties (described
+in the
+.\" HTML <a href="#extraprops">
+.\" </a>
+next section).
+.\"
+Other Perl properties such as "InMusicalSymbols" are not currently supported by
+PCRE. Note that \eP{Any} does not match any characters, so always causes a
+match failure.
+.P
+Sets of Unicode characters are defined as belonging to certain scripts. A
+character from one of these sets can be matched using a script name. For
+example:
+.sp
+  \ep{Greek}
+  \eP{Han}
+.sp
+Those that are not part of an identified script are lumped together as
+"Common". The current list of scripts is:
+.P
+Arabic,
+Armenian,
+Avestan,
+Balinese,
+Bamum,
+Bassa_Vah,
+Batak,
+Bengali,
+Bopomofo,
+Brahmi,
+Braille,
+Buginese,
+Buhid,
+Canadian_Aboriginal,
+Carian,
+Caucasian_Albanian,
+Chakma,
+Cham,
+Cherokee,
+Common,
+Coptic,
+Cuneiform,
+Cypriot,
+Cyrillic,
+Deseret,
+Devanagari,
+Duployan,
+Egyptian_Hieroglyphs,
+Elbasan,
+Ethiopic,
+Georgian,
+Glagolitic,
+Gothic,
+Grantha,
+Greek,
+Gujarati,
+Gurmukhi,
+Han,
+Hangul,
+Hanunoo,
+Hebrew,
+Hiragana,
+Imperial_Aramaic,
+Inherited,
+Inscriptional_Pahlavi,
+Inscriptional_Parthian,
+Javanese,
+Kaithi,
+Kannada,
+Katakana,
+Kayah_Li,
+Kharoshthi,
+Khmer,
+Khojki,
+Khudawadi,
+Lao,
+Latin,
+Lepcha,
+Limbu,
+Linear_A,
+Linear_B,
+Lisu,
+Lycian,
+Lydian,
+Mahajani,
+Malayalam,
+Mandaic,
+Manichaean,
+Meetei_Mayek,
+Mende_Kikakui,
+Meroitic_Cursive,
+Meroitic_Hieroglyphs,
+Miao,
+Modi,
+Mongolian,
+Mro,
+Myanmar,
+Nabataean,
+New_Tai_Lue,
+Nko,
+Ogham,
+Ol_Chiki,
+Old_Italic,
+Old_North_Arabian,
+Old_Permic,
+Old_Persian,
+Old_South_Arabian,
+Old_Turkic,
+Oriya,
+Osmanya,
+Pahawh_Hmong,
+Palmyrene,
+Pau_Cin_Hau,
+Phags_Pa,
+Phoenician,
+Psalter_Pahlavi,
+Rejang,
+Runic,
+Samaritan,
+Saurashtra,
+Sharada,
+Shavian,
+Siddham,
+Sinhala,
+Sora_Sompeng,
+Sundanese,
+Syloti_Nagri,
+Syriac,
+Tagalog,
+Tagbanwa,
+Tai_Le,
+Tai_Tham,
+Tai_Viet,
+Takri,
+Tamil,
+Telugu,
+Thaana,
+Thai,
+Tibetan,
+Tifinagh,
+Tirhuta,
+Ugaritic,
+Vai,
+Warang_Citi,
+Yi.
+.P
+Each character has exactly one Unicode general category property, specified by
+a two-letter abbreviation. For compatibility with Perl, negation can be
+specified by including a circumflex between the opening brace and the property
+name. For example, \ep{^Lu} is the same as \eP{Lu}.
+.P
+If only one letter is specified with \ep or \eP, it includes all the general
+category properties that start with that letter. In this case, in the absence
+of negation, the curly brackets in the escape sequence are optional; these two
+examples have the same effect:
+.sp
+  \ep{L}
+  \epL
+.sp
+The following general category property codes are supported:
+.sp
+  C     Other
+  Cc    Control
+  Cf    Format
+  Cn    Unassigned
+  Co    Private use
+  Cs    Surrogate
+.sp
+  L     Letter
+  Ll    Lower case letter
+  Lm    Modifier letter
+  Lo    Other letter
+  Lt    Title case letter
+  Lu    Upper case letter
+.sp
+  M     Mark
+  Mc    Spacing mark
+  Me    Enclosing mark
+  Mn    Non-spacing mark
+.sp
+  N     Number
+  Nd    Decimal number
+  Nl    Letter number
+  No    Other number
+.sp
+  P     Punctuation
+  Pc    Connector punctuation
+  Pd    Dash punctuation
+  Pe    Close punctuation
+  Pf    Final punctuation
+  Pi    Initial punctuation
+  Po    Other punctuation
+  Ps    Open punctuation
+.sp
+  S     Symbol
+  Sc    Currency symbol
+  Sk    Modifier symbol
+  Sm    Mathematical symbol
+  So    Other symbol
+.sp
+  Z     Separator
+  Zl    Line separator
+  Zp    Paragraph separator
+  Zs    Space separator
+.sp
+The special property L& is also supported: it matches a character that has
+the Lu, Ll, or Lt property, in other words, a letter that is not classified as
+a modifier or "other".
+.P
+The Cs (Surrogate) property applies only to characters in the range U+D800 to
+U+DFFF. Such characters are not valid in Unicode strings and so
+cannot be tested by PCRE, unless UTF validity checking has been turned off
+(see the discussion of PCRE_NO_UTF8_CHECK, PCRE_NO_UTF16_CHECK and
+PCRE_NO_UTF32_CHECK in the
+.\" HREF
+\fBpcreapi\fP
+.\"
+page). Perl does not support the Cs property.
+.P
+The long synonyms for property names that Perl supports (such as \ep{Letter})
+are not supported by PCRE, nor is it permitted to prefix any of these
+properties with "Is".
+.P
+No character that is in the Unicode table has the Cn (unassigned) property.
+Instead, this property is assumed for any code point that is not in the
+Unicode table.
+.P
+Specifying caseless matching does not affect these escape sequences. For
+example, \ep{Lu} always matches only upper case letters. This is different from
+the behaviour of current versions of Perl.
+.P
+Matching characters by Unicode property is not fast, because PCRE has to do a
+multistage table lookup in order to find a character's property. That is why
+the traditional escape sequences such as \ed and \ew do not use Unicode
+properties in PCRE by default, though you can make them do so by setting the
+PCRE_UCP option or by starting the pattern with (*UCP).
+.
+.
+.SS Extended grapheme clusters
+.rs
+.sp
+The \eX escape matches any number of Unicode characters that form an "extended
+grapheme cluster", and treats the sequence as an atomic group
+.\" HTML <a href="#atomicgroup">
+.\" </a>
+(see below).
+.\"
+Up to and including release 8.31, PCRE matched an earlier, simpler definition
+that was equivalent to
+.sp
+  (?>\ePM\epM*)
+.sp
+That is, it matched a character without the "mark" property, followed by zero
+or more characters with the "mark" property. Characters with the "mark"
+property are typically non-spacing accents that affect the preceding character.
+.P
+This simple definition was extended in Unicode to include more complicated
+kinds of composite character by giving each character a grapheme breaking
+property, and creating rules that use these properties to define the boundaries
+of extended grapheme clusters. In releases of PCRE later than 8.31, \eX matches
+one of these clusters.
+.P
+\eX always matches at least one character. Then it decides whether to add
+additional characters according to the following rules for ending a cluster:
+.P
+1. End at the end of the subject string.
+.P
+2. Do not end between CR and LF; otherwise end after any control character.
+.P
+3. Do not break Hangul (a Korean script) syllable sequences. Hangul characters
+are of five types: L, V, T, LV, and LVT. An L character may be followed by an
+L, V, LV, or LVT character; an LV or V character may be followed by a V or T
+character; an LVT or T character may be follwed only by a T character.
+.P
+4. Do not end before extending characters or spacing marks. Characters with
+the "mark" property always have the "extend" grapheme breaking property.
+.P
+5. Do not end after prepend characters.
+.P
+6. Otherwise, end the cluster.
+.
+.
+.\" HTML <a name="extraprops"></a>
+.SS PCRE's additional properties
+.rs
+.sp
+As well as the standard Unicode properties described above, PCRE supports four
+more that make it possible to convert traditional escape sequences such as \ew
+and \es to use Unicode properties. PCRE uses these non-standard, non-Perl
+properties internally when PCRE_UCP is set. However, they may also be used
+explicitly. These properties are:
+.sp
+  Xan   Any alphanumeric character
+  Xps   Any POSIX space character
+  Xsp   Any Perl space character
+  Xwd   Any Perl "word" character
+.sp
+Xan matches characters that have either the L (letter) or the N (number)
+property. Xps matches the characters tab, linefeed, vertical tab, form feed, or
+carriage return, and any other character that has the Z (separator) property.
+Xsp is the same as Xps; it used to exclude vertical tab, for Perl
+compatibility, but Perl changed, and so PCRE followed at release 8.34. Xwd
+matches the same characters as Xan, plus underscore.
+.P
+There is another non-standard property, Xuc, which matches any character that
+can be represented by a Universal Character Name in C++ and other programming
+languages. These are the characters $, @, ` (grave accent), and all characters
+with Unicode code points greater than or equal to U+00A0, except for the
+surrogates U+D800 to U+DFFF. Note that most base (ASCII) characters are
+excluded. (Universal Character Names are of the form \euHHHH or \eUHHHHHHHH
+where H is a hexadecimal digit. Note that the Xuc property does not match these
+sequences but the characters that they represent.)
+.
+.
+.\" HTML <a name="resetmatchstart"></a>
+.SS "Resetting the match start"
+.rs
+.sp
+The escape sequence \eK causes any previously matched characters not to be
+included in the final matched sequence. For example, the pattern:
+.sp
+  foo\eKbar
+.sp
+matches "foobar", but reports that it has matched "bar". This feature is
+similar to a lookbehind assertion
+.\" HTML <a href="#lookbehind">
+.\" </a>
+(described below).
+.\"
+However, in this case, the part of the subject before the real match does not
+have to be of fixed length, as lookbehind assertions do. The use of \eK does
+not interfere with the setting of
+.\" HTML <a href="#subpattern">
+.\" </a>
+captured substrings.
+.\"
+For example, when the pattern
+.sp
+  (foo)\eKbar
+.sp
+matches "foobar", the first substring is still set to "foo".
+.P
+Perl documents that the use of \eK within assertions is "not well defined". In
+PCRE, \eK is acted upon when it occurs inside positive assertions, but is
+ignored in negative assertions. Note that when a pattern such as (?=ab\eK)
+matches, the reported start of the match can be greater than the end of the
+match.
+.
+.
+.\" HTML <a name="smallassertions"></a>
+.SS "Simple assertions"
+.rs
+.sp
+The final use of backslash is for certain simple assertions. An assertion
+specifies a condition that has to be met at a particular point in a match,
+without consuming any characters from the subject string. The use of
+subpatterns for more complicated assertions is described
+.\" HTML <a href="#bigassertions">
+.\" </a>
+below.
+.\"
+The backslashed assertions are:
+.sp
+  \eb     matches at a word boundary
+  \eB     matches when not at a word boundary
+  \eA     matches at the start of the subject
+  \eZ     matches at the end of the subject
+          also matches before a newline at the end of the subject
+  \ez     matches only at the end of the subject
+  \eG     matches at the first matching position in the subject
+.sp
+Inside a character class, \eb has a different meaning; it matches the backspace
+character. If any other of these assertions appears in a character class, by
+default it matches the corresponding literal character (for example, \eB
+matches the letter B). However, if the PCRE_EXTRA option is set, an "invalid
+escape sequence" error is generated instead.
+.P
+A word boundary is a position in the subject string where the current character
+and the previous character do not both match \ew or \eW (i.e. one matches
+\ew and the other matches \eW), or the start or end of the string if the
+first or last character matches \ew, respectively. In a UTF mode, the meanings
+of \ew and \eW can be changed by setting the PCRE_UCP option. When this is
+done, it also affects \eb and \eB. Neither PCRE nor Perl has a separate "start
+of word" or "end of word" metasequence. However, whatever follows \eb normally
+determines which it is. For example, the fragment \eba matches "a" at the start
+of a word.
+.P
+The \eA, \eZ, and \ez assertions differ from the traditional circumflex and
+dollar (described in the next section) in that they only ever match at the very
+start and end of the subject string, whatever options are set. Thus, they are
+independent of multiline mode. These three assertions are not affected by the
+PCRE_NOTBOL or PCRE_NOTEOL options, which affect only the behaviour of the
+circumflex and dollar metacharacters. However, if the \fIstartoffset\fP
+argument of \fBpcre_exec()\fP is non-zero, indicating that matching is to start
+at a point other than the beginning of the subject, \eA can never match. The
+difference between \eZ and \ez is that \eZ matches before a newline at the end
+of the string as well as at the very end, whereas \ez matches only at the end.
+.P
+The \eG assertion is true only when the current matching position is at the
+start point of the match, as specified by the \fIstartoffset\fP argument of
+\fBpcre_exec()\fP. It differs from \eA when the value of \fIstartoffset\fP is
+non-zero. By calling \fBpcre_exec()\fP multiple times with appropriate
+arguments, you can mimic Perl's /g option, and it is in this kind of
+implementation where \eG can be useful.
+.P
+Note, however, that PCRE's interpretation of \eG, as the start of the current
+match, is subtly different from Perl's, which defines it as the end of the
+previous match. In Perl, these can be different when the previously matched
+string was empty. Because PCRE does just one match at a time, it cannot
+reproduce this behaviour.
+.P
+If all the alternatives of a pattern begin with \eG, the expression is anchored
+to the starting match position, and the "anchored" flag is set in the compiled
+regular expression.
+.
+.
+.SH "CIRCUMFLEX AND DOLLAR"
+.rs
+.sp
+The circumflex and dollar metacharacters are zero-width assertions. That is,
+they test for a particular condition being true without consuming any
+characters from the subject string.
+.P
+Outside a character class, in the default matching mode, the circumflex
+character is an assertion that is true only if the current matching point is at
+the start of the subject string. If the \fIstartoffset\fP argument of
+\fBpcre_exec()\fP is non-zero, circumflex can never match if the PCRE_MULTILINE
+option is unset. Inside a character class, circumflex has an entirely different
+meaning
+.\" HTML <a href="#characterclass">
+.\" </a>
+(see below).
+.\"
+.P
+Circumflex need not be the first character of the pattern if a number of
+alternatives are involved, but it should be the first thing in each alternative
+in which it appears if the pattern is ever to match that branch. If all
+possible alternatives start with a circumflex, that is, if the pattern is
+constrained to match only at the start of the subject, it is said to be an
+"anchored" pattern. (There are also other constructs that can cause a pattern
+to be anchored.)
+.P
+The dollar character is an assertion that is true only if the current matching
+point is at the end of the subject string, or immediately before a newline at
+the end of the string (by default). Note, however, that it does not actually
+match the newline. Dollar need not be the last character of the pattern if a
+number of alternatives are involved, but it should be the last item in any
+branch in which it appears. Dollar has no special meaning in a character class.
+.P
+The meaning of dollar can be changed so that it matches only at the very end of
+the string, by setting the PCRE_DOLLAR_ENDONLY option at compile time. This
+does not affect the \eZ assertion.
+.P
+The meanings of the circumflex and dollar characters are changed if the
+PCRE_MULTILINE option is set. When this is the case, a circumflex matches
+immediately after internal newlines as well as at the start of the subject
+string. It does not match after a newline that ends the string. A dollar
+matches before any newlines in the string, as well as at the very end, when
+PCRE_MULTILINE is set. When newline is specified as the two-character
+sequence CRLF, isolated CR and LF characters do not indicate newlines.
+.P
+For example, the pattern /^abc$/ matches the subject string "def\enabc" (where
+\en represents a newline) in multiline mode, but not otherwise. Consequently,
+patterns that are anchored in single line mode because all branches start with
+^ are not anchored in multiline mode, and a match for circumflex is possible
+when the \fIstartoffset\fP argument of \fBpcre_exec()\fP is non-zero. The
+PCRE_DOLLAR_ENDONLY option is ignored if PCRE_MULTILINE is set.
+.P
+Note that the sequences \eA, \eZ, and \ez can be used to match the start and
+end of the subject in both modes, and if all branches of a pattern start with
+\eA it is always anchored, whether or not PCRE_MULTILINE is set.
+.
+.
+.\" HTML <a name="fullstopdot"></a>
+.SH "FULL STOP (PERIOD, DOT) AND \eN"
+.rs
+.sp
+Outside a character class, a dot in the pattern matches any one character in
+the subject string except (by default) a character that signifies the end of a
+line.
+.P
+When a line ending is defined as a single character, dot never matches that
+character; when the two-character sequence CRLF is used, dot does not match CR
+if it is immediately followed by LF, but otherwise it matches all characters
+(including isolated CRs and LFs). When any Unicode line endings are being
+recognized, dot does not match CR or LF or any of the other line ending
+characters.
+.P
+The behaviour of dot with regard to newlines can be changed. If the PCRE_DOTALL
+option is set, a dot matches any one character, without exception. If the
+two-character sequence CRLF is present in the subject string, it takes two dots
+to match it.
+.P
+The handling of dot is entirely independent of the handling of circumflex and
+dollar, the only relationship being that they both involve newlines. Dot has no
+special meaning in a character class.
+.P
+The escape sequence \eN behaves like a dot, except that it is not affected by
+the PCRE_DOTALL option. In other words, it matches any character except one
+that signifies the end of a line. Perl also uses \eN to match characters by
+name; PCRE does not support this.
+.
+.
+.SH "MATCHING A SINGLE DATA UNIT"
+.rs
+.sp
+Outside a character class, the escape sequence \eC matches any one data unit,
+whether or not a UTF mode is set. In the 8-bit library, one data unit is one
+byte; in the 16-bit library it is a 16-bit unit; in the 32-bit library it is
+a 32-bit unit. Unlike a dot, \eC always
+matches line-ending characters. The feature is provided in Perl in order to
+match individual bytes in UTF-8 mode, but it is unclear how it can usefully be
+used. Because \eC breaks up characters into individual data units, matching one
+unit with \eC in a UTF mode means that the rest of the string may start with a
+malformed UTF character. This has undefined results, because PCRE assumes that
+it is dealing with valid UTF strings (and by default it checks this at the
+start of processing unless the PCRE_NO_UTF8_CHECK, PCRE_NO_UTF16_CHECK or
+PCRE_NO_UTF32_CHECK option is used).
+.P
+PCRE does not allow \eC to appear in lookbehind assertions
+.\" HTML <a href="#lookbehind">
+.\" </a>
+(described below)
+.\"
+in a UTF mode, because this would make it impossible to calculate the length of
+the lookbehind.
+.P
+In general, the \eC escape sequence is best avoided. However, one
+way of using it that avoids the problem of malformed UTF characters is to use a
+lookahead to check the length of the next character, as in this pattern, which
+could be used with a UTF-8 string (ignore white space and line breaks):
+.sp
+  (?| (?=[\ex00-\ex7f])(\eC) |
+      (?=[\ex80-\ex{7ff}])(\eC)(\eC) |
+      (?=[\ex{800}-\ex{ffff}])(\eC)(\eC)(\eC) |
+      (?=[\ex{10000}-\ex{1fffff}])(\eC)(\eC)(\eC)(\eC))
+.sp
+A group that starts with (?| resets the capturing parentheses numbers in each
+alternative (see
+.\" HTML <a href="#dupsubpatternnumber">
+.\" </a>
+"Duplicate Subpattern Numbers"
+.\"
+below). The assertions at the start of each branch check the next UTF-8
+character for values whose encoding uses 1, 2, 3, or 4 bytes, respectively. The
+character's individual bytes are then captured by the appropriate number of
+groups.
+.
+.
+.\" HTML <a name="characterclass"></a>
+.SH "SQUARE BRACKETS AND CHARACTER CLASSES"
+.rs
+.sp
+An opening square bracket introduces a character class, terminated by a closing
+square bracket. A closing square bracket on its own is not special by default.
+However, if the PCRE_JAVASCRIPT_COMPAT option is set, a lone closing square
+bracket causes a compile-time error. If a closing square bracket is required as
+a member of the class, it should be the first data character in the class
+(after an initial circumflex, if present) or escaped with a backslash.
+.P
+A character class matches a single character in the subject. In a UTF mode, the
+character may be more than one data unit long. A matched character must be in
+the set of characters defined by the class, unless the first character in the
+class definition is a circumflex, in which case the subject character must not
+be in the set defined by the class. If a circumflex is actually required as a
+member of the class, ensure it is not the first character, or escape it with a
+backslash.
+.P
+For example, the character class [aeiou] matches any lower case vowel, while
+[^aeiou] matches any character that is not a lower case vowel. Note that a
+circumflex is just a convenient notation for specifying the characters that
+are in the class by enumerating those that are not. A class that starts with a
+circumflex is not an assertion; it still consumes a character from the subject
+string, and therefore it fails if the current pointer is at the end of the
+string.
+.P
+In UTF-8 (UTF-16, UTF-32) mode, characters with values greater than 255 (0xffff)
+can be included in a class as a literal string of data units, or by using the
+\ex{ escaping mechanism.
+.P
+When caseless matching is set, any letters in a class represent both their
+upper case and lower case versions, so for example, a caseless [aeiou] matches
+"A" as well as "a", and a caseless [^aeiou] does not match "A", whereas a
+caseful version would. In a UTF mode, PCRE always understands the concept of
+case for characters whose values are less than 128, so caseless matching is
+always possible. For characters with higher values, the concept of case is
+supported if PCRE is compiled with Unicode property support, but not otherwise.
+If you want to use caseless matching in a UTF mode for characters 128 and
+above, you must ensure that PCRE is compiled with Unicode property support as
+well as with UTF support.
+.P
+Characters that might indicate line breaks are never treated in any special way
+when matching character classes, whatever line-ending sequence is in use, and
+whatever setting of the PCRE_DOTALL and PCRE_MULTILINE options is used. A class
+such as [^a] always matches one of these characters.
+.P
+The minus (hyphen) character can be used to specify a range of characters in a
+character class. For example, [d-m] matches any letter between d and m,
+inclusive. If a minus character is required in a class, it must be escaped with
+a backslash or appear in a position where it cannot be interpreted as
+indicating a range, typically as the first or last character in the class, or
+immediately after a range. For example, [b-d-z] matches letters in the range b
+to d, a hyphen character, or z.
+.P
+It is not possible to have the literal character "]" as the end character of a
+range. A pattern such as [W-]46] is interpreted as a class of two characters
+("W" and "-") followed by a literal string "46]", so it would match "W46]" or
+"-46]". However, if the "]" is escaped with a backslash it is interpreted as
+the end of range, so [W-\e]46] is interpreted as a class containing a range
+followed by two other characters. The octal or hexadecimal representation of
+"]" can also be used to end a range.
+.P
+An error is generated if a POSIX character class (see below) or an escape
+sequence other than one that defines a single character appears at a point
+where a range ending character is expected. For example, [z-\exff] is valid,
+but [A-\ed] and [A-[:digit:]] are not.
+.P
+Ranges operate in the collating sequence of character values. They can also be
+used for characters specified numerically, for example [\e000-\e037]. Ranges
+can include any characters that are valid for the current mode.
+.P
+If a range that includes letters is used when caseless matching is set, it
+matches the letters in either case. For example, [W-c] is equivalent to
+[][\e\e^_`wxyzabc], matched caselessly, and in a non-UTF mode, if character
+tables for a French locale are in use, [\exc8-\excb] matches accented E
+characters in both cases. In UTF modes, PCRE supports the concept of case for
+characters with values greater than 128 only when it is compiled with Unicode
+property support.
+.P
+The character escape sequences \ed, \eD, \eh, \eH, \ep, \eP, \es, \eS, \ev,
+\eV, \ew, and \eW may appear in a character class, and add the characters that
+they match to the class. For example, [\edABCDEF] matches any hexadecimal
+digit. In UTF modes, the PCRE_UCP option affects the meanings of \ed, \es, \ew
+and their upper case partners, just as it does when they appear outside a
+character class, as described in the section entitled
+.\" HTML <a href="#genericchartypes">
+.\" </a>
+"Generic character types"
+.\"
+above. The escape sequence \eb has a different meaning inside a character
+class; it matches the backspace character. The sequences \eB, \eN, \eR, and \eX
+are not special inside a character class. Like any other unrecognized escape
+sequences, they are treated as the literal characters "B", "N", "R", and "X" by
+default, but cause an error if the PCRE_EXTRA option is set.
+.P
+A circumflex can conveniently be used with the upper case character types to
+specify a more restricted set of characters than the matching lower case type.
+For example, the class [^\eW_] matches any letter or digit, but not underscore,
+whereas [\ew] includes underscore. A positive character class should be read as
+"something OR something OR ..." and a negative class as "NOT something AND NOT
+something AND NOT ...".
+.P
+The only metacharacters that are recognized in character classes are backslash,
+hyphen (only where it can be interpreted as specifying a range), circumflex
+(only at the start), opening square bracket (only when it can be interpreted as
+introducing a POSIX class name, or for a special compatibility feature - see
+the next two sections), and the terminating closing square bracket. However,
+escaping other non-alphanumeric characters does no harm.
+.
+.
+.SH "POSIX CHARACTER CLASSES"
+.rs
+.sp
+Perl supports the POSIX notation for character classes. This uses names
+enclosed by [: and :] within the enclosing square brackets. PCRE also supports
+this notation. For example,
+.sp
+  [01[:alpha:]%]
+.sp
+matches "0", "1", any alphabetic character, or "%". The supported class names
+are:
+.sp
+  alnum    letters and digits
+  alpha    letters
+  ascii    character codes 0 - 127
+  blank    space or tab only
+  cntrl    control characters
+  digit    decimal digits (same as \ed)
+  graph    printing characters, excluding space
+  lower    lower case letters
+  print    printing characters, including space
+  punct    printing characters, excluding letters and digits and space
+  space    white space (the same as \es from PCRE 8.34)
+  upper    upper case letters
+  word     "word" characters (same as \ew)
+  xdigit   hexadecimal digits
+.sp
+The default "space" characters are HT (9), LF (10), VT (11), FF (12), CR (13),
+and space (32). If locale-specific matching is taking place, the list of space
+characters may be different; there may be fewer or more of them. "Space" used
+to be different to \es, which did not include VT, for Perl compatibility.
+However, Perl changed at release 5.18, and PCRE followed at release 8.34.
+"Space" and \es now match the same set of characters.
+.P
+The name "word" is a Perl extension, and "blank" is a GNU extension from Perl
+5.8. Another Perl extension is negation, which is indicated by a ^ character
+after the colon. For example,
+.sp
+  [12[:^digit:]]
+.sp
+matches "1", "2", or any non-digit. PCRE (and Perl) also recognize the POSIX
+syntax [.ch.] and [=ch=] where "ch" is a "collating element", but these are not
+supported, and an error is given if they are encountered.
+.P
+By default, characters with values greater than 128 do not match any of the
+POSIX character classes. However, if the PCRE_UCP option is passed to
+\fBpcre_compile()\fP, some of the classes are changed so that Unicode character
+properties are used. This is achieved by replacing certain POSIX classes by
+other sequences, as follows:
+.sp
+  [:alnum:]  becomes  \ep{Xan}
+  [:alpha:]  becomes  \ep{L}
+  [:blank:]  becomes  \eh
+  [:digit:]  becomes  \ep{Nd}
+  [:lower:]  becomes  \ep{Ll}
+  [:space:]  becomes  \ep{Xps}
+  [:upper:]  becomes  \ep{Lu}
+  [:word:]   becomes  \ep{Xwd}
+.sp
+Negated versions, such as [:^alpha:] use \eP instead of \ep. Three other POSIX
+classes are handled specially in UCP mode:
+.TP 10
+[:graph:]
+This matches characters that have glyphs that mark the page when printed. In
+Unicode property terms, it matches all characters with the L, M, N, P, S, or Cf
+properties, except for:
+.sp
+  U+061C           Arabic Letter Mark
+  U+180E           Mongolian Vowel Separator
+  U+2066 - U+2069  Various "isolate"s
+.sp
+.TP 10
+[:print:]
+This matches the same characters as [:graph:] plus space characters that are
+not controls, that is, characters with the Zs property.
+.TP 10
+[:punct:]
+This matches all characters that have the Unicode P (punctuation) property,
+plus those characters whose code points are less than 128 that have the S
+(Symbol) property.
+.P
+The other POSIX classes are unchanged, and match only characters with code
+points less than 128.
+.
+.
+.SH "COMPATIBILITY FEATURE FOR WORD BOUNDARIES"
+.rs
+.sp
+In the POSIX.2 compliant library that was included in 4.4BSD Unix, the ugly
+syntax [[:<:]] and [[:>:]] is used for matching "start of word" and "end of
+word". PCRE treats these items as follows:
+.sp
+  [[:<:]]  is converted to  \eb(?=\ew)
+  [[:>:]]  is converted to  \eb(?<=\ew)
+.sp
+Only these exact character sequences are recognized. A sequence such as
+[a[:<:]b] provokes error for an unrecognized POSIX class name. This support is
+not compatible with Perl. It is provided to help migrations from other
+environments, and is best not used in any new patterns. Note that \eb matches
+at the start and the end of a word (see
+.\" HTML <a href="#smallassertions">
+.\" </a>
+"Simple assertions"
+.\"
+above), and in a Perl-style pattern the preceding or following character
+normally shows which is wanted, without the need for the assertions that are
+used above in order to give exactly the POSIX behaviour.
+.
+.
+.SH "VERTICAL BAR"
+.rs
+.sp
+Vertical bar characters are used to separate alternative patterns. For example,
+the pattern
+.sp
+  gilbert|sullivan
+.sp
+matches either "gilbert" or "sullivan". Any number of alternatives may appear,
+and an empty alternative is permitted (matching the empty string). The matching
+process tries each alternative in turn, from left to right, and the first one
+that succeeds is used. If the alternatives are within a subpattern
+.\" HTML <a href="#subpattern">
+.\" </a>
+(defined below),
+.\"
+"succeeds" means matching the rest of the main pattern as well as the
+alternative in the subpattern.
+.
+.
+.SH "INTERNAL OPTION SETTING"
+.rs
+.sp
+The settings of the PCRE_CASELESS, PCRE_MULTILINE, PCRE_DOTALL, and
+PCRE_EXTENDED options (which are Perl-compatible) can be changed from within
+the pattern by a sequence of Perl option letters enclosed between "(?" and ")".
+The option letters are
+.sp
+  i  for PCRE_CASELESS
+  m  for PCRE_MULTILINE
+  s  for PCRE_DOTALL
+  x  for PCRE_EXTENDED
+.sp
+For example, (?im) sets caseless, multiline matching. It is also possible to
+unset these options by preceding the letter with a hyphen, and a combined
+setting and unsetting such as (?im-sx), which sets PCRE_CASELESS and
+PCRE_MULTILINE while unsetting PCRE_DOTALL and PCRE_EXTENDED, is also
+permitted. If a letter appears both before and after the hyphen, the option is
+unset.
+.P
+The PCRE-specific options PCRE_DUPNAMES, PCRE_UNGREEDY, and PCRE_EXTRA can be
+changed in the same way as the Perl-compatible options by using the characters
+J, U and X respectively.
+.P
+When one of these option changes occurs at top level (that is, not inside
+subpattern parentheses), the change applies to the remainder of the pattern
+that follows. An option change within a subpattern (see below for a description
+of subpatterns) affects only that part of the subpattern that follows it, so
+.sp
+  (a(?i)b)c
+.sp
+matches abc and aBc and no other strings (assuming PCRE_CASELESS is not used).
+By this means, options can be made to have different settings in different
+parts of the pattern. Any changes made in one alternative do carry on
+into subsequent branches within the same subpattern. For example,
+.sp
+  (a(?i)b|c)
+.sp
+matches "ab", "aB", "c", and "C", even though when matching "C" the first
+branch is abandoned before the option setting. This is because the effects of
+option settings happen at compile time. There would be some very weird
+behaviour otherwise.
+.P
+\fBNote:\fP There are other PCRE-specific options that can be set by the
+application when the compiling or matching functions are called. In some cases
+the pattern can contain special leading sequences such as (*CRLF) to override
+what the application has set or what has been defaulted. Details are given in
+the section entitled
+.\" HTML <a href="#newlineseq">
+.\" </a>
+"Newline sequences"
+.\"
+above. There are also the (*UTF8), (*UTF16),(*UTF32), and (*UCP) leading
+sequences that can be used to set UTF and Unicode property modes; they are
+equivalent to setting the PCRE_UTF8, PCRE_UTF16, PCRE_UTF32 and the PCRE_UCP
+options, respectively. The (*UTF) sequence is a generic version that can be
+used with any of the libraries. However, the application can set the
+PCRE_NEVER_UTF option, which locks out the use of the (*UTF) sequences.
+.
+.
+.\" HTML <a name="subpattern"></a>
+.SH SUBPATTERNS
+.rs
+.sp
+Subpatterns are delimited by parentheses (round brackets), which can be nested.
+Turning part of a pattern into a subpattern does two things:
+.sp
+1. It localizes a set of alternatives. For example, the pattern
+.sp
+  cat(aract|erpillar|)
+.sp
+matches "cataract", "caterpillar", or "cat". Without the parentheses, it would
+match "cataract", "erpillar" or an empty string.
+.sp
+2. It sets up the subpattern as a capturing subpattern. This means that, when
+the whole pattern matches, that portion of the subject string that matched the
+subpattern is passed back to the caller via the \fIovector\fP argument of the
+matching function. (This applies only to the traditional matching functions;
+the DFA matching functions do not support capturing.)
+.P
+Opening parentheses are counted from left to right (starting from 1) to obtain
+numbers for the capturing subpatterns. For example, if the string "the red
+king" is matched against the pattern
+.sp
+  the ((red|white) (king|queen))
+.sp
+the captured substrings are "red king", "red", and "king", and are numbered 1,
+2, and 3, respectively.
+.P
+The fact that plain parentheses fulfil two functions is not always helpful.
+There are often times when a grouping subpattern is required without a
+capturing requirement. If an opening parenthesis is followed by a question mark
+and a colon, the subpattern does not do any capturing, and is not counted when
+computing the number of any subsequent capturing subpatterns. For example, if
+the string "the white queen" is matched against the pattern
+.sp
+  the ((?:red|white) (king|queen))
+.sp
+the captured substrings are "white queen" and "queen", and are numbered 1 and
+2. The maximum number of capturing subpatterns is 65535.
+.P
+As a convenient shorthand, if any option settings are required at the start of
+a non-capturing subpattern, the option letters may appear between the "?" and
+the ":". Thus the two patterns
+.sp
+  (?i:saturday|sunday)
+  (?:(?i)saturday|sunday)
+.sp
+match exactly the same set of strings. Because alternative branches are tried
+from left to right, and options are not reset until the end of the subpattern
+is reached, an option setting in one branch does affect subsequent branches, so
+the above patterns match "SUNDAY" as well as "Saturday".
+.
+.
+.\" HTML <a name="dupsubpatternnumber"></a>
+.SH "DUPLICATE SUBPATTERN NUMBERS"
+.rs
+.sp
+Perl 5.10 introduced a feature whereby each alternative in a subpattern uses
+the same numbers for its capturing parentheses. Such a subpattern starts with
+(?| and is itself a non-capturing subpattern. For example, consider this
+pattern:
+.sp
+  (?|(Sat)ur|(Sun))day
+.sp
+Because the two alternatives are inside a (?| group, both sets of capturing
+parentheses are numbered one. Thus, when the pattern matches, you can look
+at captured substring number one, whichever alternative matched. This construct
+is useful when you want to capture part, but not all, of one of a number of
+alternatives. Inside a (?| group, parentheses are numbered as usual, but the
+number is reset at the start of each branch. The numbers of any capturing
+parentheses that follow the subpattern start after the highest number used in
+any branch. The following example is taken from the Perl documentation. The
+numbers underneath show in which buffer the captured content will be stored.
+.sp
+  # before  ---------------branch-reset----------- after
+  / ( a )  (?| x ( y ) z | (p (q) r) | (t) u (v) ) ( z ) /x
+  # 1            2         2  3        2     3     4
+.sp
+A back reference to a numbered subpattern uses the most recent value that is
+set for that number by any subpattern. The following pattern matches "abcabc"
+or "defdef":
+.sp
+  /(?|(abc)|(def))\e1/
+.sp
+In contrast, a subroutine call to a numbered subpattern always refers to the
+first one in the pattern with the given number. The following pattern matches
+"abcabc" or "defabc":
+.sp
+  /(?|(abc)|(def))(?1)/
+.sp
+If a
+.\" HTML <a href="#conditions">
+.\" </a>
+condition test
+.\"
+for a subpattern's having matched refers to a non-unique number, the test is
+true if any of the subpatterns of that number have matched.
+.P
+An alternative approach to using this "branch reset" feature is to use
+duplicate named subpatterns, as described in the next section.
+.
+.
+.SH "NAMED SUBPATTERNS"
+.rs
+.sp
+Identifying capturing parentheses by number is simple, but it can be very hard
+to keep track of the numbers in complicated regular expressions. Furthermore,
+if an expression is modified, the numbers may change. To help with this
+difficulty, PCRE supports the naming of subpatterns. This feature was not
+added to Perl until release 5.10. Python had the feature earlier, and PCRE
+introduced it at release 4.0, using the Python syntax. PCRE now supports both
+the Perl and the Python syntax. Perl allows identically numbered subpatterns to
+have different names, but PCRE does not.
+.P
+In PCRE, a subpattern can be named in one of three ways: (?<name>...) or
+(?'name'...) as in Perl, or (?P<name>...) as in Python. References to capturing
+parentheses from other parts of the pattern, such as
+.\" HTML <a href="#backreferences">
+.\" </a>
+back references,
+.\"
+.\" HTML <a href="#recursion">
+.\" </a>
+recursion,
+.\"
+and
+.\" HTML <a href="#conditions">
+.\" </a>
+conditions,
+.\"
+can be made by name as well as by number.
+.P
+Names consist of up to 32 alphanumeric characters and underscores, but must
+start with a non-digit. Named capturing parentheses are still allocated numbers
+as well as names, exactly as if the names were not present. The PCRE API
+provides function calls for extracting the name-to-number translation table
+from a compiled pattern. There is also a convenience function for extracting a
+captured substring by name.
+.P
+By default, a name must be unique within a pattern, but it is possible to relax
+this constraint by setting the PCRE_DUPNAMES option at compile time. (Duplicate
+names are also always permitted for subpatterns with the same number, set up as
+described in the previous section.) Duplicate names can be useful for patterns
+where only one instance of the named parentheses can match. Suppose you want to
+match the name of a weekday, either as a 3-letter abbreviation or as the full
+name, and in both cases you want to extract the abbreviation. This pattern
+(ignoring the line breaks) does the job:
+.sp
+  (?<DN>Mon|Fri|Sun)(?:day)?|
+  (?<DN>Tue)(?:sday)?|
+  (?<DN>Wed)(?:nesday)?|
+  (?<DN>Thu)(?:rsday)?|
+  (?<DN>Sat)(?:urday)?
+.sp
+There are five capturing substrings, but only one is ever set after a match.
+(An alternative way of solving this problem is to use a "branch reset"
+subpattern, as described in the previous section.)
+.P
+The convenience function for extracting the data by name returns the substring
+for the first (and in this example, the only) subpattern of that name that
+matched. This saves searching to find which numbered subpattern it was.
+.P
+If you make a back reference to a non-unique named subpattern from elsewhere in
+the pattern, the subpatterns to which the name refers are checked in the order
+in which they appear in the overall pattern. The first one that is set is used
+for the reference. For example, this pattern matches both "foofoo" and
+"barbar" but not "foobar" or "barfoo":
+.sp
+  (?:(?<n>foo)|(?<n>bar))\ek<n>
+.sp
+.P
+If you make a subroutine call to a non-unique named subpattern, the one that
+corresponds to the first occurrence of the name is used. In the absence of
+duplicate numbers (see the previous section) this is the one with the lowest
+number.
+.P
+If you use a named reference in a condition
+test (see the
+.\"
+.\" HTML <a href="#conditions">
+.\" </a>
+section about conditions
+.\"
+below), either to check whether a subpattern has matched, or to check for
+recursion, all subpatterns with the same name are tested. If the condition is
+true for any one of them, the overall condition is true. This is the same
+behaviour as testing by number. For further details of the interfaces for
+handling named subpatterns, see the
+.\" HREF
+\fBpcreapi\fP
+.\"
+documentation.
+.P
+\fBWarning:\fP You cannot use different names to distinguish between two
+subpatterns with the same number because PCRE uses only the numbers when
+matching. For this reason, an error is given at compile time if different names
+are given to subpatterns with the same number. However, you can always give the
+same name to subpatterns with the same number, even when PCRE_DUPNAMES is not
+set.
+.
+.
+.SH REPETITION
+.rs
+.sp
+Repetition is specified by quantifiers, which can follow any of the following
+items:
+.sp
+  a literal data character
+  the dot metacharacter
+  the \eC escape sequence
+  the \eX escape sequence
+  the \eR escape sequence
+  an escape such as \ed or \epL that matches a single character
+  a character class
+  a back reference (see next section)
+  a parenthesized subpattern (including assertions)
+  a subroutine call to a subpattern (recursive or otherwise)
+.sp
+The general repetition quantifier specifies a minimum and maximum number of
+permitted matches, by giving the two numbers in curly brackets (braces),
+separated by a comma. The numbers must be less than 65536, and the first must
+be less than or equal to the second. For example:
+.sp
+  z{2,4}
+.sp
+matches "zz", "zzz", or "zzzz". A closing brace on its own is not a special
+character. If the second number is omitted, but the comma is present, there is
+no upper limit; if the second number and the comma are both omitted, the
+quantifier specifies an exact number of required matches. Thus
+.sp
+  [aeiou]{3,}
+.sp
+matches at least 3 successive vowels, but may match many more, while
+.sp
+  \ed{8}
+.sp
+matches exactly 8 digits. An opening curly bracket that appears in a position
+where a quantifier is not allowed, or one that does not match the syntax of a
+quantifier, is taken as a literal character. For example, {,6} is not a
+quantifier, but a literal string of four characters.
+.P
+In UTF modes, quantifiers apply to characters rather than to individual data
+units. Thus, for example, \ex{100}{2} matches two characters, each of
+which is represented by a two-byte sequence in a UTF-8 string. Similarly,
+\eX{3} matches three Unicode extended grapheme clusters, each of which may be
+several data units long (and they may be of different lengths).
+.P
+The quantifier {0} is permitted, causing the expression to behave as if the
+previous item and the quantifier were not present. This may be useful for
+subpatterns that are referenced as
+.\" HTML <a href="#subpatternsassubroutines">
+.\" </a>
+subroutines
+.\"
+from elsewhere in the pattern (but see also the section entitled
+.\" HTML <a href="#subdefine">
+.\" </a>
+"Defining subpatterns for use by reference only"
+.\"
+below). Items other than subpatterns that have a {0} quantifier are omitted
+from the compiled pattern.
+.P
+For convenience, the three most common quantifiers have single-character
+abbreviations:
+.sp
+  *    is equivalent to {0,}
+  +    is equivalent to {1,}
+  ?    is equivalent to {0,1}
+.sp
+It is possible to construct infinite loops by following a subpattern that can
+match no characters with a quantifier that has no upper limit, for example:
+.sp
+  (a?)*
+.sp
+Earlier versions of Perl and PCRE used to give an error at compile time for
+such patterns. However, because there are cases where this can be useful, such
+patterns are now accepted, but if any repetition of the subpattern does in fact
+match no characters, the loop is forcibly broken.
+.P
+By default, the quantifiers are "greedy", that is, they match as much as
+possible (up to the maximum number of permitted times), without causing the
+rest of the pattern to fail. The classic example of where this gives problems
+is in trying to match comments in C programs. These appear between /* and */
+and within the comment, individual * and / characters may appear. An attempt to
+match C comments by applying the pattern
+.sp
+  /\e*.*\e*/
+.sp
+to the string
+.sp
+  /* first comment */  not comment  /* second comment */
+.sp
+fails, because it matches the entire string owing to the greediness of the .*
+item.
+.P
+However, if a quantifier is followed by a question mark, it ceases to be
+greedy, and instead matches the minimum number of times possible, so the
+pattern
+.sp
+  /\e*.*?\e*/
+.sp
+does the right thing with the C comments. The meaning of the various
+quantifiers is not otherwise changed, just the preferred number of matches.
+Do not confuse this use of question mark with its use as a quantifier in its
+own right. Because it has two uses, it can sometimes appear doubled, as in
+.sp
+  \ed??\ed
+.sp
+which matches one digit by preference, but can match two if that is the only
+way the rest of the pattern matches.
+.P
+If the PCRE_UNGREEDY option is set (an option that is not available in Perl),
+the quantifiers are not greedy by default, but individual ones can be made
+greedy by following them with a question mark. In other words, it inverts the
+default behaviour.
+.P
+When a parenthesized subpattern is quantified with a minimum repeat count that
+is greater than 1 or with a limited maximum, more memory is required for the
+compiled pattern, in proportion to the size of the minimum or maximum.
+.P
+If a pattern starts with .* or .{0,} and the PCRE_DOTALL option (equivalent
+to Perl's /s) is set, thus allowing the dot to match newlines, the pattern is
+implicitly anchored, because whatever follows will be tried against every
+character position in the subject string, so there is no point in retrying the
+overall match at any position after the first. PCRE normally treats such a
+pattern as though it were preceded by \eA.
+.P
+In cases where it is known that the subject string contains no newlines, it is
+worth setting PCRE_DOTALL in order to obtain this optimization, or
+alternatively using ^ to indicate anchoring explicitly.
+.P
+However, there are some cases where the optimization cannot be used. When .*
+is inside capturing parentheses that are the subject of a back reference
+elsewhere in the pattern, a match at the start may fail where a later one
+succeeds. Consider, for example:
+.sp
+  (.*)abc\e1
+.sp
+If the subject is "xyz123abc123" the match point is the fourth character. For
+this reason, such a pattern is not implicitly anchored.
+.P
+Another case where implicit anchoring is not applied is when the leading .* is
+inside an atomic group. Once again, a match at the start may fail where a later
+one succeeds. Consider this pattern:
+.sp
+  (?>.*?a)b
+.sp
+It matches "ab" in the subject "aab". The use of the backtracking control verbs
+(*PRUNE) and (*SKIP) also disable this optimization.
+.P
+When a capturing subpattern is repeated, the value captured is the substring
+that matched the final iteration. For example, after
+.sp
+  (tweedle[dume]{3}\es*)+
+.sp
+has matched "tweedledum tweedledee" the value of the captured substring is
+"tweedledee". However, if there are nested capturing subpatterns, the
+corresponding captured values may have been set in previous iterations. For
+example, after
+.sp
+  /(a|(b))+/
+.sp
+matches "aba" the value of the second captured substring is "b".
+.
+.
+.\" HTML <a name="atomicgroup"></a>
+.SH "ATOMIC GROUPING AND POSSESSIVE QUANTIFIERS"
+.rs
+.sp
+With both maximizing ("greedy") and minimizing ("ungreedy" or "lazy")
+repetition, failure of what follows normally causes the repeated item to be
+re-evaluated to see if a different number of repeats allows the rest of the
+pattern to match. Sometimes it is useful to prevent this, either to change the
+nature of the match, or to cause it fail earlier than it otherwise might, when
+the author of the pattern knows there is no point in carrying on.
+.P
+Consider, for example, the pattern \ed+foo when applied to the subject line
+.sp
+  123456bar
+.sp
+After matching all 6 digits and then failing to match "foo", the normal
+action of the matcher is to try again with only 5 digits matching the \ed+
+item, and then with 4, and so on, before ultimately failing. "Atomic grouping"
+(a term taken from Jeffrey Friedl's book) provides the means for specifying
+that once a subpattern has matched, it is not to be re-evaluated in this way.
+.P
+If we use atomic grouping for the previous example, the matcher gives up
+immediately on failing to match "foo" the first time. The notation is a kind of
+special parenthesis, starting with (?> as in this example:
+.sp
+  (?>\ed+)foo
+.sp
+This kind of parenthesis "locks up" the  part of the pattern it contains once
+it has matched, and a failure further into the pattern is prevented from
+backtracking into it. Backtracking past it to previous items, however, works as
+normal.
+.P
+An alternative description is that a subpattern of this type matches the string
+of characters that an identical standalone pattern would match, if anchored at
+the current point in the subject string.
+.P
+Atomic grouping subpatterns are not capturing subpatterns. Simple cases such as
+the above example can be thought of as a maximizing repeat that must swallow
+everything it can. So, while both \ed+ and \ed+? are prepared to adjust the
+number of digits they match in order to make the rest of the pattern match,
+(?>\ed+) can only match an entire sequence of digits.
+.P
+Atomic groups in general can of course contain arbitrarily complicated
+subpatterns, and can be nested. However, when the subpattern for an atomic
+group is just a single repeated item, as in the example above, a simpler
+notation, called a "possessive quantifier" can be used. This consists of an
+additional + character following a quantifier. Using this notation, the
+previous example can be rewritten as
+.sp
+  \ed++foo
+.sp
+Note that a possessive quantifier can be used with an entire group, for
+example:
+.sp
+  (abc|xyz){2,3}+
+.sp
+Possessive quantifiers are always greedy; the setting of the PCRE_UNGREEDY
+option is ignored. They are a convenient notation for the simpler forms of
+atomic group. However, there is no difference in the meaning of a possessive
+quantifier and the equivalent atomic group, though there may be a performance
+difference; possessive quantifiers should be slightly faster.
+.P
+The possessive quantifier syntax is an extension to the Perl 5.8 syntax.
+Jeffrey Friedl originated the idea (and the name) in the first edition of his
+book. Mike McCloskey liked it, so implemented it when he built Sun's Java
+package, and PCRE copied it from there. It ultimately found its way into Perl
+at release 5.10.
+.P
+PCRE has an optimization that automatically "possessifies" certain simple
+pattern constructs. For example, the sequence A+B is treated as A++B because
+there is no point in backtracking into a sequence of A's when B must follow.
+.P
+When a pattern contains an unlimited repeat inside a subpattern that can itself
+be repeated an unlimited number of times, the use of an atomic group is the
+only way to avoid some failing matches taking a very long time indeed. The
+pattern
+.sp
+  (\eD+|<\ed+>)*[!?]
+.sp
+matches an unlimited number of substrings that either consist of non-digits, or
+digits enclosed in <>, followed by either ! or ?. When it matches, it runs
+quickly. However, if it is applied to
+.sp
+  aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa
+.sp
+it takes a long time before reporting failure. This is because the string can
+be divided between the internal \eD+ repeat and the external * repeat in a
+large number of ways, and all have to be tried. (The example uses [!?] rather
+than a single character at the end, because both PCRE and Perl have an
+optimization that allows for fast failure when a single character is used. They
+remember the last single character that is required for a match, and fail early
+if it is not present in the string.) If the pattern is changed so that it uses
+an atomic group, like this:
+.sp
+  ((?>\eD+)|<\ed+>)*[!?]
+.sp
+sequences of non-digits cannot be broken, and failure happens quickly.
+.
+.
+.\" HTML <a name="backreferences"></a>
+.SH "BACK REFERENCES"
+.rs
+.sp
+Outside a character class, a backslash followed by a digit greater than 0 (and
+possibly further digits) is a back reference to a capturing subpattern earlier
+(that is, to its left) in the pattern, provided there have been that many
+previous capturing left parentheses.
+.P
+However, if the decimal number following the backslash is less than 10, it is
+always taken as a back reference, and causes an error only if there are not
+that many capturing left parentheses in the entire pattern. In other words, the
+parentheses that are referenced need not be to the left of the reference for
+numbers less than 10. A "forward back reference" of this type can make sense
+when a repetition is involved and the subpattern to the right has participated
+in an earlier iteration.
+.P
+It is not possible to have a numerical "forward back reference" to a subpattern
+whose number is 10 or more using this syntax because a sequence such as \e50 is
+interpreted as a character defined in octal. See the subsection entitled
+"Non-printing characters"
+.\" HTML <a href="#digitsafterbackslash">
+.\" </a>
+above
+.\"
+for further details of the handling of digits following a backslash. There is
+no such problem when named parentheses are used. A back reference to any
+subpattern is possible using named parentheses (see below).
+.P
+Another way of avoiding the ambiguity inherent in the use of digits following a
+backslash is to use the \eg escape sequence. This escape must be followed by an
+unsigned number or a negative number, optionally enclosed in braces. These
+examples are all identical:
+.sp
+  (ring), \e1
+  (ring), \eg1
+  (ring), \eg{1}
+.sp
+An unsigned number specifies an absolute reference without the ambiguity that
+is present in the older syntax. It is also useful when literal digits follow
+the reference. A negative number is a relative reference. Consider this
+example:
+.sp
+  (abc(def)ghi)\eg{-1}
+.sp
+The sequence \eg{-1} is a reference to the most recently started capturing
+subpattern before \eg, that is, is it equivalent to \e2 in this example.
+Similarly, \eg{-2} would be equivalent to \e1. The use of relative references
+can be helpful in long patterns, and also in patterns that are created by
+joining together fragments that contain references within themselves.
+.P
+A back reference matches whatever actually matched the capturing subpattern in
+the current subject string, rather than anything matching the subpattern
+itself (see
+.\" HTML <a href="#subpatternsassubroutines">
+.\" </a>
+"Subpatterns as subroutines"
+.\"
+below for a way of doing that). So the pattern
+.sp
+  (sens|respons)e and \e1ibility
+.sp
+matches "sense and sensibility" and "response and responsibility", but not
+"sense and responsibility". If caseful matching is in force at the time of the
+back reference, the case of letters is relevant. For example,
+.sp
+  ((?i)rah)\es+\e1
+.sp
+matches "rah rah" and "RAH RAH", but not "RAH rah", even though the original
+capturing subpattern is matched caselessly.
+.P
+There are several different ways of writing back references to named
+subpatterns. The .NET syntax \ek{name} and the Perl syntax \ek<name> or
+\ek'name' are supported, as is the Python syntax (?P=name). Perl 5.10's unified
+back reference syntax, in which \eg can be used for both numeric and named
+references, is also supported. We could rewrite the above example in any of
+the following ways:
+.sp
+  (?<p1>(?i)rah)\es+\ek<p1>
+  (?'p1'(?i)rah)\es+\ek{p1}
+  (?P<p1>(?i)rah)\es+(?P=p1)
+  (?<p1>(?i)rah)\es+\eg{p1}
+.sp
+A subpattern that is referenced by name may appear in the pattern before or
+after the reference.
+.P
+There may be more than one back reference to the same subpattern. If a
+subpattern has not actually been used in a particular match, any back
+references to it always fail by default. For example, the pattern
+.sp
+  (a|(bc))\e2
+.sp
+always fails if it starts to match "a" rather than "bc". However, if the
+PCRE_JAVASCRIPT_COMPAT option is set at compile time, a back reference to an
+unset value matches an empty string.
+.P
+Because there may be many capturing parentheses in a pattern, all digits
+following a backslash are taken as part of a potential back reference number.
+If the pattern continues with a digit character, some delimiter must be used to
+terminate the back reference. If the PCRE_EXTENDED option is set, this can be
+white space. Otherwise, the \eg{ syntax or an empty comment (see
+.\" HTML <a href="#comments">
+.\" </a>
+"Comments"
+.\"
+below) can be used.
+.
+.SS "Recursive back references"
+.rs
+.sp
+A back reference that occurs inside the parentheses to which it refers fails
+when the subpattern is first used, so, for example, (a\e1) never matches.
+However, such references can be useful inside repeated subpatterns. For
+example, the pattern
+.sp
+  (a|b\e1)+
+.sp
+matches any number of "a"s and also "aba", "ababbaa" etc. At each iteration of
+the subpattern, the back reference matches the character string corresponding
+to the previous iteration. In order for this to work, the pattern must be such
+that the first iteration does not need to match the back reference. This can be
+done using alternation, as in the example above, or by a quantifier with a
+minimum of zero.
+.P
+Back references of this type cause the group that they reference to be treated
+as an
+.\" HTML <a href="#atomicgroup">
+.\" </a>
+atomic group.
+.\"
+Once the whole group has been matched, a subsequent matching failure cannot
+cause backtracking into the middle of the group.
+.
+.
+.\" HTML <a name="bigassertions"></a>
+.SH ASSERTIONS
+.rs
+.sp
+An assertion is a test on the characters following or preceding the current
+matching point that does not actually consume any characters. The simple
+assertions coded as \eb, \eB, \eA, \eG, \eZ, \ez, ^ and $ are described
+.\" HTML <a href="#smallassertions">
+.\" </a>
+above.
+.\"
+.P
+More complicated assertions are coded as subpatterns. There are two kinds:
+those that look ahead of the current position in the subject string, and those
+that look behind it. An assertion subpattern is matched in the normal way,
+except that it does not cause the current matching position to be changed.
+.P
+Assertion subpatterns are not capturing subpatterns. If such an assertion
+contains capturing subpatterns within it, these are counted for the purposes of
+numbering the capturing subpatterns in the whole pattern. However, substring
+capturing is carried out only for positive assertions. (Perl sometimes, but not
+always, does do capturing in negative assertions.)
+.P
+WARNING: If a positive assertion containing one or more capturing subpatterns
+succeeds, but failure to match later in the pattern causes backtracking over
+this assertion, the captures within the assertion are reset only if no higher
+numbered captures are already set. This is, unfortunately, a fundamental
+limitation of the current implementation, and as PCRE1 is now in
+maintenance-only status, it is unlikely ever to change.
+.P
+For compatibility with Perl, assertion subpatterns may be repeated; though
+it makes no sense to assert the same thing several times, the side effect of
+capturing parentheses may occasionally be useful. In practice, there only three
+cases:
+.sp
+(1) If the quantifier is {0}, the assertion is never obeyed during matching.
+However, it may contain internal capturing parenthesized groups that are called
+from elsewhere via the
+.\" HTML <a href="#subpatternsassubroutines">
+.\" </a>
+subroutine mechanism.
+.\"
+.sp
+(2) If quantifier is {0,n} where n is greater than zero, it is treated as if it
+were {0,1}. At run time, the rest of the pattern match is tried with and
+without the assertion, the order depending on the greediness of the quantifier.
+.sp
+(3) If the minimum repetition is greater than zero, the quantifier is ignored.
+The assertion is obeyed just once when encountered during matching.
+.
+.
+.SS "Lookahead assertions"
+.rs
+.sp
+Lookahead assertions start with (?= for positive assertions and (?! for
+negative assertions. For example,
+.sp
+  \ew+(?=;)
+.sp
+matches a word followed by a semicolon, but does not include the semicolon in
+the match, and
+.sp
+  foo(?!bar)
+.sp
+matches any occurrence of "foo" that is not followed by "bar". Note that the
+apparently similar pattern
+.sp
+  (?!foo)bar
+.sp
+does not find an occurrence of "bar" that is preceded by something other than
+"foo"; it finds any occurrence of "bar" whatsoever, because the assertion
+(?!foo) is always true when the next three characters are "bar". A
+lookbehind assertion is needed to achieve the other effect.
+.P
+If you want to force a matching failure at some point in a pattern, the most
+convenient way to do it is with (?!) because an empty string always matches, so
+an assertion that requires there not to be an empty string must always fail.
+The backtracking control verb (*FAIL) or (*F) is a synonym for (?!).
+.
+.
+.\" HTML <a name="lookbehind"></a>
+.SS "Lookbehind assertions"
+.rs
+.sp
+Lookbehind assertions start with (?<= for positive assertions and (?<! for
+negative assertions. For example,
+.sp
+  (?<!foo)bar
+.sp
+does find an occurrence of "bar" that is not preceded by "foo". The contents of
+a lookbehind assertion are restricted such that all the strings it matches must
+have a fixed length. However, if there are several top-level alternatives, they
+do not all have to have the same fixed length. Thus
+.sp
+  (?<=bullock|donkey)
+.sp
+is permitted, but
+.sp
+  (?<!dogs?|cats?)
+.sp
+causes an error at compile time. Branches that match different length strings
+are permitted only at the top level of a lookbehind assertion. This is an
+extension compared with Perl, which requires all branches to match the same
+length of string. An assertion such as
+.sp
+  (?<=ab(c|de))
+.sp
+is not permitted, because its single top-level branch can match two different
+lengths, but it is acceptable to PCRE if rewritten to use two top-level
+branches:
+.sp
+  (?<=abc|abde)
+.sp
+In some cases, the escape sequence \eK
+.\" HTML <a href="#resetmatchstart">
+.\" </a>
+(see above)
+.\"
+can be used instead of a lookbehind assertion to get round the fixed-length
+restriction.
+.P
+The implementation of lookbehind assertions is, for each alternative, to
+temporarily move the current position back by the fixed length and then try to
+match. If there are insufficient characters before the current position, the
+assertion fails.
+.P
+In a UTF mode, PCRE does not allow the \eC escape (which matches a single data
+unit even in a UTF mode) to appear in lookbehind assertions, because it makes
+it impossible to calculate the length of the lookbehind. The \eX and \eR
+escapes, which can match different numbers of data units, are also not
+permitted.
+.P
+.\" HTML <a href="#subpatternsassubroutines">
+.\" </a>
+"Subroutine"
+.\"
+calls (see below) such as (?2) or (?&X) are permitted in lookbehinds, as long
+as the subpattern matches a fixed-length string.
+.\" HTML <a href="#recursion">
+.\" </a>
+Recursion,
+.\"
+however, is not supported.
+.P
+Possessive quantifiers can be used in conjunction with lookbehind assertions to
+specify efficient matching of fixed-length strings at the end of subject
+strings. Consider a simple pattern such as
+.sp
+  abcd$
+.sp
+when applied to a long string that does not match. Because matching proceeds
+from left to right, PCRE will look for each "a" in the subject and then see if
+what follows matches the rest of the pattern. If the pattern is specified as
+.sp
+  ^.*abcd$
+.sp
+the initial .* matches the entire string at first, but when this fails (because
+there is no following "a"), it backtracks to match all but the last character,
+then all but the last two characters, and so on. Once again the search for "a"
+covers the entire string, from right to left, so we are no better off. However,
+if the pattern is written as
+.sp
+  ^.*+(?<=abcd)
+.sp
+there can be no backtracking for the .*+ item; it can match only the entire
+string. The subsequent lookbehind assertion does a single test on the last four
+characters. If it fails, the match fails immediately. For long strings, this
+approach makes a significant difference to the processing time.
+.
+.
+.SS "Using multiple assertions"
+.rs
+.sp
+Several assertions (of any sort) may occur in succession. For example,
+.sp
+  (?<=\ed{3})(?<!999)foo
+.sp
+matches "foo" preceded by three digits that are not "999". Notice that each of
+the assertions is applied independently at the same point in the subject
+string. First there is a check that the previous three characters are all
+digits, and then there is a check that the same three characters are not "999".
+This pattern does \fInot\fP match "foo" preceded by six characters, the first
+of which are digits and the last three of which are not "999". For example, it
+doesn't match "123abcfoo". A pattern to do that is
+.sp
+  (?<=\ed{3}...)(?<!999)foo
+.sp
+This time the first assertion looks at the preceding six characters, checking
+that the first three are digits, and then the second assertion checks that the
+preceding three characters are not "999".
+.P
+Assertions can be nested in any combination. For example,
+.sp
+  (?<=(?<!foo)bar)baz
+.sp
+matches an occurrence of "baz" that is preceded by "bar" which in turn is not
+preceded by "foo", while
+.sp
+  (?<=\ed{3}(?!999)...)foo
+.sp
+is another pattern that matches "foo" preceded by three digits and any three
+characters that are not "999".
+.
+.
+.\" HTML <a name="conditions"></a>
+.SH "CONDITIONAL SUBPATTERNS"
+.rs
+.sp
+It is possible to cause the matching process to obey a subpattern
+conditionally or to choose between two alternative subpatterns, depending on
+the result of an assertion, or whether a specific capturing subpattern has
+already been matched. The two possible forms of conditional subpattern are:
+.sp
+  (?(condition)yes-pattern)
+  (?(condition)yes-pattern|no-pattern)
+.sp
+If the condition is satisfied, the yes-pattern is used; otherwise the
+no-pattern (if present) is used. If there are more than two alternatives in the
+subpattern, a compile-time error occurs. Each of the two alternatives may
+itself contain nested subpatterns of any form, including conditional
+subpatterns; the restriction to two alternatives applies only at the level of
+the condition. This pattern fragment is an example where the alternatives are
+complex:
+.sp
+  (?(1) (A|B|C) | (D | (?(2)E|F) | E) )
+.sp
+.P
+There are four kinds of condition: references to subpatterns, references to
+recursion, a pseudo-condition called DEFINE, and assertions.
+.
+.SS "Checking for a used subpattern by number"
+.rs
+.sp
+If the text between the parentheses consists of a sequence of digits, the
+condition is true if a capturing subpattern of that number has previously
+matched. If there is more than one capturing subpattern with the same number
+(see the earlier
+.\"
+.\" HTML <a href="#recursion">
+.\" </a>
+section about duplicate subpattern numbers),
+.\"
+the condition is true if any of them have matched. An alternative notation is
+to precede the digits with a plus or minus sign. In this case, the subpattern
+number is relative rather than absolute. The most recently opened parentheses
+can be referenced by (?(-1), the next most recent by (?(-2), and so on. Inside
+loops it can also make sense to refer to subsequent groups. The next
+parentheses to be opened can be referenced as (?(+1), and so on. (The value
+zero in any of these forms is not used; it provokes a compile-time error.)
+.P
+Consider the following pattern, which contains non-significant white space to
+make it more readable (assume the PCRE_EXTENDED option) and to divide it into
+three parts for ease of discussion:
+.sp
+  ( \e( )?    [^()]+    (?(1) \e) )
+.sp
+The first part matches an optional opening parenthesis, and if that
+character is present, sets it as the first captured substring. The second part
+matches one or more characters that are not parentheses. The third part is a
+conditional subpattern that tests whether or not the first set of parentheses
+matched. If they did, that is, if subject started with an opening parenthesis,
+the condition is true, and so the yes-pattern is executed and a closing
+parenthesis is required. Otherwise, since no-pattern is not present, the
+subpattern matches nothing. In other words, this pattern matches a sequence of
+non-parentheses, optionally enclosed in parentheses.
+.P
+If you were embedding this pattern in a larger one, you could use a relative
+reference:
+.sp
+  ...other stuff... ( \e( )?    [^()]+    (?(-1) \e) ) ...
+.sp
+This makes the fragment independent of the parentheses in the larger pattern.
+.
+.SS "Checking for a used subpattern by name"
+.rs
+.sp
+Perl uses the syntax (?(<name>)...) or (?('name')...) to test for a used
+subpattern by name. For compatibility with earlier versions of PCRE, which had
+this facility before Perl, the syntax (?(name)...) is also recognized.
+.P
+Rewriting the above example to use a named subpattern gives this:
+.sp
+  (?<OPEN> \e( )?    [^()]+    (?(<OPEN>) \e) )
+.sp
+If the name used in a condition of this kind is a duplicate, the test is
+applied to all subpatterns of the same name, and is true if any one of them has
+matched.
+.
+.SS "Checking for pattern recursion"
+.rs
+.sp
+If the condition is the string (R), and there is no subpattern with the name R,
+the condition is true if a recursive call to the whole pattern or any
+subpattern has been made. If digits or a name preceded by ampersand follow the
+letter R, for example:
+.sp
+  (?(R3)...) or (?(R&name)...)
+.sp
+the condition is true if the most recent recursion is into a subpattern whose
+number or name is given. This condition does not check the entire recursion
+stack. If the name used in a condition of this kind is a duplicate, the test is
+applied to all subpatterns of the same name, and is true if any one of them is
+the most recent recursion.
+.P
+At "top level", all these recursion test conditions are false.
+.\" HTML <a href="#recursion">
+.\" </a>
+The syntax for recursive patterns
+.\"
+is described below.
+.
+.\" HTML <a name="subdefine"></a>
+.SS "Defining subpatterns for use by reference only"
+.rs
+.sp
+If the condition is the string (DEFINE), and there is no subpattern with the
+name DEFINE, the condition is always false. In this case, there may be only one
+alternative in the subpattern. It is always skipped if control reaches this
+point in the pattern; the idea of DEFINE is that it can be used to define
+subroutines that can be referenced from elsewhere. (The use of
+.\" HTML <a href="#subpatternsassubroutines">
+.\" </a>
+subroutines
+.\"
+is described below.) For example, a pattern to match an IPv4 address such as
+"192.168.23.245" could be written like this (ignore white space and line
+breaks):
+.sp
+  (?(DEFINE) (?<byte> 2[0-4]\ed | 25[0-5] | 1\ed\ed | [1-9]?\ed) )
+  \eb (?&byte) (\e.(?&byte)){3} \eb
+.sp
+The first part of the pattern is a DEFINE group inside which a another group
+named "byte" is defined. This matches an individual component of an IPv4
+address (a number less than 256). When matching takes place, this part of the
+pattern is skipped because DEFINE acts like a false condition. The rest of the
+pattern uses references to the named group to match the four dot-separated
+components of an IPv4 address, insisting on a word boundary at each end.
+.
+.SS "Assertion conditions"
+.rs
+.sp
+If the condition is not in any of the above formats, it must be an assertion.
+This may be a positive or negative lookahead or lookbehind assertion. Consider
+this pattern, again containing non-significant white space, and with the two
+alternatives on the second line:
+.sp
+  (?(?=[^a-z]*[a-z])
+  \ed{2}-[a-z]{3}-\ed{2}  |  \ed{2}-\ed{2}-\ed{2} )
+.sp
+The condition is a positive lookahead assertion that matches an optional
+sequence of non-letters followed by a letter. In other words, it tests for the
+presence of at least one letter in the subject. If a letter is found, the
+subject is matched against the first alternative; otherwise it is matched
+against the second. This pattern matches strings in one of the two forms
+dd-aaa-dd or dd-dd-dd, where aaa are letters and dd are digits.
+.
+.
+.\" HTML <a name="comments"></a>
+.SH COMMENTS
+.rs
+.sp
+There are two ways of including comments in patterns that are processed by
+PCRE. In both cases, the start of the comment must not be in a character class,
+nor in the middle of any other sequence of related characters such as (?: or a
+subpattern name or number. The characters that make up a comment play no part
+in the pattern matching.
+.P
+The sequence (?# marks the start of a comment that continues up to the next
+closing parenthesis. Nested parentheses are not permitted. If the PCRE_EXTENDED
+option is set, an unescaped # character also introduces a comment, which in
+this case continues to immediately after the next newline character or
+character sequence in the pattern. Which characters are interpreted as newlines
+is controlled by the options passed to a compiling function or by a special
+sequence at the start of the pattern, as described in the section entitled
+.\" HTML <a href="#newlines">
+.\" </a>
+"Newline conventions"
+.\"
+above. Note that the end of this type of comment is a literal newline sequence
+in the pattern; escape sequences that happen to represent a newline do not
+count. For example, consider this pattern when PCRE_EXTENDED is set, and the
+default newline convention is in force:
+.sp
+  abc #comment \en still comment
+.sp
+On encountering the # character, \fBpcre_compile()\fP skips along, looking for
+a newline in the pattern. The sequence \en is still literal at this stage, so
+it does not terminate the comment. Only an actual character with the code value
+0x0a (the default newline) does so.
+.
+.
+.\" HTML <a name="recursion"></a>
+.SH "RECURSIVE PATTERNS"
+.rs
+.sp
+Consider the problem of matching a string in parentheses, allowing for
+unlimited nested parentheses. Without the use of recursion, the best that can
+be done is to use a pattern that matches up to some fixed depth of nesting. It
+is not possible to handle an arbitrary nesting depth.
+.P
+For some time, Perl has provided a facility that allows regular expressions to
+recurse (amongst other things). It does this by interpolating Perl code in the
+expression at run time, and the code can refer to the expression itself. A Perl
+pattern using code interpolation to solve the parentheses problem can be
+created like this:
+.sp
+  $re = qr{\e( (?: (?>[^()]+) | (?p{$re}) )* \e)}x;
+.sp
+The (?p{...}) item interpolates Perl code at run time, and in this case refers
+recursively to the pattern in which it appears.
+.P
+Obviously, PCRE cannot support the interpolation of Perl code. Instead, it
+supports special syntax for recursion of the entire pattern, and also for
+individual subpattern recursion. After its introduction in PCRE and Python,
+this kind of recursion was subsequently introduced into Perl at release 5.10.
+.P
+A special item that consists of (? followed by a number greater than zero and a
+closing parenthesis is a recursive subroutine call of the subpattern of the
+given number, provided that it occurs inside that subpattern. (If not, it is a
+.\" HTML <a href="#subpatternsassubroutines">
+.\" </a>
+non-recursive subroutine
+.\"
+call, which is described in the next section.) The special item (?R) or (?0) is
+a recursive call of the entire regular expression.
+.P
+This PCRE pattern solves the nested parentheses problem (assume the
+PCRE_EXTENDED option is set so that white space is ignored):
+.sp
+  \e( ( [^()]++ | (?R) )* \e)
+.sp
+First it matches an opening parenthesis. Then it matches any number of
+substrings which can either be a sequence of non-parentheses, or a recursive
+match of the pattern itself (that is, a correctly parenthesized substring).
+Finally there is a closing parenthesis. Note the use of a possessive quantifier
+to avoid backtracking into sequences of non-parentheses.
+.P
+If this were part of a larger pattern, you would not want to recurse the entire
+pattern, so instead you could use this:
+.sp
+  ( \e( ( [^()]++ | (?1) )* \e) )
+.sp
+We have put the pattern into parentheses, and caused the recursion to refer to
+them instead of the whole pattern.
+.P
+In a larger pattern, keeping track of parenthesis numbers can be tricky. This
+is made easier by the use of relative references. Instead of (?1) in the
+pattern above you can write (?-2) to refer to the second most recently opened
+parentheses preceding the recursion. In other words, a negative number counts
+capturing parentheses leftwards from the point at which it is encountered.
+.P
+It is also possible to refer to subsequently opened parentheses, by writing
+references such as (?+2). However, these cannot be recursive because the
+reference is not inside the parentheses that are referenced. They are always
+.\" HTML <a href="#subpatternsassubroutines">
+.\" </a>
+non-recursive subroutine
+.\"
+calls, as described in the next section.
+.P
+An alternative approach is to use named parentheses instead. The Perl syntax
+for this is (?&name); PCRE's earlier syntax (?P>name) is also supported. We
+could rewrite the above example as follows:
+.sp
+  (?<pn> \e( ( [^()]++ | (?&pn) )* \e) )
+.sp
+If there is more than one subpattern with the same name, the earliest one is
+used.
+.P
+This particular example pattern that we have been looking at contains nested
+unlimited repeats, and so the use of a possessive quantifier for matching
+strings of non-parentheses is important when applying the pattern to strings
+that do not match. For example, when this pattern is applied to
+.sp
+  (aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa()
+.sp
+it yields "no match" quickly. However, if a possessive quantifier is not used,
+the match runs for a very long time indeed because there are so many different
+ways the + and * repeats can carve up the subject, and all have to be tested
+before failure can be reported.
+.P
+At the end of a match, the values of capturing parentheses are those from
+the outermost level. If you want to obtain intermediate values, a callout
+function can be used (see below and the
+.\" HREF
+\fBpcrecallout\fP
+.\"
+documentation). If the pattern above is matched against
+.sp
+  (ab(cd)ef)
+.sp
+the value for the inner capturing parentheses (numbered 2) is "ef", which is
+the last value taken on at the top level. If a capturing subpattern is not
+matched at the top level, its final captured value is unset, even if it was
+(temporarily) set at a deeper level during the matching process.
+.P
+If there are more than 15 capturing parentheses in a pattern, PCRE has to
+obtain extra memory to store data during a recursion, which it does by using
+\fBpcre_malloc\fP, freeing it via \fBpcre_free\fP afterwards. If no memory can
+be obtained, the match fails with the PCRE_ERROR_NOMEMORY error.
+.P
+Do not confuse the (?R) item with the condition (R), which tests for recursion.
+Consider this pattern, which matches text in angle brackets, allowing for
+arbitrary nesting. Only digits are allowed in nested brackets (that is, when
+recursing), whereas any characters are permitted at the outer level.
+.sp
+  < (?: (?(R) \ed++  | [^<>]*+) | (?R)) * >
+.sp
+In this pattern, (?(R) is the start of a conditional subpattern, with two
+different alternatives for the recursive and non-recursive cases. The (?R) item
+is the actual recursive call.
+.
+.
+.\" HTML <a name="recursiondifference"></a>
+.SS "Differences in recursion processing between PCRE and Perl"
+.rs
+.sp
+Recursion processing in PCRE differs from Perl in two important ways. In PCRE
+(like Python, but unlike Perl), a recursive subpattern call is always treated
+as an atomic group. That is, once it has matched some of the subject string, it
+is never re-entered, even if it contains untried alternatives and there is a
+subsequent matching failure. This can be illustrated by the following pattern,
+which purports to match a palindromic string that contains an odd number of
+characters (for example, "a", "aba", "abcba", "abcdcba"):
+.sp
+  ^(.|(.)(?1)\e2)$
+.sp
+The idea is that it either matches a single character, or two identical
+characters surrounding a sub-palindrome. In Perl, this pattern works; in PCRE
+it does not if the pattern is longer than three characters. Consider the
+subject string "abcba":
+.P
+At the top level, the first character is matched, but as it is not at the end
+of the string, the first alternative fails; the second alternative is taken
+and the recursion kicks in. The recursive call to subpattern 1 successfully
+matches the next character ("b"). (Note that the beginning and end of line
+tests are not part of the recursion).
+.P
+Back at the top level, the next character ("c") is compared with what
+subpattern 2 matched, which was "a". This fails. Because the recursion is
+treated as an atomic group, there are now no backtracking points, and so the
+entire match fails. (Perl is able, at this point, to re-enter the recursion and
+try the second alternative.) However, if the pattern is written with the
+alternatives in the other order, things are different:
+.sp
+  ^((.)(?1)\e2|.)$
+.sp
+This time, the recursing alternative is tried first, and continues to recurse
+until it runs out of characters, at which point the recursion fails. But this
+time we do have another alternative to try at the higher level. That is the big
+difference: in the previous case the remaining alternative is at a deeper
+recursion level, which PCRE cannot use.
+.P
+To change the pattern so that it matches all palindromic strings, not just
+those with an odd number of characters, it is tempting to change the pattern to
+this:
+.sp
+  ^((.)(?1)\e2|.?)$
+.sp
+Again, this works in Perl, but not in PCRE, and for the same reason. When a
+deeper recursion has matched a single character, it cannot be entered again in
+order to match an empty string. The solution is to separate the two cases, and
+write out the odd and even cases as alternatives at the higher level:
+.sp
+  ^(?:((.)(?1)\e2|)|((.)(?3)\e4|.))
+.sp
+If you want to match typical palindromic phrases, the pattern has to ignore all
+non-word characters, which can be done like this:
+.sp
+  ^\eW*+(?:((.)\eW*+(?1)\eW*+\e2|)|((.)\eW*+(?3)\eW*+\e4|\eW*+.\eW*+))\eW*+$
+.sp
+If run with the PCRE_CASELESS option, this pattern matches phrases such as "A
+man, a plan, a canal: Panama!" and it works well in both PCRE and Perl. Note
+the use of the possessive quantifier *+ to avoid backtracking into sequences of
+non-word characters. Without this, PCRE takes a great deal longer (ten times or
+more) to match typical phrases, and Perl takes so long that you think it has
+gone into a loop.
+.P
+\fBWARNING\fP: The palindrome-matching patterns above work only if the subject
+string does not start with a palindrome that is shorter than the entire string.
+For example, although "abcba" is correctly matched, if the subject is "ababa",
+PCRE finds the palindrome "aba" at the start, then fails at top level because
+the end of the string does not follow. Once again, it cannot jump back into the
+recursion to try other alternatives, so the entire match fails.
+.P
+The second way in which PCRE and Perl differ in their recursion processing is
+in the handling of captured values. In Perl, when a subpattern is called
+recursively or as a subpattern (see the next section), it has no access to any
+values that were captured outside the recursion, whereas in PCRE these values
+can be referenced. Consider this pattern:
+.sp
+  ^(.)(\e1|a(?2))
+.sp
+In PCRE, this pattern matches "bab". The first capturing parentheses match "b",
+then in the second group, when the back reference \e1 fails to match "b", the
+second alternative matches "a" and then recurses. In the recursion, \e1 does
+now match "b" and so the whole match succeeds. In Perl, the pattern fails to
+match because inside the recursive call \e1 cannot access the externally set
+value.
+.
+.
+.\" HTML <a name="subpatternsassubroutines"></a>
+.SH "SUBPATTERNS AS SUBROUTINES"
+.rs
+.sp
+If the syntax for a recursive subpattern call (either by number or by
+name) is used outside the parentheses to which it refers, it operates like a
+subroutine in a programming language. The called subpattern may be defined
+before or after the reference. A numbered reference can be absolute or
+relative, as in these examples:
+.sp
+  (...(absolute)...)...(?2)...
+  (...(relative)...)...(?-1)...
+  (...(?+1)...(relative)...
+.sp
+An earlier example pointed out that the pattern
+.sp
+  (sens|respons)e and \e1ibility
+.sp
+matches "sense and sensibility" and "response and responsibility", but not
+"sense and responsibility". If instead the pattern
+.sp
+  (sens|respons)e and (?1)ibility
+.sp
+is used, it does match "sense and responsibility" as well as the other two
+strings. Another example is given in the discussion of DEFINE above.
+.P
+All subroutine calls, whether recursive or not, are always treated as atomic
+groups. That is, once a subroutine has matched some of the subject string, it
+is never re-entered, even if it contains untried alternatives and there is a
+subsequent matching failure. Any capturing parentheses that are set during the
+subroutine call revert to their previous values afterwards.
+.P
+Processing options such as case-independence are fixed when a subpattern is
+defined, so if it is used as a subroutine, such options cannot be changed for
+different calls. For example, consider this pattern:
+.sp
+  (abc)(?i:(?-1))
+.sp
+It matches "abcabc". It does not match "abcABC" because the change of
+processing option does not affect the called subpattern.
+.
+.
+.\" HTML <a name="onigurumasubroutines"></a>
+.SH "ONIGURUMA SUBROUTINE SYNTAX"
+.rs
+.sp
+For compatibility with Oniguruma, the non-Perl syntax \eg followed by a name or
+a number enclosed either in angle brackets or single quotes, is an alternative
+syntax for referencing a subpattern as a subroutine, possibly recursively. Here
+are two of the examples used above, rewritten using this syntax:
+.sp
+  (?<pn> \e( ( (?>[^()]+) | \eg<pn> )* \e) )
+  (sens|respons)e and \eg'1'ibility
+.sp
+PCRE supports an extension to Oniguruma: if a number is preceded by a
+plus or a minus sign it is taken as a relative reference. For example:
+.sp
+  (abc)(?i:\eg<-1>)
+.sp
+Note that \eg{...} (Perl syntax) and \eg<...> (Oniguruma syntax) are \fInot\fP
+synonymous. The former is a back reference; the latter is a subroutine call.
+.
+.
+.SH CALLOUTS
+.rs
+.sp
+Perl has a feature whereby using the sequence (?{...}) causes arbitrary Perl
+code to be obeyed in the middle of matching a regular expression. This makes it
+possible, amongst other things, to extract different substrings that match the
+same pair of parentheses when there is a repetition.
+.P
+PCRE provides a similar feature, but of course it cannot obey arbitrary Perl
+code. The feature is called "callout". The caller of PCRE provides an external
+function by putting its entry point in the global variable \fIpcre_callout\fP
+(8-bit library) or \fIpcre[16|32]_callout\fP (16-bit or 32-bit library).
+By default, this variable contains NULL, which disables all calling out.
+.P
+Within a regular expression, (?C) indicates the points at which the external
+function is to be called. If you want to identify different callout points, you
+can put a number less than 256 after the letter C. The default value is zero.
+For example, this pattern has two callout points:
+.sp
+  (?C1)abc(?C2)def
+.sp
+If the PCRE_AUTO_CALLOUT flag is passed to a compiling function, callouts are
+automatically installed before each item in the pattern. They are all numbered
+255. If there is a conditional group in the pattern whose condition is an
+assertion, an additional callout is inserted just before the condition. An
+explicit callout may also be set at this position, as in this example:
+.sp
+  (?(?C9)(?=a)abc|def)
+.sp
+Note that this applies only to assertion conditions, not to other types of
+condition.
+.P
+During matching, when PCRE reaches a callout point, the external function is
+called. It is provided with the number of the callout, the position in the
+pattern, and, optionally, one item of data originally supplied by the caller of
+the matching function. The callout function may cause matching to proceed, to
+backtrack, or to fail altogether.
+.P
+By default, PCRE implements a number of optimizations at compile time and
+matching time, and one side-effect is that sometimes callouts are skipped. If
+you need all possible callouts to happen, you need to set options that disable
+the relevant optimizations. More details, and a complete description of the
+interface to the callout function, are given in the
+.\" HREF
+\fBpcrecallout\fP
+.\"
+documentation.
+.
+.
+.\" HTML <a name="backtrackcontrol"></a>
+.SH "BACKTRACKING CONTROL"
+.rs
+.sp
+Perl 5.10 introduced a number of "Special Backtracking Control Verbs", which
+are still described in the Perl documentation as "experimental and subject to
+change or removal in a future version of Perl". It goes on to say: "Their usage
+in production code should be noted to avoid problems during upgrades." The same
+remarks apply to the PCRE features described in this section.
+.P
+The new verbs make use of what was previously invalid syntax: an opening
+parenthesis followed by an asterisk. They are generally of the form
+(*VERB) or (*VERB:NAME). Some may take either form, possibly behaving
+differently depending on whether or not a name is present. A name is any
+sequence of characters that does not include a closing parenthesis. The maximum
+length of name is 255 in the 8-bit library and 65535 in the 16-bit and 32-bit
+libraries. If the name is empty, that is, if the closing parenthesis
+immediately follows the colon, the effect is as if the colon were not there.
+Any number of these verbs may occur in a pattern.
+.P
+Since these verbs are specifically related to backtracking, most of them can be
+used only when the pattern is to be matched using one of the traditional
+matching functions, because these use a backtracking algorithm. With the
+exception of (*FAIL), which behaves like a failing negative assertion, the
+backtracking control verbs cause an error if encountered by a DFA matching
+function.
+.P
+The behaviour of these verbs in
+.\" HTML <a href="#btrepeat">
+.\" </a>
+repeated groups,
+.\"
+.\" HTML <a href="#btassert">
+.\" </a>
+assertions,
+.\"
+and in
+.\" HTML <a href="#btsub">
+.\" </a>
+subpatterns called as subroutines
+.\"
+(whether or not recursively) is documented below.
+.
+.
+.\" HTML <a name="nooptimize"></a>
+.SS "Optimizations that affect backtracking verbs"
+.rs
+.sp
+PCRE contains some optimizations that are used to speed up matching by running
+some checks at the start of each match attempt. For example, it may know the
+minimum length of matching subject, or that a particular character must be
+present. When one of these optimizations bypasses the running of a match, any
+included backtracking verbs will not, of course, be processed. You can suppress
+the start-of-match optimizations by setting the PCRE_NO_START_OPTIMIZE option
+when calling \fBpcre_compile()\fP or \fBpcre_exec()\fP, or by starting the
+pattern with (*NO_START_OPT). There is more discussion of this option in the
+section entitled
+.\" HTML <a href="pcreapi.html#execoptions">
+.\" </a>
+"Option bits for \fBpcre_exec()\fP"
+.\"
+in the
+.\" HREF
+\fBpcreapi\fP
+.\"
+documentation.
+.P
+Experiments with Perl suggest that it too has similar optimizations, sometimes
+leading to anomalous results.
+.
+.
+.SS "Verbs that act immediately"
+.rs
+.sp
+The following verbs act as soon as they are encountered. They may not be
+followed by a name.
+.sp
+   (*ACCEPT)
+.sp
+This verb causes the match to end successfully, skipping the remainder of the
+pattern. However, when it is inside a subpattern that is called as a
+subroutine, only that subpattern is ended successfully. Matching then continues
+at the outer level. If (*ACCEPT) in triggered in a positive assertion, the
+assertion succeeds; in a negative assertion, the assertion fails.
+.P
+If (*ACCEPT) is inside capturing parentheses, the data so far is captured. For
+example:
+.sp
+  A((?:A|B(*ACCEPT)|C)D)
+.sp
+This matches "AB", "AAD", or "ACD"; when it matches "AB", "B" is captured by
+the outer parentheses.
+.sp
+  (*FAIL) or (*F)
+.sp
+This verb causes a matching failure, forcing backtracking to occur. It is
+equivalent to (?!) but easier to read. The Perl documentation notes that it is
+probably useful only when combined with (?{}) or (??{}). Those are, of course,
+Perl features that are not present in PCRE. The nearest equivalent is the
+callout feature, as for example in this pattern:
+.sp
+  a+(?C)(*FAIL)
+.sp
+A match with the string "aaaa" always fails, but the callout is taken before
+each backtrack happens (in this example, 10 times).
+.
+.
+.SS "Recording which path was taken"
+.rs
+.sp
+There is one verb whose main purpose is to track how a match was arrived at,
+though it also has a secondary use in conjunction with advancing the match
+starting point (see (*SKIP) below).
+.sp
+  (*MARK:NAME) or (*:NAME)
+.sp
+A name is always required with this verb. There may be as many instances of
+(*MARK) as you like in a pattern, and their names do not have to be unique.
+.P
+When a match succeeds, the name of the last-encountered (*MARK:NAME),
+(*PRUNE:NAME), or (*THEN:NAME) on the matching path is passed back to the
+caller as described in the section entitled
+.\" HTML <a href="pcreapi.html#extradata">
+.\" </a>
+"Extra data for \fBpcre_exec()\fP"
+.\"
+in the
+.\" HREF
+\fBpcreapi\fP
+.\"
+documentation. Here is an example of \fBpcretest\fP output, where the /K
+modifier requests the retrieval and outputting of (*MARK) data:
+.sp
+    re> /X(*MARK:A)Y|X(*MARK:B)Z/K
+  data> XY
+   0: XY
+  MK: A
+  XZ
+   0: XZ
+  MK: B
+.sp
+The (*MARK) name is tagged with "MK:" in this output, and in this example it
+indicates which of the two alternatives matched. This is a more efficient way
+of obtaining this information than putting each alternative in its own
+capturing parentheses.
+.P
+If a verb with a name is encountered in a positive assertion that is true, the
+name is recorded and passed back if it is the last-encountered. This does not
+happen for negative assertions or failing positive assertions.
+.P
+After a partial match or a failed match, the last encountered name in the
+entire match process is returned. For example:
+.sp
+    re> /X(*MARK:A)Y|X(*MARK:B)Z/K
+  data> XP
+  No match, mark = B
+.sp
+Note that in this unanchored example the mark is retained from the match
+attempt that started at the letter "X" in the subject. Subsequent match
+attempts starting at "P" and then with an empty string do not get as far as the
+(*MARK) item, but nevertheless do not reset it.
+.P
+If you are interested in (*MARK) values after failed matches, you should
+probably set the PCRE_NO_START_OPTIMIZE option
+.\" HTML <a href="#nooptimize">
+.\" </a>
+(see above)
+.\"
+to ensure that the match is always attempted.
+.
+.
+.SS "Verbs that act after backtracking"
+.rs
+.sp
+The following verbs do nothing when they are encountered. Matching continues
+with what follows, but if there is no subsequent match, causing a backtrack to
+the verb, a failure is forced. That is, backtracking cannot pass to the left of
+the verb. However, when one of these verbs appears inside an atomic group or an
+assertion that is true, its effect is confined to that group, because once the
+group has been matched, there is never any backtracking into it. In this
+situation, backtracking can "jump back" to the left of the entire atomic group
+or assertion. (Remember also, as stated above, that this localization also
+applies in subroutine calls.)
+.P
+These verbs differ in exactly what kind of failure occurs when backtracking
+reaches them. The behaviour described below is what happens when the verb is
+not in a subroutine or an assertion. Subsequent sections cover these special
+cases.
+.sp
+  (*COMMIT)
+.sp
+This verb, which may not be followed by a name, causes the whole match to fail
+outright if there is a later matching failure that causes backtracking to reach
+it. Even if the pattern is unanchored, no further attempts to find a match by
+advancing the starting point take place. If (*COMMIT) is the only backtracking
+verb that is encountered, once it has been passed \fBpcre_exec()\fP is
+committed to finding a match at the current starting point, or not at all. For
+example:
+.sp
+  a+(*COMMIT)b
+.sp
+This matches "xxaab" but not "aacaab". It can be thought of as a kind of
+dynamic anchor, or "I've started, so I must finish." The name of the most
+recently passed (*MARK) in the path is passed back when (*COMMIT) forces a
+match failure.
+.P
+If there is more than one backtracking verb in a pattern, a different one that
+follows (*COMMIT) may be triggered first, so merely passing (*COMMIT) during a
+match does not always guarantee that a match must be at this starting point.
+.P
+Note that (*COMMIT) at the start of a pattern is not the same as an anchor,
+unless PCRE's start-of-match optimizations are turned off, as shown in this
+output from \fBpcretest\fP:
+.sp
+    re> /(*COMMIT)abc/
+  data> xyzabc
+   0: abc
+  data> xyzabc\eY
+  No match
+.sp
+For this pattern, PCRE knows that any match must start with "a", so the
+optimization skips along the subject to "a" before applying the pattern to the
+first set of data. The match attempt then succeeds. In the second set of data,
+the escape sequence \eY is interpreted by the \fBpcretest\fP program. It causes
+the PCRE_NO_START_OPTIMIZE option to be set when \fBpcre_exec()\fP is called.
+This disables the optimization that skips along to the first character. The
+pattern is now applied starting at "x", and so the (*COMMIT) causes the match
+to fail without trying any other starting points.
+.sp
+  (*PRUNE) or (*PRUNE:NAME)
+.sp
+This verb causes the match to fail at the current starting position in the
+subject if there is a later matching failure that causes backtracking to reach
+it. If the pattern is unanchored, the normal "bumpalong" advance to the next
+starting character then happens. Backtracking can occur as usual to the left of
+(*PRUNE), before it is reached, or when matching to the right of (*PRUNE), but
+if there is no match to the right, backtracking cannot cross (*PRUNE). In
+simple cases, the use of (*PRUNE) is just an alternative to an atomic group or
+possessive quantifier, but there are some uses of (*PRUNE) that cannot be
+expressed in any other way. In an anchored pattern (*PRUNE) has the same effect
+as (*COMMIT).
+.P
+The behaviour of (*PRUNE:NAME) is the not the same as (*MARK:NAME)(*PRUNE).
+It is like (*MARK:NAME) in that the name is remembered for passing back to the
+caller. However, (*SKIP:NAME) searches only for names set with (*MARK).
+.sp
+  (*SKIP)
+.sp
+This verb, when given without a name, is like (*PRUNE), except that if the
+pattern is unanchored, the "bumpalong" advance is not to the next character,
+but to the position in the subject where (*SKIP) was encountered. (*SKIP)
+signifies that whatever text was matched leading up to it cannot be part of a
+successful match. Consider:
+.sp
+  a+(*SKIP)b
+.sp
+If the subject is "aaaac...", after the first match attempt fails (starting at
+the first character in the string), the starting point skips on to start the
+next attempt at "c". Note that a possessive quantifer does not have the same
+effect as this example; although it would suppress backtracking during the
+first match attempt, the second attempt would start at the second character
+instead of skipping on to "c".
+.sp
+  (*SKIP:NAME)
+.sp
+When (*SKIP) has an associated name, its behaviour is modified. When it is
+triggered, the previous path through the pattern is searched for the most
+recent (*MARK) that has the same name. If one is found, the "bumpalong" advance
+is to the subject position that corresponds to that (*MARK) instead of to where
+(*SKIP) was encountered. If no (*MARK) with a matching name is found, the
+(*SKIP) is ignored.
+.P
+Note that (*SKIP:NAME) searches only for names set by (*MARK:NAME). It ignores
+names that are set by (*PRUNE:NAME) or (*THEN:NAME).
+.sp
+  (*THEN) or (*THEN:NAME)
+.sp
+This verb causes a skip to the next innermost alternative when backtracking
+reaches it. That is, it cancels any further backtracking within the current
+alternative. Its name comes from the observation that it can be used for a
+pattern-based if-then-else block:
+.sp
+  ( COND1 (*THEN) FOO | COND2 (*THEN) BAR | COND3 (*THEN) BAZ ) ...
+.sp
+If the COND1 pattern matches, FOO is tried (and possibly further items after
+the end of the group if FOO succeeds); on failure, the matcher skips to the
+second alternative and tries COND2, without backtracking into COND1. If that
+succeeds and BAR fails, COND3 is tried. If subsequently BAZ fails, there are no
+more alternatives, so there is a backtrack to whatever came before the entire
+group. If (*THEN) is not inside an alternation, it acts like (*PRUNE).
+.P
+The behaviour of (*THEN:NAME) is the not the same as (*MARK:NAME)(*THEN).
+It is like (*MARK:NAME) in that the name is remembered for passing back to the
+caller. However, (*SKIP:NAME) searches only for names set with (*MARK).
+.P
+A subpattern that does not contain a | character is just a part of the
+enclosing alternative; it is not a nested alternation with only one
+alternative. The effect of (*THEN) extends beyond such a subpattern to the
+enclosing alternative. Consider this pattern, where A, B, etc. are complex
+pattern fragments that do not contain any | characters at this level:
+.sp
+  A (B(*THEN)C) | D
+.sp
+If A and B are matched, but there is a failure in C, matching does not
+backtrack into A; instead it moves to the next alternative, that is, D.
+However, if the subpattern containing (*THEN) is given an alternative, it
+behaves differently:
+.sp
+  A (B(*THEN)C | (*FAIL)) | D
+.sp
+The effect of (*THEN) is now confined to the inner subpattern. After a failure
+in C, matching moves to (*FAIL), which causes the whole subpattern to fail
+because there are no more alternatives to try. In this case, matching does now
+backtrack into A.
+.P
+Note that a conditional subpattern is not considered as having two
+alternatives, because only one is ever used. In other words, the | character in
+a conditional subpattern has a different meaning. Ignoring white space,
+consider:
+.sp
+  ^.*? (?(?=a) a | b(*THEN)c )
+.sp
+If the subject is "ba", this pattern does not match. Because .*? is ungreedy,
+it initially matches zero characters. The condition (?=a) then fails, the
+character "b" is matched, but "c" is not. At this point, matching does not
+backtrack to .*? as might perhaps be expected from the presence of the |
+character. The conditional subpattern is part of the single alternative that
+comprises the whole pattern, and so the match fails. (If there was a backtrack
+into .*?, allowing it to match "b", the match would succeed.)
+.P
+The verbs just described provide four different "strengths" of control when
+subsequent matching fails. (*THEN) is the weakest, carrying on the match at the
+next alternative. (*PRUNE) comes next, failing the match at the current
+starting position, but allowing an advance to the next character (for an
+unanchored pattern). (*SKIP) is similar, except that the advance may be more
+than one character. (*COMMIT) is the strongest, causing the entire match to
+fail.
+.
+.
+.SS "More than one backtracking verb"
+.rs
+.sp
+If more than one backtracking verb is present in a pattern, the one that is
+backtracked onto first acts. For example, consider this pattern, where A, B,
+etc. are complex pattern fragments:
+.sp
+  (A(*COMMIT)B(*THEN)C|ABD)
+.sp
+If A matches but B fails, the backtrack to (*COMMIT) causes the entire match to
+fail. However, if A and B match, but C fails, the backtrack to (*THEN) causes
+the next alternative (ABD) to be tried. This behaviour is consistent, but is
+not always the same as Perl's. It means that if two or more backtracking verbs
+appear in succession, all the the last of them has no effect. Consider this
+example:
+.sp
+  ...(*COMMIT)(*PRUNE)...
+.sp
+If there is a matching failure to the right, backtracking onto (*PRUNE) causes
+it to be triggered, and its action is taken. There can never be a backtrack
+onto (*COMMIT).
+.
+.
+.\" HTML <a name="btrepeat"></a>
+.SS "Backtracking verbs in repeated groups"
+.rs
+.sp
+PCRE differs from Perl in its handling of backtracking verbs in repeated
+groups. For example, consider:
+.sp
+  /(a(*COMMIT)b)+ac/
+.sp
+If the subject is "abac", Perl matches, but PCRE fails because the (*COMMIT) in
+the second repeat of the group acts.
+.
+.
+.\" HTML <a name="btassert"></a>
+.SS "Backtracking verbs in assertions"
+.rs
+.sp
+(*FAIL) in an assertion has its normal effect: it forces an immediate backtrack.
+.P
+(*ACCEPT) in a positive assertion causes the assertion to succeed without any
+further processing. In a negative assertion, (*ACCEPT) causes the assertion to
+fail without any further processing.
+.P
+The other backtracking verbs are not treated specially if they appear in a
+positive assertion. In particular, (*THEN) skips to the next alternative in the
+innermost enclosing group that has alternations, whether or not this is within
+the assertion.
+.P
+Negative assertions are, however, different, in order to ensure that changing a
+positive assertion into a negative assertion changes its result. Backtracking
+into (*COMMIT), (*SKIP), or (*PRUNE) causes a negative assertion to be true,
+without considering any further alternative branches in the assertion.
+Backtracking into (*THEN) causes it to skip to the next enclosing alternative
+within the assertion (the normal behaviour), but if the assertion does not have
+such an alternative, (*THEN) behaves like (*PRUNE).
+.
+.
+.\" HTML <a name="btsub"></a>
+.SS "Backtracking verbs in subroutines"
+.rs
+.sp
+These behaviours occur whether or not the subpattern is called recursively.
+Perl's treatment of subroutines is different in some cases.
+.P
+(*FAIL) in a subpattern called as a subroutine has its normal effect: it forces
+an immediate backtrack.
+.P
+(*ACCEPT) in a subpattern called as a subroutine causes the subroutine match to
+succeed without any further processing. Matching then continues after the
+subroutine call.
+.P
+(*COMMIT), (*SKIP), and (*PRUNE) in a subpattern called as a subroutine cause
+the subroutine match to fail.
+.P
+(*THEN) skips to the next alternative in the innermost enclosing group within
+the subpattern that has alternatives. If there is no such group within the
+subpattern, (*THEN) causes the subroutine match to fail.
+.
+.
+.SH "SEE ALSO"
+.rs
+.sp
+\fBpcreapi\fP(3), \fBpcrecallout\fP(3), \fBpcrematching\fP(3),
+\fBpcresyntax\fP(3), \fBpcre\fP(3), \fBpcre16(3)\fP, \fBpcre32(3)\fP.
+.
+.
+.SH AUTHOR
+.rs
+.sp
+.nf
+Philip Hazel
+University Computing Service
+Cambridge CB2 3QH, England.
+.fi
+.
+.
+.SH REVISION
+.rs
+.sp
+.nf
+Last updated: 23 October 2016
+Copyright (c) 1997-2016 University of Cambridge.
+.fi
diff --git a/client/3rd/ShadowSocks/ShadowSocks/pcre/armv7s/share/man/man3/pcreperform.3 b/client/3rd/ShadowSocks/ShadowSocks/pcre/armv7s/share/man/man3/pcreperform.3
new file mode 100644
index 00000000..fb2aa959
--- /dev/null
+++ b/client/3rd/ShadowSocks/ShadowSocks/pcre/armv7s/share/man/man3/pcreperform.3
@@ -0,0 +1,177 @@
+.TH PCREPERFORM 3 "09 January 2012" "PCRE 8.30"
+.SH NAME
+PCRE - Perl-compatible regular expressions
+.SH "PCRE PERFORMANCE"
+.rs
+.sp
+Two aspects of performance are discussed below: memory usage and processing
+time. The way you express your pattern as a regular expression can affect both
+of them.
+.
+.SH "COMPILED PATTERN MEMORY USAGE"
+.rs
+.sp
+Patterns are compiled by PCRE into a reasonably efficient interpretive code, so
+that most simple patterns do not use much memory. However, there is one case
+where the memory usage of a compiled pattern can be unexpectedly large. If a
+parenthesized subpattern has a quantifier with a minimum greater than 1 and/or
+a limited maximum, the whole subpattern is repeated in the compiled code. For
+example, the pattern
+.sp
+  (abc|def){2,4}
+.sp
+is compiled as if it were
+.sp
+  (abc|def)(abc|def)((abc|def)(abc|def)?)?
+.sp
+(Technical aside: It is done this way so that backtrack points within each of
+the repetitions can be independently maintained.)
+.P
+For regular expressions whose quantifiers use only small numbers, this is not
+usually a problem. However, if the numbers are large, and particularly if such
+repetitions are nested, the memory usage can become an embarrassment. For
+example, the very simple pattern
+.sp
+  ((ab){1,1000}c){1,3}
+.sp
+uses 51K bytes when compiled using the 8-bit library. When PCRE is compiled
+with its default internal pointer size of two bytes, the size limit on a
+compiled pattern is 64K data units, and this is reached with the above pattern
+if the outer repetition is increased from 3 to 4. PCRE can be compiled to use
+larger internal pointers and thus handle larger compiled patterns, but it is
+better to try to rewrite your pattern to use less memory if you can.
+.P
+One way of reducing the memory usage for such patterns is to make use of PCRE's
+.\" HTML <a href="pcrepattern.html#subpatternsassubroutines">
+.\" </a>
+"subroutine"
+.\"
+facility. Re-writing the above pattern as
+.sp
+  ((ab)(?2){0,999}c)(?1){0,2}
+.sp
+reduces the memory requirements to 18K, and indeed it remains under 20K even
+with the outer repetition increased to 100. However, this pattern is not
+exactly equivalent, because the "subroutine" calls are treated as
+.\" HTML <a href="pcrepattern.html#atomicgroup">
+.\" </a>
+atomic groups
+.\"
+into which there can be no backtracking if there is a subsequent matching
+failure. Therefore, PCRE cannot do this kind of rewriting automatically.
+Furthermore, there is a noticeable loss of speed when executing the modified
+pattern. Nevertheless, if the atomic grouping is not a problem and the loss of
+speed is acceptable, this kind of rewriting will allow you to process patterns
+that PCRE cannot otherwise handle.
+.
+.
+.SH "STACK USAGE AT RUN TIME"
+.rs
+.sp
+When \fBpcre_exec()\fP or \fBpcre[16|32]_exec()\fP is used for matching, certain
+kinds of pattern can cause it to use large amounts of the process stack. In
+some environments the default process stack is quite small, and if it runs out
+the result is often SIGSEGV. This issue is probably the most frequently raised
+problem with PCRE. Rewriting your pattern can often help. The
+.\" HREF
+\fBpcrestack\fP
+.\"
+documentation discusses this issue in detail.
+.
+.
+.SH "PROCESSING TIME"
+.rs
+.sp
+Certain items in regular expression patterns are processed more efficiently
+than others. It is more efficient to use a character class like [aeiou] than a
+set of single-character alternatives such as (a|e|i|o|u). In general, the
+simplest construction that provides the required behaviour is usually the most
+efficient. Jeffrey Friedl's book contains a lot of useful general discussion
+about optimizing regular expressions for efficient performance. This document
+contains a few observations about PCRE.
+.P
+Using Unicode character properties (the \ep, \eP, and \eX escapes) is slow,
+because PCRE has to use a multi-stage table lookup whenever it needs a
+character's property. If you can find an alternative pattern that does not use
+character properties, it will probably be faster.
+.P
+By default, the escape sequences \eb, \ed, \es, and \ew, and the POSIX
+character classes such as [:alpha:] do not use Unicode properties, partly for
+backwards compatibility, and partly for performance reasons. However, you can
+set PCRE_UCP if you want Unicode character properties to be used. This can
+double the matching time for items such as \ed, when matched with
+a traditional matching function; the performance loss is less with
+a DFA matching function, and in both cases there is not much difference for
+\eb.
+.P
+When a pattern begins with .* not in parentheses, or in parentheses that are
+not the subject of a backreference, and the PCRE_DOTALL option is set, the
+pattern is implicitly anchored by PCRE, since it can match only at the start of
+a subject string. However, if PCRE_DOTALL is not set, PCRE cannot make this
+optimization, because the . metacharacter does not then match a newline, and if
+the subject string contains newlines, the pattern may match from the character
+immediately following one of them instead of from the very start. For example,
+the pattern
+.sp
+  .*second
+.sp
+matches the subject "first\enand second" (where \en stands for a newline
+character), with the match starting at the seventh character. In order to do
+this, PCRE has to retry the match starting after every newline in the subject.
+.P
+If you are using such a pattern with subject strings that do not contain
+newlines, the best performance is obtained by setting PCRE_DOTALL, or starting
+the pattern with ^.* or ^.*? to indicate explicit anchoring. That saves PCRE
+from having to scan along the subject looking for a newline to restart at.
+.P
+Beware of patterns that contain nested indefinite repeats. These can take a
+long time to run when applied to a string that does not match. Consider the
+pattern fragment
+.sp
+  ^(a+)*
+.sp
+This can match "aaaa" in 16 different ways, and this number increases very
+rapidly as the string gets longer. (The * repeat can match 0, 1, 2, 3, or 4
+times, and for each of those cases other than 0 or 4, the + repeats can match
+different numbers of times.) When the remainder of the pattern is such that the
+entire match is going to fail, PCRE has in principle to try every possible
+variation, and this can take an extremely long time, even for relatively short
+strings.
+.P
+An optimization catches some of the more simple cases such as
+.sp
+  (a+)*b
+.sp
+where a literal character follows. Before embarking on the standard matching
+procedure, PCRE checks that there is a "b" later in the subject string, and if
+there is not, it fails the match immediately. However, when there is no
+following literal this optimization cannot be used. You can see the difference
+by comparing the behaviour of
+.sp
+  (a+)*\ed
+.sp
+with the pattern above. The former gives a failure almost instantly when
+applied to a whole line of "a" characters, whereas the latter takes an
+appreciable time with strings longer than about 20 characters.
+.P
+In many cases, the solution to this kind of performance issue is to use an
+atomic group or a possessive quantifier.
+.
+.
+.SH AUTHOR
+.rs
+.sp
+.nf
+Philip Hazel
+University Computing Service
+Cambridge CB2 3QH, England.
+.fi
+.
+.
+.SH REVISION
+.rs
+.sp
+.nf
+Last updated: 25 August 2012
+Copyright (c) 1997-2012 University of Cambridge.
+.fi
diff --git a/client/3rd/ShadowSocks/ShadowSocks/pcre/armv7s/share/man/man3/pcreposix.3 b/client/3rd/ShadowSocks/ShadowSocks/pcre/armv7s/share/man/man3/pcreposix.3
new file mode 100644
index 00000000..77890f36
--- /dev/null
+++ b/client/3rd/ShadowSocks/ShadowSocks/pcre/armv7s/share/man/man3/pcreposix.3
@@ -0,0 +1,267 @@
+.TH PCREPOSIX 3 "09 January 2012" "PCRE 8.30"
+.SH NAME
+PCRE - Perl-compatible regular expressions.
+.SH "SYNOPSIS"
+.rs
+.sp
+.B #include <pcreposix.h>
+.PP
+.nf
+.B int regcomp(regex_t *\fIpreg\fP, const char *\fIpattern\fP,
+.B "     int \fIcflags\fP);"
+.sp
+.B int regexec(regex_t *\fIpreg\fP, const char *\fIstring\fP,
+.B "     size_t \fInmatch\fP, regmatch_t \fIpmatch\fP[], int \fIeflags\fP);"
+.B "     size_t regerror(int \fIerrcode\fP, const regex_t *\fIpreg\fP,"
+.B "     char *\fIerrbuf\fP, size_t \fIerrbuf_size\fP);"
+.sp
+.B void regfree(regex_t *\fIpreg\fP);
+.fi
+.
+.SH DESCRIPTION
+.rs
+.sp
+This set of functions provides a POSIX-style API for the PCRE regular
+expression 8-bit library. See the
+.\" HREF
+\fBpcreapi\fP
+.\"
+documentation for a description of PCRE's native API, which contains much
+additional functionality. There is no POSIX-style wrapper for PCRE's 16-bit
+and 32-bit library.
+.P
+The functions described here are just wrapper functions that ultimately call
+the PCRE native API. Their prototypes are defined in the \fBpcreposix.h\fP
+header file, and on Unix systems the library itself is called
+\fBpcreposix.a\fP, so can be accessed by adding \fB-lpcreposix\fP to the
+command for linking an application that uses them. Because the POSIX functions
+call the native ones, it is also necessary to add \fB-lpcre\fP.
+.P
+I have implemented only those POSIX option bits that can be reasonably mapped
+to PCRE native options. In addition, the option REG_EXTENDED is defined with
+the value zero. This has no effect, but since programs that are written to the
+POSIX interface often use it, this makes it easier to slot in PCRE as a
+replacement library. Other POSIX options are not even defined.
+.P
+There are also some other options that are not defined by POSIX. These have
+been added at the request of users who want to make use of certain
+PCRE-specific features via the POSIX calling interface.
+.P
+When PCRE is called via these functions, it is only the API that is POSIX-like
+in style. The syntax and semantics of the regular expressions themselves are
+still those of Perl, subject to the setting of various PCRE options, as
+described below. "POSIX-like in style" means that the API approximates to the
+POSIX definition; it is not fully POSIX-compatible, and in multi-byte encoding
+domains it is probably even less compatible.
+.P
+The header for these functions is supplied as \fBpcreposix.h\fP to avoid any
+potential clash with other POSIX libraries. It can, of course, be renamed or
+aliased as \fBregex.h\fP, which is the "correct" name. It provides two
+structure types, \fIregex_t\fP for compiled internal forms, and
+\fIregmatch_t\fP for returning captured substrings. It also defines some
+constants whose names start with "REG_"; these are used for setting options and
+identifying error codes.
+.
+.
+.SH "COMPILING A PATTERN"
+.rs
+.sp
+The function \fBregcomp()\fP is called to compile a pattern into an
+internal form. The pattern is a C string terminated by a binary zero, and
+is passed in the argument \fIpattern\fP. The \fIpreg\fP argument is a pointer
+to a \fBregex_t\fP structure that is used as a base for storing information
+about the compiled regular expression.
+.P
+The argument \fIcflags\fP is either zero, or contains one or more of the bits
+defined by the following macros:
+.sp
+  REG_DOTALL
+.sp
+The PCRE_DOTALL option is set when the regular expression is passed for
+compilation to the native function. Note that REG_DOTALL is not part of the
+POSIX standard.
+.sp
+  REG_ICASE
+.sp
+The PCRE_CASELESS option is set when the regular expression is passed for
+compilation to the native function.
+.sp
+  REG_NEWLINE
+.sp
+The PCRE_MULTILINE option is set when the regular expression is passed for
+compilation to the native function. Note that this does \fInot\fP mimic the
+defined POSIX behaviour for REG_NEWLINE (see the following section).
+.sp
+  REG_NOSUB
+.sp
+The PCRE_NO_AUTO_CAPTURE option is set when the regular expression is passed
+for compilation to the native function. In addition, when a pattern that is
+compiled with this flag is passed to \fBregexec()\fP for matching, the
+\fInmatch\fP and \fIpmatch\fP arguments are ignored, and no captured strings
+are returned.
+.sp
+  REG_UCP
+.sp
+The PCRE_UCP option is set when the regular expression is passed for
+compilation to the native function. This causes PCRE to use Unicode properties
+when matchine \ed, \ew, etc., instead of just recognizing ASCII values. Note
+that REG_UTF8 is not part of the POSIX standard.
+.sp
+  REG_UNGREEDY
+.sp
+The PCRE_UNGREEDY option is set when the regular expression is passed for
+compilation to the native function. Note that REG_UNGREEDY is not part of the
+POSIX standard.
+.sp
+  REG_UTF8
+.sp
+The PCRE_UTF8 option is set when the regular expression is passed for
+compilation to the native function. This causes the pattern itself and all data
+strings used for matching it to be treated as UTF-8 strings. Note that REG_UTF8
+is not part of the POSIX standard.
+.P
+In the absence of these flags, no options are passed to the native function.
+This means the the regex is compiled with PCRE default semantics. In
+particular, the way it handles newline characters in the subject string is the
+Perl way, not the POSIX way. Note that setting PCRE_MULTILINE has only
+\fIsome\fP of the effects specified for REG_NEWLINE. It does not affect the way
+newlines are matched by . (they are not) or by a negative class such as [^a]
+(they are).
+.P
+The yield of \fBregcomp()\fP is zero on success, and non-zero otherwise. The
+\fIpreg\fP structure is filled in on success, and one member of the structure
+is public: \fIre_nsub\fP contains the number of capturing subpatterns in
+the regular expression. Various error codes are defined in the header file.
+.P
+NOTE: If the yield of \fBregcomp()\fP is non-zero, you must not attempt to
+use the contents of the \fIpreg\fP structure. If, for example, you pass it to
+\fBregexec()\fP, the result is undefined and your program is likely to crash.
+.
+.
+.SH "MATCHING NEWLINE CHARACTERS"
+.rs
+.sp
+This area is not simple, because POSIX and Perl take different views of things.
+It is not possible to get PCRE to obey POSIX semantics, but then PCRE was never
+intended to be a POSIX engine. The following table lists the different
+possibilities for matching newline characters in PCRE:
+.sp
+                          Default   Change with
+.sp
+  . matches newline          no     PCRE_DOTALL
+  newline matches [^a]       yes    not changeable
+  $ matches \en at end        yes    PCRE_DOLLARENDONLY
+  $ matches \en in middle     no     PCRE_MULTILINE
+  ^ matches \en in middle     no     PCRE_MULTILINE
+.sp
+This is the equivalent table for POSIX:
+.sp
+                          Default   Change with
+.sp
+  . matches newline          yes    REG_NEWLINE
+  newline matches [^a]       yes    REG_NEWLINE
+  $ matches \en at end        no     REG_NEWLINE
+  $ matches \en in middle     no     REG_NEWLINE
+  ^ matches \en in middle     no     REG_NEWLINE
+.sp
+PCRE's behaviour is the same as Perl's, except that there is no equivalent for
+PCRE_DOLLAR_ENDONLY in Perl. In both PCRE and Perl, there is no way to stop
+newline from matching [^a].
+.P
+The default POSIX newline handling can be obtained by setting PCRE_DOTALL and
+PCRE_DOLLAR_ENDONLY, but there is no way to make PCRE behave exactly as for the
+REG_NEWLINE action.
+.
+.
+.SH "MATCHING A PATTERN"
+.rs
+.sp
+The function \fBregexec()\fP is called to match a compiled pattern \fIpreg\fP
+against a given \fIstring\fP, which is by default terminated by a zero byte
+(but see REG_STARTEND below), subject to the options in \fIeflags\fP. These can
+be:
+.sp
+  REG_NOTBOL
+.sp
+The PCRE_NOTBOL option is set when calling the underlying PCRE matching
+function.
+.sp
+  REG_NOTEMPTY
+.sp
+The PCRE_NOTEMPTY option is set when calling the underlying PCRE matching
+function. Note that REG_NOTEMPTY is not part of the POSIX standard. However,
+setting this option can give more POSIX-like behaviour in some situations.
+.sp
+  REG_NOTEOL
+.sp
+The PCRE_NOTEOL option is set when calling the underlying PCRE matching
+function.
+.sp
+  REG_STARTEND
+.sp
+The string is considered to start at \fIstring\fP + \fIpmatch[0].rm_so\fP and
+to have a terminating NUL located at \fIstring\fP + \fIpmatch[0].rm_eo\fP
+(there need not actually be a NUL at that location), regardless of the value of
+\fInmatch\fP. This is a BSD extension, compatible with but not specified by
+IEEE Standard 1003.2 (POSIX.2), and should be used with caution in software
+intended to be portable to other systems. Note that a non-zero \fIrm_so\fP does
+not imply REG_NOTBOL; REG_STARTEND affects only the location of the string, not
+how it is matched.
+.P
+If the pattern was compiled with the REG_NOSUB flag, no data about any matched
+strings is returned. The \fInmatch\fP and \fIpmatch\fP arguments of
+\fBregexec()\fP are ignored.
+.P
+If the value of \fInmatch\fP is zero, or if the value \fIpmatch\fP is NULL,
+no data about any matched strings is returned.
+.P
+Otherwise,the portion of the string that was matched, and also any captured
+substrings, are returned via the \fIpmatch\fP argument, which points to an
+array of \fInmatch\fP structures of type \fIregmatch_t\fP, containing the
+members \fIrm_so\fP and \fIrm_eo\fP. These contain the offset to the first
+character of each substring and the offset to the first character after the end
+of each substring, respectively. The 0th element of the vector relates to the
+entire portion of \fIstring\fP that was matched; subsequent elements relate to
+the capturing subpatterns of the regular expression. Unused entries in the
+array have both structure members set to -1.
+.P
+A successful match yields a zero return; various error codes are defined in the
+header file, of which REG_NOMATCH is the "expected" failure code.
+.
+.
+.SH "ERROR MESSAGES"
+.rs
+.sp
+The \fBregerror()\fP function maps a non-zero errorcode from either
+\fBregcomp()\fP or \fBregexec()\fP to a printable message. If \fIpreg\fP is not
+NULL, the error should have arisen from the use of that structure. A message
+terminated by a binary zero is placed in \fIerrbuf\fP. The length of the
+message, including the zero, is limited to \fIerrbuf_size\fP. The yield of the
+function is the size of buffer needed to hold the whole message.
+.
+.
+.SH MEMORY USAGE
+.rs
+.sp
+Compiling a regular expression causes memory to be allocated and associated
+with the \fIpreg\fP structure. The function \fBregfree()\fP frees all such
+memory, after which \fIpreg\fP may no longer be used as a compiled expression.
+.
+.
+.SH AUTHOR
+.rs
+.sp
+.nf
+Philip Hazel
+University Computing Service
+Cambridge CB2 3QH, England.
+.fi
+.
+.
+.SH REVISION
+.rs
+.sp
+.nf
+Last updated: 09 January 2012
+Copyright (c) 1997-2012 University of Cambridge.
+.fi
diff --git a/client/3rd/ShadowSocks/ShadowSocks/pcre/armv7s/share/man/man3/pcreprecompile.3 b/client/3rd/ShadowSocks/ShadowSocks/pcre/armv7s/share/man/man3/pcreprecompile.3
new file mode 100644
index 00000000..40f257a9
--- /dev/null
+++ b/client/3rd/ShadowSocks/ShadowSocks/pcre/armv7s/share/man/man3/pcreprecompile.3
@@ -0,0 +1,155 @@
+.TH PCREPRECOMPILE 3 "12 November 2013" "PCRE 8.34"
+.SH NAME
+PCRE - Perl-compatible regular expressions
+.SH "SAVING AND RE-USING PRECOMPILED PCRE PATTERNS"
+.rs
+.sp
+If you are running an application that uses a large number of regular
+expression patterns, it may be useful to store them in a precompiled form
+instead of having to compile them every time the application is run.
+If you are not using any private character tables (see the
+.\" HREF
+\fBpcre_maketables()\fP
+.\"
+documentation), this is relatively straightforward. If you are using private
+tables, it is a little bit more complicated. However, if you are using the
+just-in-time optimization feature, it is not possible to save and reload the
+JIT data.
+.P
+If you save compiled patterns to a file, you can copy them to a different host
+and run them there. If the two hosts have different endianness (byte order),
+you should run the \fBpcre[16|32]_pattern_to_host_byte_order()\fP function on the
+new host before trying to match the pattern. The matching functions return
+PCRE_ERROR_BADENDIANNESS if they detect a pattern with the wrong endianness.
+.P
+Compiling regular expressions with one version of PCRE for use with a different
+version is not guaranteed to work and may cause crashes, and saving and
+restoring a compiled pattern loses any JIT optimization data.
+.
+.
+.SH "SAVING A COMPILED PATTERN"
+.rs
+.sp
+The value returned by \fBpcre[16|32]_compile()\fP points to a single block of
+memory that holds the compiled pattern and associated data. You can find the
+length of this block in bytes by calling \fBpcre[16|32]_fullinfo()\fP with an
+argument of PCRE_INFO_SIZE. You can then save the data in any appropriate
+manner. Here is sample code for the 8-bit library that compiles a pattern and
+writes it to a file. It assumes that the variable \fIfd\fP refers to a file
+that is open for output:
+.sp
+  int erroroffset, rc, size;
+  char *error;
+  pcre *re;
+.sp
+  re = pcre_compile("my pattern", 0, &error, &erroroffset, NULL);
+  if (re == NULL) { ... handle errors ... }
+  rc = pcre_fullinfo(re, NULL, PCRE_INFO_SIZE, &size);
+  if (rc < 0) { ... handle errors ... }
+  rc = fwrite(re, 1, size, fd);
+  if (rc != size) { ... handle errors ... }
+.sp
+In this example, the bytes that comprise the compiled pattern are copied
+exactly. Note that this is binary data that may contain any of the 256 possible
+byte values. On systems that make a distinction between binary and non-binary
+data, be sure that the file is opened for binary output.
+.P
+If you want to write more than one pattern to a file, you will have to devise a
+way of separating them. For binary data, preceding each pattern with its length
+is probably the most straightforward approach. Another possibility is to write
+out the data in hexadecimal instead of binary, one pattern to a line.
+.P
+Saving compiled patterns in a file is only one possible way of storing them for
+later use. They could equally well be saved in a database, or in the memory of
+some daemon process that passes them via sockets to the processes that want
+them.
+.P
+If the pattern has been studied, it is also possible to save the normal study
+data in a similar way to the compiled pattern itself. However, if the
+PCRE_STUDY_JIT_COMPILE was used, the just-in-time data that is created cannot
+be saved because it is too dependent on the current environment. When studying
+generates additional information, \fBpcre[16|32]_study()\fP returns a pointer to a
+\fBpcre[16|32]_extra\fP data block. Its format is defined in the
+.\" HTML <a href="pcreapi.html#extradata">
+.\" </a>
+section on matching a pattern
+.\"
+in the
+.\" HREF
+\fBpcreapi\fP
+.\"
+documentation. The \fIstudy_data\fP field points to the binary study data, and
+this is what you must save (not the \fBpcre[16|32]_extra\fP block itself). The
+length of the study data can be obtained by calling \fBpcre[16|32]_fullinfo()\fP
+with an argument of PCRE_INFO_STUDYSIZE. Remember to check that
+\fBpcre[16|32]_study()\fP did return a non-NULL value before trying to save the
+study data.
+.
+.
+.SH "RE-USING A PRECOMPILED PATTERN"
+.rs
+.sp
+Re-using a precompiled pattern is straightforward. Having reloaded it into main
+memory, called \fBpcre[16|32]_pattern_to_host_byte_order()\fP if necessary, you
+pass its pointer to \fBpcre[16|32]_exec()\fP or \fBpcre[16|32]_dfa_exec()\fP in
+the usual way.
+.P
+However, if you passed a pointer to custom character tables when the pattern
+was compiled (the \fItableptr\fP argument of \fBpcre[16|32]_compile()\fP), you
+must now pass a similar pointer to \fBpcre[16|32]_exec()\fP or
+\fBpcre[16|32]_dfa_exec()\fP, because the value saved with the compiled pattern
+will obviously be nonsense. A field in a \fBpcre[16|32]_extra()\fP block is used
+to pass this data, as described in the
+.\" HTML <a href="pcreapi.html#extradata">
+.\" </a>
+section on matching a pattern
+.\"
+in the
+.\" HREF
+\fBpcreapi\fP
+.\"
+documentation.
+.P
+\fBWarning:\fP The tables that \fBpcre_exec()\fP and \fBpcre_dfa_exec()\fP use
+must be the same as those that were used when the pattern was compiled. If this
+is not the case, the behaviour is undefined.
+.P
+If you did not provide custom character tables when the pattern was compiled,
+the pointer in the compiled pattern is NULL, which causes the matching
+functions to use PCRE's internal tables. Thus, you do not need to take any
+special action at run time in this case.
+.P
+If you saved study data with the compiled pattern, you need to create your own
+\fBpcre[16|32]_extra\fP data block and set the \fIstudy_data\fP field to point
+to the reloaded study data. You must also set the PCRE_EXTRA_STUDY_DATA bit in
+the \fIflags\fP field to indicate that study data is present. Then pass the
+\fBpcre[16|32]_extra\fP block to the matching function in the usual way. If the
+pattern was studied for just-in-time optimization, that data cannot be saved,
+and so is lost by a save/restore cycle.
+.
+.
+.SH "COMPATIBILITY WITH DIFFERENT PCRE RELEASES"
+.rs
+.sp
+In general, it is safest to recompile all saved patterns when you update to a
+new PCRE release, though not all updates actually require this.
+.
+.
+.
+.SH AUTHOR
+.rs
+.sp
+.nf
+Philip Hazel
+University Computing Service
+Cambridge CB2 3QH, England.
+.fi
+.
+.
+.SH REVISION
+.rs
+.sp
+.nf
+Last updated: 12 November 2013
+Copyright (c) 1997-2013 University of Cambridge.
+.fi
diff --git a/client/3rd/ShadowSocks/ShadowSocks/pcre/armv7s/share/man/man3/pcresample.3 b/client/3rd/ShadowSocks/ShadowSocks/pcre/armv7s/share/man/man3/pcresample.3
new file mode 100644
index 00000000..d7fe7ec5
--- /dev/null
+++ b/client/3rd/ShadowSocks/ShadowSocks/pcre/armv7s/share/man/man3/pcresample.3
@@ -0,0 +1,99 @@
+.TH PCRESAMPLE 3 "10 January 2012" "PCRE 8.30"
+.SH NAME
+PCRE - Perl-compatible regular expressions
+.SH "PCRE SAMPLE PROGRAM"
+.rs
+.sp
+A simple, complete demonstration program, to get you started with using PCRE,
+is supplied in the file \fIpcredemo.c\fP in the PCRE distribution. A listing of
+this program is given in the
+.\" HREF
+\fBpcredemo\fP
+.\"
+documentation. If you do not have a copy of the PCRE distribution, you can save
+this listing to re-create \fIpcredemo.c\fP.
+.P
+The demonstration program, which uses the original PCRE 8-bit library, compiles
+the regular expression that is its first argument, and matches it against the
+subject string in its second argument. No PCRE options are set, and default
+character tables are used. If matching succeeds, the program outputs the
+portion of the subject that matched, together with the contents of any captured
+substrings.
+.P
+If the -g option is given on the command line, the program then goes on to
+check for further matches of the same regular expression in the same subject
+string. The logic is a little bit tricky because of the possibility of matching
+an empty string. Comments in the code explain what is going on.
+.P
+If PCRE is installed in the standard include and library directories for your
+operating system, you should be able to compile the demonstration program using
+this command:
+.sp
+  gcc -o pcredemo pcredemo.c -lpcre
+.sp
+If PCRE is installed elsewhere, you may need to add additional options to the
+command line. For example, on a Unix-like system that has PCRE installed in
+\fI/usr/local\fP, you can compile the demonstration program using a command
+like this:
+.sp
+.\" JOINSH
+  gcc -o pcredemo -I/usr/local/include pcredemo.c \e
+      -L/usr/local/lib -lpcre
+.sp
+In a Windows environment, if you want to statically link the program against a
+non-dll \fBpcre.a\fP file, you must uncomment the line that defines PCRE_STATIC
+before including \fBpcre.h\fP, because otherwise the \fBpcre_malloc()\fP and
+\fBpcre_free()\fP exported functions will be declared
+\fB__declspec(dllimport)\fP, with unwanted results.
+.P
+Once you have compiled and linked the demonstration program, you can run simple
+tests like this:
+.sp
+  ./pcredemo 'cat|dog' 'the cat sat on the mat'
+  ./pcredemo -g 'cat|dog' 'the dog sat on the cat'
+.sp
+Note that there is a much more comprehensive test program, called
+.\" HREF
+\fBpcretest\fP,
+.\"
+which supports many more facilities for testing regular expressions and both
+PCRE libraries. The
+.\" HREF
+\fBpcredemo\fP
+.\"
+program is provided as a simple coding example.
+.P
+If you try to run
+.\" HREF
+\fBpcredemo\fP
+.\"
+when PCRE is not installed in the standard library directory, you may get an
+error like this on some operating systems (e.g. Solaris):
+.sp
+  ld.so.1: a.out: fatal: libpcre.so.0: open failed: No such file or directory
+.sp
+This is caused by the way shared library support works on those systems. You
+need to add
+.sp
+  -R/usr/local/lib
+.sp
+(for example) to the compile command to get round this problem.
+.
+.
+.SH AUTHOR
+.rs
+.sp
+.nf
+Philip Hazel
+University Computing Service
+Cambridge CB2 3QH, England.
+.fi
+.
+.
+.SH REVISION
+.rs
+.sp
+.nf
+Last updated: 10 January 2012
+Copyright (c) 1997-2012 University of Cambridge.
+.fi
diff --git a/client/3rd/ShadowSocks/ShadowSocks/pcre/armv7s/share/man/man3/pcrestack.3 b/client/3rd/ShadowSocks/ShadowSocks/pcre/armv7s/share/man/man3/pcrestack.3
new file mode 100644
index 00000000..798f0bca
--- /dev/null
+++ b/client/3rd/ShadowSocks/ShadowSocks/pcre/armv7s/share/man/man3/pcrestack.3
@@ -0,0 +1,215 @@
+.TH PCRESTACK 3 "24 June 2012" "PCRE 8.30"
+.SH NAME
+PCRE - Perl-compatible regular expressions
+.SH "PCRE DISCUSSION OF STACK USAGE"
+.rs
+.sp
+When you call \fBpcre[16|32]_exec()\fP, it makes use of an internal function
+called \fBmatch()\fP. This calls itself recursively at branch points in the
+pattern, in order to remember the state of the match so that it can back up and
+try a different alternative if the first one fails. As matching proceeds deeper
+and deeper into the tree of possibilities, the recursion depth increases. The
+\fBmatch()\fP function is also called in other circumstances, for example,
+whenever a parenthesized sub-pattern is entered, and in certain cases of
+repetition.
+.P
+Not all calls of \fBmatch()\fP increase the recursion depth; for an item such
+as a* it may be called several times at the same level, after matching
+different numbers of a's. Furthermore, in a number of cases where the result of
+the recursive call would immediately be passed back as the result of the
+current call (a "tail recursion"), the function is just restarted instead.
+.P
+The above comments apply when \fBpcre[16|32]_exec()\fP is run in its normal
+interpretive manner. If the pattern was studied with the
+PCRE_STUDY_JIT_COMPILE option, and just-in-time compiling was successful, and
+the options passed to \fBpcre[16|32]_exec()\fP were not incompatible, the matching
+process uses the JIT-compiled code instead of the \fBmatch()\fP function. In
+this case, the memory requirements are handled entirely differently. See the
+.\" HREF
+\fBpcrejit\fP
+.\"
+documentation for details.
+.P
+The \fBpcre[16|32]_dfa_exec()\fP function operates in an entirely different way,
+and uses recursion only when there is a regular expression recursion or
+subroutine call in the pattern. This includes the processing of assertion and
+"once-only" subpatterns, which are handled like subroutine calls. Normally,
+these are never very deep, and the limit on the complexity of
+\fBpcre[16|32]_dfa_exec()\fP is controlled by the amount of workspace it is given.
+However, it is possible to write patterns with runaway infinite recursions;
+such patterns will cause \fBpcre[16|32]_dfa_exec()\fP to run out of stack. At
+present, there is no protection against this.
+.P
+The comments that follow do NOT apply to \fBpcre[16|32]_dfa_exec()\fP; they are
+relevant only for \fBpcre[16|32]_exec()\fP without the JIT optimization.
+.
+.
+.SS "Reducing \fBpcre[16|32]_exec()\fP's stack usage"
+.rs
+.sp
+Each time that \fBmatch()\fP is actually called recursively, it uses memory
+from the process stack. For certain kinds of pattern and data, very large
+amounts of stack may be needed, despite the recognition of "tail recursion".
+You can often reduce the amount of recursion, and therefore the amount of stack
+used, by modifying the pattern that is being matched. Consider, for example,
+this pattern:
+.sp
+  ([^<]|<(?!inet))+
+.sp
+It matches from wherever it starts until it encounters "<inet" or the end of
+the data, and is the kind of pattern that might be used when processing an XML
+file. Each iteration of the outer parentheses matches either one character that
+is not "<" or a "<" that is not followed by "inet". However, each time a
+parenthesis is processed, a recursion occurs, so this formulation uses a stack
+frame for each matched character. For a long string, a lot of stack is
+required. Consider now this rewritten pattern, which matches exactly the same
+strings:
+.sp
+  ([^<]++|<(?!inet))+
+.sp
+This uses very much less stack, because runs of characters that do not contain
+"<" are "swallowed" in one item inside the parentheses. Recursion happens only
+when a "<" character that is not followed by "inet" is encountered (and we
+assume this is relatively rare). A possessive quantifier is used to stop any
+backtracking into the runs of non-"<" characters, but that is not related to
+stack usage.
+.P
+This example shows that one way of avoiding stack problems when matching long
+subject strings is to write repeated parenthesized subpatterns to match more
+than one character whenever possible.
+.
+.
+.SS "Compiling PCRE to use heap instead of stack for \fBpcre[16|32]_exec()\fP"
+.rs
+.sp
+In environments where stack memory is constrained, you might want to compile
+PCRE to use heap memory instead of stack for remembering back-up points when
+\fBpcre[16|32]_exec()\fP is running. This makes it run a lot more slowly, however.
+Details of how to do this are given in the
+.\" HREF
+\fBpcrebuild\fP
+.\"
+documentation. When built in this way, instead of using the stack, PCRE obtains
+and frees memory by calling the functions that are pointed to by the
+\fBpcre[16|32]_stack_malloc\fP and \fBpcre[16|32]_stack_free\fP variables. By
+default, these point to \fBmalloc()\fP and \fBfree()\fP, but you can replace
+the pointers to cause PCRE to use your own functions. Since the block sizes are
+always the same, and are always freed in reverse order, it may be possible to
+implement customized memory handlers that are more efficient than the standard
+functions.
+.
+.
+.SS "Limiting \fBpcre[16|32]_exec()\fP's stack usage"
+.rs
+.sp
+You can set limits on the number of times that \fBmatch()\fP is called, both in
+total and recursively. If a limit is exceeded, \fBpcre[16|32]_exec()\fP returns an
+error code. Setting suitable limits should prevent it from running out of
+stack. The default values of the limits are very large, and unlikely ever to
+operate. They can be changed when PCRE is built, and they can also be set when
+\fBpcre[16|32]_exec()\fP is called. For details of these interfaces, see the
+.\" HREF
+\fBpcrebuild\fP
+.\"
+documentation and the
+.\" HTML <a href="pcreapi.html#extradata">
+.\" </a>
+section on extra data for \fBpcre[16|32]_exec()\fP
+.\"
+in the
+.\" HREF
+\fBpcreapi\fP
+.\"
+documentation.
+.P
+As a very rough rule of thumb, you should reckon on about 500 bytes per
+recursion. Thus, if you want to limit your stack usage to 8Mb, you should set
+the limit at 16000 recursions. A 64Mb stack, on the other hand, can support
+around 128000 recursions.
+.P
+In Unix-like environments, the \fBpcretest\fP test program has a command line
+option (\fB-S\fP) that can be used to increase the size of its stack. As long
+as the stack is large enough, another option (\fB-M\fP) can be used to find the
+smallest limits that allow a particular pattern to match a given subject
+string. This is done by calling \fBpcre[16|32]_exec()\fP repeatedly with different
+limits.
+.
+.
+.SS "Obtaining an estimate of stack usage"
+.rs
+.sp
+The actual amount of stack used per recursion can vary quite a lot, depending
+on the compiler that was used to build PCRE and the optimization or debugging
+options that were set for it. The rule of thumb value of 500 bytes mentioned
+above may be larger or smaller than what is actually needed. A better
+approximation can be obtained by running this command:
+.sp
+  pcretest -m -C
+.sp
+The \fB-C\fP option causes \fBpcretest\fP to output information about the
+options with which PCRE was compiled. When \fB-m\fP is also given (before
+\fB-C\fP), information about stack use is given in a line like this:
+.sp
+  Match recursion uses stack: approximate frame size = 640 bytes
+.sp
+The value is approximate because some recursions need a bit more (up to perhaps
+16 more bytes).
+.P
+If the above command is given when PCRE is compiled to use the heap instead of
+the stack for recursion, the value that is output is the size of each block
+that is obtained from the heap.
+.
+.
+.SS "Changing stack size in Unix-like systems"
+.rs
+.sp
+In Unix-like environments, there is not often a problem with the stack unless
+very long strings are involved, though the default limit on stack size varies
+from system to system. Values from 8Mb to 64Mb are common. You can find your
+default limit by running the command:
+.sp
+  ulimit -s
+.sp
+Unfortunately, the effect of running out of stack is often SIGSEGV, though
+sometimes a more explicit error message is given. You can normally increase the
+limit on stack size by code such as this:
+.sp
+  struct rlimit rlim;
+  getrlimit(RLIMIT_STACK, &rlim);
+  rlim.rlim_cur = 100*1024*1024;
+  setrlimit(RLIMIT_STACK, &rlim);
+.sp
+This reads the current limits (soft and hard) using \fBgetrlimit()\fP, then
+attempts to increase the soft limit to 100Mb using \fBsetrlimit()\fP. You must
+do this before calling \fBpcre[16|32]_exec()\fP.
+.
+.
+.SS "Changing stack size in Mac OS X"
+.rs
+.sp
+Using \fBsetrlimit()\fP, as described above, should also work on Mac OS X. It
+is also possible to set a stack size when linking a program. There is a
+discussion about stack sizes in Mac OS X at this web site:
+.\" HTML <a href="http://developer.apple.com/qa/qa2005/qa1419.html">
+.\" </a>
+http://developer.apple.com/qa/qa2005/qa1419.html.
+.\"
+.
+.
+.SH AUTHOR
+.rs
+.sp
+.nf
+Philip Hazel
+University Computing Service
+Cambridge CB2 3QH, England.
+.fi
+.
+.
+.SH REVISION
+.rs
+.sp
+.nf
+Last updated: 24 June 2012
+Copyright (c) 1997-2012 University of Cambridge.
+.fi
diff --git a/client/3rd/ShadowSocks/ShadowSocks/pcre/armv7s/share/man/man3/pcresyntax.3 b/client/3rd/ShadowSocks/ShadowSocks/pcre/armv7s/share/man/man3/pcresyntax.3
new file mode 100644
index 00000000..0850369f
--- /dev/null
+++ b/client/3rd/ShadowSocks/ShadowSocks/pcre/armv7s/share/man/man3/pcresyntax.3
@@ -0,0 +1,540 @@
+.TH PCRESYNTAX 3 "08 January 2014" "PCRE 8.35"
+.SH NAME
+PCRE - Perl-compatible regular expressions
+.SH "PCRE REGULAR EXPRESSION SYNTAX SUMMARY"
+.rs
+.sp
+The full syntax and semantics of the regular expressions that are supported by
+PCRE are described in the
+.\" HREF
+\fBpcrepattern\fP
+.\"
+documentation. This document contains a quick-reference summary of the syntax.
+.
+.
+.SH "QUOTING"
+.rs
+.sp
+  \ex         where x is non-alphanumeric is a literal x
+  \eQ...\eE    treat enclosed characters as literal
+.
+.
+.SH "CHARACTERS"
+.rs
+.sp
+  \ea         alarm, that is, the BEL character (hex 07)
+  \ecx        "control-x", where x is any ASCII character
+  \ee         escape (hex 1B)
+  \ef         form feed (hex 0C)
+  \en         newline (hex 0A)
+  \er         carriage return (hex 0D)
+  \et         tab (hex 09)
+  \e0dd       character with octal code 0dd
+  \eddd       character with octal code ddd, or backreference
+  \eo{ddd..}  character with octal code ddd..
+  \exhh       character with hex code hh
+  \ex{hhh..}  character with hex code hhh..
+.sp
+Note that \e0dd is always an octal code, and that \e8 and \e9 are the literal
+characters "8" and "9".
+.
+.
+.SH "CHARACTER TYPES"
+.rs
+.sp
+  .          any character except newline;
+               in dotall mode, any character whatsoever
+  \eC         one data unit, even in UTF mode (best avoided)
+  \ed         a decimal digit
+  \eD         a character that is not a decimal digit
+  \eh         a horizontal white space character
+  \eH         a character that is not a horizontal white space character
+  \eN         a character that is not a newline
+  \ep{\fIxx\fP}     a character with the \fIxx\fP property
+  \eP{\fIxx\fP}     a character without the \fIxx\fP property
+  \eR         a newline sequence
+  \es         a white space character
+  \eS         a character that is not a white space character
+  \ev         a vertical white space character
+  \eV         a character that is not a vertical white space character
+  \ew         a "word" character
+  \eW         a "non-word" character
+  \eX         a Unicode extended grapheme cluster
+.sp
+By default, \ed, \es, and \ew match only ASCII characters, even in UTF-8 mode
+or in the 16- bit and 32-bit libraries. However, if locale-specific matching is
+happening, \es and \ew may also match characters with code points in the range
+128-255. If the PCRE_UCP option is set, the behaviour of these escape sequences
+is changed to use Unicode properties and they match many more characters.
+.
+.
+.SH "GENERAL CATEGORY PROPERTIES FOR \ep and \eP"
+.rs
+.sp
+  C          Other
+  Cc         Control
+  Cf         Format
+  Cn         Unassigned
+  Co         Private use
+  Cs         Surrogate
+.sp
+  L          Letter
+  Ll         Lower case letter
+  Lm         Modifier letter
+  Lo         Other letter
+  Lt         Title case letter
+  Lu         Upper case letter
+  L&         Ll, Lu, or Lt
+.sp
+  M          Mark
+  Mc         Spacing mark
+  Me         Enclosing mark
+  Mn         Non-spacing mark
+.sp
+  N          Number
+  Nd         Decimal number
+  Nl         Letter number
+  No         Other number
+.sp
+  P          Punctuation
+  Pc         Connector punctuation
+  Pd         Dash punctuation
+  Pe         Close punctuation
+  Pf         Final punctuation
+  Pi         Initial punctuation
+  Po         Other punctuation
+  Ps         Open punctuation
+.sp
+  S          Symbol
+  Sc         Currency symbol
+  Sk         Modifier symbol
+  Sm         Mathematical symbol
+  So         Other symbol
+.sp
+  Z          Separator
+  Zl         Line separator
+  Zp         Paragraph separator
+  Zs         Space separator
+.
+.
+.SH "PCRE SPECIAL CATEGORY PROPERTIES FOR \ep and \eP"
+.rs
+.sp
+  Xan        Alphanumeric: union of properties L and N
+  Xps        POSIX space: property Z or tab, NL, VT, FF, CR
+  Xsp        Perl space: property Z or tab, NL, VT, FF, CR
+  Xuc        Univerally-named character: one that can be
+               represented by a Universal Character Name
+  Xwd        Perl word: property Xan or underscore
+.sp
+Perl and POSIX space are now the same. Perl added VT to its space character set
+at release 5.18 and PCRE changed at release 8.34.
+.
+.
+.SH "SCRIPT NAMES FOR \ep AND \eP"
+.rs
+.sp
+Arabic,
+Armenian,
+Avestan,
+Balinese,
+Bamum,
+Bassa_Vah,
+Batak,
+Bengali,
+Bopomofo,
+Brahmi,
+Braille,
+Buginese,
+Buhid,
+Canadian_Aboriginal,
+Carian,
+Caucasian_Albanian,
+Chakma,
+Cham,
+Cherokee,
+Common,
+Coptic,
+Cuneiform,
+Cypriot,
+Cyrillic,
+Deseret,
+Devanagari,
+Duployan,
+Egyptian_Hieroglyphs,
+Elbasan,
+Ethiopic,
+Georgian,
+Glagolitic,
+Gothic,
+Grantha,
+Greek,
+Gujarati,
+Gurmukhi,
+Han,
+Hangul,
+Hanunoo,
+Hebrew,
+Hiragana,
+Imperial_Aramaic,
+Inherited,
+Inscriptional_Pahlavi,
+Inscriptional_Parthian,
+Javanese,
+Kaithi,
+Kannada,
+Katakana,
+Kayah_Li,
+Kharoshthi,
+Khmer,
+Khojki,
+Khudawadi,
+Lao,
+Latin,
+Lepcha,
+Limbu,
+Linear_A,
+Linear_B,
+Lisu,
+Lycian,
+Lydian,
+Mahajani,
+Malayalam,
+Mandaic,
+Manichaean,
+Meetei_Mayek,
+Mende_Kikakui,
+Meroitic_Cursive,
+Meroitic_Hieroglyphs,
+Miao,
+Modi,
+Mongolian,
+Mro,
+Myanmar,
+Nabataean,
+New_Tai_Lue,
+Nko,
+Ogham,
+Ol_Chiki,
+Old_Italic,
+Old_North_Arabian,
+Old_Permic,
+Old_Persian,
+Old_South_Arabian,
+Old_Turkic,
+Oriya,
+Osmanya,
+Pahawh_Hmong,
+Palmyrene,
+Pau_Cin_Hau,
+Phags_Pa,
+Phoenician,
+Psalter_Pahlavi,
+Rejang,
+Runic,
+Samaritan,
+Saurashtra,
+Sharada,
+Shavian,
+Siddham,
+Sinhala,
+Sora_Sompeng,
+Sundanese,
+Syloti_Nagri,
+Syriac,
+Tagalog,
+Tagbanwa,
+Tai_Le,
+Tai_Tham,
+Tai_Viet,
+Takri,
+Tamil,
+Telugu,
+Thaana,
+Thai,
+Tibetan,
+Tifinagh,
+Tirhuta,
+Ugaritic,
+Vai,
+Warang_Citi,
+Yi.
+.
+.
+.SH "CHARACTER CLASSES"
+.rs
+.sp
+  [...]       positive character class
+  [^...]      negative character class
+  [x-y]       range (can be used for hex characters)
+  [[:xxx:]]   positive POSIX named set
+  [[:^xxx:]]  negative POSIX named set
+.sp
+  alnum       alphanumeric
+  alpha       alphabetic
+  ascii       0-127
+  blank       space or tab
+  cntrl       control character
+  digit       decimal digit
+  graph       printing, excluding space
+  lower       lower case letter
+  print       printing, including space
+  punct       printing, excluding alphanumeric
+  space       white space
+  upper       upper case letter
+  word        same as \ew
+  xdigit      hexadecimal digit
+.sp
+In PCRE, POSIX character set names recognize only ASCII characters by default,
+but some of them use Unicode properties if PCRE_UCP is set. You can use
+\eQ...\eE inside a character class.
+.
+.
+.SH "QUANTIFIERS"
+.rs
+.sp
+  ?           0 or 1, greedy
+  ?+          0 or 1, possessive
+  ??          0 or 1, lazy
+  *           0 or more, greedy
+  *+          0 or more, possessive
+  *?          0 or more, lazy
+  +           1 or more, greedy
+  ++          1 or more, possessive
+  +?          1 or more, lazy
+  {n}         exactly n
+  {n,m}       at least n, no more than m, greedy
+  {n,m}+      at least n, no more than m, possessive
+  {n,m}?      at least n, no more than m, lazy
+  {n,}        n or more, greedy
+  {n,}+       n or more, possessive
+  {n,}?       n or more, lazy
+.
+.
+.SH "ANCHORS AND SIMPLE ASSERTIONS"
+.rs
+.sp
+  \eb          word boundary
+  \eB          not a word boundary
+  ^           start of subject
+               also after internal newline in multiline mode
+  \eA          start of subject
+  $           end of subject
+               also before newline at end of subject
+               also before internal newline in multiline mode
+  \eZ          end of subject
+               also before newline at end of subject
+  \ez          end of subject
+  \eG          first matching position in subject
+.
+.
+.SH "MATCH POINT RESET"
+.rs
+.sp
+  \eK          reset start of match
+.sp
+\eK is honoured in positive assertions, but ignored in negative ones.
+.
+.
+.SH "ALTERNATION"
+.rs
+.sp
+  expr|expr|expr...
+.
+.
+.SH "CAPTURING"
+.rs
+.sp
+  (...)           capturing group
+  (?<name>...)    named capturing group (Perl)
+  (?'name'...)    named capturing group (Perl)
+  (?P<name>...)   named capturing group (Python)
+  (?:...)         non-capturing group
+  (?|...)         non-capturing group; reset group numbers for
+                   capturing groups in each alternative
+.
+.
+.SH "ATOMIC GROUPS"
+.rs
+.sp
+  (?>...)         atomic, non-capturing group
+.
+.
+.
+.
+.SH "COMMENT"
+.rs
+.sp
+  (?#....)        comment (not nestable)
+.
+.
+.SH "OPTION SETTING"
+.rs
+.sp
+  (?i)            caseless
+  (?J)            allow duplicate names
+  (?m)            multiline
+  (?s)            single line (dotall)
+  (?U)            default ungreedy (lazy)
+  (?x)            extended (ignore white space)
+  (?-...)         unset option(s)
+.sp
+The following are recognized only at the very start of a pattern or after one
+of the newline or \eR options with similar syntax. More than one of them may
+appear.
+.sp
+  (*LIMIT_MATCH=d) set the match limit to d (decimal number)
+  (*LIMIT_RECURSION=d) set the recursion limit to d (decimal number)
+  (*NO_AUTO_POSSESS) no auto-possessification (PCRE_NO_AUTO_POSSESS)
+  (*NO_START_OPT) no start-match optimization (PCRE_NO_START_OPTIMIZE)
+  (*UTF8)         set UTF-8 mode: 8-bit library (PCRE_UTF8)
+  (*UTF16)        set UTF-16 mode: 16-bit library (PCRE_UTF16)
+  (*UTF32)        set UTF-32 mode: 32-bit library (PCRE_UTF32)
+  (*UTF)          set appropriate UTF mode for the library in use
+  (*UCP)          set PCRE_UCP (use Unicode properties for \ed etc)
+.sp
+Note that LIMIT_MATCH and LIMIT_RECURSION can only reduce the value of the
+limits set by the caller of pcre_exec(), not increase them.
+.
+.
+.SH "NEWLINE CONVENTION"
+.rs
+.sp
+These are recognized only at the very start of the pattern or after option
+settings with a similar syntax.
+.sp
+  (*CR)           carriage return only
+  (*LF)           linefeed only
+  (*CRLF)         carriage return followed by linefeed
+  (*ANYCRLF)      all three of the above
+  (*ANY)          any Unicode newline sequence
+.
+.
+.SH "WHAT \eR MATCHES"
+.rs
+.sp
+These are recognized only at the very start of the pattern or after option
+setting with a similar syntax.
+.sp
+  (*BSR_ANYCRLF)  CR, LF, or CRLF
+  (*BSR_UNICODE)  any Unicode newline sequence
+.
+.
+.SH "LOOKAHEAD AND LOOKBEHIND ASSERTIONS"
+.rs
+.sp
+  (?=...)         positive look ahead
+  (?!...)         negative look ahead
+  (?<=...)        positive look behind
+  (?<!...)        negative look behind
+.sp
+Each top-level branch of a look behind must be of a fixed length.
+.
+.
+.SH "BACKREFERENCES"
+.rs
+.sp
+  \en              reference by number (can be ambiguous)
+  \egn             reference by number
+  \eg{n}           reference by number
+  \eg{-n}          relative reference by number
+  \ek<name>        reference by name (Perl)
+  \ek'name'        reference by name (Perl)
+  \eg{name}        reference by name (Perl)
+  \ek{name}        reference by name (.NET)
+  (?P=name)       reference by name (Python)
+.
+.
+.SH "SUBROUTINE REFERENCES (POSSIBLY RECURSIVE)"
+.rs
+.sp
+  (?R)            recurse whole pattern
+  (?n)            call subpattern by absolute number
+  (?+n)           call subpattern by relative number
+  (?-n)           call subpattern by relative number
+  (?&name)        call subpattern by name (Perl)
+  (?P>name)       call subpattern by name (Python)
+  \eg<name>        call subpattern by name (Oniguruma)
+  \eg'name'        call subpattern by name (Oniguruma)
+  \eg<n>           call subpattern by absolute number (Oniguruma)
+  \eg'n'           call subpattern by absolute number (Oniguruma)
+  \eg<+n>          call subpattern by relative number (PCRE extension)
+  \eg'+n'          call subpattern by relative number (PCRE extension)
+  \eg<-n>          call subpattern by relative number (PCRE extension)
+  \eg'-n'          call subpattern by relative number (PCRE extension)
+.
+.
+.SH "CONDITIONAL PATTERNS"
+.rs
+.sp
+  (?(condition)yes-pattern)
+  (?(condition)yes-pattern|no-pattern)
+.sp
+  (?(n)...        absolute reference condition
+  (?(+n)...       relative reference condition
+  (?(-n)...       relative reference condition
+  (?(<name>)...   named reference condition (Perl)
+  (?('name')...   named reference condition (Perl)
+  (?(name)...     named reference condition (PCRE)
+  (?(R)...        overall recursion condition
+  (?(Rn)...       specific group recursion condition
+  (?(R&name)...   specific recursion condition
+  (?(DEFINE)...   define subpattern for reference
+  (?(assert)...   assertion condition
+.
+.
+.SH "BACKTRACKING CONTROL"
+.rs
+.sp
+The following act immediately they are reached:
+.sp
+  (*ACCEPT)       force successful match
+  (*FAIL)         force backtrack; synonym (*F)
+  (*MARK:NAME)    set name to be passed back; synonym (*:NAME)
+.sp
+The following act only when a subsequent match failure causes a backtrack to
+reach them. They all force a match failure, but they differ in what happens
+afterwards. Those that advance the start-of-match point do so only if the
+pattern is not anchored.
+.sp
+  (*COMMIT)       overall failure, no advance of starting point
+  (*PRUNE)        advance to next starting character
+  (*PRUNE:NAME)   equivalent to (*MARK:NAME)(*PRUNE)
+  (*SKIP)         advance to current matching position
+  (*SKIP:NAME)    advance to position corresponding to an earlier
+                  (*MARK:NAME); if not found, the (*SKIP) is ignored
+  (*THEN)         local failure, backtrack to next alternation
+  (*THEN:NAME)    equivalent to (*MARK:NAME)(*THEN)
+.
+.
+.SH "CALLOUTS"
+.rs
+.sp
+  (?C)      callout
+  (?Cn)     callout with data n
+.
+.
+.SH "SEE ALSO"
+.rs
+.sp
+\fBpcrepattern\fP(3), \fBpcreapi\fP(3), \fBpcrecallout\fP(3),
+\fBpcrematching\fP(3), \fBpcre\fP(3).
+.
+.
+.SH AUTHOR
+.rs
+.sp
+.nf
+Philip Hazel
+University Computing Service
+Cambridge CB2 3QH, England.
+.fi
+.
+.
+.SH REVISION
+.rs
+.sp
+.nf
+Last updated: 08 January 2014
+Copyright (c) 1997-2014 University of Cambridge.
+.fi
diff --git a/client/3rd/ShadowSocks/ShadowSocks/pcre/armv7s/share/man/man3/pcreunicode.3 b/client/3rd/ShadowSocks/ShadowSocks/pcre/armv7s/share/man/man3/pcreunicode.3
new file mode 100644
index 00000000..cb5e5269
--- /dev/null
+++ b/client/3rd/ShadowSocks/ShadowSocks/pcre/armv7s/share/man/man3/pcreunicode.3
@@ -0,0 +1,249 @@
+.TH PCREUNICODE 3 "27 February 2013" "PCRE 8.33"
+.SH NAME
+PCRE - Perl-compatible regular expressions
+.SH "UTF-8, UTF-16, UTF-32, AND UNICODE PROPERTY SUPPORT"
+.rs
+.sp
+As well as UTF-8 support, PCRE also supports UTF-16 (from release 8.30) and
+UTF-32 (from release 8.32), by means of two additional libraries. They can be
+built as well as, or instead of, the 8-bit library.
+.
+.
+.SH "UTF-8 SUPPORT"
+.rs
+.sp
+In order process UTF-8 strings, you must build PCRE's 8-bit library with UTF
+support, and, in addition, you must call
+.\" HREF
+\fBpcre_compile()\fP
+.\"
+with the PCRE_UTF8 option flag, or the pattern must start with the sequence
+(*UTF8) or (*UTF). When either of these is the case, both the pattern and any
+subject strings that are matched against it are treated as UTF-8 strings
+instead of strings of individual 1-byte characters.
+.
+.
+.SH "UTF-16 AND UTF-32 SUPPORT"
+.rs
+.sp
+In order process UTF-16 or UTF-32 strings, you must build PCRE's 16-bit or
+32-bit library with UTF support, and, in addition, you must call
+.\" HREF
+\fBpcre16_compile()\fP
+.\"
+or
+.\" HREF
+\fBpcre32_compile()\fP
+.\"
+with the PCRE_UTF16 or PCRE_UTF32 option flag, as appropriate. Alternatively,
+the pattern must start with the sequence (*UTF16), (*UTF32), as appropriate, or
+(*UTF), which can be used with either library. When UTF mode is set, both the
+pattern and any subject strings that are matched against it are treated as
+UTF-16 or UTF-32 strings instead of strings of individual 16-bit or 32-bit
+characters.
+.
+.
+.SH "UTF SUPPORT OVERHEAD"
+.rs
+.sp
+If you compile PCRE with UTF support, but do not use it at run time, the
+library will be a bit bigger, but the additional run time overhead is limited
+to testing the PCRE_UTF[8|16|32] flag occasionally, so should not be very big.
+.
+.
+.SH "UNICODE PROPERTY SUPPORT"
+.rs
+.sp
+If PCRE is built with Unicode character property support (which implies UTF
+support), the escape sequences \ep{..}, \eP{..}, and \eX can be used.
+The available properties that can be tested are limited to the general
+category properties such as Lu for an upper case letter or Nd for a decimal
+number, the Unicode script names such as Arabic or Han, and the derived
+properties Any and L&. Full lists is given in the
+.\" HREF
+\fBpcrepattern\fP
+.\"
+and
+.\" HREF
+\fBpcresyntax\fP
+.\"
+documentation. Only the short names for properties are supported. For example,
+\ep{L} matches a letter. Its Perl synonym, \ep{Letter}, is not supported.
+Furthermore, in Perl, many properties may optionally be prefixed by "Is", for
+compatibility with Perl 5.6. PCRE does not support this.
+.
+.
+.\" HTML <a name="utf8strings"></a>
+.SS "Validity of UTF-8 strings"
+.rs
+.sp
+When you set the PCRE_UTF8 flag, the byte strings passed as patterns and
+subjects are (by default) checked for validity on entry to the relevant
+functions. The entire string is checked before any other processing takes
+place. From release 7.3 of PCRE, the check is according the rules of RFC 3629,
+which are themselves derived from the Unicode specification. Earlier releases
+of PCRE followed the rules of RFC 2279, which allows the full range of 31-bit
+values (0 to 0x7FFFFFFF). The current check allows only values in the range U+0
+to U+10FFFF, excluding the surrogate area. (From release 8.33 the so-called
+"non-character" code points are no longer excluded because Unicode corrigendum
+#9 makes it clear that they should not be.)
+.P
+Characters in the "Surrogate Area" of Unicode are reserved for use by UTF-16,
+where they are used in pairs to encode codepoints with values greater than
+0xFFFF. The code points that are encoded by UTF-16 pairs are available
+independently in the UTF-8 and UTF-32 encodings. (In other words, the whole
+surrogate thing is a fudge for UTF-16 which unfortunately messes up UTF-8 and
+UTF-32.)
+.P
+If an invalid UTF-8 string is passed to PCRE, an error return is given. At
+compile time, the only additional information is the offset to the first byte
+of the failing character. The run-time functions \fBpcre_exec()\fP and
+\fBpcre_dfa_exec()\fP also pass back this information, as well as a more
+detailed reason code if the caller has provided memory in which to do this.
+.P
+In some situations, you may already know that your strings are valid, and
+therefore want to skip these checks in order to improve performance, for
+example in the case of a long subject string that is being scanned repeatedly.
+If you set the PCRE_NO_UTF8_CHECK flag at compile time or at run time, PCRE
+assumes that the pattern or subject it is given (respectively) contains only
+valid UTF-8 codes. In this case, it does not diagnose an invalid UTF-8 string.
+.P
+Note that passing PCRE_NO_UTF8_CHECK to \fBpcre_compile()\fP just disables the
+check for the pattern; it does not also apply to subject strings. If you want
+to disable the check for a subject string you must pass this option to
+\fBpcre_exec()\fP or \fBpcre_dfa_exec()\fP.
+.P
+If you pass an invalid UTF-8 string when PCRE_NO_UTF8_CHECK is set, the result
+is undefined and your program may crash.
+.
+.
+.\" HTML <a name="utf16strings"></a>
+.SS "Validity of UTF-16 strings"
+.rs
+.sp
+When you set the PCRE_UTF16 flag, the strings of 16-bit data units that are
+passed as patterns and subjects are (by default) checked for validity on entry
+to the relevant functions. Values other than those in the surrogate range
+U+D800 to U+DFFF are independent code points. Values in the surrogate range
+must be used in pairs in the correct manner.
+.P
+If an invalid UTF-16 string is passed to PCRE, an error return is given. At
+compile time, the only additional information is the offset to the first data
+unit of the failing character. The run-time functions \fBpcre16_exec()\fP and
+\fBpcre16_dfa_exec()\fP also pass back this information, as well as a more
+detailed reason code if the caller has provided memory in which to do this.
+.P
+In some situations, you may already know that your strings are valid, and
+therefore want to skip these checks in order to improve performance. If you set
+the PCRE_NO_UTF16_CHECK flag at compile time or at run time, PCRE assumes that
+the pattern or subject it is given (respectively) contains only valid UTF-16
+sequences. In this case, it does not diagnose an invalid UTF-16 string.
+However, if an invalid string is passed, the result is undefined.
+.
+.
+.\" HTML <a name="utf32strings"></a>
+.SS "Validity of UTF-32 strings"
+.rs
+.sp
+When you set the PCRE_UTF32 flag, the strings of 32-bit data units that are
+passed as patterns and subjects are (by default) checked for validity on entry
+to the relevant functions.  This check allows only values in the range U+0
+to U+10FFFF, excluding the surrogate area U+D800 to U+DFFF.
+.P
+If an invalid UTF-32 string is passed to PCRE, an error return is given. At
+compile time, the only additional information is the offset to the first data
+unit of the failing character. The run-time functions \fBpcre32_exec()\fP and
+\fBpcre32_dfa_exec()\fP also pass back this information, as well as a more
+detailed reason code if the caller has provided memory in which to do this.
+.P
+In some situations, you may already know that your strings are valid, and
+therefore want to skip these checks in order to improve performance. If you set
+the PCRE_NO_UTF32_CHECK flag at compile time or at run time, PCRE assumes that
+the pattern or subject it is given (respectively) contains only valid UTF-32
+sequences. In this case, it does not diagnose an invalid UTF-32 string.
+However, if an invalid string is passed, the result is undefined.
+.
+.
+.SS "General comments about UTF modes"
+.rs
+.sp
+1. Codepoints less than 256 can be specified in patterns by either braced or
+unbraced hexadecimal escape sequences (for example, \ex{b3} or \exb3). Larger
+values have to use braced sequences.
+.P
+2. Octal numbers up to \e777 are recognized, and in UTF-8 mode they match
+two-byte characters for values greater than \e177.
+.P
+3. Repeat quantifiers apply to complete UTF characters, not to individual
+data units, for example: \ex{100}{3}.
+.P
+4. The dot metacharacter matches one UTF character instead of a single data
+unit.
+.P
+5. The escape sequence \eC can be used to match a single byte in UTF-8 mode, or
+a single 16-bit data unit in UTF-16 mode, or a single 32-bit data unit in
+UTF-32 mode, but its use can lead to some strange effects because it breaks up
+multi-unit characters (see the description of \eC in the
+.\" HREF
+\fBpcrepattern\fP
+.\"
+documentation). The use of \eC is not supported in the alternative matching
+function \fBpcre[16|32]_dfa_exec()\fP, nor is it supported in UTF mode by the
+JIT optimization of \fBpcre[16|32]_exec()\fP. If JIT optimization is requested
+for a UTF pattern that contains \eC, it will not succeed, and so the matching
+will be carried out by the normal interpretive function.
+.P
+6. The character escapes \eb, \eB, \ed, \eD, \es, \eS, \ew, and \eW correctly
+test characters of any code value, but, by default, the characters that PCRE
+recognizes as digits, spaces, or word characters remain the same set as in
+non-UTF mode, all with values less than 256. This remains true even when PCRE
+is built to include Unicode property support, because to do otherwise would
+slow down PCRE in many common cases. Note in particular that this applies to
+\eb and \eB, because they are defined in terms of \ew and \eW. If you really
+want to test for a wider sense of, say, "digit", you can use explicit Unicode
+property tests such as \ep{Nd}. Alternatively, if you set the PCRE_UCP option,
+the way that the character escapes work is changed so that Unicode properties
+are used to determine which characters match. There are more details in the
+section on
+.\" HTML <a href="pcrepattern.html#genericchartypes">
+.\" </a>
+generic character types
+.\"
+in the
+.\" HREF
+\fBpcrepattern\fP
+.\"
+documentation.
+.P
+7. Similarly, characters that match the POSIX named character classes are all
+low-valued characters, unless the PCRE_UCP option is set.
+.P
+8. However, the horizontal and vertical white space matching escapes (\eh, \eH,
+\ev, and \eV) do match all the appropriate Unicode characters, whether or not
+PCRE_UCP is set.
+.P
+9. Case-insensitive matching applies only to characters whose values are less
+than 128, unless PCRE is built with Unicode property support. A few Unicode
+characters such as Greek sigma have more than two codepoints that are
+case-equivalent. Up to and including PCRE release 8.31, only one-to-one case
+mappings were supported, but later releases (with Unicode property support) do
+treat as case-equivalent all versions of characters such as Greek sigma.
+.
+.
+.SH AUTHOR
+.rs
+.sp
+.nf
+Philip Hazel
+University Computing Service
+Cambridge CB2 3QH, England.
+.fi
+.
+.
+.SH REVISION
+.rs
+.sp
+.nf
+Last updated: 27 February 2013
+Copyright (c) 1997-2013 University of Cambridge.
+.fi
diff --git a/client/3rd/ShadowSocks/ShadowSocks/pcre/include/pcre.h b/client/3rd/ShadowSocks/ShadowSocks/pcre/include/pcre.h
new file mode 100644
index 00000000..442c6bdb
--- /dev/null
+++ b/client/3rd/ShadowSocks/ShadowSocks/pcre/include/pcre.h
@@ -0,0 +1,677 @@
+/*************************************************
+*       Perl-Compatible Regular Expressions      *
+*************************************************/
+
+/* This is the public header file for the PCRE library, to be #included by
+applications that call the PCRE functions.
+
+           Copyright (c) 1997-2014 University of Cambridge
+
+-----------------------------------------------------------------------------
+Redistribution and use in source and binary forms, with or without
+modification, are permitted provided that the following conditions are met:
+
+    * Redistributions of source code must retain the above copyright notice,
+      this list of conditions and the following disclaimer.
+
+    * Redistributions in binary form must reproduce the above copyright
+      notice, this list of conditions and the following disclaimer in the
+      documentation and/or other materials provided with the distribution.
+
+    * Neither the name of the University of Cambridge nor the names of its
+      contributors may be used to endorse or promote products derived from
+      this software without specific prior written permission.
+
+THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS"
+AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT OWNER OR CONTRIBUTORS BE
+LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR
+CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF
+SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS
+INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN
+CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
+ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE
+POSSIBILITY OF SUCH DAMAGE.
+-----------------------------------------------------------------------------
+*/
+
+#ifndef _PCRE_H
+#define _PCRE_H
+
+/* The current PCRE version information. */
+
+#define PCRE_MAJOR          8
+#define PCRE_MINOR          41
+#define PCRE_PRERELEASE     
+#define PCRE_DATE           2017-07-05
+
+/* When an application links to a PCRE DLL in Windows, the symbols that are
+imported have to be identified as such. When building PCRE, the appropriate
+export setting is defined in pcre_internal.h, which includes this file. So we
+don't change existing definitions of PCRE_EXP_DECL and PCRECPP_EXP_DECL. */
+
+#if defined(_WIN32) && !defined(PCRE_STATIC)
+#  ifndef PCRE_EXP_DECL
+#    define PCRE_EXP_DECL  extern __declspec(dllimport)
+#  endif
+#  ifdef __cplusplus
+#    ifndef PCRECPP_EXP_DECL
+#      define PCRECPP_EXP_DECL  extern __declspec(dllimport)
+#    endif
+#    ifndef PCRECPP_EXP_DEFN
+#      define PCRECPP_EXP_DEFN  __declspec(dllimport)
+#    endif
+#  endif
+#endif
+
+/* By default, we use the standard "extern" declarations. */
+
+#ifndef PCRE_EXP_DECL
+#  ifdef __cplusplus
+#    define PCRE_EXP_DECL  extern "C"
+#  else
+#    define PCRE_EXP_DECL  extern
+#  endif
+#endif
+
+#ifdef __cplusplus
+#  ifndef PCRECPP_EXP_DECL
+#    define PCRECPP_EXP_DECL  extern
+#  endif
+#  ifndef PCRECPP_EXP_DEFN
+#    define PCRECPP_EXP_DEFN
+#  endif
+#endif
+
+/* Have to include stdlib.h in order to ensure that size_t is defined;
+it is needed here for malloc. */
+
+#include <stdlib.h>
+
+/* Allow for C++ users */
+
+#ifdef __cplusplus
+extern "C" {
+#endif
+
+/* Public options. Some are compile-time only, some are run-time only, and some
+are both. Most of the compile-time options are saved with the compiled regex so
+that they can be inspected during studying (and therefore JIT compiling). Note
+that pcre_study() has its own set of options. Originally, all the options
+defined here used distinct bits. However, almost all the bits in a 32-bit word
+are now used, so in order to conserve them, option bits that were previously
+only recognized at matching time (i.e. by pcre_exec() or pcre_dfa_exec()) may
+also be used for compile-time options that affect only compiling and are not
+relevant for studying or JIT compiling.
+
+Some options for pcre_compile() change its behaviour but do not affect the
+behaviour of the execution functions. Other options are passed through to the
+execution functions and affect their behaviour, with or without affecting the
+behaviour of pcre_compile().
+
+Options that can be passed to pcre_compile() are tagged Cx below, with these
+variants:
+
+C1   Affects compile only
+C2   Does not affect compile; affects exec, dfa_exec
+C3   Affects compile, exec, dfa_exec
+C4   Affects compile, exec, dfa_exec, study
+C5   Affects compile, exec, study
+
+Options that can be set for pcre_exec() and/or pcre_dfa_exec() are flagged with
+E and D, respectively. They take precedence over C3, C4, and C5 settings passed
+from pcre_compile(). Those that are compatible with JIT execution are flagged
+with J. */
+
+#define PCRE_CASELESS           0x00000001  /* C1       */
+#define PCRE_MULTILINE          0x00000002  /* C1       */
+#define PCRE_DOTALL             0x00000004  /* C1       */
+#define PCRE_EXTENDED           0x00000008  /* C1       */
+#define PCRE_ANCHORED           0x00000010  /* C4 E D   */
+#define PCRE_DOLLAR_ENDONLY     0x00000020  /* C2       */
+#define PCRE_EXTRA              0x00000040  /* C1       */
+#define PCRE_NOTBOL             0x00000080  /*    E D J */
+#define PCRE_NOTEOL             0x00000100  /*    E D J */
+#define PCRE_UNGREEDY           0x00000200  /* C1       */
+#define PCRE_NOTEMPTY           0x00000400  /*    E D J */
+#define PCRE_UTF8               0x00000800  /* C4        )          */
+#define PCRE_UTF16              0x00000800  /* C4        ) Synonyms */
+#define PCRE_UTF32              0x00000800  /* C4        )          */
+#define PCRE_NO_AUTO_CAPTURE    0x00001000  /* C1       */
+#define PCRE_NO_UTF8_CHECK      0x00002000  /* C1 E D J  )          */
+#define PCRE_NO_UTF16_CHECK     0x00002000  /* C1 E D J  ) Synonyms */
+#define PCRE_NO_UTF32_CHECK     0x00002000  /* C1 E D J  )          */
+#define PCRE_AUTO_CALLOUT       0x00004000  /* C1       */
+#define PCRE_PARTIAL_SOFT       0x00008000  /*    E D J  ) Synonyms */
+#define PCRE_PARTIAL            0x00008000  /*    E D J  )          */
+
+/* This pair use the same bit. */
+#define PCRE_NEVER_UTF          0x00010000  /* C1        ) Overlaid */
+#define PCRE_DFA_SHORTEST       0x00010000  /*      D    ) Overlaid */
+
+/* This pair use the same bit. */
+#define PCRE_NO_AUTO_POSSESS    0x00020000  /* C1        ) Overlaid */
+#define PCRE_DFA_RESTART        0x00020000  /*      D    ) Overlaid */
+
+#define PCRE_FIRSTLINE          0x00040000  /* C3       */
+#define PCRE_DUPNAMES           0x00080000  /* C1       */
+#define PCRE_NEWLINE_CR         0x00100000  /* C3 E D   */
+#define PCRE_NEWLINE_LF         0x00200000  /* C3 E D   */
+#define PCRE_NEWLINE_CRLF       0x00300000  /* C3 E D   */
+#define PCRE_NEWLINE_ANY        0x00400000  /* C3 E D   */
+#define PCRE_NEWLINE_ANYCRLF    0x00500000  /* C3 E D   */
+#define PCRE_BSR_ANYCRLF        0x00800000  /* C3 E D   */
+#define PCRE_BSR_UNICODE        0x01000000  /* C3 E D   */
+#define PCRE_JAVASCRIPT_COMPAT  0x02000000  /* C5       */
+#define PCRE_NO_START_OPTIMIZE  0x04000000  /* C2 E D    ) Synonyms */
+#define PCRE_NO_START_OPTIMISE  0x04000000  /* C2 E D    )          */
+#define PCRE_PARTIAL_HARD       0x08000000  /*    E D J */
+#define PCRE_NOTEMPTY_ATSTART   0x10000000  /*    E D J */
+#define PCRE_UCP                0x20000000  /* C3       */
+
+/* Exec-time and get/set-time error codes */
+
+#define PCRE_ERROR_NOMATCH          (-1)
+#define PCRE_ERROR_NULL             (-2)
+#define PCRE_ERROR_BADOPTION        (-3)
+#define PCRE_ERROR_BADMAGIC         (-4)
+#define PCRE_ERROR_UNKNOWN_OPCODE   (-5)
+#define PCRE_ERROR_UNKNOWN_NODE     (-5)  /* For backward compatibility */
+#define PCRE_ERROR_NOMEMORY         (-6)
+#define PCRE_ERROR_NOSUBSTRING      (-7)
+#define PCRE_ERROR_MATCHLIMIT       (-8)
+#define PCRE_ERROR_CALLOUT          (-9)  /* Never used by PCRE itself */
+#define PCRE_ERROR_BADUTF8         (-10)  /* Same for 8/16/32 */
+#define PCRE_ERROR_BADUTF16        (-10)  /* Same for 8/16/32 */
+#define PCRE_ERROR_BADUTF32        (-10)  /* Same for 8/16/32 */
+#define PCRE_ERROR_BADUTF8_OFFSET  (-11)  /* Same for 8/16 */
+#define PCRE_ERROR_BADUTF16_OFFSET (-11)  /* Same for 8/16 */
+#define PCRE_ERROR_PARTIAL         (-12)
+#define PCRE_ERROR_BADPARTIAL      (-13)
+#define PCRE_ERROR_INTERNAL        (-14)
+#define PCRE_ERROR_BADCOUNT        (-15)
+#define PCRE_ERROR_DFA_UITEM       (-16)
+#define PCRE_ERROR_DFA_UCOND       (-17)
+#define PCRE_ERROR_DFA_UMLIMIT     (-18)
+#define PCRE_ERROR_DFA_WSSIZE      (-19)
+#define PCRE_ERROR_DFA_RECURSE     (-20)
+#define PCRE_ERROR_RECURSIONLIMIT  (-21)
+#define PCRE_ERROR_NULLWSLIMIT     (-22)  /* No longer actually used */
+#define PCRE_ERROR_BADNEWLINE      (-23)
+#define PCRE_ERROR_BADOFFSET       (-24)
+#define PCRE_ERROR_SHORTUTF8       (-25)
+#define PCRE_ERROR_SHORTUTF16      (-25)  /* Same for 8/16 */
+#define PCRE_ERROR_RECURSELOOP     (-26)
+#define PCRE_ERROR_JIT_STACKLIMIT  (-27)
+#define PCRE_ERROR_BADMODE         (-28)
+#define PCRE_ERROR_BADENDIANNESS   (-29)
+#define PCRE_ERROR_DFA_BADRESTART  (-30)
+#define PCRE_ERROR_JIT_BADOPTION   (-31)
+#define PCRE_ERROR_BADLENGTH       (-32)
+#define PCRE_ERROR_UNSET           (-33)
+
+/* Specific error codes for UTF-8 validity checks */
+
+#define PCRE_UTF8_ERR0               0
+#define PCRE_UTF8_ERR1               1
+#define PCRE_UTF8_ERR2               2
+#define PCRE_UTF8_ERR3               3
+#define PCRE_UTF8_ERR4               4
+#define PCRE_UTF8_ERR5               5
+#define PCRE_UTF8_ERR6               6
+#define PCRE_UTF8_ERR7               7
+#define PCRE_UTF8_ERR8               8
+#define PCRE_UTF8_ERR9               9
+#define PCRE_UTF8_ERR10             10
+#define PCRE_UTF8_ERR11             11
+#define PCRE_UTF8_ERR12             12
+#define PCRE_UTF8_ERR13             13
+#define PCRE_UTF8_ERR14             14
+#define PCRE_UTF8_ERR15             15
+#define PCRE_UTF8_ERR16             16
+#define PCRE_UTF8_ERR17             17
+#define PCRE_UTF8_ERR18             18
+#define PCRE_UTF8_ERR19             19
+#define PCRE_UTF8_ERR20             20
+#define PCRE_UTF8_ERR21             21
+#define PCRE_UTF8_ERR22             22  /* Unused (was non-character) */
+
+/* Specific error codes for UTF-16 validity checks */
+
+#define PCRE_UTF16_ERR0              0
+#define PCRE_UTF16_ERR1              1
+#define PCRE_UTF16_ERR2              2
+#define PCRE_UTF16_ERR3              3
+#define PCRE_UTF16_ERR4              4  /* Unused (was non-character) */
+
+/* Specific error codes for UTF-32 validity checks */
+
+#define PCRE_UTF32_ERR0              0
+#define PCRE_UTF32_ERR1              1
+#define PCRE_UTF32_ERR2              2  /* Unused (was non-character) */
+#define PCRE_UTF32_ERR3              3
+
+/* Request types for pcre_fullinfo() */
+
+#define PCRE_INFO_OPTIONS            0
+#define PCRE_INFO_SIZE               1
+#define PCRE_INFO_CAPTURECOUNT       2
+#define PCRE_INFO_BACKREFMAX         3
+#define PCRE_INFO_FIRSTBYTE          4
+#define PCRE_INFO_FIRSTCHAR          4  /* For backwards compatibility */
+#define PCRE_INFO_FIRSTTABLE         5
+#define PCRE_INFO_LASTLITERAL        6
+#define PCRE_INFO_NAMEENTRYSIZE      7
+#define PCRE_INFO_NAMECOUNT          8
+#define PCRE_INFO_NAMETABLE          9
+#define PCRE_INFO_STUDYSIZE         10
+#define PCRE_INFO_DEFAULT_TABLES    11
+#define PCRE_INFO_OKPARTIAL         12
+#define PCRE_INFO_JCHANGED          13
+#define PCRE_INFO_HASCRORLF         14
+#define PCRE_INFO_MINLENGTH         15
+#define PCRE_INFO_JIT               16
+#define PCRE_INFO_JITSIZE           17
+#define PCRE_INFO_MAXLOOKBEHIND     18
+#define PCRE_INFO_FIRSTCHARACTER    19
+#define PCRE_INFO_FIRSTCHARACTERFLAGS 20
+#define PCRE_INFO_REQUIREDCHAR      21
+#define PCRE_INFO_REQUIREDCHARFLAGS 22
+#define PCRE_INFO_MATCHLIMIT        23
+#define PCRE_INFO_RECURSIONLIMIT    24
+#define PCRE_INFO_MATCH_EMPTY       25
+
+/* Request types for pcre_config(). Do not re-arrange, in order to remain
+compatible. */
+
+#define PCRE_CONFIG_UTF8                    0
+#define PCRE_CONFIG_NEWLINE                 1
+#define PCRE_CONFIG_LINK_SIZE               2
+#define PCRE_CONFIG_POSIX_MALLOC_THRESHOLD  3
+#define PCRE_CONFIG_MATCH_LIMIT             4
+#define PCRE_CONFIG_STACKRECURSE            5
+#define PCRE_CONFIG_UNICODE_PROPERTIES      6
+#define PCRE_CONFIG_MATCH_LIMIT_RECURSION   7
+#define PCRE_CONFIG_BSR                     8
+#define PCRE_CONFIG_JIT                     9
+#define PCRE_CONFIG_UTF16                  10
+#define PCRE_CONFIG_JITTARGET              11
+#define PCRE_CONFIG_UTF32                  12
+#define PCRE_CONFIG_PARENS_LIMIT           13
+
+/* Request types for pcre_study(). Do not re-arrange, in order to remain
+compatible. */
+
+#define PCRE_STUDY_JIT_COMPILE                0x0001
+#define PCRE_STUDY_JIT_PARTIAL_SOFT_COMPILE   0x0002
+#define PCRE_STUDY_JIT_PARTIAL_HARD_COMPILE   0x0004
+#define PCRE_STUDY_EXTRA_NEEDED               0x0008
+
+/* Bit flags for the pcre[16|32]_extra structure. Do not re-arrange or redefine
+these bits, just add new ones on the end, in order to remain compatible. */
+
+#define PCRE_EXTRA_STUDY_DATA             0x0001
+#define PCRE_EXTRA_MATCH_LIMIT            0x0002
+#define PCRE_EXTRA_CALLOUT_DATA           0x0004
+#define PCRE_EXTRA_TABLES                 0x0008
+#define PCRE_EXTRA_MATCH_LIMIT_RECURSION  0x0010
+#define PCRE_EXTRA_MARK                   0x0020
+#define PCRE_EXTRA_EXECUTABLE_JIT         0x0040
+
+/* Types */
+
+struct real_pcre;                 /* declaration; the definition is private  */
+typedef struct real_pcre pcre;
+
+struct real_pcre16;               /* declaration; the definition is private  */
+typedef struct real_pcre16 pcre16;
+
+struct real_pcre32;               /* declaration; the definition is private  */
+typedef struct real_pcre32 pcre32;
+
+struct real_pcre_jit_stack;       /* declaration; the definition is private  */
+typedef struct real_pcre_jit_stack pcre_jit_stack;
+
+struct real_pcre16_jit_stack;     /* declaration; the definition is private  */
+typedef struct real_pcre16_jit_stack pcre16_jit_stack;
+
+struct real_pcre32_jit_stack;     /* declaration; the definition is private  */
+typedef struct real_pcre32_jit_stack pcre32_jit_stack;
+
+/* If PCRE is compiled with 16 bit character support, PCRE_UCHAR16 must contain
+a 16 bit wide signed data type. Otherwise it can be a dummy data type since
+pcre16 functions are not implemented. There is a check for this in pcre_internal.h. */
+#ifndef PCRE_UCHAR16
+#define PCRE_UCHAR16 unsigned short
+#endif
+
+#ifndef PCRE_SPTR16
+#define PCRE_SPTR16 const PCRE_UCHAR16 *
+#endif
+
+/* If PCRE is compiled with 32 bit character support, PCRE_UCHAR32 must contain
+a 32 bit wide signed data type. Otherwise it can be a dummy data type since
+pcre32 functions are not implemented. There is a check for this in pcre_internal.h. */
+#ifndef PCRE_UCHAR32
+#define PCRE_UCHAR32 unsigned int
+#endif
+
+#ifndef PCRE_SPTR32
+#define PCRE_SPTR32 const PCRE_UCHAR32 *
+#endif
+
+/* When PCRE is compiled as a C++ library, the subject pointer type can be
+replaced with a custom type. For conventional use, the public interface is a
+const char *. */
+
+#ifndef PCRE_SPTR
+#define PCRE_SPTR const char *
+#endif
+
+/* The structure for passing additional data to pcre_exec(). This is defined in
+such as way as to be extensible. Always add new fields at the end, in order to
+remain compatible. */
+
+typedef struct pcre_extra {
+  unsigned long int flags;        /* Bits for which fields are set */
+  void *study_data;               /* Opaque data from pcre_study() */
+  unsigned long int match_limit;  /* Maximum number of calls to match() */
+  void *callout_data;             /* Data passed back in callouts */
+  const unsigned char *tables;    /* Pointer to character tables */
+  unsigned long int match_limit_recursion; /* Max recursive calls to match() */
+  unsigned char **mark;           /* For passing back a mark pointer */
+  void *executable_jit;           /* Contains a pointer to a compiled jit code */
+} pcre_extra;
+
+/* Same structure as above, but with 16 bit char pointers. */
+
+typedef struct pcre16_extra {
+  unsigned long int flags;        /* Bits for which fields are set */
+  void *study_data;               /* Opaque data from pcre_study() */
+  unsigned long int match_limit;  /* Maximum number of calls to match() */
+  void *callout_data;             /* Data passed back in callouts */
+  const unsigned char *tables;    /* Pointer to character tables */
+  unsigned long int match_limit_recursion; /* Max recursive calls to match() */
+  PCRE_UCHAR16 **mark;            /* For passing back a mark pointer */
+  void *executable_jit;           /* Contains a pointer to a compiled jit code */
+} pcre16_extra;
+
+/* Same structure as above, but with 32 bit char pointers. */
+
+typedef struct pcre32_extra {
+  unsigned long int flags;        /* Bits for which fields are set */
+  void *study_data;               /* Opaque data from pcre_study() */
+  unsigned long int match_limit;  /* Maximum number of calls to match() */
+  void *callout_data;             /* Data passed back in callouts */
+  const unsigned char *tables;    /* Pointer to character tables */
+  unsigned long int match_limit_recursion; /* Max recursive calls to match() */
+  PCRE_UCHAR32 **mark;            /* For passing back a mark pointer */
+  void *executable_jit;           /* Contains a pointer to a compiled jit code */
+} pcre32_extra;
+
+/* The structure for passing out data via the pcre_callout_function. We use a
+structure so that new fields can be added on the end in future versions,
+without changing the API of the function, thereby allowing old clients to work
+without modification. */
+
+typedef struct pcre_callout_block {
+  int          version;           /* Identifies version of block */
+  /* ------------------------ Version 0 ------------------------------- */
+  int          callout_number;    /* Number compiled into pattern */
+  int         *offset_vector;     /* The offset vector */
+  PCRE_SPTR    subject;           /* The subject being matched */
+  int          subject_length;    /* The length of the subject */
+  int          start_match;       /* Offset to start of this match attempt */
+  int          current_position;  /* Where we currently are in the subject */
+  int          capture_top;       /* Max current capture */
+  int          capture_last;      /* Most recently closed capture */
+  void        *callout_data;      /* Data passed in with the call */
+  /* ------------------- Added for Version 1 -------------------------- */
+  int          pattern_position;  /* Offset to next item in the pattern */
+  int          next_item_length;  /* Length of next item in the pattern */
+  /* ------------------- Added for Version 2 -------------------------- */
+  const unsigned char *mark;      /* Pointer to current mark or NULL    */
+  /* ------------------------------------------------------------------ */
+} pcre_callout_block;
+
+/* Same structure as above, but with 16 bit char pointers. */
+
+typedef struct pcre16_callout_block {
+  int          version;           /* Identifies version of block */
+  /* ------------------------ Version 0 ------------------------------- */
+  int          callout_number;    /* Number compiled into pattern */
+  int         *offset_vector;     /* The offset vector */
+  PCRE_SPTR16  subject;           /* The subject being matched */
+  int          subject_length;    /* The length of the subject */
+  int          start_match;       /* Offset to start of this match attempt */
+  int          current_position;  /* Where we currently are in the subject */
+  int          capture_top;       /* Max current capture */
+  int          capture_last;      /* Most recently closed capture */
+  void        *callout_data;      /* Data passed in with the call */
+  /* ------------------- Added for Version 1 -------------------------- */
+  int          pattern_position;  /* Offset to next item in the pattern */
+  int          next_item_length;  /* Length of next item in the pattern */
+  /* ------------------- Added for Version 2 -------------------------- */
+  const PCRE_UCHAR16 *mark;       /* Pointer to current mark or NULL    */
+  /* ------------------------------------------------------------------ */
+} pcre16_callout_block;
+
+/* Same structure as above, but with 32 bit char pointers. */
+
+typedef struct pcre32_callout_block {
+  int          version;           /* Identifies version of block */
+  /* ------------------------ Version 0 ------------------------------- */
+  int          callout_number;    /* Number compiled into pattern */
+  int         *offset_vector;     /* The offset vector */
+  PCRE_SPTR32  subject;           /* The subject being matched */
+  int          subject_length;    /* The length of the subject */
+  int          start_match;       /* Offset to start of this match attempt */
+  int          current_position;  /* Where we currently are in the subject */
+  int          capture_top;       /* Max current capture */
+  int          capture_last;      /* Most recently closed capture */
+  void        *callout_data;      /* Data passed in with the call */
+  /* ------------------- Added for Version 1 -------------------------- */
+  int          pattern_position;  /* Offset to next item in the pattern */
+  int          next_item_length;  /* Length of next item in the pattern */
+  /* ------------------- Added for Version 2 -------------------------- */
+  const PCRE_UCHAR32 *mark;       /* Pointer to current mark or NULL    */
+  /* ------------------------------------------------------------------ */
+} pcre32_callout_block;
+
+/* Indirection for store get and free functions. These can be set to
+alternative malloc/free functions if required. Special ones are used in the
+non-recursive case for "frames". There is also an optional callout function
+that is triggered by the (?) regex item. For Virtual Pascal, these definitions
+have to take another form. */
+
+#ifndef VPCOMPAT
+PCRE_EXP_DECL void *(*pcre_malloc)(size_t);
+PCRE_EXP_DECL void  (*pcre_free)(void *);
+PCRE_EXP_DECL void *(*pcre_stack_malloc)(size_t);
+PCRE_EXP_DECL void  (*pcre_stack_free)(void *);
+PCRE_EXP_DECL int   (*pcre_callout)(pcre_callout_block *);
+PCRE_EXP_DECL int   (*pcre_stack_guard)(void);
+
+PCRE_EXP_DECL void *(*pcre16_malloc)(size_t);
+PCRE_EXP_DECL void  (*pcre16_free)(void *);
+PCRE_EXP_DECL void *(*pcre16_stack_malloc)(size_t);
+PCRE_EXP_DECL void  (*pcre16_stack_free)(void *);
+PCRE_EXP_DECL int   (*pcre16_callout)(pcre16_callout_block *);
+PCRE_EXP_DECL int   (*pcre16_stack_guard)(void);
+
+PCRE_EXP_DECL void *(*pcre32_malloc)(size_t);
+PCRE_EXP_DECL void  (*pcre32_free)(void *);
+PCRE_EXP_DECL void *(*pcre32_stack_malloc)(size_t);
+PCRE_EXP_DECL void  (*pcre32_stack_free)(void *);
+PCRE_EXP_DECL int   (*pcre32_callout)(pcre32_callout_block *);
+PCRE_EXP_DECL int   (*pcre32_stack_guard)(void);
+#else   /* VPCOMPAT */
+PCRE_EXP_DECL void *pcre_malloc(size_t);
+PCRE_EXP_DECL void  pcre_free(void *);
+PCRE_EXP_DECL void *pcre_stack_malloc(size_t);
+PCRE_EXP_DECL void  pcre_stack_free(void *);
+PCRE_EXP_DECL int   pcre_callout(pcre_callout_block *);
+PCRE_EXP_DECL int   pcre_stack_guard(void);
+
+PCRE_EXP_DECL void *pcre16_malloc(size_t);
+PCRE_EXP_DECL void  pcre16_free(void *);
+PCRE_EXP_DECL void *pcre16_stack_malloc(size_t);
+PCRE_EXP_DECL void  pcre16_stack_free(void *);
+PCRE_EXP_DECL int   pcre16_callout(pcre16_callout_block *);
+PCRE_EXP_DECL int   pcre16_stack_guard(void);
+
+PCRE_EXP_DECL void *pcre32_malloc(size_t);
+PCRE_EXP_DECL void  pcre32_free(void *);
+PCRE_EXP_DECL void *pcre32_stack_malloc(size_t);
+PCRE_EXP_DECL void  pcre32_stack_free(void *);
+PCRE_EXP_DECL int   pcre32_callout(pcre32_callout_block *);
+PCRE_EXP_DECL int   pcre32_stack_guard(void);
+#endif  /* VPCOMPAT */
+
+/* User defined callback which provides a stack just before the match starts. */
+
+typedef pcre_jit_stack *(*pcre_jit_callback)(void *);
+typedef pcre16_jit_stack *(*pcre16_jit_callback)(void *);
+typedef pcre32_jit_stack *(*pcre32_jit_callback)(void *);
+
+/* Exported PCRE functions */
+
+PCRE_EXP_DECL pcre *pcre_compile(const char *, int, const char **, int *,
+                  const unsigned char *);
+PCRE_EXP_DECL pcre16 *pcre16_compile(PCRE_SPTR16, int, const char **, int *,
+                  const unsigned char *);
+PCRE_EXP_DECL pcre32 *pcre32_compile(PCRE_SPTR32, int, const char **, int *,
+                  const unsigned char *);
+PCRE_EXP_DECL pcre *pcre_compile2(const char *, int, int *, const char **,
+                  int *, const unsigned char *);
+PCRE_EXP_DECL pcre16 *pcre16_compile2(PCRE_SPTR16, int, int *, const char **,
+                  int *, const unsigned char *);
+PCRE_EXP_DECL pcre32 *pcre32_compile2(PCRE_SPTR32, int, int *, const char **,
+                  int *, const unsigned char *);
+PCRE_EXP_DECL int  pcre_config(int, void *);
+PCRE_EXP_DECL int  pcre16_config(int, void *);
+PCRE_EXP_DECL int  pcre32_config(int, void *);
+PCRE_EXP_DECL int  pcre_copy_named_substring(const pcre *, const char *,
+                  int *, int, const char *, char *, int);
+PCRE_EXP_DECL int  pcre16_copy_named_substring(const pcre16 *, PCRE_SPTR16,
+                  int *, int, PCRE_SPTR16, PCRE_UCHAR16 *, int);
+PCRE_EXP_DECL int  pcre32_copy_named_substring(const pcre32 *, PCRE_SPTR32,
+                  int *, int, PCRE_SPTR32, PCRE_UCHAR32 *, int);
+PCRE_EXP_DECL int  pcre_copy_substring(const char *, int *, int, int,
+                  char *, int);
+PCRE_EXP_DECL int  pcre16_copy_substring(PCRE_SPTR16, int *, int, int,
+                  PCRE_UCHAR16 *, int);
+PCRE_EXP_DECL int  pcre32_copy_substring(PCRE_SPTR32, int *, int, int,
+                  PCRE_UCHAR32 *, int);
+PCRE_EXP_DECL int  pcre_dfa_exec(const pcre *, const pcre_extra *,
+                  const char *, int, int, int, int *, int , int *, int);
+PCRE_EXP_DECL int  pcre16_dfa_exec(const pcre16 *, const pcre16_extra *,
+                  PCRE_SPTR16, int, int, int, int *, int , int *, int);
+PCRE_EXP_DECL int  pcre32_dfa_exec(const pcre32 *, const pcre32_extra *,
+                  PCRE_SPTR32, int, int, int, int *, int , int *, int);
+PCRE_EXP_DECL int  pcre_exec(const pcre *, const pcre_extra *, PCRE_SPTR,
+                   int, int, int, int *, int);
+PCRE_EXP_DECL int  pcre16_exec(const pcre16 *, const pcre16_extra *,
+                   PCRE_SPTR16, int, int, int, int *, int);
+PCRE_EXP_DECL int  pcre32_exec(const pcre32 *, const pcre32_extra *,
+                   PCRE_SPTR32, int, int, int, int *, int);
+PCRE_EXP_DECL int  pcre_jit_exec(const pcre *, const pcre_extra *,
+                   PCRE_SPTR, int, int, int, int *, int,
+                   pcre_jit_stack *);
+PCRE_EXP_DECL int  pcre16_jit_exec(const pcre16 *, const pcre16_extra *,
+                   PCRE_SPTR16, int, int, int, int *, int,
+                   pcre16_jit_stack *);
+PCRE_EXP_DECL int  pcre32_jit_exec(const pcre32 *, const pcre32_extra *,
+                   PCRE_SPTR32, int, int, int, int *, int,
+                   pcre32_jit_stack *);
+PCRE_EXP_DECL void pcre_free_substring(const char *);
+PCRE_EXP_DECL void pcre16_free_substring(PCRE_SPTR16);
+PCRE_EXP_DECL void pcre32_free_substring(PCRE_SPTR32);
+PCRE_EXP_DECL void pcre_free_substring_list(const char **);
+PCRE_EXP_DECL void pcre16_free_substring_list(PCRE_SPTR16 *);
+PCRE_EXP_DECL void pcre32_free_substring_list(PCRE_SPTR32 *);
+PCRE_EXP_DECL int  pcre_fullinfo(const pcre *, const pcre_extra *, int,
+                  void *);
+PCRE_EXP_DECL int  pcre16_fullinfo(const pcre16 *, const pcre16_extra *, int,
+                  void *);
+PCRE_EXP_DECL int  pcre32_fullinfo(const pcre32 *, const pcre32_extra *, int,
+                  void *);
+PCRE_EXP_DECL int  pcre_get_named_substring(const pcre *, const char *,
+                  int *, int, const char *, const char **);
+PCRE_EXP_DECL int  pcre16_get_named_substring(const pcre16 *, PCRE_SPTR16,
+                  int *, int, PCRE_SPTR16, PCRE_SPTR16 *);
+PCRE_EXP_DECL int  pcre32_get_named_substring(const pcre32 *, PCRE_SPTR32,
+                  int *, int, PCRE_SPTR32, PCRE_SPTR32 *);
+PCRE_EXP_DECL int  pcre_get_stringnumber(const pcre *, const char *);
+PCRE_EXP_DECL int  pcre16_get_stringnumber(const pcre16 *, PCRE_SPTR16);
+PCRE_EXP_DECL int  pcre32_get_stringnumber(const pcre32 *, PCRE_SPTR32);
+PCRE_EXP_DECL int  pcre_get_stringtable_entries(const pcre *, const char *,
+                  char **, char **);
+PCRE_EXP_DECL int  pcre16_get_stringtable_entries(const pcre16 *, PCRE_SPTR16,
+                  PCRE_UCHAR16 **, PCRE_UCHAR16 **);
+PCRE_EXP_DECL int  pcre32_get_stringtable_entries(const pcre32 *, PCRE_SPTR32,
+                  PCRE_UCHAR32 **, PCRE_UCHAR32 **);
+PCRE_EXP_DECL int  pcre_get_substring(const char *, int *, int, int,
+                  const char **);
+PCRE_EXP_DECL int  pcre16_get_substring(PCRE_SPTR16, int *, int, int,
+                  PCRE_SPTR16 *);
+PCRE_EXP_DECL int  pcre32_get_substring(PCRE_SPTR32, int *, int, int,
+                  PCRE_SPTR32 *);
+PCRE_EXP_DECL int  pcre_get_substring_list(const char *, int *, int,
+                  const char ***);
+PCRE_EXP_DECL int  pcre16_get_substring_list(PCRE_SPTR16, int *, int,
+                  PCRE_SPTR16 **);
+PCRE_EXP_DECL int  pcre32_get_substring_list(PCRE_SPTR32, int *, int,
+                  PCRE_SPTR32 **);
+PCRE_EXP_DECL const unsigned char *pcre_maketables(void);
+PCRE_EXP_DECL const unsigned char *pcre16_maketables(void);
+PCRE_EXP_DECL const unsigned char *pcre32_maketables(void);
+PCRE_EXP_DECL int  pcre_refcount(pcre *, int);
+PCRE_EXP_DECL int  pcre16_refcount(pcre16 *, int);
+PCRE_EXP_DECL int  pcre32_refcount(pcre32 *, int);
+PCRE_EXP_DECL pcre_extra *pcre_study(const pcre *, int, const char **);
+PCRE_EXP_DECL pcre16_extra *pcre16_study(const pcre16 *, int, const char **);
+PCRE_EXP_DECL pcre32_extra *pcre32_study(const pcre32 *, int, const char **);
+PCRE_EXP_DECL void pcre_free_study(pcre_extra *);
+PCRE_EXP_DECL void pcre16_free_study(pcre16_extra *);
+PCRE_EXP_DECL void pcre32_free_study(pcre32_extra *);
+PCRE_EXP_DECL const char *pcre_version(void);
+PCRE_EXP_DECL const char *pcre16_version(void);
+PCRE_EXP_DECL const char *pcre32_version(void);
+
+/* Utility functions for byte order swaps. */
+PCRE_EXP_DECL int  pcre_pattern_to_host_byte_order(pcre *, pcre_extra *,
+                  const unsigned char *);
+PCRE_EXP_DECL int  pcre16_pattern_to_host_byte_order(pcre16 *, pcre16_extra *,
+                  const unsigned char *);
+PCRE_EXP_DECL int  pcre32_pattern_to_host_byte_order(pcre32 *, pcre32_extra *,
+                  const unsigned char *);
+PCRE_EXP_DECL int  pcre16_utf16_to_host_byte_order(PCRE_UCHAR16 *,
+                  PCRE_SPTR16, int, int *, int);
+PCRE_EXP_DECL int  pcre32_utf32_to_host_byte_order(PCRE_UCHAR32 *,
+                  PCRE_SPTR32, int, int *, int);
+
+/* JIT compiler related functions. */
+
+PCRE_EXP_DECL pcre_jit_stack *pcre_jit_stack_alloc(int, int);
+PCRE_EXP_DECL pcre16_jit_stack *pcre16_jit_stack_alloc(int, int);
+PCRE_EXP_DECL pcre32_jit_stack *pcre32_jit_stack_alloc(int, int);
+PCRE_EXP_DECL void pcre_jit_stack_free(pcre_jit_stack *);
+PCRE_EXP_DECL void pcre16_jit_stack_free(pcre16_jit_stack *);
+PCRE_EXP_DECL void pcre32_jit_stack_free(pcre32_jit_stack *);
+PCRE_EXP_DECL void pcre_assign_jit_stack(pcre_extra *,
+                  pcre_jit_callback, void *);
+PCRE_EXP_DECL void pcre16_assign_jit_stack(pcre16_extra *,
+                  pcre16_jit_callback, void *);
+PCRE_EXP_DECL void pcre32_assign_jit_stack(pcre32_extra *,
+                  pcre32_jit_callback, void *);
+PCRE_EXP_DECL void pcre_jit_free_unused_memory(void);
+PCRE_EXP_DECL void pcre16_jit_free_unused_memory(void);
+PCRE_EXP_DECL void pcre32_jit_free_unused_memory(void);
+
+#ifdef __cplusplus
+}  /* extern "C" */
+#endif
+
+#endif /* End of pcre.h */
diff --git a/client/3rd/ShadowSocks/ShadowSocks/pcre/include/pcre_scanner.h b/client/3rd/ShadowSocks/ShadowSocks/pcre/include/pcre_scanner.h
new file mode 100644
index 00000000..5617e451
--- /dev/null
+++ b/client/3rd/ShadowSocks/ShadowSocks/pcre/include/pcre_scanner.h
@@ -0,0 +1,172 @@
+// Copyright (c) 2005, Google Inc.
+// All rights reserved.
+//
+// Redistribution and use in source and binary forms, with or without
+// modification, are permitted provided that the following conditions are
+// met:
+//
+//     * Redistributions of source code must retain the above copyright
+// notice, this list of conditions and the following disclaimer.
+//     * Redistributions in binary form must reproduce the above
+// copyright notice, this list of conditions and the following disclaimer
+// in the documentation and/or other materials provided with the
+// distribution.
+//     * Neither the name of Google Inc. nor the names of its
+// contributors may be used to endorse or promote products derived from
+// this software without specific prior written permission.
+//
+// THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS
+// "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT
+// LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR
+// A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT
+// OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
+// SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT
+// LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,
+// DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY
+// THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
+// (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE
+// OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
+//
+// Author: Sanjay Ghemawat
+//
+// Regular-expression based scanner for parsing an input stream.
+//
+// Example 1: parse a sequence of "var = number" entries from input:
+//
+//      Scanner scanner(input);
+//      string var;
+//      int number;
+//      scanner.SetSkipExpression("\\s+"); // Skip any white space we encounter
+//      while (scanner.Consume("(\\w+) = (\\d+)", &var, &number)) {
+//        ...;
+//      }
+
+#ifndef _PCRE_SCANNER_H
+#define _PCRE_SCANNER_H
+
+#include <assert.h>
+#include <string>
+#include <vector>
+
+#include <pcrecpp.h>
+#include <pcre_stringpiece.h>
+
+namespace pcrecpp {
+
+class PCRECPP_EXP_DEFN Scanner {
+ public:
+  Scanner();
+  explicit Scanner(const std::string& input);
+  ~Scanner();
+
+  // Return current line number.  The returned line-number is
+  // one-based.  I.e. it returns 1 + the number of consumed newlines.
+  //
+  // Note: this method may be slow.  It may take time proportional to
+  // the size of the input.
+  int LineNumber() const;
+
+  // Return the byte-offset that the scanner is looking in the
+  // input data;
+  int Offset() const;
+
+  // Return true iff the start of the remaining input matches "re"
+  bool LookingAt(const RE& re) const;
+
+  // Return true iff all of the following are true
+  //    a. the start of the remaining input matches "re",
+  //    b. if any arguments are supplied, matched sub-patterns can be
+  //       parsed and stored into the arguments.
+  // If it returns true, it skips over the matched input and any
+  // following input that matches the "skip" regular expression.
+  bool Consume(const RE& re,
+               const Arg& arg0 = RE::no_arg,
+               const Arg& arg1 = RE::no_arg,
+               const Arg& arg2 = RE::no_arg
+               // TODO: Allow more arguments?
+               );
+
+  // Set the "skip" regular expression.  If after consuming some data,
+  // a prefix of the input matches this RE, it is automatically
+  // skipped.  For example, a programming language scanner would use
+  // a skip RE that matches white space and comments.
+  //
+  //    scanner.SetSkipExpression("\\s+|//.*|/[*](.|\n)*?[*]/");
+  //
+  // Skipping repeats as long as it succeeds.  We used to let people do
+  // this by writing "(...)*" in the regular expression, but that added
+  // up to lots of recursive calls within the pcre library, so now we
+  // control repetition explicitly via the function call API.
+  //
+  // You can pass NULL for "re" if you do not want any data to be skipped.
+  void Skip(const char* re);   // DEPRECATED; does *not* repeat
+  void SetSkipExpression(const char* re);
+
+  // Temporarily pause "skip"ing. This
+  //   Skip("Foo"); code ; DisableSkip(); code; EnableSkip()
+  // is similar to
+  //   Skip("Foo"); code ; Skip(NULL); code ; Skip("Foo");
+  // but avoids creating/deleting new RE objects.
+  void DisableSkip();
+
+  // Reenable previously paused skipping.  Any prefix of the input
+  // that matches the skip pattern is immediately dropped.
+  void EnableSkip();
+
+  /***** Special wrappers around SetSkip() for some common idioms *****/
+
+  // Arranges to skip whitespace, C comments, C++ comments.
+  // The overall RE is a disjunction of the following REs:
+  //    \\s                     whitespace
+  //    //.*\n                  C++ comment
+  //    /[*](.|\n)*?[*]/        C comment (x*? means minimal repetitions of x)
+  // We get repetition via the semantics of SetSkipExpression, not by using *
+  void SkipCXXComments() {
+    SetSkipExpression("\\s|//.*\n|/[*](?:\n|.)*?[*]/");
+  }
+
+  void set_save_comments(bool comments) {
+    save_comments_ = comments;
+  }
+
+  bool save_comments() {
+    return save_comments_;
+  }
+
+  // Append to vector ranges the comments found in the
+  // byte range [start,end] (inclusive) of the input data.
+  // Only comments that were extracted entirely within that
+  // range are returned: no range splitting of atomically-extracted
+  // comments is performed.
+  void GetComments(int start, int end, std::vector<StringPiece> *ranges);
+
+  // Append to vector ranges the comments added
+  // since the last time this was called. This
+  // functionality is provided for efficiency when
+  // interleaving scanning with parsing.
+  void GetNextComments(std::vector<StringPiece> *ranges);
+
+ private:
+  std::string   data_;          // All the input data
+  StringPiece   input_;         // Unprocessed input
+  RE*           skip_;          // If non-NULL, RE for skipping input
+  bool          should_skip_;   // If true, use skip_
+  bool          skip_repeat_;   // If true, repeat skip_ as long as it works
+  bool          save_comments_; // If true, aggregate the skip expression
+
+  // the skipped comments
+  // TODO: later consider requiring that the StringPieces be added
+  // in order by their start position
+  std::vector<StringPiece> *comments_;
+
+  // the offset into comments_ that has been returned by GetNextComments
+  int           comments_offset_;
+
+  // helper function to consume *skip_ and honour
+  // save_comments_
+  void ConsumeSkip();
+};
+
+}   // namespace pcrecpp
+
+#endif /* _PCRE_SCANNER_H */
diff --git a/client/3rd/ShadowSocks/ShadowSocks/pcre/include/pcre_stringpiece.h b/client/3rd/ShadowSocks/ShadowSocks/pcre/include/pcre_stringpiece.h
new file mode 100644
index 00000000..cb94f52a
--- /dev/null
+++ b/client/3rd/ShadowSocks/ShadowSocks/pcre/include/pcre_stringpiece.h
@@ -0,0 +1,180 @@
+// Copyright (c) 2005, Google Inc.
+// All rights reserved.
+//
+// Redistribution and use in source and binary forms, with or without
+// modification, are permitted provided that the following conditions are
+// met:
+//
+//     * Redistributions of source code must retain the above copyright
+// notice, this list of conditions and the following disclaimer.
+//     * Redistributions in binary form must reproduce the above
+// copyright notice, this list of conditions and the following disclaimer
+// in the documentation and/or other materials provided with the
+// distribution.
+//     * Neither the name of Google Inc. nor the names of its
+// contributors may be used to endorse or promote products derived from
+// this software without specific prior written permission.
+//
+// THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS
+// "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT
+// LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR
+// A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT
+// OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
+// SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT
+// LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,
+// DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY
+// THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
+// (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE
+// OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
+//
+// Author: Sanjay Ghemawat
+//
+// A string like object that points into another piece of memory.
+// Useful for providing an interface that allows clients to easily
+// pass in either a "const char*" or a "string".
+//
+// Arghh!  I wish C++ literals were automatically of type "string".
+
+#ifndef _PCRE_STRINGPIECE_H
+#define _PCRE_STRINGPIECE_H
+
+#include <cstring>
+#include <string>
+#include <iosfwd>    // for ostream forward-declaration
+
+#if 0
+#define HAVE_TYPE_TRAITS
+#include <type_traits.h>
+#elif 0
+#define HAVE_TYPE_TRAITS
+#include <bits/type_traits.h>
+#endif
+
+#include <pcre.h>
+
+namespace pcrecpp {
+
+using std::memcmp;
+using std::strlen;
+using std::string;
+
+class PCRECPP_EXP_DEFN StringPiece {
+ private:
+  const char*   ptr_;
+  int           length_;
+
+ public:
+  // We provide non-explicit singleton constructors so users can pass
+  // in a "const char*" or a "string" wherever a "StringPiece" is
+  // expected.
+  StringPiece()
+    : ptr_(NULL), length_(0) { }
+  StringPiece(const char* str)
+    : ptr_(str), length_(static_cast<int>(strlen(ptr_))) { }
+  StringPiece(const unsigned char* str)
+    : ptr_(reinterpret_cast<const char*>(str)),
+      length_(static_cast<int>(strlen(ptr_))) { }
+  StringPiece(const string& str)
+    : ptr_(str.data()), length_(static_cast<int>(str.size())) { }
+  StringPiece(const char* offset, int len)
+    : ptr_(offset), length_(len) { }
+
+  // data() may return a pointer to a buffer with embedded NULs, and the
+  // returned buffer may or may not be null terminated.  Therefore it is
+  // typically a mistake to pass data() to a routine that expects a NUL
+  // terminated string.  Use "as_string().c_str()" if you really need to do
+  // this.  Or better yet, change your routine so it does not rely on NUL
+  // termination.
+  const char* data() const { return ptr_; }
+  int size() const { return length_; }
+  bool empty() const { return length_ == 0; }
+
+  void clear() { ptr_ = NULL; length_ = 0; }
+  void set(const char* buffer, int len) { ptr_ = buffer; length_ = len; }
+  void set(const char* str) {
+    ptr_ = str;
+    length_ = static_cast<int>(strlen(str));
+  }
+  void set(const void* buffer, int len) {
+    ptr_ = reinterpret_cast<const char*>(buffer);
+    length_ = len;
+  }
+
+  char operator[](int i) const { return ptr_[i]; }
+
+  void remove_prefix(int n) {
+    ptr_ += n;
+    length_ -= n;
+  }
+
+  void remove_suffix(int n) {
+    length_ -= n;
+  }
+
+  bool operator==(const StringPiece& x) const {
+    return ((length_ == x.length_) &&
+            (memcmp(ptr_, x.ptr_, length_) == 0));
+  }
+  bool operator!=(const StringPiece& x) const {
+    return !(*this == x);
+  }
+
+#define STRINGPIECE_BINARY_PREDICATE(cmp,auxcmp)                             \
+  bool operator cmp (const StringPiece& x) const {                           \
+    int r = memcmp(ptr_, x.ptr_, length_ < x.length_ ? length_ : x.length_); \
+    return ((r auxcmp 0) || ((r == 0) && (length_ cmp x.length_)));          \
+  }
+  STRINGPIECE_BINARY_PREDICATE(<,  <);
+  STRINGPIECE_BINARY_PREDICATE(<=, <);
+  STRINGPIECE_BINARY_PREDICATE(>=, >);
+  STRINGPIECE_BINARY_PREDICATE(>,  >);
+#undef STRINGPIECE_BINARY_PREDICATE
+
+  int compare(const StringPiece& x) const {
+    int r = memcmp(ptr_, x.ptr_, length_ < x.length_ ? length_ : x.length_);
+    if (r == 0) {
+      if (length_ < x.length_) r = -1;
+      else if (length_ > x.length_) r = +1;
+    }
+    return r;
+  }
+
+  string as_string() const {
+    return string(data(), size());
+  }
+
+  void CopyToString(string* target) const {
+    target->assign(ptr_, length_);
+  }
+
+  // Does "this" start with "x"
+  bool starts_with(const StringPiece& x) const {
+    return ((length_ >= x.length_) && (memcmp(ptr_, x.ptr_, x.length_) == 0));
+  }
+};
+
+}   // namespace pcrecpp
+
+// ------------------------------------------------------------------
+// Functions used to create STL containers that use StringPiece
+//  Remember that a StringPiece's lifetime had better be less than
+//  that of the underlying string or char*.  If it is not, then you
+//  cannot safely store a StringPiece into an STL container
+// ------------------------------------------------------------------
+
+#ifdef HAVE_TYPE_TRAITS
+// This makes vector<StringPiece> really fast for some STL implementations
+template<> struct __type_traits<pcrecpp::StringPiece> {
+  typedef __true_type    has_trivial_default_constructor;
+  typedef __true_type    has_trivial_copy_constructor;
+  typedef __true_type    has_trivial_assignment_operator;
+  typedef __true_type    has_trivial_destructor;
+  typedef __true_type    is_POD_type;
+};
+#endif
+
+// allow StringPiece to be logged
+PCRECPP_EXP_DECL std::ostream& operator<<(std::ostream& o,
+                                          const pcrecpp::StringPiece& piece);
+
+#endif /* _PCRE_STRINGPIECE_H */
diff --git a/client/3rd/ShadowSocks/ShadowSocks/pcre/include/pcrecpp.h b/client/3rd/ShadowSocks/ShadowSocks/pcre/include/pcrecpp.h
new file mode 100644
index 00000000..3e594b0d
--- /dev/null
+++ b/client/3rd/ShadowSocks/ShadowSocks/pcre/include/pcrecpp.h
@@ -0,0 +1,710 @@
+// Copyright (c) 2005, Google Inc.
+// All rights reserved.
+//
+// Redistribution and use in source and binary forms, with or without
+// modification, are permitted provided that the following conditions are
+// met:
+//
+//     * Redistributions of source code must retain the above copyright
+// notice, this list of conditions and the following disclaimer.
+//     * Redistributions in binary form must reproduce the above
+// copyright notice, this list of conditions and the following disclaimer
+// in the documentation and/or other materials provided with the
+// distribution.
+//     * Neither the name of Google Inc. nor the names of its
+// contributors may be used to endorse or promote products derived from
+// this software without specific prior written permission.
+//
+// THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS
+// "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT
+// LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR
+// A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT
+// OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
+// SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT
+// LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,
+// DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY
+// THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
+// (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE
+// OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
+//
+// Author: Sanjay Ghemawat
+// Support for PCRE_XXX modifiers added by Giuseppe Maxia, July 2005
+
+#ifndef _PCRECPP_H
+#define _PCRECPP_H
+
+// C++ interface to the pcre regular-expression library.  RE supports
+// Perl-style regular expressions (with extensions like \d, \w, \s,
+// ...).
+//
+// -----------------------------------------------------------------------
+// REGEXP SYNTAX:
+//
+// This module is part of the pcre library and hence supports its syntax
+// for regular expressions.
+//
+// The syntax is pretty similar to Perl's.  For those not familiar
+// with Perl's regular expressions, here are some examples of the most
+// commonly used extensions:
+//
+//   "hello (\\w+) world"  -- \w matches a "word" character
+//   "version (\\d+)"      -- \d matches a digit
+//   "hello\\s+world"      -- \s matches any whitespace character
+//   "\\b(\\w+)\\b"        -- \b matches empty string at a word boundary
+//   "(?i)hello"           -- (?i) turns on case-insensitive matching
+//   "/\\*(.*?)\\*/"       -- .*? matches . minimum no. of times possible
+//
+// -----------------------------------------------------------------------
+// MATCHING INTERFACE:
+//
+// The "FullMatch" operation checks that supplied text matches a
+// supplied pattern exactly.
+//
+// Example: successful match
+//    pcrecpp::RE re("h.*o");
+//    re.FullMatch("hello");
+//
+// Example: unsuccessful match (requires full match):
+//    pcrecpp::RE re("e");
+//    !re.FullMatch("hello");
+//
+// Example: creating a temporary RE object:
+//    pcrecpp::RE("h.*o").FullMatch("hello");
+//
+// You can pass in a "const char*" or a "string" for "text".  The
+// examples below tend to use a const char*.
+//
+// You can, as in the different examples above, store the RE object
+// explicitly in a variable or use a temporary RE object.  The
+// examples below use one mode or the other arbitrarily.  Either
+// could correctly be used for any of these examples.
+//
+// -----------------------------------------------------------------------
+// MATCHING WITH SUB-STRING EXTRACTION:
+//
+// You can supply extra pointer arguments to extract matched subpieces.
+//
+// Example: extracts "ruby" into "s" and 1234 into "i"
+//    int i;
+//    string s;
+//    pcrecpp::RE re("(\\w+):(\\d+)");
+//    re.FullMatch("ruby:1234", &s, &i);
+//
+// Example: does not try to extract any extra sub-patterns
+//    re.FullMatch("ruby:1234", &s);
+//
+// Example: does not try to extract into NULL
+//    re.FullMatch("ruby:1234", NULL, &i);
+//
+// Example: integer overflow causes failure
+//    !re.FullMatch("ruby:1234567891234", NULL, &i);
+//
+// Example: fails because there aren't enough sub-patterns:
+//    !pcrecpp::RE("\\w+:\\d+").FullMatch("ruby:1234", &s);
+//
+// Example: fails because string cannot be stored in integer
+//    !pcrecpp::RE("(.*)").FullMatch("ruby", &i);
+//
+// The provided pointer arguments can be pointers to any scalar numeric
+// type, or one of
+//    string        (matched piece is copied to string)
+//    StringPiece   (StringPiece is mutated to point to matched piece)
+//    T             (where "bool T::ParseFrom(const char*, int)" exists)
+//    NULL          (the corresponding matched sub-pattern is not copied)
+//
+// CAVEAT: An optional sub-pattern that does not exist in the matched
+// string is assigned the empty string.  Therefore, the following will
+// return false (because the empty string is not a valid number):
+//    int number;
+//    pcrecpp::RE::FullMatch("abc", "[a-z]+(\\d+)?", &number);
+//
+// -----------------------------------------------------------------------
+// DO_MATCH
+//
+// The matching interface supports at most 16 arguments per call.
+// If you need more, consider using the more general interface
+// pcrecpp::RE::DoMatch().  See pcrecpp.h for the signature for DoMatch.
+//
+// -----------------------------------------------------------------------
+// PARTIAL MATCHES
+//
+// You can use the "PartialMatch" operation when you want the pattern
+// to match any substring of the text.
+//
+// Example: simple search for a string:
+//    pcrecpp::RE("ell").PartialMatch("hello");
+//
+// Example: find first number in a string:
+//    int number;
+//    pcrecpp::RE re("(\\d+)");
+//    re.PartialMatch("x*100 + 20", &number);
+//    assert(number == 100);
+//
+// -----------------------------------------------------------------------
+// UTF-8 AND THE MATCHING INTERFACE:
+//
+// By default, pattern and text are plain text, one byte per character.
+// The UTF8 flag, passed to the constructor, causes both pattern
+// and string to be treated as UTF-8 text, still a byte stream but
+// potentially multiple bytes per character. In practice, the text
+// is likelier to be UTF-8 than the pattern, but the match returned
+// may depend on the UTF8 flag, so always use it when matching
+// UTF8 text.  E.g., "." will match one byte normally but with UTF8
+// set may match up to three bytes of a multi-byte character.
+//
+// Example:
+//    pcrecpp::RE_Options options;
+//    options.set_utf8();
+//    pcrecpp::RE re(utf8_pattern, options);
+//    re.FullMatch(utf8_string);
+//
+// Example: using the convenience function UTF8():
+//    pcrecpp::RE re(utf8_pattern, pcrecpp::UTF8());
+//    re.FullMatch(utf8_string);
+//
+// NOTE: The UTF8 option is ignored if pcre was not configured with the
+//       --enable-utf8 flag.
+//
+// -----------------------------------------------------------------------
+// PASSING MODIFIERS TO THE REGULAR EXPRESSION ENGINE
+//
+// PCRE defines some modifiers to change the behavior of the regular
+// expression engine.
+// The C++ wrapper defines an auxiliary class, RE_Options, as a vehicle
+// to pass such modifiers to a RE class.
+//
+// Currently, the following modifiers are supported
+//
+//    modifier              description               Perl corresponding
+//
+//    PCRE_CASELESS         case insensitive match    /i
+//    PCRE_MULTILINE        multiple lines match      /m
+//    PCRE_DOTALL           dot matches newlines      /s
+//    PCRE_DOLLAR_ENDONLY   $ matches only at end     N/A
+//    PCRE_EXTRA            strict escape parsing     N/A
+//    PCRE_EXTENDED         ignore whitespaces        /x
+//    PCRE_UTF8             handles UTF8 chars        built-in
+//    PCRE_UNGREEDY         reverses * and *?         N/A
+//    PCRE_NO_AUTO_CAPTURE  disables matching parens  N/A (*)
+//
+// (For a full account on how each modifier works, please check the
+// PCRE API reference manual).
+//
+// (*) Both Perl and PCRE allow non matching parentheses by means of the
+// "?:" modifier within the pattern itself. e.g. (?:ab|cd) does not
+// capture, while (ab|cd) does.
+//
+// For each modifier, there are two member functions whose name is made
+// out of the modifier in lowercase, without the "PCRE_" prefix. For
+// instance, PCRE_CASELESS is handled by
+//    bool caseless(),
+// which returns true if the modifier is set, and
+//    RE_Options & set_caseless(bool),
+// which sets or unsets the modifier.
+//
+// Moreover, PCRE_EXTRA_MATCH_LIMIT can be accessed through the
+// set_match_limit() and match_limit() member functions.
+// Setting match_limit to a non-zero value will limit the executation of
+// pcre to keep it from doing bad things like blowing the stack or taking
+// an eternity to return a result.  A value of 5000 is good enough to stop
+// stack blowup in a 2MB thread stack.  Setting match_limit to zero will
+// disable match limiting.  Alternately, you can set match_limit_recursion()
+// which uses PCRE_EXTRA_MATCH_LIMIT_RECURSION to limit how much pcre
+// recurses.  match_limit() caps the number of matches pcre does;
+// match_limit_recrusion() caps the depth of recursion.
+//
+// Normally, to pass one or more modifiers to a RE class, you declare
+// a RE_Options object, set the appropriate options, and pass this
+// object to a RE constructor. Example:
+//
+//    RE_options opt;
+//    opt.set_caseless(true);
+//
+//    if (RE("HELLO", opt).PartialMatch("hello world")) ...
+//
+// RE_options has two constructors. The default constructor takes no
+// arguments and creates a set of flags that are off by default.
+//
+// The optional parameter 'option_flags' is to facilitate transfer
+// of legacy code from C programs.  This lets you do
+//    RE(pattern, RE_Options(PCRE_CASELESS|PCRE_MULTILINE)).PartialMatch(str);
+//
+// But new code is better off doing
+//    RE(pattern,
+//      RE_Options().set_caseless(true).set_multiline(true)).PartialMatch(str);
+// (See below)
+//
+// If you are going to pass one of the most used modifiers, there are some
+// convenience functions that return a RE_Options class with the
+// appropriate modifier already set:
+// CASELESS(), UTF8(), MULTILINE(), DOTALL(), EXTENDED()
+//
+// If you need to set several options at once, and you don't want to go
+// through the pains of declaring a RE_Options object and setting several
+// options, there is a parallel method that give you such ability on the
+// fly. You can concatenate several set_xxxxx member functions, since each
+// of them returns a reference to its class object.  e.g.: to pass
+// PCRE_CASELESS, PCRE_EXTENDED, and PCRE_MULTILINE to a RE with one
+// statement, you may write
+//
+//    RE(" ^ xyz \\s+ .* blah$", RE_Options()
+//                            .set_caseless(true)
+//                            .set_extended(true)
+//                            .set_multiline(true)).PartialMatch(sometext);
+//
+// -----------------------------------------------------------------------
+// SCANNING TEXT INCREMENTALLY
+//
+// The "Consume" operation may be useful if you want to repeatedly
+// match regular expressions at the front of a string and skip over
+// them as they match.  This requires use of the "StringPiece" type,
+// which represents a sub-range of a real string.  Like RE, StringPiece
+// is defined in the pcrecpp namespace.
+//
+// Example: read lines of the form "var = value" from a string.
+//    string contents = ...;                 // Fill string somehow
+//    pcrecpp::StringPiece input(contents);  // Wrap in a StringPiece
+//
+//    string var;
+//    int value;
+//    pcrecpp::RE re("(\\w+) = (\\d+)\n");
+//    while (re.Consume(&input, &var, &value)) {
+//      ...;
+//    }
+//
+// Each successful call to "Consume" will set "var/value", and also
+// advance "input" so it points past the matched text.
+//
+// The "FindAndConsume" operation is similar to "Consume" but does not
+// anchor your match at the beginning of the string.  For example, you
+// could extract all words from a string by repeatedly calling
+//     pcrecpp::RE("(\\w+)").FindAndConsume(&input, &word)
+//
+// -----------------------------------------------------------------------
+// PARSING HEX/OCTAL/C-RADIX NUMBERS
+//
+// By default, if you pass a pointer to a numeric value, the
+// corresponding text is interpreted as a base-10 number.  You can
+// instead wrap the pointer with a call to one of the operators Hex(),
+// Octal(), or CRadix() to interpret the text in another base.  The
+// CRadix operator interprets C-style "0" (base-8) and "0x" (base-16)
+// prefixes, but defaults to base-10.
+//
+// Example:
+//   int a, b, c, d;
+//   pcrecpp::RE re("(.*) (.*) (.*) (.*)");
+//   re.FullMatch("100 40 0100 0x40",
+//                pcrecpp::Octal(&a), pcrecpp::Hex(&b),
+//                pcrecpp::CRadix(&c), pcrecpp::CRadix(&d));
+// will leave 64 in a, b, c, and d.
+//
+// -----------------------------------------------------------------------
+// REPLACING PARTS OF STRINGS
+//
+// You can replace the first match of "pattern" in "str" with
+// "rewrite".  Within "rewrite", backslash-escaped digits (\1 to \9)
+// can be used to insert text matching corresponding parenthesized
+// group from the pattern.  \0 in "rewrite" refers to the entire
+// matching text.  E.g.,
+//
+//   string s = "yabba dabba doo";
+//   pcrecpp::RE("b+").Replace("d", &s);
+//
+// will leave "s" containing "yada dabba doo".  The result is true if
+// the pattern matches and a replacement occurs, or false otherwise.
+//
+// GlobalReplace() is like Replace(), except that it replaces all
+// occurrences of the pattern in the string with the rewrite.
+// Replacements are not subject to re-matching.  E.g.,
+//
+//   string s = "yabba dabba doo";
+//   pcrecpp::RE("b+").GlobalReplace("d", &s);
+//
+// will leave "s" containing "yada dada doo".  It returns the number
+// of replacements made.
+//
+// Extract() is like Replace(), except that if the pattern matches,
+// "rewrite" is copied into "out" (an additional argument) with
+// substitutions.  The non-matching portions of "text" are ignored.
+// Returns true iff a match occurred and the extraction happened
+// successfully.  If no match occurs, the string is left unaffected.
+
+
+#include <string>
+#include <pcre.h>
+#include <pcrecpparg.h>   // defines the Arg class
+// This isn't technically needed here, but we include it
+// anyway so folks who include pcrecpp.h don't have to.
+#include <pcre_stringpiece.h>
+
+namespace pcrecpp {
+
+#define PCRE_SET_OR_CLEAR(b, o) \
+    if (b) all_options_ |= (o); else all_options_ &= ~(o); \
+    return *this
+
+#define PCRE_IS_SET(o)  \
+        (all_options_ & o) == o
+
+/***** Compiling regular expressions: the RE class *****/
+
+// RE_Options allow you to set options to be passed along to pcre,
+// along with other options we put on top of pcre.
+// Only 9 modifiers, plus match_limit and match_limit_recursion,
+// are supported now.
+class PCRECPP_EXP_DEFN RE_Options {
+ public:
+  // constructor
+  RE_Options() : match_limit_(0), match_limit_recursion_(0), all_options_(0) {}
+
+  // alternative constructor.
+  // To facilitate transfer of legacy code from C programs
+  //
+  // This lets you do
+  //    RE(pattern, RE_Options(PCRE_CASELESS|PCRE_MULTILINE)).PartialMatch(str);
+  // But new code is better off doing
+  //    RE(pattern,
+  //      RE_Options().set_caseless(true).set_multiline(true)).PartialMatch(str);
+  RE_Options(int option_flags) : match_limit_(0), match_limit_recursion_(0),
+                                 all_options_(option_flags) {}
+  // we're fine with the default destructor, copy constructor, etc.
+
+  // accessors and mutators
+  int match_limit() const { return match_limit_; };
+  RE_Options &set_match_limit(int limit) {
+    match_limit_ = limit;
+    return *this;
+  }
+
+  int match_limit_recursion() const { return match_limit_recursion_; };
+  RE_Options &set_match_limit_recursion(int limit) {
+    match_limit_recursion_ = limit;
+    return *this;
+  }
+
+  bool caseless() const {
+    return PCRE_IS_SET(PCRE_CASELESS);
+  }
+  RE_Options &set_caseless(bool x) {
+    PCRE_SET_OR_CLEAR(x, PCRE_CASELESS);
+  }
+
+  bool multiline() const {
+    return PCRE_IS_SET(PCRE_MULTILINE);
+  }
+  RE_Options &set_multiline(bool x) {
+    PCRE_SET_OR_CLEAR(x, PCRE_MULTILINE);
+  }
+
+  bool dotall() const {
+    return PCRE_IS_SET(PCRE_DOTALL);
+  }
+  RE_Options &set_dotall(bool x) {
+    PCRE_SET_OR_CLEAR(x, PCRE_DOTALL);
+  }
+
+  bool extended() const {
+    return PCRE_IS_SET(PCRE_EXTENDED);
+  }
+  RE_Options &set_extended(bool x) {
+    PCRE_SET_OR_CLEAR(x, PCRE_EXTENDED);
+  }
+
+  bool dollar_endonly() const {
+    return PCRE_IS_SET(PCRE_DOLLAR_ENDONLY);
+  }
+  RE_Options &set_dollar_endonly(bool x) {
+    PCRE_SET_OR_CLEAR(x, PCRE_DOLLAR_ENDONLY);
+  }
+
+  bool extra() const {
+    return PCRE_IS_SET(PCRE_EXTRA);
+  }
+  RE_Options &set_extra(bool x) {
+    PCRE_SET_OR_CLEAR(x, PCRE_EXTRA);
+  }
+
+  bool ungreedy() const {
+    return PCRE_IS_SET(PCRE_UNGREEDY);
+  }
+  RE_Options &set_ungreedy(bool x) {
+    PCRE_SET_OR_CLEAR(x, PCRE_UNGREEDY);
+  }
+
+  bool utf8() const {
+    return PCRE_IS_SET(PCRE_UTF8);
+  }
+  RE_Options &set_utf8(bool x) {
+    PCRE_SET_OR_CLEAR(x, PCRE_UTF8);
+  }
+
+  bool no_auto_capture() const {
+    return PCRE_IS_SET(PCRE_NO_AUTO_CAPTURE);
+  }
+  RE_Options &set_no_auto_capture(bool x) {
+    PCRE_SET_OR_CLEAR(x, PCRE_NO_AUTO_CAPTURE);
+  }
+
+  RE_Options &set_all_options(int opt) {
+    all_options_ = opt;
+    return *this;
+  }
+  int all_options() const {
+    return all_options_ ;
+  }
+
+  // TODO: add other pcre flags
+
+ private:
+  int match_limit_;
+  int match_limit_recursion_;
+  int all_options_;
+};
+
+// These functions return some common RE_Options
+static inline RE_Options UTF8() {
+  return RE_Options().set_utf8(true);
+}
+
+static inline RE_Options CASELESS() {
+  return RE_Options().set_caseless(true);
+}
+static inline RE_Options MULTILINE() {
+  return RE_Options().set_multiline(true);
+}
+
+static inline RE_Options DOTALL() {
+  return RE_Options().set_dotall(true);
+}
+
+static inline RE_Options EXTENDED() {
+  return RE_Options().set_extended(true);
+}
+
+// Interface for regular expression matching.  Also corresponds to a
+// pre-compiled regular expression.  An "RE" object is safe for
+// concurrent use by multiple threads.
+class PCRECPP_EXP_DEFN RE {
+ public:
+  // We provide implicit conversions from strings so that users can
+  // pass in a string or a "const char*" wherever an "RE" is expected.
+  RE(const string& pat) { Init(pat, NULL); }
+  RE(const string& pat, const RE_Options& option) { Init(pat, &option); }
+  RE(const char* pat) { Init(pat, NULL); }
+  RE(const char* pat, const RE_Options& option) { Init(pat, &option); }
+  RE(const unsigned char* pat) {
+    Init(reinterpret_cast<const char*>(pat), NULL);
+  }
+  RE(const unsigned char* pat, const RE_Options& option) {
+    Init(reinterpret_cast<const char*>(pat), &option);
+  }
+
+  // Copy constructor & assignment - note that these are expensive
+  // because they recompile the expression.
+  RE(const RE& re) { Init(re.pattern_, &re.options_); }
+  const RE& operator=(const RE& re) {
+    if (this != &re) {
+      Cleanup();
+
+      // This is the code that originally came from Google
+      // Init(re.pattern_.c_str(), &re.options_);
+
+      // This is the replacement from Ari Pollak
+      Init(re.pattern_, &re.options_);
+    }
+    return *this;
+  }
+
+
+  ~RE();
+
+  // The string specification for this RE.  E.g.
+  //   RE re("ab*c?d+");
+  //   re.pattern();    // "ab*c?d+"
+  const string& pattern() const { return pattern_; }
+
+  // If RE could not be created properly, returns an error string.
+  // Else returns the empty string.
+  const string& error() const { return *error_; }
+
+  /***** The useful part: the matching interface *****/
+
+  // This is provided so one can do pattern.ReplaceAll() just as
+  // easily as ReplaceAll(pattern-text, ....)
+
+  bool FullMatch(const StringPiece& text,
+                 const Arg& ptr1 = no_arg,
+                 const Arg& ptr2 = no_arg,
+                 const Arg& ptr3 = no_arg,
+                 const Arg& ptr4 = no_arg,
+                 const Arg& ptr5 = no_arg,
+                 const Arg& ptr6 = no_arg,
+                 const Arg& ptr7 = no_arg,
+                 const Arg& ptr8 = no_arg,
+                 const Arg& ptr9 = no_arg,
+                 const Arg& ptr10 = no_arg,
+                 const Arg& ptr11 = no_arg,
+                 const Arg& ptr12 = no_arg,
+                 const Arg& ptr13 = no_arg,
+                 const Arg& ptr14 = no_arg,
+                 const Arg& ptr15 = no_arg,
+                 const Arg& ptr16 = no_arg) const;
+
+  bool PartialMatch(const StringPiece& text,
+                    const Arg& ptr1 = no_arg,
+                    const Arg& ptr2 = no_arg,
+                    const Arg& ptr3 = no_arg,
+                    const Arg& ptr4 = no_arg,
+                    const Arg& ptr5 = no_arg,
+                    const Arg& ptr6 = no_arg,
+                    const Arg& ptr7 = no_arg,
+                    const Arg& ptr8 = no_arg,
+                    const Arg& ptr9 = no_arg,
+                    const Arg& ptr10 = no_arg,
+                    const Arg& ptr11 = no_arg,
+                    const Arg& ptr12 = no_arg,
+                    const Arg& ptr13 = no_arg,
+                    const Arg& ptr14 = no_arg,
+                    const Arg& ptr15 = no_arg,
+                    const Arg& ptr16 = no_arg) const;
+
+  bool Consume(StringPiece* input,
+               const Arg& ptr1 = no_arg,
+               const Arg& ptr2 = no_arg,
+               const Arg& ptr3 = no_arg,
+               const Arg& ptr4 = no_arg,
+               const Arg& ptr5 = no_arg,
+               const Arg& ptr6 = no_arg,
+               const Arg& ptr7 = no_arg,
+               const Arg& ptr8 = no_arg,
+               const Arg& ptr9 = no_arg,
+               const Arg& ptr10 = no_arg,
+               const Arg& ptr11 = no_arg,
+               const Arg& ptr12 = no_arg,
+               const Arg& ptr13 = no_arg,
+               const Arg& ptr14 = no_arg,
+               const Arg& ptr15 = no_arg,
+               const Arg& ptr16 = no_arg) const;
+
+  bool FindAndConsume(StringPiece* input,
+                      const Arg& ptr1 = no_arg,
+                      const Arg& ptr2 = no_arg,
+                      const Arg& ptr3 = no_arg,
+                      const Arg& ptr4 = no_arg,
+                      const Arg& ptr5 = no_arg,
+                      const Arg& ptr6 = no_arg,
+                      const Arg& ptr7 = no_arg,
+                      const Arg& ptr8 = no_arg,
+                      const Arg& ptr9 = no_arg,
+                      const Arg& ptr10 = no_arg,
+                      const Arg& ptr11 = no_arg,
+                      const Arg& ptr12 = no_arg,
+                      const Arg& ptr13 = no_arg,
+                      const Arg& ptr14 = no_arg,
+                      const Arg& ptr15 = no_arg,
+                      const Arg& ptr16 = no_arg) const;
+
+  bool Replace(const StringPiece& rewrite,
+               string *str) const;
+
+  int GlobalReplace(const StringPiece& rewrite,
+                    string *str) const;
+
+  bool Extract(const StringPiece &rewrite,
+               const StringPiece &text,
+               string *out) const;
+
+  // Escapes all potentially meaningful regexp characters in
+  // 'unquoted'.  The returned string, used as a regular expression,
+  // will exactly match the original string.  For example,
+  //           1.5-2.0?
+  // may become:
+  //           1\.5\-2\.0\?
+  // Note QuoteMeta behaves the same as perl's QuoteMeta function,
+  // *except* that it escapes the NUL character (\0) as backslash + 0,
+  // rather than backslash + NUL.
+  static string QuoteMeta(const StringPiece& unquoted);
+
+
+  /***** Generic matching interface *****/
+
+  // Type of match (TODO: Should be restructured as part of RE_Options)
+  enum Anchor {
+    UNANCHORED,         // No anchoring
+    ANCHOR_START,       // Anchor at start only
+    ANCHOR_BOTH         // Anchor at start and end
+  };
+
+  // General matching routine.  Stores the length of the match in
+  // "*consumed" if successful.
+  bool DoMatch(const StringPiece& text,
+               Anchor anchor,
+               int* consumed,
+               const Arg* const* args, int n) const;
+
+  // Return the number of capturing subpatterns, or -1 if the
+  // regexp wasn't valid on construction.
+  int NumberOfCapturingGroups() const;
+
+  // The default value for an argument, to indicate the end of the argument
+  // list. This must be used only in optional argument defaults. It should NOT
+  // be passed explicitly. Some people have tried to use it like this:
+  //
+  //   FullMatch(x, y, &z, no_arg, &w);
+  //
+  // This is a mistake, and will not work.
+  static Arg no_arg;
+
+ private:
+
+  void Init(const string& pattern, const RE_Options* options);
+  void Cleanup();
+
+  // Match against "text", filling in "vec" (up to "vecsize" * 2/3) with
+  // pairs of integers for the beginning and end positions of matched
+  // text.  The first pair corresponds to the entire matched text;
+  // subsequent pairs correspond, in order, to parentheses-captured
+  // matches.  Returns the number of pairs (one more than the number of
+  // the last subpattern with a match) if matching was successful
+  // and zero if the match failed.
+  // I.e. for RE("(foo)|(bar)|(baz)") it will return 2, 3, and 4 when matching
+  // against "foo", "bar", and "baz" respectively.
+  // When matching RE("(foo)|hello") against "hello", it will return 1.
+  // But the values for all subpattern are filled in into "vec".
+  int TryMatch(const StringPiece& text,
+               int startpos,
+               Anchor anchor,
+               bool empty_ok,
+               int *vec,
+               int vecsize) const;
+
+  // Append the "rewrite" string, with backslash subsitutions from "text"
+  // and "vec", to string "out".
+  bool Rewrite(string *out,
+               const StringPiece& rewrite,
+               const StringPiece& text,
+               int *vec,
+               int veclen) const;
+
+  // internal implementation for DoMatch
+  bool DoMatchImpl(const StringPiece& text,
+                   Anchor anchor,
+                   int* consumed,
+                   const Arg* const args[],
+                   int n,
+                   int* vec,
+                   int vecsize) const;
+
+  // Compile the regexp for the specified anchoring mode
+  pcre* Compile(Anchor anchor);
+
+  string        pattern_;
+  RE_Options    options_;
+  pcre*         re_full_;       // For full matches
+  pcre*         re_partial_;    // For partial matches
+  const string* error_;         // Error indicator (or points to empty string)
+};
+
+}   // namespace pcrecpp
+
+#endif /* _PCRECPP_H */
diff --git a/client/3rd/ShadowSocks/ShadowSocks/pcre/include/pcrecpparg.h b/client/3rd/ShadowSocks/ShadowSocks/pcre/include/pcrecpparg.h
new file mode 100644
index 00000000..b4f9c3f4
--- /dev/null
+++ b/client/3rd/ShadowSocks/ShadowSocks/pcre/include/pcrecpparg.h
@@ -0,0 +1,174 @@
+// Copyright (c) 2005, Google Inc.
+// All rights reserved.
+//
+// Redistribution and use in source and binary forms, with or without
+// modification, are permitted provided that the following conditions are
+// met:
+//
+//     * Redistributions of source code must retain the above copyright
+// notice, this list of conditions and the following disclaimer.
+//     * Redistributions in binary form must reproduce the above
+// copyright notice, this list of conditions and the following disclaimer
+// in the documentation and/or other materials provided with the
+// distribution.
+//     * Neither the name of Google Inc. nor the names of its
+// contributors may be used to endorse or promote products derived from
+// this software without specific prior written permission.
+//
+// THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS
+// "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT
+// LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR
+// A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT
+// OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
+// SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT
+// LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,
+// DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY
+// THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
+// (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE
+// OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
+//
+// Author: Sanjay Ghemawat
+
+#ifndef _PCRECPPARG_H
+#define _PCRECPPARG_H
+
+#include <stdlib.h>    // for NULL
+#include <string>
+
+#include <pcre.h>
+
+namespace pcrecpp {
+
+class StringPiece;
+
+// Hex/Octal/Binary?
+
+// Special class for parsing into objects that define a ParseFrom() method
+template <class T>
+class _RE_MatchObject {
+ public:
+  static inline bool Parse(const char* str, int n, void* dest) {
+    if (dest == NULL) return true;
+    T* object = reinterpret_cast<T*>(dest);
+    return object->ParseFrom(str, n);
+  }
+};
+
+class PCRECPP_EXP_DEFN Arg {
+ public:
+  // Empty constructor so we can declare arrays of Arg
+  Arg();
+
+  // Constructor specially designed for NULL arguments
+  Arg(void*);
+
+  typedef bool (*Parser)(const char* str, int n, void* dest);
+
+// Type-specific parsers
+#define PCRE_MAKE_PARSER(type,name)                             \
+  Arg(type* p) : arg_(p), parser_(name) { }                     \
+  Arg(type* p, Parser parser) : arg_(p), parser_(parser) { }
+
+
+  PCRE_MAKE_PARSER(char,               parse_char);
+  PCRE_MAKE_PARSER(unsigned char,      parse_uchar);
+  PCRE_MAKE_PARSER(short,              parse_short);
+  PCRE_MAKE_PARSER(unsigned short,     parse_ushort);
+  PCRE_MAKE_PARSER(int,                parse_int);
+  PCRE_MAKE_PARSER(unsigned int,       parse_uint);
+  PCRE_MAKE_PARSER(long,               parse_long);
+  PCRE_MAKE_PARSER(unsigned long,      parse_ulong);
+#if 1
+  PCRE_MAKE_PARSER(long long,          parse_longlong);
+#endif
+#if 1
+  PCRE_MAKE_PARSER(unsigned long long, parse_ulonglong);
+#endif
+  PCRE_MAKE_PARSER(float,              parse_float);
+  PCRE_MAKE_PARSER(double,             parse_double);
+  PCRE_MAKE_PARSER(std::string,        parse_string);
+  PCRE_MAKE_PARSER(StringPiece,        parse_stringpiece);
+
+#undef PCRE_MAKE_PARSER
+
+  // Generic constructor
+  template <class T> Arg(T*, Parser parser);
+  // Generic constructor template
+  template <class T> Arg(T* p)
+    : arg_(p), parser_(_RE_MatchObject<T>::Parse) {
+  }
+
+  // Parse the data
+  bool Parse(const char* str, int n) const;
+
+ private:
+  void*         arg_;
+  Parser        parser_;
+
+  static bool parse_null          (const char* str, int n, void* dest);
+  static bool parse_char          (const char* str, int n, void* dest);
+  static bool parse_uchar         (const char* str, int n, void* dest);
+  static bool parse_float         (const char* str, int n, void* dest);
+  static bool parse_double        (const char* str, int n, void* dest);
+  static bool parse_string        (const char* str, int n, void* dest);
+  static bool parse_stringpiece   (const char* str, int n, void* dest);
+
+#define PCRE_DECLARE_INTEGER_PARSER(name)                                   \
+ private:                                                                   \
+  static bool parse_ ## name(const char* str, int n, void* dest);           \
+  static bool parse_ ## name ## _radix(                                     \
+    const char* str, int n, void* dest, int radix);                         \
+ public:                                                                    \
+  static bool parse_ ## name ## _hex(const char* str, int n, void* dest);   \
+  static bool parse_ ## name ## _octal(const char* str, int n, void* dest); \
+  static bool parse_ ## name ## _cradix(const char* str, int n, void* dest)
+
+  PCRE_DECLARE_INTEGER_PARSER(short);
+  PCRE_DECLARE_INTEGER_PARSER(ushort);
+  PCRE_DECLARE_INTEGER_PARSER(int);
+  PCRE_DECLARE_INTEGER_PARSER(uint);
+  PCRE_DECLARE_INTEGER_PARSER(long);
+  PCRE_DECLARE_INTEGER_PARSER(ulong);
+  PCRE_DECLARE_INTEGER_PARSER(longlong);
+  PCRE_DECLARE_INTEGER_PARSER(ulonglong);
+
+#undef PCRE_DECLARE_INTEGER_PARSER
+};
+
+inline Arg::Arg() : arg_(NULL), parser_(parse_null) { }
+inline Arg::Arg(void* p) : arg_(p), parser_(parse_null) { }
+
+inline bool Arg::Parse(const char* str, int n) const {
+  return (*parser_)(str, n, arg_);
+}
+
+// This part of the parser, appropriate only for ints, deals with bases
+#define MAKE_INTEGER_PARSER(type, name) \
+  inline Arg Hex(type* ptr) { \
+    return Arg(ptr, Arg::parse_ ## name ## _hex); } \
+  inline Arg Octal(type* ptr) { \
+    return Arg(ptr, Arg::parse_ ## name ## _octal); } \
+  inline Arg CRadix(type* ptr) { \
+    return Arg(ptr, Arg::parse_ ## name ## _cradix); }
+
+MAKE_INTEGER_PARSER(short,              short)     /*                        */
+MAKE_INTEGER_PARSER(unsigned short,     ushort)    /*                        */
+MAKE_INTEGER_PARSER(int,                int)       /* Don't use semicolons   */
+MAKE_INTEGER_PARSER(unsigned int,       uint)      /* after these statement  */
+MAKE_INTEGER_PARSER(long,               long)      /* because they can cause */
+MAKE_INTEGER_PARSER(unsigned long,      ulong)     /* compiler warnings if   */
+#if 1                          /* the checking level is  */
+MAKE_INTEGER_PARSER(long long,          longlong)  /* turned up high enough. */
+#endif                                             /*                        */
+#if 1                         /*                        */
+MAKE_INTEGER_PARSER(unsigned long long, ulonglong) /*                        */
+#endif
+
+#undef PCRE_IS_SET
+#undef PCRE_SET_OR_CLEAR
+#undef MAKE_INTEGER_PARSER
+
+}   // namespace pcrecpp
+
+
+#endif /* _PCRECPPARG_H */
diff --git a/client/3rd/ShadowSocks/ShadowSocks/pcre/include/pcreposix.h b/client/3rd/ShadowSocks/ShadowSocks/pcre/include/pcreposix.h
new file mode 100644
index 00000000..c77c0b05
--- /dev/null
+++ b/client/3rd/ShadowSocks/ShadowSocks/pcre/include/pcreposix.h
@@ -0,0 +1,146 @@
+/*************************************************
+*       Perl-Compatible Regular Expressions      *
+*************************************************/
+
+#ifndef _PCREPOSIX_H
+#define _PCREPOSIX_H
+
+/* This is the header for the POSIX wrapper interface to the PCRE Perl-
+Compatible Regular Expression library. It defines the things POSIX says should
+be there. I hope.
+
+            Copyright (c) 1997-2012 University of Cambridge
+
+-----------------------------------------------------------------------------
+Redistribution and use in source and binary forms, with or without
+modification, are permitted provided that the following conditions are met:
+
+    * Redistributions of source code must retain the above copyright notice,
+      this list of conditions and the following disclaimer.
+
+    * Redistributions in binary form must reproduce the above copyright
+      notice, this list of conditions and the following disclaimer in the
+      documentation and/or other materials provided with the distribution.
+
+    * Neither the name of the University of Cambridge nor the names of its
+      contributors may be used to endorse or promote products derived from
+      this software without specific prior written permission.
+
+THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS"
+AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT OWNER OR CONTRIBUTORS BE
+LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR
+CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF
+SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS
+INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN
+CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
+ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE
+POSSIBILITY OF SUCH DAMAGE.
+-----------------------------------------------------------------------------
+*/
+
+/* Have to include stdlib.h in order to ensure that size_t is defined. */
+
+#include <stdlib.h>
+
+/* Allow for C++ users */
+
+#ifdef __cplusplus
+extern "C" {
+#endif
+
+/* Options, mostly defined by POSIX, but with some extras. */
+
+#define REG_ICASE     0x0001   /* Maps to PCRE_CASELESS */
+#define REG_NEWLINE   0x0002   /* Maps to PCRE_MULTILINE */
+#define REG_NOTBOL    0x0004   /* Maps to PCRE_NOTBOL */
+#define REG_NOTEOL    0x0008   /* Maps to PCRE_NOTEOL */
+#define REG_DOTALL    0x0010   /* NOT defined by POSIX; maps to PCRE_DOTALL */
+#define REG_NOSUB     0x0020   /* Maps to PCRE_NO_AUTO_CAPTURE */
+#define REG_UTF8      0x0040   /* NOT defined by POSIX; maps to PCRE_UTF8 */
+#define REG_STARTEND  0x0080   /* BSD feature: pass subject string by so,eo */
+#define REG_NOTEMPTY  0x0100   /* NOT defined by POSIX; maps to PCRE_NOTEMPTY */
+#define REG_UNGREEDY  0x0200   /* NOT defined by POSIX; maps to PCRE_UNGREEDY */
+#define REG_UCP       0x0400   /* NOT defined by POSIX; maps to PCRE_UCP */
+
+/* This is not used by PCRE, but by defining it we make it easier
+to slot PCRE into existing programs that make POSIX calls. */
+
+#define REG_EXTENDED  0
+
+/* Error values. Not all these are relevant or used by the wrapper. */
+
+enum {
+  REG_ASSERT = 1,  /* internal error ? */
+  REG_BADBR,       /* invalid repeat counts in {} */
+  REG_BADPAT,      /* pattern error */
+  REG_BADRPT,      /* ? * + invalid */
+  REG_EBRACE,      /* unbalanced {} */
+  REG_EBRACK,      /* unbalanced [] */
+  REG_ECOLLATE,    /* collation error - not relevant */
+  REG_ECTYPE,      /* bad class */
+  REG_EESCAPE,     /* bad escape sequence */
+  REG_EMPTY,       /* empty expression */
+  REG_EPAREN,      /* unbalanced () */
+  REG_ERANGE,      /* bad range inside [] */
+  REG_ESIZE,       /* expression too big */
+  REG_ESPACE,      /* failed to get memory */
+  REG_ESUBREG,     /* bad back reference */
+  REG_INVARG,      /* bad argument */
+  REG_NOMATCH      /* match failed */
+};
+
+
+/* The structure representing a compiled regular expression. */
+
+typedef struct {
+  void *re_pcre;
+  size_t re_nsub;
+  size_t re_erroffset;
+} regex_t;
+
+/* The structure in which a captured offset is returned. */
+
+typedef int regoff_t;
+
+typedef struct {
+  regoff_t rm_so;
+  regoff_t rm_eo;
+} regmatch_t;
+
+/* When an application links to a PCRE DLL in Windows, the symbols that are
+imported have to be identified as such. When building PCRE, the appropriate
+export settings are needed, and are set in pcreposix.c before including this
+file. */
+
+#if defined(_WIN32) && !defined(PCRE_STATIC) && !defined(PCREPOSIX_EXP_DECL)
+#  define PCREPOSIX_EXP_DECL  extern __declspec(dllimport)
+#  define PCREPOSIX_EXP_DEFN  __declspec(dllimport)
+#endif
+
+/* By default, we use the standard "extern" declarations. */
+
+#ifndef PCREPOSIX_EXP_DECL
+#  ifdef __cplusplus
+#    define PCREPOSIX_EXP_DECL  extern "C"
+#    define PCREPOSIX_EXP_DEFN  extern "C"
+#  else
+#    define PCREPOSIX_EXP_DECL  extern
+#    define PCREPOSIX_EXP_DEFN  extern
+#  endif
+#endif
+
+/* The functions */
+
+PCREPOSIX_EXP_DECL int regcomp(regex_t *, const char *, int);
+PCREPOSIX_EXP_DECL int regexec(const regex_t *, const char *, size_t,
+                     regmatch_t *, int);
+PCREPOSIX_EXP_DECL size_t regerror(int, const regex_t *, char *, size_t);
+PCREPOSIX_EXP_DECL void regfree(regex_t *);
+
+#ifdef __cplusplus
+}   /* extern "C" */
+#endif
+
+#endif /* End of pcreposix.h */
diff --git a/client/3rd/ShadowSocks/ShadowSocks/pcre/lib/libpcre.a b/client/3rd/ShadowSocks/ShadowSocks/pcre/lib/libpcre.a
new file mode 100644
index 00000000..16868e0c
Binary files /dev/null and b/client/3rd/ShadowSocks/ShadowSocks/pcre/lib/libpcre.a differ
diff --git a/client/3rd/ShadowSocks/ShadowSocks/pcre/lib/libpcre.la b/client/3rd/ShadowSocks/ShadowSocks/pcre/lib/libpcre.la
new file mode 100755
index 00000000..bb15aeaa
--- /dev/null
+++ b/client/3rd/ShadowSocks/ShadowSocks/pcre/lib/libpcre.la
@@ -0,0 +1,41 @@
+# libpcre.la - a libtool library file
+# Generated by libtool (GNU libtool) 2.4.6
+#
+# Please DO NOT delete this file!
+# It is necessary for linking the library.
+
+# The name that we can dlopen(3).
+dlname=''
+
+# Names of this library.
+library_names=''
+
+# The name of the static archive.
+old_library='libpcre.a'
+
+# Linker flags that cannot go in dependency_libs.
+inherited_linker_flags=' '
+
+# Libraries that this one depends upon.
+dependency_libs=' -L/Applications/Xcode.app/Contents/Developer/Platforms/iPhoneOS.platform/Developer/SDKs/iPhoneOS15.2.sdk/usr/lib'
+
+# Names of additional weak libraries provided by this library
+weak_library_names=''
+
+# Version information for libpcre.
+current=3
+age=2
+revision=9
+
+# Is this an already installed library?
+installed=yes
+
+# Should we warn about portability when linking against -modules?
+shouldnotlink=no
+
+# Files to dlopen/dlpreopen
+dlopen=''
+dlpreopen=''
+
+# Directory that this library needs to be installed in:
+libdir='/Users/sanchez/work/vied/ios/vpn/playground/ss-libev-build/ShadowSocks-libev-iOS/ShadowSocks-libev-iOS/pcre/pcre/arm64/lib'
diff --git a/client/3rd/ShadowSocks/ShadowSocks/pcre/lib/libpcrecpp.a b/client/3rd/ShadowSocks/ShadowSocks/pcre/lib/libpcrecpp.a
new file mode 100644
index 00000000..55251425
Binary files /dev/null and b/client/3rd/ShadowSocks/ShadowSocks/pcre/lib/libpcrecpp.a differ
diff --git a/client/3rd/ShadowSocks/ShadowSocks/pcre/lib/libpcrecpp.la b/client/3rd/ShadowSocks/ShadowSocks/pcre/lib/libpcrecpp.la
new file mode 100755
index 00000000..66dfe461
--- /dev/null
+++ b/client/3rd/ShadowSocks/ShadowSocks/pcre/lib/libpcrecpp.la
@@ -0,0 +1,41 @@
+# libpcrecpp.la - a libtool library file
+# Generated by libtool (GNU libtool) 2.4.6
+#
+# Please DO NOT delete this file!
+# It is necessary for linking the library.
+
+# The name that we can dlopen(3).
+dlname=''
+
+# Names of this library.
+library_names=''
+
+# The name of the static archive.
+old_library='libpcrecpp.a'
+
+# Linker flags that cannot go in dependency_libs.
+inherited_linker_flags=' '
+
+# Libraries that this one depends upon.
+dependency_libs=' -L/Applications/Xcode.app/Contents/Developer/Platforms/iPhoneOS.platform/Developer/SDKs/iPhoneOS15.2.sdk/usr/lib /Users/sanchez/work/vied/ios/vpn/playground/ss-libev-build/ShadowSocks-libev-iOS/ShadowSocks-libev-iOS/pcre/pcre/arm64/lib/libpcre.la'
+
+# Names of additional weak libraries provided by this library
+weak_library_names=''
+
+# Version information for libpcrecpp.
+current=0
+age=0
+revision=1
+
+# Is this an already installed library?
+installed=yes
+
+# Should we warn about portability when linking against -modules?
+shouldnotlink=no
+
+# Files to dlopen/dlpreopen
+dlopen=''
+dlpreopen=''
+
+# Directory that this library needs to be installed in:
+libdir='/Users/sanchez/work/vied/ios/vpn/playground/ss-libev-build/ShadowSocks-libev-iOS/ShadowSocks-libev-iOS/pcre/pcre/arm64/lib'
diff --git a/client/3rd/ShadowSocks/ShadowSocks/pcre/lib/libpcreposix.a b/client/3rd/ShadowSocks/ShadowSocks/pcre/lib/libpcreposix.a
new file mode 100644
index 00000000..8a05c4fc
Binary files /dev/null and b/client/3rd/ShadowSocks/ShadowSocks/pcre/lib/libpcreposix.a differ
diff --git a/client/3rd/ShadowSocks/ShadowSocks/pcre/lib/libpcreposix.la b/client/3rd/ShadowSocks/ShadowSocks/pcre/lib/libpcreposix.la
new file mode 100755
index 00000000..1c4c6a6d
--- /dev/null
+++ b/client/3rd/ShadowSocks/ShadowSocks/pcre/lib/libpcreposix.la
@@ -0,0 +1,41 @@
+# libpcreposix.la - a libtool library file
+# Generated by libtool (GNU libtool) 2.4.6
+#
+# Please DO NOT delete this file!
+# It is necessary for linking the library.
+
+# The name that we can dlopen(3).
+dlname=''
+
+# Names of this library.
+library_names=''
+
+# The name of the static archive.
+old_library='libpcreposix.a'
+
+# Linker flags that cannot go in dependency_libs.
+inherited_linker_flags=' '
+
+# Libraries that this one depends upon.
+dependency_libs=' -L/Applications/Xcode.app/Contents/Developer/Platforms/iPhoneOS.platform/Developer/SDKs/iPhoneOS15.2.sdk/usr/lib /Users/sanchez/work/vied/ios/vpn/playground/ss-libev-build/ShadowSocks-libev-iOS/ShadowSocks-libev-iOS/pcre/pcre/arm64/lib/libpcre.la'
+
+# Names of additional weak libraries provided by this library
+weak_library_names=''
+
+# Version information for libpcreposix.
+current=0
+age=0
+revision=5
+
+# Is this an already installed library?
+installed=yes
+
+# Should we warn about portability when linking against -modules?
+shouldnotlink=no
+
+# Files to dlopen/dlpreopen
+dlopen=''
+dlpreopen=''
+
+# Directory that this library needs to be installed in:
+libdir='/Users/sanchez/work/vied/ios/vpn/playground/ss-libev-build/ShadowSocks-libev-iOS/ShadowSocks-libev-iOS/pcre/pcre/arm64/lib'
diff --git a/client/3rd/ShadowSocks/ShadowSocks/pcre/lib/pkgconfig/libpcre.pc b/client/3rd/ShadowSocks/ShadowSocks/pcre/lib/pkgconfig/libpcre.pc
new file mode 100644
index 00000000..545c7def
--- /dev/null
+++ b/client/3rd/ShadowSocks/ShadowSocks/pcre/lib/pkgconfig/libpcre.pc
@@ -0,0 +1,13 @@
+# Package Information for pkg-config
+
+prefix=/Users/sanchez/work/vied/ios/vpn/playground/ss-libev-build/ShadowSocks-libev-iOS/ShadowSocks-libev-iOS/pcre/pcre/arm64
+exec_prefix=${prefix}
+libdir=${exec_prefix}/lib
+includedir=${prefix}/include
+
+Name: libpcre
+Description: PCRE - Perl compatible regular expressions C library with 8 bit character support
+Version: 8.41
+Libs: -L${libdir} -lpcre
+Libs.private:  
+Cflags: -I${includedir} -DPCRE_STATIC
diff --git a/client/3rd/ShadowSocks/ShadowSocks/pcre/lib/pkgconfig/libpcrecpp.pc b/client/3rd/ShadowSocks/ShadowSocks/pcre/lib/pkgconfig/libpcrecpp.pc
new file mode 100644
index 00000000..bc188e91
--- /dev/null
+++ b/client/3rd/ShadowSocks/ShadowSocks/pcre/lib/pkgconfig/libpcrecpp.pc
@@ -0,0 +1,12 @@
+# Package Information for pkg-config
+
+prefix=/Users/sanchez/work/vied/ios/vpn/playground/ss-libev-build/ShadowSocks-libev-iOS/ShadowSocks-libev-iOS/pcre/pcre/arm64
+exec_prefix=${prefix}
+libdir=${exec_prefix}/lib
+includedir=${prefix}/include
+
+Name: libpcrecpp
+Description: PCRECPP - C++ wrapper for PCRE
+Version: 8.41
+Libs: -L${libdir} -lpcre -lpcrecpp
+Cflags: -I${includedir} -DPCRE_STATIC
diff --git a/client/3rd/ShadowSocks/ShadowSocks/pcre/lib/pkgconfig/libpcreposix.pc b/client/3rd/ShadowSocks/ShadowSocks/pcre/lib/pkgconfig/libpcreposix.pc
new file mode 100644
index 00000000..1239ade5
--- /dev/null
+++ b/client/3rd/ShadowSocks/ShadowSocks/pcre/lib/pkgconfig/libpcreposix.pc
@@ -0,0 +1,13 @@
+# Package Information for pkg-config
+
+prefix=/Users/sanchez/work/vied/ios/vpn/playground/ss-libev-build/ShadowSocks-libev-iOS/ShadowSocks-libev-iOS/pcre/pcre/arm64
+exec_prefix=${prefix}
+libdir=${exec_prefix}/lib
+includedir=${prefix}/include
+
+Name: libpcreposix
+Description: PCREPosix - Posix compatible interface to libpcre
+Version: 8.41
+Libs: -L${libdir} -lpcreposix
+Cflags: -I${includedir} -DPCRE_STATIC
+Requires.private: libpcre
diff --git a/client/3rd/ShadowSocks/ShadowSocks/shadowsocks-libev/config.h b/client/3rd/ShadowSocks/ShadowSocks/shadowsocks-libev/config.h
new file mode 100644
index 00000000..fc7ba4d5
--- /dev/null
+++ b/client/3rd/ShadowSocks/ShadowSocks/shadowsocks-libev/config.h
@@ -0,0 +1,421 @@
+/* config.h.  Generated from config.h.in by configure.  */
+/* config.h.in.  Generated from configure.ac by autoheader.  */
+
+/* Define if building universal (internal helper macro) */
+/* #undef AC_APPLE_UNIVERSAL_BUILD */
+
+/* errno for incomplete non-blocking connect(2) */
+#define CONNECT_IN_PROGRESS EINPROGRESS
+
+/* Override libev default fd conversion macro. */
+/* #undef EV_FD_TO_WIN32_HANDLE */
+
+/* Override libev default fd close macro. */
+/* #undef EV_WIN32_CLOSE_FD */
+
+/* Override libev default handle conversion macro. */
+/* #undef EV_WIN32_HANDLE_TO_FD */
+
+/* Reset max file descriptor size. */
+/* #undef FD_SETSIZE */
+
+/* Define to 1 if you have the <arpa/inet.h> header file. */
+#define HAVE_ARPA_INET_H 1
+
+/* Define to 1 if you have the `CCCryptorCreateWithMode' function. */
+/* #undef HAVE_CCCRYPTORCREATEWITHMODE */
+
+/* Define to 1 if you have the `clock_gettime' function. */
+/* #undef HAVE_CLOCK_GETTIME */
+
+/* Define to 1 to use the syscall interface for clock_gettime */
+/* #undef HAVE_CLOCK_SYSCALL */
+
+/* Define to 1 if you have the <CommonCrypto/CommonCrypto.h> header file. */
+/* #undef HAVE_COMMONCRYPTO_COMMONCRYPTO_H */
+
+/* Define to 1 if you have the declaration of `inet_ntop', and to 0 if you
+ don't. */
+#define HAVE_DECL_INET_NTOP 1
+
+/* Define to 1 if you have the <dlfcn.h> header file. */
+#define HAVE_DLFCN_H 1
+
+/* Define to 1 if you have the `epoll_ctl' function. */
+/* #undef HAVE_EPOLL_CTL */
+
+/* Define to 1 if you have the `eventfd' function. */
+/* #undef HAVE_EVENTFD */
+
+/* Define to 1 if you have the `EVP_EncryptInit_ex' function. */
+#define HAVE_EVP_ENCRYPTINIT_EX 1
+
+/* Define to 1 if you have the <fcntl.h> header file. */
+#define HAVE_FCNTL_H 1
+
+/* Define to 1 if the floor function is available */
+#define HAVE_FLOOR 1
+
+/* Define to 1 if you have the `fork' function. */
+#define HAVE_FORK 1
+
+/* Define to 1 if you have the `getpwnam_r' function. */
+#define HAVE_GETPWNAM_R 1
+
+/* Define to 1 if you have the `inet_ntop' function. */
+/* #undef HAVE_INET_NTOP */
+
+/* Define to 1 if you have the `inotify_init' function. */
+/* #undef HAVE_INOTIFY_INIT */
+
+/* Define to 1 if you have the <inttypes.h> header file. */
+#define HAVE_INTTYPES_H 1
+
+/* Enable IPv6 support in libudns */
+#define HAVE_IPv6 1
+
+/* Define to 1 if you have the `kqueue' function. */
+#define HAVE_KQUEUE 1
+
+/* Define to 1 if you have the <langinfo.h> header file. */
+#define HAVE_LANGINFO_H 1
+
+/* Define to 1 if you have the `rt' library (-lrt). */
+/* #undef HAVE_LIBRT */
+
+/* Define to 1 if you have the `socket' library (-lsocket). */
+/* #undef HAVE_LIBSOCKET */
+
+/* Define to 1 if you have the <limits.h> header file. */
+#define HAVE_LIMITS_H 1
+
+/* Define to 1 if you have the <linux/if.h> header file. */
+/* #undef HAVE_LINUX_IF_H */
+
+/* Define to 1 if you have the <linux/netfilter_ipv4.h> header file. */
+/* #undef HAVE_LINUX_NETFILTER_IPV4_H */
+
+/* Define to 1 if you have the <linux/netfilter_ipv6/ip6_tables.h> header
+ file. */
+/* #undef HAVE_LINUX_NETFILTER_IPV6_IP6_TABLES_H */
+
+/* Define to 1 if you have the <locale.h> header file. */
+#define HAVE_LOCALE_H 1
+
+/* Define to 1 if you have the `malloc' function. */
+#define HAVE_MALLOC 1
+
+/* Define to 1 if you have the <memory.h> header file. */
+#define HAVE_MEMORY_H 1
+
+/* Define to 1 if you have the `memset' function. */
+#define HAVE_MEMSET 1
+
+/* Define to 1 if you have the `nanosleep' function. */
+#define HAVE_NANOSLEEP 1
+
+/* Define to 1 if you have the <netdb.h> header file. */
+#define HAVE_NETDB_H 1
+
+/* Define to 1 if you have the <netinet/in.h> header file. */
+#define HAVE_NETINET_IN_H 1
+
+/* Define to 1 if you have the <net/if.h> header file. */
+#define HAVE_NET_IF_H 1
+
+/* Define to 1 if you have the <openssl/engine.h> header file. */
+//#define HAVE_OPENSSL_ENGINE_H 1
+
+/* Define to 1 if you have the <openssl/err.h> header file. */
+//#define HAVE_OPENSSL_ERR_H 1
+
+/* Define to 1 if you have the <openssl/evp.h> header file. */
+//#define HAVE_OPENSSL_EVP_H 1
+
+/* Define to 1 if you have the <openssl/pem.h> header file. */
+//#define HAVE_OPENSSL_PEM_H 1
+
+/* Define to 1 if you have the <openssl/rand.h> header file. */
+//#define HAVE_OPENSSL_RAND_H 1
+
+/* Define to 1 if you have the <openssl/rsa.h> header file. */
+//#define HAVE_OPENSSL_RSA_H 1
+
+/* Define to 1 if you have the <openssl/sha.h> header file. */
+//#define HAVE_OPENSSL_SHA_H 1
+
+/* Define to 1 if you have the `poll' function. */
+#define HAVE_POLL 1
+
+/* Define to 1 if you have the <poll.h> header file. */
+#define HAVE_POLL_H 1
+
+/* Define to 1 if you have the `port_create' function. */
+/* #undef HAVE_PORT_CREATE */
+
+/* Define to 1 if you have the <port.h> header file. */
+/* #undef HAVE_PORT_H */
+
+/* Have PTHREAD_PRIO_INHERIT. */
+#define HAVE_PTHREAD_PRIO_INHERIT 1
+
+/* Define to 1 if you have the `RAND_pseudo_bytes' function. */
+#define HAVE_RAND_PSEUDO_BYTES 1
+
+/* Define to 1 if you have the 'select' function. */
+#define HAVE_SELECT 1
+
+/* Define to 1 if you have the `setresuid' function. */
+/* #undef HAVE_SETRESUID */
+
+/* Define to 1 if you have the `setreuid' function. */
+#define HAVE_SETREUID 1
+
+/* Define to 1 if you have the `setrlimit' function. */
+#define HAVE_SETRLIMIT 1
+//#undef HAVE_SETRLIMIT
+
+/* Define to 1 if you have the `signalfd' function. */
+/* #undef HAVE_SIGNALFD */
+
+/* Define to 1 if you have the `socket' function. */
+#define HAVE_SOCKET 1
+
+/* Define to 1 if you have the <stdint.h> header file. */
+#define HAVE_STDINT_H 1
+
+/* Define to 1 if you have the <stdlib.h> header file. */
+#define HAVE_STDLIB_H 1
+
+/* Define to 1 if you have the `strerror' function. */
+#define HAVE_STRERROR 1
+
+/* Define to 1 if you have the <strings.h> header file. */
+#define HAVE_STRINGS_H 1
+
+/* Define to 1 if you have the <string.h> header file. */
+#define HAVE_STRING_H 1
+
+/* Define to 1 if you have the <sys/epoll.h> header file. */
+/* #undef HAVE_SYS_EPOLL_H */
+
+/* Define to 1 if you have the <sys/eventfd.h> header file. */
+/* #undef HAVE_SYS_EVENTFD_H */
+
+/* Define to 1 if you have the <sys/event.h> header file. */
+#define HAVE_SYS_EVENT_H 1
+
+/* Define to 1 if you have the <sys/inotify.h> header file. */
+/* #undef HAVE_SYS_INOTIFY_H */
+
+/* Define to 1 if you have the <sys/ioctl.h> header file. */
+#define HAVE_SYS_IOCTL_H 1
+
+/* Define to 1 if you have the <sys/select.h> header file. */
+#define HAVE_SYS_SELECT_H 1
+
+/* Define to 1 if you have the <sys/signalfd.h> header file. */
+/* #undef HAVE_SYS_SIGNALFD_H */
+
+/* Define to 1 if you have the <sys/socket.h> header file. */
+#define HAVE_SYS_SOCKET_H 1
+
+/* Define to 1 if you have the <sys/stat.h> header file. */
+#define HAVE_SYS_STAT_H 1
+
+/* Define to 1 if you have the <sys/types.h> header file. */
+#define HAVE_SYS_TYPES_H 1
+
+/* Define to 1 if you have <sys/wait.h> that is POSIX.1 compatible. */
+#define HAVE_SYS_WAIT_H 1
+
+/* Define to 1 if you have the <unistd.h> header file. */
+#define HAVE_UNISTD_H 1
+
+/* Define to 1 if you have the `vfork' function. */
+#define HAVE_VFORK 1
+
+/* Define to 1 if you have the <vfork.h> header file. */
+/* #undef HAVE_VFORK_H */
+
+/* Define to 1 if you have the <windows.h> header file. */
+/* #undef HAVE_WINDOWS_H */
+
+/* Define to 1 if you have the <winsock2.h> header file. */
+/* #undef HAVE_WINSOCK2_H */
+
+/* Define to 1 if `fork' works. */
+#define HAVE_WORKING_FORK 1
+
+/* Define to 1 if `vfork' works. */
+#define HAVE_WORKING_VFORK 1
+
+/* Define to 1 if you have the <ws2tcpip.h> header file. */
+/* #undef HAVE_WS2TCPIP_H */
+
+/* have zlib compression support */
+#define HAVE_ZLIB 1
+
+/* Define to 1 if you have the <zlib.h> header file. */
+#define HAVE_ZLIB_H 1
+
+/* Define to the sub-directory in which libtool stores uninstalled libraries.
+ */
+#define LT_OBJDIR ".libs/"
+
+/* Define to 1 if assertions should be disabled. */
+/* #undef NDEBUG */
+
+/* Name of package */
+#define PACKAGE "shadowsocks-libev"
+
+/* Define to the address where bug reports for this package should be sent. */
+#define PACKAGE_BUGREPORT "max.c.lv@gmail.com"
+
+/* Define to the full name of this package. */
+#define PACKAGE_NAME "shadowsocks-libev"
+
+/* Define to the full name and version of this package. */
+#define PACKAGE_STRING "shadowsocks-libev 2.4.8"
+
+/* Define to the one symbol short name of this package. */
+#define PACKAGE_TARNAME "shadowsocks-libev"
+
+/* Define to the home page for this package. */
+#define PACKAGE_URL ""
+
+/* Define to the version of this package. */
+#define PACKAGE_VERSION "2.4.8"
+
+/* Define to necessary symbol if this constant uses a non-standard name on
+ your system. */
+/* #undef PTHREAD_CREATE_JOINABLE */
+
+/* Define as the return type of signal handlers (`int' or `void'). */
+#define RETSIGTYPE void
+
+/* Define to the type of arg 1 for `select'. */
+#define SELECT_TYPE_ARG1 int
+
+/* Define to the type of args 2, 3 and 4 for `select'. */
+#define SELECT_TYPE_ARG234 (fd_set *)
+
+/* Define to the type of arg 5 for `select'. */
+#define SELECT_TYPE_ARG5 (struct timeval *)
+
+/* Define to 1 if you have the ANSI C header files. */
+#define STDC_HEADERS 1
+
+/* Define to 1 if you can safely include both <sys/time.h> and <time.h>. */
+#define TIME_WITH_SYS_TIME 1
+
+/* If the compiler supports a TLS storage class define it to that here */
+#define TLS __thread
+
+/* Use Apple CommonCrypto library */
+/* #undef USE_CRYPTO_APPLECC */
+
+/* Use mbed TLS library */
+/*#define USE_CRYPTO_MBEDTLS 1*/
+
+/* Use OpenSSL library */
+#define USE_CRYPTO_OPENSSL 1
+
+/* Use PolarSSL library */
+/* #undef USE_CRYPTO_POLARSSL */
+
+/* Enable extensions on AIX 3, Interix.  */
+#ifndef _ALL_SOURCE
+# define _ALL_SOURCE 1
+#endif
+/* Enable GNU extensions on systems that have them.  */
+#ifndef _GNU_SOURCE
+# define _GNU_SOURCE 1
+#endif
+/* Enable threading extensions on Solaris.  */
+#ifndef _POSIX_PTHREAD_SEMANTICS
+# define _POSIX_PTHREAD_SEMANTICS 1
+#endif
+/* Enable extensions on HP NonStop.  */
+#ifndef _TANDEM_SOURCE
+# define _TANDEM_SOURCE 1
+#endif
+/* Enable general extensions on Solaris.  */
+#ifndef __EXTENSIONS__
+# define __EXTENSIONS__ 1
+#endif
+
+
+/* Version number of package */
+#define VERSION "2.4.8"
+
+/* Define WORDS_BIGENDIAN to 1 if your processor stores words with the most
+ significant byte first (like Motorola and SPARC, unlike Intel). */
+#if defined AC_APPLE_UNIVERSAL_BUILD
+# if defined __BIG_ENDIAN__
+#  define WORDS_BIGENDIAN 1
+# endif
+#else
+# ifndef WORDS_BIGENDIAN
+/* #  undef WORDS_BIGENDIAN */
+# endif
+#endif
+
+/* Define to 1 if on MINIX. */
+/* #undef _MINIX */
+
+/* Define to 2 if the system does not provide POSIX.1 features except with
+ this defined. */
+/* #undef _POSIX_1_SOURCE */
+
+/* Define to 1 if you need to in order for `stat' and other things to work. */
+/* #undef _POSIX_SOURCE */
+
+/* Define for Solaris 2.5.1 so the uint8_t typedef from <sys/synch.h>,
+ <pthread.h>, or <semaphore.h> is not used. If the typedef were allowed, the
+ #define below would cause a syntax error. */
+/* #undef _UINT8_T */
+
+/* Define to empty if `const' does not conform to ANSI C. */
+/* #undef const */
+
+/* Define to `__inline__' or `__inline' if that's what the C compiler
+ calls it, or to nothing if 'inline' is not supported under any name.  */
+#ifndef __cplusplus
+/* #undef inline */
+#endif
+
+/* Define to `int' if <sys/types.h> does not define. */
+/* #undef pid_t */
+
+/* Define to the equivalent of the C99 'restrict' keyword, or to
+ nothing if this is not supported.  Do not define if restrict is
+ supported directly.  */
+#define restrict __restrict
+/* Work around a bug in Sun C++: it does not support _Restrict or
+ __restrict__, even though the corresponding Sun C compiler ends up with
+ "#define restrict _Restrict" or "#define restrict __restrict__" in the
+ previous line.  Perhaps some future version of Sun C++ will work with
+ restrict; if so, hopefully it defines __RESTRICT like Sun C does.  */
+#if defined __SUNPRO_CC && !defined __RESTRICT
+# define _Restrict
+# define __restrict__
+#endif
+
+/* Define to `unsigned int' if <sys/types.h> does not define. */
+/* #undef size_t */
+
+/* Define to `int' if <sys/types.h> does not define. */
+/* #undef ssize_t */
+
+/* Define to the type of an unsigned integer type of width exactly 16 bits if
+ such a type exists and the standard includes do not define it. */
+/* #undef uint16_t */
+
+/* Define to the type of an unsigned integer type of width exactly 8 bits if
+ such a type exists and the standard includes do not define it. */
+/* #undef uint8_t */
+
+/* Define as `fork' if `vfork' does not work. */
+/* #undef vfork */
+
diff --git a/client/3rd/ShadowSocks/ShadowSocks/shadowsocks-libev/include/shadowsocks.h b/client/3rd/ShadowSocks/ShadowSocks/shadowsocks-libev/include/shadowsocks.h
new file mode 100644
index 00000000..6c36611f
--- /dev/null
+++ b/client/3rd/ShadowSocks/ShadowSocks/shadowsocks-libev/include/shadowsocks.h
@@ -0,0 +1,101 @@
+/*
+ * shadowsocks.h - Header files of library interfaces
+ *
+ * Copyright (C) 2013 - 2019, Max Lv <max.c.lv@gmail.com>
+ *
+ * This file is part of the shadowsocks-libev.
+ * shadowsocks-libev is free software; you can redistribute it and/or modify
+ * it under the terms of the GNU General Public License as published by
+ * the Free Software Foundation; either version 3 of the License, or
+ * (at your option) any later version.
+ *
+ * shadowsocks-libev is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+ * GNU General Public License for more details.
+ *
+ * You should have received a copy of the GNU General Public License
+ * along with shadowsocks-libev; see the file COPYING. If not, see
+ * <http://www.gnu.org/licenses/>.
+ */
+
+#ifndef _SHADOWSOCKS_H
+#define _SHADOWSOCKS_H
+
+typedef struct {
+    /*  Required  */
+    char *remote_host;    // hostname or ip of remote server
+    char *local_addr;     // local ip to bind
+    char *method;         // encryption method
+    char *password;       // password of remote server
+    int remote_port;      // port number of remote server
+    int local_port;       // port number of local server
+    int timeout;          // connection timeout
+
+    /*  Optional, set NULL if not valid   */
+    char *acl;            // file path to acl
+    char *log;            // file path to log
+    int fast_open;        // enable tcp fast open
+    int mode;             // enable udp relay
+    int mtu;              // MTU of interface
+    int mptcp;            // enable multipath TCP
+    int verbose;          // verbose mode
+} profile_t;
+
+/* An example profile
+ *
+ * const profile_t EXAMPLE_PROFILE = {
+ *  .remote_host = "example.com",
+ *  .local_addr = "127.0.0.1",
+ *  .method = "bf-cfb",
+ *  .password = "barfoo!",
+ *  .remote_port = 8338,
+ *  .local_port = 1080,
+ *  .timeout = 600;
+ *  .acl = NULL,
+ *  .log = NULL,
+ *  .fast_open = 0,
+ *  .mode = 0,
+ *  .verbose = 0
+ * };
+ */
+
+#ifdef __cplusplus
+extern "C" {
+#endif
+
+typedef void (*ss_local_callback)(int socks_fd, int udp_fd, void *data);
+
+/*
+ * Create and start a shadowsocks local server.
+ *
+ * Calling this function will block the current thread forever if the server
+ * starts successfully.
+ *
+ * Make sure start the server in a separate process to avoid any potential
+ * memory and socket leak.
+ *
+ * If failed, -1 is returned. Errors will output to the log file.
+ */
+int start_ss_local_server(profile_t profile);
+
+/*
+ * Create and start a shadowsocks local server, specifying a callback.
+ *
+ * The callback is invoked when the local server has started successfully. It passes the SOCKS
+ * server and UDP relay file descriptors, along with any supplied user data.
+ *
+ * Returns -1 on failure.
+ */
+int start_ss_local_server_with_callback(profile_t profile, ss_local_callback callback, void *udata);
+
+#ifdef __cplusplus
+}
+#endif
+
+// To stop the service on posix system, just kill the daemon process
+// kill(pid, SIGKILL);
+// Otherwise, If you start the service in a thread, you may need to send a signal SIGUSER1 to the thread.
+// pthread_kill(pthread_t, SIGUSR1);
+
+#endif // _SHADOWSOCKS_H
diff --git a/client/3rd/ShadowSocks/ShadowSocks/shadowsocks-libev/lib/libshadowsocks-libev.a b/client/3rd/ShadowSocks/ShadowSocks/shadowsocks-libev/lib/libshadowsocks-libev.a
new file mode 100644
index 00000000..e57cff50
Binary files /dev/null and b/client/3rd/ShadowSocks/ShadowSocks/shadowsocks-libev/lib/libshadowsocks-libev.a differ
diff --git a/client/3rd/ShadowSocks/ShadowSocks/shadowsocks-libev/libbloom/.gitignore b/client/3rd/ShadowSocks/ShadowSocks/shadowsocks-libev/libbloom/.gitignore
new file mode 100644
index 00000000..378eac25
--- /dev/null
+++ b/client/3rd/ShadowSocks/ShadowSocks/shadowsocks-libev/libbloom/.gitignore
@@ -0,0 +1 @@
+build
diff --git a/client/3rd/ShadowSocks/ShadowSocks/shadowsocks-libev/libbloom/LICENSE b/client/3rd/ShadowSocks/ShadowSocks/shadowsocks-libev/libbloom/LICENSE
new file mode 100644
index 00000000..a3b17c14
--- /dev/null
+++ b/client/3rd/ShadowSocks/ShadowSocks/shadowsocks-libev/libbloom/LICENSE
@@ -0,0 +1,26 @@
+
+Copyright (c) 2012, Jyri J. Virkki
+All rights reserved.
+
+Redistribution and use in source and binary forms, with or without
+modification, are permitted provided that the following conditions are
+met:
+
+1. Redistributions of source code must retain the above copyright
+notice, this list of conditions and the following disclaimer.
+
+2. Redistributions in binary form must reproduce the above copyright
+notice, this list of conditions and the following disclaimer in the
+documentation and/or other materials provided with the distribution.
+
+THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS
+"AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT
+LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR
+A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT
+HOLDER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
+SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT
+LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,
+DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY
+THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
+(INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE
+OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
diff --git a/client/3rd/ShadowSocks/ShadowSocks/shadowsocks-libev/libbloom/README b/client/3rd/ShadowSocks/ShadowSocks/shadowsocks-libev/libbloom/README
new file mode 100644
index 00000000..0f33a65d
--- /dev/null
+++ b/client/3rd/ShadowSocks/ShadowSocks/shadowsocks-libev/libbloom/README
@@ -0,0 +1,45 @@
+
+Introduction
+------------
+This is libbloom, a simple and small bloom filter implementation in C.
+
+If you are reading this you probably already know about bloom filters
+and why you might use one. If not, the wikipedia article is a good intro:
+http://en.wikipedia.org/wiki/Bloom_filter
+
+
+Building
+--------
+The Makefile assumes GNU Make, so run 'make' or 'gmake' as appropriate
+on your system.
+
+By default it builds an optimized 64 bit libbloom. See Makefile comments
+for other build options.
+
+The shared library will be in ./build/libbloom.so
+
+
+Sample Usage
+------------
+
+#include "bloom.h"
+
+struct bloom bloom;
+bloom_init(&bloom, 1000000, 0.01);
+bloom_add(&bloom, buffer, buflen);
+
+if (bloom_check(&bloom, buffer, buflen)) {
+  printf("It may be there!\n");
+}
+
+
+Documentation
+-------------
+Read bloom.h for more detailed documentation on the public interfaces.
+
+
+License
+-------
+This code (except MurmurHash2) is under BSD license. See LICENSE file.
+
+See murmur2/README for info on MurmurHash2.
diff --git a/client/3rd/ShadowSocks/ShadowSocks/shadowsocks-libev/libbloom/bloom.c b/client/3rd/ShadowSocks/ShadowSocks/shadowsocks-libev/libbloom/bloom.c
new file mode 100644
index 00000000..8ae8167b
--- /dev/null
+++ b/client/3rd/ShadowSocks/ShadowSocks/shadowsocks-libev/libbloom/bloom.c
@@ -0,0 +1,167 @@
+/*
+ *  Copyright (c) 2012-2016, Jyri J. Virkki
+ *  All rights reserved.
+ *
+ *  This file is under BSD license. See LICENSE file.
+ */
+
+/*
+ * Refer to bloom.h for documentation on the public interfaces.
+ */
+
+#include <assert.h>
+#include <fcntl.h>
+#include <math.h>
+#include <stdint.h>
+#include <stdio.h>
+#include <stdlib.h>
+#include <string.h>
+#include <sys/stat.h>
+#include <sys/types.h>
+#include <unistd.h>
+
+#include "bloom.h"
+#include "murmurhash2.h"
+
+#define MAKESTRING(n) STRING(n)
+#define STRING(n) #n
+
+
+inline static int test_bit_set_bit(unsigned char * buf,
+                                   unsigned int x, int set_bit)
+{
+  unsigned int byte = x >> 3;
+  unsigned char c = buf[byte];        // expensive memory access
+  unsigned int mask = 1 << (x % 8);
+
+  if (c & mask) {
+    return 1;
+  } else {
+    if (set_bit) {
+      buf[byte] = c | mask;
+    }
+    return 0;
+  }
+}
+
+
+static int bloom_check_add(struct bloom * bloom,
+                           const void * buffer, int len, int add)
+{
+  if (bloom->ready == 0) {
+    printf("bloom at %p not initialized!\n", (void *)bloom);
+    return -1;
+  }
+
+  int hits = 0;
+  register unsigned int a = murmurhash2(buffer, len, 0x9747b28c);
+  register unsigned int b = murmurhash2(buffer, len, a);
+  register unsigned int x;
+  register unsigned int i;
+
+  for (i = 0; i < bloom->hashes; i++) {
+    x = (a + i*b) % bloom->bits;
+    if (test_bit_set_bit(bloom->bf, x, add)) {
+      hits++;
+    } else if (!add) {
+      // Don't care about the presence of all the bits. Just our own.
+      return 0;
+    }
+  }
+
+  if (hits == bloom->hashes) {
+    return 1;                // 1 == element already in (or collision)
+  }
+
+  return 0;
+}
+
+
+int bloom_init_size(struct bloom * bloom, int entries, double error,
+                    unsigned int cache_size)
+{
+  return bloom_init(bloom, entries, error);
+}
+
+
+int bloom_init(struct bloom * bloom, int entries, double error)
+{
+  bloom->ready = 0;
+
+  if (entries < 1 || error == 0) {
+    return 1;
+  }
+
+  bloom->entries = entries;
+  bloom->error = error;
+
+  double num = log(bloom->error);
+  double denom = 0.480453013918201; // ln(2)^2
+  bloom->bpe = -(num / denom);
+
+  double dentries = (double)entries;
+  bloom->bits = (int)(dentries * bloom->bpe);
+
+  if (bloom->bits % 8) {
+    bloom->bytes = (bloom->bits / 8) + 1;
+  } else {
+    bloom->bytes = bloom->bits / 8;
+  }
+
+  bloom->hashes = (int)ceil(0.693147180559945 * bloom->bpe);  // ln(2)
+
+  bloom->bf = (unsigned char *)calloc(bloom->bytes, sizeof(unsigned char));
+  if (bloom->bf == NULL) {
+    return 1;
+  }
+
+  bloom->ready = 1;
+  return 0;
+}
+
+
+int bloom_check(struct bloom * bloom, const void * buffer, int len)
+{
+  return bloom_check_add(bloom, buffer, len, 0);
+}
+
+
+int bloom_add(struct bloom * bloom, const void * buffer, int len)
+{
+  return bloom_check_add(bloom, buffer, len, 1);
+}
+
+
+void bloom_print(struct bloom * bloom)
+{
+  printf("bloom at %p\n", (void *)bloom);
+  printf(" ->entries = %d\n", bloom->entries);
+  printf(" ->error = %f\n", bloom->error);
+  printf(" ->bits = %d\n", bloom->bits);
+  printf(" ->bits per elem = %f\n", bloom->bpe);
+  printf(" ->bytes = %d\n", bloom->bytes);
+  printf(" ->hash functions = %d\n", bloom->hashes);
+}
+
+
+void bloom_free(struct bloom * bloom)
+{
+  if (bloom->ready) {
+    free(bloom->bf);
+  }
+  bloom->ready = 0;
+}
+
+
+int bloom_reset(struct bloom * bloom)
+{
+  if (!bloom->ready) return 1;
+  memset(bloom->bf, 0, bloom->bytes);
+  return 0;
+}
+
+
+const char * bloom_version()
+{
+  return MAKESTRING(BLOOM_VERSION);
+}
diff --git a/client/3rd/ShadowSocks/ShadowSocks/shadowsocks-libev/libbloom/bloom.h b/client/3rd/ShadowSocks/ShadowSocks/shadowsocks-libev/libbloom/bloom.h
new file mode 100644
index 00000000..532e0e34
--- /dev/null
+++ b/client/3rd/ShadowSocks/ShadowSocks/shadowsocks-libev/libbloom/bloom.h
@@ -0,0 +1,172 @@
+/*
+ *  Copyright (c) 2012-2016, Jyri J. Virkki
+ *  All rights reserved.
+ *
+ *  This file is under BSD license. See LICENSE file.
+ */
+
+#ifndef _BLOOM_H
+#define _BLOOM_H
+
+#ifdef __cplusplus
+extern "C" {
+#endif
+
+
+/** ***************************************************************************
+ * Structure to keep track of one bloom filter.  Caller needs to
+ * allocate this and pass it to the functions below. First call for
+ * every struct must be to bloom_init().
+ *
+ */
+struct bloom
+{
+  // These fields are part of the public interface of this structure.
+  // Client code may read these values if desired. Client code MUST NOT
+  // modify any of these.
+  int entries;
+  double error;
+  int bits;
+  int bytes;
+  int hashes;
+
+  // Fields below are private to the implementation. These may go away or
+  // change incompatibly at any moment. Client code MUST NOT access or rely
+  // on these.
+  double bpe;
+  unsigned char * bf;
+  int ready;
+};
+
+
+/** ***************************************************************************
+ * Initialize the bloom filter for use.
+ *
+ * The filter is initialized with a bit field and number of hash functions
+ * according to the computations from the wikipedia entry:
+ *     http://en.wikipedia.org/wiki/Bloom_filter
+ *
+ * Optimal number of bits is:
+ *     bits = (entries * ln(error)) / ln(2)^2
+ *
+ * Optimal number of hash functions is:
+ *     hashes = bpe * ln(2)
+ *
+ * Parameters:
+ * -----------
+ *     bloom   - Pointer to an allocated struct bloom (see above).
+ *     entries - The expected number of entries which will be inserted.
+ *     error   - Probability of collision (as long as entries are not
+ *               exceeded).
+ *
+ * Return:
+ * -------
+ *     0 - on success
+ *     1 - on failure
+ *
+ */
+int bloom_init(struct bloom * bloom, int entries, double error);
+
+
+/** ***************************************************************************
+ * Deprecated, use bloom_init()
+ *
+ */
+int bloom_init_size(struct bloom * bloom, int entries, double error,
+                    unsigned int cache_size);
+
+
+/** ***************************************************************************
+ * Check if the given element is in the bloom filter. Remember this may
+ * return false positive if a collision occured.
+ *
+ * Parameters:
+ * -----------
+ *     bloom  - Pointer to an allocated struct bloom (see above).
+ *     buffer - Pointer to buffer containing element to check.
+ *     len    - Size of 'buffer'.
+ *
+ * Return:
+ * -------
+ *     0 - element is not present
+ *     1 - element is present (or false positive due to collision)
+ *    -1 - bloom not initialized
+ *
+ */
+int bloom_check(struct bloom * bloom, const void * buffer, int len);
+
+
+/** ***************************************************************************
+ * Add the given element to the bloom filter.
+ * The return code indicates if the element (or a collision) was already in,
+ * so for the common check+add use case, no need to call check separately.
+ *
+ * Parameters:
+ * -----------
+ *     bloom  - Pointer to an allocated struct bloom (see above).
+ *     buffer - Pointer to buffer containing element to add.
+ *     len    - Size of 'buffer'.
+ *
+ * Return:
+ * -------
+ *     0 - element was not present and was added
+ *     1 - element (or a collision) had already been added previously
+ *    -1 - bloom not initialized
+ *
+ */
+int bloom_add(struct bloom * bloom, const void * buffer, int len);
+
+
+/** ***************************************************************************
+ * Print (to stdout) info about this bloom filter. Debugging aid.
+ *
+ */
+void bloom_print(struct bloom * bloom);
+
+
+/** ***************************************************************************
+ * Deallocate internal storage.
+ *
+ * Upon return, the bloom struct is no longer usable. You may call bloom_init
+ * again on the same struct to reinitialize it again.
+ *
+ * Parameters:
+ * -----------
+ *     bloom  - Pointer to an allocated struct bloom (see above).
+ *
+ * Return: none
+ *
+ */
+void bloom_free(struct bloom * bloom);
+
+/** ***************************************************************************
+ * Erase internal storage.
+ *
+ * Erases all elements. Upon return, the bloom struct returns to its initial
+ * (initialized) state.
+ *
+ * Parameters:
+ * -----------
+ *     bloom  - Pointer to an allocated struct bloom (see above).
+ *
+ * Return:
+ *     0 - on success
+ *     1 - on failure
+ *
+ */
+int bloom_reset(struct bloom * bloom);
+
+
+/** ***************************************************************************
+ * Returns version string compiled into library.
+ *
+ * Return: version string
+ *
+ */
+const char * bloom_version();
+
+#ifdef __cplusplus
+}
+#endif
+
+#endif
diff --git a/client/3rd/ShadowSocks/ShadowSocks/shadowsocks-libev/libbloom/misc/.gitignore b/client/3rd/ShadowSocks/ShadowSocks/shadowsocks-libev/libbloom/misc/.gitignore
new file mode 100644
index 00000000..c23ffd2b
--- /dev/null
+++ b/client/3rd/ShadowSocks/ShadowSocks/shadowsocks-libev/libbloom/misc/.gitignore
@@ -0,0 +1,2 @@
+data
+data.cmp
diff --git a/client/3rd/ShadowSocks/ShadowSocks/shadowsocks-libev/libbloom/misc/1.0/linux.10000.1 b/client/3rd/ShadowSocks/ShadowSocks/shadowsocks-libev/libbloom/misc/1.0/linux.10000.1
new file mode 100644
index 00000000..b205dd04
--- /dev/null
+++ b/client/3rd/ShadowSocks/ShadowSocks/shadowsocks-libev/libbloom/misc/1.0/linux.10000.1
@@ -0,0 +1,10 @@
+1000, 0
+2000, 0.24
+3000, 1.44
+4000, 5.16
+5000, 15.24
+6000, 34.2
+7000, 63.96
+8000, 113.92
+9000, 175.72
+10000, 269.24
diff --git a/client/3rd/ShadowSocks/ShadowSocks/shadowsocks-libev/libbloom/misc/1.0/linux.100000.1 b/client/3rd/ShadowSocks/ShadowSocks/shadowsocks-libev/libbloom/misc/1.0/linux.100000.1
new file mode 100644
index 00000000..cc58f9bb
--- /dev/null
+++ b/client/3rd/ShadowSocks/ShadowSocks/shadowsocks-libev/libbloom/misc/1.0/linux.100000.1
@@ -0,0 +1,10 @@
+10000, 0.16
+20000, 2.64
+30000, 15.32
+40000, 60.36
+50000, 158.32
+60000, 336.48
+70000, 649.32
+80000, 1109.2
+90000, 1784.48
+100000, 2691.52
diff --git a/client/3rd/ShadowSocks/ShadowSocks/shadowsocks-libev/libbloom/misc/1.0/linux.10000000.001 b/client/3rd/ShadowSocks/ShadowSocks/shadowsocks-libev/libbloom/misc/1.0/linux.10000000.001
new file mode 100644
index 00000000..b8913f62
--- /dev/null
+++ b/client/3rd/ShadowSocks/ShadowSocks/shadowsocks-libev/libbloom/misc/1.0/linux.10000000.001
@@ -0,0 +1,10 @@
+1000000, 0
+2000000, 0
+3000000, 0.04
+4000000, 0.32
+5000000, 2.6
+6000000, 13.96
+7000000, 57
+8000000, 184.36
+9000000, 509.52
+10000000, 1210.56
diff --git a/client/3rd/ShadowSocks/ShadowSocks/shadowsocks-libev/libbloom/misc/1.0/linux.10000000.01 b/client/3rd/ShadowSocks/ShadowSocks/shadowsocks-libev/libbloom/misc/1.0/linux.10000000.01
new file mode 100644
index 00000000..018af178
--- /dev/null
+++ b/client/3rd/ShadowSocks/ShadowSocks/shadowsocks-libev/libbloom/misc/1.0/linux.10000000.01
@@ -0,0 +1,10 @@
+1000000, 0
+2000000, 0.12
+3000000, 4.8
+4000000, 39.12
+5000000, 180.68
+6000000, 620.88
+7000000, 1749.44
+8000000, 4168.48
+9000000, 8716.72
+10000000, 16666.44
diff --git a/client/3rd/ShadowSocks/ShadowSocks/shadowsocks-libev/libbloom/misc/1.0/linux.10000000.1 b/client/3rd/ShadowSocks/ShadowSocks/shadowsocks-libev/libbloom/misc/1.0/linux.10000000.1
new file mode 100644
index 00000000..9010abd6
--- /dev/null
+++ b/client/3rd/ShadowSocks/ShadowSocks/shadowsocks-libev/libbloom/misc/1.0/linux.10000000.1
@@ -0,0 +1,10 @@
+1000000, 8.96
+2000000, 240.44
+3000000, 1561.84
+4000000, 5801.16
+5000000, 15577.6
+6000000, 34093.12
+7000000, 64954.48
+8000000, 112030.32
+9000000, 178613.72
+10000000, 268721.6
diff --git a/client/3rd/ShadowSocks/ShadowSocks/shadowsocks-libev/libbloom/misc/1.0/solaris.10000.1 b/client/3rd/ShadowSocks/ShadowSocks/shadowsocks-libev/libbloom/misc/1.0/solaris.10000.1
new file mode 100644
index 00000000..137a19aa
--- /dev/null
+++ b/client/3rd/ShadowSocks/ShadowSocks/shadowsocks-libev/libbloom/misc/1.0/solaris.10000.1
@@ -0,0 +1,10 @@
+1000, 0
+2000, 0.48
+3000, 1.4
+4000, 5.24
+5000, 15.84
+6000, 33.68
+7000, 68.12
+8000, 110.6
+9000, 178.96
+10000, 268.84
diff --git a/client/3rd/ShadowSocks/ShadowSocks/shadowsocks-libev/libbloom/misc/1.0/solaris.100000.1 b/client/3rd/ShadowSocks/ShadowSocks/shadowsocks-libev/libbloom/misc/1.0/solaris.100000.1
new file mode 100644
index 00000000..ba83665b
--- /dev/null
+++ b/client/3rd/ShadowSocks/ShadowSocks/shadowsocks-libev/libbloom/misc/1.0/solaris.100000.1
@@ -0,0 +1,10 @@
+10000, 0.08
+20000, 2.44
+30000, 18.16
+40000, 59.88
+50000, 151.84
+60000, 342.52
+70000, 656.04
+80000, 1113.56
+90000, 1795.76
+100000, 2690.04
diff --git a/client/3rd/ShadowSocks/ShadowSocks/shadowsocks-libev/libbloom/misc/1.0/solaris.10000000.001 b/client/3rd/ShadowSocks/ShadowSocks/shadowsocks-libev/libbloom/misc/1.0/solaris.10000000.001
new file mode 100644
index 00000000..dc2c61a7
--- /dev/null
+++ b/client/3rd/ShadowSocks/ShadowSocks/shadowsocks-libev/libbloom/misc/1.0/solaris.10000000.001
@@ -0,0 +1,10 @@
+1000000, 0
+2000000, 0
+3000000, 0.04
+4000000, 0.24
+5000000, 3.44
+6000000, 12.84
+7000000, 55.8
+8000000, 183.88
+9000000, 493.92
+10000000, 1224.08
diff --git a/client/3rd/ShadowSocks/ShadowSocks/shadowsocks-libev/libbloom/misc/1.0/solaris.10000000.01 b/client/3rd/ShadowSocks/ShadowSocks/shadowsocks-libev/libbloom/misc/1.0/solaris.10000000.01
new file mode 100644
index 00000000..f73de6f2
--- /dev/null
+++ b/client/3rd/ShadowSocks/ShadowSocks/shadowsocks-libev/libbloom/misc/1.0/solaris.10000000.01
@@ -0,0 +1,10 @@
+1000000, 0
+2000000, 0.36
+3000000, 4.04
+4000000, 38.52
+5000000, 175.08
+6000000, 631.96
+7000000, 1764.8
+8000000, 4164.16
+9000000, 8780.44
+10000000, 16635.36
diff --git a/client/3rd/ShadowSocks/ShadowSocks/shadowsocks-libev/libbloom/misc/1.0/solaris.10000000.1 b/client/3rd/ShadowSocks/ShadowSocks/shadowsocks-libev/libbloom/misc/1.0/solaris.10000000.1
new file mode 100644
index 00000000..78655992
--- /dev/null
+++ b/client/3rd/ShadowSocks/ShadowSocks/shadowsocks-libev/libbloom/misc/1.0/solaris.10000000.1
@@ -0,0 +1,10 @@
+1000000, 7.44
+2000000, 231.64
+3000000, 1567.76
+4000000, 5794.88
+5000000, 15564.04
+6000000, 34060.92
+7000000, 64926.88
+8000000, 111990.88
+9000000, 178743
+10000000, 268803.76
diff --git a/client/3rd/ShadowSocks/ShadowSocks/shadowsocks-libev/libbloom/misc/1.1/linux.10000.1 b/client/3rd/ShadowSocks/ShadowSocks/shadowsocks-libev/libbloom/misc/1.1/linux.10000.1
new file mode 100644
index 00000000..a9a98364
--- /dev/null
+++ b/client/3rd/ShadowSocks/ShadowSocks/shadowsocks-libev/libbloom/misc/1.1/linux.10000.1
@@ -0,0 +1,10 @@
+1000, 0
+2000, 0
+3000, 0
+4000, 0
+5000, 0.12
+6000, 0
+7000, 0.28
+8000, 0.2
+9000, 0.32
+10000, 1.04
diff --git a/client/3rd/ShadowSocks/ShadowSocks/shadowsocks-libev/libbloom/misc/1.1/linux.100000.1 b/client/3rd/ShadowSocks/ShadowSocks/shadowsocks-libev/libbloom/misc/1.1/linux.100000.1
new file mode 100644
index 00000000..33d75790
--- /dev/null
+++ b/client/3rd/ShadowSocks/ShadowSocks/shadowsocks-libev/libbloom/misc/1.1/linux.100000.1
@@ -0,0 +1,10 @@
+10000, 0
+20000, 4.48
+30000, 26.96
+40000, 95.52
+50000, 251.96
+60000, 522.12
+70000, 970.16
+80000, 1622.8
+90000, 2529.24
+100000, 3691.6
diff --git a/client/3rd/ShadowSocks/ShadowSocks/shadowsocks-libev/libbloom/misc/1.1/linux.10000000.001 b/client/3rd/ShadowSocks/ShadowSocks/shadowsocks-libev/libbloom/misc/1.1/linux.10000000.001
new file mode 100644
index 00000000..d811f81e
--- /dev/null
+++ b/client/3rd/ShadowSocks/ShadowSocks/shadowsocks-libev/libbloom/misc/1.1/linux.10000000.001
@@ -0,0 +1,10 @@
+1000000, 0.28
+2000000, 1.04
+3000000, 1.16
+4000000, 3.48
+5000000, 6.76
+6000000, 22.6
+7000000, 65.76
+8000000, 197.8
+9000000, 525.12
+10000000, 1234.48
diff --git a/client/3rd/ShadowSocks/ShadowSocks/shadowsocks-libev/libbloom/misc/1.1/linux.10000000.01 b/client/3rd/ShadowSocks/ShadowSocks/shadowsocks-libev/libbloom/misc/1.1/linux.10000000.01
new file mode 100644
index 00000000..69059b78
--- /dev/null
+++ b/client/3rd/ShadowSocks/ShadowSocks/shadowsocks-libev/libbloom/misc/1.1/linux.10000000.01
@@ -0,0 +1,10 @@
+1000000, 0.52
+2000000, 2.76
+3000000, 42.84
+4000000, 291.12
+5000000, 1222.52
+6000000, 3851.12
+7000000, 9718.96
+8000000, 20957.12
+9000000, 40128.24
+10000000, 70279.2
diff --git a/client/3rd/ShadowSocks/ShadowSocks/shadowsocks-libev/libbloom/misc/1.1/linux.10000000.1 b/client/3rd/ShadowSocks/ShadowSocks/shadowsocks-libev/libbloom/misc/1.1/linux.10000000.1
new file mode 100644
index 00000000..a59aca1d
--- /dev/null
+++ b/client/3rd/ShadowSocks/ShadowSocks/shadowsocks-libev/libbloom/misc/1.1/linux.10000000.1
@@ -0,0 +1,10 @@
+1000000, 8.68
+2000000, 236.6
+3000000, 1581.76
+4000000, 5780.84
+5000000, 15509.6
+6000000, 34036.8
+7000000, 64884.52
+8000000, 111586.72
+9000000, 178323.6
+10000000, 267998
diff --git a/client/3rd/ShadowSocks/ShadowSocks/shadowsocks-libev/libbloom/misc/1.1/solaris.10000.1 b/client/3rd/ShadowSocks/ShadowSocks/shadowsocks-libev/libbloom/misc/1.1/solaris.10000.1
new file mode 100644
index 00000000..02a34d6d
--- /dev/null
+++ b/client/3rd/ShadowSocks/ShadowSocks/shadowsocks-libev/libbloom/misc/1.1/solaris.10000.1
@@ -0,0 +1,10 @@
+1000, 0
+2000, 0
+3000, 0.48
+4000, 1.88
+5000, 4.68
+6000, 11.12
+7000, 25.12
+8000, 42.32
+9000, 69
+10000, 104.8
diff --git a/client/3rd/ShadowSocks/ShadowSocks/shadowsocks-libev/libbloom/misc/1.1/solaris.100000.1 b/client/3rd/ShadowSocks/ShadowSocks/shadowsocks-libev/libbloom/misc/1.1/solaris.100000.1
new file mode 100644
index 00000000..5e8fed31
--- /dev/null
+++ b/client/3rd/ShadowSocks/ShadowSocks/shadowsocks-libev/libbloom/misc/1.1/solaris.100000.1
@@ -0,0 +1,10 @@
+10000, 0.88
+20000, 13.64
+30000, 78.84
+40000, 243.12
+50000, 569.36
+60000, 1088.84
+70000, 1844.68
+80000, 2843.56
+90000, 4118.68
+100000, 5672.08
diff --git a/client/3rd/ShadowSocks/ShadowSocks/shadowsocks-libev/libbloom/misc/1.1/solaris.10000000.001 b/client/3rd/ShadowSocks/ShadowSocks/shadowsocks-libev/libbloom/misc/1.1/solaris.10000000.001
new file mode 100644
index 00000000..32f39846
--- /dev/null
+++ b/client/3rd/ShadowSocks/ShadowSocks/shadowsocks-libev/libbloom/misc/1.1/solaris.10000000.001
@@ -0,0 +1,10 @@
+1000000, 1.24
+2000000, 4.24
+3000000, 10.2
+4000000, 21.04
+5000000, 68.72
+6000000, 216.28
+7000000, 689.24
+8000000, 1878.12
+9000000, 4440.2
+10000000, 9494.76
diff --git a/client/3rd/ShadowSocks/ShadowSocks/shadowsocks-libev/libbloom/misc/1.1/solaris.10000000.01 b/client/3rd/ShadowSocks/ShadowSocks/shadowsocks-libev/libbloom/misc/1.1/solaris.10000000.01
new file mode 100644
index 00000000..cc6c2a48
--- /dev/null
+++ b/client/3rd/ShadowSocks/ShadowSocks/shadowsocks-libev/libbloom/misc/1.1/solaris.10000000.01
@@ -0,0 +1,10 @@
+1000000, 0.76
+2000000, 3.12
+3000000, 12.24
+4000000, 48.44
+5000000, 203.44
+6000000, 662.32
+7000000, 1793.6
+8000000, 4239.4
+9000000, 8839.64
+10000000, 16732.08
diff --git a/client/3rd/ShadowSocks/ShadowSocks/shadowsocks-libev/libbloom/misc/1.1/solaris.10000000.1 b/client/3rd/ShadowSocks/ShadowSocks/shadowsocks-libev/libbloom/misc/1.1/solaris.10000000.1
new file mode 100644
index 00000000..8692b22b
--- /dev/null
+++ b/client/3rd/ShadowSocks/ShadowSocks/shadowsocks-libev/libbloom/misc/1.1/solaris.10000000.1
@@ -0,0 +1,10 @@
+1000000, 40.68
+2000000, 1007.92
+3000000, 5946.2
+4000000, 19937.72
+5000000, 48851.76
+6000000, 98408.04
+7000000, 173404.48
+8000000, 278122.6
+9000000, 414522.92
+10000000, 585045.72
diff --git a/client/3rd/ShadowSocks/ShadowSocks/shadowsocks-libev/libbloom/misc/colcmp b/client/3rd/ShadowSocks/ShadowSocks/shadowsocks-libev/libbloom/misc/colcmp
new file mode 100755
index 00000000..4aa230e4
--- /dev/null
+++ b/client/3rd/ShadowSocks/ShadowSocks/shadowsocks-libev/libbloom/misc/colcmp
@@ -0,0 +1,99 @@
+#!/usr/bin/env perl
+
+#
+# Copyright (c) 2015, Jyri J. Virkki
+# All rights reserved.
+#
+# This file is under BSD license. See LICENSE file.
+#
+
+#
+# ./colcmp FILE1 [FILEn*]
+#
+# Graph one or more collision average runs (generated with colgraph).
+# The runs must be for the same SIZE (see colgraph).
+#
+# Requires ploticus to generate the graph. Note that the lines prefab
+# only supports four data sets so in practice that is the limit,
+# even though this script will process any number of input file.
+#
+# (To plot more than four, you could load the generated 'data.cmp'
+# file into an alternate graphing tool or spreadsheet instead of
+# relying on ploticus.)
+#
+
+$sets = 0;
+while (@ARGV) {
+    $files[$sets] = shift(@ARGV);
+    if (! -e $files[$sets]) {
+        die "$files[$sets] does not exist!\n";
+    }
+    $sets++;
+}
+
+if ($sets < 1) {
+    die "Need at least some data!\n";
+}
+
+for ($n = 0; $n < $sets; $n++) {
+    local *FILE;
+    open(FILE, $files[$n]);
+    $fh[$n] = *FILE;
+}
+
+open(OUT, ">data.cmp");
+
+# Read one line at a time from each input file.
+# All files must be comparable, meaning the count column
+# for each line must be the same, else give up.
+
+$points = 0;
+
+while(readline $fh[0]) {
+    chomp;
+    ($count, $avg[0]) = /(\d+), (\S+)/;
+
+    for ($n = 1; $n < $sets; $n++) {
+        $_ = readline $fh[$n]; chomp;
+        ($nc, $avg[$n]) = /(\d+), (\S+)/;
+        if ($nc ne $count) {
+            die "Mismatch in file $files[$n]: $nc instead of $count\n";
+        }
+    }
+
+    print OUT $count;
+    for ($n = 0; $n < $sets; $n++) {
+        print OUT " $avg[$n]";
+    }
+    print OUT "\n";
+
+    $points++;
+}
+
+# Close all files...
+for ($n = 0; $n < $sets; $n++) {
+    close($fh[$n]);
+}
+close(OUT);
+
+if (!$points) {
+    die "Nothing to show!\n";
+}
+
+$cmd = "ploticus -prefab lines data=data.cmp " .
+    " \"xrange=0 $count\" " .
+    " \"title=size = $count\" " .
+    "\"ylbl=collisions\" \"xlbl=count\" " .
+    "x=1 y=2 ";
+
+for ($n = 1; $n < $sets; $n++) {
+    $cmd .= " y" . ($n+1) . "=" . ($n+2);
+}
+
+$cmd .= " \"name=$files[0]\" ";
+for ($n = 1; $n < $sets; $n++) {
+    $cmd .= " \"name" . ($n+1) . "=$files[$n]\" ";
+}
+
+print "$cmd\n";
+system($cmd);
diff --git a/client/3rd/ShadowSocks/ShadowSocks/shadowsocks-libev/libbloom/misc/colgraph b/client/3rd/ShadowSocks/ShadowSocks/shadowsocks-libev/libbloom/misc/colgraph
new file mode 100755
index 00000000..afe97ac0
--- /dev/null
+++ b/client/3rd/ShadowSocks/ShadowSocks/shadowsocks-libev/libbloom/misc/colgraph
@@ -0,0 +1,58 @@
+#!/usr/bin/env perl
+
+#
+# Copyright (c) 2015, Jyri J. Virkki
+# All rights reserved.
+#
+# This file is under BSD license. See LICENSE file.
+#
+
+#
+# ./colgraph SIZE ERROR
+#
+# SIZE = size of bloom library to initialize
+# ERROR = expected error
+#
+# This script runs a random collision test (test-libbloom -c) $rounds
+# number of times for 10 element counts from SIZE/10 to SIZE. The
+# average of each run is saved in the 'data' file in the current
+# directory.
+#
+# If ploticus is available it'll also display a graph. Or you can use
+# any other graphing app or tool to process the 'data' file.
+#
+
+$rounds = 25;
+
+$size = shift(@ARGV);
+if (!$size) {
+    die "provide a size\n";
+}
+
+$error = shift(@ARGV);
+if (!$error) {
+    die "provide expected error\n";
+}
+
+open(OUT, ">data");
+for ($tenth = 1; $tenth < 11; $tenth++) {
+    $count = ($size / 10) * $tenth;
+
+    $avg = 0;
+    for ($n = 0; $n < $rounds; $n++) {
+        open(RES, "../build/test-libbloom -c $size $error $count |");
+        while(<RES>) {$got = $_;}
+        close(RES);
+        ($added, $coll) = $got =~ /count: (\d+), coll: (\d+)/;
+        $avg += $coll;
+    }
+    $avg /= $rounds;
+    print "ADDED $added, AVG.COLL $avg\n";
+    print OUT "$added, $avg\n";
+}
+close(OUT);
+
+$cmd = "ploticus -prefab lines data=data x=1 y=2 \"xrange=0 $size\" " .
+    "\"title=size = $size\" \"ylbl=collisions\" \"xlbl=count\" ";
+print "$cmd\n";
+system($cmd);
diff --git a/client/3rd/ShadowSocks/ShadowSocks/shadowsocks-libev/libbloom/misc/collisions/collision_data_v1.2.gz b/client/3rd/ShadowSocks/ShadowSocks/shadowsocks-libev/libbloom/misc/collisions/collision_data_v1.2.gz
new file mode 100644
index 00000000..96a73f0e
Binary files /dev/null and b/client/3rd/ShadowSocks/ShadowSocks/shadowsocks-libev/libbloom/misc/collisions/collision_data_v1.2.gz differ
diff --git a/client/3rd/ShadowSocks/ShadowSocks/shadowsocks-libev/libbloom/misc/collisions/collision_data_v1.2.gz.png b/client/3rd/ShadowSocks/ShadowSocks/shadowsocks-libev/libbloom/misc/collisions/collision_data_v1.2.gz.png
new file mode 100644
index 00000000..f3f03fab
Binary files /dev/null and b/client/3rd/ShadowSocks/ShadowSocks/shadowsocks-libev/libbloom/misc/collisions/collision_data_v1.2.gz.png differ
diff --git a/client/3rd/ShadowSocks/ShadowSocks/shadowsocks-libev/libbloom/misc/collisions/collision_data_v1.3.gz b/client/3rd/ShadowSocks/ShadowSocks/shadowsocks-libev/libbloom/misc/collisions/collision_data_v1.3.gz
new file mode 100644
index 00000000..61f73f37
Binary files /dev/null and b/client/3rd/ShadowSocks/ShadowSocks/shadowsocks-libev/libbloom/misc/collisions/collision_data_v1.3.gz differ
diff --git a/client/3rd/ShadowSocks/ShadowSocks/shadowsocks-libev/libbloom/misc/collisions/collision_data_v1.3.gz.png b/client/3rd/ShadowSocks/ShadowSocks/shadowsocks-libev/libbloom/misc/collisions/collision_data_v1.3.gz.png
new file mode 100644
index 00000000..3f038958
Binary files /dev/null and b/client/3rd/ShadowSocks/ShadowSocks/shadowsocks-libev/libbloom/misc/collisions/collision_data_v1.3.gz.png differ
diff --git a/client/3rd/ShadowSocks/ShadowSocks/shadowsocks-libev/libbloom/misc/collisions/dograph b/client/3rd/ShadowSocks/ShadowSocks/shadowsocks-libev/libbloom/misc/collisions/dograph
new file mode 100755
index 00000000..b729e25d
--- /dev/null
+++ b/client/3rd/ShadowSocks/ShadowSocks/shadowsocks-libev/libbloom/misc/collisions/dograph
@@ -0,0 +1,14 @@
+#!/usr/bin/env bash
+
+#
+# Generate graph from collision test data (requires ploticus).
+# See top Makefile target 'collision_test' for details.
+#
+# Invocation:
+#
+# ./dograph DATAFILE
+#
+
+zcat $1 > uncompressed
+ploticus -prefab lines data=uncompressed x=1 y=5 -maxfields 8000000 -maxrows 1000000 -maxvector 1000000 pointsym=none -png -o $1.png
+rm -f uncompressed
diff --git a/client/3rd/ShadowSocks/ShadowSocks/shadowsocks-libev/libbloom/misc/test/basic.c b/client/3rd/ShadowSocks/ShadowSocks/shadowsocks-libev/libbloom/misc/test/basic.c
new file mode 100644
index 00000000..c6e7dfa2
--- /dev/null
+++ b/client/3rd/ShadowSocks/ShadowSocks/shadowsocks-libev/libbloom/misc/test/basic.c
@@ -0,0 +1,58 @@
+/*
+ *  Copyright (c) 2016, Jyri J. Virkki
+ *  All rights reserved.
+ *
+ *  This file is under BSD license. See LICENSE file.
+ */
+
+#include <assert.h>
+#include <fcntl.h>
+#include <stdio.h>
+#include <stdlib.h>
+#include <string.h>
+#include <sys/stat.h>
+#include <sys/time.h>
+#include <sys/types.h>
+#include <unistd.h>
+
+#include "bloom.h"
+
+#ifdef __linux
+#include <sys/time.h>
+#include <time.h>
+#endif
+
+
+/** ***************************************************************************
+ * A few simple tests to check if it works at all.
+ *
+ * These are covered in the main test, repeated here just to create a test
+ * executable using the static libbloom library to exercise it as well.
+ *
+ */
+int main(int argc, char **argv)
+{
+  struct bloom bloom;
+
+  printf("----- Basic tests with static library -----\n");
+  assert(bloom_init(&bloom, 0, 1.0) == 1);
+  assert(bloom_init(&bloom, 10, 0) == 1);
+  assert(bloom.ready == 0);
+  assert(bloom_add(&bloom, "hello world", 11) == -1);
+  assert(bloom_check(&bloom, "hello world", 11) == -1);
+  bloom_free(&bloom);
+
+  assert(bloom_init(&bloom, 102, 0.1) == 0);
+  assert(bloom.ready == 1);
+  bloom_print(&bloom);
+
+  assert(bloom_check(&bloom, "hello world", 11) == 0);
+  assert(bloom_add(&bloom, "hello world", 11) == 0);
+  assert(bloom_check(&bloom, "hello world", 11) == 1);
+  assert(bloom_add(&bloom, "hello world", 11) > 0);
+  assert(bloom_add(&bloom, "hello", 5) == 0);
+  assert(bloom_add(&bloom, "hello", 5) > 0);
+  assert(bloom_check(&bloom, "hello", 5) == 1);
+  bloom_free(&bloom);
+  printf("----- DONE Basic tests with static library -----\n");
+}
diff --git a/client/3rd/ShadowSocks/ShadowSocks/shadowsocks-libev/libbloom/misc/test/test.c b/client/3rd/ShadowSocks/ShadowSocks/shadowsocks-libev/libbloom/misc/test/test.c
new file mode 100644
index 00000000..6e5723c0
--- /dev/null
+++ b/client/3rd/ShadowSocks/ShadowSocks/shadowsocks-libev/libbloom/misc/test/test.c
@@ -0,0 +1,289 @@
+/*
+ *  Copyright (c) 2012-2016, Jyri J. Virkki
+ *  All rights reserved.
+ *
+ *  This file is under BSD license. See LICENSE file.
+ */
+
+#include <assert.h>
+#include <fcntl.h>
+#include <stdint.h>
+#include <stdio.h>
+#include <stdlib.h>
+#include <string.h>
+#include <sys/stat.h>
+#include <sys/time.h>
+#include <sys/types.h>
+#include <unistd.h>
+
+#include "bloom.h"
+
+#ifdef __linux
+#include <sys/time.h>
+#include <time.h>
+#endif
+
+
+/** ***************************************************************************
+ * A few simple tests to check if it works at all.
+ *
+ */
+static int basic()
+{
+  printf("----- basic -----\n");
+
+  struct bloom bloom;
+
+  assert(bloom_init(&bloom, 0, 1.0) == 1);
+  assert(bloom_init(&bloom, 10, 0) == 1);
+  assert(bloom.ready == 0);
+  assert(bloom_add(&bloom, "hello world", 11) == -1);
+  assert(bloom_check(&bloom, "hello world", 11) == -1);
+  bloom_free(&bloom);
+
+  assert(bloom_init(&bloom, 102, 0.1) == 0);
+  assert(bloom.ready == 1);
+  bloom_print(&bloom);
+
+  assert(bloom_check(&bloom, "hello world", 11) == 0);
+  assert(bloom_add(&bloom, "hello world", 11) == 0);
+  assert(bloom_check(&bloom, "hello world", 11) == 1);
+  assert(bloom_add(&bloom, "hello world", 11) > 0);
+  assert(bloom_add(&bloom, "hello", 5) == 0);
+  assert(bloom_add(&bloom, "hello", 5) > 0);
+  assert(bloom_check(&bloom, "hello", 5) == 1);
+  bloom_free(&bloom);
+
+  return 0;
+}
+
+
+/** ***************************************************************************
+ * Create a bloom filter with given parameters and add 'count' random elements
+ * into it to see if collission rates are within expectations.
+ *
+ */
+static int add_random(int entries, double error, int count,
+                      int quiet, int check_error, uint8_t elem_size, int validate)
+{
+  if (!quiet) {
+    printf("----- add_random(%d, %f, %d, %d, %d, %d, %d) -----\n",
+           entries, error, count, quiet, check_error, elem_size, validate);
+  }
+
+  struct bloom bloom;
+  assert(bloom_init(&bloom, entries, error) == 0);
+  if (!quiet) { bloom_print(&bloom); }
+
+  char block[elem_size];
+  uint8_t * saved = NULL;
+  uint8_t * savedp = NULL;
+  int collisions = 0;
+  int n;
+
+  int fd = open("/dev/urandom", O_RDONLY);
+  if (fd < 0) {
+    printf("error: unable to open /dev/random\n");
+    exit(1);
+  }
+
+  if (validate) {
+    saved = (uint8_t *)malloc(elem_size * count);
+    if (!saved) {
+      printf("error: unable to allocate buffer for validation\n");
+      exit(1);
+    }
+    savedp = saved;
+  }
+
+  for (n = 0; n < count; n++) {
+    assert(read(fd, block, elem_size) == elem_size);
+    memcpy(savedp, block, elem_size);
+    savedp += elem_size;
+    if (bloom_add(&bloom, (void *)block, elem_size)) { collisions++; }
+  }
+  close(fd);
+
+  double er = (double)collisions / (double)count;
+
+  if (!quiet) {
+    printf("entries: %d, error: %f, count: %d, coll: %d, error: %f, "
+           "bytes: %d\n",
+           entries, error, count, collisions, er, bloom.bytes);
+  } else {
+    printf("%d %f %d %d %f %d\n",
+           entries, error, count, collisions, er, bloom.bytes);
+  }
+
+  if (check_error && er > error) {
+    printf("error: expected error %f but observed %f\n", error, er);
+    exit(1);
+  }
+
+  if (validate) {
+    for (n = 0; n < count; n++) {
+      if (!bloom_check(&bloom, saved + (n * elem_size), elem_size)) {
+        printf("error: data saved in filter is not there!\n");
+        exit(1);
+      }
+    }
+  }
+
+  bloom_free(&bloom);
+  if (saved) { free(saved); }
+  return 0;
+}
+
+
+/** ***************************************************************************
+ * Simple loop to compare performance.
+ *
+ */
+static int perf_loop(int entries, int count)
+{
+  printf("----- perf_loop -----\n");
+
+  struct bloom bloom;
+  assert(bloom_init(&bloom, entries, 0.001) == 0);
+  bloom_print(&bloom);
+
+  int i;
+  int collisions = 0;
+
+  struct timeval tp;
+  gettimeofday(&tp, NULL);
+  long before = (tp.tv_sec * 1000L) + (tp.tv_usec / 1000L);
+
+  for (i = 0; i < count; i++) {
+    if (bloom_add(&bloom, (void *)&i, sizeof(int))) { collisions++; }
+  }
+
+  gettimeofday(&tp, NULL);
+  long after = (tp.tv_sec * 1000L) + (tp.tv_usec / 1000L);
+
+  printf("Added %d elements of size %d, took %d ms (collisions=%d)\n",
+         count, (int)sizeof(int), (int)(after - before), collisions);
+
+  printf("%d,%d,%ld\n", entries, bloom.bytes, after - before);
+
+  bloom_print(&bloom);
+  bloom_free(&bloom);
+
+  return 0;
+}
+
+
+/** ***************************************************************************
+ * Default set of basic tests.
+ *
+ * These should run reasonably quick so they can be run all the time.
+ *
+ */
+static int basic_tests()
+{
+  int rv = 0;
+
+  rv += basic();
+  rv += add_random(10, 0.1, 10, 0, 1, 32, 1);
+  rv += add_random(10000, 0.1, 10000, 0, 1, 32, 1);
+  rv += add_random(10000, 0.01, 10000, 0, 1, 32, 1);
+  rv += add_random(10000, 0.001, 10000, 0, 1, 32, 1);
+  rv += add_random(10000, 0.0001, 10000, 0, 1, 32, 1);
+  rv += add_random(1000000, 0.0001, 1000000, 0, 1, 32, 1);
+
+  printf("\nBrought to you by libbloom-%s\n", bloom_version());
+
+  return 0;
+}
+
+
+/** ***************************************************************************
+ * Some longer-running tests.
+ *
+ */
+static int larger_tests()
+{
+  int rv = 0;
+  int e;
+
+  printf("\nAdd 10M elements and verify (0.00001)\n");
+  rv += add_random(10000000, 0.00001, 10000000, 0, 1, 32, 1);
+
+  printf("\nChecking collision rates with filters from 100K to 1M (0.001)\n");
+  for (e = 100000; e <= 1000000; e+= 100) {
+    rv += add_random(e, 0.001, e, 1, 1, 8, 1);
+  }
+
+  return rv;
+}
+
+
+/** ***************************************************************************
+ * With no options, runs brief default tests.
+ *
+ * With -L, runs some longer-running tests.
+ *
+ * To test collisions over a range of sizes: -G START END INCREMENT ERROR
+ * This produces output that can be graphed with collisions/dograph
+ * See also collision_test make target.
+ *
+ * To test collisions, run with options: -c ENTRIES ERROR COUNT
+ * Where 'ENTRIES' is the expected number of entries used to initialize the
+ * bloom filter and 'ERROR' is the acceptable probability of collision
+ * used to initialize the bloom filter. 'COUNT' is the actual number of
+ * entries inserted.
+ *
+ * To test performance only, run with options:  -p ENTRIES COUNT
+ * Where 'ENTRIES' is the expected number of entries used to initialize the
+ * bloom filter and 'COUNT' is the actual number of entries inserted.
+ *
+ */
+int main(int argc, char **argv)
+{
+  // Calls return() instead of exit() just to make valgrind mark as
+  // an error any reachable allocations. That makes them show up
+  // when running the tests.
+
+  int rv = 0;
+
+  if (argc == 1) {
+    printf("----- Running basic tests -----\n");
+    rv = basic_tests();
+    printf("----- DONE Running basic tests -----\n");
+    return rv;
+  }
+
+  if (!strncmp(argv[1], "-L", 2)) {
+    return larger_tests();
+  }
+
+  if (!strncmp(argv[1], "-G", 2)) {
+    if (argc != 6) {
+      printf("-G START END INCREMENT ERROR\n");
+      return 1;
+    }
+    int e;
+    for (e = atoi(argv[2]); e <= atoi(argv[3]); e+= atoi(argv[4])) {
+      rv += add_random(e, atof(argv[5]), e, 1, 0, 32, 1);
+    }
+    return rv;
+  }
+
+  if (!strncmp(argv[1], "-c", 2)) {
+    if (argc != 5) {
+      printf("-c ENTRIES ERROR COUNT\n");
+      return 1;
+    }
+
+    return add_random(atoi(argv[2]), atof(argv[3]), atoi(argv[4]), 0, 1, 32, 1);
+  }
+
+  if (!strncmp(argv[1], "-p", 2)) {
+    if (argc != 4) {
+      printf("-p ENTRIES COUNT\n");
+    }
+    return perf_loop(atoi(argv[2]), atoi(argv[3]));
+  }
+
+  return rv;
+}
diff --git a/client/3rd/ShadowSocks/ShadowSocks/shadowsocks-libev/libbloom/murmur2/MurmurHash2.c b/client/3rd/ShadowSocks/ShadowSocks/shadowsocks-libev/libbloom/murmur2/MurmurHash2.c
new file mode 100644
index 00000000..32c4c32b
--- /dev/null
+++ b/client/3rd/ShadowSocks/ShadowSocks/shadowsocks-libev/libbloom/murmur2/MurmurHash2.c
@@ -0,0 +1,64 @@
+//-----------------------------------------------------------------------------
+// MurmurHash2, by Austin Appleby
+
+// Note - This code makes a few assumptions about how your machine behaves -
+
+// 1. We can read a 4-byte value from any address without crashing
+// 2. sizeof(int) == 4
+
+// And it has a few limitations -
+
+// 1. It will not work incrementally.
+// 2. It will not produce the same results on little-endian and big-endian
+//    machines.
+
+unsigned int murmurhash2(const void * key, int len, const unsigned int seed)
+{
+	// 'm' and 'r' are mixing constants generated offline.
+	// They're not really 'magic', they just happen to work well.
+
+	const unsigned int m = 0x5bd1e995;
+	const int r = 24;
+
+	// Initialize the hash to a 'random' value
+
+	unsigned int h = seed ^ len;
+
+	// Mix 4 bytes at a time into the hash
+
+	const unsigned char * data = (const unsigned char *)key;
+
+	while(len >= 4)
+	{
+		unsigned int k = *(unsigned int *)data;
+
+		k *= m;
+		k ^= k >> r;
+		k *= m;
+
+		h *= m;
+		h ^= k;
+
+		data += 4;
+		len -= 4;
+	}
+
+	// Handle the last few bytes of the input array
+
+	switch(len)
+	{
+	case 3: h ^= data[2] << 16;
+	case 2: h ^= data[1] << 8;
+	case 1: h ^= data[0];
+	        h *= m;
+	};
+
+	// Do a few final mixes of the hash to ensure the last few
+	// bytes are well-incorporated.
+
+	h ^= h >> 13;
+	h *= m;
+	h ^= h >> 15;
+
+	return h;
+}
diff --git a/client/3rd/ShadowSocks/ShadowSocks/shadowsocks-libev/libbloom/murmur2/README b/client/3rd/ShadowSocks/ShadowSocks/shadowsocks-libev/libbloom/murmur2/README
new file mode 100644
index 00000000..ce24d713
--- /dev/null
+++ b/client/3rd/ShadowSocks/ShadowSocks/shadowsocks-libev/libbloom/murmur2/README
@@ -0,0 +1,9 @@
+
+MurmurHash2.c is taken from
+
+http://sites.google.com/site/murmurhash/
+
+According to the above document:
+
+  All code is released to the public domain. For business purposes,
+  Murmurhash is under the MIT license.
diff --git a/client/3rd/ShadowSocks/ShadowSocks/shadowsocks-libev/libbloom/murmur2/murmurhash2.h b/client/3rd/ShadowSocks/ShadowSocks/shadowsocks-libev/libbloom/murmur2/murmurhash2.h
new file mode 100644
index 00000000..e607381e
--- /dev/null
+++ b/client/3rd/ShadowSocks/ShadowSocks/shadowsocks-libev/libbloom/murmur2/murmurhash2.h
@@ -0,0 +1,7 @@
+
+#ifndef _BLOOM_MURMURHASH2
+#define _BLOOM_MURMURHASH2
+
+unsigned int murmurhash2(const void * key, int len, const unsigned int seed);
+
+#endif
diff --git a/client/3rd/ShadowSocks/ShadowSocks/shadowsocks-libev/libcork/.buzzy/links.yaml b/client/3rd/ShadowSocks/ShadowSocks/shadowsocks-libev/libcork/.buzzy/links.yaml
new file mode 100644
index 00000000..a8489b52
--- /dev/null
+++ b/client/3rd/ShadowSocks/ShadowSocks/shadowsocks-libev/libcork/.buzzy/links.yaml
@@ -0,0 +1,2 @@
+- git://github.com/redjack/buzzy-core.git
+- git://github.com/redjack/check.git
diff --git a/client/3rd/ShadowSocks/ShadowSocks/shadowsocks-libev/libcork/.buzzy/package.yaml b/client/3rd/ShadowSocks/ShadowSocks/shadowsocks-libev/libcork/.buzzy/package.yaml
new file mode 100644
index 00000000..8a94290c
--- /dev/null
+++ b/client/3rd/ShadowSocks/ShadowSocks/shadowsocks-libev/libcork/.buzzy/package.yaml
@@ -0,0 +1,5 @@
+name: libcork
+build_dependencies:
+  - pkg-config
+  - check >= 0.9.4
+license: BSD
diff --git a/client/3rd/ShadowSocks/ShadowSocks/shadowsocks-libev/libcork/.gitignore b/client/3rd/ShadowSocks/ShadowSocks/shadowsocks-libev/libcork/.gitignore
new file mode 100644
index 00000000..93d1fe1f
--- /dev/null
+++ b/client/3rd/ShadowSocks/ShadowSocks/shadowsocks-libev/libcork/.gitignore
@@ -0,0 +1,15 @@
+/build/
+/.build/
+
+RELEASE-VERSION
+
+/libcork*.tar.gz
+/libcork*.tar.bz2
+
+*.[oa]
+*.os
+*.so
+*.dylib
+
+!.travis.yml
+!.travis/
diff --git a/client/3rd/ShadowSocks/ShadowSocks/shadowsocks-libev/libcork/.travis.yml b/client/3rd/ShadowSocks/ShadowSocks/shadowsocks-libev/libcork/.travis.yml
new file mode 100644
index 00000000..c5988074
--- /dev/null
+++ b/client/3rd/ShadowSocks/ShadowSocks/shadowsocks-libev/libcork/.travis.yml
@@ -0,0 +1,20 @@
+language: c
+compiler:
+  - clang
+  - gcc
+env:
+  - ARCH=i386 ENABLE_SHARED_EXECUTABLES=YES
+  - ARCH=amd64 ENABLE_SHARED_EXECUTABLES=YES
+  - ARCH=i386 ENABLE_SHARED_EXECUTABLES=NO
+  - ARCH=amd64 ENABLE_SHARED_EXECUTABLES=NO
+os:
+  - linux
+  - osx
+install: .travis/install
+script: .travis/test
+
+# In addition to pull requests, always build these branches
+branches:
+  only:
+    - master
+    - develop
diff --git a/client/3rd/ShadowSocks/ShadowSocks/shadowsocks-libev/libcork/.travis/install b/client/3rd/ShadowSocks/ShadowSocks/shadowsocks-libev/libcork/.travis/install
new file mode 100755
index 00000000..eb1409bf
--- /dev/null
+++ b/client/3rd/ShadowSocks/ShadowSocks/shadowsocks-libev/libcork/.travis/install
@@ -0,0 +1,15 @@
+#!/bin/sh
+
+set -e
+
+if [ "$TRAVIS_OS_NAME" = linux ]; then
+    sudo apt-get update -qq
+
+    if [ "$ARCH" = i386 ]; then
+        sudo apt-get install gcc-multilib
+    fi
+
+    sudo apt-get install check:$ARCH
+else
+    brew install --universal check
+fi
diff --git a/client/3rd/ShadowSocks/ShadowSocks/shadowsocks-libev/libcork/.travis/test b/client/3rd/ShadowSocks/ShadowSocks/shadowsocks-libev/libcork/.travis/test
new file mode 100755
index 00000000..4fa2f1bb
--- /dev/null
+++ b/client/3rd/ShadowSocks/ShadowSocks/shadowsocks-libev/libcork/.travis/test
@@ -0,0 +1,27 @@
+#!/bin/sh
+
+set -e
+
+mkdir .build
+cd .build
+
+if [ "$TRAVIS_OS_NAME" = linux ]; then
+    if [ "$ARCH" = i386 ]; then
+        ARCH_FLAGS="-m32"
+    else
+        ARCH_FLAGS=""
+    fi
+elif [ "$TRAVIS_OS_NAME" = osx ]; then
+    if [ "$ARCH" = i386 ]; then
+        ARCH_FLAGS="-arch i386"
+    else
+        ARCH_FLAGS="-arch x86_64"
+    fi
+fi
+
+cmake .. \
+    -DCMAKE_BUILD_TYPE=RelWithDebInfo \
+    -DCMAKE_C_FLAGS_RELWITHDEBINFO="-g -O3 $ARCH_FLAGS" \
+    -DENABLE_SHARED_EXECUTABLES="${ENABLE_SHARED_EXECUTABLES}"
+make
+make test
diff --git a/client/3rd/ShadowSocks/ShadowSocks/shadowsocks-libev/libcork/CMakeLists.txt b/client/3rd/ShadowSocks/ShadowSocks/shadowsocks-libev/libcork/CMakeLists.txt
new file mode 100644
index 00000000..10080bc9
--- /dev/null
+++ b/client/3rd/ShadowSocks/ShadowSocks/shadowsocks-libev/libcork/CMakeLists.txt
@@ -0,0 +1,128 @@
+# -*- coding: utf-8 -*-
+# ----------------------------------------------------------------------
+# Copyright © 2011-2015, RedJack, LLC.
+# All rights reserved.
+#
+# Please see the COPYING file in this distribution for license details.
+# ----------------------------------------------------------------------
+
+cmake_minimum_required(VERSION 2.6)
+set(PROJECT_NAME libcork)
+set(RELEASE_DATE 2015-09-03)
+project(${PROJECT_NAME})
+enable_testing()
+
+set(CMAKE_MODULE_PATH "${CMAKE_CURRENT_SOURCE_DIR}/cmake")
+find_package(ParseArguments)
+find_package(Prereqs)
+find_package(CTargets)
+
+#-----------------------------------------------------------------------
+# Retrieve the current version number
+
+execute_process(COMMAND ${CMAKE_CURRENT_SOURCE_DIR}/version.sh
+    WORKING_DIRECTORY ${CMAKE_CURRENT_SOURCE_DIR}
+    RESULT_VARIABLE VERSION_RESULT
+    OUTPUT_VARIABLE VERSION
+    OUTPUT_STRIP_TRAILING_WHITESPACE)
+if(VERSION_RESULT)
+    message(FATAL_ERROR
+            "Cannot determine version number: " ${VERSION_RESULT})
+endif(VERSION_RESULT)
+# This causes an annoying extra prompt in ccmake.
+# message("Current version: " ${VERSION})
+
+string(REGEX REPLACE "-dev.*" "-dev" BASE_VERSION "${VERSION}")
+
+if(BASE_VERSION MATCHES "^([0-9]+)\\.([0-9]+)\\.([0-9]+)(-dev)?$")
+    set(VERSION_MAJOR "${CMAKE_MATCH_1}")
+    set(VERSION_MINOR "${CMAKE_MATCH_2}")
+    set(VERSION_PATCH "${CMAKE_MATCH_3}")
+else(BASE_VERSION MATCHES "^([0-9]+)\\.([0-9]+)\\.([0-9]+)(-dev)?$")
+    message(FATAL_ERROR "Invalid version number: ${VERSION}")
+endif(BASE_VERSION MATCHES "^([0-9]+)\\.([0-9]+)\\.([0-9]+)(-dev)?$")
+
+execute_process(
+    COMMAND git rev-parse HEAD
+    WORKING_DIRECTORY ${CMAKE_CURRENT_SOURCE_DIR}
+    RESULT_VARIABLE GIT_SHA1_RESULT
+    OUTPUT_VARIABLE GIT_SHA1
+    OUTPUT_STRIP_TRAILING_WHITESPACE
+)
+if(GIT_SHA1_RESULT)
+    message(FATAL_ERROR
+            "Cannot determine git commit: " ${GIT_SHA1_RESULT})
+endif(GIT_SHA1_RESULT)
+
+#-----------------------------------------------------------------------
+# Check for building on Tilera
+# If the Tilera environment is installed, then $TILERA_ROOT is defined
+# as the path to the active MDE.
+
+if(DEFINED ENV{TILERA_ROOT})
+    set(TILERA TRUE)
+    set(TILERA_ROOT $ENV{TILERA_ROOT})
+    message("-- Configuring for Tilera MDE ${TILERA_ROOT}")
+    set(ENV{PKG_CONFIG_PATH}
+        "${TILERA_ROOT}/tile/usr/lib/pkgconfig:${TILERA_ROOT}/tile/usr/local/lib/pkgconfig:$ENV{PKG_CONFIG_PATH}"
+    )
+    set(CMAKE_SYSTEM_NAME "Tilera")
+    set(CMAKE_SYSTEM_PROCESSOR "tilegx")
+    set(CMAKE_C_COMPILER "${TILERA_ROOT}/bin/tile-gcc")
+    set(CMAKE_LINKER "${TILERA_ROOT}/bin/tile-ld")
+    set(TILERA_MONITOR "${TILERA_ROOT}/bin/tile-monitor")
+    #add_definitions(-std=gnu99)
+    set(CMAKE_FIND_ROOT_PATH "${TILERA_ROOT}/tile")
+    set(CMAKE_FIND_ROOT_PATH_MODE_PROGRAM ONLY)
+    set(CMAKE_FIND_ROOT_PATH_MODE_LIBRARY ONLY)
+    set(CMAKE_FIND_ROOT_PATH_MODE_INCLUDE ONLY)
+endif()
+
+#-----------------------------------------------------------------------
+# Set some options
+
+if(APPLE)
+    if (NOT CMAKE_INSTALL_NAME_DIR)
+        set(CMAKE_INSTALL_NAME_DIR "${CMAKE_INSTALL_PREFIX}/lib")
+    endif (NOT CMAKE_INSTALL_NAME_DIR)
+endif(APPLE)
+
+if(NOT CMAKE_BUILD_TYPE)
+    set(CMAKE_BUILD_TYPE Release CACHE STRING
+        "Choose the type of build, options are: None Debug Release RelWithDebInfo MinSizeRel."
+        FORCE)
+endif(NOT CMAKE_BUILD_TYPE)
+
+set(ENABLE_SHARED YES CACHE BOOL "Whether to build a shared library")
+set(ENABLE_SHARED_EXECUTABLES NO CACHE BOOL
+    "Whether to link executables using shared libraries")
+set(ENABLE_STATIC YES CACHE BOOL "Whether to build a static library")
+
+set(CMAKE_INSTALL_LIBDIR lib CACHE STRING
+    "The base name of the installation directory for libraries")
+
+if(CMAKE_C_COMPILER_ID STREQUAL "GNU")
+    add_definitions(-Wall -Werror)
+elseif(CMAKE_C_COMPILER_ID STREQUAL "Clang")
+    add_definitions(-Wall -Werror)
+elseif(CMAKE_C_COMPILER_ID STREQUAL "Intel")
+    add_definitions(-Wall -Werror)
+endif(CMAKE_C_COMPILER_ID STREQUAL "GNU")
+
+include(GNUInstallDirs)
+
+#-----------------------------------------------------------------------
+# Check for prerequisite libraries
+
+find_package(Threads)
+set(THREADS_LDFLAGS "${CMAKE_THREAD_LIBS_INIT}")
+set(THREADS_STATIC_LDFLAGS "${CMAKE_THREAD_LIBS_INIT}")
+
+#-----------------------------------------------------------------------
+# Include our subdirectories
+
+add_subdirectory(include)
+add_subdirectory(share)
+add_subdirectory(src)
+add_subdirectory(tests)
+add_subdirectory(docs/old)
diff --git a/client/3rd/ShadowSocks/ShadowSocks/shadowsocks-libev/libcork/COPYING b/client/3rd/ShadowSocks/ShadowSocks/shadowsocks-libev/libcork/COPYING
new file mode 100644
index 00000000..fb012030
--- /dev/null
+++ b/client/3rd/ShadowSocks/ShadowSocks/shadowsocks-libev/libcork/COPYING
@@ -0,0 +1,30 @@
+Copyright © 2011-2012, RedJack, LLC.
+All rights reserved.
+
+Redistribution and use in source and binary forms, with or without
+modification, are permitted provided that the following conditions are
+met:
+
+  • Redistributions of source code must retain the above copyright
+    notice, this list of conditions and the following disclaimer.
+
+  • Redistributions in binary form must reproduce the above copyright
+    notice, this list of conditions and the following disclaimer in
+    the documentation and/or other materials provided with the
+    distribution.
+
+  • Neither the name of RedJack Software, LLC nor the names of its
+    contributors may be used to endorse or promote products derived
+    from this software without specific prior written permission.
+
+THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS
+"AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT
+LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR
+A PARTICULAR PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE COPYRIGHT
+HOLDER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
+SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT
+LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,
+DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY
+THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
+(INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE
+OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
diff --git a/client/3rd/ShadowSocks/ShadowSocks/shadowsocks-libev/libcork/INSTALL b/client/3rd/ShadowSocks/ShadowSocks/shadowsocks-libev/libcork/INSTALL
new file mode 100644
index 00000000..a21b92aa
--- /dev/null
+++ b/client/3rd/ShadowSocks/ShadowSocks/shadowsocks-libev/libcork/INSTALL
@@ -0,0 +1,57 @@
+Installation instructions
+=========================
+
+The libcork library is written in ANSI C.  It uses cmake as its build
+manager.
+
+
+Prerequisite libraries
+----------------------
+
+To build libcork, you need the following libraries installed on your
+system:
+
+  * pkg-config
+  * check (http://check.sourceforge.net)
+
+
+Building from source
+--------------------
+
+The libcork library uses cmake as its build manager.  In most cases, you
+should be able to build the source code using the following:
+
+    $ mkdir build
+    $ cd build
+    $ cmake .. -DCMAKE_INSTALL_PREFIX=$PREFIX
+    $ make
+    $ make test
+    $ make install
+
+You might have to run the last command using sudo, if you need
+administrative privileges to write to the $PREFIX directory.
+
+
+Shared and static libraries
+---------------------------
+
+You can use the `ENABLE_SHARED` and `ENABLE_STATIC` cmake options to control
+whether or not to install shared and static versions of libcork, respectively.
+By default, both are installed.
+
+You can use the `ENABLE_SHARED_EXECUTABLE` cmake option to control whether the
+programs that we install link with libcork's shared library or static library.
+(Note that this can override the value of `ENABLE_SHARED`; if you ask for the
+programs to link with the shared library, then we have to install that shared
+library for the programs to work properly.)  By default, we link with libcork
+statically.
+
+So, as an example, if you wanted to only build and install the shared library,
+and to have our programs link with that shared library, you'd replace the cmake
+command with the following:
+
+    $ cmake .. \
+        -DCMAKE_INSTALL_PREFIX=$PREFIX \
+        -DENABLE_SHARED=YES \
+        -DENABLE_STATIC=NO \
+        -DENABLE_SHARED_EXECUTABLES=YES
diff --git a/client/3rd/ShadowSocks/ShadowSocks/shadowsocks-libev/libcork/README.markdown b/client/3rd/ShadowSocks/ShadowSocks/shadowsocks-libev/libcork/README.markdown
new file mode 100644
index 00000000..c1506c44
--- /dev/null
+++ b/client/3rd/ShadowSocks/ShadowSocks/shadowsocks-libev/libcork/README.markdown
@@ -0,0 +1,67 @@
+# libcork
+
+[![Build Status](https://img.shields.io/travis/redjack/libcork/develop.svg)](https://travis-ci.org/redjack/libcork)
+
+So what is libcork, exactly?  It's a “simple, easily embeddable,
+cross-platform C library”.  It falls roughly into the same category as
+[glib](http://library.gnome.org/devel/glib/) or
+[APR](http://apr.apache.org/) in the C world; the STL,
+[POCO](http://pocoproject.org/), or [QtCore](http://qt.nokia.com/)
+in the C++ world; or the standard libraries of any decent dynamic
+language.
+
+So if libcork has all of these comparables, why a new library?  Well,
+none of the C++ options are really applicable here.  And none of the C
+options work, because one of the main goals is to have the library be
+highly modular, and useful in resource-constrained systems.  Once we
+describe some of the design decisions that we've made in libcork, you'll
+hopefully see how this fits into an interesting niche of its own.
+
+## Using libcork
+
+There are two primary ways to use libcork in your own software project:
+as a _shared library_, or _embedded_.
+
+When you use libcork as a shared library, you install it just like you
+would any other C library.  We happen to use CMake as our build system,
+so you follow the usual CMake recipe to install the library.  (See the
+[INSTALL](INSTALL) file for details.)  All of the libcork code is
+contained within a single shared library (called libcork.so,
+libcork.dylib, or cork.dll, depending on the system).  We also install a
+pkg-config file that makes it easy to add the appropriate compiler flags
+in your own build scripts.  So, you use pkg-config to find libcork's
+include and library files, link with libcork, and you're good to go.
+
+The alternative is to embed libcork into your own software project's
+directory structure.  In this case, your build scripts compile the
+libcork source along with the rest of your code.  This has some
+advantages for resource-constrained systems, since (assuming your
+compiler and linker are any good), you only include the libcork routines
+that you actually use.  And if your toolchain supports link-time
+optimization, the libcork routines can be optimized into the rest of
+your code.
+
+Which should you use?  That's really up to you.  Linking against the
+shared library adds a runtime dependency, but gives you the usual
+benefits of shared libraries: the library in memory is shared across
+each program that uses it; you can install a single bug-fix update and
+all libcork programs automatically take advantage of the new release;
+etc.  The embedding option is great if you really need to make your
+library as small as possible, or if you don't want to add that runtime
+dependency.
+
+## Design decisions
+
+Note that having libcork be **easily** embeddable has some ramifications
+on the library's design.  In particular, we don't want to make any
+assumptions about which build system you're embedding libcork into.  We
+happen to use CMake, but you might be using autotools, waf, scons, or
+any number of others.  Most cross-platform libraries follow the
+autotools model of performing some checks at compile time (maybe during
+a separate “configure” phase, maybe not) to choose the right API
+implementation for the current platform.  Since we can't assume a build
+system, we have to take a different approach, and do as many checks as
+we can using the C preprocessor.  Any check that we can't make in the
+preprocessor has to be driven by a C preprocessor macro definition,
+which you (the libcork user) are responsible for checking for and
+defining.  So we need to have as few of those as possible.
diff --git a/client/3rd/ShadowSocks/ShadowSocks/shadowsocks-libev/libcork/cmake/FindCTargets.cmake b/client/3rd/ShadowSocks/ShadowSocks/shadowsocks-libev/libcork/cmake/FindCTargets.cmake
new file mode 100644
index 00000000..455d428f
--- /dev/null
+++ b/client/3rd/ShadowSocks/ShadowSocks/shadowsocks-libev/libcork/cmake/FindCTargets.cmake
@@ -0,0 +1,215 @@
+# -*- coding: utf-8 -*-
+# ----------------------------------------------------------------------
+# Copyright © 2015, RedJack, LLC.
+# All rights reserved.
+#
+# Please see the COPYING file in this distribution for license details.
+# ----------------------------------------------------------------------
+
+
+#-----------------------------------------------------------------------
+# Configuration options that control all of the below
+
+set(ENABLE_SHARED YES CACHE BOOL "Whether to build a shared library")
+set(ENABLE_SHARED_EXECUTABLES YES CACHE BOOL
+    "Whether to link executables using shared libraries")
+set(ENABLE_STATIC YES CACHE BOOL "Whether to build a static library")
+
+
+#-----------------------------------------------------------------------
+# Library, with options to build both shared and static versions
+
+function(target_add_shared_libraries TARGET_NAME LIBRARIES LOCAL_LIBRARIES)
+    foreach(lib ${LIBRARIES})
+        string(REPLACE "-" "_" lib ${lib})
+        string(TOUPPER ${lib} upperlib)
+        target_link_libraries(
+            ${TARGET_NAME}
+            ${${upperlib}_LDFLAGS}
+        )
+    endforeach(lib)
+    foreach(lib ${LOCAL_LIBRARIES})
+        target_link_libraries(${TARGET_NAME} ${lib}-shared)
+    endforeach(lib)
+endfunction(target_add_shared_libraries)
+
+function(target_add_static_libraries TARGET_NAME LIBRARIES LOCAL_LIBRARIES)
+    foreach(lib ${LIBRARIES})
+        string(REPLACE "-" "_" lib ${lib})
+        string(TOUPPER ${lib} upperlib)
+        target_link_libraries(
+            ${TARGET_NAME}
+            ${${upperlib}_STATIC_LDFLAGS}
+        )
+    endforeach(lib)
+    foreach(lib ${LOCAL_LIBRARIES})
+        target_link_libraries(${TARGET_NAME} ${lib}-static)
+    endforeach(lib)
+endfunction(target_add_static_libraries)
+
+set_property(GLOBAL PROPERTY ALL_LOCAL_LIBRARIES "")
+
+function(add_c_library __TARGET_NAME)
+    set(options)
+    set(one_args OUTPUT_NAME PKGCONFIG_NAME VERSION)
+    set(multi_args LIBRARIES LOCAL_LIBRARIES SOURCES)
+    cmake_parse_arguments(_ "${options}" "${one_args}" "${multi_args}" ${ARGN})
+
+    if (__VERSION MATCHES "^([0-9]+)\\.([0-9]+)\\.([0-9]+)(-dev)?$")
+        set(__VERSION_CURRENT  "${CMAKE_MATCH_1}")
+        set(__VERSION_REVISION "${CMAKE_MATCH_2}")
+        set(__VERSION_AGE      "${CMAKE_MATCH_3}")
+    else (__VERSION MATCHES "^([0-9]+)\\.([0-9]+)\\.([0-9]+)(-dev)?$")
+        message(FATAL_ERROR "Invalid library version number: ${__VERSION}")
+    endif (__VERSION MATCHES "^([0-9]+)\\.([0-9]+)\\.([0-9]+)(-dev)?$")
+
+    math(EXPR __SOVERSION "${__VERSION_CURRENT} - ${__VERSION_AGE}")
+
+    get_property(ALL_LOCAL_LIBRARIES GLOBAL PROPERTY ALL_LOCAL_LIBRARIES)
+    list(APPEND ALL_LOCAL_LIBRARIES ${__TARGET_NAME})
+    set_property(GLOBAL PROPERTY ALL_LOCAL_LIBRARIES "${ALL_LOCAL_LIBRARIES}")
+
+    if (ENABLE_SHARED OR ENABLE_SHARED_EXECUTABLES)
+        add_library(${__TARGET_NAME}-shared SHARED ${__SOURCES})
+        set_target_properties(
+            ${__TARGET_NAME}-shared PROPERTIES
+            OUTPUT_NAME ${__OUTPUT_NAME}
+            CLEAN_DIRECT_OUTPUT 1
+            VERSION ${__VERSION}
+            SOVERSION ${__SOVERSION}
+        )
+
+        if (CMAKE_VERSION VERSION_GREATER "2.8.11")
+            target_include_directories(
+                ${__TARGET_NAME}-shared PUBLIC
+                ${CMAKE_SOURCE_DIR}/include
+                ${CMAKE_BINARY_DIR}/include
+            )
+        else (CMAKE_VERSION VERSION_GREATER "2.8.11")
+            include_directories(
+                ${CMAKE_SOURCE_DIR}/include
+                ${CMAKE_BINARY_DIR}/include
+            )
+        endif (CMAKE_VERSION VERSION_GREATER "2.8.11")
+
+        target_add_shared_libraries(
+            ${__TARGET_NAME}-shared
+            "${__LIBRARIES}"
+            "${__LOCAL_LIBRARIES}"
+        )
+
+        # We have to install the shared library if the user asked us to, or if
+        # the user asked us to link our programs with the shared library.
+        install(TARGETS ${__TARGET_NAME}-shared
+                LIBRARY DESTINATION ${CMAKE_INSTALL_LIBDIR})
+    endif (ENABLE_SHARED OR ENABLE_SHARED_EXECUTABLES)
+
+    if (ENABLE_STATIC OR NOT ENABLE_SHARED_EXECUTABLES)
+        add_library(${__TARGET_NAME}-static STATIC ${__SOURCES})
+        set_target_properties(
+            ${__TARGET_NAME}-static PROPERTIES
+            OUTPUT_NAME ${__OUTPUT_NAME}
+            CLEAN_DIRECT_OUTPUT 1
+        )
+
+        if (CMAKE_VERSION VERSION_GREATER "2.8.11")
+            target_include_directories(
+                ${__TARGET_NAME}-static PUBLIC
+                ${CMAKE_SOURCE_DIR}/include
+                ${CMAKE_BINARY_DIR}/include
+            )
+        else (CMAKE_VERSION VERSION_GREATER "2.8.11")
+            include_directories(
+                ${CMAKE_SOURCE_DIR}/include
+                ${CMAKE_BINARY_DIR}/include
+            )
+        endif (CMAKE_VERSION VERSION_GREATER "2.8.11")
+
+        target_add_static_libraries(
+            ${__TARGET_NAME}-static
+            "${__LIBRARIES}"
+            "${__LOCAL_LIBRARIES}"
+        )
+    endif (ENABLE_STATIC OR NOT ENABLE_SHARED_EXECUTABLES)
+
+    if (ENABLE_STATIC)
+        # We DON'T have to install the static library if the user asked us to
+        # link our programs statically.
+        install(TARGETS ${__TARGET_NAME}-static
+                ARCHIVE DESTINATION ${CMAKE_INSTALL_LIBDIR})
+    endif (ENABLE_STATIC)
+
+    set(prefix ${CMAKE_INSTALL_PREFIX})
+    configure_file(
+        ${CMAKE_CURRENT_SOURCE_DIR}/${__PKGCONFIG_NAME}.pc.in
+        ${CMAKE_CURRENT_BINARY_DIR}/${__PKGCONFIG_NAME}.pc
+        @ONLY
+    )
+    install(
+        FILES ${CMAKE_CURRENT_BINARY_DIR}/${__PKGCONFIG_NAME}.pc
+        DESTINATION ${CMAKE_INSTALL_LIBDIR}/pkgconfig
+    )
+endfunction(add_c_library)
+
+
+#-----------------------------------------------------------------------
+# Executable
+
+function(add_c_executable __TARGET_NAME)
+    set(options SKIP_INSTALL)
+    set(one_args OUTPUT_NAME)
+    set(multi_args LIBRARIES LOCAL_LIBRARIES SOURCES)
+    cmake_parse_arguments(_ "${options}" "${one_args}" "${multi_args}" ${ARGN})
+
+    add_executable(${__TARGET_NAME} ${__SOURCES})
+
+    if (CMAKE_VERSION VERSION_GREATER "2.8.11")
+        target_include_directories(
+            ${__TARGET_NAME} PUBLIC
+            ${CMAKE_SOURCE_DIR}/include
+            ${CMAKE_BINARY_DIR}/include
+        )
+    else (CMAKE_VERSION VERSION_GREATER "2.8.11")
+        include_directories(
+            ${CMAKE_SOURCE_DIR}/include
+            ${CMAKE_BINARY_DIR}/include
+        )
+    endif (CMAKE_VERSION VERSION_GREATER "2.8.11")
+
+    if (ENABLE_SHARED_EXECUTABLES)
+        target_add_shared_libraries(
+            ${__TARGET_NAME}
+            "${__LIBRARIES}"
+            "${__LOCAL_LIBRARIES}"
+        )
+    else (ENABLE_SHARED_EXECUTABLES)
+        target_add_static_libraries(
+            ${__TARGET_NAME}
+            "${__LIBRARIES}"
+            "${__LOCAL_LIBRARIES}"
+        )
+    endif (ENABLE_SHARED_EXECUTABLES)
+
+    if (NOT __SKIP_INSTALL)
+        install(TARGETS ${__TARGET_NAME} RUNTIME DESTINATION bin)
+    endif (NOT __SKIP_INSTALL)
+endfunction(add_c_executable)
+
+
+#-----------------------------------------------------------------------
+# Test case
+
+pkgconfig_prereq(check OPTIONAL)
+
+function(add_c_test TEST_NAME)
+    get_property(ALL_LOCAL_LIBRARIES GLOBAL PROPERTY ALL_LOCAL_LIBRARIES)
+    add_c_executable(
+        ${TEST_NAME}
+        SKIP_INSTALL
+        OUTPUT_NAME ${TEST_NAME}
+        SOURCES ${TEST_NAME}.c
+        LIBRARIES check
+        LOCAL_LIBRARIES ${ALL_LOCAL_LIBRARIES}
+    )
+    add_test(${TEST_NAME} ${TEST_NAME})
+endfunction(add_c_test)
diff --git a/client/3rd/ShadowSocks/ShadowSocks/shadowsocks-libev/libcork/cmake/FindParseArguments.cmake b/client/3rd/ShadowSocks/ShadowSocks/shadowsocks-libev/libcork/cmake/FindParseArguments.cmake
new file mode 100644
index 00000000..ed08179c
--- /dev/null
+++ b/client/3rd/ShadowSocks/ShadowSocks/shadowsocks-libev/libcork/cmake/FindParseArguments.cmake
@@ -0,0 +1,51 @@
+# -*- coding: utf-8 -*-
+# ----------------------------------------------------------------------
+# Copyright © 2015, RedJack, LLC.
+# All rights reserved.
+#
+# Please see the COPYING file in this distribution for license details.
+# ----------------------------------------------------------------------
+
+
+# CMake 2.8.4 and higher gives us cmake_parse_arguments out of the box.  For
+# earlier versions (RHEL5!) we have to define it ourselves.  (The definition
+# comes from <http://www.cmake.org/Wiki/CMakeMacroParseArguments>.)
+
+if (CMAKE_VERSION VERSION_LESS "2.8.4")
+
+MACRO(CMAKE_PARSE_ARGUMENTS prefix arg_names option_names)
+  SET(DEFAULT_ARGS)
+  FOREACH(arg_name ${arg_names})
+    SET(${prefix}_${arg_name})
+  ENDFOREACH(arg_name)
+  FOREACH(option ${option_names})
+    SET(${prefix}_${option} FALSE)
+  ENDFOREACH(option)
+
+  SET(current_arg_name DEFAULT_ARGS)
+  SET(current_arg_list)
+  FOREACH(arg ${ARGN})
+    SET(larg_names ${arg_names})
+    LIST(FIND larg_names "${arg}" is_arg_name)
+    IF (is_arg_name GREATER -1)
+      SET(${prefix}_${current_arg_name} ${current_arg_list})
+      SET(current_arg_name ${arg})
+      SET(current_arg_list)
+    ELSE (is_arg_name GREATER -1)
+      SET(loption_names ${option_names})
+      LIST(FIND loption_names "${arg}" is_option)
+      IF (is_option GREATER -1)
+          SET(${prefix}_${arg} TRUE)
+      ELSE (is_option GREATER -1)
+          SET(current_arg_list ${current_arg_list} ${arg})
+      ENDIF (is_option GREATER -1)
+    ENDIF (is_arg_name GREATER -1)
+  ENDFOREACH(arg)
+  SET(${prefix}_${current_arg_name} ${current_arg_list})
+ENDMACRO(CMAKE_PARSE_ARGUMENTS)
+
+else (CMAKE_VERSION VERSION_LESS "2.8.4")
+
+    include(CMakeParseArguments)
+
+endif (CMAKE_VERSION VERSION_LESS "2.8.4")
diff --git a/client/3rd/ShadowSocks/ShadowSocks/shadowsocks-libev/libcork/cmake/FindPrereqs.cmake b/client/3rd/ShadowSocks/ShadowSocks/shadowsocks-libev/libcork/cmake/FindPrereqs.cmake
new file mode 100644
index 00000000..134b32a6
--- /dev/null
+++ b/client/3rd/ShadowSocks/ShadowSocks/shadowsocks-libev/libcork/cmake/FindPrereqs.cmake
@@ -0,0 +1,76 @@
+# -*- coding: utf-8 -*-
+# ----------------------------------------------------------------------
+# Copyright © 2015, RedJack, LLC.
+# All rights reserved.
+#
+# Please see the COPYING file in this distribution for license details.
+# ----------------------------------------------------------------------
+
+
+#-----------------------------------------------------------------------
+# Configuration options that control all of the below
+
+set(PKG_CONFIG_PATH CACHE STRING "pkg-config search path")
+if (PKG_CONFIG_PATH)
+    set(ENV{PKG_CONFIG_PATH} "${PKG_CONFIG_PATH}:$ENV{PKG_CONFIG_PATH}")
+endif (PKG_CONFIG_PATH)
+
+
+#-----------------------------------------------------------------------
+# pkg-config prerequisites
+
+find_package(PkgConfig)
+
+function(pkgconfig_prereq DEP)
+    set(options OPTIONAL)
+    set(one_args)
+    set(multi_args)
+    cmake_parse_arguments(_ "${options}" "${one_args}" "${multi_args}" ${ARGN})
+
+    string(REGEX REPLACE "[<>=].*" "" SHORT_NAME "${DEP}")
+    string(REPLACE "-" "_" SHORT_NAME "${SHORT_NAME}")
+    string(TOUPPER ${SHORT_NAME} UPPER_SHORT_NAME)
+    string(TOLOWER ${SHORT_NAME} LOWER_SHORT_NAME)
+
+    set(USE_CUSTOM_${UPPER_SHORT_NAME} NO CACHE BOOL
+        "Whether you want to provide custom details for ${LOWER_SHORT_NAME}")
+
+    if (NOT USE_CUSTOM_${UPPER_SHORT_NAME})
+        set(PKG_CHECK_ARGS)
+        if (NOT __OPTIONAL)
+            list(APPEND PKG_CHECK_ARGS REQUIRED)
+        endif (NOT __OPTIONAL)
+        list(APPEND PKG_CHECK_ARGS ${DEP})
+
+        pkg_check_modules(${UPPER_SHORT_NAME} ${PKG_CHECK_ARGS})
+    endif (NOT USE_CUSTOM_${UPPER_SHORT_NAME})
+
+    include_directories(${${UPPER_SHORT_NAME}_INCLUDE_DIRS})
+    link_directories(${${UPPER_SHORT_NAME}_LIBRARY_DIRS})
+endfunction(pkgconfig_prereq)
+
+
+#-----------------------------------------------------------------------
+# find_library prerequisites
+
+function(library_prereq LIB_NAME)
+    set(options OPTIONAL)
+    set(one_args)
+    set(multi_args)
+    cmake_parse_arguments(_ "${options}" "${one_args}" "${multi_args}" ${ARGN})
+
+    string(REPLACE "-" "_" SHORT_NAME "${LIB_NAME}")
+    string(TOUPPER ${SHORT_NAME} UPPER_SHORT_NAME)
+    string(TOLOWER ${SHORT_NAME} LOWER_SHORT_NAME)
+
+    set(USE_CUSTOM_${UPPER_SHORT_NAME} NO CACHE BOOL
+        "Whether you want to provide custom details for ${LOWER_SHORT_NAME}")
+
+    if (USE_CUSTOM_${UPPER_SHORT_NAME})
+        include_directories(${${UPPER_SHORT_NAME}_INCLUDE_DIRS})
+        link_directories(${${UPPER_SHORT_NAME}_LIBRARY_DIRS})
+    else (USE_CUSTOM_${UPPER_SHORT_NAME})
+        find_library(${UPPER_SHORT_NAME}_LIBRARIES ${LIB_NAME})
+    endif (USE_CUSTOM_${UPPER_SHORT_NAME})
+
+endfunction(library_prereq)
diff --git a/client/3rd/ShadowSocks/ShadowSocks/shadowsocks-libev/libcork/docs/.gitattributes b/client/3rd/ShadowSocks/ShadowSocks/shadowsocks-libev/libcork/docs/.gitattributes
new file mode 100644
index 00000000..f33d4635
--- /dev/null
+++ b/client/3rd/ShadowSocks/ShadowSocks/shadowsocks-libev/libcork/docs/.gitattributes
@@ -0,0 +1,2 @@
+*.graffle      -diff -whitespace
+/*.[1-9]       -diff -whitespace
diff --git a/client/3rd/ShadowSocks/ShadowSocks/shadowsocks-libev/libcork/docs/CMakeLists.txt b/client/3rd/ShadowSocks/ShadowSocks/shadowsocks-libev/libcork/docs/CMakeLists.txt
new file mode 100644
index 00000000..cdda9e1d
--- /dev/null
+++ b/client/3rd/ShadowSocks/ShadowSocks/shadowsocks-libev/libcork/docs/CMakeLists.txt
@@ -0,0 +1,101 @@
+# -*- coding: utf-8 -*-
+# ----------------------------------------------------------------------
+# Copyright © 2011-2014, RedJack, LLC.
+# All rights reserved.
+#
+# Please see the COPYING file in this distribution for license details.
+# ----------------------------------------------------------------------
+
+# Fill in this with the text that you want to include in the header and footer
+# of each man page.
+
+set(MAN_HEADER "${PROJECT_NAME} documentation")
+set(MAN_FOOTER "${PROJECT_NAME}")
+
+# Fill this in with any man pages that should be built from a pandoc source
+# file.  For a man page called foo.5, there should be a pandoc source file
+# called foo.5.pandoc.
+
+set(MAN_PAGES
+)
+
+#-----------------------------------------------------------------------
+# Everything below is boilerplate!
+
+find_program(
+    PANDOC_EXECUTABLE
+    NAMES pandoc
+    HINTS ENV PANDOC_DIR
+    PATH_SUFFIXES bin
+    DOC "Pandoc man page generator"
+)
+
+set(GENERATE_DOC TRUE CACHE BOOL
+    "Whether to rebuild documentation")
+
+if (NOT PANDOC_EXECUTABLE)
+    message(WARNING "Unable to find pandoc documentation generator")
+    set(GENERATE_DOC FALSE)
+endif (NOT PANDOC_EXECUTABLE)
+
+
+# Link man pages go in docs/links
+
+macro(install_links section)
+    file(GLOB links "links/*.${section}")
+    if (links)
+        install(
+            FILES ${links}
+            DESTINATION "share/man/man${section}"
+        )
+    endif (links)
+endmacro(install_links section)
+
+install_links(1)   # commands
+install_links(3)   # library API
+install_links(4)   # special files and drivers
+install_links(5)   # file formats and conventions
+install_links(7)   # miscellaneous
+install_links(8)   # system commands
+
+
+# Man pages with actual content go in docs
+
+set(ALL_MANS)
+
+macro(pandocify name)
+    set(src  "${CMAKE_CURRENT_SOURCE_DIR}/${name}.pandoc")
+    set(dest "${CMAKE_CURRENT_SOURCE_DIR}/${name}")
+    get_filename_component(section "${name}" EXT)
+    string(REPLACE "." "" section "${section}")
+
+    # Only compile the markdown source into groff man pages if requested.
+    if (GENERATE_DOC)
+        add_custom_command(
+            OUTPUT ${dest}
+            COMMAND ${PANDOC_EXECUTABLE}
+                -f markdown -t man -s --smart
+                -V header="${MAN_HEADER}"
+                -V footer="${MAN_FOOTER}"
+                -V date=${RELEASE_DATE}
+                -o ${dest} ${src}
+            MAIN_DEPENDENCY ${src}
+            COMMENT "Building ${name}"
+        )
+        list(APPEND ALL_MANS ${dest})
+    endif (GENERATE_DOC)
+
+    # We should always have an already-compiled copy of each man page in the
+    # source tree, which we can install even if we didn't build fresh new
+    # copies.
+    install(
+        FILES ${dest}
+        DESTINATION "share/man/man${section}"
+    )
+endmacro(pandocify)
+
+foreach(MAN_PAGE ${MAN_PAGES})
+    pandocify(${MAN_PAGE})
+endforeach(MAN_PAGE)
+
+add_custom_target(doc ALL DEPENDS ${ALL_MANS})
diff --git a/client/3rd/ShadowSocks/ShadowSocks/shadowsocks-libev/libcork/docs/old/CMakeLists.txt b/client/3rd/ShadowSocks/ShadowSocks/shadowsocks-libev/libcork/docs/old/CMakeLists.txt
new file mode 100644
index 00000000..58b19cdf
--- /dev/null
+++ b/client/3rd/ShadowSocks/ShadowSocks/shadowsocks-libev/libcork/docs/old/CMakeLists.txt
@@ -0,0 +1,87 @@
+# -*- coding: utf-8 -*-
+# ----------------------------------------------------------------------
+# Copyright © 2011-2014, RedJack, LLC.
+# All rights reserved.
+#
+# Please see the COPYING file in this distribution for license details.
+# ----------------------------------------------------------------------
+
+find_program(
+  SPHINX_EXECUTABLE
+  NAMES sphinx-build
+  HINTS ENV SPHINX_DIR
+  PATH_SUFFIXES bin
+  DOC "Sphinx documentation generator"
+)
+
+set(GENERATE_DOC TRUE)
+
+if (TILERA)
+    message(STATUS "Note: We don't build documentation on the Tilera platform")
+    set(GENERATE_DOC FALSE)
+endif (TILERA)
+
+if (NOT SPHINX_EXECUTABLE)
+  message(WARNING "Unable to find Sphinx documentation generator")
+  set(GENERATE_DOC FALSE)
+endif (NOT SPHINX_EXECUTABLE)
+
+set(INTERSPHINX_OVERRIDES "")
+
+macro(find_prereq_doc LIB_NAME)
+  execute_process(
+    COMMAND ${PKG_CONFIG_EXECUTABLE} --variable=sphinxdir ${LIB_NAME}
+    OUTPUT_VARIABLE LIB_SPHINX_DIR
+    OUTPUT_STRIP_TRAILING_WHITESPACE
+  )
+
+  if (LIB_SPHINX_DIR)
+    message(STATUS "Using ${LIB_NAME} docs in ${LIB_SPHINX_DIR}")
+    set(
+      INTERSPHINX_OVERRIDES
+      "${INTERSPHINX_OVERRIDES}\nintersphinx_mapping['${LIB_NAME}'] = ('${LIB_SPHINX_DIR}', None)"
+    )
+  endif (LIB_SPHINX_DIR)
+endmacro(find_prereq_doc)
+
+if (GENERATE_DOC)
+  set(SPHINX_SRC_CONF_FILE "${CMAKE_CURRENT_SOURCE_DIR}/conf.py")
+  set(SPHINX_CONF_FILE "${CMAKE_CURRENT_BINARY_DIR}/conf.py")
+  set(SPHINX_CACHE_DIR "${CMAKE_CURRENT_BINARY_DIR}/_doctrees")
+  set(SPHINX_HTML_DIR "${CMAKE_CURRENT_BINARY_DIR}/html")
+
+  # If your Sphinx documentation references the Sphinx documentation of
+  # any of your prerequisite libraries, add some calls to
+  # find_prereq_doc here:
+  #
+  # find_prereq_doc(libcork)
+
+  set(
+    VERSION_FOR_CONF_PY
+    "\nrelease=\"${VERSION}\"\nversion=\"${BASE_VERSION}\""
+  )
+  configure_file(${SPHINX_SRC_CONF_FILE} ${SPHINX_CONF_FILE} @ONLY)
+  file(COPY _static DESTINATION ${CMAKE_CURRENT_BINARY_DIR})
+  file(COPY _templates DESTINATION ${CMAKE_CURRENT_BINARY_DIR})
+
+  add_custom_target(old-doc ALL
+    ${SPHINX_EXECUTABLE}
+      -b html
+      -d "${SPHINX_CACHE_DIR}"
+      -c "${CMAKE_CURRENT_BINARY_DIR}"
+      "${CMAKE_CURRENT_SOURCE_DIR}"
+      "${SPHINX_HTML_DIR}"
+    COMMENT "Building HTML documentation with Sphinx"
+  )
+
+  list(APPEND CLEAN_FILES "${SPHINX_CACHE_DIR}" "${SPHINX_HTML_DIR}")
+  set_directory_properties(
+    PROPERTIES
+    ADDITIONAL_MAKE_CLEAN_FILES "${CLEAN_FILES}"
+  )
+
+  install(
+    DIRECTORY "${SPHINX_HTML_DIR}"
+    DESTINATION "share/doc/${PROJECT_NAME}"
+  )
+endif (GENERATE_DOC)
diff --git a/client/3rd/ShadowSocks/ShadowSocks/shadowsocks-libev/libcork/docs/old/_static/.keep b/client/3rd/ShadowSocks/ShadowSocks/shadowsocks-libev/libcork/docs/old/_static/.keep
new file mode 100644
index 00000000..e69de29b
diff --git a/client/3rd/ShadowSocks/ShadowSocks/shadowsocks-libev/libcork/docs/old/_static/docco-sphinx.css b/client/3rd/ShadowSocks/ShadowSocks/shadowsocks-libev/libcork/docs/old/_static/docco-sphinx.css
new file mode 100644
index 00000000..30139f6b
--- /dev/null
+++ b/client/3rd/ShadowSocks/ShadowSocks/shadowsocks-libev/libcork/docs/old/_static/docco-sphinx.css
@@ -0,0 +1,305 @@
+@import url("basic.css");
+
+/* -- page layout ----------------------------------------------------------- */
+
+body {
+    font-family: 'Palatino Linotype', Palatino, 'URW Palladio L', 'Book Antiqua', FreeSerif, serif;
+    /*font-size: 95%;*/
+    font-size: 95%;
+    color: #252519;
+    margin: 0;
+    padding: 0;
+}
+
+div.document {
+}
+
+div.documentwrapper {
+    float: left;
+    width: 100%;
+}
+
+div.bodywrapper {
+    margin: 0 0 0 19em;
+    background-color: #ffffff;
+}
+
+div.body {
+    color: #252519;
+    padding: 30px 0px 30px 60px;
+    width: 40em;
+}
+
+div.footer {
+    width: 100%;
+    padding: 9px 0 9px 0;
+    text-align: center;
+    font-size: 75%;
+}
+
+div.footer a {
+    color: #261a3b;
+    text-decoration: underline;
+}
+
+div.related {
+    background-color: #eee;
+    border: 1px solid #ccc;
+    line-height: 30px;
+}
+
+div.related a {
+    color: #261a3b;
+}
+
+div.sphinxsidebar {
+    padding: 30px 0px 0 20px;
+    width: 19em;
+    color: #555;
+}
+
+div.sphinxsidebar a {
+    color: #555;
+}
+
+div.sphinxsidebar h3 {
+    font-size: 1.4em;
+    margin: 0;
+    padding: 0;
+}
+
+div.sphinxsidebar h4 {
+    font-size: 1.3em;
+    margin: 5px 0 0 0;
+    padding: 0;
+}
+
+div.sphinxsidebar p {
+}
+
+div.sphinxsidebar p.topless {
+    margin: 5px 10px 10px 10px;
+}
+
+div.sphinxsidebar ul {
+    margin: 10px;
+    padding: 0;
+    color: #ffffff;
+}
+
+div.sphinxsidebar li {
+    padding-top: 5px;
+    line-height: 115%;
+}
+
+div.sphinxsidebar input {
+    border: 1px solid #ccc;
+    font-family: sans-serif;
+    font-size: 1em;
+}
+
+
+
+/* -- hyperlink styles ------------------------------------------------------ */
+
+a {
+    color: #306060;
+    text-decoration: none;
+}
+
+a:visited {
+    color: #306060;
+    text-decoration: none;
+}
+
+a:hover {
+    text-decoration: underline;
+}
+
+
+
+/* -- body styles ----------------------------------------------------------- */
+
+div.body h1,
+div.body h2 {
+    border-top: 1px solid #ccc;
+    margin: 40px -20px 10px -20px;
+    padding: 3px 0 3px 0;
+}
+
+div.body h3,
+div.body h4,
+div.body h5,
+div.body h6 {
+    margin: 20px 0px -10px 0px;
+}
+
+div.body h1 { margin-top: 0; font-size: 200%; border: 0px; }
+div.body h2 { font-size: 160%; }
+div.body h3 { font-size: 140%; }
+div.body h4 { font-size: 120%; }
+div.body h5 { font-size: 110%; }
+div.body h6 { font-size: 100%; }
+
+a.headerlink {
+    color: #c60f0f;
+    font-size: 0.8em;
+    padding: 0 4px 0 4px;
+    text-decoration: none;
+}
+
+a.headerlink:hover {
+    background-color: #c60f0f;
+    color: white;
+}
+
+div.body p, div.body dd, div.body li {
+    line-height: 130%;
+}
+
+p.admonition-title {
+    margin-right: 0.3em;
+}
+
+div.admonition p.admonition-title + p {
+    display: inline;
+}
+
+div.admonition p {
+    margin-bottom: 5px;
+}
+
+div.admonition pre {
+    margin-bottom: 5px;
+}
+
+div.admonition ul, div.admonition ol {
+    margin-bottom: 5px;
+}
+
+div.note {
+    background-color: #eee;
+    border: 1px solid #ccc;
+}
+
+div.seealso {
+    background-color: #ffc;
+    border: 1px solid #ff6;
+}
+
+div.tip {
+    background-color: #e4e4ff;
+    border: 1px solid #ccc;
+}
+
+div.topic {
+    background-color: #eee;
+}
+
+div.warning {
+    background-color: #ffe4e4;
+    border: 1px solid #f66;
+}
+
+p.admonition-title {
+    display: inline;
+}
+
+p.admonition-title:after {
+    content: ":";
+}
+
+pre {
+    font-family: Menlo, Monaco, Consolas, "Lucida Console", monospace;
+    font-size: 80%;
+    padding: 5px;
+    background-color: #f5f5ff;
+    color: #333333;
+    line-height: 130%;
+    border: 1px solid #e5e5ee;
+    border-left: none;
+    border-right: none;
+}
+
+tt {
+    font-family: Menlo, Monaco, Consolas, "Lucida Console", monospace;
+    background-color: #f8f8ff;
+    border: 1px solid #dedede;
+    padding: 0 0.2em;
+    font-size: 85%;
+}
+
+a tt {
+    background-color: transparent;
+    border: 0px;
+}
+
+dt {
+    font-family: Menlo, Monaco, Consolas, "Lucida Console", monospace;
+    font-size: 90%;
+    line-height: 130%;
+}
+
+table.indextable dt {
+    font-family: 'Palatino Linotype', Palatino, 'URW Palladio L', 'Book Antiqua', FreeSerif, serif;
+    font-size: 100%;
+}
+
+em.property {
+    font-size: 90%;
+}
+
+tt.descclassname {
+    background-color: transparent;
+    border: 0px;
+    padding: 0px;
+}
+
+tt.descname {
+    background-color: transparent;
+    border: 0px;
+    font-size: 100%;
+    padding: 0px;
+}
+
+dt big {
+    font-family: 'Palatino Linotype', Palatino, 'URW Palladio L', 'Book Antiqua', FreeSerif, serif;
+    font-size: 140%;
+    padding: 0 2px;
+}
+
+dt big.param_start_brace {
+    padding: 0 6px;
+}
+
+dt big.param_end_brace {
+    padding: 0 6px;
+}
+
+dt span.optional {
+    font-family: 'Palatino Linotype', Palatino, 'URW Palladio L', 'Book Antiqua', FreeSerif, serif;
+    font-size: 140%;
+    padding: 0 2px;
+}
+
+th {
+    background-color: #ede;
+}
+
+.warning tt {
+    background: #efc2c2;
+}
+
+.note tt {
+    background: #d6d6d6;
+}
+
+.viewcode-back {
+    font-family: sans-serif;
+}
+
+div.viewcode-block:target {
+    background-color: #f4debf;
+    border-top: 1px solid #ac9;
+    border-bottom: 1px solid #ac9;
+}
diff --git a/client/3rd/ShadowSocks/ShadowSocks/shadowsocks-libev/libcork/docs/old/_static/pygments.css b/client/3rd/ShadowSocks/ShadowSocks/shadowsocks-libev/libcork/docs/old/_static/pygments.css
new file mode 100644
index 00000000..fa06454d
--- /dev/null
+++ b/client/3rd/ShadowSocks/ShadowSocks/shadowsocks-libev/libcork/docs/old/_static/pygments.css
@@ -0,0 +1,61 @@
+.highlight .hll { background-color: #ffffcc }
+.highlight .c { color: #408080; font-style: italic }  /* Comment */
+.highlight .err { border: 1px solid #FF0000 }         /* Error */
+.highlight .k { color: #954121 }                      /* Keyword */
+.highlight .o { color: #666666 }                      /* Operator */
+.highlight .cm { color: #408080; font-style: italic } /* Comment.Multiline */
+.highlight .cp { color: #BC7A00 }                     /* Comment.Preproc */
+.highlight .c1 { color: #408080; font-style: italic } /* Comment.Single */
+.highlight .cs { color: #408080; font-style: italic } /* Comment.Special */
+.highlight .gd { color: #A00000 }                     /* Generic.Deleted */
+.highlight .ge { font-style: italic }                 /* Generic.Emph */
+.highlight .gr { color: #FF0000 }                     /* Generic.Error */
+.highlight .gh { color: #000080; font-weight: bold }  /* Generic.Heading */
+.highlight .gi { color: #00A000 }                     /* Generic.Inserted */
+.highlight .go { color: #808080 }                     /* Generic.Output */
+.highlight .gp { color: #000080; font-weight: bold }  /* Generic.Prompt */
+.highlight .gs { font-weight: bold }                  /* Generic.Strong */
+.highlight .gu { color: #800080; font-weight: bold }  /* Generic.Subheading */
+.highlight .gt { color: #0040D0 }                     /* Generic.Traceback */
+.highlight .kc { color: #954121 }                     /* Keyword.Constant */
+.highlight .kd { color: #954121; font-weight: bold }  /* Keyword.Declaration */
+.highlight .kn { color: #954121; font-weight: bold }  /* Keyword.Namespace */
+.highlight .kp { color: #954121 }                     /* Keyword.Pseudo */
+.highlight .kr { color: #954121; font-weight: bold }  /* Keyword.Reserved */
+.highlight .kt { color: #B00040 }                     /* Keyword.Type */
+.highlight .m { color: #666666 }                      /* Literal.Number */
+.highlight .s { color: #219161 }                      /* Literal.String */
+.highlight .na { color: #7D9029 }                     /* Name.Attribute */
+.highlight .nb { color: #954121 }                     /* Name.Builtin */
+.highlight .nc { color: #0000FF; font-weight: bold }  /* Name.Class */
+.highlight .no { color: #880000 }                     /* Name.Constant */
+.highlight .nd { color: #AA22FF }                     /* Name.Decorator */
+.highlight .ni { color: #999999; font-weight: bold }  /* Name.Entity */
+.highlight .ne { color: #D2413A; font-weight: bold }  /* Name.Exception */
+.highlight .nf { color: #0000FF }                     /* Name.Function */
+.highlight .nl { color: #A0A000 }                     /* Name.Label */
+.highlight .nn { color: #0000FF; font-weight: bold }  /* Name.Namespace */
+.highlight .nt { color: #954121; font-weight: bold }  /* Name.Tag */
+.highlight .nv { color: #19469D }                     /* Name.Variable */
+.highlight .ow { color: #AA22FF; font-weight: bold }  /* Operator.Word */
+.highlight .w { color: #bbbbbb }                      /* Text.Whitespace */
+.highlight .mf { color: #666666 }                     /* Literal.Number.Float */
+.highlight .mh { color: #666666 }                     /* Literal.Number.Hex */
+.highlight .mi { color: #666666 }                     /* Literal.Number.Integer */
+.highlight .mo { color: #666666 }                     /* Literal.Number.Oct */
+.highlight .sb { color: #219161 }                     /* Literal.String.Backtick */
+.highlight .sc { color: #219161 }                     /* Literal.String.Char */
+.highlight .sd { color: #219161; font-style: italic } /* Literal.String.Doc */
+.highlight .s2 { color: #219161 }                     /* Literal.String.Double */
+.highlight .se { color: #BB6622; font-weight: bold }  /* Literal.String.Escape */
+.highlight .sh { color: #219161 }                     /* Literal.String.Heredoc */
+.highlight .si { color: #BB6688; font-weight: bold }  /* Literal.String.Interpol */
+.highlight .sx { color: #954121 }                     /* Literal.String.Other */
+.highlight .sr { color: #BB6688 }                     /* Literal.String.Regex */
+.highlight .s1 { color: #219161 }                     /* Literal.String.Single */
+.highlight .ss { color: #19469D }                     /* Literal.String.Symbol */
+.highlight .bp { color: #954121 }                     /* Name.Builtin.Pseudo */
+.highlight .vc { color: #19469D }                     /* Name.Variable.Class */
+.highlight .vg { color: #19469D }                     /* Name.Variable.Global */
+.highlight .vi { color: #19469D }                     /* Name.Variable.Instance */
+.highlight .il { color: #666666 }                     /* Literal.Number.Integer.Long */
diff --git a/client/3rd/ShadowSocks/ShadowSocks/shadowsocks-libev/libcork/docs/old/_templates/.keep b/client/3rd/ShadowSocks/ShadowSocks/shadowsocks-libev/libcork/docs/old/_templates/.keep
new file mode 100644
index 00000000..e69de29b
diff --git a/client/3rd/ShadowSocks/ShadowSocks/shadowsocks-libev/libcork/docs/old/allocation.rst b/client/3rd/ShadowSocks/ShadowSocks/shadowsocks-libev/libcork/docs/old/allocation.rst
new file mode 100644
index 00000000..e7bb419b
--- /dev/null
+++ b/client/3rd/ShadowSocks/ShadowSocks/shadowsocks-libev/libcork/docs/old/allocation.rst
@@ -0,0 +1,344 @@
+.. _allocation:
+
+*****************
+Memory allocation
+*****************
+
+.. highlight:: c
+
+::
+
+  #include <libcork/core.h>
+
+One of the biggest hassles in writing C code is memory management.  libcork's
+memory allocation API tries to simplify this task as much as possible.  This is
+still C, so you still have to manage allocated memory manually — for instance,
+by keeping careful track of which section of code "owns" any memory that you've
+allocated from heap, and is therefore responsible for freeing it.  But we *can*
+make it easier to handle memory allocation failures, and provide helper macros
+for certain common allocation tasks.
+
+There is another `important use case`_ that we also want to support: giving
+application writers complete control over how the libraries they use allocate
+and deallocate memory.  libcork :ref:`provides <libcork-allocators>` this
+capability, giving you control over how, for instance, a hash table allocates
+its internal buckets.  If you're writing a library that links with libcork as a
+shared library, you'll get this behavior for free; if the application writer
+customizes how libcork allocates memory, your library will pick up that
+customization as well.  If you're embedding libcork, so that your library's
+clients can't tell (or care) that you're using libcork, then you'll want to
+expose your own similar customization interface.
+
+.. _important use case: https://blog.mozilla.org/nnethercote/2013/11/08/libraries-should-permit-custom-allocators/
+
+
+.. _allocation-api:
+
+Allocating memory
+=================
+
+The simplest part of the API is the part responsible for actually allocating and
+deallocating memory.  When using this part of the API, you don't have to worry
+about customization at all; the functions described here will automatically "do
+the right thing" based on how your library or application is configured.  The
+biggest thing to worry about is how to handle memory allocation failures.  We
+provide two strategies, "guaranteed" and "recoverable".
+
+The most common use case is that running out of memory is a Really Bad Thing,
+and there's nothing we can do to recover.  In this case, it doesn't make sense
+to check for memory allocation failures throughout your code, since you can't
+really do anything if it does happen.  The "guaranteed" family of functions
+handles that error checking for you, and guarantees that if the allocation
+function returns, it will return a valid piece of memory.  If the allocation
+fails, the function will never return.  That allows you to right simple and safe
+code like the following::
+
+    struct my_type  *instance = cork_new(struct my_type);
+    /* Just start using instance; don't worry about verifying that it's
+     * not NULL! */
+
+On the other hand, you might be writing some code that can gracefully handle a
+memory allocation failure.  You might try to allocate a super-huge cache, for
+instance; if you can't allocate the cache, your code will still work, it will
+just be a bit slower.  In this case, you *want* to be able to detect memory
+allocation failures, and handle them in whatever way is appropriate.  The
+"recoverable" family of functions will return a ``NULL`` pointer if allocation
+fails.
+
+.. note::
+
+   libcork itself uses the guaranteed functions for all internal memory
+   allocation.
+
+
+Guaranteed allocation
+---------------------
+
+The functions in this section are guaranteed to return a valid newly allocated
+pointer.  If memory allocation fails, the functions will not return.
+
+.. function:: void \*cork_malloc(size_t size)
+              void \*cork_calloc(size_t count, size_t size)
+              void \*cork_realloc(void \*ptr, size_t old_size, size_t new_size)
+              type \*cork_new(TYPE type)
+
+   The first three functions mimic the standard ``malloc``, ``calloc``, and
+   ``realloc`` functions to allocate (or reallocate) some memory, with the added
+   guarantee that they will always return a valid newly allocated pointer.
+   ``cork_new`` is a convenience function for allocating an instance of a
+   particular type; it is exactly equivalent to::
+
+       cork_malloc(sizeof(type))
+
+   Note that with ``cork_realloc``, unlike the standard ``realloc`` function,
+   you must provide the old size of the memory region, in addition to the
+   requested new size.
+
+   Each allocation function has a corresponding deallocation function that you
+   must use to free the memory when you are done with it: use
+   :c:func:`cork_free` to free memory allocated using ``cork_malloc`` or
+   ``cork_realloc``; use :c:func:`cork_cfree` to free memory allocated using
+   ``cork_calloc``; and use :c:func:`cork_delete` to free memory allocated using
+   ``cork_new``.
+
+   .. note::
+
+      Note that the possible memory leak in the standard ``realloc``
+      function doesn't apply here, since we're going to abort the whole
+      program if the reallocation fails.
+
+
+Recoverable allocation
+----------------------
+
+The functions in this section will return a ``NULL`` pointer if any memory
+allocation fails, allowing you to recover from the error condition, if possible.
+
+.. function:: void \*cork_xmalloc(size_t size)
+              void \*cork_xcalloc(size_t count, size_t size)
+              void \*cork_xrealloc(void \*ptr, size_t old_size, size_t new_size)
+              void \*cork_xreallocf(void \*ptr, size_t old_size, size_t new_size)
+              type \*cork_xnew(TYPE type)
+
+   The first three functions mimic the standard ``malloc``, ``calloc``,
+   ``realloc`` functions.  ``cork_xreallocf`` mimics the common ``reallocf``
+   function from BSD.  These functions return ``NULL`` if the memory allocation
+   fails.  (Note that unlike the standard functions, they do **not** set
+   ``errno`` to ``ENOMEM``; the only indication you have of an error condition
+   is a ``NULL`` return value.)
+
+   Note that with ``cork_xrealloc`` and ``cork_xreallocf``, unlike the standard
+   ``realloc`` function, you must provide the old size of the memory region, in
+   addition to the requested new size.
+
+   ``cork_xreallocf`` is more safe than the standard ``realloc`` function.  A
+   common idiom when calling ``realloc`` is::
+
+       void  *ptr = /* from somewhere */;
+       /* UNSAFE!  Do not do this! */
+       ptr = realloc(ptr, new_size);
+
+   This is unsafe!  The ``realloc`` function returns a ``NULL`` pointer if the
+   reallocation fails.  By assigning directly into *ptr*, you'll get a memory
+   leak in these situations.  The ``cork_xreallocf`` function, on the other
+   hand, will automatically free the existing pointer if the reallocation fails,
+   eliminating the memory leak::
+
+       void  *ptr = /* from somewhere */;
+       /* This is safe.  Do this. */
+       ptr = cork_xreallocf(ptr, new_size);
+       /* Check whether ptr is NULL before using it! */
+
+   Each allocation function has a corresponding deallocation function that you
+   must use to free the memory when you are done with it: use
+   :c:func:`cork_free` to free memory allocated using ``cork_xmalloc``,
+   ``cork_xrealloc``, or ``cork_xreallocf``; use :c:func:`cork_cfree` to free
+   memory allocated using ``cork_xcalloc``; and use :c:func:`cork_delete` to
+   free memory allocated using ``cork_xnew``.
+
+
+Deallocation
+------------
+
+Since this is C, you must free any memory region once you're done with it.
+You must use one of the functions from this section to free any memory that you
+created using any of the allocation functions described previously.
+
+.. function:: void \*cork_free(void \*ptr, size_t size)
+              void \*cork_cfree(void \*ptr, size_t count, size_t size)
+              type \*cork_delete(void \*ptr, TYPE type)
+
+   Frees a region of memory allocated by one of libcork's allocation functions.
+
+   Note that unlike the standard ``free`` function, you must provide the size of
+   the allocated region when it's freed, as well as when it's created.  Most of
+   the time this isn't an issue, since you're either freeing a region whose size
+   is known at compile time, or you're already keeping track of the size of a
+   dynamically sized memory region for some other reason.
+
+   You should use ``cork_free`` to free memory allocated using
+   :c:func:`cork_malloc`, :c:func:`cork_realloc`, :c:func:`cork_xmalloc`,
+   :c:func:`cork_xrealloc`, or :c:func:`cork_xreallocf`.  You should use
+   ``cork_cfree`` to free memory allocated using :c:func:`cork_calloc` or
+   :c:func:`cork_xcalloc`.  You should use ``cork_delete`` to free memory
+   allocated using :c:func:`cork_new` or :c:func:`cork_xnew`.
+
+
+Duplicating strings
+-------------------
+
+.. function:: const char \*cork_strdup(const char \*str)
+              const char \*cork_strndup(const char \*str, size_t size)
+              const char \*cork_xstrdup(const char \*str)
+              const char \*cork_xstrndup(const char \*str, size_t size)
+
+   These functions mimic the standard ``strdup`` function.  They create a copy
+   of an existing C string, allocating exactly as much memory is needed to hold
+   the copy.
+
+   The ``strdup`` variants calculate the size of *str* using ``strlen``.  For
+   the ``strndup`` variants, *str* does not need to be ``NUL``-terminated, and
+   you must pass in its *size*.  (Note that is different than the standard
+   ``strndup``, where *str* must be ``NUL``-terminated, and which copies **at
+   most** *size* bytes.  Our version always copies **exactly** *size* bytes.)
+   The result is guaranteed to be ``NUL``-terminated, even if the source *str*
+   is not.
+
+   You shouldn't modify the contents of the copied string.  You must use
+   :c:func:`cork_strfree()` to free the string when you're done with it.  The
+   ``x`` variant returns a ``NULL`` pointer if the allocation fails; the non-\
+   ``x`` variant is guaranteed to return a valid pointer to a copied string.
+
+.. function:: void cork_strfree(const char \*str)
+
+   Frees *str*, which must have been created using
+   :c:func:`cork_strdup()` or :c:func:`cork_xstrdup()`.
+
+
+.. _libcork-allocators:
+
+Customizing how libcork allocates
+=================================
+
+The ``cork_alloc`` type encapsulates a particular memory allocation scheme.  To
+customize how libcork allocates memory, you create a new instance of this type,
+and then use :c:func:`cork_set_allocator` to register it with libcork.
+
+.. function:: void cork_set_allocator(const struct cork_alloc \*alloc)
+
+   Override which :ref:`allocator instance <allocators>` libcork will use to
+   create and free memory.  We will take control of *alloc*; you must not free
+   it yourself after passing it to this function.
+
+   You can only call this function at most once.  This function is **not**
+   thread-safe; it's only safe to call before you've called **any** other
+   libcork function (or any function from any other library that uses libcork.
+   (The only exceptions are libcork functions that take in a
+   :c:type:`cork_alloc` parameter or return a :c:type:`cork_alloc` result; these
+   functions are safe to call before calling ``cork_set_allocator``.)
+
+.. var:: const struct cork_alloc \*cork_allocator
+
+   The current :ref:`allocator instance <allocators>` that libcork will use to
+   create and free memory.
+
+
+.. _allocators:
+
+Writing a custom allocator
+--------------------------
+
+.. type:: struct cork_alloc
+
+   The ``cork_alloc`` type contains several methods for performing different
+   allocation and deallocation operations.
+
+   You are only required to provide implementations of ``xmalloc`` and ``free``;
+   we can provide default implementations of all of the other methods in terms
+   of those two.  You can provide optimized versions of the other methods, if
+   appropriate.
+
+
+.. function:: struct cork_alloc \*cork_alloc_new_alloc(const struct cork_alloc \*parent)
+
+   ``cork_alloc_new`` creates a new allocator instance.  The new instance will
+   itself be allocated using *parent*.  You must provide implementations of at
+   least the ``xmalloc`` and ``free`` methods.  You can also override our
+   default implementations of any of the other methods.
+
+   This function is **not** thread-safe; it's only safe to call before you've
+   called **any** other libcork function (or any function from any other library
+   that uses libcork.  (The only exceptions are libcork functions that take in a
+   :c:type:`cork_alloc` parameter or return a :c:type:`cork_alloc` result; these
+   functions are safe to call before calling ``cork_set_allocator``.)
+
+   The new allocator instance will automatically be freed when the process
+   exits.  If you registered a *user_data* pointer for your allocation methods
+   (via :c:func:`cork_alloc_set_user_data`), it will be freed using the
+   *free_user_data* method you provided.  If you create more than one
+   ``cork_alloc`` instance in the process, they will be freed in the reverse
+   order that they were created.
+
+   .. note::
+
+      In your allocator implementation, you cannot assume that the rest of the
+      libcork allocation framework has been set up yet.  So if your allocator
+      needs to allocate, you must not use the usual :c:func:`cork_malloc` family
+      of functions; instead you should use the ``cork_alloc_malloc`` variants to
+      explicitly allocate memory using your new allocator's *parent*.
+
+
+.. function:: void cork_alloc_set_user_data(struct cork_alloc \*alloc, void \*user_data, cork_free_f free_user_data)
+
+   Provide a *user_data* pointer, which will be passed unmodified to each
+   allocation method that you register.  You can also provide an optional
+   *free_user_data* method, which we will use to free the *user_data* instance
+   when the allocator itself is freed.
+
+
+.. function:: void cork_alloc_set_calloc(struct cork_alloc \*alloc, cork_alloc_calloc_f calloc)
+              void cork_alloc_set_xcalloc(struct cork_alloc \*alloc, cork_alloc_calloc_f calloc)
+
+   .. type:: void \*(\*cork_alloc_calloc_f)(const struct cork_alloc \*alloc, size_t count, size_t size)
+
+      These methods are used to implement the :c:func:`cork_calloc` and
+      :c:func:`cork_xcalloc` functions.  Your must allocate and return ``count *
+      size`` bytes of memory.  You must ensure that every byte in this region is
+      initialized to ``0``.  The ``calloc`` variant must always return a valid
+      pointer; if memory allocation fails, it must not return.  The ``xcalloc``
+      variant should return ``NULL`` if allocation fails.
+
+
+.. function:: void cork_alloc_set_malloc(struct cork_alloc \*alloc, cork_alloc_malloc_f malloc)
+              void cork_alloc_set_xmalloc(struct cork_alloc \*alloc, cork_alloc_malloc_f malloc)
+
+   .. type:: void \*(\*cork_alloc_malloc_f)(const struct cork_alloc \*alloc, size_t size)
+
+      These methods are used to implement the :c:func:`cork_malloc` and
+      :c:func:`cork_xmalloc` functions.  You must allocate and return *size*
+      bytes of memory.  The ``malloc`` variant must always return a valid
+      pointer; if memory allocation fails, it must not return.  The ``xmalloc``
+      variant should return ``NULL`` if allocation fails.
+
+
+.. function:: void cork_alloc_set_realloc(struct cork_alloc \*alloc, cork_alloc_realloc_f realloc)
+              void cork_alloc_set_xrealloc(struct cork_alloc \*alloc, cork_alloc_realloc_f realloc)
+
+   .. type:: void \*(\*cork_alloc_realloc_f)(const struct cork_alloc \*alloc, void \*ptr, size_t old_size, size_t new_size)
+
+      These methods are used to implement the :c:func:`cork_realloc`,
+      :c:func:`cork_xrealloc`, and :c:func:`cork_xreallocf` functions.  You
+      must reallocate *ptr* to contain *new_size* bytes of memory and return the
+      reallocated pointer.  *old_size* will be the previously allocated size of
+      *ptr*.  The ``realloc`` variant must always return a valid pointer; if
+      memory reallocation fails, it must not return.  The ``xrealloc`` variant
+      should return ``NULL`` if reallocation fails.
+
+
+.. function:: void cork_alloc_set_free(struct cork_alloc \*alloc, cork_alloc_free_f free)
+
+   .. type:: void \*(\*cork_alloc_free_f)(const struct cork_alloc \*alloc, void \*ptr, size_t size)
+
+      These methods are used to implement the :c:func:`cork_free`,
+      :c:func:`cork_cfree`, and :c:func:`cork_delete` functions.  You must
+      deallocate *ptr*.  *size* will be the allocated size of *ptr*.
diff --git a/client/3rd/ShadowSocks/ShadowSocks/shadowsocks-libev/libcork/docs/old/array.rst b/client/3rd/ShadowSocks/ShadowSocks/shadowsocks-libev/libcork/docs/old/array.rst
new file mode 100644
index 00000000..bf765d60
--- /dev/null
+++ b/client/3rd/ShadowSocks/ShadowSocks/shadowsocks-libev/libcork/docs/old/array.rst
@@ -0,0 +1,148 @@
+.. _array:
+
+****************
+Resizable arrays
+****************
+
+.. highlight:: c
+
+::
+
+  #include <libcork/ds.h>
+
+This section defines a resizable array class, similar to C++'s
+``std::vector`` or Java's ``ArrayList`` classes.  Our arrays can store
+any fixed-size element.  The arrays automatically resize themselves as
+necessary to store the elements that you add.
+
+
+.. type:: cork_array(element_type)
+
+   A resizable array that contains elements of type *element_type*.
+
+.. function:: void cork_array_init(cork_array(T) \*array)
+
+   Initializes a new array.  You should allocate *array* yourself,
+   presumably on the stack or directly within some other data type.  The
+   array will start empty.
+
+.. function:: void cork_array_done(cork_array(T) \*array)
+
+   Finalizes an array, freeing any storage that was allocated to hold
+   the arrays elements.
+
+.. function:: size_t cork_array_size(cork_array(T) \*array)
+
+   Returns the number of elements in *array*.
+
+.. function:: bool cork_array_is_empty(cork_array(T) \*array)
+
+   Returns whether *array* has any elements.
+
+.. function:: void cork_array_void(cork_array(T) \*array)
+
+   Removes all elements from *array*.
+
+.. function:: T* cork_array_elements(cork_array(T) \*array)
+
+   Returns a pointer to the underlying array of elements in *array*.  The
+   elements are guaranteed to be contiguous, just like in a normal C array, but
+   the particular pointer that is returned in **not** guaranteed to be
+   consistent across function calls that modify the contents of the array.
+
+.. function:: T cork_array_at(cork_array(T) \*array, size_t index)
+
+   Returns the element in *array* at the given *index*.  Like accessing
+   a normal C array, we don't do any bounds checking.  The result is a
+   valid lvalue, so it can be directly assigned to::
+
+     cork_array(int64_t)  array;
+     cork_array_append(array, 5, err);
+     cork_array_at(array, 0) = 12;
+
+.. function:: void cork_array_append(cork_array(T) \*array, T element)
+
+   Appends *element* to the end of *array*, reallocating the array's
+   storage if necessary.  If you have an ``init`` or ``reset`` callback for
+   *array*, it will be used to initialize the space that was allocated for the
+   new element, and then *element* will be directly copied into that space
+   (using ``memcpy`` or an equivalent).  If that is not the right copy behavior
+   for the elements of *array*, then you should use
+   :c:func:`cork_array_append_get` instead, and fill in the allocated element
+   directly.
+
+.. function:: T \*cork_array_append_get(cork_array(T) \*array)
+
+   Appends a new element to the end of *array*, reallocating the array's storage
+   if necessary, returning a pointer to the new element.
+
+.. function:: int cork_array_ensure_size(cork_array(T) \*array, size_t desired_count)
+
+   Ensures that *array* has enough allocated space to store *desired_count*
+   elements, reallocating the array's storage if needed.  The actual size and
+   existing contents of the array aren't changed.
+
+.. function:: int cork_array_copy(cork_array(T) \*dest, cork_array(T) \*src, cork_copy_f \*copy, void \*user_data)
+
+   Copy elements from *src* to *dest*.  If you provide a *copy* function, it
+   will be called on each element to perform the copy.  If not, we'll use
+   ``memcpy`` to bulk-copy the elements.
+
+   If you've provided :ref:`callbacks <array-callbacks>` for *dest*, then those
+   callbacks will be called appropriately.  We'll call the ``remove`` callback
+   for any existing entries (will be overwritten by the copy).  We'll call
+   ``init`` or ``reuse`` on each element entry before it's copied.
+
+   .. type:: typedef int (\*cork_copy_f)(void \*user_data, void \*dest, const void \*src)
+
+.. function:: size_t cork_array_element_size(cork_array(T) \*array)
+
+   Returns the size of the elements that are stored in *array*.  You
+   won't normally need to call this, since you can just use
+   ``sizeof(T)``.
+
+
+.. _array-callbacks:
+
+Initializing and finalizing elements
+------------------------------------
+
+You can provide callback functions that will be used to automatically initialize
+and finalize the elements of a resizable array.
+
+
+.. function:: void cork_array_set_init(cork_array(T) \*array, cork_init_f init)
+              void cork_array_set_done(cork_array(T) \*array, cork_done_f done)
+              void cork_array_set_reuse(cork_array(T) \*array, cork_init_f reuse)
+              void cork_array_set_remove(cork_array(T) \*array, cork_done_f remove)
+              void cork_array_set_callback_data(cork_array(T) \*array, void \*user_data, cork_free_f free_user_data)
+
+   Set one of the callback functions for *array*.  There are two pairs of
+   callbacks: ``init`` and ``done``, and ``reuse`` and ``remove``.  Within each
+   pair, one callback is used to initialize an element of the array, while the
+   other is used to finalize it.
+
+   The ``init`` callback is used to initialize an element when its array entry
+   is used for the first time.  If you then shrink the array (via
+   :c:func:`cork_array_clear`, for instance), and then append elements again,
+   you will reuse array entries; in this case, the ``reset`` callback is used
+   instead.  (Having separate ``init`` and ``reuse`` callbacks can be useful
+   when the elements are complex objects with deep memory requirements.  If you
+   use the ``init`` callback to allocate that memory, and use the ``reset``
+   callback to "clear" it, then you can reduce some of the memory allocation
+   overhead.)
+
+   Similarly, the ``remove`` callback is used when an element is removed from
+   the array, but the space that the element used isn't being reclaimed yet.
+   The ``done`` callback, on the other hand, is used when the array entry is
+   reclaimed and freed.
+
+   All of the callbacks take in an additional *user_data* parameter, in addition
+   to the array entries themselves.  You provide that parameter by calling the
+   :c:func:`cork_array_set_callback_data` function.  If you pass in a
+   *free_user_data* function, then we will use that function to free the
+   *user_data* when the array itself is finalized.
+
+   .. type:: typedef void (\*cork_init_f)(void \*user_data, void \*value)
+             typedef void (\*cork_done_f)(void \*user_data, void \*value)
+             typedef void (\*cork_free_f)(void \*value)
diff --git a/client/3rd/ShadowSocks/ShadowSocks/shadowsocks-libev/libcork/docs/old/attributes.rst b/client/3rd/ShadowSocks/ShadowSocks/shadowsocks-libev/libcork/docs/old/attributes.rst
new file mode 100644
index 00000000..c3ab4450
--- /dev/null
+++ b/client/3rd/ShadowSocks/ShadowSocks/shadowsocks-libev/libcork/docs/old/attributes.rst
@@ -0,0 +1,119 @@
+.. _attributes:
+
+*******************
+Compiler attributes
+*******************
+
+.. highlight:: c
+
+::
+
+  #include <libcork/core.h>
+
+The macros in this section define compiler-agnostic versions of several
+common compiler attributes.
+
+
+.. function:: CORK_LIKELY(expression)
+              CORK_UNLIKELY(expression)
+
+   Indicate that the given Boolean *expression* is likely to be ``true``
+   or ``false``, respectively.  The compiler can sometimes use this
+   information to generate more efficient code.
+
+
+.. macro:: CORK_ATTR_CONST
+
+   Declare a “constant” function.  The return value of a constant
+   function can only depend on its parameters.  This is slightly more
+   strict than a “pure” function (declared by
+   :c:macro:`CORK_ATTR_PURE`); a constant function is not allowed to
+   read from global variables, whereas a pure function is.
+
+   .. note:: Note that the compiler won't verify that your function
+      meets the requirements of a constant function.  Instead, this
+      attribute notifies the compiler of your intentions, which allows
+      the compiler to assume more about your function when optimizing
+      code that calls it.
+
+   ::
+
+     int square(int x) CORK_ATTR_CONST;
+
+
+.. macro:: CORK_ATTR_MALLOC
+
+   Declare a function that returns a newly allocated pointer.  The
+   compiler can use this information to generate more accurate aliasing
+   information, since it can infer that the result of the function
+   cannot alias any other existing pointer.
+
+   ::
+
+     void *custom_malloc(size_t size) CORK_ATTR_MALLOC;
+
+
+.. macro:: CORK_ATTR_NOINLINE
+
+   Declare that a function shouldn't be eligible for inlining.
+
+
+.. macro:: CORK_ATTR_PRINTF(format_index, args_index)
+
+   Declare a function that takes in ``printf``\ -like parameters.
+   *format_index* is the index (starting from 1) of the parameter that
+   contains the ``printf`` format string.  *args_index* is the index of
+   the first parameter that contains the data to format.
+
+
+.. macro:: CORK_ATTR_PURE
+
+   Declare a “pure” function.  The return value of a pure function can
+   only depend on its parameters, and on global variables.
+
+   ::
+
+     static int  _next_id;
+     int get_next_id(void) CORK_ATTR_PURE;
+
+
+.. macro:: CORK_ATTR_SENTINEL
+
+   Declare a var-arg function whose last parameter must be a ``NULL``
+   sentinel value.  When the compiler supports this attribute, it will
+   check the actual parameters whenever this function is called, and
+   ensure that the last parameter is a ``NULL``.
+
+
+.. macro:: CORK_ATTR_UNUSED
+
+   Declare a entity that might not be used.  This lets you keep
+   ``-Wall`` activated in several cases where you're obligated to define
+   something that you don't intend to use.
+
+   ::
+
+     CORK_ATTR_UNUSED static void
+     unused_function(void)
+     {
+         CORK_ATTR_UNUSED int  unused_value;
+     }
+
+
+.. macro:: CORK_INITIALIZER(func_name)
+
+   Declare a ``static`` function that will be automatically called at program
+   startup.  If there are multiple initializer functions linked into a program,
+   there is no guarantee about the order in which the functions will be called.
+
+   ::
+
+     #include <libcork/core.h>
+     #include <libcork/ds.h>
+
+     static cork_array(int)  array;
+
+     CORK_INITIALIZER(init_array)
+     {
+        cork_array_init(&array);
+     }
diff --git a/client/3rd/ShadowSocks/ShadowSocks/shadowsocks-libev/libcork/docs/old/basic-types.rst b/client/3rd/ShadowSocks/ShadowSocks/shadowsocks-libev/libcork/docs/old/basic-types.rst
new file mode 100644
index 00000000..4a6fe8f1
--- /dev/null
+++ b/client/3rd/ShadowSocks/ShadowSocks/shadowsocks-libev/libcork/docs/old/basic-types.rst
@@ -0,0 +1,120 @@
+.. _basic-types:
+
+***********
+Basic types
+***********
+
+.. highlight:: c
+
+::
+
+  #include <libcork/core.h>
+
+The types in this section ensure that the C99 integer types are
+available, regardless of platform.  We also define some preprocessor
+macros that give the size of the non-fixed-size standard types.  In
+addition, libcork defines some useful low-level types:
+
+.. toctree::
+   :maxdepth: 1
+
+   int128
+   net-addresses
+   timestamps
+   hash-values
+   unique-ids
+
+Integral types
+==============
+
+.. type:: bool
+
+   A boolean.  Where possible, we simply include ``<stdbool.h>`` to get
+   this type.  It might be ``typedef``\ ed to ``int``\ .  We also make
+   sure that the following constants are defined:
+
+   .. var:: bool false
+            bool true
+
+.. type:: int8_t
+          uint8_t
+          int16_t
+          uint16_t
+          int32_t
+          uint32_t
+          int64_t
+          uint64_t
+
+   Signed and unsigned, fixed-size integral types.
+
+.. type:: intptr_t
+          uintptr_t
+
+   Signed and unsigned integers that are guaranteed to be big enough to
+   hold a type-cast ``void *``\ .
+
+.. type:: size_t
+
+   An unsigned integer big enough to hold the size of a memory object,
+   or a maximal array index.
+
+.. type:: ptrdiff_t
+
+   A signed integer big enough to hold the difference between two
+   pointers.
+
+Size macros
+===========
+
+.. macro:: CORK_SIZEOF_SHORT
+           CORK_SIZEOF_INT
+           CORK_SIZEOF_LONG
+           CORK_SIZEOF_POINTER
+
+   The size (in bytes) of the ``short``, ``int``, ``long``, and ``void
+   *`` types, respectively.
+
+
+.. _embedded-struct:
+
+Embedded ``struct``\ s
+======================
+
+Quite often a callback function or API will take in a pointer to a
+particular ``struct``, with the expectation that you can embed that
+``struct`` into some other type for extension purposes.  Kind of a
+bastardized subclassing mechanism for C code.  The doubly-linked list
+module is a perfect example; you're meant to embed
+:c:type:`cork_dllist_item` within the linked list element type.  You can
+use the following macro to obtain the pointer to the containing
+(“subclass”) ``struct``, when given a pointer to the contained
+(“superclass”) ``struct``:
+
+.. function:: struct_type \*cork_container_of(field_type \*field, TYPE struct_type, FIELD field_name)
+
+   The *struct_type* parameter must be the name of a ``struct`` type,
+   *field_name* must be the name of some field within that
+   ``struct``, and *field* must be a pointer to an instance of that
+   field.  The macro returns a pointer to the containing ``struct``.
+   So, given the following definitions::
+
+     struct superclass {
+         int  a;
+     };
+
+     struct subclass {
+         int  b;
+         struct superclass  parent;
+     };
+
+     struct subclass  instance;
+
+   then the following identity holds::
+
+     cork_container_of(&instance.parent, struct subclass, parent) == &instance
+
+   .. note:: When the superclass ``struct`` appears as the first element
+      of the subclass ``struct``, you can obtain the same effect using a
+      simple type-cast.  However, the ``cork_container_of`` macro is
+      more robust, since it also works when the superclass ``struct``
+      appears later on in the subclass ``struct``.
diff --git a/client/3rd/ShadowSocks/ShadowSocks/shadowsocks-libev/libcork/docs/old/bitset.rst b/client/3rd/ShadowSocks/ShadowSocks/shadowsocks-libev/libcork/docs/old/bitset.rst
new file mode 100644
index 00000000..3cb9b12c
--- /dev/null
+++ b/client/3rd/ShadowSocks/ShadowSocks/shadowsocks-libev/libcork/docs/old/bitset.rst
@@ -0,0 +1,67 @@
+.. _bits:
+
+********
+Bit sets
+********
+
+.. highlight:: c
+
+::
+
+  #include <libcork/ds.h>
+
+This sections defines a type for storing an array of bits.  This data structure
+is most often used to implement a set of integers.  It is particularly good when
+you expect your sets to be *dense*.  You should not use a bitset if the number
+of possibly elements is outrageously large, however, since that would cause your
+bitset to exhaust the available memory.
+
+.. type:: struct cork_bitset
+
+   An array of bits.  You should not allocate any instances of this type
+   yourself; use :c:func:`cork_bitset_new` instead.
+
+   .. member:: size_t bit_count
+
+      The number of bits that are included in this array.  (Each bit can be on
+      or off; this does not give you the number of bits that are *on*, it gives
+      you the number of bits in total, on or off.)
+
+
+.. function:: void cork_bitset_init(struct cork_bitset \*set)
+
+   Initialize a new bitset instance that you've allocated yourself
+   (usually on the stack).  All bits will be initialized to ``0``.
+
+.. function:: struct cork_bitset \*cork_bitset_new(size_t bit_count)
+
+   Create a new bitset with enough space to store the given number of bits.
+   All bits will be initialized to ``0``.
+
+.. function:: void cork_bitset_done(struct cork_bitset \*set)
+
+   Finalize a bitset, freeing any set content that it contains.  This
+   function should only be used for bitsets that you allocated yourself,
+   and initialized using :c:func:`cork_bitset_init()`.  You must **not** use
+   this function to free a bitset allocated using :c:func:`cork_bitset_new()`.
+
+.. function:: void cork_bitset_free(struct cork_bitset \*set)
+
+   Finalize and deallocate a bitset, freeing any set content that it
+   contains.  This function should only be used for bitsets allocated
+   using :c:func:`cork_bitset_new()`.  You must **not** use this
+   function to free a bitset initialized using :c:func:`cork_bitset_init()`.
+
+.. function:: bool cork_bitset_get(struct cork_bitset \*set, size_t index)
+
+   Return whether the given bit is on or off in *set*.  It is your
+   responsibility to ensure that *index* is within the valid range for *set*.
+
+.. function:: void cork_bitset_set(struct cork_bitset \*set, size_t index, bool value)
+
+   Turn the given bit on or off in *set*.  It is your responsibility to ensure
+   that *index* is within the valid range for *set*.
+
+.. function:: void cork_bitset_clear(struct cork_bitset \*set)
+
+   Turn off of the bits in *set*.
diff --git a/client/3rd/ShadowSocks/ShadowSocks/shadowsocks-libev/libcork/docs/old/buffer.rst b/client/3rd/ShadowSocks/ShadowSocks/shadowsocks-libev/libcork/docs/old/buffer.rst
new file mode 100644
index 00000000..a149ea58
--- /dev/null
+++ b/client/3rd/ShadowSocks/ShadowSocks/shadowsocks-libev/libcork/docs/old/buffer.rst
@@ -0,0 +1,261 @@
+.. _buffer:
+
+************************
+Resizable binary buffers
+************************
+
+.. highlight:: c
+
+::
+
+  #include <libcork/ds.h>
+
+This section defines a resizable binary buffer type.  This class can
+also be used to construct C strings, when you don't know the size of
+the string in advance.
+
+This class is not reference counted; we assume that there's a single
+owner of the buffer.  The contents of a :c:type:`cork_buffer` are fully
+mutable.  If you want to turn the buffer into something that's safe to
+pass between threads, you can use the :c:func:`cork_buffer_to_slice()`
+or :c:func:`cork_buffer_to_managed_buffer()` functions to create an
+immutable managed wrapper around the buffer.
+
+You can read the contents of the buffer by accessing the :c:member:`buf
+<cork_buffer.buf>` and :c:member:`size <cork_buffer.size>` fields
+directly.  However, to modify the contents of a buffer, you should use
+the mutator functions described below, since they take care of
+automatically resizing the underlying buffer when necessary.
+
+.. note::
+
+   This class always creates its own copy of any data added to the
+   buffer; there aren't any methods for wrapping existing buffers
+   without copying.  If you want to do that, you should use
+   :ref:`managed-buffer` or :ref:`slice`.
+
+
+.. type:: struct cork_buffer
+
+   A resizable binary buffer.
+
+   .. member:: void \*buf
+
+      The current contents of the buffer.
+
+   .. member:: size_t  size
+
+      The current size of the buffer.
+
+
+.. function:: void cork_buffer_init(struct cork_buffer \*buffer)
+              struct cork_buffer CORK_BUFFER_INIT()
+
+   Initialize a new buffer instance that you've allocated yourself
+   (usually on the stack).  The ``CORK_BUFFER_INIT`` version can only be
+   used as a static initializer.
+
+   The preallocated ``cork_buffer`` instance that you provide doesn't
+   include space for the content of the buffer; this will be allocated
+   automatically as content is added.
+
+.. function:: struct cork_buffer \*cork_buffer_new(void)
+
+   Allocate and initialize a new buffer instance.
+
+.. function:: void cork_buffer_done(struct cork_buffer \*buffer)
+
+   Finalize a buffer, freeing any content that it contains.  This
+   function should only be used for buffers that you allocated yourself,
+   and initialized using :c:func:`cork_buffer_init()` or
+   :c:func:`CORK_BUFFER_INIT()`.  You must **not** use this function to
+   free a buffer allocated using :c:func:`cork_buffer_new()`.
+
+.. function:: void cork_buffer_free(struct cork_buffer \*buffer)
+
+   Finalize and deallocate a buffer, freeing any content that it
+   contains.  This function should only be used for buffers allocated
+   using :c:func:`cork_buffer_new()`.  You must **not** use this
+   function to free a buffer initialized using
+   :c:func:`cork_buffer_init()` or :c:func:`CORK_BUFFER_INIT()`.
+
+.. function:: bool cork_buffer_equal(const struct cork_buffer \*buffer1, const struct cork_buffer \*buffer2)
+
+   Compare two buffers for equality.
+
+.. function:: void cork_buffer_ensure_size(struct cork_buffer \*buffer, size_t desired_size)
+
+   Ensure that a buffer has allocated enough space to store at least
+   *desired_size* bytes.  We won't shrink the size of the buffer's
+   internal storage; if the buffer has already allocated at least
+   *desired_size* bytes, the function acts as a no-op.
+
+.. function:: uint8_t cork_buffer_byte(struct cork_buffer \*buffer, size_t index)
+              char cork_buffer_char(struct cork_buffer \*buffer, size_t index)
+
+   Return the byte or character at the given index in *buffer*.
+
+
+Mutator functions
+-----------------
+
+Most of the mutator functions defined in this section come in two
+variants: a ``_set`` function, which clears the buffer before adding new
+content, and an ``_append`` function, which retains the old content,
+adding the new content to the end of the buffer.
+
+Each mutator function will automatically append an extra ``NUL`` byte to
+the end of whatever content is placed into the buffer.  However, this
+``NUL`` byte will **not** be included in the :c:member:`size
+<cork_buffer.size>` of the buffer.  This ensures that the contents of
+any ``cork_buffer`` can be used as a ``NUL``\ -terminated C string
+(assuming that there aren't any internal ``NUL``\ s), even if the buffer
+is constructed from a data source that doesn't include ``NUL``
+terminators.
+
+.. function:: void cork_buffer_clear(struct cork_buffer \*buffer)
+
+   Clear a buffer.  This does not free any storage that the buffer has
+   allocated; this storage will be reused if you add contents back to the
+   buffer.
+
+.. function:: void cork_buffer_truncate(struct cork_buffer \*buffer, size_t length)
+
+   Truncate a buffer so that contains no more than *length* bytes.  If the
+   buffer is already shorter than this, it is not modified.
+
+.. function:: void cork_buffer_copy(struct cork_buffer \*dest, const struct cork_buffer \*src)
+              void cork_buffer_append_copy(struct cork_buffer \*dest, const struct cork_buffer \*src)
+
+   Copy the contents of the *src* buffer into *dest*.  The ``_set`` variant
+   clears the buffer first, while the ``_append`` variant adds *src* to whatever
+   content is already there.
+
+.. function:: void cork_buffer_set(struct cork_buffer \*buffer, const void \*src, size_t length)
+              void cork_buffer_append(struct cork_buffer \*buffer, const void \*src, size_t length)
+
+   Copy the contents of *src* into a buffer.  The ``_set`` variant
+   clears the buffer first, while the ``_append`` variant adds *src* to
+   whatever content is already there.
+
+.. function:: void cork_buffer_set_string(struct cork_buffer \*buffer, const char \*str)
+              void cork_buffer_append_string(struct cork_buffer \*buffer, const char \*str)
+              void cork_buffer_set_literal(struct cork_buffer \*buffer, const char \*str)
+              void cork_buffer_append_literal(struct cork_buffer \*buffer, const char \*str)
+
+   Copy the contents of *str* (which must be a ``NUL``\ -terminated C
+   string) into a buffer.  The ``_set`` variants clears the buffer first,
+   while the ``_append`` variants adds *str* to whatever content is
+   already there.  The ``_literal`` variants only work when *str* is a C string
+   literal; we use the ``sizeof`` operator to determine the length of the string
+   at compile time.  The ``_string`` variants work with any C string; we use the
+   builtin ``strlen`` function to determine the length of the string.
+
+.. function:: void cork_buffer_printf(struct cork_buffer \*buffer, const char \*format, ...)
+              void cork_buffer_vprintf(struct cork_buffer \*buffer, const char \*format, va_list args)
+              void cork_buffer_append_printf(struct cork_buffer \*buffer, const char \*format, ...)
+              void cork_buffer_append_vprintf(struct cork_buffer \*buffer, const char \*format, va_list args)
+
+   Format data according to a ``printf`` format string, placing the
+   result into a buffer.  The ``_append`` variants add the formatted
+   string to whatever content is already in the buffer; the non-\
+   ``_append`` variants clear the buffer first.  The ``_printf``
+   variants are vararg functions, and take in the format string's data
+   as direct parameters.  The ``_vprintf`` variants can be used within
+   another vararg function, and let you pass in the format string's data
+   as a C99-standard ``va_list`` instance.
+
+
+Pretty-printing
+---------------
+
+We also provide several helper functions for adding pretty-printed content to a
+``cork_buffer``.
+
+.. function:: void cork_buffer_append_indent(struct cork_buffer \*buffer, size_t indent)
+
+   Append *indent* spaces to *buffer*.
+
+.. function:: void cork_buffer_append_c_string(struct cork_buffer \*buffer, const char \*str, size_t length)
+
+   Append the C string literal representation of *str* to *buffer*.  This will
+   include opening and closing double quotes, and any non-printable characters
+   will be escaped.  (We will use the standard letter-based escapes where
+   possible, and fall back on ``"\xXX"`` hexadecimal escapes for other
+   non-printable characters.)  The result is guaranteed to stay on a single
+   line, since any embedded newlines will be converted to a ``\n`` escape
+   sequence.
+
+.. function:: void cork_buffer_append_hex_dump(struct cork_buffer \*buffer, size_t indent, const char \*str, size_t length)
+              void cork_buffer_append_multiline(struct cork_buffer \*buffer, size_t indent, const char \*str, size_t length)
+              void cork_buffer_append_binary(struct cork_buffer \*buffer, size_t indent, const char \*str, size_t length)
+
+   Append a pretty-printed representation of *str* to *buffer*.  All of these
+   functions can produce multiple lines of output.  All lines except for the
+   first will be prefaced with *indent* space characters.  The final line will
+   **not** have a trailing newline.
+
+   The ``hex_dump`` variant will output a hex-dump representation of *str*.
+   This will include the hexadecimal representation of each byte, and the actual
+   character of any printable byte.
+
+   The ``multiline`` variant appends the raw content of *str* to the buffer,
+   without making any attempt to sanitize non-printable characters.  (That means
+   you should only call this variant if you know that *str* contains only
+   printable characters.)  If *str* itself spans multiple lines, then we'll
+   insert indentation to make sure that we satisfy the indentation rules
+   described above.
+
+   The ``binary`` variant autodetects how to best render *str*.  If it contains
+   any non-printable characters, then we'll use the ``hex_dump`` representation.
+   If it spans multiple lines, we'll use the ``multiline`` representation.
+   Otherwise, we'll append the content directly without any modification.
+
+
+Other binary data structures
+----------------------------
+
+The ``cork_buffer`` class is the only binary data class that is mutable;
+this comes at the cost of only being usable by a single owner thread or
+function at a time.  Once you have constructed a binary string or
+payload using a ``cork_buffer``, you can use the functions in this
+section to produce a corresponding instance of one of libcork's
+sharable, immutable binary data types.
+
+.. function:: struct cork_managed_buffer \*cork_buffer_to_managed_buffer(struct cork_buffer \*buffer)
+
+   Create a new :ref:`managed buffer <managed-buffer>` to manage the
+   contents of a ``cork_buffer`` instance.  *buffer* must have been
+   allocated on the heap (i.e., using :c:func:`cork_buffer_new()`, and
+   not :c:func:`cork_buffer_init()`).  We take ownership of *buffer*,
+   regardless of whether we're able to successfully create a new
+   :c:type:`cork_managed_buffer` instance.  You must **not** try to free
+   *buffer* yourself.
+
+.. function:: int cork_buffer_to_slice(struct cork_buffer \*buffer, struct cork_slice \*slice)
+
+   Initialize a new :ref:`slice <slice>` to manage the contents of
+   *buffer*.  *buffer* must have been allocated on the heap (i.e., using
+   :c:func:`cork_buffer_new()`, and not :c:func:`cork_buffer_init()`).
+   We take ownership of *buffer*, regardless of whether we're able to
+   successfully create a new :c:type:`cork_managed_buffer` instance.
+   You must **not** try to free *buffer* yourself.
+
+   The slice will point into the contents of a new :ref:`managed buffer
+   <managed-buffer>` instance.  The managed buffer isn't returned
+   directly, though you can create additional slices into it using the
+   usual :c:type:`cork_slice` methods.
+
+   Regardless of whether we can initialize the slice successfully, you
+   **must** call :c:func:`cork_slice_finish()` on *slice* when you're
+   done with the slice.
+
+.. function:: struct cork_stream_consumer \*cork_buffer_to_stream_consumer(struct cork_buffer \*buffer)
+
+   Create a new stream consumer that appends any received data into
+   *buffer*.
+
+   We do **not** take control of *buffer*.  You retain responsibility
+   for freeing the buffer, and you must ensure that it remains allocated
+   and valid for the entire lifetime of the stream consumer that we
+   return.
diff --git a/client/3rd/ShadowSocks/ShadowSocks/shadowsocks-libev/libcork/docs/old/byte-order.rst b/client/3rd/ShadowSocks/ShadowSocks/shadowsocks-libev/libcork/docs/old/byte-order.rst
new file mode 100644
index 00000000..c95bf347
--- /dev/null
+++ b/client/3rd/ShadowSocks/ShadowSocks/shadowsocks-libev/libcork/docs/old/byte-order.rst
@@ -0,0 +1,144 @@
+.. _byte-order:
+
+**********
+Byte order
+**********
+
+.. highlight:: c
+
+::
+
+  #include <libcork/core.h>
+
+This section contains definitions for determining the endianness of the
+host system, and for byte-swapping integer values of various sizes.
+
+
+Endianness detection
+====================
+
+.. macro:: CORK_LITTLE_ENDIAN
+           CORK_BIG_ENDIAN
+           CORK_HOST_ENDIANNESS
+           CORK_OTHER_ENDIANNESS
+
+   The ``CORK_HOST_ENDIANNESS`` macro can be used to determine the
+   endianness of the host system.  It will be equal to either
+   ``CORK_LITTLE_ENDIAN`` or ``CORK_BIG_ENDIAN``.  (The actual values
+   don't matter; you should always compare against the predefined
+   constants.)  The ``CORK_OTHER_endianness`` macro is defined to be the
+   opposite endianness as ``CORK_HOST_ENDIANNESS``.  A common use case
+   would be something like::
+
+     #if CORK_HOST_endianness == CORK_LITTLE_ENDIAN
+     /* do something to little-endian values */
+     #else
+     /* do something to big-endian values */
+     #endif
+
+.. macro:: CORK_HOST_ENDIANNESS_NAME
+           CORK_OTHER_ENDIANNESS_NAME
+
+   These macros give you a human-readable name of the host's endianness.
+   You can use this in debugging messages.
+
+   .. note:: You should *not* use these macros to detect the
+      endianness of the system, since we might change their definitions
+      at some point to support localization.  For that,
+      use :macro:`CORK_LITTLE_ENDIAN` and :macro:`CORK_BIG_ENDIAN`.
+
+
+Byte swapping
+=============
+
+Swapping arbitrary expressions
+------------------------------
+
+All of the macros in this section take in an rvalue (i.e., any arbitrary
+expression) as a parameter.  The result of the swap is returned as the
+value of the macro.
+
+.. function:: uint16_t CORK_SWAP_UINT16(uint16_t value)
+              uint32_t CORK_SWAP_UINT32(uint32_t value)
+              uint64_t CORK_SWAP_UINT64(uint64_t value)
+
+   These functions always perform a byte-swap, regardless of the
+   endianness of the host system.
+
+.. function:: uint16_t CORK_UINT16_BIG_TO_HOST(uint16_t value)
+              uint32_t CORK_UINT32_BIG_TO_HOST(uint32_t value)
+              uint64_t CORK_UINT64_BIG_TO_HOST(uint64_t value)
+
+   These functions convert a big-endian (or network-endian) value into
+   host endianness.  (I.e., they only perform a swap if the current host
+   is little-endian.)
+
+.. function:: uint16_t CORK_UINT16_HOST_TO_BIG(uint16_t value)
+              uint32_t CORK_UINT32_HOST_TO_BIG(uint32_t value)
+              uint64_t CORK_UINT64_HOST_TO_BIG(uint64_t value)
+
+   These functions convert a host-endian value into big (or network)
+   endianness.  (I.e., they only perform a swap if the current host is
+   little-endian.)
+
+.. function:: uint16_t CORK_UINT16_LITTLE_TO_HOST(uint16_t value)
+              uint32_t CORK_UINT32_LITTLE_TO_HOST(uint32_t value)
+              uint64_t CORK_UINT64_LITTLE_TO_HOST(uint64_t value)
+
+   These functions convert a little-endian value into host endianness.
+   (I.e., they only perform a swap if the current host is big-endian.)
+
+.. function:: uint16_t CORK_UINT16_HOST_TO_LITTLE(uint16_t value)
+              uint32_t CORK_UINT32_HOST_TO_LITTLE(uint32_t value)
+              uint64_t CORK_UINT64_HOST_TO_LITTLE(uint64_t value)
+
+   These functions convert a host-endian value into little endianness.
+   (I.e., they only perform a swap if the current host is big-endian.)
+
+Swapping values in place
+------------------------
+
+The macros in this section swap an integer *in place*, which means that
+the original value is overwritten with the result of the swap.  To
+support this, you must pass in an *lvalue* as the parameter to the
+macro.  (Note that you don't pass in a *pointer* to the original value;
+these operations are implemented as macros, and you just need to provide
+a reference to the variable to be swapped.)
+
+.. function:: void CORK_SWAP_UINT16_IN_PLACE(uint16_t &value)
+              void CORK_SWAP_UINT32_IN_PLACE(uint32_t &value)
+              void CORK_SWAP_UINT64_IN_PLACE(uint64_t &value)
+
+   These functions always perform a byte-swap, regardless of the
+   endianness of the host system.
+
+.. function:: void CORK_UINT16_BIG_TO_HOST_IN_PLACE(uint16_t &value)
+              void CORK_UINT32_BIG_TO_HOST_IN_PLACE(uint32_t &value)
+              void CORK_UINT64_BIG_TO_HOST_IN_PLACE(uint64_t &value)
+
+   These functions convert a big-endian (or network-endian) value into
+   host endianness, and vice versa.  (I.e., they only perform a swap if
+   the current host is little-endian.)
+
+.. function:: void CORK_UINT16_HOST_TO_BIG_IN_PLACE(uint16_t &value)
+              void CORK_UINT32_HOST_TO_BIG_IN_PLACE(uint32_t &value)
+              void CORK_UINT64_HOST_TO_BIG_IN_PLACE(uint64_t &value)
+
+   These functions convert a host-endian value into big (or network)
+   endianness.  (I.e., they only perform a swap if the current host is
+   little-endian.)
+
+.. function:: void CORK_UINT16_LITTLE_TO_HOST_IN_PLACE(uint16_t &value)
+              void CORK_UINT32_LITTLE_TO_HOST_IN_PLACE(uint32_t &value)
+              void CORK_UINT64_LITTLE_TO_HOST_IN_PLACE(uint64_t &value)
+
+   These functions convert a little-endian value into host endianness, and
+   vice versa.  (I.e., they only perform a swap if the current host is
+   big-endian.)
+
+.. function:: void CORK_UINT16_HOST_TO_LITTLE_IN_PLACE(uint16_t &value)
+              void CORK_UINT32_HOST_TO_LITTLE_IN_PLACE(uint32_t &value)
+              void CORK_UINT64_HOST_TO_LITTLE_IN_PLACE(uint64_t &value)
+
+   These functions convert a host-endian value into little endianness.
+   (I.e., they only perform a swap if the current host is big-endian.)
diff --git a/client/3rd/ShadowSocks/ShadowSocks/shadowsocks-libev/libcork/docs/old/cli.rst b/client/3rd/ShadowSocks/ShadowSocks/shadowsocks-libev/libcork/docs/old/cli.rst
new file mode 100644
index 00000000..8abef49f
--- /dev/null
+++ b/client/3rd/ShadowSocks/ShadowSocks/shadowsocks-libev/libcork/docs/old/cli.rst
@@ -0,0 +1,342 @@
+.. _cli:
+
+*********************
+Command-line programs
+*********************
+
+.. highlight:: c
+
+::
+
+  #include <libcork/cli.h>
+
+The functions in this section let you easily create complex command-line
+applications that include subcommands, in the style of the ``git`` or ``svn``
+programs.
+
+
+Overview
+========
+
+If you're designing an application where you want to provide command-line access
+to many different operations or use cases, the simplest solution is to create a
+separate executable for each one.  This can clutter up the user's
+``$PREFIX/bin`` directory, however, and can add complexity to your code base.
+Many projects instead create a single “super-command” executable, which includes
+within it all of the operations that you want to support.  You choose specific
+operations by selecting a *subcommand* on the command line.
+
+.. type:: struct cork_command
+
+   An opaque type describing one of the subcommands in an executable.
+
+So, for instance, if you were writing a library for manipulating sets of
+objects, you could define several subcommands of a single ``set`` executable:
+
+.. code-block:: none
+
+    $ set add <filename> <element>
+    $ set query <filename> <element>
+    $ set remove <filename> <element>
+    $ set union -o <output file> <file1> <file2>
+    $ set print avro <filename>
+    $ set print json <filename>
+
+Each of these operations acts in exactly the same as if they were defined as
+separate executables:
+
+.. code-block:: none
+
+    $ set-add <filename> <element>
+    $ set-query <filename> <element>
+    $ set-remove <filename> <element>
+    $ set-union -o <output file> <file1> <file2>
+    $ set-print-avro <filename>
+    $ set-print-json <filename>
+
+Note that you're not limited to one level of subcommands.  The ``set print``
+subcommand, for instance, itself contains two subcommands: ``avro`` and
+``json``.
+
+
+Leaf commands
+=============
+
+A *leaf command* is a subcommand that represents one operation in your
+executable.  In the example above, there are six leaf commands: ``set add``,
+``set query``, ``set remove``, ``set union``, ``set print avro``, and ``set
+print json``.
+
+To define a leaf command, you use the following macro:
+
+.. macro:: cork_leaf_command(const char \*name, const char \*short_description, const char \*usage, const char \*full_help, cork_option_parser parse_options, run)
+
+   Returns :c:type:`cork_command` instance that defines a leaf command.  *name*
+   is the name of the leaf command; this is the word that the user must type on
+   the command-line to select this command.  (For ``set add``, this would be
+   ``add``; for ``set print avro``, this would be ``avro``.)
+
+   *short_description*, *usage*, and *full_help* should be static strings, and
+   will be used to produce various forms of :ref:`help text <cli-help>` for the
+   subcommand.  *short_description* should fit into one line; this will be used
+   as the short description of this leaf command when we print out a list of all
+   of the subcommands that are in the command set that this leaf belongs to.
+   *usage* will be printed whenever we need to print out a usage synopsis.  This
+   should describe the options and arguments to the leaf command; it will be
+   printed after the full name of the subcommand.  (For instance, using the
+   example above, the ``set add`` command's usage text would be ``<filename>
+   <element>``.)  *full_help* should be a longer, multi-line string that
+   describes the subcommand *in full detail*.  We will automatically preface the
+   help text with the usage summary for the command.
+
+   *parse_options* is a function that will be used to parse any command-line
+   options that appear *after* the subcommand's name on the command line.  (See
+   :ref:`below <cli-options>` for more details.)  This can be ``NULL`` if the
+   subcommand does not have any options.
+
+   *run* is the function that will be called to actually execute the command.
+   Any options will have already been processed by the *parse_options* function;
+   you should stash the option values into global or file-scope variables, and
+   then use the contents of those variables in this function.  Your *run*
+   function must be an instance of the :c:type:`cork_leaf_command_run` function
+   type:
+
+   .. type:: void (\*cork_leaf_command_run)(int argc, char \*\*argv)
+
+      The *argc* and *argv* parameters will describe any values that appear on
+      the command line after the name of the leaf command.  This will *not*
+      include any options that were processed by the command's *parse_options*
+      function.
+
+As an example, we could define the ``set add`` command as follows::
+
+    static void
+    set_add_run(int argc, char **argv);
+
+    #define SET_ADD_SHORT  "Adds an element to a set"
+    #define SET_ADD_USAGE  "<filename> <element>"
+    #define SET_ADD_FULL \
+        "Loads in a set from <filename>, and adds <element> to the set.  The\n" \
+        "new set will be written back out to <filename>.\n"
+
+    static struct cork_command  set_add =
+        cork_leaf_command("add", SET_ADD_SHORT, SET_ADD_USAGE, SET_ADD_FULL,
+                          NULL, set_add_run);
+
+    static void
+    set_add_run(int argc, char **argv)
+    {
+        /* Verify that the user gave both required options... */
+        if (argc < 1) {
+            cork_command_show_help(&set_add, "Missing set filename.");
+            exit(EXIT_FAILURE);
+        }
+        if (argc < 2) {
+            cork_command_show_help(&set_add, "Missing element to add.");
+            exit(EXIT_FAILURE);
+        }
+
+        /* ...and no others. */
+        if (argc > 2) {
+            cork_command_show_help(&set_add, "Too many values on command line.");
+            exit(EXIT_FAILURE);
+        }
+
+        /* At this point, <filename> will be in argv[0], <element> will be in
+         * argv[1]. */
+
+        /* Do what needs to be done */
+        exit(EXIT_SUCCESS);
+    }
+
+There are a few interesting points to make.  First, note that we use
+preprocessor macros to define all of the help text for the command.  Also, note
+that *each* line (including the last) of the full help text needs to have a
+trailing newline included in the string literal.
+
+Lastly, note that we still have to perform some final validation of the command
+line arguments given by the user.  If the user hasn't satisfied the subcommand's
+requirements, we use the :c:func:`cork_command_show_help` function to print out
+a nice error message (including a usage summary of the subcommand), and then we
+halt the executable using the standard ``exit`` function.
+
+
+Command sets
+============
+
+A *command set* is a collection of subcommands.  Every executable will have at
+least one command set, for the root executable itself.  It's also possible to
+have nested command sets.  In our example above, ``set`` and ``set print`` are
+both command sets.
+
+To define a command set, you use the following macro:
+
+.. macro:: cork_command_set(const char \*name, const char \*short_description, cork_option_parser parse_options, struct cork_command \*\*subcommands)
+
+   Returns :c:type:`cork_command` instance that defines a command set.  *name*
+   is the name of the command set; this is the word that the user must type on
+   the command-line to select this set of commands.  If the user only specifies
+   the name of the command set, then we'll print out a list of this set's
+   subcommands, along with their short descriptions.  (For instance, running
+   ``set`` on its own would describe the ``set add``, ``set query``, ``set
+   remove``, ``set union``, and ``set print`` subcommands.  Running ``set
+   print`` on its own would describe the ``set print avro`` and ``set print
+   json`` commands.)
+
+   *short_description*, should be a static strings, and will be used to produce
+   various forms of :ref:`help text <cli-help>` for the command set.
+   *short_description* should fit into one line; this will be used as the short
+   description of this command when we print out a list of all of the
+   subcommands that are in the command set that this command belongs to.
+
+   *parse_options* is a function that will be used to parse any command-line
+   options that appear *after* the command set's name on the command line, but
+   *before* the name of one of the set's subcommands.  (See :ref:`below
+   <cli-options>` for more details.)  This can be ``NULL`` if the command set
+   does not have any options.
+
+   *subcommands* should be an array of :c:type:`cork_command` pointers.  The
+   array **must** have a ``NULL`` pointer as its last element.  The order of the
+   subcommands in the array will effect the order that the commands are listed
+   in the command set's help text.
+
+As an example, we could define the ``set print`` command set as follows::
+
+    /* Assuming set_print_avro and set_print_json were already defined
+     * previously, using cork_leaf_command: */
+    struct cork_command  set_print_avro = cork_leaf_command(...);
+    struct cork_command  set_print_json = cork_leaf_command(...);
+
+    /* "set print" command set */
+    static struct cork_command  *set_print_subcommands[] = {
+        &set_print_avro,
+        &set_print_json,
+        NULL
+    };
+
+    #define SET_PRINT_SHORT \
+        "Print out the contents of a set in a variety of formats"
+
+    static struct cork_command  set_print =
+        cork_command_set("print", SET_PRINT_SHORT, NULL, &set_print_subcommands);
+
+You must define your executable's top level of subcommands as a command set as
+well.  For instance, we could define the ``set`` command set as follows::
+
+    static struct cork_command  *root_subcommands[] = {
+        &set_add,
+        &set_query,
+        &set_remove,
+        &set_union,
+        &set_print,
+        NULL
+    };
+
+    static struct cork_command  root =
+        cork_command_set("set", NULL, NULL, &root_subcommands);
+
+Note that we don't need to provide a short description for the root command,
+since it doesn't belong to any command sets.
+
+
+Running the commands
+====================
+
+Once you've defined all of your subcommands, your executable's ``main`` function
+is trivial::
+
+    int
+    main(int argc, char **argv)
+    {
+        return cork_command_main(&root, argc, argv);
+    }
+
+.. function:: int cork_command_main(struct cork_command \*root, int argc, char \*\*argv)
+
+   Runs a subcommand, as defined by the command-line arguments given by *argc*
+   and *argv*.  *root* should define the root command set for the executable.
+
+
+.. _cli-help:
+
+Help text
+=========
+
+The command-line programs created with this framework automatically support
+generating several flavors of help text for its subcommands.  You don't need to
+do anything special, except for ensuring that the actual help text that you
+provide to the :c:macro:`cork_leaf_command` and :c:macro:`cork_command_set`
+macros defined is intelligble and useful.
+
+Your executable will automatically include a ``help`` command in every command
+set, as well as ``--help`` and ``-h`` options in every command set and leaf
+command.  So all of the following would print out the help text for the ``set
+add`` command:
+
+.. code-block:: none
+
+    $ set help add
+    $ set add --help
+    $ set add -h
+
+And all of the following would print out the list of ``set print`` subcommands:
+
+.. code-block:: none
+
+    $ set help print
+    $ set print --help
+    $ set print -h
+
+You can also print out the help text for a command explicitly by calling the
+following function:
+
+.. function:: void cork_command_show_help(struct cork_command \*command, const char \*message)
+
+    Prints out help text for *command*.  (If it's a leaf command, this is the
+    full help text.  If it's a command set, it's a list of the set's
+    subcommands.)  We will preface the help text with *message* if it's
+    non-``NULL``.  (The message should not include a trailing newline.)
+
+
+.. _cli-options:
+
+Option parsing
+==============
+
+Leaf commands and command sets both let you provide a function that parse
+command-line options for the given command.  We don't prescribe any particular
+option parsing library, you just need to conform to the interface described in
+this section.  (Note that the standard ``getopt`` and ``getopt_long`` functions
+can easily be used in an option parsing function.)
+
+.. type:: int (\*cork_option_parser)(int argc, char \*\*argv)
+
+   Should parse any command-line options that can appear at this point in the
+   executable's command line.  (The options must appear immediately after the
+   name of the command that this function belongs to.  See below for several
+   examples.)
+
+   Your function must look for and process any options that appear at the
+   beginning of *argv*.  If there are any errors processing the options, you
+   should print out an error message (most likely via
+   :c:func:`cork_command_show_help`) and exit the program, using the standard
+   ``exit`` function, with an exit code of ``EXIT_FAILURE``.
+
+   If there aren't any errors processing the options, you should return the
+   number of *argv* elements that were consumed while processing the options.
+   We will use this return value to update *argc* and *argv* beforing continuing
+   with subcommand selection and argument processing.  (Note that ``getopt``'s
+   ``optind`` variable is exactly what you need for the return value.)
+
+As mentioned above, different option parsing functions are used to parse options
+from a particular point in the command line.  Given the following command:
+
+.. code-block:: none
+
+    $ set --opt1 print --opt2 avro --opt3 --opt4=foo <filename>
+
+The ``--opt1`` option would be parsed by the ``set`` command's parser.  The
+``--opt2`` option would be parsed by the ``set print`` command's parser.  The
+``--opt3`` and ``-opt4=foo`` options would be parsed by the ``set print avro``
+command's parser.  And the ``<filename>`` argument would be parsed by the ``set
+print avro`` command's *run* function.
diff --git a/client/3rd/ShadowSocks/ShadowSocks/shadowsocks-libev/libcork/docs/old/conf.py b/client/3rd/ShadowSocks/ShadowSocks/shadowsocks-libev/libcork/docs/old/conf.py
new file mode 100644
index 00000000..6484a5e4
--- /dev/null
+++ b/client/3rd/ShadowSocks/ShadowSocks/shadowsocks-libev/libcork/docs/old/conf.py
@@ -0,0 +1,80 @@
+# -*- coding: utf-8 -*-
+
+import sys, os
+
+extensions = ['sphinx.ext.mathjax']
+source_suffix = '.rst'
+master_doc = 'index'
+project_name = u'libcork'
+project_slug = u'libcork'
+company = u'RedJack, LLC'
+copyright_years = u'2011-2012'
+
+default_role = 'c:func'
+primary_domain = 'c'
+
+rst_epilog = """
+.. |project_name| replace:: """ + project_name + """
+"""
+
+# Intersphinx stuff
+
+# If your documentation uses intersphinx to link to other Sphinx
+# documentation sets, uncomment and fill in the following.
+#
+#intersphinx_mapping = {
+#    'libcork': ('http://libcork.readthedocs.org/en/latest/', None),
+#}
+
+# Our CMake build scripts will insert overrides below if the prereq
+# libraries have installed their Sphinx documentation locally.  DO NOT
+# uncomment out the last line of this block; we need it commented so
+# that this conf.py file still works if CMake doesn't do its
+# substitution thing.
+# @INTERSPHINX_OVERRIDES@
+
+#----------------------------------------------------------------------
+# Everything below here shouldn't need to be changed.
+
+release = None
+version = None
+
+# Give CMake a chance to insert a version number
+# @VERSION_FOR_CONF_PY@
+
+# Otherwise grab version from git
+if version is None:
+    import re
+    import subprocess
+    release = str(subprocess.check_output(["git", "describe"]).rstrip())
+    version = re.sub(r"-dev.*$", "-dev", release)
+
+# Project details
+
+project = project_name
+copyright = copyright_years+u', '+company
+templates_path = ['_templates']
+exclude_patterns = ['_build']
+pygments_style = 'sphinx'
+
+html_theme = 'default'
+html_style = 'docco-sphinx.css'
+html_static_path = ['_static']
+htmlhelp_basename = project_slug+'-doc'
+
+
+latex_documents = [
+  ('index', project_slug+'.tex', project_name+u' Documentation',
+   company, 'manual'),
+]
+
+man_pages = [
+    ('index', 'libcork', u'libcork documentation',
+     [u'RedJack, LLC'], 1)
+]
+
+texinfo_documents = [
+  ('index', 'libcork', u'libcork documentation',
+   u'RedJack, LLC', 'libcork', 'One line description of project.',
+   'Miscellaneous'),
+]
diff --git a/client/3rd/ShadowSocks/ShadowSocks/shadowsocks-libev/libcork/docs/old/config.rst b/client/3rd/ShadowSocks/ShadowSocks/shadowsocks-libev/libcork/docs/old/config.rst
new file mode 100644
index 00000000..d7baf6df
--- /dev/null
+++ b/client/3rd/ShadowSocks/ShadowSocks/shadowsocks-libev/libcork/docs/old/config.rst
@@ -0,0 +1,176 @@
+.. _config:
+
+*******************
+Configuring libcork
+*******************
+
+.. highlight:: c
+
+::
+
+  #include <libcork/config.h>
+
+Several libcork features have different implementations on different
+platforms.  Since we want libcork to be easily embeddable into projects
+with a wide range of build systems, we try to autodetect which
+implementations to use, using only the C preprocessor and the predefined
+macros that are available on the current system.
+
+This module provides a layer of indirection, with all of the
+preprocessor-based autodetection in one place.  This module's task is to
+define a collection of libcork-specific configuration macros, which all
+other libcork modules will use to select which implementation to use.
+
+This design also lets you skip the autodetection, and provide values for
+the configuration macros directly.  This is especially useful if you're
+embedding libcork into another project, and already have a ``configure``
+step in your build system that performs platform detection.  See
+:c:macro:`CORK_CONFIG_SKIP_AUTODETECT` for details.
+
+.. note::
+
+   The autodetection logic is almost certainly incomplete.  If you need
+   to port libcork to another platform, this is where an important chunk
+   of edits will take place.  Patches are welcome!
+
+
+.. _configuration-macros:
+
+Configuration macros
+====================
+
+This section lists all of the macros that are defined by libcork's
+autodetection logic.  Other libcork modules will use the values of these
+macros to choose among the possible implementations.
+
+
+.. macro:: CORK_CONFIG_VERSION_MAJOR
+           CORK_CONFIG_VERSION_MINOR
+           CORK_CONFIG_VERSION_PATCH
+
+   The libcork library version, with each part of the version number separated
+   out into separate macros.
+
+
+.. macro:: CORK_CONFIG_VERSION_STRING
+
+   The libcork library version, encoded as a single string.
+
+
+.. macro:: CORK_CONFIG_REVISION
+
+   The git SHA-1 commit identifier of the libcork version that you're using.
+
+
+.. macro:: CORK_CONFIG_ARCH_X86
+           CORK_CONFIG_ARCH_X64
+           CORK_CONFIG_ARCH_PPC
+
+   Exactly one of these macros should be defined to ``1`` to indicate
+   the architecture of the current platform.  All of the other macros
+   should be defined to ``0`` or left undefined.  The macros correspond
+   to the following architectures:
+
+   ============ ================================================
+   Macro suffix Architecture
+   ============ ================================================
+   ``X86``      32-bit Intel (386 or greater)
+   ``X64``      64-bit Intel/AMD (AMD64/EM64T, *not* IA-64)
+   ``PPC``      32-bit PowerPC
+   ============ ================================================
+
+
+.. macro:: CORK_CONFIG_HAVE_GCC_ASM
+
+   Whether the GCC `inline assembler`_ syntax is available.  (This
+   doesn't imply that the compiler is specifically GCC.)  Should be
+   defined to ``0`` or ``1``.
+
+   .. _inline assembler: http://gcc.gnu.org/onlinedocs/gcc/Extended-Asm.html
+
+
+.. macro:: CORK_CONFIG_HAVE_GCC_ATTRIBUTES
+
+   Whether the GCC-style syntax for `compiler attributes`_ is available.
+   (This doesn't imply that the compiler is specifically GCC.)  Should
+   be defined to ``0`` or ``1``.
+
+   .. _compiler attributes: http://gcc.gnu.org/onlinedocs/gcc/Attribute-Syntax.html
+
+
+.. macro:: CORK_CONFIG_HAVE_GCC_ATOMICS
+
+   Whether GCC-style `atomic intrinsics`_ are available.  (This doesn't
+   imply that the compiler is specifically GCC.)  Should be defined to
+   ``0`` or ``1``.
+
+   .. _atomic intrinsics: http://gcc.gnu.org/onlinedocs/gcc-4.1.2/gcc/Atomic-Builtins.html
+
+
+
+.. macro:: CORK_CONFIG_HAVE_GCC_INT128
+
+   Whether the GCC-style `128-bit integer`_ types (``__int128`` and ``unsigned
+   __int128``) are available.  (This doesn't imply that the compiler is
+   specifically GCC.)  Should be defined to ``0`` or ``1``.
+
+   .. _128-bit integer: http://gcc.gnu.org/onlinedocs/gcc/_005f_005fint128.html
+
+
+.. macro:: CORK_CONFIG_HAVE_GCC_MODE_ATTRIBUTE
+
+   Whether GCC-style `machine modes`_ are available.  (This doesn't imply that
+   the compiler is specifically GCC.)  Should be defined to ``0`` or ``1``.
+
+   .. _machine modes: http://gcc.gnu.org/onlinedocs/gcc-4.8.1/gccint/Machine-Modes.html#Machine-Modes
+
+
+.. macro:: CORK_CONFIG_HAVE_GCC_STATEMENT_EXPRS
+
+   Whether GCC-style `statement expressions`_ are available.
+   (This doesn't imply that the compiler is specifically GCC.)  Should
+   be defined to ``0`` or ``1``.
+
+   .. _statement expressions: http://gcc.gnu.org/onlinedocs/gcc/Statement-Exprs.html
+
+
+.. macro:: CORK_CONFIG_HAVE_REALLOCF
+
+   Whether this platform defines a ``reallocf`` function in
+   ``stdlib.h``.  ``reallocf`` is a BSD extension to the standard
+   ``realloc`` function that frees the existing pointer if a
+   reallocation fails.  If this function exists, we can use it to
+   implement :func:`cork_realloc`.
+
+
+.. macro:: CORK_CONFIG_IS_BIG_ENDIAN
+           CORK_CONFIG_IS_LITTLE_ENDIAN
+
+   Whether the current system is big-endian or little-endian.  Exactly
+   one of these macros should be defined to ``1``; the other should be
+   defined to ``0``.
+
+
+.. _skipping-autodetection:
+
+Skipping autodetection
+======================
+
+
+.. macro:: CORK_CONFIG_SKIP_AUTODETECT
+
+   If you want to skip libcork's autodetection logic, then you are
+   responsible for providing the appropriate values for all of the
+   macros defined in :ref:`configuration-macros`.  To do this, have your
+   build system define this macro, with a value of ``1``.  This will
+   override the default value of ``0`` provided in the
+   ``libcork/config/config.h`` header file.
+
+   Then, create (or have your build system create) a
+   ``libcork/config/custom.h`` header file.  You can place this file
+   anywhere in your header search path.  We will load that file instead
+   of libcork's autodetection logic.  Place the appropriate definitions
+   for each of the configuration macros into this file.  If needed, you
+   can generate this file as part of the ``configure`` step of your
+   build system; the only requirement is that it's available once you
+   start compiling the libcork source files.
diff --git a/client/3rd/ShadowSocks/ShadowSocks/shadowsocks-libev/libcork/docs/old/dllist.rst b/client/3rd/ShadowSocks/ShadowSocks/shadowsocks-libev/libcork/docs/old/dllist.rst
new file mode 100644
index 00000000..313cdd13
--- /dev/null
+++ b/client/3rd/ShadowSocks/ShadowSocks/shadowsocks-libev/libcork/docs/old/dllist.rst
@@ -0,0 +1,296 @@
+.. _dllist:
+
+*******************
+Doubly-linked lists
+*******************
+
+.. highlight:: c
+
+::
+
+  #include <libcork/ds.h>
+
+This section defines a doubly-linked list data structure.  The structure
+is “invasive”, since you must place an instance of the
+:c:type:`cork_dllist_item` type into the type whose instances will be
+stored in the list.  The list itself is represented by the
+:c:type:`cork_dllist` type.
+
+As an example, we could define the following types for storing groups,
+as well as the users within each group::
+
+  struct group {
+      const char  *group_name;
+      struct cork_dllist  members;
+  };
+
+  struct user {
+      const char  *username;
+      const char  *real_name;
+      struct cork_dllist_item  list;
+  };
+
+Note that both ``cork_dllist`` and ``cork_dllist_item`` are embedded
+directly into our domain-specific types.  This means that every list
+operation defined in this section is guaranteed to succeed, since no
+memory operations will be involved.  (The list and any items will have
+already been allocated before you try to call the list function.)
+
+Like with any embedded ``struct``, you can use the
+:c:func:`cork_container_of` macro to obtain a pointer to a ``struct
+user`` if you're given a pointer to a :c:type:`cork_dllist_item`.
+
+
+.. type:: struct cork_dllist
+
+   A doubly-linked list.  The list itself is represented by a sentinel
+   element, representing the empty list.
+
+
+.. type:: struct cork_dllist_item
+
+   An element of a doubly-linked list.  This type will usually be
+   embedded within the type whose instances will be stored in the list.
+
+   .. member:: struct cork_dllist_item \*next
+               struct cork_dllist_item \*prev
+
+      A pointer to the next (or previous) element in the list.  If this
+      element marks the end (or beginning) of the list, then *next* (or
+      *prev*) will point to the list's sentinel value.
+
+
+.. function:: void cork_dllist_init(struct cork_dllist \*list)
+              struct cork_dllist CORK_DLLIST_INIT(SYMBOL name)
+
+   Initializes a doubly-linked list.  The list will initially be empty.
+
+   The second variant is a static initializer, that lets you initialize a list
+   at compile time, rather than runtime.  You must pass in the name of the list
+   for this to work, since we need to be able to extract pointers into the list
+   object.
+
+
+Querying a list
+---------------
+
+.. function:: size_t cork_dllist_size(const struct cork_dllist \*list)
+
+   Returns the number of elements in *list*.
+   
+   This operation runs in :math:`O(n)` time.
+
+
+.. function:: bool cork_dllist_is_empty(struct cork_dllist \*list)
+
+   Returns whether *list* is empty.
+
+   This operation runs in :math:`O(1)` time.
+
+
+Editing a list
+--------------
+
+.. function:: void cork_dllist_add_to_head(struct cork_dllist \*list, struct cork_dllist_item \*element)
+              void cork_dllist_add_to_tail(struct cork_dllist \*list, struct cork_dllist_item \*element)
+
+   Adds *element* to *list*.  The ``_head`` variant adds the new element to the
+   beginning of the list; the ``_tail`` variant adds it to the end.
+   
+   You are responsible for allocating the list element yourself, most likely by
+   allocating the ``struct`` that you've embedded :c:type:`cork_dllist_item`
+   into.
+
+   .. note::
+
+      This function assumes that *element* isn't already a member of a different
+      list.  You're responsible for calling :c:func:`cork_dllist_remove()` if
+      this isn't the case.  (If you don't, the other list will become
+      malformed.)
+
+   This operation runs in :math:`O(1)` time.
+
+
+.. function:: void cork_dllist_add_after(struct cork_dllist_item \*pred, struct cork_dllist_item \*element)
+              void cork_dllist_add_before(struct cork_dllist_item \*succ, struct cork_dllist_item \*element)
+
+   Adds *element* to the same list that *pred* or *succ* belong to.  The
+   ``_after`` variant ensures that *element* appears in the list immediately
+   after *pred*.  The ``_before`` variant ensures that *element* appears in the
+   list immediately before *succ*.
+
+   .. note::
+
+      This function assumes that *element* isn't already a member of a different
+      list.  You're responsible for calling :c:func:`cork_dllist_remove()` if
+      this isn't the case.  (If you don't, the other list will become
+      malformed.)
+
+   This operation runs in :math:`O(1)` time.
+
+
+.. function:: void cork_dllist_add_list_to_head(struct cork_dllist \*dest, struct cork_dllist \*src)
+              void cork_dllist_add_list_to_tail(struct cork_dllist \*dest, struct cork_dllist \*src)
+
+   Moves all of the elements in *src* to *dest*.  The ``_head`` variant moves
+   the elements to the beginning of *dest*; the ``_tail`` variant moves them to
+   the end.  After these functions return, *src* will be empty.
+
+   This operation runs in :math:`O(1)` time.
+
+
+.. function:: void cork_dllist_remove(struct cork_dllist_item \*element)
+
+   Removes *element* from the list that it currently belongs to.  (Note
+   that you don't have to pass in a pointer to that list.)
+
+   .. note::
+
+      You must not call this function on a list's sentinel element.
+
+   This operation runs in :math:`O(1)` time.
+
+
+Iterating through a list
+------------------------
+
+There are two strategies you can use to access all of the elements in a
+doubly-linked list: *visiting* and *iterating*.  With visiting, you write
+a visitor function, which will be applied to each element in the list.
+(In this case, libcork controls the loop that steps through each
+element.)
+
+.. function:: int cork_dllist_visit(struct cork_dllist \*list, void \*user_data, cork_dllist_visit_f \*func)
+
+   Apply a function to each element in *list*.  The function is allowed
+   to remove the current element from the list; this will not affect our
+   ability to iterate through the remainder of the list.  The function
+   will be given a pointer to the :c:type:`cork_dllist_item` for each
+   element; you can use :c:func:`cork_container_of()` to get a pointer to the
+   actual element type.
+
+   If your visitor function ever returns a non-zero value, we will abort the
+   iteration and return that value from ``cork_dllist_visit``.  If your function
+   always returns ``0``, then you will visit all of the elements in *list*, and
+   we'll return ``0`` from ``cork_dllist_visit``.
+
+   .. type:: int cork_dllist_visit_f(void \*user_data, struct cork_dllist_item \*element)
+
+      A function that can be applied to each element in a doubly-linked list.
+
+For instance, you can manually calculate the number of elements in a
+list as follows (assuming you didn't want to use the built-in
+:c:func:`cork_dllist_size()` function, of course)::
+
+  static int
+  count_elements(void *user_data, struct cork_dllist_item *element)
+  {
+      size_t  *count = ud;
+      (*count)++;
+      return 0;
+  }
+
+  struct cork_dllist  *list = /* from somewhere */;
+  size_t  count = 0;
+  cork_dllist_visit(list, &count, count_elements);  /* returns 0 */
+  /* the number of elements is now in count */
+
+
+The second strategy is to iterate through the elements yourself.
+
+.. macro:: cork_dllist_foreach(struct cork_dllist \*list, struct cork_dllist_item &\*curr, struct cork_dllist_item &\*next, TYPE element_type, TYPE &\*element, FIELD item_field)
+           cork_dllist_foreach_void(struct cork_dllist \*list, struct cork_dllist_item &\*curr, struct cork_dllist_item &\*next)
+
+   Iterate through each element in *list*, executing a statement for each one.
+   You must declare two variables of type ``struct cork_dllist_item *``, and
+   pass in their names as *curr* and *next*.  (You'll usually call the variables
+   ``curr`` and ``next``, too.)
+
+   For the ``_void`` variant, your statement can only use these
+   :c:type:`cork_dllist_item` variables to access the current list element.  You
+   can use :c:func:`cork_container_of` to get a pointer to the actual element
+   type.
+
+   For the non-``_void`` variant, we'll automatically call
+   :c:func:`cork_container_of` for you.  *element_type* should be the actual
+   element type, which must contain an embedded :c:func:`cork_dllist_item`
+   field.  *item_field* should be the name of this embedded field.  You must
+   allocate a pointer to the element type, and pass in its name as *element*.
+
+For instance, you can use these macros calculate the number of elements as
+follows::
+
+  struct cork_dllist  *list = /* from somewhere */;
+  struct cork_dllist  *curr;
+  struct cork_dllist  *next;
+  size_t  count = 0;
+  cork_dllist_foreach_void(list, curr, next) {
+      count++;
+  }
+  /* the number of elements is now in count */
+
+We're able to use :c:macro:`cork_dllist_foreach_void` since we don't need to
+access the contents of each element to calculate how many of theo there are.  If
+we wanted to calculuate a sum, however, we'd have to use
+:c:macro:`cork_dllist_foreach`::
+
+  struct element {
+      unsigned int  value;
+      struct cork_dllist_item  item;
+  };
+
+  struct cork_dllist  *list = /* from somewhere */;
+  struct cork_dllist  *curr;
+  struct cork_dllist  *next;
+  struct element  *element;
+  unsigned int  sum = 0;
+  cork_dllist_foreach(list, curr, next, struct element, element, item) {
+      sum += element->value;
+  }
+  /* the sum of the elements is now in sum */
+
+
+If the ``foreach`` macros don't provide what you need, you can also iterate
+through the list manually.
+
+.. function:: struct cork_dllist_item \*cork_dllist_head(struct cork_dllist \*list)
+              struct cork_dllist_item \*cork_dllist_start(struct cork_dllist \*list)
+
+   Returns the element at the beginning of *list*.  If *list* is empty,
+   then the ``_head`` variant will return ``NULL``, while the ``_start``
+   variant will return the list's sentinel element.
+
+
+.. function:: struct cork_dllist_item \*cork_dllist_tail(struct cork_dllist \*list)
+              struct cork_dllist_item \*cork_dllist_end(struct cork_dllist \*list)
+
+   Returns the element at the end of *list*.  If *list* is empty, then
+   the ``_tail`` variant will return ``NULL``, while the ``_end``
+   variant will return the list's sentinel element.
+
+.. function:: bool cork_dllist_is_start(struct cork_dllist \*list, struct cork_dllist_item \*element)
+              bool cork_dllist_is_end(struct cork_dllist \*list, struct cork_dllist_item \*element)
+
+   Returns whether *element* marks the start (or end) of *list*.
+
+With these functions, manually counting the list elements looks like::
+
+  struct cork_dllist  *list = /* from somewhere */;
+  struct cork_dllist_item  *curr;
+  size_t  count = 0;
+  for (curr = cork_dllist_start(list); !cork_dllist_is_end(list, curr);
+       curr = curr->next) {
+      count++;
+  }
+  /* the number of elements is now in count */
+
+You can also count the elements in reverse order::
+
+  struct cork_dllist  *list = /* from somewhere */;
+  struct cork_dllist_item  *curr;
+  size_t  count = 0;
+  for (curr = cork_dllist_end(list); !cork_dllist_is_start(list, curr);
+       curr = curr->prev) {
+      count++;
+  }
+  /* the number of elements is now in count */
diff --git a/client/3rd/ShadowSocks/ShadowSocks/shadowsocks-libev/libcork/docs/old/ds.rst b/client/3rd/ShadowSocks/ShadowSocks/shadowsocks-libev/libcork/docs/old/ds.rst
new file mode 100644
index 00000000..b6276db6
--- /dev/null
+++ b/client/3rd/ShadowSocks/ShadowSocks/shadowsocks-libev/libcork/docs/old/ds.rst
@@ -0,0 +1,26 @@
+.. _ds:
+
+***************
+Data structures
+***************
+
+.. highlight:: c
+
+::
+
+  #include <libcork/ds.h>
+
+libcork includes implementations of a number of useful data structures.
+
+.. toctree::
+   :maxdepth: 1
+
+   array
+   bitset
+   slice
+   managed-buffer
+   buffer
+   stream
+   dllist
+   hash-table
+   ring-buffer
diff --git a/client/3rd/ShadowSocks/ShadowSocks/shadowsocks-libev/libcork/docs/old/errors.rst b/client/3rd/ShadowSocks/ShadowSocks/shadowsocks-libev/libcork/docs/old/errors.rst
new file mode 100644
index 00000000..434e203f
--- /dev/null
+++ b/client/3rd/ShadowSocks/ShadowSocks/shadowsocks-libev/libcork/docs/old/errors.rst
@@ -0,0 +1,479 @@
+.. _errors:
+
+***************
+Error reporting
+***************
+
+.. highlight:: c
+
+::
+
+  #include <libcork/core.h>
+
+This section defines an API for reporting error conditions.  It's loosely
+modeled on the POSIX ``errno`` mechanism.
+
+The standard POSIX approach for reporting errors is to return an integer status
+code, and to store error codes into the ``errno`` global variable.  This
+approach has a couple of drawbacks.  The first is that you --- or really, your C
+library --- has to ensure that ``errno`` is placed in thread-local storage, so
+that separate threads have their own error condition variables.  The second, and
+in our mind more important, is that the set of error codes is fixed and
+platform-dependent.  It's difficult to add new error codes to represent
+application-level error conditions.
+
+The libcork error API is a way around this.  Like standard POSIX-conforming
+functions, you return an integer status code from any function that might need
+to report an error to its caller.  The status return code is simple: ``0``
+indicates success, ``-1`` indicates failure.
+
+When an error occurs, you can use the functions in this section to get more
+information about the error: an *error code*, and human-readable string
+description of the error.  The POSIX ``errno`` values, while hard to extend, are
+perfectly well-defined for most platforms; therefore, any ``errno`` value
+supported by your system's C library is a valid libcork error code.  To support
+new application-specific error codes, an error code can also be the hash of some
+string describing the error.  This “hash of a string” approach makes it easy to
+define new error codes without needing any centralized mechanism for assigning
+IDs to the various codes.  Moreover, it's very unlikely that a hashed error code
+will conflict with some existing POSIX ``errno`` value, or with any other hashed
+error codes.
+
+.. note::
+
+   We correctly maintain a separate error condition for each thread in
+   the current process.  This is all hidden by the functions in this
+   section; it's safe to call them from multiple threads simultaneously.
+
+
+Calling a function that can return an error
+-------------------------------------------
+
+There are two basic forms for a function that can produce an error.  The
+first is if the function returns a single pointer as its result::
+
+  TYPE *
+  my_function(/* parameters */);
+
+The second is for any other function::
+
+  int
+  my_function(/* parameters */);
+
+If an error occurs, the function will return either ``NULL`` or ``-1``,
+depending on its return type.  Success will be indicated by a non-\
+``NULL`` pointer or a ``0``.  (More complex return value schemes are
+possible, if the function needs to signal more than a simple “success”
+or “failure”; in that case, you'll need to check the function's
+documentation for details.)
+
+If you want to know specifics about the error, there are several
+functions that you can use to interrogate the current error condition.
+
+.. function:: bool cork_error_occurred(void)
+
+   Returns whether an error has occurred.
+
+.. function:: cork_error cork_error_code(void)
+
+   Returns the error code of the current error condition.  If no error has
+   occurred, the result will be :c:macro:`CORK_ERROR_NONE`.
+
+.. function:: const char \*cork_error_message(void)
+
+   Returns the human-readable string description the current error
+   condition.  If no error occurred, the result of this function is
+   undefined.
+
+You can use the ``cork_error_prefix`` family of functions to add additional
+context to the beginning of an error message.
+
+.. function:: void cork_error_prefix_printf(const char \*format, ...)
+              void cork_error_prefix_string(const char \*string)
+              void cork_error_prefix_vprintf(const char \*format, va_list args)
+
+   Prepends some additional text to the current error condition.
+
+When you're done checking the current error condition, you clear it so
+that later calls to :c:func:`cork_error_occurred` and friends don't
+re-report this error.
+
+.. function:: void cork_error_clear(void)
+
+   Clears the current error condition.
+
+
+Writing a function that can return an error
+-------------------------------------------
+
+When writing a function that might produce an error condition, your
+function signature should follow one of the two standard patterns
+described above::
+
+  int
+  my_function(/* parameters */);
+
+  TYPE *
+  my_function(/* parameters */);
+
+You should return ``-1`` or ``NULL`` if an error occurs, and ``0`` or a
+non-\ ``NULL`` pointer if it succeeds.  If ``NULL`` is a valid
+“successful” result of the function, you should use the first form, and
+define a ``TYPE **`` output parameter to return the actual pointer
+value.  (If you're using the first form, you can use additional return
+codes if there are other possible results besides a simple “success” and
+“failure”.)
+
+If your function results in an error, you need to fill in the current
+error condition using the ``cork_error_set`` family of functions:
+
+.. function:: void cork_error_set_printf(cork_error ecode, const char \*format, ...)
+              void cork_error_set_string(cork_error ecode, const char \*string)
+              void cork_error_set_vprintf(cork_error ecode, const char \*format, va_list args)
+
+   Fills in the current error condition.  The error condition is defined
+   by the error code *ecode*.  The human-readable description is constructed
+   from *string*, or from *format* and any additional parameters, depending on
+   which variant you use.
+
+As an example, the :ref:`IP address <net-addresses>` parsing functions fill in
+:c:macro:`CORK_PARSE_ERROR` error conditions when you try to parse a malformed
+address::
+
+  const char  *str = /* the string that's being parsed */;
+  cork_error_set_printf
+      (CORK_PARSE_ERROR, "Invalid IP address: %s", str);
+
+If a particular kind of error can be raised in several places
+throughout your code, it can be useful to define a helper function for
+filling in the current error condition::
+
+  static void
+  cork_ip_address_parse_error(const char *version, const char *str)
+  {
+      cork_error_set_printf
+          (CORK_PARSE_ERROR, "Invalid %s address: %s", version, str);
+  }
+
+
+Error-checking macros
+---------------------
+
+There can be a lot of repetitive code when calling functions that return
+error conditions.  We provide a collection of helper macros that make it
+easier to write this code.
+
+.. note::
+
+   Unlike most libcork modules, these macros are **not** automatically
+   defined when you include the ``libcork/core.h`` header file, since
+   they don't include a ``cork_`` prefix.  Because of this, we don't
+   want to pollute your namespace unless you ask for the macros.  To do
+   so, you must explicitly include their header file::
+
+     #include <libcork/helpers/errors.h>
+
+Additional debugging output
+~~~~~~~~~~~~~~~~~~~~~~~~~~~
+
+.. macro:: CORK_PRINT_ERRORS
+
+   If you define this macro to ``1`` before including
+   :file:`libcork/helpers/errors.h`, then we'll output the current
+   function name, file, and line number, along with the description of
+   the error, to stderr whenever an error is detected by one of the
+   macros described in this section.
+
+Returning a default error code
+~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
+
+If you follow one of the standard function signature patterns described
+above, then your function will either return an ``int`` or some pointer
+type, and errors will be signalled by a return value of ``-1`` or
+``NULL``.  If so, you can use the macros in this section to
+automatically return the appropriate error return value if a nested
+function call returns an error.
+
+With these macros, you won't have a chance to inspect the error
+condition when an error occurs, so you should pass in your own *err*
+parameter when calling the nested function.
+
+(The mnemonic for remembering these macro names is that they all start
+with ``rXY_``.  The ``r`` indicates that they automatically “return”.
+The second character indicates whether *your* function returns an
+``int`` or a pointer.  The third character indicates whether the
+function you're *calling* returns an ``int`` or a pointer.)
+
+.. function:: void rie_check(call)
+
+   Call a function whose return value isn't enough to check for an error, when
+   your function returns an ``int``.  We'll use :c:func:`cork_error_occurred` to
+   check for an error.  If the nested function call returns an error, we
+   propagate that error on.
+
+.. function:: void rii_check(call)
+
+   Call a function that returns an ``int`` error indicator, when your
+   function also returns an ``int``.  If the nested function call
+   returns an error, we propagate that error on.
+
+.. function:: void rip_check(call)
+
+   Call a function that returns a pointer, when your function returns an
+   ``int``.  If the nested function call returns an error, we propagate
+   that error on.
+
+.. function:: void rpe_check(call)
+
+   Call a function whose return value isn't enough to check for an error, when
+   your function returns a pointer.  We'll use :c:func:`cork_error_occurred` to
+   check for an error.  If the nested function call returns an error, we
+   propagate that error on.
+
+.. function:: void rpi_check(call)
+
+   Call a function that returns an ``int`` error indicator, when your
+   function returns a pointer.  If the nested function call returns an
+   error, we propagate that error on.
+
+.. function:: void rpp_check(call)
+
+   Call a function that returns a pointer, when your function also
+   returns a pointer.  If the nested function call returns an error, we
+   propagate that error on.
+
+Returning a non-standard return value
+~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
+
+If your function doesn't have a standard signature, or it uses
+additional return values besides ``0``, ``1``, ``NULL``, and valid
+pointers, then you can use the macros in this section to return a custom
+return value in case of an error.
+
+With these macros, you won't have a chance to inspect the error
+condition when an error occurs, so you should pass in your own *err*
+parameter when calling the nested function.
+
+(The mnemonic for remembering these macro names is that they all start
+with ``xY_``.  The ``x`` doesn't standard for anything in particular.
+The second character indicates whether the function you're *calling*
+returns an ``int`` or a pointer.  We don't need separate macros for
+*your* function's return type, since you provide a return value
+explicitly.)
+
+.. function:: void xe_check(retval, call)
+
+   Call a function whose return value isn't enough to check for an error.  If
+   the nested function call raises an error, we propagate that error on, and
+   return *retval* from the current function.
+
+.. function:: void xi_check(retval, call)
+
+   Call a function that returns an ``int`` error indicator.  If the
+   nested function call raises an error, we propagate that error on, and
+   return *retval* from the current function.
+
+.. function:: void xp_check(retval, call)
+
+   Call a function that returns a pointer.  If the nested function call
+   raises an error, we propagate that error on, and return *retval* from
+   the current function.
+
+Post-processing when an error occurs
+~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
+
+If you need to perform some post-processing when a nested function
+returns an error, you can use the functions in this section.  They will
+automatically jump to the current scope's ``error`` label whenever an
+error occurs.
+
+(The mnemonic for remembering these macro names is that they all start
+with ``eY_``.  The ``e`` indicates that they'll jump to the ``error``
+label.  The second character indicates whether the function you're
+*calling* returns an ``int`` or a pointer.  We don't need separate
+macros for *your* function's return type, since the macros won't
+automatically return anything.)
+
+.. function:: void ei_check(call)
+
+   Call a function whose return value isn't enough to check for an error.  If
+   the nested function call raises an error, we automatically jump to the
+   current scope's ``error`` label.
+
+.. function:: void ei_check(call)
+
+   Call a function that returns an ``int`` error indicator.  If the
+   nested function call raises an error, we automatically jump to the
+   current scope's ``error`` label.
+
+.. function:: void ep_check(call)
+
+   Call a function that returns a pointer.  If the nested function call
+   raises an error, we automatically jump to the current scope's
+   ``error`` label.
+
+
+Calling POSIX functions
+~~~~~~~~~~~~~~~~~~~~~~~
+
+The :c:func:`cork_system_error_set` function automatically translates a POSIX
+error (specified in the standard ``errno`` variable) into a libcork error
+condition (which will be reported by :c:func:`cork_error_occurred` and friends).
+We also define several helper macros for calling a POSIX function and
+automatically checking its result.
+
+::
+
+   #include <libcork/helpers/posix.h>
+
+.. note::
+
+   For all of these macros, the ``EINTR`` POSIX error is handled specially.
+   This error indicates that a system call was interrupted by a signal, and that
+   the call should be retried.  The macros do not translate ``EINTR`` errors
+   into libcork errors; instead, they will retry the ``call`` until the
+   statement succeeds or returns a non-``EINTR`` error.
+
+.. function:: void rii_check_posix(call)
+
+   Call a function that returns an ``int`` error indicator, when your function
+   also returns an ``int``.  If the nested function call returns a POSIX error,
+   we translate it into a libcork error and return a libcork error code.
+
+.. function:: void rip_check_posix(call)
+
+   Call a function that returns a pointer, when your function returns an
+   ``int``.  If the nested function call returns a POSIX error, we translate it
+   into a libcork error and return a libcork error code.
+
+.. function:: void rpi_check_posix(call)
+
+   Call a function that returns an ``int`` error indicator, when your function
+   returns a pointer.  If the nested function call returns a POSIX error, we
+   translate it into a libcork error and return a libcork error code.
+
+.. function:: void rpp_check_posix(call)
+
+   Call a function that returns a pointer, when your function also returns a
+   pointer.  If the nested function call returns a POSIX error, we translate it
+   into a libcork error and return a libcork error code.
+
+.. function:: void ei_check_posix(call)
+
+   Call a function that returns an ``int`` error indicator.  If the nested
+   function call raises a POSIX error, we translate it into a libcork error and
+   automatically jump to the current scope's ``error`` label.
+
+.. function:: void ep_check_posix(call)
+
+   Call a function that returns a pointer.  If the nested function call raises a
+   POSIX error, we translate it into a libcork error and automatically jump to
+   the current scope's ``error`` label.
+
+
+Defining new error codes
+------------------------
+
+If none of the built-in error codes suffice for an error condition that you need
+to report, you'll have to define our own.  As mentioned above, each libcork
+error code is either a predefined POSIX ``errno`` value, or a hash some of
+string identifying a custom error condition.
+
+Typically, you will create a macro in one of your public header files, whose
+value will be your new custom error code.  If this is the case, you can use the
+macro name itself to create the hash value for the error code.  This is what we
+do for the non-POSIX builtin errors; for instance, the value of the
+:c:macro:`CORK_PARSE_ERROR` error code macro is the hash of the string
+``CORK_PARSE_ERROR``.
+
+Given this string, you can produce the error code's hash value using the
+:ref:`cork-hash <cork-hash>` command that's installed with libcork::
+
+  $ cork-hash CORK_PARSE_ERROR
+  0x95dfd3c8
+
+It's incredibly unlikely that the hash value for your new error code will
+conflict with any other custom hash-based error codes, or with any predefined
+POSIX ``errno`` values.
+
+With your macro name and hash value ready, defining the new error code is
+simple::
+
+  #define CORK_PARSE_ERROR  0x95dfd3c8
+
+You should also provide a helper macro that makes it easier to report new
+instances of this error condition::
+
+  #define cork_parse_error(...) \
+      cork_error_set_printf(CORK_PARSE_ERROR, __VA_ARGS__)
+
+.. type:: uint32_t  cork_error
+
+   An identifier for a particular error condition.  This will either be a
+   predefined POSIX ``errno`` value, or the hash of a unique string describing
+   the error condition.
+
+With your error class and code defined, you can fill in error instances
+using :c:func:`cork_error_set_printf` and friends.
+
+
+Builtin errors
+--------------
+
+In addition to all of the predefined POSIX ``errno`` values, we also provide
+error codes for a handful of common error conditions.  You should feel free to
+use these in your libraries and applications, instead of creating custom error
+codes, if they apply.
+
+.. macro:: CORK_ERROR_NONE
+
+   A special error code that signals that no error occurred.
+
+.. macro:: CORK_PARSE_ERROR
+
+   The provided input violates the rules of the language grammar or file format
+   (or anything else, really) that you're trying to parse.
+
+   .. function:: void cork_parse_error(const char *format*, ...)
+
+.. macro:: CORK_REDEFINED
+           CORK_UNDEFINED
+
+   Useful when you have a container type that must ensure that there is only one
+   entry for any given key.
+
+   .. function:: void cork_redefined(const char *format*, ...)
+                 void cork_undefined(const char *format*, ...)
+
+.. macro:: CORK_UNKNOWN_ERROR
+
+   Some error occurred, but we don't have any other information about the error.
+
+   .. function:: void cork_unknown_error(void)
+
+      The error description will include the name of the current function.
+
+
+We also provide some helper functions for setting these built-in errors:
+
+.. function:: void cork_system_error_set(void)
+              void cork_system_error_set_explicit(int err)
+
+   Fills in the current libcork error condition with information from a POSIX
+   ``errno`` value.  The human-readable description of the error will be
+   obtained from the standard ``strerror`` function.  With the ``_explicit``
+   variant, you provide the ``errno`` value directly; for the other variant, we
+   get the error code from the C library's ``errno`` variable.
+
+
+.. function:: void cork_abort(const char \*fmt, ...)
+
+   Aborts the current program with an error message given by *fmt* and any
+   additional parameters.
+
+.. function:: void cork_unreachable(void)
+
+   Aborts the current program with a message indicating that the code path
+   should be unreachable.  This can be useful in the ``default`` clause of a
+   ``switch`` statement if you can ensure that one of the non-``default``
+   branches will always be selected.
diff --git a/client/3rd/ShadowSocks/ShadowSocks/shadowsocks-libev/libcork/docs/old/files.rst b/client/3rd/ShadowSocks/ShadowSocks/shadowsocks-libev/libcork/docs/old/files.rst
new file mode 100644
index 00000000..b7262267
--- /dev/null
+++ b/client/3rd/ShadowSocks/ShadowSocks/shadowsocks-libev/libcork/docs/old/files.rst
@@ -0,0 +1,414 @@
+.. _files:
+
+*********************
+Files and directories
+*********************
+
+.. highlight:: c
+
+::
+
+  #include <libcork/os.h>
+
+The functions in this section let you interact with files and directories in the
+local filesystem.
+
+
+Paths
+=====
+
+We provide several functions for constructing and handling paths into the local
+filesystem.
+
+.. type:: struct cork_path
+
+   Represents a path in the local filesystem.  The path can be relative or
+   absolute.  The paths don't have to refer to existing files or directories.
+
+.. function:: struct cork_path \*cork_path_new(const char \*path)
+              struct cork_path \*cork_path_clone(const struct cork_path \*other)
+
+   Construct a new path object from the given path string, or as a copy of
+   another path object.
+
+.. function:: void cork_path_free(struct cork_path \*path)
+
+   Free a path object.
+
+.. function:: const char \*cork_path_get(const struct cork_path \*path)
+
+   Return the string content of a path.  This is not normalized in any way.  The
+   result is guaranteed to be non-``NULL``, but may refer to an empty string.
+   The return value belongs to the path object; you must not modify the contents
+   of the string, nor should you try to free the underlying memory.
+
+.. function:: struct cork_path \*cork_path_absolute(const struct cork_path \*other)
+              int cork_path_make_absolute(struct cork_path \path)
+
+   Convert a relative path into an absolute path.  The first variant constructs
+   a new path object to hold the result; the second variant overwritesthe
+   contents of *path*.
+
+   If there is a problem obtaining the current working directory, these
+   functions will return an error condition.
+
+.. function:: struct cork_path \*cork_path_join(const struct cork_path \*path, const char \*more)
+              struct cork_path \*cork_path_join_path(const struct cork_path \*path, const struct cork_path \*more)
+              void \*cork_path_append(struct cork_path \path, const char \*more)
+              void \*cork_path_append_path(struct cork_path \*path, const struct cork_path \*more)
+
+   Concatenate two paths together.  The ``join`` variants create a new path
+   object containing the concatenated results.  The ``append`` variants
+   overwrite the contents of *path* with the concatenated results.
+
+
+.. function:: struct cork_path \*cork_path_basename(const struct cork_path \*path)
+              void \*cork_path_set_basename(struct cork_path \*path)
+
+   Extract the base name of *path*.  This is the portion after the final
+   trailing slash.  The first variant constructs a new path object to hold the
+   result; the second variant overwritesthe contents of *path*.
+
+   .. note::
+
+      These functions return a different result than the standard
+      ``basename(3)`` function.  We consider a trailing slash to be significant,
+      whereas ``basename(3)`` does not::
+
+          basename("a/b/c/") == "c"
+          cork_path_basename("a/b/c/") == ""
+
+.. function:: struct cork_path \*cork_path_dirname(const struct cork_path \*path)
+              void \*cork_path_set_dirname(struct cork_path \*path)
+
+   Extract the directory name of *path*.  This is the portion before the final
+   trailing slash.  The first variant constructs a new path object to hold the
+   result; the second variant overwritesthe contents of *path*.
+
+   .. note::
+
+      These functions return a different result than the standard ``dirname(3)``
+      function.  We consider a trailing slash to be significant, whereas
+      ``dirname(3)`` does not::
+
+          dirname("a/b/c/") == "a/b"
+          cork_path_dirname("a/b/c/") == "a/b/c"
+
+
+Lists of paths
+==============
+
+.. type:: struct cork_path_list
+
+   A list of paths in the local filesystem.
+
+.. function:: struct cork_path_list \*cork_path_list_new_empty(void)
+              struct cork_path_list \*cork_path_list_new(const char \*list)
+
+   Create a new list of paths.  The first variant creates a list that is
+   initially empty.  The second variant takes in a colon-separated list of paths
+   as a single string, and adds each of those paths to the new list.
+
+.. function:: void cork_path_list_free(struct cork_path_list \*list)
+
+   Free a path list.
+
+.. function:: void cork_path_list_add(struct cork_path_list \*list, struct cork_path \*path)
+
+   Add *path* to *list*.  The list takes control of the path instance; you must
+   not try to free *path* yourself.
+
+.. function:: size_t cork_path_list_size(const struct cork_path_list \*list)
+
+   Return the number of paths in *list*.
+
+.. function:: const struct cork_path \*cork_path_list_get(const struct cork_path_list \*list, size_t index)
+
+   Return the path in *list* at the given *index*.  The list still owns the path
+   instance that's returned; you must not try to free it or modify its contents.
+
+.. function:: const char \*cork_path_list_to_string(const struct cork_path_list \*list)
+
+   Return a string containing all of the paths in *list* separated by colons.
+
+
+.. function:: struct cork_file \*cork_path_list_find_file(const struct cork_path_list \*list, const char \*rel_path)
+              struct cork_file_list \*cork_path_list_find_files(const struct cork_path_list \*list, const char \*rel_file)
+
+   Search for a file in a list of paths.  *rel_path* gives the path of the
+   sought-after file, relative to each of the directories in *list*.
+
+   The first variant returns a :c:type:`cork_file` instance for the first match.
+   In no file can be found, it returns ``NULL`` and sets an error condition.
+
+   The second variant returns a :c:type:`cork_file_list` instance containing all
+   of the matches.  In no file can be found, we return an empty list.  (Unlike
+   the first variant, this is not considered an error.)
+
+
+Standard paths
+==============
+
+.. function:: struct cork_path \*cork_path_home(void)
+
+   Return a :c:type:`cork_path` that refers to the current user's home
+   directory.  If we can't determine the current user's home directory, we set
+   an error condition and return ``NULL``.
+
+   On POSIX systems, this directory is determined by the ``HOME`` environment
+   variable.
+
+.. function:: struct cork_path_list \*cork_path_config_paths(void)
+
+   Return a :c:type:`cork_path_list` that includes all of the standard
+   directories that can be used to store configuration files.  This includes a
+   user-specific directory that allows the user to override any global
+   configuration files.
+
+   On POSIX systems, these directories are defined XDG Base Directory
+   Specification.
+
+.. function:: struct cork_path_list \*cork_path_data_paths(void)
+
+   Return a :c:type:`cork_path_list` that includes all of the standard
+   directories that can be used to store application data files.  This includes
+   a user-specific directory that allows the user to override any global data
+   files.
+
+   On POSIX systems, these directories are defined XDG Base Directory
+   Specification.
+
+.. function:: struct cork_path \*cork_path_user_cache_path(void)
+
+   Return a :c:type:`cork_path` that refers to a directory that can be used to
+   store cache files created on behalf of the current user.  This directory
+   should only be used to store data that you can reproduce if needed.
+
+   On POSIX systems, these directories are defined XDG Base Directory
+   Specification.
+
+.. function:: struct cork_path \*cork_path_user_runtime_path(void)
+
+   Return a :c:type:`cork_path` that refers to a directory that can be used to
+   store small runtime management files on behalf of the current user.
+
+   On POSIX systems, these directories are defined XDG Base Directory
+   Specification.
+
+
+Files
+=====
+
+.. type:: struct cork_file
+
+   Represents a file on the local filesystem.  The file in question does not
+   necessarily have to exist; you can use :c:type:`cork_file` instances to refer
+   to files that you have not yet created, for instance.
+
+.. type:: typedef unsigned int  cork_file_mode
+
+   Represents a Unix-style file permission set.
+
+
+.. function:: struct cork_file \*cork_file_new(const char \*path)
+              struct cork_file \*cork_file_new_from_path(struct cork_path \*path)
+
+   Create a new :c:type:`cork_file` instance to represent the file with the
+   given *path*.  The ``_from_path`` variant uses an existing
+   :c:type:`cork_path` instance to specify the path.  The new file instance will
+   take control of the :c:type`cork_path` instance, so you should not try to
+   free it yourself.
+
+.. function:: void cork_file_free(struct cork_file \*file)
+
+   Free a file instance.
+
+.. function:: const struct cork_path \*cork_file_path(struct cork_file \*file)
+
+   Return the path of a file.  The :c:type:`cork_path` instance belongs to the
+   file; you must not try to modify or free the path instance.
+
+.. function:: int cork_file_exists(struct cork_file \*file, bool \*exists)
+
+   Check whether a file exists in the filesystem, storing the result in
+   *exists*.  The function returns an error condition if we are unable to
+   determine whether the file exists --- for instance, because you do not have
+   permission to look into one of the containing directories.
+
+.. function:: int cork_file_type(struct cork_file \*file, enum cork_file_type \*type)
+
+   Return what kind of file the given :c:type:`cork_file` instance refers to.
+   The function returns an error condition if there is an error accessing the
+   file --- for instance, because you do not have permission to look into one of
+   the containing directories.
+
+   If the function succeeds, it will fill in *type* with one of the following
+   values:
+
+   .. type:: enum cork_file_type
+
+      .. member:: CORK_FILE_MISSING
+
+         *file* does not exist.
+
+      .. member:: CORK_FILE_REGULAR
+
+         *file* is a regular file.
+
+      .. member:: CORK_FILE_DIRECTORY
+
+         *file* is a directory.
+
+      .. member:: CORK_FILE_SYMLINK
+
+         *file* is a symbolic link.
+
+      .. member:: CORK_FILE_UNKNOWN
+
+         We can access *file*, but we do not know what type of file it is.
+
+
+.. function:: int cork_file_remove(struct cork_file \*file, unsigned int flags)
+
+   Remove *file* from the filesystem.  *flags* must be the bitwise OR (``|``) of
+   the following flags.  (Use ``0`` if you do not want any of the flags.)
+
+   .. macro:: CORK_FILE_PERMISSIVE
+
+      If this flag is given, then it is not considered an error if *file* does
+      not exist.  If the flag is not given, then the function function returns
+      an error if *file* doesn't exist.  (This mimics the standard ``rm -f``
+      command.)
+
+   .. macro:: CORK_FILE_RECURSIVE
+
+      If this flag is given, and *file* refers to a directory, then the function
+      will automatically remove the directory and all of its contents.  If the
+      flag is not given, and *file* refers to a directory, then the directory
+      must be empty for this function to succeed.  If *file* does not refer to a
+      directory, this flag has no effect.  (This mimics the standard ``rmdir
+      -r`` command.)
+
+
+Directories
+===========
+
+Certain functions can only be applied to a :c:type:`cork_file` instance that
+refers to a directory.
+
+
+.. function:: int cork_file_mkdir(struct cork_file \*directory, cork_file_mode mode, unsigned int flags)
+
+   Create a new directory in the filesystem, with permissions given by *mode*.
+   *flags* must be the bitwise OR (``|``) of the following flags.  (Use ``0`` if
+   you do not want any of the flags.)
+
+   .. macro:: CORK_FILE_PERMISSIVE
+
+      If this flag is given, then it is not considered an error if *directory*
+      already exists.  If the flag is not given, then the function function
+      returns an error if *directory* exists.  (This mimics part of the standard
+      ``mkdir -p`` command.)
+
+   .. macro:: CORK_FILE_RECURSIVE
+
+      If this flag is given, then the function will ensure that all of the
+      parent directories of *directory* exist, creating them if necessary.  Each
+      directory created will have permissions given by *mode*.  (This mimics
+      part of the standard ``mkdir -p`` command.)
+
+
+.. function:: int cork_file_iterate_directory(struct cork_file \*directory, cork_file_directory_iterator iterator, void \*user_data)
+
+   Call *iterator* for each file or subdirectory contained in *directory* (not
+   including the directory's ``.`` and ``..`` entries).  This function does not
+   recurse into any subdirectories; it only iterates through the immediate
+   children of *directory*.
+
+   If your iteration function returns a non-zero result, we will abort the
+   iteration and return that value.  Otherwise, if each call to the iteration
+   function returns ``0``, then we will return ``0`` as well.
+
+   *iterator* must be an instance of the following function type:
+
+   .. type:: typedef int (\*cork_file_directory_iterator)(struct cork_file \*child, const char \*rel_name, void \*user_data)
+
+      Called for each child entry in *directory*.  *child* will be a file
+      instance referring to the child entry.  *rel_name* gives the relative name
+      of the child entry within its parent *directory*.
+
+
+Lists of files
+==============
+
+.. type:: struct cork_file_list
+
+   A list of files in the local filesystem.
+
+.. function:: struct cork_file_list \*cork_file_list_new_empty(void)
+              struct cork_file_list \*cork_file_list_new(struct cork_path_list \*path_list)
+
+   Create a new list of files.  The first variant creates a list that is
+   initially empty.  The second variant adds a new file instance for each of the
+   paths in *path_list*.
+
+.. function:: void cork_file_list_free(struct cork_file_list \*list)
+
+   Free a file list.
+
+.. function:: void cork_file_list_add(struct cork_file_list \*list, struct cork_file \*file)
+
+   Add *file* to *list*.  The list takes control of the file instance; you must
+   not try to free *file* yourself.
+
+.. function:: size_t cork_file_list_size(const struct cork_file_list \*list)
+
+   Return the number of files in *list*.
+
+.. function:: struct cork_file \*cork_file_list_get(const struct cork_file_list \*list, size_t index)
+
+   Return the file in *list* at the given *index*.  The list still owns the file
+   instance that's returned; you must not try to free it.
+
+
+
+Directory walking
+=================
+
+.. function:: int cork_walk_directory(const char \*path, struct cork_dir_walker \*walker)
+
+   Walk through the contents of a directory.  *path* can be an absolute or
+   relative path.  If it's relative, it will be interpreted relative to the
+   current directory.  If *path* doesn't exist, or there are any problems
+   reading the contents of the directory, we'll set an error condition and
+   return ``-1``.
+
+   To process the contents of the directory, you must provide a *walker* object,
+   which contains several callback methods that we will call when files and
+   subdirectories of *path* are encountered.  Each method should return ``0`` on
+   success.  Unless otherwise noted, if we receive any other return result, we
+   will abort the directory walk, and return that same result from the
+   :c:func:`cork_walk_directory` call itself.
+
+   In all of the following methods, *base_name* will be the base name of the
+   entry within its immediate subdirectory.  *rel_path* will be the relative
+   path of the entry within the *path* that you originally asked to walk
+   through.  *full_path* will the full path to the entry, including *path*
+   itself.
+
+   .. type:: struct cork_dir_walker
+
+      .. member:: int (\*file)(struct cork_dir_walker \*walker, const char \*full_path, const char \*rel_path, const char \*base_name)
+
+         Called when a regular file is encountered.
+
+      .. member:: int (\*enter_directory)(struct cork_dir_walker \*walker, const char \*full_path, const char \*rel_path, const char \*base_name)
+
+         Called when a subdirectory of *path* of encountered.  If you don't want
+         to recurse into this directory, return :c:data:`CORK_SKIP_DIRECTORY`.
+
+         .. macro:: CORK_SKIP_DIRECTORY
+
+      .. member:: int (\*leave_directory)(struct cork_dir_walker \*walker, const char \*full_path, const char \*rel_path, const char \*base_name)
+
+         Called when a subdirectory has been fully processed.
diff --git a/client/3rd/ShadowSocks/ShadowSocks/shadowsocks-libev/libcork/docs/old/gc.rst b/client/3rd/ShadowSocks/ShadowSocks/shadowsocks-libev/libcork/docs/old/gc.rst
new file mode 100644
index 00000000..a5bff64d
--- /dev/null
+++ b/client/3rd/ShadowSocks/ShadowSocks/shadowsocks-libev/libcork/docs/old/gc.rst
@@ -0,0 +1,422 @@
+.. _gc:
+
+************************************
+Reference-counted garbage collection
+************************************
+
+.. highlight:: c
+
+::
+
+  #include <libcork/core.h>
+
+The functions in this section implement a reference counting garbage
+collector.  The garbage collector handles reference cycles correctly.
+It is **not** a conservative garbage collector — i.e., we don't assume
+that every word inside an object might be a pointer.  Instead, each
+garbage-collected object must provide a *recursion function* that knows
+how to delve down into any child objects that it references.
+
+The garbage collector is **not** thread-safe.  If your application is
+multi-threaded, each thread will (automatically) have its own garbage
+collection context.  There are two strategies that you can use when
+using the garbage collector in a multi-threaded application:
+
+* Have a single “master” thread be responsible for the lifecycle of
+  every object.  This thread is the only one allowed to interact with
+  the garbage collector.  **No** other threads are allowed to call any
+  of the functions in this section, including the
+  :c:func:`cork_gc_incref()` and :c:func:`cork_gc_decref()` functions.
+  Other threads are allowed to access the objects that are managed by
+  the garbage collector, but the master thread must ensure that all
+  objects are live whenever another thread attempts to use them.  This
+  will require some kind of thread-safe communication or synchronization
+  between the master thread and the worker threads.
+
+* Have a separate garbage collector per thread.  Each object is “owned”
+  by a single thread, and the object is managed by that thread's garbage
+  collector.  As with the first strategy, other threads can use any
+  object, as long as the object's owner thread is able to guarantee that
+  the object will be live for as long as it's needed.  (Eventually we'll
+  also support migrating an object from one garbage collector to
+  another, but that feature isn't currently implemented.)
+
+The garbage collection implementation is based on the algorithm
+described in §3 of [1]_.
+
+.. [1] Bacon, DF and Rajan VT.  *Concurrent cycle collection in
+   reference counted systems*.  Proc. ECOOP 2001.  LNCS 2072.
+
+
+Creating a garbage collector
+============================
+
+.. function:: void cork_gc_init(void)
+
+   Initalizes a garbage collection context for the current thread.
+   Usually, you can allocate this on the stack of your ``main``
+   function::
+
+     int
+     main(int argc, char ** argv)
+     {
+         cork_gc_init();
+
+         // use the GC context
+
+         // and free it when you're done
+         cork_gc_done();
+     }
+
+   It's not required that you call this function at all; if you don't,
+   we'll automatically initialize a garbage collection context for the
+   current thread the first time you try to allocate a garbage-collected
+   object.  You can call this function, though, if you want to have more
+   control over when the initialization occurs.
+
+.. function:: void cork_gc_done(void)
+
+   Finalize the garbage collection context for the current thread.  All
+   objects created in this thread will be freed when this function
+   returns.
+
+   You must call this function in each thread that allocates
+   garbage-collected objects, just before that thread finishes.  (If
+   your application is single-threaded, then you must call this function
+   before the ``main`` function finishes.)  If you don't, you'll almost
+   certainly get memory leaks.
+
+
+Managing garbage-collected objects
+==================================
+
+A garbage collection context can't be used to manage arbitrary objects,
+since each garbage-collected class must define some callback functions
+for interacting with the garbage collector.  (The :ref:`next section
+<new-gc-class>` contains more details.)
+
+Each garbage-collected class will provide its own constructor function
+for instantiating a new instance of that class.  There aren't any
+explicit destructors for garbage-collected objects; instead you manage
+“references” to the objects.  Each pointer to a garbage-collected object
+is a reference, and each object maintains a count of the references to
+itself.  A newly constructed object starts with a reference count of
+``1``.  Whenever you save a pointer to a garbage-collected object, you
+should increase the object's reference count.  When you're done with the
+pointer, you decrease its reference count.  When the reference count
+drops to ``0``, the garbage collector frees the object.
+
+.. function:: void \*cork_gc_incref(void \*obj)
+
+   Increments the reference count of an object *obj* that is managed by
+   the current thread's garbage collector.  We always return *obj* as a
+   result, which allows you to use the following idiom::
+
+     struct my_obj * my_copy_of_obj = cork_gc_incref(obj);
+
+.. function:: void cork_gc_decref(void \*obj)
+
+   Decrements the reference count of an object *obj* that is managed by
+   the current thread's garbage collector  If the reference count drops
+   to ``0``, then the garbage collector will free the object.
+
+   .. note::
+
+      It's safe to call this function with a ``NULL`` *obj* pointer; in
+      this case, the function acts as a no-op.
+
+.. _borrow-ref:
+
+Borrowing a reference
+---------------------
+
+While the strategy mentioned above implies that you should call
+:c:func:`cork_gc_incref()` and :c:func:`cork_gc_decref()` for *every*
+pointer to a garbage-collected object, you can sometimes get away
+without bumping the reference count.  In particular, you can often
+*borrow* an existing reference to an object, if you can guarantee that
+the borrowed reference will exist for as long as you need access to the
+object.  The most common example of this when you pass in a
+garbage-collected object as the parameter to a function::
+
+  int
+  use_new_reference(struct my_obj *obj)
+  {
+      /* Here we're being pedantically correct, and incrementing obj's
+       * reference count since we've got our own pointer to the object. */
+      cork_gc_incref(obj);
+
+      /* Do something useful with obj */
+
+      /* And now that we're done with it, decrement the reference count. */
+      cork_gc_decref(obj);
+  }
+
+  int
+  borrowed_reference(struct my_obj *obj)
+  {
+      /* We can assume that the caller has a valid reference to obj, so
+       * we're just going to borrow that reference. */
+
+      /* Do something useful with obj */
+  }
+
+In this example, ``borrowed_reference`` doesn't need to update *obj*\ 's
+reference count.  We assume that the caller has a valid reference to
+*obj* when it makes the call to ``borrowed_reference``.  Moreover, we
+know that the caller can't possibly release this reference (via
+:c:func:`cork_gc_decref()`) until ``borrowed_reference`` returns.  Since
+we can guarantee that the caller's reference to *obj* will exist for the
+entire duration of ``borrowed_reference``, we don't need to protect it
+with an ``incref``/``decref`` pair.
+
+.. _steal-ref:
+
+Stealing a reference
+--------------------
+
+Another common pattern is for a “parent” object to maintain a reference
+to a “child” object.  (For example, a container class might maintain
+references to all of the elements in the container, assuming that the
+container and elements are all garbage-collected objects.)  When you
+have a network of objects like this, the parent object's constructor
+will usually take in a pointer to the child object as a parameter.  If
+we strictly follow the basic referencing counting rules described above,
+you'll end up with something like::
+
+  struct child  *child = child_new();
+  struct parent  *parent = parent_new(child);
+  cork_gc_decref(child);
+
+The ``child_new`` constructor gives us a reference to *child*.  The
+``parent_new`` constructor then creates a new reference to *child*,
+which will be stored somewhere in *parent*.  We no longer need our own
+reference to *child*, so we immediately decrement its reference count.
+
+This is a common enough occurrence that many constructor functions will
+instead *steal* the reference passed in as a parameter.  This means that
+the constructor takes control of the caller's reference.  This allows us
+to rewrite the example as::
+
+  struct parent  *parent = parent_new_stealing(child_new());
+
+For functions that steal a reference, the caller **cannot** assume that
+the object pointed to by the stolen reference exists when the function
+returns.  (If there's an error in ``parent_new_stealing``, for instance,
+it must release the stolen reference to *child* to prevent a memory
+leak.)  If a function is going to steal a reference, but you also need
+to use the object after the function call returns, then you need to
+explicitly increment the reference count *before* calling the function::
+
+  struct child  *child = child_new();
+  struct parent  *parent = parent_new_stealing(cork_gc_incref(child));
+  /* Do something with child. */
+  /* And then release our reference when we're done. */
+  cork_gc_decref(child);
+
+.. note::
+
+   It's important to point out that not every constructor will steal the
+   references passed in as parameters.  Moreover, there are some
+   constructors that steal references for some parameters but not for
+   others.  It entirely depends on what the “normal” use case is for the
+   constructor.  If you're almost always going to pass in a child object
+   that was just created, and that will always be accessed via the
+   parent, then the constructor will usually steal the reference.  If
+   the child can be referenced by many parents, then the constructor
+   will usually *not* steal the reference.  The documentation for each
+   constructor function will explicitly state which references are
+   stolen and which objects it creates new references for.
+
+
+.. _new-gc-class:
+
+Writing a new garbage-collected class
+=====================================
+
+When you are creating a new class that you want to be managed by a
+garbage collector, there are two basic steps you need to follow:
+
+* Implement a set of callback functions that allow the garbage collector
+  to interact with objects of the new class.
+
+* Use the garbage collector's allocation functions to allocate storage
+  for instance of your class.
+
+You won't need to write a public destructor function, since objects of
+the new class will be destroyed automatically when the garbage collector
+determines that they're no longer needed.
+
+Garbage collector callback interface
+------------------------------------
+
+Each garbage-collected class must provide an implementation of the
+“callback interface”:
+
+.. type:: struct cork_gc_obj_iface
+
+   .. member:: void (\*free)(void \*obj)
+
+      This callback is called when a garbage-collected object is about
+      to be freed.  You can perform any special cleanup steps in this
+      callback.  You do **not** need to deallocate the object's storage,
+      and you do **not** need to release any references that you old to
+      other objects.  Both of these steps will be taken care of for you
+      by the garbage collector.
+
+      If your class doesn't need any additional finalization steps, this
+      entry in the callback interface can be ``NULL``.
+
+   .. member:: void (\*recurse)(struct cork_gc \*gc, void \*obj, cork_gc_recurser recurse, void \*ud)
+
+      This callback is how you inform the garbage collector of your
+      references to other garbage-collected objects.
+
+      The garbage collector will call this function whenever it needs to
+      traverse through a graph of object references.  Your
+      implementation of this callback should just call *recurse* with
+      each garbage-collected object that you hold a reference to.  You
+      must pass in *gc* as the first parameter to each call to
+      *recurse*, and *ud* as the third parameter.
+
+      Note that it's fine to call *recurse* with a ``NULL`` object
+      pointer, which makes it slightly easier to write implementations
+      of this callback.
+
+      If instances of your class can never contain references to other
+      garbage-collected objects, this entry in the callback interface
+      can be ``NULL``.
+
+.. type:: void (\*cork_gc_recurser)(struct cork_gc \*gc, void \*obj, void \*ud)
+
+   An opaque callback provided by the garbage collector when it calls an
+   object's :c:member:`~cork_gc_obj_iface.recurse` method.
+
+.. type:: struct cork_gc
+
+   An opaque type representing the current thread's garbage-collection
+   context.  You'll only need to use this type when implementing a
+   :c:member:`~cork_gc_obj_iface.recurse` function.
+
+
+.. _gc-macros:
+
+Helper macros
+~~~~~~~~~~~~~
+
+There are several macros declared in :file:`libcork/helpers/gc.h` that
+make it easier to define the garbage-collection interface for a new
+class.
+
+.. note::
+
+   Unlike most libcork modules, these macros are **not** automatically
+   defined when you include the ``libcork/core.h`` header file, since
+   they don't include a ``cork_`` prefix.  Because of this, we don't
+   want to pollute your namespace unless you ask for the macros.  To do
+   so, you must explicitly include their header file::
+
+     #include <libcork/helpers/gc.h>
+
+.. macro:: _free_(SYMBOL name)
+           _recurse_(SYMBOL name)
+
+   These macros declare the *free* and *recurse* methods for a new
+   class.  The functions will be declared with exactly the signatures
+   and parameter names shown in the entries for the
+   :c:member:`~cork_gc_obj_iface.free` and
+   :c:member:`~cork_gc_obj_iface.recurse` methods.
+
+   You will almost certainly not need to refer to the method
+   implementations directly, since you can use the :c:macro:`_gc_*_
+   <_gc_>` macros below to declare the interface struct.  But if you do,
+   they'll be called :samp:`{[name]}__free` and
+   :samp:`{[name]}__recurse`.  (Note the double underscore.)
+
+.. macro:: _gc_(SYMBOL name)
+           _gc_no_free_(SYMBOL name)
+           _gc_no_recurse_(SYMBOL name)
+           _gc_leaf_(SYMBOL name)
+
+   Define the garbage-collection interface struct for a new class.  If
+   you defined both ``free`` and ``recurse`` methods, you should use the
+   ``_gc_`` variant.  If you only defined one of the methods, you should
+   use ``_gc_no_free_`` or ``_gc_no_recurse_``.  If you didn't define
+   either method, you should use ``_gc_free_``.
+
+   Like the method definitions, you probably won't need to refer to the
+   interface struct directly, since you can use the
+   :c:func:`cork_gc_new` macro to allocate new instances of the new
+   class.  But if you do, it will be called :samp:`{[name]}__gc`.  (Note
+   the double underscore.)
+
+
+As an example, we can use these macros to define a new tree class::
+
+    #include <libcork/helpers/gc.h>
+
+    struct tree {
+        const char  *name;
+        struct tree  *left;
+        struct tree  *right;
+    };
+
+    _free_(tree) {
+        struct tree  *self = obj;
+        cork_strfree(self->name);
+    }
+
+    _recurse_(tree) {
+        struct tree  *self = obj;
+        recurse(self->left, ud);
+        recurse(self->right, ud);
+    }
+
+    _gc_(tree);
+
+
+Allocating new garbage-collected objects
+----------------------------------------
+
+In your garbage-collected class's constructor, you must use one of the
+following functions to allocate the object's storage.  (The garbage
+collector hides some additional state in the object's memory region, so
+you can't allocate the storage using ``malloc`` or :c:func:`cork_new()`
+directly.)
+
+.. function:: void \*cork_gc_alloc(size_t instance_size, struct cork_gc_obj_iface \*iface)
+
+   Allocates a new garbage-collected object that is *instance_size*
+   bytes large.  *iface* should be a pointer to a callback interface for
+   the object.  If there are any problems allocating the new instance,
+   the program will abort.
+
+.. function:: type \*cork_gc_new_iface(TYPE type, struct cork_gc_obj_iface \*iface)
+
+   Allocates a new garbage-collected instance of *type*.  The size of
+   the memory region to allocate is calculated using the ``sizeof``
+   operator, and the result will be automatically cast to ``type *``.
+   *iface* should be a pointer to a callback interface for the object.
+   If there are any problems allocating the new instance, the program
+   will abort.
+
+.. function:: struct name \*cork_gc_new(SYMBOL name)
+
+   Allocates a new garbage-collected instance of :samp:`struct
+   {[name]}`.  (Note that you don't pass in the ``struct`` part of the
+   type name.) We assume that the garbage collection interface was
+   created using one of the :c:macro:`_gc_*_ <_gc_>` macros, using the
+   same *name* parameter.
+
+Using these functions, could instantiate our example tree class as
+follows::
+
+    struct tree *
+    tree_new(const char *name)
+    {
+        struct tree  *self = cork_gc_new(tree);
+        self->name = cork_strdup(name);
+        self->left = NULL;
+        self->right = NULL;
+        return self;
+    }
diff --git a/client/3rd/ShadowSocks/ShadowSocks/shadowsocks-libev/libcork/docs/old/hash-table.rst b/client/3rd/ShadowSocks/ShadowSocks/shadowsocks-libev/libcork/docs/old/hash-table.rst
new file mode 100644
index 00000000..a0586f91
--- /dev/null
+++ b/client/3rd/ShadowSocks/ShadowSocks/shadowsocks-libev/libcork/docs/old/hash-table.rst
@@ -0,0 +1,398 @@
+.. _hash-table:
+
+***********
+Hash tables
+***********
+
+.. highlight:: c
+
+::
+
+  #include <libcork/ds.h>
+
+This section defines a hash table class.  Our hash table implementation
+is based on the public domain hash table package written in the late
+1980's by Peter Moore at UC Berkeley.
+
+The keys and values of a libcork hash table are both represented by ``void *``
+pointers.  You can also store integer keys or values, as long as you use the
+:c:type:`intptr_t` or :c:type:`uintptr_t` integral types.  (These are the only
+integer types guaranteed by the C99 standard to fit within the space used by a
+``void *``.)  The keys of the hash table can be any arbitrary type; you must
+provide two functions that control how key pointers are used to identify entries
+in the table: the *hasher* (:c:type:`cork_hash_f`) and the *comparator*
+(:c:type:`cork_equals_f`).  It's your responsibility to ensure that these two
+functions are consistent with each other — i.e., if two keys are equal according
+to your comparator, they must also map to the same hash value.  (The inverse
+doesn't need to be true; it's fine for two keys to have the same hash value but
+not be equal.)
+
+.. type:: struct cork_hash_table
+
+   A hash table.
+
+.. function:: struct cork_hash_table \*cork_hash_table_new(size_t initial_size, unsigned int flags)
+
+   Creates a new hash table instance.
+
+   If you know roughly how many entries you're going to add to the hash
+   table, you can pass this in as the *initial_size* parameter.  If you
+   don't know how many entries there will be, you can use ``0`` for this
+   parameter instead.
+
+   You will most likely need to provide a hashing function and a comparison
+   function for the new hash table (using :c:func:`cork_hash_table_set_hash` and
+   :c:func:`cork_hash_table_set_equals`), which will be used to compare key
+   values of the entries in the table.  If you do not provide your own
+   functions, the default functions will compare key pointers as-is without
+   interpreting what they point to.
+
+   The *flags* field is currently unused, and should be ``0``.  In the future,
+   this parameter will be used to let you customize the behavior of the hash
+   table.
+
+
+.. function:: void cork_hash_table_free(struct cork_hash_table \*table)
+
+   Frees a hash table.  If you have provided a :c:func:`free_key
+   <cork_hash_table_set_free_key>` or :c:func:`free_value
+   <cork_hash_table_set_free_value>` callback for *table*, then we'll
+   automatically free any remaining keys and/or values.
+
+
+.. type:: struct cork_hash_table_entry
+
+   The contents of an entry in a hash table.
+
+   .. member:: void  \*key
+
+      The key for this entry.  There won't be any other entries in the
+      hash table with the same key, as determined by the comparator
+      function that you provide.
+
+   .. member:: void  \*value
+
+      The value for this entry.  The entry's value is completely opaque
+      to the hash table; we'll never need to compare or interrogate the
+      values in the table.
+
+   .. member:: cork_hash  hash
+
+      The hash value for this entry's key.  This field is strictly
+      read-only.
+
+
+Callback functions
+------------------
+
+You can use the callback functions in this section to customize the behavior of
+a hash table.
+
+.. function:: void cork_hash_table_set_user_data(struct cork_hash_table \*table, void \*user_data, cork_free_f free_user_data)
+
+   Lets you provide an opaque *user_data* pointer to each of the hash table's
+   callbacks.  This lets you provide additional state, other than the hash table
+   itself to those callbacks.  If *free_user_data* is not ``NULL``, then the
+   hash table will take control of *user_data*, and will use the
+   *free_user_data* function to free it when the hash table is destroyed.
+
+
+Key management
+~~~~~~~~~~~~~~
+
+.. function:: void cork_hash_table_set_hash(struct cork_hash_table \*table, void \*user_data, cork_hash_f hash)
+
+   The hash table will use the ``hash`` callback to calculate a hash value for
+   each key.
+
+   .. type:: cork_hash (\*cork_hash_f)(void \*user_data, const void \*key)
+
+      .. note::
+
+         It's important to use a hash function that has a uniform distribution
+         of hash values for the set of values you expect to use as hash table
+         keys.  In particular, you *should not* rely on there being a prime
+         number of hash table bins to get the desired uniform distribution.  The
+         :ref:`hash value functions <hash-values>` that we provide have uniform
+         distribution (and are fast), and should be safe to use for most key
+         types.
+
+.. function:: void cork_hash_table_set_equals(struct cork_hash_table \*table, void \*user_data, cork_equals_f equals)
+
+   The hash table will use the ``equals`` callback to compare keys.
+
+   .. type:: bool (\*cork_equals_f)(void \*user_data, const void \*key1, const void \*key2)
+
+
+Built-in key types
+~~~~~~~~~~~~~~~~~~
+
+We also provide a couple of specialized constructors for common key types, which
+prevents you from having to duplicate common hashing and comparison functions.
+
+.. function:: struct cork_hash_table \*cork_string_hash_table_new(size_t initial_size, unsigned int flags)
+
+   Create a hash table whose keys will be C strings.
+
+.. function:: struct cork_hash_table \*cork_pointer_hash_table_new(size_t initial_size, unsigned int flags)
+
+   Create a hash table where keys should be compared using standard pointer
+   equality.  (In other words, keys should only be considered equal if they
+   point to the same physical object.)
+
+
+Automatically freeing entries
+~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
+
+.. function:: void cork_hash_table_set_free_key(struct cork_hash_table \*table, void \*user_data, cork_free_f free_key)
+              void cork_hash_table_set_free_value(struct cork_hash_table \*table, void \*user_data, cork_free_f free_value)
+
+   If you provide ``free_key`` and/or ``free_value`` callbacks, then the hash
+   table will take ownership of any keys and values that you add.  The hash
+   table will use these callbacks to free each key and value when entries are
+   explicitly deleted (via :c:func:`cork_hash_table_delete` or
+   :c:func:`cork_hash_table_clear`), and when the hash table itself is
+   destroyed.
+
+
+Adding and retrieving entries
+-----------------------------
+
+There are several functions that can be used to add or retrieve entries
+from a hash table.  Each one has slightly different semantics; you
+should read through them all before deciding which one to use for a
+particular use case.
+
+.. note::
+
+   Each of these functions comes in two variants.  The “normal” variant will use
+   the hash table's :c:func:`hash <cork_hash_table_set_hash>` callback to
+   calculate the hash value for the *key* parameter.  This is the normal way to
+   interact with a hash table.
+
+   When using the ``_hash`` variant, you must calculate the hash value for each
+   key yourself, and pass in this hash value as an extra parameter.  The hash
+   table's :c:func:`hash <cork_hash_table_set_hash>` callback is not invoked.
+   This can be more efficient, if you've already calculated or cached the hash
+   value.  It is your responsibility to make sure that the hash values you
+   provide are consistent, just like when you write a :c:func:`hash
+   <cork_hash_table_set_hash>` callback.
+
+.. function:: void \*cork_hash_table_get(const struct cork_hash_table \*table, const void \*key)
+              void \*cork_hash_table_get_hash(const struct cork_hash_table \*table, cork_hash hash, const void \*key)
+
+   Retrieves the value in *table* with the given *key*.  We return
+   ``NULL`` if there's no corresponding entry in the table.  This means
+   that, using this function, you can't tell the difference between a
+   missing entry, and an entry that's explicitly mapped to ``NULL``.  If
+   you need to distinguish those cases, you should use
+   :c:func:`cork_hash_table_get_entry()` instead.
+
+.. function:: struct cork_hash_table_entry \*cork_hash_table_get_entry(const struct cork_hash_table \*table, const void \*key)
+              struct cork_hash_table_entry \*cork_hash_table_get_entry_hash(const struct cork_hash_table \*table, cork_hash hash, const void \*key)
+
+   Retrieves the entry in *table* with the given *key*.  We return
+   ``NULL`` if there's no corresponding entry in the table.
+
+   You are free to update the :c:member:`key
+   <cork_hash_table_entry.key>` and :c:member:`value
+   <cork_hash_table_entry.value>` fields of the entry.  However, you
+   must ensure that any new key is considered “equal” to the old key,
+   according to the hasher and comparator functions that you provided
+   for this hash table.
+
+.. function:: struct cork_hash_table_entry \*cork_hash_table_get_or_create(struct cork_hash_table \*table, void \*key, bool \*is_new)
+              struct cork_hash_table_entry \*cork_hash_table_get_or_create_hash(struct cork_hash_table \*table, cork_hash hash, void \*key, bool \*is_new)
+
+   Retrieves the entry in *table* with the given *key*.  If there is no
+   entry with the given key, it will be created.  (If we can't create
+   the new entry, we'll return ``NULL``.)  We'll fill in the *is_new*
+   output parameter to indicate whether the entry is new or not.
+
+   If a new entry is created, its value will initially be ``NULL``, but
+   you can update this as necessary.  You can also update the entry's
+   key, though you must ensure that any new key is considered “equal” to
+   the old key, according to the hasher and comparator functions that
+   you provided for this hash table.  This is necessary, for instance,
+   if the *key* parameter that we search for was allocated on the stack.
+   We can't save this stack key into the hash table, since it will
+   disapppear as soon as the calling function finishes.  Instead, you
+   must create a new key on the heap, which can be saved into the entry.
+   For efficiency, you'll only want to allocate this new heap-stored key
+   if the entry is actually new, especially if there will be a lot
+   successful lookups of existing keys.
+
+.. function:: int cork_hash_table_put(struct cork_hash_table \*table, void \*key, void \*value, bool \*is_new, void \*\*old_key, void \*\*old_value)
+              int cork_hash_table_put_hash(struct cork_hash_table \*table, cork_hash hash, void \*key, void \*value, bool \*is_new, void \*\*old_key, void \*\*old_value)
+
+   Add an entry to a hash table.  If there is already an entry with the
+   given key, we will overwrite its key and value with the *key* and
+   *value* parameters.  If the *is_new* parameter is non-\ ``NULL``,
+   we'll fill it in to indicate whether the entry is new or already
+   existed in the table.  If the *old_key* and/or *old_value* parameters
+   are non-\ ``NULL``, we'll fill them in with the existing key and
+   value.  This can be used, for instance, to finalize an overwritten
+   key or value object.
+
+.. function:: void cork_hash_table_delete_entry(struct cork_hash_table \*table, struct cork_hash_table_entry \*entry)
+
+   Removes *entry* from *table*.  You must ensure that *entry* refers to a
+   valid, existing entry in the hash table.  This function can be more efficient
+   than :c:func:`cork_hash_table_delete` if you've recently retrieved a hash
+   table entry using :c:func:`cork_hash_table_get_or_create` or
+   :c:func:`cork_hash_table_get_entry`, since we won't have to search for the
+   entry again.
+
+.. function:: bool cork_hash_table_delete(struct cork_hash_table \*table, const void \*key, void \*\*deleted_key, void \*\*deleted_value)
+              bool cork_hash_table_delete_hash(struct cork_hash_table \*table, cork_hash hash, const void \*key, void \*\*deleted_key, void \*\*deleted_value)
+
+   Removes the entry with the given *key* from *table*.  If there isn't
+   any entry with the given key, we'll return ``false``.  If the
+   *deleted_key* and/or *deleted_value* parameters are non-\ ``NULL``,
+   we'll fill them in with the deleted key and value.  This can be used,
+   for instance, to finalize the key or value object that was stored in
+   the hash table entry.
+
+   If you have provided a :c:func:`free_key <cork_hash_table_set_free_key>` or
+   :c:func:`free_value <cork_hash_table_set_free_value>` callback for *table*,
+   then we'll automatically free the key and/or value of the deleted entry.
+   (This happens before ``cork_hash_table_delete`` returns, so you must not
+   provide a *deleted_key* and/or *deleted_value* in this case.)
+
+
+Other operations
+----------------
+
+.. function:: size_t cork_hash_table_size(const struct cork_hash_table \*table)
+
+   Returns the number of entries in a hash table.
+
+.. function:: void cork_hash_table_clear(struct cork_hash_table \*table)
+
+   Removes all of the entries in a hash table, without finalizing the
+   hash table itself.
+
+   If you have provided a :c:func:`free_key <cork_hash_table_set_free_key>` or
+   :c:func:`free_value <cork_hash_table_set_free_value>` callback for *table*,
+   then we'll automatically free any remaining keys and/or values.
+
+.. function:: int cork_hash_table_ensure_size(struct cork_hash_table \*table, size_t desired_count)
+
+   Ensures that *table* has enough space to efficiently store a certain
+   number of entries.  This can be used to reduce (or eliminate) the
+   number of resizing operations needed to add a large number of entries
+   to the table, when you know in advance roughly how many entries there
+   will be.
+
+
+Iterating through a hash table
+------------------------------
+
+There are two strategies you can use to access all of the entries in a
+hash table: *mapping* and *iterating*.
+
+
+Iteration order
+~~~~~~~~~~~~~~~
+
+Regardless of whether you use the mapping or iteration functions, we guarantee
+that the collection of items will be processed in the same order that they were
+added to the hash table.
+
+
+Mapping
+~~~~~~~
+
+With mapping, you write a mapping function that will be applied to each entry in
+the table.  (In this case, libcork controls the loop that steps through each
+entry.)
+
+.. function:: void cork_hash_table_map(struct cork_hash_table \*table, void \*user_data, cork_hash_table_map_f map)
+
+   Applies the *map* function to each entry in a hash table.  The *map*
+   function's :c:type:`cork_hash_table_map_result` return value can be used to
+   influence the iteration.
+
+   .. type:: enum cork_hash_table_map_result (\*cork_hash_table_map_f)(void \*user_data, struct cork_hash_table_entry \*entry)
+
+      The function that will be applied to each entry in a hash table.  The
+      function's return value can be used to influence the iteration:
+
+      .. type:: enum cork_hash_table_map_result
+
+         .. var:: CORK_HASH_TABLE_CONTINUE
+
+            Continue the current :c:func:`cork_hash_table_map()` operation.  If
+            there are any remaining elements, the next one will be passed into
+            another call of the *map* function.
+
+         .. var:: CORK_HASH_TABLE_ABORT
+
+            Stop the current :c:func:`cork_hash_table_map()` operation.  No more
+            entries will be processed after this one, even if there are
+            remaining elements in the hash table.
+
+         .. var:: CORK_HASH_TABLE_DELETE
+
+            Continue the current :c:func:`cork_hash_table_map()` operation, but
+            first delete the entry that was just processed.  If there are any
+            remaining elements, the next one will be passed into another call of
+            the *map* function.
+
+For instance, you can manually calculate the number of entries in a hash
+table as follows (assuming you didn't want to use the built-in
+:c:func:`cork_hash_table_size()` function, of course)::
+
+  static enum cork_hash_table_map_result
+  count_entries(void *user_data, struct cork_hash_table_entry *entry)
+  {
+      size_t  *count = user_data;
+      (*count)++;
+      return CORK_HASH_TABLE_MAP_CONTINUE;
+  }
+
+  struct cork_hash_table  *table = /* from somewhere */;
+  size_t  count = 0;
+  cork_hash_table_map(table, &count, count_entries);
+  /* the number of entries is now in count */
+
+
+Iterating
+~~~~~~~~~
+
+The second strategy is to iterate through the entries yourself.  Since
+the internal struture of the :c:type:`cork_hash_table` type is opaque
+(and slightly more complex than a simple array), you have to use a
+special “iterator” type to manage the manual iteration.  Note that
+unlike when using a mapping function, it is **not** safe to delete
+entries in a hash table as you manually iterate through them.
+
+.. type:: struct cork_hash_table_iterator
+
+   A helper type for manually iterating through the entries in a hash
+   table.  All of the fields in this type are private.  You'll usually
+   allocate this type on the stack.
+
+.. function:: void cork_hash_table_iterator_init(struct cork_hash_table \*table, struct cork_hash_table_iterator \*iterator)
+
+   Initializes a new iterator for the given hash table.
+
+.. function:: struct cork_hash_table_entry \*cork_hash_table_iterator_next(struct cork_hash_table_iterator \*iterator)
+
+   Returns the next entry in *iterator*\ 's hash table.  If you've
+   already iterated through all of the entries in the table, we'll
+   return ``NULL``.
+
+With these functions, manually counting the hash table entries looks
+like::
+
+  struct cork_hash_table  *table = /* from somewhere */;
+  struct cork_hash_table_iterator  iter;
+  struct cork_hash_table_entry  *entry;
+  size_t  count = 0;
+
+  cork_hash_table_iterator_init(table, &iter);
+  while ((entry = cork_hash_table_iterator_next(&iter)) != NULL) {
+      count++;
+  }
+  /* the number of elements is now in count */
diff --git a/client/3rd/ShadowSocks/ShadowSocks/shadowsocks-libev/libcork/docs/old/hash-values.rst b/client/3rd/ShadowSocks/ShadowSocks/shadowsocks-libev/libcork/docs/old/hash-values.rst
new file mode 100644
index 00000000..00f37d9c
--- /dev/null
+++ b/client/3rd/ShadowSocks/ShadowSocks/shadowsocks-libev/libcork/docs/old/hash-values.rst
@@ -0,0 +1,111 @@
+.. _hash-values:
+
+***********
+Hash values
+***********
+
+.. highlight:: c
+
+::
+
+  #include <libcork/core.h>
+
+
+The functions in this section can be used to produce fast, good hash
+values.
+
+.. note::
+
+   For the curious, libcork currently uses the public-domain
+   `MurmurHash3 <http://code.google.com/p/smhasher/>`_ as its hash
+   implementation.
+
+
+Hashing in C code
+-----------------
+
+A common pattern would be something along the lines of::
+
+  struct my_type {
+      int  a;
+      long  b;
+      double  c;
+      size_t  name_length;
+      const char  *name;
+  };
+
+  cork_hash
+  my_type_hash(const struct my_type *self)
+  {
+      /* hash of "struct my_type" */
+      cork_hash  hash = 0xd4a130d8;
+      hash = cork_hash_variable(hash, self->a);
+      hash = cork_hash_variable(hash, self->b);
+      hash = cork_hash_variable(hash, self->c);
+      hash = cork_hash_buffer(hash, self->name, self->name_length);
+      return hash;
+   }
+
+In this example, the seed value (``0xd4a130d8``) is the hash of the
+constant string ``"struct my_type"``.  You can produce seed values like
+this using the :ref:`cork-hash <cork-hash>` script described below::
+
+  $ cork-hash "struct my_type"
+  0xd4a130d8
+
+
+.. type:: uint32_t  cork_hash
+
+.. function:: cork_hash cork_hash_buffer(cork_hash seed, const void \*src, size_t len)
+              cork_hash cork_hash_variable(cork_hash seed, TYPE val)
+
+   Incorporate the contents of the given binary buffer or variable into a hash
+   value.  For the ``_variable`` variant, *val* must be an lvalue visible in the
+   current scope.
+
+   The hash values produces by these functions can change over time, and might
+   not be consistent across different platforms.  The only guarantee is that
+   hash values will be consistest for the duration of the current process.
+
+.. function:: cork_hash cork_stable_hash_buffer(cork_hash seed, const void \*src, size_t len)
+              cork_hash cork_stable_hash_variable(cork_hash seed, TYPE val)
+
+   Stable versions of :c:func:`cork_hash_buffer` and
+   :c:func:`cork_hash_variable`.  We guarantee that the hash values produced by
+   this function will be consistent across different platforms, and across
+   different versions of the libcork library.
+
+
+.. type:: cork_big_hash
+
+.. function:: cork_big_hash cork_big_hash_buffer(cork_big_hash seed, const void \*src, size_t len)
+
+   Incorporate the contents of the given binary buffer into a "big" hash value.
+   A big hash value has a much larger space of possible hash values (128 bits vs
+   32).
+
+
+.. function:: bool cork_big_hash_equal(cork_big_hash hash1, cork_big_hash hash2)
+
+   Compare two big hash values for equality.
+
+
+.. _cork-hash:
+
+Hashing from the command line
+-----------------------------
+
+Several parts of libcork use hash values as identifiers; you use a
+unique string to identify part of your code, and use the hash of that
+string as the actual identifier value.  We provide a command-line
+utility that you can use to produce these hash values:
+
+.. code-block:: none
+
+   cork-hash <string>
+
+.. describe:: <string>
+
+   The string to hash.  This should be provided as a single argument on
+   the command line, so if your string contains spaces or other shell
+   meta-characters, you must enclose the string in quotes.
diff --git a/client/3rd/ShadowSocks/ShadowSocks/shadowsocks-libev/libcork/docs/old/index.rst b/client/3rd/ShadowSocks/ShadowSocks/shadowsocks-libev/libcork/docs/old/index.rst
new file mode 100644
index 00000000..3fd786d9
--- /dev/null
+++ b/client/3rd/ShadowSocks/ShadowSocks/shadowsocks-libev/libcork/docs/old/index.rst
@@ -0,0 +1,59 @@
+.. _index:
+
+|project_name| documentation
+============================
+
+This is the documentation for |project_name| |release|, last updated
+|today|.
+
+
+Introduction
+------------
+
+So what is libcork, exactly?  It's a “simple, easily embeddable, cross-platform
+C library”.  It falls roughly into the same category as glib_ or APR_ in the C
+world; the STL, POCO_, or QtCore_ in the C++ world; or the standard libraries
+of any decent dynamic language.
+
+So if libcork has all of these comparables, why a new library?  Well, none of
+the C++ options are really applicable here.  And none of the C options work,
+because one of the main goals is to have the library be highly modular, and
+useful in resource-constrained systems.  Once we describe some of the design
+decisions that we've made in libcork, you'll hopefully see how this fits into
+an interesting niche of its own.
+
+.. _glib: http://library.gnome.org/devel/glib/
+.. _APR: http://apr.apache.org/
+.. _POCO: http://pocoproject.org/
+.. _QtCore: http://qt.nokia.com/
+
+
+Contents
+--------
+
+.. toctree::
+   :maxdepth: 2
+
+   config
+   versions
+   visibility
+   basic-types
+   byte-order
+   attributes
+   allocation
+   errors
+   gc
+   mempool
+   ds
+   cli
+   files
+   process
+   subprocess
+   threads
+
+
+Indices and tables
+------------------
+
+* :ref:`genindex`
+* :ref:`search`
diff --git a/client/3rd/ShadowSocks/ShadowSocks/shadowsocks-libev/libcork/docs/old/int128.rst b/client/3rd/ShadowSocks/ShadowSocks/shadowsocks-libev/libcork/docs/old/int128.rst
new file mode 100644
index 00000000..7247216a
--- /dev/null
+++ b/client/3rd/ShadowSocks/ShadowSocks/shadowsocks-libev/libcork/docs/old/int128.rst
@@ -0,0 +1,145 @@
+.. _int128:
+
+****************
+128-bit integers
+****************
+
+.. highlight:: c
+
+::
+
+  #include <libcork/core.h>
+
+We provide an API for working with unsigned, 128-bit integers.  Unlike libraries
+like GMP_, our goal is not to support arbitrarily large integers, but to provide
+optimized support for this one specific integer type.  We might add support for
+additional large integer types in the future, as need arises, but the focus will
+always be on a small number of specific types, and not on arbitrary sizes.  For
+that, use GMP.
+
+.. _GMP: http://gmplib.org/
+
+
+.. type:: cork_u128
+
+   An unsigned, 128-bit integer.  You can assume that instances of this type
+   will be exactly 16 bytes in size, and that the integer value will be stored
+   in host-endian order.  This type is currently implemented as a ``struct``,
+   but none of its members are part of the public API.
+
+
+Initialization
+==============
+
+.. function:: cork_u128 cork_u128_from_32(uint32_t i0, uint32_t i1, uint32_t i2, uint32_t i3)
+              cork_u128 cork_u128_from_64(uint64_t i0, uint64_t i1)
+
+   Return a 128-bit integer initialized with the given portions.  The various
+   *iX* pieces are given in big-endian order, regardless of the host's
+   endianness.  For instance, both of the following initialize an integer to
+   :math:`2^{64}`::
+
+       cork_u128  value1 = cork_u128_from_32(0, 1, 0, 0);
+       cork_u128  value2 = cork_u128_from_64(1, 0);
+
+
+Accessing subsets
+=================
+
+.. function:: &uint8_t cork_u128_be8(cork_u128 value, unsigned int index)
+              &uint16_t cork_u128_be16(cork_u128 value, unsigned int index)
+              &uint32_t cork_u128_be32(cork_u128 value, unsigned int index)
+              &uint64_t cork_u128_be64(cork_u128 value, unsigned int index)
+
+   Returns a reference to a portion of a 128-bit integer.  Regardless of the
+   host's endianness, the indices are counted in big-endian order — i.e., an
+   *index* of ``0`` will always return the most-significant portion of *value*.
+
+   The result is a valid lvalue, so you can assign to it to update the contents
+   of *value*::
+
+       cork_u128  value;
+       cork_u128_be64(value, 0) = 4;
+       cork_u128_be64(value, 1) = 16;
+
+
+Arithmetic
+==========
+
+All of the functions in this section are implemented as macros or inline
+functions, so you won't incur any function-call overhead when using them.
+
+.. function:: cork_u128 cork_u128_add(cork_128 a, cork_u128 b)
+              cork_u128 cork_u128_sub(cork_128 a, cork_u128 b)
+
+   Add or subtract two 128-bit integers, returning the result.
+
+   ::
+
+       cork_u128  a = cork_u128_from_32(0, 10);
+       cork_u128  b = cork_u128_from_32(0, 3);
+       cork_u128  c = cork_u128_add(a, b);
+       cork_u128  d = cork_u128_sub(a, b);
+       // c == 13 && d == 7
+
+
+Comparison
+==========
+
+All of the functions in this section are implemented as macros or inline
+functions, so you won't incur any function-call overhead when using them.
+
+.. function:: bool cork_u128_eq(cork_128 a, cork_u128 b)
+              bool cork_u128_ne(cork_128 a, cork_u128 b)
+              bool cork_u128_lt(cork_128 a, cork_u128 b)
+              bool cork_u128_le(cork_128 a, cork_u128 b)
+              bool cork_u128_gt(cork_128 a, cork_u128 b)
+              bool cork_u128_ge(cork_128 a, cork_u128 b)
+
+   Compare two 128-bit integers.  These functions correspond, respectively, to
+   the ``==``, ``!=``, ``<``, ``<=``, ``>``, and ``>=`` operators.
+
+   ::
+
+       cork_u128  a = cork_u128_from_32(0, 10);
+       cork_u128  b = cork_u128_from_32(0, 3);
+       // cork_u128_eq(a, b) → false
+       // cork_u128_ne(a, b) → true
+       // cork_u128_eq(a, a) → true
+       // cork_u128_gt(a, b) → true
+       // cork_u128_ge(a, a) → true
+       // and so on
+
+
+Printing
+========
+
+.. function:: const char \*cork_u128_to_decimal(char \*buf, cork_u128 value)
+              const char \*cork_u128_to_hex(char \*buf, cork_u128 value)
+              const char \*cork_u128_to_padded_hex(char \*buf, cork_u128 value)
+
+   Write the string representation of *value* into *buf*.  The ``decimal`` and
+   ``hex`` variants do not include any padding in the result.  The
+   ``padded_hex`` variant pads the result with ``0`` characters so that the
+   string representation of every :c:type:`cork_u128` has the same width.
+
+   You must provide the buffer that the string representation will be rendered
+   into.  (This ensures that these functions are thread-safe.)  The return value
+   will be some portion of this buffer, but might not be *buf* itself.
+
+   You are responsible for ensuring that *buf* is large enough to hold the
+   string representation of any valid 128-bit integer.  The
+   :c:macro:`CORK_U128_DECIMAL_LENGTH` and :c:macro:`CORK_U128_HEX_LENGTH`
+   macros can be helpful for this::
+
+     char  buf[CORK_U128_DECIMAL_LENGTH];
+     cork_u128  value = cork_u128_from_32(0, 125);
+     printf("%s\n", cork_u128_to_decimal(buf, value));
+     // prints "125\n"
+
+
+.. macro:: CORK_U128_DECIMAL_LENGTH
+           CORK_U128_HEX_LENGTH
+
+   The maximum length of the decimal or hexadecimal string representation of a
+   128-bit integer, including a ``NUL`` terminator.
diff --git a/client/3rd/ShadowSocks/ShadowSocks/shadowsocks-libev/libcork/docs/old/managed-buffer.rst b/client/3rd/ShadowSocks/ShadowSocks/shadowsocks-libev/libcork/docs/old/managed-buffer.rst
new file mode 100644
index 00000000..16ddf758
--- /dev/null
+++ b/client/3rd/ShadowSocks/ShadowSocks/shadowsocks-libev/libcork/docs/old/managed-buffer.rst
@@ -0,0 +1,125 @@
+.. _managed-buffer:
+
+**********************
+Managed binary buffers
+**********************
+
+.. highlight:: c
+
+::
+
+  #include <libcork/ds.h>
+
+This section defines an interface for handling reference-counted binary
+buffers.  The :c:type:`cork_managed_buffer` type wraps a buffer with a
+simple reference count, and takes care of freeing the necessary
+resources when the reference count drops to zero.  There should only be
+a single :c:type:`cork_managed_buffer` instance for any given buffer,
+regardless of how many threads or functions access that buffer.  Each
+thread or function that uses the buffer does so via a
+:c:type:`cork_slice` instance.  This type is meant to be allocated
+directly on the stack (or in some other managed storage), and keeps a
+pointer to the managed buffer instance that it slices.  As its name
+implies, a slice can refer to a subset of the buffer.
+
+
+.. type:: struct cork_managed_buffer
+
+   A “managed buffer”, which wraps a buffer with a simple reference
+   count.
+
+   Managed buffer consumers should consider all of the fields of this
+   class private.  Managed buffer implementors should fill in this
+   fields when constructing a new ``cork_managed_buffer`` instance.
+
+   .. member:: const void  \*buf
+
+      The buffer that this instance manages.
+
+   .. member:: size_t  size
+
+      The size of :c:member:`buf`.
+
+   .. member:: volatile int  ref_count
+
+      A reference count for the buffer.  If this drops to ``0``, the
+      buffer will be finalized.
+
+   .. member:: struct cork_managed_buffer_iface  \*iface
+
+      The managed buffer implementation for this instance.
+
+
+.. function:: struct cork_managed_buffer \*cork_managed_buffer_ref(struct cork_managed_buffer \*buf)
+
+   Atomically increase the reference count of a managed buffer.  This
+   function is thread-safe.
+
+
+.. function:: void cork_managed_buffer_unref(struct cork_managed_buffer \*buf)
+
+   Atomically decrease the reference count of a managed buffer.  If the
+   reference count falls to ``0``, the instance is freed.  This function
+   is thread-safe.
+
+.. function:: int cork_managed_buffer_slice(struct cork_slice \*dest, struct cork_managed_buffer \*buffer, size_t offset, size_t length)
+              int cork_managed_buffer_slice_offset(struct cork_slice \*dest, struct cork_managed_buffer \*buffer, size_t offset)
+
+   Initialize a new slice that refers to a subset of a managed buffer.
+   The *offset* and *length* parameters identify the subset.  (For the
+   ``_slice_offset`` variant, the *length* is calculated automatically
+   to include all of the managed buffer content starting from *offset*.)
+   If these parameters don't refer to a valid portion of the buffer, we
+   return ``false``, and you must not try to deference the slice's
+   :c:member:`buf <cork_slice.buf>` pointer.  If the slice is valid, we
+   return ``true``.
+
+   Regardless of whether the new slice is valid, you **must** ensure
+   that you call :c:func:`cork_slice_finish()` when you are done with
+   the slice.
+
+
+Predefined managed buffer implementations
+-----------------------------------------
+
+.. function:: struct cork_managed_buffer \*cork_managed_buffer_new_copy(const void \*buf, size_t size)
+
+   Make a copy of *buf*, and allocate a new managed buffer to manage
+   this copy.  The copy will automatically be freed when the managed
+   buffer's reference count drops to ``0``.
+
+
+.. type:: void (\*cork_managed_buffer_freer)(void \*buf, size_t size)
+
+   A finalization function for a managed buffer created by
+   :c:func:`cork_managed_buffer_new()`.
+
+.. function:: struct cork_managed_buffer \*cork_managed_buffer_new(const void \*buf, size_t size, cork_managed_buffer_freer free)
+
+   Allocate a new managed buffer to manage an existing buffer (*buf*).
+   The existing buffer is *not* copied; the new managed buffer instance
+   takes control of it.  When the managed buffer's reference count drops
+   to ``0``, it will call *free* to finalize *buf*.
+
+   This is a helper function, and keeps you from having to write a
+   complete custom managed buffer implementation when you don't need to
+   store any additional state in the managed buffer object.
+
+   .. note::
+
+      The *free* function is *not* responsible for freeing the
+      ``cork_managed_buffer`` instance itself.
+
+
+Custom managed buffer implementations
+-------------------------------------
+
+.. type:: struct cork_managed_buffer_iface
+
+   The interface of methods that managed buffer implementations must
+   provide.
+
+   .. member:: void (\*free)(struct cork_managed_buffer \*self)
+
+      Free the contents of a managed buffer, and the
+      ``cork_managed_buffer`` instance itself.
diff --git a/client/3rd/ShadowSocks/ShadowSocks/shadowsocks-libev/libcork/docs/old/mempool.rst b/client/3rd/ShadowSocks/ShadowSocks/shadowsocks-libev/libcork/docs/old/mempool.rst
new file mode 100644
index 00000000..85bf112f
--- /dev/null
+++ b/client/3rd/ShadowSocks/ShadowSocks/shadowsocks-libev/libcork/docs/old/mempool.rst
@@ -0,0 +1,197 @@
+.. _mempool:
+
+************
+Memory pools
+************
+
+.. highlight:: c
+
+::
+
+  #include <libcork/core.h>
+
+The functions in this section let you define *memory pools*, which allow
+you to reduce the overhead of allocating and freeing large numbers of
+small objects.  Instead of generating a ``malloc`` call for each
+individual object, the memory pool allocates a large *block* of memory,
+and then subdivides this block of memory into objects of the desired
+size.  The free objects in the memory pool are linked together in a
+singly-linked list, which means that allocation and deallocation is
+usually a (very small) constant-time operation.
+
+.. note::
+
+   Memory pools are *not* thread safe; if you have multiple threads
+   allocating objects of the same type, they'll need separate memory
+   threads.
+
+
+Basic interface
+---------------
+
+.. type:: struct cork_mempool
+
+   A memory pool.  All of the objects created by the memory pool will be
+   the same size; this size is provided when you initialize the memory
+   pool.
+
+.. function:: struct cork_mempool \*cork_mempool_new_size(size_t element_size)
+              struct cork_mempool \*cork_mempool_new(TYPE type)
+
+   Allocate a new memory pool.  The size of the objects allocated by
+   the memory pool is given either as an explicit *element_size*, or by
+   giving the *type* of the objects.  The blocks allocated by the memory
+   pool will be of a default size (currently 4Kb).
+
+.. function:: struct cork_mempool \*cork_mempool_new_size_ex(size_t element_size, size_t block_size)
+              struct cork_mempool \*cork_mempool_new_ex(TYPE type, size_t block_size)
+
+   Allocate a new memory pool.  The size of the objects allocated by
+   the memory pool is given either as an explicit *element_size*, or by
+   giving the *type* of the objects.  The blocks allocated by the memory
+   pool will be *block_size* bytes large.
+
+.. function:: void cork_mempool_free(struct cork_mempool \*mp)
+
+   Free a memory pool.  You **must** have already freed all of the
+   objects allocated by the pool; if you haven't, then this function
+   will cause the current process to abort.
+
+.. function:: void \*cork_mempool_new_object(struct cork_mempool \*mp)
+
+   Allocate a new object from the memory pool.
+
+.. function:: void cork_mempool_free_object(struct cork_mempool \*mp, void \*ptr)
+
+   Free an object that was allocated from the memory pool.
+
+
+
+.. _mempool-lifecycle:
+
+Initializing and finalizing objects
+-----------------------------------
+
+When you free an object that was allocated via a memory pool, the memory
+for that object isn't actually freed immediately.  (That's kind of the
+reason that you're using a memory pool in the first place.)  This means
+that if your object contains any fields that are expensive to initialize
+and finalize, it can make sense to postpone the finalization of those
+fields until the memory for the object itself is actually freed.
+
+As an example, let's say you have the following type that you're going
+to allocate via a memory pool::
+
+    struct my_data {
+        struct cork_buffer  scratch_space;
+        int  age;
+    };
+
+Our first attempt at a constructor and destructor would then be::
+
+    static cork_mempool  *pool;
+    pool = cork_mempool_new(struct my_data);
+
+    struct my_data *
+    my_data_new(void)
+    {
+        struct my_data  *self = cork_mempool_new_object(pool);
+        if (self == NULL) {
+            return NULL;
+        }
+
+        cork_buffer_init(&self->scratch_space);
+        return self;
+    }
+
+    void
+    my_data_free(struct my_data *self)
+    {
+        cork_buffer_done(&self->scratch_space);
+        cork_mempool_free_object(pool, self);
+    }
+
+What's interesting about this example is that the ``scratch_space``
+field, being a :c:type:`cork_buffer`, allocates some space internally to
+hold whatever data we're building up in the buffer.  When we call
+:c:func:`cork_buffer_done` in our destructor, that memory is returned to
+the system.  Later on, when we allocate a new ``my_data``, the
+:c:func:`cork_mempool_new_object` call in our constructor might get this same
+physical instance back.  We'll then proceed to re-initialize the
+``scratch_space`` buffer, which will then reallocate its internal buffer
+space as we use the type.
+
+Since we're using a memory pool to reuse the memory for the ``my_data``
+instance, we might as well try to reuse the memory for the
+``scratch_space`` field, as well.  To do this, you provide initialization and
+finalization callbacks:
+
+.. function:: void cork_mempool_set_user_data(struct cork_mempool \*mp, void \*user_data, cork_free_f free_user_data)
+              void cork_mempool_set_init_object(struct cork_mempool \*mp, cork_init_f init_object)
+              void cork_mempool_set_done_object(struct cork_mempool \*mp, cork_done_f done_object)
+
+   Provide callback functions that will be used to initialize and finalize each
+   object created by the memory pool.
+
+So, instead of putting the initialization logic into our constructor, we
+put it into the ``init_object`` function.  Similarly, the finalization
+logic goes into ``done_object``, and not our destructor::
+
+    static void
+    my_data_init(void *user_data, void *vself)
+    {
+        struct my_data  *self = vself;
+        cork_buffer_init(&self->scratch_space);
+        return 0;
+    }
+
+    static void
+    my_data_done(void *user_data, void *vself)
+    {
+        struct my_data  *self = vself;
+        cork_buffer_done(&self->scratch_space);
+    }
+
+    static cork_mempool  *pool;
+    pool = cork_mempool_new(pool, struct my_data);
+    cork_mempool_set_init_object(pool, my_data_init);
+    cork_mempool_set_done_object(pool, my_data_done);
+
+    struct my_data *
+    my_data_new(void)
+    {
+        return cork_mempool_new_object(pool);
+    }
+
+    void
+    my_data_free(struct my_data *self)
+    {
+        cork_mempool_free_object(pool, self);
+    }
+
+In this implementation, the ``scratch_space`` buffer is initialized when
+the memory for an instance is first allocated, and it's not finalized
+until the memory for the instance is returned to the system.  (Which
+basically means "when the memory pool itself is freed".)
+
+A caveat with this approach is that we've no longer guaranteed that the
+``scratch_space`` buffer is empty when ``my_data_new`` returns — if
+we're reusing an existing object, then the contents of the "previous"
+object's buffer will still be there.  We can either make sure that
+consumers of ``my_data`` don't assume anything about the contents of
+``scratch_space``, or better yet, we can *reset* the fields in our
+constructor object::
+
+    struct my_data *
+    my_data_new(void)
+    {
+        struct my_data  *self = cork_mempool_new_object(pool);
+        cork_buffer_clear(&self->scratch_space);
+        return self;
+    }
+
+In this example, we can reset the buffer just by clearing it.  If
+resetting is more involved, it can sometimes be better to leave the
+instance in a "messy" state, and have your clients not make assumptions.
+But if you do this, make sure to be clear about it in your
+documentation.
diff --git a/client/3rd/ShadowSocks/ShadowSocks/shadowsocks-libev/libcork/docs/old/net-addresses.rst b/client/3rd/ShadowSocks/ShadowSocks/shadowsocks-libev/libcork/docs/old/net-addresses.rst
new file mode 100644
index 00000000..bea320d0
--- /dev/null
+++ b/client/3rd/ShadowSocks/ShadowSocks/shadowsocks-libev/libcork/docs/old/net-addresses.rst
@@ -0,0 +1,134 @@
+.. _net-addresses:
+
+*****************
+Network addresses
+*****************
+
+.. highlight:: c
+
+::
+
+  #include <libcork/core.h>
+
+
+IP addresses
+------------
+
+libcork provides C types for storing IPv4 and IPv6 addresses, as well as
+a union type for storing a generic IP address, regardless of whether
+it's IPv4 or IPv6.  (This lets you distinguish between an IPv4 address
+and the equivalent ``::ffff:0:0/96`` IPv4-mapped IPv6 address.)
+
+.. type:: struct cork_ipv4
+          struct cork_ipv6
+
+   An IPv4 or IPv6 address.  The address is stored in memory exactly as
+   it would be if sent over a network connection — i.e., in
+   network-endian order, regardless of the endianness of the current
+   host.  The types are also guaranteed to be exactly the size of an
+   actual IPv4 or IPv6 address (without additional padding), so they can
+   be embedded directly into ``struct`` types that represent binary
+   disk/wire formats.
+
+   The contents of these types should be considered opaque.  You should
+   use the accessor functions defined below to interact with the IP
+   address.
+
+.. type:: struct cork_ip
+
+   A single union type that can contain either an IPv4 or IPv6 address.
+   This type contains a discriminator field, so you can't use it
+   directly in a binary disk/wire format type.
+
+   .. member:: unsigned int  version
+
+      Either ``4`` or ``6``, indicating whether the current IP address
+      is an IPv4 address or an IPv6 address.
+
+   .. member:: struct cork_ipv4  ip.v4
+               struct cork_ipv6  ip.v6
+
+      Gives you access to the underlying :c:type:`cork_ipv4` or
+      :c:type:`cork_ipv6` instance for the current address.  It's your
+      responsibility to check the :c:member:`cork_ip.version` field and
+      only access the union branch that corresponds to the current IP
+      version.
+
+
+.. function:: void cork_ipv4_copy(struct cork_ipv4 \*addr, const void \*src)
+              void cork_ipv6_copy(struct cork_ipv6 \*addr, const void \*src)
+              void cork_ip_from_ipv4(struct cork_ip \*addr, const void \*src)
+              void cork_ip_from_ipv6(struct cork_ip \*addr, const void \*src)
+
+   Initializes a :c:type:`cork_ipv4`, :c:type:`cork_ipv6`, or
+   :c:type:`cork_ip` instance from an existing IP address somewhere in
+   memory.  The existing address doesn't have to be an instance of the
+   :c:type:`cork_ipv4` or :c:type:`cork_ipv6` types, but it does have to
+   be a well-formed address.  (For IPv4, it must be 4 bytes long; for
+   IPv6, 16 bytes long.  And in both cases, the address must already be
+   in network-endian order, regardless of the host's endianness.)
+
+
+.. function:: int cork_ipv4_init(struct cork_ipv4 \*addr, const char \*str)
+              int cork_ipv6_init(struct cork_ipv6 \*addr, const char \*str)
+              int cork_ip_init(struct cork_ip \*addr, const char \*str)
+
+   Initializes a :c:type:`cork_ipv4`, :c:type:`cork_ipv6`, or
+   :c:type:`cork_ip` instance from the string representation of an IP
+   address.  *str* must point to a string containing a well-formed IP
+   address.  (Dotted-quad for an IPv4, and colon-hex for IPv6.)
+   Moreover, the version of the IP address in *str* must be compatible
+   with the function that you call: it can't be an IPv6 address if you
+   call ``cork_ipv4_init``, and it can't be an IPv4 address if you call
+   ``cork_ipv6_init``.
+
+   If *str* doesn't represent a valid address (of a compatible IP
+   version), then we leave *addr* unchanged, fill in the current error
+   condition with a :c:data:`CORK_NET_ADDRESS_PARSE_ERROR` error, and
+   return ``-1``.
+
+
+.. function:: bool cork_ipv4_equal(const struct cork_ipv4 \*addr1, const struct cork_ipv4 \*addr2)
+              bool cork_ipv6_equal(const struct cork_ipv6 \*addr1, const struct cork_ipv6 \*addr2)
+              bool cork_ip_equal(const struct cork_ip \*addr1, const struct cork_ip \*addr2)
+
+   Checks two IP addresses for equality.
+
+
+.. macro:: CORK_IPV4_STRING_LENGTH
+           CORK_IPV6_STRING_LENGTH
+           CORK_IP_STRING_LENGTH
+
+   The maximum length of the string representation of an IPv4, IPv6, or
+   generic IP address, including a ``NUL`` terminator.
+
+.. function:: void cork_ipv4_to_raw_string(const struct cork_ipv4 \*addr, char \*dest)
+              void cork_ipv6_to_raw_string(const struct cork_ipv6 \*addr, char \*dest)
+              void cork_ip_to_raw_string(const struct cork_ip \*addr, char \*dest)
+
+   Fills in *dest* with the string representation of an IPv4, IPv6, or
+   generic IP address.  You are responsible for ensuring that *dest* is
+   large enough to hold the string representation of any valid IP
+   address of the given version.  The
+   :c:macro:`CORK_IPV4_STRING_LENGTH`,
+   :c:macro:`CORK_IPV6_STRING_LENGTH`, and
+   :c:macro:`CORK_IP_STRING_LENGTH` macros can be helpful for this::
+
+     char  buf[CORK_IPV4_STRING_LENGTH];
+     struct cork_ipv4  addr;
+     cork_ipv4_to_raw_string(&addr, buf);
+
+
+.. function:: bool cork_ipv4_is_valid_network(const struct cork_ipv4 \*addr, unsigned int cidr_prefix)
+              bool cork_ipv6_is_valid_network(const struct cork_ipv6 \*addr, unsigned int cidr_prefix)
+              bool cork_ip_is_valid_network(const struct cork_ipv6 \*addr, unsigned int cidr_prefix)
+
+    Checks an IP address for alignment with a CIDR block prefix. For example,
+    10.1.2.4/24 is invalid, but 10.1.2.4/30 is valid.
+
+
+.. macro:: CORK_NET_ADDRESS_ERROR
+           CORK_NET_ADDRESS_PARSE_ERROR
+
+   The error class and codes used for the :ref:`error conditions
+   <errors>` described in this section.
diff --git a/client/3rd/ShadowSocks/ShadowSocks/shadowsocks-libev/libcork/docs/old/process.rst b/client/3rd/ShadowSocks/ShadowSocks/shadowsocks-libev/libcork/docs/old/process.rst
new file mode 100644
index 00000000..3bb13ecb
--- /dev/null
+++ b/client/3rd/ShadowSocks/ShadowSocks/shadowsocks-libev/libcork/docs/old/process.rst
@@ -0,0 +1,193 @@
+.. _processes:
+
+*********
+Processes
+*********
+
+.. highlight:: c
+
+::
+
+  #include <libcork/os.h>
+
+The functions in this section let you interact with the current running process.
+
+
+Cleanup functions
+~~~~~~~~~~~~~~~~~
+
+Often you will need to perform some cleanup tasks whenever the current process
+terminates normally.  The functions in this section let you do that.
+
+.. function:: void cork_cleanup_at_exit(int priority, cork_cleanup_function function)
+              void cork_cleanup_at_exit_named(const char \*name, int priority, cork_cleanup_function function)
+
+   Register a *function* that should be called when the current process
+   terminates.  When multiple functions are registered, the order in which they
+   are called is determined by their *priority* values --- functions with lower
+   priorities will be called first.  If any functions have the same priority
+   value, there is no guarantee about the order in which they will be called.
+
+   All cleanup functions must conform to the following signature:
+
+   .. type:: void (\*cork_cleanup_function)(void)
+
+   The ``_named`` variant lets you provide an explicit name for the cleanup
+   function, which currently is only used when printing out debug messages.  The
+   plain variant automatically detects the name of *function*, so that you don't
+   have to provide it explicitly.
+
+
+.. _env:
+
+Environment variables
+~~~~~~~~~~~~~~~~~~~~~
+
+.. type:: struct cork_env
+
+   A collection of environment variables that can be passed to subprocesses.
+
+
+.. function:: struct cork_env \*cork_env_new(void)
+
+   Create a new, empty collection of environment variables.
+
+.. function:: struct cork_env \*cork_env_clone_current(void)
+
+   Create a new :c:type:`cork_env` containing all of the environment variables
+   in the current process's environment list.
+
+.. function:: void cork_env_free(struct cork_env \*env)
+
+   Free a collection of environment variables.
+
+
+.. function:: const char \*cork_env_get(struct cork_env \*env, const char \*name)
+
+   Return the value of the environment variable with the given *name*.  If there
+   is no variable with that name, return ``NULL``.
+
+   If *env* is ``NULL``, then the variable is retrieved from the current process
+   environment; otherwise, it is retrieved from *env*.
+
+.. function:: void cork_env_add(struct cork_env \*env, const char \*name, const char \*value)
+              void cork_env_add_printf(struct cork_env \*env, const char \*name, const char \*format, ...)
+              void cork_env_add_vprintf(struct cork_env \*env, const char \*name, const char \*format, va_list args)
+
+   Add a new environment variable with the given *name* and *value*.  If there
+   is already a variable with that name, it is overwritten.  We make a copy of
+   both *name* and *variable*, so it is safe to pass in temporary or reusable
+   strings for either.  The ``printf`` and ``vprintf`` variants construct the
+   new variable's value from a ``printf``-like format string.
+
+   If *env* is ``NULL``, then the new variable is added to the current process
+   environment; otherwise, it is added to *env*.
+
+.. function:: void cork_env_remove(struct cork_env \*env, const char \*name)
+
+   Remove the environment variable with the given *name*, if it exists.  If
+   there isn't any variable with that name, do nothing.
+
+   If *env* is ``NULL``, then the variable is removed from the current process
+   environment; otherwise, it is removed from *env*.
+
+
+.. function:: void cork_env_replace_current(struct cork_env \*env)
+
+   Replace the current process's environment list with the contents of *env*.
+
+
+.. _exec:
+
+Executing another program
+~~~~~~~~~~~~~~~~~~~~~~~~~
+
+.. type:: struct cork_exec
+
+   A specification for executing another program.
+
+
+.. function:: struct cork_exec \*cork_exec_new(const char \*program)
+              struct cork_exec \*cork_exec_new_with_params(const char \*program, ...)
+              struct cork_exec \*cork_exec_new_with_param_array(const char \*program, char \* const \*params)
+
+   Create a new specification for executing *program*.  *program* must either be
+   an absolute path to an executable on the local filesystem, or the name of an
+   executable that should be found in the current ``PATH``.
+
+   The first variant creates a specification that initially doesn't contain any
+   parameters to pass into the new program.  The second variant allows you to
+   pass in each argument as a separate parameter; you must ensure that you
+   terminate the list of parameters with a ``NULL`` pointer.  The third variant
+   allows you to pass in a ``NULL``-terminated array of strings to use as an
+   initial parameter list.  For all three variants, you can add additional
+   parameters before executing the new program via the :c:func:`cork_add_param`
+   function.
+
+   .. note::
+
+      Most programs will expect the first parameter to be the name of the
+      program being executed.  The :c:func:`cork_exec_new_with_params` function
+      will automatically fill in this first parameter for you.  The other
+      constructor functions do not; when using them, it is your responsibility
+      to provide this parameter, just like any other parameters to pass into the
+      program.
+
+   This function does not actually execute the program; that is handled by the
+   :c:func:`cork_exec_run` function.
+
+.. function:: void cork_exec_free(struct cork_exec \*exec)
+
+   Free an execution specification.  You normally won't need to call this
+   function; normally you'll replace the current process with the new program
+   (by calling :c:func:`cork_exec_run`), which means you won't have a chance to
+   free the specification object.
+
+.. function:: const char \*cork_exec_description(struct cork_exec \*exec)
+
+   Return a string description of the program described by an execution
+   specification.
+
+.. function:: void cork_exec_add_param(struct cork_exec \*exec, const char \*param)
+
+   Add a parameter to the parameter list that will be passed into the new
+   program.
+
+.. function:: void cork_exec_set_env(struct cork_exec \*exec, struct cork_env \*env)
+
+   Provide a set of environment variables that will be passed into the new
+   program.  The subprocess's environment will contain only those variables
+   defined in *env*.  You can use the :c:func:`cork_env_clone_current` function
+   to create a copy of the current process's environment, to use it as a base to
+   add new variables or remove unsafe variables.  We will take control of *env*,
+   so you must **not** call :c:func:`cork_env_free` to free the environment
+   yourself.
+
+   If you don't call this function for a specification object, the new
+   program will use the same environment as the calling process.
+
+.. function:: void cork_exec_set_cwd(struct cork_exec \*exec, const char \directory)
+
+   Change the working directory that the new program will be called from.  If
+   you don't call this function for a specification object, the new program will
+   be executed in the same working directory as the calling process.
+
+
+.. function:: const char \*cork_exec_program(struct cork_exec \*exec)
+              size_t \*cork_exec_param_count(struct cork_exec \*exec)
+              const char \*cork_exec_param(struct cork_exec \*exec, size_t index)
+              struct cork_env \*cork_exec_env(struct cork_exec \*exec)
+              const char \*cork_exec_cwd(struct cork_exec \*exec)
+
+   Accessor functions that allow you to retrieve the contents of an execution
+   specification.  The :c:func:`cork_exec_env` and :c:func:`cork_exec_cwd`
+   functions might return ``NULL``, if there isn't an environment or working
+   directory specified.
+
+
+.. function:: int cork_exec_run(struct cork_exec \*exec)
+
+   Execute the program specified by *exec*, replacing the current process.
+   If we can successfully start the new program, this function will not return.
+   If there are any errors starting the program, this function will return an
+   error condition.
diff --git a/client/3rd/ShadowSocks/ShadowSocks/shadowsocks-libev/libcork/docs/old/ring-buffer.rst b/client/3rd/ShadowSocks/ShadowSocks/shadowsocks-libev/libcork/docs/old/ring-buffer.rst
new file mode 100644
index 00000000..40db5876
--- /dev/null
+++ b/client/3rd/ShadowSocks/ShadowSocks/shadowsocks-libev/libcork/docs/old/ring-buffer.rst
@@ -0,0 +1,73 @@
+.. _ring-buffer:
+
+************
+Ring buffers
+************
+
+.. highlight:: c
+
+::
+
+  #include <libcork/ds.h>
+
+
+.. type:: struct cork_ring_buffer
+
+   A ring buffer data structure that can be easily embedded into other
+   types.  All of the fields in ``cork_ring_buffer`` are private; you
+   should only access the contents of the ring buffer via the functions
+   defined below.
+
+   The elements of a ring buffer are ``void *`` pointers.  (You can also
+   store integers via the :c:type:`intptr_t` and :c:type:`uintptr_t`
+   types.)  Ring buffers have a fixed capacity, which must be specified
+   when the ring buffer instance is initialized.  You cannot add extra
+   space to an existing ring buffer.
+
+   Ring buffers implement a FIFO queue structure; elements will be
+   returned by :c:func:`cork_ring_buffer_pop()` in the same order that
+   they're added by :c:func:`cork_ring_buffer_add()`.
+
+
+.. function:: int cork_ring_buffer_init(struct cork_ring_buffer \*buf, size_t size)
+              struct cork_ring_buffer \*cork_ring_buffer_new(size_t size)
+
+   Initializes a ring buffer instance, having a capacity of *size* elements.
+   The ``_init`` version should be used to initialize an instance you
+   allocated yourself on the stack.  The ``_new`` version will allocate an
+   instance from the heap.  If memory allocation fails in either function,
+   the program will abort with an error.
+
+
+.. function:: void cork_ring_buffer_done(struct cork_ring_buffer \*buf)
+              void cork_ring_buffer_free(struct cork_ring_buffer \*buf)
+
+   Finalizes a ring buffer instance.  The ``_done`` variant should be used to
+   finalize an instance that you allocated yourself (i.e., on the stack).  The
+   ``_free`` version should be used on instance allocated on the heap by using
+   :c:func:`cork_hash_table_new()`.  Nothing special is done to any
+   remaining elements in the ring buffer; if they need to be finalized,
+   you should do that yourself before calling this function.
+
+
+.. function:: bool cork_ring_buffer_is_empty(struct cork_ring_buffer \*buf)
+              bool cork_ring_buffer_is_full(struct cork_ring_buffer \*buf)
+
+   Returns whether the ring buffer is empty or full.  (You cannot add
+   elements to a full ring buffer, and you cannot pop elemenst from an
+   empty one.)
+
+
+.. function:: int cork_ring_buffer_add(struct cork_ring_buffer \*buf, void \*element)
+
+   Adds *element* to a ring buffer.  If the ring buffer is full, we
+   return ``-1``, and the ring buffer will be unchanged.  Otherwise we
+   return ``0``.
+
+.. function:: void \*cork_ring_buffer_pop(struct cork_ring_buffer \*buf)
+              void \*cork_ring_buffer_peek(struct cork_ring_buffer \*buf)
+
+   Returns the next element in the ring buffer.  If the ring buffer is
+   empty, we return ``NULL``.  The ``_pop`` variant will remove the
+   returned element from the ring buffer before returning it; the
+   ``_peek`` variant will leave the element in the ring buffer.
diff --git a/client/3rd/ShadowSocks/ShadowSocks/shadowsocks-libev/libcork/docs/old/slice.rst b/client/3rd/ShadowSocks/ShadowSocks/shadowsocks-libev/libcork/docs/old/slice.rst
new file mode 100644
index 00000000..2d46a5b8
--- /dev/null
+++ b/client/3rd/ShadowSocks/ShadowSocks/shadowsocks-libev/libcork/docs/old/slice.rst
@@ -0,0 +1,254 @@
+.. _slice:
+
+*************
+Binary slices
+*************
+
+.. highlight:: c
+
+::
+
+  #include <libcork/ds.h>
+
+This section defines an interface for safely referring to the contents
+of a binary buffer, without needing to know where the buffer came from.
+In addition to accessing the contents of the underlying buffer, slices
+support three operations:
+
+* *Copying* initializes a new slice object to point at the same
+  underlying buffer as the current slice.  Depending on how the
+  underlying buffer is implemented, this doesn't necessarily involve
+  actual copying; for instance, the :c:type:`cork_managed_buffer` type
+  implements this operation by incrementing the reference count of the
+  managed buffer.
+
+* *Slicing* updates the current slice to point at a subset of its
+  current contents.  This doesn't affect the underlying buffer.
+
+* *Freeing* releases the resources used by the slice, possibly freeing
+  the underlying buffer.
+
+These operations are represented by the *slice interface*
+(:c:type:`cork_slice_iface`).  To write a new slice implementation, you
+just need to provide an instance of this interface type.
+
+
+.. note::
+
+   There's no generic constructor or initialization function for slices;
+   instead, you'll create a slice from some other data structure, using
+   a function specific to that data structure.  (An example is the
+   :c:func:`cork_buffer_to_slice()` function, which initializes a slice
+   from a :ref:`resizable buffer <buffer>`.)
+
+
+.. type:: struct cork_slice
+
+   A specific window into a portion of an underlying binary buffer.
+
+   Instances of this class do not need to be (and almost never are)
+   allocated on the heap; you can define an instance directly on the
+   stack, or in some other kind of managed storage.
+
+   .. note::
+
+      It is **very important** that you ensure that
+      :c:func:`cork_slice_finish()` is called whenever you are done with
+      a slice — if you don't, there's a very good chance that the
+      underlying buffer will never be freed.  Yes, yes, it's unfortunate
+      that C doesn't have ``try``/``finally`` or RAII, but suck it up
+      and make sure that :c:func:`cork_slice_finish()` gets called.
+
+   .. member:: const void  \*buf
+
+      The beginning of the sliced portion of the underlying buffer.
+
+   .. member:: size_t  size
+
+      The size of the sliced portion of the underlying buffer.
+
+   .. member:: struct cork_slice_iface  \*iface
+
+      The slice implementation of the underlying buffer.  For slice
+      consumers, this field should be considered private.  For slice
+      implementors, you should fill in this field with your slice
+      interface.
+
+   .. member:: void  \*user_data
+
+      An opaque pointer used by the slice implementation.  For slice
+      consumers, this field should be considered private.  For slice
+      implementors, you can use this field to point at the underlying
+      buffer (and/or any additional metadata that you need.)
+
+
+.. function:: void cork_slice_clear(struct cork_slice \*slice)
+
+   Clear a slice object.  This fills in a slice instance so that it's
+   “empty”.  You should not try to call any of the slice methods on an
+   empty slice, nor should you try to dereference the slice's
+   :c:member:`buf <cork_slice.buf>` pointer.  An empty slice is
+   equivalent to a ``NULL`` pointer.
+
+.. function:: bool cork_slice_is_empty(struct cork_slice \*slice)
+
+   Return whether a slice is empty.
+
+
+.. function:: int cork_slice_copy(struct cork_slice \*dest, struct cork_slice \*src, size_t offset, size_t length)
+              int cork_slice_copy_offset(struct cork_slice \*dest, struct cork_slice \*src, size_t offset)
+              int cork_slice_copy_fast(struct cork_slice \*dest, struct cork_slice \*src, size_t offset, size_t length)
+              int cork_slice_copy_offset_fast(struct cork_slice \*dest, struct cork_slice \*src, size_t offset)
+
+   Initialize a new slice that refers to a subset of an existing slice.
+   The *offset* and *length* parameters identify the subset.  (For the
+   ``_copy_offset`` variant, the *length* is calculated automatically to
+   include all of the original slice content starting from *offset*.)
+
+   For the ``_fast`` variants, we **don't** verify that the *offset* and
+   *length* parameters refer to a valid subset of the slice.  This is
+   your responsibility.  For the non-\ ``_fast`` variants, we perform a
+   bounds check for you, and return an error if the requested slice is
+   invalid.
+
+   Regardless of whether the new slice is valid, you **must** ensure
+   that you call :c:func:`cork_slice_finish()` on *dest* when you are
+   done with it.
+
+.. function:: int cork_slice_light_copy(struct cork_slice \*dest, const struct cork_slice \*src, size_t offset, size_t length)
+              int cork_slice_light_copy_offset(struct cork_slice \*dest, const struct cork_slice \*src, size_t offset)
+              int cork_slice_light_copy_fast(struct cork_slice \*dest, const struct cork_slice \*src, size_t offset, size_t length)
+              int cork_slice_light_copy_offset_fast(struct cork_slice \*dest, const struct cork_slice \*src, size_t offset)
+
+   Initialize a new slice that refers to a subset of an existing slice.  By
+   calling a ``_light_copy`` function instead of a ``_copy`` function, you are
+   guaranteeing that *dest* will not outlive *src* — i.e., it is your
+   responsibility to ensure that you call :c:func:`cork_slice_finish` on *dest*
+   before you call it on *src*.  This guarantee lets slice implementations make
+   a more light-weight copy of the slice: for instance, by not having to make a
+   copy of the underlying buffer.
+
+   The *offset* and *length* parameters identify the subset.  (For the
+   ``_light_copy_offset`` variant, the *length* is calculated automatically to
+   include all of the original slice content starting from *offset*.)
+
+   For the ``_fast`` variants, we **don't** verify that the *offset* and
+   *length* parameters refer to a valid subset of the slice.  This is
+   your responsibility.  For the non-\ ``_fast`` variants, we perform a
+   bounds check for you, and return an error if the requested slice is
+   invalid.
+
+   Regardless of whether the new slice is valid, you **must** ensure
+   that you call :c:func:`cork_slice_finish()` on *dest* when you are
+   done with it.
+
+.. function:: int cork_slice_slice(struct cork_slice \*slice, size_t offset, size_t length)
+              int cork_slice_slice_offset(struct cork_slice \*slice, size_t offset)
+              int cork_slice_slice_fast(struct cork_slice \*slice, size_t offset, size_t length)
+              int cork_slice_slice_offset_fast(struct cork_slice \*slice, size_t offset)
+
+   Update a slice to refer to a subset of its contents.  The *offset*
+   and *length* parameters identify the subset.  (For the
+   ``_slice_offset`` variant, the *length* is calculated automatically
+   to include all of the original slice content starting from *offset*.)
+
+   For the ``_fast`` variants, we **don't** verify that the *offset* and
+   *length* parameters refer to a valid subset of the slice.  This is
+   your responsibility.  For the non-\ ``_fast`` variants, we perform a
+   bounds check for you, and return an error if the requested slice is
+   invalid.
+
+.. function:: void cork_slice_finish(struct cork_slice \*slice)
+
+   Finalize a slice, freeing the underlying buffer if necessary.
+
+.. function:: int cork_slice_equal(const struct cork_slice \*slice1, const struct cork_slice \*slice2)
+
+   Compare the contents of two slices for equality.  (The *contents* of
+   the slices are compared, not their pointers; this is the slice
+   equivalent of ``memcmp``, not the ``==`` operator.)
+
+
+Slice interface
+---------------
+
+.. type:: struct cork_slice_iface
+
+   The interface of methods that slice implementations must provide.
+
+   .. member:: void (\*free)(struct cork_slice \*self)
+
+      Called when the slice should be freed.  If necessary, you should
+      free the contents of the underlying buffer.  (If the buffer
+      contents can be shared, it's up to you to keep track of when the
+      contents are safe to be freed.)
+
+      This function pointer can be ``NULL`` if you don't need to free
+      any underlying buffer.
+
+   .. member:: int (\*copy)(struct cork_slice \*dest, const struct cork_slice \*src, size_t offset, size_t length)
+               int (\*light_copy)(struct cork_slice \*dest, const struct cork_slice \*src, size_t offset, size_t length)
+
+      Create a copy of a slice.  You can assume that *offset* and
+      *length* refer to a valid subset of *src*\ 's content.
+
+      For the ``light_copy`` method, the caller guarantees that the new light
+      copy (*dest*) will not outlive the original slice (*src*).  For some slice
+      implementations, this lets you create a more light-weight copy — for
+      instance, by not having to make an actualy copy of the underlying buffer.
+
+   .. member:: int (\*slice)(struct cork_slice \*self, size_t offset, size_t length)
+
+      Update *self* to point at a different subset of the underlying
+      buffer.  You can assume that *offset* and *length* refer to a
+      valid subset of the buffer.  (They will be relative to *self*\ 's
+      existing slice, and not to the original buffer.)
+
+      This function pointer can be ``NULL`` if you don't need to do
+      anything special to the underlying buffer; in this case,
+      :c:func:`cork_slice_slice()` and
+      :c:func:`cork_slice_slice_offset()` will update the slice's *buf*
+      and *size* fields for you.
+
+
+Built-in slice implementations
+------------------------------
+
+Several libcork classes can be used to initialize a slice:
+
+* :ref:`Managed buffers <managed-buffer>` via the
+  :c:func:`cork_managed_buffer_slice` function
+
+* :ref:`Resizable buffers <buffer>` via the
+  :c:func:`cork_buffer_to_slice` function
+
+You can also initialize a slice to point at an existing buffer:
+
+
+.. function:: void cork_slice_init_static(struct cork_slice \*dest, const void \*buf, size_t size)
+
+   Initializes *dest* to point at the given static buffer.  Since the
+   buffer is static, and guaranteed to always exist, the slice's
+   :c:member:`~cork_slice.copy` method doesn't copy the underlying data,
+   it just creates a new pointer to the existing buffer.
+
+   .. note::
+
+      You can also use this function to refer to a non-static buffer,
+      but then you take responsibility for ensuring that the underlying
+      buffer exists for at least as long as the slice, and any copies
+      made of the slice.
+
+   As with all slices, you **must** ensure that you call
+   :c:func:`cork_slice_finish` when you're done with the slice.
+
+
+.. function:: void cork_slice_init_copy_once(struct cork_slice \*dest, const void \*buf, size_t size)
+
+   Initializes *dest* to point at the given buffer.  If any copies are made of
+   the slice, then we create a :ref:`managed copy <managed-buffer>` of the
+   underlying buffer.  This means that you only have to ensure that *buf* exists
+   for as long as the original *dest* slice is used.
+
+   As with all slices, you **must** ensure that you call
+   :c:func:`cork_slice_finish` when you're done with the slice.
diff --git a/client/3rd/ShadowSocks/ShadowSocks/shadowsocks-libev/libcork/docs/old/stream.rst b/client/3rd/ShadowSocks/ShadowSocks/shadowsocks-libev/libcork/docs/old/stream.rst
new file mode 100644
index 00000000..145783c7
--- /dev/null
+++ b/client/3rd/ShadowSocks/ShadowSocks/shadowsocks-libev/libcork/docs/old/stream.rst
@@ -0,0 +1,228 @@
+.. _stream:
+
+*****************
+Stream processing
+*****************
+
+.. highlight:: c
+
+::
+
+  #include <libcork/ds.h>
+
+
+Stream producers
+----------------
+
+A *producer* of binary data should take in a pointer to a
+:c:type:`cork_stream_consumer` instance.  Any data that is produced by the
+stream is then sent into the consumer instance for processing.  Once the stream
+has been exhausted (for instance, by reaching the end of a file), you signal
+this to the consumer.  During both of these steps, the consumer is able to
+signal error conditions; for instance, a stream consumer that parses a
+particular file format might return an error condition if the stream of data is
+malformed.  If possible, the stream producer can try to recover from the error
+condition, but more often, the stream producer will simply pass the error back
+up to its caller.
+
+.. function:: int cork_stream_consumer_data(struct cork_stream_consumer \*consumer, const void \*buf, size_t size, bool is_first_chunk)
+
+   Send the next chunk of data into a stream consumer.  You only have to ensure
+   that *buf* is valid for the duration of this function call; the stream
+   consumer is responsible for saving a copy of the data if it needs to be
+   processed later.  In particular, this means that it's perfectly safe for
+   *buf* to refer to a stack-allocated memory region.
+
+.. function:: int cork_stream_consumer_eof(struct cork_stream_consumer \*consumer)
+
+   Notify the stream consumer that the end of the stream has been reached.  The
+   stream consumer might perform some final validation and error detection at
+   this point.
+
+.. function:: void cork_stream_consumer_free(struct cork_stream_consumer \*consumer)
+
+   Finalize and deallocate a stream consumer.
+
+
+Built-in stream producers
+~~~~~~~~~~~~~~~~~~~~~~~~~
+
+We provide several built-in stream producers:
+
+.. function:: int cork_consume_fd(struct cork_stream_consumer \*consumer, int fd)
+              int cork_consume_file(struct cork_stream_consumer \*consumer, FILE \*fp)
+              int cork_consume_file_from_path(struct cork_stream_consumer \*consumer, const char \*path, int flags)
+
+   Read in a file, passing its contents into the given stream consumer.  The
+   ``_fd`` and ``_file`` variants consume a file that you've already opened; you
+   are responsible for closing the file after its been consumed.  The
+   ``_file_from_path`` variant will open the file for you, using the standard
+   ``open(2)`` function with the given *flags*.  This variant will close the
+   file before returning, regardless of whether the file was successfully
+   consumed or not.
+
+
+File stream producer example
+~~~~~~~~~~~~~~~~~~~~~~~~~~~~
+
+As an example, we could implement the :c:func:`cork_consume_file` stream
+producer as follows::
+
+  #include <stdio.h>
+  #include <libcork/core.h>
+  #include <libcork/helpers/errors.h>
+  #include <libcork/ds.h>
+
+  #define BUFFER_SIZE  65536
+
+  int
+  cork_consume_file(struct cork_stream_consumer *consumer, FILE *fp)
+  {
+      char  buf[BUFFER_SIZE];
+      size_t  bytes_read;
+      bool  first = true;
+
+      while ((bytes_read = fread(buf, 1, BUFFER_SIZE, fp)) > 0) {
+          rii_check(cork_stream_consumer_data(consumer, buf, bytes_read, first));
+          first = false;
+      }
+
+      if (feof(fp)) {
+          return cork_stream_consumer_eof(consumer);
+      } else {
+          cork_system_error_set();
+          return -1;
+      }
+  }
+
+Note that this stream producer does not take care of opening or closing
+the ``FILE`` object, nor does it take care of freeing the consumer.  (Our actual
+implementation of :c:func:`cork_consume_file` also correctly handles ``EINTR``
+errors, and so is a bit more complex.  But this example still works as an
+illustration of how to pass data into a stream consumer.)
+
+
+.. _stream-consumers:
+
+Stream consumers
+----------------
+
+To consume data from a stream, you must create a type that implements the
+:c:type:`cork_stream_consumer` interface.
+
+.. type:: struct cork_stream_consumer
+
+   An interface for consumer a stream of binary data.  The producer of
+   the stream will call the :c:func:`cork_stream_consumer_data()`
+   function repeatedly, once for each successive chunk of data in the
+   stream.  Once the stream has been exhausted, the producer will call
+   :c:func:`cork_stream_consumer_eof()` to signal the end of the stream.
+
+   .. member:: int (\*data)(struct cork_stream_consumer \*consumer, const void \*buf, size_t size, bool is_first_chunk)
+
+      Process the next chunk of data in the stream.  *buf* is only
+      guaranteed to be valid for the duration of this function call.  If
+      you need to access the contents of the slice later, you must save
+      it somewhere yourself.
+
+      If there is an error processing this chunk of data, you should
+      return ``-1`` and fill in the current error condition using
+      :c:func:`cork_error_set`.
+
+   .. member:: int (\*eof)(struct cork_stream_consumer \*consumer)
+
+      Handle the end of the stream.  This allows you to defer any final
+      validation or error detection until all of the data has been
+      processed.
+
+      If there is an error detected at this point, you should return
+      ``-1`` and fill in the current error condition using
+      :c:func:`cork_error_set`.
+
+   .. member:: void (\*free)(struct cork_stream_consumer \*consumer)
+
+      Free the consumer object.
+
+
+Built-in stream consumers
+~~~~~~~~~~~~~~~~~~~~~~~~~
+
+We provide several built-in stream consumers:
+
+.. function:: struct cork_stream_consumer \*cork_fd_consumer_new(int fd)
+              struct cork_stream_consumer \*cork_file_consumer_new(FILE \*fp)
+              struct cork_stream_consumer \*cork_file_from_path_consumer_new(const char \*path, int flags)
+
+   Create a stream consumer that appends any data that it receives to a file.
+   The ``_fd`` and ``_file`` variants append to a file that you've already
+   opened; you are responsible for closing the file after the consumer has
+   finished processing data.  The ``_file_from_path`` variant will open the file
+   for you, using the standard ``open(2)`` function with the given *flags*.
+   This variant will close the file before returning, regardless of whether the
+   stream consumer successfully processed the data or not.
+
+
+File stream consumer example
+~~~~~~~~~~~~~~~~~~~~~~~~~~~~
+
+As an example, we could implement a stream consumer for the
+:c:func:`cork_file_consumer_new` function as follows::
+
+  #include <stdio.h>
+  #include <libcork/core.h>
+  #include <libcork/helpers/errors.h>
+  #include <libcork/ds.h>
+
+  struct cork_file_consumer {
+      /* cork_file_consumer implements the cork_stream_consumer interface */
+      struct cork_stream_consumer  parent;
+      /* the file to write the data into */
+      FILE  *fp;
+  };
+
+  static int
+  cork_file_consumer__data(struct cork_stream_consumer *vself,
+                           const void *buf, size_t size, bool is_first)
+  {
+      struct file_consumer  *self =
+          cork_container_of(vself, struct cork_file_consumer, parent);
+      size_t  bytes_written = fwrite(buf, 1, size, self->fp);
+      /* If there was an error writing to the file, then signal this to
+       * the producer */
+      if (bytes_written == size) {
+          return 0;
+      } else {
+          cork_system_error_set();
+          return -1;
+      }
+  }
+
+  static int
+  cork_file_consumer__eof(struct cork_stream_consumer *vself)
+  {
+      /* We don't close the file, so there's nothing special to do at
+       * end-of-stream. */
+      return 0;
+  }
+
+  static void
+  cork_file_consumer__free(struct cork_stream_consumer *vself)
+  {
+      struct file_consumer  *self =
+          cork_container_of(vself, struct cork_file_consumer, parent);
+      free(self);
+  }
+
+  struct cork_stream_consumer *
+  cork_file_consumer_new(FILE *fp)
+  {
+      struct cork_file_consumer  *self = cork_new(struct cork_file_consumer);
+      self->parent.data = cork_file_consumer__data;
+      self->parent.eof = cork_file_consumer__eof;
+      self->parent.free = cork_file_consumer__free;
+      self->fp = fp;
+      return &self->parent;
+  }
+
+Note that this stream consumer does not take care of opening or closing the
+``FILE`` object.
diff --git a/client/3rd/ShadowSocks/ShadowSocks/shadowsocks-libev/libcork/docs/old/subprocess.rst b/client/3rd/ShadowSocks/ShadowSocks/shadowsocks-libev/libcork/docs/old/subprocess.rst
new file mode 100644
index 00000000..2ef0dcf9
--- /dev/null
+++ b/client/3rd/ShadowSocks/ShadowSocks/shadowsocks-libev/libcork/docs/old/subprocess.rst
@@ -0,0 +1,204 @@
+.. _subprocesses:
+
+************
+Subprocesses
+************
+
+.. highlight:: c
+
+::
+
+  #include <libcork/os.h>
+
+The functions in this section let you fork child processes, run arbitrary
+commands in them, and collect any output that they produce.
+
+
+Subprocess objects
+~~~~~~~~~~~~~~~~~~
+
+.. type:: struct cork_subprocess
+
+   Represents a child process.  There are several functions for creating child
+   processes, described below.
+
+
+.. function:: void cork_subprocess_free(struct cork_subprocess \*sub)
+
+   Free a subprocess.  The subprocess must not currently be executing.
+
+
+Creating subprocesses
+~~~~~~~~~~~~~~~~~~~~~
+
+There are several functions that you can use to create and execute child
+processes.
+
+.. function:: struct cork_subprocess \*cork_subprocess_new(void \*user_data, cork_free_f free_user_data, cork_run_f run, struct cork_stream_consumer \*stdout, struct cork_stream_consumer \*stderr, int \*exit_code)
+              struct cork_subprocess \*cork_subprocess_new_exec(struct cork_exec \*exec, struct cork_stream_consumer \*stdout, struct cork_stream_consumer \*stderr, int \*exit_code)
+
+   Create a new subprocess specification.  The first variant will execute the
+   given *run* function in the subprocess.  The second variant will execute a
+   new program in the subprocess; the details of the program to execute are
+   given by a :c:type:`cork_exec` specification object.
+
+   For both of these functions, you can collect the data that the subprocess
+   writes to its stdout and stderr streams by passing in :ref:`stream consumer
+   <stream-consumers>` instances for the *stdout* and/or *stderr* parameters.
+   If either (or both) of these parameters is ``NULL``, then the child process
+   will inherit the corresponding output stream from the current process.
+   (Usually, this means that the child's stdout or stderr will be interleaved
+   with the parent's.)
+
+   If you provide a non-``NULL`` pointer for the *exit_code* parameter, then we
+   will fill in this pointer with the exit code of the subprocess when it
+   finishes.  For :c:func:`cork_subprocess_new_exec`, the exit code is the value
+   passed to the builtin ``exit`` function, or the value returned from the
+   subprocess's ``main`` function.  For :c:func:`cork_subprocess_new`, the exit
+   code is the value returned from the thread body's *run* function.
+
+
+You can also create *groups* of subprocesses.  This lets you start up several
+subprocesses at the same time, and wait for them all to finish.
+
+.. type:: struct cork_subprocess_group
+
+   A group of subprocesses that will all be executed simultaneously.
+
+.. function:: struct cork_subprocess_group \*cork_subprocess_group_new(void)
+
+   Create a new group of subprocesses.  The group will initially be empty.
+
+.. function:: void cork_subprocess_group_free(struct cork_subprocess_group \*group)
+
+   Free a subprocess group.  This frees all of the subprocesses in the group,
+   too.  If you've started executing the subprocesses in the group, you **must
+   not** call this function until they have finished executing.  (You can use
+   the :c:func:`cork_subprocess_group_is_finished` function to see if the group
+   is still executing, and the :c:func:`cork_subprocess_group_abort` to
+   terminate the subprocesses before freeing the group.)
+
+.. function:: void cork_subprocess_group_add(struct cork_subprocess_group \*group, struct cork_subprocess \*sub)
+
+   Add the given subprocess to *group*.  The group takes control of the
+   subprocess; you should not try to free it yourself.
+
+
+Once you've created your subprocesses, you can start them executing:
+
+.. function:: int cork_subprocess_start(struct cork_subprocess \*sub)
+              int cork_subprocess_group_start(struct cork_subprocess_group \*group)
+
+   Execute the given subprocess, or all of the subprocesses in *group*.  We
+   immediately return once the processes have been started.  You can use the
+   :c:func:`cork_subprocess_drain`, :c:func:`cork_subprocess_wait`,
+   :c:func:`cork_subprocess_group_drain`, and
+   :c:func:`cork_subprocess_group_wait` functions to wait for the subprocesses
+   to complete.
+
+   If there are any errors starting the subprocesses, we'll terminate any
+   subprocesses that we were able to start, set an :ref:`error condition
+   <errors>`, and return ``-1``.
+
+
+Since we immediately return after starting the subprocesses, you must somehow
+wait for them to finish.  There are two strategies for doing so.  If you don't
+need to communicate with the subprocesses (by writing to their stdin streams or
+sending them signals), the simplest strategy is to just wait for them to finish:
+
+.. function:: int cork_subprocess_wait(struct cork_subprocess \*sub)
+              int cork_subprocess_group_wait(struct cork_subprocess_group \*group)
+
+   Wait until the given subprocess, or all of the subprocesses in *group*, have
+   finished executing.  While waiting, we'll continue to read data from the
+   subprocesses stdout and stderr streams as we can.
+
+   If there are any errors reading from the subprocesses, we'll terminate all of
+   the subprocesses that are still executing, set an :ref:`error condition
+   <errors>`, and return ``-1``.  If the group has already finished, the
+   function doesn't do anything.
+
+As an example::
+
+    struct cork_subprocess_group  *group = /* from somewhere */;
+    /* Wait for the subprocesses to finish */
+    if (cork_subprocess_group_wait(group) == -1) {
+        /* An error occurred; handle it! */
+    }
+
+    /* At this point, we're guaranteed that the subprocesses have all been
+     * terminated; either everything finished successfully, or the subprocesses
+     * were terminated for us when an error was detected. */
+    cork_subprocess_group_free(group);
+
+
+If you do need to communicate with the subprocesses, then you need more control
+over when we try to read from their stdout and stderr streams.  (The pipes that
+connect the subprocesses to the parent process are fixed size, and so without
+careful orchestration, you can easily get a deadlock.  Moreover, the right
+pattern of reading and writing depends on the subprocesses that you're
+executing, so it's not something that we can handle for you automatically.)
+
+.. function:: struct cork_stream_consumer \*cork_subprocess_stdin(struct cork_subprocess \*sub)
+
+   Return a :ref:`stream consumer <stream-consumers>` that lets you write data
+   to the subprocess's stdin.  We do not buffer this data in any way; calling
+   :c:func:`cork_stream_consumer_data` immediately tries to write the given data
+   to the subprocess's stdin stream.  This can easily lead to deadlock if you do
+   not manage the subprocess's particular orchestration correctly.
+
+.. function:: bool cork_subprocess_is_finished(struct cork_subprocess \*sub)
+              bool cork_subprocess_group_is_finished(struct cork_subprocess_group \*group)
+
+   Return whether the given subprocess, or all of the subprocesses in *group*,
+   have finished executing.
+
+.. function:: int cork_subprocess_abort(struct cork_subprocess \*sub)
+              int cork_subprocess_group_abort(struct cork_subprocess_group \*group)
+
+   Immediately terminate the given subprocess, or all of the subprocesses in
+   *group*.  This can be used to clean up if you detect an error condition and
+   need to close the subprocesses early.  If the group has already finished, the
+   function doesn't do anything.
+
+.. function:: bool cork_subprocess_drain(struct cork_subprocess \*sub)
+              bool cork_subprocess_group_drain(struct cork_subprocess_group \*group)
+
+   Check the given subprocess, or all of the subprocesses in *group*, for any
+   output on their stdout and stderr streams.  We'll read in as much data as we
+   can from all of the subprocesses without blocking, and then return.  (Of
+   course, we only do this for those subprocesses that you provided stdout or
+   stderr consumers for.)
+
+   This function lets you pass data into the subprocesses's stdin streams, or
+   (**TODO: eventually**) send them signals, and handle any orchestration that's
+   necessarily to ensure that the subprocesses don't deadlock.
+
+   The return value indicates whether any "progress" was made.  We will return
+   ``true`` if we were able to read any data from any of the subprocesses, or if
+   we detected that any of the subprocesses exited.
+
+   If there are any errors reading from the subprocesses, we'll terminate all of
+   the subprocesses that are still executing, set an :ref:`error condition
+   <errors>`, and return ``false``.  If the group has already finished, the
+   function doesn't do anything.
+
+To do this, you continue to "drain" the subprocesses whenever you're ready to
+read from their stdout and stderr streams.  You repeat this in a loop, writing
+to the stdin streams or sending signals as necessary, until all of the
+subprocesses have finished::
+
+    struct cork_subprocess_group  *group = /* from somewhere */;
+    while (!cork_subprocess_group_is_finished(group)) {
+        /* Drain the stdout and stderr streams */
+        if (cork_subprocess_group_drain(group) == -1) {
+            /* An error occurred; handle it! */
+        } else {
+            /* Write to the stdin streams or send signals */
+        }
+    }
+
+    /* At this point, we're guaranteed that the subprocesses have all been
+     * terminated; either everything finished successfully, or the subprocesses
+     * were terminated for us when an error was detected. */
+    cork_subprocess_group_free(group);
diff --git a/client/3rd/ShadowSocks/ShadowSocks/shadowsocks-libev/libcork/docs/old/threads.rst b/client/3rd/ShadowSocks/ShadowSocks/shadowsocks-libev/libcork/docs/old/threads.rst
new file mode 100644
index 00000000..f79f38e1
--- /dev/null
+++ b/client/3rd/ShadowSocks/ShadowSocks/shadowsocks-libev/libcork/docs/old/threads.rst
@@ -0,0 +1,329 @@
+.. _multithreading:
+
+**********************
+Multithreading support
+**********************
+
+.. highlight:: c
+
+::
+
+  #include <libcork/threads.h>
+
+libcork provides several functions for handling threads and writing
+thread-aware code in a portable way.
+
+
+.. _thread-ids:
+
+Thread IDs
+==========
+
+.. type:: unsigned int cork_thread_id
+
+   An identifier for a thread in the current process.  This is a portable type;
+   it is not based on the "raw" thread ID used by the underlying thread
+   implementation.  This type will always be equivalent to ``unsigned int``, on
+   all platforms.  Furthermore, :c:data:`CORK_THREAD_NONE` will always refer to
+   an instance of this type that we guarantee will not be used by any thread.
+
+.. var:: cork_thread_id CORK_THREAD_NONE
+
+   A :c:type:`cork_thread_id` value that will not be used as the ID of any
+   thread.  You can use this value to represent "no thread" in any data
+   structures you create.  Moreover, we guarantee that ``CORK_THREAD_NONE`` will
+   have the value ``0``, which lets you zero-initialize a data structure
+   containing a :c:type:`cork_thread_id`, and have its initial state
+   automatically represent "no thread".
+
+.. function:: cork_thread_id cork_current_thread_get_id(void)
+
+   Returns the identifier of the currently executing thread.  This function
+   works correctly for any thread in the current proces --- including the main
+   thread, and threads that weren't created by :c:func:`cork_thread_new`.
+
+
+.. _threads:
+
+Creating threads
+================
+
+The functions in this section let you create and start new threads in the
+current process.  Each libcork thread is named and has a unique :ref:`thread ID
+<thread-ids>`.  Each thread also contains a ``run`` function, which defines the
+code that should be executed within the new thread.
+
+Every thread goes through the same lifecycle:
+
+1) You create a new thread via :c:func:`cork_thread_new`.  At this point, the
+   thread is ready to execute, but isn't automatically started.  If you
+   encounter an error before you start the thread, you must use
+   :c:func:`cork_thread_free` to free the thread object.
+
+   When you create the thread, you give it a :c:type:`cork_run_f` function,
+   which defines the code that will be executed in the new thread.  You also
+   provide a ``user_data`` value, which it gives you a place to pass data into
+   and out of the thread.
+
+   .. note::
+
+      Any data passed into and out of the thread via the body instance is not
+      automatically synchronized or thread-safe.  You can safely pass in input
+      data before calling :c:type:`cork_thread_new`, and retrieve output data
+      after calling :c:type:`cork_thread_join`, all without requiring any extra
+      synchronization effort.  While the thread is executing, however, you must
+      implement your own synchronization or locking to access the contents of
+      the body from some other thread.
+
+2) You start the thread via :c:func:`cork_thread_start`.  You must ensure that
+   you don't try to start a thread more than once.  Once you've started a
+   thread, you no longer have responsibility for freeing it; you must ensure
+   that you don't call :c:func:`cork_thread_free` on a thread that you've
+   started.
+
+3) Once you've started a thread, you wait for it to finish via
+   :c:func:`cork_thread_join`.  Any thread can wait for any other thread to
+   finish, although you are responsible for ensuring that your threads don't
+   deadlock.  However, you can only join a particular thread once.
+
+
+
+
+.. type:: struct cork_thread
+
+   A thread within the current process.  This type is opaque; you must use the
+   functions defined below to interact with the thread.
+
+
+.. function:: struct cork_thread \*cork_thread_new(const char \*name, void \*user_data, cork_free_f free_user_data, cork_run_f run)
+
+   Create a new thread with the given *name* that will execute *run*.  The
+   thread does not start running immediately.
+
+   When the thread is started, the *run* function will be called with
+   *user_data* as its only parameter.  When the thread finishes (or if it is
+   freed via :c:func:`cork_thread_free` before the thread is started), we'll use
+   the *free_user_data* function to free the *user_data* value.  You can provide
+   ``NULL`` if *user_data* shouldn't be freed, or if you want to free it
+   yourself.
+
+   .. note::
+
+      If you provide a *free_user_data* function, it will be called as soon as
+      the thread finished.  That means that if you use
+      :c:func:`cork_thread_join` to wait for the thread to finish, the
+      *user_data* value will no longer be valid when :c:func:`cork_thread_join`
+      returns.  You must either copy any necessary data out into more a more
+      persistent memory location before the thread finishes, or you should use a
+      ``NULL`` *free_user_data* function and free the *user_data* memory
+      yourself once you're sure the thread has finished.
+
+
+.. function:: void cork_thread_free(struct cork_thread \*thread)
+
+   Free *thread*.  You can only call this function if you haven't started the
+   thread yet.  Once you start a thread, the thread is responsible for freeing
+   itself when it finishes.
+
+.. function:: struct cork_thread \*cork_current_thread_get(void)
+
+   Return the :c:type:`cork_thread` instance for the current thread.  This
+   function returns ``NULL`` when called from the main thread (i.e., the one
+   created automatically when the process starts), or from a thread that wasn't
+   created via :c:func:`cork_thread_new`.
+
+.. function:: const char \* cork_thread_get_name(struct cork_thread \*thread)
+              cork_thread_id cork_thread_get_id(struct cork_thread \*thread)
+
+   Retrieve information about the given thread.
+
+.. function:: int cork_thread_start(struct cork_thread \*thread)
+
+   Start *thread*.  After calling this function, you must not try to free
+   *thread* yourself; the thread will automatically free itself once it has
+   finished executing and has been joined.
+
+.. function:: int cork_thread_join(struct cork_thread \*thread)
+
+   Wait for *thread* to finish executing.  If the thread's body's ``run``
+   function an :ref:`error condition <errors>`, we will catch that error and
+   return it ourselves.  The thread is automatically freed once it finishes
+   executing.
+
+   You cannot join a thread that has not been started, and once you've started a
+   thread, you **must** join it exactly once.  (If you don't join it, there's no
+   guarantee that it will be freed.)
+
+
+.. _atomics:
+
+Atomic operations
+=================
+
+We provide several platform-agnostic macros for implementing common
+atomic operations.
+
+
+Addition
+~~~~~~~~
+
+.. function:: int cork_int_atomic_add(volatile int \*var, int delta)
+              unsigned int cork_uint_atomic_add(volatile unsigned int \*var, unsigned int delta)
+              size_t cork_size_atomic_add(volatile size_t \*var, size_t delta)
+
+   Atomically add *delta* to the variable pointed to by *var*, returning
+   the result of the addition.
+
+.. function:: int cork_int_atomic_pre_add(volatile int \*var, int delta)
+              unsigned int cork_uint_atomic_pre_add(volatile unsigned int \*var, unsigned int delta)
+              size_t cork_size_atomic_pre_add(volatile size_t \*var, size_t delta)
+
+   Atomically add *delta* to the variable pointed to by *var*, returning
+   the value from before the addition.
+
+
+Subtraction
+~~~~~~~~~~~
+
+.. function:: int cork_int_atomic_sub(volatile int \*var, int delta)
+              unsigned int cork_uint_atomic_sub(volatile unsigned int \*var, unsigned int delta)
+              size_t cork_size_atomic_sub(volatile size_t \*var, size_t delta)
+
+   Atomically subtract *delta* from the variable pointed to by *var*,
+   returning the result of the subtraction.
+
+.. function:: int cork_int_atomic_pre_sub(volatile int \*var, int delta)
+              unsigned int cork_uint_atomic_pre_sub(volatile unsigned int \*var, unsigned int delta)
+              size_t cork_size_atomic_pre_sub(volatile size_t \*var, size_t delta)
+
+   Atomically subtract *delta* from the variable pointed to by *var*,
+   returning the value from before the subtraction.
+
+
+Compare-and-swap
+~~~~~~~~~~~~~~~~
+
+.. function:: int cork_int_cas(volatile int_t \*var, int old_value, int new_value)
+              unsigned int cork_uint_cas(volatile uint_t \*var, unsigned int old_value, unsigned int new_value)
+              size_t cork_size_cas(volatile size_t \*var, size_t old_value, size_t new_value)
+              TYPE \*cork_ptr_cas(TYPE \* volatile \*var, TYPE \*old_value, TYPE \*new_value)
+
+   Atomically check whether the variable pointed to by *var* contains
+   the value *old_value*, and if so, update it to contain the value
+   *new_value*.  We return the value of *var* before the
+   compare-and-swap.  (If this value is equal to *old_value*, then the
+   compare-and-swap was successful.)
+
+
+.. _once:
+
+Executing something once
+========================
+
+The functions in this section let you ensure that a particular piece of
+code is executed exactly once, even if multiple threads attempt the
+execution at roughly the same time.
+
+.. macro:: cork_once_barrier(name)
+
+   Declares a barrier that can be used with the :c:func:`cork_once`
+   macro.
+
+.. macro:: cork_once(barrier, call)
+           cork_once_recursive(barrier, call)
+
+   Ensure that *call* (which can be an arbitrary statement) is executed
+   exactly once, regardless of how many times control reaches the call
+   to ``cork_once``.  If control reaches the ``cork_once`` call at
+   roughly the same time in multiple threads, exactly one of them will
+   be allowed to execute the code.  The call to ``cork_once`` won't
+   return until *call* has been executed.
+
+   If you have multiple calls to ``cork_once`` that use the same
+   *barrier*, then exactly one *call* will succeed.  If the *call*
+   statements are different in those ``cork_once`` invocations, then
+   it's undefined which one gets executed.
+
+   If the function that contains the ``cork_once`` call is recursive, then you
+   should call the ``_recursive`` variant of the macro.  With the ``_recursive``
+   variant, if the same thread tries to obtain the underlying lock multiple
+   times, the second and later calls will silently succeed.  With the regular
+   variant, you'll get a deadlock in this case.
+
+These macros are usually used to initialize a static variable that will
+be shared across multiple threads::
+
+    static struct my_type  shared_value;
+
+    static void
+    expensive_initialization(void)
+    {
+        /* do something to initialize shared_value */
+    }
+
+    cork_once_barrier(shared_value_once);
+
+    struct my_type *
+    get_shared_value(void)
+    {
+        cork_once(shared_value_once, expensive_initialization());
+        return &shared_value;
+    }
+
+Each thread can then call ``get_shared_value`` to retrieve a properly
+initialized instance of ``struct my_type``.  Regardless of how many
+threads call this function, and how often they call it, the value will
+be initialized exactly once, and will be guaranteed to be initialized
+before any thread tries to use it.
+
+
+.. _tls:
+
+Thread-local storage
+====================
+
+The macro in this section can be used to create thread-local storage in
+a platform-agnostic manner.
+
+.. macro:: cork_tls(TYPE type, SYMBOL name)
+
+   Creates a static function called :samp:`{[name]}_get`, which will
+   return a pointer to a thread-local instance of *type*.  This is a
+   static function, so it won't be visible outside of the current
+   compilation unit.
+
+   When a particular thread's instance is created for the first time, it
+   will be filled with ``0`` bytes.  If the actual type needs more
+   complex initialization before it can be used, you can create a
+   wrapper struct that contains a boolean indiciating whether that
+   initialization has happened::
+
+       struct wrapper {
+           bool  initialized;
+           struct real_type  val;
+       };
+
+       cork_tls(struct wrapper, wrapper);
+
+       static struct real_type *
+       real_type_get(void)
+       {
+           struct wrapper * wrapper = wrapper_get();
+           struct real_type * real_val = &wrapper->val;
+           if (CORK_UNLIKELY(!wrapper->initialized)) {
+               expensive_initialization(real_val);
+           }
+           return real_val;
+       }
+
+   It's also not possible to provide a finalization function; if your
+   thread-local variable acquires any resources or memory that needs to
+   be freed when the thread finishes, you must make a “thread cleanup”
+   function that you explicitly call at the end of each thread.
+
+   .. note::
+
+      On some platforms, the number of thread-local values that can be
+      created by any given process is limited (i.e., on the order of 128
+      or 256 values).  This means that you should limit the number of
+      thread-local values you create, especially in a library.
diff --git a/client/3rd/ShadowSocks/ShadowSocks/shadowsocks-libev/libcork/docs/old/timestamps.rst b/client/3rd/ShadowSocks/ShadowSocks/shadowsocks-libev/libcork/docs/old/timestamps.rst
new file mode 100644
index 00000000..229b5af2
--- /dev/null
+++ b/client/3rd/ShadowSocks/ShadowSocks/shadowsocks-libev/libcork/docs/old/timestamps.rst
@@ -0,0 +1,97 @@
+.. _timestamps:
+
+*************************
+High-precision timestamps
+*************************
+
+.. highlight:: c
+
+::
+
+  #include <libcork/core.h>
+
+
+.. type:: uint64_t  cork_timestamp
+
+   A high-precision timestamp type.  A timestamp is represented by a
+   64-bit integer, whose unit is the *gammasecond* (γsec), where
+   :math:`1~\textrm{γsec} = \frac{1}{2^{32}} \textrm{sec}`.  With this
+   representation, the upper 32 bits of a timestamp value represent the
+   timestamp truncated (towards zero) to seconds.
+
+   For this type, we don't concern ourselves with any higher-level
+   issues of clock synchronization or time zones.  ``cork_timestamp``
+   values can be used to represent any time quantity, regardless of
+   which time standard (UTC, GMT, TAI) you use, or whether it takes into
+   account the local time zone.
+
+
+.. function:: void cork_timestamp_init_sec(cork_timestamp \*ts, uint32_t sec)
+              void cork_timestamp_init_gsec(cork_timestamp \*ts, uint32_t sec, uint32_t gsec)
+              void cork_timestamp_init_msec(cork_timestamp \*ts, uint32_t sec, uint32_t msec)
+              void cork_timestamp_init_usec(cork_timestamp \*ts, uint32_t sec, uint32_t usec)
+              void cork_timestamp_init_nsec(cork_timestamp \*ts, uint32_t sec, uint32_t nsec)
+
+   Initializes a timestamp from a separate seconds part and fractional
+   part.  For the ``_sec`` variant, the fractional part will be set to
+   ``0``.  For the ``_gsec`` variant, you provide the fractional part in
+   gammaseconds.  For the ``_msec``, ``_usec``, and ``_nsec`` variants, the
+   fractional part will be translated into gammaseconds from milliseconds,
+   microseconds, or nanoseconds, respectively.
+
+
+.. function:: void cork_timestamp_init_now(cork_timestamp \*ts)
+
+   Initializes a timestamp with the current UTC time of day.
+
+   .. note::
+
+      The resolution of this function is system-dependent.
+
+
+.. function:: uint32_t cork_timestamp_sec(const cork_timestamp ts)
+
+   Returns the seconds portion of a timestamp.
+
+.. function:: uint32_t cork_timestamp_gsec(const cork_timestamp ts)
+              uint32_t cork_timestamp_msec(const cork_timestamp ts)
+              uint32_t cork_timestamp_usec(const cork_timestamp ts)
+              uint32_t cork_timestamp_nsec(const cork_timestamp ts)
+
+   Returns the fractional portion of a timestamp.  The variants return the
+   fractional portion in, respectively, gammaseconds, milliseconds,
+   microseconds, or nanoseconds.
+
+
+.. function:: int cork_timestamp_format_utc(const cork_timestamp ts, const char \*format, struct cork_buffer \*buf)
+              int cork_timestamp_format_local(const cork_timestamp ts, const char \*format, struct cork_buffer \*buf)
+
+   Create the string representation of the given timestamp according to
+   *format*, appending the result to the current contents of *buf*.
+
+   The ``_utc`` variant assumes that *ts* represents a UTC time, whereas the
+   ``_local`` variant assumes that it represents a time in the local time zone.
+
+   *format* is a format string whose syntax is similar to that of the POSIX
+   ``strftime`` function.  *format* must contain arbitrary text interspersed
+   with ``%`` specifiers, which will be replaced with portions of the timestamp.
+   The following specifiers are recognized (note that this list does **not**
+   include all of the specifiers supported by ``strftime``):
+
+   ============== ====================================================
+   Specifier      Replacement
+   ============== ====================================================
+   ``%%``         A literal ``%`` character
+   ``%d``         Day of month (``01``-``31``)
+   ``%[width]f``  Fractional seconds (zero-padded, limited to ``[width]``
+                  digits)
+   ``%H``         Hour in current day (``00``-``23``)
+   ``%m``         Month (``01``-``12``)
+   ``%M``         Minute in current hour (``00``-``59``)
+   ``%s``         Number of seconds since Unix epoch
+   ``%S``         Second in current minute (``00``-``60``)
+   ``%Y``         Four-digit year (including century)
+   ============== ====================================================
+
+   If the format string is invalid, we will return an :ref:`error condition
+   <errors>`.
diff --git a/client/3rd/ShadowSocks/ShadowSocks/shadowsocks-libev/libcork/docs/old/unique-ids.rst b/client/3rd/ShadowSocks/ShadowSocks/shadowsocks-libev/libcork/docs/old/unique-ids.rst
new file mode 100644
index 00000000..2c55598b
--- /dev/null
+++ b/client/3rd/ShadowSocks/ShadowSocks/shadowsocks-libev/libcork/docs/old/unique-ids.rst
@@ -0,0 +1,90 @@
+.. _unique-ids:
+
+******************
+Unique identifiers
+******************
+
+.. highlight:: c
+
+::
+
+  #include <libcork/core.h>
+
+
+The functions in this section let you define compile-time unique identifiers.
+These identifiers are simple C variables, and each one is guaranteed to be
+unique within the context of a single execution of your program.  They are *not*
+appropriate for use as external identifiers --- for instance, for serializing
+into long-term storage or sending via a communications channel to another
+process.
+
+
+.. type:: cork_uid
+
+   A unique identifier.
+
+
+.. macro:: cork_uid  CORK_UID_NONE
+
+   A unique identifier value that means "no identifier".  This is guaranteed to
+   be distinct from all other unique identifiers.  It is invalid to call
+   :c:func:`cork_uid_hash`, :c:func:`cork_uid_id`, or :c:func:`cork_uid_name` on
+   this identifier.
+
+
+.. macro:: cork_uid_define(SYMBOL id)
+           cork_uid_define_named(SYMBOL id, const char \*name)
+
+   You use the :c:func:`cork_uid_define` macro to define a new unique identifier
+   with the given C identifier *id*.  The ``_define`` variant also uses *id* as
+   the identifier's human-readable name; the ``_define_named`` variant let's you
+   provide a separate human-readable name.  Within the context of a single
+   execution of this program, this identifier is guaranteed to be distinct from
+   any other identifier, regardless of which library the identifiers are defined
+   in.
+
+   In the same compilation unit, you can then use the C identifier *id* to
+   retrieve the :c:type:`cork_uid` instance for this identifier.
+
+   .. note::
+
+      The unique identifier objects are declared ``static``, so they are only
+      directly visible (using the C identifier *id*) in the same compilation
+      unit as the :c:func:`cork_uid_define` call that created the identifier.
+      The resulting :c:type:`cork_uid` value, however, can be passed around the
+      rest of your code however you want.
+
+
+.. function:: bool cork_uid_equal(const cork_uid id1, const cork_uid id2)
+
+   Return whether two :c:type:`cork_uid` values refer to the same unique
+   identifier.
+
+
+.. function:: cork_hash cork_uid_hash(const cork_uid id)
+
+   Return a :ref:`hash value <hash-values>` for the given identifier.
+
+
+.. function:: const char \*cork_uid_name(const cork_uid id)
+
+   Return the name of the given unique identifier.
+
+
+Example
+=======
+
+::
+
+    #include <stdio.h>
+    #include <libcork/core.h>
+
+    cork_uid_define(test_id);
+
+    int
+    main(void)
+    {
+        cork_uid  id = test_id;
+        printf("Identifier %p has name %s\n", id, cork_uid_name(id));
+        return 0;
+    }
diff --git a/client/3rd/ShadowSocks/ShadowSocks/shadowsocks-libev/libcork/docs/old/versions.rst b/client/3rd/ShadowSocks/ShadowSocks/shadowsocks-libev/libcork/docs/old/versions.rst
new file mode 100644
index 00000000..fca99cf7
--- /dev/null
+++ b/client/3rd/ShadowSocks/ShadowSocks/shadowsocks-libev/libcork/docs/old/versions.rst
@@ -0,0 +1,74 @@
+.. _versions:
+
+***************
+Library version
+***************
+
+.. highlight:: c
+
+::
+
+  #include <libcork/core.h>
+
+The macros and functions in this section let you determine the version of the
+libcork library at compile-time and runtime, and make it easier for you to
+define similar macros and functions in your own libraries.
+
+
+libcork version
+---------------
+
+.. macro:: CORK_VERSION
+
+   The libcork library version, encoded as a single number as follows::
+
+       (major * 1000000) + (minor * 1000) + patch
+
+   For instance, version 1.2.10 would be encoded as 1002010.
+
+.. macro:: CORK_VERSION_MAJOR
+           CORK_VERSION_MINOR
+           CORK_VERSION_PATCH
+
+   The libcork library version, with each part of the version number separated
+   out into separate macros.
+
+
+.. function:: const char \*cork_version_string(void)
+              const char \*cork_revision_string(void)
+
+   Return the libcork library version or revision as a string.  The *version* is
+   the simple three-part version number (``major:minor:patch``).  The
+   *revision* is an opaque string that identifies the specific revision in
+   libcork's code history.  (Right now, this is a SHA-1 git commit identifier.)
+
+
+.. tip:: Compile-time vs runtime
+
+   There's an important difference between the :c:macro:`CORK_VERSION` macro and
+   :c:func:`cork_version_string` function, even though they seemingly return the
+   same information.
+
+   The macro version be evaluated by the preprocessor, and so it will return the
+   version that was available *when your code was compiled*.  If you later
+   install a newer (but backwards-compatible) version of libcork, any code that
+   called the macro will still have the original version, and not the new
+   version.
+
+   The function version, on the other hand, calculates the version information
+   *at runtime*, when the function is actually called.  That means that the
+   function result will always give you the current installed libcork version,
+   even as newer versions are installed on the system.
+
+
+Constructing version information
+--------------------------------
+
+If you're writing a library that uses libcork, it's a good idea to provide your
+own version information, similar to how libcork does.
+
+
+.. function:: CORK_MAKE_VERSION(major, minor, patch)
+
+   Assemble a ``major.minor.patch`` version into a single number, using the same
+   pattern as :c:macro:`CORK_VERSION`.
diff --git a/client/3rd/ShadowSocks/ShadowSocks/shadowsocks-libev/libcork/docs/old/visibility.rst b/client/3rd/ShadowSocks/ShadowSocks/shadowsocks-libev/libcork/docs/old/visibility.rst
new file mode 100644
index 00000000..aa71e74b
--- /dev/null
+++ b/client/3rd/ShadowSocks/ShadowSocks/shadowsocks-libev/libcork/docs/old/visibility.rst
@@ -0,0 +1,121 @@
+.. _visibility:
+
+*****************
+Symbol visibility
+*****************
+
+.. highlight:: c
+
+::
+
+  #include <libcork/core.h>
+
+When writing a shared library, you should always be careful to explicitly mark
+which functions and other symbols are part of the library's public API, and
+which should only be used internally by the library.  There are a number of
+benefits to doing this; there is a good summary on the `GCC wiki`_.  (Note that
+even though that summary is on the GCC wiki, the notes apply equally well to
+other compilers and platforms.)
+
+.. _GCC wiki: http://gcc.gnu.org/wiki/Visibility
+
+libcork provides several helper macros that make it easier to do this.  We use
+these macros ourselves to define libcork's public API.
+
+
+Defining a library's public API
+-------------------------------
+
+On some platforms (for instance, on Windows), you must declare each public
+function and symbol differently depending on whether you're compiling the
+library that *defines* the symbol, or a library or program that *uses* the
+symbol.  The first is called an *export*, the second an *import*.  On other
+platforms (for instance, GCC on Linux), the declaration of a public symbol is
+the same regardless of whether you're exporting or importing the symbol.
+libcork provides macros that let you explicitly declare a symbol as an export or
+an import in a platform-independent way.
+
+.. macro:: CORK_EXPORT
+           CORK_IMPORT
+
+   Explicitly declare that a symbol should be exported from the current shared
+   library, or imported from some other shared library.
+
+However, you will rarely need to use these macros directly.  Instead, when
+writing a new shared library, you should declare a new preprocessor macro
+(specific to the new library), which you'll use when declaring the library's
+public API.  For instance, if you're creating a new library called
+*libfoo*, you would declare a new preprocessor macro called ``FOO_API``::
+
+    #if !defined(FOO_API)
+    #define FOO_API  CORK_IMPORT
+    #endif
+
+This ensures that anyone who wants to *use* libfoo doesn't need to do anything
+special; the ``FOO_API`` macro will default to importing the symbols from
+libfoo's public API.
+
+When *building* libfoo, you must set up your build system to define this
+variable differently; since you need to *export* the symbols in this case, the
+``FOO_API`` macro should be set to ``CORK_EXPORT``.  Each build system will have
+a different way to do this.  In CMake, for instance, you'd add the following:
+
+.. code-block:: cmake
+
+    set_target_properties(libfoo PROPERTIES
+        COMPILE_DEFINITIONS FOO_API=CORK_EXPORT
+    )
+
+Then, in all of your header files, you should use your new ``FOO_API`` macro
+when declaring each function or symbol in the public API::
+
+    FOO_API int
+    foo_load_from_file(const char *name);
+
+    FOO_API void
+    foo_do_something_great(int flags);
+
+    extern FOO_API  const char  *foo_name;
+
+
+Local symbols
+-------------
+
+Normally, if you need a function to be local, and not be exported as part of the
+library's public API, you can just declare it ``static``::
+
+    static int
+    file_local_function(void)
+    {
+        /* This function is not visible outside of this file. */
+        return 0;
+    }
+
+This works great as long as the function is only needed within the current
+source file.  Sometimes, though, you need to define a function that can be used
+in other source files within the same library, but which shouldn't be visible
+outside of the library.  To do this, you should define the function using the
+:c:macro:`CORK_LOCAL` macro.
+
+.. macro:: CORK_LOCAL
+
+   Declare a symbol that should be visible in any source file within the current
+   library, but not visible outside of the library.
+
+As an example::
+
+    CORK_LOCAL int
+    library_local_function(void)
+    {
+        /* This function is visible in other files, but not outside of the
+         * library. */
+        return 0;
+    }
+
+Since you're going to use this function in multiple files, you'll want to
+declare the function in a header file.  However, since the function is not part
+of the public API, this should *not* be defined in a public header file (that
+is, one that's installed along with the shared library).  Instead, you should
+include a private header file that's only available in your library's source
+code archive, and which should not be installed with the other public header
+files.
diff --git a/client/3rd/ShadowSocks/ShadowSocks/shadowsocks-libev/libcork/extras/hashstring.py b/client/3rd/ShadowSocks/ShadowSocks/shadowsocks-libev/libcork/extras/hashstring.py
new file mode 100644
index 00000000..be6ae07e
--- /dev/null
+++ b/client/3rd/ShadowSocks/ShadowSocks/shadowsocks-libev/libcork/extras/hashstring.py
@@ -0,0 +1,78 @@
+# -*- coding: utf-8 -*-
+# ----------------------------------------------------------------------
+# Copyright © 2011, RedJack, LLC.
+# All rights reserved.
+#
+# Please see the COPYING file in this distribution for license
+# details.
+# ----------------------------------------------------------------------
+
+# Calculates the 32-bit MurmurHash3 hash value [1] for a string provided on the
+# command line.
+#
+# [1] http://code.google.com/p/smhasher/wiki/MurmurHash3
+
+def rotl32(a, b):
+    return (((a << (b & 0x1f)) & 0xffffffff) |
+            ((a >> (32 - (b & 0x1f))) & 0xffffffff))
+
+def fmix(h):
+    h = h ^ (h >> 16)
+    h = (h * 0x85ebca6b) & 0xffffffff
+    h = h ^ (h >> 13)
+    h = (h * 0xc2b2ae35) & 0xffffffff
+    h = h ^ (h >> 16)
+    return h
+
+def hash(value, seed):
+    import struct
+    length = len(value)
+    num_blocks = length / 4
+    tail_length = length % 4
+    fmt = "<" + ("i" * num_blocks) + ("b" * tail_length)
+    vals = struct.unpack(fmt, value)
+
+    h1 = seed
+    c1 = 0xcc9e2d51
+    c2 = 0x1b873593
+    for block in vals[:num_blocks]:
+        k1 = block
+        k1 = (k1 * c1) & 0xffffffff
+        k1 = rotl32(k1, 15)
+        k1 = (k1 * c2) & 0xffffffff
+
+        h1 = h1 ^ k1
+        h1 = rotl32(h1, 13)
+        h1 = (h1 * 5 + 0xe6546b64) & 0xffffffff
+
+    k1 = 0
+    if tail_length >= 3:
+        k1 = k1 ^ ((vals[num_blocks + 2] << 16) & 0xffffffff)
+    if tail_length >= 2:
+        k1 = k1 ^ ((vals[num_blocks + 1] <<  8) & 0xffffffff)
+    if tail_length >= 1:
+        k1 = k1 ^ ( vals[num_blocks]            & 0xffffffff)
+        k1 = (k1 * c1) & 0xffffffff
+        k1 = rotl32(k1, 15)
+        k1 = (k1 * c2) & 0xffffffff
+        h1 = h1 ^ k1
+
+    h1 = h1 ^ (length & 0xffffffff)
+    return fmix(h1)
+
+
+if __name__ == "__main__":
+    import sys
+    if len(sys.argv) != 2 and len(sys.argv) != 3:
+        print("Usage: hashstring.py <string> [<seed>]")
+        sys.exit(1)
+
+    def myhex(v):
+        return hex(v).rstrip("L")
+
+    if len(sys.argv) == 3:
+        seed = long(sys.argv[2]) & 0xffffffff
+    else:
+        seed = 0
+
+    print(myhex(hash(sys.argv[1], seed)))
diff --git a/client/3rd/ShadowSocks/ShadowSocks/shadowsocks-libev/libcork/include/CMakeLists.txt b/client/3rd/ShadowSocks/ShadowSocks/shadowsocks-libev/libcork/include/CMakeLists.txt
new file mode 100644
index 00000000..fc46b440
--- /dev/null
+++ b/client/3rd/ShadowSocks/ShadowSocks/shadowsocks-libev/libcork/include/CMakeLists.txt
@@ -0,0 +1,20 @@
+# -*- coding: utf-8 -*-
+# ----------------------------------------------------------------------
+# Copyright © 2011-2015, RedJack, LLC.
+# All rights reserved.
+#
+# Please see the COPYING file in this distribution for license details.
+# ----------------------------------------------------------------------
+
+configure_file(
+    ${CMAKE_CURRENT_SOURCE_DIR}/libcork/config/version.h.in
+    ${CMAKE_CURRENT_BINARY_DIR}/libcork/config/version.h
+    ESCAPE_QUOTES @ONLY
+)
+
+install(DIRECTORY ${CMAKE_CURRENT_SOURCE_DIR}/
+    DESTINATION "${CMAKE_INSTALL_INCLUDEDIR}"
+    FILES_MATCHING PATTERN "*.h")
+
+install(FILES ${CMAKE_CURRENT_BINARY_DIR}/libcork/config/version.h
+        DESTINATION include/libcork/config)
diff --git a/client/3rd/ShadowSocks/ShadowSocks/shadowsocks-libev/libcork/include/libcork/cli.h b/client/3rd/ShadowSocks/ShadowSocks/shadowsocks-libev/libcork/include/libcork/cli.h
new file mode 100644
index 00000000..b5d20c1f
--- /dev/null
+++ b/client/3rd/ShadowSocks/ShadowSocks/shadowsocks-libev/libcork/include/libcork/cli.h
@@ -0,0 +1,18 @@
+/* -*- coding: utf-8 -*-
+ * ----------------------------------------------------------------------
+ * Copyright © 2012, RedJack, LLC.
+ * All rights reserved.
+ *
+ * Please see the COPYING file in this distribution for license
+ * details.
+ * ----------------------------------------------------------------------
+ */
+
+#ifndef LIBCORK_CLI_H
+#define LIBCORK_CLI_H
+
+/*** include all of the parts ***/
+
+#include <libcork/cli/commands.h>
+
+#endif /* LIBCORK_CLI_H */
diff --git a/client/3rd/ShadowSocks/ShadowSocks/shadowsocks-libev/libcork/include/libcork/cli/commands.h b/client/3rd/ShadowSocks/ShadowSocks/shadowsocks-libev/libcork/include/libcork/cli/commands.h
new file mode 100644
index 00000000..1569a741
--- /dev/null
+++ b/client/3rd/ShadowSocks/ShadowSocks/shadowsocks-libev/libcork/include/libcork/cli/commands.h
@@ -0,0 +1,61 @@
+/* -*- coding: utf-8 -*-
+ * ----------------------------------------------------------------------
+ * Copyright © 2012, RedJack, LLC.
+ * All rights reserved.
+ *
+ * Please see the COPYING file in this distribution for license
+ * details.
+ * ----------------------------------------------------------------------
+ */
+
+#ifndef LIBCORK_COMMANDS_H
+#define LIBCORK_COMMANDS_H
+
+#include <libcork/core/api.h>
+
+
+typedef void
+(*cork_leaf_command_run)(int argc, char **argv);
+
+typedef int
+(*cork_option_parser)(int argc, char **argv);
+
+enum cork_command_type {
+    CORK_COMMAND_SET,
+    CORK_LEAF_COMMAND
+};
+
+struct cork_command {
+    enum cork_command_type  type;
+    const char  *name;
+    const char  *short_desc;
+    const char  *usage_suffix;
+    const char  *full_help;
+
+    int
+    (*parse_options)(int argc, char **argv);
+
+    struct cork_command  **set;
+    cork_leaf_command_run  run;
+};
+
+#define cork_command_set(name, sd, parse_options, set) \
+{ \
+    CORK_COMMAND_SET, name, sd, NULL, NULL, \
+    parse_options, set, NULL \
+}
+
+#define cork_leaf_command(name, sd, us, fh, parse_options, run) \
+{ \
+    CORK_LEAF_COMMAND, name, sd, us, fh, \
+    parse_options, NULL, run \
+}
+
+CORK_API void
+cork_command_show_help(struct cork_command *command, const char *message);
+
+CORK_API int
+cork_command_main(struct cork_command *root, int argc, char **argv);
+
+
+#endif /* LIBCORK_COMMANDS_H */
diff --git a/client/3rd/ShadowSocks/ShadowSocks/shadowsocks-libev/libcork/include/libcork/config.h b/client/3rd/ShadowSocks/ShadowSocks/shadowsocks-libev/libcork/include/libcork/config.h
new file mode 100644
index 00000000..72eb4fb8
--- /dev/null
+++ b/client/3rd/ShadowSocks/ShadowSocks/shadowsocks-libev/libcork/include/libcork/config.h
@@ -0,0 +1,18 @@
+/* -*- coding: utf-8 -*-
+ * ----------------------------------------------------------------------
+ * Copyright © 2011, RedJack, LLC.
+ * All rights reserved.
+ *
+ * Please see the COPYING file in this distribution for license
+ * details.
+ * ----------------------------------------------------------------------
+ */
+
+#ifndef LIBCORK_CONFIG_H
+#define LIBCORK_CONFIG_H
+
+/*** include all of the parts ***/
+
+#include <libcork/config/config.h>
+
+#endif /* LIBCORK_CONFIG_H */
diff --git a/client/3rd/ShadowSocks/ShadowSocks/shadowsocks-libev/libcork/include/libcork/config/arch.h b/client/3rd/ShadowSocks/ShadowSocks/shadowsocks-libev/libcork/include/libcork/config/arch.h
new file mode 100644
index 00000000..eaed9916
--- /dev/null
+++ b/client/3rd/ShadowSocks/ShadowSocks/shadowsocks-libev/libcork/include/libcork/config/arch.h
@@ -0,0 +1,45 @@
+/* -*- coding: utf-8 -*-
+ * ----------------------------------------------------------------------
+ * Copyright © 2012-2013, RedJack, LLC.
+ * All rights reserved.
+ *
+ * Please see the COPYING file in this distribution for license
+ * details.
+ * ----------------------------------------------------------------------
+ */
+
+#ifndef LIBCORK_CONFIG_ARCH_H
+#define LIBCORK_CONFIG_ARCH_H
+
+
+/*-----------------------------------------------------------------------
+ * Platform
+ */
+
+#if defined(__i386__) || defined(_M_IX86)
+#define CORK_CONFIG_ARCH_X86  1
+#else
+#define CORK_CONFIG_ARCH_X86  0
+#endif
+
+#if defined(__x86_64__) || defined(_M_X64)
+#define CORK_CONFIG_ARCH_X64  1
+#else
+#define CORK_CONFIG_ARCH_X64  0
+#endif
+
+#if defined(__powerpc__) || defined(__ppc__)
+/* GCC-ish compiler */
+#define CORK_CONFIG_ARCH_PPC  1
+#elif defined(_M_PPC)
+/* VS-ish compiler */
+#define CORK_CONFIG_ARCH_PPC  1
+#elif defined(_ARCH_PPC)
+/* Something called XL C/C++? */
+#define CORK_CONFIG_ARCH_PPC  1
+#else
+#define CORK_CONFIG_ARCH_PPC  0
+#endif
+
+
+#endif /* LIBCORK_CONFIG_ARCH_H */
diff --git a/client/3rd/ShadowSocks/ShadowSocks/shadowsocks-libev/libcork/include/libcork/config/bsd.h b/client/3rd/ShadowSocks/ShadowSocks/shadowsocks-libev/libcork/include/libcork/config/bsd.h
new file mode 100644
index 00000000..4c89c074
--- /dev/null
+++ b/client/3rd/ShadowSocks/ShadowSocks/shadowsocks-libev/libcork/include/libcork/config/bsd.h
@@ -0,0 +1,34 @@
+/* -*- coding: utf-8 -*-
+ * ----------------------------------------------------------------------
+ * Copyright © 2013, RedJack, LLC.
+ * All rights reserved.
+ *
+ * Please see the COPYING file in this distribution for license
+ * details.
+ * ----------------------------------------------------------------------
+ */
+
+#ifndef LIBCORK_CONFIG_BSD_H
+#define LIBCORK_CONFIG_BSD_H
+
+/*-----------------------------------------------------------------------
+ * Endianness
+ */
+
+#include <sys/endian.h>
+
+#if BYTE_ORDER == BIG_ENDIAN
+#define CORK_CONFIG_IS_BIG_ENDIAN      1
+#define CORK_CONFIG_IS_LITTLE_ENDIAN   0
+#elif BYTE_ORDER == LITTLE_ENDIAN
+#define CORK_CONFIG_IS_BIG_ENDIAN      0
+#define CORK_CONFIG_IS_LITTLE_ENDIAN   1
+#else
+#error "Cannot determine system endianness"
+#endif
+
+#define CORK_HAVE_REALLOCF  1
+#define CORK_HAVE_PTHREADS  1
+
+
+#endif /* LIBCORK_CONFIG_BSD_H */
diff --git a/client/3rd/ShadowSocks/ShadowSocks/shadowsocks-libev/libcork/include/libcork/config/config.h b/client/3rd/ShadowSocks/ShadowSocks/shadowsocks-libev/libcork/include/libcork/config/config.h
new file mode 100644
index 00000000..d7d3702d
--- /dev/null
+++ b/client/3rd/ShadowSocks/ShadowSocks/shadowsocks-libev/libcork/include/libcork/config/config.h
@@ -0,0 +1,82 @@
+/* -*- coding: utf-8 -*-
+ * ----------------------------------------------------------------------
+ * Copyright © 2011-2015, RedJack, LLC.
+ * All rights reserved.
+ *
+ * Please see the COPYING file in this distribution for license details.
+ * ----------------------------------------------------------------------
+ */
+
+#ifndef LIBCORK_CONFIG_CONFIG_H
+#define LIBCORK_CONFIG_CONFIG_H
+
+
+/* If you want to skip autodetection, define this to 1, and provide a
+ * libcork/config/custom.h header file. */
+
+#if !defined(CORK_CONFIG_SKIP_AUTODETECT)
+#define CORK_CONFIG_SKIP_AUTODETECT  0
+#endif
+
+
+#if CORK_CONFIG_SKIP_AUTODETECT
+/* The user has promised that they'll define everything themselves. */
+#include <libcork/config/custom.h>
+
+#else
+/* Otherwise autodetect! */
+
+
+/**** VERSION ****/
+
+#include <libcork/config/version.h>
+
+
+/**** ARCHITECTURES ****/
+
+#include <libcork/config/arch.h>
+
+
+/**** PLATFORMS ****/
+#if (defined(__unix__) || defined(unix)) && !defined(USG)
+/* We need this to test for BSD, but it's a good idea to have for
+ * any brand of Unix.*/
+#include <sys/param.h>
+#endif
+
+#if defined(__linux) || defined(__FreeBSD_kernel__) || defined(__GNU__) || defined(__CYGWIN__)
+/* Do some Linux, kFreeBSD or GNU/Hurd specific autodetection. */
+#include <libcork/config/linux.h>
+
+#elif defined(__APPLE__) && defined(__MACH__)
+/* Do some Mac OS X-specific autodetection. */
+#include <libcork/config/macosx.h>
+
+#elif defined(BSD) && (BSD >= 199103)
+/* Do some BSD (4.3 code base or newer)specific autodetection. */
+#include <libcork/config/bsd.h>
+
+#elif defined(__MINGW32__)
+/* Do some mingw32 autodetection. */
+#include <libcork/config/mingw32.h>
+
+#elif defined(__sun)
+/* Do some Solaris autodetection. */
+#include <libcork/config/solaris.h>
+
+#endif  /* platforms */
+
+
+/**** COMPILERS ****/
+
+#if defined(__GNUC__)
+/* Do some GCC-specific autodetection. */
+#include <libcork/config/gcc.h>
+
+#endif  /* compilers */
+
+
+#endif  /* autodetect or not */
+
+
+#endif /* LIBCORK_CONFIG_CONFIG_H */
diff --git a/client/3rd/ShadowSocks/ShadowSocks/shadowsocks-libev/libcork/include/libcork/config/gcc.h b/client/3rd/ShadowSocks/ShadowSocks/shadowsocks-libev/libcork/include/libcork/config/gcc.h
new file mode 100644
index 00000000..d7bbffac
--- /dev/null
+++ b/client/3rd/ShadowSocks/ShadowSocks/shadowsocks-libev/libcork/include/libcork/config/gcc.h
@@ -0,0 +1,91 @@
+/* -*- coding: utf-8 -*-
+ * ----------------------------------------------------------------------
+ * Copyright © 2011-2012, RedJack, LLC.
+ * All rights reserved.
+ *
+ * Please see the COPYING file in this distribution for license
+ * details.
+ * ----------------------------------------------------------------------
+ */
+
+#ifndef LIBCORK_CONFIG_GCC_H
+#define LIBCORK_CONFIG_GCC_H
+
+/* Figure out the GCC version */
+
+#if defined(__GNUC_PATCHLEVEL__)
+#define CORK_CONFIG_GCC_VERSION (__GNUC__ * 10000 \
+                               + __GNUC_MINOR__ * 100 \
+                               + __GNUC_PATCHLEVEL__)
+#else
+#define CORK_CONFIG_GCC_VERSION (__GNUC__ * 10000 \
+                               + __GNUC_MINOR__ * 100)
+#endif
+
+
+/*-----------------------------------------------------------------------
+ * Compiler attributes
+ */
+
+/* The GCC assembly syntax has been available basically forever. */
+
+#if defined(CORK_CONFIG_GCC_VERSION)
+#define CORK_CONFIG_HAVE_GCC_ASM  1
+#else
+#define CORK_CONFIG_HAVE_GCC_ASM  0
+#endif
+
+/* The GCC atomic instrinsics are available as of GCC 4.1.0. */
+
+#if CORK_CONFIG_GCC_VERSION >= 40100
+#define CORK_CONFIG_HAVE_GCC_ATOMICS  1
+#else
+#define CORK_CONFIG_HAVE_GCC_ATOMICS  0
+#endif
+
+/* The attributes we want to use are available as of GCC 2.96. */
+
+#if CORK_CONFIG_GCC_VERSION >= 29600
+#define CORK_CONFIG_HAVE_GCC_ATTRIBUTES  1
+#else
+#define CORK_CONFIG_HAVE_GCC_ATTRIBUTES  0
+#endif
+
+/* __int128 seems to be available on 64-bit platforms as of GCC 4.6.  The
+ * attribute((mode(TI))) syntax seems to be available as of 4.1. */
+
+#if CORK_CONFIG_ARCH_X64 && CORK_CONFIG_GCC_VERSION >= 40600
+#define CORK_CONFIG_HAVE_GCC_INT128  1
+#else
+#define CORK_CONFIG_HAVE_GCC_INT128  0
+#endif
+
+#if CORK_CONFIG_ARCH_X64 && CORK_CONFIG_GCC_VERSION >= 40100
+#define CORK_CONFIG_HAVE_GCC_MODE_ATTRIBUTE  1
+#else
+#define CORK_CONFIG_HAVE_GCC_MODE_ATTRIBUTE  0
+#endif
+
+/* Statement expressions have been available since GCC 3.1. */
+
+#if CORK_CONFIG_GCC_VERSION >= 30100
+#define CORK_CONFIG_HAVE_GCC_STATEMENT_EXPRS  1
+#else
+#define CORK_CONFIG_HAVE_GCC_STATEMENT_EXPRS  0
+#endif
+
+/* Thread-local storage has been available since GCC 3.3, but not on Mac
+ * OS X. */
+
+#if !(defined(__APPLE__) && defined(__MACH__))
+#if CORK_CONFIG_GCC_VERSION >= 30300
+#define CORK_CONFIG_HAVE_THREAD_STORAGE_CLASS  1
+#else
+#define CORK_CONFIG_HAVE_THREAD_STORAGE_CLASS  0
+#endif
+#else
+#define CORK_CONFIG_HAVE_THREAD_STORAGE_CLASS  0
+#endif
+
+
+#endif /* LIBCORK_CONFIG_GCC_H */
diff --git a/client/3rd/ShadowSocks/ShadowSocks/shadowsocks-libev/libcork/include/libcork/config/linux.h b/client/3rd/ShadowSocks/ShadowSocks/shadowsocks-libev/libcork/include/libcork/config/linux.h
new file mode 100644
index 00000000..716fa1e4
--- /dev/null
+++ b/client/3rd/ShadowSocks/ShadowSocks/shadowsocks-libev/libcork/include/libcork/config/linux.h
@@ -0,0 +1,38 @@
+/* -*- coding: utf-8 -*-
+ * ----------------------------------------------------------------------
+ * Copyright © 2011, RedJack, LLC.
+ * All rights reserved.
+ *
+ * Please see the COPYING file in this distribution for license
+ * details.
+ * ----------------------------------------------------------------------
+ */
+
+#ifndef LIBCORK_CONFIG_LINUX_H
+#define LIBCORK_CONFIG_LINUX_H
+
+/*-----------------------------------------------------------------------
+ * Endianness
+ */
+
+#if defined(__FreeBSD_kernel__)
+#include <sys/endian.h>
+#else
+#include <endian.h>
+#endif
+
+#if __BYTE_ORDER == __BIG_ENDIAN
+#define CORK_CONFIG_IS_BIG_ENDIAN      1
+#define CORK_CONFIG_IS_LITTLE_ENDIAN   0
+#elif __BYTE_ORDER == __LITTLE_ENDIAN
+#define CORK_CONFIG_IS_BIG_ENDIAN      0
+#define CORK_CONFIG_IS_LITTLE_ENDIAN   1
+#else
+#error "Cannot determine system endianness"
+#endif
+
+#define CORK_HAVE_REALLOCF  0
+#define CORK_HAVE_PTHREADS  1
+
+
+#endif /* LIBCORK_CONFIG_LINUX_H */
diff --git a/client/3rd/ShadowSocks/ShadowSocks/shadowsocks-libev/libcork/include/libcork/config/macosx.h b/client/3rd/ShadowSocks/ShadowSocks/shadowsocks-libev/libcork/include/libcork/config/macosx.h
new file mode 100644
index 00000000..aa507556
--- /dev/null
+++ b/client/3rd/ShadowSocks/ShadowSocks/shadowsocks-libev/libcork/include/libcork/config/macosx.h
@@ -0,0 +1,34 @@
+/* -*- coding: utf-8 -*-
+ * ----------------------------------------------------------------------
+ * Copyright © 2011, RedJack, LLC.
+ * All rights reserved.
+ *
+ * Please see the COPYING file in this distribution for license
+ * details.
+ * ----------------------------------------------------------------------
+ */
+
+#ifndef LIBCORK_CONFIG_MACOSX_H
+#define LIBCORK_CONFIG_MACOSX_H
+
+/*-----------------------------------------------------------------------
+ * Endianness
+ */
+
+#include <machine/endian.h>
+
+#if BYTE_ORDER == BIG_ENDIAN
+#define CORK_CONFIG_IS_BIG_ENDIAN      1
+#define CORK_CONFIG_IS_LITTLE_ENDIAN   0
+#elif BYTE_ORDER == LITTLE_ENDIAN
+#define CORK_CONFIG_IS_BIG_ENDIAN      0
+#define CORK_CONFIG_IS_LITTLE_ENDIAN   1
+#else
+#error "Cannot determine system endianness"
+#endif
+
+#define CORK_HAVE_REALLOCF  1
+#define CORK_HAVE_PTHREADS  1
+
+
+#endif /* LIBCORK_CONFIG_MACOSX_H */
diff --git a/client/3rd/ShadowSocks/ShadowSocks/shadowsocks-libev/libcork/include/libcork/config/mingw32.h b/client/3rd/ShadowSocks/ShadowSocks/shadowsocks-libev/libcork/include/libcork/config/mingw32.h
new file mode 100644
index 00000000..c62cbc52
--- /dev/null
+++ b/client/3rd/ShadowSocks/ShadowSocks/shadowsocks-libev/libcork/include/libcork/config/mingw32.h
@@ -0,0 +1,52 @@
+/* -*- coding: utf-8 -*-
+ * ----------------------------------------------------------------------
+ * Copyright © 2011, RedJack, LLC.
+ * All rights reserved.
+ *
+ * Please see the COPYING file in this distribution for license
+ * details.
+ * ----------------------------------------------------------------------
+ */
+
+#ifndef LIBCORK_CONFIG_MINGW32_H
+#define LIBCORK_CONFIG_MINGW32_H
+
+#include <io.h>
+
+/*-----------------------------------------------------------------------
+ * Endianness
+ */
+
+/* Assume MinGW32 only works on x86 platform */ 
+
+#define CORK_CONFIG_IS_BIG_ENDIAN      0
+#define CORK_CONFIG_IS_LITTLE_ENDIAN   1
+
+#define CORK_HAVE_REALLOCF  0
+#define CORK_HAVE_PTHREADS  1
+
+/*
+ * File io stuff. Odd that this is not defined by MinGW.
+ * Maybe there is an M$ish way to do it.
+ */
+#define F_SETFL    4
+#define O_NONBLOCK 0x4000  /* non blocking I/O (POSIX style) */
+
+#define F_GETFD 1
+#define F_SETFD 2
+#define FD_CLOEXEC 0x1
+
+#define WNOHANG 1
+
+/*
+ * simple adaptors
+ */
+
+static inline int mingw_mkdir(const char *path, int mode)
+{
+        return mkdir(path);
+}
+#define mkdir mingw_mkdir
+
+
+#endif /* LIBCORK_CONFIG_MINGW32_H */
diff --git a/client/3rd/ShadowSocks/ShadowSocks/shadowsocks-libev/libcork/include/libcork/config/solaris.h b/client/3rd/ShadowSocks/ShadowSocks/shadowsocks-libev/libcork/include/libcork/config/solaris.h
new file mode 100644
index 00000000..6001b9a0
--- /dev/null
+++ b/client/3rd/ShadowSocks/ShadowSocks/shadowsocks-libev/libcork/include/libcork/config/solaris.h
@@ -0,0 +1,34 @@
+/* -*- coding: utf-8 -*-
+ * ----------------------------------------------------------------------
+ * Copyright © 2013, RedJack, LLC.
+ * All rights reserved.
+ *
+ * Please see the COPYING file in this distribution for license
+ * details.
+ * ----------------------------------------------------------------------
+ */
+
+#ifndef LIBCORK_CONFIG_SOLARIS_H
+#define LIBCORK_CONFIG_SOLARIS_H
+
+/*-----------------------------------------------------------------------
+ * Endianness
+ */
+
+#include <sys/isa_defs.h>
+
+#if defined(_BIG_ENDIAN)
+#define CORK_CONFIG_IS_BIG_ENDIAN      1
+#define CORK_CONFIG_IS_LITTLE_ENDIAN   0
+#elif defined(_LITTLE_ENDIAN)
+#define CORK_CONFIG_IS_BIG_ENDIAN      0
+#define CORK_CONFIG_IS_LITTLE_ENDIAN   1
+#else
+#error "Cannot determine system endianness"
+#endif
+
+#define CORK_HAVE_REALLOCF  0
+#define CORK_HAVE_PTHREADS  1
+
+
+#endif /* LIBCORK_CONFIG_SOLARIS_H */
diff --git a/client/3rd/ShadowSocks/ShadowSocks/shadowsocks-libev/libcork/include/libcork/config/version.h b/client/3rd/ShadowSocks/ShadowSocks/shadowsocks-libev/libcork/include/libcork/config/version.h
new file mode 100644
index 00000000..3072377f
--- /dev/null
+++ b/client/3rd/ShadowSocks/ShadowSocks/shadowsocks-libev/libcork/include/libcork/config/version.h
@@ -0,0 +1,25 @@
+/* -*- coding: utf-8 -*-
+ * ----------------------------------------------------------------------
+ * Copyright © 2015, RedJack, LLC.
+ * All rights reserved.
+ *
+ * Please see the COPYING file in this distribution for license details.
+ * ----------------------------------------------------------------------
+ */
+
+#ifndef LIBCORK_CONFIG_VERSION_H
+#define LIBCORK_CONFIG_VERSION_H
+
+
+/*-----------------------------------------------------------------------
+ * Library version
+ */
+
+#define CORK_CONFIG_VERSION_MAJOR   0
+#define CORK_CONFIG_VERSION_MINOR   15
+#define CORK_CONFIG_VERSION_PATCH   0
+#define CORK_CONFIG_VERSION_STRING  "0.15.0"
+#define CORK_CONFIG_REVISION        "d6ecc2cfbcdf5013038a72b4544f7d9e6eb8f92d"
+
+
+#endif /* LIBCORK_CONFIG_VERSION_H */
diff --git a/client/3rd/ShadowSocks/ShadowSocks/shadowsocks-libev/libcork/include/libcork/config/version.h.in b/client/3rd/ShadowSocks/ShadowSocks/shadowsocks-libev/libcork/include/libcork/config/version.h.in
new file mode 100644
index 00000000..9a2eee49
--- /dev/null
+++ b/client/3rd/ShadowSocks/ShadowSocks/shadowsocks-libev/libcork/include/libcork/config/version.h.in
@@ -0,0 +1,25 @@
+/* -*- coding: utf-8 -*-
+ * ----------------------------------------------------------------------
+ * Copyright © 2015, RedJack, LLC.
+ * All rights reserved.
+ *
+ * Please see the COPYING file in this distribution for license details.
+ * ----------------------------------------------------------------------
+ */
+
+#ifndef LIBCORK_CONFIG_VERSION_H
+#define LIBCORK_CONFIG_VERSION_H
+
+
+/*-----------------------------------------------------------------------
+ * Library version
+ */
+
+#define CORK_CONFIG_VERSION_MAJOR   @VERSION_MAJOR@
+#define CORK_CONFIG_VERSION_MINOR   @VERSION_MINOR@
+#define CORK_CONFIG_VERSION_PATCH   @VERSION_PATCH@
+#define CORK_CONFIG_VERSION_STRING  "@VERSION@"
+#define CORK_CONFIG_REVISION        "@GIT_SHA1@"
+
+
+#endif /* LIBCORK_CONFIG_VERSION_H */
diff --git a/client/3rd/ShadowSocks/ShadowSocks/shadowsocks-libev/libcork/include/libcork/core.h b/client/3rd/ShadowSocks/ShadowSocks/shadowsocks-libev/libcork/include/libcork/core.h
new file mode 100644
index 00000000..083e18fc
--- /dev/null
+++ b/client/3rd/ShadowSocks/ShadowSocks/shadowsocks-libev/libcork/include/libcork/core.h
@@ -0,0 +1,29 @@
+/* -*- coding: utf-8 -*-
+ * ----------------------------------------------------------------------
+ * Copyright © 2011-2013, RedJack, LLC.
+ * All rights reserved.
+ *
+ * Please see the COPYING file in this distribution for license details.
+ * ----------------------------------------------------------------------
+ */
+
+#ifndef LIBCORK_CORE_H
+#define LIBCORK_CORE_H
+
+/*** include all of the parts ***/
+
+#include <libcork/core/allocator.h>
+#include <libcork/core/attributes.h>
+#include <libcork/core/byte-order.h>
+#include <libcork/core/callbacks.h>
+#include <libcork/core/error.h>
+#include <libcork/core/gc.h>
+#include <libcork/core/hash.h>
+#include <libcork/core/id.h>
+#include <libcork/core/mempool.h>
+#include <libcork/core/net-addresses.h>
+#include <libcork/core/timestamp.h>
+#include <libcork/core/types.h>
+#include <libcork/core/u128.h>
+
+#endif /* LIBCORK_CORE_H */
diff --git a/client/3rd/ShadowSocks/ShadowSocks/shadowsocks-libev/libcork/include/libcork/core/allocator.h b/client/3rd/ShadowSocks/ShadowSocks/shadowsocks-libev/libcork/include/libcork/core/allocator.h
new file mode 100644
index 00000000..11fc0f02
--- /dev/null
+++ b/client/3rd/ShadowSocks/ShadowSocks/shadowsocks-libev/libcork/include/libcork/core/allocator.h
@@ -0,0 +1,409 @@
+/* -*- coding: utf-8 -*-
+ * ----------------------------------------------------------------------
+ * Copyright © 2011-2014, RedJack, LLC.
+ * All rights reserved.
+ *
+ * Please see the COPYING file in this distribution for license details.
+ * ----------------------------------------------------------------------
+ */
+
+#ifndef LIBCORK_CORE_ALLOCATOR_H
+#define LIBCORK_CORE_ALLOCATOR_H
+
+#include <assert.h>
+#include <stdlib.h>
+
+#include <libcork/core/api.h>
+#include <libcork/core/attributes.h>
+#include <libcork/core/callbacks.h>
+#include <libcork/core/error.h>
+#include <libcork/core/types.h>
+
+
+/*-----------------------------------------------------------------------
+ * Allocator interface
+ */
+
+struct cork_alloc;
+
+typedef void *
+(*cork_alloc_calloc_f)(const struct cork_alloc *alloc,
+                       size_t count, size_t size);
+
+typedef void *
+(*cork_alloc_malloc_f)(const struct cork_alloc *alloc, size_t size);
+
+/* Must not free `ptr` if allocation fails. */
+typedef void *
+(*cork_alloc_realloc_f)(const struct cork_alloc *alloc, void *ptr,
+                        size_t old_size, size_t new_size);
+
+typedef void
+(*cork_alloc_free_f)(const struct cork_alloc *alloc, void *ptr, size_t size);
+
+struct cork_alloc {
+    const struct cork_alloc  *parent;
+    void  *user_data;
+    cork_free_f  free_user_data;
+    cork_alloc_calloc_f  calloc;
+    cork_alloc_malloc_f  malloc;
+    cork_alloc_realloc_f  realloc;
+    cork_alloc_calloc_f  xcalloc;
+    cork_alloc_malloc_f  xmalloc;
+    cork_alloc_realloc_f  xrealloc;
+    cork_alloc_free_f  free;
+};
+
+/* NOT thread-safe; must be called before most other libcork functions.
+ * Allocator will automatically be freed at process exit. */
+CORK_API struct cork_alloc *
+cork_alloc_new_alloc(const struct cork_alloc *parent);
+
+
+CORK_API void
+cork_alloc_set_user_data(struct cork_alloc *alloc,
+                         void *user_data, cork_free_f free_user_data);
+
+/* These variants must always return a valid pointer.  If allocation fails, they
+ * should abort the process or transfer control in some other way to an error
+ * handler or cleanup routine.
+ *
+ * If you only provide implementations of the `x` variants, we'll provide
+ * default implementations of these that abort the process if a memory
+ * allocation fails. */
+
+CORK_API void
+cork_alloc_set_calloc(struct cork_alloc *alloc, cork_alloc_calloc_f calloc);
+
+CORK_API void
+cork_alloc_set_malloc(struct cork_alloc *alloc, cork_alloc_malloc_f malloc);
+
+CORK_API void
+cork_alloc_set_realloc(struct cork_alloc *alloc, cork_alloc_realloc_f realloc);
+
+/* These variants can return a NULL pointer if allocation fails. */
+
+CORK_API void
+cork_alloc_set_xcalloc(struct cork_alloc *alloc, cork_alloc_calloc_f xcalloc);
+
+CORK_API void
+cork_alloc_set_xmalloc(struct cork_alloc *alloc, cork_alloc_malloc_f xmalloc);
+
+CORK_API void
+cork_alloc_set_xrealloc(struct cork_alloc *alloc,
+                        cork_alloc_realloc_f xrealloc);
+
+
+CORK_API void
+cork_alloc_set_free(struct cork_alloc *alloc, cork_alloc_free_f free);
+
+
+/* Low-level use of an allocator. */
+
+CORK_ATTR_MALLOC
+CORK_ATTR_UNUSED
+static void *
+cork_alloc_calloc(const struct cork_alloc *alloc, size_t count, size_t size)
+{
+    return alloc->calloc(alloc, count, size);
+}
+
+CORK_ATTR_MALLOC
+CORK_ATTR_UNUSED
+static void *
+cork_alloc_malloc(const struct cork_alloc *alloc, size_t size)
+{
+    return alloc->malloc(alloc, size);
+}
+
+CORK_ATTR_MALLOC
+CORK_ATTR_UNUSED
+static void *
+cork_alloc_realloc(const struct cork_alloc *alloc, void *ptr,
+                   size_t old_size, size_t new_size)
+{
+    return alloc->realloc(alloc, ptr, old_size, new_size);
+}
+
+CORK_ATTR_MALLOC
+CORK_ATTR_UNUSED
+static void *
+cork_alloc_xcalloc(const struct cork_alloc *alloc, size_t count, size_t size)
+{
+    return alloc->xcalloc(alloc, count, size);
+}
+
+CORK_ATTR_MALLOC
+CORK_ATTR_UNUSED
+static void *
+cork_alloc_xmalloc(const struct cork_alloc *alloc, size_t size)
+{
+    return alloc->xmalloc(alloc, size);
+}
+
+CORK_ATTR_MALLOC
+CORK_ATTR_UNUSED
+static void *
+cork_alloc_xrealloc(const struct cork_alloc *alloc, void *ptr,
+                    size_t old_size, size_t new_size)
+{
+    return alloc->xrealloc(alloc, ptr, old_size, new_size);
+}
+
+CORK_ATTR_MALLOC
+CORK_ATTR_UNUSED
+static void *
+cork_alloc_xreallocf(const struct cork_alloc *alloc, void *ptr,
+                     size_t old_size, size_t new_size)
+{
+    void  *result = alloc->xrealloc(alloc, ptr, old_size, new_size);
+    if (result == NULL) {
+        alloc->free(alloc, ptr, old_size);
+        return NULL;
+    } else {
+        return result;
+    }
+}
+
+CORK_ATTR_UNUSED
+static void
+cork_alloc_free(const struct cork_alloc *alloc, void *ptr, size_t size)
+{
+    return alloc->free(alloc, ptr, size);
+}
+
+CORK_ATTR_UNUSED
+static void
+cork_alloc_cfree(const struct cork_alloc *alloc, void *ptr,
+                 size_t count, size_t size)
+{
+    assert(count < (SIZE_MAX / size));
+    return alloc->free(alloc, ptr, count * size);
+}
+
+#define cork_alloc_new(alloc, type) \
+    cork_alloc_malloc((alloc), sizeof(type))
+#define cork_alloc_xnew(alloc, type) \
+    cork_alloc_xmalloc((alloc), sizeof(type))
+#define cork_alloc_delete(alloc, type, ptr) \
+    cork_alloc_free((alloc), (ptr), sizeof(type))
+
+/* string-related helper functions */
+
+CORK_ATTR_MALLOC
+CORK_API const char *
+cork_alloc_strdup(const struct cork_alloc *alloc, const char *str);
+
+CORK_ATTR_MALLOC
+CORK_API const char *
+cork_alloc_strndup(const struct cork_alloc *alloc,
+                   const char *str, size_t size);
+
+CORK_ATTR_MALLOC
+CORK_API const char *
+cork_alloc_xstrdup(const struct cork_alloc *alloc, const char *str);
+
+CORK_ATTR_MALLOC
+CORK_API const char *
+cork_alloc_xstrndup(const struct cork_alloc *alloc,
+                    const char *str, size_t size);
+
+CORK_API void
+cork_alloc_strfree(const struct cork_alloc *alloc, const char *str);
+
+
+/*-----------------------------------------------------------------------
+ * Using the allocator interface
+ */
+
+/* All of the functions that you use to actually allocate memory assume that
+ * cork_current_allocator() returns the allocator instance that should be used.
+ * Your easiest approach is to do nothing special; in that case, all of the
+ * libcork memory allocation functions will transparently use the standard
+ * malloc/free family of functions.
+ *
+ * If you're writing a library, and want to allow your library clients to
+ * provide a separate custom memory allocator then the one they can already
+ * override for libcork itself, you should declare a pair of functions for
+ * getting and setting your library's current allocator (like libcork itself
+ * does), and (only when compiling the source of your library) define
+ * `cork_current_allocator` as a macro that aliases the getter function.  That
+ * will cause the libcork memory allocation functions to use whichever allocator
+ * your library user has provided.
+ *
+ * If you're writing an application, and want to provide a single allocator that
+ * all libcork-using libraries will pick up, just call cork_set_allocator before
+ * calling any other library functions.  Other libraries will use this as a
+ * default and everything that uses libcork's memory allocation functions will
+ * use your custom allocator. */
+
+
+/* libcork's current allocator */
+
+extern const struct cork_alloc  *cork_allocator;
+
+/* We take control and will free when the process exits.  This is *NOT*
+ * thread-safe; it's only safe to call before you've called *ANY* other libcork
+ * function (or any function from any other library that uses libcork).  You can
+ * only call this at most once. */
+CORK_API void
+cork_set_allocator(const struct cork_alloc *alloc);
+
+
+/* The current allocator of whichever library is being compiled. */
+
+#if !defined(cork_current_allocator)
+#define cork_current_allocator()  (cork_allocator)
+#endif
+
+
+/* using an allocator */
+
+CORK_ATTR_MALLOC
+CORK_ATTR_UNUSED
+static void *
+cork_calloc(size_t count, size_t size)
+{
+    const struct cork_alloc  *alloc = cork_current_allocator();
+    return cork_alloc_calloc(alloc, count, size);
+}
+
+CORK_ATTR_MALLOC
+CORK_ATTR_UNUSED
+static void *
+cork_malloc(size_t size)
+{
+    const struct cork_alloc  *alloc = cork_current_allocator();
+    return cork_alloc_malloc(alloc, size);
+}
+
+CORK_ATTR_MALLOC
+CORK_ATTR_UNUSED
+static void *
+cork_realloc(void *ptr, size_t old_size, size_t new_size)
+{
+    const struct cork_alloc  *alloc = cork_current_allocator();
+    return cork_alloc_realloc(alloc, ptr, old_size, new_size);
+}
+
+CORK_ATTR_MALLOC
+CORK_ATTR_UNUSED
+static void *
+cork_xcalloc(size_t count, size_t size)
+{
+    const struct cork_alloc  *alloc = cork_current_allocator();
+    return cork_alloc_xcalloc(alloc, count, size);
+}
+
+CORK_ATTR_MALLOC
+CORK_ATTR_UNUSED
+static void *
+cork_xmalloc(size_t size)
+{
+    const struct cork_alloc  *alloc = cork_current_allocator();
+    return cork_alloc_xmalloc(alloc, size);
+}
+
+CORK_ATTR_MALLOC
+CORK_ATTR_UNUSED
+static void *
+cork_xrealloc(void *ptr, size_t old_size, size_t new_size)
+{
+    const struct cork_alloc  *alloc = cork_current_allocator();
+    return cork_alloc_xrealloc(alloc, ptr, old_size, new_size);
+}
+
+CORK_ATTR_MALLOC
+CORK_ATTR_UNUSED
+static void *
+cork_xreallocf(void *ptr, size_t old_size, size_t new_size)
+{
+    const struct cork_alloc  *alloc = cork_current_allocator();
+    return cork_alloc_xreallocf(alloc, ptr, old_size, new_size);
+}
+
+CORK_ATTR_UNUSED
+static void
+cork_free(void *ptr, size_t size)
+{
+    const struct cork_alloc  *alloc = cork_current_allocator();
+    cork_alloc_free(alloc, ptr, size);
+}
+
+CORK_ATTR_UNUSED
+static void
+cork_cfree(void *ptr, size_t count, size_t size)
+{
+    const struct cork_alloc  *alloc = cork_current_allocator();
+    cork_alloc_cfree(alloc, ptr, count, size);
+}
+
+#define cork_new(type)          cork_malloc(sizeof(type))
+#define cork_xnew(type)         cork_xmalloc(sizeof(type))
+#define cork_delete(type, ptr)  cork_free((ptr), sizeof(type))
+
+
+/* string-related helper functions */
+
+CORK_ATTR_MALLOC
+CORK_ATTR_UNUSED
+static const char *
+cork_strdup(const char *str)
+{
+    const struct cork_alloc  *alloc = cork_current_allocator();
+    return cork_alloc_strdup(alloc, str);
+}
+
+CORK_ATTR_MALLOC
+CORK_ATTR_UNUSED
+static const char *
+cork_strndup(const char *str, size_t size)
+{
+    const struct cork_alloc  *alloc = cork_current_allocator();
+    return cork_alloc_strndup(alloc, str, size);
+}
+
+CORK_ATTR_MALLOC
+CORK_ATTR_UNUSED
+static const char *
+cork_xstrdup(const char *str)
+{
+    const struct cork_alloc  *alloc = cork_current_allocator();
+    return cork_alloc_xstrdup(alloc, str);
+}
+
+CORK_ATTR_MALLOC
+CORK_ATTR_UNUSED
+static const char *
+cork_xstrndup(const char *str, size_t size)
+{
+    const struct cork_alloc  *alloc = cork_current_allocator();
+    return cork_alloc_xstrndup(alloc, str, size);
+}
+
+CORK_ATTR_UNUSED
+static void
+cork_strfree(const char *str)
+{
+    const struct cork_alloc  *alloc = cork_current_allocator();
+    return cork_alloc_strfree(alloc, str);
+}
+
+
+/*-----------------------------------------------------------------------
+ * Debugging allocator
+ */
+
+/* An allocator that adds some additional debugging checks:
+ *
+ * - We verify that every "free" call (cork_free, cork_cfree, cork_delete,
+ *   cork_realloc) is passed the "correct" size — i.e., the same size that was
+ *   passed in to the correspond "new" call (cork_malloc, cork_calloc,
+ *   cork_realloc, cork_new).
+ */
+
+struct cork_alloc *
+cork_debug_alloc_new(const struct cork_alloc *parent);
+
+
+#endif /* LIBCORK_CORE_ALLOCATOR_H */
diff --git a/client/3rd/ShadowSocks/ShadowSocks/shadowsocks-libev/libcork/include/libcork/core/api.h b/client/3rd/ShadowSocks/ShadowSocks/shadowsocks-libev/libcork/include/libcork/core/api.h
new file mode 100644
index 00000000..0d3c3652
--- /dev/null
+++ b/client/3rd/ShadowSocks/ShadowSocks/shadowsocks-libev/libcork/include/libcork/core/api.h
@@ -0,0 +1,56 @@
+/* -*- coding: utf-8 -*-
+ * ----------------------------------------------------------------------
+ * Copyright © 2012-2015, RedJack, LLC.
+ * All rights reserved.
+ *
+ * Please see the COPYING file in this distribution for license details.
+ * ----------------------------------------------------------------------
+ */
+
+#ifndef LIBCORK_CORE_API_H
+#define LIBCORK_CORE_API_H
+
+#include <libcork/config.h>
+#include <libcork/core/attributes.h>
+
+
+/*-----------------------------------------------------------------------
+ * Calling conventions
+ */
+
+/* If you're using libcork as a shared library, you don't need to do anything
+ * special; the following will automatically set things up so that libcork's
+ * public symbols are imported from the library.  When we build the shared
+ * library, we define this ourselves to export the symbols. */
+
+#if !defined(CORK_API)
+#define CORK_API  CORK_IMPORT
+#endif
+
+
+/*-----------------------------------------------------------------------
+ * Library version
+ */
+
+#define CORK_VERSION_MAJOR  CORK_CONFIG_VERSION_MAJOR
+#define CORK_VERSION_MINOR  CORK_CONFIG_VERSION_MINOR
+#define CORK_VERSION_PATCH  CORK_CONFIG_VERSION_PATCH
+
+#define CORK_MAKE_VERSION(major, minor, patch) \
+    ((major * 1000000) + (minor * 1000) + patch)
+
+#define CORK_VERSION  \
+    CORK_MAKE_VERSION(CORK_VERSION_MAJOR, \
+                      CORK_VERSION_MINOR, \
+                      CORK_VERSION_PATCH)
+
+CORK_API const char *
+cork_version_string(void)
+    CORK_ATTR_CONST;
+
+CORK_API const char *
+cork_revision_string(void)
+    CORK_ATTR_CONST;
+
+
+#endif /* LIBCORK_CORE_API_H */
diff --git a/client/3rd/ShadowSocks/ShadowSocks/shadowsocks-libev/libcork/include/libcork/core/attributes.h b/client/3rd/ShadowSocks/ShadowSocks/shadowsocks-libev/libcork/include/libcork/core/attributes.h
new file mode 100644
index 00000000..3f46cf9e
--- /dev/null
+++ b/client/3rd/ShadowSocks/ShadowSocks/shadowsocks-libev/libcork/include/libcork/core/attributes.h
@@ -0,0 +1,172 @@
+/* -*- coding: utf-8 -*-
+ * ----------------------------------------------------------------------
+ * Copyright © 2011, RedJack, LLC.
+ * All rights reserved.
+ *
+ * Please see the COPYING file in this distribution for license
+ * details.
+ * ----------------------------------------------------------------------
+ */
+
+#ifndef LIBCORK_CORE_ATTRIBUTES_H
+#define LIBCORK_CORE_ATTRIBUTES_H
+
+#include <libcork/config.h>
+
+
+/*
+ * Declare a “const” function.
+ *
+ * A const function is one whose return value depends only on its
+ * parameters.  This is slightly more strict than a “pure” function; a
+ * const function is not allowed to read from global variables, whereas
+ * a pure function is.
+ *
+ *   int square(int x) CORK_ATTR_CONST;
+ */
+
+#if CORK_CONFIG_HAVE_GCC_ATTRIBUTES
+#define CORK_ATTR_CONST  __attribute__((const))
+#else
+#define CORK_ATTR_CONST
+#endif
+
+
+/*
+ * Declare a “pure” function.
+ *
+ * A pure function is one whose return value depends only on its
+ * parameters, and global variables.
+ *
+ *   int square(int x) CORK_ATTR_PURE;
+ */
+
+#if CORK_CONFIG_HAVE_GCC_ATTRIBUTES
+#define CORK_ATTR_PURE  __attribute__((pure))
+#else
+#define CORK_ATTR_PURE
+#endif
+
+
+/*
+ * Declare that a function returns a newly allocated pointer.
+ *
+ * The compiler can use this information to generate more accurate
+ * aliasing information, since it can infer that the result of the
+ * function cannot alias any other existing pointer.
+ */
+
+#if CORK_CONFIG_HAVE_GCC_ATTRIBUTES
+#define CORK_ATTR_MALLOC  __attribute__((malloc))
+#else
+#define CORK_ATTR_MALLOC
+#endif
+
+
+/*
+ * Declare that a function shouldn't be inlined.
+ */
+
+#if CORK_CONFIG_HAVE_GCC_ATTRIBUTES
+#define CORK_ATTR_NOINLINE  __attribute__((noinline))
+#else
+#define CORK_ATTR_NOINLINE
+#endif
+
+
+/*
+ * Declare an entity that isn't used.
+ *
+ * This lets you keep -Wall activated in several cases where you're
+ * obligated to define something that you don't intend to use.
+ */
+
+#if CORK_CONFIG_HAVE_GCC_ATTRIBUTES
+#define CORK_ATTR_UNUSED  __attribute__((unused))
+#else
+#define CORK_ATTR_UNUSED
+#endif
+
+
+/*
+ * Declare a function that takes in printf-like parameters.
+ *
+ * When the compiler supports this attribute, it will check the format
+ * string, and the following arguments, to make sure that they match.
+ * format_index and args_index are 1-based.
+ */
+
+#if CORK_CONFIG_HAVE_GCC_ATTRIBUTES
+#define CORK_ATTR_PRINTF(format_index, args_index) \
+    __attribute__((format(printf, format_index, args_index)))
+#else
+#define CORK_ATTR_PRINTF(format_index, args_index)
+#endif
+
+
+/*
+ * Declare a var-arg function whose last parameter must be a NULL
+ * sentinel value.
+ *
+ * When the compiler supports this attribute, it will check the actual
+ * parameters whenever this function is called, and ensure that the last
+ * parameter is a @c NULL.
+ */
+
+#if CORK_CONFIG_HAVE_GCC_ATTRIBUTES
+#define CORK_ATTR_SENTINEL  __attribute__((sentinel))
+#else
+#define CORK_ATTR_SENTINEL
+#endif
+
+
+/*
+ * Declare that a boolean expression is likely to be true or false.
+ */
+
+#if CORK_CONFIG_HAVE_GCC_ATTRIBUTES
+#define CORK_LIKELY(expr)  __builtin_expect((expr), 1)
+#define CORK_UNLIKELY(expr)  __builtin_expect((expr), 0)
+#else
+#define CORK_LIKELY(expr)  (expr)
+#define CORK_UNLIKELY(expr)  (expr)
+#endif
+
+/*
+ * Declare that a function is part of the current library's public API, or that
+ * it's internal to the current library.
+ */
+
+#if CORK_CONFIG_HAVE_GCC_ATTRIBUTES && !defined(__CYGWIN__) && !defined(__MINGW32__)
+#define CORK_EXPORT  __attribute__((visibility("default")))
+#define CORK_IMPORT  __attribute__((visibility("default")))
+#define CORK_LOCAL   __attribute__((visibility("hidden")))
+#else
+#define CORK_EXPORT
+#define CORK_IMPORT
+#define CORK_LOCAL
+#endif
+
+
+/*
+ * Declare a static function that should automatically be called at program
+ * startup.
+ */
+
+/* TODO: When we implement a full Windows port, [1] describes how best to
+ * implement an initialization function under Visual Studio.
+ *
+ * [1] http://stackoverflow.com/questions/1113409/attribute-constructor-equivalent-in-vc
+ */
+
+#if CORK_CONFIG_HAVE_GCC_ATTRIBUTES
+#define CORK_INITIALIZER(name) \
+__attribute__((constructor)) \
+static void \
+name(void)
+#else
+#error "Don't know how to implement initialization functions of this platform"
+#endif
+
+
+#endif /* LIBCORK_CORE_ATTRIBUTES_H */
diff --git a/client/3rd/ShadowSocks/ShadowSocks/shadowsocks-libev/libcork/include/libcork/core/byte-order.h b/client/3rd/ShadowSocks/ShadowSocks/shadowsocks-libev/libcork/include/libcork/core/byte-order.h
new file mode 100644
index 00000000..6761faaf
--- /dev/null
+++ b/client/3rd/ShadowSocks/ShadowSocks/shadowsocks-libev/libcork/include/libcork/core/byte-order.h
@@ -0,0 +1,186 @@
+/* -*- coding: utf-8 -*-
+ * ----------------------------------------------------------------------
+ * Copyright © 2011, RedJack, LLC.
+ * All rights reserved.
+ *
+ * Please see the COPYING file in this distribution for license
+ * details.
+ * ----------------------------------------------------------------------
+ */
+
+#ifndef LIBCORK_CORE_BYTE_ORDER_H
+#define LIBCORK_CORE_BYTE_ORDER_H
+
+
+#include <libcork/config.h>
+#include <libcork/core/types.h>
+
+
+/* Constants to represent big endianness and little endianness */
+#define CORK_BIG_ENDIAN  4321
+#define CORK_LITTLE_ENDIAN  1234
+
+/* Whether the current host is big- or little-endian.  HOST gives us the
+ * current system's endianness; OTHER gives the opposite endianness.
+ * The _NAME macros can be used in debugging messages and other
+ * human-readable output.
+ *
+ * Note that we actually detect the endianness in the various header
+ * files in the libcork/config directory, since we want to keep
+ * everything detection-related separated out from what we define based
+ * on that detection. */
+
+#if CORK_CONFIG_IS_BIG_ENDIAN
+#define CORK_HOST_ENDIANNESS  CORK_BIG_ENDIAN
+#define CORK_OTHER_ENDIANNESS  CORK_LITTLE_ENDIAN
+#define CORK_HOST_ENDIANNESS_NAME   "big"
+#define CORK_OTHER_ENDIANNESS_NAME  "little"
+
+#elif CORK_CONFIG_IS_LITTLE_ENDIAN
+#define CORK_HOST_ENDIANNESS  CORK_LITTLE_ENDIAN
+#define CORK_OTHER_ENDIANNESS  CORK_BIG_ENDIAN
+#define CORK_HOST_ENDIANNESS_NAME   "little"
+#define CORK_OTHER_ENDIANNESS_NAME  "big"
+
+#else
+#error "Unknown endianness"
+#endif
+
+
+/* Returns the byte-swapped version an integer, regardless of the
+ * underlying endianness.
+ *
+ * These macros only require an rvalue as their parameter (which can
+ * therefore be any arbitrary expression), and they don't modify the
+ * original contents if it happens to be a variable.  */
+
+#define CORK_SWAP_UINT16(__u16) \
+    (((((uint16_t) __u16) & 0xff00u) >> 8) | \
+     ((((uint16_t) __u16) & 0x00ffu) << 8))
+
+#define CORK_SWAP_UINT32(__u32) \
+    (((((uint32_t) __u32) & 0xff000000u) >> 24) | \
+     ((((uint32_t) __u32) & 0x00ff0000u) >>  8) | \
+     ((((uint32_t) __u32) & 0x0000ff00u) <<  8) | \
+     ((((uint32_t) __u32) & 0x000000ffu) << 24))
+
+#define CORK_SWAP_UINT64(__u64) \
+    (((((uint64_t) __u64) & UINT64_C(0xff00000000000000)) >> 56) | \
+     ((((uint64_t) __u64) & UINT64_C(0x00ff000000000000)) >> 40) | \
+     ((((uint64_t) __u64) & UINT64_C(0x0000ff0000000000)) >> 24) | \
+     ((((uint64_t) __u64) & UINT64_C(0x000000ff00000000)) >>  8) | \
+     ((((uint64_t) __u64) & UINT64_C(0x00000000ff000000)) <<  8) | \
+     ((((uint64_t) __u64) & UINT64_C(0x0000000000ff0000)) << 24) | \
+     ((((uint64_t) __u64) & UINT64_C(0x000000000000ff00)) << 40) | \
+     ((((uint64_t) __u64) & UINT64_C(0x00000000000000ff)) << 56))
+
+/* Bytes-swaps an integer variable in place.
+ *
+ * These macros require an lvalue as their parameter; the contents of
+ * this variable will be modified by the macro. */
+
+#define CORK_SWAP_IN_PLACE_UINT16(__u16) \
+    do { \
+        (__u16) = CORK_SWAP_UINT16(__u16); \
+    } while (0)
+
+#define CORK_SWAP_IN_PLACE_UINT32(__u32) \
+    do { \
+        (__u32) = CORK_SWAP_UINT32(__u32); \
+    } while (0)
+
+#define CORK_SWAP_IN_PLACE_UINT64(__u64) \
+    do { \
+        (__u64) = CORK_SWAP_UINT64(__u64); \
+    } while (0)
+
+
+/*
+ * A slew of swapping macros whose operation depends on the endianness
+ * of the current system:
+ *
+ * uint16_t CORK_UINT16_BIG_TO_HOST(u16)
+ * uint32_t CORK_UINT32_BIG_TO_HOST(u32)
+ * uint64_t CORK_UINT64_BIG_TO_HOST(u64)
+ * uint16_t CORK_UINT16_LITTLE_TO_HOST(u16)
+ * uint32_t CORK_UINT32_LITTLE_TO_HOST(u32)
+ * uint64_t CORK_UINT64_LITTLE_TO_HOST(u64)
+ * void CORK_UINT16_BIG_TO_HOST_IN_PLACE(&u16)
+ * void CORK_UINT32_BIG_TO_HOST_IN_PLACE(&u32)
+ * void CORK_UINT64_BIG_TO_HOST_IN_PLACE(&u64)
+ * void CORK_UINT16_LITTLE_TO_HOST_IN_PLACE(&u16)
+ * void CORK_UINT32_LITTLE_TO_HOST_IN_PLACE(&u32)
+ * void CORK_UINT64_LITTLE_TO_HOST_IN_PLACE(&u64)
+ *
+ * uint16_t CORK_UINT16_HOST_TO_BIG(u16)
+ * uint32_t CORK_UINT32_HOST_TO_BIG(u32)
+ * uint64_t CORK_UINT64_HOST_TO_BIG(u64)
+ * uint16_t CORK_UINT16_HOST_TO_LITTLE(u16)
+ * uint32_t CORK_UINT32_HOST_TO_LITTLE(u32)
+ * uint64_t CORK_UINT64_HOST_TO_LITTLE(u64)
+ * void CORK_UINT16_HOST_TO_BIG_IN_PLACE(&u16)
+ * void CORK_UINT32_HOST_TO_BIG_IN_PLACE(&u32)
+ * void CORK_UINT64_HOST_TO_BIG_IN_PLACE(&u64)
+ * void CORK_UINT16_HOST_TO_LITTLE_IN_PLACE(&u16)
+ * void CORK_UINT32_HOST_TO_LITTLE_IN_PLACE(&u32)
+ * void CORK_UINT64_HOST_TO_LITTLE_IN_PLACE(&u64)
+ */
+
+#if CORK_HOST_ENDIANNESS == CORK_BIG_ENDIAN
+
+#define CORK_UINT16_BIG_TO_HOST(__u16) (__u16) /* nothing to do */
+#define CORK_UINT16_LITTLE_TO_HOST(__u16)  CORK_SWAP_UINT16(__u16)
+
+#define CORK_UINT32_BIG_TO_HOST(__u32) (__u32) /* nothing to do */
+#define CORK_UINT32_LITTLE_TO_HOST(__u32)  CORK_SWAP_UINT32(__u32)
+
+#define CORK_UINT64_BIG_TO_HOST(__u64) (__u64) /* nothing to do */
+#define CORK_UINT64_LITTLE_TO_HOST(__u64)  CORK_SWAP_UINT64(__u64)
+
+#define CORK_UINT16_BIG_TO_HOST_IN_PLACE(__u16) /* nothing to do */
+#define CORK_UINT16_LITTLE_TO_HOST_IN_PLACE(__u16)  CORK_SWAP_IN_PLACE_UINT16(__u16)
+
+#define CORK_UINT32_BIG_TO_HOST_IN_PLACE(__u32) /* nothing to do */
+#define CORK_UINT32_LITTLE_TO_HOST_IN_PLACE(__u32)  CORK_SWAP_IN_PLACE_UINT32(__u32)
+
+#define CORK_UINT64_BIG_TO_HOST_IN_PLACE(__u64) /* nothing to do */
+#define CORK_UINT64_LITTLE_TO_HOST_IN_PLACE(__u64)  CORK_SWAP_IN_PLACE_UINT64(__u64)
+
+#elif CORK_HOST_ENDIANNESS == CORK_LITTLE_ENDIAN
+
+#define CORK_UINT16_BIG_TO_HOST(__u16)  CORK_SWAP_UINT16(__u16)
+#define CORK_UINT16_LITTLE_TO_HOST(__u16) (__u16) /* nothing to do */
+
+#define CORK_UINT32_BIG_TO_HOST(__u32)  CORK_SWAP_UINT32(__u32)
+#define CORK_UINT32_LITTLE_TO_HOST(__u32) (__u32) /* nothing to do */
+
+#define CORK_UINT64_BIG_TO_HOST(__u64)  CORK_SWAP_UINT64(__u64)
+#define CORK_UINT64_LITTLE_TO_HOST(__u64) (__u64) /* nothing to do */
+
+#define CORK_UINT16_BIG_TO_HOST_IN_PLACE(__u16)  CORK_SWAP_IN_PLACE_UINT16(__u16)
+#define CORK_UINT16_LITTLE_TO_HOST_IN_PLACE(__u16) /* nothing to do */
+
+#define CORK_UINT32_BIG_TO_HOST_IN_PLACE(__u32)  CORK_SWAP_IN_PLACE_UINT32(__u32)
+#define CORK_UINT32_LITTLE_TO_HOST_IN_PLACE(__u32) /* nothing to do */
+
+#define CORK_UINT64_BIG_TO_HOST_IN_PLACE(__u64)  CORK_SWAP_IN_PLACE_UINT64(__u64)
+#define CORK_UINT64_LITTLE_TO_HOST_IN_PLACE(__u64) /* nothing to do */
+
+#endif
+
+
+#define CORK_UINT16_HOST_TO_BIG(__u16)  CORK_UINT16_BIG_TO_HOST(__u16)
+#define CORK_UINT32_HOST_TO_BIG(__u32)  CORK_UINT32_BIG_TO_HOST(__u32)
+#define CORK_UINT64_HOST_TO_BIG(__u64)  CORK_UINT64_BIG_TO_HOST(__u64)
+#define CORK_UINT16_HOST_TO_LITTLE(__u16)  CORK_UINT16_LITTLE_TO_HOST(__u16)
+#define CORK_UINT32_HOST_TO_LITTLE(__u32)  CORK_UINT32_LITTLE_TO_HOST(__u32)
+#define CORK_UINT64_HOST_TO_LITTLE(__u64)  CORK_UINT64_LITTLE_TO_HOST(__u64)
+#define CORK_UINT16_HOST_TO_BIG_IN_PLACE(__u16)  CORK_UINT16_BIG_TO_HOST_IN_PLACE(__u16)
+#define CORK_UINT32_HOST_TO_BIG_IN_PLACE(__u32)  CORK_UINT32_BIG_TO_HOST_IN_PLACE(__u32)
+#define CORK_UINT64_HOST_TO_BIG_IN_PLACE(__u64)  CORK_UINT64_BIG_TO_HOST_IN_PLACE(__u64)
+#define CORK_UINT16_HOST_TO_LITTLE_IN_PLACE(__u16)  CORK_UINT16_LITTLE_TO_HOST_IN_PLACE(__u16)
+#define CORK_UINT32_HOST_TO_LITTLE_IN_PLACE(__u32)  CORK_UINT32_LITTLE_TO_HOST_IN_PLACE(__u32)
+#define CORK_UINT64_HOST_TO_LITTLE_IN_PLACE(__u64)  CORK_UINT64_LITTLE_TO_HOST_IN_PLACE(__u64)
+
+
+#endif /* LIBCORK_CORE_BYTE_ORDER_H */
diff --git a/client/3rd/ShadowSocks/ShadowSocks/shadowsocks-libev/libcork/include/libcork/core/callbacks.h b/client/3rd/ShadowSocks/ShadowSocks/shadowsocks-libev/libcork/include/libcork/core/callbacks.h
new file mode 100644
index 00000000..a63365ff
--- /dev/null
+++ b/client/3rd/ShadowSocks/ShadowSocks/shadowsocks-libev/libcork/include/libcork/core/callbacks.h
@@ -0,0 +1,46 @@
+/* -*- coding: utf-8 -*-
+ * ----------------------------------------------------------------------
+ * Copyright © 2013-2014, RedJack, LLC.
+ * All rights reserved.
+ *
+ * Please see the COPYING file in this distribution for license details.
+ * ----------------------------------------------------------------------
+ */
+
+#ifndef LIBCORK_CORE_CALLBACKS_H
+#define LIBCORK_CORE_CALLBACKS_H
+
+
+#include <libcork/core/hash.h>
+
+
+typedef int
+(*cork_copy_f)(void *user_data, void *dest, const void *src);
+
+typedef void
+(*cork_done_f)(void *user_data, void *value);
+
+typedef void
+(*cork_free_f)(void *value);
+
+typedef cork_hash
+(*cork_hash_f)(void *user_data, const void *value);
+
+typedef bool
+(*cork_equals_f)(void *user_data, const void *value1, const void *value2);
+
+typedef void
+(*cork_init_f)(void *user_data, void *value);
+
+#define cork_free_user_data(parent) \
+    ((parent)->free_user_data == NULL? (void) 0: \
+     (parent)->free_user_data((parent)->user_data))
+
+typedef void *
+(*cork_new_f)(void *user_data);
+
+typedef int
+(*cork_run_f)(void *user_data);
+
+
+#endif /* LIBCORK_CORE_CALLBACKS_H */
diff --git a/client/3rd/ShadowSocks/ShadowSocks/shadowsocks-libev/libcork/include/libcork/core/error.h b/client/3rd/ShadowSocks/ShadowSocks/shadowsocks-libev/libcork/include/libcork/core/error.h
new file mode 100644
index 00000000..67b731e9
--- /dev/null
+++ b/client/3rd/ShadowSocks/ShadowSocks/shadowsocks-libev/libcork/include/libcork/core/error.h
@@ -0,0 +1,139 @@
+/* -*- coding: utf-8 -*-
+ * ----------------------------------------------------------------------
+ * Copyright © 2011-2013, RedJack, LLC.
+ * All rights reserved.
+ *
+ * Please see the COPYING file in this distribution for license details.
+ * ----------------------------------------------------------------------
+ */
+
+#ifndef LIBCORK_CORE_ERROR_H
+#define LIBCORK_CORE_ERROR_H
+
+#include <errno.h>
+#include <stdarg.h>
+#include <stdio.h>
+#include <stdlib.h>
+
+#include <libcork/core/api.h>
+#include <libcork/core/attributes.h>
+#include <libcork/core/types.h>
+
+
+/* Should be a hash of a string representing the error code. */
+typedef uint32_t  cork_error;
+
+/* An error code that represents “no error”. */
+#define CORK_ERROR_NONE  ((cork_error) 0)
+
+CORK_API bool
+cork_error_occurred(void);
+
+CORK_API cork_error
+cork_error_code(void);
+
+CORK_API const char *
+cork_error_message(void);
+
+
+CORK_API void
+cork_error_clear(void);
+
+CORK_API void
+cork_error_set_printf(cork_error code, const char *format, ...)
+    CORK_ATTR_PRINTF(2,3);
+
+CORK_API void
+cork_error_set_string(cork_error code, const char *str);
+
+CORK_API void
+cork_error_set_vprintf(cork_error code, const char *format, va_list args)
+    CORK_ATTR_PRINTF(2,0);
+
+CORK_API void
+cork_error_prefix_printf(const char *format, ...)
+    CORK_ATTR_PRINTF(1,2);
+
+CORK_API void
+cork_error_prefix_string(const char *str);
+
+CORK_API void
+cork_error_prefix_vprintf(const char *format, va_list arg)
+    CORK_ATTR_PRINTF(1,0);
+
+
+/* deprecated */
+CORK_API void
+cork_error_set(uint32_t error_class, unsigned int error_code,
+               const char *format, ...)
+    CORK_ATTR_PRINTF(3,4);
+
+/* deprecated */
+CORK_API void
+cork_error_prefix(const char *format, ...)
+    CORK_ATTR_PRINTF(1,2);
+
+
+/*-----------------------------------------------------------------------
+ * Built-in errors
+ */
+
+#define CORK_PARSE_ERROR               0x95dfd3c8
+#define CORK_REDEFINED                 0x171629cb
+#define CORK_UNDEFINED                 0xedc3d7d9
+#define CORK_UNKNOWN_ERROR             0x8cb0880d
+
+#define cork_parse_error(...) \
+    cork_error_set_printf(CORK_PARSE_ERROR, __VA_ARGS__)
+#define cork_redefined(...) \
+    cork_error_set_printf(CORK_REDEFINED, __VA_ARGS__)
+#define cork_undefined(...) \
+    cork_error_set_printf(CORK_UNDEFINED, __VA_ARGS__)
+
+CORK_API void
+cork_system_error_set(void);
+
+CORK_API void
+cork_system_error_set_explicit(int err);
+
+CORK_API void
+cork_unknown_error_set_(const char *location);
+
+#define cork_unknown_error() \
+    cork_unknown_error_set_(__func__)
+
+
+/*-----------------------------------------------------------------------
+ * Abort on failure
+ */
+
+#define cork_abort_(func, file, line, fmt, ...) \
+    do { \
+        fprintf(stderr, fmt "\n  in %s (%s:%u)\n", \
+                __VA_ARGS__, (func), (file), (unsigned int) (line)); \
+        abort(); \
+    } while (0)
+
+#define cork_abort(fmt, ...) \
+    cork_abort_(__func__, __FILE__, __LINE__, fmt, __VA_ARGS__)
+
+CORK_ATTR_UNUSED
+static void *
+cork_abort_if_null_(void *ptr, const char *msg, const char *func,
+                    const char *file, unsigned int line)
+{
+    if (CORK_UNLIKELY(ptr == NULL)) {
+        cork_abort_(func, file, line, "%s", msg);
+    } else {
+        return ptr;
+    }
+}
+
+#define cork_abort_if_null(ptr, msg) \
+    (cork_abort_if_null_(ptr, msg, __func__, __FILE__, __LINE__))
+
+#define cork_unreachable() \
+    cork_abort("%s", "Code should not be reachable")
+
+
+#endif /* LIBCORK_CORE_ERROR_H */
diff --git a/client/3rd/ShadowSocks/ShadowSocks/shadowsocks-libev/libcork/include/libcork/core/gc.h b/client/3rd/ShadowSocks/ShadowSocks/shadowsocks-libev/libcork/include/libcork/core/gc.h
new file mode 100644
index 00000000..bc251ead
--- /dev/null
+++ b/client/3rd/ShadowSocks/ShadowSocks/shadowsocks-libev/libcork/include/libcork/core/gc.h
@@ -0,0 +1,67 @@
+/* -*- coding: utf-8 -*-
+ * ----------------------------------------------------------------------
+ * Copyright © 2011, RedJack, LLC.
+ * All rights reserved.
+ *
+ * Please see the COPYING file in this distribution for license
+ * details.
+ * ----------------------------------------------------------------------
+ */
+
+#ifndef LIBCORK_GC_REFCOUNT_H
+#define LIBCORK_GC_REFCOUNT_H
+
+
+#include <libcork/core/api.h>
+#include <libcork/core/types.h>
+
+
+struct cork_gc;
+
+/* A callback for recursing through the children of a garbage-collected
+ * object. */
+typedef void
+(*cork_gc_recurser)(struct cork_gc *gc, void *obj, void *ud);
+
+typedef void
+(*cork_gc_free_func)(void *obj);
+
+typedef void
+(*cork_gc_recurse_func)(struct cork_gc *gc, void *self,
+                        cork_gc_recurser recurser, void *ud);
+
+/* An interface that each garbage-collected object must implement. */
+struct cork_gc_obj_iface {
+    /* Perform additional cleanup; does *NOT* need to deallocate the
+     * object itself, or release any child references */
+    cork_gc_free_func  free;
+    cork_gc_recurse_func  recurse;
+};
+
+
+CORK_API void
+cork_gc_init(void);
+
+CORK_API void
+cork_gc_done(void);
+
+
+CORK_API void *
+cork_gc_alloc(size_t instance_size, struct cork_gc_obj_iface *iface);
+
+#define cork_gc_new_iface(obj_type, iface) \
+    ((obj_type *) \
+     (cork_gc_alloc(sizeof(obj_type), (iface))))
+
+#define cork_gc_new(struct_name) \
+    (cork_gc_new_iface(struct struct_name, &struct_name##__gc))
+
+
+CORK_API void *
+cork_gc_incref(void *obj);
+
+CORK_API void
+cork_gc_decref(void *obj);
+
+
+#endif /* LIBCORK_GC_REFCOUNT_H */
diff --git a/client/3rd/ShadowSocks/ShadowSocks/shadowsocks-libev/libcork/include/libcork/core/hash.h b/client/3rd/ShadowSocks/ShadowSocks/shadowsocks-libev/libcork/include/libcork/core/hash.h
new file mode 100644
index 00000000..683d9c26
--- /dev/null
+++ b/client/3rd/ShadowSocks/ShadowSocks/shadowsocks-libev/libcork/include/libcork/core/hash.h
@@ -0,0 +1,388 @@
+/* -*- coding: utf-8 -*-
+ * ----------------------------------------------------------------------
+ * Copyright © 2011-2013, RedJack, LLC.
+ * All rights reserved.
+ *
+ * Please see the COPYING file in this distribution for license details.
+ * ----------------------------------------------------------------------
+ */
+
+#ifndef LIBCORK_CORE_HASH_H
+#define LIBCORK_CORE_HASH_H
+
+
+#include <libcork/core/api.h>
+#include <libcork/core/attributes.h>
+#include <libcork/core/byte-order.h>
+#include <libcork/core/types.h>
+#include <libcork/core/u128.h>
+
+/* Needed for memcpy */
+#include <string.h>
+#include <stdlib.h>
+
+#ifndef CORK_HASH_ATTRIBUTES
+#define CORK_HASH_ATTRIBUTES  CORK_ATTR_UNUSED static inline
+#endif
+
+
+typedef uint32_t  cork_hash;
+
+typedef struct {
+    cork_u128  u128;
+} cork_big_hash;
+
+#define cork_big_hash_equal(h1, h2)  (cork_u128_eq((h1).u128, (h2).u128))
+
+#define CORK_BIG_HASH_INIT()  {{{{0}}}}
+
+/* We currently use MurmurHash3 [1], which is public domain, as our hash
+ * implementation.
+ *
+ * [1] http://code.google.com/p/smhasher/
+ */
+
+#define CORK_ROTL32(a,b) (((a) << ((b) & 0x1f)) | ((a) >> (32 - ((b) & 0x1f))))
+#define CORK_ROTL64(a,b) (((a) << ((b) & 0x3f)) | ((a) >> (64 - ((b) & 0x3f))))
+
+CORK_ATTR_UNUSED
+static inline
+uint32_t cork_getblock32(const uint32_t *p, int i)
+{
+    uint32_t u;
+    memcpy(&u, p + i, sizeof(u));
+    return u;
+}
+
+CORK_ATTR_UNUSED
+static inline
+uint64_t cork_getblock64(const uint64_t *p, int i)
+{
+    uint64_t u;
+    memcpy(&u, p + i, sizeof(u));
+    return u;
+}
+
+CORK_ATTR_UNUSED
+static inline
+uint32_t cork_fmix32(uint32_t h)
+{
+    h ^= h >> 16;
+    h *= 0x85ebca6b;
+    h ^= h >> 13;
+    h *= 0xc2b2ae35;
+    h ^= h >> 16;
+    return h;
+}
+
+CORK_ATTR_UNUSED
+static inline
+uint64_t cork_fmix64(uint64_t k)
+{
+    k ^= k >> 33;
+    k *= UINT64_C(0xff51afd7ed558ccd);
+    k ^= k >> 33;
+    k *= UINT64_C(0xc4ceb9fe1a85ec53);
+    k ^= k >> 33;
+    return k;
+}
+
+CORK_HASH_ATTRIBUTES
+cork_hash
+cork_stable_hash_buffer(cork_hash seed, const void *src, size_t len)
+{
+    typedef uint32_t __attribute__((__may_alias__))  cork_aliased_uint32_t;
+
+    /* This is exactly the same as cork_murmur_hash_x86_32, but with a byte swap
+     * to make sure that we always process the uint32s little-endian. */
+    const unsigned int  nblocks = (unsigned int)(len / 4);
+    const cork_aliased_uint32_t  *blocks = (const cork_aliased_uint32_t *) src;
+    const cork_aliased_uint32_t  *end = blocks + nblocks;
+    const cork_aliased_uint32_t  *curr;
+    const uint8_t  *tail = (const uint8_t *) end;
+
+    uint32_t  h1 = seed;
+    uint32_t  c1 = 0xcc9e2d51;
+    uint32_t  c2 = 0x1b873593;
+    uint32_t  k1 = 0;
+
+    /* body */
+    for (curr = blocks; curr != end; curr++) {
+        uint32_t  k1 = CORK_UINT32_HOST_TO_LITTLE(cork_getblock32((const uint32_t *) curr, 0));
+
+        k1 *= c1;
+        k1 = CORK_ROTL32(k1,15);
+        k1 *= c2;
+
+        h1 ^= k1;
+        h1 = CORK_ROTL32(h1,13);
+        h1 = h1*5+0xe6546b64;
+    }
+
+    /* tail */
+    switch (len & 3) {
+        case 3: k1 ^= tail[2] << 16;
+        case 2: k1 ^= tail[1] << 8;
+        case 1: k1 ^= tail[0];
+                k1 *= c1; k1 = CORK_ROTL32(k1,15); k1 *= c2; h1 ^= k1;
+    };
+
+    /* finalization */
+    h1 ^= len;
+    h1 = cork_fmix32(h1);
+    return h1;
+}
+
+#define cork_murmur_hash_x86_32(seed, src, len, dest) \
+do { \
+    typedef uint32_t __attribute__((__may_alias__))  cork_aliased_uint32_t; \
+    \
+    const unsigned int  nblocks = len / 4; \
+    const cork_aliased_uint32_t  *blocks = (const cork_aliased_uint32_t *) src; \
+    const cork_aliased_uint32_t  *end = blocks + nblocks; \
+    const cork_aliased_uint32_t  *curr; \
+    const uint8_t  *tail = (const uint8_t *) end; \
+    \
+    uint32_t  h1 = seed; \
+    uint32_t  c1 = 0xcc9e2d51; \
+    uint32_t  c2 = 0x1b873593; \
+    uint32_t  k1 = 0; \
+    \
+    /* body */ \
+    for (curr = blocks; curr != end; curr++) { \
+        uint32_t  k1 = cork_getblock32((const uint32_t *) curr, 0); \
+        \
+        k1 *= c1; \
+        k1 = CORK_ROTL32(k1,15); \
+        k1 *= c2; \
+        \
+        h1 ^= k1; \
+        h1 = CORK_ROTL32(h1,13); \
+        h1 = h1*5+0xe6546b64; \
+    } \
+    \
+    /* tail */ \
+    switch (len & 3) { \
+        case 3: k1 ^= tail[2] << 16; \
+        case 2: k1 ^= tail[1] << 8; \
+        case 1: k1 ^= tail[0]; \
+                k1 *= c1; k1 = CORK_ROTL32(k1,15); k1 *= c2; h1 ^= k1; \
+    }; \
+    \
+    /* finalization */ \
+    h1 ^= len; \
+    h1 = cork_fmix32(h1); \
+    *(dest) = h1; \
+} while (0)
+
+#define cork_murmur_hash_x86_128(seed, src, len, dest) \
+do { \
+    typedef uint32_t __attribute__((__may_alias__))  cork_aliased_uint32_t; \
+    \
+    const unsigned int  nblocks = len / 16; \
+    const cork_aliased_uint32_t  *blocks = (const cork_aliased_uint32_t *) src; \
+    const cork_aliased_uint32_t  *end = blocks + (nblocks * 4); \
+    const cork_aliased_uint32_t  *curr; \
+    const uint8_t  *tail = (const uint8_t *) end; \
+    \
+    uint32_t  h1 = cork_u128_be32(seed.u128, 0); \
+    uint32_t  h2 = cork_u128_be32(seed.u128, 1); \
+    uint32_t  h3 = cork_u128_be32(seed.u128, 2); \
+    uint32_t  h4 = cork_u128_be32(seed.u128, 3); \
+    \
+    uint32_t  c1 = 0x239b961b; \
+    uint32_t  c2 = 0xab0e9789; \
+    uint32_t  c3 = 0x38b34ae5; \
+    uint32_t  c4 = 0xa1e38b93; \
+    \
+    uint32_t  k1 = 0; \
+    uint32_t  k2 = 0; \
+    uint32_t  k3 = 0; \
+    uint32_t  k4 = 0; \
+    \
+    /* body */ \
+    for (curr = blocks; curr != end; curr += 4) { \
+        uint32_t  k1 = cork_getblock32((const uint32_t *) curr, 0); \
+        uint32_t  k2 = cork_getblock32((const uint32_t *) curr, 1); \
+        uint32_t  k3 = cork_getblock32((const uint32_t *) curr, 2); \
+        uint32_t  k4 = cork_getblock32((const uint32_t *) curr, 3); \
+        \
+        k1 *= c1; k1  = CORK_ROTL32(k1,15); k1 *= c2; h1 ^= k1; \
+        h1 = CORK_ROTL32(h1,19); h1 += h2; h1 = h1*5+0x561ccd1b; \
+        \
+        k2 *= c2; k2  = CORK_ROTL32(k2,16); k2 *= c3; h2 ^= k2; \
+        h2 = CORK_ROTL32(h2,17); h2 += h3; h2 = h2*5+0x0bcaa747; \
+        \
+        k3 *= c3; k3  = CORK_ROTL32(k3,17); k3 *= c4; h3 ^= k3; \
+        h3 = CORK_ROTL32(h3,15); h3 += h4; h3 = h3*5+0x96cd1c35; \
+        \
+        k4 *= c4; k4  = CORK_ROTL32(k4,18); k4 *= c1; h4 ^= k4; \
+        h4 = CORK_ROTL32(h4,13); h4 += h1; h4 = h4*5+0x32ac3b17; \
+    } \
+    \
+    /* tail */ \
+    switch (len & 15) { \
+        case 15: k4 ^= tail[14] << 16; \
+        case 14: k4 ^= tail[13] << 8; \
+        case 13: k4 ^= tail[12] << 0; \
+                 k4 *= c4; k4 = CORK_ROTL32(k4,18); k4 *= c1; h4 ^= k4; \
+        \
+        case 12: k3 ^= tail[11] << 24; \
+        case 11: k3 ^= tail[10] << 16; \
+        case 10: k3 ^= tail[ 9] << 8; \
+        case  9: k3 ^= tail[ 8] << 0; \
+                 k3 *= c3; k3 = CORK_ROTL32(k3,17); k3 *= c4; h3 ^= k3; \
+        \
+        case  8: k2 ^= tail[ 7] << 24; \
+        case  7: k2 ^= tail[ 6] << 16; \
+        case  6: k2 ^= tail[ 5] << 8; \
+        case  5: k2 ^= tail[ 4] << 0; \
+                 k2 *= c2; k2 = CORK_ROTL32(k2,16); k2 *= c3; h2 ^= k2; \
+        \
+        case  4: k1 ^= tail[ 3] << 24; \
+        case  3: k1 ^= tail[ 2] << 16; \
+        case  2: k1 ^= tail[ 1] << 8; \
+        case  1: k1 ^= tail[ 0] << 0; \
+                 k1 *= c1; k1 = CORK_ROTL32(k1,15); k1 *= c2; h1 ^= k1; \
+    }; \
+    \
+    /* finalization */ \
+    \
+    h1 ^= len; h2 ^= len; h3 ^= len; h4 ^= len; \
+    \
+    h1 += h2; h1 += h3; h1 += h4; \
+    h2 += h1; h3 += h1; h4 += h1; \
+    \
+    h1 = cork_fmix32(h1); \
+    h2 = cork_fmix32(h2); \
+    h3 = cork_fmix32(h3); \
+    h4 = cork_fmix32(h4); \
+    \
+    h1 += h2; h1 += h3; h1 += h4; \
+    h2 += h1; h3 += h1; h4 += h1; \
+    \
+    (dest)->u128 = cork_u128_from_32(h1, h2, h3, h4); \
+} while (0)
+
+#define cork_murmur_hash_x64_128(seed, src, len, dest) \
+do { \
+    typedef uint64_t __attribute__((__may_alias__))  cork_aliased_uint64_t; \
+    \
+    const unsigned int  nblocks = len / 16; \
+    const cork_aliased_uint64_t  *blocks = (const cork_aliased_uint64_t *) src; \
+    const cork_aliased_uint64_t  *end = blocks + (nblocks * 2); \
+    const cork_aliased_uint64_t  *curr; \
+    const uint8_t  *tail = (const uint8_t *) end; \
+    \
+    uint64_t  h1 = cork_u128_be64(seed.u128, 0); \
+    uint64_t  h2 = cork_u128_be64(seed.u128, 1); \
+    \
+    uint64_t  c1 = UINT64_C(0x87c37b91114253d5); \
+    uint64_t  c2 = UINT64_C(0x4cf5ad432745937f); \
+    \
+    uint64_t k1 = 0; \
+    uint64_t k2 = 0; \
+    \
+    /* body */ \
+    for (curr = blocks; curr != end; curr += 2) { \
+        uint64_t  k1 = cork_getblock64((const uint64_t *) curr, 0); \
+        uint64_t  k2 = cork_getblock64((const uint64_t *) curr, 1); \
+    \
+        k1 *= c1; k1  = CORK_ROTL64(k1,31); k1 *= c2; h1 ^= k1; \
+        h1 = CORK_ROTL64(h1,27); h1 += h2; h1 = h1*5+0x52dce729; \
+    \
+        k2 *= c2; k2  = CORK_ROTL64(k2,33); k2 *= c1; h2 ^= k2; \
+        h2 = CORK_ROTL64(h2,31); h2 += h1; h2 = h2*5+0x38495ab5; \
+    } \
+    \
+    /* tail */ \
+    switch (len & 15) { \
+        case 15: k2 ^= (uint64_t) (tail[14]) << 48; \
+        case 14: k2 ^= (uint64_t) (tail[13]) << 40; \
+        case 13: k2 ^= (uint64_t) (tail[12]) << 32; \
+        case 12: k2 ^= (uint64_t) (tail[11]) << 24; \
+        case 11: k2 ^= (uint64_t) (tail[10]) << 16; \
+        case 10: k2 ^= (uint64_t) (tail[ 9]) << 8; \
+        case  9: k2 ^= (uint64_t) (tail[ 8]) << 0; \
+                 k2 *= c2; k2 = CORK_ROTL64(k2,33); k2 *= c1; h2 ^= k2; \
+        \
+        case  8: k1 ^= (uint64_t) (tail[ 7]) << 56; \
+        case  7: k1 ^= (uint64_t) (tail[ 6]) << 48; \
+        case  6: k1 ^= (uint64_t) (tail[ 5]) << 40; \
+        case  5: k1 ^= (uint64_t) (tail[ 4]) << 32; \
+        case  4: k1 ^= (uint64_t) (tail[ 3]) << 24; \
+        case  3: k1 ^= (uint64_t) (tail[ 2]) << 16; \
+        case  2: k1 ^= (uint64_t) (tail[ 1]) << 8; \
+        case  1: k1 ^= (uint64_t) (tail[ 0]) << 0; \
+                 k1 *= c1; k1 = CORK_ROTL64(k1,31); k1 *= c2; h1 ^= k1; \
+    }; \
+    \
+    /* finalization */ \
+    \
+    h1 ^= len; h2 ^= len; \
+    \
+    h1 += h2; \
+    h2 += h1; \
+    \
+    h1 = cork_fmix64(h1); \
+    h2 = cork_fmix64(h2); \
+    \
+    h1 += h2; \
+    h2 += h1; \
+    \
+    (dest)->u128 = cork_u128_from_64(h1, h2); \
+} while (0)
+
+
+#include <stdio.h>
+CORK_HASH_ATTRIBUTES
+cork_hash
+cork_hash_buffer(cork_hash seed, const void *src, size_t len)
+{
+#if CORK_SIZEOF_POINTER == 8
+    cork_big_hash  big_seed = {cork_u128_from_32(seed, seed, seed, seed)};
+    cork_big_hash  hash;
+    cork_murmur_hash_x64_128(big_seed, src, (unsigned int)len, &hash);
+    return cork_u128_be32(hash.u128, 0);
+#else
+    cork_hash  hash = 0;
+#ifdef __ANDROID__
+    // Enforce 16-byte alignment for murmur hash function
+    void *tmp;
+    int err = posix_memalign(&tmp, 16, len);
+    if (err == 0) {
+        memcpy(tmp, src, len);
+        cork_murmur_hash_x86_32(seed, tmp, (unsigned int)len, &hash);
+        free(tmp);
+    }
+#else
+    cork_murmur_hash_x86_32(seed, src, (unsigned int)len, &hash);
+#endif
+    return hash;
+#endif
+}
+
+
+CORK_HASH_ATTRIBUTES
+cork_big_hash
+cork_big_hash_buffer(cork_big_hash seed, const void *src, size_t len)
+{
+    cork_big_hash  result;
+#if CORK_SIZEOF_POINTER == 8
+    cork_murmur_hash_x64_128(seed, src, (unsigned int)len, &result);
+#else
+    cork_murmur_hash_x86_128(seed, src, (unsigned int)len, &result);
+#endif
+    return result;
+}
+
+
+#define cork_hash_variable(seed, val) \
+    (cork_hash_buffer((seed), &(val), sizeof((val))))
+#define cork_stable_hash_variable(seed, val) \
+    (cork_stable_hash_buffer((seed), &(val), sizeof((val))))
+#define cork_big_hash_variable(seed, val) \
+    (cork_big_hash_buffer((seed), &(val), sizeof((val))))
+
+
+#endif /* LIBCORK_CORE_HASH_H */
diff --git a/client/3rd/ShadowSocks/ShadowSocks/shadowsocks-libev/libcork/include/libcork/core/id.h b/client/3rd/ShadowSocks/ShadowSocks/shadowsocks-libev/libcork/include/libcork/core/id.h
new file mode 100644
index 00000000..3e94179a
--- /dev/null
+++ b/client/3rd/ShadowSocks/ShadowSocks/shadowsocks-libev/libcork/include/libcork/core/id.h
@@ -0,0 +1,35 @@
+/* -*- coding: utf-8 -*-
+ * ----------------------------------------------------------------------
+ * Copyright © 2013, RedJack, LLC.
+ * All rights reserved.
+ *
+ * Please see the COPYING file in this distribution for license details.
+ * ----------------------------------------------------------------------
+ */
+
+#ifndef LIBCORK_CORE_ID_H
+#define LIBCORK_CORE_ID_H
+
+#include <libcork/core/hash.h>
+
+
+struct cork_uid {
+    const char  *name;
+};
+
+typedef const struct cork_uid  *cork_uid;
+
+#define CORK_UID_NONE  ((cork_uid) NULL)
+
+#define cork_uid_define_named(c_name, name) \
+    static const struct cork_uid  c_name##__id = { name }; \
+    static cork_uid  c_name = &c_name##__id;
+#define cork_uid_define(c_name) \
+    cork_uid_define_named(c_name, #c_name)
+
+#define cork_uid_equal(id1, id2)  ((id1) == (id2))
+#define cork_uid_hash(id)         ((cork_hash) (uintptr_t) (id))
+#define cork_uid_name(id)         ((id)->name)
+
+
+#endif /* LIBCORK_CORE_ID_H */
diff --git a/client/3rd/ShadowSocks/ShadowSocks/shadowsocks-libev/libcork/include/libcork/core/mempool.h b/client/3rd/ShadowSocks/ShadowSocks/shadowsocks-libev/libcork/include/libcork/core/mempool.h
new file mode 100644
index 00000000..43a73c6c
--- /dev/null
+++ b/client/3rd/ShadowSocks/ShadowSocks/shadowsocks-libev/libcork/include/libcork/core/mempool.h
@@ -0,0 +1,71 @@
+/* -*- coding: utf-8 -*-
+ * ----------------------------------------------------------------------
+ * Copyright © 2012-2015, RedJack, LLC.
+ * All rights reserved.
+ *
+ * Please see the COPYING file in this distribution for license details.
+ * ----------------------------------------------------------------------
+ */
+
+#ifndef LIBCORK_CORK_MEMPOOL_H
+#define LIBCORK_CORK_MEMPOOL_H
+
+
+#include <libcork/config.h>
+#include <libcork/core/api.h>
+#include <libcork/core/attributes.h>
+#include <libcork/core/callbacks.h>
+#include <libcork/core/types.h>
+
+
+#define CORK_MEMPOOL_DEFAULT_BLOCK_SIZE  4096
+
+
+struct cork_mempool;
+
+
+CORK_API struct cork_mempool *
+cork_mempool_new_size_ex(size_t element_size, size_t block_size);
+
+#define cork_mempool_new_size(element_size) \
+    (cork_mempool_new_size_ex \
+     ((element_size), CORK_MEMPOOL_DEFAULT_BLOCK_SIZE))
+
+#define cork_mempool_new_ex(type, block_size) \
+    (cork_mempool_new_size_ex(sizeof(type), (block_size)))
+
+#define cork_mempool_new(type) \
+    (cork_mempool_new_size(sizeof(type)))
+
+CORK_API void
+cork_mempool_free(struct cork_mempool *mp);
+
+
+CORK_API void
+cork_mempool_set_user_data(struct cork_mempool *mp,
+                           void *user_data, cork_free_f free_user_data);
+
+CORK_API void
+cork_mempool_set_init_object(struct cork_mempool *mp, cork_init_f init_object);
+
+CORK_API void
+cork_mempool_set_done_object(struct cork_mempool *mp, cork_done_f done_object);
+
+/* Deprecated; you should now use separate calls to cork_mempool_set_user_data,
+ * cork_mempool_set_init_object, and cork_mempool_set_done_object. */
+CORK_API void
+cork_mempool_set_callbacks(struct cork_mempool *mp,
+                           void *user_data, cork_free_f free_user_data,
+                           cork_init_f init_object,
+                           cork_done_f done_object);
+
+
+CORK_API void *
+cork_mempool_new_object(struct cork_mempool *mp);
+
+
+CORK_API void
+cork_mempool_free_object(struct cork_mempool *mp, void *ptr);
+
+
+#endif /* LIBCORK_CORK_MEMPOOL_H */
diff --git a/client/3rd/ShadowSocks/ShadowSocks/shadowsocks-libev/libcork/include/libcork/core/net-addresses.h b/client/3rd/ShadowSocks/ShadowSocks/shadowsocks-libev/libcork/include/libcork/core/net-addresses.h
new file mode 100644
index 00000000..5de73b24
--- /dev/null
+++ b/client/3rd/ShadowSocks/ShadowSocks/shadowsocks-libev/libcork/include/libcork/core/net-addresses.h
@@ -0,0 +1,147 @@
+/* -*- coding: utf-8 -*-
+ * ----------------------------------------------------------------------
+ * Copyright © 2011-2013, RedJack, LLC.
+ * All rights reserved.
+ *
+ * Please see the COPYING file in this distribution for license details.
+ * ----------------------------------------------------------------------
+ */
+
+#ifndef LIBCORK_CORE_NET_ADDRESSES_H
+#define LIBCORK_CORE_NET_ADDRESSES_H
+
+
+#include <string.h>
+
+#include <libcork/core/api.h>
+#include <libcork/core/error.h>
+#include <libcork/core/types.h>
+
+
+/*-----------------------------------------------------------------------
+ * IP addresses
+ */
+
+struct cork_ipv4 {
+    union {
+        uint8_t  u8[4];
+        uint16_t  u16[2];
+        uint32_t  u32;
+    } _;
+};
+
+struct cork_ipv6 {
+    union {
+        uint8_t  u8[16];
+        uint16_t  u16[8];
+        uint32_t  u32[4];
+        uint64_t  u64[2];
+    } _;
+};
+
+struct cork_ip {
+    /* Which version of IP address this is. */
+    unsigned int  version;
+    union {
+        struct cork_ipv4  v4;
+        struct cork_ipv6  v6;
+    } ip;
+};
+
+
+#define CORK_IPV4_STRING_LENGTH  (sizeof "xxx.xxx.xxx.xxx")
+#define CORK_IPV6_STRING_LENGTH \
+    (sizeof "ffff:ffff:ffff:ffff:ffff:ffff:255.255.255.255")
+#define CORK_IP_STRING_LENGTH  CORK_IPV6_STRING_LENGTH
+
+
+/*** IPv4 ***/
+
+/* src must be well-formed: 4 bytes, big-endian */
+#define cork_ipv4_copy(addr, src) \
+    (memcpy((addr), (src), sizeof(struct cork_ipv4)))
+
+#define cork_ipv4_equal(a1, a2) \
+    ((a1)->_.u32 == (a2)->_.u32)
+
+CORK_API int
+cork_ipv4_init(struct cork_ipv4 *addr, const char *str);
+
+CORK_API bool
+cork_ipv4_equal_(const struct cork_ipv4 *addr1, const struct cork_ipv4 *addr2);
+
+CORK_API void
+cork_ipv4_to_raw_string(const struct cork_ipv4 *addr, char *dest);
+
+CORK_API bool
+cork_ipv4_is_valid_network(const struct cork_ipv4 *addr,
+                           unsigned int cidr_prefix);
+
+
+/*** IPv6 ***/
+
+/* src must be well-formed: 16 bytes, big-endian */
+#define cork_ipv6_copy(addr, src) \
+    (memcpy((addr), (src), sizeof(struct cork_ipv6)))
+
+#define cork_ipv6_equal(a1, a2) \
+    ((a1)->_.u64[0] == (a2)->_.u64[0] && \
+     (a1)->_.u64[1] == (a2)->_.u64[1])
+
+CORK_API int
+cork_ipv6_init(struct cork_ipv6 *addr, const char *str);
+
+CORK_API bool
+cork_ipv6_equal_(const struct cork_ipv6 *addr1, const struct cork_ipv6 *addr2);
+
+CORK_API void
+cork_ipv6_to_raw_string(const struct cork_ipv6 *addr, char *dest);
+
+CORK_API bool
+cork_ipv6_is_valid_network(const struct cork_ipv6 *addr,
+                           unsigned int cidr_prefix);
+
+
+/*** Generic IP ***/
+
+#define cork_ip_equal(a1, a2) \
+    ((a1)->version == 4? \
+     ((a2)->version == 4 && cork_ipv4_equal(&(a1)->ip.v4, &(a2)->ip.v4)): \
+     ((a2)->version == 6 && cork_ipv6_equal(&(a1)->ip.v6, &(a2)->ip.v6)))
+
+/* src must be well-formed: 4 bytes, big-endian */
+#define cork_ip_from_ipv4(addr, src) \
+    do { \
+        (addr)->version = 4; \
+        cork_ipv4_copy(&(addr)->ip.v4, (src)); \
+    } while (0)
+
+/* src must be well-formed: 16 bytes, big-endian */
+#define cork_ip_from_ipv6(addr, src) \
+    do { \
+        (addr)->version = 6; \
+        cork_ipv6_copy(&(addr)->ip.v6, (src)); \
+    } while (0)
+
+/* src must be well-formed: 4 bytes, big-endian */
+CORK_API void
+cork_ip_from_ipv4_(struct cork_ip *addr, const void *src);
+
+/* src must be well-formed: 16 bytes, big-endian */
+CORK_API void
+cork_ip_from_ipv6_(struct cork_ip *addr, const void *src);
+
+CORK_API int
+cork_ip_init(struct cork_ip *addr, const char *str);
+
+CORK_API bool
+cork_ip_equal_(const struct cork_ip *addr1, const struct cork_ip *addr2);
+
+CORK_API void
+cork_ip_to_raw_string(const struct cork_ip *addr, char *dest);
+
+CORK_API bool
+cork_ip_is_valid_network(const struct cork_ip *addr, unsigned int cidr_prefix);
+
+
+#endif /* LIBCORK_CORE_NET_ADDRESSES_H */
diff --git a/client/3rd/ShadowSocks/ShadowSocks/shadowsocks-libev/libcork/include/libcork/core/timestamp.h b/client/3rd/ShadowSocks/ShadowSocks/shadowsocks-libev/libcork/include/libcork/core/timestamp.h
new file mode 100644
index 00000000..4eba7b14
--- /dev/null
+++ b/client/3rd/ShadowSocks/ShadowSocks/shadowsocks-libev/libcork/include/libcork/core/timestamp.h
@@ -0,0 +1,87 @@
+/* -*- coding: utf-8 -*-
+ * ----------------------------------------------------------------------
+ * Copyright © 2011, RedJack, LLC.
+ * All rights reserved.
+ *
+ * Please see the COPYING file in this distribution for license
+ * details.
+ * ----------------------------------------------------------------------
+ */
+
+#ifndef LIBCORK_CORE_TIMESTAMP_H
+#define LIBCORK_CORE_TIMESTAMP_H
+
+
+#include <libcork/core/api.h>
+#include <libcork/core/error.h>
+#include <libcork/core/types.h>
+#include <libcork/ds/buffer.h>
+
+
+typedef uint64_t  cork_timestamp;
+
+
+#define cork_timestamp_init_sec(ts, sec) \
+    do { \
+        *(ts) = (((uint64_t) (sec)) << 32); \
+    } while (0)
+
+#define cork_timestamp_init_gsec(ts, sec, gsec) \
+    do { \
+        *(ts) = (((uint64_t) (sec)) << 32) | \
+                (((uint64_t) (gsec)) & 0xffffffff); \
+    } while (0)
+
+#define cork_timestamp_init_msec(ts, sec, msec) \
+    do { \
+        *(ts) = (((uint64_t) (sec)) << 32) | \
+                ((((uint64_t) (msec)) << 32) / 1000); \
+    } while (0)
+
+#define cork_timestamp_init_usec(ts, sec, usec) \
+    do { \
+        *(ts) = (((uint64_t) (sec)) << 32) | \
+                ((((uint64_t) (usec)) << 32) / 1000000); \
+    } while (0)
+
+#define cork_timestamp_init_nsec(ts, sec, nsec) \
+    do { \
+        *(ts) = (((uint64_t) (sec)) << 32) | \
+                ((((uint64_t) (nsec)) << 32) / 1000000000); \
+    } while (0)
+
+
+CORK_API void
+cork_timestamp_init_now(cork_timestamp *ts);
+
+
+#define cork_timestamp_sec(ts)  ((uint32_t) ((ts) >> 32))
+#define cork_timestamp_gsec(ts)  ((uint32_t) ((ts) & 0xffffffff))
+
+CORK_ATTR_UNUSED
+static inline uint64_t
+cork_timestamp_gsec_to_units(const cork_timestamp ts, uint64_t denom)
+{
+    uint64_t  half = ((uint64_t) 1 << 31) / denom;
+    uint64_t  gsec = cork_timestamp_gsec(ts);
+    gsec += half;
+    gsec *= denom;
+    gsec >>= 32;
+    return gsec;
+}
+
+#define cork_timestamp_msec(ts)  cork_timestamp_gsec_to_units(ts, 1000)
+#define cork_timestamp_usec(ts)  cork_timestamp_gsec_to_units(ts, 1000000)
+#define cork_timestamp_nsec(ts)  cork_timestamp_gsec_to_units(ts, 1000000000)
+
+
+CORK_API int
+cork_timestamp_format_utc(const cork_timestamp ts, const char *format,
+                          struct cork_buffer *dest);
+
+CORK_API int
+cork_timestamp_format_local(const cork_timestamp ts, const char *format,
+                            struct cork_buffer *dest);
+
+
+#endif /* LIBCORK_CORE_TIMESTAMP_H */
diff --git a/client/3rd/ShadowSocks/ShadowSocks/shadowsocks-libev/libcork/include/libcork/core/types.h b/client/3rd/ShadowSocks/ShadowSocks/shadowsocks-libev/libcork/include/libcork/core/types.h
new file mode 100644
index 00000000..f469beda
--- /dev/null
+++ b/client/3rd/ShadowSocks/ShadowSocks/shadowsocks-libev/libcork/include/libcork/core/types.h
@@ -0,0 +1,82 @@
+/* -*- coding: utf-8 -*-
+ * ----------------------------------------------------------------------
+ * Copyright © 2011, RedJack, LLC.
+ * All rights reserved.
+ *
+ * Please see the COPYING file in this distribution for license
+ * details.
+ * ----------------------------------------------------------------------
+ */
+
+#ifndef LIBCORK_CORE_TYPES_H
+#define LIBCORK_CORE_TYPES_H
+
+/* For now, we assume that the C99 integer types are available using the
+ * standard headers. */
+
+#include <limits.h>
+#include <inttypes.h>
+#include <stdbool.h>
+#include <stddef.h>
+#include <stdint.h>
+
+
+/* Define preprocessor macros that contain the size of several built-in
+ * types.  Again, we assume that we have the C99 definitions available. */
+
+#if SHRT_MAX == INT8_MAX
+#define CORK_SIZEOF_SHORT  1
+#elif SHRT_MAX == INT16_MAX
+#define CORK_SIZEOF_SHORT  2
+#elif SHRT_MAX == INT32_MAX
+#define CORK_SIZEOF_SHORT  4
+#elif SHRT_MAX == INT64_MAX
+#define CORK_SIZEOF_SHORT  8
+#else
+#error "Cannot determine size of short"
+#endif
+
+#if INT_MAX == INT8_MAX
+#define CORK_SIZEOF_INT  1
+#elif INT_MAX == INT16_MAX
+#define CORK_SIZEOF_INT  2
+#elif INT_MAX == INT32_MAX
+#define CORK_SIZEOF_INT  4
+#elif INT_MAX == INT64_MAX
+#define CORK_SIZEOF_INT  8
+#else
+#error "Cannot determine size of int"
+#endif
+
+#if LONG_MAX == INT8_MAX
+#define CORK_SIZEOF_LONG  1
+#elif LONG_MAX == INT16_MAX
+#define CORK_SIZEOF_LONG  2
+#elif LONG_MAX == INT32_MAX
+#define CORK_SIZEOF_LONG  4
+#elif LONG_MAX == INT64_MAX
+#define CORK_SIZEOF_LONG  8
+#else
+#error "Cannot determine size of long"
+#endif
+
+#if INTPTR_MAX == INT8_MAX
+#define CORK_SIZEOF_POINTER  1
+#elif INTPTR_MAX == INT16_MAX
+#define CORK_SIZEOF_POINTER  2
+#elif INTPTR_MAX == INT32_MAX
+#define CORK_SIZEOF_POINTER  4
+#elif INTPTR_MAX == INT64_MAX
+#define CORK_SIZEOF_POINTER  8
+#else
+#error "Cannot determine size of void *"
+#endif
+
+
+/* Return a pointer to a @c struct, given a pointer to one of its
+ * fields. */
+#define cork_container_of(field, struct_type, field_name) \
+    ((struct_type *) (- offsetof(struct_type, field_name) + \
+                      (void *) (field)))
+
+#endif /* LIBCORK_CORE_TYPES_H */
diff --git a/client/3rd/ShadowSocks/ShadowSocks/shadowsocks-libev/libcork/include/libcork/core/u128.h b/client/3rd/ShadowSocks/ShadowSocks/shadowsocks-libev/libcork/include/libcork/core/u128.h
new file mode 100644
index 00000000..a320de3e
--- /dev/null
+++ b/client/3rd/ShadowSocks/ShadowSocks/shadowsocks-libev/libcork/include/libcork/core/u128.h
@@ -0,0 +1,227 @@
+/* -*- coding: utf-8 -*-
+ * ----------------------------------------------------------------------
+ * Copyright © 2013, RedJack, LLC.
+ * All rights reserved.
+ *
+ * Please see the COPYING file in this distribution for license details.
+ * ----------------------------------------------------------------------
+ */
+
+#ifndef LIBCORK_CORE_U128_H
+#define LIBCORK_CORE_U128_H
+
+
+#include <libcork/config.h>
+#include <libcork/core/attributes.h>
+#include <libcork/core/byte-order.h>
+#include <libcork/core/types.h>
+
+#if !defined(CORK_API)
+#define CORK_API  CORK_IMPORT
+#endif
+
+typedef struct {
+    union {
+        uint8_t  u8[16];
+        uint16_t  u16[8];
+        uint32_t  u32[4];
+        uint64_t  u64[2];
+#if CORK_HOST_ENDIANNESS == CORK_BIG_ENDIAN
+        struct { uint64_t hi; uint64_t lo; } be64;
+#else
+        struct { uint64_t lo; uint64_t hi; } be64;
+#endif
+#if CORK_CONFIG_HAVE_GCC_INT128
+#define CORK_U128_HAVE_U128  1
+        unsigned __int128  u128;
+#elif CORK_CONFIG_HAVE_GCC_MODE_ATTRIBUTE
+#define CORK_U128_HAVE_U128  1
+        unsigned int  u128 __attribute__((mode(TI)));
+#else
+#define CORK_U128_HAVE_U128  0
+#endif
+    } _;
+} cork_u128;
+
+
+/* i0-3 are given in big-endian order, regardless of host endianness */
+CORK_ATTR_UNUSED
+static cork_u128
+cork_u128_from_32(uint32_t i0, uint32_t i1, uint32_t i2, uint32_t i3)
+{
+    cork_u128  value;
+#if CORK_HOST_ENDIANNESS == CORK_BIG_ENDIAN
+    value._.u32[0] = i0;
+    value._.u32[1] = i1;
+    value._.u32[2] = i2;
+    value._.u32[3] = i3;
+#else
+    value._.u32[3] = i0;
+    value._.u32[2] = i1;
+    value._.u32[1] = i2;
+    value._.u32[0] = i3;
+#endif
+    return value;
+}
+
+/* i0-1 are given in big-endian order, regardless of host endianness */
+CORK_ATTR_UNUSED
+static cork_u128
+cork_u128_from_64(uint64_t i0, uint64_t i1)
+{
+    cork_u128  value;
+#if CORK_HOST_ENDIANNESS == CORK_BIG_ENDIAN
+    value._.u64[0] = i0;
+    value._.u64[1] = i1;
+#else
+    value._.u64[1] = i0;
+    value._.u64[0] = i1;
+#endif
+    return value;
+}
+
+
+#if CORK_HOST_ENDIANNESS == CORK_BIG_ENDIAN
+#define cork_u128_be8(val, idx)   ((val)._.u8[(idx)])
+#define cork_u128_be16(val, idx)  ((val)._.u16[(idx)])
+#define cork_u128_be32(val, idx)  ((val)._.u32[(idx)])
+#define cork_u128_be64(val, idx)  ((val)._.u64[(idx)])
+#else
+#define cork_u128_be8(val, idx)   ((val)._.u8[15 - (idx)])
+#define cork_u128_be16(val, idx)  ((val)._.u16[7 - (idx)])
+#define cork_u128_be32(val, idx)  ((val)._.u32[3 - (idx)])
+#define cork_u128_be64(val, idx)  ((val)._.u64[1 - (idx)])
+#endif
+
+
+CORK_ATTR_UNUSED
+static cork_u128
+cork_u128_add(cork_u128 a, cork_u128 b)
+{
+    cork_u128  result;
+#if CORK_U128_HAVE_U128
+    result._.u128 = a._.u128 + b._.u128;
+#else
+    result._.be64.lo = a._.be64.lo + b._.be64.lo;
+    result._.be64.hi =
+        a._.be64.hi + b._.be64.hi + (result._.be64.lo < a._.be64.lo);
+#endif
+    return result;
+}
+
+CORK_ATTR_UNUSED
+static cork_u128
+cork_u128_sub(cork_u128 a, cork_u128 b)
+{
+    cork_u128  result;
+#if CORK_U128_HAVE_U128
+    result._.u128 = a._.u128 - b._.u128;
+#else
+    result._.be64.lo = a._.be64.lo - b._.be64.lo;
+    result._.be64.hi =
+        a._.be64.hi - b._.be64.hi - (result._.be64.lo > a._.be64.lo);
+#endif
+    return result;
+}
+
+
+CORK_ATTR_UNUSED
+static bool
+cork_u128_eq(cork_u128 a, cork_u128 b)
+{
+#if CORK_U128_HAVE_U128
+    return (a._.u128 == b._.u128);
+#else
+    return (a._.be64.hi == b._.be64.hi) && (a._.be64.lo == b._.be64.lo);
+#endif
+}
+
+CORK_ATTR_UNUSED
+static bool
+cork_u128_ne(cork_u128 a, cork_u128 b)
+{
+#if CORK_U128_HAVE_U128
+    return (a._.u128 != b._.u128);
+#else
+    return (a._.be64.hi != b._.be64.hi) || (a._.be64.lo != b._.be64.lo);
+#endif
+}
+
+CORK_ATTR_UNUSED
+static bool
+cork_u128_lt(cork_u128 a, cork_u128 b)
+{
+#if CORK_U128_HAVE_U128
+    return (a._.u128 < b._.u128);
+#else
+    if (a._.be64.hi == b._.be64.hi) {
+        return a._.be64.lo < b._.be64.lo;
+    } else {
+        return a._.be64.hi < b._.be64.hi;
+    }
+#endif
+}
+
+CORK_ATTR_UNUSED
+static bool
+cork_u128_le(cork_u128 a, cork_u128 b)
+{
+#if CORK_U128_HAVE_U128
+    return (a._.u128 <= b._.u128);
+#else
+    if (a._.be64.hi == b._.be64.hi) {
+        return a._.be64.lo <= b._.be64.lo;
+    } else {
+        return a._.be64.hi <= b._.be64.hi;
+    }
+#endif
+}
+
+CORK_ATTR_UNUSED
+static bool
+cork_u128_gt(cork_u128 a, cork_u128 b)
+{
+#if CORK_U128_HAVE_U128
+    return (a._.u128 > b._.u128);
+#else
+    if (a._.be64.hi == b._.be64.hi) {
+        return a._.be64.lo > b._.be64.lo;
+    } else {
+        return a._.be64.hi > b._.be64.hi;
+    }
+#endif
+}
+
+CORK_ATTR_UNUSED
+static bool
+cork_u128_ge(cork_u128 a, cork_u128 b)
+{
+#if CORK_U128_HAVE_U128
+    return (a._.u128 >= b._.u128);
+#else
+    if (a._.be64.hi == b._.be64.hi) {
+        return a._.be64.lo >= b._.be64.lo;
+    } else {
+        return a._.be64.hi >= b._.be64.hi;
+    }
+#endif
+}
+
+
+/* log10(x) = log2(x) / log2(10) ~= log2(x) / 3.322 */
+#define CORK_U128_DECIMAL_LENGTH  44  /* ~= 128 / 3 + 1 + 1 */
+
+CORK_API const char *
+cork_u128_to_decimal(char *buf, cork_u128 val);
+
+
+#define CORK_U128_HEX_LENGTH  33
+
+CORK_API const char *
+cork_u128_to_hex(char *buf, cork_u128 val);
+
+CORK_API const char *
+cork_u128_to_padded_hex(char *buf, cork_u128 val);
+
+
+#endif /* LIBCORK_CORE_U128_H */
diff --git a/client/3rd/ShadowSocks/ShadowSocks/shadowsocks-libev/libcork/include/libcork/ds.h b/client/3rd/ShadowSocks/ShadowSocks/shadowsocks-libev/libcork/include/libcork/ds.h
new file mode 100644
index 00000000..8cedd21c
--- /dev/null
+++ b/client/3rd/ShadowSocks/ShadowSocks/shadowsocks-libev/libcork/include/libcork/ds.h
@@ -0,0 +1,26 @@
+/* -*- coding: utf-8 -*-
+ * ----------------------------------------------------------------------
+ * Copyright © 2011, RedJack, LLC.
+ * All rights reserved.
+ *
+ * Please see the COPYING file in this distribution for license
+ * details.
+ * ----------------------------------------------------------------------
+ */
+
+#ifndef LIBCORK_DS_H
+#define LIBCORK_DS_H
+
+/*** include all of the parts ***/
+
+#include <libcork/ds/array.h>
+#include <libcork/ds/bitset.h>
+#include <libcork/ds/buffer.h>
+#include <libcork/ds/dllist.h>
+#include <libcork/ds/hash-table.h>
+#include <libcork/ds/managed-buffer.h>
+#include <libcork/ds/ring-buffer.h>
+#include <libcork/ds/slice.h>
+#include <libcork/ds/stream.h>
+
+#endif /* LIBCORK_DS_H */
diff --git a/client/3rd/ShadowSocks/ShadowSocks/shadowsocks-libev/libcork/include/libcork/ds/array.h b/client/3rd/ShadowSocks/ShadowSocks/shadowsocks-libev/libcork/include/libcork/ds/array.h
new file mode 100644
index 00000000..d86a8b6f
--- /dev/null
+++ b/client/3rd/ShadowSocks/ShadowSocks/shadowsocks-libev/libcork/include/libcork/ds/array.h
@@ -0,0 +1,161 @@
+/* -*- coding: utf-8 -*-
+ * ----------------------------------------------------------------------
+ * Copyright © 2011-2013, RedJack, LLC.
+ * All rights reserved.
+ *
+ * Please see the COPYING file in this distribution for license details.
+ * ----------------------------------------------------------------------
+ */
+
+#ifndef LIBCORK_DS_ARRAY_H
+#define LIBCORK_DS_ARRAY_H
+
+
+#include <libcork/core/api.h>
+#include <libcork/core/callbacks.h>
+#include <libcork/core/types.h>
+
+
+/*-----------------------------------------------------------------------
+ * Resizable arrays
+ */
+
+struct cork_array_priv;
+
+struct cork_raw_array {
+    void  *items;
+    size_t  size;
+    struct cork_array_priv  *priv;
+};
+
+CORK_API void
+cork_raw_array_init(struct cork_raw_array *array, size_t element_size);
+
+CORK_API void
+cork_raw_array_done(struct cork_raw_array *array);
+
+CORK_API void
+cork_raw_array_set_callback_data(struct cork_raw_array *array,
+                                 void *user_data, cork_free_f free_user_data);
+
+CORK_API void
+cork_raw_array_set_init(struct cork_raw_array *array, cork_init_f init);
+
+CORK_API void
+cork_raw_array_set_done(struct cork_raw_array *array, cork_done_f done);
+
+CORK_API void
+cork_raw_array_set_reuse(struct cork_raw_array *array, cork_init_f reuse);
+
+CORK_API void
+cork_raw_array_set_remove(struct cork_raw_array *array, cork_done_f remove);
+
+CORK_API size_t
+cork_raw_array_element_size(const struct cork_raw_array *array);
+
+CORK_API void
+cork_raw_array_clear(struct cork_raw_array *array);
+
+CORK_API void *
+cork_raw_array_elements(const struct cork_raw_array *array);
+
+CORK_API void *
+cork_raw_array_at(const struct cork_raw_array *array, size_t index);
+
+CORK_API size_t
+cork_raw_array_size(const struct cork_raw_array *array);
+
+CORK_API bool
+cork_raw_array_is_empty(const struct cork_raw_array *array);
+
+CORK_API void
+cork_raw_array_ensure_size(struct cork_raw_array *array, size_t count);
+
+CORK_API void *
+cork_raw_array_append(struct cork_raw_array *array);
+
+CORK_API int
+cork_raw_array_copy(struct cork_raw_array *dest,
+                    const struct cork_raw_array *src,
+                    cork_copy_f copy, void *user_data);
+
+
+/*-----------------------------------------------------------------------
+ * Type-checked resizable arrays
+ */
+
+#define cork_array(T) \
+    struct { \
+        T  *items; \
+        size_t  size; \
+        struct cork_array_priv  *priv; \
+    }
+
+#define cork_array_element_size(arr)  (sizeof((arr)->items[0]))
+#define cork_array_elements(arr)  ((arr)->items)
+#define cork_array_at(arr, i)     ((arr)->items[(i)])
+#define cork_array_size(arr)      ((arr)->size)
+#define cork_array_is_empty(arr)  ((arr)->size == 0)
+#define cork_array_to_raw(arr)    ((struct cork_raw_array *) (void *) (arr))
+
+#define cork_array_init(arr) \
+    (cork_raw_array_init(cork_array_to_raw(arr), cork_array_element_size(arr)))
+#define cork_array_done(arr) \
+    (cork_raw_array_done(cork_array_to_raw(arr)))
+
+#define cork_array_set_callback_data(arr, ud, fud) \
+    (cork_raw_array_set_callback_data(cork_array_to_raw(arr), (ud), (fud)))
+#define cork_array_set_init(arr, i) \
+    (cork_raw_array_set_init(cork_array_to_raw(arr), (i)))
+#define cork_array_set_done(arr, d) \
+    (cork_raw_array_set_done(cork_array_to_raw(arr), (d)))
+#define cork_array_set_reuse(arr, r) \
+    (cork_raw_array_set_reuse(cork_array_to_raw(arr), (r)))
+#define cork_array_set_remove(arr, r) \
+    (cork_raw_array_set_remove(cork_array_to_raw(arr), (r)))
+
+#define cork_array_clear(arr) \
+    (cork_raw_array_clear(cork_array_to_raw(arr)))
+#define cork_array_copy(d, s, c, ud) \
+    (cork_raw_array_copy(cork_array_to_raw(d), cork_array_to_raw(s), (c), (ud)))
+
+#define cork_array_ensure_size(arr, count) \
+    (cork_raw_array_ensure_size(cork_array_to_raw(arr), (count)))
+
+#define cork_array_append(arr, element) \
+    (cork_raw_array_append(cork_array_to_raw(arr)), \
+     ((arr)->items[(arr)->size - 1] = (element), (void) 0))
+
+#define cork_array_append_get(arr) \
+    (cork_raw_array_append(cork_array_to_raw(arr)), \
+     &(arr)->items[(arr)->size - 1])
+
+
+/*-----------------------------------------------------------------------
+ * Builtin array types
+ */
+
+CORK_API void
+cork_raw_pointer_array_init(struct cork_raw_array *array, cork_free_f free);
+
+#define cork_pointer_array_init(arr, f) \
+    (cork_raw_pointer_array_init(cork_array_to_raw(arr), (f)))
+
+struct cork_string_array {
+    const char  **items;
+    size_t  size;
+    struct cork_array_priv  *priv;
+};
+
+CORK_API void
+cork_string_array_init(struct cork_string_array *array);
+
+CORK_API void
+cork_string_array_append(struct cork_string_array *array, const char *str);
+
+CORK_API void
+cork_string_array_copy(struct cork_string_array *dest,
+                       const struct cork_string_array *src);
+
+
+#endif /* LIBCORK_DS_ARRAY_H */
diff --git a/client/3rd/ShadowSocks/ShadowSocks/shadowsocks-libev/libcork/include/libcork/ds/bitset.h b/client/3rd/ShadowSocks/ShadowSocks/shadowsocks-libev/libcork/include/libcork/ds/bitset.h
new file mode 100644
index 00000000..8744cfc6
--- /dev/null
+++ b/client/3rd/ShadowSocks/ShadowSocks/shadowsocks-libev/libcork/include/libcork/ds/bitset.h
@@ -0,0 +1,70 @@
+/* -*- coding: utf-8 -*-
+ * ----------------------------------------------------------------------
+ * Copyright © 2013, RedJack, LLC.
+ * All rights reserved.
+ *
+ * Please see the COPYING file in this distribution for license details.
+ * ----------------------------------------------------------------------
+ */
+
+#ifndef LIBCORK_DS_BITS_H
+#define LIBCORK_DS_BITS_H
+
+
+#include <libcork/core/api.h>
+#include <libcork/core/types.h>
+
+
+/*-----------------------------------------------------------------------
+ * Bit sets
+ */
+
+struct cork_bitset {
+    uint8_t  *bits;
+    size_t  bit_count;
+    size_t  byte_count;
+};
+
+CORK_API struct cork_bitset *
+cork_bitset_new(size_t bit_count);
+
+CORK_API void
+cork_bitset_init(struct cork_bitset *set, size_t bit_count);
+
+CORK_API void
+cork_bitset_free(struct cork_bitset *set);
+
+CORK_API void
+cork_bitset_done(struct cork_bitset *set);
+
+CORK_API void
+cork_bitset_clear(struct cork_bitset *set);
+
+/* Extract the byte that contains a particular bit in an array. */
+#define cork_bitset_byte_for_bit(set, i) \
+    ((set)->bits[(i) / 8])
+
+/* Create a bit mask that extracts a particular bit from the byte that it lives
+ * in. */
+#define cork_bitset_pos_mask_for_bit(i) \
+    (0x80 >> ((i) % 8))
+
+/* Create a bit mask that extracts everything except for a particular bit from
+ * the byte that it lives in. */
+#define cork_bitset_neg_mask_for_bit(i) \
+    (~cork_bitset_pos_mask_for_bit(i))
+
+/* Return whether a particular bit is set in a byte array.  Bits are numbered
+ * from 0, in a big-endian order. */
+#define cork_bitset_get(set, i) \
+    ((cork_bitset_byte_for_bit(set, i) & cork_bitset_pos_mask_for_bit(i)) != 0)
+
+/* Set (or unset) a particular bit is set in a byte array.  Bits are numbered
+ * from 0, in a big-endian order. */
+#define cork_bitset_set(set, i, val) \
+    (cork_bitset_byte_for_bit(set, i) = \
+     (cork_bitset_byte_for_bit(set, i) & cork_bitset_neg_mask_for_bit(i)) \
+     | ((val)? cork_bitset_pos_mask_for_bit(i): 0))
+
+
+#endif /* LIBCORK_DS_BITS_H */
diff --git a/client/3rd/ShadowSocks/ShadowSocks/shadowsocks-libev/libcork/include/libcork/ds/buffer.h b/client/3rd/ShadowSocks/ShadowSocks/shadowsocks-libev/libcork/include/libcork/ds/buffer.h
new file mode 100644
index 00000000..39fbbfa1
--- /dev/null
+++ b/client/3rd/ShadowSocks/ShadowSocks/shadowsocks-libev/libcork/include/libcork/ds/buffer.h
@@ -0,0 +1,163 @@
+/* -*- coding: utf-8 -*-
+ * ----------------------------------------------------------------------
+ * Copyright © 2011-2012, RedJack, LLC.
+ * All rights reserved.
+ *
+ * Please see the COPYING file in this distribution for license
+ * details.
+ * ----------------------------------------------------------------------
+ */
+
+#ifndef LIBCORK_DS_BUFFER_H
+#define LIBCORK_DS_BUFFER_H
+
+
+#include <stdarg.h>
+
+#include <libcork/core/api.h>
+#include <libcork/core/attributes.h>
+#include <libcork/core/types.h>
+
+
+struct cork_buffer {
+    /* The current contents of the buffer. */
+    void  *buf;
+    /* The current size of the buffer. */
+    size_t  size;
+    /* The amount of space allocated for buf. */
+    size_t  allocated_size;
+};
+
+
+CORK_API void
+cork_buffer_init(struct cork_buffer *buffer);
+
+#define CORK_BUFFER_INIT()  { NULL, 0, 0 }
+
+CORK_API struct cork_buffer *
+cork_buffer_new(void);
+
+CORK_API void
+cork_buffer_done(struct cork_buffer *buffer);
+
+CORK_API void
+cork_buffer_free(struct cork_buffer *buffer);
+
+
+CORK_API bool
+cork_buffer_equal(const struct cork_buffer *buffer1,
+                  const struct cork_buffer *buffer2);
+
+
+CORK_API void
+cork_buffer_ensure_size(struct cork_buffer *buffer, size_t desired_size);
+
+
+CORK_API void
+cork_buffer_clear(struct cork_buffer *buffer);
+
+CORK_API void
+cork_buffer_truncate(struct cork_buffer *buffer, size_t length);
+
+#define cork_buffer_byte(buffer, i)  (((const uint8_t *) (buffer)->buf)[(i)])
+#define cork_buffer_char(buffer, i)  (((const char *) (buffer)->buf)[(i)])
+
+
+/*-----------------------------------------------------------------------
+ * A whole bunch of methods for adding data
+ */
+
+#define cork_buffer_copy(dest, src) \
+    (cork_buffer_set((dest), (src)->buf, (src)->size))
+
+CORK_API void
+cork_buffer_set(struct cork_buffer *buffer, const void *src, size_t length);
+
+#define cork_buffer_append_copy(dest, src) \
+    (cork_buffer_append((dest), (src)->buf, (src)->size))
+
+CORK_API void
+cork_buffer_append(struct cork_buffer *buffer, const void *src, size_t length);
+
+
+CORK_API void
+cork_buffer_set_string(struct cork_buffer *buffer, const char *str);
+
+CORK_API void
+cork_buffer_append_string(struct cork_buffer *buffer, const char *str);
+
+#define cork_buffer_set_literal(buffer, str) \
+    (cork_buffer_set((buffer), (str), sizeof((str)) - 1))
+
+#define cork_buffer_append_literal(buffer, str) \
+    (cork_buffer_append((buffer), (str), sizeof((str)) - 1))
+
+
+CORK_API void
+cork_buffer_printf(struct cork_buffer *buffer, const char *format, ...)
+    CORK_ATTR_PRINTF(2,3);
+
+CORK_API void
+cork_buffer_append_printf(struct cork_buffer *buffer, const char *format, ...)
+    CORK_ATTR_PRINTF(2,3);
+
+CORK_API void
+cork_buffer_vprintf(struct cork_buffer *buffer, const char *format,
+                    va_list args)
+    CORK_ATTR_PRINTF(2,0);
+
+CORK_API void
+cork_buffer_append_vprintf(struct cork_buffer *buffer, const char *format,
+                           va_list args)
+    CORK_ATTR_PRINTF(2,0);
+
+
+/*-----------------------------------------------------------------------
+ * Some helpers for pretty-printing data
+ */
+
+CORK_API void
+cork_buffer_append_indent(struct cork_buffer *buffer, size_t indent);
+
+CORK_API void
+cork_buffer_append_c_string(struct cork_buffer *buffer,
+                            const char *src, size_t length);
+
+CORK_API void
+cork_buffer_append_hex_dump(struct cork_buffer *buffer, size_t indent,
+                            const char *src, size_t length);
+
+CORK_API void
+cork_buffer_append_multiline(struct cork_buffer *buffer, size_t indent,
+                             const char *src, size_t length);
+
+CORK_API void
+cork_buffer_append_binary(struct cork_buffer *buffer, size_t indent,
+                          const char *src, size_t length);
+
+
+/*-----------------------------------------------------------------------
+ * Buffer's managed buffer/slice implementation
+ */
+
+#include <libcork/ds/managed-buffer.h>
+#include <libcork/ds/slice.h>
+
+CORK_API struct cork_managed_buffer *
+cork_buffer_to_managed_buffer(struct cork_buffer *buffer);
+
+CORK_API int
+cork_buffer_to_slice(struct cork_buffer *buffer, struct cork_slice *slice);
+
+
+/*-----------------------------------------------------------------------
+ * Buffer's stream consumer implementation
+ */
+
+#include <libcork/ds/stream.h>
+
+CORK_API struct cork_stream_consumer *
+cork_buffer_to_stream_consumer(struct cork_buffer *buffer);
+
+
+#endif /* LIBCORK_DS_BUFFER_H */
diff --git a/client/3rd/ShadowSocks/ShadowSocks/shadowsocks-libev/libcork/include/libcork/ds/dllist.h b/client/3rd/ShadowSocks/ShadowSocks/shadowsocks-libev/libcork/include/libcork/ds/dllist.h
new file mode 100644
index 00000000..7fc22bfe
--- /dev/null
+++ b/client/3rd/ShadowSocks/ShadowSocks/shadowsocks-libev/libcork/include/libcork/ds/dllist.h
@@ -0,0 +1,151 @@
+/* -*- coding: utf-8 -*-
+ * ----------------------------------------------------------------------
+ * Copyright © 2011-2014, RedJack, LLC.
+ * All rights reserved.
+ *
+ * Please see the COPYING file in this distribution for license details.
+ * ----------------------------------------------------------------------
+ */
+
+#ifndef LIBCORK_DS_DLLIST_H
+#define LIBCORK_DS_DLLIST_H
+
+#include <libcork/core/api.h>
+#include <libcork/core/types.h>
+
+
+struct cork_dllist_item {
+    /* A pointer to the next element in the list. */
+    struct cork_dllist_item  *next;
+    /* A pointer to the previous element in the list. */
+    struct cork_dllist_item  *prev;
+};
+
+
+struct cork_dllist {
+    /* The sentinel element for this list. */
+    struct cork_dllist_item  head;
+};
+
+#define CORK_DLLIST_INIT(list)  { { &(list).head, &(list).head } }
+
+#define cork_dllist_init(list) \
+    do { \
+        (list)->head.next = &(list)->head; \
+        (list)->head.prev = &(list)->head; \
+    } while (0)
+
+
+
+/* DEPRECATED!  Use cork_dllist_foreach or cork_dllist_visit instead. */
+typedef void
+(*cork_dllist_map_func)(struct cork_dllist_item *element, void *user_data);
+
+CORK_API void
+cork_dllist_map(struct cork_dllist *list,
+                cork_dllist_map_func func, void *user_data);
+
+
+typedef int
+cork_dllist_visit_f(void *ud, struct cork_dllist_item *element);
+
+CORK_API int
+cork_dllist_visit(struct cork_dllist *list, void *ud,
+                  cork_dllist_visit_f *visit);
+
+
+#define cork_dllist_foreach_void(list, curr, _next) \
+    for ((curr) = cork_dllist_start((list)), (_next) = (curr)->next; \
+         !cork_dllist_is_end((list), (curr)); \
+         (curr) = (_next), (_next) = (curr)->next)
+
+#define cork_dllist_foreach(list, curr, _next, etype, element, item_field) \
+    for ((curr) = cork_dllist_start((list)), (_next) = (curr)->next, \
+         (element) = cork_container_of((curr), etype, item_field); \
+         !cork_dllist_is_end((list), (curr)); \
+         (curr) = (_next), (_next) = (curr)->next, \
+         (element) = cork_container_of((curr), etype, item_field))
+
+
+CORK_API size_t
+cork_dllist_size(const struct cork_dllist *list);
+
+
+#define cork_dllist_add_after(pred, element) \
+    do { \
+        (element)->prev = (pred); \
+        (element)->next = (pred)->next; \
+        (pred)->next->prev = (element); \
+        (pred)->next = (element); \
+    } while (0)
+
+#define cork_dllist_add_before(succ, element) \
+    do { \
+        (element)->next = (succ); \
+        (element)->prev = (succ)->prev; \
+        (succ)->prev->next = (element); \
+        (succ)->prev = (element); \
+    } while (0)
+
+#define cork_dllist_add_to_head(list, element) \
+    cork_dllist_add_after(&(list)->head, (element))
+
+#define cork_dllist_add_to_tail(list, element) \
+    cork_dllist_add_before(&(list)->head, (element))
+
+#define cork_dllist_add  cork_dllist_add_to_tail
+
+
+#define cork_dllist_add_list_to_head(dest, src) \
+    do { \
+        struct cork_dllist_item  *dest_start = cork_dllist_start(dest); \
+        struct cork_dllist_item  *src_start = cork_dllist_start(src); \
+        dest_start->prev = &(src)->head; \
+        src_start->prev = &(dest)->head; \
+        (src)->head.next = dest_start; \
+        (dest)->head.next = src_start; \
+        cork_dllist_remove(&(src)->head); \
+        cork_dllist_init(src); \
+    } while (0)
+
+#define cork_dllist_add_list_to_tail(dest, src) \
+    do { \
+        struct cork_dllist_item  *dest_end = cork_dllist_end(dest); \
+        struct cork_dllist_item  *src_end = cork_dllist_end(src); \
+        dest_end->next = &(src)->head; \
+        src_end->next = &(dest)->head; \
+        (src)->head.prev = dest_end; \
+        (dest)->head.prev = src_end; \
+        cork_dllist_remove(&(src)->head); \
+        cork_dllist_init(src); \
+    } while (0)
+
+
+#define cork_dllist_remove(element) \
+    do { \
+        (element)->prev->next = (element)->next; \
+        (element)->next->prev = (element)->prev; \
+    } while (0)
+
+
+#define cork_dllist_is_empty(list) \
+    (cork_dllist_is_end((list), cork_dllist_start((list))))
+
+
+#define cork_dllist_head(list) \
+    (((list)->head.next == &(list)->head)? NULL: (list)->head.next)
+#define cork_dllist_tail(list) \
+    (((list)->head.prev == &(list)->head)? NULL: (list)->head.prev)
+
+#define cork_dllist_start(list) \
+    ((list)->head.next)
+#define cork_dllist_end(list) \
+    ((list)->head.prev)
+
+#define cork_dllist_is_start(list, element) \
+    ((element) == &(list)->head)
+#define cork_dllist_is_end(list, element) \
+    ((element) == &(list)->head)
+
+
+#endif /* LIBCORK_DS_DLLIST_H */
diff --git a/client/3rd/ShadowSocks/ShadowSocks/shadowsocks-libev/libcork/include/libcork/ds/hash-table.h b/client/3rd/ShadowSocks/ShadowSocks/shadowsocks-libev/libcork/include/libcork/ds/hash-table.h
new file mode 100644
index 00000000..6a0eee40
--- /dev/null
+++ b/client/3rd/ShadowSocks/ShadowSocks/shadowsocks-libev/libcork/include/libcork/ds/hash-table.h
@@ -0,0 +1,159 @@
+/* -*- coding: utf-8 -*-
+ * ----------------------------------------------------------------------
+ * Copyright © 2011-2013, RedJack, LLC.
+ * All rights reserved.
+ *
+ * Please see the COPYING file in this distribution for license details.
+ * ----------------------------------------------------------------------
+ */
+
+#ifndef LIBCORK_DS_HASH_TABLE_H
+#define LIBCORK_DS_HASH_TABLE_H
+
+#include <libcork/core/api.h>
+#include <libcork/core/callbacks.h>
+#include <libcork/core/hash.h>
+#include <libcork/core/mempool.h>
+#include <libcork/core/types.h>
+#include <libcork/ds/dllist.h>
+
+
+/*-----------------------------------------------------------------------
+ * Hash tables
+ */
+
+struct cork_hash_table_entry {
+    cork_hash  hash;
+    void  *key;
+    void  *value;
+};
+
+
+struct cork_hash_table;
+
+CORK_API struct cork_hash_table *
+cork_hash_table_new(size_t initial_size, unsigned int flags);
+
+CORK_API void
+cork_hash_table_free(struct cork_hash_table *table);
+
+
+CORK_API void
+cork_hash_table_set_user_data(struct cork_hash_table *table,
+                              void *user_data, cork_free_f free_user_data);
+
+CORK_API void
+cork_hash_table_set_equals(struct cork_hash_table *table, cork_equals_f equals);
+
+CORK_API void
+cork_hash_table_set_free_key(struct cork_hash_table *table, cork_free_f free);
+
+CORK_API void
+cork_hash_table_set_free_value(struct cork_hash_table *table, cork_free_f free);
+
+CORK_API void
+cork_hash_table_set_hash(struct cork_hash_table *table, cork_hash_f hash);
+
+
+CORK_API void
+cork_hash_table_clear(struct cork_hash_table *table);
+
+
+CORK_API void
+cork_hash_table_ensure_size(struct cork_hash_table *table,
+                            size_t desired_count);
+
+CORK_API size_t
+cork_hash_table_size(const struct cork_hash_table *table);
+
+
+CORK_API void *
+cork_hash_table_get(const struct cork_hash_table *table, const void *key);
+
+CORK_API void *
+cork_hash_table_get_hash(const struct cork_hash_table *table,
+                         cork_hash hash, const void *key);
+
+CORK_API struct cork_hash_table_entry *
+cork_hash_table_get_entry(const struct cork_hash_table *table,
+                          const void *key);
+
+CORK_API struct cork_hash_table_entry *
+cork_hash_table_get_entry_hash(const struct cork_hash_table *table,
+                               cork_hash hash, const void *key);
+
+CORK_API struct cork_hash_table_entry *
+cork_hash_table_get_or_create(struct cork_hash_table *table,
+                              void *key, bool *is_new);
+
+CORK_API struct cork_hash_table_entry *
+cork_hash_table_get_or_create_hash(struct cork_hash_table *table,
+                                   cork_hash hash, void *key, bool *is_new);
+
+CORK_API void
+cork_hash_table_put(struct cork_hash_table *table,
+                    void *key, void *value,
+                    bool *is_new, void **old_key, void **old_value);
+
+CORK_API void
+cork_hash_table_put_hash(struct cork_hash_table *table,
+                         cork_hash hash, void *key, void *value,
+                         bool *is_new, void **old_key, void **old_value);
+
+CORK_API void
+cork_hash_table_delete_entry(struct cork_hash_table *table,
+                             struct cork_hash_table_entry *entry);
+
+CORK_API bool
+cork_hash_table_delete(struct cork_hash_table *table, const void *key,
+                       void **deleted_key, void **deleted_value);
+
+CORK_API bool
+cork_hash_table_delete_hash(struct cork_hash_table *table,
+                            cork_hash hash, const void *key,
+                            void **deleted_key, void **deleted_value);
+
+
+enum cork_hash_table_map_result {
+    /* Abort the current @ref cork_hash_table_map operation. */
+    CORK_HASH_TABLE_MAP_ABORT = 0,
+    /* Continue on to the next entry in the hash table. */
+    CORK_HASH_TABLE_MAP_CONTINUE = 1,
+    /* Delete the entry that was just processed, and then continue on to
+     * the next entry in the hash table. */
+    CORK_HASH_TABLE_MAP_DELETE = 2
+};
+
+typedef enum cork_hash_table_map_result
+(*cork_hash_table_map_f)(void *user_data, struct cork_hash_table_entry *entry);
+
+CORK_API void
+cork_hash_table_map(struct cork_hash_table *table, void *user_data,
+                    cork_hash_table_map_f mapper);
+
+
+struct cork_hash_table_iterator {
+    struct cork_hash_table  *table;
+    void  *priv;
+};
+
+CORK_API void
+cork_hash_table_iterator_init(struct cork_hash_table *table,
+                              struct cork_hash_table_iterator *iterator);
+
+CORK_API struct cork_hash_table_entry *
+cork_hash_table_iterator_next(struct cork_hash_table_iterator *iterator);
+
+
+/*-----------------------------------------------------------------------
+ * Built-in key types
+ */
+
+CORK_API struct cork_hash_table *
+cork_string_hash_table_new(size_t initial_size, unsigned int flags);
+
+CORK_API struct cork_hash_table *
+cork_pointer_hash_table_new(size_t initial_size, unsigned int flags);
+
+
+#endif /* LIBCORK_DS_HASH_TABLE_H */
diff --git a/client/3rd/ShadowSocks/ShadowSocks/shadowsocks-libev/libcork/include/libcork/ds/managed-buffer.h b/client/3rd/ShadowSocks/ShadowSocks/shadowsocks-libev/libcork/include/libcork/ds/managed-buffer.h
new file mode 100644
index 00000000..e74ef3b6
--- /dev/null
+++ b/client/3rd/ShadowSocks/ShadowSocks/shadowsocks-libev/libcork/include/libcork/ds/managed-buffer.h
@@ -0,0 +1,76 @@
+/* -*- coding: utf-8 -*-
+ * ----------------------------------------------------------------------
+ * Copyright © 2011, RedJack, LLC.
+ * All rights reserved.
+ *
+ * Please see the COPYING file in this distribution for license
+ * details.
+ * ----------------------------------------------------------------------
+ */
+
+#ifndef LIBCORK_DS_MANAGED_BUFFER_H
+#define LIBCORK_DS_MANAGED_BUFFER_H
+
+#include <libcork/core/api.h>
+#include <libcork/core/types.h>
+#include <libcork/ds/slice.h>
+
+
+/*-----------------------------------------------------------------------
+ * Managed buffers
+ */
+
+struct cork_managed_buffer;
+
+struct cork_managed_buffer_iface {
+    /* Free the contents of a managed buffer, and the managed buffer
+     * object itself. */
+    void
+    (*free)(struct cork_managed_buffer *buf);
+};
+
+
+struct cork_managed_buffer {
+    /* The buffer that this instance manages */
+    const void  *buf;
+    /* The size of buf */
+    size_t  size;
+    /* A reference count for the buffer.  If this drops to 0, the buffer
+     * will be finalized. */
+    volatile int  ref_count;
+    /* The managed buffer implementation for this instance. */
+    struct cork_managed_buffer_iface  *iface;
+};
+
+
+CORK_API struct cork_managed_buffer *
+cork_managed_buffer_new_copy(const void *buf, size_t size);
+
+
+typedef void
+(*cork_managed_buffer_freer)(void *buf, size_t size);
+
+CORK_API struct cork_managed_buffer *
+cork_managed_buffer_new(const void *buf, size_t size,
+                        cork_managed_buffer_freer free);
+
+
+CORK_API struct cork_managed_buffer *
+cork_managed_buffer_ref(struct cork_managed_buffer *buf);
+
+CORK_API void
+cork_managed_buffer_unref(struct cork_managed_buffer *buf);
+
+
+CORK_API int
+cork_managed_buffer_slice(struct cork_slice *dest,
+                          struct cork_managed_buffer *buffer,
+                          size_t offset, size_t length);
+
+CORK_API int
+cork_managed_buffer_slice_offset(struct cork_slice *dest,
+                                 struct cork_managed_buffer *buffer,
+                                 size_t offset);
+
+
+#endif /* LIBCORK_DS_MANAGED_BUFFER_H */
diff --git a/client/3rd/ShadowSocks/ShadowSocks/shadowsocks-libev/libcork/include/libcork/ds/ring-buffer.h b/client/3rd/ShadowSocks/ShadowSocks/shadowsocks-libev/libcork/include/libcork/ds/ring-buffer.h
new file mode 100644
index 00000000..d76affdc
--- /dev/null
+++ b/client/3rd/ShadowSocks/ShadowSocks/shadowsocks-libev/libcork/include/libcork/ds/ring-buffer.h
@@ -0,0 +1,60 @@
+/* -*- coding: utf-8 -*-
+ * ----------------------------------------------------------------------
+ * Copyright © 2011, RedJack, LLC.
+ * All rights reserved.
+ *
+ * Please see the COPYING file in this distribution for license
+ * details.
+ * ----------------------------------------------------------------------
+ */
+
+#ifndef LIBCORK_DS_RING_BUFFER_H
+#define LIBCORK_DS_RING_BUFFER_H
+
+#include <libcork/core/api.h>
+#include <libcork/core/types.h>
+
+
+struct cork_ring_buffer {
+    /* The elements of the ring buffer */
+    void  **elements;
+    /* The number of elements that can be stored in this ring
+     * buffer. */
+    size_t  allocated_size;
+    /* The actual number of elements currently in the ring buffer. */
+    size_t  size;
+    /* The index of the next element to read from the buffer */
+    size_t  read_index;
+    /* The index of the next element to write into the buffer */
+    size_t  write_index;
+};
+
+
+CORK_API int
+cork_ring_buffer_init(struct cork_ring_buffer *buf, size_t size);
+
+CORK_API struct cork_ring_buffer *
+cork_ring_buffer_new(size_t size);
+
+CORK_API void
+cork_ring_buffer_done(struct cork_ring_buffer *buf);
+
+CORK_API void
+cork_ring_buffer_free(struct cork_ring_buffer *buf);
+
+
+#define cork_ring_buffer_is_empty(buf) ((buf)->size == 0)
+#define cork_ring_buffer_is_full(buf) ((buf)->size == (buf)->allocated_size)
+
+
+CORK_API int
+cork_ring_buffer_add(struct cork_ring_buffer *buf, void *element);
+
+CORK_API void *
+cork_ring_buffer_pop(struct cork_ring_buffer *buf);
+
+CORK_API void *
+cork_ring_buffer_peek(struct cork_ring_buffer *buf);
+
+
+#endif /* LIBCORK_DS_RING_BUFFER_H */
diff --git a/client/3rd/ShadowSocks/ShadowSocks/shadowsocks-libev/libcork/include/libcork/ds/slice.h b/client/3rd/ShadowSocks/ShadowSocks/shadowsocks-libev/libcork/include/libcork/ds/slice.h
new file mode 100644
index 00000000..9daefee3
--- /dev/null
+++ b/client/3rd/ShadowSocks/ShadowSocks/shadowsocks-libev/libcork/include/libcork/ds/slice.h
@@ -0,0 +1,151 @@
+/* -*- coding: utf-8 -*-
+ * ----------------------------------------------------------------------
+ * Copyright © 2011, RedJack, LLC.
+ * All rights reserved.
+ *
+ * Please see the COPYING file in this distribution for license
+ * details.
+ * ----------------------------------------------------------------------
+ */
+
+#ifndef LIBCORK_DS_SLICE_H
+#define LIBCORK_DS_SLICE_H
+
+#include <libcork/core/api.h>
+#include <libcork/core/types.h>
+
+
+/*-----------------------------------------------------------------------
+ * Error handling
+ */
+
+/* hash of "libcork/ds/slice.h" */
+#define CORK_SLICE_ERROR  0x960ca750
+
+enum cork_slice_error {
+    /* Trying to slice a nonexistent subset of a buffer */
+    CORK_SLICE_INVALID_SLICE
+};
+
+
+/*-----------------------------------------------------------------------
+ * Slices
+ */
+
+struct cork_slice;
+
+struct cork_slice_iface {
+    /* Free the slice.  Can be NULL if you don't need to free any
+     * underlying buffer. */
+    void
+    (*free)(struct cork_slice *self);
+
+    /* Create a copy of a slice.  You can assume that offset and length
+     * refer to a valid subset of the buffer. */
+    int
+    (*copy)(struct cork_slice *dest, const struct cork_slice *self,
+            size_t offset, size_t length);
+
+    /* Create a “light” copy of a slice.  A light copy is not allowed to exist
+     * longer than the slice that it was copied from, which can sometimes let
+     * you perform less work to produce the copy.  You can assume that offset
+     * and length refer to a valid subset of the buffer. */
+    int
+    (*light_copy)(struct cork_slice *dest, const struct cork_slice *self,
+                  size_t offset, size_t length);
+
+    /* Update the current slice to point at a different subset.  You can
+     * assume that offset and length refer to a valid subset of the
+     * buffer.  Can be NULL if you don't need to do anything special to
+     * the underlying buffer; in this case, we'll update the slice's buf
+     * and size fields for you. */
+    int
+    (*slice)(struct cork_slice *self, size_t offset, size_t length);
+};
+
+
+struct cork_slice {
+    /* The beginning of the sliced portion of the buffer. */
+    const void  *buf;
+    /* The length of the sliced portion of the buffer. */
+    size_t  size;
+    /* The slice implementation of the underlying buffer. */
+    struct cork_slice_iface  *iface;
+    /* An opaque pointer used by the slice implementation to refer to
+     * the underlying buffer. */
+    void  *user_data;
+};
+
+
+CORK_API void
+cork_slice_clear(struct cork_slice *slice);
+
+#define cork_slice_is_empty(slice)  ((slice)->buf == NULL)
+
+
+CORK_API int
+cork_slice_copy(struct cork_slice *dest, const struct cork_slice *slice,
+                size_t offset, size_t length);
+
+#define cork_slice_copy_fast(dest, slice, offset, length) \
+    ((slice)->iface->copy((dest), (slice), (offset), (length)))
+
+CORK_API int
+cork_slice_copy_offset(struct cork_slice *dest, const struct cork_slice *slice,
+                       size_t offset);
+
+#define cork_slice_copy_offset_fast(dest, slice, offset) \
+    ((slice)->iface->copy \
+     ((dest), (slice), (offset), (slice)->size - (offset)))
+
+
+CORK_API int
+cork_slice_light_copy(struct cork_slice *dest, const struct cork_slice *slice,
+                      size_t offset, size_t length);
+
+#define cork_slice_light_copy_fast(dest, slice, offset, length) \
+    ((slice)->iface->light_copy((dest), (slice), (offset), (length)))
+
+CORK_API int
+cork_slice_light_copy_offset(struct cork_slice *dest,
+                             const struct cork_slice *slice, size_t offset);
+
+#define cork_slice_light_copy_offset_fast(dest, slice, offset) \
+    ((slice)->iface->light_copy \
+     ((dest), (slice), (offset), (slice)->size - (offset)))
+
+
+CORK_API int
+cork_slice_slice(struct cork_slice *slice, size_t offset, size_t length);
+
+#define cork_slice_slice_fast(_slice, offset, length) \
+    ((_slice)->iface->slice == NULL? \
+     ((_slice)->buf += (offset), (_slice)->size = (length), 0): \
+     ((_slice)->iface->slice((_slice), (offset), (length))))
+
+CORK_API int
+cork_slice_slice_offset(struct cork_slice *slice, size_t offset);
+
+#define cork_slice_slice_offset_fast(_slice, offset) \
+    ((_slice)->iface->slice == NULL? \
+     ((_slice)->buf += (offset), (_slice)->size -= (offset), 0): \
+     ((_slice)->iface->slice \
+      ((_slice), (offset), (_slice)->size - (offset))))
+
+
+CORK_API void
+cork_slice_finish(struct cork_slice *slice);
+
+CORK_API bool
+cork_slice_equal(const struct cork_slice *slice1,
+                 const struct cork_slice *slice2);
+
+CORK_API void
+cork_slice_init_static(struct cork_slice *dest, const void *buf, size_t size);
+
+CORK_API void
+cork_slice_init_copy_once(struct cork_slice *dest, const void *buf,
+                          size_t size);
+
+
+#endif /* LIBCORK_DS_SLICE_H */
diff --git a/client/3rd/ShadowSocks/ShadowSocks/shadowsocks-libev/libcork/include/libcork/ds/stream.h b/client/3rd/ShadowSocks/ShadowSocks/shadowsocks-libev/libcork/include/libcork/ds/stream.h
new file mode 100644
index 00000000..b3697257
--- /dev/null
+++ b/client/3rd/ShadowSocks/ShadowSocks/shadowsocks-libev/libcork/include/libcork/ds/stream.h
@@ -0,0 +1,64 @@
+/* -*- coding: utf-8 -*-
+ * ----------------------------------------------------------------------
+ * Copyright © 2011, RedJack, LLC.
+ * All rights reserved.
+ *
+ * Please see the COPYING file in this distribution for license
+ * details.
+ * ----------------------------------------------------------------------
+ */
+
+#ifndef LIBCORK_DS_STREAM_H
+#define LIBCORK_DS_STREAM_H
+
+#include <stdio.h>
+
+#include <libcork/core/api.h>
+#include <libcork/core/types.h>
+
+
+struct cork_stream_consumer {
+    int
+    (*data)(struct cork_stream_consumer *consumer,
+            const void *buf, size_t size, bool is_first_chunk);
+
+    int
+    (*eof)(struct cork_stream_consumer *consumer);
+
+    void
+    (*free)(struct cork_stream_consumer *consumer);
+};
+
+
+#define cork_stream_consumer_data(consumer, buf, size, is_first) \
+    ((consumer)->data((consumer), (buf), (size), (is_first)))
+
+#define cork_stream_consumer_eof(consumer) \
+    ((consumer)->eof((consumer)))
+
+#define cork_stream_consumer_free(consumer) \
+    ((consumer)->free((consumer)))
+
+
+CORK_API int
+cork_consume_fd(struct cork_stream_consumer *consumer, int fd);
+
+CORK_API int
+cork_consume_file(struct cork_stream_consumer *consumer, FILE *fp);
+
+CORK_API int
+cork_consume_file_from_path(struct cork_stream_consumer *consumer,
+                            const char *path, int flags);
+
+
+CORK_API struct cork_stream_consumer *
+cork_fd_consumer_new(int fd);
+
+CORK_API struct cork_stream_consumer *
+cork_file_consumer_new(FILE *fp);
+
+CORK_API struct cork_stream_consumer *
+cork_file_from_path_consumer_new(const char *path, int flags);
+
+
+#endif /* LIBCORK_DS_STREAM_H */
diff --git a/client/3rd/ShadowSocks/ShadowSocks/shadowsocks-libev/libcork/include/libcork/helpers/errors.h b/client/3rd/ShadowSocks/ShadowSocks/shadowsocks-libev/libcork/include/libcork/helpers/errors.h
new file mode 100644
index 00000000..37766757
--- /dev/null
+++ b/client/3rd/ShadowSocks/ShadowSocks/shadowsocks-libev/libcork/include/libcork/helpers/errors.h
@@ -0,0 +1,142 @@
+/* -*- coding: utf-8 -*-
+ * ----------------------------------------------------------------------
+ * Copyright © 2011-2012, RedJack, LLC.
+ * All rights reserved.
+ *
+ * Please see the COPYING file in this distribution for license
+ * details.
+ * ----------------------------------------------------------------------
+ */
+
+#ifndef LIBCORK_HELPERS_ERRORS_H
+#define LIBCORK_HELPERS_ERRORS_H
+
+
+/* This header is *not* automatically included when you include
+ * libcork/core.h, since we define some macros that don't include a
+ * cork_ or CORK_ prefix.  Don't want to pollute your namespace unless
+ * you ask for it! */
+
+
+#include <libcork/core/allocator.h>
+#include <libcork/core/attributes.h>
+#include <libcork/core/error.h>
+
+
+#if !defined(CORK_PRINT_ERRORS)
+#define CORK_PRINT_ERRORS 0
+#endif
+
+#if !defined(CORK_PRINT_ERROR)
+#if CORK_PRINT_ERRORS
+#include <stdio.h>
+#define CORK_PRINT_ERROR_(func, file, line) \
+    fprintf(stderr, "---\nError in %s (%s:%u)\n  %s\n", \
+            (func), (file), (unsigned int) (line), \
+            cork_error_message());
+#define CORK_PRINT_ERROR()  CORK_PRINT_ERROR_(__func__, __FILE__, __LINE__)
+#else
+#define CORK_PRINT_ERROR()  /* do nothing */
+#endif
+#endif
+
+
+/* A bunch of macros for calling a function that returns an error.  If
+ * an error occurs, it will automatically be propagated out as the
+ * result of your own function.  With these macros, you won't have a
+ * check to check or modify the error condition; it's returned as-is.
+ *
+ *   XZ_check
+ *
+ * where:
+ *
+ *   X = what happens if an error occurs
+ *       "e" = jump to the "error" label
+ *       "rY" = return a default error result (Y defined below)
+ *       "x" = return an error result that you specify
+ *
+ *   Y = your return type
+ *       "i" = int
+ *       "p" = some pointer type
+ *
+ *   Z = the return type of the function you're calling
+ *       "e" = use cork_error_occurred() to check
+ *       "i" = int
+ *       "p" = some pointer type
+ *
+ * In all cases, we assume that your function has a cork_error parameter
+ * called "err".
+ */
+
+
+/* jump to "error" label */
+
+#define ee_check(call) \
+    do { \
+        (call); \
+        if (CORK_UNLIKELY(cork_error_occurred())) { \
+            CORK_PRINT_ERROR(); \
+            goto error; \
+        } \
+    } while (0)
+
+#define ei_check(call) \
+    do { \
+        int  __rc = (call); \
+        if (CORK_UNLIKELY(__rc != 0)) { \
+            CORK_PRINT_ERROR(); \
+            goto error; \
+        } \
+    } while (0)
+
+#define ep_check(call) \
+    do { \
+        const void  *__result = (call); \
+        if (CORK_UNLIKELY(__result == NULL)) { \
+            CORK_PRINT_ERROR(); \
+            goto error; \
+        } \
+    } while (0)
+
+
+/* return specific error code */
+
+#define xe_check(result, call) \
+    do { \
+        (call); \
+        if (CORK_UNLIKELY(cork_error_occurred())) { \
+            CORK_PRINT_ERROR(); \
+            return result; \
+        } \
+    } while (0)
+
+#define xi_check(result, call) \
+    do { \
+        int  __rc = (call); \
+        if (CORK_UNLIKELY(__rc != 0)) { \
+            CORK_PRINT_ERROR(); \
+            return result; \
+        } \
+    } while (0)
+
+#define xp_check(result, call) \
+    do { \
+        const void  *__result = (call); \
+        if (CORK_UNLIKELY(__result == NULL)) { \
+            CORK_PRINT_ERROR(); \
+            return result; \
+        } \
+    } while (0)
+
+
+/* return default error code */
+
+#define rie_check(call)  xe_check(-1, call)
+#define rii_check(call)  xi_check(__rc, call)
+#define rip_check(call)  xp_check(-1, call)
+#define rpe_check(call)  xe_check(NULL, call)
+#define rpi_check(call)  xi_check(NULL, call)
+#define rpp_check(call)  xp_check(NULL, call)
+
+
+#endif /* LIBCORK_HELPERS_ERRORS_H */
diff --git a/client/3rd/ShadowSocks/ShadowSocks/shadowsocks-libev/libcork/include/libcork/helpers/gc.h b/client/3rd/ShadowSocks/ShadowSocks/shadowsocks-libev/libcork/include/libcork/helpers/gc.h
new file mode 100644
index 00000000..43742445
--- /dev/null
+++ b/client/3rd/ShadowSocks/ShadowSocks/shadowsocks-libev/libcork/include/libcork/helpers/gc.h
@@ -0,0 +1,51 @@
+/* -*- coding: utf-8 -*-
+ * ----------------------------------------------------------------------
+ * Copyright © 2011-2012, RedJack, LLC.
+ * All rights reserved.
+ *
+ * Please see the COPYING file in this distribution for license
+ * details.
+ * ----------------------------------------------------------------------
+ */
+
+#ifndef LIBCORK_HELPERS_REFCOUNT_H
+#define LIBCORK_HELPERS_REFCOUNT_H
+
+
+#include <libcork/core/gc.h>
+#include <libcork/core/types.h>
+
+
+#define _free_(name) \
+static void \
+name##__free(void *obj)
+
+
+#define _recurse_(name) \
+static void \
+name##__recurse(struct cork_gc *gc, void *obj, \
+                cork_gc_recurser recurse, void *ud)
+
+
+#define _gc_(name) \
+static struct cork_gc_obj_iface  name##__gc = { \
+    name##__free, name##__recurse \
+};
+
+#define _gc_no_free_(name) \
+static struct cork_gc_obj_iface  name##__gc = { \
+    NULL, name##__recurse \
+};
+
+#define _gc_no_recurse_(name) \
+static struct cork_gc_obj_iface  name##__gc = { \
+    name##__free, NULL \
+};
+
+#define _gc_leaf_(name) \
+static struct cork_gc_obj_iface  name##__gc = { \
+    NULL, NULL \
+};
+
+
+#endif /* LIBCORK_HELPERS_REFCOUNT_H */
diff --git a/client/3rd/ShadowSocks/ShadowSocks/shadowsocks-libev/libcork/include/libcork/helpers/mingw.h b/client/3rd/ShadowSocks/ShadowSocks/shadowsocks-libev/libcork/include/libcork/helpers/mingw.h
new file mode 100644
index 00000000..64746e75
--- /dev/null
+++ b/client/3rd/ShadowSocks/ShadowSocks/shadowsocks-libev/libcork/include/libcork/helpers/mingw.h
@@ -0,0 +1,21 @@
+#ifdef __MINGW32__
+
+#include <time.h>
+
+// From git project: compact/mingw.h
+
+#ifndef S_IFLNK
+#define S_IFLNK    0120000 /* Symbolic link */
+#endif
+
+#ifndef S_ISLNK
+#define S_ISLNK(x) (((x) & S_IFMT) == S_IFLNK)
+#endif
+
+struct tm *gmtime_r(const time_t *timep, struct tm *result);
+struct tm *localtime_r(const time_t *timep, struct tm *result);
+int setenv(const char *name, const char *value, int overwrite);
+int unsetenv(const char *name);
+int clearenv(void);
+
+#endif
diff --git a/client/3rd/ShadowSocks/ShadowSocks/shadowsocks-libev/libcork/include/libcork/helpers/posix.h b/client/3rd/ShadowSocks/ShadowSocks/shadowsocks-libev/libcork/include/libcork/helpers/posix.h
new file mode 100644
index 00000000..7a933d5b
--- /dev/null
+++ b/client/3rd/ShadowSocks/ShadowSocks/shadowsocks-libev/libcork/include/libcork/helpers/posix.h
@@ -0,0 +1,87 @@
+/* -*- coding: utf-8 -*-
+ * ----------------------------------------------------------------------
+ * Copyright © 2013, RedJack, LLC.
+ * All rights reserved.
+ *
+ * Please see the COPYING file in this distribution for license details.
+ * ----------------------------------------------------------------------
+ */
+
+#ifndef LIBCORK_HELPERS_POSIX_H
+#define LIBCORK_HELPERS_POSIX_H
+
+/* This header is *not* automatically included when you include
+ * libcork/core.h, since we define some macros that don't include a
+ * cork_ or CORK_ prefix.  Don't want to pollute your namespace unless
+ * you ask for it! */
+
+#include <errno.h>
+
+#include <libcork/core/allocator.h>
+#include <libcork/core/attributes.h>
+#include <libcork/core/error.h>
+
+
+#if !defined(CORK_PRINT_ERRORS)
+#define CORK_PRINT_ERRORS 0
+#endif
+
+#if !defined(CORK_PRINT_ERROR)
+#if CORK_PRINT_ERRORS
+#include <stdio.h>
+#define CORK_PRINT_ERROR_(func, file, line) \
+    fprintf(stderr, "---\nError in %s (%s:%u)\n  %s\n", \
+            (func), (file), (unsigned int) (line), \
+            cork_error_message());
+#define CORK_PRINT_ERROR()  CORK_PRINT_ERROR_(__func__, __FILE__, __LINE__)
+#else
+#define CORK_PRINT_ERROR()  /* do nothing */
+#endif
+#endif
+
+
+#define xi_check_posix(call, on_error) \
+    do { \
+        while (true) { \
+            if ((call) == -1) { \
+                if (errno == EINTR) { \
+                    continue; \
+                } else { \
+                    cork_system_error_set(); \
+                    CORK_PRINT_ERROR(); \
+                    on_error; \
+                } \
+            } else { \
+                break; \
+            } \
+        } \
+    } while (0)
+
+#define xp_check_posix(call, on_error) \
+    do { \
+        while (true) { \
+            if ((call) == NULL) { \
+                if (errno == EINTR) { \
+                    continue; \
+                } else { \
+                    cork_system_error_set(); \
+                    CORK_PRINT_ERROR(); \
+                    on_error; \
+                } \
+            } else { \
+                break; \
+            } \
+        } \
+    } while (0)
+
+
+#define ei_check_posix(call)  xi_check_posix(call, goto error)
+#define rii_check_posix(call) xi_check_posix(call, return -1)
+#define rpi_check_posix(call) xi_check_posix(call, return NULL)
+
+#define ep_check_posix(call)  xp_check_posix(call, goto error)
+#define rip_check_posix(call) xp_check_posix(call, return -1)
+#define rpp_check_posix(call) xp_check_posix(call, return NULL)
+
+
+#endif /* LIBCORK_HELPERS_POSIX_H */
diff --git a/client/3rd/ShadowSocks/ShadowSocks/shadowsocks-libev/libcork/include/libcork/os.h b/client/3rd/ShadowSocks/ShadowSocks/shadowsocks-libev/libcork/include/libcork/os.h
new file mode 100644
index 00000000..11639628
--- /dev/null
+++ b/client/3rd/ShadowSocks/ShadowSocks/shadowsocks-libev/libcork/include/libcork/os.h
@@ -0,0 +1,20 @@
+/* -*- coding: utf-8 -*-
+ * ----------------------------------------------------------------------
+ * Copyright © 2012-2013, RedJack, LLC.
+ * All rights reserved.
+ *
+ * Please see the COPYING file in this distribution for license
+ * details.
+ * ----------------------------------------------------------------------
+ */
+
+#ifndef LIBCORK_OS_H
+#define LIBCORK_OS_H
+
+/*** include all of the parts ***/
+
+#include <libcork/os/files.h>
+#include <libcork/os/process.h>
+#include <libcork/os/subprocess.h>
+
+#endif /* LIBCORK_OS_H */
diff --git a/client/3rd/ShadowSocks/ShadowSocks/shadowsocks-libev/libcork/include/libcork/os/files.h b/client/3rd/ShadowSocks/ShadowSocks/shadowsocks-libev/libcork/include/libcork/os/files.h
new file mode 100644
index 00000000..82f1f30d
--- /dev/null
+++ b/client/3rd/ShadowSocks/ShadowSocks/shadowsocks-libev/libcork/include/libcork/os/files.h
@@ -0,0 +1,271 @@
+/* -*- coding: utf-8 -*-
+ * ----------------------------------------------------------------------
+ * Copyright © 2012-2013, RedJack, LLC.
+ * All rights reserved.
+ *
+ * Please see the COPYING file in this distribution for license
+ * details.
+ * ----------------------------------------------------------------------
+ */
+
+#ifndef LIBCORK_CORE_FILES_H
+#define LIBCORK_CORE_FILES_H
+
+#include <libcork/core/api.h>
+#include <libcork/core/types.h>
+
+
+/*-----------------------------------------------------------------------
+ * Paths
+ */
+
+struct cork_path;
+
+/* path can be relative or absolute */
+CORK_API struct cork_path *
+cork_path_new(const char *path);
+
+CORK_API struct cork_path *
+cork_path_clone(const struct cork_path *other);
+
+CORK_API void
+cork_path_free(struct cork_path *path);
+
+
+CORK_API void
+cork_path_set(struct cork_path *path, const char *content);
+
+CORK_API const char *
+cork_path_get(const struct cork_path *path);
+
+
+CORK_API int
+cork_path_set_cwd(struct cork_path *path);
+
+CORK_API struct cork_path *
+cork_path_cwd(void);
+
+
+CORK_API int
+cork_path_set_absolute(struct cork_path *path);
+
+CORK_API struct cork_path *
+cork_path_absolute(const struct cork_path *other);
+
+
+CORK_API void
+cork_path_append(struct cork_path *path, const char *more);
+
+CORK_API void
+cork_path_append_path(struct cork_path *path, const struct cork_path *more);
+
+CORK_API struct cork_path *
+cork_path_join(const struct cork_path *other, const char *more);
+
+CORK_API struct cork_path *
+cork_path_join_path(const struct cork_path *other,
+                    const struct cork_path *more);
+
+
+CORK_API void
+cork_path_set_basename(struct cork_path *path);
+
+CORK_API struct cork_path *
+cork_path_basename(const struct cork_path *other);
+
+
+CORK_API void
+cork_path_set_dirname(struct cork_path *path);
+
+CORK_API struct cork_path *
+cork_path_dirname(const struct cork_path *other);
+
+
+/*-----------------------------------------------------------------------
+ * Lists of paths
+ */
+
+struct cork_path_list;
+
+CORK_API struct cork_path_list *
+cork_path_list_new_empty(void);
+
+/* list must be a colon-separated list of paths */
+CORK_API struct cork_path_list *
+cork_path_list_new(const char *list);
+
+CORK_API void
+cork_path_list_free(struct cork_path_list *list);
+
+CORK_API const char *
+cork_path_list_to_string(const struct cork_path_list *list);
+
+/* Takes control of path.  path must not already be in the list. */
+CORK_API void
+cork_path_list_add(struct cork_path_list *list, struct cork_path *path);
+
+CORK_API size_t
+cork_path_list_size(const struct cork_path_list *list);
+
+/* The list still owns path; you must not free it or modify it. */
+CORK_API const struct cork_path *
+cork_path_list_get(const struct cork_path_list *list, size_t index);
+
+
+/*-----------------------------------------------------------------------
+ * Files
+ */
+
+#define CORK_FILE_RECURSIVE   0x0001
+#define CORK_FILE_PERMISSIVE  0x0002
+
+typedef unsigned int  cork_file_mode;
+
+enum cork_file_type {
+    CORK_FILE_MISSING = 0,
+    CORK_FILE_REGULAR = 1,
+    CORK_FILE_DIRECTORY = 2,
+    CORK_FILE_SYMLINK = 3,
+    CORK_FILE_UNKNOWN = 4
+};
+
+struct cork_file;
+
+CORK_API struct cork_file *
+cork_file_new(const char *path);
+
+/* Takes control of path */
+CORK_API struct cork_file *
+cork_file_new_from_path(struct cork_path *path);
+
+CORK_API void
+cork_file_free(struct cork_file *file);
+
+/* File owns the result; you should not free it */
+CORK_API const struct cork_path *
+cork_file_path(struct cork_file *file);
+
+CORK_API int
+cork_file_exists(struct cork_file *file, bool *exists);
+
+CORK_API int
+cork_file_type(struct cork_file *file, enum cork_file_type *type);
+
+
+typedef int
+(*cork_file_directory_iterator)(struct cork_file *child, const char *rel_name,
+                                void *user_data);
+
+CORK_API int
+cork_file_iterate_directory(struct cork_file *file,
+                            cork_file_directory_iterator iterator,
+                            void *user_data);
+
+/* If flags includes CORK_FILE_RECURSIVE, this creates parent directories,
+ * if needed.  If flags doesn't include CORK_FILE_PERMISSIVE, then it's an error
+ * if the directory already exists. */
+CORK_API int
+cork_file_mkdir(struct cork_file *file, cork_file_mode mode,
+                unsigned int flags);
+
+/* Removes a file or directory.  If file is a directory, and flags contains
+ * CORK_FILE_RECURSIVE, then all of the directory's contents are removed, too.
+ * Otherwise, the directory must already be empty. */
+CORK_API int
+cork_file_remove(struct cork_file *file, unsigned int flags);
+
+
+CORK_API struct cork_file *
+cork_path_list_find_file(const struct cork_path_list *list,
+                         const char *rel_path);
+
+
+/*-----------------------------------------------------------------------
+ * Lists of files
+ */
+
+struct cork_file_list;
+
+CORK_API struct cork_file_list *
+cork_file_list_new_empty(void);
+
+CORK_API struct cork_file_list *
+cork_file_list_new(struct cork_path_list *path_list);
+
+CORK_API void
+cork_file_list_free(struct cork_file_list *list);
+
+/* Takes control of file.  file must not already be in the list. */
+CORK_API void
+cork_file_list_add(struct cork_file_list *list, struct cork_file *file);
+
+CORK_API size_t
+cork_file_list_size(struct cork_file_list *list);
+
+/* The list still owns file; you must not free it.  Editing the file updates the
+ * entry in the list. */
+CORK_API struct cork_file *
+cork_file_list_get(struct cork_file_list *list, size_t index);
+
+
+CORK_API struct cork_file_list *
+cork_path_list_find_files(const struct cork_path_list *list,
+                          const char *rel_path);
+
+
+/*-----------------------------------------------------------------------
+ * Walking a directory tree
+ */
+
+#define CORK_SKIP_DIRECTORY  1
+
+struct cork_dir_walker {
+    int
+    (*enter_directory)(struct cork_dir_walker *walker, const char *full_path,
+                       const char *rel_path, const char *base_name);
+
+    int
+    (*file)(struct cork_dir_walker *walker, const char *full_path,
+            const char *rel_path, const char *base_name);
+
+    int
+    (*leave_directory)(struct cork_dir_walker *walker, const char *full_path,
+                       const char *rel_path, const char *base_name);
+};
+
+#define cork_dir_walker_enter_directory(w, fp, rp, bn) \
+    ((w)->enter_directory((w), (fp), (rp), (bn)))
+
+#define cork_dir_walker_file(w, fp, rp, bn) \
+    ((w)->file((w), (fp), (rp), (bn)))
+
+#define cork_dir_walker_leave_directory(w, fp, rp, bn) \
+    ((w)->leave_directory((w), (fp), (rp), (bn)))
+
+
+CORK_API int
+cork_walk_directory(const char *path, struct cork_dir_walker *walker);
+
+
+/*-----------------------------------------------------------------------
+ * Standard paths and path lists
+ */
+
+CORK_API struct cork_path *
+cork_path_home(void);
+
+
+CORK_API struct cork_path_list *
+cork_path_config_paths(void);
+
+CORK_API struct cork_path_list *
+cork_path_data_paths(void);
+
+CORK_API struct cork_path *
+cork_path_user_cache_path(void);
+
+CORK_API struct cork_path *
+cork_path_user_runtime_path(void);
+
+
+#endif /* LIBCORK_CORE_FILES_H */
diff --git a/client/3rd/ShadowSocks/ShadowSocks/shadowsocks-libev/libcork/include/libcork/os/process.h b/client/3rd/ShadowSocks/ShadowSocks/shadowsocks-libev/libcork/include/libcork/os/process.h
new file mode 100644
index 00000000..5d7813dc
--- /dev/null
+++ b/client/3rd/ShadowSocks/ShadowSocks/shadowsocks-libev/libcork/include/libcork/os/process.h
@@ -0,0 +1,28 @@
+/* -*- coding: utf-8 -*-
+ * ----------------------------------------------------------------------
+ * Copyright © 2013, RedJack, LLC.
+ * All rights reserved.
+ *
+ * Please see the COPYING file in this distribution for license
+ * details.
+ * ----------------------------------------------------------------------
+ */
+
+#ifndef LIBCORK_CORE_PROCESS_H
+#define LIBCORK_CORE_PROCESS_H
+
+#include <libcork/core/api.h>
+
+
+typedef void
+(*cork_cleanup_function)(void);
+
+CORK_API void
+cork_cleanup_at_exit_named(const char *name, int priority,
+                           cork_cleanup_function function);
+
+#define cork_cleanup_at_exit(priority, function) \
+    cork_cleanup_at_exit_named(#function, priority, function)
+
+
+#endif /* LIBCORK_CORE_PROCESS_H */
diff --git a/client/3rd/ShadowSocks/ShadowSocks/shadowsocks-libev/libcork/include/libcork/os/subprocess.h b/client/3rd/ShadowSocks/ShadowSocks/shadowsocks-libev/libcork/include/libcork/os/subprocess.h
new file mode 100644
index 00000000..31c1eb51
--- /dev/null
+++ b/client/3rd/ShadowSocks/ShadowSocks/shadowsocks-libev/libcork/include/libcork/os/subprocess.h
@@ -0,0 +1,197 @@
+/* -*- coding: utf-8 -*-
+ * ----------------------------------------------------------------------
+ * Copyright © 2012-2014, RedJack, LLC.
+ * All rights reserved.
+ *
+ * Please see the COPYING file in this distribution for license details.
+ * ----------------------------------------------------------------------
+ */
+
+#ifndef LIBCORK_OS_SUBPROCESS_H
+#define LIBCORK_OS_SUBPROCESS_H
+
+#include <stdarg.h>
+
+#include <libcork/core/api.h>
+#include <libcork/core/callbacks.h>
+#include <libcork/core/types.h>
+#include <libcork/ds/stream.h>
+#include <libcork/threads/basics.h>
+
+
+/*-----------------------------------------------------------------------
+ * Environments
+ */
+
+struct cork_env;
+
+CORK_API struct cork_env *
+cork_env_new(void);
+
+CORK_API struct cork_env *
+cork_env_clone_current(void);
+
+CORK_API void
+cork_env_free(struct cork_env *env);
+
+
+CORK_API void
+cork_env_replace_current(struct cork_env *env);
+
+
+/* For all of the following, if env is NULL, these functions access or update
+ * the actual environment of the current process.  Otherwise, they act on the
+ * given environment instance. */
+
+CORK_API const char *
+cork_env_get(struct cork_env *env, const char *name);
+
+CORK_API void
+cork_env_add(struct cork_env *env, const char *name, const char *value);
+
+CORK_API void
+cork_env_add_printf(struct cork_env *env, const char *name,
+                    const char *format, ...)
+    CORK_ATTR_PRINTF(3,4);
+
+CORK_API void
+cork_env_add_vprintf(struct cork_env *env, const char *name,
+                     const char *format, va_list args)
+    CORK_ATTR_PRINTF(3,0);
+
+CORK_API void
+cork_env_remove(struct cork_env *env, const char *name);
+
+
+/*-----------------------------------------------------------------------
+ * Executing another process
+ */
+
+struct cork_exec;
+
+CORK_API struct cork_exec *
+cork_exec_new(const char *program);
+
+CORK_ATTR_SENTINEL
+CORK_API struct cork_exec *
+cork_exec_new_with_params(const char *program, ...);
+
+CORK_API struct cork_exec *
+cork_exec_new_with_param_array(const char *program, char * const *params);
+
+CORK_API void
+cork_exec_free(struct cork_exec *exec);
+
+CORK_API const char *
+cork_exec_description(struct cork_exec *exec);
+
+CORK_API const char *
+cork_exec_program(struct cork_exec *exec);
+
+CORK_API size_t
+cork_exec_param_count(struct cork_exec *exec);
+
+CORK_API const char *
+cork_exec_param(struct cork_exec *exec, size_t index);
+
+CORK_API void
+cork_exec_add_param(struct cork_exec *exec, const char *param);
+
+/* Can return NULL */
+CORK_API struct cork_env *
+cork_exec_env(struct cork_exec *exec);
+
+/* Takes control of env */
+CORK_API void
+cork_exec_set_env(struct cork_exec *exec, struct cork_env *env);
+
+/* Can return NULL */
+CORK_API const char *
+cork_exec_cwd(struct cork_exec *exec);
+
+CORK_API void
+cork_exec_set_cwd(struct cork_exec *exec, const char *directory);
+
+CORK_API int
+cork_exec_run(struct cork_exec *exec);
+
+
+/*-----------------------------------------------------------------------
+ * Subprocesses
+ */
+
+struct cork_subprocess;
+
+/* If env is NULL, we use the environment variables of the calling process. */
+
+/* Takes control of body */
+CORK_API struct cork_subprocess *
+cork_subprocess_new(void *user_data, cork_free_f free_user_data,
+                    cork_run_f run,
+                    struct cork_stream_consumer *stdout_consumer,
+                    struct cork_stream_consumer *stderr_consumer,
+                    int *exit_code);
+
+/* Takes control of exec */
+CORK_API struct cork_subprocess *
+cork_subprocess_new_exec(struct cork_exec *exec,
+                         struct cork_stream_consumer *stdout_consumer,
+                         struct cork_stream_consumer *stderr_consumer,
+                         int *exit_code);
+
+CORK_API void
+cork_subprocess_free(struct cork_subprocess *sub);
+
+CORK_API struct cork_stream_consumer *
+cork_subprocess_stdin(struct cork_subprocess *sub);
+
+CORK_API int
+cork_subprocess_start(struct cork_subprocess *sub);
+
+CORK_API bool
+cork_subprocess_is_finished(struct cork_subprocess *sub);
+
+CORK_API int
+cork_subprocess_abort(struct cork_subprocess *sub);
+
+CORK_API bool
+cork_subprocess_drain(struct cork_subprocess *sub);
+
+CORK_API int
+cork_subprocess_wait(struct cork_subprocess *sub);
+
+
+/*-----------------------------------------------------------------------
+ * Groups of subprocesses
+ */
+
+struct cork_subprocess_group;
+
+CORK_API struct cork_subprocess_group *
+cork_subprocess_group_new(void);
+
+CORK_API void
+cork_subprocess_group_free(struct cork_subprocess_group *group);
+
+/* Takes control of sub */
+CORK_API void
+cork_subprocess_group_add(struct cork_subprocess_group *group,
+                          struct cork_subprocess *sub);
+
+CORK_API int
+cork_subprocess_group_start(struct cork_subprocess_group *group);
+
+CORK_API bool
+cork_subprocess_group_is_finished(struct cork_subprocess_group *group);
+
+CORK_API int
+cork_subprocess_group_abort(struct cork_subprocess_group *group);
+
+CORK_API bool
+cork_subprocess_group_drain(struct cork_subprocess_group *group);
+
+CORK_API int
+cork_subprocess_group_wait(struct cork_subprocess_group *group);
+
+
+#endif /* LIBCORK_OS_SUBPROCESS_H */
diff --git a/client/3rd/ShadowSocks/ShadowSocks/shadowsocks-libev/libcork/include/libcork/threads.h b/client/3rd/ShadowSocks/ShadowSocks/shadowsocks-libev/libcork/include/libcork/threads.h
new file mode 100644
index 00000000..c0084191
--- /dev/null
+++ b/client/3rd/ShadowSocks/ShadowSocks/shadowsocks-libev/libcork/include/libcork/threads.h
@@ -0,0 +1,19 @@
+/* -*- coding: utf-8 -*-
+ * ----------------------------------------------------------------------
+ * Copyright © 2012, RedJack, LLC.
+ * All rights reserved.
+ *
+ * Please see the COPYING file in this distribution for license
+ * details.
+ * ----------------------------------------------------------------------
+ */
+
+#ifndef LIBCORK_THREADS_H
+#define LIBCORK_THREADS_H
+
+/*** include all of the parts ***/
+
+#include <libcork/threads/atomics.h>
+#include <libcork/threads/basics.h>
+
+#endif /* LIBCORK_THREADS_H */
diff --git a/client/3rd/ShadowSocks/ShadowSocks/shadowsocks-libev/libcork/include/libcork/threads/atomics.h b/client/3rd/ShadowSocks/ShadowSocks/shadowsocks-libev/libcork/include/libcork/threads/atomics.h
new file mode 100644
index 00000000..d1f139b4
--- /dev/null
+++ b/client/3rd/ShadowSocks/ShadowSocks/shadowsocks-libev/libcork/include/libcork/threads/atomics.h
@@ -0,0 +1,50 @@
+/* -*- coding: utf-8 -*-
+ * ----------------------------------------------------------------------
+ * Copyright © 2012, RedJack, LLC.
+ * All rights reserved.
+ *
+ * Please see the COPYING file in this distribution for license
+ * details.
+ * ----------------------------------------------------------------------
+ */
+
+#ifndef LIBCORK_THREADS_ATOMICS_H
+#define LIBCORK_THREADS_ATOMICS_H
+
+#include <libcork/config.h>
+#include <libcork/core/types.h>
+
+/*-----------------------------------------------------------------------
+ * GCC intrinsics
+ */
+
+/* Ideally we can use GCC's intrinsics to define everything */
+#if defined(CORK_CONFIG_HAVE_GCC_ATOMICS)
+
+#define cork_int_atomic_add        __sync_add_and_fetch
+#define cork_uint_atomic_add       __sync_add_and_fetch
+#define cork_size_atomic_add       __sync_add_and_fetch
+#define cork_int_atomic_pre_add    __sync_fetch_and_add
+#define cork_uint_atomic_pre_add   __sync_fetch_and_add
+#define cork_size_atomic_pre_add   __sync_fetch_and_add
+#define cork_int_atomic_sub        __sync_sub_and_fetch
+#define cork_uint_atomic_sub       __sync_sub_and_fetch
+#define cork_size_atomic_sub       __sync_sub_and_fetch
+#define cork_int_atomic_pre_sub    __sync_fetch_and_sub
+#define cork_uint_atomic_pre_sub   __sync_fetch_and_sub
+#define cork_size_atomic_pre_sub   __sync_fetch_and_sub
+#define cork_int_cas               __sync_val_compare_and_swap
+#define cork_uint_cas              __sync_val_compare_and_swap
+#define cork_size_cas              __sync_val_compare_and_swap
+#define cork_ptr_cas               __sync_val_compare_and_swap
+
+
+/*-----------------------------------------------------------------------
+ * End of atomic implementations
+ */
+#else
+#error "No atomics implementation!"
+#endif
+
+
+#endif /* LIBCORK_THREADS_ATOMICS_H */
diff --git a/client/3rd/ShadowSocks/ShadowSocks/shadowsocks-libev/libcork/include/libcork/threads/basics.h b/client/3rd/ShadowSocks/ShadowSocks/shadowsocks-libev/libcork/include/libcork/threads/basics.h
new file mode 100644
index 00000000..6208569a
--- /dev/null
+++ b/client/3rd/ShadowSocks/ShadowSocks/shadowsocks-libev/libcork/include/libcork/threads/basics.h
@@ -0,0 +1,221 @@
+/* -*- coding: utf-8 -*-
+ * ----------------------------------------------------------------------
+ * Copyright © 2012-2014, RedJack, LLC.
+ * All rights reserved.
+ *
+ * Please see the COPYING file in this distribution for license details.
+ * ----------------------------------------------------------------------
+ */
+
+#ifndef LIBCORK_THREADS_BASICS_H
+#define LIBCORK_THREADS_BASICS_H
+
+#include <assert.h>
+
+#include <libcork/core/api.h>
+#include <libcork/core/attributes.h>
+#include <libcork/core/callbacks.h>
+#include <libcork/threads/atomics.h>
+
+
+/*-----------------------------------------------------------------------
+ * Thread IDs
+ */
+
+typedef unsigned int  cork_thread_id;
+
+#define CORK_THREAD_NONE  ((cork_thread_id) 0)
+
+/* Returns a valid ID for any thread — even the main thread and threads that
+ * aren't created by libcork. */
+CORK_API cork_thread_id
+cork_current_thread_get_id(void);
+
+
+/*-----------------------------------------------------------------------
+ * Threads
+ */
+
+struct cork_thread;
+
+/* Returns NULL for the main thread, and for any thread not created via
+ * cork_thread_new/cork_thread_start. */
+CORK_API struct cork_thread *
+cork_current_thread_get(void);
+
+CORK_API struct cork_thread *
+cork_thread_new(const char *name,
+                void *user_data, cork_free_f free_user_data,
+                cork_run_f run);
+
+/* Thread must not have been started yet. */
+CORK_API void
+cork_thread_free(struct cork_thread *thread);
+
+CORK_API const char *
+cork_thread_get_name(struct cork_thread *thread);
+
+CORK_API cork_thread_id
+cork_thread_get_id(struct cork_thread *thread);
+
+/* Can only be called once per thread.  Thread will automatically be freed when
+ * its done. */
+CORK_API int
+cork_thread_start(struct cork_thread *thread);
+
+/* Can only be called once per thread; must be called after cork_thread_start. */
+CORK_API int
+cork_thread_join(struct cork_thread *thread);
+
+
+/*-----------------------------------------------------------------------
+ * Executing something once
+ */
+
+#if CORK_CONFIG_HAVE_GCC_ASM && (CORK_CONFIG_ARCH_X86 || CORK_CONFIG_ARCH_X64)
+#define cork_pause() \
+    do { \
+        __asm__ __volatile__ ("pause"); \
+    } while (0)
+#else
+#define cork_pause()  do { /* do nothing */ } while (0)
+#endif
+
+
+#define cork_once_barrier(name) \
+    static struct { \
+        volatile int  barrier; \
+        cork_thread_id  initializing_thread; \
+    } name##__once;
+
+#define cork_once(name, call) \
+    do { \
+        if (CORK_LIKELY(name##__once.barrier == 2)) { \
+            /* already initialized */ \
+        } else { \
+            /* Try to claim the ability to perform the initialization */ \
+            int  prior_state = cork_int_cas(&name##__once.barrier, 0, 1); \
+            if (CORK_LIKELY(prior_state == 0)) { \
+                CORK_ATTR_UNUSED int  result; \
+                /* we get to initialize */ \
+                call; \
+                result = cork_int_cas(&name##__once.barrier, 1, 2); \
+                assert(result == 1); \
+            } else { \
+                /* someone else is initializing, spin/wait until done */ \
+                while (name##__once.barrier != 2) { cork_pause(); } \
+            } \
+        } \
+    } while (0)
+
+#define cork_once_recursive(name, call) \
+    do { \
+        if (CORK_LIKELY(name##__once.barrier == 2)) { \
+            /* already initialized */ \
+        } else { \
+            /* Try to claim the ability to perform the initialization */ \
+            int  prior_state = cork_int_cas(&name##__once.barrier, 0, 1); \
+            if (CORK_LIKELY(prior_state == 0)) { \
+                CORK_ATTR_UNUSED int  result; \
+                /* we get to initialize */ \
+                name##__once.initializing_thread = \
+                    cork_current_thread_get_id(); \
+                call; \
+                result = cork_int_cas(&name##__once.barrier, 1, 2); \
+                assert(result == 1); \
+            } else { \
+                /* someone else is initializing, is it us? */ \
+                if (name##__once.initializing_thread == \
+                    cork_current_thread_get_id()) { \
+                    /* yep, fall through to let our recursion continue */ \
+                } else { \
+                    /* nope; wait for the initialization to finish */ \
+                    while (name##__once.barrier != 2) { cork_pause(); } \
+                } \
+            } \
+        } \
+    } while (0)
+
+
+/*-----------------------------------------------------------------------
+ * Thread-local storage
+ */
+
+/* Prefer, in order:
+ *
+ * 1) __thread storage class
+ * 2) pthread_key_t
+ */
+
+#if CORK_CONFIG_HAVE_THREAD_STORAGE_CLASS
+#define cork_tls(TYPE, NAME) \
+static __thread TYPE  NAME##__tls; \
+\
+static TYPE * \
+NAME##_get(void) \
+{ \
+    return &NAME##__tls; \
+}
+
+#define cork_tls_with_alloc(TYPE, NAME, allocate, deallocate) \
+    cork_tls(TYPE, NAME)
+
+#elif CORK_HAVE_PTHREADS
+#include <stdlib.h>
+#include <pthread.h>
+
+#include <libcork/core/allocator.h>
+
+#define cork_tls_with_alloc(TYPE, NAME, allocate, deallocate) \
+static pthread_key_t  NAME##__tls_key; \
+cork_once_barrier(NAME##__tls_barrier); \
+\
+static void \
+NAME##__tls_destroy(void *self) \
+{ \
+    deallocate(self); \
+} \
+\
+static void \
+NAME##__create_key(void) \
+{ \
+    CORK_ATTR_UNUSED int  rc; \
+    rc = pthread_key_create(&NAME##__tls_key, &NAME##__tls_destroy); \
+    assert(rc == 0); \
+} \
+\
+static TYPE * \
+NAME##_get(void) \
+{ \
+    TYPE  *self; \
+    cork_once(NAME##__tls_barrier, NAME##__create_key()); \
+    self = pthread_getspecific(NAME##__tls_key); \
+    if (CORK_UNLIKELY(self == NULL)) { \
+        self = allocate(); \
+        pthread_setspecific(NAME##__tls_key, self); \
+    } \
+    return self; \
+}
+
+#define cork_tls(TYPE, NAME) \
+\
+static TYPE * \
+NAME##__tls_allocate(void) \
+{ \
+    return cork_calloc(1, sizeof(TYPE)); \
+} \
+\
+static void \
+NAME##__tls_deallocate(void *vself) \
+{ \
+    cork_cfree(vself, 1, sizeof(TYPE)); \
+} \
+\
+cork_tls_with_alloc(TYPE, NAME, NAME##__tls_allocate, NAME##__tls_deallocate);
+
+#else
+#error "No thread-local storage implementation!"
+#endif
+
+
+#endif /* LIBCORK_THREADS_BASICS_H */
diff --git a/client/3rd/ShadowSocks/ShadowSocks/shadowsocks-libev/libcork/make-dist.sh b/client/3rd/ShadowSocks/ShadowSocks/shadowsocks-libev/libcork/make-dist.sh
new file mode 100755
index 00000000..5999a1a9
--- /dev/null
+++ b/client/3rd/ShadowSocks/ShadowSocks/shadowsocks-libev/libcork/make-dist.sh
@@ -0,0 +1,12 @@
+#!/bin/sh
+
+PROJECT=libcork
+
+COMMIT="$1"
+if [ -z "$COMMIT" ]; then
+    COMMIT="HEAD"
+fi
+
+VERSION=$(git describe ${COMMIT})
+git archive --prefix=${PROJECT}-${VERSION}/ --format=tar ${COMMIT} | \
+    bzip2 -c > ${PROJECT}-${VERSION}.tar.bz2
diff --git a/client/3rd/ShadowSocks/ShadowSocks/shadowsocks-libev/libcork/run.sh b/client/3rd/ShadowSocks/ShadowSocks/shadowsocks-libev/libcork/run.sh
new file mode 100755
index 00000000..30f07ce5
--- /dev/null
+++ b/client/3rd/ShadowSocks/ShadowSocks/shadowsocks-libev/libcork/run.sh
@@ -0,0 +1,46 @@
+#!/bin/sh
+# Usage: run.sh [debug|release] program arguments
+#
+# Runs a program from one of the build directories, with
+# LD_LIBRARY_PATH set correctly so that it can find all of the shared
+# libraries before they're installed.
+
+
+# Check that there are enough command-line parameters.
+
+if [ $# -lt 1 ]; then
+    echo "Usage: run.sh [debug|release] program arguments"
+    exit 1
+fi
+
+
+# Verify that the user chose a valid build type.
+
+BUILD="$1"
+shift
+
+case "$BUILD" in
+    debug)
+        ;;
+    release)
+        ;;
+    *)
+        echo "Unknown build type $BUILD"
+        exit 1
+        ;;
+esac
+
+
+# Find all of the src subdirectories in the build directory, and use
+# those as the LD_LIBRARY_PATH.
+
+SRC_DIRS=$(find build/$BUILD -name src)
+JOINED=$(echo $SRC_DIRS | perl -ne 'print join(":", split)')
+
+
+# Run the desired program, and pass on any command-line arguments
+# as-is.
+
+LD_LIBRARY_PATH="$JOINED:$LD_LIBRARY_PATH" \
+DYLD_LIBRARY_PATH="$JOINED:$DYLD_LIBRARY_PATH" \
+  "$@"
diff --git a/client/3rd/ShadowSocks/ShadowSocks/shadowsocks-libev/libcork/share/CMakeLists.txt b/client/3rd/ShadowSocks/ShadowSocks/shadowsocks-libev/libcork/share/CMakeLists.txt
new file mode 100644
index 00000000..ff7d2308
--- /dev/null
+++ b/client/3rd/ShadowSocks/ShadowSocks/shadowsocks-libev/libcork/share/CMakeLists.txt
@@ -0,0 +1,12 @@
+# -*- coding: utf-8 -*-
+# ----------------------------------------------------------------------
+# Copyright © 2012, RedJack, LLC.
+# All rights reserved.
+#
+# Please see the COPYING file in this distribution for license
+# details.
+# ----------------------------------------------------------------------
+
+install(DIRECTORY ${CMAKE_CURRENT_SOURCE_DIR}/valgrind
+    DESTINATION share
+    FILES_MATCHING PATTERN "*.supp")
diff --git a/client/3rd/ShadowSocks/ShadowSocks/shadowsocks-libev/libcork/share/valgrind/libcork.supp b/client/3rd/ShadowSocks/ShadowSocks/shadowsocks-libev/libcork/share/valgrind/libcork.supp
new file mode 100644
index 00000000..efe19c04
--- /dev/null
+++ b/client/3rd/ShadowSocks/ShadowSocks/shadowsocks-libev/libcork/share/valgrind/libcork.supp
@@ -0,0 +1,8 @@
+# Valgrind suppressions for libcork
+
+{
+   libcork/cork_gc_get
+   Memcheck:Leak
+   fun:calloc
+   fun:cork_gc_get
+}
diff --git a/client/3rd/ShadowSocks/ShadowSocks/shadowsocks-libev/libcork/src/APPNAME.pc.in b/client/3rd/ShadowSocks/ShadowSocks/shadowsocks-libev/libcork/src/APPNAME.pc.in
new file mode 100644
index 00000000..6659275d
--- /dev/null
+++ b/client/3rd/ShadowSocks/ShadowSocks/shadowsocks-libev/libcork/src/APPNAME.pc.in
@@ -0,0 +1,13 @@
+prefix=@prefix@
+exec_prefix=${prefix}
+libdir=${exec_prefix}/lib
+includedir=${prefix}/include
+sharedir=${prefix}/share
+sphinxdir=${sharedir}/doc/APPNAME/html
+
+Name: APPNAME
+Description: FILL_THIS_IN
+Version: @VERSION@
+URL: FILL_THIS_IN
+Libs: -L${libdir} -lAPPNAME
+Cflags: -I${includedir}
diff --git a/client/3rd/ShadowSocks/ShadowSocks/shadowsocks-libev/libcork/src/CMakeLists.txt b/client/3rd/ShadowSocks/ShadowSocks/shadowsocks-libev/libcork/src/CMakeLists.txt
new file mode 100644
index 00000000..ed3e3095
--- /dev/null
+++ b/client/3rd/ShadowSocks/ShadowSocks/shadowsocks-libev/libcork/src/CMakeLists.txt
@@ -0,0 +1,115 @@
+# -*- coding: utf-8 -*-
+# ----------------------------------------------------------------------
+# Copyright © 2011-2015, RedJack, LLC.
+# All rights reserved.
+#
+# Please see the COPYING file in this distribution for license details.
+# ----------------------------------------------------------------------
+
+#-----------------------------------------------------------------------
+# libcork
+
+# Update the VERSION property below according to the following rules (taken from
+# [1]):
+#
+# VERSION = current.revision.age
+#
+#   1. Start with a VERSION of `0.0.0` for each shared library.
+#   2. Update VERSION only immediately before a public release of your software.
+#      More frequent updates are unnecessary, and only guarantee that the
+#      current interface number gets larger faster.
+#   3. If the library source code has changed at all since the last update, then
+#      increment `revision` (`c.r.a` becomes `c.r+1.a`).
+#   4. If any interfaces have been added, removed, or changed since the last
+#      update, increment `current`, and set `revision` to 0.
+#   5. If any interfaces have been added since the last public release, then
+#      increment `age`.
+#   6. If any interfaces have been removed or changed since the last public
+#      release, then set `age` to 0.
+#
+# Note that changing `current` means that you are releasing a new
+# backwards-incompatible version of the library.  This has implications on
+# packaging, so once an API has stabilized, this should be a rare occurrence.
+#
+# [1] http://www.gnu.org/software/libtool/manual/html_node/Updating-version-info.html#Updating-version-info
+
+add_c_library(
+    libcork
+    OUTPUT_NAME cork
+    PKGCONFIG_NAME libcork
+    VERSION 16.0.1
+    SOURCES
+        libcork/cli/commands.c
+        libcork/core/allocator.c
+        libcork/core/error.c
+        libcork/core/gc.c
+        libcork/core/hash.c
+        libcork/core/ip-address.c
+        libcork/core/mempool.c
+        libcork/core/timestamp.c
+        libcork/core/u128.c
+        libcork/core/version.c
+        libcork/ds/array.c
+        libcork/ds/bitset.c
+        libcork/ds/buffer.c
+        libcork/ds/dllist.c
+        libcork/ds/file-stream.c
+        libcork/ds/hash-table.c
+        libcork/ds/managed-buffer.c
+        libcork/ds/ring-buffer.c
+        libcork/ds/slice.c
+        libcork/posix/directory-walker.c
+        libcork/posix/env.c
+        libcork/posix/exec.c
+        libcork/posix/files.c
+        libcork/posix/process.c
+        libcork/posix/subprocess.c
+        libcork/pthreads/thread.c
+    LIBRARIES
+        threads
+)
+
+if (ENABLE_SHARED OR ENABLE_SHARED_EXECUTABLES)
+    set_target_properties(libcork-shared PROPERTIES
+        COMPILE_DEFINITIONS CORK_API=CORK_EXPORT
+    )
+endif (ENABLE_SHARED OR ENABLE_SHARED_EXECUTABLES)
+
+if (ENABLE_STATIC OR NOT ENABLE_SHARED_EXECUTABLES)
+    set_target_properties(libcork-static PROPERTIES
+        COMPILE_DEFINITIONS CORK_API=CORK_LOCAL
+    )
+endif (ENABLE_STATIC OR NOT ENABLE_SHARED_EXECUTABLES)
+
+
+#-----------------------------------------------------------------------
+# Utility commands
+
+add_c_executable(
+    cork-hash
+    OUTPUT_NAME cork-hash
+    SOURCES cork-hash/cork-hash.c
+    LOCAL_LIBRARIES
+        libcork
+)
+
+add_c_executable(
+    cork-initializer
+    SKIP_INSTALL
+    OUTPUT_NAME cork-initializer
+    SOURCES
+        cork-initializer/init1.c
+        cork-initializer/init2.c
+        cork-initializer/main.c
+    LOCAL_LIBRARIES
+        libcork
+)
+
+add_c_executable(
+    cork-test
+    SKIP_INSTALL
+    OUTPUT_NAME cork-test
+    SOURCES cork-test/cork-test.c
+    LOCAL_LIBRARIES
+        libcork
+)
diff --git a/client/3rd/ShadowSocks/ShadowSocks/shadowsocks-libev/libcork/src/cork-hash/cork-hash.c b/client/3rd/ShadowSocks/ShadowSocks/shadowsocks-libev/libcork/src/cork-hash/cork-hash.c
new file mode 100644
index 00000000..159a7c07
--- /dev/null
+++ b/client/3rd/ShadowSocks/ShadowSocks/shadowsocks-libev/libcork/src/cork-hash/cork-hash.c
@@ -0,0 +1,122 @@
+/* -*- coding: utf-8 -*-
+ * ----------------------------------------------------------------------
+ * Copyright © 2012-2015, RedJack, LLC.
+ * All rights reserved.
+ *
+ * Please see the COPYING file in this distribution for license details.
+ * ----------------------------------------------------------------------
+ */
+
+#include <getopt.h>
+#include <stdlib.h>
+#include <stdio.h>
+#include <string.h>
+
+#include <libcork/core.h>
+
+enum cork_hash_type {
+    CORK_HASH_BIG,
+    CORK_HASH_FASTEST,
+    CORK_HASH_STABLE
+};
+
+static enum cork_hash_type  type = CORK_HASH_STABLE;
+static const char  *string = NULL;
+
+#define OPT_VERSION 1000
+
+static struct option  opts[] = {
+    { "big", no_argument, NULL, 'b' },
+    { "fastest", no_argument, NULL, 'f' },
+    { "stable", no_argument, NULL, 's' },
+    { "version", no_argument, NULL, OPT_VERSION },
+    { NULL, 0, NULL, 0 }
+};
+
+static void
+usage(void)
+{
+    fprintf(stderr,
+            "Usage: cork-hash [<options>] <string>\n"
+            "\n"
+            "Options:\n"
+            "  -b, --big\n"
+            "  -f, --fastest\n"
+            "  -s, --stable\n");
+}
+
+static void
+print_version(void)
+{
+    const char  *version = cork_version_string();
+    const char  *revision = cork_revision_string();
+
+    printf("cork-hash %s\n", version);
+    if (strcmp(version, revision) != 0) {
+        printf("Revision %s\n", revision);
+    }
+}
+
+static void
+parse_options(int argc, char **argv)
+{
+    int  ch;
+    while ((ch = getopt_long(argc, argv, "+bfs", opts, NULL)) != -1) {
+        switch (ch) {
+            case 'b':
+                type = CORK_HASH_BIG;
+                break;
+            case 'f':
+                type = CORK_HASH_FASTEST;
+                break;
+            case 's':
+                type = CORK_HASH_STABLE;
+                break;
+            case OPT_VERSION:
+                print_version();
+                exit(EXIT_SUCCESS);
+            default:
+                usage();
+                exit(EXIT_FAILURE);
+        }
+    }
+
+    if (optind != argc-1) {
+        usage();
+        exit(EXIT_FAILURE);
+    }
+
+    string = argv[optind];
+}
+
+#ifndef LIB_ONLY
+int
+main(int argc, char **argv)
+{
+    parse_options(argc, argv);
+
+    if (type == CORK_HASH_BIG) {
+        cork_big_hash  result = CORK_BIG_HASH_INIT();
+        result = cork_big_hash_buffer(result, string, strlen(string));
+        printf("%016" PRIx64 "%016" PRIx64 "\n",
+               cork_u128_be64(result.u128, 0),
+               cork_u128_be64(result.u128, 1));
+    }
+
+    if (type == CORK_HASH_FASTEST) {
+        /* don't include NUL terminator in hash */
+        cork_hash  result = 0;
+        result = cork_hash_buffer(result, string, strlen(string));
+        printf("0x%08" PRIx32 "\n", result);
+    }
+
+    if (type == CORK_HASH_STABLE) {
+        /* don't include NUL terminator in hash */
+        cork_hash  result = 0;
+        result = cork_stable_hash_buffer(result, string, strlen(string));
+        printf("0x%08" PRIx32 "\n", result);
+    }
+
+    return EXIT_SUCCESS;
+}
+#endif
diff --git a/client/3rd/ShadowSocks/ShadowSocks/shadowsocks-libev/libcork/src/cork-initializer/init1.c b/client/3rd/ShadowSocks/ShadowSocks/shadowsocks-libev/libcork/src/cork-initializer/init1.c
new file mode 100644
index 00000000..7202c55e
--- /dev/null
+++ b/client/3rd/ShadowSocks/ShadowSocks/shadowsocks-libev/libcork/src/cork-initializer/init1.c
@@ -0,0 +1,18 @@
+/* -*- coding: utf-8 -*-
+ * ----------------------------------------------------------------------
+ * Copyright © 2012, RedJack, LLC.
+ * All rights reserved.
+ *
+ * Please see the COPYING file in this distribution for license
+ * details.
+ * ----------------------------------------------------------------------
+ */
+
+#include <stdio.h>
+
+#include <libcork/core.h>
+
+CORK_INITIALIZER(init)
+{
+    printf("Initializer 1\n");
+}
diff --git a/client/3rd/ShadowSocks/ShadowSocks/shadowsocks-libev/libcork/src/cork-initializer/init2.c b/client/3rd/ShadowSocks/ShadowSocks/shadowsocks-libev/libcork/src/cork-initializer/init2.c
new file mode 100644
index 00000000..148eb0cc
--- /dev/null
+++ b/client/3rd/ShadowSocks/ShadowSocks/shadowsocks-libev/libcork/src/cork-initializer/init2.c
@@ -0,0 +1,18 @@
+/* -*- coding: utf-8 -*-
+ * ----------------------------------------------------------------------
+ * Copyright © 2012, RedJack, LLC.
+ * All rights reserved.
+ *
+ * Please see the COPYING file in this distribution for license
+ * details.
+ * ----------------------------------------------------------------------
+ */
+
+#include <stdio.h>
+
+#include <libcork/core.h>
+
+CORK_INITIALIZER(init)
+{
+    printf("Initializer 2\n");
+}
diff --git a/client/3rd/ShadowSocks/ShadowSocks/shadowsocks-libev/libcork/src/cork-initializer/main.c b/client/3rd/ShadowSocks/ShadowSocks/shadowsocks-libev/libcork/src/cork-initializer/main.c
new file mode 100644
index 00000000..2aeb229c
--- /dev/null
+++ b/client/3rd/ShadowSocks/ShadowSocks/shadowsocks-libev/libcork/src/cork-initializer/main.c
@@ -0,0 +1,16 @@
+/* -*- coding: utf-8 -*-
+ * ----------------------------------------------------------------------
+ * Copyright © 2012, RedJack, LLC.
+ * All rights reserved.
+ *
+ * Please see the COPYING file in this distribution for license
+ * details.
+ * ----------------------------------------------------------------------
+ */
+#ifndef LIB_ONLY
+int
+main(int argc, char **argv)
+{
+    return 0;
+}
+#endif
diff --git a/client/3rd/ShadowSocks/ShadowSocks/shadowsocks-libev/libcork/src/cork-test/cork-test.c b/client/3rd/ShadowSocks/ShadowSocks/shadowsocks-libev/libcork/src/cork-test/cork-test.c
new file mode 100644
index 00000000..eee559f1
--- /dev/null
+++ b/client/3rd/ShadowSocks/ShadowSocks/shadowsocks-libev/libcork/src/cork-test/cork-test.c
@@ -0,0 +1,677 @@
+/* -*- coding: utf-8 -*-
+ * ----------------------------------------------------------------------
+ * Copyright © 2012, RedJack, LLC.
+ * All rights reserved.
+ *
+ * Please see the COPYING file in this distribution for license
+ * details.
+ * ----------------------------------------------------------------------
+ */
+
+#include <fcntl.h>
+#include <stdio.h>
+#include <stdlib.h>
+#include <string.h>
+
+#include "libcork/cli.h"
+#include "libcork/core.h"
+#include "libcork/ds.h"
+#include "libcork/os.h"
+
+
+#define streq(s1, s2)  (strcmp((s1), (s2)) == 0)
+
+#define ri_check_exit(call) \
+    do { \
+        if ((call) != 0) { \
+            fprintf(stderr, "%s\n", cork_error_message()); \
+            exit(EXIT_FAILURE); \
+        } \
+    } while (0)
+
+#define rp_check_exit(call) \
+    do { \
+        if ((call) == NULL) { \
+            fprintf(stderr, "%s\n", cork_error_message()); \
+            exit(EXIT_FAILURE); \
+        } \
+    } while (0)
+
+
+/*-----------------------------------------------------------------------
+ * Command list
+ */
+
+static bool  test_option = false;
+static const char  *file_option = NULL;
+
+/* cork-test c1 s1 */
+
+static int
+c1_s1_options(int argc, char **argv);
+
+static void
+c1_s1_run(int argc, char **argv);
+
+static struct cork_command  c1_s1 =
+    cork_leaf_command("s1", "Subcommand 1", "[<options>] <filename>",
+                      "This is a pretty cool command.\n",
+                      c1_s1_options, c1_s1_run);
+
+static int
+c1_s1_options(int argc, char **argv)
+{
+    if (argc >= 2 && (streq(argv[1], "-t") || streq(argv[1], "--test"))) {
+        test_option = true;
+        return 2;
+    } else {
+        return 1;
+    }
+}
+
+static void
+c1_s1_run(int argc, char **argv)
+{
+    printf("You chose command \"c1 s1\".  Good for you!\n");
+    if (test_option) {
+        printf("And you gave the --test option!  Look at that.\n");
+    }
+    if (file_option != NULL) {
+        printf("And you want the file to be %s.  Sure thing.\n", file_option);
+    }
+    exit(EXIT_SUCCESS);
+}
+
+
+/* cork-test c1 s2 */
+
+static void
+c1_s2_run(int argc, char **argv)
+{
+    printf("You chose command \"c1 s2\".  Fantastico!\n");
+    if (file_option != NULL) {
+        struct cork_stream_consumer  *consumer;
+        printf("And you want the file to be %s.  Sure thing.\n", file_option);
+
+        /* Print the contents of the file to stdout. */
+        rp_check_exit(consumer = cork_file_consumer_new(stdout));
+        ri_check_exit(cork_consume_file_from_path
+                      (consumer, file_option, O_RDONLY));
+        cork_stream_consumer_free(consumer);
+    }
+
+    exit(EXIT_SUCCESS);
+}
+
+static struct cork_command  c1_s2 =
+    cork_leaf_command("s2", "Subcommand 2", "[<options>] <filename>",
+                      "This is an excellent command.\n",
+                      NULL, c1_s2_run);
+
+
+/* cork-test c1 */
+
+static int
+c1_options(int argc, char **argv);
+
+static struct cork_command  *c1_subcommands[] = {
+    &c1_s1, &c1_s2, NULL
+};
+
+static struct cork_command  c1 =
+    cork_command_set("c1", "Command 1 (now with subcommands)",
+                     c1_options, c1_subcommands);
+
+static int
+c1_options(int argc, char **argv)
+{
+    if (argc >= 3) {
+        if (streq(argv[1], "-f") || streq(argv[1], "--file")) {
+            file_option = argv[2];
+            return 3;
+        }
+    }
+
+    if (argc >= 2) {
+        if (memcmp(argv[1], "--file=", 7) == 0) {
+            file_option = argv[1] + 7;
+            return 2;
+        }
+    }
+
+    return 1;
+}
+
+
+/* cork-test c2 */
+
+static void
+c2_run(int argc, char **argv)
+{
+    printf("You chose command \"c2\".  That's pretty good.\n");
+    exit(EXIT_SUCCESS);
+}
+
+static struct cork_command  c2 =
+    cork_leaf_command("c2", "Command 2", "[<options>] <filename>",
+                      "This command is pretty decent.\n",
+                      NULL, c2_run);
+
+
+/*-----------------------------------------------------------------------
+ * Forking subprocesses
+ */
+
+static const char  *sub_cwd = NULL;
+static const char  *sub_stdin = NULL;
+
+static int
+sub_options(int argc, char **argv);
+
+static void
+sub_run(int argc, char **argv);
+
+static struct cork_command  sub =
+    cork_leaf_command("sub", "Run a subcommand", "<program> [<options>]",
+                      "Runs a subcommand.\n",
+                      sub_options, sub_run);
+
+static int
+sub_options(int argc, char **argv)
+{
+    int  processed = 1;
+    for (argc--, argv++; argc >= 1; argc--, argv++, processed++) {
+        if ((streq(argv[0], "-d") || streq(argv[0], "--cwd"))) {
+            if (argc >= 2) {
+                sub_cwd = argv[1];
+                argc--, argv++, processed++;
+            } else {
+                cork_command_show_help(&sub, "Missing directory for --cwd");
+                exit(EXIT_FAILURE);
+            }
+        } else if ((streq(argv[0], "-i") || streq(argv[0], "--stdin"))) {
+            if (argc >= 2) {
+                sub_stdin = argv[1];
+                argc--, argv++, processed++;
+            } else {
+                cork_command_show_help(&sub, "Missing content for --stdin");
+                exit(EXIT_FAILURE);
+            }
+        } else {
+            return processed;
+        }
+    }
+    return processed;
+}
+
+static void
+sub_run(int argc, char **argv)
+{
+    struct cork_env  *env;
+    struct cork_exec  *exec;
+    struct cork_subprocess_group  *group;
+    struct cork_subprocess  *sp;
+    struct cork_stream_consumer  *stdin_consumer;
+
+    if (argc == 0) {
+        cork_command_show_help(&sub, "Missing command");
+        exit(EXIT_FAILURE);
+    }
+
+    rp_check_exit(env = cork_env_clone_current());
+    rp_check_exit(exec = cork_exec_new_with_param_array(argv[0], argv));
+    cork_exec_set_env(exec, env);
+    if (sub_cwd != NULL) {
+        cork_exec_set_cwd(exec, sub_cwd);
+    }
+    fprintf(stderr, "%s\n", cork_exec_description(exec));
+    rp_check_exit(group = cork_subprocess_group_new());
+    rp_check_exit(sp = cork_subprocess_new_exec(exec, NULL, NULL, NULL));
+    cork_subprocess_group_add(group, sp);
+    ri_check_exit(cork_subprocess_group_start(group));
+    stdin_consumer = cork_subprocess_stdin(sp);
+    if (sub_stdin != NULL) {
+        size_t  stdin_length = strlen(sub_stdin);
+        cork_stream_consumer_data
+            (stdin_consumer, sub_stdin, stdin_length, true);
+        cork_stream_consumer_data(stdin_consumer, "\n", 1, false);
+    }
+    cork_stream_consumer_eof(stdin_consumer);
+    ri_check_exit(cork_subprocess_group_wait(group));
+    cork_subprocess_group_free(group);
+}
+
+
+/*-----------------------------------------------------------------------
+ * pwd
+ */
+
+/* cork-test pwd */
+
+static void
+pwd_run(int argc, char **argv);
+
+static struct cork_command  pwd =
+    cork_leaf_command("pwd", "Print working directory",
+                      "",
+                      "Prints out the current working directory.\n",
+                      NULL, pwd_run);
+
+static void
+pwd_run(int argc, char **argv)
+{
+    struct cork_path  *path;
+    rp_check_exit(path = cork_path_cwd());
+    printf("%s\n", cork_path_get(path));
+    cork_path_free(path);
+    exit(EXIT_SUCCESS);
+}
+
+
+/*-----------------------------------------------------------------------
+ * mkdir
+ */
+
+static unsigned int  mkdir_flags = CORK_FILE_PERMISSIVE;
+
+/* cork-test mkdir */
+
+static int
+mkdir_options(int argc, char **argv);
+
+static void
+mkdir_run(int argc, char **argv);
+
+static struct cork_command  mkdir_cmd =
+    cork_leaf_command("mkdir", "Create a directory",
+                      "[<options>] <path>",
+                      "Create a new directory.\n",
+                      mkdir_options, mkdir_run);
+
+static int
+mkdir_options(int argc, char **argv)
+{
+    int  count = 1;
+
+    while (count < argc) {
+        if (streq(argv[count], "--recursive")) {
+            mkdir_flags |= CORK_FILE_RECURSIVE;
+            count++;
+        } else if (streq(argv[count], "--require")) {
+            mkdir_flags &= ~CORK_FILE_PERMISSIVE;
+            count++;
+        } else {
+            return count;
+        }
+    }
+
+    return count;
+}
+
+static void
+mkdir_run(int argc, char **argv)
+{
+    struct cork_file  *file;
+
+    if (argc < 1) {
+        cork_command_show_help(&mkdir_cmd, "Missing file");
+        exit(EXIT_FAILURE);
+    } else if (argc > 1) {
+        cork_command_show_help(&mkdir_cmd, "Too many directories");
+        exit(EXIT_FAILURE);
+    }
+
+    file = cork_file_new(argv[0]);
+    ri_check_exit(cork_file_mkdir(file, 0755, mkdir_flags));
+    cork_file_free(file);
+    exit(EXIT_SUCCESS);
+}
+
+
+/*-----------------------------------------------------------------------
+ * rm
+ */
+
+static unsigned int  rm_flags = CORK_FILE_PERMISSIVE;
+
+/* cork-test rm */
+
+static int
+rm_options(int argc, char **argv);
+
+static void
+rm_run(int argc, char **argv);
+
+static struct cork_command  rm_cmd =
+    cork_leaf_command("rm", "Remove a file or directory",
+                      "[<options>] <path>",
+                      "Remove a file or directory.\n",
+                      rm_options, rm_run);
+
+static int
+rm_options(int argc, char **argv)
+{
+    int  count = 1;
+
+    while (count < argc) {
+        if (streq(argv[count], "--recursive")) {
+            rm_flags |= CORK_FILE_RECURSIVE;
+            count++;
+        } else if (streq(argv[count], "--require")) {
+            rm_flags &= ~CORK_FILE_PERMISSIVE;
+            count++;
+        } else {
+            return count;
+        }
+    }
+
+    return count;
+}
+
+static void
+rm_run(int argc, char **argv)
+{
+    struct cork_file  *file;
+
+    if (argc < 1) {
+        cork_command_show_help(&rm_cmd, "Missing file");
+        exit(EXIT_FAILURE);
+    } else if (argc > 1) {
+        cork_command_show_help(&rm_cmd, "Too many directories");
+        exit(EXIT_FAILURE);
+    }
+
+    file = cork_file_new(argv[0]);
+    ri_check_exit(cork_file_remove(file, rm_flags));
+    cork_file_free(file);
+    exit(EXIT_SUCCESS);
+}
+
+
+/*-----------------------------------------------------------------------
+ * find
+ */
+
+static bool  find_all = false;
+
+/* cork-test find */
+
+static int
+find_options(int argc, char **argv);
+
+static void
+find_run(int argc, char **argv);
+
+static struct cork_command  find =
+    cork_leaf_command("find", "Search for a file in a list of directories",
+                      "<file> <path list>",
+                      "Search for a file in a list of directories.\n",
+                      find_options, find_run);
+
+static int
+find_options(int argc, char **argv)
+{
+    if (argc >= 2 && streq(argv[1], "--all")) {
+        find_all = true;
+        return 2;
+    }
+    return 1;
+}
+
+static void
+find_run(int argc, char **argv)
+{
+    struct cork_path_list  *list;
+
+    if (argc < 1) {
+        cork_command_show_help(&find, "Missing file");
+        exit(EXIT_FAILURE);
+    } else if (argc < 2) {
+        cork_command_show_help(&find, "Missing path");
+        exit(EXIT_FAILURE);
+    } else if (argc < 2) {
+        cork_command_show_help(&find, "Too many parameters");
+        exit(EXIT_FAILURE);
+    }
+
+    list = cork_path_list_new(argv[1]);
+
+    if (find_all) {
+        struct cork_file_list  *file_list;
+        size_t  i;
+        size_t  count;
+        rp_check_exit(file_list = cork_path_list_find_files(list, argv[0]));
+        count = cork_file_list_size(file_list);
+        for (i = 0; i < count; i++) {
+            struct cork_file  *file = cork_file_list_get(file_list, i);
+            printf("%s\n", cork_path_get(cork_file_path(file)));
+        }
+        cork_file_list_free(file_list);
+    } else {
+        struct cork_file  *file;
+        rp_check_exit(file = cork_path_list_find_file(list, argv[0]));
+        printf("%s\n", cork_path_get(cork_file_path(file)));
+        cork_file_free(file);
+    }
+
+    cork_path_list_free(list);
+    exit(EXIT_SUCCESS);
+}
+
+
+/*-----------------------------------------------------------------------
+ * paths
+ */
+
+/* cork-test paths */
+
+static void
+paths_run(int argc, char **argv);
+
+static struct cork_command  paths =
+    cork_leaf_command("paths", "Print out standard paths for the current user",
+                      "",
+                      "Print out standard paths for the current user.\n",
+                      NULL, paths_run);
+
+static void
+print_path(const char *prefix, struct cork_path *path)
+{
+    rp_check_exit(path);
+    printf("%s %s\n", prefix, cork_path_get(path));
+    cork_path_free(path);
+}
+
+static void
+print_path_list(const char *prefix, struct cork_path_list *list)
+{
+    rp_check_exit(list);
+    printf("%s %s\n", prefix, cork_path_list_to_string(list));
+    cork_path_list_free(list);
+}
+
+static void
+paths_run(int argc, char **argv)
+{
+    print_path     ("Home:   ", cork_path_home());
+    print_path_list("Config: ", cork_path_config_paths());
+    print_path_list("Data:   ", cork_path_data_paths());
+    print_path     ("Cache:  ", cork_path_user_cache_path());
+    print_path     ("Runtime:", cork_path_user_runtime_path());
+    exit(EXIT_SUCCESS);
+}
+
+
+/*-----------------------------------------------------------------------
+ * Directory walker
+ */
+
+static bool  only_files = false;
+static bool  shallow = false;
+static const char  *dir_path = NULL;
+
+static int
+dir_options(int argc, char **argv)
+{
+    if (argc == 3) {
+        if (streq(argv[1], "--shallow")) {
+            shallow = true;
+            dir_path = argv[2];
+            return 3;
+        } else if (streq(argv[1], "--only-files")) {
+            only_files = true;
+            dir_path = argv[2];
+            return 3;
+        }
+    }
+
+    else if (argc == 2) {
+        dir_path = argv[1];
+        return 2;
+    }
+
+    fprintf(stderr, "Invalid usage.\n");
+    exit(EXIT_FAILURE);
+}
+
+static size_t  indent = 0;
+
+static void
+print_indent(void)
+{
+    size_t  i;
+    for (i = 0; i < indent; i++) {
+        printf("  ");
+    }
+}
+
+static int
+enter_directory(struct cork_dir_walker *walker, const char *full_path,
+                const char *rel_path, const char *base_name)
+{
+    print_indent();
+    if (shallow) {
+        printf("Skipping %s\n", rel_path);
+        return CORK_SKIP_DIRECTORY;
+    } else if (only_files) {
+        return 0;
+    } else {
+        printf("Entering %s (%s)\n", base_name, rel_path);
+        indent++;
+        return 0;
+    }
+}
+
+static int
+print_file(struct cork_dir_walker *walker, const char *full_path,
+           const char *rel_path, const char *base_name)
+{
+    if (only_files) {
+        printf("%s\n", rel_path);
+    } else {
+        print_indent();
+        printf("%s (%s) (%s)\n", base_name, rel_path, full_path);
+    }
+    return 0;
+}
+
+static int
+leave_directory(struct cork_dir_walker *walker, const char *full_path,
+                const char *rel_path, const char *base_name)
+{
+    if (!only_files) {
+        indent--;
+        print_indent();
+        printf("Leaving %s\n", rel_path);
+    }
+    return 0;
+}
+
+static struct cork_dir_walker  walker = {
+    enter_directory,
+    print_file,
+    leave_directory
+};
+
+static void
+dir_run(int argc, char **argv)
+{
+    ri_check_exit(cork_walk_directory(dir_path, &walker));
+    exit(EXIT_SUCCESS);
+}
+
+static struct cork_command  dir =
+    cork_leaf_command("dir", "Print the contents of a directory",
+                      "[--shallow] <path>",
+                      "Prints the contents of a directory.\n",
+                      dir_options, dir_run);
+
+
+/*-----------------------------------------------------------------------
+ * Cleanup functions
+ */
+
+#define define_cleanup_function(id) \
+static void \
+cleanup_##id(void) \
+{ \
+    printf("Cleanup function " #id "\n"); \
+}
+
+define_cleanup_function(0);
+define_cleanup_function(1);
+define_cleanup_function(2);
+define_cleanup_function(3);
+define_cleanup_function(4);
+define_cleanup_function(5);
+
+static void
+cleanup_run(int argc, char **argv)
+{
+    cork_cleanup_at_exit(10, cleanup_1);
+    cork_cleanup_at_exit( 0, cleanup_0);
+    cork_cleanup_at_exit(50, cleanup_5);
+    cork_cleanup_at_exit(20, cleanup_2);
+    cork_cleanup_at_exit(40, cleanup_4);
+    cork_cleanup_at_exit(30, cleanup_3);
+}
+
+static struct cork_command  cleanup =
+    cork_leaf_command("cleanup", "Test process cleanup functions", "",
+                      "Test process cleanup functions.\n",
+                      NULL, cleanup_run);
+
+
+/*-----------------------------------------------------------------------
+ * Root command
+ */
+
+/* [root] cork-test */
+
+static struct cork_command  *root_subcommands[] = {
+    &c1, &c2,
+    &pwd,
+    &mkdir_cmd,
+    &rm_cmd,
+    &find,
+    &paths,
+    &dir,
+    &sub,
+    &cleanup,
+    NULL
+};
+
+static struct cork_command  root_command =
+    cork_command_set("cork-test", NULL, NULL, root_subcommands);
+
+
+/*-----------------------------------------------------------------------
+ * Entry point
+ */
+#ifndef LIB_ONLY
+int
+main(int argc, char **argv)
+{
+    return cork_command_main(&root_command, argc, argv);
+}
+#endif
diff --git a/client/3rd/ShadowSocks/ShadowSocks/shadowsocks-libev/libcork/src/libcork.pc.in b/client/3rd/ShadowSocks/ShadowSocks/shadowsocks-libev/libcork/src/libcork.pc.in
new file mode 100644
index 00000000..12c9c73c
--- /dev/null
+++ b/client/3rd/ShadowSocks/ShadowSocks/shadowsocks-libev/libcork/src/libcork.pc.in
@@ -0,0 +1,14 @@
+prefix=@prefix@
+exec_prefix=${prefix}
+libdir=${exec_prefix}/@CMAKE_INSTALL_LIBDIR@
+includedir=${prefix}/@CMAKE_INSTALL_INCLUDEDIR@
+sharedir=${prefix}/share
+sphinxdir=${sharedir}/doc/libcork/html
+
+Name: libcork
+Description: A simple, easily embeddable cross-platform C library
+Version: @VERSION@
+URL: http://github.com/redjack/libcork
+Libs: -L${libdir} -lcork
+Libs.private: @CMAKE_THREAD_LIBS_INIT@
+Cflags: -I${includedir}
diff --git a/client/3rd/ShadowSocks/ShadowSocks/shadowsocks-libev/libcork/src/libcork/cli/commands.c b/client/3rd/ShadowSocks/ShadowSocks/shadowsocks-libev/libcork/src/libcork/cli/commands.c
new file mode 100644
index 00000000..f5620765
--- /dev/null
+++ b/client/3rd/ShadowSocks/ShadowSocks/shadowsocks-libev/libcork/src/libcork/cli/commands.c
@@ -0,0 +1,225 @@
+/* -*- coding: utf-8 -*-
+ * ----------------------------------------------------------------------
+ * Copyright © 2012, RedJack, LLC.
+ * All rights reserved.
+ *
+ * Please see the COPYING file in this distribution for license
+ * details.
+ * ----------------------------------------------------------------------
+ */
+
+#include <stdio.h>
+#include <stdlib.h>
+#include <string.h>
+
+#include "libcork/cli.h"
+#include "libcork/core.h"
+#include "libcork/ds.h"
+
+
+#define streq(a,b) (strcmp((a), (b)) == 0)
+
+static struct cork_buffer  breadcrumbs_buf = CORK_BUFFER_INIT();
+
+static void
+cork_command_add_breadcrumb(struct cork_command *command)
+{
+    cork_buffer_append_printf(&breadcrumbs_buf, " %s", command->name);
+}
+
+#define cork_command_breadcrumbs() ((char *) breadcrumbs_buf.buf)
+
+static void
+cork_command_run(struct cork_command *command, int argc, char **argv);
+
+static struct cork_command *
+cork_command_set_get_subcommand(struct cork_command *command,
+                                const char *command_name)
+{
+    struct cork_command  **curr;
+    for (curr = command->set; *curr != NULL; curr++) {
+        if (streq(command_name, (*curr)->name)) {
+            return *curr;
+        }
+    }
+    return NULL;
+}
+
+static void
+cork_command_set_show_help(struct cork_command *command)
+{
+    size_t  max_length = 0;
+    struct cork_command  **curr;
+
+    /* Calculate the length of the longest command name. */
+    for (curr = command->set; *curr != NULL; curr++) {
+        size_t  len = strlen((*curr)->name);
+        if (len > max_length) {
+            max_length = len;
+        }
+    }
+
+    /* Then print out the available commands. */
+    printf("Usage:%s <command> [<options>]\n"
+           "\nAvailable commands:\n",
+           cork_command_breadcrumbs());
+
+    for (curr = command->set; *curr != NULL; curr++) {
+        printf("  %*s", (int) -max_length, (*curr)->name);
+        if ((*curr)->short_desc != NULL) {
+            printf("  %s\n", (*curr)->short_desc);
+        } else {
+            printf("\n");
+        }
+    }
+}
+
+static void
+cork_command_leaf_show_help(struct cork_command *command)
+{
+    printf("Usage:%s", cork_command_breadcrumbs());
+    if (command->usage_suffix != NULL) {
+        printf(" %s", command->usage_suffix);
+    }
+    if (command->full_help != NULL) {
+        printf("\n\n%s", command->full_help);
+    } else {
+        printf("\n");
+    }
+}
+
+void
+cork_command_show_help(struct cork_command *command, const char *message)
+{
+    if (message != NULL) {
+        printf("%s\n", message);
+    }
+
+    if (command->type == CORK_COMMAND_SET) {
+        cork_command_set_show_help(command);
+    } else if (command->type == CORK_LEAF_COMMAND) {
+        cork_command_leaf_show_help(command);
+    }
+}
+
+static void
+cork_command_set_run_help(struct cork_command *command, int argc, char **argv)
+{
+    /* When we see the help command when processing a command set, we use any
+     * remaining arguments to identifity which subcommand the user wants help
+     * with. */
+
+    /* Skip over the name of the command set */
+    argc--;
+    argv++;
+
+    while (argc > 0 && command->type == CORK_COMMAND_SET) {
+        struct cork_command  *subcommand =
+            cork_command_set_get_subcommand(command, argv[0]);
+        if (subcommand == NULL) {
+            printf("Unknown command \"%s\".\n"
+                   "Usage:%s <command> [<options>]\n",
+                   argv[0], cork_command_breadcrumbs());
+            exit(EXIT_FAILURE);
+        }
+
+        cork_command_add_breadcrumb(subcommand);
+        command = subcommand;
+        argc--;
+        argv++;
+    }
+
+    cork_command_show_help(command, NULL);
+}
+
+static void
+cork_command_set_run(struct cork_command *command, int argc, char **argv)
+{
+    const char  *command_name;
+    struct cork_command  *subcommand;
+
+    if (argc == 0) {
+        printf("No command given.\n");
+        cork_command_set_show_help(command);
+        exit(EXIT_FAILURE);
+    }
+
+    command_name = argv[0];
+
+    /* The "help" command is special. */
+    if (streq(command_name, "help")) {
+        cork_command_set_run_help(command, argc, argv);
+        return;
+    }
+
+    /* Otherwise look for a real subcommand with this name. */
+    subcommand = cork_command_set_get_subcommand(command, command_name);
+    if (subcommand == NULL) {
+        printf("Unknown command \"%s\".\n"
+               "Usage:%s <command> [<options>]\n",
+               command_name, cork_command_breadcrumbs());
+        exit(EXIT_FAILURE);
+    } else {
+        cork_command_run(subcommand, argc, argv);
+    }
+}
+
+static void
+cork_command_leaf_run(struct cork_command *command, int argc, char **argv)
+{
+    command->run(argc, argv);
+}
+
+static void
+cork_command_cleanup(void)
+{
+    cork_buffer_done(&breadcrumbs_buf);
+}
+
+static void
+cork_command_run(struct cork_command *command, int argc, char **argv)
+{
+    cork_command_add_breadcrumb(command);
+
+    /* If the gives the --help option at this point, describe the current
+     * command. */
+    if (argc >= 2 && (streq(argv[1], "--help") || streq(argv[1], "-h"))) {
+        cork_command_show_help(command, NULL);
+        return;
+    }
+
+    /* Otherwise let the command parse any options that occur here. */
+    if (command->parse_options != NULL) {
+        int  option_count = command->parse_options(argc, argv);
+        argc -= option_count;
+        argv += option_count;
+    } else {
+        argc--;
+        argv++;
+    }
+
+    switch (command->type) {
+        case CORK_COMMAND_SET:
+            cork_command_set_run(command, argc, argv);
+            return;
+
+        case CORK_LEAF_COMMAND:
+            cork_command_leaf_run(command, argc, argv);
+            return;
+
+        default:
+            cork_unreachable();
+    }
+}
+
+
+int
+cork_command_main(struct cork_command *root, int argc, char **argv)
+{
+    /* Clean up after ourselves when the command finishes. */
+    atexit(cork_command_cleanup);
+
+    /* Run the root command. */
+    cork_command_run(root, argc, argv);
+    return EXIT_SUCCESS;
+}
diff --git a/client/3rd/ShadowSocks/ShadowSocks/shadowsocks-libev/libcork/src/libcork/core/allocator.c b/client/3rd/ShadowSocks/ShadowSocks/shadowsocks-libev/libcork/src/libcork/core/allocator.c
new file mode 100644
index 00000000..9a2ad058
--- /dev/null
+++ b/client/3rd/ShadowSocks/ShadowSocks/shadowsocks-libev/libcork/src/libcork/core/allocator.c
@@ -0,0 +1,421 @@
+/* -*- coding: utf-8 -*-
+ * ----------------------------------------------------------------------
+ * Copyright © 2011-2014, RedJack, LLC.
+ * All rights reserved.
+ *
+ * Please see the COPYING file in this distribution for license details.
+ * ----------------------------------------------------------------------
+ */
+
+#include <assert.h>
+#include <stdlib.h>
+#include <stdio.h>
+#include <string.h>
+
+#include "libcork/core/allocator.h"
+#include "libcork/core/attributes.h"
+#include "libcork/core/error.h"
+#include "libcork/core/types.h"
+#include "libcork/os/process.h"
+
+
+/*-----------------------------------------------------------------------
+ * Allocator interface
+ */
+
+struct cork_alloc_priv {
+    struct cork_alloc  public;
+    struct cork_alloc_priv  *next;
+};
+
+static void *
+cork_alloc__default_calloc(const struct cork_alloc *alloc,
+                           size_t count, size_t size)
+{
+    void  *result = cork_alloc_xcalloc(alloc, count, size);
+    if (CORK_UNLIKELY(result == NULL)) {
+        abort();
+    }
+    return result;
+}
+
+static void *
+cork_alloc__default_malloc(const struct cork_alloc *alloc, size_t size)
+{
+    void  *result = cork_alloc_xmalloc(alloc, size);
+    if (CORK_UNLIKELY(result == NULL)) {
+        abort();
+    }
+    return result;
+}
+
+static void *
+cork_alloc__default_realloc(const struct cork_alloc *alloc, void *ptr,
+                            size_t old_size, size_t new_size)
+{
+    void  *result = cork_alloc_xrealloc(alloc, ptr, old_size, new_size);
+    if (CORK_UNLIKELY(result == NULL)) {
+        abort();
+    }
+    return result;
+}
+
+static void *
+cork_alloc__default_xcalloc(const struct cork_alloc *alloc,
+                            size_t count, size_t size)
+{
+    void  *result;
+    assert(count < (SIZE_MAX / size));
+    result = cork_alloc_xmalloc(alloc, count * size);
+    if (result != NULL) {
+        memset(result, 0, count * size);
+    }
+    return result;
+}
+
+static void *
+cork_alloc__default_xmalloc(const struct cork_alloc *alloc, size_t size)
+{
+    cork_abort("%s isn't defined", "cork_alloc:xmalloc");
+}
+
+static void *
+cork_alloc__default_xrealloc(const struct cork_alloc *alloc, void *ptr,
+                             size_t old_size, size_t new_size)
+{
+    void  *result = cork_alloc_xmalloc(alloc, new_size);
+    if (CORK_LIKELY(result != NULL) && ptr != NULL) {
+        size_t  min_size = (new_size < old_size)? new_size: old_size;
+        memcpy(result, ptr, min_size);
+        cork_alloc_free(alloc, ptr, old_size);
+    }
+    return result;
+}
+
+static void
+cork_alloc__default_free(const struct cork_alloc *alloc, void *ptr, size_t size)
+{
+    cork_abort("%s isn't defined", "cork_alloc:free");
+}
+
+static bool  cleanup_registered = false;
+static struct cork_alloc_priv  *all_allocs = NULL;
+
+static void
+cork_alloc_free_alloc(struct cork_alloc_priv *alloc)
+{
+    cork_free_user_data(&alloc->public);
+    cork_alloc_delete(alloc->public.parent, struct cork_alloc_priv, alloc);
+}
+
+static void
+cork_alloc_free_all(void)
+{
+    struct cork_alloc_priv  *curr;
+    struct cork_alloc_priv  *next;
+    for (curr = all_allocs; curr != NULL; curr = next) {
+        next = curr->next;
+        cork_alloc_free_alloc(curr);
+    }
+}
+
+static void
+cork_alloc_register_cleanup(void)
+{
+    if (CORK_UNLIKELY(!cleanup_registered)) {
+        /* We don't use cork_cleanup because that requires the allocators to
+         * have already been set up!  (atexit calls its functions in reverse
+         * order, and this one will be registered before cork_cleanup's, which
+         * makes it safe for cork_cleanup functions to still use the allocator,
+         * since the allocator atexit function will be called last.) */
+        atexit(cork_alloc_free_all);
+        cleanup_registered = true;
+    }
+}
+
+struct cork_alloc *
+cork_alloc_new_alloc(const struct cork_alloc *parent)
+{
+    struct cork_alloc_priv  *alloc =
+        cork_alloc_new(parent, struct cork_alloc_priv);
+    alloc->public.parent = parent;
+    alloc->public.user_data = NULL;
+    alloc->public.free_user_data = NULL;
+    alloc->public.calloc = cork_alloc__default_calloc;
+    alloc->public.malloc = cork_alloc__default_malloc;
+    alloc->public.realloc = cork_alloc__default_realloc;
+    alloc->public.xcalloc = cork_alloc__default_xcalloc;
+    alloc->public.xmalloc = cork_alloc__default_xmalloc;
+    alloc->public.xrealloc = cork_alloc__default_xrealloc;
+    alloc->public.free = cork_alloc__default_free;
+
+    cork_alloc_register_cleanup();
+    alloc->next = all_allocs;
+    all_allocs = alloc;
+
+    return &alloc->public;
+}
+
+
+void
+cork_alloc_set_user_data(struct cork_alloc *alloc,
+                         void *user_data, cork_free_f free_user_data)
+{
+    cork_free_user_data(alloc);
+    alloc->user_data = user_data;
+    alloc->free_user_data = free_user_data;
+}
+
+void
+cork_alloc_set_calloc(struct cork_alloc *alloc, cork_alloc_calloc_f calloc)
+{
+    alloc->calloc = calloc;
+}
+
+void
+cork_alloc_set_malloc(struct cork_alloc *alloc, cork_alloc_malloc_f malloc)
+{
+    alloc->malloc = malloc;
+}
+
+void
+cork_alloc_set_realloc(struct cork_alloc *alloc, cork_alloc_realloc_f realloc)
+{
+    alloc->realloc = realloc;
+}
+
+void
+cork_alloc_set_xcalloc(struct cork_alloc *alloc, cork_alloc_calloc_f xcalloc)
+{
+    alloc->xcalloc = xcalloc;
+}
+
+void
+cork_alloc_set_xmalloc(struct cork_alloc *alloc, cork_alloc_malloc_f xmalloc)
+{
+    alloc->xmalloc = xmalloc;
+}
+
+void
+cork_alloc_set_xrealloc(struct cork_alloc *alloc,
+                        cork_alloc_realloc_f xrealloc)
+{
+    alloc->xrealloc = xrealloc;
+}
+
+void
+cork_alloc_set_free(struct cork_alloc *alloc, cork_alloc_free_f free)
+{
+    alloc->free = free;
+}
+
+
+/*-----------------------------------------------------------------------
+ * Allocating strings
+ */
+
+static inline const char *
+strndup_internal(const struct cork_alloc *alloc,
+                 const char *str, size_t len)
+{
+    char  *dest;
+    size_t  allocated_size = len + sizeof(size_t) + 1;
+    size_t  *new_str = cork_alloc_malloc(alloc, allocated_size);
+    *new_str = allocated_size;
+    dest = (char *) (void *) (new_str + 1);
+    memcpy(dest, str, len);
+    dest[len] = '\0';
+    return dest;
+}
+
+const char *
+cork_alloc_strdup(const struct cork_alloc *alloc, const char *str)
+{
+    return strndup_internal(alloc, str, strlen(str));
+}
+
+const char *
+cork_alloc_strndup(const struct cork_alloc *alloc,
+                   const char *str, size_t size)
+{
+    return strndup_internal(alloc, str, size);
+}
+
+static inline const char *
+xstrndup_internal(const struct cork_alloc *alloc,
+                  const char *str, size_t len)
+{
+    size_t  allocated_size = len + sizeof(size_t) + 1;
+    size_t  *new_str = cork_alloc_xmalloc(alloc, allocated_size);
+    if (CORK_UNLIKELY(new_str == NULL)) {
+        return NULL;
+    } else {
+        char  *dest;
+        *new_str = allocated_size;
+        dest = (char *) (void *) (new_str + 1);
+        memcpy(dest, str, len);
+        dest[len] = '\0';
+        return dest;
+    }
+}
+
+const char *
+cork_alloc_xstrdup(const struct cork_alloc *alloc, const char *str)
+{
+    return xstrndup_internal(alloc, str, strlen(str));
+}
+
+const char *
+cork_alloc_xstrndup(const struct cork_alloc *alloc,
+                    const char *str, size_t size)
+{
+    return xstrndup_internal(alloc, str, size);
+}
+
+void
+cork_alloc_strfree(const struct cork_alloc *alloc, const char *str)
+{
+    size_t  *base = ((size_t *) str) - 1;
+    cork_alloc_free(alloc, base, *base);
+}
+
+
+/*-----------------------------------------------------------------------
+ * stdlib allocator
+ */
+
+static void *
+cork_stdlib_alloc__calloc(const struct cork_alloc *alloc,
+                          size_t count, size_t size)
+{
+    void  *result = calloc(count, size);
+    if (CORK_UNLIKELY(result == NULL)) {
+        abort();
+    }
+    return result;
+}
+
+static void *
+cork_stdlib_alloc__malloc(const struct cork_alloc *alloc, size_t size)
+{
+    void  *result = malloc(size);
+    if (CORK_UNLIKELY(result == NULL)) {
+        abort();
+    }
+    return result;
+}
+
+static void *
+cork_stdlib_alloc__realloc(const struct cork_alloc *alloc, void *ptr,
+                           size_t old_size, size_t new_size)
+{
+    /* Technically we don't really need to free `ptr` if the reallocation fails,
+     * since we'll abort the process immediately after.  But my sense of
+     * cleanliness makes me do it anyway. */
+
+#if CORK_HAVE_REALLOCF
+    void  *result = reallocf(ptr, new_size);
+    if (result == NULL) {
+        abort();
+    }
+    return result;
+#else
+    void  *result = realloc(ptr, new_size);
+    if (result == NULL) {
+        free(ptr);
+        abort();
+    }
+    return result;
+#endif
+}
+
+static void *
+cork_stdlib_alloc__xcalloc(const struct cork_alloc *alloc,
+                           size_t count, size_t size)
+{
+    return calloc(count, size);
+}
+
+static void *
+cork_stdlib_alloc__xmalloc(const struct cork_alloc *alloc, size_t size)
+{
+    return malloc(size);
+}
+
+static void *
+cork_stdlib_alloc__xrealloc(const struct cork_alloc *alloc, void *ptr,
+                            size_t old_size, size_t new_size)
+{
+    return realloc(ptr, new_size);
+}
+
+static void
+cork_stdlib_alloc__free(const struct cork_alloc *alloc, void *ptr, size_t size)
+{
+    free(ptr);
+}
+
+
+static const struct cork_alloc  default_allocator = {
+    NULL,
+    NULL,
+    NULL,
+    cork_stdlib_alloc__calloc,
+    cork_stdlib_alloc__malloc,
+    cork_stdlib_alloc__realloc,
+    cork_stdlib_alloc__xcalloc,
+    cork_stdlib_alloc__xmalloc,
+    cork_stdlib_alloc__xrealloc,
+    cork_stdlib_alloc__free
+};
+
+
+/*-----------------------------------------------------------------------
+ * Customizing libcork's allocator
+ */
+
+const struct cork_alloc  *cork_allocator = &default_allocator;
+
+void
+cork_set_allocator(const struct cork_alloc *alloc)
+{
+    cork_allocator = alloc;
+}
+
+
+/*-----------------------------------------------------------------------
+ * Debugging allocator
+ */
+
+static void *
+cork_debug_alloc__xmalloc(const struct cork_alloc *alloc, size_t size)
+{
+    size_t  real_size = size + sizeof(size_t);
+    size_t  *base = cork_alloc_xmalloc(alloc->parent, real_size);
+    *base = size;
+    return base + 1;
+}
+
+static void
+cork_debug_alloc__free(const struct cork_alloc *alloc, void *ptr,
+                       size_t expected_size)
+{
+    size_t  *base = ((size_t *) ptr) - 1;
+    size_t  actual_size = *base;
+    size_t  real_size = actual_size + sizeof(size_t);
+    if (CORK_UNLIKELY(actual_size != expected_size)) {
+        cork_abort
+            ("Incorrect size when freeing pointer (got %zu, expected %zu)",
+             expected_size, actual_size);
+    }
+    cork_alloc_free(alloc->parent, base, real_size);
+}
+
+struct cork_alloc *
+cork_debug_alloc_new(const struct cork_alloc *parent)
+{
+    struct cork_alloc  *debug = cork_alloc_new_alloc(parent);
+    cork_alloc_set_xmalloc(debug, cork_debug_alloc__xmalloc);
+    cork_alloc_set_free(debug, cork_debug_alloc__free);
+    return debug;
+}
diff --git a/client/3rd/ShadowSocks/ShadowSocks/shadowsocks-libev/libcork/src/libcork/core/error.c b/client/3rd/ShadowSocks/ShadowSocks/shadowsocks-libev/libcork/src/libcork/core/error.c
new file mode 100644
index 00000000..114a0905
--- /dev/null
+++ b/client/3rd/ShadowSocks/ShadowSocks/shadowsocks-libev/libcork/src/libcork/core/error.c
@@ -0,0 +1,246 @@
+/* -*- coding: utf-8 -*-
+ * ----------------------------------------------------------------------
+ * Copyright © 2011-2014, RedJack, LLC.
+ * All rights reserved.
+ *
+ * Please see the COPYING file in this distribution for license details.
+ * ----------------------------------------------------------------------
+ */
+
+#include <assert.h>
+#include <errno.h>
+#include <stdarg.h>
+#include <string.h>
+
+#include "libcork/config.h"
+#include "libcork/core/allocator.h"
+#include "libcork/core/error.h"
+#include "libcork/ds/buffer.h"
+#include "libcork/os/process.h"
+#include "libcork/threads/basics.h"
+
+
+/*-----------------------------------------------------------------------
+ * Life cycle
+ */
+
+struct cork_error {
+    cork_error  code;
+    struct cork_buffer  *message;
+    struct cork_buffer  *other;
+    struct cork_buffer  buf1;
+    struct cork_buffer  buf2;
+    struct cork_error  *next;
+};
+
+static struct cork_error *
+cork_error_new(void)
+{
+    struct cork_error  *error = cork_new(struct cork_error);
+    error->code = CORK_ERROR_NONE;
+    cork_buffer_init(&error->buf1);
+    cork_buffer_init(&error->buf2);
+    error->message = &error->buf1;
+    error->other = &error->buf2;
+    return error;
+}
+
+static void
+cork_error_free(struct cork_error *error)
+{
+    cork_buffer_done(&error->buf1);
+    cork_buffer_done(&error->buf2);
+    cork_delete(struct cork_error, error);
+}
+
+
+static struct cork_error * volatile  errors;
+
+cork_once_barrier(cork_error_list);
+
+static void
+cork_error_list_done(void)
+{
+    struct cork_error  *curr;
+    struct cork_error  *next;
+    for (curr = errors; curr != NULL; curr = next) {
+        next = curr->next;
+        cork_error_free(curr);
+    }
+}
+
+static void
+cork_error_list_init(void)
+{
+    cork_cleanup_at_exit(0, cork_error_list_done);
+}
+
+
+cork_tls(struct cork_error *, cork_error_);
+
+static struct cork_error *
+cork_error_get(void)
+{
+    struct cork_error  **error_ptr = cork_error__get();
+    if (CORK_UNLIKELY(*error_ptr == NULL)) {
+        struct cork_error  *old_head;
+        struct cork_error  *error = cork_error_new();
+        cork_once(cork_error_list, cork_error_list_init());
+        do {
+            old_head = errors;
+            error->next = old_head;
+        } while (cork_ptr_cas(&errors, old_head, error) != old_head);
+        *error_ptr = error;
+        return error;
+    } else {
+        return *error_ptr;
+    }
+}
+
+
+/*-----------------------------------------------------------------------
+ * Public error API
+ */
+
+bool
+cork_error_occurred(void)
+{
+    struct cork_error  *error = cork_error_get();
+    return error->code != CORK_ERROR_NONE;
+}
+
+cork_error
+cork_error_code(void)
+{
+    struct cork_error  *error = cork_error_get();
+    return error->code;
+}
+
+const char *
+cork_error_message(void)
+{
+    struct cork_error  *error = cork_error_get();
+    return error->message->buf;
+}
+
+void
+cork_error_clear(void)
+{
+    struct cork_error  *error = cork_error_get();
+    error->code = CORK_ERROR_NONE;
+    cork_buffer_clear(error->message);
+}
+
+void
+cork_error_set_printf(cork_error code, const char *format, ...)
+{
+    va_list  args;
+    struct cork_error  *error = cork_error_get();
+    error->code = code;
+    va_start(args, format);
+    cork_buffer_vprintf(error->message, format, args);
+    va_end(args);
+}
+
+void
+cork_error_set_string(cork_error code, const char *str)
+{
+    struct cork_error  *error = cork_error_get();
+    error->code = code;
+    cork_buffer_set_string(error->message, str);
+}
+
+void
+cork_error_set_vprintf(cork_error code, const char *format, va_list args)
+{
+    struct cork_error  *error = cork_error_get();
+    error->code = code;
+    cork_buffer_vprintf(error->message, format, args);
+}
+
+void
+cork_error_prefix_printf(const char *format, ...)
+{
+    va_list  args;
+    struct cork_error  *error = cork_error_get();
+    struct cork_buffer  *temp;
+    va_start(args, format);
+    cork_buffer_vprintf(error->other, format, args);
+    va_end(args);
+    cork_buffer_append_copy(error->other, error->message);
+    temp = error->other;
+    error->other = error->message;
+    error->message = temp;
+}
+
+void
+cork_error_prefix_string(const char *str)
+{
+    struct cork_error  *error = cork_error_get();
+    struct cork_buffer  *temp;
+    cork_buffer_set_string(error->other, str);
+    cork_buffer_append_copy(error->other, error->message);
+    temp = error->other;
+    error->other = error->message;
+    error->message = temp;
+}
+
+void
+cork_error_prefix_vprintf(const char *format, va_list args)
+{
+    struct cork_error  *error = cork_error_get();
+    struct cork_buffer  *temp;
+    cork_buffer_vprintf(error->other, format, args);
+    cork_buffer_append_copy(error->other, error->message);
+    temp = error->other;
+    error->other = error->message;
+    error->message = temp;
+}
+
+
+/*-----------------------------------------------------------------------
+ * Deprecated
+ */
+
+void
+cork_error_set(uint32_t error_class, unsigned int error_code,
+               const char *format, ...)
+{
+    /* Create a fallback error code that's most likely not very useful. */
+    va_list  args;
+    va_start(args, format);
+    cork_error_set_vprintf(error_class + error_code, format, args);
+    va_end(args);
+}
+
+void
+cork_error_prefix(const char *format, ...)
+{
+    va_list  args;
+    va_start(args, format);
+    cork_error_prefix_vprintf(format, args);
+    va_end(args);
+}
+
+
+/*-----------------------------------------------------------------------
+ * Built-in errors
+ */
+
+void
+cork_system_error_set_explicit(int err)
+{
+    cork_error_set_string(err, strerror(err));
+}
+
+void
+cork_system_error_set(void)
+{
+    cork_error_set_string(errno, strerror(errno));
+}
+
+void
+cork_unknown_error_set_(const char *location)
+{
+    cork_error_set_printf(CORK_UNKNOWN_ERROR, "Unknown error in %s", location);
+}
diff --git a/client/3rd/ShadowSocks/ShadowSocks/shadowsocks-libev/libcork/src/libcork/core/gc.c b/client/3rd/ShadowSocks/ShadowSocks/shadowsocks-libev/libcork/src/libcork/core/gc.c
new file mode 100644
index 00000000..d16562d7
--- /dev/null
+++ b/client/3rd/ShadowSocks/ShadowSocks/shadowsocks-libev/libcork/src/libcork/core/gc.c
@@ -0,0 +1,406 @@
+/* -*- coding: utf-8 -*-
+ * ----------------------------------------------------------------------
+ * Copyright © 2011-2014, RedJack, LLC.
+ * All rights reserved.
+ *
+ * Please see the COPYING file in this distribution for license details.
+ * ----------------------------------------------------------------------
+ */
+
+#include <stdlib.h>
+
+#include "libcork/config/config.h"
+#include "libcork/core/allocator.h"
+#include "libcork/core/gc.h"
+#include "libcork/core/types.h"
+#include "libcork/ds/dllist.h"
+#include "libcork/threads/basics.h"
+
+
+#if !defined(CORK_DEBUG_GC)
+#define CORK_DEBUG_GC  0
+#endif
+
+#if CORK_DEBUG_GC
+#include <stdio.h>
+#define DEBUG(...) fprintf(stderr, __VA_ARGS__)
+#else
+#define DEBUG(...) /* no debug messages */
+#endif
+
+
+/*-----------------------------------------------------------------------
+ * GC context life cycle
+ */
+
+#define ROOTS_SIZE  1024
+
+/* An internal structure allocated with every garbage-collected object. */
+struct cork_gc_header;
+
+/* A garbage collector context. */
+struct cork_gc {
+    /* The number of used entries in roots. */
+    size_t  root_count;
+    /* The possible roots of garbage cycles */
+    struct cork_gc_header  *roots[ROOTS_SIZE];
+};
+
+cork_tls(struct cork_gc, cork_gc);
+
+static void
+cork_gc_collect_cycles(struct cork_gc *gc);
+
+
+/*-----------------------------------------------------------------------
+ * Garbage collection functions
+ */
+
+struct cork_gc_header {
+    /* The current reference count for this object, along with its color
+     * during the mark/sweep process. */
+    volatile int  ref_count_color;
+
+    /* The allocated size of this garbage-collected object (including
+     * the header). */
+    size_t  allocated_size;
+
+    /* The garbage collection interface for this object. */
+    struct cork_gc_obj_iface  *iface;
+};
+
+/*
+ * Structure of ref_count_color:
+ *
+ *   +-----+---+---+---+---+---+
+ *   | ... | 4 | 3 | 2 | 1 | 0 |
+ *   +-----+---+---+---+---+---+
+ *      ref_count    |   color
+ *                   |
+ *        buffered --/
+ */
+
+#define cork_gc_ref_count_color(count, buffered, color) \
+    (((count) << 3) | ((buffered) << 2) | (color))
+
+#define cork_gc_get_ref_count(hdr) \
+    ((hdr)->ref_count_color >> 3)
+
+#define cork_gc_inc_ref_count(hdr) \
+    do { \
+        (hdr)->ref_count_color += (1 << 3); \
+    } while (0)
+
+#define cork_gc_dec_ref_count(hdr) \
+    do { \
+        (hdr)->ref_count_color -= (1 << 3); \
+    } while (0)
+
+#define cork_gc_get_color(hdr) \
+    ((hdr)->ref_count_color & 0x3)
+
+#define cork_gc_set_color(hdr, color) \
+    do { \
+        (hdr)->ref_count_color = \
+            ((hdr)->ref_count_color & ~0x3) | (color & 0x3); \
+    } while (0)
+
+#define cork_gc_get_buffered(hdr) \
+    (((hdr)->ref_count_color & 0x4) != 0)
+
+#define cork_gc_set_buffered(hdr, buffered) \
+    do { \
+        (hdr)->ref_count_color = \
+            ((hdr)->ref_count_color & ~0x4) | (((buffered) & 1) << 2); \
+    } while (0)
+
+#define cork_gc_free(hdr) \
+    do { \
+        if ((hdr)->iface->free != NULL) { \
+            (hdr)->iface->free(cork_gc_get_object((hdr))); \
+        } \
+        cork_free((hdr), (hdr)->allocated_size); \
+    } while (0)
+
+#define cork_gc_recurse(gc, hdr, recurser) \
+    do { \
+        if ((hdr)->iface->recurse != NULL) { \
+            (hdr)->iface->recurse \
+                ((gc), cork_gc_get_object((hdr)), (recurser), NULL); \
+        } \
+    } while (0)
+
+enum cork_gc_color {
+    /* In use or free */
+    GC_BLACK = 0,
+    /* Possible member of garbage cycle */
+    GC_GRAY = 1,
+    /* Member of garbage cycle */
+    GC_WHITE = 2,
+    /* Possible root of garbage cycle */
+    GC_PURPLE = 3
+};
+
+#define cork_gc_get_header(obj) \
+    (((struct cork_gc_header *) (obj)) - 1)
+
+#define cork_gc_get_object(hdr) \
+    ((void *) (((struct cork_gc_header *) (hdr)) + 1))
+
+
+void
+cork_gc_init(void)
+{
+    cork_gc_get();
+}
+
+void
+cork_gc_done(void)
+{
+    cork_gc_collect_cycles(cork_gc_get());
+}
+
+void *
+cork_gc_alloc(size_t instance_size, struct cork_gc_obj_iface *iface)
+{
+    size_t  full_size = instance_size + sizeof(struct cork_gc_header);
+    DEBUG("Allocating %zu (%zu) bytes\n", instance_size, full_size);
+    struct cork_gc_header  *header = cork_malloc(full_size);
+    DEBUG("  Result is %p[%p]\n", cork_gc_get_object(header), header);
+    header->ref_count_color = cork_gc_ref_count_color(1, false, GC_BLACK);
+    header->allocated_size = full_size;
+    header->iface = iface;
+    return cork_gc_get_object(header);
+}
+
+void *
+cork_gc_incref(void *obj)
+{
+    if (obj != NULL) {
+        struct cork_gc_header  *header = cork_gc_get_header(obj);
+        cork_gc_inc_ref_count(header);
+        DEBUG("Incrementing %p -> %d\n",
+              obj, cork_gc_get_ref_count(header));
+        cork_gc_set_color(header, GC_BLACK);
+    }
+    return obj;
+}
+
+static void
+cork_gc_decref_step(struct cork_gc *gc, void *obj, void *ud);
+
+static void
+cork_gc_release(struct cork_gc *gc, struct cork_gc_header *header)
+{
+    cork_gc_recurse(gc, header, cork_gc_decref_step);
+    cork_gc_set_color(header, GC_BLACK);
+    if (!cork_gc_get_buffered(header)) {
+        cork_gc_free(header);
+    }
+}
+
+static void
+cork_gc_possible_root(struct cork_gc *gc, struct cork_gc_header *header)
+{
+    if (cork_gc_get_color(header) != GC_PURPLE) {
+        DEBUG("  Possible garbage cycle root\n");
+        cork_gc_set_color(header, GC_PURPLE);
+        if (!cork_gc_get_buffered(header)) {
+            cork_gc_set_buffered(header, true);
+            if (gc->root_count >= ROOTS_SIZE) {
+                cork_gc_collect_cycles(gc);
+            }
+            gc->roots[gc->root_count++] = header;
+        }
+    } else {
+        DEBUG("  Already marked as possible garbage cycle root\n");
+    }
+}
+
+static void
+cork_gc_decref_step(struct cork_gc *gc, void *obj, void *ud)
+{
+    if (obj != NULL) {
+        struct cork_gc_header  *header = cork_gc_get_header(obj);
+        cork_gc_dec_ref_count(header);
+        DEBUG("Decrementing %p -> %d\n",
+              obj, cork_gc_get_ref_count(header));
+        if (cork_gc_get_ref_count(header) == 0) {
+            DEBUG("  Releasing %p\n", header);
+            cork_gc_release(gc, header);
+        } else {
+            cork_gc_possible_root(gc, header);
+        }
+    }
+}
+
+void
+cork_gc_decref(void *obj)
+{
+    if (obj != NULL) {
+        struct cork_gc  *gc = cork_gc_get();
+        struct cork_gc_header  *header = cork_gc_get_header(obj);
+        cork_gc_dec_ref_count(header);
+        DEBUG("Decrementing %p -> %d\n",
+              obj, cork_gc_get_ref_count(header));
+        if (cork_gc_get_ref_count(header) == 0) {
+            DEBUG("  Releasing %p\n", header);
+            cork_gc_release(gc, header);
+        } else {
+            cork_gc_possible_root(gc, header);
+        }
+    }
+}
+
+
+static void
+cork_gc_mark_gray_step(struct cork_gc *gc, void *obj, void *ud);
+
+static void
+cork_gc_mark_gray(struct cork_gc *gc, struct cork_gc_header *header)
+{
+    if (cork_gc_get_color(header) != GC_GRAY) {
+        DEBUG("      Setting color to gray\n");
+        cork_gc_set_color(header, GC_GRAY);
+        cork_gc_recurse(gc, header, cork_gc_mark_gray_step);
+    }
+}
+
+static void
+cork_gc_mark_gray_step(struct cork_gc *gc, void *obj, void *ud)
+{
+    if (obj != NULL) {
+        DEBUG("    cork_gc_mark_gray(%p)\n", obj);
+        struct cork_gc_header  *header = cork_gc_get_header(obj);
+        cork_gc_dec_ref_count(header);
+        DEBUG("      Reference count now %d\n", cork_gc_get_ref_count(header));
+        cork_gc_mark_gray(gc, header);
+    }
+}
+
+static void
+cork_gc_mark_roots(struct cork_gc *gc)
+{
+    size_t  i;
+    for (i = 0; i < gc->root_count; i++) {
+        struct cork_gc_header  *header = gc->roots[i];
+        if (cork_gc_get_color(header) == GC_PURPLE) {
+            DEBUG("  Checking possible garbage cycle root %p\n",
+                  cork_gc_get_object(header));
+            DEBUG("    cork_gc_mark_gray(%p)\n",
+                  cork_gc_get_object(header));
+            cork_gc_mark_gray(gc, header);
+        } else {
+            DEBUG("  Possible garbage cycle root %p already checked\n",
+                  cork_gc_get_object(header));
+            cork_gc_set_buffered(header, false);
+            gc->roots[i] = NULL;
+            if (cork_gc_get_color(header) == GC_BLACK &&
+                cork_gc_get_ref_count(header) == 0) {
+                DEBUG("  Freeing %p\n", header);
+                cork_gc_free(header);
+            }
+        }
+    }
+}
+
+static void
+cork_gc_scan_black_step(struct cork_gc *gc, void *obj, void *ud);
+
+static void
+cork_gc_scan_black(struct cork_gc *gc, struct cork_gc_header *header)
+{
+    DEBUG("      Setting color of %p to BLACK\n",
+          cork_gc_get_object(header));
+    cork_gc_set_color(header, GC_BLACK);
+    cork_gc_recurse(gc, header, cork_gc_scan_black_step);
+}
+
+static void
+cork_gc_scan_black_step(struct cork_gc *gc, void *obj, void *ud)
+{
+    if (obj != NULL) {
+        struct cork_gc_header  *header = cork_gc_get_header(obj);
+        cork_gc_inc_ref_count(header);
+        DEBUG("      Increasing reference count %p -> %d\n",
+              obj, cork_gc_get_ref_count(header));
+        if (cork_gc_get_color(header) != GC_BLACK) {
+            cork_gc_scan_black(gc, header);
+        }
+    }
+}
+
+static void
+cork_gc_scan(struct cork_gc *gc, void *obj, void *ud)
+{
+    if (obj != NULL) {
+        DEBUG("  Scanning possible garbage cycle entry %p\n", obj);
+        struct cork_gc_header  *header = cork_gc_get_header(obj);
+        if (cork_gc_get_color(header) == GC_GRAY) {
+            if (cork_gc_get_ref_count(header) > 0) {
+                DEBUG("    Remaining references; can't be a cycle\n");
+                cork_gc_scan_black(gc, header);
+            } else {
+                DEBUG("    Definitely a garbage cycle\n");
+                cork_gc_set_color(header, GC_WHITE);
+                cork_gc_recurse(gc, header, cork_gc_scan);
+            }
+        } else {
+            DEBUG("    Already checked\n");
+        }
+    }
+}
+
+static void
+cork_gc_scan_roots(struct cork_gc *gc)
+{
+    size_t  i;
+    for (i = 0; i < gc->root_count; i++) {
+        if (gc->roots[i] != NULL) {
+            void  *obj = cork_gc_get_object(gc->roots[i]);
+            cork_gc_scan(gc, obj, NULL);
+        }
+    }
+}
+
+static void
+cork_gc_collect_white(struct cork_gc *gc, void *obj, void *ud)
+{
+    if (obj != NULL) {
+        struct cork_gc_header  *header = cork_gc_get_header(obj);
+        if (cork_gc_get_color(header) == GC_WHITE &&
+            !cork_gc_get_buffered(header)) {
+            DEBUG("  Releasing %p\n", obj);
+            cork_gc_set_color(header, GC_BLACK);
+            cork_gc_recurse(gc, header, cork_gc_collect_white);
+            DEBUG("  Freeing %p\n", header);
+            cork_gc_free(header);
+        }
+    }
+}
+
+static void
+cork_gc_collect_roots(struct cork_gc *gc)
+{
+    size_t  i;
+    for (i = 0; i < gc->root_count; i++) {
+        if (gc->roots[i] != NULL) {
+            struct cork_gc_header  *header = gc->roots[i];
+            void  *obj = cork_gc_get_object(header);
+            cork_gc_set_buffered(header, false);
+            DEBUG("Collecting cycles from garbage root %p\n", obj);
+            cork_gc_collect_white(gc, obj, NULL);
+            gc->roots[i] = NULL;
+        }
+    }
+    gc->root_count = 0;
+}
+
+static void
+cork_gc_collect_cycles(struct cork_gc *gc)
+{
+    DEBUG("Collecting garbage cycles\n");
+    cork_gc_mark_roots(gc);
+    cork_gc_scan_roots(gc);
+    cork_gc_collect_roots(gc);
+}
diff --git a/client/3rd/ShadowSocks/ShadowSocks/shadowsocks-libev/libcork/src/libcork/core/hash.c b/client/3rd/ShadowSocks/ShadowSocks/shadowsocks-libev/libcork/src/libcork/core/hash.c
new file mode 100644
index 00000000..79b58248
--- /dev/null
+++ b/client/3rd/ShadowSocks/ShadowSocks/shadowsocks-libev/libcork/src/libcork/core/hash.c
@@ -0,0 +1,20 @@
+/* -*- coding: utf-8 -*-
+ * ----------------------------------------------------------------------
+ * Copyright © 2011, RedJack, LLC.
+ * All rights reserved.
+ *
+ * Please see the COPYING file in this distribution for license
+ * details.
+ * ----------------------------------------------------------------------
+ */
+
+#define CORK_HASH_ATTRIBUTES  CORK_API
+
+#include "libcork/core/hash.h"
+#include "libcork/core/types.h"
+
+/* All of the following functions will be defined for us by libcork/core/hash.h:
+ *   cork_hash_buffer
+ *   cork_big_hash_buffer
+ *   cork_stable_hash_buffer
+ */
diff --git a/client/3rd/ShadowSocks/ShadowSocks/shadowsocks-libev/libcork/src/libcork/core/ip-address.c b/client/3rd/ShadowSocks/ShadowSocks/shadowsocks-libev/libcork/src/libcork/core/ip-address.c
new file mode 100644
index 00000000..6ad95fb2
--- /dev/null
+++ b/client/3rd/ShadowSocks/ShadowSocks/shadowsocks-libev/libcork/src/libcork/core/ip-address.c
@@ -0,0 +1,536 @@
+/* -*- coding: utf-8 -*-
+ * ----------------------------------------------------------------------
+ * Copyright © 2011-2013, RedJack, LLC.
+ * All rights reserved.
+ *
+ * Please see the COPYING file in this distribution for license details.
+ * ----------------------------------------------------------------------
+ */
+
+#include <stdio.h>
+#include <string.h>
+
+#include "libcork/core/byte-order.h"
+#include "libcork/core/error.h"
+#include "libcork/core/net-addresses.h"
+#include "libcork/core/types.h"
+
+#ifndef CORK_IP_ADDRESS_DEBUG
+#define CORK_IP_ADDRESS_DEBUG 0
+#endif
+
+#if CORK_IP_ADDRESS_DEBUG
+#include <stdio.h>
+#define DEBUG(...) \
+    do { \
+        fprintf(stderr, __VA_ARGS__); \
+    } while (0)
+#else
+#define DEBUG(...) /* nothing */
+#endif
+
+
+/*-----------------------------------------------------------------------
+ * IP addresses
+ */
+
+/*** IPv4 ***/
+
+static inline const char *
+cork_ipv4_parse(struct cork_ipv4 *addr, const char *str)
+{
+    const char  *ch;
+    bool  seen_digit_in_octet = false;
+    unsigned int  octets = 0;
+    unsigned int  digit = 0;
+    uint8_t  result[4];
+
+    for (ch = str; *ch != '\0'; ch++) {
+        DEBUG("%2u: %c\t", (unsigned int) (ch-str), *ch);
+        switch (*ch) {
+            case '0': case '1': case '2': case '3': case '4':
+            case '5': case '6': case '7': case '8': case '9':
+                seen_digit_in_octet = true;
+                digit *= 10;
+                digit += (*ch - '0');
+                DEBUG("digit = %u\n", digit);
+                if (CORK_UNLIKELY(digit > 255)) {
+                    DEBUG("\t");
+                    goto parse_error;
+                }
+                break;
+
+            case '.':
+                /* If this would be the fourth octet, it can't have a trailing
+                 * period. */
+                if (CORK_UNLIKELY(octets == 3)) {
+                    goto parse_error;
+                }
+                DEBUG("octet %u = %u\n", octets, digit);
+                result[octets] = digit;
+                digit = 0;
+                octets++;
+                seen_digit_in_octet = false;
+                break;
+
+            default:
+                /* Any other character is a parse error. */
+                goto parse_error;
+        }
+    }
+
+    /* If we have a valid octet at the end, and that would be the fourth octet,
+     * then we've got a valid final parse. */
+    DEBUG("%2u:\t", (unsigned int) (ch-str));
+    if (CORK_LIKELY(seen_digit_in_octet && octets == 3)) {
+#if CORK_IP_ADDRESS_DEBUG
+        char  parsed_ipv4[CORK_IPV4_STRING_LENGTH];
+#endif
+        DEBUG("octet %u = %u\n", octets, digit);
+        result[octets] = digit;
+        cork_ipv4_copy(addr, result);
+#if CORK_IP_ADDRESS_DEBUG
+        cork_ipv4_to_raw_string(addr, parsed_ipv4);
+        DEBUG("\tParsed address: %s\n", parsed_ipv4);
+#endif
+        return ch;
+    }
+
+parse_error:
+    DEBUG("parse error\n");
+    cork_parse_error("Invalid IPv4 address: \"%s\"", str);
+    return NULL;
+}
+
+int
+cork_ipv4_init(struct cork_ipv4 *addr, const char *str)
+{
+    return cork_ipv4_parse(addr, str) == NULL? -1: 0;
+}
+
+bool
+cork_ipv4_equal_(const struct cork_ipv4 *addr1, const struct cork_ipv4 *addr2)
+{
+    return cork_ipv4_equal(addr1, addr2);
+}
+
+void
+cork_ipv4_to_raw_string(const struct cork_ipv4 *addr, char *dest)
+{
+    snprintf(dest, CORK_IPV4_STRING_LENGTH, "%u.%u.%u.%u",
+             addr->_.u8[0], addr->_.u8[1], addr->_.u8[2], addr->_.u8[3]);
+}
+
+bool
+cork_ipv4_is_valid_network(const struct cork_ipv4 *addr,
+                           unsigned int cidr_prefix)
+{
+    uint32_t  cidr_mask;
+
+    if (cidr_prefix > 32) {
+        return false;
+    } else if (cidr_prefix == 32) {
+        /* This handles undefined behavior for overflow bit shifts. */
+        cidr_mask = 0;
+    } else {
+        cidr_mask = 0xffffffff >> cidr_prefix;
+    }
+
+    return (CORK_UINT32_BIG_TO_HOST(addr->_.u32) & cidr_mask) == 0;
+}
+
+/*** IPv6 ***/
+
+int
+cork_ipv6_init(struct cork_ipv6 *addr, const char *str)
+{
+    const char  *ch;
+
+    uint16_t  digit = 0;
+    unsigned int  before_count = 0;
+    uint16_t  before_double_colon[8];
+    uint16_t  after_double_colon[8];
+    uint16_t  *dest = before_double_colon;
+
+    unsigned int  digits_seen = 0;
+    unsigned int  hextets_seen = 0;
+    bool  another_required = true;
+    bool  digit_allowed = true;
+    bool  colon_allowed = true;
+    bool  double_colon_allowed = true;
+    bool  just_saw_colon = false;
+
+    for (ch = str; *ch != '\0'; ch++) {
+        DEBUG("%2u: %c\t", (unsigned int) (ch-str), *ch);
+        switch (*ch) {
+#define process_digit(base) \
+                /* Make sure a digit is allowed here. */ \
+                if (CORK_UNLIKELY(!digit_allowed)) { \
+                    goto parse_error; \
+                } \
+                /* If we've already seen 4 digits, it's a parse error. */ \
+                if (CORK_UNLIKELY(digits_seen == 4)) { \
+                    goto parse_error; \
+                } \
+                \
+                digits_seen++; \
+                colon_allowed = true; \
+                just_saw_colon = false; \
+                digit <<= 4; \
+                digit |= (*ch - (base)); \
+                DEBUG("digit = %04x\n", digit);
+
+            case '0': case '1': case '2': case '3': case '4':
+            case '5': case '6': case '7': case '8': case '9':
+                process_digit('0');
+                break;
+
+            case 'a': case 'b': case 'c': case 'd': case 'e': case 'f':
+                process_digit('a'-10);
+                break;
+
+            case 'A': case 'B': case 'C': case 'D': case 'E': case 'F':
+                process_digit('A'-10);
+                break;
+
+#undef process_digit
+
+            case ':':
+                /* We can only see a colon immediately after a hextet or as part
+                 * of a double-colon. */
+                if (CORK_UNLIKELY(!colon_allowed)) {
+                    goto parse_error;
+                }
+
+                /* If this is a double-colon, start parsing hextets into our
+                 * second array. */
+                if (just_saw_colon) {
+                    DEBUG("double-colon\n");
+                    colon_allowed = false;
+                    digit_allowed = true;
+                    another_required = false;
+                    double_colon_allowed = false;
+                    before_count = hextets_seen;
+                    dest = after_double_colon;
+                    continue;
+                }
+
+                /* If this would end the eighth hextet (regardless of the
+                 * placement of a double-colon), then there can't be a trailing
+                 * colon. */
+                if (CORK_UNLIKELY(hextets_seen == 8)) {
+                    goto parse_error;
+                }
+
+                /* If this is the very beginning of the string, then we can only
+                 * have a double-colon, not a single colon. */
+                if (digits_seen == 0 && hextets_seen == 0) {
+                    DEBUG("initial colon\n");
+                    colon_allowed = true;
+                    digit_allowed = false;
+                    just_saw_colon = true;
+                    another_required = true;
+                    continue;
+                }
+
+                /* Otherwise this ends the current hextet. */
+                DEBUG("hextet %u = %04x\n", hextets_seen, digit);
+                *(dest++) = CORK_UINT16_HOST_TO_BIG(digit);
+                digit = 0;
+                hextets_seen++;
+                digits_seen = 0;
+                colon_allowed = double_colon_allowed;
+                just_saw_colon = true;
+                another_required = true;
+                break;
+
+            case '.':
+            {
+                /* If we see a period, then we must be in the middle of an IPv4
+                 * address at the end of the IPv6 address. */
+                struct cork_ipv4  *ipv4 = (struct cork_ipv4 *) dest;
+                DEBUG("Detected IPv4 address %s\n", ch-digits_seen);
+
+                /* Ensure that we have space for the two hextets that the IPv4
+                 * address will take up. */
+                if (CORK_UNLIKELY(hextets_seen >= 7)) {
+                    goto parse_error;
+                }
+
+                /* Parse the IPv4 address directly into our current hextet
+                 * buffer. */
+                ch = cork_ipv4_parse(ipv4, ch - digits_seen);
+                if (CORK_LIKELY(ch != NULL)) {
+                    hextets_seen += 2;
+                    digits_seen = 0;
+                    another_required = false;
+
+                    /* ch now points at the NUL terminator, but we're about to
+                     * increment ch. */
+                    ch--;
+                    break;
+                }
+
+                /* The IPv4 parse failed, so we have an IPv6 parse error. */
+                goto parse_error;
+            }
+
+            default:
+                /* Any other character is a parse error. */
+                goto parse_error;
+        }
+    }
+
+    /* If we have a valid hextet at the end, and we've either seen a
+     * double-colon, or we have eight hextets in total, then we've got a valid
+     * final parse. */
+    DEBUG("%2u:\t", (unsigned int) (ch-str));
+    if (CORK_LIKELY(digits_seen > 0)) {
+        /* If there are trailing digits that would form a ninth hextet
+         * (regardless of the placement of a double-colon), then we have a parse
+         * error. */
+        if (CORK_UNLIKELY(hextets_seen == 8)) {
+            goto parse_error;
+        }
+
+        DEBUG("hextet %u = %04x\n\t", hextets_seen, digit);
+        *(dest++) = CORK_UINT16_HOST_TO_BIG(digit);
+        hextets_seen++;
+    } else if (CORK_UNLIKELY(another_required)) {
+        goto parse_error;
+    }
+
+    if (!double_colon_allowed) {
+        /* We've seen a double-colon, so use 0000 for any hextets that weren't
+         * present. */
+#if CORK_IP_ADDRESS_DEBUG
+        char  parsed_result[CORK_IPV6_STRING_LENGTH];
+#endif
+        unsigned int  after_count = hextets_seen - before_count;
+        DEBUG("Saw double-colon; %u hextets before, %u after\n",
+              before_count, after_count);
+        memset(addr, 0, sizeof(struct cork_ipv6));
+        memcpy(addr, before_double_colon,
+               sizeof(uint16_t) * before_count);
+        memcpy(&addr->_.u16[8-after_count], after_double_colon,
+               sizeof(uint16_t) * after_count);
+#if CORK_IP_ADDRESS_DEBUG
+        cork_ipv6_to_raw_string(addr, parsed_result);
+        DEBUG("\tParsed address: %s\n", parsed_result);
+#endif
+        return 0;
+    } else if (hextets_seen == 8) {
+        /* No double-colon, so we must have exactly eight hextets. */
+#if CORK_IP_ADDRESS_DEBUG
+        char  parsed_result[CORK_IPV6_STRING_LENGTH];
+#endif
+        DEBUG("No double-colon\n");
+        cork_ipv6_copy(addr, before_double_colon);
+#if CORK_IP_ADDRESS_DEBUG
+        cork_ipv6_to_raw_string(addr, parsed_result);
+        DEBUG("\tParsed address: %s\n", parsed_result);
+#endif
+        return 0;
+    }
+
+parse_error:
+    DEBUG("parse error\n");
+    cork_parse_error("Invalid IPv6 address: \"%s\"", str);
+    return -1;
+}
+
+bool
+cork_ipv6_equal_(const struct cork_ipv6 *addr1, const struct cork_ipv6 *addr2)
+{
+    return cork_ipv6_equal(addr1, addr2);
+}
+
+#define NS_IN6ADDRSZ 16
+#define NS_INT16SZ 2
+
+void
+cork_ipv6_to_raw_string(const struct cork_ipv6 *addr, char *dest)
+{
+    const uint8_t  *src = addr->_.u8;
+
+    /*
+     * Note that int32_t and int16_t need only be "at least" large enough
+     * to contain a value of the specified size.  On some systems, like
+     * Crays, there is no such thing as an integer variable with 16 bits.
+     * Keep this in mind if you think this function should have been coded
+     * to use pointer overlays.  All the world's not a VAX.
+     */
+    char *tp;
+    struct { int base, len; } best, cur;
+    unsigned int words[NS_IN6ADDRSZ / NS_INT16SZ];
+    int i;
+
+    /*
+     * Preprocess:
+     *      Copy the input (bytewise) array into a wordwise array.
+     *      Find the longest run of 0x00's in src[] for :: shorthanding.
+     */
+    memset(words, '\0', sizeof words);
+    for (i = 0; i < NS_IN6ADDRSZ; i++)
+        words[i / 2] |= (src[i] << ((1 - (i % 2)) << 3));
+    best.base = -1;
+    best.len = 0;
+    cur.base = -1;
+    cur.len = 0;
+    for (i = 0; i < (NS_IN6ADDRSZ / NS_INT16SZ); i++) {
+        if (words[i] == 0) {
+            if (cur.base == -1)
+                cur.base = i, cur.len = 1;
+            else
+                cur.len++;
+        } else {
+            if (cur.base != -1) {
+                if (best.base == -1 || cur.len > best.len)
+                    best = cur;
+                cur.base = -1;
+            }
+        }
+    }
+    if (cur.base != -1) {
+        if (best.base == -1 || cur.len > best.len)
+            best = cur;
+    }
+    if (best.base != -1 && best.len < 2)
+        best.base = -1;
+
+    /*
+     * Format the result.
+     */
+    tp = dest;
+    for (i = 0; i < (NS_IN6ADDRSZ / NS_INT16SZ); i++) {
+        /* Are we inside the best run of 0x00's? */
+        if (best.base != -1 && i >= best.base &&
+            i < (best.base + best.len)) {
+            if (i == best.base)
+                *tp++ = ':';
+            continue;
+        }
+        /* Are we following an initial run of 0x00s or any real hex? */
+        if (i != 0)
+            *tp++ = ':';
+        /* Is this address an encapsulated IPv4? */
+        if (i == 6 && best.base == 0 &&
+            (best.len == 6 || (best.len == 5 && words[5] == 0xffff))) {
+            tp += sprintf(tp, "%u.%u.%u.%u",
+                          src[12], src[13], src[14], src[15]);
+            break;
+        }
+        tp += sprintf(tp, "%x", words[i]);
+    }
+    /* Was it a trailing run of 0x00's? */
+    if (best.base != -1 && (best.base + best.len) ==
+        (NS_IN6ADDRSZ / NS_INT16SZ))
+        *tp++ = ':';
+    *tp++ = '\0';
+}
+
+bool
+cork_ipv6_is_valid_network(const struct cork_ipv6 *addr,
+                           unsigned int cidr_prefix)
+{
+    uint64_t  cidr_mask[2];
+
+    if (cidr_prefix > 128) {
+        return false;
+    } else if (cidr_prefix == 128) {
+        /* This handles undefined behavior for overflow bit shifts. */
+        cidr_mask[0] = cidr_mask[1] = 0;
+    } else if (cidr_prefix == 64) {
+        /* This handles undefined behavior for overflow bit shifts. */
+        cidr_mask[0] = 0;
+        cidr_mask[1] = UINT64_C(0xffffffffffffffff);
+    } else if (cidr_prefix > 64) {
+        cidr_mask[0] = 0;
+        cidr_mask[1] = UINT64_C(0xffffffffffffffff) >> (cidr_prefix-64);
+    } else {
+        cidr_mask[0] = UINT64_C(0xffffffffffffffff) >> cidr_prefix;
+        cidr_mask[1] = UINT64_C(0xffffffffffffffff);
+    }
+
+    return (CORK_UINT64_BIG_TO_HOST(addr->_.u64[0] & cidr_mask[0]) == 0) &&
+           (CORK_UINT64_BIG_TO_HOST(addr->_.u64[1] & cidr_mask[1]) == 0);
+}
+
+
+/*** IP ***/
+
+void
+cork_ip_from_ipv4_(struct cork_ip *addr, const void *src)
+{
+    cork_ip_from_ipv4(addr, src);
+}
+
+void
+cork_ip_from_ipv6_(struct cork_ip *addr, const void *src)
+{
+    cork_ip_from_ipv6(addr, src);
+}
+
+int
+cork_ip_init(struct cork_ip *addr, const char *str)
+{
+    int  rc;
+
+    /* Try IPv4 first */
+    rc = cork_ipv4_init(&addr->ip.v4, str);
+    if (rc == 0) {
+        /* successful parse */
+        addr->version = 4;
+        return 0;
+    }
+
+    /* Then try IPv6 */
+    cork_error_clear();
+    rc = cork_ipv6_init(&addr->ip.v6, str);
+    if (rc == 0) {
+        /* successful parse */
+        addr->version = 6;
+        return 0;
+    }
+
+    /* Parse error for both address types */
+    cork_parse_error("Invalid IP address: \"%s\"", str);
+    return -1;
+}
+
+bool
+cork_ip_equal_(const struct cork_ip *addr1, const struct cork_ip *addr2)
+{
+    return cork_ip_equal(addr1, addr2);
+}
+
+void
+cork_ip_to_raw_string(const struct cork_ip *addr, char *dest)
+{
+    switch (addr->version) {
+        case 4:
+            cork_ipv4_to_raw_string(&addr->ip.v4, dest);
+            return;
+
+        case 6:
+            cork_ipv6_to_raw_string(&addr->ip.v6, dest);
+            return;
+
+        default:
+            strncpy(dest, "<INVALID>", CORK_IP_STRING_LENGTH);
+            return;
+    }
+}
+
+bool
+cork_ip_is_valid_network(const struct cork_ip *addr, unsigned int cidr_prefix)
+{
+    switch (addr->version) {
+        case 4:
+            return cork_ipv4_is_valid_network(&addr->ip.v4, cidr_prefix);
+        case 6:
+            return cork_ipv6_is_valid_network(&addr->ip.v6, cidr_prefix);
+        default:
+            return false;
+    }
+}
diff --git a/client/3rd/ShadowSocks/ShadowSocks/shadowsocks-libev/libcork/src/libcork/core/mempool.c b/client/3rd/ShadowSocks/ShadowSocks/shadowsocks-libev/libcork/src/libcork/core/mempool.c
new file mode 100644
index 00000000..1937d35a
--- /dev/null
+++ b/client/3rd/ShadowSocks/ShadowSocks/shadowsocks-libev/libcork/src/libcork/core/mempool.c
@@ -0,0 +1,198 @@
+/* -*- coding: utf-8 -*-
+ * ----------------------------------------------------------------------
+ * Copyright © 2012-2015, RedJack, LLC.
+ * All rights reserved.
+ *
+ * Please see the COPYING file in this distribution for license details.
+ * ----------------------------------------------------------------------
+ */
+
+#include <assert.h>
+#include <stdlib.h>
+
+#include "libcork/core/callbacks.h"
+#include "libcork/core/mempool.h"
+#include "libcork/core/types.h"
+#include "libcork/helpers/errors.h"
+
+
+#if !defined(CORK_DEBUG_MEMPOOL)
+#define CORK_DEBUG_MEMPOOL  0
+#endif
+
+#if CORK_DEBUG_MEMPOOL
+#include <stdio.h>
+#define DEBUG(...) fprintf(stderr, __VA_ARGS__)
+#else
+#define DEBUG(...) /* no debug messages */
+#endif
+
+
+
+struct cork_mempool {
+    size_t  element_size;
+    size_t  block_size;
+    struct cork_mempool_object  *free_list;
+    /* The number of objects that have been given out by
+     * cork_mempool_new but not returned via cork_mempool_free. */
+    size_t  allocated_count;
+    struct cork_mempool_block  *blocks;
+
+    void  *user_data;
+    cork_free_f  free_user_data;
+    cork_init_f  init_object;
+    cork_done_f  done_object;
+};
+
+struct cork_mempool_object {
+    /* When this object is unclaimed, it will be in the cork_mempool
+     * object's free_list using this pointer. */
+    struct cork_mempool_object  *next_free;
+};
+
+struct cork_mempool_block {
+    struct cork_mempool_block  *next_block;
+};
+
+#define cork_mempool_object_size(mp) \
+    (sizeof(struct cork_mempool_object) + (mp)->element_size)
+
+#define cork_mempool_get_header(obj) \
+    (((struct cork_mempool_object *) (obj)) - 1)
+
+#define cork_mempool_get_object(hdr) \
+    ((void *) (((struct cork_mempool_object *) (hdr)) + 1))
+
+
+struct cork_mempool *
+cork_mempool_new_size_ex(size_t element_size, size_t block_size)
+{
+    struct cork_mempool  *mp = cork_new(struct cork_mempool);
+    mp->element_size = element_size;
+    mp->block_size = block_size;
+    mp->free_list = NULL;
+    mp->allocated_count = 0;
+    mp->blocks = NULL;
+    mp->user_data = NULL;
+    mp->free_user_data = NULL;
+    mp->init_object = NULL;
+    mp->done_object = NULL;
+    return mp;
+}
+
+void
+cork_mempool_free(struct cork_mempool *mp)
+{
+    struct cork_mempool_block  *curr;
+    assert(mp->allocated_count == 0);
+
+    if (mp->done_object != NULL) {
+        struct cork_mempool_object  *obj;
+        for (obj = mp->free_list; obj != NULL; obj = obj->next_free) {
+            mp->done_object
+                (mp->user_data, cork_mempool_get_object(obj));
+        }
+    }
+
+    for (curr = mp->blocks; curr != NULL; ) {
+        struct cork_mempool_block  *next = curr->next_block;
+        cork_free(curr, mp->block_size);
+        /* Do this here instead of in the for statement to avoid
+         * accessing the just-freed block. */
+        curr = next;
+    }
+
+    cork_free_user_data(mp);
+    cork_delete(struct cork_mempool, mp);
+}
+
+
+void
+cork_mempool_set_user_data(struct cork_mempool *mp,
+                           void *user_data, cork_free_f free_user_data)
+{
+    cork_free_user_data(mp);
+    mp->user_data = user_data;
+    mp->free_user_data = free_user_data;
+}
+
+void
+cork_mempool_set_init_object(struct cork_mempool *mp, cork_init_f init_object)
+{
+    mp->init_object = init_object;
+}
+
+void
+cork_mempool_set_done_object(struct cork_mempool *mp, cork_done_f done_object)
+{
+    mp->done_object = done_object;
+}
+
+void
+cork_mempool_set_callbacks(struct cork_mempool *mp,
+                           void *user_data, cork_free_f free_user_data,
+                           cork_init_f init_object,
+                           cork_done_f done_object)
+{
+    cork_mempool_set_user_data(mp, user_data, free_user_data);
+    cork_mempool_set_init_object(mp, init_object);
+    cork_mempool_set_done_object(mp, done_object);
+}
+
+
+/* If this function succeeds, then we guarantee that there will be at
+ * least one object in mp->free_list. */
+static void
+cork_mempool_new_block(struct cork_mempool *mp)
+{
+    /* Allocate the new block and add it to mp's block list. */
+    struct cork_mempool_block  *block;
+    void  *vblock;
+    DEBUG("Allocating new %zu-byte block\n", mp->block_size);
+    block = cork_malloc(mp->block_size);
+    block->next_block = mp->blocks;
+    mp->blocks = block;
+    vblock = block;
+
+    /* Divide the block's memory region into a bunch of objects. */
+    size_t  index = sizeof(struct cork_mempool_block);
+    for (index = sizeof(struct cork_mempool_block);
+         (index + cork_mempool_object_size(mp)) <= mp->block_size;
+         index += cork_mempool_object_size(mp)) {
+        struct cork_mempool_object  *obj = vblock + index;
+        DEBUG("  New object at %p[%p]\n", cork_mempool_get_object(obj), obj);
+        if (mp->init_object != NULL) {
+            mp->init_object
+                (mp->user_data, cork_mempool_get_object(obj));
+        }
+        obj->next_free = mp->free_list;
+        mp->free_list = obj;
+    }
+}
+
+void *
+cork_mempool_new_object(struct cork_mempool *mp)
+{
+    struct cork_mempool_object  *obj;
+    void  *ptr;
+
+    if (CORK_UNLIKELY(mp->free_list == NULL)) {
+        cork_mempool_new_block(mp);
+    }
+
+    obj = mp->free_list;
+    mp->free_list = obj->next_free;
+    mp->allocated_count++;
+    ptr = cork_mempool_get_object(obj);
+    return ptr;
+}
+
+void
+cork_mempool_free_object(struct cork_mempool *mp, void *ptr)
+{
+    struct cork_mempool_object  *obj = cork_mempool_get_header(ptr);
+    DEBUG("Returning %p[%p] to memory pool\n", ptr, obj);
+    obj->next_free = mp->free_list;
+    mp->free_list = obj;
+    mp->allocated_count--;
+}
diff --git a/client/3rd/ShadowSocks/ShadowSocks/shadowsocks-libev/libcork/src/libcork/core/timestamp.c b/client/3rd/ShadowSocks/ShadowSocks/shadowsocks-libev/libcork/src/libcork/core/timestamp.c
new file mode 100644
index 00000000..933d19a1
--- /dev/null
+++ b/client/3rd/ShadowSocks/ShadowSocks/shadowsocks-libev/libcork/src/libcork/core/timestamp.c
@@ -0,0 +1,163 @@
+/* -*- coding: utf-8 -*-
+ * ----------------------------------------------------------------------
+ * Copyright © 2011-2013, RedJack, LLC.
+ * All rights reserved.
+ *
+ * Please see the COPYING file in this distribution for license details.
+ * ----------------------------------------------------------------------
+ */
+
+#include <string.h>
+#include <time.h>
+#include <sys/time.h>
+
+#include "libcork/core/timestamp.h"
+#include "libcork/core/types.h"
+#include "libcork/helpers/errors.h"
+#include "libcork/helpers/mingw.h"
+
+void
+cork_timestamp_init_now(cork_timestamp *ts)
+{
+    struct timeval  tp;
+    gettimeofday(&tp, NULL);
+    cork_timestamp_init_usec(ts, tp.tv_sec, tp.tv_usec);
+}
+
+
+#define is_digit(ch)  ((ch) >= '0' && (ch) <= '9')
+
+static uint64_t
+power_of_10(unsigned int width)
+{
+    uint64_t  accumulator = 10;
+    uint64_t  result = 1;
+    while (width != 0) {
+        if ((width % 2) == 1) {
+            result *= accumulator;
+            width--;
+        }
+        accumulator *= accumulator;
+        width /= 2;
+    }
+    return result;
+}
+
+static int
+append_fractional(const cork_timestamp ts, unsigned int width,
+                  struct cork_buffer *dest)
+{
+    if (CORK_UNLIKELY(width == 0 || width > 9)) {
+        cork_error_set_printf
+            (EINVAL,
+             "Invalid width %u for fractional cork_timestamp", width);
+        return -1;
+    } else {
+        uint64_t  denom = power_of_10(width);
+        uint64_t  frac = cork_timestamp_gsec_to_units(ts, denom);
+        cork_buffer_append_printf(dest, "%0*" PRIu64, width, frac);
+        return 0;
+    }
+}
+
+static int
+cork_timestamp_format_parts(const cork_timestamp ts, struct tm *tm,
+                            const char *format, struct cork_buffer *dest)
+{
+    const char  *next_percent;
+
+    while ((next_percent = strchr(format, '%')) != NULL) {
+        const char  *spec = next_percent + 1;
+        unsigned int  width = 0;
+
+        /* First append any text in between the previous format specifier and
+         * this one. */
+        cork_buffer_append(dest, format, next_percent - format);
+
+        /* Then parse the format specifier */
+        while (is_digit(*spec)) {
+            width *= 10;
+            width += (*spec++ - '0');
+        }
+
+        switch (*spec) {
+            case '\0':
+                cork_error_set_string
+                    (EINVAL,
+                     "Trailing %% at end of cork_timestamp format string");
+                return -1;
+
+            case '%':
+                cork_buffer_append(dest, "%", 1);
+                break;
+
+            case 'Y':
+                cork_buffer_append_printf(dest, "%04d", tm->tm_year + 1900);
+                break;
+
+            case 'm':
+                cork_buffer_append_printf(dest, "%02d", tm->tm_mon + 1);
+                break;
+
+            case 'd':
+                cork_buffer_append_printf(dest, "%02d", tm->tm_mday);
+                break;
+
+            case 'H':
+                cork_buffer_append_printf(dest, "%02d", tm->tm_hour);
+                break;
+
+            case 'M':
+                cork_buffer_append_printf(dest, "%02d", tm->tm_min);
+                break;
+
+            case 'S':
+                cork_buffer_append_printf(dest, "%02d", tm->tm_sec);
+                break;
+
+            case 's':
+                cork_buffer_append_printf
+                    (dest, "%" PRIu32, cork_timestamp_sec(ts));
+                break;
+
+            case 'f':
+                rii_check(append_fractional(ts, width, dest));
+                break;
+
+            default:
+                cork_error_set_printf
+                    (EINVAL,
+                     "Unknown cork_timestamp format specifier %%%c", *spec);
+                return -1;
+        }
+
+        format = spec + 1;
+    }
+
+    /* When we fall through, there is some additional content after the final
+     * format specifier. */
+    cork_buffer_append_string(dest, format);
+    return 0;
+}
+
+int
+cork_timestamp_format_utc(const cork_timestamp ts, const char *format,
+                          struct cork_buffer *dest)
+{
+    time_t  clock;
+    struct tm  tm;
+    clock = cork_timestamp_sec(ts);
+    gmtime_r(&clock, &tm);
+    return cork_timestamp_format_parts(ts, &tm, format, dest);
+}
+
+int
+cork_timestamp_format_local(const cork_timestamp ts, const char *format,
+                            struct cork_buffer *dest)
+{
+    time_t  clock;
+    struct tm  tm;
+    clock = cork_timestamp_sec(ts);
+    localtime_r(&clock, &tm);
+    return cork_timestamp_format_parts(ts, &tm, format, dest);
+}
diff --git a/client/3rd/ShadowSocks/ShadowSocks/shadowsocks-libev/libcork/src/libcork/core/u128.c b/client/3rd/ShadowSocks/ShadowSocks/shadowsocks-libev/libcork/src/libcork/core/u128.c
new file mode 100644
index 00000000..90fd0774
--- /dev/null
+++ b/client/3rd/ShadowSocks/ShadowSocks/shadowsocks-libev/libcork/src/libcork/core/u128.c
@@ -0,0 +1,85 @@
+/* -*- coding: utf-8 -*-
+ * ----------------------------------------------------------------------
+ * Copyright © 2013, RedJack, LLC.
+ * All rights reserved.
+ *
+ * Please see the COPYING file in this distribution for license details.
+ * ----------------------------------------------------------------------
+ */
+
+#include <string.h>
+#include <stdio.h>
+
+#include "libcork/core/types.h"
+#include "libcork/core/u128.h"
+
+
+/* From http://stackoverflow.com/questions/8023414/how-to-convert-a-128-bit-integer-to-a-decimal-ascii-string-in-c */
+
+const char *
+cork_u128_to_decimal(char *dest, cork_u128 val)
+{
+    uint32_t  n[4];
+    char  *s = dest;
+    char  *p = dest;
+    unsigned int  i;
+
+    /* This algorithm assumes that n[3] is the MSW. */
+    n[3] = cork_u128_be32(val, 0);
+    n[2] = cork_u128_be32(val, 1);
+    n[1] = cork_u128_be32(val, 2);
+    n[0] = cork_u128_be32(val, 3);
+
+    memset(s, '0', CORK_U128_DECIMAL_LENGTH - 1);
+    s[CORK_U128_DECIMAL_LENGTH - 1] = '\0';
+
+    for (i = 0; i < 128; i++) {
+        unsigned int  j;
+        unsigned int carry;
+
+        carry = (n[3] >= 0x80000000);
+        /* Shift n[] left, doubling it */
+        n[3] = ((n[3] << 1) & 0xFFFFFFFF) + (n[2] >= 0x80000000);
+        n[2] = ((n[2] << 1) & 0xFFFFFFFF) + (n[1] >= 0x80000000);
+        n[1] = ((n[1] << 1) & 0xFFFFFFFF) + (n[0] >= 0x80000000);
+        n[0] = ((n[0] << 1) & 0xFFFFFFFF);
+
+        /* Add s[] to itself in decimal, doubling it */
+        for (j = CORK_U128_DECIMAL_LENGTH - 1; j-- > 0; ) {
+            s[j] += s[j] - '0' + carry;
+            carry = (s[j] > '9');
+            if (carry) {
+                s[j] -= 10;
+            }
+        }
+    }
+
+    while ((p[0] == '0') && (p < &s[CORK_U128_DECIMAL_LENGTH - 2])) {
+        p++;
+    }
+
+    return p;
+}
+
+
+const char *
+cork_u128_to_hex(char *buf, cork_u128 val)
+{
+    uint64_t  hi = val._.be64.hi;
+    uint64_t  lo = val._.be64.lo;
+    if (hi == 0) {
+        snprintf(buf, CORK_U128_HEX_LENGTH, "%" PRIx64, lo);
+    } else {
+        snprintf(buf, CORK_U128_HEX_LENGTH, "%" PRIx64 "%016" PRIx64, hi, lo);
+    }
+    return buf;
+}
+
+const char *
+cork_u128_to_padded_hex(char *buf, cork_u128 val)
+{
+    uint64_t  hi = val._.be64.hi;
+    uint64_t  lo = val._.be64.lo;
+    snprintf(buf, CORK_U128_HEX_LENGTH, "%016" PRIx64 "%016" PRIx64, hi, lo);
+    return buf;
+}
diff --git a/client/3rd/ShadowSocks/ShadowSocks/shadowsocks-libev/libcork/src/libcork/core/version.c b/client/3rd/ShadowSocks/ShadowSocks/shadowsocks-libev/libcork/src/libcork/core/version.c
new file mode 100644
index 00000000..474fc6e6
--- /dev/null
+++ b/client/3rd/ShadowSocks/ShadowSocks/shadowsocks-libev/libcork/src/libcork/core/version.c
@@ -0,0 +1,28 @@
+/* -*- coding: utf-8 -*-
+ * ----------------------------------------------------------------------
+ * Copyright © 2015, RedJack, LLC.
+ * All rights reserved.
+ *
+ * Please see the COPYING file in this distribution for license details.
+ * ----------------------------------------------------------------------
+ */
+
+#include "libcork/config.h"
+#include "libcork/core/api.h"
+
+
+/*-----------------------------------------------------------------------
+ * Library version
+ */
+
+const char *
+cork_version_string(void)
+{
+    return CORK_CONFIG_VERSION_STRING;
+}
+
+const char *
+cork_revision_string(void)
+{
+    return CORK_CONFIG_REVISION;
+}
diff --git a/client/3rd/ShadowSocks/ShadowSocks/shadowsocks-libev/libcork/src/libcork/ds/array.c b/client/3rd/ShadowSocks/ShadowSocks/shadowsocks-libev/libcork/src/libcork/ds/array.c
new file mode 100644
index 00000000..378b1a0d
--- /dev/null
+++ b/client/3rd/ShadowSocks/ShadowSocks/shadowsocks-libev/libcork/src/libcork/ds/array.c
@@ -0,0 +1,378 @@
+/* -*- coding: utf-8 -*-
+ * ----------------------------------------------------------------------
+ * Copyright © 2011-2013, RedJack, LLC.
+ * All rights reserved.
+ *
+ * Please see the COPYING file in this distribution for license details.
+ * ----------------------------------------------------------------------
+ */
+
+#include <assert.h>
+#include <stdlib.h>
+#include <string.h>
+
+#include "libcork/core/types.h"
+#include "libcork/ds/array.h"
+#include "libcork/helpers/errors.h"
+
+#ifndef CORK_ARRAY_DEBUG
+#define CORK_ARRAY_DEBUG 0
+#endif
+
+#if CORK_ARRAY_DEBUG
+#include <stdio.h>
+#define DEBUG(...) \
+    do { \
+        fprintf(stderr, __VA_ARGS__); \
+        fprintf(stderr, "\n"); \
+    } while (0)
+#else
+#define DEBUG(...) /* nothing */
+#endif
+
+
+/*-----------------------------------------------------------------------
+ * Resizable arrays
+ */
+
+struct cork_array_priv {
+    size_t  allocated_count;
+    size_t  allocated_size;
+    size_t  element_size;
+    size_t  initialized_count;
+    void  *user_data;
+    cork_free_f  free_user_data;
+    cork_init_f  init;
+    cork_done_f  done;
+    cork_init_f  reuse;
+    cork_done_f  remove;
+};
+
+void
+cork_raw_array_init(struct cork_raw_array *array, size_t element_size)
+{
+    array->items = NULL;
+    array->size = 0;
+    array->priv = cork_new(struct cork_array_priv);
+    array->priv->allocated_count = 0;
+    array->priv->allocated_size = 0;
+    array->priv->element_size = element_size;
+    array->priv->initialized_count = 0;
+    array->priv->user_data = NULL;
+    array->priv->free_user_data = NULL;
+    array->priv->init = NULL;
+    array->priv->done = NULL;
+    array->priv->reuse = NULL;
+    array->priv->remove = NULL;
+}
+
+void
+cork_raw_array_done(struct cork_raw_array *array)
+{
+    if (array->priv->done != NULL) {
+        size_t  i;
+        char  *element = array->items;
+        for (i = 0; i < array->priv->initialized_count; i++) {
+            array->priv->done(array->priv->user_data, element);
+            element += array->priv->element_size;
+        }
+    }
+    if (array->items != NULL) {
+        cork_free(array->items, array->priv->allocated_size);
+    }
+    cork_free_user_data(array->priv);
+    cork_delete(struct cork_array_priv, array->priv);
+}
+
+void
+cork_raw_array_set_callback_data(struct cork_raw_array *array,
+                                 void *user_data, cork_free_f free_user_data)
+{
+    array->priv->user_data = user_data;
+    array->priv->free_user_data = free_user_data;
+}
+
+void
+cork_raw_array_set_init(struct cork_raw_array *array, cork_init_f init)
+{
+    array->priv->init = init;
+}
+
+void
+cork_raw_array_set_done(struct cork_raw_array *array, cork_done_f done)
+{
+    array->priv->done = done;
+}
+
+void
+cork_raw_array_set_reuse(struct cork_raw_array *array, cork_init_f reuse)
+{
+    array->priv->reuse = reuse;
+}
+
+void
+cork_raw_array_set_remove(struct cork_raw_array *array, cork_done_f remove)
+{
+    array->priv->remove = remove;
+}
+
+size_t
+cork_raw_array_element_size(const struct cork_raw_array *array)
+{
+    return array->priv->element_size;
+}
+
+void
+cork_raw_array_clear(struct cork_raw_array *array)
+{
+    if (array->priv->remove != NULL) {
+        size_t  i;
+        char  *element = array->items;
+        for (i = 0; i < array->priv->initialized_count; i++) {
+            array->priv->remove(array->priv->user_data, element);
+            element += array->priv->element_size;
+        }
+    }
+    array->size = 0;
+}
+
+void *
+cork_raw_array_elements(const struct cork_raw_array *array)
+{
+    return array->items;
+}
+
+void *
+cork_raw_array_at(const struct cork_raw_array *array, size_t index)
+{
+    return ((char *) array->items) + (array->priv->element_size * index);
+}
+
+size_t
+cork_raw_array_size(const struct cork_raw_array *array)
+{
+    return array->size;
+}
+
+bool
+cork_raw_array_is_empty(const struct cork_raw_array *array)
+{
+    return (array->size == 0);
+}
+
+void
+cork_raw_array_ensure_size(struct cork_raw_array *array, size_t desired_count)
+{
+    size_t  desired_size;
+
+    DEBUG("--- Array %p: Ensure %zu %zu-byte elements",
+          array, desired_count, array->priv->element_size);
+    desired_size = desired_count * array->priv->element_size;
+
+    if (desired_size > array->priv->allocated_size) {
+        size_t  new_count = array->priv->allocated_count * 2;
+        size_t  new_size = array->priv->allocated_size * 2;
+        if (desired_size > new_size) {
+            new_count = desired_count;
+            new_size = desired_size;
+        }
+
+        DEBUG("--- Array %p: Reallocating %zu->%zu bytes",
+              array, array->priv->allocated_size, new_size);
+        array->items =
+            cork_realloc(array->items, array->priv->allocated_size, new_size);
+
+        array->priv->allocated_count = new_count;
+        array->priv->allocated_size = new_size;
+    }
+}
+
+void *
+cork_raw_array_append(struct cork_raw_array *array)
+{
+    size_t  index;
+    void  *element;
+    index = array->size++;
+    cork_raw_array_ensure_size(array, array->size);
+    element = cork_raw_array_at(array, index);
+
+    /* Call the init or reset callback, depending on whether this entry has been
+     * initialized before. */
+
+    /* Since we can currently only add elements by appending them one at a time,
+     * then this entry is either already initialized, or is the first
+     * uninitialized entry. */
+    assert(index <= array->priv->initialized_count);
+
+    if (index == array->priv->initialized_count) {
+        /* This element has not been initialized yet. */
+        array->priv->initialized_count++;
+        if (array->priv->init != NULL) {
+            array->priv->init(array->priv->user_data, element);
+        }
+    } else {
+        /* This element has already been initialized. */
+        if (array->priv->reuse != NULL) {
+            array->priv->reuse(array->priv->user_data, element);
+        }
+    }
+
+    return element;
+}
+
+int
+cork_raw_array_copy(struct cork_raw_array *dest,
+                    const struct cork_raw_array *src,
+                    cork_copy_f copy, void *user_data)
+{
+    size_t  i;
+    size_t  reuse_count;
+    char  *dest_element;
+
+    DEBUG("--- Copying %zu elements (%zu bytes) from %p to %p",
+          src->size, src->size * dest->priv->element_size, src, dest);
+    assert(dest->priv->element_size == src->priv->element_size);
+    cork_array_clear(dest);
+    cork_array_ensure_size(dest, src->size);
+
+    /* Initialize enough elements to hold the contents of src */
+    reuse_count = dest->priv->initialized_count;
+    if (src->size < reuse_count) {
+        reuse_count = src->size;
+    }
+
+    dest_element = dest->items;
+    if (dest->priv->reuse != NULL) {
+        DEBUG("    Calling reuse on elements 0-%zu", reuse_count);
+        for (i = 0; i < reuse_count; i++) {
+            dest->priv->reuse(dest->priv->user_data, dest_element);
+            dest_element += dest->priv->element_size;
+        }
+    } else {
+        dest_element += reuse_count * dest->priv->element_size;
+    }
+
+    if (dest->priv->init != NULL) {
+        DEBUG("    Calling init on elements %zu-%zu", reuse_count, src->size);
+        for (i = reuse_count; i < src->size; i++) {
+            dest->priv->init(dest->priv->user_data, dest_element);
+            dest_element += dest->priv->element_size;
+        }
+    }
+
+    if (src->size > dest->priv->initialized_count) {
+        dest->priv->initialized_count = src->size;
+    }
+
+    /* If the caller provided a copy function, let it copy each element in turn.
+     * Otherwise, bulk copy everything using memcpy. */
+    if (copy == NULL) {
+        memcpy(dest->items, src->items, src->size * dest->priv->element_size);
+    } else {
+        const char  *src_element = src->items;
+        dest_element = dest->items;
+        for (i = 0; i < src->size; i++) {
+            rii_check(copy(user_data, dest_element, src_element));
+            dest_element += dest->priv->element_size;
+            src_element += dest->priv->element_size;
+        }
+    }
+
+    dest->size = src->size;
+    return 0;
+}
+
+
+/*-----------------------------------------------------------------------
+ * Pointer arrays
+ */
+
+struct cork_pointer_array {
+    cork_free_f  free;
+};
+
+static void
+pointer__init(void *user_data, void *vvalue)
+{
+    void **value = vvalue;
+    *value = NULL;
+}
+
+static void
+pointer__done(void *user_data, void *vvalue)
+{
+    struct cork_pointer_array  *ptr_array = user_data;
+    void **value = vvalue;
+    if (*value != NULL) {
+        ptr_array->free(*value);
+    }
+}
+
+static void
+pointer__remove(void *user_data, void *vvalue)
+{
+    struct cork_pointer_array  *ptr_array = user_data;
+    void **value = vvalue;
+    if (*value != NULL) {
+        ptr_array->free(*value);
+    }
+    *value = NULL;
+}
+
+static void
+pointer__free(void *user_data)
+{
+    struct cork_pointer_array  *ptr_array = user_data;
+    cork_delete(struct cork_pointer_array, ptr_array);
+}
+
+void
+cork_raw_pointer_array_init(struct cork_raw_array *array, cork_free_f free_ptr)
+{
+    struct cork_pointer_array  *ptr_array = cork_new(struct cork_pointer_array);
+    ptr_array->free = free_ptr;
+    cork_raw_array_init(array, sizeof(void *));
+    cork_array_set_callback_data(array, ptr_array, pointer__free);
+    cork_array_set_init(array, pointer__init);
+    cork_array_set_done(array, pointer__done);
+    cork_array_set_remove(array, pointer__remove);
+}
+
+
+/*-----------------------------------------------------------------------
+ * String arrays
+ */
+
+void
+cork_string_array_init(struct cork_string_array *array)
+{
+    cork_raw_pointer_array_init
+        ((struct cork_raw_array *) array, (cork_free_f) cork_strfree);
+}
+
+void
+cork_string_array_append(struct cork_string_array *array, const char *str)
+{
+    const char  *copy = cork_strdup(str);
+    cork_array_append(array, copy);
+}
+
+static int
+string__copy(void *user_data, void *vdest, const void *vsrc)
+{
+    const char  **dest = vdest;
+    const char  **src = (const char **) vsrc;
+    *dest = cork_strdup(*src);
+    return 0;
+}
+
+void
+cork_string_array_copy(struct cork_string_array *dest,
+                       const struct cork_string_array *src)
+{
+    CORK_ATTR_UNUSED int  rc;
+    rc = cork_array_copy(dest, src, string__copy, NULL);
+    /* cork_array_copy can only fail if the copy callback fails, and ours
+     * doesn't! */
+    assert(rc == 0);
+}
diff --git a/client/3rd/ShadowSocks/ShadowSocks/shadowsocks-libev/libcork/src/libcork/ds/bitset.c b/client/3rd/ShadowSocks/ShadowSocks/shadowsocks-libev/libcork/src/libcork/ds/bitset.c
new file mode 100644
index 00000000..41bf8f2b
--- /dev/null
+++ b/client/3rd/ShadowSocks/ShadowSocks/shadowsocks-libev/libcork/src/libcork/ds/bitset.c
@@ -0,0 +1,62 @@
+/* -*- coding: utf-8 -*-
+ * ----------------------------------------------------------------------
+ * Copyright © 2013-2014, RedJack, LLC.
+ * All rights reserved.
+ *
+ * Please see the COPYING file in this distribution for license details.
+ * ----------------------------------------------------------------------
+ */
+
+#include <string.h>
+
+#include "libcork/core/allocator.h"
+#include "libcork/core/api.h"
+#include "libcork/core/types.h"
+#include "libcork/ds/bitset.h"
+
+
+static size_t
+bytes_needed(size_t bit_count)
+{
+    /* We need one byte for every bit... */
+    size_t  bytes_needed = bit_count / 8;
+    /* Plus one extra for the leftovers that don't fit into a whole byte. */
+    bytes_needed += ((bit_count % 8) > 0);
+    return bytes_needed;
+}
+
+void
+cork_bitset_init(struct cork_bitset *set, size_t bit_count)
+{
+    set->bit_count = bit_count;
+    set->byte_count = bytes_needed(bit_count);
+    set->bits = cork_malloc(set->byte_count);
+    memset(set->bits, 0, set->byte_count);
+}
+
+struct cork_bitset *
+cork_bitset_new(size_t bit_count)
+{
+    struct cork_bitset  *set = cork_new(struct cork_bitset);
+    cork_bitset_init(set, bit_count);
+    return set;
+}
+
+void
+cork_bitset_done(struct cork_bitset *set)
+{
+    cork_free(set->bits, set->byte_count);
+}
+
+void
+cork_bitset_free(struct cork_bitset *set)
+{
+    cork_bitset_done(set);
+    cork_delete(struct cork_bitset, set);
+}
+
+void
+cork_bitset_clear(struct cork_bitset *set)
+{
+    memset(set->bits, 0, set->byte_count);
+}
diff --git a/client/3rd/ShadowSocks/ShadowSocks/shadowsocks-libev/libcork/src/libcork/ds/buffer.c b/client/3rd/ShadowSocks/ShadowSocks/shadowsocks-libev/libcork/src/libcork/ds/buffer.c
new file mode 100644
index 00000000..2cd8e1c9
--- /dev/null
+++ b/client/3rd/ShadowSocks/ShadowSocks/shadowsocks-libev/libcork/src/libcork/ds/buffer.c
@@ -0,0 +1,471 @@
+/* -*- coding: utf-8 -*-
+ * ----------------------------------------------------------------------
+ * Copyright © 2011-2014, RedJack, LLC.
+ * All rights reserved.
+ *
+ * Please see the COPYING file in this distribution for license details.
+ * ----------------------------------------------------------------------
+ */
+
+#include <stdarg.h>
+#include <stdio.h>
+#include <string.h>
+
+#include "libcork/core/allocator.h"
+#include "libcork/core/types.h"
+#include "libcork/ds/buffer.h"
+#include "libcork/ds/managed-buffer.h"
+#include "libcork/ds/stream.h"
+#include "libcork/helpers/errors.h"
+
+
+void
+cork_buffer_init(struct cork_buffer *buffer)
+{
+    buffer->buf = NULL;
+    buffer->size = 0;
+    buffer->allocated_size = 0;
+}
+
+
+struct cork_buffer *
+cork_buffer_new(void)
+{
+    struct cork_buffer  *buffer = cork_new(struct cork_buffer);
+    cork_buffer_init(buffer);
+    return buffer;
+}
+
+
+void
+cork_buffer_done(struct cork_buffer *buffer)
+{
+    if (buffer->buf != NULL) {
+        cork_free(buffer->buf, buffer->allocated_size);
+        buffer->buf = NULL;
+    }
+    buffer->size = 0;
+    buffer->allocated_size = 0;
+}
+
+
+void
+cork_buffer_free(struct cork_buffer *buffer)
+{
+    cork_buffer_done(buffer);
+    cork_delete(struct cork_buffer, buffer);
+}
+
+
+bool
+cork_buffer_equal(const struct cork_buffer *buffer1,
+                  const struct cork_buffer *buffer2)
+{
+    if (buffer1 == buffer2) {
+        return true;
+    }
+
+    if (buffer1->size != buffer2->size) {
+        return false;
+    }
+
+    return (memcmp(buffer1->buf, buffer2->buf, buffer1->size) == 0);
+}
+
+
+static void
+cork_buffer_ensure_size_int(struct cork_buffer *buffer, size_t desired_size)
+{
+    size_t  new_size;
+
+    if (CORK_LIKELY(buffer->allocated_size >= desired_size)) {
+        return;
+    }
+
+    /* Make sure we at least double the old size when reallocating. */
+    new_size = buffer->allocated_size * 2;
+    if (desired_size > new_size) {
+        new_size = desired_size;
+    }
+
+    buffer->buf = cork_realloc(buffer->buf, buffer->allocated_size, new_size);
+    buffer->allocated_size = new_size;
+}
+
+void
+cork_buffer_ensure_size(struct cork_buffer *buffer, size_t desired_size)
+{
+    cork_buffer_ensure_size_int(buffer, desired_size);
+}
+
+
+void
+cork_buffer_clear(struct cork_buffer *buffer)
+{
+    buffer->size = 0;
+    if (buffer->buf != NULL) {
+        ((char *) buffer->buf)[0] = '\0';
+    }
+}
+
+void
+cork_buffer_truncate(struct cork_buffer *buffer, size_t length)
+{
+    if (buffer->size > length) {
+        buffer->size = length;
+        if (length == 0) {
+            if (buffer->buf != NULL) {
+                ((char *) buffer->buf)[0] = '\0';
+            }
+        } else {
+            ((char *) buffer->buf)[length] = '\0';
+        }
+    }
+}
+
+
+void
+cork_buffer_set(struct cork_buffer *buffer, const void *src, size_t length)
+{
+    cork_buffer_ensure_size_int(buffer, length+1);
+    memcpy(buffer->buf, src, length);
+    ((char *) buffer->buf)[length] = '\0';
+    buffer->size = length;
+}
+
+
+void
+cork_buffer_append(struct cork_buffer *buffer, const void *src, size_t length)
+{
+    cork_buffer_ensure_size_int(buffer, buffer->size + length + 1);
+    memcpy(buffer->buf + buffer->size, src, length);
+    buffer->size += length;
+    ((char *) buffer->buf)[buffer->size] = '\0';
+}
+
+
+void
+cork_buffer_set_string(struct cork_buffer *buffer, const char *str)
+{
+    cork_buffer_set(buffer, str, strlen(str));
+}
+
+
+void
+cork_buffer_append_string(struct cork_buffer *buffer, const char *str)
+{
+    cork_buffer_append(buffer, str, strlen(str));
+}
+
+
+void
+cork_buffer_append_vprintf(struct cork_buffer *buffer, const char *format,
+                           va_list args)
+{
+    size_t  format_size;
+    va_list  args1;
+
+    va_copy(args1, args);
+    format_size = vsnprintf(buffer->buf + buffer->size,
+                            buffer->allocated_size - buffer->size,
+                            format, args1);
+    va_end(args1);
+
+    /* If the first call works, then set buffer->size and return. */
+    if (format_size < (buffer->allocated_size - buffer->size)) {
+        buffer->size += format_size;
+        return;
+    }
+
+    /* If the first call fails, resize buffer and try again. */
+    cork_buffer_ensure_size_int
+        (buffer, buffer->allocated_size + format_size + 1);
+    format_size = vsnprintf(buffer->buf + buffer->size,
+                            buffer->allocated_size - buffer->size,
+                            format, args);
+    buffer->size += format_size;
+}
+
+
+void
+cork_buffer_vprintf(struct cork_buffer *buffer, const char *format,
+                    va_list args)
+{
+    cork_buffer_clear(buffer);
+    cork_buffer_append_vprintf(buffer, format, args);
+}
+
+
+void
+cork_buffer_append_printf(struct cork_buffer *buffer, const char *format, ...)
+{
+    va_list  args;
+    va_start(args, format);
+    cork_buffer_append_vprintf(buffer, format, args);
+    va_end(args);
+}
+
+
+void
+cork_buffer_printf(struct cork_buffer *buffer, const char *format, ...)
+{
+    va_list  args;
+    va_start(args, format);
+    cork_buffer_vprintf(buffer, format, args);
+    va_end(args);
+}
+
+
+void
+cork_buffer_append_indent(struct cork_buffer *buffer, size_t indent)
+{
+    cork_buffer_ensure_size_int(buffer, buffer->size + indent + 1);
+    memset(buffer->buf + buffer->size, ' ', indent);
+    buffer->size += indent;
+    ((char *) buffer->buf)[buffer->size] = '\0';
+}
+
+/* including space */
+#define is_sprint(ch)  ((ch) >= 0x20 && (ch) <= 0x7e)
+
+/* not including space */
+#define is_print(ch)  ((ch) > 0x20 && (ch) <= 0x7e)
+
+#define is_space(ch) \
+    ((ch) == ' ' || \
+     (ch) == '\f' || \
+     (ch) == '\n' || \
+     (ch) == '\r' || \
+     (ch) == '\t' || \
+     (ch) == '\v')
+
+#define to_hex(nybble) \
+    ((nybble) < 10? '0' + (nybble): 'a' - 10 + (nybble))
+
+void
+cork_buffer_append_c_string(struct cork_buffer *dest,
+                            const char *chars, size_t length)
+{
+    size_t  i;
+    cork_buffer_append(dest, "\"", 1);
+    for (i = 0; i < length; i++) {
+        char  ch = chars[i];
+        switch (ch) {
+            case '\"':
+                cork_buffer_append_literal(dest, "\\\"");
+                break;
+            case '\\':
+                cork_buffer_append_literal(dest, "\\\\");
+                break;
+            case '\f':
+                cork_buffer_append_literal(dest, "\\f");
+                break;
+            case '\n':
+                cork_buffer_append_literal(dest, "\\n");
+                break;
+            case '\r':
+                cork_buffer_append_literal(dest, "\\r");
+                break;
+            case '\t':
+                cork_buffer_append_literal(dest, "\\t");
+                break;
+            case '\v':
+                cork_buffer_append_literal(dest, "\\v");
+                break;
+            default:
+                if (is_sprint(ch)) {
+                    cork_buffer_append(dest, &chars[i], 1);
+                } else {
+                    uint8_t  byte = ch;
+                    cork_buffer_append_printf(dest, "\\x%02" PRIx8, byte);
+                }
+                break;
+        }
+    }
+    cork_buffer_append(dest, "\"", 1);
+}
+
+void
+cork_buffer_append_hex_dump(struct cork_buffer *dest, size_t indent,
+                            const char *chars, size_t length)
+{
+    char  hex[3 * 16];
+    char  print[16];
+    char  *curr_hex = hex;
+    char  *curr_print = print;
+    size_t  i;
+    size_t  column = 0;
+    for (i = 0; i < length; i++) {
+        char  ch = chars[i];
+        uint8_t  u8 = ch;
+        *curr_hex++ = to_hex(u8 >> 4);
+        *curr_hex++ = to_hex(u8 & 0x0f);
+        *curr_hex++ = ' ';
+        *curr_print++ = is_sprint(ch)? ch: '.';
+        if (column == 0 && i != 0) {
+            cork_buffer_append_literal(dest, "\n");
+            cork_buffer_append_indent(dest, indent);
+            column++;
+        } else if (column == 15) {
+            cork_buffer_append_printf
+                (dest, "%-48.*s", (int) (curr_hex - hex), hex);
+            cork_buffer_append_literal(dest, " |");
+            cork_buffer_append(dest, print, curr_print - print);
+            cork_buffer_append_literal(dest, "|");
+            curr_hex = hex;
+            curr_print = print;
+            column = 0;
+        } else {
+            column++;
+        }
+    }
+
+    if (column > 0) {
+        cork_buffer_append_printf(dest, "%-48.*s", (int) (curr_hex - hex), hex);
+        cork_buffer_append_literal(dest, " |");
+        cork_buffer_append(dest, print, curr_print - print);
+        cork_buffer_append_literal(dest, "|");
+    }
+}
+
+void
+cork_buffer_append_multiline(struct cork_buffer *dest, size_t indent,
+                             const char *chars, size_t length)
+{
+    size_t  i;
+    for (i = 0; i < length; i++) {
+        char  ch = chars[i];
+        if (ch == '\n') {
+            cork_buffer_append_literal(dest, "\n");
+            cork_buffer_append_indent(dest, indent);
+        } else {
+            cork_buffer_append(dest, &chars[i], 1);
+        }
+    }
+}
+
+void
+cork_buffer_append_binary(struct cork_buffer *dest, size_t indent,
+                          const char *chars, size_t length)
+{
+    size_t  i;
+    bool  newline = false;
+
+    /* If there are any non-printable characters, print out a hex dump */
+    for (i = 0; i < length; i++) {
+        if (!is_print(chars[i]) && !is_space(chars[i])) {
+            cork_buffer_append_literal(dest, "(hex)\n");
+            cork_buffer_append_indent(dest, indent);
+            cork_buffer_append_hex_dump(dest, indent, chars, length);
+            return;
+        } else if (chars[i] == '\n') {
+            newline = true;
+            /* Don't immediately use the multiline format, since there might be
+             * a non-printable character later on that kicks us over to the hex
+             * dump format. */
+        }
+    }
+
+    if (newline) {
+        cork_buffer_append_literal(dest, "(multiline)\n");
+        cork_buffer_append_indent(dest, indent);
+        cork_buffer_append_multiline(dest, indent, chars, length);
+    } else {
+        cork_buffer_append(dest, chars, length);
+    }
+}
+
+
+struct cork_buffer__managed_buffer {
+    struct cork_managed_buffer  parent;
+    struct cork_buffer  *buffer;
+};
+
+static void
+cork_buffer__managed_free(struct cork_managed_buffer *vself)
+{
+    struct cork_buffer__managed_buffer  *self =
+        cork_container_of(vself, struct cork_buffer__managed_buffer, parent);
+    cork_buffer_free(self->buffer);
+    cork_delete(struct cork_buffer__managed_buffer, self);
+}
+
+static struct cork_managed_buffer_iface  CORK_BUFFER__MANAGED_BUFFER = {
+    cork_buffer__managed_free
+};
+
+struct cork_managed_buffer *
+cork_buffer_to_managed_buffer(struct cork_buffer *buffer)
+{
+    struct cork_buffer__managed_buffer  *self =
+        cork_new(struct cork_buffer__managed_buffer);
+    self->parent.buf = buffer->buf;
+    self->parent.size = buffer->size;
+    self->parent.ref_count = 1;
+    self->parent.iface = &CORK_BUFFER__MANAGED_BUFFER;
+    self->buffer = buffer;
+    return &self->parent;
+}
+
+
+int
+cork_buffer_to_slice(struct cork_buffer *buffer, struct cork_slice *slice)
+{
+    struct cork_managed_buffer  *managed =
+        cork_buffer_to_managed_buffer(buffer);
+
+    /* We don't have to check for NULL; cork_managed_buffer_slice_offset
+     * will do that for us. */
+    int  rc = cork_managed_buffer_slice_offset(slice, managed, 0);
+
+    /* Before returning, drop our reference to the managed buffer.  If
+     * the slicing succeeded, then there will be one remaining reference
+     * in the slice.  If it didn't succeed, this will free the managed
+     * buffer for us. */
+    cork_managed_buffer_unref(managed);
+    return rc;
+}
+
+
+struct cork_buffer__stream_consumer {
+    struct cork_stream_consumer  consumer;
+    struct cork_buffer  *buffer;
+};
+
+static int
+cork_buffer_stream_consumer_data(struct cork_stream_consumer *consumer,
+                                 const void *buf, size_t size,
+                                 bool is_first_chunk)
+{
+    struct cork_buffer__stream_consumer  *bconsumer = cork_container_of
+        (consumer, struct cork_buffer__stream_consumer, consumer);
+    cork_buffer_append(bconsumer->buffer, buf, size);
+    return 0;
+}
+
+static int
+cork_buffer_stream_consumer_eof(struct cork_stream_consumer *consumer)
+{
+    return 0;
+}
+
+static void
+cork_buffer_stream_consumer_free(struct cork_stream_consumer *consumer)
+{
+    struct cork_buffer__stream_consumer  *bconsumer =
+        cork_container_of
+        (consumer, struct cork_buffer__stream_consumer, consumer);
+    cork_delete(struct cork_buffer__stream_consumer, bconsumer);
+}
+
+struct cork_stream_consumer *
+cork_buffer_to_stream_consumer(struct cork_buffer *buffer)
+{
+    struct cork_buffer__stream_consumer  *bconsumer =
+        cork_new(struct cork_buffer__stream_consumer);
+    bconsumer->consumer.data = cork_buffer_stream_consumer_data;
+    bconsumer->consumer.eof = cork_buffer_stream_consumer_eof;
+    bconsumer->consumer.free = cork_buffer_stream_consumer_free;
+    bconsumer->buffer = buffer;
+    return &bconsumer->consumer;
+}
diff --git a/client/3rd/ShadowSocks/ShadowSocks/shadowsocks-libev/libcork/src/libcork/ds/dllist.c b/client/3rd/ShadowSocks/ShadowSocks/shadowsocks-libev/libcork/src/libcork/ds/dllist.c
new file mode 100644
index 00000000..dbaafbc4
--- /dev/null
+++ b/client/3rd/ShadowSocks/ShadowSocks/shadowsocks-libev/libcork/src/libcork/ds/dllist.c
@@ -0,0 +1,63 @@
+/* -*- coding: utf-8 -*-
+ * ----------------------------------------------------------------------
+ * Copyright © 2011-2014, RedJack, LLC.
+ * All rights reserved.
+ *
+ * Please see the COPYING file in this distribution for license details.
+ * ----------------------------------------------------------------------
+ */
+
+#include "libcork/core/api.h"
+#include "libcork/core/types.h"
+#include "libcork/ds/dllist.h"
+
+
+/* Include a linkable (but deprecated) version of this to maintain ABI
+ * compatibility. */
+#undef cork_dllist_init
+CORK_API void
+cork_dllist_init(struct cork_dllist *list)
+{
+    list->head.next = &list->head;
+    list->head.prev = &list->head;
+}
+
+
+void
+cork_dllist_map(struct cork_dllist *list,
+                cork_dllist_map_func func, void *user_data)
+{
+    struct cork_dllist_item  *curr;
+    struct cork_dllist_item  *next;
+    cork_dllist_foreach_void(list, curr, next) {
+        func(curr, user_data);
+    }
+}
+
+int
+cork_dllist_visit(struct cork_dllist *list, void *ud,
+                  cork_dllist_visit_f *visit)
+{
+    struct cork_dllist_item  *curr;
+    struct cork_dllist_item  *next;
+    cork_dllist_foreach_void(list, curr, next) {
+        int  rc = visit(ud, curr);
+        if (rc != 0) {
+            return rc;
+        }
+    }
+    return 0;
+}
+
+
+size_t
+cork_dllist_size(const struct cork_dllist *list)
+{
+    size_t  size = 0;
+    struct cork_dllist_item  *curr;
+    struct cork_dllist_item  *next;
+    cork_dllist_foreach_void(list, curr, next) {
+        size++;
+    }
+    return size;
+}
diff --git a/client/3rd/ShadowSocks/ShadowSocks/shadowsocks-libev/libcork/src/libcork/ds/file-stream.c b/client/3rd/ShadowSocks/ShadowSocks/shadowsocks-libev/libcork/src/libcork/ds/file-stream.c
new file mode 100644
index 00000000..c9a7c732
--- /dev/null
+++ b/client/3rd/ShadowSocks/ShadowSocks/shadowsocks-libev/libcork/src/libcork/ds/file-stream.c
@@ -0,0 +1,214 @@
+/* -*- coding: utf-8 -*-
+ * ----------------------------------------------------------------------
+ * Copyright © 2012-2014, RedJack, LLC.
+ * All rights reserved.
+ *
+ * Please see the COPYING file in this distribution for license details.
+ * ----------------------------------------------------------------------
+ */
+
+#include <errno.h>
+#include <fcntl.h>
+#include <stdio.h>
+#include <unistd.h>
+#include <sys/types.h>
+
+#include "libcork/ds/stream.h"
+#include "libcork/helpers/errors.h"
+#include "libcork/helpers/posix.h"
+
+#define BUFFER_SIZE  4096
+
+
+/*-----------------------------------------------------------------------
+ * Producers
+ */
+
+int
+cork_consume_fd(struct cork_stream_consumer *consumer, int fd)
+{
+    char  buf[BUFFER_SIZE];
+    ssize_t  bytes_read;
+    bool  first = true;
+
+    while (true) {
+        while ((bytes_read = read(fd, buf, BUFFER_SIZE)) > 0) {
+            rii_check(cork_stream_consumer_data
+                      (consumer, buf, bytes_read, first));
+            first = false;
+        }
+
+        if (bytes_read == 0) {
+            return cork_stream_consumer_eof(consumer);
+        } else if (errno != EINTR) {
+            cork_system_error_set();
+            return -1;
+        }
+    }
+}
+
+int
+cork_consume_file(struct cork_stream_consumer *consumer, FILE *fp)
+{
+    char  buf[BUFFER_SIZE];
+    size_t  bytes_read;
+    bool  first = true;
+
+    while (true) {
+        while ((bytes_read = fread(buf, 1, BUFFER_SIZE, fp)) > 0) {
+            rii_check(cork_stream_consumer_data
+                      (consumer, buf, bytes_read, first));
+            first = false;
+        }
+
+        if (feof(fp)) {
+            return cork_stream_consumer_eof(consumer);
+        } else if (errno != EINTR) {
+            cork_system_error_set();
+            return -1;
+        }
+    }
+}
+
+int
+cork_consume_file_from_path(struct cork_stream_consumer *consumer,
+                            const char *path, int flags)
+{
+    int  fd;
+    rii_check_posix(fd = open(path, flags));
+    ei_check(cork_consume_fd(consumer, fd));
+    rii_check_posix(close(fd));
+    return 0;
+
+error:
+    rii_check_posix(close(fd));
+    return -1;
+}
+
+
+/*-----------------------------------------------------------------------
+ * Consumers
+ */
+
+struct cork_file_consumer {
+    struct cork_stream_consumer  parent;
+    FILE  *fp;
+};
+
+static int
+cork_file_consumer__data(struct cork_stream_consumer *vself,
+                         const void *buf, size_t size, bool is_first)
+{
+    struct cork_file_consumer  *self =
+        cork_container_of(vself, struct cork_file_consumer, parent);
+    size_t  bytes_written = fwrite(buf, 1, size, self->fp);
+    /* If there was an error writing to the file, then signal this to
+     * the producer */
+    if (bytes_written == size) {
+        return 0;
+    } else {
+        cork_system_error_set();
+        return -1;
+    }
+}
+
+static int
+cork_file_consumer__eof(struct cork_stream_consumer *vself)
+{
+    /* We never close the file with this version of the consumer, so there's
+     * nothing special to do at end-of-stream. */
+    return 0;
+}
+
+static void
+cork_file_consumer__free(struct cork_stream_consumer *vself)
+{
+    struct cork_file_consumer  *self =
+        cork_container_of(vself, struct cork_file_consumer, parent);
+    cork_delete(struct cork_file_consumer, self);
+}
+
+struct cork_stream_consumer *
+cork_file_consumer_new(FILE *fp)
+{
+    struct cork_file_consumer  *self = cork_new(struct cork_file_consumer);
+    self->parent.data = cork_file_consumer__data;
+    self->parent.eof = cork_file_consumer__eof;
+    self->parent.free = cork_file_consumer__free;
+    self->fp = fp;
+    return &self->parent;
+}
+
+
+struct cork_fd_consumer {
+    struct cork_stream_consumer  parent;
+    int  fd;
+};
+
+static int
+cork_fd_consumer__data(struct cork_stream_consumer *vself,
+                       const void *buf, size_t size, bool is_first)
+{
+    struct cork_fd_consumer  *self =
+        cork_container_of(vself, struct cork_fd_consumer, parent);
+    size_t  bytes_left = size;
+
+    while (bytes_left > 0) {
+        ssize_t  rc = write(self->fd, buf, bytes_left);
+        if (rc == -1 && errno != EINTR) {
+            cork_system_error_set();
+            return -1;
+        } else {
+            bytes_left -= rc;
+            buf += rc;
+        }
+    }
+
+    return 0;
+}
+
+static int
+cork_fd_consumer__eof_close(struct cork_stream_consumer *vself)
+{
+    int  rc;
+    struct cork_fd_consumer  *self =
+        cork_container_of(vself, struct cork_fd_consumer, parent);
+    rii_check_posix(rc = close(self->fd));
+    return 0;
+}
+
+static void
+cork_fd_consumer__free(struct cork_stream_consumer *vself)
+{
+    struct cork_fd_consumer  *self =
+        cork_container_of(vself, struct cork_fd_consumer, parent);
+    cork_delete(struct cork_fd_consumer, self);
+}
+
+struct cork_stream_consumer *
+cork_fd_consumer_new(int fd)
+{
+    struct cork_fd_consumer  *self = cork_new(struct cork_fd_consumer);
+    self->parent.data = cork_fd_consumer__data;
+    /* We don't want to close fd, so we reuse file_consumer's eof method */
+    self->parent.eof = cork_file_consumer__eof;
+    self->parent.free = cork_fd_consumer__free;
+    self->fd = fd;
+    return &self->parent;
+}
+
+struct cork_stream_consumer *
+cork_file_from_path_consumer_new(const char *path, int flags)
+{
+
+    int  fd;
+    struct cork_fd_consumer  *self;
+
+    rpi_check_posix(fd = open(path, flags));
+    self = cork_new(struct cork_fd_consumer);
+    self->parent.data = cork_fd_consumer__data;
+    self->parent.eof = cork_fd_consumer__eof_close;
+    self->parent.free = cork_fd_consumer__free;
+    self->fd = fd;
+    return &self->parent;
+}
diff --git a/client/3rd/ShadowSocks/ShadowSocks/shadowsocks-libev/libcork/src/libcork/ds/hash-table.c b/client/3rd/ShadowSocks/ShadowSocks/shadowsocks-libev/libcork/src/libcork/ds/hash-table.c
new file mode 100644
index 00000000..280a7bd6
--- /dev/null
+++ b/client/3rd/ShadowSocks/ShadowSocks/shadowsocks-libev/libcork/src/libcork/ds/hash-table.c
@@ -0,0 +1,689 @@
+/* -*- coding: utf-8 -*-
+ * ----------------------------------------------------------------------
+ * Copyright © 2011-2014, RedJack, LLC.
+ * All rights reserved.
+ *
+ * Please see the COPYING file in this distribution for license details.
+ * ----------------------------------------------------------------------
+ */
+
+#include <stdlib.h>
+#include <string.h>
+
+#include "libcork/core/callbacks.h"
+#include "libcork/core/hash.h"
+#include "libcork/core/types.h"
+#include "libcork/ds/dllist.h"
+#include "libcork/ds/hash-table.h"
+#include "libcork/helpers/errors.h"
+
+#ifndef CORK_HASH_TABLE_DEBUG
+#define CORK_HASH_TABLE_DEBUG 0
+#endif
+
+#if CORK_HASH_TABLE_DEBUG
+#include <stdio.h>
+#define DEBUG(...) \
+    do { \
+        fprintf(stderr, __VA_ARGS__); \
+        fprintf(stderr, "\n"); \
+    } while (0)
+#else
+#define DEBUG(...) /* nothing */
+#endif
+
+
+/*-----------------------------------------------------------------------
+ * Hash tables
+ */
+
+struct cork_hash_table_entry_priv {
+    struct cork_hash_table_entry  public;
+    struct cork_dllist_item  in_bucket;
+    struct cork_dllist_item  insertion_order;
+};
+
+struct cork_hash_table {
+    struct cork_dllist  *bins;
+    struct cork_dllist  insertion_order;
+    size_t  bin_count;
+    size_t  bin_mask;
+    size_t  entry_count;
+    void  *user_data;
+    cork_free_f  free_user_data;
+    cork_hash_f  hash;
+    cork_equals_f  equals;
+    cork_free_f  free_key;
+    cork_free_f  free_value;
+};
+
+static cork_hash
+cork_hash_table__default_hash(void *user_data, const void *key)
+{
+    return (cork_hash) (uintptr_t) key;
+}
+
+static bool
+cork_hash_table__default_equals(void *user_data,
+                                const void *key1, const void *key2)
+{
+    return key1 == key2;
+}
+
+
+/* The default initial number of bins to allocate in a new table. */
+#define CORK_HASH_TABLE_DEFAULT_INITIAL_SIZE  8
+
+/* The default number of entries per bin to allow before increasing the
+ * number of bins. */
+#define CORK_HASH_TABLE_MAX_DENSITY  5
+
+/* Return a power-of-2 bin count that's at least as big as the given requested
+ * size. */
+static inline size_t
+cork_hash_table_new_size(size_t desired_count)
+{
+    size_t  v = desired_count;
+    size_t  r = 1;
+    while (v >>= 1) {
+        r <<= 1;
+    }
+    if (r != desired_count) {
+        r <<= 1;
+    }
+    return r;
+}
+
+#define bin_index(table, hash)  ((hash) & (table)->bin_mask)
+
+/* Allocates a new bins array in a hash table.  We overwrite the old
+ * array, so make sure to stash it away somewhere safe first. */
+static void
+cork_hash_table_allocate_bins(struct cork_hash_table *table,
+                              size_t desired_count)
+{
+    size_t  i;
+
+    table->bin_count = cork_hash_table_new_size(desired_count);
+    table->bin_mask = table->bin_count - 1;
+    DEBUG("Allocate %zu bins", table->bin_count);
+    table->bins = cork_calloc(table->bin_count, sizeof(struct cork_dllist));
+    for (i = 0; i < table->bin_count; i++) {
+        cork_dllist_init(&table->bins[i]);
+    }
+}
+
+
+static struct cork_hash_table_entry_priv *
+cork_hash_table_new_entry(struct cork_hash_table *table,
+                          cork_hash hash, void *key, void *value)
+{
+    struct cork_hash_table_entry_priv  *entry =
+        cork_new(struct cork_hash_table_entry_priv);
+    cork_dllist_add(&table->insertion_order, &entry->insertion_order);
+    entry->public.hash = hash;
+    entry->public.key = key;
+    entry->public.value = value;
+    return entry;
+}
+
+static void
+cork_hash_table_free_entry(struct cork_hash_table *table,
+                           struct cork_hash_table_entry_priv *entry)
+{
+    if (table->free_key != NULL) {
+        table->free_key(entry->public.key);
+    }
+    if (table->free_value != NULL) {
+        table->free_value(entry->public.value);
+    }
+    cork_dllist_remove(&entry->insertion_order);
+    cork_delete(struct cork_hash_table_entry_priv, entry);
+}
+
+
+struct cork_hash_table *
+cork_hash_table_new(size_t initial_size, unsigned int flags)
+{
+    struct cork_hash_table  *table = cork_new(struct cork_hash_table);
+    table->entry_count = 0;
+    table->user_data = NULL;
+    table->free_user_data = NULL;
+    table->hash = cork_hash_table__default_hash;
+    table->equals = cork_hash_table__default_equals;
+    table->free_key = NULL;
+    table->free_value = NULL;
+    cork_dllist_init(&table->insertion_order);
+    if (initial_size < CORK_HASH_TABLE_DEFAULT_INITIAL_SIZE) {
+        initial_size = CORK_HASH_TABLE_DEFAULT_INITIAL_SIZE;
+    }
+    cork_hash_table_allocate_bins(table, initial_size);
+    return table;
+}
+
+void
+cork_hash_table_clear(struct cork_hash_table *table)
+{
+    size_t  i;
+    struct cork_dllist_item  *curr;
+    struct cork_dllist_item  *next;
+
+    DEBUG("(clear) Remove all entries");
+    for (curr = cork_dllist_start(&table->insertion_order);
+         !cork_dllist_is_end(&table->insertion_order, curr);
+         curr = next) {
+        struct cork_hash_table_entry_priv  *entry =
+            cork_container_of
+            (curr, struct cork_hash_table_entry_priv, insertion_order);
+        next = curr->next;
+        cork_hash_table_free_entry(table, entry);
+    }
+    cork_dllist_init(&table->insertion_order);
+
+    DEBUG("(clear) Clear bins");
+    for (i = 0; i < table->bin_count; i++) {
+        DEBUG("  Bin %zu", i);
+        cork_dllist_init(&table->bins[i]);
+    }
+
+    table->entry_count = 0;
+}
+
+void
+cork_hash_table_free(struct cork_hash_table *table)
+{
+    cork_hash_table_clear(table);
+    cork_cfree(table->bins, table->bin_count, sizeof(struct cork_dllist));
+    cork_delete(struct cork_hash_table, table);
+}
+
+size_t
+cork_hash_table_size(const struct cork_hash_table *table)
+{
+    return table->entry_count;
+}
+
+void
+cork_hash_table_set_user_data(struct cork_hash_table *table,
+                              void *user_data, cork_free_f free_user_data)
+{
+    table->user_data = user_data;
+    table->free_user_data = free_user_data;
+}
+
+void
+cork_hash_table_set_hash(struct cork_hash_table *table, cork_hash_f hash)
+{
+    table->hash = hash;
+}
+
+void
+cork_hash_table_set_equals(struct cork_hash_table *table, cork_equals_f equals)
+{
+    table->equals = equals;
+}
+
+void
+cork_hash_table_set_free_key(struct cork_hash_table *table, cork_free_f free)
+{
+    table->free_key = free;
+}
+
+void
+cork_hash_table_set_free_value(struct cork_hash_table *table, cork_free_f free)
+{
+    table->free_value = free;
+}
+
+
+void
+cork_hash_table_ensure_size(struct cork_hash_table *table, size_t desired_count)
+{
+    if (desired_count > table->bin_count) {
+        struct cork_dllist  *old_bins = table->bins;
+        size_t  old_bin_count = table->bin_count;
+
+        cork_hash_table_allocate_bins(table, desired_count);
+
+        if (old_bins != NULL) {
+            size_t  i;
+            for (i = 0; i < old_bin_count; i++) {
+                struct cork_dllist  *bin = &old_bins[i];
+                struct cork_dllist_item  *curr = cork_dllist_start(bin);
+                while (!cork_dllist_is_end(bin, curr)) {
+                    struct cork_hash_table_entry_priv  *entry =
+                        cork_container_of
+                        (curr, struct cork_hash_table_entry_priv, in_bucket);
+                    struct cork_dllist_item  *next = curr->next;
+
+                    size_t  bin_index = bin_index(table, entry->public.hash);
+                    DEBUG("      Rehash %p from bin %zu to bin %zu",
+                          entry, i, bin_index);
+                    cork_dllist_add(&table->bins[bin_index], curr);
+
+                    curr = next;
+                }
+            }
+
+            cork_cfree(old_bins, old_bin_count, sizeof(struct cork_dllist));
+        }
+    }
+}
+
+
+static void
+cork_hash_table_rehash(struct cork_hash_table *table)
+{
+    DEBUG("    Reached maximum density; rehash");
+    cork_hash_table_ensure_size(table, table->bin_count + 1);
+}
+
+
+struct cork_hash_table_entry *
+cork_hash_table_get_entry_hash(const struct cork_hash_table *table,
+                               cork_hash hash, const void *key)
+{
+    size_t  bin_index;
+    struct cork_dllist  *bin;
+    struct cork_dllist_item  *curr;
+
+    if (table->bin_count == 0) {
+        DEBUG("(get) Empty table when searching for key %p "
+              "(hash 0x%08" PRIx32 ")",
+              key, hash);
+        return NULL;
+    }
+
+    bin_index = bin_index(table, hash);
+    DEBUG("(get) Search for key %p (hash 0x%08" PRIx32 ", bin %zu)",
+          key, hash, bin_index);
+
+    bin = &table->bins[bin_index];
+    curr = cork_dllist_start(bin);
+    while (!cork_dllist_is_end(bin, curr)) {
+        struct cork_hash_table_entry_priv  *entry =
+            cork_container_of
+            (curr, struct cork_hash_table_entry_priv, in_bucket);
+
+        DEBUG("  Check entry %p", entry);
+        if (table->equals(table->user_data, key, entry->public.key)) {
+            DEBUG("  Match");
+            return &entry->public;
+        }
+
+        curr = curr->next;
+    }
+
+    DEBUG("  Entry not found");
+    return NULL;
+}
+
+struct cork_hash_table_entry *
+cork_hash_table_get_entry(const struct cork_hash_table *table, const void *key)
+{
+    cork_hash  hash = table->hash(table->user_data, key);
+    return cork_hash_table_get_entry_hash(table, hash, key);
+}
+
+void *
+cork_hash_table_get_hash(const struct cork_hash_table *table,
+                         cork_hash hash, const void *key)
+{
+    struct cork_hash_table_entry  *entry =
+        cork_hash_table_get_entry_hash(table, hash, key);
+    if (entry == NULL) {
+        return NULL;
+    } else {
+        DEBUG("  Extract value pointer %p", entry->value);
+        return entry->value;
+    }
+}
+
+void *
+cork_hash_table_get(const struct cork_hash_table *table, const void *key)
+{
+    struct cork_hash_table_entry  *entry =
+        cork_hash_table_get_entry(table, key);
+    if (entry == NULL) {
+        return NULL;
+    } else {
+        DEBUG("  Extract value pointer %p", entry->value);
+        return entry->value;
+    }
+}
+
+
+struct cork_hash_table_entry *
+cork_hash_table_get_or_create_hash(struct cork_hash_table *table,
+                                   cork_hash hash, void *key, bool *is_new)
+{
+    struct cork_hash_table_entry_priv  *entry;
+    size_t  bin_index;
+
+    if (table->bin_count > 0) {
+        struct cork_dllist  *bin;
+        struct cork_dllist_item  *curr;
+
+        bin_index = bin_index(table, hash);
+        DEBUG("(get_or_create) Search for key %p "
+              "(hash 0x%08" PRIx32 ", bin %zu)",
+              key, hash, bin_index);
+
+        bin = &table->bins[bin_index];
+        curr = cork_dllist_start(bin);
+        while (!cork_dllist_is_end(bin, curr)) {
+            struct cork_hash_table_entry_priv  *entry =
+                cork_container_of
+                (curr, struct cork_hash_table_entry_priv, in_bucket);
+
+            DEBUG("  Check entry %p", entry);
+            if (table->equals(table->user_data, key, entry->public.key)) {
+                DEBUG("    Match");
+                DEBUG("    Return value pointer %p", entry->public.value);
+                *is_new = false;
+                return &entry->public;
+            }
+
+            curr = curr->next;
+        }
+
+        /* create a new entry */
+        DEBUG("  Entry not found");
+
+        if ((table->entry_count / table->bin_count) >
+            CORK_HASH_TABLE_MAX_DENSITY) {
+            cork_hash_table_rehash(table);
+            bin_index = bin_index(table, hash);
+        }
+    } else {
+        DEBUG("(get_or_create) Search for key %p (hash 0x%08" PRIx32 ")",
+              key, hash);
+        DEBUG("  Empty table");
+        cork_hash_table_rehash(table);
+        bin_index = bin_index(table, hash);
+    }
+
+    DEBUG("    Allocate new entry");
+    entry = cork_hash_table_new_entry(table, hash, key, NULL);
+    DEBUG("    Created new entry %p", entry);
+
+    DEBUG("    Add entry into bin %zu", bin_index);
+    cork_dllist_add(&table->bins[bin_index], &entry->in_bucket);
+
+    table->entry_count++;
+    *is_new = true;
+    return &entry->public;
+}
+
+struct cork_hash_table_entry *
+cork_hash_table_get_or_create(struct cork_hash_table *table,
+                              void *key, bool *is_new)
+{
+    cork_hash  hash = table->hash(table->user_data, key);
+    return cork_hash_table_get_or_create_hash(table, hash, key, is_new);
+}
+
+
+void
+cork_hash_table_put_hash(struct cork_hash_table *table,
+                         cork_hash hash, void *key, void *value,
+                         bool *is_new, void **old_key, void **old_value)
+{
+    struct cork_hash_table_entry_priv  *entry;
+    size_t  bin_index;
+
+    if (table->bin_count > 0) {
+        struct cork_dllist  *bin;
+        struct cork_dllist_item  *curr;
+
+        bin_index = bin_index(table, hash);
+        DEBUG("(put) Search for key %p (hash 0x%08" PRIx32 ", bin %zu)",
+              key, hash, bin_index);
+
+        bin = &table->bins[bin_index];
+        curr = cork_dllist_start(bin);
+        while (!cork_dllist_is_end(bin, curr)) {
+            struct cork_hash_table_entry_priv  *entry =
+                cork_container_of
+                (curr, struct cork_hash_table_entry_priv, in_bucket);
+
+            DEBUG("  Check entry %p", entry);
+            if (table->equals(table->user_data, key, entry->public.key)) {
+                DEBUG("    Found existing entry; overwriting");
+                DEBUG("    Return old key %p", entry->public.key);
+                if (old_key != NULL) {
+                    *old_key = entry->public.key;
+                }
+                DEBUG("    Return old value %p", entry->public.value);
+                if (old_value != NULL) {
+                    *old_value = entry->public.value;
+                }
+                DEBUG("    Copy key %p into entry", key);
+                entry->public.key = key;
+                DEBUG("    Copy value %p into entry", value);
+                entry->public.value = value;
+                if (is_new != NULL) {
+                    *is_new = false;
+                }
+                return;
+            }
+
+            curr = curr->next;
+        }
+
+        /* create a new entry */
+        DEBUG("  Entry not found");
+        if ((table->entry_count / table->bin_count) >
+            CORK_HASH_TABLE_MAX_DENSITY) {
+            cork_hash_table_rehash(table);
+            bin_index = bin_index(table, hash);
+        }
+    } else {
+        DEBUG("(put) Search for key %p (hash 0x%08" PRIx32 ")",
+              key, hash);
+        DEBUG("  Empty table");
+        cork_hash_table_rehash(table);
+        bin_index = bin_index(table, hash);
+    }
+
+    DEBUG("    Allocate new entry");
+    entry = cork_hash_table_new_entry(table, hash, key, value);
+    DEBUG("    Created new entry %p", entry);
+
+    DEBUG("    Add entry into bin %zu", bin_index);
+    cork_dllist_add(&table->bins[bin_index], &entry->in_bucket);
+
+    table->entry_count++;
+    if (old_key != NULL) {
+        *old_key = NULL;
+    }
+    if (old_value != NULL) {
+        *old_value = NULL;
+    }
+    if (is_new != NULL) {
+        *is_new = true;
+    }
+}
+
+void
+cork_hash_table_put(struct cork_hash_table *table,
+                    void *key, void *value,
+                    bool *is_new, void **old_key, void **old_value)
+{
+    cork_hash  hash = table->hash(table->user_data, key);
+    cork_hash_table_put_hash
+        (table, hash, key, value, is_new, old_key, old_value);
+}
+
+
+void
+cork_hash_table_delete_entry(struct cork_hash_table *table,
+                             struct cork_hash_table_entry *ventry)
+{
+    struct cork_hash_table_entry_priv  *entry =
+        cork_container_of(ventry, struct cork_hash_table_entry_priv, public);
+    cork_dllist_remove(&entry->in_bucket);
+    table->entry_count--;
+    cork_hash_table_free_entry(table, entry);
+}
+
+
+bool
+cork_hash_table_delete_hash(struct cork_hash_table *table,
+                            cork_hash hash, const void *key,
+                            void **deleted_key, void **deleted_value)
+{
+    size_t  bin_index;
+    struct cork_dllist  *bin;
+    struct cork_dllist_item  *curr;
+
+    if (table->bin_count == 0) {
+        DEBUG("(delete) Empty table when searching for key %p "
+              "(hash 0x%08" PRIx32 ")",
+              key, hash);
+        return false;
+    }
+
+    bin_index = bin_index(table, hash);
+    DEBUG("(delete) Search for key %p (hash 0x%08" PRIx32 ", bin %zu)",
+          key, hash, bin_index);
+
+    bin = &table->bins[bin_index];
+    curr = cork_dllist_start(bin);
+    while (!cork_dllist_is_end(bin, curr)) {
+        struct cork_hash_table_entry_priv  *entry =
+            cork_container_of
+            (curr, struct cork_hash_table_entry_priv, in_bucket);
+
+        DEBUG("  Check entry %p", entry);
+        if (table->equals(table->user_data, key, entry->public.key)) {
+            DEBUG("    Match");
+            if (deleted_key != NULL) {
+                *deleted_key = entry->public.key;
+            }
+            if (deleted_value != NULL) {
+                *deleted_value = entry->public.value;
+            }
+
+            DEBUG("    Remove entry from hash bin %zu", bin_index);
+            cork_dllist_remove(curr);
+            table->entry_count--;
+
+            DEBUG("    Free entry %p", entry);
+            cork_hash_table_free_entry(table, entry);
+            return true;
+        }
+
+        curr = curr->next;
+    }
+
+    DEBUG("  Entry not found");
+    return false;
+}
+
+bool
+cork_hash_table_delete(struct cork_hash_table *table, const void *key,
+                       void **deleted_key, void **deleted_value)
+{
+    cork_hash  hash = table->hash(table->user_data, key);
+    return cork_hash_table_delete_hash
+        (table, hash, key, deleted_key, deleted_value);
+}
+
+
+void
+cork_hash_table_map(struct cork_hash_table *table, void *user_data,
+                    cork_hash_table_map_f map)
+{
+    struct cork_dllist_item  *curr;
+    DEBUG("Map across hash table");
+
+    curr = cork_dllist_start(&table->insertion_order);
+    while (!cork_dllist_is_end(&table->insertion_order, curr)) {
+        struct cork_hash_table_entry_priv  *entry =
+            cork_container_of
+            (curr, struct cork_hash_table_entry_priv, insertion_order);
+        struct cork_dllist_item  *next = curr->next;
+        enum cork_hash_table_map_result  result;
+
+        DEBUG("    Apply function to entry %p", entry);
+        result = map(user_data, &entry->public);
+
+        if (result == CORK_HASH_TABLE_MAP_ABORT) {
+            return;
+        } else if (result == CORK_HASH_TABLE_MAP_DELETE) {
+            DEBUG("      Delete requested");
+            cork_dllist_remove(curr);
+            cork_dllist_remove(&entry->in_bucket);
+            table->entry_count--;
+            cork_hash_table_free_entry(table, entry);
+        }
+
+        curr = next;
+    }
+}
+
+
+void
+cork_hash_table_iterator_init(struct cork_hash_table *table,
+                              struct cork_hash_table_iterator *iterator)
+{
+    DEBUG("Iterate through hash table");
+    iterator->table = table;
+    iterator->priv = cork_dllist_start(&table->insertion_order);
+}
+
+
+struct cork_hash_table_entry *
+cork_hash_table_iterator_next(struct cork_hash_table_iterator *iterator)
+{
+    struct cork_hash_table  *table = iterator->table;
+    struct cork_dllist_item  *curr = iterator->priv;
+    struct cork_hash_table_entry_priv  *entry;
+
+    if (cork_dllist_is_end(&table->insertion_order, curr)) {
+        return NULL;
+    }
+
+    entry = cork_container_of
+        (curr, struct cork_hash_table_entry_priv, insertion_order);
+    DEBUG("    Return entry %p", entry);
+    iterator->priv = curr->next;
+    return &entry->public;
+}
+
+
+/*-----------------------------------------------------------------------
+ * Built-in key types
+ */
+
+static cork_hash
+string_hash(void *user_data, const void *vk)
+{
+    const char  *k = vk;
+    size_t  len = strlen(k);
+    return cork_hash_buffer(0, k, len);
+}
+
+static bool
+string_equals(void *user_data, const void *vk1, const void *vk2)
+{
+    const char  *k1 = vk1;
+    const char  *k2 = vk2;
+    return strcmp(k1, k2) == 0;
+}
+
+struct cork_hash_table *
+cork_string_hash_table_new(size_t initial_size, unsigned int flags)
+{
+    struct cork_hash_table  *table = cork_hash_table_new(initial_size, flags);
+    cork_hash_table_set_hash(table, string_hash);
+    cork_hash_table_set_equals(table, string_equals);
+    return table;
+}
+
+struct cork_hash_table *
+cork_pointer_hash_table_new(size_t initial_size, unsigned int flags)
+{
+    return cork_hash_table_new(initial_size, flags);
+}
diff --git a/client/3rd/ShadowSocks/ShadowSocks/shadowsocks-libev/libcork/src/libcork/ds/managed-buffer.c b/client/3rd/ShadowSocks/ShadowSocks/shadowsocks-libev/libcork/src/libcork/ds/managed-buffer.c
new file mode 100644
index 00000000..830b88f1
--- /dev/null
+++ b/client/3rd/ShadowSocks/ShadowSocks/shadowsocks-libev/libcork/src/libcork/ds/managed-buffer.c
@@ -0,0 +1,240 @@
+/* -*- coding: utf-8 -*-
+ * ----------------------------------------------------------------------
+ * Copyright © 2011-2014, RedJack, LLC.
+ * All rights reserved.
+ *
+ * Please see the COPYING file in this distribution for license details.
+ * ----------------------------------------------------------------------
+ */
+
+#include <stdlib.h>
+#include <string.h>
+
+#include "libcork/core/error.h"
+#include "libcork/core/types.h"
+#include "libcork/ds/managed-buffer.h"
+#include "libcork/ds/slice.h"
+#include "libcork/helpers/errors.h"
+
+
+/*-----------------------------------------------------------------------
+ * Error handling
+ */
+
+static void
+cork_slice_invalid_slice_set(size_t buf_size, size_t requested_offset,
+                             size_t requested_length)
+{
+    cork_error_set
+        (CORK_SLICE_ERROR, CORK_SLICE_INVALID_SLICE,
+         "Cannot slice %zu-byte buffer at %zu:%zu",
+         buf_size, requested_offset, requested_length);
+}
+
+
+/*-----------------------------------------------------------------------
+ * Managed buffers
+ */
+
+struct cork_managed_buffer_wrapped {
+    struct cork_managed_buffer  parent;
+    void  *buf;
+    size_t  size;
+    cork_managed_buffer_freer  free;
+};
+
+static void
+cork_managed_buffer_wrapped__free(struct cork_managed_buffer *vself)
+{
+    struct cork_managed_buffer_wrapped  *self =
+        cork_container_of(vself, struct cork_managed_buffer_wrapped, parent);
+    self->free(self->buf, self->size);
+    cork_delete(struct cork_managed_buffer_wrapped, self);
+}
+
+static struct cork_managed_buffer_iface  CORK_MANAGED_BUFFER_WRAPPED = {
+    cork_managed_buffer_wrapped__free
+};
+
+struct cork_managed_buffer *
+cork_managed_buffer_new(const void *buf, size_t size,
+                        cork_managed_buffer_freer free)
+{
+    /*
+    DEBUG("Creating new struct cork_managed_buffer [%p:%zu], refcount now 1",
+          buf, size);
+    */
+
+    struct cork_managed_buffer_wrapped  *self =
+        cork_new(struct cork_managed_buffer_wrapped);
+    self->parent.buf = buf;
+    self->parent.size = size;
+    self->parent.ref_count = 1;
+    self->parent.iface = &CORK_MANAGED_BUFFER_WRAPPED;
+    self->buf = (void *) buf;
+    self->size = size;
+    self->free = free;
+    return &self->parent;
+}
+
+
+struct cork_managed_buffer_copied {
+    struct cork_managed_buffer  parent;
+};
+
+#define cork_managed_buffer_copied_data(self) \
+    (((void *) (self)) + sizeof(struct cork_managed_buffer_copied))
+
+#define cork_managed_buffer_copied_sizeof(sz) \
+    ((sz) + sizeof(struct cork_managed_buffer_copied))
+
+static void
+cork_managed_buffer_copied__free(struct cork_managed_buffer *vself)
+{
+    struct cork_managed_buffer_copied  *self =
+        cork_container_of(vself, struct cork_managed_buffer_copied, parent);
+    size_t  allocated_size =
+        cork_managed_buffer_copied_sizeof(self->parent.size);
+    cork_free(self, allocated_size);
+}
+
+static struct cork_managed_buffer_iface  CORK_MANAGED_BUFFER_COPIED = {
+    cork_managed_buffer_copied__free
+};
+
+struct cork_managed_buffer *
+cork_managed_buffer_new_copy(const void *buf, size_t size)
+{
+    size_t  allocated_size = cork_managed_buffer_copied_sizeof(size);
+    struct cork_managed_buffer_copied  *self = cork_malloc(allocated_size);
+    if (self == NULL) {
+        return NULL;
+    }
+
+    self->parent.buf = cork_managed_buffer_copied_data(self);
+    self->parent.size = size;
+    self->parent.ref_count = 1;
+    self->parent.iface = &CORK_MANAGED_BUFFER_COPIED;
+    memcpy((void *) self->parent.buf, buf, size);
+    return &self->parent;
+}
+
+
+static void
+cork_managed_buffer_free(struct cork_managed_buffer *self)
+{
+    /*
+    DEBUG("Freeing struct cork_managed_buffer [%p:%zu]", self->buf, self->size);
+    */
+
+    self->iface->free(self);
+}
+
+
+struct cork_managed_buffer *
+cork_managed_buffer_ref(struct cork_managed_buffer *self)
+{
+    /*
+    int  old_count = self->ref_count++;
+    DEBUG("Referencing struct cork_managed_buffer [%p:%zu], refcount now %d",
+          self->buf, self->size, old_count + 1);
+    */
+
+    self->ref_count++;
+    return self;
+}
+
+
+void
+cork_managed_buffer_unref(struct cork_managed_buffer *self)
+{
+    /*
+    int  old_count = self->ref_count--;
+    DEBUG("Dereferencing struct cork_managed_buffer [%p:%zu], refcount now %d",
+          self->buf, self->size, old_count - 1);
+    */
+
+    if (--self->ref_count == 0) {
+        cork_managed_buffer_free(self);
+    }
+}
+
+
+static struct cork_slice_iface  CORK_MANAGED_BUFFER__SLICE;
+
+static void
+cork_managed_buffer__slice_free(struct cork_slice *self)
+{
+    struct cork_managed_buffer  *mbuf = self->user_data;
+    cork_managed_buffer_unref(mbuf);
+}
+
+static int
+cork_managed_buffer__slice_copy(struct cork_slice *dest,
+                                const struct cork_slice *src,
+                                size_t offset, size_t length)
+{
+    struct cork_managed_buffer  *mbuf = src->user_data;
+    dest->buf = src->buf + offset;
+    dest->size = length;
+    dest->iface = &CORK_MANAGED_BUFFER__SLICE;
+    dest->user_data = cork_managed_buffer_ref(mbuf);
+    return 0;
+}
+
+static struct cork_slice_iface  CORK_MANAGED_BUFFER__SLICE = {
+    cork_managed_buffer__slice_free,
+    cork_managed_buffer__slice_copy,
+    cork_managed_buffer__slice_copy,
+    NULL
+};
+
+
+int
+cork_managed_buffer_slice(struct cork_slice *dest,
+                          struct cork_managed_buffer *buffer,
+                          size_t offset, size_t length)
+{
+    if ((buffer != NULL) &&
+        (offset <= buffer->size) &&
+        ((offset + length) <= buffer->size)) {
+        /*
+        DEBUG("Slicing [%p:%zu] at %zu:%zu, gives <%p:%zu>",
+              buffer->buf, buffer->size,
+              offset, length,
+              buffer->buf + offset, length);
+        */
+        dest->buf = buffer->buf + offset;
+        dest->size = length;
+        dest->iface = &CORK_MANAGED_BUFFER__SLICE;
+        dest->user_data = cork_managed_buffer_ref(buffer);
+        return 0;
+    }
+
+    else {
+        /*
+        DEBUG("Cannot slice [%p:%zu] at %zu:%zu",
+              buffer->buf, buffer->size,
+              offset, length);
+        */
+        cork_slice_clear(dest);
+        cork_slice_invalid_slice_set(0, offset, 0);
+        return -1;
+    }
+}
+
+
+int
+cork_managed_buffer_slice_offset(struct cork_slice *dest,
+                                 struct cork_managed_buffer *buffer,
+                                 size_t offset)
+{
+    if (buffer == NULL) {
+        cork_slice_clear(dest);
+        cork_slice_invalid_slice_set(0, offset, 0);
+        return -1;
+    } else {
+        return cork_managed_buffer_slice
+            (dest, buffer, offset, buffer->size - offset);
+    }
+}
diff --git a/client/3rd/ShadowSocks/ShadowSocks/shadowsocks-libev/libcork/src/libcork/ds/ring-buffer.c b/client/3rd/ShadowSocks/ShadowSocks/shadowsocks-libev/libcork/src/libcork/ds/ring-buffer.c
new file mode 100644
index 00000000..92eb8b9c
--- /dev/null
+++ b/client/3rd/ShadowSocks/ShadowSocks/shadowsocks-libev/libcork/src/libcork/ds/ring-buffer.c
@@ -0,0 +1,87 @@
+/* -*- coding: utf-8 -*-
+ * ----------------------------------------------------------------------
+ * Copyright © 2011-2014, RedJack, LLC.
+ * All rights reserved.
+ *
+ * Please see the COPYING file in this distribution for license details.
+ * ----------------------------------------------------------------------
+ */
+
+#include <stdlib.h>
+
+#include "libcork/core/allocator.h"
+#include "libcork/core/types.h"
+#include "libcork/ds/ring-buffer.h"
+
+
+int
+cork_ring_buffer_init(struct cork_ring_buffer *self, size_t size)
+{
+    self->elements = cork_calloc(size, sizeof(void *));
+    self->allocated_size = size;
+    self->size = 0;
+    self->read_index = 0;
+    self->write_index = 0;
+    return 0;
+}
+
+struct cork_ring_buffer *
+cork_ring_buffer_new(size_t size)
+{
+    struct cork_ring_buffer  *buf = cork_new(struct cork_ring_buffer);
+    cork_ring_buffer_init(buf, size);
+    return buf;
+}
+
+void
+cork_ring_buffer_done(struct cork_ring_buffer *self)
+{
+    cork_cfree(self->elements, self->allocated_size, sizeof(void *));
+}
+
+void
+cork_ring_buffer_free(struct cork_ring_buffer *buf)
+{
+    cork_ring_buffer_done(buf);
+    cork_delete(struct cork_ring_buffer, buf);
+}
+
+int
+cork_ring_buffer_add(struct cork_ring_buffer *self, void *element)
+{
+    if (cork_ring_buffer_is_full(self)) {
+        return -1;
+    }
+
+    self->elements[self->write_index++] = element;
+    self->size++;
+    if (self->write_index == self->allocated_size) {
+        self->write_index = 0;
+    }
+    return 0;
+}
+
+void *
+cork_ring_buffer_pop(struct cork_ring_buffer *self)
+{
+    if (cork_ring_buffer_is_empty(self)) {
+        return NULL;
+    } else {
+        void  *result = self->elements[self->read_index++];
+        self->size--;
+        if (self->read_index == self->allocated_size) {
+            self->read_index = 0;
+        }
+        return result;
+    }
+}
+
+void *
+cork_ring_buffer_peek(struct cork_ring_buffer *self)
+{
+    if (cork_ring_buffer_is_empty(self)) {
+        return NULL;
+    } else {
+        return self->elements[self->read_index];
+    }
+}
diff --git a/client/3rd/ShadowSocks/ShadowSocks/shadowsocks-libev/libcork/src/libcork/ds/slice.c b/client/3rd/ShadowSocks/ShadowSocks/shadowsocks-libev/libcork/src/libcork/ds/slice.c
new file mode 100644
index 00000000..68de06c8
--- /dev/null
+++ b/client/3rd/ShadowSocks/ShadowSocks/shadowsocks-libev/libcork/src/libcork/ds/slice.c
@@ -0,0 +1,296 @@
+/* -*- coding: utf-8 -*-
+ * ----------------------------------------------------------------------
+ * Copyright © 2011-2012, RedJack, LLC.
+ * All rights reserved.
+ *
+ * Please see the COPYING file in this distribution for license
+ * details.
+ * ----------------------------------------------------------------------
+ */
+
+#include <string.h>
+
+#include "libcork/core/error.h"
+#include "libcork/core/types.h"
+#include "libcork/ds/managed-buffer.h"
+#include "libcork/ds/slice.h"
+#include "libcork/helpers/errors.h"
+
+
+/*-----------------------------------------------------------------------
+ * Error handling
+ */
+
+static void
+cork_slice_invalid_slice_set(size_t buf_size, size_t requested_offset,
+                             size_t requested_length)
+{
+    cork_error_set
+        (CORK_SLICE_ERROR, CORK_SLICE_INVALID_SLICE,
+         "Cannot slice %zu-byte buffer at %zu:%zu",
+         buf_size, requested_offset, requested_length);
+}
+
+
+/*-----------------------------------------------------------------------
+ * Slices
+ */
+
+void
+cork_slice_clear(struct cork_slice *slice)
+{
+    slice->buf = NULL;
+    slice->size = 0;
+    slice->iface = NULL;
+    slice->user_data = NULL;
+}
+
+
+int
+cork_slice_copy(struct cork_slice *dest, const struct cork_slice *slice,
+                size_t offset, size_t length)
+{
+    if ((slice != NULL) &&
+        (offset <= slice->size) &&
+        ((offset + length) <= slice->size)) {
+        /*
+        DEBUG("Slicing <%p:%zu> at %zu:%zu, gives <%p:%zu>",
+              slice->buf, slice->size,
+              offset, length,
+              slice->buf + offset, length);
+        */
+        return slice->iface->copy(dest, slice, offset, length);
+    }
+
+    else {
+        /*
+        DEBUG("Cannot slice <%p:%zu> at %zu:%zu",
+              slice->buf, slice->size,
+              offset, length);
+        */
+        cork_slice_clear(dest);
+        cork_slice_invalid_slice_set
+            ((slice == NULL)? 0: slice->size, offset, length);
+        return -1;
+    }
+}
+
+
+int
+cork_slice_copy_offset(struct cork_slice *dest, const struct cork_slice *slice,
+                       size_t offset)
+{
+    if (slice == NULL) {
+        cork_slice_clear(dest);
+        cork_slice_invalid_slice_set(0, offset, 0);
+        return -1;
+    } else {
+        return cork_slice_copy
+            (dest, slice, offset, slice->size - offset);
+    }
+}
+
+
+int
+cork_slice_light_copy(struct cork_slice *dest, const struct cork_slice *slice,
+                      size_t offset, size_t length)
+{
+    if ((slice != NULL) &&
+        (offset <= slice->size) &&
+        ((offset + length) <= slice->size)) {
+        /*
+        DEBUG("Slicing <%p:%zu> at %zu:%zu, gives <%p:%zu>",
+              slice->buf, slice->size,
+              offset, length,
+              slice->buf + offset, length);
+        */
+        return slice->iface->light_copy(dest, slice, offset, length);
+    }
+
+    else {
+        /*
+        DEBUG("Cannot slice <%p:%zu> at %zu:%zu",
+              slice->buf, slice->size,
+              offset, length);
+        */
+        cork_slice_clear(dest);
+        cork_slice_invalid_slice_set
+            ((slice == NULL)? 0: slice->size, offset, length);
+        return -1;
+    }
+}
+
+
+int
+cork_slice_light_copy_offset(struct cork_slice *dest,
+                             const struct cork_slice *slice, size_t offset)
+{
+    if (slice == NULL) {
+        cork_slice_clear(dest);
+        cork_slice_invalid_slice_set(0, offset, 0);
+        return -1;
+    } else {
+        return cork_slice_light_copy
+            (dest, slice, offset, slice->size - offset);
+    }
+}
+
+
+int
+cork_slice_slice(struct cork_slice *slice, size_t offset, size_t length)
+{
+    if ((slice != NULL) &&
+        (offset <= slice->size) &&
+        ((offset + length) <= slice->size)) {
+        /*
+        DEBUG("Slicing <%p:%zu> at %zu:%zu, gives <%p:%zu>",
+              slice->buf, slice->size,
+              offset, length,
+              slice->buf + offset, length);
+        */
+        if (slice->iface->slice == NULL) {
+            slice->buf += offset;
+            slice->size = length;
+            return 0;
+        } else {
+            return slice->iface->slice(slice, offset, length);
+        }
+    }
+
+    else {
+        /*
+        DEBUG("Cannot slice <%p:%zu> at %zu:%zu",
+              slice->buf, slice->size,
+              offset, length);
+        */
+        cork_slice_invalid_slice_set(slice->size, offset, length);
+        return -1;
+    }
+}
+
+
+int
+cork_slice_slice_offset(struct cork_slice *slice, size_t offset)
+{
+    if (slice == NULL) {
+        cork_slice_invalid_slice_set(0, offset, 0);
+        return -1;
+    } else {
+        return cork_slice_slice
+            (slice, offset, slice->size - offset);
+    }
+}
+
+
+void
+cork_slice_finish(struct cork_slice *slice)
+{
+    /*
+    DEBUG("Finalizing <%p:%zu>", dest->buf, dest->size);
+    */
+
+    if (slice->iface != NULL && slice->iface->free != NULL) {
+        slice->iface->free(slice);
+    }
+
+    cork_slice_clear(slice);
+}
+
+
+bool
+cork_slice_equal(const struct cork_slice *slice1,
+                 const struct cork_slice *slice2)
+{
+    if (slice1 == slice2) {
+        return true;
+    }
+
+    if (slice1->size != slice2->size) {
+        return false;
+    }
+
+    return (memcmp(slice1->buf, slice2->buf, slice1->size) == 0);
+}
+
+
+/*-----------------------------------------------------------------------
+ * Slices of static content
+ */
+
+static struct cork_slice_iface  cork_static_slice;
+
+static int
+cork_static_slice_copy(struct cork_slice *dest, const struct cork_slice *src,
+                       size_t offset, size_t length)
+{
+    dest->buf = src->buf + offset;
+    dest->size = length;
+    dest->iface = &cork_static_slice;
+    dest->user_data = NULL;
+    return 0;
+}
+
+static struct cork_slice_iface  cork_static_slice = {
+    NULL,
+    cork_static_slice_copy,
+    cork_static_slice_copy,
+    NULL
+};
+
+void
+cork_slice_init_static(struct cork_slice *dest, const void *buf, size_t size)
+{
+    dest->buf = buf;
+    dest->size = size;
+    dest->iface = &cork_static_slice;
+    dest->user_data = NULL;
+}
+
+
+/*-----------------------------------------------------------------------
+ * Copy-once slices
+ */
+
+static struct cork_slice_iface  cork_copy_once_slice;
+
+static int
+cork_copy_once_slice__copy(struct cork_slice *dest,
+                           const struct cork_slice *src,
+                           size_t offset, size_t length)
+{
+    struct cork_managed_buffer  *mbuf =
+        cork_managed_buffer_new_copy(src->buf, src->size);
+    rii_check(cork_managed_buffer_slice(dest, mbuf, offset, length));
+    rii_check(cork_managed_buffer_slice
+              ((struct cork_slice *) src, mbuf, 0, src->size));
+    cork_managed_buffer_unref(mbuf);
+    return 0;
+}
+
+static int
+cork_copy_once_slice__light_copy(struct cork_slice *dest,
+                                 const struct cork_slice *src,
+                                 size_t offset, size_t length)
+{
+    dest->buf = src->buf + offset;
+    dest->size = length;
+    dest->iface = &cork_copy_once_slice;
+    dest->user_data = NULL;
+    return 0;
+}
+
+static struct cork_slice_iface  cork_copy_once_slice = {
+    NULL,
+    cork_copy_once_slice__copy,
+    cork_copy_once_slice__light_copy,
+    NULL
+};
+
+void
+cork_slice_init_copy_once(struct cork_slice *dest, const void *buf, size_t size)
+{
+    dest->buf = buf;
+    dest->size = size;
+    dest->iface = &cork_copy_once_slice;
+    dest->user_data = NULL;
+}
diff --git a/client/3rd/ShadowSocks/ShadowSocks/shadowsocks-libev/libcork/src/libcork/posix/directory-walker.c b/client/3rd/ShadowSocks/ShadowSocks/shadowsocks-libev/libcork/src/libcork/posix/directory-walker.c
new file mode 100644
index 00000000..c5a25c5d
--- /dev/null
+++ b/client/3rd/ShadowSocks/ShadowSocks/shadowsocks-libev/libcork/src/libcork/posix/directory-walker.c
@@ -0,0 +1,122 @@
+/* -*- coding: utf-8 -*-
+ * ----------------------------------------------------------------------
+ * Copyright © 2012, RedJack, LLC.
+ * All rights reserved.
+ *
+ * Please see the COPYING file in this distribution for license
+ * details.
+ * ----------------------------------------------------------------------
+ */
+
+#include <dirent.h>
+#include <errno.h>
+#include <fcntl.h>
+#include <string.h>
+#include <sys/stat.h>
+#include <sys/types.h>
+#include <unistd.h>
+
+#include "libcork/core/attributes.h"
+#include "libcork/core/error.h"
+#include "libcork/core/types.h"
+#include "libcork/ds/buffer.h"
+#include "libcork/helpers/errors.h"
+#include "libcork/helpers/posix.h"
+#include "libcork/os/files.h"
+
+
+static int
+cork_walk_one_directory(struct cork_dir_walker *w, struct cork_buffer *path,
+                        size_t root_path_size)
+{
+    DIR  *dir = NULL;
+    struct dirent  *entry;
+    size_t  dir_path_size;
+
+    rip_check_posix(dir = opendir(path->buf));
+
+    cork_buffer_append(path, "/", 1);
+    dir_path_size = path->size;
+    errno = 0;
+    while ((entry = readdir(dir)) != NULL) {
+        struct stat  info;
+
+        /* Skip the "." and ".." entries */
+        if (strcmp(entry->d_name, ".") == 0 ||
+            strcmp(entry->d_name, "..") == 0) {
+            continue;
+        }
+
+        /* Stat the directory entry */
+        cork_buffer_append_string(path, entry->d_name);
+        ei_check_posix(stat(path->buf, &info));
+
+        /* If the entry is a subdirectory, recurse into it. */
+        if (S_ISDIR(info.st_mode)) {
+            int  rc = cork_dir_walker_enter_directory
+                (w, path->buf, path->buf + root_path_size,
+                 path->buf + dir_path_size);
+            if (rc != CORK_SKIP_DIRECTORY) {
+                ei_check(cork_walk_one_directory(w, path, root_path_size));
+                ei_check(cork_dir_walker_leave_directory
+                         (w, path->buf, path->buf + root_path_size,
+                          path->buf + dir_path_size));
+            }
+        } else if (S_ISREG(info.st_mode)) {
+            ei_check(cork_dir_walker_file
+                     (w, path->buf, path->buf + root_path_size,
+                      path->buf + dir_path_size));
+        }
+
+        /* Remove this entry name from the path buffer. */
+        cork_buffer_truncate(path, dir_path_size);
+
+        /* We have to reset errno to 0 because of the ambiguous way
+         * readdir uses a return value of NULL.  Other functions may
+         * return normally yet set errno to a non-zero value.  dlopen
+         * on Mac OS X is an ogreish example.  Since an error readdir
+         * is indicated by returning NULL and setting errno to indicate
+         * the error, then we need to reset it to zero before each call.
+         * We shall assume, perhaps to our great misery, that functions
+         * within this loop do proper error checking and act accordingly.
+         */
+        errno = 0;
+    }
+
+    /* Check errno immediately after the while loop terminates */
+    if (CORK_UNLIKELY(errno != 0)) {
+        cork_system_error_set();
+        goto error;
+    }
+
+    /* Remove the trailing '/' from the path buffer. */
+    cork_buffer_truncate(path, dir_path_size - 1);
+    rii_check_posix(closedir(dir));
+    return 0;
+
+error:
+    if (dir != NULL) {
+        rii_check_posix(closedir(dir));
+    }
+    return -1;
+}
+
+int
+cork_walk_directory(const char *path, struct cork_dir_walker *w)
+{
+    int  rc;
+    char  *p;
+    struct cork_buffer  buf = CORK_BUFFER_INIT();
+
+    /* Seed the buffer with the directory's path, ensuring that there's no
+     * trailing '/' */
+    cork_buffer_append_string(&buf, path);
+    p = buf.buf;
+    while (p[buf.size-1] == '/') {
+        buf.size--;
+        p[buf.size] = '\0';
+    }
+    rc = cork_walk_one_directory(w, &buf, buf.size + 1);
+    cork_buffer_done(&buf);
+    return rc;
+}
diff --git a/client/3rd/ShadowSocks/ShadowSocks/shadowsocks-libev/libcork/src/libcork/posix/env.c b/client/3rd/ShadowSocks/ShadowSocks/shadowsocks-libev/libcork/src/libcork/posix/env.c
new file mode 100644
index 00000000..0340145c
--- /dev/null
+++ b/client/3rd/ShadowSocks/ShadowSocks/shadowsocks-libev/libcork/src/libcork/posix/env.c
@@ -0,0 +1,212 @@
+/* -*- coding: utf-8 -*-
+ * ----------------------------------------------------------------------
+ * Copyright © 2013-2014, RedJack, LLC.
+ * All rights reserved.
+ *
+ * Please see the COPYING file in this distribution for license details.
+ * ----------------------------------------------------------------------
+ */
+
+#include <stdlib.h>
+#include <string.h>
+#include <unistd.h>
+
+#include "libcork/core.h"
+#include "libcork/ds.h"
+#include "libcork/os/subprocess.h"
+#include "libcork/helpers/errors.h"
+#include "libcork/helpers/mingw.h"
+
+#ifdef __CYGWIN__
+#include <cygwin/version.h>
+#endif
+
+#if defined(__APPLE__)
+/* Apple doesn't provide access to the "environ" variable from a shared library.
+ * There's a workaround function to grab the environ pointer described at [1].
+ *
+ * [1] http://developer.apple.com/library/mac/#documentation/Darwin/Reference/ManPages/man7/environ.7.html
+ */
+#include <crt_externs.h>
+#define environ  (*_NSGetEnviron())
+
+#else
+/* On all other POSIX platforms, we assume that environ is available in shared
+ * libraries. */
+extern char  **environ;
+
+#endif
+
+
+struct cork_env_var {
+    const char  *name;
+    const char  *value;
+};
+
+static struct cork_env_var *
+cork_env_var_new(const char *name, const char *value)
+{
+    struct cork_env_var  *var = cork_new(struct cork_env_var);
+    var->name = cork_strdup(name);
+    var->value = cork_strdup(value);
+    return var;
+}
+
+static void
+cork_env_var_free(void *vvar)
+{
+    struct cork_env_var  *var = vvar;
+    cork_strfree(var->name);
+    cork_strfree(var->value);
+    cork_delete(struct cork_env_var, var);
+}
+
+
+struct cork_env {
+    struct cork_hash_table  *variables;
+    struct cork_buffer  buffer;
+};
+
+struct cork_env *
+cork_env_new(void)
+{
+    struct cork_env  *env = cork_new(struct cork_env);
+    env->variables = cork_string_hash_table_new(0, 0);
+    cork_hash_table_set_free_value(env->variables, cork_env_var_free);
+    cork_buffer_init(&env->buffer);
+    return env;
+}
+
+static void
+cork_env_add_internal(struct cork_env *env, const char *name, const char *value)
+{
+    if (env == NULL) {
+        setenv(name, value, true);
+    } else {
+        struct cork_env_var  *var = cork_env_var_new(name, value);
+        void  *old_var;
+
+        cork_hash_table_put
+            (env->variables, (void *) var->name, var, NULL, NULL, &old_var);
+
+        if (old_var != NULL) {
+            cork_env_var_free(old_var);
+        }
+    }
+}
+
+struct cork_env *
+cork_env_clone_current(void)
+{
+    char  **curr;
+    struct cork_env  *env = cork_env_new();
+
+    for (curr = environ; *curr != NULL; curr++) {
+        const char  *entry = *curr;
+        const char  *equal;
+
+        equal = strchr(entry, '=');
+        if (CORK_UNLIKELY(equal == NULL)) {
+            /* This environment entry is malformed; skip it. */
+            continue;
+        }
+
+        /* Make a copy of the name so that it's NUL-terminated rather than
+         * equal-terminated. */
+        cork_buffer_set(&env->buffer, entry, equal - entry);
+        cork_env_add_internal(env, env->buffer.buf, equal + 1);
+    }
+
+    return env;
+}
+
+
+void
+cork_env_free(struct cork_env *env)
+{
+    cork_hash_table_free(env->variables);
+    cork_buffer_done(&env->buffer);
+    cork_delete(struct cork_env, env);
+}
+
+const char *
+cork_env_get(struct cork_env *env, const char *name)
+{
+    if (env == NULL) {
+        return getenv(name);
+    } else {
+        struct cork_env_var  *var =
+            cork_hash_table_get(env->variables, (void *) name);
+        return (var == NULL)? NULL: var->value;
+    }
+}
+
+void
+cork_env_add(struct cork_env *env, const char *name, const char *value)
+{
+    cork_env_add_internal(env, name, value);
+}
+
+void
+cork_env_add_vprintf(struct cork_env *env, const char *name,
+                     const char *format, va_list args)
+{
+    cork_buffer_vprintf(&env->buffer, format, args);
+    cork_env_add_internal(env, name, env->buffer.buf);
+}
+
+void
+cork_env_add_printf(struct cork_env *env, const char *name,
+                    const char *format, ...)
+{
+    va_list  args;
+    va_start(args, format);
+    cork_env_add_vprintf(env, name, format, args);
+    va_end(args);
+}
+
+void
+cork_env_remove(struct cork_env *env, const char *name)
+{
+    if (env == NULL) {
+        unsetenv(name);
+    } else {
+        void  *old_var;
+        cork_hash_table_delete(env->variables, (void *) name, NULL, &old_var);
+        if (old_var != NULL) {
+            cork_env_var_free(old_var);
+        }
+    }
+}
+
+
+static enum cork_hash_table_map_result
+cork_env_set_vars(void *user_data, struct cork_hash_table_entry *entry)
+{
+    struct cork_env_var  *var = entry->value;
+    setenv(var->name, var->value, false);
+    return CORK_HASH_TABLE_MAP_CONTINUE;
+}
+
+#if (defined(__APPLE__) || (defined(BSD) && (BSD >= 199103))) && !defined(__GNU__) || (defined(__CYGWIN__) && CYGWIN_VERSION_API_MINOR < 326)
+/* A handful of platforms [1] don't provide clearenv(), so we must implement our
+ * own version that clears the environ array directly.
+ *
+ * [1] http://www.gnu.org/software/gnulib/manual/html_node/clearenv.html
+ */
+static void
+clearenv(void)
+{
+    *environ = NULL;
+}
+
+#else
+/* Otherwise assume that we have clearenv available. */
+#endif
+
+void
+cork_env_replace_current(struct cork_env *env)
+{
+    clearenv();
+    cork_hash_table_map(env->variables, NULL, cork_env_set_vars);
+}
diff --git a/client/3rd/ShadowSocks/ShadowSocks/shadowsocks-libev/libcork/src/libcork/posix/exec.c b/client/3rd/ShadowSocks/ShadowSocks/shadowsocks-libev/libcork/src/libcork/posix/exec.c
new file mode 100644
index 00000000..06210283
--- /dev/null
+++ b/client/3rd/ShadowSocks/ShadowSocks/shadowsocks-libev/libcork/src/libcork/posix/exec.c
@@ -0,0 +1,189 @@
+/* -*- coding: utf-8 -*-
+ * ----------------------------------------------------------------------
+ * Copyright © 2013-2014, RedJack, LLC.
+ * All rights reserved.
+ *
+ * Please see the COPYING file in this distribution for license details.
+ * ----------------------------------------------------------------------
+ */
+
+#include <errno.h>
+#include <unistd.h>
+
+#include "libcork/core.h"
+#include "libcork/ds.h"
+#include "libcork/os/subprocess.h"
+#include "libcork/helpers/errors.h"
+
+#define ri_check_posix(call) \
+    do { \
+        while (true) { \
+            if ((call) == -1) { \
+                if (errno == EINTR) { \
+                    continue; \
+                } else { \
+                    cork_system_error_set(); \
+                    CORK_PRINT_ERROR(); \
+                    return -1; \
+                } \
+            } else { \
+                break; \
+            } \
+        } \
+    } while (0)
+
+
+struct cork_exec {
+    const char  *program;
+    struct cork_string_array  params;
+    struct cork_env  *env;
+    const char  *cwd;
+    struct cork_buffer  description;
+};
+
+struct cork_exec *
+cork_exec_new(const char *program)
+{
+    struct cork_exec  *exec = cork_new(struct cork_exec);
+    exec->program = cork_strdup(program);
+    cork_string_array_init(&exec->params);
+    exec->env = NULL;
+    exec->cwd = NULL;
+    cork_buffer_init(&exec->description);
+    cork_buffer_set_string(&exec->description, program);
+    return exec;
+}
+
+struct cork_exec *
+cork_exec_new_with_params(const char *program, ...)
+{
+    struct cork_exec  *exec;
+    va_list  args;
+    const char  *param;
+
+    exec = cork_exec_new(program);
+    cork_exec_add_param(exec, program);
+    va_start(args, program);
+    while ((param = va_arg(args, const char *)) != NULL) {
+        cork_exec_add_param(exec, param);
+    }
+    return exec;
+}
+
+struct cork_exec *
+cork_exec_new_with_param_array(const char *program, char * const *params)
+{
+    char * const  *curr;
+    struct cork_exec  *exec = cork_exec_new(program);
+    for (curr = params; *curr != NULL; curr++) {
+        cork_exec_add_param(exec, *curr);
+    }
+    return exec;
+}
+
+void
+cork_exec_free(struct cork_exec *exec)
+{
+    cork_strfree(exec->program);
+    cork_array_done(&exec->params);
+    if (exec->env != NULL) {
+        cork_env_free(exec->env);
+    }
+    if (exec->cwd != NULL) {
+        cork_strfree(exec->cwd);
+    }
+    cork_buffer_done(&exec->description);
+    cork_delete(struct cork_exec, exec);
+}
+
+const char *
+cork_exec_description(struct cork_exec *exec)
+{
+    return exec->description.buf;
+}
+
+const char *
+cork_exec_program(struct cork_exec *exec)
+{
+    return exec->program;
+}
+
+size_t
+cork_exec_param_count(struct cork_exec *exec)
+{
+    return cork_array_size(&exec->params);
+}
+
+const char *
+cork_exec_param(struct cork_exec *exec, size_t index)
+{
+    return cork_array_at(&exec->params, index);
+}
+
+void
+cork_exec_add_param(struct cork_exec *exec, const char *param)
+{
+    /* Don't add the first parameter to the description; that's a copy of the
+     * program name, which we've already added. */
+    if (!cork_array_is_empty(&exec->params)) {
+        cork_buffer_append(&exec->description, " ", 1);
+        cork_buffer_append_string(&exec->description, param);
+    }
+    cork_array_append(&exec->params, cork_strdup(param));
+}
+
+struct cork_env *
+cork_exec_env(struct cork_exec *exec)
+{
+    return exec->env;
+}
+
+void
+cork_exec_set_env(struct cork_exec *exec, struct cork_env *env)
+{
+    if (exec->env != NULL) {
+        cork_env_free(exec->env);
+    }
+    exec->env = env;
+}
+
+const char *
+cork_exec_cwd(struct cork_exec *exec)
+{
+    return exec->cwd;
+}
+
+void
+cork_exec_set_cwd(struct cork_exec *exec, const char *directory)
+{
+    if (exec->cwd != NULL) {
+        cork_strfree(exec->cwd);
+    }
+    exec->cwd = cork_strdup(directory);
+}
+
+int
+cork_exec_run(struct cork_exec *exec)
+{
+    const char  **params;
+
+    /* Make sure the parameter array is NULL-terminated. */
+    cork_array_append(&exec->params, NULL);
+    params = cork_array_elements(&exec->params);
+
+    /* Fill in the requested environment */
+    if (exec->env != NULL) {
+        cork_env_replace_current(exec->env);
+    }
+
+    /* Change the working directory, if requested */
+    if (exec->cwd != NULL) {
+        ri_check_posix(chdir(exec->cwd));
+    }
+
+    /* Execute the new program */
+    ri_check_posix(execvp(exec->program, (char * const *) params));
+
+    /* This is unreachable */
+    return 0;
+}
diff --git a/client/3rd/ShadowSocks/ShadowSocks/shadowsocks-libev/libcork/src/libcork/posix/files.c b/client/3rd/ShadowSocks/ShadowSocks/shadowsocks-libev/libcork/src/libcork/posix/files.c
new file mode 100644
index 00000000..1907cf0e
--- /dev/null
+++ b/client/3rd/ShadowSocks/ShadowSocks/shadowsocks-libev/libcork/src/libcork/posix/files.c
@@ -0,0 +1,892 @@
+/* -*- coding: utf-8 -*-
+ * ----------------------------------------------------------------------
+ * Copyright © 2013-2014, RedJack, LLC.
+ * All rights reserved.
+ *
+ * Please see the COPYING file in this distribution for license details.
+ * ----------------------------------------------------------------------
+ */
+
+#ifdef __GNU__
+#define _GNU_SOURCE
+#endif
+#include <assert.h>
+#include <dirent.h>
+#include <errno.h>
+#include <fcntl.h>
+#include <string.h>
+#include <sys/stat.h>
+#include <sys/types.h>
+#include <unistd.h>
+
+#include "libcork/core/attributes.h"
+#include "libcork/core/error.h"
+#include "libcork/core/types.h"
+#include "libcork/ds/array.h"
+#include "libcork/ds/buffer.h"
+#include "libcork/helpers/errors.h"
+#include "libcork/helpers/posix.h"
+#include "libcork/helpers/mingw.h"
+#include "libcork/os/files.h"
+#include "libcork/os/subprocess.h"
+
+
+#if !defined(CORK_DEBUG_FILES)
+#define CORK_DEBUG_FILES  0
+#endif
+
+#if CORK_DEBUG_FILES
+#include <stdio.h>
+#define DEBUG(...) fprintf(stderr, __VA_ARGS__)
+#else
+#define DEBUG(...) /* no debug messages */
+#endif
+
+
+/*-----------------------------------------------------------------------
+ * Paths
+ */
+
+struct cork_path {
+    struct cork_buffer  given;
+};
+
+static struct cork_path *
+cork_path_new_internal(const char *str, size_t length)
+{
+    struct cork_path  *path = cork_new(struct cork_path);
+    cork_buffer_init(&path->given);
+    if (length == 0) {
+        cork_buffer_ensure_size(&path->given, 16);
+        cork_buffer_set(&path->given, "", 0);
+    } else {
+        cork_buffer_set(&path->given, str, length);
+    }
+    return path;
+}
+
+struct cork_path *
+cork_path_new(const char *source)
+{
+    return cork_path_new_internal(source, source == NULL? 0: strlen(source));
+}
+
+struct cork_path *
+cork_path_clone(const struct cork_path *other)
+{
+    return cork_path_new_internal(other->given.buf, other->given.size);
+}
+
+void
+cork_path_free(struct cork_path *path)
+{
+    cork_buffer_done(&path->given);
+    cork_delete(struct cork_path, path);
+}
+
+
+void
+cork_path_set(struct cork_path *path, const char *content)
+{
+    if (content == NULL) {
+        cork_buffer_clear(&path->given);
+    } else {
+        cork_buffer_set_string(&path->given, content);
+    }
+}
+
+const char *
+cork_path_get(const struct cork_path *path)
+{
+    return path->given.buf;
+}
+
+#define cork_path_get(path) ((const char *) (path)->given.buf)
+#define cork_path_size(path)  ((path)->given.size)
+#define cork_path_truncate(path, size) \
+    (cork_buffer_truncate(&(path)->given, (size)))
+
+
+int
+cork_path_set_cwd(struct cork_path *path)
+{
+#ifdef __GNU__
+    char *dirname = get_current_dir_name();
+    rip_check_posix(dirname);
+    cork_buffer_set(&path->given, dirname, strlen(dirname));
+    free(dirname);
+#else
+    cork_buffer_ensure_size(&path->given, PATH_MAX);
+    rip_check_posix(getcwd(path->given.buf, PATH_MAX));
+    path->given.size = strlen(path->given.buf);
+#endif
+    return 0;
+}
+
+struct cork_path *
+cork_path_cwd(void)
+{
+    struct cork_path  *path = cork_path_new(NULL);
+    ei_check(cork_path_set_cwd(path));
+    return path;
+
+error:
+    cork_path_free(path);
+    return NULL;
+}
+
+
+int
+cork_path_set_absolute(struct cork_path *path)
+{
+    struct cork_buffer  buf;
+
+    if (path->given.size > 0 &&
+        cork_buffer_char(&path->given, 0) == '/') {
+        /* The path is already absolute. */
+        return 0;
+    }
+
+#ifdef __GNU__
+    char *dirname;
+    dirname = get_current_dir_name();
+    ep_check_posix(dirname);
+    cork_buffer_init(&buf);
+    cork_buffer_set(&buf, dirname, strlen(dirname));
+    free(dirname);
+#else
+    cork_buffer_init(&buf);
+    cork_buffer_ensure_size(&buf, PATH_MAX);
+    ep_check_posix(getcwd(buf.buf, PATH_MAX));
+    buf.size = strlen(buf.buf);
+#endif
+    cork_buffer_append(&buf, "/", 1);
+    cork_buffer_append_copy(&buf, &path->given);
+    cork_buffer_done(&path->given);
+    path->given = buf;
+    return 0;
+
+error:
+    cork_buffer_done(&buf);
+    return -1;
+}
+
+struct cork_path *
+cork_path_absolute(const struct cork_path *other)
+{
+    struct cork_path  *path = cork_path_clone(other);
+    ei_check(cork_path_set_absolute(path));
+    return path;
+
+error:
+    cork_path_free(path);
+    return NULL;
+}
+
+
+void
+cork_path_append(struct cork_path *path, const char *more)
+{
+    if (more == NULL || more[0] == '\0') {
+        return;
+    }
+
+    if (more[0] == '/') {
+        /* If more starts with a "/", then it's absolute, and should replace
+         * the contents of the current path. */
+        cork_buffer_set_string(&path->given, more);
+    } else {
+        /* Otherwise, more is relative, and should be appended to the current
+         * path.  If the current given path doesn't end in a "/", then we need
+         * to add one to keep the path well-formed. */
+
+        if (path->given.size > 0 &&
+            cork_buffer_char(&path->given, path->given.size - 1) != '/') {
+            cork_buffer_append(&path->given, "/", 1);
+        }
+
+        cork_buffer_append_string(&path->given, more);
+    }
+}
+
+struct cork_path *
+cork_path_join(const struct cork_path *other, const char *more)
+{
+    struct cork_path  *path = cork_path_clone(other);
+    cork_path_append(path, more);
+    return path;
+}
+
+void
+cork_path_append_path(struct cork_path *path, const struct cork_path *more)
+{
+    cork_path_append(path, more->given.buf);
+}
+
+struct cork_path *
+cork_path_join_path(const struct cork_path *other, const struct cork_path *more)
+{
+    struct cork_path  *path = cork_path_clone(other);
+    cork_path_append_path(path, more);
+    return path;
+}
+
+
+void
+cork_path_set_basename(struct cork_path *path)
+{
+    char  *given = path->given.buf;
+    const char  *last_slash = strrchr(given, '/');
+    if (last_slash != NULL) {
+        size_t  offset = last_slash - given;
+        size_t  basename_length = path->given.size - offset - 1;
+        memmove(given, last_slash + 1, basename_length);
+        given[basename_length] = '\0';
+        path->given.size = basename_length;
+    }
+}
+
+struct cork_path *
+cork_path_basename(const struct cork_path *other)
+{
+    struct cork_path  *path = cork_path_clone(other);
+    cork_path_set_basename(path);
+    return path;
+}
+
+
+void
+cork_path_set_dirname(struct cork_path *path)
+{
+    const char  *given = path->given.buf;
+    const char  *last_slash = strrchr(given, '/');
+    if (last_slash == NULL) {
+        cork_buffer_clear(&path->given);
+    } else {
+        size_t  offset = last_slash - given;
+        if (offset == 0) {
+            /* A special case for the immediate subdirectories of "/" */
+            cork_buffer_truncate(&path->given, 1);
+        } else {
+            cork_buffer_truncate(&path->given, offset);
+        }
+    }
+}
+
+struct cork_path *
+cork_path_dirname(const struct cork_path *other)
+{
+    struct cork_path  *path = cork_path_clone(other);
+    cork_path_set_dirname(path);
+    return path;
+}
+
+
+/*-----------------------------------------------------------------------
+ * Lists of paths
+ */
+
+struct cork_path_list {
+    cork_array(struct cork_path *)  array;
+    struct cork_buffer  string;
+};
+
+struct cork_path_list *
+cork_path_list_new_empty(void)
+{
+    struct cork_path_list  *list = cork_new(struct cork_path_list);
+    cork_array_init(&list->array);
+    cork_buffer_init(&list->string);
+    return list;
+}
+
+void
+cork_path_list_free(struct cork_path_list *list)
+{
+    size_t  i;
+    for (i = 0; i < cork_array_size(&list->array); i++) {
+        struct cork_path  *path = cork_array_at(&list->array, i);
+        cork_path_free(path);
+    }
+    cork_array_done(&list->array);
+    cork_buffer_done(&list->string);
+    cork_delete(struct cork_path_list, list);
+}
+
+const char *
+cork_path_list_to_string(const struct cork_path_list *list)
+{
+    return list->string.buf;
+}
+
+void
+cork_path_list_add(struct cork_path_list *list, struct cork_path *path)
+{
+    cork_array_append(&list->array, path);
+    if (cork_array_size(&list->array) > 1) {
+        cork_buffer_append(&list->string, ":", 1);
+    }
+    cork_buffer_append_string(&list->string, cork_path_get(path));
+}
+
+size_t
+cork_path_list_size(const struct cork_path_list *list)
+{
+    return cork_array_size(&list->array);
+}
+
+const struct cork_path *
+cork_path_list_get(const struct cork_path_list *list, size_t index)
+{
+    return cork_array_at(&list->array, index);
+}
+
+static void
+cork_path_list_append_string(struct cork_path_list *list, const char *str)
+{
+    struct cork_path  *path;
+    const char  *curr = str;
+    const char  *next;
+
+    while ((next = strchr(curr, ':')) != NULL) {
+        size_t  size = next - curr;
+        path = cork_path_new_internal(curr, size);
+        cork_path_list_add(list, path);
+        curr = next + 1;
+    }
+
+    path = cork_path_new(curr);
+    cork_path_list_add(list, path);
+}
+
+struct cork_path_list *
+cork_path_list_new(const char *str)
+{
+    struct cork_path_list  *list = cork_path_list_new_empty();
+    cork_path_list_append_string(list, str);
+    return list;
+}
+
+
+/*-----------------------------------------------------------------------
+ * Files
+ */
+
+struct cork_file {
+    struct cork_path  *path;
+    struct stat  stat;
+    enum cork_file_type  type;
+    bool  has_stat;
+};
+
+static void
+cork_file_init(struct cork_file *file, struct cork_path *path)
+{
+    file->path = path;
+    file->has_stat = false;
+}
+
+struct cork_file *
+cork_file_new(const char *path)
+{
+    return cork_file_new_from_path(cork_path_new(path));
+}
+
+struct cork_file *
+cork_file_new_from_path(struct cork_path *path)
+{
+    struct cork_file  *file = cork_new(struct cork_file);
+    cork_file_init(file, path);
+    return file;
+}
+
+static void
+cork_file_reset(struct cork_file *file)
+{
+    file->has_stat = false;
+}
+
+static void
+cork_file_done(struct cork_file *file)
+{
+    cork_path_free(file->path);
+}
+
+void
+cork_file_free(struct cork_file *file)
+{
+    cork_file_done(file);
+    cork_delete(struct cork_file, file);
+}
+
+const struct cork_path *
+cork_file_path(struct cork_file *file)
+{
+    return file->path;
+}
+
+static int
+cork_file_stat(struct cork_file *file)
+{
+    if (file->has_stat) {
+        return 0;
+    } else {
+        int  rc;
+        rc = stat(cork_path_get(file->path), &file->stat);
+
+        if (rc == -1) {
+            if (errno == ENOENT || errno == ENOTDIR) {
+                file->type = CORK_FILE_MISSING;
+                file->has_stat = true;
+                return 0;
+            } else {
+                cork_system_error_set();
+                return -1;
+            }
+        }
+
+        if (S_ISREG(file->stat.st_mode)) {
+            file->type = CORK_FILE_REGULAR;
+        } else if (S_ISDIR(file->stat.st_mode)) {
+            file->type = CORK_FILE_DIRECTORY;
+        } else if (S_ISLNK(file->stat.st_mode)) {
+            file->type = CORK_FILE_SYMLINK;
+        } else {
+            file->type = CORK_FILE_UNKNOWN;
+        }
+
+        file->has_stat = true;
+        return 0;
+    }
+}
+
+int
+cork_file_exists(struct cork_file *file, bool *exists)
+{
+    rii_check(cork_file_stat(file));
+    *exists = (file->type != CORK_FILE_MISSING);
+    return 0;
+}
+
+int
+cork_file_type(struct cork_file *file, enum cork_file_type *type)
+{
+    rii_check(cork_file_stat(file));
+    *type = file->type;
+    return 0;
+}
+
+
+struct cork_file *
+cork_path_list_find_file(const struct cork_path_list *list,
+                         const char *rel_path)
+{
+    size_t  i;
+    size_t  count = cork_path_list_size(list);
+    struct cork_file  *file;
+
+    for (i = 0; i < count; i++) {
+        const struct cork_path  *path = cork_path_list_get(list, i);
+        struct cork_path  *joined = cork_path_join(path, rel_path);
+        bool  exists;
+        file = cork_file_new_from_path(joined);
+        ei_check(cork_file_exists(file, &exists));
+        if (exists) {
+            return file;
+        } else {
+            cork_file_free(file);
+        }
+    }
+
+    cork_error_set_printf
+        (ENOENT, "%s not found in %s",
+         rel_path, cork_path_list_to_string(list));
+    return NULL;
+
+error:
+    cork_file_free(file);
+    return NULL;
+}
+
+
+/*-----------------------------------------------------------------------
+ * Directories
+ */
+
+int
+cork_file_iterate_directory(struct cork_file *file,
+                            cork_file_directory_iterator iterator,
+                            void *user_data)
+{
+    DIR  *dir = NULL;
+    struct dirent  *entry;
+    size_t  dir_path_size;
+    struct cork_path  *child_path;
+    struct cork_file  child_file;
+
+    rip_check_posix(dir = opendir(cork_path_get(file->path)));
+    child_path = cork_path_clone(file->path);
+    cork_file_init(&child_file, child_path);
+    dir_path_size = cork_path_size(child_path);
+
+    errno = 0;
+    while ((entry = readdir(dir)) != NULL) {
+        /* Skip the "." and ".." entries */
+        if (strcmp(entry->d_name, ".") == 0 ||
+            strcmp(entry->d_name, "..") == 0) {
+            continue;
+        }
+
+        cork_path_append(child_path, entry->d_name);
+        ei_check(cork_file_stat(&child_file));
+
+        /* If the entry is a subdirectory, recurse into it. */
+        ei_check(iterator(&child_file, entry->d_name, user_data));
+
+        /* Remove this entry name from the path buffer. */
+        cork_path_truncate(child_path, dir_path_size);
+        cork_file_reset(&child_file);
+
+        /* We have to reset errno to 0 because of the ambiguous way readdir uses
+         * a return value of NULL.  Other functions may return normally yet set
+         * errno to a non-zero value.  dlopen on Mac OS X is an ogreish example.
+         * Since an error readdir is indicated by returning NULL and setting
+         * errno to indicate the error, then we need to reset it to zero before
+         * each call.  We shall assume, perhaps to our great misery, that
+         * functions within this loop do proper error checking and act
+         * accordingly. */
+        errno = 0;
+    }
+
+    /* Check errno immediately after the while loop terminates */
+    if (CORK_UNLIKELY(errno != 0)) {
+        cork_system_error_set();
+        goto error;
+    }
+
+    cork_file_done(&child_file);
+    rii_check_posix(closedir(dir));
+    return 0;
+
+error:
+    cork_file_done(&child_file);
+    rii_check_posix(closedir(dir));
+    return -1;
+}
+
+static int
+cork_file_mkdir_one(struct cork_file *file, cork_file_mode mode,
+                    unsigned int flags)
+{
+    DEBUG("mkdir %s\n", cork_path_get(file->path));
+
+    /* First check if the directory already exists. */
+    rii_check(cork_file_stat(file));
+    if (file->type == CORK_FILE_DIRECTORY) {
+        DEBUG("  Already exists!\n");
+        if (!(flags & CORK_FILE_PERMISSIVE)) {
+            cork_system_error_set_explicit(EEXIST);
+            return -1;
+        } else {
+            return 0;
+        }
+    } else if (file->type != CORK_FILE_MISSING) {
+        DEBUG("  Exists and not a directory!\n");
+        cork_system_error_set_explicit(EEXIST);
+        return -1;
+    }
+
+    /* If the caller asked for a recursive mkdir, then make sure the parent
+     * directory exists. */
+    if (flags & CORK_FILE_RECURSIVE) {
+        struct cork_path  *parent = cork_path_dirname(file->path);
+        DEBUG("  Checking parent %s\n", cork_path_get(parent));
+        if (parent->given.size == 0) {
+            /* There is no parent; we're either at the filesystem root (for an
+             * absolute path) or the current directory (for a relative one).
+             * Either way, we can assume it already exists. */
+            cork_path_free(parent);
+        } else {
+            int  rc;
+            struct cork_file  parent_file;
+            cork_file_init(&parent_file, parent);
+            rc = cork_file_mkdir_one
+                (&parent_file, mode, flags | CORK_FILE_PERMISSIVE);
+            cork_file_done(&parent_file);
+            rii_check(rc);
+        }
+    }
+
+    /* Create the directory already! */
+    DEBUG("  Creating %s\n", cork_path_get(file->path));
+    rii_check_posix(mkdir(cork_path_get(file->path), mode));
+    return 0;
+}
+
+int
+cork_file_mkdir(struct cork_file *file, cork_file_mode mode,
+                unsigned int flags)
+{
+    return cork_file_mkdir_one(file, mode, flags);
+}
+
+static int
+cork_file_remove_iterator(struct cork_file *file, const char *rel_name,
+                          void *user_data)
+{
+    unsigned int  *flags = user_data;
+    return cork_file_remove(file, *flags);
+}
+
+int
+cork_file_remove(struct cork_file *file, unsigned int flags)
+{
+    DEBUG("rm %s\n", cork_path_get(file->path));
+    rii_check(cork_file_stat(file));
+
+    if (file->type == CORK_FILE_MISSING) {
+        if (flags & CORK_FILE_PERMISSIVE) {
+            return 0;
+        } else {
+            cork_system_error_set_explicit(ENOENT);
+            return -1;
+        }
+    } else if (file->type == CORK_FILE_DIRECTORY) {
+        if (flags & CORK_FILE_RECURSIVE) {
+            /* The user asked that we delete the contents of the directory
+             * first. */
+            rii_check(cork_file_iterate_directory
+                      (file, cork_file_remove_iterator, &flags));
+        }
+
+        rii_check_posix(rmdir(cork_path_get(file->path)));
+        return 0;
+    } else {
+        rii_check(unlink(cork_path_get(file->path)));
+        return 0;
+    }
+}
+
+
+/*-----------------------------------------------------------------------
+ * Lists of files
+ */
+
+struct cork_file_list {
+    cork_array(struct cork_file *)  array;
+};
+
+struct cork_file_list *
+cork_file_list_new_empty(void)
+{
+    struct cork_file_list  *list = cork_new(struct cork_file_list);
+    cork_array_init(&list->array);
+    return list;
+}
+
+void
+cork_file_list_free(struct cork_file_list *list)
+{
+    size_t  i;
+    for (i = 0; i < cork_array_size(&list->array); i++) {
+        struct cork_file  *file = cork_array_at(&list->array, i);
+        cork_file_free(file);
+    }
+    cork_array_done(&list->array);
+    cork_delete(struct cork_file_list, list);
+}
+
+void
+cork_file_list_add(struct cork_file_list *list, struct cork_file *file)
+{
+    cork_array_append(&list->array, file);
+}
+
+size_t
+cork_file_list_size(struct cork_file_list *list)
+{
+    return cork_array_size(&list->array);
+}
+
+struct cork_file *
+cork_file_list_get(struct cork_file_list *list, size_t index)
+{
+    return cork_array_at(&list->array, index);
+}
+
+struct cork_file_list *
+cork_file_list_new(struct cork_path_list *path_list)
+{
+    struct cork_file_list  *list = cork_file_list_new_empty();
+    size_t  count = cork_path_list_size(path_list);
+    size_t  i;
+
+    for (i = 0; i < count; i++) {
+        const struct cork_path  *path = cork_path_list_get(path_list, i);
+        struct cork_file  *file = cork_file_new(cork_path_get(path));
+        cork_array_append(&list->array, file);
+    }
+
+    return list;
+}
+
+
+struct cork_file_list *
+cork_path_list_find_files(const struct cork_path_list *path_list,
+                          const char *rel_path)
+{
+    size_t  i;
+    size_t  count = cork_path_list_size(path_list);
+    struct cork_file_list  *list = cork_file_list_new_empty();
+    struct cork_file  *file;
+
+    for (i = 0; i < count; i++) {
+        const struct cork_path  *path = cork_path_list_get(path_list, i);
+        struct cork_path  *joined = cork_path_join(path, rel_path);
+        bool  exists;
+        file = cork_file_new_from_path(joined);
+        ei_check(cork_file_exists(file, &exists));
+        if (exists) {
+            cork_file_list_add(list, file);
+        } else {
+            cork_file_free(file);
+        }
+    }
+
+    return list;
+
+error:
+    cork_file_list_free(list);
+    cork_file_free(file);
+    return NULL;
+}
+
+
+/*-----------------------------------------------------------------------
+ * Standard paths and path lists
+ */
+
+#define empty_string(str)  ((str) == NULL || (str)[0] == '\0')
+
+struct cork_path *
+cork_path_home(void)
+{
+    const char  *path = cork_env_get(NULL, "HOME");
+    if (empty_string(path)) {
+        cork_undefined("Cannot determine home directory");
+        return NULL;
+    } else {
+        return cork_path_new(path);
+    }
+}
+
+
+struct cork_path_list *
+cork_path_config_paths(void)
+{
+    struct cork_path_list  *list = cork_path_list_new_empty();
+    const char  *var;
+    struct cork_path  *path;
+
+    /* The first entry should be the user's configuration directory.  This is
+     * specified by $XDG_CONFIG_HOME, with $HOME/.config as the default. */
+    var = cork_env_get(NULL, "XDG_CONFIG_HOME");
+    if (empty_string(var)) {
+        ep_check(path = cork_path_home());
+        cork_path_append(path, ".config");
+        cork_path_list_add(list, path);
+    } else {
+        path = cork_path_new(var);
+        cork_path_list_add(list, path);
+    }
+
+    /* The remaining entries should be the system-wide configuration
+     * directories.  These are specified by $XDG_CONFIG_DIRS, with /etc/xdg as
+     * the default. */
+    var = cork_env_get(NULL, "XDG_CONFIG_DIRS");
+    if (empty_string(var)) {
+        path = cork_path_new("/etc/xdg");
+        cork_path_list_add(list, path);
+    } else {
+        cork_path_list_append_string(list, var);
+    }
+
+    return list;
+
+error:
+    cork_path_list_free(list);
+    return NULL;
+}
+
+struct cork_path_list *
+cork_path_data_paths(void)
+{
+    struct cork_path_list  *list = cork_path_list_new_empty();
+    const char  *var;
+    struct cork_path  *path;
+
+    /* The first entry should be the user's data directory.  This is specified
+     * by $XDG_DATA_HOME, with $HOME/.local/share as the default. */
+    var = cork_env_get(NULL, "XDG_DATA_HOME");
+    if (empty_string(var)) {
+        ep_check(path = cork_path_home());
+        cork_path_append(path, ".local/share");
+        cork_path_list_add(list, path);
+    } else {
+        path = cork_path_new(var);
+        cork_path_list_add(list, path);
+    }
+
+    /* The remaining entries should be the system-wide configuration
+     * directories.  These are specified by $XDG_DATA_DIRS, with
+     * /usr/local/share:/usr/share as the the default. */
+    var = cork_env_get(NULL, "XDG_DATA_DIRS");
+    if (empty_string(var)) {
+        path = cork_path_new("/usr/local/share");
+        cork_path_list_add(list, path);
+        path = cork_path_new("/usr/share");
+        cork_path_list_add(list, path);
+    } else {
+        cork_path_list_append_string(list, var);
+    }
+
+    return list;
+
+error:
+    cork_path_list_free(list);
+    return NULL;
+}
+
+struct cork_path *
+cork_path_user_cache_path(void)
+{
+    const char  *var;
+    struct cork_path  *path;
+
+    /* The user's cache directory is specified by $XDG_CACHE_HOME, with
+     * $HOME/.cache as the default. */
+    var = cork_env_get(NULL, "XDG_CACHE_HOME");
+    if (empty_string(var)) {
+        rpp_check(path = cork_path_home());
+        cork_path_append(path, ".cache");
+        return path;
+    } else {
+        return cork_path_new(var);
+    }
+}
+
+struct cork_path *
+cork_path_user_runtime_path(void)
+{
+    const char  *var;
+
+    /* The user's cache directory is specified by $XDG_RUNTIME_DIR, with
+     * no default given by the spec. */
+    var = cork_env_get(NULL, "XDG_RUNTIME_DIR");
+    if (empty_string(var)) {
+        cork_undefined("Cannot determine user-specific runtime directory");
+        return NULL;
+    } else {
+        return cork_path_new(var);
+    }
+}
diff --git a/client/3rd/ShadowSocks/ShadowSocks/shadowsocks-libev/libcork/src/libcork/posix/mingw.c b/client/3rd/ShadowSocks/ShadowSocks/shadowsocks-libev/libcork/src/libcork/posix/mingw.c
new file mode 100644
index 00000000..388330ee
--- /dev/null
+++ b/client/3rd/ShadowSocks/ShadowSocks/shadowsocks-libev/libcork/src/libcork/posix/mingw.c
@@ -0,0 +1,270 @@
+#ifdef __MINGW32__
+
+#include <string.h>
+#include <stdlib.h>
+#include <winsock2.h>
+#include <ws2tcpip.h>
+
+#include "libcork/core.h"
+#include "libcork/ds.h"
+#include "libcork/os/subprocess.h"
+#include "libcork/helpers/mingw.h"
+
+// From git project: compact/mingw.c
+
+struct tm
+*gmtime_r(const time_t *timep, struct tm *result)
+{
+    /* gmtime() in MSVCRT.DLL is thread-safe, but not reentrant */
+    memcpy(result, gmtime(timep), sizeof(struct tm));
+    return result;
+}
+
+struct tm
+*localtime_r(const time_t *timep, struct tm *result)
+{
+    /* localtime() in MSVCRT.DLL is thread-safe, but not reentrant */
+    memcpy(result, localtime(timep), sizeof(struct tm));
+    return result;
+}
+
+int
+setenv(const char *name, const char *value, int overwrite)
+{
+    // XXX: ignore overwrite option which is not actually used by MinGW port
+    errno_t ret;
+    ret = _putenv_s(name, value);
+    if (ret) {
+        return -1;
+    }
+    return 0;
+}
+
+int
+unsetenv(const char *name)
+{
+    return setenv(name, "", 1);
+}
+
+int
+clearenv(void)
+{
+    // XXX: stub function, not actually used by MinGW port
+    return 0;
+}
+
+// Missing subprocess related functions
+
+/*-----------------------------------------------------------------------
+ * Subprocesses
+ */
+
+#define BUF_SIZE  4096
+
+struct cork_subprocess {
+    STARTUPINFO si;
+    PROCESS_INFORMATION pi;
+    HANDLE job;
+    uint16_t control;
+    bool running;
+    void  *user_data;
+    cork_free_f  free_user_data;
+    int  *exit_code;
+    char  buf[BUF_SIZE];
+};
+
+struct cork_subprocess *
+cork_subprocess_new(void *user_data, cork_free_f free_user_data,
+                    cork_run_f run,
+                    struct cork_stream_consumer *stdout_consumer,
+                    struct cork_stream_consumer *stderr_consumer,
+                    int *exit_code)
+{
+    struct cork_subprocess  *self = cork_new(struct cork_subprocess);
+    memset(&self->si, 0, sizeof(self->si));
+    memset(&self->pi, 0, sizeof(self->pi));
+    self->control = 0;
+    self->running = false;
+    self->user_data = user_data;
+    self->free_user_data = free_user_data;
+    self->exit_code = exit_code;
+    return self;
+}
+
+void
+cork_subprocess_free(struct cork_subprocess *self)
+{
+    cork_free_user_data(self);
+    cork_delete(struct cork_subprocess, self);
+}
+
+/*-----------------------------------------------------------------------
+ * Executing another program
+ */
+
+static void
+cork_exec__free(void *vself)
+{
+    struct cork_exec  *exec = vself;
+    cork_exec_free(exec);
+}
+
+struct cork_subprocess *
+cork_subprocess_new_exec(struct cork_exec *exec,
+                         struct cork_stream_consumer *out,
+                         struct cork_stream_consumer *err,
+                         int *exit_code)
+{
+    // XXX: Consumer out and err are not used in MinGW port
+    return cork_subprocess_new
+        (exec, cork_exec__free,
+         NULL,
+         NULL, NULL, exit_code);
+}
+
+void
+cork_subprocess_set_control(struct cork_subprocess *self, uint16_t port)
+{
+    self->control = port;
+}
+
+/*-----------------------------------------------------------------------
+ * Running subprocesses
+ */
+
+DWORD WINAPI
+cork_subprocess_monitor_thread(LPVOID data)
+{
+    struct cork_subprocess *self = data;
+    SOCKET fd;
+    struct sockaddr_in addr;
+    char buf[1] = {0};
+
+    if (self->running) {
+        // Wait subprocess to exit
+        WaitForSingleObject(self->pi.hProcess, INFINITE);
+
+        // Get exit code
+        self->running = false;
+        DWORD exitCode;
+        if (GetExitCodeProcess(self->pi.hProcess, &exitCode)) {
+            if (exitCode != STILL_ACTIVE && self->exit_code) {
+                *self->exit_code = exitCode;
+            }
+        }
+
+        // Clean up handles
+        CloseHandle(self->pi.hProcess);
+        CloseHandle(self->pi.hThread);
+        if (self->job) {
+            CloseHandle(self->job);
+        }
+    }
+
+    // Notify control port
+    if (self->control == 0) {
+        return 0;
+    }
+    fd = socket(AF_INET, SOCK_STREAM, IPPROTO_TCP);
+    if (fd == INVALID_SOCKET) {
+        return 1;
+    }
+    memset(&addr, 0, sizeof(addr));
+    addr.sin_family = AF_INET;
+    addr.sin_addr.s_addr = htonl(INADDR_LOOPBACK);
+    addr.sin_port = htons(self->control);
+    if (connect(fd, (struct sockaddr *)&addr, sizeof(addr))) {
+        closesocket(fd);
+        return 2;
+    };
+    send(fd, buf, 1, 0);
+    closesocket(fd);
+    return 0;
+}
+
+int
+cork_subprocess_start(struct cork_subprocess *self)
+{
+    int ret = 0;
+    struct cork_exec *exec = (struct cork_exec *)self->user_data;
+    const char *exec_desc = cork_exec_description(exec);
+    struct cork_buffer command;
+    char *command_buf = NULL;
+
+    memset(&self->si, 0, sizeof(self->si));
+    self->si.cb = sizeof(self->si);
+    memset(&self->pi, 0, sizeof(self->pi));
+    cork_buffer_init(&command);
+
+    /* Copy command line */
+    if (exec_desc != NULL) {
+        cork_buffer_set_string(&command, exec_desc);
+    }
+    command_buf = (char *)command.buf;
+
+    /* Detect if current process already in a job */
+    BOOL isInJob = FALSE;
+    DWORD creationFlags = 0;
+    if (IsProcessInJob(GetCurrentProcess(), NULL, &isInJob)) {
+        if (isInJob) {
+            creationFlags |= CREATE_BREAKAWAY_FROM_JOB;
+        }
+    };
+
+    /* Stop subprocess when current process exits */
+    self->job = CreateJobObject(NULL, NULL);
+    BOOL retJob = FALSE;
+    if (self->job) {
+        JOBOBJECT_EXTENDED_LIMIT_INFORMATION info = {0};
+        info.BasicLimitInformation.LimitFlags = JOB_OBJECT_LIMIT_KILL_ON_JOB_CLOSE | JOB_OBJECT_LIMIT_BREAKAWAY_OK;
+        retJob = SetInformationJobObject(self->job, JobObjectExtendedLimitInformation, &info, sizeof(info));
+    }
+
+    /* Execute the new program */
+    self->running = false;
+    if (!CreateProcess(
+            NULL,           // No module name (use command line)
+            command_buf,    // Command line
+            NULL,           // Process handle not inheritable
+            NULL,           // Thread handle not inheritable
+            FALSE,          // Set handle inheritance to FALSE
+            creationFlags,  // Creation flags
+            NULL,           // Use current environment block
+            NULL,           // Use current starting directory
+            &self->si,      // Pointer to STARTUPINFO structure
+            &self->pi)) {   // Pointer to PROCESS_INFORMATION structure
+        ret = -1;
+    } else {
+        self->running = true;
+        if (self->job && retJob) {
+            AssignProcessToJobObject(self->job, self->pi.hProcess);
+        }
+    }
+
+    /* Monitor if subprocess quits in a separate thread */
+    CreateThread(NULL, 0, (LPTHREAD_START_ROUTINE)cork_subprocess_monitor_thread,
+                 self, 0, NULL);
+
+    cork_buffer_done(&command);
+    return ret;
+}
+
+int
+cork_subprocess_abort(struct cork_subprocess *self)
+{
+    int ret = 0;
+    if (self->running) {
+        if (!TerminateProcess(self->pi.hProcess, 0)) {
+            ret = -1;
+        }
+    }
+    return ret;
+}
+
+bool
+cork_subprocess_is_finished(struct cork_subprocess *self)
+{
+    return self->running;
+}
+
+#endif
diff --git a/client/3rd/ShadowSocks/ShadowSocks/shadowsocks-libev/libcork/src/libcork/posix/process.c b/client/3rd/ShadowSocks/ShadowSocks/shadowsocks-libev/libcork/src/libcork/posix/process.c
new file mode 100644
index 00000000..72afdd36
--- /dev/null
+++ b/client/3rd/ShadowSocks/ShadowSocks/shadowsocks-libev/libcork/src/libcork/posix/process.c
@@ -0,0 +1,116 @@
+/* -*- coding: utf-8 -*-
+ * ----------------------------------------------------------------------
+ * Copyright © 2013-2014, RedJack, LLC.
+ * All rights reserved.
+ *
+ * Please see the COPYING file in this distribution for license details.
+ * ----------------------------------------------------------------------
+ */
+
+#include <stdlib.h>
+
+#include "libcork/core.h"
+#include "libcork/ds.h"
+#include "libcork/os/process.h"
+#include "libcork/helpers/errors.h"
+
+
+#if !defined(CORK_DEBUG_PROCESS)
+#define CORK_DEBUG_PROCESS  0
+#endif
+
+#if CORK_DEBUG_PROCESS
+#include <stdio.h>
+#define DEBUG(...) fprintf(stderr, __VA_ARGS__)
+#else
+#define DEBUG(...) /* no debug messages */
+#endif
+
+
+struct cork_cleanup_entry {
+    struct cork_dllist_item  item;
+    int  priority;
+    const char  *name;
+    cork_cleanup_function  function;
+};
+
+static struct cork_cleanup_entry *
+cork_cleanup_entry_new(const char *name, int priority,
+                       cork_cleanup_function function)
+{
+    struct cork_cleanup_entry  *self = cork_new(struct cork_cleanup_entry);
+    self->priority = priority;
+    self->name = cork_strdup(name);
+    self->function = function;
+    return self;
+}
+
+static void
+cork_cleanup_entry_free(struct cork_cleanup_entry *self)
+{
+    cork_strfree(self->name);
+    cork_delete(struct cork_cleanup_entry, self);
+}
+
+static struct cork_dllist  cleanup_entries = CORK_DLLIST_INIT(cleanup_entries);
+static bool  cleanup_registered = false;
+
+static void
+cork_cleanup_call_one(struct cork_dllist_item *item, void *user_data)
+{
+    struct cork_cleanup_entry  *entry =
+        cork_container_of(item, struct cork_cleanup_entry, item);
+    cork_cleanup_function  function = entry->function;
+    DEBUG("Call cleanup function [%d] %s\n", entry->priority, entry->name);
+    /* We need to free the entry before calling the entry's function, since one
+     * of the functions that libcork registers frees the allocator instance that
+     * we'd use to free the entry.  If we called the function first, the
+     * allocator would be freed before we could use it to free the entry. */
+    cork_cleanup_entry_free(entry);
+    function();
+}
+
+static void
+cork_cleanup_call_all(void)
+{
+    cork_dllist_map(&cleanup_entries, cork_cleanup_call_one, NULL);
+}
+
+static void
+cork_cleanup_entry_add(struct cork_cleanup_entry *entry)
+{
+    struct cork_dllist_item  *curr;
+
+    if (CORK_UNLIKELY(!cleanup_registered)) {
+        atexit(cork_cleanup_call_all);
+        cleanup_registered = true;
+    }
+
+    /* Linear search through the list of existing cleanup functions.  When we
+     * find the first existing function with a higher priority, we've found
+     * where to insert the new function. */
+    for (curr = cork_dllist_start(&cleanup_entries);
+         !cork_dllist_is_end(&cleanup_entries, curr); curr = curr->next) {
+        struct cork_cleanup_entry  *existing =
+            cork_container_of(curr, struct cork_cleanup_entry, item);
+        if (existing->priority > entry->priority) {
+            cork_dllist_add_before(&existing->item, &entry->item);
+            return;
+        }
+    }
+
+    /* If we fall through the loop, then the new function should be appended to
+     * the end of the list. */
+    cork_dllist_add(&cleanup_entries, &entry->item);
+}
+
+
+CORK_API void
+cork_cleanup_at_exit_named(const char *name, int priority,
+                           cork_cleanup_function function)
+{
+    struct cork_cleanup_entry  *entry =
+        cork_cleanup_entry_new(name, priority, function);
+    DEBUG("Register cleanup function [%d] %s\n", priority, name);
+    cork_cleanup_entry_add(entry);
+}
diff --git a/client/3rd/ShadowSocks/ShadowSocks/shadowsocks-libev/libcork/src/libcork/posix/subprocess.c b/client/3rd/ShadowSocks/ShadowSocks/shadowsocks-libev/libcork/src/libcork/posix/subprocess.c
new file mode 100644
index 00000000..6788b665
--- /dev/null
+++ b/client/3rd/ShadowSocks/ShadowSocks/shadowsocks-libev/libcork/src/libcork/posix/subprocess.c
@@ -0,0 +1,674 @@
+/* -*- coding: utf-8 -*-
+ * ----------------------------------------------------------------------
+ * Copyright © 2012-2014, RedJack, LLC.
+ * All rights reserved.
+ *
+ * Please see the COPYING file in this distribution for license details.
+ * ----------------------------------------------------------------------
+ */
+
+#include <assert.h>
+#include <errno.h>
+#include <fcntl.h>
+#include <signal.h>
+#include <sys/select.h>
+#include <sys/wait.h>
+#include <unistd.h>
+
+#include "libcork/core.h"
+#include "libcork/ds.h"
+#include "libcork/os/subprocess.h"
+#include "libcork/threads/basics.h"
+#include "libcork/helpers/errors.h"
+#include "libcork/helpers/posix.h"
+
+
+#if !defined(CORK_DEBUG_SUBPROCESS)
+#define CORK_DEBUG_SUBPROCESS  0
+#endif
+
+#if CORK_DEBUG_SUBPROCESS
+#include <stdio.h>
+#define DEBUG(...) fprintf(stderr, __VA_ARGS__)
+#else
+#define DEBUG(...) /* no debug messages */
+#endif
+
+
+/*-----------------------------------------------------------------------
+ * Subprocess groups
+ */
+
+#define BUF_SIZE  4096
+
+struct cork_subprocess_group {
+    cork_array(struct cork_subprocess *)  subprocesses;
+};
+
+struct cork_subprocess_group *
+cork_subprocess_group_new(void)
+{
+    struct cork_subprocess_group  *group =
+        cork_new(struct cork_subprocess_group);
+    cork_pointer_array_init
+        (&group->subprocesses, (cork_free_f) cork_subprocess_free);
+    return group;
+}
+
+void
+cork_subprocess_group_free(struct cork_subprocess_group *group)
+{
+    cork_array_done(&group->subprocesses);
+    cork_delete(struct cork_subprocess_group, group);
+}
+
+void
+cork_subprocess_group_add(struct cork_subprocess_group *group,
+                          struct cork_subprocess *sub)
+{
+    cork_array_append(&group->subprocesses, sub);
+}
+
+
+/*-----------------------------------------------------------------------
+ * Pipes (parent reads)
+ */
+
+struct cork_read_pipe {
+    struct cork_stream_consumer  *consumer;
+    int  fds[2];
+    bool  first;
+};
+
+static void
+cork_read_pipe_init(struct cork_read_pipe *p, struct cork_stream_consumer *consumer)
+{
+    p->consumer = consumer;
+    p->fds[0] = -1;
+    p->fds[1] = -1;
+}
+
+static int
+cork_read_pipe_close_read(struct cork_read_pipe *p)
+{
+    if (p->fds[0] != -1) {
+        DEBUG("Closing read pipe %d\n", p->fds[0]);
+        rii_check_posix(close(p->fds[0]));
+        p->fds[0] = -1;
+    }
+    return 0;
+}
+
+static int
+cork_read_pipe_close_write(struct cork_read_pipe *p)
+{
+    if (p->fds[1] != -1) {
+        DEBUG("Closing write pipe %d\n", p->fds[1]);
+        rii_check_posix(close(p->fds[1]));
+        p->fds[1] = -1;
+    }
+    return 0;
+}
+
+static void
+cork_read_pipe_close(struct cork_read_pipe *p)
+{
+    cork_read_pipe_close_read(p);
+    cork_read_pipe_close_write(p);
+}
+
+static void
+cork_read_pipe_done(struct cork_read_pipe *p)
+{
+    cork_read_pipe_close(p);
+}
+
+static int
+cork_read_pipe_open(struct cork_read_pipe *p)
+{
+    if (p->consumer != NULL) {
+        int  flags;
+
+        /* We want the read end of the pipe to be non-blocking. */
+        DEBUG("[read] Opening pipe\n");
+        rii_check_posix(pipe(p->fds));
+        DEBUG("[read]   Got read=%d write=%d\n", p->fds[0], p->fds[1]);
+        DEBUG("[read]   Setting non-blocking flag on read pipe\n");
+        ei_check_posix(flags = fcntl(p->fds[0], F_GETFD));
+        flags |= O_NONBLOCK;
+        ei_check_posix(fcntl(p->fds[0], F_SETFD, flags));
+    }
+
+    p->first = true;
+    return 0;
+
+error:
+    cork_read_pipe_close(p);
+    return -1;
+}
+
+static int
+cork_read_pipe_dup(struct cork_read_pipe *p, int fd)
+{
+    if (p->fds[1] != -1) {
+        rii_check_posix(dup2(p->fds[1], fd));
+    }
+    return 0;
+}
+
+static int
+cork_read_pipe_read(struct cork_read_pipe *p, char *buf, bool *progress)
+{
+    if (p->fds[0] == -1) {
+        return 0;
+    }
+
+    do {
+        DEBUG("[read] Reading from pipe %d\n", p->fds[0]);
+        ssize_t  bytes_read = read(p->fds[0], buf, BUF_SIZE);
+        if (bytes_read == -1) {
+            if (errno == EAGAIN) {
+                /* We've exhausted all of the data currently available. */
+                DEBUG("[read]   No more bytes without blocking\n");
+                return 0;
+            } else if (errno == EINTR) {
+                /* Interrupted by a signal; return so that our wait loop can
+                 * catch that. */
+                DEBUG("[read]   Interrupted by signal\n");
+                return 0;
+            } else {
+                /* An actual error */
+                cork_system_error_set();
+                DEBUG("[read]   Error: %s\n", cork_error_message());
+                return -1;
+            }
+        } else if (bytes_read == 0) {
+            DEBUG("[read]   End of stream\n");
+            *progress = true;
+            rii_check(cork_stream_consumer_eof(p->consumer));
+            rii_check_posix(close(p->fds[0]));
+            p->fds[0] = -1;
+            return 0;
+        } else {
+            DEBUG("[read]   Got %zd bytes\n", bytes_read);
+            *progress = true;
+            rii_check(cork_stream_consumer_data
+                      (p->consumer, buf, bytes_read, p->first));
+            p->first = false;
+        }
+    } while (true);
+}
+
+static bool
+cork_read_pipe_is_finished(struct cork_read_pipe *p)
+{
+    return p->fds[0] == -1;
+}
+
+
+/*-----------------------------------------------------------------------
+ * Pipes (parent writes)
+ */
+
+struct cork_write_pipe {
+    struct cork_stream_consumer  consumer;
+    int  fds[2];
+};
+
+static int
+cork_write_pipe_close_read(struct cork_write_pipe *p)
+{
+    if (p->fds[0] != -1) {
+        DEBUG("[write] Closing read pipe %d\n", p->fds[0]);
+        rii_check_posix(close(p->fds[0]));
+        p->fds[0] = -1;
+    }
+    return 0;
+}
+
+static int
+cork_write_pipe_close_write(struct cork_write_pipe *p)
+{
+    if (p->fds[1] != -1) {
+        DEBUG("[write] Closing write pipe %d\n", p->fds[1]);
+        rii_check_posix(close(p->fds[1]));
+        p->fds[1] = -1;
+    }
+    return 0;
+}
+
+static int
+cork_write_pipe__data(struct cork_stream_consumer *consumer,
+                      const void *buf, size_t size, bool is_first_chunk)
+{
+    struct cork_write_pipe  *p =
+        cork_container_of(consumer, struct cork_write_pipe, consumer);
+    rii_check_posix(write(p->fds[1], buf, size));
+    return 0;
+}
+
+static int
+cork_write_pipe__eof(struct cork_stream_consumer *consumer)
+{
+    struct cork_write_pipe  *p =
+        cork_container_of(consumer, struct cork_write_pipe, consumer);
+    return cork_write_pipe_close_write(p);
+}
+
+static void
+cork_write_pipe__free(struct cork_stream_consumer *consumer)
+{
+}
+
+static void
+cork_write_pipe_init(struct cork_write_pipe *p)
+{
+    p->consumer.data = cork_write_pipe__data;
+    p->consumer.eof = cork_write_pipe__eof;
+    p->consumer.free = cork_write_pipe__free;
+    p->fds[0] = -1;
+    p->fds[1] = -1;
+}
+
+static void
+cork_write_pipe_close(struct cork_write_pipe *p)
+{
+    cork_write_pipe_close_read(p);
+    cork_write_pipe_close_write(p);
+}
+
+static void
+cork_write_pipe_done(struct cork_write_pipe *p)
+{
+    cork_write_pipe_close(p);
+}
+
+static int
+cork_write_pipe_open(struct cork_write_pipe *p)
+{
+    DEBUG("[write] Opening writer pipe\n");
+    rii_check_posix(pipe(p->fds));
+    DEBUG("[write]   Got read=%d write=%d\n", p->fds[0], p->fds[1]);
+    return 0;
+}
+
+static int
+cork_write_pipe_dup(struct cork_write_pipe *p, int fd)
+{
+    if (p->fds[0] != -1) {
+        rii_check_posix(dup2(p->fds[0], fd));
+    }
+    return 0;
+}
+
+
+/*-----------------------------------------------------------------------
+ * Subprocesses
+ */
+
+struct cork_subprocess {
+    pid_t  pid;
+    struct cork_write_pipe  stdin_pipe;
+    struct cork_read_pipe  stdout_pipe;
+    struct cork_read_pipe  stderr_pipe;
+    void  *user_data;
+    cork_free_f  free_user_data;
+    cork_run_f  run;
+    int  *exit_code;
+    char  buf[BUF_SIZE];
+};
+
+struct cork_subprocess *
+cork_subprocess_new(void *user_data, cork_free_f free_user_data,
+                    cork_run_f run,
+                    struct cork_stream_consumer *stdout_consumer,
+                    struct cork_stream_consumer *stderr_consumer,
+                    int *exit_code)
+{
+    struct cork_subprocess  *self = cork_new(struct cork_subprocess);
+    cork_write_pipe_init(&self->stdin_pipe);
+    cork_read_pipe_init(&self->stdout_pipe, stdout_consumer);
+    cork_read_pipe_init(&self->stderr_pipe, stderr_consumer);
+    self->pid = 0;
+    self->user_data = user_data;
+    self->free_user_data = free_user_data;
+    self->run = run;
+    self->exit_code = exit_code;
+    return self;
+}
+
+void
+cork_subprocess_free(struct cork_subprocess *self)
+{
+    cork_free_user_data(self);
+    cork_write_pipe_done(&self->stdin_pipe);
+    cork_read_pipe_done(&self->stdout_pipe);
+    cork_read_pipe_done(&self->stderr_pipe);
+    cork_delete(struct cork_subprocess, self);
+}
+
+struct cork_stream_consumer *
+cork_subprocess_stdin(struct cork_subprocess *self)
+{
+    return &self->stdin_pipe.consumer;
+}
+
+
+/*-----------------------------------------------------------------------
+ * Executing another program
+ */
+
+static int
+cork_exec__run(void *vself)
+{
+    struct cork_exec  *exec = vself;
+    return cork_exec_run(exec);
+}
+
+static void
+cork_exec__free(void *vself)
+{
+    struct cork_exec  *exec = vself;
+    cork_exec_free(exec);
+}
+
+struct cork_subprocess *
+cork_subprocess_new_exec(struct cork_exec *exec,
+                         struct cork_stream_consumer *out,
+                         struct cork_stream_consumer *err,
+                         int *exit_code)
+{
+    return cork_subprocess_new
+        (exec, cork_exec__free,
+         cork_exec__run,
+         out, err, exit_code);
+}
+
+
+/*-----------------------------------------------------------------------
+ * Running subprocesses
+ */
+
+int
+cork_subprocess_start(struct cork_subprocess *self)
+{
+    pid_t  pid;
+
+    /* Create the stdout and stderr pipes. */
+    if (cork_write_pipe_open(&self->stdin_pipe) == -1) {
+        return -1;
+    }
+    if (cork_read_pipe_open(&self->stdout_pipe) == -1) {
+        cork_write_pipe_close(&self->stdin_pipe);
+        return -1;
+    }
+    if (cork_read_pipe_open(&self->stderr_pipe) == -1) {
+        cork_write_pipe_close(&self->stdin_pipe);
+        cork_read_pipe_close(&self->stdout_pipe);
+        return -1;
+    }
+
+    /* Fork the child process. */
+    DEBUG("Forking child process\n");
+    pid = fork();
+    if (pid == 0) {
+        /* Child process */
+        int  rc;
+
+        /* Close the parent's end of the pipes */
+        DEBUG("[child] ");
+        cork_write_pipe_close_write(&self->stdin_pipe);
+        DEBUG("[child] ");
+        cork_read_pipe_close_read(&self->stdout_pipe);
+        DEBUG("[child] ");
+        cork_read_pipe_close_read(&self->stderr_pipe);
+
+        /* Bind the stdout and stderr pipes */
+        if (cork_write_pipe_dup(&self->stdin_pipe, STDIN_FILENO) == -1) {
+            _exit(EXIT_FAILURE);
+        }
+        if (cork_read_pipe_dup(&self->stdout_pipe, STDOUT_FILENO) == -1) {
+            _exit(EXIT_FAILURE);
+        }
+        if (cork_read_pipe_dup(&self->stderr_pipe, STDERR_FILENO) == -1) {
+            _exit(EXIT_FAILURE);
+        }
+
+        /* Run the subprocess */
+        rc = self->run(self->user_data);
+        if (CORK_LIKELY(rc == 0)) {
+            _exit(EXIT_SUCCESS);
+        } else {
+            fprintf(stderr, "%s\n", cork_error_message());
+            _exit(EXIT_FAILURE);
+        }
+    } else if (pid < 0) {
+        /* Error forking */
+        cork_system_error_set();
+        return -1;
+    } else {
+        /* Parent process */
+        DEBUG("  Child PID=%d\n", (int) pid);
+        self->pid = pid;
+        cork_write_pipe_close_read(&self->stdin_pipe);
+        cork_read_pipe_close_write(&self->stdout_pipe);
+        cork_read_pipe_close_write(&self->stderr_pipe);
+        return 0;
+    }
+}
+
+#if defined(__APPLE__)
+#include <pthread.h>
+#define THREAD_YIELD   pthread_yield_np
+#elif defined(__linux__) || defined(BSD) || defined(__FreeBSD_kernel__) || defined(__GNU__) || defined(__CYGWIN__)
+#include <sched.h>
+#define THREAD_YIELD   sched_yield
+#else
+#error "Unknown thread yield implementation"
+#endif
+
+static void
+cork_subprocess_yield(unsigned int *spin_count)
+{
+    /* Adapted from
+     * http://www.1024cores.net/home/lock-free-algorithms/tricks/spinning */
+
+    if (*spin_count < 10) {
+        /* Spin-wait */
+        cork_pause();
+    } else if (*spin_count < 20) {
+        /* A more intense spin-wait */
+        int  i;
+        for (i = 0; i < 50; i++) {
+            cork_pause();
+        }
+    } else if (*spin_count < 22) {
+        THREAD_YIELD();
+    } else if (*spin_count < 24) {
+        usleep(0);
+    } else if (*spin_count < 50) {
+        usleep(1);
+    } else if (*spin_count < 75) {
+        usleep((*spin_count - 49) * 1000);
+    } else {
+        usleep(25000);
+    }
+
+    (*spin_count)++;
+}
+
+
+static int
+cork_subprocess_reap(struct cork_subprocess *self, int flags, bool *progress)
+{
+    int  pid;
+    int  status;
+    rii_check_posix(pid = waitpid(self->pid, &status, flags));
+    if (pid == self->pid) {
+        *progress = true;
+        self->pid = 0;
+        if (self->exit_code != NULL) {
+            *self->exit_code = WEXITSTATUS(status);
+        }
+    }
+    return 0;
+}
+
+int
+cork_subprocess_abort(struct cork_subprocess *self)
+{
+    if (self->pid > 0) {
+        CORK_ATTR_UNUSED bool  progress = false;
+        DEBUG("Terminating child process %d\n", (int) self->pid);
+        kill(self->pid, SIGTERM);
+        unsigned int  spin_count = 0;
+        int exitcode = cork_subprocess_reap(self, WNOHANG, &progress);
+        while (!progress && spin_count < 50) {
+            cork_subprocess_yield(&spin_count);
+            exitcode = cork_subprocess_reap(self, WNOHANG, &progress);
+        }
+        if (progress) {
+            return exitcode;
+        } else {
+            kill(self->pid, SIGKILL);
+            return 0;
+        }
+    } else {
+        return 0;
+    }
+}
+
+bool
+cork_subprocess_is_finished(struct cork_subprocess *self)
+{
+    return (self->pid == 0)
+        && cork_read_pipe_is_finished(&self->stdout_pipe)
+        && cork_read_pipe_is_finished(&self->stderr_pipe);
+}
+
+static int
+cork_subprocess_drain_(struct cork_subprocess *self, bool *progress)
+{
+    rii_check(cork_read_pipe_read(&self->stdout_pipe, self->buf, progress));
+    rii_check(cork_read_pipe_read(&self->stderr_pipe, self->buf, progress));
+    if (self->pid > 0) {
+        return cork_subprocess_reap(self, WNOHANG, progress);
+    } else {
+        return 0;
+    }
+}
+
+bool
+cork_subprocess_drain(struct cork_subprocess *self)
+{
+    bool  progress;
+    cork_subprocess_drain_(self, &progress);
+    return progress;
+}
+
+int
+cork_subprocess_wait(struct cork_subprocess *self)
+{
+    unsigned int  spin_count = 0;
+    bool  progress;
+    while (!cork_subprocess_is_finished(self)) {
+        progress = false;
+        rii_check(cork_subprocess_drain_(self, &progress));
+        if (!progress) {
+            cork_subprocess_yield(&spin_count);
+        }
+    }
+    return 0;
+}
+
+
+/*-----------------------------------------------------------------------
+ * Running subprocess groups
+ */
+
+static int
+cork_subprocess_group_terminate(struct cork_subprocess_group *group)
+{
+    size_t  i;
+    for (i = 0; i < cork_array_size(&group->subprocesses); i++) {
+        struct cork_subprocess  *sub = cork_array_at(&group->subprocesses, i);
+        rii_check(cork_subprocess_abort(sub));
+    }
+    return 0;
+}
+
+int
+cork_subprocess_group_start(struct cork_subprocess_group *group)
+{
+    size_t  i;
+    DEBUG("Starting subprocess group\n");
+    /* Start each subprocess. */
+    for (i = 0; i < cork_array_size(&group->subprocesses); i++) {
+        struct cork_subprocess  *sub = cork_array_at(&group->subprocesses, i);
+        ei_check(cork_subprocess_start(sub));
+    }
+    return 0;
+
+error:
+    cork_subprocess_group_terminate(group);
+    return -1;
+}
+
+
+int
+cork_subprocess_group_abort(struct cork_subprocess_group *group)
+{
+    DEBUG("Aborting subprocess group\n");
+    return cork_subprocess_group_terminate(group);
+}
+
+
+bool
+cork_subprocess_group_is_finished(struct cork_subprocess_group *group)
+{
+    size_t  i;
+    for (i = 0; i < cork_array_size(&group->subprocesses); i++) {
+        struct cork_subprocess  *sub = cork_array_at(&group->subprocesses, i);
+        bool  sub_finished = cork_subprocess_is_finished(sub);
+        if (!sub_finished) {
+            return false;
+        }
+    }
+    return true;
+}
+
+static int
+cork_subprocess_group_drain_(struct cork_subprocess_group *group,
+                             bool *progress)
+{
+    size_t  i;
+    for (i = 0; i < cork_array_size(&group->subprocesses); i++) {
+        struct cork_subprocess  *sub = cork_array_at(&group->subprocesses, i);
+        rii_check(cork_subprocess_drain_(sub, progress));
+    }
+    return 0;
+}
+
+bool
+cork_subprocess_group_drain(struct cork_subprocess_group *group)
+{
+    bool  progress = false;
+    cork_subprocess_group_drain_(group, &progress);
+    return progress;
+}
+
+int
+cork_subprocess_group_wait(struct cork_subprocess_group *group)
+{
+    unsigned int  spin_count = 0;
+    bool  progress;
+    DEBUG("Waiting for subprocess group to finish\n");
+    while (!cork_subprocess_group_is_finished(group)) {
+        progress = false;
+        rii_check(cork_subprocess_group_drain_(group, &progress));
+        if (!progress) {
+            cork_subprocess_yield(&spin_count);
+        }
+    }
+    return 0;
+}
diff --git a/client/3rd/ShadowSocks/ShadowSocks/shadowsocks-libev/libcork/src/libcork/pthreads/thread.c b/client/3rd/ShadowSocks/ShadowSocks/shadowsocks-libev/libcork/src/libcork/pthreads/thread.c
new file mode 100644
index 00000000..d8347790
--- /dev/null
+++ b/client/3rd/ShadowSocks/ShadowSocks/shadowsocks-libev/libcork/src/libcork/pthreads/thread.c
@@ -0,0 +1,223 @@
+/* -*- coding: utf-8 -*-
+ * ----------------------------------------------------------------------
+ * Copyright © 2013-2015, RedJack, LLC.
+ * All rights reserved.
+ *
+ * Please see the COPYING file in this distribution for license details.
+ * ----------------------------------------------------------------------
+ */
+
+#if defined(__linux)
+/* This is needed on Linux to get the pthread_setname_np function. */
+#if !defined(_GNU_SOURCE)
+#define _GNU_SOURCE 1
+#endif
+#endif
+
+#include <assert.h>
+#include <string.h>
+
+#include <pthread.h>
+
+#include "libcork/core/allocator.h"
+#include "libcork/core/error.h"
+#include "libcork/core/types.h"
+#include "libcork/ds/buffer.h"
+#include "libcork/threads/basics.h"
+
+
+/*-----------------------------------------------------------------------
+ * Current thread
+ */
+
+static volatile cork_thread_id  last_thread_descriptor = 0;
+
+struct cork_thread {
+    const char  *name;
+    cork_thread_id  id;
+    pthread_t  thread_id;
+    void  *user_data;
+    cork_free_f  free_user_data;
+    cork_run_f  run;
+    cork_error  error_code;
+    struct cork_buffer  error_message;
+    bool  started;
+    bool  joined;
+};
+
+struct cork_thread_descriptor {
+    struct cork_thread  *current_thread;
+    cork_thread_id  id;
+};
+
+cork_tls(struct cork_thread_descriptor, cork_thread_descriptor);
+
+struct cork_thread *
+cork_current_thread_get(void)
+{
+    struct cork_thread_descriptor  *desc = cork_thread_descriptor_get();
+    return desc->current_thread;
+}
+
+cork_thread_id
+cork_current_thread_get_id(void)
+{
+    struct cork_thread_descriptor  *desc = cork_thread_descriptor_get();
+    if (CORK_UNLIKELY(desc->id == 0)) {
+        if (desc->current_thread == NULL) {
+            desc->id = cork_uint_atomic_add(&last_thread_descriptor, 1);
+        } else {
+            desc->id = desc->current_thread->id;
+        }
+    }
+    return desc->id;
+}
+
+
+/*-----------------------------------------------------------------------
+ * Threads
+ */
+
+struct cork_thread *
+cork_thread_new(const char *name,
+                void *user_data, cork_free_f free_user_data,
+                cork_run_f run)
+{
+    struct cork_thread  *self = cork_new(struct cork_thread);
+    self->name = cork_strdup(name);
+    self->id = cork_uint_atomic_add(&last_thread_descriptor, 1);
+    self->user_data = user_data;
+    self->free_user_data = free_user_data;
+    self->run = run;
+    self->error_code = CORK_ERROR_NONE;
+    cork_buffer_init(&self->error_message);
+    self->started = false;
+    self->joined = false;
+    return self;
+}
+
+static void
+cork_thread_free_private(struct cork_thread *self)
+{
+    cork_strfree(self->name);
+    cork_free_user_data(self);
+    cork_buffer_done(&self->error_message);
+    cork_delete(struct cork_thread, self);
+}
+
+void
+cork_thread_free(struct cork_thread *self)
+{
+    assert(!self->started);
+    cork_thread_free_private(self);
+}
+
+const char *
+cork_thread_get_name(struct cork_thread *self)
+{
+    return self->name;
+}
+
+cork_thread_id
+cork_thread_get_id(struct cork_thread *self)
+{
+    return self->id;
+}
+
+#define PTHREADS_MAX_THREAD_NAME_LENGTH  16
+
+static void *
+cork_thread_pthread_run(void *vself)
+{
+    int  rc;
+    struct cork_thread  *self = vself;
+    struct cork_thread_descriptor  *desc = cork_thread_descriptor_get();
+#if defined(__APPLE__) && defined(__MACH__)
+    char  thread_name[PTHREADS_MAX_THREAD_NAME_LENGTH];
+#endif
+
+    desc->current_thread = self;
+    desc->id = self->id;
+    rc = self->run(self->user_data);
+
+#if defined(__APPLE__) && defined(__MACH__)
+    /* On Mac OS X, we set the name of the current thread, not of an arbitrary
+     * thread of our choosing. */
+    strncpy(thread_name, self->name, PTHREADS_MAX_THREAD_NAME_LENGTH);
+    thread_name[PTHREADS_MAX_THREAD_NAME_LENGTH - 1] = '\0';
+    pthread_setname_np(thread_name);
+#endif
+
+    /* If an error occurred in the body of the thread, save the error into the
+     * cork_thread object so that we can propagate that error when some calls
+     * cork_thread_join. */
+    if (CORK_UNLIKELY(rc != 0)) {
+        if (CORK_LIKELY(cork_error_occurred())) {
+            self->error_code = cork_error_code();
+            cork_buffer_set_string(&self->error_message, cork_error_message());
+        } else {
+            self->error_code = CORK_UNKNOWN_ERROR;
+            cork_buffer_set_string(&self->error_message, "Unknown error");
+        }
+    }
+
+    return NULL;
+}
+
+int
+cork_thread_start(struct cork_thread *self)
+{
+    int  rc;
+    pthread_t  thread_id;
+#if defined(__linux) && ((__GLIBC__ >= 2) && (__GLIBC_MINOR__ >= 12))
+    char  thread_name[PTHREADS_MAX_THREAD_NAME_LENGTH];
+#endif
+
+    assert(!self->started);
+
+    rc = pthread_create(&thread_id, NULL, cork_thread_pthread_run, self);
+    if (CORK_UNLIKELY(rc != 0)) {
+        cork_system_error_set_explicit(rc);
+        return -1;
+    }
+
+#if defined(__linux) && ((__GLIBC__ >= 2) && (__GLIBC_MINOR__ >= 12))
+    /* On Linux we choose which thread to name via an explicit thread ID.
+     * However, pthread_setname_np() isn't supported on versions of glibc
+     * earlier than 2.12. So we need to check for a MINOR version of 12 or
+     * higher. */
+    strncpy(thread_name, self->name, PTHREADS_MAX_THREAD_NAME_LENGTH);
+    thread_name[PTHREADS_MAX_THREAD_NAME_LENGTH - 1] = '\0';
+    pthread_setname_np(thread_id, thread_name);
+#endif
+
+    self->thread_id = thread_id;
+    self->started = true;
+    return 0;
+}
+
+int
+cork_thread_join(struct cork_thread *self)
+{
+    int  rc;
+
+    assert(self->started && !self->joined);
+
+    rc = pthread_join(self->thread_id, NULL);
+    if (CORK_UNLIKELY(rc != 0)) {
+        cork_system_error_set_explicit(rc);
+        cork_thread_free_private(self);
+        return -1;
+    }
+
+    if (CORK_UNLIKELY(self->error_code != CORK_ERROR_NONE)) {
+        cork_error_set_printf
+            (self->error_code, "Error from thread %s: %s",
+             self->name, (char *) self->error_message.buf);
+        cork_thread_free_private(self);
+        return -1;
+    }
+
+    cork_thread_free_private(self);
+    return 0;
+}
diff --git a/client/3rd/ShadowSocks/ShadowSocks/shadowsocks-libev/libcork/tests/.gitattributes b/client/3rd/ShadowSocks/ShadowSocks/shadowsocks-libev/libcork/tests/.gitattributes
new file mode 100644
index 00000000..96993c63
--- /dev/null
+++ b/client/3rd/ShadowSocks/ShadowSocks/shadowsocks-libev/libcork/tests/.gitattributes
@@ -0,0 +1,2 @@
+*.t       -whitespace
+cram.py   -diff
diff --git a/client/3rd/ShadowSocks/ShadowSocks/shadowsocks-libev/libcork/tests/.gitignore b/client/3rd/ShadowSocks/ShadowSocks/shadowsocks-libev/libcork/tests/.gitignore
new file mode 100644
index 00000000..d2bfb7e0
--- /dev/null
+++ b/client/3rd/ShadowSocks/ShadowSocks/shadowsocks-libev/libcork/tests/.gitignore
@@ -0,0 +1 @@
+*.t.err
diff --git a/client/3rd/ShadowSocks/ShadowSocks/shadowsocks-libev/libcork/tests/CMakeLists.txt b/client/3rd/ShadowSocks/ShadowSocks/shadowsocks-libev/libcork/tests/CMakeLists.txt
new file mode 100644
index 00000000..3a214e04
--- /dev/null
+++ b/client/3rd/ShadowSocks/ShadowSocks/shadowsocks-libev/libcork/tests/CMakeLists.txt
@@ -0,0 +1,82 @@
+# -*- coding: utf-8 -*-
+# ----------------------------------------------------------------------
+# Copyright © 2011-2015, RedJack, LLC.
+# All rights reserved.
+#
+# Please see the COPYING file in this distribution for license details.
+# ----------------------------------------------------------------------
+
+include_directories(
+    ${CMAKE_SOURCE_DIR}/include
+    ${CMAKE_BINARY_DIR}/include
+)
+
+#-----------------------------------------------------------------------
+# Build the test cases
+
+# For each test cases, we create two executables: one that links with a
+# shared libcork, and the other that simulates embedding libcork into
+# another project.  For the embedded version, we need to know which of
+# the libcork submodules should be included when compiling the test
+# case.  These are provided as additional parameters to the make_test
+# macro.
+
+macro(make_test test_name)
+    if (ENABLE_SHARED OR ENABLE_SHARED_EXECUTABLES)
+        add_executable(shared-${test_name} ${test_name}.c)
+        target_link_libraries(shared-${test_name} ${CHECK_LIBRARIES}
+            libcork-shared)
+        add_test(shared-${test_name} shared-${test_name})
+    endif (ENABLE_SHARED OR ENABLE_SHARED_EXECUTABLES)
+
+    if (ENABLE_STATIC OR NOT ENABLE_SHARED_EXECUTABLES)
+        add_executable(embedded-${test_name} ${test_name}.c)
+        set_target_properties(embedded-${test_name} PROPERTIES
+            COMPILE_DEFINITIONS CORK_EMBEDDED_TEST=1)
+        target_link_libraries(embedded-${test_name} ${CHECK_LIBRARIES}
+            libcork-static)
+        add_test(embedded-${test_name} embedded-${test_name})
+    endif (ENABLE_STATIC OR NOT ENABLE_SHARED_EXECUTABLES)
+endmacro(make_test)
+
+make_test(test-array)
+make_test(test-bitset)
+make_test(test-buffer)
+make_test(test-core)
+make_test(test-dllist)
+make_test(test-files)
+make_test(test-gc)
+make_test(test-hash-table)
+make_test(test-managed-buffer)
+make_test(test-mempool)
+make_test(test-ring-buffer)
+make_test(test-slice)
+make_test(test-subprocess)
+make_test(test-threads)
+
+#-----------------------------------------------------------------------
+# Command-line tests
+
+if(TILERA)
+    configure_file(tile-test ${CMAKE_BINARY_DIR}/tile-test COPYONLY)
+endif(TILERA)
+
+find_package(PythonInterp)
+
+if (PYTHON_EXECUTABLE)
+    configure_file(ccram ${CMAKE_BINARY_DIR}/ccram COPYONLY)
+    file(GLOB_RECURSE TESTS "${CMAKE_CURRENT_SOURCE_DIR}/*.t")
+    foreach(TEST ${TESTS})
+        get_filename_component(TEST_NAME "${TEST}" NAME_WE)
+        add_test(
+            ${TEST_NAME}
+            ${CMAKE_COMMAND} -E chdir ${CMAKE_BINARY_DIR}
+            ${CMAKE_BINARY_DIR}/ccram
+                --python ${PYTHON_EXECUTABLE}
+                --root ${CMAKE_SOURCE_DIR}
+                --tests ${TEST}
+        )
+    endforeach(TEST)
+else (PYTHON_EXECUTABLE)
+    message(WARNING "Unable to find Python; skipping cram tests.")
+endif (PYTHON_EXECUTABLE)
diff --git a/client/3rd/ShadowSocks/ShadowSocks/shadowsocks-libev/libcork/tests/COPYING.cram.txt b/client/3rd/ShadowSocks/ShadowSocks/shadowsocks-libev/libcork/tests/COPYING.cram.txt
new file mode 100644
index 00000000..d60c31a9
--- /dev/null
+++ b/client/3rd/ShadowSocks/ShadowSocks/shadowsocks-libev/libcork/tests/COPYING.cram.txt
@@ -0,0 +1,340 @@
+		    GNU GENERAL PUBLIC LICENSE
+		       Version 2, June 1991
+
+ Copyright (C) 1989, 1991 Free Software Foundation, Inc.
+     59 Temple Place, Suite 330, Boston, MA  02111-1307  USA
+ Everyone is permitted to copy and distribute verbatim copies
+ of this license document, but changing it is not allowed.
+
+			    Preamble
+
+  The licenses for most software are designed to take away your
+freedom to share and change it.  By contrast, the GNU General Public
+License is intended to guarantee your freedom to share and change free
+software--to make sure the software is free for all its users.  This
+General Public License applies to most of the Free Software
+Foundation's software and to any other program whose authors commit to
+using it.  (Some other Free Software Foundation software is covered by
+the GNU Library General Public License instead.)  You can apply it to
+your programs, too.
+
+  When we speak of free software, we are referring to freedom, not
+price.  Our General Public Licenses are designed to make sure that you
+have the freedom to distribute copies of free software (and charge for
+this service if you wish), that you receive source code or can get it
+if you want it, that you can change the software or use pieces of it
+in new free programs; and that you know you can do these things.
+
+  To protect your rights, we need to make restrictions that forbid
+anyone to deny you these rights or to ask you to surrender the rights.
+These restrictions translate to certain responsibilities for you if you
+distribute copies of the software, or if you modify it.
+
+  For example, if you distribute copies of such a program, whether
+gratis or for a fee, you must give the recipients all the rights that
+you have.  You must make sure that they, too, receive or can get the
+source code.  And you must show them these terms so they know their
+rights.
+
+  We protect your rights with two steps: (1) copyright the software, and
+(2) offer you this license which gives you legal permission to copy,
+distribute and/or modify the software.
+
+  Also, for each author's protection and ours, we want to make certain
+that everyone understands that there is no warranty for this free
+software.  If the software is modified by someone else and passed on, we
+want its recipients to know that what they have is not the original, so
+that any problems introduced by others will not reflect on the original
+authors' reputations.
+
+  Finally, any free program is threatened constantly by software
+patents.  We wish to avoid the danger that redistributors of a free
+program will individually obtain patent licenses, in effect making the
+program proprietary.  To prevent this, we have made it clear that any
+patent must be licensed for everyone's free use or not licensed at all.
+
+  The precise terms and conditions for copying, distribution and
+modification follow.
+
+		    GNU GENERAL PUBLIC LICENSE
+   TERMS AND CONDITIONS FOR COPYING, DISTRIBUTION AND MODIFICATION
+
+  0. This License applies to any program or other work which contains
+a notice placed by the copyright holder saying it may be distributed
+under the terms of this General Public License.  The "Program", below,
+refers to any such program or work, and a "work based on the Program"
+means either the Program or any derivative work under copyright law:
+that is to say, a work containing the Program or a portion of it,
+either verbatim or with modifications and/or translated into another
+language.  (Hereinafter, translation is included without limitation in
+the term "modification".)  Each licensee is addressed as "you".
+
+Activities other than copying, distribution and modification are not
+covered by this License; they are outside its scope.  The act of
+running the Program is not restricted, and the output from the Program
+is covered only if its contents constitute a work based on the
+Program (independent of having been made by running the Program).
+Whether that is true depends on what the Program does.
+
+  1. You may copy and distribute verbatim copies of the Program's
+source code as you receive it, in any medium, provided that you
+conspicuously and appropriately publish on each copy an appropriate
+copyright notice and disclaimer of warranty; keep intact all the
+notices that refer to this License and to the absence of any warranty;
+and give any other recipients of the Program a copy of this License
+along with the Program.
+
+You may charge a fee for the physical act of transferring a copy, and
+you may at your option offer warranty protection in exchange for a fee.
+
+  2. You may modify your copy or copies of the Program or any portion
+of it, thus forming a work based on the Program, and copy and
+distribute such modifications or work under the terms of Section 1
+above, provided that you also meet all of these conditions:
+
+    a) You must cause the modified files to carry prominent notices
+    stating that you changed the files and the date of any change.
+
+    b) You must cause any work that you distribute or publish, that in
+    whole or in part contains or is derived from the Program or any
+    part thereof, to be licensed as a whole at no charge to all third
+    parties under the terms of this License.
+
+    c) If the modified program normally reads commands interactively
+    when run, you must cause it, when started running for such
+    interactive use in the most ordinary way, to print or display an
+    announcement including an appropriate copyright notice and a
+    notice that there is no warranty (or else, saying that you provide
+    a warranty) and that users may redistribute the program under
+    these conditions, and telling the user how to view a copy of this
+    License.  (Exception: if the Program itself is interactive but
+    does not normally print such an announcement, your work based on
+    the Program is not required to print an announcement.)
+
+These requirements apply to the modified work as a whole.  If
+identifiable sections of that work are not derived from the Program,
+and can be reasonably considered independent and separate works in
+themselves, then this License, and its terms, do not apply to those
+sections when you distribute them as separate works.  But when you
+distribute the same sections as part of a whole which is a work based
+on the Program, the distribution of the whole must be on the terms of
+this License, whose permissions for other licensees extend to the
+entire whole, and thus to each and every part regardless of who wrote it.
+
+Thus, it is not the intent of this section to claim rights or contest
+your rights to work written entirely by you; rather, the intent is to
+exercise the right to control the distribution of derivative or
+collective works based on the Program.
+
+In addition, mere aggregation of another work not based on the Program
+with the Program (or with a work based on the Program) on a volume of
+a storage or distribution medium does not bring the other work under
+the scope of this License.
+
+  3. You may copy and distribute the Program (or a work based on it,
+under Section 2) in object code or executable form under the terms of
+Sections 1 and 2 above provided that you also do one of the following:
+
+    a) Accompany it with the complete corresponding machine-readable
+    source code, which must be distributed under the terms of Sections
+    1 and 2 above on a medium customarily used for software interchange; or,
+
+    b) Accompany it with a written offer, valid for at least three
+    years, to give any third party, for a charge no more than your
+    cost of physically performing source distribution, a complete
+    machine-readable copy of the corresponding source code, to be
+    distributed under the terms of Sections 1 and 2 above on a medium
+    customarily used for software interchange; or,
+
+    c) Accompany it with the information you received as to the offer
+    to distribute corresponding source code.  (This alternative is
+    allowed only for noncommercial distribution and only if you
+    received the program in object code or executable form with such
+    an offer, in accord with Subsection b above.)
+
+The source code for a work means the preferred form of the work for
+making modifications to it.  For an executable work, complete source
+code means all the source code for all modules it contains, plus any
+associated interface definition files, plus the scripts used to
+control compilation and installation of the executable.  However, as a
+special exception, the source code distributed need not include
+anything that is normally distributed (in either source or binary
+form) with the major components (compiler, kernel, and so on) of the
+operating system on which the executable runs, unless that component
+itself accompanies the executable.
+
+If distribution of executable or object code is made by offering
+access to copy from a designated place, then offering equivalent
+access to copy the source code from the same place counts as
+distribution of the source code, even though third parties are not
+compelled to copy the source along with the object code.
+
+  4. You may not copy, modify, sublicense, or distribute the Program
+except as expressly provided under this License.  Any attempt
+otherwise to copy, modify, sublicense or distribute the Program is
+void, and will automatically terminate your rights under this License.
+However, parties who have received copies, or rights, from you under
+this License will not have their licenses terminated so long as such
+parties remain in full compliance.
+
+  5. You are not required to accept this License, since you have not
+signed it.  However, nothing else grants you permission to modify or
+distribute the Program or its derivative works.  These actions are
+prohibited by law if you do not accept this License.  Therefore, by
+modifying or distributing the Program (or any work based on the
+Program), you indicate your acceptance of this License to do so, and
+all its terms and conditions for copying, distributing or modifying
+the Program or works based on it.
+
+  6. Each time you redistribute the Program (or any work based on the
+Program), the recipient automatically receives a license from the
+original licensor to copy, distribute or modify the Program subject to
+these terms and conditions.  You may not impose any further
+restrictions on the recipients' exercise of the rights granted herein.
+You are not responsible for enforcing compliance by third parties to
+this License.
+
+  7. If, as a consequence of a court judgment or allegation of patent
+infringement or for any other reason (not limited to patent issues),
+conditions are imposed on you (whether by court order, agreement or
+otherwise) that contradict the conditions of this License, they do not
+excuse you from the conditions of this License.  If you cannot
+distribute so as to satisfy simultaneously your obligations under this
+License and any other pertinent obligations, then as a consequence you
+may not distribute the Program at all.  For example, if a patent
+license would not permit royalty-free redistribution of the Program by
+all those who receive copies directly or indirectly through you, then
+the only way you could satisfy both it and this License would be to
+refrain entirely from distribution of the Program.
+
+If any portion of this section is held invalid or unenforceable under
+any particular circumstance, the balance of the section is intended to
+apply and the section as a whole is intended to apply in other
+circumstances.
+
+It is not the purpose of this section to induce you to infringe any
+patents or other property right claims or to contest validity of any
+such claims; this section has the sole purpose of protecting the
+integrity of the free software distribution system, which is
+implemented by public license practices.  Many people have made
+generous contributions to the wide range of software distributed
+through that system in reliance on consistent application of that
+system; it is up to the author/donor to decide if he or she is willing
+to distribute software through any other system and a licensee cannot
+impose that choice.
+
+This section is intended to make thoroughly clear what is believed to
+be a consequence of the rest of this License.
+
+  8. If the distribution and/or use of the Program is restricted in
+certain countries either by patents or by copyrighted interfaces, the
+original copyright holder who places the Program under this License
+may add an explicit geographical distribution limitation excluding
+those countries, so that distribution is permitted only in or among
+countries not thus excluded.  In such case, this License incorporates
+the limitation as if written in the body of this License.
+
+  9. The Free Software Foundation may publish revised and/or new versions
+of the General Public License from time to time.  Such new versions will
+be similar in spirit to the present version, but may differ in detail to
+address new problems or concerns.
+
+Each version is given a distinguishing version number.  If the Program
+specifies a version number of this License which applies to it and "any
+later version", you have the option of following the terms and conditions
+either of that version or of any later version published by the Free
+Software Foundation.  If the Program does not specify a version number of
+this License, you may choose any version ever published by the Free Software
+Foundation.
+
+  10. If you wish to incorporate parts of the Program into other free
+programs whose distribution conditions are different, write to the author
+to ask for permission.  For software which is copyrighted by the Free
+Software Foundation, write to the Free Software Foundation; we sometimes
+make exceptions for this.  Our decision will be guided by the two goals
+of preserving the free status of all derivatives of our free software and
+of promoting the sharing and reuse of software generally.
+
+			    NO WARRANTY
+
+  11. BECAUSE THE PROGRAM IS LICENSED FREE OF CHARGE, THERE IS NO WARRANTY
+FOR THE PROGRAM, TO THE EXTENT PERMITTED BY APPLICABLE LAW.  EXCEPT WHEN
+OTHERWISE STATED IN WRITING THE COPYRIGHT HOLDERS AND/OR OTHER PARTIES
+PROVIDE THE PROGRAM "AS IS" WITHOUT WARRANTY OF ANY KIND, EITHER EXPRESSED
+OR IMPLIED, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF
+MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE.  THE ENTIRE RISK AS
+TO THE QUALITY AND PERFORMANCE OF THE PROGRAM IS WITH YOU.  SHOULD THE
+PROGRAM PROVE DEFECTIVE, YOU ASSUME THE COST OF ALL NECESSARY SERVICING,
+REPAIR OR CORRECTION.
+
+  12. IN NO EVENT UNLESS REQUIRED BY APPLICABLE LAW OR AGREED TO IN WRITING
+WILL ANY COPYRIGHT HOLDER, OR ANY OTHER PARTY WHO MAY MODIFY AND/OR
+REDISTRIBUTE THE PROGRAM AS PERMITTED ABOVE, BE LIABLE TO YOU FOR DAMAGES,
+INCLUDING ANY GENERAL, SPECIAL, INCIDENTAL OR CONSEQUENTIAL DAMAGES ARISING
+OUT OF THE USE OR INABILITY TO USE THE PROGRAM (INCLUDING BUT NOT LIMITED
+TO LOSS OF DATA OR DATA BEING RENDERED INACCURATE OR LOSSES SUSTAINED BY
+YOU OR THIRD PARTIES OR A FAILURE OF THE PROGRAM TO OPERATE WITH ANY OTHER
+PROGRAMS), EVEN IF SUCH HOLDER OR OTHER PARTY HAS BEEN ADVISED OF THE
+POSSIBILITY OF SUCH DAMAGES.
+
+		     END OF TERMS AND CONDITIONS
+
+	    How to Apply These Terms to Your New Programs
+
+  If you develop a new program, and you want it to be of the greatest
+possible use to the public, the best way to achieve this is to make it
+free software which everyone can redistribute and change under these terms.
+
+  To do so, attach the following notices to the program.  It is safest
+to attach them to the start of each source file to most effectively
+convey the exclusion of warranty; and each file should have at least
+the "copyright" line and a pointer to where the full notice is found.
+
+    <one line to give the program's name and a brief idea of what it does.>
+    Copyright (C) <year>  <name of author>
+
+    This program is free software; you can redistribute it and/or modify
+    it under the terms of the GNU General Public License as published by
+    the Free Software Foundation; either version 2 of the License, or
+    (at your option) any later version.
+
+    This program is distributed in the hope that it will be useful,
+    but WITHOUT ANY WARRANTY; without even the implied warranty of
+    MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+    GNU General Public License for more details.
+
+    You should have received a copy of the GNU General Public License
+    along with this program; if not, write to the Free Software
+    Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA  02111-1307  USA
+
+
+Also add information on how to contact you by electronic and paper mail.
+
+If the program is interactive, make it output a short notice like this
+when it starts in an interactive mode:
+
+    Gnomovision version 69, Copyright (C) year  name of author
+    Gnomovision comes with ABSOLUTELY NO WARRANTY; for details type `show w'.
+    This is free software, and you are welcome to redistribute it
+    under certain conditions; type `show c' for details.
+
+The hypothetical commands `show w' and `show c' should show the appropriate
+parts of the General Public License.  Of course, the commands you use may
+be called something other than `show w' and `show c'; they could even be
+mouse-clicks or menu items--whatever suits your program.
+
+You should also get your employer (if you work as a programmer) or your
+school, if any, to sign a "copyright disclaimer" for the program, if
+necessary.  Here is a sample; alter the names:
+
+  Yoyodyne, Inc., hereby disclaims all copyright interest in the program
+  `Gnomovision' (which makes passes at compilers) written by James Hacker.
+
+  <signature of Ty Coon>, 1 April 1989
+  Ty Coon, President of Vice
+
+This General Public License does not permit incorporating your program into
+proprietary programs.  If your program is a subroutine library, you may
+consider it more useful to permit linking proprietary applications with the
+library.  If this is what you want to do, use the GNU Library General
+Public License instead of this License.
diff --git a/client/3rd/ShadowSocks/ShadowSocks/shadowsocks-libev/libcork/tests/ccram b/client/3rd/ShadowSocks/ShadowSocks/shadowsocks-libev/libcork/tests/ccram
new file mode 100755
index 00000000..58426007
--- /dev/null
+++ b/client/3rd/ShadowSocks/ShadowSocks/shadowsocks-libev/libcork/tests/ccram
@@ -0,0 +1,31 @@
+#!/bin/sh
+
+if [ "$1" = "--python" ]; then
+    shift
+    PYTHON="$1"
+    shift
+else
+    PYTHON=python
+fi
+
+if [ "$1" = "--root" ]; then
+    shift
+    ROOT="$1"
+    shift
+else
+    ROOT=$(dirname $PWD)
+fi
+
+if [ "$1" = "--tests" ]; then
+    shift
+    TESTS="$1"
+    shift
+else
+    TESTS=../tests
+fi
+
+export ROOT
+
+LD_LIBRARY_PATH="$PWD/src:$LD_LIBRARY_PATH" \
+PATH="$PWD/src:$PATH" \
+  "$PYTHON" "$ROOT/tests/cram.py" "$@" "$TESTS"
diff --git a/client/3rd/ShadowSocks/ShadowSocks/shadowsocks-libev/libcork/tests/cork-hash.t b/client/3rd/ShadowSocks/ShadowSocks/shadowsocks-libev/libcork/tests/cork-hash.t
new file mode 100644
index 00000000..e15c9aac
--- /dev/null
+++ b/client/3rd/ShadowSocks/ShadowSocks/shadowsocks-libev/libcork/tests/cork-hash.t
@@ -0,0 +1,10 @@
+Make sure that our stable hash is really stable.
+
+  $ cork-hash foo
+  0xf6a5c420
+  $ cork-hash bar
+  0x450e998d
+  $ cork-hash tests.h
+  0x0b0628ee
+  $ cork-hash "A longer string"
+  0x53a2c885
diff --git a/client/3rd/ShadowSocks/ShadowSocks/shadowsocks-libev/libcork/tests/cork-initializer.t b/client/3rd/ShadowSocks/ShadowSocks/shadowsocks-libev/libcork/tests/cork-initializer.t
new file mode 100644
index 00000000..bd410b9d
--- /dev/null
+++ b/client/3rd/ShadowSocks/ShadowSocks/shadowsocks-libev/libcork/tests/cork-initializer.t
@@ -0,0 +1,6 @@
+We need to sort the output, since there's no guarantee about which order our
+initializer functions will run in.
+
+  $ cork-initializer | sort
+  Initializer 1
+  Initializer 2
diff --git a/client/3rd/ShadowSocks/ShadowSocks/shadowsocks-libev/libcork/tests/cork-test/cleanup.t b/client/3rd/ShadowSocks/ShadowSocks/shadowsocks-libev/libcork/tests/cork-test/cleanup.t
new file mode 100644
index 00000000..5aa7225b
--- /dev/null
+++ b/client/3rd/ShadowSocks/ShadowSocks/shadowsocks-libev/libcork/tests/cork-test/cleanup.t
@@ -0,0 +1,7 @@
+  $ cork-test cleanup
+  Cleanup function 0
+  Cleanup function 1
+  Cleanup function 2
+  Cleanup function 3
+  Cleanup function 4
+  Cleanup function 5
diff --git a/client/3rd/ShadowSocks/ShadowSocks/shadowsocks-libev/libcork/tests/cork-test/directory-watcher.t b/client/3rd/ShadowSocks/ShadowSocks/shadowsocks-libev/libcork/tests/cork-test/directory-watcher.t
new file mode 100644
index 00000000..4b2240f3
--- /dev/null
+++ b/client/3rd/ShadowSocks/ShadowSocks/shadowsocks-libev/libcork/tests/cork-test/directory-watcher.t
@@ -0,0 +1,59 @@
+This first test makes sure to only create one file or subdirectory in each
+directory.  That means that we don't have to sort the output to get a
+reproducible result, which lets us check the ordering of the different events in
+the callback stucture.
+
+  $ mkdir test1
+  $ mkdir test1/a
+  $ mkdir test1/a/b
+  $ touch test1/a/b/c
+  $ cork-test dir test1
+  Entering a (a)
+    Entering b (a/b)
+      c (a/b/c) (test1/a/b/c)
+    Leaving a/b
+  Leaving a
+  $ cork-test dir --shallow test1
+  Skipping a
+
+  $ mkdir test2
+  $ touch test2/a
+  $ cork-test dir test2
+  a (a) (test2/a)
+  $ cork-test dir --shallow test2
+  a (a) (test2/a)
+
+A more complex directory structure.  We have to sort the output, since there's
+no guarantee in what order the directory walker will encounter the files.
+
+  $ mkdir test3
+  $ mkdir test3/d1
+  $ mkdir test3/d2
+  $ touch test3/d2/a
+  $ touch test3/d2/b
+  $ mkdir test3/d3
+  $ touch test3/d3/a
+  $ touch test3/d3/b
+  $ touch test3/d3/c
+  $ mkdir test3/d3/s1
+  $ mkdir test3/d3/s1/s2
+  $ touch test3/d3/s1/s2/a
+  $ cork-test dir --only-files test3 | sort
+  d2/a
+  d2/b
+  d3/a
+  d3/b
+  d3/c
+  d3/s1/s2/a
+
+Test what happens when the directory doesn't exit.
+
+  $ cork-test dir missing
+  No such file or directory
+  [1]
+  $ cork-test dir --only-files missing
+  No such file or directory
+  [1]
+  $ cork-test dir --shallow missing
+  No such file or directory
+  [1]
diff --git a/client/3rd/ShadowSocks/ShadowSocks/shadowsocks-libev/libcork/tests/cork-test/help1-c1-s1.t b/client/3rd/ShadowSocks/ShadowSocks/shadowsocks-libev/libcork/tests/cork-test/help1-c1-s1.t
new file mode 100644
index 00000000..215b75d3
--- /dev/null
+++ b/client/3rd/ShadowSocks/ShadowSocks/shadowsocks-libev/libcork/tests/cork-test/help1-c1-s1.t
@@ -0,0 +1,4 @@
+  $ cork-test c1 s1 --help
+  Usage: cork-test c1 s1 [<options>] <filename>
+  
+  This is a pretty cool command.
diff --git a/client/3rd/ShadowSocks/ShadowSocks/shadowsocks-libev/libcork/tests/cork-test/help1-c1-s2.t b/client/3rd/ShadowSocks/ShadowSocks/shadowsocks-libev/libcork/tests/cork-test/help1-c1-s2.t
new file mode 100644
index 00000000..981e60a7
--- /dev/null
+++ b/client/3rd/ShadowSocks/ShadowSocks/shadowsocks-libev/libcork/tests/cork-test/help1-c1-s2.t
@@ -0,0 +1,4 @@
+  $ cork-test c1 s2 --help
+  Usage: cork-test c1 s2 [<options>] <filename>
+  
+  This is an excellent command.
diff --git a/client/3rd/ShadowSocks/ShadowSocks/shadowsocks-libev/libcork/tests/cork-test/help1-c1.t b/client/3rd/ShadowSocks/ShadowSocks/shadowsocks-libev/libcork/tests/cork-test/help1-c1.t
new file mode 100644
index 00000000..e537d90d
--- /dev/null
+++ b/client/3rd/ShadowSocks/ShadowSocks/shadowsocks-libev/libcork/tests/cork-test/help1-c1.t
@@ -0,0 +1,6 @@
+  $ cork-test c1 --help
+  Usage: cork-test c1 <command> [<options>]
+  
+  Available commands:
+    s1  Subcommand 1
+    s2  Subcommand 2
diff --git a/client/3rd/ShadowSocks/ShadowSocks/shadowsocks-libev/libcork/tests/cork-test/help1-c2.t b/client/3rd/ShadowSocks/ShadowSocks/shadowsocks-libev/libcork/tests/cork-test/help1-c2.t
new file mode 100644
index 00000000..bce79e93
--- /dev/null
+++ b/client/3rd/ShadowSocks/ShadowSocks/shadowsocks-libev/libcork/tests/cork-test/help1-c2.t
@@ -0,0 +1,4 @@
+  $ cork-test c2 --help
+  Usage: cork-test c2 [<options>] <filename>
+  
+  This command is pretty decent.
diff --git a/client/3rd/ShadowSocks/ShadowSocks/shadowsocks-libev/libcork/tests/cork-test/help1-root.t b/client/3rd/ShadowSocks/ShadowSocks/shadowsocks-libev/libcork/tests/cork-test/help1-root.t
new file mode 100644
index 00000000..05ab5365
--- /dev/null
+++ b/client/3rd/ShadowSocks/ShadowSocks/shadowsocks-libev/libcork/tests/cork-test/help1-root.t
@@ -0,0 +1,14 @@
+  $ cork-test --help
+  Usage: cork-test <command> [<options>]
+  
+  Available commands:
+    c1       Command 1 (now with subcommands)
+    c2       Command 2
+    pwd      Print working directory
+    mkdir    Create a directory
+    rm       Remove a file or directory
+    find     Search for a file in a list of directories
+    paths    Print out standard paths for the current user
+    dir      Print the contents of a directory
+    sub      Run a subcommand
+    cleanup  Test process cleanup functions
diff --git a/client/3rd/ShadowSocks/ShadowSocks/shadowsocks-libev/libcork/tests/cork-test/help2-c1-s1.t b/client/3rd/ShadowSocks/ShadowSocks/shadowsocks-libev/libcork/tests/cork-test/help2-c1-s1.t
new file mode 100644
index 00000000..42a108d5
--- /dev/null
+++ b/client/3rd/ShadowSocks/ShadowSocks/shadowsocks-libev/libcork/tests/cork-test/help2-c1-s1.t
@@ -0,0 +1,4 @@
+  $ cork-test c1 s1 -h
+  Usage: cork-test c1 s1 [<options>] <filename>
+  
+  This is a pretty cool command.
diff --git a/client/3rd/ShadowSocks/ShadowSocks/shadowsocks-libev/libcork/tests/cork-test/help2-c1-s2.t b/client/3rd/ShadowSocks/ShadowSocks/shadowsocks-libev/libcork/tests/cork-test/help2-c1-s2.t
new file mode 100644
index 00000000..9be2ebb3
--- /dev/null
+++ b/client/3rd/ShadowSocks/ShadowSocks/shadowsocks-libev/libcork/tests/cork-test/help2-c1-s2.t
@@ -0,0 +1,4 @@
+  $ cork-test c1 s2 -h
+  Usage: cork-test c1 s2 [<options>] <filename>
+  
+  This is an excellent command.
diff --git a/client/3rd/ShadowSocks/ShadowSocks/shadowsocks-libev/libcork/tests/cork-test/help2-c1.t b/client/3rd/ShadowSocks/ShadowSocks/shadowsocks-libev/libcork/tests/cork-test/help2-c1.t
new file mode 100644
index 00000000..576ab9c9
--- /dev/null
+++ b/client/3rd/ShadowSocks/ShadowSocks/shadowsocks-libev/libcork/tests/cork-test/help2-c1.t
@@ -0,0 +1,6 @@
+  $ cork-test c1 -h
+  Usage: cork-test c1 <command> [<options>]
+  
+  Available commands:
+    s1  Subcommand 1
+    s2  Subcommand 2
diff --git a/client/3rd/ShadowSocks/ShadowSocks/shadowsocks-libev/libcork/tests/cork-test/help2-c2.t b/client/3rd/ShadowSocks/ShadowSocks/shadowsocks-libev/libcork/tests/cork-test/help2-c2.t
new file mode 100644
index 00000000..0677118c
--- /dev/null
+++ b/client/3rd/ShadowSocks/ShadowSocks/shadowsocks-libev/libcork/tests/cork-test/help2-c2.t
@@ -0,0 +1,4 @@
+  $ cork-test c2 -h
+  Usage: cork-test c2 [<options>] <filename>
+  
+  This command is pretty decent.
diff --git a/client/3rd/ShadowSocks/ShadowSocks/shadowsocks-libev/libcork/tests/cork-test/help2-root.t b/client/3rd/ShadowSocks/ShadowSocks/shadowsocks-libev/libcork/tests/cork-test/help2-root.t
new file mode 100644
index 00000000..bbd20a79
--- /dev/null
+++ b/client/3rd/ShadowSocks/ShadowSocks/shadowsocks-libev/libcork/tests/cork-test/help2-root.t
@@ -0,0 +1,14 @@
+  $ cork-test -h
+  Usage: cork-test <command> [<options>]
+  
+  Available commands:
+    c1       Command 1 (now with subcommands)
+    c2       Command 2
+    pwd      Print working directory
+    mkdir    Create a directory
+    rm       Remove a file or directory
+    find     Search for a file in a list of directories
+    paths    Print out standard paths for the current user
+    dir      Print the contents of a directory
+    sub      Run a subcommand
+    cleanup  Test process cleanup functions
diff --git a/client/3rd/ShadowSocks/ShadowSocks/shadowsocks-libev/libcork/tests/cork-test/help3-c1-s1.t b/client/3rd/ShadowSocks/ShadowSocks/shadowsocks-libev/libcork/tests/cork-test/help3-c1-s1.t
new file mode 100644
index 00000000..58eccae8
--- /dev/null
+++ b/client/3rd/ShadowSocks/ShadowSocks/shadowsocks-libev/libcork/tests/cork-test/help3-c1-s1.t
@@ -0,0 +1,4 @@
+  $ cork-test help c1 s1
+  Usage: cork-test c1 s1 [<options>] <filename>
+  
+  This is a pretty cool command.
diff --git a/client/3rd/ShadowSocks/ShadowSocks/shadowsocks-libev/libcork/tests/cork-test/help3-c1-s2.t b/client/3rd/ShadowSocks/ShadowSocks/shadowsocks-libev/libcork/tests/cork-test/help3-c1-s2.t
new file mode 100644
index 00000000..7a9302b1
--- /dev/null
+++ b/client/3rd/ShadowSocks/ShadowSocks/shadowsocks-libev/libcork/tests/cork-test/help3-c1-s2.t
@@ -0,0 +1,4 @@
+  $ cork-test help c1 s2
+  Usage: cork-test c1 s2 [<options>] <filename>
+  
+  This is an excellent command.
diff --git a/client/3rd/ShadowSocks/ShadowSocks/shadowsocks-libev/libcork/tests/cork-test/help3-c1.t b/client/3rd/ShadowSocks/ShadowSocks/shadowsocks-libev/libcork/tests/cork-test/help3-c1.t
new file mode 100644
index 00000000..2a4d8ef2
--- /dev/null
+++ b/client/3rd/ShadowSocks/ShadowSocks/shadowsocks-libev/libcork/tests/cork-test/help3-c1.t
@@ -0,0 +1,6 @@
+  $ cork-test help c1
+  Usage: cork-test c1 <command> [<options>]
+  
+  Available commands:
+    s1  Subcommand 1
+    s2  Subcommand 2
diff --git a/client/3rd/ShadowSocks/ShadowSocks/shadowsocks-libev/libcork/tests/cork-test/help3-c2.t b/client/3rd/ShadowSocks/ShadowSocks/shadowsocks-libev/libcork/tests/cork-test/help3-c2.t
new file mode 100644
index 00000000..0353a2f4
--- /dev/null
+++ b/client/3rd/ShadowSocks/ShadowSocks/shadowsocks-libev/libcork/tests/cork-test/help3-c2.t
@@ -0,0 +1,4 @@
+  $ cork-test help c2
+  Usage: cork-test c2 [<options>] <filename>
+  
+  This command is pretty decent.
diff --git a/client/3rd/ShadowSocks/ShadowSocks/shadowsocks-libev/libcork/tests/cork-test/help3-root.t b/client/3rd/ShadowSocks/ShadowSocks/shadowsocks-libev/libcork/tests/cork-test/help3-root.t
new file mode 100644
index 00000000..5b3c4c85
--- /dev/null
+++ b/client/3rd/ShadowSocks/ShadowSocks/shadowsocks-libev/libcork/tests/cork-test/help3-root.t
@@ -0,0 +1,14 @@
+  $ cork-test help
+  Usage: cork-test <command> [<options>]
+  
+  Available commands:
+    c1       Command 1 (now with subcommands)
+    c2       Command 2
+    pwd      Print working directory
+    mkdir    Create a directory
+    rm       Remove a file or directory
+    find     Search for a file in a list of directories
+    paths    Print out standard paths for the current user
+    dir      Print the contents of a directory
+    sub      Run a subcommand
+    cleanup  Test process cleanup functions
diff --git a/client/3rd/ShadowSocks/ShadowSocks/shadowsocks-libev/libcork/tests/cork-test/no-command-c1.t b/client/3rd/ShadowSocks/ShadowSocks/shadowsocks-libev/libcork/tests/cork-test/no-command-c1.t
new file mode 100644
index 00000000..72a35a7c
--- /dev/null
+++ b/client/3rd/ShadowSocks/ShadowSocks/shadowsocks-libev/libcork/tests/cork-test/no-command-c1.t
@@ -0,0 +1,8 @@
+  $ cork-test c1
+  No command given.
+  Usage: cork-test c1 <command> [<options>]
+  
+  Available commands:
+    s1  Subcommand 1
+    s2  Subcommand 2
+  [1]
diff --git a/client/3rd/ShadowSocks/ShadowSocks/shadowsocks-libev/libcork/tests/cork-test/no-command-root.t b/client/3rd/ShadowSocks/ShadowSocks/shadowsocks-libev/libcork/tests/cork-test/no-command-root.t
new file mode 100644
index 00000000..4f6248bb
--- /dev/null
+++ b/client/3rd/ShadowSocks/ShadowSocks/shadowsocks-libev/libcork/tests/cork-test/no-command-root.t
@@ -0,0 +1,16 @@
+  $ cork-test
+  No command given.
+  Usage: cork-test <command> [<options>]
+  
+  Available commands:
+    c1       Command 1 (now with subcommands)
+    c2       Command 2
+    pwd      Print working directory
+    mkdir    Create a directory
+    rm       Remove a file or directory
+    find     Search for a file in a list of directories
+    paths    Print out standard paths for the current user
+    dir      Print the contents of a directory
+    sub      Run a subcommand
+    cleanup  Test process cleanup functions
+  [1]
diff --git a/client/3rd/ShadowSocks/ShadowSocks/shadowsocks-libev/libcork/tests/cork-test/run-c1-s1-f-t.t b/client/3rd/ShadowSocks/ShadowSocks/shadowsocks-libev/libcork/tests/cork-test/run-c1-s1-f-t.t
new file mode 100644
index 00000000..8d169035
--- /dev/null
+++ b/client/3rd/ShadowSocks/ShadowSocks/shadowsocks-libev/libcork/tests/cork-test/run-c1-s1-f-t.t
@@ -0,0 +1,4 @@
+  $ cork-test c1 -f foo s1 -t
+  You chose command "c1 s1".  Good for you!
+  And you gave the --test option!  Look at that.
+  And you want the file to be foo.  Sure thing.
diff --git a/client/3rd/ShadowSocks/ShadowSocks/shadowsocks-libev/libcork/tests/cork-test/run-c1-s1-f.t b/client/3rd/ShadowSocks/ShadowSocks/shadowsocks-libev/libcork/tests/cork-test/run-c1-s1-f.t
new file mode 100644
index 00000000..a1f81761
--- /dev/null
+++ b/client/3rd/ShadowSocks/ShadowSocks/shadowsocks-libev/libcork/tests/cork-test/run-c1-s1-f.t
@@ -0,0 +1,3 @@
+  $ cork-test c1 -f foo s1
+  You chose command "c1 s1".  Good for you!
+  And you want the file to be foo.  Sure thing.
diff --git a/client/3rd/ShadowSocks/ShadowSocks/shadowsocks-libev/libcork/tests/cork-test/run-c1-s1-t.t b/client/3rd/ShadowSocks/ShadowSocks/shadowsocks-libev/libcork/tests/cork-test/run-c1-s1-t.t
new file mode 100644
index 00000000..3fc3fa47
--- /dev/null
+++ b/client/3rd/ShadowSocks/ShadowSocks/shadowsocks-libev/libcork/tests/cork-test/run-c1-s1-t.t
@@ -0,0 +1,3 @@
+  $ cork-test c1 s1 -t
+  You chose command "c1 s1".  Good for you!
+  And you gave the --test option!  Look at that.
diff --git a/client/3rd/ShadowSocks/ShadowSocks/shadowsocks-libev/libcork/tests/cork-test/run-c1-s1-test.t b/client/3rd/ShadowSocks/ShadowSocks/shadowsocks-libev/libcork/tests/cork-test/run-c1-s1-test.t
new file mode 100644
index 00000000..ce3e2eb6
--- /dev/null
+++ b/client/3rd/ShadowSocks/ShadowSocks/shadowsocks-libev/libcork/tests/cork-test/run-c1-s1-test.t
@@ -0,0 +1,3 @@
+  $ cork-test c1 s1 --test
+  You chose command "c1 s1".  Good for you!
+  And you gave the --test option!  Look at that.
diff --git a/client/3rd/ShadowSocks/ShadowSocks/shadowsocks-libev/libcork/tests/cork-test/run-c1-s1.t b/client/3rd/ShadowSocks/ShadowSocks/shadowsocks-libev/libcork/tests/cork-test/run-c1-s1.t
new file mode 100644
index 00000000..2900e604
--- /dev/null
+++ b/client/3rd/ShadowSocks/ShadowSocks/shadowsocks-libev/libcork/tests/cork-test/run-c1-s1.t
@@ -0,0 +1,2 @@
+  $ cork-test c1 s1
+  You chose command "c1 s1".  Good for you!
diff --git a/client/3rd/ShadowSocks/ShadowSocks/shadowsocks-libev/libcork/tests/cork-test/run-c1-s2-f.t b/client/3rd/ShadowSocks/ShadowSocks/shadowsocks-libev/libcork/tests/cork-test/run-c1-s2-f.t
new file mode 100644
index 00000000..03051f0d
--- /dev/null
+++ b/client/3rd/ShadowSocks/ShadowSocks/shadowsocks-libev/libcork/tests/cork-test/run-c1-s2-f.t
@@ -0,0 +1,6 @@
+  $ cd $TESTDIR
+  $ cork-test c1 -f ../test-input.txt s2
+  You chose command "c1 s2".  Fantastico!
+  And you want the file to be ../test-input.txt.  Sure thing.
+  Hello, world
+  What is up
diff --git a/client/3rd/ShadowSocks/ShadowSocks/shadowsocks-libev/libcork/tests/cork-test/run-c1-s2-file.t b/client/3rd/ShadowSocks/ShadowSocks/shadowsocks-libev/libcork/tests/cork-test/run-c1-s2-file.t
new file mode 100644
index 00000000..7098b5d0
--- /dev/null
+++ b/client/3rd/ShadowSocks/ShadowSocks/shadowsocks-libev/libcork/tests/cork-test/run-c1-s2-file.t
@@ -0,0 +1,6 @@
+  $ cd $TESTDIR
+  $ cork-test c1 --file ../test-input.txt s2
+  You chose command "c1 s2".  Fantastico!
+  And you want the file to be ../test-input.txt.  Sure thing.
+  Hello, world
+  What is up
diff --git a/client/3rd/ShadowSocks/ShadowSocks/shadowsocks-libev/libcork/tests/cork-test/run-c1-s2.t b/client/3rd/ShadowSocks/ShadowSocks/shadowsocks-libev/libcork/tests/cork-test/run-c1-s2.t
new file mode 100644
index 00000000..91472e77
--- /dev/null
+++ b/client/3rd/ShadowSocks/ShadowSocks/shadowsocks-libev/libcork/tests/cork-test/run-c1-s2.t
@@ -0,0 +1,2 @@
+  $ cork-test c1 s2
+  You chose command "c1 s2".  Fantastico!
diff --git a/client/3rd/ShadowSocks/ShadowSocks/shadowsocks-libev/libcork/tests/cork-test/run-c2.t b/client/3rd/ShadowSocks/ShadowSocks/shadowsocks-libev/libcork/tests/cork-test/run-c2.t
new file mode 100644
index 00000000..a1946891
--- /dev/null
+++ b/client/3rd/ShadowSocks/ShadowSocks/shadowsocks-libev/libcork/tests/cork-test/run-c2.t
@@ -0,0 +1,2 @@
+  $ cork-test c2
+  You chose command "c2".  That's pretty good.
diff --git a/client/3rd/ShadowSocks/ShadowSocks/shadowsocks-libev/libcork/tests/cork-test/run-find-01.t b/client/3rd/ShadowSocks/ShadowSocks/shadowsocks-libev/libcork/tests/cork-test/run-find-01.t
new file mode 100644
index 00000000..c0e302b3
--- /dev/null
+++ b/client/3rd/ShadowSocks/ShadowSocks/shadowsocks-libev/libcork/tests/cork-test/run-find-01.t
@@ -0,0 +1,23 @@
+  $ cork-test mkdir --recursive a/b/c/b
+
+  $ cork-test find b a
+  a/b
+  $ cork-test find b a/b/c
+  a/b/c/b
+  $ cork-test find b a:a/b/c
+  a/b
+  $ cork-test find b a/b/c:a
+  a/b/c/b
+
+  $ cork-test find b/c a
+  a/b/c
+  $ cork-test find b/c a/b/c
+  b/c not found in a/b/c
+  [1]
+
+  $ cork-test find d a
+  d not found in a
+  [1]
+  $ cork-test find d a:a/b:a/b/c
+  d not found in a:a/b:a/b/c
+  [1]
diff --git a/client/3rd/ShadowSocks/ShadowSocks/shadowsocks-libev/libcork/tests/cork-test/run-find-all-01.t b/client/3rd/ShadowSocks/ShadowSocks/shadowsocks-libev/libcork/tests/cork-test/run-find-all-01.t
new file mode 100644
index 00000000..c79f4197
--- /dev/null
+++ b/client/3rd/ShadowSocks/ShadowSocks/shadowsocks-libev/libcork/tests/cork-test/run-find-all-01.t
@@ -0,0 +1,19 @@
+  $ cork-test mkdir --recursive a/b/c/b
+
+  $ cork-test find --all b a
+  a/b
+  $ cork-test find --all b a/b/c
+  a/b/c/b
+  $ cork-test find --all b a:a/b/c
+  a/b
+  a/b/c/b
+  $ cork-test find --all b a/b/c:a
+  a/b/c/b
+  a/b
+
+  $ cork-test find --all b/c a
+  a/b/c
+  $ cork-test find --all b/c a/b/c
+
+  $ cork-test find --all d a
+  $ cork-test find --all d a:a/b:a/b/c
diff --git a/client/3rd/ShadowSocks/ShadowSocks/shadowsocks-libev/libcork/tests/cork-test/run-mkdir-01.t b/client/3rd/ShadowSocks/ShadowSocks/shadowsocks-libev/libcork/tests/cork-test/run-mkdir-01.t
new file mode 100644
index 00000000..d089aae9
--- /dev/null
+++ b/client/3rd/ShadowSocks/ShadowSocks/shadowsocks-libev/libcork/tests/cork-test/run-mkdir-01.t
@@ -0,0 +1,40 @@
+  $ cork-test mkdir a
+  $ find a | sort
+  a
+
+  $ cork-test mkdir a
+  $ find a | sort
+  a
+
+  $ cork-test mkdir --require a
+  File exists
+  [1]
+  $ find a | sort
+  a
+
+  $ cork-test mkdir --recursive a/b/c
+  $ find a | sort
+  a
+  a/b
+  a/b/c
+
+  $ cork-test mkdir --recursive a/b
+  $ find a | sort
+  a
+  a/b
+  a/b/c
+
+  $ cork-test mkdir --recursive --require a/b
+  File exists
+  [1]
+  $ find a | sort
+  a
+  a/b
+  a/b/c
+
+  $ cork-test mkdir --recursive --require a/b/d
+  $ find a | sort
+  a
+  a/b
+  a/b/c
+  a/b/d
diff --git a/client/3rd/ShadowSocks/ShadowSocks/shadowsocks-libev/libcork/tests/cork-test/run-paths-01.t b/client/3rd/ShadowSocks/ShadowSocks/shadowsocks-libev/libcork/tests/cork-test/run-paths-01.t
new file mode 100644
index 00000000..a2b3da0d
--- /dev/null
+++ b/client/3rd/ShadowSocks/ShadowSocks/shadowsocks-libev/libcork/tests/cork-test/run-paths-01.t
@@ -0,0 +1,47 @@
+  $ HOME= \
+  >     cork-test paths
+  Cannot determine home directory
+  [1]
+
+  $ HOME=/home/test \
+  > XDG_CONFIG_HOME= \
+  > XDG_DATA_HOME= \
+  > XDG_CONFIG_DIRS= \
+  > XDG_DATA_DIRS= \
+  > XDG_CACHE_HOME= \
+  > XDG_RUNTIME_DIR= \
+  >     cork-test paths
+  Cannot determine user-specific runtime directory
+  Home:    /home/test
+  Config:  /home/test/.config:/etc/xdg
+  Data:    /home/test/.local/share:/usr/local/share:/usr/share
+  Cache:   /home/test/.cache
+  [1]
+
+  $ HOME=/home/test \
+  > XDG_CONFIG_HOME= \
+  > XDG_DATA_HOME= \
+  > XDG_CONFIG_DIRS= \
+  > XDG_DATA_DIRS= \
+  > XDG_CACHE_HOME= \
+  > XDG_RUNTIME_DIR=/run/user/test \
+  >     cork-test paths
+  Home:    /home/test
+  Config:  /home/test/.config:/etc/xdg
+  Data:    /home/test/.local/share:/usr/local/share:/usr/share
+  Cache:   /home/test/.cache
+  Runtime: /run/user/test
+
+  $ HOME=/home/test \
+  > XDG_CONFIG_HOME=/home/test/custom-config \
+  > XDG_DATA_HOME=/home/test/share \
+  > XDG_CONFIG_DIRS=/etc \
+  > XDG_DATA_DIRS=/usr/share \
+  > XDG_CACHE_HOME=/tmp/cache/test \
+  > XDG_RUNTIME_DIR=/run/user/test \
+  >     cork-test paths
+  Home:    /home/test
+  Config:  /home/test/custom-config:/etc
+  Data:    /home/test/share:/usr/share
+  Cache:   /tmp/cache/test
+  Runtime: /run/user/test
diff --git a/client/3rd/ShadowSocks/ShadowSocks/shadowsocks-libev/libcork/tests/cork-test/run-pwd-01.t b/client/3rd/ShadowSocks/ShadowSocks/shadowsocks-libev/libcork/tests/cork-test/run-pwd-01.t
new file mode 100644
index 00000000..ce260063
--- /dev/null
+++ b/client/3rd/ShadowSocks/ShadowSocks/shadowsocks-libev/libcork/tests/cork-test/run-pwd-01.t
@@ -0,0 +1,3 @@
+  $ a=$(cork-test pwd)
+  $ b=$(pwd)
+  $ [ "$a" = "$b" ]
diff --git a/client/3rd/ShadowSocks/ShadowSocks/shadowsocks-libev/libcork/tests/cork-test/run-rm-01.t b/client/3rd/ShadowSocks/ShadowSocks/shadowsocks-libev/libcork/tests/cork-test/run-rm-01.t
new file mode 100644
index 00000000..20cfd76d
--- /dev/null
+++ b/client/3rd/ShadowSocks/ShadowSocks/shadowsocks-libev/libcork/tests/cork-test/run-rm-01.t
@@ -0,0 +1,29 @@
+  $ cork-test mkdir --recursive --require a/b/c
+  $ cork-test mkdir --recursive --require a/b/d
+  $ find a 2>/dev/null | sort
+  a
+  a/b
+  a/b/c
+  a/b/d
+
+  $ cork-test rm --require a/b/d
+  $ find a 2>/dev/null | sort
+  a
+  a/b
+  a/b/c
+
+  $ cork-test rm --require a/b/d
+  No such file or directory
+  [1]
+  $ find a 2>/dev/null | sort
+  a
+  a/b
+  a/b/c
+
+  $ cork-test rm --require --recursive a/b/c
+  $ find a 2>/dev/null | sort
+  a
+  a/b
+
+  $ cork-test rm --recursive a
+  $ find a 2>/dev/null | sort
diff --git a/client/3rd/ShadowSocks/ShadowSocks/shadowsocks-libev/libcork/tests/cork-test/run-sub-01.t b/client/3rd/ShadowSocks/ShadowSocks/shadowsocks-libev/libcork/tests/cork-test/run-sub-01.t
new file mode 100644
index 00000000..983477e1
--- /dev/null
+++ b/client/3rd/ShadowSocks/ShadowSocks/shadowsocks-libev/libcork/tests/cork-test/run-sub-01.t
@@ -0,0 +1,3 @@
+  $ cork-test sub echo Hello world
+  echo Hello world
+  Hello world
diff --git a/client/3rd/ShadowSocks/ShadowSocks/shadowsocks-libev/libcork/tests/cork-test/run-sub-02.t b/client/3rd/ShadowSocks/ShadowSocks/shadowsocks-libev/libcork/tests/cork-test/run-sub-02.t
new file mode 100644
index 00000000..0b8097e0
--- /dev/null
+++ b/client/3rd/ShadowSocks/ShadowSocks/shadowsocks-libev/libcork/tests/cork-test/run-sub-02.t
@@ -0,0 +1,2 @@
+  $ cork-test sub false
+  false
diff --git a/client/3rd/ShadowSocks/ShadowSocks/shadowsocks-libev/libcork/tests/cork-test/run-sub-03.t b/client/3rd/ShadowSocks/ShadowSocks/shadowsocks-libev/libcork/tests/cork-test/run-sub-03.t
new file mode 100644
index 00000000..8e66b382
--- /dev/null
+++ b/client/3rd/ShadowSocks/ShadowSocks/shadowsocks-libev/libcork/tests/cork-test/run-sub-03.t
@@ -0,0 +1,3 @@
+  $ CORK_TEST_VAR="Hello world" cork-test sub sh -c 'echo $CORK_TEST_VAR'
+  sh -c echo $CORK_TEST_VAR
+  Hello world
diff --git a/client/3rd/ShadowSocks/ShadowSocks/shadowsocks-libev/libcork/tests/cork-test/run-sub-04.t b/client/3rd/ShadowSocks/ShadowSocks/shadowsocks-libev/libcork/tests/cork-test/run-sub-04.t
new file mode 100644
index 00000000..278998a4
--- /dev/null
+++ b/client/3rd/ShadowSocks/ShadowSocks/shadowsocks-libev/libcork/tests/cork-test/run-sub-04.t
@@ -0,0 +1,3 @@
+  $ cork-test sub bad-command
+  bad-command
+  No such file or directory
diff --git a/client/3rd/ShadowSocks/ShadowSocks/shadowsocks-libev/libcork/tests/cork-test/run-sub-05.t b/client/3rd/ShadowSocks/ShadowSocks/shadowsocks-libev/libcork/tests/cork-test/run-sub-05.t
new file mode 100644
index 00000000..f0137b15
--- /dev/null
+++ b/client/3rd/ShadowSocks/ShadowSocks/shadowsocks-libev/libcork/tests/cork-test/run-sub-05.t
@@ -0,0 +1,3 @@
+  $ cork-test sub -d / pwd
+  pwd
+  /
diff --git a/client/3rd/ShadowSocks/ShadowSocks/shadowsocks-libev/libcork/tests/cork-test/run-sub-06.t b/client/3rd/ShadowSocks/ShadowSocks/shadowsocks-libev/libcork/tests/cork-test/run-sub-06.t
new file mode 100644
index 00000000..01b198a3
--- /dev/null
+++ b/client/3rd/ShadowSocks/ShadowSocks/shadowsocks-libev/libcork/tests/cork-test/run-sub-06.t
@@ -0,0 +1,3 @@
+  $ cork-test sub -i foo cat
+  cat
+  foo
diff --git a/client/3rd/ShadowSocks/ShadowSocks/shadowsocks-libev/libcork/tests/cram.py b/client/3rd/ShadowSocks/ShadowSocks/shadowsocks-libev/libcork/tests/cram.py
new file mode 100755
index 00000000..20c4681b
--- /dev/null
+++ b/client/3rd/ShadowSocks/ShadowSocks/shadowsocks-libev/libcork/tests/cram.py
@@ -0,0 +1,516 @@
+#!/usr/bin/env python
+"""Functional testing framework for command line applications"""
+
+import difflib
+import itertools
+import optparse
+import os
+import re
+import signal
+import subprocess
+import sys
+import shutil
+import time
+import tempfile
+
+try:
+    import configparser
+except ImportError:
+    import ConfigParser as configparser
+
+__all__ = ['main', 'test']
+
+def findtests(paths):
+    """Yield tests in paths in sorted order"""
+    for p in paths:
+        if os.path.isdir(p):
+            for root, dirs, files in os.walk(p):
+                if os.path.basename(root).startswith('.'):
+                    continue
+                for f in sorted(files):
+                    if not f.startswith('.') and f.endswith('.t'):
+                        yield os.path.normpath(os.path.join(root, f))
+        else:
+            yield os.path.normpath(p)
+
+def regex(pattern, s):
+    """Match a regular expression or return False if invalid.
+
+    >>> [bool(regex(r, 'foobar')) for r in ('foo.*', '***')]
+    [True, False]
+    """
+    try:
+        return re.match(pattern + r'\Z', s)
+    except re.error:
+        return False
+
+def glob(el, l):
+    r"""Match a glob-like pattern.
+
+    The only supported special characters are * and ?. Escaping is
+    supported.
+
+    >>> bool(glob(r'\* \\ \? fo?b*', '* \\ ? foobar'))
+    True
+    """
+    i, n = 0, len(el)
+    res = ''
+    while i < n:
+        c = el[i]
+        i += 1
+        if c == '\\' and el[i] in '*?\\':
+            res += el[i - 1:i + 1]
+            i += 1
+        elif c == '*':
+            res += '.*'
+        elif c == '?':
+            res += '.'
+        else:
+            res += re.escape(c)
+    return regex(res, l)
+
+annotations = {'glob': glob, 're': regex}
+
+def match(el, l):
+    """Match patterns based on annotations"""
+    for k in annotations:
+        ann = ' (%s)\n' % k
+        if el.endswith(ann) and annotations[k](el[:-len(ann)], l[:-1]):
+            return True
+    return False
+
+class SequenceMatcher(difflib.SequenceMatcher, object):
+    """Like difflib.SequenceMatcher, but matches globs and regexes"""
+
+    def find_longest_match(self, alo, ahi, blo, bhi):
+        """Find longest matching block in a[alo:ahi] and b[blo:bhi]"""
+        # SequenceMatcher uses find_longest_match() to slowly whittle down
+        # the differences between a and b until it has each matching block.
+        # Because of this, we can end up doing the same matches many times.
+        matches = []
+        for n, (el, line) in enumerate(zip(self.a[alo:ahi], self.b[blo:bhi])):
+            if el != line and match(el, line):
+                # This fools the superclass's method into thinking that the
+                # regex/glob in a is identical to b by replacing a's line (the
+                # expected output) with b's line (the actual output).
+                self.a[alo + n] = line
+                matches.append((n, el))
+        ret = super(SequenceMatcher, self).find_longest_match(alo, ahi,
+                                                              blo, bhi)
+        # Restore the lines replaced above. Otherwise, the diff output
+        # would seem to imply that the tests never had any regexes/globs.
+        for n, el in matches:
+            self.a[alo + n] = el
+        return ret
+
+def unified_diff(a, b, fromfile='', tofile='', fromfiledate='',
+                 tofiledate='', n=3, lineterm='\n', matcher=SequenceMatcher):
+    """Compare two sequences of lines; generate the delta as a unified diff.
+
+    This is like difflib.unified_diff(), but allows custom matchers.
+    """
+    started = False
+    for group in matcher(None, a, b).get_grouped_opcodes(n):
+        if not started:
+            fromdate = fromfiledate and '\t%s' % fromfiledate or ''
+            todate = fromfiledate and '\t%s' % tofiledate or ''
+            yield '--- %s%s%s' % (fromfile, fromdate, lineterm)
+            yield '+++ %s%s%s' % (tofile, todate, lineterm)
+            started = True
+        i1, i2, j1, j2 = group[0][1], group[-1][2], group[0][3], group[-1][4]
+        yield "@@ -%d,%d +%d,%d @@%s" % (i1 + 1, i2 - i1, j1 + 1, j2 - j1,
+                                         lineterm)
+        for tag, i1, i2, j1, j2 in group:
+            if tag == 'equal':
+                for line in a[i1:i2]:
+                    yield ' ' + line
+                continue
+            if tag == 'replace' or tag == 'delete':
+                for line in a[i1:i2]:
+                    yield '-' + line
+            if tag == 'replace' or tag == 'insert':
+                for line in b[j1:j2]:
+                    yield '+' + line
+
+needescape = re.compile(r'[\x00-\x09\x0b-\x1f\x7f-\xff]').search
+escapesub = re.compile(r'[\x00-\x09\x0b-\x1f\\\x7f-\xff]').sub
+escapemap = dict((chr(i), r'\x%02x' % i) for i in range(256))
+escapemap.update({'\\': '\\\\', '\r': r'\r', '\t': r'\t'})
+
+def escape(s):
+    """Like the string-escape codec, but doesn't escape quotes"""
+    return escapesub(lambda m: escapemap[m.group(0)], s[:-1]) + ' (esc)\n'
+
+def makeresetsigpipe():
+    """Make a function to reset SIGPIPE to SIG_DFL (for use in subprocesses).
+
+    Doing subprocess.Popen(..., preexec_fn=makeresetsigpipe()) will prevent
+    Python's SIGPIPE handler (SIG_IGN) from being inherited by the
+    child process.
+    """
+    if sys.platform == 'win32' or getattr(signal, 'SIGPIPE', None) is None:
+        return None
+    return lambda: signal.signal(signal.SIGPIPE, signal.SIG_DFL)
+
+def test(path, shell, indent=2):
+    """Run test at path and return input, output, and diff.
+
+    This returns a 3-tuple containing the following:
+
+        (list of lines in test, same list with actual output, diff)
+
+    diff is a generator that yields the diff between the two lists.
+
+    If a test exits with return code 80, the actual output is set to
+    None and diff is set to [].
+    """
+    indent = ' ' * indent
+    cmdline = '%s$ ' % indent
+    conline = '%s> ' % indent
+
+    f = open(path)
+    abspath = os.path.abspath(path)
+    env = os.environ.copy()
+    env['TESTDIR'] = os.path.dirname(abspath)
+    env['TESTFILE'] = os.path.basename(abspath)
+    p = subprocess.Popen([shell, '-'], bufsize=-1, stdin=subprocess.PIPE,
+                         stdout=subprocess.PIPE, stderr=subprocess.STDOUT,
+                         universal_newlines=True, env=env,
+                         preexec_fn=makeresetsigpipe(),
+                         close_fds=os.name == 'posix')
+    salt = 'CRAM%s' % time.time()
+
+    after = {}
+    refout, postout = [], []
+    i = pos = prepos = -1
+    stdin = []
+    for i, line in enumerate(f):
+        refout.append(line)
+        if line.startswith(cmdline):
+            after.setdefault(pos, []).append(line)
+            prepos = pos
+            pos = i
+            stdin.append('echo "\n%s %s $?"\n' % (salt, i))
+            stdin.append(line[len(cmdline):])
+        elif line.startswith(conline):
+            after.setdefault(prepos, []).append(line)
+            stdin.append(line[len(conline):])
+        elif not line.startswith(indent):
+            after.setdefault(pos, []).append(line)
+    stdin.append('echo "\n%s %s $?"\n' % (salt, i + 1))
+
+    output = p.communicate(input=''.join(stdin))[0]
+    if p.returncode == 80:
+        return (refout, None, [])
+
+    # Add a trailing newline to the input script if it's missing.
+    if refout and not refout[-1].endswith('\n'):
+        refout[-1] += '\n'
+
+    # We use str.split instead of splitlines to get consistent
+    # behavior between Python 2 and 3. In 3, we use unicode strings,
+    # which has more line breaks than \n and \r.
+    pos = -1
+    ret = 0
+    for i, line in enumerate(output[:-1].split('\n')):
+        line += '\n'
+        if line.startswith(salt):
+            presalt = postout.pop()
+            if presalt != '%s\n' % indent:
+                postout.append(presalt[:-1] + ' (no-eol)\n')
+            ret = int(line.split()[2])
+            if ret != 0:
+                postout.append('%s[%s]\n' % (indent, ret))
+            postout += after.pop(pos, [])
+            pos = int(line.split()[1])
+        else:
+            if needescape(line):
+                line = escape(line)
+            postout.append(indent + line)
+    postout += after.pop(pos, [])
+
+    diffpath = os.path.basename(abspath)
+    diff = unified_diff(refout, postout, diffpath, diffpath + '.err')
+    for firstline in diff:
+        return refout, postout, itertools.chain([firstline], diff)
+    return refout, postout, []
+
+def prompt(question, answers, auto=None):
+    """Write a prompt to stdout and ask for answer in stdin.
+
+    answers should be a string, with each character a single
+    answer. An uppercase letter is considered the default answer.
+
+    If an invalid answer is given, this asks again until it gets a
+    valid one.
+
+    If auto is set, the question is answered automatically with the
+    specified value.
+    """
+    default = [c for c in answers if c.isupper()]
+    while True:
+        sys.stdout.write('%s [%s] ' % (question, answers))
+        sys.stdout.flush()
+        if auto is not None:
+            sys.stdout.write(auto + '\n')
+            sys.stdout.flush()
+            return auto
+
+        answer = sys.stdin.readline().strip().lower()
+        if not answer and default:
+            return default[0]
+        elif answer and answer in answers.lower():
+            return answer
+
+def log(msg=None, verbosemsg=None, verbose=False):
+    """Write msg to standard out and flush.
+
+    If verbose is True, write verbosemsg instead.
+    """
+    if verbose:
+        msg = verbosemsg
+    if msg:
+        sys.stdout.write(msg)
+        sys.stdout.flush()
+
+def patch(cmd, diff, path):
+    """Run echo [lines from diff] | cmd -p0"""
+    p = subprocess.Popen([cmd, '-p0'], bufsize=-1, stdin=subprocess.PIPE,
+                         universal_newlines=True,
+                         preexec_fn=makeresetsigpipe(),
+                         cwd=path,
+                         close_fds=os.name == 'posix')
+    p.communicate(''.join(diff))
+    return p.returncode == 0
+
+def run(paths, tmpdir, shell, quiet=False, verbose=False, patchcmd=None,
+        answer=None, indent=2):
+    """Run tests in paths in tmpdir.
+
+    If quiet is True, diffs aren't printed. If verbose is True,
+    filenames and status information are printed.
+
+    If patchcmd is set, a prompt is written to stdout asking if
+    changed output should be merged back into the original test. The
+    answer is read from stdin. If 'y', the test is patched using patch
+    based on the changed output.
+    """
+    cwd = os.getcwd()
+    seen = set()
+    basenames = set()
+    skipped = failed = 0
+    for i, path in enumerate(findtests(paths)):
+        abspath = os.path.abspath(path)
+        if abspath in seen:
+            continue
+        seen.add(abspath)
+
+        log(None, '%s: ' % path, verbose)
+        if not os.stat(abspath).st_size:
+            skipped += 1
+            log('s', 'empty\n', verbose)
+        else:
+            basename = os.path.basename(path)
+            if basename in basenames:
+                basename = '%s-%s' % (basename, i)
+            else:
+                basenames.add(basename)
+            testdir = os.path.join(tmpdir, basename)
+            os.mkdir(testdir)
+            try:
+                os.chdir(testdir)
+                refout, postout, diff = test(abspath, shell, indent)
+            finally:
+                os.chdir(cwd)
+
+            errpath = abspath + '.err'
+            if postout is None:
+                skipped += 1
+                log('s', 'skipped\n', verbose)
+            elif not diff:
+                log('.', 'passed\n', verbose)
+                if os.path.exists(errpath):
+                    os.remove(errpath)
+            else:
+                failed += 1
+                log('!', 'failed\n', verbose)
+                if not quiet:
+                    log('\n', None, verbose)
+                errfile = open(errpath, 'w')
+                try:
+                    for line in postout:
+                        errfile.write(line)
+                finally:
+                    errfile.close()
+                if not quiet:
+                    if patchcmd:
+                        diff = list(diff)
+                    for line in diff:
+                        log(line)
+                    if (patchcmd and
+                        prompt('Accept this change?', 'yN', answer) == 'y'):
+                        if patch(patchcmd, diff, os.path.dirname(abspath)):
+                            log(None, '%s: merged output\n' % path, verbose)
+                            os.remove(errpath)
+                        else:
+                            log('%s: merge failed\n' % path)
+    log('\n', None, verbose)
+    log('# Ran %s tests, %s skipped, %s failed.\n'
+        % (len(seen), skipped, failed))
+    return bool(failed)
+
+def which(cmd):
+    """Return the patch to cmd or None if not found"""
+    for p in os.environ['PATH'].split(os.pathsep):
+        path = os.path.join(p, cmd)
+        if os.path.isfile(path) and os.access(path, os.X_OK):
+            return os.path.abspath(path)
+    return None
+
+def expandpath(path):
+    """Expands ~ and environment variables in path"""
+    return os.path.expanduser(os.path.expandvars(path))
+
+class OptionParser(optparse.OptionParser):
+    """Like optparse.OptionParser, but supports setting values through
+    CRAM= and .cramrc."""
+
+    def __init__(self, *args, **kwargs):
+        self._config_opts = {}
+        optparse.OptionParser.__init__(self, *args, **kwargs)
+
+    def add_option(self, *args, **kwargs):
+        option = optparse.OptionParser.add_option(self, *args, **kwargs)
+        if option.dest and option.dest != 'version':
+            key = option.dest.replace('_', '-')
+            self._config_opts[key] = option.action == 'store_true'
+        return option
+
+    def parse_args(self, args=None, values=None):
+        config = configparser.RawConfigParser()
+        config.read(expandpath(os.environ.get('CRAMRC', '.cramrc')))
+        defaults = {}
+        for key, isbool in self._config_opts.items():
+            try:
+                if isbool:
+                    try:
+                        value = config.getboolean('cram', key)
+                    except ValueError:
+                        value = config.get('cram', key)
+                        self.error('--%s: invalid boolean value: %r'
+                                   % (key, value))
+                else:
+                    value = config.get('cram', key)
+            except (configparser.NoSectionError, configparser.NoOptionError):
+                pass
+            else:
+                defaults[key] = value
+        self.set_defaults(**defaults)
+
+        eargs = os.environ.get('CRAM', '').strip()
+        if eargs:
+            import shlex
+            args = args or []
+            args += shlex.split(eargs)
+
+        try:
+            return optparse.OptionParser.parse_args(self, args, values)
+        except optparse.OptionValueError:
+            self.error(str(sys.exc_info()[1]))
+
+def main(args):
+    """Main entry point.
+
+    args should not contain the script name.
+    """
+    p = OptionParser(usage='cram [OPTIONS] TESTS...', prog='cram')
+    p.add_option('-V', '--version', action='store_true',
+                 help='show version information and exit')
+    p.add_option('-q', '--quiet', action='store_true',
+                 help="don't print diffs")
+    p.add_option('-v', '--verbose', action='store_true',
+                 help='show filenames and test status')
+    p.add_option('-i', '--interactive', action='store_true',
+                 help='interactively merge changed test output')
+    p.add_option('-y', '--yes', action='store_true',
+                 help='answer yes to all questions')
+    p.add_option('-n', '--no', action='store_true',
+                 help='answer no to all questions')
+    p.add_option('-E', '--preserve-env', action='store_true',
+                 help="don't reset common environment variables")
+    p.add_option('--keep-tmpdir', action='store_true',
+                 help='keep temporary directories')
+    p.add_option('--shell', action='store', default='/bin/sh', metavar='PATH',
+                 help='shell to use for running tests')
+    p.add_option('--indent', action='store', default=2, metavar='NUM',
+                 type='int', help='number of spaces to use for indentation')
+    opts, paths = p.parse_args(args)
+
+    if opts.version:
+        sys.stdout.write("""Cram CLI testing framework (version 0.6)
+
+Copyright (C) 2010-2011 Brodie Rao <brodie@bitheap.org> and others
+This is free software; see the source for copying conditions. There is NO
+warranty; not even for MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.
+""")
+        return
+
+    conflicts = [('-y', opts.yes, '-n', opts.no),
+                 ('-q', opts.quiet, '-i', opts.interactive)]
+    for s1, o1, s2, o2 in conflicts:
+        if o1 and o2:
+            sys.stderr.write('options %s and %s are mutually exclusive\n'
+                             % (s1, s2))
+            return 2
+
+    patchcmd = None
+    if opts.interactive:
+        patchcmd = which('patch')
+        if not patchcmd:
+            sys.stderr.write('patch(1) required for -i\n')
+            return 2
+
+    if not paths:
+        sys.stdout.write(p.get_usage())
+        return 2
+
+    badpaths = [path for path in paths if not os.path.exists(path)]
+    if badpaths:
+        sys.stderr.write('no such file: %s\n' % badpaths[0])
+        return 2
+
+    tmpdir = os.environ['CRAMTMP'] = tempfile.mkdtemp('', 'cramtests-')
+    proctmp = os.path.join(tmpdir, 'tmp')
+    os.mkdir(proctmp)
+    for s in ('TMPDIR', 'TEMP', 'TMP'):
+        os.environ[s] = proctmp
+
+    if not opts.preserve_env:
+        for s in ('LANG', 'LC_ALL', 'LANGUAGE'):
+            os.environ[s] = 'C'
+        os.environ['TZ'] = 'GMT'
+        os.environ['CDPATH'] = ''
+        os.environ['COLUMNS'] = '80'
+        os.environ['GREP_OPTIONS'] = ''
+
+    if opts.yes:
+        answer = 'y'
+    elif opts.no:
+        answer = 'n'
+    else:
+        answer = None
+
+    try:
+        return run(paths, tmpdir, opts.shell, opts.quiet, opts.verbose,
+                   patchcmd, answer, opts.indent)
+    finally:
+        if opts.keep_tmpdir:
+            log('# Kept temporary directory: %s\n' % tmpdir)
+        else:
+            shutil.rmtree(tmpdir)
+
+if __name__ == '__main__':
+    try:
+        sys.exit(main(sys.argv[1:]))
+    except KeyboardInterrupt:
+        pass
diff --git a/client/3rd/ShadowSocks/ShadowSocks/shadowsocks-libev/libcork/tests/helpers.h b/client/3rd/ShadowSocks/ShadowSocks/shadowsocks-libev/libcork/tests/helpers.h
new file mode 100644
index 00000000..16b968b7
--- /dev/null
+++ b/client/3rd/ShadowSocks/ShadowSocks/shadowsocks-libev/libcork/tests/helpers.h
@@ -0,0 +1,96 @@
+/* -*- coding: utf-8 -*-
+ * ----------------------------------------------------------------------
+ * Copyright © 2011-2014, RedJack, LLC.
+ * All rights reserved.
+ *
+ * Please see the COPYING file in this distribution for license
+ * details.
+ * ----------------------------------------------------------------------
+ */
+
+#ifndef TESTS_HELPERS_H
+#define TESTS_HELPERS_H
+
+#include "libcork/core/allocator.h"
+#include "libcork/core/error.h"
+
+
+/*-----------------------------------------------------------------------
+ * Allocators
+ */
+
+/* For the "embedded" tests, use a custom allocator that debugs every
+ * allocation.  For the "shared" tests, use the default allocator. */
+
+#if CORK_EMBEDDED_TEST
+
+static void
+setup_allocator(void)
+{
+    struct cork_alloc  *debug = cork_debug_alloc_new(cork_allocator);
+    cork_set_allocator(debug);
+}
+
+#else /* !CORK_EMBEDDED_TEST */
+
+static void
+setup_allocator(void)
+{
+    /* do nothing */
+}
+
+#endif
+
+
+/*-----------------------------------------------------------------------
+ * Error reporting
+ */
+
+#if !defined(PRINT_EXPECTED_FAILURES)
+#define PRINT_EXPECTED_FAILURES  1
+#endif
+
+#if PRINT_EXPECTED_FAILURES
+#define print_expected_failure() \
+    printf("[expected: %s]\n", cork_error_message());
+#else
+#define print_expected_failure()  /* do nothing */
+#endif
+
+
+#define DESCRIBE_TEST \
+    fprintf(stderr, "--- %s\n", __func__);
+
+
+#define fail_if_error(call) \
+    do { \
+        call; \
+        if (cork_error_occurred()) { \
+            fail("%s", cork_error_message()); \
+        } \
+    } while (0)
+
+#define fail_unless_error(call, ...) \
+    do { \
+        call; \
+        if (!cork_error_occurred()) { \
+            fail(__VA_ARGS__); \
+        } else { \
+            print_expected_failure(); \
+        } \
+        cork_error_clear(); \
+    } while (0)
+
+#define fail_unless_equal(what, format, expected, actual) \
+    (fail_unless((expected) == (actual), \
+                 "%s not equal (expected " format \
+                 ", got " format ")", \
+                 (what), (expected), (actual)))
+
+#define fail_unless_streq(what, expected, actual) \
+    (fail_unless(strcmp((expected), (actual)) == 0, \
+                 "%s not equal (expected \"%s\", got \"%s\")", \
+                 (char *) (what), (char *) (expected), (char *) (actual)))
+
+
+#endif /* TESTS_HELPERS_H */
diff --git a/client/3rd/ShadowSocks/ShadowSocks/shadowsocks-libev/libcork/tests/test-array.c b/client/3rd/ShadowSocks/ShadowSocks/shadowsocks-libev/libcork/tests/test-array.c
new file mode 100644
index 00000000..6d993d19
--- /dev/null
+++ b/client/3rd/ShadowSocks/ShadowSocks/shadowsocks-libev/libcork/tests/test-array.c
@@ -0,0 +1,318 @@
+/* -*- coding: utf-8 -*-
+ * ----------------------------------------------------------------------
+ * Copyright © 2011-2014, RedJack, LLC.
+ * All rights reserved.
+ *
+ * Please see the COPYING file in this distribution for license details.
+ * ----------------------------------------------------------------------
+ */
+
+#include <stdarg.h>
+#include <stdlib.h>
+#include <stdio.h>
+#include <string.h>
+
+#include <check.h>
+
+#include "libcork/core/types.h"
+#include "libcork/ds/array.h"
+
+#include "helpers.h"
+
+
+/*-----------------------------------------------------------------------
+ * Resizable arrays
+ */
+
+#define add_element(element, expected_new_size) \
+    fail_if_error(cork_array_append(&array, element)); \
+    fail_unless(cork_array_size(&array) == expected_new_size, \
+                "Unexpected size of array: got %zu, expected %zu", \
+                cork_array_size(&array), expected_new_size);
+
+#define add_element0(element, expected_new_size, int_type) \
+    do { \
+        int_type  *__element; \
+        fail_if_error(__element = cork_array_append_get(&array)); \
+        *__element = element; \
+        fail_unless(cork_array_size(&array) == expected_new_size, \
+                    "Unexpected size of array: got %zu, expected %zu", \
+                    cork_array_size(&array), expected_new_size); \
+    } while (0)
+
+#define test_sum(array, expected) \
+    do { \
+        int64_t  sum = 0; \
+        size_t  i; \
+        for (i = 0; i < cork_array_size(array); i++) { \
+            sum += cork_array_at(array, i); \
+        } \
+        fail_unless(sum == expected, \
+                    "Unexpected sum, got %ld, expected %ld", \
+                    (long) sum, (long) expected); \
+    } while (0)
+
+#define test_int(int_type) \
+START_TEST(test_array_##int_type) \
+{ \
+    DESCRIBE_TEST; \
+    \
+    cork_array(int_type)  array; \
+    cork_array(int_type)  copy; \
+    cork_array_init(&array); \
+    \
+    fail_unless(cork_array_size(&array) == 0, \
+                "Unexpected size of array: got %zu, expected 0", \
+                cork_array_size(&array)); \
+    \
+    /* Make sure to add enough elements to force the array into \
+     * heap-allocated storage. */ \
+    test_sum(&array, 0); \
+    add_element ( 1,  1); \
+    test_sum(&array, 1); \
+    add_element0( 2,  2, int_type); \
+    test_sum(&array, 3); \
+    add_element ( 3,  3); \
+    test_sum(&array, 6); \
+    add_element0( 4,  4, int_type); \
+    test_sum(&array, 10); \
+    add_element0( 5,  5, int_type); \
+    test_sum(&array, 15); \
+    add_element ( 6,  6); \
+    test_sum(&array, 21); \
+    add_element ( 7,  7); \
+    test_sum(&array, 28); \
+    add_element0( 8,  8, int_type); \
+    test_sum(&array, 36); \
+    add_element ( 9,  9); \
+    test_sum(&array, 45); \
+    add_element0(10, 10, int_type); \
+    test_sum(&array, 55); \
+    \
+    cork_array_init(&copy); \
+    fail_if_error(cork_array_copy(&copy, &array, NULL, NULL)); \
+    test_sum(&copy, 55); \
+    \
+    cork_array_done(&array); \
+    cork_array_done(&copy); \
+} \
+END_TEST
+
+test_int(int8_t)
+test_int(int16_t)
+test_int(int32_t)
+test_int(int64_t)
+
+
+/*-----------------------------------------------------------------------
+ * String arrays
+ */
+
+#define add_string(element, expected_new_size) \
+    fail_if_error(cork_string_array_append(&array, element)); \
+    fail_unless(cork_array_size(&array) == expected_new_size, \
+                "Unexpected size of array: got %zu, expected %zu", \
+                cork_array_size(&array), (size_t) expected_new_size);
+
+#define test_string(array, index, expected) \
+    do { \
+        const char  *actual = cork_array_at(array, index); \
+        fail_unless_streq("Array elements", expected, actual); \
+    } while (0)
+
+START_TEST(test_array_string)
+{
+    DESCRIBE_TEST;
+    struct cork_string_array  array;
+    struct cork_string_array  copy;
+
+    cork_string_array_init(&array);
+    add_string("hello", 1);
+    add_string("there", 2);
+    add_string("world", 3);
+    test_string(&array, 0, "hello");
+    test_string(&array, 1, "there");
+    test_string(&array, 2, "world");
+    cork_array_clear(&array);
+    add_string("reusing", 1);
+    add_string("entries", 2);
+    test_string(&array, 0, "reusing");
+    test_string(&array, 1, "entries");
+
+    cork_string_array_init(&copy);
+    cork_string_array_copy(&copy, &array);
+    test_string(&copy, 0, "reusing");
+    test_string(&copy, 1, "entries");
+    cork_array_done(&copy);
+
+    cork_array_done(&array);
+}
+END_TEST
+
+
+/*-----------------------------------------------------------------------
+ * Array callbacks
+ */
+
+struct callback_counts {
+    size_t  init;
+    size_t  done;
+    size_t  reuse;
+    size_t  remove;
+};
+
+static void
+test_array__init(void *user_data, void *vvalue)
+{
+    struct callback_counts  *counts = user_data;
+    counts->init++;
+}
+
+static void
+test_array__done(void *user_data, void *vvalue)
+{
+    struct callback_counts  *counts = user_data;
+    counts->done++;
+}
+
+static void
+test_array__reuse(void *user_data, void *vvalue)
+{
+    struct callback_counts  *counts = user_data;
+    counts->reuse++;
+}
+
+static void
+test_array__remove(void *user_data, void *vvalue)
+{
+    struct callback_counts  *counts = user_data;
+    counts->remove++;
+}
+
+typedef cork_array(unsigned int)  test_array;
+
+static void
+test_array_init(test_array *array, struct callback_counts *counts)
+{
+    memset(counts, 0, sizeof(struct callback_counts));
+    cork_array_init(array);
+    cork_array_set_callback_data(array, counts, NULL);
+    cork_array_set_init(array, test_array__init);
+    cork_array_set_done(array, test_array__done);
+    cork_array_set_reuse(array, test_array__reuse);
+    cork_array_set_remove(array, test_array__remove);
+}
+
+#define check_counts(counts, e_init, e_done, e_reuse, e_remove) \
+    do { \
+        fail_unless_equal \
+            ("init counts", "%zu", (size_t) e_init, (counts)->init); \
+        fail_unless_equal \
+            ("done counts", "%zu", (size_t) e_done, (counts)->done); \
+        fail_unless_equal \
+            ("reuse counts", "%zu", (size_t) e_reuse, (counts)->reuse); \
+        fail_unless_equal \
+            ("remove counts", "%zu", (size_t) e_remove, (counts)->remove); \
+    } while (0)
+
+START_TEST(test_array_callbacks)
+{
+    DESCRIBE_TEST;
+    struct callback_counts  counts;
+    struct callback_counts  copy_counts;
+    test_array  array;
+    test_array  copy;
+
+    test_array_init(&array, &counts);
+    check_counts(&counts, 0, 0, 0, 0);
+    cork_array_append(&array, 0);
+    cork_array_append(&array, 1);
+    check_counts(&counts, 2, 0, 0, 0);
+    cork_array_append(&array, 2);
+    cork_array_append(&array, 3);
+    check_counts(&counts, 4, 0, 0, 0);
+    cork_array_clear(&array);
+    check_counts(&counts, 4, 0, 0, 4);
+    cork_array_append(&array, 0);
+    cork_array_append(&array, 1);
+    check_counts(&counts, 4, 0, 2, 4);
+    cork_array_append(&array, 2);
+    cork_array_append(&array, 3);
+    check_counts(&counts, 4, 0, 4, 4);
+    cork_array_append(&array, 4);
+    check_counts(&counts, 5, 0, 4, 4);
+
+    test_array_init(&copy, &copy_counts);
+    check_counts(&copy_counts, 0, 0, 0, 0);
+    cork_array_copy(&copy, &array, NULL, NULL);
+    check_counts(&copy_counts, 5, 0, 0, 0);
+    cork_array_done(&copy);
+    check_counts(&copy_counts, 5, 5, 0, 0);
+
+    test_array_init(&copy, &copy_counts);
+    check_counts(&copy_counts, 0, 0, 0, 0);
+    cork_array_append(&copy, 0);
+    cork_array_append(&copy, 1);
+    check_counts(&copy_counts, 2, 0, 0, 0);
+    cork_array_copy(&copy, &array, NULL, NULL);
+    check_counts(&copy_counts, 5, 0, 2, 2);
+    cork_array_done(&copy);
+    check_counts(&copy_counts, 5, 5, 2, 2);
+
+    test_array_init(&copy, &copy_counts);
+    check_counts(&copy_counts, 0, 0, 0, 0);
+    cork_array_append(&copy, 0);
+    cork_array_append(&copy, 1);
+    cork_array_append(&copy, 2);
+    cork_array_append(&copy, 3);
+    cork_array_append(&copy, 4);
+    cork_array_append(&copy, 5);
+    cork_array_append(&copy, 6);
+    check_counts(&copy_counts, 7, 0, 0, 0);
+    cork_array_copy(&copy, &array, NULL, NULL);
+    check_counts(&copy_counts, 7, 0, 5, 7);
+    cork_array_done(&copy);
+    check_counts(&copy_counts, 7, 7, 5, 7);
+
+    cork_array_done(&array);
+    check_counts(&counts, 5, 5, 4, 4);
+}
+END_TEST
+
+
+/*-----------------------------------------------------------------------
+ * Testing harness
+ */
+
+Suite *
+test_suite()
+{
+    Suite  *s = suite_create("array");
+
+    TCase  *tc_ds = tcase_create("array");
+    tcase_add_test(tc_ds, test_array_int8_t);
+    tcase_add_test(tc_ds, test_array_int16_t);
+    tcase_add_test(tc_ds, test_array_int32_t);
+    tcase_add_test(tc_ds, test_array_int64_t);
+    tcase_add_test(tc_ds, test_array_string);
+    tcase_add_test(tc_ds, test_array_callbacks);
+    suite_add_tcase(s, tc_ds);
+
+    return s;
+}
+
+
+int
+main(int argc, const char **argv)
+{
+    int  number_failed;
+    Suite  *suite = test_suite();
+    SRunner  *runner = srunner_create(suite);
+
+    setup_allocator();
+    srunner_run_all(runner, CK_NORMAL);
+    number_failed = srunner_ntests_failed(runner);
+    srunner_free(runner);
+
+    return (number_failed == 0)? EXIT_SUCCESS: EXIT_FAILURE;
+}
diff --git a/client/3rd/ShadowSocks/ShadowSocks/shadowsocks-libev/libcork/tests/test-bitset.c b/client/3rd/ShadowSocks/ShadowSocks/shadowsocks-libev/libcork/tests/test-bitset.c
new file mode 100644
index 00000000..ab039cc2
--- /dev/null
+++ b/client/3rd/ShadowSocks/ShadowSocks/shadowsocks-libev/libcork/tests/test-bitset.c
@@ -0,0 +1,115 @@
+/* -*- coding: utf-8 -*-
+ * ----------------------------------------------------------------------
+ * Copyright © 2013-2014, RedJack, LLC.
+ * All rights reserved.
+ *
+ * Please see the COPYING file in this distribution for license details.
+ * ----------------------------------------------------------------------
+ */
+
+#include <stdarg.h>
+#include <stdlib.h>
+#include <stdio.h>
+
+#include <check.h>
+
+#include "libcork/core/types.h"
+#include "libcork/ds/bitset.h"
+
+#include "helpers.h"
+
+
+/*-----------------------------------------------------------------------
+ * Bit sets
+ */
+
+static void
+test_bitset_of_size(size_t bit_count)
+{
+    size_t  i;
+    struct cork_bitset  *set1 = cork_bitset_new(bit_count);
+    struct cork_bitset set2;
+
+    for (i = 0; i < bit_count; i++) {
+        cork_bitset_set(set1, i, true);
+        fail_unless(cork_bitset_get(set1, i), "Unexpected value for bit %zu", i);
+    }
+
+    for (i = 0; i < bit_count; i++) {
+        cork_bitset_set(set1, i, false);
+        fail_if(cork_bitset_get(set1, i), "Unexpected value for bit %zu", i);
+    }
+    cork_bitset_free(set1);
+
+    cork_bitset_init(&set2, bit_count);
+    for (i = 0; i < bit_count; i++) {
+        cork_bitset_set(&set2, i, true);
+        fail_unless(cork_bitset_get(&set2, i), "Unexpected value for bit %zu", i);
+    }
+
+    for (i = 0; i < bit_count; i++) {
+        cork_bitset_set(&set2, i, false);
+        fail_if(cork_bitset_get(&set2, i), "Unexpected value for bit %zu", i);
+    }
+    cork_bitset_done(&set2);
+}
+
+START_TEST(test_bitset)
+{
+    DESCRIBE_TEST;
+    /* Test a variety of sizes, with and without spillover bits. */
+    test_bitset_of_size(1);
+    test_bitset_of_size(2);
+    test_bitset_of_size(3);
+    test_bitset_of_size(4);
+    test_bitset_of_size(5);
+    test_bitset_of_size(6);
+    test_bitset_of_size(7);
+    test_bitset_of_size(8);
+    test_bitset_of_size(9);
+    test_bitset_of_size(10);
+    test_bitset_of_size(11);
+    test_bitset_of_size(12);
+    test_bitset_of_size(13);
+    test_bitset_of_size(14);
+    test_bitset_of_size(15);
+    test_bitset_of_size(16);
+    test_bitset_of_size(65535);
+    test_bitset_of_size(65536);
+    test_bitset_of_size(65537);
+}
+END_TEST
+
+
+/*-----------------------------------------------------------------------
+ * Testing harness
+ */
+
+Suite *
+test_suite()
+{
+    Suite  *s = suite_create("bits");
+
+    TCase  *tc_ds = tcase_create("bits");
+    tcase_set_timeout(tc_ds, 20.0);
+    tcase_add_test(tc_ds, test_bitset);
+    suite_add_tcase(s, tc_ds);
+
+    return s;
+}
+
+
+int
+main(int argc, const char **argv)
+{
+    int  number_failed;
+    Suite  *suite = test_suite();
+    SRunner  *runner = srunner_create(suite);
+
+    setup_allocator();
+    srunner_run_all(runner, CK_NORMAL);
+    number_failed = srunner_ntests_failed(runner);
+    srunner_free(runner);
+
+    return (number_failed == 0)? EXIT_SUCCESS: EXIT_FAILURE;
+}
diff --git a/client/3rd/ShadowSocks/ShadowSocks/shadowsocks-libev/libcork/tests/test-buffer.c b/client/3rd/ShadowSocks/ShadowSocks/shadowsocks-libev/libcork/tests/test-buffer.c
new file mode 100644
index 00000000..517fcb7d
--- /dev/null
+++ b/client/3rd/ShadowSocks/ShadowSocks/shadowsocks-libev/libcork/tests/test-buffer.c
@@ -0,0 +1,348 @@
+/* -*- coding: utf-8 -*-
+ * ----------------------------------------------------------------------
+ * Copyright © 2009-2014, RedJack, LLC.
+ * All rights reserved.
+ *
+ * Please see the COPYING file in this distribution for license
+ * details.
+ * ----------------------------------------------------------------------
+ */
+
+#include <stdlib.h>
+#include <stdio.h>
+#include <string.h>
+
+#include <check.h>
+
+#include "libcork/core/types.h"
+#include "libcork/ds/buffer.h"
+#include "libcork/ds/managed-buffer.h"
+#include "libcork/ds/stream.h"
+
+#include "helpers.h"
+
+
+/*-----------------------------------------------------------------------
+ * Buffers
+ */
+
+static void
+check_buffers(const struct cork_buffer *buf1, const struct cork_buffer *buf2)
+{
+    fail_unless(cork_buffer_equal(buf1, buf2),
+                "Buffers should be equal: got %zu:%s, expected %zu:%s",
+                buf1->size, buf1->buf, buf2->size, buf2->buf);
+}
+
+static void
+check_buffer(const struct cork_buffer *buf, const char *expected)
+{
+    size_t  expected_len = strlen(expected);
+    fail_unless(buf->size == expected_len,
+                "Unexpected buffer content: got %zu:%s, expected %zu:%s",
+                buf->size, buf->buf, expected_len, expected);
+}
+
+START_TEST(test_buffer)
+{
+    static char  SRC[] =
+        "Here is some text.";
+    size_t  SRC_LEN = strlen(SRC);
+
+    struct cork_buffer  buffer1;
+    struct cork_buffer  *buffer2;
+    struct cork_buffer  *buffer3;
+    struct cork_buffer  buffer4;
+
+    cork_buffer_init(&buffer1);
+    fail_if_error(cork_buffer_set(&buffer1, SRC, SRC_LEN));
+
+    fail_unless(cork_buffer_char(&buffer1, 0) == 'H',
+                "Unexpected character at position 0: got %c, expected %c",
+                (int) cork_buffer_char(&buffer1, 0), (int) 'H');
+
+    fail_unless(cork_buffer_byte(&buffer1, 1) == (uint8_t) 'e',
+                "Unexpected character at position 1: got %c, expected %c",
+                (int) cork_buffer_byte(&buffer1, 1), (int) 'e');
+
+    fail_if_error(buffer2 = cork_buffer_new());
+    fail_if_error(cork_buffer_set_string(buffer2, SRC));
+    check_buffers(&buffer1, buffer2);
+
+    fail_if_error(buffer3 = cork_buffer_new());
+    fail_if_error(cork_buffer_printf
+                  (buffer3, "Here is %s text.", "some"));
+    check_buffers(&buffer1, buffer3);
+
+    cork_buffer_init(&buffer4);
+    cork_buffer_copy(&buffer4, &buffer1);
+    check_buffers(&buffer1, &buffer4);
+
+    cork_buffer_done(&buffer1);
+    cork_buffer_free(buffer2);
+    cork_buffer_free(buffer3);
+    cork_buffer_done(&buffer4);
+}
+END_TEST
+
+
+START_TEST(test_buffer_append)
+{
+    static char  SRC1[] = "abcd";
+    size_t  SRC1_LEN = 4;
+    static char  SRC2[] = "efg";
+    size_t  SRC2_LEN = 3;
+    static char  SRC3[] = "hij";
+    static char  SRC4[] = "kl";
+    static char  EXPECTED[] = "abcdefghijkl";
+    struct cork_buffer  buffer1;
+    struct cork_buffer  buffer2;
+    struct cork_buffer  *buffer3;
+
+    cork_buffer_init(&buffer1);
+
+    /*
+     * Let's try setting some data, then clearing it, before we do our
+     * appends.
+     */
+
+    fail_if_error(cork_buffer_set(&buffer1, SRC2, SRC2_LEN));
+    cork_buffer_clear(&buffer1);
+
+    /*
+     * Okay now do the appends.
+     */
+
+    fail_if_error(cork_buffer_append(&buffer1, SRC1, SRC1_LEN));
+    fail_if_error(cork_buffer_append(&buffer1, SRC2, SRC2_LEN));
+    fail_if_error(cork_buffer_append_string(&buffer1, SRC3));
+    fail_if_error(cork_buffer_append_string(&buffer1, SRC4));
+
+    cork_buffer_init(&buffer2);
+    fail_if_error(cork_buffer_set_string(&buffer2, EXPECTED));
+    check_buffers(&buffer1, &buffer2);
+
+    fail_if_error(buffer3 = cork_buffer_new());
+    fail_if_error(cork_buffer_set(buffer3, SRC1, SRC1_LEN));
+    fail_if_error(cork_buffer_append_printf
+                  (buffer3, "%s%s%s", SRC2, SRC3, SRC4));
+    check_buffers(&buffer1, buffer3);
+
+    fail_unless(cork_buffer_equal(&buffer1, buffer3),
+                "Buffers should be equal: got %zu:%s, expected %zu:%s",
+                buffer1.size, buffer1.buf, buffer3->size, buffer3->buf);
+
+    cork_buffer_done(&buffer1);
+    cork_buffer_done(&buffer2);
+    cork_buffer_free(buffer3);
+}
+END_TEST
+
+
+START_TEST(test_buffer_slicing)
+{
+    static char  SRC[] =
+        "Here is some text.";
+
+    struct cork_buffer  *buffer;
+    struct cork_managed_buffer  *managed;
+    struct cork_slice  slice1;
+    struct cork_slice  slice2;
+
+    fail_if_error(buffer = cork_buffer_new());
+    fail_if_error(cork_buffer_set_string(buffer, SRC));
+
+    fail_if_error(managed = cork_buffer_to_managed_buffer
+                  (buffer));
+    cork_managed_buffer_unref(managed);
+
+    fail_if_error(buffer = cork_buffer_new());
+    fail_if_error(cork_buffer_set_string(buffer, SRC));
+
+    fail_if_error(cork_buffer_to_slice(buffer, &slice1));
+
+    fail_if_error(cork_slice_copy_offset(&slice2, &slice1, 2));
+    cork_slice_finish(&slice2);
+
+    fail_if_error(cork_slice_copy_offset(&slice2, &slice1, buffer->size));
+    cork_slice_finish(&slice2);
+
+    fail_if_error(cork_slice_copy_fast(&slice2, &slice1, 2, 2));
+    cork_slice_finish(&slice2);
+
+    fail_if_error(cork_slice_copy_offset_fast(&slice2, &slice1, 2));
+    cork_slice_finish(&slice2);
+
+    fail_if_error(cork_slice_copy_offset(&slice2, &slice1, 0));
+    fail_if_error(cork_slice_slice_offset_fast(&slice2, 2));
+    fail_if_error(cork_slice_slice_fast(&slice2, 0, 2));
+    fail_if_error(cork_slice_slice(&slice1, 2, 2));
+    fail_unless(cork_slice_equal(&slice1, &slice2), "Slices should be equal");
+    cork_slice_finish(&slice2);
+
+    cork_slice_finish(&slice1);
+}
+END_TEST
+
+
+START_TEST(test_buffer_stream)
+{
+    static char  SRC1[] = "abcd";
+    size_t  SRC1_LEN = 4;
+    static char  SRC2[] = "efg";
+    size_t  SRC2_LEN = 3;
+
+    static char  EXPECTED[] = "000abcdefg";
+    static size_t  EXPECTED_SIZE = 10;
+
+    struct cork_buffer  buffer1;
+    struct cork_buffer  buffer2;
+    struct cork_stream_consumer  *consumer;
+
+    cork_buffer_init(&buffer1);
+    cork_buffer_append_string(&buffer1, "000");
+    fail_if_error(consumer =
+                  cork_buffer_to_stream_consumer(&buffer1));
+
+    /* chunk #1 */
+    fail_if_error(cork_stream_consumer_data(consumer, SRC1, SRC1_LEN, true));
+
+    /* chunk #2 */
+    fail_if_error(cork_stream_consumer_data(consumer, SRC2, SRC2_LEN, false));
+
+    /* eof */
+    fail_if_error(cork_stream_consumer_eof(consumer));
+
+    /* check the result */
+    cork_buffer_init(&buffer2);
+    fail_if_error(cork_buffer_set(&buffer2, EXPECTED, EXPECTED_SIZE));
+    check_buffers(&buffer1, &buffer2);
+
+    cork_stream_consumer_free(consumer);
+    cork_buffer_done(&buffer1);
+    cork_buffer_done(&buffer2);
+}
+END_TEST
+
+
+static void
+check_c_string_(const char *content, size_t length,
+                const char *expected)
+{
+    struct cork_buffer  buf = CORK_BUFFER_INIT();
+    cork_buffer_append_c_string(&buf, content, length);
+    check_buffer(&buf, expected);
+    cork_buffer_done(&buf);
+}
+
+#define check_c_string(c)  (check_c_string_(c, sizeof(c) - 1, #c))
+#define check_c_string_ex(c, e)  (check_c_string_(c, sizeof(c) - 1, e))
+
+START_TEST(test_buffer_c_string)
+{
+    check_c_string("");
+    check_c_string("hello world");
+    check_c_string("\x00");
+    check_c_string("\f\n\r\t\v");
+    check_c_string_ex("\x0d\x0a", "\"\\n\\r\"");
+}
+END_TEST
+
+
+static void
+check_pretty_print_(size_t indent, const char *content, size_t length,
+                    const char *expected)
+{
+    struct cork_buffer  buf = CORK_BUFFER_INIT();
+    cork_buffer_append_binary(&buf, indent, content, length);
+    check_buffer(&buf, expected);
+    cork_buffer_done(&buf);
+}
+
+#define check_pretty_print(i, c, e) \
+    (check_pretty_print_((i), (c), sizeof((c)) - 1, (e)))
+
+START_TEST(test_buffer_pretty_print)
+{
+    check_pretty_print(0, "", "");
+    check_pretty_print(0, "hello world", "hello world");
+    check_pretty_print
+        (0, "hello\nworld",
+         "(multiline)\n"
+         "hello\n"
+         "world");
+    check_pretty_print
+        (0, "hello\n\x00world\r\x80hello again",
+         "(hex)\n"
+         "68 65 6c 6c 6f 0a 00 77 6f 72 6c 64 0d 80 68 65  |hello..world..he|\n"
+         "6c 6c 6f 20 61 67 61 69 6e                       |llo again|");
+
+    check_pretty_print(2, "", "");
+    check_pretty_print(2, "hello world", "hello world");
+    check_pretty_print
+        (2, "hello\nworld",
+         "(multiline)\n"
+         "  hello\n"
+         "  world");
+    check_pretty_print
+        (2, "hello\n\x00world\r\x80hello again",
+         "(hex)\n"
+         "  "
+         "68 65 6c 6c 6f 0a 00 77 6f 72 6c 64 0d 80 68 65  |hello..world..he|\n"
+         "  "
+         "6c 6c 6f 20 61 67 61 69 6e                       |llo again|");
+
+    check_pretty_print(4, "", "");
+    check_pretty_print(4, "hello world", "hello world");
+    check_pretty_print
+        (4, "hello\nworld",
+         "(multiline)\n"
+         "    hello\n"
+         "    world");
+    check_pretty_print
+        (4, "hello\n\x00world\r\x80hello again",
+         "(hex)\n"
+         "    "
+         "68 65 6c 6c 6f 0a 00 77 6f 72 6c 64 0d 80 68 65  |hello..world..he|\n"
+         "    "
+         "6c 6c 6f 20 61 67 61 69 6e                       |llo again|");
+}
+END_TEST
+
+
+/*-----------------------------------------------------------------------
+ * Testing harness
+ */
+
+Suite *
+test_suite()
+{
+    Suite  *s = suite_create("buffer");
+
+    TCase  *tc_buffer = tcase_create("buffer");
+    tcase_add_test(tc_buffer, test_buffer);
+    tcase_add_test(tc_buffer, test_buffer_append);
+    tcase_add_test(tc_buffer, test_buffer_slicing);
+    tcase_add_test(tc_buffer, test_buffer_stream);
+    tcase_add_test(tc_buffer, test_buffer_c_string);
+    tcase_add_test(tc_buffer, test_buffer_pretty_print);
+    suite_add_tcase(s, tc_buffer);
+
+    return s;
+}
+
+
+int
+main(int argc, const char **argv)
+{
+    int  number_failed;
+    Suite  *suite = test_suite();
+    SRunner  *runner = srunner_create(suite);
+
+    setup_allocator();
+    srunner_run_all(runner, CK_NORMAL);
+    number_failed = srunner_ntests_failed(runner);
+    srunner_free(runner);
+
+    return (number_failed == 0)? EXIT_SUCCESS: EXIT_FAILURE;
+}
diff --git a/client/3rd/ShadowSocks/ShadowSocks/shadowsocks-libev/libcork/tests/test-core.c b/client/3rd/ShadowSocks/ShadowSocks/shadowsocks-libev/libcork/tests/test-core.c
new file mode 100644
index 00000000..b65fa89f
--- /dev/null
+++ b/client/3rd/ShadowSocks/ShadowSocks/shadowsocks-libev/libcork/tests/test-core.c
@@ -0,0 +1,1158 @@
+/* -*- coding: utf-8 -*-
+ * ----------------------------------------------------------------------
+ * Copyright © 2011-2014, RedJack, LLC.
+ * All rights reserved.
+ *
+ * Please see the COPYING file in this distribution for license details.
+ * ----------------------------------------------------------------------
+ */
+
+#include <errno.h>
+#include <stdarg.h>
+#include <stdlib.h>
+#include <stdio.h>
+#include <string.h>
+
+#include <check.h>
+
+#include "libcork/config.h"
+#include "libcork/core/byte-order.h"
+#include "libcork/core/error.h"
+#include "libcork/core/hash.h"
+#include "libcork/core/id.h"
+#include "libcork/core/net-addresses.h"
+#include "libcork/core/timestamp.h"
+#include "libcork/core/types.h"
+#include "libcork/core/u128.h"
+#include "libcork/os/subprocess.h"
+
+#include "helpers.h"
+
+
+/*-----------------------------------------------------------------------
+ * Core types
+ */
+
+START_TEST(test_bool)
+{
+    bool  value;
+
+    value = true;
+    fail_unless(value, "Unexpected true value");
+
+    value = false;
+    fail_if(value, "Unexpected false value");
+}
+END_TEST
+
+START_TEST(test_int_types)
+{
+    /*
+     * Make sure we have all of the C99 fixed-size integer types
+     * available.
+     */
+
+#define TEST_INT_TYPE(type) \
+    { \
+        type  i = 0; \
+        fail_unless(i == 0, "Unexpected value for " #type); \
+    }
+
+    TEST_INT_TYPE(int8_t);
+    TEST_INT_TYPE(int16_t);
+    TEST_INT_TYPE(int32_t);
+    TEST_INT_TYPE(int64_t);
+    TEST_INT_TYPE(uint8_t);
+    TEST_INT_TYPE(uint16_t);
+    TEST_INT_TYPE(uint32_t);
+    TEST_INT_TYPE(uint64_t);
+    TEST_INT_TYPE(size_t);
+    TEST_INT_TYPE(ptrdiff_t);
+    TEST_INT_TYPE(intptr_t);
+    TEST_INT_TYPE(uintptr_t);
+
+#undef TEST_INT_TYPE
+}
+END_TEST
+
+
+START_TEST(test_int_sizeof)
+{
+    /*
+     * Test that our CORK_SIZEOF_FOO preprocessor macros match the
+     * results of the builtin sizeof operator.
+     */
+
+#define TEST_SIZEOF(TYPE, type) \
+    { \
+        fail_unless(CORK_SIZEOF_##TYPE == sizeof(type), \
+                    "Incorrect size for " #type ": got %zu, expected %zu", \
+                    (size_t) CORK_SIZEOF_##TYPE, \
+                    (size_t) sizeof(type)); \
+    }
+
+    TEST_SIZEOF(SHORT, short)
+    TEST_SIZEOF(SHORT, unsigned short)
+    TEST_SIZEOF(INT, int)
+    TEST_SIZEOF(INT, unsigned int)
+    TEST_SIZEOF(LONG, long)
+    TEST_SIZEOF(LONG, unsigned long)
+    TEST_SIZEOF(POINTER, void *)
+    TEST_SIZEOF(POINTER, int *)
+    TEST_SIZEOF(POINTER, void (*)(void))
+
+#undef TEST_SIZEOF
+}
+END_TEST
+
+
+/*-----------------------------------------------------------------------
+ * Strings
+ */
+
+static void
+test_strndup(const char *string, size_t size)
+{
+    const char  *copy;
+
+    copy = cork_strndup(string, size);
+    if (memcmp(string, copy, size) != 0) {
+        fail("cork_strndup failed");
+    }
+    cork_strfree(copy);
+
+    copy = cork_xstrndup(string, size);
+    fail_if(copy == NULL, "cork_xstrndup couldn't allocate copy");
+    if (memcmp(string, copy, size) != 0) {
+        fail("cork_xstrndup failed");
+    }
+    cork_strfree(copy);
+}
+
+START_TEST(test_string)
+{
+    DESCRIBE_TEST;
+    test_strndup("", 0);
+    test_strndup("abc", 3);
+    test_strndup("abc\x00xyz", 7);
+}
+END_TEST
+
+
+/*-----------------------------------------------------------------------
+ * Endianness
+ */
+
+START_TEST(test_endianness)
+{
+#define TEST_ENDIAN(TYPE, type, sz, expected, ...) \
+    { \
+        union { uint8_t octets[sz]; type val; }  u = \
+            { { __VA_ARGS__ } }; \
+        \
+        type  from_big = CORK_##TYPE##_BIG_TO_HOST(u.val); \
+        fail_unless(from_big == expected, \
+                    "Unexpected big-to-host " #type " value"); \
+        \
+        type  from_big_in_place = u.val; \
+        CORK_##TYPE##_BIG_TO_HOST_IN_PLACE(from_big_in_place); \
+        fail_unless(from_big_in_place == expected, \
+                    "Unexpected in-place big-to-host " #type " value"); \
+        \
+        type  to_big = CORK_##TYPE##_HOST_TO_BIG(expected); \
+        fail_unless(to_big == u.val, \
+                    "Unexpected host-to-big " #type " value"); \
+        \
+        type  to_big_in_place = expected; \
+        CORK_##TYPE##_HOST_TO_BIG_IN_PLACE(to_big_in_place); \
+        fail_unless(to_big_in_place == u.val, \
+                    "Unexpected in-place host-to-big " #type " value"); \
+        \
+        int  i; \
+        for (i = 0; i < sz/2; i++) { \
+            uint8_t  tmp = u.octets[i]; \
+            u.octets[i] = u.octets[sz-i-1]; \
+            u.octets[sz-i-1] = tmp; \
+        } \
+        \
+        type  from_little = CORK_##TYPE##_LITTLE_TO_HOST(u.val); \
+        fail_unless(from_little == expected, \
+                    "Unexpected little-to-host " #type " value"); \
+        \
+        type  from_little_in_place = u.val; \
+        CORK_##TYPE##_LITTLE_TO_HOST_IN_PLACE(from_little_in_place); \
+        fail_unless(from_little_in_place == expected, \
+                    "Unexpected in-place little-to-host " #type " value"); \
+        \
+        type  to_little = CORK_##TYPE##_HOST_TO_LITTLE(expected); \
+        fail_unless(to_little == u.val, \
+                    "Unexpected host-to-little " #type " value"); \
+        \
+        type  to_little_in_place = expected; \
+        CORK_##TYPE##_HOST_TO_LITTLE_IN_PLACE(to_little_in_place); \
+        fail_unless(to_little_in_place == u.val, \
+                    "Unexpected in-place host-to-little " #type " value"); \
+    }
+
+    TEST_ENDIAN(UINT16, uint16_t, 2, 0x0102, 1, 2);
+    TEST_ENDIAN(UINT32, uint32_t, 4, 0x01020304, 1, 2, 3, 4);
+    TEST_ENDIAN(UINT64, uint64_t, 8, UINT64_C(0x0102030405060708),
+                1, 2, 3, 4, 5, 6, 7, 8);
+
+#undef TEST_ENDIAN
+}
+END_TEST
+
+
+/*-----------------------------------------------------------------------
+ * Built-in errors
+ */
+
+START_TEST(test_error_prefix)
+{
+    DESCRIBE_TEST;
+    cork_error_clear();
+    cork_error_set_printf
+        (CORK_UNKNOWN_ERROR, "%u errors occurred", (unsigned int) 17);
+    fail_unless_streq("Error messages",
+                      "17 errors occurred",
+                      cork_error_message());
+    cork_error_prefix("The %s is aborting because ", "program");
+    fail_unless_streq("Error messages",
+                      "The program is aborting because 17 errors occurred",
+                      cork_error_message());
+    cork_error_clear();
+}
+END_TEST
+
+START_TEST(test_system_error)
+{
+    DESCRIBE_TEST;
+    /* Artificially flag a system error and make sure we can detect it */
+    errno = ENOMEM;
+    cork_error_clear();
+    cork_system_error_set();
+    fail_unless(cork_error_code() == ENOMEM,
+                "Expected a system error");
+    printf("Got error: %s\n", cork_error_message());
+    cork_error_clear();
+}
+END_TEST
+
+
+/*-----------------------------------------------------------------------
+ * Hash values
+ */
+
+#define test_hash_func(func, expected, ...) \
+    fail_unless(func(0, __VA_ARGS__) == expected, \
+                "Unexpected hash value 0x%08" PRIx32 \
+                " (expected 0x%08" PRIx32 ")", \
+                func(0, __VA_ARGS__), expected);
+
+#if CORK_HOST_ENDIANNESS == CORK_LITTLE_ENDIAN
+#if CORK_SIZEOF_POINTER == 8
+#define test_hash_buf(buf, len, little32, big32, little64, big64) \
+    test_hash_func(cork_hash_buffer, little64, buf, len)
+#define test_hash_var(var, little32, big32, little64, big64) \
+    test_hash_func(cork_hash_variable, little64, var)
+#else
+#define test_hash_buf(buf, len, little32, big32, little64, big64) \
+    test_hash_func(cork_hash_buffer, little32, buf, len)
+#define test_hash_var(var, little32, big32, little64, big64) \
+    test_hash_func(cork_hash_variable, little32, var)
+#endif
+#else
+#if CORK_SIZEOF_POINTER == 8
+#define test_hash_buf(buf, len, little32, big32, little64, big64) \
+    test_hash_func(cork_hash_buffer, big64, buf, len)
+#define test_hash_var(var, little32, big32, little64, big64) \
+    test_hash_func(cork_hash_variable, big64, var)
+#else
+#define test_hash_buf(buf, len, little32, big32, little64, big64) \
+    test_hash_func(cork_hash_buffer, big32, buf, len)
+#define test_hash_var(var, little32, big32, little64, big64) \
+    test_hash_func(cork_hash_variable, big32, var)
+#endif
+#endif
+
+
+#define test_stable_hash_buf(buf, len, expected) \
+    test_hash_func(cork_stable_hash_buffer, expected, buf, len)
+#define test_stable_hash_var(var, expected) \
+    test_hash_func(cork_stable_hash_variable, expected, var)
+
+
+#define test_big_hash_func(buf, len, e1, e2) \
+    do { \
+        cork_big_hash  seed = CORK_BIG_HASH_INIT(); \
+        cork_big_hash  expected = {cork_u128_from_64(e1, e2)}; \
+        cork_big_hash  actual = cork_big_hash_buffer(seed, buf, len); \
+        fail_unless(cork_big_hash_equal(actual, expected), \
+                    "\nUnexpected hash value 0x%016" PRIx64 ".%016" PRIx64 \
+                    "\n            (expected 0x%016" PRIx64 ".%016" PRIx64 ")", \
+                    cork_u128_be64(actual.u128, 0), \
+                    cork_u128_be64(actual.u128, 1), \
+                    cork_u128_be64(expected.u128, 0), \
+                    cork_u128_be64(expected.u128, 1)); \
+    } while (0)
+
+#if CORK_HOST_ENDIANNESS == CORK_LITTLE_ENDIAN
+#if CORK_SIZEOF_POINTER == 8
+#define test_big_hash_buf(buf,len,l32a,l32b,b32a,b32b,l64a,l64b,b64a,b64b) \
+    test_big_hash_func(buf, len, l64a, l64b)
+#else
+#define test_big_hash_buf(buf,len,l32a,l32b,b32a,b32b,l64a,l64b,b64a,b64b) \
+    test_big_hash_func(buf, len, l32a, l32b)
+#endif
+#else
+#if CORK_SIZEOF_POINTER == 8
+#define test_big_hash_buf(buf,len,l32a,l32b,b32a,b32b,l64a,l64b,b64a,b64b) \
+    test_big_hash_func(buf, len, b64a, b64b)
+#else
+#define test_big_hash_buf(buf,len,l32a,l32b,b32a,b32b,l64a,l64b,b64a,b64b) \
+    test_big_hash_func(buf, len, b32a, b32b)
+#endif
+#endif
+
+
+START_TEST(test_hash)
+{
+    DESCRIBE_TEST;
+
+    static const char  BUF[] = "test";
+    static size_t  LEN = sizeof(BUF);
+    static const char  LONG_BUF[] =
+        "this is a much longer test string in the hopes that we have to "
+        "go through a few iterations of the hashing loop in order to "
+        "calculate the value of the hash which we are trying to compute.";
+    static size_t  LONG_LEN = sizeof(LONG_BUF);
+    uint32_t  val32 = 1234;
+    uint64_t  val64 = 1234;
+    uint32_t  stable_val32 = CORK_UINT32_HOST_TO_LITTLE(1234);
+    uint64_t  stable_val64 = CORK_UINT64_HOST_TO_LITTLE(1234);
+
+    /* without the NUL terminator */
+    test_stable_hash_buf(BUF, LEN-1, 0xba6bd213);
+    test_hash_buf(BUF, LEN-1,
+      /* little 32 */ 0xba6bd213,
+      /*    big 32 */ 0x29d175e5,
+      /* little 64 */ 0xac7d28cc,
+      /*    big 64 */ 0x74bde19d);
+    test_big_hash_buf(BUF, LEN-1,
+      /* little 32 */ 0x6f02ef30550c7d68LL, 0x550c7d68550c7d68LL,
+      /*    big 32 */ 0x6f02ef30550c7d68LL, 0x550c7d68550c7d68LL,
+      /* little 64 */ 0xac7d28cc74bde19dLL, 0x9a128231f9bd4d82LL,
+      /*    big 64 */ 0xac7d28cc74bde19dLL, 0x9a128231f9bd4d82LL);
+
+    /* with the NUL terminator */
+    test_stable_hash_buf(BUF, LEN, 0x586fce33);
+    test_hash_buf(BUF, LEN,
+      /* little 32 */ 0x586fce33,
+      /*    big 32 */ 0xe31d1ce0,
+      /* little 64 */ 0xc3812fdf,
+      /*    big 64 */ 0x4d18f852);
+    test_big_hash_buf(BUF, LEN,
+      /* little 32 */ 0x98c2b52b29ab177cLL, 0x29ab177c29ab177cLL,
+      /*    big 32 */ 0x98c2b52b29ab177cLL, 0x29ab177c29ab177cLL,
+      /* little 64 */ 0xc3812fdf4d18f852LL, 0xc81a9057aa737aecLL,
+      /*    big 64 */ 0xc3812fdf4d18f852LL, 0xc81a9057aa737aecLL);
+
+    /* without the NUL terminator */
+    test_stable_hash_buf(LONG_BUF, LONG_LEN-1, 0x5caacc30);
+    test_hash_buf(LONG_BUF, LONG_LEN-1,
+      /* little 32 */ 0x5caacc30,
+      /*    big 32 */ 0x88f94165,
+      /* little 64 */ 0xcbdc2092,
+      /*    big 64 */ 0x03578c96);
+    test_big_hash_buf(LONG_BUF, LONG_LEN-1,
+      /* little 32 */ 0x4240d5134fb7793cLL, 0xee7e281c799f335aLL,
+      /*    big 32 */ 0xab564a5e029c92a4LL, 0x0bd80c741093400fLL,
+      /* little 64 */ 0xcbdc20928fa72e9cLL, 0x48de52d2c680420eLL,
+      /*    big 64 */ 0x5935f90a03578c96LL, 0x163e514fff9c30a8LL);
+
+    /* with the NUL terminator */
+    test_stable_hash_buf(LONG_BUF, LONG_LEN, 0x5e37d33d);
+    test_hash_buf(LONG_BUF, LONG_LEN,
+      /* little 32 */ 0x5e37d33d,
+      /*    big 32 */ 0x4977421a,
+      /* little 64 */ 0xe89ec005,
+      /*    big 64 */ 0x8c919559);
+    test_big_hash_buf(LONG_BUF, LONG_LEN,
+      /* little 32 */ 0x63bcdcd0c2615146LL, 0x8e7fd7aaece3cab6LL,
+      /*    big 32 */ 0x250b47cda3fc07fdLL, 0x840c4bb606aafbd0LL,
+      /* little 64 */ 0xe89ec0054becb434LL, 0x826391b83f0b4d3eLL,
+      /*    big 64 */ 0xf00a12ab8c919559LL, 0x684ecf4973c66eacLL);
+
+    test_stable_hash_var(stable_val32, 0x6bb65380);
+    test_hash_var(val32,
+      /* little 32 */ 0x6bb65380,
+      /*    big 32 */ 0x6bb65380,
+      /* little 64 */ 0x061fecc8,
+      /*    big 64 */ 0x7e1b3998);
+
+    test_stable_hash_var(stable_val64, 0x4d5c4063);
+    test_hash_var(val64,
+      /* little 32 */ 0x4d5c4063,
+      /*    big 32 */ 0xbaeee6e9,
+      /* little 64 */ 0xb119ee69,
+      /*    big 64 */ 0x267305fb);
+}
+END_TEST
+
+
+/*-----------------------------------------------------------------------
+ * IP addresses
+ */
+
+#define IPV4_TESTS(good, bad) \
+    good("192.168.1.100", "192.168.1.100"); \
+    good("01.002.0003.00000004", "1.2.3.4"); \
+    good("010.0020.00034.00000089", "10.20.34.89"); \
+    good("0100.000200.00.000", "100.200.0.0"); \
+    bad("", -1); \
+    bad(".", -1); \
+    bad("192.168.0.", -1); \
+    bad("192.168.0.1.", -1); \
+    bad("192..168.0.1", -1); \
+    bad("192.168.0.1.2", -1); \
+    bad(".168.0.1.2", -1); \
+    bad("256.0.0.0", -1); \
+    bad("00256.0.0.0", -1); \
+    bad("392.0.0.0", -1); \
+    bad("1920.0.0.0", -1); \
+    bad("stuv", -1); \
+
+#define IPV6_TESTS(good, bad) \
+    good("::", "::"); \
+    good("0:0:0:0:0:0:0:0", "::"); \
+    good("0000:0000:0000:0000:0000:0000:0000:0000", "::"); \
+    good("fe80::", "fe80::"); \
+    good("fe80:0:0:0:0:0:0:0", "fe80::"); \
+    good("fe80:0000:0000:0000:0000:0000:0000:0000", "fe80::"); \
+    good("::1", "::1"); \
+    good("0:0:0:0:0:0:0:1", "::1"); \
+    good("0000:0000:0000:0000:0000:0000:0000:0001", "::1"); \
+    good("fe80::1", "fe80::1"); \
+    good("fe80:0:0:0:0:0:0:1", "fe80::1"); \
+    good("fe80:0000:0000:0000:0000:0000:0000:0001", "fe80::1"); \
+    good("0:1:2:3:4:5:6:7", "0:1:2:3:4:5:6:7"); \
+    good("1230:4567:89ab:cdef:1230:4567:89ab:cdef", \
+         "1230:4567:89ab:cdef:1230:4567:89ab:cdef"); \
+    good("::ffff:192.168.1.100", "::ffff:192.168.1.100"); \
+    bad("", -1); \
+    bad(":", -1); \
+    bad("fe80:", -1); \
+    bad("fe80::1::2", -1); \
+    bad("1:2:3:4:5:6:7", -1); \
+    bad("1:2:3:4:5:6:7:8:9", -1); \
+    bad("::1:", -1); \
+    bad("fe800::", -1); \
+    bad("stuv", -1); \
+    /* RFC 5952 recommendations */ \
+    good("2001:0db8::0001", "2001:db8::1"); \
+    good("2001:db8:0:0:0:0:2:1", "2001:db8::2:1"); \
+    good("2001:db8:0:1:1:1:1:1", "2001:db8:0:1:1:1:1:1"); \
+    good("2001:0:0:1:0:0:0:1", "2001:0:0:1::1"); \
+    good("2001:db8:0:0:1:0:0:1", "2001:db8::1:0:0:1"); \
+    good("0:1:A:B:C:D:E:F", "0:1:a:b:c:d:e:f"); \
+
+START_TEST(test_ipv4_address)
+{
+    DESCRIBE_TEST;
+
+#define GOOD(str, normalized) \
+    { \
+        struct cork_ipv4  addr; \
+        fail_if_error(cork_ipv4_init(&addr, str)); \
+        char  actual[CORK_IPV4_STRING_LENGTH]; \
+        cork_ipv4_to_raw_string(&addr, actual); \
+        fail_unless(strcmp(actual, normalized) == 0, \
+                    "Unexpected string representation: " \
+                    "got \"%s\", expected \"%s\"", \
+                    actual, normalized); \
+        \
+        struct cork_ipv4  addr2; \
+        cork_ipv4_init(&addr2, normalized); \
+        fail_unless(cork_ipv4_equal(&addr, &addr2), \
+                    "IPv4 instances should be equal"); \
+    }
+
+#define BAD(str, unused) \
+    { \
+        struct cork_ipv4  addr; \
+        fail_unless_error \
+            (cork_ipv4_init(&addr, str), \
+             "Shouldn't be able to initialize IPv4 address from \"%s\"", \
+             str); \
+    }
+
+    IPV4_TESTS(GOOD, BAD);
+    IPV6_TESTS(BAD, BAD);
+
+#undef GOOD
+#undef BAD
+
+    struct cork_ipv4  addr4;
+    unsigned int  ipv4_cidr_good = 30;
+    unsigned int  ipv4_cidr_bad_value = 24;
+    unsigned int  ipv4_cidr_bad_range = 33;
+
+    fprintf(stderr, "Testing network prefixes\n");
+    cork_ipv4_init(&addr4, "1.2.3.4");
+    fail_unless(cork_ipv4_is_valid_network(&addr4, ipv4_cidr_good),
+                "Bad CIDR block for 1.2.3.4 and %u",
+                ipv4_cidr_good);
+    fail_if(cork_ipv4_is_valid_network(&addr4, ipv4_cidr_bad_value),
+            "IPv4 CIDR check should fail for %u",
+            ipv4_cidr_bad_value);
+    fail_if(cork_ipv4_is_valid_network(&addr4, ipv4_cidr_bad_range),
+            "IPv4 CIDR check should fail for %u",
+            ipv4_cidr_bad_range);
+}
+END_TEST
+
+
+START_TEST(test_ipv6_address)
+{
+    DESCRIBE_TEST;
+
+#define GOOD(str, normalized) \
+    { \
+        struct cork_ipv6  addr; \
+        fail_if_error(cork_ipv6_init(&addr, str)); \
+        char  actual[CORK_IPV6_STRING_LENGTH]; \
+        cork_ipv6_to_raw_string(&addr, actual); \
+        fail_unless(strcmp(actual, normalized) == 0, \
+                    "Unexpected string representation: " \
+                    "got \"%s\", expected \"%s\"", \
+                    actual, normalized); \
+        \
+        struct cork_ipv6  addr2; \
+        cork_ipv6_init(&addr2, normalized); \
+        fail_unless(cork_ipv6_equal(&addr, &addr2), \
+                    "IPv6 instances should be equal"); \
+    }
+
+#define BAD(str, unused) \
+    { \
+        struct cork_ipv6  addr; \
+        fail_unless_error \
+            (cork_ipv6_init(&addr, str), \
+             "Shouldn't be able to initialize IPv6 address from \"%s\"", \
+             str); \
+    }
+
+    IPV6_TESTS(GOOD, BAD);
+    IPV4_TESTS(BAD, BAD);
+
+#undef GOOD
+#undef BAD
+
+    struct cork_ipv6  addr6;
+    unsigned int  ipv6_cidr_good = 127;
+    unsigned int  ipv6_cidr_bad_value = 64;
+    unsigned int  ipv6_cidr_bad_range = 129;
+
+    fprintf(stderr, "Testing network prefixes\n");
+    cork_ipv6_init(&addr6, "fe80::200:f8ff:fe21:6000");
+    fail_unless(cork_ipv6_is_valid_network(&addr6, ipv6_cidr_good),
+                "Bad CIDR block %u",
+                ipv6_cidr_good);
+    fail_if(cork_ipv6_is_valid_network(&addr6, ipv6_cidr_bad_value),
+            "IPv6 CIDR check should fail for %u",
+            ipv6_cidr_bad_value);
+    fail_if(cork_ipv6_is_valid_network(&addr6, ipv6_cidr_bad_range),
+            "IPv6 CIDR check should fail for %u",
+            ipv6_cidr_bad_range);
+}
+END_TEST
+
+
+START_TEST(test_ip_address)
+{
+    DESCRIBE_TEST;
+    struct cork_ip  addr;
+
+#define GOOD(str, normalized) \
+    { \
+        struct cork_ip  addr; \
+        fail_if_error(cork_ip_init(&addr, str)); \
+        char  actual[CORK_IP_STRING_LENGTH]; \
+        cork_ip_to_raw_string(&addr, actual); \
+        fail_unless(strcmp(actual, normalized) == 0, \
+                    "Unexpected string representation: " \
+                    "got \"%s\", expected \"%s\"", \
+                    actual, normalized); \
+        \
+        struct cork_ip  addr2; \
+        cork_ip_init(&addr2, normalized); \
+        fail_unless(cork_ip_equal(&addr, &addr2), \
+                    "IP instances should be equal"); \
+    }
+
+#define BAD(str, unused) \
+    { \
+        struct cork_ip  addr; \
+        fail_unless_error \
+            (cork_ip_init(&addr, str), \
+             "Shouldn't be able to initialize IP address from \"%s\"", \
+             str); \
+    }
+
+    IPV4_TESTS(GOOD, BAD);
+    IPV6_TESTS(GOOD, BAD);
+
+#undef GOOD
+#undef BAD
+
+    struct cork_ipv4  addr4;
+    struct cork_ipv6  addr6;
+
+    fprintf(stderr, "Testing IP address versions\n");
+    cork_ip_init(&addr, "192.168.1.1");
+    cork_ipv4_init(&addr4, "192.168.1.1");
+    fail_unless(addr.version == 4,
+                "Unexpected IP address version (expected 4, got %u)",
+                addr.version);
+    fail_unless(cork_ipv4_equal(&addr.ip.v4, &addr4),
+                "IP addresses should be equal");
+
+    cork_ip_init(&addr, "fe80::1");
+    cork_ipv6_init(&addr6, "fe80::1");
+    fail_unless(addr.version == 6,
+                "Unexpected IP address version (expected 6, got %u)",
+                addr.version);
+    fail_unless(cork_ipv6_equal(&addr.ip.v6, &addr6),
+                "IP addresses should be equal");
+}
+END_TEST
+
+
+/*-----------------------------------------------------------------------
+ * Timestamps
+ */
+
+static void
+test_timestamp_bad_format(cork_timestamp ts, const char *format)
+{
+    struct cork_buffer  buf = CORK_BUFFER_INIT();
+    fail_unless_error(cork_timestamp_format_utc(ts, format, &buf));
+    cork_buffer_done(&buf);
+}
+
+static void
+test_timestamp_utc_format(cork_timestamp ts, const char *format,
+                          const char *expected)
+{
+    struct cork_buffer  buf = CORK_BUFFER_INIT();
+    fail_if_error(cork_timestamp_format_utc(ts, format, &buf));
+    fail_unless(strcmp(buf.buf, expected) == 0,
+                "Unexpected formatted UTC time "
+                "(got \"%s\", expected \"%s\")",
+                (char *) buf.buf, expected);
+    cork_buffer_done(&buf);
+}
+
+static void
+test_timestamp_local_format(cork_timestamp ts, const char *format,
+                            const char *expected)
+{
+    struct cork_buffer  buf = CORK_BUFFER_INIT();
+    fail_if_error(cork_timestamp_format_local(ts, format, &buf));
+    fail_unless(strcmp(buf.buf, expected) == 0,
+                "Unexpected formatted local time "
+                "(got \"%s\", expected \"%s\")",
+                (char *) buf.buf, expected);
+    cork_buffer_done(&buf);
+}
+
+START_TEST(test_timestamp)
+{
+    /* All of the local times here are in America/Los_Angeles.  Down at the
+     * bottom of the file we override the TZ environment variable to ensure that
+     * we use a consistent local time zone in the test cases, regardless of the
+     * actual time zone of the current machine. */
+
+    static const uint32_t  TEST_TIME_1 = 700000000;
+    static const char  *FORMATTED_UTC_TIME_1   = " 1992-03-07 20:26:40 ";
+    static const char  *FORMATTED_LOCAL_TIME_1 = " 1992-03-07 12:26:40 ";
+
+    static const uint32_t  TEST_TIME_2 = 1200000000;
+    static const char  *FORMATTED_UTC_TIME_2   = " 2008-01-10 21:20:00 ";
+    static const char  *FORMATTED_LOCAL_TIME_2 = " 2008-01-10 13:20:00 ";
+
+    static const uint32_t  TEST_TIME_3 = 1305180745;
+    static const char  *FORMATTED_UTC_TIME_3   = " 2011-05-12 06:12:25 ";
+    static const char  *FORMATTED_LOCAL_TIME_3 = " 2011-05-11 23:12:25 ";
+
+    cork_timestamp  ts;
+
+    DESCRIBE_TEST;
+
+#define test(unit, expected) \
+    fail_unless(cork_timestamp_##unit(ts) == expected, \
+                "Unexpected " #unit " portion of timestamp " \
+                "(got %lu, expected %lu)", \
+                (unsigned long) cork_timestamp_##unit(ts), \
+                (unsigned long) expected);
+
+#define test_format(utc, local) \
+    test_timestamp_utc_format(ts, " %Y-%m-%d %H:%M:%S ", utc); \
+    test_timestamp_local_format(ts, " %Y-%m-%d %H:%M:%S ", local);
+
+    cork_timestamp_init_sec(&ts, TEST_TIME_1);
+    test(sec, TEST_TIME_1);
+    test(gsec, 0);
+    test(msec, 0);
+    test(usec, 0);
+    test(nsec, 0);
+    test_format(FORMATTED_UTC_TIME_1, FORMATTED_LOCAL_TIME_1);
+
+    cork_timestamp_init_sec(&ts, TEST_TIME_2);
+    test(sec, TEST_TIME_2);
+    test(gsec, 0);
+    test(msec, 0);
+    test(usec, 0);
+    test(nsec, 0);
+    test_format(FORMATTED_UTC_TIME_2, FORMATTED_LOCAL_TIME_2);
+
+    cork_timestamp_init_sec(&ts, TEST_TIME_3);
+    test(sec, TEST_TIME_3);
+    test(gsec, 0);
+    test(msec, 0);
+    test(usec, 0);
+    test(nsec, 0);
+    test_format(FORMATTED_UTC_TIME_3, FORMATTED_LOCAL_TIME_3);
+
+    cork_timestamp_init_gsec(&ts, TEST_TIME_1, 1 << 30);
+    test(sec, TEST_TIME_1);
+    test(gsec, 1 << 30);
+    test(msec, 250);
+    test(usec, 250000);
+    test(nsec, 250000000);
+
+    cork_timestamp_init_msec(&ts, TEST_TIME_1, 500);
+    test(sec, TEST_TIME_1);
+    test(gsec, 1 << 31);
+    test(msec, 500);
+    test(usec, 500000);
+    test(nsec, 500000000);
+
+    cork_timestamp_init_usec(&ts, TEST_TIME_1, 500000);
+    test(sec, TEST_TIME_1);
+    test(gsec, 1 << 31);
+    test(msec, 500);
+    test(usec, 500000);
+    test(nsec, 500000000);
+
+    cork_timestamp_init_nsec(&ts, TEST_TIME_1, 500000000);
+    test(sec, TEST_TIME_1);
+    test(gsec, 1 << 31);
+    test(msec, 500);
+    test(usec, 500000);
+    test(nsec, 500000000);
+}
+END_TEST
+
+START_TEST(test_timestamp_format)
+{
+    cork_timestamp  ts;
+    DESCRIBE_TEST;
+
+    cork_timestamp_init_nsec(&ts, 0, 123456789);
+    test_timestamp_bad_format(ts, "%f");
+    test_timestamp_bad_format(ts, "%0f");
+    test_timestamp_bad_format(ts, "%10f");
+    test_timestamp_utc_format(ts, "%1f",   "1");
+    test_timestamp_utc_format(ts, "%2f",   "12");
+    test_timestamp_utc_format(ts, "%3f",   "123");
+    test_timestamp_utc_format(ts, "%4f",   "1235");
+    test_timestamp_utc_format(ts, "%5f",   "12346");
+    test_timestamp_utc_format(ts, "%6f",   "123457");
+    test_timestamp_utc_format(ts, "%7f",   "1234568");
+    test_timestamp_utc_format(ts, "%8f",   "12345679");
+    test_timestamp_utc_format(ts, "%9f",   "123456789");
+    test_timestamp_utc_format(ts, "%009f", "123456789");
+
+    cork_timestamp_init_nsec(&ts, 1200000000, 123456789);
+}
+END_TEST
+
+
+/*-----------------------------------------------------------------------
+ * 128-bit integers
+ */
+
+static void
+test_one_u128_decimal(cork_u128 value, const char *expected)
+{
+    char  buf[CORK_U128_DECIMAL_LENGTH];
+    const char  *actual = cork_u128_to_decimal(buf, value);
+    fail_unless_streq("Integers", expected, actual);
+}
+
+static void
+test_one_u128_hex(cork_u128 value, const char *expected)
+{
+    char  buf[CORK_U128_HEX_LENGTH];
+    const char  *actual = cork_u128_to_hex(buf, value);
+    fail_unless_streq("Integers", expected, actual);
+}
+
+static void
+test_one_u128_padded_hex(cork_u128 value, const char *expected)
+{
+    char  buf[CORK_U128_HEX_LENGTH];
+    const char  *actual = cork_u128_to_padded_hex(buf, value);
+    fail_unless_streq("Integers", expected, actual);
+}
+
+static void
+test_one_u128_print_from_32(uint32_t i0, uint32_t i1, uint32_t i2, uint32_t i3,
+                            const char *expected_decimal,
+                            const char *expected_hex,
+                            const char *expected_padded_hex)
+{
+    cork_u128  value = cork_u128_from_32(i0, i1, i2, i3);
+    test_one_u128_decimal(value, expected_decimal);
+    test_one_u128_hex(value, expected_hex);
+    test_one_u128_padded_hex(value, expected_padded_hex);
+}
+
+static void
+test_one_u128_print_from_64(uint64_t i0, uint64_t i1,
+                            const char *expected_decimal,
+                            const char *expected_hex,
+                            const char *expected_padded_hex)
+{
+    cork_u128  value = cork_u128_from_64(i0, i1);
+    test_one_u128_decimal(value, expected_decimal);
+    test_one_u128_hex(value, expected_hex);
+    test_one_u128_padded_hex(value, expected_padded_hex);
+}
+
+START_TEST(test_u128_print)
+{
+    DESCRIBE_TEST;
+    test_one_u128_print_from_32(
+        0, 0, 0, 0,
+        "0",
+        "0",
+        "00000000000000000000000000000000"
+    );
+    test_one_u128_print_from_32(
+        0, 0, 0, 2,
+        "2",
+        "2",
+        "00000000000000000000000000000002"
+    );
+    test_one_u128_print_from_32(
+        0, 0, 0, 20,
+        "20",
+        "14",
+        "00000000000000000000000000000014"
+    );
+    test_one_u128_print_from_32(
+        0, 0, 0, 0xffffffff,
+        "4294967295",
+        "ffffffff",
+        "000000000000000000000000ffffffff"
+    );
+    test_one_u128_print_from_32(
+        0, 0, 1, 0,
+        "4294967296",
+        "100000000",
+        "00000000000000000000000100000000"
+    );
+    test_one_u128_print_from_32(
+        0, 0, 0xffffffff, 0xffffffff,
+        "18446744073709551615",
+        "ffffffffffffffff",
+        "0000000000000000ffffffffffffffff"
+    );
+    test_one_u128_print_from_32(
+        0, 1, 0, 0,
+        "18446744073709551616",
+        "10000000000000000",
+        "00000000000000010000000000000000"
+    );
+    test_one_u128_print_from_64(
+        0, 0,
+        "0",
+        "0",
+        "00000000000000000000000000000000"
+    );
+    test_one_u128_print_from_64(
+        0, 2,
+        "2",
+        "2",
+        "00000000000000000000000000000002"
+    );
+    test_one_u128_print_from_64(
+        0, 20,
+        "20",
+        "14",
+        "00000000000000000000000000000014"
+    );
+    test_one_u128_print_from_64(
+        0, UINT64_C(0xffffffffffffffff),
+        "18446744073709551615",
+        "ffffffffffffffff",
+        "0000000000000000ffffffffffffffff"
+    );
+    test_one_u128_print_from_64(
+        1, 0,
+        "18446744073709551616",
+        "10000000000000000",
+        "00000000000000010000000000000000"
+    );
+}
+END_TEST
+
+
+static void
+test_one_u128_add(uint64_t i0, uint64_t i1, uint64_t j0, uint64_t j1,
+                  const char *expected)
+{
+    cork_u128  value1 = cork_u128_from_64(i0, i1);
+    cork_u128  value2 = cork_u128_from_64(j0, j1);
+    cork_u128  sum = cork_u128_add(value1, value2);
+    test_one_u128_decimal(sum, expected);
+}
+
+START_TEST(test_u128_add)
+{
+    DESCRIBE_TEST;
+    test_one_u128_add(0, 0, 0, 0, "0");
+    test_one_u128_add(0, 1, 0, 1, "2");
+    test_one_u128_add(0, 1, 0, 0xffffffff, "4294967296");
+    test_one_u128_add(0, 1, 0xffffffffffffffffLL, 0xffffffffffffffffLL, "0");
+}
+END_TEST
+
+
+static void
+test_one_u128_sub(uint64_t i0, uint64_t i1, uint64_t j0, uint64_t j1,
+                  const char *expected)
+{
+    cork_u128  value1 = cork_u128_from_64(i0, i1);
+    cork_u128  value2 = cork_u128_from_64(j0, j1);
+    cork_u128  diff = cork_u128_sub(value1, value2);
+    test_one_u128_decimal(diff, expected);
+}
+
+START_TEST(test_u128_sub)
+{
+    DESCRIBE_TEST;
+    test_one_u128_sub(0, 0, 0, 0, "0");
+    test_one_u128_sub(0, 1, 0, 1, "0");
+    test_one_u128_sub(0, 2, 0, 1, "1");
+    test_one_u128_sub(0, UINT64_C(0x100000000), 0, 1, "4294967295");
+    test_one_u128_sub(1, 0, 0, 1, "18446744073709551615");
+    test_one_u128_sub(0, 1, 0, 2, "340282366920938463463374607431768211455");
+}
+END_TEST
+
+
+#define test_u128_cmp(op, op_str, v1, v2, expected) \
+    do { \
+        bool  actual = cork_u128_##op((v1), (v2)); \
+        fail_unless(actual == (expected), \
+                    "%" PRIu64 ":%" PRIu64 \
+                    " should %sbe " op_str " " \
+                    "%" PRIu64 ":%" PRIu64, \
+                    cork_u128_be64((v1), 0), cork_u128_be64((v1), 1), \
+                    (expected)? "": "not ", \
+                    cork_u128_be64((v2), 0), cork_u128_be64((v2), 1)); \
+    } while (0)
+
+static void
+test_one_u128_eq(uint64_t i0, uint64_t i1, uint64_t j0, uint64_t j1,
+                 bool expected)
+{
+    cork_u128  value1 = cork_u128_from_64(i0, i1);
+    cork_u128  value2 = cork_u128_from_64(j0, j1);
+    test_u128_cmp(eq, "==", value1, value2, expected);
+    test_u128_cmp(ne, "!=", value1, value2, !expected);
+}
+
+START_TEST(test_u128_eq)
+{
+    DESCRIBE_TEST;
+    test_one_u128_eq(0, 0, 0, 0, true);
+    test_one_u128_eq(0, 0, 0, 1, false);
+    test_one_u128_eq(0, 2, 0, 1, false);
+    test_one_u128_eq(0, 1, 0, UINT64_C(0x100000000), false);
+    test_one_u128_eq(0, UINT64_C(0x100000000), 0, UINT64_C(0x100000000), true);
+}
+END_TEST
+
+static void
+test_one_u128_lt(uint64_t i0, uint64_t i1, uint64_t j0, uint64_t j1,
+                 bool expected)
+{
+    cork_u128  value1 = cork_u128_from_64(i0, i1);
+    cork_u128  value2 = cork_u128_from_64(j0, j1);
+    test_u128_cmp(lt, "<",  value1, value2, expected);
+    test_u128_cmp(ge, ">=", value1, value2, !expected);
+}
+
+START_TEST(test_u128_lt)
+{
+    DESCRIBE_TEST;
+    test_one_u128_lt(0, 0, 0, 0, false);
+    test_one_u128_lt(0, 0, 0, 1, true);
+    test_one_u128_lt(0, 2, 0, 1, false);
+    test_one_u128_lt(0, 1, 0, UINT64_C(0x100000000), true);
+}
+END_TEST
+
+static void
+test_one_u128_gt(uint64_t i0, uint64_t i1, uint64_t j0, uint64_t j1,
+                 bool expected)
+{
+    cork_u128  value1 = cork_u128_from_64(i0, i1);
+    cork_u128  value2 = cork_u128_from_64(j0, j1);
+    test_u128_cmp(gt, ">",  value1, value2, expected);
+    test_u128_cmp(le, "<=", value1, value2, !expected);
+}
+
+START_TEST(test_u128_gt)
+{
+    DESCRIBE_TEST;
+    test_one_u128_gt(0, 0, 0, 0, false);
+    test_one_u128_gt(0, 1, 0, 0, true);
+    test_one_u128_gt(0, 1, 0, 2, false);
+    test_one_u128_gt(0, UINT64_C(0x100000000), 0, 1, true);
+}
+END_TEST
+
+
+/*-----------------------------------------------------------------------
+ * Statement expressions
+ */
+
+START_TEST(test_statement_expr)
+{
+#if CORK_CONFIG_HAVE_GCC_STATEMENT_EXPRS
+    int  value = ({ int __x = 0; __x += 2; __x;});
+    fail_unless_equal("Statement expression result", "%d", 2, value);
+#endif
+}
+END_TEST
+
+
+/*-----------------------------------------------------------------------
+ * Unique identifiers
+ */
+
+START_TEST(test_uid)
+{
+    DESCRIBE_TEST;
+    cork_uid_define(test_id_01);
+    cork_uid_define(test_id_02);
+    cork_uid  id1;
+    cork_uid  id2;
+
+    fail_unless_streq("UID name", "test_id_01", cork_uid_name(test_id_01));
+    fail_unless_streq("UID name", "test_id_02", cork_uid_name(test_id_02));
+
+    id1 = test_id_01;
+    id2 = test_id_02;
+    fail_if(cork_uid_equal(id1, id2), "Unique IDs aren't unique");
+
+    id1 = test_id_01;
+    id2 = test_id_01;
+    fail_unless(cork_uid_equal(id1, id2), "Unique ID isn't equal to itself");
+
+    id1 = test_id_01;
+    id2 = CORK_UID_NONE;
+    fail_if(cork_uid_equal(id1, id2), "NULL unique ID isn't unique");
+}
+END_TEST
+
+
+/*-----------------------------------------------------------------------
+ * Testing harness
+ */
+
+Suite *
+test_suite()
+{
+    Suite  *s = suite_create("core");
+
+    TCase  *tc_types = tcase_create("types");
+    tcase_add_test(tc_types, test_bool);
+    tcase_add_test(tc_types, test_int_types);
+    tcase_add_test(tc_types, test_int_sizeof);
+    suite_add_tcase(s, tc_types);
+
+    TCase  *tc_string = tcase_create("string");
+    tcase_add_test(tc_string, test_string);
+    suite_add_tcase(s, tc_string);
+
+    TCase  *tc_endianness = tcase_create("endianness");
+    tcase_add_test(tc_endianness, test_endianness);
+    suite_add_tcase(s, tc_endianness);
+
+    TCase  *tc_errors = tcase_create("errors");
+    tcase_add_test(tc_errors, test_error_prefix);
+    tcase_add_test(tc_errors, test_system_error);
+    suite_add_tcase(s, tc_errors);
+
+    TCase  *tc_hash = tcase_create("hash");
+    tcase_add_test(tc_hash, test_hash);
+    suite_add_tcase(s, tc_hash);
+
+    TCase  *tc_addresses = tcase_create("net-addresses");
+    tcase_add_test(tc_addresses, test_ipv4_address);
+    tcase_add_test(tc_addresses, test_ipv6_address);
+    tcase_add_test(tc_addresses, test_ip_address);
+    suite_add_tcase(s, tc_addresses);
+
+    TCase  *tc_timestamp = tcase_create("timestamp");
+    tcase_add_test(tc_timestamp, test_timestamp);
+    tcase_add_test(tc_timestamp, test_timestamp_format);
+    suite_add_tcase(s, tc_timestamp);
+
+    TCase  *tc_u128 = tcase_create("u128");
+    tcase_add_test(tc_u128, test_u128_print);
+    tcase_add_test(tc_u128, test_u128_add);
+    tcase_add_test(tc_u128, test_u128_sub);
+    tcase_add_test(tc_u128, test_u128_eq);
+    tcase_add_test(tc_u128, test_u128_lt);
+    tcase_add_test(tc_u128, test_u128_gt);
+    suite_add_tcase(s, tc_u128);
+
+    TCase  *tc_statement_expr = tcase_create("statement_expr");
+    tcase_add_test(tc_statement_expr, test_statement_expr);
+    suite_add_tcase(s, tc_statement_expr);
+
+    TCase  *tc_uid = tcase_create("uid");
+    tcase_add_test(tc_uid, test_uid);
+    suite_add_tcase(s, tc_uid);
+
+    return s;
+}
+
+
+int
+main(int argc, const char **argv)
+{
+    int  number_failed;
+    Suite  *suite = test_suite();
+    SRunner  *runner = srunner_create(suite);
+
+    setup_allocator();
+
+    /* Before anything starts, override the TZ environment variable so that we
+     * get consistent test results. */
+    cork_env_add(NULL, "TZ", "America/Los_Angeles");
+
+    srunner_run_all(runner, CK_NORMAL);
+    number_failed = srunner_ntests_failed(runner);
+    srunner_free(runner);
+
+    return (number_failed == 0)? EXIT_SUCCESS: EXIT_FAILURE;
+}
diff --git a/client/3rd/ShadowSocks/ShadowSocks/shadowsocks-libev/libcork/tests/test-dllist.c b/client/3rd/ShadowSocks/ShadowSocks/shadowsocks-libev/libcork/tests/test-dllist.c
new file mode 100644
index 00000000..fd1dfb7a
--- /dev/null
+++ b/client/3rd/ShadowSocks/ShadowSocks/shadowsocks-libev/libcork/tests/test-dllist.c
@@ -0,0 +1,196 @@
+/* -*- coding: utf-8 -*-
+ * ----------------------------------------------------------------------
+ * Copyright © 2011-2014, RedJack, LLC.
+ * All rights reserved.
+ *
+ * Please see the COPYING file in this distribution for license details.
+ * ----------------------------------------------------------------------
+ */
+
+#include <stdarg.h>
+#include <stdlib.h>
+#include <stdio.h>
+
+#include <check.h>
+
+#include "libcork/core/types.h"
+#include "libcork/ds/buffer.h"
+#include "libcork/ds/dllist.h"
+
+#include "helpers.h"
+
+
+/*-----------------------------------------------------------------------
+ * Doubly-linked lists
+ */
+
+struct int64_item {
+    int64_t  value;
+    struct cork_dllist_item  element;
+};
+
+static int
+int64_sum(void *user_data, struct cork_dllist_item *element)
+{
+    int64_t  *sum = user_data;
+    struct int64_item  *item =
+        cork_container_of(element, struct int64_item, element);
+    *sum += item->value;
+    return 0;
+}
+
+static void
+check_int64_list(struct cork_dllist *list, const char *expected)
+{
+    bool  first = true;
+    struct cork_buffer  buf = CORK_BUFFER_INIT();
+    struct cork_dllist_item  *curr;
+    struct cork_dllist_item  *next;
+    struct int64_item  *item;
+    cork_buffer_append_literal(&buf, "");
+    cork_dllist_foreach(list, curr, next, struct int64_item, item, element) {
+        if (first) {
+            first = false;
+        } else {
+            cork_buffer_append_literal(&buf, ",");
+        }
+        cork_buffer_append_printf(&buf, "%" PRId64, item->value);
+    }
+    fail_unless_streq("List contents", expected, buf.buf);
+    cork_buffer_done(&buf);
+}
+
+START_TEST(test_dllist)
+{
+    struct cork_dllist  list;
+    struct cork_dllist_item  *curr;
+    struct cork_dllist_item  *next;
+    struct int64_item  *item;
+    struct int64_item  item1;
+    struct int64_item  item2;
+    struct int64_item  item3;
+    int64_t  sum;
+
+    cork_dllist_init(&list);
+    fail_unless(cork_dllist_size(&list) == 0,
+                "Unexpected size of list: got %zu, expected 0",
+                cork_dllist_size(&list));
+    fail_unless(cork_dllist_is_empty(&list),
+                "Expected empty list");
+    check_int64_list(&list, "");
+
+    item1.value = 1;
+    cork_dllist_add(&list, &item1.element);
+    fail_unless(cork_dllist_size(&list) == 1,
+                "Unexpected size of list: got %zu, expected 1",
+                cork_dllist_size(&list));
+    check_int64_list(&list, "1");
+
+    item2.value = 2;
+    cork_dllist_add(&list, &item2.element);
+    fail_unless(cork_dllist_size(&list) == 2,
+                "Unexpected size of list: got %zu, expected 2",
+                cork_dllist_size(&list));
+    check_int64_list(&list, "1,2");
+
+    item3.value = 3;
+    cork_dllist_add(&list, &item3.element);
+    fail_unless(cork_dllist_size(&list) == 3,
+                "Unexpected size of list: got %zu, expected 3",
+                cork_dllist_size(&list));
+    check_int64_list(&list, "1,2,3");
+
+    sum = 0;
+    fail_if(cork_dllist_visit(&list, &sum, int64_sum));
+    fail_unless(sum == 6,
+                "Unexpected sum, got %ld, expected 6",
+                (long) sum);
+
+    sum = 0;
+    cork_dllist_foreach(&list, curr, next, struct int64_item, item, element) {
+        sum += item->value;
+    }
+    fail_unless(sum == 6,
+                "Unexpected sum, got %ld, expected 6",
+                (long) sum);
+
+    cork_dllist_remove(&item2.element);
+    fail_unless(cork_dllist_size(&list) == 2,
+                "Unexpected size of list: got %zu, expected 2",
+                cork_dllist_size(&list));
+}
+END_TEST
+
+START_TEST(test_dllist_append)
+{
+    struct cork_dllist  list1 = CORK_DLLIST_INIT(list1);
+    struct cork_dllist  list2 = CORK_DLLIST_INIT(list2);
+    struct int64_item  item1;
+    struct int64_item  item2;
+    struct int64_item  item3;
+    struct int64_item  item4;
+    struct int64_item  item5;
+    struct int64_item  item6;
+    struct int64_item  item7;
+
+    item1.value = 1;
+    cork_dllist_add_to_head(&list1, &item1.element);
+    check_int64_list(&list1, "1");
+
+    item2.value = 2;
+    cork_dllist_add_to_head(&list1, &item2.element);
+    check_int64_list(&list1, "2,1");
+
+    item3.value = 3;
+    cork_dllist_add_to_tail(&list1, &item3.element);
+    check_int64_list(&list1, "2,1,3");
+
+    item4.value = 4;
+    cork_dllist_add_to_tail(&list2, &item4.element);
+    item5.value = 5;
+    cork_dllist_add_to_tail(&list2, &item5.element);
+    cork_dllist_add_list_to_head(&list1, &list2);
+    check_int64_list(&list1, "4,5,2,1,3");
+
+    item6.value = 6;
+    cork_dllist_add_to_tail(&list2, &item6.element);
+    item7.value = 7;
+    cork_dllist_add_to_tail(&list2, &item7.element);
+    cork_dllist_add_list_to_tail(&list1, &list2);
+    check_int64_list(&list1, "4,5,2,1,3,6,7");
+}
+END_TEST
+
+
+/*-----------------------------------------------------------------------
+ * Testing harness
+ */
+
+Suite *
+test_suite()
+{
+    Suite  *s = suite_create("dllist");
+
+    TCase  *tc_ds = tcase_create("dllist");
+    tcase_add_test(tc_ds, test_dllist);
+    tcase_add_test(tc_ds, test_dllist_append);
+    suite_add_tcase(s, tc_ds);
+
+    return s;
+}
+
+
+int
+main(int argc, const char **argv)
+{
+    int  number_failed;
+    Suite  *suite = test_suite();
+    SRunner  *runner = srunner_create(suite);
+
+    setup_allocator();
+    srunner_run_all(runner, CK_NORMAL);
+    number_failed = srunner_ntests_failed(runner);
+    srunner_free(runner);
+
+    return (number_failed == 0)? EXIT_SUCCESS: EXIT_FAILURE;
+}
diff --git a/client/3rd/ShadowSocks/ShadowSocks/shadowsocks-libev/libcork/tests/test-files.c b/client/3rd/ShadowSocks/ShadowSocks/shadowsocks-libev/libcork/tests/test-files.c
new file mode 100644
index 00000000..ed766157
--- /dev/null
+++ b/client/3rd/ShadowSocks/ShadowSocks/shadowsocks-libev/libcork/tests/test-files.c
@@ -0,0 +1,420 @@
+/* -*- coding: utf-8 -*-
+ * ----------------------------------------------------------------------
+ * Copyright © 2013-2014, RedJack, LLC.
+ * All rights reserved.
+ *
+ * Please see the COPYING file in this distribution for license details.
+ * ----------------------------------------------------------------------
+ */
+
+#include <assert.h>
+#include <stdlib.h>
+#include <stdio.h>
+#include <string.h>
+
+#include <check.h>
+
+#include "libcork/core/types.h"
+#include "libcork/ds/buffer.h"
+#include "libcork/os/files.h"
+
+#include "helpers.h"
+
+
+static const char  *program_path;
+
+
+/*-----------------------------------------------------------------------
+ * Paths
+ */
+
+void
+verify_path_content(struct cork_path *path, const char *expected)
+{
+    fail_if(cork_path_get(path) == NULL, "Path should not have NULL content");
+    fail_unless_streq("Paths", expected, cork_path_get(path));
+}
+
+void
+test_path(const char *p, const char *expected)
+{
+    struct cork_path  *path;
+    struct cork_path  *cloned;
+    struct cork_path  *set;
+
+    fprintf(stderr, "path(\"%s\") ?= \"%s\"\n",
+            (p == NULL)? "": p,
+            expected);
+
+    path = cork_path_new(p);
+    verify_path_content(path, expected);
+
+    cloned = cork_path_clone(path);
+    verify_path_content(cloned, expected);
+    cork_path_free(cloned);
+    cork_path_free(path);
+
+    set = cork_path_new(NULL);
+    cork_path_set(set, p);
+    verify_path_content(set, expected);
+    cork_path_free(set);
+}
+
+START_TEST(test_path_01)
+{
+    DESCRIBE_TEST;
+    test_path(NULL, "");
+    test_path("a", "a");
+    test_path("a/b", "a/b");
+}
+END_TEST
+
+
+void
+test_join(const char *p1, const char *p2, const char *expected)
+{
+    struct cork_path  *path1;
+    struct cork_path  *path2;
+    struct cork_path  *actual;
+
+    fprintf(stderr, "join(\"%s\", \"%s\") ?= \"%s\"\n",
+            (p1 == NULL)? "": p1,
+            (p2 == NULL)? "": p2,
+            expected);
+
+    /* Try cork_path_join */
+    path1 = cork_path_new(p1);
+    actual = cork_path_join(path1, p2);
+    verify_path_content(actual, expected);
+    cork_path_free(path1);
+    cork_path_free(actual);
+
+    /* Try cork_path_join_path */
+    path1 = cork_path_new(p1);
+    path2 = cork_path_new(p2);
+    actual = cork_path_join_path(path1, path2);
+    verify_path_content(actual, expected);
+    cork_path_free(path1);
+    cork_path_free(path2);
+    cork_path_free(actual);
+
+    /* Try cork_path_append */
+    actual = cork_path_new(p1);
+    cork_path_append(actual, p2);
+    verify_path_content(actual, expected);
+    cork_path_free(actual);
+
+    /* Try cork_path_append_path */
+    actual = cork_path_new(p1);
+    path2 = cork_path_new(p2);
+    cork_path_append_path(actual, path2);
+    verify_path_content(actual, expected);
+    cork_path_free(path2);
+    cork_path_free(actual);
+}
+
+START_TEST(test_path_join_01)
+{
+    DESCRIBE_TEST;
+    test_join("a", "b",    "a/b");
+    test_join("a/", "b",   "a/b");
+    test_join("", "a/b",   "a/b");
+    test_join("a/b", "",   "a/b");
+    test_join(NULL, "a/b", "a/b");
+    test_join("a/b", NULL, "a/b");
+}
+END_TEST
+
+START_TEST(test_path_join_02)
+{
+    DESCRIBE_TEST;
+    test_join("", "/b",   "/b");
+    test_join(NULL, "/b", "/b");
+    test_join("a", "/b",  "/b");
+    test_join("a/", "/b", "/b");
+}
+END_TEST
+
+
+void
+test_basename(const char *p, const char *expected)
+{
+    struct cork_path  *path;
+    struct cork_path  *actual;
+
+    fprintf(stderr, "basename(\"%s\") ?= \"%s\"\n",
+            (p == NULL)? "": p,
+            expected);
+
+    /* Try cork_path_basename */
+    path = cork_path_new(p);
+    actual = cork_path_basename(path);
+    verify_path_content(actual, expected);
+    cork_path_free(path);
+    cork_path_free(actual);
+
+    /* Try cork_path_set_basename */
+    actual = cork_path_new(p);
+    cork_path_set_basename(actual);
+    verify_path_content(actual, expected);
+    cork_path_free(actual);
+}
+
+START_TEST(test_path_basename_01)
+{
+    DESCRIBE_TEST;
+    test_basename("", "");
+    test_basename(NULL, "");
+    test_basename("a", "a");
+    test_basename("a/", "");
+    test_basename("a/b", "b");
+    test_basename("a/b/", "");
+    test_basename("a/b/c", "c");
+    test_basename("/a", "a");
+    test_basename("/a/", "");
+    test_basename("/a/b", "b");
+    test_basename("/a/b/", "");
+    test_basename("/a/b/c", "c");
+}
+END_TEST
+
+
+void
+test_dirname(const char *p, const char *expected)
+{
+    struct cork_path  *path;
+    struct cork_path  *actual;
+
+    fprintf(stderr, "dirname(\"%s\") ?= \"%s\"\n",
+            (p == NULL)? "": p,
+            expected);
+
+    /* Try cork_path_dirname */
+    path = cork_path_new(p);
+    actual = cork_path_dirname(path);
+    verify_path_content(actual, expected);
+    cork_path_free(path);
+    cork_path_free(actual);
+
+    /* Try cork_path_set_dirname */
+    actual = cork_path_new(p);
+    cork_path_set_dirname(actual);
+    verify_path_content(actual, expected);
+    cork_path_free(actual);
+}
+
+START_TEST(test_path_dirname_01)
+{
+    DESCRIBE_TEST;
+    test_dirname(NULL, "");
+    test_dirname("", "");
+    test_dirname("a", "");
+    test_dirname("a/", "a");
+    test_dirname("a/b", "a");
+    test_dirname("a/b/", "a/b");
+    test_dirname("a/b/c", "a/b");
+    test_dirname("/", "/");
+    test_dirname("/a", "/");
+    test_dirname("/a/", "/a");
+    test_dirname("/a/b", "/a");
+    test_dirname("/a/b/", "/a/b");
+    test_dirname("/a/b/c", "/a/b");
+}
+END_TEST
+
+
+void
+test_relative_child(const char *p, const char *f, const char *expected)
+{
+    struct cork_path  *actual;
+
+    fprintf(stderr, "relative_child(\"%s\", \"%s\") ?= \"%s\"\n",
+            (p == NULL)? "": p,
+            (f == NULL)? "": f,
+            expected);
+
+    actual = cork_path_new(p);
+    cork_path_set_basename(actual);
+    cork_path_append(actual, f);
+    verify_path_content(actual, expected);
+    cork_path_free(actual);
+}
+
+START_TEST(test_path_relative_child_01)
+{
+    DESCRIBE_TEST;
+    test_relative_child(NULL, "a", "a");
+    test_relative_child("", "a", "a");
+    test_relative_child("a", "b", "a/b");
+    test_relative_child("a/b", "c", "b/c");
+}
+END_TEST
+
+
+void
+test_set_absolute(const char *p, const char *expected)
+{
+    struct cork_path  *actual;
+
+    fprintf(stderr, "set_absolute(\"%s\") ?= \"%s\"\n",
+            (p == NULL)? "": p,
+            expected);
+
+    actual = cork_path_new(p);
+    cork_path_set_absolute(actual);
+    if ((p != NULL) && (p[0] == '/')) {
+        /* If the first char in p is a '/', then we want to
+         * test that already have an absolute path string. */
+        verify_path_content(actual, expected);
+    } else {
+        /* Otherwise, we have to construct a new expected path
+         * string using cork_path_cwd since the prepended $ROOT
+         * path is unknown. */
+        struct cork_path  *root_path;
+        struct cork_buffer  *expected_path = cork_buffer_new();
+        root_path = cork_path_cwd();
+        cork_buffer_append_printf
+            (expected_path, "%s/%s", cork_path_get(root_path), expected);
+        verify_path_content(actual, (char *) expected_path->buf);
+        cork_path_free(root_path);
+        cork_buffer_free(expected_path);
+    }
+    cork_path_free(actual);
+}
+
+START_TEST(test_path_set_absolute_01)
+{
+    /* We test that an absolute path really is so. */
+    DESCRIBE_TEST
+    test_set_absolute("", "");
+    test_set_absolute("/", "/");
+    test_set_absolute("/a", "/a");
+    test_set_absolute("/a/b", "/a/b");
+    test_set_absolute("/a/b/", "/a/b/");
+    test_set_absolute("c/d", "c/d");
+    test_set_absolute("c/d/", "c/d/");
+}
+END_TEST
+
+
+/*-----------------------------------------------------------------------
+ * Lists of paths
+ */
+
+void
+verify_path_list_content(struct cork_path_list *list, const char *expected)
+{
+    struct cork_buffer  buf = CORK_BUFFER_INIT();
+    size_t  count = cork_path_list_size(list);
+    size_t  i;
+
+    for (i = 0; i < count; i++) {
+        const struct cork_path  *path = cork_path_list_get(list, i);
+        cork_buffer_append_string(&buf, cork_path_get(path));
+        cork_buffer_append(&buf, "\n", 1);
+    }
+
+    fail_unless_streq("path lists", expected, buf.buf);
+    cork_buffer_done(&buf);
+}
+
+void
+test_path_list(const char *p, const char *expected)
+{
+    struct cork_path_list  *list;
+
+    fprintf(stderr, "path_list(\"%s\")\n", p);
+
+    list = cork_path_list_new(p);
+    verify_path_list_content(list, expected);
+    fail_unless_streq("path lists", p, cork_path_list_to_string(list));
+    cork_path_list_free(list);
+}
+
+START_TEST(test_path_list_01)
+{
+    DESCRIBE_TEST;
+    test_path_list("a", "a\n");
+    test_path_list("a/b", "a/b\n");
+    test_path_list(":a/b", "\na/b\n");
+    test_path_list("a:a/b:", "a\na/b\n\n");
+}
+END_TEST
+
+
+/*-----------------------------------------------------------------------
+ * Files
+ */
+
+void
+test_file_exists(const char *filename, bool expected)
+{
+    struct cork_path  *path;
+    struct cork_file  *file;
+    bool  actual;
+    path = cork_path_new(program_path);
+    cork_path_set_dirname(path);
+    cork_path_append(path, filename);
+    file = cork_file_new_from_path(path);
+    fail_if_error(cork_file_exists(file, &actual));
+    fail_unless(actual == expected, "File %s should%s exist",
+                cork_path_get(path), expected? "": " not");
+    cork_file_free(file);
+}
+
+START_TEST(test_file_exists_01)
+{
+    DESCRIBE_TEST;
+    test_file_exists("embedded-test-files", true);
+    test_file_exists("test-nonexistent", false);
+}
+END_TEST
+
+
+/*-----------------------------------------------------------------------
+ * Testing harness
+ */
+
+Suite *
+test_suite()
+{
+    Suite  *s = suite_create("path");
+
+    TCase  *tc_path = tcase_create("path");
+    tcase_add_test(tc_path, test_path_01);
+    tcase_add_test(tc_path, test_path_join_01);
+    tcase_add_test(tc_path, test_path_join_02);
+    tcase_add_test(tc_path, test_path_basename_01);
+    tcase_add_test(tc_path, test_path_dirname_01);
+    tcase_add_test(tc_path, test_path_relative_child_01);
+    tcase_add_test(tc_path, test_path_set_absolute_01);
+    suite_add_tcase(s, tc_path);
+
+    TCase  *tc_path_list = tcase_create("path-list");
+    tcase_add_test(tc_path_list, test_path_list_01);
+    suite_add_tcase(s, tc_path_list);
+
+    TCase  *tc_file = tcase_create("file");
+    tcase_add_test(tc_file, test_file_exists_01);
+    suite_add_tcase(s, tc_file);
+
+    return s;
+}
+
+
+int
+main(int argc, const char **argv)
+{
+    int  number_failed;
+    Suite  *suite = test_suite();
+    SRunner  *runner = srunner_create(suite);
+
+    setup_allocator();
+    assert(argc > 0);
+    program_path = argv[0];
+    srunner_run_all(runner, CK_NORMAL);
+    number_failed = srunner_ntests_failed(runner);
+    srunner_free(runner);
+
+    return (number_failed == 0)? EXIT_SUCCESS: EXIT_FAILURE;
+}
diff --git a/client/3rd/ShadowSocks/ShadowSocks/shadowsocks-libev/libcork/tests/test-gc.c b/client/3rd/ShadowSocks/ShadowSocks/shadowsocks-libev/libcork/tests/test-gc.c
new file mode 100644
index 00000000..90189479
--- /dev/null
+++ b/client/3rd/ShadowSocks/ShadowSocks/shadowsocks-libev/libcork/tests/test-gc.c
@@ -0,0 +1,159 @@
+/* -*- coding: utf-8 -*-
+ * ----------------------------------------------------------------------
+ * Copyright © 2011-2014, RedJack, LLC.
+ * All rights reserved.
+ *
+ * Please see the COPYING file in this distribution for license details.
+ * ----------------------------------------------------------------------
+ */
+
+#include <stdarg.h>
+#include <stdlib.h>
+#include <stdio.h>
+
+#include <check.h>
+
+#include "libcork/core/attributes.h"
+#include "libcork/core/gc.h"
+#include "libcork/core/types.h"
+#include "libcork/helpers/gc.h"
+
+#include "helpers.h"
+
+
+/*-----------------------------------------------------------------------
+ * Garbage collector
+ */
+
+struct tree {
+    int  id;
+    struct tree  *left;
+    struct tree  *right;
+};
+
+_free_(tree) {
+    /* nothing to do, I just want to test the macro */
+}
+
+_recurse_(tree) {
+    struct tree  *self = obj;
+    recurse(gc, self->left, ud);
+    recurse(gc, self->right, ud);
+}
+
+/* test all the variations, even though we're only going to use "tree" */
+_gc_(tree);
+
+#define tree0__recurse  tree__recurse
+CORK_ATTR_UNUSED static struct cork_gc_obj_iface  tree0__gc;
+_gc_no_free_(tree0);
+
+#define tree1__free  tree__free
+CORK_ATTR_UNUSED static struct cork_gc_obj_iface  tree1__gc;
+_gc_no_recurse_(tree1);
+
+CORK_ATTR_UNUSED static struct cork_gc_obj_iface  tree2__gc;
+_gc_leaf_(tree2);
+
+struct tree *
+tree_new(int id, struct tree *l, struct tree *r)
+{
+    struct tree  *self = cork_gc_new(tree);
+    self->id = id;
+    self->left = cork_gc_incref(l);
+    self->right = cork_gc_incref(r);
+    return self;
+}
+
+START_TEST(test_gc_acyclic_01)
+{
+    DESCRIBE_TEST;
+    cork_gc_init();
+
+    struct tree  *t1 = tree_new(0, NULL, NULL);
+    struct tree  *t2 = tree_new(0, NULL, NULL);
+    struct tree  *t0 = tree_new(0, t1, t2);
+
+    cork_gc_decref(t1);
+    cork_gc_decref(t2);
+    cork_gc_decref(t0);
+
+    cork_gc_done();
+}
+END_TEST
+
+START_TEST(test_gc_cyclic_01)
+{
+    DESCRIBE_TEST;
+    cork_gc_init();
+
+    struct tree  *t1 = tree_new(0, NULL, NULL);
+    struct tree  *t2 = tree_new(0, NULL, NULL);
+    struct tree  *t0 = tree_new(0, t1, t2);
+
+    t1->left = cork_gc_incref(t0);
+
+    cork_gc_decref(t1);
+    cork_gc_decref(t2);
+    cork_gc_decref(t0);
+
+    cork_gc_done();
+}
+END_TEST
+
+START_TEST(test_gc_cyclic_02)
+{
+    DESCRIBE_TEST;
+    cork_gc_init();
+
+    struct tree  *t1 = tree_new(0, NULL, NULL);
+    struct tree  *t2 = tree_new(0, NULL, NULL);
+    struct tree  *t0 = tree_new(0, t1, t2);
+
+    t1->left = cork_gc_incref(t0);
+    t2->left = cork_gc_incref(t2);
+    t2->right = cork_gc_incref(t0);
+
+    cork_gc_decref(t1);
+    cork_gc_decref(t2);
+    cork_gc_decref(t0);
+
+    cork_gc_done();
+}
+END_TEST
+
+
+/*-----------------------------------------------------------------------
+ * Testing harness
+ */
+
+Suite *
+test_suite()
+{
+    Suite  *s = suite_create("gc");
+
+    TCase  *tc_gc = tcase_create("gc");
+    tcase_add_test(tc_gc, test_gc_acyclic_01);
+    tcase_add_test(tc_gc, test_gc_cyclic_01);
+    tcase_add_test(tc_gc, test_gc_cyclic_02);
+    suite_add_tcase(s, tc_gc);
+
+    return s;
+}
+
+
+int
+main(int argc, const char **argv)
+{
+    int  number_failed;
+    Suite  *suite = test_suite();
+    SRunner  *runner = srunner_create(suite);
+
+    setup_allocator();
+    srunner_run_all(runner, CK_NORMAL);
+    number_failed = srunner_ntests_failed(runner);
+    srunner_free(runner);
+
+    return (number_failed == 0)? EXIT_SUCCESS: EXIT_FAILURE;
+}
+
diff --git a/client/3rd/ShadowSocks/ShadowSocks/shadowsocks-libev/libcork/tests/test-hash-table.c b/client/3rd/ShadowSocks/ShadowSocks/shadowsocks-libev/libcork/tests/test-hash-table.c
new file mode 100644
index 00000000..f6baf747
--- /dev/null
+++ b/client/3rd/ShadowSocks/ShadowSocks/shadowsocks-libev/libcork/tests/test-hash-table.c
@@ -0,0 +1,366 @@
+/* -*- coding: utf-8 -*-
+ * ----------------------------------------------------------------------
+ * Copyright © 2011-2014, RedJack, LLC.
+ * All rights reserved.
+ *
+ * Please see the COPYING file in this distribution for license details.
+ * ----------------------------------------------------------------------
+ */
+
+#include <stdarg.h>
+#include <stdlib.h>
+#include <stdio.h>
+
+#include <check.h>
+
+#include "libcork/core/allocator.h"
+#include "libcork/core/hash.h"
+#include "libcork/core/types.h"
+#include "libcork/ds/buffer.h"
+#include "libcork/ds/hash-table.h"
+
+#include "helpers.h"
+
+/*-----------------------------------------------------------------------
+ * Integer hash tables
+ */
+
+static void
+uint64__free(void *vi)
+{
+    uint64_t  *i = vi;
+    cork_delete(uint64_t, i);
+}
+
+static bool
+uint64__equals(void *user_data, const void *va, const void *vb)
+{
+    const uint64_t  *a = va;
+    const uint64_t  *b = vb;
+#if 0
+    printf("Testing %p (%" PRIu64 ") and %p (%" PRIu64 ")\n",
+           a, *a, b, *b);
+#endif
+    return *a == *b;
+}
+
+static cork_hash
+uint64__hash(void *user_data, const void *velement)
+{
+    const uint64_t  *element = velement;
+#if 0
+    printf("Hashing %p (%" PRIu64 ")\n", element, *element);
+#endif
+    return (cork_hash) *element;
+}
+
+static enum cork_hash_table_map_result
+uint64_sum(void *vsum, struct cork_hash_table_entry *entry)
+{
+    uint64_t  *sum = vsum;
+    uint64_t  *value = entry->value;
+    *sum += *value;
+    return CORK_HASH_TABLE_MAP_CONTINUE;
+}
+
+static void
+test_map_sum(struct cork_hash_table *table, uint64_t expected)
+{
+    uint64_t  sum = 0;
+    cork_hash_table_map(table, &sum, uint64_sum);
+    fail_unless(sum == expected,
+                "Unexpected map sum, got %" PRIu64
+                ", expected %" PRIu64,
+                sum, expected);
+}
+
+static void
+test_iterator_sum(struct cork_hash_table *table, uint64_t expected)
+{
+    uint64_t  sum = 0;
+    struct cork_hash_table_iterator  iterator;
+    struct cork_hash_table_entry  *entry;
+    cork_hash_table_iterator_init(table, &iterator);
+    while ((entry = cork_hash_table_iterator_next(&iterator)) != NULL) {
+        uint64_t  *value_ptr = entry->value;
+        sum += *value_ptr;
+    }
+    fail_unless(sum == expected,
+                "Unexpected iterator sum, got %" PRIu64
+                ", expected %" PRIu64 "",
+                sum, expected);
+}
+
+static enum cork_hash_table_map_result
+uint64_to_string(void *vdest, struct cork_hash_table_entry *entry)
+{
+    struct cork_buffer  *dest = vdest;
+    uint64_t  *key = entry->key;
+    uint64_t  *value = entry->value;
+    if (dest->size > 1) {
+        cork_buffer_append(dest, ", ", 2);
+    }
+    cork_buffer_append_printf(dest, "%" PRIu64 ":%" PRIu64, *key, *value);
+    return CORK_HASH_TABLE_MAP_CONTINUE;
+}
+
+static void
+test_map_to_string(struct cork_hash_table *table, const char *expected)
+{
+    struct cork_buffer  buf = CORK_BUFFER_INIT();
+    cork_buffer_set(&buf, "[", 1);
+    cork_hash_table_map(table, &buf, uint64_to_string);
+    cork_buffer_append(&buf, "]", 1);
+    fail_unless_streq("Integer arrays", expected, buf.buf);
+    cork_buffer_done(&buf);
+}
+
+static void
+test_iterator_to_string(struct cork_hash_table *table, const char *expected)
+{
+    struct cork_buffer  buf = CORK_BUFFER_INIT();
+    struct cork_hash_table_iterator  iterator;
+    struct cork_hash_table_entry  *entry;
+    cork_buffer_set(&buf, "[", 1);
+    cork_hash_table_iterator_init(table, &iterator);
+    while ((entry = cork_hash_table_iterator_next(&iterator)) != NULL) {
+        uint64_t  *key = entry->key;
+        uint64_t  *value = entry->value;
+        if (buf.size > 1) {
+            cork_buffer_append(&buf, ", ", 2);
+        }
+        cork_buffer_append_printf(&buf, "%" PRIu64 ":%" PRIu64, *key, *value);
+    }
+    cork_buffer_append(&buf, "]", 1);
+    fail_unless_streq("Integer arrays", expected, buf.buf);
+    cork_buffer_done(&buf);
+}
+
+START_TEST(test_uint64_hash_table)
+{
+    struct cork_hash_table  *table;
+    uint64_t  key, *key_ptr, *old_key;
+    void  *v_key, *v_value;
+    uint64_t  *value_ptr, *old_value;
+    bool  is_new;
+    struct cork_hash_table_entry  *entry;
+
+    table = cork_hash_table_new(0, 0);
+    cork_hash_table_set_hash(table, uint64__hash);
+    cork_hash_table_set_equals(table, uint64__equals);
+    cork_hash_table_set_free_key(table, uint64__free);
+    cork_hash_table_set_free_value(table, uint64__free);
+    fail_unless(cork_hash_table_size(table) == 0,
+                "Hash table should start empty");
+
+    key = 0;
+    fail_unless(cork_hash_table_get(table, &key) == NULL,
+                "Shouldn't get value pointer from empty hash table");
+
+    test_map_sum(table, 0);
+    test_map_to_string(table, "[]");
+    test_iterator_sum(table, 0);
+    test_iterator_to_string(table, "[]");
+
+    key_ptr = cork_new(uint64_t);
+    *key_ptr = 0;
+    value_ptr = cork_new(uint64_t);
+    *value_ptr = 32;
+    fail_if_error(cork_hash_table_put
+                  (table, key_ptr, value_ptr,
+                   &is_new, &v_key, &v_value));
+    fail_unless(is_new, "Couldn't append {0=>32} to hash table");
+    old_key = v_key;
+    old_value = v_value;
+
+    fail_unless(old_key == NULL,
+                "Unexpected previous key");
+    fail_unless(old_value == NULL,
+                "Unexpected previous value");
+
+    fail_unless(cork_hash_table_size(table) == 1,
+                "Unexpected size after adding {0->32}");
+
+    fail_if_error(entry = cork_hash_table_get_or_create
+                  (table, &key, &is_new));
+    fail_if(is_new, "Shouldn't create new {0=>X} entry");
+    value_ptr = entry->value;
+    fail_unless(*value_ptr == 32,
+                "Unexpected value for {0=>X} entry");
+
+    fail_unless(cork_hash_table_size(table) == 1,
+                "Unexpected size after retrieving {0->32}");
+
+    key = 1;
+    fail_if_error(entry = cork_hash_table_get_or_create
+                  (table, &key, &is_new));
+    fail_unless(is_new, "Should create new {1=>X} entry");
+    key_ptr = cork_new(uint64_t);
+    *key_ptr = key;
+    entry->key = key_ptr;
+    value_ptr = cork_new(uint64_t);
+    *value_ptr = 2;
+    entry->value = value_ptr;
+
+    fail_unless(cork_hash_table_size(table) == 2,
+                "Unexpected size after adding {1=>2}");
+
+    test_map_sum(table, 34);
+    test_map_to_string(table, "[0:32, 1:2]");
+    test_iterator_sum(table, 34);
+    test_iterator_to_string(table, "[0:32, 1:2]");
+
+    key = 0;
+    fail_unless(cork_hash_table_delete(table, &key, NULL, NULL),
+                "Couldn't delete {0=>32}");
+
+    fail_unless(cork_hash_table_size(table) == 1,
+                "Unexpected size after deleting entry");
+
+    test_map_to_string(table, "[1:2]");
+    test_iterator_to_string(table, "[1:2]");
+
+    key = 3;
+    fail_if(cork_hash_table_delete(table, &key, NULL, NULL),
+            "Shouldn't be able to delete nonexistent {3=>X}");
+
+    cork_hash_table_delete_entry(table, entry);
+
+    fail_unless(cork_hash_table_size(table) == 0,
+                "Unexpected size after deleting last entry");
+
+    /*
+     * Add the entries back so that we can try deleting them using
+     * cork_hash_table_map.
+     */
+
+    key_ptr = cork_new(uint64_t);
+    *key_ptr = 0;
+    value_ptr = cork_new(uint64_t);
+    *value_ptr = 32;
+    fail_if_error(cork_hash_table_put
+                  (table, key_ptr, value_ptr,
+                   &is_new, &v_key, &v_value));
+    fail_unless(is_new, "Couldn't append {0=>32} to hash table");
+    old_key = v_key;
+    old_value = v_value;
+
+    key_ptr = cork_new(uint64_t);
+    *key_ptr = 1;
+    value_ptr = cork_new(uint64_t);
+    *value_ptr = 2;
+    fail_if_error(cork_hash_table_put
+                  (table, key_ptr, value_ptr,
+                   &is_new, &v_key, &v_value));
+    fail_unless(is_new, "Couldn't append {1=>2} to hash table");
+    old_key = v_key;
+    old_value = v_value;
+
+    cork_hash_table_clear(table);
+    fail_unless(cork_hash_table_size(table) == 0,
+                "Unexpected size after deleting entries using map");
+
+    /* And we're done, so let's free everything. */
+    cork_hash_table_free(table);
+}
+END_TEST
+
+
+/*-----------------------------------------------------------------------
+ * String hash tables
+ */
+
+START_TEST(test_string_hash_table)
+{
+    struct cork_hash_table  *table;
+    char  key[256];
+    void  *value;
+
+    table = cork_string_hash_table_new(0, 0);
+
+    fail_if_error(cork_hash_table_put
+                  (table, "key1", (void *) (uintptr_t) 1, NULL, NULL, NULL));
+    fail_unless(cork_hash_table_size(table) == 1,
+                "Unexpected size after adding {key1->1}");
+
+    strncpy(key, "key1", sizeof(key));
+    fail_if((value = cork_hash_table_get(table, key)) == NULL,
+            "No entry for key1");
+
+    fail_unless(value == (void *) (uintptr_t) 1,
+                "Unexpected value for key1");
+
+    strncpy(key, "key2", sizeof(key));
+    fail_unless((value = cork_hash_table_get(table, key)) == NULL,
+                "Unexpected entry for key2");
+
+    cork_hash_table_free(table);
+}
+END_TEST
+
+
+/*-----------------------------------------------------------------------
+ * Pointer hash tables
+ */
+
+START_TEST(test_pointer_hash_table)
+{
+    struct cork_hash_table  *table;
+    int  key1;
+    int  key2;
+    void  *value;
+
+    table = cork_pointer_hash_table_new(0, 0);
+
+    fail_if_error(cork_hash_table_put
+                  (table, &key1, (void *) (uintptr_t) 1, NULL, NULL, NULL));
+    fail_unless(cork_hash_table_size(table) == 1,
+                "Unexpected size after adding {key1->1}");
+
+    fail_if((value = cork_hash_table_get(table, &key1)) == NULL,
+            "No entry for key1");
+
+    fail_unless(value == (void *) (uintptr_t) 1,
+                "Unexpected value for key1");
+
+    fail_unless((value = cork_hash_table_get(table, &key2)) == NULL,
+                "Unexpected entry for key2");
+
+    cork_hash_table_free(table);
+}
+END_TEST
+
+
+/*-----------------------------------------------------------------------
+ * Testing harness
+ */
+
+Suite *
+test_suite()
+{
+    Suite  *s = suite_create("hash_table");
+
+    TCase  *tc_ds = tcase_create("hash_table");
+    tcase_add_test(tc_ds, test_uint64_hash_table);
+    tcase_add_test(tc_ds, test_string_hash_table);
+    tcase_add_test(tc_ds, test_pointer_hash_table);
+    suite_add_tcase(s, tc_ds);
+
+    return s;
+}
+
+
+int
+main(int argc, const char **argv)
+{
+    int  number_failed;
+    Suite  *suite = test_suite();
+    SRunner  *runner = srunner_create(suite);
+
+    setup_allocator();
+    srunner_run_all(runner, CK_NORMAL);
+    number_failed = srunner_ntests_failed(runner);
+    srunner_free(runner);
+
+    return (number_failed == 0)? EXIT_SUCCESS: EXIT_FAILURE;
+}
diff --git a/client/3rd/ShadowSocks/ShadowSocks/shadowsocks-libev/libcork/tests/test-input.txt b/client/3rd/ShadowSocks/ShadowSocks/shadowsocks-libev/libcork/tests/test-input.txt
new file mode 100644
index 00000000..791a80c0
--- /dev/null
+++ b/client/3rd/ShadowSocks/ShadowSocks/shadowsocks-libev/libcork/tests/test-input.txt
@@ -0,0 +1,2 @@
+Hello, world
+What is up
diff --git a/client/3rd/ShadowSocks/ShadowSocks/shadowsocks-libev/libcork/tests/test-managed-buffer.c b/client/3rd/ShadowSocks/ShadowSocks/shadowsocks-libev/libcork/tests/test-managed-buffer.c
new file mode 100644
index 00000000..92232183
--- /dev/null
+++ b/client/3rd/ShadowSocks/ShadowSocks/shadowsocks-libev/libcork/tests/test-managed-buffer.c
@@ -0,0 +1,339 @@
+/* -*- coding: utf-8 -*-
+ * ----------------------------------------------------------------------
+ * Copyright © 2009-2014, RedJack, LLC.
+ * All rights reserved.
+ *
+ * Please see the COPYING file in this distribution for license details.
+ * ----------------------------------------------------------------------
+ */
+
+#include <stdlib.h>
+#include <stdio.h>
+
+#include <check.h>
+
+#include "libcork/core/allocator.h"
+#include "libcork/core/types.h"
+#include "libcork/ds/managed-buffer.h"
+#include "libcork/ds/slice.h"
+#include "libcork/helpers/errors.h"
+
+#include "helpers.h"
+
+
+/*-----------------------------------------------------------------------
+ * Helper functions
+ */
+
+struct flag_buffer {
+    struct cork_managed_buffer  parent;
+    bool  *flag;
+};
+
+static void
+set_flag_on_free(struct cork_managed_buffer *mbuf)
+{
+    struct flag_buffer  *fbuf =
+        cork_container_of(mbuf, struct flag_buffer, parent);
+    *fbuf->flag = true;
+    cork_delete(struct flag_buffer, fbuf);
+}
+
+static struct cork_managed_buffer_iface  FLAG__MANAGED_BUFFER = {
+    set_flag_on_free
+};
+
+static struct cork_managed_buffer *
+flag_buffer_new(const void *buf, size_t size, bool *flag)
+{
+    struct flag_buffer  *fbuf = cork_new(struct flag_buffer);
+    fbuf->parent.buf = buf;
+    fbuf->parent.size = size;
+    fbuf->parent.ref_count = 1;
+    fbuf->parent.iface = &FLAG__MANAGED_BUFFER;
+    fbuf->flag = flag;
+    return &fbuf->parent;
+}
+
+
+
+/*-----------------------------------------------------------------------
+ * Buffer reference counting
+ */
+
+START_TEST(test_managed_buffer_refcount)
+{
+    bool  flag = false;
+
+    /*
+     * Make a bunch of references, unreference them all, and then
+     * verify that the free function got called.
+     */
+
+    struct cork_managed_buffer  *pb0;
+    fail_if_error(pb0 = flag_buffer_new(NULL, 0, &flag));
+    struct cork_managed_buffer  *pb1 = cork_managed_buffer_ref(pb0);
+    struct cork_managed_buffer  *pb2 = cork_managed_buffer_ref(pb0);
+    struct cork_managed_buffer  *pb3 = cork_managed_buffer_ref(pb2);
+
+    cork_managed_buffer_unref(pb0);
+    cork_managed_buffer_unref(pb1);
+    cork_managed_buffer_unref(pb2);
+    cork_managed_buffer_unref(pb3);
+
+    fail_unless(flag,
+                "Managed buffer free function never called.");
+}
+END_TEST
+
+
+START_TEST(test_managed_buffer_bad_refcount)
+{
+    bool  flag = false;
+
+    /*
+     * Make a bunch of references, forget to unreference one of them,
+     * and then verify that the free function didn't called.
+     */
+
+    struct cork_managed_buffer  *pb0;
+    fail_if_error(pb0 = flag_buffer_new(NULL, 0, &flag));
+    struct cork_managed_buffer  *pb1 = cork_managed_buffer_ref(pb0);
+    struct cork_managed_buffer  *pb2 = cork_managed_buffer_ref(pb0);
+    struct cork_managed_buffer  *pb3 = cork_managed_buffer_ref(pb2);
+
+    cork_managed_buffer_unref(pb0);
+    cork_managed_buffer_unref(pb1);
+    cork_managed_buffer_unref(pb2);
+    /* cork_managed_buffer_unref(pb3);   OH NO! */
+    (void) pb3;
+
+    fail_if(flag,
+            "Managed buffer free function was called unexpectedly.");
+
+    /* free the buffer here to quiet valgrind */
+    cork_managed_buffer_unref(pb3);
+}
+END_TEST
+
+
+/*-----------------------------------------------------------------------
+ * Slicing
+ */
+
+START_TEST(test_slice)
+{
+    /* Try to slice a NULL buffer. */
+    struct cork_slice  ps1;
+
+    fail_unless_error(cork_managed_buffer_slice
+                      (&ps1, NULL, 0, 0),
+                      "Shouldn't be able to slice a NULL buffer");
+    fail_unless_error(cork_managed_buffer_slice_offset
+                      (&ps1, NULL, 0),
+                      "Shouldn't be able to slice a NULL buffer");
+
+    fail_unless_error(cork_slice_copy
+                      (&ps1, NULL, 0, 0),
+                      "Shouldn't be able to slice a NULL slice");
+    fail_unless_error(cork_slice_copy_offset
+                      (&ps1, NULL, 0),
+                      "Shouldn't be able to slice a NULL slice");
+}
+END_TEST
+
+
+/*-----------------------------------------------------------------------
+ * Slice reference counting
+ */
+
+START_TEST(test_slice_refcount)
+{
+    bool  flag = false;
+
+    /*
+     * Make a bunch of slices, finish them all, and then verify that
+     * the free function got called.
+     */
+
+    static char  *BUF =
+        "abcdefg";
+    static size_t  LEN = 7;
+
+    struct cork_managed_buffer  *pb;
+    fail_if_error(pb = flag_buffer_new(BUF, LEN, &flag));
+
+    struct cork_slice  ps1;
+    struct cork_slice  ps2;
+    struct cork_slice  ps3;
+
+    fail_if_error(cork_managed_buffer_slice(&ps1, pb, 0, 7));
+    fail_if_error(cork_managed_buffer_slice(&ps2, pb, 1, 1));
+    fail_if_error(cork_managed_buffer_slice(&ps3, pb, 4, 3));
+
+    cork_managed_buffer_unref(pb);
+    cork_slice_finish(&ps1);
+    cork_slice_finish(&ps2);
+    cork_slice_finish(&ps3);
+
+    fail_unless(flag,
+                "Managed buffer free function never called.");
+}
+END_TEST
+
+
+START_TEST(test_slice_bad_refcount)
+{
+    bool  flag = false;
+
+    /*
+     * Make a bunch of slices, forget to finish one of them, and then
+     * verify that the free function didn't called.
+     */
+
+    static char  *BUF =
+        "abcdefg";
+    static size_t  LEN = 7;
+
+    struct cork_managed_buffer  *pb;
+    fail_if_error(pb = flag_buffer_new(BUF, LEN, &flag));
+
+    struct cork_slice  ps1;
+    struct cork_slice  ps2;
+    struct cork_slice  ps3;
+
+    fail_if_error(cork_managed_buffer_slice(&ps1, pb, 0, 7));
+    fail_if_error(cork_managed_buffer_slice(&ps2, pb, 1, 1));
+    fail_if_error(cork_managed_buffer_slice(&ps3, pb, 4, 3));
+
+    cork_managed_buffer_unref(pb);
+    cork_slice_finish(&ps1);
+    cork_slice_finish(&ps2);
+    /* cork_slice_finish(&ps3);   OH NO! */
+
+    fail_if(flag,
+            "Managed buffer free function was called unexpectedly.");
+
+    /* free the slice here to quiet valgrind */
+    cork_slice_finish(&ps3);
+}
+END_TEST
+
+
+/*-----------------------------------------------------------------------
+ * Slice equality
+ */
+
+START_TEST(test_slice_equals_01)
+{
+    /*
+     * Make a bunch of slices, finish them all, and then verify that
+     * the free function got called.
+     */
+
+    static char  *BUF =
+        "abcdefg";
+    static size_t  LEN = 7;
+
+    struct cork_managed_buffer  *pb;
+    fail_if_error(pb = cork_managed_buffer_new_copy(BUF, LEN));
+
+    struct cork_slice  ps1;
+    struct cork_slice  ps2;
+
+    fail_if_error(cork_managed_buffer_slice_offset(&ps1, pb, 0));
+    fail_if_error(cork_managed_buffer_slice(&ps2, pb, 0, LEN));
+
+    fail_unless(cork_slice_equal(&ps1, &ps2),
+                "Slices aren't equal");
+
+    cork_managed_buffer_unref(pb);
+    cork_slice_finish(&ps1);
+    cork_slice_finish(&ps2);
+}
+END_TEST
+
+
+START_TEST(test_slice_equals_02)
+{
+    /*
+     * Make a bunch of slices, finish them all, and then verify that
+     * the free function got called.
+     */
+
+    static char  *BUF =
+        "abcdefg";
+    static size_t  LEN = 7;
+
+    struct cork_managed_buffer  *pb;
+    fail_if_error(pb = cork_managed_buffer_new_copy(BUF, LEN));
+
+    struct cork_slice  ps1;
+    struct cork_slice  ps2;
+    struct cork_slice  ps3;
+
+    fail_if_error(cork_managed_buffer_slice(&ps1, pb, 3, 3));
+
+    fail_if_error(cork_managed_buffer_slice_offset(&ps2, pb, 1));
+    fail_if_error(cork_slice_copy(&ps3, &ps2, 2, 3));
+    fail_if_error(cork_slice_slice(&ps2, 2, 3));
+
+    fail_unless(cork_slice_equal(&ps1, &ps2),
+                "Slices aren't equal");
+    fail_unless(cork_slice_equal(&ps1, &ps3),
+                "Slices aren't equal");
+
+    cork_managed_buffer_unref(pb);
+    cork_slice_finish(&ps1);
+    cork_slice_finish(&ps2);
+    cork_slice_finish(&ps3);
+}
+END_TEST
+
+
+/*-----------------------------------------------------------------------
+ * Testing harness
+ */
+
+Suite *
+test_suite()
+{
+    Suite  *s = suite_create("managed-buffer");
+
+    TCase  *tc_buffer_refcount = tcase_create("managed-buffer-refcount");
+    tcase_add_test(tc_buffer_refcount, test_managed_buffer_refcount);
+    tcase_add_test(tc_buffer_refcount, test_managed_buffer_bad_refcount);
+    suite_add_tcase(s, tc_buffer_refcount);
+
+    TCase  *tc_slice = tcase_create("slice");
+    tcase_add_test(tc_slice, test_slice);
+    suite_add_tcase(s, tc_slice);
+
+    TCase  *tc_slice_refcount = tcase_create("slice-refcount");
+    tcase_add_test(tc_slice_refcount, test_slice_refcount);
+    tcase_add_test(tc_slice_refcount, test_slice_bad_refcount);
+    suite_add_tcase(s, tc_slice_refcount);
+
+    TCase  *tc_slice_equality = tcase_create("slice-equality");
+    tcase_add_test(tc_slice_equality, test_slice_equals_01);
+    tcase_add_test(tc_slice_equality, test_slice_equals_02);
+    suite_add_tcase(s, tc_slice_equality);
+
+    return s;
+}
+
+
+int
+main(int argc, const char **argv)
+{
+    int  number_failed;
+    Suite  *suite = test_suite();
+    SRunner  *runner = srunner_create(suite);
+
+    setup_allocator();
+    srunner_run_all(runner, CK_NORMAL);
+    number_failed = srunner_ntests_failed(runner);
+    srunner_free(runner);
+
+    return (number_failed == 0)? EXIT_SUCCESS: EXIT_FAILURE;
+}
diff --git a/client/3rd/ShadowSocks/ShadowSocks/shadowsocks-libev/libcork/tests/test-mempool.c b/client/3rd/ShadowSocks/ShadowSocks/shadowsocks-libev/libcork/tests/test-mempool.c
new file mode 100644
index 00000000..f6675afe
--- /dev/null
+++ b/client/3rd/ShadowSocks/ShadowSocks/shadowsocks-libev/libcork/tests/test-mempool.c
@@ -0,0 +1,172 @@
+/* -*- coding: utf-8 -*-
+ * ----------------------------------------------------------------------
+ * Copyright © 2012-2015, RedJack, LLC.
+ * All rights reserved.
+ *
+ * Please see the COPYING file in this distribution for license details.
+ * ----------------------------------------------------------------------
+ */
+
+#include <signal.h>
+#include <stdarg.h>
+#include <stdlib.h>
+#include <stdio.h>
+
+#include <check.h>
+
+#include "libcork/core/mempool.h"
+#include "libcork/core/types.h"
+
+#include "helpers.h"
+
+
+/*-----------------------------------------------------------------------
+ * Memory pools
+ */
+
+
+START_TEST(test_mempool_01)
+{
+#define OBJECT_COUNT  16
+    DESCRIBE_TEST;
+    struct cork_mempool  *mp;
+    /* Small enough that we'll have to allocate a couple of blocks */
+    mp = cork_mempool_new_ex(int64_t, 64);
+
+    size_t  i;
+    int64_t  *objects[OBJECT_COUNT];
+    for (i = 0; i < OBJECT_COUNT; i++) {
+        fail_if((objects[i] = cork_mempool_new_object(mp)) == NULL,
+                "Cannot allocate object #%zu", i);
+    }
+
+    for (i = 0; i < OBJECT_COUNT; i++) {
+        cork_mempool_free_object(mp, objects[i]);
+    }
+
+    for (i = 0; i < OBJECT_COUNT; i++) {
+        fail_if((objects[i] = cork_mempool_new_object(mp)) == NULL,
+                "Cannot reallocate object #%zu", i);
+    }
+
+    for (i = 0; i < OBJECT_COUNT; i++) {
+        cork_mempool_free_object(mp, objects[i]);
+    }
+
+    cork_mempool_free(mp);
+}
+END_TEST
+
+START_TEST(test_mempool_fail_01)
+{
+    DESCRIBE_TEST;
+    struct cork_mempool  *mp;
+    mp = cork_mempool_new(int64_t);
+
+    int64_t  *obj;
+    fail_if((obj = cork_mempool_new_object(mp)) == NULL,
+            "Cannot allocate object");
+
+    /* This should raise an assertion since we never freed obj. */
+    cork_mempool_free(mp);
+}
+END_TEST
+
+
+static void
+int64_init(void *user_data, void *vobj)
+{
+    int64_t  *obj = vobj;
+    *obj = 12;
+}
+
+static void
+int64_done(void *user_data, void *vobj)
+{
+    size_t  *done_call_count = user_data;
+    (*done_call_count)++;
+}
+
+/* This is based on our knowledge of the internal structure of a memory
+ * pool's blocks and objects. */
+
+#define OBJECTS_PER_BLOCK(block_size, obj_size) \
+    (((block_size) - CORK_SIZEOF_POINTER) / (obj_size + CORK_SIZEOF_POINTER))
+
+START_TEST(test_mempool_reuse_01)
+{
+#define BLOCK_SIZE  64
+    DESCRIBE_TEST;
+    size_t  done_call_count = 0;
+    struct cork_mempool  *mp;
+    mp = cork_mempool_new_ex(int64_t, BLOCK_SIZE);
+    cork_mempool_set_user_data(mp, &done_call_count, NULL);
+    cork_mempool_set_init_object(mp, int64_init);
+    cork_mempool_set_done_object(mp, int64_done);
+
+    int64_t  *obj;
+    fail_if((obj = cork_mempool_new_object(mp)) == NULL,
+            "Cannot allocate object");
+
+    /* The init_object function sets the value to 12 */
+    fail_unless(*obj == 12, "Unexpected value %" PRId64, *obj);
+
+    /* Set the value to something new, free the object, then reallocate.
+     * Since we know memory pools are LIFO, we should get back the same
+     * object, unchanged. */
+    *obj = 42;
+    cork_mempool_free_object(mp, obj);
+    fail_if((obj = cork_mempool_new_object(mp)) == NULL,
+            "Cannot allocate object");
+    fail_unless(*obj == 42, "Unexpected value %" PRId64, *obj);
+
+    cork_mempool_free_object(mp, obj);
+    cork_mempool_free(mp);
+
+    fail_unless(done_call_count ==
+                OBJECTS_PER_BLOCK(BLOCK_SIZE, sizeof(int64_t)),
+                "done_object called an unexpected number of times: %zu",
+                done_call_count);
+}
+END_TEST
+
+
+/*-----------------------------------------------------------------------
+ * Testing harness
+ */
+
+Suite *
+test_suite()
+{
+    Suite  *s = suite_create("mempool");
+
+    TCase  *tc_mempool = tcase_create("mempool");
+    tcase_add_test(tc_mempool, test_mempool_01);
+#if NDEBUG
+    /* If we're not compiling assertions then this test won't abort */
+    tcase_add_test(tc_mempool, test_mempool_fail_01);
+#else
+    tcase_add_test_raise_signal(tc_mempool, test_mempool_fail_01, SIGABRT);
+#endif
+    tcase_add_test(tc_mempool, test_mempool_reuse_01);
+    suite_add_tcase(s, tc_mempool);
+
+    return s;
+}
+
+
+int
+main(int argc, const char **argv)
+{
+    int  number_failed;
+    Suite  *suite = test_suite();
+    SRunner  *runner = srunner_create(suite);
+
+    setup_allocator();
+    srunner_run_all(runner, CK_NORMAL);
+    number_failed = srunner_ntests_failed(runner);
+    srunner_free(runner);
+
+    return (number_failed == 0)? EXIT_SUCCESS: EXIT_FAILURE;
+}
+
diff --git a/client/3rd/ShadowSocks/ShadowSocks/shadowsocks-libev/libcork/tests/test-ring-buffer.c b/client/3rd/ShadowSocks/ShadowSocks/shadowsocks-libev/libcork/tests/test-ring-buffer.c
new file mode 100644
index 00000000..32088346
--- /dev/null
+++ b/client/3rd/ShadowSocks/ShadowSocks/shadowsocks-libev/libcork/tests/test-ring-buffer.c
@@ -0,0 +1,148 @@
+/* -*- coding: utf-8 -*-
+ * ----------------------------------------------------------------------
+ * Copyright © 2011-2014, RedJack, LLC.
+ * All rights reserved.
+ *
+ * Please see the COPYING file in this distribution for license details.
+ * ----------------------------------------------------------------------
+ */
+
+#include <stdarg.h>
+#include <stdlib.h>
+#include <stdio.h>
+
+#include <check.h>
+
+#include "libcork/core/types.h"
+#include "libcork/ds/ring-buffer.h"
+
+#include "helpers.h"
+
+
+/*-----------------------------------------------------------------------
+ * Ring buffers
+ */
+
+START_TEST(test_ring_buffer_1)
+{
+    struct cork_ring_buffer  buf;
+    cork_ring_buffer_init(&buf, 4);
+
+    fail_unless(cork_ring_buffer_add(&buf, (void *) 1) == 0,
+                "Cannot add to ring buffer");
+    fail_unless(cork_ring_buffer_add(&buf, (void *) 2) == 0,
+                "Cannot add to ring buffer");
+    fail_unless(cork_ring_buffer_add(&buf, (void *) 3) == 0,
+                "Cannot add to ring buffer");
+    fail_unless(cork_ring_buffer_add(&buf, (void *) 4) == 0,
+                "Cannot add to ring buffer");
+    fail_if(cork_ring_buffer_add(&buf, (void *) 5) == 0,
+            "Shouldn't be able to add to ring buffer");
+
+    fail_unless(((intptr_t) cork_ring_buffer_peek(&buf)) == 1,
+                "Unexpected head of ring buffer (peek)");
+    fail_unless(((intptr_t) cork_ring_buffer_pop(&buf)) == 1,
+                "Unexpected head of ring buffer (pop)");
+    fail_unless(((intptr_t) cork_ring_buffer_pop(&buf)) == 2,
+                "Unexpected head of ring buffer (pop)");
+
+    fail_unless(cork_ring_buffer_add(&buf, (void *) 5) == 0,
+                "Cannot add to ring buffer");
+    fail_unless(cork_ring_buffer_add(&buf, (void *) 6) == 0,
+                "Cannot add to ring buffer");
+    fail_if(cork_ring_buffer_add(&buf, (void *) 7) == 0,
+            "Shouldn't be able to add to ring buffer");
+
+    fail_unless(((intptr_t) cork_ring_buffer_pop(&buf)) == 3,
+                "Unexpected head of ring buffer (pop)");
+    fail_unless(((intptr_t) cork_ring_buffer_pop(&buf)) == 4,
+                "Unexpected head of ring buffer (pop)");
+    fail_unless(((intptr_t) cork_ring_buffer_pop(&buf)) == 5,
+                "Unexpected head of ring buffer (pop)");
+    fail_unless(((intptr_t) cork_ring_buffer_pop(&buf)) == 6,
+                "Unexpected head of ring buffer (pop)");
+    fail_unless(cork_ring_buffer_pop(&buf) == NULL,
+                "Shouldn't be able to pop from ring buffer");
+
+    cork_ring_buffer_done(&buf);
+}
+END_TEST
+
+
+START_TEST(test_ring_buffer_2)
+{
+    struct cork_ring_buffer  *buf = cork_ring_buffer_new(4);
+
+    fail_unless(cork_ring_buffer_add(buf, (void *) 1) == 0,
+                "Cannot add to ring buffer");
+    fail_unless(cork_ring_buffer_add(buf, (void *) 2) == 0,
+                "Cannot add to ring buffer");
+    fail_unless(cork_ring_buffer_add(buf, (void *) 3) == 0,
+                "Cannot add to ring buffer");
+    fail_unless(cork_ring_buffer_add(buf, (void *) 4) == 0,
+                "Cannot add to ring buffer");
+    fail_if(cork_ring_buffer_add(buf, (void *) 5) == 0,
+            "Shouldn't be able to add to ring buffer");
+
+    fail_unless(((intptr_t) cork_ring_buffer_peek(buf)) == 1,
+                "Unexpected head of ring buffer (peek)");
+    fail_unless(((intptr_t) cork_ring_buffer_pop(buf)) == 1,
+                "Unexpected head of ring buffer (pop)");
+    fail_unless(((intptr_t) cork_ring_buffer_pop(buf)) == 2,
+                "Unexpected head of ring buffer (pop)");
+
+    fail_unless(cork_ring_buffer_add(buf, (void *) 5) == 0,
+                "Cannot add to ring buffer");
+    fail_unless(cork_ring_buffer_add(buf, (void *) 6) == 0,
+                "Cannot add to ring buffer");
+    fail_if(cork_ring_buffer_add(buf, (void *) 7) == 0,
+            "Shouldn't be able to add to ring buffer");
+
+    fail_unless(((intptr_t) cork_ring_buffer_pop(buf)) == 3,
+                "Unexpected head of ring buffer (pop)");
+    fail_unless(((intptr_t) cork_ring_buffer_pop(buf)) == 4,
+                "Unexpected head of ring buffer (pop)");
+    fail_unless(((intptr_t) cork_ring_buffer_pop(buf)) == 5,
+                "Unexpected head of ring buffer (pop)");
+    fail_unless(((intptr_t) cork_ring_buffer_pop(buf)) == 6,
+                "Unexpected head of ring buffer (pop)");
+    fail_unless(cork_ring_buffer_pop(buf) == NULL,
+                "Shouldn't be able to pop from ring buffer");
+
+    cork_ring_buffer_free(buf);
+}
+END_TEST
+
+
+/*-----------------------------------------------------------------------
+ * Testing harness
+ */
+
+Suite *
+test_suite()
+{
+    Suite  *s = suite_create("ring_buffer");
+
+    TCase  *tc_ds = tcase_create("ring_buffer");
+    tcase_add_test(tc_ds, test_ring_buffer_1);
+    tcase_add_test(tc_ds, test_ring_buffer_2);
+    suite_add_tcase(s, tc_ds);
+
+    return s;
+}
+
+
+int
+main(int argc, const char **argv)
+{
+    int  number_failed;
+    Suite  *suite = test_suite();
+    SRunner  *runner = srunner_create(suite);
+
+    setup_allocator();
+    srunner_run_all(runner, CK_NORMAL);
+    number_failed = srunner_ntests_failed(runner);
+    srunner_free(runner);
+
+    return (number_failed == 0)? EXIT_SUCCESS: EXIT_FAILURE;
+}
diff --git a/client/3rd/ShadowSocks/ShadowSocks/shadowsocks-libev/libcork/tests/test-slice.c b/client/3rd/ShadowSocks/ShadowSocks/shadowsocks-libev/libcork/tests/test-slice.c
new file mode 100644
index 00000000..574fea50
--- /dev/null
+++ b/client/3rd/ShadowSocks/ShadowSocks/shadowsocks-libev/libcork/tests/test-slice.c
@@ -0,0 +1,137 @@
+/* -*- coding: utf-8 -*-
+ * ----------------------------------------------------------------------
+ * Copyright © 2009-2014, RedJack, LLC.
+ * All rights reserved.
+ *
+ * Please see the COPYING file in this distribution for license details.
+ * ----------------------------------------------------------------------
+ */
+
+#include <stdlib.h>
+#include <stdio.h>
+#include <string.h>
+
+#include <check.h>
+
+#include "libcork/ds/slice.h"
+
+#include "helpers.h"
+
+
+/*-----------------------------------------------------------------------
+ * Static slices
+ */
+
+START_TEST(test_static_slice)
+{
+    static char  SRC[] = "Here is some text.";
+    size_t  SRC_LEN = sizeof(SRC) - 1;
+
+    struct cork_slice  slice;
+    struct cork_slice  copy1;
+    struct cork_slice  lcopy1;
+    cork_slice_init_static(&slice, SRC, SRC_LEN);
+    fail_if_error(cork_slice_copy(&copy1, &slice, 8, 4));
+    fail_if_error(cork_slice_light_copy(&lcopy1, &slice, 8, 4));
+    fail_if_error(cork_slice_slice(&slice, 8, 4));
+    fail_unless(cork_slice_equal(&slice, &copy1), "Slices should be equal");
+    fail_unless(cork_slice_equal(&slice, &lcopy1), "Slices should be equal");
+    /* We have to finish lcopy1 first, since it's a light copy. */
+    cork_slice_finish(&lcopy1);
+    cork_slice_finish(&slice);
+    cork_slice_finish(&copy1);
+}
+END_TEST
+
+
+/*-----------------------------------------------------------------------
+ * Copy-once slices
+ */
+
+START_TEST(test_copy_once_slice)
+{
+    static char  SRC[] = "Here is some text.";
+    size_t  SRC_LEN = sizeof(SRC) - 1;
+
+    struct cork_slice  slice;
+    struct cork_slice  copy1;
+    struct cork_slice  copy2;
+    struct cork_slice  lcopy1;
+    struct cork_slice  lcopy2;
+
+    cork_slice_init_copy_once(&slice, SRC, SRC_LEN);
+    fail_unless(slice.buf == SRC, "Unexpected slice buffer");
+
+    fail_if_error(cork_slice_light_copy(&lcopy1, &slice, 8, 4));
+    /* We should still be using the original SRC buffer directly, since we only
+     * created a light copy. */
+    fail_unless(slice.buf == SRC, "Unexpected slice buffer");
+    fail_unless(slice.buf + 8 == lcopy1.buf, "Unexpected slice buffer");
+
+    fail_if_error(cork_slice_copy(&copy1, &slice, 8, 4));
+    fail_if_error(cork_slice_slice(&slice, 8, 4));
+    /* Once we create a full copy, the content should have been moved into a
+     * managed buffer, which will exist somewhere else in memory than the
+     * original SRC pointer. */
+    fail_unless(slice.buf != SRC, "Unexpected slice buffer");
+    fail_unless(slice.buf == copy1.buf, "Unexpected slice buffer");
+    /* The light copy that we made previously won't have been moved over to the
+     * new managed buffer, though. */
+    fail_unless(cork_slice_equal(&slice, &copy1), "Slices should be equal");
+
+    /* Once we've switched over to the managed buffer, a new light copy should
+     * still point into the managed buffer. */
+    fail_if_error(cork_slice_light_copy(&lcopy2, &slice, 0, 4));
+    fail_unless(slice.buf != SRC, "Unexpected slice buffer");
+    fail_unless(slice.buf == lcopy2.buf, "Unexpected slice buffer");
+
+    fail_if_error(cork_slice_copy(&copy2, &slice, 0, 4));
+    /* The second full copy should not create a new managed buffer, it should
+     * just increment the existing managed buffer's refcount. */
+    fail_unless(slice.buf == copy2.buf, "Unexpected slice buffer");
+    fail_unless(copy1.buf == copy2.buf, "Unexpected slice buffer");
+    fail_unless(cork_slice_equal(&slice, &copy2), "Slices should be equal");
+    fail_unless(cork_slice_equal(&copy1, &copy2), "Slices should be equal");
+
+    /* We have to finish the light copies first. */
+    cork_slice_finish(&lcopy1);
+    cork_slice_finish(&lcopy2);
+    cork_slice_finish(&slice);
+    cork_slice_finish(&copy1);
+    cork_slice_finish(&copy2);
+}
+END_TEST
+
+
+/*-----------------------------------------------------------------------
+ * Testing harness
+ */
+
+Suite *
+test_suite()
+{
+    Suite  *s = suite_create("slice");
+
+    TCase  *tc_slice = tcase_create("slice");
+    tcase_add_test(tc_slice, test_static_slice);
+    tcase_add_test(tc_slice, test_copy_once_slice);
+    suite_add_tcase(s, tc_slice);
+
+    return s;
+}
+
+
+int
+main(int argc, const char **argv)
+{
+    int  number_failed;
+    Suite  *suite = test_suite();
+    SRunner  *runner = srunner_create(suite);
+
+    setup_allocator();
+    srunner_run_all(runner, CK_NORMAL);
+    number_failed = srunner_ntests_failed(runner);
+    srunner_free(runner);
+
+    return (number_failed == 0)? EXIT_SUCCESS: EXIT_FAILURE;
+}
diff --git a/client/3rd/ShadowSocks/ShadowSocks/shadowsocks-libev/libcork/tests/test-subprocess.c b/client/3rd/ShadowSocks/ShadowSocks/shadowsocks-libev/libcork/tests/test-subprocess.c
new file mode 100644
index 00000000..c7aca91b
--- /dev/null
+++ b/client/3rd/ShadowSocks/ShadowSocks/shadowsocks-libev/libcork/tests/test-subprocess.c
@@ -0,0 +1,279 @@
+/* -*- coding: utf-8 -*-
+ * ----------------------------------------------------------------------
+ * Copyright © 2011-2014, RedJack, LLC.
+ * All rights reserved.
+ *
+ * Please see the COPYING file in this distribution for license details.
+ * ----------------------------------------------------------------------
+ */
+
+#include <errno.h>
+#include <stdarg.h>
+#include <stdlib.h>
+#include <stdio.h>
+#include <string.h>
+
+#include <check.h>
+
+#include "libcork/config.h"
+#include "libcork/core.h"
+#include "libcork/ds.h"
+#include "libcork/os.h"
+
+#include "helpers.h"
+
+
+/*-----------------------------------------------------------------------
+ * Verifying stream consumer
+ */
+
+struct verify_consumer {
+    struct cork_stream_consumer  parent;
+    struct cork_buffer  buf;
+    const char  *name;
+    const char  *expected;
+};
+
+static int
+verify_consumer__data(struct cork_stream_consumer *vself,
+                      const void *buf, size_t size, bool is_first)
+{
+    struct verify_consumer  *self =
+        cork_container_of(vself, struct verify_consumer, parent);
+    if (is_first) {
+        cork_buffer_clear(&self->buf);
+    }
+    cork_buffer_append(&self->buf, buf, size);
+    return 0;
+}
+
+static int
+verify_consumer__eof(struct cork_stream_consumer *vself)
+{
+    struct verify_consumer  *self =
+        cork_container_of(vself, struct verify_consumer, parent);
+    const char  *actual = self->buf.buf;
+    if (actual == NULL) {
+        actual = "";
+    }
+    fail_unless(strcmp(actual, self->expected) == 0,
+                "Unexpected %s: got\n%s\nexpected\n%s\n", self->name,
+                actual, self->expected);
+    return 0;
+}
+
+static void
+verify_consumer__free(struct cork_stream_consumer *vself)
+{
+    struct verify_consumer  *self =
+        cork_container_of(vself, struct verify_consumer, parent);
+    cork_buffer_done(&self->buf);
+    cork_strfree(self->name);
+    cork_strfree(self->expected);
+    cork_delete(struct verify_consumer, self);
+}
+
+struct cork_stream_consumer *
+verify_consumer_new(const char *name, const char *expected)
+{
+    struct verify_consumer  *self = cork_new(struct verify_consumer);
+    self->parent.data = verify_consumer__data;
+    self->parent.eof = verify_consumer__eof;
+    self->parent.free = verify_consumer__free;
+    cork_buffer_init(&self->buf);
+    self->name = cork_strdup(name);
+    self->expected = cork_strdup(expected);
+    return &self->parent;
+}
+
+
+/*-----------------------------------------------------------------------
+ * Helpers
+ */
+
+struct env {
+    const char  *name;
+    const char  *value;
+};
+
+struct spec {
+    char  *program;
+    char * const  *params;
+    struct env  *env;
+    const char  *expected_stdout;
+    const char  *expected_stderr;
+    int  expected_exit_code;
+    struct cork_stream_consumer  *verify_stdout;
+    struct cork_stream_consumer  *verify_stderr;
+    int  exit_code;
+};
+
+static struct cork_env *
+test_env(struct env *env_spec)
+{
+    struct cork_env  *env;
+    struct env  *curr;
+
+    if (env_spec == NULL) {
+        return NULL;
+    }
+
+    env = cork_env_new();
+    for (curr = env_spec; curr->name != NULL; curr++) {
+        cork_env_add_printf(env, curr->name, "%s", curr->value);
+    }
+
+    return env;
+}
+
+static void
+test_subprocesses_(size_t spec_count, struct spec **specs)
+{
+    size_t  i;
+    struct cork_subprocess_group  *group = cork_subprocess_group_new();
+
+    for (i = 0; i < spec_count; i++) {
+        struct spec  *spec = specs[i];
+        struct cork_exec *exec;
+        struct cork_env  *env = test_env(spec->env);
+        struct cork_subprocess  *sub;
+        spec->verify_stdout =
+            verify_consumer_new("stdout", spec->expected_stdout);
+        spec->verify_stderr =
+            verify_consumer_new("stderr", spec->expected_stderr);
+        fail_if_error(exec = cork_exec_new_with_param_array
+                      (spec->program, spec->params));
+        cork_exec_set_env(exec, env);
+        fail_if_error(sub = cork_subprocess_new_exec
+                      (exec, spec->verify_stdout, spec->verify_stderr,
+                       &spec->exit_code));
+        cork_subprocess_group_add(group, sub);
+    }
+
+    fail_if_error(cork_subprocess_group_start(group));
+    fail_if_error(cork_subprocess_group_wait(group));
+
+    for (i = 0; i < spec_count; i++) {
+        struct spec  *spec = specs[i];
+        fail_unless_equal("Exit codes", "%d",
+                          spec->expected_exit_code, spec->exit_code);
+        cork_stream_consumer_free(spec->verify_stdout);
+        cork_stream_consumer_free(spec->verify_stderr);
+    }
+
+    cork_subprocess_group_free(group);
+}
+
+#define test_subprocesses(specs) \
+    test_subprocesses_(sizeof(specs) / sizeof(specs[0]), specs)
+
+
+/*-----------------------------------------------------------------------
+ * Subprocesses
+ */
+
+static char  *echo_01_params[] = { "echo", "hello", "world", NULL };
+static struct spec  echo_01 = {
+    "echo", echo_01_params, NULL, "hello world\n", "", 0
+};
+
+static char  *echo_02_params[] = { "echo", "foo", "bar", "baz", NULL };
+static struct spec  echo_02 = {
+    "echo", echo_02_params, NULL, "foo bar baz\n", "", 0
+};
+
+static char  *echo_03_params[] = { "sh", "-c", "echo $CORK_TEST_VAR", NULL };
+static struct env  echo_03_env[] = {
+    { "CORK_TEST_VAR", "hello world" },
+    { NULL }
+};
+static struct spec  echo_03 = {
+    "sh", echo_03_params, echo_03_env, "hello world\n", "", 0
+};
+
+static char  *false_01_params[] = { "false", NULL };
+static struct spec  false_01 = {
+    "false", false_01_params, NULL, "", "", 1
+};
+
+
+START_TEST(test_subprocess_01)
+{
+    DESCRIBE_TEST;
+    struct spec  *specs[] = { &echo_01 };
+    test_subprocesses(specs);
+}
+END_TEST
+
+
+START_TEST(test_subprocess_02)
+{
+    DESCRIBE_TEST;
+    struct spec  *specs[] = { &echo_02 };
+    test_subprocesses(specs);
+}
+END_TEST
+
+
+START_TEST(test_subprocess_03)
+{
+    DESCRIBE_TEST;
+    struct spec  *specs[] = { &echo_03 };
+    test_subprocesses(specs);
+}
+END_TEST
+
+
+START_TEST(test_subprocess_group_01)
+{
+    DESCRIBE_TEST;
+    struct spec  *specs[] = { &echo_01, &echo_02 };
+    test_subprocesses(specs);
+}
+END_TEST
+
+
+START_TEST(test_subprocess_exit_code_01)
+{
+    DESCRIBE_TEST;
+    struct spec  *specs[] = { &false_01 };
+    test_subprocesses(specs);
+}
+END_TEST
+
+
+/*-----------------------------------------------------------------------
+ * Testing harness
+ */
+
+Suite *
+test_suite()
+{
+    Suite  *s = suite_create("subprocess");
+
+    TCase  *tc_subprocess = tcase_create("subprocess");
+    tcase_add_test(tc_subprocess, test_subprocess_01);
+    tcase_add_test(tc_subprocess, test_subprocess_02);
+    tcase_add_test(tc_subprocess, test_subprocess_03);
+    tcase_add_test(tc_subprocess, test_subprocess_group_01);
+    tcase_add_test(tc_subprocess, test_subprocess_exit_code_01);
+    suite_add_tcase(s, tc_subprocess);
+
+    return s;
+}
+
+
+int
+main(int argc, const char **argv)
+{
+    int  number_failed;
+    Suite  *suite = test_suite();
+    SRunner  *runner = srunner_create(suite);
+
+    setup_allocator();
+    srunner_run_all(runner, CK_NORMAL);
+    number_failed = srunner_ntests_failed(runner);
+    srunner_free(runner);
+
+    return (number_failed == 0)? EXIT_SUCCESS: EXIT_FAILURE;
+}
diff --git a/client/3rd/ShadowSocks/ShadowSocks/shadowsocks-libev/libcork/tests/test-threads.c b/client/3rd/ShadowSocks/ShadowSocks/shadowsocks-libev/libcork/tests/test-threads.c
new file mode 100644
index 00000000..7ecf9497
--- /dev/null
+++ b/client/3rd/ShadowSocks/ShadowSocks/shadowsocks-libev/libcork/tests/test-threads.c
@@ -0,0 +1,332 @@
+/* -*- coding: utf-8 -*-
+ * ----------------------------------------------------------------------
+ * Copyright © 2012-2014, RedJack, LLC.
+ * All rights reserved.
+ *
+ * Please see the COPYING file in this distribution for license details.
+ * ----------------------------------------------------------------------
+ */
+
+#include <errno.h>
+#include <stdlib.h>
+#include <stdio.h>
+#include <string.h>
+
+#include <check.h>
+
+#include "libcork/core/allocator.h"
+#include "libcork/core/types.h"
+#include "libcork/threads/atomics.h"
+#include "libcork/threads/basics.h"
+
+#include "helpers.h"
+
+
+/*-----------------------------------------------------------------------
+ * Atomics
+ */
+
+#define test_atomic_op(name, type, fmt, op, expected) \
+    do { \
+        type  actual = cork_##name##_atomic_##op(&val, 1); \
+        fail_unless_equal(#name, fmt, expected, actual); \
+    } while (0)
+
+#define test_cas(name, type, fmt, ov, nv) \
+    do { \
+        type  actual = cork_##name##_cas(&val, ov, nv); \
+        fail_unless_equal(#name, fmt, ov, actual); \
+    } while (0)
+
+#define test_atomic(name, type, fmt) \
+START_TEST(test_atomic_##name) \
+{ \
+    DESCRIBE_TEST; \
+    volatile type  val = 0; \
+    test_atomic_op(name, type, fmt, add, 1); \
+    test_atomic_op(name, type, fmt, pre_add, 1); \
+    test_atomic_op(name, type, fmt, add, 3); \
+    test_atomic_op(name, type, fmt, pre_add, 3); \
+    fail_unless_equal(#name, fmt, 4, val); \
+    test_atomic_op(name, type, fmt, sub, 3); \
+    test_atomic_op(name, type, fmt, pre_sub, 3); \
+    test_atomic_op(name, type, fmt, sub, 1); \
+    test_atomic_op(name, type, fmt, pre_sub, 1); \
+    fail_unless_equal(#name, fmt, 0, val); \
+    \
+    test_cas(name, type, fmt, 0, 1); \
+    test_cas(name, type, fmt, 1, 10); \
+    test_cas(name, type, fmt, 10, 2); \
+    test_cas(name, type, fmt, 2, 0); \
+    fail_unless_equal(#name, fmt, 0, val); \
+} \
+END_TEST
+
+test_atomic(int,  int,          "%d");
+test_atomic(uint, unsigned int, "%u");
+test_atomic(size, size_t,       "%zu");
+
+START_TEST(test_atomic_ptr)
+{
+    DESCRIBE_TEST;
+
+    uint64_t  v0 = 0;
+    uint64_t  v1 = 0;
+    uint64_t  v2 = 0;
+    uint64_t  v3 = 0;
+    uint64_t * volatile  val = &v0;
+
+    test_cas(ptr, uint64_t *, "%p", &v0, &v1);
+    test_cas(ptr, uint64_t *, "%p", &v1, &v2);
+    test_cas(ptr, uint64_t *, "%p", &v2, &v3);
+    test_cas(ptr, uint64_t *, "%p", &v3, &v0);
+    fail_unless_equal("ptr", "%p", &v0, val);
+}
+END_TEST
+
+
+/*-----------------------------------------------------------------------
+ * Once
+ */
+
+START_TEST(test_once)
+{
+    DESCRIBE_TEST;
+
+    cork_once_barrier(once);
+    static size_t  call_count = 0;
+    static int  value = 0;
+
+#define go \
+    do { \
+        call_count++; \
+        value = 1; \
+    } while (0)
+
+    cork_once(once, go);
+    fail_unless_equal("Value", "%d", 1, value);
+    cork_once(once, go);
+    fail_unless_equal("Value", "%d", 1, value);
+    cork_once(once, go);
+    fail_unless_equal("Value", "%d", 1, value);
+    cork_once(once, go);
+    fail_unless_equal("Value", "%d", 1, value);
+
+    fail_unless_equal("Call count", "%zu", 1, call_count);
+}
+END_TEST
+
+START_TEST(test_once_recursive)
+{
+    DESCRIBE_TEST;
+
+    cork_once_barrier(once);
+    static size_t  call_count = 0;
+    static int  value = 0;
+
+#define go \
+    do { \
+        call_count++; \
+        value = 1; \
+    } while (0)
+
+    cork_once_recursive(once, go);
+    fail_unless_equal("Value", "%d", 1, value);
+    cork_once_recursive(once, go);
+    fail_unless_equal("Value", "%d", 1, value);
+    cork_once_recursive(once, go);
+    fail_unless_equal("Value", "%d", 1, value);
+    cork_once_recursive(once, go);
+    fail_unless_equal("Value", "%d", 1, value);
+
+    fail_unless_equal("Call count", "%zu", 1, call_count);
+}
+END_TEST
+
+
+/*-----------------------------------------------------------------------
+ * Thread IDs
+ */
+
+START_TEST(test_thread_ids)
+{
+    DESCRIBE_TEST;
+    cork_thread_id  id = cork_current_thread_get_id();
+    fail_if(id == CORK_THREAD_NONE, "Expected a valid thread ID");
+}
+END_TEST
+
+
+/*-----------------------------------------------------------------------
+ * Threads
+ */
+
+struct cork_test_thread {
+    int  *dest;
+    int  value;
+};
+
+static int
+cork_test_thread__run(void *vself)
+{
+    struct cork_test_thread  *self = vself;
+    *self->dest = self->value;
+    return 0;
+}
+
+static void
+cork_test_thread__free(void *vself)
+{
+    struct cork_test_thread  *self = vself;
+    cork_delete(struct cork_test_thread, self);
+}
+
+static struct cork_thread *
+cork_test_thread_new(const char *name, int *dest, int value)
+{
+    struct cork_test_thread  *self = cork_new(struct cork_test_thread);
+    self->dest = dest;
+    self->value = value;
+    return cork_thread_new
+        (name, self, cork_test_thread__free, cork_test_thread__run);
+}
+
+
+static int
+cork_error_thread__run(void *vself)
+{
+    /* The particular error doesn't matter; just want to make sure it gets
+     * propagated from the cork_thread_join call. */
+    cork_system_error_set_explicit(ENOMEM);
+    return -1;
+}
+
+
+START_TEST(test_threads_01)
+{
+    struct cork_thread  *t1;
+    int  v1 = -1;
+
+    DESCRIBE_TEST;
+
+    fail_if_error(t1 = cork_test_thread_new("test", &v1, 1));
+    fail_unless_equal("Values", "%d", -1, v1);
+    cork_thread_free(t1);
+}
+END_TEST
+
+START_TEST(test_threads_02)
+{
+    struct cork_thread  *t1;
+    int  v1 = -1;
+
+    DESCRIBE_TEST;
+
+    fail_if_error(t1 = cork_test_thread_new("test", &v1, 1));
+    fail_if_error(cork_thread_start(t1));
+    fail_if_error(cork_thread_join(t1));
+    fail_unless_equal("Values", "%d", 1, v1);
+}
+END_TEST
+
+START_TEST(test_threads_03)
+{
+    struct cork_thread  *t1;
+    struct cork_thread  *t2;
+    int  v1 = -1;
+    int  v2 = -1;
+
+    DESCRIBE_TEST;
+
+    fail_if_error(t1 = cork_test_thread_new("test1", &v1, 1));
+    fail_if_error(t2 = cork_test_thread_new("test2", &v2, 2));
+    fail_if_error(cork_thread_start(t1));
+    fail_if_error(cork_thread_start(t2));
+    fail_if_error(cork_thread_join(t1));
+    fail_if_error(cork_thread_join(t2));
+    fail_unless_equal("Values", "%d", 1, v1);
+    fail_unless_equal("Values", "%d", 2, v2);
+}
+END_TEST
+
+START_TEST(test_threads_04)
+{
+    struct cork_thread  *t1;
+    struct cork_thread  *t2;
+    int  v1 = -1;
+    int  v2 = -1;
+
+    DESCRIBE_TEST;
+
+    fail_if_error(t1 = cork_test_thread_new("test1", &v1, 1));
+    fail_if_error(t2 = cork_test_thread_new("test2", &v2, 2));
+    fail_if_error(cork_thread_start(t1));
+    fail_if_error(cork_thread_start(t2));
+    fail_if_error(cork_thread_join(t2));
+    fail_if_error(cork_thread_join(t1));
+    fail_unless_equal("Values", "%d", 1, v1);
+    fail_unless_equal("Values", "%d", 2, v2);
+}
+END_TEST
+
+START_TEST(test_threads_error_01)
+{
+    DESCRIBE_TEST;
+    struct cork_thread  *t1;
+
+    fail_if_error(t1 = cork_thread_new
+                  ("test", NULL, NULL, cork_error_thread__run));
+    fail_if_error(cork_thread_start(t1));
+    fail_unless_error(cork_thread_join(t1));
+}
+END_TEST
+
+
+/*-----------------------------------------------------------------------
+ * Testing harness
+ */
+
+Suite *
+test_suite()
+{
+    Suite  *s = suite_create("threads");
+
+    TCase  *tc_atomic = tcase_create("atomic");
+    tcase_add_test(tc_atomic, test_atomic_int);
+    tcase_add_test(tc_atomic, test_atomic_uint);
+    tcase_add_test(tc_atomic, test_atomic_size);
+    tcase_add_test(tc_atomic, test_atomic_ptr);
+    suite_add_tcase(s, tc_atomic);
+
+    TCase  *tc_basics = tcase_create("basics");
+    tcase_add_test(tc_basics, test_once);
+    tcase_add_test(tc_basics, test_once_recursive);
+    tcase_add_test(tc_basics, test_thread_ids);
+    suite_add_tcase(s, tc_basics);
+
+    TCase  *tc_threads = tcase_create("threads");
+    tcase_add_test(tc_threads, test_threads_01);
+    tcase_add_test(tc_threads, test_threads_02);
+    tcase_add_test(tc_threads, test_threads_03);
+    tcase_add_test(tc_threads, test_threads_04);
+    tcase_add_test(tc_threads, test_threads_error_01);
+    suite_add_tcase(s, tc_threads);
+
+    return s;
+}
+
+
+int
+main(int argc, const char **argv)
+{
+    int  number_failed;
+    Suite  *suite = test_suite();
+    SRunner  *runner = srunner_create(suite);
+
+    setup_allocator();
+    srunner_run_all(runner, CK_NORMAL);
+    number_failed = srunner_ntests_failed(runner);
+    srunner_free(runner);
+
+    return (number_failed == 0)? EXIT_SUCCESS: EXIT_FAILURE;
+}
diff --git a/client/3rd/ShadowSocks/ShadowSocks/shadowsocks-libev/libcork/tests/tile-test b/client/3rd/ShadowSocks/ShadowSocks/shadowsocks-libev/libcork/tests/tile-test
new file mode 100755
index 00000000..2d32faf2
--- /dev/null
+++ b/client/3rd/ShadowSocks/ShadowSocks/shadowsocks-libev/libcork/tests/tile-test
@@ -0,0 +1,35 @@
+#!/usr/bin/env bash
+
+if [ ! -x $TILERA_ROOT/bin/tile-monitor ]; then
+    # If no tile-monitor is installed, then there is nothing to test.
+    echo "No tile-monitor installed in $TILERA_ROOT/bin"
+    exit 1
+fi
+
+export TEST_DIR="/tmp/test"
+export TILERA_COMMON_ARGS=" \
+    --debug-on-crash \
+    --mkdir $TEST_DIR/build \
+    --mkdir $TEST_DIR/tests \
+    --tile standard \
+    --mount-tile /usr \
+    --mount-tile /lib \
+    --upload . $TEST_DIR/build \
+    --upload ../tests $TEST_DIR/tests \
+    --env LD_LIBRARY_PATH="$TEST_DIR/build/src:/usr/local/lib:/usr/lib:/lib" \
+    --env PATH="/usr/local/bin:$PATH" \
+    --cd $TEST_DIR/build \
+    --run -+- ctest -+- --quit"
+
+# Note: we assume the Tilera processor is connected to the MDE by an IP
+# connection and has a hostname of 'tilera'.  Trust us - you don't want
+# to run tests over the serial connection.
+export TILERA_DEV_ARGS="$TILERA_COMMON_ARGS --net tilera --resume"
+$TILERA_ROOT/bin/tile-monitor $TILERA_DEV_ARGS
+
+## Uncomment the following four lines and comment the previous two if
+## you want to run the tests on the Tilera simulator.
+#export SIM_IMAGE_SIZE="4x4"
+#export TILERA_SIM_ARGS=" \
+#    --image $SIM_IMAGE_SIZE $TILERA_COMMON_ARGS --functional"
+#$TILERA_ROOT/bin/tile-monitor $TILERA_SIM_ARGS
diff --git a/client/3rd/ShadowSocks/ShadowSocks/shadowsocks-libev/libcork/version.sh b/client/3rd/ShadowSocks/ShadowSocks/shadowsocks-libev/libcork/version.sh
new file mode 100755
index 00000000..40e8d055
--- /dev/null
+++ b/client/3rd/ShadowSocks/ShadowSocks/shadowsocks-libev/libcork/version.sh
@@ -0,0 +1,33 @@
+#!/bin/sh
+# ----------------------------------------------------------------------
+# Copyright © 2011-2013, RedJack, LLC.
+# All rights reserved.
+#
+# Please see the COPYING file in this distribution for license
+# details.
+# ----------------------------------------------------------------------
+
+# Calculates the current version number.  If possible, this is the
+# output of “git describe”.  If “git describe” returns an error (most
+# likely because we're in an unpacked copy of a release tarball, rather
+# than in a git working copy), then we fall back on reading the contents
+# of the RELEASE-VERSION file.
+#
+# This will automatically update the RELEASE-VERSION file, if necessary.
+# Note that the RELEASE-VERSION file should *not* be checked into git;
+# please add it to your top-level .gitignore file.
+
+version=$(git describe)
+if [ -n ${version} ]; then
+    # If we got something from git-describe, write the version to the
+    # output file.
+    echo ${version} > RELEASE-VERSION
+else
+    version=$(cat RELEASE-VERSION)
+    if [ -z ${version} ]; then
+        echo "Cannot find the version number!" >&2
+        exit 1
+    fi
+fi
+
+echo ${version}
diff --git a/client/3rd/ShadowSocks/ShadowSocks/shadowsocks-libev/libipset/.buzzy/links.yaml b/client/3rd/ShadowSocks/ShadowSocks/shadowsocks-libev/libipset/.buzzy/links.yaml
new file mode 100644
index 00000000..61508af5
--- /dev/null
+++ b/client/3rd/ShadowSocks/ShadowSocks/shadowsocks-libev/libipset/.buzzy/links.yaml
@@ -0,0 +1,4 @@
+- git://github.com/redjack/check.git
+- !git-env
+  url: git://github.com/redjack/libcork.git
+  commit: develop
diff --git a/client/3rd/ShadowSocks/ShadowSocks/shadowsocks-libev/libipset/.buzzy/package.yaml b/client/3rd/ShadowSocks/ShadowSocks/shadowsocks-libev/libipset/.buzzy/package.yaml
new file mode 100644
index 00000000..ccf03e89
--- /dev/null
+++ b/client/3rd/ShadowSocks/ShadowSocks/shadowsocks-libev/libipset/.buzzy/package.yaml
@@ -0,0 +1,7 @@
+name: ipset
+build_dependencies:
+  - pkg-config
+  - check >= 0.9.4
+dependencies:
+  - libcork >= 0.12.0
+license: BSD
diff --git a/client/3rd/ShadowSocks/ShadowSocks/shadowsocks-libev/libipset/.gitignore b/client/3rd/ShadowSocks/ShadowSocks/shadowsocks-libev/libipset/.gitignore
new file mode 100644
index 00000000..7c31fb7f
--- /dev/null
+++ b/client/3rd/ShadowSocks/ShadowSocks/shadowsocks-libev/libipset/.gitignore
@@ -0,0 +1,14 @@
+/build/
+/.build/
+
+RELEASE-VERSION
+
+/ipset*.tar.gz
+/ipset*.tar.bz2
+
+*.[oa]
+*.os
+*.so
+*.dylib
+
+!.travis.yml
diff --git a/client/3rd/ShadowSocks/ShadowSocks/shadowsocks-libev/libipset/.travis.yml b/client/3rd/ShadowSocks/ShadowSocks/shadowsocks-libev/libipset/.travis.yml
new file mode 100644
index 00000000..16a6b611
--- /dev/null
+++ b/client/3rd/ShadowSocks/ShadowSocks/shadowsocks-libev/libipset/.travis.yml
@@ -0,0 +1,18 @@
+language: c
+compiler:
+  - clang
+  - gcc
+before_install:
+  # Travis performs a shallow clone, which doesn't fetch tags. We need tags for
+  # Buzzy to build/test the package.
+  - git fetch
+  # Download and install Buzzy
+  - wget https://github.com/redjack/buzzy/releases/download/0.5.0/buzzy_0.5.0_precise_amd64.deb -O buzzy.deb
+  - sudo dpkg -i buzzy.deb
+script: buzzy test
+
+# In addition to pull requests, always build these branches
+branches:
+  only:
+    - master
+    - develop
diff --git a/client/3rd/ShadowSocks/ShadowSocks/shadowsocks-libev/libipset/CMakeLists.txt b/client/3rd/ShadowSocks/ShadowSocks/shadowsocks-libev/libipset/CMakeLists.txt
new file mode 100644
index 00000000..87876684
--- /dev/null
+++ b/client/3rd/ShadowSocks/ShadowSocks/shadowsocks-libev/libipset/CMakeLists.txt
@@ -0,0 +1,100 @@
+# -*- coding: utf-8 -*-
+# ----------------------------------------------------------------------
+# Copyright © 2011-2013, RedJack, LLC.
+# All rights reserved.
+#
+# Please see the LICENSE.txt file in this distribution for license
+# details.
+# ----------------------------------------------------------------------
+
+cmake_minimum_required(VERSION 2.6)
+set(PROJECT_NAME ipset)
+set(RELEASE_DATE 2013-12-11)
+project(${PROJECT_NAME})
+enable_testing()
+
+#-----------------------------------------------------------------------
+# Retrieve the current version number
+
+execute_process(COMMAND ${CMAKE_CURRENT_SOURCE_DIR}/version.sh
+    WORKING_DIRECTORY ${CMAKE_CURRENT_SOURCE_DIR}
+    RESULT_VARIABLE VERSION_RESULT
+    OUTPUT_VARIABLE VERSION
+    OUTPUT_STRIP_TRAILING_WHITESPACE)
+if(VERSION_RESULT)
+    message(FATAL_ERROR
+            "Cannot determine version number: " ${VERSION_RESULT})
+endif(VERSION_RESULT)
+# This causes an annoying extra prompt in ccmake.
+# message("Current version: " ${VERSION})
+
+string(REGEX REPLACE "-dev.*" "-dev" BASE_VERSION "${VERSION}")
+
+find_package(PkgConfig)
+
+#-----------------------------------------------------------------------
+# Check for building on Tilera
+# If the Tilera environment is installed, then $TILERA_ROOT is defined
+# as the path to the active MDE.
+
+if(DEFINED ENV{TILERA_ROOT})
+    set(TILERA TRUE)
+    set(TILERA_ROOT $ENV{TILERA_ROOT})
+    message("-- Configuring for Tilera MDE ${TILERA_ROOT}")
+    set(ENV{PKG_CONFIG_PATH}
+        "${TILERA_ROOT}/tile/usr/lib/pkgconfig:${TILERA_ROOT}/tile/usr/local/lib/pkgconfig:$ENV{PKG_CONFIG_PATH}"
+    )
+    set(CMAKE_SYSTEM_NAME "Tilera")
+    set(CMAKE_SYSTEM_PROCESSOR "tilegx")
+    set(CMAKE_C_COMPILER "${TILERA_ROOT}/bin/tile-gcc")
+    set(CMAKE_LINKER "${TILERA_ROOT}/bin/tile-ld")
+    set(TILERA_MONITOR "${TILERA_ROOT}/bin/tile-monitor")
+    #add_definitions(-std=gnu99)
+    set(CMAKE_FIND_ROOT_PATH "${TILERA_ROOT}/tile")
+    set(CMAKE_FIND_ROOT_PATH_MODE_PROGRAM ONLY)
+    set(CMAKE_FIND_ROOT_PATH_MODE_LIBRARY ONLY)
+    set(CMAKE_FIND_ROOT_PATH_MODE_INCLUDE ONLY)
+endif()
+
+#-----------------------------------------------------------------------
+# Check for prerequisite libraries
+
+pkg_check_modules(CORK REQUIRED "libcork >= 0.12.0")
+include_directories(${CORK_INCLUDE_DIRS})
+link_directories(${CORK_LIBRARY_DIRS})
+
+#-----------------------------------------------------------------------
+# Set some options
+
+if(APPLE)
+    if (NOT CMAKE_INSTALL_NAME_DIR)
+        set(CMAKE_INSTALL_NAME_DIR "${CMAKE_INSTALL_PREFIX}/lib")
+    endif (NOT CMAKE_INSTALL_NAME_DIR)
+endif(APPLE)
+
+if(NOT CMAKE_BUILD_TYPE)
+    set(CMAKE_BUILD_TYPE Release CACHE STRING
+        "Choose the type of build, options are: None Debug Release RelWithDebInfo MinSizeRel."
+        FORCE)
+endif(NOT CMAKE_BUILD_TYPE)
+
+set(CMAKE_INSTALL_LIBDIR lib CACHE STRING
+    "The base name of the installation directory for libraries")
+
+if(CMAKE_C_COMPILER_ID STREQUAL "GNU")
+    add_definitions(-Wall -Werror)
+elseif(CMAKE_C_COMPILER_ID STREQUAL "Clang")
+    add_definitions(-Wall -Werror)
+elseif(CMAKE_C_COMPILER_ID STREQUAL "Intel")
+    add_definitions(-Wall -Werror)
+endif(CMAKE_C_COMPILER_ID STREQUAL "GNU")
+
+#-----------------------------------------------------------------------
+# Include our subdirectories
+
+add_subdirectory(docs)
+add_subdirectory(include)
+add_subdirectory(share)
+add_subdirectory(src)
+add_subdirectory(examples)
+add_subdirectory(tests)
diff --git a/client/3rd/ShadowSocks/ShadowSocks/shadowsocks-libev/libipset/INSTALL b/client/3rd/ShadowSocks/ShadowSocks/shadowsocks-libev/libipset/INSTALL
new file mode 100644
index 00000000..65857a33
--- /dev/null
+++ b/client/3rd/ShadowSocks/ShadowSocks/shadowsocks-libev/libipset/INSTALL
@@ -0,0 +1,34 @@
+Installation instructions
+=========================
+
+The ipset library is written in ANSI C.  It uses cmake as its build
+manager.
+
+
+Prerequisite libraries
+----------------------
+
+To build ipset, you need the following libraries installed on your
+system:
+
+  * pkg-config
+  * libcork
+  * libcork (https://github.com/redjack/libcork)
+  * check (http://check.sourceforge.net)
+
+
+Building from source
+--------------------
+
+The ipset library uses cmake as its build manager.  In most cases, you
+should be able to build the source code using the following:
+
+    $ mkdir build
+    $ cd build
+    $ cmake .. -DCMAKE_INSTALL_PREFIX=$PREFIX
+    $ make
+    $ make test
+    $ make install
+
+You might have to run the last command using sudo, if you need
+administrative privileges to write to the $PREFIX directory.
diff --git a/client/3rd/ShadowSocks/ShadowSocks/shadowsocks-libev/libipset/LICENSE.txt b/client/3rd/ShadowSocks/ShadowSocks/shadowsocks-libev/libipset/LICENSE.txt
new file mode 100644
index 00000000..cff38df0
--- /dev/null
+++ b/client/3rd/ShadowSocks/ShadowSocks/shadowsocks-libev/libipset/LICENSE.txt
@@ -0,0 +1,30 @@
+Copyright © 2009-2013, RedJack, LLC.
+All rights reserved.
+
+Redistribution and use in source and binary forms, with or without
+modification, are permitted provided that the following conditions are
+met:
+
+  • Redistributions of source code must retain the above copyright
+    notice, this list of conditions and the following disclaimer.
+
+  • Redistributions in binary form must reproduce the above copyright
+    notice, this list of conditions and the following disclaimer in
+    the documentation and/or other materials provided with the
+    distribution.
+
+  • Neither the name of RedJack Software, LLC nor the names of its
+    contributors may be used to endorse or promote products derived
+    from this software without specific prior written permission.
+
+THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS
+"AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT
+LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR
+A PARTICULAR PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE COPYRIGHT
+HOLDER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
+SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT
+LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,
+DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY
+THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
+(INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE
+OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
diff --git a/client/3rd/ShadowSocks/ShadowSocks/shadowsocks-libev/libipset/README.markdown b/client/3rd/ShadowSocks/ShadowSocks/shadowsocks-libev/libipset/README.markdown
new file mode 100644
index 00000000..2099d6f2
--- /dev/null
+++ b/client/3rd/ShadowSocks/ShadowSocks/shadowsocks-libev/libipset/README.markdown
@@ -0,0 +1,12 @@
+# ipset
+
+[![Build Status](https://img.shields.io/travis/redjack/ipset/develop.svg)](https://travis-ci.org/redjack/ipset)
+
+The ipset library provides C data types for storing sets of IP
+addresses, and maps of IP addresses to integers.  It supports both
+IPv4 and IPv6 addresses.  It's implemented using [Binary Decision
+Diagrams](http://en.wikipedia.org/wiki/Binary_decision_diagram)
+(BDDs), which (we hypothesize) makes it space efficient for large
+sets.
+
+Please see the INSTALL file for installation instructions.
diff --git a/client/3rd/ShadowSocks/ShadowSocks/shadowsocks-libev/libipset/docs/CMakeLists.txt b/client/3rd/ShadowSocks/ShadowSocks/shadowsocks-libev/libipset/docs/CMakeLists.txt
new file mode 100644
index 00000000..dc82aad1
--- /dev/null
+++ b/client/3rd/ShadowSocks/ShadowSocks/shadowsocks-libev/libipset/docs/CMakeLists.txt
@@ -0,0 +1,102 @@
+# -*- coding: utf-8 -*-
+# ----------------------------------------------------------------------
+# Copyright © 2011-2013, RedJack, LLC.
+# All rights reserved.
+#
+# Please see the LICENSE.txt file in this distribution for license
+# details.
+# ----------------------------------------------------------------------
+
+# Fill in this with the text that you want to include in the header and footer
+# of each man page.
+
+set(MAN_HEADER "ipset documentation")
+set(MAN_FOOTER "ipset")
+
+# Fill this in with any man pages that should be built from a pandoc source
+# file.  For a man page called foo.5, there should be a pandoc source file
+# called foo.5.pandoc.
+
+set(MAN_PAGES
+)
+
+#-----------------------------------------------------------------------
+# Everything below is boilerplate!
+
+find_program(
+    PANDOC_EXECUTABLE
+    NAMES pandoc
+    HINTS ENV PANDOC_DIR
+    PATH_SUFFIXES bin
+    DOC "Pandoc man page generator"
+)
+
+set(GENERATE_DOC TRUE CACHE BOOL
+    "Whether to rebuild documentation")
+
+if (NOT PANDOC_EXECUTABLE)
+    message(WARNING "Unable to find pandoc documentation generator")
+    set(GENERATE_DOC FALSE)
+endif (NOT PANDOC_EXECUTABLE)
+
+
+# Link man pages go in docs/links
+
+macro(install_links section)
+    file(GLOB links "links/*.${section}")
+    if (links)
+        install(
+            FILES ${links}
+            DESTINATION "share/man/man${section}"
+        )
+    endif (links)
+endmacro(install_links section)
+
+install_links(1)   # commands
+install_links(3)   # library API
+install_links(4)   # special files and drivers
+install_links(5)   # file formats and conventions
+install_links(7)   # miscellaneous
+install_links(8)   # system commands
+
+
+# Man pages with actual content go in docs
+
+set(ALL_MANS)
+
+macro(pandocify name)
+    set(src  "${CMAKE_CURRENT_SOURCE_DIR}/${name}.pandoc")
+    set(dest "${CMAKE_CURRENT_SOURCE_DIR}/${name}")
+    get_filename_component(section "${name}" EXT)
+    string(REPLACE "." "" section "${section}")
+
+    # Only compile the markdown source into groff man pages if requested.
+    if (GENERATE_DOC)
+        add_custom_command(
+            OUTPUT ${dest}
+            COMMAND ${PANDOC_EXECUTABLE}
+                -f markdown -t man -s --smart
+                -V header="${MAN_HEADER}"
+                -V footer="${MAN_FOOTER}"
+                -V date=${RELEASE_DATE}
+                -o ${dest} ${src}
+            MAIN_DEPENDENCY ${src}
+            COMMENT "Building ${name}"
+        )
+        list(APPEND ALL_MANS ${dest})
+    endif (GENERATE_DOC)
+
+    # We should always have an already-compiled copy of each man page in the
+    # source tree, which we can install even if we didn't build fresh new
+    # copies.
+    install(
+        FILES ${dest}
+        DESTINATION "share/man/man${section}"
+    )
+endmacro(pandocify)
+
+foreach(MAN_PAGE ${MAN_PAGES})
+    pandocify(${MAN_PAGE})
+endforeach(MAN_PAGE)
+
+add_custom_target(doc ALL DEPENDS ${ALL_MANS})
diff --git a/client/3rd/ShadowSocks/ShadowSocks/shadowsocks-libev/libipset/docs/commands.rst b/client/3rd/ShadowSocks/ShadowSocks/shadowsocks-libev/libipset/docs/commands.rst
new file mode 100644
index 00000000..8a5d5823
--- /dev/null
+++ b/client/3rd/ShadowSocks/ShadowSocks/shadowsocks-libev/libipset/docs/commands.rst
@@ -0,0 +1,173 @@
+.. _commands:
+
+Command-line utilities
+======================
+
+The IP set library comes with several command-line utilities for building and
+interacting with IP sets.
+
+
+ipsetbuild
+----------
+
+.. program:: ipsetbuild
+
+The ``ipsetbuild`` command is used to an build binary IP set file from a text
+file containing a list of IP addresses and CIDR networks.
+
+::
+
+    $ ipsetbuild [options] <input file>...
+
+.. option:: --output <filename>, -o <filename>
+
+   Writes the binary IP set file to *filename*.  If this option isn't given,
+   then the binary set will be written to standard output.
+
+.. option::  --loose-cidr, -l
+
+   Be more lenient about the address portion of any CIDR network blocks found in
+   the input file.  (This is described in more detail below.)
+
+.. option:: --verbose, -v
+
+   Show summary information about the IP set that's built, as well as progress
+   information about the files being read and written.  If this option is not
+   given, the only output will be any error, alert, or warning messages that
+   occur.
+
+.. option:: --quiet, -q
+
+   Show only error message for malformed input. All warnings, alerts, and
+   summary information about the IP set is suppressed.
+
+.. option:: --help
+
+   Display some help text and exit.
+
+Each input file must contain one IP address or network per line.  Lines
+beginning with a ``#`` are considered comments and are ignored.  Each IP address
+must have one of the following formats::
+
+    x.x.x.x
+    x.x.x.x/cidr
+    xxxx:xxxx:xxxx:xxxx:xxxx:xxxx:xxxx:xxxx
+    xxxx:xxxx:xxxx:xxxx:xxxx:xxxx:xxxx:xxxx/cidr
+
+The first two are for IPv4 addresses and networks; the second two for IPv6
+addresses and networks.  For IPv6 addresses, you can use the ``::`` shorthand
+notation to collapse consecutive ``0`` portions.
+
+If an address contains a ``/cidr`` suffix, then the entire CIDR network of
+addresses will be added to the set.  You must ensure that the low- order bits of
+the address are set to 0; if not, we'll raise an error.  (If you pass in the
+:option:`--loose-cidr <ipsetbuild --loose-cidr>` option, we won't perform this
+sanity check.)
+
+You can also prefix any input line with an exclamation point (``!``).  This
+causes the given address or network to be *removed* from the output set.  This
+notation can be useful to define a set that contains most of the addresses in a
+large CIDR block, except for addresses at certain "holes".
+
+The order of the addresses and networks given to ipsetbuild does not matter.  If
+a particular address is added to the set more than once, or removed from the set
+more than once, whether on its own or via a CIDR network, then you will get a
+warning message.  (You can silence these warnings with the :option:`--quiet
+<ipsetbuild --quiet>` option.)  If an address is both added to and removed from
+the set, then the removal takes precedence, regardless of where the relevant
+lines appear in the input file.
+
+
+ipsetcat
+--------
+
+.. program:: ipsetcat
+
+The ``ipsetcat`` command is used to print out the (non-sorted) contents of a
+binary IP set file.
+
+::
+
+    $ ipsetcat [options] <input file>
+
+To read from stdin, use ``-`` as the filename.
+
+.. option:: --output <filename>, -o <filename>
+
+   Writes the contents of the binary IP set file to *filename*.  If this option
+   isn't given, then the contents will be written to standard output.
+
+.. option:: --networks, -n
+
+   Where possible, group the IP addresses in the set into CIDR network blocks.
+   For dense sets, this can greatly reduce the amount of output that's
+   generated.
+
+.. option:: --verbose, -v
+
+   Show progress information about the files being read and written.  If this
+   option is not given, the only output will be any error messages that occur.
+
+.. option:: --help
+
+   Display some help text and exit.
+
+The output will contain one IP address or network per line.  If you give the
+:option:`--networks <ipsetcat --networks>` option, then we will collapse
+addresses into CIDR networks where possible.  CIDR network blocks will have one
+of the following formats::
+
+    x.x.x.x/cidr
+    xxxx:xxxx:xxxx:xxxx:xxxx:xxxx:xxxx:xxxx/cidr
+
+Individual IP addresses will have one of the following formats::
+
+    x.x.x.x
+    xxxx:xxxx:xxxx:xxxx:xxxx:xxxx:xxxx:xxxx
+
+Note that we never include a /32 or /128 suffix for individual addresses, even
+if you've requested CIDR networks via the :option:`--networks <ipsetcat
+--networks>` option.
+
+.. note::
+
+   Please note that the output is *unsorted*.  There are no guarantees made
+   about the order of the IP addresses and networks in the output.
+
+
+ipsetdot
+--------
+
+.. program:: ipsetdot
+
+The ``ipsetdot`` command is used to create a GraphViz_ file showing the BDD
+structure of an IP set.
+
+.. _GraphViz: http://www.graphviz.org/
+
+::
+
+    $ ipsetdot [options] <input file>
+
+To read from stdin, use ``-`` as the filename.
+
+.. option:: --output <filename>, -o <filename>
+
+   Writes the GraphViz representation of the binary IP set file to *filename*.
+   If this option isn't given, then the contents will be written to standard
+   output.
+
+.. option:: --verbose, -v
+
+   Show progress information about the files being read and written.  If this
+   option is not given, the only output will be any error messages that occur.
+
+.. option:: --help
+
+   Display some help text and exit.
+
+Internally, IP sets are represented by a binary-decision diagram (BDD).  The
+``ipsetdot`` program can be used to produce a GraphViz file that describes the
+internal BDD structure for an IP set.  The GraphViz representation can then be
+passed in to GraphViz's ``dot`` program, for instance, to generate an image of
+the BDD's graph structure.
diff --git a/client/3rd/ShadowSocks/ShadowSocks/shadowsocks-libev/libipset/docs/file-format.rst b/client/3rd/ShadowSocks/ShadowSocks/shadowsocks-libev/libipset/docs/file-format.rst
new file mode 100644
index 00000000..267e9a4d
--- /dev/null
+++ b/client/3rd/ShadowSocks/ShadowSocks/shadowsocks-libev/libipset/docs/file-format.rst
@@ -0,0 +1,162 @@
+.. _file-format:
+
+File format reference
+=====================
+
+This section describes the current file format used to encode IP sets on disk.
+
+Overview
+--------
+
+An IP set is stored internally using a `Binary Decision Diagram`_ (BDD).  This
+structure is reflected in the on-disk format, too.  Taking an IPv4 address as an
+example, we can create a Boolean variable for each of the 32 bits in the
+address.  A set can then be thought of as a Boolean formula.  To see if a
+particular IP address is in the set, you assign each variable a ``TRUE`` or
+``FALSE`` value depending on whether that bit is set in the IP address.  You
+then plug those variables into the formula: if the result is ``TRUE``, the
+address is in the set; if it's ``FALSE``, it's not in the set.
+
+.. _Binary Decision Diagram: http://en.wikipedia.org/wiki/Binary_decision_diagram)
+
+To handle both IPv4 and IPv6 addresses, we use an initial variable (variable 0)
+that indicates whether a particular address is IPv4 or IPv6; we use ``TRUE`` for
+IPv4 and ``FALSE`` for IPv6.  IPv4 addresses then use variables 1-32 for each
+bit in the address, while IPv6 addresses use variables 1-128.  (We can reuse the
+variables like this since we've got variable 0 discriminating the two types of
+address.)
+
+A BDD encodes a Boolean formula as a binary search tree.  There are two kinds of
+nodes: *terminal* nodes, which are the leaves of the tree, and *nonterminal*
+nodes.  A terminal node is labeled with a value, representing the result of the
+Boolean formula; for a set, this is either ``TRUE`` or ``FALSE``.  A nonterminal
+node is labeled with a variable number, and has **low** and **high** connections
+to other nodes.
+
+To evaluate a BDD with a particular assignment of variables, you start at the
+BDD's root node.  At each nonterminal, you look up the specified variable.  If
+the variable is ``TRUE``, you follow the **high** pointer; if it's ``FALSE``,
+you follow the **low** pointer.  When you reach a terminal node, you have the
+result of the formula.
+
+BDDs have certain restrictions placed on them for efficiency reasons.  They must
+be *reduced*, which means that the **low** and **high** connections of a
+nonterminal node must be different, and that you can't have two nonterminal
+nodes with the same contents.  They must be *ordered*, which means that the
+variable number of a nonterminal node must be less than the variable numbers of
+its children.
+
+All of this has ramifications on the storage format, since we're storing the BDD
+structure of a set.  To store a BDD, we only need two basic low-level storage
+elements: a *variable index*, and a *node ID*.  Since an IP set can store both
+IPv4 and IPv6 addresses, we need 129 total variables: variable 0 to determine
+which kind of address, and variables 1-128 to store the bits of the address.
+Node IDs are references to the nodes in the BDD.
+
+A terminal node has an ID ≥ 0.  We don't explicitly store terminal nodes in the
+storage stream; instead, the node ID of a terminal node is the value associated
+with that terminal node.  For sets, node 0 is the ``FALSE`` node, and node 1 is
+the ``TRUE`` node.
+
+A nonterminal node has an ID < 0.  Each nonterminal node has its own entry in
+the storage stream.  The entries are stored as a flat list, starting with
+nonterminal -1, followed by -2, etc.  Because of the tree structure of a BDD, we
+can ensure that all references to a node appear after that node in the list.
+
+Note that the BDD for an empty set has no nonterminal nodes — the formula always
+evaluates to ``FALSE``, regardless of what values the variables have, so the BDD
+is just the ``FALSE`` terminal node.  Similarly, the BDD for a set that contains
+all IP addresses will just be the ``TRUE`` terminal.
+
+
+On-disk syntax
+--------------
+
+With those preliminaries out of the way, we can define the actual on-disk
+structure.  Note that all integers are big-endian.
+
+Header
+~~~~~~
+
+All IP sets start with a 20-byte header.  This header starts with a six-byte
+magic number, which corresponds to the ASCII string ``IP set``::
+
+    +----+----+----+----+----+----+
+    | 49 | 50 | 20 | 73 | 65 | 74 |
+    +----+----+----+----+----+----+
+
+Next comes a 16-bit version field that tells us which version of the IP set file
+format is in use.  The current version is 1::
+
+    +----+----+
+    | 00 | 01 |
+    +----+----+
+
+Next comes a 64-bit length field.  This gives us the length of the *entire*
+serialized IP set, including the magic number and other header fields.
+
+::
+
+    +----+----+----+----+----+----+----+----+
+    |                 Length                |
+    +----+----+----+----+----+----+----+----+
+
+The last header field is a 32-bit integer giving the number of nonterminal nodes
+in the set.
+
+::
+
+    +----+----+----+----+
+    | Nonterminal count |
+    +----+----+----+----+
+
+Terminal node
+~~~~~~~~~~~~~
+
+As mentioned above, it's possible for there to be no nonterminals in the set's
+BDD.  If there aren't any nonterminals, there must exactly one terminal in the
+BDD.  This indicates that the set is empty (if it's the ``FALSE`` terminal), or
+contains every IP address (if it's the ``TRUE`` terminal).  In this case, the
+header is followed by a 32-bit integer that encodes the value of the BDD's
+terminal node.
+
+::
+
+    +----+----+----+----+
+    |  Terminal value   |
+    +----+----+----+----+
+
+Nonterminal nodes
+~~~~~~~~~~~~~~~~~
+
+If there are any nonterminal nodes in the BDD, the header is followed by a list
+of *node structures*, one for each nonterminal.  Each node structure starts with
+an 8-bit variable index::
+
+    +----+
+    | VI |
+    +----+
+
+Variable 0 determines whether a particular address is IPv4 or IPv6.  Variables
+1-32 represent the bits of an IPv4 address; variables 1-128 represent the bits
+of an IPv6 address.  (The bits of an address are numbered in big-endian byte
+order, and from MSB to LSB within each byte.)
+
+Next comes the **low** pointer and **high** pointer.  Each is encoded as a
+32-bit node ID.  Node IDs ≥ 0 point to terminal nodes; in this case, the node ID
+is the value of the terminal node.  Node IDs < 0 point to nonterminal nodes;
+node -1 is the first node in the list, node -2 is second, etc.
+
+::
+
+    +----+----+----+----+
+    |    Low pointer    |
+    +----+----+----+----+
+    |    High pointer   |
+    +----+----+----+----+
+
+We use a depth-first search when writing the nodes to disk.  This ensures any
+nonterminal node reference points to a node earlier in the node list.
+Therefore, when you read in an IP set, you can make a single pass through the
+node list; whenever you encounter a node reference, you can assume that the node
+it points to has already been read in.
diff --git a/client/3rd/ShadowSocks/ShadowSocks/shadowsocks-libev/libipset/docs/maps.rst b/client/3rd/ShadowSocks/ShadowSocks/shadowsocks-libev/libipset/docs/maps.rst
new file mode 100644
index 00000000..5c14e1f2
--- /dev/null
+++ b/client/3rd/ShadowSocks/ShadowSocks/shadowsocks-libev/libipset/docs/maps.rst
@@ -0,0 +1,153 @@
+.. _maps:
+
+IP maps
+=======
+
+The functions in this section allow you to work with *IP maps*, which map IP
+addresses to integer values.  IP maps work seamlessly with both IPv4 and IPv6
+addresses.  Every IP address is mapped to some value; each IP map has a *default
+value* that will be used for any addresses that aren't explicitly mapped to
+something else.  (This is the map equivalent of an address not appearing in a
+set; "removing" an address from a map is the same as setting it to the map's
+default value.)
+
+.. note::
+
+   With this definition of a map, an IP set is just an IP map that is restricted
+   to the values 0 and 1.  This is actually how sets are implemented internally.
+
+.. note::
+
+   Before using any of the IP map functions, you must initialize this library
+   using :c:func:`ipset_init_library`.
+
+
+Creating and freeing maps
+-------------------------
+
+.. type:: struct ip_map
+
+   Maps IP addresses to integer values.  The fields of this ``struct`` are
+   opaque; you should only use the public library functions to access the
+   contents of the map.
+
+There are two ways that you can work with IP maps.  The first is that you can
+allocate the space for the :c:type:`ip_map` instance yourself --- for instance,
+directly on the stack.  The second is to let the IP map library allocate the
+space for you.  Your choice determines which of the following functions you will
+use to create and free your IP maps.
+
+.. function:: void ipmap_init(struct ip_map \*map, int default_value)
+              struct ip_map \*ipmap_new(int default_value)
+
+   Creates a new IP map.  The map will use *default_value* as the default value
+   for any addresses that aren't explicitly mapped to something else.
+
+   The ``init`` variant should be used if you've allocated space for the map
+   yourself.  The ``new`` variant should be used if you want the library to
+   allocate the space for you.  (The ``new`` variant never returns ``NULL``; it
+   will abort the program if the allocation fails.) In both cases, the map
+   starts off empty.
+
+.. function:: void ipmap_done(struct ip_map \*map)
+              void ipmap_free(struct ip_map \*map)
+
+   Finalizes an IP map.  The ``done`` variant must be used if you created the
+   map using :c:func:`ipmap_init`; the ``free`` variant must be used if you
+   created the map using :c:func:`ipmap_new`.
+
+
+Adding and removing elements
+----------------------------
+
+We provide a variety of functions for adding and removing addresses from an IP
+map.
+
+.. function:: void ipmap_ipv4_set(struct ip_map \*map, struct cork_ipv4 \*ip, int value)
+              void ipmap_ipv6_set(struct ip_map \*map, struct cork_ipv6 \*ip, int value)
+              void ipmap_ip_set(struct ip_map \*map, struct cork_ip \*ip, int value)
+
+   Updates *map* so that *ip* is mapped to *value*.
+
+.. function:: void ipmap_ipv4_set_network(struct ip_map \*map, struct cork_ipv4 \*ip, unsigned int cidr_prefix, int value)
+              void ipmap_ipv6_set_network(struct ip_map \*map, struct cork_ipv6 \*ip, unsigned int cidr_prefix, int value)
+              void ipmap_ip_set_network(struct ip_map \*map, struct cork_ip \*ip, unsigned int cidr_prefix, int value)
+
+   Updates *map* so that all of the addresses in a CIDR network are mapped to
+   *value*.  *ip* is one of the addresses in the CIDR network; *cidr_prefix* is
+   the number of bits in the network portion of each IP address in the CIDR
+   network, as defined in `RFC 4632`_.  *cidr_prefix* must be in the range 0-32
+   (inclusive) if *ip* is an IPv4 address, and in the range 0-128 (inclusive) if
+   it's an IPv6 address.
+
+.. _RFC 4632: http://tools.ietf.org/html/rfc4632
+
+.. note::
+
+   In all of the ``_network`` functions, if you want to strictly adhere to RFC
+   4632, *ip* can only have non-zero bits in its *cidr_prefix* uppermost bits.
+   All of the lower-order bits (i.e., in the host portion of the IP address)
+   must be map to 0.  We do not enforce this, however.
+
+
+Querying a map
+--------------
+
+.. function:: int ipmap_get_ipv4(const struct ip_map \*map, struct cork_ipv4 \*ip)
+              int ipmap_get_ipv6(const struct ip_map \*map, struct cork_ipv6 \*ip)
+              int ipmap_get_ip(const struct ip_map \*map, struct cork_ip \*ip)
+
+   Returns the value that *ip* is mapped to in *map*.
+
+.. function:: bool ipmap_is_empty(const struct ip_map \*map)
+
+   Returns whether *map* is empty.  A map is considered empty is every IP
+   address is mapped to the default value.
+
+.. function:: bool ipmap_is_equal(const struct ip_map \*map1, const struct ip_map \*map2)
+
+   Returns whether every IP address is mapped to the same value in *map1* and
+   *map2*.
+
+.. function:: size_t ipmap_memory_size(const struct ip_map \*map)
+
+   Returns the number of bytes of memory needed to store *map*.  Note that
+   adding together the storage needed for each map you use doesn't necessarily
+   give you the total memory requirements, since some storage can be shared
+   between maps.
+
+
+Storing maps in files
+---------------------
+
+The functions in this section allow you to store IP maps on disk, and reload
+them into another program at a later time.  You don't have to know the details
+of the file format to be able to use these functions; we guarantee that maps
+written with previous versions of the library will be readable by later versions
+of the library (but not vice versa).  And we guarantee that the file format is
+platform-independent; maps written on any machine will be readable on any other
+machine.
+
+(That said, if you do want to know the details of the file format, that's
+documented in :ref:`another section <file-format>`.)
+
+.. function:: int ipmap_save(FILE \*stream, const struct ip_map \*map)
+
+   Saves an IP map into *stream*.  You're responsible for opening *stream*
+   before calling this function, and for closing *stream* afterwards.  If there
+   are any errors writing the map, we return ``-1`` and fill in a libcork
+   :ref:`error condition <libcork:errors>`.
+
+.. function:: int ipmap_save_to_stream(struct cork_stream_consumer \*stream, const struct ip_map \*map)
+
+   Saves an IP map into a libcork :ref:`stream consumer <libcork:stream>`.  If
+   there are any errors writing the map, we return ``-1`` and fill in a libcork
+   :ref:`error condition <libcork:errors>`.
+
+.. function:: struct ip_map \*ipmap_load(FILE \*stream)
+
+   Loads an IP map from *stream*.  You're responsible for opening *stream*
+   before calling this function, and for closing *stream* afterwards.  If there
+   are any errors reading the map, we return ``NULL`` and fill in a libcork
+   :ref:`error condition <libcork:errors>`.  You must use :c:func:`ipmap_free`
+   to free the map when you're done with it.
diff --git a/client/3rd/ShadowSocks/ShadowSocks/shadowsocks-libev/libipset/docs/sets.rst b/client/3rd/ShadowSocks/ShadowSocks/shadowsocks-libev/libipset/docs/sets.rst
new file mode 100644
index 00000000..81e3116a
--- /dev/null
+++ b/client/3rd/ShadowSocks/ShadowSocks/shadowsocks-libev/libipset/docs/sets.rst
@@ -0,0 +1,234 @@
+.. _sets:
+
+IP sets
+=======
+
+The functions in this section allow you to work with sets of IP addresses.  IP
+sets work seamlessly with both IPv4 and IPv6 addresses.
+
+.. note::
+
+   Before using any of the IP set functions, you must initialize this library
+   using the following function.
+
+.. function:: int ipset_init_library(void)
+
+   Initializes the IP set library.  This function **must** be called before any
+   other function in the library.  It is safe to call this function multiple
+   times, and from multiple threads.
+
+
+Creating and freeing sets
+-------------------------
+
+.. type:: struct ip_set
+
+   A set of IP addresses.  The fields of this ``struct`` are opaque; you should
+   only use the public library functions to access the contents of the set.
+
+There are two ways that you can work with IP sets.  The first is that you can
+allocate the space for the :c:type:`ip_set` instance yourself --- for instance,
+directly on the stack.  The second is to let the IP set library allocate the
+space for you.  Your choice determines which of the following functions you will
+use to create and free your IP sets.
+
+.. function:: void ipset_init(struct ip_set \*set)
+              struct ip_set \*ipset_new(void)
+
+   Creates a new IP set.  The ``init`` variant should be used if you've
+   allocated space for the set yourself.  The ``new`` variant should be used if
+   you want the library to allocate the space for you.  (The ``new`` variant
+   never returns ``NULL``; it will abort the program if the allocation fails.)
+   In both cases, the set starts off empty.
+
+.. function:: void ipset_done(struct ip_set \*set)
+              void ipset_free(struct ip_set \*set)
+
+   Finalizes an IP set.  The ``done`` variant must be used if you created the
+   set using :c:func:`ipset_init`; the ``free`` variant must be used if you
+   created the set using :c:func:`ipset_new`.
+
+
+Adding and removing elements
+----------------------------
+
+We provide a variety of functions for adding and removing addresses from an IP
+set.
+
+.. function:: bool ipset_ipv4_add(struct ip_set \*set, struct cork_ipv4 \*ip)
+              bool ipset_ipv6_add(struct ip_set \*set, struct cork_ipv6 \*ip)
+              bool ipset_ip_add(struct ip_set \*set, struct cork_ip \*ip)
+
+   Adds a single IP address to *set*.  If the IP address was not already in the
+   set, we return ``true``; otherwise we return ``false``.  (In other words, we
+   return whether the set changed as a result of this operation.)
+
+.. function:: bool ipset_ipv4_remove(struct ip_set \*set, struct cork_ipv4 \*ip)
+              bool ipset_ipv6_remove(struct ip_set \*set, struct cork_ipv6 \*ip)
+              bool ipset_ip_remove(struct ip_set \*set, struct cork_ip \*ip)
+
+   Removes a single IP removeress from *set*.  If the IP address was previously
+   in the set, we return ``true``; otherwise we return ``false``.  (In other
+   words, we return whether the set changed as a result of this operation.)
+
+.. function:: bool ipset_ipv4_add_network(struct ip_set \*set, struct cork_ipv4 \*ip, unsigned int cidr_prefix)
+              bool ipset_ipv6_add_network(struct ip_set \*set, struct cork_ipv6 \*ip, unsigned int cidr_prefix)
+              bool ipset_ip_add_network(struct ip_set \*set, struct cork_ip \*ip, unsigned int cidr_prefix)
+
+   Adds an entire CIDR network of IP addresses to *set*.  *ip* is one of the
+   addresses in the set; *cidr_prefix* is the number of bits in the network
+   portion of each IP address in the CIDR network, as defined in `RFC 4632`_.
+   *cidr_prefix* must be in the range 0-32 (inclusive) if *ip* is an IPv4
+   address, and in the range 0-128 (inclusive) if it's an IPv6 address.
+
+   We return whether the set changed as a result of this operation; if we return
+   ``true``, than at least one of the address in the CIDR network was not
+   already present in *set*.  We cannot currently distinguish whether *all* of
+   the addresses were missing (and therefore added).
+
+.. function:: bool ipset_ipv4_remove_network(struct ip_set \*set, struct cork_ipv4 \*ip, unsigned int cidr_prefix)
+              bool ipset_ipv6_remove_network(struct ip_set \*set, struct cork_ipv6 \*ip, unsigned int cidr_prefix)
+              bool ipset_ip_remove_network(struct ip_set \*set, struct cork_ip \*ip, unsigned int cidr_prefix)
+
+   Removes an entire CIDR network of IP addresses from *set*.  *ip* is one of
+   the addresses in the set; *cidr_prefix* is the number of bits in the network
+   portion of each IP address in the CIDR network, as defined in `RFC 4632`_.
+   *cidr_prefix* must be in the range 0-32 (inclusive) if *ip* is an IPv4
+   address, and in the range 0-128 (inclusive) if it's an IPv6 address.
+
+   We return whether the set changed as a result of this operation; if we return
+   ``true``, than at least one of the address in the CIDR network was present in
+   *set*.  We cannot currently distinguish whether *all* of the addresses were
+   present (and therefore removed).
+
+.. _RFC 4632: http://tools.ietf.org/html/rfc4632
+
+.. note::
+
+   In all of the ``_network`` functions, if you want to strictly adhere to RFC
+   4632, *ip* can only have non-zero bits in its *cidr_prefix* uppermost bits.
+   All of the lower-order bits (i.e., in the host portion of the IP address)
+   must be set to 0.  We do not enforce this, however.
+
+
+Querying a set
+--------------
+
+.. function:: bool ipset_contains_ipv4(const struct ip_set \*set, struct cork_ipv4 \*ip)
+              bool ipset_contains_ipv6(const struct ip_set \*set, struct cork_ipv6 \*ip)
+              bool ipset_contains_ip(const struct ip_set \*set, struct cork_ip \*ip)
+
+   Returns whether *set* contains *ip*.
+
+.. function:: bool ipset_is_empty(const struct ip_set \*set)
+
+   Returns whether *set* is empty.
+
+.. function:: bool ipset_is_equal(const struct ip_set \*set1, const struct ip_set \*set2)
+
+   Returns whether *set1* and *set2* contain exactly the same addresses.
+
+.. function:: size_t ipset_memory_size(const struct ip_set \*set)
+
+   Returns the number of bytes of memory needed to store *set*.  Note that
+   adding together the storage needed for each set you use doesn't necessarily
+   give you the total memory requirements, since some storage can be shared
+   between sets.
+
+
+Iterating through a set
+-----------------------
+
+In addition to querying individual addresses, you can iterate through the entire
+contents of an IP set.  There are two iterator functions; one that provides
+every individual IP address, and one that collapses addresses into CIDR networks
+as much as possible, and returns those networks.
+
+.. note::
+
+   You should not modify an IP set while you're actively iterating through its
+   contents; if you do this, you'll get undefined behavior.
+
+
+.. type:: struct ipset_iterator
+
+   An iterator object that lets you query all of the addresses in an IP set.
+
+   .. member:: struct cork_ip  addr
+
+      If iterating through individual addresses, this contains the address that
+      the iterator currently points at.  If iterating through CIDR networks,
+      this is the representative address of the current network.
+
+   .. member:: unsigned int  cidr_prefix
+
+      If iterating through CIDR networks, this is the CIDR prefix of the current
+      network.  If iterating through individual IP addresses, this will always
+      be ``32`` or ``128``, depending on whether *addr* contains an IPv4 or IPv6
+      address.
+
+.. function:: struct ipset_iterator \*ipset_iterate(struct ip_set \*set, bool desired_value)
+              struct ipset_iterator \*ipset_iterate_networks(struct ip_set \*set, bool desired_value)
+
+   If *desired_value* is ``true``, then we return an iterator that will produce
+   the IP addresses that are present in *set*.  If it's ``false``, then the
+   iterator will produce the IP addresses that are *not* in *set*.
+
+   The ``_networks`` variant will summarize the IP addresses into CIDR networks,
+   to reduce the number of items that are reported by the iterator.  (This can
+   be especially useful (necessary?) if your set contains any /8 or /16 IPv4
+   networks, for instance; or even worse, a /64 IPv6 network.)
+
+.. function:: void ipset_iterator_advance(struct ipset_iterator \*iterator)
+
+   Advance *iterator* to the next IP address or network in its underlying set.
+
+.. function:: void ipset_iterator_free(struct ipset_iterator \*iterator)
+
+   Frees an IP set iterator.
+
+
+Storing sets in files
+---------------------
+
+The functions in this section allow you to store IP sets on disk, and reload
+them into another program at a later time.  You don't have to know the details
+of the file format to be able to use these functions; we guarantee that sets
+written with previous versions of the library will be readable by later versions
+of the library (but not vice versa).  And we guarantee that the file format is
+platform-independent; sets written on any machine will be readable on any other
+machine.
+
+(That said, if you do want to know the details of the file format, that's
+documented in :ref:`another section <file-format>`.)
+
+.. function:: int ipset_save(FILE \*stream, const struct ip_set \*set)
+
+   Saves an IP set into *stream*.  You're responsible for opening *stream*
+   before calling this function, and for closing *stream* afterwards.  If there
+   are any errors writing the set, we return ``-1`` and fill in a libcork
+   :ref:`error condition <libcork:errors>`.
+
+.. function:: int ipset_save_to_stream(struct cork_stream_consumer \*stream, const struct ip_set \*set)
+
+   Saves an IP set into a libcork :ref:`stream consumer <libcork:stream>`.  If
+   there are any errors writing the set, we return ``-1`` and fill in a libcork
+   :ref:`error condition <libcork:errors>`.
+
+.. function:: struct ip_set \*ipset_load(FILE \*stream)
+
+   Loads an IP set from *stream*.  You're responsible for opening *stream*
+   before calling this function, and for closing *stream* afterwards.  If there
+   are any errors reading the set, we return ``NULL`` and fill in a libcork
+   :ref:`error condition <libcork:errors>`.  You must use :c:func:`ipset_free`
+   to free the set when you're done with it.
+
+.. function:: int ipset_save_dot(FILE \*stream, const struct ip_set \*set)
+
+   Produces a GraphViz_ ``dot`` representation of the BDD graph used to store
+   *set*, and writes this graph representation to *stream*.  You're responsible
+   for opening *stream* before calling this function, and for closing *stream*
+   afterwards.  If there are any errors writing the set, we return ``-1`` and
+   fill in a libcork :ref:`error condition <libcork:errors>`.
+
+   .. _GraphViz: http://www.graphviz.org/
diff --git a/client/3rd/ShadowSocks/ShadowSocks/shadowsocks-libev/libipset/examples/.gitignore b/client/3rd/ShadowSocks/ShadowSocks/shadowsocks-libev/libipset/examples/.gitignore
new file mode 100644
index 00000000..660a9072
--- /dev/null
+++ b/client/3rd/ShadowSocks/ShadowSocks/shadowsocks-libev/libipset/examples/.gitignore
@@ -0,0 +1 @@
+ipv4-set-size
diff --git a/client/3rd/ShadowSocks/ShadowSocks/shadowsocks-libev/libipset/examples/CMakeLists.txt b/client/3rd/ShadowSocks/ShadowSocks/shadowsocks-libev/libipset/examples/CMakeLists.txt
new file mode 100644
index 00000000..08da18c8
--- /dev/null
+++ b/client/3rd/ShadowSocks/ShadowSocks/shadowsocks-libev/libipset/examples/CMakeLists.txt
@@ -0,0 +1,16 @@
+# -*- coding: utf-8 -*-
+# ----------------------------------------------------------------------
+# Copyright © 2012, RedJack, LLC.
+# All rights reserved.
+#
+# Please see the LICENSE.txt file in this distribution for license
+# details.
+# ----------------------------------------------------------------------
+
+include_directories(../include)
+
+#-----------------------------------------------------------------------
+# Examples
+
+add_executable(ipv4-set-size ipv4-set-size.c)
+target_link_libraries(ipv4-set-size ${CORK_LIBRARIES} libipset)
diff --git a/client/3rd/ShadowSocks/ShadowSocks/shadowsocks-libev/libipset/examples/ipv4-set-size.c b/client/3rd/ShadowSocks/ShadowSocks/shadowsocks-libev/libipset/examples/ipv4-set-size.c
new file mode 100644
index 00000000..c13cbf7f
--- /dev/null
+++ b/client/3rd/ShadowSocks/ShadowSocks/shadowsocks-libev/libipset/examples/ipv4-set-size.c
@@ -0,0 +1,90 @@
+/* -*- coding: utf-8 -*-
+ * ----------------------------------------------------------------------
+ * Copyright © 2009-2012, RedJack, LLC.
+ * All rights reserved.
+ *
+ * Please see the LICENSE.txt file in this distribution for license
+ * details.
+ * ----------------------------------------------------------------------
+ */
+
+#include <stdint.h>
+#include <stdio.h>
+#include <stdlib.h>
+#include <time.h>
+
+#include <libcork/core.h>
+#include <ipset/ipset.h>
+
+
+static inline void
+random_ip(struct cork_ipv4 *ip)
+{
+    int  i;
+
+    for (i = 0; i < sizeof(struct cork_ipv4); i++) {
+        uint8_t  random_byte = random() & 0xff;
+        ip->_.u8[i] = random_byte;
+    }
+}
+
+
+static void
+one_test(long num_elements)
+{
+    struct ip_set  set;
+    long  i;
+    size_t  size;
+    double  size_per_element;
+    clock_t  start, end;
+    double  cpu_time_used;
+
+    start = clock();
+    ipset_init(&set);
+    for (i = 0; i < num_elements; i++) {
+        struct cork_ipv4  ip;
+        random_ip(&ip);
+        ipset_ipv4_add(&set, &ip);
+    }
+    end = clock();
+
+    size = ipset_memory_size(&set);
+    size_per_element = ((double) size) / num_elements;
+    cpu_time_used = ((double) (end - start)) / CLOCKS_PER_SEC;
+
+    fprintf(stdout, "%9lu%15zu%12.3lf%18.6lf\n",
+            num_elements, size, size_per_element, cpu_time_used);
+
+    ipset_done(&set);
+}
+
+
+int
+main(int argc, const char **argv)
+{
+    long  num_tests;
+    long  num_elements;
+    long  i;
+
+    if (argc != 3) {
+        fprintf(stderr, "Usage: ipv4-set-size [# tests] [# elements]\n");
+        return -1;
+    }
+
+    num_tests = atol(argv[1]);
+    num_elements = atol(argv[2]);
+
+    fprintf(stderr, "Creating %lu sets with %lu elements each.\n",
+            num_tests, num_elements);
+
+    ipset_init_library();
+    srandom(time(NULL));
+
+    fprintf(stdout, "%9s%15s%12s%18s\n",
+            "elements", "bytes", "bytes_per", "cpu_time");
+    for (i = 0; i < num_tests; i++) {
+        one_test(num_elements);
+    }
+
+    return 0;
+}
diff --git a/client/3rd/ShadowSocks/ShadowSocks/shadowsocks-libev/libipset/include/CMakeLists.txt b/client/3rd/ShadowSocks/ShadowSocks/shadowsocks-libev/libipset/include/CMakeLists.txt
new file mode 100644
index 00000000..d1e4a7d0
--- /dev/null
+++ b/client/3rd/ShadowSocks/ShadowSocks/shadowsocks-libev/libipset/include/CMakeLists.txt
@@ -0,0 +1,12 @@
+# -*- coding: utf-8 -*-
+# ----------------------------------------------------------------------
+# Copyright © 2011, RedJack, LLC.
+# All rights reserved.
+#
+# Please see the LICENSE.txt file in this distribution for license
+# details.
+# ----------------------------------------------------------------------
+
+install(DIRECTORY ${CMAKE_CURRENT_SOURCE_DIR}/
+    DESTINATION include
+    FILES_MATCHING PATTERN "*.h")
diff --git a/client/3rd/ShadowSocks/ShadowSocks/shadowsocks-libev/libipset/include/ipset/bdd/nodes.h b/client/3rd/ShadowSocks/ShadowSocks/shadowsocks-libev/libipset/include/ipset/bdd/nodes.h
new file mode 100644
index 00000000..18548286
--- /dev/null
+++ b/client/3rd/ShadowSocks/ShadowSocks/shadowsocks-libev/libipset/include/ipset/bdd/nodes.h
@@ -0,0 +1,536 @@
+/* -*- coding: utf-8 -*-
+ * ----------------------------------------------------------------------
+ * Copyright © 2010-2013, RedJack, LLC.
+ * All rights reserved.
+ *
+ * Please see the LICENSE.txt file in this distribution for license
+ * details.
+ * ----------------------------------------------------------------------
+ */
+
+#ifndef IPSET_BDD_NODES_H
+#define IPSET_BDD_NODES_H
+
+
+#include <stdio.h>
+
+#include <libcork/core.h>
+#include <libcork/ds.h>
+
+
+/*-----------------------------------------------------------------------
+ * Preliminaries
+ */
+
+/**
+ * Each variable in a BDD is referred to by number.
+ */
+typedef unsigned int  ipset_variable;
+
+
+/**
+ * Each BDD terminal represents an integer value.  The integer must be
+ * non-negative, but must be within the range of the <i>signed</i>
+ * integer type.
+ */
+typedef unsigned int  ipset_value;
+
+
+/**
+ * An identifier for each distinct node in a BDD.
+ *
+ * Internal implementation note.  Since pointers are aligned to at
+ * least two bytes, the ID of a terminal node has its LSB set to 1,
+ * and has the terminal value stored in the remaining bits.  The ID of
+ * a nonterminal node is simply a pointer to the node struct.
+ */
+typedef unsigned int  ipset_node_id;
+
+
+/**
+ * Nodes can either be terminal or nonterminal.
+ */
+enum ipset_node_type {
+    IPSET_NONTERMINAL_NODE = 0,
+    IPSET_TERMINAL_NODE = 1
+};
+
+
+/**
+ * Return the type of node represented by a particular node ID.
+ */
+#define ipset_node_get_type(node_id)  ((node_id) & 0x01)
+
+#define IPSET_NODE_ID_FORMAT  "%s%u"
+#define IPSET_NODE_ID_VALUES(node_id) \
+    (ipset_node_get_type((node_id)) == IPSET_NONTERMINAL_NODE? "s": ""), \
+    ((node_id) >> 1)
+
+
+/*-----------------------------------------------------------------------
+ * Terminal nodes
+ */
+
+/**
+ * Return the value of a terminal node.  The result is undefined if
+ * the node ID represents a nonterminal.
+ */
+#define ipset_terminal_value(node_id)  ((node_id) >> 1)
+
+/**
+ * Creates a terminal node ID from a terminal value.
+ */
+#define ipset_terminal_node_id(value) \
+    (((value) << 1) | IPSET_TERMINAL_NODE)
+
+
+/*-----------------------------------------------------------------------
+ * Nonterminal nodes
+ */
+
+/**
+ * A nonterminal BDD node.  This is an inner node of the BDD tree.
+ * The node represents one variable in an overall variable assignment.
+ * The node has two children: a “low” child and a “high” child.  The
+ * low child is the subtree that applies when the node's variable is
+ * false or 0; the high child is the subtree that applies when it's
+ * true or 1.
+ *
+ * This type does not take care of ensuring that all BDD nodes are
+ * reduced; that is handled by the node_cache class.
+ */
+struct ipset_node {
+    /** The reference count for this node. */
+    unsigned int  refcount;
+    /** The variable that this node represents. */
+    ipset_variable  variable;
+    /** The subtree node for when the variable is false. */
+    ipset_node_id  low;
+    /** The subtree node for when the variable is true. */
+    ipset_node_id  high;
+};
+
+/**
+ * Return the "value" of a nonterminal node.  The value of a nonterminal
+ * is the index into the node array of the cache that the node belongs
+ * to.
+ */
+#define ipset_nonterminal_value(node_id) ((node_id) >> 1)
+
+/**
+ * Creates a nonterminal node ID from a nonterminal value.
+ */
+#define ipset_nonterminal_node_id(value) \
+    (((value) << 1) | IPSET_NONTERMINAL_NODE)
+
+/**
+ * Print out a node object.
+ */
+void
+ipset_node_fprint(FILE *stream, struct ipset_node *node);
+
+
+/*-----------------------------------------------------------------------
+ * Node caches
+ */
+
+/**
+ * The log2 of the size of each chunk of BDD nodes.
+ */
+/* 16K elements per cache */
+#define IPSET_BDD_NODE_CACHE_BIT_SIZE  6
+#define IPSET_BDD_NODE_CACHE_SIZE  (1 << IPSET_BDD_NODE_CACHE_BIT_SIZE)
+#define IPSET_BDD_NODE_CACHE_MASK  (IPSET_BDD_NODE_CACHE_SIZE - 1)
+
+/**
+ * A cache for BDD nodes.  By creating and retrieving nodes through
+ * the cache, we ensure that a BDD is reduced.
+ */
+struct ipset_node_cache {
+    /** The storage for the nodes managed by this cache. */
+    cork_array(struct ipset_node *)  chunks;
+    /** The largest nonterminal index that has been handed out. */
+    ipset_value  largest_index;
+    /** The index of the first node in the free list. */
+    ipset_value  free_list;
+    /** A cache of the nonterminal nodes, keyed by their contents. */
+    struct cork_hash_table  *node_cache;
+};
+
+/**
+ * Returns the index of the chunk that the given nonterminal lives in.
+ */
+#define ipset_nonterminal_chunk_index(index) \
+    ((index) >> IPSET_BDD_NODE_CACHE_BIT_SIZE)
+
+/**
+ * Returns the offset of the given nonterminal within its chunk.
+ */
+#define ipset_nonterminal_chunk_offset(index) \
+    ((index) & IPSET_BDD_NODE_CACHE_MASK)
+
+/**
+ * Returns a pointer to the ipset_node for a given nonterminal index.
+ */
+#define ipset_node_cache_get_nonterminal_by_index(cache, index) \
+    (&cork_array_at(&(cache)->chunks, ipset_nonterminal_chunk_index((index))) \
+     [ipset_nonterminal_chunk_offset((index))])
+
+/**
+ * Returns the ipset_node for a given nonterminal node ID.
+ */
+#define ipset_node_cache_get_nonterminal(cache, node_id) \
+    (ipset_node_cache_get_nonterminal_by_index \
+     ((cache), ipset_nonterminal_value((node_id))))
+
+/**
+ * Create a new node cache.
+ */
+struct ipset_node_cache *
+ipset_node_cache_new(void);
+
+/**
+ * Free a node cache.
+ */
+void
+ipset_node_cache_free(struct ipset_node_cache *cache);
+
+/**
+ * Create a new nonterminal node with the given contents, returning
+ * its ID.  This function ensures that there is only one node with the
+ * given contents in this cache.
+ *
+ * Steals references to low and high.
+ */
+ipset_node_id
+ipset_node_cache_nonterminal(struct ipset_node_cache *cache,
+                             ipset_variable variable,
+                             ipset_node_id low, ipset_node_id high);
+
+
+/**
+ * Increment the reference count of a nonterminal node.  (This is a
+ * no-op for terminal nodes.)
+ */
+ipset_node_id
+ipset_node_incref(struct ipset_node_cache *cache, ipset_node_id node);
+
+/**
+ * Decrement the reference count of a nonterminal node.  If the
+ * reference count reaches 0, the storage for the node will be
+ * reclaimed.  (This is a no-op for terminal nodes.)
+ */
+void
+ipset_node_decref(struct ipset_node_cache *cache, ipset_node_id node);
+
+
+/**
+ * Return the number of nodes that are reachable from the given node.
+ * This does not include duplicates if a node is reachable via more
+ * than one path.
+ */
+size_t
+ipset_node_reachable_count(const struct ipset_node_cache *cache,
+                           ipset_node_id node);
+
+
+/**
+ * Return the amount of memory used by the nodes in the given BDD.
+ */
+size_t
+ipset_node_memory_size(const struct ipset_node_cache *cache,
+                       ipset_node_id node);
+
+
+/**
+ * Load a BDD from an input stream.  The error field is filled in with
+ * an error condition is the BDD can't be read for any reason.
+ */
+ipset_node_id
+ipset_node_cache_load(FILE *stream, struct ipset_node_cache *cache);
+
+
+/**
+ * Save a BDD to an output stream.  This encodes the set using only
+ * those nodes that are reachable from the BDD's root node.
+ */
+int
+ipset_node_cache_save(struct cork_stream_consumer *stream,
+                      struct ipset_node_cache *cache, ipset_node_id node);
+
+
+/**
+ * Compare two BDD nodes, possibly from different caches, for equality.
+ */
+bool
+ipset_node_cache_nodes_equal(const struct ipset_node_cache *cache1,
+                             ipset_node_id node1,
+                             const struct ipset_node_cache *cache2,
+                             ipset_node_id node2);
+
+
+/**
+ * Save a GraphViz dot graph for a BDD.  The graph script is written
+ * to the given output stream.  This graph only includes those nodes
+ * that are reachable from the BDD's root node.
+ */
+int
+ipset_node_cache_save_dot(struct cork_stream_consumer *stream,
+                          struct ipset_node_cache *cache, ipset_node_id node);
+
+
+/*-----------------------------------------------------------------------
+ * BDD operators
+ */
+
+/**
+ * A function that provides the value for each variable in a BDD.
+ */
+typedef bool
+(*ipset_assignment_func)(const void *user_data,
+                         ipset_variable variable);
+
+/**
+ * An assignment function that gets the variable values from an array
+ * of gbooleans.
+ */
+bool
+ipset_bool_array_assignment(const void *user_data,
+                            ipset_variable variable);
+
+/**
+ * An assignment function that gets the variable values from an array
+ * of bits.
+ */
+bool
+ipset_bit_array_assignment(const void *user_data,
+                           ipset_variable variable);
+
+/**
+ * Evaluate a BDD given a particular assignment of variables.
+ */
+ipset_value
+ipset_node_evaluate(const struct ipset_node_cache *cache, ipset_node_id node,
+                    ipset_assignment_func assignment,
+                    const void *user_data);
+
+/**
+ * Add an assignment to the BDD.
+ */
+ipset_node_id
+ipset_node_insert(struct ipset_node_cache *cache, ipset_node_id node,
+                  ipset_assignment_func assignment,
+                  const void *user_data, ipset_variable variable_count,
+                  ipset_value value);
+
+
+/*-----------------------------------------------------------------------
+ * Variable assignments
+ */
+
+/**
+ * Each variable in the input to a Boolean function can be true or
+ * false; it can also be EITHER, which means that the variable can be
+ * either true or false in a particular assignment without affecting
+ * the result of the function.
+ */
+enum ipset_tribool {
+    IPSET_FALSE = 0,
+    IPSET_TRUE = 1,
+    IPSET_EITHER = 2
+};
+
+
+/**
+ * An assignment is a mapping of variable numbers to Boolean values.
+ * It represents an input to a Boolean function that maps to a
+ * particular output value.  Each variable in the input to a Boolean
+ * function can be true or false; it can also be EITHER, which means
+ * that the variable can be either true or false in a particular
+ * assignment without affecting the result of the function.
+ */
+
+struct ipset_assignment {
+    /**
+     * The underlying variable assignments are stored in a vector of
+     * tribools.  Every variable that has a true or false value must
+     * appear in the vector.  Variables that are EITHER only have to
+     * appear to prevent gaps in the vector.  Any variables outside
+     * the range of the vector are assumed to be EITHER.
+     */
+    cork_array(enum ipset_tribool)  values;
+};
+
+
+/**
+ * Create a new assignment where all variables are indeterminite.
+ */
+struct ipset_assignment *
+ipset_assignment_new();
+
+
+/**
+ * Free an assignment.
+ */
+void
+ipset_assignment_free(struct ipset_assignment *assignment);
+
+
+/**
+ * Compare two assignments for equality.
+ */
+bool
+ipset_assignment_equal(const struct ipset_assignment *assignment1,
+                       const struct ipset_assignment *assignment2);
+
+
+/**
+ * Set the given variable, and all higher variables, to the EITHER
+ * value.
+ */
+void
+ipset_assignment_cut(struct ipset_assignment *assignment, ipset_variable var);
+
+
+/**
+ * Clear the assignment, setting all variables to the EITHER value.
+ */
+void
+ipset_assignment_clear(struct ipset_assignment *assignment);
+
+
+/**
+ * Return the value assigned to a particular variable.
+ */
+enum ipset_tribool
+ipset_assignment_get(struct ipset_assignment *assignment, ipset_variable var);
+
+
+/**
+ * Set the value assigned to a particular variable.
+ */
+void
+ipset_assignment_set(struct ipset_assignment *assignment,
+                     ipset_variable var, enum ipset_tribool value);
+
+
+/*-----------------------------------------------------------------------
+ * Expanded assignments
+ */
+
+/**
+ * An iterator for expanding a variable assignment.  For each EITHER
+ * variable in the assignment, the iterator yields a result with both
+ * values.
+ */
+struct ipset_expanded_assignment {
+    /** Whether there are any more assignments in this iterator. */
+    bool finished;
+
+    /**
+     * The variable values in the current expanded assignment.  Since
+     * there won't be any EITHERs in the expanded assignment, we can
+     * use a byte array, and represent each variable by a single bit.
+     */
+    struct cork_buffer  values;
+
+    /**
+     * An array containing all of the variables that are EITHER in the
+     * original assignment.
+     */
+    cork_array(ipset_variable)  eithers;
+};
+
+
+/**
+ * Return an iterator that expands a variable assignment.  For each
+ * variable that's EITHER in the assignment, the iterator yields a
+ * result with both values.  The iterator will ensure that the
+ * specified number of variables are given concrete values.
+ */
+struct ipset_expanded_assignment *
+ipset_assignment_expand(const struct ipset_assignment *assignment,
+                        ipset_variable var_count);
+
+
+/**
+ * Free an expanded assignment iterator.
+ */
+void
+ipset_expanded_assignment_free(struct ipset_expanded_assignment *exp);
+
+
+/**
+ * Advance the iterator to the next assignment.
+ */
+void
+ipset_expanded_assignment_advance(struct ipset_expanded_assignment *exp);
+
+
+/*-----------------------------------------------------------------------
+ * BDD iterators
+ */
+
+/**
+ * An iterator for walking through the assignments for a given BDD
+ * node.
+ *
+ * The iterator walks through each path in the BDD tree, stopping at
+ * each terminal node.  Each time we reach a terminal node, we yield a
+ * new ipset_assignment object representing the assignment of variables
+ * along the current path.
+ *
+ * We maintain a stack of nodes leading to the current terminal, which
+ * allows us to backtrack up the path to find the next terminal when
+ * we increment the iterator.
+ */
+struct ipset_bdd_iterator {
+    /** Whether there are any more assignments in this iterator. */
+    bool finished;
+
+    /** The node cache that we're iterating through. */
+    struct ipset_node_cache  *cache;
+
+    /**
+     * The sequence of nonterminal nodes leading to the current
+     * terminal.
+     */
+    cork_array(ipset_node_id)  stack;
+
+    /** The current assignment. */
+    struct ipset_assignment  *assignment;
+
+    /**
+     * The value of the BDD's function when applied to the current
+     * assignment.
+     */
+    ipset_value  value;
+};
+
+
+/**
+ * Return an iterator that yields all of the assignments in the given
+ * BDD.  The iterator contains two items of interest.  The first is an
+ * ipset_assignment providing the value that each variable takes, while
+ * the second is the terminal value that is the result of the BDD's
+ * function when applied to that variable assignment.
+ */
+struct ipset_bdd_iterator *
+ipset_node_iterate(struct ipset_node_cache *cache, ipset_node_id root);
+
+
+/**
+ * Free a BDD iterator.
+ */
+void
+ipset_bdd_iterator_free(struct ipset_bdd_iterator *iterator);
+
+
+/**
+ * Advance the iterator to the next assignment.
+ */
+void
+ipset_bdd_iterator_advance(struct ipset_bdd_iterator *iterator);
+
+
+#endif  /* IPSET_BDD_NODES_H */
diff --git a/client/3rd/ShadowSocks/ShadowSocks/shadowsocks-libev/libipset/include/ipset/bits.h b/client/3rd/ShadowSocks/ShadowSocks/shadowsocks-libev/libipset/include/ipset/bits.h
new file mode 100644
index 00000000..a534605a
--- /dev/null
+++ b/client/3rd/ShadowSocks/ShadowSocks/shadowsocks-libev/libipset/include/ipset/bits.h
@@ -0,0 +1,58 @@
+/* -*- coding: utf-8 -*-
+ * ----------------------------------------------------------------------
+ * Copyright © 2012, RedJack, LLC.
+ * All rights reserved.
+ *
+ * Please see the LICENSE.txt file in this distribution for license
+ * details.
+ * ----------------------------------------------------------------------
+ */
+
+#ifndef IPSET_BITS_H
+#define IPSET_BITS_H
+
+#include <libcork/core.h>
+
+/*-----------------------------------------------------------------------
+ * Bit arrays
+ */
+
+/**
+ * Extract the byte that contains a particular bit in an array.
+ */
+#define IPSET_BIT_GET_BYTE(array, i)            \
+    (((uint8_t *) (array))[(i) / 8])
+
+/**
+ * Create a bit mask that extracts a particular bit from the byte that
+ * it lives in.
+ */
+#define IPSET_BIT_ON_MASK(i)                    \
+    (0x80 >> ((i) % 8))
+
+/**
+ * Create a bit mask that extracts everything except for a particular
+ * bit from the byte that it lives in.
+ */
+#define IPSET_BIT_NEG_MASK(i)                   \
+    (~IPSET_BIT_ON_MASK(i))
+
+/**
+ * Return whether a particular bit is set in a byte array.  Bits are
+ * numbered from 0, in a big-endian order.
+ */
+#define IPSET_BIT_GET(array, i)                 \
+    ((IPSET_BIT_GET_BYTE(array, i) &            \
+      IPSET_BIT_ON_MASK(i)) != 0)
+
+/**
+ * Set (or unset) a particular bit is set in a byte array.  Bits are
+ * numbered from 0, in a big-endian order.
+ */
+#define IPSET_BIT_SET(array, i, val)                           \
+    (IPSET_BIT_GET_BYTE(array, i) =                            \
+     (IPSET_BIT_GET_BYTE(array, i) & IPSET_BIT_NEG_MASK(i))    \
+     | ((val)? IPSET_BIT_ON_MASK(i): 0))
+
+
+#endif  /* IPSET_BITS_H */
diff --git a/client/3rd/ShadowSocks/ShadowSocks/shadowsocks-libev/libipset/include/ipset/errors.h b/client/3rd/ShadowSocks/ShadowSocks/shadowsocks-libev/libipset/include/ipset/errors.h
new file mode 100644
index 00000000..ed178b43
--- /dev/null
+++ b/client/3rd/ShadowSocks/ShadowSocks/shadowsocks-libev/libipset/include/ipset/errors.h
@@ -0,0 +1,31 @@
+/* -*- coding: utf-8 -*-
+ * ----------------------------------------------------------------------
+ * Copyright © 2012, RedJack, LLC.
+ * All rights reserved.
+ *
+ * Please see the LICENSE.txt file in this distribution for license
+ * details.
+ * ----------------------------------------------------------------------
+ */
+
+#ifndef IPSET_ERRORS_H
+#define IPSET_ERRORS_H
+
+
+#include <libcork/core.h>
+
+
+/*-----------------------------------------------------------------------
+ * Error reporting
+ */
+
+/* Hash of "ipset.h" */
+#define IPSET_ERROR  0xf2000181
+
+enum ipset_error {
+    IPSET_IO_ERROR,
+    IPSET_PARSE_ERROR
+};
+
+
+#endif  /* IPSET_ERRORS_H */
diff --git a/client/3rd/ShadowSocks/ShadowSocks/shadowsocks-libev/libipset/include/ipset/ipset.h b/client/3rd/ShadowSocks/ShadowSocks/shadowsocks-libev/libipset/include/ipset/ipset.h
new file mode 100644
index 00000000..cbb435fa
--- /dev/null
+++ b/client/3rd/ShadowSocks/ShadowSocks/shadowsocks-libev/libipset/include/ipset/ipset.h
@@ -0,0 +1,265 @@
+/* -*- coding: utf-8 -*-
+ * ----------------------------------------------------------------------
+ * Copyright © 2009-2012, RedJack, LLC.
+ * All rights reserved.
+ *
+ * Please see the LICENSE.txt file in this distribution for license
+ * details.
+ * ----------------------------------------------------------------------
+ */
+
+#ifndef IPSET_IPSET_H
+#define IPSET_IPSET_H
+
+#include <stdio.h>
+
+#include <libcork/core.h>
+#include <libcork/ds.h>
+
+#include <ipset/bdd/nodes.h>
+
+
+struct ip_set {
+    struct ipset_node_cache  *cache;
+    ipset_node_id  set_bdd;
+};
+
+
+struct ip_map {
+    struct ipset_node_cache  *cache;
+    ipset_node_id  map_bdd;
+    ipset_node_id  default_bdd;
+};
+
+
+/*---------------------------------------------------------------------
+ * General functions
+ */
+
+int
+ipset_init_library(void);
+
+
+/*---------------------------------------------------------------------
+ * IP set functions
+ */
+
+void
+ipset_init(struct ip_set *set);
+
+void
+ipset_done(struct ip_set *set);
+
+struct ip_set *
+ipset_new(void);
+
+void
+ipset_free(struct ip_set *set);
+
+bool
+ipset_is_empty(const struct ip_set *set);
+
+bool
+ipset_is_equal(const struct ip_set *set1, const struct ip_set *set2);
+
+size_t
+ipset_memory_size(const struct ip_set *set);
+
+int
+ipset_save(FILE *stream, const struct ip_set *set);
+
+int
+ipset_save_to_stream(struct cork_stream_consumer *stream,
+                     const struct ip_set *set);
+
+int
+ipset_save_dot(FILE *stream, const struct ip_set *set);
+
+struct ip_set *
+ipset_load(FILE *stream);
+
+bool
+ipset_ipv4_add(struct ip_set *set, struct cork_ipv4 *elem);
+
+bool
+ipset_ipv4_add_network(struct ip_set *set, struct cork_ipv4 *elem,
+                       unsigned int cidr_prefix);
+
+bool
+ipset_ipv4_remove(struct ip_set *set, struct cork_ipv4 *elem);
+
+bool
+ipset_ipv4_remove_network(struct ip_set *set, struct cork_ipv4 *elem,
+                          unsigned int cidr_prefix);
+
+bool
+ipset_contains_ipv4(const struct ip_set *set, struct cork_ipv4 *elem);
+
+bool
+ipset_ipv6_add(struct ip_set *set, struct cork_ipv6 *elem);
+
+bool
+ipset_ipv6_add_network(struct ip_set *set, struct cork_ipv6 *elem,
+                       unsigned int cidr_prefix);
+
+bool
+ipset_ipv6_remove(struct ip_set *set, struct cork_ipv6 *elem);
+
+bool
+ipset_ipv6_remove_network(struct ip_set *set, struct cork_ipv6 *elem,
+                          unsigned int cidr_prefix);
+
+bool
+ipset_contains_ipv6(const struct ip_set *set, struct cork_ipv6 *elem);
+
+bool
+ipset_ip_add(struct ip_set *set, struct cork_ip *addr);
+
+bool
+ipset_ip_add_network(struct ip_set *set, struct cork_ip *addr,
+                     unsigned int cidr_prefix);
+
+bool
+ipset_ip_remove(struct ip_set *set, struct cork_ip *addr);
+
+bool
+ipset_ip_remove_network(struct ip_set *set, struct cork_ip *addr,
+                        unsigned int cidr_prefix);
+
+bool
+ipset_contains_ip(const struct ip_set *set, struct cork_ip *elem);
+
+
+/* An internal state type used by the ipset_iterator_multiple_expansion_state
+ * field. */
+enum ipset_iterator_state {
+    IPSET_ITERATOR_NORMAL = 0,
+    IPSET_ITERATOR_MULTIPLE_IPV4,
+    IPSET_ITERATOR_MULTIPLE_IPV6
+};
+
+
+/* An iterator that returns all of the IP addresses that have a given value in
+ * an IP set or map. */
+struct ipset_iterator {
+    /* The address of the current IP network in the iterator. */
+    struct cork_ip  addr;
+
+    /* The netmask of the current IP network in the iterator, given as a
+     * CIDR prefix.  For a single IP address, this will be 32 or 128. */
+    unsigned int  cidr_prefix;
+
+    /* Whether the current assignment needs to be expanded a second
+     * time.
+     *
+     * We have to expand IPv4 and IPv6 assignments separately, since the
+     * set of variables to turn into address bits is different.
+     * Unfortunately, a BDD assignment can contain both IPv4 and IPv6
+     * addresses, if variable 0 is EITHER.  (This is trivially true for
+     * the empty set, for instance.)  In this case, we have to
+     * explicitly set variable 0 to TRUE, expand it as IPv4, and then
+     * set it to FALSE, and expand it as IPv6.  This variable tells us
+     * whether we're in an assignment that needs to be expanded twice,
+     * and if so, which expansion we're currently in.
+     */
+    enum ipset_iterator_state  multiple_expansion_state;
+
+    /* An iterator for retrieving each assignment in the set's BDD. */
+    struct ipset_bdd_iterator  *bdd_iterator;
+
+    /* An iterator for expanding each assignment into individual IP
+     * addresses. */
+    struct ipset_expanded_assignment  *assignment_iterator;
+
+    /* Whether there are any more IP addresses in this iterator. */
+    bool  finished;
+
+    /* The desired value for each IP address. */
+    bool  desired_value;
+
+    /* Whether to summarize the contents of the IP set as networks,
+     * where possible. */
+    bool  summarize;
+};
+
+
+struct ipset_iterator *
+ipset_iterate(struct ip_set *set, bool desired_value);
+
+struct ipset_iterator *
+ipset_iterate_networks(struct ip_set *set, bool desired_value);
+
+void
+ipset_iterator_free(struct ipset_iterator *iterator);
+
+void
+ipset_iterator_advance(struct ipset_iterator *iterator);
+
+
+/*---------------------------------------------------------------------
+ * IP map functions
+ */
+
+void
+ipmap_init(struct ip_map *map, int default_value);
+
+void
+ipmap_done(struct ip_map *map);
+
+struct ip_map *
+ipmap_new(int default_value);
+
+void
+ipmap_free(struct ip_map *map);
+
+bool
+ipmap_is_empty(const struct ip_map *map);
+
+bool
+ipmap_is_equal(const struct ip_map *map1, const struct ip_map *map2);
+
+size_t
+ipmap_memory_size(const struct ip_map *map);
+
+int
+ipmap_save(FILE *stream, const struct ip_map *map);
+
+int
+ipmap_save_to_stream(struct cork_stream_consumer *stream,
+                     const struct ip_map *map);
+
+struct ip_map *
+ipmap_load(FILE *stream);
+
+void
+ipmap_ipv4_set(struct ip_map *map, struct cork_ipv4 *elem, int value);
+
+void
+ipmap_ipv4_set_network(struct ip_map *map, struct cork_ipv4 *elem,
+                       unsigned int cidr_prefix, int value);
+
+int
+ipmap_ipv4_get(struct ip_map *map, struct cork_ipv4 *elem);
+
+void
+ipmap_ipv6_set(struct ip_map *map, struct cork_ipv6 *elem, int value);
+
+void
+ipmap_ipv6_set_network(struct ip_map *map, struct cork_ipv6 *elem,
+                       unsigned int cidr_prefix, int value);
+
+int
+ipmap_ipv6_get(struct ip_map *map, struct cork_ipv6 *elem);
+
+void
+ipmap_ip_set(struct ip_map *map, struct cork_ip *addr, int value);
+
+void
+ipmap_ip_set_network(struct ip_map *map, struct cork_ip *addr,
+                     unsigned int cidr_prefix, int value);
+
+int
+ipmap_ip_get(struct ip_map *map, struct cork_ip *addr);
+
+
+#endif  /* IPSET_IPSET_H */
diff --git a/client/3rd/ShadowSocks/ShadowSocks/shadowsocks-libev/libipset/include/ipset/logging.h b/client/3rd/ShadowSocks/ShadowSocks/shadowsocks-libev/libipset/include/ipset/logging.h
new file mode 100644
index 00000000..c4fb0d6e
--- /dev/null
+++ b/client/3rd/ShadowSocks/ShadowSocks/shadowsocks-libev/libipset/include/ipset/logging.h
@@ -0,0 +1,31 @@
+/* -*- coding: utf-8 -*-
+ * ----------------------------------------------------------------------
+ * Copyright © 2010-2012, RedJack, LLC.
+ * All rights reserved.
+ *
+ * Please see the LICENSE.txt file in this distribution for license
+ * details.
+ * ----------------------------------------------------------------------
+ */
+
+#ifndef IPSET_LOGGING_H
+#define IPSET_LOGGING_H
+
+
+#if !defined(IPSET_DEBUG)
+#define IPSET_DEBUG 0
+#endif
+
+#if IPSET_DEBUG
+#include <stdio.h>
+#define DEBUG(...) \
+    do { \
+        fprintf(stderr, __VA_ARGS__); \
+        fprintf(stderr, "\n"); \
+    } while (0)
+#else
+#define DEBUG(...) /* no debug messages */
+#endif
+
+
+#endif  /* IPSET_LOGGING_H */
diff --git a/client/3rd/ShadowSocks/ShadowSocks/shadowsocks-libev/libipset/python/.gitignore b/client/3rd/ShadowSocks/ShadowSocks/shadowsocks-libev/libipset/python/.gitignore
new file mode 100644
index 00000000..b48b7ae9
--- /dev/null
+++ b/client/3rd/ShadowSocks/ShadowSocks/shadowsocks-libev/libipset/python/.gitignore
@@ -0,0 +1,4 @@
+build
+dist
+*.py[co]
+RELEASE-VERSION
diff --git a/client/3rd/ShadowSocks/ShadowSocks/shadowsocks-libev/libipset/python/MANIFEST.in b/client/3rd/ShadowSocks/ShadowSocks/shadowsocks-libev/libipset/python/MANIFEST.in
new file mode 100644
index 00000000..466cd002
--- /dev/null
+++ b/client/3rd/ShadowSocks/ShadowSocks/shadowsocks-libev/libipset/python/MANIFEST.in
@@ -0,0 +1 @@
+include RELEASE-VERSION
diff --git a/client/3rd/ShadowSocks/ShadowSocks/shadowsocks-libev/libipset/python/setup.cfg b/client/3rd/ShadowSocks/ShadowSocks/shadowsocks-libev/libipset/python/setup.cfg
new file mode 100644
index 00000000..011c98e9
--- /dev/null
+++ b/client/3rd/ShadowSocks/ShadowSocks/shadowsocks-libev/libipset/python/setup.cfg
@@ -0,0 +1,2 @@
+[egg_info]
+tag_date = false
diff --git a/client/3rd/ShadowSocks/ShadowSocks/shadowsocks-libev/libipset/python/setup.py b/client/3rd/ShadowSocks/ShadowSocks/shadowsocks-libev/libipset/python/setup.py
new file mode 100755
index 00000000..a4854914
--- /dev/null
+++ b/client/3rd/ShadowSocks/ShadowSocks/shadowsocks-libev/libipset/python/setup.py
@@ -0,0 +1,23 @@
+#!/usr/bin/env python
+
+from setuptools import setup, find_packages
+
+from version import get_git_version
+
+try:
+    import setuptools_git
+except ImportError:
+    print "WARNING!"
+    print "We need the setuptools-git package to be installed for"
+    print "some of the setup.py targets to work correctly."
+
+PACKAGE = 'python-ipset'
+VERSION = get_git_version()
+
+setup(
+    name = PACKAGE,
+    version = VERSION,
+    package_dir = {'': 'src'},
+    packages = find_packages('src', exclude=['ipset.tests', 'ipset.tests.*']),
+    test_suite = "ipset.tests",
+)
diff --git a/client/3rd/ShadowSocks/ShadowSocks/shadowsocks-libev/libipset/python/src/.gitignore b/client/3rd/ShadowSocks/ShadowSocks/shadowsocks-libev/libipset/python/src/.gitignore
new file mode 100644
index 00000000..11041c78
--- /dev/null
+++ b/client/3rd/ShadowSocks/ShadowSocks/shadowsocks-libev/libipset/python/src/.gitignore
@@ -0,0 +1 @@
+*.egg-info
diff --git a/client/3rd/ShadowSocks/ShadowSocks/shadowsocks-libev/libipset/python/src/ipset/__init__.py b/client/3rd/ShadowSocks/ShadowSocks/shadowsocks-libev/libipset/python/src/ipset/__init__.py
new file mode 100644
index 00000000..db761618
--- /dev/null
+++ b/client/3rd/ShadowSocks/ShadowSocks/shadowsocks-libev/libipset/python/src/ipset/__init__.py
@@ -0,0 +1,320 @@
+# -*- coding: utf-8 -*-
+# ----------------------------------------------------------------------
+# Copyright © 2010, RedJack, LLC.
+# All rights reserved.
+#
+# Please see the LICENSE.txt file in this distribution for license
+# details.
+# ----------------------------------------------------------------------
+
+"""
+Defines an object-oriented interface for the IP set and map functions
+in the ipset library.
+"""
+
+__all__ = (
+    "IPMap",
+    "IPSet",
+)
+
+
+from ipset.c import *
+
+
+class IPSet(object):
+    def __init__(self, set_ptr=None):
+        """
+        Create a new, empty IP set.
+        """
+
+        if set_ptr is None:
+            self.set = ipset.ipset_new()
+        else:
+            self.set = set_ptr
+
+
+    def __del__(self):
+        """
+        Free the memory uses by an IP set.
+        """
+
+        ipset.ipset_free(self.set)
+
+
+    def __eq__(self, other):
+        """
+        Return whether two IP sets contain exactly the same addresses.
+        """
+
+        if not isinstance(other, IPSet):
+            return False
+
+        return ipset.ipset_is_equal(self.set, other.set)
+
+
+    def __nonzero__(self):
+        """
+        Return whether an IP set contains any elements.
+        """
+
+        return not ipset.ipset_is_empty(self.set)
+
+
+    def is_empty(self):
+        """
+        Return whether an IP set is empty.
+        """
+
+        return ipset.ipset_is_empty(self.set)
+
+
+    def memory_size(self):
+        """
+        Return the amount of memory that this IP set consumes.
+        """
+
+        return ipset.ipset_memory_size(self.set)
+
+
+    def add(self, addr):
+        """
+        Add the given IP address to the set.  The address must be
+        given as a str or buffer that is exactly 4 or 16 bytes long.
+        If it's 4 bytes, it's interpreted as an IPv4 address; if it's
+        16 bytes, it's interpreted as an IPv6 address.
+
+        We return a bool indicating whether the address was already in
+        the set.
+        """
+
+        if len(addr) == 4:
+            return ipset.ipset_ipv4_add(self.set, addr)
+
+        elif len(addr) == 16:
+            return ipset.ipset_ipv6_add(self.set, addr)
+
+        else:
+            raise ValueError("Invalid address")
+
+
+    def add_network(self, addr, netmask):
+        """
+        Add the given IP CIDR network block to the set.  The address
+        must be given as a str or buffer that is exactly 4 or 16 bytes
+        long.  If it's 4 bytes, it's interpreted as an IPv4 address;
+        if it's 16 bytes, it's interpreted as an IPv6 address.  The
+        netmask should be an integer between 1 and 32 (inclusive) for
+        IPv4, or between 1 and 128 (inclusive) for IPv6.
+
+        We return a bool indicating whether the address was already in
+        the set.
+        """
+
+        if len(addr) == 4:
+            return ipset.ipset_ipv4_add_network(self.set, addr, netmask)
+
+        elif len(addr) == 16:
+            return ipset.ipset_ipv6_add_network(self.set, addr, netmask)
+
+        else:
+            raise ValueError("Invalid address")
+
+
+    @classmethod
+    def from_file(cls, filename):
+        """
+        Load an IP set from a file.
+        """
+
+        f = libc.fopen(filename, "r")
+        if f == 0:
+            raise IOError("No such file")
+
+        try:
+            set_ptr = ipset.ipset_load(f)
+            if set_ptr == 0:
+                raise IOError("Could not read IP set")
+
+            return cls(set_ptr)
+
+        finally:
+            libc.fclose(f)
+
+
+    def save(self, filename):
+        """
+        Save an IP set to a file.
+        """
+
+        f = libc.fopen(filename, "w")
+        if f == 0:
+            raise IOError("Cannot open file for writing")
+
+        try:
+            if not ipset.ipset_save(self.set, f):
+                raise IOError("Could not write IP set")
+
+        finally:
+            libc.fclose(f)
+
+
+
+class IPMap(object):
+    def __init__(self, default_value, map_ptr=None):
+        """
+        Create a new, empty IP map.
+        """
+
+        if map_ptr is None:
+            self.map = ipset.ipmap_new(default_value)
+        else:
+            self.map = map_ptr
+
+
+    def __del__(self):
+        """
+        Free the memory uses by an IP map.
+        """
+
+        ipset.ipmap_free(self.map)
+
+
+    def __eq__(self, other):
+        """
+        Return whether two IP maps contain exactly the same addresses,
+        mapped to the same values.
+        """
+
+        if not isinstance(other, IPMap):
+            return False
+
+        return ipset.ipmap_is_equal(self.map, other.map)
+
+
+    def __nonzero__(self):
+        """
+        Return whether an IP map contains any elements.
+        """
+
+        return not ipset.ipmap_is_empty(self.map)
+
+
+    def is_empty(self):
+        """
+        Return whether an IP map is empty.
+        """
+
+        return ipset.ipmap_is_empty(self.map)
+
+
+    def memory_size(self):
+        """
+        Return the amount of memory that this IP map consumes.
+        """
+
+        return ipset.ipmap_memory_size(self.map)
+
+
+    def get(self, addr):
+        """
+        Return the value that an IP address is mapped to in this map.
+        If the address (or a network it belongs to) hasn't been
+        explicitly added to the map, the default value is returned.
+        The address must be given as a str or buffer that is exactly 4
+        or 16 bytes long.  If it's 4 bytes, it's interpreted as an
+        IPv4 address; if it's 16 bytes, it's interpreted as an IPv6
+        address.
+        """
+
+        if len(addr) == 4:
+            return ipset.ipmap_ipv4_get(self.map, addr)
+
+        elif len(addr) == 16:
+            return ipset.ipmap_ipv6_get(self.map, addr)
+
+        else:
+            raise ValueError("Invalid address")
+
+    __getitem__ = get
+
+
+    def set(self, addr, value):
+        """
+        Add the given IP address to the map.  The address must be
+        given as a str or buffer that is exactly 4 or 16 bytes long.
+        If it's 4 bytes, it's interpreted as an IPv4 address; if it's
+        16 bytes, it's interpreted as an IPv6 address.
+        """
+
+        if len(addr) == 4:
+            ipset.ipmap_ipv4_set(self.map, addr, value)
+            return
+
+        elif len(addr) == 16:
+            ipset.ipmap_ipv6_set(self.map, addr, value)
+            return
+
+        else:
+            raise ValueError("Invalid address")
+
+    __setitem__ = set
+
+
+    def set_network(self, addr, netmask, value):
+        """
+        Add the given IP address to the map.  The address must be
+        given as a str or buffer that is exactly 4 or 16 bytes long.
+        If it's 4 bytes, it's interpreted as an IPv4 address; if it's
+        16 bytes, it's interpreted as an IPv6 address.  The netmask
+        should be an integer between 1 and 32 (inclusive) for IPv4, or
+        between 1 and 128 (inclusive) for IPv6.
+        """
+
+        if len(addr) == 4:
+            ipset.ipmap_ipv4_set_network(self.map, addr, netmask, value)
+            return
+
+        elif len(addr) == 16:
+            ipset.ipmap_ipv6_set_network(self.map, addr, netmask, value)
+            return
+
+        else:
+            raise ValueError("Invalid address")
+
+
+    @classmethod
+    def from_file(cls, filename):
+        """
+        Load an IP map from a file.
+        """
+
+        f = libc.fopen(filename, "r")
+        if f == 0:
+            raise IOError("No such file")
+
+        try:
+            map_ptr = ipset.ipmap_load(f)
+            if map_ptr == 0:
+                raise IOError("Could not read IP map")
+
+            return cls(None, map_ptr)
+
+        finally:
+            libc.fclose(f)
+
+
+    def save(self, filename):
+        """
+        Save an IP map to a file.
+        """
+
+        f = libc.fopen(filename, "w")
+        if f == 0:
+            raise IOError("Cannot open file for writing")
+
+        try:
+            if not ipset.ipmap_save(self.map, f):
+                raise IOError("Could not write IP map")
+
+        finally:
+            libc.fclose(f)
diff --git a/client/3rd/ShadowSocks/ShadowSocks/shadowsocks-libev/libipset/python/src/ipset/c.py b/client/3rd/ShadowSocks/ShadowSocks/shadowsocks-libev/libipset/python/src/ipset/c.py
new file mode 100644
index 00000000..a230de27
--- /dev/null
+++ b/client/3rd/ShadowSocks/ShadowSocks/shadowsocks-libev/libipset/python/src/ipset/c.py
@@ -0,0 +1,111 @@
+# -*- coding: utf-8 -*-
+# ----------------------------------------------------------------------
+# Copyright © 2010, RedJack, LLC.
+# All rights reserved.
+#
+# Please see the LICENSE.txt file in this distribution for license
+# details.
+# ----------------------------------------------------------------------
+
+"""
+Contains a ctypes interface to the underlying ipset C library.
+
+Python code probably wants to use the object-oriented interface in the
+ipset package, instead.
+"""
+
+__all__ = (
+    "ipset",
+    "libc",
+)
+
+from ctypes import *
+import ctypes.util
+
+libc = CDLL(ctypes.util.find_library("c"))
+ipset = CDLL(ctypes.util.find_library("ipset"))
+
+# A restype function that converts a 1-byte integer into a Python
+# boolean.
+
+def c_bool(value):
+    return ((value & 0xff) != 0)
+
+
+ipset.ipset_init_library.restype = c_int
+
+# Call ipset_init_library when we load this Python module.
+
+ipset.ipset_init_library()
+
+
+ipset.ipset_init.argtypes = [c_void_p]
+ipset.ipset_done.argtypes = [c_void_p]
+ipset.ipset_new.restype = c_void_p
+ipset.ipset_free.argtypes = [c_void_p]
+
+ipset.ipset_is_empty.argtypes = [c_void_p]
+ipset.ipset_is_empty.restype = c_bool
+ipset.ipset_is_equal.argtypes = [c_void_p, c_void_p]
+ipset.ipset_is_equal.restype = c_bool
+ipset.ipset_is_not_equal.argtypes = [c_void_p, c_void_p]
+ipset.ipset_is_not_equal.restype = c_bool
+ipset.ipset_memory_size.argtypes = [c_void_p]
+ipset.ipset_memory_size.restype = c_long
+
+ipset.ipset_save.argtypes = [c_void_p, c_void_p]
+ipset.ipset_save.restype = c_bool
+ipset.ipset_load.argtypes = [c_void_p]
+ipset.ipset_load.restype = c_void_p
+
+ipset.ipset_ipv4_add.argtypes = [c_void_p, c_void_p]
+ipset.ipset_ipv4_add.restype = c_bool
+ipset.ipset_ipv4_add_network.argtypes = [c_void_p, c_void_p, c_int]
+ipset.ipset_ipv4_add_network.restype = c_bool
+
+ipset.ipset_ipv6_add.argtypes = [c_void_p, c_void_p]
+ipset.ipset_ipv6_add.restype = c_bool
+ipset.ipset_ipv6_add_network.argtypes = [c_void_p, c_void_p, c_int]
+ipset.ipset_ipv6_add_network.restype = c_bool
+
+
+ipset.ipmap_init.argtypes = [c_void_p, c_long]
+ipset.ipmap_init_ptr.argtypes = [c_void_p, c_void_p]
+ipset.ipmap_done.argtypes = [c_void_p]
+ipset.ipmap_new.argtypes = [c_long]
+ipset.ipmap_new.restype = c_void_p
+ipset.ipmap_new.argtypes = [c_void_p]
+ipset.ipmap_new_ptr.restype = c_void_p
+ipset.ipmap_free.argtypes = [c_void_p]
+
+ipset.ipmap_is_empty.argtypes = [c_void_p]
+ipset.ipmap_is_empty.restype = c_bool
+ipset.ipmap_is_equal.argtypes = [c_void_p, c_void_p]
+ipset.ipmap_is_equal.restype = c_bool
+ipset.ipmap_is_not_equal.argtypes = [c_void_p, c_void_p]
+ipset.ipmap_is_not_equal.restype = c_bool
+ipset.ipmap_memory_size.argtypes = [c_void_p]
+ipset.ipmap_memory_size.restype = c_long
+
+ipset.ipmap_save.argtypes = [c_void_p, c_void_p]
+ipset.ipmap_save.restype = c_bool
+ipset.ipmap_load.argtypes = [c_void_p]
+ipset.ipmap_load.restype = c_void_p
+
+ipset.ipmap_ipv4_set.argtypes = [c_void_p, c_void_p, c_long]
+ipset.ipmap_ipv4_set_network.argtypes = [c_void_p, c_void_p, c_int, c_long]
+ipset.ipmap_ipv4_set_ptr.argtypes = [c_void_p, c_void_p, c_void_p]
+ipset.ipmap_ipv4_set_network_ptr.argtypes = [c_void_p, c_void_p, c_int, c_void_p]
+ipset.ipmap_ipv4_get.argtypes = [c_void_p, c_void_p]
+ipset.ipmap_ipv4_get.restype = c_long
+ipset.ipmap_ipv4_get_ptr.argtypes = [c_void_p, c_void_p]
+ipset.ipmap_ipv4_get_ptr.restype = c_void_p
+
+ipset.ipmap_ipv6_set.argtypes = [c_void_p, c_void_p, c_long]
+ipset.ipmap_ipv6_set_network.argtypes = [c_void_p, c_void_p, c_int, c_long]
+ipset.ipmap_ipv6_set_ptr.argtypes = [c_void_p, c_void_p, c_void_p]
+ipset.ipmap_ipv6_set_network_ptr.argtypes = [c_void_p, c_void_p, c_int, c_void_p]
+ipset.ipmap_ipv6_get.argtypes = [c_void_p, c_void_p]
+ipset.ipmap_ipv6_get.restype = c_long
+ipset.ipmap_ipv6_get_ptr.argtypes = [c_void_p, c_void_p]
+ipset.ipmap_ipv6_get_ptr.restype = c_void_p
diff --git a/client/3rd/ShadowSocks/ShadowSocks/shadowsocks-libev/libipset/python/src/ipset/tests/__init__.py b/client/3rd/ShadowSocks/ShadowSocks/shadowsocks-libev/libipset/python/src/ipset/tests/__init__.py
new file mode 100644
index 00000000..7ccecb73
--- /dev/null
+++ b/client/3rd/ShadowSocks/ShadowSocks/shadowsocks-libev/libipset/python/src/ipset/tests/__init__.py
@@ -0,0 +1,27 @@
+# -*- coding: utf-8 -*-
+# ----------------------------------------------------------------------
+# Copyright © 2010, RedJack, LLC.
+# All rights reserved.
+#
+# Please see the LICENSE.txt file in this distribution for license
+# details.
+# ----------------------------------------------------------------------
+
+__all__ = (
+    "PACKAGE_DIR",
+    "test_file",
+)
+
+import os.path
+
+THIS_DIR = os.path.dirname(__file__)
+PACKAGE_DIR_REL = os.path.join(THIS_DIR, "..", "..", "..")
+PACKAGE_DIR = os.path.abspath(PACKAGE_DIR_REL)
+"""The location of the root directory of the source package"""
+
+def test_file(rel_path):
+    """
+    Return the absolute path of the given test file.
+    """
+
+    return os.path.join(PACKAGE_DIR, "tests", rel_path)
diff --git a/client/3rd/ShadowSocks/ShadowSocks/shadowsocks-libev/libipset/python/src/ipset/tests/c.py b/client/3rd/ShadowSocks/ShadowSocks/shadowsocks-libev/libipset/python/src/ipset/tests/c.py
new file mode 100644
index 00000000..402e8186
--- /dev/null
+++ b/client/3rd/ShadowSocks/ShadowSocks/shadowsocks-libev/libipset/python/src/ipset/tests/c.py
@@ -0,0 +1,95 @@
+# -*- coding: utf-8 -*-
+# ----------------------------------------------------------------------
+# Copyright © 2010, RedJack, LLC.
+# All rights reserved.
+#
+# Please see the LICENSE.txt file in this distribution for license
+# details.
+# ----------------------------------------------------------------------
+
+import unittest
+
+from ipset.c import *
+
+
+IPV4_ADDR_1 = \
+    "\xc0\xa8\x01\x64"
+
+IPV6_ADDR_1 = \
+    "\xfe\x80\x00\x00\x00\x00\x00\x00\x02\x1e\xc2\xff\xfe\x9f\xe8\xe1"
+
+
+class TestSet(unittest.TestCase):
+    def test_set_starts_empty(self):
+        s = ipset.ipset_new()
+        self.assert_(ipset.ipset_is_empty(s))
+        ipset.ipset_free(s)
+
+    def test_empty_sets_equal(self):
+        s1 = ipset.ipset_new()
+        s2 = ipset.ipset_new()
+        self.assert_(ipset.ipset_is_equal(s1, s2))
+        ipset.ipset_free(s1)
+        ipset.ipset_free(s2)
+
+    def test_ipv4_insert(self):
+        s = ipset.ipset_new()
+        ipset.ipset_ipv4_add(s, IPV4_ADDR_1)
+        self.assertFalse(ipset.ipset_is_empty(s))
+        ipset.ipset_free(s)
+
+    def test_ipv4_insert_network(self):
+        s = ipset.ipset_new()
+        ipset.ipset_ipv4_add_network(s, IPV4_ADDR_1, 24)
+        self.assertFalse(ipset.ipset_is_empty(s))
+        ipset.ipset_free(s)
+
+    def test_ipv6_insert(self):
+        s = ipset.ipset_new()
+        ipset.ipset_ipv6_add(s, IPV6_ADDR_1)
+        self.assertFalse(ipset.ipset_is_empty(s))
+        ipset.ipset_free(s)
+
+    def test_ipv6_insert_network(self):
+        s = ipset.ipset_new()
+        ipset.ipset_ipv6_add_network(s, IPV6_ADDR_1, 32)
+        self.assertFalse(ipset.ipset_is_empty(s))
+        ipset.ipset_free(s)
+
+
+class TestMap(unittest.TestCase):
+    def test_map_starts_empty(self):
+        s = ipset.ipmap_new(0)
+        self.assert_(ipset.ipmap_is_empty(s))
+        ipset.ipmap_free(s)
+
+    def test_empty_maps_equal(self):
+        s1 = ipset.ipmap_new(0)
+        s2 = ipset.ipmap_new(0)
+        self.assert_(ipset.ipmap_is_equal(s1, s2))
+        ipset.ipmap_free(s1)
+        ipset.ipmap_free(s2)
+
+    def test_ipv4_insert(self):
+        s = ipset.ipmap_new(0)
+        ipset.ipmap_ipv4_set(s, IPV4_ADDR_1, 1)
+        self.assertFalse(ipset.ipmap_is_empty(s))
+        ipset.ipmap_free(s)
+
+    def test_ipv4_insert_network(self):
+        s = ipset.ipmap_new(0)
+        ipset.ipmap_ipv4_set_network(s, IPV4_ADDR_1, 24, 1)
+        self.assertFalse(ipset.ipmap_is_empty(s))
+        ipset.ipmap_free(s)
+
+    def test_ipv6_insert(self):
+        s = ipset.ipmap_new(0)
+        ipset.ipmap_ipv6_set(s, IPV6_ADDR_1, 1)
+        self.assertFalse(ipset.ipmap_is_empty(s))
+        ipset.ipmap_free(s)
+
+    def test_ipv6_insert_network(self):
+        s = ipset.ipmap_new(0)
+        ipset.ipmap_ipv6_set_network(s, IPV6_ADDR_1, 32, 1)
+        self.assertFalse(ipset.ipmap_is_empty(s))
+        ipset.ipmap_free(s)
diff --git a/client/3rd/ShadowSocks/ShadowSocks/shadowsocks-libev/libipset/python/src/ipset/tests/obj.py b/client/3rd/ShadowSocks/ShadowSocks/shadowsocks-libev/libipset/python/src/ipset/tests/obj.py
new file mode 100644
index 00000000..533c1d19
--- /dev/null
+++ b/client/3rd/ShadowSocks/ShadowSocks/shadowsocks-libev/libipset/python/src/ipset/tests/obj.py
@@ -0,0 +1,116 @@
+# -*- coding: utf-8 -*-
+# ----------------------------------------------------------------------
+# Copyright © 2010, RedJack, LLC.
+# All rights reserved.
+#
+# Please see the LICENSE.txt file in this distribution for license
+# details.
+# ----------------------------------------------------------------------
+
+import unittest
+
+from ipset import *
+from ipset.tests import *
+
+
+IPV4_ADDR_1 = \
+    "\xc0\xa8\x01\x64"
+
+IPV6_ADDR_1 = \
+    "\xfe\x80\x00\x00\x00\x00\x00\x00\x02\x1e\xc2\xff\xfe\x9f\xe8\xe1"
+
+
+class TestSet(unittest.TestCase):
+    def test_set_starts_empty(self):
+        s = IPSet()
+        self.assertFalse(s)
+
+    def test_empty_sets_equal(self):
+        s1 = IPSet()
+        s2 = IPSet()
+        self.assertEqual(s1, s2)
+
+    def test_ipv4_insert(self):
+        s = IPSet()
+        s.add(IPV4_ADDR_1)
+        self.assert_(s)
+
+    def test_ipv4_insert_network(self):
+        s = IPSet()
+        s.add_network(IPV4_ADDR_1, 24)
+        self.assert_(s)
+
+    def test_ipv6_insert(self):
+        s = IPSet()
+        s.add(IPV6_ADDR_1)
+        self.assert_(s)
+
+    def test_ipv6_insert_network(self):
+        s = IPSet()
+        s.add_network(IPV6_ADDR_1, 32)
+        self.assert_(s)
+
+    def test_file_empty(self):
+        s1 = IPSet.from_file(test_file("empty.set"))
+        s2 = IPSet()
+        self.assertEqual(s1, s2)
+
+    def test_file_just1_v4(self):
+        s1 = IPSet.from_file(test_file("just1-v4.set"))
+        s2 = IPSet()
+        s2.add(IPV4_ADDR_1)
+        self.assertEqual(s1, s2)
+
+    def test_file_just1_v6(self):
+        s1 = IPSet.from_file(test_file("just1-v6.set"))
+        s2 = IPSet()
+        s2.add(IPV6_ADDR_1)
+        self.assertEqual(s1, s2)
+
+
+class TestMap(unittest.TestCase):
+    def test_map_starts_empty(self):
+        s = IPMap(0)
+        self.assertFalse(s)
+
+    def test_empty_maps_equal(self):
+        s1 = IPMap(0)
+        s2 = IPMap(0)
+        self.assertEqual(s1, s2)
+
+    def test_ipv4_insert(self):
+        s = IPMap(0)
+        s[IPV4_ADDR_1] = 1
+        self.assert_(s)
+
+    def test_ipv4_insert_network(self):
+        s = IPMap(0)
+        s.set_network(IPV4_ADDR_1, 24, 1)
+        self.assert_(s)
+
+    def test_ipv6_insert(self):
+        s = IPMap(0)
+        s[IPV6_ADDR_1] = 1
+        self.assert_(s)
+
+    def test_ipv6_insert_network(self):
+        s = IPMap(0)
+        s.set_network(IPV6_ADDR_1, 32, 1)
+        self.assert_(s)
+
+    def test_file_empty(self):
+        s1 = IPMap.from_file(test_file("empty.map"))
+        s2 = IPMap(0)
+        self.assertEqual(s1, s2)
+
+    def test_file_just1_v4(self):
+        s1 = IPMap.from_file(test_file("just1-v4.map"))
+        s2 = IPMap(0)
+        s2[IPV4_ADDR_1] = 1
+        self.assertEqual(s1, s2)
+
+    def test_file_just1_v6(self):
+        s1 = IPMap.from_file(test_file("just1-v6.map"))
+        s2 = IPMap(0)
+        s2[IPV6_ADDR_1] = 1
+        self.assertEqual(s1, s2)
diff --git a/client/3rd/ShadowSocks/ShadowSocks/shadowsocks-libev/libipset/python/tests/empty.map b/client/3rd/ShadowSocks/ShadowSocks/shadowsocks-libev/libipset/python/tests/empty.map
new file mode 100644
index 00000000..dbad7476
--- /dev/null
+++ b/client/3rd/ShadowSocks/ShadowSocks/shadowsocks-libev/libipset/python/tests/empty.map
@@ -0,0 +1,14 @@
+.ver DDDMP-2.0
+.add
+.mode A
+.varinfo 0
+.nnodes 1
+.nvars 320
+.nsuppvars 0
+.ids
+.permids
+.nroots 2
+.rootids 1 1
+.nodes
+1 T 0 0 0
+.end
diff --git a/client/3rd/ShadowSocks/ShadowSocks/shadowsocks-libev/libipset/python/tests/empty.set b/client/3rd/ShadowSocks/ShadowSocks/shadowsocks-libev/libipset/python/tests/empty.set
new file mode 100644
index 00000000..563787e5
--- /dev/null
+++ b/client/3rd/ShadowSocks/ShadowSocks/shadowsocks-libev/libipset/python/tests/empty.set
@@ -0,0 +1,13 @@
+.ver DDDMP-2.0
+.mode A
+.varinfo 0
+.nnodes 1
+.nvars 320
+.nsuppvars 0
+.ids
+.permids
+.nroots 1
+.rootids -1
+.nodes
+1 T 1 0 0
+.end
diff --git a/client/3rd/ShadowSocks/ShadowSocks/shadowsocks-libev/libipset/python/tests/just1-v4.map b/client/3rd/ShadowSocks/ShadowSocks/shadowsocks-libev/libipset/python/tests/just1-v4.map
new file mode 100644
index 00000000..706e7b2c
--- /dev/null
+++ b/client/3rd/ShadowSocks/ShadowSocks/shadowsocks-libev/libipset/python/tests/just1-v4.map
@@ -0,0 +1,47 @@
+.ver DDDMP-2.0
+.add
+.mode A
+.varinfo 0
+.nnodes 34
+.nvars 320
+.nsuppvars 32
+.ids 0 1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31
+.permids 0 1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31
+.nroots 2
+.rootids 34 1
+.nodes
+1 T 0 0 0
+2 T 1 0 0
+3 31 31 1 2
+4 30 30 1 3
+5 29 29 4 1
+6 28 28 1 5
+7 27 27 1 6
+8 26 26 7 1
+9 25 25 8 1
+10 24 24 1 9
+11 23 23 10 1
+12 22 22 1 11
+13 21 21 1 12
+14 20 20 1 13
+15 19 19 1 14
+16 18 18 1 15
+17 17 17 1 16
+18 16 16 1 17
+19 15 15 1 18
+20 14 14 1 19
+21 13 13 1 20
+22 12 12 21 1
+23 11 11 1 22
+24 10 10 23 1
+25 9 9 1 24
+26 8 8 25 1
+27 7 7 1 26
+28 6 6 1 27
+29 5 5 1 28
+30 4 4 1 29
+31 3 3 1 30
+32 2 2 1 31
+33 1 1 32 1
+34 0 0 33 1
+.end
diff --git a/client/3rd/ShadowSocks/ShadowSocks/shadowsocks-libev/libipset/python/tests/just1-v4.set b/client/3rd/ShadowSocks/ShadowSocks/shadowsocks-libev/libipset/python/tests/just1-v4.set
new file mode 100644
index 00000000..441e0127
--- /dev/null
+++ b/client/3rd/ShadowSocks/ShadowSocks/shadowsocks-libev/libipset/python/tests/just1-v4.set
@@ -0,0 +1,45 @@
+.ver DDDMP-2.0
+.mode A
+.varinfo 0
+.nnodes 33
+.nvars 320
+.nsuppvars 32
+.ids 160 161 162 163 164 165 166 167 168 169 170 171 172 173 174 175 176 177 178 179 180 181 182 183 184 185 186 187 188 189 190 191
+.permids 160 161 162 163 164 165 166 167 168 169 170 171 172 173 174 175 176 177 178 179 180 181 182 183 184 185 186 187 188 189 190 191
+.nroots 1
+.rootids -33
+.nodes
+1 T 1 0 0
+2 191 31 1 -1
+3 190 30 1 2
+4 189 29 3 1
+5 188 28 1 4
+6 187 27 1 5
+7 186 26 6 1
+8 185 25 7 1
+9 184 24 1 8
+10 183 23 9 1
+11 182 22 1 10
+12 181 21 1 11
+13 180 20 1 12
+14 179 19 1 13
+15 178 18 1 14
+16 177 17 1 15
+17 176 16 1 16
+18 175 15 1 17
+19 174 14 1 18
+20 173 13 1 19
+21 172 12 20 1
+22 171 11 1 21
+23 170 10 22 1
+24 169 9 1 23
+25 168 8 24 1
+26 167 7 1 25
+27 166 6 1 26
+28 165 5 1 27
+29 164 4 1 28
+30 163 3 1 29
+31 162 2 1 30
+32 161 1 31 1
+33 160 0 32 1
+.end
diff --git a/client/3rd/ShadowSocks/ShadowSocks/shadowsocks-libev/libipset/python/tests/just1-v6.map b/client/3rd/ShadowSocks/ShadowSocks/shadowsocks-libev/libipset/python/tests/just1-v6.map
new file mode 100644
index 00000000..b069e968
--- /dev/null
+++ b/client/3rd/ShadowSocks/ShadowSocks/shadowsocks-libev/libipset/python/tests/just1-v6.map
@@ -0,0 +1,143 @@
+.ver DDDMP-2.0
+.add
+.mode A
+.varinfo 0
+.nnodes 130
+.nvars 320
+.nsuppvars 128
+.ids 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77 78 79 80 81 82 83 84 85 86 87 88 89 90 91 92 93 94 95 96 97 98 99 100 101 102 103 104 105 106 107 108 109 110 111 112 113 114 115 116 117 118 119 120 121 122 123 124 125 126 127 128 129 130 131 132 133 134 135 136 137 138 139 140 141 142 143 144 145 146 147 148 149 150 151 152 153 154 155 156 157 158 159
+.permids 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77 78 79 80 81 82 83 84 85 86 87 88 89 90 91 92 93 94 95 96 97 98 99 100 101 102 103 104 105 106 107 108 109 110 111 112 113 114 115 116 117 118 119 120 121 122 123 124 125 126 127 128 129 130 131 132 133 134 135 136 137 138 139 140 141 142 143 144 145 146 147 148 149 150 151 152 153 154 155 156 157 158 159
+.nroots 2
+.rootids 130 1
+.nodes
+1 T 0 0 0
+2 T 1 0 0
+3 159 127 2 1
+4 158 126 1 3
+5 157 125 1 4
+6 156 124 1 5
+7 155 123 1 6
+8 154 122 7 1
+9 153 121 8 1
+10 152 120 9 1
+11 151 119 1 10
+12 150 118 1 11
+13 149 117 1 12
+14 148 116 13 1
+15 147 115 1 14
+16 146 114 15 1
+17 145 113 16 1
+18 144 112 17 1
+19 143 111 18 1
+20 142 110 19 1
+21 141 109 20 1
+22 140 108 21 1
+23 139 107 22 1
+24 138 106 1 23
+25 137 105 1 24
+26 136 104 25 1
+27 135 103 1 26
+28 134 102 27 1
+29 133 101 28 1
+30 132 100 29 1
+31 131 99 30 1
+32 130 98 31 1
+33 129 97 32 1
+34 128 96 33 1
+35 127 95 34 1
+36 126 94 35 1
+37 125 93 36 1
+38 124 92 37 1
+39 123 91 38 1
+40 122 90 39 1
+41 121 89 40 1
+42 120 88 41 1
+43 119 87 1 42
+44 118 86 43 1
+45 117 85 1 44
+46 116 84 1 45
+47 115 83 1 46
+48 114 82 1 47
+49 113 81 48 1
+50 112 80 49 1
+51 111 79 1 50
+52 110 78 51 1
+53 109 77 52 1
+54 108 76 53 1
+55 107 75 54 1
+56 106 74 1 55
+57 105 73 1 56
+58 104 72 1 57
+59 103 71 1 58
+60 102 70 59 1
+61 101 69 1 60
+62 100 68 1 61
+63 99 67 1 62
+64 98 66 1 63
+65 97 65 1 64
+66 96 64 1 65
+67 95 63 1 66
+68 94 62 1 67
+69 93 61 1 68
+70 92 60 1 69
+71 91 59 1 70
+72 90 58 1 71
+73 89 57 1 72
+74 88 56 1 73
+75 87 55 1 74
+76 86 54 1 75
+77 85 53 1 76
+78 84 52 1 77
+79 83 51 1 78
+80 82 50 1 79
+81 81 49 1 80
+82 80 48 1 81
+83 79 47 1 82
+84 78 46 1 83
+85 77 45 1 84
+86 76 44 1 85
+87 75 43 1 86
+88 74 42 1 87
+89 73 41 1 88
+90 72 40 1 89
+91 71 39 1 90
+92 70 38 1 91
+93 69 37 1 92
+94 68 36 1 93
+95 67 35 1 94
+96 66 34 1 95
+97 65 33 1 96
+98 64 32 1 97
+99 63 31 1 98
+100 62 30 1 99
+101 61 29 1 100
+102 60 28 1 101
+103 59 27 1 102
+104 58 26 1 103
+105 57 25 1 104
+106 56 24 1 105
+107 55 23 1 106
+108 54 22 1 107
+109 53 21 1 108
+110 52 20 1 109
+111 51 19 1 110
+112 50 18 1 111
+113 49 17 1 112
+114 48 16 1 113
+115 47 15 1 114
+116 46 14 1 115
+117 45 13 1 116
+118 44 12 1 117
+119 43 11 1 118
+120 42 10 1 119
+121 41 9 1 120
+122 40 8 121 1
+123 39 7 1 122
+124 38 6 123 1
+125 37 5 124 1
+126 36 4 125 1
+127 35 3 126 1
+128 34 2 127 1
+129 33 1 128 1
+130 32 0 129 1
+.end
diff --git a/client/3rd/ShadowSocks/ShadowSocks/shadowsocks-libev/libipset/python/tests/just1-v6.set b/client/3rd/ShadowSocks/ShadowSocks/shadowsocks-libev/libipset/python/tests/just1-v6.set
new file mode 100644
index 00000000..60b328dd
--- /dev/null
+++ b/client/3rd/ShadowSocks/ShadowSocks/shadowsocks-libev/libipset/python/tests/just1-v6.set
@@ -0,0 +1,141 @@
+.ver DDDMP-2.0
+.mode A
+.varinfo 0
+.nnodes 129
+.nvars 320
+.nsuppvars 128
+.ids 192 193 194 195 196 197 198 199 200 201 202 203 204 205 206 207 208 209 210 211 212 213 214 215 216 217 218 219 220 221 222 223 224 225 226 227 228 229 230 231 232 233 234 235 236 237 238 239 240 241 242 243 244 245 246 247 248 249 250 251 252 253 254 255 256 257 258 259 260 261 262 263 264 265 266 267 268 269 270 271 272 273 274 275 276 277 278 279 280 281 282 283 284 285 286 287 288 289 290 291 292 293 294 295 296 297 298 299 300 301 302 303 304 305 306 307 308 309 310 311 312 313 314 315 316 317 318 319
+.permids 192 193 194 195 196 197 198 199 200 201 202 203 204 205 206 207 208 209 210 211 212 213 214 215 216 217 218 219 220 221 222 223 224 225 226 227 228 229 230 231 232 233 234 235 236 237 238 239 240 241 242 243 244 245 246 247 248 249 250 251 252 253 254 255 256 257 258 259 260 261 262 263 264 265 266 267 268 269 270 271 272 273 274 275 276 277 278 279 280 281 282 283 284 285 286 287 288 289 290 291 292 293 294 295 296 297 298 299 300 301 302 303 304 305 306 307 308 309 310 311 312 313 314 315 316 317 318 319
+.nroots 1
+.rootids -129
+.nodes
+1 T 1 0 0
+2 319 127 1 -1
+3 318 126 1 -2
+4 317 125 1 3
+5 316 124 1 4
+6 315 123 1 5
+7 314 122 6 1
+8 313 121 7 1
+9 312 120 8 1
+10 311 119 1 9
+11 310 118 1 10
+12 309 117 1 11
+13 308 116 12 1
+14 307 115 1 13
+15 306 114 14 1
+16 305 113 15 1
+17 304 112 16 1
+18 303 111 17 1
+19 302 110 18 1
+20 301 109 19 1
+21 300 108 20 1
+22 299 107 21 1
+23 298 106 1 22
+24 297 105 1 23
+25 296 104 24 1
+26 295 103 1 25
+27 294 102 26 1
+28 293 101 27 1
+29 292 100 28 1
+30 291 99 29 1
+31 290 98 30 1
+32 289 97 31 1
+33 288 96 32 1
+34 287 95 33 1
+35 286 94 34 1
+36 285 93 35 1
+37 284 92 36 1
+38 283 91 37 1
+39 282 90 38 1
+40 281 89 39 1
+41 280 88 40 1
+42 279 87 1 41
+43 278 86 42 1
+44 277 85 1 43
+45 276 84 1 44
+46 275 83 1 45
+47 274 82 1 46
+48 273 81 47 1
+49 272 80 48 1
+50 271 79 1 49
+51 270 78 50 1
+52 269 77 51 1
+53 268 76 52 1
+54 267 75 53 1
+55 266 74 1 54
+56 265 73 1 55
+57 264 72 1 56
+58 263 71 1 57
+59 262 70 58 1
+60 261 69 1 59
+61 260 68 1 60
+62 259 67 1 61
+63 258 66 1 62
+64 257 65 1 63
+65 256 64 1 64
+66 255 63 1 65
+67 254 62 1 66
+68 253 61 1 67
+69 252 60 1 68
+70 251 59 1 69
+71 250 58 1 70
+72 249 57 1 71
+73 248 56 1 72
+74 247 55 1 73
+75 246 54 1 74
+76 245 53 1 75
+77 244 52 1 76
+78 243 51 1 77
+79 242 50 1 78
+80 241 49 1 79
+81 240 48 1 80
+82 239 47 1 81
+83 238 46 1 82
+84 237 45 1 83
+85 236 44 1 84
+86 235 43 1 85
+87 234 42 1 86
+88 233 41 1 87
+89 232 40 1 88
+90 231 39 1 89
+91 230 38 1 90
+92 229 37 1 91
+93 228 36 1 92
+94 227 35 1 93
+95 226 34 1 94
+96 225 33 1 95
+97 224 32 1 96
+98 223 31 1 97
+99 222 30 1 98
+100 221 29 1 99
+101 220 28 1 100
+102 219 27 1 101
+103 218 26 1 102
+104 217 25 1 103
+105 216 24 1 104
+106 215 23 1 105
+107 214 22 1 106
+108 213 21 1 107
+109 212 20 1 108
+110 211 19 1 109
+111 210 18 1 110
+112 209 17 1 111
+113 208 16 1 112
+114 207 15 1 113
+115 206 14 1 114
+116 205 13 1 115
+117 204 12 1 116
+118 203 11 1 117
+119 202 10 1 118
+120 201 9 1 119
+121 200 8 120 1
+122 199 7 1 121
+123 198 6 122 1
+124 197 5 123 1
+125 196 4 124 1
+126 195 3 125 1
+127 194 2 126 1
+128 193 1 127 1
+129 192 0 128 1
+.end
diff --git a/client/3rd/ShadowSocks/ShadowSocks/shadowsocks-libev/libipset/python/version.py b/client/3rd/ShadowSocks/ShadowSocks/shadowsocks-libev/libipset/python/version.py
new file mode 100644
index 00000000..e9cc624d
--- /dev/null
+++ b/client/3rd/ShadowSocks/ShadowSocks/shadowsocks-libev/libipset/python/version.py
@@ -0,0 +1,102 @@
+# -*- coding: utf-8 -*-
+
+# Calculates the current version number.  If possible, this is the
+# output of “git describe”, modified to conform to the versioning
+# scheme that setuptools uses.  If “git describe” returns an error
+# (most likely because we're in an unpacked copy of a release tarball,
+# rather than in a git working copy), then we fall back on reading the
+# contents of the RELEASE-VERSION file.
+#
+# To use this script, simply import it your setup.py file, and use the
+# results of get_git_version() as your package version:
+#
+# from version import *
+#
+# setup(
+#     version=get_git_version(),
+#     .
+#     .
+#     .
+# )
+#
+# This will automatically update the RELEASE-VERSION file, if
+# necessary.  Note that the RELEASE-VERSION file should *not* be
+# checked into git; please add it to your top-level .gitignore file.
+#
+# You'll probably want to distribute the RELEASE-VERSION file in your
+# sdist tarballs; to do this, just create a MANIFEST.in file that
+# contains the following line:
+#
+#   include RELEASE-VERSION
+
+__all__ = ("get_git_version")
+
+from subprocess import Popen, PIPE
+
+
+def call_git_describe(abbrev=4):
+    try:
+        p = Popen(['git', 'describe', '--abbrev=%d' % abbrev],
+                  stdout=PIPE, stderr=PIPE)
+        p.stderr.close()
+        line = p.stdout.readlines()[0]
+        return line.strip()
+
+    except:
+        return None
+
+
+def read_release_version():
+    try:
+        f = open("RELEASE-VERSION", "r")
+
+        try:
+            version = f.readlines()[0]
+            return version.strip()
+
+        finally:
+            f.close()
+
+    except:
+        return None
+
+
+def write_release_version(version):
+    f = open("RELEASE-VERSION", "w")
+    f.write("%s\n" % version)
+    f.close()
+
+
+def get_git_version(abbrev=4):
+    # Read in the version that's currently in RELEASE-VERSION.
+
+    release_version = read_release_version()
+
+    # First try to get the current version using “git describe”.
+
+    version = call_git_describe(abbrev)
+
+    # If that doesn't work, fall back on the value that's in
+    # RELEASE-VERSION.
+
+    if version is None:
+        version = release_version
+
+    # If we still don't have anything, that's an error.
+
+    if version is None:
+        raise ValueError("Cannot find the version number!")
+
+    # If the current version is different from what's in the
+    # RELEASE-VERSION file, update the file to be current.
+
+    if version != release_version:
+        write_release_version(version)
+
+    # Finally, return the current version.
+
+    return version
+
+
+if __name__ == "__main__":
+    print get_git_version()
diff --git a/client/3rd/ShadowSocks/ShadowSocks/shadowsocks-libev/libipset/run.sh b/client/3rd/ShadowSocks/ShadowSocks/shadowsocks-libev/libipset/run.sh
new file mode 100755
index 00000000..30f07ce5
--- /dev/null
+++ b/client/3rd/ShadowSocks/ShadowSocks/shadowsocks-libev/libipset/run.sh
@@ -0,0 +1,46 @@
+#!/bin/sh
+# Usage: run.sh [debug|release] program arguments
+#
+# Runs a program from one of the build directories, with
+# LD_LIBRARY_PATH set correctly so that it can find all of the shared
+# libraries before they're installed.
+
+
+# Check that there are enough command-line parameters.
+
+if [ $# -lt 1 ]; then
+    echo "Usage: run.sh [debug|release] program arguments"
+    exit 1
+fi
+
+
+# Verify that the user chose a valid build type.
+
+BUILD="$1"
+shift
+
+case "$BUILD" in
+    debug)
+        ;;
+    release)
+        ;;
+    *)
+        echo "Unknown build type $BUILD"
+        exit 1
+        ;;
+esac
+
+
+# Find all of the src subdirectories in the build directory, and use
+# those as the LD_LIBRARY_PATH.
+
+SRC_DIRS=$(find build/$BUILD -name src)
+JOINED=$(echo $SRC_DIRS | perl -ne 'print join(":", split)')
+
+
+# Run the desired program, and pass on any command-line arguments
+# as-is.
+
+LD_LIBRARY_PATH="$JOINED:$LD_LIBRARY_PATH" \
+DYLD_LIBRARY_PATH="$JOINED:$DYLD_LIBRARY_PATH" \
+  "$@"
diff --git a/client/3rd/ShadowSocks/ShadowSocks/shadowsocks-libev/libipset/share/CMakeLists.txt b/client/3rd/ShadowSocks/ShadowSocks/shadowsocks-libev/libipset/share/CMakeLists.txt
new file mode 100644
index 00000000..c30244a0
--- /dev/null
+++ b/client/3rd/ShadowSocks/ShadowSocks/shadowsocks-libev/libipset/share/CMakeLists.txt
@@ -0,0 +1,12 @@
+# -*- coding: utf-8 -*-
+# ----------------------------------------------------------------------
+# Copyright © 2012, RedJack, LLC.
+# All rights reserved.
+#
+# Please see the LICENSE.txt file in this distribution for license
+# details.
+# ----------------------------------------------------------------------
+
+install(DIRECTORY ${CMAKE_CURRENT_SOURCE_DIR}/valgrind
+    DESTINATION share
+    FILES_MATCHING PATTERN "*.supp")
diff --git a/client/3rd/ShadowSocks/ShadowSocks/shadowsocks-libev/libipset/src/CMakeLists.txt b/client/3rd/ShadowSocks/ShadowSocks/shadowsocks-libev/libipset/src/CMakeLists.txt
new file mode 100644
index 00000000..5b25cbb5
--- /dev/null
+++ b/client/3rd/ShadowSocks/ShadowSocks/shadowsocks-libev/libipset/src/CMakeLists.txt
@@ -0,0 +1,108 @@
+# -*- coding: utf-8 -*-
+# ----------------------------------------------------------------------
+# Copyright © 2011-2013, RedJack, LLC.
+# All rights reserved.
+#
+# Please see the LICENSE.txt file in this distribution for license
+# details.
+# ----------------------------------------------------------------------
+
+include_directories(${CMAKE_SOURCE_DIR}/include)
+include_directories(${CMAKE_CURRENT_SOURCE_DIR}/include)
+
+#-----------------------------------------------------------------------
+# Build the library
+
+set(LIBIPSET_SRC
+    libipset/general.c
+    libipset/bdd/assignments.c
+    libipset/bdd/basics.c
+    libipset/bdd/bdd-iterator.c
+    libipset/bdd/expanded.c
+    libipset/bdd/reachable.c
+    libipset/bdd/read.c
+    libipset/bdd/write.c
+    libipset/map/allocation.c
+    libipset/map/inspection.c
+    libipset/map/ipv4_map.c
+    libipset/map/ipv6_map.c
+    libipset/map/storage.c
+    libipset/set/allocation.c
+    libipset/set/inspection.c
+    libipset/set/ipv4_set.c
+    libipset/set/ipv6_set.c
+    libipset/set/iterator.c
+    libipset/set/storage.c
+)
+
+# Update the VERSION and SOVERSION properties below according to the following
+# rules (taken from [1]):
+#
+# VERSION = current.revision.age
+#
+#   1. Start with a VERSION of `0.0.0` for each shared library.
+#   2. Update VERSION only immediately before a public release of your software.
+#      More frequent updates are unnecessary, and only guarantee that the
+#      current interface number gets larger faster.
+#   3. If the library source code has changed at all since the last update, then
+#      increment `revision` (`c.r.a` becomes `c.r+1.a`).
+#   4. If any interfaces have been added, removed, or changed since the last
+#      update, increment `current`, and set `revision` to 0.
+#   5. If any interfaces have been added since the last public release, then
+#      increment `age`.
+#   6. If any interfaces have been removed or changed since the last public
+#      release, then set `age` to 0.
+#
+# SOVERSION should always equal `current`.
+#
+# Note that changing `current` means that you are releasing a new
+# backwards-incompatible version of the library.  This has implications on
+# packaging, so once an API has stabilized, these should be a rare occurrence.
+#
+# [1] http://www.gnu.org/software/libtool/manual/html_node/Updating-version-info.html#Updating-version-info
+
+add_library(libipset SHARED ${LIBIPSET_SRC})
+set_target_properties(libipset PROPERTIES
+    OUTPUT_NAME ipset
+    VERSION 1.1.0
+    SOVERSION 1)
+target_link_libraries(libipset
+    ${CORK_LIBRARIES}
+)
+
+install(TARGETS libipset DESTINATION ${CMAKE_INSTALL_LIBDIR})
+
+#-----------------------------------------------------------------------
+# Utility commands
+
+set(IPSETBUILD_SRC
+    ipsetbuild/ipsetbuild.c
+)
+
+add_executable(ipsetbuild ${IPSETBUILD_SRC})
+target_link_libraries(ipsetbuild libipset)
+install(TARGETS ipsetbuild DESTINATION bin)
+
+set(IPSETCAT_SRC
+    ipsetcat/ipsetcat.c
+)
+
+add_executable(ipsetcat ${IPSETCAT_SRC})
+target_link_libraries(ipsetcat libipset)
+install(TARGETS ipsetcat DESTINATION bin)
+
+set(IPSETDOT_SRC
+    ipsetdot/ipsetdot.c
+)
+
+add_executable(ipsetdot ${IPSETBUILD_SRC})
+target_link_libraries(ipsetdot libipset)
+install(TARGETS ipsetdot DESTINATION bin)
+
+#-----------------------------------------------------------------------
+# Generate the pkg-config file
+
+set(prefix ${CMAKE_INSTALL_PREFIX})
+configure_file(ipset.pc.in ${CMAKE_CURRENT_BINARY_DIR}/ipset.pc @ONLY)
+install(FILES ${CMAKE_CURRENT_BINARY_DIR}/ipset.pc
+        DESTINATION ${CMAKE_INSTALL_LIBDIR}/pkgconfig)
diff --git a/client/3rd/ShadowSocks/ShadowSocks/shadowsocks-libev/libipset/src/ipset.pc.in b/client/3rd/ShadowSocks/ShadowSocks/shadowsocks-libev/libipset/src/ipset.pc.in
new file mode 100644
index 00000000..f7098b95
--- /dev/null
+++ b/client/3rd/ShadowSocks/ShadowSocks/shadowsocks-libev/libipset/src/ipset.pc.in
@@ -0,0 +1,14 @@
+prefix=@prefix@
+exec_prefix=${prefix}
+libdir=${exec_prefix}/lib
+includedir=${prefix}/include
+sharedir=${prefix}/share
+sphinxdir=${sharedir}/doc/ipset/html
+
+Name: ipset
+Description: Library for storing IP sets and maps
+Version: @VERSION@
+URL: http://github.com/dcreager/ipset/
+Requires: libcork >= 0.12.0
+Libs: -L${libdir} -lipset
+Cflags: -I${includedir}
diff --git a/client/3rd/ShadowSocks/ShadowSocks/shadowsocks-libev/libipset/src/ipsetbuild/ipsetbuild.c b/client/3rd/ShadowSocks/ShadowSocks/shadowsocks-libev/libipset/src/ipsetbuild/ipsetbuild.c
new file mode 100644
index 00000000..d5d87c2c
--- /dev/null
+++ b/client/3rd/ShadowSocks/ShadowSocks/shadowsocks-libev/libipset/src/ipsetbuild/ipsetbuild.c
@@ -0,0 +1,512 @@
+/* -*- coding: utf-8 -*-
+ * ----------------------------------------------------------------------
+ * Copyright © 2010-2012, RedJack, LLC.
+ * All rights reserved.
+ *
+ * Please see the LICENSE.txt file in this distribution for license
+ * details.
+ * ----------------------------------------------------------------------
+ */
+
+#include <ctype.h>
+#include <errno.h>
+#include <getopt.h>
+#include <stdio.h>
+#include <stdlib.h>
+#include <string.h>
+#include <unistd.h>
+
+#include <libcork/core.h>
+
+#include "ipset/ipset.h"
+
+
+static char  *output_filename = NULL;
+static bool  loose_cidr = false;
+static int  verbosity = 0;
+
+struct removal {
+    size_t  line;
+    const char  *filename;
+    struct cork_ip  address;
+    unsigned int  cidr;
+    bool  has_cidr;
+};
+
+static struct option longopts[] = {
+    { "help", no_argument, NULL, 'h' },
+    { "output", required_argument, NULL, 'o' },
+    { "loose-cidr", 0, NULL, 'l' },
+    { "verbose", 0, NULL, 'v' },
+    { "quiet", 0, NULL, 'q' },
+    { NULL, 0, NULL, 0 }
+};
+
+static bool
+is_string_whitespace(const char *str)
+{
+    while (*str) {
+        if (isspace(*str) == 0) {
+            return false;
+        }
+        str++;
+    }
+    return true;
+}
+
+#define USAGE \
+"Usage: ipsetbuild [options] <input file>...\n"
+
+#define FULL_USAGE \
+USAGE \
+"\n" \
+"Constructs a binary IP set file from a list of IP addresses and networks.\n" \
+"\n" \
+"Options:\n" \
+"  <input file>...\n" \
+"    A list of text files that contain the IP addresses and networks to add\n" \
+"    to the set.  To read from stdin, use \"-\" as the filename.\n" \
+"  --output=<filename>, -o <filename>\n" \
+"    Writes the binary IP set file to <filename>.  If this option isn't\n" \
+"    given, then the binary set will be written to standard output.\n" \
+"  --loose-cidr, -l\n" \
+"    Be more lenient about the address portion of any CIDR network blocks\n" \
+"    found in the input file.\n" \
+"  --verbose, -v\n" \
+"    Show summary information about the IP set that's built, as well as\n" \
+"    progress information about the files being read and written.  If this\n" \
+"    option is not given, the only output will be any error, alert, or\n" \
+"    warning messages that occur.\n" \
+"  --quiet, -q\n" \
+"    Show only error message for malformed input. All warnings, alerts,\n" \
+"    and summary information about the IP set is suppressed.\n" \
+"  --help\n" \
+"    Display this help and exit.\n" \
+"\n" \
+"Input format:\n" \
+"  Each input file must contain one IP address or network per line.  Lines\n" \
+"  beginning with a \"#\" are considered comments and are ignored.  Each\n" \
+"  IP address must have one of the following formats:\n" \
+"\n" \
+"    x.x.x.x\n" \
+"    x.x.x.x/cidr\n" \
+"    xxxx:xxxx:xxxx:xxxx:xxxx:xxxx:xxxx:xxxx\n" \
+"    xxxx:xxxx:xxxx:xxxx:xxxx:xxxx:xxxx:xxxx/cidr\n" \
+"\n" \
+"  The first two are for IPv4 addresses and networks; the second two for\n" \
+"  IPv6 addresses and networks.  For IPv6 addresses, you can use the \"::\"\n" \
+"  shorthand notation to collapse consecutive \"0\" portions.\n" \
+"\n" \
+"  If an address contains a \"/cidr\" suffix, then the entire CIDR network\n" \
+"  of addresses will be added to the set.  You must ensure that the low-\n" \
+"  order bits of the address are set to 0; if not, we'll raise an error.\n" \
+"  (If you pass in the \"--loose-cidr\" option, we won't perform this\n" \
+"  sanity check.)\n" \
+"\n" \
+"  You can also prefix any input line with an exclamation point (\"!\").\n" \
+"  This causes the given address or network to be REMOVED from the output\n" \
+"  set.  This notation can be useful to define a set that contains most of\n" \
+"  the addresses in a large CIDR block, except for addresses at certain\n" \
+"  \"holes\".\n" \
+"\n" \
+"  The order of the addresses and networks given to ipsetbuild does not\n" \
+"  matter.  If a particular address is added to the set more than once, or\n" \
+"  removed from the set more than once, whether on its own or via a CIDR\n" \
+"  network, then you will get a warning message.  (You can silence these\n" \
+"  warnings with the --quiet option.)  If an address is both added to and\n" \
+"  removed from the set, then the removal takes precedence, regardless of\n" \
+"  where the relevant lines appear in the input file.\n"
+
+#ifndef LIB_ONLY
+int
+main(int argc, char **argv)
+{
+    ipset_init_library();
+
+    /* Parse the command-line options. */
+
+    int  ch;
+    while ((ch = getopt_long(argc, argv, "hlo:vq", longopts, NULL)) != -1) {
+        switch (ch) {
+            case 'h':
+                fprintf(stdout, FULL_USAGE);
+                exit(0);
+
+            case 'l':
+                loose_cidr = true;
+                break;
+
+            case 'o':
+                output_filename = optarg;
+                break;
+
+            case 'v':
+                verbosity++;
+                break;
+
+            case 'q':
+                verbosity--;
+                break;
+
+            default:
+                fprintf(stderr, USAGE);
+                exit(1);
+        }
+    }
+
+    argc -= optind;
+    argv += optind;
+
+    /* Verify that the user specified at least one text file to read. */
+    if (argc == 0) {
+        fprintf(stderr,
+                "ipsetbuild: You need to specify at least one input file.\n");
+        fprintf(stderr, USAGE);
+        exit(1);
+    }
+
+    /* And an output file to write to. */
+    if (output_filename == NULL) {
+        fprintf(stderr,
+                "ipsetbuild: You need to specify an output file.\n");
+        fprintf(stderr, USAGE);
+        exit(1);
+    }
+
+    /* Read in the IP set files specified on the command line. */
+
+    size_t  total_ip_added = 0;
+    size_t  total_ip_removed = 0;
+    size_t  total_ip_v4 = 0;
+    size_t  total_ip_v4_block = 0;
+    size_t  total_ip_v6 = 0;
+    size_t  total_ip_v6_block = 0;
+    struct ip_set  set;
+    struct removal  *entry;
+    cork_array(struct removal)  removals;
+    bool  read_from_stdin = false;
+    bool  set_unchanged = false;
+
+    ipset_init(&set);
+    cork_array_init(&removals);
+
+    int  i;
+    for (i = 0; i < argc; i++) {
+        const char  *filename = argv[i];
+        FILE  *stream;
+        bool  close_stream;
+
+        /* Create a FILE object for the file. */
+        if (strcmp(filename, "-") == 0) {
+            if (read_from_stdin) {
+                fprintf(stderr,
+                        "ipsetbuild: Cannot read from stdin more than once.\n");
+                exit(1);
+            }
+            if (verbosity > 0) {
+                fprintf(stderr, "Opening stdin...\n\n");
+            }
+            filename = "stdin";
+            stream = stdin;
+            close_stream = false;
+            read_from_stdin = true;
+        } else {
+            if (verbosity > 0) {
+                fprintf(stderr, "Opening file %s...\n", filename);
+            }
+            stream = fopen(filename, "rb");
+            if (stream == NULL) {
+                fprintf(stderr, "ipsetbuild: Cannot open file %s:\n  %s\n",
+                        filename, strerror(errno));
+                exit(1);
+            }
+            close_stream = true;
+        }
+
+        /* Read in one IP address per line in the file. */
+        size_t  ip_count = 0;
+        size_t  ip_count_v4 = 0;
+        size_t  ip_count_v4_block = 0;
+        size_t  ip_count_v6 = 0;
+        size_t  ip_count_v6_block = 0;
+        size_t  line_num = 0;
+        size_t  ip_error_num = 0;
+        bool  ip_error = false;
+
+#define MAX_LINELENGTH  4096
+        char  line[MAX_LINELENGTH];
+        char  *slash_pos;
+        unsigned int  cidr = 0;
+
+        while (fgets(line, MAX_LINELENGTH, stream) != NULL) {
+            char  *address;
+            struct cork_ip  addr;
+            bool  remove_ip = false;
+
+            line_num++;
+
+            /* Skip empty lines and comments. Comments start with '#'
+             * in the first column. */
+            if ((line[0] == '#') || (is_string_whitespace(line))) {
+                continue;
+            }
+
+            /* Check for a negating IP address.  If so, then the IP address
+             * starts just after the '!'. */
+            if (line[0] == '!') {
+                remove_ip = true;
+                address = line + 1;
+            } else {
+                address = line;
+            }
+
+            /* Chomp the trailing newline so we don't confuse our IP
+             * address parser. */
+            size_t  len = strlen(address);
+            address[len-1] = '\0';
+
+            /* Check for a / indicating a CIDR block.  If one is
+             * present, split the string there and parse the trailing
+             * part as a CIDR prefix integer. */
+            if ((slash_pos = strchr(address, '/')) != NULL) {
+                char  *endptr;
+                *slash_pos = '\0';
+                slash_pos++;
+                cidr = (unsigned int) strtol(slash_pos, &endptr, 10);
+                if (endptr == slash_pos) {
+                    fprintf(stderr,
+                            "Error: Line %zu: Missing CIDR prefix\n",
+                            line_num);
+                    ip_error_num++;
+                    ip_error = true;
+                    continue;
+                } else if (*slash_pos == '\0' || *endptr != '\0') {
+                    fprintf(stderr,
+                            "Error: Line %zu: Invalid CIDR prefix \"%s\"\n",
+                            line_num, slash_pos);
+                    ip_error_num++;
+                    ip_error = true;
+                    continue;
+                }
+            }
+
+            /* Try to parse the line as an IP address. */
+            if (cork_ip_init(&addr, address) != 0) {
+                fprintf(stderr, "Error: Line %zu: %s\n",
+                        line_num, cork_error_message());
+                cork_error_clear();
+                ip_error_num++;
+                ip_error = true;
+                continue;
+            }
+
+            /* Add to address to the ipset and update the counters */
+            if (slash_pos == NULL) {
+                if (remove_ip) {
+                    entry = cork_array_append_get(&removals);
+                    entry->line = line_num;
+                    entry->filename = filename;
+                    entry->address = addr;
+                    entry->cidr = 0;
+                    entry->has_cidr = false;
+                } else {
+                    set_unchanged = ipset_ip_add(&set, &addr);
+                    if (set_unchanged && verbosity >= 0) {
+                        fprintf(stderr,
+                                "Alert: %s, line %zu: %s is a duplicate\n",
+                                filename, line_num, address);
+                    } else {
+                        if (addr.version == 4) {
+                            ip_count_v4++;
+                        } else {
+                            ip_count_v6++;
+                        }
+                        ip_count++;
+                    }
+                }
+            } else {
+                /* If loose-cidr was not a command line option, then check the
+                 * alignment of the IP address with the CIDR block. */
+                if (!loose_cidr) {
+                    if (!cork_ip_is_valid_network(&addr, cidr)) {
+                        fprintf(stderr, "Error: %s, line %zu: Bad CIDR block: "
+                                "\"%s/%u\"\n",
+                                filename, line_num, address, cidr);
+                        ip_error_num++;
+                        ip_error = true;
+                        continue;
+                    }
+                }
+                if (remove_ip) {
+                    entry = cork_array_append_get(&removals);
+                    entry->line = line_num;
+                    entry->filename = filename;
+                    entry->address = addr;
+                    entry->cidr = cidr;
+                    entry->has_cidr = true;
+                } else {
+                    set_unchanged = ipset_ip_add_network(&set, &addr, cidr);
+                }
+                if (cork_error_occurred()) {
+                    fprintf(stderr, "Error: %s, line %zu: Invalid IP address: "
+                            "\"%s/%u\": %s\n", filename, line_num, address,
+                            cidr, cork_error_message());
+                    cork_error_clear();
+                    ip_error_num++;
+                    ip_error = true;
+                    continue;
+                }
+                if (!remove_ip) {
+                    if (set_unchanged && verbosity >= 0) {
+                        fprintf(stderr,
+                                "Alert: %s, line %zu: %s/%u is a duplicate\n",
+                                filename, line_num, address, cidr);
+                    } else {
+                        if (addr.version == 4) {
+                            ip_count_v4_block++;
+                        } else {
+                            ip_count_v6_block++;
+                        }
+                        ip_count++;
+                    }
+                }
+            }
+        }
+
+        if (ferror(stream)) {
+            /* There was an error reading from the stream. */
+            fprintf(stderr, "Error reading from %s:\n  %s\n",
+                    filename, strerror(errno));
+            exit(1);
+        }
+
+        if (verbosity > 0) {
+            fprintf(stderr,
+                    "Summary: Read %zu valid IP address records from %s.\n",
+                    ip_count, filename);
+            fprintf(stderr, "  IPv4: %zu addresses, %zu block%s\n", ip_count_v4,
+                    ip_count_v4_block, (ip_count_v4_block == 1)? "": "s");
+            fprintf(stderr, "  IPv6: %zu addresses, %zu block%s\n", ip_count_v6,
+                    ip_count_v6_block, (ip_count_v6_block == 1)? "": "s");
+        }
+
+        /* Update the total IP counters. */
+        total_ip_added += ip_count;
+        total_ip_v4 += ip_count_v4;
+        total_ip_v4_block += ip_count_v4_block;
+        total_ip_v6 += ip_count_v6;
+        total_ip_v6_block += ip_count_v6_block;
+
+        /* Free the streams before opening the next file. */
+        if (close_stream) {
+            fclose(stream);
+        }
+
+        /* If the input file has errors, then terminate the program. */
+        if (ip_error) {
+            fprintf(stderr, "The program halted on %s with %zu "
+                    "input error%s.\n",
+                    filename, ip_error_num, (ip_error_num == 1)? "": "s");
+            exit(1);
+        }
+    }
+
+    /* Combine the removals array with the set */
+    size_t  removal_count = cork_array_size(&removals);
+    for (i = 0; i < removal_count; i++) {
+        entry = &cork_array_at(&removals, i);
+        if (entry->has_cidr == true) {
+            set_unchanged =
+                ipset_ip_remove_network(&set, &entry->address, entry->cidr);
+            if (set_unchanged) {
+                if (verbosity >= 0) {
+                    char  ip_buf[CORK_IP_STRING_LENGTH];
+                    cork_ip_to_raw_string(&entry->address, ip_buf);
+                    fprintf(stderr,
+                            "Alert: %s, line %zu: %s/%u is not in the set\n",
+                            entry->filename, entry->line, ip_buf, entry->cidr);
+                }
+            } else {
+                if (entry->address.version == 4) {
+                    total_ip_v4_block--;
+                } else {
+                    total_ip_v6_block--;
+                }
+                total_ip_removed++;
+            }
+        } else {
+            set_unchanged = ipset_ip_remove(&set, &entry->address);
+            if (set_unchanged) {
+                if (verbosity >= 0) {
+                    char  ip_buf[CORK_IP_STRING_LENGTH];
+                    cork_ip_to_raw_string(&entry->address, ip_buf);
+                    fprintf(stderr,
+                            "Alert: %s, line %zu: %s is not in the set\n",
+                            entry->filename, entry->line, ip_buf);
+                }
+            } else {
+                if (entry->address.version == 4) {
+                    total_ip_v4--;
+                } else {
+                    total_ip_v6--;
+                }
+                total_ip_removed++;
+            }
+        }
+    }
+    cork_array_done(&removals);
+
+    /* Print the total counter values and set size. */
+    if (verbosity > 0) {
+        fprintf(stderr, "\nSummary: %zu valid IP address records found.\n",
+                total_ip_added + total_ip_removed);
+        fprintf(stderr, "  Total records added: %zu\n", total_ip_added);
+        fprintf(stderr, "  Total records removed: %zu\n", total_ip_removed);
+        fprintf(stderr, "  IPv4: %zu addresses, %zu complete block%s\n",
+                total_ip_v4, total_ip_v4_block,
+                (total_ip_v4_block == 1)? "": "s");
+        fprintf(stderr, "  IPv6: %zu addresses, %zu complete block%s\n",
+                total_ip_v6, total_ip_v6_block,
+                (total_ip_v6_block == 1)? "": "s");
+        fprintf(stderr, "Set uses %zu bytes of memory.\n",
+                ipset_memory_size(&set));
+    }
+
+    /* Serialize the IP set to the desired output file. */
+    FILE  *ostream;
+    bool  close_ostream;
+
+    if (strcmp(output_filename, "-") == 0) {
+        if (verbosity > 0) {
+            fprintf(stderr, "Writing to stdout...\n");
+        }
+        ostream = stdout;
+        output_filename = "stdout";
+        close_ostream = false;
+    } else {
+        if (verbosity > 0) {
+            fprintf(stderr, "Writing to file %s...\n", output_filename);
+        }
+        ostream = fopen(output_filename, "wb");
+        if (ostream == NULL) {
+            fprintf(stderr, "Cannot open file %s:\n  %s\n",
+                    output_filename, strerror(errno));
+            exit(1);
+        }
+        close_ostream = true;
+    }
+
+    if (ipset_save(ostream, &set) != 0) {
+        fprintf(stderr, "Error saving IP set:\n  %s\n",
+                cork_error_message());
+        exit(1);
+    }
+
+    /* Close the output stream for exiting. */
+    if (close_ostream) {
+        fclose(ostream);
+    }
+
+    return 0;
+}
+#endif
diff --git a/client/3rd/ShadowSocks/ShadowSocks/shadowsocks-libev/libipset/src/ipsetcat/ipsetcat.c b/client/3rd/ShadowSocks/ShadowSocks/shadowsocks-libev/libipset/src/ipsetcat/ipsetcat.c
new file mode 100644
index 00000000..53a7362f
--- /dev/null
+++ b/client/3rd/ShadowSocks/ShadowSocks/shadowsocks-libev/libipset/src/ipsetcat/ipsetcat.c
@@ -0,0 +1,229 @@
+/* -*- coding: utf-8 -*-
+ * ----------------------------------------------------------------------
+ * Copyright © 2010-2012, RedJack, LLC.
+ * All rights reserved.
+ *
+ * Please see the LICENSE.txt file in this distribution for license
+ * details.
+ * ----------------------------------------------------------------------
+ */
+
+
+#include <errno.h>
+#include <getopt.h>
+#include <stdio.h>
+#include <stdlib.h>
+#include <string.h>
+#include <unistd.h>
+
+#include <libcork/core.h>
+
+#include "ipset/ipset.h"
+
+
+static char  *input_filename = NULL;
+static char  *output_filename = "-";
+static bool  verbose = false;
+static bool  want_networks = false;
+
+
+static struct option longopts[] = {
+    { "help", no_argument, NULL, 'h' },
+    { "output", required_argument, NULL, 'o' },
+    { "networks", no_argument, NULL, 'n' },
+    { "verbose", 0, NULL, 'v' },
+    { NULL, 0, NULL, 0 }
+};
+
+#define USAGE \
+"Usage: ipsetcat [options] <input filename>\n"
+
+#define FULL_USAGE \
+USAGE \
+"\n" \
+"Prints out the (non-sorted) contents of a binary IP set file.\n" \
+"\n" \
+"Options:\n" \
+"  <input filename>\n" \
+"    The binary set file to read.  To read from stdin, use \"-\" as the\n" \
+"    filename.\n" \
+"  --output=<filename>, -o <filename>\n" \
+"    Writes the contents of the binary IP set file to <filename>.  If this\n" \
+"    option isn't given, then the contents will be written to standard\n" \
+"    output.\n" \
+"  --networks, -n\n" \
+"    Where possible, we group the IP addresses in the set into CIDR network\n" \
+"    blocks.  For dense sets, this can greatly reduce the amount of output\n" \
+"    that's generated.\n" \
+"  --verbose, -v\n" \
+"    Show progress information about the files being read and written.  If\n" \
+"    this option is not given, the only output will be any error messages\n" \
+"    that occur.\n" \
+"  --help\n" \
+"    Display this help and exit.\n" \
+"\n" \
+"Output format:\n" \
+"  The output will contain one IP address or network per line.  If you give\n" \
+"  the \"--networks\" option, then we will collapse addresses into CIDR\n" \
+"  networks where possible.  CIDR network blocks will have one of the\n" \
+"  following formats:\n" \
+"\n" \
+"    x.x.x.x/cidr\n" \
+"    xxxx:xxxx:xxxx:xxxx:xxxx:xxxx:xxxx:xxxx/cidr\n" \
+"\n" \
+"  Individual IP addresses will have one of the following formats:\n" \
+"\n" \
+"    x.x.x.x\n" \
+"    xxxx:xxxx:xxxx:xxxx:xxxx:xxxx:xxxx:xxxx\n" \
+"\n" \
+"  Note that we never include a /32 or /128 suffix for individual addresses,\n" \
+"  even if you've requested CIDR networks via the \"--networks\" option.\n" \
+"\n" \
+"  Please note that the output is UNSORTED.  There are no guarantees made\n" \
+"  about the order of the IP addresses and networks in the output.\n"
+#ifndef LIB_ONLY
+int
+main(int argc, char **argv)
+{
+    ipset_init_library();
+
+    /* Parse the command-line options. */
+
+    int  ch;
+    while ((ch = getopt_long(argc, argv, "hno:", longopts, NULL)) != -1) {
+        switch (ch) {
+            case 'h':
+                fprintf(stdout, FULL_USAGE);
+                exit(0);
+
+            case 'n':
+                want_networks = true;
+                break;
+
+            case 'o':
+                output_filename = optarg;
+                break;
+
+            case 'v':
+                verbose = true;
+                break;
+
+            default:
+                fprintf(stderr, USAGE);
+                exit(1);
+        }
+    }
+
+    argc -= optind;
+    argv += optind;
+
+    if (argc != 1) {
+        fprintf(stderr, "ipsetcat: You must specify exactly one input file.\n");
+        fprintf(stderr, USAGE);
+        exit(1);
+    }
+
+    input_filename = argv[0];
+
+    /* Read in the IP set files specified on the command line. */
+    struct ip_set  *set = NULL;
+    FILE  *stream;
+    bool  close_stream;
+
+    /* Create a FILE object for the file. */
+    if (strcmp(input_filename, "-") == 0) {
+        if (verbose) {
+            fprintf(stderr, "Opening stdin...\n");
+        }
+        input_filename = "stdin";
+        stream = stdin;
+        close_stream = false;
+    } else {
+        if (verbose) {
+            fprintf(stderr, "Opening file %s...\n", input_filename);
+        }
+        stream = fopen(input_filename, "rb");
+        if (stream == NULL) {
+            fprintf(stderr, "Cannot open file %s:\n  %s\n",
+                    input_filename, strerror(errno));
+            exit(1);
+        }
+        close_stream = true;
+    }
+
+    /* Read in the IP set from the specified file. */
+    set = ipset_load(stream);
+    if (set == NULL) {
+        fprintf(stderr, "Error reading %s:\n  %s\n",
+                input_filename, cork_error_message());
+        exit(1);
+    }
+
+    if (close_stream) {
+        fclose(stream);
+    }
+
+    /* Print out the IP addresses in the set. */
+    FILE  *ostream;
+    bool  close_ostream;
+    if ((output_filename == NULL) || (strcmp(output_filename, "-") == 0)) {
+        if (verbose) {
+            fprintf(stderr, "Writing to stdout...\n");
+        }
+        ostream = stdout;
+        output_filename = "stdout";
+        close_ostream = false;
+    } else {
+        if (verbose) {
+            fprintf(stderr, "Writing to file %s...\n", output_filename);
+        }
+        ostream = fopen(output_filename, "wb");
+        if (ostream == NULL) {
+            fprintf(stderr, "Cannot open file %s:\n  %s\n",
+                    output_filename, strerror(errno));
+            exit(1);
+        }
+        close_ostream = true;
+    }
+
+    char  ip_buf[CORK_IP_STRING_LENGTH];
+    struct cork_buffer  buf = CORK_BUFFER_INIT();
+
+    struct ipset_iterator  *it;
+    if (want_networks) {
+        /* If requested, iterate through network blocks instead of
+         * individual IP addresses. */
+        it = ipset_iterate_networks(set, true);
+    } else {
+        /* The user wants individual IP addresses.  Hope they know what
+         * they're doing! */
+        it = ipset_iterate(set, true);
+    }
+
+    for (/* nothing */; !it->finished; ipset_iterator_advance(it)) {
+        cork_ip_to_raw_string(&it->addr, ip_buf);
+        if ((it->addr.version == 4 && it->cidr_prefix == 32) ||
+            (it->addr.version == 6 && it->cidr_prefix == 128)) {
+            cork_buffer_printf(&buf, "%s\n", ip_buf);
+        } else {
+            cork_buffer_printf(&buf, "%s/%u\n", ip_buf, it->cidr_prefix);
+        }
+
+        if (fputs(buf.buf, ostream) == EOF) {
+            fprintf(stderr, "Cannot write to file %s:\n  %s\n",
+                    output_filename, strerror(errno));
+            exit(1);
+        }
+    }
+
+    cork_buffer_done(&buf);
+    ipset_free(set);
+
+    /* Close the output stream for exiting. */
+    if (close_ostream) {
+        fclose(ostream);
+    }
+
+    return 0;
+}
+#endif
diff --git a/client/3rd/ShadowSocks/ShadowSocks/shadowsocks-libev/libipset/src/ipsetdot/ipsetdot.c b/client/3rd/ShadowSocks/ShadowSocks/shadowsocks-libev/libipset/src/ipsetdot/ipsetdot.c
new file mode 100644
index 00000000..205ad1f0
--- /dev/null
+++ b/client/3rd/ShadowSocks/ShadowSocks/shadowsocks-libev/libipset/src/ipsetdot/ipsetdot.c
@@ -0,0 +1,184 @@
+/* -*- coding: utf-8 -*-
+ * ----------------------------------------------------------------------
+ * Copyright © 2010-2012, RedJack, LLC.
+ * All rights reserved.
+ *
+ * Please see the LICENSE.txt file in this distribution for license
+ * details.
+ * ----------------------------------------------------------------------
+ */
+
+
+#include <errno.h>
+#include <getopt.h>
+#include <stdio.h>
+#include <stdlib.h>
+#include <string.h>
+#include <unistd.h>
+
+#include <libcork/core.h>
+
+#include "ipset/ipset.h"
+
+
+static char  *input_filename = NULL;
+static char  *output_filename = "-";
+static bool  verbose = false;
+
+
+static struct option longopts[] = {
+    { "help", no_argument, NULL, 'h' },
+    { "output", required_argument, NULL, 'o' },
+    { "verbose", 0, NULL, 'v' },
+    { NULL, 0, NULL, 0 }
+};
+
+#define USAGE \
+"Usage: ipsetdot [options] <input filename>\n"
+
+#define FULL_USAGE \
+USAGE \
+"\n" \
+"Creates a GraphViz file showing the BDD structure of an IP set.\n" \
+"\n" \
+"Options:\n" \
+"  <input filename>\n" \
+"    The binary set file to read.  To read from stdin, use \"-\" as the\n" \
+"    filename.\n" \
+"  --output=<filename>, -o <filename>\n" \
+"    Writes the GraphViz representation of the binary IP set file to\n" \
+"    <filename>.  If this option isn't given, then the contents will be\n" \
+"    written to standard output.\n" \
+"  --verbose, -v\n" \
+"    Show progress information about the files being read and written.  If\n" \
+"    this option is not given, the only output will be any error messages\n" \
+"    that occur.\n" \
+"  --help\n" \
+"    Display this help and exit.\n" \
+"\n" \
+"Output format:\n" \
+"  Internally, IP sets are represented by a binary-decision diagram (BDD).\n" \
+"  The ipsetdot program can be used to produce a GraphViz file that describes\n" \
+"  the internal BDD structure for an IP set.  The GraphViz representation can\n" \
+"  then be passed in to GraphViz's \"dot\" program, for instance, to generate\n" \
+"  an image of the BDD's graph structure.\n"
+
+#ifndef LIB_ONLY
+int
+main(int argc, char **argv)
+{
+    ipset_init_library();
+
+    /* Parse the command-line options. */
+
+    int  ch;
+    while ((ch = getopt_long(argc, argv, "ho:", longopts, NULL)) != -1) {
+        switch (ch) {
+            case 'h':
+                fprintf(stdout, FULL_USAGE);
+                exit(0);
+
+            case 'o':
+                output_filename = optarg;
+                break;
+
+            case 'v':
+                verbose = true;
+                break;
+
+            default:
+                fprintf(stderr, USAGE);
+                exit(1);
+        }
+    }
+
+    argc -= optind;
+    argv += optind;
+
+    if (argc != 1) {
+        fprintf(stderr, "ipsetdot: You must specify exactly one input file.\n");
+        fprintf(stderr, USAGE);
+        exit(1);
+    }
+
+    input_filename = argv[0];
+
+    /* Read in the IP set files specified on the command line. */
+    struct ip_set  *set = NULL;
+    FILE  *stream;
+    bool  close_stream;
+
+    /* Create a FILE object for the file. */
+    if (strcmp(input_filename, "-") == 0) {
+        if (verbose) {
+            fprintf(stderr, "Opening stdin...\n");
+        }
+        input_filename = "stdin";
+        stream = stdin;
+        close_stream = false;
+    } else {
+        if (verbose) {
+            fprintf(stderr, "Opening file %s...\n", input_filename);
+        }
+        stream = fopen(input_filename, "rb");
+        if (stream == NULL) {
+            fprintf(stderr, "Cannot open file %s:\n  %s\n",
+                    input_filename, strerror(errno));
+            exit(1);
+        }
+        close_stream = true;
+    }
+
+    /* Read in the IP set from the specified file. */
+    set = ipset_load(stream);
+    if (set == NULL) {
+        fprintf(stderr, "Error reading %s:\n  %s\n",
+                input_filename, cork_error_message());
+        exit(1);
+    }
+
+    if (close_stream) {
+        fclose(stream);
+    }
+
+    /* Generate a GraphViz dot file for the set. */
+
+    FILE  *ostream;
+    bool  close_ostream;
+
+    if ((output_filename == NULL) || (strcmp(output_filename, "-") == 0)) {
+        if (verbose) {
+            fprintf(stderr, "Writing to stdout...\n");
+        }
+        ostream = stdout;
+        output_filename = "stdout";
+        close_ostream = false;
+    } else {
+        if (verbose) {
+            fprintf(stderr, "Writing to file %s...\n", output_filename);
+        }
+        ostream = fopen(output_filename, "wb");
+        if (ostream == NULL) {
+            fprintf(stderr, "Cannot open file %s:\n  %s\n",
+                    output_filename, strerror(errno));
+            exit(1);
+        }
+        close_ostream = true;
+    }
+
+    if (ipset_save_dot(ostream, set) != 0) {
+        fprintf(stderr, "Error saving IP set:\n  %s\n",
+                cork_error_message());
+        exit(1);
+    }
+
+    ipset_free(set);
+
+    /* Close the output stream for exiting. */
+    if (close_ostream) {
+        fclose(ostream);
+    }
+
+    return 0;
+}
+#endif
diff --git a/client/3rd/ShadowSocks/ShadowSocks/shadowsocks-libev/libipset/src/libipset/bdd/assignments.c b/client/3rd/ShadowSocks/ShadowSocks/shadowsocks-libev/libipset/src/libipset/bdd/assignments.c
new file mode 100644
index 00000000..41d57021
--- /dev/null
+++ b/client/3rd/ShadowSocks/ShadowSocks/shadowsocks-libev/libipset/src/libipset/bdd/assignments.c
@@ -0,0 +1,134 @@
+/* -*- coding: utf-8 -*-
+ * ----------------------------------------------------------------------
+ * Copyright © 2010-2012, RedJack, LLC.
+ * All rights reserved.
+ *
+ * Please see the LICENSE.txt file in this distribution for license
+ * details.
+ * ----------------------------------------------------------------------
+ */
+
+#include <libcork/core.h>
+
+#include "ipset/bdd/nodes.h"
+
+
+struct ipset_assignment *
+ipset_assignment_new()
+{
+    struct ipset_assignment  *assignment = cork_new(struct ipset_assignment);
+    cork_array_init(&assignment->values);
+    return assignment;
+}
+
+
+void
+ipset_assignment_free(struct ipset_assignment *assignment)
+{
+    cork_array_done(&assignment->values);
+    free(assignment);
+}
+
+
+bool
+ipset_assignment_equal(const struct ipset_assignment *assignment1,
+                       const struct ipset_assignment *assignment2)
+{
+    /* Identical pointers are trivially equal. */
+    if (assignment1 == assignment2) {
+        return true;
+    }
+
+    /* Otherwise we compare the assignments piecewise up through the end
+     * of the smaller vector. */
+    unsigned int  size1 = cork_array_size(&assignment1->values);
+    unsigned int  size2 = cork_array_size(&assignment2->values);
+    unsigned int  smaller_size = (size1 < size2)? size1: size2;
+
+    unsigned int  i;
+    for (i = 0; i < smaller_size; i++) {
+        if (cork_array_at(&assignment1->values, i) !=
+            cork_array_at(&assignment2->values, i)) {
+            return false;
+        }
+    }
+
+    /* If one of the assignment vectors is longer, any remaining
+     * elements must be indeterminate. */
+    if (size1 > smaller_size) {
+        for (i = smaller_size; i < size1; i++) {
+            if (cork_array_at(&assignment1->values, i) != IPSET_EITHER) {
+                return false;
+            }
+        }
+    }
+
+    if (size2 > smaller_size) {
+        for (i = smaller_size; i < size2; i++) {
+            if (cork_array_at(&assignment2->values, i) != IPSET_EITHER) {
+                return false;
+            }
+        }
+    }
+
+    /* If we make it through all of that, the two assignments are equal. */
+    return true;
+}
+
+
+void
+ipset_assignment_cut(struct ipset_assignment *assignment,
+                     ipset_variable var)
+{
+    if (var < cork_array_size(&assignment->values)) {
+        assignment->values.size = var;
+    }
+}
+
+
+void
+ipset_assignment_clear(struct ipset_assignment *assignment)
+{
+    ipset_assignment_cut(assignment, 0);
+}
+
+
+enum ipset_tribool
+ipset_assignment_get(struct ipset_assignment *assignment, ipset_variable var)
+{
+    if (var < cork_array_size(&assignment->values)) {
+        /* If the requested variable is in the range of the values
+         * array, return whatever is stored there. */
+        return cork_array_at(&assignment->values, var);
+    } else {
+        /* Variables htat aren't in the values array are always EITHER. */
+        return IPSET_EITHER;
+    }
+}
+
+
+void
+ipset_assignment_set(struct ipset_assignment *assignment,
+                     ipset_variable var, enum ipset_tribool value)
+{
+    /* Ensure that the vector is big enough to hold this variable
+     * assignment, inserting new EITHERs if needed. */
+    if (var >= cork_array_size(&assignment->values)) {
+        unsigned int  old_len = cork_array_size(&assignment->values);
+
+        /* Expand the array. */
+        cork_array_ensure_size(&assignment->values, var+1);
+        assignment->values.size = var+1;
+
+        /* Fill in EITHERs in the newly allocated elements. */
+        if (var != old_len) {
+            unsigned int  i;
+            for (i = old_len; i < var; i++) {
+                cork_array_at(&assignment->values, i) = IPSET_EITHER;
+            }
+        }
+    }
+
+    /* Assign the desired value. */
+    cork_array_at(&assignment->values, var) = value;
+}
diff --git a/client/3rd/ShadowSocks/ShadowSocks/shadowsocks-libev/libipset/src/libipset/bdd/basics.c b/client/3rd/ShadowSocks/ShadowSocks/shadowsocks-libev/libipset/src/libipset/bdd/basics.c
new file mode 100644
index 00000000..3db6f17e
--- /dev/null
+++ b/client/3rd/ShadowSocks/ShadowSocks/shadowsocks-libev/libipset/src/libipset/bdd/basics.c
@@ -0,0 +1,467 @@
+/* -*- coding: utf-8 -*-
+ * ----------------------------------------------------------------------
+ * Copyright © 2010-2013, RedJack, LLC.
+ * All rights reserved.
+ *
+ * Please see the LICENSE.txt file in this distribution for license
+ * details.
+ * ----------------------------------------------------------------------
+ */
+
+#include <stdio.h>
+#include <string.h>
+
+#include <libcork/core.h>
+
+#include "ipset/bdd/nodes.h"
+#include "ipset/bits.h"
+#include "ipset/logging.h"
+
+
+void
+ipset_node_fprint(FILE *stream, struct ipset_node *node)
+{
+    fprintf(stream,
+            "nonterminal(x%u? " IPSET_NODE_ID_FORMAT
+            ": " IPSET_NODE_ID_FORMAT ")",
+            node->variable,
+            IPSET_NODE_ID_VALUES(node->high),
+            IPSET_NODE_ID_VALUES(node->low));
+}
+
+
+static cork_hash
+ipset_node_hash(void *user_data, const void *key)
+{
+    const struct ipset_node  *node = key;
+    /* Hash of "ipset_node" */
+    cork_hash  hash = 0xf3b7dc44;
+    hash = cork_hash_variable(hash, node->variable);
+    hash = cork_hash_variable(hash, node->low);
+    hash = cork_hash_variable(hash, node->high);
+    return hash;
+}
+
+static bool
+ipset_node_equals(void *user_data, const void *key1, const void *key2)
+{
+    const struct ipset_node  *node1 = key1;
+    const struct ipset_node  *node2 = key2;
+
+    if (node1 == node2) {
+        return true;
+    }
+
+    return
+        (node1->variable == node2->variable) &&
+        (node1->low == node2->low) &&
+        (node1->high == node2->high);
+}
+
+
+/* The free list in an ipset_node_cache is represented by a
+ * singly-linked list of indices into the chunk array.  Since the
+ * ipset_node instance is unused for nodes in the free list, we reuse
+ * the refcount field to store the "next" index. */
+
+#define IPSET_NULL_INDEX ((ipset_variable) -1)
+
+struct ipset_node_cache *
+ipset_node_cache_new()
+{
+    struct ipset_node_cache  *cache = cork_new(struct ipset_node_cache);
+    cork_array_init(&cache->chunks);
+    cache->largest_index = 0;
+    cache->free_list = IPSET_NULL_INDEX;
+    cache->node_cache = cork_hash_table_new(0, 0);
+    cork_hash_table_set_hash
+        (cache->node_cache, (cork_hash_f) ipset_node_hash);
+    cork_hash_table_set_equals
+        (cache->node_cache, (cork_equals_f) ipset_node_equals);
+    return cache;
+}
+
+void
+ipset_node_cache_free(struct ipset_node_cache *cache)
+{
+    size_t  i;
+    for (i = 0; i < cork_array_size(&cache->chunks); i++) {
+        free(cork_array_at(&cache->chunks, i));
+    }
+    cork_array_done(&cache->chunks);
+    cork_hash_table_free(cache->node_cache);
+    free(cache);
+}
+
+
+/**
+ * Returns the index of a new ipset_node instance.
+ */
+static ipset_value
+ipset_node_cache_alloc_node(struct ipset_node_cache *cache)
+{
+    if (cache->free_list == IPSET_NULL_INDEX) {
+        /* Nothing in the free list; need to allocate a new node. */
+        ipset_value  next_index = cache->largest_index++;
+        ipset_value  chunk_index = next_index >> IPSET_BDD_NODE_CACHE_BIT_SIZE;
+        if (chunk_index >= cork_array_size(&cache->chunks)) {
+            /* We've filled up all of the existing chunks, and need to
+             * create a new one. */
+            DEBUG("        (allocating chunk %zu)",
+                  cork_array_size(&cache->chunks));
+            struct ipset_node  *new_chunk = cork_calloc
+                (IPSET_BDD_NODE_CACHE_SIZE, sizeof(struct ipset_node));
+            cork_array_append(&cache->chunks, new_chunk);
+        }
+        return next_index;
+    } else {
+        /* Reuse a recently freed node. */
+        ipset_value  next_index = cache->free_list;
+        struct ipset_node  *node =
+            ipset_node_cache_get_nonterminal_by_index(cache, next_index);
+        cache->free_list = node->refcount;
+        return next_index;
+    }
+}
+
+ipset_node_id
+ipset_node_incref(struct ipset_node_cache *cache, ipset_node_id node_id)
+{
+    if (ipset_node_get_type(node_id) == IPSET_NONTERMINAL_NODE) {
+        struct ipset_node  *node =
+            ipset_node_cache_get_nonterminal(cache, node_id);
+        DEBUG("        [incref " IPSET_NODE_ID_FORMAT "]",
+              IPSET_NODE_ID_VALUES(node_id));
+        node->refcount++;
+    }
+    return node_id;
+}
+
+void
+ipset_node_decref(struct ipset_node_cache *cache, ipset_node_id node_id)
+{
+    if (ipset_node_get_type(node_id) == IPSET_NONTERMINAL_NODE) {
+        struct ipset_node  *node =
+            ipset_node_cache_get_nonterminal(cache, node_id);
+        DEBUG("        [decref " IPSET_NODE_ID_FORMAT "]",
+              IPSET_NODE_ID_VALUES(node_id));
+        if (--node->refcount == 0) {
+            DEBUG("        [free   " IPSET_NODE_ID_FORMAT "]",
+                  IPSET_NODE_ID_VALUES(node_id));
+            ipset_node_decref(cache, node->low);
+            ipset_node_decref(cache, node->high);
+            cork_hash_table_delete(cache->node_cache, node, NULL, NULL);
+
+            /* Add the node to the free list */
+            node->refcount = cache->free_list;
+            cache->free_list = ipset_nonterminal_value(node_id);
+        }
+    }
+}
+
+bool
+ipset_node_cache_nodes_equal(const struct ipset_node_cache *cache1,
+                             ipset_node_id node_id1,
+                             const struct ipset_node_cache *cache2,
+                             ipset_node_id node_id2)
+{
+    struct ipset_node  *node1;
+    struct ipset_node  *node2;
+
+    if (ipset_node_get_type(node_id1) != ipset_node_get_type(node_id2)) {
+        return false;
+    }
+
+    if (ipset_node_get_type(node_id1) == IPSET_TERMINAL_NODE) {
+        return node_id1 == node_id2;
+    }
+
+    node1 = ipset_node_cache_get_nonterminal(cache1, node_id1);
+    node2 = ipset_node_cache_get_nonterminal(cache2, node_id2);
+    return
+        (node1->variable == node2->variable) &&
+        ipset_node_cache_nodes_equal(cache1, node1->low, cache2, node2->low) &&
+        ipset_node_cache_nodes_equal(cache1, node1->high, cache2, node2->high);
+}
+
+ipset_node_id
+ipset_node_cache_nonterminal(struct ipset_node_cache *cache,
+                             ipset_variable variable,
+                             ipset_node_id low, ipset_node_id high)
+{
+    /* Don't allow any nonterminals whose low and high subtrees are the
+     * same, since the nonterminal would be redundant. */
+    if (CORK_UNLIKELY(low == high)) {
+        DEBUG("        [ SKIP  nonterminal(x%u? "
+              IPSET_NODE_ID_FORMAT ": " IPSET_NODE_ID_FORMAT ")]",
+              variable, IPSET_NODE_ID_VALUES(high), IPSET_NODE_ID_VALUES(low));
+        ipset_node_decref(cache, high);
+        return low;
+    }
+
+    /* Check to see if there's already a nonterminal with these contents
+     * in the cache. */
+    DEBUG("        [search nonterminal(x%u? "
+          IPSET_NODE_ID_FORMAT ": " IPSET_NODE_ID_FORMAT ")]",
+          variable, IPSET_NODE_ID_VALUES(high), IPSET_NODE_ID_VALUES(low));
+
+    struct ipset_node  search_node;
+    search_node.variable = variable;
+    search_node.low = low;
+    search_node.high = high;
+
+    bool  is_new;
+    struct cork_hash_table_entry  *entry =
+        cork_hash_table_get_or_create
+        (cache->node_cache, &search_node, &is_new);
+
+    if (!is_new) {
+        /* There's already a node with these contents, so return its ID. */
+        ipset_node_id  node_id = (uintptr_t) entry->value;
+        DEBUG("        [reuse  " IPSET_NODE_ID_FORMAT "]",
+              IPSET_NODE_ID_VALUES(node_id));
+        ipset_node_incref(cache, node_id);
+        ipset_node_decref(cache, low);
+        ipset_node_decref(cache, high);
+        return node_id;
+    } else {
+        /* This node doesn't exist yet.  Allocate a permanent copy of
+         * the node, add it to the cache, and then return its ID. */
+        ipset_value  new_index = ipset_node_cache_alloc_node(cache);
+        ipset_node_id  new_node_id = ipset_nonterminal_node_id(new_index);
+        struct ipset_node  *real_node =
+            ipset_node_cache_get_nonterminal_by_index(cache, new_index);
+        real_node->refcount = 1;
+        real_node->variable = variable;
+        real_node->low = low;
+        real_node->high = high;
+        entry->key = real_node;
+        entry->value = (void *) (uintptr_t) new_node_id;
+        DEBUG("        [new    " IPSET_NODE_ID_FORMAT "]",
+              IPSET_NODE_ID_VALUES(new_node_id));
+        return new_node_id;
+    }
+}
+
+
+bool
+ipset_bool_array_assignment(const void *user_data, ipset_variable variable)
+{
+    const bool  *bool_array = (const bool *) user_data;
+    return bool_array[variable];
+}
+
+
+bool
+ipset_bit_array_assignment(const void *user_data, ipset_variable variable)
+{
+    return IPSET_BIT_GET(user_data, variable);
+}
+
+
+ipset_value
+ipset_node_evaluate(const struct ipset_node_cache *cache, ipset_node_id node_id,
+                    ipset_assignment_func assignment, const void *user_data)
+{
+    ipset_node_id  curr_node_id = node_id;
+    DEBUG("Evaluating BDD node " IPSET_NODE_ID_FORMAT,
+          IPSET_NODE_ID_VALUES(node_id));
+
+    /* As long as the current node is a nonterminal, we have to check
+     * the value of the current variable. */
+    while (ipset_node_get_type(curr_node_id) == IPSET_NONTERMINAL_NODE) {
+        /* We have to look up this variable in the assignment. */
+        struct ipset_node  *node =
+            ipset_node_cache_get_nonterminal(cache, curr_node_id);
+        bool  this_value = assignment(user_data, node->variable);
+        DEBUG("[%3u] Nonterminal " IPSET_NODE_ID_FORMAT,
+              node->variable, IPSET_NODE_ID_VALUES(curr_node_id));
+        DEBUG("[%3u]   x%u = %s",
+              node->variable, node->variable, this_value? "TRUE": "FALSE");
+
+        if (this_value) {
+            /* This node's variable is true in the assignment vector, so
+             * trace down the high subtree. */
+            curr_node_id = node->high;
+        } else {
+            /* This node's variable is false in the assignment vector,
+             * so trace down the low subtree. */
+            curr_node_id = node->low;
+        }
+    }
+
+    /* Once we find a terminal node, we've got the final result. */
+    DEBUG("Evaluated result is %u", ipset_terminal_value(curr_node_id));
+    return ipset_terminal_value(curr_node_id);
+}
+
+
+/* A “fake” BDD node given by an assignment. */
+struct ipset_fake_node {
+    ipset_variable  current_var;
+    ipset_variable  var_count;
+    ipset_assignment_func  assignment;
+    const void  *user_data;
+    ipset_value  value;
+};
+
+/* A fake BDD node representing the terminal 0 value. */
+static struct ipset_fake_node  fake_terminal_0 = { 0, 0, NULL, 0, 0 };
+
+/* We set elements in a map using the if-then-else (ITE) operator:
+ *
+ *   new_set = new_element? new_value: old_set
+ *
+ * The below is a straight copy of the standard trinary APPLY from the BDD
+ * literature, but without the caching of the results.  And also with the
+ * wrinkle that the F argument to ITE (i.e., new_element) is given by an
+ * assignment, and not by a BDD node.  (This lets us skip constructing the BDD
+ * for the assignment, saving us a few cycles.)
+ */
+
+static ipset_node_id
+ipset_apply_ite(struct ipset_node_cache *cache, struct ipset_fake_node *f,
+                ipset_value g, ipset_node_id h)
+{
+    ipset_node_id  h_low;
+    ipset_node_id  h_high;
+    ipset_node_id  result_low;
+    ipset_node_id  result_high;
+
+    /* If F is a terminal, then we're in one of the following two
+     * cases:
+     *
+     *   1? G: H == G
+     *   0? G: H == H
+     */
+    if (f->current_var == f->var_count) {
+        ipset_node_id  result;
+        DEBUG("[%3u] F is terminal (value %u)", f->current_var, f->value);
+
+        if (f->value == 0) {
+            DEBUG("[%3u] 0? " IPSET_NODE_ID_FORMAT ": " IPSET_NODE_ID_FORMAT
+                  " = " IPSET_NODE_ID_FORMAT,
+                  f->current_var,
+                  IPSET_NODE_ID_VALUES(ipset_terminal_node_id(g)),
+                  IPSET_NODE_ID_VALUES(h), IPSET_NODE_ID_VALUES(h));
+            result = ipset_node_incref(cache, h);
+        } else {
+            result = ipset_terminal_node_id(g);
+            DEBUG("[%3u] 1? " IPSET_NODE_ID_FORMAT ": " IPSET_NODE_ID_FORMAT
+                  " = " IPSET_NODE_ID_FORMAT,
+                  f->current_var, IPSET_NODE_ID_VALUES(result),
+                  IPSET_NODE_ID_VALUES(h), IPSET_NODE_ID_VALUES(result));
+        }
+
+        return result;
+    }
+
+    /* F? G: G == G */
+    if (h == ipset_terminal_node_id(g)) {
+        DEBUG("[%3u] F? " IPSET_NODE_ID_FORMAT ": " IPSET_NODE_ID_FORMAT
+              " = " IPSET_NODE_ID_FORMAT,
+              f->current_var, IPSET_NODE_ID_VALUES(h),
+              IPSET_NODE_ID_VALUES(h), IPSET_NODE_ID_VALUES(h));
+        return h;
+    }
+
+    /* From here to the end of the function, we know that F is a
+     * nonterminal. */
+    DEBUG("[%3u] F is nonterminal", f->current_var);
+
+    /* We're going to do two recursive calls, a “low” one and a “high” one.  For
+     * each nonterminal that has the minimum variable number, we use its low and
+     * high pointers in the respective recursive call.  For all other
+     * nonterminals, and for all terminals, we use the operand itself. */
+
+    if (ipset_node_get_type(h) == IPSET_NONTERMINAL_NODE) {
+        struct ipset_node  *h_node =
+            ipset_node_cache_get_nonterminal(cache, h);
+
+        DEBUG("[%3u] H is nonterminal (variable %u)",
+              f->current_var, h_node->variable);
+
+        if (h_node->variable < f->current_var) {
+            /* var(F) > var(H), so we only recurse down the H branches. */
+            DEBUG("[%3u] Recursing only down H", f->current_var);
+            DEBUG("[%3u]   Recursing high", f->current_var);
+            result_high = ipset_apply_ite(cache, f, g, h_node->high);
+            DEBUG("[%3u]   Back from high recursion", f->current_var);
+            DEBUG("[%3u]   Recursing low", f->current_var);
+            result_low = ipset_apply_ite(cache, f, g, h_node->low);
+            DEBUG("[%3u]   Back from low recursion", f->current_var);
+            return ipset_node_cache_nonterminal
+                (cache, h_node->variable, result_low, result_high);
+        } else if (h_node->variable == f->current_var) {
+            /* var(F) == var(H), so we recurse down both branches. */
+            DEBUG("[%3u] Recursing down both F and H", f->current_var);
+            h_low = h_node->low;
+            h_high = h_node->high;
+        } else {
+            /* var(F) < var(H), so we only recurse down the F branches. */
+            DEBUG("[%3u] Recursing only down F", f->current_var);
+            h_low = h;
+            h_high = h;
+        }
+    } else {
+        /* H in nonterminal, so we only recurse down the F branches. */
+        DEBUG("[%3u] H is terminal (value %u)",
+              f->current_var, ipset_terminal_value(h));
+        DEBUG("[%3u] Recursing only down F", f->current_var);
+        h_low = h;
+        h_high = h;
+    }
+
+    /* F is a “fake” nonterminal node, since it comes from our assignment.  One
+     * of its branches will be the 0 terminal, and the other will be the fake
+     * nonterminal for the next variable in the assignment.  (Which one is low
+     * and which one is high depends on the value of the current variable in the
+     * assignment.) */
+
+    if (f->assignment(f->user_data, f->current_var)) {
+        /* The current variable is set in F.  The low branch is terminal 0; the
+         * high branch is the next variable in F. */
+        DEBUG("[%3u]   x[%u] is set", f->current_var, f->current_var);
+        DEBUG("[%3u]   Recursing high", f->current_var);
+        f->current_var++;
+        result_high = ipset_apply_ite(cache, f, g, h_high);
+        f->current_var--;
+        DEBUG("[%3u]   Back from high recursion: " IPSET_NODE_ID_FORMAT,
+              f->current_var, IPSET_NODE_ID_VALUES(result_high));
+        DEBUG("[%3u]   Recursing low", f->current_var);
+        fake_terminal_0.current_var = f->var_count;
+        fake_terminal_0.var_count = f->var_count;
+        result_low = ipset_apply_ite(cache, &fake_terminal_0, g, h_low);
+        DEBUG("[%3u]   Back from low recursion: " IPSET_NODE_ID_FORMAT,
+              f->current_var, IPSET_NODE_ID_VALUES(result_low));
+    } else {
+        /* The current variable is NOT set in F.  The high branch is terminal 0;
+         * the low branch is the next variable in F. */
+        DEBUG("[%3u]   x[%u] is NOT set", f->current_var, f->current_var);
+        DEBUG("[%3u]   Recursing high", f->current_var);
+        fake_terminal_0.current_var = f->var_count;
+        fake_terminal_0.var_count = f->var_count;
+        result_high = ipset_apply_ite(cache, &fake_terminal_0, g, h_high);
+        DEBUG("[%3u]   Back from high recursion: " IPSET_NODE_ID_FORMAT,
+              f->current_var, IPSET_NODE_ID_VALUES(result_high));
+        DEBUG("[%3u]   Recursing low", f->current_var);
+        f->current_var++;
+        result_low = ipset_apply_ite(cache, f, g, h_low);
+        f->current_var--;
+        DEBUG("[%3u]   Back from low recursion: " IPSET_NODE_ID_FORMAT,
+              f->current_var, IPSET_NODE_ID_VALUES(result_low));
+    }
+
+    return ipset_node_cache_nonterminal
+        (cache, f->current_var, result_low, result_high);
+}
+
+ipset_node_id
+ipset_node_insert(struct ipset_node_cache *cache, ipset_node_id node,
+                  ipset_assignment_func assignment, const void *user_data,
+                  ipset_variable var_count, ipset_value value)
+{
+    struct ipset_fake_node  f = { 0, var_count, assignment, user_data, 1 };
+    DEBUG("Inserting new element");
+    return ipset_apply_ite(cache, &f, value, node);
+}
diff --git a/client/3rd/ShadowSocks/ShadowSocks/shadowsocks-libev/libipset/src/libipset/bdd/bdd-iterator.c b/client/3rd/ShadowSocks/ShadowSocks/shadowsocks-libev/libipset/src/libipset/bdd/bdd-iterator.c
new file mode 100644
index 00000000..c2462452
--- /dev/null
+++ b/client/3rd/ShadowSocks/ShadowSocks/shadowsocks-libev/libipset/src/libipset/bdd/bdd-iterator.c
@@ -0,0 +1,129 @@
+/* -*- coding: utf-8 -*-
+ * ----------------------------------------------------------------------
+ * Copyright © 2010-2012, RedJack, LLC.
+ * All rights reserved.
+ *
+ * Please see the LICENSE.txt file in this distribution for license
+ * details.
+ * ----------------------------------------------------------------------
+ */
+
+#include <libcork/core.h>
+
+#include "ipset/bdd/nodes.h"
+#include "ipset/logging.h"
+
+
+/**
+ * Add the given node ID to the node stack, and trace down from it
+ * until we find a terminal node.  Assign values to the variables for
+ * each nonterminal that encounter along the way.  We check low edges
+ * first, so each new variable we encounter will be assigned FALSE.
+ * (The high edges will be checked eventually by a call to the
+ * ipset_bdd_iterator_advance() function.)
+ */
+static void
+add_node(struct ipset_bdd_iterator *iterator, ipset_node_id node_id)
+{
+    /* Keep tracing down low edges until we reach a terminal. */
+    while (ipset_node_get_type(node_id) == IPSET_NONTERMINAL_NODE) {
+        /* Add this nonterminal node to the stack, and trace down
+         * further into the tree.  We check low edges first, so set the
+         * node's variable to FALSE in the assignment. */
+        struct ipset_node  *node =
+            ipset_node_cache_get_nonterminal(iterator->cache, node_id);
+
+        cork_array_append(&iterator->stack, node_id);
+        ipset_assignment_set(iterator->assignment, node->variable, false);
+
+        node_id = node->low;
+    }
+
+    /* Once we find a terminal node, save it away in the iterator result
+     * and return. */
+    iterator->value = ipset_terminal_value(node_id);
+}
+
+
+struct ipset_bdd_iterator *
+ipset_node_iterate(struct ipset_node_cache *cache, ipset_node_id root)
+{
+    /* First allocate the iterator itself, and all of its contained
+     * fields. */
+
+    struct ipset_bdd_iterator  *iterator =
+        cork_new(struct ipset_bdd_iterator);
+    iterator->finished = false;
+    iterator->cache = cache;
+    cork_array_init(&iterator->stack);
+    iterator->assignment = ipset_assignment_new();
+
+    /* Then add the root node to the iterator, tracing down until we
+     * find the first terminal node. */
+    add_node(iterator, root);
+    return iterator;
+}
+
+
+void
+ipset_bdd_iterator_free(struct ipset_bdd_iterator *iterator)
+{
+    cork_array_done(&iterator->stack);
+    ipset_assignment_free(iterator->assignment);
+    free(iterator);
+}
+
+
+void
+ipset_bdd_iterator_advance(struct ipset_bdd_iterator *iterator)
+{
+    /* If we're already at the end of the iterator, don't do anything. */
+    if (CORK_UNLIKELY(iterator->finished)) {
+        return;
+    }
+
+    /* We look at the last node in the stack.  If it's currently
+     * assigned a false value, then we track down its true branch.  If
+     * it's got a true branch, then we pop it off and check the next to
+     * last node. */
+
+    DEBUG("Advancing BDD iterator");
+
+    while (cork_array_size(&iterator->stack) > 0) {
+        ipset_node_id  last_node_id =
+            cork_array_at
+            (&iterator->stack, cork_array_size(&iterator->stack) - 1);
+
+        struct ipset_node  *last_node =
+            ipset_node_cache_get_nonterminal(iterator->cache, last_node_id);
+
+        enum ipset_tribool  current_value =
+            ipset_assignment_get(iterator->assignment, last_node->variable);
+
+        /* The current value can't be EITHER, because we definitely
+         * assign a TRUE or FALSE to the variables of the nodes that we
+         * encounter. */
+        if (current_value == IPSET_TRUE) {
+            /* We've checked both outgoing edges for this node, so pop
+             * it off and look at its parent. */
+            iterator->stack.size--;
+
+            /* Before continuing, reset this node's variable to
+             * indeterminate in the assignment. */
+            ipset_assignment_set
+                (iterator->assignment, last_node->variable, IPSET_EITHER);
+        } else {
+            /* We've checked this node's low edge, but not its high
+             * edge.  Set the variable to TRUE in the assignment, and
+             * add the high edge's node to the node stack. */
+            ipset_assignment_set
+                (iterator->assignment, last_node->variable, IPSET_TRUE);
+            add_node(iterator, last_node->high);
+            return;
+        }
+    }
+
+    /* If we fall through then we ran out of nodes to check.  That means
+     * the iterator is done! */
+    iterator->finished = true;
+}
diff --git a/client/3rd/ShadowSocks/ShadowSocks/shadowsocks-libev/libipset/src/libipset/bdd/expanded.c b/client/3rd/ShadowSocks/ShadowSocks/shadowsocks-libev/libipset/src/libipset/bdd/expanded.c
new file mode 100644
index 00000000..6a97fd7c
--- /dev/null
+++ b/client/3rd/ShadowSocks/ShadowSocks/shadowsocks-libev/libipset/src/libipset/bdd/expanded.c
@@ -0,0 +1,138 @@
+/* -*- coding: utf-8 -*-
+ * ----------------------------------------------------------------------
+ * Copyright © 2010-2012, RedJack, LLC.
+ * All rights reserved.
+ *
+ * Please see the LICENSE.txt file in this distribution for license
+ * details.
+ * ----------------------------------------------------------------------
+ */
+
+#include <string.h>
+
+#include <libcork/core.h>
+
+#include "ipset/bdd/nodes.h"
+#include "ipset/bits.h"
+#include "ipset/logging.h"
+
+
+static void
+initialize(struct ipset_expanded_assignment *exp,
+           const struct ipset_assignment *assignment,
+           ipset_variable var_count)
+{
+    /* First loop through all of the variables in the assignment vector,
+     * making sure not to go further than the caller requested. */
+
+    ipset_variable  last_assignment = cork_array_size(&assignment->values);
+    if (var_count < last_assignment) {
+        last_assignment = var_count;
+    }
+
+    ipset_variable  var;
+    for (var = 0; var < last_assignment; var++) {
+        enum ipset_tribool  curr_value =
+            cork_array_at(&assignment->values, var);
+
+        if (curr_value == IPSET_EITHER) {
+            /* If this variable is EITHER, start it off as FALSE, and
+             * add it to the eithers list. */
+            DEBUG("Variable %u is EITHER", var);
+
+            IPSET_BIT_SET(exp->values.buf, var, false);
+            cork_array_append(&exp->eithers, var);
+        } else {
+            /* Otherwise set the variable to the same value in the
+             * expanded assignment as it is in the non-expanded one. */
+
+            DEBUG("Variable %u is %s", var, curr_value? "true": "false");
+            IPSET_BIT_SET(exp->values.buf, var, curr_value);
+        }
+    }
+
+    /* If the caller requested more variables than there are in the
+     * assignment vector, add them to the eithers list. */
+    for (var = last_assignment; var < var_count; var++) {
+        DEBUG("Variable %u is implicitly EITHER", var);
+        cork_array_append(&exp->eithers, var);
+    }
+}
+
+
+struct ipset_expanded_assignment *
+ipset_assignment_expand(const struct ipset_assignment *assignment,
+                        ipset_variable var_count)
+{
+    /* First allocate the iterator itself, and all of its contained
+     * fields. */
+
+    struct ipset_expanded_assignment  *exp;
+    unsigned int  values_size = (var_count / 8) + ((var_count % 8) != 0);
+
+    exp = cork_new(struct ipset_expanded_assignment);
+    exp->finished = false;
+    cork_buffer_init(&exp->values);
+    cork_buffer_ensure_size(&exp->values, values_size);
+    memset(exp->values.buf, 0, values_size);
+    cork_array_init(&exp->eithers);
+
+    /* Then initialize the values and eithers fields. */
+    initialize(exp, assignment, var_count);
+    return exp;
+}
+
+
+void
+ipset_expanded_assignment_free(struct ipset_expanded_assignment *exp)
+{
+    if (exp == NULL) {
+        return;
+    }
+
+    cork_buffer_done(&exp->values);
+    cork_array_done(&exp->eithers);
+    free(exp);
+}
+
+
+void
+ipset_expanded_assignment_advance(struct ipset_expanded_assignment *exp)
+{
+    /* If we're already at the end of the iterator, don't do anything. */
+    if (CORK_UNLIKELY(exp->finished)) {
+        return;
+    }
+
+    DEBUG("Advancing iterator");
+
+    /* Look at the last EITHER bit in the assignment.  If it's 0, then
+     * set it to 1 and return.  Otherwise we set it to 0 and carry up to
+     * the previous indeterminate bit. */
+
+    size_t  i;
+    for (i = cork_array_size(&exp->eithers); i > 0; i--) {
+        size_t  idx = i - 1;
+        ipset_variable  either_var = cork_array_at(&exp->eithers, idx);
+        DEBUG("Checking EITHER variable %u", either_var);
+
+        if (IPSET_BIT_GET(exp->values.buf, either_var)) {
+            /* This variable is currently true, so set it back to false
+             * and carry. */
+            DEBUG("  Variable %u is true, changing to false and carrying",
+                  either_var);
+            IPSET_BIT_SET(exp->values.buf, either_var, false);
+        } else {
+            /* This variable is currently false, so set it to true and
+             * return. */
+            DEBUG("  Variable %u is false, changing to true",
+                  either_var);
+            IPSET_BIT_SET(exp->values.buf, either_var, true);
+            return;
+        }
+    }
+
+    /* If we fall through then we've made it through all of the expanded
+     * assignments. */
+    exp->finished = true;
+}
diff --git a/client/3rd/ShadowSocks/ShadowSocks/shadowsocks-libev/libipset/src/libipset/bdd/reachable.c b/client/3rd/ShadowSocks/ShadowSocks/shadowsocks-libev/libipset/src/libipset/bdd/reachable.c
new file mode 100644
index 00000000..8af86246
--- /dev/null
+++ b/client/3rd/ShadowSocks/ShadowSocks/shadowsocks-libev/libipset/src/libipset/bdd/reachable.c
@@ -0,0 +1,83 @@
+/* -*- coding: utf-8 -*-
+ * ----------------------------------------------------------------------
+ * Copyright © 2010-2013, RedJack, LLC.
+ * All rights reserved.
+ *
+ * Please see the LICENSE.txt file in this distribution for license
+ * details.
+ * ----------------------------------------------------------------------
+ */
+
+#include <libcork/core.h>
+#include <libcork/ds.h>
+
+#include "ipset/bdd/nodes.h"
+#include "ipset/logging.h"
+
+
+size_t
+ipset_node_reachable_count(const struct ipset_node_cache *cache,
+                           ipset_node_id node)
+{
+    /* Create a set to track when we've visited a given node. */
+    struct cork_hash_table  *visited = cork_pointer_hash_table_new(0, 0);
+
+    /* And a queue of nodes to check. */
+    cork_array(ipset_node_id)  queue;
+    cork_array_init(&queue);
+
+    if (ipset_node_get_type(node) == IPSET_NONTERMINAL_NODE) {
+        DEBUG("Adding node %u to queue", node);
+        cork_array_append(&queue, node);
+    }
+
+    /* And somewhere to store the result. */
+    size_t  node_count = 0;
+
+    /* Check each node in turn. */
+    while (!cork_array_is_empty(&queue)) {
+        ipset_node_id  curr = cork_array_at(&queue, --queue.size);
+
+        /* We don't have to do anything if this node is already in the
+         * visited set. */
+        if (cork_hash_table_get(visited, (void *) (uintptr_t) curr) == NULL) {
+            DEBUG("Visiting node %u for the first time", curr);
+
+            /* Add the node to the visited set. */
+            cork_hash_table_put
+                (visited, (void *) (uintptr_t) curr,
+                 (void *) (uintptr_t) true, NULL, NULL, NULL);
+
+            /* Increase the node count. */
+            node_count++;
+
+            /* And add the node's nonterminal children to the visit
+             * queue. */
+            struct ipset_node  *node =
+                ipset_node_cache_get_nonterminal(cache, curr);
+
+            if (ipset_node_get_type(node->low) == IPSET_NONTERMINAL_NODE) {
+                DEBUG("Adding node %u to queue", node->low);
+                cork_array_append(&queue, node->low);
+            }
+
+            if (ipset_node_get_type(node->high) == IPSET_NONTERMINAL_NODE) {
+                DEBUG("Adding node %u to queue", node->high);
+                cork_array_append(&queue, node->high);
+            }
+        }
+    }
+
+    /* Return the result, freeing everything before we go. */
+    cork_hash_table_free(visited);
+    cork_array_done(&queue);
+    return node_count;
+}
+
+
+size_t
+ipset_node_memory_size(const struct ipset_node_cache *cache,
+                       ipset_node_id node)
+{
+    return ipset_node_reachable_count(cache, node) * sizeof(struct ipset_node);
+}
diff --git a/client/3rd/ShadowSocks/ShadowSocks/shadowsocks-libev/libipset/src/libipset/bdd/read.c b/client/3rd/ShadowSocks/ShadowSocks/shadowsocks-libev/libipset/src/libipset/bdd/read.c
new file mode 100644
index 00000000..9c59a799
--- /dev/null
+++ b/client/3rd/ShadowSocks/ShadowSocks/shadowsocks-libev/libipset/src/libipset/bdd/read.c
@@ -0,0 +1,350 @@
+/* -*- coding: utf-8 -*-
+ * ----------------------------------------------------------------------
+ * Copyright © 2010-2013, RedJack, LLC.
+ * All rights reserved.
+ *
+ * Please see the LICENSE.txt file in this distribution for license
+ * details.
+ * ----------------------------------------------------------------------
+ */
+
+#include <errno.h>
+#include <stdio.h>
+#include <string.h>
+
+#include <libcork/core.h>
+#include <libcork/ds.h>
+#include <libcork/helpers/errors.h>
+
+#include "ipset/bdd/nodes.h"
+#include "ipset/errors.h"
+#include "ipset/logging.h"
+
+
+static const char  MAGIC_NUMBER[] = "IP set";
+static const size_t  MAGIC_NUMBER_LENGTH = sizeof(MAGIC_NUMBER) - 1;
+
+
+/**
+ * On disk, we use a different node ID scheme than we do in memory.
+ * Terminal node IDs are non-negative, and are equal to the terminal
+ * value.  Nonterminal node IDs are negative, starting with -1.
+ * Nonterminal -1 appears first on disk, then nonterminal -2, and so on.
+ */
+
+typedef int  serialized_id;
+
+
+/**
+ * Sets a libcork error based on the contents of errno.
+ */
+static void
+create_errno_error(FILE *stream)
+{
+    if (ferror(stream)) {
+        cork_error_set(IPSET_ERROR, IPSET_IO_ERROR, "%s", strerror(errno));
+    } else {
+        cork_unknown_error();
+    }
+}
+
+
+/**
+ * Read in a big-endian uint8 from a stream.  If we can't read the
+ * integer for some reason, return an error.
+ */
+static int
+read_uint8(FILE *stream, uint8_t *dest)
+{
+    size_t  num_read = fread(dest, sizeof(uint8_t), 1, stream);
+    if (num_read != 1) {
+        create_errno_error(stream);
+        return -1;
+    }
+
+    /* for a byte, we don't need to endian-swap */
+    return 0;
+}
+
+
+/**
+ * Read in a big-endian uint16 from a stream.  If we can't read the
+ * integer for some reason, return an error.
+ */
+static uint16_t
+read_uint16(FILE *stream, uint16_t *dest)
+{
+    size_t  num_read = fread(dest, sizeof(uint16_t), 1, stream);
+    if (num_read != 1) {
+        create_errno_error(stream);
+        return -1;
+    }
+
+    CORK_UINT16_BIG_TO_HOST_IN_PLACE(*dest);
+    return 0;
+}
+
+
+/**
+ * Read in a big-endian uint32 from a stream.  If we can't read the
+ * integer for some reason, return an error.
+ */
+static uint32_t
+read_uint32(FILE *stream, uint32_t *dest)
+{
+    size_t  num_read = fread(dest, sizeof(uint32_t), 1, stream);
+    if (num_read != 1) {
+        create_errno_error(stream);
+        return -1;
+    }
+
+    CORK_UINT32_BIG_TO_HOST_IN_PLACE(*dest);
+    return 0;
+}
+
+
+/**
+ * Read in a big-endian uint64 from a stream.  If we can't read the
+ * integer for some reason, return an error.
+ */
+static uint64_t
+read_uint64(FILE *stream, uint64_t *dest)
+{
+    size_t  num_read = fread(dest, sizeof(uint64_t), 1, stream);
+    if (num_read != 1) {
+        create_errno_error(stream);
+        return -1;
+    }
+
+    CORK_UINT64_BIG_TO_HOST_IN_PLACE(*dest);
+    return 0;
+}
+
+
+/**
+ * A helper function that verifies that we've read exactly as many bytes
+ * as we should, returning an error otherwise.
+ */
+static int
+verify_cap(size_t bytes_read, size_t cap)
+{
+    if (bytes_read < cap) {
+        /* There's extra data at the end of the stream. */
+        cork_error_set
+            (IPSET_ERROR, IPSET_PARSE_ERROR,
+             "Malformed set: extra data at end of stream.");
+        return -1;
+    } else if (bytes_read > cap) {
+        /* We read more data than we were supposed to. */
+        cork_error_set
+            (IPSET_ERROR, IPSET_PARSE_ERROR,
+             "Malformed set: read too much data.");
+        return -1;
+    }
+
+    return 0;
+}
+
+/**
+ * A helper function for reading a version 1 BDD stream.
+ */
+static ipset_node_id
+load_v1(FILE *stream, struct ipset_node_cache *cache)
+{
+    DEBUG("Stream contains v1 IP set");
+    ipset_node_id  result;
+    struct cork_hash_table  *cache_ids = cork_pointer_hash_table_new(0, 0);
+
+    /* We've already read in the magic number and version.  Next should
+     * be the length of the encoded set. */
+    uint64_t  length;
+    DEBUG("Reading encoded length");
+    ei_check(read_uint64(stream, &length));
+
+    /* The length includes the magic number, version number, and the
+     * length field itself.  Remove those to get the cap on the
+     * remaining stream. */
+
+    size_t  bytes_read = 0;
+    size_t  cap = length -
+        MAGIC_NUMBER_LENGTH -
+        sizeof(uint16_t) -
+        sizeof(uint64_t);
+
+    DEBUG("Length cap is %zu bytes.", cap);
+
+    /* Read in the number of nonterminals. */
+
+    uint32_t  nonterminal_count;
+    DEBUG("Reading number of nonterminals");
+    ei_check(read_uint32(stream, &nonterminal_count));
+    bytes_read += sizeof(uint32_t);
+
+    /* If there are no nonterminals, then there's only a single terminal
+     * left to read. */
+
+    if (nonterminal_count == 0) {
+        uint32_t  value;
+        DEBUG("Reading single terminal value");
+        ei_check(read_uint32(stream, &value));
+        bytes_read += sizeof(uint32_t);
+
+        /* We should have reached the end of the encoded set. */
+        ei_check(verify_cap(bytes_read, cap));
+
+        /* Create a terminal node for this value and return it. */
+        cork_hash_table_free(cache_ids);
+        return ipset_terminal_node_id(value);
+    }
+
+    /* Otherwise, read in each nonterminal.  We need to keep track of a
+     * mapping between each nonterminal's ID in the stream (which are
+     * number consecutively from -1), and its ID in the node cache
+     * (which could be anything). */
+
+    size_t  i;
+    for (i = 0; i < nonterminal_count; i++) {
+        serialized_id  serialized_id = -(i+1);
+
+        /* Each serialized node consists of a variable index, a low
+         * pointer, and a high pointer. */
+
+        uint8_t  variable;
+        ei_check(read_uint8(stream, &variable));
+        bytes_read += sizeof(uint8_t);
+
+        int32_t  low;
+        ei_check(read_uint32(stream, (uint32_t *) &low));
+        bytes_read += sizeof(int32_t);
+
+        int32_t  high;
+        ei_check(read_uint32(stream, (uint32_t *) &high));
+        bytes_read += sizeof(int32_t);
+
+        DEBUG("Read serialized node %d = (x%d? %" PRId32 ": %" PRId32 ")",
+              serialized_id, variable, high, low);
+
+        /* Turn the low pointer into a node ID.  If the pointer is >= 0,
+         * it's a terminal value.  Otherwise, its a nonterminal ID,
+         * indexing into the serialized nonterminal array.*/
+
+        ipset_node_id  low_id;
+
+        if (low >= 0) {
+            low_id = ipset_terminal_node_id(low);
+        } else {
+            /* The file format guarantees that any node reference points
+             * to a node earlier in the serialized array.  That means we
+             * can assume that cache_ids has already been filled in for
+             * this node. */
+
+            low_id = (ipset_node_id) (uintptr_t)
+                cork_hash_table_get(cache_ids, (void *) (intptr_t) low);
+
+            DEBUG("  Serialized ID %" PRId32 " is internal ID %u",
+                  low, low_id);
+        }
+
+        /* Do the same for the high pointer. */
+
+        ipset_node_id  high_id;
+
+        if (high >= 0) {
+            high_id = ipset_terminal_node_id(high);
+        } else {
+            /* The file format guarantees that any node reference points
+             * to a node earlier in the serialized array.  That means we
+             * can assume that cache_ids has already been filled in for
+             * this node. */
+
+            high_id = (ipset_node_id) (uintptr_t)
+                cork_hash_table_get(cache_ids, (void *) (intptr_t) high);
+
+            DEBUG("  Serialized ID %" PRId32 " is internal ID %u",
+                  high, high_id);
+        }
+
+        /* Create a nonterminal node in the node cache. */
+        result = ipset_node_cache_nonterminal
+            (cache, variable, low_id, high_id);
+
+        DEBUG("Internal node %u = nonterminal(x%d? %u: %u)",
+              result, (int) variable, high_id, low_id);
+
+        /* Remember the internal node ID for this new node, in case any
+         * later serialized nodes point to it. */
+
+        cork_hash_table_put
+            (cache_ids, (void *) (intptr_t) serialized_id,
+             (void *) (uintptr_t) result, NULL, NULL, NULL);
+    }
+
+    /* We should have reached the end of the encoded set. */
+    ei_check(verify_cap(bytes_read, cap));
+
+    /* The last node is the nonterminal for the entire set. */
+    cork_hash_table_free(cache_ids);
+    return result;
+
+  error:
+    /* If there's an error, clean up the objects that we've created
+     * before returning. */
+
+    cork_hash_table_free(cache_ids);
+    return 0;
+}
+
+
+ipset_node_id
+ipset_node_cache_load(FILE *stream, struct ipset_node_cache *cache)
+{
+    size_t bytes_read;
+
+    /* First, read in the magic number from the stream to ensure that
+     * this is an IP set. */
+
+    uint8_t  magic[MAGIC_NUMBER_LENGTH];
+
+    DEBUG("Reading IP set magic number");
+    bytes_read = fread(magic, 1, MAGIC_NUMBER_LENGTH, stream);
+
+    if (ferror(stream)) {
+        create_errno_error(stream);
+        return 0;
+    }
+
+    if (bytes_read != MAGIC_NUMBER_LENGTH) {
+        /* We reached EOF before reading the entire magic number. */
+        cork_error_set
+            (IPSET_ERROR, IPSET_PARSE_ERROR,
+             "Unexpected end of file");
+        return 0;
+    }
+
+    if (memcmp(magic, MAGIC_NUMBER, MAGIC_NUMBER_LENGTH) != 0) {
+        /* The magic number doesn't match, so this isn't a BDD. */
+        cork_error_set
+            (IPSET_ERROR, IPSET_PARSE_ERROR,
+             "Magic number doesn't match; this isn't an IP set.");
+        return 0;
+    }
+
+    /* Read in the version number and dispatch to the right reading
+     * function. */
+
+    uint16_t  version;
+    DEBUG("Reading IP set version");
+    xi_check(0, read_uint16(stream, &version));
+
+    switch (version) {
+        case 0x0001:
+            return load_v1(stream, cache);
+
+        default:
+            /* We don't know how to read this version number. */
+            cork_error_set
+                (IPSET_ERROR, IPSET_PARSE_ERROR,
+                 "Unknown version number %" PRIu16, version);
+            return 0;
+    }
+}
diff --git a/client/3rd/ShadowSocks/ShadowSocks/shadowsocks-libev/libipset/src/libipset/bdd/write.c b/client/3rd/ShadowSocks/ShadowSocks/shadowsocks-libev/libipset/src/libipset/bdd/write.c
new file mode 100644
index 00000000..0b5633ee
--- /dev/null
+++ b/client/3rd/ShadowSocks/ShadowSocks/shadowsocks-libev/libipset/src/libipset/bdd/write.c
@@ -0,0 +1,556 @@
+/* -*- coding: utf-8 -*-
+ * ----------------------------------------------------------------------
+ * Copyright © 2010-2013, RedJack, LLC.
+ * All rights reserved.
+ *
+ * Please see the LICENSE.txt file in this distribution for license
+ * details.
+ * ----------------------------------------------------------------------
+ */
+
+#include <libcork/core.h>
+#include <libcork/helpers/errors.h>
+
+#include "ipset/bdd/nodes.h"
+#include "ipset/logging.h"
+
+
+/*-----------------------------------------------------------------------
+ * Generic saving logic
+ */
+
+/**
+ * On disk, we use a different node ID scheme than we do in memory.
+ * Terminal node IDs are non-negative, and are equal to the terminal
+ * value.  Nonterminal node IDs are negative, starting with -1.
+ * Nonterminal -1 appears first on disk, then nonterminal -2, and so
+ * on.
+ */
+
+typedef int  serialized_id;
+
+
+/* forward declaration */
+struct save_data;
+
+
+/**
+ * A callback that outputs any necessary header.  Should return an int
+ * status code indicating whether the write was successful.
+ */
+
+typedef int
+(*write_header_func)(struct save_data *save_data,
+                     struct ipset_node_cache *cache,
+                     ipset_node_id root);
+
+
+/**
+ * A callback that outputs any necessary footer.  Should return an int
+ * status code indicating whether the write was successful.
+ */
+
+typedef int
+(*write_footer_func)(struct save_data *save_data,
+                     struct ipset_node_cache *cache,
+                     ipset_node_id root);
+
+
+/**
+ * A callback that actually outputs a terminal node to disk.  Should
+ * return an int status code indicating whether the write was successful.
+ */
+
+typedef int
+(*write_terminal_func)(struct save_data *save_data,
+                       ipset_value terminal_value);
+
+
+/**
+ * A callback that actually outputs a nonterminal node to disk.
+ * Should return an int status code indicating whether the write was
+ * successful.
+ */
+
+typedef int
+(*write_nonterminal_func)(struct save_data *save_data,
+                          serialized_id serialized_node,
+                          ipset_variable variable,
+                          serialized_id serialized_low,
+                          serialized_id serialized_high);
+
+
+/**
+ * A helper struct containing all of the persistent data items needed
+ * during the execution of a save.
+ */
+
+struct save_data {
+    /* The node cache that we're saving nodes from. */
+    struct ipset_node_cache  *cache;
+
+    /* The output stream to save the data to. */
+    struct cork_stream_consumer  *stream;
+
+    /* The cache of serialized IDs for any nonterminals that we've
+     * encountered so far. */
+    struct cork_hash_table  *serialized_ids;
+
+    /* The serialized ID to use for the next nonterminal that we
+     * encounter. */
+    serialized_id  next_serialized_id;
+
+    /* The callback used to write the file header to the stream. */
+    write_header_func  write_header;
+
+    /* The callback used to write the file footer to the stream. */
+    write_footer_func  write_footer;
+
+    /* The callback used to write terminals to the stream. */
+    write_terminal_func  write_terminal;
+
+    /* The callback used to write nonterminals to the stream. */
+    write_nonterminal_func  write_nonterminal;
+
+    /* A pointer to any additional data needed by the callbacks. */
+    void  *user_data;
+};
+
+
+/**
+ * A helper function for ipset_node_save().  Outputs a nonterminal
+ * node in a BDD tree, if we haven't done so already.  Ensures that
+ * the children of the nonterminal are output before the nonterminal
+ * is.  Returns the serialized ID of this node.
+ */
+
+static int
+save_visit_node(struct save_data *save_data,
+                ipset_node_id node_id, serialized_id *dest)
+{
+    /* Check whether we've already serialized this node. */
+
+    struct cork_hash_table_entry  *entry;
+    bool  is_new;
+    entry = cork_hash_table_get_or_create
+        (save_data->serialized_ids, (void *) (uintptr_t) node_id, &is_new);
+
+    if (!is_new) {
+        *dest = (intptr_t) entry->value;
+        return 0;
+    } else {
+        if (ipset_node_get_type(node_id) == IPSET_TERMINAL_NODE) {
+            /* For terminals, there isn't really anything to do — we
+             * just output the terminal node and use its value as the
+             * serialized ID. */
+
+            ipset_value  value = ipset_terminal_value(node_id);
+
+            DEBUG("Writing terminal(%d)", value);
+            rii_check(save_data->write_terminal(save_data, value));
+            entry->value = (void *) (intptr_t) value;
+            *dest = value;
+            return 0;
+        } else {
+            /* For nonterminals, we drill down into the node's children
+             * first, then output the nonterminal node. */
+
+            struct ipset_node  *node =
+                ipset_node_cache_get_nonterminal(save_data->cache, node_id);
+            DEBUG("Visiting node %u nonterminal(x%u? %u: %u)",
+                  node_id, node->variable, node->high, node->low);
+
+            /* Output the node's nonterminal children before we output
+             * the node itself. */
+            serialized_id  serialized_low;
+            serialized_id  serialized_high;
+            rii_check(save_visit_node(save_data, node->low, &serialized_low));
+            rii_check(save_visit_node(save_data, node->high, &serialized_high));
+
+            /* Output the nonterminal */
+            serialized_id  result = save_data->next_serialized_id--;
+            DEBUG("Writing node %u as serialized node %d = (x%u? %d: %d)",
+                  node_id, result,
+                  node->variable, serialized_low, serialized_high);
+
+            entry->value = (void *) (intptr_t) result;
+            *dest = result;
+            return save_data->write_nonterminal
+                (save_data, result, node->variable,
+                 serialized_low, serialized_high);
+        }
+    }
+}
+
+
+static int
+save_bdd(struct save_data *save_data,
+         struct ipset_node_cache *cache, ipset_node_id root)
+{
+    /* First, output the file header. */
+
+    DEBUG("Writing file header");
+    rii_check(save_data->write_header(save_data, cache, root));
+
+    /* The serialized node IDs are different than the in-memory node
+     * IDs.  This means that, for our nonterminal nodes, we need a
+     * mapping from internal node ID to serialized node ID. */
+
+    DEBUG("Creating file caches");
+    save_data->serialized_ids = cork_pointer_hash_table_new(0, 0);
+    save_data->next_serialized_id = -1;
+
+    /* Trace down through the BDD tree, outputting each terminal and
+     * nonterminal node as they're encountered. */
+
+    DEBUG("Writing nodes");
+
+    serialized_id  last_serialized_id;
+    ei_check(save_visit_node(save_data, root, &last_serialized_id));
+
+    /* Finally, output the file footer and cleanup. */
+
+    DEBUG("Writing file footer");
+    ei_check(save_data->write_footer(save_data, cache, root));
+
+    DEBUG("Freeing file caches");
+    cork_hash_table_free(save_data->serialized_ids);
+    return 0;
+
+  error:
+    /* If there's an error, clean up the objects that we've created
+     * before returning. */
+    cork_hash_table_free(save_data->serialized_ids);
+    return -1;
+}
+
+
+/*-----------------------------------------------------------------------
+ * Helper functions
+ */
+
+/**
+ * Write a NUL-terminated string to a stream.  If we can't write the
+ * string for some reason, return an error.
+ */
+static int
+write_string(struct cork_stream_consumer *stream, const char *str)
+{
+    size_t  len = strlen(str);
+    return cork_stream_consumer_data(stream, str, len, false);
+}
+
+
+/**
+ * Write a big-endian uint8 to a stream.  If we can't write the
+ * integer for some reason, return an error.
+ */
+static int
+write_uint8(struct cork_stream_consumer *stream, uint8_t val)
+{
+    /* for a byte, we don't need to endian-swap */
+    return cork_stream_consumer_data(stream, &val, sizeof(uint8_t), false);
+}
+
+
+/**
+ * Write a big-endian uint16 to a stream.  If we can't write the
+ * integer for some reason, return an error.
+ */
+static int
+write_uint16(struct cork_stream_consumer *stream, uint16_t val)
+{
+    CORK_UINT16_HOST_TO_BIG_IN_PLACE(val);
+    return cork_stream_consumer_data(stream, &val, sizeof(uint16_t), false);
+}
+
+
+/**
+ * Write a big-endian uint32 to a stream.  If we can't write the
+ * integer for some reason, return an error.
+ */
+
+static int
+write_uint32(struct cork_stream_consumer *stream, uint32_t val)
+{
+    CORK_UINT32_HOST_TO_BIG_IN_PLACE(val);
+    return cork_stream_consumer_data(stream, &val, sizeof(uint32_t), false);
+}
+
+
+/**
+ * Write a big-endian uint64 to a stream.  If we can't write the
+ * integer for some reason, return an error.
+ */
+
+static int
+write_uint64(struct cork_stream_consumer *stream, uint64_t val)
+{
+    CORK_UINT64_HOST_TO_BIG_IN_PLACE(val);
+    return cork_stream_consumer_data(stream, &val, sizeof(uint64_t), false);
+}
+
+
+/*-----------------------------------------------------------------------
+ * V1 BDD file
+ */
+
+static const char  MAGIC_NUMBER[] = "IP set";
+static const size_t  MAGIC_NUMBER_LENGTH = sizeof(MAGIC_NUMBER) - 1;
+
+
+static int
+write_header_v1(struct save_data *save_data,
+                struct ipset_node_cache *cache, ipset_node_id root)
+{
+    /* Output the magic number for an IP set, and the file format
+     * version that we're going to write. */
+    rii_check(cork_stream_consumer_data(save_data->stream, NULL, 0, true));
+    rii_check(write_string(save_data->stream, MAGIC_NUMBER));
+    rii_check(write_uint16(save_data->stream, 0x0001));
+
+    /* Determine how many reachable nodes there are, to calculate the
+     * size of the set. */
+    size_t  nonterminal_count = ipset_node_reachable_count(cache, root);
+    size_t  set_size =
+        MAGIC_NUMBER_LENGTH +    /* magic number */
+        sizeof(uint16_t) +        /* version number  */
+        sizeof(uint64_t) +        /* length of set */
+        sizeof(uint32_t) +        /* number of nonterminals */
+        (nonterminal_count *     /* for each nonterminal: */
+         (sizeof(uint8_t) +       /*   variable number */
+          sizeof(uint32_t) +      /*   low pointer */
+          sizeof(uint32_t)        /*   high pointer */
+         ));
+
+    /* If the root is a terminal, we need to add 4 bytes to the set
+     * size, for storing the terminal value. */
+    if (ipset_node_get_type(root) == IPSET_TERMINAL_NODE) {
+        set_size += sizeof(uint32_t);
+    }
+
+    rii_check(write_uint64(save_data->stream, set_size));
+    rii_check(write_uint32(save_data->stream, nonterminal_count));
+    return 0;
+}
+
+
+static int
+write_footer_v1(struct save_data *save_data,
+                struct ipset_node_cache *cache, ipset_node_id root)
+{
+    /* If the root is a terminal node, then we output the terminal value
+     * in place of the (nonexistent) list of nonterminal nodes. */
+
+    if (ipset_node_get_type(root) == IPSET_TERMINAL_NODE) {
+        ipset_value  value = ipset_terminal_value(root);
+        return write_uint32(save_data->stream, value);
+    }
+
+    return 0;
+}
+
+
+static int
+write_terminal_v1(struct save_data *save_data, ipset_value terminal_value)
+{
+    /* We don't have to write anything out for a terminal in a V1 file,
+     * since the terminal's value will be encoded into the node ID
+     * wherever it's used. */
+    return 0;
+}
+
+
+static int
+write_nonterminal_v1(struct save_data *save_data,
+                     serialized_id serialized_node,
+                     ipset_variable variable,
+                     serialized_id serialized_low,
+                     serialized_id serialized_high)
+{
+    rii_check(write_uint8(save_data->stream, variable));
+    rii_check(write_uint32(save_data->stream, serialized_low));
+    rii_check(write_uint32(save_data->stream, serialized_high));
+    return 0;
+}
+
+
+int
+ipset_node_cache_save(struct cork_stream_consumer *stream, struct ipset_node_cache *cache,
+                      ipset_node_id node)
+{
+    struct save_data  save_data;
+    save_data.cache = cache;
+    save_data.stream = stream;
+    save_data.write_header = write_header_v1;
+    save_data.write_footer = write_footer_v1;
+    save_data.write_terminal = write_terminal_v1;
+    save_data.write_nonterminal = write_nonterminal_v1;
+    return save_bdd(&save_data, cache, node);
+}
+
+
+/*-----------------------------------------------------------------------
+ * GraphViz dot file
+ */
+
+static const char  *GRAPHVIZ_HEADER =
+    "strict digraph bdd {\n";
+
+static const char  *GRAPHVIZ_FOOTER =
+    "}\n";
+
+
+struct dot_data {
+    /* The terminal value to leave out of the dot file.  This should be
+     * the default value of the set or map. */
+    ipset_value  default_value;
+
+    /* A scratch buffer */
+    struct cork_buffer  scratch;
+};
+
+
+static int
+write_header_dot(struct save_data *save_data,
+                 struct ipset_node_cache *cache, ipset_node_id root)
+{
+    /* Output the opening clause of the GraphViz script. */
+    rii_check(cork_stream_consumer_data(save_data->stream, NULL, 0, true));
+    return write_string(save_data->stream, GRAPHVIZ_HEADER);
+}
+
+
+static int
+write_footer_dot(struct save_data *save_data,
+                 struct ipset_node_cache *cache, ipset_node_id root)
+{
+    /* Output the closing clause of the GraphViz script. */
+    return write_string(save_data->stream, GRAPHVIZ_FOOTER);
+}
+
+
+static int
+write_terminal_dot(struct save_data *save_data, ipset_value terminal_value)
+{
+    struct dot_data  *dot_data = save_data->user_data;
+
+    /* If this terminal has the default value, skip it. */
+    if (terminal_value == dot_data->default_value) {
+        return 0;
+    }
+
+    /* Output a node for the terminal value. */
+    cork_buffer_printf
+        (&dot_data->scratch,
+         "    t%d [shape=box, label=%d];\n",
+         terminal_value, terminal_value);
+    return write_string(save_data->stream, dot_data->scratch.buf);
+}
+
+
+static int
+write_nonterminal_dot(struct save_data *save_data,
+                      serialized_id serialized_node,
+                      ipset_variable variable,
+                      serialized_id serialized_low,
+                      serialized_id serialized_high)
+{
+    struct dot_data  *dot_data = save_data->user_data;
+
+    /* Include a node for the nonterminal value. */
+    cork_buffer_printf
+        (&dot_data->scratch,
+         "    n%d [shape=circle,label=%u];\n",
+         (-serialized_node), variable);
+
+    /* Include an edge for the low pointer. */
+    if (serialized_low < 0) {
+        /* The low pointer is a nonterminal. */
+        cork_buffer_append_printf
+            (&dot_data->scratch,
+             "    n%d -> n%d",
+             (-serialized_node), (-serialized_low));
+    } else {
+        /* The low pointer is a terminal. */
+        ipset_value  low_value = (ipset_value) serialized_low;
+
+        if (low_value == dot_data->default_value) {
+            /* The terminal is the default value, so instead of a real
+             * terminal, connect this pointer to a dummy circle node. */
+            cork_buffer_append_printf
+                (&dot_data->scratch,
+                 "    low%d [shape=circle,label=\"\"]\n"
+                 "    n%d -> low%d",
+                 (-serialized_node), (-serialized_node), (-serialized_node));
+        } else {
+            /* The terminal isn't a default, so go ahead and output it. */
+            cork_buffer_append_printf
+                (&dot_data->scratch,
+                 "    n%d -> t%d",
+                 (-serialized_node), serialized_low);
+        }
+    }
+
+    cork_buffer_append_printf
+        (&dot_data->scratch, " [style=dashed,color=red]\n");
+
+    /* Include an edge for the high pointer. */
+    if (serialized_high < 0) {
+        /* The high pointer is a nonterminal. */
+        cork_buffer_append_printf
+            (&dot_data->scratch,
+             "    n%d -> n%d",
+             (-serialized_node), (-serialized_high));
+    } else {
+        /* The high pointer is a terminal. */
+        ipset_value  high_value = (ipset_value) serialized_high;
+
+        if (high_value == dot_data->default_value) {
+            /* The terminal is the default value, so instead of a real
+             * terminal, connect this pointer to a dummy circle node. */
+            cork_buffer_append_printf
+                (&dot_data->scratch,
+                 "    high%d "
+                 "[shape=circle,"
+                 "fixedsize=true,"
+                 "height=0.25,"
+                 "width=0.25,"
+                 "label=\"\"]\n"
+                 "    n%d -> high%d",
+                 (-serialized_node), (-serialized_node), (-serialized_node));
+        } else {
+            /* The terminal isn't a default, so go ahead and output it. */
+            cork_buffer_append_printf
+                (&dot_data->scratch,
+                 "    n%d -> t%d",
+                 (-serialized_node), serialized_high);
+        }
+    }
+
+    cork_buffer_append_printf
+        (&dot_data->scratch, " [style=solid,color=black]\n");
+
+    /* Output the clauses to the stream. */
+    return write_string(save_data->stream, dot_data->scratch.buf);
+}
+
+
+int
+ipset_node_cache_save_dot(struct cork_stream_consumer *stream,
+                          struct ipset_node_cache *cache, ipset_node_id node)
+{
+    struct dot_data  dot_data = {
+        0                       /* default value */
+    };
+
+    struct save_data  save_data;
+    save_data.cache = cache;
+    save_data.stream = stream;
+    save_data.write_header = write_header_dot;
+    save_data.write_footer = write_footer_dot;
+    save_data.write_terminal = write_terminal_dot;
+    save_data.write_nonterminal = write_nonterminal_dot;
+    save_data.user_data = &dot_data;
+    return save_bdd(&save_data, cache, node);
+}
diff --git a/client/3rd/ShadowSocks/ShadowSocks/shadowsocks-libev/libipset/src/libipset/general.c b/client/3rd/ShadowSocks/ShadowSocks/shadowsocks-libev/libipset/src/libipset/general.c
new file mode 100644
index 00000000..82d3f924
--- /dev/null
+++ b/client/3rd/ShadowSocks/ShadowSocks/shadowsocks-libev/libipset/src/libipset/general.c
@@ -0,0 +1,21 @@
+/* -*- coding: utf-8 -*-
+ * ----------------------------------------------------------------------
+ * Copyright © 2009-2012, RedJack, LLC.
+ * All rights reserved.
+ *
+ * Please see the LICENSE.txt file in this distribution for license
+ * details.
+ * ----------------------------------------------------------------------
+ */
+
+#include <libcork/core.h>
+
+#include "ipset/bdd/nodes.h"
+#include "ipset/ipset.h"
+
+
+int
+ipset_init_library()
+{
+    return 0;
+}
diff --git a/client/3rd/ShadowSocks/ShadowSocks/shadowsocks-libev/libipset/src/libipset/map/allocation.c b/client/3rd/ShadowSocks/ShadowSocks/shadowsocks-libev/libipset/src/libipset/map/allocation.c
new file mode 100644
index 00000000..0dee17b6
--- /dev/null
+++ b/client/3rd/ShadowSocks/ShadowSocks/shadowsocks-libev/libipset/src/libipset/map/allocation.c
@@ -0,0 +1,50 @@
+/* -*- coding: utf-8 -*-
+ * ----------------------------------------------------------------------
+ * Copyright © 2009-2012, RedJack, LLC.
+ * All rights reserved.
+ *
+ * Please see the LICENSE.txt file in this distribution for license
+ * details.
+ * ----------------------------------------------------------------------
+ */
+
+#include <libcork/core.h>
+
+#include "ipset/bdd/nodes.h"
+#include "ipset/ipset.h"
+
+
+void
+ipmap_init(struct ip_map *map, int default_value)
+{
+    /* The map starts empty, so every value assignment should yield the
+     * default. */
+    map->cache = ipset_node_cache_new();
+    map->default_bdd = ipset_terminal_node_id(default_value);
+    map->map_bdd = map->default_bdd;
+}
+
+
+struct ip_map *
+ipmap_new(int default_value)
+{
+    struct ip_map  *result = cork_new(struct ip_map);
+    ipmap_init(result, default_value);
+    return result;
+}
+
+
+void
+ipmap_done(struct ip_map *map)
+{
+    ipset_node_decref(map->cache, map->map_bdd);
+    ipset_node_cache_free(map->cache);
+}
+
+
+void
+ipmap_free(struct ip_map *map)
+{
+    ipmap_done(map);
+    free(map);
+}
diff --git a/client/3rd/ShadowSocks/ShadowSocks/shadowsocks-libev/libipset/src/libipset/map/inspection-template.c.in b/client/3rd/ShadowSocks/ShadowSocks/shadowsocks-libev/libipset/src/libipset/map/inspection-template.c.in
new file mode 100644
index 00000000..e6447d5e
--- /dev/null
+++ b/client/3rd/ShadowSocks/ShadowSocks/shadowsocks-libev/libipset/src/libipset/map/inspection-template.c.in
@@ -0,0 +1,88 @@
+/* -*- coding: utf-8 -*-
+ * ----------------------------------------------------------------------
+ * Copyright © 2009-2012, RedJack, LLC.
+ * All rights reserved.
+ *
+ * Please see the LICENSE.txt file in this distribution for license
+ * details.
+ * ----------------------------------------------------------------------
+ */
+
+#include <libcork/core.h>
+
+#include "ipset/bdd/nodes.h"
+#include "ipset/bits.h"
+#include "ipset/errors.h"
+#include "ipset/ipset.h"
+
+
+/**
+ * Given a BDD variable number, return the index of the corresponding
+ * bit in an IP address.  IPv4 addresses use variables 1-32; IPv6
+ * addresses use 1-128.  (Variable 0 is used to identify the kind of
+ * address — TRUE for IPv4, FALSE for IPv6.)
+ */
+
+static unsigned int
+IPMAP_NAME(bit_for_var)(ipset_variable var)
+{
+    return (var - 1);
+}
+
+
+/**
+ * An assignment function that can be used to evaluate an IP map BDD.
+ */
+
+static bool
+IPMAP_NAME(assignment)(const void *addr, ipset_variable var)
+{
+    if (var == 0) {
+        return IP_DISCRIMINATOR_VALUE;
+    } else {
+        unsigned int  bit = IPMAP_NAME(bit_for_var)(var);
+        return IPSET_BIT_GET(addr, bit);
+    }
+}
+
+
+int
+IPMAP_NAME(get)(struct ip_map *map, CORK_IP *elem)
+{
+    return ipset_node_evaluate
+        (map->cache, map->map_bdd, IPMAP_NAME(assignment), elem);
+}
+
+
+void
+IPMAP_NAME(set_network)(struct ip_map *map, CORK_IP *elem,
+                        unsigned int cidr_prefix, int value)
+{
+    /* Special case — the BDD for a netmask that's out of range never
+     * evaluates to true. */
+    if (cidr_prefix > IP_BIT_SIZE) {
+        cork_error_set
+            (IPSET_ERROR, IPSET_PARSE_ERROR,
+             "CIDR block %u out of range [0..%u]", cidr_prefix, IP_BIT_SIZE);
+        return;
+    }
+
+    ipset_node_id  new_bdd =
+        ipset_node_insert
+        (map->cache, map->map_bdd,
+         IPMAP_NAME(assignment), elem, cidr_prefix + 1, value);
+    ipset_node_decref(map->cache, map->map_bdd);
+    map->map_bdd = new_bdd;
+}
+
+
+void
+IPMAP_NAME(set)(struct ip_map *map, CORK_IP *elem, int value)
+{
+    ipset_node_id  new_bdd =
+        ipset_node_insert
+        (map->cache, map->map_bdd,
+         IPMAP_NAME(assignment), elem, IP_BIT_SIZE + 1, value);
+    ipset_node_decref(map->cache, map->map_bdd);
+    map->map_bdd = new_bdd;
+}
diff --git a/client/3rd/ShadowSocks/ShadowSocks/shadowsocks-libev/libipset/src/libipset/map/inspection.c b/client/3rd/ShadowSocks/ShadowSocks/shadowsocks-libev/libipset/src/libipset/map/inspection.c
new file mode 100644
index 00000000..e23253b2
--- /dev/null
+++ b/client/3rd/ShadowSocks/ShadowSocks/shadowsocks-libev/libipset/src/libipset/map/inspection.c
@@ -0,0 +1,69 @@
+/* -*- coding: utf-8 -*-
+ * ----------------------------------------------------------------------
+ * Copyright © 2009-2012, RedJack, LLC.
+ * All rights reserved.
+ *
+ * Please see the LICENSE.txt file in this distribution for license
+ * details.
+ * ----------------------------------------------------------------------
+ */
+
+#include <libcork/core.h>
+
+#include "ipset/bdd/nodes.h"
+#include "ipset/ipset.h"
+
+bool
+ipmap_is_empty(const struct ip_map *map)
+{
+    /* Since BDDs are unique, any map that maps all addresses to the
+     * default value is “empty”. */
+    return (map->map_bdd == map->default_bdd);
+}
+
+bool
+ipmap_is_equal(const struct ip_map *map1, const struct ip_map *map2)
+{
+    return ipset_node_cache_nodes_equal
+        (map1->cache, map1->map_bdd, map2->cache, map2->map_bdd);
+}
+
+size_t
+ipmap_memory_size(const struct ip_map *map)
+{
+    return ipset_node_memory_size(map->cache, map->map_bdd);
+}
+
+
+void
+ipmap_ip_set(struct ip_map *map, struct cork_ip *addr, int value)
+{
+    if (addr->version == 4) {
+        ipmap_ipv4_set(map, &addr->ip.v4, value);
+    } else {
+        ipmap_ipv6_set(map, &addr->ip.v6, value);
+    }
+}
+
+
+void
+ipmap_ip_set_network(struct ip_map *map, struct cork_ip *addr,
+                     unsigned int cidr_prefix, int value)
+{
+    if (addr->version == 4) {
+        ipmap_ipv4_set_network(map, &addr->ip.v4, cidr_prefix, value);
+    } else {
+        ipmap_ipv6_set_network(map, &addr->ip.v6, cidr_prefix, value);
+    }
+}
+
+
+int
+ipmap_ip_get(struct ip_map *map, struct cork_ip *addr)
+{
+    if (addr->version == 4) {
+        return ipmap_ipv4_get(map, &addr->ip.v4);
+    } else {
+        return ipmap_ipv6_get(map, &addr->ip.v6);
+    }
+}
diff --git a/client/3rd/ShadowSocks/ShadowSocks/shadowsocks-libev/libipset/src/libipset/map/ipv4_map.c b/client/3rd/ShadowSocks/ShadowSocks/shadowsocks-libev/libipset/src/libipset/map/ipv4_map.c
new file mode 100644
index 00000000..dcb88773
--- /dev/null
+++ b/client/3rd/ShadowSocks/ShadowSocks/shadowsocks-libev/libipset/src/libipset/map/ipv4_map.c
@@ -0,0 +1,37 @@
+/* -*- coding: utf-8 -*-
+ * ----------------------------------------------------------------------
+ * Copyright © 2009-2012, RedJack, LLC.
+ * All rights reserved.
+ *
+ * Please see the LICENSE.txt file in this distribution for license
+ * details.
+ * ----------------------------------------------------------------------
+ */
+
+/*
+ * The IPv4 and IPv6 map types are basically identical, except for the
+ * names of the functions, and the size of the values that are being
+ * stored.  Rather than having two mostly duplicate definitions of each
+ * function, we define “template functions” where anything that depends
+ * on the size of the IP address is defined using the following macros.
+ */
+
+
+/* The name of the cork_ipvX type. */
+#define CORK_IP  struct cork_ipv4
+
+/* The number of bits in an IPvX address. */
+#define IP_BIT_SIZE  32
+
+/* The value of the discriminator variable for an IPvX address. */
+#define IP_DISCRIMINATOR_VALUE  true
+
+/* Creates a identifier of the form “ipset_ipv4_<basename>”. */
+#define IPSET_NAME(basename) ipset_ipv4_##basename
+
+/* Creates a identifier of the form “ipmap_ipv4_<basename>”. */
+#define IPMAP_NAME(basename) ipmap_ipv4_##basename
+
+
+/* Now include all of the templates. */
+#include "inspection-template.c.in"
diff --git a/client/3rd/ShadowSocks/ShadowSocks/shadowsocks-libev/libipset/src/libipset/map/ipv6_map.c b/client/3rd/ShadowSocks/ShadowSocks/shadowsocks-libev/libipset/src/libipset/map/ipv6_map.c
new file mode 100644
index 00000000..5821141b
--- /dev/null
+++ b/client/3rd/ShadowSocks/ShadowSocks/shadowsocks-libev/libipset/src/libipset/map/ipv6_map.c
@@ -0,0 +1,37 @@
+/* -*- coding: utf-8 -*-
+ * ----------------------------------------------------------------------
+ * Copyright © 2009-2012, RedJack, LLC.
+ * All rights reserved.
+ *
+ * Please see the LICENSE.txt file in this distribution for license
+ * details.
+ * ----------------------------------------------------------------------
+ */
+
+/*
+ * The IPv4 and IPv6 map types are basically identical, except for the
+ * names of the functions, and the size of the values that are being
+ * stored.  Rather than having two mostly duplicate definitions of each
+ * function, we define “template functions” where anything that depends
+ * on the size of the IP address is defined using the following macros.
+ */
+
+
+/* The name of the cork_ipvX type. */
+#define CORK_IP  struct cork_ipv6
+
+/* The number of bits in an IPvX address. */
+#define IP_BIT_SIZE  128
+
+/* The value of the discriminator variable for an IPvX address. */
+#define IP_DISCRIMINATOR_VALUE  false
+
+/* Creates a identifier of the form “ipset_ipv6_<basename>”. */
+#define IPSET_NAME(basename) ipset_ipv6_##basename
+
+/* Creates a identifier of the form “ipmap_ipv6_<basename>”. */
+#define IPMAP_NAME(basename) ipmap_ipv6_##basename
+
+
+/* Now include all of the templates. */
+#include "inspection-template.c.in"
diff --git a/client/3rd/ShadowSocks/ShadowSocks/shadowsocks-libev/libipset/src/libipset/map/storage.c b/client/3rd/ShadowSocks/ShadowSocks/shadowsocks-libev/libipset/src/libipset/map/storage.c
new file mode 100644
index 00000000..79de2331
--- /dev/null
+++ b/client/3rd/ShadowSocks/ShadowSocks/shadowsocks-libev/libipset/src/libipset/map/storage.c
@@ -0,0 +1,101 @@
+/* -*- coding: utf-8 -*-
+ * ----------------------------------------------------------------------
+ * Copyright © 2009-2012, RedJack, LLC.
+ * All rights reserved.
+ *
+ * Please see the LICENSE.txt file in this distribution for license
+ * details.
+ * ----------------------------------------------------------------------
+ */
+
+#include <errno.h>
+#include <stdio.h>
+#include <stdlib.h>
+#include <string.h>
+
+#include <libcork/core.h>
+
+#include "ipset/bdd/nodes.h"
+#include "ipset/errors.h"
+#include "ipset/ipset.h"
+
+
+static void
+create_errno_error(FILE *stream)
+{
+    if (ferror(stream)) {
+        cork_error_set(IPSET_ERROR, IPSET_IO_ERROR, "%s", strerror(errno));
+    } else {
+        cork_unknown_error();
+    }
+}
+
+struct file_consumer {
+    /* file_consumer is a subclass of cork_stream_consumer */
+    struct cork_stream_consumer  parent;
+    /* the file to write the data into */
+    FILE  *fp;
+};
+
+static int
+file_consumer_data(struct cork_stream_consumer *vself,
+                   const void *buf, size_t size, bool is_first)
+{
+    struct file_consumer  *self =
+        cork_container_of(vself, struct file_consumer, parent);
+    size_t  bytes_written = fwrite(buf, 1, size, self->fp);
+    /* If there was an error writing to the file, then signal this to
+     * the producer */
+    if (bytes_written == size) {
+        return 0;
+    } else {
+        create_errno_error(self->fp);
+        return -1;
+    }
+}
+
+static int
+file_consumer_eof(struct cork_stream_consumer *vself)
+{
+    /* We don't close the file, so there's nothing special to do at
+     * end-of-stream. */
+    return 0;
+}
+
+
+int
+ipmap_save_to_stream(struct cork_stream_consumer *stream,
+                     const struct ip_map *map)
+{
+    return ipset_node_cache_save(stream, map->cache, map->map_bdd);
+}
+
+int
+ipmap_save(FILE *fp, const struct ip_map *map)
+{
+    struct file_consumer  stream = {
+        { file_consumer_data, file_consumer_eof, NULL }, fp
+    };
+    return ipmap_save_to_stream(&stream.parent, map);
+}
+
+
+struct ip_map *
+ipmap_load(FILE *stream)
+{
+    struct ip_map  *map;
+    ipset_node_id  new_bdd;
+
+    /* It doesn't matter what default value we use here, because we're
+     * going to replace it with the default BDD we load in from the
+     * file. */
+    map = ipmap_new(0);
+    new_bdd = ipset_node_cache_load(stream, map->cache);
+    if (cork_error_occurred()) {
+        ipmap_free(map);
+        return NULL;
+    }
+
+    map->map_bdd = new_bdd;
+    return map;
+}
diff --git a/client/3rd/ShadowSocks/ShadowSocks/shadowsocks-libev/libipset/src/libipset/set/allocation.c b/client/3rd/ShadowSocks/ShadowSocks/shadowsocks-libev/libipset/src/libipset/set/allocation.c
new file mode 100644
index 00000000..a1e93920
--- /dev/null
+++ b/client/3rd/ShadowSocks/ShadowSocks/shadowsocks-libev/libipset/src/libipset/set/allocation.c
@@ -0,0 +1,49 @@
+/* -*- coding: utf-8 -*-
+ * ----------------------------------------------------------------------
+ * Copyright © 2009-2012, RedJack, LLC.
+ * All rights reserved.
+ *
+ * Please see the LICENSE.txt file in this distribution for license
+ * details.
+ * ----------------------------------------------------------------------
+ */
+
+#include <libcork/core.h>
+
+#include "ipset/bdd/nodes.h"
+#include "ipset/ipset.h"
+
+
+void
+ipset_init(struct ip_set *set)
+{
+    /* The set starts empty, so every value assignment should yield
+     * false. */
+    set->cache = ipset_node_cache_new();
+    set->set_bdd = ipset_terminal_node_id(false);
+}
+
+
+struct ip_set *
+ipset_new(void)
+{
+    struct ip_set  *result = cork_new(struct ip_set);
+    ipset_init(result);
+    return result;
+}
+
+
+void
+ipset_done(struct ip_set *set)
+{
+    ipset_node_decref(set->cache, set->set_bdd);
+    ipset_node_cache_free(set->cache);
+}
+
+
+void
+ipset_free(struct ip_set *set)
+{
+    ipset_done(set);
+    free(set);
+}
diff --git a/client/3rd/ShadowSocks/ShadowSocks/shadowsocks-libev/libipset/src/libipset/set/inspection-template.c.in b/client/3rd/ShadowSocks/ShadowSocks/shadowsocks-libev/libipset/src/libipset/set/inspection-template.c.in
new file mode 100644
index 00000000..6e0142c0
--- /dev/null
+++ b/client/3rd/ShadowSocks/ShadowSocks/shadowsocks-libev/libipset/src/libipset/set/inspection-template.c.in
@@ -0,0 +1,130 @@
+/* -*- coding: utf-8 -*-
+ * ----------------------------------------------------------------------
+ * Copyright © 2012, RedJack, LLC.
+ * All rights reserved.
+ *
+ * Please see the LICENSE.txt file in this distribution for license
+ * details.
+ * ----------------------------------------------------------------------
+ */
+
+#include <libcork/core.h>
+
+#include "ipset/bdd/nodes.h"
+#include "ipset/bits.h"
+#include "ipset/errors.h"
+#include "ipset/ipset.h"
+
+
+/**
+ * Given a BDD variable number, return the index of the corresponding
+ * bit in an IP address.  IPv4 addresses use variables 1-32; IPv6
+ * addresses use 1-128.  (Variable 0 is used to identify the kind of
+ * address — TRUE for IPv4, FALSE for IPv6.)
+ */
+
+static unsigned int
+IPSET_NAME(bit_for_var)(ipset_variable var)
+{
+    return (var - 1);
+}
+
+
+/**
+ * An assignment function that can be used to evaluate an IP set BDD.
+ */
+
+static bool
+IPSET_NAME(assignment)(const void *addr, ipset_variable var)
+{
+    if (var == 0) {
+        return IP_DISCRIMINATOR_VALUE;
+    } else {
+        unsigned int  bit = IPSET_NAME(bit_for_var)(var);
+        return IPSET_BIT_GET(addr, bit);
+    }
+}
+
+
+bool
+IPSET_PRENAME(contains)(const struct ip_set *set, CORK_IP *elem)
+{
+    return ipset_node_evaluate
+        (set->cache, set->set_bdd, IPSET_NAME(assignment), elem);
+}
+
+
+bool
+IPSET_NAME(add_network)(struct ip_set *set, CORK_IP *elem,
+                        unsigned int cidr_prefix)
+{
+    /* Special case — the BDD for a netmask that's out of range never
+     * evaluates to true. */
+    if (cidr_prefix > IP_BIT_SIZE) {
+        cork_error_set
+            (IPSET_ERROR, IPSET_PARSE_ERROR,
+             "CIDR block %u out of range [0..%u]", cidr_prefix, IP_BIT_SIZE);
+        return false;
+    }
+
+    ipset_node_id  new_bdd =
+        ipset_node_insert
+        (set->cache, set->set_bdd,
+         IPSET_NAME(assignment), elem, cidr_prefix + 1, 1);
+    bool  result = (new_bdd == set->set_bdd);
+    ipset_node_decref(set->cache, set->set_bdd);
+    set->set_bdd = new_bdd;
+    return result;
+}
+
+
+bool
+IPSET_NAME(add)(struct ip_set *set, CORK_IP *elem)
+{
+    ipset_node_id  new_bdd =
+        ipset_node_insert
+        (set->cache, set->set_bdd,
+         IPSET_NAME(assignment), elem, IP_BIT_SIZE + 1, 1);
+    bool  result = (new_bdd == set->set_bdd);
+    ipset_node_decref(set->cache, set->set_bdd);
+    set->set_bdd = new_bdd;
+    return result;
+}
+
+
+bool
+IPSET_NAME(remove)(struct ip_set *set, CORK_IP *elem)
+{
+    ipset_node_id  new_bdd =
+        ipset_node_insert
+        (set->cache, set->set_bdd,
+         IPSET_NAME(assignment), elem, IP_BIT_SIZE + 1, 0);
+    bool  result = (new_bdd == set->set_bdd);
+    ipset_node_decref(set->cache, set->set_bdd);
+    set->set_bdd = new_bdd;
+    return result;
+}
+
+
+bool
+IPSET_NAME(remove_network)(struct ip_set *set, CORK_IP *elem,
+                           unsigned int cidr_prefix)
+{
+    /* Special case — the BDD for a netmask that's out of range never
+     * evaluates to true. */
+    if (cidr_prefix > IP_BIT_SIZE) {
+        cork_error_set
+            (IPSET_ERROR, IPSET_PARSE_ERROR,
+             "CIDR block %u out of range [0..%u]", cidr_prefix, IP_BIT_SIZE);
+        return false;
+    }
+
+    ipset_node_id  new_bdd =
+        ipset_node_insert
+        (set->cache, set->set_bdd,
+         IPSET_NAME(assignment), elem, cidr_prefix + 1, 0);
+    bool  result = (new_bdd == set->set_bdd);
+    ipset_node_decref(set->cache, set->set_bdd);
+    set->set_bdd = new_bdd;
+    return result;
+}
diff --git a/client/3rd/ShadowSocks/ShadowSocks/shadowsocks-libev/libipset/src/libipset/set/inspection.c b/client/3rd/ShadowSocks/ShadowSocks/shadowsocks-libev/libipset/src/libipset/set/inspection.c
new file mode 100644
index 00000000..2cb17ba8
--- /dev/null
+++ b/client/3rd/ShadowSocks/ShadowSocks/shadowsocks-libev/libipset/src/libipset/set/inspection.c
@@ -0,0 +1,91 @@
+/* -*- coding: utf-8 -*-
+ * ----------------------------------------------------------------------
+ * Copyright © 2009-2012, RedJack, LLC.
+ * All rights reserved.
+ *
+ * Please see the LICENSE.txt file in this distribution for license
+ * details.
+ * ----------------------------------------------------------------------
+ */
+
+#include <libcork/core.h>
+
+#include "ipset/bdd/nodes.h"
+#include "ipset/ipset.h"
+
+bool
+ipset_is_empty(const struct ip_set *set)
+{
+    /* Since BDDs are unique, the only empty set is the “false” BDD. */
+    return (set->set_bdd == ipset_terminal_node_id(false));
+}
+
+bool
+ipset_is_equal(const struct ip_set *set1, const struct ip_set *set2)
+{
+    return ipset_node_cache_nodes_equal
+        (set1->cache, set1->set_bdd, set2->cache, set2->set_bdd);
+}
+
+size_t
+ipset_memory_size(const struct ip_set *set)
+{
+    return ipset_node_memory_size(set->cache, set->set_bdd);
+}
+
+
+bool
+ipset_ip_add(struct ip_set *set, struct cork_ip *addr)
+{
+    if (addr->version == 4) {
+        return ipset_ipv4_add(set, &addr->ip.v4);
+    } else {
+        return ipset_ipv6_add(set, &addr->ip.v6);
+    }
+}
+
+
+bool
+ipset_ip_add_network(struct ip_set *set, struct cork_ip *addr,
+                     unsigned int cidr_prefix)
+{
+    if (addr->version == 4) {
+        return ipset_ipv4_add_network(set, &addr->ip.v4, cidr_prefix);
+    } else {
+        return ipset_ipv6_add_network(set, &addr->ip.v6, cidr_prefix);
+    }
+}
+
+
+bool
+ipset_ip_remove(struct ip_set *set, struct cork_ip *addr)
+{
+    if (addr->version == 4) {
+        return ipset_ipv4_remove(set, &addr->ip.v4);
+    } else {
+        return ipset_ipv6_remove(set, &addr->ip.v6);
+    }
+}
+
+
+bool
+ipset_ip_remove_network(struct ip_set *set, struct cork_ip *addr,
+                        unsigned int cidr_prefix)
+{
+    if (addr->version == 4) {
+        return ipset_ipv4_remove_network(set, &addr->ip.v4, cidr_prefix);
+    } else {
+        return ipset_ipv6_remove_network(set, &addr->ip.v6, cidr_prefix);
+    }
+}
+
+
+bool
+ipset_contains_ip(const struct ip_set *set, struct cork_ip *addr)
+{
+    if (addr->version == 4) {
+        return ipset_contains_ipv4(set, &addr->ip.v4);
+    } else {
+        return ipset_contains_ipv6(set, &addr->ip.v6);
+    }
+}
diff --git a/client/3rd/ShadowSocks/ShadowSocks/shadowsocks-libev/libipset/src/libipset/set/ipv4_set.c b/client/3rd/ShadowSocks/ShadowSocks/shadowsocks-libev/libipset/src/libipset/set/ipv4_set.c
new file mode 100644
index 00000000..2a33a671
--- /dev/null
+++ b/client/3rd/ShadowSocks/ShadowSocks/shadowsocks-libev/libipset/src/libipset/set/ipv4_set.c
@@ -0,0 +1,37 @@
+/* -*- coding: utf-8 -*-
+ * ----------------------------------------------------------------------
+ * Copyright © 2009-2012, RedJack, LLC.
+ * All rights reserved.
+ *
+ * Please see the LICENSE.txt file in this distribution for license
+ * details.
+ * ----------------------------------------------------------------------
+ */
+
+/*
+ * The IPv4 and IPv6 set types are basically identical, except for the
+ * names of the functions, and the size of the values that are being
+ * stored.  Rather than having two mostly duplicate definitions of each
+ * function, we define “template functions” where anything that depends
+ * on the size of the IP address is defined using the following macros.
+ */
+
+
+/* The name of the cork_ipvX type. */
+#define CORK_IP  struct cork_ipv4
+
+/* The number of bits in an IPvX address. */
+#define IP_BIT_SIZE  32
+
+/* The value of the discriminator variable for an IPvX address. */
+#define IP_DISCRIMINATOR_VALUE  true
+
+/* Creates a identifier of the form “ipset_ipv4_<basename>”. */
+#define IPSET_NAME(basename) ipset_ipv4_##basename
+
+/* Creates a identifier of the form “ipset_<basename>_ipv4”. */
+#define IPSET_PRENAME(basename) ipset_##basename##_ipv4
+
+
+/* Now include all of the templates. */
+#include "inspection-template.c.in"
diff --git a/client/3rd/ShadowSocks/ShadowSocks/shadowsocks-libev/libipset/src/libipset/set/ipv6_set.c b/client/3rd/ShadowSocks/ShadowSocks/shadowsocks-libev/libipset/src/libipset/set/ipv6_set.c
new file mode 100644
index 00000000..fac72cc5
--- /dev/null
+++ b/client/3rd/ShadowSocks/ShadowSocks/shadowsocks-libev/libipset/src/libipset/set/ipv6_set.c
@@ -0,0 +1,38 @@
+/* -*- coding: utf-8 -*-
+ * ----------------------------------------------------------------------
+ * Copyright © 2009-2012, RedJack, LLC.
+ * All rights reserved.
+ *
+ * Please see the LICENSE.txt file in this distribution for license
+ * details.
+ * ----------------------------------------------------------------------
+ */
+
+/*
+ * The IPv4 and IPv6 set types are basically identical, except for the
+ * names of the functions, and the size of the values that are being
+ * stored.  Rather than having two mostly duplicate definitions of
+ * each function, we define “template functions” where anything that
+ * depends on the size of the IP address is defined using the
+ * following macros.
+ */
+
+
+/* The name of the cork_ipvX type. */
+#define CORK_IP  struct cork_ipv6
+
+/* The number of bits in an IPvX address. */
+#define IP_BIT_SIZE  128
+
+/* The value of the discriminator variable for an IPvX address. */
+#define IP_DISCRIMINATOR_VALUE  false
+
+/* Creates a identifier of the form “ipset_ipv6_<basename>”. */
+#define IPSET_NAME(basename) ipset_ipv6_##basename
+
+/* Creates a identifier of the form “ipset_<basename>_ipv6”. */
+#define IPSET_PRENAME(basename) ipset_##basename##_ipv6
+
+
+/* Now include all of the templates. */
+#include "inspection-template.c.in"
diff --git a/client/3rd/ShadowSocks/ShadowSocks/shadowsocks-libev/libipset/src/libipset/set/iterator.c b/client/3rd/ShadowSocks/ShadowSocks/shadowsocks-libev/libipset/src/libipset/set/iterator.c
new file mode 100644
index 00000000..e601caa7
--- /dev/null
+++ b/client/3rd/ShadowSocks/ShadowSocks/shadowsocks-libev/libipset/src/libipset/set/iterator.c
@@ -0,0 +1,342 @@
+/* -*- coding: utf-8 -*-
+ * ----------------------------------------------------------------------
+ * Copyright © 2010-2012, RedJack, LLC.
+ * All rights reserved.
+ *
+ * Please see the LICENSE.txt file in this distribution for license
+ * details.
+ * ----------------------------------------------------------------------
+ */
+
+#include <string.h>
+
+#include <libcork/core.h>
+
+#include "ipset/bdd/nodes.h"
+#include "ipset/bits.h"
+#include "ipset/ipset.h"
+#include "ipset/logging.h"
+
+
+#define IPV4_BIT_SIZE  32
+#define IPV6_BIT_SIZE  128
+
+
+/* Forward declarations */
+
+static void
+process_assignment(struct ipset_iterator *iterator);
+
+static void
+expand_ipv6(struct ipset_iterator *iterator);
+
+
+/**
+ * Find the highest non-EITHER bit in an assignment, starting from the
+ * given bit index.
+ */
+static unsigned int
+find_last_non_either_bit(struct ipset_assignment *assignment,
+                         unsigned int starting_bit)
+{
+    unsigned int  i;
+
+    for (i = starting_bit; i >= 1; i--) {
+        enum ipset_tribool  value = ipset_assignment_get(assignment, i);
+        if (value != IPSET_EITHER) {
+            return i;
+        }
+    }
+
+    return 0;
+}
+
+
+/**
+ * Create a generic IP address object from the current expanded
+ * assignment.
+ */
+static void
+create_ip_address(struct ipset_iterator *iterator)
+{
+    struct cork_ip  *addr = &iterator->addr;
+    struct ipset_expanded_assignment  *exp = iterator->assignment_iterator;
+
+    /* Initialize the address to all 0 bits. */
+    memset(addr, 0, sizeof(struct cork_ip));
+
+    /* Check variable 0 to see if this is an IPv4 or IPv6 address. */
+    addr->version = IPSET_BIT_GET(exp->values.buf, 0)? 4: 6;
+
+    /* Copy bits from the expanded assignment.  The number of bits to
+     * copy is given as the current netmask.  We'll have calculated that
+     * already based on the non-expanded assignment. */
+    unsigned int  i;
+    for (i = 0; i < iterator->cidr_prefix; i++) {
+        IPSET_BIT_SET(&addr->ip, i, IPSET_BIT_GET(exp->values.buf, i+1));
+    }
+
+#if IPSET_DEBUG
+    char  buf[CORK_IP_STRING_LENGTH];
+    cork_ip_to_raw_string(addr, buf);
+    DEBUG("Current IP address is %s/%u", buf, iterator->cidr_prefix);
+#endif
+}
+
+
+/**
+ * Advance the BDD iterator, taking into account that some assignments
+ * need to be expanded twice.
+ */
+static void
+advance_assignment(struct ipset_iterator *iterator)
+{
+    /* Check the current state of the iterator to determine how to
+     * advance. */
+
+    /* In most cases, the assignment we just finished only needed to be
+     * expanded once.  So we move on to the next assignment and process
+     * it. */
+    if (CORK_LIKELY(iterator->multiple_expansion_state ==
+                    IPSET_ITERATOR_NORMAL))
+    {
+        ipset_bdd_iterator_advance(iterator->bdd_iterator);
+        process_assignment(iterator);
+        return;
+    }
+
+    /* If the assignment needs to be expanded twice, we'll do the IPv4
+     * expansion first.  If that's what we've just finished, do the IPv6
+     * expansion next. */
+
+    if (iterator->multiple_expansion_state == IPSET_ITERATOR_MULTIPLE_IPV4) {
+        DEBUG("Expanding IPv6 second");
+
+        iterator->multiple_expansion_state = IPSET_ITERATOR_MULTIPLE_IPV6;
+        ipset_assignment_set
+            (iterator->bdd_iterator->assignment, 0, IPSET_FALSE);
+        expand_ipv6(iterator);
+        return;
+    }
+
+    /* If we've just finished the IPv6 expansion, then we've finished
+     * with this assignment.  Before moving on to the next one, we have
+     * to reset variable 0 to EITHER (which it was before we started
+     * this whole mess). */
+
+    if (iterator->multiple_expansion_state == IPSET_ITERATOR_MULTIPLE_IPV6) {
+        DEBUG("Finished both expansions");
+
+        ipset_assignment_set
+            (iterator->bdd_iterator->assignment, 0, IPSET_EITHER);
+        ipset_bdd_iterator_advance(iterator->bdd_iterator);
+        process_assignment(iterator);
+        return;
+    }
+}
+
+
+/**
+ * Process the current expanded assignment in the current BDD
+ * assignment.
+ */
+static void
+process_expanded_assignment(struct ipset_iterator *iterator)
+{
+    if (iterator->assignment_iterator->finished) {
+        /* If there isn't anything in the expanded assignment, advance
+         * to the next BDD assignment. */
+
+        DEBUG("Expanded assignment is finished");
+        ipset_expanded_assignment_free(iterator->assignment_iterator);
+        iterator->assignment_iterator = NULL;
+        advance_assignment(iterator);
+    } else {
+        /* Otherwise, we've found a fully expanded assignment, so create
+         * an IP address for it and return. */
+        create_ip_address(iterator);
+    }
+}
+
+
+/**
+ * Expand the current assignment as IPv4 addresses.
+ */
+static void
+expand_ipv4(struct ipset_iterator *iterator)
+{
+    unsigned int  last_bit;
+
+    if (iterator->summarize) {
+        last_bit = find_last_non_either_bit
+            (iterator->bdd_iterator->assignment, IPV4_BIT_SIZE);
+        DEBUG("Last non-either bit is %u", last_bit);
+    } else {
+        last_bit = IPV4_BIT_SIZE;
+    }
+
+    iterator->assignment_iterator =
+        ipset_assignment_expand
+        (iterator->bdd_iterator->assignment, last_bit + 1);
+    iterator->cidr_prefix = last_bit;
+
+    process_expanded_assignment(iterator);
+}
+
+
+/**
+ * Expand the current assignment as IPv4 addresses.
+ */
+static void
+expand_ipv6(struct ipset_iterator *iterator)
+{
+    unsigned int  last_bit;
+
+    if (iterator->summarize) {
+        last_bit = find_last_non_either_bit
+            (iterator->bdd_iterator->assignment, IPV6_BIT_SIZE);
+        DEBUG("Last non-either bit is %u", last_bit);
+    } else {
+        last_bit = IPV6_BIT_SIZE;
+    }
+
+    iterator->assignment_iterator =
+        ipset_assignment_expand
+        (iterator->bdd_iterator->assignment, last_bit + 1);
+    iterator->cidr_prefix = last_bit;
+
+    process_expanded_assignment(iterator);
+}
+
+
+/**
+ * Process the current assignment in the BDD iterator.
+ */
+
+static void
+process_assignment(struct ipset_iterator *iterator)
+{
+    while (!iterator->bdd_iterator->finished) {
+        if (iterator->bdd_iterator->value == iterator->desired_value) {
+            /* If the BDD iterator hasn't finished, and the result of
+             * the function with this assignment matches what the caller
+             * wants, then we've found an assignment to generate IP
+             * addresses from.
+             *
+             * Try to expand this assignment, and process the first
+             * expanded assignment.  We want 32 + 1 variables if the
+             * current address is IPv4; 128 + 1 if it's IPv6. */
+
+            DEBUG("Got a matching BDD assignment");
+            enum ipset_tribool  address_type = ipset_assignment_get
+                (iterator->bdd_iterator->assignment, 0);
+
+            if (address_type == IPSET_FALSE) {
+                /* FALSE means IPv6*/
+                DEBUG("Assignment is IPv6");
+                iterator->multiple_expansion_state = IPSET_ITERATOR_NORMAL;
+                expand_ipv6(iterator);
+                return;
+            } else if (address_type == IPSET_TRUE) {
+                /* TRUE means IPv4*/
+                DEBUG("Assignment is IPv4");
+                iterator->multiple_expansion_state = IPSET_ITERATOR_NORMAL;
+                expand_ipv4(iterator);
+                return;
+            } else {
+                /* EITHER means that this assignment contains both IPv4
+                 * and IPv6 addresses.  Expand it as IPv4 first. */
+                DEBUG("Assignment is both IPv4 and IPv6");
+                DEBUG("Expanding IPv4 first");
+                iterator->multiple_expansion_state =
+                    IPSET_ITERATOR_MULTIPLE_IPV4;
+                ipset_assignment_set
+                    (iterator->bdd_iterator->assignment, 0, IPSET_TRUE);
+                expand_ipv4(iterator);
+                return;
+            }
+        }
+
+        /* The BDD iterator has a value, but it doesn't match the one we
+         * want.  Advance the BDD iterator and try again. */
+        DEBUG("Value is %d, skipping", iterator->bdd_iterator->value);
+        ipset_bdd_iterator_advance(iterator->bdd_iterator);
+    }
+
+    /* If we fall through, then the BDD iterator has finished.  That
+     * means there's nothing left for the set iterator. */
+
+    DEBUG("Set iterator is finished");
+    ipset_expanded_assignment_free(iterator->assignment_iterator);
+    iterator->assignment_iterator = NULL;
+
+    ipset_bdd_iterator_free(iterator->bdd_iterator);
+    iterator->bdd_iterator = NULL;
+    iterator->finished = true;
+}
+
+
+static struct ipset_iterator *
+create_iterator(struct ip_set *set, bool desired_value, bool summarize)
+{
+    /* First allocate the iterator itself. */
+    struct ipset_iterator  *iterator = cork_new(struct ipset_iterator);
+    iterator->finished = false;
+    iterator->assignment_iterator = NULL;
+    iterator->desired_value = desired_value;
+    iterator->summarize = summarize;
+
+    /* Then create the iterator that returns each BDD assignment. */
+    DEBUG("Iterating set");
+    iterator->bdd_iterator = ipset_node_iterate(set->cache, set->set_bdd);
+
+    /* Then drill down from the current BDD assignment, creating an
+     * expanded assignment for it. */
+    process_assignment(iterator);
+    return iterator;
+}
+
+
+struct ipset_iterator *
+ipset_iterate(struct ip_set *set, bool desired_value)
+{
+    return create_iterator(set, desired_value, false);
+}
+
+
+struct ipset_iterator *
+ipset_iterate_networks(struct ip_set *set, bool desired_value)
+{
+    return create_iterator(set, desired_value, true);
+}
+
+
+void
+ipset_iterator_free(struct ipset_iterator *iterator)
+{
+    if (iterator->bdd_iterator != NULL) {
+        ipset_bdd_iterator_free(iterator->bdd_iterator);
+    }
+    if (iterator->assignment_iterator != NULL) {
+        ipset_expanded_assignment_free(iterator->assignment_iterator);
+    }
+    free(iterator);
+}
+
+
+void
+ipset_iterator_advance(struct ipset_iterator *iterator)
+{
+    /* If we're already at the end of the iterator, don't do anything. */
+
+    if (CORK_UNLIKELY(iterator->finished)) {
+        return;
+    }
+
+    /* Otherwise, advance the expanded assignment iterator to the next
+     * assignment, and then drill down into it. */
+
+    DEBUG("Advancing set iterator");
+    ipset_expanded_assignment_advance(iterator->assignment_iterator);
+    process_expanded_assignment(iterator);
+}
diff --git a/client/3rd/ShadowSocks/ShadowSocks/shadowsocks-libev/libipset/src/libipset/set/storage.c b/client/3rd/ShadowSocks/ShadowSocks/shadowsocks-libev/libipset/src/libipset/set/storage.c
new file mode 100644
index 00000000..7dc09275
--- /dev/null
+++ b/client/3rd/ShadowSocks/ShadowSocks/shadowsocks-libev/libipset/src/libipset/set/storage.c
@@ -0,0 +1,107 @@
+/* -*- coding: utf-8 -*-
+ * ----------------------------------------------------------------------
+ * Copyright © 2010-2012, RedJack, LLC.
+ * All rights reserved.
+ *
+ * Please see the LICENSE.txt file in this distribution for license
+ * details.
+ * ----------------------------------------------------------------------
+ */
+
+#include <errno.h>
+#include <stdio.h>
+#include <stdlib.h>
+#include <string.h>
+
+#include <libcork/core.h>
+
+#include "ipset/bdd/nodes.h"
+#include "ipset/errors.h"
+#include "ipset/ipset.h"
+
+
+static void
+create_errno_error(FILE *stream)
+{
+    if (ferror(stream)) {
+        cork_error_set(IPSET_ERROR, IPSET_IO_ERROR, "%s", strerror(errno));
+    } else {
+        cork_unknown_error();
+    }
+}
+
+struct file_consumer {
+    /* file_consumer is a subclass of cork_stream_consumer */
+    struct cork_stream_consumer  parent;
+    /* the file to write the data into */
+    FILE  *fp;
+};
+
+static int
+file_consumer_data(struct cork_stream_consumer *vself,
+                   const void *buf, size_t size, bool is_first)
+{
+    struct file_consumer  *self =
+        cork_container_of(vself, struct file_consumer, parent);
+    size_t  bytes_written = fwrite(buf, 1, size, self->fp);
+    /* If there was an error writing to the file, then signal this to
+     * the producer */
+    if (bytes_written == size) {
+        return 0;
+    } else {
+        create_errno_error(self->fp);
+        return -1;
+    }
+}
+
+static int
+file_consumer_eof(struct cork_stream_consumer *vself)
+{
+    /* We don't close the file, so there's nothing special to do at
+     * end-of-stream. */
+    return 0;
+}
+
+int
+ipset_save_to_stream(struct cork_stream_consumer *stream,
+                     const struct ip_set *set)
+{
+    return ipset_node_cache_save(stream, set->cache, set->set_bdd);
+}
+
+int
+ipset_save(FILE *fp, const struct ip_set *set)
+{
+    struct file_consumer  stream = {
+        { file_consumer_data, file_consumer_eof, NULL }, fp
+    };
+    return ipset_save_to_stream(&stream.parent, set);
+}
+
+
+int
+ipset_save_dot(FILE *fp, const struct ip_set *set)
+{
+    struct file_consumer  stream = {
+        { file_consumer_data, file_consumer_eof, NULL }, fp
+    };
+    return ipset_node_cache_save_dot(&stream.parent, set->cache, set->set_bdd);
+}
+
+
+struct ip_set *
+ipset_load(FILE *stream)
+{
+    struct ip_set  *set;
+    ipset_node_id  new_bdd;
+
+    set = ipset_new();
+    new_bdd = ipset_node_cache_load(stream, set->cache);
+    if (cork_error_occurred()) {
+        ipset_free(set);
+        return NULL;
+    }
+
+    set->set_bdd = new_bdd;
+    return set;
+}
diff --git a/client/3rd/ShadowSocks/ShadowSocks/shadowsocks-libev/libipset/tests/.gitattributes b/client/3rd/ShadowSocks/ShadowSocks/shadowsocks-libev/libipset/tests/.gitattributes
new file mode 100644
index 00000000..862772fd
--- /dev/null
+++ b/client/3rd/ShadowSocks/ShadowSocks/shadowsocks-libev/libipset/tests/.gitattributes
@@ -0,0 +1 @@
+*.t -whitespace
diff --git a/client/3rd/ShadowSocks/ShadowSocks/shadowsocks-libev/libipset/tests/.gitignore b/client/3rd/ShadowSocks/ShadowSocks/shadowsocks-libev/libipset/tests/.gitignore
new file mode 100644
index 00000000..0ba1a0a4
--- /dev/null
+++ b/client/3rd/ShadowSocks/ShadowSocks/shadowsocks-libev/libipset/tests/.gitignore
@@ -0,0 +1,2 @@
+test-ipmap
+test-ipset
diff --git a/client/3rd/ShadowSocks/ShadowSocks/shadowsocks-libev/libipset/tests/CMakeLists.txt b/client/3rd/ShadowSocks/ShadowSocks/shadowsocks-libev/libipset/tests/CMakeLists.txt
new file mode 100644
index 00000000..cc11d071
--- /dev/null
+++ b/client/3rd/ShadowSocks/ShadowSocks/shadowsocks-libev/libipset/tests/CMakeLists.txt
@@ -0,0 +1,65 @@
+# -*- coding: utf-8 -*-
+# ----------------------------------------------------------------------
+# Copyright © 2011, RedJack, LLC.
+# All rights reserved.
+#
+# Please see the LICENSE.txt file in this distribution for license
+# details.
+# ----------------------------------------------------------------------
+
+include_directories(../include)
+link_directories(${CMAKE_CURRENT_BINARY_DIR}/../src)
+
+#-----------------------------------------------------------------------
+# Check for prerequisite libraries
+
+find_package(PkgConfig)
+find_package(Threads)
+
+pkg_check_modules(CHECK REQUIRED check)
+include_directories(${CHECK_INCLUDE_DIRS})
+link_directories(${CHECK_LIBRARY_DIRS})
+
+#-----------------------------------------------------------------------
+# Build the test cases
+
+macro(make_test test_name)
+    add_executable(${test_name} ${test_name}.c)
+    target_link_libraries(${test_name} ${CHECK_LIBRARIES} libipset ${CMAKE_THREAD_LIBS_INIT})
+    add_test(${test_name} ${test_name})
+endmacro(make_test)
+
+# Add calls to make_test for each .c test case in the tests/ directory.
+make_test(test-assignment)
+make_test(test-bdd)
+make_test(test-ipmap)
+make_test(test-ipset)
+make_test(test-iterator)
+
+#-----------------------------------------------------------------------
+# Command-line tests
+
+if(TILERA)
+    configure_file(tile-test ${CMAKE_BINARY_DIR}/tile-test COPYONLY)
+endif(TILERA)
+
+find_program(
+    CRAM_EXECUTABLE
+    NAMES cram
+    HINTS ENV CRAM_DIR
+    PATH_SUFFIXES bin
+    DOC "Cram test harness"
+)
+
+if (CRAM_EXECUTABLE)
+    configure_file(ccram ${CMAKE_BINARY_DIR}/ccram COPYONLY)
+    add_test(
+        cram-tests
+        ${CMAKE_COMMAND} -E chdir ${CMAKE_BINARY_DIR}
+        ${CMAKE_BINARY_DIR}/ccram
+            --cram ${CRAM_EXECUTABLE}
+            --tests ${CMAKE_CURRENT_SOURCE_DIR}
+    )
+else (CRAM_EXECUTABLE)
+    message(WARNING "Unable to find cram test harness; skipping tests.")
+endif (CRAM_EXECUTABLE)
diff --git a/client/3rd/ShadowSocks/ShadowSocks/shadowsocks-libev/libipset/tests/ccram b/client/3rd/ShadowSocks/ShadowSocks/shadowsocks-libev/libipset/tests/ccram
new file mode 100755
index 00000000..40547009
--- /dev/null
+++ b/client/3rd/ShadowSocks/ShadowSocks/shadowsocks-libev/libipset/tests/ccram
@@ -0,0 +1,20 @@
+#!/bin/sh
+
+if [ "$1" = "--cram" ]; then
+    shift
+    CRAM="$1"
+    shift
+else
+    CRAM=cram
+fi
+
+if [ "$1" = "--tests" ]; then
+    shift
+    TESTS="$1"
+    shift
+else
+    TESTS=../tests
+fi
+
+PATH="$PWD/src:$PATH" \
+  "$CRAM" "$@" "$TESTS"
diff --git a/client/3rd/ShadowSocks/ShadowSocks/shadowsocks-libev/libipset/tests/dot/10.0.5.64-30/command b/client/3rd/ShadowSocks/ShadowSocks/shadowsocks-libev/libipset/tests/dot/10.0.5.64-30/command
new file mode 120000
index 00000000..6d879fe2
--- /dev/null
+++ b/client/3rd/ShadowSocks/ShadowSocks/shadowsocks-libev/libipset/tests/dot/10.0.5.64-30/command
@@ -0,0 +1 @@
+../command
\ No newline at end of file
diff --git a/client/3rd/ShadowSocks/ShadowSocks/shadowsocks-libev/libipset/tests/dot/10.0.5.64-30/err b/client/3rd/ShadowSocks/ShadowSocks/shadowsocks-libev/libipset/tests/dot/10.0.5.64-30/err
new file mode 100644
index 00000000..e69de29b
diff --git a/client/3rd/ShadowSocks/ShadowSocks/shadowsocks-libev/libipset/tests/dot/10.0.5.64-30/in b/client/3rd/ShadowSocks/ShadowSocks/shadowsocks-libev/libipset/tests/dot/10.0.5.64-30/in
new file mode 100644
index 00000000..2d9abc96
--- /dev/null
+++ b/client/3rd/ShadowSocks/ShadowSocks/shadowsocks-libev/libipset/tests/dot/10.0.5.64-30/in
@@ -0,0 +1,3 @@
+10.0.5.64
+10.0.5.66
+10.0.5.67
diff --git a/client/3rd/ShadowSocks/ShadowSocks/shadowsocks-libev/libipset/tests/dot/10.0.5.64-30/out b/client/3rd/ShadowSocks/ShadowSocks/shadowsocks-libev/libipset/tests/dot/10.0.5.64-30/out
new file mode 100644
index 00000000..90eb1dc7
--- /dev/null
+++ b/client/3rd/ShadowSocks/ShadowSocks/shadowsocks-libev/libipset/tests/dot/10.0.5.64-30/out
@@ -0,0 +1,134 @@
+strict digraph bdd {
+    t1 [shape=box, label=1];
+    n1 [shape=circle,label=32];
+    n1 -> t1 [style=dashed,color=red]
+    high1 [shape=circle,fixedsize=true,height=0.25,width=0.25,label=""]
+    n1 -> high1 [style=solid,color=black]
+    n2 [shape=circle,label=31];
+    n2 -> n1 [style=dashed,color=red]
+    n2 -> t1 [style=solid,color=black]
+    n3 [shape=circle,label=30];
+    n3 -> n2 [style=dashed,color=red]
+    high3 [shape=circle,fixedsize=true,height=0.25,width=0.25,label=""]
+    n3 -> high3 [style=solid,color=black]
+    n4 [shape=circle,label=29];
+    n4 -> n3 [style=dashed,color=red]
+    high4 [shape=circle,fixedsize=true,height=0.25,width=0.25,label=""]
+    n4 -> high4 [style=solid,color=black]
+    n5 [shape=circle,label=28];
+    n5 -> n4 [style=dashed,color=red]
+    high5 [shape=circle,fixedsize=true,height=0.25,width=0.25,label=""]
+    n5 -> high5 [style=solid,color=black]
+    n6 [shape=circle,label=27];
+    n6 -> n5 [style=dashed,color=red]
+    high6 [shape=circle,fixedsize=true,height=0.25,width=0.25,label=""]
+    n6 -> high6 [style=solid,color=black]
+    n7 [shape=circle,label=26];
+    low7 [shape=circle,label=""]
+    n7 -> low7 [style=dashed,color=red]
+    n7 -> n6 [style=solid,color=black]
+    n8 [shape=circle,label=25];
+    n8 -> n7 [style=dashed,color=red]
+    high8 [shape=circle,fixedsize=true,height=0.25,width=0.25,label=""]
+    n8 -> high8 [style=solid,color=black]
+    n9 [shape=circle,label=24];
+    low9 [shape=circle,label=""]
+    n9 -> low9 [style=dashed,color=red]
+    n9 -> n8 [style=solid,color=black]
+    n10 [shape=circle,label=23];
+    n10 -> n9 [style=dashed,color=red]
+    high10 [shape=circle,fixedsize=true,height=0.25,width=0.25,label=""]
+    n10 -> high10 [style=solid,color=black]
+    n11 [shape=circle,label=22];
+    low11 [shape=circle,label=""]
+    n11 -> low11 [style=dashed,color=red]
+    n11 -> n10 [style=solid,color=black]
+    n12 [shape=circle,label=21];
+    n12 -> n11 [style=dashed,color=red]
+    high12 [shape=circle,fixedsize=true,height=0.25,width=0.25,label=""]
+    n12 -> high12 [style=solid,color=black]
+    n13 [shape=circle,label=20];
+    n13 -> n12 [style=dashed,color=red]
+    high13 [shape=circle,fixedsize=true,height=0.25,width=0.25,label=""]
+    n13 -> high13 [style=solid,color=black]
+    n14 [shape=circle,label=19];
+    n14 -> n13 [style=dashed,color=red]
+    high14 [shape=circle,fixedsize=true,height=0.25,width=0.25,label=""]
+    n14 -> high14 [style=solid,color=black]
+    n15 [shape=circle,label=18];
+    n15 -> n14 [style=dashed,color=red]
+    high15 [shape=circle,fixedsize=true,height=0.25,width=0.25,label=""]
+    n15 -> high15 [style=solid,color=black]
+    n16 [shape=circle,label=17];
+    n16 -> n15 [style=dashed,color=red]
+    high16 [shape=circle,fixedsize=true,height=0.25,width=0.25,label=""]
+    n16 -> high16 [style=solid,color=black]
+    n17 [shape=circle,label=16];
+    n17 -> n16 [style=dashed,color=red]
+    high17 [shape=circle,fixedsize=true,height=0.25,width=0.25,label=""]
+    n17 -> high17 [style=solid,color=black]
+    n18 [shape=circle,label=15];
+    n18 -> n17 [style=dashed,color=red]
+    high18 [shape=circle,fixedsize=true,height=0.25,width=0.25,label=""]
+    n18 -> high18 [style=solid,color=black]
+    n19 [shape=circle,label=14];
+    n19 -> n18 [style=dashed,color=red]
+    high19 [shape=circle,fixedsize=true,height=0.25,width=0.25,label=""]
+    n19 -> high19 [style=solid,color=black]
+    n20 [shape=circle,label=13];
+    n20 -> n19 [style=dashed,color=red]
+    high20 [shape=circle,fixedsize=true,height=0.25,width=0.25,label=""]
+    n20 -> high20 [style=solid,color=black]
+    n21 [shape=circle,label=12];
+    n21 -> n20 [style=dashed,color=red]
+    high21 [shape=circle,fixedsize=true,height=0.25,width=0.25,label=""]
+    n21 -> high21 [style=solid,color=black]
+    n22 [shape=circle,label=11];
+    n22 -> n21 [style=dashed,color=red]
+    high22 [shape=circle,fixedsize=true,height=0.25,width=0.25,label=""]
+    n22 -> high22 [style=solid,color=black]
+    n23 [shape=circle,label=10];
+    n23 -> n22 [style=dashed,color=red]
+    high23 [shape=circle,fixedsize=true,height=0.25,width=0.25,label=""]
+    n23 -> high23 [style=solid,color=black]
+    n24 [shape=circle,label=9];
+    n24 -> n23 [style=dashed,color=red]
+    high24 [shape=circle,fixedsize=true,height=0.25,width=0.25,label=""]
+    n24 -> high24 [style=solid,color=black]
+    n25 [shape=circle,label=8];
+    n25 -> n24 [style=dashed,color=red]
+    high25 [shape=circle,fixedsize=true,height=0.25,width=0.25,label=""]
+    n25 -> high25 [style=solid,color=black]
+    n26 [shape=circle,label=7];
+    low26 [shape=circle,label=""]
+    n26 -> low26 [style=dashed,color=red]
+    n26 -> n25 [style=solid,color=black]
+    n27 [shape=circle,label=6];
+    n27 -> n26 [style=dashed,color=red]
+    high27 [shape=circle,fixedsize=true,height=0.25,width=0.25,label=""]
+    n27 -> high27 [style=solid,color=black]
+    n28 [shape=circle,label=5];
+    low28 [shape=circle,label=""]
+    n28 -> low28 [style=dashed,color=red]
+    n28 -> n27 [style=solid,color=black]
+    n29 [shape=circle,label=4];
+    n29 -> n28 [style=dashed,color=red]
+    high29 [shape=circle,fixedsize=true,height=0.25,width=0.25,label=""]
+    n29 -> high29 [style=solid,color=black]
+    n30 [shape=circle,label=3];
+    n30 -> n29 [style=dashed,color=red]
+    high30 [shape=circle,fixedsize=true,height=0.25,width=0.25,label=""]
+    n30 -> high30 [style=solid,color=black]
+    n31 [shape=circle,label=2];
+    n31 -> n30 [style=dashed,color=red]
+    high31 [shape=circle,fixedsize=true,height=0.25,width=0.25,label=""]
+    n31 -> high31 [style=solid,color=black]
+    n32 [shape=circle,label=1];
+    n32 -> n31 [style=dashed,color=red]
+    high32 [shape=circle,fixedsize=true,height=0.25,width=0.25,label=""]
+    n32 -> high32 [style=solid,color=black]
+    n33 [shape=circle,label=0];
+    low33 [shape=circle,label=""]
+    n33 -> low33 [style=dashed,color=red]
+    n33 -> n32 [style=solid,color=black]
+}
diff --git a/client/3rd/ShadowSocks/ShadowSocks/shadowsocks-libev/libipset/tests/dot/command b/client/3rd/ShadowSocks/ShadowSocks/shadowsocks-libev/libipset/tests/dot/command
new file mode 100644
index 00000000..e2673d42
--- /dev/null
+++ b/client/3rd/ShadowSocks/ShadowSocks/shadowsocks-libev/libipset/tests/dot/command
@@ -0,0 +1 @@
+src/ipsetbuild -o - - | src/ipsetdot -
diff --git a/client/3rd/ShadowSocks/ShadowSocks/shadowsocks-libev/libipset/tests/dot/empty/command b/client/3rd/ShadowSocks/ShadowSocks/shadowsocks-libev/libipset/tests/dot/empty/command
new file mode 120000
index 00000000..6d879fe2
--- /dev/null
+++ b/client/3rd/ShadowSocks/ShadowSocks/shadowsocks-libev/libipset/tests/dot/empty/command
@@ -0,0 +1 @@
+../command
\ No newline at end of file
diff --git a/client/3rd/ShadowSocks/ShadowSocks/shadowsocks-libev/libipset/tests/dot/empty/err b/client/3rd/ShadowSocks/ShadowSocks/shadowsocks-libev/libipset/tests/dot/empty/err
new file mode 100644
index 00000000..e69de29b
diff --git a/client/3rd/ShadowSocks/ShadowSocks/shadowsocks-libev/libipset/tests/dot/empty/in b/client/3rd/ShadowSocks/ShadowSocks/shadowsocks-libev/libipset/tests/dot/empty/in
new file mode 100644
index 00000000..e69de29b
diff --git a/client/3rd/ShadowSocks/ShadowSocks/shadowsocks-libev/libipset/tests/dot/empty/out b/client/3rd/ShadowSocks/ShadowSocks/shadowsocks-libev/libipset/tests/dot/empty/out
new file mode 100644
index 00000000..9d6ee509
--- /dev/null
+++ b/client/3rd/ShadowSocks/ShadowSocks/shadowsocks-libev/libipset/tests/dot/empty/out
@@ -0,0 +1,2 @@
+strict digraph bdd {
+}
diff --git a/client/3rd/ShadowSocks/ShadowSocks/shadowsocks-libev/libipset/tests/dot/universe/command b/client/3rd/ShadowSocks/ShadowSocks/shadowsocks-libev/libipset/tests/dot/universe/command
new file mode 120000
index 00000000..6d879fe2
--- /dev/null
+++ b/client/3rd/ShadowSocks/ShadowSocks/shadowsocks-libev/libipset/tests/dot/universe/command
@@ -0,0 +1 @@
+../command
\ No newline at end of file
diff --git a/client/3rd/ShadowSocks/ShadowSocks/shadowsocks-libev/libipset/tests/dot/universe/err b/client/3rd/ShadowSocks/ShadowSocks/shadowsocks-libev/libipset/tests/dot/universe/err
new file mode 100644
index 00000000..e69de29b
diff --git a/client/3rd/ShadowSocks/ShadowSocks/shadowsocks-libev/libipset/tests/dot/universe/in b/client/3rd/ShadowSocks/ShadowSocks/shadowsocks-libev/libipset/tests/dot/universe/in
new file mode 100644
index 00000000..a5712ee0
--- /dev/null
+++ b/client/3rd/ShadowSocks/ShadowSocks/shadowsocks-libev/libipset/tests/dot/universe/in
@@ -0,0 +1,2 @@
+0.0.0.0/0
+::/0
diff --git a/client/3rd/ShadowSocks/ShadowSocks/shadowsocks-libev/libipset/tests/dot/universe/out b/client/3rd/ShadowSocks/ShadowSocks/shadowsocks-libev/libipset/tests/dot/universe/out
new file mode 100644
index 00000000..4d47ba5e
--- /dev/null
+++ b/client/3rd/ShadowSocks/ShadowSocks/shadowsocks-libev/libipset/tests/dot/universe/out
@@ -0,0 +1,3 @@
+strict digraph bdd {
+    t1 [shape=box, label=1];
+}
diff --git a/client/3rd/ShadowSocks/ShadowSocks/shadowsocks-libev/libipset/tests/errors/empty-cidr/command b/client/3rd/ShadowSocks/ShadowSocks/shadowsocks-libev/libipset/tests/errors/empty-cidr/command
new file mode 100644
index 00000000..43b43af3
--- /dev/null
+++ b/client/3rd/ShadowSocks/ShadowSocks/shadowsocks-libev/libipset/tests/errors/empty-cidr/command
@@ -0,0 +1 @@
+src/ipsetbuild - -o -
diff --git a/client/3rd/ShadowSocks/ShadowSocks/shadowsocks-libev/libipset/tests/errors/empty-cidr/err b/client/3rd/ShadowSocks/ShadowSocks/shadowsocks-libev/libipset/tests/errors/empty-cidr/err
new file mode 100644
index 00000000..c34f24a1
--- /dev/null
+++ b/client/3rd/ShadowSocks/ShadowSocks/shadowsocks-libev/libipset/tests/errors/empty-cidr/err
@@ -0,0 +1,2 @@
+Error: Line 1: Missing CIDR prefix
+The program halted on stdin with 1 input error.
diff --git a/client/3rd/ShadowSocks/ShadowSocks/shadowsocks-libev/libipset/tests/errors/empty-cidr/in b/client/3rd/ShadowSocks/ShadowSocks/shadowsocks-libev/libipset/tests/errors/empty-cidr/in
new file mode 100644
index 00000000..09694117
--- /dev/null
+++ b/client/3rd/ShadowSocks/ShadowSocks/shadowsocks-libev/libipset/tests/errors/empty-cidr/in
@@ -0,0 +1 @@
+10.0.0.0/
diff --git a/client/3rd/ShadowSocks/ShadowSocks/shadowsocks-libev/libipset/tests/errors/empty-cidr/out b/client/3rd/ShadowSocks/ShadowSocks/shadowsocks-libev/libipset/tests/errors/empty-cidr/out
new file mode 100644
index 00000000..e69de29b
diff --git a/client/3rd/ShadowSocks/ShadowSocks/shadowsocks-libev/libipset/tests/errors/ipsetcat-empty-input/command b/client/3rd/ShadowSocks/ShadowSocks/shadowsocks-libev/libipset/tests/errors/ipsetcat-empty-input/command
new file mode 100644
index 00000000..a3ca0b7e
--- /dev/null
+++ b/client/3rd/ShadowSocks/ShadowSocks/shadowsocks-libev/libipset/tests/errors/ipsetcat-empty-input/command
@@ -0,0 +1 @@
+src/ipsetcat -
diff --git a/client/3rd/ShadowSocks/ShadowSocks/shadowsocks-libev/libipset/tests/errors/ipsetcat-empty-input/err b/client/3rd/ShadowSocks/ShadowSocks/shadowsocks-libev/libipset/tests/errors/ipsetcat-empty-input/err
new file mode 100644
index 00000000..a99071c1
--- /dev/null
+++ b/client/3rd/ShadowSocks/ShadowSocks/shadowsocks-libev/libipset/tests/errors/ipsetcat-empty-input/err
@@ -0,0 +1,2 @@
+Error reading stdin:
+  Unexpected end of file
diff --git a/client/3rd/ShadowSocks/ShadowSocks/shadowsocks-libev/libipset/tests/errors/ipsetcat-empty-input/in b/client/3rd/ShadowSocks/ShadowSocks/shadowsocks-libev/libipset/tests/errors/ipsetcat-empty-input/in
new file mode 100644
index 00000000..e69de29b
diff --git a/client/3rd/ShadowSocks/ShadowSocks/shadowsocks-libev/libipset/tests/errors/ipsetcat-empty-input/out b/client/3rd/ShadowSocks/ShadowSocks/shadowsocks-libev/libipset/tests/errors/ipsetcat-empty-input/out
new file mode 100644
index 00000000..e69de29b
diff --git a/client/3rd/ShadowSocks/ShadowSocks/shadowsocks-libev/libipset/tests/errors/ipsetcat-file-not-found/command b/client/3rd/ShadowSocks/ShadowSocks/shadowsocks-libev/libipset/tests/errors/ipsetcat-file-not-found/command
new file mode 100644
index 00000000..b71121fb
--- /dev/null
+++ b/client/3rd/ShadowSocks/ShadowSocks/shadowsocks-libev/libipset/tests/errors/ipsetcat-file-not-found/command
@@ -0,0 +1 @@
+src/ipsetcat non-existing-file.set
diff --git a/client/3rd/ShadowSocks/ShadowSocks/shadowsocks-libev/libipset/tests/errors/ipsetcat-file-not-found/err b/client/3rd/ShadowSocks/ShadowSocks/shadowsocks-libev/libipset/tests/errors/ipsetcat-file-not-found/err
new file mode 100644
index 00000000..a5f60b9e
--- /dev/null
+++ b/client/3rd/ShadowSocks/ShadowSocks/shadowsocks-libev/libipset/tests/errors/ipsetcat-file-not-found/err
@@ -0,0 +1,2 @@
+Cannot open file non-existing-file.set:
+  No such file or directory
diff --git a/client/3rd/ShadowSocks/ShadowSocks/shadowsocks-libev/libipset/tests/errors/ipsetcat-file-not-found/in b/client/3rd/ShadowSocks/ShadowSocks/shadowsocks-libev/libipset/tests/errors/ipsetcat-file-not-found/in
new file mode 100644
index 00000000..e69de29b
diff --git a/client/3rd/ShadowSocks/ShadowSocks/shadowsocks-libev/libipset/tests/errors/ipsetcat-file-not-found/out b/client/3rd/ShadowSocks/ShadowSocks/shadowsocks-libev/libipset/tests/errors/ipsetcat-file-not-found/out
new file mode 100644
index 00000000..e69de29b
diff --git a/client/3rd/ShadowSocks/ShadowSocks/shadowsocks-libev/libipset/tests/errors/ipsetcat-no-input/command b/client/3rd/ShadowSocks/ShadowSocks/shadowsocks-libev/libipset/tests/errors/ipsetcat-no-input/command
new file mode 100644
index 00000000..15583456
--- /dev/null
+++ b/client/3rd/ShadowSocks/ShadowSocks/shadowsocks-libev/libipset/tests/errors/ipsetcat-no-input/command
@@ -0,0 +1 @@
+src/ipsetcat
diff --git a/client/3rd/ShadowSocks/ShadowSocks/shadowsocks-libev/libipset/tests/errors/ipsetcat-no-input/err b/client/3rd/ShadowSocks/ShadowSocks/shadowsocks-libev/libipset/tests/errors/ipsetcat-no-input/err
new file mode 100644
index 00000000..5d31447f
--- /dev/null
+++ b/client/3rd/ShadowSocks/ShadowSocks/shadowsocks-libev/libipset/tests/errors/ipsetcat-no-input/err
@@ -0,0 +1,2 @@
+ipsetcat: You must specify exactly one input file.
+Usage: ipsetcat [options] <input filename>
diff --git a/client/3rd/ShadowSocks/ShadowSocks/shadowsocks-libev/libipset/tests/errors/ipsetcat-no-input/in b/client/3rd/ShadowSocks/ShadowSocks/shadowsocks-libev/libipset/tests/errors/ipsetcat-no-input/in
new file mode 100644
index 00000000..e69de29b
diff --git a/client/3rd/ShadowSocks/ShadowSocks/shadowsocks-libev/libipset/tests/errors/ipsetcat-no-input/out b/client/3rd/ShadowSocks/ShadowSocks/shadowsocks-libev/libipset/tests/errors/ipsetcat-no-input/out
new file mode 100644
index 00000000..e69de29b
diff --git a/client/3rd/ShadowSocks/ShadowSocks/shadowsocks-libev/libipset/tests/errors/ipsetdot-empty-input/command b/client/3rd/ShadowSocks/ShadowSocks/shadowsocks-libev/libipset/tests/errors/ipsetdot-empty-input/command
new file mode 100644
index 00000000..803085e9
--- /dev/null
+++ b/client/3rd/ShadowSocks/ShadowSocks/shadowsocks-libev/libipset/tests/errors/ipsetdot-empty-input/command
@@ -0,0 +1 @@
+src/ipsetdot -
diff --git a/client/3rd/ShadowSocks/ShadowSocks/shadowsocks-libev/libipset/tests/errors/ipsetdot-empty-input/err b/client/3rd/ShadowSocks/ShadowSocks/shadowsocks-libev/libipset/tests/errors/ipsetdot-empty-input/err
new file mode 100644
index 00000000..a99071c1
--- /dev/null
+++ b/client/3rd/ShadowSocks/ShadowSocks/shadowsocks-libev/libipset/tests/errors/ipsetdot-empty-input/err
@@ -0,0 +1,2 @@
+Error reading stdin:
+  Unexpected end of file
diff --git a/client/3rd/ShadowSocks/ShadowSocks/shadowsocks-libev/libipset/tests/errors/ipsetdot-empty-input/in b/client/3rd/ShadowSocks/ShadowSocks/shadowsocks-libev/libipset/tests/errors/ipsetdot-empty-input/in
new file mode 100644
index 00000000..e69de29b
diff --git a/client/3rd/ShadowSocks/ShadowSocks/shadowsocks-libev/libipset/tests/errors/ipsetdot-empty-input/out b/client/3rd/ShadowSocks/ShadowSocks/shadowsocks-libev/libipset/tests/errors/ipsetdot-empty-input/out
new file mode 100644
index 00000000..e69de29b
diff --git a/client/3rd/ShadowSocks/ShadowSocks/shadowsocks-libev/libipset/tests/errors/ipsetdot-file-not-found/command b/client/3rd/ShadowSocks/ShadowSocks/shadowsocks-libev/libipset/tests/errors/ipsetdot-file-not-found/command
new file mode 100644
index 00000000..c56f6ea3
--- /dev/null
+++ b/client/3rd/ShadowSocks/ShadowSocks/shadowsocks-libev/libipset/tests/errors/ipsetdot-file-not-found/command
@@ -0,0 +1 @@
+src/ipsetdot non-existing-file.set
diff --git a/client/3rd/ShadowSocks/ShadowSocks/shadowsocks-libev/libipset/tests/errors/ipsetdot-file-not-found/err b/client/3rd/ShadowSocks/ShadowSocks/shadowsocks-libev/libipset/tests/errors/ipsetdot-file-not-found/err
new file mode 100644
index 00000000..a5f60b9e
--- /dev/null
+++ b/client/3rd/ShadowSocks/ShadowSocks/shadowsocks-libev/libipset/tests/errors/ipsetdot-file-not-found/err
@@ -0,0 +1,2 @@
+Cannot open file non-existing-file.set:
+  No such file or directory
diff --git a/client/3rd/ShadowSocks/ShadowSocks/shadowsocks-libev/libipset/tests/errors/ipsetdot-file-not-found/in b/client/3rd/ShadowSocks/ShadowSocks/shadowsocks-libev/libipset/tests/errors/ipsetdot-file-not-found/in
new file mode 100644
index 00000000..e69de29b
diff --git a/client/3rd/ShadowSocks/ShadowSocks/shadowsocks-libev/libipset/tests/errors/ipsetdot-file-not-found/out b/client/3rd/ShadowSocks/ShadowSocks/shadowsocks-libev/libipset/tests/errors/ipsetdot-file-not-found/out
new file mode 100644
index 00000000..e69de29b
diff --git a/client/3rd/ShadowSocks/ShadowSocks/shadowsocks-libev/libipset/tests/errors/ipsetdot-no-input/command b/client/3rd/ShadowSocks/ShadowSocks/shadowsocks-libev/libipset/tests/errors/ipsetdot-no-input/command
new file mode 100644
index 00000000..d72dedef
--- /dev/null
+++ b/client/3rd/ShadowSocks/ShadowSocks/shadowsocks-libev/libipset/tests/errors/ipsetdot-no-input/command
@@ -0,0 +1 @@
+src/ipsetdot
diff --git a/client/3rd/ShadowSocks/ShadowSocks/shadowsocks-libev/libipset/tests/errors/ipsetdot-no-input/err b/client/3rd/ShadowSocks/ShadowSocks/shadowsocks-libev/libipset/tests/errors/ipsetdot-no-input/err
new file mode 100644
index 00000000..3e885418
--- /dev/null
+++ b/client/3rd/ShadowSocks/ShadowSocks/shadowsocks-libev/libipset/tests/errors/ipsetdot-no-input/err
@@ -0,0 +1,2 @@
+ipsetdot: You must specify exactly one input file.
+Usage: ipsetdot [options] <input filename>
diff --git a/client/3rd/ShadowSocks/ShadowSocks/shadowsocks-libev/libipset/tests/errors/ipsetdot-no-input/in b/client/3rd/ShadowSocks/ShadowSocks/shadowsocks-libev/libipset/tests/errors/ipsetdot-no-input/in
new file mode 100644
index 00000000..e69de29b
diff --git a/client/3rd/ShadowSocks/ShadowSocks/shadowsocks-libev/libipset/tests/errors/ipsetdot-no-input/out b/client/3rd/ShadowSocks/ShadowSocks/shadowsocks-libev/libipset/tests/errors/ipsetdot-no-input/out
new file mode 100644
index 00000000..e69de29b
diff --git a/client/3rd/ShadowSocks/ShadowSocks/shadowsocks-libev/libipset/tests/errors/nonnumeric-cidr/command b/client/3rd/ShadowSocks/ShadowSocks/shadowsocks-libev/libipset/tests/errors/nonnumeric-cidr/command
new file mode 100644
index 00000000..43b43af3
--- /dev/null
+++ b/client/3rd/ShadowSocks/ShadowSocks/shadowsocks-libev/libipset/tests/errors/nonnumeric-cidr/command
@@ -0,0 +1 @@
+src/ipsetbuild - -o -
diff --git a/client/3rd/ShadowSocks/ShadowSocks/shadowsocks-libev/libipset/tests/errors/nonnumeric-cidr/err b/client/3rd/ShadowSocks/ShadowSocks/shadowsocks-libev/libipset/tests/errors/nonnumeric-cidr/err
new file mode 100644
index 00000000..035c6458
--- /dev/null
+++ b/client/3rd/ShadowSocks/ShadowSocks/shadowsocks-libev/libipset/tests/errors/nonnumeric-cidr/err
@@ -0,0 +1,2 @@
+Error: Line 1: Invalid CIDR prefix "8o"
+The program halted on stdin with 1 input error.
diff --git a/client/3rd/ShadowSocks/ShadowSocks/shadowsocks-libev/libipset/tests/errors/nonnumeric-cidr/in b/client/3rd/ShadowSocks/ShadowSocks/shadowsocks-libev/libipset/tests/errors/nonnumeric-cidr/in
new file mode 100644
index 00000000..0f77b013
--- /dev/null
+++ b/client/3rd/ShadowSocks/ShadowSocks/shadowsocks-libev/libipset/tests/errors/nonnumeric-cidr/in
@@ -0,0 +1 @@
+10.0.0.0/8o
diff --git a/client/3rd/ShadowSocks/ShadowSocks/shadowsocks-libev/libipset/tests/errors/nonnumeric-cidr/out b/client/3rd/ShadowSocks/ShadowSocks/shadowsocks-libev/libipset/tests/errors/nonnumeric-cidr/out
new file mode 100644
index 00000000..e69de29b
diff --git a/client/3rd/ShadowSocks/ShadowSocks/shadowsocks-libev/libipset/tests/round-trip/10.0.5.64-30/command b/client/3rd/ShadowSocks/ShadowSocks/shadowsocks-libev/libipset/tests/round-trip/10.0.5.64-30/command
new file mode 120000
index 00000000..6d879fe2
--- /dev/null
+++ b/client/3rd/ShadowSocks/ShadowSocks/shadowsocks-libev/libipset/tests/round-trip/10.0.5.64-30/command
@@ -0,0 +1 @@
+../command
\ No newline at end of file
diff --git a/client/3rd/ShadowSocks/ShadowSocks/shadowsocks-libev/libipset/tests/round-trip/10.0.5.64-30/err b/client/3rd/ShadowSocks/ShadowSocks/shadowsocks-libev/libipset/tests/round-trip/10.0.5.64-30/err
new file mode 100644
index 00000000..e69de29b
diff --git a/client/3rd/ShadowSocks/ShadowSocks/shadowsocks-libev/libipset/tests/round-trip/10.0.5.64-30/in b/client/3rd/ShadowSocks/ShadowSocks/shadowsocks-libev/libipset/tests/round-trip/10.0.5.64-30/in
new file mode 100644
index 00000000..2d9abc96
--- /dev/null
+++ b/client/3rd/ShadowSocks/ShadowSocks/shadowsocks-libev/libipset/tests/round-trip/10.0.5.64-30/in
@@ -0,0 +1,3 @@
+10.0.5.64
+10.0.5.66
+10.0.5.67
diff --git a/client/3rd/ShadowSocks/ShadowSocks/shadowsocks-libev/libipset/tests/round-trip/10.0.5.64-30/out b/client/3rd/ShadowSocks/ShadowSocks/shadowsocks-libev/libipset/tests/round-trip/10.0.5.64-30/out
new file mode 100644
index 00000000..bad551d6
--- /dev/null
+++ b/client/3rd/ShadowSocks/ShadowSocks/shadowsocks-libev/libipset/tests/round-trip/10.0.5.64-30/out
@@ -0,0 +1,2 @@
+10.0.5.64
+10.0.5.66/31
diff --git a/client/3rd/ShadowSocks/ShadowSocks/shadowsocks-libev/libipset/tests/round-trip/command b/client/3rd/ShadowSocks/ShadowSocks/shadowsocks-libev/libipset/tests/round-trip/command
new file mode 100644
index 00000000..2dff66ab
--- /dev/null
+++ b/client/3rd/ShadowSocks/ShadowSocks/shadowsocks-libev/libipset/tests/round-trip/command
@@ -0,0 +1 @@
+src/ipsetbuild -o - - | src/ipsetcat -n -
diff --git a/client/3rd/ShadowSocks/ShadowSocks/shadowsocks-libev/libipset/tests/round-trip/empty/command b/client/3rd/ShadowSocks/ShadowSocks/shadowsocks-libev/libipset/tests/round-trip/empty/command
new file mode 120000
index 00000000..6d879fe2
--- /dev/null
+++ b/client/3rd/ShadowSocks/ShadowSocks/shadowsocks-libev/libipset/tests/round-trip/empty/command
@@ -0,0 +1 @@
+../command
\ No newline at end of file
diff --git a/client/3rd/ShadowSocks/ShadowSocks/shadowsocks-libev/libipset/tests/round-trip/empty/err b/client/3rd/ShadowSocks/ShadowSocks/shadowsocks-libev/libipset/tests/round-trip/empty/err
new file mode 100644
index 00000000..e69de29b
diff --git a/client/3rd/ShadowSocks/ShadowSocks/shadowsocks-libev/libipset/tests/round-trip/empty/in b/client/3rd/ShadowSocks/ShadowSocks/shadowsocks-libev/libipset/tests/round-trip/empty/in
new file mode 100644
index 00000000..e69de29b
diff --git a/client/3rd/ShadowSocks/ShadowSocks/shadowsocks-libev/libipset/tests/round-trip/empty/out b/client/3rd/ShadowSocks/ShadowSocks/shadowsocks-libev/libipset/tests/round-trip/empty/out
new file mode 100644
index 00000000..e69de29b
diff --git a/client/3rd/ShadowSocks/ShadowSocks/shadowsocks-libev/libipset/tests/round-trip/idempotent-01a/command b/client/3rd/ShadowSocks/ShadowSocks/shadowsocks-libev/libipset/tests/round-trip/idempotent-01a/command
new file mode 120000
index 00000000..6d879fe2
--- /dev/null
+++ b/client/3rd/ShadowSocks/ShadowSocks/shadowsocks-libev/libipset/tests/round-trip/idempotent-01a/command
@@ -0,0 +1 @@
+../command
\ No newline at end of file
diff --git a/client/3rd/ShadowSocks/ShadowSocks/shadowsocks-libev/libipset/tests/round-trip/idempotent-01a/err b/client/3rd/ShadowSocks/ShadowSocks/shadowsocks-libev/libipset/tests/round-trip/idempotent-01a/err
new file mode 100644
index 00000000..e69de29b
diff --git a/client/3rd/ShadowSocks/ShadowSocks/shadowsocks-libev/libipset/tests/round-trip/idempotent-01a/in b/client/3rd/ShadowSocks/ShadowSocks/shadowsocks-libev/libipset/tests/round-trip/idempotent-01a/in
new file mode 100644
index 00000000..8246fa7a
--- /dev/null
+++ b/client/3rd/ShadowSocks/ShadowSocks/shadowsocks-libev/libipset/tests/round-trip/idempotent-01a/in
@@ -0,0 +1,2 @@
+192.168.0.0/24
+192.168.1.0/24
diff --git a/client/3rd/ShadowSocks/ShadowSocks/shadowsocks-libev/libipset/tests/round-trip/idempotent-01a/out b/client/3rd/ShadowSocks/ShadowSocks/shadowsocks-libev/libipset/tests/round-trip/idempotent-01a/out
new file mode 100644
index 00000000..b388b908
--- /dev/null
+++ b/client/3rd/ShadowSocks/ShadowSocks/shadowsocks-libev/libipset/tests/round-trip/idempotent-01a/out
@@ -0,0 +1 @@
+192.168.0.0/23
diff --git a/client/3rd/ShadowSocks/ShadowSocks/shadowsocks-libev/libipset/tests/round-trip/idempotent-01b/command b/client/3rd/ShadowSocks/ShadowSocks/shadowsocks-libev/libipset/tests/round-trip/idempotent-01b/command
new file mode 120000
index 00000000..6d879fe2
--- /dev/null
+++ b/client/3rd/ShadowSocks/ShadowSocks/shadowsocks-libev/libipset/tests/round-trip/idempotent-01b/command
@@ -0,0 +1 @@
+../command
\ No newline at end of file
diff --git a/client/3rd/ShadowSocks/ShadowSocks/shadowsocks-libev/libipset/tests/round-trip/idempotent-01b/err b/client/3rd/ShadowSocks/ShadowSocks/shadowsocks-libev/libipset/tests/round-trip/idempotent-01b/err
new file mode 100644
index 00000000..e69de29b
diff --git a/client/3rd/ShadowSocks/ShadowSocks/shadowsocks-libev/libipset/tests/round-trip/idempotent-01b/in b/client/3rd/ShadowSocks/ShadowSocks/shadowsocks-libev/libipset/tests/round-trip/idempotent-01b/in
new file mode 100644
index 00000000..3fc7426c
--- /dev/null
+++ b/client/3rd/ShadowSocks/ShadowSocks/shadowsocks-libev/libipset/tests/round-trip/idempotent-01b/in
@@ -0,0 +1,2 @@
+192.168.1.0/24
+192.168.0.0/24
diff --git a/client/3rd/ShadowSocks/ShadowSocks/shadowsocks-libev/libipset/tests/round-trip/idempotent-01b/out b/client/3rd/ShadowSocks/ShadowSocks/shadowsocks-libev/libipset/tests/round-trip/idempotent-01b/out
new file mode 100644
index 00000000..b388b908
--- /dev/null
+++ b/client/3rd/ShadowSocks/ShadowSocks/shadowsocks-libev/libipset/tests/round-trip/idempotent-01b/out
@@ -0,0 +1 @@
+192.168.0.0/23
diff --git a/client/3rd/ShadowSocks/ShadowSocks/shadowsocks-libev/libipset/tests/round-trip/idempotent-02a/command b/client/3rd/ShadowSocks/ShadowSocks/shadowsocks-libev/libipset/tests/round-trip/idempotent-02a/command
new file mode 120000
index 00000000..6d879fe2
--- /dev/null
+++ b/client/3rd/ShadowSocks/ShadowSocks/shadowsocks-libev/libipset/tests/round-trip/idempotent-02a/command
@@ -0,0 +1 @@
+../command
\ No newline at end of file
diff --git a/client/3rd/ShadowSocks/ShadowSocks/shadowsocks-libev/libipset/tests/round-trip/idempotent-02a/err b/client/3rd/ShadowSocks/ShadowSocks/shadowsocks-libev/libipset/tests/round-trip/idempotent-02a/err
new file mode 100644
index 00000000..e69de29b
diff --git a/client/3rd/ShadowSocks/ShadowSocks/shadowsocks-libev/libipset/tests/round-trip/idempotent-02a/in b/client/3rd/ShadowSocks/ShadowSocks/shadowsocks-libev/libipset/tests/round-trip/idempotent-02a/in
new file mode 100644
index 00000000..17b418dd
--- /dev/null
+++ b/client/3rd/ShadowSocks/ShadowSocks/shadowsocks-libev/libipset/tests/round-trip/idempotent-02a/in
@@ -0,0 +1,2 @@
+192.168.0.0/23
+!192.168.1.0/24
diff --git a/client/3rd/ShadowSocks/ShadowSocks/shadowsocks-libev/libipset/tests/round-trip/idempotent-02a/out b/client/3rd/ShadowSocks/ShadowSocks/shadowsocks-libev/libipset/tests/round-trip/idempotent-02a/out
new file mode 100644
index 00000000..28d4109e
--- /dev/null
+++ b/client/3rd/ShadowSocks/ShadowSocks/shadowsocks-libev/libipset/tests/round-trip/idempotent-02a/out
@@ -0,0 +1 @@
+192.168.0.0/24
diff --git a/client/3rd/ShadowSocks/ShadowSocks/shadowsocks-libev/libipset/tests/round-trip/idempotent-02b/command b/client/3rd/ShadowSocks/ShadowSocks/shadowsocks-libev/libipset/tests/round-trip/idempotent-02b/command
new file mode 120000
index 00000000..6d879fe2
--- /dev/null
+++ b/client/3rd/ShadowSocks/ShadowSocks/shadowsocks-libev/libipset/tests/round-trip/idempotent-02b/command
@@ -0,0 +1 @@
+../command
\ No newline at end of file
diff --git a/client/3rd/ShadowSocks/ShadowSocks/shadowsocks-libev/libipset/tests/round-trip/idempotent-02b/err b/client/3rd/ShadowSocks/ShadowSocks/shadowsocks-libev/libipset/tests/round-trip/idempotent-02b/err
new file mode 100644
index 00000000..e69de29b
diff --git a/client/3rd/ShadowSocks/ShadowSocks/shadowsocks-libev/libipset/tests/round-trip/idempotent-02b/in b/client/3rd/ShadowSocks/ShadowSocks/shadowsocks-libev/libipset/tests/round-trip/idempotent-02b/in
new file mode 100644
index 00000000..28583049
--- /dev/null
+++ b/client/3rd/ShadowSocks/ShadowSocks/shadowsocks-libev/libipset/tests/round-trip/idempotent-02b/in
@@ -0,0 +1,2 @@
+!192.168.1.0/24
+192.168.0.0/23
diff --git a/client/3rd/ShadowSocks/ShadowSocks/shadowsocks-libev/libipset/tests/round-trip/idempotent-02b/out b/client/3rd/ShadowSocks/ShadowSocks/shadowsocks-libev/libipset/tests/round-trip/idempotent-02b/out
new file mode 100644
index 00000000..28d4109e
--- /dev/null
+++ b/client/3rd/ShadowSocks/ShadowSocks/shadowsocks-libev/libipset/tests/round-trip/idempotent-02b/out
@@ -0,0 +1 @@
+192.168.0.0/24
diff --git a/client/3rd/ShadowSocks/ShadowSocks/shadowsocks-libev/libipset/tests/round-trip/universe/command b/client/3rd/ShadowSocks/ShadowSocks/shadowsocks-libev/libipset/tests/round-trip/universe/command
new file mode 120000
index 00000000..6d879fe2
--- /dev/null
+++ b/client/3rd/ShadowSocks/ShadowSocks/shadowsocks-libev/libipset/tests/round-trip/universe/command
@@ -0,0 +1 @@
+../command
\ No newline at end of file
diff --git a/client/3rd/ShadowSocks/ShadowSocks/shadowsocks-libev/libipset/tests/round-trip/universe/err b/client/3rd/ShadowSocks/ShadowSocks/shadowsocks-libev/libipset/tests/round-trip/universe/err
new file mode 100644
index 00000000..e69de29b
diff --git a/client/3rd/ShadowSocks/ShadowSocks/shadowsocks-libev/libipset/tests/round-trip/universe/in b/client/3rd/ShadowSocks/ShadowSocks/shadowsocks-libev/libipset/tests/round-trip/universe/in
new file mode 100644
index 00000000..a5712ee0
--- /dev/null
+++ b/client/3rd/ShadowSocks/ShadowSocks/shadowsocks-libev/libipset/tests/round-trip/universe/in
@@ -0,0 +1,2 @@
+0.0.0.0/0
+::/0
diff --git a/client/3rd/ShadowSocks/ShadowSocks/shadowsocks-libev/libipset/tests/round-trip/universe/out b/client/3rd/ShadowSocks/ShadowSocks/shadowsocks-libev/libipset/tests/round-trip/universe/out
new file mode 100644
index 00000000..a5712ee0
--- /dev/null
+++ b/client/3rd/ShadowSocks/ShadowSocks/shadowsocks-libev/libipset/tests/round-trip/universe/out
@@ -0,0 +1,2 @@
+0.0.0.0/0
+::/0
diff --git a/client/3rd/ShadowSocks/ShadowSocks/shadowsocks-libev/libipset/tests/test-assignment.c b/client/3rd/ShadowSocks/ShadowSocks/shadowsocks-libev/libipset/tests/test-assignment.c
new file mode 100644
index 00000000..3e871bf2
--- /dev/null
+++ b/client/3rd/ShadowSocks/ShadowSocks/shadowsocks-libev/libipset/tests/test-assignment.c
@@ -0,0 +1,269 @@
+/* -*- coding: utf-8 -*-
+ * ----------------------------------------------------------------------
+ * Copyright © 2009-2012, RedJack, LLC.
+ * All rights reserved.
+ *
+ * Please see the LICENSE.txt file in this distribution for license
+ * details.
+ * ----------------------------------------------------------------------
+ */
+
+#include <stdlib.h>
+#include <string.h>
+
+#include <check.h>
+#include <libcork/core.h>
+
+#include "ipset/bdd/nodes.h"
+#include "ipset/bits.h"
+
+
+/*-----------------------------------------------------------------------
+ * Assignments
+ */
+
+START_TEST(test_bdd_assignment_empty_equal)
+{
+    struct ipset_assignment  *a1;
+    struct ipset_assignment  *a2;
+
+    a1 = ipset_assignment_new();
+    a2 = ipset_assignment_new();
+
+    fail_unless(ipset_assignment_equal(a1, a2),
+                "Assignments should be equal");
+
+    ipset_assignment_free(a1);
+    ipset_assignment_free(a2);
+}
+END_TEST
+
+
+START_TEST(test_bdd_assignment_equal_1)
+{
+    struct ipset_assignment  *a1;
+    struct ipset_assignment  *a2;
+
+    a1 = ipset_assignment_new();
+    ipset_assignment_set(a1, 0, IPSET_TRUE);
+    ipset_assignment_set(a1, 1, IPSET_FALSE);
+
+    a2 = ipset_assignment_new();
+    ipset_assignment_set(a2, 0, IPSET_TRUE);
+    ipset_assignment_set(a2, 1, IPSET_FALSE);
+
+    fail_unless(ipset_assignment_equal(a1, a2),
+                "Assignments should be equal");
+
+    ipset_assignment_free(a1);
+    ipset_assignment_free(a2);
+}
+END_TEST
+
+
+START_TEST(test_bdd_assignment_equal_2)
+{
+    struct ipset_assignment  *a1;
+    struct ipset_assignment  *a2;
+
+    a1 = ipset_assignment_new();
+    ipset_assignment_set(a1, 0, IPSET_TRUE);
+    ipset_assignment_set(a1, 1, IPSET_FALSE);
+
+    a2 = ipset_assignment_new();
+    ipset_assignment_set(a2, 0, IPSET_TRUE);
+    ipset_assignment_set(a2, 1, IPSET_FALSE);
+    ipset_assignment_set(a2, 4, IPSET_EITHER);
+
+    fail_unless(ipset_assignment_equal(a1, a2),
+                "Assignments should be equal");
+
+    ipset_assignment_free(a1);
+    ipset_assignment_free(a2);
+}
+END_TEST
+
+
+START_TEST(test_bdd_assignment_cut_1)
+{
+    struct ipset_assignment  *a1;
+    struct ipset_assignment  *a2;
+
+    a1 = ipset_assignment_new();
+    ipset_assignment_set(a1, 0, IPSET_TRUE);
+    ipset_assignment_set(a1, 1, IPSET_FALSE);
+
+    a2 = ipset_assignment_new();
+    ipset_assignment_set(a2, 0, IPSET_TRUE);
+    ipset_assignment_set(a2, 1, IPSET_FALSE);
+    ipset_assignment_set(a2, 2, IPSET_TRUE);
+    ipset_assignment_set(a2, 3, IPSET_TRUE);
+    ipset_assignment_set(a2, 4, IPSET_FALSE);
+
+    ipset_assignment_cut(a2, 2);
+
+    fail_unless(ipset_assignment_equal(a1, a2),
+                "Assignments should be equal");
+
+    ipset_assignment_free(a1);
+    ipset_assignment_free(a2);
+}
+END_TEST
+
+
+/*-----------------------------------------------------------------------
+ * Expanded assignments
+ */
+
+START_TEST(test_bdd_assignment_expand_1)
+{
+    struct ipset_assignment  *a;
+
+    a = ipset_assignment_new();
+    ipset_assignment_set(a, 0, true);
+    ipset_assignment_set(a, 1, false);
+
+    struct ipset_expanded_assignment  *it;
+    it = ipset_assignment_expand(a, 2);
+
+    uint8_t  ea[1];
+    memset(ea, 0, 1);
+
+    fail_if(it->finished,
+            "Expanded assignment shouldn't be empty");
+    IPSET_BIT_SET(ea, 0, true);
+    IPSET_BIT_SET(ea, 1, false);
+    fail_unless(memcmp(ea, it->values.buf, 1) == 0,
+                "Expanded assignment doesn't match");
+
+    ipset_expanded_assignment_advance(it);
+    fail_unless(it->finished,
+                "Expanded assignment should have 1 element");
+
+    ipset_expanded_assignment_free(it);
+    ipset_assignment_free(a);
+}
+END_TEST
+
+
+START_TEST(test_bdd_assignment_expand_2)
+{
+    struct ipset_assignment  *a;
+
+    a = ipset_assignment_new();
+    ipset_assignment_set(a, 0, true);
+    ipset_assignment_set(a, 1, false);
+
+    struct ipset_expanded_assignment  *it;
+    it = ipset_assignment_expand(a, 3);
+
+    uint8_t  ea[1];
+    memset(ea, 0, 1);
+
+    fail_if(it->finished,
+            "Expanded assignment shouldn't be empty");
+    IPSET_BIT_SET(ea, 0, true);
+    IPSET_BIT_SET(ea, 1, false);
+    IPSET_BIT_SET(ea, 2, false);
+    fail_unless(memcmp(ea, it->values.buf, 1) == 0,
+                "Expanded assignment 1 doesn't match");
+
+    ipset_expanded_assignment_advance(it);
+    fail_if(it->finished,
+                "Expanded assignment should have at least 1 element");
+    IPSET_BIT_SET(ea, 0, true);
+    IPSET_BIT_SET(ea, 1, false);
+    IPSET_BIT_SET(ea, 2, true);
+    fail_unless(memcmp(ea, it->values.buf, 1) == 0,
+                "Expanded assignment 2 doesn't match");
+
+    ipset_expanded_assignment_advance(it);
+    fail_unless(it->finished,
+                "Expanded assignment should have 2 elements");
+
+    ipset_expanded_assignment_free(it);
+    ipset_assignment_free(a);
+}
+END_TEST
+
+
+START_TEST(test_bdd_assignment_expand_3)
+{
+    struct ipset_assignment  *a;
+
+    a = ipset_assignment_new();
+    ipset_assignment_set(a, 0, true);
+    ipset_assignment_set(a, 2, false);
+
+    struct ipset_expanded_assignment  *it;
+    it = ipset_assignment_expand(a, 3);
+
+    uint8_t  ea[1];
+    memset(ea, 0, 1);
+
+    fail_if(it->finished,
+            "Expanded assignment shouldn't be empty");
+    IPSET_BIT_SET(ea, 0, true);
+    IPSET_BIT_SET(ea, 1, false);
+    IPSET_BIT_SET(ea, 2, false);
+    fail_unless(memcmp(ea, it->values.buf, 1) == 0,
+                "Expanded assignment 1 doesn't match");
+
+    ipset_expanded_assignment_advance(it);
+    fail_if(it->finished,
+                "Expanded assignment should have at least 1 element");
+    IPSET_BIT_SET(ea, 0, true);
+    IPSET_BIT_SET(ea, 1, true);
+    IPSET_BIT_SET(ea, 2, false);
+    fail_unless(memcmp(ea, it->values.buf, 1) == 0,
+                "Expanded assignment 2 doesn't match");
+
+    ipset_expanded_assignment_advance(it);
+    fail_unless(it->finished,
+                "Expanded assignment should have 2 elements");
+
+    ipset_expanded_assignment_free(it);
+    ipset_assignment_free(a);
+}
+END_TEST
+
+
+/*-----------------------------------------------------------------------
+ * Testing harness
+ */
+
+static Suite *
+test_suite()
+{
+    Suite  *s = suite_create("assignment");
+
+    TCase  *tc_assignments = tcase_create("assignments");
+    tcase_add_test(tc_assignments, test_bdd_assignment_empty_equal);
+    tcase_add_test(tc_assignments, test_bdd_assignment_equal_1);
+    tcase_add_test(tc_assignments, test_bdd_assignment_equal_2);
+    tcase_add_test(tc_assignments, test_bdd_assignment_cut_1);
+    suite_add_tcase(s, tc_assignments);
+
+    TCase  *tc_expanded = tcase_create("expanded");
+    tcase_add_test(tc_expanded, test_bdd_assignment_expand_1);
+    tcase_add_test(tc_expanded, test_bdd_assignment_expand_2);
+    tcase_add_test(tc_expanded, test_bdd_assignment_expand_3);
+    suite_add_tcase(s, tc_expanded);
+
+    return s;
+}
+
+
+int
+main(int argc, const char **argv)
+{
+    int  number_failed;
+    Suite  *suite = test_suite();
+    SRunner  *runner = srunner_create(suite);
+
+    srunner_run_all(runner, CK_NORMAL);
+    number_failed = srunner_ntests_failed(runner);
+    srunner_free(runner);
+
+    return (number_failed == 0)? EXIT_SUCCESS: EXIT_FAILURE;
+}
diff --git a/client/3rd/ShadowSocks/ShadowSocks/shadowsocks-libev/libipset/tests/test-bdd.c b/client/3rd/ShadowSocks/ShadowSocks/shadowsocks-libev/libipset/tests/test-bdd.c
new file mode 100644
index 00000000..23b90e70
--- /dev/null
+++ b/client/3rd/ShadowSocks/ShadowSocks/shadowsocks-libev/libipset/tests/test-bdd.c
@@ -0,0 +1,909 @@
+/* -*- coding: utf-8 -*-
+ * ----------------------------------------------------------------------
+ * Copyright © 2009-2012, RedJack, LLC.
+ * All rights reserved.
+ *
+ * Please see the LICENSE.txt file in this distribution for license
+ * details.
+ * ----------------------------------------------------------------------
+ */
+
+#include <stdlib.h>
+#include <unistd.h>
+
+#include <check.h>
+#include <libcork/core.h>
+
+#include "ipset/bdd/nodes.h"
+#include "ipset/bits.h"
+
+
+#define DESCRIBE_TEST  fprintf(stderr, "---\n%s\n", __func__)
+
+
+/*-----------------------------------------------------------------------
+ * Temporary file helper
+ */
+
+#define TEMP_FILE_TEMPLATE "/tmp/bdd-XXXXXX"
+
+struct temp_file {
+    char  *filename;
+    FILE  *stream;
+};
+
+static struct temp_file *
+temp_file_new(void)
+{
+    struct temp_file  *temp_file = cork_new(struct temp_file);
+    temp_file->filename = (char *) cork_strdup(TEMP_FILE_TEMPLATE);
+    temp_file->stream = NULL;
+    return temp_file;
+}
+
+static void
+temp_file_free(struct temp_file *temp_file)
+{
+    if (temp_file->stream != NULL) {
+        fclose(temp_file->stream);
+    }
+
+    unlink(temp_file->filename);
+    cork_strfree(temp_file->filename);
+    free(temp_file);
+}
+
+static void
+temp_file_open_stream(struct temp_file *temp_file)
+{
+    int  fd = mkstemp(temp_file->filename);
+    temp_file->stream = fdopen(fd, "rb+");
+}
+
+
+/*-----------------------------------------------------------------------
+ * Bit arrays
+ */
+
+START_TEST(test_bit_get)
+{
+    DESCRIBE_TEST;
+    uint16_t  a = CORK_UINT16_HOST_TO_BIG(0x6012); /* 0110 0000 0001 0010 */
+
+    fail_unless(IPSET_BIT_GET(&a,  0) == 0, "Bit 0 is incorrect");
+    fail_unless(IPSET_BIT_GET(&a,  1) == 1, "Bit 1 is incorrect");
+    fail_unless(IPSET_BIT_GET(&a,  2) == 1, "Bit 2 is incorrect");
+    fail_unless(IPSET_BIT_GET(&a,  3) == 0, "Bit 3 is incorrect");
+
+    fail_unless(IPSET_BIT_GET(&a,  4) == 0, "Bit 4 is incorrect");
+    fail_unless(IPSET_BIT_GET(&a,  5) == 0, "Bit 5 is incorrect");
+    fail_unless(IPSET_BIT_GET(&a,  6) == 0, "Bit 6 is incorrect");
+    fail_unless(IPSET_BIT_GET(&a,  7) == 0, "Bit 7 is incorrect");
+
+    fail_unless(IPSET_BIT_GET(&a,  8) == 0, "Bit 8 is incorrect");
+    fail_unless(IPSET_BIT_GET(&a,  9) == 0, "Bit 9 is incorrect");
+    fail_unless(IPSET_BIT_GET(&a, 10) == 0, "Bit 10 is incorrect");
+    fail_unless(IPSET_BIT_GET(&a, 11) == 1, "Bit 11 is incorrect");
+
+    fail_unless(IPSET_BIT_GET(&a, 12) == 0, "Bit 12 is incorrect");
+    fail_unless(IPSET_BIT_GET(&a, 13) == 0, "Bit 13 is incorrect");
+    fail_unless(IPSET_BIT_GET(&a, 14) == 1, "Bit 14 is incorrect");
+    fail_unless(IPSET_BIT_GET(&a, 15) == 0, "Bit 15 is incorrect");
+}
+END_TEST
+
+
+START_TEST(test_bit_set)
+{
+    DESCRIBE_TEST;
+    uint16_t  a = 0xffff;        /* 0110 0000 0001 0010 */
+
+    IPSET_BIT_SET(&a,  0, 0);
+    IPSET_BIT_SET(&a,  1, 1);
+    IPSET_BIT_SET(&a,  2, 1);
+    IPSET_BIT_SET(&a,  3, 0);
+
+    IPSET_BIT_SET(&a,  4, 0);
+    IPSET_BIT_SET(&a,  5, 0);
+    IPSET_BIT_SET(&a,  6, 0);
+    IPSET_BIT_SET(&a,  7, 0);
+
+    IPSET_BIT_SET(&a,  8, 0);
+    IPSET_BIT_SET(&a,  9, 0);
+    IPSET_BIT_SET(&a, 10, 0);
+    IPSET_BIT_SET(&a, 11, 1);
+
+    IPSET_BIT_SET(&a, 12, 0);
+    IPSET_BIT_SET(&a, 13, 0);
+    IPSET_BIT_SET(&a, 14, 1);
+    IPSET_BIT_SET(&a, 15, 0);
+
+    fail_unless(CORK_UINT16_HOST_TO_BIG(0x6012) == a,
+                "Incorrect bit result: 0x%04" PRIu16, a);
+}
+END_TEST
+
+
+/*-----------------------------------------------------------------------
+ * BDD terminals
+ */
+
+START_TEST(test_bdd_false_terminal)
+{
+    DESCRIBE_TEST;
+    struct ipset_node_cache  *cache = ipset_node_cache_new();
+
+    ipset_node_id  n_false = ipset_terminal_node_id(false);
+
+    fail_unless(ipset_node_get_type(n_false) == IPSET_TERMINAL_NODE,
+                "False terminal has wrong type");
+
+    fail_unless(ipset_terminal_value(n_false) == false,
+                "False terminal has wrong value");
+
+    ipset_node_decref(cache, n_false);
+    ipset_node_cache_free(cache);
+}
+END_TEST
+
+
+START_TEST(test_bdd_true_terminal)
+{
+    DESCRIBE_TEST;
+    struct ipset_node_cache  *cache = ipset_node_cache_new();
+
+    ipset_node_id  n_true = ipset_terminal_node_id(true);
+
+    fail_unless(ipset_node_get_type(n_true) == IPSET_TERMINAL_NODE,
+                "True terminal has wrong type");
+
+    fail_unless(ipset_terminal_value(n_true) == true,
+                "True terminal has wrong value");
+
+    ipset_node_decref(cache, n_true);
+    ipset_node_cache_free(cache);
+}
+END_TEST
+
+
+START_TEST(test_bdd_terminal_reduced_1)
+{
+    DESCRIBE_TEST;
+    struct ipset_node_cache  *cache = ipset_node_cache_new();
+
+    ipset_node_id  node1 = ipset_terminal_node_id(false);
+    ipset_node_id  node2 = ipset_terminal_node_id(false);
+
+    fail_unless(node1 == node2,
+                "Terminal node isn't reduced");
+
+    ipset_node_decref(cache, node1);
+    ipset_node_decref(cache, node2);
+    ipset_node_cache_free(cache);
+}
+END_TEST
+
+
+/*-----------------------------------------------------------------------
+ * BDD non-terminals
+ */
+
+START_TEST(test_bdd_nonterminal_1)
+{
+    DESCRIBE_TEST;
+    struct ipset_node_cache  *cache = ipset_node_cache_new();
+
+    ipset_node_id  n_false = ipset_terminal_node_id(false);
+    ipset_node_id  n_true = ipset_terminal_node_id(true);
+
+    ipset_node_id  node =
+        ipset_node_cache_nonterminal(cache, 0, n_false, n_true);
+
+    fail_unless(ipset_node_get_type(node) == IPSET_NONTERMINAL_NODE,
+                "Nonterminal has wrong type");
+
+    struct ipset_node  *n = ipset_node_cache_get_nonterminal(cache, node);
+
+    fail_unless(n->variable == 0,
+                "Nonterminal has wrong variable");
+    fail_unless(n->low == n_false,
+                "Nonterminal has wrong low pointer");
+    fail_unless(n->high == n_true,
+                "Nonterminal has wrong high pointer");
+
+    ipset_node_decref(cache, node);
+    ipset_node_cache_free(cache);
+}
+END_TEST
+
+
+START_TEST(test_bdd_nonterminal_reduced_1)
+{
+    DESCRIBE_TEST;
+    struct ipset_node_cache  *cache = ipset_node_cache_new();
+
+    /* If we create nonterminals via a BDD engine, they will be reduced
+     * — i.e., every nonterminal with the same value will be in the same
+     * memory location. */
+
+    ipset_node_id  n_false = ipset_terminal_node_id(false);
+    ipset_node_id  n_true = ipset_terminal_node_id(true);
+
+    ipset_node_id  node1 =
+        ipset_node_cache_nonterminal(cache, 0, n_false, n_true);
+    ipset_node_id  node2 =
+        ipset_node_cache_nonterminal(cache, 0, n_false, n_true);
+
+    fail_unless(node1 == node2,
+                "Nonterminal node isn't reduced");
+
+    ipset_node_decref(cache, node1);
+    ipset_node_decref(cache, node2);
+    ipset_node_cache_free(cache);
+}
+END_TEST
+
+
+START_TEST(test_bdd_nonterminal_reduced_2)
+{
+    DESCRIBE_TEST;
+    struct ipset_node_cache  *cache = ipset_node_cache_new();
+
+    /* We shouldn't have a nonterminal whose low and high subtrees are
+     * equal. */
+
+    ipset_node_id  n_false = ipset_terminal_node_id(false);
+
+    ipset_node_id  node =
+        ipset_node_cache_nonterminal(cache, 0, n_false, n_false);
+
+    fail_unless(node == n_false,
+                "Nonterminal node isn't reduced");
+
+    ipset_node_decref(cache, node);
+    ipset_node_cache_free(cache);
+}
+END_TEST
+
+
+/*-----------------------------------------------------------------------
+ * Evaluation
+ */
+
+START_TEST(test_bdd_evaluate_1)
+{
+    DESCRIBE_TEST;
+    struct ipset_node_cache  *cache = ipset_node_cache_new();
+
+    /* Create a BDD representing
+     *   f(x) = ¬x[0]
+     */
+
+    ipset_node_id  n_false = ipset_terminal_node_id(false);
+    ipset_node_id  n_true = ipset_terminal_node_id(true);
+
+    ipset_node_id  node =
+        ipset_node_cache_nonterminal(cache, 0, n_true, n_false);
+
+    /* And test we can get the right results out of it. */
+
+    uint8_t  input1[] = { 0x80 }; /* { TRUE } */
+    bool  expected1 = false;
+    fail_unless(ipset_node_evaluate
+                (cache, node, ipset_bit_array_assignment, input1)
+                == expected1,
+                "BDD evaluates to wrong value");
+
+    uint8_t  input2[] = { 0x00 }; /* { FALSE } */
+    bool  expected2 = true;
+    fail_unless(ipset_node_evaluate
+                (cache, node, ipset_bit_array_assignment, input2)
+                == expected2,
+                "BDD evaluates to wrong value");
+
+    ipset_node_decref(cache, node);
+    ipset_node_cache_free(cache);
+}
+END_TEST
+
+
+START_TEST(test_bdd_evaluate_2)
+{
+    DESCRIBE_TEST;
+    struct ipset_node_cache  *cache = ipset_node_cache_new();
+
+    /* Create a BDD representing
+     *   f(x) = ¬x[0] ∧ x[1]
+     */
+
+    ipset_node_id  n_false = ipset_terminal_node_id(false);
+    ipset_node_id  n_true = ipset_terminal_node_id(true);
+
+    ipset_node_id  node1 =
+        ipset_node_cache_nonterminal(cache, 1, n_false, n_true);
+    ipset_node_id  node =
+        ipset_node_cache_nonterminal(cache, 0, node1, n_false);
+
+    /* And test we can get the right results out of it. */
+
+    bool  input1[] = { true, true };
+    bool  expected1 = false;
+    fail_unless(ipset_node_evaluate
+                (cache, node, ipset_bool_array_assignment, input1)
+                == expected1,
+                "BDD evaluates to wrong value");
+
+    bool  input2[] = { true, false };
+    bool  expected2 = false;
+    fail_unless(ipset_node_evaluate
+                (cache, node, ipset_bool_array_assignment, input2)
+                == expected2,
+                "BDD evaluates to wrong value");
+
+    bool  input3[] = { false, true };
+    bool  expected3 = true;
+    fail_unless(ipset_node_evaluate
+                (cache, node, ipset_bool_array_assignment, input3)
+                == expected3,
+                "BDD evaluates to wrong value");
+
+    bool  input4[] = { false, false };
+    bool  expected4 = false;
+    fail_unless(ipset_node_evaluate
+                (cache, node, ipset_bool_array_assignment, input4)
+                == expected4,
+                "BDD evaluates to wrong value");
+
+    ipset_node_decref(cache, node);
+    ipset_node_cache_free(cache);
+}
+END_TEST
+
+
+/*-----------------------------------------------------------------------
+ * Operators
+ */
+
+START_TEST(test_bdd_insert_reduced_1)
+{
+    DESCRIBE_TEST;
+    struct ipset_node_cache  *cache = ipset_node_cache_new();
+
+    /* Create a BDD representing
+     *   f(x) = x[0] ∧ x[1]
+     */
+    bool  elem[] = { true, true };
+    ipset_node_id  n_false0 = ipset_terminal_node_id(false);
+    ipset_node_id  node0 =
+        ipset_node_insert
+        (cache, n_false0, ipset_bool_array_assignment, elem, 2, true);
+
+    /* And then do it again. */
+    ipset_node_id  n_false1 = ipset_terminal_node_id(false);
+    ipset_node_id  node1 =
+        ipset_node_insert
+        (cache, n_false1, ipset_bool_array_assignment, elem, 2, true);
+
+    /* Verify that we get the same physical node both times. */
+    fail_unless(node0 == node1,
+                "Insert result isn't reduced");
+
+    ipset_node_decref(cache, n_false0);
+    ipset_node_decref(cache, node0);
+    ipset_node_decref(cache, n_false1);
+    ipset_node_decref(cache, node1);
+    ipset_node_cache_free(cache);
+}
+END_TEST
+
+
+START_TEST(test_bdd_insert_evaluate_1)
+{
+    DESCRIBE_TEST;
+    struct ipset_node_cache  *cache = ipset_node_cache_new();
+
+    /* Create a BDD representing
+     *   f(x) = x[0] ∧ x[1]
+     */
+    bool  elem[] = { true, true };
+    ipset_node_id  n_false = ipset_terminal_node_id(false);
+    ipset_node_id  node =
+        ipset_node_insert
+        (cache, n_false, ipset_bool_array_assignment, elem, 2, true);
+
+    /* And test we can get the right results out of it. */
+
+    bool  input1[] = { true, true };
+    bool  expected1 = true;
+    fail_unless(ipset_node_evaluate
+                (cache, node, ipset_bool_array_assignment, input1)
+                == expected1,
+                "BDD evaluates to wrong value");
+
+    bool  input2[] = { true, false };
+    bool  expected2 = false;
+    fail_unless(ipset_node_evaluate
+                (cache, node, ipset_bool_array_assignment, input2)
+                == expected2,
+                "BDD evaluates to wrong value");
+
+    bool  input3[] = { false, true };
+    bool  expected3 = false;
+    fail_unless(ipset_node_evaluate
+                (cache, node, ipset_bool_array_assignment, input3)
+                == expected3,
+                "BDD evaluates to wrong value");
+
+    bool  input4[] = { false, false };
+    bool  expected4 = false;
+    fail_unless(ipset_node_evaluate
+                (cache, node, ipset_bool_array_assignment, input4)
+                == expected4,
+                "BDD evaluates to wrong value");
+
+    ipset_node_decref(cache, n_false);
+    ipset_node_decref(cache, node);
+    ipset_node_cache_free(cache);
+}
+END_TEST
+
+
+/*-----------------------------------------------------------------------
+ * Memory size
+ */
+
+START_TEST(test_bdd_size_1)
+{
+    DESCRIBE_TEST;
+    struct ipset_node_cache  *cache = ipset_node_cache_new();
+
+    /* Create a BDD representing
+     *   f(x) = (x[0] ∧ x[1]) ∨ (¬x[0] ∧ x[2])
+     */
+    bool  elem1[] = { true, true };
+    bool  elem2[] = { false, true, true };
+    bool  elem3[] = { false, false, true };
+
+    ipset_node_id  n_false = ipset_terminal_node_id(false);
+    ipset_node_id  n1 =
+        ipset_node_insert
+        (cache, n_false, ipset_bool_array_assignment, elem1, 2, true);
+    ipset_node_id  n2 =
+        ipset_node_insert
+        (cache, n1, ipset_bool_array_assignment, elem2, 3, true);
+    ipset_node_id  node =
+        ipset_node_insert
+        (cache, n2, ipset_bool_array_assignment, elem3, 3, true);
+
+    /* And verify how big it is. */
+
+    fail_unless(ipset_node_reachable_count(cache, node) == 3u,
+                "BDD has wrong number of nodes");
+
+    fail_unless(ipset_node_memory_size(cache, node) ==
+                3u * sizeof(struct ipset_node),
+                "BDD takes up wrong amount of space");
+
+    ipset_node_decref(cache, n_false);
+    ipset_node_decref(cache, n1);
+    ipset_node_decref(cache, n2);
+    ipset_node_decref(cache, node);
+    ipset_node_cache_free(cache);
+}
+END_TEST
+
+
+/*-----------------------------------------------------------------------
+ * Serialization
+ */
+
+START_TEST(test_bdd_save_1)
+{
+    DESCRIBE_TEST;
+    struct ipset_node_cache  *cache = ipset_node_cache_new();
+
+    /* Create a BDD representing
+     *   f(x) = true
+     */
+    ipset_node_id  node = ipset_terminal_node_id(true);
+
+    /* Serialize the BDD into a string. */
+    struct cork_buffer  buf = CORK_BUFFER_INIT();
+    struct cork_stream_consumer  *stream =
+        cork_buffer_to_stream_consumer(&buf);
+
+    fail_unless(ipset_node_cache_save(stream, cache, node) == 0,
+                "Cannot serialize BDD");
+
+    const char  *raw_expected =
+        "IP set"                             // magic number
+        "\x00\x01"                           // version
+        "\x00\x00\x00\x00\x00\x00\x00\x18"   // length
+        "\x00\x00\x00\x00"                   // node count
+        "\x00\x00\x00\x01"                   // terminal value
+        ;
+    const size_t  expected_length = 24;
+
+    fail_unless(expected_length == buf.size,
+                "Serialized BDD has wrong length "
+                "(expected %zu, got %zu)",
+                expected_length, buf.size);
+
+    fail_unless(memcmp(raw_expected, buf.buf, expected_length) == 0,
+                "Serialized BDD has incorrect data");
+
+    cork_stream_consumer_free(stream);
+    cork_buffer_done(&buf);
+    ipset_node_decref(cache, node);
+    ipset_node_cache_free(cache);
+}
+END_TEST
+
+
+START_TEST(test_bdd_save_2)
+{
+    DESCRIBE_TEST;
+    struct ipset_node_cache  *cache = ipset_node_cache_new();
+
+    /* Create a BDD representing
+     *   f(x) = (x[0] ∧ x[1]) ∨ (¬x[0] ∧ x[2])
+     */
+    bool  elem1[] = { true, true };
+    bool  elem2[] = { false, true, true };
+    bool  elem3[] = { false, false, true };
+
+    ipset_node_id  n_false = ipset_terminal_node_id(false);
+    ipset_node_id  n1 =
+        ipset_node_insert
+        (cache, n_false, ipset_bool_array_assignment, elem1, 2, true);
+    ipset_node_id  n2 =
+        ipset_node_insert
+        (cache, n1, ipset_bool_array_assignment, elem2, 3, true);
+    ipset_node_id  node =
+        ipset_node_insert
+        (cache, n2, ipset_bool_array_assignment, elem3, 3, true);
+
+    /* Serialize the BDD into a string. */
+    struct cork_buffer  buf = CORK_BUFFER_INIT();
+    struct cork_stream_consumer  *stream =
+        cork_buffer_to_stream_consumer(&buf);
+
+    fail_unless(ipset_node_cache_save(stream, cache, node) == 0,
+                "Cannot serialize BDD");
+
+    const char  *raw_expected =
+        "IP set"                             // magic number
+        "\x00\x01"                           // version
+        "\x00\x00\x00\x00\x00\x00\x00\x2f"   // length
+        "\x00\x00\x00\x03"                   // node count
+        // node -1
+        "\x02"                               // variable
+        "\x00\x00\x00\x00"                   // low
+        "\x00\x00\x00\x01"                   // high
+        // node -2
+        "\x01"                               // variable
+        "\x00\x00\x00\x00"                   // low
+        "\x00\x00\x00\x01"                   // high
+        // node -3
+        "\x00"                               // variable
+        "\xff\xff\xff\xff"                   // low
+        "\xff\xff\xff\xfe"                   // high
+        ;
+    const size_t  expected_length = 47;
+
+    fail_unless(expected_length == buf.size,
+                "Serialized BDD has wrong length "
+                "(expected %zu, got %zu)",
+                expected_length, buf.size);
+
+    fail_unless(memcmp(raw_expected, buf.buf, expected_length) == 0,
+                "Serialized BDD has incorrect data");
+
+    cork_stream_consumer_free(stream);
+    cork_buffer_done(&buf);
+    ipset_node_decref(cache, n_false);
+    ipset_node_decref(cache, n1);
+    ipset_node_decref(cache, n2);
+    ipset_node_decref(cache, node);
+    ipset_node_cache_free(cache);
+}
+END_TEST
+
+
+START_TEST(test_bdd_load_1)
+{
+    DESCRIBE_TEST;
+    struct ipset_node_cache  *cache = ipset_node_cache_new();
+
+    /* Create a BDD representing
+     *   f(x) = true
+     */
+    ipset_node_id  node = ipset_terminal_node_id(true);
+
+    /* Read a BDD from a string. */
+    const char  *raw =
+        "IP set"                             // magic number
+        "\x00\x01"                           // version
+        "\x00\x00\x00\x00\x00\x00\x00\x18"   // length
+        "\x00\x00\x00\x00"                   // node count
+        "\x00\x00\x00\x01"                   // terminal value
+        ;
+    const size_t  raw_length = 24;
+
+    struct temp_file  *temp_file = temp_file_new();
+    temp_file_open_stream(temp_file);
+    fwrite(raw, raw_length, 1, temp_file->stream);
+    fflush(temp_file->stream);
+    fseek(temp_file->stream, 0, SEEK_SET);
+
+    ipset_node_id  read = ipset_node_cache_load(temp_file->stream, cache);
+    fail_if(cork_error_occurred(),
+            "Error reading BDD from stream");
+
+    fail_unless(read == node,
+                "BDD from stream doesn't match expected");
+
+    temp_file_free(temp_file);
+    ipset_node_decref(cache, node);
+    ipset_node_decref(cache, read);
+    ipset_node_cache_free(cache);
+}
+END_TEST
+
+
+START_TEST(test_bdd_load_2)
+{
+    DESCRIBE_TEST;
+    struct ipset_node_cache  *cache = ipset_node_cache_new();
+
+    /** Create a BDD representing
+     *   f(x) = (x[0] ∧ x[1]) ∨ (¬x[0] ∧ x[2])
+     */
+    bool  elem1[] = { true, true };
+    bool  elem2[] = { false, true, true };
+    bool  elem3[] = { false, false, true };
+
+    ipset_node_id  n_false = ipset_terminal_node_id(false);
+    ipset_node_id  n1 =
+        ipset_node_insert
+        (cache, n_false, ipset_bool_array_assignment, elem1, 2, true);
+    ipset_node_id  n2 =
+        ipset_node_insert
+        (cache, n1, ipset_bool_array_assignment, elem2, 3, true);
+    ipset_node_id  node =
+        ipset_node_insert
+        (cache, n2, ipset_bool_array_assignment, elem3, 3, true);
+
+    /*
+     * Read a BDD from a string.
+     */
+
+    const char  *raw =
+        "IP set"                             // magic number
+        "\x00\x01"                           // version
+        "\x00\x00\x00\x00\x00\x00\x00\x2f"   // length
+        "\x00\x00\x00\x03"                   // node count
+        // node -1
+        "\x02"                               // variable
+        "\x00\x00\x00\x00"                   // low
+        "\x00\x00\x00\x01"                   // high
+        // node -2
+        "\x01"                               // variable
+        "\x00\x00\x00\x00"                   // low
+        "\x00\x00\x00\x01"                   // high
+        // node -3
+        "\x00"                               // variable
+        "\xff\xff\xff\xff"                   // low
+        "\xff\xff\xff\xfe"                   // high
+        ;
+    const size_t  raw_length = 47;
+
+    struct temp_file  *temp_file = temp_file_new();
+    temp_file_open_stream(temp_file);
+    fwrite(raw, raw_length, 1, temp_file->stream);
+    fflush(temp_file->stream);
+    fseek(temp_file->stream, 0, SEEK_SET);
+
+    ipset_node_id  read = ipset_node_cache_load(temp_file->stream, cache);
+    fail_if(cork_error_occurred(),
+            "Error reading BDD from stream");
+
+    fail_unless(read == node,
+                "BDD from stream doesn't match expected");
+
+    temp_file_free(temp_file);
+    ipset_node_decref(cache, n_false);
+    ipset_node_decref(cache, n1);
+    ipset_node_decref(cache, n2);
+    ipset_node_decref(cache, node);
+    ipset_node_decref(cache, read);
+    ipset_node_cache_free(cache);
+}
+END_TEST
+
+
+/*-----------------------------------------------------------------------
+ * Iteration
+ */
+
+START_TEST(test_bdd_iterate_1)
+{
+    DESCRIBE_TEST;
+    struct ipset_node_cache  *cache = ipset_node_cache_new();
+
+    /* Create a BDD representing
+     *   f(x) = ¬x[0]
+     */
+
+    ipset_node_id  n_false = ipset_terminal_node_id(false);
+    ipset_node_id  n_true = ipset_terminal_node_id(true);
+
+    ipset_node_id  node =
+        ipset_node_cache_nonterminal(cache, 0, n_true, n_false);
+
+    /* And test that iterating the BDD gives us the expected results. */
+
+    struct ipset_assignment  *expected = ipset_assignment_new();
+    struct ipset_bdd_iterator  *it = ipset_node_iterate(cache, node);
+
+    fail_if(it->finished,
+            "Iterator should not be empty");
+    ipset_assignment_clear(expected);
+    ipset_assignment_set(expected, 0, IPSET_FALSE);
+    fail_unless(ipset_assignment_equal(expected, it->assignment),
+                "Iterator assignment 0 doesn't match");
+    fail_unless(true == it->value,
+                "Iterator value 0 doesn't match");
+
+    ipset_bdd_iterator_advance(it);
+    fail_if(it->finished,
+            "Iterator should have more than 1 element");
+    ipset_assignment_clear(expected);
+    ipset_assignment_set(expected, 0, IPSET_TRUE);
+    fail_unless(ipset_assignment_equal(expected, it->assignment),
+                "Iterator assignment 1 doesn't match");
+    fail_unless(false == it->value,
+                "Iterator value 1 doesn't match (%u)", it->value);
+
+    ipset_bdd_iterator_advance(it);
+    fail_unless(it->finished,
+                "Iterator should have 2 elements");
+
+    ipset_assignment_free(expected);
+    ipset_bdd_iterator_free(it);
+    ipset_node_cache_free(cache);
+}
+END_TEST
+
+
+START_TEST(test_bdd_iterate_2)
+{
+    DESCRIBE_TEST;
+    struct ipset_node_cache  *cache = ipset_node_cache_new();
+
+    /* Create a BDD representing
+     *   f(x) = ¬x[0] ∧ x[1]
+     */
+    ipset_node_id  n_false = ipset_terminal_node_id(false);
+    ipset_node_id  n_true = ipset_terminal_node_id(true);
+
+    ipset_node_id  node1 =
+        ipset_node_cache_nonterminal(cache, 1, n_false, n_true);
+    ipset_node_id  node =
+        ipset_node_cache_nonterminal(cache, 0, node1, n_false);
+
+    /* And test that iterating the BDD gives us the expected results. */
+    struct ipset_assignment  *expected = ipset_assignment_new();
+    struct ipset_bdd_iterator  *it = ipset_node_iterate(cache, node);
+
+    fail_if(it->finished,
+            "Iterator should not be empty");
+    ipset_assignment_clear(expected);
+    ipset_assignment_set(expected, 0, IPSET_FALSE);
+    ipset_assignment_set(expected, 1, IPSET_FALSE);
+    fail_unless(ipset_assignment_equal(expected, it->assignment),
+                "Iterator assignment 0 doesn't match");
+    fail_unless(false == it->value,
+                "Iterator value 0 doesn't match");
+
+    ipset_bdd_iterator_advance(it);
+    fail_if(it->finished,
+            "Iterator should have more than 1 element");
+    ipset_assignment_clear(expected);
+    ipset_assignment_set(expected, 0, IPSET_FALSE);
+    ipset_assignment_set(expected, 1, IPSET_TRUE);
+    fail_unless(ipset_assignment_equal(expected, it->assignment),
+                "Iterator assignment 1 doesn't match");
+    fail_unless(true == it->value,
+                "Iterator value 1 doesn't match (%u)", it->value);
+
+    ipset_bdd_iterator_advance(it);
+    fail_if(it->finished,
+            "Iterator should have more than 2 elements");
+    ipset_assignment_clear(expected);
+    ipset_assignment_set(expected, 0, IPSET_TRUE);
+    fail_unless(ipset_assignment_equal(expected, it->assignment),
+                "Iterator assignment 2 doesn't match");
+    fail_unless(false == it->value,
+                "Iterator value 2 doesn't match (%u)", it->value);
+
+    ipset_bdd_iterator_advance(it);
+    fail_unless(it->finished,
+                "Iterator should have 3 elements");
+
+    ipset_assignment_free(expected);
+    ipset_bdd_iterator_free(it);
+    ipset_node_cache_free(cache);
+}
+END_TEST
+
+
+/*-----------------------------------------------------------------------
+ * Testing harness
+ */
+
+static Suite *
+test_suite()
+{
+    Suite  *s = suite_create("bdd");
+
+    TCase  *tc_bits = tcase_create("bits");
+    tcase_add_test(tc_bits, test_bit_get);
+    tcase_add_test(tc_bits, test_bit_set);
+    suite_add_tcase(s, tc_bits);
+
+    TCase  *tc_terminals = tcase_create("terminals");
+    tcase_add_test(tc_terminals, test_bdd_false_terminal);
+    tcase_add_test(tc_terminals, test_bdd_true_terminal);
+    tcase_add_test(tc_terminals, test_bdd_terminal_reduced_1);
+    suite_add_tcase(s, tc_terminals);
+
+    TCase  *tc_nonterminals = tcase_create("nonterminals");
+    tcase_add_test(tc_nonterminals, test_bdd_nonterminal_1);
+    tcase_add_test(tc_nonterminals, test_bdd_nonterminal_reduced_1);
+    tcase_add_test(tc_nonterminals, test_bdd_nonterminal_reduced_2);
+    suite_add_tcase(s, tc_nonterminals);
+
+    TCase  *tc_evaluation = tcase_create("evaluation");
+    tcase_add_test(tc_evaluation, test_bdd_evaluate_1);
+    tcase_add_test(tc_evaluation, test_bdd_evaluate_2);
+    suite_add_tcase(s, tc_evaluation);
+
+    TCase  *tc_operators = tcase_create("operators");
+    tcase_add_test(tc_operators, test_bdd_insert_reduced_1);
+    tcase_add_test(tc_operators, test_bdd_insert_evaluate_1);
+    suite_add_tcase(s, tc_operators);
+
+    TCase  *tc_size = tcase_create("size");
+    tcase_add_test(tc_size, test_bdd_size_1);
+    suite_add_tcase(s, tc_size);
+
+    TCase  *tc_serialization = tcase_create("serialization");
+    tcase_add_test(tc_serialization, test_bdd_save_1);
+    tcase_add_test(tc_serialization, test_bdd_save_2);
+    tcase_add_test(tc_serialization, test_bdd_load_1);
+    tcase_add_test(tc_serialization, test_bdd_load_2);
+    suite_add_tcase(s, tc_serialization);
+
+    TCase  *tc_iteration = tcase_create("iteration");
+    tcase_add_test(tc_iteration, test_bdd_iterate_1);
+    tcase_add_test(tc_iteration, test_bdd_iterate_2);
+    suite_add_tcase(s, tc_iteration);
+
+    return s;
+}
+
+
+int
+main(int argc, const char **argv)
+{
+    int  number_failed;
+    Suite  *suite = test_suite();
+    SRunner  *runner = srunner_create(suite);
+
+    srunner_run_all(runner, CK_NORMAL);
+    number_failed = srunner_ntests_failed(runner);
+    srunner_free(runner);
+
+    return (number_failed == 0)? EXIT_SUCCESS: EXIT_FAILURE;
+}
diff --git a/client/3rd/ShadowSocks/ShadowSocks/shadowsocks-libev/libipset/tests/test-ipmap.c b/client/3rd/ShadowSocks/ShadowSocks/shadowsocks-libev/libipset/tests/test-ipmap.c
new file mode 100644
index 00000000..0e600b74
--- /dev/null
+++ b/client/3rd/ShadowSocks/ShadowSocks/shadowsocks-libev/libipset/tests/test-ipmap.c
@@ -0,0 +1,847 @@
+/* -*- coding: utf-8 -*-
+ * ----------------------------------------------------------------------
+ * Copyright © 2009-2012, RedJack, LLC.
+ * All rights reserved.
+ *
+ * Please see the LICENSE.txt file in this distribution for license
+ * details.
+ * ----------------------------------------------------------------------
+ */
+
+#include <stdlib.h>
+#include <unistd.h>
+
+#include <check.h>
+#include <libcork/core.h>
+
+#include "ipset/ipset.h"
+
+
+#define DESCRIBE_TEST  fprintf(stderr, "---\n%s\n", __func__)
+
+
+/*-----------------------------------------------------------------------
+ * Temporary file helper
+ */
+
+#define TEMP_FILE_TEMPLATE "/tmp/bdd-XXXXXX"
+
+struct temp_file {
+    char  *filename;
+    FILE  *stream;
+};
+
+static struct temp_file *
+temp_file_new(void)
+{
+    struct temp_file  *temp_file = cork_new(struct temp_file);
+    temp_file->filename = (char *) cork_strdup(TEMP_FILE_TEMPLATE);
+    temp_file->stream = NULL;
+    return temp_file;
+}
+
+static void
+temp_file_free(struct temp_file *temp_file)
+{
+    if (temp_file->stream != NULL) {
+        fclose(temp_file->stream);
+    }
+
+    unlink(temp_file->filename);
+    cork_strfree(temp_file->filename);
+    free(temp_file);
+}
+
+static void
+temp_file_open_stream(struct temp_file *temp_file)
+{
+    int  fd = mkstemp(temp_file->filename);
+    temp_file->stream = fdopen(fd, "rb+");
+}
+
+
+/*-----------------------------------------------------------------------
+ * Helper functions
+ */
+
+static void
+test_round_trip(struct ip_map *map)
+{
+    struct ip_map  *read_map;
+
+    struct temp_file  *temp_file = temp_file_new();
+    temp_file_open_stream(temp_file);
+
+    fail_unless(ipmap_save(temp_file->stream, map) == 0,
+                "Could not save map");
+
+    fflush(temp_file->stream);
+    fseek(temp_file->stream, 0, SEEK_SET);
+
+    read_map = ipmap_load(temp_file->stream);
+    fail_if(read_map == NULL,
+            "Could not read map");
+
+    fail_unless(ipmap_is_equal(map, read_map),
+                "Map not same after saving/loading");
+
+    temp_file_free(temp_file);
+    ipmap_free(read_map);
+}
+
+
+/*-----------------------------------------------------------------------
+ * General tests
+ */
+
+START_TEST(test_map_starts_empty)
+{
+    DESCRIBE_TEST;
+    struct ip_map  map;
+
+    ipmap_init(&map, 0);
+    fail_unless(ipmap_is_empty(&map),
+                "Map should start empty");
+    ipmap_done(&map);
+}
+END_TEST
+
+START_TEST(test_empty_maps_equal)
+{
+    DESCRIBE_TEST;
+    struct ip_map  map1, map2;
+
+    ipmap_init(&map1, 0);
+    ipmap_init(&map2, 0);
+    fail_unless(ipmap_is_equal(&map1, &map2),
+                "Empty maps should be equal");
+    ipmap_done(&map1);
+    ipmap_done(&map2);
+}
+END_TEST
+
+START_TEST(test_different_defaults_unequal)
+{
+    DESCRIBE_TEST;
+    struct ip_map  map1, map2;
+
+    ipmap_init(&map1, 0);
+    ipmap_init(&map2, 1);
+    fail_if(ipmap_is_equal(&map1, &map2),
+            "Empty maps with different defaults "
+            "should be unequal");
+    ipmap_done(&map1);
+    ipmap_done(&map2);
+}
+END_TEST
+
+START_TEST(test_store_empty_01)
+{
+    DESCRIBE_TEST;
+    struct ip_map  map;
+
+    ipmap_init(&map, 0);
+    test_round_trip(&map);
+    ipmap_done(&map);
+}
+END_TEST
+
+START_TEST(test_store_empty_02)
+{
+    DESCRIBE_TEST;
+    struct ip_map  map;
+
+    ipmap_init(&map, 1);
+    test_round_trip(&map);
+    ipmap_done(&map);
+}
+END_TEST
+
+
+/*-----------------------------------------------------------------------
+ * IPv4 tests
+ */
+
+START_TEST(test_ipv4_insert_01)
+{
+    DESCRIBE_TEST;
+    struct ip_map  map;
+    struct cork_ipv4  addr;
+
+    ipmap_init(&map, 0);
+    cork_ipv4_init(&addr, "192.168.1.100");
+    ipmap_ipv4_set(&map, &addr, 1);
+    fail_unless(ipmap_ipv4_get(&map, &addr) == 1,
+                "Element should be present");
+    ipmap_done(&map);
+}
+END_TEST
+
+START_TEST(test_ipv4_insert_02)
+{
+    DESCRIBE_TEST;
+    struct ip_map  map;
+    struct cork_ipv4  addr;
+
+    ipmap_init(&map, 0);
+    cork_ipv4_init(&addr, "192.168.1.100");
+    ipmap_ipv4_set(&map, &addr, 1);
+    cork_ipv4_init(&addr, "192.168.1.101");
+    fail_unless(ipmap_ipv4_get(&map, &addr) == 0,
+                "Element should not be present");
+    ipmap_done(&map);
+}
+END_TEST
+
+START_TEST(test_ipv4_insert_03)
+{
+    DESCRIBE_TEST;
+    struct ip_map  map;
+    struct cork_ipv4  addr;
+
+    ipmap_init(&map, 0);
+    cork_ipv4_init(&addr, "192.168.1.100");
+    ipmap_ipv4_set(&map, &addr, 1);
+    cork_ipv4_init(&addr, "192.168.2.100");
+    fail_unless(ipmap_ipv4_get(&map, &addr) == 0,
+                "Element should not be present");
+    ipmap_done(&map);
+}
+END_TEST
+
+START_TEST(test_ipv4_insert_network_01)
+{
+    DESCRIBE_TEST;
+    struct ip_map  map;
+    struct cork_ipv4  addr;
+
+    ipmap_init(&map, 0);
+    cork_ipv4_init(&addr, "192.168.1.100");
+    ipmap_ipv4_set_network(&map, &addr, 24, 1);
+    fail_unless(ipmap_ipv4_get(&map, &addr) == 1,
+                "Element should be present");
+    ipmap_done(&map);
+}
+END_TEST
+
+START_TEST(test_ipv4_insert_network_02)
+{
+    DESCRIBE_TEST;
+    struct ip_map  map;
+    struct cork_ipv4  addr;
+
+    ipmap_init(&map, 0);
+    cork_ipv4_init(&addr, "192.168.1.100");
+    ipmap_ipv4_set_network(&map, &addr, 24, 1);
+    cork_ipv4_init(&addr, "192.168.1.101");
+    fail_unless(ipmap_ipv4_get(&map, &addr) == 1,
+                "Element should be present");
+    ipmap_done(&map);
+}
+END_TEST
+
+START_TEST(test_ipv4_insert_network_03)
+{
+    DESCRIBE_TEST;
+    struct ip_map  map;
+    struct cork_ipv4  addr;
+
+    ipmap_init(&map, 0);
+    cork_ipv4_init(&addr, "192.168.1.100");
+    ipmap_ipv4_set_network(&map, &addr, 24, 1);
+    cork_ipv4_init(&addr, "192.168.2.100");
+    fail_unless(ipmap_ipv4_get(&map, &addr) == 0,
+                "Element should not be present");
+    ipmap_done(&map);
+}
+END_TEST
+
+START_TEST(test_ipv4_overwrite_01)
+{
+    DESCRIBE_TEST;
+    struct ip_map  map;
+    struct cork_ipv4  addr;
+
+    ipmap_init(&map, 0);
+    cork_ipv4_init(&addr, "192.168.1.0");
+    ipmap_ipv4_set_network(&map, &addr, 24, 1);
+    cork_ipv4_init(&addr, "192.168.1.100");
+    ipmap_ipv4_set(&map, &addr, 0);
+    fail_unless(ipmap_ipv4_get(&map, &addr) == 0,
+                "Element should be overwritten");
+    ipmap_done(&map);
+}
+END_TEST
+
+START_TEST(test_ipv4_overwrite_02)
+{
+    DESCRIBE_TEST;
+    struct ip_map  map;
+    struct cork_ipv4  addr;
+
+    ipmap_init(&map, 0);
+    cork_ipv4_init(&addr, "192.168.1.0");
+    ipmap_ipv4_set_network(&map, &addr, 24, 1);
+    cork_ipv4_init(&addr, "192.168.1.100");
+    ipmap_ipv4_set(&map, &addr, 2);
+    fail_unless(ipmap_ipv4_get(&map, &addr) == 2,
+                "Element should be overwritten");
+    ipmap_done(&map);
+}
+END_TEST
+
+START_TEST(test_ipv4_bad_cidr_prefix_01)
+{
+    DESCRIBE_TEST;
+    struct ip_map  map;
+    struct cork_ipv4  addr;
+
+    ipmap_init(&map, 0);
+    cork_ipv4_init(&addr, "192.168.1.100");
+    ipmap_ipv4_set_network(&map, &addr, 33, 1);
+    fail_unless(ipmap_is_empty(&map),
+                "Bad CIDR prefix shouldn't change map");
+    cork_error_clear();
+    ipmap_done(&map);
+}
+END_TEST
+
+START_TEST(test_ipv4_equality_1)
+{
+    DESCRIBE_TEST;
+    struct ip_map  map1, map2;
+    struct cork_ipv4  addr;
+
+    ipmap_init(&map1, 0);
+    cork_ipv4_init(&addr, "192.168.1.100");
+    ipmap_ipv4_set(&map1, &addr, 1);
+
+    ipmap_init(&map2, 0);
+    cork_ipv4_init(&addr, "192.168.1.100");
+    ipmap_ipv4_set(&map2, &addr, 1);
+
+    fail_unless(ipmap_is_equal(&map1, &map2),
+                "Expected {x} == {x}");
+
+    ipmap_done(&map1);
+    ipmap_done(&map2);
+}
+END_TEST
+
+START_TEST(test_ipv4_equality_2)
+{
+    DESCRIBE_TEST;
+    struct ip_map  map1, map2;
+    struct cork_ipv4  addr;
+
+    ipmap_init(&map1, 0);
+    cork_ipv4_init(&addr, "192.168.1.0");
+    ipmap_ipv4_set(&map1, &addr, 1);
+    ipmap_ipv4_set_network(&map1, &addr, 24, 1);
+
+    ipmap_init(&map2, 0);
+    cork_ipv4_init(&addr, "192.168.1.0");
+    ipmap_ipv4_set_network(&map2, &addr, 24, 1);
+
+    fail_unless(ipmap_is_equal(&map1, &map2),
+                "Expected {x} == {x}");
+
+    ipmap_done(&map1);
+    ipmap_done(&map2);
+}
+END_TEST
+
+START_TEST(test_ipv4_equality_3)
+{
+    DESCRIBE_TEST;
+    struct ip_map  map1, map2;
+    struct cork_ipv4  addr;
+
+    ipmap_init(&map1, 0);
+    cork_ipv4_init(&addr, "192.168.0.0");
+    ipmap_ipv4_set(&map1, &addr, 1);
+    ipmap_ipv4_set_network(&map1, &addr, 23, 1);
+    ipmap_ipv4_set_network(&map1, &addr, 24, 2);
+
+    ipmap_init(&map2, 0);
+    cork_ipv4_init(&addr, "192.168.0.0");
+    ipmap_ipv4_set_network(&map2, &addr, 24, 2);
+    cork_ipv4_init(&addr, "192.168.1.0");
+    ipmap_ipv4_set_network(&map2, &addr, 24, 1);
+
+    fail_unless(ipmap_is_equal(&map1, &map2),
+                "Expected {x} == {x}");
+
+    ipmap_done(&map1);
+    ipmap_done(&map2);
+}
+END_TEST
+
+START_TEST(test_ipv4_inequality_1)
+{
+    DESCRIBE_TEST;
+    struct ip_map  map1, map2;
+    struct cork_ipv4  addr;
+
+    ipmap_init(&map1, 0);
+    cork_ipv4_init(&addr, "192.168.1.100");
+    ipmap_ipv4_set(&map1, &addr, 1);
+
+    ipmap_init(&map2, 0);
+    ipmap_ipv4_set_network(&map2, &addr, 24, 1);
+
+    fail_unless(!ipmap_is_equal(&map1, &map2),
+                "Expected {x} != {x}");
+
+    ipmap_done(&map1);
+    ipmap_done(&map2);
+}
+END_TEST
+
+START_TEST(test_ipv4_inequality_2)
+{
+    DESCRIBE_TEST;
+    struct ip_map  map1, map2;
+    struct cork_ipv4  addr;
+
+    ipmap_init(&map1, 0);
+    cork_ipv4_init(&addr, "192.168.1.100");
+    ipmap_ipv4_set(&map1, &addr, 1);
+
+    ipmap_init(&map2, 0);
+    ipmap_ipv4_set(&map2, &addr, 2);
+
+    fail_unless(!ipmap_is_equal(&map1, &map2),
+                "Expected {x} != {x}");
+
+    ipmap_done(&map1);
+    ipmap_done(&map2);
+}
+END_TEST
+
+START_TEST(test_ipv4_memory_size_1)
+{
+    DESCRIBE_TEST;
+    struct ip_map  map;
+    struct cork_ipv4  addr;
+    size_t  expected, actual;
+
+    ipmap_init(&map, 0);
+    cork_ipv4_init(&addr, "192.168.1.100");
+    ipmap_ipv4_set(&map, &addr, 1);
+
+    expected = 33 * sizeof(struct ipset_node);
+    actual = ipmap_memory_size(&map);
+
+    fail_unless(expected == actual,
+                "Expected map to be %zu bytes, got %zu bytes",
+                expected, actual);
+
+    ipmap_done(&map);
+}
+END_TEST
+
+START_TEST(test_ipv4_memory_size_2)
+{
+    DESCRIBE_TEST;
+    struct ip_map  map;
+    struct cork_ipv4  addr;
+    size_t  expected, actual;
+
+    ipmap_init(&map, 0);
+    cork_ipv4_init(&addr, "192.168.1.100");
+    ipmap_ipv4_set_network(&map, &addr, 24, 1);
+
+    expected = 25 * sizeof(struct ipset_node);
+    actual = ipmap_memory_size(&map);
+
+    fail_unless(expected == actual,
+                "Expected map to be %zu bytes, got %zu bytes",
+                expected, actual);
+
+    ipmap_done(&map);
+}
+END_TEST
+
+START_TEST(test_ipv4_store_01)
+{
+    DESCRIBE_TEST;
+    struct ip_map  map;
+    struct cork_ipv4  addr;
+
+    ipmap_init(&map, 0);
+    cork_ipv4_init(&addr, "192.168.1.100");
+    ipmap_ipv4_set(&map, &addr, 1);
+    cork_ipv4_init(&addr, "192.168.1.101");
+    ipmap_ipv4_set(&map, &addr, 2);
+    cork_ipv4_init(&addr, "192.168.2.100");
+    ipmap_ipv4_set_network(&map, &addr, 24, 2);
+    test_round_trip(&map);
+    ipmap_done(&map);
+}
+END_TEST
+
+
+/*-----------------------------------------------------------------------
+ * IPv6 tests
+ */
+
+START_TEST(test_ipv6_insert_01)
+{
+    DESCRIBE_TEST;
+    struct ip_map  map;
+    struct cork_ipv6  addr;
+
+    ipmap_init(&map, 0);
+    cork_ipv6_init(&addr, "fe80::21e:c2ff:fe9f:e8e1");
+    ipmap_ipv6_set(&map, &addr, 1);
+    fail_unless(ipmap_ipv6_get(&map, &addr) == 1,
+                "Element should be present");
+    ipmap_done(&map);
+}
+END_TEST
+
+START_TEST(test_ipv6_insert_02)
+{
+    DESCRIBE_TEST;
+    struct ip_map  map;
+    struct cork_ipv6  addr;
+
+    ipmap_init(&map, 0);
+    cork_ipv6_init(&addr, "fe80::21e:c2ff:fe9f:e8e1");
+    ipmap_ipv6_set(&map, &addr, 1);
+    cork_ipv6_init(&addr, "fe80::21e:c2ff:fe9f:e8e2");
+    fail_unless(ipmap_ipv6_get(&map, &addr) == 0,
+                "Element should not be present");
+    ipmap_done(&map);
+}
+END_TEST
+
+START_TEST(test_ipv6_insert_03)
+{
+    DESCRIBE_TEST;
+    struct ip_map  map;
+    struct cork_ipv6  addr;
+
+    ipmap_init(&map, 0);
+    cork_ipv6_init(&addr, "fe80::21e:c2ff:fe9f:e8e1");
+    ipmap_ipv6_set(&map, &addr, 1);
+    cork_ipv6_init(&addr, "fe80:1::21e:c2ff:fe9f:e8e1");
+    fail_unless(ipmap_ipv6_get(&map, &addr) == 0,
+                "Element should not be present");
+    ipmap_done(&map);
+}
+END_TEST
+
+START_TEST(test_ipv6_insert_network_01)
+{
+    DESCRIBE_TEST;
+    struct ip_map  map;
+    struct cork_ipv6  addr;
+
+    ipmap_init(&map, 0);
+    cork_ipv6_init(&addr, "fe80::21e:c2ff:fe9f:e8e1");
+    ipmap_ipv6_set_network(&map, &addr, 32, 1);
+    fail_unless(ipmap_ipv6_get(&map, &addr) == 1,
+                "Element should be present");
+    ipmap_done(&map);
+}
+END_TEST
+
+START_TEST(test_ipv6_insert_network_02)
+{
+    DESCRIBE_TEST;
+    struct ip_map  map;
+    struct cork_ipv6  addr;
+
+    ipmap_init(&map, 0);
+    cork_ipv6_init(&addr, "fe80::21e:c2ff:fe9f:e8e1");
+    ipmap_ipv6_set_network(&map, &addr, 32, 1);
+    cork_ipv6_init(&addr, "fe80::21e:c2ff:fe9f:e8e2");
+    fail_unless(ipmap_ipv6_get(&map, &addr) == 1,
+                "Element should be present");
+    ipmap_done(&map);
+}
+END_TEST
+
+START_TEST(test_ipv6_insert_network_03)
+{
+    DESCRIBE_TEST;
+    struct ip_map  map;
+    struct cork_ipv6  addr;
+
+    ipmap_init(&map, 0);
+    cork_ipv6_init(&addr, "fe80::21e:c2ff:fe9f:e8e1");
+    ipmap_ipv6_set_network(&map, &addr, 32, 1);
+    cork_ipv6_init(&addr, "fe80:1::21e:c2ff:fe9f:e8e1");
+    fail_unless(ipmap_ipv6_get(&map, &addr) == 0,
+                "Element should not be present");
+    ipmap_done(&map);
+}
+END_TEST
+
+START_TEST(test_ipv6_bad_cidr_prefix_01)
+{
+    DESCRIBE_TEST;
+    struct ip_map  map;
+    struct cork_ipv6  addr;
+
+    ipmap_init(&map, 0);
+    cork_ipv6_init(&addr, "fe80::21e:c2ff:fe9f:e8e1");
+    ipmap_ipv6_set_network(&map, &addr, 129, 1);
+    fail_unless(ipmap_is_empty(&map),
+                "Bad CIDR prefix shouldn't change map");
+    cork_error_clear();
+    ipmap_done(&map);
+}
+END_TEST
+
+START_TEST(test_ipv6_equality_1)
+{
+    DESCRIBE_TEST;
+    struct ip_map  map1, map2;
+    struct cork_ipv6  addr;
+
+    ipmap_init(&map1, 0);
+    cork_ipv6_init(&addr, "fe80::21e:c2ff:fe9f:e8e1");
+    ipmap_ipv6_set(&map1, &addr, 1);
+
+    ipmap_init(&map2, 0);
+    ipmap_ipv6_set(&map2, &addr, 1);
+
+    fail_unless(ipmap_is_equal(&map1, &map2),
+                "Expected {x} == {x}");
+
+    ipmap_done(&map1);
+    ipmap_done(&map2);
+}
+END_TEST
+
+START_TEST(test_ipv6_equality_2)
+{
+    DESCRIBE_TEST;
+    struct ip_map  map1, map2;
+    struct cork_ipv6  addr;
+
+    ipmap_init(&map1, 0);
+    cork_ipv6_init(&addr, "fe80::");
+    ipmap_ipv6_set(&map1, &addr, 1);
+    ipmap_ipv6_set_network(&map1, &addr, 64, 1);
+
+    ipmap_init(&map2, 0);
+    cork_ipv6_init(&addr, "fe80::");
+    ipmap_ipv6_set_network(&map2, &addr, 64, 1);
+
+    fail_unless(ipmap_is_equal(&map1, &map2),
+                "Expected {x} == {x}");
+
+    ipmap_done(&map1);
+    ipmap_done(&map2);
+}
+END_TEST
+
+START_TEST(test_ipv6_equality_3)
+{
+    DESCRIBE_TEST;
+    struct ip_map  map1, map2;
+    struct cork_ipv6  addr;
+
+    ipmap_init(&map1, 0);
+    cork_ipv6_init(&addr, "fe80::");
+    ipmap_ipv6_set(&map1, &addr, 1);
+    ipmap_ipv6_set_network(&map1, &addr, 111, 1);
+    ipmap_ipv6_set_network(&map1, &addr, 112, 2);
+
+    ipmap_init(&map2, 0);
+    cork_ipv6_init(&addr, "fe80::");
+    ipmap_ipv6_set_network(&map2, &addr, 112, 2);
+    cork_ipv6_init(&addr, "fe80::1:0");
+    ipmap_ipv6_set_network(&map2, &addr, 112, 1);
+
+    fail_unless(ipmap_is_equal(&map1, &map2),
+                "Expected {x} == {x}");
+
+    ipmap_done(&map1);
+    ipmap_done(&map2);
+}
+END_TEST
+
+START_TEST(test_ipv6_inequality_1)
+{
+    DESCRIBE_TEST;
+    struct ip_map  map1, map2;
+    struct cork_ipv6  addr;
+
+    ipmap_init(&map1, 0);
+    cork_ipv6_init(&addr, "fe80::21e:c2ff:fe9f:e8e1");
+    ipmap_ipv6_set(&map1, &addr, 1);
+
+    ipmap_init(&map2, 0);
+    ipmap_ipv6_set_network(&map2, &addr, 32, 1);
+
+    fail_unless(!ipmap_is_equal(&map1, &map2),
+                "Expected {x} != {x}");
+
+    ipmap_done(&map1);
+    ipmap_done(&map2);
+}
+END_TEST
+
+START_TEST(test_ipv6_inequality_2)
+{
+    DESCRIBE_TEST;
+    struct ip_map  map1, map2;
+    struct cork_ipv6  addr;
+
+    ipmap_init(&map1, 0);
+    cork_ipv6_init(&addr, "fe80::21e:c2ff:fe9f:e8e1");
+    ipmap_ipv6_set(&map1, &addr, 1);
+
+    ipmap_init(&map2, 0);
+    ipmap_ipv6_set(&map2, &addr, 2);
+
+    fail_unless(!ipmap_is_equal(&map1, &map2),
+                "Expected {x} != {x}");
+
+    ipmap_done(&map1);
+    ipmap_done(&map2);
+}
+END_TEST
+
+START_TEST(test_ipv6_memory_size_1)
+{
+    DESCRIBE_TEST;
+    struct ip_map  map;
+    struct cork_ipv6  addr;
+    size_t  expected, actual;
+
+    ipmap_init(&map, 0);
+    cork_ipv6_init(&addr, "fe80::21e:c2ff:fe9f:e8e1");
+    ipmap_ipv6_set(&map, &addr, 1);
+
+    expected = 129 * sizeof(struct ipset_node);
+    actual = ipmap_memory_size(&map);
+
+    fail_unless(expected == actual,
+                "Expected map to be %zu bytes, got %zu bytes",
+                expected, actual);
+
+    ipmap_done(&map);
+}
+END_TEST
+
+START_TEST(test_ipv6_memory_size_2)
+{
+    DESCRIBE_TEST;
+    struct ip_map  map;
+    struct cork_ipv6  addr;
+    size_t  expected, actual;
+
+    ipmap_init(&map, 0);
+    cork_ipv6_init(&addr, "fe80::21e:c2ff:fe9f:e8e1");
+    ipmap_ipv6_set_network(&map, &addr, 32, 1);
+
+    expected = 33 * sizeof(struct ipset_node);
+    actual = ipmap_memory_size(&map);
+
+    fail_unless(expected == actual,
+                "Expected map to be %zu bytes, got %zu bytes",
+                expected, actual);
+
+    ipmap_done(&map);
+}
+END_TEST
+
+START_TEST(test_ipv6_store_01)
+{
+    DESCRIBE_TEST;
+    struct ip_map  map;
+    struct cork_ipv6  addr;
+
+    ipmap_init(&map, 0);
+    cork_ipv6_init(&addr, "fe80::21e:c2ff:fe9f:e8e1");
+    ipmap_ipv6_set(&map, &addr, 1);
+    cork_ipv6_init(&addr, "fe80::21e:c2ff:fe9f:e8e2");
+    ipmap_ipv6_set(&map, &addr, 2);
+    cork_ipv6_init(&addr, "fe80:1::21e:c2ff:fe9f:e8e1");
+    ipmap_ipv6_set_network(&map, &addr, 32, 2);
+    test_round_trip(&map);
+    ipmap_done(&map);
+}
+END_TEST
+
+
+/*-----------------------------------------------------------------------
+ * Testing harness
+ */
+
+Suite *
+ipmap_suite()
+{
+    Suite  *s = suite_create("ipmap");
+
+    TCase  *tc_general = tcase_create("general");
+    tcase_add_test(tc_general, test_map_starts_empty);
+    tcase_add_test(tc_general, test_empty_maps_equal);
+    tcase_add_test(tc_general, test_different_defaults_unequal);
+    tcase_add_test(tc_general, test_store_empty_01);
+    tcase_add_test(tc_general, test_store_empty_02);
+    suite_add_tcase(s, tc_general);
+
+    TCase  *tc_ipv4 = tcase_create("ipv4");
+    tcase_add_test(tc_ipv4, test_ipv4_insert_01);
+    tcase_add_test(tc_ipv4, test_ipv4_insert_02);
+    tcase_add_test(tc_ipv4, test_ipv4_insert_03);
+    tcase_add_test(tc_ipv4, test_ipv4_insert_network_01);
+    tcase_add_test(tc_ipv4, test_ipv4_insert_network_02);
+    tcase_add_test(tc_ipv4, test_ipv4_insert_network_03);
+    tcase_add_test(tc_ipv4, test_ipv4_overwrite_01);
+    tcase_add_test(tc_ipv4, test_ipv4_overwrite_02);
+    tcase_add_test(tc_ipv4, test_ipv4_bad_cidr_prefix_01);
+    tcase_add_test(tc_ipv4, test_ipv4_equality_1);
+    tcase_add_test(tc_ipv4, test_ipv4_equality_2);
+    tcase_add_test(tc_ipv4, test_ipv4_equality_3);
+    tcase_add_test(tc_ipv4, test_ipv4_inequality_1);
+    tcase_add_test(tc_ipv4, test_ipv4_inequality_2);
+    tcase_add_test(tc_ipv4, test_ipv4_memory_size_1);
+    tcase_add_test(tc_ipv4, test_ipv4_memory_size_2);
+    tcase_add_test(tc_ipv4, test_ipv4_store_01);
+    suite_add_tcase(s, tc_ipv4);
+
+    TCase  *tc_ipv6 = tcase_create("ipv6");
+    tcase_add_test(tc_ipv6, test_ipv6_insert_01);
+    tcase_add_test(tc_ipv6, test_ipv6_insert_02);
+    tcase_add_test(tc_ipv6, test_ipv6_insert_03);
+    tcase_add_test(tc_ipv6, test_ipv6_insert_network_01);
+    tcase_add_test(tc_ipv6, test_ipv6_insert_network_02);
+    tcase_add_test(tc_ipv6, test_ipv6_insert_network_03);
+    tcase_add_test(tc_ipv6, test_ipv6_bad_cidr_prefix_01);
+    tcase_add_test(tc_ipv6, test_ipv6_equality_1);
+    tcase_add_test(tc_ipv6, test_ipv6_equality_2);
+    tcase_add_test(tc_ipv6, test_ipv6_equality_3);
+    tcase_add_test(tc_ipv6, test_ipv6_inequality_1);
+    tcase_add_test(tc_ipv6, test_ipv6_inequality_2);
+    tcase_add_test(tc_ipv6, test_ipv6_memory_size_1);
+    tcase_add_test(tc_ipv6, test_ipv6_memory_size_2);
+    tcase_add_test(tc_ipv6, test_ipv6_store_01);
+    suite_add_tcase(s, tc_ipv6);
+
+    return s;
+}
+
+
+int
+main(int argc, const char **argv)
+{
+    int  number_failed;
+    Suite  *suite = ipmap_suite();
+    SRunner  *runner = srunner_create(suite);
+
+    ipset_init_library();
+
+    srunner_run_all(runner, CK_NORMAL);
+    number_failed = srunner_ntests_failed(runner);
+    srunner_free(runner);
+
+    return (number_failed == 0)? EXIT_SUCCESS: EXIT_FAILURE;
+}
diff --git a/client/3rd/ShadowSocks/ShadowSocks/shadowsocks-libev/libipset/tests/test-ipset.c b/client/3rd/ShadowSocks/ShadowSocks/shadowsocks-libev/libipset/tests/test-ipset.c
new file mode 100644
index 00000000..0737e2e1
--- /dev/null
+++ b/client/3rd/ShadowSocks/ShadowSocks/shadowsocks-libev/libipset/tests/test-ipset.c
@@ -0,0 +1,847 @@
+/* -*- coding: utf-8 -*-
+ * ----------------------------------------------------------------------
+ * Copyright © 2009-2012, RedJack, LLC.
+ * All rights reserved.
+ *
+ * Please see the LICENSE.txt file in this distribution for license
+ * details.
+ * ----------------------------------------------------------------------
+ */
+
+#include <stdlib.h>
+#include <unistd.h>
+
+#include <check.h>
+#include <libcork/core.h>
+
+#include "ipset/ipset.h"
+
+
+#define DESCRIBE_TEST  fprintf(stderr, "---\n%s\n", __func__)
+
+
+/*-----------------------------------------------------------------------
+ * Temporary file helper
+ */
+
+#define TEMP_FILE_TEMPLATE "/tmp/bdd-XXXXXX"
+
+struct temp_file {
+    char  *filename;
+    FILE  *stream;
+};
+
+static struct temp_file *
+temp_file_new(void)
+{
+    struct temp_file  *temp_file = cork_new(struct temp_file);
+    temp_file->filename = (char *) cork_strdup(TEMP_FILE_TEMPLATE);
+    temp_file->stream = NULL;
+    return temp_file;
+}
+
+static void
+temp_file_free(struct temp_file *temp_file)
+{
+    if (temp_file->stream != NULL) {
+        fclose(temp_file->stream);
+    }
+
+    unlink(temp_file->filename);
+    cork_strfree(temp_file->filename);
+    free(temp_file);
+}
+
+static void
+temp_file_open_stream(struct temp_file *temp_file)
+{
+    int  fd = mkstemp(temp_file->filename);
+    temp_file->stream = fdopen(fd, "rb+");
+}
+
+
+/*-----------------------------------------------------------------------
+ * Helper functions
+ */
+
+static void
+test_round_trip(struct ip_set *set)
+{
+    struct ip_set  *read_set;
+
+    struct temp_file  *temp_file = temp_file_new();
+    temp_file_open_stream(temp_file);
+
+    fail_unless(ipset_save(temp_file->stream, set) == 0,
+                "Could not save set");
+
+    fflush(temp_file->stream);
+    fseek(temp_file->stream, 0, SEEK_SET);
+
+    read_set = ipset_load(temp_file->stream);
+    fail_if(read_set == NULL,
+            "Could not read set");
+
+    fail_unless(ipset_is_equal(set, read_set),
+                "Set not same after saving/loading");
+
+    temp_file_free(temp_file);
+    ipset_free(read_set);
+}
+
+
+/*-----------------------------------------------------------------------
+ * General tests
+ */
+
+START_TEST(test_set_starts_empty)
+{
+    DESCRIBE_TEST;
+    struct ip_set  set;
+
+    ipset_init(&set);
+    fail_unless(ipset_is_empty(&set),
+                "Set should start empty");
+    ipset_done(&set);
+}
+END_TEST
+
+START_TEST(test_empty_sets_equal)
+{
+    DESCRIBE_TEST;
+    struct ip_set  set1, set2;
+
+    ipset_init(&set1);
+    ipset_init(&set2);
+    fail_unless(ipset_is_equal(&set1, &set2),
+                "Empty sets should be equal");
+    ipset_done(&set1);
+    ipset_done(&set2);
+}
+END_TEST
+
+START_TEST(test_store_empty)
+{
+    DESCRIBE_TEST;
+    struct ip_set  set;
+
+    ipset_init(&set);
+    test_round_trip(&set);
+    ipset_done(&set);
+}
+END_TEST
+
+
+/*-----------------------------------------------------------------------
+ * IPv4 tests
+ */
+
+START_TEST(test_ipv4_insert_01)
+{
+    DESCRIBE_TEST;
+    struct ip_set  set;
+    struct cork_ipv4  addr;
+
+    ipset_init(&set);
+    cork_ipv4_init(&addr, "192.168.1.100");
+    fail_if(ipset_ipv4_add(&set, &addr),
+            "Element should not be present");
+    fail_unless(ipset_ipv4_add(&set, &addr),
+                "Element should be present");
+    ipset_done(&set);
+}
+END_TEST
+
+START_TEST(test_ipv4_remove_01)
+{
+    DESCRIBE_TEST;
+    struct ip_set  set;
+    struct cork_ipv4  addr;
+
+    ipset_init(&set);
+    cork_ipv4_init(&addr, "192.168.1.100");
+    fail_if(ipset_ipv4_add(&set, &addr),
+            "Element should not be present");
+    fail_if(ipset_ipv4_remove(&set, &addr),
+            "Element should be present");
+    fail_unless(ipset_ipv4_remove(&set, &addr),
+                "Element should not be present");
+    ipset_done(&set);
+}
+END_TEST
+
+START_TEST(test_ipv4_insert_network_01)
+{
+    DESCRIBE_TEST;
+    struct ip_set  set;
+    struct cork_ipv4  addr;
+
+    ipset_init(&set);
+    cork_ipv4_init(&addr, "192.168.1.100");
+    fail_if(ipset_ipv4_add_network(&set, &addr, 24),
+            "Element should not be present");
+    fail_unless(ipset_ipv4_add_network(&set, &addr, 24),
+                "Element should be present");
+    ipset_done(&set);
+}
+END_TEST
+
+START_TEST(test_ipv4_remove_network_01)
+{
+    DESCRIBE_TEST;
+    struct ip_set  set;
+    struct cork_ipv4  addr;
+
+    ipset_init(&set);
+    cork_ipv4_init(&addr, "192.168.1.100");
+    fail_if(ipset_ipv4_add_network(&set, &addr, 24),
+            "Element should not be present");
+    fail_if(ipset_ipv4_remove_network(&set, &addr, 24),
+            "Element should be present");
+    fail_unless(ipset_ipv4_remove_network(&set, &addr, 24),
+                "Element should not be present");
+    ipset_done(&set);
+}
+END_TEST
+
+START_TEST(test_ipv4_bad_cidr_prefix_01)
+{
+    DESCRIBE_TEST;
+    struct ip_set  set;
+    struct cork_ipv4  addr;
+
+    ipset_init(&set);
+    cork_ipv4_init(&addr, "192.168.1.100");
+    ipset_ipv4_add_network(&set, &addr, 33);
+    fail_unless(ipset_is_empty(&set),
+                "Bad CIDR prefix shouldn't change set");
+    cork_error_clear();
+    ipset_done(&set);
+}
+END_TEST
+
+START_TEST(test_ipv4_contains_01)
+{
+    DESCRIBE_TEST;
+    struct ip_set  set;
+    struct cork_ipv4  addr;
+
+    ipset_init(&set);
+    cork_ipv4_init(&addr, "192.168.1.100");
+    fail_if(ipset_ipv4_add(&set, &addr),
+            "Element should not be present");
+    fail_unless(ipset_contains_ipv4(&set, &addr),
+                "Element should be present");
+    ipset_done(&set);
+}
+END_TEST
+
+START_TEST(test_ipv4_contains_02)
+{
+    DESCRIBE_TEST;
+    struct ip_set  set;
+    struct cork_ipv4  addr;
+    struct cork_ip  ip;
+
+    ipset_init(&set);
+    cork_ipv4_init(&addr, "192.168.1.100");
+    cork_ip_from_ipv4(&ip, &addr);
+    fail_if(ipset_ipv4_add(&set, &addr),
+            "Element should not be present");
+    fail_unless(ipset_contains_ip(&set, &ip),
+                "Element should be present");
+    ipset_done(&set);
+}
+END_TEST
+
+START_TEST(test_ipv4_network_contains_01)
+{
+    DESCRIBE_TEST;
+    struct ip_set  set;
+    struct cork_ipv4  addr;
+
+    ipset_init(&set);
+    cork_ipv4_init(&addr, "192.168.1.100");
+    fail_if(ipset_ipv4_add_network(&set, &addr, 24),
+            "Element should not be present");
+    fail_unless(ipset_contains_ipv4(&set, &addr),
+                "Element should be present");
+    ipset_done(&set);
+}
+END_TEST
+
+START_TEST(test_ipv4_equality_1)
+{
+    DESCRIBE_TEST;
+    struct ip_set  set1, set2;
+    struct cork_ipv4  addr;
+
+    ipset_init(&set1);
+    cork_ipv4_init(&addr, "192.168.1.100");
+    ipset_ipv4_add(&set1, &addr);
+
+    ipset_init(&set2);
+    ipset_ipv4_add(&set2, &addr);
+
+    fail_unless(ipset_is_equal(&set1, &set2),
+                "Expected {x} == {x}");
+
+    ipset_done(&set1);
+    ipset_done(&set2);
+}
+END_TEST
+
+START_TEST(test_ipv4_equality_2)
+{
+    DESCRIBE_TEST;
+    struct ip_set  set1, set2;
+    struct cork_ipv4  addr;
+
+    ipset_init(&set1);
+    cork_ipv4_init(&addr, "192.168.1.0");
+    ipset_ipv4_add(&set1, &addr);
+    ipset_ipv4_add_network(&set1, &addr, 24);
+
+    ipset_init(&set2);
+    ipset_ipv4_add_network(&set2, &addr, 24);
+
+    fail_unless(ipset_is_equal(&set1, &set2),
+                "Expected {x} == {x}");
+
+    ipset_done(&set1);
+    ipset_done(&set2);
+}
+END_TEST
+
+START_TEST(test_ipv4_equality_3)
+{
+    DESCRIBE_TEST;
+    struct ip_set  set1, set2;
+    struct cork_ipv4  addr;
+
+    ipset_init(&set1);
+    cork_ipv4_init(&addr, "192.168.1.0");
+    ipset_ipv4_add(&set1, &addr);
+    ipset_ipv4_add_network(&set1, &addr, 24);
+    cork_ipv4_init(&addr, "192.168.2.0");
+    ipset_ipv4_add(&set1, &addr);
+
+    ipset_init(&set2);
+    cork_ipv4_init(&addr, "192.168.1.0");
+    ipset_ipv4_add_network(&set2, &addr, 24);
+    cork_ipv4_init(&addr, "192.168.2.0");
+    ipset_ipv4_add(&set2, &addr);
+
+    fail_unless(ipset_is_equal(&set1, &set2),
+                "Expected {x} == {x}");
+
+    ipset_done(&set1);
+    ipset_done(&set2);
+}
+END_TEST
+
+START_TEST(test_ipv4_inequality_1)
+{
+    DESCRIBE_TEST;
+    struct ip_set  set1, set2;
+    struct cork_ipv4  addr;
+
+    ipset_init(&set1);
+    cork_ipv4_init(&addr, "192.168.1.100");
+    ipset_ipv4_add(&set1, &addr);
+
+    ipset_init(&set2);
+    ipset_ipv4_add_network(&set2, &addr, 24);
+
+    fail_unless(!ipset_is_equal(&set1, &set2),
+                "Expected {x} != {x}");
+
+    ipset_done(&set1);
+    ipset_done(&set2);
+}
+END_TEST
+
+START_TEST(test_ipv4_memory_size_1)
+{
+    DESCRIBE_TEST;
+    struct ip_set  set;
+    struct cork_ipv4  addr;
+    size_t  expected, actual;
+
+    ipset_init(&set);
+    cork_ipv4_init(&addr, "192.168.1.100");
+    ipset_ipv4_add(&set, &addr);
+
+    expected = 33 * sizeof(struct ipset_node);
+    actual = ipset_memory_size(&set);
+
+    fail_unless(expected == actual,
+                "Expected set to be %zu bytes, got %zu bytes",
+                expected, actual);
+
+    ipset_done(&set);
+}
+END_TEST
+
+START_TEST(test_ipv4_memory_size_2)
+{
+    DESCRIBE_TEST;
+    struct ip_set  set;
+    struct cork_ipv4  addr;
+    size_t  expected, actual;
+
+    ipset_init(&set);
+    cork_ipv4_init(&addr, "192.168.1.100");
+    ipset_ipv4_add_network(&set, &addr, 24);
+
+    expected = 25 * sizeof(struct ipset_node);
+    actual = ipset_memory_size(&set);
+
+    fail_unless(expected == actual,
+                "Expected set to be %zu bytes, got %zu bytes",
+                expected, actual);
+
+    ipset_done(&set);
+}
+END_TEST
+
+START_TEST(test_ipv4_store_01)
+{
+    DESCRIBE_TEST;
+    struct ip_set  set;
+    struct cork_ipv4  addr;
+
+    ipset_init(&set);
+    cork_ipv4_init(&addr, "192.168.1.100");
+    ipset_ipv4_add(&set, &addr);
+    test_round_trip(&set);
+    ipset_done(&set);
+}
+END_TEST
+
+START_TEST(test_ipv4_store_02)
+{
+    DESCRIBE_TEST;
+    struct ip_set  set;
+    struct cork_ipv4  addr;
+
+    ipset_init(&set);
+    cork_ipv4_init(&addr, "192.168.1.100");
+    ipset_ipv4_add_network(&set, &addr, 24);
+    test_round_trip(&set);
+    ipset_done(&set);
+}
+END_TEST
+
+START_TEST(test_ipv4_store_03)
+{
+    DESCRIBE_TEST;
+    struct ip_set  set;
+    struct cork_ipv4  addr;
+
+    ipset_init(&set);
+    cork_ipv4_init(&addr, "192.168.1.100");
+    ipset_ipv4_add(&set, &addr);
+    cork_ipv4_init(&addr, "192.168.1.101");
+    ipset_ipv4_add(&set, &addr);
+    cork_ipv4_init(&addr, "192.168.2.100");
+    ipset_ipv4_add_network(&set, &addr, 24);
+    test_round_trip(&set);
+    ipset_done(&set);
+}
+END_TEST
+
+
+/*-----------------------------------------------------------------------
+ * IPv6 tests
+ */
+
+START_TEST(test_ipv6_insert_01)
+{
+    DESCRIBE_TEST;
+    struct ip_set  set;
+    struct cork_ipv6  addr;
+
+    ipset_init(&set);
+    cork_ipv6_init(&addr, "fe80::21e:c2ff:fe9f:e8e1");
+    fail_if(ipset_ipv6_add(&set, &addr),
+            "Element should not be present");
+    fail_unless(ipset_ipv6_add(&set, &addr),
+                "Element should be present");
+    ipset_done(&set);
+}
+END_TEST
+
+START_TEST(test_ipv6_remove_01)
+{
+    DESCRIBE_TEST;
+    struct ip_set  set;
+    struct cork_ipv6  addr;
+
+    ipset_init(&set);
+    cork_ipv6_init(&addr, "fe80::21e:c2ff:fe9f:e8e1");
+    fail_if(ipset_ipv6_add(&set, &addr),
+            "Element should not be present");
+    fail_if(ipset_ipv6_remove(&set, &addr),
+            "Element should be present");
+    fail_unless(ipset_ipv6_remove(&set, &addr),
+                "Element should not be present");
+    ipset_done(&set);
+}
+END_TEST
+
+START_TEST(test_ipv6_insert_network_01)
+{
+    DESCRIBE_TEST;
+    struct ip_set  set;
+    struct cork_ipv6  addr;
+
+    ipset_init(&set);
+    cork_ipv6_init(&addr, "fe80::21e:c2ff:fe9f:e8e1");
+    fail_if(ipset_ipv6_add_network(&set, &addr, 32),
+            "Element should not be present");
+    fail_unless(ipset_ipv6_add_network(&set, &addr, 32),
+                "Element should be present");
+    ipset_done(&set);
+}
+END_TEST
+
+START_TEST(test_ipv6_remove_network_01)
+{
+    DESCRIBE_TEST;
+    struct ip_set  set;
+    struct cork_ipv6  addr;
+
+    ipset_init(&set);
+    cork_ipv6_init(&addr, "fe80::21e:c2ff:fe9f:e8e1");
+    fail_if(ipset_ipv6_add_network(&set, &addr, 32),
+            "ELement should not be present");
+    fail_if(ipset_ipv6_remove_network(&set, &addr, 32),
+            "Element should be present");
+    fail_unless(ipset_ipv6_remove_network(&set, &addr, 32),
+                "Element should not be present");
+    ipset_done(&set);
+}
+END_TEST
+
+START_TEST(test_ipv6_bad_cidr_prefix_01)
+{
+    DESCRIBE_TEST;
+    struct ip_set  set;
+    struct cork_ipv6  addr;
+
+    ipset_init(&set);
+    cork_ipv6_init(&addr, "fe80::21e:c2ff:fe9f:e8e1");
+    ipset_ipv6_add_network(&set, &addr, 129);
+    fail_unless(ipset_is_empty(&set),
+                "Bad CIDR prefix shouldn't change set");
+    cork_error_clear();
+    ipset_done(&set);
+}
+END_TEST
+
+START_TEST(test_ipv6_contains_01)
+{
+    DESCRIBE_TEST;
+    struct ip_set  set;
+    struct cork_ipv6  addr;
+
+    ipset_init(&set);
+    cork_ipv6_init(&addr, "fe80::21e:c2ff:fe9f:e8e1");
+    fail_if(ipset_ipv6_add(&set, &addr),
+            "Element should not be present");
+    fail_unless(ipset_contains_ipv6(&set, &addr),
+                "Element should be present");
+    ipset_done(&set);
+}
+END_TEST
+
+START_TEST(test_ipv6_contains_02)
+{
+    DESCRIBE_TEST;
+    struct ip_set  set;
+    struct cork_ipv6  addr;
+    struct cork_ip  ip;
+
+    ipset_init(&set);
+    cork_ipv6_init(&addr, "fe80::21e:c2ff:fe9f:e8e1");
+    cork_ip_from_ipv6(&ip, &addr);
+    fail_if(ipset_ipv6_add(&set, &addr),
+            "Element should not be present");
+    fail_unless(ipset_contains_ip(&set, &ip),
+                "Element should be present");
+    ipset_done(&set);
+}
+END_TEST
+
+START_TEST(test_ipv6_network_contains_01)
+{
+    DESCRIBE_TEST;
+    struct ip_set  set;
+    struct cork_ipv6  addr;
+
+    ipset_init(&set);
+    cork_ipv6_init(&addr, "fe80::21e:c2ff:fe9f:e8e1");
+    fail_if(ipset_ipv6_add_network(&set, &addr, 32),
+            "Element should not be present");
+    fail_unless(ipset_contains_ipv6(&set, &addr),
+                "Element should be present");
+    ipset_done(&set);
+}
+END_TEST
+
+START_TEST(test_ipv6_equality_1)
+{
+    DESCRIBE_TEST;
+    struct ip_set  set1, set2;
+    struct cork_ipv6  addr;
+
+    ipset_init(&set1);
+    cork_ipv6_init(&addr, "fe80::21e:c2ff:fe9f:e8e1");
+    ipset_ipv6_add(&set1, &addr);
+
+    ipset_init(&set2);
+    ipset_ipv6_add(&set2, &addr);
+
+    fail_unless(ipset_is_equal(&set1, &set2),
+                "Expected {x} == {x}");
+
+    ipset_done(&set1);
+    ipset_done(&set2);
+}
+END_TEST
+
+START_TEST(test_ipv6_equality_2)
+{
+    DESCRIBE_TEST;
+    struct ip_set  set1, set2;
+    struct cork_ipv6  addr;
+
+    ipset_init(&set1);
+    cork_ipv6_init(&addr, "fe80::");
+    ipset_ipv6_add(&set1, &addr);
+    ipset_ipv6_add_network(&set1, &addr, 64);
+
+    ipset_init(&set2);
+    ipset_ipv6_add_network(&set2, &addr, 64);
+
+    fail_unless(ipset_is_equal(&set1, &set2),
+                "Expected {x} == {x}");
+
+    ipset_done(&set1);
+    ipset_done(&set2);
+}
+END_TEST
+
+START_TEST(test_ipv6_equality_3)
+{
+    DESCRIBE_TEST;
+    struct ip_set  set1, set2;
+    struct cork_ipv6  addr;
+
+    ipset_init(&set1);
+    cork_ipv6_init(&addr, "fe80::");
+    ipset_ipv6_add(&set1, &addr);
+    ipset_ipv6_add_network(&set1, &addr, 64);
+    cork_ipv6_init(&addr, "fe80:1::");
+    ipset_ipv6_add(&set1, &addr);
+
+    ipset_init(&set2);
+    cork_ipv6_init(&addr, "fe80::");
+    ipset_ipv6_add_network(&set2, &addr, 64);
+    cork_ipv6_init(&addr, "fe80:1::");
+    ipset_ipv6_add(&set2, &addr);
+
+    fail_unless(ipset_is_equal(&set1, &set2),
+                "Expected {x} == {x}");
+
+    ipset_done(&set1);
+    ipset_done(&set2);
+}
+END_TEST
+
+START_TEST(test_ipv6_inequality_1)
+{
+    DESCRIBE_TEST;
+    struct ip_set  set1, set2;
+    struct cork_ipv6  addr;
+
+    ipset_init(&set1);
+    cork_ipv6_init(&addr, "fe80::21e:c2ff:fe9f:e8e1");
+    ipset_ipv6_add(&set1, &addr);
+
+    ipset_init(&set2);
+    ipset_ipv6_add_network(&set2, &addr, 32);
+
+    fail_unless(!ipset_is_equal(&set1, &set2),
+                "Expected {x} != {x}");
+
+    ipset_done(&set1);
+    ipset_done(&set2);
+}
+END_TEST
+
+START_TEST(test_ipv6_memory_size_1)
+{
+    DESCRIBE_TEST;
+    struct ip_set  set;
+    struct cork_ipv6  addr;
+    size_t  expected, actual;
+
+    ipset_init(&set);
+    cork_ipv6_init(&addr, "fe80::21e:c2ff:fe9f:e8e1");
+    ipset_ipv6_add(&set, &addr);
+
+    expected = 129 * sizeof(struct ipset_node);
+    actual = ipset_memory_size(&set);
+
+    fail_unless(expected == actual,
+                "Expected set to be %zu bytes, got %zu bytes",
+                expected, actual);
+
+    ipset_done(&set);
+}
+END_TEST
+
+START_TEST(test_ipv6_memory_size_2)
+{
+    DESCRIBE_TEST;
+    struct ip_set  set;
+    struct cork_ipv6  addr;
+    size_t  expected, actual;
+
+    ipset_init(&set);
+    cork_ipv6_init(&addr, "fe80::21e:c2ff:fe9f:e8e1");
+    ipset_ipv6_add_network(&set, &addr, 24);
+
+    expected = 25 * sizeof(struct ipset_node);
+    actual = ipset_memory_size(&set);
+
+    fail_unless(expected == actual,
+                "Expected set to be %zu bytes, got %zu bytes",
+                expected, actual);
+
+    ipset_done(&set);
+}
+END_TEST
+
+START_TEST(test_ipv6_store_01)
+{
+    DESCRIBE_TEST;
+    struct ip_set  set;
+    struct cork_ipv6  addr;
+
+    ipset_init(&set);
+    cork_ipv6_init(&addr, "fe80::21e:c2ff:fe9f:e8e1");
+    ipset_ipv6_add(&set, &addr);
+    test_round_trip(&set);
+    ipset_done(&set);
+}
+END_TEST
+
+START_TEST(test_ipv6_store_02)
+{
+    DESCRIBE_TEST;
+    struct ip_set  set;
+    struct cork_ipv6  addr;
+
+    ipset_init(&set);
+    cork_ipv6_init(&addr, "fe80::21e:c2ff:fe9f:e8e1");
+    ipset_ipv6_add_network(&set, &addr, 24);
+    test_round_trip(&set);
+    ipset_done(&set);
+}
+END_TEST
+
+START_TEST(test_ipv6_store_03)
+{
+    DESCRIBE_TEST;
+    struct ip_set  set;
+    struct cork_ipv6  addr;
+
+    ipset_init(&set);
+    cork_ipv6_init(&addr, "fe80::21e:c2ff:fe9f:e8e1");
+    ipset_ipv6_add(&set, &addr);
+    cork_ipv6_init(&addr, "fe80::21e:c2ff:fe9f:e8e2");
+    ipset_ipv6_add(&set, &addr);
+    cork_ipv6_init(&addr, "fe80:1::21e:c2ff:fe9f:e8e1");
+    ipset_ipv6_add_network(&set, &addr, 24);
+    test_round_trip(&set);
+    ipset_done(&set);
+}
+END_TEST
+
+
+/*-----------------------------------------------------------------------
+ * Testing harness
+ */
+
+Suite *
+ipset_suite()
+{
+    Suite  *s = suite_create("ipset");
+    TCase  *tc_general = tcase_create("general");
+    tcase_add_test(tc_general, test_set_starts_empty);
+    tcase_add_test(tc_general, test_empty_sets_equal);
+    tcase_add_test(tc_general, test_store_empty);
+    suite_add_tcase(s, tc_general);
+
+    TCase  *tc_ipv4 = tcase_create("ipv4");
+    tcase_add_test(tc_ipv4, test_ipv4_insert_01);
+    tcase_add_test(tc_ipv4, test_ipv4_remove_01);
+    tcase_add_test(tc_ipv4, test_ipv4_insert_network_01);
+    tcase_add_test(tc_ipv4, test_ipv4_remove_network_01);
+    tcase_add_test(tc_ipv4, test_ipv4_bad_cidr_prefix_01);
+    tcase_add_test(tc_ipv4, test_ipv4_contains_01);
+    tcase_add_test(tc_ipv4, test_ipv4_contains_02);
+    tcase_add_test(tc_ipv4, test_ipv4_network_contains_01);
+    tcase_add_test(tc_ipv4, test_ipv4_equality_1);
+    tcase_add_test(tc_ipv4, test_ipv4_equality_2);
+    tcase_add_test(tc_ipv4, test_ipv4_equality_3);
+    tcase_add_test(tc_ipv4, test_ipv4_inequality_1);
+    tcase_add_test(tc_ipv4, test_ipv4_memory_size_1);
+    tcase_add_test(tc_ipv4, test_ipv4_memory_size_2);
+    tcase_add_test(tc_ipv4, test_ipv4_store_01);
+    tcase_add_test(tc_ipv4, test_ipv4_store_02);
+    tcase_add_test(tc_ipv4, test_ipv4_store_03);
+    suite_add_tcase(s, tc_ipv4);
+
+    TCase  *tc_ipv6 = tcase_create("ipv6");
+    tcase_add_test(tc_ipv6, test_ipv6_insert_01);
+    tcase_add_test(tc_ipv6, test_ipv6_remove_01);
+    tcase_add_test(tc_ipv6, test_ipv6_insert_network_01);
+    tcase_add_test(tc_ipv6, test_ipv6_remove_network_01);
+    tcase_add_test(tc_ipv6, test_ipv6_bad_cidr_prefix_01);
+    tcase_add_test(tc_ipv6, test_ipv6_contains_01);
+    tcase_add_test(tc_ipv6, test_ipv6_contains_02);
+    tcase_add_test(tc_ipv6, test_ipv6_network_contains_01);
+    tcase_add_test(tc_ipv6, test_ipv6_equality_1);
+    tcase_add_test(tc_ipv6, test_ipv6_equality_2);
+    tcase_add_test(tc_ipv6, test_ipv6_equality_3);
+    tcase_add_test(tc_ipv6, test_ipv6_inequality_1);
+    tcase_add_test(tc_ipv6, test_ipv6_memory_size_1);
+    tcase_add_test(tc_ipv6, test_ipv6_memory_size_2);
+    tcase_add_test(tc_ipv6, test_ipv6_store_01);
+    tcase_add_test(tc_ipv6, test_ipv6_store_02);
+    tcase_add_test(tc_ipv6, test_ipv6_store_03);
+    suite_add_tcase(s, tc_ipv6);
+
+    return s;
+}
+
+
+int
+main(int argc, const char **argv)
+{
+    int  number_failed;
+    Suite  *suite = ipset_suite();
+    SRunner  *runner = srunner_create(suite);
+
+    ipset_init_library();
+
+    srunner_run_all(runner, CK_NORMAL);
+    number_failed = srunner_ntests_failed(runner);
+    srunner_free(runner);
+
+    return (number_failed == 0)? EXIT_SUCCESS: EXIT_FAILURE;
+}
diff --git a/client/3rd/ShadowSocks/ShadowSocks/shadowsocks-libev/libipset/tests/test-iterator.c b/client/3rd/ShadowSocks/ShadowSocks/shadowsocks-libev/libipset/tests/test-iterator.c
new file mode 100644
index 00000000..c1aea7ff
--- /dev/null
+++ b/client/3rd/ShadowSocks/ShadowSocks/shadowsocks-libev/libipset/tests/test-iterator.c
@@ -0,0 +1,464 @@
+/* -*- coding: utf-8 -*-
+ * ----------------------------------------------------------------------
+ * Copyright © 2009-2012, RedJack, LLC.
+ * All rights reserved.
+ *
+ * Please see the LICENSE.txt file in this distribution for license
+ * details.
+ * ----------------------------------------------------------------------
+ */
+
+#include <stdlib.h>
+
+#include <check.h>
+#include <libcork/core.h>
+
+#include "ipset/ipset.h"
+
+
+#define IPV4_BIT_SIZE  32
+#define IPV6_BIT_SIZE  128
+
+
+/*-----------------------------------------------------------------------
+ * Iterators
+ */
+
+START_TEST(test_iterate_empty)
+{
+    struct ip_set  set;
+    ipset_init(&set);
+    struct ipset_iterator  *it = ipset_iterate(&set, true);
+    fail_if(it == NULL,
+            "IP set iterator is NULL");
+    fail_unless(it->finished,
+                "IP set should be empty");
+    ipset_iterator_free(it);
+    ipset_done(&set);
+}
+END_TEST
+
+
+START_TEST(test_ipv4_iterate_01)
+{
+    struct ip_set  set;
+    ipset_init(&set);
+
+    struct cork_ip  ip1;
+    cork_ip_init(&ip1, "192.168.0.1");
+
+    fail_if(ipset_ip_add(&set, &ip1),
+            "Element should not be present");
+
+    struct ipset_iterator  *it = ipset_iterate(&set, true);
+    fail_if(it == NULL,
+            "IP set iterator is NULL");
+
+    fail_if(it->finished,
+            "IP set shouldn't be empty");
+    fail_unless(cork_ip_equal(&ip1, &it->addr),
+                "IP address 0 doesn't match");
+    fail_unless(it->cidr_prefix == IPV4_BIT_SIZE,
+                "IP CIDR prefix 0 doesn't match");
+
+    ipset_iterator_advance(it);
+    fail_unless(it->finished,
+                "IP set should contain 1 element");
+
+    ipset_iterator_free(it);
+
+    ipset_done(&set);
+}
+END_TEST
+
+
+START_TEST(test_ipv4_iterate_network_01)
+{
+    struct ip_set  set;
+    ipset_init(&set);
+
+    struct cork_ip  ip1;
+    cork_ip_init(&ip1, "192.168.0.0");
+
+    fail_if(ipset_ip_add_network(&set, &ip1, 31),
+            "Element should not be present");
+
+    struct ipset_iterator  *it = ipset_iterate_networks(&set, true);
+    fail_if(it == NULL,
+            "IP set iterator is NULL");
+
+    fail_if(it->finished,
+            "IP set shouldn't be empty");
+    fail_unless(cork_ip_equal(&ip1, &it->addr),
+                "IP address 0 doesn't match");
+    fail_unless(it->cidr_prefix == 31,
+                "IP CIDR prefix 0 doesn't match");
+
+    ipset_iterator_advance(it);
+    fail_unless(it->finished,
+                "IP set should contain 1 elements");
+
+    ipset_iterator_free(it);
+
+    ipset_done(&set);
+}
+END_TEST
+
+
+START_TEST(test_ipv4_iterate_network_02)
+{
+    struct ip_set  set;
+    ipset_init(&set);
+
+    struct cork_ip  ip1;
+    cork_ip_init(&ip1, "192.168.0.0");
+
+    fail_if(ipset_ip_add_network(&set, &ip1, 16),
+            "Element should not be present");
+
+    struct ipset_iterator  *it = ipset_iterate_networks(&set, true);
+    fail_if(it == NULL,
+            "IP set iterator is NULL");
+
+    fail_if(it->finished,
+            "IP set shouldn't be empty");
+    fail_unless(cork_ip_equal(&ip1, &it->addr),
+                "IP address 0 doesn't match");
+    fail_unless(it->cidr_prefix == 16,
+                "IP CIDR prefix 0 doesn't match");
+
+    ipset_iterator_advance(it);
+    fail_unless(it->finished,
+                "IP set should contain 1 elements");
+
+    ipset_iterator_free(it);
+
+    ipset_done(&set);
+}
+END_TEST
+
+
+START_TEST(test_ipv4_iterate_network_03)
+{
+    struct ip_set  set;
+    ipset_init(&set);
+
+    /*
+     * If we add all of the IP addresses in a network individually, we
+     * should still get the network as a whole from the iterator.
+     */
+
+    struct cork_ip  ip1;
+    cork_ip_init(&ip1, "192.168.0.0");
+
+    struct cork_ip  ip2;
+    cork_ip_init(&ip2, "192.168.0.1");
+
+    fail_if(ipset_ip_add(&set, &ip1),
+            "Element should not be present");
+
+    fail_if(ipset_ip_add(&set, &ip2),
+            "Element should not be present");
+
+    struct ipset_iterator  *it = ipset_iterate_networks(&set, true);
+    fail_if(it == NULL,
+            "IP set iterator is NULL");
+
+    fail_if(it->finished,
+            "IP set shouldn't be empty");
+    fail_unless(cork_ip_equal(&ip1, &it->addr),
+                "IP address 0 doesn't match");
+    fail_unless(it->cidr_prefix == 31,
+                "IP CIDR prefix 0 doesn't match");
+
+    ipset_iterator_advance(it);
+    fail_unless(it->finished,
+                "IP set should contain 1 elements");
+
+    ipset_iterator_free(it);
+
+    ipset_done(&set);
+}
+END_TEST
+
+
+START_TEST(test_ipv6_iterate_01)
+{
+    struct ip_set  set;
+    ipset_init(&set);
+
+    struct cork_ip  ip1;
+    cork_ip_init(&ip1, "fe80::1");
+
+    fail_if(ipset_ip_add(&set, &ip1),
+            "Element should not be present");
+
+    struct ipset_iterator  *it = ipset_iterate(&set, true);
+    fail_if(it == NULL,
+            "IP set iterator is NULL");
+
+    fail_if(it->finished,
+            "IP set shouldn't be empty");
+    fail_unless(cork_ip_equal(&ip1, &it->addr),
+                "IP address 0 doesn't match");
+    fail_unless(it->cidr_prefix == IPV6_BIT_SIZE,
+                "IP CIDR prefix 0 doesn't match");
+
+    ipset_iterator_advance(it);
+    fail_unless(it->finished,
+                "IP set should contain 1 element");
+
+    ipset_iterator_free(it);
+
+    ipset_done(&set);
+}
+END_TEST
+
+
+START_TEST(test_ipv6_iterate_network_01)
+{
+    struct ip_set  set;
+    ipset_init(&set);
+
+    struct cork_ip  ip1;
+    cork_ip_init(&ip1, "fe80::");
+
+    fail_if(ipset_ip_add_network(&set, &ip1, 127),
+            "Element should not be present");
+
+    struct ipset_iterator  *it = ipset_iterate_networks(&set, true);
+    fail_if(it == NULL,
+            "IP set iterator is NULL");
+
+    fail_if(it->finished,
+            "IP set shouldn't be empty");
+    fail_unless(cork_ip_equal(&ip1, &it->addr),
+                "IP address 0 doesn't match");
+    fail_unless(it->cidr_prefix == 127,
+                "IP CIDR prefix 0 doesn't match (%u)", it->cidr_prefix);
+
+    ipset_iterator_advance(it);
+    fail_unless(it->finished,
+                "IP set should contain 1 element");
+
+    ipset_iterator_free(it);
+
+    ipset_done(&set);
+}
+END_TEST
+
+
+START_TEST(test_ipv6_iterate_network_02)
+{
+    struct ip_set  set;
+    ipset_init(&set);
+
+    struct cork_ip  ip1;
+    cork_ip_init(&ip1, "fe80::");
+
+    fail_if(ipset_ip_add_network(&set, &ip1, 16),
+            "Element should not be present");
+
+    struct ipset_iterator  *it = ipset_iterate_networks(&set, true);
+    fail_if(it == NULL,
+            "IP set iterator is NULL");
+
+    fail_if(it->finished,
+            "IP set shouldn't be empty");
+    fail_unless(cork_ip_equal(&ip1, &it->addr),
+                "IP address 0 doesn't match");
+    fail_unless(it->cidr_prefix == 16,
+                "IP CIDR prefix 0 doesn't match (%u)", it->cidr_prefix);
+
+    ipset_iterator_advance(it);
+    fail_unless(it->finished,
+                "IP set should contain 1 element");
+
+    ipset_iterator_free(it);
+
+    ipset_done(&set);
+}
+END_TEST
+
+
+START_TEST(test_ipv6_iterate_network_03)
+{
+    struct ip_set  set;
+    ipset_init(&set);
+
+    /*
+     * If we add all of the IP addresses in a network individually, we
+     * should still get the network as a whole from the iterator.
+     */
+
+    struct cork_ip  ip1;
+    cork_ip_init(&ip1, "fe80::");
+
+    struct cork_ip  ip2;
+    cork_ip_init(&ip2, "fe80::1");
+
+    fail_if(ipset_ip_add(&set, &ip1),
+            "Element should not be present");
+
+    fail_if(ipset_ip_add(&set, &ip2),
+            "Element should not be present");
+
+    struct ipset_iterator  *it = ipset_iterate_networks(&set, true);
+    fail_if(it == NULL,
+            "IP set iterator is NULL");
+
+    fail_if(it->finished,
+            "IP set shouldn't be empty");
+    fail_unless(cork_ip_equal(&ip1, &it->addr),
+                "IP address 0 doesn't match");
+    fail_unless(it->cidr_prefix == 127,
+                "IP CIDR prefix 0 doesn't match");
+
+    ipset_iterator_advance(it);
+    fail_unless(it->finished,
+                "IP set should contain 1 elements");
+
+    ipset_iterator_free(it);
+
+    ipset_done(&set);
+}
+END_TEST
+
+
+START_TEST(test_generic_ip_iterate_01)
+{
+    struct ip_set  set;
+    ipset_init(&set);
+
+    struct cork_ip  ip1;
+    cork_ip_init(&ip1, "0.0.0.0");
+
+    struct cork_ip  ip2;
+    cork_ip_init(&ip2, "::");
+
+    struct ipset_iterator  *it = ipset_iterate_networks(&set, false);
+    fail_if(it == NULL,
+            "IP set iterator is NULL");
+
+    fail_if(it->finished,
+            "IP set shouldn't be empty");
+    fail_unless(cork_ip_equal(&ip1, &it->addr),
+                "IP address 0 doesn't match");
+    fail_unless(it->cidr_prefix == 0,
+                "IP CIDR prefix 0 doesn't match");
+
+    ipset_iterator_advance(it);
+    fail_if(it->finished,
+            "IP set should have more than 1 element");
+    fail_unless(cork_ip_equal(&ip2, &it->addr),
+                "IP address 1 doesn't match");
+    fail_unless(it->cidr_prefix == 0,
+                "IP CIDR prefix 1 doesn't match");
+
+    ipset_iterator_advance(it);
+    fail_unless(it->finished,
+                "IP set should contain 2 elements");
+
+    ipset_iterator_free(it);
+
+    ipset_done(&set);
+}
+END_TEST
+
+
+START_TEST(test_generic_ip_iterate_02)
+{
+    struct ip_set  set;
+    ipset_init(&set);
+
+    /*
+     * These addresses are carefully constructed so that the same BDD
+     * variable assignments are used to store both, apart from the
+     * IPv4/v6 discriminator variable.  The goal is get a BDD that has
+     * EITHER in the assignment for variable 0, but isn't simply the
+     * empty or full set.
+     */
+
+    struct cork_ip  ip1;
+    cork_ip_init(&ip1, "192.168.0.1"); /* 0xc0a80001 */
+
+    struct cork_ip  ip2;
+    cork_ip_init(&ip2, "c0a8:0001::");
+
+    fail_if(ipset_ip_add(&set, &ip1),
+            "Element should not be present");
+    fail_if(ipset_ip_add_network(&set, &ip2, 32),
+            "Element should not be present");
+
+    struct ipset_iterator  *it = ipset_iterate_networks(&set, true);
+    fail_if(it == NULL,
+            "IP set iterator is NULL");
+
+    fail_if(it->finished,
+            "IP set shouldn't be empty");
+    fail_unless(cork_ip_equal(&ip1, &it->addr),
+                "IP address 0 doesn't match");
+    fail_unless(it->cidr_prefix == 32,
+                "IP CIDR prefix 0 doesn't match");
+
+    ipset_iterator_advance(it);
+    fail_if(it->finished,
+            "IP set should have more than 1 element");
+    fail_unless(cork_ip_equal(&ip2, &it->addr),
+                "IP address 1 doesn't match");
+    fail_unless(it->cidr_prefix == 32,
+                "IP CIDR prefix 1 doesn't match");
+
+    ipset_iterator_advance(it);
+    fail_unless(it->finished,
+                "IP set should contain 2 elements");
+
+    ipset_iterator_free(it);
+
+    ipset_done(&set);
+}
+END_TEST
+
+
+/*-----------------------------------------------------------------------
+ * Testing harness
+ */
+
+Suite *
+ipset_suite()
+{
+    Suite  *s = suite_create("ipset");
+
+    TCase  *tc_iterator = tcase_create("iterator");
+    tcase_add_test(tc_iterator, test_iterate_empty);
+    tcase_add_test(tc_iterator, test_ipv4_iterate_01);
+    tcase_add_test(tc_iterator, test_ipv4_iterate_network_01);
+    tcase_add_test(tc_iterator, test_ipv4_iterate_network_02);
+    tcase_add_test(tc_iterator, test_ipv4_iterate_network_03);
+    tcase_add_test(tc_iterator, test_ipv6_iterate_01);
+    tcase_add_test(tc_iterator, test_ipv6_iterate_network_01);
+    tcase_add_test(tc_iterator, test_ipv6_iterate_network_02);
+    tcase_add_test(tc_iterator, test_ipv6_iterate_network_03);
+    tcase_add_test(tc_iterator, test_generic_ip_iterate_01);
+    tcase_add_test(tc_iterator, test_generic_ip_iterate_02);
+    suite_add_tcase(s, tc_iterator);
+
+    return s;
+}
+
+
+int
+main(int argc, const char **argv)
+{
+    int  number_failed;
+    Suite  *suite = ipset_suite();
+    SRunner  *runner = srunner_create(suite);
+
+    ipset_init_library();
+
+    srunner_run_all(runner, CK_NORMAL);
+    number_failed = srunner_ntests_failed(runner);
+    srunner_free(runner);
+
+    return (number_failed == 0)? EXIT_SUCCESS: EXIT_FAILURE;
+}
diff --git a/client/3rd/ShadowSocks/ShadowSocks/shadowsocks-libev/libipset/tests/tile-test b/client/3rd/ShadowSocks/ShadowSocks/shadowsocks-libev/libipset/tests/tile-test
new file mode 100755
index 00000000..2d32faf2
--- /dev/null
+++ b/client/3rd/ShadowSocks/ShadowSocks/shadowsocks-libev/libipset/tests/tile-test
@@ -0,0 +1,35 @@
+#!/usr/bin/env bash
+
+if [ ! -x $TILERA_ROOT/bin/tile-monitor ]; then
+    # If no tile-monitor is installed, then there is nothing to test.
+    echo "No tile-monitor installed in $TILERA_ROOT/bin"
+    exit 1
+fi
+
+export TEST_DIR="/tmp/test"
+export TILERA_COMMON_ARGS=" \
+    --debug-on-crash \
+    --mkdir $TEST_DIR/build \
+    --mkdir $TEST_DIR/tests \
+    --tile standard \
+    --mount-tile /usr \
+    --mount-tile /lib \
+    --upload . $TEST_DIR/build \
+    --upload ../tests $TEST_DIR/tests \
+    --env LD_LIBRARY_PATH="$TEST_DIR/build/src:/usr/local/lib:/usr/lib:/lib" \
+    --env PATH="/usr/local/bin:$PATH" \
+    --cd $TEST_DIR/build \
+    --run -+- ctest -+- --quit"
+
+# Note: we assume the Tilera processor is connected to the MDE by an IP
+# connection and has a hostname of 'tilera'.  Trust us - you don't want
+# to run tests over the serial connection.
+export TILERA_DEV_ARGS="$TILERA_COMMON_ARGS --net tilera --resume"
+$TILERA_ROOT/bin/tile-monitor $TILERA_DEV_ARGS
+
+## Uncomment the following four lines and comment the previous two if
+## you want to run the tests on the Tilera simulator.
+#export SIM_IMAGE_SIZE="4x4"
+#export TILERA_SIM_ARGS=" \
+#    --image $SIM_IMAGE_SIZE $TILERA_COMMON_ARGS --functional"
+#$TILERA_ROOT/bin/tile-monitor $TILERA_SIM_ARGS
diff --git a/client/3rd/ShadowSocks/ShadowSocks/shadowsocks-libev/libipset/version.sh b/client/3rd/ShadowSocks/ShadowSocks/shadowsocks-libev/libipset/version.sh
new file mode 100755
index 00000000..83295184
--- /dev/null
+++ b/client/3rd/ShadowSocks/ShadowSocks/shadowsocks-libev/libipset/version.sh
@@ -0,0 +1,33 @@
+#!/bin/sh
+# ----------------------------------------------------------------------
+# Copyright © 2011-2013, RedJack, LLC.
+# All rights reserved.
+#
+# Please see the LICENSE.txt file in this distribution for license
+# details.
+# ----------------------------------------------------------------------
+
+# Calculates the current version number.  If possible, this is the
+# output of “git describe”.  If “git describe” returns an error (most
+# likely because we're in an unpacked copy of a release tarball, rather
+# than in a git working copy), then we fall back on reading the contents
+# of the RELEASE-VERSION file.
+#
+# This will automatically update the RELEASE-VERSION file, if necessary.
+# Note that the RELEASE-VERSION file should *not* be checked into git;
+# please add it to your top-level .gitignore file.
+
+version=$(git describe)
+if [ -n ${version} ]; then
+    # If we got something from git-describe, write the version to the
+    # output file.
+    echo ${version} > RELEASE-VERSION
+else
+    version=$(cat RELEASE-VERSION)
+    if [ -z ${version} ]; then
+        echo "Cannot find the version number!" >&2
+        exit 1
+    fi
+fi
+
+echo ${version}
diff --git a/client/3rd/ShadowSocks/ShadowSocks/shadowsocks-libev/src/CMakeLists.txt b/client/3rd/ShadowSocks/ShadowSocks/shadowsocks-libev/src/CMakeLists.txt
new file mode 100644
index 00000000..346ba079
--- /dev/null
+++ b/client/3rd/ShadowSocks/ShadowSocks/shadowsocks-libev/src/CMakeLists.txt
@@ -0,0 +1,275 @@
+# redir need linux/* stuff
+if (LINUX)
+    option(WITH_SS_REDIR "Build ss-redir" ON)
+    option(WITH_SS_MANAGER "Build ss-manager" ON)
+else ()
+    option(WITH_SS_REDIR "Build ss-redir" OFF)
+    option(WITH_SS_MANAGER "Build ss-manager" OFF)
+endif ()
+
+
+set(SS_ACL_SOURCE
+        acl.c
+        rule.c
+        )
+
+set(SS_CRYPTO_SOURCE
+        crypto.c
+        aead.c
+        stream.c
+        base64.c
+        )
+
+set(SS_PLUGIN_SOURCE
+        plugin.c
+        )
+
+set(SS_SHARED_SOURCES
+        ppbloom.c
+        utils.c
+        jconf.c
+        json.c
+        netutils.c
+        )
+if (MINGW)
+set(SS_SHARED_SOURCES ${SS_SHARED_SOURCES} winsock.c)
+endif ()
+
+set(LIBSHADOWSOCKS_LIBEV_SOURCE
+        ${SS_SHARED_SOURCES}
+        udprelay.c
+        cache.c
+        local.c
+        ${SS_CRYPTO_SOURCE}
+        ${SS_PLUGIN_SOURCE}
+        ${SS_ACL_SOURCE}
+        )
+
+set(SS_LOCAL_SOURCE
+        ${LIBSHADOWSOCKS_LIBEV_SOURCE}
+
+        )
+
+set(SS_TUNNEL_SOURCE
+        ${SS_SHARED_SOURCES}
+        udprelay.c
+        cache.c
+        tunnel.c
+        ${SS_CRYPTO_SOURCE}
+        ${SS_PLUGIN_SOURCE}
+        )
+
+set(SS_SERVER_SOURCE
+        ${SS_SHARED_SOURCES}
+        udprelay.c
+        cache.c
+        resolv.c
+        server.c
+        ${SS_CRYPTO_SOURCE}
+        ${SS_PLUGIN_SOURCE}
+        ${SS_ACL_SOURCE}
+        )
+
+set(SS_MANAGER_SOURCE
+        ${SS_SHARED_SOURCES}
+        manager.c
+        )
+
+set(SS_REDIR_SOURCE
+        ${SS_SHARED_SOURCES}
+        udprelay.c
+        cache.c
+        redir.c
+        ${SS_CRYPTO_SOURCE}
+        ${SS_PLUGIN_SOURCE}
+        )
+
+if (CMAKE_SYSTEM_NAME STREQUAL Darwin)
+find_path(LIBSODIUM_INCLUDE_DIR sodium.h
+        PATHS
+        $ENV{LIBSODIUM_INCLUDE_DIR}
+        $ENV{LIBSODIUM_DIR}/include
+        /usr/local/libsodium/include
+        /opt/libsodium/include
+        /usr/local/include
+)
+include_directories(${LIBSODIUM_INCLUDE_DIR})
+endif ()
+
+if (WITH_STATIC)
+find_library(LIBSODIUM libsodium.a)
+find_library(LIBMBEDTLS libmbedtls.a)
+find_library(LIBMBEDCRYPTO libmbedcrypto.a)
+find_library(LIBEV libev.a)
+find_library(LIBUDNS libcares.a)
+find_library(LIBPCRE libpcre.a)
+
+# Dependencies we need for static and shared
+list(APPEND DEPS
+        m
+        bloom
+        ${LIBEV}
+        ${LIBUDNS}
+        ${LIBPCRE}
+        ${LIBSODIUM}
+        ${LIBMBEDTLS}
+        ${LIBMBEDCRYPTO}
+        )
+
+if (MINGW)
+list(APPEND DEPS ws2_32)
+add_compile_definitions(CARES_STATICLIB PCRE_STATIC)
+endif ()
+endif ()
+
+find_library(LIBSODIUM_SHARED sodium)
+find_library(LIBMBEDTLS_SHARED mbedtls)
+find_library(LIBMBEDCRYPTO_SHARED mbedcrypto)
+find_library(LIBEV_SHARED ev)
+find_library(LIBUDNS_SHARED cares)
+find_library(LIBPCRE_SHARED pcre)
+
+if (WITH_EMBEDDED_SRC)
+list(APPEND DEPS_SHARED
+        m
+        bloom-shared
+        cork-shared
+        ipset-shared
+        ${LIBEV_SHARED}
+        ${LIBUDNS_SHARED}
+        ${LIBPCRE_SHARED}
+        ${LIBSODIUM_SHARED}
+        ${LIBMBEDTLS_SHARED}
+        ${LIBMBEDCRYPTO_SHARED}
+        )
+else ()
+find_library(LIBBLOOM_SHARED bloom)
+find_library(LIBCORK_SHARED cork)
+find_library(LIBCORKIPSET_SHARED corkipset)
+list(APPEND DEPS_SHARED
+        m
+        ${LIBBLOOM_SHARED}
+        ${LIBCORK_SHARED}
+        ${LIBCORKIPSET_SHARED}
+        ${LIBEV_SHARED}
+        ${LIBUDNS_SHARED}
+        ${LIBPCRE_SHARED}
+        ${LIBSODIUM_SHARED}
+        ${LIBMBEDTLS_SHARED}
+        ${LIBMBEDCRYPTO_SHARED}
+        )
+endif ()
+
+find_package (Threads)
+
+if (WITH_STATIC)
+# ------------------------------------------------------------------
+# Static
+# By default we use normal name for static, all shared targets will add a `-shared' suffix
+add_executable(ss-server ${SS_SERVER_SOURCE})
+add_executable(ss-tunnel ${SS_TUNNEL_SOURCE})
+if (WITH_SS_MANAGER)
+    add_executable(ss-manager ${SS_MANAGER_SOURCE})
+else ()
+    add_executable(ss-manager EXCLUDE_FROM_ALL ${SS_MANAGER_SOURCE})
+endif ()
+add_executable(ss-local ${SS_LOCAL_SOURCE})
+if (WITH_SS_REDIR)
+    add_executable(ss-redir ${SS_REDIR_SOURCE})
+else ()
+    add_executable(ss-redir EXCLUDE_FROM_ALL ${SS_REDIR_SOURCE})
+endif ()
+add_library(shadowsocks-libev STATIC ${LIBSHADOWSOCKS_LIBEV_SOURCE})
+
+
+target_compile_definitions(ss-server PUBLIC -DMODULE_REMOTE)
+target_compile_definitions(ss-tunnel PUBLIC -DMODULE_TUNNEL)
+target_compile_definitions(ss-manager PUBLIC -DMODULE_MANAGER)
+target_compile_definitions(ss-local PUBLIC -DMODULE_LOCAL)
+target_compile_definitions(ss-redir PUBLIC -DMODULE_REDIR)
+target_compile_definitions(shadowsocks-libev PUBLIC -DMODULE_LOCAL -DLIB_ONLY)
+
+target_include_directories(shadowsocks-libev PUBLIC ${CMAKE_CURRENT_SOURCE_DIR})
+
+target_link_libraries(ss-server cork ipset ${DEPS})
+target_link_libraries(ss-tunnel cork ${DEPS})
+target_link_libraries(ss-manager m bloom cork ${LIBEV} ${LIBUDNS})
+target_link_libraries(ss-local cork ipset ${DEPS})
+target_link_libraries(ss-redir cork ipset ${DEPS})
+target_link_libraries(shadowsocks-libev cork ipset ${DEPS})
+endif ()
+
+# ------------------------------------------------------------------
+# Shared
+# Shared target will have a `-shared' suffix
+# All shared dependency also have `-shared' suffix
+# For shared binary, we still use the same name as static, without `-shared', but will output to shared directory
+add_executable(ss-server-shared ${SS_SERVER_SOURCE})
+add_executable(ss-tunnel-shared ${SS_TUNNEL_SOURCE})
+if (WITH_SS_MANAGER)
+    add_executable(ss-manager-shared ${SS_MANAGER_SOURCE})
+else ()
+    add_executable(ss-manager-shared EXCLUDE_FROM_ALL ${SS_MANAGER_SOURCE})
+endif ()
+add_executable(ss-local-shared ${SS_LOCAL_SOURCE})
+if (WITH_SS_REDIR)
+    add_executable(ss-redir-shared ${SS_REDIR_SOURCE})
+else ()
+    add_executable(ss-redir-shared EXCLUDE_FROM_ALL ${SS_REDIR_SOURCE})
+endif ()
+add_library(shadowsocks-libev-shared SHARED ${LIBSHADOWSOCKS_LIBEV_SOURCE})
+
+target_compile_definitions(ss-server-shared PUBLIC -DMODULE_REMOTE)
+target_compile_definitions(ss-tunnel-shared PUBLIC -DMODULE_TUNNEL)
+target_compile_definitions(ss-manager-shared PUBLIC -DMODULE_MANAGER)
+target_compile_definitions(ss-local-shared PUBLIC -DMODULE_LOCAL)
+target_compile_definitions(ss-redir-shared PUBLIC -DMODULE_REDIR)
+target_compile_definitions(shadowsocks-libev-shared PUBLIC -DMODULE_LOCAL -DLIB_ONLY)
+
+target_include_directories(shadowsocks-libev-shared PUBLIC ${CMAKE_CURRENT_SOURCE_DIR})
+
+target_link_libraries(ss-server-shared ${DEPS_SHARED})
+target_link_libraries(ss-tunnel-shared ${DEPS_SHARED})
+target_link_libraries(ss-manager-shared ${CMAKE_THREAD_LIBS_INIT} ${LIBEV_SHARED} ${LIBUDNS_SHARED} ${DEPS_SHARED})
+target_link_libraries(ss-local-shared ${DEPS_SHARED})
+target_link_libraries(ss-redir-shared ${DEPS_SHARED})
+target_link_libraries(shadowsocks-libev-shared ${DEPS_SHARED})
+
+set_target_properties(ss-server-shared PROPERTIES OUTPUT_NAME ss-server)
+set_target_properties(ss-tunnel-shared PROPERTIES OUTPUT_NAME ss-tunnel)
+set_target_properties(ss-manager-shared PROPERTIES OUTPUT_NAME ss-manager)
+set_target_properties(ss-local-shared PROPERTIES OUTPUT_NAME ss-local)
+set_target_properties(ss-redir-shared PROPERTIES OUTPUT_NAME ss-redir)
+
+set_target_properties(ss-server-shared ss-tunnel-shared ss-manager-shared ss-local-shared ss-redir-shared
+        PROPERTIES
+        RUNTIME_OUTPUT_DIRECTORY ${RUNTIME_SHARED_OUTPUT_DIRECTORY}
+        )
+
+set_target_properties(shadowsocks-libev-shared PROPERTIES OUTPUT_NAME shadowsocks-libev)
+target_compile_definitions(shadowsocks-libev-shared PUBLIC -DMODULE_LOCAL)
+target_link_libraries(shadowsocks-libev-shared ${DEPS_SHARED})
+
+# ------------------------------------------------------------------
+# Misc
+# Recommend to install shared by default
+install(DIRECTORY ${RUNTIME_SHARED_OUTPUT_DIRECTORY}/
+        USE_SOURCE_PERMISSIONS
+        DESTINATION bin)
+
+if (WITH_STATIC)
+    install(TARGETS shadowsocks-libev
+        ARCHIVE DESTINATION lib)
+endif ()
+
+install(TARGETS shadowsocks-libev-shared
+        LIBRARY DESTINATION lib)
+
+install(FILES shadowsocks.h DESTINATION include)
+
+
+add_custom_target(distclean
+        COMMAND ${CMAKE_COMMAND} -E echo WARNING: distclean target is not functional
+        COMMAND ${CMAKE_COMMAND} -E echo Use 'git clean -fdx' instead
+        VERBATIM
+        )
diff --git a/client/3rd/ShadowSocks/ShadowSocks/shadowsocks-libev/src/acl.c b/client/3rd/ShadowSocks/ShadowSocks/shadowsocks-libev/src/acl.c
new file mode 100644
index 00000000..1efc1aa4
--- /dev/null
+++ b/client/3rd/ShadowSocks/ShadowSocks/shadowsocks-libev/src/acl.c
@@ -0,0 +1,355 @@
+/*
+ * acl.c - Manage the ACL (Access Control List)
+ *
+ * Copyright (C) 2013 - 2019, Max Lv <max.c.lv@gmail.com>
+ *
+ * This file is part of the shadowsocks-libev.
+ *
+ * shadowsocks-libev is free software; you can redistribute it and/or modify
+ * it under the terms of the GNU General Public License as published by
+ * the Free Software Foundation; either version 3 of the License, or
+ * (at your option) any later version.
+ *
+ * shadowsocks-libev is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+ * GNU General Public License for more details.
+ *
+ * You should have received a copy of the GNU General Public License
+ * along with shadowsocks-libev; see the file COPYING. If not, see
+ * <http://www.gnu.org/licenses/>.
+ */
+
+#ifdef HAVE_CONFIG_H
+#include "config.h"
+#endif
+
+#include <ctype.h>
+
+#ifdef USE_SYSTEM_SHARED_LIB
+#include <libcorkipset/ipset.h>
+#else
+#include <ipset/ipset.h>
+#endif
+
+#include "rule.h"
+#include "netutils.h"
+#include "utils.h"
+#include "cache.h"
+#include "acl.h"
+
+static struct ip_set white_list_ipv4;
+static struct ip_set white_list_ipv6;
+
+static struct ip_set black_list_ipv4;
+static struct ip_set black_list_ipv6;
+
+static struct cork_dllist black_list_rules;
+static struct cork_dllist white_list_rules;
+
+static int acl_mode = BLACK_LIST;
+
+static struct ip_set outbound_block_list_ipv4;
+static struct ip_set outbound_block_list_ipv6;
+static struct cork_dllist outbound_block_list_rules;
+
+static void
+parse_addr_cidr(const char *str, char *host, int *cidr)
+{
+    int ret = -1;
+    char *pch;
+
+    pch = strchr(str, '/');
+    while (pch != NULL) {
+        ret = pch - str;
+        pch = strchr(pch + 1, '/');
+    }
+    if (ret == -1) {
+        strcpy(host, str);
+        *cidr = -1;
+    } else {
+        memcpy(host, str, ret);
+        host[ret] = '\0';
+        *cidr     = atoi(str + ret + 1);
+    }
+}
+
+char *
+trimwhitespace(char *str)
+{
+    char *end;
+
+    // Trim leading space
+    while (isspace((unsigned char)*str))
+        str++;
+
+    if (*str == 0)   // All spaces?
+        return str;
+
+    // Trim trailing space
+    end = str + strlen(str) - 1;
+    while (end > str && isspace((unsigned char)*end))
+        end--;
+
+    // Write new null terminator
+    *(end + 1) = 0;
+
+    return str;
+}
+
+int
+init_acl(const char *path)
+{
+    if (path == NULL) {
+        return -1;
+    }
+
+    // initialize ipset
+    ipset_init_library();
+
+    ipset_init(&white_list_ipv4);
+    ipset_init(&white_list_ipv6);
+    ipset_init(&black_list_ipv4);
+    ipset_init(&black_list_ipv6);
+    ipset_init(&outbound_block_list_ipv4);
+    ipset_init(&outbound_block_list_ipv6);
+
+    cork_dllist_init(&black_list_rules);
+    cork_dllist_init(&white_list_rules);
+    cork_dllist_init(&outbound_block_list_rules);
+
+    struct ip_set *list_ipv4  = &black_list_ipv4;
+    struct ip_set *list_ipv6  = &black_list_ipv6;
+    struct cork_dllist *rules = &black_list_rules;
+
+    FILE *f = fopen(path, "r");
+    if (f == NULL) {
+        LOGE("Invalid acl path.");
+        return -1;
+    }
+
+    char buf[MAX_HOSTNAME_LEN];
+
+    while (!feof(f))
+        if (fgets(buf, 256, f)) {
+            // Discards the whole line if longer than 255 characters
+            int long_line = 0;  // 1: Long  2: Error
+            while ((strlen(buf) == 255) && (buf[254] != '\n')) {
+                long_line = 1;
+                LOGE("Discarding long ACL content: %s", buf);
+                if (fgets(buf, 256, f) == NULL) {
+                    long_line = 2;
+                    break;
+                }
+            }
+            if (long_line) {
+                if (long_line == 1) {
+                    LOGE("Discarding long ACL content: %s", buf);
+                }
+                continue;
+            }
+
+            // Trim the newline
+            int len = strlen(buf);
+            if (len > 0 && buf[len - 1] == '\n') {
+                buf[len - 1] = '\0';
+            }
+
+            char *comment = strchr(buf, '#');
+            if (comment) {
+                *comment = '\0';
+            }
+
+            char *line = trimwhitespace(buf);
+            if (strlen(line) == 0) {
+                continue;
+            }
+
+            if (strcmp(line, "[outbound_block_list]") == 0) {
+                list_ipv4 = &outbound_block_list_ipv4;
+                list_ipv6 = &outbound_block_list_ipv6;
+                rules     = &outbound_block_list_rules;
+                continue;
+            } else if (strcmp(line, "[black_list]") == 0
+                       || strcmp(line, "[bypass_list]") == 0) {
+                list_ipv4 = &black_list_ipv4;
+                list_ipv6 = &black_list_ipv6;
+                rules     = &black_list_rules;
+                continue;
+            } else if (strcmp(line, "[white_list]") == 0
+                       || strcmp(line, "[proxy_list]") == 0) {
+                list_ipv4 = &white_list_ipv4;
+                list_ipv6 = &white_list_ipv6;
+                rules     = &white_list_rules;
+                continue;
+            } else if (strcmp(line, "[reject_all]") == 0
+                       || strcmp(line, "[bypass_all]") == 0) {
+                acl_mode = WHITE_LIST;
+                continue;
+            } else if (strcmp(line, "[accept_all]") == 0
+                       || strcmp(line, "[proxy_all]") == 0) {
+                acl_mode = BLACK_LIST;
+                continue;
+            }
+
+            char host[MAX_HOSTNAME_LEN];
+            int cidr;
+            parse_addr_cidr(line, host, &cidr);
+
+            struct cork_ip addr;
+            int err = cork_ip_init(&addr, host);
+            if (!err) {
+                if (addr.version == 4) {
+                    if (cidr >= 0) {
+                        ipset_ipv4_add_network(list_ipv4, &(addr.ip.v4), cidr);
+                    } else {
+                        ipset_ipv4_add(list_ipv4, &(addr.ip.v4));
+                    }
+                } else if (addr.version == 6) {
+                    if (cidr >= 0) {
+                        ipset_ipv6_add_network(list_ipv6, &(addr.ip.v6), cidr);
+                    } else {
+                        ipset_ipv6_add(list_ipv6, &(addr.ip.v6));
+                    }
+                }
+            } else {
+                rule_t *rule = new_rule();
+                accept_rule_arg(rule, line);
+                init_rule(rule);
+                add_rule(rules, rule);
+            }
+        }
+
+    fclose(f);
+
+    return 0;
+}
+
+void
+free_rules(struct cork_dllist *rules)
+{
+    struct cork_dllist_item *iter;
+    while ((iter = cork_dllist_head(rules)) != NULL) {
+        rule_t *rule = cork_container_of(iter, rule_t, entries);
+        remove_rule(rule);
+    }
+}
+
+void
+free_acl(void)
+{
+    ipset_done(&black_list_ipv4);
+    ipset_done(&black_list_ipv6);
+    ipset_done(&white_list_ipv4);
+    ipset_done(&white_list_ipv6);
+
+    free_rules(&black_list_rules);
+    free_rules(&white_list_rules);
+}
+
+int
+get_acl_mode(void)
+{
+    return acl_mode;
+}
+
+/*
+ * Return 0,  if not match.
+ * Return 1,  if match black list.
+ * Return -1, if match white list.
+ */
+int
+acl_match_host(const char *host)
+{
+    struct cork_ip addr;
+    int ret = 0;
+    int err = cork_ip_init(&addr, host);
+
+    if (err) {
+        int host_len = strlen(host);
+        if (lookup_rule(&black_list_rules, host, host_len) != NULL)
+            ret = 1;
+        else if (lookup_rule(&white_list_rules, host, host_len) != NULL)
+            ret = -1;
+        return ret;
+    }
+
+    if (addr.version == 4) {
+        if (ipset_contains_ipv4(&black_list_ipv4, &(addr.ip.v4)))
+            ret = 1;
+        else if (ipset_contains_ipv4(&white_list_ipv4, &(addr.ip.v4)))
+            ret = -1;
+    } else if (addr.version == 6) {
+        if (ipset_contains_ipv6(&black_list_ipv6, &(addr.ip.v6)))
+            ret = 1;
+        else if (ipset_contains_ipv6(&white_list_ipv6, &(addr.ip.v6)))
+            ret = -1;
+    }
+
+    return ret;
+}
+
+int
+acl_add_ip(const char *ip)
+{
+    struct cork_ip addr;
+    int err = cork_ip_init(&addr, ip);
+    if (err) {
+        return -1;
+    }
+
+    if (addr.version == 4) {
+        ipset_ipv4_add(&black_list_ipv4, &(addr.ip.v4));
+    } else if (addr.version == 6) {
+        ipset_ipv6_add(&black_list_ipv6, &(addr.ip.v6));
+    }
+
+    return 0;
+}
+
+int
+acl_remove_ip(const char *ip)
+{
+    struct cork_ip addr;
+    int err = cork_ip_init(&addr, ip);
+    if (err) {
+        return -1;
+    }
+
+    if (addr.version == 4) {
+        ipset_ipv4_remove(&black_list_ipv4, &(addr.ip.v4));
+    } else if (addr.version == 6) {
+        ipset_ipv6_remove(&black_list_ipv6, &(addr.ip.v6));
+    }
+
+    return 0;
+}
+
+/*
+ * Return 0,  if not match.
+ * Return 1,  if match black list.
+ */
+int
+outbound_block_match_host(const char *host)
+{
+    struct cork_ip addr;
+    int ret = 0;
+    int err = cork_ip_init(&addr, host);
+
+    if (err) {
+        int host_len = strlen(host);
+        if (lookup_rule(&outbound_block_list_rules, host, host_len) != NULL)
+            ret = 1;
+        return ret;
+    }
+
+    if (addr.version == 4) {
+        if (ipset_contains_ipv4(&outbound_block_list_ipv4, &(addr.ip.v4)))
+            ret = 1;
+    } else if (addr.version == 6) {
+        if (ipset_contains_ipv6(&outbound_block_list_ipv6, &(addr.ip.v6)))
+            ret = 1;
+    }
+
+    return ret;
+}
diff --git a/client/3rd/ShadowSocks/ShadowSocks/shadowsocks-libev/src/acl.h b/client/3rd/ShadowSocks/ShadowSocks/shadowsocks-libev/src/acl.h
new file mode 100644
index 00000000..197027c0
--- /dev/null
+++ b/client/3rd/ShadowSocks/ShadowSocks/shadowsocks-libev/src/acl.h
@@ -0,0 +1,40 @@
+/*
+ * acl.h - Define the ACL interface
+ *
+ * Copyright (C) 2013 - 2019, Max Lv <max.c.lv@gmail.com>
+ *
+ * This file is part of the shadowsocks-libev.
+ *
+ * shadowsocks-libev is free software; you can redistribute it and/or modify
+ * it under the terms of the GNU General Public License as published by
+ * the Free Software Foundation; either version 3 of the License, or
+ * (at your option) any later version.
+ *
+ * shadowsocks-libev is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+ * GNU General Public License for more details.
+ *
+ * You should have received a copy of the GNU General Public License
+ * along with shadowsocks-libev; see the file COPYING. If not, see
+ * <http://www.gnu.org/licenses/>.
+ */
+
+#ifndef _ACL_H
+#define _ACL_H
+
+#define BLACK_LIST 0
+#define WHITE_LIST 1
+
+int init_acl(const char *path);
+void free_acl(void);
+
+int acl_match_host(const char *ip);
+int acl_add_ip(const char *ip);
+int acl_remove_ip(const char *ip);
+
+int get_acl_mode(void);
+
+int outbound_block_match_host(const char *host);
+
+#endif // _ACL_H
diff --git a/client/3rd/ShadowSocks/ShadowSocks/shadowsocks-libev/src/aead.c b/client/3rd/ShadowSocks/ShadowSocks/shadowsocks-libev/src/aead.c
new file mode 100644
index 00000000..358ec938
--- /dev/null
+++ b/client/3rd/ShadowSocks/ShadowSocks/shadowsocks-libev/src/aead.c
@@ -0,0 +1,773 @@
+/*
+ * aead.c - Manage AEAD ciphers
+ *
+ * Copyright (C) 2013 - 2019, Max Lv <max.c.lv@gmail.com>
+ *
+ * This file is part of the shadowsocks-libev.
+ *
+ * shadowsocks-libev is free software; you can redistribute it and/or modify
+ * it under the terms of the GNU General Public License as published by
+ * the Free Software Foundation; either version 3 of the License, or
+ * (at your option) any later version.
+ *
+ * shadowsocks-libev is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+ * GNU General Public License for more details.
+ *
+ * You should have received a copy of the GNU General Public License
+ * along with shadowsocks-libev; see the file COPYING. If not, see
+ * <http://www.gnu.org/licenses/>.
+ */
+
+#ifdef HAVE_CONFIG_H
+#include "config.h"
+#endif
+
+#include <mbedtls/version.h>
+#define CIPHER_UNSUPPORTED "unsupported"
+#include <time.h>
+#include <stdio.h>
+#include <assert.h>
+
+#include <sodium.h>
+#ifndef __MINGW32__
+#include <arpa/inet.h>
+#endif
+
+#include "ppbloom.h"
+#include "aead.h"
+#include "utils.h"
+#include "winsock.h"
+
+#define NONE                    (-1)
+#define AES128GCM               0
+#define AES192GCM               1
+#define AES256GCM               2
+/*
+ * methods above requires gcm context
+ * methods below doesn't require it,
+ * then we need to fake one
+ */
+#define CHACHA20POLY1305IETF    3
+
+#ifdef FS_HAVE_XCHACHA20IETF
+#define XCHACHA20POLY1305IETF   4
+#endif
+
+#define CHUNK_SIZE_LEN          2
+#define CHUNK_SIZE_MASK         0x3FFF
+
+/*
+ * Spec: http://shadowsocks.org/en/spec/AEAD-Ciphers.html
+ *
+ * The way Shadowsocks using AEAD ciphers is specified in SIP004 and amended in SIP007. SIP004 was proposed by @Mygod
+ * with design inspirations from @wongsyrone, @Noisyfox and @breakwa11. SIP007 was proposed by @riobard with input from
+ * @madeye, @Mygod, @wongsyrone, and many others.
+ *
+ * Key Derivation
+ *
+ * HKDF_SHA1 is a function that takes a secret key, a non-secret salt, an info string, and produces a subkey that is
+ * cryptographically strong even if the input secret key is weak.
+ *
+ *      HKDF_SHA1(key, salt, info) => subkey
+ *
+ * The info string binds the generated subkey to a specific application context. In our case, it must be the string
+ * "ss-subkey" without quotes.
+ *
+ * We derive a per-session subkey from a pre-shared master key using HKDF_SHA1. Salt must be unique through the entire
+ * life of the pre-shared master key.
+ *
+ * TCP
+ *
+ * An AEAD encrypted TCP stream starts with a randomly generated salt to derive the per-session subkey, followed by any
+ * number of encrypted chunks. Each chunk has the following structure:
+ *
+ *      [encrypted payload length][length tag][encrypted payload][payload tag]
+ *
+ * Payload length is a 2-byte big-endian unsigned integer capped at 0x3FFF. The higher two bits are reserved and must be
+ * set to zero. Payload is therefore limited to 16*1024 - 1 bytes.
+ *
+ * The first AEAD encrypt/decrypt operation uses a counting nonce starting from 0. After each encrypt/decrypt operation,
+ * the nonce is incremented by one as if it were an unsigned little-endian integer. Note that each TCP chunk involves
+ * two AEAD encrypt/decrypt operation: one for the payload length, and one for the payload. Therefore each chunk
+ * increases the nonce twice.
+ *
+ * UDP
+ *
+ * An AEAD encrypted UDP packet has the following structure:
+ *
+ *      [salt][encrypted payload][tag]
+ *
+ * The salt is used to derive the per-session subkey and must be generated randomly to ensure uniqueness. Each UDP
+ * packet is encrypted/decrypted independently, using the derived subkey and a nonce with all zero bytes.
+ *
+ */
+
+const char *supported_aead_ciphers[AEAD_CIPHER_NUM] = {
+    "aes-128-gcm",
+    "aes-192-gcm",
+    "aes-256-gcm",
+    "chacha20-ietf-poly1305",
+#ifdef FS_HAVE_XCHACHA20IETF
+    "xchacha20-ietf-poly1305"
+#endif
+};
+
+/*
+ * use mbed TLS cipher wrapper to unify handling
+ */
+static const char *supported_aead_ciphers_mbedtls[AEAD_CIPHER_NUM] = {
+    "AES-128-GCM",
+    "AES-192-GCM",
+    "AES-256-GCM",
+    CIPHER_UNSUPPORTED,
+#ifdef FS_HAVE_XCHACHA20IETF
+    CIPHER_UNSUPPORTED
+#endif
+};
+
+static const int supported_aead_ciphers_nonce_size[AEAD_CIPHER_NUM] = {
+    12, 12, 12, 12,
+#ifdef FS_HAVE_XCHACHA20IETF
+    24
+#endif
+};
+
+static const int supported_aead_ciphers_key_size[AEAD_CIPHER_NUM] = {
+    16, 24, 32, 32,
+#ifdef FS_HAVE_XCHACHA20IETF
+    32
+#endif
+};
+
+static const int supported_aead_ciphers_tag_size[AEAD_CIPHER_NUM] = {
+    16, 16, 16, 16,
+#ifdef FS_HAVE_XCHACHA20IETF
+    16
+#endif
+};
+
+static int
+aead_cipher_encrypt(cipher_ctx_t *cipher_ctx,
+                    uint8_t *c,
+                    size_t *clen,
+                    uint8_t *m,
+                    size_t mlen,
+                    uint8_t *ad,
+                    size_t adlen,
+                    uint8_t *n,
+                    uint8_t *k)
+{
+    int err                      = CRYPTO_OK;
+    unsigned long long long_clen = 0;
+
+    size_t nlen = cipher_ctx->cipher->nonce_len;
+    size_t tlen = cipher_ctx->cipher->tag_len;
+
+    switch (cipher_ctx->cipher->method) {
+    case AES256GCM: // Only AES-256-GCM is supported by libsodium.
+        if (cipher_ctx->aes256gcm_ctx != NULL) { // Use it if availble
+            err = crypto_aead_aes256gcm_encrypt_afternm(c, &long_clen, m, mlen,
+                                                        ad, adlen, NULL, n,
+                                                        (const aes256gcm_ctx *)cipher_ctx->aes256gcm_ctx);
+            *clen = (size_t)long_clen; // it's safe to cast 64bit to 32bit length here
+            break;
+        }
+    // Otherwise, just use the mbedTLS one with crappy AES-NI.
+    case AES192GCM:
+    case AES128GCM:
+
+        err = mbedtls_cipher_auth_encrypt(cipher_ctx->evp, n, nlen, ad, adlen,
+                                          m, mlen, c, clen, c + mlen, tlen);
+        *clen += tlen;
+        break;
+    case CHACHA20POLY1305IETF:
+        err = crypto_aead_chacha20poly1305_ietf_encrypt(c, &long_clen, m, mlen,
+                                                        ad, adlen, NULL, n, k);
+        *clen = (size_t)long_clen;
+        break;
+#ifdef FS_HAVE_XCHACHA20IETF
+    case XCHACHA20POLY1305IETF:
+        err = crypto_aead_xchacha20poly1305_ietf_encrypt(c, &long_clen, m, mlen,
+                                                         ad, adlen, NULL, n, k);
+        *clen = (size_t)long_clen;
+        break;
+#endif
+    default:
+        return CRYPTO_ERROR;
+    }
+
+    return err;
+}
+
+static int
+aead_cipher_decrypt(cipher_ctx_t *cipher_ctx,
+                    uint8_t *p, size_t *plen,
+                    uint8_t *m, size_t mlen,
+                    uint8_t *ad, size_t adlen,
+                    uint8_t *n, uint8_t *k)
+{
+    int err                      = CRYPTO_ERROR;
+    unsigned long long long_plen = 0;
+
+    size_t nlen = cipher_ctx->cipher->nonce_len;
+    size_t tlen = cipher_ctx->cipher->tag_len;
+
+    switch (cipher_ctx->cipher->method) {
+    case AES256GCM: // Only AES-256-GCM is supported by libsodium.
+        if (cipher_ctx->aes256gcm_ctx != NULL) { // Use it if availble
+            err = crypto_aead_aes256gcm_decrypt_afternm(p, &long_plen, NULL, m, mlen,
+                                                        ad, adlen, n,
+                                                        (const aes256gcm_ctx *)cipher_ctx->aes256gcm_ctx);
+            *plen = (size_t)long_plen; // it's safe to cast 64bit to 32bit length here
+            break;
+        }
+    // Otherwise, just use the mbedTLS one with crappy AES-NI.
+    case AES192GCM:
+    case AES128GCM:
+        err = mbedtls_cipher_auth_decrypt(cipher_ctx->evp, n, nlen, ad, adlen,
+                                          m, mlen - tlen, p, plen, m + mlen - tlen, tlen);
+        break;
+    case CHACHA20POLY1305IETF:
+        err = crypto_aead_chacha20poly1305_ietf_decrypt(p, &long_plen, NULL, m, mlen,
+                                                        ad, adlen, n, k);
+        *plen = (size_t)long_plen; // it's safe to cast 64bit to 32bit length here
+        break;
+#ifdef FS_HAVE_XCHACHA20IETF
+    case XCHACHA20POLY1305IETF:
+        err = crypto_aead_xchacha20poly1305_ietf_decrypt(p, &long_plen, NULL, m, mlen,
+                                                         ad, adlen, n, k);
+        *plen = (size_t)long_plen; // it's safe to cast 64bit to 32bit length here
+        break;
+#endif
+    default:
+        return CRYPTO_ERROR;
+    }
+
+    // The success return value ln libsodium and mbedTLS are both 0
+    if (err != 0)
+        // Although we never return any library specific value in the caller,
+        // here we still set the error code to CRYPTO_ERROR to avoid confusion.
+        err = CRYPTO_ERROR;
+
+    return err;
+}
+
+/*
+ * get basic cipher info structure
+ * it's a wrapper offered by crypto library
+ */
+const cipher_kt_t *
+aead_get_cipher_type(int method)
+{
+    if (method < AES128GCM || method >= AEAD_CIPHER_NUM) {
+        LOGE("aead_get_cipher_type(): Illegal method");
+        return NULL;
+    }
+
+    /* cipher that don't use mbed TLS, just return */
+    if (method >= CHACHA20POLY1305IETF) {
+        return NULL;
+    }
+
+    const char *ciphername  = supported_aead_ciphers[method];
+    const char *mbedtlsname = supported_aead_ciphers_mbedtls[method];
+    if (strcmp(mbedtlsname, CIPHER_UNSUPPORTED) == 0) {
+        LOGE("Cipher %s currently is not supported by mbed TLS library",
+             ciphername);
+        return NULL;
+    }
+    return mbedtls_cipher_info_from_string(mbedtlsname);
+}
+
+static void
+aead_cipher_ctx_set_key(cipher_ctx_t *cipher_ctx, int enc)
+{
+    const digest_type_t *md = mbedtls_md_info_from_string("SHA1");
+    if (md == NULL) {
+        FATAL("SHA1 Digest not found in crypto library");
+    }
+
+    int err = crypto_hkdf(md,
+                          cipher_ctx->salt, cipher_ctx->cipher->key_len,
+                          cipher_ctx->cipher->key, cipher_ctx->cipher->key_len,
+                          (uint8_t *)SUBKEY_INFO, strlen(SUBKEY_INFO),
+                          cipher_ctx->skey, cipher_ctx->cipher->key_len);
+    if (err) {
+        FATAL("Unable to generate subkey");
+    }
+
+    memset(cipher_ctx->nonce, 0, cipher_ctx->cipher->nonce_len);
+
+    /* cipher that don't use mbed TLS, just return */
+    if (cipher_ctx->cipher->method >= CHACHA20POLY1305IETF) {
+        return;
+    }
+    if (cipher_ctx->aes256gcm_ctx != NULL) {
+        if (crypto_aead_aes256gcm_beforenm(cipher_ctx->aes256gcm_ctx,
+                                           cipher_ctx->skey) != 0) {
+            FATAL("Cannot set libsodium cipher key");
+        }
+        return;
+    }
+    if (mbedtls_cipher_setkey(cipher_ctx->evp, cipher_ctx->skey,
+                              cipher_ctx->cipher->key_len * 8, enc) != 0) {
+        FATAL("Cannot set mbed TLS cipher key");
+    }
+    if (mbedtls_cipher_reset(cipher_ctx->evp) != 0) {
+        FATAL("Cannot finish preparation of mbed TLS cipher context");
+    }
+}
+
+static void
+aead_cipher_ctx_init(cipher_ctx_t *cipher_ctx, int method, int enc)
+{
+    if (method < AES128GCM || method >= AEAD_CIPHER_NUM) {
+        LOGE("cipher_context_init(): Illegal method");
+        return;
+    }
+
+    if (method >= CHACHA20POLY1305IETF) {
+        return;
+    }
+
+    const char *ciphername = supported_aead_ciphers[method];
+
+    const cipher_kt_t *cipher = aead_get_cipher_type(method);
+
+    if (method == AES256GCM && crypto_aead_aes256gcm_is_available()) {
+        cipher_ctx->aes256gcm_ctx = ss_aligned_malloc(sizeof(aes256gcm_ctx));
+        memset(cipher_ctx->aes256gcm_ctx, 0, sizeof(aes256gcm_ctx));
+    } else {
+        cipher_ctx->aes256gcm_ctx = NULL;
+        cipher_ctx->evp           = ss_malloc(sizeof(cipher_evp_t));
+        memset(cipher_ctx->evp, 0, sizeof(cipher_evp_t));
+        cipher_evp_t *evp = cipher_ctx->evp;
+        mbedtls_cipher_init(evp);
+        if (mbedtls_cipher_setup(evp, cipher) != 0) {
+            FATAL("Cannot initialize mbed TLS cipher context");
+        }
+    }
+
+    if (cipher == NULL) {
+        LOGE("Cipher %s not found in mbed TLS library", ciphername);
+        FATAL("Cannot initialize mbed TLS cipher");
+    }
+
+#ifdef SS_DEBUG
+    dump("KEY", (char *)cipher_ctx->cipher->key, cipher_ctx->cipher->key_len);
+#endif
+}
+
+void
+aead_ctx_init(cipher_t *cipher, cipher_ctx_t *cipher_ctx, int enc)
+{
+    sodium_memzero(cipher_ctx, sizeof(cipher_ctx_t));
+    cipher_ctx->cipher = cipher;
+
+    aead_cipher_ctx_init(cipher_ctx, cipher->method, enc);
+
+    if (enc) {
+        rand_bytes(cipher_ctx->salt, cipher->key_len);
+    }
+}
+
+void
+aead_ctx_release(cipher_ctx_t *cipher_ctx)
+{
+    if (cipher_ctx->chunk != NULL) {
+        bfree(cipher_ctx->chunk);
+        ss_free(cipher_ctx->chunk);
+        cipher_ctx->chunk = NULL;
+    }
+
+    if (cipher_ctx->cipher->method >= CHACHA20POLY1305IETF) {
+        return;
+    }
+
+    if (cipher_ctx->aes256gcm_ctx != NULL) {
+        ss_aligned_free(cipher_ctx->aes256gcm_ctx);
+        return;
+    }
+
+    mbedtls_cipher_free(cipher_ctx->evp);
+    ss_free(cipher_ctx->evp);
+}
+
+int
+aead_encrypt_all(buffer_t *plaintext, cipher_t *cipher, size_t capacity)
+{
+    cipher_ctx_t cipher_ctx;
+    aead_ctx_init(cipher, &cipher_ctx, 1);
+
+    size_t salt_len = cipher->key_len;
+    size_t tag_len  = cipher->tag_len;
+    int err         = CRYPTO_OK;
+
+    static buffer_t tmp = { 0, 0, 0, NULL };
+    brealloc(&tmp, salt_len + tag_len + plaintext->len, capacity);
+    buffer_t *ciphertext = &tmp;
+    ciphertext->len = tag_len + plaintext->len;
+
+    /* copy salt to first pos */
+    memcpy(ciphertext->data, cipher_ctx.salt, salt_len);
+
+    ppbloom_add((void *)cipher_ctx.salt, salt_len);
+
+    aead_cipher_ctx_set_key(&cipher_ctx, 1);
+
+    size_t clen = ciphertext->len;
+    err = aead_cipher_encrypt(&cipher_ctx,
+                              (uint8_t *)ciphertext->data + salt_len, &clen,
+                              (uint8_t *)plaintext->data, plaintext->len,
+                              NULL, 0, cipher_ctx.nonce, cipher_ctx.skey);
+
+    aead_ctx_release(&cipher_ctx);
+
+    if (err)
+        return CRYPTO_ERROR;
+
+    assert(ciphertext->len == clen);
+
+    brealloc(plaintext, salt_len + ciphertext->len, capacity);
+    memcpy(plaintext->data, ciphertext->data, salt_len + ciphertext->len);
+    plaintext->len = salt_len + ciphertext->len;
+
+    return CRYPTO_OK;
+}
+
+int
+aead_decrypt_all(buffer_t *ciphertext, cipher_t *cipher, size_t capacity)
+{
+    size_t salt_len = cipher->key_len;
+    size_t tag_len  = cipher->tag_len;
+    int err         = CRYPTO_OK;
+
+    if (ciphertext->len <= salt_len + tag_len) {
+        return CRYPTO_ERROR;
+    }
+
+    cipher_ctx_t cipher_ctx;
+    aead_ctx_init(cipher, &cipher_ctx, 0);
+
+    static buffer_t tmp = { 0, 0, 0, NULL };
+    brealloc(&tmp, ciphertext->len, capacity);
+    buffer_t *plaintext = &tmp;
+    plaintext->len = ciphertext->len - salt_len - tag_len;
+
+    /* get salt */
+    uint8_t *salt = cipher_ctx.salt;
+    memcpy(salt, ciphertext->data, salt_len);
+
+    if (ppbloom_check((void *)salt, salt_len) == 1) {
+        LOGE("crypto: AEAD: repeat salt detected");
+        return CRYPTO_ERROR;
+    }
+
+    aead_cipher_ctx_set_key(&cipher_ctx, 0);
+
+    size_t plen = plaintext->len;
+    err = aead_cipher_decrypt(&cipher_ctx,
+                              (uint8_t *)plaintext->data, &plen,
+                              (uint8_t *)ciphertext->data + salt_len,
+                              ciphertext->len - salt_len, NULL, 0,
+                              cipher_ctx.nonce, cipher_ctx.skey);
+
+    aead_ctx_release(&cipher_ctx);
+
+    if (err)
+        return CRYPTO_ERROR;
+
+    ppbloom_add((void *)salt, salt_len);
+
+    brealloc(ciphertext, plaintext->len, capacity);
+    memcpy(ciphertext->data, plaintext->data, plaintext->len);
+    ciphertext->len = plaintext->len;
+
+    return CRYPTO_OK;
+}
+
+static int
+aead_chunk_encrypt(cipher_ctx_t *ctx, uint8_t *p, uint8_t *c,
+                   uint8_t *n, uint16_t plen)
+{
+    size_t nlen = ctx->cipher->nonce_len;
+    size_t tlen = ctx->cipher->tag_len;
+
+    assert(plen <= CHUNK_SIZE_MASK);
+
+    int err;
+    size_t clen;
+    uint8_t len_buf[CHUNK_SIZE_LEN];
+    uint16_t t = htons(plen & CHUNK_SIZE_MASK);
+    memcpy(len_buf, &t, CHUNK_SIZE_LEN);
+
+    clen = CHUNK_SIZE_LEN + tlen;
+    err  = aead_cipher_encrypt(ctx, c, &clen, len_buf, CHUNK_SIZE_LEN,
+                               NULL, 0, n, ctx->skey);
+    if (err)
+        return CRYPTO_ERROR;
+
+    assert(clen == CHUNK_SIZE_LEN + tlen);
+
+    sodium_increment(n, nlen);
+
+    clen = plen + tlen;
+    err  = aead_cipher_encrypt(ctx, c + CHUNK_SIZE_LEN + tlen, &clen, p, plen,
+                               NULL, 0, n, ctx->skey);
+    if (err)
+        return CRYPTO_ERROR;
+
+    assert(clen == plen + tlen);
+
+    sodium_increment(n, nlen);
+
+    return CRYPTO_OK;
+}
+
+/* TCP */
+int
+aead_encrypt(buffer_t *plaintext, cipher_ctx_t *cipher_ctx, size_t capacity)
+{
+    if (cipher_ctx == NULL)
+        return CRYPTO_ERROR;
+
+    if (plaintext->len == 0) {
+        return CRYPTO_OK;
+    }
+
+    static buffer_t tmp = { 0, 0, 0, NULL };
+    buffer_t *ciphertext;
+
+    cipher_t *cipher = cipher_ctx->cipher;
+    int err          = CRYPTO_ERROR;
+    size_t salt_ofst = 0;
+    size_t salt_len  = cipher->key_len;
+    size_t tag_len   = cipher->tag_len;
+
+    if (!cipher_ctx->init) {
+        salt_ofst = salt_len;
+    }
+
+    size_t out_len = salt_ofst + 2 * tag_len + plaintext->len + CHUNK_SIZE_LEN;
+    brealloc(&tmp, out_len, capacity);
+    ciphertext      = &tmp;
+    ciphertext->len = out_len;
+
+    if (!cipher_ctx->init) {
+        memcpy(ciphertext->data, cipher_ctx->salt, salt_len);
+        aead_cipher_ctx_set_key(cipher_ctx, 1);
+        cipher_ctx->init = 1;
+
+        ppbloom_add((void *)cipher_ctx->salt, salt_len);
+    }
+
+    err = aead_chunk_encrypt(cipher_ctx,
+                             (uint8_t *)plaintext->data,
+                             (uint8_t *)ciphertext->data + salt_ofst,
+                             cipher_ctx->nonce, plaintext->len);
+    if (err)
+        return err;
+
+    brealloc(plaintext, ciphertext->len, capacity);
+    memcpy(plaintext->data, ciphertext->data, ciphertext->len);
+    plaintext->len = ciphertext->len;
+
+    return 0;
+}
+
+static int
+aead_chunk_decrypt(cipher_ctx_t *ctx, uint8_t *p, uint8_t *c, uint8_t *n,
+                   size_t *plen, size_t *clen)
+{
+    int err;
+    size_t mlen;
+    size_t nlen = ctx->cipher->nonce_len;
+    size_t tlen = ctx->cipher->tag_len;
+
+    if (*clen <= 2 * tlen + CHUNK_SIZE_LEN)
+        return CRYPTO_NEED_MORE;
+
+    uint8_t len_buf[2];
+    err = aead_cipher_decrypt(ctx, len_buf, plen, c, CHUNK_SIZE_LEN + tlen,
+                              NULL, 0, n, ctx->skey);
+    if (err)
+        return CRYPTO_ERROR;
+    assert(*plen == CHUNK_SIZE_LEN);
+
+    mlen = load16_be(len_buf);
+    mlen = mlen & CHUNK_SIZE_MASK;
+
+    if (mlen == 0)
+        return CRYPTO_ERROR;
+
+    size_t chunk_len = 2 * tlen + CHUNK_SIZE_LEN + mlen;
+
+    if (*clen < chunk_len)
+        return CRYPTO_NEED_MORE;
+
+    sodium_increment(n, nlen);
+
+    err = aead_cipher_decrypt(ctx, p, plen, c + CHUNK_SIZE_LEN + tlen, mlen + tlen,
+                              NULL, 0, n, ctx->skey);
+    if (err)
+        return CRYPTO_ERROR;
+    assert(*plen == mlen);
+
+    sodium_increment(n, nlen);
+
+    *clen = *clen - chunk_len;
+
+    return CRYPTO_OK;
+}
+
+int
+aead_decrypt(buffer_t *ciphertext, cipher_ctx_t *cipher_ctx, size_t capacity)
+{
+    int err             = CRYPTO_OK;
+    static buffer_t tmp = { 0, 0, 0, NULL };
+
+    cipher_t *cipher = cipher_ctx->cipher;
+
+    size_t salt_len = cipher->key_len;
+
+    if (cipher_ctx->chunk == NULL) {
+        cipher_ctx->chunk = (buffer_t *)ss_malloc(sizeof(buffer_t));
+        memset(cipher_ctx->chunk, 0, sizeof(buffer_t));
+        balloc(cipher_ctx->chunk, capacity);
+    }
+
+    brealloc(cipher_ctx->chunk,
+             cipher_ctx->chunk->len + ciphertext->len, capacity);
+    memcpy(cipher_ctx->chunk->data + cipher_ctx->chunk->len,
+           ciphertext->data, ciphertext->len);
+    cipher_ctx->chunk->len += ciphertext->len;
+
+    brealloc(&tmp, cipher_ctx->chunk->len, capacity);
+    buffer_t *plaintext = &tmp;
+
+    if (!cipher_ctx->init) {
+        if (cipher_ctx->chunk->len <= salt_len)
+            return CRYPTO_NEED_MORE;
+
+        memcpy(cipher_ctx->salt, cipher_ctx->chunk->data, salt_len);
+
+        if (ppbloom_check((void *)cipher_ctx->salt, salt_len) == 1) {
+            LOGE("crypto: AEAD: repeat salt detected");
+            return CRYPTO_ERROR;
+        }
+
+        aead_cipher_ctx_set_key(cipher_ctx, 0);
+
+        memmove(cipher_ctx->chunk->data, cipher_ctx->chunk->data + salt_len,
+                cipher_ctx->chunk->len - salt_len);
+        cipher_ctx->chunk->len -= salt_len;
+
+        cipher_ctx->init = 1;
+    }
+
+    size_t plen = 0;
+    size_t cidx = 0;
+    while (cipher_ctx->chunk->len > 0) {
+        size_t chunk_clen = cipher_ctx->chunk->len;
+        size_t chunk_plen = 0;
+        err = aead_chunk_decrypt(cipher_ctx,
+                                 (uint8_t *)plaintext->data + plen,
+                                 (uint8_t *)cipher_ctx->chunk->data + cidx,
+                                 cipher_ctx->nonce, &chunk_plen, &chunk_clen);
+        if (err == CRYPTO_ERROR) {
+            return err;
+        } else if (err == CRYPTO_NEED_MORE) {
+            if (plen == 0)
+                return err;
+            else{
+                memmove((uint8_t *)cipher_ctx->chunk->data, 
+			(uint8_t *)cipher_ctx->chunk->data + cidx, chunk_clen);
+                break;
+            }
+        }
+        cipher_ctx->chunk->len = chunk_clen;
+        cidx += cipher_ctx->cipher->tag_len * 2 + CHUNK_SIZE_LEN + chunk_plen;
+        plen                  += chunk_plen;
+    }
+    plaintext->len = plen;
+
+    // Add the salt to bloom filter
+    if (cipher_ctx->init == 1) {
+        if (ppbloom_check((void *)cipher_ctx->salt, salt_len) == 1) {
+            LOGE("crypto: AEAD: repeat salt detected");
+            return CRYPTO_ERROR;
+        }
+        ppbloom_add((void *)cipher_ctx->salt, salt_len);
+        cipher_ctx->init = 2;
+    }
+
+    brealloc(ciphertext, plaintext->len, capacity);
+    memcpy(ciphertext->data, plaintext->data, plaintext->len);
+    ciphertext->len = plaintext->len;
+
+    return CRYPTO_OK;
+}
+
+cipher_t *
+aead_key_init(int method, const char *pass, const char *key)
+{
+    if (method < AES128GCM || method >= AEAD_CIPHER_NUM) {
+        LOGE("aead_key_init(): Illegal method");
+        return NULL;
+    }
+
+    cipher_t *cipher = (cipher_t *)ss_malloc(sizeof(cipher_t));
+    memset(cipher, 0, sizeof(cipher_t));
+
+    if (method >= CHACHA20POLY1305IETF) {
+        cipher_kt_t *cipher_info = (cipher_kt_t *)ss_malloc(sizeof(cipher_kt_t));
+        cipher->info             = cipher_info;
+        cipher->info->base       = NULL;
+        cipher->info->key_bitlen = supported_aead_ciphers_key_size[method] * 8;
+        cipher->info->iv_size    = supported_aead_ciphers_nonce_size[method];
+    } else {
+        cipher->info = (cipher_kt_t *)aead_get_cipher_type(method);
+    }
+
+    if (cipher->info == NULL && cipher->key_len == 0) {
+        LOGE("Cipher %s not found in crypto library", supported_aead_ciphers[method]);
+        FATAL("Cannot initialize cipher");
+    }
+
+    if (key != NULL)
+        cipher->key_len = crypto_parse_key(key, cipher->key,
+                                           supported_aead_ciphers_key_size[method]);
+    else
+        cipher->key_len = crypto_derive_key(pass, cipher->key,
+                                            supported_aead_ciphers_key_size[method]);
+
+    if (cipher->key_len == 0) {
+        FATAL("Cannot generate key and nonce");
+    }
+
+    cipher->nonce_len = supported_aead_ciphers_nonce_size[method];
+    cipher->tag_len   = supported_aead_ciphers_tag_size[method];
+    cipher->method    = method;
+
+    return cipher;
+}
+
+cipher_t *
+aead_init(const char *pass, const char *key, const char *method)
+{
+    int m = AES128GCM;
+    if (method != NULL) {
+        /* check method validity */
+        for (m = AES128GCM; m < AEAD_CIPHER_NUM; m++)
+            if (strcmp(method, supported_aead_ciphers[m]) == 0) {
+                break;
+            }
+        if (m >= AEAD_CIPHER_NUM) {
+            LOGE("Invalid cipher name: %s, use chacha20-ietf-poly1305 instead", method);
+            m = CHACHA20POLY1305IETF;
+        }
+    }
+    return aead_key_init(m, pass, key);
+}
diff --git a/client/3rd/ShadowSocks/ShadowSocks/shadowsocks-libev/src/aead.h b/client/3rd/ShadowSocks/ShadowSocks/shadowsocks-libev/src/aead.h
new file mode 100644
index 00000000..3f2408f9
--- /dev/null
+++ b/client/3rd/ShadowSocks/ShadowSocks/shadowsocks-libev/src/aead.h
@@ -0,0 +1,47 @@
+/*
+ * aead.h - Define the AEAD interface
+ *
+ * Copyright (C) 2013 - 2019, Max Lv <max.c.lv@gmail.com>
+ *
+ * This file is part of the shadowsocks-libev.
+ *
+ * shadowsocks-libev is free software; you can redistribute it and/or modify
+ * it under the terms of the GNU General Public License as published by
+ * the Free Software Foundation; either version 3 of the License, or
+ * (at your option) any later version.
+ *
+ * shadowsocks-libev is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+ * GNU General Public License for more details.
+ *
+ * You should have received a copy of the GNU General Public License
+ * along with shadowsocks-libev; see the file COPYING. If not, see
+ * <http://www.gnu.org/licenses/>.
+ */
+
+#ifndef _AEAD_H
+#define _AEAD_H
+
+#include "crypto.h"
+
+// currently, XCHACHA20POLY1305IETF is not released yet
+// XCHACHA20POLY1305 is removed in upstream
+#ifdef FS_HAVE_XCHACHA20IETF
+#define AEAD_CIPHER_NUM              5
+#else
+#define AEAD_CIPHER_NUM              4
+#endif
+
+int aead_encrypt_all(buffer_t *, cipher_t *, size_t);
+int aead_decrypt_all(buffer_t *, cipher_t *, size_t);
+
+int aead_encrypt(buffer_t *, cipher_ctx_t *, size_t);
+int aead_decrypt(buffer_t *, cipher_ctx_t *, size_t);
+
+void aead_ctx_init(cipher_t *, cipher_ctx_t *, int);
+void aead_ctx_release(cipher_ctx_t *);
+
+cipher_t *aead_init(const char *pass, const char *key, const char *method);
+
+#endif // _AEAD_H
diff --git a/client/3rd/ShadowSocks/ShadowSocks/shadowsocks-libev/src/android.c b/client/3rd/ShadowSocks/ShadowSocks/shadowsocks-libev/src/android.c
new file mode 100644
index 00000000..30afcaf9
--- /dev/null
+++ b/client/3rd/ShadowSocks/ShadowSocks/shadowsocks-libev/src/android.c
@@ -0,0 +1,138 @@
+/*
+ * android.c - Setup IPC for shadowsocks-android
+ *
+ * Copyright (C) 2013 - 2019, Max Lv <max.c.lv@gmail.com>
+ *
+ * This file is part of the shadowsocks-libev.
+ *
+ * shadowsocks-libev is free software; you can redistribute it and/or modify
+ * it under the terms of the GNU General Public License as published by
+ * the Free Software Foundation; either version 3 of the License, or
+ * (at your option) any later version.
+ *
+ * shadowsocks-libev is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+ * GNU General Public License for more details.
+ *
+ * You should have received a copy of the GNU General Public License
+ * along with shadowsocks-libev; see the file COPYING. If not, see
+ * <http://www.gnu.org/licenses/>.
+ */
+
+#include <sys/stat.h>
+#include <sys/types.h>
+#include <fcntl.h>
+#include <locale.h>
+#include <signal.h>
+#include <string.h>
+#include <strings.h>
+#include <unistd.h>
+
+#include <errno.h>
+#include <arpa/inet.h>
+#include <netdb.h>
+#include <netinet/in.h>
+#include <netinet/tcp.h>
+
+#include <sys/un.h>
+//#include <ancillary.h>
+
+#ifdef HAVE_CONFIG_H
+#include "config.h"
+#endif
+
+#include "netutils.h"
+#include "utils.h"
+
+int
+protect_socket(int fd)
+{
+    int sock;
+    struct sockaddr_un addr;
+
+    if ((sock = socket(AF_UNIX, SOCK_STREAM, 0)) == -1) {
+        LOGE("[android] socket() failed: %s (socket fd = %d)\n", strerror(errno), sock);
+        return -1;
+    }
+
+    // Set timeout to 3s
+    struct timeval tv;
+    tv.tv_sec  = 3;
+    tv.tv_usec = 0;
+    setsockopt(sock, SOL_SOCKET, SO_RCVTIMEO, (char *)&tv, sizeof(struct timeval));
+    setsockopt(sock, SOL_SOCKET, SO_SNDTIMEO, (char *)&tv, sizeof(struct timeval));
+
+    memset(&addr, 0, sizeof(addr));
+    addr.sun_family = AF_UNIX;
+    strncpy(addr.sun_path, "protect_path", sizeof(addr.sun_path) - 1);
+
+    if (connect(sock, (struct sockaddr *)&addr, sizeof(addr)) == -1) {
+        LOGE("[android] connect() failed for protect_path: %s (socket fd = %d)\n",
+             strerror(errno), sock);
+        close(sock);
+        return -1;
+    }
+
+    if (ancil_send_fd(sock, fd)) {
+        ERROR("[android] ancil_send_fd");
+        close(sock);
+        return -1;
+    }
+
+    char ret = 0;
+
+    if (recv(sock, &ret, 1, 0) == -1) {
+        ERROR("[android] recv");
+        close(sock);
+        return -1;
+    }
+
+    close(sock);
+    return ret;
+}
+
+extern char *stat_path;
+
+int
+send_traffic_stat(uint64_t tx, uint64_t rx)
+{
+    if (!stat_path)
+        return 0;
+    int sock;
+    struct sockaddr_un addr;
+
+    if ((sock = socket(AF_UNIX, SOCK_STREAM, 0)) == -1) {
+        LOGE("[android] socket() failed: %s (socket fd = %d)\n", strerror(errno), sock);
+        return -1;
+    }
+
+    // Set timeout to 1s
+    struct timeval tv;
+    tv.tv_sec  = 1;
+    tv.tv_usec = 0;
+    setsockopt(sock, SOL_SOCKET, SO_RCVTIMEO, (char *)&tv, sizeof(struct timeval));
+    setsockopt(sock, SOL_SOCKET, SO_SNDTIMEO, (char *)&tv, sizeof(struct timeval));
+
+    memset(&addr, 0, sizeof(addr));
+    addr.sun_family = AF_UNIX;
+    strncpy(addr.sun_path, stat_path, sizeof(addr.sun_path) - 1);
+
+    if (connect(sock, (struct sockaddr *)&addr, sizeof(addr)) == -1) {
+        LOGE("[android] connect() failed for stat_path: %s (socket fd = %d)\n",
+             strerror(errno), sock);
+        close(sock);
+        return -1;
+    }
+
+    uint64_t stat[2] = { tx, rx };
+
+    if (send(sock, stat, sizeof(stat), 0) == -1) {
+        ERROR("[android] send");
+        close(sock);
+        return -1;
+    }
+
+    close(sock);
+    return 0;
+}
diff --git a/client/3rd/ShadowSocks/ShadowSocks/shadowsocks-libev/src/base64.c b/client/3rd/ShadowSocks/ShadowSocks/shadowsocks-libev/src/base64.c
new file mode 100644
index 00000000..e1147fa4
--- /dev/null
+++ b/client/3rd/ShadowSocks/ShadowSocks/shadowsocks-libev/src/base64.c
@@ -0,0 +1,106 @@
+/*
+ * Copyright (c) 2006 Ryan Martell. (rdm4@martellventures.com)
+ *
+ * This file is part of FFmpeg.
+ *
+ * FFmpeg is free software; you can redistribute it and/or
+ * modify it under the terms of the GNU Lesser General Public
+ * License as published by the Free Software Foundation; either
+ * version 2.1 of the License, or (at your option) any later version.
+ *
+ * FFmpeg is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU
+ * Lesser General Public License for more details.
+ *
+ * You should have received a copy of the GNU Lesser General Public
+ * License along with FFmpeg; if not, write to the Free Software
+ * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA
+ */
+
+/**
+ * @file
+ * @brief Base64 encode/decode
+ * @author Ryan Martell <rdm4@martellventures.com> (with lots of Michael)
+ */
+
+#ifdef HAVE_CONFIG_H
+#include "config.h"
+#endif
+
+#include <limits.h>
+#include <stddef.h>
+
+#include "base64.h"
+
+/* ---------------- private code */
+static const uint8_t map2[] =
+{
+    0xff, 0xff, 0x3e, 0xff, 0xff, 0x34, 0x35, 0x36,
+    0x37, 0x38, 0x39, 0x3a, 0x3b, 0x3c, 0x3d, 0xff,
+    0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0x00, 0x01,
+    0x02, 0x03, 0x04, 0x05, 0x06, 0x07, 0x08, 0x09,
+    0x0a, 0x0b, 0x0c, 0x0d, 0x0e, 0x0f, 0x10, 0x11,
+    0x12, 0x13, 0x14, 0x15, 0x16, 0x17, 0x18, 0x19,
+    0xff, 0xff, 0xff, 0xff, 0x3f, 0xff, 0x1a, 0x1b,
+    0x1c, 0x1d, 0x1e, 0x1f, 0x20, 0x21, 0x22, 0x23,
+    0x24, 0x25, 0x26, 0x27, 0x28, 0x29, 0x2a, 0x2b,
+    0x2c, 0x2d, 0x2e, 0x2f, 0x30, 0x31, 0x32, 0x33
+};
+
+int base64_decode(uint8_t *out, const char *in, int out_size)
+{
+    int i, v;
+    uint8_t *dst = out;
+
+    v = 0;
+    for (i = 0; in[i] && in[i] != '='; i++) {
+        unsigned int index = in[i] - 43;
+        if (index >= sizeof(map2) || map2[index] == 0xff)
+            return -1;
+        v = (v << 6) + map2[index];
+        if (i & 3) {
+            if (dst - out < out_size) {
+                *dst++ = v >> (6 - 2 * (i & 3));
+            }
+        }
+    }
+
+    return dst - out;
+}
+
+/*****************************************************************************
+* b64_encode: Stolen from VLC's http.c.
+* Simplified by Michael.
+* Fixed edge cases and made it work from data (vs. strings) by Ryan.
+*****************************************************************************/
+
+char *base64_encode(char *out, int out_size, const uint8_t *in, int in_size)
+{
+    static const char b64[] =
+        "ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123456789-_";
+    char *ret, *dst;
+    unsigned i_bits = 0;
+    int i_shift = 0;
+    int bytes_remaining = in_size;
+
+    if (in_size >= UINT_MAX / 4 ||
+        out_size < BASE64_SIZE(in_size))
+        return NULL;
+    ret = dst = out;
+    while (bytes_remaining) {
+        i_bits = (i_bits << 8) + *in++;
+        bytes_remaining--;
+        i_shift += 8;
+
+        do {
+            *dst++ = b64[(i_bits << 6 >> i_shift) & 0x3f];
+            i_shift -= 6;
+        } while (i_shift > 6 || (bytes_remaining == 0 && i_shift > 0));
+    }
+    while ((dst - ret) & 3)
+        *dst++ = '=';
+    *dst = '\0';
+
+    return ret;
+}
diff --git a/client/3rd/ShadowSocks/ShadowSocks/shadowsocks-libev/src/base64.h b/client/3rd/ShadowSocks/ShadowSocks/shadowsocks-libev/src/base64.h
new file mode 100644
index 00000000..01bcda57
--- /dev/null
+++ b/client/3rd/ShadowSocks/ShadowSocks/shadowsocks-libev/src/base64.h
@@ -0,0 +1,54 @@
+/*
+ * Copyright (c) 2006 Ryan Martell. (rdm4@martellventures.com)
+ *
+ * This file is part of FFmpeg.
+ *
+ * FFmpeg is free software; you can redistribute it and/or
+ * modify it under the terms of the GNU Lesser General Public
+ * License as published by the Free Software Foundation; either
+ * version 2.1 of the License, or (at your option) any later version.
+ *
+ * FFmpeg is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU
+ * Lesser General Public License for more details.
+ *
+ * You should have received a copy of the GNU Lesser General Public
+ * License along with FFmpeg; if not, write to the Free Software
+ * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA
+ */
+
+#ifndef BASE64_H
+#define BASE64_H
+
+#include <stdint.h>
+
+/**
+ * Decode a base64-encoded string.
+ *
+ * @param out      buffer for decoded data
+ * @param in       null-terminated input string
+ * @param out_size size in bytes of the out buffer, must be at
+ *                 least 3/4 of the length of in
+ * @return         number of bytes written, or a negative value in case of
+ *                 invalid input
+ */
+int base64_decode(uint8_t *out, const char *in, int out_size);
+
+/**
+ * Encode data to base64 and null-terminate.
+ *
+ * @param out      buffer for encoded data
+ * @param out_size size in bytes of the output buffer, must be at
+ *                 least BASE64_SIZE(in_size)
+ * @param in_size  size in bytes of the 'in' buffer
+ * @return         'out' or NULL in case of error
+ */
+char *base64_encode(char *out, int out_size, const uint8_t *in, int in_size);
+
+/**
+ * Calculate the output size needed to base64-encode x bytes.
+ */
+#define BASE64_SIZE(x)  (((x)+2) / 3 * 4 + 1)
+
+#endif /* BASE64_H */
diff --git a/client/3rd/ShadowSocks/ShadowSocks/shadowsocks-libev/src/cache.c b/client/3rd/ShadowSocks/ShadowSocks/shadowsocks-libev/src/cache.c
new file mode 100644
index 00000000..3fdf51da
--- /dev/null
+++ b/client/3rd/ShadowSocks/ShadowSocks/shadowsocks-libev/src/cache.c
@@ -0,0 +1,306 @@
+/*
+ * cache.c - Manage the connection cache for UDPRELAY
+ *
+ * Copyright (C) 2013 - 2019, Max Lv <max.c.lv@gmail.com>
+ *
+ * This file is part of the shadowsocks-libev.
+ *
+ * shadowsocks-libev is free software; you can redistribute it and/or modify
+ * it under the terms of the GNU General Public License as published by
+ * the Free Software Foundation; either version 3 of the License, or
+ * (at your option) any later version.
+ *
+ * shadowsocks-libev is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+ * GNU General Public License for more details.
+ *
+ * You should have received a copy of the GNU General Public License
+ * along with shadowsocks-libev; see the file COPYING. If not, see
+ * <http://www.gnu.org/licenses/>.
+ */
+
+/*
+ * Original Author:  Oliver Lorenz (ol), olli@olorenz.org, https://olorenz.org
+ * License:  This is licensed under the same terms as uthash itself
+ */
+
+#ifdef HAVE_CONFIG_H
+#include "config.h"
+#endif
+
+#include <errno.h>
+#include <stdlib.h>
+
+#include "cache.h"
+#include "utils.h"
+
+/** Creates a new cache object
+ *
+ *  @param dst
+ *  Where the newly allocated cache object will be stored in
+ *
+ *  @param capacity
+ *  The maximum number of elements this cache object can hold
+ *
+ *  @return EINVAL if dst is NULL, ENOMEM if malloc fails, 0 otherwise
+ */
+int
+cache_create(struct cache **dst, const size_t capacity,
+             void (*free_cb)(void *key, void *element))
+{
+    struct cache *new = NULL;
+
+    if (!dst) {
+        return EINVAL;
+    }
+
+    if ((new = malloc(sizeof(*new))) == NULL) {
+        return ENOMEM;
+    }
+
+    new->max_entries = capacity;
+    new->entries     = NULL;
+    new->free_cb     = free_cb;
+    *dst             = new;
+    return 0;
+}
+
+/** Frees an allocated cache object
+ *
+ *  @param cache
+ *  The cache object to free
+ *
+ *  @param keep_data
+ *  Whether to free contained data or just delete references to it
+ *
+ *  @return EINVAL if cache is NULL, 0 otherwise
+ */
+int
+cache_delete(struct cache *cache, int keep_data)
+{
+    struct cache_entry *entry, *tmp;
+
+    if (!cache) {
+        return EINVAL;
+    }
+
+    if (keep_data) {
+        HASH_CLEAR(hh, cache->entries);
+    } else {
+        HASH_ITER(hh, cache->entries, entry, tmp){
+            HASH_DEL(cache->entries, entry);
+            if (entry->data != NULL) {
+                if (cache->free_cb) {
+                    cache->free_cb(entry->key, entry->data);
+                } else {
+                    ss_free(entry->data);
+                }
+            }
+            ss_free(entry->key);
+            ss_free(entry);
+        }
+    }
+
+    ss_free(cache);
+    return 0;
+}
+
+/** Clear old cache object
+ *
+ *  @param cache
+ *  The cache object to clear
+ *
+ *  @param age
+ *  Clear only objects older than the age (sec)
+ *
+ *  @return EINVAL if cache is NULL, 0 otherwise
+ */
+int
+cache_clear(struct cache *cache, ev_tstamp age)
+{
+    struct cache_entry *entry, *tmp;
+
+    if (!cache) {
+        return EINVAL;
+    }
+
+    ev_tstamp now = ev_time();
+
+    HASH_ITER(hh, cache->entries, entry, tmp){
+        if (now - entry->ts > age) {
+            HASH_DEL(cache->entries, entry);
+            if (entry->data != NULL) {
+                if (cache->free_cb) {
+                    cache->free_cb(entry->key, entry->data);
+                } else {
+                    ss_free(entry->data);
+                }
+            }
+            ss_free(entry->key);
+            ss_free(entry);
+        }
+    }
+
+    return 0;
+}
+
+/** Removes a cache entry
+ *
+ *  @param cache
+ *  The cache object
+ *
+ *  @param key
+ *  The key of the entry to remove
+ *
+ *  @param key_len
+ *  The length of key
+ *
+ *  @return EINVAL if cache is NULL, 0 otherwise
+ */
+int
+cache_remove(struct cache *cache, char *key, size_t key_len)
+{
+    struct cache_entry *tmp;
+
+    if (!cache || !key) {
+        return EINVAL;
+    }
+
+    HASH_FIND(hh, cache->entries, key, key_len, tmp);
+
+    if (tmp) {
+        HASH_DEL(cache->entries, tmp);
+        if (tmp->data != NULL) {
+            if (cache->free_cb) {
+                cache->free_cb(tmp->key, tmp->data);
+            } else {
+                ss_free(tmp->data);
+            }
+        }
+        ss_free(tmp->key);
+        ss_free(tmp);
+    }
+
+    return 0;
+}
+
+/** Checks if a given key is in the cache
+ *
+ *  @param cache
+ *  The cache object
+ *
+ *  @param key
+ *  The key to look-up
+ *
+ *  @param key_len
+ *  The length of key
+ *
+ *  @param result
+ *  Where to store the result if key is found.
+ *
+ *  A warning: Even though result is just a pointer,
+ *  you have to call this function with a **ptr,
+ *  otherwise this will blow up in your face.
+ *
+ *  @return EINVAL if cache is NULL, 0 otherwise
+ */
+int
+cache_lookup(struct cache *cache, char *key, size_t key_len, void *result)
+{
+    struct cache_entry *tmp = NULL;
+    char **dirty_hack       = result;
+
+    if (!cache || !key || !result) {
+        return EINVAL;
+    }
+
+    HASH_FIND(hh, cache->entries, key, key_len, tmp);
+    if (tmp) {
+        HASH_DELETE(hh, cache->entries, tmp);
+        tmp->ts = ev_time();
+        HASH_ADD_KEYPTR(hh, cache->entries, tmp->key, key_len, tmp);
+        *dirty_hack = tmp->data;
+    } else {
+        *dirty_hack = result = NULL;
+    }
+
+    return 0;
+}
+
+int
+cache_key_exist(struct cache *cache, char *key, size_t key_len)
+{
+    struct cache_entry *tmp = NULL;
+
+    if (!cache || !key) {
+        return 0;
+    }
+
+    HASH_FIND(hh, cache->entries, key, key_len, tmp);
+    if (tmp) {
+        HASH_DELETE(hh, cache->entries, tmp);
+        tmp->ts = ev_time();
+        HASH_ADD_KEYPTR(hh, cache->entries, tmp->key, key_len, tmp);
+        return 1;
+    }
+
+    return 0;
+}
+
+/** Inserts a given <key, value> pair into the cache
+ *
+ *  @param cache
+ *  The cache object
+ *
+ *  @param key
+ *  The key that identifies <value>
+ *
+ *  @param key_len
+ *  The length of key
+ *
+ *  @param data
+ *  Data associated with <key>
+ *
+ *  @return EINVAL if cache is NULL, ENOMEM if malloc fails, 0 otherwise
+ */
+int
+cache_insert(struct cache *cache, char *key, size_t key_len, void *data)
+{
+    struct cache_entry *entry     = NULL;
+    struct cache_entry *tmp_entry = NULL;
+
+    if (!cache) {
+        return EINVAL;
+    }
+
+    if ((entry = malloc(sizeof(*entry))) == NULL) {
+        return ENOMEM;
+    }
+
+    entry->key = ss_malloc(key_len + 1);
+    memcpy(entry->key, key, key_len);
+    entry->key[key_len] = 0;
+
+    entry->data = data;
+    entry->ts   = ev_time();
+    HASH_ADD_KEYPTR(hh, cache->entries, entry->key, key_len, entry);
+
+    if (HASH_COUNT(cache->entries) >= cache->max_entries) {
+        HASH_ITER(hh, cache->entries, entry, tmp_entry){
+            HASH_DELETE(hh, cache->entries, entry);
+            if (entry->data != NULL) {
+                if (cache->free_cb) {
+                    cache->free_cb(entry->key, entry->data);
+                } else {
+                    ss_free(entry->data);
+                }
+            }
+            ss_free(entry->key);
+            ss_free(entry);
+            break;
+        }
+    }
+
+    return 0;
+}
diff --git a/client/3rd/ShadowSocks/ShadowSocks/shadowsocks-libev/src/cache.h b/client/3rd/ShadowSocks/ShadowSocks/shadowsocks-libev/src/cache.h
new file mode 100644
index 00000000..7ca8b3be
--- /dev/null
+++ b/client/3rd/ShadowSocks/ShadowSocks/shadowsocks-libev/src/cache.h
@@ -0,0 +1,67 @@
+/*
+ * cache.h - Define the cache manager interface
+ *
+ * Copyright (C) 2013 - 2019, Max Lv <max.c.lv@gmail.com>
+ *
+ * This file is part of the shadowsocks-libev.
+ *
+ * shadowsocks-libev is free software; you can redistribute it and/or modify
+ * it under the terms of the GNU General Public License as published by
+ * the Free Software Foundation; either version 3 of the License, or
+ * (at your option) any later version.
+ *
+ * shadowsocks-libev is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+ * GNU General Public License for more details.
+ *
+ * You should have received a copy of the GNU General Public License
+ * along with shadowsocks-libev; see the file COPYING. If not, see
+ * <http://www.gnu.org/licenses/>.
+ */
+
+/*
+ * Original Author:  Oliver Lorenz (ol), olli@olorenz.org, https://olorenz.org
+ * License:  This is licensed under the same terms as uthash itself
+ */
+
+#ifndef _CACHE_
+#define _CACHE_
+
+#include "uthash.h"
+
+#ifdef HAVE_LIBEV_EV_H
+#include <libev/ev.h>
+#else
+#include <ev.h>
+#endif
+
+/**
+ * A cache entry
+ */
+struct cache_entry {
+    char *key;         /**<The key */
+    void *data;        /**<Payload */
+    ev_tstamp ts;    /**<Timestamp */
+    UT_hash_handle hh; /**<Hash Handle for uthash */
+};
+
+/**
+ * A cache object
+ */
+struct cache {
+    size_t max_entries;              /**<Amount of entries this cache object can hold */
+    struct cache_entry *entries;     /**<Head pointer for uthash */
+    void (*free_cb)(void *key, void *element);  /**<Callback function to free cache entries */
+};
+
+int cache_create(struct cache **dst, const size_t capacity,
+                 void (*free_cb)(void *key, void *element));
+int cache_delete(struct cache *cache, int keep_data);
+int cache_clear(struct cache *cache, ev_tstamp age);
+int cache_lookup(struct cache *cache, char *key, size_t key_len, void *result);
+int cache_insert(struct cache *cache, char *key, size_t key_len, void *data);
+int cache_remove(struct cache *cache, char *key, size_t key_len);
+int cache_key_exist(struct cache *cache, char *key, size_t key_len);
+
+#endif
diff --git a/client/3rd/ShadowSocks/ShadowSocks/shadowsocks-libev/src/common.h b/client/3rd/ShadowSocks/ShadowSocks/shadowsocks-libev/src/common.h
new file mode 100644
index 00000000..14f1d8db
--- /dev/null
+++ b/client/3rd/ShadowSocks/ShadowSocks/shadowsocks-libev/src/common.h
@@ -0,0 +1,76 @@
+/*
+ * common.h - Provide global definitions
+ *
+ * Copyright (C) 2013 - 2019, Max Lv <max.c.lv@gmail.com>
+ *
+ * This file is part of the shadowsocks-libev.
+ * shadowsocks-libev is free software; you can redistribute it and/or modify
+ * it under the terms of the GNU General Public License as published by
+ * the Free Software Foundation; either version 3 of the License, or
+ * (at your option) any later version.
+ *
+ * shadowsocks-libev is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+ * GNU General Public License for more details.
+ *
+ * You should have received a copy of the GNU General Public License
+ * along with shadowsocks-libev; see the file COPYING. If not, see
+ * <http://www.gnu.org/licenses/>.
+ */
+
+#ifndef _COMMON_H
+#define _COMMON_H
+
+#ifndef SOL_TCP
+#define SOL_TCP IPPROTO_TCP
+#endif
+
+#if defined(MODULE_TUNNEL) || defined(MODULE_REDIR)
+#define MODULE_LOCAL
+#endif
+
+#include "crypto.h"
+
+int init_udprelay(const char *server_host, const char *server_port,
+#ifdef MODULE_LOCAL
+                  const struct sockaddr *remote_addr, const int remote_addr_len,
+#ifdef MODULE_TUNNEL
+                  const ss_addr_t tunnel_addr,
+#endif
+#endif
+                  int mtu, crypto_t *crypto, int timeout, const char *iface);
+
+void free_udprelay(void);
+
+#ifdef __ANDROID__
+int protect_socket(int fd);
+int send_traffic_stat(uint64_t tx, uint64_t rx);
+#endif
+
+#define STAGE_ERROR     -1  /* Error detected                   */
+#define STAGE_INIT       0  /* Initial stage                    */
+#define STAGE_HANDSHAKE  1  /* Handshake with client            */
+#define STAGE_RESOLVE    4  /* Resolve the hostname             */
+#define STAGE_STREAM     5  /* Stream between client and server */
+#define STAGE_STOP       6  /* Server stop to response          */
+
+/* Vals for long options */
+enum {
+    GETOPT_VAL_HELP = 257,
+    GETOPT_VAL_REUSE_PORT,
+    GETOPT_VAL_FAST_OPEN,
+    GETOPT_VAL_NODELAY,
+    GETOPT_VAL_ACL,
+    GETOPT_VAL_MTU,
+    GETOPT_VAL_MPTCP,
+    GETOPT_VAL_PLUGIN,
+    GETOPT_VAL_PLUGIN_OPTS,
+    GETOPT_VAL_PASSWORD,
+    GETOPT_VAL_KEY,
+    GETOPT_VAL_MANAGER_ADDRESS,
+    GETOPT_VAL_EXECUTABLE,
+    GETOPT_VAL_WORKDIR,
+};
+
+#endif // _COMMON_H
diff --git a/client/3rd/ShadowSocks/ShadowSocks/shadowsocks-libev/src/crypto.c b/client/3rd/ShadowSocks/ShadowSocks/shadowsocks-libev/src/crypto.c
new file mode 100644
index 00000000..b44d8674
--- /dev/null
+++ b/client/3rd/ShadowSocks/ShadowSocks/shadowsocks-libev/src/crypto.c
@@ -0,0 +1,393 @@
+/*
+ * crypto.c - Manage the global crypto
+ *
+ * Copyright (C) 2013 - 2019, Max Lv <max.c.lv@gmail.com>
+ *
+ * This file is part of the shadowsocks-libev.
+ *
+ * shadowsocks-libev is free software; you can redistribute it and/or modify
+ * it under the terms of the GNU General Public License as published by
+ * the Free Software Foundation; either version 3 of the License, or
+ * (at your option) any later version.
+ *
+ * shadowsocks-libev is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+ * GNU General Public License for more details.
+ *
+ * You should have received a copy of the GNU General Public License
+ * along with shadowsocks-libev; see the file COPYING. If not, see
+ * <http://www.gnu.org/licenses/>.
+ */
+
+#ifdef HAVE_CONFIG_H
+#include "config.h"
+#endif
+
+#if defined(__linux__) && defined(HAVE_LINUX_RANDOM_H)
+#include <fcntl.h>
+#include <unistd.h>
+#include <sys/ioctl.h>
+#include <linux/random.h>
+#endif
+
+#include <stdint.h>
+#include <sodium.h>
+#include <mbedtls/version.h>
+#include <mbedtls/md5.h>
+
+#include "base64.h"
+#include "crypto.h"
+#include "stream.h"
+#include "aead.h"
+#include "utils.h"
+#include "ppbloom.h"
+
+int
+balloc(buffer_t *ptr, size_t capacity)
+{
+    sodium_memzero(ptr, sizeof(buffer_t));
+    ptr->data     = ss_malloc(capacity);
+    ptr->capacity = capacity;
+    return capacity;
+}
+
+int
+brealloc(buffer_t *ptr, size_t len, size_t capacity)
+{
+    if (ptr == NULL)
+        return -1;
+    size_t real_capacity = max(len, capacity);
+    if (ptr->capacity < real_capacity) {
+        ptr->data     = ss_realloc(ptr->data, real_capacity);
+        ptr->capacity = real_capacity;
+    }
+    return real_capacity;
+}
+
+void
+bfree(buffer_t *ptr)
+{
+    if (ptr == NULL)
+        return;
+    ptr->idx      = 0;
+    ptr->len      = 0;
+    ptr->capacity = 0;
+    if (ptr->data != NULL) {
+        ss_free(ptr->data);
+    }
+}
+
+int
+bprepend(buffer_t *dst, buffer_t *src, size_t capacity)
+{
+    brealloc(dst, dst->len + src->len, capacity);
+    memmove(dst->data + src->len, dst->data, dst->len);
+    memcpy(dst->data, src->data, src->len);
+    dst->len = dst->len + src->len;
+    return dst->len;
+}
+
+int
+rand_bytes(void *output, int len)
+{
+    randombytes_buf(output, len);
+    // always return success
+    return 0;
+}
+
+unsigned char *
+crypto_md5(const unsigned char *d, size_t n, unsigned char *md)
+{
+    static unsigned char m[16];
+    if (md == NULL) {
+        md = m;
+    }
+#if MBEDTLS_VERSION_NUMBER >= 0x02070000
+    if (mbedtls_md5_ret(d, n, md) != 0)
+        FATAL("Failed to calculate MD5");
+#else
+    mbedtls_md5(d, n, md);
+#endif
+    return md;
+}
+
+static void
+entropy_check(void)
+{
+#if defined(__linux__) && defined(HAVE_LINUX_RANDOM_H) && defined(RNDGETENTCNT)
+    int fd;
+    int c;
+
+    if ((fd = open("/dev/random", O_RDONLY)) != -1) {
+        if (ioctl(fd, RNDGETENTCNT, &c) == 0 && c < 160) {
+            LOGI("This system doesn't provide enough entropy to quickly generate high-quality random numbers.\n"
+                 "Installing the rng-utils/rng-tools, jitterentropy or haveged packages may help.\n"
+                 "On virtualized Linux environments, also consider using virtio-rng.\n"
+                 "The service will not start until enough entropy has been collected.\n");
+        }
+        close(fd);
+    }
+#endif
+}
+
+crypto_t *
+crypto_init(const char *password, const char *key, const char *method)
+{
+    int i, m = -1;
+
+    entropy_check();
+    // Initialize sodium for random generator
+    if (sodium_init() == -1) {
+        FATAL("Failed to initialize sodium");
+    }
+
+    // Initialize NONCE bloom filter
+#ifdef MODULE_REMOTE
+    ppbloom_init(BF_NUM_ENTRIES_FOR_SERVER, BF_ERROR_RATE_FOR_SERVER);
+#else
+    ppbloom_init(BF_NUM_ENTRIES_FOR_CLIENT, BF_ERROR_RATE_FOR_CLIENT);
+#endif
+
+    if (method != NULL) {
+        for (i = 0; i < STREAM_CIPHER_NUM; i++)
+            if (strcmp(method, supported_stream_ciphers[i]) == 0) {
+                m = i;
+                break;
+            }
+        if (m != -1) {
+            LOGI("Stream ciphers are insecure, therefore deprecated, and should be almost always avoided.");
+            cipher_t *cipher = stream_init(password, key, method);
+            if (cipher == NULL)
+                return NULL;
+            crypto_t *crypto = (crypto_t *)ss_malloc(sizeof(crypto_t));
+            crypto_t tmp     = {
+                .cipher      = cipher,
+                .encrypt_all = &stream_encrypt_all,
+                .decrypt_all = &stream_decrypt_all,
+                .encrypt     = &stream_encrypt,
+                .decrypt     = &stream_decrypt,
+                .ctx_init    = &stream_ctx_init,
+                .ctx_release = &stream_ctx_release,
+            };
+            memcpy(crypto, &tmp, sizeof(crypto_t));
+            return crypto;
+        }
+
+        for (i = 0; i < AEAD_CIPHER_NUM; i++)
+            if (strcmp(method, supported_aead_ciphers[i]) == 0) {
+                m = i;
+                break;
+            }
+        if (m != -1) {
+            cipher_t *cipher = aead_init(password, key, method);
+            if (cipher == NULL)
+                return NULL;
+            crypto_t *crypto = (crypto_t *)ss_malloc(sizeof(crypto_t));
+            crypto_t tmp     = {
+                .cipher      = cipher,
+                .encrypt_all = &aead_encrypt_all,
+                .decrypt_all = &aead_decrypt_all,
+                .encrypt     = &aead_encrypt,
+                .decrypt     = &aead_decrypt,
+                .ctx_init    = &aead_ctx_init,
+                .ctx_release = &aead_ctx_release,
+            };
+            memcpy(crypto, &tmp, sizeof(crypto_t));
+            return crypto;
+        }
+    }
+
+    LOGE("invalid cipher name: %s", method);
+    return NULL;
+}
+
+int
+crypto_derive_key(const char *pass, uint8_t *key, size_t key_len)
+{
+    size_t datal;
+    datal = strlen((const char *)pass);
+
+    const digest_type_t *md = mbedtls_md_info_from_string("MD5");
+    if (md == NULL) {
+        FATAL("MD5 Digest not found in crypto library");
+    }
+
+    mbedtls_md_context_t c;
+    unsigned char md_buf[MAX_MD_SIZE];
+    int addmd;
+    unsigned int i, j, mds;
+
+    mds = mbedtls_md_get_size(md);
+    memset(&c, 0, sizeof(mbedtls_md_context_t));
+
+    if (pass == NULL)
+        return key_len;
+    if (mbedtls_md_setup(&c, md, 0))
+        return 0;
+
+    for (j = 0, addmd = 0; j < key_len; addmd++) {
+        mbedtls_md_starts(&c);
+        if (addmd) {
+            mbedtls_md_update(&c, md_buf, mds);
+        }
+        mbedtls_md_update(&c, (uint8_t *)pass, datal);
+        mbedtls_md_finish(&c, &(md_buf[0]));
+
+        for (i = 0; i < mds; i++, j++) {
+            if (j >= key_len)
+                break;
+            key[j] = md_buf[i];
+        }
+    }
+
+    mbedtls_md_free(&c);
+    return key_len;
+}
+
+/* HKDF-Extract + HKDF-Expand */
+int
+crypto_hkdf(const mbedtls_md_info_t *md, const unsigned char *salt,
+            int salt_len, const unsigned char *ikm, int ikm_len,
+            const unsigned char *info, int info_len, unsigned char *okm,
+            int okm_len)
+{
+    unsigned char prk[MBEDTLS_MD_MAX_SIZE];
+
+    return crypto_hkdf_extract(md, salt, salt_len, ikm, ikm_len, prk) ||
+           crypto_hkdf_expand(md, prk, mbedtls_md_get_size(md), info, info_len,
+                              okm, okm_len);
+}
+
+/* HKDF-Extract(salt, IKM) -> PRK */
+int
+crypto_hkdf_extract(const mbedtls_md_info_t *md, const unsigned char *salt,
+                    int salt_len, const unsigned char *ikm, int ikm_len,
+                    unsigned char *prk)
+{
+    int hash_len;
+    unsigned char null_salt[MBEDTLS_MD_MAX_SIZE] = { '\0' };
+
+    if (salt_len < 0) {
+        return CRYPTO_ERROR;
+    }
+
+    hash_len = mbedtls_md_get_size(md);
+
+    if (salt == NULL) {
+        salt     = null_salt;
+        salt_len = hash_len;
+    }
+
+    return mbedtls_md_hmac(md, salt, salt_len, ikm, ikm_len, prk);
+}
+
+/* HKDF-Expand(PRK, info, L) -> OKM */
+int
+crypto_hkdf_expand(const mbedtls_md_info_t *md, const unsigned char *prk,
+                   int prk_len, const unsigned char *info, int info_len,
+                   unsigned char *okm, int okm_len)
+{
+    int hash_len;
+    int N;
+    int T_len = 0, where = 0, i, ret;
+    mbedtls_md_context_t ctx;
+    unsigned char T[MBEDTLS_MD_MAX_SIZE];
+
+    if (info_len < 0 || okm_len < 0 || okm == NULL) {
+        return CRYPTO_ERROR;
+    }
+
+    hash_len = mbedtls_md_get_size(md);
+
+    if (prk_len < hash_len) {
+        return CRYPTO_ERROR;
+    }
+
+    if (info == NULL) {
+        info = (const unsigned char *)"";
+    }
+
+    N = okm_len / hash_len;
+
+    if ((okm_len % hash_len) != 0) {
+        N++;
+    }
+
+    if (N > 255) {
+        return CRYPTO_ERROR;
+    }
+
+    mbedtls_md_init(&ctx);
+
+    if ((ret = mbedtls_md_setup(&ctx, md, 1)) != 0) {
+        mbedtls_md_free(&ctx);
+        return ret;
+    }
+
+    /* Section 2.3. */
+    for (i = 1; i <= N; i++) {
+        unsigned char c = i;
+
+        ret = mbedtls_md_hmac_starts(&ctx, prk, prk_len) ||
+              mbedtls_md_hmac_update(&ctx, T, T_len) ||
+              mbedtls_md_hmac_update(&ctx, info, info_len) ||
+              /* The constant concatenated to the end of each T(n) is a single
+               * octet. */
+              mbedtls_md_hmac_update(&ctx, &c, 1) ||
+              mbedtls_md_hmac_finish(&ctx, T);
+
+        if (ret != 0) {
+            mbedtls_md_free(&ctx);
+            return ret;
+        }
+
+        memcpy(okm + where, T, (i != N) ? hash_len : (okm_len - where));
+        where += hash_len;
+        T_len  = hash_len;
+    }
+
+    mbedtls_md_free(&ctx);
+
+    return 0;
+}
+
+int
+crypto_parse_key(const char *base64, uint8_t *key, size_t key_len)
+{
+    size_t base64_len = strlen(base64);
+    int out_len       = BASE64_SIZE(base64_len);
+    uint8_t out[out_len];
+
+    out_len = base64_decode(out, base64, out_len);
+    if (out_len > 0 && out_len >= key_len) {
+        memcpy(key, out, key_len);
+#ifdef SS_DEBUG
+        dump("KEY", (char *)key, key_len);
+#endif
+        return key_len;
+    }
+
+    out_len = BASE64_SIZE(key_len);
+    char out_key[out_len];
+    rand_bytes(key, key_len);
+    base64_encode(out_key, out_len, key, key_len);
+    LOGE("Invalid key for your chosen cipher!");
+    LOGE("It requires a " SIZE_FMT "-byte key encoded with URL-safe Base64", key_len);
+    LOGE("Generating a new random key: %s", out_key);
+    FATAL("Please use the key above or input a valid key");
+    return key_len;
+}
+
+#ifdef SS_DEBUG
+void
+dump(char *tag, char *text, int len)
+{
+    int i;
+    printf("%s: ", tag);
+    for (i = 0; i < len; i++)
+        printf("0x%02x ", (uint8_t)text[i]);
+    printf("\n");
+}
+
+#endif
diff --git a/client/3rd/ShadowSocks/ShadowSocks/shadowsocks-libev/src/crypto.h b/client/3rd/ShadowSocks/ShadowSocks/shadowsocks-libev/src/crypto.h
new file mode 100644
index 00000000..1791551f
--- /dev/null
+++ b/client/3rd/ShadowSocks/ShadowSocks/shadowsocks-libev/src/crypto.h
@@ -0,0 +1,160 @@
+/*
+ * crypto.h - Define the enryptor's interface
+ *
+ * Copyright (C) 2013 - 2019, Max Lv <max.c.lv@gmail.com>
+ *
+ * This file is part of the shadowsocks-libev.
+ *
+ * shadowsocks-libev is free software; you can redistribute it and/or modify
+ * it under the terms of the GNU General Public License as published by
+ * the Free Software Foundation; either version 3 of the License, or
+ * (at your option) any later version.
+ *
+ * shadowsocks-libev is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+ * GNU General Public License for more details.
+ *
+ * You should have recenonceed a copy of the GNU General Public License
+ * along with shadowsocks-libev; see the file COPYING. If not, see
+ * <http://www.gnu.org/licenses/>.
+ */
+
+#ifndef _CRYPTO_H
+#define _CRYPTO_H
+
+#ifndef __MINGW32__
+#include <sys/socket.h>
+#endif
+#include <string.h>
+#include <stdlib.h>
+#include <stdio.h>
+
+#ifdef HAVE_STDINT_H
+#include <stdint.h>
+#elif HAVE_INTTYPES_H
+#include <inttypes.h>
+#endif
+
+/* Definitions for libsodium */
+#include <sodium.h>
+typedef crypto_aead_aes256gcm_state aes256gcm_ctx;
+/* Definitions for mbedTLS */
+#include <mbedtls/cipher.h>
+#include <mbedtls/md.h>
+typedef mbedtls_cipher_info_t cipher_kt_t;
+typedef mbedtls_cipher_context_t cipher_evp_t;
+typedef mbedtls_md_info_t digest_type_t;
+#define MAX_KEY_LENGTH 64
+#define MAX_NONCE_LENGTH 32
+#define MAX_MD_SIZE MBEDTLS_MD_MAX_SIZE
+/* we must have MBEDTLS_CIPHER_MODE_CFB defined */
+#if !defined(MBEDTLS_CIPHER_MODE_CFB)
+#error Cipher Feedback mode a.k.a CFB not supported by your mbed TLS.
+#endif
+#ifndef MBEDTLS_GCM_C
+#error No GCM support detected
+#endif
+#ifdef crypto_aead_xchacha20poly1305_ietf_ABYTES
+#define FS_HAVE_XCHACHA20IETF
+#endif
+
+#define ADDRTYPE_MASK 0xF
+
+#define CRYPTO_ERROR     -2
+#define CRYPTO_NEED_MORE -1
+#define CRYPTO_OK         0
+
+#define min(a, b) (((a) < (b)) ? (a) : (b))
+#define max(a, b) (((a) > (b)) ? (a) : (b))
+
+#define SUBKEY_INFO "ss-subkey"
+#define IV_INFO "ss-iv"
+
+#ifndef BF_NUM_ENTRIES_FOR_SERVER
+#define BF_NUM_ENTRIES_FOR_SERVER 1e6
+#endif
+
+#ifndef BF_NUM_ENTRIES_FOR_CLIENT
+#define BF_NUM_ENTRIES_FOR_CLIENT 1e4
+#endif
+
+#ifndef BF_ERROR_RATE_FOR_SERVER
+#define BF_ERROR_RATE_FOR_SERVER 1e-10
+#endif
+
+#ifndef BF_ERROR_RATE_FOR_CLIENT
+#define BF_ERROR_RATE_FOR_CLIENT 1e-15
+#endif
+
+typedef struct buffer {
+    size_t idx;
+    size_t len;
+    size_t capacity;
+    char   *data;
+} buffer_t;
+
+typedef struct {
+    int method;
+    int skey;
+    cipher_kt_t *info;
+    size_t nonce_len;
+    size_t key_len;
+    size_t tag_len;
+    uint8_t key[MAX_KEY_LENGTH];
+} cipher_t;
+
+typedef struct {
+    uint32_t init;
+    uint64_t counter;
+    cipher_evp_t *evp;
+    aes256gcm_ctx *aes256gcm_ctx;
+    cipher_t *cipher;
+    buffer_t *chunk;
+    uint8_t salt[MAX_KEY_LENGTH];
+    uint8_t skey[MAX_KEY_LENGTH];
+    uint8_t nonce[MAX_NONCE_LENGTH];
+} cipher_ctx_t;
+
+typedef struct crypto {
+    cipher_t *cipher;
+
+    int(*const encrypt_all) (buffer_t *, cipher_t *, size_t);
+    int(*const decrypt_all) (buffer_t *, cipher_t *, size_t);
+    int(*const encrypt) (buffer_t *, cipher_ctx_t *, size_t);
+    int(*const decrypt) (buffer_t *, cipher_ctx_t *, size_t);
+
+    void(*const ctx_init) (cipher_t *, cipher_ctx_t *, int);
+    void(*const ctx_release) (cipher_ctx_t *);
+} crypto_t;
+
+int balloc(buffer_t *, size_t);
+int brealloc(buffer_t *, size_t, size_t);
+int bprepend(buffer_t *, buffer_t *, size_t);
+void bfree(buffer_t *);
+int rand_bytes(void *, int);
+
+crypto_t *crypto_init(const char *, const char *, const char *);
+unsigned char *crypto_md5(const unsigned char *, size_t, unsigned char *);
+
+int crypto_derive_key(const char *, uint8_t *, size_t);
+int crypto_parse_key(const char *, uint8_t *, size_t);
+int crypto_hkdf(const mbedtls_md_info_t *md, const unsigned char *salt,
+                int salt_len, const unsigned char *ikm, int ikm_len,
+                const unsigned char *info, int info_len, unsigned char *okm,
+                int okm_len);
+int crypto_hkdf_extract(const mbedtls_md_info_t *md, const unsigned char *salt,
+                        int salt_len, const unsigned char *ikm, int ikm_len,
+                        unsigned char *prk);
+int crypto_hkdf_expand(const mbedtls_md_info_t *md, const unsigned char *prk,
+                       int prk_len, const unsigned char *info, int info_len,
+                       unsigned char *okm, int okm_len);
+#ifdef SS_DEBUG
+void dump(char *tag, char *text, int len);
+#endif
+
+extern struct cache *nonce_cache;
+extern const char *supported_stream_ciphers[];
+extern const char *supported_aead_ciphers[];
+
+#endif // _CRYPTO_H
diff --git a/client/3rd/ShadowSocks/ShadowSocks/shadowsocks-libev/src/jconf.c b/client/3rd/ShadowSocks/ShadowSocks/shadowsocks-libev/src/jconf.c
new file mode 100644
index 00000000..5adba342
--- /dev/null
+++ b/client/3rd/ShadowSocks/ShadowSocks/shadowsocks-libev/src/jconf.c
@@ -0,0 +1,363 @@
+/*
+ * jconf.c - Parse the JSON format config file
+ *
+ * Copyright (C) 2013 - 2019, Max Lv <max.c.lv@gmail.com>
+ *
+ * This file is part of the shadowsocks-libev.
+ * shadowsocks-libev is free software; you can redistribute it and/or modify
+ * it under the terms of the GNU General Public License as published by
+ * the Free Software Foundation; either version 3 of the License, or
+ * (at your option) any later version.
+ *
+ * shadowsocks-libev is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+ * GNU General Public License for more details.
+ *
+ * You should have received a copy of the GNU General Public License
+ * along with shadowsocks-libev; see the file COPYING. If not, see
+ * <http://www.gnu.org/licenses/>.
+ */
+
+#include <stdlib.h>
+#include <stdio.h>
+#include <unistd.h>
+#include <string.h>
+#include <time.h>
+
+#include "netutils.h"
+#include "utils.h"
+#include "jconf.h"
+#include "json.h"
+#include "string.h"
+
+#include <libcork/core.h>
+
+#define check_json_value_type(value, expected_type, message) \
+    do { \
+        if ((value)->type != (expected_type)) \
+            FATAL((message)); \
+    } while (0)
+
+static char *
+to_string(const json_value *value)
+{
+    if (value->type == json_string) {
+        return ss_strndup(value->u.string.ptr, value->u.string.length);
+    } else if (value->type == json_integer) {
+        return strdup(ss_itoa(value->u.integer));
+    } else if (value->type == json_null) {
+        return NULL;
+    } else {
+        LOGE("%d", value->type);
+        FATAL("Invalid config format.");
+    }
+    return 0;
+}
+
+void
+free_addr(ss_addr_t *addr)
+{
+    ss_free(addr->host);
+    ss_free(addr->port);
+}
+
+void
+parse_addr(const char *str_in, ss_addr_t *addr)
+{
+    if (str_in == NULL)
+        return;
+
+    int ipv6 = 0, ret = -1, n = 0, len;
+    char *pch;
+    char *str = strdup(str_in);
+    len = strlen(str_in);
+
+    struct cork_ip ip;
+    if (cork_ip_init(&ip, str) != -1) {
+        addr->host = str;
+        addr->port = NULL;
+        return;
+    }
+
+    pch = strchr(str, ':');
+    while (pch != NULL) {
+        n++;
+        ret = pch - str;
+        pch = strchr(pch + 1, ':');
+    }
+
+    if (n > 1) {
+        ipv6 = 1;
+        if (str[ret - 1] != ']') {
+            ret = -1;
+        }
+    }
+
+    if (ret == -1) {
+        if (ipv6) {
+            addr->host = ss_strndup(str + 1, strlen(str) - 2);
+        } else {
+            addr->host = strdup(str);
+        }
+        addr->port = NULL;
+    } else {
+        if (ipv6) {
+            addr->host = ss_strndup(str + 1, ret - 2);
+        } else {
+            addr->host = ss_strndup(str, ret);
+        }
+        if (ret < len - 1) {
+            addr->port = strdup(str + ret + 1);
+        } else {
+            addr->port = NULL;
+        }
+    }
+
+    free(str);
+}
+
+static int
+parse_dscp(char *str)
+{
+    size_t str_len = strlen(str);
+
+    // Pre-defined values (EF, CSx, AFxy)
+    if (str_len == 2 && strcasecmp(str, "EF") == 0) {
+        return DSCP_EF;
+    }
+
+    if (str_len == DSCP_CS_LEN && strncasecmp(str, "CS", 2) == 0) {
+        if (str[2] >= '0' && str[2] <= '7') {
+            // CSx = 8x
+            return (str[2] - '0') << 3;
+        }
+    }
+
+    if (str_len == DSCP_AF_LEN && strncasecmp(str, "AF", 2) == 0) {
+        if (str[2] >= '1' && str[2] <= '4' && str[3] >= '1' && str[3] <= '3') {
+            // AFxy = 8x + 2y
+            return ((str[2] - '0') << 3) | ((str[3] - '0') << 1);
+        }
+    }
+
+    // Manual hexadecimal mode (0xYZ)
+    char *endptr;
+    int dscp = (int)strtol(str, &endptr, 0);
+    if (*endptr == '\0' && dscp >= DSCP_MIN && dscp <= DSCP_MAX) {
+        return dscp;
+    }
+
+    LOGE("Invalid DSCP value (%s)", str);
+    return DSCP_DEFAULT;
+}
+
+jconf_t *
+read_jconf(const char *file)
+{
+    static jconf_t conf;
+
+    memset(&conf, 0, sizeof(jconf_t));
+
+    char *buf;
+    json_value *obj;
+
+    FILE *f = fopen(file, "rb");
+    if (f == NULL) {
+        FATAL("Invalid config path.");
+    }
+
+    fseek(f, 0, SEEK_END);
+    long pos = ftell(f);
+    fseek(f, 0, SEEK_SET);
+
+    if (pos < 0) {
+        FATAL("Invalid config path.");
+    }
+
+    if (pos >= MAX_CONF_SIZE) {
+        FATAL("Too large config file.");
+    }
+
+    buf = ss_malloc(pos + 1);
+    if (buf == NULL) {
+        FATAL("No enough memory.");
+    }
+
+    int nread = fread(buf, pos, 1, f);
+    if (!nread) {
+        FATAL("Failed to read the config file.");
+    }
+    fclose(f);
+
+    buf[pos] = '\0'; // end of string
+
+    json_settings settings = { 0UL, 0, NULL, NULL, NULL };
+    char error_buf[512];
+    obj = json_parse_ex(&settings, buf, pos, error_buf);
+
+    if (obj == NULL) {
+        FATAL(error_buf);
+    }
+
+    if (obj->type == json_object) {
+        unsigned int i, j;
+        for (i = 0; i < obj->u.object.length; i++) {
+            char *name        = obj->u.object.values[i].name;
+            json_value *value = obj->u.object.values[i].value;
+            if (strcmp(name, "server") == 0) {
+                if (value->type == json_array) {
+                    for (j = 0; j < value->u.array.length; j++) {
+                        if (j >= MAX_REMOTE_NUM) {
+                            break;
+                        }
+                        json_value *v  = value->u.array.values[j];
+                        char *addr_str = to_string(v);
+                        parse_addr(addr_str, conf.remote_addr + j);
+                        ss_free(addr_str);
+                        conf.remote_num = j + 1;
+                    }
+                } else if (value->type == json_string) {
+                    char* tmp_str = to_string(value);
+                    parse_addr(tmp_str, conf.remote_addr);
+                    ss_free(tmp_str);
+                    conf.remote_num = 1;
+                }
+            } else if (strcmp(name, "port_password") == 0) {
+                if (value->type == json_object) {
+                    for (j = 0; j < value->u.object.length; j++) {
+                        if (j >= MAX_PORT_NUM) {
+                            break;
+                        }
+                        json_value *v = value->u.object.values[j].value;
+                        if (v->type == json_string) {
+                            conf.port_password[j].port = ss_strndup(value->u.object.values[j].name,
+                                                                    value->u.object.values[j].name_length);
+                            conf.port_password[j].password = to_string(v);
+                            conf.port_password_num         = j + 1;
+                        }
+                    }
+                }
+            } else if (strcmp(name, "server_port") == 0) {
+                conf.remote_port = to_string(value);
+            } else if (strcmp(name, "local_address") == 0) {
+                conf.local_addr = to_string(value);
+            } else if (strcmp(name, "local_ipv4_address") == 0) {
+                conf.local_addr_v4 = to_string(value);
+            } else if (strcmp(name, "local_ipv6_address") == 0) {
+                conf.local_addr_v6 = to_string(value);
+            } else if (strcmp(name, "local_port") == 0) {
+                conf.local_port = to_string(value);
+            } else if (strcmp(name, "password") == 0) {
+                conf.password = to_string(value);
+            } else if (strcmp(name, "key") == 0) {
+                conf.key = to_string(value);
+            } else if (strcmp(name, "method") == 0) {
+                conf.method = to_string(value);
+            } else if (strcmp(name, "timeout") == 0) {
+                conf.timeout = to_string(value);
+            } else if (strcmp(name, "user") == 0) {
+                conf.user = to_string(value);
+            } else if (strcmp(name, "plugin") == 0) {
+                conf.plugin = to_string(value);
+                if (conf.plugin && strlen(conf.plugin) == 0) {
+                    ss_free(conf.plugin);
+                    conf.plugin = NULL;
+                }
+            } else if (strcmp(name, "plugin_opts") == 0) {
+                conf.plugin_opts = to_string(value);
+            } else if (strcmp(name, "fast_open") == 0) {
+                check_json_value_type(value, json_boolean,
+                                      "invalid config file: option 'fast_open' must be a boolean");
+                conf.fast_open = value->u.boolean;
+            } else if (strcmp(name, "reuse_port") == 0) {
+                check_json_value_type(value, json_boolean,
+                                      "invalid config file: option 'reuse_port' must be a boolean");
+                conf.reuse_port = value->u.boolean;
+            } else if (strcmp(name, "auth") == 0) {
+                FATAL("One time auth has been deprecated. Try AEAD ciphers instead.");
+            } else if (strcmp(name, "nofile") == 0) {
+                check_json_value_type(value, json_integer,
+                                      "invalid config file: option 'nofile' must be an integer");
+                conf.nofile = value->u.integer;
+            } else if (strcmp(name, "nameserver") == 0) {
+                conf.nameserver = to_string(value);
+            } else if (strcmp(name, "dscp") == 0) {
+                if (value->type == json_object) {
+                    for (j = 0; j < value->u.object.length; j++) {
+                        if (j >= MAX_DSCP_NUM) {
+                            break;
+                        }
+                        json_value *v = value->u.object.values[j].value;
+                        if (v->type == json_string) {
+                            int dscp   = parse_dscp(to_string(v));
+                            char *port = ss_strndup(value->u.object.values[j].name,
+                                                    value->u.object.values[j].name_length);
+                            conf.dscp[j].port = port;
+                            conf.dscp[j].dscp = dscp;
+                            conf.dscp_num     = j + 1;
+                        }
+                    }
+                }
+            } else if (strcmp(name, "tunnel_address") == 0) {
+                conf.tunnel_address = to_string(value);
+            } else if (strcmp(name, "mode") == 0) {
+                char *mode_str = to_string(value);
+
+                if (mode_str == NULL)
+                    conf.mode = TCP_ONLY;
+                else if (strcmp(mode_str, "tcp_only") == 0)
+                    conf.mode = TCP_ONLY;
+                else if (strcmp(mode_str, "tcp_and_udp") == 0)
+                    conf.mode = TCP_AND_UDP;
+                else if (strcmp(mode_str, "udp_only") == 0)
+                    conf.mode = UDP_ONLY;
+                else
+                    LOGI("ignore unknown mode: %s, use tcp_only as fallback",
+                         mode_str);
+
+                ss_free(mode_str);
+            } else if (strcmp(name, "mtu") == 0) {
+                check_json_value_type(value, json_integer,
+                                      "invalid config file: option 'mtu' must be an integer");
+                conf.mtu = value->u.integer;
+            } else if (strcmp(name, "mptcp") == 0) {
+                check_json_value_type(value, json_boolean,
+                                      "invalid config file: option 'mptcp' must be a boolean");
+                conf.mptcp = value->u.boolean;
+            } else if (strcmp(name, "ipv6_first") == 0) {
+                check_json_value_type(value, json_boolean,
+                                      "invalid config file: option 'ipv6_first' must be a boolean");
+                conf.ipv6_first = value->u.boolean;
+#ifdef HAS_SYSLOG
+            } else if (strcmp(name, "use_syslog") == 0) {
+                check_json_value_type(value, json_boolean,
+                                      "invalid config file: option 'use_syslog' must be a boolean");
+                use_syslog = value->u.boolean;
+#endif
+            } else if (strcmp(name, "no_delay") == 0) {
+                check_json_value_type(
+                    value, json_boolean,
+                    "invalid config file: option 'no_delay' must be a boolean");
+                conf.no_delay = value->u.boolean;
+            } else if (strcmp(name, "tcp_tproxy") == 0) {
+                check_json_value_type(
+                    value, json_boolean,
+                    "invalid config file: option 'tcp_tproxy' must be a boolean");
+                conf.tcp_tproxy = value->u.boolean;
+            } else if (strcmp(name, "workdir") == 0) {
+                conf.workdir = to_string(value);
+            } else if (strcmp(name, "acl") == 0) {
+                conf.acl = to_string(value);
+            } else if (strcmp(name, "manager_address") == 0) {
+                conf.manager_address = to_string(value);
+            }
+        }
+    } else {
+        FATAL("Invalid config file");
+    }
+
+    ss_free(buf);
+    json_value_free(obj);
+    return &conf;
+}
diff --git a/client/3rd/ShadowSocks/ShadowSocks/shadowsocks-libev/src/jconf.h b/client/3rd/ShadowSocks/ShadowSocks/shadowsocks-libev/src/jconf.h
new file mode 100644
index 00000000..4bf7f5e2
--- /dev/null
+++ b/client/3rd/ShadowSocks/ShadowSocks/shadowsocks-libev/src/jconf.h
@@ -0,0 +1,95 @@
+/*
+ * jconf.h - Define the config data structure
+ *
+ * Copyright (C) 2013 - 2019, Max Lv <max.c.lv@gmail.com>
+ *
+ * This file is part of the shadowsocks-libev.
+ * shadowsocks-libev is free software; you can redistribute it and/or modify
+ * it under the terms of the GNU General Public License as published by
+ * the Free Software Foundation; either version 3 of the License, or
+ * (at your option) any later version.
+ *
+ * shadowsocks-libev is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+ * GNU General Public License for more details.
+ *
+ * You should have received a copy of the GNU General Public License
+ * along with shadowsocks-libev; see the file COPYING. If not, see
+ * <http://www.gnu.org/licenses/>.
+ */
+
+#ifndef _JCONF_H
+#define _JCONF_H
+
+#define MAX_PORT_NUM 1024
+#define MAX_REMOTE_NUM 10
+#define MAX_DSCP_NUM 64
+#define MAX_CONF_SIZE (128 * 1024)
+#define MAX_CONNECT_TIMEOUT 10
+#define MIN_TCP_IDLE_TIMEOUT (24 * 3600)
+#define MIN_UDP_TIMEOUT 10
+
+#define DSCP_EF      0x2E
+#define DSCP_MIN     0x0
+#define DSCP_MAX     0x3F
+#define DSCP_DEFAULT 0x0
+#define DSCP_MIN_LEN 2
+#define DSCP_MAX_LEN 4
+#define DSCP_CS_LEN  3
+#define DSCP_AF_LEN  4
+
+#define TCP_ONLY     0
+#define TCP_AND_UDP  1
+#define UDP_ONLY     3
+
+typedef struct {
+    char *port;
+    char *password;
+} ss_port_password_t;
+
+typedef struct {
+    char *port;
+    int dscp;
+} ss_dscp_t;
+
+typedef struct {
+    int remote_num;
+    ss_addr_t remote_addr[MAX_REMOTE_NUM];
+    int port_password_num;
+    ss_port_password_t port_password[MAX_PORT_NUM];
+    char *remote_port;
+    char *local_addr;
+    char *local_addr_v4;
+    char *local_addr_v6;
+    char *local_port;
+    char *password;
+    char *key;
+    char *method;
+    char *timeout;
+    char *user;
+    char *plugin;
+    char *plugin_opts;
+    int fast_open;
+    int reuse_port;
+    int nofile;
+    char *nameserver;
+    int dscp_num;
+    ss_dscp_t dscp[MAX_DSCP_NUM];
+    char *tunnel_address;
+    int mode;
+    int mtu;
+    int mptcp;
+    int ipv6_first;
+    int no_delay;
+    int tcp_tproxy;
+    char *workdir;
+    char *acl;
+    char *manager_address;
+} jconf_t;
+
+jconf_t *read_jconf(const char *file);
+void parse_addr(const char *str, ss_addr_t *addr);
+void free_addr(ss_addr_t *addr);
+
+#endif // _JCONF_H
diff --git a/client/3rd/ShadowSocks/ShadowSocks/shadowsocks-libev/src/json.c b/client/3rd/ShadowSocks/ShadowSocks/shadowsocks-libev/src/json.c
new file mode 100644
index 00000000..2a919009
--- /dev/null
+++ b/client/3rd/ShadowSocks/ShadowSocks/shadowsocks-libev/src/json.c
@@ -0,0 +1,1017 @@
+/* vim: set et ts=3 sw=3 sts=3 ft=c:
+ *
+ * Copyright (C) 2012, 2013, 2014 James McLaughlin et al.  All rights reserved.
+ * https://github.com/udp/json-parser
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ *
+ * 1. Redistributions of source code must retain the above copyright
+ *   notice, this list of conditions and the following disclaimer.
+ *
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *   notice, this list of conditions and the following disclaimer in the
+ *   documentation and/or other materials provided with the distribution.
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ */
+
+#include "json.h"
+
+#ifdef _MSC_VER
+   #ifndef _CRT_SECURE_NO_WARNINGS
+      #define _CRT_SECURE_NO_WARNINGS
+   #endif
+#endif
+
+#ifdef __MINGW32__
+#define CONV_PTR (uintptr_t)
+#else
+#define CONV_PTR (unsigned long)
+#endif
+
+const struct _json_value json_value_none;
+
+#include <stdio.h>
+#include <string.h>
+#include <ctype.h>
+#include <math.h>
+
+typedef unsigned int json_uchar;
+
+static unsigned char hex_value (json_char c)
+{
+   if (isdigit(c))
+      return c - '0';
+
+   switch (c) {
+      case 'a': case 'A': return 0x0A;
+      case 'b': case 'B': return 0x0B;
+      case 'c': case 'C': return 0x0C;
+      case 'd': case 'D': return 0x0D;
+      case 'e': case 'E': return 0x0E;
+      case 'f': case 'F': return 0x0F;
+      default: return 0xFF;
+   }
+}
+
+typedef struct
+{
+   unsigned long used_memory;
+
+   unsigned int uint_max;
+   unsigned long ulong_max;
+
+   json_settings settings;
+   int first_pass;
+
+   const json_char * ptr;
+   unsigned int cur_line, cur_col;
+
+} json_state;
+
+static void * default_alloc (size_t size, int zero, void * user_data)
+{
+   return zero ? calloc (1, size) : malloc (size);
+}
+
+static void default_free (void * ptr, void * user_data)
+{
+   free (ptr);
+}
+
+static void * json_alloc (json_state * state, unsigned long size, int zero)
+{
+   if ((state->ulong_max - state->used_memory) < size)
+      return 0;
+
+   if (state->settings.max_memory
+         && (state->used_memory += size) > state->settings.max_memory)
+   {
+      return 0;
+   }
+
+   return state->settings.mem_alloc (size, zero, state->settings.user_data);
+}
+
+static int new_value (json_state * state,
+                      json_value ** top, json_value ** root, json_value ** alloc,
+                      json_type type)
+{
+   json_value * value;
+   int values_size;
+
+   if (!state->first_pass)
+   {
+      value = *top = *alloc;
+      *alloc = (*alloc)->_reserved.next_alloc;
+
+      if (!*root)
+         *root = value;
+
+      switch (value->type)
+      {
+         case json_array:
+
+            if (value->u.array.length == 0)
+               break;
+
+            if (! (value->u.array.values = (json_value **) json_alloc
+               (state, value->u.array.length * sizeof (json_value *), 0)) )
+            {
+               return 0;
+            }
+
+            value->u.array.length = 0;
+            break;
+
+         case json_object:
+
+            if (value->u.object.length == 0)
+               break;
+
+            values_size = sizeof (*value->u.object.values) * value->u.object.length;
+
+            if (! (value->u.object.values = (json_object_entry *) json_alloc
+                  (state, values_size + (CONV_PTR value->u.object.values), 0)) )
+            {
+               return 0;
+            }
+
+            value->_reserved.object_mem = (*(char **) &value->u.object.values) + values_size;
+
+            value->u.object.length = 0;
+            break;
+
+         case json_string:
+
+            if (! (value->u.string.ptr = (json_char *) json_alloc
+               (state, (value->u.string.length + 1) * sizeof (json_char), 0)) )
+            {
+               return 0;
+            }
+
+            value->u.string.length = 0;
+            break;
+
+         default:
+            break;
+      };
+
+      return 1;
+   }
+
+   if (! (value = (json_value *) json_alloc
+         (state, sizeof (json_value) + state->settings.value_extra, 1)))
+   {
+      return 0;
+   }
+
+   if (!*root)
+      *root = value;
+
+   value->type = type;
+   value->parent = *top;
+
+   #ifdef JSON_TRACK_SOURCE
+      value->line = state->cur_line;
+      value->col = state->cur_col;
+   #endif
+
+   if (*alloc)
+      (*alloc)->_reserved.next_alloc = value;
+
+   *alloc = *top = value;
+
+   return 1;
+}
+
+#define whitespace \
+   case '\n': ++ state.cur_line;  state.cur_col = 0; \
+   case ' ': case '\t': case '\r'
+
+#define string_add(b)  \
+   do { if (!state.first_pass) string [string_length] = b;  ++ string_length; } while (0);
+
+#define line_and_col \
+   state.cur_line, state.cur_col
+
+static const long
+   flag_next             = 1 << 0,
+   flag_reproc           = 1 << 1,
+   flag_need_comma       = 1 << 2,
+   flag_seek_value       = 1 << 3, 
+   flag_escaped          = 1 << 4,
+   flag_string           = 1 << 5,
+   flag_need_colon       = 1 << 6,
+   flag_done             = 1 << 7,
+   flag_num_negative     = 1 << 8,
+   flag_num_zero         = 1 << 9,
+   flag_num_e            = 1 << 10,
+   flag_num_e_got_sign   = 1 << 11,
+   flag_num_e_negative   = 1 << 12,
+   flag_line_comment     = 1 << 13,
+   flag_block_comment    = 1 << 14;
+
+json_value * json_parse_ex (json_settings * settings,
+                            const json_char * json,
+                            size_t length,
+                            char * error_buf)
+{
+   json_char error [json_error_max];
+   const json_char * end;
+   json_value * top, * root, * alloc = 0;
+   json_state state = { 0 };
+   long flags;
+   long num_digits = 0, num_e = 0;
+   json_int_t num_fraction = 0;
+
+   /* Skip UTF-8 BOM
+    */
+   if (length >= 3 && ((unsigned char) json [0]) == 0xEF
+                   && ((unsigned char) json [1]) == 0xBB
+                   && ((unsigned char) json [2]) == 0xBF)
+   {
+      json += 3;
+      length -= 3;
+   }
+
+   error[0] = '\0';
+   end = (json + length);
+
+   memcpy (&state.settings, settings, sizeof (json_settings));
+
+   if (!state.settings.mem_alloc)
+      state.settings.mem_alloc = default_alloc;
+
+   if (!state.settings.mem_free)
+      state.settings.mem_free = default_free;
+
+   memset (&state.uint_max, 0xFF, sizeof (state.uint_max));
+   memset (&state.ulong_max, 0xFF, sizeof (state.ulong_max));
+
+   state.uint_max -= 8; /* limit of how much can be added before next check */
+   state.ulong_max -= 8;
+
+   for (state.first_pass = 1; state.first_pass >= 0; -- state.first_pass)
+   {
+      json_uchar uchar;
+      unsigned char uc_b1, uc_b2, uc_b3, uc_b4;
+      json_char * string = 0;
+      unsigned int string_length = 0;
+
+      top = root = 0;
+      flags = flag_seek_value;
+
+      state.cur_line = 1;
+
+      for (state.ptr = json ;; ++ state.ptr)
+      {
+         json_char b = (state.ptr == end ? 0 : *state.ptr);
+         
+         if (flags & flag_string)
+         {
+            if (!b)
+            {  sprintf (error, "Unexpected EOF in string (at %d:%d)", line_and_col);
+               goto e_failed;
+            }
+
+            if (string_length > state.uint_max)
+               goto e_overflow;
+
+            if (flags & flag_escaped)
+            {
+               flags &= ~ flag_escaped;
+
+               switch (b)
+               {
+                  case 'b':  string_add ('\b');  break;
+                  case 'f':  string_add ('\f');  break;
+                  case 'n':  string_add ('\n');  break;
+                  case 'r':  string_add ('\r');  break;
+                  case 't':  string_add ('\t');  break;
+                  case 'u':
+
+                    if (end - state.ptr < 4 || 
+                        (uc_b1 = hex_value (*++ state.ptr)) == 0xFF ||
+                        (uc_b2 = hex_value (*++ state.ptr)) == 0xFF ||
+                        (uc_b3 = hex_value (*++ state.ptr)) == 0xFF ||
+                        (uc_b4 = hex_value (*++ state.ptr)) == 0xFF)
+                    {
+                        sprintf (error, "Invalid character value `%c` (at %d:%d)", b, line_and_col);
+                        goto e_failed;
+                    }
+
+                    uc_b1 = (uc_b1 << 4) | uc_b2;
+                    uc_b2 = (uc_b3 << 4) | uc_b4;
+                    uchar = (uc_b1 << 8) | uc_b2;
+
+                    if ((uchar & 0xF800) == 0xD800) {
+                        json_uchar uchar2;
+                        
+                        if (end - state.ptr < 6 || (*++ state.ptr) != '\\' || (*++ state.ptr) != 'u' ||
+                            (uc_b1 = hex_value (*++ state.ptr)) == 0xFF ||
+                            (uc_b2 = hex_value (*++ state.ptr)) == 0xFF ||
+                            (uc_b3 = hex_value (*++ state.ptr)) == 0xFF ||
+                            (uc_b4 = hex_value (*++ state.ptr)) == 0xFF)
+                        {
+                            sprintf (error, "Invalid character value `%c` (at %d:%d)", b, line_and_col);
+                            goto e_failed;
+                        }
+
+                        uc_b1 = (uc_b1 << 4) | uc_b2;
+                        uc_b2 = (uc_b3 << 4) | uc_b4;
+                        uchar2 = (uc_b1 << 8) | uc_b2;
+                        
+                        uchar = 0x010000 | ((uchar & 0x3FF) << 10) | (uchar2 & 0x3FF);
+                    }
+
+                    if (sizeof (json_char) >= sizeof (json_uchar) || (uchar <= 0x7F))
+                    {
+                       string_add ((json_char) uchar);
+                       break;
+                    }
+
+                    if (uchar <= 0x7FF)
+                    {
+                        if (state.first_pass)
+                           string_length += 2;
+                        else
+                        {  string [string_length ++] = 0xC0 | (uchar >> 6);
+                           string [string_length ++] = 0x80 | (uchar & 0x3F);
+                        }
+
+                        break;
+                    }
+
+                    if (uchar <= 0xFFFF) {
+                        if (state.first_pass)
+                           string_length += 3;
+                        else
+                        {  string [string_length ++] = 0xE0 | (uchar >> 12);
+                           string [string_length ++] = 0x80 | ((uchar >> 6) & 0x3F);
+                           string [string_length ++] = 0x80 | (uchar & 0x3F);
+                        }
+                        
+                        break;
+                    }
+
+                    if (state.first_pass)
+                       string_length += 4;
+                    else
+                    {  string [string_length ++] = 0xF0 | (uchar >> 18);
+                       string [string_length ++] = 0x80 | ((uchar >> 12) & 0x3F);
+                       string [string_length ++] = 0x80 | ((uchar >> 6) & 0x3F);
+                       string [string_length ++] = 0x80 | (uchar & 0x3F);
+                    }
+
+                    break;
+
+                  default:
+                     string_add (b);
+               };
+
+               continue;
+            }
+
+            if (b == '\\')
+            {
+               flags |= flag_escaped;
+               continue;
+            }
+
+            if (b == '"')
+            {
+               if (!state.first_pass)
+                  string [string_length] = 0;
+
+               flags &= ~ flag_string;
+               string = 0;
+
+               switch (top->type)
+               {
+                  case json_string:
+
+                     top->u.string.length = string_length;
+                     flags |= flag_next;
+
+                     break;
+
+                  case json_object:
+
+                     if (state.first_pass)
+                        (*(json_char **) &top->u.object.values) += string_length + 1;
+                     else
+                     {  
+                        top->u.object.values [top->u.object.length].name
+                           = (json_char *) top->_reserved.object_mem;
+
+                        top->u.object.values [top->u.object.length].name_length
+                           = string_length;
+
+                        (*(json_char **) &top->_reserved.object_mem) += string_length + 1;
+                     }
+
+                     flags |= flag_seek_value | flag_need_colon;
+                     continue;
+
+                  default:
+                     break;
+               };
+            }
+            else
+            {
+               string_add (b);
+               continue;
+            }
+         }
+
+         if (state.settings.settings & json_enable_comments)
+         {
+            if (flags & (flag_line_comment | flag_block_comment))
+            {
+               if (flags & flag_line_comment)
+               {
+                  if (b == '\r' || b == '\n' || !b)
+                  {
+                     flags &= ~ flag_line_comment;
+                     -- state.ptr;  /* so null can be reproc'd */
+                  }
+
+                  continue;
+               }
+
+               if (flags & flag_block_comment)
+               {
+                  if (!b)
+                  {  sprintf (error, "%d:%d: Unexpected EOF in block comment", line_and_col);
+                     goto e_failed;
+                  }
+
+                  if (b == '*' && state.ptr < (end - 1) && state.ptr [1] == '/')
+                  {
+                     flags &= ~ flag_block_comment;
+                     ++ state.ptr;  /* skip closing sequence */
+                  }
+
+                  continue;
+               }
+            }
+            else if (b == '/')
+            {
+               if (! (flags & (flag_seek_value | flag_done)) && top->type != json_object)
+               {  sprintf (error, "%d:%d: Comment not allowed here", line_and_col);
+                  goto e_failed;
+               }
+
+               if (++ state.ptr == end)
+               {  sprintf (error, "%d:%d: EOF unexpected", line_and_col);
+                  goto e_failed;
+               }
+
+               switch (b = *state.ptr)
+               {
+                  case '/':
+                     flags |= flag_line_comment;
+                     continue;
+
+                  case '*':
+                     flags |= flag_block_comment;
+                     continue;
+
+                  default:
+                     sprintf (error, "%d:%d: Unexpected `%c` in comment opening sequence", line_and_col, b);
+                     goto e_failed;
+               };
+            }
+         }
+
+         if (flags & flag_done)
+         {
+            if (!b)
+               break;
+
+            switch (b)
+            {
+               whitespace:
+                  continue;
+
+               default:
+
+                  sprintf (error, "%d:%d: Trailing garbage: `%c`",
+                           state.cur_line, state.cur_col, b);
+
+                  goto e_failed;
+            };
+         }
+
+         if (flags & flag_seek_value)
+         {
+            switch (b)
+            {
+               whitespace:
+                  continue;
+
+               case ']':
+
+                  if (top && top->type == json_array)
+                     flags = (flags & ~ (flag_need_comma | flag_seek_value)) | flag_next;
+                  else
+                  {  sprintf (error, "%d:%d: Unexpected ]", line_and_col);
+                     goto e_failed;
+                  }
+
+                  break;
+
+               default:
+
+                  if (flags & flag_need_comma)
+                  {
+                     if (b == ',')
+                     {  flags &= ~ flag_need_comma;
+                        continue;
+                     }
+                     else
+                     {
+                        sprintf (error, "%d:%d: Expected , before %c",
+                                 state.cur_line, state.cur_col, b);
+
+                        goto e_failed;
+                     }
+                  }
+
+                  if (flags & flag_need_colon)
+                  {
+                     if (b == ':')
+                     {  flags &= ~ flag_need_colon;
+                        continue;
+                     }
+                     else
+                     { 
+                        sprintf (error, "%d:%d: Expected : before %c",
+                                 state.cur_line, state.cur_col, b);
+
+                        goto e_failed;
+                     }
+                  }
+
+                  flags &= ~ flag_seek_value;
+
+                  switch (b)
+                  {
+                     case '{':
+
+                        if (!new_value (&state, &top, &root, &alloc, json_object))
+                           goto e_alloc_failure;
+
+                        continue;
+
+                     case '[':
+
+                        if (!new_value (&state, &top, &root, &alloc, json_array))
+                           goto e_alloc_failure;
+
+                        flags |= flag_seek_value;
+                        continue;
+
+                     case '"':
+
+                        if (!new_value (&state, &top, &root, &alloc, json_string))
+                           goto e_alloc_failure;
+
+                        flags |= flag_string;
+
+                        string = top->u.string.ptr;
+                        string_length = 0;
+
+                        continue;
+
+                     case 't':
+
+                        if ((end - state.ptr) < 3 || *(++ state.ptr) != 'r' ||
+                            *(++ state.ptr) != 'u' || *(++ state.ptr) != 'e')
+                        {
+                           goto e_unknown_value;
+                        }
+
+                        if (!new_value (&state, &top, &root, &alloc, json_boolean))
+                           goto e_alloc_failure;
+
+                        top->u.boolean = 1;
+
+                        flags |= flag_next;
+                        break;
+
+                     case 'f':
+
+                        if ((end - state.ptr) < 4 || *(++ state.ptr) != 'a' ||
+                            *(++ state.ptr) != 'l' || *(++ state.ptr) != 's' ||
+                            *(++ state.ptr) != 'e')
+                        {
+                           goto e_unknown_value;
+                        }
+
+                        if (!new_value (&state, &top, &root, &alloc, json_boolean))
+                           goto e_alloc_failure;
+
+                        flags |= flag_next;
+                        break;
+
+                     case 'n':
+
+                        if ((end - state.ptr) < 3 || *(++ state.ptr) != 'u' ||
+                            *(++ state.ptr) != 'l' || *(++ state.ptr) != 'l')
+                        {
+                           goto e_unknown_value;
+                        }
+
+                        if (!new_value (&state, &top, &root, &alloc, json_null))
+                           goto e_alloc_failure;
+
+                        flags |= flag_next;
+                        break;
+
+                     default:
+
+                        if (isdigit (b) || b == '-')
+                        {
+                           if (!new_value (&state, &top, &root, &alloc, json_integer))
+                              goto e_alloc_failure;
+
+                           if (!state.first_pass)
+                           {
+                              while (isdigit (b) || b == '+' || b == '-'
+                                        || b == 'e' || b == 'E' || b == '.')
+                              {
+                                 if ( (++ state.ptr) == end)
+                                 {
+                                    b = 0;
+                                    break;
+                                 }
+
+                                 b = *state.ptr;
+                              }
+
+                              flags |= flag_next | flag_reproc;
+                              break;
+                           }
+
+                           flags &= ~ (flag_num_negative | flag_num_e |
+                                        flag_num_e_got_sign | flag_num_e_negative |
+                                           flag_num_zero);
+
+                           num_digits = 0;
+                           num_fraction = 0;
+                           num_e = 0;
+
+                           if (b != '-')
+                           {
+                              flags |= flag_reproc;
+                              break;
+                           }
+
+                           flags |= flag_num_negative;
+                           continue;
+                        }
+                        else
+                        {  sprintf (error, "%d:%d: Unexpected %c when seeking value", line_and_col, b);
+                           goto e_failed;
+                        }
+                  };
+            };
+         }
+         else
+         {
+            switch (top->type)
+            {
+            case json_object:
+               
+               switch (b)
+               {
+                  whitespace:
+                     continue;
+
+                  case '"':
+
+                     if (flags & flag_need_comma)
+                     {  sprintf (error, "%d:%d: Expected , before \"", line_and_col);
+                        goto e_failed;
+                     }
+
+                     flags |= flag_string;
+
+                     string = (json_char *) top->_reserved.object_mem;
+                     string_length = 0;
+
+                     break;
+                  
+                  case '}':
+
+                     flags = (flags & ~ flag_need_comma) | flag_next;
+                     break;
+
+                  case ',':
+
+                     if (flags & flag_need_comma)
+                     {
+                        flags &= ~ flag_need_comma;
+                        break;
+                     }
+
+                  default:
+                     sprintf (error, "%d:%d: Unexpected `%c` in object", line_and_col, b);
+                     goto e_failed;
+               };
+
+               break;
+
+            case json_integer:
+            case json_double:
+
+               if (isdigit (b))
+               {
+                  ++ num_digits;
+
+                  if (top->type == json_integer || flags & flag_num_e)
+                  {
+                     if (! (flags & flag_num_e))
+                     {
+                        if (flags & flag_num_zero)
+                        {  sprintf (error, "%d:%d: Unexpected `0` before `%c`", line_and_col, b);
+                           goto e_failed;
+                        }
+
+                        if (num_digits == 1 && b == '0')
+                           flags |= flag_num_zero;
+                     }
+                     else
+                     {
+                        flags |= flag_num_e_got_sign;
+                        num_e = (num_e * 10) + (b - '0');
+                        continue;
+                     }
+
+                     top->u.integer = (top->u.integer * 10) + (b - '0');
+                     continue;
+                  }
+
+                  num_fraction = (num_fraction * 10) + (b - '0');
+                  continue;
+               }
+
+               if (b == '+' || b == '-')
+               {
+                  if ( (flags & flag_num_e) && !(flags & flag_num_e_got_sign))
+                  {
+                     flags |= flag_num_e_got_sign;
+
+                     if (b == '-')
+                        flags |= flag_num_e_negative;
+
+                     continue;
+                  }
+               }
+               else if (b == '.' && top->type == json_integer)
+               {
+                  if (!num_digits)
+                  {  sprintf (error, "%d:%d: Expected digit before `.`", line_and_col);
+                     goto e_failed;
+                  }
+
+                  top->type = json_double;
+                  top->u.dbl = (double) top->u.integer;
+
+                  num_digits = 0;
+                  continue;
+               }
+
+               if (! (flags & flag_num_e))
+               {
+                  if (top->type == json_double)
+                  {
+                     if (!num_digits)
+                     {  sprintf (error, "%d:%d: Expected digit after `.`", line_and_col);
+                        goto e_failed;
+                     }
+
+                     top->u.dbl += ((double) num_fraction) / (pow (10.0, (double) num_digits));
+                  }
+
+                  if (b == 'e' || b == 'E')
+                  {
+                     flags |= flag_num_e;
+
+                     if (top->type == json_integer)
+                     {
+                        top->type = json_double;
+                        top->u.dbl = (double) top->u.integer;
+                     }
+
+                     num_digits = 0;
+                     flags &= ~ flag_num_zero;
+
+                     continue;
+                  }
+               }
+               else
+               {
+                  if (!num_digits)
+                  {  sprintf (error, "%d:%d: Expected digit after `e`", line_and_col);
+                     goto e_failed;
+                  }
+
+                  top->u.dbl *= pow (10.0, (double)
+                      (flags & flag_num_e_negative ? - num_e : num_e));
+               }
+
+               if (flags & flag_num_negative)
+               {
+                  if (top->type == json_integer)
+                     top->u.integer = - top->u.integer;
+                  else
+                     top->u.dbl = - top->u.dbl;
+               }
+
+               flags |= flag_next | flag_reproc;
+               break;
+
+            default:
+               break;
+            };
+         }
+
+         if (flags & flag_reproc)
+         {
+            flags &= ~ flag_reproc;
+            -- state.ptr;
+         }
+
+         if (flags & flag_next)
+         {
+            flags = (flags & ~ flag_next) | flag_need_comma;
+
+            if (!top->parent)
+            {
+               /* root value done */
+
+               flags |= flag_done;
+               continue;
+            }
+
+            if (top->parent->type == json_array)
+               flags |= flag_seek_value;
+               
+            if (!state.first_pass)
+            {
+               json_value * parent = top->parent;
+
+               switch (parent->type)
+               {
+                  case json_object:
+
+                     parent->u.object.values
+                        [parent->u.object.length].value = top;
+
+                     break;
+
+                  case json_array:
+
+                     parent->u.array.values
+                           [parent->u.array.length] = top;
+
+                     break;
+
+                  default:
+                     break;
+               };
+            }
+
+            if ( (++ top->parent->u.array.length) > state.uint_max)
+               goto e_overflow;
+
+            top = top->parent;
+
+            continue;
+         }
+      }
+
+      alloc = root;
+   }
+
+   return root;
+
+e_unknown_value:
+
+   sprintf (error, "%d:%d: Unknown value", line_and_col);
+   goto e_failed;
+
+e_alloc_failure:
+
+   strcpy (error, "Memory allocation failure");
+   goto e_failed;
+
+e_overflow:
+
+   sprintf (error, "%d:%d: Too long (caught overflow)", line_and_col);
+   goto e_failed;
+
+e_failed:
+
+   if (error_buf)
+   {
+      if (*error)
+         strcpy (error_buf, error);
+      else
+         strcpy (error_buf, "Unknown error");
+   }
+
+   if (state.first_pass)
+      alloc = root;
+
+   while (alloc)
+   {
+      top = alloc->_reserved.next_alloc;
+      state.settings.mem_free (alloc, state.settings.user_data);
+      alloc = top;
+   }
+
+   if (!state.first_pass)
+      json_value_free_ex (&state.settings, root);
+
+   return 0;
+}
+
+json_value * json_parse (const json_char * json, size_t length)
+{
+   json_settings settings = { 0 };
+   return json_parse_ex (&settings, json, length, 0);
+}
+
+void json_value_free_ex (json_settings * settings, json_value * value)
+{
+   json_value * cur_value;
+
+   if (!value)
+      return;
+
+   value->parent = 0;
+
+   while (value)
+   {
+      switch (value->type)
+      {
+         case json_array:
+
+            if (!value->u.array.length)
+            {
+               settings->mem_free (value->u.array.values, settings->user_data);
+               break;
+            }
+
+            value = value->u.array.values [-- value->u.array.length];
+            continue;
+
+         case json_object:
+
+            if (!value->u.object.length)
+            {
+               settings->mem_free (value->u.object.values, settings->user_data);
+               break;
+            }
+
+            value = value->u.object.values [-- value->u.object.length].value;
+            continue;
+
+         case json_string:
+
+            settings->mem_free (value->u.string.ptr, settings->user_data);
+            break;
+
+         default:
+            break;
+      };
+
+      cur_value = value;
+      value = value->parent;
+      settings->mem_free (cur_value, settings->user_data);
+   }
+}
+
+void json_value_free (json_value * value)
+{
+   json_settings settings = { 0 };
+   settings.mem_free = default_free;
+   json_value_free_ex (&settings, value);
+}
+
diff --git a/client/3rd/ShadowSocks/ShadowSocks/shadowsocks-libev/src/json.h b/client/3rd/ShadowSocks/ShadowSocks/shadowsocks-libev/src/json.h
new file mode 100644
index 00000000..f6549ec4
--- /dev/null
+++ b/client/3rd/ShadowSocks/ShadowSocks/shadowsocks-libev/src/json.h
@@ -0,0 +1,283 @@
+
+/* vim: set et ts=3 sw=3 sts=3 ft=c:
+ *
+ * Copyright (C) 2012, 2013, 2014 James McLaughlin et al.  All rights reserved.
+ * https://github.com/udp/json-parser
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ *
+ * 1. Redistributions of source code must retain the above copyright
+ *   notice, this list of conditions and the following disclaimer.
+ *
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *   notice, this list of conditions and the following disclaimer in the
+ *   documentation and/or other materials provided with the distribution.
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ */
+
+#ifndef _JSON_H
+#define _JSON_H
+
+#ifndef json_char
+   #define json_char char
+#endif
+
+#ifndef json_int_t
+   #ifndef _MSC_VER
+      #include <inttypes.h>
+      #define json_int_t int64_t
+   #else
+      #define json_int_t __int64
+   #endif
+#endif
+
+#include <stdlib.h>
+
+#ifdef __cplusplus
+
+   #include <string.h>
+
+   extern "C"
+   {
+
+#endif
+
+typedef struct
+{
+   unsigned long max_memory;
+   int settings;
+
+   /* Custom allocator support (leave null to use malloc/free)
+    */
+
+   void * (* mem_alloc) (size_t, int zero, void * user_data);
+   void (* mem_free) (void *, void * user_data);
+
+   void * user_data;  /* will be passed to mem_alloc and mem_free */
+
+   size_t value_extra;  /* how much extra space to allocate for values? */
+
+} json_settings;
+
+#define json_enable_comments  0x01
+
+typedef enum
+{
+   json_none,
+   json_object,
+   json_array,
+   json_integer,
+   json_double,
+   json_string,
+   json_boolean,
+   json_null
+
+} json_type;
+
+extern const struct _json_value json_value_none;
+       
+typedef struct _json_object_entry
+{
+    json_char * name;
+    unsigned int name_length;
+    
+    struct _json_value * value;
+    
+} json_object_entry;
+
+typedef struct _json_value
+{
+   struct _json_value * parent;
+
+   json_type type;
+
+   union
+   {
+      int boolean;
+      json_int_t integer;
+      double dbl;
+
+      struct
+      {
+         unsigned int length;
+         json_char * ptr; /* null terminated */
+
+      } string;
+
+      struct
+      {
+         unsigned int length;
+
+         json_object_entry * values;
+
+         #if defined(__cplusplus) && __cplusplus >= 201103L
+         decltype(values) begin () const
+         {  return values;
+         }
+         decltype(values) end () const
+         {  return values + length;
+         }
+         #endif
+
+      } object;
+
+      struct
+      {
+         unsigned int length;
+         struct _json_value ** values;
+
+         #if defined(__cplusplus) && __cplusplus >= 201103L
+         decltype(values) begin () const
+         {  return values;
+         }
+         decltype(values) end () const
+         {  return values + length;
+         }
+         #endif
+
+      } array;
+
+   } u;
+
+   union
+   {
+      struct _json_value * next_alloc;
+      void * object_mem;
+
+   } _reserved;
+
+   #ifdef JSON_TRACK_SOURCE
+
+      /* Location of the value in the source JSON
+       */
+      unsigned int line, col;
+
+   #endif
+
+
+   /* Some C++ operator sugar */
+
+   #ifdef __cplusplus
+
+      public:
+
+         inline _json_value ()
+         {  memset (this, 0, sizeof (_json_value));
+         }
+
+         inline const struct _json_value &operator [] (int index) const
+         {
+            if (type != json_array || index < 0
+                     || ((unsigned int) index) >= u.array.length)
+            {
+               return json_value_none;
+            }
+
+            return *u.array.values [index];
+         }
+
+         inline const struct _json_value &operator [] (const char * index) const
+         { 
+            if (type != json_object)
+               return json_value_none;
+
+            for (unsigned int i = 0; i < u.object.length; ++ i)
+               if (!strcmp (u.object.values [i].name, index))
+                  return *u.object.values [i].value;
+
+            return json_value_none;
+         }
+
+         inline operator const char * () const
+         {  
+            switch (type)
+            {
+               case json_string:
+                  return u.string.ptr;
+
+               default:
+                  return "";
+            };
+         }
+
+         inline operator json_int_t () const
+         {  
+            switch (type)
+            {
+               case json_integer:
+                  return u.integer;
+
+               case json_double:
+                  return (json_int_t) u.dbl;
+
+               default:
+                  return 0;
+            };
+         }
+
+         inline operator bool () const
+         {  
+            if (type != json_boolean)
+               return false;
+
+            return u.boolean != 0;
+         }
+
+         inline operator double () const
+         {  
+            switch (type)
+            {
+               case json_integer:
+                  return (double) u.integer;
+
+               case json_double:
+                  return u.dbl;
+
+               default:
+                  return 0;
+            };
+         }
+
+   #endif
+
+} json_value;
+       
+json_value * json_parse (const json_char * json,
+                         size_t length);
+
+#define json_error_max 128
+json_value * json_parse_ex (json_settings * settings,
+                            const json_char * json,
+                            size_t length,
+                            char * error);
+
+void json_value_free (json_value *);
+
+
+/* Not usually necessary, unless you used a custom mem_alloc and now want to
+ * use a custom mem_free.
+ */
+void json_value_free_ex (json_settings * settings,
+                         json_value *);
+
+
+#ifdef __cplusplus
+   } /* extern "C" */
+#endif
+
+#endif
+
+
diff --git a/client/3rd/ShadowSocks/ShadowSocks/shadowsocks-libev/src/local.c b/client/3rd/ShadowSocks/ShadowSocks/shadowsocks-libev/src/local.c
new file mode 100644
index 00000000..22b6cebd
--- /dev/null
+++ b/client/3rd/ShadowSocks/ShadowSocks/shadowsocks-libev/src/local.c
@@ -0,0 +1,2111 @@
+/*
+ * local.c - Setup a socks5 proxy through remote shadowsocks server
+ *
+ * Copyright (C) 2013 - 2019, Max Lv <max.c.lv@gmail.com>
+ *
+ * This file is part of the shadowsocks-libev.
+ *
+ * shadowsocks-libev is free software; you can redistribute it and/or modify
+ * it under the terms of the GNU General Public License as published by
+ * the Free Software Foundation; either version 3 of the License, or
+ * (at your option) any later version.
+ *
+ * shadowsocks-libev is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+ * GNU General Public License for more details.
+ *
+ * You should have received a copy of the GNU General Public License
+ * along with shadowsocks-libev; see the file COPYING. If not, see
+ * <http://www.gnu.org/licenses/>.
+ */
+
+#ifdef HAVE_CONFIG_H
+#include "../config.h"
+#endif
+
+#include <sys/stat.h>
+#include <sys/types.h>
+#include <fcntl.h>
+#include <locale.h>
+#include <signal.h>
+#include <string.h>
+#include <strings.h>
+#include <unistd.h>
+#include <getopt.h>
+#ifndef __MINGW32__
+#include <errno.h>
+#include <arpa/inet.h>
+#include <netdb.h>
+#include <netinet/in.h>
+#include <netinet/tcp.h>
+#endif
+#ifdef LIB_ONLY
+#include "shadowsocks.h"
+#endif
+
+#if defined(HAVE_SYS_IOCTL_H) && defined(HAVE_NET_IF_H) && defined(__linux__)
+#include <net/if.h>
+#include <sys/ioctl.h>
+#define SET_INTERFACE
+#endif
+
+#include <libcork/core.h>
+
+#include "netutils.h"
+#include "utils.h"
+#include "socks5.h"
+#include "acl.h"
+#include "plugin.h"
+#include "local.h"
+#include "winsock.h"
+
+#ifndef LIB_ONLY
+#ifdef __APPLE__
+#include <AvailabilityMacros.h>
+#if defined(MAC_OS_X_VERSION_10_10) && MAC_OS_X_VERSION_MIN_REQUIRED >= MAC_OS_X_VERSION_10_10
+#include <launch.h>
+#define HAVE_LAUNCHD
+#endif
+#endif
+#endif
+
+#ifndef EAGAIN
+#define EAGAIN EWOULDBLOCK
+#endif
+
+#ifndef EWOULDBLOCK
+#define EWOULDBLOCK EAGAIN
+#endif
+
+int verbose    = 0;
+int local_reuse_port = 0;
+
+#ifdef __ANDROID__
+int vpn        = 0;
+uint64_t tx    = 0;
+uint64_t rx    = 0;
+ev_tstamp last = 0;
+
+char *stat_path   = NULL;
+#endif
+
+static crypto_t *crypto;
+
+static int acl       = 0;
+static int mode      = TCP_ONLY;
+static int ipv6first = 0;
+int fast_open        = 0;
+static int no_delay  = 0;
+static int udp_fd    = 0;
+static int ret_val   = 0;
+
+static struct ev_signal sigint_watcher;
+static struct ev_signal sigterm_watcher;
+#ifndef __MINGW32__
+static struct ev_signal sigchld_watcher;
+static struct ev_signal sigusr1_watcher;
+#else
+#ifndef LIB_ONLY
+static struct plugin_watcher_t {
+    ev_io io;
+    SOCKET fd;
+    uint16_t port;
+    int valid;
+} plugin_watcher;
+#endif
+#endif
+
+#ifdef HAVE_SETRLIMIT
+#ifndef LIB_ONLY
+static int nofile = 0;
+#endif
+#endif
+
+static void server_recv_cb(EV_P_ ev_io *w, int revents);
+static void server_send_cb(EV_P_ ev_io *w, int revents);
+static void remote_recv_cb(EV_P_ ev_io *w, int revents);
+static void remote_send_cb(EV_P_ ev_io *w, int revents);
+static void accept_cb(EV_P_ ev_io *w, int revents);
+static void signal_cb(EV_P_ ev_signal *w, int revents);
+#if defined(__MINGW32__) && !defined(LIB_ONLY)
+static void plugin_watcher_cb(EV_P_ ev_io *w, int revents);
+#endif
+
+static int create_and_bind(const char *addr, const char *port);
+#ifdef HAVE_LAUNCHD
+static int launch_or_create(const char *addr, const char *port);
+#endif
+static remote_t *create_remote(listen_ctx_t *listener, struct sockaddr *addr, int direct);
+static void free_remote(remote_t *remote);
+static void close_and_free_remote(EV_P_ remote_t *remote);
+static void free_server(server_t *server);
+static void close_and_free_server(EV_P_ server_t *server);
+
+static remote_t *new_remote(int fd, int timeout);
+static server_t *new_server(int fd);
+
+static struct cork_dllist connections;
+
+#ifndef __MINGW32__
+int
+setnonblocking(int fd)
+{
+    int flags;
+    if (-1 == (flags = fcntl(fd, F_GETFL, 0))) {
+        flags = 0;
+    }
+    return fcntl(fd, F_SETFL, flags | O_NONBLOCK);
+}
+
+#endif
+
+int
+create_and_bind(const char *addr, const char *port)
+{
+    struct addrinfo hints;
+    struct addrinfo *result, *rp;
+    int s, listen_sock;
+
+    memset(&hints, 0, sizeof(struct addrinfo));
+    hints.ai_family   = AF_UNSPEC;   /* Return IPv4 and IPv6 choices */
+    hints.ai_socktype = SOCK_STREAM; /* We want a TCP socket */
+    result            = NULL;
+
+    s = getaddrinfo(addr, port, &hints, &result);
+
+    if (s != 0) {
+        LOGI("getaddrinfo: %s", gai_strerror(s));
+        return -1;
+    }
+
+    if (result == NULL) {
+        LOGE("Could not bind");
+        return -1;
+    }
+
+    for (rp = result; rp != NULL; rp = rp->ai_next) {
+        listen_sock = socket(rp->ai_family, rp->ai_socktype, rp->ai_protocol);
+        if (listen_sock == -1) {
+            continue;
+        }
+
+        int opt = 1;
+        setsockopt(listen_sock, SOL_SOCKET, SO_REUSEADDR, &opt, sizeof(opt));
+#ifdef SO_NOSIGPIPE
+        setsockopt(listen_sock, SOL_SOCKET, SO_NOSIGPIPE, &opt, sizeof(opt));
+#endif
+        if (local_reuse_port) {
+            int err = set_reuseport(listen_sock);
+            if (err == 0) {
+                LOGI("tcp port reuse enabled");
+            }
+        }
+
+        s = bind(listen_sock, rp->ai_addr, rp->ai_addrlen);
+        if (s == 0) {
+            /* We managed to bind successfully! */
+            break;
+        } else {
+            ERROR("bind");
+        }
+
+        close(listen_sock);
+        listen_sock = -1;
+    }
+
+    freeaddrinfo(result);
+
+    return listen_sock;
+}
+
+#ifdef HAVE_LAUNCHD
+int
+launch_or_create(const char *addr, const char *port)
+{
+    int *fds;
+    size_t cnt;
+    int error = launch_activate_socket("Listeners", &fds, &cnt);
+    if (error == 0) {
+        if (cnt == 1) {
+            return fds[0];
+        } else {
+            FATAL("please don't specify multi entry");
+        }
+    } else if (error == ESRCH || error == ENOENT) {
+        /* ESRCH:  The calling process is not managed by launchd(8).
+         * ENOENT: The socket name specified does not exist
+         *          in the caller's launchd.plist(5).
+         */
+        if (port == NULL) {
+            usage();
+            exit(EXIT_FAILURE);
+        }
+        return create_and_bind(addr, port);
+    } else {
+        FATAL("launch_activate_socket() error");
+    }
+    return -1;
+}
+
+#endif
+
+static void
+free_connections(struct ev_loop *loop)
+{
+    struct cork_dllist_item *curr, *next;
+    cork_dllist_foreach_void(&connections, curr, next) {
+        server_t *server = cork_container_of(curr, server_t, entries);
+        remote_t *remote = server->remote;
+        close_and_free_server(loop, server);
+        close_and_free_remote(loop, remote);
+    }
+}
+
+static void
+delayed_connect_cb(EV_P_ ev_timer *watcher, int revents)
+{
+    server_t *server = cork_container_of(watcher, server_t,
+                                         delayed_connect_watcher);
+
+    server_recv_cb(EV_A_ & server->recv_ctx->io, revents);
+}
+
+static int
+server_handshake_reply(EV_P_ ev_io *w, int udp_assc, struct socks5_response *response)
+{
+    server_ctx_t *server_recv_ctx = (server_ctx_t *)w;
+    server_t *server              = server_recv_ctx->server;
+    remote_t *remote              = server->remote;
+    if (server->stage != STAGE_HANDSHAKE)
+        return 0;
+
+    struct sockaddr_in sock_addr;
+    if (udp_assc) {
+        socklen_t addr_len = sizeof(sock_addr);
+        if (getsockname(server->fd, (struct sockaddr *)&sock_addr, &addr_len) < 0) {
+            LOGE("getsockname: %s", strerror(errno));
+            response->rep = SOCKS5_REP_CONN_REFUSED;
+            send(server->fd, (char *)response, sizeof(struct socks5_response), 0);
+            close_and_free_remote(EV_A_ remote);
+            close_and_free_server(EV_A_ server);
+            return -1;
+        }
+    } else
+        memset(&sock_addr, 0, sizeof(sock_addr));
+
+    buffer_t resp_to_send;
+    buffer_t *resp_buf = &resp_to_send;
+    balloc(resp_buf, SOCKET_BUF_SIZE);
+
+    memcpy(resp_buf->data, response, sizeof(struct socks5_response));
+    memcpy(resp_buf->data + sizeof(struct socks5_response),
+           &sock_addr.sin_addr, sizeof(sock_addr.sin_addr));
+    memcpy(resp_buf->data + sizeof(struct socks5_response) +
+           sizeof(sock_addr.sin_addr),
+           &sock_addr.sin_port, sizeof(sock_addr.sin_port));
+
+    int reply_size = sizeof(struct socks5_response) +
+                     sizeof(sock_addr.sin_addr) + sizeof(sock_addr.sin_port);
+
+    int s = send(server->fd, resp_buf->data, reply_size, 0);
+
+    bfree(resp_buf);
+
+    if (s < reply_size) {
+        LOGE("failed to send fake reply");
+        close_and_free_remote(EV_A_ remote);
+        close_and_free_server(EV_A_ server);
+        return -1;
+    }
+    if (udp_assc) {
+        // Wait until client closes the connection
+        return -1;
+    }
+    return 0;
+}
+
+static int
+server_handshake(EV_P_ ev_io *w, buffer_t *buf)
+{
+    server_ctx_t *server_recv_ctx = (server_ctx_t *)w;
+    server_t *server              = server_recv_ctx->server;
+    remote_t *remote              = server->remote;
+
+    struct socks5_request *request = (struct socks5_request *)buf->data;
+    size_t request_len             = sizeof(struct socks5_request);
+
+    if (buf->len < request_len) {
+        return -1;
+    }
+
+    struct socks5_response response;
+    response.ver  = SVERSION;
+    response.rep  = SOCKS5_REP_SUCCEEDED;
+    response.rsv  = 0;
+    response.atyp = SOCKS5_ATYP_IPV4;
+
+    if (request->cmd == SOCKS5_CMD_UDP_ASSOCIATE) {
+        if (verbose) {
+            LOGI("udp assc request accepted");
+        }
+        return server_handshake_reply(EV_A_ w, 1, &response);
+    } else if (request->cmd != SOCKS5_CMD_CONNECT) {
+        LOGE("unsupported command: %d", request->cmd);
+        response.rep = SOCKS5_REP_CMD_NOT_SUPPORTED;
+        char *send_buf = (char *)&response;
+        send(server->fd, send_buf, 4, 0);
+        close_and_free_remote(EV_A_ remote);
+        close_and_free_server(EV_A_ server);
+        return -1;
+    }
+
+    char host[MAX_HOSTNAME_LEN + 1], ip[INET6_ADDRSTRLEN], port[16];
+
+    buffer_t *abuf = server->abuf;
+    abuf->idx = 0;
+    abuf->len = 0;
+
+    abuf->data[abuf->len++] = request->atyp;
+    int atyp = request->atyp;
+
+    // get remote addr and port
+    if (atyp == SOCKS5_ATYP_IPV4) {
+        size_t in_addr_len = sizeof(struct in_addr);
+        if (buf->len < request_len + in_addr_len + 2) {
+            return -1;
+        }
+        memcpy(abuf->data + abuf->len, buf->data + request_len, in_addr_len + 2);
+        abuf->len += in_addr_len + 2;
+
+        if (acl || verbose) {
+            uint16_t p = load16_be(buf->data + request_len + in_addr_len);
+            if (!inet_ntop(AF_INET, (const void *)(buf->data + request_len),
+                           ip, INET_ADDRSTRLEN)) {
+                LOGI("inet_ntop(AF_INET): %s", strerror(errno));
+                ip[0] = '\0';
+            }
+            sprintf(port, "%d", p);
+        }
+    } else if (atyp == SOCKS5_ATYP_DOMAIN) {
+        uint8_t name_len = *(uint8_t *)(buf->data + request_len);
+        if (buf->len < request_len + 1 + name_len + 2) {
+            return -1;
+        }
+        abuf->data[abuf->len++] = name_len;
+        memcpy(abuf->data + abuf->len, buf->data + request_len + 1, name_len + 2);
+        abuf->len += name_len + 2;
+
+        if (acl || verbose) {
+            uint16_t p = load16_be(buf->data + request_len + 1 + name_len);
+            memcpy(host, buf->data + request_len + 1, name_len);
+            host[name_len] = '\0';
+            sprintf(port, "%d", p);
+        }
+    } else if (atyp == SOCKS5_ATYP_IPV6) {
+        size_t in6_addr_len = sizeof(struct in6_addr);
+        if (buf->len < request_len + in6_addr_len + 2) {
+            return -1;
+        }
+        memcpy(abuf->data + abuf->len, buf->data + request_len, in6_addr_len + 2);
+        abuf->len += in6_addr_len + 2;
+
+        if (acl || verbose) {
+            uint16_t p = load16_be(buf->data + request_len + in6_addr_len);
+            if (!inet_ntop(AF_INET6, (const void *)(buf->data + request_len),
+                           ip, INET6_ADDRSTRLEN)) {
+                LOGI("inet_ntop(AF_INET6): %s", strerror(errno));
+                ip[0] = '\0';
+            }
+            sprintf(port, "%d", p);
+        }
+    } else {
+        LOGE("unsupported addrtype: %d", request->atyp);
+        response.rep = SOCKS5_REP_ADDRTYPE_NOT_SUPPORTED;
+        char *send_buf = (char *)&response;
+        send(server->fd, send_buf, 4, 0);
+        close_and_free_remote(EV_A_ remote);
+        close_and_free_server(EV_A_ server);
+        return -1;
+    }
+
+    if (server_handshake_reply(EV_A_ w, 0, &response) < 0)
+        return -1;
+    server->stage = STAGE_STREAM;
+
+    buf->len -= (3 + abuf->len);
+    if (buf->len > 0) {
+        memmove(buf->data, buf->data + 3 + abuf->len, buf->len);
+    }
+
+    if (verbose) {
+        if (atyp == SOCKS5_ATYP_DOMAIN)
+            LOGI("connect to %s:%s", host, port);
+        else if (atyp == SOCKS5_ATYP_IPV4)
+            LOGI("connect to %s:%s", ip, port);
+        else if (atyp == SOCKS5_ATYP_IPV6)
+            LOGI("connect to [%s]:%s", ip, port);
+    }
+
+    if (acl
+#ifdef __ANDROID__
+        && !(vpn && strcmp(port, "53") == 0)
+#endif
+        ) {
+        int bypass   = 0;
+        int resolved = 0;
+        struct sockaddr_storage storage;
+        memset(&storage, 0, sizeof(struct sockaddr_storage));
+        int err;
+
+        int host_match = 0;
+        if (atyp == SOCKS5_ATYP_DOMAIN)
+            host_match = acl_match_host(host);
+
+        if (host_match > 0)
+            bypass = 1;                             // bypass hostnames in black list
+        else if (host_match < 0)
+            bypass = 0;                             // proxy hostnames in white list
+        else {
+            if (atyp == SOCKS5_ATYP_DOMAIN
+#ifdef __ANDROID__
+                && !vpn
+#endif
+                ) {           // resolve domain so we can bypass domain with geoip
+                if (get_sockaddr(host, port, &storage, 0, ipv6first))
+                    goto not_bypass;
+                resolved = 1;
+                switch (((struct sockaddr *)&storage)->sa_family) {
+                case AF_INET:
+                {
+                    struct sockaddr_in *addr_in = (struct sockaddr_in *)&storage;
+                    if (!inet_ntop(AF_INET, &(addr_in->sin_addr), ip, INET_ADDRSTRLEN))
+                        goto not_bypass;
+                    break;
+                }
+                case AF_INET6:
+                {
+                    struct sockaddr_in6 *addr_in6 = (struct sockaddr_in6 *)&storage;
+                    if (!inet_ntop(AF_INET6, &(addr_in6->sin6_addr), ip, INET6_ADDRSTRLEN))
+                        goto not_bypass;
+                    break;
+                }
+                default:
+                    goto not_bypass;
+                }
+            }
+
+            int ip_match = (resolved || atyp == SOCKS5_ATYP_IPV4
+                            || atyp == SOCKS5_ATYP_IPV6) ? acl_match_host(ip) : 0;
+
+            switch (get_acl_mode()) {
+            case BLACK_LIST:
+                if (ip_match > 0)
+                    bypass = 1;                                               // bypass IPs in black list
+                break;
+            case WHITE_LIST:
+                bypass = 1;
+                if (ip_match < 0)
+                    bypass = 0;                                               // proxy IPs in white list
+                break;
+            }
+        }
+
+        if (bypass) {
+            if (verbose) {
+                if (atyp == SOCKS5_ATYP_DOMAIN)
+                    LOGI("bypass %s:%s", host, port);
+                else if (atyp == 1)
+                    LOGI("bypass %s:%s", ip, port);
+                else if (atyp == 4)
+                    LOGI("bypass [%s]:%s", ip, port);
+            }
+            if (atyp == SOCKS5_ATYP_DOMAIN && !resolved)
+#ifdef __ANDROID__
+                if (vpn)
+                    goto not_bypass;
+                else
+#endif
+                err = get_sockaddr(host, port, &storage, 0, ipv6first);
+            else
+                err = get_sockaddr(ip, port, &storage, 0, ipv6first);
+            if (err != -1) {
+                remote = create_remote(server->listener, (struct sockaddr *)&storage, 1);
+            }
+        }
+    }
+
+not_bypass:
+    // Not bypass
+    if (remote == NULL) {
+        remote = create_remote(server->listener, NULL, 0);
+    }
+
+    if (remote == NULL) {
+        LOGE("invalid remote addr");
+        close_and_free_server(EV_A_ server);
+        return -1;
+    }
+
+    if (!remote->direct) {
+        int err = crypto->encrypt(abuf, server->e_ctx, SOCKET_BUF_SIZE);
+        if (err) {
+            LOGE("invalid password or cipher");
+            close_and_free_remote(EV_A_ remote);
+            close_and_free_server(EV_A_ server);
+            return -1;
+        }
+    }
+
+    if (buf->len > 0) {
+        memcpy(remote->buf->data, buf->data, buf->len);
+        remote->buf->len = buf->len;
+    }
+
+    server->remote = remote;
+    remote->server = server;
+
+    if (buf->len > 0) {
+        return 0;
+    } else {
+        ev_timer_start(EV_A_ & server->delayed_connect_watcher);
+    }
+
+    return -1;
+}
+
+static void
+server_stream(EV_P_ ev_io *w, buffer_t *buf)
+{
+    server_ctx_t *server_recv_ctx = (server_ctx_t *)w;
+    server_t *server              = server_recv_ctx->server;
+    remote_t *remote              = server->remote;
+
+    if (remote == NULL) {
+        LOGE("invalid remote");
+        close_and_free_server(EV_A_ server);
+        return;
+    }
+
+    // insert shadowsocks header
+    if (!remote->direct) {
+#ifdef __ANDROID__
+        tx += remote->buf->len;
+#endif
+        int err = crypto->encrypt(remote->buf, server->e_ctx, SOCKET_BUF_SIZE);
+
+        if (err) {
+            LOGE("invalid password or cipher");
+            close_and_free_remote(EV_A_ remote);
+            close_and_free_server(EV_A_ server);
+            return;
+        }
+
+        if (server->abuf) {
+            bprepend(remote->buf, server->abuf, SOCKET_BUF_SIZE);
+            bfree(server->abuf);
+            ss_free(server->abuf);
+            server->abuf = NULL;
+        }
+    }
+
+    if (!remote->send_ctx->connected) {
+#ifdef __ANDROID__
+        if (vpn) {
+            int not_protect = 0;
+            if (remote->addr.ss_family == AF_INET) {
+                struct sockaddr_in *s = (struct sockaddr_in *)&remote->addr;
+                if (s->sin_addr.s_addr == inet_addr("127.0.0.1"))
+                    not_protect = 1;
+            }
+            if (!not_protect) {
+                if (protect_socket(remote->fd) == -1) {
+                    ERROR("protect_socket");
+                    close_and_free_remote(EV_A_ remote);
+                    close_and_free_server(EV_A_ server);
+                    return;
+                }
+            }
+        }
+#endif
+
+        remote->buf->idx = 0;
+
+        if (!fast_open || remote->direct) {
+            // connecting, wait until connected
+            int r = connect(remote->fd, (struct sockaddr *)&(remote->addr), remote->addr_len);
+
+            if (r == -1 && errno != CONNECT_IN_PROGRESS) {
+                ERROR("connect");
+                close_and_free_remote(EV_A_ remote);
+                close_and_free_server(EV_A_ server);
+                return;
+            }
+
+            // wait on remote connected event
+            ev_io_stop(EV_A_ & server_recv_ctx->io);
+            ev_io_start(EV_A_ & remote->send_ctx->io);
+            ev_timer_start(EV_A_ & remote->send_ctx->watcher);
+        } else {
+#if defined(MSG_FASTOPEN) && !defined(TCP_FASTOPEN_CONNECT)
+            int s = -1;
+            s = sendto(remote->fd, remote->buf->data, remote->buf->len, MSG_FASTOPEN,
+                       (struct sockaddr *)&(remote->addr), remote->addr_len);
+#elif defined(TCP_FASTOPEN_WINSOCK)
+            DWORD s   = -1;
+            DWORD err = 0;
+            do {
+                int optval = 1;
+                // Set fast open option
+                if (setsockopt(remote->fd, IPPROTO_TCP, TCP_FASTOPEN,
+                               &optval, sizeof(optval)) != 0) {
+                    ERROR("setsockopt");
+                    break;
+                }
+                // Load ConnectEx function
+                LPFN_CONNECTEX ConnectEx = winsock_getconnectex();
+                if (ConnectEx == NULL) {
+                    LOGE("Cannot load ConnectEx() function");
+                    err = WSAENOPROTOOPT;
+                    break;
+                }
+                // ConnectEx requires a bound socket
+                if (winsock_dummybind(remote->fd,
+                                      (struct sockaddr *)&(remote->addr)) != 0) {
+                    ERROR("bind");
+                    break;
+                }
+                // Call ConnectEx to send data
+                memset(&remote->olap, 0, sizeof(remote->olap));
+                remote->connect_ex_done = 0;
+                if (ConnectEx(remote->fd, (const struct sockaddr *)&(remote->addr),
+                              remote->addr_len, remote->buf->data, remote->buf->len,
+                              &s, &remote->olap)) {
+                    remote->connect_ex_done = 1;
+                    break;
+                }
+                // XXX: ConnectEx pending, check later in remote_send
+                if (WSAGetLastError() == ERROR_IO_PENDING) {
+                    err = CONNECT_IN_PROGRESS;
+                    break;
+                }
+                ERROR("ConnectEx");
+            } while (0);
+            // Set error number
+            if (err) {
+                SetLastError(err);
+            }
+#else
+            int s = -1;
+#if defined(CONNECT_DATA_IDEMPOTENT)
+            ((struct sockaddr_in *)&(remote->addr))->sin_len = sizeof(struct sockaddr_in);
+            sa_endpoints_t endpoints;
+            memset((char *)&endpoints, 0, sizeof(endpoints));
+            endpoints.sae_dstaddr    = (struct sockaddr *)&(remote->addr);
+            endpoints.sae_dstaddrlen = remote->addr_len;
+
+            s = connectx(remote->fd, &endpoints, SAE_ASSOCID_ANY,
+                         CONNECT_RESUME_ON_READ_WRITE | CONNECT_DATA_IDEMPOTENT,
+                         NULL, 0, NULL, NULL);
+#elif defined(TCP_FASTOPEN_CONNECT)
+            int optval = 1;
+            if (setsockopt(remote->fd, IPPROTO_TCP, TCP_FASTOPEN_CONNECT,
+                           (void *)&optval, sizeof(optval)) < 0)
+                FATAL("failed to set TCP_FASTOPEN_CONNECT");
+            s = connect(remote->fd, (struct sockaddr *)&(remote->addr), remote->addr_len);
+#else
+            FATAL("fast open is not enabled in this build");
+#endif
+            if (s == 0)
+                s = send(remote->fd, remote->buf->data, remote->buf->len, 0);
+#endif
+            if (s == -1) {
+                if (errno == CONNECT_IN_PROGRESS) {
+                    // in progress, wait until connected
+                    remote->buf->idx = 0;
+                    ev_io_stop(EV_A_ & server_recv_ctx->io);
+                    ev_io_start(EV_A_ & remote->send_ctx->io);
+                    return;
+                } else {
+                    if (errno == EOPNOTSUPP || errno == EPROTONOSUPPORT ||
+                        errno == ENOPROTOOPT) {
+                        LOGE("fast open is not supported on this platform");
+                        // just turn it off
+                        fast_open = 0;
+                    } else {
+                        ERROR("fast_open_connect");
+                    }
+                    close_and_free_remote(EV_A_ remote);
+                    close_and_free_server(EV_A_ server);
+                    return;
+                }
+            } else {
+                remote->buf->len -= s;
+                remote->buf->idx  = s;
+
+                ev_io_stop(EV_A_ & server_recv_ctx->io);
+                ev_io_start(EV_A_ & remote->send_ctx->io);
+                ev_timer_start(EV_A_ & remote->send_ctx->watcher);
+                return;
+            }
+        }
+    } else {
+        int s = send(remote->fd, remote->buf->data, remote->buf->len, 0);
+        if (s == -1) {
+            if (errno == EAGAIN || errno == EWOULDBLOCK) {
+                // no data, wait for send
+                remote->buf->idx = 0;
+                ev_io_stop(EV_A_ & server_recv_ctx->io);
+                ev_io_start(EV_A_ & remote->send_ctx->io);
+                return;
+            } else {
+                ERROR("server_recv_cb_send");
+                close_and_free_remote(EV_A_ remote);
+                close_and_free_server(EV_A_ server);
+                return;
+            }
+        } else if (s < (int)(remote->buf->len)) {
+            remote->buf->len -= s;
+            remote->buf->idx  = s;
+            ev_io_stop(EV_A_ & server_recv_ctx->io);
+            ev_io_start(EV_A_ & remote->send_ctx->io);
+            return;
+        } else {
+            remote->buf->idx = 0;
+            remote->buf->len = 0;
+        }
+    }
+}
+
+static void
+server_recv_cb(EV_P_ ev_io *w, int revents)
+{
+    server_ctx_t *server_recv_ctx = (server_ctx_t *)w;
+    server_t *server              = server_recv_ctx->server;
+    remote_t *remote              = server->remote;
+    buffer_t *buf;
+    ssize_t r;
+
+    ev_timer_stop(EV_A_ & server->delayed_connect_watcher);
+
+    if (remote == NULL) {
+        buf = server->buf;
+    } else {
+        buf = remote->buf;
+    }
+
+    if (revents != EV_TIMER) {
+        r = recv(server->fd, buf->data + buf->len, SOCKET_BUF_SIZE - buf->len, 0);
+
+        if (r == 0) {
+            // connection closed
+            close_and_free_remote(EV_A_ remote);
+            close_and_free_server(EV_A_ server);
+            return;
+        } else if (r == -1) {
+            if (errno == EAGAIN || errno == EWOULDBLOCK) {
+                // no data
+                // continue to wait for recv
+                return;
+            } else {
+                if (verbose)
+                    ERROR("server_recv_cb_recv");
+                close_and_free_remote(EV_A_ remote);
+                close_and_free_server(EV_A_ server);
+                return;
+            }
+        }
+        buf->len += r;
+    }
+
+    while (1) {
+        // local socks5 server
+        if (server->stage == STAGE_STREAM) {
+            server_stream(EV_A_ w, buf);
+
+            // all processed
+            return;
+        } else if (server->stage == STAGE_INIT) {
+            if (verbose) {
+                struct sockaddr_in peer_addr;
+                socklen_t peer_addr_len = sizeof peer_addr;
+                if (getpeername(server->fd, (struct sockaddr *)&peer_addr, &peer_addr_len) == 0) {
+                    LOGI("connection from %s:%hu", inet_ntoa(peer_addr.sin_addr), ntohs(peer_addr.sin_port));
+                }
+            }
+            if (buf->len < 1)
+                return;
+            if (buf->data[0] != SVERSION) {
+                close_and_free_remote(EV_A_ remote);
+                close_and_free_server(EV_A_ server);
+                return;
+            }
+            if (buf->len < sizeof(struct method_select_request)) {
+                return;
+            }
+            struct method_select_request *method = (struct method_select_request *)buf->data;
+            int method_len                       = method->nmethods + sizeof(struct method_select_request);
+            if (buf->len < method_len) {
+                return;
+            }
+
+            struct method_select_response response;
+            response.ver    = SVERSION;
+            response.method = METHOD_UNACCEPTABLE;
+            for (int i = 0; i < method->nmethods; i++)
+                if (method->methods[i] == METHOD_NOAUTH) {
+                    response.method = METHOD_NOAUTH;
+                    break;
+                }
+            char *send_buf = (char *)&response;
+            send(server->fd, send_buf, sizeof(response), 0);
+            if (response.method == METHOD_UNACCEPTABLE) {
+                close_and_free_remote(EV_A_ remote);
+                close_and_free_server(EV_A_ server);
+                return;
+            }
+
+            server->stage = STAGE_HANDSHAKE;
+
+            if (method_len < (int)(buf->len)) {
+                memmove(buf->data, buf->data + method_len, buf->len - method_len);
+                buf->len -= method_len;
+                continue;
+            }
+
+            buf->len = 0;
+            return;
+        } else if (server->stage == STAGE_HANDSHAKE) {
+            int ret = server_handshake(EV_A_ w, buf);
+            if (ret)
+                return;
+        }
+    }
+}
+
+static void
+server_send_cb(EV_P_ ev_io *w, int revents)
+{
+    server_ctx_t *server_send_ctx = (server_ctx_t *)w;
+    server_t *server              = server_send_ctx->server;
+    remote_t *remote              = server->remote;
+    if (server->buf->len == 0) {
+        // close and free
+        close_and_free_remote(EV_A_ remote);
+        close_and_free_server(EV_A_ server);
+        return;
+    } else {
+        // has data to send
+        ssize_t s = send(server->fd, server->buf->data + server->buf->idx,
+                         server->buf->len, 0);
+        if (s == -1) {
+            if (errno != EAGAIN && errno != EWOULDBLOCK) {
+                ERROR("server_send_cb_send");
+                close_and_free_remote(EV_A_ remote);
+                close_and_free_server(EV_A_ server);
+            }
+            return;
+        } else if (s < (ssize_t)(server->buf->len)) {
+            // partly sent, move memory, wait for the next time to send
+            server->buf->len -= s;
+            server->buf->idx += s;
+            return;
+        } else {
+            // all sent out, wait for reading
+            server->buf->len = 0;
+            server->buf->idx = 0;
+            ev_io_stop(EV_A_ & server_send_ctx->io);
+            ev_io_start(EV_A_ & remote->recv_ctx->io);
+            return;
+        }
+    }
+}
+
+#ifdef __ANDROID__
+void
+stat_update_cb()
+{
+    ev_tstamp now = ev_time();
+    if (now - last > 0.5) {
+        send_traffic_stat(tx, rx);
+        last = now;
+    }
+}
+
+#endif
+
+static void
+remote_timeout_cb(EV_P_ ev_timer *watcher, int revents)
+{
+    remote_ctx_t *remote_ctx
+        = cork_container_of(watcher, remote_ctx_t, watcher);
+
+    remote_t *remote = remote_ctx->remote;
+    server_t *server = remote->server;
+
+    if (verbose) {
+        LOGI("TCP connection timeout");
+    }
+
+    close_and_free_remote(EV_A_ remote);
+    close_and_free_server(EV_A_ server);
+}
+
+static void
+remote_recv_cb(EV_P_ ev_io *w, int revents)
+{
+    remote_ctx_t *remote_recv_ctx = (remote_ctx_t *)w;
+    remote_t *remote              = remote_recv_ctx->remote;
+    server_t *server              = remote->server;
+
+    ssize_t r = recv(remote->fd, server->buf->data, SOCKET_BUF_SIZE, 0);
+
+    if (r == 0) {
+        // connection closed
+        close_and_free_remote(EV_A_ remote);
+        close_and_free_server(EV_A_ server);
+        return;
+    } else if (r == -1) {
+        if (errno == EAGAIN || errno == EWOULDBLOCK) {
+            // no data
+            // continue to wait for recv
+            return;
+        } else {
+            ERROR("remote_recv_cb_recv");
+            close_and_free_remote(EV_A_ remote);
+            close_and_free_server(EV_A_ server);
+            return;
+        }
+    }
+
+    server->buf->len = r;
+
+    if (!remote->direct) {
+#ifdef __ANDROID__
+        rx += server->buf->len;
+        stat_update_cb();
+#endif
+        int err = crypto->decrypt(server->buf, server->d_ctx, SOCKET_BUF_SIZE);
+        if (err == CRYPTO_ERROR) {
+            LOGE("invalid password or cipher");
+            close_and_free_remote(EV_A_ remote);
+            close_and_free_server(EV_A_ server);
+            return;
+        } else if (err == CRYPTO_NEED_MORE) {
+            return; // Wait for more
+        }
+    }
+
+    int s = send(server->fd, server->buf->data, server->buf->len, 0);
+
+    if (s == -1) {
+        if (errno == EAGAIN || errno == EWOULDBLOCK) {
+            // no data, wait for send
+            server->buf->idx = 0;
+            ev_io_stop(EV_A_ & remote_recv_ctx->io);
+            ev_io_start(EV_A_ & server->send_ctx->io);
+        } else {
+            ERROR("remote_recv_cb_send");
+            close_and_free_remote(EV_A_ remote);
+            close_and_free_server(EV_A_ server);
+            return;
+        }
+    } else if (s < (int)(server->buf->len)) {
+        server->buf->len -= s;
+        server->buf->idx  = s;
+        ev_io_stop(EV_A_ & remote_recv_ctx->io);
+        ev_io_start(EV_A_ & server->send_ctx->io);
+    }
+
+    // Disable TCP_NODELAY after the first response are sent
+    if (!remote->recv_ctx->connected && !no_delay) {
+        int opt = 0;
+        setsockopt(server->fd, SOL_TCP, TCP_NODELAY, &opt, sizeof(opt));
+        setsockopt(remote->fd, SOL_TCP, TCP_NODELAY, &opt, sizeof(opt));
+    }
+    remote->recv_ctx->connected = 1;
+}
+
+static void
+remote_send_cb(EV_P_ ev_io *w, int revents)
+{
+    remote_ctx_t *remote_send_ctx = (remote_ctx_t *)w;
+    remote_t *remote              = remote_send_ctx->remote;
+    server_t *server              = remote->server;
+
+    if (!remote_send_ctx->connected) {
+#ifdef TCP_FASTOPEN_WINSOCK
+        if (fast_open) {
+            // Check if ConnectEx is done
+            if (!remote->connect_ex_done) {
+                DWORD numBytes;
+                DWORD flags;
+                // Non-blocking way to fetch ConnectEx result
+                if (WSAGetOverlappedResult(remote->fd, &remote->olap,
+                                           &numBytes, FALSE, &flags)) {
+                    remote->buf->len       -= numBytes;
+                    remote->buf->idx        = numBytes;
+                    remote->connect_ex_done = 1;
+                } else if (WSAGetLastError() == WSA_IO_INCOMPLETE) {
+                    // XXX: ConnectEx still not connected, wait for next time
+                    return;
+                } else {
+                    ERROR("WSAGetOverlappedResult");
+                    // not connected
+                    close_and_free_remote(EV_A_ remote);
+                    close_and_free_server(EV_A_ server);
+                    return;
+                }
+            }
+
+            // Make getpeername work
+            if (setsockopt(remote->fd, SOL_SOCKET,
+                           SO_UPDATE_CONNECT_CONTEXT, NULL, 0) != 0) {
+                ERROR("setsockopt");
+            }
+        }
+#endif
+        struct sockaddr_storage addr;
+        socklen_t len = sizeof addr;
+        int r         = getpeername(remote->fd, (struct sockaddr *)&addr, &len);
+        if (r == 0) {
+            remote_send_ctx->connected = 1;
+            ev_timer_stop(EV_A_ & remote_send_ctx->watcher);
+            ev_io_start(EV_A_ & remote->recv_ctx->io);
+
+            // no need to send any data
+            if (remote->buf->len == 0) {
+                ev_io_stop(EV_A_ & remote_send_ctx->io);
+                ev_io_start(EV_A_ & server->recv_ctx->io);
+                return;
+            }
+        } else {
+            // not connected
+            ERROR("getpeername");
+            close_and_free_remote(EV_A_ remote);
+            close_and_free_server(EV_A_ server);
+            return;
+        }
+    }
+
+    if (remote->buf->len == 0) {
+        // close and free
+        close_and_free_remote(EV_A_ remote);
+        close_and_free_server(EV_A_ server);
+        return;
+    } else {
+        // has data to send
+        ssize_t s = send(remote->fd, remote->buf->data + remote->buf->idx,
+                         remote->buf->len, 0);
+        if (s == -1) {
+            if (errno != EAGAIN && errno != EWOULDBLOCK) {
+                ERROR("remote_send_cb_send");
+                // close and free
+                close_and_free_remote(EV_A_ remote);
+                close_and_free_server(EV_A_ server);
+            }
+            return;
+        } else if (s < (ssize_t)(remote->buf->len)) {
+            // partly sent, move memory, wait for the next time to send
+            remote->buf->len -= s;
+            remote->buf->idx += s;
+            return;
+        } else {
+            // all sent out, wait for reading
+            remote->buf->len = 0;
+            remote->buf->idx = 0;
+            ev_io_stop(EV_A_ & remote_send_ctx->io);
+            ev_io_start(EV_A_ & server->recv_ctx->io);
+        }
+    }
+}
+
+static remote_t *
+new_remote(int fd, int timeout)
+{
+    remote_t *remote;
+    remote = ss_malloc(sizeof(remote_t));
+
+    memset(remote, 0, sizeof(remote_t));
+
+    remote->buf      = ss_malloc(sizeof(buffer_t));
+    remote->recv_ctx = ss_malloc(sizeof(remote_ctx_t));
+    remote->send_ctx = ss_malloc(sizeof(remote_ctx_t));
+    balloc(remote->buf, SOCKET_BUF_SIZE);
+    memset(remote->recv_ctx, 0, sizeof(remote_ctx_t));
+    memset(remote->send_ctx, 0, sizeof(remote_ctx_t));
+    remote->recv_ctx->connected = 0;
+    remote->send_ctx->connected = 0;
+    remote->fd                  = fd;
+    remote->recv_ctx->remote    = remote;
+    remote->send_ctx->remote    = remote;
+
+    ev_io_init(&remote->recv_ctx->io, remote_recv_cb, fd, EV_READ);
+    ev_io_init(&remote->send_ctx->io, remote_send_cb, fd, EV_WRITE);
+    ev_timer_init(&remote->send_ctx->watcher, remote_timeout_cb,
+                  min(MAX_CONNECT_TIMEOUT, timeout), 0);
+
+    return remote;
+}
+
+static void
+free_remote(remote_t *remote)
+{
+    if (remote->server != NULL) {
+        remote->server->remote = NULL;
+    }
+    if (remote->buf != NULL) {
+        bfree(remote->buf);
+        ss_free(remote->buf);
+    }
+    ss_free(remote->recv_ctx);
+    ss_free(remote->send_ctx);
+    ss_free(remote);
+}
+
+static void
+close_and_free_remote(EV_P_ remote_t *remote)
+{
+    if (remote != NULL) {
+        ev_timer_stop(EV_A_ & remote->send_ctx->watcher);
+        ev_io_stop(EV_A_ & remote->send_ctx->io);
+        ev_io_stop(EV_A_ & remote->recv_ctx->io);
+        close(remote->fd);
+        free_remote(remote);
+    }
+}
+
+static server_t *
+new_server(int fd)
+{
+    server_t *server;
+    server = ss_malloc(sizeof(server_t));
+
+    memset(server, 0, sizeof(server_t));
+
+    server->recv_ctx = ss_malloc(sizeof(server_ctx_t));
+    server->send_ctx = ss_malloc(sizeof(server_ctx_t));
+    server->buf      = ss_malloc(sizeof(buffer_t));
+    server->abuf     = ss_malloc(sizeof(buffer_t));
+    balloc(server->buf, SOCKET_BUF_SIZE);
+    balloc(server->abuf, SOCKET_BUF_SIZE);
+    memset(server->recv_ctx, 0, sizeof(server_ctx_t));
+    memset(server->send_ctx, 0, sizeof(server_ctx_t));
+    server->stage               = STAGE_INIT;
+    server->recv_ctx->connected = 0;
+    server->send_ctx->connected = 0;
+    server->fd                  = fd;
+    server->recv_ctx->server    = server;
+    server->send_ctx->server    = server;
+
+    server->e_ctx = ss_malloc(sizeof(cipher_ctx_t));
+    server->d_ctx = ss_malloc(sizeof(cipher_ctx_t));
+    crypto->ctx_init(crypto->cipher, server->e_ctx, 1);
+    crypto->ctx_init(crypto->cipher, server->d_ctx, 0);
+
+    ev_io_init(&server->recv_ctx->io, server_recv_cb, fd, EV_READ);
+    ev_io_init(&server->send_ctx->io, server_send_cb, fd, EV_WRITE);
+
+    ev_timer_init(&server->delayed_connect_watcher,
+                  delayed_connect_cb, 0.05, 0);
+
+    cork_dllist_add(&connections, &server->entries);
+
+    return server;
+}
+
+static void
+free_server(server_t *server)
+{
+    cork_dllist_remove(&server->entries);
+
+    if (server->remote != NULL) {
+        server->remote->server = NULL;
+    }
+    if (server->e_ctx != NULL) {
+        crypto->ctx_release(server->e_ctx);
+        ss_free(server->e_ctx);
+    }
+    if (server->d_ctx != NULL) {
+        crypto->ctx_release(server->d_ctx);
+        ss_free(server->d_ctx);
+    }
+    if (server->buf != NULL) {
+        bfree(server->buf);
+        ss_free(server->buf);
+    }
+    if (server->abuf != NULL) {
+        bfree(server->abuf);
+        ss_free(server->abuf);
+    }
+    ss_free(server->recv_ctx);
+    ss_free(server->send_ctx);
+    ss_free(server);
+}
+
+static void
+close_and_free_server(EV_P_ server_t *server)
+{
+    if (server != NULL) {
+        ev_io_stop(EV_A_ & server->send_ctx->io);
+        ev_io_stop(EV_A_ & server->recv_ctx->io);
+        ev_timer_stop(EV_A_ & server->delayed_connect_watcher);
+        close(server->fd);
+        free_server(server);
+    }
+}
+
+static remote_t *
+create_remote(listen_ctx_t *listener,
+              struct sockaddr *addr,
+              int direct)
+{
+    struct sockaddr *remote_addr;
+
+    int index = rand() % listener->remote_num;
+    if (addr == NULL) {
+        remote_addr = listener->remote_addr[index];
+    } else {
+        remote_addr = addr;
+    }
+
+    int remotefd = socket(remote_addr->sa_family, SOCK_STREAM, IPPROTO_TCP);
+
+    if (remotefd == -1) {
+        ERROR("socket");
+        return NULL;
+    }
+
+    int opt = 1;
+    setsockopt(remotefd, SOL_TCP, TCP_NODELAY, &opt, sizeof(opt));
+#ifdef SO_NOSIGPIPE
+    setsockopt(remotefd, SOL_SOCKET, SO_NOSIGPIPE, &opt, sizeof(opt));
+#endif
+
+    if (listener->mptcp > 1) {
+        int err = setsockopt(remotefd, SOL_TCP, listener->mptcp, &opt, sizeof(opt));
+        if (err == -1) {
+            ERROR("failed to enable multipath TCP");
+        }
+    } else if (listener->mptcp == 1) {
+        int i = 0;
+        while ((listener->mptcp = mptcp_enabled_values[i]) > 0) {
+            int err = setsockopt(remotefd, SOL_TCP, listener->mptcp, &opt, sizeof(opt));
+            if (err != -1) {
+                break;
+            }
+            i++;
+        }
+        if (listener->mptcp == 0) {
+            ERROR("failed to enable multipath TCP");
+        }
+    }
+
+    // Setup
+    setnonblocking(remotefd);
+#ifdef SET_INTERFACE
+    if (listener->iface) {
+        if (setinterface(remotefd, listener->iface) == -1)
+            ERROR("setinterface");
+    }
+#endif
+
+    remote_t *remote = new_remote(remotefd, direct ? MAX_CONNECT_TIMEOUT : listener->timeout);
+    remote->addr_len = get_sockaddr_len(remote_addr);
+    memcpy(&(remote->addr), remote_addr, remote->addr_len);
+    remote->direct = direct;
+
+    if (verbose) {
+        struct sockaddr_in *sockaddr = (struct sockaddr_in *)&remote->addr;
+        LOGI("remote: %s:%hu", inet_ntoa(sockaddr->sin_addr), ntohs(sockaddr->sin_port));
+    }
+
+    return remote;
+}
+
+static void
+signal_cb(EV_P_ ev_signal *w, int revents)
+{
+    if (revents & EV_SIGNAL) {
+        switch (w->signum) {
+#ifndef __MINGW32__
+        case SIGCHLD:
+            if (!is_plugin_running()) {
+                LOGE("plugin service exit unexpectedly");
+                ret_val = -1;
+            } else
+                return;
+        case SIGUSR1:
+#endif
+        case SIGINT:
+        case SIGTERM:
+            ev_signal_stop(EV_DEFAULT, &sigint_watcher);
+            ev_signal_stop(EV_DEFAULT, &sigterm_watcher);
+#ifndef __MINGW32__
+            ev_signal_stop(EV_DEFAULT, &sigchld_watcher);
+            ev_signal_stop(EV_DEFAULT, &sigusr1_watcher);
+#else
+#ifndef LIB_ONLY
+            ev_io_stop(EV_DEFAULT, &plugin_watcher.io);
+#endif
+#endif
+            ev_unloop(EV_A_ EVUNLOOP_ALL);
+        }
+    }
+}
+
+#if defined(__MINGW32__) && !defined(LIB_ONLY)
+static void
+plugin_watcher_cb(EV_P_ ev_io *w, int revents)
+{
+    char buf[1];
+    SOCKET fd = accept(plugin_watcher.fd, NULL, NULL);
+    if (fd == INVALID_SOCKET) {
+        return;
+    }
+    recv(fd, buf, 1, 0);
+    closesocket(fd);
+    LOGE("plugin service exit unexpectedly");
+    ret_val = -1;
+    ev_signal_stop(EV_DEFAULT, &sigint_watcher);
+    ev_signal_stop(EV_DEFAULT, &sigterm_watcher);
+    ev_io_stop(EV_DEFAULT, &plugin_watcher.io);
+    ev_unloop(EV_A_ EVUNLOOP_ALL);
+}
+
+#endif
+
+void
+accept_cb(EV_P_ ev_io *w, int revents)
+{
+    listen_ctx_t *listener = (listen_ctx_t *)w;
+    int serverfd           = accept(listener->fd, NULL, NULL);
+    if (serverfd == -1) {
+        ERROR("accept");
+        return;
+    }
+    setnonblocking(serverfd);
+    int opt = 1;
+    setsockopt(serverfd, SOL_TCP, TCP_NODELAY, &opt, sizeof(opt));
+#ifdef SO_NOSIGPIPE
+    setsockopt(serverfd, SOL_SOCKET, SO_NOSIGPIPE, &opt, sizeof(opt));
+#endif
+
+    server_t *server = new_server(serverfd);
+    server->listener = listener;
+
+    ev_io_start(EV_A_ & server->recv_ctx->io);
+}
+
+#ifndef LIB_ONLY
+int
+main(int argc, char **argv)
+{
+    int i, c;
+    int pid_flags    = 0;
+    int mtu          = 0;
+    int mptcp        = 0;
+    char *user       = NULL;
+    char *local_port = NULL;
+    char *local_addr = NULL;
+    char *password   = NULL;
+    char *key        = NULL;
+    char *timeout    = NULL;
+    char *method     = NULL;
+    char *pid_path   = NULL;
+    char *conf_path  = NULL;
+    char *iface      = NULL;
+
+    char *plugin      = NULL;
+    char *plugin_opts = NULL;
+    char *plugin_host = NULL;
+    char *plugin_port = NULL;
+    char tmp_port[8];
+
+    int remote_num = 0;
+    ss_addr_t remote_addr[MAX_REMOTE_NUM];
+    char *remote_port = NULL;
+
+    memset(remote_addr, 0, sizeof(ss_addr_t) * MAX_REMOTE_NUM);
+    srand(time(NULL));
+
+    static struct option long_options[] = {
+        { "reuse-port",  no_argument,       NULL, GETOPT_VAL_REUSE_PORT  },
+        { "fast-open",   no_argument,       NULL, GETOPT_VAL_FAST_OPEN   },
+        { "no-delay",    no_argument,       NULL, GETOPT_VAL_NODELAY     },
+        { "acl",         required_argument, NULL, GETOPT_VAL_ACL         },
+        { "mtu",         required_argument, NULL, GETOPT_VAL_MTU         },
+        { "mptcp",       no_argument,       NULL, GETOPT_VAL_MPTCP       },
+        { "plugin",      required_argument, NULL, GETOPT_VAL_PLUGIN      },
+        { "plugin-opts", required_argument, NULL, GETOPT_VAL_PLUGIN_OPTS },
+        { "password",    required_argument, NULL, GETOPT_VAL_PASSWORD    },
+        { "key",         required_argument, NULL, GETOPT_VAL_KEY         },
+        { "help",        no_argument,       NULL, GETOPT_VAL_HELP        },
+        { NULL,          0,                 NULL, 0                      }
+    };
+
+    opterr = 0;
+
+    USE_TTY();
+
+#ifdef __ANDROID__
+    while ((c = getopt_long(argc, argv, "f:s:p:l:k:t:m:i:c:b:a:n:S:huUvV6A",
+                            long_options, NULL)) != -1) {
+#else
+    while ((c = getopt_long(argc, argv, "f:s:p:l:k:t:m:i:c:b:a:n:huUv6A",
+                            long_options, NULL)) != -1) {
+#endif
+        switch (c) {
+        case GETOPT_VAL_FAST_OPEN:
+            fast_open = 1;
+            break;
+        case GETOPT_VAL_ACL:
+            LOGI("initializing acl...");
+            acl = !init_acl(optarg);
+            break;
+        case GETOPT_VAL_MTU:
+            mtu = atoi(optarg);
+            LOGI("set MTU to %d", mtu);
+            break;
+        case GETOPT_VAL_MPTCP:
+            mptcp = 1;
+            LOGI("enable multipath TCP");
+            break;
+        case GETOPT_VAL_NODELAY:
+            no_delay = 1;
+            LOGI("enable TCP no-delay");
+            break;
+        case GETOPT_VAL_PLUGIN:
+            plugin = optarg;
+            break;
+        case GETOPT_VAL_PLUGIN_OPTS:
+            plugin_opts = optarg;
+            break;
+        case GETOPT_VAL_KEY:
+            key = optarg;
+            break;
+        case GETOPT_VAL_REUSE_PORT:
+            reuse_port = 1;
+            break;
+        case 's':
+            if (remote_num < MAX_REMOTE_NUM) {
+                parse_addr(optarg, &remote_addr[remote_num++]);
+            }
+            break;
+        case 'p':
+            remote_port = optarg;
+            break;
+        case 'l':
+            local_port = optarg;
+            break;
+        case GETOPT_VAL_PASSWORD:
+        case 'k':
+            password = optarg;
+            break;
+        case 'f':
+            pid_flags = 1;
+            pid_path  = optarg;
+            break;
+        case 't':
+            timeout = optarg;
+            break;
+        case 'm':
+            method = optarg;
+            break;
+        case 'c':
+            conf_path = optarg;
+            break;
+        case 'i':
+            iface = optarg;
+            break;
+        case 'b':
+            local_addr = optarg;
+            break;
+        case 'a':
+            user = optarg;
+            break;
+#ifdef HAVE_SETRLIMIT
+        case 'n':
+            nofile = atoi(optarg);
+            break;
+#endif
+        case 'u':
+            mode = TCP_AND_UDP;
+            break;
+        case 'U':
+            mode = UDP_ONLY;
+            break;
+        case 'v':
+            verbose = 1;
+            break;
+        case 'h':
+        case GETOPT_VAL_HELP:
+            usage();
+            exit(EXIT_SUCCESS);
+        case '6':
+            ipv6first = 1;
+            break;
+#ifdef __ANDROID__
+        case 'S':
+            stat_path = optarg;
+            break;
+        case 'V':
+            vpn = 1;
+            break;
+#endif
+        case 'A':
+            FATAL("One time auth has been deprecated. Try AEAD ciphers instead.");
+            break;
+        case '?':
+            // The option character is not recognized.
+            LOGE("Unrecognized option: %s", optarg);
+            opterr = 1;
+            break;
+        }
+    }
+
+    if (opterr) {
+        usage();
+        exit(EXIT_FAILURE);
+    }
+
+    if (argc == 1) {
+        if (conf_path == NULL) {
+            conf_path = get_default_conf();
+        }
+    }
+    if (conf_path != NULL) {
+        jconf_t *conf = read_jconf(conf_path);
+        if (remote_num == 0) {
+            remote_num = conf->remote_num;
+            for (i = 0; i < remote_num; i++)
+                remote_addr[i] = conf->remote_addr[i];
+        }
+        if (remote_port == NULL) {
+            remote_port = conf->remote_port;
+        }
+        if (local_addr == NULL) {
+            local_addr = conf->local_addr;
+        }
+        if (local_port == NULL) {
+            local_port = conf->local_port;
+        }
+        if (password == NULL) {
+            password = conf->password;
+        }
+        if (key == NULL) {
+            key = conf->key;
+        }
+        if (method == NULL) {
+            method = conf->method;
+        }
+        if (timeout == NULL) {
+            timeout = conf->timeout;
+        }
+        if (user == NULL) {
+            user = conf->user;
+        }
+        if (plugin == NULL) {
+            plugin = conf->plugin;
+        }
+        if (plugin_opts == NULL) {
+            plugin_opts = conf->plugin_opts;
+        }
+        if (reuse_port == 0) {
+            reuse_port = conf->reuse_port;
+        }
+        if (fast_open == 0) {
+            fast_open = conf->fast_open;
+        }
+        if (mode == TCP_ONLY) {
+            mode = conf->mode;
+        }
+        if (mtu == 0) {
+            mtu = conf->mtu;
+        }
+        if (mptcp == 0) {
+            mptcp = conf->mptcp;
+        }
+        if (no_delay == 0) {
+            no_delay = conf->no_delay;
+        }
+#ifdef HAVE_SETRLIMIT
+        if (nofile == 0) {
+            nofile = conf->nofile;
+        }
+#endif
+        if (ipv6first == 0) {
+            ipv6first = conf->ipv6_first;
+        }
+        if (acl == 0 && conf->acl != NULL) {
+            LOGI("initializing acl...");
+            acl = !init_acl(conf->acl);
+        }
+    }
+
+    if (remote_num == 0) {
+        fprintf(stderr, "remote_num is 0\n");
+        exit(EXIT_FAILURE);
+    }
+    if (!remote_port) {
+        fprintf(stderr, "remote_port is NULL\n");
+        exit(EXIT_FAILURE);
+    }
+#ifndef HAVE_LAUNCHD
+    if (!local_port) {
+        fprintf(stderr, "local_port is NULL\n");
+        exit(EXIT_FAILURE);
+    }
+#endif
+    if (!password && !key) {
+        fprintf(stderr, "both password and key are NULL\n");
+        exit(EXIT_FAILURE);
+    }
+
+#ifdef __MINGW32__
+    winsock_init();
+#endif
+
+    if (plugin != NULL) {
+        uint16_t port = get_local_port();
+        if (port == 0) {
+            FATAL("failed to find a free port");
+        }
+        snprintf(tmp_port, 8, "%d", port);
+        if (is_ipv6only(remote_addr, remote_num, ipv6first)) {
+            plugin_host = "::1";
+        } else {
+            plugin_host = "127.0.0.1";
+        }
+        plugin_port = tmp_port;
+
+#ifdef __MINGW32__
+        memset(&plugin_watcher, 0, sizeof(plugin_watcher));
+        plugin_watcher.port = get_local_port();
+        if (plugin_watcher.port == 0) {
+            LOGE("failed to assign a control port for plugin");
+        }
+#endif
+
+        LOGI("plugin \"%s\" enabled", plugin);
+    }
+
+    if (method == NULL) {
+        method = "chacha20-ietf-poly1305";
+    }
+
+    if (timeout == NULL) {
+        timeout = "60";
+    }
+
+#ifdef HAVE_SETRLIMIT
+    /*
+     * no need to check the return value here since we will show
+     * the user an error message if setrlimit(2) fails
+     */
+    if (nofile > 1024) {
+        if (verbose) {
+            LOGI("setting NOFILE to %d", nofile);
+        }
+        set_nofile(nofile);
+    }
+#endif
+
+    if (local_addr == NULL) {
+        if (is_ipv6only(remote_addr, remote_num, ipv6first)) {
+            local_addr = "::1";
+        } else {
+            local_addr = "127.0.0.1";
+        }
+    }
+
+    USE_SYSLOG(argv[0], pid_flags);
+    if (pid_flags) {
+        daemonize(pid_path);
+    }
+
+    if (fast_open == 1) {
+#ifdef TCP_FASTOPEN
+        LOGI("using tcp fast open");
+#else
+        LOGE("tcp fast open is not supported by this environment");
+        fast_open = 0;
+#endif
+    }
+
+    if (no_delay) {
+        LOGI("enable TCP no-delay");
+    }
+
+    if (ipv6first) {
+        LOGI("resolving hostname to IPv6 address first");
+    }
+
+#ifdef __MINGW32__
+    // Listen on plugin control port
+    if (plugin != NULL && plugin_watcher.port != 0) {
+        SOCKET fd;
+        fd = socket(AF_INET, SOCK_STREAM, IPPROTO_TCP);
+        if (fd != INVALID_SOCKET) {
+            plugin_watcher.valid = 0;
+            do {
+                struct sockaddr_in addr;
+                memset(&addr, 0, sizeof(addr));
+                addr.sin_family      = AF_INET;
+                addr.sin_addr.s_addr = htonl(INADDR_LOOPBACK);
+                addr.sin_port        = htons(plugin_watcher.port);
+                if (bind(fd, (struct sockaddr *)&addr, sizeof(addr))) {
+                    LOGE("failed to bind plugin control port");
+                    break;
+                }
+                if (listen(fd, 1)) {
+                    LOGE("failed to listen on plugin control port");
+                    break;
+                }
+                plugin_watcher.fd = fd;
+                ev_io_init(&plugin_watcher.io, plugin_watcher_cb, fd, EV_READ);
+                ev_io_start(EV_DEFAULT, &plugin_watcher.io);
+                plugin_watcher.valid = 1;
+            } while (0);
+            if (!plugin_watcher.valid) {
+                closesocket(fd);
+                plugin_watcher.port = 0;
+            }
+        }
+    }
+#endif
+
+    if (plugin != NULL) {
+        int len          = 0;
+        size_t buf_size  = 256 * remote_num;
+        char *remote_str = ss_malloc(buf_size);
+
+        snprintf(remote_str, buf_size, "%s", remote_addr[0].host);
+        len = strlen(remote_str);
+        for (int i = 1; i < remote_num; i++) {
+            snprintf(remote_str + len, buf_size - len, "|%s", remote_addr[i].host);
+            len = strlen(remote_str);
+        }
+        int err = start_plugin(plugin, plugin_opts, remote_str,
+                               remote_port, plugin_host, plugin_port,
+#ifdef __MINGW32__
+                               plugin_watcher.port,
+#endif
+                               MODE_CLIENT);
+        if (err) {
+            ERROR("start_plugin");
+            FATAL("failed to start the plugin");
+        }
+    }
+
+#ifndef __MINGW32__
+    // ignore SIGPIPE
+    signal(SIGPIPE, SIG_IGN);
+    signal(SIGABRT, SIG_IGN);
+#endif
+
+    // Setup keys
+    LOGI("initializing ciphers... %s", method);
+    crypto = crypto_init(password, key, method);
+    if (crypto == NULL)
+        FATAL("failed to initialize ciphers");
+
+    // Setup proxy context
+    listen_ctx_t listen_ctx;
+    listen_ctx.remote_num  = 0;
+    listen_ctx.remote_addr = ss_malloc(sizeof(struct sockaddr *) * remote_num);
+    memset(listen_ctx.remote_addr, 0, sizeof(struct sockaddr *) * remote_num);
+    for (i = 0; i < remote_num; i++) {
+        char *host = remote_addr[i].host;
+        char *port = remote_addr[i].port == NULL ? remote_port :
+                     remote_addr[i].port;
+        if (plugin != NULL) {
+            host = plugin_host;
+            port = plugin_port;
+        }
+        struct sockaddr_storage *storage = ss_malloc(sizeof(struct sockaddr_storage));
+        memset(storage, 0, sizeof(struct sockaddr_storage));
+        if (get_sockaddr(host, port, storage, 1, ipv6first) == -1) {
+            FATAL("failed to resolve the provided hostname");
+        }
+        listen_ctx.remote_addr[i] = (struct sockaddr *)storage;
+        ++listen_ctx.remote_num;
+
+        if (plugin != NULL)
+            break;
+    }
+    listen_ctx.timeout = atoi(timeout);
+    listen_ctx.iface   = iface;
+    listen_ctx.mptcp   = mptcp;
+
+    // Setup signal handler
+    ev_signal_init(&sigint_watcher, signal_cb, SIGINT);
+    ev_signal_init(&sigterm_watcher, signal_cb, SIGTERM);
+    ev_signal_start(EV_DEFAULT, &sigint_watcher);
+    ev_signal_start(EV_DEFAULT, &sigterm_watcher);
+#ifndef __MINGW32__
+    ev_signal_init(&sigchld_watcher, signal_cb, SIGCHLD);
+    ev_signal_start(EV_DEFAULT, &sigchld_watcher);
+#endif
+
+    if (ss_is_ipv6addr(local_addr))
+        LOGI("listening at [%s]:%s", local_addr, local_port);
+    else
+        LOGI("listening at %s:%s", local_addr, local_port);
+
+    struct ev_loop *loop = EV_DEFAULT;
+
+    if (mode != UDP_ONLY) {
+        // Setup socket
+        int listenfd;
+#ifdef HAVE_LAUNCHD
+        listenfd = launch_or_create(local_addr, local_port);
+#else
+        listenfd = create_and_bind(local_addr, local_port);
+#endif
+        if (listenfd == -1) {
+            FATAL("bind() error");
+        }
+        if (listen(listenfd, SOMAXCONN) == -1) {
+            FATAL("listen() error");
+        }
+        setnonblocking(listenfd);
+
+        listen_ctx.fd = listenfd;
+
+        ev_io_init(&listen_ctx.io, accept_cb, listenfd, EV_READ);
+        ev_io_start(loop, &listen_ctx.io);
+    }
+
+    // Setup UDP
+    if (mode != TCP_ONLY) {
+        LOGI("udprelay enabled");
+        char *host                       = remote_addr[0].host;
+        char *port                       = remote_addr[0].port == NULL ? remote_port : remote_addr[0].port;
+        struct sockaddr_storage *storage = ss_malloc(sizeof(struct sockaddr_storage));
+        memset(storage, 0, sizeof(struct sockaddr_storage));
+        if (get_sockaddr(host, port, storage, 1, ipv6first) == -1) {
+            FATAL("failed to resolve the provided hostname");
+        }
+        struct sockaddr *addr = (struct sockaddr *)storage;
+        udp_fd = init_udprelay(local_addr, local_port, addr,
+                               get_sockaddr_len(addr), mtu, crypto, listen_ctx.timeout, iface);
+    }
+
+#ifdef HAVE_LAUNCHD
+    if (local_port == NULL)
+        LOGI("listening through launchd");
+    else
+#endif
+
+#ifndef __MINGW32__
+    // setuid
+    if (user != NULL && !run_as(user)) {
+        FATAL("failed to switch user");
+    }
+
+    if (geteuid() == 0) {
+        LOGI("running from root user");
+    }
+#endif
+
+    // Init connections
+    cork_dllist_init(&connections);
+
+    // Enter the loop
+    ev_run(loop, 0);
+
+    if (verbose) {
+        LOGI("closed gracefully");
+    }
+
+    // Clean up
+    if (plugin != NULL) {
+        stop_plugin();
+    }
+
+    if (mode != UDP_ONLY) {
+        ev_io_stop(loop, &listen_ctx.io);
+        free_connections(loop);
+
+        for (i = 0; i < listen_ctx.remote_num; i++)
+            ss_free(listen_ctx.remote_addr[i]);
+        ss_free(listen_ctx.remote_addr);
+    }
+
+    if (mode != TCP_ONLY) {
+        free_udprelay();
+    }
+
+#ifdef __MINGW32__
+    if (plugin_watcher.valid) {
+        closesocket(plugin_watcher.fd);
+    }
+
+    winsock_cleanup();
+#endif
+
+    return ret_val;
+}
+
+#else
+
+int
+_start_ss_local_server(profile_t profile, ss_local_callback callback, void *udata)
+{
+    srand(time(NULL));
+
+    char *remote_host = profile.remote_host;
+    char *local_addr  = profile.local_addr;
+    char *method      = profile.method;
+    char *password    = profile.password;
+    char *log         = profile.log;
+    int remote_port   = profile.remote_port;
+    int local_port    = profile.local_port;
+    int timeout       = profile.timeout;
+    int mtu           = 0;
+    int mptcp         = 0;
+
+    mode      = profile.mode;
+    fast_open = profile.fast_open;
+    verbose   = profile.verbose;
+    mtu       = profile.mtu;
+    mptcp     = profile.mptcp;
+
+    char local_port_str[16];
+    char remote_port_str[16];
+    sprintf(local_port_str, "%d", local_port);
+    sprintf(remote_port_str, "%d", remote_port);
+
+#ifdef __MINGW32__
+    winsock_init();
+#endif
+
+    USE_LOGFILE(log);
+
+    if (profile.acl != NULL) {
+        LOGI("initializing acl...");
+        acl = !init_acl(profile.acl);
+    }
+
+    if (local_addr == NULL) {
+        local_addr = "127.0.0.1";
+    }
+
+#ifndef __MINGW32__
+    // ignore SIGPIPE
+    signal(SIGPIPE, SIG_IGN);
+    signal(SIGABRT, SIG_IGN);
+#endif
+
+    ev_signal_init(&sigint_watcher, signal_cb, SIGINT);
+    ev_signal_init(&sigterm_watcher, signal_cb, SIGTERM);
+    ev_signal_start(EV_DEFAULT, &sigint_watcher);
+    ev_signal_start(EV_DEFAULT, &sigterm_watcher);
+#ifndef __MINGW32__
+    ev_signal_init(&sigusr1_watcher, signal_cb, SIGUSR1);
+    ev_signal_start(EV_DEFAULT, &sigusr1_watcher);
+#endif
+
+    // Setup keys
+    LOGI("initializing ciphers... %s", method);
+    crypto = crypto_init(password, NULL, method);
+    if (crypto == NULL)
+        FATAL("failed to init ciphers");
+
+    struct sockaddr_storage storage;
+    memset(&storage, 0, sizeof(struct sockaddr_storage));
+    if (get_sockaddr(remote_host, remote_port_str, &storage, 0, ipv6first) == -1) {
+        return -1;
+    }
+
+    // Setup proxy context
+    struct ev_loop *loop = EV_DEFAULT;
+
+    struct sockaddr *remote_addr_tmp[MAX_REMOTE_NUM];
+    listen_ctx_t listen_ctx;
+    listen_ctx.remote_num     = 1;
+    listen_ctx.remote_addr    = remote_addr_tmp;
+    listen_ctx.remote_addr[0] = (struct sockaddr *)(&storage);
+    listen_ctx.timeout        = timeout;
+    listen_ctx.iface          = NULL;
+    listen_ctx.mptcp          = mptcp;
+
+    if (ss_is_ipv6addr(local_addr))
+        LOGI("listening at [%s]:%s", local_addr, local_port_str);
+    else
+        LOGI("listening at %s:%s", local_addr, local_port_str);
+
+    if (mode != UDP_ONLY) {
+        // Setup socket
+        int listenfd;
+        listenfd = create_and_bind(local_addr, local_port_str);
+        if (listenfd == -1) {
+            ERROR("bind()");
+            return -1;
+        }
+        if (listen(listenfd, SOMAXCONN) == -1) {
+            ERROR("listen()");
+            return -1;
+        }
+        setnonblocking(listenfd);
+
+        listen_ctx.fd = listenfd;
+
+        ev_io_init(&listen_ctx.io, accept_cb, listenfd, EV_READ);
+        ev_io_start(loop, &listen_ctx.io);
+    }
+
+    // Setup UDP
+    if (mode != TCP_ONLY) {
+        LOGI("udprelay enabled");
+        struct sockaddr *addr = (struct sockaddr *)(&storage);
+        udp_fd = init_udprelay(local_addr, local_port_str, addr,
+                               get_sockaddr_len(addr), mtu, crypto, timeout, NULL);
+    }
+
+    // Init connections
+    cork_dllist_init(&connections);
+
+    if (callback) {
+        callback(listen_ctx.fd, udp_fd, udata);
+    }
+
+    // Enter the loop
+    ev_run(loop, 0);
+
+    if (verbose) {
+        LOGI("closed gracefully");
+    }
+
+    // Clean up
+    if (mode != UDP_ONLY) {
+        ev_io_stop(loop, &listen_ctx.io);
+        free_connections(loop);
+        close(listen_ctx.fd);
+    }
+
+    if (mode != TCP_ONLY) {
+        free_udprelay();
+    }
+
+#ifdef __MINGW32__
+    winsock_cleanup();
+#endif
+
+    return ret_val;
+}
+
+int
+start_ss_local_server(profile_t profile)
+{
+    return _start_ss_local_server(profile, NULL, NULL);
+}
+
+int
+start_ss_local_server_with_callback(profile_t profile, ss_local_callback callback, void *udata)
+{
+    return _start_ss_local_server(profile, callback, udata);
+}
+
+#endif
diff --git a/client/3rd/ShadowSocks/ShadowSocks/shadowsocks-libev/src/local.h b/client/3rd/ShadowSocks/ShadowSocks/shadowsocks-libev/src/local.h
new file mode 100644
index 00000000..96ee92a5
--- /dev/null
+++ b/client/3rd/ShadowSocks/ShadowSocks/shadowsocks-libev/src/local.h
@@ -0,0 +1,104 @@
+/*
+ * local.h - Define the client's buffers and callbacks
+ *
+ * Copyright (C) 2013 - 2019, Max Lv <max.c.lv@gmail.com>
+ *
+ * This file is part of the shadowsocks-libev.
+ *
+ * shadowsocks-libev is free software; you can redistribute it and/or modify
+ * it under the terms of the GNU General Public License as published by
+ * the Free Software Foundation; either version 3 of the License, or
+ * (at your option) any later version.
+ *
+ * shadowsocks-libev is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+ * GNU General Public License for more details.
+ *
+ * You should have received a copy of the GNU General Public License
+ * along with shadowsocks-libev; see the file COPYING. If not, see
+ * <http://www.gnu.org/licenses/>.
+ */
+
+#ifndef _LOCAL_H
+#define _LOCAL_H
+
+#include <libcork/ds.h>
+
+#ifdef HAVE_LIBEV_EV_H
+#include <libev/ev.h>
+#else
+#include <ev.h>
+#endif
+
+#ifdef __MINGW32__
+#include "winsock.h"
+#endif
+
+#include "crypto.h"
+#include "jconf.h"
+
+#include "common.h"
+
+typedef struct listen_ctx {
+    ev_io io;
+    char *iface;
+    int remote_num;
+    int timeout;
+    int fd;
+    int mptcp;
+    struct sockaddr **remote_addr;
+} listen_ctx_t;
+
+typedef struct server_ctx {
+    ev_io io;
+    int connected;
+    struct server *server;
+} server_ctx_t;
+
+typedef struct server {
+    int fd;
+    int stage;
+
+    cipher_ctx_t *e_ctx;
+    cipher_ctx_t *d_ctx;
+    struct server_ctx *recv_ctx;
+    struct server_ctx *send_ctx;
+    struct listen_ctx *listener;
+    struct remote *remote;
+
+    buffer_t *buf;
+    buffer_t *abuf;
+
+    ev_timer delayed_connect_watcher;
+
+    struct cork_dllist_item entries;
+} server_t;
+
+typedef struct remote_ctx {
+    ev_io io;
+    ev_timer watcher;
+
+    int connected;
+    struct remote *remote;
+} remote_ctx_t;
+
+typedef struct remote {
+    int fd;
+    int direct;
+    int addr_len;
+    uint32_t counter;
+#ifdef TCP_FASTOPEN_WINSOCK
+    OVERLAPPED olap;
+    int connect_ex_done;
+#endif
+
+    buffer_t *buf;
+
+    struct remote_ctx *recv_ctx;
+    struct remote_ctx *send_ctx;
+    struct server *server;
+    struct sockaddr_storage addr;
+} remote_t;
+
+#endif // _LOCAL_H
diff --git a/client/3rd/ShadowSocks/ShadowSocks/shadowsocks-libev/src/manager.c b/client/3rd/ShadowSocks/ShadowSocks/shadowsocks-libev/src/manager.c
new file mode 100644
index 00000000..155856ec
--- /dev/null
+++ b/client/3rd/ShadowSocks/ShadowSocks/shadowsocks-libev/src/manager.c
@@ -0,0 +1,1285 @@
+/*
+ * server.c - Provide shadowsocks service
+ *
+ * Copyright (C) 2013 - 2019, Max Lv <max.c.lv@gmail.com>
+ *
+ * This file is part of the shadowsocks-libev.
+ *
+ * shadowsocks-libev is free software; you can redistribute it and/or modify
+ * it under the terms of the GNU General Public License as published by
+ * the Free Software Foundation; either version 3 of the License, or
+ * (at your option) any later version.
+ *
+ * shadowsocks-libev is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+ * GNU General Public License for more details.
+ *
+ * You should have received a copy of the GNU General Public License
+ * along with shadowsocks-libev; see the file COPYING. If not, see
+ * <http://www.gnu.org/licenses/>.
+ */
+
+#ifdef HAVE_CONFIG_H
+#include "config.h"
+#endif
+
+#include <sys/stat.h>
+#include <sys/types.h>
+#include <fcntl.h>
+#include <locale.h>
+#include <signal.h>
+#include <string.h>
+#include <strings.h>
+#include <time.h>
+#include <unistd.h>
+#include <getopt.h>
+#include <math.h>
+#include <ctype.h>
+#include <limits.h>
+#include <dirent.h>
+
+#include <netdb.h>
+#include <errno.h>
+#include <arpa/inet.h>
+#include <netdb.h>
+#include <netinet/in.h>
+#include <pthread.h>
+#include <sys/un.h>
+#include <sys/socket.h>
+#include <pwd.h>
+#include <libcork/core.h>
+
+#if defined(HAVE_SYS_IOCTL_H) && defined(HAVE_NET_IF_H) && defined(__linux__)
+#include <net/if.h>
+#include <sys/ioctl.h>
+#define SET_INTERFACE
+#endif
+
+#include "json.h"
+#include "utils.h"
+#include "netutils.h"
+#include "manager.h"
+
+#ifndef BUF_SIZE
+#define BUF_SIZE 65535
+#endif
+
+int m_verbose          = 0;
+char *executable     = "ss-server";
+char *working_dir    = NULL;
+int working_dir_size = 0;
+
+static struct cork_hash_table *server_table;
+
+static int
+setnonblocking(int fd)
+{
+    int flags;
+    if (-1 == (flags = fcntl(fd, F_GETFL, 0))) {
+        flags = 0;
+    }
+    return fcntl(fd, F_SETFL, flags | O_NONBLOCK);
+}
+
+static void
+destroy_server(struct server *server)
+{
+// function used to free memories alloced in **get_server**
+    if (server->method)
+        ss_free(server->method);
+    if (server->plugin)
+        ss_free(server->plugin);
+    if (server->plugin_opts)
+        ss_free(server->plugin_opts);
+    if (server->mode)
+        ss_free(server->mode);
+}
+
+static void
+build_config(char *prefix, struct manager_ctx *manager, struct server *server)
+{
+    char *path    = NULL;
+    int path_size = strlen(prefix) + strlen(server->port) + 20;
+
+    path = ss_malloc(path_size);
+    snprintf(path, path_size, "%s/.shadowsocks_%s.conf", prefix, server->port);
+    FILE *f = fopen(path, "w+");
+    if (f == NULL) {
+        if (m_verbose) {
+            LOGE("unable to open config file");
+        }
+        ss_free(path);
+        return;
+    }
+    fprintf(f, "{\n");
+    fprintf(f, "\"server_port\":%d,\n", atoi(server->port));
+    fprintf(f, "\"password\":\"%s\"", server->password);
+    if (server->method)
+        fprintf(f, ",\n\"method\":\"%s\"", server->method);
+    else if (manager->method)
+        fprintf(f, ",\n\"method\":\"%s\"", manager->method);
+    if (server->fast_open[0])
+        fprintf(f, ",\n\"fast_open\": %s", server->fast_open);
+    else if (manager->fast_open)
+        fprintf(f, ",\n\"fast_open\": true");
+    if (server->no_delay[0])
+        fprintf(f, ",\n\"no_delay\": %s", server->no_delay);
+    else if (manager->no_delay)
+        fprintf(f, ",\n\"no_delay\": true");
+    if (manager->reuse_port)
+        fprintf(f, ",\n\"reuse_port\": true");
+    if (server->mode)
+        fprintf(f, ",\n\"mode\":\"%s\"", server->mode);
+    if (server->plugin)
+        fprintf(f, ",\n\"plugin\":\"%s\"", server->plugin);
+    if (server->plugin_opts)
+        fprintf(f, ",\n\"plugin_opts\":\"%s\"", server->plugin_opts);
+    fprintf(f, "\n}\n");
+    fclose(f);
+    ss_free(path);
+}
+
+static char *
+construct_command_line(struct manager_ctx *manager, struct server *server)
+{
+    static char cmd[BUF_SIZE];
+    int i;
+    int port;
+
+    port = atoi(server->port);
+
+    build_config(working_dir, manager, server);
+
+    memset(cmd, 0, BUF_SIZE);
+    snprintf(cmd, BUF_SIZE,
+             "%s --manager-address %s -f %s/.shadowsocks_%d.pid -c %s/.shadowsocks_%d.conf",
+             executable, manager->manager_address, working_dir, port, working_dir, port);
+
+    if (manager->acl != NULL) {
+        int len = strlen(cmd);
+        snprintf(cmd + len, BUF_SIZE - len, " --acl %s", manager->acl);
+    }
+    if (manager->timeout != NULL) {
+        int len = strlen(cmd);
+        snprintf(cmd + len, BUF_SIZE - len, " -t %s", manager->timeout);
+    }
+#ifdef HAVE_SETRLIMIT
+    if (manager->nofile) {
+        int len = strlen(cmd);
+        snprintf(cmd + len, BUF_SIZE - len, " -n %d", manager->nofile);
+    }
+#endif
+    if (manager->user != NULL) {
+        int len = strlen(cmd);
+        snprintf(cmd + len, BUF_SIZE - len, " -a %s", manager->user);
+    }
+    if (manager->verbose) {
+        int len = strlen(cmd);
+        snprintf(cmd + len, BUF_SIZE - len, " -v");
+    }
+    if (server->mode == NULL && manager->mode == UDP_ONLY) {
+        int len = strlen(cmd);
+        snprintf(cmd + len, BUF_SIZE - len, " -U");
+    }
+    if (server->mode == NULL && manager->mode == TCP_AND_UDP) {
+        int len = strlen(cmd);
+        snprintf(cmd + len, BUF_SIZE - len, " -u");
+    }
+    if (server->fast_open[0] == 0 && manager->fast_open) {
+        int len = strlen(cmd);
+        snprintf(cmd + len, BUF_SIZE - len, " --fast-open");
+    }
+    if (server->no_delay[0] == 0 && manager->no_delay) {
+        int len = strlen(cmd);
+        snprintf(cmd + len, BUF_SIZE - len, " --no-delay");
+    }
+    if (manager->ipv6first) {
+        int len = strlen(cmd);
+        snprintf(cmd + len, BUF_SIZE - len, " -6");
+    }
+    if (manager->mtu) {
+        int len = strlen(cmd);
+        snprintf(cmd + len, BUF_SIZE - len, " --mtu %d", manager->mtu);
+    }
+    if (server->plugin == NULL && manager->plugin) {
+        int len = strlen(cmd);
+        snprintf(cmd + len, BUF_SIZE - len, " --plugin \"%s\"", manager->plugin);
+    }
+    if (server->plugin_opts == NULL && manager->plugin_opts) {
+        int len = strlen(cmd);
+        snprintf(cmd + len, BUF_SIZE - len, " --plugin-opts \"%s\"", manager->plugin_opts);
+    }
+    if (manager->nameservers) {
+        int len = strlen(cmd);
+        snprintf(cmd + len, BUF_SIZE - len, " -d \"%s\"", manager->nameservers);
+    }
+    for (i = 0; i < manager->host_num; i++) {
+        int len = strlen(cmd);
+        snprintf(cmd + len, BUF_SIZE - len, " -s %s", manager->hosts[i]);
+    }
+
+    if (m_verbose) {
+        LOGI("cmd: %s", cmd);
+    }
+
+    return cmd;
+}
+
+static char *
+get_data(char *buf, int len)
+{
+    char *data;
+    int pos = 0;
+
+    while (pos < len && buf[pos] != '{')
+        pos++;
+    if (pos == len) {
+        return NULL;
+    }
+    data = buf + pos - 1;
+
+    return data;
+}
+
+static char *
+get_action(char *buf, int len)
+{
+    char *action;
+    int pos = 0;
+
+    while (pos < len && isspace((unsigned char)buf[pos]))
+        pos++;
+    if (pos == len) {
+        return NULL;
+    }
+    action = buf + pos;
+
+    while (pos < len && (!isspace((unsigned char)buf[pos]) && buf[pos] != ':'))
+        pos++;
+    buf[pos] = '\0';
+
+    return action;
+}
+
+static struct server *
+get_server(char *buf, int len)
+{
+    char *data = get_data(buf, len);
+    char error_buf[512];
+
+    if (data == NULL) {
+        LOGE("No data found");
+        return NULL;
+    }
+
+    json_settings settings = { 0 };
+    json_value *obj        = json_parse_ex(&settings, data, strlen(data), error_buf);
+
+    if (obj == NULL) {
+        LOGE("%s", error_buf);
+        return NULL;
+    }
+
+    struct server *server = ss_malloc(sizeof(struct server));
+    memset(server, 0, sizeof(struct server));
+    if (obj->type == json_object) {
+        int i = 0;
+        for (i = 0; i < obj->u.object.length; i++) {
+            char *name        = obj->u.object.values[i].name;
+            json_value *value = obj->u.object.values[i].value;
+            if (strcmp(name, "server_port") == 0) {
+                if (value->type == json_string) {
+                    strncpy(server->port, value->u.string.ptr, 7);
+                } else if (value->type == json_integer) {
+                    snprintf(server->port, 8, "%" PRIu64 "", value->u.integer);
+                }
+            } else if (strcmp(name, "password") == 0) {
+                if (value->type == json_string) {
+                    strncpy(server->password, value->u.string.ptr, 127);
+                }
+            } else if (strcmp(name, "method") == 0) {
+                if (value->type == json_string) {
+                    server->method = strdup(value->u.string.ptr);
+                }
+            } else if (strcmp(name, "fast_open") == 0) {
+                if (value->type == json_boolean) {
+                    strncpy(server->fast_open, (value->u.boolean ? "true" : "false"), 8);
+                }
+            } else if (strcmp(name, "no_delay") == 0) {
+                if (value->type == json_boolean) {
+                    strncpy(server->no_delay, (value->u.boolean ? "true" : "false"), 8);
+                }
+            } else if (strcmp(name, "plugin") == 0) {
+                if (value->type == json_string) {
+                    server->plugin = strdup(value->u.string.ptr);
+                }
+            } else if (strcmp(name, "plugin_opts") == 0) {
+                if (value->type == json_string) {
+                    server->plugin_opts = strdup(value->u.string.ptr);
+                }
+            } else if (strcmp(name, "mode") == 0) {
+                if (value->type == json_string) {
+                    server->mode = strdup(value->u.string.ptr);
+                }
+            } else {
+                LOGE("invalid data: %s", data);
+                break;
+            }
+        }
+    }
+
+    json_value_free(obj);
+    return server;
+}
+
+static int
+parse_traffic(char *buf, int len, char *port, uint64_t *traffic)
+{
+    char *data = get_data(buf, len);
+    char error_buf[512];
+    json_settings settings = { 0 };
+
+    if (data == NULL) {
+        LOGE("No data found");
+        return -1;
+    }
+
+    json_value *obj = json_parse_ex(&settings, data, strlen(data), error_buf);
+    if (obj == NULL) {
+        LOGE("%s", error_buf);
+        return -1;
+    }
+
+    if (obj->type == json_object) {
+        int i = 0;
+        for (i = 0; i < obj->u.object.length; i++) {
+            char *name        = obj->u.object.values[i].name;
+            json_value *value = obj->u.object.values[i].value;
+            if (value->type == json_integer) {
+                strncpy(port, name, 7);
+                *traffic = value->u.integer;
+            }
+        }
+    }
+
+    json_value_free(obj);
+    return 0;
+}
+
+static int
+create_and_bind(const char *host, const char *port, int protocol)
+{
+    struct addrinfo hints;
+    struct addrinfo *result, *rp, *ipv4v6bindall;
+    int s, listen_sock = -1;
+
+    memset(&hints, 0, sizeof(struct addrinfo));
+    hints.ai_family   = AF_UNSPEC;                  /* Return IPv4 and IPv6 choices */
+    hints.ai_socktype = protocol == IPPROTO_TCP ?
+                        SOCK_STREAM : SOCK_DGRAM;   /* We want a TCP or UDP socket */
+    hints.ai_flags    = AI_PASSIVE | AI_ADDRCONFIG; /* For wildcard IP address */
+    hints.ai_protocol = protocol;
+
+    s = getaddrinfo(host, port, &hints, &result);
+
+    if (s != 0) {
+        LOGE("getaddrinfo: %s", gai_strerror(s));
+        return -1;
+    }
+
+    rp = result;
+
+    /*
+     * On Linux, with net.ipv6.bindv6only = 0 (the default), getaddrinfo(NULL) with
+     * AI_PASSIVE returns 0.0.0.0 and :: (in this order). AI_PASSIVE was meant to
+     * return a list of addresses to listen on, but it is impossible to listen on
+     * 0.0.0.0 and :: at the same time, if :: implies dualstack mode.
+     */
+    if (!host) {
+        ipv4v6bindall = result;
+
+        /* Loop over all address infos found until a IPV6 address is found. */
+        while (ipv4v6bindall) {
+            if (ipv4v6bindall->ai_family == AF_INET6) {
+                rp = ipv4v6bindall; /* Take first IPV6 address available */
+                break;
+            }
+            ipv4v6bindall = ipv4v6bindall->ai_next; /* Get next address info, if any */
+        }
+    }
+
+    for (/*rp = result*/; rp != NULL; rp = rp->ai_next) {
+        listen_sock = socket(rp->ai_family, rp->ai_socktype, rp->ai_protocol);
+        if (listen_sock == -1) {
+            continue;
+        }
+
+        if (rp->ai_family == AF_INET6) {
+            int ipv6only = host ? 1 : 0;
+            setsockopt(listen_sock, IPPROTO_IPV6, IPV6_V6ONLY, &ipv6only, sizeof(ipv6only));
+        }
+
+        int opt = 1;
+        setsockopt(listen_sock, SOL_SOCKET, SO_REUSEADDR, &opt, sizeof(opt));
+#ifdef SO_NOSIGPIPE
+        setsockopt(listen_sock, SOL_SOCKET, SO_NOSIGPIPE, &opt, sizeof(opt));
+#endif
+
+        s = bind(listen_sock, rp->ai_addr, rp->ai_addrlen);
+        if (s == 0) {
+            /* We managed to bind successfully! */
+
+            close(listen_sock);
+
+            break;
+        } else {
+            ERROR("bind");
+        }
+    }
+
+    if (!result) {
+        freeaddrinfo(result);
+    }
+
+    if (rp == NULL) {
+        LOGE("Could not bind");
+        return -1;
+    }
+
+    return listen_sock;
+}
+
+static int
+check_port(struct manager_ctx *manager, struct server *server)
+{
+    bool both_tcp_udp = manager->mode == TCP_AND_UDP;
+    int fd_count      = manager->host_num * (both_tcp_udp ? 2 : 1);
+    int bind_err      = 0;
+
+    int *sock_fds = (int *)ss_malloc(fd_count * sizeof(int));
+    memset(sock_fds, 0, fd_count * sizeof(int));
+
+    /* try to bind each interface */
+    for (int i = 0; i < manager->host_num; i++) {
+        LOGI("try to bind interface: %s, port: %s", manager->hosts[i], server->port);
+
+        if (manager->mode == UDP_ONLY) {
+            sock_fds[i] = create_and_bind(manager->hosts[i], server->port, IPPROTO_UDP);
+        } else {
+            sock_fds[i] = create_and_bind(manager->hosts[i], server->port, IPPROTO_TCP);
+        }
+
+        if (both_tcp_udp) {
+            sock_fds[i + manager->host_num] = create_and_bind(manager->hosts[i], server->port, IPPROTO_UDP);
+        }
+
+        if (sock_fds[i] == -1 || (both_tcp_udp && sock_fds[i + manager->host_num] == -1)) {
+            bind_err = -1;
+            break;
+        }
+    }
+
+    /* clean socks */
+    for (int i = 0; i < fd_count; i++)
+        if (sock_fds[i] > 0) {
+            close(sock_fds[i]);
+        }
+
+    ss_free(sock_fds);
+
+    return bind_err == -1 ? -1 : 0;
+}
+
+static int
+add_server(struct manager_ctx *manager, struct server *server)
+{
+    int ret = check_port(manager, server);
+
+    if (ret == -1) {
+        LOGE("port is not available, please check.");
+        return -1;
+    }
+
+    bool new = false;
+    cork_hash_table_put(server_table, (void *)server->port, (void *)server, &new, NULL, NULL);
+
+    char *cmd = construct_command_line(manager, server);
+    if (cmd == NULL) {
+        ERROR("add_server_system");
+        return -1;
+    }
+
+    return 0;
+}
+
+static void
+kill_server(char *prefix, char *pid_file)
+{
+    char *path = NULL;
+    int pid, path_size = strlen(prefix) + strlen(pid_file) + 2;
+    path = ss_malloc(path_size);
+    snprintf(path, path_size, "%s/%s", prefix, pid_file);
+    FILE *f = fopen(path, "r");
+    if (f == NULL) {
+        if (m_verbose) {
+            LOGE("unable to open pid file");
+        }
+        ss_free(path);
+        return;
+    }
+    if (fscanf(f, "%d", &pid) != EOF) {
+        kill(pid, SIGTERM);
+    }
+    fclose(f);
+    remove(path);
+    ss_free(path);
+}
+
+static void
+stop_server(char *prefix, char *port)
+{
+    char *path = NULL;
+    int pid, path_size = strlen(prefix) + strlen(port) + 20;
+    path = ss_malloc(path_size);
+    snprintf(path, path_size, "%s/.shadowsocks_%s.pid", prefix, port);
+    FILE *f = fopen(path, "r");
+    if (f == NULL) {
+        if (m_verbose) {
+            LOGE("unable to open pid file");
+        }
+        ss_free(path);
+        return;
+    }
+    if (fscanf(f, "%d", &pid) != EOF) {
+        kill(pid, SIGTERM);
+    }
+    fclose(f);
+    ss_free(path);
+}
+
+static void
+remove_server(char *prefix, char *port)
+{
+    char *old_port            = NULL;
+    struct server *old_server = NULL;
+
+    cork_hash_table_delete(server_table, (void *)port, (void **)&old_port, (void **)&old_server);
+
+    if (old_server != NULL) {
+        destroy_server(old_server);
+        ss_free(old_server);
+    }
+
+    stop_server(prefix, port);
+}
+
+static void
+update_stat(char *port, uint64_t traffic)
+{
+    if (m_verbose) {
+        LOGI("update traffic %" PRIu64 " for port %s", traffic, port);
+    }
+    void *ret = cork_hash_table_get(server_table, (void *)port);
+    if (ret != NULL) {
+        struct server *server = (struct server *)ret;
+        server->traffic = traffic;
+    }
+}
+
+static void
+manager_recv_cb(EV_P_ ev_io *w, int revents)
+{
+    struct manager_ctx *manager = (struct manager_ctx *)w;
+    socklen_t len;
+    ssize_t r;
+    struct sockaddr_un claddr;
+    char buf[BUF_SIZE];
+
+    memset(buf, 0, BUF_SIZE);
+
+    len = sizeof(struct sockaddr_un);
+    r   = recvfrom(manager->fd, buf, BUF_SIZE, 0, (struct sockaddr *)&claddr, &len);
+    if (r == -1) {
+        ERROR("manager_recvfrom");
+        return;
+    }
+
+    if (r > BUF_SIZE / 2) {
+        LOGE("too large request: %d", (int)r);
+        return;
+    }
+
+    char *action = get_action(buf, r);
+    if (action == NULL) {
+        return;
+    }
+
+    if (strcmp(action, "add") == 0) {
+        struct server *server = get_server(buf, r);
+
+        if (server == NULL || server->port[0] == 0 || server->password[0] == 0) {
+            LOGE("invalid command: %s:%s", buf, get_data(buf, r));
+            if (server != NULL) {
+                destroy_server(server);
+                ss_free(server);
+            }
+            goto ERROR_MSG;
+        }
+
+        remove_server(working_dir, server->port);
+        int ret = add_server(manager, server);
+
+        char *msg;
+        int msg_len;
+
+        if (ret == -1) {
+            msg     = "port is not available";
+            msg_len = 21;
+        } else {
+            msg     = "ok";
+            msg_len = 2;
+        }
+
+        if (sendto(manager->fd, msg, msg_len, 0, (struct sockaddr *)&claddr, len) != 2) {
+            ERROR("add_sendto");
+        }
+    } else if (strcmp(action, "list") == 0) {
+        struct cork_hash_table_iterator iter;
+        struct cork_hash_table_entry  *entry;
+        char buf[BUF_SIZE];
+        memset(buf, 0, BUF_SIZE);
+        sprintf(buf, "[");
+
+        cork_hash_table_iterator_init(server_table, &iter);
+        while ((entry = cork_hash_table_iterator_next(&iter)) != NULL) {
+            struct server *server = (struct server *)entry->value;
+            char *method          = server->method ? server->method : manager->method;
+            size_t pos            = strlen(buf);
+            size_t entry_len      = strlen(server->port) + strlen(server->password) + strlen(method);
+            if (pos > BUF_SIZE - entry_len - 50) {
+                if (sendto(manager->fd, buf, pos, 0, (struct sockaddr *)&claddr, len)
+                    != pos) {
+                    ERROR("list_sendto");
+                }
+                memset(buf, 0, BUF_SIZE);
+                pos = 0;
+            }
+            sprintf(buf + pos, "\n\t{\"server_port\":\"%s\",\"password\":\"%s\",\"method\":\"%s\"},",
+                    server->port, server->password, method);
+        }
+
+        size_t pos = strlen(buf);
+        strcpy(buf + max(pos - 1, 1), "\n]"); // Remove trailing ","
+        pos = strlen(buf);
+        if (sendto(manager->fd, buf, pos, 0, (struct sockaddr *)&claddr, len)
+            != pos) {
+            ERROR("list_sendto");
+        }
+    } else if (strcmp(action, "remove") == 0) {
+        struct server *server = get_server(buf, r);
+
+        if (server == NULL || server->port[0] == 0) {
+            LOGE("invalid command: %s:%s", buf, get_data(buf, r));
+            if (server != NULL) {
+                destroy_server(server);
+                ss_free(server);
+            }
+            goto ERROR_MSG;
+        }
+
+        remove_server(working_dir, server->port);
+        destroy_server(server);
+        ss_free(server);
+
+        char msg[3] = "ok";
+        if (sendto(manager->fd, msg, 2, 0, (struct sockaddr *)&claddr, len) != 2) {
+            ERROR("remove_sendto");
+        }
+    } else if (strcmp(action, "stat") == 0) {
+        char port[8];
+        uint64_t traffic = 0;
+
+        if (parse_traffic(buf, r, port, &traffic) == -1) {
+            LOGE("invalid command: %s:%s", buf, get_data(buf, r));
+            return;
+        }
+
+        update_stat(port, traffic);
+
+    } else if (strcmp(action, "ping") == 0) {
+        struct cork_hash_table_entry *entry;
+        struct cork_hash_table_iterator server_iter;
+
+        char buf[BUF_SIZE];
+
+        memset(buf, 0, BUF_SIZE);
+        sprintf(buf, "stat: {");
+
+        cork_hash_table_iterator_init(server_table, &server_iter);
+
+        while ((entry = cork_hash_table_iterator_next(&server_iter)) != NULL) {
+            struct server *server = (struct server *)entry->value;
+            size_t pos            = strlen(buf);
+            if (pos > BUF_SIZE / 2) {
+                buf[pos - 1] = '}';
+                if (sendto(manager->fd, buf, pos, 0, (struct sockaddr *)&claddr, len)
+                    != pos) {
+                    ERROR("ping_sendto");
+                }
+                memset(buf, 0, BUF_SIZE);
+            } else {
+                sprintf(buf + pos, "\"%s\":%" PRIu64 ",", server->port, server->traffic);
+            }
+        }
+
+        size_t pos = strlen(buf);
+        if (pos > 7) {
+            buf[pos - 1] = '}';
+        } else {
+            buf[pos] = '}';
+            pos++;
+        }
+
+        if (sendto(manager->fd, buf, pos, 0, (struct sockaddr *)&claddr, len)
+            != pos) {
+            ERROR("ping_sendto");
+        }
+    }
+
+    return;
+
+ERROR_MSG:
+    strcpy(buf, "err");
+    if (sendto(manager->fd, buf, 3, 0, (struct sockaddr *)&claddr, len) != 3) {
+        ERROR("error_sendto");
+    }
+}
+
+static void
+signal_cb(EV_P_ ev_signal *w, int revents)
+{
+    if (revents & EV_SIGNAL) {
+        switch (w->signum) {
+        case SIGINT:
+        case SIGTERM:
+            ev_unloop(EV_A_ EVUNLOOP_ALL);
+        }
+    }
+}
+
+int
+mgr_create_server_socket(const char *host, const char *port)
+{
+    struct addrinfo hints;
+    struct addrinfo *result, *rp, *ipv4v6bindall;
+    int s, server_sock;
+
+    memset(&hints, 0, sizeof(struct addrinfo));
+    hints.ai_family   = AF_UNSPEC;               /* Return IPv4 and IPv6 choices */
+    hints.ai_socktype = SOCK_DGRAM;              /* We want a UDP socket */
+    hints.ai_flags    = AI_PASSIVE | AI_ADDRCONFIG; /* For wildcard IP address */
+    hints.ai_protocol = IPPROTO_UDP;
+
+    s = getaddrinfo(host, port, &hints, &result);
+    if (s != 0) {
+        LOGE("getaddrinfo: %s", gai_strerror(s));
+        return -1;
+    }
+
+    rp = result;
+
+    /*
+     * On Linux, with net.ipv6.bindv6only = 0 (the default), getaddrinfo(NULL) with
+     * AI_PASSIVE returns 0.0.0.0 and :: (in this order). AI_PASSIVE was meant to
+     * return a list of addresses to listen on, but it is impossible to listen on
+     * 0.0.0.0 and :: at the same time, if :: implies dualstack mode.
+     */
+    if (!host) {
+        ipv4v6bindall = result;
+
+        /* Loop over all address infos found until a IPV6 address is found. */
+        while (ipv4v6bindall) {
+            if (ipv4v6bindall->ai_family == AF_INET6) {
+                rp = ipv4v6bindall; /* Take first IPV6 address available */
+                break;
+            }
+            ipv4v6bindall = ipv4v6bindall->ai_next; /* Get next address info, if any */
+        }
+    }
+
+    for (/*rp = result*/; rp != NULL; rp = rp->ai_next) {
+        server_sock = socket(rp->ai_family, rp->ai_socktype, rp->ai_protocol);
+        if (server_sock == -1) {
+            continue;
+        }
+
+        if (rp->ai_family == AF_INET6) {
+            int ipv6only = host ? 1 : 0;
+            setsockopt(server_sock, IPPROTO_IPV6, IPV6_V6ONLY, &ipv6only, sizeof(ipv6only));
+        }
+
+        int opt = 1;
+        setsockopt(server_sock, SOL_SOCKET, SO_REUSEADDR, &opt, sizeof(opt));
+
+        s = bind(server_sock, rp->ai_addr, rp->ai_addrlen);
+        if (s == 0) {
+            /* We managed to bind successfully! */
+            break;
+        } else {
+            ERROR("bind");
+        }
+
+        close(server_sock);
+    }
+
+    if (rp == NULL) {
+        LOGE("cannot bind");
+        return -1;
+    }
+
+    freeaddrinfo(result);
+
+    return server_sock;
+}
+
+#ifndef LIB_ONLY
+int
+main(int argc, char **argv)
+{
+    int i, c;
+    int pid_flags         = 0;
+    char *acl             = NULL;
+    char *user            = NULL;
+    char *password        = NULL;
+    char *timeout         = NULL;
+    char *method          = NULL;
+    char *pid_path        = NULL;
+    char *conf_path       = NULL;
+    char *iface           = NULL;
+    char *manager_address = NULL;
+    char *plugin          = NULL;
+    char *plugin_opts     = NULL;
+    char *workdir         = NULL;
+
+    int fast_open  = 0;
+    int no_delay   = 0;
+    int reuse_port = 0;
+    int mode       = TCP_ONLY;
+    int mtu        = 0;
+    int ipv6first  = 0;
+
+#ifdef HAVE_SETRLIMIT
+    static int nofile = 0;
+#endif
+
+    int server_num = 0;
+    char *server_host[MAX_REMOTE_NUM];
+
+    char *nameservers = NULL;
+
+    jconf_t *conf = NULL;
+
+    static struct option long_options[] = {
+        { "fast-open",       no_argument,       NULL, GETOPT_VAL_FAST_OPEN   },
+        { "no-delay",        no_argument,       NULL, GETOPT_VAL_NODELAY     },
+        { "reuse-port",      no_argument,       NULL, GETOPT_VAL_REUSE_PORT  },
+        { "acl",             required_argument, NULL, GETOPT_VAL_ACL         },
+        { "manager-address", required_argument, NULL,
+          GETOPT_VAL_MANAGER_ADDRESS },
+        { "executable",      required_argument, NULL,
+          GETOPT_VAL_EXECUTABLE },
+        { "mtu",             required_argument, NULL, GETOPT_VAL_MTU         },
+        { "plugin",          required_argument, NULL, GETOPT_VAL_PLUGIN      },
+        { "plugin-opts",     required_argument, NULL, GETOPT_VAL_PLUGIN_OPTS },
+        { "password",        required_argument, NULL, GETOPT_VAL_PASSWORD    },
+        { "workdir",         required_argument, NULL, GETOPT_VAL_WORKDIR     },
+        { "help",            no_argument,       NULL, GETOPT_VAL_HELP        },
+        { NULL,              0,                 NULL, 0                      }
+    };
+
+    opterr = 0;
+
+    USE_TTY();
+
+    while ((c = getopt_long(argc, argv, "f:s:l:k:t:m:c:i:d:a:n:D:6huUvA",
+                            long_options, NULL)) != -1)
+        switch (c) {
+        case GETOPT_VAL_REUSE_PORT:
+            reuse_port = 1;
+            break;
+        case GETOPT_VAL_FAST_OPEN:
+            fast_open = 1;
+            break;
+        case GETOPT_VAL_NODELAY:
+            no_delay = 1;
+            break;
+        case GETOPT_VAL_ACL:
+            acl = optarg;
+            break;
+        case GETOPT_VAL_MANAGER_ADDRESS:
+            manager_address = optarg;
+            break;
+        case GETOPT_VAL_EXECUTABLE:
+            executable = optarg;
+            break;
+        case GETOPT_VAL_MTU:
+            mtu = atoi(optarg);
+            break;
+        case GETOPT_VAL_PLUGIN:
+            plugin = optarg;
+            break;
+        case GETOPT_VAL_PLUGIN_OPTS:
+            plugin_opts = optarg;
+            break;
+        case 's':
+            if (server_num < MAX_REMOTE_NUM) {
+                server_host[server_num++] = optarg;
+            }
+            break;
+        case GETOPT_VAL_PASSWORD:
+        case 'k':
+            password = optarg;
+            break;
+        case 'f':
+            pid_flags = 1;
+            pid_path  = optarg;
+            break;
+        case 't':
+            timeout = optarg;
+            break;
+        case 'm':
+            method = optarg;
+            break;
+        case 'c':
+            conf_path = optarg;
+            break;
+        case 'i':
+            iface = optarg;
+            break;
+        case 'd':
+            nameservers = optarg;
+            break;
+        case 'a':
+            user = optarg;
+            break;
+        case 'u':
+            mode = TCP_AND_UDP;
+            break;
+        case 'U':
+            mode = UDP_ONLY;
+            break;
+        case '6':
+            ipv6first = 1;
+            break;
+        case GETOPT_VAL_WORKDIR:
+        case 'D':
+            workdir = optarg;
+            break;
+        case 'v':
+            verbose = 1;
+            break;
+        case GETOPT_VAL_HELP:
+        case 'h':
+            usage();
+            exit(EXIT_SUCCESS);
+#ifdef HAVE_SETRLIMIT
+        case 'n':
+            nofile = atoi(optarg);
+            break;
+#endif
+        case 'A':
+            FATAL("One time auth has been deprecated. Try AEAD ciphers instead.");
+            break;
+        case '?':
+            // The option character is not recognized.
+            LOGE("Unrecognized option: %s", optarg);
+            opterr = 1;
+            break;
+        }
+
+    if (opterr) {
+        usage();
+        exit(EXIT_FAILURE);
+    }
+
+    if (conf_path != NULL) {
+        conf = read_jconf(conf_path);
+        if (server_num == 0) {
+            server_num = conf->remote_num;
+            for (i = 0; i < server_num; i++)
+                server_host[i] = conf->remote_addr[i].host;
+        }
+        if (password == NULL) {
+            password = conf->password;
+        }
+        if (method == NULL) {
+            method = conf->method;
+        }
+        if (timeout == NULL) {
+            timeout = conf->timeout;
+        }
+        if (user == NULL) {
+            user = conf->user;
+        }
+        if (fast_open == 0) {
+            fast_open = conf->fast_open;
+        }
+        if (no_delay == 0) {
+            no_delay = conf->no_delay;
+        }
+        if (reuse_port == 0) {
+            reuse_port = conf->reuse_port;
+        }
+        if (nameservers == NULL) {
+            nameservers = conf->nameserver;
+        }
+        if (mode == TCP_ONLY) {
+            mode = conf->mode;
+        }
+        if (mtu == 0) {
+            mtu = conf->mtu;
+        }
+        if (plugin == NULL) {
+            plugin = conf->plugin;
+        }
+        if (plugin_opts == NULL) {
+            plugin_opts = conf->plugin_opts;
+        }
+        if (ipv6first == 0) {
+            ipv6first = conf->ipv6_first;
+        }
+        if (workdir == NULL) {
+            workdir = conf->workdir;
+        }
+        if (acl == NULL) {
+            acl = conf->acl;
+        }
+        if (manager_address == NULL) {
+            manager_address = conf->manager_address;
+        }
+#ifdef HAVE_SETRLIMIT
+        if (nofile == 0) {
+            nofile = conf->nofile;
+        }
+#endif
+    }
+
+    if (server_num == 0) {
+        server_host[server_num++] = "0.0.0.0";
+    }
+
+    if (method == NULL) {
+        method = "table";
+    }
+
+    if (timeout == NULL) {
+        timeout = "60";
+    }
+
+    USE_SYSLOG(argv[0], pid_flags);
+    if (pid_flags) {
+        daemonize(pid_path);
+    }
+
+    if (server_num == 0) {
+        usage();
+        exit(EXIT_FAILURE);
+    }
+
+    if (fast_open == 1) {
+#ifdef TCP_FASTOPEN
+        LOGI("using tcp fast open");
+#else
+        LOGE("tcp fast open is not supported by this environment");
+#endif
+    }
+
+    if (no_delay == 1) {
+        LOGI("using tcp no-delay");
+    }
+
+#ifndef __MINGW32__
+    // setuid
+    if (user != NULL && !run_as(user)) {
+        FATAL("failed to switch user");
+    }
+
+    if (geteuid() == 0) {
+        LOGI("running from root user");
+    }
+#endif
+
+    struct passwd *pw = getpwuid(getuid());
+
+    if (workdir == NULL || strlen(workdir) == 0) {
+        workdir = pw->pw_dir;
+        // If home dir is still not defined or set to nologin/nonexistent, fall back to /tmp
+        if (strstr(workdir, "nologin") || strstr(workdir, "nonexistent") || workdir == NULL || strlen(workdir) == 0) {
+            workdir = "/tmp";
+        }
+
+        working_dir_size = strlen(workdir) + 15;
+        working_dir      = ss_malloc(working_dir_size);
+        snprintf(working_dir, working_dir_size, "%s/.shadowsocks", workdir);
+    } else {
+        working_dir_size = strlen(workdir) + 2;
+        working_dir      = ss_malloc(working_dir_size);
+        snprintf(working_dir, working_dir_size, "%s", workdir);
+    }
+    LOGI("working directory points to %s", working_dir);
+
+    int err = mkdir(working_dir, S_IRWXU | S_IRWXG | S_IROTH | S_IXOTH);
+    if (err != 0 && errno != EEXIST) {
+        ERROR("mkdir");
+        ss_free(working_dir);
+        FATAL("unable to create working directory");
+    }
+
+    if (manager_address == NULL) {
+        size_t manager_address_size = strlen(workdir) + 20;
+        manager_address = ss_malloc(manager_address_size);
+        snprintf(manager_address, manager_address_size, "%s/.ss-manager.socks", workdir);
+        LOGI("using the default manager address: %s", manager_address);
+    }
+
+    // ignore SIGPIPE
+    signal(SIGPIPE, SIG_IGN);
+    signal(SIGCHLD, SIG_IGN);
+    signal(SIGABRT, SIG_IGN);
+
+    struct ev_signal sigint_watcher;
+    struct ev_signal sigterm_watcher;
+    ev_signal_init(&sigint_watcher, signal_cb, SIGINT);
+    ev_signal_init(&sigterm_watcher, signal_cb, SIGTERM);
+    ev_signal_start(EV_DEFAULT, &sigint_watcher);
+    ev_signal_start(EV_DEFAULT, &sigterm_watcher);
+
+    struct manager_ctx manager;
+    memset(&manager, 0, sizeof(struct manager_ctx));
+
+    manager.reuse_port      = reuse_port;
+    manager.fast_open       = fast_open;
+    manager.no_delay        = no_delay;
+    manager.verbose         = verbose;
+    manager.mode            = mode;
+    manager.password        = password;
+    manager.timeout         = timeout;
+    manager.method          = method;
+    manager.iface           = iface;
+    manager.acl             = acl;
+    manager.user            = user;
+    manager.manager_address = manager_address;
+    manager.hosts           = server_host;
+    manager.host_num        = server_num;
+    manager.nameservers     = nameservers;
+    manager.mtu             = mtu;
+    manager.plugin          = plugin;
+    manager.plugin_opts     = plugin_opts;
+    manager.ipv6first       = ipv6first;
+    manager.workdir         = workdir;
+#ifdef HAVE_SETRLIMIT
+    manager.nofile = nofile;
+#endif
+
+    // initialize ev loop
+    struct ev_loop *loop = EV_DEFAULT;
+
+    // Clean up all existed processes
+    DIR *dp;
+    struct dirent *ep;
+    dp = opendir(working_dir);
+    if (dp != NULL) {
+        while ((ep = readdir(dp)) != NULL) {
+            size_t len = strlen(ep->d_name);
+            if (strcmp(ep->d_name + len - 3, "pid") == 0) {
+                kill_server(working_dir, ep->d_name);
+                if (verbose)
+                    LOGI("kill %s", ep->d_name);
+            }
+        }
+        closedir(dp);
+    } else {
+        ss_free(working_dir);
+        FATAL("Couldn't open the directory");
+    }
+
+    server_table = cork_string_hash_table_new(MAX_PORT_NUM, 0);
+
+    if (conf != NULL) {
+        for (i = 0; i < conf->port_password_num; i++) {
+            struct server *server = ss_malloc(sizeof(struct server));
+            memset(server, 0, sizeof(struct server));
+            strncpy(server->port, conf->port_password[i].port, 7);
+            strncpy(server->password, conf->port_password[i].password, 127);
+            add_server(&manager, server);
+        }
+    }
+
+    int sfd;
+    ss_addr_t ip_addr = { .host = NULL, .port = NULL };
+    parse_addr(manager_address, &ip_addr);
+
+    if (ip_addr.host == NULL || ip_addr.port == NULL) {
+        struct sockaddr_un svaddr;
+        sfd = socket(AF_UNIX, SOCK_DGRAM, 0);       /*  Create server socket */
+        if (sfd == -1) {
+            ss_free(working_dir);
+            FATAL("socket");
+        }
+
+        setnonblocking(sfd);
+
+        if (remove(manager_address) == -1 && errno != ENOENT) {
+            ERROR("bind");
+            ss_free(working_dir);
+            exit(EXIT_FAILURE);
+        }
+
+        memset(&svaddr, 0, sizeof(struct sockaddr_un));
+        svaddr.sun_family = AF_UNIX;
+        strncpy(svaddr.sun_path, manager_address, sizeof(svaddr.sun_path) - 1);
+
+        if (bind(sfd, (struct sockaddr *)&svaddr, sizeof(struct sockaddr_un)) == -1) {
+            ERROR("bind");
+            ss_free(working_dir);
+            exit(EXIT_FAILURE);
+        }
+    } else {
+        sfd = mgr_create_server_socket(ip_addr.host, ip_addr.port);
+        if (sfd == -1) {
+            ss_free(working_dir);
+            FATAL("socket");
+        }
+    }
+
+    manager.fd = sfd;
+    ev_io_init(&manager.io, manager_recv_cb, manager.fd, EV_READ);
+    ev_io_start(loop, &manager.io);
+
+    // start ev loop
+    ev_run(loop, 0);
+
+    if (verbose) {
+        LOGI("closed gracefully");
+    }
+
+    // Clean up
+    struct cork_hash_table_entry *entry;
+    struct cork_hash_table_iterator server_iter;
+
+    cork_hash_table_iterator_init(server_table, &server_iter);
+
+    while ((entry = cork_hash_table_iterator_next(&server_iter)) != NULL) {
+        struct server *server = (struct server *)entry->value;
+        stop_server(working_dir, server->port);
+    }
+
+    ev_signal_stop(EV_DEFAULT, &sigint_watcher);
+    ev_signal_stop(EV_DEFAULT, &sigterm_watcher);
+    ss_free(working_dir);
+
+    return 0;
+}
+
+#endif
diff --git a/client/3rd/ShadowSocks/ShadowSocks/shadowsocks-libev/src/manager.h b/client/3rd/ShadowSocks/ShadowSocks/shadowsocks-libev/src/manager.h
new file mode 100644
index 00000000..d5aa8327
--- /dev/null
+++ b/client/3rd/ShadowSocks/ShadowSocks/shadowsocks-libev/src/manager.h
@@ -0,0 +1,80 @@
+/*
+ * server.h - Define shadowsocks server's buffers and callbacks
+ *
+ * Copyright (C) 2013 - 2019, Max Lv <max.c.lv@gmail.com>
+ *
+ * This file is part of the shadowsocks-libev.
+ *
+ * shadowsocks-libev is free software; you can redistribute it and/or modify
+ * it under the terms of the GNU General Public License as published by
+ * the Free Software Foundation; either version 3 of the License, or
+ * (at your option) any later version.
+ *
+ * shadowsocks-libev is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+ * GNU General Public License for more details.
+ *
+ * You should have received a copy of the GNU General Public License
+ * along with shadowsocks-libev; see the file COPYING. If not, see
+ * <http://www.gnu.org/licenses/>.
+ */
+
+#ifndef _MANAGER_H
+#define _MANAGER_H
+
+#include <time.h>
+#include <libcork/ds.h>
+
+#ifdef HAVE_LIBEV_EV_H
+#include <libev/ev.h>
+#else
+#include <ev.h>
+#endif
+
+#include "jconf.h"
+
+#include "common.h"
+
+struct manager_ctx {
+    ev_io io;
+    int fd;
+    int fast_open;
+    int no_delay;
+    int reuse_port;
+    int verbose;
+    int mode;
+    char *password;
+    char *key;
+    char *timeout;
+    char *method;
+    char *iface;
+    char *acl;
+    char *user;
+    char *plugin;
+    char *plugin_opts;
+    char *manager_address;
+    char **hosts;
+    int host_num;
+    char *nameservers;
+    int mtu;
+    int ipv6first;
+    char *workdir;
+#ifdef HAVE_SETRLIMIT
+    int nofile;
+#endif
+};
+
+struct server {
+    char port[8];
+    char password[128];
+    char fast_open[8];
+    char no_delay[8];
+    char *mode;
+    char *method;
+    char *plugin;
+    char *plugin_opts;
+    uint64_t traffic;
+};
+
+#endif // _MANAGER_H
diff --git a/client/3rd/ShadowSocks/ShadowSocks/shadowsocks-libev/src/netutils.c b/client/3rd/ShadowSocks/ShadowSocks/shadowsocks-libev/src/netutils.c
new file mode 100644
index 00000000..8c7329a9
--- /dev/null
+++ b/client/3rd/ShadowSocks/ShadowSocks/shadowsocks-libev/src/netutils.c
@@ -0,0 +1,315 @@
+/*
+ * netutils.c - Network utilities
+ *
+ * Copyright (C) 2013 - 2019, Max Lv <max.c.lv@gmail.com>
+ *
+ * This file is part of the shadowsocks-libev.
+ *
+ * shadowsocks-libev is free software; you can redistribute it and/or modify
+ * it under the terms of the GNU General Public License as published by
+ * the Free Software Foundation; either version 3 of the License, or
+ * (at your option) any later version.
+ *
+ * shadowsocks-libev is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+ * GNU General Public License for more details.
+ *
+ * You should have received a copy of the GNU General Public License
+ * along with shadowsocks-libev; see the file COPYING. If not, see
+ * <http://www.gnu.org/licenses/>.
+ */
+
+#include <math.h>
+
+#include <libcork/core.h>
+
+#ifdef HAVE_CONFIG_H
+#include "config.h"
+#endif
+
+#ifndef __MINGW32__
+#include <arpa/inet.h>
+#include <netdb.h>
+#include <netinet/in.h>
+#include <unistd.h>
+#endif
+
+#if defined(HAVE_SYS_IOCTL_H) && defined(HAVE_NET_IF_H) && defined(__linux__)
+#include <net/if.h>
+#include <sys/ioctl.h>
+#define SET_INTERFACE
+#endif
+
+#include "netutils.h"
+#include "utils.h"
+
+#ifndef SO_REUSEPORT
+#define SO_REUSEPORT 15
+#endif
+
+extern int verbose;
+
+static const char valid_label_bytes[] =
+    "-0123456789ABCDEFGHIJKLMNOPQRSTUVWXYZ_abcdefghijklmnopqrstuvwxyz";
+
+int
+set_reuseport(int socket)
+{
+    int opt = 1;
+    return setsockopt(socket, SOL_SOCKET, SO_REUSEPORT, &opt, sizeof(opt));
+}
+
+size_t
+get_sockaddr_len(struct sockaddr *addr)
+{
+    if (addr->sa_family == AF_INET) {
+        return sizeof(struct sockaddr_in);
+    } else if (addr->sa_family == AF_INET6) {
+        return sizeof(struct sockaddr_in6);
+    }
+    return 0;
+}
+
+#ifdef SET_INTERFACE
+int
+setinterface(int socket_fd, const char *interface_name)
+{
+    struct ifreq interface;
+    memset(&interface, 0, sizeof(struct ifreq));
+    strncpy(interface.ifr_name, interface_name, IFNAMSIZ - 1);
+    int res = setsockopt(socket_fd, SOL_SOCKET, SO_BINDTODEVICE, &interface,
+                         sizeof(struct ifreq));
+    return res;
+}
+
+#endif
+
+int
+parse_local_addr(struct sockaddr_storage *storage_v4,
+                 struct sockaddr_storage *storage_v6,
+                 const char *host)
+{
+    if (host != NULL) {
+        struct cork_ip ip;
+        if (cork_ip_init(&ip, host) != -1) {
+            if (ip.version == 4) {
+                memset(storage_v4, 0, sizeof(struct sockaddr_storage));
+                struct sockaddr_in *addr = (struct sockaddr_in *)storage_v4;
+                inet_pton(AF_INET, host, &addr->sin_addr);
+                addr->sin_family = AF_INET;
+                LOGI("binding to outbound IPv4 addr: %s", host);
+                return AF_INET;
+            } else if (ip.version == 6) {
+                memset(storage_v6, 0, sizeof(struct sockaddr_storage));
+                struct sockaddr_in6 *addr = (struct sockaddr_in6 *)storage_v6;
+                inet_pton(AF_INET6, host, &addr->sin6_addr);
+                addr->sin6_family = AF_INET6;
+                LOGI("binding to outbound IPv6 addr: %s", host);
+                return AF_INET6;
+            }
+        }
+    }
+    return 0;
+}
+
+int
+bind_to_addr(struct sockaddr_storage *storage,
+             int socket_fd)
+{
+    if (storage->ss_family == AF_INET) {
+        return bind(socket_fd, (struct sockaddr *)storage, sizeof(struct sockaddr_in));
+    } else if (storage->ss_family == AF_INET6) {
+        return bind(socket_fd, (struct sockaddr *)storage, sizeof(struct sockaddr_in6));
+    }
+    return -1;
+}
+
+ssize_t
+get_sockaddr(char *host, char *port,
+             struct sockaddr_storage *storage, int block,
+             int ipv6first)
+{
+    struct cork_ip ip;
+    if (cork_ip_init(&ip, host) != -1) {
+        if (ip.version == 4) {
+            struct sockaddr_in *addr = (struct sockaddr_in *)storage;
+            addr->sin_family = AF_INET;
+            inet_pton(AF_INET, host, &(addr->sin_addr));
+            if (port != NULL) {
+                addr->sin_port = htons(atoi(port));
+            }
+        } else if (ip.version == 6) {
+            struct sockaddr_in6 *addr = (struct sockaddr_in6 *)storage;
+            addr->sin6_family = AF_INET6;
+            inet_pton(AF_INET6, host, &(addr->sin6_addr));
+            if (port != NULL) {
+                addr->sin6_port = htons(atoi(port));
+            }
+        }
+        return 0;
+    } else {
+#ifdef __ANDROID__
+        extern int vpn;
+        assert(!vpn);   // protecting DNS packets isn't supported yet
+#endif
+        struct addrinfo hints;
+        struct addrinfo *result, *rp;
+
+        memset(&hints, 0, sizeof(struct addrinfo));
+        hints.ai_family   = AF_UNSPEC;   /* Return IPv4 and IPv6 choices */
+        hints.ai_socktype = SOCK_STREAM; /* We want a TCP socket */
+
+        int err = getaddrinfo(host, port, &hints, &result);
+
+        if (err != 0) {
+            LOGE("getaddrinfo: %s", gai_strerror(err));
+            return -1;
+        }
+
+        int prefer_af = ipv6first ? AF_INET6 : AF_INET;
+        for (rp = result; rp != NULL; rp = rp->ai_next)
+            if (rp->ai_family == prefer_af) {
+                if (rp->ai_family == AF_INET)
+                    memcpy(storage, rp->ai_addr, sizeof(struct sockaddr_in));
+                else if (rp->ai_family == AF_INET6)
+                    memcpy(storage, rp->ai_addr, sizeof(struct sockaddr_in6));
+                break;
+            }
+
+        if (rp == NULL) {
+            for (rp = result; rp != NULL; rp = rp->ai_next) {
+                if (rp->ai_family == AF_INET)
+                    memcpy(storage, rp->ai_addr, sizeof(struct sockaddr_in));
+                else if (rp->ai_family == AF_INET6)
+                    memcpy(storage, rp->ai_addr, sizeof(struct sockaddr_in6));
+                break;
+            }
+        }
+
+        if (rp == NULL) {
+            LOGE("failed to resolve remote addr");
+            return -1;
+        }
+
+        freeaddrinfo(result);
+        return 0;
+    }
+
+    return -1;
+}
+
+int
+sockaddr_cmp(struct sockaddr_storage *addr1,
+             struct sockaddr_storage *addr2, socklen_t len)
+{
+    struct sockaddr_in *p1_in   = (struct sockaddr_in *)addr1;
+    struct sockaddr_in *p2_in   = (struct sockaddr_in *)addr2;
+    struct sockaddr_in6 *p1_in6 = (struct sockaddr_in6 *)addr1;
+    struct sockaddr_in6 *p2_in6 = (struct sockaddr_in6 *)addr2;
+    if (p1_in->sin_family < p2_in->sin_family)
+        return -1;
+    if (p1_in->sin_family > p2_in->sin_family)
+        return 1;
+    /* compare ip4 */
+    if (p1_in->sin_family == AF_INET) {
+        /* just order it, ntohs not required */
+        if (p1_in->sin_port < p2_in->sin_port)
+            return -1;
+        if (p1_in->sin_port > p2_in->sin_port)
+            return 1;
+        return memcmp(&p1_in->sin_addr, &p2_in->sin_addr, INET_SIZE);
+    } else if (p1_in6->sin6_family == AF_INET6) {
+        /* just order it, ntohs not required */
+        if (p1_in6->sin6_port < p2_in6->sin6_port)
+            return -1;
+        if (p1_in6->sin6_port > p2_in6->sin6_port)
+            return 1;
+        return memcmp(&p1_in6->sin6_addr, &p2_in6->sin6_addr,
+                      INET6_SIZE);
+    } else {
+        /* eek unknown type, perform this comparison for sanity. */
+        return memcmp(addr1, addr2, len);
+    }
+}
+
+int
+sockaddr_cmp_addr(struct sockaddr_storage *addr1,
+                  struct sockaddr_storage *addr2, socklen_t len)
+{
+    struct sockaddr_in *p1_in   = (struct sockaddr_in *)addr1;
+    struct sockaddr_in *p2_in   = (struct sockaddr_in *)addr2;
+    struct sockaddr_in6 *p1_in6 = (struct sockaddr_in6 *)addr1;
+    struct sockaddr_in6 *p2_in6 = (struct sockaddr_in6 *)addr2;
+    if (p1_in->sin_family < p2_in->sin_family)
+        return -1;
+    if (p1_in->sin_family > p2_in->sin_family)
+        return 1;
+    if (verbose) {
+        LOGI("sockaddr_cmp_addr: sin_family equal? %d", p1_in->sin_family == p2_in->sin_family);
+    }
+    /* compare ip4 */
+    if (p1_in->sin_family == AF_INET) {
+        return memcmp(&p1_in->sin_addr, &p2_in->sin_addr, INET_SIZE);
+    } else if (p1_in6->sin6_family == AF_INET6) {
+        return memcmp(&p1_in6->sin6_addr, &p2_in6->sin6_addr,
+                      INET6_SIZE);
+    } else {
+        /* eek unknown type, perform this comparison for sanity. */
+        return memcmp(addr1, addr2, len);
+    }
+}
+
+int
+validate_hostname(const char *hostname, const int hostname_len)
+{
+    if (hostname == NULL)
+        return 0;
+
+    if (hostname_len < 1 || hostname_len > 255)
+        return 0;
+
+    if (hostname[0] == '.')
+        return 0;
+
+    const char *label = hostname;
+    while (label < hostname + hostname_len) {
+        size_t label_len = hostname_len - (label - hostname);
+        char *next_dot   = strchr(label, '.');
+        if (next_dot != NULL)
+            label_len = next_dot - label;
+
+        if (label + label_len > hostname + hostname_len)
+            return 0;
+
+        if (label_len > 63 || label_len < 1)
+            return 0;
+
+        if (label[0] == '-' || label[label_len - 1] == '-')
+            return 0;
+
+        if (strspn(label, valid_label_bytes) < label_len)
+            return 0;
+
+        label += label_len + 1;
+    }
+
+    return 1;
+}
+
+int
+is_ipv6only(ss_addr_t *servers, size_t server_num, int ipv6first)
+{
+    int i;
+    for (i = 0; i < server_num; i++) {
+        struct sockaddr_storage storage;
+        memset(&storage, 0, sizeof(struct sockaddr_storage));
+        if (get_sockaddr(servers[i].host, servers[i].port, &storage, 1, ipv6first) == -1) {
+            FATAL("failed to resolve the provided hostname");
+        }
+        if (storage.ss_family != AF_INET6) {
+            return 0;
+        }
+    }
+    return 1;
+}
diff --git a/client/3rd/ShadowSocks/ShadowSocks/shadowsocks-libev/src/netutils.h b/client/3rd/ShadowSocks/ShadowSocks/shadowsocks-libev/src/netutils.h
new file mode 100644
index 00000000..82724195
--- /dev/null
+++ b/client/3rd/ShadowSocks/ShadowSocks/shadowsocks-libev/src/netutils.h
@@ -0,0 +1,120 @@
+/*
+ * netutils.h - Network utilities
+ *
+ * Copyright (C) 2013 - 2019, Max Lv <max.c.lv@gmail.com>
+ *
+ * This file is part of the shadowsocks-libev.
+ *
+ * shadowsocks-libev is free software; you can redistribute it and/or modify
+ * it under the terms of the GNU General Public License as published by
+ * the Free Software Foundation; either version 3 of the License, or
+ * (at your option) any later version.
+ *
+ * shadowsocks-libev is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+ * GNU General Public License for more details.
+ *
+ * You should have received a copy of the GNU General Public License
+ * along with shadowsocks-libev; see the file COPYING. If not, see
+ * <http://www.gnu.org/licenses/>.
+ */
+
+#ifndef _NETUTILS_H
+#define _NETUTILS_H
+
+#ifdef __MINGW32__
+#include "winsock.h"
+#else
+#include <sys/socket.h>
+#endif
+
+#if defined(HAVE_LINUX_TCP_H)
+#include <linux/tcp.h>
+#elif defined(HAVE_NETINET_TCP_H)
+#include <netinet/tcp.h>
+#elif defined(HAVE_NETDB_H)
+#include <netdb.h>
+#endif
+
+/* Hard coded defines for TCP fast open on Android */
+#ifdef __ANDROID__
+#ifndef TCP_FASTOPEN
+#define TCP_FASTOPEN   23
+#endif
+#ifndef MSG_FASTOPEN
+#define MSG_FASTOPEN   0x20000000
+#endif
+#ifdef TCP_FASTOPEN_CONNECT
+#undef TCP_FASTOPEN_CONNECT
+#endif
+#endif
+
+#define MAX_HOSTNAME_LEN 256 // FQCN <= 255 characters
+#define MAX_PORT_STR_LEN 6   // PORT < 65536
+
+#define SOCKET_BUF_SIZE (16 * 1024 - 1) // 16383 Byte, equals to the max chunk size
+
+typedef struct {
+    char *host;
+    char *port;
+} ss_addr_t;
+
+/* MPTCP_ENABLED setsockopt values for kernel 4 & 3, best behaviour to be independant of kernel version is to test from newest to the latest values */
+#ifndef MPTCP_ENABLED
+static const char mptcp_enabled_values[] = { 42, 26, 0 };
+#else
+static const char mptcp_enabled_values[] = { MPTCP_ENABLED, 0 };
+#endif
+
+#ifndef UPDATE_INTERVAL
+#define UPDATE_INTERVAL 5
+#endif
+
+/** byte size of ip4 address */
+#define INET_SIZE 4
+/** byte size of ip6 address */
+#define INET6_SIZE 16
+
+size_t get_sockaddr_len(struct sockaddr *addr);
+ssize_t get_sockaddr(char *host, char *port,
+                     struct sockaddr_storage *storage, int block,
+                     int ipv6first);
+int set_reuseport(int socket);
+
+#ifdef SET_INTERFACE
+int setinterface(int socket_fd, const char *interface_name);
+#endif
+
+int parse_local_addr(struct sockaddr_storage *storage_v4,
+                     struct sockaddr_storage *storage_v6,
+                     const char *host);
+
+int bind_to_addr(struct sockaddr_storage *storage, int socket_fd);
+
+/**
+ * Compare two sockaddrs. Imposes an ordering on the addresses.
+ * Compares address and port.
+ * @param addr1: address 1.
+ * @param addr2: address 2.
+ * @param len: lengths of addr.
+ * @return: 0 if addr1 == addr2. -1 if addr1 is smaller, +1 if larger.
+ */
+int sockaddr_cmp(struct sockaddr_storage *addr1,
+                 struct sockaddr_storage *addr2, socklen_t len);
+
+/**
+ * Compare two sockaddrs. Compares address, not the port.
+ * @param addr1: address 1.
+ * @param addr2: address 2.
+ * @param len: lengths of addr.
+ * @return: 0 if addr1 == addr2. -1 if addr1 is smaller, +1 if larger.
+ */
+int sockaddr_cmp_addr(struct sockaddr_storage *addr1,
+                      struct sockaddr_storage *addr2, socklen_t len);
+
+int validate_hostname(const char *hostname, const int hostname_len);
+
+int is_ipv6only(ss_addr_t *servers, size_t server_num, int ipv6first);
+
+#endif
diff --git a/client/3rd/ShadowSocks/ShadowSocks/shadowsocks-libev/src/plugin.c b/client/3rd/ShadowSocks/ShadowSocks/shadowsocks-libev/src/plugin.c
new file mode 100644
index 00000000..48c614cf
--- /dev/null
+++ b/client/3rd/ShadowSocks/ShadowSocks/shadowsocks-libev/src/plugin.c
@@ -0,0 +1,351 @@
+/*
+ * plugin.c - Manage plugins
+ *
+ * Copyright (C) 2013 - 2019, Max Lv <max.c.lv@gmail.com>
+ *
+ * This file is part of the shadowsocks-libev.
+ *
+ * shadowsocks-libev is free software; you can redistribute it and/or modify
+ * it under the terms of the GNU General Public License as published by
+ * the Free Software Foundation; either version 3 of the License, or
+ * (at your option) any later version.
+ *
+ * shadowsocks-libev is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+ * GNU General Public License for more details.
+ *
+ * You should have received a copy of the GNU General Public License
+ * along with shadowsocks-libev; see the file COPYING. If not, see
+ * <http://www.gnu.org/licenses/>.
+ */
+
+#ifdef HAVE_CONFIG_H
+#include "config.h"
+#endif
+
+#include <string.h>
+#ifndef __MINGW32__
+#include <unistd.h>
+#include <sys/socket.h>
+#include <sys/wait.h>
+#include <netinet/in.h>
+#endif
+
+#include <libcork/core.h>
+#include <libcork/os.h>
+
+#include "utils.h"
+#include "plugin.h"
+#include "winsock.h"
+
+#define CMD_RESRV_LEN 128
+
+#ifndef __MINGW32__
+#define TEMPDIR "/tmp/"
+#else
+#define TEMPDIR
+#endif
+
+static int exit_code;
+static struct cork_env *env        = NULL;
+static struct cork_exec *exec      = NULL;
+static struct cork_subprocess *sub = NULL;
+#ifdef __MINGW32__
+static uint16_t sub_control_port = 0;
+void cork_subprocess_set_control(struct cork_subprocess *self, uint16_t port);
+#endif
+
+static int
+plugin_log__data(struct cork_stream_consumer *vself,
+                 const void *buf, size_t size, bool is_first)
+{
+    size_t bytes_written = fwrite(buf, 1, size, stderr);
+    /*  If there was an error writing to the file, then signal this
+     *  to the producer */
+    if (bytes_written == size) {
+        return 0;
+    } else {
+        cork_system_error_set();
+        return -1;
+    }
+}
+
+static int
+plugin_log__eof(struct cork_stream_consumer *vself)
+{
+    /*  We don't close the file, so there's nothing special to do at
+     *  end-of-stream. */
+    return 0;
+}
+
+static void
+plugin_log__free(struct cork_stream_consumer *vself)
+{
+    return;
+}
+
+struct cork_stream_consumer plugin_log = {
+    .data = plugin_log__data,
+    .eof  = plugin_log__eof,
+    .free = plugin_log__free,
+};
+
+static int
+start_ss_plugin(const char *plugin,
+                const char *plugin_opts,
+                const char *remote_host,
+                const char *remote_port,
+                const char *local_host,
+                const char *local_port,
+                enum plugin_mode mode)
+{
+    cork_env_add(env, "SS_REMOTE_HOST", remote_host);
+    cork_env_add(env, "SS_REMOTE_PORT", remote_port);
+
+    cork_env_add(env, "SS_LOCAL_HOST", local_host);
+    cork_env_add(env, "SS_LOCAL_PORT", local_port);
+
+    if (plugin_opts != NULL)
+        cork_env_add(env, "SS_PLUGIN_OPTIONS", plugin_opts);
+
+    exec = cork_exec_new(plugin);
+    cork_exec_add_param(exec, plugin);  // argv[0]
+
+#ifdef __ANDROID__
+    extern int vpn;
+    if (vpn)
+        cork_exec_add_param(exec, "-V");
+#endif
+
+    cork_exec_set_env(exec, env);
+
+    sub = cork_subprocess_new_exec(exec, NULL, NULL, &exit_code);
+#ifdef __MINGW32__
+    cork_subprocess_set_control(sub, sub_control_port);
+#endif
+
+    return cork_subprocess_start(sub);
+}
+
+#define OBFSPROXY_OPTS_MAX  4096
+/*
+ * For obfsproxy, we use standalone mode for now.
+ * Managed mode needs to use SOCKS5 proxy as forwarder, which is not supported
+ * yet.
+ *
+ * The idea of using standalone mode is quite simple, just assemble the
+ * internal port into obfsproxy parameters.
+ *
+ * Using manually ran scramblesuit as an example:
+ * obfsproxy \
+ * --data-dir /tmp/ss_libev_plugin_with_suffix \
+ * scramblesuit \
+ * --password SOMEMEANINGLESSPASSWORDASEXAMPLE \
+ * --dest some.server.org:12345 \
+ * client \
+ * 127.0.0.1:54321
+ *
+ * In above case, @plugin = "obfsproxy",
+ * @plugin_opts = "scramblesuit --password SOMEMEANINGLESSPASSWORDASEXAMPLE"
+ * For obfs3, it's even easier, just pass @plugin = "obfsproxy"
+ * @plugin_opts = "obfs3"
+ *
+ * And the rest parameters are all assembled here.
+ * Some old obfsproxy will not be supported as it doesn't even support
+ * "--data-dir" option
+ */
+static int
+start_obfsproxy(const char *plugin,
+                const char *plugin_opts,
+                const char *remote_host,
+                const char *remote_port,
+                const char *local_host,
+                const char *local_port,
+                enum plugin_mode mode)
+{
+    char *pch;
+    char *opts_dump = NULL;
+    char *buf = NULL;
+    int ret, buf_size = 0;
+
+    if (plugin_opts != NULL) {
+        opts_dump = strndup(plugin_opts, OBFSPROXY_OPTS_MAX);
+        if (!opts_dump) {
+            ERROR("start_obfsproxy strndup failed");
+            if (env != NULL) {
+                cork_env_free(env);
+            }
+            return -ENOMEM;
+        }
+    }
+    exec = cork_exec_new(plugin);
+
+    /* The first parameter will be skipped, so pass @plugin again */
+    cork_exec_add_param(exec, plugin);
+
+    cork_exec_add_param(exec, "--data-dir");
+    buf_size = 20 + strlen(plugin) + strlen(remote_host)
+               + strlen(remote_port) + strlen(local_host) + strlen(local_port);
+    buf = ss_malloc(buf_size);
+    snprintf(buf, buf_size, TEMPDIR "%s_%s:%s_%s:%s", plugin,
+             remote_host, remote_port, local_host, local_port);
+    cork_exec_add_param(exec, buf);
+
+    /*
+     * Iterate @plugin_opts by space
+     */
+    if (opts_dump != NULL) {
+        pch = strtok(opts_dump, " ");
+        while (pch) {
+            cork_exec_add_param(exec, pch);
+            pch = strtok(NULL, " ");
+        }
+    }
+
+    /* The rest options */
+    if (mode == MODE_CLIENT) {
+        /* Client mode */
+        cork_exec_add_param(exec, "--dest");
+        snprintf(buf, buf_size, "%s:%s", remote_host, remote_port);
+        cork_exec_add_param(exec, buf);
+        cork_exec_add_param(exec, "client");
+        snprintf(buf, buf_size, "%s:%s", local_host, local_port);
+        cork_exec_add_param(exec, buf);
+    } else {
+        /* Server mode */
+        cork_exec_add_param(exec, "--dest");
+        snprintf(buf, buf_size, "%s:%s", local_host, local_port);
+        cork_exec_add_param(exec, buf);
+        cork_exec_add_param(exec, "server");
+        snprintf(buf, buf_size, "%s:%s", remote_host, remote_port);
+        cork_exec_add_param(exec, buf);
+    }
+
+    cork_exec_set_env(exec, env);
+    sub = cork_subprocess_new_exec(exec, NULL, NULL, &exit_code);
+#ifdef __MINGW32__
+    cork_subprocess_set_control(sub, sub_control_port);
+#endif
+    ret = cork_subprocess_start(sub);
+    ss_free(opts_dump);
+    free(buf);
+    return ret;
+}
+
+int
+start_plugin(const char *plugin,
+             const char *plugin_opts,
+             const char *remote_host,
+             const char *remote_port,
+             const char *local_host,
+             const char *local_port,
+#ifdef __MINGW32__
+             uint16_t control_port,
+#endif
+             enum plugin_mode mode)
+{
+#ifndef __MINGW32__
+    char *new_path = NULL;
+    const char *current_path;
+    size_t new_path_len;
+#endif
+    int ret;
+
+    if (plugin == NULL)
+        return -1;
+
+    if (strlen(plugin) == 0)
+        return 0;
+
+#ifndef __MINGW32__
+    /*
+     * Add current dir to PATH, so we can search plugin in current dir
+     */
+    env          = cork_env_clone_current();
+    current_path = cork_env_get(env, "PATH");
+    if (current_path != NULL) {
+#ifdef HAVE_GET_CURRENT_DIR_NAME
+        char *cwd = get_current_dir_name();
+        if (cwd) {
+#else
+        char cwd[PATH_MAX];
+        if (getcwd(cwd, PATH_MAX) != NULL) {
+#endif
+            new_path_len = strlen(current_path) + strlen(cwd) + 2;
+            new_path     = ss_malloc(new_path_len);
+            snprintf(new_path, new_path_len, "%s:%s", cwd, current_path);
+#ifdef HAVE_GET_CURRENT_DIR_NAME
+            free(cwd);
+#endif
+        }
+    }
+    if (new_path != NULL)
+        cork_env_add(env, "PATH", new_path);
+#else
+    sub_control_port = control_port;
+#endif
+
+    if (!strncmp(plugin, "obfsproxy", strlen("obfsproxy")))
+        ret = start_obfsproxy(plugin, plugin_opts, remote_host, remote_port,
+                              local_host, local_port, mode);
+    else
+        ret = start_ss_plugin(plugin, plugin_opts, remote_host, remote_port,
+                              local_host, local_port, mode);
+#ifndef __MINGW32__
+    ss_free(new_path);
+#endif
+    env = NULL;
+    return ret;
+}
+
+uint16_t
+get_local_port()
+{
+    int sock = socket(AF_INET, SOCK_STREAM, 0);
+    if (sock < 0) {
+        return 0;
+    }
+
+    struct sockaddr_in serv_addr;
+    memset(&serv_addr, 0, sizeof(serv_addr));
+    serv_addr.sin_family      = AF_INET;
+    serv_addr.sin_addr.s_addr = INADDR_ANY;
+    serv_addr.sin_port        = 0;
+    if (bind(sock, (struct sockaddr *)&serv_addr, sizeof(serv_addr)) < 0) {
+        return 0;
+    }
+
+    socklen_t len = sizeof(serv_addr);
+    if (getsockname(sock, (struct sockaddr *)&serv_addr, &len) == -1) {
+        return 0;
+    }
+    if (close(sock) < 0) {
+        return 0;
+    }
+
+    return ntohs(serv_addr.sin_port);
+}
+
+void
+stop_plugin()
+{
+    if (sub != NULL) {
+        cork_subprocess_abort(sub);
+#ifndef __MINGW32__
+        if (cork_subprocess_wait(sub) == -1) {
+            LOGI("error on terminating the plugin.");
+        }
+#endif
+        cork_subprocess_free(sub);
+    }
+}
+
+int
+is_plugin_running()
+{
+    if (sub != NULL) {
+        return cork_subprocess_is_finished(sub);
+    }
+    return 0;
+}
diff --git a/client/3rd/ShadowSocks/ShadowSocks/shadowsocks-libev/src/plugin.h b/client/3rd/ShadowSocks/ShadowSocks/shadowsocks-libev/src/plugin.h
new file mode 100644
index 00000000..1a6d4b47
--- /dev/null
+++ b/client/3rd/ShadowSocks/ShadowSocks/shadowsocks-libev/src/plugin.h
@@ -0,0 +1,80 @@
+/*
+ * acl.h - Define the ACL interface
+ *
+ * Copyright (C) 2013 - 2019, Max Lv <max.c.lv@gmail.com>
+ *
+ * This file is part of the shadowsocks-libev.
+ *
+ * shadowsocks-libev is free software; you can redistribute it and/or modify
+ * it under the terms of the GNU General Public License as published by
+ * the Free Software Foundation; either version 3 of the License, or
+ * (at your option) any later version.
+ *
+ * shadowsocks-libev is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+ * GNU General Public License for more details.
+ *
+ * You should have received a copy of the GNU General Public License
+ * along with shadowsocks-libev; see the file COPYING. If not, see
+ * <http://www.gnu.org/licenses/>.
+ */
+
+#ifndef _PLUGIN_H
+#define _PLUGIN_H
+
+#define PLUGIN_EXIT_ERROR  -2
+#define PLUGIN_EXIT_NORMAL -1
+#define PLUGIN_RUNNING      0
+
+enum plugin_mode {
+    MODE_CLIENT,
+    MODE_SERVER
+};
+
+/*
+ * XXX: Since we have SS plugins and obfsproxy support, for now we will
+ *      do extra check against the plugin name.
+ *      For obfsproxy, we will not follow the SS specified protocol and
+ *      do special routine for obfsproxy.
+ *      This may change when the protocol is finally settled
+ *
+ * Main function to start a plugin.
+ *
+ * @plugin: name of the plugin
+ *          search from PATH and current directory.
+ * @plugin_opts: Special options for plugin
+ * @remote_host:
+ *   CLIENT mode:
+ *     The remote server address, which also runs corresponding plugin
+ *   SERVER mode:
+ *     The real listen address, which plugin will listen to
+ * @remote_port:
+ *   CLIENT mode:
+ *     The remote server port, which corresponding plugin is listening to
+ *   SERVER mode:
+ *     The real listen port, which plugin will listen to
+ * @local_host:
+ *   Where ss-libev will connect/listen to.
+ *   Normally localhost for both modes.
+ * @local_port:
+ *   Where ss-libev will connect/listen to.
+ *   Internal user port.
+ * @mode:
+ *   Indicates which mode the plugin should run at.
+ */
+int start_plugin(const char *plugin,
+                 const char *plugin_opts,
+                 const char *remote_host,
+                 const char *remote_port,
+                 const char *local_host,
+                 const char *local_port,
+#ifdef __MINGW32__
+                 uint16_t control_port,
+#endif
+                 enum plugin_mode mode);
+uint16_t get_local_port();
+void stop_plugin();
+int is_plugin_running();
+
+#endif // _PLUGIN_H
diff --git a/client/3rd/ShadowSocks/ShadowSocks/shadowsocks-libev/src/ppbloom.c b/client/3rd/ShadowSocks/ShadowSocks/shadowsocks-libev/src/ppbloom.c
new file mode 100644
index 00000000..7f92600e
--- /dev/null
+++ b/client/3rd/ShadowSocks/ShadowSocks/shadowsocks-libev/src/ppbloom.c
@@ -0,0 +1,102 @@
+/*
+ * ppbloom.c - Ping-Pong Bloom Filter for nonce reuse detection
+ *
+ * Copyright (C) 2013 - 2019, Max Lv <max.c.lv@gmail.com>
+ *
+ * This file is part of the shadowsocks-libev.
+ *
+ * shadowsocks-libev is free software; you can redistribute it and/or modify
+ * it under the terms of the GNU General Public License as published by
+ * the Free Software Foundation; either version 3 of the License, or
+ * (at your option) any later version.
+ *
+ * shadowsocks-libev is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+ * GNU General Public License for more details.
+ *
+ * You should have received a copy of the GNU General Public License
+ * along with shadowsocks-libev; see the file COPYING. If not, see
+ * <http://www.gnu.org/licenses/>.
+ */
+
+#include <errno.h>
+#include <stdlib.h>
+
+#include "bloom.h"
+#include "ppbloom.h"
+#include "utils.h"
+
+#define PING 0
+#define PONG 1
+
+static struct bloom ppbloom[2];
+static int bloom_count[2];
+static int current;
+static int entries;
+static double error;
+
+int
+ppbloom_init(int n, double e)
+{
+    int err;
+    entries = n / 2;
+    error   = e;
+
+    err = bloom_init(ppbloom + PING, entries, error);
+    if (err)
+        return err;
+
+    err = bloom_init(ppbloom + PONG, entries, error);
+    if (err)
+        return err;
+
+    bloom_count[PING] = 0;
+    bloom_count[PONG] = 0;
+
+    current = PING;
+
+    return 0;
+}
+
+int
+ppbloom_check(const void *buffer, int len)
+{
+    int ret;
+
+    ret = bloom_check(ppbloom + PING, buffer, len);
+    if (ret)
+        return ret;
+
+    ret = bloom_check(ppbloom + PONG, buffer, len);
+    if (ret)
+        return ret;
+
+    return 0;
+}
+
+int
+ppbloom_add(const void *buffer, int len)
+{
+    int err;
+    err = bloom_add(ppbloom + current, buffer, len);
+    if (err == -1)
+        return err;
+
+    bloom_count[current]++;
+
+    if (bloom_count[current] >= entries) {
+        bloom_count[current] = 0;
+        current              = current == PING ? PONG : PING;
+        bloom_reset(ppbloom + current);
+    }
+
+    return 0;
+}
+
+void
+ppbloom_free()
+{
+    bloom_free(ppbloom + PING);
+    bloom_free(ppbloom + PONG);
+}
diff --git a/client/3rd/ShadowSocks/ShadowSocks/shadowsocks-libev/src/ppbloom.h b/client/3rd/ShadowSocks/ShadowSocks/shadowsocks-libev/src/ppbloom.h
new file mode 100644
index 00000000..bfc65bba
--- /dev/null
+++ b/client/3rd/ShadowSocks/ShadowSocks/shadowsocks-libev/src/ppbloom.h
@@ -0,0 +1,31 @@
+/*
+ * ppbloom.h - Define the Ping-Pong Bloom Filter interface
+ *
+ * Copyright (C) 2013 - 2019, Max Lv <max.c.lv@gmail.com>
+ *
+ * This file is part of the shadowsocks-libev.
+ *
+ * shadowsocks-libev is free software; you can redistribute it and/or modify
+ * it under the terms of the GNU General Public License as published by
+ * the Free Software Foundation; either version 3 of the License, or
+ * (at your option) any later version.
+ *
+ * shadowsocks-libev is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+ * GNU General Public License for more details.
+ *
+ * You should have received a copy of the GNU General Public License
+ * along with shadowsocks-libev; see the file COPYING. If not, see
+ * <http://www.gnu.org/licenses/>.
+ */
+
+#ifndef _PPBLOOM_
+#define _PPBLOOM_
+
+int ppbloom_init(int entries, double error);
+int ppbloom_check(const void *buffer, int len);
+int ppbloom_add(const void *buffer, int len);
+void ppbloom_free(void);
+
+#endif
diff --git a/client/3rd/ShadowSocks/ShadowSocks/shadowsocks-libev/src/redir.c b/client/3rd/ShadowSocks/ShadowSocks/shadowsocks-libev/src/redir.c
new file mode 100644
index 00000000..3ae74397
--- /dev/null
+++ b/client/3rd/ShadowSocks/ShadowSocks/shadowsocks-libev/src/redir.c
@@ -0,0 +1,1308 @@
+/*
+ * redir.c - Provide a transparent TCP proxy through remote shadowsocks
+ *           server
+ *
+ * Copyright (C) 2013 - 2019, Max Lv <max.c.lv@gmail.com>
+ *
+ * This file is part of the shadowsocks-libev.
+ *
+ * shadowsocks-libev is free software; you can redistribute it and/or modify
+ * it under the terms of the GNU General Public License as published by
+ * the Free Software Foundation; either version 3 of the License, or
+ * (at your option) any later version.
+ *
+ * shadowsocks-libev is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+ * GNU General Public License for more details.
+ *
+ * You should have received a copy of the GNU General Public License
+ * along with shadowsocks-libev; see the file COPYING. If not, see
+ * <http://www.gnu.org/licenses/>.
+ */
+
+#include <sys/stat.h>
+#include <sys/types.h>
+#include <sys/socket.h>
+#include <arpa/inet.h>
+#include <errno.h>
+#include <fcntl.h>
+#include <locale.h>
+#include <netdb.h>
+#include <netinet/in.h>
+#include <netinet/tcp.h>
+#include <pthread.h>
+#include <signal.h>
+#include <string.h>
+#include <strings.h>
+#include <time.h>
+#include <unistd.h>
+#include <getopt.h>
+#include <limits.h>
+//#include <linux/if.h>
+//#include <linux/netfilter_ipv4.h>
+//#include <linux/netfilter_ipv6/ip6_tables.h>
+
+#include <libcork/core.h>
+
+#ifdef HAVE_CONFIG_H
+#include "../config.h"
+#endif
+
+#include "plugin.h"
+#include "netutils.h"
+#include "utils.h"
+#include "common.h"
+#include "redir.h"
+#include "../../libev/arm64/include/ev.h"
+
+#ifndef EAGAIN
+#define EAGAIN EWOULDBLOCK
+#endif
+
+#ifndef EWOULDBLOCK
+#define EWOULDBLOCK EAGAIN
+#endif
+
+#ifndef IP6T_SO_ORIGINAL_DST
+#define IP6T_SO_ORIGINAL_DST 80
+#endif
+
+#ifndef IP_TRANSPARENT
+#define IP_TRANSPARENT       19
+#endif
+
+#ifndef IPV6_TRANSPARENT
+#define IPV6_TRANSPARENT     75
+#endif
+
+static void accept_cb(EV_P_ ev_io *w, int revents);
+static void server_recv_cb(EV_P_ ev_io *w, int revents);
+static void server_send_cb(EV_P_ ev_io *w, int revents);
+static void remote_recv_cb(EV_P_ ev_io *w, int revents);
+static void remote_send_cb(EV_P_ ev_io *w, int revents);
+
+static remote_t *new_remote(int fd, int timeout);
+static server_t *new_server(int fd);
+
+static void free_remote(remote_t *remote);
+static void close_and_free_remote(EV_P_ remote_t *remote);
+static void free_server(server_t *server);
+static void close_and_free_server(EV_P_ server_t *server);
+
+int redir_verbose    = 0;
+int reuse_port = 0;
+
+static crypto_t *crypto;
+
+static int ipv6first = 0;
+static int mode      = TCP_ONLY;
+#ifdef HAVE_SETRLIMIT
+static int nofile = 0;
+#endif
+int redir_fast_open       = 0;
+static int no_delay = 0;
+static int ret_val  = 0;
+
+static struct ev_signal sigint_watcher;
+static struct ev_signal sigterm_watcher;
+static struct ev_signal sigchld_watcher;
+
+static int tcp_tproxy = 0; /* use tproxy instead of redirect (for tcp) */
+
+static int
+getdestaddr(int fd, struct sockaddr_storage *destaddr)
+{
+    socklen_t socklen = sizeof(*destaddr);
+    int error         = 0;
+
+    if (tcp_tproxy) {
+        error = getsockname(fd, (void *)destaddr, &socklen);
+    } else {
+        error = getsockopt(fd, 10/*SOL_IPV6*/, IP6T_SO_ORIGINAL_DST, destaddr, &socklen);
+        if (error) { // Didn't find a proper way to detect IP version.
+            error = getsockopt(fd, 20/*SOL_IP*/, 80/*SO_ORIGINAL_DST*/, destaddr, &socklen);
+        }
+    }
+
+    if (error) {
+        return -1;
+    }
+    return 0;
+}
+
+int
+rdr_setnonblocking(int fd)
+{
+    int flags;
+    if (-1 == (flags = fcntl(fd, F_GETFL, 0))) {
+        flags = 0;
+    }
+    return fcntl(fd, F_SETFL, flags | O_NONBLOCK);
+}
+
+int
+rdr_create_and_bind(const char *addr, const char *port)
+{
+    struct addrinfo hints;
+    struct addrinfo *result, *rp;
+    int s, listen_sock;
+
+    memset(&hints, 0, sizeof(struct addrinfo));
+    hints.ai_family   = AF_UNSPEC;   /* Return IPv4 and IPv6 choices */
+    hints.ai_socktype = SOCK_STREAM; /* We want a TCP socket */
+
+    result = NULL;
+
+    s = getaddrinfo(addr, port, &hints, &result);
+    if (s != 0) {
+        LOGI("getaddrinfo: %s", gai_strerror(s));
+        return -1;
+    }
+
+    if (result == NULL) {
+        LOGE("Could not bind");
+        return -1;
+    }
+
+    for (rp = result; rp != NULL; rp = rp->ai_next) {
+        listen_sock = socket(rp->ai_family, rp->ai_socktype, rp->ai_protocol);
+        if (listen_sock == -1) {
+            continue;
+        }
+
+        int opt = 1;
+        setsockopt(listen_sock, SOL_SOCKET, SO_REUSEADDR, &opt, sizeof(opt));
+#ifdef SO_NOSIGPIPE
+        setsockopt(listen_sock, SOL_SOCKET, SO_NOSIGPIPE, &opt, sizeof(opt));
+#endif
+        if (reuse_port) {
+            int err = set_reuseport(listen_sock);
+            if (err == 0) {
+                LOGI("tcp port reuse enabled");
+            }
+        }
+
+        if (tcp_tproxy) {
+            int level = 0, optname = 0;
+            if (rp->ai_family == AF_INET) {
+                level = IPPROTO_IP;
+                optname = IP_TRANSPARENT;
+            } else {
+                level = IPPROTO_IPV6;
+                optname = IPV6_TRANSPARENT;
+            }
+
+            if (setsockopt(listen_sock, level, optname, &opt, sizeof(opt)) != 0) {
+                ERROR("setsockopt IP_TRANSPARENT");
+                exit(EXIT_FAILURE);
+            }
+            LOGI("tcp tproxy mode enabled");
+        }
+
+        s = bind(listen_sock, rp->ai_addr, rp->ai_addrlen);
+        if (s == 0) {
+            /* We managed to bind successfully! */
+            break;
+        } else {
+            ERROR("bind");
+        }
+
+        close(listen_sock);
+        listen_sock = -1;
+    }
+
+    freeaddrinfo(result);
+
+    return listen_sock;
+}
+
+static void
+server_recv_cb(EV_P_ ev_io *w, int revents)
+{
+    server_ctx_t *server_recv_ctx = (server_ctx_t *)w;
+    server_t *server              = server_recv_ctx->server;
+    remote_t *remote              = server->remote;
+
+    ev_timer_stop(EV_A_ & server->delayed_connect_watcher);
+
+    ssize_t r = recv(server->fd, remote->buf->data + remote->buf->len,
+                     SOCKET_BUF_SIZE - remote->buf->len, 0);
+
+    if (r == 0) {
+        // connection closed
+        close_and_free_remote(EV_A_ remote);
+        close_and_free_server(EV_A_ server);
+        return;
+    } else if (r == -1) {
+        if (errno == EAGAIN || errno == EWOULDBLOCK) {
+            // no data
+            // continue to wait for recv
+            return;
+        } else {
+            ERROR("server recv");
+            close_and_free_remote(EV_A_ remote);
+            close_and_free_server(EV_A_ server);
+            return;
+        }
+    }
+
+    remote->buf->len += r;
+
+    if (redir_verbose) {
+        uint16_t port = 0;
+        char ipstr[INET6_ADDRSTRLEN];
+        memset(&ipstr, 0, INET6_ADDRSTRLEN);
+
+        if (AF_INET == server->destaddr.ss_family) {
+            struct sockaddr_in *sa = (struct sockaddr_in *)&(server->destaddr);
+            inet_ntop(AF_INET, &(sa->sin_addr), ipstr, INET_ADDRSTRLEN);
+            port = ntohs(sa->sin_port);
+        } else {
+            struct sockaddr_in6 *sa = (struct sockaddr_in6 *)&(server->destaddr);
+            inet_ntop(AF_INET6, &(sa->sin6_addr), ipstr, INET6_ADDRSTRLEN);
+            port = ntohs(sa->sin6_port);
+        }
+
+        LOGI("redir to %s:%d, len=%zu, recv=%zd", ipstr, port, remote->buf->len, r);
+    }
+
+    if (!remote->send_ctx->connected) {
+        ev_io_stop(EV_A_ & server_recv_ctx->io);
+        ev_io_start(EV_A_ & remote->send_ctx->io);
+        return;
+    }
+
+    int err = crypto->encrypt(remote->buf, server->e_ctx, SOCKET_BUF_SIZE);
+
+    if (err) {
+        LOGE("invalid password or cipher");
+        close_and_free_remote(EV_A_ remote);
+        close_and_free_server(EV_A_ server);
+        return;
+    }
+
+    int s = send(remote->fd, remote->buf->data, remote->buf->len, 0);
+
+    if (s == -1) {
+        if (errno == EAGAIN || errno == EWOULDBLOCK) {
+            // no data, wait for send
+            remote->buf->idx = 0;
+            ev_io_stop(EV_A_ & server_recv_ctx->io);
+            ev_io_start(EV_A_ & remote->send_ctx->io);
+            return;
+        } else {
+            ERROR("send");
+            close_and_free_remote(EV_A_ remote);
+            close_and_free_server(EV_A_ server);
+            return;
+        }
+    } else if (s < remote->buf->len) {
+        remote->buf->len -= s;
+        remote->buf->idx  = s;
+        ev_io_stop(EV_A_ & server_recv_ctx->io);
+        ev_io_start(EV_A_ & remote->send_ctx->io);
+        return;
+    } else {
+        remote->buf->idx = 0;
+        remote->buf->len = 0;
+    }
+}
+
+static void
+server_send_cb(EV_P_ ev_io *w, int revents)
+{
+    server_ctx_t *server_send_ctx = (server_ctx_t *)w;
+    server_t *server              = server_send_ctx->server;
+    remote_t *remote              = server->remote;
+    if (server->buf->len == 0) {
+        // close and free
+        close_and_free_remote(EV_A_ remote);
+        close_and_free_server(EV_A_ server);
+        return;
+    } else {
+        // has data to send
+        ssize_t s = send(server->fd, server->buf->data + server->buf->idx,
+                         server->buf->len, 0);
+        if (s == -1) {
+            if (errno != EAGAIN && errno != EWOULDBLOCK) {
+                ERROR("send");
+                close_and_free_remote(EV_A_ remote);
+                close_and_free_server(EV_A_ server);
+            }
+            return;
+        } else if (s < server->buf->len) {
+            // partly sent, move memory, wait for the next time to send
+            server->buf->len -= s;
+            server->buf->idx += s;
+            return;
+        } else {
+            // all sent out, wait for reading
+            server->buf->len = 0;
+            server->buf->idx = 0;
+            ev_io_stop(EV_A_ & server_send_ctx->io);
+            ev_io_start(EV_A_ & remote->recv_ctx->io);
+        }
+    }
+}
+
+static void
+delayed_connect_cb(EV_P_ ev_timer *watcher, int revents)
+{
+    server_t *server = cork_container_of(watcher, server_t,
+                                         delayed_connect_watcher);
+    remote_t *remote = server->remote;
+
+    int r = connect(remote->fd, remote->addr,
+                    get_sockaddr_len(remote->addr));
+
+    remote->addr = NULL;
+
+    if (r == -1 && errno != CONNECT_IN_PROGRESS) {
+        ERROR("connect");
+        close_and_free_remote(EV_A_ remote);
+        close_and_free_server(EV_A_ server);
+        return;
+    } else {
+        // listen to remote connected event
+        ev_io_start(EV_A_ & remote->send_ctx->io);
+        ev_timer_start(EV_A_ & remote->send_ctx->watcher);
+    }
+}
+
+static void
+remote_timeout_cb(EV_P_ ev_timer *watcher, int revents)
+{
+    remote_ctx_t *remote_ctx
+        = cork_container_of(watcher, remote_ctx_t, watcher);
+
+    remote_t *remote = remote_ctx->remote;
+    server_t *server = remote->server;
+
+    ev_timer_stop(EV_A_ watcher);
+
+    close_and_free_remote(EV_A_ remote);
+    close_and_free_server(EV_A_ server);
+}
+
+static void
+remote_recv_cb(EV_P_ ev_io *w, int revents)
+{
+    remote_ctx_t *remote_recv_ctx = (remote_ctx_t *)w;
+    remote_t *remote              = remote_recv_ctx->remote;
+    server_t *server              = remote->server;
+
+    ssize_t r = recv(remote->fd, server->buf->data, SOCKET_BUF_SIZE, 0);
+
+    if (r == 0) {
+        // connection closed
+        close_and_free_remote(EV_A_ remote);
+        close_and_free_server(EV_A_ server);
+        return;
+    } else if (r == -1) {
+        if (errno == EAGAIN || errno == EWOULDBLOCK) {
+            // no data
+            // continue to wait for recv
+            return;
+        } else {
+            ERROR("remote recv");
+            close_and_free_remote(EV_A_ remote);
+            close_and_free_server(EV_A_ server);
+            return;
+        }
+    }
+
+    server->buf->len = r;
+
+    int err = crypto->decrypt(server->buf, server->d_ctx, SOCKET_BUF_SIZE);
+    if (err == CRYPTO_ERROR) {
+        LOGE("invalid password or cipher");
+        close_and_free_remote(EV_A_ remote);
+        close_and_free_server(EV_A_ server);
+        return;
+    } else if (err == CRYPTO_NEED_MORE) {
+        return; // Wait for more
+    }
+
+    int s = send(server->fd, server->buf->data, server->buf->len, 0);
+
+    if (s == -1) {
+        if (errno == EAGAIN || errno == EWOULDBLOCK) {
+            // no data, wait for send
+            server->buf->idx = 0;
+            ev_io_stop(EV_A_ & remote_recv_ctx->io);
+            ev_io_start(EV_A_ & server->send_ctx->io);
+        } else {
+            ERROR("send");
+            close_and_free_remote(EV_A_ remote);
+            close_and_free_server(EV_A_ server);
+            return;
+        }
+    } else if (s < server->buf->len) {
+        server->buf->len -= s;
+        server->buf->idx  = s;
+        ev_io_stop(EV_A_ & remote_recv_ctx->io);
+        ev_io_start(EV_A_ & server->send_ctx->io);
+    }
+
+    // Disable TCP_NODELAY after the first response are sent
+    if (!remote->recv_ctx->connected && !no_delay) {
+        int opt = 0;
+        setsockopt(server->fd, SOL_TCP, TCP_NODELAY, &opt, sizeof(opt));
+        setsockopt(remote->fd, SOL_TCP, TCP_NODELAY, &opt, sizeof(opt));
+    }
+    remote->recv_ctx->connected = 1;
+}
+
+static void
+remote_send_cb(EV_P_ ev_io *w, int revents)
+{
+    remote_ctx_t *remote_send_ctx = (remote_ctx_t *)w;
+    remote_t *remote              = remote_send_ctx->remote;
+    server_t *server              = remote->server;
+
+    ev_timer_stop(EV_A_ & remote_send_ctx->watcher);
+
+    if (!remote_send_ctx->connected) {
+        int r = 0;
+        if (remote->addr == NULL) {
+            struct sockaddr_storage addr;
+            memset(&addr, 0, sizeof(struct sockaddr_storage));
+            socklen_t len = sizeof addr;
+            r = getpeername(remote->fd, (struct sockaddr *)&addr, &len);
+        }
+        if (r == 0) {
+            remote_send_ctx->connected = 1;
+
+            ev_io_stop(EV_A_ & remote_send_ctx->io);
+            ev_io_stop(EV_A_ & server->recv_ctx->io);
+            ev_io_start(EV_A_ & remote->recv_ctx->io);
+
+            // send destaddr
+            buffer_t ss_addr_to_send;
+            buffer_t *abuf = &ss_addr_to_send;
+            balloc(abuf, SOCKET_BUF_SIZE);
+
+            if (AF_INET6 == server->destaddr.ss_family) { // IPv6
+                abuf->data[abuf->len++] = 4;          // Type 4 is IPv6 address
+
+                size_t in6_addr_len = sizeof(struct in6_addr);
+                memcpy(abuf->data + abuf->len,
+                       &(((struct sockaddr_in6 *)&(server->destaddr))->sin6_addr),
+                       in6_addr_len);
+                abuf->len += in6_addr_len;
+                memcpy(abuf->data + abuf->len,
+                       &(((struct sockaddr_in6 *)&(server->destaddr))->sin6_port),
+                       2);
+            } else {                             // IPv4
+                abuf->data[abuf->len++] = 1; // Type 1 is IPv4 address
+
+                size_t in_addr_len = sizeof(struct in_addr);
+                memcpy(abuf->data + abuf->len,
+                       &((struct sockaddr_in *)&(server->destaddr))->sin_addr, in_addr_len);
+                abuf->len += in_addr_len;
+                memcpy(abuf->data + abuf->len,
+                       &((struct sockaddr_in *)&(server->destaddr))->sin_port, 2);
+            }
+
+            abuf->len += 2;
+
+            int err = crypto->encrypt(abuf, server->e_ctx, SOCKET_BUF_SIZE);
+            if (err) {
+                LOGE("invalid password or cipher");
+                bfree(abuf);
+                close_and_free_remote(EV_A_ remote);
+                close_and_free_server(EV_A_ server);
+                return;
+            }
+
+            err = crypto->encrypt(remote->buf, server->e_ctx, SOCKET_BUF_SIZE);
+            if (err) {
+                LOGE("invalid password or cipher");
+                bfree(abuf);
+                close_and_free_remote(EV_A_ remote);
+                close_and_free_server(EV_A_ server);
+                return;
+            }
+
+            bprepend(remote->buf, abuf, SOCKET_BUF_SIZE);
+            bfree(abuf);
+        } else {
+            ERROR("getpeername");
+            // not connected
+            close_and_free_remote(EV_A_ remote);
+            close_and_free_server(EV_A_ server);
+            return;
+        }
+    }
+
+    if (remote->buf->len == 0) {
+        // close and free
+        close_and_free_remote(EV_A_ remote);
+        close_and_free_server(EV_A_ server);
+        return;
+    } else {
+        // has data to send
+        int s = -1;
+
+        if (remote->addr != NULL) {
+#if defined(TCP_FASTOPEN_CONNECT)
+            int optval = 1;
+            if (setsockopt(remote->fd, IPPROTO_TCP, TCP_FASTOPEN_CONNECT,
+                           (void *)&optval, sizeof(optval)) < 0)
+                FATAL("failed to set TCP_FASTOPEN_CONNECT");
+            s = connect(remote->fd, remote->addr, get_sockaddr_len(remote->addr));
+            if (s == 0)
+                s = send(remote->fd, remote->buf->data, remote->buf->len, 0);
+#elif defined(MSG_FASTOPEN)
+            s = sendto(remote->fd, remote->buf->data + remote->buf->idx,
+                       remote->buf->len, MSG_FASTOPEN, remote->addr,
+                       get_sockaddr_len(remote->addr));
+#else
+            FATAL("tcp fast open is not supported on this platform");
+#endif
+
+            remote->addr = NULL;
+
+            if (s == -1) {
+                if (errno == CONNECT_IN_PROGRESS) {
+                    ev_io_start(EV_A_ & remote_send_ctx->io);
+                    ev_timer_start(EV_A_ & remote_send_ctx->watcher);
+                } else {
+                    if (errno == EOPNOTSUPP || errno == EPROTONOSUPPORT ||
+                        errno == ENOPROTOOPT) {
+                        redir_fast_open = 0;
+                        LOGE("fast open is not supported on this platform");
+                    } else {
+                        ERROR("fast_open_connect");
+                    }
+                    close_and_free_remote(EV_A_ remote);
+                    close_and_free_server(EV_A_ server);
+                }
+                return;
+            }
+        } else {
+            s = send(remote->fd, remote->buf->data + remote->buf->idx,
+                     remote->buf->len, 0);
+        }
+
+        if (s == -1) {
+            if (errno != EAGAIN && errno != EWOULDBLOCK) {
+                ERROR("send");
+                // close and free
+                close_and_free_remote(EV_A_ remote);
+                close_and_free_server(EV_A_ server);
+            }
+            return;
+        } else if (s < remote->buf->len) {
+            // partly sent, move memory, wait for the next time to send
+            remote->buf->len -= s;
+            remote->buf->idx += s;
+            ev_io_start(EV_A_ & remote_send_ctx->io);
+            return;
+        } else {
+            // all sent out, wait for reading
+            remote->buf->len = 0;
+            remote->buf->idx = 0;
+            ev_io_stop(EV_A_ & remote_send_ctx->io);
+            ev_io_start(EV_A_ & server->recv_ctx->io);
+        }
+    }
+}
+
+static remote_t *
+new_remote(int fd, int timeout)
+{
+    remote_t *remote = ss_malloc(sizeof(remote_t));
+    memset(remote, 0, sizeof(remote_t));
+
+    remote->recv_ctx = ss_malloc(sizeof(remote_ctx_t));
+    remote->send_ctx = ss_malloc(sizeof(remote_ctx_t));
+    remote->buf      = ss_malloc(sizeof(buffer_t));
+    balloc(remote->buf, SOCKET_BUF_SIZE);
+    memset(remote->recv_ctx, 0, sizeof(remote_ctx_t));
+    memset(remote->send_ctx, 0, sizeof(remote_ctx_t));
+    remote->fd                  = fd;
+    remote->recv_ctx->remote    = remote;
+    remote->recv_ctx->connected = 0;
+    remote->send_ctx->remote    = remote;
+    remote->send_ctx->connected = 0;
+
+    ev_io_init(&remote->recv_ctx->io, remote_recv_cb, fd, EV_READ);
+    ev_io_init(&remote->send_ctx->io, remote_send_cb, fd, EV_WRITE);
+    ev_timer_init(&remote->send_ctx->watcher, remote_timeout_cb,
+                  min(MAX_CONNECT_TIMEOUT, timeout), 0);
+
+    return remote;
+}
+
+static void
+free_remote(remote_t *remote)
+{
+    if (remote->server != NULL) {
+        remote->server->remote = NULL;
+    }
+    if (remote->buf != NULL) {
+        bfree(remote->buf);
+        ss_free(remote->buf);
+    }
+    ss_free(remote->recv_ctx);
+    ss_free(remote->send_ctx);
+    ss_free(remote);
+}
+
+static void
+close_and_free_remote(EV_P_ remote_t *remote)
+{
+    if (remote != NULL) {
+        ev_timer_stop(EV_A_ & remote->send_ctx->watcher);
+        ev_io_stop(EV_A_ & remote->send_ctx->io);
+        ev_io_stop(EV_A_ & remote->recv_ctx->io);
+        close(remote->fd);
+        free_remote(remote);
+    }
+}
+
+static server_t *
+new_server(int fd)
+{
+    server_t *server = ss_malloc(sizeof(server_t));
+    memset(server, 0, sizeof(server_t));
+
+    server->recv_ctx = ss_malloc(sizeof(server_ctx_t));
+    server->send_ctx = ss_malloc(sizeof(server_ctx_t));
+    server->buf      = ss_malloc(sizeof(buffer_t));
+    balloc(server->buf, SOCKET_BUF_SIZE);
+    memset(server->recv_ctx, 0, sizeof(server_ctx_t));
+    memset(server->send_ctx, 0, sizeof(server_ctx_t));
+    server->fd                  = fd;
+    server->recv_ctx->server    = server;
+    server->recv_ctx->connected = 0;
+    server->send_ctx->server    = server;
+    server->send_ctx->connected = 0;
+
+    server->e_ctx = ss_malloc(sizeof(cipher_ctx_t));
+    server->d_ctx = ss_malloc(sizeof(cipher_ctx_t));
+    crypto->ctx_init(crypto->cipher, server->e_ctx, 1);
+    crypto->ctx_init(crypto->cipher, server->d_ctx, 0);
+
+    ev_io_init(&server->recv_ctx->io, server_recv_cb, fd, EV_READ);
+    ev_io_init(&server->send_ctx->io, server_send_cb, fd, EV_WRITE);
+
+    ev_timer_init(&server->delayed_connect_watcher, delayed_connect_cb, 0.05,
+                  0);
+
+    return server;
+}
+
+static void
+free_server(server_t *server)
+{
+    if (server->remote != NULL) {
+        server->remote->server = NULL;
+    }
+    if (server->e_ctx != NULL) {
+        crypto->ctx_release(server->e_ctx);
+        ss_free(server->e_ctx);
+    }
+    if (server->d_ctx != NULL) {
+        crypto->ctx_release(server->d_ctx);
+        ss_free(server->d_ctx);
+    }
+    if (server->buf != NULL) {
+        bfree(server->buf);
+        ss_free(server->buf);
+    }
+    ss_free(server->recv_ctx);
+    ss_free(server->send_ctx);
+    ss_free(server);
+}
+
+static void
+close_and_free_server(EV_P_ server_t *server)
+{
+    if (server != NULL) {
+        ev_io_stop(EV_A_ & server->send_ctx->io);
+        ev_io_stop(EV_A_ & server->recv_ctx->io);
+        ev_timer_stop(EV_A_ & server->delayed_connect_watcher);
+        close(server->fd);
+        free_server(server);
+    }
+}
+
+static void
+accept_cb(EV_P_ ev_io *w, int revents)
+{
+    listen_ctx_t *listener = (listen_ctx_t *)w;
+    struct sockaddr_storage destaddr;
+    memset(&destaddr, 0, sizeof(struct sockaddr_storage));
+
+    int err;
+
+    int serverfd = accept(listener->fd, NULL, NULL);
+    if (serverfd == -1) {
+        ERROR("accept");
+        return;
+    }
+
+    err = getdestaddr(serverfd, &destaddr);
+    if (err) {
+        ERROR("getdestaddr");
+        return;
+    }
+
+    rdr_setnonblocking(serverfd);
+    int opt = 1;
+    setsockopt(serverfd, SOL_TCP, TCP_NODELAY, &opt, sizeof(opt));
+#ifdef SO_NOSIGPIPE
+    setsockopt(serverfd, SOL_SOCKET, SO_NOSIGPIPE, &opt, sizeof(opt));
+#endif
+
+    int index                    = rand() % listener->remote_num;
+    struct sockaddr *remote_addr = listener->remote_addr[index];
+
+    int remotefd = socket(remote_addr->sa_family, SOCK_STREAM, IPPROTO_TCP);
+    if (remotefd == -1) {
+        ERROR("socket");
+        return;
+    }
+
+    // Set flags
+    setsockopt(remotefd, SOL_TCP, TCP_NODELAY, &opt, sizeof(opt));
+#ifdef SO_NOSIGPIPE
+    setsockopt(remotefd, SOL_SOCKET, SO_NOSIGPIPE, &opt, sizeof(opt));
+#endif
+
+    // Enable TCP keepalive feature
+    int keepAlive    = 1;
+    int keepIdle     = 40;
+    int keepInterval = 20;
+    int keepCount    = 5;
+    setsockopt(remotefd, SOL_SOCKET, SO_KEEPALIVE, (void *)&keepAlive, sizeof(keepAlive));
+    setsockopt(remotefd, SOL_TCP, TCP_KEEPALIVE, (void *)&keepIdle, sizeof(keepIdle));
+    setsockopt(remotefd, SOL_TCP, TCP_KEEPINTVL, (void *)&keepInterval, sizeof(keepInterval));
+    setsockopt(remotefd, SOL_TCP, TCP_KEEPCNT, (void *)&keepCount, sizeof(keepCount));
+
+    // Set non blocking
+    rdr_setnonblocking(remotefd);
+
+    if (listener->tos >= 0) {
+        int rc = setsockopt(remotefd, IPPROTO_IP, IP_TOS, &listener->tos, sizeof(listener->tos));
+        if (rc < 0 && errno != ENOPROTOOPT) {
+            LOGE("setting ipv4 dscp failed: %d", errno);
+        }
+        rc = setsockopt(remotefd, IPPROTO_IPV6, IPV6_TCLASS, &listener->tos, sizeof(listener->tos));
+        if (rc < 0 && errno != ENOPROTOOPT) {
+            LOGE("setting ipv6 dscp failed: %d", errno);
+        }
+    }
+
+    // Enable MPTCP
+    if (listener->mptcp > 1) {
+        int err = setsockopt(remotefd, SOL_TCP, listener->mptcp, &opt, sizeof(opt));
+        if (err == -1) {
+            ERROR("failed to enable multipath TCP");
+        }
+    } else if (listener->mptcp == 1) {
+        int i = 0;
+        while ((listener->mptcp = mptcp_enabled_values[i]) > 0) {
+            int err = setsockopt(remotefd, SOL_TCP, listener->mptcp, &opt, sizeof(opt));
+            if (err != -1) {
+                break;
+            }
+            i++;
+        }
+        if (listener->mptcp == 0) {
+            ERROR("failed to enable multipath TCP");
+        }
+    }
+
+    server_t *server = new_server(serverfd);
+    remote_t *remote = new_remote(remotefd, listener->timeout);
+    server->remote   = remote;
+    remote->server   = server;
+    server->destaddr = destaddr;
+
+    if (redir_fast_open) {
+        // save remote addr for fast open
+        remote->addr = remote_addr;
+        ev_timer_start(EV_A_ & server->delayed_connect_watcher);
+    } else {
+        int r = connect(remotefd, remote_addr, get_sockaddr_len(remote_addr));
+
+        if (r == -1 && errno != CONNECT_IN_PROGRESS) {
+            ERROR("connect");
+            close_and_free_remote(EV_A_ remote);
+            close_and_free_server(EV_A_ server);
+            return;
+        }
+        // listen to remote connected event
+        ev_io_start(EV_A_ & remote->send_ctx->io);
+        ev_timer_start(EV_A_ & remote->send_ctx->watcher);
+    }
+    ev_io_start(EV_A_ & server->recv_ctx->io);
+}
+
+static void
+signal_cb(EV_P_ ev_signal *w, int revents)
+{
+    if (revents & EV_SIGNAL) {
+        switch (w->signum) {
+        case SIGCHLD:
+            if (!is_plugin_running()) {
+                LOGE("plugin service exit unexpectedly");
+                ret_val = -1;
+            } else
+                return;
+        case SIGINT:
+        case SIGTERM:
+            ev_signal_stop(EV_DEFAULT, &sigint_watcher);
+            ev_signal_stop(EV_DEFAULT, &sigterm_watcher);
+            ev_signal_stop(EV_DEFAULT, &sigchld_watcher);
+
+            ev_unloop(EV_A_ EVUNLOOP_ALL);
+        }
+    }
+}
+
+#ifndef LIB_ONLY
+int
+main(int argc, char **argv)
+{
+    srand(time(NULL));
+
+    int i, c;
+    int pid_flags    = 0;
+    int mptcp        = 0;
+    int mtu          = 0;
+    char *user       = NULL;
+    char *local_port = NULL;
+    char *local_addr = NULL;
+    char *password   = NULL;
+    char *key        = NULL;
+    char *timeout    = NULL;
+    char *method     = NULL;
+    char *pid_path   = NULL;
+    char *conf_path  = NULL;
+
+    char *plugin      = NULL;
+    char *plugin_opts = NULL;
+    char *plugin_host = NULL;
+    char *plugin_port = NULL;
+    char tmp_port[8];
+
+    int dscp_num    = 0;
+    ss_dscp_t *dscp = NULL;
+
+    int remote_num    = 0;
+    char *remote_port = NULL;
+    ss_addr_t remote_addr[MAX_REMOTE_NUM];
+
+    memset(remote_addr, 0, sizeof(ss_addr_t) * MAX_REMOTE_NUM);
+
+    static struct option long_options[] = {
+        { "fast-open",   no_argument,       NULL, GETOPT_VAL_FAST_OPEN   },
+        { "mtu",         required_argument, NULL, GETOPT_VAL_MTU         },
+        { "mptcp",       no_argument,       NULL, GETOPT_VAL_MPTCP       },
+        { "plugin",      required_argument, NULL, GETOPT_VAL_PLUGIN      },
+        { "plugin-opts", required_argument, NULL, GETOPT_VAL_PLUGIN_OPTS },
+        { "reuse-port",  no_argument,       NULL, GETOPT_VAL_REUSE_PORT  },
+        { "no-delay",    no_argument,       NULL, GETOPT_VAL_NODELAY     },
+        { "password",    required_argument, NULL, GETOPT_VAL_PASSWORD    },
+        { "key",         required_argument, NULL, GETOPT_VAL_KEY         },
+        { "help",        no_argument,       NULL, GETOPT_VAL_HELP        },
+        { NULL,          0,                 NULL, 0                      }
+    };
+
+    opterr = 0;
+
+    USE_TTY();
+
+    while ((c = getopt_long(argc, argv, "f:s:p:l:k:t:m:c:b:a:n:huUTv6A",
+                            long_options, NULL)) != -1) {
+        switch (c) {
+        case GETOPT_VAL_FAST_OPEN:
+            redir_fast_open = 1;
+            break;
+        case GETOPT_VAL_MTU:
+            mtu = atoi(optarg);
+            LOGI("set MTU to %d", mtu);
+            break;
+        case GETOPT_VAL_MPTCP:
+            mptcp = 1;
+            LOGI("enable multipath TCP");
+            break;
+        case GETOPT_VAL_NODELAY:
+            no_delay = 1;
+            LOGI("enable TCP no-delay");
+            break;
+        case GETOPT_VAL_PLUGIN:
+            plugin = optarg;
+            break;
+        case GETOPT_VAL_PLUGIN_OPTS:
+            plugin_opts = optarg;
+            break;
+        case GETOPT_VAL_KEY:
+            key = optarg;
+            break;
+        case GETOPT_VAL_REUSE_PORT:
+            reuse_port = 1;
+            break;
+        case 's':
+            if (remote_num < MAX_REMOTE_NUM) {
+                parse_addr(optarg, &remote_addr[remote_num++]);
+            }
+            break;
+        case 'p':
+            remote_port = optarg;
+            break;
+        case 'l':
+            local_port = optarg;
+            break;
+        case GETOPT_VAL_PASSWORD:
+        case 'k':
+            password = optarg;
+            break;
+        case 'f':
+            pid_flags = 1;
+            pid_path  = optarg;
+            break;
+        case 't':
+            timeout = optarg;
+            break;
+        case 'm':
+            method = optarg;
+            break;
+        case 'c':
+            conf_path = optarg;
+            break;
+        case 'b':
+            local_addr = optarg;
+            break;
+        case 'a':
+            user = optarg;
+            break;
+#ifdef HAVE_SETRLIMIT
+        case 'n':
+            nofile = atoi(optarg);
+            break;
+#endif
+        case 'u':
+            mode = TCP_AND_UDP;
+            break;
+        case 'U':
+            mode = UDP_ONLY;
+            break;
+        case 'T':
+            tcp_tproxy = 1;
+            break;
+        case 'v':
+            redir_verbose = 1;
+            break;
+        case GETOPT_VAL_HELP:
+        case 'h':
+            usage();
+            exit(EXIT_SUCCESS);
+        case '6':
+            ipv6first = 1;
+            break;
+        case 'A':
+            FATAL("One time auth has been deprecated. Try AEAD ciphers instead.");
+            break;
+        case '?':
+            // The option character is not recognized.
+            LOGE("Unrecognized option: %s", optarg);
+            opterr = 1;
+            break;
+        }
+    }
+
+    if (opterr) {
+        usage();
+        exit(EXIT_FAILURE);
+    }
+
+    if (argc == 1) {
+        if (conf_path == NULL) {
+            conf_path = get_default_conf();
+        }
+    }
+
+    if (conf_path != NULL) {
+        jconf_t *conf = read_jconf(conf_path);
+        if (remote_num == 0) {
+            remote_num = conf->remote_num;
+            for (i = 0; i < remote_num; i++)
+                remote_addr[i] = conf->remote_addr[i];
+        }
+        if (remote_port == NULL) {
+            remote_port = conf->remote_port;
+        }
+        if (local_addr == NULL) {
+            local_addr = conf->local_addr;
+        }
+        if (local_port == NULL) {
+            local_port = conf->local_port;
+        }
+        if (password == NULL) {
+            password = conf->password;
+        }
+        if (key == NULL) {
+            key = conf->key;
+        }
+        if (method == NULL) {
+            method = conf->method;
+        }
+        if (timeout == NULL) {
+            timeout = conf->timeout;
+        }
+        if (user == NULL) {
+            user = conf->user;
+        }
+        if (plugin == NULL) {
+            plugin = conf->plugin;
+        }
+        if (plugin_opts == NULL) {
+            plugin_opts = conf->plugin_opts;
+        }
+        if (mode == TCP_ONLY) {
+            mode = conf->mode;
+        }
+        if (tcp_tproxy == 0) {
+            tcp_tproxy = conf->tcp_tproxy;
+        }
+        if (mtu == 0) {
+            mtu = conf->mtu;
+        }
+        if (mptcp == 0) {
+            mptcp = conf->mptcp;
+        }
+        if (no_delay == 0) {
+            no_delay = conf->no_delay;
+        }
+        if (reuse_port == 0) {
+            reuse_port = conf->reuse_port;
+        }
+        if (redir_fast_open == 0) {
+            redir_fast_open = conf->fast_open;
+        }
+#ifdef HAVE_SETRLIMIT
+        if (nofile == 0) {
+            nofile = conf->nofile;
+        }
+#endif
+        if (ipv6first == 0) {
+            ipv6first = conf->ipv6_first;
+        }
+        dscp_num = conf->dscp_num;
+        dscp     = conf->dscp;
+    }
+
+    if (remote_num == 0 || remote_port == NULL || local_port == NULL
+        || (password == NULL && key == NULL)) {
+        usage();
+        exit(EXIT_FAILURE);
+    }
+
+    if (plugin != NULL) {
+        uint16_t port = get_local_port();
+        if (port == 0) {
+            FATAL("failed to find a free port");
+        }
+        snprintf(tmp_port, 8, "%d", port);
+        if (is_ipv6only(remote_addr, remote_num, ipv6first)) {
+            plugin_host = "::1";
+        } else {
+            plugin_host = "127.0.0.1";
+        }
+        plugin_port = tmp_port;
+
+        LOGI("plugin \"%s\" enabled", plugin);
+    }
+
+    if (method == NULL) {
+        method = "chacha20-ietf-poly1305";
+    }
+
+    if (timeout == NULL) {
+        timeout = "600";
+    }
+
+#ifdef HAVE_SETRLIMIT
+    /*
+     * no need to check the return value here since we will show
+     * the user an error message if setrlimit(2) fails
+     */
+    if (nofile > 1024) {
+        if (redir_verbose) {
+            LOGI("setting NOFILE to %d", nofile);
+        }
+//        set_nofile(nofile);
+    }
+#endif
+
+    if (local_addr == NULL) {
+        if (is_ipv6only(remote_addr, remote_num, ipv6first)) {
+            local_addr = "::1";
+        } else {
+            local_addr = "127.0.0.1";
+        }
+    }
+
+    if (redir_fast_open == 1) {
+#ifdef TCP_FASTOPEN
+        LOGI("using tcp fast open");
+#else
+        LOGE("tcp fast open is not supported by this environment");
+        redir_fast_open = 0;
+#endif
+    }
+
+    USE_SYSLOG(argv[0], pid_flags);
+    if (pid_flags) {
+        daemonize(pid_path);
+    }
+
+    if (no_delay) {
+        LOGI("enable TCP no-delay");
+    }
+
+    if (ipv6first) {
+        LOGI("resolving hostname to IPv6 address first");
+    }
+
+    if (plugin != NULL) {
+        int len          = 0;
+        size_t buf_size  = 256 * remote_num;
+        char *remote_str = ss_malloc(buf_size);
+
+        snprintf(remote_str, buf_size, "%s", remote_addr[0].host);
+        for (int i = 1; i < remote_num; i++) {
+            snprintf(remote_str + len, buf_size - len, "|%s", remote_addr[i].host);
+            len = strlen(remote_str);
+        }
+        int err = start_plugin(plugin, plugin_opts, remote_str,
+                               remote_port, plugin_host, plugin_port, MODE_CLIENT);
+        if (err) {
+            FATAL("failed to start the plugin");
+        }
+    }
+
+    // ignore SIGPIPE
+    signal(SIGPIPE, SIG_IGN);
+    signal(SIGABRT, SIG_IGN);
+
+    ev_signal_init(&sigint_watcher, signal_cb, SIGINT);
+    ev_signal_init(&sigterm_watcher, signal_cb, SIGTERM);
+    ev_signal_init(&sigchld_watcher, signal_cb, SIGCHLD);
+    ev_signal_start(EV_DEFAULT, &sigint_watcher);
+    ev_signal_start(EV_DEFAULT, &sigterm_watcher);
+    ev_signal_start(EV_DEFAULT, &sigchld_watcher);
+
+    // Setup keys
+    LOGI("initializing ciphers... %s", method);
+    crypto = crypto_init(password, key, method);
+    if (crypto == NULL)
+        FATAL("failed to initialize ciphers");
+
+    // Setup proxy context
+    struct listen_ctx listen_ctx;
+    memset(&listen_ctx, 0, sizeof(struct listen_ctx));
+    listen_ctx.remote_num  = remote_num;
+    listen_ctx.remote_addr = ss_malloc(sizeof(struct sockaddr *) * remote_num);
+    memset(listen_ctx.remote_addr, 0, sizeof(struct sockaddr *) * remote_num);
+    for (i = 0; i < remote_num; i++) {
+        char *host = remote_addr[i].host;
+        char *port = remote_addr[i].port == NULL ? remote_port :
+                     remote_addr[i].port;
+        if (plugin != NULL) {
+            host = plugin_host;
+            port = plugin_port;
+        }
+        struct sockaddr_storage *storage = ss_malloc(sizeof(struct sockaddr_storage));
+        memset(storage, 0, sizeof(struct sockaddr_storage));
+        if (get_sockaddr(host, port, storage, 1, ipv6first) == -1) {
+            FATAL("failed to resolve the provided hostname");
+        }
+        listen_ctx.remote_addr[i] = (struct sockaddr *)storage;
+
+        if (plugin != NULL)
+            break;
+    }
+    listen_ctx.timeout = atoi(timeout);
+    listen_ctx.mptcp   = mptcp;
+
+    struct ev_loop *loop = EV_DEFAULT;
+
+    listen_ctx_t *listen_ctx_current = &listen_ctx;
+    do {
+        if (listen_ctx_current->tos) {
+            LOGI("listening at %s:%s (TOS 0x%x)", local_addr, local_port, listen_ctx_current->tos);
+        } else {
+            LOGI("listening at %s:%s", local_addr, local_port);
+        }
+
+        if (mode != UDP_ONLY) {
+            // Setup socket
+            int listenfd;
+            listenfd = rdr_create_and_bind(local_addr, local_port);
+            if (listenfd == -1) {
+                FATAL("bind() error");
+            }
+            if (listen(listenfd, SOMAXCONN) == -1) {
+                FATAL("listen() error");
+            }
+            rdr_setnonblocking(listenfd);
+
+            listen_ctx_current->fd = listenfd;
+
+            ev_io_init(&listen_ctx_current->io, accept_cb, listenfd, EV_READ);
+            ev_io_start(loop, &listen_ctx_current->io);
+        }
+
+        // Setup UDP
+        if (mode != TCP_ONLY) {
+            LOGI("UDP relay enabled");
+            char *host                       = remote_addr[0].host;
+            char *port                       = remote_addr[0].port == NULL ? remote_port : remote_addr[0].port;
+            struct sockaddr_storage *storage = ss_malloc(sizeof(struct sockaddr_storage));
+            memset(storage, 0, sizeof(struct sockaddr_storage));
+            if (get_sockaddr(host, port, storage, 1, ipv6first) == -1) {
+                FATAL("failed to resolve the provided hostname");
+            }
+            struct sockaddr *addr = (struct sockaddr *)storage;
+            init_udprelay(local_addr, local_port, addr,
+                          get_sockaddr_len(addr), mtu, crypto, listen_ctx_current->timeout, NULL);
+        }
+
+        if (mode == UDP_ONLY) {
+            LOGI("TCP relay disabled");
+        }
+
+        // Handle additionals TOS/DSCP listening ports
+        if (dscp_num > 0) {
+            listen_ctx_current      = (listen_ctx_t *)ss_malloc(sizeof(listen_ctx_t));
+            listen_ctx_current      = memcpy(listen_ctx_current, &listen_ctx, sizeof(listen_ctx_t));
+            local_port              = dscp[dscp_num - 1].port;
+            listen_ctx_current->tos = dscp[dscp_num - 1].dscp << 2;
+        }
+    } while (dscp_num-- > 0);
+
+    // setuid
+    if (user != NULL && !run_as(user)) {
+        FATAL("failed to switch user");
+    }
+
+    if (geteuid() == 0) {
+        LOGI("running from root user");
+    }
+
+    ev_run(loop, 0);
+
+    if (plugin != NULL) {
+        stop_plugin();
+    }
+
+    return ret_val;
+}
+#endif
diff --git a/client/3rd/ShadowSocks/ShadowSocks/shadowsocks-libev/src/redir.h b/client/3rd/ShadowSocks/ShadowSocks/shadowsocks-libev/src/redir.h
new file mode 100644
index 00000000..2544d65e
--- /dev/null
+++ b/client/3rd/ShadowSocks/ShadowSocks/shadowsocks-libev/src/redir.h
@@ -0,0 +1,82 @@
+/* * redir.h - Define the redirector's buffers and callbacks
+ *
+ * Copyright (C) 2013 - 2019, Max Lv <max.c.lv@gmail.com>
+ *
+ * This file is part of the shadowsocks-libev.
+ *
+ * shadowsocks-libev is free software; you can redistribute it and/or modify
+ * it under the terms of the GNU General Public License as published by
+ * the Free Software Foundation; either version 3 of the License, or
+ * (at your option) any later version.
+ *
+ * shadowsocks-libev is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+ * GNU General Public License for more details.
+ *
+ * You should have received a copy of the GNU General Public License
+ * along with shadowsocks-libev; see the file COPYING. If not, see
+ * <http://www.gnu.org/licenses/>.
+ */
+
+#ifndef _REDIR_H
+#define _REDIR_H
+
+#ifdef HAVE_LIBEV_EV_H
+#include <libev/ev.h>
+#else
+#include <ev.h>
+#endif
+
+#include "crypto.h"
+#include "jconf.h"
+
+typedef struct listen_ctx {
+    ev_io io;
+    int remote_num;
+    int timeout;
+    int fd;
+    int mptcp;
+    int tos;
+    struct sockaddr **remote_addr;
+} listen_ctx_t;
+
+typedef struct server_ctx {
+    ev_io io;
+    int connected;
+    struct server *server;
+} server_ctx_t;
+
+typedef struct server {
+    int fd;
+
+    buffer_t *buf;
+
+    cipher_ctx_t *e_ctx;
+    cipher_ctx_t *d_ctx;
+    struct server_ctx *recv_ctx;
+    struct server_ctx *send_ctx;
+    struct remote *remote;
+
+    struct sockaddr_storage destaddr;
+    ev_timer delayed_connect_watcher;
+} server_t;
+
+typedef struct remote_ctx {
+    ev_io io;
+    ev_timer watcher;
+    int connected;
+    struct remote *remote;
+} remote_ctx_t;
+
+typedef struct remote {
+    int fd;
+    buffer_t *buf;
+    struct remote_ctx *recv_ctx;
+    struct remote_ctx *send_ctx;
+    struct server *server;
+    uint32_t counter;
+    struct sockaddr *addr;
+} remote_t;
+
+#endif // _REDIR_H
diff --git a/client/3rd/ShadowSocks/ShadowSocks/shadowsocks-libev/src/resolv.c b/client/3rd/ShadowSocks/ShadowSocks/shadowsocks-libev/src/resolv.c
new file mode 100644
index 00000000..8d203fd9
--- /dev/null
+++ b/client/3rd/ShadowSocks/ShadowSocks/shadowsocks-libev/src/resolv.c
@@ -0,0 +1,497 @@
+/*
+ * Copyright (c) 2014, Dustin Lundquist <dustin@null-ptr.net>
+ * All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions are met:
+ *
+ * 1. Redistributions of source code must retain the above copyright notice,
+ *    this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in the
+ *    documentation and/or other materials provided with the distribution.
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS"
+ * AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT HOLDER OR CONTRIBUTORS BE
+ * LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR
+ * CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF
+ * SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS
+ * INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN
+ * CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
+ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE
+ * POSSIBILITY OF SUCH DAMAGE.
+ */
+
+#ifdef HAVE_CONFIG_H
+#include "config.h"
+#endif
+
+#include <stdio.h>
+#include <stdlib.h>
+#include <string.h>
+#include <fcntl.h>
+#ifndef __MINGW32__
+#include <netdb.h>
+#include <sys/socket.h>
+#include <netinet/in.h>
+#include <errno.h>
+#include <unistd.h>
+#else
+#include "winsock.h" // Should be before <ares.h>
+#endif
+#include <ares.h>
+
+#ifdef HAVE_LIBEV_EV_H
+#include <libev/ev.h>
+#else
+#include <ev.h>
+#endif
+
+#include <libcork/core.h>
+
+#include "resolv.h"
+#include "utils.h"
+#include "netutils.h"
+
+#ifdef __MINGW32__
+#define CONV_STATE_CB (ares_sock_state_cb)
+#else
+#define CONV_STATE_CB
+#endif
+
+/*
+ * Implement DNS resolution interface using libc-ares
+ */
+
+#define SS_NUM_IOS 6
+#define SS_INVALID_FD -1
+#define SS_TIMER_AFTER 1.0
+
+struct resolv_ctx {
+    struct ev_io ios[SS_NUM_IOS];
+    struct ev_timer timer;
+    ev_tstamp last_tick;
+
+    ares_channel channel;
+    struct ares_options options;
+};
+
+struct resolv_query {
+    int requests[2];
+    size_t response_count;
+    struct sockaddr **responses;
+
+    void (*client_cb)(struct sockaddr *, void *);
+    void (*free_cb)(void *);
+
+    uint16_t port;
+
+    void *data;
+
+    int is_closed;
+};
+
+extern int verbose;
+
+static struct resolv_ctx default_ctx;
+static struct ev_loop *default_loop;
+
+enum {
+    MODE_IPV4_FIRST = 0,
+    MODE_IPV6_FIRST = 1
+} RESOLV_MODE;
+
+static int resolv_mode = MODE_IPV4_FIRST;
+
+static void resolv_sock_cb(struct ev_loop *, struct ev_io *, int);
+static void resolv_timer_cb(struct ev_loop *, struct ev_timer *, int);
+static void resolv_sock_state_cb(void *, int, int, int);
+
+static void dns_query_v4_cb(void *, int, int, struct hostent *);
+static void dns_query_v6_cb(void *, int, int, struct hostent *);
+
+static void process_client_callback(struct resolv_query *);
+static inline int all_requests_are_null(struct resolv_query *);
+static struct sockaddr *choose_ipv4_first(struct resolv_query *);
+static struct sockaddr *choose_ipv6_first(struct resolv_query *);
+static struct sockaddr *choose_any(struct resolv_query *);
+
+/*
+ * DNS UDP socket activity callback
+ */
+static void
+resolv_sock_cb(EV_P_ ev_io *w, int revents)
+{
+    ares_socket_t rfd = ARES_SOCKET_BAD, wfd = ARES_SOCKET_BAD;
+
+    if (revents & EV_READ)
+        rfd = w->fd;
+    if (revents & EV_WRITE)
+        wfd = w->fd;
+
+    default_ctx.last_tick = ev_now(default_loop);
+
+    ares_process_fd(default_ctx.channel, rfd, wfd);
+}
+
+int
+resolv_init(struct ev_loop *loop, char *nameservers, int ipv6first)
+{
+    int status;
+
+    if (ipv6first)
+        resolv_mode = MODE_IPV6_FIRST;
+    else
+        resolv_mode = MODE_IPV4_FIRST;
+
+    default_loop = loop;
+
+    if ((status = ares_library_init(ARES_LIB_INIT_ALL)) != ARES_SUCCESS) {
+        LOGE("c-ares error: %s", ares_strerror(status));
+        FATAL("failed to initialize c-ares");
+    }
+
+    memset(&default_ctx, 0, sizeof(struct resolv_ctx));
+
+    default_ctx.options.sock_state_cb_data = &default_ctx;
+    default_ctx.options.sock_state_cb      = CONV_STATE_CB resolv_sock_state_cb;
+    default_ctx.options.timeout            = 3000;
+    default_ctx.options.tries              = 2;
+
+    status = ares_init_options(&default_ctx.channel, &default_ctx.options,
+#if ARES_VERSION_MAJOR >= 1 && ARES_VERSION_MINOR >= 12
+                               ARES_OPT_NOROTATE |
+#endif
+                               ARES_OPT_TIMEOUTMS | ARES_OPT_TRIES | ARES_OPT_SOCK_STATE_CB);
+
+    if (status != ARES_SUCCESS) {
+        FATAL("failed to initialize c-ares");
+    }
+
+    if (nameservers != NULL) {
+#if ARES_VERSION_MAJOR >= 1 && ARES_VERSION_MINOR >= 11
+        status = ares_set_servers_ports_csv(default_ctx.channel, nameservers);
+#else
+        status = ares_set_servers_csv(default_ctx.channel, nameservers);
+#endif
+    }
+
+    if (status != ARES_SUCCESS) {
+        FATAL("failed to set nameservers");
+    }
+
+    for (int i = 0; i < SS_NUM_IOS; i++)
+        ev_io_init(&default_ctx.ios[i], resolv_sock_cb, SS_INVALID_FD, 0);
+
+    default_ctx.last_tick = ev_now(default_loop);
+    ev_init(&default_ctx.timer, resolv_timer_cb);
+    resolv_timer_cb(default_loop, &default_ctx.timer, 0);
+
+    return 0;
+}
+
+void
+resolv_shutdown(struct ev_loop *loop)
+{
+    ev_timer_stop(default_loop, &default_ctx.timer);
+    for (int i = 0; i < SS_NUM_IOS; i++)
+        ev_io_stop(default_loop, &default_ctx.ios[i]);
+
+    ares_cancel(default_ctx.channel);
+    ares_destroy(default_ctx.channel);
+
+    ares_library_cleanup();
+}
+
+void
+resolv_start(const char *hostname, uint16_t port,
+             void (*client_cb)(struct sockaddr *, void *),
+             void (*free_cb)(void *), void *data)
+{
+    /*
+     * Wrap c-ares's call back in our own
+     */
+    struct resolv_query *query = ss_malloc(sizeof(struct resolv_query));
+
+    memset(query, 0, sizeof(struct resolv_query));
+
+    query->port           = port;
+    query->client_cb      = client_cb;
+    query->response_count = 0;
+    query->responses      = NULL;
+    query->data           = data;
+    query->free_cb        = free_cb;
+
+    query->requests[0] = AF_INET;
+    query->requests[1] = AF_INET6;
+
+    ares_gethostbyname(default_ctx.channel, hostname, AF_INET, dns_query_v4_cb, query);
+    ares_gethostbyname(default_ctx.channel, hostname, AF_INET6, dns_query_v6_cb, query);
+}
+
+/*
+ * Wrapper for client callback we provide to c-ares
+ */
+static void
+dns_query_v4_cb(void *arg, int status, int timeouts, struct hostent *he)
+{
+    int i, n;
+    struct resolv_query *query = (struct resolv_query *)arg;
+
+    if (status == ARES_EDESTRUCTION) {
+        return;
+    }
+
+    if (!he || status != ARES_SUCCESS) {
+        if (verbose) {
+            LOGI("failed to lookup v4 address %s", ares_strerror(status));
+        }
+        goto CLEANUP;
+    }
+
+    if (verbose) {
+        LOGI("found address name v4 address %s", he->h_name);
+    }
+
+    n = 0;
+    while (he->h_addr_list[n])
+        n++;
+
+    if (n > 0) {
+        struct sockaddr **new_responses = ss_realloc(query->responses,
+                                                     (query->response_count + n)
+                                                     * sizeof(struct sockaddr *));
+
+        if (new_responses == NULL) {
+            LOGE("failed to allocate memory for additional DNS responses");
+        } else {
+            query->responses = new_responses;
+
+            for (i = 0; i < n; i++) {
+                struct sockaddr_in *sa = ss_malloc(sizeof(struct sockaddr_in));
+                memset(sa, 0, sizeof(struct sockaddr_in));
+                sa->sin_family = AF_INET;
+                sa->sin_port   = query->port;
+                memcpy(&sa->sin_addr, he->h_addr_list[i], he->h_length);
+
+                query->responses[query->response_count] = (struct sockaddr *)sa;
+                if (query->responses[query->response_count] == NULL) {
+                    LOGE("failed to allocate memory for DNS query result address");
+                } else {
+                    query->response_count++;
+                }
+            }
+        }
+    }
+
+CLEANUP:
+
+    query->requests[0] = 0; /* mark A query as being completed */
+
+    /* Once all requests have completed, call client callback */
+    if (all_requests_are_null(query)) {
+        return process_client_callback(query);
+    }
+}
+
+static void
+dns_query_v6_cb(void *arg, int status, int timeouts, struct hostent *he)
+{
+    int i, n;
+    struct resolv_query *query = (struct resolv_query *)arg;
+
+    if (status == ARES_EDESTRUCTION) {
+        return;
+    }
+
+    if (!he || status != ARES_SUCCESS) {
+        if (verbose) {
+            LOGI("failed to lookup v6 address %s", ares_strerror(status));
+        }
+        goto CLEANUP;
+    }
+
+    if (verbose) {
+        LOGI("found address name v6 address %s", he->h_name);
+    }
+
+    n = 0;
+    while (he->h_addr_list[n])
+        n++;
+
+    if (n > 0) {
+        struct sockaddr **new_responses = ss_realloc(query->responses,
+                                                     (query->response_count + n)
+                                                     * sizeof(struct sockaddr *));
+
+        if (new_responses == NULL) {
+            LOGE("failed to allocate memory for additional DNS responses");
+        } else {
+            query->responses = new_responses;
+
+            for (i = 0; i < n; i++) {
+                struct sockaddr_in6 *sa = ss_malloc(sizeof(struct sockaddr_in6));
+                memset(sa, 0, sizeof(struct sockaddr_in6));
+                sa->sin6_family = AF_INET6;
+                sa->sin6_port   = query->port;
+                memcpy(&sa->sin6_addr, he->h_addr_list[i], he->h_length);
+
+                query->responses[query->response_count] = (struct sockaddr *)sa;
+                if (query->responses[query->response_count] == NULL) {
+                    LOGE("failed to allocate memory for DNS query result address");
+                } else {
+                    query->response_count++;
+                }
+            }
+        }
+    }
+
+CLEANUP:
+
+    query->requests[1] = 0; /* mark A query as being completed */
+
+    /* Once all requests have completed, call client callback */
+    if (all_requests_are_null(query)) {
+        return process_client_callback(query);
+    }
+}
+
+/*
+ * Called once all requests have been completed
+ */
+static void
+process_client_callback(struct resolv_query *query)
+{
+    struct sockaddr *best_address = NULL;
+
+    if (resolv_mode == MODE_IPV4_FIRST) {
+        best_address = choose_ipv4_first(query);
+    } else if (resolv_mode == MODE_IPV6_FIRST) {
+        best_address = choose_ipv6_first(query);
+    } else {
+        best_address = choose_any(query);
+    }
+
+    query->client_cb(best_address, query->data);
+
+    for (int i = 0; i < query->response_count; i++)
+        ss_free(query->responses[i]);
+
+    ss_free(query->responses);
+
+    if (query->free_cb != NULL)
+        query->free_cb(query->data);
+    else
+        ss_free(query->data);
+
+    ss_free(query);
+}
+
+static struct sockaddr *
+choose_ipv4_first(struct resolv_query *query)
+{
+    for (int i = 0; i < query->response_count; i++)
+        if (query->responses[i]->sa_family == AF_INET) {
+            return query->responses[i];
+        }
+
+    return choose_any(query);
+}
+
+static struct sockaddr *
+choose_ipv6_first(struct resolv_query *query)
+{
+    for (int i = 0; i < query->response_count; i++)
+        if (query->responses[i]->sa_family == AF_INET6) {
+            return query->responses[i];
+        }
+
+    return choose_any(query);
+}
+
+static struct sockaddr *
+choose_any(struct resolv_query *query)
+{
+    if (query->response_count >= 1) {
+        return query->responses[0];
+    }
+
+    return NULL;
+}
+
+static inline int
+all_requests_are_null(struct resolv_query *query)
+{
+    int result = 1;
+
+    for (int i = 0; i < sizeof(query->requests) / sizeof(query->requests[0]);
+         i++)
+        result = result && query->requests[i] == 0;
+
+    return result;
+}
+
+/*
+ *  Timer callback
+ */
+static void
+resolv_timer_cb(struct ev_loop *loop, struct ev_timer *w, int revents)
+{
+    struct resolv_ctx *ctx = cork_container_of(w, struct resolv_ctx, timer);
+
+    ev_tstamp now   = ev_now(default_loop);
+    ev_tstamp after = ctx->last_tick - now + SS_TIMER_AFTER;
+
+    if (after < 0.0) {
+        ctx->last_tick = now;
+        ares_process_fd(ctx->channel, ARES_SOCKET_BAD, ARES_SOCKET_BAD);
+
+        ev_timer_set(w, SS_TIMER_AFTER, 0.0);
+    } else {
+        ev_timer_set(w, after, 0.0);
+    }
+
+    ev_timer_start(loop, w);
+}
+
+/*
+ * Handle c-ares events
+ */
+static void
+resolv_sock_state_cb(void *data, int s, int read, int write)
+{
+    struct resolv_ctx *ctx = (struct resolv_ctx *)data;
+    int events             = (read ? EV_READ : 0) | (write ? EV_WRITE : 0);
+
+    int i = 0, ffi = -1;
+    for (; i < SS_NUM_IOS; i++) {
+        if (ctx->ios[i].fd == s) {
+            break;
+        }
+
+        if (ffi < 0 && ctx->ios[i].fd == SS_INVALID_FD) {
+            // first free index
+            ffi = i;
+        }
+    }
+
+    if (i < SS_NUM_IOS) {
+        ev_io_stop(default_loop, &ctx->ios[i]);
+    } else if (ffi > -1) {
+        i = ffi;
+    } else {
+        LOGE("failed to find free I/O watcher slot for DNS query");
+        // last resort: stop io and re-use slot, will cause timeout
+        i = 0;
+        ev_io_stop(default_loop, &ctx->ios[i]);
+    }
+
+    if (events) {
+        ev_io_set(&ctx->ios[i], s, events);
+        ev_io_start(default_loop, &ctx->ios[i]);
+    } else {
+        ev_io_set(&ctx->ios[i], SS_INVALID_FD, 0);
+    }
+}
diff --git a/client/3rd/ShadowSocks/ShadowSocks/shadowsocks-libev/src/resolv.h b/client/3rd/ShadowSocks/ShadowSocks/shadowsocks-libev/src/resolv.h
new file mode 100644
index 00000000..e211abc6
--- /dev/null
+++ b/client/3rd/ShadowSocks/ShadowSocks/shadowsocks-libev/src/resolv.h
@@ -0,0 +1,46 @@
+/*
+ * Copyright (c) 2014, Dustin Lundquist <dustin@null-ptr.net>
+ * All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions are met:
+ *
+ * 1. Redistributions of source code must retain the above copyright notice,
+ *    this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in the
+ *    documentation and/or other materials provided with the distribution.
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS"
+ * AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT HOLDER OR CONTRIBUTORS BE
+ * LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR
+ * CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF
+ * SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS
+ * INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN
+ * CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
+ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE
+ * POSSIBILITY OF SUCH DAMAGE.
+ */
+#ifndef RESOLV_H
+#define RESOLV_H
+
+#ifdef HAVE_CONFIG_H
+#include "config.h"
+#endif
+
+#include <stdint.h>
+#ifndef __MINGW32__
+#include <sys/socket.h>
+#endif
+
+struct resolv_query;
+
+int resolv_init(struct ev_loop *, char *, int);
+void resolv_start(const char *hostname, uint16_t port,
+                  void (*client_cb)(struct sockaddr *, void *),
+                  void (*free_cb)(void *), void *data);
+void resolv_shutdown(struct ev_loop *);
+
+#endif
diff --git a/client/3rd/ShadowSocks/ShadowSocks/shadowsocks-libev/src/rule.c b/client/3rd/ShadowSocks/ShadowSocks/shadowsocks-libev/src/rule.c
new file mode 100644
index 00000000..737013e6
--- /dev/null
+++ b/client/3rd/ShadowSocks/ShadowSocks/shadowsocks-libev/src/rule.c
@@ -0,0 +1,133 @@
+/*
+ * Copyright (c) 2011 and 2012, Dustin Lundquist <dustin@null-ptr.net>
+ * Copyright (c) 2011 Manuel Kasper <mk@neon1.net>
+ * All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions are met:
+ *
+ * 1. Redistributions of source code must retain the above copyright notice,
+ *    this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in the
+ *    documentation and/or other materials provided with the distribution.
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS"
+ * AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT HOLDER OR CONTRIBUTORS BE
+ * LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR
+ * CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF
+ * SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS
+ * INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN
+ * CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
+ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE
+ * POSSIBILITY OF SUCH DAMAGE.
+ */
+
+#ifdef HAVE_CONFIG_H
+#include "config.h"
+#endif
+
+#include <stdio.h>
+#include <string.h>
+
+#include "rule.h"
+#include "utils.h"
+
+static void free_rule(rule_t *);
+
+rule_t *
+new_rule()
+{
+    rule_t *rule;
+
+    rule = calloc(1, sizeof(rule_t));
+    if (rule == NULL) {
+        ERROR("malloc");
+        return NULL;
+    }
+
+    return rule;
+}
+
+int
+accept_rule_arg(rule_t *rule, const char *arg)
+{
+    if (rule->pattern == NULL) {
+        rule->pattern = strdup(arg);
+        if (rule->pattern == NULL) {
+            ERROR("strdup failed");
+            return -1;
+        }
+    } else {
+        LOGE("Unexpected table rule argument: %s", arg);
+        return -1;
+    }
+
+    return 1;
+}
+
+void
+add_rule(struct cork_dllist *rules, rule_t *rule)
+{
+    cork_dllist_add(rules, &rule->entries);
+}
+
+int
+init_rule(rule_t *rule)
+{
+    if (rule->pattern_re == NULL) {
+        const char *reerr;
+        int reerroffset;
+
+        rule->pattern_re =
+            pcre_compile(rule->pattern, 0, &reerr, &reerroffset, NULL);
+        if (rule->pattern_re == NULL) {
+            LOGE("Regex compilation of \"%s\" failed: %s, offset %d",
+                 rule->pattern, reerr, reerroffset);
+            return 0;
+        }
+    }
+
+    return 1;
+}
+
+rule_t *
+lookup_rule(const struct cork_dllist *rules, const char *name, size_t name_len)
+{
+    struct cork_dllist_item *curr, *next;
+
+    if (name == NULL) {
+        name     = "";
+        name_len = 0;
+    }
+
+    cork_dllist_foreach_void(rules, curr, next) {
+        rule_t *rule = cork_container_of(curr, rule_t, entries);
+        if (pcre_exec(rule->pattern_re, NULL,
+                      name, name_len, 0, 0, NULL, 0) >= 0)
+            return rule;
+    }
+
+    return NULL;
+}
+
+void
+remove_rule(rule_t *rule)
+{
+    cork_dllist_remove(&rule->entries);
+    free_rule(rule);
+}
+
+static void
+free_rule(rule_t *rule)
+{
+    if (rule == NULL)
+        return;
+
+    ss_free(rule->pattern);
+    if (rule->pattern_re != NULL)
+        pcre_free(rule->pattern_re);
+    ss_free(rule);
+}
diff --git a/client/3rd/ShadowSocks/ShadowSocks/shadowsocks-libev/src/rule.h b/client/3rd/ShadowSocks/ShadowSocks/shadowsocks-libev/src/rule.h
new file mode 100644
index 00000000..30fd7b5d
--- /dev/null
+++ b/client/3rd/ShadowSocks/ShadowSocks/shadowsocks-libev/src/rule.h
@@ -0,0 +1,59 @@
+/*
+ * Copyright (c) 2011 and 2012, Dustin Lundquist <dustin@null-ptr.net>
+ * Copyright (c) 2011 Manuel Kasper <mk@neon1.net>
+ * All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions are met:
+ *
+ * 1. Redistributions of source code must retain the above copyright notice,
+ *    this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in the
+ *    documentation and/or other materials provided with the distribution.
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS"
+ * AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT HOLDER OR CONTRIBUTORS BE
+ * LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR
+ * CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF
+ * SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS
+ * INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN
+ * CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
+ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE
+ * POSSIBILITY OF SUCH DAMAGE.
+ */
+#ifndef RULE_H
+#define RULE_H
+
+#ifdef HAVE_CONFIG_H
+#include "config.h"
+#endif
+
+#include <libcork/ds.h>
+
+//#ifdef HAVE_PCRE_H
+//#include <pcre.h>
+//#elif HAVE_PCRE_PCRE_H
+//#include <pcre/pcre.h>
+//#endif
+#include "../../pcre/include/pcre.h"
+
+typedef struct rule {
+    char *pattern;
+
+    /* Runtime fields */
+    pcre *pattern_re;
+
+    struct cork_dllist_item entries;
+} rule_t;
+
+void add_rule(struct cork_dllist *, rule_t *);
+int init_rule(rule_t *);
+rule_t *lookup_rule(const struct cork_dllist *, const char *, size_t);
+void remove_rule(rule_t *);
+rule_t *new_rule();
+int accept_rule_arg(rule_t *, const char *);
+
+#endif
diff --git a/client/3rd/ShadowSocks/ShadowSocks/shadowsocks-libev/src/server.c b/client/3rd/ShadowSocks/ShadowSocks/shadowsocks-libev/src/server.c
new file mode 100644
index 00000000..9cecf758
--- /dev/null
+++ b/client/3rd/ShadowSocks/ShadowSocks/shadowsocks-libev/src/server.c
@@ -0,0 +1,2134 @@
+/*
+ * server.c - Provide shadowsocks service
+ *
+ * Copyright (C) 2013 - 2019, Max Lv <max.c.lv@gmail.com>
+ *
+ * This file is part of the shadowsocks-libev.
+ *
+ * shadowsocks-libev is free software; you can redistribute it and/or modify
+ * it under the terms of the GNU General Public License as published by
+ * the Free Software Foundation; either version 3 of the License, or
+ * (at your option) any later version.
+ *
+ * shadowsocks-libev is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+ * GNU General Public License for more details.
+ *
+ * You should have received a copy of the GNU General Public License
+ * along with shadowsocks-libev; see the file COPYING. If not, see
+ * <http://www.gnu.org/licenses/>.
+ */
+
+#ifdef HAVE_CONFIG_H
+#include "../config.h"
+#endif
+
+#include <sys/stat.h>
+#include <sys/types.h>
+#include <fcntl.h>
+#include <locale.h>
+#include <signal.h>
+#include <string.h>
+#include <strings.h>
+#include <time.h>
+#include <unistd.h>
+#include <getopt.h>
+#include <math.h>
+#ifndef __MINGW32__
+#include <netdb.h>
+#include <errno.h>
+#include <arpa/inet.h>
+#include <netinet/in.h>
+#include <netinet/tcp.h>
+#include <pthread.h>
+#include <sys/un.h>
+#endif
+#include <libcork/core.h>
+
+#if defined(HAVE_SYS_IOCTL_H) && defined(HAVE_NET_IF_H) && defined(__linux__)
+#include <net/if.h>
+#include <sys/ioctl.h>
+#define SET_INTERFACE
+#endif
+
+#include "netutils.h"
+#include "utils.h"
+#include "acl.h"
+#include "plugin.h"
+#include "server.h"
+#include "winsock.h"
+#include "resolv.h"
+
+#ifndef EAGAIN
+#define EAGAIN EWOULDBLOCK
+#endif
+
+#ifndef EWOULDBLOCK
+#define EWOULDBLOCK EAGAIN
+#endif
+
+#ifndef SSMAXCONN
+#define SSMAXCONN 1024
+#endif
+
+#ifndef MAX_FRAG
+#define MAX_FRAG 1
+#endif
+
+#ifdef USE_NFCONNTRACK_TOS
+
+#ifndef MARK_MAX_PACKET
+#define MARK_MAX_PACKET 10
+#endif
+
+#ifndef MARK_MASK_PREFIX
+#define MARK_MASK_PREFIX 0xDC00
+#endif
+
+#endif
+
+static void signal_cb(EV_P_ ev_signal *w, int revents);
+static void accept_cb(EV_P_ ev_io *w, int revents);
+static void server_send_cb(EV_P_ ev_io *w, int revents);
+static void server_recv_cb(EV_P_ ev_io *w, int revents);
+static void remote_recv_cb(EV_P_ ev_io *w, int revents);
+static void remote_send_cb(EV_P_ ev_io *w, int revents);
+static void server_timeout_cb(EV_P_ ev_timer *watcher, int revents);
+
+static remote_t *new_remote(int fd);
+static server_t *new_server(int fd, listen_ctx_t *listener);
+static remote_t *connect_to_remote(EV_P_ struct addrinfo *res,
+                                   server_t *server);
+
+static void free_remote(remote_t *remote);
+static void close_and_free_remote(EV_P_ remote_t *remote);
+static void free_server(server_t *server);
+static void close_and_free_server(EV_P_ server_t *server);
+static void resolv_cb(struct sockaddr *addr, void *data);
+static void resolv_free_cb(void *data);
+
+int s_verbose    = 0;
+int s_reuse_port = 0;
+
+int is_bind_local_addr = 0;
+struct sockaddr_storage local_addr_v4;
+struct sockaddr_storage local_addr_v6;
+
+static crypto_t *crypto;
+
+static int acl       = 0;
+static int mode      = TCP_ONLY;
+static int ipv6first = 0;
+int s_fast_open        = 0;
+static int no_delay  = 0;
+static int ret_val   = 0;
+
+#ifdef HAVE_SETRLIMIT
+static int nofile = 0;
+#endif
+static int remote_conn = 0;
+static int server_conn = 0;
+
+static char *plugin       = NULL;
+static char *remote_port  = NULL;
+static char *manager_addr = NULL;
+uint64_t tx               = 0;
+uint64_t rx               = 0;
+
+#ifndef __MINGW32__
+ev_timer stat_update_watcher;
+#endif
+
+static struct ev_signal sigint_watcher;
+static struct ev_signal sigterm_watcher;
+#ifndef __MINGW32__
+static struct ev_signal sigchld_watcher;
+#else
+static struct plugin_watcher_t {
+    ev_io io;
+    SOCKET fd;
+    uint16_t port;
+    int valid;
+} plugin_watcher;
+#endif
+
+static struct cork_dllist connections;
+
+#ifndef __MINGW32__
+static void
+stat_update_cb(EV_P_ ev_timer *watcher, int revents)
+{
+    struct sockaddr_un svaddr, claddr;
+    int sfd = -1;
+    size_t msgLen;
+    char resp[SOCKET_BUF_SIZE];
+
+    if (s_verbose) {
+        LOGI("update traffic stat: tx: %" PRIu64 " rx: %" PRIu64 "", tx, rx);
+    }
+
+    snprintf(resp, SOCKET_BUF_SIZE, "stat: {\"%s\":%" PRIu64 "}", remote_port, tx + rx);
+    msgLen = strlen(resp) + 1;
+
+    ss_addr_t ip_addr = { .host = NULL, .port = NULL };
+    parse_addr(manager_addr, &ip_addr);
+
+    if (ip_addr.host == NULL || ip_addr.port == NULL) {
+        sfd = socket(AF_UNIX, SOCK_DGRAM, 0);
+        if (sfd == -1) {
+            ERROR("stat_socket");
+            return;
+        }
+
+        memset(&claddr, 0, sizeof(struct sockaddr_un));
+        claddr.sun_family = AF_UNIX;
+        snprintf(claddr.sun_path, sizeof(claddr.sun_path), "/tmp/shadowsocks.%s", remote_port);
+
+        unlink(claddr.sun_path);
+
+        if (bind(sfd, (struct sockaddr *)&claddr, sizeof(struct sockaddr_un)) == -1) {
+            ERROR("stat_bind");
+            close(sfd);
+            return;
+        }
+
+        memset(&svaddr, 0, sizeof(struct sockaddr_un));
+        svaddr.sun_family = AF_UNIX;
+        strncpy(svaddr.sun_path, manager_addr, sizeof(svaddr.sun_path) - 1);
+
+        if (sendto(sfd, resp, strlen(resp) + 1, 0, (struct sockaddr *)&svaddr,
+                   sizeof(struct sockaddr_un)) != msgLen) {
+            ERROR("stat_sendto");
+            close(sfd);
+            return;
+        }
+
+        unlink(claddr.sun_path);
+    } else {
+        struct sockaddr_storage storage;
+        memset(&storage, 0, sizeof(struct sockaddr_storage));
+        if (get_sockaddr(ip_addr.host, ip_addr.port, &storage, 0, ipv6first) == -1) {
+            ERROR("failed to parse the manager addr");
+            return;
+        }
+
+        sfd = socket(storage.ss_family, SOCK_DGRAM, 0);
+
+        if (sfd == -1) {
+            ERROR("stat_socket");
+            return;
+        }
+
+        size_t addr_len = get_sockaddr_len((struct sockaddr *)&storage);
+        if (sendto(sfd, resp, strlen(resp) + 1, 0, (struct sockaddr *)&storage,
+                   addr_len) != msgLen) {
+            ERROR("stat_sendto");
+            close(sfd);
+            return;
+        }
+    }
+
+    close(sfd);
+}
+
+#endif
+
+static void
+free_connections(struct ev_loop *loop)
+{
+    struct cork_dllist_item *curr, *next;
+    cork_dllist_foreach_void(&connections, curr, next) {
+        server_t *server = cork_container_of(curr, server_t, entries);
+        remote_t *remote = server->remote;
+        close_and_free_server(loop, server);
+        close_and_free_remote(loop, remote);
+    }
+}
+
+static char *
+get_peer_name(int fd)
+{
+    static char peer_name[INET6_ADDRSTRLEN] = { 0 };
+    struct sockaddr_storage addr;
+    socklen_t len = sizeof(struct sockaddr_storage);
+    memset(&addr, 0, len);
+    memset(peer_name, 0, INET6_ADDRSTRLEN);
+    int err = getpeername(fd, (struct sockaddr *)&addr, &len);
+    if (err == 0) {
+        if (addr.ss_family == AF_INET) {
+            struct sockaddr_in *s = (struct sockaddr_in *)&addr;
+            inet_ntop(AF_INET, &s->sin_addr, peer_name, INET_ADDRSTRLEN);
+        } else if (addr.ss_family == AF_INET6) {
+            struct sockaddr_in6 *s = (struct sockaddr_in6 *)&addr;
+            inet_ntop(AF_INET6, &s->sin6_addr, peer_name, INET6_ADDRSTRLEN);
+        }
+    } else {
+        return NULL;
+    }
+    return peer_name;
+}
+
+static void
+stop_server(EV_P_ server_t *server)
+{
+    server->stage = STAGE_STOP;
+}
+
+static void
+report_addr(int fd, const char *info)
+{
+    char *peer_name;
+    peer_name = get_peer_name(fd);
+    if (peer_name != NULL) {
+        LOGE("failed to handshake with %s: %s", peer_name, info);
+    }
+}
+
+int
+setfastopen(int fd)
+{
+    int s = 0;
+#ifdef TCP_FASTOPEN
+    if (s_fast_open) {
+#if defined(__APPLE__) || defined(__MINGW32__)
+        int opt = 1;
+#else
+        int opt = 5;
+#endif
+        s = setsockopt(fd, IPPROTO_TCP, TCP_FASTOPEN, &opt, sizeof(opt));
+
+        if (s == -1) {
+            if (errno == EPROTONOSUPPORT || errno == ENOPROTOOPT) {
+                LOGE("fast open is not supported on this platform");
+                s_fast_open = 0;
+            } else {
+                ERROR("setsockopt");
+            }
+        }
+    }
+#endif
+    return s;
+}
+
+#ifndef __MINGW32__
+int
+srv_setnonblocking(int fd)
+{
+    int flags;
+    if (-1 == (flags = fcntl(fd, F_GETFL, 0))) {
+        flags = 0;
+    }
+    return fcntl(fd, F_SETFL, flags | O_NONBLOCK);
+}
+
+#endif
+
+int
+create_and_bind(const char *host, const char *port, int mptcp)
+{
+    struct addrinfo hints;
+    struct addrinfo *result, *rp, *ipv4v6bindall;
+    int s, listen_sock;
+
+    memset(&hints, 0, sizeof(struct addrinfo));
+    hints.ai_family   = AF_UNSPEC;               /* Return IPv4 and IPv6 choices */
+    hints.ai_socktype = SOCK_STREAM;             /* We want a TCP socket */
+    hints.ai_flags    = AI_PASSIVE | AI_ADDRCONFIG; /* For wildcard IP address */
+    hints.ai_protocol = IPPROTO_TCP;
+
+    result = NULL;
+
+    s = getaddrinfo(host, port, &hints, &result);
+
+    if (s != 0) {
+        LOGE("failed to resolve server name %s", host);
+        return -1;
+    }
+
+    if (result == NULL) {
+        LOGE("Cannot bind");
+        return -1;
+    }
+
+    rp = result;
+
+    /*
+     * On Linux, with net.ipv6.bindv6only = 0 (the default), getaddrinfo(NULL) with
+     * AI_PASSIVE returns 0.0.0.0 and :: (in this order). AI_PASSIVE was meant to
+     * return a list of addresses to listen on, but it is impossible to listen on
+     * 0.0.0.0 and :: at the same time, if :: implies dualstack mode.
+     */
+    if (!host) {
+        ipv4v6bindall = result;
+
+        /* Loop over all address infos found until a IPV6 address is found. */
+        while (ipv4v6bindall) {
+            if (ipv4v6bindall->ai_family == AF_INET6) {
+                rp = ipv4v6bindall; /* Take first IPV6 address available */
+                break;
+            }
+            ipv4v6bindall = ipv4v6bindall->ai_next; /* Get next address info, if any */
+        }
+    }
+
+    for (/*rp = result*/; rp != NULL; rp = rp->ai_next) {
+        listen_sock = socket(rp->ai_family, rp->ai_socktype, rp->ai_protocol);
+        if (listen_sock == -1) {
+            continue;
+        }
+
+        if (rp->ai_family == AF_INET6) {
+            int opt = host ? 1 : 0;
+            setsockopt(listen_sock, IPPROTO_IPV6, IPV6_V6ONLY, &opt, sizeof(opt));
+        }
+
+        int opt = 1;
+        setsockopt(listen_sock, SOL_SOCKET, SO_REUSEADDR, &opt, sizeof(opt));
+#ifdef SO_NOSIGPIPE
+        setsockopt(listen_sock, SOL_SOCKET, SO_NOSIGPIPE, &opt, sizeof(opt));
+#endif
+        if (s_reuse_port) {
+            int err = set_reuseport(listen_sock);
+            if (err == 0) {
+                LOGI("tcp port reuse enabled");
+            }
+        }
+
+        if (mptcp == 1) {
+            int i = 0;
+            while ((mptcp = mptcp_enabled_values[i]) > 0) {
+                int err = setsockopt(listen_sock, IPPROTO_TCP, mptcp, &opt, sizeof(opt));
+                if (err != -1) {
+                    break;
+                }
+                i++;
+            }
+            if (mptcp == 0) {
+                ERROR("failed to enable multipath TCP");
+            }
+        }
+
+        s = bind(listen_sock, rp->ai_addr, rp->ai_addrlen);
+        if (s == 0) {
+            /* We managed to bind successfully! */
+            break;
+        } else {
+            ERROR("bind");
+            FATAL("failed to bind address");
+        }
+
+        close(listen_sock);
+        listen_sock = -1;
+    }
+
+    freeaddrinfo(result);
+
+    return listen_sock;
+}
+
+static remote_t *
+connect_to_remote(EV_P_ struct addrinfo *res,
+                  server_t *server)
+{
+    int sockfd;
+#ifdef SET_INTERFACE
+    const char *iface = server->listen_ctx->iface;
+#endif
+
+    if (acl) {
+        char ipstr[INET6_ADDRSTRLEN];
+        memset(ipstr, 0, INET6_ADDRSTRLEN);
+
+        if (res->ai_addr->sa_family == AF_INET) {
+            struct sockaddr_in s;
+            memcpy(&s, res->ai_addr, sizeof(struct sockaddr_in));
+            inet_ntop(AF_INET, &s.sin_addr, ipstr, INET_ADDRSTRLEN);
+        } else if (res->ai_addr->sa_family == AF_INET6) {
+            struct sockaddr_in6 s;
+            memcpy(&s, res->ai_addr, sizeof(struct sockaddr_in6));
+            inet_ntop(AF_INET6, &s.sin6_addr, ipstr, INET6_ADDRSTRLEN);
+        }
+
+        if (outbound_block_match_host(ipstr) == 1) {
+            if (s_verbose)
+                LOGI("outbound blocked %s", ipstr);
+            return NULL;
+        }
+    }
+
+    // initialize remote socks
+    sockfd = socket(res->ai_family, res->ai_socktype, res->ai_protocol);
+    if (sockfd == -1) {
+        ERROR("socket");
+        close(sockfd);
+        return NULL;
+    }
+
+    int opt = 1;
+    setsockopt(sockfd, SOL_TCP, TCP_NODELAY, &opt, sizeof(opt));
+#ifdef SO_NOSIGPIPE
+    setsockopt(sockfd, SOL_SOCKET, SO_NOSIGPIPE, &opt, sizeof(opt));
+#endif
+    setsockopt(sockfd, SOL_SOCKET, SO_REUSEADDR, &opt, sizeof(opt));
+
+    // setup remote socks
+
+    if (srv_setnonblocking(sockfd) == -1)
+        ERROR("setnonblocking");
+
+    if (is_bind_local_addr) {
+        struct sockaddr_storage *local_addr =
+            res->ai_family == AF_INET ? &local_addr_v4 : &local_addr_v6;
+        if (res->ai_family == local_addr->ss_family) {
+            if (bind_to_addr(local_addr, sockfd) == -1) {
+                ERROR("bind_to_addr");
+                FATAL("cannot bind socket");
+                return NULL;
+            }
+        }
+    }
+
+#ifdef SET_INTERFACE
+    if (iface) {
+        if (setinterface(sockfd, iface) == -1) {
+            ERROR("setinterface");
+            close(sockfd);
+            return NULL;
+        }
+    }
+#endif
+
+    remote_t *remote = new_remote(sockfd);
+
+    if (s_fast_open) {
+#if defined(MSG_FASTOPEN) && !defined(TCP_FASTOPEN_CONNECT)
+        int s = -1;
+        s = sendto(sockfd, server->buf->data + server->buf->idx, server->buf->len,
+                   MSG_FASTOPEN, res->ai_addr, res->ai_addrlen);
+#elif defined(TCP_FASTOPEN_WINSOCK)
+        DWORD s   = -1;
+        DWORD err = 0;
+        do {
+            int optval = 1;
+            // Set fast open option
+            if (setsockopt(sockfd, IPPROTO_TCP, TCP_FASTOPEN,
+                           &optval, sizeof(optval)) != 0) {
+                ERROR("setsockopt");
+                break;
+            }
+            // Load ConnectEx function
+            LPFN_CONNECTEX ConnectEx = winsock_getconnectex();
+            if (ConnectEx == NULL) {
+                LOGE("Cannot load ConnectEx() function");
+                err = WSAENOPROTOOPT;
+                break;
+            }
+            // ConnectEx requires a bound socket
+            if (winsock_dummybind(sockfd, res->ai_addr) != 0) {
+                ERROR("bind");
+                break;
+            }
+            // Call ConnectEx to send data
+            memset(&remote->olap, 0, sizeof(remote->olap));
+            remote->connect_ex_done = 0;
+            if (ConnectEx(sockfd, res->ai_addr, res->ai_addrlen,
+                          server->buf->data + server->buf->idx,
+                          server->buf->len, &s, &remote->olap)) {
+                remote->connect_ex_done = 1;
+                break;
+            }
+            // XXX: ConnectEx pending, check later in remote_send
+            if (WSAGetLastError() == ERROR_IO_PENDING) {
+                err = CONNECT_IN_PROGRESS;
+                break;
+            }
+            ERROR("ConnectEx");
+        } while (0);
+        // Set error number
+        if (err) {
+            SetLastError(err);
+        }
+#else
+        int s = -1;
+#if defined(TCP_FASTOPEN_CONNECT)
+        int optval = 1;
+        if (setsockopt(sockfd, IPPROTO_TCP, TCP_FASTOPEN_CONNECT,
+                       (void *)&optval, sizeof(optval)) < 0)
+            FATAL("failed to set TCP_FASTOPEN_CONNECT");
+        s = connect(sockfd, res->ai_addr, res->ai_addrlen);
+#elif defined(CONNECT_DATA_IDEMPOTENT)
+        struct sockaddr_in sa;
+        memcpy(&sa, res->ai_addr, sizeof(struct sockaddr_in));
+        sa.sin_len = sizeof(struct sockaddr_in);
+        sa_endpoints_t endpoints;
+        memset((char *)&endpoints, 0, sizeof(endpoints));
+        endpoints.sae_dstaddr    = (struct sockaddr *)&sa;
+        endpoints.sae_dstaddrlen = res->ai_addrlen;
+
+        s = connectx(sockfd, &endpoints, SAE_ASSOCID_ANY, CONNECT_DATA_IDEMPOTENT,
+                     NULL, 0, NULL, NULL);
+#else
+        FATAL("fast open is not enabled in this build");
+#endif
+        if (s == 0)
+            s = send(sockfd, server->buf->data + server->buf->idx, server->buf->len, 0);
+#endif
+        if (s == -1) {
+            if (errno == CONNECT_IN_PROGRESS) {
+                // The remote server doesn't support tfo or it's the first connection to the server.
+                // It will automatically fall back to conventional TCP.
+            } else if (errno == EOPNOTSUPP || errno == EPROTONOSUPPORT ||
+                       errno == ENOPROTOOPT) {
+                // Disable fast open as it's not supported
+                s_fast_open = 0;
+                LOGE("fast open is not supported on this platform");
+            } else {
+                ERROR("fast_open_connect");
+            }
+        } else {
+            server->buf->idx += s;
+            server->buf->len -= s;
+        }
+    }
+
+    if (!s_fast_open) {
+        int r = connect(sockfd, res->ai_addr, res->ai_addrlen);
+
+        if (r == -1 && errno != CONNECT_IN_PROGRESS) {
+            ERROR("connect");
+            close_and_free_remote(EV_A_ remote);
+            return NULL;
+        }
+    }
+
+    return remote;
+}
+
+#ifdef USE_NFCONNTRACK_TOS
+int
+setMarkDscpCallback(enum nf_conntrack_msg_type type, struct nf_conntrack *ct, void *data)
+{
+    server_t *server            = (server_t *)data;
+    struct dscptracker *tracker = server->tracker;
+
+    tracker->mark = nfct_get_attr_u32(ct, ATTR_MARK);
+    if ((tracker->mark & 0xff00) == MARK_MASK_PREFIX) {
+        // Extract DSCP value from mark value
+        tracker->dscp = tracker->mark & 0x00ff;
+        int tos = (tracker->dscp) << 2;
+        if (setsockopt(server->fd, IPPROTO_IP, IP_TOS, &tos, sizeof(tos)) != 0) {
+            ERROR("iptable setsockopt IP_TOS");
+        }
+    }
+    return NFCT_CB_CONTINUE;
+}
+
+void
+conntrackQuery(server_t *server)
+{
+    struct dscptracker *tracker = server->tracker;
+    if (tracker && tracker->ct) {
+        // Trying query mark from nf conntrack
+        struct nfct_handle *h = nfct_open(CONNTRACK, 0);
+        if (h) {
+            nfct_callback_register(h, NFCT_T_ALL, setMarkDscpCallback, (void *)server);
+            int x = nfct_query(h, NFCT_Q_GET, tracker->ct);
+            if (x == -1) {
+                LOGE("QOS: Failed to retrieve connection mark %s", strerror(errno));
+            }
+            nfct_close(h);
+        } else {
+            LOGE("QOS: Failed to open conntrack handle for upstream netfilter mark retrieval.");
+        }
+    }
+}
+
+void
+setTosFromConnmark(remote_t *remote, server_t *server)
+{
+    if (server->tracker && server->tracker->ct) {
+        if (server->tracker->mark == 0 && server->tracker->packet_count < MARK_MAX_PACKET) {
+            server->tracker->packet_count++;
+            conntrackQuery(server);
+        }
+    } else {
+        socklen_t len;
+        struct sockaddr_storage sin;
+        len = sizeof(sin);
+        if (getpeername(remote->fd, (struct sockaddr *)&sin, &len) == 0) {
+            struct sockaddr_storage from_addr;
+            len = sizeof from_addr;
+            if (getsockname(remote->fd, (struct sockaddr *)&from_addr, &len) == 0) {
+                if ((server->tracker = (struct dscptracker *)ss_malloc(sizeof(struct dscptracker)))) {
+                    if ((server->tracker->ct = nfct_new())) {
+                        // Build conntrack query SELECT
+                        if (from_addr.ss_family == AF_INET) {
+                            struct sockaddr_in *src = (struct sockaddr_in *)&from_addr;
+                            struct sockaddr_in *dst = (struct sockaddr_in *)&sin;
+
+                            nfct_set_attr_u8(server->tracker->ct, ATTR_L3PROTO, AF_INET);
+                            nfct_set_attr_u32(server->tracker->ct, ATTR_IPV4_DST, dst->sin_addr.s_addr);
+                            nfct_set_attr_u32(server->tracker->ct, ATTR_IPV4_SRC, src->sin_addr.s_addr);
+                            nfct_set_attr_u16(server->tracker->ct, ATTR_PORT_DST, dst->sin_port);
+                            nfct_set_attr_u16(server->tracker->ct, ATTR_PORT_SRC, src->sin_port);
+                        } else if (from_addr.ss_family == AF_INET6) {
+                            struct sockaddr_in6 *src = (struct sockaddr_in6 *)&from_addr;
+                            struct sockaddr_in6 *dst = (struct sockaddr_in6 *)&sin;
+
+                            nfct_set_attr_u8(server->tracker->ct, ATTR_L3PROTO, AF_INET6);
+                            nfct_set_attr(server->tracker->ct, ATTR_IPV6_DST, dst->sin6_addr.s6_addr);
+                            nfct_set_attr(server->tracker->ct, ATTR_IPV6_SRC, src->sin6_addr.s6_addr);
+                            nfct_set_attr_u16(server->tracker->ct, ATTR_PORT_DST, dst->sin6_port);
+                            nfct_set_attr_u16(server->tracker->ct, ATTR_PORT_SRC, src->sin6_port);
+                        }
+                        nfct_set_attr_u8(server->tracker->ct, ATTR_L4PROTO, IPPROTO_TCP);
+                        conntrackQuery(server);
+                    } else {
+                        LOGE("Failed to allocate new conntrack for upstream netfilter mark retrieval.");
+                        server->tracker->ct = NULL;
+                    }
+                }
+            }
+        }
+    }
+}
+
+#endif
+
+static void
+server_recv_cb(EV_P_ ev_io *w, int revents)
+{
+    server_ctx_t *server_recv_ctx = (server_ctx_t *)w;
+    server_t *server              = server_recv_ctx->server;
+    remote_t *remote              = NULL;
+
+    buffer_t *buf = server->buf;
+
+    if (server->stage == STAGE_STREAM) {
+        remote = server->remote;
+        buf    = remote->buf;
+
+        // Only timer the watcher if a valid connection is established
+        ev_timer_again(EV_A_ & server->recv_ctx->watcher);
+    }
+
+    ssize_t r = recv(server->fd, buf->data, SOCKET_BUF_SIZE, 0);
+
+    if (r == 0) {
+        // connection closed
+        close_and_free_remote(EV_A_ remote);
+        close_and_free_server(EV_A_ server);
+        return;
+    } else if (r == -1) {
+        if (errno == EAGAIN || errno == EWOULDBLOCK) {
+            // no data
+            // continue to wait for recv
+            return;
+        } else {
+            ERROR("server recv");
+            close_and_free_remote(EV_A_ remote);
+            close_and_free_server(EV_A_ server);
+            return;
+        }
+    }
+
+    // Ignore any new packet if the server is stopped
+    if (server->stage == STAGE_STOP) {
+        return;
+    }
+
+    tx      += r;
+    buf->len = r;
+
+    int err = crypto->decrypt(buf, server->d_ctx, SOCKET_BUF_SIZE);
+
+    if (err == CRYPTO_ERROR) {
+        report_addr(server->fd, "authentication error");
+        stop_server(EV_A_ server);
+        return;
+    } else if (err == CRYPTO_NEED_MORE) {
+        if (server->stage != STAGE_STREAM) {
+            if (server->frag > MAX_FRAG) {
+                report_addr(server->fd, "malicious fragmentation");
+                stop_server(EV_A_ server);
+                return;
+            }
+            server->frag++;
+        }
+        return;
+    }
+
+    // handshake and transmit data
+    if (server->stage == STAGE_STREAM) {
+        int s = send(remote->fd, remote->buf->data, remote->buf->len, 0);
+        if (s == -1) {
+            if (errno == EAGAIN || errno == EWOULDBLOCK) {
+                // no data, wait for send
+                remote->buf->idx = 0;
+                ev_io_stop(EV_A_ & server_recv_ctx->io);
+                ev_io_start(EV_A_ & remote->send_ctx->io);
+            } else {
+                ERROR("server_recv_send");
+                close_and_free_remote(EV_A_ remote);
+                close_and_free_server(EV_A_ server);
+            }
+        } else if (s < remote->buf->len) {
+            remote->buf->len -= s;
+            remote->buf->idx  = s;
+            ev_io_stop(EV_A_ & server_recv_ctx->io);
+            ev_io_start(EV_A_ & remote->send_ctx->io);
+        }
+        return;
+    } else if (server->stage == STAGE_INIT) {
+        /*
+         * Shadowsocks TCP Relay Header:
+         *
+         *    +------+----------+----------+
+         *    | ATYP | DST.ADDR | DST.PORT |
+         *    +------+----------+----------+
+         *    |  1   | Variable |    2     |
+         *    +------+----------+----------+
+         *
+         */
+
+        int offset     = 0;
+        int need_query = 0;
+        char atyp      = server->buf->data[offset++];
+        char host[255] = { 0 };
+        uint16_t port  = 0;
+        struct addrinfo info;
+        struct sockaddr_storage storage;
+        memset(&info, 0, sizeof(struct addrinfo));
+        memset(&storage, 0, sizeof(struct sockaddr_storage));
+
+        // get remote addr and port
+        if ((atyp & ADDRTYPE_MASK) == 1) {
+            // IP V4
+            struct sockaddr_in *addr = (struct sockaddr_in *)&storage;
+            size_t in_addr_len       = sizeof(struct in_addr);
+            addr->sin_family = AF_INET;
+            if (server->buf->len >= in_addr_len + 3) {
+                memcpy(&addr->sin_addr, server->buf->data + offset, in_addr_len);
+                inet_ntop(AF_INET, (const void *)(server->buf->data + offset),
+                          host, INET_ADDRSTRLEN);
+                offset += in_addr_len;
+            } else {
+                report_addr(server->fd, "invalid length for ipv4 address");
+                stop_server(EV_A_ server);
+                return;
+            }
+            memcpy(&addr->sin_port, server->buf->data + offset, sizeof(uint16_t));
+            info.ai_family   = AF_INET;
+            info.ai_socktype = SOCK_STREAM;
+            info.ai_protocol = IPPROTO_TCP;
+            info.ai_addrlen  = sizeof(struct sockaddr_in);
+            info.ai_addr     = (struct sockaddr *)addr;
+        } else if ((atyp & ADDRTYPE_MASK) == 3) {
+            // Domain name
+            uint8_t name_len = *(uint8_t *)(server->buf->data + offset);
+            if (name_len + 4 <= server->buf->len) {
+                memcpy(host, server->buf->data + offset + 1, name_len);
+                offset += name_len + 1;
+            } else {
+                report_addr(server->fd, "invalid host name length");
+                stop_server(EV_A_ server);
+                return;
+            }
+            if (acl && outbound_block_match_host(host) == 1) {
+                if (s_verbose)
+                    LOGI("outbound blocked %s", host);
+                close_and_free_server(EV_A_ server);
+                return;
+            }
+            struct cork_ip ip;
+            if (cork_ip_init(&ip, host) != -1) {
+                info.ai_socktype = SOCK_STREAM;
+                info.ai_protocol = IPPROTO_TCP;
+                if (ip.version == 4) {
+                    struct sockaddr_in *addr = (struct sockaddr_in *)&storage;
+                    inet_pton(AF_INET, host, &(addr->sin_addr));
+                    memcpy(&addr->sin_port, server->buf->data + offset, sizeof(uint16_t));
+                    addr->sin_family = AF_INET;
+                    info.ai_family   = AF_INET;
+                    info.ai_addrlen  = sizeof(struct sockaddr_in);
+                    info.ai_addr     = (struct sockaddr *)addr;
+                } else if (ip.version == 6) {
+                    struct sockaddr_in6 *addr = (struct sockaddr_in6 *)&storage;
+                    inet_pton(AF_INET6, host, &(addr->sin6_addr));
+                    memcpy(&addr->sin6_port, server->buf->data + offset, sizeof(uint16_t));
+                    addr->sin6_family = AF_INET6;
+                    info.ai_family    = AF_INET6;
+                    info.ai_addrlen   = sizeof(struct sockaddr_in6);
+                    info.ai_addr      = (struct sockaddr *)addr;
+                }
+            } else {
+                if (!validate_hostname(host, name_len)) {
+                    report_addr(server->fd, "invalid host name");
+                    stop_server(EV_A_ server);
+                    return;
+                }
+                need_query = 1;
+            }
+        } else if ((atyp & ADDRTYPE_MASK) == 4) {
+            // IP V6
+            struct sockaddr_in6 *addr = (struct sockaddr_in6 *)&storage;
+            size_t in6_addr_len       = sizeof(struct in6_addr);
+            addr->sin6_family = AF_INET6;
+            if (server->buf->len >= in6_addr_len + 3) {
+                memcpy(&addr->sin6_addr, server->buf->data + offset, in6_addr_len);
+                inet_ntop(AF_INET6, (const void *)(server->buf->data + offset),
+                          host, INET6_ADDRSTRLEN);
+                offset += in6_addr_len;
+            } else {
+                LOGE("invalid header with addr type %d", atyp);
+                report_addr(server->fd, "invalid length for ipv6 address");
+                stop_server(EV_A_ server);
+                return;
+            }
+            memcpy(&addr->sin6_port, server->buf->data + offset, sizeof(uint16_t));
+            info.ai_family   = AF_INET6;
+            info.ai_socktype = SOCK_STREAM;
+            info.ai_protocol = IPPROTO_TCP;
+            info.ai_addrlen  = sizeof(struct sockaddr_in6);
+            info.ai_addr     = (struct sockaddr *)addr;
+        }
+
+        if (offset == 1) {
+            report_addr(server->fd, "invalid address type");
+            stop_server(EV_A_ server);
+            return;
+        }
+
+        port = ntohs(load16_be(server->buf->data + offset));
+
+        offset += 2;
+
+        if (server->buf->len < offset) {
+            report_addr(server->fd, "invalid request length");
+            stop_server(EV_A_ server);
+            return;
+        } else {
+            server->buf->len -= offset;
+            server->buf->idx = offset;
+        }
+
+        if (s_verbose) {
+            if ((atyp & ADDRTYPE_MASK) == 4)
+                LOGI("[%s] connect to [%s]:%d", remote_port, host, ntohs(port));
+            else
+                LOGI("[%s] connect to %s:%d", remote_port, host, ntohs(port));
+        }
+
+        if (!need_query) {
+            remote_t *remote = connect_to_remote(EV_A_ & info, server);
+
+            if (remote == NULL) {
+                LOGE("connect error");
+                close_and_free_server(EV_A_ server);
+                return;
+            } else {
+                server->remote = remote;
+                remote->server = server;
+
+                // XXX: should handle buffer carefully
+                if (server->buf->len > 0) {
+                    brealloc(remote->buf, server->buf->len, SOCKET_BUF_SIZE);
+                    memcpy(remote->buf->data, server->buf->data + server->buf->idx,
+                           server->buf->len);
+                    remote->buf->len = server->buf->len;
+                    remote->buf->idx = 0;
+                    server->buf->len = 0;
+                    server->buf->idx = 0;
+                }
+
+                // waiting on remote connected event
+                ev_io_stop(EV_A_ & server_recv_ctx->io);
+                ev_io_start(EV_A_ & remote->send_ctx->io);
+            }
+        } else {
+            ev_io_stop(EV_A_ & server_recv_ctx->io);
+
+            query_t *query = ss_malloc(sizeof(query_t));
+            memset(query, 0, sizeof(query_t));
+            query->server = server;
+            server->query = query;
+            snprintf(query->hostname, MAX_HOSTNAME_LEN, "%s", host);
+
+            server->stage = STAGE_RESOLVE;
+            resolv_start(host, port, resolv_cb, resolv_free_cb, query);
+        }
+
+        return;
+    }
+    // should not reach here
+    FATAL("server context error");
+}
+
+static void
+server_send_cb(EV_P_ ev_io *w, int revents)
+{
+    server_ctx_t *server_send_ctx = (server_ctx_t *)w;
+    server_t *server              = server_send_ctx->server;
+    remote_t *remote              = server->remote;
+
+    if (remote == NULL) {
+        LOGE("invalid server");
+        close_and_free_server(EV_A_ server);
+        return;
+    }
+
+    if (server->buf->len == 0) {
+        // close and free
+        close_and_free_remote(EV_A_ remote);
+        close_and_free_server(EV_A_ server);
+        return;
+    } else {
+        // has data to send
+        ssize_t s = send(server->fd, server->buf->data + server->buf->idx,
+                         server->buf->len, 0);
+        if (s == -1) {
+            if (errno != EAGAIN && errno != EWOULDBLOCK) {
+                ERROR("server_send_send");
+                close_and_free_remote(EV_A_ remote);
+                close_and_free_server(EV_A_ server);
+            }
+            return;
+        } else if (s < server->buf->len) {
+            // partly sent, move memory, wait for the next time to send
+            server->buf->len -= s;
+            server->buf->idx += s;
+            return;
+        } else {
+            // all sent out, wait for reading
+            server->buf->len = 0;
+            server->buf->idx = 0;
+            ev_io_stop(EV_A_ & server_send_ctx->io);
+            if (remote != NULL) {
+                ev_io_start(EV_A_ & remote->recv_ctx->io);
+                return;
+            } else {
+                LOGE("invalid remote");
+                close_and_free_remote(EV_A_ remote);
+                close_and_free_server(EV_A_ server);
+                return;
+            }
+        }
+    }
+}
+
+static void
+server_timeout_cb(EV_P_ ev_timer *watcher, int revents)
+{
+    server_ctx_t *server_ctx
+        = cork_container_of(watcher, server_ctx_t, watcher);
+    server_t *server = server_ctx->server;
+    remote_t *remote = server->remote;
+
+    if (s_verbose) {
+        LOGI("TCP connection timeout");
+    }
+
+    close_and_free_remote(EV_A_ remote);
+    close_and_free_server(EV_A_ server);
+}
+
+static void
+resolv_free_cb(void *data)
+{
+    query_t *query = (query_t *)data;
+
+    if (query != NULL) {
+        if (query->server != NULL)
+            query->server->query = NULL;
+        ss_free(query);
+    }
+}
+
+static void
+resolv_cb(struct sockaddr *addr, void *data)
+{
+    query_t *query   = (query_t *)data;
+    server_t *server = query->server;
+
+    if (server == NULL)
+        return;
+
+    struct ev_loop *loop = server->listen_ctx->loop;
+
+    if (addr == NULL) {
+        LOGE("unable to resolve %s", query->hostname);
+        close_and_free_server(EV_A_ server);
+    } else {
+        if (s_verbose) {
+            LOGI("successfully resolved %s", query->hostname);
+        }
+
+        struct addrinfo info;
+        memset(&info, 0, sizeof(struct addrinfo));
+        info.ai_socktype = SOCK_STREAM;
+        info.ai_protocol = IPPROTO_TCP;
+        info.ai_addr     = addr;
+
+        if (addr->sa_family == AF_INET) {
+            info.ai_family  = AF_INET;
+            info.ai_addrlen = sizeof(struct sockaddr_in);
+        } else if (addr->sa_family == AF_INET6) {
+            info.ai_family  = AF_INET6;
+            info.ai_addrlen = sizeof(struct sockaddr_in6);
+        }
+
+        remote_t *remote = connect_to_remote(EV_A_ & info, server);
+
+        if (remote == NULL) {
+            close_and_free_server(EV_A_ server);
+        } else {
+            server->remote = remote;
+            remote->server = server;
+
+            // XXX: should handle buffer carefully
+            if (server->buf->len > 0) {
+                brealloc(remote->buf, server->buf->len, SOCKET_BUF_SIZE);
+                memcpy(remote->buf->data, server->buf->data + server->buf->idx,
+                       server->buf->len);
+                remote->buf->len = server->buf->len;
+                remote->buf->idx = 0;
+                server->buf->len = 0;
+                server->buf->idx = 0;
+            }
+
+            // listen to remote connected event
+            ev_io_start(EV_A_ & remote->send_ctx->io);
+        }
+    }
+}
+
+static void
+remote_recv_cb(EV_P_ ev_io *w, int revents)
+{
+    remote_ctx_t *remote_recv_ctx = (remote_ctx_t *)w;
+    remote_t *remote              = remote_recv_ctx->remote;
+    server_t *server              = remote->server;
+
+    if (server == NULL) {
+        LOGE("invalid server");
+        close_and_free_remote(EV_A_ remote);
+        return;
+    }
+
+    ev_timer_again(EV_A_ & server->recv_ctx->watcher);
+
+    ssize_t r = recv(remote->fd, server->buf->data, SOCKET_BUF_SIZE, 0);
+
+    if (r == 0) {
+        // connection closed
+        close_and_free_remote(EV_A_ remote);
+        close_and_free_server(EV_A_ server);
+        return;
+    } else if (r == -1) {
+        if (errno == EAGAIN || errno == EWOULDBLOCK) {
+            // no data
+            // continue to wait for recv
+            return;
+        } else {
+            ERROR("remote recv");
+            close_and_free_remote(EV_A_ remote);
+            close_and_free_server(EV_A_ server);
+            return;
+        }
+    }
+
+    rx += r;
+
+    // Ignore any new packet if the server is stopped
+    if (server->stage == STAGE_STOP) {
+        return;
+    }
+
+    server->buf->len = r;
+    int err = crypto->encrypt(server->buf, server->e_ctx, SOCKET_BUF_SIZE);
+
+    if (err) {
+        LOGE("invalid password or cipher");
+        close_and_free_remote(EV_A_ remote);
+        close_and_free_server(EV_A_ server);
+        return;
+    }
+
+#ifdef USE_NFCONNTRACK_TOS
+    setTosFromConnmark(remote, server);
+#endif
+    int s = send(server->fd, server->buf->data, server->buf->len, 0);
+
+    if (s == -1) {
+        if (errno == EAGAIN || errno == EWOULDBLOCK) {
+            // no data, wait for send
+            server->buf->idx = 0;
+            ev_io_stop(EV_A_ & remote_recv_ctx->io);
+            ev_io_start(EV_A_ & server->send_ctx->io);
+        } else {
+            ERROR("remote_recv_send");
+            close_and_free_remote(EV_A_ remote);
+            close_and_free_server(EV_A_ server);
+            return;
+        }
+    } else if (s < server->buf->len) {
+        server->buf->len -= s;
+        server->buf->idx  = s;
+        ev_io_stop(EV_A_ & remote_recv_ctx->io);
+        ev_io_start(EV_A_ & server->send_ctx->io);
+    }
+
+    // Disable TCP_NODELAY after the first response are sent
+    if (!remote->recv_ctx->connected && !no_delay) {
+        int opt = 0;
+        setsockopt(server->fd, SOL_TCP, TCP_NODELAY, &opt, sizeof(opt));
+        setsockopt(remote->fd, SOL_TCP, TCP_NODELAY, &opt, sizeof(opt));
+    }
+    remote->recv_ctx->connected = 1;
+}
+
+static void
+remote_send_cb(EV_P_ ev_io *w, int revents)
+{
+    remote_ctx_t *remote_send_ctx = (remote_ctx_t *)w;
+    remote_t *remote              = remote_send_ctx->remote;
+    server_t *server              = remote->server;
+
+    if (server == NULL) {
+        LOGE("invalid server");
+        close_and_free_remote(EV_A_ remote);
+        return;
+    }
+
+    if (!remote_send_ctx->connected) {
+#ifdef TCP_FASTOPEN_WINSOCK
+        if (fast_open) {
+            // Check if ConnectEx is done
+            if (!remote->connect_ex_done) {
+                DWORD numBytes;
+                DWORD flags;
+                // Non-blocking way to fetch ConnectEx result
+                if (WSAGetOverlappedResult(remote->fd, &remote->olap,
+                                           &numBytes, FALSE, &flags)) {
+                    remote->buf->len       -= numBytes;
+                    remote->buf->idx        = numBytes;
+                    remote->connect_ex_done = 1;
+                } else if (WSAGetLastError() == WSA_IO_INCOMPLETE) {
+                    // XXX: ConnectEx still not connected, wait for next time
+                    return;
+                } else {
+                    ERROR("WSAGetOverlappedResult");
+                    // not connected
+                    close_and_free_remote(EV_A_ remote);
+                    close_and_free_server(EV_A_ server);
+                    return;
+                }
+            }
+
+            // Make getpeername work
+            if (setsockopt(remote->fd, SOL_SOCKET,
+                           SO_UPDATE_CONNECT_CONTEXT, NULL, 0) != 0) {
+                ERROR("setsockopt");
+            }
+        }
+#endif
+        struct sockaddr_storage addr;
+        socklen_t len = sizeof(struct sockaddr_storage);
+        memset(&addr, 0, len);
+
+        int r = getpeername(remote->fd, (struct sockaddr *)&addr, &len);
+
+        if (r == 0) {
+            remote_send_ctx->connected = 1;
+
+            if (remote->buf->len == 0) {
+                server->stage = STAGE_STREAM;
+                ev_io_stop(EV_A_ & remote_send_ctx->io);
+                ev_io_start(EV_A_ & server->recv_ctx->io);
+                ev_io_start(EV_A_ & remote->recv_ctx->io);
+                return;
+            }
+        } else {
+            ERROR("getpeername");
+            // not connected
+            close_and_free_remote(EV_A_ remote);
+            close_and_free_server(EV_A_ server);
+            return;
+        }
+    }
+
+    if (remote->buf->len == 0) {
+        // close and free
+        close_and_free_remote(EV_A_ remote);
+        close_and_free_server(EV_A_ server);
+        return;
+    } else {
+        // has data to send
+        ssize_t s = send(remote->fd, remote->buf->data + remote->buf->idx,
+                         remote->buf->len, 0);
+        if (s == -1) {
+            if (errno != EAGAIN && errno != EWOULDBLOCK) {
+                ERROR("remote_send_send");
+                // close and free
+                close_and_free_remote(EV_A_ remote);
+                close_and_free_server(EV_A_ server);
+            }
+            return;
+        } else if (s < remote->buf->len) {
+            // partly sent, move memory, wait for the next time to send
+            remote->buf->len -= s;
+            remote->buf->idx += s;
+            return;
+        } else {
+            // all sent out, wait for reading
+            remote->buf->len = 0;
+            remote->buf->idx = 0;
+            ev_io_stop(EV_A_ & remote_send_ctx->io);
+            if (server != NULL) {
+                ev_io_start(EV_A_ & server->recv_ctx->io);
+                if (server->stage != STAGE_STREAM) {
+                    server->stage = STAGE_STREAM;
+                    ev_io_start(EV_A_ & remote->recv_ctx->io);
+                }
+            } else {
+                LOGE("invalid server");
+                close_and_free_remote(EV_A_ remote);
+                close_and_free_server(EV_A_ server);
+            }
+            return;
+        }
+    }
+}
+
+static remote_t *
+new_remote(int fd)
+{
+    if (s_verbose) {
+        remote_conn++;
+        LOGI("new connection to remote, %d opened remote connections", remote_conn);
+    }
+
+    remote_t *remote = ss_malloc(sizeof(remote_t));
+    memset(remote, 0, sizeof(remote_t));
+
+    remote->recv_ctx = ss_malloc(sizeof(remote_ctx_t));
+    remote->send_ctx = ss_malloc(sizeof(remote_ctx_t));
+    remote->buf      = ss_malloc(sizeof(buffer_t));
+    balloc(remote->buf, SOCKET_BUF_SIZE);
+    memset(remote->recv_ctx, 0, sizeof(remote_ctx_t));
+    memset(remote->send_ctx, 0, sizeof(remote_ctx_t));
+    remote->fd                  = fd;
+    remote->recv_ctx->remote    = remote;
+    remote->recv_ctx->connected = 0;
+    remote->send_ctx->remote    = remote;
+    remote->send_ctx->connected = 0;
+    remote->server              = NULL;
+
+    ev_io_init(&remote->recv_ctx->io, remote_recv_cb, fd, EV_READ);
+    ev_io_init(&remote->send_ctx->io, remote_send_cb, fd, EV_WRITE);
+
+    return remote;
+}
+
+static void
+free_remote(remote_t *remote)
+{
+    if (remote->server != NULL) {
+        remote->server->remote = NULL;
+    }
+    if (remote->buf != NULL) {
+        bfree(remote->buf);
+        ss_free(remote->buf);
+    }
+    ss_free(remote->recv_ctx);
+    ss_free(remote->send_ctx);
+    ss_free(remote);
+}
+
+static void
+close_and_free_remote(EV_P_ remote_t *remote)
+{
+    if (remote != NULL) {
+        ev_io_stop(EV_A_ & remote->send_ctx->io);
+        ev_io_stop(EV_A_ & remote->recv_ctx->io);
+        close(remote->fd);
+        free_remote(remote);
+        if (s_verbose) {
+            remote_conn--;
+            LOGI("close a connection to remote, %d opened remote connections", remote_conn);
+        }
+    }
+}
+
+static server_t *
+new_server(int fd, listen_ctx_t *listener)
+{
+    if (s_verbose) {
+        server_conn++;
+        LOGI("new connection from client, %d opened client connections", server_conn);
+    }
+
+    server_t *server;
+    server = ss_malloc(sizeof(server_t));
+
+    memset(server, 0, sizeof(server_t));
+
+    server->recv_ctx = ss_malloc(sizeof(server_ctx_t));
+    server->send_ctx = ss_malloc(sizeof(server_ctx_t));
+    server->buf      = ss_malloc(sizeof(buffer_t));
+    memset(server->recv_ctx, 0, sizeof(server_ctx_t));
+    memset(server->send_ctx, 0, sizeof(server_ctx_t));
+    balloc(server->buf, SOCKET_BUF_SIZE);
+    server->fd                  = fd;
+    server->recv_ctx->server    = server;
+    server->recv_ctx->connected = 0;
+    server->send_ctx->server    = server;
+    server->send_ctx->connected = 0;
+    server->stage               = STAGE_INIT;
+    server->frag                = 0;
+    server->query               = NULL;
+    server->listen_ctx          = listener;
+    server->remote              = NULL;
+
+    server->e_ctx = ss_malloc(sizeof(cipher_ctx_t));
+    server->d_ctx = ss_malloc(sizeof(cipher_ctx_t));
+    crypto->ctx_init(crypto->cipher, server->e_ctx, 1);
+    crypto->ctx_init(crypto->cipher, server->d_ctx, 0);
+
+    int timeout = max(MIN_TCP_IDLE_TIMEOUT, server->listen_ctx->timeout);
+    ev_io_init(&server->recv_ctx->io, server_recv_cb, fd, EV_READ);
+    ev_io_init(&server->send_ctx->io, server_send_cb, fd, EV_WRITE);
+    ev_timer_init(&server->recv_ctx->watcher, server_timeout_cb,
+                  timeout, timeout);
+
+    cork_dllist_add(&connections, &server->entries);
+
+    return server;
+}
+
+static void
+free_server(server_t *server)
+{
+#ifdef USE_NFCONNTRACK_TOS
+    if (server->tracker) {
+        struct dscptracker *tracker = server->tracker;
+        struct nf_conntrack *ct     = server->tracker->ct;
+        server->tracker = NULL;
+        if (ct) {
+            nfct_destroy(ct);
+        }
+        free(tracker);
+    }
+#endif
+    cork_dllist_remove(&server->entries);
+
+    if (server->remote != NULL) {
+        server->remote->server = NULL;
+    }
+    if (server->e_ctx != NULL) {
+        crypto->ctx_release(server->e_ctx);
+        ss_free(server->e_ctx);
+    }
+    if (server->d_ctx != NULL) {
+        crypto->ctx_release(server->d_ctx);
+        ss_free(server->d_ctx);
+    }
+    if (server->buf != NULL) {
+        bfree(server->buf);
+        ss_free(server->buf);
+    }
+
+    ss_free(server->recv_ctx);
+    ss_free(server->send_ctx);
+    ss_free(server);
+}
+
+static void
+close_and_free_server(EV_P_ server_t *server)
+{
+    if (server != NULL) {
+        if (server->query != NULL) {
+            server->query->server = NULL;
+            server->query         = NULL;
+        }
+        ev_io_stop(EV_A_ & server->send_ctx->io);
+        ev_io_stop(EV_A_ & server->recv_ctx->io);
+        ev_timer_stop(EV_A_ & server->recv_ctx->watcher);
+        close(server->fd);
+        free_server(server);
+        if (s_verbose) {
+            server_conn--;
+            LOGI("close a connection from client, %d opened client connections", server_conn);
+        }
+    }
+}
+
+static void
+signal_cb(EV_P_ ev_signal *w, int revents)
+{
+    if (revents & EV_SIGNAL) {
+        switch (w->signum) {
+#ifndef __MINGW32__
+        case SIGCHLD:
+            if (!is_plugin_running()) {
+                LOGE("plugin service exit unexpectedly");
+                ret_val = -1;
+            } else
+                return;
+#endif
+        case SIGINT:
+        case SIGTERM:
+            ev_signal_stop(EV_DEFAULT, &sigint_watcher);
+            ev_signal_stop(EV_DEFAULT, &sigterm_watcher);
+#ifndef __MINGW32__
+            ev_signal_stop(EV_DEFAULT, &sigchld_watcher);
+#else
+            ev_io_stop(EV_DEFAULT, &plugin_watcher.io);
+#endif
+            ev_unloop(EV_A_ EVUNLOOP_ALL);
+        }
+    }
+}
+
+#ifdef __MINGW32__
+static void
+plugin_watcher_cb(EV_P_ ev_io *w, int revents)
+{
+    char buf[1];
+    SOCKET fd = accept(plugin_watcher.fd, NULL, NULL);
+    if (fd == INVALID_SOCKET) {
+        return;
+    }
+    recv(fd, buf, 1, 0);
+    closesocket(fd);
+    LOGE("plugin service exit unexpectedly");
+    ret_val = -1;
+    ev_signal_stop(EV_DEFAULT, &sigint_watcher);
+    ev_signal_stop(EV_DEFAULT, &sigterm_watcher);
+    ev_io_stop(EV_DEFAULT, &plugin_watcher.io);
+    ev_unloop(EV_A_ EVUNLOOP_ALL);
+}
+
+#endif
+
+static void
+accept_cb(EV_P_ ev_io *w, int revents)
+{
+    listen_ctx_t *listener = (listen_ctx_t *)w;
+    int serverfd           = accept(listener->fd, NULL, NULL);
+    if (serverfd == -1) {
+        ERROR("accept");
+        return;
+    }
+
+    char *peer_name = get_peer_name(serverfd);
+    if (peer_name != NULL) {
+        if (acl) {
+            if ((get_acl_mode() == BLACK_LIST && acl_match_host(peer_name) == 1)
+                || (get_acl_mode() == WHITE_LIST && acl_match_host(peer_name) >= 0)) {
+                LOGE("Access denied from %s", peer_name);
+                close(serverfd);
+                return;
+            }
+        }
+    }
+
+    int opt = 1;
+    setsockopt(serverfd, SOL_TCP, TCP_NODELAY, &opt, sizeof(opt));
+#ifdef SO_NOSIGPIPE
+    setsockopt(serverfd, SOL_SOCKET, SO_NOSIGPIPE, &opt, sizeof(opt));
+#endif
+    srv_setnonblocking(serverfd);
+
+    server_t *server = new_server(serverfd, listener);
+    ev_io_start(EV_A_ & server->recv_ctx->io);
+    ev_timer_start(EV_A_ & server->recv_ctx->watcher);
+}
+
+#ifndef LIB_ONLY
+int
+main(int argc, char **argv)
+{
+    int i, c;
+    int pid_flags   = 0;
+    int mptcp       = 0;
+    int mtu         = 0;
+    char *user      = NULL;
+    char *password  = NULL;
+    char *key       = NULL;
+    char *timeout   = NULL;
+    char *method    = NULL;
+    char *pid_path  = NULL;
+    char *conf_path = NULL;
+    char *iface     = NULL;
+
+    char *server_port = NULL;
+    char *plugin_opts = NULL;
+    char *plugin_host = NULL;
+    char *plugin_port = NULL;
+    char tmp_port[8];
+    char *nameservers = NULL;
+
+    int server_num = 0;
+    ss_addr_t server_addr[MAX_REMOTE_NUM];
+    memset(server_addr, 0, sizeof(ss_addr_t) * MAX_REMOTE_NUM);
+    memset(&local_addr_v4, 0, sizeof(struct sockaddr_storage));
+    memset(&local_addr_v6, 0, sizeof(struct sockaddr_storage));
+
+    static struct option long_options[] = {
+        { "fast-open",       no_argument,       NULL, GETOPT_VAL_FAST_OPEN   },
+        { "reuse-port",      no_argument,       NULL, GETOPT_VAL_REUSE_PORT  },
+        { "no-delay",        no_argument,       NULL, GETOPT_VAL_NODELAY     },
+        { "acl",             required_argument, NULL, GETOPT_VAL_ACL         },
+        { "manager-address", required_argument, NULL,
+          GETOPT_VAL_MANAGER_ADDRESS },
+        { "mtu",             required_argument, NULL, GETOPT_VAL_MTU         },
+        { "help",            no_argument,       NULL, GETOPT_VAL_HELP        },
+        { "plugin",          required_argument, NULL, GETOPT_VAL_PLUGIN      },
+        { "plugin-opts",     required_argument, NULL, GETOPT_VAL_PLUGIN_OPTS },
+        { "password",        required_argument, NULL, GETOPT_VAL_PASSWORD    },
+        { "key",             required_argument, NULL, GETOPT_VAL_KEY         },
+#ifdef __linux__
+        { "mptcp",           no_argument,       NULL, GETOPT_VAL_MPTCP       },
+#endif
+        { NULL,              0,                 NULL, 0                      }
+    };
+
+    opterr = 0;
+
+    USE_TTY();
+
+    while ((c = getopt_long(argc, argv, "f:s:p:l:k:t:m:b:c:i:d:a:n:huUv6A",
+                            long_options, NULL)) != -1) {
+        switch (c) {
+        case GETOPT_VAL_FAST_OPEN:
+            fast_open = 1;
+            break;
+        case GETOPT_VAL_NODELAY:
+            no_delay = 1;
+            LOGI("enable TCP no-delay");
+            break;
+        case GETOPT_VAL_ACL:
+            LOGI("initializing acl...");
+            acl = !init_acl(optarg);
+            break;
+        case GETOPT_VAL_MANAGER_ADDRESS:
+            manager_addr = optarg;
+            break;
+        case GETOPT_VAL_MTU:
+            mtu = atoi(optarg);
+            LOGI("set MTU to %d", mtu);
+            break;
+        case GETOPT_VAL_PLUGIN:
+            plugin = optarg;
+            break;
+        case GETOPT_VAL_PLUGIN_OPTS:
+            plugin_opts = optarg;
+            break;
+        case GETOPT_VAL_MPTCP:
+            mptcp = 1;
+            LOGI("enable multipath TCP");
+            break;
+        case GETOPT_VAL_KEY:
+            key = optarg;
+            break;
+        case GETOPT_VAL_REUSE_PORT:
+            reuse_port = 1;
+            break;
+        case 's':
+            if (server_num < MAX_REMOTE_NUM) {
+                parse_addr(optarg, &server_addr[server_num++]);
+            }
+            break;
+        case 'b':
+            is_bind_local_addr += parse_local_addr(&local_addr_v4, &local_addr_v6, optarg);
+            break;
+        case 'p':
+            server_port = optarg;
+            break;
+        case GETOPT_VAL_PASSWORD:
+        case 'k':
+            password = optarg;
+            break;
+        case 'f':
+            pid_flags = 1;
+            pid_path  = optarg;
+            break;
+        case 't':
+            timeout = optarg;
+            break;
+        case 'm':
+            method = optarg;
+            break;
+        case 'c':
+            conf_path = optarg;
+            break;
+        case 'i':
+            iface = optarg;
+            break;
+        case 'd':
+            nameservers = optarg;
+            break;
+        case 'a':
+            user = optarg;
+            break;
+#ifdef HAVE_SETRLIMIT
+        case 'n':
+            nofile = atoi(optarg);
+            break;
+#endif
+        case 'u':
+            mode = TCP_AND_UDP;
+            break;
+        case 'U':
+            mode = UDP_ONLY;
+            break;
+        case 'v':
+            verbose = 1;
+            break;
+        case GETOPT_VAL_HELP:
+        case 'h':
+            usage();
+            exit(EXIT_SUCCESS);
+        case '6':
+            ipv6first = 1;
+            break;
+        case 'A':
+            FATAL("One time auth has been deprecated. Try AEAD ciphers instead.");
+            break;
+        case '?':
+            // The option character is not recognized.
+            LOGE("Unrecognized option: %s", optarg);
+            opterr = 1;
+            break;
+        }
+    }
+
+    if (opterr) {
+        usage();
+        exit(EXIT_FAILURE);
+    }
+
+    if (argc == 1) {
+        if (conf_path == NULL) {
+            conf_path = get_default_conf();
+        }
+    }
+
+    if (conf_path != NULL) {
+        jconf_t *conf = read_jconf(conf_path);
+        if (server_num == 0) {
+            server_num = conf->remote_num;
+            for (i = 0; i < server_num; i++)
+                server_addr[i] = conf->remote_addr[i];
+        }
+        if (server_port == NULL) {
+            server_port = conf->remote_port;
+        }
+        if (password == NULL) {
+            password = conf->password;
+        }
+        if (key == NULL) {
+            key = conf->key;
+        }
+        if (method == NULL) {
+            method = conf->method;
+        }
+        if (timeout == NULL) {
+            timeout = conf->timeout;
+        }
+        if (user == NULL) {
+            user = conf->user;
+        }
+        if (plugin == NULL) {
+            plugin = conf->plugin;
+        }
+        if (plugin_opts == NULL) {
+            plugin_opts = conf->plugin_opts;
+        }
+        if (mode == TCP_ONLY) {
+            mode = conf->mode;
+        }
+        if (mtu == 0) {
+            mtu = conf->mtu;
+        }
+        if (mptcp == 0) {
+            mptcp = conf->mptcp;
+        }
+        if (no_delay == 0) {
+            no_delay = conf->no_delay;
+        }
+        if (reuse_port == 0) {
+            reuse_port = conf->reuse_port;
+        }
+        if (fast_open == 0) {
+            fast_open = conf->fast_open;
+        }
+        if (is_bind_local_addr == 0) {
+            is_bind_local_addr += parse_local_addr(&local_addr_v4, &local_addr_v6, conf->local_addr);
+        }
+        if (is_bind_local_addr == 0) {
+            is_bind_local_addr += parse_local_addr(&local_addr_v4, &local_addr_v6, conf->local_addr_v4);
+            is_bind_local_addr += parse_local_addr(&local_addr_v4, &local_addr_v6, conf->local_addr_v6);
+        }
+#ifdef HAVE_SETRLIMIT
+        if (nofile == 0) {
+            nofile = conf->nofile;
+        }
+#endif
+        if (nameservers == NULL) {
+            nameservers = conf->nameserver;
+        }
+        if (ipv6first == 0) {
+            ipv6first = conf->ipv6_first;
+        }
+        if (acl == 0 && conf->acl != NULL) {
+            LOGI("initializing acl...");
+            acl = !init_acl(conf->acl);
+        }
+    }
+
+    if (server_num == 0) {
+        server_addr[server_num++].host = "0.0.0.0";
+    }
+
+    if (server_num == 0 || server_port == NULL
+        || (password == NULL && key == NULL)) {
+        usage();
+        exit(EXIT_FAILURE);
+    }
+
+    if (is_ipv6only(server_addr, server_num, ipv6first)) {
+        plugin_host = "::1";
+    } else {
+        plugin_host = "127.0.0.1";
+    }
+
+    remote_port = server_port;
+
+#ifdef __MINGW32__
+    winsock_init();
+#endif
+
+    if (plugin != NULL) {
+        uint16_t port = get_local_port();
+        if (port == 0) {
+            FATAL("failed to find a free port");
+        }
+        snprintf(tmp_port, 8, "%d", port);
+        plugin_port = server_port;
+        server_port = tmp_port;
+
+#ifdef __MINGW32__
+        memset(&plugin_watcher, 0, sizeof(plugin_watcher));
+        plugin_watcher.port = get_local_port();
+        if (plugin_watcher.port == 0) {
+            LOGE("failed to assign a control port for plugin");
+        }
+#endif
+    }
+
+    if (method == NULL) {
+        method = "chacha20-ietf-poly1305";
+    }
+
+    if (timeout == NULL) {
+        timeout = "60";
+    }
+
+#ifdef HAVE_SETRLIMIT
+    /*
+     * no need to check the return value here since we will show
+     * the user an error message if setrlimit(2) fails
+     */
+    if (nofile > 1024) {
+        if (verbose) {
+            LOGI("setting NOFILE to %d", nofile);
+        }
+//        set_nofile(nofile);
+    }
+#endif
+
+    USE_SYSLOG(argv[0], pid_flags);
+    if (pid_flags) {
+        daemonize(pid_path);
+    }
+
+    if (ipv6first) {
+        LOGI("resolving hostname to IPv6 address first");
+    }
+
+    if (fast_open == 1) {
+#ifdef TCP_FASTOPEN
+        LOGI("using tcp fast open");
+#else
+        LOGE("tcp fast open is not supported by this environment");
+        fast_open = 0;
+#endif
+    }
+
+    if (plugin != NULL) {
+        LOGI("plugin \"%s\" enabled", plugin);
+    }
+
+    if (mode != TCP_ONLY) {
+        LOGI("UDP relay enabled");
+    }
+
+    if (mode == UDP_ONLY) {
+        LOGI("TCP relay disabled");
+    }
+
+    if (no_delay) {
+        LOGI("enable TCP no-delay");
+    }
+
+#ifndef __MINGW32__
+    // ignore SIGPIPE
+    signal(SIGPIPE, SIG_IGN);
+    signal(SIGABRT, SIG_IGN);
+#endif
+
+    ev_signal_init(&sigint_watcher, signal_cb, SIGINT);
+    ev_signal_init(&sigterm_watcher, signal_cb, SIGTERM);
+    ev_signal_start(EV_DEFAULT, &sigint_watcher);
+    ev_signal_start(EV_DEFAULT, &sigterm_watcher);
+#ifndef __MINGW32__
+    ev_signal_init(&sigchld_watcher, signal_cb, SIGCHLD);
+    ev_signal_start(EV_DEFAULT, &sigchld_watcher);
+#endif
+
+    // setup keys
+    LOGI("initializing ciphers... %s", method);
+    crypto = crypto_init(password, key, method);
+    if (crypto == NULL)
+        FATAL("failed to initialize ciphers");
+
+    // initialize ev loop
+    struct ev_loop *loop = EV_DEFAULT;
+
+    // setup dns
+    resolv_init(loop, nameservers, ipv6first);
+
+    if (nameservers != NULL)
+        LOGI("using nameserver: %s", nameservers);
+
+#ifdef __MINGW32__
+    // Listen on plugin control port
+    if (plugin != NULL && plugin_watcher.port != 0) {
+        SOCKET fd;
+        fd = socket(AF_INET, SOCK_STREAM, IPPROTO_TCP);
+        if (fd != INVALID_SOCKET) {
+            plugin_watcher.valid = 0;
+            do {
+                struct sockaddr_in addr;
+                memset(&addr, 0, sizeof(addr));
+                addr.sin_family      = AF_INET;
+                addr.sin_addr.s_addr = htonl(INADDR_LOOPBACK);
+                addr.sin_port        = htons(plugin_watcher.port);
+                if (bind(fd, (struct sockaddr *)&addr, sizeof(addr))) {
+                    LOGE("failed to bind plugin control port");
+                    break;
+                }
+                if (listen(fd, 1)) {
+                    LOGE("failed to listen on plugin control port");
+                    break;
+                }
+                plugin_watcher.fd = fd;
+                ev_io_init(&plugin_watcher.io, plugin_watcher_cb, fd, EV_READ);
+                ev_io_start(EV_DEFAULT, &plugin_watcher.io);
+                plugin_watcher.valid = 1;
+            } while (0);
+            if (!plugin_watcher.valid) {
+                closesocket(fd);
+                plugin_watcher.port = 0;
+            }
+        }
+    }
+#endif
+
+    // Start plugin server
+    if (plugin != NULL) {
+        int len          = 0;
+        size_t buf_size  = 256 * server_num;
+        char *server_str = ss_malloc(buf_size);
+
+        snprintf(server_str, buf_size, "%s", server_addr[0].host);
+        len = strlen(server_str);
+        for (int i = 1; i < server_num; i++) {
+            snprintf(server_str + len, buf_size - len, "|%s", server_addr[i].host);
+            len = strlen(server_str);
+        }
+
+        int err = start_plugin(plugin, plugin_opts, server_str,
+                               plugin_port, plugin_host, server_port,
+#ifdef __MINGW32__
+                               plugin_watcher.port,
+#endif
+                               MODE_SERVER);
+        if (err) {
+            ERROR("start_plugin");
+            FATAL("failed to start the plugin");
+        }
+    }
+
+    // initialize listen context
+    listen_ctx_t listen_ctx_list[server_num];
+
+    // bind to each interface
+    if (mode != UDP_ONLY) {
+        int num_listen_ctx = 0;
+        for (int i = 0; i < server_num; i++) {
+            const char *host = server_addr[i].host;
+            const char *port = server_addr[i].port ? server_addr[i].port : server_port;
+
+            if (plugin != NULL) {
+                host = plugin_host;
+            }
+
+            if (host && ss_is_ipv6addr(host))
+                LOGI("tcp server listening at [%s]:%s", host, port);
+            else
+                LOGI("tcp server listening at %s:%s", host ? host : "0.0.0.0", port);
+
+            // Bind to port
+            int listenfd;
+            listenfd = create_and_bind(host, port, mptcp);
+            if (listenfd == -1) {
+                continue;
+            }
+            if (listen(listenfd, SSMAXCONN) == -1) {
+                ERROR("listen()");
+                continue;
+            }
+            setfastopen(listenfd);
+            setnonblocking(listenfd);
+            listen_ctx_t *listen_ctx = &listen_ctx_list[i];
+
+            // Setup proxy context
+            listen_ctx->timeout = atoi(timeout);
+            listen_ctx->fd      = listenfd;
+            listen_ctx->iface   = iface;
+            listen_ctx->loop    = loop;
+
+            ev_io_init(&listen_ctx->io, accept_cb, listenfd, EV_READ);
+            ev_io_start(loop, &listen_ctx->io);
+
+            num_listen_ctx++;
+
+            if (plugin != NULL)
+                break;
+        }
+
+        if (num_listen_ctx == 0) {
+            FATAL("failed to listen on any address");
+        }
+    }
+
+    if (mode != TCP_ONLY) {
+        int num_listen_ctx = 0;
+        for (int i = 0; i < server_num; i++) {
+            const char *host = server_addr[i].host;
+            const char *port = server_addr[i].port ? server_addr[i].port : server_port;
+            if (plugin != NULL) {
+                port = plugin_port;
+            }
+            if (host && ss_is_ipv6addr(host))
+                LOGI("udp server listening at [%s]:%s", host, port);
+            else
+                LOGI("udp server listening at %s:%s", host ? host : "0.0.0.0", port);
+            // Setup UDP
+//            int err = init_udprelay(host, port, mtu, crypto, atoi(timeout), iface);
+            int err = init_udprelay(host,
+                                    port,
+                                    NULL,
+                                    0,
+                                    mtu,
+                                    crypto,
+                                    atoi(timeout),
+                                    iface);
+            
+            
+            if (err == -1)
+                continue;
+            num_listen_ctx++;
+        }
+
+        if (num_listen_ctx == 0) {
+            FATAL("failed to listen on any address");
+        }
+    }
+
+#ifndef __MINGW32__
+    if (manager_addr != NULL) {
+        ev_timer_init(&stat_update_watcher, stat_update_cb, UPDATE_INTERVAL, UPDATE_INTERVAL);
+        ev_timer_start(EV_DEFAULT, &stat_update_watcher);
+    }
+#endif
+
+#ifndef __MINGW32__
+    // setuid
+    if (user != NULL && !run_as(user)) {
+        FATAL("failed to switch user");
+    }
+
+    if (geteuid() == 0) {
+        LOGI("running from root user");
+    }
+#endif
+
+    // Init connections
+    cork_dllist_init(&connections);
+
+    // start ev loop
+    ev_run(loop, 0);
+
+    if (verbose) {
+        LOGI("closed gracefully");
+    }
+
+#ifndef __MINGW32__
+    if (manager_addr != NULL) {
+        ev_timer_stop(EV_DEFAULT, &stat_update_watcher);
+    }
+#endif
+
+    if (plugin != NULL) {
+        stop_plugin();
+    }
+
+    // Clean up
+
+    resolv_shutdown(loop);
+
+    for (int i = 0; i < server_num; i++) {
+        listen_ctx_t *listen_ctx = &listen_ctx_list[i];
+        if (mode != UDP_ONLY) {
+            ev_io_stop(loop, &listen_ctx->io);
+            close(listen_ctx->fd);
+        }
+        if (plugin != NULL)
+            break;
+    }
+
+    if (mode != UDP_ONLY) {
+        free_connections(loop);
+    }
+
+    if (mode != TCP_ONLY) {
+        free_udprelay();
+    }
+
+#ifdef __MINGW32__
+    if (plugin_watcher.valid) {
+        closesocket(plugin_watcher.fd);
+    }
+
+    winsock_cleanup();
+#endif
+
+    return ret_val;
+}
+
+#endif
diff --git a/client/3rd/ShadowSocks/ShadowSocks/shadowsocks-libev/src/server.h b/client/3rd/ShadowSocks/ShadowSocks/shadowsocks-libev/src/server.h
new file mode 100644
index 00000000..cdff2c15
--- /dev/null
+++ b/client/3rd/ShadowSocks/ShadowSocks/shadowsocks-libev/src/server.h
@@ -0,0 +1,121 @@
+/*
+ * server.h - Define shadowsocks server's buffers and callbacks
+ *
+ * Copyright (C) 2013 - 2019, Max Lv <max.c.lv@gmail.com>
+ *
+ * This file is part of the shadowsocks-libev.
+ *
+ * shadowsocks-libev is free software; you can redistribute it and/or modify
+ * it under the terms of the GNU General Public License as published by
+ * the Free Software Foundation; either version 3 of the License, or
+ * (at your option) any later version.
+ *
+ * shadowsocks-libev is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+ * GNU General Public License for more details.
+ *
+ * You should have received a copy of the GNU General Public License
+ * along with shadowsocks-libev; see the file COPYING. If not, see
+ * <http://www.gnu.org/licenses/>.
+ */
+
+#ifndef _SERVER_H
+#define _SERVER_H
+
+#include <time.h>
+#include <libcork/ds.h>
+
+#ifdef HAVE_LIBEV_EV_H
+#include <libev/ev.h>
+#else
+#include <ev.h>
+#endif
+
+#ifdef __MINGW32__
+#include "winsock.h"
+#endif
+
+#include "crypto.h"
+#include "jconf.h"
+#include "netutils.h"
+
+#include "common.h"
+
+typedef struct listen_ctx {
+    ev_io io;
+    int fd;
+    int timeout;
+    char *iface;
+    struct ev_loop *loop;
+} listen_ctx_t;
+
+typedef struct server_ctx {
+    ev_io io;
+    ev_timer watcher;
+    int connected;
+    struct server *server;
+} server_ctx_t;
+
+#ifdef USE_NFCONNTRACK_TOS
+
+#include <libnetfilter_conntrack/libnetfilter_conntrack.h>
+#include <libnetfilter_conntrack/libnetfilter_conntrack_tcp.h>
+
+struct dscptracker {
+    struct nf_conntrack *ct;
+    long unsigned int mark;
+    unsigned int dscp;
+    unsigned int packet_count;
+};
+
+#endif
+
+struct query;
+
+typedef struct server {
+    int fd;
+    int stage;
+    int frag;
+
+    buffer_t *buf;
+
+    cipher_ctx_t *e_ctx;
+    cipher_ctx_t *d_ctx;
+    struct server_ctx *recv_ctx;
+    struct server_ctx *send_ctx;
+    struct listen_ctx *listen_ctx;
+    struct remote *remote;
+
+    struct query *query;
+
+    struct cork_dllist_item entries;
+#ifdef USE_NFCONNTRACK_TOS
+    struct dscptracker *tracker;
+#endif
+} server_t;
+
+typedef struct query {
+    server_t *server;
+    char hostname[MAX_HOSTNAME_LEN];
+} query_t;
+
+typedef struct remote_ctx {
+    ev_io io;
+    int connected;
+    struct remote *remote;
+} remote_ctx_t;
+
+typedef struct remote {
+    int fd;
+#ifdef TCP_FASTOPEN_WINSOCK
+    OVERLAPPED olap;
+    int connect_ex_done;
+#endif
+    buffer_t *buf;
+    struct remote_ctx *recv_ctx;
+    struct remote_ctx *send_ctx;
+    struct server *server;
+} remote_t;
+
+#endif // _SERVER_H
diff --git a/client/3rd/ShadowSocks/ShadowSocks/shadowsocks-libev/src/shadowsocks.h b/client/3rd/ShadowSocks/ShadowSocks/shadowsocks-libev/src/shadowsocks.h
new file mode 100644
index 00000000..6c36611f
--- /dev/null
+++ b/client/3rd/ShadowSocks/ShadowSocks/shadowsocks-libev/src/shadowsocks.h
@@ -0,0 +1,101 @@
+/*
+ * shadowsocks.h - Header files of library interfaces
+ *
+ * Copyright (C) 2013 - 2019, Max Lv <max.c.lv@gmail.com>
+ *
+ * This file is part of the shadowsocks-libev.
+ * shadowsocks-libev is free software; you can redistribute it and/or modify
+ * it under the terms of the GNU General Public License as published by
+ * the Free Software Foundation; either version 3 of the License, or
+ * (at your option) any later version.
+ *
+ * shadowsocks-libev is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+ * GNU General Public License for more details.
+ *
+ * You should have received a copy of the GNU General Public License
+ * along with shadowsocks-libev; see the file COPYING. If not, see
+ * <http://www.gnu.org/licenses/>.
+ */
+
+#ifndef _SHADOWSOCKS_H
+#define _SHADOWSOCKS_H
+
+typedef struct {
+    /*  Required  */
+    char *remote_host;    // hostname or ip of remote server
+    char *local_addr;     // local ip to bind
+    char *method;         // encryption method
+    char *password;       // password of remote server
+    int remote_port;      // port number of remote server
+    int local_port;       // port number of local server
+    int timeout;          // connection timeout
+
+    /*  Optional, set NULL if not valid   */
+    char *acl;            // file path to acl
+    char *log;            // file path to log
+    int fast_open;        // enable tcp fast open
+    int mode;             // enable udp relay
+    int mtu;              // MTU of interface
+    int mptcp;            // enable multipath TCP
+    int verbose;          // verbose mode
+} profile_t;
+
+/* An example profile
+ *
+ * const profile_t EXAMPLE_PROFILE = {
+ *  .remote_host = "example.com",
+ *  .local_addr = "127.0.0.1",
+ *  .method = "bf-cfb",
+ *  .password = "barfoo!",
+ *  .remote_port = 8338,
+ *  .local_port = 1080,
+ *  .timeout = 600;
+ *  .acl = NULL,
+ *  .log = NULL,
+ *  .fast_open = 0,
+ *  .mode = 0,
+ *  .verbose = 0
+ * };
+ */
+
+#ifdef __cplusplus
+extern "C" {
+#endif
+
+typedef void (*ss_local_callback)(int socks_fd, int udp_fd, void *data);
+
+/*
+ * Create and start a shadowsocks local server.
+ *
+ * Calling this function will block the current thread forever if the server
+ * starts successfully.
+ *
+ * Make sure start the server in a separate process to avoid any potential
+ * memory and socket leak.
+ *
+ * If failed, -1 is returned. Errors will output to the log file.
+ */
+int start_ss_local_server(profile_t profile);
+
+/*
+ * Create and start a shadowsocks local server, specifying a callback.
+ *
+ * The callback is invoked when the local server has started successfully. It passes the SOCKS
+ * server and UDP relay file descriptors, along with any supplied user data.
+ *
+ * Returns -1 on failure.
+ */
+int start_ss_local_server_with_callback(profile_t profile, ss_local_callback callback, void *udata);
+
+#ifdef __cplusplus
+}
+#endif
+
+// To stop the service on posix system, just kill the daemon process
+// kill(pid, SIGKILL);
+// Otherwise, If you start the service in a thread, you may need to send a signal SIGUSER1 to the thread.
+// pthread_kill(pthread_t, SIGUSR1);
+
+#endif // _SHADOWSOCKS_H
diff --git a/client/3rd/ShadowSocks/ShadowSocks/shadowsocks-libev/src/socks5.h b/client/3rd/ShadowSocks/ShadowSocks/shadowsocks-libev/src/socks5.h
new file mode 100644
index 00000000..42dbcfe2
--- /dev/null
+++ b/client/3rd/ShadowSocks/ShadowSocks/shadowsocks-libev/src/socks5.h
@@ -0,0 +1,75 @@
+/*
+ * socks5.h - Define SOCKS5's header
+ *
+ * Copyright (C) 2013, clowwindy <clowwindy42@gmail.com>
+ *
+ * This file is part of the shadowsocks-libev.
+ *
+ * shadowsocks-libev is free software; you can redistribute it and/or modify
+ * it under the terms of the GNU General Public License as published by
+ * the Free Software Foundation; either version 3 of the License, or
+ * (at your option) any later version.
+ *
+ * shadowsocks-libev is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+ * GNU General Public License for more details.
+ *
+ * You should have received a copy of the GNU General Public License
+ * along with shadowsocks-libev; see the file COPYING. If not, see
+ * <http://www.gnu.org/licenses/>.
+ */
+
+#ifndef _SOCKS5_H
+#define _SOCKS5_H
+
+#define SVERSION 0x05
+#define METHOD_NOAUTH 0x00
+#define METHOD_UNACCEPTABLE 0xff
+
+// see also: https://www.ietf.org/rfc/rfc1928.txt
+#define SOCKS5_CMD_CONNECT 0x01
+#define SOCKS5_CMD_BIND 0x02
+#define SOCKS5_CMD_UDP_ASSOCIATE 0x03
+
+#define SOCKS5_ATYP_IPV4 0x01
+#define SOCKS5_ATYP_DOMAIN 0x03
+#define SOCKS5_ATYP_IPV6 0x04
+
+#define SOCKS5_REP_SUCCEEDED 0x00
+#define SOCKS5_REP_GENERAL 0x01
+#define SOCKS5_REP_CONN_DISALLOWED 0x02
+#define SOCKS5_REP_NETWORK_UNREACHABLE 0x03
+#define SOCKS5_REP_HOST_UNREACHABLE 0x04
+#define SOCKS5_REP_CONN_REFUSED 0x05
+#define SOCKS5_REP_TTL_EXPIRED 0x06
+#define SOCKS5_REP_CMD_NOT_SUPPORTED 0x07
+#define SOCKS5_REP_ADDRTYPE_NOT_SUPPORTED 0x08
+#define SOCKS5_REP_FF_UNASSIGNED 0x09
+
+struct method_select_request {
+    unsigned char ver;
+    unsigned char nmethods;
+    unsigned char methods[0];
+} __attribute__((packed, aligned(1)));
+
+struct method_select_response {
+    unsigned char ver;
+    unsigned char method;
+} __attribute__((packed, aligned(1)));
+
+struct socks5_request {
+    unsigned char ver;
+    unsigned char cmd;
+    unsigned char rsv;
+    unsigned char atyp;
+} __attribute__((packed, aligned(1)));
+
+struct socks5_response {
+    unsigned char ver;
+    unsigned char rep;
+    unsigned char rsv;
+    unsigned char atyp;
+} __attribute__((packed, aligned(1)));
+
+#endif // _SOCKS5_H
diff --git a/client/3rd/ShadowSocks/ShadowSocks/shadowsocks-libev/src/ss-nat b/client/3rd/ShadowSocks/ShadowSocks/shadowsocks-libev/src/ss-nat
new file mode 100755
index 00000000..2aa3980e
--- /dev/null
+++ b/client/3rd/ShadowSocks/ShadowSocks/shadowsocks-libev/src/ss-nat
@@ -0,0 +1,246 @@
+#!/bin/bash
+#
+# Copyright (C) 2015 OpenWrt-dist
+# Copyright (C) 2015 Jian Chang <aa65535@live.com>
+#
+# This is free software, licensed under the GNU General Public License v3.
+# See /LICENSE for more information.
+#
+
+TAG="SS_SPEC"          # iptables tag
+IPT="iptables -t nat"  # alias of iptables
+FWI=$(uci get firewall.shadowsocks.path 2>/dev/null)  # firewall include file
+IP_REGEX="^([0-9]{1,3}\.){3}[0-9]{1,3}"		      # used to check if input is a valid IP
+
+usage() {
+	cat <<-EOF
+
+    Copyright (C) 2015 OpenWrt-dist
+    Copyright (C) 2015 Jian Chang <aa65535@live.com>
+
+    Usage: ss-nat [options]
+
+    Valid options are:
+
+        -s <server_ip>          hostname (requires dig) or ip address of shadowsocks remote server
+        -l <local_port>         port number of shadowsocks local server
+        -S <server_ip>          hostname (requires dig) or ip address of shadowsocks remote UDP server
+        -L <local_port>         port number of shadowsocks local UDP server
+        -i <ip_list_file>       a file content is bypassed ip list
+        -I <interface>          lan interface of nat, default: eth0
+        -a <lan_ips>            lan ip of access control, need a prefix to
+        define access control mode
+        -b <wan_ips>            wan ip of will be bypassed
+        -w <wan_ips>            wan ip of will be forwarded
+        -e <extra_options>      extra options for iptables
+        -o                      apply the rules to the OUTPUT chain
+        -u                      enable udprelay mode, TPROXY is required
+        -U                      enable udprelay mode, using different IP
+        and ports for TCP and UDP
+        -f                      flush the rules
+        -h                      show this help message and exit
+
+    This is free software, licensed under the GNU General Public License v3.
+    See /LICENSE for more information.
+
+EOF
+	exit $1
+}
+
+loger() {
+	# 1.alert 2.crit 3.err 4.warn 5.notice 6.info 7.debug
+	logger -st ss-nat[$$] -p$1 $2
+}
+
+flush_r() {
+	iptables-save -c | grep -v "$TAG" | iptables-restore -c
+	ip rule del fwmark 0x01/0x01 table 100 2>/dev/null
+	ip route del local 0.0.0.0/0 dev lo table 100 2>/dev/null
+	ipset -X ss_spec_lan_ac 2>/dev/null
+	ipset -X ss_spec_wan_ac 2>/dev/null
+	[ -n "$FWI" ] && echo '#!/bin/sh' >$FWI
+	return 0
+}
+
+ipset_r() {
+	ipset -! -R <<-EOF || return 1
+		create ss_spec_wan_ac hash:net
+		$(gen_iplist | sed "/^\s*$/d" | sed -e "s/^/add ss_spec_wan_ac /")
+		$(for ip in $WAN_FW_IP; do echo "add ss_spec_wan_ac $ip nomatch"; done)
+EOF
+	$IPT -N SS_SPEC_WAN_AC && \
+	$IPT -A SS_SPEC_WAN_AC -m set --match-set ss_spec_wan_ac dst -j RETURN && \
+	$IPT -A SS_SPEC_WAN_AC -j SS_SPEC_WAN_FW
+	return $?
+}
+
+fw_rule() {
+	$IPT -N SS_SPEC_WAN_FW && \
+	$IPT -A SS_SPEC_WAN_FW -p tcp \
+		-j REDIRECT --to-ports $local_port 2>/dev/null || {
+		loger 3 "Can't redirect, please check the iptables."
+		exit 1
+	}
+	return $?
+}
+
+ac_rule() {
+	if [ -n "$LAN_AC_IP" ]; then
+		case "${LAN_AC_IP:0:1}" in
+			w|W)
+				MATCH_SET="-m set --match-set ss_spec_lan_ac src"
+				;;
+			b|B)
+				MATCH_SET="-m set ! --match-set ss_spec_lan_ac src"
+				;;
+			*)
+				loger 3 "Illegal argument \`-a $LAN_AC_IP\`."
+				return 2
+				;;
+		esac
+	fi
+	IFNAME=${IFNAME:-eth0}
+	ipset -! -R <<-EOF || return 1
+		create ss_spec_lan_ac hash:net
+		$(for ip in ${LAN_AC_IP:1}; do echo "add ss_spec_lan_ac $ip"; done)
+EOF
+	$IPT -I PREROUTING 1 ${IFNAME:+-i $IFNAME} -p tcp $EXT_ARGS $MATCH_SET \
+		-j SS_SPEC_WAN_AC
+	if [ "$OUTPUT" = 1 ]; then
+		$IPT -I OUTPUT 1 -p tcp $EXT_ARGS -j SS_SPEC_WAN_AC
+	fi
+	return $?
+}
+
+tp_rule() {
+	lsmod | grep -q TPROXY || return 0
+	[ -n "$TPROXY" ] || return 0
+	ip rule add fwmark 0x01/0x01 table 100
+	ip route add local 0.0.0.0/0 dev lo table 100
+	local ipt="iptables -t mangle"
+	$ipt -N SS_SPEC_TPROXY
+	$ipt -A SS_SPEC_TPROXY -p udp -m set ! --match-set ss_spec_wan_ac dst \
+		-j TPROXY --on-port "$LOCAL_PORT" --tproxy-mark 0x01/0x01
+	$ipt -I PREROUTING 1 ${IFNAME:+-i $IFNAME} -p udp $EXT_ARGS $MATCH_SET \
+		-j SS_SPEC_TPROXY
+	return $?
+}
+
+get_wan_ip() {
+	cat <<-EOF | grep -E $IP_REGEX
+		$server
+		$SERVER
+		$WAN_BP_IP
+EOF
+}
+
+gen_iplist() {
+	cat <<-EOF
+		0.0.0.0/8
+		10.0.0.0/8
+		100.64.0.0/10
+		127.0.0.0/8
+		169.254.0.0/16
+		172.16.0.0/12
+		192.0.0.0/24
+		192.0.2.0/24
+		192.88.99.0/24
+		192.168.0.0/16
+		198.18.0.0/15
+		198.51.100.0/24
+		203.0.113.0/24
+		224.0.0.0/4
+		240.0.0.0/4
+		255.255.255.255
+		$(get_wan_ip)
+		$(cat ${IGNORE_LIST:=/dev/null} 2>/dev/null)
+EOF
+}
+
+gen_include() {
+	[ -n "$FWI" ] || return 0
+	cat <<-EOF >>$FWI
+	iptables-restore -n <<-EOT
+	$(iptables-save | grep -E "$TAG|^\*|^COMMIT" |\
+			sed -e "s/^-A \(OUTPUT\|PREROUTING\)/-I \1 1/")
+	EOT
+EOF
+	return $?
+}
+
+while getopts ":s:l:S:L:i:I:e:a:b:w:ouUfh" arg; do
+	case "$arg" in
+		s)
+            if [[ $OPTARG =~ $IP_REGEX ]]
+            then
+                server=$OPTARG
+            else
+                server=$(ping -4 -q -c 1 -s 0 -W 1 -w 1 $OPTARG| head -n 1 | sed -n 's/[^(]*(\([^)]*\)).*/\1/p')
+            fi
+			;;
+		l)
+			local_port=$OPTARG
+			;;
+		S)
+            if [[ $OPTARG =~ $IP_REGEX ]]
+            then
+                SERVER=$OPTARG
+            else
+                SERVER=$(ping -4 -q -c 1 -s 0 -W 1 -w 1 $OPTARG| head -n 1 | sed -n 's/[^(]*(\([^)]*\)).*/\1/p')
+            fi
+			;;
+		L)
+			LOCAL_PORT=$OPTARG
+			;;
+		i)
+			IGNORE_LIST=$OPTARG
+			;;
+		I)
+			IFNAME=$OPTARG
+			;;
+		e)
+			EXT_ARGS=$OPTARG
+			;;
+		a)
+			LAN_AC_IP=$OPTARG
+			;;
+		b)
+			WAN_BP_IP=$(for ip in $OPTARG; do echo $ip; done)
+			;;
+		w)
+			WAN_FW_IP=$OPTARG
+			;;
+		o)
+			OUTPUT=1
+			;;
+		u)
+			TPROXY=1
+			;;
+		U)
+			TPROXY=2
+			;;
+		f)
+			flush_r
+			exit 0
+			;;
+		h)
+			usage 0
+			;;
+	esac
+done
+
+if [ -z "$server" -o -z "$local_port" ]; then
+	usage 2
+fi
+
+if [ "$TPROXY" = 1 ]; then
+	SERVER=$server
+	LOCAL_PORT=$local_port
+elif [ "$TPROXY" = 2 ]; then
+	: ${SERVER:?"You must assign an ip for the udp relay server."}
+	: ${LOCAL_PORT:?"You must assign a port for the udp relay server."}
+fi
+
+flush_r && fw_rule && ipset_r && ac_rule && tp_rule && gen_include
+[ "$?" = 0 ] || loger 3 "Start failed!"
+exit $?
diff --git a/client/3rd/ShadowSocks/ShadowSocks/shadowsocks-libev/src/stream.c b/client/3rd/ShadowSocks/ShadowSocks/shadowsocks-libev/src/stream.c
new file mode 100644
index 00000000..35d9050b
--- /dev/null
+++ b/client/3rd/ShadowSocks/ShadowSocks/shadowsocks-libev/src/stream.c
@@ -0,0 +1,697 @@
+/*
+ * stream.c - Manage stream ciphers
+ *
+ * Copyright (C) 2013 - 2019, Max Lv <max.c.lv@gmail.com>
+ *
+ * This file is part of the shadowsocks-libev.
+ *
+ * shadowsocks-libev is free software; you can redistribute it and/or modify
+ * it under the terms of the GNU General Public License as published by
+ * the Free Software Foundation; either version 3 of the License, or
+ * (at your option) any later version.
+ *
+ * shadowsocks-libev is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+ * GNU General Public License for more details.
+ *
+ * You should have received a copy of the GNU General Public License
+ * along with shadowsocks-libev; see the file COPYING. If not, see
+ * <http://www.gnu.org/licenses/>.
+ */
+
+#ifdef HAVE_CONFIG_H
+#include "config.h"
+#endif
+
+#include <mbedtls/entropy.h>
+#include <mbedtls/ctr_drbg.h>
+#include <mbedtls/version.h>
+#define CIPHER_UNSUPPORTED "unsupported"
+
+#include <sodium.h>
+
+#include "ppbloom.h"
+#include "stream.h"
+#include "utils.h"
+
+#define SODIUM_BLOCK_SIZE   64
+
+/*
+ * Spec: http://shadowsocks.org/en/spec/Stream-Ciphers.html
+ *
+ * Stream ciphers provide only confidentiality. Data integrity and authenticity is not guaranteed. Users should use AEAD
+ * ciphers whenever possible.
+ *
+ * Stream Encryption/Decryption
+ *
+ * Stream_encrypt is a function that takes a secret key, an initialization vector, a message, and produces a ciphertext
+ * with the same length as the message.
+ *
+ *      Stream_encrypt(key, IV, message) => ciphertext
+ *
+ * Stream_decrypt is a function that takes a secret key, an initializaiton vector, a ciphertext, and produces the
+ * original message.
+ *
+ *      Stream_decrypt(key, IV, ciphertext) => message
+ *
+ * TCP
+ *
+ * A stream cipher encrypted TCP stream starts with a randomly generated initializaiton vector, followed by encrypted
+ * payload data.
+ *
+ *      [IV][encrypted payload]
+ *
+ * UDP
+ *
+ * A stream cipher encrypted UDP packet has the following structure:
+ *
+ *      [IV][encrypted payload]
+ *
+ * Each UDP packet is encrypted/decrypted independently with a randomly generated initialization vector.
+ *
+ */
+
+#define NONE                -1
+#define TABLE               0
+#define RC4                 1
+#define RC4_MD5             2
+#define AES_128_CFB         3
+#define AES_192_CFB         4
+#define AES_256_CFB         5
+#define AES_128_CTR         6
+#define AES_192_CTR         7
+#define AES_256_CTR         8
+#define BF_CFB              9
+#define CAMELLIA_128_CFB    10
+#define CAMELLIA_192_CFB    11
+#define CAMELLIA_256_CFB    12
+#define CAST5_CFB           13
+#define DES_CFB             14
+#define IDEA_CFB            15
+#define RC2_CFB             16
+#define SEED_CFB            17
+#define SALSA20             18
+#define CHACHA20            19
+#define CHACHA20IETF        20
+
+const char *supported_stream_ciphers[STREAM_CIPHER_NUM] = {
+    "table",
+    "rc4",
+    "rc4-md5",
+    "aes-128-cfb",
+    "aes-192-cfb",
+    "aes-256-cfb",
+    "aes-128-ctr",
+    "aes-192-ctr",
+    "aes-256-ctr",
+    "bf-cfb",
+    "camellia-128-cfb",
+    "camellia-192-cfb",
+    "camellia-256-cfb",
+    "cast5-cfb",
+    "des-cfb",
+    "idea-cfb",
+    "rc2-cfb",
+    "seed-cfb",
+    "salsa20",
+    "chacha20",
+    "chacha20-ietf"
+};
+
+static const char *supported_stream_ciphers_mbedtls[STREAM_CIPHER_NUM] = {
+    "table",
+    "ARC4-128",
+    "ARC4-128",
+    "AES-128-CFB128",
+    "AES-192-CFB128",
+    "AES-256-CFB128",
+    "AES-128-CTR",
+    "AES-192-CTR",
+    "AES-256-CTR",
+    "BLOWFISH-CFB64",
+    "CAMELLIA-128-CFB128",
+    "CAMELLIA-192-CFB128",
+    "CAMELLIA-256-CFB128",
+    CIPHER_UNSUPPORTED,
+    CIPHER_UNSUPPORTED,
+    CIPHER_UNSUPPORTED,
+    CIPHER_UNSUPPORTED,
+    CIPHER_UNSUPPORTED,
+    "salsa20",
+    "chacha20",
+    "chacha20-ietf"
+};
+
+static const int supported_stream_ciphers_nonce_size[STREAM_CIPHER_NUM] = {
+    0, 0, 16, 16, 16, 16, 16, 16, 16, 8, 16, 16, 16, 8, 8, 8, 8, 16, 8, 8, 12
+};
+
+static const int supported_stream_ciphers_key_size[STREAM_CIPHER_NUM] = {
+    0, 16, 16, 16, 24, 32, 16, 24, 32, 16, 16, 24, 32, 16, 8, 16, 16, 16, 32, 32, 32
+};
+
+static int
+crypto_stream_xor_ic(uint8_t *c, const uint8_t *m, uint64_t mlen,
+                     const uint8_t *n, uint64_t ic, const uint8_t *k,
+                     int method)
+{
+    switch (method) {
+    case SALSA20:
+        return crypto_stream_salsa20_xor_ic(c, m, mlen, n, ic, k);
+    case CHACHA20:
+        return crypto_stream_chacha20_xor_ic(c, m, mlen, n, ic, k);
+    case CHACHA20IETF:
+        return crypto_stream_chacha20_ietf_xor_ic(c, m, mlen, n, (uint32_t)ic, k);
+    }
+    // always return 0
+    return 0;
+}
+
+int
+cipher_nonce_size(const cipher_t *cipher)
+{
+    if (cipher == NULL) {
+        return 0;
+    }
+    return cipher->info->iv_size;
+}
+
+int
+cipher_key_size(const cipher_t *cipher)
+{
+    /*
+     * Semi-API changes (technically public, morally prnonceate)
+     * Renamed a few headers to include _internal in the name. Those headers are
+     * not supposed to be included by users.
+     * Changed md_info_t into an opaque structure (use md_get_xxx() accessors).
+     * Changed pk_info_t into an opaque structure.
+     * Changed cipher_base_t into an opaque structure.
+     */
+    if (cipher == NULL) {
+        return 0;
+    }
+    /* From Version 1.2.7 released 2013-04-13 Default Blowfish keysize is now 128-bits */
+    return cipher->info->key_bitlen / 8;
+}
+
+const cipher_kt_t *
+stream_get_cipher_type(int method)
+{
+    if (method <= TABLE || method >= STREAM_CIPHER_NUM) {
+        LOGE("stream_get_cipher_type(): Illegal method");
+        return NULL;
+    }
+
+    if (method == RC4_MD5) {
+        method = RC4;
+    }
+
+    if (method >= SALSA20) {
+        return NULL;
+    }
+
+    const char *ciphername  = supported_stream_ciphers[method];
+    const char *mbedtlsname = supported_stream_ciphers_mbedtls[method];
+    if (strcmp(mbedtlsname, CIPHER_UNSUPPORTED) == 0) {
+        LOGE("Cipher %s currently is not supported by mbed TLS library",
+             ciphername);
+        return NULL;
+    }
+    return mbedtls_cipher_info_from_string(mbedtlsname);
+}
+
+void
+stream_cipher_ctx_init(cipher_ctx_t *ctx, int method, int enc)
+{
+    if (method <= TABLE || method >= STREAM_CIPHER_NUM) {
+        LOGE("stream_ctx_init(): Illegal method");
+        return;
+    }
+
+    if (method >= SALSA20) {
+        return;
+    }
+
+    const char *ciphername    = supported_stream_ciphers[method];
+    const cipher_kt_t *cipher = stream_get_cipher_type(method);
+
+    ctx->evp = ss_malloc(sizeof(cipher_evp_t));
+    memset(ctx->evp, 0, sizeof(cipher_evp_t));
+    cipher_evp_t *evp = ctx->evp;
+
+    if (cipher == NULL) {
+        LOGE("Cipher %s not found in mbed TLS library", ciphername);
+        FATAL("Cannot initialize mbed TLS cipher");
+    }
+    mbedtls_cipher_init(evp);
+    if (mbedtls_cipher_setup(evp, cipher) != 0) {
+        FATAL("Cannot initialize mbed TLS cipher context");
+    }
+}
+
+void
+stream_ctx_release(cipher_ctx_t *cipher_ctx)
+{
+    if (cipher_ctx->chunk != NULL) {
+        bfree(cipher_ctx->chunk);
+        ss_free(cipher_ctx->chunk);
+        cipher_ctx->chunk = NULL;
+    }
+
+    if (cipher_ctx->cipher->method >= SALSA20) {
+        return;
+    }
+
+    mbedtls_cipher_free(cipher_ctx->evp);
+    ss_free(cipher_ctx->evp);
+}
+
+void
+cipher_ctx_set_nonce(cipher_ctx_t *cipher_ctx, uint8_t *nonce, size_t nonce_len,
+                     int enc)
+{
+    const unsigned char *true_key;
+
+    cipher_t *cipher = cipher_ctx->cipher;
+
+    if (nonce == NULL) {
+        LOGE("cipher_ctx_set_nonce(): NONCE is null");
+        return;
+    }
+
+    if (cipher->method >= SALSA20) {
+        return;
+    }
+
+    if (cipher->method == RC4_MD5) {
+        unsigned char key_nonce[32];
+        memcpy(key_nonce, cipher->key, 16);
+        memcpy(key_nonce + 16, nonce, 16);
+        true_key  = crypto_md5(key_nonce, 32, NULL);
+        nonce_len = 0;
+    } else {
+        true_key = cipher->key;
+    }
+
+    cipher_evp_t *evp = cipher_ctx->evp;
+    if (evp == NULL) {
+        LOGE("cipher_ctx_set_nonce(): Cipher context is null");
+        return;
+    }
+    if (mbedtls_cipher_setkey(evp, true_key, cipher->key_len * 8, enc) != 0) {
+        mbedtls_cipher_free(evp);
+        FATAL("Cannot set mbed TLS cipher key");
+    }
+    if (mbedtls_cipher_set_iv(evp, nonce, nonce_len) != 0) {
+        mbedtls_cipher_free(evp);
+        FATAL("Cannot set mbed TLS cipher NONCE");
+    }
+    if (mbedtls_cipher_reset(evp) != 0) {
+        mbedtls_cipher_free(evp);
+        FATAL("Cannot finalize mbed TLS cipher context");
+    }
+
+#ifdef SS_DEBUG
+    dump("NONCE", (char *)nonce, nonce_len);
+    dump("KEY", (char *)true_key, 32);
+#endif
+}
+
+static int
+cipher_ctx_update(cipher_ctx_t *ctx, uint8_t *output, size_t *olen,
+                  const uint8_t *input, size_t ilen)
+{
+    cipher_evp_t *evp = ctx->evp;
+    return mbedtls_cipher_update(evp, (const uint8_t *)input, ilen,
+                                 (uint8_t *)output, olen);
+}
+
+int
+stream_encrypt_all(buffer_t *plaintext, cipher_t *cipher, size_t capacity)
+{
+    cipher_ctx_t cipher_ctx;
+    stream_ctx_init(cipher, &cipher_ctx, 1);
+
+    size_t nonce_len = cipher->nonce_len;
+    int err          = CRYPTO_OK;
+
+    static buffer_t tmp = { 0, 0, 0, NULL };
+    brealloc(&tmp, nonce_len + plaintext->len, capacity);
+    buffer_t *ciphertext = &tmp;
+    ciphertext->len = plaintext->len;
+
+    uint8_t *nonce = cipher_ctx.nonce;
+    cipher_ctx_set_nonce(&cipher_ctx, nonce, nonce_len, 1);
+    memcpy(ciphertext->data, nonce, nonce_len);
+
+#ifdef MODULE_REMOTE
+    ppbloom_add((void *)nonce, nonce_len);
+#endif
+
+    if (cipher->method >= SALSA20) {
+        crypto_stream_xor_ic((uint8_t *)(ciphertext->data + nonce_len),
+                             (const uint8_t *)plaintext->data, (uint64_t)(plaintext->len),
+                             (const uint8_t *)nonce,
+                             0, cipher->key, cipher->method);
+    } else {
+        err = cipher_ctx_update(&cipher_ctx, (uint8_t *)(ciphertext->data + nonce_len),
+                                &ciphertext->len, (const uint8_t *)plaintext->data,
+                                plaintext->len);
+    }
+
+    stream_ctx_release(&cipher_ctx);
+
+    if (err)
+        return CRYPTO_ERROR;
+
+#ifdef SS_DEBUG
+    dump("PLAIN", plaintext->data, plaintext->len);
+    dump("CIPHER", ciphertext->data + nonce_len, ciphertext->len);
+    dump("NONCE", ciphertext->data, nonce_len);
+#endif
+
+    brealloc(plaintext, nonce_len + ciphertext->len, capacity);
+    memcpy(plaintext->data, ciphertext->data, nonce_len + ciphertext->len);
+    plaintext->len = nonce_len + ciphertext->len;
+
+    return CRYPTO_OK;
+}
+
+int
+stream_encrypt(buffer_t *plaintext, cipher_ctx_t *cipher_ctx, size_t capacity)
+{
+    if (cipher_ctx == NULL)
+        return CRYPTO_ERROR;
+
+    cipher_t *cipher = cipher_ctx->cipher;
+
+    static buffer_t tmp = { 0, 0, 0, NULL };
+
+    int err          = CRYPTO_OK;
+    size_t nonce_len = 0;
+    if (!cipher_ctx->init) {
+        nonce_len = cipher_ctx->cipher->nonce_len;
+    }
+
+    brealloc(&tmp, nonce_len + plaintext->len, capacity);
+    buffer_t *ciphertext = &tmp;
+    ciphertext->len = plaintext->len;
+
+    if (!cipher_ctx->init) {
+        cipher_ctx_set_nonce(cipher_ctx, cipher_ctx->nonce, nonce_len, 1);
+        memcpy(ciphertext->data, cipher_ctx->nonce, nonce_len);
+        cipher_ctx->counter = 0;
+        cipher_ctx->init    = 1;
+
+#ifdef MODULE_REMOTE
+        ppbloom_add((void *)cipher_ctx->nonce, nonce_len);
+#endif
+    }
+
+    if (cipher->method >= SALSA20) {
+        int padding = cipher_ctx->counter % SODIUM_BLOCK_SIZE;
+        brealloc(ciphertext, nonce_len + (padding + ciphertext->len) * 2, capacity);
+        if (padding) {
+            brealloc(plaintext, plaintext->len + padding, capacity);
+            memmove(plaintext->data + padding, plaintext->data, plaintext->len);
+            sodium_memzero(plaintext->data, padding);
+        }
+        crypto_stream_xor_ic((uint8_t *)(ciphertext->data + nonce_len),
+                             (const uint8_t *)plaintext->data,
+                             (uint64_t)(plaintext->len + padding),
+                             (const uint8_t *)cipher_ctx->nonce,
+                             cipher_ctx->counter / SODIUM_BLOCK_SIZE, cipher->key,
+                             cipher->method);
+        cipher_ctx->counter += plaintext->len;
+        if (padding) {
+            memmove(ciphertext->data + nonce_len,
+                    ciphertext->data + nonce_len + padding, ciphertext->len);
+        }
+    } else {
+        err = cipher_ctx_update(cipher_ctx,
+                                (uint8_t *)(ciphertext->data + nonce_len),
+                                &ciphertext->len, (const uint8_t *)plaintext->data,
+                                plaintext->len);
+        if (err) {
+            return CRYPTO_ERROR;
+        }
+    }
+
+#ifdef SS_DEBUG
+    dump("PLAIN", plaintext->data, plaintext->len);
+    dump("CIPHER", ciphertext->data + nonce_len, ciphertext->len);
+#endif
+
+    brealloc(plaintext, nonce_len + ciphertext->len, capacity);
+    memcpy(plaintext->data, ciphertext->data, nonce_len + ciphertext->len);
+    plaintext->len = nonce_len + ciphertext->len;
+
+    return CRYPTO_OK;
+}
+
+int
+stream_decrypt_all(buffer_t *ciphertext, cipher_t *cipher, size_t capacity)
+{
+    size_t nonce_len = cipher->nonce_len;
+    int err          = CRYPTO_OK;
+
+    if (ciphertext->len <= nonce_len) {
+        return CRYPTO_ERROR;
+    }
+
+    cipher_ctx_t cipher_ctx;
+    stream_ctx_init(cipher, &cipher_ctx, 0);
+
+    static buffer_t tmp = { 0, 0, 0, NULL };
+    brealloc(&tmp, ciphertext->len, capacity);
+    buffer_t *plaintext = &tmp;
+    plaintext->len = ciphertext->len - nonce_len;
+
+    uint8_t *nonce = cipher_ctx.nonce;
+    memcpy(nonce, ciphertext->data, nonce_len);
+
+    if (ppbloom_check((void *)nonce, nonce_len) == 1) {
+        LOGE("crypto: stream: repeat IV detected");
+        return CRYPTO_ERROR;
+    }
+
+    cipher_ctx_set_nonce(&cipher_ctx, nonce, nonce_len, 0);
+
+    if (cipher->method >= SALSA20) {
+        crypto_stream_xor_ic((uint8_t *)plaintext->data,
+                             (const uint8_t *)(ciphertext->data + nonce_len),
+                             (uint64_t)(ciphertext->len - nonce_len),
+                             (const uint8_t *)nonce, 0, cipher->key, cipher->method);
+    } else {
+        err = cipher_ctx_update(&cipher_ctx, (uint8_t *)plaintext->data, &plaintext->len,
+                                (const uint8_t *)(ciphertext->data + nonce_len),
+                                ciphertext->len - nonce_len);
+    }
+
+    stream_ctx_release(&cipher_ctx);
+
+    if (err)
+        return CRYPTO_ERROR;
+
+#ifdef SS_DEBUG
+    dump("PLAIN", plaintext->data, plaintext->len);
+    dump("CIPHER", ciphertext->data + nonce_len, ciphertext->len - nonce_len);
+    dump("NONCE", ciphertext->data, nonce_len);
+#endif
+
+    ppbloom_add((void *)nonce, nonce_len);
+
+    brealloc(ciphertext, plaintext->len, capacity);
+    memcpy(ciphertext->data, plaintext->data, plaintext->len);
+    ciphertext->len = plaintext->len;
+
+    return CRYPTO_OK;
+}
+
+int
+stream_decrypt(buffer_t *ciphertext, cipher_ctx_t *cipher_ctx, size_t capacity)
+{
+    if (cipher_ctx == NULL)
+        return CRYPTO_ERROR;
+
+    cipher_t *cipher = cipher_ctx->cipher;
+
+    static buffer_t tmp = { 0, 0, 0, NULL };
+
+    int err = CRYPTO_OK;
+
+    brealloc(&tmp, ciphertext->len, capacity);
+    buffer_t *plaintext = &tmp;
+    plaintext->len = ciphertext->len;
+
+    if (!cipher_ctx->init) {
+        if (cipher_ctx->chunk == NULL) {
+            cipher_ctx->chunk = (buffer_t *)ss_malloc(sizeof(buffer_t));
+            memset(cipher_ctx->chunk, 0, sizeof(buffer_t));
+            balloc(cipher_ctx->chunk, cipher->nonce_len);
+        }
+
+        size_t left_len = min(cipher->nonce_len - cipher_ctx->chunk->len,
+                              ciphertext->len);
+
+        if (left_len > 0) {
+            memcpy(cipher_ctx->chunk->data + cipher_ctx->chunk->len, ciphertext->data, left_len);
+            memmove(ciphertext->data, ciphertext->data + left_len,
+                    ciphertext->len - left_len);
+            cipher_ctx->chunk->len += left_len;
+            ciphertext->len        -= left_len;
+        }
+
+        if (cipher_ctx->chunk->len < cipher->nonce_len)
+            return CRYPTO_NEED_MORE;
+
+        uint8_t *nonce   = cipher_ctx->nonce;
+        size_t nonce_len = cipher->nonce_len;
+        plaintext->len -= left_len;
+
+        memcpy(nonce, cipher_ctx->chunk->data, nonce_len);
+        cipher_ctx_set_nonce(cipher_ctx, nonce, nonce_len, 0);
+        cipher_ctx->counter = 0;
+        cipher_ctx->init    = 1;
+
+        if (cipher->method >= RC4_MD5) {
+            if (ppbloom_check((void *)nonce, nonce_len) == 1) {
+                LOGE("crypto: stream: repeat IV detected");
+                return CRYPTO_ERROR;
+            }
+        }
+    }
+
+    if (ciphertext->len <= 0)
+        return CRYPTO_NEED_MORE;
+
+    if (cipher->method >= SALSA20) {
+        int padding = cipher_ctx->counter % SODIUM_BLOCK_SIZE;
+        brealloc(plaintext, (plaintext->len + padding) * 2, capacity);
+
+        if (padding) {
+            brealloc(ciphertext, ciphertext->len + padding, capacity);
+            memmove(ciphertext->data + padding, ciphertext->data,
+                    ciphertext->len);
+            sodium_memzero(ciphertext->data, padding);
+        }
+        crypto_stream_xor_ic((uint8_t *)plaintext->data,
+                             (const uint8_t *)(ciphertext->data),
+                             (uint64_t)(ciphertext->len + padding),
+                             (const uint8_t *)cipher_ctx->nonce,
+                             cipher_ctx->counter / SODIUM_BLOCK_SIZE, cipher->key,
+                             cipher->method);
+        cipher_ctx->counter += ciphertext->len;
+        if (padding) {
+            memmove(plaintext->data, plaintext->data + padding, plaintext->len);
+        }
+    } else {
+        err = cipher_ctx_update(cipher_ctx, (uint8_t *)plaintext->data, &plaintext->len,
+                                (const uint8_t *)(ciphertext->data),
+                                ciphertext->len);
+    }
+
+    if (err)
+        return CRYPTO_ERROR;
+
+#ifdef SS_DEBUG
+    dump("PLAIN", plaintext->data, plaintext->len);
+    dump("CIPHER", ciphertext->data, ciphertext->len);
+#endif
+
+    // Add to bloom filter
+    if (cipher_ctx->init == 1) {
+        if (cipher->method >= RC4_MD5) {
+            if (ppbloom_check((void *)cipher_ctx->nonce, cipher->nonce_len) == 1) {
+                LOGE("crypto: stream: repeat IV detected");
+                return CRYPTO_ERROR;
+            }
+            ppbloom_add((void *)cipher_ctx->nonce, cipher->nonce_len);
+            cipher_ctx->init = 2;
+        }
+    }
+
+    brealloc(ciphertext, plaintext->len, capacity);
+    memcpy(ciphertext->data, plaintext->data, plaintext->len);
+    ciphertext->len = plaintext->len;
+
+    return CRYPTO_OK;
+}
+
+void
+stream_ctx_init(cipher_t *cipher, cipher_ctx_t *cipher_ctx, int enc)
+{
+    sodium_memzero(cipher_ctx, sizeof(cipher_ctx_t));
+    stream_cipher_ctx_init(cipher_ctx, cipher->method, enc);
+    cipher_ctx->cipher = cipher;
+
+    if (enc) {
+        rand_bytes(cipher_ctx->nonce, cipher->nonce_len);
+    }
+}
+
+cipher_t *
+stream_key_init(int method, const char *pass, const char *key)
+{
+    if (method <= TABLE || method >= STREAM_CIPHER_NUM) {
+        LOGE("cipher->key_init(): Illegal method");
+        return NULL;
+    }
+
+    cipher_t *cipher = (cipher_t *)ss_malloc(sizeof(cipher_t));
+    memset(cipher, 0, sizeof(cipher_t));
+
+    if (method == SALSA20 || method == CHACHA20 || method == CHACHA20IETF) {
+        cipher_kt_t *cipher_info = (cipher_kt_t *)ss_malloc(sizeof(cipher_kt_t));
+        cipher->info             = cipher_info;
+        cipher->info->base       = NULL;
+        cipher->info->key_bitlen = supported_stream_ciphers_key_size[method] * 8;
+        cipher->info->iv_size    = supported_stream_ciphers_nonce_size[method];
+    } else {
+        cipher->info = (cipher_kt_t *)stream_get_cipher_type(method);
+    }
+
+    if (cipher->info == NULL && cipher->key_len == 0) {
+        LOGE("Cipher %s not found in crypto library", supported_stream_ciphers[method]);
+        FATAL("Cannot initialize cipher");
+    }
+
+    if (key != NULL)
+        cipher->key_len = crypto_parse_key(key, cipher->key, cipher_key_size(cipher));
+    else
+        cipher->key_len = crypto_derive_key(pass, cipher->key, cipher_key_size(cipher));
+
+    if (cipher->key_len == 0) {
+        FATAL("Cannot generate key and NONCE");
+    }
+    if (method == RC4_MD5) {
+        cipher->nonce_len = 16;
+    } else {
+        cipher->nonce_len = cipher_nonce_size(cipher);
+    }
+    cipher->method = method;
+
+    return cipher;
+}
+
+cipher_t *
+stream_init(const char *pass, const char *key, const char *method)
+{
+    int m = TABLE;
+    if (method != NULL) {
+        for (m = TABLE; m < STREAM_CIPHER_NUM; m++)
+            if (strcmp(method, supported_stream_ciphers[m]) == 0) {
+                break;
+            }
+        if (m >= STREAM_CIPHER_NUM) {
+            LOGE("Invalid cipher name: %s, use chacha20-ietf instead", method);
+            m = CHACHA20IETF;
+        }
+    }
+    if (m == TABLE) {
+        LOGE("Table is deprecated");
+        return NULL;
+    }
+    return stream_key_init(m, pass, key);
+}
diff --git a/client/3rd/ShadowSocks/ShadowSocks/shadowsocks-libev/src/stream.h b/client/3rd/ShadowSocks/ShadowSocks/shadowsocks-libev/src/stream.h
new file mode 100644
index 00000000..35bd98f8
--- /dev/null
+++ b/client/3rd/ShadowSocks/ShadowSocks/shadowsocks-libev/src/stream.h
@@ -0,0 +1,54 @@
+/*
+ * encrypt.h - Define the enryptor's interface
+ *
+ * Copyright (C) 2013 - 2019, Max Lv <max.c.lv@gmail.com>
+ *
+ * This file is part of the shadowsocks-libev.
+ *
+ * shadowsocks-libev is free software; you can redistribute it and/or modify
+ * it under the terms of the GNU General Public License as published by
+ * the Free Software Foundation; either version 3 of the License, or
+ * (at your option) any later version.
+ *
+ * shadowsocks-libev is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+ * GNU General Public License for more details.
+ *
+ * You should have received a copy of the GNU General Public License
+ * along with shadowsocks-libev; see the file COPYING. If not, see
+ * <http://www.gnu.org/licenses/>.
+ */
+
+#ifndef _STREAM_H
+#define _STREAM_H
+
+#ifndef __MINGW32__
+#include <sys/socket.h>
+#endif
+#include <string.h>
+#include <stdlib.h>
+#include <stdio.h>
+#include <stdint.h>
+#ifdef HAVE_STDINT_H
+#include <stdint.h>
+#elif HAVE_INTTYPES_H
+#include <inttypes.h>
+#endif
+
+#include <sodium.h>
+#define STREAM_CIPHER_NUM          21
+
+#include "crypto.h"
+
+int stream_encrypt_all(buffer_t *, cipher_t *, size_t);
+int stream_decrypt_all(buffer_t *, cipher_t *, size_t);
+int stream_encrypt(buffer_t *, cipher_ctx_t *, size_t);
+int stream_decrypt(buffer_t *, cipher_ctx_t *, size_t);
+
+void stream_ctx_init(cipher_t *, cipher_ctx_t *, int);
+void stream_ctx_release(cipher_ctx_t *);
+
+cipher_t *stream_init(const char *pass, const char *key, const char *method);
+
+#endif // _STREAM_H
diff --git a/client/3rd/ShadowSocks/ShadowSocks/shadowsocks-libev/src/tunnel.c b/client/3rd/ShadowSocks/ShadowSocks/shadowsocks-libev/src/tunnel.c
new file mode 100644
index 00000000..eb5494c8
--- /dev/null
+++ b/client/3rd/ShadowSocks/ShadowSocks/shadowsocks-libev/src/tunnel.c
@@ -0,0 +1,1370 @@
+/*
+ * tunnel.c - Setup a local port forwarding through remote shadowsocks server
+ *
+ * Copyright (C) 2013 - 2019, Max Lv <max.c.lv@gmail.com>
+ *
+ * This file is part of the shadowsocks-libev.
+ *
+ * shadowsocks-libev is free software; you can redistribute it and/or modify
+ * it under the terms of the GNU General Public License as published by
+ * the Free Software Foundation; either version 3 of the License, or
+ * (at your option) any later version.
+ *
+ * shadowsocks-libev is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+ * GNU General Public License for more details.
+ *
+ * You should have received a copy of the GNU General Public License
+ * along with shadowsocks-libev; see the file COPYING. If not, see
+ * <http://www.gnu.org/licenses/>.
+ */
+
+#include <sys/stat.h>
+#include <sys/types.h>
+#include <fcntl.h>
+#include <locale.h>
+#include <signal.h>
+#include <string.h>
+#include <strings.h>
+#include <unistd.h>
+#include <getopt.h>
+#ifndef __MINGW32__
+#include <errno.h>
+#include <arpa/inet.h>
+#include <netdb.h>
+#include <netinet/in.h>
+#include <netinet/tcp.h>
+#include <pthread.h>
+#endif
+#ifdef HAVE_CONFIG_H
+#include "../config.h"
+#endif
+
+#if defined(HAVE_SYS_IOCTL_H) && defined(HAVE_NET_IF_H) && defined(__linux__)
+#include <net/if.h>
+#include <sys/ioctl.h>
+#define SET_INTERFACE
+#endif
+
+#include <libcork/core.h>
+
+#include "netutils.h"
+#include "utils.h"
+#include "plugin.h"
+#include "tunnel.h"
+#include "winsock.h"
+
+#ifndef EAGAIN
+#define EAGAIN EWOULDBLOCK
+#endif
+
+#ifndef EWOULDBLOCK
+#define EWOULDBLOCK EAGAIN
+#endif
+
+static void accept_cb(EV_P_ ev_io *w, int revents);
+static void server_recv_cb(EV_P_ ev_io *w, int revents);
+static void server_send_cb(EV_P_ ev_io *w, int revents);
+static void remote_recv_cb(EV_P_ ev_io *w, int revents);
+static void remote_send_cb(EV_P_ ev_io *w, int revents);
+
+static remote_t *new_remote(int fd, int timeout);
+static server_t *new_server(int fd);
+
+static void free_remote(remote_t *remote);
+static void close_and_free_remote(EV_P_ remote_t *remote);
+static void free_server(server_t *server);
+static void close_and_free_server(EV_P_ server_t *server);
+
+#ifdef __ANDROID__
+int vpn = 0;
+#endif
+
+int tun_verbose    = 0;
+int tun_reuse_port = 0;
+
+static crypto_t *crypto;
+
+static int ipv6first = 0;
+static int mode      = TCP_ONLY;
+#ifdef HAVE_SETRLIMIT
+static int nofile = 0;
+#endif
+static int no_delay = 0;
+int tun_fast_open       = 0;
+static int ret_val  = 0;
+
+static struct ev_signal sigint_watcher;
+static struct ev_signal sigterm_watcher;
+#ifndef __MINGW32__
+static struct ev_signal sigchld_watcher;
+#else
+static struct plugin_watcher_t {
+    ev_io io;
+    SOCKET fd;
+    uint16_t port;
+    int valid;
+} plugin_watcher;
+#endif
+
+#ifndef __MINGW32__
+static int
+setnonblocking(int fd)
+{
+    int flags;
+    if (-1 == (flags = fcntl(fd, F_GETFL, 0))) {
+        flags = 0;
+    }
+    return fcntl(fd, F_SETFL, flags | O_NONBLOCK);
+}
+
+#endif
+
+int
+create_and_bind_tun(const char *addr, const char *port)
+{
+    struct addrinfo hints;
+    struct addrinfo *result, *rp;
+    int s, listen_sock;
+
+    memset(&hints, 0, sizeof(struct addrinfo));
+    hints.ai_family   = AF_UNSPEC;   /* Return IPv4 and IPv6 choices */
+    hints.ai_socktype = SOCK_STREAM; /* We want a TCP socket */
+
+    result = NULL;
+
+    s = getaddrinfo(addr, port, &hints, &result);
+    if (s != 0) {
+        LOGI("getaddrinfo: %s", gai_strerror(s));
+        return -1;
+    }
+
+    if (result == NULL) {
+        LOGE("Could not bind");
+        return -1;
+    }
+
+    for (rp = result; rp != NULL; rp = rp->ai_next) {
+        listen_sock = socket(rp->ai_family, rp->ai_socktype, rp->ai_protocol);
+        if (listen_sock == -1) {
+            continue;
+        }
+
+        int opt = 1;
+        setsockopt(listen_sock, SOL_SOCKET, SO_REUSEADDR, &opt, sizeof(opt));
+#ifdef SO_NOSIGPIPE
+        setsockopt(listen_sock, SOL_SOCKET, SO_NOSIGPIPE, &opt, sizeof(opt));
+#endif
+        if (tun_reuse_port) {
+            int err = set_reuseport(listen_sock);
+            if (err == 0) {
+                LOGI("tcp port reuse enabled");
+            }
+        }
+
+        s = bind(listen_sock, rp->ai_addr, rp->ai_addrlen);
+        if (s == 0) {
+            /* We managed to bind successfully! */
+            break;
+        } else {
+            ERROR("bind");
+        }
+
+        close(listen_sock);
+        listen_sock = -1;
+    }
+
+    freeaddrinfo(result);
+
+    return listen_sock;
+}
+
+static void
+server_recv_cb(EV_P_ ev_io *w, int revents)
+{
+    server_ctx_t *server_recv_ctx = (server_ctx_t *)w;
+    server_t *server              = server_recv_ctx->server;
+    remote_t *remote              = server->remote;
+
+    if (remote == NULL) {
+        close_and_free_server(EV_A_ server);
+        return;
+    }
+
+    ssize_t r = recv(server->fd, remote->buf->data, SOCKET_BUF_SIZE, 0);
+
+    if (r == 0) {
+        // connection closed
+        close_and_free_remote(EV_A_ remote);
+        close_and_free_server(EV_A_ server);
+        return;
+    } else if (r == -1) {
+        if (errno == EAGAIN || errno == EWOULDBLOCK) {
+            // no data
+            // continue to wait for recv
+            return;
+        } else {
+            ERROR("server recv");
+            close_and_free_remote(EV_A_ remote);
+            close_and_free_server(EV_A_ server);
+            return;
+        }
+    }
+
+    remote->buf->len = r;
+
+    int err = crypto->encrypt(remote->buf, server->e_ctx, SOCKET_BUF_SIZE);
+
+    if (err) {
+        LOGE("invalid password or cipher");
+        close_and_free_remote(EV_A_ remote);
+        close_and_free_server(EV_A_ server);
+        return;
+    }
+
+    int s = send(remote->fd, remote->buf->data, remote->buf->len, 0);
+
+    if (s == -1) {
+        if (errno == EAGAIN || errno == EWOULDBLOCK) {
+            // no data, wait for send
+            remote->buf->idx = 0;
+            ev_io_stop(EV_A_ & server_recv_ctx->io);
+            ev_io_start(EV_A_ & remote->send_ctx->io);
+            return;
+        } else {
+            ERROR("send");
+            close_and_free_remote(EV_A_ remote);
+            close_and_free_server(EV_A_ server);
+            return;
+        }
+    } else if (s < remote->buf->len) {
+        remote->buf->len -= s;
+        remote->buf->idx  = s;
+        ev_io_stop(EV_A_ & server_recv_ctx->io);
+        ev_io_start(EV_A_ & remote->send_ctx->io);
+        return;
+    }
+}
+
+static void
+server_send_cb(EV_P_ ev_io *w, int revents)
+{
+    server_ctx_t *server_send_ctx = (server_ctx_t *)w;
+    server_t *server              = server_send_ctx->server;
+    remote_t *remote              = server->remote;
+    if (server->buf->len == 0) {
+        // close and free
+        close_and_free_remote(EV_A_ remote);
+        close_and_free_server(EV_A_ server);
+        return;
+    } else {
+        // has data to send
+        ssize_t s = send(server->fd, server->buf->data + server->buf->idx,
+                         server->buf->len, 0);
+        if (s == -1) {
+            if (errno != EAGAIN && errno != EWOULDBLOCK) {
+                ERROR("send");
+                close_and_free_remote(EV_A_ remote);
+                close_and_free_server(EV_A_ server);
+            }
+            return;
+        } else if (s < server->buf->len) {
+            // partly sent, move memory, wait for the next time to send
+            server->buf->len -= s;
+            server->buf->idx += s;
+            return;
+        } else {
+            // all sent out, wait for reading
+            server->buf->len = 0;
+            server->buf->idx = 0;
+            ev_io_stop(EV_A_ & server_send_ctx->io);
+            if (remote != NULL) {
+                ev_io_start(EV_A_ & remote->recv_ctx->io);
+            } else {
+                close_and_free_remote(EV_A_ remote);
+                close_and_free_server(EV_A_ server);
+                return;
+            }
+        }
+    }
+}
+
+static void
+remote_timeout_cb(EV_P_ ev_timer *watcher, int revents)
+{
+    remote_ctx_t *remote_ctx
+        = cork_container_of(watcher, remote_ctx_t, watcher);
+
+    remote_t *remote = remote_ctx->remote;
+    server_t *server = remote->server;
+
+    if (tun_verbose) {
+        LOGI("TCP connection timeout");
+    }
+
+    ev_timer_stop(EV_A_ watcher);
+
+    close_and_free_remote(EV_A_ remote);
+    close_and_free_server(EV_A_ server);
+}
+
+static void
+remote_recv_cb(EV_P_ ev_io *w, int revents)
+{
+    remote_ctx_t *remote_recv_ctx = (remote_ctx_t *)w;
+    remote_t *remote              = remote_recv_ctx->remote;
+    server_t *server              = remote->server;
+
+    ssize_t r = recv(remote->fd, server->buf->data, SOCKET_BUF_SIZE, 0);
+
+    if (r == 0) {
+        // connection closed
+        close_and_free_remote(EV_A_ remote);
+        close_and_free_server(EV_A_ server);
+        return;
+    } else if (r == -1) {
+        if (errno == EAGAIN || errno == EWOULDBLOCK) {
+            // no data
+            // continue to wait for recv
+            return;
+        } else {
+            ERROR("remote recv");
+            close_and_free_remote(EV_A_ remote);
+            close_and_free_server(EV_A_ server);
+            return;
+        }
+    }
+
+    server->buf->len = r;
+
+    int err = crypto->decrypt(server->buf, server->d_ctx, SOCKET_BUF_SIZE);
+    if (err == CRYPTO_ERROR) {
+        LOGE("invalid password or cipher");
+        close_and_free_remote(EV_A_ remote);
+        close_and_free_server(EV_A_ server);
+        return;
+    } else if (err == CRYPTO_NEED_MORE) {
+        return; // Wait for more
+    }
+
+    int s = send(server->fd, server->buf->data, server->buf->len, 0);
+
+    if (s == -1) {
+        if (errno == EAGAIN || errno == EWOULDBLOCK) {
+            // no data, wait for send
+            server->buf->idx = 0;
+            ev_io_stop(EV_A_ & remote_recv_ctx->io);
+            ev_io_start(EV_A_ & server->send_ctx->io);
+        } else {
+            ERROR("send");
+            close_and_free_remote(EV_A_ remote);
+            close_and_free_server(EV_A_ server);
+            return;
+        }
+    } else if (s < server->buf->len) {
+        server->buf->len -= s;
+        server->buf->idx  = s;
+        ev_io_stop(EV_A_ & remote_recv_ctx->io);
+        ev_io_start(EV_A_ & server->send_ctx->io);
+    }
+
+    // Disable TCP_NODELAY after the first response are sent
+    if (!remote->recv_ctx->connected && !no_delay) {
+        int opt = 0;
+        setsockopt(server->fd, SOL_TCP, TCP_NODELAY, &opt, sizeof(opt));
+        setsockopt(remote->fd, SOL_TCP, TCP_NODELAY, &opt, sizeof(opt));
+    }
+    remote->recv_ctx->connected = 1;
+}
+
+static void
+remote_send_cb(EV_P_ ev_io *w, int revents)
+{
+    remote_ctx_t *remote_send_ctx = (remote_ctx_t *)w;
+    remote_t *remote              = remote_send_ctx->remote;
+    server_t *server              = remote->server;
+
+    ev_timer_stop(EV_A_ & remote_send_ctx->watcher);
+
+    if (!remote_send_ctx->connected) {
+        int r = 0;
+
+        if (remote->addr == NULL) {
+            struct sockaddr_storage addr;
+            socklen_t len = sizeof(struct sockaddr_storage);
+            r = getpeername(remote->fd, (struct sockaddr *)&addr, &len);
+        }
+
+        if (r == 0) {
+            remote_send_ctx->connected = 1;
+
+            assert(remote->buf->len == 0);
+            buffer_t *abuf = remote->buf;
+
+            ss_addr_t *sa = &server->destaddr;
+            struct cork_ip ip;
+            if (cork_ip_init(&ip, sa->host) != -1) {
+                if (ip.version == 4) {
+                    // send as IPv4
+                    struct in_addr host;
+                    memset(&host, 0, sizeof(struct in_addr));
+                    int host_len = sizeof(struct in_addr);
+
+                    if (inet_pton(AF_INET, sa->host, &host) == -1) {
+                        FATAL("IP parser error");
+                    }
+                    abuf->data[abuf->len++] = 1;
+                    memcpy(abuf->data + abuf->len, &host, host_len);
+                    abuf->len += host_len;
+                } else if (ip.version == 6) {
+                    // send as IPv6
+                    struct in6_addr host;
+                    memset(&host, 0, sizeof(struct in6_addr));
+                    int host_len = sizeof(struct in6_addr);
+
+                    if (inet_pton(AF_INET6, sa->host, &host) == -1) {
+                        FATAL("IP parser error");
+                    }
+                    abuf->data[abuf->len++] = 4;
+                    memcpy(abuf->data + abuf->len, &host, host_len);
+                    abuf->len += host_len;
+                } else {
+                    FATAL("IP parser error");
+                }
+            } else {
+                // send as domain
+                int host_len = strlen(sa->host);
+
+                abuf->data[abuf->len++] = 3;
+                abuf->data[abuf->len++] = host_len;
+                memcpy(abuf->data + abuf->len, sa->host, host_len);
+                abuf->len += host_len;
+            }
+
+            uint16_t port = htons(atoi(sa->port));
+            memcpy(abuf->data + abuf->len, &port, 2);
+            abuf->len += 2;
+
+            int err = crypto->encrypt(abuf, server->e_ctx, SOCKET_BUF_SIZE);
+
+            if (err) {
+                LOGE("invalid password or cipher");
+                close_and_free_remote(EV_A_ remote);
+                close_and_free_server(EV_A_ server);
+                return;
+            }
+
+            ev_io_start(EV_A_ & remote->recv_ctx->io);
+        } else {
+            ERROR("getpeername");
+            // not connected
+            close_and_free_remote(EV_A_ remote);
+            close_and_free_server(EV_A_ server);
+            return;
+        }
+    }
+
+    if (remote->buf->len == 0) {
+        // close and free
+        close_and_free_remote(EV_A_ remote);
+        close_and_free_server(EV_A_ server);
+        return;
+    } else {
+        // has data to send
+        ssize_t s = -1;
+        if (remote->addr != NULL) {
+#if defined(TCP_FASTOPEN_WINSOCK)
+            DWORD s   = -1;
+            DWORD err = 0;
+            do {
+                int optval = 1;
+                // Set fast open option
+                if (setsockopt(remote->fd, IPPROTO_TCP, TCP_FASTOPEN,
+                               &optval, sizeof(optval)) != 0) {
+                    ERROR("setsockopt");
+                    break;
+                }
+                // Load ConnectEx function
+                LPFN_CONNECTEX ConnectEx = winsock_getconnectex();
+                if (ConnectEx == NULL) {
+                    LOGE("Cannot load ConnectEx() function");
+                    err = WSAENOPROTOOPT;
+                    break;
+                }
+                // ConnectEx requires a bound socket
+                if (winsock_dummybind(remote->fd,
+                                      (struct sockaddr *)&(remote->addr)) != 0) {
+                    ERROR("bind");
+                    break;
+                }
+                // Call ConnectEx to send data
+                memset(&remote->olap, 0, sizeof(remote->olap));
+                remote->connect_ex_done = 0;
+                if (ConnectEx(remote->fd, (const struct sockaddr *)&(remote->addr),
+                              get_sockaddr_len(remote->addr), remote->buf->data, remote->buf->len,
+                              &s, &remote->olap)) {
+                    remote->connect_ex_done = 1;
+                    break;
+                }
+                // XXX: ConnectEx pending, check later in remote_send
+                if (WSAGetLastError() == ERROR_IO_PENDING) {
+                    err = CONNECT_IN_PROGRESS;
+                    break;
+                }
+                ERROR("ConnectEx");
+            } while (0);
+            // Set error number
+            if (err) {
+                SetLastError(err);
+            }
+#elif defined(CONNECT_DATA_IDEMPOTENT)
+            ((struct sockaddr_in *)&(remote->addr))->sin_len = sizeof(struct sockaddr_in);
+            sa_endpoints_t endpoints;
+            memset((char *)&endpoints, 0, sizeof(endpoints));
+            endpoints.sae_dstaddr    = (struct sockaddr *)&(remote->addr);
+            endpoints.sae_dstaddrlen = get_sockaddr_len(remote->addr);
+            s                        = connectx(remote->fd, &endpoints, SAE_ASSOCID_ANY,
+                                                CONNECT_RESUME_ON_READ_WRITE | CONNECT_DATA_IDEMPOTENT,
+                                                NULL, 0, NULL, NULL);
+#elif defined(TCP_FASTOPEN_CONNECT)
+            int optval = 1;
+            if (setsockopt(remote->fd, IPPROTO_TCP, TCP_FASTOPEN_CONNECT,
+                           (void *)&optval, sizeof(optval)) < 0)
+                FATAL("failed to set TCP_FASTOPEN_CONNECT");
+            s = connect(remote->fd, remote->addr, get_sockaddr_len(remote->addr));
+            if (s == 0)
+                s = send(remote->fd, remote->buf->data, remote->buf->len, 0);
+#elif defined(MSG_FASTOPEN)
+            s = sendto(remote->fd, remote->buf->data + remote->buf->idx,
+                       remote->buf->len, MSG_FASTOPEN, remote->addr,
+                       get_sockaddr_len(remote->addr));
+#else
+            FATAL("tcp fast open is not supported on this platform");
+#endif
+
+            remote->addr = NULL;
+
+            if (s == -1) {
+                if (errno == CONNECT_IN_PROGRESS) {
+                    ev_io_start(EV_A_ & remote_send_ctx->io);
+                    ev_timer_start(EV_A_ & remote_send_ctx->watcher);
+                } else {
+                    tun_fast_open = 0;
+                    if (errno == EOPNOTSUPP || errno == EPROTONOSUPPORT ||
+                        errno == ENOPROTOOPT) {
+                        LOGE("fast open is not supported on this platform");
+                    } else {
+                        ERROR("fast_open_connect");
+                    }
+                    close_and_free_remote(EV_A_ remote);
+                    close_and_free_server(EV_A_ server);
+                }
+                return;
+            }
+        } else {
+            s = send(remote->fd, remote->buf->data + remote->buf->idx,
+                     remote->buf->len, 0);
+        }
+
+        if (s == -1) {
+            if (errno != EAGAIN && errno != EWOULDBLOCK) {
+                ERROR("send");
+                // close and free
+                close_and_free_remote(EV_A_ remote);
+                close_and_free_server(EV_A_ server);
+            }
+            return;
+        } else if (s < remote->buf->len) {
+            // partly sent, move memory, wait for the next time to send
+            remote->buf->len -= s;
+            remote->buf->idx += s;
+            return;
+        } else {
+            // all sent out, wait for reading
+            remote->buf->len = 0;
+            remote->buf->idx = 0;
+            ev_io_stop(EV_A_ & remote_send_ctx->io);
+            ev_io_start(EV_A_ & server->recv_ctx->io);
+        }
+    }
+}
+
+static remote_t *
+new_remote(int fd, int timeout)
+{
+    remote_t *remote = ss_malloc(sizeof(remote_t));
+    memset(remote, 0, sizeof(remote_t));
+
+    remote->recv_ctx = ss_malloc(sizeof(remote_ctx_t));
+    remote->send_ctx = ss_malloc(sizeof(remote_ctx_t));
+    remote->buf      = ss_malloc(sizeof(buffer_t));
+    balloc(remote->buf, SOCKET_BUF_SIZE);
+    memset(remote->recv_ctx, 0, sizeof(remote_ctx_t));
+    memset(remote->send_ctx, 0, sizeof(remote_ctx_t));
+    remote->fd                  = fd;
+    remote->recv_ctx->remote    = remote;
+    remote->recv_ctx->connected = 0;
+    remote->send_ctx->remote    = remote;
+    remote->send_ctx->connected = 0;
+
+    ev_io_init(&remote->recv_ctx->io, remote_recv_cb, fd, EV_READ);
+    ev_io_init(&remote->send_ctx->io, remote_send_cb, fd, EV_WRITE);
+    ev_timer_init(&remote->send_ctx->watcher, remote_timeout_cb,
+                  min(MAX_CONNECT_TIMEOUT, timeout), 0);
+
+    return remote;
+}
+
+static void
+free_remote(remote_t *remote)
+{
+    if (remote->server != NULL) {
+        remote->server->remote = NULL;
+    }
+    if (remote->buf != NULL) {
+        bfree(remote->buf);
+        ss_free(remote->buf);
+    }
+    ss_free(remote->recv_ctx);
+    ss_free(remote->send_ctx);
+    ss_free(remote);
+}
+
+static void
+close_and_free_remote(EV_P_ remote_t *remote)
+{
+    if (remote != NULL) {
+        ev_timer_stop(EV_A_ & remote->send_ctx->watcher);
+        ev_io_stop(EV_A_ & remote->send_ctx->io);
+        ev_io_stop(EV_A_ & remote->recv_ctx->io);
+        close(remote->fd);
+        free_remote(remote);
+    }
+}
+
+static server_t *
+new_server(int fd)
+{
+    server_t *server = ss_malloc(sizeof(server_t));
+    memset(server, 0, sizeof(server_t));
+
+    server->recv_ctx = ss_malloc(sizeof(server_ctx_t));
+    server->send_ctx = ss_malloc(sizeof(server_ctx_t));
+    server->buf      = ss_malloc(sizeof(buffer_t));
+    balloc(server->buf, SOCKET_BUF_SIZE);
+    memset(server->recv_ctx, 0, sizeof(server_ctx_t));
+    memset(server->send_ctx, 0, sizeof(server_ctx_t));
+    server->fd                  = fd;
+    server->recv_ctx->server    = server;
+    server->recv_ctx->connected = 0;
+    server->send_ctx->server    = server;
+    server->send_ctx->connected = 0;
+
+    server->e_ctx = ss_malloc(sizeof(cipher_ctx_t));
+    server->d_ctx = ss_malloc(sizeof(cipher_ctx_t));
+    crypto->ctx_init(crypto->cipher, server->e_ctx, 1);
+    crypto->ctx_init(crypto->cipher, server->d_ctx, 0);
+
+    ev_io_init(&server->recv_ctx->io, server_recv_cb, fd, EV_READ);
+    ev_io_init(&server->send_ctx->io, server_send_cb, fd, EV_WRITE);
+
+    return server;
+}
+
+static void
+free_server(server_t *server)
+{
+    if (server->remote != NULL) {
+        server->remote->server = NULL;
+    }
+    if (server->e_ctx != NULL) {
+        crypto->ctx_release(server->e_ctx);
+        ss_free(server->e_ctx);
+    }
+    if (server->d_ctx != NULL) {
+        crypto->ctx_release(server->d_ctx);
+        ss_free(server->d_ctx);
+    }
+    if (server->buf != NULL) {
+        bfree(server->buf);
+        ss_free(server->buf);
+    }
+    ss_free(server->recv_ctx);
+    ss_free(server->send_ctx);
+    ss_free(server);
+}
+
+static void
+close_and_free_server(EV_P_ server_t *server)
+{
+    if (server != NULL) {
+        ev_io_stop(EV_A_ & server->send_ctx->io);
+        ev_io_stop(EV_A_ & server->recv_ctx->io);
+        close(server->fd);
+        free_server(server);
+    }
+}
+
+static void
+accept_cb(EV_P_ ev_io *w, int revents)
+{
+    struct listen_ctx *listener = (struct listen_ctx *)w;
+    int serverfd                = accept(listener->fd, NULL, NULL);
+    if (serverfd == -1) {
+        ERROR("accept");
+        return;
+    }
+    setnonblocking(serverfd);
+    int opt = 1;
+    setsockopt(serverfd, SOL_TCP, TCP_NODELAY, &opt, sizeof(opt));
+#ifdef SO_NOSIGPIPE
+    setsockopt(serverfd, SOL_SOCKET, SO_NOSIGPIPE, &opt, sizeof(opt));
+#endif
+
+    int index                    = rand() % listener->remote_num;
+    struct sockaddr *remote_addr = listener->remote_addr[index];
+
+    int remotefd = socket(remote_addr->sa_family, SOCK_STREAM, IPPROTO_TCP);
+    if (remotefd == -1) {
+        ERROR("socket");
+        return;
+    }
+
+#ifdef __ANDROID__
+    if (vpn) {
+        int not_protect = 0;
+        if (remote_addr->sa_family == AF_INET) {
+            struct sockaddr_in *s = (struct sockaddr_in *)remote_addr;
+            if (s->sin_addr.s_addr == inet_addr("127.0.0.1"))
+                not_protect = 1;
+        }
+        if (!not_protect) {
+            if (protect_socket(remotefd) == -1) {
+                ERROR("protect_socket");
+                close(remotefd);
+                return;
+            }
+        }
+    }
+#endif
+
+    int keepAlive = 1;
+    setsockopt(remotefd, SOL_SOCKET, SO_KEEPALIVE, (void *)&keepAlive, sizeof(keepAlive));
+    setsockopt(remotefd, SOL_TCP, TCP_NODELAY, &opt, sizeof(opt));
+#ifdef SO_NOSIGPIPE
+    setsockopt(remotefd, SOL_SOCKET, SO_NOSIGPIPE, &opt, sizeof(opt));
+#endif
+
+    if (listener->mptcp > 1) {
+        int err = setsockopt(remotefd, SOL_TCP, listener->mptcp, &opt, sizeof(opt));
+        if (err == -1) {
+            ERROR("failed to enable multipath TCP");
+        }
+    } else if (listener->mptcp == 1) {
+        int i = 0;
+        while ((listener->mptcp = mptcp_enabled_values[i]) > 0) {
+            int err = setsockopt(remotefd, SOL_TCP, listener->mptcp, &opt, sizeof(opt));
+            if (err != -1) {
+                break;
+            }
+            i++;
+        }
+        if (listener->mptcp == 0) {
+            ERROR("failed to enable multipath TCP");
+        }
+    }
+
+    // Setup
+    setnonblocking(remotefd);
+#ifdef SET_INTERFACE
+    if (listener->iface) {
+        if (setinterface(remotefd, listener->iface) == -1)
+            ERROR("setinterface");
+    }
+#endif
+
+    server_t *server = new_server(serverfd);
+    remote_t *remote = new_remote(remotefd, listener->timeout);
+    server->destaddr = listener->tunnel_addr;
+    server->remote   = remote;
+    remote->server   = server;
+
+    if (tun_fast_open) {
+        remote->addr = remote_addr;
+    } else {
+        int r = connect(remotefd, remote_addr, get_sockaddr_len(remote_addr));
+
+        if (r == -1 && errno != CONNECT_IN_PROGRESS) {
+            ERROR("connect");
+            close_and_free_remote(EV_A_ remote);
+            close_and_free_server(EV_A_ server);
+            return;
+        }
+    }
+
+    // listen to remote connected event
+    ev_io_start(EV_A_ & remote->send_ctx->io);
+    ev_timer_start(EV_A_ & remote->send_ctx->watcher);
+}
+
+static void
+signal_cb(EV_P_ ev_signal *w, int revents)
+{
+    if (revents & EV_SIGNAL) {
+        switch (w->signum) {
+#ifndef __MINGW32__
+        case SIGCHLD:
+            if (!is_plugin_running()) {
+                LOGE("plugin service exit unexpectedly");
+                ret_val = -1;
+            } else
+                return;
+#endif
+        case SIGINT:
+        case SIGTERM:
+            ev_signal_stop(EV_DEFAULT, &sigint_watcher);
+            ev_signal_stop(EV_DEFAULT, &sigterm_watcher);
+#ifndef __MINGW32__
+            ev_signal_stop(EV_DEFAULT, &sigchld_watcher);
+#else
+            ev_io_stop(EV_DEFAULT, &plugin_watcher.io);
+#endif
+            ev_unloop(EV_A_ EVUNLOOP_ALL);
+        }
+    }
+}
+
+#ifdef __MINGW32__
+static void
+plugin_watcher_cb(EV_P_ ev_io *w, int revents)
+{
+    char buf[1];
+    SOCKET fd = accept(plugin_watcher.fd, NULL, NULL);
+    if (fd == INVALID_SOCKET) {
+        return;
+    }
+    recv(fd, buf, 1, 0);
+    closesocket(fd);
+    LOGE("plugin service exit unexpectedly");
+    ret_val = -1;
+    ev_signal_stop(EV_DEFAULT, &sigint_watcher);
+    ev_signal_stop(EV_DEFAULT, &sigterm_watcher);
+    ev_io_stop(EV_DEFAULT, &plugin_watcher.io);
+    ev_unloop(EV_A_ EVUNLOOP_ALL);
+}
+
+#endif
+
+#ifndef LIB_ONLY
+int
+ main(int argc, char **argv)
+{
+    srand(time(NULL));
+
+    int i, c;
+    int pid_flags    = 0;
+    int mptcp        = 0;
+    int mtu          = 0;
+    char *user       = NULL;
+    char *local_port = NULL;
+    char *local_addr = NULL;
+    char *password   = NULL;
+    char *key        = NULL;
+    char *timeout    = NULL;
+    char *method     = NULL;
+    char *pid_path   = NULL;
+    char *conf_path  = NULL;
+    char *iface      = NULL;
+
+    char *plugin      = NULL;
+    char *plugin_opts = NULL;
+    char *plugin_host = NULL;
+    char *plugin_port = NULL;
+    char tmp_port[8];
+
+    ss_addr_t tunnel_addr = { .host = NULL, .port = NULL };
+    char *tunnel_addr_str = NULL;
+
+    int remote_num    = 0;
+    char *remote_port = NULL;
+    ss_addr_t remote_addr[MAX_REMOTE_NUM];
+
+    memset(remote_addr, 0, sizeof(ss_addr_t) * MAX_REMOTE_NUM);
+
+    static struct option long_options[] = {
+        { "fast-open",   no_argument,       NULL, GETOPT_VAL_FAST_OPEN   },
+        { "mtu",         required_argument, NULL, GETOPT_VAL_MTU         },
+        { "no-delay",    no_argument,       NULL, GETOPT_VAL_NODELAY     },
+        { "mptcp",       no_argument,       NULL, GETOPT_VAL_MPTCP       },
+        { "plugin",      required_argument, NULL, GETOPT_VAL_PLUGIN      },
+        { "plugin-opts", required_argument, NULL, GETOPT_VAL_PLUGIN_OPTS },
+        { "reuse-port",  no_argument,       NULL, GETOPT_VAL_REUSE_PORT  },
+        { "password",    required_argument, NULL, GETOPT_VAL_PASSWORD    },
+        { "key",         required_argument, NULL, GETOPT_VAL_KEY         },
+        { "help",        no_argument,       NULL, GETOPT_VAL_HELP        },
+        { NULL,          0,                 NULL, 0                      }
+    };
+
+    opterr = 0;
+
+    USE_TTY();
+
+#ifdef __ANDROID__
+    while ((c = getopt_long(argc, argv, "f:s:p:l:k:t:m:i:c:b:L:a:n:huUvV6A",
+                            long_options, NULL)) != -1) {
+#else
+    while ((c = getopt_long(argc, argv, "f:s:p:l:k:t:m:i:c:b:L:a:n:huUv6A",
+                            long_options, NULL)) != -1) {
+#endif
+        switch (c) {
+        case GETOPT_VAL_FAST_OPEN:
+            tun_fast_open = 1;
+            break;
+        case GETOPT_VAL_MTU:
+            mtu = atoi(optarg);
+            LOGI("set MTU to %d", mtu);
+            break;
+        case GETOPT_VAL_MPTCP:
+            mptcp = 1;
+            LOGI("enable multipath TCP");
+            break;
+        case GETOPT_VAL_NODELAY:
+            no_delay = 1;
+            LOGI("enable TCP no-delay");
+            break;
+        case GETOPT_VAL_PLUGIN:
+            plugin = optarg;
+            break;
+        case GETOPT_VAL_PLUGIN_OPTS:
+            plugin_opts = optarg;
+            break;
+        case GETOPT_VAL_KEY:
+            key = optarg;
+            break;
+        case GETOPT_VAL_REUSE_PORT:
+            tun_reuse_port = 1;
+            break;
+        case 's':
+            if (remote_num < MAX_REMOTE_NUM) {
+                parse_addr(optarg, &remote_addr[remote_num++]);
+            }
+            break;
+        case 'p':
+            remote_port = optarg;
+            break;
+        case 'l':
+            local_port = optarg;
+            break;
+        case GETOPT_VAL_PASSWORD:
+        case 'k':
+            password = optarg;
+            break;
+        case 'f':
+            pid_flags = 1;
+            pid_path  = optarg;
+            break;
+        case 't':
+            timeout = optarg;
+            break;
+        case 'm':
+            method = optarg;
+            break;
+        case 'c':
+            conf_path = optarg;
+            break;
+        case 'i':
+            iface = optarg;
+            break;
+        case 'b':
+            local_addr = optarg;
+            break;
+        case 'u':
+            mode = TCP_AND_UDP;
+            break;
+        case 'U':
+            mode = UDP_ONLY;
+            break;
+        case 'L':
+            tunnel_addr_str = optarg;
+            break;
+        case 'a':
+            user = optarg;
+            break;
+#ifdef HAVE_SETRLIMIT
+        case 'n':
+            nofile = atoi(optarg);
+            break;
+#endif
+        case 'v':
+            tun_verbose = 1;
+            break;
+        case GETOPT_VAL_HELP:
+        case 'h':
+            usage();
+            exit(EXIT_SUCCESS);
+        case '6':
+            ipv6first = 1;
+            break;
+#ifdef __ANDROID__
+        case 'V':
+            vpn = 1;
+            break;
+#endif
+        case 'A':
+            FATAL("One time auth has been deprecated. Try AEAD ciphers instead.");
+            break;
+        case '?':
+            // The option character is not recognized.
+            LOGE("Unrecognized option: %s", optarg);
+            opterr = 1;
+            break;
+        }
+    }
+
+    if (opterr) {
+        usage();
+        exit(EXIT_FAILURE);
+    }
+
+    if (argc == 1) {
+        if (conf_path == NULL) {
+            conf_path = get_default_conf();
+        }
+    }
+
+    if (conf_path != NULL) {
+        jconf_t *conf = read_jconf(conf_path);
+        if (remote_num == 0) {
+            remote_num = conf->remote_num;
+            for (i = 0; i < remote_num; i++)
+                remote_addr[i] = conf->remote_addr[i];
+        }
+        if (remote_port == NULL) {
+            remote_port = conf->remote_port;
+        }
+        if (local_addr == NULL) {
+            local_addr = conf->local_addr;
+        }
+        if (local_port == NULL) {
+            local_port = conf->local_port;
+        }
+        if (password == NULL) {
+            password = conf->password;
+        }
+        if (key == NULL) {
+            key = conf->key;
+        }
+        if (method == NULL) {
+            method = conf->method;
+        }
+        if (timeout == NULL) {
+            timeout = conf->timeout;
+        }
+        if (user == NULL) {
+            user = conf->user;
+        }
+        if (plugin == NULL) {
+            plugin = conf->plugin;
+        }
+        if (plugin_opts == NULL) {
+            plugin_opts = conf->plugin_opts;
+        }
+        if (tunnel_addr_str == NULL) {
+            tunnel_addr_str = conf->tunnel_address;
+        }
+        if (mode == TCP_ONLY) {
+            mode = conf->mode;
+        }
+        if (mtu == 0) {
+            mtu = conf->mtu;
+        }
+        if (mptcp == 0) {
+            mptcp = conf->mptcp;
+        }
+        if (no_delay == 0) {
+            no_delay = conf->no_delay;
+        }
+        if (tun_reuse_port == 0) {
+            tun_reuse_port = conf->reuse_port;
+        }
+        if (tun_fast_open == 0) {
+            tun_fast_open = conf->fast_open;
+        }
+#ifdef HAVE_SETRLIMIT
+        if (nofile == 0) {
+            nofile = conf->nofile;
+        }
+#endif
+    }
+
+    if (remote_num == 0 || remote_port == NULL || tunnel_addr_str == NULL
+        || local_port == NULL || (password == NULL && key == NULL)) {
+        usage();
+        exit(EXIT_FAILURE);
+    }
+
+#ifdef __MINGW32__
+    winsock_init();
+#endif
+
+    if (plugin != NULL) {
+        uint16_t port = get_local_port();
+        if (port == 0) {
+            FATAL("failed to find a free port");
+        }
+        snprintf(tmp_port, 8, "%d", port);
+        if (is_ipv6only(remote_addr, remote_num, ipv6first)) {
+            plugin_host = "::1";
+        } else {
+            plugin_host = "127.0.0.1";
+        }
+        plugin_port = tmp_port;
+
+#ifdef __MINGW32__
+        memset(&plugin_watcher, 0, sizeof(plugin_watcher));
+        plugin_watcher.port = get_local_port();
+        if (plugin_watcher.port == 0) {
+            LOGE("failed to assign a control port for plugin");
+        }
+#endif
+
+        LOGI("plugin \"%s\" enabled", plugin);
+    }
+
+    if (method == NULL) {
+        method = "chacha20-ietf-poly1305";
+    }
+
+    if (timeout == NULL) {
+        timeout = "60";
+    }
+
+#ifdef HAVE_SETRLIMIT
+    /*
+     * no need to check the return value here since we will show
+     * the user an error message if setrlimit(2) fails
+     */
+    if (nofile > 1024) {
+        if (tun_verbose) {
+            LOGI("setting NOFILE to %d", nofile);
+        }
+//        set_nofile(nofile);
+    }
+#endif
+
+    if (local_addr == NULL) {
+        if (is_ipv6only(remote_addr, remote_num, ipv6first)) {
+            local_addr = "::1";
+        } else {
+            local_addr = "127.0.0.1";
+        }
+    }
+
+    if (tun_fast_open == 1) {
+#ifdef TCP_FASTOPEN
+        LOGI("using tcp fast open");
+#else
+        LOGE("tcp fast open is not supported by this environment");
+        tun_fast_open = 0;
+#endif
+    }
+
+    USE_SYSLOG(argv[0], pid_flags);
+    if (pid_flags) {
+        daemonize(pid_path);
+    }
+
+    if (ipv6first) {
+        LOGI("resolving hostname to IPv6 address first");
+    }
+
+    // parse tunnel addr
+    parse_addr(tunnel_addr_str, &tunnel_addr);
+
+    if (tunnel_addr.port == NULL) {
+        FATAL("tunnel port is not defined");
+    }
+
+#ifdef __MINGW32__
+    // Listen on plugin control port
+    if (plugin != NULL && plugin_watcher.port != 0) {
+        SOCKET fd;
+        fd = socket(AF_INET, SOCK_STREAM, IPPROTO_TCP);
+        if (fd != INVALID_SOCKET) {
+            plugin_watcher.valid = 0;
+            do {
+                struct sockaddr_in addr;
+                memset(&addr, 0, sizeof(addr));
+                addr.sin_family      = AF_INET;
+                addr.sin_addr.s_addr = htonl(INADDR_LOOPBACK);
+                addr.sin_port        = htons(plugin_watcher.port);
+                if (bind(fd, (struct sockaddr *)&addr, sizeof(addr))) {
+                    LOGE("failed to bind plugin control port");
+                    break;
+                }
+                if (listen(fd, 1)) {
+                    LOGE("failed to listen on plugin control port");
+                    break;
+                }
+                plugin_watcher.fd = fd;
+                ev_io_init(&plugin_watcher.io, plugin_watcher_cb, fd, EV_READ);
+                ev_io_start(EV_DEFAULT, &plugin_watcher.io);
+                plugin_watcher.valid = 1;
+            } while (0);
+            if (!plugin_watcher.valid) {
+                closesocket(fd);
+                plugin_watcher.port = 0;
+            }
+        }
+    }
+#endif
+
+    if (plugin != NULL) {
+        int len          = 0;
+        size_t buf_size  = 256 * remote_num;
+        char *remote_str = ss_malloc(buf_size);
+
+        snprintf(remote_str, buf_size, "%s", remote_addr[0].host);
+        for (int i = 1; i < remote_num; i++) {
+            snprintf(remote_str + len, buf_size - len, "|%s", remote_addr[i].host);
+            len = strlen(remote_str);
+        }
+        int err = start_plugin(plugin, plugin_opts, remote_str,
+                               remote_port, plugin_host, plugin_port,
+#ifdef __MINGW32__
+                               plugin_watcher.port,
+#endif
+                               MODE_CLIENT);
+        if (err) {
+            ERROR("start_plugin");
+            FATAL("failed to start the plugin");
+        }
+    }
+
+#ifndef __MINGW32__
+    // ignore SIGPIPE
+    signal(SIGPIPE, SIG_IGN);
+    signal(SIGABRT, SIG_IGN);
+#endif
+
+    ev_signal_init(&sigint_watcher, signal_cb, SIGINT);
+    ev_signal_init(&sigterm_watcher, signal_cb, SIGTERM);
+    ev_signal_start(EV_DEFAULT, &sigint_watcher);
+    ev_signal_start(EV_DEFAULT, &sigterm_watcher);
+#ifndef __MINGW32__
+    ev_signal_init(&sigchld_watcher, signal_cb, SIGCHLD);
+    ev_signal_start(EV_DEFAULT, &sigchld_watcher);
+#endif
+
+    // Setup keys
+    LOGI("initializing ciphers... %s", method);
+    crypto = crypto_init(password, key, method);
+    if (crypto == NULL)
+        FATAL("failed to initialize ciphers");
+
+    // Setup proxy context
+    struct listen_ctx listen_ctx;
+    memset(&listen_ctx, 0, sizeof(struct listen_ctx));
+    listen_ctx.tunnel_addr = tunnel_addr;
+    listen_ctx.remote_num  = remote_num;
+    listen_ctx.remote_addr = ss_malloc(sizeof(struct sockaddr *) * remote_num);
+    memset(listen_ctx.remote_addr, 0, sizeof(struct sockaddr *) * remote_num);
+    for (i = 0; i < remote_num; i++) {
+        char *host = remote_addr[i].host;
+        char *port = remote_addr[i].port == NULL ? remote_port : remote_addr[i].port;
+        if (plugin != NULL) {
+            host = plugin_host;
+            port = plugin_port;
+        }
+        struct sockaddr_storage *storage = ss_malloc(sizeof(struct sockaddr_storage));
+        memset(storage, 0, sizeof(struct sockaddr_storage));
+        if (get_sockaddr(host, port, storage, 1, ipv6first) == -1) {
+            FATAL("failed to resolve the provided hostname");
+        }
+        listen_ctx.remote_addr[i] = (struct sockaddr *)storage;
+
+        if (plugin != NULL)
+            break;
+    }
+    listen_ctx.timeout = atoi(timeout);
+    listen_ctx.iface   = iface;
+    listen_ctx.mptcp   = mptcp;
+
+    LOGI("listening at %s:%s", local_addr, local_port);
+
+    struct ev_loop *loop = EV_DEFAULT;
+
+    if (mode != UDP_ONLY) {
+        // Setup socket
+        int listenfd;
+        listenfd = create_and_bind_tun(local_addr, local_port);
+        if (listenfd == -1) {
+            FATAL("bind() error");
+        }
+        if (listen(listenfd, SOMAXCONN) == -1) {
+            FATAL("listen() error");
+        }
+        setnonblocking(listenfd);
+
+        listen_ctx.fd = listenfd;
+
+        ev_io_init(&listen_ctx.io, accept_cb, listenfd, EV_READ);
+        ev_io_start(loop, &listen_ctx.io);
+    }
+
+    // Setup UDP
+    if (mode != TCP_ONLY) {
+        LOGI("UDP relay enabled");
+        char *host                       = remote_addr[0].host;
+        char *port                       = remote_addr[0].port == NULL ? remote_port : remote_addr[0].port;
+        struct sockaddr_storage *storage = ss_malloc(sizeof(struct sockaddr_storage));
+        memset(storage, 0, sizeof(struct sockaddr_storage));
+        if (get_sockaddr(host, port, storage, 1, ipv6first) == -1) {
+            FATAL("failed to resolve the provided hostname");
+        }
+        struct sockaddr *addr = (struct sockaddr *)storage;
+//        init_udprelay(local_addr, local_port, addr, get_sockaddr_len(addr),
+//                      tunnel_addr, mtu, crypto, listen_ctx.timeout, iface);
+        init_udprelay(local_addr,
+                      local_port,
+                      addr,
+                      get_sockaddr_len(addr),
+                      mtu,
+                      crypto,
+                      listen_ctx.timeout,
+                      iface);
+    }
+
+    if (mode == UDP_ONLY) {
+        LOGI("TCP relay disabled");
+    }
+
+#ifndef __MINGW32__
+    // setuid
+    if (user != NULL && !run_as(user)) {
+        FATAL("failed to switch user");
+    }
+
+    if (geteuid() == 0) {
+        LOGI("running from root user");
+    }
+#endif
+
+    ev_run(loop, 0);
+
+    if (plugin != NULL) {
+        stop_plugin();
+    }
+
+#ifdef __MINGW32__
+    if (plugin_watcher.valid) {
+        closesocket(plugin_watcher.fd);
+    }
+
+    winsock_cleanup();
+#endif
+
+    return ret_val;
+}
+#endif
diff --git a/client/3rd/ShadowSocks/ShadowSocks/shadowsocks-libev/src/tunnel.h b/client/3rd/ShadowSocks/ShadowSocks/shadowsocks-libev/src/tunnel.h
new file mode 100644
index 00000000..4e9fbf82
--- /dev/null
+++ b/client/3rd/ShadowSocks/ShadowSocks/shadowsocks-libev/src/tunnel.h
@@ -0,0 +1,91 @@
+/*
+ * tunnel.h - Define tunnel's buffers and callbacks
+ *
+ * Copyright (C) 2013 - 2019, Max Lv <max.c.lv@gmail.com>
+ *
+ * This file is part of the shadowsocks-libev.
+ *
+ * shadowsocks-libev is free software; you can redistribute it and/or modify
+ * it under the terms of the GNU General Public License as published by
+ * the Free Software Foundation; either version 3 of the License, or
+ * (at your option) any later version.
+ *
+ * shadowsocks-libev is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+ * GNU General Public License for more details.
+ *
+ * You should have received a copy of the GNU General Public License
+ * along with shadowsocks-libev; see the file COPYING. If not, see
+ * <http://www.gnu.org/licenses/>.
+ */
+
+#ifndef _TUNNEL_H
+#define _TUNNEL_H
+
+#ifdef HAVE_LIBEV_EV_H
+#include <libev/ev.h>
+#else
+#include <ev.h>
+#endif
+
+#ifdef __MINGW32__
+#include "winsock.h"
+#endif
+
+#include "crypto.h"
+#include "jconf.h"
+
+#include "common.h"
+
+typedef struct listen_ctx {
+    ev_io io;
+    ss_addr_t tunnel_addr;
+    char *iface;
+    int remote_num;
+    int timeout;
+    int fd;
+    int mptcp;
+    struct sockaddr **remote_addr;
+} listen_ctx_t;
+
+typedef struct server_ctx {
+    ev_io io;
+    int connected;
+    struct server *server;
+} server_ctx_t;
+
+typedef struct server {
+    int fd;
+
+    buffer_t *buf;
+    cipher_ctx_t *e_ctx;
+    cipher_ctx_t *d_ctx;
+    struct server_ctx *recv_ctx;
+    struct server_ctx *send_ctx;
+    struct remote *remote;
+    ss_addr_t destaddr;
+} server_t;
+
+typedef struct remote_ctx {
+    ev_io io;
+    ev_timer watcher;
+    int connected;
+    struct remote *remote;
+} remote_ctx_t;
+
+typedef struct remote {
+    int fd;
+#ifdef TCP_FASTOPEN_WINSOCK
+    OVERLAPPED olap;
+    int connect_ex_done;
+#endif
+    buffer_t *buf;
+    struct remote_ctx *recv_ctx;
+    struct remote_ctx *send_ctx;
+    struct server *server;
+    struct sockaddr *addr;
+    uint32_t counter;
+} remote_t;
+
+#endif // _TUNNEL_H
diff --git a/client/3rd/ShadowSocks/ShadowSocks/shadowsocks-libev/src/udprelay.c b/client/3rd/ShadowSocks/ShadowSocks/shadowsocks-libev/src/udprelay.c
new file mode 100644
index 00000000..0ebef4ff
--- /dev/null
+++ b/client/3rd/ShadowSocks/ShadowSocks/shadowsocks-libev/src/udprelay.c
@@ -0,0 +1,1458 @@
+/*
+ * udprelay.c - Setup UDP relay for both client and server
+ *
+ * Copyright (C) 2013 - 2019, Max Lv <max.c.lv@gmail.com>
+ *
+ * This file is part of the shadowsocks-libev.
+ *
+ * shadowsocks-libev is free software; you can redistribute it and/or modify
+ * it under the terms of the GNU General Public License as published by
+ * the Free Software Foundation; either version 3 of the License, or
+ * (at your option) any later version.
+ *
+ * shadowsocks-libev is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+ * GNU General Public License for more details.
+ *
+ * You should have received a copy of the GNU General Public License
+ * along with shadowsocks-libev; see the file COPYING. If not, see
+ * <http://www.gnu.org/licenses/>.
+ */
+
+#include <sys/stat.h>
+#include <sys/types.h>
+#include <fcntl.h>
+#include <locale.h>
+#include <signal.h>
+#include <string.h>
+#include <strings.h>
+#include <time.h>
+#include <unistd.h>
+#ifndef __MINGW32__
+#include <arpa/inet.h>
+#include <errno.h>
+#include <netdb.h>
+#include <netinet/in.h>
+#include <pthread.h>
+#endif
+#ifdef HAVE_CONFIG_H
+#include "config.h"
+#endif
+
+#if defined(HAVE_SYS_IOCTL_H) && defined(HAVE_NET_IF_H) && defined(__linux__)
+#include <net/if.h>
+#include <sys/ioctl.h>
+#define SET_INTERFACE
+#endif
+
+#include <libcork/core.h>
+
+#include "utils.h"
+#include "netutils.h"
+#include "cache.h"
+#include "udprelay.h"
+#include "winsock.h"
+
+#ifdef MODULE_REMOTE
+#define MAX_UDP_CONN_NUM 512
+#else
+#define MAX_UDP_CONN_NUM 256
+#endif
+
+#ifdef MODULE_REMOTE
+#ifdef MODULE_
+#error "MODULE_REMOTE and MODULE_LOCAL should not be both defined"
+#endif
+#endif
+
+#ifndef EAGAIN
+#define EAGAIN EWOULDBLOCK
+#endif
+
+#ifndef EWOULDBLOCK
+#define EWOULDBLOCK EAGAIN
+#endif
+
+static void server_recv_cb(EV_P_ ev_io *w, int revents);
+static void remote_recv_cb(EV_P_ ev_io *w, int revents);
+static void remote_timeout_cb(EV_P_ ev_timer *watcher, int revents);
+
+static char *hash_key(const int af, const struct sockaddr_storage *addr);
+#ifdef MODULE_REMOTE
+static void resolv_free_cb(void *data);
+static void resolv_cb(struct sockaddr *addr, void *data);
+#endif
+static void close_and_free_remote(EV_P_ remote_ctx_t *ctx);
+static remote_ctx_t *new_remote(int fd, server_ctx_t *server_ctx);
+
+#ifdef __ANDROID__
+extern uint64_t tx;
+extern uint64_t rx;
+extern int vpn;
+extern void stat_update_cb();
+#endif
+
+extern int verbose;
+extern int reuse_port;
+#ifdef MODULE_REMOTE
+extern uint64_t tx;
+extern uint64_t rx;
+
+extern int is_bind_local_addr;
+extern struct sockaddr_storage local_addr_v4;
+extern struct sockaddr_storage local_addr_v6;
+#endif
+
+static int packet_size                               = DEFAULT_PACKET_SIZE;
+static int buf_size                                  = DEFAULT_PACKET_SIZE * 2;
+static int server_num                                = 0;
+static server_ctx_t *server_ctx_list[MAX_REMOTE_NUM] = { NULL };
+
+const char *s_port = NULL;
+
+#ifndef __MINGW32__
+static int
+setnonblocking(int fd)
+{
+    int flags;
+    if (-1 == (flags = fcntl(fd, F_GETFL, 0))) {
+        flags = 0;
+    }
+    return fcntl(fd, F_SETFL, flags | O_NONBLOCK);
+}
+
+#endif
+
+#if defined(MODULE_REMOTE) && defined(SO_BROADCAST)
+static int
+set_broadcast(int socket_fd)
+{
+    int opt = 1;
+    return setsockopt(socket_fd, SOL_SOCKET, SO_BROADCAST, &opt, sizeof(opt));
+}
+
+#endif
+
+#ifdef SO_NOSIGPIPE
+static int
+set_nosigpipe(int socket_fd)
+{
+    int opt = 1;
+    return setsockopt(socket_fd, SOL_SOCKET, SO_NOSIGPIPE, &opt, sizeof(opt));
+}
+
+#endif
+
+#ifdef MODULE_REDIR
+
+#ifndef IP_TRANSPARENT
+#define IP_TRANSPARENT       19
+#endif
+
+#ifndef IPV6_TRANSPARENT
+#define IPV6_TRANSPARENT     75
+#endif
+
+#ifndef IP_RECVORIGDSTADDR
+#ifdef  IP_ORIGDSTADDR
+#define IP_RECVORIGDSTADDR   IP_ORIGDSTADDR
+#else
+#define IP_RECVORIGDSTADDR   20
+#endif
+#endif
+
+#ifndef IPV6_RECVORIGDSTADDR
+#ifdef  IPV6_ORIGDSTADDR
+#define IPV6_RECVORIGDSTADDR   IPV6_ORIGDSTADDR
+#else
+#define IPV6_RECVORIGDSTADDR   74
+#endif
+#endif
+
+static int
+get_dstaddr(struct msghdr *msg, struct sockaddr_storage *dstaddr)
+{
+    struct cmsghdr *cmsg;
+
+    for (cmsg = CMSG_FIRSTHDR(msg); cmsg; cmsg = CMSG_NXTHDR(msg, cmsg)) {
+        if (cmsg->cmsg_level == SOL_IP && cmsg->cmsg_type == IP_RECVORIGDSTADDR) {
+            memcpy(dstaddr, CMSG_DATA(cmsg), sizeof(struct sockaddr_in));
+            dstaddr->ss_family = AF_INET;
+            return 0;
+        } else if (cmsg->cmsg_level == SOL_IPV6 && cmsg->cmsg_type == IPV6_RECVORIGDSTADDR) {
+            memcpy(dstaddr, CMSG_DATA(cmsg), sizeof(struct sockaddr_in6));
+            dstaddr->ss_family = AF_INET6;
+            return 0;
+        }
+    }
+
+    return 1;
+}
+
+#endif
+
+#define HASH_KEY_LEN sizeof(struct sockaddr_storage) + sizeof(int)
+static char *
+hash_key(const int af, const struct sockaddr_storage *addr)
+{
+    size_t addr_len = sizeof(struct sockaddr_storage);
+    static char key[HASH_KEY_LEN];
+
+    memset(key, 0, HASH_KEY_LEN);
+    memcpy(key, &af, sizeof(int));
+    memcpy(key + sizeof(int), (const uint8_t *)addr, addr_len);
+
+    return key;
+}
+
+#if defined(MODULE_REDIR) || defined(MODULE_REMOTE)
+
+static int
+construct_udprelay_header(const struct sockaddr_storage *in_addr,
+                          char *addr_header)
+{
+    int addr_header_len = 0;
+
+    if (in_addr->ss_family == AF_INET) {
+        struct sockaddr_in *addr = (struct sockaddr_in *)in_addr;
+        size_t addr_len          = sizeof(struct in_addr);
+
+        addr_header[addr_header_len++] = 1;
+        memcpy(addr_header + addr_header_len, &addr->sin_addr, addr_len);
+        addr_header_len += addr_len;
+        memcpy(addr_header + addr_header_len, &addr->sin_port, 2);
+        addr_header_len += 2;
+    } else if (in_addr->ss_family == AF_INET6) {
+        struct sockaddr_in6 *addr = (struct sockaddr_in6 *)in_addr;
+        size_t addr_len           = sizeof(struct in6_addr);
+
+        addr_header[addr_header_len++] = 4;
+        memcpy(addr_header + addr_header_len, &addr->sin6_addr, addr_len);
+        addr_header_len += addr_len;
+        memcpy(addr_header + addr_header_len, &addr->sin6_port, 2);
+        addr_header_len += 2;
+    } else {
+        return 0;
+    }
+
+    return addr_header_len;
+}
+
+#endif
+
+static int
+parse_udprelay_header(const char *buf, const size_t buf_len,
+                      char *host, char *port, struct sockaddr_storage *storage)
+{
+    const uint8_t atyp = *(uint8_t *)buf;
+    int offset         = 1;
+
+    // get remote addr and port
+    if ((atyp & ADDRTYPE_MASK) == 1) {
+        // IP V4
+        size_t in_addr_len = sizeof(struct in_addr);
+        if (buf_len >= in_addr_len + 3) {
+            if (storage != NULL) {
+                struct sockaddr_in *addr = (struct sockaddr_in *)storage;
+                addr->sin_family = AF_INET;
+                memcpy(&addr->sin_addr, buf + offset, sizeof(struct in_addr));
+                memcpy(&addr->sin_port, buf + offset + in_addr_len, sizeof(uint16_t));
+            }
+            if (host != NULL) {
+                inet_ntop(AF_INET, (const void *)(buf + offset),
+                          host, INET_ADDRSTRLEN);
+            }
+            offset += in_addr_len;
+        }
+    } else if ((atyp & ADDRTYPE_MASK) == 3) {
+        // Domain name
+        uint8_t name_len = *(uint8_t *)(buf + offset);
+        if (name_len + 4 <= buf_len) {
+            if (storage != NULL) {
+                char tmp[MAX_HOSTNAME_LEN] = { 0 };
+                struct cork_ip ip;
+                memcpy(tmp, buf + offset + 1, name_len);
+                if (cork_ip_init(&ip, tmp) != -1) {
+                    if (ip.version == 4) {
+                        struct sockaddr_in *addr = (struct sockaddr_in *)storage;
+                        inet_pton(AF_INET, tmp, &(addr->sin_addr));
+                        memcpy(&addr->sin_port, buf + offset + 1 + name_len, sizeof(uint16_t));
+                        addr->sin_family = AF_INET;
+                    } else if (ip.version == 6) {
+                        struct sockaddr_in6 *addr = (struct sockaddr_in6 *)storage;
+                        inet_pton(AF_INET, tmp, &(addr->sin6_addr));
+                        memcpy(&addr->sin6_port, buf + offset + 1 + name_len, sizeof(uint16_t));
+                        addr->sin6_family = AF_INET6;
+                    }
+                }
+            }
+            if (host != NULL) {
+                memcpy(host, buf + offset + 1, name_len);
+            }
+            offset += 1 + name_len;
+        }
+    } else if ((atyp & ADDRTYPE_MASK) == 4) {
+        // IP V6
+        size_t in6_addr_len = sizeof(struct in6_addr);
+        if (buf_len >= in6_addr_len + 3) {
+            if (storage != NULL) {
+                struct sockaddr_in6 *addr = (struct sockaddr_in6 *)storage;
+                addr->sin6_family = AF_INET6;
+                memcpy(&addr->sin6_addr, buf + offset, sizeof(struct in6_addr));
+                memcpy(&addr->sin6_port, buf + offset + in6_addr_len, sizeof(uint16_t));
+            }
+            if (host != NULL) {
+                inet_ntop(AF_INET6, (const void *)(buf + offset),
+                          host, INET6_ADDRSTRLEN);
+            }
+            offset += in6_addr_len;
+        }
+    }
+
+    if (offset == 1) {
+        LOGE("[udp] invalid header with addr type %d", atyp);
+        return 0;
+    }
+
+    if (port != NULL) {
+        sprintf(port, "%d", load16_be(buf + offset));
+    }
+    offset += 2;
+
+    return offset;
+}
+
+static char *
+get_addr_str(const struct sockaddr *sa, bool has_port)
+{
+    static char s[SS_ADDRSTRLEN];
+    memset(s, 0, SS_ADDRSTRLEN);
+    char addr[INET6_ADDRSTRLEN] = { 0 };
+    char port[PORTSTRLEN]       = { 0 };
+    uint16_t p;
+    struct sockaddr_in sa_in;
+    struct sockaddr_in6 sa_in6;
+
+    switch (sa->sa_family) {
+    case AF_INET:
+        memcpy(&sa_in, sa, sizeof(struct sockaddr_in));
+        inet_ntop(AF_INET, &sa_in.sin_addr, addr, INET_ADDRSTRLEN);
+        p = ntohs(sa_in.sin_port);
+        sprintf(port, "%d", p);
+        break;
+
+    case AF_INET6:
+        memcpy(&sa_in6, sa, sizeof(struct sockaddr_in6));
+        inet_ntop(AF_INET6, &sa_in6.sin6_addr, addr, INET6_ADDRSTRLEN);
+        p = ntohs(sa_in6.sin6_port);
+        sprintf(port, "%d", p);
+        break;
+
+    default:
+        strncpy(s, "Unknown AF", SS_ADDRSTRLEN);
+    }
+
+    int addr_len = strlen(addr);
+    int port_len = strlen(port);
+    memcpy(s, addr, addr_len);
+
+    if (has_port) {
+        memcpy(s + addr_len + 1, port, port_len);
+        s[addr_len] = ':';
+    }
+
+    return s;
+}
+
+int
+create_remote_socket(int ipv6)
+{
+    int remote_sock;
+
+    if (ipv6) {
+        // Try to bind IPv6 first
+        struct sockaddr_in6 addr;
+        memset(&addr, 0, sizeof(struct sockaddr_in6));
+        addr.sin6_family = AF_INET6;
+        addr.sin6_addr   = in6addr_any;
+        addr.sin6_port   = 0;
+        remote_sock      = socket(AF_INET6, SOCK_DGRAM, 0);
+        if (remote_sock == -1) {
+            ERROR("[udp] cannot create socket");
+            return -1;
+        }
+#ifdef MODULE_REMOTE
+        if (is_bind_local_addr) {
+            if (local_addr_v6.ss_family == AF_INET6) {
+                if (bind_to_addr(&local_addr_v6, remote_sock) == -1) {
+                    ERROR("bind_to_addr");
+                    FATAL("[udp] cannot bind socket");
+                    return -1;
+                }
+            }
+        } else {
+#endif
+        if (bind(remote_sock, (struct sockaddr *)&addr, sizeof(addr)) != 0) {
+            FATAL("[udp] cannot bind socket");
+            return -1;
+        }
+#ifdef MODULE_REMOTE
+    }
+#endif
+    } else {
+        // Or else bind to IPv4
+        struct sockaddr_in addr;
+        memset(&addr, 0, sizeof(struct sockaddr_in));
+        addr.sin_family      = AF_INET;
+        addr.sin_addr.s_addr = INADDR_ANY;
+        addr.sin_port        = 0;
+        remote_sock          = socket(AF_INET, SOCK_DGRAM, 0);
+        if (remote_sock == -1) {
+            ERROR("[udp] cannot create socket");
+            return -1;
+        }
+#ifdef MODULE_REMOTE
+        if (is_bind_local_addr) {
+            if (local_addr_v4.ss_family == AF_INET) {
+                if (bind_to_addr(&local_addr_v4, remote_sock) == -1) {
+                    ERROR("bind_to_addr");
+                    FATAL("[udp] cannot bind socket");
+                    return -1;
+                }
+            }
+        } else {
+#endif
+        if (bind(remote_sock, (struct sockaddr *)&addr, sizeof(addr)) != 0) {
+            FATAL("[udp] cannot bind remote");
+            return -1;
+        }
+#ifdef MODULE_REMOTE
+    }
+#endif
+    }
+    return remote_sock;
+}
+
+int
+create_server_socket(const char *host, const char *port)
+{
+    struct addrinfo hints;
+    struct addrinfo *result, *rp, *ipv4v6bindall;
+    int s, server_sock;
+
+    memset(&hints, 0, sizeof(struct addrinfo));
+    hints.ai_family   = AF_UNSPEC;               /* Return IPv4 and IPv6 choices */
+    hints.ai_socktype = SOCK_DGRAM;              /* We want a UDP socket */
+    hints.ai_flags    = AI_PASSIVE | AI_ADDRCONFIG; /* For wildcard IP address */
+    hints.ai_protocol = IPPROTO_UDP;
+
+    s = getaddrinfo(host, port, &hints, &result);
+    if (s != 0) {
+        LOGE("[udp] getaddrinfo: %s", gai_strerror(s));
+        return -1;
+    }
+
+    if (result == NULL) {
+        LOGE("[udp] cannot bind");
+        return -1;
+    }
+
+    rp = result;
+
+    /*
+     * On Linux, with net.ipv6.bindv6only = 0 (the default), getaddrinfo(NULL) with
+     * AI_PASSIVE returns 0.0.0.0 and :: (in this order). AI_PASSIVE was meant to
+     * return a list of addresses to listen on, but it is impossible to listen on
+     * 0.0.0.0 and :: at the same time, if :: implies dualstack mode.
+     */
+    if (!host) {
+        ipv4v6bindall = result;
+
+        /* Loop over all address infos found until a IPV6 address is found. */
+        while (ipv4v6bindall) {
+            if (ipv4v6bindall->ai_family == AF_INET6) {
+                rp = ipv4v6bindall; /* Take first IPV6 address available */
+                break;
+            }
+            ipv4v6bindall = ipv4v6bindall->ai_next; /* Get next address info, if any */
+        }
+    }
+
+    for (/*rp = result*/; rp != NULL; rp = rp->ai_next) {
+        server_sock = socket(rp->ai_family, rp->ai_socktype, rp->ai_protocol);
+        if (server_sock == -1) {
+            continue;
+        }
+
+        if (rp->ai_family == AF_INET6) {
+            int ipv6only = host ? 1 : 0;
+            setsockopt(server_sock, IPPROTO_IPV6, IPV6_V6ONLY, &ipv6only, sizeof(ipv6only));
+        }
+
+        int opt = 1;
+        setsockopt(server_sock, SOL_SOCKET, SO_REUSEADDR, &opt, sizeof(opt));
+#ifdef SO_NOSIGPIPE
+        set_nosigpipe(server_sock);
+#endif
+        if (reuse_port) {
+            int err = set_reuseport(server_sock);
+            if (err == 0) {
+                LOGI("udp port reuse enabled");
+            }
+        }
+#ifdef IP_TOS
+        // Set QoS flag
+        int tos   = 46 << 2;
+        int rc = setsockopt(server_sock, IPPROTO_IP, IP_TOS, &tos, sizeof(tos));
+        if (rc < 0 && errno != ENOPROTOOPT) {
+            LOGE("setting ipv4 dscp failed: %d", errno);
+        }
+        rc = setsockopt(server_sock, IPPROTO_IPV6, IPV6_TCLASS, &tos, sizeof(tos));
+        if (rc < 0 && errno != ENOPROTOOPT) {
+            LOGE("setting ipv6 dscp failed: %d", errno);
+        }
+#endif
+
+#ifdef MODULE_REDIR
+        int sol    = rp->ai_family == AF_INET ? SOL_IP : SOL_IPV6;
+        int flag_t = rp->ai_family == AF_INET ? IP_TRANSPARENT : IPV6_TRANSPARENT;
+        int flag_r = rp->ai_family == AF_INET ? IP_RECVORIGDSTADDR : IPV6_RECVORIGDSTADDR;
+
+        if (setsockopt(server_sock, sol, flag_t, &opt, sizeof(opt))) {
+            ERROR("[udp] setsockopt IP_TRANSPARENT");
+            exit(EXIT_FAILURE);
+        }
+
+        if (setsockopt(server_sock, sol, flag_r, &opt, sizeof(opt))) {
+            FATAL("[udp] setsockopt IP_RECVORIGDSTADDR");
+        }
+#endif
+
+        s = bind(server_sock, rp->ai_addr, rp->ai_addrlen);
+        if (s == 0) {
+            /* We managed to bind successfully! */
+            break;
+        } else {
+            ERROR("[udp] bind");
+        }
+
+        close(server_sock);
+        server_sock = -1;
+    }
+
+    freeaddrinfo(result);
+
+    return server_sock;
+}
+
+remote_ctx_t *
+new_remote(int fd, server_ctx_t *server_ctx)
+{
+    remote_ctx_t *ctx = ss_malloc(sizeof(remote_ctx_t));
+    memset(ctx, 0, sizeof(remote_ctx_t));
+
+    ctx->fd         = fd;
+    ctx->server_ctx = server_ctx;
+    ctx->af         = AF_UNSPEC;
+
+    ev_io_init(&ctx->io, remote_recv_cb, fd, EV_READ);
+    ev_timer_init(&ctx->watcher, remote_timeout_cb, server_ctx->timeout,
+                  server_ctx->timeout);
+
+    return ctx;
+}
+
+server_ctx_t *
+new_server_ctx(int fd)
+{
+    server_ctx_t *ctx = ss_malloc(sizeof(server_ctx_t));
+    memset(ctx, 0, sizeof(server_ctx_t));
+
+    ctx->fd = fd;
+
+    ev_io_init(&ctx->io, server_recv_cb, fd, EV_READ);
+
+    return ctx;
+}
+
+#ifdef MODULE_REMOTE
+struct query_ctx *
+new_query_ctx(char *buf, size_t len)
+{
+    struct query_ctx *ctx = ss_malloc(sizeof(struct query_ctx));
+    memset(ctx, 0, sizeof(struct query_ctx));
+    ctx->buf = ss_malloc(sizeof(buffer_t));
+    balloc(ctx->buf, len);
+    memcpy(ctx->buf->data, buf, len);
+    ctx->buf->len = len;
+    return ctx;
+}
+
+void
+close_and_free_query(EV_P_ struct query_ctx *ctx)
+{
+    if (ctx != NULL) {
+        if (ctx->buf != NULL) {
+            bfree(ctx->buf);
+            ss_free(ctx->buf);
+        }
+        ss_free(ctx);
+    }
+}
+
+#endif
+
+void
+close_and_free_remote(EV_P_ remote_ctx_t *ctx)
+{
+    if (ctx != NULL) {
+        ev_timer_stop(EV_A_ & ctx->watcher);
+        ev_io_stop(EV_A_ & ctx->io);
+        close(ctx->fd);
+        ss_free(ctx);
+    }
+}
+
+static void
+remote_timeout_cb(EV_P_ ev_timer *watcher, int revents)
+{
+    remote_ctx_t *remote_ctx
+        = cork_container_of(watcher, remote_ctx_t, watcher);
+
+    if (verbose) {
+        LOGI("[udp] connection timeout");
+    }
+
+    char *key = hash_key(remote_ctx->af, &remote_ctx->src_addr);
+    cache_remove(remote_ctx->server_ctx->conn_cache, key, HASH_KEY_LEN);
+}
+
+#ifdef MODULE_REMOTE
+static void
+resolv_free_cb(void *data)
+{
+    struct query_ctx *ctx = (struct query_ctx *)data;
+    if (ctx->buf != NULL) {
+        bfree(ctx->buf);
+        ss_free(ctx->buf);
+    }
+    ss_free(ctx);
+}
+
+static void
+resolv_cb(struct sockaddr *addr, void *data)
+{
+    struct query_ctx *query_ctx = (struct query_ctx *)data;
+    struct ev_loop *loop        = query_ctx->server_ctx->loop;
+
+    if (addr == NULL) {
+        LOGE("[udp] unable to resolve");
+    } else {
+        remote_ctx_t *remote_ctx = query_ctx->remote_ctx;
+        int cache_hit            = 0;
+
+        // Lookup in the conn cache
+        if (remote_ctx == NULL) {
+            char *key = hash_key(AF_UNSPEC, &query_ctx->src_addr);
+            cache_lookup(query_ctx->server_ctx->conn_cache, key, HASH_KEY_LEN, (void *)&remote_ctx);
+        }
+
+        if (remote_ctx == NULL) {
+            int remotefd = create_remote_socket(addr->sa_family == AF_INET6);
+            if (remotefd != -1) {
+                setnonblocking(remotefd);
+#ifdef SO_BROADCAST
+                set_broadcast(remotefd);
+#endif
+#ifdef SO_NOSIGPIPE
+                set_nosigpipe(remotefd);
+#endif
+#ifdef IP_TOS
+                // Set QoS flag
+                int tos   = 46 << 2;
+                int rc = setsockopt(remotefd, IPPROTO_IP, IP_TOS, &tos, sizeof(tos));
+                if (rc < 0 && errno != ENOPROTOOPT) {
+                    LOGE("setting ipv4 dscp failed: %d", errno);
+                }
+                rc = setsockopt(remotefd, IPPROTO_IPV6, IPV6_TCLASS, &tos, sizeof(tos));
+                if (rc < 0 && errno != ENOPROTOOPT) {
+                    LOGE("setting ipv6 dscp failed: %d", errno);
+                }
+#endif
+#ifdef SET_INTERFACE
+                if (query_ctx->server_ctx->iface) {
+                    if (setinterface(remotefd, query_ctx->server_ctx->iface) == -1)
+                        ERROR("setinterface");
+                }
+#endif
+                remote_ctx             = new_remote(remotefd, query_ctx->server_ctx);
+                remote_ctx->src_addr   = query_ctx->src_addr;
+                remote_ctx->server_ctx = query_ctx->server_ctx;
+            } else {
+                ERROR("[udp] bind() error");
+            }
+        } else {
+            cache_hit = 1;
+        }
+
+        if (remote_ctx != NULL) {
+            if (addr->sa_family == AF_INET)
+                memcpy(&remote_ctx->dst_addr, addr, sizeof(struct sockaddr_in));
+            else
+                memcpy(&remote_ctx->dst_addr, addr, sizeof(struct sockaddr_in6));
+
+            size_t addr_len = get_sockaddr_len(addr);
+            int s           = sendto(remote_ctx->fd, query_ctx->buf->data, query_ctx->buf->len,
+                                     0, addr, addr_len);
+
+            if (s == -1) {
+                ERROR("[udp] sendto_remote");
+                if (!cache_hit) {
+                    close_and_free_remote(EV_A_ remote_ctx);
+                }
+            } else {
+                if (!cache_hit) {
+                    // Add to conn cache
+                    char *key = hash_key(AF_UNSPEC, &remote_ctx->src_addr);
+                    cache_insert(query_ctx->server_ctx->conn_cache, key, HASH_KEY_LEN, (void *)remote_ctx);
+                    ev_io_start(EV_A_ & remote_ctx->io);
+                    ev_timer_start(EV_A_ & remote_ctx->watcher);
+                }
+            }
+        }
+    }
+}
+
+#endif
+
+static void
+remote_recv_cb(EV_P_ ev_io *w, int revents)
+{
+    ssize_t r;
+    remote_ctx_t *remote_ctx = (remote_ctx_t *)w;
+    server_ctx_t *server_ctx = remote_ctx->server_ctx;
+
+    // server has been closed
+    if (server_ctx == NULL) {
+        LOGE("[udp] invalid server");
+        close_and_free_remote(EV_A_ remote_ctx);
+        return;
+    }
+
+    if (verbose) {
+        LOGI("[udp] remote receive a packet");
+    }
+
+    struct sockaddr_storage src_addr;
+    socklen_t src_addr_len = sizeof(struct sockaddr_storage);
+    memset(&src_addr, 0, src_addr_len);
+
+    buffer_t *buf = ss_malloc(sizeof(buffer_t));
+    balloc(buf, buf_size);
+
+    // recv
+    r = recvfrom(remote_ctx->fd, buf->data, buf_size, 0, (struct sockaddr *)&src_addr, &src_addr_len);
+
+    if (r == -1) {
+        // error on recv
+        // simply drop that packet
+        ERROR("[udp] remote_recv_recvfrom");
+        goto CLEAN_UP;
+    } else if (r > packet_size) {
+        if (verbose) {
+            LOGI("[udp] remote_recv_recvfrom fragmentation, MTU at least be: " SSIZE_FMT, r + PACKET_HEADER_SIZE);
+        }
+    }
+
+    buf->len = r;
+
+#ifdef MODULE_LOCAL
+    int err = server_ctx->crypto->decrypt_all(buf, server_ctx->crypto->cipher, buf_size);
+    if (err) {
+        LOGE("failed to handshake with %s: %s",
+                get_addr_str((struct sockaddr *)&src_addr, false), "suspicious UDP packet");
+        // drop the packet silently
+        goto CLEAN_UP;
+    }
+
+#ifdef MODULE_REDIR
+    struct sockaddr_storage dst_addr;
+    memset(&dst_addr, 0, sizeof(struct sockaddr_storage));
+    int len = parse_udprelay_header(buf->data, buf->len, NULL, NULL, &dst_addr);
+
+    if (dst_addr.ss_family != AF_INET && dst_addr.ss_family != AF_INET6) {
+        LOGI("[udp] ss-redir does not support domain name");
+        goto CLEAN_UP;
+    }
+#else
+    int len = parse_udprelay_header(buf->data, buf->len, NULL, NULL, NULL);
+#endif
+
+    if (len == 0) {
+        // error when parsing header
+        LOGE("[udp] error in parse header");
+        goto CLEAN_UP;
+    }
+
+#if defined(MODULE_TUNNEL) || defined(MODULE_REDIR)
+    // Construct packet
+    buf->len -= len;
+    memmove(buf->data, buf->data + len, buf->len);
+#else
+#ifdef __ANDROID__
+    rx += buf->len;
+    stat_update_cb();
+#endif
+    // Construct packet
+    brealloc(buf, buf->len + 3, buf_size);
+    memmove(buf->data + 3, buf->data, buf->len);
+    memset(buf->data, 0, 3);
+    buf->len += 3;
+#endif
+
+#endif
+
+#ifdef MODULE_REMOTE
+
+    rx += buf->len;
+
+    // Reconstruct UDP response header
+    char addr_header[MAX_ADDR_HEADER_SIZE];
+    int addr_header_len = construct_udprelay_header(&src_addr, addr_header);
+
+    // Construct packet
+    brealloc(buf, buf->len + addr_header_len, buf_size);
+    memmove(buf->data + addr_header_len, buf->data, buf->len);
+    memcpy(buf->data, addr_header, addr_header_len);
+    buf->len += addr_header_len;
+
+    int err = server_ctx->crypto->encrypt_all(buf, server_ctx->crypto->cipher, buf_size);
+    if (err) {
+        // drop the packet silently
+        goto CLEAN_UP;
+    }
+
+#endif
+
+    if (buf->len > packet_size) {
+        if (verbose) {
+            LOGI("[udp] remote_recv_sendto fragmentation, MTU at least be: " SSIZE_FMT, buf->len + PACKET_HEADER_SIZE);
+        }
+    }
+
+    size_t remote_src_addr_len = get_sockaddr_len((struct sockaddr *)&remote_ctx->src_addr);
+
+#ifdef MODULE_REDIR
+
+    size_t remote_dst_addr_len = get_sockaddr_len((struct sockaddr *)&dst_addr);
+
+    int src_fd = socket(remote_ctx->src_addr.ss_family, SOCK_DGRAM, 0);
+    if (src_fd < 0) {
+        ERROR("[udp] remote_recv_socket");
+        goto CLEAN_UP;
+    }
+    int opt  = 1;
+    int sol  = remote_ctx->src_addr.ss_family == AF_INET6 ? SOL_IPV6 : SOL_IP;
+    int flag = remote_ctx->src_addr.ss_family == AF_INET6 ? IPV6_TRANSPARENT : IP_TRANSPARENT;
+    if (setsockopt(src_fd, sol, flag, &opt, sizeof(opt))) {
+        ERROR("[udp] remote_recv_setsockopt");
+        close(src_fd);
+        goto CLEAN_UP;
+    }
+    if (setsockopt(src_fd, SOL_SOCKET, SO_REUSEADDR, &opt, sizeof(opt))) {
+        ERROR("[udp] remote_recv_setsockopt");
+        close(src_fd);
+        goto CLEAN_UP;
+    }
+#ifdef IP_TOS
+    // Set QoS flag
+    int tos   = 46 << 2;
+    int rc = setsockopt(src_fd, IPPROTO_IP, IP_TOS, &tos, sizeof(tos));
+    if (rc < 0 && errno != ENOPROTOOPT) {
+        LOGE("setting ipv4 dscp failed: %d", errno);
+    }
+    rc = setsockopt(src_fd, IPPROTO_IPV6, IPV6_TCLASS, &tos, sizeof(tos));
+    if (rc < 0 && errno != ENOPROTOOPT) {
+        LOGE("setting ipv6 dscp failed: %d", errno);
+    }
+#endif
+    if (bind(src_fd, (struct sockaddr *)&dst_addr, remote_dst_addr_len) != 0) {
+        ERROR("[udp] remote_recv_bind");
+        close(src_fd);
+        goto CLEAN_UP;
+    }
+
+    int s = sendto(src_fd, buf->data, buf->len, 0,
+                   (struct sockaddr *)&remote_ctx->src_addr, remote_src_addr_len);
+    if (s == -1 && !(errno == EAGAIN || errno == EWOULDBLOCK)) {
+        ERROR("[udp] remote_recv_sendto");
+        close(src_fd);
+        goto CLEAN_UP;
+    }
+    close(src_fd);
+
+#else
+
+    int s = sendto(server_ctx->fd, buf->data, buf->len, 0,
+                   (struct sockaddr *)&remote_ctx->src_addr, remote_src_addr_len);
+    if (s == -1 && !(errno == EAGAIN || errno == EWOULDBLOCK)) {
+        ERROR("[udp] remote_recv_sendto");
+        goto CLEAN_UP;
+    }
+
+#endif
+
+    // handle the UDP packet successfully,
+    // triger the timer
+    ev_timer_again(EV_A_ & remote_ctx->watcher);
+
+CLEAN_UP:
+
+    bfree(buf);
+    ss_free(buf);
+}
+
+static void
+server_recv_cb(EV_P_ ev_io *w, int revents)
+{
+    server_ctx_t *server_ctx = (server_ctx_t *)w;
+    struct sockaddr_storage src_addr;
+    memset(&src_addr, 0, sizeof(struct sockaddr_storage));
+
+    buffer_t *buf = ss_malloc(sizeof(buffer_t));
+    balloc(buf, buf_size);
+
+    socklen_t src_addr_len = sizeof(struct sockaddr_storage);
+    unsigned int offset    = 0;
+
+#ifdef MODULE_REDIR
+    char control_buffer[64] = { 0 };
+    struct msghdr msg;
+    memset(&msg, 0, sizeof(struct msghdr));
+    struct iovec iov[1];
+    struct sockaddr_storage dst_addr;
+    memset(&dst_addr, 0, sizeof(struct sockaddr_storage));
+
+    msg.msg_name       = &src_addr;
+    msg.msg_namelen    = src_addr_len;
+    msg.msg_control    = control_buffer;
+    msg.msg_controllen = sizeof(control_buffer);
+
+    iov[0].iov_base = buf->data;
+    iov[0].iov_len  = buf_size;
+    msg.msg_iov     = iov;
+    msg.msg_iovlen  = 1;
+
+    buf->len = recvmsg(server_ctx->fd, &msg, 0);
+    if (buf->len == -1) {
+        ERROR("[udp] server_recvmsg");
+        goto CLEAN_UP;
+    } else if (buf->len > packet_size) {
+        if (verbose) {
+            LOGI("[udp] UDP server_recv_recvmsg fragmentation, MTU at least be: " SSIZE_FMT,
+                 buf->len + PACKET_HEADER_SIZE);
+        }
+    }
+
+    if (get_dstaddr(&msg, &dst_addr)) {
+        LOGE("[udp] unable to get dest addr");
+        goto CLEAN_UP;
+    }
+
+    src_addr_len = msg.msg_namelen;
+#else
+    ssize_t r;
+    r = recvfrom(server_ctx->fd, buf->data, buf_size,
+                 0, (struct sockaddr *)&src_addr, &src_addr_len);
+
+    if (r == -1) {
+        // error on recv
+        // simply drop that packet
+        ERROR("[udp] server_recv_recvfrom");
+        goto CLEAN_UP;
+    } else if (r > packet_size) {
+        if (verbose) {
+            LOGI("[udp] server_recv_recvfrom fragmentation, MTU at least be: " SSIZE_FMT, r + PACKET_HEADER_SIZE);
+        }
+    }
+
+    buf->len = r;
+#endif
+
+    if (verbose) {
+        LOGI("[udp] server receive a packet");
+    }
+
+#ifdef MODULE_REMOTE
+    tx += buf->len;
+
+    int err = server_ctx->crypto->decrypt_all(buf, server_ctx->crypto->cipher, buf_size);
+    if (err) {
+        LOGE("failed to handshake with %s: %s",
+                get_addr_str((struct sockaddr *)&src_addr, false), "suspicious UDP packet");
+        // drop the packet silently
+        goto CLEAN_UP;
+    }
+#endif
+
+#ifdef MODULE_LOCAL
+#if !defined(MODULE_TUNNEL) && !defined(MODULE_REDIR)
+#ifdef __ANDROID__
+    tx += buf->len;
+#endif
+    uint8_t frag = *(uint8_t *)(buf->data + 2);
+    offset += 3;
+#endif
+#endif
+
+    /*
+     *
+     * SOCKS5 UDP Request
+     * +----+------+------+----------+----------+----------+
+     * |RSV | FRAG | ATYP | DST.ADDR | DST.PORT |   DATA   |
+     * +----+------+------+----------+----------+----------+
+     * | 2  |  1   |  1   | Variable |    2     | Variable |
+     * +----+------+------+----------+----------+----------+
+     *
+     * SOCKS5 UDP Response
+     * +----+------+------+----------+----------+----------+
+     * |RSV | FRAG | ATYP | DST.ADDR | DST.PORT |   DATA   |
+     * +----+------+------+----------+----------+----------+
+     * | 2  |  1   |  1   | Variable |    2     | Variable |
+     * +----+------+------+----------+----------+----------+
+     *
+     * shadowsocks UDP Request (before encrypted)
+     * +------+----------+----------+----------+
+     * | ATYP | DST.ADDR | DST.PORT |   DATA   |
+     * +------+----------+----------+----------+
+     * |  1   | Variable |    2     | Variable |
+     * +------+----------+----------+----------+
+     *
+     * shadowsocks UDP Response (before encrypted)
+     * +------+----------+----------+----------+
+     * | ATYP | DST.ADDR | DST.PORT |   DATA   |
+     * +------+----------+----------+----------+
+     * |  1   | Variable |    2     | Variable |
+     * +------+----------+----------+----------+
+     *
+     * shadowsocks UDP Request and Response (after encrypted)
+     * +-------+--------------+
+     * |   IV  |    PAYLOAD   |
+     * +-------+--------------+
+     * | Fixed |   Variable   |
+     * +-------+--------------+
+     *
+     */
+
+#ifdef MODULE_REDIR
+    char addr_header[MAX_ADDR_HEADER_SIZE] = { 0 };
+    int addr_header_len                    = construct_udprelay_header(&dst_addr, addr_header);
+
+    if (addr_header_len == 0) {
+        LOGE("[udp] failed to parse tproxy addr");
+        goto CLEAN_UP;
+    }
+
+    // reconstruct the buffer
+    brealloc(buf, buf->len + addr_header_len, buf_size);
+    memmove(buf->data + addr_header_len, buf->data, buf->len);
+    memcpy(buf->data, addr_header, addr_header_len);
+    buf->len += addr_header_len;
+
+#elif MODULE_TUNNEL
+
+    char addr_header[MAX_ADDR_HEADER_SIZE] = { 0 };
+    char *host                             = server_ctx->tunnel_addr.host;
+    char *port                             = server_ctx->tunnel_addr.port;
+    uint16_t port_num                      = (uint16_t)atoi(port);
+    uint16_t port_net_num                  = htons(port_num);
+    int addr_header_len                    = 0;
+
+    struct cork_ip ip;
+    if (cork_ip_init(&ip, host) != -1) {
+        if (ip.version == 4) {
+            // send as IPv4
+            struct in_addr host_addr;
+            memset(&host_addr, 0, sizeof(struct in_addr));
+            int host_len = sizeof(struct in_addr);
+
+            if (inet_pton(AF_INET, host, &host_addr) == -1) {
+                FATAL("IP parser error");
+            }
+            addr_header[addr_header_len++] = 1;
+            memcpy(addr_header + addr_header_len, &host_addr, host_len);
+            addr_header_len += host_len;
+        } else if (ip.version == 6) {
+            // send as IPv6
+            struct in6_addr host_addr;
+            memset(&host_addr, 0, sizeof(struct in6_addr));
+            int host_len = sizeof(struct in6_addr);
+
+            if (inet_pton(AF_INET6, host, &host_addr) == -1) {
+                FATAL("IP parser error");
+            }
+            addr_header[addr_header_len++] = 4;
+            memcpy(addr_header + addr_header_len, &host_addr, host_len);
+            addr_header_len += host_len;
+        } else {
+            FATAL("IP parser error");
+        }
+    } else {
+        // send as domain
+        int host_len = strlen(host);
+
+        addr_header[addr_header_len++] = 3;
+        addr_header[addr_header_len++] = host_len;
+        memcpy(addr_header + addr_header_len, host, host_len);
+        addr_header_len += host_len;
+    }
+    memcpy(addr_header + addr_header_len, &port_net_num, 2);
+    addr_header_len += 2;
+
+    // reconstruct the buffer
+    brealloc(buf, buf->len + addr_header_len, buf_size);
+    memmove(buf->data + addr_header_len, buf->data, buf->len);
+    memcpy(buf->data, addr_header, addr_header_len);
+    buf->len += addr_header_len;
+
+#else
+
+    char host[MAX_HOSTNAME_LEN] = { 0 };
+    char port[MAX_PORT_STR_LEN] = { 0 };
+    struct sockaddr_storage dst_addr;
+    memset(&dst_addr, 0, sizeof(struct sockaddr_storage));
+
+    int addr_header_len = parse_udprelay_header(buf->data + offset, buf->len - offset,
+                                                host, port, &dst_addr);
+    if (addr_header_len == 0) {
+        // error in parse header
+        goto CLEAN_UP;
+    }
+
+#endif
+
+#ifdef MODULE_LOCAL
+    char *key = hash_key(server_ctx->remote_addr->sa_family, &src_addr);
+#else
+    char *key = hash_key(dst_addr.ss_family, &src_addr);
+#endif
+
+    struct cache *conn_cache = server_ctx->conn_cache;
+
+    remote_ctx_t *remote_ctx = NULL;
+    cache_lookup(conn_cache, key, HASH_KEY_LEN, (void *)&remote_ctx);
+
+    if (remote_ctx != NULL) {
+        if (sockaddr_cmp(&src_addr, &remote_ctx->src_addr, sizeof(src_addr))) {
+            remote_ctx = NULL;
+        }
+    }
+
+    // reset the timer
+    if (remote_ctx != NULL) {
+        ev_timer_again(EV_A_ & remote_ctx->watcher);
+    }
+
+    if (remote_ctx == NULL) {
+        if (verbose) {
+#ifdef MODULE_REDIR
+            char src[SS_ADDRSTRLEN];
+            char dst[SS_ADDRSTRLEN];
+            strcpy(src, get_addr_str((struct sockaddr *)&src_addr, true));
+            strcpy(dst, get_addr_str((struct sockaddr *)&dst_addr, true));
+            LOGI("[%s] [udp] cache miss: %s <-> %s", s_port, dst, src);
+#else
+            LOGI("[%s] [udp] cache miss: %s:%s <-> %s", s_port, host, port,
+                 get_addr_str((struct sockaddr *)&src_addr, true));
+#endif
+        }
+    } else {
+        if (verbose) {
+#ifdef MODULE_REDIR
+            char src[SS_ADDRSTRLEN];
+            char dst[SS_ADDRSTRLEN];
+            strcpy(src, get_addr_str((struct sockaddr *)&src_addr, true));
+            strcpy(dst, get_addr_str((struct sockaddr *)&dst_addr, true));
+            LOGI("[%s] [udp] cache hit: %s <-> %s", s_port, dst, src);
+#else
+            LOGI("[%s] [udp] cache hit: %s:%s <-> %s", s_port, host, port,
+                 get_addr_str((struct sockaddr *)&src_addr, true));
+#endif
+        }
+    }
+
+#ifdef MODULE_LOCAL
+
+#if !defined(MODULE_TUNNEL) && !defined(MODULE_REDIR)
+    if (frag) {
+        LOGE("[udp] drop a message since frag is not 0, but %d", frag);
+        goto CLEAN_UP;
+    }
+#endif
+
+    const struct sockaddr *remote_addr = server_ctx->remote_addr;
+    const int remote_addr_len          = server_ctx->remote_addr_len;
+
+    if (remote_ctx == NULL) {
+        // Bind to any port
+        int remotefd = create_remote_socket(remote_addr->sa_family == AF_INET6);
+        if (remotefd < 0) {
+            ERROR("[udp] udprelay bind() error");
+            goto CLEAN_UP;
+        }
+        setnonblocking(remotefd);
+
+#ifdef SO_NOSIGPIPE
+        set_nosigpipe(remotefd);
+#endif
+#ifdef IP_TOS
+        // Set QoS flag
+        int tos = 46 << 2;
+        int rc = setsockopt(remotefd, IPPROTO_IP, IP_TOS, &tos, sizeof(tos));
+        if (rc < 0 && errno != ENOPROTOOPT) {
+            LOGE("setting ipv4 dscp failed: %d", errno);
+        }
+        rc = setsockopt(remotefd, IPPROTO_IPV6, IPV6_TCLASS, &tos, sizeof(tos));
+        if (rc < 0 && errno != ENOPROTOOPT) {
+            LOGE("setting ipv6 dscp failed: %d", errno);
+        }
+#endif
+#ifdef SET_INTERFACE
+        if (server_ctx->iface) {
+            if (setinterface(remotefd, server_ctx->iface) == -1)
+                ERROR("setinterface");
+        }
+#endif
+
+#ifdef __ANDROID__
+        if (vpn) {
+            if (protect_socket(remotefd) == -1) {
+                ERROR("protect_socket");
+                close(remotefd);
+                goto CLEAN_UP;
+            }
+        }
+#endif
+
+        // Init remote_ctx
+        remote_ctx           = new_remote(remotefd, server_ctx);
+        remote_ctx->src_addr = src_addr;
+        remote_ctx->af       = remote_addr->sa_family;
+
+        // Add to conn cache
+        cache_insert(conn_cache, key, HASH_KEY_LEN, (void *)remote_ctx);
+
+        // Start remote io
+        ev_io_start(EV_A_ & remote_ctx->io);
+        ev_timer_start(EV_A_ & remote_ctx->watcher);
+    }
+
+    if (offset > 0) {
+        buf->len -= offset;
+        memmove(buf->data, buf->data + offset, buf->len);
+    }
+
+    int err = server_ctx->crypto->encrypt_all(buf, server_ctx->crypto->cipher, buf_size);
+
+    if (err) {
+        // drop the packet silently
+        goto CLEAN_UP;
+    }
+
+    if (buf->len > packet_size) {
+        if (verbose) {
+            LOGI("[udp] server_recv_sendto fragmentation, MTU at least be: " SSIZE_FMT, buf->len + PACKET_HEADER_SIZE);
+        }
+    }
+
+    int s = sendto(remote_ctx->fd, buf->data, buf->len, 0, remote_addr, remote_addr_len);
+
+    if (s == -1) {
+        ERROR("[udp] server_recv_sendto");
+    }
+
+#else
+
+    int cache_hit  = 0;
+    int need_query = 0;
+
+    char *addr_header = buf->data + offset;
+
+    if (buf->len - addr_header_len > packet_size) {
+        if (verbose) {
+            LOGI("[udp] server_recv_sendto fragmentation, MTU at least be: " SSIZE_FMT,
+                 buf->len - addr_header_len + PACKET_HEADER_SIZE);
+        }
+    }
+
+    if (remote_ctx != NULL) {
+        cache_hit = 1;
+        if (dst_addr.ss_family != AF_INET && dst_addr.ss_family != AF_INET6) {
+            need_query = 1;
+        }
+    } else {
+        if (dst_addr.ss_family == AF_INET || dst_addr.ss_family == AF_INET6) {
+            int remotefd = create_remote_socket(dst_addr.ss_family == AF_INET6);
+            if (remotefd != -1) {
+                setnonblocking(remotefd);
+#ifdef SO_BROADCAST
+                set_broadcast(remotefd);
+#endif
+#ifdef SO_NOSIGPIPE
+                set_nosigpipe(remotefd);
+#endif
+#ifdef IP_TOS
+                // Set QoS flag
+                int tos   = 46 << 2;
+                int rc = setsockopt(remotefd, IPPROTO_IP, IP_TOS, &tos, sizeof(tos));
+                if (rc < 0 && errno != ENOPROTOOPT) {
+                    LOGE("setting ipv4 dscp failed: %d", errno);
+                }
+                rc = setsockopt(remotefd, IPPROTO_IPV6, IPV6_TCLASS, &tos, sizeof(tos));
+                if (rc < 0 && errno != ENOPROTOOPT) {
+                    LOGE("setting ipv6 dscp failed: %d", errno);
+                }
+#endif
+#ifdef SET_INTERFACE
+                if (server_ctx->iface) {
+                    if (setinterface(remotefd, server_ctx->iface) == -1)
+                        ERROR("setinterface");
+                }
+#endif
+                remote_ctx             = new_remote(remotefd, server_ctx);
+                remote_ctx->src_addr   = src_addr;
+                remote_ctx->server_ctx = server_ctx;
+                memcpy(&remote_ctx->dst_addr, &dst_addr, sizeof(struct sockaddr_storage));
+            } else {
+                ERROR("[udp] bind() error");
+                goto CLEAN_UP;
+            }
+        }
+    }
+
+    if (remote_ctx != NULL && !need_query) {
+        size_t addr_len = get_sockaddr_len((struct sockaddr *)&dst_addr);
+        int s           = sendto(remote_ctx->fd, buf->data + addr_header_len,
+                                 buf->len - addr_header_len, 0,
+                                 (struct sockaddr *)&dst_addr, addr_len);
+
+        if (s == -1) {
+            ERROR("[udp] sendto_remote");
+            if (!cache_hit) {
+                close_and_free_remote(EV_A_ remote_ctx);
+            }
+        } else {
+            if (!cache_hit) {
+                // Add to conn cache
+                remote_ctx->af = dst_addr.ss_family;
+                char *key = hash_key(remote_ctx->af, &remote_ctx->src_addr);
+                cache_insert(server_ctx->conn_cache, key, HASH_KEY_LEN, (void *)remote_ctx);
+
+                ev_io_start(EV_A_ & remote_ctx->io);
+                ev_timer_start(EV_A_ & remote_ctx->watcher);
+            }
+        }
+    } else {
+        struct query_ctx *query_ctx = new_query_ctx(buf->data + addr_header_len,
+                                                    buf->len - addr_header_len);
+        query_ctx->server_ctx      = server_ctx;
+        query_ctx->addr_header_len = addr_header_len;
+        query_ctx->src_addr        = src_addr;
+        memcpy(query_ctx->addr_header, addr_header, addr_header_len);
+
+        if (need_query) {
+            query_ctx->remote_ctx = remote_ctx;
+        }
+
+        resolv_start(host, htons(atoi(port)), resolv_cb, resolv_free_cb, query_ctx);
+    }
+#endif
+
+CLEAN_UP:
+    bfree(buf);
+    ss_free(buf);
+}
+
+void
+free_cb(void *key, void *element)
+{
+    remote_ctx_t *remote_ctx = (remote_ctx_t *)element;
+
+    if (verbose) {
+        LOGI("[udp] one connection freed");
+    }
+
+    close_and_free_remote(EV_DEFAULT, remote_ctx);
+}
+
+int
+init_udprelay(const char *server_host, const char *server_port,
+#ifdef MODULE_LOCAL
+              const struct sockaddr *remote_addr, const int remote_addr_len,
+#ifdef MODULE_TUNNEL
+              const ss_addr_t tunnel_addr,
+#endif
+#endif
+              int mtu, crypto_t *crypto, int timeout, const char *iface)
+{
+    s_port = server_port;
+    // Initialize ev loop
+    struct ev_loop *loop = EV_DEFAULT;
+
+    // Initialize MTU
+    if (mtu > 0) {
+        packet_size = mtu - PACKET_HEADER_SIZE;
+        buf_size    = packet_size * 2;
+    }
+
+    // ////////////////////////////////////////////////
+    // Setup server context
+
+    // Bind to port
+    int serverfd = create_server_socket(server_host, server_port);
+    if (serverfd < 0) {
+        return -1;
+    }
+    setnonblocking(serverfd);
+
+    // Initialize cache
+    struct cache *conn_cache;
+    cache_create(&conn_cache, MAX_UDP_CONN_NUM, free_cb);
+
+    server_ctx_t *server_ctx = new_server_ctx(serverfd);
+#ifdef MODULE_REMOTE
+    server_ctx->loop = loop;
+#endif
+    server_ctx->timeout    = max(timeout, MIN_UDP_TIMEOUT);
+    server_ctx->crypto     = crypto;
+    server_ctx->iface      = iface;
+    server_ctx->conn_cache = conn_cache;
+#ifdef MODULE_LOCAL
+    server_ctx->remote_addr     = remote_addr;
+    server_ctx->remote_addr_len = remote_addr_len;
+#ifdef MODULE_TUNNEL
+    server_ctx->tunnel_addr = tunnel_addr;
+#endif
+#endif
+
+    ev_io_start(loop, &server_ctx->io);
+
+    server_ctx_list[server_num++] = server_ctx;
+
+    return serverfd;
+}
+
+void
+free_udprelay()
+{
+    struct ev_loop *loop = EV_DEFAULT;
+    while (server_num > 0) {
+        server_ctx_t *server_ctx = server_ctx_list[--server_num];
+        ev_io_stop(loop, &server_ctx->io);
+        close(server_ctx->fd);
+        cache_delete(server_ctx->conn_cache, 0);
+        ss_free(server_ctx);
+        server_ctx_list[server_num] = NULL;
+    }
+}
diff --git a/client/3rd/ShadowSocks/ShadowSocks/shadowsocks-libev/src/udprelay.h b/client/3rd/ShadowSocks/ShadowSocks/shadowsocks-libev/src/udprelay.h
new file mode 100644
index 00000000..72424918
--- /dev/null
+++ b/client/3rd/ShadowSocks/ShadowSocks/shadowsocks-libev/src/udprelay.h
@@ -0,0 +1,93 @@
+/*
+ * udprelay.h - Define UDP relay's buffers and callbacks
+ *
+ * Copyright (C) 2013 - 2019, Max Lv <max.c.lv@gmail.com>
+ *
+ * This file is part of the shadowsocks-libev.
+ *
+ * shadowsocks-libev is free software; you can redistribute it and/or modify
+ * it under the terms of the GNU General Public License as published by
+ * the Free Software Foundation; either version 3 of the License, or
+ * (at your option) any later version.
+ *
+ * shadowsocks-libev is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+ * GNU General Public License for more details.
+ *
+ * You should have received a copy of the GNU General Public License
+ * along with shadowsocks-libev; see the file COPYING. If not, see
+ * <http://www.gnu.org/licenses/>.
+ */
+
+#ifndef _UDPRELAY_H
+#define _UDPRELAY_H
+
+#include <time.h>
+
+#ifdef HAVE_LIBEV_EV_H
+#include <libev/ev.h>
+#else
+#include <ev.h>
+#endif
+
+#include "crypto.h"
+#include "jconf.h"
+
+#ifdef MODULE_REMOTE
+#include "resolv.h"
+#endif
+
+#include "cache.h"
+
+#include "common.h"
+
+#define MAX_UDP_PACKET_SIZE (65507)
+
+#define PACKET_HEADER_SIZE (1 + 28 + 2 + 64)
+#define DEFAULT_PACKET_SIZE 1397 // 1492 - PACKET_HEADER_SIZE = 1397, the default MTU for UDP relay
+#define MAX_ADDR_HEADER_SIZE (1 + 256 + 2) // 1-byte atyp + 256-byte hostname + 2-byte port
+
+typedef struct server_ctx {
+    ev_io io;
+    int fd;
+    crypto_t *crypto;
+    int timeout;
+    const char *iface;
+    struct cache *conn_cache;
+#ifdef MODULE_LOCAL
+    const struct sockaddr *remote_addr;
+    int remote_addr_len;
+#ifdef MODULE_TUNNEL
+    ss_addr_t tunnel_addr;
+#endif
+#endif
+#ifdef MODULE_REMOTE
+    struct ev_loop *loop;
+#endif
+} server_ctx_t;
+
+#ifdef MODULE_REMOTE
+typedef struct query_ctx {
+    struct sockaddr_storage src_addr;
+    buffer_t *buf;
+    int addr_header_len;
+    char addr_header[MAX_ADDR_HEADER_SIZE];
+    struct server_ctx *server_ctx;
+    struct remote_ctx *remote_ctx;
+} query_ctx_t;
+#endif
+
+typedef struct remote_ctx {
+    ev_io io;
+    ev_timer watcher;
+    int af;
+    int fd;
+    struct sockaddr_storage src_addr;
+#ifdef MODULE_REMOTE
+    struct sockaddr_storage dst_addr;
+#endif
+    struct server_ctx *server_ctx;
+} remote_ctx_t;
+
+#endif // _UDPRELAY_H
diff --git a/client/3rd/ShadowSocks/ShadowSocks/shadowsocks-libev/src/uthash.h b/client/3rd/ShadowSocks/ShadowSocks/shadowsocks-libev/src/uthash.h
new file mode 100644
index 00000000..45d1f9fc
--- /dev/null
+++ b/client/3rd/ShadowSocks/ShadowSocks/shadowsocks-libev/src/uthash.h
@@ -0,0 +1,1074 @@
+/*
+Copyright (c) 2003-2016, Troy D. Hanson     http://troydhanson.github.com/uthash/
+All rights reserved.
+
+Redistribution and use in source and binary forms, with or without
+modification, are permitted provided that the following conditions are met:
+
+    * Redistributions of source code must retain the above copyright
+      notice, this list of conditions and the following disclaimer.
+
+THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS
+IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED
+TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A
+PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT OWNER
+OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL,
+EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO,
+PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR
+PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF
+LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING
+NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS
+SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
+*/
+
+#ifndef UTHASH_H
+#define UTHASH_H
+
+#define UTHASH_VERSION 2.0.1
+
+#include <string.h>   /* memcmp,strlen */
+#include <stddef.h>   /* ptrdiff_t */
+#include <stdlib.h>   /* exit() */
+
+/* These macros use decltype or the earlier __typeof GNU extension.
+   As decltype is only available in newer compilers (VS2010 or gcc 4.3+
+   when compiling c++ source) this code uses whatever method is needed
+   or, for VS2008 where neither is available, uses casting workarounds. */
+#if defined(_MSC_VER)   /* MS compiler */
+#if _MSC_VER >= 1600 && defined(__cplusplus)  /* VS2010 or newer in C++ mode */
+#define DECLTYPE(x) (decltype(x))
+#else                   /* VS2008 or older (or VS2010 in C mode) */
+#define NO_DECLTYPE
+#define DECLTYPE(x)
+#endif
+#elif defined(__BORLANDC__) || defined(__LCC__) || defined(__WATCOMC__)
+#define NO_DECLTYPE
+#define DECLTYPE(x)
+#else                   /* GNU, Sun and other compilers */
+#define DECLTYPE(x) (__typeof(x))
+#endif
+
+#ifdef NO_DECLTYPE
+#define DECLTYPE_ASSIGN(dst,src)                                                 \
+do {                                                                             \
+  char **_da_dst = (char**)(&(dst));                                             \
+  *_da_dst = (char*)(src);                                                       \
+} while (0)
+#else
+#define DECLTYPE_ASSIGN(dst,src)                                                 \
+do {                                                                             \
+  (dst) = DECLTYPE(dst)(src);                                                    \
+} while (0)
+#endif
+
+/* a number of the hash function use uint32_t which isn't defined on Pre VS2010 */
+#if defined(_WIN32)
+#if defined(_MSC_VER) && _MSC_VER >= 1600
+#include <stdint.h>
+#elif defined(__WATCOMC__) || defined(__MINGW32__) || defined(__CYGWIN__)
+#include <stdint.h>
+#else
+typedef unsigned int uint32_t;
+typedef unsigned char uint8_t;
+#endif
+#elif defined(__GNUC__) && !defined(__VXWORKS__)
+#include <stdint.h>
+#else
+typedef unsigned int uint32_t;
+typedef unsigned char uint8_t;
+#endif
+
+#ifndef uthash_fatal
+#define uthash_fatal(msg) exit(-1)        /* fatal error (out of memory,etc) */
+#endif
+#ifndef uthash_malloc
+#define uthash_malloc(sz) malloc(sz)      /* malloc fcn                      */
+#endif
+#ifndef uthash_free
+#define uthash_free(ptr,sz) free(ptr)     /* free fcn                        */
+#endif
+#ifndef uthash_strlen
+#define uthash_strlen(s) strlen(s)
+#endif
+#ifndef uthash_memcmp
+#define uthash_memcmp(a,b,n) memcmp(a,b,n)
+#endif
+
+#ifndef uthash_noexpand_fyi
+#define uthash_noexpand_fyi(tbl)          /* can be defined to log noexpand  */
+#endif
+#ifndef uthash_expand_fyi
+#define uthash_expand_fyi(tbl)            /* can be defined to log expands   */
+#endif
+
+/* initial number of buckets */
+#define HASH_INITIAL_NUM_BUCKETS 32U     /* initial number of buckets        */
+#define HASH_INITIAL_NUM_BUCKETS_LOG2 5U /* lg2 of initial number of buckets */
+#define HASH_BKT_CAPACITY_THRESH 10U     /* expand when bucket count reaches */
+
+/* calculate the element whose hash handle address is hhp */
+#define ELMT_FROM_HH(tbl,hhp) ((void*)(((char*)(hhp)) - ((tbl)->hho)))
+/* calculate the hash handle from element address elp */
+#define HH_FROM_ELMT(tbl,elp) ((UT_hash_handle *)(((char*)(elp)) + ((tbl)->hho)))
+
+#define HASH_VALUE(keyptr,keylen,hashv)                                          \
+do {                                                                             \
+  HASH_FCN(keyptr, keylen, hashv);                                               \
+} while (0)
+
+#define HASH_FIND_BYHASHVALUE(hh,head,keyptr,keylen,hashval,out)                 \
+do {                                                                             \
+  (out) = NULL;                                                                  \
+  if (head) {                                                                    \
+    unsigned _hf_bkt;                                                            \
+    HASH_TO_BKT(hashval, (head)->hh.tbl->num_buckets, _hf_bkt);                  \
+    if (HASH_BLOOM_TEST((head)->hh.tbl, hashval) != 0) {                         \
+      HASH_FIND_IN_BKT((head)->hh.tbl, hh, (head)->hh.tbl->buckets[ _hf_bkt ], keyptr, keylen, hashval, out); \
+    }                                                                            \
+  }                                                                              \
+} while (0)
+
+#define HASH_FIND(hh,head,keyptr,keylen,out)                                     \
+do {                                                                             \
+  unsigned _hf_hashv;                                                            \
+  HASH_VALUE(keyptr, keylen, _hf_hashv);                                         \
+  HASH_FIND_BYHASHVALUE(hh, head, keyptr, keylen, _hf_hashv, out);               \
+} while (0)
+
+#ifdef HASH_BLOOM
+#define HASH_BLOOM_BITLEN (1UL << HASH_BLOOM)
+#define HASH_BLOOM_BYTELEN (HASH_BLOOM_BITLEN/8UL) + (((HASH_BLOOM_BITLEN%8UL)!=0UL) ? 1UL : 0UL)
+#define HASH_BLOOM_MAKE(tbl)                                                     \
+do {                                                                             \
+  (tbl)->bloom_nbits = HASH_BLOOM;                                               \
+  (tbl)->bloom_bv = (uint8_t*)uthash_malloc(HASH_BLOOM_BYTELEN);                 \
+  if (!((tbl)->bloom_bv))  { uthash_fatal( "out of memory"); }                   \
+  memset((tbl)->bloom_bv, 0, HASH_BLOOM_BYTELEN);                                \
+  (tbl)->bloom_sig = HASH_BLOOM_SIGNATURE;                                       \
+} while (0)
+
+#define HASH_BLOOM_FREE(tbl)                                                     \
+do {                                                                             \
+  uthash_free((tbl)->bloom_bv, HASH_BLOOM_BYTELEN);                              \
+} while (0)
+
+#define HASH_BLOOM_BITSET(bv,idx) (bv[(idx)/8U] |= (1U << ((idx)%8U)))
+#define HASH_BLOOM_BITTEST(bv,idx) (bv[(idx)/8U] & (1U << ((idx)%8U)))
+
+#define HASH_BLOOM_ADD(tbl,hashv)                                                \
+  HASH_BLOOM_BITSET((tbl)->bloom_bv, (hashv & (uint32_t)((1ULL << (tbl)->bloom_nbits) - 1U)))
+
+#define HASH_BLOOM_TEST(tbl,hashv)                                               \
+  HASH_BLOOM_BITTEST((tbl)->bloom_bv, (hashv & (uint32_t)((1ULL << (tbl)->bloom_nbits) - 1U)))
+
+#else
+#define HASH_BLOOM_MAKE(tbl)
+#define HASH_BLOOM_FREE(tbl)
+#define HASH_BLOOM_ADD(tbl,hashv)
+#define HASH_BLOOM_TEST(tbl,hashv) (1)
+#define HASH_BLOOM_BYTELEN 0U
+#endif
+
+#define HASH_MAKE_TABLE(hh,head)                                                 \
+do {                                                                             \
+  (head)->hh.tbl = (UT_hash_table*)uthash_malloc(                                \
+                  sizeof(UT_hash_table));                                        \
+  if (!((head)->hh.tbl))  { uthash_fatal( "out of memory"); }                    \
+  memset((head)->hh.tbl, 0, sizeof(UT_hash_table));                              \
+  (head)->hh.tbl->tail = &((head)->hh);                                          \
+  (head)->hh.tbl->num_buckets = HASH_INITIAL_NUM_BUCKETS;                        \
+  (head)->hh.tbl->log2_num_buckets = HASH_INITIAL_NUM_BUCKETS_LOG2;              \
+  (head)->hh.tbl->hho = (char*)(&(head)->hh) - (char*)(head);                    \
+  (head)->hh.tbl->buckets = (UT_hash_bucket*)uthash_malloc(                      \
+          HASH_INITIAL_NUM_BUCKETS*sizeof(struct UT_hash_bucket));               \
+  if (! (head)->hh.tbl->buckets) { uthash_fatal( "out of memory"); }             \
+  memset((head)->hh.tbl->buckets, 0,                                             \
+          HASH_INITIAL_NUM_BUCKETS*sizeof(struct UT_hash_bucket));               \
+  HASH_BLOOM_MAKE((head)->hh.tbl);                                               \
+  (head)->hh.tbl->signature = HASH_SIGNATURE;                                    \
+} while (0)
+
+#define HASH_REPLACE_BYHASHVALUE_INORDER(hh,head,fieldname,keylen_in,hashval,add,replaced,cmpfcn) \
+do {                                                                             \
+  (replaced) = NULL;                                                             \
+  HASH_FIND_BYHASHVALUE(hh, head, &((add)->fieldname), keylen_in, hashval, replaced); \
+  if (replaced) {                                                                \
+     HASH_DELETE(hh, head, replaced);                                            \
+  }                                                                              \
+  HASH_ADD_KEYPTR_BYHASHVALUE_INORDER(hh, head, &((add)->fieldname), keylen_in, hashval, add, cmpfcn); \
+} while (0)
+
+#define HASH_REPLACE_BYHASHVALUE(hh,head,fieldname,keylen_in,hashval,add,replaced) \
+do {                                                                             \
+  (replaced) = NULL;                                                             \
+  HASH_FIND_BYHASHVALUE(hh, head, &((add)->fieldname), keylen_in, hashval, replaced); \
+  if (replaced) {                                                                \
+     HASH_DELETE(hh, head, replaced);                                            \
+  }                                                                              \
+  HASH_ADD_KEYPTR_BYHASHVALUE(hh, head, &((add)->fieldname), keylen_in, hashval, add); \
+} while (0)
+
+#define HASH_REPLACE(hh,head,fieldname,keylen_in,add,replaced)                   \
+do {                                                                             \
+  unsigned _hr_hashv;                                                            \
+  HASH_VALUE(&((add)->fieldname), keylen_in, _hr_hashv);                         \
+  HASH_REPLACE_BYHASHVALUE(hh, head, fieldname, keylen_in, _hr_hashv, add, replaced); \
+} while (0)
+
+#define HASH_REPLACE_INORDER(hh,head,fieldname,keylen_in,add,replaced,cmpfcn)    \
+do {                                                                             \
+  unsigned _hr_hashv;                                                            \
+  HASH_VALUE(&((add)->fieldname), keylen_in, _hr_hashv);                         \
+  HASH_REPLACE_BYHASHVALUE_INORDER(hh, head, fieldname, keylen_in, _hr_hashv, add, replaced, cmpfcn); \
+} while (0)
+
+#define HASH_APPEND_LIST(hh, head, add)                                          \
+do {                                                                             \
+  (add)->hh.next = NULL;                                                         \
+  (add)->hh.prev = ELMT_FROM_HH((head)->hh.tbl, (head)->hh.tbl->tail);           \
+  (head)->hh.tbl->tail->next = (add);                                            \
+  (head)->hh.tbl->tail = &((add)->hh);                                           \
+} while (0)
+
+#define HASH_ADD_KEYPTR_BYHASHVALUE_INORDER(hh,head,keyptr,keylen_in,hashval,add,cmpfcn) \
+do {                                                                             \
+  unsigned _ha_bkt;                                                              \
+  (add)->hh.hashv = (hashval);                                                   \
+  (add)->hh.key = (char*) (keyptr);                                              \
+  (add)->hh.keylen = (unsigned) (keylen_in);                                     \
+  if (!(head)) {                                                                 \
+    (add)->hh.next = NULL;                                                       \
+    (add)->hh.prev = NULL;                                                       \
+    (head) = (add);                                                              \
+    HASH_MAKE_TABLE(hh, head);                                                   \
+  } else {                                                                       \
+    struct UT_hash_handle *_hs_iter = &(head)->hh;                               \
+    (add)->hh.tbl = (head)->hh.tbl;                                              \
+    do {                                                                         \
+      if (cmpfcn(DECLTYPE(head) ELMT_FROM_HH((head)->hh.tbl, _hs_iter), add) > 0) \
+        break;                                                                   \
+    } while ((_hs_iter = _hs_iter->next));                                       \
+    if (_hs_iter) {                                                              \
+      (add)->hh.next = _hs_iter;                                                 \
+      if (((add)->hh.prev = _hs_iter->prev)) {                                   \
+        HH_FROM_ELMT((head)->hh.tbl, _hs_iter->prev)->next = (add);              \
+      } else {                                                                   \
+        (head) = (add);                                                          \
+      }                                                                          \
+      _hs_iter->prev = (add);                                                    \
+    } else {                                                                     \
+      HASH_APPEND_LIST(hh, head, add);                                           \
+    }                                                                            \
+  }                                                                              \
+  (head)->hh.tbl->num_items++;                                                   \
+  HASH_TO_BKT(hashval, (head)->hh.tbl->num_buckets, _ha_bkt);                    \
+  HASH_ADD_TO_BKT((head)->hh.tbl->buckets[_ha_bkt], &(add)->hh);                 \
+  HASH_BLOOM_ADD((head)->hh.tbl, hashval);                                       \
+  HASH_EMIT_KEY(hh, head, keyptr, keylen_in);                                    \
+  HASH_FSCK(hh, head);                                                           \
+} while (0)
+
+#define HASH_ADD_KEYPTR_INORDER(hh,head,keyptr,keylen_in,add,cmpfcn)             \
+do {                                                                             \
+  unsigned _hs_hashv;                                                            \
+  HASH_VALUE(keyptr, keylen_in, _hs_hashv);                                      \
+  HASH_ADD_KEYPTR_BYHASHVALUE_INORDER(hh, head, keyptr, keylen_in, _hs_hashv, add, cmpfcn); \
+} while (0)
+
+#define HASH_ADD_BYHASHVALUE_INORDER(hh,head,fieldname,keylen_in,hashval,add,cmpfcn) \
+  HASH_ADD_KEYPTR_BYHASHVALUE_INORDER(hh, head, &((add)->fieldname), keylen_in, hashval, add, cmpfcn)
+
+#define HASH_ADD_INORDER(hh,head,fieldname,keylen_in,add,cmpfcn)                 \
+  HASH_ADD_KEYPTR_INORDER(hh, head, &((add)->fieldname), keylen_in, add, cmpfcn)
+
+#define HASH_ADD_KEYPTR_BYHASHVALUE(hh,head,keyptr,keylen_in,hashval,add)        \
+do {                                                                             \
+  unsigned _ha_bkt;                                                              \
+  (add)->hh.hashv = (hashval);                                                   \
+  (add)->hh.key = (char*) (keyptr);                                              \
+  (add)->hh.keylen = (unsigned) (keylen_in);                                     \
+  if (!(head)) {                                                                 \
+    (add)->hh.next = NULL;                                                       \
+    (add)->hh.prev = NULL;                                                       \
+    (head) = (add);                                                              \
+    HASH_MAKE_TABLE(hh, head);                                                   \
+  } else {                                                                       \
+    (add)->hh.tbl = (head)->hh.tbl;                                              \
+    HASH_APPEND_LIST(hh, head, add);                                             \
+  }                                                                              \
+  (head)->hh.tbl->num_items++;                                                   \
+  HASH_TO_BKT(hashval, (head)->hh.tbl->num_buckets, _ha_bkt);                    \
+  HASH_ADD_TO_BKT((head)->hh.tbl->buckets[_ha_bkt], &(add)->hh);                 \
+  HASH_BLOOM_ADD((head)->hh.tbl, hashval);                                       \
+  HASH_EMIT_KEY(hh, head, keyptr, keylen_in);                                    \
+  HASH_FSCK(hh, head);                                                           \
+} while (0)
+
+#define HASH_ADD_KEYPTR(hh,head,keyptr,keylen_in,add)                            \
+do {                                                                             \
+  unsigned _ha_hashv;                                                            \
+  HASH_VALUE(keyptr, keylen_in, _ha_hashv);                                      \
+  HASH_ADD_KEYPTR_BYHASHVALUE(hh, head, keyptr, keylen_in, _ha_hashv, add);      \
+} while (0)
+
+#define HASH_ADD_BYHASHVALUE(hh,head,fieldname,keylen_in,hashval,add)            \
+  HASH_ADD_KEYPTR_BYHASHVALUE(hh, head, &((add)->fieldname), keylen_in, hashval, add)
+
+#define HASH_ADD(hh,head,fieldname,keylen_in,add)                                \
+  HASH_ADD_KEYPTR(hh, head, &((add)->fieldname), keylen_in, add)
+
+#define HASH_TO_BKT(hashv,num_bkts,bkt)                                          \
+do {                                                                             \
+  bkt = ((hashv) & ((num_bkts) - 1U));                                           \
+} while (0)
+
+/* delete "delptr" from the hash table.
+ * "the usual" patch-up process for the app-order doubly-linked-list.
+ * The use of _hd_hh_del below deserves special explanation.
+ * These used to be expressed using (delptr) but that led to a bug
+ * if someone used the same symbol for the head and deletee, like
+ *  HASH_DELETE(hh,users,users);
+ * We want that to work, but by changing the head (users) below
+ * we were forfeiting our ability to further refer to the deletee (users)
+ * in the patch-up process. Solution: use scratch space to
+ * copy the deletee pointer, then the latter references are via that
+ * scratch pointer rather than through the repointed (users) symbol.
+ */
+#define HASH_DELETE(hh,head,delptr)                                              \
+do {                                                                             \
+    struct UT_hash_handle *_hd_hh_del;                                           \
+    if ( ((delptr)->hh.prev == NULL) && ((delptr)->hh.next == NULL) )  {         \
+        uthash_free((head)->hh.tbl->buckets,                                     \
+                    (head)->hh.tbl->num_buckets*sizeof(struct UT_hash_bucket) ); \
+        HASH_BLOOM_FREE((head)->hh.tbl);                                         \
+        uthash_free((head)->hh.tbl, sizeof(UT_hash_table));                      \
+        head = NULL;                                                             \
+    } else {                                                                     \
+        unsigned _hd_bkt;                                                        \
+        _hd_hh_del = &((delptr)->hh);                                            \
+        if ((delptr) == ELMT_FROM_HH((head)->hh.tbl,(head)->hh.tbl->tail)) {     \
+            (head)->hh.tbl->tail =                                               \
+                (UT_hash_handle*)((ptrdiff_t)((delptr)->hh.prev) +               \
+                (head)->hh.tbl->hho);                                            \
+        }                                                                        \
+        if ((delptr)->hh.prev != NULL) {                                         \
+            ((UT_hash_handle*)((ptrdiff_t)((delptr)->hh.prev) +                  \
+                    (head)->hh.tbl->hho))->next = (delptr)->hh.next;             \
+        } else {                                                                 \
+            DECLTYPE_ASSIGN(head,(delptr)->hh.next);                             \
+        }                                                                        \
+        if (_hd_hh_del->next != NULL) {                                          \
+            ((UT_hash_handle*)((ptrdiff_t)_hd_hh_del->next +                     \
+                    (head)->hh.tbl->hho))->prev =                                \
+                    _hd_hh_del->prev;                                            \
+        }                                                                        \
+        HASH_TO_BKT( _hd_hh_del->hashv, (head)->hh.tbl->num_buckets, _hd_bkt);   \
+        HASH_DEL_IN_BKT(hh,(head)->hh.tbl->buckets[_hd_bkt], _hd_hh_del);        \
+        (head)->hh.tbl->num_items--;                                             \
+    }                                                                            \
+    HASH_FSCK(hh,head);                                                          \
+} while (0)
+
+
+/* convenience forms of HASH_FIND/HASH_ADD/HASH_DEL */
+#define HASH_FIND_STR(head,findstr,out)                                          \
+    HASH_FIND(hh,head,findstr,(unsigned)uthash_strlen(findstr),out)
+#define HASH_ADD_STR(head,strfield,add)                                          \
+    HASH_ADD(hh,head,strfield[0],(unsigned)uthash_strlen(add->strfield),add)
+#define HASH_REPLACE_STR(head,strfield,add,replaced)                             \
+    HASH_REPLACE(hh,head,strfield[0],(unsigned)uthash_strlen(add->strfield),add,replaced)
+#define HASH_FIND_INT(head,findint,out)                                          \
+    HASH_FIND(hh,head,findint,sizeof(int),out)
+#define HASH_ADD_INT(head,intfield,add)                                          \
+    HASH_ADD(hh,head,intfield,sizeof(int),add)
+#define HASH_REPLACE_INT(head,intfield,add,replaced)                             \
+    HASH_REPLACE(hh,head,intfield,sizeof(int),add,replaced)
+#define HASH_FIND_PTR(head,findptr,out)                                          \
+    HASH_FIND(hh,head,findptr,sizeof(void *),out)
+#define HASH_ADD_PTR(head,ptrfield,add)                                          \
+    HASH_ADD(hh,head,ptrfield,sizeof(void *),add)
+#define HASH_REPLACE_PTR(head,ptrfield,add,replaced)                             \
+    HASH_REPLACE(hh,head,ptrfield,sizeof(void *),add,replaced)
+#define HASH_DEL(head,delptr)                                                    \
+    HASH_DELETE(hh,head,delptr)
+
+/* HASH_FSCK checks hash integrity on every add/delete when HASH_DEBUG is defined.
+ * This is for uthash developer only; it compiles away if HASH_DEBUG isn't defined.
+ */
+#ifdef HASH_DEBUG
+#define HASH_OOPS(...) do { fprintf(stderr,__VA_ARGS__); exit(-1); } while (0)
+#define HASH_FSCK(hh,head)                                                       \
+do {                                                                             \
+    struct UT_hash_handle *_thh;                                                 \
+    if (head) {                                                                  \
+        unsigned _bkt_i;                                                         \
+        unsigned _count;                                                         \
+        char *_prev;                                                             \
+        _count = 0;                                                              \
+        for( _bkt_i = 0; _bkt_i < (head)->hh.tbl->num_buckets; _bkt_i++) {       \
+            unsigned _bkt_count = 0;                                             \
+            _thh = (head)->hh.tbl->buckets[_bkt_i].hh_head;                      \
+            _prev = NULL;                                                        \
+            while (_thh) {                                                       \
+               if (_prev != (char*)(_thh->hh_prev)) {                            \
+                   HASH_OOPS("invalid hh_prev %p, actual %p\n",                  \
+                    _thh->hh_prev, _prev );                                      \
+               }                                                                 \
+               _bkt_count++;                                                     \
+               _prev = (char*)(_thh);                                            \
+               _thh = _thh->hh_next;                                             \
+            }                                                                    \
+            _count += _bkt_count;                                                \
+            if ((head)->hh.tbl->buckets[_bkt_i].count !=  _bkt_count) {          \
+               HASH_OOPS("invalid bucket count %u, actual %u\n",                 \
+                (head)->hh.tbl->buckets[_bkt_i].count, _bkt_count);              \
+            }                                                                    \
+        }                                                                        \
+        if (_count != (head)->hh.tbl->num_items) {                               \
+            HASH_OOPS("invalid hh item count %u, actual %u\n",                   \
+                (head)->hh.tbl->num_items, _count );                             \
+        }                                                                        \
+        /* traverse hh in app order; check next/prev integrity, count */         \
+        _count = 0;                                                              \
+        _prev = NULL;                                                            \
+        _thh =  &(head)->hh;                                                     \
+        while (_thh) {                                                           \
+           _count++;                                                             \
+           if (_prev !=(char*)(_thh->prev)) {                                    \
+              HASH_OOPS("invalid prev %p, actual %p\n",                          \
+                    _thh->prev, _prev );                                         \
+           }                                                                     \
+           _prev = (char*)ELMT_FROM_HH((head)->hh.tbl, _thh);                    \
+           _thh = ( _thh->next ?  (UT_hash_handle*)((char*)(_thh->next) +        \
+                                  (head)->hh.tbl->hho) : NULL );                 \
+        }                                                                        \
+        if (_count != (head)->hh.tbl->num_items) {                               \
+            HASH_OOPS("invalid app item count %u, actual %u\n",                  \
+                (head)->hh.tbl->num_items, _count );                             \
+        }                                                                        \
+    }                                                                            \
+} while (0)
+#else
+#define HASH_FSCK(hh,head)
+#endif
+
+/* When compiled with -DHASH_EMIT_KEYS, length-prefixed keys are emitted to
+ * the descriptor to which this macro is defined for tuning the hash function.
+ * The app can #include <unistd.h> to get the prototype for write(2). */
+#ifdef HASH_EMIT_KEYS
+#define HASH_EMIT_KEY(hh,head,keyptr,fieldlen)                                   \
+do {                                                                             \
+    unsigned _klen = fieldlen;                                                   \
+    write(HASH_EMIT_KEYS, &_klen, sizeof(_klen));                                \
+    write(HASH_EMIT_KEYS, keyptr, (unsigned long)fieldlen);                      \
+} while (0)
+#else
+#define HASH_EMIT_KEY(hh,head,keyptr,fieldlen)
+#endif
+
+/* default to Jenkin's hash unless overridden e.g. DHASH_FUNCTION=HASH_SAX */
+#ifdef HASH_FUNCTION
+#define HASH_FCN HASH_FUNCTION
+#else
+#define HASH_FCN HASH_JEN
+#endif
+
+/* The Bernstein hash function, used in Perl prior to v5.6. Note (x<<5+x)=x*33. */
+#define HASH_BER(key,keylen,hashv)                                               \
+do {                                                                             \
+  unsigned _hb_keylen=(unsigned)keylen;                                          \
+  const unsigned char *_hb_key=(const unsigned char*)(key);                      \
+  (hashv) = 0;                                                                   \
+  while (_hb_keylen-- != 0U) {                                                   \
+      (hashv) = (((hashv) << 5) + (hashv)) + *_hb_key++;                         \
+  }                                                                              \
+} while (0)
+
+
+/* SAX/FNV/OAT/JEN hash functions are macro variants of those listed at
+ * http://eternallyconfuzzled.com/tuts/algorithms/jsw_tut_hashing.aspx */
+#define HASH_SAX(key,keylen,hashv)                                               \
+do {                                                                             \
+  unsigned _sx_i;                                                                \
+  const unsigned char *_hs_key=(const unsigned char*)(key);                      \
+  hashv = 0;                                                                     \
+  for(_sx_i=0; _sx_i < keylen; _sx_i++) {                                        \
+      hashv ^= (hashv << 5) + (hashv >> 2) + _hs_key[_sx_i];                     \
+  }                                                                              \
+} while (0)
+/* FNV-1a variation */
+#define HASH_FNV(key,keylen,hashv)                                               \
+do {                                                                             \
+  unsigned _fn_i;                                                                \
+  const unsigned char *_hf_key=(const unsigned char*)(key);                      \
+  hashv = 2166136261U;                                                           \
+  for(_fn_i=0; _fn_i < keylen; _fn_i++) {                                        \
+      hashv = hashv ^ _hf_key[_fn_i];                                            \
+      hashv = hashv * 16777619U;                                                 \
+  }                                                                              \
+} while (0)
+
+#define HASH_OAT(key,keylen,hashv)                                               \
+do {                                                                             \
+  unsigned _ho_i;                                                                \
+  const unsigned char *_ho_key=(const unsigned char*)(key);                      \
+  hashv = 0;                                                                     \
+  for(_ho_i=0; _ho_i < keylen; _ho_i++) {                                        \
+      hashv += _ho_key[_ho_i];                                                   \
+      hashv += (hashv << 10);                                                    \
+      hashv ^= (hashv >> 6);                                                     \
+  }                                                                              \
+  hashv += (hashv << 3);                                                         \
+  hashv ^= (hashv >> 11);                                                        \
+  hashv += (hashv << 15);                                                        \
+} while (0)
+
+#define HASH_JEN_MIX(a,b,c)                                                      \
+do {                                                                             \
+  a -= b; a -= c; a ^= ( c >> 13 );                                              \
+  b -= c; b -= a; b ^= ( a << 8 );                                               \
+  c -= a; c -= b; c ^= ( b >> 13 );                                              \
+  a -= b; a -= c; a ^= ( c >> 12 );                                              \
+  b -= c; b -= a; b ^= ( a << 16 );                                              \
+  c -= a; c -= b; c ^= ( b >> 5 );                                               \
+  a -= b; a -= c; a ^= ( c >> 3 );                                               \
+  b -= c; b -= a; b ^= ( a << 10 );                                              \
+  c -= a; c -= b; c ^= ( b >> 15 );                                              \
+} while (0)
+
+#define HASH_JEN(key,keylen,hashv)                                               \
+do {                                                                             \
+  unsigned _hj_i,_hj_j,_hj_k;                                                    \
+  unsigned const char *_hj_key=(unsigned const char*)(key);                      \
+  hashv = 0xfeedbeefu;                                                           \
+  _hj_i = _hj_j = 0x9e3779b9u;                                                   \
+  _hj_k = (unsigned)(keylen);                                                    \
+  while (_hj_k >= 12U) {                                                         \
+    _hj_i +=    (_hj_key[0] + ( (unsigned)_hj_key[1] << 8 )                      \
+        + ( (unsigned)_hj_key[2] << 16 )                                         \
+        + ( (unsigned)_hj_key[3] << 24 ) );                                      \
+    _hj_j +=    (_hj_key[4] + ( (unsigned)_hj_key[5] << 8 )                      \
+        + ( (unsigned)_hj_key[6] << 16 )                                         \
+        + ( (unsigned)_hj_key[7] << 24 ) );                                      \
+    hashv += (_hj_key[8] + ( (unsigned)_hj_key[9] << 8 )                         \
+        + ( (unsigned)_hj_key[10] << 16 )                                        \
+        + ( (unsigned)_hj_key[11] << 24 ) );                                     \
+                                                                                 \
+     HASH_JEN_MIX(_hj_i, _hj_j, hashv);                                          \
+                                                                                 \
+     _hj_key += 12;                                                              \
+     _hj_k -= 12U;                                                               \
+  }                                                                              \
+  hashv += (unsigned)(keylen);                                                   \
+  switch ( _hj_k ) {                                                             \
+     case 11: hashv += ( (unsigned)_hj_key[10] << 24 ); /* FALLTHROUGH */        \
+     case 10: hashv += ( (unsigned)_hj_key[9] << 16 );  /* FALLTHROUGH */        \
+     case 9:  hashv += ( (unsigned)_hj_key[8] << 8 );   /* FALLTHROUGH */        \
+     case 8:  _hj_j += ( (unsigned)_hj_key[7] << 24 );  /* FALLTHROUGH */        \
+     case 7:  _hj_j += ( (unsigned)_hj_key[6] << 16 );  /* FALLTHROUGH */        \
+     case 6:  _hj_j += ( (unsigned)_hj_key[5] << 8 );   /* FALLTHROUGH */        \
+     case 5:  _hj_j += _hj_key[4];                      /* FALLTHROUGH */        \
+     case 4:  _hj_i += ( (unsigned)_hj_key[3] << 24 );  /* FALLTHROUGH */        \
+     case 3:  _hj_i += ( (unsigned)_hj_key[2] << 16 );  /* FALLTHROUGH */        \
+     case 2:  _hj_i += ( (unsigned)_hj_key[1] << 8 );   /* FALLTHROUGH */        \
+     case 1:  _hj_i += _hj_key[0];                                               \
+  }                                                                              \
+  HASH_JEN_MIX(_hj_i, _hj_j, hashv);                                             \
+} while (0)
+
+/* The Paul Hsieh hash function */
+#undef get16bits
+#if (defined(__GNUC__) && defined(__i386__)) || defined(__WATCOMC__)             \
+  || defined(_MSC_VER) || defined (__BORLANDC__) || defined (__TURBOC__)
+#define get16bits(d) (*((const uint16_t *) (d)))
+#endif
+
+#if !defined (get16bits)
+#define get16bits(d) ((((uint32_t)(((const uint8_t *)(d))[1])) << 8)             \
+                       +(uint32_t)(((const uint8_t *)(d))[0]) )
+#endif
+#define HASH_SFH(key,keylen,hashv)                                               \
+do {                                                                             \
+  unsigned const char *_sfh_key=(unsigned const char*)(key);                     \
+  uint32_t _sfh_tmp, _sfh_len = (uint32_t)keylen;                                \
+                                                                                 \
+  unsigned _sfh_rem = _sfh_len & 3U;                                             \
+  _sfh_len >>= 2;                                                                \
+  hashv = 0xcafebabeu;                                                           \
+                                                                                 \
+  /* Main loop */                                                                \
+  for (;_sfh_len > 0U; _sfh_len--) {                                             \
+    hashv    += get16bits (_sfh_key);                                            \
+    _sfh_tmp  = ((uint32_t)(get16bits (_sfh_key+2)) << 11) ^ hashv;              \
+    hashv     = (hashv << 16) ^ _sfh_tmp;                                        \
+    _sfh_key += 2U*sizeof (uint16_t);                                            \
+    hashv    += hashv >> 11;                                                     \
+  }                                                                              \
+                                                                                 \
+  /* Handle end cases */                                                         \
+  switch (_sfh_rem) {                                                            \
+    case 3: hashv += get16bits (_sfh_key);                                       \
+            hashv ^= hashv << 16;                                                \
+            hashv ^= (uint32_t)(_sfh_key[sizeof (uint16_t)]) << 18;              \
+            hashv += hashv >> 11;                                                \
+            break;                                                               \
+    case 2: hashv += get16bits (_sfh_key);                                       \
+            hashv ^= hashv << 11;                                                \
+            hashv += hashv >> 17;                                                \
+            break;                                                               \
+    case 1: hashv += *_sfh_key;                                                  \
+            hashv ^= hashv << 10;                                                \
+            hashv += hashv >> 1;                                                 \
+  }                                                                              \
+                                                                                 \
+    /* Force "avalanching" of final 127 bits */                                  \
+    hashv ^= hashv << 3;                                                         \
+    hashv += hashv >> 5;                                                         \
+    hashv ^= hashv << 4;                                                         \
+    hashv += hashv >> 17;                                                        \
+    hashv ^= hashv << 25;                                                        \
+    hashv += hashv >> 6;                                                         \
+} while (0)
+
+#ifdef HASH_USING_NO_STRICT_ALIASING
+/* The MurmurHash exploits some CPU's (x86,x86_64) tolerance for unaligned reads.
+ * For other types of CPU's (e.g. Sparc) an unaligned read causes a bus error.
+ * MurmurHash uses the faster approach only on CPU's where we know it's safe.
+ *
+ * Note the preprocessor built-in defines can be emitted using:
+ *
+ *   gcc -m64 -dM -E - < /dev/null                  (on gcc)
+ *   cc -## a.c (where a.c is a simple test file)   (Sun Studio)
+ */
+#if (defined(__i386__) || defined(__x86_64__)  || defined(_M_IX86))
+#define MUR_GETBLOCK(p,i) p[i]
+#else /* non intel */
+#define MUR_PLUS0_ALIGNED(p) (((unsigned long)p & 3UL) == 0UL)
+#define MUR_PLUS1_ALIGNED(p) (((unsigned long)p & 3UL) == 1UL)
+#define MUR_PLUS2_ALIGNED(p) (((unsigned long)p & 3UL) == 2UL)
+#define MUR_PLUS3_ALIGNED(p) (((unsigned long)p & 3UL) == 3UL)
+#define WP(p) ((uint32_t*)((unsigned long)(p) & ~3UL))
+#if (defined(__BIG_ENDIAN__) || defined(SPARC) || defined(__ppc__) || defined(__ppc64__))
+#define MUR_THREE_ONE(p) ((((*WP(p))&0x00ffffff) << 8) | (((*(WP(p)+1))&0xff000000) >> 24))
+#define MUR_TWO_TWO(p)   ((((*WP(p))&0x0000ffff) <<16) | (((*(WP(p)+1))&0xffff0000) >> 16))
+#define MUR_ONE_THREE(p) ((((*WP(p))&0x000000ff) <<24) | (((*(WP(p)+1))&0xffffff00) >>  8))
+#else /* assume little endian non-intel */
+#define MUR_THREE_ONE(p) ((((*WP(p))&0xffffff00) >> 8) | (((*(WP(p)+1))&0x000000ff) << 24))
+#define MUR_TWO_TWO(p)   ((((*WP(p))&0xffff0000) >>16) | (((*(WP(p)+1))&0x0000ffff) << 16))
+#define MUR_ONE_THREE(p) ((((*WP(p))&0xff000000) >>24) | (((*(WP(p)+1))&0x00ffffff) <<  8))
+#endif
+#define MUR_GETBLOCK(p,i) (MUR_PLUS0_ALIGNED(p) ? ((p)[i]) :           \
+                            (MUR_PLUS1_ALIGNED(p) ? MUR_THREE_ONE(p) : \
+                             (MUR_PLUS2_ALIGNED(p) ? MUR_TWO_TWO(p) :  \
+                                                      MUR_ONE_THREE(p))))
+#endif
+#define MUR_ROTL32(x,r) (((x) << (r)) | ((x) >> (32 - (r))))
+#define MUR_FMIX(_h) \
+do {                 \
+  _h ^= _h >> 16;    \
+  _h *= 0x85ebca6bu; \
+  _h ^= _h >> 13;    \
+  _h *= 0xc2b2ae35u; \
+  _h ^= _h >> 16;    \
+} while (0)
+
+#define HASH_MUR(key,keylen,hashv)                                     \
+do {                                                                   \
+  const uint8_t *_mur_data = (const uint8_t*)(key);                    \
+  const int _mur_nblocks = (int)(keylen) / 4;                          \
+  uint32_t _mur_h1 = 0xf88D5353u;                                      \
+  uint32_t _mur_c1 = 0xcc9e2d51u;                                      \
+  uint32_t _mur_c2 = 0x1b873593u;                                      \
+  uint32_t _mur_k1 = 0;                                                \
+  const uint8_t *_mur_tail;                                            \
+  const uint32_t *_mur_blocks = (const uint32_t*)(_mur_data+(_mur_nblocks*4)); \
+  int _mur_i;                                                          \
+  for(_mur_i = -_mur_nblocks; _mur_i!=0; _mur_i++) {                   \
+    _mur_k1 = MUR_GETBLOCK(_mur_blocks,_mur_i);                        \
+    _mur_k1 *= _mur_c1;                                                \
+    _mur_k1 = MUR_ROTL32(_mur_k1,15);                                  \
+    _mur_k1 *= _mur_c2;                                                \
+                                                                       \
+    _mur_h1 ^= _mur_k1;                                                \
+    _mur_h1 = MUR_ROTL32(_mur_h1,13);                                  \
+    _mur_h1 = (_mur_h1*5U) + 0xe6546b64u;                              \
+  }                                                                    \
+  _mur_tail = (const uint8_t*)(_mur_data + (_mur_nblocks*4));          \
+  _mur_k1=0;                                                           \
+  switch((keylen) & 3U) {                                              \
+    case 3: _mur_k1 ^= (uint32_t)_mur_tail[2] << 16; /* FALLTHROUGH */ \
+    case 2: _mur_k1 ^= (uint32_t)_mur_tail[1] << 8;  /* FALLTHROUGH */ \
+    case 1: _mur_k1 ^= (uint32_t)_mur_tail[0];                         \
+    _mur_k1 *= _mur_c1;                                                \
+    _mur_k1 = MUR_ROTL32(_mur_k1,15);                                  \
+    _mur_k1 *= _mur_c2;                                                \
+    _mur_h1 ^= _mur_k1;                                                \
+  }                                                                    \
+  _mur_h1 ^= (uint32_t)(keylen);                                       \
+  MUR_FMIX(_mur_h1);                                                   \
+  hashv = _mur_h1;                                                     \
+} while (0)
+#endif  /* HASH_USING_NO_STRICT_ALIASING */
+
+/* iterate over items in a known bucket to find desired item */
+#define HASH_FIND_IN_BKT(tbl,hh,head,keyptr,keylen_in,hashval,out)               \
+do {                                                                             \
+  if ((head).hh_head != NULL) {                                                  \
+    DECLTYPE_ASSIGN(out, ELMT_FROM_HH(tbl, (head).hh_head));                     \
+  } else {                                                                       \
+    (out) = NULL;                                                                \
+  }                                                                              \
+  while ((out) != NULL) {                                                        \
+    if ((out)->hh.hashv == (hashval) && (out)->hh.keylen == (keylen_in)) {       \
+      if (uthash_memcmp((out)->hh.key, keyptr, keylen_in) == 0) {                \
+        break;                                                                   \
+      }                                                                          \
+    }                                                                            \
+    if ((out)->hh.hh_next != NULL) {                                             \
+      DECLTYPE_ASSIGN(out, ELMT_FROM_HH(tbl, (out)->hh.hh_next));                \
+    } else {                                                                     \
+      (out) = NULL;                                                              \
+    }                                                                            \
+  }                                                                              \
+} while (0)
+
+/* add an item to a bucket  */
+#define HASH_ADD_TO_BKT(head,addhh)                                              \
+do {                                                                             \
+ head.count++;                                                                   \
+ (addhh)->hh_next = head.hh_head;                                                \
+ (addhh)->hh_prev = NULL;                                                        \
+ if (head.hh_head != NULL) { (head).hh_head->hh_prev = (addhh); }                \
+ (head).hh_head=addhh;                                                           \
+ if ((head.count >= ((head.expand_mult+1U) * HASH_BKT_CAPACITY_THRESH))          \
+     && ((addhh)->tbl->noexpand != 1U)) {                                        \
+       HASH_EXPAND_BUCKETS((addhh)->tbl);                                        \
+ }                                                                               \
+} while (0)
+
+/* remove an item from a given bucket */
+#define HASH_DEL_IN_BKT(hh,head,hh_del)                                          \
+    (head).count--;                                                              \
+    if ((head).hh_head == hh_del) {                                              \
+      (head).hh_head = hh_del->hh_next;                                          \
+    }                                                                            \
+    if (hh_del->hh_prev) {                                                       \
+        hh_del->hh_prev->hh_next = hh_del->hh_next;                              \
+    }                                                                            \
+    if (hh_del->hh_next) {                                                       \
+        hh_del->hh_next->hh_prev = hh_del->hh_prev;                              \
+    }
+
+/* Bucket expansion has the effect of doubling the number of buckets
+ * and redistributing the items into the new buckets. Ideally the
+ * items will distribute more or less evenly into the new buckets
+ * (the extent to which this is true is a measure of the quality of
+ * the hash function as it applies to the key domain).
+ *
+ * With the items distributed into more buckets, the chain length
+ * (item count) in each bucket is reduced. Thus by expanding buckets
+ * the hash keeps a bound on the chain length. This bounded chain
+ * length is the essence of how a hash provides constant time lookup.
+ *
+ * The calculation of tbl->ideal_chain_maxlen below deserves some
+ * explanation. First, keep in mind that we're calculating the ideal
+ * maximum chain length based on the *new* (doubled) bucket count.
+ * In fractions this is just n/b (n=number of items,b=new num buckets).
+ * Since the ideal chain length is an integer, we want to calculate
+ * ceil(n/b). We don't depend on floating point arithmetic in this
+ * hash, so to calculate ceil(n/b) with integers we could write
+ *
+ *      ceil(n/b) = (n/b) + ((n%b)?1:0)
+ *
+ * and in fact a previous version of this hash did just that.
+ * But now we have improved things a bit by recognizing that b is
+ * always a power of two. We keep its base 2 log handy (call it lb),
+ * so now we can write this with a bit shift and logical AND:
+ *
+ *      ceil(n/b) = (n>>lb) + ( (n & (b-1)) ? 1:0)
+ *
+ */
+#define HASH_EXPAND_BUCKETS(tbl)                                                 \
+do {                                                                             \
+    unsigned _he_bkt;                                                            \
+    unsigned _he_bkt_i;                                                          \
+    struct UT_hash_handle *_he_thh, *_he_hh_nxt;                                 \
+    UT_hash_bucket *_he_new_buckets, *_he_newbkt;                                \
+    _he_new_buckets = (UT_hash_bucket*)uthash_malloc(                            \
+             2UL * tbl->num_buckets * sizeof(struct UT_hash_bucket));            \
+    if (!_he_new_buckets) { uthash_fatal( "out of memory"); }                    \
+    memset(_he_new_buckets, 0,                                                   \
+            2UL * tbl->num_buckets * sizeof(struct UT_hash_bucket));             \
+    tbl->ideal_chain_maxlen =                                                    \
+       (tbl->num_items >> (tbl->log2_num_buckets+1U)) +                          \
+       (((tbl->num_items & ((tbl->num_buckets*2U)-1U)) != 0U) ? 1U : 0U);        \
+    tbl->nonideal_items = 0;                                                     \
+    for(_he_bkt_i = 0; _he_bkt_i < tbl->num_buckets; _he_bkt_i++)                \
+    {                                                                            \
+        _he_thh = tbl->buckets[ _he_bkt_i ].hh_head;                             \
+        while (_he_thh != NULL) {                                                \
+           _he_hh_nxt = _he_thh->hh_next;                                        \
+           HASH_TO_BKT( _he_thh->hashv, tbl->num_buckets*2U, _he_bkt);           \
+           _he_newbkt = &(_he_new_buckets[ _he_bkt ]);                           \
+           if (++(_he_newbkt->count) > tbl->ideal_chain_maxlen) {                \
+             tbl->nonideal_items++;                                              \
+             _he_newbkt->expand_mult = _he_newbkt->count /                       \
+                                        tbl->ideal_chain_maxlen;                 \
+           }                                                                     \
+           _he_thh->hh_prev = NULL;                                              \
+           _he_thh->hh_next = _he_newbkt->hh_head;                               \
+           if (_he_newbkt->hh_head != NULL) { _he_newbkt->hh_head->hh_prev =     \
+                _he_thh; }                                                       \
+           _he_newbkt->hh_head = _he_thh;                                        \
+           _he_thh = _he_hh_nxt;                                                 \
+        }                                                                        \
+    }                                                                            \
+    uthash_free( tbl->buckets, tbl->num_buckets*sizeof(struct UT_hash_bucket) ); \
+    tbl->num_buckets *= 2U;                                                      \
+    tbl->log2_num_buckets++;                                                     \
+    tbl->buckets = _he_new_buckets;                                              \
+    tbl->ineff_expands = (tbl->nonideal_items > (tbl->num_items >> 1)) ?         \
+        (tbl->ineff_expands+1U) : 0U;                                            \
+    if (tbl->ineff_expands > 1U) {                                               \
+        tbl->noexpand=1;                                                         \
+        uthash_noexpand_fyi(tbl);                                                \
+    }                                                                            \
+    uthash_expand_fyi(tbl);                                                      \
+} while (0)
+
+
+/* This is an adaptation of Simon Tatham's O(n log(n)) mergesort */
+/* Note that HASH_SORT assumes the hash handle name to be hh.
+ * HASH_SRT was added to allow the hash handle name to be passed in. */
+#define HASH_SORT(head,cmpfcn) HASH_SRT(hh,head,cmpfcn)
+#define HASH_SRT(hh,head,cmpfcn)                                                 \
+do {                                                                             \
+  unsigned _hs_i;                                                                \
+  unsigned _hs_looping,_hs_nmerges,_hs_insize,_hs_psize,_hs_qsize;               \
+  struct UT_hash_handle *_hs_p, *_hs_q, *_hs_e, *_hs_list, *_hs_tail;            \
+  if (head != NULL) {                                                            \
+      _hs_insize = 1;                                                            \
+      _hs_looping = 1;                                                           \
+      _hs_list = &((head)->hh);                                                  \
+      while (_hs_looping != 0U) {                                                \
+          _hs_p = _hs_list;                                                      \
+          _hs_list = NULL;                                                       \
+          _hs_tail = NULL;                                                       \
+          _hs_nmerges = 0;                                                       \
+          while (_hs_p != NULL) {                                                \
+              _hs_nmerges++;                                                     \
+              _hs_q = _hs_p;                                                     \
+              _hs_psize = 0;                                                     \
+              for ( _hs_i = 0; _hs_i  < _hs_insize; _hs_i++ ) {                  \
+                  _hs_psize++;                                                   \
+                  _hs_q = (UT_hash_handle*)((_hs_q->next != NULL) ?              \
+                          ((void*)((char*)(_hs_q->next) +                        \
+                          (head)->hh.tbl->hho)) : NULL);                         \
+                  if (! (_hs_q) ) { break; }                                     \
+              }                                                                  \
+              _hs_qsize = _hs_insize;                                            \
+              while ((_hs_psize > 0U) || ((_hs_qsize > 0U) && (_hs_q != NULL))) {\
+                  if (_hs_psize == 0U) {                                         \
+                      _hs_e = _hs_q;                                             \
+                      _hs_q = (UT_hash_handle*)((_hs_q->next != NULL) ?          \
+                              ((void*)((char*)(_hs_q->next) +                    \
+                              (head)->hh.tbl->hho)) : NULL);                     \
+                      _hs_qsize--;                                               \
+                  } else if ( (_hs_qsize == 0U) || (_hs_q == NULL) ) {           \
+                      _hs_e = _hs_p;                                             \
+                      if (_hs_p != NULL){                                        \
+                        _hs_p = (UT_hash_handle*)((_hs_p->next != NULL) ?        \
+                                ((void*)((char*)(_hs_p->next) +                  \
+                                (head)->hh.tbl->hho)) : NULL);                   \
+                       }                                                         \
+                      _hs_psize--;                                               \
+                  } else if ((                                                   \
+                      cmpfcn(DECLTYPE(head)(ELMT_FROM_HH((head)->hh.tbl,_hs_p)), \
+                             DECLTYPE(head)(ELMT_FROM_HH((head)->hh.tbl,_hs_q))) \
+                             ) <= 0) {                                           \
+                      _hs_e = _hs_p;                                             \
+                      if (_hs_p != NULL){                                        \
+                        _hs_p = (UT_hash_handle*)((_hs_p->next != NULL) ?        \
+                               ((void*)((char*)(_hs_p->next) +                   \
+                               (head)->hh.tbl->hho)) : NULL);                    \
+                       }                                                         \
+                      _hs_psize--;                                               \
+                  } else {                                                       \
+                      _hs_e = _hs_q;                                             \
+                      _hs_q = (UT_hash_handle*)((_hs_q->next != NULL) ?          \
+                              ((void*)((char*)(_hs_q->next) +                    \
+                              (head)->hh.tbl->hho)) : NULL);                     \
+                      _hs_qsize--;                                               \
+                  }                                                              \
+                  if ( _hs_tail != NULL ) {                                      \
+                      _hs_tail->next = ((_hs_e != NULL) ?                        \
+                            ELMT_FROM_HH((head)->hh.tbl,_hs_e) : NULL);          \
+                  } else {                                                       \
+                      _hs_list = _hs_e;                                          \
+                  }                                                              \
+                  if (_hs_e != NULL) {                                           \
+                  _hs_e->prev = ((_hs_tail != NULL) ?                            \
+                     ELMT_FROM_HH((head)->hh.tbl,_hs_tail) : NULL);              \
+                  }                                                              \
+                  _hs_tail = _hs_e;                                              \
+              }                                                                  \
+              _hs_p = _hs_q;                                                     \
+          }                                                                      \
+          if (_hs_tail != NULL){                                                 \
+            _hs_tail->next = NULL;                                               \
+          }                                                                      \
+          if ( _hs_nmerges <= 1U ) {                                             \
+              _hs_looping=0;                                                     \
+              (head)->hh.tbl->tail = _hs_tail;                                   \
+              DECLTYPE_ASSIGN(head,ELMT_FROM_HH((head)->hh.tbl, _hs_list));      \
+          }                                                                      \
+          _hs_insize *= 2U;                                                      \
+      }                                                                          \
+      HASH_FSCK(hh,head);                                                        \
+ }                                                                               \
+} while (0)
+
+/* This function selects items from one hash into another hash.
+ * The end result is that the selected items have dual presence
+ * in both hashes. There is no copy of the items made; rather
+ * they are added into the new hash through a secondary hash
+ * hash handle that must be present in the structure. */
+#define HASH_SELECT(hh_dst, dst, hh_src, src, cond)                              \
+do {                                                                             \
+  unsigned _src_bkt, _dst_bkt;                                                   \
+  void *_last_elt=NULL, *_elt;                                                   \
+  UT_hash_handle *_src_hh, *_dst_hh, *_last_elt_hh=NULL;                         \
+  ptrdiff_t _dst_hho = ((char*)(&(dst)->hh_dst) - (char*)(dst));                 \
+  if (src != NULL) {                                                             \
+    for(_src_bkt=0; _src_bkt < (src)->hh_src.tbl->num_buckets; _src_bkt++) {     \
+      for(_src_hh = (src)->hh_src.tbl->buckets[_src_bkt].hh_head;                \
+          _src_hh != NULL;                                                       \
+          _src_hh = _src_hh->hh_next) {                                          \
+          _elt = ELMT_FROM_HH((src)->hh_src.tbl, _src_hh);                       \
+          if (cond(_elt)) {                                                      \
+            _dst_hh = (UT_hash_handle*)(((char*)_elt) + _dst_hho);               \
+            _dst_hh->key = _src_hh->key;                                         \
+            _dst_hh->keylen = _src_hh->keylen;                                   \
+            _dst_hh->hashv = _src_hh->hashv;                                     \
+            _dst_hh->prev = _last_elt;                                           \
+            _dst_hh->next = NULL;                                                \
+            if (_last_elt_hh != NULL) { _last_elt_hh->next = _elt; }             \
+            if (dst == NULL) {                                                   \
+              DECLTYPE_ASSIGN(dst,_elt);                                         \
+              HASH_MAKE_TABLE(hh_dst,dst);                                       \
+            } else {                                                             \
+              _dst_hh->tbl = (dst)->hh_dst.tbl;                                  \
+            }                                                                    \
+            HASH_TO_BKT(_dst_hh->hashv, _dst_hh->tbl->num_buckets, _dst_bkt);    \
+            HASH_ADD_TO_BKT(_dst_hh->tbl->buckets[_dst_bkt],_dst_hh);            \
+            (dst)->hh_dst.tbl->num_items++;                                      \
+            _last_elt = _elt;                                                    \
+            _last_elt_hh = _dst_hh;                                              \
+          }                                                                      \
+      }                                                                          \
+    }                                                                            \
+  }                                                                              \
+  HASH_FSCK(hh_dst,dst);                                                         \
+} while (0)
+
+#define HASH_CLEAR(hh,head)                                                      \
+do {                                                                             \
+  if (head != NULL) {                                                            \
+    uthash_free((head)->hh.tbl->buckets,                                         \
+                (head)->hh.tbl->num_buckets*sizeof(struct UT_hash_bucket));      \
+    HASH_BLOOM_FREE((head)->hh.tbl);                                             \
+    uthash_free((head)->hh.tbl, sizeof(UT_hash_table));                          \
+    (head)=NULL;                                                                 \
+  }                                                                              \
+} while (0)
+
+#define HASH_OVERHEAD(hh,head)                                                   \
+ ((head != NULL) ? (                                                             \
+ (size_t)(((head)->hh.tbl->num_items   * sizeof(UT_hash_handle))   +             \
+          ((head)->hh.tbl->num_buckets * sizeof(UT_hash_bucket))   +             \
+           sizeof(UT_hash_table)                                   +             \
+           (HASH_BLOOM_BYTELEN))) : 0U)
+
+#ifdef NO_DECLTYPE
+#define HASH_ITER(hh,head,el,tmp)                                                \
+for(((el)=(head)), ((*(char**)(&(tmp)))=(char*)((head!=NULL)?(head)->hh.next:NULL)); \
+  (el) != NULL; ((el)=(tmp)), ((*(char**)(&(tmp)))=(char*)((tmp!=NULL)?(tmp)->hh.next:NULL)))
+#else
+#define HASH_ITER(hh,head,el,tmp)                                                \
+for(((el)=(head)), ((tmp)=DECLTYPE(el)((head!=NULL)?(head)->hh.next:NULL));      \
+  (el) != NULL; ((el)=(tmp)), ((tmp)=DECLTYPE(el)((tmp!=NULL)?(tmp)->hh.next:NULL)))
+#endif
+
+/* obtain a count of items in the hash */
+#define HASH_COUNT(head) HASH_CNT(hh,head)
+#define HASH_CNT(hh,head) ((head != NULL)?((head)->hh.tbl->num_items):0U)
+
+typedef struct UT_hash_bucket {
+   struct UT_hash_handle *hh_head;
+   unsigned count;
+
+   /* expand_mult is normally set to 0. In this situation, the max chain length
+    * threshold is enforced at its default value, HASH_BKT_CAPACITY_THRESH. (If
+    * the bucket's chain exceeds this length, bucket expansion is triggered).
+    * However, setting expand_mult to a non-zero value delays bucket expansion
+    * (that would be triggered by additions to this particular bucket)
+    * until its chain length reaches a *multiple* of HASH_BKT_CAPACITY_THRESH.
+    * (The multiplier is simply expand_mult+1). The whole idea of this
+    * multiplier is to reduce bucket expansions, since they are expensive, in
+    * situations where we know that a particular bucket tends to be overused.
+    * It is better to let its chain length grow to a longer yet-still-bounded
+    * value, than to do an O(n) bucket expansion too often.
+    */
+   unsigned expand_mult;
+
+} UT_hash_bucket;
+
+/* random signature used only to find hash tables in external analysis */
+#define HASH_SIGNATURE 0xa0111fe1u
+#define HASH_BLOOM_SIGNATURE 0xb12220f2u
+
+typedef struct UT_hash_table {
+   UT_hash_bucket *buckets;
+   unsigned num_buckets, log2_num_buckets;
+   unsigned num_items;
+   struct UT_hash_handle *tail; /* tail hh in app order, for fast append    */
+   ptrdiff_t hho; /* hash handle offset (byte pos of hash handle in element */
+
+   /* in an ideal situation (all buckets used equally), no bucket would have
+    * more than ceil(#items/#buckets) items. that's the ideal chain length. */
+   unsigned ideal_chain_maxlen;
+
+   /* nonideal_items is the number of items in the hash whose chain position
+    * exceeds the ideal chain maxlen. these items pay the penalty for an uneven
+    * hash distribution; reaching them in a chain traversal takes >ideal steps */
+   unsigned nonideal_items;
+
+   /* ineffective expands occur when a bucket doubling was performed, but
+    * afterward, more than half the items in the hash had nonideal chain
+    * positions. If this happens on two consecutive expansions we inhibit any
+    * further expansion, as it's not helping; this happens when the hash
+    * function isn't a good fit for the key domain. When expansion is inhibited
+    * the hash will still work, albeit no longer in constant time. */
+   unsigned ineff_expands, noexpand;
+
+   uint32_t signature; /* used only to find hash tables in external analysis */
+#ifdef HASH_BLOOM
+   uint32_t bloom_sig; /* used only to test bloom exists in external analysis */
+   uint8_t *bloom_bv;
+   uint8_t bloom_nbits;
+#endif
+
+} UT_hash_table;
+
+typedef struct UT_hash_handle {
+   struct UT_hash_table *tbl;
+   void *prev;                       /* prev element in app order      */
+   void *next;                       /* next element in app order      */
+   struct UT_hash_handle *hh_prev;   /* previous hh in bucket order    */
+   struct UT_hash_handle *hh_next;   /* next hh in bucket order        */
+   void *key;                        /* ptr to enclosing struct's key  */
+   unsigned keylen;                  /* enclosing struct's key len     */
+   unsigned hashv;                   /* result of hash-fcn(key)        */
+} UT_hash_handle;
+
+#endif /* UTHASH_H */
diff --git a/client/3rd/ShadowSocks/ShadowSocks/shadowsocks-libev/src/utils.c b/client/3rd/ShadowSocks/ShadowSocks/shadowsocks-libev/src/utils.c
new file mode 100644
index 00000000..b7079971
--- /dev/null
+++ b/client/3rd/ShadowSocks/ShadowSocks/shadowsocks-libev/src/utils.c
@@ -0,0 +1,568 @@
+/*
+ * utils.c - Misc utilities
+ *
+ * Copyright (C) 2013 - 2019, Max Lv <max.c.lv@gmail.com>
+ *
+ * This file is part of the shadowsocks-libev.
+ *
+ * shadowsocks-libev is free software; you can redistribute it and/or modify
+ * it under the terms of the GNU General Public License as published by
+ * the Free Software Foundation; either version 3 of the License, or
+ * (at your option) any later version.
+ *
+ * shadowsocks-libev is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+ * GNU General Public License for more details.
+ *
+ * You should have received a copy of the GNU General Public License
+ * along with shadowsocks-libev; see the file COPYING. If not, see
+ * <http://www.gnu.org/licenses/>.
+ */
+
+#ifdef HAVE_CONFIG_H
+#include "config.h"
+#endif
+
+#include <stdlib.h>
+#include <string.h>
+#include <ctype.h>
+#ifndef __MINGW32__
+#include <unistd.h>
+#include <errno.h>
+#include <pwd.h>
+#include <grp.h>
+#else
+#include <malloc.h>
+#endif
+
+#include <sys/types.h>
+#include <sys/stat.h>
+#include <fcntl.h>
+
+#include <sodium.h>
+
+#include "crypto.h"
+#include "utils.h"
+
+#ifdef HAVE_SETRLIMIT
+#include <sys/time.h>
+#include <sys/resource.h>
+#endif
+
+#define INT_DIGITS 19           /* enough for 64 bit integer */
+
+#define VERSION "3.3.5"
+
+#ifdef LIB_ONLY
+FILE *logfile;
+#endif
+
+#ifdef HAS_SYSLOG
+int use_syslog = 0;
+#endif
+
+#ifndef __MINGW32__
+void
+ERROR(const char *s)
+{
+    char *msg = strerror(errno);
+    LOGE("%s: %s", s, msg);
+}
+
+#endif
+
+int use_tty = 1;
+
+char *
+ss_itoa(int i)
+{
+    /* Room for INT_DIGITS digits, - and '\0' */
+    static char buf[INT_DIGITS + 2];
+    char *p = buf + INT_DIGITS + 1;     /* points to terminating '\0' */
+    if (i >= 0) {
+        do {
+            *--p = '0' + (i % 10);
+            i   /= 10;
+        } while (i != 0);
+        return p;
+    } else {                     /* i < 0 */
+        do {
+            *--p = '0' - (i % 10);
+            i   /= 10;
+        } while (i != 0);
+        *--p = '-';
+    }
+    return p;
+}
+
+int
+ss_isnumeric(const char *s)
+{
+    if (!s || !*s)
+        return 0;
+    while (isdigit((unsigned char)*s))
+        ++s;
+    return *s == '\0';
+}
+
+/*
+ * setuid() and setgid() for a specified user.
+ */
+int
+run_as(const char *user)
+{
+#ifndef __MINGW32__
+    if (user[0]) {
+        /* Convert user to a long integer if it is a non-negative number.
+         * -1 means it is a user name. */
+        long uid = -1;
+        if (ss_isnumeric(user)) {
+            errno = 0;
+            char *endptr;
+            uid = strtol(user, &endptr, 10);
+            if (errno || endptr == user)
+                uid = -1;
+        }
+
+#ifdef HAVE_GETPWNAM_R
+        struct passwd pwdbuf, *pwd;
+        memset(&pwdbuf, 0, sizeof(struct passwd));
+        size_t buflen;
+        int err;
+
+        for (buflen = 128;; buflen *= 2) {
+            char buf[buflen];  /* variable length array */
+
+            /* Note that we use getpwnam_r() instead of getpwnam(),
+             * which returns its result in a statically allocated buffer and
+             * cannot be considered thread safe. */
+            err = uid >= 0 ? getpwuid_r((uid_t)uid, &pwdbuf, buf, buflen, &pwd)
+                  : getpwnam_r(user, &pwdbuf, buf, buflen, &pwd);
+
+            if (err == 0 && pwd) {
+                /* setgid first, because we may not be allowed to do it anymore after setuid */
+                if (setgid(pwd->pw_gid) != 0) {
+                    LOGE(
+                        "Could not change group id to that of run_as user '%s': %s",
+                        pwd->pw_name, strerror(errno));
+                    return 0;
+                }
+
+#ifndef __CYGWIN__
+                if (initgroups(pwd->pw_name, pwd->pw_gid) == -1) {
+                    LOGE("Could not change supplementary groups for user '%s'.", pwd->pw_name);
+                    return 0;
+                }
+#endif
+
+                if (setuid(pwd->pw_uid) != 0) {
+                    LOGE(
+                        "Could not change user id to that of run_as user '%s': %s",
+                        pwd->pw_name, strerror(errno));
+                    return 0;
+                }
+                break;
+            } else if (err != ERANGE) {
+                if (err) {
+                    LOGE("run_as user '%s' could not be found: %s", user,
+                         strerror(err));
+                } else {
+                    LOGE("run_as user '%s' could not be found.", user);
+                }
+                return 0;
+            } else if (buflen >= 16 * 1024) {
+                /* If getpwnam_r() seems defective, call it quits rather than
+                 * keep on allocating ever larger buffers until we crash. */
+                LOGE(
+                    "getpwnam_r() requires more than %u bytes of buffer space.",
+                    (unsigned)buflen);
+                return 0;
+            }
+            /* Else try again with larger buffer. */
+        }
+#else
+        /* No getpwnam_r() :-(  We'll use getpwnam() and hope for the best. */
+        struct passwd *pwd;
+
+        if (!(pwd = uid >= 0 ? getpwuid((uid_t)uid) : getpwnam(user))) {
+            LOGE("run_as user %s could not be found.", user);
+            return 0;
+        }
+        /* setgid first, because we may not allowed to do it anymore after setuid */
+        if (setgid(pwd->pw_gid) != 0) {
+            LOGE("Could not change group id to that of run_as user '%s': %s",
+                 pwd->pw_name, strerror(errno));
+            return 0;
+        }
+        if (initgroups(pwd->pw_name, pwd->pw_gid) == -1) {
+            LOGE("Could not change supplementary groups for user '%s'.", pwd->pw_name);
+            return 0;
+        }
+        if (setuid(pwd->pw_uid) != 0) {
+            LOGE("Could not change user id to that of run_as user '%s': %s",
+                 pwd->pw_name, strerror(errno));
+            return 0;
+        }
+#endif
+    }
+#else
+    LOGE("run_as(): not implemented in MinGW port");
+#endif
+
+    return 1;
+}
+
+char *
+ss_strndup(const char *s, size_t n)
+{
+    size_t len = strlen(s);
+    char *ret;
+
+    if (len <= n) {
+        return strdup(s);
+    }
+
+    ret = ss_malloc(n + 1);
+    strncpy(ret, s, n);
+    ret[n] = '\0';
+    return ret;
+}
+
+void
+FATAL(const char *msg)
+{
+    LOGE("%s", msg);
+    exit(-1);
+}
+
+void *
+ss_malloc(size_t size)
+{
+    void *tmp = malloc(size);
+    if (tmp == NULL)
+        exit(EXIT_FAILURE);
+    return tmp;
+}
+
+void *
+ss_aligned_malloc(size_t size)
+{
+    int err;
+    void *tmp = NULL;
+#ifdef HAVE_POSIX_MEMALIGN
+    /* ensure 16 byte alignment */
+    err = posix_memalign(&tmp, 16, size);
+#elif __MINGW32__
+    tmp = _aligned_malloc(size, 16);
+    err = tmp == NULL;
+#else
+    err = -1;
+#endif
+    if (err) {
+        return ss_malloc(size);
+    } else {
+        return tmp;
+    }
+}
+
+void *
+ss_realloc(void *ptr, size_t new_size)
+{
+    void *new = realloc(ptr, new_size);
+    if (new == NULL) {
+        free(ptr);
+        ptr = NULL;
+        exit(EXIT_FAILURE);
+    }
+    return new;
+}
+
+int
+ss_is_ipv6addr(const char *addr)
+{
+    return strcmp(addr, ":") > 0;
+}
+
+void
+usage()
+{
+    printf("\n");
+    printf("shadowsocks-libev %s\n\n", VERSION);
+    printf(
+        "  maintained by Max Lv <max.c.lv@gmail.com> and Linus Yang <laokongzi@gmail.com>\n\n");
+    printf("  usage:\n\n");
+#ifdef MODULE_LOCAL
+    printf("    ss-local\n");
+#elif MODULE_REMOTE
+    printf("    ss-server\n");
+#elif MODULE_TUNNEL
+    printf("    ss-tunnel\n");
+#elif MODULE_REDIR
+    printf("    ss-redir\n");
+#elif MODULE_MANAGER
+    printf("    ss-manager\n");
+#endif
+    printf("\n");
+    printf(
+        "       -s <server_host>           Host name or IP address of your remote server.\n");
+    printf(
+        "       -p <server_port>           Port number of your remote server.\n");
+    printf(
+        "       -l <local_port>            Port number of your local server.\n");
+    printf(
+        "       -k <password>              Password of your remote server.\n");
+    printf(
+        "       -m <encrypt_method>        Encrypt method: rc4-md5, \n");
+    printf(
+        "                                  aes-128-gcm, aes-192-gcm, aes-256-gcm,\n");
+    printf(
+        "                                  aes-128-cfb, aes-192-cfb, aes-256-cfb,\n");
+    printf(
+        "                                  aes-128-ctr, aes-192-ctr, aes-256-ctr,\n");
+    printf(
+        "                                  camellia-128-cfb, camellia-192-cfb,\n");
+    printf(
+        "                                  camellia-256-cfb, bf-cfb,\n");
+    printf(
+        "                                  chacha20-ietf-poly1305,\n");
+#ifdef FS_HAVE_XCHACHA20IETF
+    printf(
+        "                                  xchacha20-ietf-poly1305,\n");
+#endif
+    printf(
+        "                                  salsa20, chacha20 and chacha20-ietf.\n");
+    printf(
+        "                                  The default cipher is chacha20-ietf-poly1305.\n");
+    printf("\n");
+    printf(
+        "       [-a <user>]                Run as another user.\n");
+    printf(
+        "       [-f <pid_file>]            The file path to store pid.\n");
+    printf(
+        "       [-t <timeout>]             Socket timeout in seconds.\n");
+    printf(
+        "       [-c <config_file>]         The path to config file.\n");
+#ifdef HAVE_SETRLIMIT
+    printf(
+        "       [-n <number>]              Max number of open files.\n");
+#endif
+#ifndef MODULE_REDIR
+    printf(
+        "       [-i <interface>]           Network interface to bind.\n");
+#endif
+    printf(
+        "       [-b <local_address>]       Local address to bind.\n");
+    printf("\n");
+    printf(
+        "       [-u]                       Enable UDP relay.\n");
+#ifdef MODULE_REDIR
+    printf(
+        "                                  TPROXY is required in redir mode.\n");
+#endif
+    printf(
+        "       [-U]                       Enable UDP relay and disable TCP relay.\n");
+#ifdef MODULE_REDIR
+    printf(
+        "       [-T]                       Use tproxy instead of redirect (for tcp).\n");
+#endif
+#ifdef MODULE_REMOTE
+    printf(
+        "       [-6]                       Resovle hostname to IPv6 address first.\n");
+#endif
+    printf("\n");
+#ifdef MODULE_TUNNEL
+    printf(
+        "       [-L <addr>:<port>]         Destination server address and port\n");
+    printf(
+        "                                  for local port forwarding.\n");
+#endif
+#ifdef MODULE_REMOTE
+    printf(
+        "       [-d <addr>]                Name servers for internal DNS resolver.\n");
+#endif
+    printf(
+        "       [--reuse-port]             Enable port reuse.\n");
+#if defined(MODULE_REMOTE) || defined(MODULE_LOCAL) || defined(MODULE_REDIR)
+    printf(
+        "       [--fast-open]              Enable TCP fast open.\n");
+    printf(
+        "                                  with Linux kernel > 3.7.0.\n");
+#endif
+#if defined(MODULE_REMOTE) || defined(MODULE_LOCAL)
+    printf(
+        "       [--acl <acl_file>]         Path to ACL (Access Control List).\n");
+#endif
+#if defined(MODULE_REMOTE) || defined(MODULE_MANAGER)
+    printf(
+        "       [--manager-address <addr>] UNIX domain socket address.\n");
+#endif
+#ifdef MODULE_MANAGER
+    printf(
+        "       [--executable <path>]      Path to the executable of ss-server.\n");
+    printf(
+        "       [-D <path>]                Path to the working directory of ss-manager.\n");
+#endif
+    printf(
+        "       [--mtu <MTU>]              MTU of your network interface.\n");
+#ifdef __linux__
+    printf(
+        "       [--mptcp]                  Enable Multipath TCP on MPTCP Kernel.\n");
+#endif
+#ifndef MODULE_MANAGER
+    printf(
+        "       [--no-delay]               Enable TCP_NODELAY.\n");
+    printf(
+        "       [--key <key_in_base64>]    Key of your remote server.\n");
+#endif
+    printf(
+        "       [--plugin <name>]          Enable SIP003 plugin. (Experimental)\n");
+    printf(
+        "       [--plugin-opts <options>]  Set SIP003 plugin options. (Experimental)\n");
+    printf("\n");
+    printf(
+        "       [-v]                       Verbose mode.\n");
+    printf(
+        "       [-h, --help]               Print this message.\n");
+    printf("\n");
+}
+
+void
+daemonize(const char *path)
+{
+#ifndef __MINGW32__
+    /* Our process ID and Session ID */
+    pid_t pid, sid;
+
+    /* Fork off the parent process */
+    pid = fork();
+    if (pid < 0) {
+        exit(EXIT_FAILURE);
+    }
+
+    /* If we got a good PID, then
+     * we can exit the parent process. */
+    if (pid > 0) {
+        FILE *file = fopen(path, "w");
+        if (file == NULL) {
+            FATAL("Invalid pid file\n");
+        }
+
+        fprintf(file, "%d", (int)pid);
+        fclose(file);
+        exit(EXIT_SUCCESS);
+    }
+
+    /* Change the file mode mask */
+    umask(0);
+
+    /* Open any logs here */
+
+    /* Create a new SID for the child process */
+    sid = setsid();
+    if (sid < 0) {
+        /* Log the failure */
+        exit(EXIT_FAILURE);
+    }
+
+    /* Change the current working directory */
+    if ((chdir("/")) < 0) {
+        /* Log the failure */
+        exit(EXIT_FAILURE);
+    }
+
+    int dev_null = open("/dev/null", O_WRONLY);
+    if (dev_null) {
+        /* Redirect to null device  */
+        dup2(dev_null, STDOUT_FILENO);
+        dup2(dev_null, STDERR_FILENO);
+    } else {
+        /* Close the standard file descriptors */
+        close(STDOUT_FILENO);
+        close(STDERR_FILENO);
+    }
+
+    /* Close the standard file descriptors */
+    close(STDIN_FILENO);
+#else
+    LOGE("daemonize(): not implemented in MinGW port");
+#endif
+}
+
+#ifdef HAVE_SETRLIMIT
+int
+set_nofile(int nofile)
+{
+    struct rlimit limit = { nofile, nofile }; /* set both soft and hard limit */
+
+    if (nofile <= 0) {
+        FATAL("nofile must be greater than 0\n");
+    }
+
+    if (setrlimit(RLIMIT_NOFILE, &limit) < 0) {
+        if (errno == EPERM) {
+            LOGE(
+                "insufficient permission to change NOFILE, not starting as root?");
+            return -1;
+        } else if (errno == EINVAL) {
+            LOGE("invalid nofile, decrease nofile and try again");
+            return -1;
+        } else {
+            LOGE("setrlimit failed: %s", strerror(errno));
+            return -1;
+        }
+    }
+
+    return 0;
+}
+
+#endif
+
+char *
+get_default_conf(void)
+{
+#ifndef __MINGW32__
+    static char sysconf[] = "/etc/shadowsocks-libev/config.json";
+    static char *userconf = NULL;
+    static int buf_size   = 0;
+    char *conf_home;
+
+    conf_home = getenv("XDG_CONFIG_HOME");
+
+    // Memory of userconf only gets allocated once, and will not be
+    // freed. It is used as static buffer.
+    if (!conf_home) {
+        if (buf_size == 0) {
+            buf_size = 50 + strlen(getenv("HOME"));
+            userconf = malloc(buf_size);
+        }
+        snprintf(userconf, buf_size, "%s%s", getenv("HOME"),
+                 "/.config/shadowsocks-libev/config.json");
+    } else {
+        if (buf_size == 0) {
+            buf_size = 50 + strlen(conf_home);
+            userconf = malloc(buf_size);
+        }
+        snprintf(userconf, buf_size, "%s%s", conf_home,
+                 "/shadowsocks-libev/config.json");
+    }
+
+    // Check if the user-specific config exists.
+    if (access(userconf, F_OK) != -1)
+        return userconf;
+
+    // If not, fall back to the system-wide config.
+    free(userconf);
+    return sysconf;
+#else
+    return "config.json";
+#endif
+}
+
+uint16_t
+load16_be(const void *s)
+{
+    const uint8_t *in = (const uint8_t *)s;
+    return ((uint16_t)in[0] << 8)
+           | ((uint16_t)in[1]);
+}
diff --git a/client/3rd/ShadowSocks/ShadowSocks/shadowsocks-libev/src/utils.h b/client/3rd/ShadowSocks/ShadowSocks/shadowsocks-libev/src/utils.h
new file mode 100644
index 00000000..450e3ecd
--- /dev/null
+++ b/client/3rd/ShadowSocks/ShadowSocks/shadowsocks-libev/src/utils.h
@@ -0,0 +1,254 @@
+/*
+ * utils.h - Misc utilities
+ *
+ * Copyright (C) 2013 - 2019, Max Lv <max.c.lv@gmail.com>
+ *
+ * This file is part of the shadowsocks-libev.
+ *
+ * shadowsocks-libev is free software; you can redistribute it and/or modify
+ * it under the terms of the GNU General Public License as published by
+ * the Free Software Foundation; either version 3 of the License, or
+ * (at your option) any later version.
+ *
+ * shadowsocks-libev is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+ * GNU General Public License for more details.
+ *
+ * You should have received a copy of the GNU General Public License
+ * along with shadowsocks-libev; see the file COPYING. If not, see
+ * <http://www.gnu.org/licenses/>.
+ */
+
+#ifndef _UTILS_H
+#define _UTILS_H
+
+#include <stddef.h>
+#include <stdint.h>
+#include <stdlib.h>
+#include <stdio.h>
+#include <time.h>
+
+#define PORTSTRLEN 16
+#define SS_ADDRSTRLEN (INET6_ADDRSTRLEN + PORTSTRLEN + 1)
+
+#ifdef __ANDROID__
+
+#include <android/log.h>
+#define USE_TTY()
+#define USE_SYSLOG(ident, _cond)
+#define LOGI(...)                                                \
+    ((void)__android_log_print(ANDROID_LOG_DEBUG, "shadowsocks", \
+                               __VA_ARGS__))
+#define LOGE(...)                                                \
+    ((void)__android_log_print(ANDROID_LOG_ERROR, "shadowsocks", \
+                               __VA_ARGS__))
+
+#else // not __ANDROID__
+
+#define STR(x) # x
+#define TOSTR(x) STR(x)
+
+#ifdef LIB_ONLY
+
+extern FILE *logfile;
+#define TIME_FORMAT "%Y-%m-%d %H:%M:%S"
+#define USE_TTY()
+#define USE_SYSLOG(ident, _cond)
+#define USE_LOGFILE(ident)                                     \
+    do {                                                       \
+        if (ident != NULL) { logfile = fopen(ident, "w+"); } } \
+    while (0)
+
+#define CLOSE_LOGFILE                               \
+    do {                                            \
+        if (logfile != NULL) { fclose(logfile); } } \
+    while (0)
+#define LOGI(format, ...)                                                        \
+    do {                                                                         \
+        if (logfile != NULL) {                                                   \
+            time_t now = time(NULL);                                             \
+            char timestr[20];                                                    \
+            strftime(timestr, 20, TIME_FORMAT, localtime(&now));                 \
+            fprintf(logfile, " %s INFO: " format "\n", timestr, ## __VA_ARGS__); \
+            fflush(logfile); }                                                   \
+    }                                                                            \
+    while (0)
+#define LOGE(format, ...)                                        \
+    do {                                                         \
+        if (logfile != NULL) {                                   \
+            time_t now = time(NULL);                             \
+            char timestr[20];                                    \
+            strftime(timestr, 20, TIME_FORMAT, localtime(&now)); \
+            fprintf(logfile, " %s ERROR: " format "\n", timestr, \
+                    ## __VA_ARGS__);                             \
+            fflush(logfile); }                                   \
+    }                                                            \
+    while (0)
+
+#else // not LIB_ONLY
+
+#ifdef __MINGW32__
+
+#define USE_TTY()
+#define USE_SYSLOG(ident, _cond)
+#define USE_LOGFILE(ident)
+#define TIME_FORMAT "%Y-%m-%d %H:%M:%S"
+#define LOGI(format, ...)                                    \
+    do {                                                     \
+        time_t now = time(NULL);                             \
+        char timestr[20];                                    \
+        strftime(timestr, 20, TIME_FORMAT, localtime(&now)); \
+        ss_color_info();                                     \
+        fprintf(stdout, " %s INFO: ", timestr);              \
+        ss_color_reset();                                    \
+        fprintf(stdout, format "\n", ## __VA_ARGS__);        \
+        fflush(stdout);                                      \
+    }                                                        \
+    while (0)
+
+#define LOGE(format, ...)                                     \
+    do {                                                      \
+        time_t now = time(NULL);                              \
+        char timestr[20];                                     \
+        strftime(timestr, 20, TIME_FORMAT, localtime(&now));  \
+        ss_color_error();                                     \
+        fprintf(stderr, " %s ERROR: ", timestr);              \
+        ss_color_reset();                                     \
+        fprintf(stderr, format "\n", ## __VA_ARGS__);         \
+        fflush(stderr);                                       \
+    }                                                         \
+    while (0)
+
+#else // not __MINGW32__
+
+#include <syslog.h>
+extern int use_tty;
+extern int use_syslog;
+
+#define HAS_SYSLOG
+#define TIME_FORMAT "%F %T"
+
+#define USE_TTY()                        \
+    do {                                 \
+        use_tty = isatty(STDERR_FILENO); \
+    } while (0)
+
+#define USE_SYSLOG(_ident, _cond)                               \
+    do {                                                        \
+        if (!use_syslog && (_cond)) {                           \
+            use_syslog = 1;                                     \
+        }                                                       \
+        if (use_syslog) {                                       \
+            openlog((_ident), LOG_CONS | LOG_PID, LOG_DAEMON);  \
+        }                                                       \
+    } while (0)
+
+#define LOGI(format, ...)                                                        \
+    do {                                                                         \
+        if (use_syslog) {                                                        \
+            syslog(LOG_INFO, format, ## __VA_ARGS__);                            \
+        } else {                                                                 \
+            time_t now = time(NULL);                                             \
+            char timestr[20];                                                    \
+            strftime(timestr, 20, TIME_FORMAT, localtime(&now));                 \
+            if (use_tty) {                                                       \
+                fprintf(stdout, "\e[01;32m %s INFO: \e[0m" format "\n", timestr, \
+                        ## __VA_ARGS__);                                         \
+                fflush(stdout);                                                  \
+            } else {                                                             \
+                fprintf(stdout, " %s INFO: " format "\n", timestr,               \
+                        ## __VA_ARGS__);                                         \
+                fflush(stdout);                                                  \
+            }                                                                    \
+        }                                                                        \
+    }                                                                            \
+    while (0)
+
+#define LOGE(format, ...)                                                         \
+    do {                                                                          \
+        if (use_syslog) {                                                         \
+            syslog(LOG_ERR, format, ## __VA_ARGS__);                              \
+        } else {                                                                  \
+            time_t now = time(NULL);                                              \
+            char timestr[20];                                                     \
+            strftime(timestr, 20, TIME_FORMAT, localtime(&now));                  \
+            if (use_tty) {                                                        \
+                fprintf(stderr, "\e[01;35m %s ERROR: \e[0m" format "\n", timestr, \
+                        ## __VA_ARGS__);                                          \
+                fflush(stderr);                                                   \
+            } else {                                                              \
+                fprintf(stderr, " %s ERROR: " format "\n", timestr,               \
+                        ## __VA_ARGS__);                                          \
+                fflush(stderr);                                                   \
+            }                                                                     \
+        } }                                                                       \
+    while (0)
+
+#endif // if __MINGW32__
+
+#endif // if LIB_ONLY
+
+#endif // if __ANDROID__
+
+// Workaround for "%z" in Windows printf
+#ifdef __MINGW32__
+#define SSIZE_FMT "%Id"
+#define SIZE_FMT "%Iu"
+#else
+#define SSIZE_FMT "%zd"
+#define SIZE_FMT "%zu"
+#endif
+
+#ifdef __MINGW32__
+// Override Windows built-in functions
+#ifdef ERROR
+#undef ERROR
+#endif
+#define ERROR(s) ss_error(s)
+
+// Implemented in winsock.c
+void ss_error(const char *s);
+void ss_color_info(void);
+void ss_color_error(void);
+void ss_color_reset(void);
+#else
+void ERROR(const char *s);
+#endif
+
+char *ss_itoa(int i);
+int ss_isnumeric(const char *s);
+int run_as(const char *user);
+void FATAL(const char *msg);
+void usage(void);
+void daemonize(const char *path);
+char *ss_strndup(const char *s, size_t n);
+#ifdef HAVE_SETRLIMIT
+int set_nofile(int nofile);
+#endif
+
+void *ss_malloc(size_t size);
+void *ss_aligned_malloc(size_t size);
+void *ss_realloc(void *ptr, size_t new_size);
+
+#define ss_free(ptr) \
+    { \
+        free(ptr); \
+        ptr = NULL; \
+    }
+
+#ifdef __MINGW32__
+#define ss_aligned_free(ptr) \
+    { \
+        _aligned_free(ptr); \
+        ptr = NULL; \
+    }
+#else
+#define ss_aligned_free(ptr) ss_free(ptr)
+#endif
+
+int ss_is_ipv6addr(const char *addr);
+char *get_default_conf(void);
+uint16_t load16_be(const void *s);
+
+#endif // _UTILS_H
diff --git a/client/3rd/ShadowSocks/ShadowSocks/shadowsocks-libev/src/winsock.c b/client/3rd/ShadowSocks/ShadowSocks/shadowsocks-libev/src/winsock.c
new file mode 100644
index 00000000..26ea3443
--- /dev/null
+++ b/client/3rd/ShadowSocks/ShadowSocks/shadowsocks-libev/src/winsock.c
@@ -0,0 +1,246 @@
+/*
+ * winsock.c - Windows socket compatibility layer
+ *
+ * Copyright (C) 2013 - 2019, Max Lv <max.c.lv@gmail.com>
+ *
+ * This file is part of the shadowsocks-libev.
+ *
+ * shadowsocks-libev is free software; you can redistribute it and/or modify
+ * it under the terms of the GNU General Public License as published by
+ * the Free Software Foundation; either version 3 of the License, or
+ * (at your option) any later version.
+ *
+ * shadowsocks-libev is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+ * GNU General Public License for more details.
+ *
+ * You should have received a copy of the GNU General Public License
+ * along with shadowsocks-libev; see the file COPYING. If not, see
+ * <http://www.gnu.org/licenses/>.
+ */
+
+#ifdef __MINGW32__
+
+#include "winsock.h"
+#include "utils.h"
+
+#ifndef ENABLE_QUICK_EDIT
+#define ENABLE_QUICK_EDIT 0x0040
+#endif
+
+#ifndef STD_INPUT_HANDLE
+#define STD_INPUT_HANDLE ((DWORD)-10)
+#endif
+
+#ifndef ENABLE_EXTENDED_FLAGS
+#define ENABLE_EXTENDED_FLAGS 0x0080
+#endif
+
+#ifndef STD_OUTPUT_HANDLE
+#define STD_OUTPUT_HANDLE ((DWORD)-11)
+#endif
+
+static void
+disable_quick_edit(void)
+{
+    DWORD mode     = 0;
+    HANDLE console = GetStdHandle(STD_INPUT_HANDLE);
+
+    // Get current console mode
+    if (console == NULL ||
+        console == INVALID_HANDLE_VALUE ||
+        !GetConsoleMode(console, &mode)) {
+        return;
+    }
+
+    // Clear the quick edit bit in the mode flags
+    mode &= ~ENABLE_QUICK_EDIT;
+    mode |= ENABLE_EXTENDED_FLAGS;
+    SetConsoleMode(console, mode);
+}
+
+void
+winsock_init(void)
+{
+    int ret;
+    WSADATA wsa_data;
+    ret = WSAStartup(MAKEWORD(2, 2), &wsa_data);
+    if (ret != 0) {
+        FATAL("Failed to initialize winsock");
+    }
+    // Disable quick edit mode to prevent stuck
+    disable_quick_edit();
+}
+
+void
+winsock_cleanup(void)
+{
+    WSACleanup();
+}
+
+int
+setnonblocking(SOCKET socket)
+{
+    u_long arg = 1;
+    return ioctlsocket(socket, FIONBIO, &arg);
+}
+
+void
+ss_error(const char *s)
+{
+    char *msg = NULL;
+    DWORD err = WSAGetLastError();
+    FormatMessage(
+        FORMAT_MESSAGE_ALLOCATE_BUFFER |
+        FORMAT_MESSAGE_FROM_SYSTEM |
+        FORMAT_MESSAGE_IGNORE_INSERTS,
+        NULL, err,
+        MAKELANGID(LANG_NEUTRAL, SUBLANG_DEFAULT),
+        (LPTSTR)&msg, 0, NULL);
+    if (msg != NULL) {
+        // Remove trailing newline character
+        ssize_t len = strlen(msg) - 1;
+        if (len >= 0 && msg[len] == '\n') {
+            msg[len] = '\0';
+        }
+        LOGE("%s: [%ld] %s", s, err, msg);
+        LocalFree(msg);
+    }
+}
+
+char *
+ss_gai_strerror(int ecode)
+{
+    static TCHAR buff[GAI_STRERROR_BUFFER_SIZE + 1];
+    FormatMessage(
+        FORMAT_MESSAGE_FROM_SYSTEM |
+        FORMAT_MESSAGE_IGNORE_INSERTS |
+        FORMAT_MESSAGE_MAX_WIDTH_MASK,
+        NULL, ecode,
+        MAKELANGID(LANG_NEUTRAL, SUBLANG_DEFAULT),
+        (LPTSTR)buff, GAI_STRERROR_BUFFER_SIZE, NULL);
+    return (char *)buff;
+}
+
+static BOOL
+get_conattr(HANDLE console, WORD *out_attr)
+{
+    static BOOL done       = FALSE;
+    static WORD saved_attr = 0;
+    if (!done) {
+        CONSOLE_SCREEN_BUFFER_INFO info;
+        if (GetConsoleScreenBufferInfo(console, &info)) {
+            saved_attr = info.wAttributes;
+            done       = TRUE;
+        }
+    }
+    if (out_attr != NULL) {
+        *out_attr = saved_attr;
+    }
+    return done;
+}
+
+static BOOL
+set_concolor(WORD color, BOOL reset)
+{
+    static HANDLE console = NULL;
+    if (console == NULL) {
+        console = GetStdHandle(STD_OUTPUT_HANDLE);
+    }
+    if (console == NULL ||
+        console == INVALID_HANDLE_VALUE) {
+        // If no console is available, we will not try again
+        console = INVALID_HANDLE_VALUE;
+        return FALSE;
+    }
+    WORD attr;
+    if (!get_conattr(console, &attr)) {
+        return FALSE;
+    }
+    if (!reset) {
+        // Only override foreground color without changing background
+        attr &= ~(FOREGROUND_RED | FOREGROUND_GREEN |
+                  FOREGROUND_BLUE | FOREGROUND_INTENSITY);
+        attr |= (color | FOREGROUND_INTENSITY);
+    }
+    return SetConsoleTextAttribute(console, attr);
+}
+
+void
+ss_color_info(void)
+{
+    set_concolor(FOREGROUND_GREEN, FALSE);
+}
+
+void
+ss_color_error(void)
+{
+    set_concolor(FOREGROUND_RED | FOREGROUND_BLUE, FALSE);
+}
+
+void
+ss_color_reset(void)
+{
+    set_concolor(0, TRUE);
+}
+
+#ifdef TCP_FASTOPEN_WINSOCK
+LPFN_CONNECTEX
+winsock_getconnectex(void)
+{
+    static LPFN_CONNECTEX pConnectEx = NULL;
+    if (pConnectEx != NULL) {
+        return pConnectEx;
+    }
+
+    // Dummy socket for WSAIoctl
+    SOCKET s = socket(AF_INET, SOCK_STREAM, 0);
+    if (s == INVALID_SOCKET) {
+        ERROR("socket");
+        return NULL;
+    }
+
+    // Load ConnectEx function
+    GUID guid = WSAID_CONNECTEX;
+    DWORD numBytes;
+    int ret = -1;
+    ret = WSAIoctl(s, SIO_GET_EXTENSION_FUNCTION_POINTER,
+                   (void *)&guid, sizeof(guid),
+                   (void *)&pConnectEx, sizeof(pConnectEx),
+                   &numBytes, NULL, NULL);
+    if (ret != 0) {
+        ERROR("WSAIoctl");
+        closesocket(s);
+        return NULL;
+    }
+    closesocket(s);
+    return pConnectEx;
+}
+
+int
+winsock_dummybind(SOCKET fd, struct sockaddr *sa)
+{
+    struct sockaddr_storage ss;
+    memset(&ss, 0, sizeof(ss));
+    if (sa->sa_family == AF_INET) {
+        struct sockaddr_in *sin = (struct sockaddr_in *)&ss;
+        sin->sin_family      = AF_INET;
+        sin->sin_addr.s_addr = INADDR_ANY;
+    } else if (sa->sa_family == AF_INET6) {
+        struct sockaddr_in6 *sin6 = (struct sockaddr_in6 *)&ss;
+        sin6->sin6_family = AF_INET6;
+        sin6->sin6_addr   = in6addr_any;
+    } else {
+        return -1;
+    }
+    if (bind(fd, (struct sockaddr *)&ss, sizeof(ss)) < 0 &&
+        WSAGetLastError() != WSAEINVAL) {
+        return -1;
+    }
+    return 0;
+}
+
+#endif
+
+#endif // __MINGW32__
diff --git a/client/3rd/ShadowSocks/ShadowSocks/shadowsocks-libev/src/winsock.h b/client/3rd/ShadowSocks/ShadowSocks/shadowsocks-libev/src/winsock.h
new file mode 100644
index 00000000..4e8acc7e
--- /dev/null
+++ b/client/3rd/ShadowSocks/ShadowSocks/shadowsocks-libev/src/winsock.h
@@ -0,0 +1,123 @@
+/*
+ * winsock.h - Windows socket compatibility layer
+ *
+ * Copyright (C) 2013 - 2019, Max Lv <max.c.lv@gmail.com>
+ *
+ * This file is part of the shadowsocks-libev.
+ *
+ * shadowsocks-libev is free software; you can redistribute it and/or modify
+ * it under the terms of the GNU General Public License as published by
+ * the Free Software Foundation; either version 3 of the License, or
+ * (at your option) any later version.
+ *
+ * shadowsocks-libev is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+ * GNU General Public License for more details.
+ *
+ * You should have received a copy of the GNU General Public License
+ * along with shadowsocks-libev; see the file COPYING. If not, see
+ * <http://www.gnu.org/licenses/>.
+ */
+
+#ifndef _WINSOCK_H
+#define _WINSOCK_H
+
+#ifdef __MINGW32__
+
+// Target NT6
+#ifndef WIN32_LEAN_AND_MEAN
+#define WIN32_LEAN_AND_MEAN
+#endif
+
+#if defined(_WIN32_WINNT) && _WIN32_WINNT < 0x0600
+#undef _WIN32_WINNT
+#endif
+
+#ifndef _WIN32_WINNT
+#define _WIN32_WINNT 0x0600
+#endif
+
+// Winsock headers
+#include <windows.h>
+#include <winsock2.h>
+#include <ws2tcpip.h>
+#include <mswsock.h>
+
+// Override POSIX error number
+#ifdef errno
+#undef errno
+#endif
+#define errno WSAGetLastError()
+
+#ifdef EWOULDBLOCK
+#undef EWOULDBLOCK
+#endif
+#define EWOULDBLOCK WSAEWOULDBLOCK
+
+#ifdef CONNECT_IN_PROGRESS
+#undef CONNECT_IN_PROGRESS
+#endif
+#define CONNECT_IN_PROGRESS WSAEWOULDBLOCK
+
+#ifdef EOPNOTSUPP
+#undef EOPNOTSUPP
+#endif
+#define EOPNOTSUPP WSAEOPNOTSUPP
+
+#ifdef EPROTONOSUPPORT
+#undef EPROTONOSUPPORT
+#endif
+#define EPROTONOSUPPORT WSAEPROTONOSUPPORT
+
+#ifdef ENOPROTOOPT
+#undef ENOPROTOOPT
+#endif
+#define ENOPROTOOPT WSAENOPROTOOPT
+
+// Check if ConnectEx supported in header
+#ifdef WSAID_CONNECTEX
+// Hardcode TCP fast open option
+#ifndef TCP_FASTOPEN
+#define TCP_FASTOPEN 15
+#endif
+// Enable TFO support
+#define TCP_FASTOPEN_WINSOCK 1
+#endif
+
+// Override close function
+#define close(fd) closesocket(fd)
+
+// Override MinGW functions
+#define setsockopt(a, b, c, d, e) setsockopt(a, b, c, (const char *)(d), e)
+#define inet_ntop(a, b, c, d) inet_ntop(a, (void *)(b), c, d)
+
+// Override Windows built-in functions
+#ifdef ERROR
+#undef ERROR
+#endif
+#define ERROR(s) ss_error(s)
+
+#ifdef gai_strerror
+#undef gai_strerror
+#endif
+#define gai_strerror(e) ss_gai_strerror(e)
+char *ss_gai_strerror(int ecode);
+
+// Missing Unix functions
+#define sleep(x) Sleep((x) * 1000)
+#define bzero(s, n) memset(s, 0, n)
+#define strndup(s, n) ss_strndup(s, n)
+
+// Winsock compatibility functions
+int setnonblocking(SOCKET socket);
+void winsock_init(void);
+void winsock_cleanup(void);
+#ifdef TCP_FASTOPEN_WINSOCK
+LPFN_CONNECTEX winsock_getconnectex(void);
+int winsock_dummybind(SOCKET fd, struct sockaddr *sa);
+#endif
+
+#endif // __MINGW32__
+
+#endif // _WINSOCK_H
diff --git a/client/3rd/ShadowSocks/ss_ios.xcconfig b/client/3rd/ShadowSocks/ss_ios.xcconfig
new file mode 100644
index 00000000..8b67bd01
--- /dev/null
+++ b/client/3rd/ShadowSocks/ss_ios.xcconfig
@@ -0,0 +1,23 @@
+SUPPORTED_PLATFORMS = iphoneos
+TARGETED_DEVICE_FAMILY = 1,2
+
+HEADER_SEARCH_PATHS = $(inherited) $(SRCROOT)/ShadowSocks
+//HEADER_SEARCH_PATHS = $(inherited) $(SRCROOT)/ShadowSocks $(SRCROOT)/ShadowSocks/libcares/include $(SRCROOT)/ShadowSocks/libev/arm64/include $(SRCROOT)/ShadowSocks/libsodium/include $(SRCROOT)/ShadowSocks/mbedtls/include $(SRCROOT)/ShadowSocks/pcre/arm64/include $(SRCROOT)/ShadowSocks/shadowsocks-libev/include
+
+//CLANG_CXX_LANGUAGE_STANDARD = gnu++14
+//CLANG_CXX_LIBRARY = libc++
+
+////////////////////////////////////////////////////////////////////////////////
+//
+// iOS-specific settings
+//
+IPHONEOS_DEPLOYMENT_TARGET = 9.3
+
+SDKROOT[arch=arm64] = iphoneos
+SDKROOT[arch=armv7] = iphoneos
+SDKROOT[arch=armv7s] = iphoneos
+
+VALID_ARCHS[sdk=iphoneos*] = arm64
+PROJECT_TEMP_DIR = /Users/sanchez/work/vied/ios/vpn/desktop-client-bkp/client/3rd/ShadowSocks/build/ShadowSocks.build
+CONFIGURATION_BUILD_DIR = /Users/sanchez/work/vied/ios/vpn/desktop-client-bkp/client/3rd/ShadowSocks/build/Release-iphoneos
+BUILT_PRODUCTS_DIR = /Users/sanchez/work/vied/ios/vpn/desktop-client-bkp/client/3rd/ShadowSocks/build/Release-iphoneos  
diff --git a/client/3rd/libleaf/include/leaf.h b/client/3rd/libleaf/include/leaf.h
new file mode 100644
index 00000000..dd93d351
--- /dev/null
+++ b/client/3rd/libleaf/include/leaf.h
@@ -0,0 +1,117 @@
+#include <stdarg.h>
+#include <stdbool.h>
+#include <stdint.h>
+#include <stdlib.h>
+
+/**
+ * No error.
+ */
+#define ERR_OK 0
+
+/**
+ * Config path error.
+ */
+#define ERR_CONFIG_PATH 1
+
+/**
+ * Config parsing error.
+ */
+#define ERR_CONFIG 2
+
+/**
+ * IO error.
+ */
+#define ERR_IO 3
+
+/**
+ * Config file watcher error.
+ */
+#define ERR_WATCHER 4
+
+/**
+ * Async channel send error.
+ */
+#define ERR_ASYNC_CHANNEL_SEND 5
+
+/**
+ * Sync channel receive error.
+ */
+#define ERR_SYNC_CHANNEL_RECV 6
+
+/**
+ * Runtime manager error.
+ */
+#define ERR_RUNTIME_MANAGER 7
+
+/**
+ * No associated config file.
+ */
+#define ERR_NO_CONFIG_FILE 8
+
+/**
+ * Starts leaf with options, on a successful start this function blocks the current
+ * thread.
+ *
+ * @note This is not a stable API, parameters will change from time to time.
+ *
+ * @param rt_id A unique ID to associate this leaf instance, this is required when
+ *              calling subsequent FFI functions, e.g. reload, shutdown.
+ * @param config_path The path of the config file, must be a file with suffix .conf
+ *                    or .json, according to the enabled features.
+ * @param auto_reload Enabls auto reloading when config file changes are detected,
+ *                    takes effect only when the "auto-reload" feature is enabled.
+ * @param multi_thread Whether to use a multi-threaded runtime.
+ * @param auto_threads Sets the number of runtime worker threads automatically,
+ *                     takes effect only when multi_thread is true.
+ * @param threads Sets the number of runtime worker threads, takes effect when
+ *                     multi_thread is true, but can be overridden by auto_threads.
+ * @param stack_size Sets stack size of the runtime worker threads, takes effect when
+ *                   multi_thread is true.
+ * @return ERR_OK on finish running, any other errors means a startup failure.
+ */
+int32_t leaf_run_with_options(uint16_t rt_id,
+                              const char *config_path,
+                              bool auto_reload,
+                              bool multi_thread,
+                              bool auto_threads,
+                              int32_t threads,
+                              int32_t stack_size);
+
+/**
+ * Starts leaf with a single-threaded runtime, on a successful start this function
+ * blocks the current thread.
+ *
+ * @param rt_id A unique ID to associate this leaf instance, this is required when
+ *              calling subsequent FFI functions, e.g. reload, shutdown.
+ * @param config_path The path of the config file, must be a file with suffix .conf
+ *                    or .json, according to the enabled features.
+ * @return ERR_OK on finish running, any other errors means a startup failure.
+ */
+int32_t leaf_run(uint16_t rt_id, const char *config_path);
+
+/**
+ * Reloads DNS servers, outbounds and routing rules from the config file.
+ *
+ * @param rt_id The ID of the leaf instance to reload.
+ *
+ * @return Returns ERR_OK on success.
+ */
+int32_t leaf_reload(uint16_t rt_id);
+
+/**
+ * Shuts down leaf.
+ *
+ * @param rt_id The ID of the leaf instance to reload.
+ *
+ * @return Returns true on success, false otherwise.
+ */
+bool leaf_shutdown(uint16_t rt_id);
+
+/**
+ * Tests the configuration.
+ *
+ * @param config_path The path of the config file, must be a file with suffix .conf
+ *                    or .json, according to the enabled features.
+ * @return Returns ERR_OK on success, i.e no syntax error.
+ */
+int32_t leaf_test_config(const char *config_path);
diff --git a/client/3rd/libleaf/lib/libleaf.a b/client/3rd/libleaf/lib/libleaf.a
new file mode 100644
index 00000000..8198fa1a
Binary files /dev/null and b/client/3rd/libleaf/lib/libleaf.a differ
diff --git a/client/3rd/outline-go-tun2socks b/client/3rd/outline-go-tun2socks
new file mode 160000
index 00000000..e08601a0
--- /dev/null
+++ b/client/3rd/outline-go-tun2socks
@@ -0,0 +1 @@
+Subproject commit e08601a0b188ad80baf4c243c5e2f288cdd7d1e6
diff --git a/client/3rd/wireguard-tools b/client/3rd/wireguard-tools
index 7a321ce8..71799a8f 160000
--- a/client/3rd/wireguard-tools
+++ b/client/3rd/wireguard-tools
@@ -1 +1 @@
-Subproject commit 7a321ce808ef9cec1f45cce92befcc9e170d3aa9
+Subproject commit 71799a8f6d1450b63071a21cad6ed434b348d3d5
diff --git a/client/AmneziaVPN-Swift.h b/client/AmneziaVPN-Swift.h
index 5fa52612..08981bcd 100644
--- a/client/AmneziaVPN-Swift.h
+++ b/client/AmneziaVPN-Swift.h
@@ -218,8 +218,10 @@ SWIFT_CLASS("_TtC10AmneziaVPN18IOSVpnProtocolImpl")
 @interface IOSVpnProtocolImpl : NSObject
 - (nonnull instancetype)initWithBundleID:(NSString * _Nonnull)bundleID privateKey:(NSData * _Nonnull)privateKey deviceIpv4Address:(NSString * _Nonnull)deviceIpv4Address deviceIpv6Address:(NSString * _Nonnull)deviceIpv6Address closure:(void (^ _Nonnull)(enum ConnectionState, NSDate * _Nullable))closure callback:(void (^ _Nonnull)(BOOL))callback OBJC_DESIGNATED_INITIALIZER;
 - (nonnull instancetype)initWithBundleID:(NSString * _Nonnull)bundleID config:(NSString * _Nonnull)config closure:(void (^ _Nonnull)(enum ConnectionState, NSDate * _Nullable))closure callback:(void (^ _Nonnull)(BOOL))callback;
+- (nonnull instancetype)initWithBundleID:(NSString * _Nonnull)bundleID tunnelConfig:(NSString * _Nonnull)tunnelConfig ssConfig:(NSString * _Nonnull)ssConfig closure:(void (^ _Nonnull)(enum ConnectionState, NSDate * _Nullable))closure callback:(void (^ _Nonnull)(BOOL))callback;
 - (void)connectWithDnsServer:(NSString * _Nonnull)dnsServer serverIpv6Gateway:(NSString * _Nonnull)serverIpv6Gateway serverPublicKey:(NSString * _Nonnull)serverPublicKey presharedKey:(NSString * _Nonnull)presharedKey serverIpv4AddrIn:(NSString * _Nonnull)serverIpv4AddrIn serverPort:(NSInteger)serverPort allowedIPAddressRanges:(NSArray<VPNIPAddressRange *> * _Nonnull)allowedIPAddressRanges ipv6Enabled:(Boolean)enabled reason:(NSInteger)reason failureCallback:(void (^ _Nonnull)(void))failureCallback;
 - (void)connectWithOvpnConfig:(NSString * _Nonnull)ovpnConfig failureCallback:(void (^ _Nonnull)(void))failureCallback;
+- (void)connectWithSsConfig:(NSString * _Nonnull)ssConfig ovpnConfig:(NSString * _Nonnull)ovpnConfig failureCallback:(void (^ _Nonnull)(void))failureCallback;
 - (void)disconnect;
 - (void)checkStatusWithCallback:(void (^ _Nonnull)(NSString * _Nonnull, NSString * _Nonnull, NSString * _Nonnull))callback;
 - (nonnull instancetype)init SWIFT_UNAVAILABLE;
diff --git a/client/Info.plist b/client/Info.plist
index 03ba3e82..fa592af0 100644
--- a/client/Info.plist
+++ b/client/Info.plist
@@ -2,38 +2,23 @@
 <!DOCTYPE plist PUBLIC "-//Apple//DTD PLIST 1.0//EN" "http://www.apple.com/DTDs/PropertyList-1.0.dtd">
 <plist version="1.0">
 <dict>
-	<key>CFBundleDisplayName</key>
-	<string>${PRODUCT_NAME}</string>
 	<key>CFBundleExecutable</key>
 	<string>${EXECUTABLE_NAME}</string>
 	<key>CFBundleIconFile</key>
 	<string>${ASSETCATALOG_COMPILER_APPICON_NAME}</string>
 	<key>CFBundleIdentifier</key>
 	<string>${PRODUCT_BUNDLE_IDENTIFIER}</string>
-	<key>CFBundleName</key>
-	<string>${PRODUCT_NAME}</string>
 	<key>CFBundlePackageType</key>
 	<string>APPL</string>
-	<key>CFBundleShortVersionString</key>
-	<string>${QMAKE_SHORT_VERSION}</string>
 	<key>CFBundleSignature</key>
 	<string>${QMAKE_PKGINFO_TYPEINFO}</string>
-	<key>CFBundleVersion</key>
-	<string>${QMAKE_FULL_VERSION}</string>
-	<key>LSRequiresIPhoneOS</key>
-	<true/>
-	<key>MinimumOSVersion</key>
-	<string>${IPHONEOS_DEPLOYMENT_TARGET}</string>
+	<key>LSMinimumSystemVersion</key>
+	<string>${MACOSX_DEPLOYMENT_TARGET}</string>
 	<key>NOTE</key>
 	<string>This file was generated by Qt/QMake.</string>
-	<key>UILaunchStoryboardName</key>
-	<string>LaunchScreen</string>
-	<key>UISupportedInterfaceOrientations</key>
-	<array>
-		<string>UIInterfaceOrientationPortrait</string>
-		<string>UIInterfaceOrientationPortraitUpsideDown</string>
-		<string>UIInterfaceOrientationLandscapeLeft</string>
-		<string>UIInterfaceOrientationLandscapeRight</string>
-	</array>
+	<key>NSPrincipalClass</key>
+	<string>NSApplication</string>
+	<key>NSSupportsAutomaticGraphicsSwitching</key>
+	<true/>
 </dict>
 </plist>
diff --git a/client/android/AndroidManifest.xml b/client/android/AndroidManifest.xml
index a18d2034..1c112d2f 100644
--- a/client/android/AndroidManifest.xml
+++ b/client/android/AndroidManifest.xml
@@ -7,7 +7,9 @@
    <uses-permission android:name="android.permission.ACCESS_NETWORK_STATE"/>
    <uses-permission android:name="android.permission.FOREGROUND_SERVICE"/>
    <uses-permission android:name="android.permission.RECEIVE_BOOT_COMPLETED"/>
-   <uses-permission android:name="android.permission.QUERY_ALL_PACKAGES"/>
+
+   <!-- Enable when VPN-per-app mode will be implemented -->
+   <!-- <uses-permission android:name="android.permission.QUERY_ALL_PACKAGES"/> -->
    <uses-permission android:name="android.permission.CAMERA"/>
 
     <!-- The following comment will be replaced upon deployment with default features based on the dependencies of the application.
diff --git a/client/android/build.gradle b/client/android/build.gradle
index 5d662814..6fd19a7c 100644
--- a/client/android/build.gradle
+++ b/client/android/build.gradle
@@ -115,8 +115,8 @@ android {
         resConfig "en"
         minSdkVersion = 24
         targetSdkVersion = 30
-        versionCode 8 // Change to a higher number
-        versionName "2.0.8" // Change to a higher number
+        versionCode 10 // Change to a higher number
+        versionName "2.0.10" // Change to a higher number
 
         javaCompileOptions.annotationProcessorOptions.arguments = [
             "room.schemaLocation": "${qt5AndroidDir}/schemas".toString()
diff --git a/client/client.pro b/client/client.pro
index 90979584..a39ec755 100644
--- a/client/client.pro
+++ b/client/client.pro
@@ -15,7 +15,7 @@ include("3rd/QtSsh/src/ssh/qssh.pri")
 include("3rd/QtSsh/src/botan/botan.pri")
 !android:!ios:include("3rd/SingleApplication/singleapplication.pri")
 include ("3rd/SortFilterProxyModel/SortFilterProxyModel.pri")
-include("3rd/QZXing/src/QZXing-components.pri")
+include("3rd/qzxing/src/QZXing-components.pri")
 
 INCLUDEPATH += $$PWD/3rd/OpenSSL/include
 DEPENDPATH += $$PWD/3rd/OpenSSL/include
@@ -38,6 +38,8 @@ HEADERS  += \
     debug.h \
     defines.h \
     managementserver.h \
+    platforms/ios/MobileUtils.h \
+    platforms/linux/leakdetector.h \
    protocols/protocols_defs.h \
     settings.h \
     ui/notificationhandler.h \
@@ -75,7 +77,8 @@ HEADERS  += \
     logger.h \
     loghandler.h \
     loglevel.h \
-    constants.h
+    constants.h \
+    platforms/ios/QRCodeReaderBase.h
 
 SOURCES  += \
    configurators/cloak_configurator.cpp \
@@ -93,6 +96,8 @@ SOURCES  += \
     debug.cpp \
     main.cpp \
     managementserver.cpp \
+    platforms/ios/MobileUtils.cpp \
+    platforms/linux/leakdetector.cpp \
    protocols/protocols_defs.cpp \
     settings.cpp \
     ui/notificationhandler.cpp \
@@ -126,8 +131,8 @@ SOURCES  += \
     vpnconnection.cpp \
     protocols/vpnprotocol.cpp \
     logger.cpp \
-    loghandler.cpp
-
+    loghandler.cpp \
+    platforms/ios/QRCodeReaderBase.cpp
 
 RESOURCES += \
     resources.qrc
@@ -190,9 +195,10 @@ macx {
 
 linux:!android {
     DEFINES += MVPN_LINUX
-
     LIBS += /usr/lib/x86_64-linux-gnu/libcrypto.a
     LIBS += /usr/lib/x86_64-linux-gnu/libssl.a
+
+    INCLUDEPATH += $$PWD/platforms/linux
 }
 
 win32|macx|linux:!android {
@@ -287,11 +293,6 @@ ios {
     LIBS += -framework StoreKit
     LIBS += -framework UserNotifications
 
-#    LIBS += $$PWD/3rd/OpenVPNAdapter/build/Debug-iphoneos/LZ4.framework
-#    LIBS += $$PWD/3rd/OpenVPNAdapter/build/Debug-iphoneos/mbedTLS.framework
-#    LIBS += $$PWD/3rd/OpenVPNAdapter/build/Debug-iphoneos/OpenVPNClient.framework
-#    LIBS += $$PWD/3rd/OpenVPNAdapter/build/Debug-iphoneos/OpenVPNAdapter.framework
-
     DEFINES += MVPN_IOS
 
     HEADERS += \
@@ -301,15 +302,24 @@ ios {
       platforms/ios/bigint.h \
       platforms/ios/bigintipv6addr.h \
       platforms/ios/ipaddress.h \
-      platforms/ios/ipaddressrange.h
-  
-    SOURCES  += \
+      platforms/ios/ipaddressrange.h \
+      platforms/ios/QtAppDelegate.h \
+      platforms/ios/QtAppDelegate-C-Interface.h
+
+    SOURCES -= \
+      platforms/ios/QRCodeReader.cpp \
+      platforms/ios/MobileUtils.cpp
+
+    SOURCES += \
       protocols/ios_vpnprotocol.mm \
       platforms/ios/iosnotificationhandler.mm \
       platforms/ios/json.cpp \
       platforms/ios/iosglue.mm \
       platforms/ios/ipaddress.cpp \
-      platforms/ios/ipaddressrange.cpp
+      platforms/ios/ipaddressrange.cpp \
+      platforms/ios/QRCodeReaderBase.mm \
+      platforms/ios/QtAppDelegate.mm \
+      platforms/ios/MobileUtils.mm
 
     Q_ENABLE_BITCODE.value = NO
     Q_ENABLE_BITCODE.name = ENABLE_BITCODE
diff --git a/client/configurators/vpn_configurator.cpp b/client/configurators/vpn_configurator.cpp
index 28669168..c2b128f0 100644
--- a/client/configurators/vpn_configurator.cpp
+++ b/client/configurators/vpn_configurator.cpp
@@ -109,12 +109,9 @@ void VpnConfigurator::updateContainerConfigAfterInstallation(DockerContainer con
 
         qDebug() << "amnezia-tor onions" << stdOut;
 
-        QStringList l = stdOut.split(",");
-        for (QString s : l) {
-            if (s.contains(":80")) {
-                protocol.insert(config_key::site, s);
-            }
-        }
+        QString onion = stdOut;
+        onion.replace("\n", "");
+        protocol.insert(config_key::site, onion);
 
         containerConfig.insert(ProtocolProps::protoToString(mainProto), protocol);
     }
diff --git a/client/containers/containers_defs.cpp b/client/containers/containers_defs.cpp
index 63dd83fe..3313a772 100644
--- a/client/containers/containers_defs.cpp
+++ b/client/containers/containers_defs.cpp
@@ -77,7 +77,7 @@ QMap<DockerContainer, QString> ContainerProps::containerHumanNames()
         {DockerContainer::WireGuard, "WireGuard"},
         {DockerContainer::Ipsec, QObject::tr("IPsec")},
 
-        {DockerContainer::TorWebSite, QObject::tr("Web site in TOR network")},
+        {DockerContainer::TorWebSite, QObject::tr("Web site in Tor network")},
         {DockerContainer::Dns, QObject::tr("DNS Service")},
         //{DockerContainer::FileShare, QObject::tr("SMB file sharing service")},
         {DockerContainer::Sftp, QObject::tr("Sftp file sharing service")}
@@ -94,7 +94,7 @@ QMap<DockerContainer, QString> ContainerProps::containerDescriptions()
         {DockerContainer::WireGuard, QObject::tr("WireGuard container")},
         {DockerContainer::Ipsec, QObject::tr("IPsec container")},
 
-        {DockerContainer::TorWebSite, QObject::tr("Web site in TOR network")},
+        {DockerContainer::TorWebSite, QObject::tr("Web site in Tor network")},
         {DockerContainer::Dns, QObject::tr("DNS Service")},
         //{DockerContainer::FileShare, QObject::tr("SMB file sharing service - is Window file sharing protocol")},
         {DockerContainer::Sftp, QObject::tr("Sftp file sharing service - is secure FTP service")}
@@ -145,6 +145,7 @@ bool ContainerProps::isSupportedByCurrentPlatform(DockerContainer c)
     switch (c) {
     case DockerContainer::WireGuard: return true;
     case DockerContainer::OpenVpn: return true;
+//    case DockerContainer::ShadowSocks: return true;
     default: return false;
     }
 #elif defined (Q_OS_MAC)
@@ -163,7 +164,7 @@ bool ContainerProps::isSupportedByCurrentPlatform(DockerContainer c)
     }
 
 #elif defined (Q_OS_LINUX)
-    return false;
+    return true;
 
 #else
 return false;
diff --git a/client/defines.h b/client/defines.h
index 89cfa599..415dc21a 100644
--- a/client/defines.h
+++ b/client/defines.h
@@ -4,7 +4,7 @@
 #define APPLICATION_NAME    "AmneziaVPN"
 #define SERVICE_NAME        "AmneziaVPN-service"
 #define ORGANIZATION_NAME   "AmneziaVPN.ORG"
-#define APP_MAJOR_VERSION   "2.0.8"
-#define APP_VERSION         "2.0.8.0"
+#define APP_MAJOR_VERSION   "2.0.10"
+#define APP_VERSION         "2.0.10.0"
 
 #endif // DEFINES_H
diff --git a/client/fastlane/Appfile b/client/fastlane/Appfile
new file mode 100644
index 00000000..2e9184e1
--- /dev/null
+++ b/client/fastlane/Appfile
@@ -0,0 +1,7 @@
+app_identifier(["org.amnezia.AmneziaVPN", "org.amnezia.AmneziaVPN.network-extension"]) # The bundle identifier of your app
+apple_id("dartsyms@gmail.com") # Your Apple email address
+
+itc_team_id("122591025") #  App Store Connect Team ID
+team_id("X7UJ388FXK") # Developer Portal Team ID
+#itc_team_id("119381903")
+#team_id("7VAGZXD78P")
diff --git a/client/fastlane/Fastfile b/client/fastlane/Fastfile
new file mode 100644
index 00000000..0408d5ab
--- /dev/null
+++ b/client/fastlane/Fastfile
@@ -0,0 +1,197 @@
+# Uncomment the line if you want fastlane to automatically update itself
+# update_fastlane
+
+project_name = "AmneziaVPN"
+project_scheme = "AmneziaVPN"
+project_identifier = "org.amnezia.AmneziaVPN"
+itunes_username = "dartsyms@gmail.com"
+
+before_all do
+    ENV['GYM_SCHEME'] = project_scheme
+end
+
+def tag_name(version_number, build_number)
+    "#{version_number}_#{build_number}"
+end
+
+def incrementBuild
+    increment_build_number(xcodeproj: "./#{project_name}.xcodeproj")
+end
+
+default_platform :ios
+
+# Fastfile actions accept additional configuration, but
+# don't worry, fastlane will prompt you for required
+# info which you can add here later
+lane :beta do
+  # build your iOS app
+  build_app(
+    scheme: "AmneziaVPN",
+    export_method: "ad-hoc"
+  )
+end
+
+lane :incrementVersion do
+    increment_build_number(
+      xcodeproj: "./#{project_name}.xcodeproj"
+    )
+
+    version_number = get_version_number(
+      xcodeproj: "./#{project_name}.xcodeproj",
+      target: project_name
+    )
+
+    build_number = get_build_number(
+      xcodeproj: "./#{project_name}.xcodeproj"
+    )
+
+    puts "Version = #{version_number} Build = #{build_number}"
+end
+
+desc "Update Certificates, Run All tests, Build app"
+desc "Add tag to git, send to Testflight, slack notification"
+lane :addToTestFlight do
+    certificates
+    clean_build_artifacts
+   
+    build_app(
+    scheme: project_scheme,
+    configuration: "Release", # Debug / Release
+    export_method: "app-store", # Valid values are: app-store, ad-hoc, package, enterprise, development, developer-id
+    clean: true,
+    include_bitcode: false,
+    include_symbols: true,
+    export_options: {
+      provisioningProfiles: {
+        "org.amnezia.AmneziaVPN"=>"match AppStore org.amnezia.AmneziaVPN",
+        "org.amnezia.AmneziaVPN.network-extension"=>"match AppStore org.amnezia.AmneziaVPN.network-extension",
+      }
+    },
+    output_directory: "fastlane/build/", # Destination directory. Defaults to current directory.
+    output_name: "#{project_name}.ipa"
+  )
+
+  testflight(
+    username: itunes_username,
+    app_identifier: project_identifier,
+    ipa: "fastlane/build/#{project_name}.ipa",
+    skip_waiting_for_build_processing: true
+  )
+
+  # Section for Slack
+  version_number = get_version_number(
+    xcodeproj: "./#{project_name}.xcodeproj",
+    target: project_name
+  )
+
+  build_number = get_build_number(
+    xcodeproj: "./#{project_name}.xcodeproj"
+  )
+
+  msg = "Build v.#{version_number} (#{build_number}) was Created for TestFlight"
+  puts msg
+  # msgToSlack(msg, true)
+  increment_build_number
+end
+
+lane :certificates do
+  match(
+    username: itunes_username,
+    type: "appstore",
+    app_identifier: [project_identifier],
+    readonly: true,
+    git_url: "https://github.com/amnezia-vpn/amnezia-ios-certificates.git"
+  )
+  notification(subtitle: "Finished", message: "Certificates done")
+end
+
+lane :adhoc_certificates do
+  match(
+    username: itunes_username,
+    type: "adhoc",
+    app_identifier: [project_identifier],
+    readonly: true,
+    git_url: "https://github.com/amnezia-vpn/amnezia-ios-certificates.git"
+  )
+  notification(subtitle: "Finished", message: "Certificates done")
+end
+
+lane :createAPNS do
+  get_push_certificate(
+    force: true, # create a new profile, even if the old one is still valid
+    app_identifier: project_identifier, # optional app identifier,
+    username: itunes_username,
+    p12_password: apns_pass,
+    pem_name: apns_pem_name,
+    output_path: "fastlane/APNS",
+    save_private_key: true,
+    new_profile: proc do |profile_path| # this block gets called when a new profile was generated
+      puts profile_path # the absolute path to the new PEM file
+      # insert the code to upload the PEM file to the server
+    end
+  )
+
+  # msgToSlack("Successfully APNS Created", true)
+end
+
+desc "Distribute app via Firebase for testers"
+lane :firebase_test do
+    adhoc_certificates
+    build_ios_app(
+        scheme: project_scheme,
+        output_directory: "./fastlane/builds/#{project_scheme}",
+        output_name: "#{project_scheme}.ipa",
+        export_options: {
+           method: "ad-hoc",
+           compileBitcode: false
+        },
+        clean: true,
+        include_bitcode: true,
+        include_symbols: true,
+        skip_package_ipa: false
+    )
+
+#   firebase_app_distribution(
+#       app: "1:880592554695:ios:af464a9ed02207f6284ce2",
+#       testers: "dartsyms@gmail.com, shogun14@yandex.ru, qa@wevied.com",
+#       release_notes: "Another build: ready to test."
+#   )
+
+    clean_build_artifacts
+    increment_build_number
+end
+
+desc "Distribute app via Firebase for testers"
+lane :distribute_firebase do
+    adhoc_certificates
+    clean_build_artifacts
+    
+    build_ios_app(
+        scheme: project_scheme,
+        output_directory: "./fastlane/builds/#{project_scheme}",
+        output_name: "#{project_scheme}.ipa",
+        export_options: {
+           method: "ad-hoc",
+           compileBitcode: false
+        },
+        clean: true,
+        include_bitcode: true,
+        include_symbols: true,
+        skip_package_ipa: false
+    )
+
+#   firebase_app_distribution(
+#       app: "1:880592554695:ios:af464a9ed02207f6284ce2",
+#       testers: "dartsyms@gmail.com, shogun14@yandex.ru, qa@wevied.com",
+#       release_notes: "Another build: ready to test."
+#   )
+end
+
+def msgToSlack(msg, result)
+   slack(
+       message: msg,
+       success: result,
+       default_payloads: [:lane, :test_result, :git_branch, :git_author] # Optional, lets you specify a whitelist of default payloads to include. Pass an empty array to suppress all the default payloads.
+    # Don't add this key, or pass nil, if you want all the default payloads. The available default payloads are: `lane`, `test_result`, `git_branch`, `git_author`, `last_git_commit_message`, `last_git_commit_hash`.
+   )
+end
diff --git a/client/fastlane/Matchfile b/client/fastlane/Matchfile
new file mode 100644
index 00000000..2da8aed0
--- /dev/null
+++ b/client/fastlane/Matchfile
@@ -0,0 +1,13 @@
+git_url("https://github.com/amnezia-vpn/amnezia-ios-certificates")
+
+storage_mode("git")
+
+type("appstore") # The default type, can be: appstore, adhoc, enterprise or development
+
+# app_identifier(["tools.fastlane.app", "tools.fastlane.app2"])
+# username("user@fastlane.tools") # Your Apple Developer Portal username
+
+# For all available options run `fastlane match --help`
+# Remove the # in the beginning of the line to enable the other options
+
+# The docs are available on https://docs.fastlane.tools/actions/match
diff --git a/client/fastlane/Pluginfile b/client/fastlane/Pluginfile
new file mode 100644
index 00000000..50b5b39e
--- /dev/null
+++ b/client/fastlane/Pluginfile
@@ -0,0 +1,6 @@
+# Autogenerated by fastlane
+#
+# Ensure this file is checked in to source control!
+
+#gem 'fastlane-plugin-run_tests_firebase_testlab'
+#gem 'fastlane-plugin-firebase_app_distribution'
diff --git a/client/fastlane/README.md b/client/fastlane/README.md
new file mode 100644
index 00000000..3375b46f
--- /dev/null
+++ b/client/fastlane/README.md
@@ -0,0 +1,88 @@
+fastlane documentation
+----
+
+# Installation
+
+Make sure you have the latest version of the Xcode command line tools installed:
+
+```sh
+xcode-select --install
+```
+
+For _fastlane_ installation instructions, see [Installing _fastlane_](https://docs.fastlane.tools/#installing-fastlane)
+
+# Available Actions
+
+### beta
+
+```sh
+[bundle exec] fastlane beta
+```
+
+
+
+### incrementVersion
+
+```sh
+[bundle exec] fastlane incrementVersion
+```
+
+
+
+### addToTestFlight
+
+```sh
+[bundle exec] fastlane addToTestFlight
+```
+
+Update Certificates, Run All tests, Build app
+
+Add tag to git, send to Testflight, slack notification
+
+### certificates
+
+```sh
+[bundle exec] fastlane certificates
+```
+
+
+
+### adhoc_certificates
+
+```sh
+[bundle exec] fastlane adhoc_certificates
+```
+
+
+
+### createAPNS
+
+```sh
+[bundle exec] fastlane createAPNS
+```
+
+
+
+### firebase_test
+
+```sh
+[bundle exec] fastlane firebase_test
+```
+
+Distribute app via Firebase for testers
+
+### distribute_firebase
+
+```sh
+[bundle exec] fastlane distribute_firebase
+```
+
+Distribute app via Firebase for testers
+
+----
+
+This README.md is auto-generated and will be re-generated every time [_fastlane_](https://fastlane.tools) is run.
+
+More information about _fastlane_ can be found on [fastlane.tools](https://fastlane.tools).
+
+The documentation of _fastlane_ can be found on [docs.fastlane.tools](https://docs.fastlane.tools).
diff --git a/client/fastlane/report.xml b/client/fastlane/report.xml
new file mode 100644
index 00000000..e0cdc969
--- /dev/null
+++ b/client/fastlane/report.xml
@@ -0,0 +1,58 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<testsuites>
+  <testsuite name="fastlane.lanes">
+    
+    
+    
+      
+      <testcase classname="fastlane.lanes" name="0: default_platform" time="0.000215">
+        
+      </testcase>
+    
+      
+      <testcase classname="fastlane.lanes" name="1: Switch to certificates lane" time="0.000162">
+        
+      </testcase>
+    
+      
+      <testcase classname="fastlane.lanes" name="2: match" time="2.707099">
+        
+      </testcase>
+    
+      
+      <testcase classname="fastlane.lanes" name="3: notification" time="0.226435">
+        
+      </testcase>
+    
+      
+      <testcase classname="fastlane.lanes" name="4: clean_build_artifacts" time="0.000648">
+        
+      </testcase>
+    
+      
+      <testcase classname="fastlane.lanes" name="5: build_app" time="259.546685">
+        
+      </testcase>
+    
+      
+      <testcase classname="fastlane.lanes" name="6: testflight" time="84.84052">
+        
+      </testcase>
+    
+      
+      <testcase classname="fastlane.lanes" name="7: get_version_number" time="0.114899">
+        
+      </testcase>
+    
+      
+      <testcase classname="fastlane.lanes" name="8: get_build_number" time="1.332216">
+        
+      </testcase>
+    
+      
+      <testcase classname="fastlane.lanes" name="9: increment_build_number" time="2.325473">
+        
+      </testcase>
+    
+  </testsuite>
+</testsuites>
diff --git a/client/ios/app/Info.plist b/client/ios/app/Info.plist
index 3c0f289e..20a28b2a 100644
--- a/client/ios/app/Info.plist
+++ b/client/ios/app/Info.plist
@@ -8,6 +8,19 @@
 	<string>$(DEVELOPMENT_LANGUAGE)</string>
 	<key>CFBundleDisplayName</key>
 	<string>AmneziaVPN</string>
+	<key>CFBundleDocumentTypes</key>
+	<array>
+		<dict>
+			<key>CFBundleTypeName</key>
+			<string>Amnezia VPN config</string>
+			<key>LSHandlerRank</key>
+			<string>Alternate</string>
+			<key>LSItemContentTypes</key>
+			<array>
+				<string>org.amnezia.AmneziaVPN.amnezia-config</string>
+			</array>
+		</dict>
+	</array>
 	<key>CFBundleExecutable</key>
 	<string>$(EXECUTABLE_NAME)</string>
 	<key>CFBundleIcons</key>
@@ -25,13 +38,15 @@
 	<key>CFBundleShortVersionString</key>
 	<string>$(MARKETING_VERSION)</string>
 	<key>CFBundleVersion</key>
-	<string>$(CURRENT_PROJECT_VERSION)</string>
+	<string>2</string>
 	<key>ITSAppUsesNonExemptEncryption</key>
 	<false/>
 	<key>LSRequiresIPhoneOS</key>
 	<true/>
 	<key>LSSupportsOpeningDocumentsInPlace</key>
 	<false/>
+	<key>NSCameraUsageDescription</key>
+	<string>Amnezia VPN needs access to the camera for reading QR-codes.</string>
 	<key>UILaunchStoryboardName</key>
 	<string>AmneziaVPNLaunchScreen</string>
 	<key>UIRequiresFullScreen</key>
@@ -45,5 +60,31 @@
 	<array/>
 	<key>UIUserInterfaceStyle</key>
 	<string>Light</string>
+	<key>UTImportedTypeDeclarations</key>
+	<array>
+		<dict>
+			<key>UTTypeConformsTo</key>
+			<array>
+				<string>public.data</string>
+			</array>
+			<key>UTTypeDescription</key>
+			<string>Amnezia VPN config</string>
+			<key>UTTypeIconFiles</key>
+			<array/>
+			<key>UTTypeIdentifier</key>
+			<string>org.amnezia.AmneziaVPN.amnezia-config</string>
+			<key>UTTypeTagSpecification</key>
+			<dict>
+				<key>public.filename-extension</key>
+				<array>
+					<string>vpn</string>
+				</array>
+				<key>public.mime-type</key>
+				<array>
+					<string>text/plain</string>
+				</array>
+			</dict>
+		</dict>
+	</array>
 </dict>
 </plist>
diff --git a/client/ios/app/main.entitlements b/client/ios/app/main.entitlements
index fa993a87..d9f00bb1 100644
--- a/client/ios/app/main.entitlements
+++ b/client/ios/app/main.entitlements
@@ -8,13 +8,13 @@
 	</array>
 	<key>com.apple.security.application-groups</key>
 	<array>
-		<string>group.ru.kotit.AmneziaVPN.udev</string>
+		<string>group.org.amnezia.AmneziaVPN</string>
 	</array>
 	<key>com.apple.security.files.user-selected.read-write</key>
 	<true/>
-    <key>keychain-access-groups</key>
-    <array>
-        <string>$(AppIdentifierPrefix)group.ru.kotit.AmneziaVPN.udev</string>
-    </array>
+	<key>keychain-access-groups</key>
+	<array>
+		<string>$(AppIdentifierPrefix)group.org.amnezia.AmneziaVPN</string>
+	</array>
 </dict>
 </plist>
diff --git a/client/ios/networkextension/AmneziaVPNNetworkExtension.entitlements b/client/ios/networkextension/AmneziaVPNNetworkExtension.entitlements
index efcee280..92432b56 100644
--- a/client/ios/networkextension/AmneziaVPNNetworkExtension.entitlements
+++ b/client/ios/networkextension/AmneziaVPNNetworkExtension.entitlements
@@ -8,11 +8,11 @@
 	</array>
 	<key>com.apple.security.application-groups</key>
 	<array>
-		<string>group.ru.kotit.AmneziaVPN.udev</string>
+		<string>group.org.amnezia.AmneziaVPN</string>
+	</array>
+	<key>keychain-access-groups</key>
+	<array>
+		<string>$(AppIdentifierPrefix)group.org.amnezia.AmneziaVPN</string>
 	</array>
-    <key>keychain-access-groups</key>
-    <array>
-        <string>$(AppIdentifierPrefix)group.ru.kotit.AmneziaVPN.udev</string>
-    </array>
 </dict>
 </plist>
diff --git a/client/ios/xcode_patcher.rb b/client/ios/xcode_patcher.rb
deleted file mode 100644
index b44b0b56..00000000
--- a/client/ios/xcode_patcher.rb
+++ /dev/null
@@ -1,598 +0,0 @@
-# This Source Code Form is subject to the terms of the Mozilla Public
-# License, v. 2.0. If a copy of the MPL was not distributed with this
-# file, You can obtain one at http://mozilla.org/MPL/2.0/.
-
-require 'xcodeproj'
-
-class XCodeprojPatcher
-  attr :project
-  attr :p_root
-  attr :target_main
-  attr :target_extension
-
-#  @@project_root
-#  def self.project_root
-#    @@project_root
-#  end
-
-  def run(project_root, file, shortVersion, fullVersion, platform, networkExtension, webExtension, configHash, adjust_sdk_token)
-    @p_root = project_root
-    open_project file
-    open_target_main
-
-    die 'IOS requires networkExtension mode' if not networkExtension and platform == 'ios'
-
-    group = @project.main_group.new_group('Configuration')
-    @configFile = group.new_file('ios/xcode.xconfig')
-
-    setup_target_main shortVersion, fullVersion, platform, networkExtension, configHash, adjust_sdk_token
-
-    if platform == 'macos'
-      setup_target_loginitem shortVersion, fullVersion, configHash
-      setup_target_nativemessaging shortVersion, fullVersion, configHash if webExtension
-    end
-
-    if networkExtension
-      setup_target_extension shortVersion, fullVersion, platform, configHash
-      setup_target_gobridge
-    else
-      setup_target_wireguardgo
-      setup_target_wireguardtools
-    end
-
-    setup_target_balrog if platform == 'macos'
-
-    @project.save
-  end
-
-  def open_project(file)
-    @project = Xcodeproj::Project.open(file)
-    puts 'Failed to open the project file: ' + file if @project.nil?
-    die 'Failed to open the project file: ' + file if @project.nil?
-  end
-
-  def open_target_main
-    @target_main = @project.targets.find { |target| target.to_s == 'AmneziaVPN' }
-    return @target_main if not @target_main.nil?
-
-    puts 'Unable to open AmneziaVPN target'
-    die 'Unable to open AmneziaVPN target'
-  end
-
-  def setup_target_main(shortVersion, fullVersion, platform, networkExtension, configHash, adjust_sdk_token)
-    @target_main.build_configurations.each do |config|
-      config.base_configuration_reference = @configFile
-
-      config.build_settings['LD_RUNPATH_SEARCH_PATHS'] ||= '"$(inherited) @executable_path/../Frameworks"'
-      config.build_settings['SWIFT_VERSION'] ||= '5.0'
-      config.build_settings['CLANG_ENABLE_MODULES'] ||= 'YES'
-      config.build_settings['SWIFT_OBJC_BRIDGING_HEADER'] ||= p_root + "/" + 'macos/app/WireGuard-Bridging-Header.h'
-      config.build_settings['FRAMEWORK_SEARCH_PATHS'] ||= [
-        "$(inherited)",
-        "$(PROJECT_DIR)/3rd"
-      ]
-
-      # Versions and names
-      config.build_settings['MARKETING_VERSION'] ||= shortVersion
-      config.build_settings['CURRENT_PROJECT_VERSION'] ||= fullVersion
-      config.build_settings['PRODUCT_BUNDLE_IDENTIFIER'] = configHash['APP_ID_MACOS'] if platform == 'macos'
-      config.build_settings['PRODUCT_BUNDLE_IDENTIFIER'] = configHash['APP_ID_IOS'] if platform == 'ios'
-      config.build_settings['PRODUCT_NAME'] = 'Mozilla VPN'
-
-      # other config
-      config.build_settings['INFOPLIST_FILE'] ||= p_root + "/" + platform + '/app/Info.plist'
-      if platform == 'ios'
-        config.build_settings['CODE_SIGN_ENTITLEMENTS'] ||= p_root + "/" + 'ios/app/main.entitlements'
-        if adjust_sdk_token != ""
-          config.build_settings['ADJUST_SDK_TOKEN'] = adjust_sdk_token
-        end
-      elsif networkExtension
-        config.build_settings['CODE_SIGN_ENTITLEMENTS'] ||= p_root + "/" + 'macos/app/app.entitlements'
-      else
-        config.build_settings['CODE_SIGN_ENTITLEMENTS'] ||= p_root + "/" + 'macos/app/daemon.entitlements'
-      end
-
-      config.build_settings['CODE_SIGN_IDENTITY'] ||= 'Apple Development'
-      config.build_settings['ENABLE_BITCODE'] ||= 'NO' if platform == 'ios'
-      config.build_settings['SDKROOT'] = 'iphoneos' if platform == 'ios'
-      config.build_settings['SWIFT_PRECOMPILE_BRIDGING_HEADER'] = 'NO' if platform == 'ios'
-
-      groupId = "";
-      if (platform == 'macos')
-        groupId = configHash['DEVELOPMENT_TEAM'] + "." + configHash['GROUP_ID_MACOS']
-        config.build_settings['APP_ID_MACOS'] ||= configHash['APP_ID_MACOS']
-      else
-        groupId = configHash['GROUP_ID_IOS']
-        config.build_settings['GROUP_ID_IOS'] ||= configHash['GROUP_ID_IOS']
-      end
-
-      config.build_settings['GCC_PREPROCESSOR_DEFINITIONS'] ||= [
-        'GROUP_ID=\"' + groupId + '\"',
-        "VPN_NE_BUNDLEID=\\\"" + (platform == 'macos' ? configHash['NETEXT_ID_MACOS'] : configHash['NETEXT_ID_IOS']) + "\\\"",
-      ]
-
-      if config.name == 'Release'
-        config.build_settings['SWIFT_OPTIMIZATION_LEVEL'] ||= '-Onone'
-      end
-    end
-
-    if networkExtension
-      # WireGuard group
-      group = @project.main_group.new_group('WireGuard')
-
-      [
-        'macos/gobridge/wireguard-go-version.h',
-        '3rd/wireguard-apple/Sources/Shared/Keychain.swift',
-        '3rd/wireguard-apple/Sources/WireGuardKit/IPAddressRange.swift',
-        '3rd/wireguard-apple/Sources/WireGuardKit/InterfaceConfiguration.swift',
-        '3rd/wireguard-apple/Sources/Shared/Model/NETunnelProviderProtocol+Extension.swift',
-        '3rd/wireguard-apple/Sources/WireGuardKit/TunnelConfiguration.swift',
-        '3rd/wireguard-apple/Sources/Shared/Model/TunnelConfiguration+WgQuickConfig.swift',
-        '3rd/wireguard-apple/Sources/WireGuardKit/Endpoint.swift',
-        '3rd/wireguard-apple/Sources/Shared/Model/String+ArrayConversion.swift',
-        '3rd/wireguard-apple/Sources/WireGuardKit/PeerConfiguration.swift',
-        '3rd/wireguard-apple/Sources/WireGuardKit/DNSServer.swift',
-        '3rd/wireguard-apple/Sources/WireGuardApp/LocalizationHelper.swift',
-        '3rd/wireguard-apple/Sources/Shared/FileManager+Extension.swift',
-        '3rd/wireguard-apple/Sources/WireGuardKitC/x25519.c',
-        '3rd/wireguard-apple/Sources/WireGuardKit/PrivateKey.swift',
-      ].each { |filename|
-        file = group.new_file(p_root + "/" + filename)
-        @target_main.add_file_references([file])
-      }
-
-      # @target_main + swift integration
-      group = @project.main_group.new_group('SwiftIntegration')
-
-      [
-        'platforms/ios/ioscontroller.swift',
-        'platforms/ios/ioslogger.swift',
-      ].each { |filename|
-        file = group.new_file(p_root + "/" + filename)
-        @target_main.add_file_references([file])
-      }
-    end
-
-    if (platform == 'ios' && adjust_sdk_token != "")
-      frameworks_group = @project.groups.find { |group| group.display_name == 'Frameworks' }
-      frameworks_build_phase = @target_main.build_phases.find { |build_phase| build_phase.to_s == 'FrameworksBuildPhase' }
-      embed_frameworks_build_phase = @target_main.build_phases.find { |build_phase| build_phase.to_s == 'Embed Frameworks' }
-
-      framework_ref = frameworks_group.new_file('3rd/AdjustSdk.framework')
-      frameworks_build_phase.add_file_reference(framework_ref)
-
-      framework_file = embed_frameworks_build_phase.add_file_reference(framework_ref)
-      framework_file.settings = { "ATTRIBUTES" => ['RemoveHeadersOnCopy', 'CodeSignOnCopy'] }
-
-      framework_ref = frameworks_group.new_file('AdServices.framework')
-      frameworks_build_phase.add_file_reference(framework_ref)
-
-      framework_ref = frameworks_group.new_file('iAd.framework')
-      frameworks_build_phase.add_file_reference(framework_ref)
-    end
-  end
-
-  def setup_target_extension(shortVersion, fullVersion, platform, configHash)
-    @target_extension = @project.new_target(:app_extension, 'WireGuardNetworkExtension', platform == 'macos' ? :osx : :ios)
-
-    @target_extension.build_configurations.each do |config|
-      config.base_configuration_reference = @configFile
-
-      config.build_settings['LD_RUNPATH_SEARCH_PATHS'] ||= '"$(inherited) @executable_path/../Frameworks"'
-      config.build_settings['SWIFT_VERSION'] ||= '5.0'
-      config.build_settings['CLANG_ENABLE_MODULES'] ||= 'YES'
-      config.build_settings['SWIFT_OBJC_BRIDGING_HEADER'] ||= p_root + "/" + 'macos/networkextension/WireGuardNetworkExtension-Bridging-Header.h'
-      config.build_settings['SWIFT_PRECOMPILE_BRIDGING_HEADER'] = 'NO'
-
-      # Versions and names
-      config.build_settings['MARKETING_VERSION'] ||= shortVersion
-      config.build_settings['CURRENT_PROJECT_VERSION'] ||= fullVersion
-      config.build_settings['PRODUCT_BUNDLE_IDENTIFIER'] ||= configHash['NETEXT_ID_MACOS'] if platform == 'macos'
-      config.build_settings['PRODUCT_BUNDLE_IDENTIFIER'] ||= configHash['NETEXT_ID_IOS'] if platform == 'ios'
-      config.build_settings['PRODUCT_NAME'] = 'WireGuardNetworkExtension'
-
-      # other configs
-      config.build_settings['INFOPLIST_FILE'] ||= p_root + "/" + 'macos/networkextension/Info.plist'
-      config.build_settings['CODE_SIGN_ENTITLEMENTS'] ||= p_root + "/" + platform + '/networkextension/AmneziaVPNNetworkExtension.entitlements'
-      config.build_settings['CODE_SIGN_IDENTITY'] = 'Apple Development'
-
-      if platform == 'ios'
-        config.build_settings['ENABLE_BITCODE'] ||= 'NO'
-        config.build_settings['SDKROOT'] = 'iphoneos'
-
-        config.build_settings['OTHER_LDFLAGS'] ||= [
-          "-stdlib=libc++",
-          "-Wl,-rpath,@executable_path/Frameworks",
-          "-framework",
-          "AssetsLibrary",
-          "-framework",
-          "MobileCoreServices",
-          "-lm",
-          "-framework",
-          "UIKit",
-          "-lz",
-          "-framework",
-          "OpenGLES",
-        ]
-      end
-
-      groupId = "";
-      if (platform == 'macos')
-        groupId = configHash['DEVELOPMENT_TEAM'] + "." + configHash['GROUP_ID_MACOS']
-      else
-        groupId = configHash['GROUP_ID_IOS']
-      end
-
-      config.build_settings['GCC_PREPROCESSOR_DEFINITIONS'] ||= [
-        # This is needed to compile the iosglue without Qt.
-        'NETWORK_EXTENSION=1',
-        'GROUP_ID=\"' + groupId + '\"',
-      ]
-
-      if config.name == 'Release'
-        config.build_settings['SWIFT_OPTIMIZATION_LEVEL'] ||= '-Onone'
-      end
-
-    end
-
-    group = @project.main_group.new_group('WireGuardExtension')
-    [
-      '3rd/wireguard-apple/Sources/WireGuardKit/WireGuardAdapter.swift',
-      '3rd/wireguard-apple/Sources/WireGuardKit/PacketTunnelSettingsGenerator.swift',
-      '3rd/wireguard-apple/Sources/WireGuardKit/DNSResolver.swift',
-      '3rd/wireguard-apple/Sources/WireGuardNetworkExtension/ErrorNotifier.swift',
-      '3rd/wireguard-apple/Sources/Shared/Keychain.swift',
-      '3rd/wireguard-apple/Sources/Shared/Model/TunnelConfiguration+WgQuickConfig.swift',
-      '3rd/wireguard-apple/Sources/Shared/Model/NETunnelProviderProtocol+Extension.swift',
-      '3rd/wireguard-apple/Sources/Shared/Model/String+ArrayConversion.swift',
-      '3rd/wireguard-apple/Sources/WireGuardKit/TunnelConfiguration.swift',
-      '3rd/wireguard-apple/Sources/WireGuardKit/IPAddressRange.swift',
-      '3rd/wireguard-apple/Sources/WireGuardKit/Endpoint.swift',
-      '3rd/wireguard-apple/Sources/WireGuardKit/DNSServer.swift',
-      '3rd/wireguard-apple/Sources/WireGuardKit/InterfaceConfiguration.swift',
-      '3rd/wireguard-apple/Sources/WireGuardKit/PeerConfiguration.swift',
-      '3rd/wireguard-apple/Sources/Shared/FileManager+Extension.swift',
-      '3rd/wireguard-apple/Sources/WireGuardKitC/x25519.c',
-      '3rd/wireguard-apple/Sources/WireGuardKit/Array+ConcurrentMap.swift',
-      '3rd/wireguard-apple/Sources/WireGuardKit/IPAddress+AddrInfo.swift',
-      '3rd/wireguard-apple/Sources/WireGuardKit/PrivateKey.swift',
-    ].each { |filename|
-      file = group.new_file(p_root + "/" + filename)
-      @target_extension.add_file_references([file])
-    }
-    # @target_extension + swift integration
-    group = @project.main_group.new_group('SwiftIntegration')
-
-    [
-      'platforms/ios/iostunnel.swift',
-      'platforms/ios/iosglue.mm',
-      'platforms/ios/ioslogger.swift',
-    ].each { |filename|
-      file = group.new_file(p_root + "/" + filename)
-      @target_extension.add_file_references([file])
-    }
-
-    frameworks_group = @project.groups.find { |group| group.display_name == 'Frameworks' }
-    frameworks_build_phase = @target_extension.build_phases.find { |build_phase| build_phase.to_s == 'FrameworksBuildPhase' }
-
-    frameworks_build_phase.clear
-
-    framework_ref = frameworks_group.new_file('libwg-go.a')
-    frameworks_build_phase.add_file_reference(framework_ref)
-
-    framework_ref = frameworks_group.new_file('NetworkExtension.framework')
-    frameworks_build_phase.add_file_reference(framework_ref)
-
-    # This fails: @target_main.add_dependency @target_extension
-    container_proxy = @project.new(Xcodeproj::Project::PBXContainerItemProxy)
-    container_proxy.container_portal = @project.root_object.uuid
-    container_proxy.proxy_type = Xcodeproj::Constants::PROXY_TYPES[:native_target]
-    container_proxy.remote_global_id_string = @target_extension.uuid
-    container_proxy.remote_info = @target_extension.name
-
-    dependency = @project.new(Xcodeproj::Project::PBXTargetDependency)
-    dependency.name = @target_extension.name
-    dependency.target = @target_main
-    dependency.target_proxy = container_proxy
-
-    @target_main.dependencies << dependency
-
-    copy_appex = @target_main.new_copy_files_build_phase
-    copy_appex.name = 'Copy Network-Extension plugin'
-    copy_appex.symbol_dst_subfolder_spec = :plug_ins
-
-    appex_file = copy_appex.add_file_reference @target_extension.product_reference
-    appex_file.settings = { "ATTRIBUTES" => ['RemoveHeadersOnCopy'] }
-  end
-
-  def setup_target_gobridge
-    target_gobridge = legacy_target = @project.new(Xcodeproj::Project::PBXLegacyTarget)
-
-    target_gobridge.build_working_directory = p_root + "/" + 'macos/gobridge'
-    target_gobridge.build_tool_path = 'make'
-    target_gobridge.pass_build_settings_in_environment = '1'
-    target_gobridge.build_arguments_string = '$(ACTION)'
-    target_gobridge.name = 'WireGuardGoBridge'
-    target_gobridge.product_name = 'WireGuardGoBridge'
-
-    @project.targets << target_gobridge
-    @target_extension.add_dependency target_gobridge
-  end
-
-  def setup_target_balrog
-    target_balrog = legacy_target = @project.new(Xcodeproj::Project::PBXLegacyTarget)
-
-    target_balrog.build_working_directory = p_root + "/" + 'balrog'
-    target_balrog.build_tool_path = 'make'
-    target_balrog.pass_build_settings_in_environment = '1'
-    target_balrog.build_arguments_string = '$(ACTION)'
-    target_balrog.name = 'WireGuardBalrog'
-    target_balrog.product_name = 'WireGuardBalrog'
-
-    @project.targets << target_balrog
-
-    frameworks_group = @project.groups.find { |group| group.display_name == 'Frameworks' }
-    frameworks_build_phase = @target_main.build_phases.find { |build_phase| build_phase.to_s == 'FrameworksBuildPhase' }
-
-    framework_ref = frameworks_group.new_file('balrog/balrog.a')
-    frameworks_build_phase.add_file_reference(framework_ref)
-
-    # This fails: @target_main.add_dependency target_balrog
-    container_proxy = @project.new(Xcodeproj::Project::PBXContainerItemProxy)
-    container_proxy.container_portal = @project.root_object.uuid
-    container_proxy.proxy_type = Xcodeproj::Constants::PROXY_TYPES[:native_target]
-    container_proxy.remote_global_id_string = target_balrog.uuid
-    container_proxy.remote_info = target_balrog.name
-
-    dependency = @project.new(Xcodeproj::Project::PBXTargetDependency)
-    dependency.name = target_balrog.name
-    dependency.target = @target_main
-    dependency.target_proxy = container_proxy
-
-    @target_main.dependencies << dependency
-  end
-
-  def setup_target_wireguardtools
-    target_wireguardtools = legacy_target = @project.new(Xcodeproj::Project::PBXLegacyTarget)
-
-    target_wireguardtools.build_working_directory = p_root + "/" + '3rd/wireguard-tools/src'
-    target_wireguardtools.build_tool_path = 'make'
-    target_wireguardtools.pass_build_settings_in_environment = '1'
-    target_wireguardtools.build_arguments_string = '$(ACTION)'
-    target_wireguardtools.name = 'WireGuardTools'
-    target_wireguardtools.product_name = 'WireGuardTools'
-
-    @project.targets << target_wireguardtools
-
-    # This fails: @target_main.add_dependency target_wireguardtools
-    container_proxy = @project.new(Xcodeproj::Project::PBXContainerItemProxy)
-    container_proxy.container_portal = @project.root_object.uuid
-    container_proxy.proxy_type = Xcodeproj::Constants::PROXY_TYPES[:native_target]
-    container_proxy.remote_global_id_string = target_wireguardtools.uuid
-    container_proxy.remote_info = target_wireguardtools.name
-
-    dependency = @project.new(Xcodeproj::Project::PBXTargetDependency)
-    dependency.name = target_wireguardtools.name
-    dependency.target = @target_main
-    dependency.target_proxy = container_proxy
-
-    @target_main.dependencies << dependency
-
-    copy_wireguardTools = @target_main.new_copy_files_build_phase
-    copy_wireguardTools.name = 'Copy wireguard-tools'
-    copy_wireguardTools.symbol_dst_subfolder_spec = :wrapper
-    copy_wireguardTools.dst_path = 'Contents/Resources/utils'
-
-    group = @project.main_group.new_group('WireGuardTools')
-    file = group.new_file '3rd/wireguard-tools/src/wg'
-
-    wireguardTools_file = copy_wireguardTools.add_file_reference file
-    wireguardTools_file.settings = { "ATTRIBUTES" => ['RemoveHeadersOnCopy'] }
-  end
-
-  def setup_target_wireguardgo
-    target_wireguardgo = legacy_target = @project.new(Xcodeproj::Project::PBXLegacyTarget)
-
-    target_wireguardgo.build_working_directory = p_root + "/" + '3rd/wireguard-go'
-    target_wireguardgo.build_tool_path = 'make'
-    target_wireguardgo.pass_build_settings_in_environment = '1'
-    target_wireguardgo.build_arguments_string = '$(ACTION)'
-    target_wireguardgo.name = 'WireGuardGo'
-    target_wireguardgo.product_name = 'WireGuardGo'
-
-    @project.targets << target_wireguardgo
-
-    # This fails: @target_main.add_dependency target_wireguardgo
-    container_proxy = @project.new(Xcodeproj::Project::PBXContainerItemProxy)
-    container_proxy.container_portal = @project.root_object.uuid
-    container_proxy.proxy_type = Xcodeproj::Constants::PROXY_TYPES[:native_target]
-    container_proxy.remote_global_id_string = target_wireguardgo.uuid
-    container_proxy.remote_info = target_wireguardgo.name
-
-    dependency = @project.new(Xcodeproj::Project::PBXTargetDependency)
-    dependency.name = target_wireguardgo.name
-    dependency.target = @target_main
-    dependency.target_proxy = container_proxy
-
-    @target_main.dependencies << dependency
-
-    copy_wireguardGo = @target_main.new_copy_files_build_phase
-    copy_wireguardGo.name = 'Copy wireguard-go'
-    copy_wireguardGo.symbol_dst_subfolder_spec = :wrapper
-    copy_wireguardGo.dst_path = 'Contents/Resources/utils'
-
-    group = @project.main_group.new_group('WireGuardGo')
-    file = group.new_file '3rd/wireguard-go/wireguard-go'
-
-    wireguardGo_file = copy_wireguardGo.add_file_reference file
-    wireguardGo_file.settings = { "ATTRIBUTES" => ['RemoveHeadersOnCopy'] }
-  end
-
-  def setup_target_loginitem(shortVersion, fullVersion, configHash)
-    return
-    @target_loginitem = @project.new_target(:application, 'AmneziaVPNLoginItem', :osx)
-
-    @target_loginitem.build_configurations.each do |config|
-      config.base_configuration_reference = @configFile
-
-      config.build_settings['LD_RUNPATH_SEARCH_PATHS'] ||= '"$(inherited) @executable_path/../Frameworks"'
-
-      # Versions and names
-      config.build_settings['MARKETING_VERSION'] ||= shortVersion
-      config.build_settings['CURRENT_PROJECT_VERSION'] ||= fullVersion
-      config.build_settings['PRODUCT_BUNDLE_IDENTIFIER'] ||= configHash['LOGIN_ID_MACOS']
-      config.build_settings['PRODUCT_NAME'] = 'AmneziaVPNLoginItem'
-
-      # other configs
-      config.build_settings['INFOPLIST_FILE'] ||= 'macos/loginitem/Info.plist'
-      config.build_settings['CODE_SIGN_ENTITLEMENTS'] ||= p_root + "/" + 'macos/loginitem/AmneziaVPNLoginItem.entitlements'
-      config.build_settings['CODE_SIGN_IDENTITY'] = 'Apple Development'
-      config.build_settings['SKIP_INSTALL'] = 'YES'
-
-      config.build_settings['GCC_PREPROCESSOR_DEFINITIONS'] ||= [
-        'APP_ID=\"' + configHash['APP_ID_MACOS'] + '\"',
-      ]
-
-      if config.name == 'Release'
-        config.build_settings['SWIFT_OPTIMIZATION_LEVEL'] ||= '-Onone'
-      end
-    end
-
-    group = @project.main_group.new_group('LoginItem')
-    [
-      'macos/loginitem/main.m',
-    ].each { |filename|
-      file = group.new_file(filename)
-      @target_loginitem.add_file_references([file])
-    }
-
-    # This fails: @target_main.add_dependency @target_loginitem
-    container_proxy = @project.new(Xcodeproj::Project::PBXContainerItemProxy)
-    container_proxy.container_portal = @project.root_object.uuid
-    container_proxy.proxy_type = Xcodeproj::Constants::PROXY_TYPES[:native_target]
-    container_proxy.remote_global_id_string = @target_loginitem.uuid
-    container_proxy.remote_info = @target_loginitem.name
-
-    dependency = @project.new(Xcodeproj::Project::PBXTargetDependency)
-    dependency.name = @target_loginitem.name
-    dependency.target = @target_main
-    dependency.target_proxy = container_proxy
-
-    @target_main.dependencies << dependency
-
-    copy_app = @target_main.new_copy_files_build_phase
-    copy_app.name = 'Copy LoginItem'
-    copy_app.symbol_dst_subfolder_spec = :wrapper
-    copy_app.dst_path = 'Contents/Library/LoginItems'
-
-    app_file = copy_app.add_file_reference @target_loginitem.product_reference
-    app_file.settings = { "ATTRIBUTES" => ['RemoveHeadersOnCopy'] }
-  end
-
-  def setup_target_nativemessaging(shortVersion, fullVersion, configHash)
-    @target_nativemessaging = @project.new_target(:application, 'AmneziaVPNNativeMessaging', :osx)
-
-    @target_nativemessaging.build_configurations.each do |config|
-      config.base_configuration_reference = @configFile
-
-      config.build_settings['LD_RUNPATH_SEARCH_PATHS'] ||= '"$(inherited) @executable_path/../Frameworks"'
-
-      # Versions and names
-      config.build_settings['MARKETING_VERSION'] ||= shortVersion
-      config.build_settings['CURRENT_PROJECT_VERSION'] ||= fullVersion
-      config.build_settings['PRODUCT_BUNDLE_IDENTIFIER'] ||= configHash['NATIVEMESSAGING_ID_MACOS']
-      config.build_settings['PRODUCT_NAME'] = 'AmneziaVPNNativeMessaging'
-
-      # other configs
-      config.build_settings['INFOPLIST_FILE'] ||= p_root + "/" + 'macos/nativeMessaging/Info.plist'
-      config.build_settings['CODE_SIGN_ENTITLEMENTS'] ||= p_root + "/" + 'macos/nativeMessaging/AmneziaVPNNativeMessaging.entitlements'
-      config.build_settings['CODE_SIGN_IDENTITY'] = 'Apple Development'
-      config.build_settings['SKIP_INSTALL'] = 'YES'
-    end
-
-    group = @project.main_group.new_group('NativeMessaging')
-    [
-      'extension/app/constants.h',
-      'extension/app/handler.cpp',
-      'extension/app/handler.h',
-      'extension/app/json.hpp',
-      'extension/app/logger.cpp',
-      'extension/app/logger.h',
-      'extension/app/main.cpp',
-      'extension/app/vpnconnection.cpp',
-      'extension/app/vpnconnection.h',
-    ].each { |filename|
-      file = group.new_file(p_root + "/" + filename)
-      @target_nativemessaging.add_file_references([file])
-    }
-
-    # This fails: @target_main.add_dependency @target_nativemessaging
-    container_proxy = @project.new(Xcodeproj::Project::PBXContainerItemProxy)
-    container_proxy.container_portal = @project.root_object.uuid
-    container_proxy.proxy_type = Xcodeproj::Constants::PROXY_TYPES[:native_target]
-    container_proxy.remote_global_id_string = @target_nativemessaging.uuid
-    container_proxy.remote_info = @target_nativemessaging.name
-
-    dependency = @project.new(Xcodeproj::Project::PBXTargetDependency)
-    dependency.name = @target_nativemessaging.name
-    dependency.target = @target_main
-    dependency.target_proxy = container_proxy
-
-    @target_main.dependencies << dependency
-
-    copy_app = @target_main.new_copy_files_build_phase
-    copy_app.name = 'Copy LoginItem'
-    copy_app.symbol_dst_subfolder_spec = :wrapper
-    copy_app.dst_path = 'Contents/Library/NativeMessaging'
-
-    app_file = copy_app.add_file_reference @target_nativemessaging.product_reference
-    app_file.settings = { "ATTRIBUTES" => ['RemoveHeadersOnCopy'] }
-
-    copy_nativeMessagingManifest = @target_main.new_copy_files_build_phase
-    copy_nativeMessagingManifest.name = 'Copy native messaging manifest'
-    copy_nativeMessagingManifest.symbol_dst_subfolder_spec = :wrapper
-    copy_nativeMessagingManifest.dst_path = 'Contents/Resources/utils'
-
-    group = @project.main_group.new_group('WireGuardHelper')
-    file = group.new_file 'extension/app/manifests/macos/mozillavpn.json'
-
-    nativeMessagingManifest_file = copy_nativeMessagingManifest.add_file_reference file
-    nativeMessagingManifest_file.settings = { "ATTRIBUTES" => ['RemoveHeadersOnCopy'] }
-  end
-
-  def die(msg)
-   print $msg
-   exit 1
-  end
-end
-
-if ARGV.length < 4 || (ARGV[4] != "ios" && ARGV[4] != "macos")
-  puts "Usage: <script> project_file shortVersion fullVersion ios/macos"
-  exit 1
-end
-
-if !File.exist?("ios/xcode.xconfig")
-  puts "xcode.xconfig file is required! See the template file."
-  exit 1
-end
-
-config = Hash.new
-configFile = File.read("ios/xcode.xconfig").split("\n")
-configFile.each { |line|
-  next if line[0] == "#"
-
-  if line.include? "="
-    keys = line.split("=")
-    config[keys[0].strip] = keys[1].strip
-  end
-}
-
-platform = "macos"
-platform = "ios" if ARGV[4] == "ios"
-networkExtension = true
-webExtension = false
-adjustToken = ""
-
-r = XCodeprojPatcher.new
-r.run ARGV[0], ARGV[1], ARGV[2], ARGV[3], platform, networkExtension, webExtension, config, adjustToken
-exit 0
diff --git a/client/macos/networkextension/AmneziaVPNNetworkExtension.entitlements b/client/macos/networkextension/AmneziaVPNNetworkExtension.entitlements
index 7e89a6d5..b4f08784 100644
--- a/client/macos/networkextension/AmneziaVPNNetworkExtension.entitlements
+++ b/client/macos/networkextension/AmneziaVPNNetworkExtension.entitlements
@@ -34,5 +34,9 @@
 
 	<key>com.apple.security.network.server</key>
 	<true/>
+	<key>com.apple.security.app-sandbox</key>
+	<true/>
+	<key>com.apple.private.network.socket-delegate</key>
+	<true/>
 </dict>
 </plist>
diff --git a/client/macos/networkextension/Info.plist b/client/macos/networkextension/Info.plist
index 96d82459..08fc4d0a 100644
--- a/client/macos/networkextension/Info.plist
+++ b/client/macos/networkextension/Info.plist
@@ -19,7 +19,7 @@
 	<key>CFBundleShortVersionString</key>
 	<string>$(MARKETING_VERSION)</string>
 	<key>CFBundleVersion</key>
-	<string>$(CURRENT_PROJECT_VERSION)</string>
+	<string>2</string>
 	<key>ITSAppUsesNonExemptEncryption</key>
 	<false/>
 	<key>LSMinimumSystemVersion</key>
diff --git a/client/macos/networkextension/WireGuardNetworkExtension-Bridging-Header.h b/client/macos/networkextension/WireGuardNetworkExtension-Bridging-Header.h
index bac84dfe..8a437ce0 100644
--- a/client/macos/networkextension/WireGuardNetworkExtension-Bridging-Header.h
+++ b/client/macos/networkextension/WireGuardNetworkExtension-Bridging-Header.h
@@ -5,6 +5,10 @@
 #include "macos/gobridge/wireguard.h"
 #include "wireguard-go-version.h"
 #include "3rd/wireguard-apple/Sources/WireGuardKitC/WireGuardKitC.h"
+#include "3rd/ShadowSocks/ShadowSocks/ShadowSocks.h"
+#include "platforms/ios/ssconnectivity.h"
+#include "platforms/ios/iosopenvpn2ssadapter.h"
+#include "3rd/libleaf/include/leaf.h" 
 
 #include <stdbool.h>
 #include <stdint.h>
diff --git a/client/main.cpp b/client/main.cpp
index 9cdab7eb..1283e839 100644
--- a/client/main.cpp
+++ b/client/main.cpp
@@ -37,6 +37,8 @@
 
 #include "QZXing.h"
 
+#include "platforms/ios/QRCodeReaderBase.h"
+
 #include "debug.h"
 #include "defines.h"
 
@@ -55,6 +57,10 @@
 #include "native.h"
 #endif
 
+#if defined(Q_OS_IOS)
+#include "QtAppDelegate-C-Interface.h"
+#endif
+
 static void loadTranslator()
 {
     QTranslator* translator = new QTranslator;
@@ -86,7 +92,6 @@ int main(int argc, char *argv[])
     QApplication app(argc, argv);
 #endif
 
-
 #ifdef Q_OS_WIN
     AllowSetForegroundWindow(0);
 #endif
@@ -95,6 +100,10 @@ int main(int argc, char *argv[])
     NativeHelpers::registerApplicationInstance(&app);
 #endif
 
+#if defined(Q_OS_IOS)
+    QtAppDelegateInitialize();
+#endif
+
     loadTranslator();
 
     QFontDatabase::addApplicationFont(":/fonts/Lato-Black.ttf");
@@ -167,6 +176,7 @@ int main(int argc, char *argv[])
     declareQmlContainerEnum();
 
     qmlRegisterType<PageType>("PageType", 1, 0, "PageType");
+    qmlRegisterType<QRCodeReader>("QRCodeReader", 1, 0, "QRCodeReader");
 
     QScopedPointer<ContainerProps> containerProps(new ContainerProps);
     qmlRegisterSingletonInstance("ContainerProps", 1, 0, "ContainerProps", containerProps.get());
@@ -200,6 +210,10 @@ int main(int argc, char *argv[])
     engine->rootContext()->setContextProperty("VpnLogic", uiLogic->vpnLogic());
     engine->rootContext()->setContextProperty("WizardLogic", uiLogic->wizardLogic());
 
+#if defined(Q_OS_IOS)
+    setStartPageLogic(uiLogic->startPageLogic());
+#endif
+
     engine->load(url);
 
     QObject::connect(&app, &QCoreApplication::aboutToQuit, uiLogic, [&engine, uiLogic](){
diff --git a/client/platforms/ios/MobileUtils.cpp b/client/platforms/ios/MobileUtils.cpp
new file mode 100644
index 00000000..eea504ce
--- /dev/null
+++ b/client/platforms/ios/MobileUtils.cpp
@@ -0,0 +1,5 @@
+#include "MobileUtils.h"
+
+void MobileUtils::shareText(const QStringList& filesToSend) {
+
+}
diff --git a/client/platforms/ios/MobileUtils.h b/client/platforms/ios/MobileUtils.h
new file mode 100644
index 00000000..42aa4031
--- /dev/null
+++ b/client/platforms/ios/MobileUtils.h
@@ -0,0 +1,17 @@
+#ifndef MOBILEUTILS_H
+#define MOBILEUTILS_H
+
+#include <QObject>
+#include <QStringList>
+
+class MobileUtils : public QObject {
+    Q_OBJECT
+
+public:
+    MobileUtils() = delete;
+
+public slots:
+    static void shareText(const QStringList& filesToSend);
+};
+
+#endif // MOBILEUTILS_H
diff --git a/client/platforms/ios/MobileUtils.mm b/client/platforms/ios/MobileUtils.mm
new file mode 100644
index 00000000..94c7c775
--- /dev/null
+++ b/client/platforms/ios/MobileUtils.mm
@@ -0,0 +1,33 @@
+#include "MobileUtils.h"
+
+#include <UIKit/UIKit.h>
+
+static UIViewController* getViewController() {
+    NSArray *windows = [[UIApplication sharedApplication]windows];
+    for (UIWindow *window in windows) {
+        if (window.isKeyWindow) {
+            return window.rootViewController;
+        }
+    }
+    return nil;
+}
+
+void MobileUtils::shareText(const QStringList& filesToSend) {
+    NSMutableArray *sharingItems = [NSMutableArray new];
+
+    for (int i = 0; i < filesToSend.size(); i++) {
+        NSURL *logFileUrl = [[NSURL alloc] initFileURLWithPath:filesToSend[i].toNSString()];
+        [sharingItems addObject:logFileUrl];
+    }
+
+    UIViewController *qtController = getViewController();
+    if (!qtController) return;
+
+    UIActivityViewController *activityController = [[UIActivityViewController alloc] initWithActivityItems:sharingItems applicationActivities:nil];
+
+    [qtController presentViewController:activityController animated:YES completion:nil];
+    UIPopoverPresentationController *popController = activityController.popoverPresentationController;
+    if (popController) {
+        popController.sourceView = qtController.view;
+    }
+}
diff --git a/client/platforms/ios/QRCodeReaderBase.cpp b/client/platforms/ios/QRCodeReaderBase.cpp
new file mode 100644
index 00000000..c3148a85
--- /dev/null
+++ b/client/platforms/ios/QRCodeReaderBase.cpp
@@ -0,0 +1,14 @@
+#include "QRCodeReaderBase.h"
+
+QRCodeReader::QRCodeReader()
+{
+
+}
+
+QRect QRCodeReader::cameraSize() {
+    return QRect();
+}
+
+void QRCodeReader::startReading() {}
+void QRCodeReader::stopReading() {}
+void QRCodeReader::setCameraSize(QRect) {}
diff --git a/client/platforms/ios/QRCodeReaderBase.h b/client/platforms/ios/QRCodeReaderBase.h
new file mode 100644
index 00000000..29a4946d
--- /dev/null
+++ b/client/platforms/ios/QRCodeReaderBase.h
@@ -0,0 +1,28 @@
+#ifndef QRCODEREADERBASE_H
+#define QRCODEREADERBASE_H
+
+#include <QObject>
+#include <QRect>
+
+class QRCodeReader: public QObject {
+    Q_OBJECT
+
+public:
+    QRCodeReader();
+
+    QRect cameraSize();
+
+public slots:
+    void startReading();
+    void stopReading();
+    void setCameraSize(QRect value);
+
+signals:
+    void codeReaded(QString code);
+    
+private:
+    void* m_qrCodeReader;
+    QRect m_cameraSize;
+};
+
+#endif // QRCODEREADERBASE_H
diff --git a/client/platforms/ios/QRCodeReaderBase.mm b/client/platforms/ios/QRCodeReaderBase.mm
new file mode 100644
index 00000000..bd0dbac3
--- /dev/null
+++ b/client/platforms/ios/QRCodeReaderBase.mm
@@ -0,0 +1,109 @@
+#include "QRCodeReaderBase.h"
+
+#import <UIKit/UIKit.h>
+#import <AVFoundation/AVFoundation.h>
+
+@interface QRCodeReaderImpl : UIViewController
+@end
+
+@interface QRCodeReaderImpl () <AVCaptureMetadataOutputObjectsDelegate>
+@property (nonatomic) QRCodeReader* qrCodeReader;
+@property (nonatomic, strong) AVCaptureSession *captureSession;
+@property (nonatomic, strong) AVCaptureVideoPreviewLayer *videoPreviewPlayer;
+@end
+
+
+@implementation QRCodeReaderImpl
+
+- (void)viewDidLoad {
+    [super viewDidLoad];
+
+    _captureSession = nil;
+}
+
+- (void)setQrCodeReader: (QRCodeReader*)value {
+    _qrCodeReader = value;
+}
+
+- (BOOL)startReading {
+    NSError *error;
+
+    AVCaptureDevice *captureDevice = [AVCaptureDevice defaultDeviceWithMediaType: AVMediaTypeVideo];
+    AVCaptureDeviceInput *deviceInput = [AVCaptureDeviceInput deviceInputWithDevice: captureDevice error: &error];
+
+    if(!deviceInput) {
+        NSLog(@"Error %@", error.localizedDescription);
+        return NO;
+    }
+
+    _captureSession = [[AVCaptureSession alloc]init];
+    [_captureSession addInput:deviceInput];
+
+    AVCaptureMetadataOutput *capturedMetadataOutput = [[AVCaptureMetadataOutput alloc] init];
+    [_captureSession addOutput:capturedMetadataOutput];
+
+    dispatch_queue_t dispatchQueue;
+    dispatchQueue = dispatch_queue_create("myQueue", NULL);
+    [capturedMetadataOutput setMetadataObjectsDelegate: self queue: dispatchQueue];
+    [capturedMetadataOutput setMetadataObjectTypes: [NSArray arrayWithObject:AVMetadataObjectTypeQRCode]];
+
+    _videoPreviewPlayer = [[AVCaptureVideoPreviewLayer alloc] initWithSession: _captureSession];
+    
+    CGFloat tabBarHeight = 20.0;
+    QRect cameraRect = _qrCodeReader->cameraSize();
+    CGRect cameraCGRect = CGRectMake(cameraRect.x(),
+                                     cameraRect.y() + tabBarHeight,
+                                     cameraRect.width(),
+                                     cameraRect.height());
+
+    [_videoPreviewPlayer setVideoGravity: AVLayerVideoGravityResizeAspect];
+    [_videoPreviewPlayer setFrame: cameraCGRect];
+
+    CALayer* layer = [UIApplication sharedApplication].keyWindow.layer;
+    [layer addSublayer: _videoPreviewPlayer];
+
+    [_captureSession startRunning];
+
+    return YES;
+}
+
+- (void)stopReading {
+    [_captureSession stopRunning];
+    _captureSession = nil;
+
+    [_videoPreviewPlayer removeFromSuperlayer];
+}
+
+- (void)captureOutput:(AVCaptureOutput *)output didOutputMetadataObjects:(NSArray<__kindof AVMetadataObject *> *)metadataObjects fromConnection:(AVCaptureConnection *)connection {
+
+    if (metadataObjects != nil && metadataObjects.count > 0) {
+        AVMetadataMachineReadableCodeObject *metadataObject = [metadataObjects objectAtIndex:0];
+
+        if ([[metadataObject type] isEqualToString: AVMetadataObjectTypeQRCode]) {
+            _qrCodeReader->emit codeReaded([metadataObject stringValue].UTF8String);
+        }
+    }
+}
+
+@end
+
+QRCodeReader::QRCodeReader() {
+    m_qrCodeReader = [[QRCodeReaderImpl alloc] init];
+    [m_qrCodeReader setQrCodeReader: this];
+}
+
+QRect QRCodeReader::cameraSize() {
+    return m_cameraSize;
+}
+
+void QRCodeReader::setCameraSize(QRect value) {
+    m_cameraSize = value;
+}
+
+void QRCodeReader::startReading() {
+    [m_qrCodeReader startReading];
+}
+
+void QRCodeReader::stopReading() {
+    [m_qrCodeReader stopReading];
+}
diff --git a/client/platforms/ios/QtAppDelegate-C-Interface.h b/client/platforms/ios/QtAppDelegate-C-Interface.h
new file mode 100644
index 00000000..afd31e7d
--- /dev/null
+++ b/client/platforms/ios/QtAppDelegate-C-Interface.h
@@ -0,0 +1,9 @@
+#ifndef QTAPPDELEGATECINTERFACE_H
+#define QTAPPDELEGATECINTERFACE_H
+
+#include "ui/pages_logic/StartPageLogic.h"
+
+void QtAppDelegateInitialize();
+void setStartPageLogic(StartPageLogic*);
+
+#endif // QTAPPDELEGATECINTERFACE_H
diff --git a/client/platforms/ios/QtAppDelegate.h b/client/platforms/ios/QtAppDelegate.h
new file mode 100644
index 00000000..1e0dc412
--- /dev/null
+++ b/client/platforms/ios/QtAppDelegate.h
@@ -0,0 +1,9 @@
+#import <UIKit/UIKit.h>
+#import "QtAppDelegate-C-Interface.h"
+
+#include "ui/pages_logic/StartPageLogic.h"
+
+@interface QtAppDelegate : UIResponder <UIApplicationDelegate>
++(QtAppDelegate *)sharedQtAppDelegate;
+@property (nonatomic) StartPageLogic* startPageLogic;
+@end
diff --git a/client/platforms/ios/QtAppDelegate.mm b/client/platforms/ios/QtAppDelegate.mm
new file mode 100644
index 00000000..f63bea35
--- /dev/null
+++ b/client/platforms/ios/QtAppDelegate.mm
@@ -0,0 +1,91 @@
+#import "QtAppDelegate.h"
+
+#include <QFile>
+
+@implementation QtAppDelegate
+
++(QtAppDelegate *)sharedQtAppDelegate {
+    static dispatch_once_t pred;
+    static QtAppDelegate *shared = nil;
+    dispatch_once(&pred, ^{
+        shared = [[super alloc] init];
+    });
+    return shared;
+}
+
+
+- (BOOL)application:(UIApplication *)application didFinishLaunchingWithOptions:(NSDictionary *)launchOptions
+{
+    [application setMinimumBackgroundFetchInterval: UIApplicationBackgroundFetchIntervalMinimum];
+    // Override point for customization after application launch.
+    NSLog(@"Did this launch option happen");
+    return YES;
+}
+
+- (void)applicationWillResignActive:(UIApplication *)application
+{
+    // Sent when the application is about to move from active to inactive state. This can occur for certain types of temporary interruptions (such as an incoming phone call or SMS message) or when the user quits the application and it begins the transition to the background state.
+    // Use this method to pause ongoing tasks, disable timers, and throttle down OpenGL ES frame rates. Games should use this method to pause the game.
+}
+
+- (void)applicationDidEnterBackground:(UIApplication *)application
+{
+    // Use this method to release shared resources, save user data, invalidate timers, and store enough application state information to restore your application to its current state in case it is terminated later.
+    // If your application supports background execution, this method is called instead of applicationWillTerminate: when the user quits.
+    NSLog(@"In the background");
+}
+
+- (void)applicationWillEnterForeground:(UIApplication *)application
+{
+    // Called as part of the transition from the background to the inactive state; here you can undo many of the changes made on entering the background.
+    NSLog(@"In the foreground");
+}
+
+- (void)applicationDidBecomeActive:(UIApplication *)application
+{
+    // Restart any tasks that were paused (or not yet started) while the application was inactive. If the application was previously in the background, optionally refresh the user interface.
+}
+
+- (void)applicationWillTerminate:(UIApplication *)application
+{
+    // Called when the application is about to terminate. Save data if appropriate. See also applicationDidEnterBackground:.
+}
+
+-(void)application:(UIApplication *)application performFetchWithCompletionHandler:(void (^)(UIBackgroundFetchResult))completionHandler {
+    // We will add content here soon.
+    NSLog(@"In the completionHandler");
+}
+
+- (BOOL)application:(UIApplication *)app
+            openURL:(NSURL *)url
+            options:(NSDictionary<UIApplicationOpenURLOptionsKey, id> *)options {
+    
+    NSLog(@"Application openURL: %@", url);
+    if (url.fileURL) {
+        QString filePath(url.path.UTF8String);
+        qDebug() << "filePath:" << filePath;
+        if (filePath.isEmpty()) return NO;
+
+        QFile file(filePath);
+        bool isOpenFile = file.open(QIODevice::ReadOnly);
+        qDebug() << "isOpenFile:" << isOpenFile;
+        QByteArray data = file.readAll();
+        
+        [QtAppDelegate sharedQtAppDelegate].startPageLogic->importConnectionFromCode(QString(data));
+        return YES;
+    }
+    return NO;
+}
+
+
+void QtAppDelegateInitialize()
+{
+    [[UIApplication sharedApplication] setDelegate: [QtAppDelegate sharedQtAppDelegate]];
+    NSLog(@"Created a new AppDelegate");
+}
+
+void setStartPageLogic(StartPageLogic* startPage) {
+    [QtAppDelegate sharedQtAppDelegate].startPageLogic = startPage;
+}
+
+@end
diff --git a/client/platforms/ios/iosinterface.swift b/client/platforms/ios/iosinterface.swift
new file mode 100644
index 00000000..75c25011
--- /dev/null
+++ b/client/platforms/ios/iosinterface.swift
@@ -0,0 +1,230 @@
+import Foundation
+import Darwin
+
+typealias InetFamily = UInt8
+typealias Flags = Int32
+
+func destinationAddress(_ data: ifaddrs) -> UnsafeMutablePointer<sockaddr>! { return data.ifa_dstaddr }
+func socketLength4(_ addr: sockaddr) -> UInt32 { return socklen_t(addr.sa_len) }
+
+/**
+ * This class represents a network interface in your system. For example, `en0` with a certain IP address.
+ * It is a wrapper around the `getifaddrs` system call.
+ *
+ * Typical use of this class is to first call `Interface.allInterfaces()` and then use the properties of the interface(s) that you need.
+ *
+ * - See: `/usr/include/ifaddrs.h`
+ */
+open class Interface : CustomStringConvertible, CustomDebugStringConvertible {
+    public var id = UUID()
+    /// The network interface family (IPv4 or IPv6, otherwise error).
+    public enum Family : Int {
+        case ipv4
+        case ipv6
+        case other
+        
+        public func toString() -> String {
+            switch (self) {
+                case .ipv4: return "IPv4"
+                case .ipv6: return "IPv6"
+                default: return "other"
+            }
+        }
+    }
+    
+    /**
+     * Returns all network interfaces in your system. If you have an interface name (e.g. `en0`) that has
+     * multiple IP addresses (e.g. one IPv4 address and a few IPv6 addresses), then they will be returned
+     * as separate instances of Interface.
+     * - Returns: An array containing all network interfaces in your system.
+     */
+    public static func allInterfaces() -> [Interface] {
+        var interfaces : [Interface] = []
+        
+        var ifaddrsPtr : UnsafeMutablePointer<ifaddrs>? = nil
+        if getifaddrs(&ifaddrsPtr) == 0 {
+            var ifaddrPtr = ifaddrsPtr
+            while ifaddrPtr != nil {
+                let addr = ifaddrPtr?.pointee.ifa_addr.pointee
+                if addr?.sa_family == InetFamily(AF_INET) || addr?.sa_family == InetFamily(AF_INET6) {
+                    interfaces.append(Interface(data: (ifaddrPtr?.pointee)!))
+                }
+                ifaddrPtr = ifaddrPtr?.pointee.ifa_next
+            }
+            freeifaddrs(ifaddrsPtr)
+        }
+
+        return interfaces
+    }
+    
+    /**
+     * Returns a new Interface instance that does not represent a real network interface, but can be used for (unit) testing.
+     * - Returns: An instance of Interface that does *not* represent a real network interface.
+     */
+    public static func createTestDummy(_ name:String, family:Family, address:String, multicastSupported:Bool, broadcastAddress:String?) -> Interface
+    {
+        return Interface(name: name, family: family, address: address, netmask: nil, running: true, up: true, loopback: false, multicastSupported: multicastSupported, broadcastAddress: broadcastAddress)
+    }
+    
+    /**
+     * Initialize a new Interface with the given properties.
+     */
+    public init(name:String, family:Family, address:String?, netmask:String?, running:Bool, up:Bool, loopback:Bool, multicastSupported:Bool, broadcastAddress:String?) {
+        self.name = name
+        self.family = family
+        self.address = address
+        self.netmask = netmask
+        self.running = running
+        self.up = up
+        self.loopback = loopback
+        self.multicastSupported = multicastSupported
+        self.broadcastAddress = broadcastAddress
+    }
+
+    convenience init(data:ifaddrs) {
+        let flags = Flags(data.ifa_flags)
+        let broadcastValid : Bool = ((flags & IFF_BROADCAST) == IFF_BROADCAST)
+        self.init(name: String(cString: data.ifa_name),
+            family: Interface.extractFamily(data),
+            address: Interface.extractAddress(data.ifa_addr),
+            netmask: Interface.extractAddress(data.ifa_netmask),
+            running: ((flags & IFF_RUNNING) == IFF_RUNNING),
+            up: ((flags & IFF_UP) == IFF_UP),
+            loopback: ((flags & IFF_LOOPBACK) == IFF_LOOPBACK),
+            multicastSupported: ((flags & IFF_MULTICAST) == IFF_MULTICAST),
+            broadcastAddress: ((broadcastValid && destinationAddress(data) != nil) ? Interface.extractAddress(destinationAddress(data)) : nil))
+    }
+    
+    fileprivate static func extractFamily(_ data:ifaddrs) -> Family {
+        var family : Family = .other
+        let addr = data.ifa_addr.pointee
+        if addr.sa_family == InetFamily(AF_INET) {
+            family = .ipv4
+        }
+        else if addr.sa_family == InetFamily(AF_INET6) {
+            family = .ipv6
+        }
+        else {
+            family = .other
+        }
+        return family
+    }
+
+    fileprivate static func extractAddress(_ address: UnsafeMutablePointer<sockaddr>?) -> String? {
+        guard let address = address else { return nil }
+        return address.withMemoryRebound(to: sockaddr_storage.self, capacity: 1) {
+            if (address.pointee.sa_family == sa_family_t(AF_INET)) {
+                return extractAddress_ipv4($0)
+            }
+            else if (address.pointee.sa_family == sa_family_t(AF_INET6)) {
+                return extractAddress_ipv6($0)
+            }
+            else {
+                return nil
+            }
+        }
+    }
+    
+    fileprivate static func extractAddress_ipv4(_ address:UnsafeMutablePointer<sockaddr_storage>) -> String? {
+        return address.withMemoryRebound(to: sockaddr.self, capacity: 1) { addr in
+            var address : String? = nil
+            var hostname = [CChar](repeating: 0, count: Int(2049))
+            if (getnameinfo(&addr.pointee, socklen_t(socketLength4(addr.pointee)), &hostname,
+                            socklen_t(hostname.count), nil, socklen_t(0), NI_NUMERICHOST) == 0) {
+                address = String(cString: hostname)
+            }
+            else {
+                //            var error = String.fromCString(gai_strerror(errno))!
+                //            println("ERROR: \(error)")
+            }
+            return address
+            
+        }
+    }
+    
+    fileprivate static func extractAddress_ipv6(_ address:UnsafeMutablePointer<sockaddr_storage>) -> String? {
+        var addr = address.pointee
+        var ip : [Int8] = [Int8](repeating: Int8(0), count: Int(INET6_ADDRSTRLEN))
+        return inetNtoP(&addr, ip: &ip)
+    }
+    
+    fileprivate static func inetNtoP(_ addr:UnsafeMutablePointer<sockaddr_storage>, ip:UnsafeMutablePointer<Int8>) -> String? {
+        return addr.withMemoryRebound(to: sockaddr_in6.self, capacity: 1) { addr6 in
+            let conversion:UnsafePointer<CChar> = inet_ntop(AF_INET6, &addr6.pointee.sin6_addr, ip, socklen_t(INET6_ADDRSTRLEN))
+            return String(cString: conversion)
+        }
+    }
+    
+    /**
+     * Creates the network format representation of the interface's IP address. Wraps `inet_pton`.
+     */
+    open var addressBytes: [UInt8]? {
+        guard let addr = address else { return nil }
+        
+        let af:Int32
+        let len:Int
+        switch family {
+        case .ipv4:
+            af = AF_INET
+            len = 4
+        case .ipv6:
+            af = AF_INET6
+            len = 16
+        default:
+            return nil
+        }
+        var bytes = [UInt8](repeating: 0, count: len)
+        let result = inet_pton(af, addr, &bytes)
+        return ( result == 1 ) ? bytes : nil
+    }
+    
+    /// `IFF_RUNNING` flag of `ifaddrs->ifa_flags`.
+    open var isRunning: Bool { return running }
+    
+    /// `IFF_UP` flag of `ifaddrs->ifa_flags`.
+    open var isUp: Bool { return up }
+    
+    /// `IFF_LOOPBACK` flag of `ifaddrs->ifa_flags`.
+    open var isLoopback: Bool { return loopback }
+    
+    /// `IFF_MULTICAST` flag of `ifaddrs->ifa_flags`.
+    open var supportsMulticast: Bool { return multicastSupported }
+
+    /// Field `ifaddrs->ifa_name`.
+    public let name : String
+    
+    /// Field `ifaddrs->ifa_addr->sa_family`.
+    public let family : Family
+    
+    /// Extracted from `ifaddrs->ifa_addr`, supports both IPv4 and IPv6.
+    public let address : String?
+    
+    /// Extracted from `ifaddrs->ifa_netmask`, supports both IPv4 and IPv6.
+    public let netmask : String?
+    
+    /// Extracted from `ifaddrs->ifa_dstaddr`. Not applicable for IPv6.
+    public let broadcastAddress : String?
+    
+    fileprivate let running : Bool
+    fileprivate let up : Bool
+    fileprivate let loopback : Bool
+    fileprivate let multicastSupported : Bool
+    
+    /// Returns the interface name.
+    open var description: String { return name }
+    
+    /// Returns a string containing a few properties of the Interface.
+    open var debugDescription: String {
+        var s = "Interface name:\(name) family:\(family)"
+        if let ip = address {
+            s += " ip:\(ip)"
+        }
+        s += isUp ? " (up)" : " (down)"
+        s += isRunning ? " (running)" : "(not running)"
+        return s
+    }
+}
+
+#if swift(>=5)
+extension Interface: Identifiable {}
+#endif
diff --git a/client/platforms/ios/ioslogger.swift b/client/platforms/ios/ioslogger.swift
index deb2285e..e364d365 100644
--- a/client/platforms/ios/ioslogger.swift
+++ b/client/platforms/ios/ioslogger.swift
@@ -50,4 +50,5 @@ func wg_log(_ type: OSLogType, staticMessage msg: StaticString) {
 func wg_log(_ type: OSLogType, message msg: String) {
     os_log("%{public}s", log: OSLog.default, type: type, msg)
     Logger.global?.log(message: msg)
+    NSLog("AMNEZIA: \(msg)")
 }
diff --git a/client/platforms/ios/iosopenvpn2ssadapter.h b/client/platforms/ios/iosopenvpn2ssadapter.h
new file mode 100644
index 00000000..2189189b
--- /dev/null
+++ b/client/platforms/ios/iosopenvpn2ssadapter.h
@@ -0,0 +1,21 @@
+#ifndef iosopenvpn2ssadapter_h
+#define iosopenvpn2ssadapter_h
+
+#import <Foundation/Foundation.h>
+#import "ssadapterpacketflow.h"
+#import <OpenVPNAdapter/OpenVPNAdapterPacketFlow.h>
+
+@interface ShadowSocksAdapterFlowBridge: NSObject
+
+@property (nonatomic, weak) id<ShadowSocksAdapterPacketFlow> ssPacketFlow;
+@property (nonatomic, readonly) CFSocketRef ssSocket;
+@property (nonatomic, readonly) CFSocketRef packetFlowSocket;
+
+- (BOOL)configureSocketWithError:(NSError **)error;
+- (void)invalidateSocketsIfNeeded;
+- (void)processPackets;
+
+@end
+
+
+#endif /* iosopenvpn2ssadapter_h */
diff --git a/client/platforms/ios/iosopenvpn2ssadapter.m b/client/platforms/ios/iosopenvpn2ssadapter.m
new file mode 100644
index 00000000..dcf4e249
--- /dev/null
+++ b/client/platforms/ios/iosopenvpn2ssadapter.m
@@ -0,0 +1,139 @@
+#import "iosopenvpn2ssadapter.h"
+
+#include <sys/socket.h>
+#include <arpa/inet.h>
+
+#import "sspacket.h"
+#import "ssadapterpacketflow.h"
+
+@implementation ShadowSocksAdapterFlowBridge
+
+# pragma mark - Sockets Configuration
+
+static void SocketCallback(CFSocketRef socket, CFSocketCallBackType type, CFDataRef address, const void *data, void *obj) {
+    if (type != kCFSocketDataCallBack) {
+        return;
+    }
+    SSPacket *packet = [[SSPacket alloc] initWithSSData:data];
+    ShadowSocksAdapterFlowBridge *bridge = (__bridge ShadowSocksAdapterFlowBridge*)obj;
+    [bridge writePackets:@[packet] toPacketFlow:bridge.ssPacketFlow];
+}
+
+- (BOOL)configureSocketWithError:(NSError * __autoreleasing *)error {
+    int sockets[2];
+    if (socketpair(PF_LOCAL, SOCK_DGRAM, IPPROTO_IP, sockets) == -1) {
+        if (error) {
+            NSDictionary *userInfo = @{
+                // TODO: handle
+            };
+            *error = [NSError errorWithDomain:@"Some domain" code:100 userInfo:userInfo];
+        }
+        return NO;
+    }
+    CFSocketContext socketCtx = {0, (__bridge void *)self, NULL, NULL, NULL};
+    _packetFlowSocket = CFSocketCreateWithNative(kCFAllocatorDefault, sockets[0], kCFSocketDataCallBack, SocketCallback, &socketCtx);
+    _ssSocket = CFSocketCreateWithNative(kCFAllocatorDefault, sockets[1], kCFSocketNoCallBack, NULL, NULL);
+    if (!(_packetFlowSocket && _ssSocket)) {
+        if (error) {
+            NSDictionary *userInfo = @{
+                // TODO: handle
+            };
+            *error = [NSError errorWithDomain:@"Some domain" code:100 userInfo:userInfo];
+        }
+        return NO;
+    }
+    if (!([self configureOptionsForSocket:_packetFlowSocket error:error] && [self configureOptionsForSocket:_ssSocket error:error])) {
+        return NO;
+    }
+    CFRunLoopSourceRef packetFlowSocketSource = CFSocketCreateRunLoopSource(kCFAllocatorDefault, _packetFlowSocket, 0);
+    CFRunLoopAddSource(CFRunLoopGetMain(), packetFlowSocketSource, kCFRunLoopDefaultMode);
+    CFRelease(packetFlowSocketSource);
+    return YES;
+}
+
+- (void)invalidateSocketsIfNeeded {
+    if (_ssSocket) {
+        CFSocketInvalidate(_ssSocket);
+        CFRelease(_ssSocket);
+        _ssSocket = NULL;
+    }
+    if (_packetFlowSocket) {
+        CFSocketInvalidate(_packetFlowSocket);
+        CFRelease(_packetFlowSocket);
+        _packetFlowSocket = NULL;
+    }
+}
+
+- (void)processPackets {
+    NSAssert(self.ssPacketFlow != nil, @"packetFlow property shouldn't be nil, set it before start reading packets.");
+    __weak typeof(self) weakSelf = self;
+    [self.ssPacketFlow readPacketsWithCompletionHandler:^(NSArray<NSData *> *packets, NSArray<NSNumber *> *protocols) {
+        __strong typeof(self) self = weakSelf;
+        [self writePackets:packets protocols:protocols toSocket:self.packetFlowSocket];
+        [self processPackets];
+    }];
+}
+
+- (void)dealloc {
+    [self invalidateSocketsIfNeeded];
+    [super dealloc];
+}
+
+# pragma mark - Socket configuration
+- (BOOL)configureOptionsForSocket:(CFSocketRef)socket error:(NSError * __autoreleasing *)error {
+    CFSocketNativeHandle socketHandle = CFSocketGetNative(socket);
+    
+    int buf_value = 65536;
+    socklen_t buf_len = sizeof(buf_value);
+    
+    if (setsockopt(socketHandle, SOL_SOCKET, SO_RCVBUF, &buf_value, buf_len) == -1) {
+        if (error) {
+            NSDictionary *userInfo = @{
+                // TODO: handle
+            };
+            *error = [NSError errorWithDomain:@"Some domain" code:100 userInfo:userInfo];
+        }
+        
+        return NO;
+    }
+    
+    if (setsockopt(socketHandle, SOL_SOCKET, SO_SNDBUF, &buf_value, buf_len) == -1) {
+        if (error) {
+            NSDictionary *userInfo = @{
+                // TODO: handle
+            };
+            *error = [NSError errorWithDomain:@"Some domain" code:100 userInfo:userInfo];
+        }
+        
+        return NO;
+    }
+    return YES;
+}
+
+# pragma mark - Protocol methods
+- (void)writePackets:(NSArray<SSPacket *> *)packets toPacketFlow:(id<ShadowSocksAdapterPacketFlow>)packetFlow {
+    NSAssert(self.ssPacketFlow != nil, @"packetFlow shouldn't be nil, check provided parameter before start writing packets.");
+    
+    NSMutableArray<NSData *> *flowPackets = [[NSMutableArray alloc] init];
+    NSMutableArray<NSNumber *> *protocols = [[NSMutableArray alloc] init];
+    
+    [packets enumerateObjectsUsingBlock:^(SSPacket * _Nonnull packet, NSUInteger idx, BOOL * _Nonnull stop) {
+        [flowPackets addObject:packet.ssPacketFlowData];
+        [protocols addObject:packet.protocolFamily];
+    }];
+    
+    [packetFlow writePackets:flowPackets withProtocols:protocols];
+}
+
+- (void)writePackets:(NSArray<NSData *> *)packets protocols:(NSArray<NSNumber *> *)protocols toSocket:(CFSocketRef)socket {
+    if (socket == NULL) { return; }
+    
+    [packets enumerateObjectsUsingBlock:^(NSData *data, NSUInteger idx, BOOL *stop) {
+        NSNumber *protocolFamily = protocols[idx];
+        SSPacket *packet = [[SSPacket alloc] initWithPacketFlowData:data protocolFamily:protocolFamily];
+        
+        CFSocketSendData(socket, NULL, (CFDataRef)packet.vpnData, 0.05);
+    }];
+}
+
+@end
diff --git a/client/platforms/ios/iostunnel.swift b/client/platforms/ios/iostunnel.swift
index 888d17d2..5209306d 100644
--- a/client/platforms/ios/iostunnel.swift
+++ b/client/platforms/ios/iostunnel.swift
@@ -1,15 +1,45 @@
-// SPDX-License-Identifier: MIT
-// Copyright © 2018-2020 WireGuard LLC. All Rights Reserved.
-
 import Foundation
 import NetworkExtension
 import os
+import Darwin
 import OpenVPNAdapter
+//import Tun2socks
 
 enum TunnelProtoType: String {
-    case wireguard, openvpn, none
+    case wireguard, openvpn, shadowsocks, none
 }
 
+struct Constants {
+    static let kDefaultPathKey = "defaultPath"
+    static let processQueueName = "org.amnezia.process-packets"
+    static let ssQueueName = "org.amnezia.shadowsocks"
+    static let kActivationAttemptId = "activationAttemptId"
+    static let ovpnConfigKey = "ovpn"
+    static let ssConfigKey = "ss"
+    static let loggerTag = "NET"
+    static let ssRemoteHost = "server"
+    static let ssRemotePort = "server_port"
+    static let ssLocalAddressKey = "local_addr"
+    static let ssLocalPortKey = "local_port"
+    static let ssTimeoutKey = "timeout"
+    static let ssCipherKey = "method"
+    static let ssPasswordKey = "password"
+    static let kActionStart = "start"
+    static let kActionRestart = "restart"
+    static let kActionStop = "stop"
+    static let kActionGetTunnelId = "getTunnelId"
+    static let kActionIsServerReachable = "isServerReachable"
+    static let kMessageKeyAction = "action"
+    static let kMessageKeyTunnelid = "tunnelId"
+    static let kMessageKeyConfig = "config"
+    static let kMessageKeyErrorCode = "errorCode"
+    static let kMessageKeyHost = "host"
+    static let kMessageKeyPort = "port"
+    static let kMessageKeyOnDemand = "is-on-demand"
+}
+
+typealias ShadowsocksProxyCompletion = ((Int32, NSError?) -> Void)?
+
 class PacketTunnelProvider: NEPacketTunnelProvider {
     
     private lazy var wgAdapter: WireGuardAdapter = {
@@ -24,6 +54,22 @@ class PacketTunnelProvider: NEPacketTunnelProvider {
         return adapter
     }()
     
+    private var shadowSocksConfig: Data? = nil
+    private var openVPNConfig: Data? = nil
+    var ssCompletion: ShadowsocksProxyCompletion = nil
+    
+//    private var ssProvider: ShadowSocksTunnel? = nil
+//    private var ssLocalPort: Int = 8585
+//    private var ssRemoteHost = ""
+//    private var leafProvider: TunProvider? = nil
+//
+//    private var tun2socksTunnel: Tun2socksOutlineTunnelProtocol? = nil
+//    private var tun2socksWriter: Tun2socksTunWriter? = nil
+//    private let processQueue = DispatchQueue(label: Constants.processQueueName)
+//    private var connection: NWTCPConnection? = nil
+//    private var session: NWUDPSession? = nil
+//    private var observer: AnyObject?
+   
     let vpnReachability = OpenVPNReachability()
 
     var startHandler: ((Error?) -> Void)?
@@ -31,15 +77,16 @@ class PacketTunnelProvider: NEPacketTunnelProvider {
     var protoType: TunnelProtoType = .wireguard
     
     override func startTunnel(options: [String: NSObject]?, completionHandler: @escaping (Error?) -> Void) {
-        let activationAttemptId = options?["activationAttemptId"] as? String
+        let activationAttemptId = options?[Constants.kActivationAttemptId] as? String
         let errorNotifier = ErrorNotifier(activationAttemptId: activationAttemptId)
         
-        Logger.configureGlobal(tagged: "NET", withFilePath: FileManager.logFileURL?.path)
+        Logger.configureGlobal(tagged: Constants.loggerTag, withFilePath: FileManager.logFileURL?.path)
         
         if let protocolConfiguration = self.protocolConfiguration as? NETunnelProviderProtocol,
            let providerConfiguration = protocolConfiguration.providerConfiguration,
-           let _: Data = providerConfiguration["ovpn"] as? Data {
-            protoType = .openvpn
+           let _: Data = providerConfiguration[Constants.ovpnConfigKey] as? Data {
+            let withoutShadowSocks = providerConfiguration[Constants.ssConfigKey] as? Data == nil
+            protoType = withoutShadowSocks ? .openvpn : .shadowsocks
         } else {
             protoType = .wireguard
         }
@@ -51,6 +98,9 @@ class PacketTunnelProvider: NEPacketTunnelProvider {
                            completionHandler: completionHandler)
         case .openvpn:
             startOpenVPN(completionHandler: completionHandler)
+        case .shadowsocks:
+            break
+//            startShadowSocks(completionHandler: completionHandler)
         case .none:
             break
         }
@@ -62,53 +112,25 @@ class PacketTunnelProvider: NEPacketTunnelProvider {
             stopWireguard(with: reason, completionHandler: completionHandler)
         case .openvpn:
             stopOpenVPN(with: reason, completionHandler: completionHandler)
+        case .shadowsocks:
+            break
+//            stopShadowSocks(with: reason, completionHandler: completionHandler)
         case .none:
             break
         }
     }
     
     override func handleAppMessage(_ messageData: Data, completionHandler: ((Data?) -> Void)? = nil) {
-        guard let completionHandler = completionHandler else { return }
-        
-        if messageData.count == 1 && messageData[0] == 0 {
-            wgAdapter.getRuntimeConfiguration { settings in
-                var data: Data?
-                if let settings = settings {
-                    data = settings.data(using: .utf8)!
-                }
-                completionHandler(data)
-            }
-        } else if messageData.count >= 1 {
-            // Updates the tunnel configuration and responds with the active configuration
-            wg_log(.info, message: "Switching tunnel configuration")
-            guard let configString = String(data: messageData, encoding: .utf8)
-            else {
-                completionHandler(nil)
-                return
-            }
-            
-            do {
-                let tunnelConfiguration = try TunnelConfiguration(fromWgQuickConfig: configString)
-                wgAdapter.update(tunnelConfiguration: tunnelConfiguration) { error in
-                    if let error = error {
-                        wg_log(.error, message: "Failed to switch tunnel configuration: \(error.localizedDescription)")
-                        completionHandler(nil)
-                        return
-                    }
-                    
-                    self.wgAdapter.getRuntimeConfiguration { settings in
-                        var data: Data?
-                        if let settings = settings {
-                            data = settings.data(using: .utf8)!
-                        }
-                        completionHandler(data)
-                    }
-                }
-            } catch {
-                completionHandler(nil)
-            }
-        } else {
-            completionHandler(nil)
+        switch protoType {
+        case .wireguard:
+            handleWireguardAppMessage(messageData, completionHandler: completionHandler)
+        case .openvpn:
+            handleWireguardAppMessage(messageData, completionHandler: completionHandler)
+        case .shadowsocks:
+            break
+//            handleShadowSocksAppMessage(messageData, completionHandler: completionHandler)
+        case .none:
+            break
         }
     }
     
@@ -168,35 +190,32 @@ class PacketTunnelProvider: NEPacketTunnelProvider {
     private func startOpenVPN(completionHandler: @escaping (Error?) -> Void) {
         guard let protocolConfiguration = self.protocolConfiguration as? NETunnelProviderProtocol,
            let providerConfiguration = protocolConfiguration.providerConfiguration,
-           let ovpnConfiguration: Data = providerConfiguration["ovpn"] as? Data else {
+              let ovpnConfiguration: Data = providerConfiguration[Constants.ovpnConfigKey] as? Data else {
+            // TODO: handle errors properly
+               wg_log(.error, message: "Can't start startOpenVPN()")
             return
         }
         
-        let configuration = OpenVPNConfiguration()
-        configuration.fileContent = ovpnConfiguration
-//        configuration.settings = [] // Additional setting if needed any
-//        configuration.tunPersist = true // keep tun active during pauses/reconections
-        let evaluation: OpenVPNConfigurationEvaluation
-        do {
-            evaluation = try ovpnAdapter.apply(configuration: configuration)
-        } catch {
-            completionHandler(error)
-            return
-        }
-        
-        if !evaluation.autologin {
-            print("Implement login with user credentials")
-        }
-        
-        vpnReachability.startTracking { [weak self] status in
-            guard status == .reachableViaWiFi else { return }
-            self?.ovpnAdapter.reconnect(afterTimeInterval: 5)
-        }
-        
-        startHandler = completionHandler
-        ovpnAdapter.connect(using: packetFlow)
+        setupAndlaunchOpenVPN(withConfig: ovpnConfiguration, completionHandler: completionHandler)
     }
-    
+/*
+    private func startShadowSocks(completionHandler: @escaping (Error?) -> Void) {
+        guard let protocolConfiguration = self.protocolConfiguration as? NETunnelProviderProtocol,
+              let providerConfiguration = protocolConfiguration.providerConfiguration,
+              let ssConfiguration: Data = providerConfiguration[Constants.ssConfigKey] as? Data,
+              let ovpnConfiguration: Data = providerConfiguration[Constants.ovpnConfigKey] as? Data else {
+                  // TODO: handle errors properly
+                  wg_log(.error, message: "Cannot start startShadowSocks()")
+                  return
+              }
+        self.shadowSocksConfig = ssConfiguration
+        self.openVPNConfig = ovpnConfiguration
+        wg_log(.info, message: "Prepare to start shadowsocks/tun2socks/leaf")
+//        self.startSSProvider(completion: completionHandler)
+//        startTun2SocksTunnel(completion: completionHandler)
+        self.startLeafRedirector(completion: completionHandler)
+    }
+*/
     private func stopWireguard(with reason: NEProviderStopReason, completionHandler: @escaping () -> Void) {
         wg_log(.info, staticMessage: "Stopping tunnel")
         
@@ -224,6 +243,546 @@ class PacketTunnelProvider: NEPacketTunnelProvider {
         }
         ovpnAdapter.disconnect()
     }
+/*
+    private func stopShadowSocks(with reason: NEProviderStopReason, completionHandler: @escaping () -> Void) {
+        stopOpenVPN(with: reason) { [weak self] in
+            guard let `self` = self else { return }
+//            self.stopSSProvider(completionHandler: completionHandler)
+//            self.stopTun2SocksTunnel(completionHandler: completionHandler)
+            self.stopLeafRedirector(completion: completionHandler)
+        }
+    }
+*/
+    private func handleWireguardAppMessage(_ messageData: Data, completionHandler: ((Data?) -> Void)? = nil) {
+        guard let completionHandler = completionHandler else { return }
+        if messageData.count == 1 && messageData[0] == 0 {
+            wgAdapter.getRuntimeConfiguration { settings in
+                var data: Data?
+                if let settings = settings {
+                    data = settings.data(using: .utf8)!
+                }
+                completionHandler(data)
+            }
+        } else if messageData.count >= 1 {
+            // Updates the tunnel configuration and responds with the active configuration
+            wg_log(.info, message: "Switching tunnel configuration")
+            guard let configString = String(data: messageData, encoding: .utf8)
+            else {
+                completionHandler(nil)
+                return
+            }
+            
+            do {
+                let tunnelConfiguration = try TunnelConfiguration(fromWgQuickConfig: configString)
+                wgAdapter.update(tunnelConfiguration: tunnelConfiguration) { error in
+                    if let error = error {
+                        wg_log(.error, message: "Failed to switch tunnel configuration: \(error.localizedDescription)")
+                        completionHandler(nil)
+                        return
+                    }
+                    
+                    self.wgAdapter.getRuntimeConfiguration { settings in
+                        var data: Data?
+                        if let settings = settings {
+                            data = settings.data(using: .utf8)!
+                        }
+                        completionHandler(data)
+                    }
+                }
+            } catch {
+                completionHandler(nil)
+            }
+        } else {
+            completionHandler(nil)
+        }
+    }
+    
+/*
+    private func handleShadowSocksAppMessage(_ messageData: Data, completionHandler: ((Data?) -> Void)? = nil) {
+        guard let completionHandler = completionHandler else { return }
+        if let configString = String(data: messageData, encoding: .utf8) {
+            wg_log(.debug, message: configString)
+        }
+        
+        completionHandler(messageData)
+    }
+*/
+    // MARK: -- Tun2sock provider methods
+/*
+    private func startTun2SocksTunnel(completion: @escaping (Error?) -> Void) {
+        guard let ssConfiguration = self.shadowSocksConfig,
+              let ovpnConfiguration = self.openVPNConfig,
+              let ssConfig = try? JSONSerialization.jsonObject(with: ssConfiguration, options: []) as? [String: Any]
+        else {
+            wg_log(.info, message: "Cannot parse shadowsocks config")
+            let tun2socksError: NSError = .init(domain: "", code: 100, userInfo: nil)
+            completion(tun2socksError)
+            return
+        }
+        wg_log(.info, message: "SS Config: \(ssConfig)")
+        
+        guard let remoteHost = ssConfig[Constants.ssRemoteHost] as? String,
+              let remotePort = ssConfig[Constants.ssRemotePort] as? Int,
+              let method = ssConfig[Constants.ssCipherKey] as? String,
+              let password = ssConfig[Constants.ssPasswordKey] as? String else {
+                  wg_log(.error, message: "Cannot parse ss config")
+                  let tun2socksError: NSError = .init(domain: "", code: 100, userInfo: nil)
+                  completion(tun2socksError)
+                  return
+              }
+        
+        let connError: AutoreleasingUnsafeMutablePointer<NSError?>? = nil
+        ShadowsocksCheckConnectivity(remoteHost, remotePort, password, method, nil, connError)
+        if (connError?.pointee != nil) {
+            wg_log(.error, message: "Failed to start tun2socks tunnel with error: \(connError?.pointee?.localizedDescription ?? "oops")")
+            let tun2socksError: NSError = .init(domain: "", code: 100, userInfo: nil)
+            completion(tun2socksError)
+            return
+        }
+        setupAndlaunchOpenVPN(withConfig: ovpnConfiguration, withShadowSocks: true) { vpnError in
+            guard vpnError == nil else {
+                wg_log(.error, message: "Failed to start openvpn with tun2socks tunnel with error: \(vpnError?.localizedDescription ?? "oops")")
+                let tun2socksError: NSError = .init(domain: "", code: 100, userInfo: nil)
+                completion(tun2socksError)
+                return
+            }
+//        let ipv4settings: NEIPv4Settings = .init(addresses: ["192.0.2.1"], subnetMasks: ["255.255.255.0"])
+//        ipv4settings.includedRoutes = [.default()]
+//        ipv4settings.excludedRoutes = []
+//
+//        let dnsSettings: NEDNSSettings = .init(servers: ["1.1.1.1", "9.9.9.9", "208.67.222.222", "208.67.220.220"])
+//        let settings: NEPacketTunnelNetworkSettings = .init(tunnelRemoteAddress: "192.0.2.2")
+//        settings.ipv4Settings = ipv4settings
+//        settings.dnsSettings = dnsSettings
+//        settings.mtu = 1600
+//
+//        setTunnelNetworkSettings(settings) { tunError in
+            let ifaces = Interface.allInterfaces()
+                .filter { $0.family == .ipv4 }
+                .map { iface in iface.name }
+            
+            wg_log(.error, message: "Available TUN Interfaces: \(ifaces)")
+            self.tun2socksWriter = Tun2socksTunWriter()
+            let tunError: AutoreleasingUnsafeMutablePointer<NSError?>? = nil
+            self.tun2socksTunnel = Tun2socksConnectShadowsocksTunnel(self.tun2socksWriter, remoteHost, remotePort, password, method, false, tunError)
+            if (tunError?.pointee != nil) {
+                wg_log(.error, message: "Failed to start tun2socks tunnel with error: \(tunError?.pointee?.localizedDescription ?? "oops")")
+                let tun2socksError: NSError = .init(domain: "", code: 100, userInfo: nil)
+                completion(tun2socksError)
+                return
+            }
+            self.processQueue.async { self.processPackets() }
+            completion(nil)
+        }
+    }
+    
+    private func stopTun2SocksTunnel(completionHandler: @escaping () -> Void) {
+        if self.tun2socksTunnel != nil && self.tun2socksTunnel!.isConnected() {
+            self.tun2socksTunnel?.disconnect()
+        }
+        try? self.tun2socksWriter?.close()
+        completionHandler()
+    }
+    
+    private func processPackets() {
+        packetFlow.readPacketObjects { [weak self] packets in
+            guard let `self` = self else { return }
+            do {
+                let _ = try packets.map {
+                    var bytesWritten: Int = 0
+                    try self.tun2socksTunnel?.write($0.data, ret0_: &bytesWritten)
+                    self.processQueue.async {
+                        self.processPackets()
+                    }
+                }
+            } catch (let err) {
+                wg_log(.debug, message: "Error in tun2sock: \(err.localizedDescription)")
+            }
+        }
+    }
+
+    // MARK: -- Leaf provider methods
+
+    private func prepareConfig(onInterface iface: String, fromSSConfig ssConfig: Data, andOvpnConfig ovpnConfig: Data) -> UnsafePointer<CChar>? {
+        guard let ssConfig = try? JSONSerialization.jsonObject(with: ssConfig, options: []) as? [String: Any] else {
+        self.ssCompletion?(0, NSError(domain: Bundle.main.bundleIdentifier ?? "unknown",
+                                 code: 100,
+                                 userInfo: [NSLocalizedDescriptionKey: "Cannot parse json for ss in tunnel"]))
+            return nil
+        }
+
+        guard let remoteHost = ssConfig[Constants.ssRemoteHost] as? String,
+              let remotePort = ssConfig[Constants.ssRemotePort] as? Int,
+              let method = ssConfig[Constants.ssCipherKey] as? String,
+              let password = ssConfig[Constants.ssPasswordKey] as? String else {
+                  self.ssCompletion?(0, NSError(domain: Bundle.main.bundleIdentifier ?? "unknown",
+                                           code: 100,
+                                           userInfo: [NSLocalizedDescriptionKey: "Cannot asign profile params for ss in tunnel"]))
+                  return nil
+              }
+
+        var insettings:  [String: Any] = .init()
+        insettings["name"] = iface
+        insettings["address"] = "127.0.0.2"
+        insettings["netmask"] = "255.255.255.0"
+        insettings["gateway"] = "127.0.0.1"
+        insettings["mtu"] = 1600
+
+        var inbounds: [String: Any] = .init()
+        inbounds["protocol"] = "tun"
+        inbounds["settings"] = insettings
+        inbounds["tag"] = "tun_in"
+
+        var outbounds: [String: Any] = .init()
+        var outsettings: [String: Any] = .init()
+        outsettings["address"] = remoteHost
+        outsettings["port"] = remotePort
+        outsettings["method"] = method
+        outsettings["password"] = password
+        outbounds["protocol"] = "shadowsocks"
+        outbounds["settings"] = outsettings
+        outbounds["tag"] = "shadowsocks_out"
+
+        var params: [String: Any] = .init()
+        params["inbounds"] = [inbounds]
+        params["outbounds"] =  [outbounds]
+
+        wg_log(.error, message: "Config dictionary: \(params)")
+
+        guard let jsonData = try? JSONSerialization.data(withJSONObject: params, options: .prettyPrinted),
+              let jsonString = String(data: jsonData, encoding: .utf8) else { return nil }
+
+        wg_log(.error, message: "JSON String: \(jsonString)")
+
+        var path = ""
+        if let documentDirectory = FileManager.default.urls(for: .documentDirectory,
+                                                               in: .userDomainMask).first {
+            let pathWithFilename = documentDirectory.appendingPathComponent("config.json")
+            do {
+                try jsonString.write(to: pathWithFilename,
+                                     atomically: true,
+                                     encoding: .utf8)
+                path = pathWithFilename.path
+            } catch {
+                // Handle error
+            }
+        }
+        
+        return UnsafePointer(strdup(path))
+    }
+    
+    private func startLeafRedirector(completion: @escaping (Error?) -> Void) {
+        let ipv4settings: NEIPv4Settings = .init(addresses: ["127.0.0.2"], subnetMasks: ["255.255.255.0"])
+        ipv4settings.includedRoutes = [.default()]
+        ipv4settings.excludedRoutes = []
+        
+        let dnsSettings: NEDNSSettings = .init(servers: ["1.1.1.1", "9.9.9.9", "208.67.222.222", "208.67.220.220"])
+        dnsSettings.matchDomains = []
+        let settings: NEPacketTunnelNetworkSettings = .init(tunnelRemoteAddress: "127.0.0.1")
+        settings.ipv4Settings = ipv4settings
+        settings.dnsSettings = dnsSettings
+        settings.mtu = 1600
+        
+        self.setTunnelNetworkSettings(settings) { tunError in
+            let ifaces = Interface.allInterfaces()
+                .filter { $0.name.contains("tun") && $0.family == .ipv4 }
+                .map { iface in iface.name }
+            wg_log(.error, message: "Try on interface: \(ifaces)")
+            guard let ssConf = self.shadowSocksConfig,
+                  let ovpnConf = self.openVPNConfig,
+                  let config = self.prepareConfig(onInterface: ifaces.first ?? "utun2",
+                                                  fromSSConfig: ssConf,
+                                                  andOvpnConfig: ovpnConf) else {
+                      let ret: NSError = .init(domain: "", code: 100, userInfo: nil)
+                      completion(ret)
+                      return
+                  }
+            self.leafProvider = TunProvider(withConfig: config)
+            self.leafProvider?.testConfig(onPath: config) { configError in
+                wg_log(.error, message: "Config check status: \(configError!.desc)")
+                guard configError! == .noError else {
+                    wg_log(.error, message: "Config check status: \(configError!.desc)")
+                    let ret: NSError = .init(domain: "", code: 100, userInfo: nil)
+                    completion(ret)
+                    return
+                }
+                
+                wg_log(.error, message: "Available TUN Interfaces: \(ifaces)")
+               
+                self.leafProvider?.startTunnel { tunError in
+                    wg_log(.error, message: "Leaf tunnel start status: \(tunError!.desc)")
+                    guard tunError! == .noError else {
+                        wg_log(.error, message: "Leaf tunnel start error: \(tunError!.desc)")
+                        let ret: NSError = .init(domain: "", code: 100, userInfo: nil)
+                        completion(ret)
+                        return
+                    }
+                    completion(nil)
+                }
+            }
+            
+        }
+    }
+
+    private func stopLeafRedirector(completion: @escaping () -> Void) {
+        leafProvider?.stopTunnel { error in
+            // TODO: handle errors
+            completion()
+        }
+    }
+    
+    // MARK: -- ShadowSocks Provider methods
+    
+    private func startSSProvider(completion: @escaping (Error?) -> Void) {
+        guard let ssConfig = self.shadowSocksConfig, let ovpnConfig = self.openVPNConfig else { return }
+        if ssProvider == nil {
+            guard let config = try? JSONSerialization.jsonObject(with: ssConfig, options: []) as? [String: Any],
+                  let remoteHost = config[Constants.ssRemoteHost] as? String,
+                  let port = config[Constants.ssLocalPortKey] as? Int else {
+            self.ssCompletion?(0, NSError(domain: Bundle.main.bundleIdentifier ?? "unknown",
+                                     code: 100,
+                                     userInfo: [NSLocalizedDescriptionKey: "Cannot parse json for ss in tunnel"]))
+                return
+            }
+            ssProvider = SSProvider(config: ssConfig, localPort: port)
+            ssLocalPort = port
+            ssRemoteHost = remoteHost
+        }
+        
+        ssProvider?.start(usingPacketFlow: packetFlow, withConnectivityCheck: false) { errorCode in
+            wg_log(.info, message: "After starting shadowsocks")
+            wg_log(.error, message: "Starting ShadowSocks State: \(String(describing: errorCode))")
+            if (errorCode != nil && errorCode! != .noError) {
+                wg_log(.error, message: "Error starting ShadowSocks: \(String(describing: errorCode))")
+                return
+            }
+
+//            self.setupAndHandleOpenVPNOverSSConnection(withConfig: ovpnConfig)
+            self.startAndHandleTunnelOverSS(completionHandler: completion)
+        }
+    }
+    
+    private func startAndHandleTunnelOverSS(completionHandler: @escaping (Error?) -> Void) {
+//        let ipv4settings: NEIPv4Settings = .init(addresses: ["192.0.2.2"], subnetMasks: ["255.255.255.0"])
+//        let addedRoute1 = NEIPv4Route(destinationAddress: "0.0.0.0", subnetMask: "0.0.0.0")
+//        addedRoute1.gatewayAddress = "192.0.2.1"
+//        ipv4settings.includedRoutes = [addedRoute1]
+//        ipv4settings.excludedRoutes = []
+//
+//        let dnsSettings: NEDNSSettings = .init(servers: ["1.1.1.1", "9.9.9.9", "208.67.222.222", "208.67.220.220"])
+//        let settings: NEPacketTunnelNetworkSettings = .init(tunnelRemoteAddress: "192.0.2.1")
+//        settings.ipv4Settings = ipv4settings
+//        settings.dnsSettings = dnsSettings
+//        settings.mtu = 1600
+//
+//        setTunnelNetworkSettings(settings) { tunError in
+//
+//        }
+        
+        let ifaces = Interface.allInterfaces()
+            .filter { $0.family == .ipv4 }
+            .map { iface in iface.name }
+        
+        wg_log(.error, message: "Available TUN Interfaces: \(ifaces)")
+        let endpoint = NWHostEndpoint(hostname: "127.0.0.1", port: "\(self.ssLocalPort)")
+        self.session = self.createUDPSession(to: endpoint, from: nil)
+        self.setupWriteToFlow()
+        self.observer = self.session!.observe(\.state, options: [.new]) { conn, _  in
+            switch conn.state {
+            case .ready:
+                self.readFromFlow()
+                completionHandler(nil)
+            case .cancelled, .failed, .invalid:
+                self.stopSSProvider {
+                    self.cancelTunnelWithError(nil)
+                    completionHandler(nil)
+                }
+            default:
+                break
+            }
+        }
+    }
+    
+    private func setupAndHandleOpenVPNOverSSConnection(withConfig ovpnConfig: Data) {
+        let endpoint = NWHostEndpoint(hostname: "127.0.0.1", port: "\(self.ssLocalPort)")
+        self.session = self.createUDPSession(to: endpoint, from: nil)
+//        self.connection = self.createTCPConnection(to: endpoint, enableTLS: false, tlsParameters: nil, delegate: nil)
+        self.observer = self.session!.observe(\.state, options: [.new]) { conn, _  in
+            switch conn.state {
+            case .ready:
+                self.processQueue.async {
+                    self.setupWriteToFlow()
+                }
+                self.processQueue.async {
+                    self.readFromFlow()
+                }
+                
+                self.setupAndlaunchOpenVPN(withConfig: ovpnConfig, withShadowSocks: true) { vpnError in
+                    wg_log(.info, message: "After starting openVPN")
+                    guard vpnError == nil else {
+                        wg_log(.error, message: "Failed to start openvpn with error: \(vpnError?.localizedDescription ?? "oops")")
+                        return
+                    }
+                }
+            case .cancelled, .failed, .invalid:
+                self.stopSSProvider {
+                    self.cancelTunnelWithError(nil)
+                }
+            default:
+                break
+            }
+        }
+    }
+    
+    private func readFromFlow() {
+        wg_log(.error, message: "Start reading packets to connection")
+        wg_log(.error, message: "Connection is \(session != nil ? "not null" : "null")")
+        packetFlow.readPackets { [weak self] packets, protocols in
+            wg_log(.error, message: "\(packets.count) outcoming packets proccessed of \(protocols.first?.stringValue ?? "unknown") type")
+            guard let `self` = self else { return }
+            self.session?.writeMultipleDatagrams(packets, completionHandler: { _ in
+                self.processQueue.async {
+                    self.readFromFlow()
+                }
+            })
+//            let _ = packets.map {
+//                wg_log(.error, message: "Packet: \($0.data) of \($0.protocolFamily)")
+//                self.connection?.write($0.data, completionHandler: { _ in })
+//                self.processQueue.async {
+//                    self.readFromFlow()
+//                }
+//            }
+        }
+    }
+    
+    private func setupWriteToFlow() {
+        wg_log(.error, message: "Start writing packets from connection")
+        wg_log(.error, message: "Connection is \(session != nil ? "not null" : "null")")
+        session?.setReadHandler({ ssdata, error in
+            wg_log(.error, message: "Packets are \(ssdata != nil ? "not null" : "null"), error: \(error?.localizedDescription ?? "none")")
+            guard error == nil, let packets = ssdata else { return }
+            wg_log(.error, message: "\(packets.count) incoming packets proccessed")
+            self.packetFlow.writePackets(packets, withProtocols: [NSNumber(value: AF_INET)])
+        }, maxDatagrams: Int.max)
+        
+//        connection?.readLength(1450, completionHandler: { [weak self] ssdata, readError in
+//            wg_log(.error, message: "Packets are \(ssdata != nil ? "not null" : "null")")
+//            guard let `self` = self, let packets = ssdata else { return }
+//            wg_log(.error, message: "Packet: \(packets) or error: \(readError?.localizedDescription ?? "")")
+//            self.packetFlow.writePackets([packets], withProtocols: [NSNumber(value: AF_INET)])
+//            self.processQueue.async {
+//                self.writeToFlow()
+//            }
+//        })
+    }
+    
+    private func stopSSProvider(completionHandler: @escaping () -> Void) {
+        self.ssProvider?.stop { _ in
+            if let provider = self.ssProvider, let threadId = provider.ssLocalThreadId {
+                pthread_kill(threadId, SIGUSR1)
+            }
+            self.ssProvider = nil
+            completionHandler()
+        }
+    }
+*/
+    private func setupAndlaunchOpenVPN(withConfig ovpnConfiguration: Data, withShadowSocks viaSS: Bool = false, completionHandler: @escaping (Error?) -> Void) {
+        wg_log(.info, message: "Inside setupAndlaunchOpenVPN()")
+        let str = String(decoding: ovpnConfiguration, as: UTF8.self)
+        wg_log(.info, message: "OPENVPN config: \(str)")
+        
+        let configuration = OpenVPNConfiguration()
+        configuration.fileContent = ovpnConfiguration
+        if viaSS {
+//            configuration.settings = [
+//                "remote": "137.74.6.148 1194",
+//                "proto": "tcp",
+//                "link-mtu": "1480",
+//                "tun-mtu": "1460",
+//            ]
+        }
+        let evaluation: OpenVPNConfigurationEvaluation
+        do {
+            evaluation = try ovpnAdapter.apply(configuration: configuration)
+        } catch {
+            completionHandler(error)
+            return
+        }
+        
+        if !evaluation.autologin {
+            wg_log(.info, message: "Implement login with user credentials")
+        }
+        
+        vpnReachability.startTracking { [weak self] status in
+            guard status == .reachableViaWiFi else { return }
+            self?.ovpnAdapter.reconnect(afterTimeInterval: 5)
+        }
+        
+        startHandler = completionHandler
+        ovpnAdapter.connect(using: packetFlow)
+        
+        let ifaces = Interface.allInterfaces()
+            .filter { $0.family == .ipv4 }
+            .map { iface in iface.name }
+        
+        wg_log(.error, message: "Available TUN Interfaces: \(ifaces)")
+    }
+    
+    // MARK: -- Network observing methods
+    
+    private func getSockPort(for fd: Int32) -> Int32 {
+        var addr_in = sockaddr_in();
+        addr_in.sin_len = UInt8(MemoryLayout.size(ofValue: addr_in));
+        addr_in.sin_family = sa_family_t(AF_INET);
+        
+        var len = socklen_t(addr_in.sin_len);
+        let result = withUnsafeMutablePointer(to: &addr_in, {
+            $0.withMemoryRebound(to: sockaddr.self, capacity: 1) {
+                return Darwin.getsockname(fd, $0, &len);
+            }
+        });
+        
+        if result == 0 {
+            return Int32(addr_in.sin_port);
+        } else {
+            wg_log(.error, message: "getSockPort(\(fd)) error: \(String(describing: strerror(errno)))")
+            return 0
+        }
+    }
+    
+    private func startListeningForNetworkChanges() {
+        stopListeningForNetworkChanges()
+        addObserver(self, forKeyPath: Constants.kDefaultPathKey, options: .old, context: nil)
+    }
+
+    private func stopListeningForNetworkChanges() {
+        removeObserver(self, forKeyPath: Constants.kDefaultPathKey)
+    }
+
+    override func observeValue(forKeyPath keyPath: String?,
+                                     of object: Any?,
+                                     change: [NSKeyValueChangeKey : Any]?,
+                                     context: UnsafeMutableRawPointer?) {
+        guard Constants.kDefaultPathKey != keyPath else { return }
+        // Since iOS 11, we have observed that this KVO event fires repeatedly when connecting over Wifi,
+        // even though the underlying network has not changed (i.e. `isEqualToPath` returns false),
+        // leading to "wakeup crashes" due to excessive network activity. Guard against false positives by
+        // comparing the paths' string description, which includes properties not exposed by the class
+        guard let lastPath: NWPath = change?[.oldKey] as? NWPath,
+              let defPath = defaultPath,
+              lastPath != defPath || lastPath.description != defPath.description else {
+                  return
+              }
+        DispatchQueue.main.async { [weak self] in
+            guard let `self` = self, self.defaultPath != nil else { return }
+            self.handle(networkChange: self.defaultPath!) { _ in }
+        }
+    }
+
+    private func handle(networkChange changePath: NWPath, completion: @escaping (Error?) -> Void) {
+        wg_log(.info, message: "Tunnel restarted.")
+        startTunnel(options: nil, completionHandler: completion)
+    }
 }
 
 extension WireGuardLogLevel {
@@ -239,6 +798,8 @@ extension WireGuardLogLevel {
 
 extension NEPacketTunnelFlow: OpenVPNAdapterPacketFlow {}
 
+/* extension NEPacketTunnelFlow: ShadowSocksAdapterPacketFlow {} */
+
 extension PacketTunnelProvider: OpenVPNAdapterDelegate {
     
     // OpenVPNAdapter calls this delegate method to configure a VPN tunnel.
@@ -276,7 +837,6 @@ extension PacketTunnelProvider: OpenVPNAdapterDelegate {
             
             startHandler(nil)
             self.startHandler = nil
-            
         case .disconnected:
             guard let stopHandler = stopHandler else { return }
             
@@ -286,10 +846,8 @@ extension PacketTunnelProvider: OpenVPNAdapterDelegate {
             
             stopHandler()
             self.stopHandler = nil
-            
         case .reconnecting:
             reasserting = true
-            
         default:
             break
         }
@@ -316,7 +874,17 @@ extension PacketTunnelProvider: OpenVPNAdapterDelegate {
     // Use this method to process any log message returned by OpenVPN library.
     func openVPNAdapter(_ openVPNAdapter: OpenVPNAdapter, handleLogMessage logMessage: String) {
         // Handle log messages
+        wg_log(.info, message: logMessage)
     }
 }
-
-
+/*
+extension PacketTunnelProvider: Tun2socksTunWriterProtocol {
+    func write(_ p0: Data?, n: UnsafeMutablePointer<Int>?) throws {
+        if let packets = p0 {
+            self.packetFlow.writePackets([packets], withProtocols: [NSNumber(value: AF_INET)])
+        }
+    }
+    
+    func close() throws {}
+}
+*/
diff --git a/client/platforms/ios/iosvpnprotocol.swift b/client/platforms/ios/iosvpnprotocol.swift
index cb50e3e8..2c028915 100644
--- a/client/platforms/ios/iosvpnprotocol.swift
+++ b/client/platforms/ios/iosvpnprotocol.swift
@@ -29,6 +29,8 @@ public class IOSVpnProtocolImpl : NSObject {
     private var privateKey : PrivateKey? = nil
     private var deviceIpv4Address: String? = nil
     private var deviceIpv6Address: String? = nil
+    private var openVPNConfig: String? = nil
+    private var shadowSocksConfig: String? = nil
 
     @objc enum ConnectionState: Int { case Error, Connected, Disconnected }
     
@@ -45,6 +47,8 @@ public class IOSVpnProtocolImpl : NSObject {
         precondition(!vpnBundleID.isEmpty)
         
         stateChangeCallback = callback
+        self.openVPNConfig = config
+        self.shadowSocksConfig = nil
         
         NotificationCenter.default.removeObserver(self)
         NotificationCenter.default.addObserver(self,
@@ -117,6 +121,8 @@ public class IOSVpnProtocolImpl : NSObject {
         self.privateKey = PrivateKey(rawValue: privateKey)
         self.deviceIpv4Address = deviceIpv4Address
         self.deviceIpv6Address = deviceIpv6Address
+        self.openVPNConfig = nil
+        self.shadowSocksConfig = nil
         
         NotificationCenter.default.removeObserver(self)
 
@@ -170,6 +176,63 @@ public class IOSVpnProtocolImpl : NSObject {
             }
         }
     }
+    
+    @objc init(bundleID: String,
+               tunnelConfig: String,
+               ssConfig: String,
+               closure: @escaping (ConnectionState, Date?) -> Void,
+               callback: @escaping (Bool) -> Void) {
+        super.init()
+        
+        vpnBundleID = bundleID;
+        precondition(!vpnBundleID.isEmpty)
+        
+        stateChangeCallback = callback
+        self.openVPNConfig = tunnelConfig
+        self.shadowSocksConfig = ssConfig
+        
+        NotificationCenter.default.removeObserver(self)
+
+        NotificationCenter.default.addObserver(self, selector: #selector(self.vpnStatusDidChange(notification:)), name: Notification.Name.NEVPNStatusDidChange, object: nil)
+
+        NETunnelProviderManager.loadAllFromPreferences { [weak self] managers, error in
+            if let error = error {
+                Logger.global?.log(message: "Loading from preference failed: \(error)")
+                closure(ConnectionState.Error, nil)
+                return
+            }
+
+            if self == nil {
+                Logger.global?.log(message: "We are shutting down.")
+                return
+            }
+
+            let nsManagers = managers ?? []
+            Logger.global?.log(message: "We have received \(nsManagers.count) managers.")
+            print("We have received \(nsManagers.count) managers.")
+
+            let tunnel = nsManagers.first(where: IOSVpnProtocolImpl.isOurManager(_:))
+            
+            if tunnel == nil {
+                Logger.global?.log(message: "Creating the tunnel via shadowsocks")
+                print("Creating the tunnel via SS")
+                self!.tunnel = NETunnelProviderManager()
+                closure(ConnectionState.Disconnected, nil)
+                return
+            }
+            
+            Logger.global?.log(message: "Tunnel already exists")
+            print("SS Tunnel already exists")
+
+            self!.tunnel = tunnel
+            
+            if tunnel?.connection.status == .connected {
+                closure(ConnectionState.Connected, tunnel?.connection.connectedDate)
+            } else {
+                closure(ConnectionState.Disconnected, nil)
+            }
+        }
+    }
 
     @objc private func vpnStatusDidChange(notification: Notification) {
         guard let session = (notification.object as? NETunnelProviderSession), tunnel?.connection == session else { return }
@@ -230,9 +293,30 @@ public class IOSVpnProtocolImpl : NSObject {
         return true
     }
     
+    @objc func connect(ssConfig: String,
+                       ovpnConfig: String,
+                       failureCallback: @escaping () -> Void) {
+        Logger.global?.log(message: "Connecting")
+//        assert(tunnel != nil)
+        
+        self.openVPNConfig = ovpnConfig
+        self.shadowSocksConfig = ssConfig
+        
+        let addr: String = ovpnConfig
+            .splitToArray(separator: "\n", trimmingCharacters: nil)
+            .first {  $0.starts(with: "remote ") }
+            .splitToArray(separator: " ", trimmingCharacters: nil)[1]
+        print("server: \(addr)")
+        
+        // Let's remove the previous config if it exists.
+        (tunnel?.protocolConfiguration as? NETunnelProviderProtocol)?.destroyConfigurationReference()
+        
+        self.configureTunnel(withShadowSocks: self.shadowSocksConfig, serverAddress: addr, config: self.openVPNConfig, failureCallback: failureCallback)
+    }
+    
     @objc func connect(ovpnConfig: String, failureCallback: @escaping () -> Void) {
         Logger.global?.log(message: "Connecting")
-        assert(tunnel != nil)
+//        assert(tunnel != nil)
         
         let addr: String = ovpnConfig
             .splitToArray(separator: "\n", trimmingCharacters: nil)
@@ -248,7 +332,7 @@ public class IOSVpnProtocolImpl : NSObject {
 
     @objc func connect(dnsServer: String, serverIpv6Gateway: String, serverPublicKey: String, presharedKey: String, serverIpv4AddrIn: String, serverPort: Int,  allowedIPAddressRanges: Array<VPNIPAddressRange>, ipv6Enabled: Bool, reason: Int, failureCallback: @escaping () -> Void) {
         Logger.global?.log(message: "Connecting")
-        assert(tunnel != nil)
+//        assert(tunnel != nil)
 
         // Let's remove the previous config if it exists.
         (tunnel?.protocolConfiguration as? NETunnelProviderProtocol)?.destroyConfigurationReference()
@@ -299,6 +383,8 @@ public class IOSVpnProtocolImpl : NSObject {
             failureCallback()
             return
         }
+        
+        guard tunnel != nil else { failureCallback(); return }
         proto.providerBundleIdentifier = vpnBundleID
 
         tunnel!.protocolConfiguration = proto
@@ -351,6 +437,47 @@ public class IOSVpnProtocolImpl : NSObject {
         }
     }
     
+    func configureTunnel(withShadowSocks ssConfig: String?, serverAddress: String, config: String?, failureCallback: @escaping () -> Void) {
+        guard let ss = ssConfig, let ovpn = config else { failureCallback(); return }
+        let tunnelProtocol = NETunnelProviderProtocol()
+        tunnelProtocol.serverAddress = serverAddress
+        tunnelProtocol.providerBundleIdentifier = vpnBundleID
+        tunnelProtocol.providerConfiguration = ["ovpn": Data(ovpn.utf8), "ss": Data(ss.utf8)]
+        tunnel?.protocolConfiguration = tunnelProtocol
+        tunnel?.localizedDescription = "Amnezia ShadowSocks"
+        tunnel?.isEnabled = true
+
+        tunnel?.saveToPreferences { [unowned self] saveError in
+            if let error = saveError {
+                Logger.global?.log(message: "Connect ShadowSocks Tunnel Save Error: \(error)")
+                failureCallback()
+                return
+            }
+
+            Logger.global?.log(message: "Saving ShadowSocks tunnel succeeded")
+
+            self.tunnel?.loadFromPreferences { error in
+                if let error = error {
+                    Logger.global?.log(message: "Connect ShadowSocks Tunnel Load Error: \(error)")
+                    failureCallback()
+                    return
+                }
+
+                Logger.global?.log(message: "Loading the ShadowSocks tunnel succeeded")
+                print("Loading the ss tunnel succeeded")
+
+                do {
+                    print("starting ss tunnel")
+                    try self.tunnel?.connection.startVPNTunnel()
+                } catch let error {
+                    Logger.global?.log(message: "Something went wrong: \(error)")
+                    failureCallback()
+                    return
+                }
+            }
+        }
+    }
+    
     func configureOpenVPNTunnel(serverAddress: String, config: String, failureCallback: @escaping () -> Void) {
         let tunnelProtocol = NETunnelProviderProtocol()
         tunnelProtocol.serverAddress = serverAddress
@@ -393,13 +520,13 @@ public class IOSVpnProtocolImpl : NSObject {
 
     @objc func disconnect() {
         Logger.global?.log(message: "Disconnecting")
-        assert(tunnel != nil)
+        guard tunnel != nil else { return }
         (tunnel!.connection as? NETunnelProviderSession)?.stopTunnel()
     }
 
     @objc func checkStatus(callback: @escaping (String, String, String) -> Void) {
         Logger.global?.log(message: "Check status")
-        assert(tunnel != nil)
+//        assert(tunnel != nil)
         
         let protoType = (tunnel!.localizedDescription ?? "").toTunnelType
         
@@ -408,12 +535,60 @@ public class IOSVpnProtocolImpl : NSObject {
             checkWireguardStatus(callback: callback)
         case .openvpn:
             checkOVPNStatus(callback: callback)
+        case .shadowsocks:
+            checkShadowSocksStatus(callback: callback)
         case .empty:
             break
         }
         
     }
     
+    private func checkShadowSocksStatus(callback: @escaping (String, String, String) -> Void) {
+        Logger.global?.log(message: "Check ShadowSocks")
+        guard let proto = tunnel?.protocolConfiguration as? NETunnelProviderProtocol else {
+            callback("", "", "")
+            return
+        }
+        
+        guard let ssData = proto.providerConfiguration?["ss"] as? Data,
+              let ssConfig = try? JSONSerialization.jsonObject(with: ssData, options: []) as? [String: Any],
+              let serverIpv4Gateway = ssConfig["remote_host"] as? String else  {
+            callback("", "", "")
+            return
+        }
+        
+        print("server IP: \(serverIpv4Gateway)")
+        
+        let deviceIpv4Address = getTunIPAddress()
+        print("device IP: \(serverIpv4Gateway)")
+        if deviceIpv4Address == nil {
+            callback("", "", "")
+            return
+        }
+        
+        guard let session = tunnel?.connection as? NETunnelProviderSession else {
+            callback("", "", "")
+            return
+        }
+        
+        do {
+            try session.sendProviderMessage(Data([UInt8(0)])) { [callback] data in
+                guard let data = data,
+                      let configString = String(data: data, encoding: .utf8)
+                else {
+                    Logger.global?.log(message: "Failed to convert data to string")
+                    callback("", "", "")
+                    return
+                }
+
+                callback("\(serverIpv4Gateway)", "\(deviceIpv4Address!)", configString)
+            }
+        } catch {
+            Logger.global?.log(message: "Failed to retrieve data from session")
+            callback("", "", "")
+        }
+    }
+    
     private func checkOVPNStatus(callback: @escaping (String, String, String) -> Void) {
         Logger.global?.log(message: "Check OpenVPN")
         guard let proto = tunnel?.protocolConfiguration as? NETunnelProviderProtocol else {
@@ -463,7 +638,6 @@ public class IOSVpnProtocolImpl : NSObject {
             Logger.global?.log(message: "Failed to retrieve data from session")
             callback("", "", "")
         }
-        
     }
     
     private func checkWireguardStatus(callback: @escaping (String, String, String) -> Void) {
@@ -549,7 +723,7 @@ public class IOSVpnProtocolImpl : NSObject {
 }
 
 enum TunnelType: String {
-    case wireguard, openvpn, empty
+    case wireguard, openvpn, shadowsocks, empty
 }
 
 extension String {
@@ -557,6 +731,7 @@ extension String {
         switch self {
         case "wireguard": return .wireguard
         case "openvpn": return .openvpn
+        case "shadowsocks": return .shadowsocks
         default:
             return .empty
         }
diff --git a/client/platforms/ios/ssadapterpacketflow.h b/client/platforms/ios/ssadapterpacketflow.h
new file mode 100644
index 00000000..3d0f0423
--- /dev/null
+++ b/client/platforms/ios/ssadapterpacketflow.h
@@ -0,0 +1,12 @@
+#import <Foundation/Foundation.h>
+
+NS_ASSUME_NONNULL_BEGIN
+
+@protocol ShadowSocksAdapterPacketFlow <NSObject>
+
+- (void)readPacketsWithCompletionHandler:(void (^)(NSArray<NSData *> *packets, NSArray<NSNumber *> *protocols))completionHandler;
+- (BOOL)writePackets:(NSArray<NSData *> *)packets withProtocols:(NSArray<NSNumber *> *)protocols;
+
+@end
+
+NS_ASSUME_NONNULL_END
diff --git a/client/platforms/ios/ssconnectivity.h b/client/platforms/ios/ssconnectivity.h
new file mode 100644
index 00000000..bdc4234a
--- /dev/null
+++ b/client/platforms/ios/ssconnectivity.h
@@ -0,0 +1,36 @@
+#ifndef ShadowsocksConnectivity_h
+#define ShadowsocksConnectivity_h
+
+#import <Foundation/Foundation.h>
+/**
+ * Non-thread-safe class to perform Shadowsocks connectivity checks.
+ */
+@interface ShadowsocksConnectivity : NSObject
+
+/**
+ * Initializes the object with a local Shadowsocks port, |shadowsocksPort|.
+ */
+- (id)initWithPort:(uint16_t)shadowsocksPort;
+
+/**
+ * Verifies that the server has enabled UDP forwarding. Performs an end-to-end test by sending
+ * a DNS request through the proxy. This method is a superset of |checkServerCredentials|, as its
+ * success implies that the server credentials are valid.
+ */
+- (void)isUdpForwardingEnabled:(void (^)(BOOL))completion;
+
+/**
+ * Verifies that the server credentials are valid. Performs an end-to-end authentication test
+ * by issuing an HTTP HEAD request to a target domain through the proxy.
+ */
+- (void)checkServerCredentials:(void (^)(BOOL))completion;
+
+/**
+ * Checks that the server is reachable on |host| and |port|.
+ */
+- (void)isReachable:(NSString *)host port:(uint16_t)port completion:(void (^)(BOOL))completion;
+
+@end
+
+#endif /* ShadowsocksConnectivity_h */
+
diff --git a/client/platforms/ios/ssconnectivity.m b/client/platforms/ios/ssconnectivity.m
new file mode 100644
index 00000000..69613320
--- /dev/null
+++ b/client/platforms/ios/ssconnectivity.m
@@ -0,0 +1,334 @@
+#import "./ssconnectivity.h"
+#include <arpa/inet.h>
+//#import <ShadowSocks/shadowsocks.h>
+
+@import CocoaAsyncSocket;
+//@import CocoaLumberjack;
+
+static char *const kShadowsocksLocalAddress = "127.0.0.1";
+
+static char *const kDnsResolverAddress = "208.67.222.222";  // OpenDNS
+static const uint16_t kDnsResolverPort = 53;
+static const size_t kDnsRequestNumBytes = 28;
+
+static const size_t kSocksHeaderNumBytes = 10;
+static const uint8_t kSocksMethodsResponseNumBytes = 2;
+static const size_t kSocksConnectResponseNumBytes = 10;
+static const uint8_t kSocksVersion = 0x5;
+static const uint8_t kSocksMethodNoAuth = 0x0;
+static const uint8_t kSocksCmdConnect = 0x1;
+static const uint8_t kSocksAtypIpv4 = 0x1;
+static const uint8_t kSocksAtypDomainname = 0x3;
+
+static const NSTimeInterval kTcpSocketTimeoutSecs = 10.0;
+static const NSTimeInterval kUdpSocketTimeoutSecs = 1.0;
+static const long kSocketTagHttpRequest = 100;
+static const int kUdpForwardingMaxChecks = 5;
+static const uint16_t kHttpPort = 80;
+
+@interface ShadowsocksConnectivity ()<GCDAsyncSocketDelegate, GCDAsyncUdpSocketDelegate>
+
+@property(nonatomic) uint16_t shadowsocksPort;
+
+@property(nonatomic, copy) void (^udpForwardingCompletion)(BOOL);
+@property(nonatomic, copy) void (^reachabilityCompletion)(BOOL);
+@property(nonatomic, copy) void (^credentialsCompletion)(BOOL);
+
+@property(nonatomic) dispatch_queue_t dispatchQueue;
+@property(nonatomic) GCDAsyncUdpSocket *udpSocket;
+@property(nonatomic) GCDAsyncSocket *credentialsSocket;
+@property(nonatomic) GCDAsyncSocket *reachabilitySocket;
+
+@property(nonatomic) bool isRemoteUdpForwardingEnabled;
+@property(nonatomic) bool areServerCredentialsValid;
+@property(nonatomic) bool isServerReachable;
+@property(nonatomic) int udpForwardingNumChecks;
+@end
+
+@implementation ShadowsocksConnectivity
+
+- (id)initWithPort:(uint16_t)shadowsocksPort {
+  self = [super init];
+  if (self) {
+    _shadowsocksPort = shadowsocksPort;
+    _dispatchQueue = dispatch_queue_create("ShadowsocksConnectivity", DISPATCH_QUEUE_SERIAL);
+  }
+  return self;
+}
+
+#pragma mark - UDP Forwarding
+
+struct socks_udp_header {
+  uint16_t rsv;
+  uint8_t frag;
+  uint8_t atyp;
+  uint32_t addr;
+  uint16_t port;
+};
+
+- (void)isUdpForwardingEnabled:(void (^)(BOOL))completion {
+//  DDLogInfo(@"Starting remote UDP forwarding check.");
+  self.isRemoteUdpForwardingEnabled = false;
+  self.udpForwardingNumChecks = 0;
+  self.udpForwardingCompletion = completion;
+  self.udpSocket =
+      [[GCDAsyncUdpSocket alloc] initWithDelegate:self delegateQueue:self.dispatchQueue];
+  struct in_addr dnsResolverAddress;
+  if (!inet_aton(kDnsResolverAddress, &dnsResolverAddress)) {
+//    DDLogError(@"Failed to convert DNS resolver IP.");
+    [self udpForwardingCheckDone:false];
+    return;
+  }
+  struct socks_udp_header socksHeader = {
+      .atyp = kSocksAtypIpv4,
+      .addr = dnsResolverAddress.s_addr,  // Already in network order
+      .port = htons(kDnsResolverPort)};
+  uint8_t *dnsRequest = [self getDnsRequest];
+  size_t packetNumBytes = kSocksHeaderNumBytes + kDnsRequestNumBytes;
+  uint8_t socksPacket[packetNumBytes];
+  memset(socksPacket, 0, packetNumBytes);
+  memcpy(socksPacket, &socksHeader, kSocksHeaderNumBytes);
+  memcpy(socksPacket + kSocksHeaderNumBytes, dnsRequest, kDnsRequestNumBytes);
+
+  NSData *packetData = [[NSData alloc] initWithBytes:socksPacket length:packetNumBytes];
+
+  dispatch_source_t timer =
+      dispatch_source_create(DISPATCH_SOURCE_TYPE_TIMER, 0, 0, self.dispatchQueue);
+  if (!timer) {
+//    DDLogError(@"Failed to create timer");
+    [self udpForwardingCheckDone:false];
+    return;
+  }
+  dispatch_source_set_timer(timer, dispatch_time(DISPATCH_TIME_NOW, 0),
+                            kUdpSocketTimeoutSecs * NSEC_PER_SEC, 0);
+  __weak ShadowsocksConnectivity *weakSelf = self;
+  dispatch_source_set_event_handler(timer, ^{
+    if (++weakSelf.udpForwardingNumChecks > kUdpForwardingMaxChecks ||
+        weakSelf.isRemoteUdpForwardingEnabled) {
+      dispatch_source_cancel(timer);
+      if (!weakSelf.isRemoteUdpForwardingEnabled) {
+        [weakSelf udpForwardingCheckDone:false];
+      }
+      [weakSelf.udpSocket close];
+      return;
+    }
+//    DDLogDebug(@"Checking remote server's UDP forwarding (%d of %d).",
+//               weakSelf.udpForwardingNumChecks, kUdpForwardingMaxChecks);
+    [weakSelf.udpSocket sendData:packetData
+                          toHost:[[NSString alloc] initWithUTF8String:kShadowsocksLocalAddress]
+                            port:self.shadowsocksPort
+                     withTimeout:kUdpSocketTimeoutSecs
+                             tag:0];
+    if (![weakSelf.udpSocket receiveOnce:nil]) {
+//      DDLogError(@"UDP socket failed to receive data");
+    }
+  });
+  dispatch_resume(timer);
+}
+
+// Returns a byte representation of a DNS request for "google.com".
+- (uint8_t *)getDnsRequest {
+  static uint8_t kDnsRequest[] = {
+      0, 0,  // [0-1]   query ID
+      1, 0,  // [2-3]   flags; byte[2] = 1 for recursion desired (RD).
+      0, 1,  // [4-5]   QDCOUNT (number of queries)
+      0, 0,  // [6-7]   ANCOUNT (number of answers)
+      0, 0,  // [8-9]   NSCOUNT (number of name server records)
+      0, 0,  // [10-11] ARCOUNT (number of additional records)
+      6, 'g', 'o', 'o', 'g', 'l', 'e', 3, 'c', 'o', 'm',
+      0,     // null terminator of FQDN (root TLD)
+      0, 1,  // QTYPE, set to A
+      0, 1   // QCLASS, set to 1 = IN (Internet)
+  };
+  return kDnsRequest;
+}
+
+#pragma mark - GCDAsyncUdpSocketDelegate
+
+- (void)udpSocket:(GCDAsyncUdpSocket *)sock
+    didNotSendDataWithTag:(long)tag
+               dueToError:(NSError *)error {
+//  DDLogError(@"Failed to send data on UDP socket");
+}
+
+- (void)udpSocket:(GCDAsyncUdpSocket *)sock
+       didReceiveData:(NSData *)data
+          fromAddress:(NSData *)address
+    withFilterContext:(id)filterContext {
+  if (!self.isRemoteUdpForwardingEnabled) {
+    // Only report success if it hasn't been done so already.
+    [self udpForwardingCheckDone:true];
+  }
+}
+
+- (void)udpForwardingCheckDone:(BOOL)enabled {
+//  DDLogInfo(@"Remote UDP forwarding %@", enabled ? @"enabled" : @"disabled");
+  self.isRemoteUdpForwardingEnabled = enabled;
+  if (self.udpForwardingCompletion != NULL) {
+    self.udpForwardingCompletion(self.isRemoteUdpForwardingEnabled);
+    self.udpForwardingCompletion = NULL;
+  }
+}
+
+#pragma mark - Credentials
+
+struct socks_methods_request {
+  uint8_t ver;
+  uint8_t nmethods;
+  uint8_t method;
+};
+
+struct socks_request_header {
+  uint8_t ver;
+  uint8_t cmd;
+  uint8_t rsv;
+  uint8_t atyp;
+};
+
+- (void)checkServerCredentials:(void (^)(BOOL))completion {
+//  DDLogInfo(@"Starting server creds. validation");
+  self.areServerCredentialsValid = false;
+  self.credentialsCompletion = completion;
+  self.credentialsSocket =
+      [[GCDAsyncSocket alloc] initWithDelegate:self delegateQueue:self.dispatchQueue];
+  NSError *error;
+  [self.credentialsSocket
+      connectToHost:[[NSString alloc] initWithUTF8String:kShadowsocksLocalAddress]
+             onPort:self.shadowsocksPort
+        withTimeout:kTcpSocketTimeoutSecs
+              error:&error];
+  if (error) {
+//    DDLogError(@"Unable to connect to local Shadowsocks server.");
+    [self serverCredentialsCheckDone];
+    return;
+  }
+
+  struct socks_methods_request methodsRequest = {
+      .ver = kSocksVersion, .nmethods = 0x1, .method = kSocksMethodNoAuth};
+  NSData *methodsRequestData =
+      [[NSData alloc] initWithBytes:&methodsRequest length:sizeof(struct socks_methods_request)];
+  [self.credentialsSocket writeData:methodsRequestData withTimeout:kTcpSocketTimeoutSecs tag:0];
+  [self.credentialsSocket readDataToLength:kSocksMethodsResponseNumBytes
+                               withTimeout:kTcpSocketTimeoutSecs
+                                       tag:0];
+
+  size_t socksRequestHeaderNumBytes = sizeof(struct socks_request_header);
+  NSString *domain = [self chooseRandomDomain];
+  uint8_t domainNameNumBytes = domain.length;
+  size_t socksRequestNumBytes = socksRequestHeaderNumBytes + domainNameNumBytes +
+                                sizeof(uint16_t) /* port */ +
+                                sizeof(uint8_t) /* domain name length */;
+
+  struct socks_request_header socksRequestHeader = {
+      .ver = kSocksVersion, .cmd = kSocksCmdConnect, .atyp = kSocksAtypDomainname};
+  uint8_t socksRequest[socksRequestNumBytes];
+  memset(socksRequest, 0x0, socksRequestNumBytes);
+  memcpy(socksRequest, &socksRequestHeader, socksRequestHeaderNumBytes);
+  socksRequest[socksRequestHeaderNumBytes] = domainNameNumBytes;
+  memcpy(socksRequest + socksRequestHeaderNumBytes + sizeof(uint8_t), [domain UTF8String],
+         domainNameNumBytes);
+  uint16_t httpPort = htons(kHttpPort);
+  memcpy(socksRequest + socksRequestHeaderNumBytes + sizeof(uint8_t) + domainNameNumBytes,
+         &httpPort, sizeof(uint16_t));
+
+  NSData *socksRequestData =
+      [[NSData alloc] initWithBytes:socksRequest length:socksRequestNumBytes];
+  [self.credentialsSocket writeData:socksRequestData withTimeout:kTcpSocketTimeoutSecs tag:0];
+  [self.credentialsSocket readDataToLength:kSocksConnectResponseNumBytes
+                               withTimeout:kTcpSocketTimeoutSecs
+                                       tag:0];
+
+  NSString *httpRequest =
+      [[NSString alloc] initWithFormat:@"HEAD / HTTP/1.1\r\nHost: %@\r\n\r\n", domain];
+  [self.credentialsSocket
+        writeData:[NSData dataWithBytes:[httpRequest UTF8String] length:httpRequest.length]
+      withTimeout:kTcpSocketTimeoutSecs
+              tag:kSocketTagHttpRequest];
+  [self.credentialsSocket readDataWithTimeout:kTcpSocketTimeoutSecs tag:kSocketTagHttpRequest];
+  [self.credentialsSocket disconnectAfterReading];
+}
+
+// Returns a statically defined array containing domain names for validating server credentials.
++ (const NSArray *)getCredentialsValidationDomains {
+  static const NSArray *kCredentialsValidationDomains;
+  static dispatch_once_t kDispatchOnceToken;
+  dispatch_once(&kDispatchOnceToken, ^{
+    // We have chosen these domains due to their neutrality.
+    kCredentialsValidationDomains =
+        @[ @"eff.org", @"ietf.org", @"w3.org", @"wikipedia.org", @"example.com" ];
+  });
+  return kCredentialsValidationDomains;
+}
+
+// Returns a random domain from |kCredentialsValidationDomains|.
+- (NSString *)chooseRandomDomain {
+  const NSArray *domains = [ShadowsocksConnectivity getCredentialsValidationDomains];
+  int index = arc4random_uniform((uint32_t)domains.count);
+  return domains[index];
+}
+
+// Calls |credentialsCompletion| once with |areServerCredentialsValid|.
+- (void)serverCredentialsCheckDone {
+//  DDLogInfo(@"Server creds. %@.", self.areServerCredentialsValid ? @"succeeded" : @"failed");
+  if (self.credentialsCompletion != NULL) {
+    self.credentialsCompletion(self.areServerCredentialsValid);
+    self.credentialsCompletion = NULL;
+  }
+}
+
+#pragma mark - Reachability
+
+- (void)isReachable:(NSString *)host port:(uint16_t)port completion:(void (^)(BOOL))completion {
+//  DDLogInfo(@"Starting server reachability check.");
+  self.isServerReachable = false;
+  self.reachabilityCompletion = completion;
+  self.reachabilitySocket =
+      [[GCDAsyncSocket alloc] initWithDelegate:self delegateQueue:self.dispatchQueue];
+  NSError *error;
+  [self.reachabilitySocket connectToHost:host
+                                  onPort:port
+                             withTimeout:kTcpSocketTimeoutSecs
+                                   error:&error];
+  if (error) {
+//    DDLogError(@"Unable to connect to Shadowsocks server.");
+    return;
+  }
+}
+
+// Calls |reachabilityCompletion| once with |isServerReachable|.
+- (void)reachabilityCheckDone {
+//  DDLogInfo(@"Server %@.", self.isServerReachable ? @"reachable" : @"unreachable");
+  if (self.reachabilityCompletion != NULL) {
+    self.reachabilityCompletion(self.isServerReachable);
+    self.reachabilityCompletion = NULL;
+  }
+}
+
+#pragma mark - GCDAsyncSocketDelegate
+
+- (void)socket:(GCDAsyncSocket *)sock didReadData:(NSData *)data withTag:(long)tag {
+  // We don't need to inspect any of the data, as the SOCKS responses are hardcoded in ss-local and
+  // the fact that we have read the HTTP response indicates that the server credentials are valid.
+  if (tag == kSocketTagHttpRequest && data != nil) {
+    NSString *httpResponse = [[NSString alloc] initWithData:data encoding:NSUTF8StringEncoding];
+    self.areServerCredentialsValid = httpResponse != nil && [httpResponse hasPrefix:@"HTTP/1.1"];
+  }
+}
+
+- (void)socket:(GCDAsyncSocket *)sock didConnectToHost:(NSString *)host port:(uint16_t)port {
+  if ([self.reachabilitySocket isEqual:sock]) {
+    self.isServerReachable = true;
+    [self.reachabilitySocket disconnect];
+  }
+}
+
+- (void)socketDidDisconnect:(GCDAsyncSocket *)sock withError:(NSError *)error {
+  if ([self.reachabilitySocket isEqual:sock]) {
+    [self reachabilityCheckDone];
+  } else {
+    [self serverCredentialsCheckDone];
+  }
+}
+
+@end
+
diff --git a/client/platforms/ios/sspacket.h b/client/platforms/ios/sspacket.h
new file mode 100644
index 00000000..cdd6e1fa
--- /dev/null
+++ b/client/platforms/ios/sspacket.h
@@ -0,0 +1,16 @@
+#ifndef sspacket_h
+#define sspacket_h
+
+#import <Foundation/Foundation.h>
+
+@interface SSPacket : NSObject
+@property (readonly, nonatomic) NSData *vpnData;
+@property (readonly, nonatomic) NSData *ssPacketFlowData;
+@property (readonly,nonatomic) NSNumber *protocolFamily;
+
+- (instancetype)init NS_UNAVAILABLE;
+- (instancetype)initWithSSData:(NSData *)data NS_DESIGNATED_INITIALIZER;
+- (instancetype)initWithPacketFlowData:(NSData *)data protocolFamily:(NSNumber *)protocolFamily NS_DESIGNATED_INITIALIZER;
+@end
+
+#endif /* sspacket_h */
diff --git a/client/platforms/ios/sspacket.m b/client/platforms/ios/sspacket.m
new file mode 100644
index 00000000..1326a686
--- /dev/null
+++ b/client/platforms/ios/sspacket.m
@@ -0,0 +1,57 @@
+#import <sspacket.h>
+
+#include <arpa/inet.h>
+
+@interface SSPacket () {
+    NSData *_data;
+    NSNumber *_protocolFamily;
+}
+@end
+
+@implementation SSPacket
+
+- (instancetype)initWithSSData:(NSData *)data {
+    if (self = [super init]) {
+//        NSUInteger prefix_size = sizeof(uint32_t);
+//        uint32_t protocol = PF_UNSPEC;
+//        [data getBytes:&protocol length:prefix_size];
+//        protocol = CFSwapInt32HostToBig(protocol);
+//
+//        NSRange range = NSMakeRange(prefix_size, data.length - prefix_size);
+//        NSData *packetData = [data subdataWithRange:range];
+        
+//        _data = packetData;
+//        _protocolFamily = @(protocol);
+        _data = data;
+        _protocolFamily = @(PF_INET);
+    }
+    return self;
+}
+
+- (instancetype)initWithPacketFlowData:(NSData *)data protocolFamily:(NSNumber *)protocolFamily {
+    if (self = [super init]) {
+        _data = data;
+        _protocolFamily = protocolFamily;
+    }
+    return self;
+}
+
+- (NSData *)vpnData {
+//    uint32_t prefix = CFSwapInt32HostToBig(_protocolFamily.unsignedIntegerValue);
+//    NSUInteger prefix_size = sizeof(uint32_t);
+//    NSMutableData *data = [NSMutableData dataWithCapacity:prefix_size + _data.length];
+//
+//    [data appendBytes:&prefix length:prefix_size];
+//    [data appendData:_data];
+    return _data;
+}
+
+- (NSData *)ssPacketFlowData {
+    return _data;
+}
+
+- (NSNumber *)protocolFamily {
+    return _protocolFamily;
+}
+
+@end
diff --git a/client/platforms/ios/ssprovider.swift b/client/platforms/ios/ssprovider.swift
new file mode 100644
index 00000000..5d503a0a
--- /dev/null
+++ b/client/platforms/ios/ssprovider.swift
@@ -0,0 +1,293 @@
+import Foundation
+import ShadowSocks
+
+import NetworkExtension
+import Darwin
+
+enum ErrorCode: Int {
+    case noError = 0
+    case undefinedError
+    case vpnPermissionNotGranted
+    case invalidServerCredentials
+    case udpRelayNotEnabled
+    case serverUnreachable
+    case vpnStartFailure
+    case illegalServerConfiguration
+    case shadowsocksStartFailure
+    case configureSystemProxyFailure
+    case noAdminPermissions
+    case unsupportedRoutingTable
+    case systemMisconfigured
+}
+
+protocol ShadowSocksTunnel {
+    var ssLocalThreadId: pthread_t? { get }
+    func start(usingPacketFlow packetFlow: ShadowSocksAdapterPacketFlow,
+               withConnectivityCheck connectivityCheck: Bool,
+               completion: @escaping (ErrorCode?) -> Void)
+    func stop(completion: @escaping (ErrorCode?) -> Void)
+    func isUp() -> Bool
+}
+
+final class SSProvider: NSObject, ShadowSocksTunnel {
+    private var startCompletion: ((ErrorCode?) -> Void)? = nil
+    private var stopCompletion: ((ErrorCode?) -> Void)? = nil
+    
+    private var dispatchQueue: DispatchQueue
+    private var processQueue: DispatchQueue
+    private var dispatchGroup: DispatchGroup
+    
+    private var connectivityCheck: Bool = false
+    private var ssConnectivity: ShadowsocksConnectivity? = nil
+    
+    private var config: Data
+    
+    private var ssPacketFlowBridge: ShadowSocksAdapterFlowBridge? = nil
+    
+    var ssLocalThreadId: pthread_t? = nil
+    
+    init(config: Data, localPort: Int = 8585) {
+        self.config = config
+        self.dispatchQueue = DispatchQueue(label: "org.amnezia.shadowsocks")
+        self.processQueue = DispatchQueue(label: "org.amnezia.packet-processor")
+        self.dispatchGroup = DispatchGroup()
+        self.ssPacketFlowBridge = .init()
+        self.ssConnectivity = ShadowsocksConnectivity.init(port: NSNumber(value: localPort).uint16Value)
+        super.init()
+    }
+    
+    func isUp() -> Bool {
+        return ssLocalThreadId != nil
+    }
+    
+    func start(usingPacketFlow packetFlow: ShadowSocksAdapterPacketFlow, withConnectivityCheck connectivityCheck: Bool = false, completion: @escaping (ErrorCode?) -> Void) {
+        guard ssLocalThreadId == nil else {
+            wg_log(.error, message: "SS detached thread has already been started with id \(ssLocalThreadId!)")
+            completion(.shadowsocksStartFailure)
+            return
+        }
+        
+        wg_log(.info, message: "Starting SSProvider...")
+        self.connectivityCheck = connectivityCheck
+        wg_log(.info, message: "ssPacketFlowBridge is \(ssPacketFlowBridge != nil ? "not null" : "null")")
+        self.ssPacketFlowBridge?.ssPacketFlow = packetFlow
+        wg_log(.info, message: "ssPacketFlow is \(ssPacketFlowBridge?.ssPacketFlow != nil ? "not null" : "null")")
+        self.startCompletion = completion
+        dispatchQueue.async {
+            wg_log(.info, message: "Starting ss thread...")
+            self.startShadowSocksThread()
+        }
+    }
+    
+    func stop(completion: @escaping (ErrorCode?) -> Void) {
+        guard ssLocalThreadId != nil else { return }
+        self.stopCompletion = completion
+        dispatchQueue.async {
+            pthread_kill(self.ssLocalThreadId!, SIGUSR1)
+            self.ssPacketFlowBridge?.invalidateSocketsIfNeeded()
+            self.ssPacketFlowBridge = nil
+            self.ssLocalThreadId = nil
+        }
+    }
+    
+    private func onShadowsocksCallback(socks_fd: Int32, udp_fd: Int32, obs: UnsafeMutableRawPointer) {
+        NSLog("Inside onShadowsocksCallback() with port \(socks_fd)")
+        wg_log(.debug, message: "Inside onShadowsocksCallback() with port \(socks_fd)")
+        var error: NSError? = nil
+        if (socks_fd <= 0 && udp_fd <= 0) {
+            error = NSError(domain: Bundle.main.bundleIdentifier ?? "unknown", code: 100, userInfo: [NSLocalizedDescriptionKey : "Failed to start shadowsocks proxy"])
+            NSLog("onShadowsocksCallback with error \(error!.localizedDescription)")
+            wg_log(.debug, message: "onShadowsocksCallback failed with error \(error!.localizedDescription)")
+//            return
+        }
+        let ss = Unmanaged<SSProvider>.fromOpaque(obs).takeUnretainedValue()
+        ss.establishTunnel()
+        ss.checkServerConnectivity()
+    }
+    
+    private func startShadowSocksThread() {
+        var attr: pthread_attr_t = .init()
+        var err = pthread_attr_init(&attr)
+        wg_log(.debug, message: "pthread_attr_init returned \(err)")
+        if (err != 0) {
+            NSLog("pthread_attr_init failed with error \(err)")
+            wg_log(.debug, message: "pthread_attr_init failed with error \(err)")
+            startCompletion?(.shadowsocksStartFailure)
+            return
+        }
+        err = pthread_attr_setdetachstate(&attr, PTHREAD_CREATE_DETACHED)
+        wg_log(.debug, message: "pthread_attr_setdetachstate returned \(err)")
+        if (err != 0) {
+            wg_log(.debug, message: "pthread_attr_setdetachstate failed with error \(err)")
+            startCompletion?(.shadowsocksStartFailure)
+            return
+        }
+        let observer = UnsafeMutableRawPointer(Unmanaged.passUnretained(self).toOpaque())
+        err = pthread_create(&ssLocalThreadId, &attr, { obs in
+            let ss = Unmanaged<SSProvider>.fromOpaque(obs).takeUnretainedValue()
+            ss.startShadowSocks()
+            return nil
+        }, observer)
+        wg_log(.debug, message: "pthread_create returned \(err)")
+        if (err != 0) {
+            NSLog("pthread_create failed with error \(err)")
+            wg_log(.debug, message: "pthread_create failed with error \(err)")
+            startCompletion?(.shadowsocksStartFailure)
+            return
+        }
+        err = pthread_attr_destroy(&attr)
+        wg_log(.debug, message: "pthread_attr_destroy returned \(err)")
+        if (err != 0) {
+            NSLog("pthread_create failed with error \(err)")
+            wg_log(.debug, message: "pthread_attr_destroy failed with error \(err)")
+            startCompletion?(.shadowsocksStartFailure)
+            return
+        }
+    }
+    
+    private func startShadowSocks() {
+        wg_log(.debug, message: "startShadowSocks with config \(config)")
+        let str = String(decoding: config, as: UTF8.self)
+        wg_log(.info, message: "startShadowSocks -> config: \(str)")
+        guard let ssConfig = try? JSONSerialization.jsonObject(with: config, options: []) as? [String: Any] else {
+            startCompletion?(.configureSystemProxyFailure)
+            return
+        }
+
+        wg_log(.info, message: "SS Config: \(ssConfig)")
+
+        guard let remoteHost = ssConfig["server"] as? String, // UnsafeMutablePointer<CChar>,
+              let remotePort = ssConfig["server_port"] as? Int32,
+              let localAddress = ssConfig["local_addr"] as? String, //UnsafeMutablePointer<CChar>,
+              let localPort = ssConfig["local_port"] as? Int32,
+              let method = ssConfig["method"] as? String, //UnsafeMutablePointer<CChar>,
+              let password = ssConfig["password"] as? String,//UnsafeMutablePointer<CChar>,
+              let timeout = ssConfig["timeout"] as? Int32
+        else {
+            startCompletion?(.configureSystemProxyFailure)
+            return
+        }
+
+        /* An example profile
+         *
+         * const profile_t EXAMPLE_PROFILE = {
+         *  .remote_host = "example.com",
+         *  .local_addr = "127.0.0.1",
+         *  .method = "bf-cfb",
+         *  .password = "barfoo!",
+         *  .remote_port = 8338,
+         *  .local_port = 1080,
+         *  .timeout = 600;
+         *  .acl = NULL,
+         *  .log = NULL,
+         *  .fast_open = 0,
+         *  .mode = 0,
+         *  .verbose = 0
+         * };
+         */
+
+        var profile: profile_t = .init()
+        memset(&profile, 0, MemoryLayout<profile_t>.size)
+        profile.remote_host = strdup(remoteHost)
+        profile.remote_port = remotePort
+        profile.local_addr = strdup(localAddress)
+        profile.local_port = localPort
+        profile.method = strdup(method)
+        profile.password = strdup(password)
+        profile.timeout = timeout
+        profile.acl = nil
+        profile.log = nil
+//        profile.mtu = 1600
+        profile.fast_open = 1
+        profile.mode = 0
+        profile.verbose = 1
+        
+        NSLog("Prepare to start shadowsocks proxy server...")
+        wg_log(.debug, message: "Prepare to start shadowsocks proxy server...")
+        let observer = UnsafeMutableRawPointer(Unmanaged.passUnretained(self).toOpaque())
+        let success = start_ss_local_server_with_callback(profile, { socks_fd,  udp_fd, data in
+            wg_log(.debug, message: "Inside cb callback")
+            wg_log(.debug, message: "Params: socks_fd -> \(socks_fd), udp_fd -> \(udp_fd)")
+            NSLog("Inside cb callback: Params: socks_fd -> \(socks_fd), udp_fd -> \(udp_fd)")
+            if let obs = data {
+                NSLog("Prepare to call onShadowsocksCallback() with socks port \(socks_fd) and udp port \(udp_fd)")
+                wg_log(.debug, message: "Prepare to call onShadowsocksCallback() with socks port \(socks_fd) and udp port \(udp_fd)")
+                let mySelf = Unmanaged<SSProvider>.fromOpaque(obs).takeUnretainedValue()
+                mySelf.onShadowsocksCallback(socks_fd: socks_fd, udp_fd: udp_fd, obs: obs)
+            }
+        }, observer)
+        if success < 0 {
+            NSLog("Failed to start ss proxy")
+            wg_log(.error, message: "Failed to start ss proxy")
+            startCompletion?(.shadowsocksStartFailure)
+            return
+        } else {
+            NSLog("ss proxy started on port \(localPort)")
+            wg_log(.error, message: "ss proxy started on port \(localPort)")
+            stopCompletion?(.noError)
+            stopCompletion = nil
+        }
+    }
+    
+    private func establishTunnel() {
+        wg_log(.error, message: "Establishing tunnel")
+        do {
+            try ssPacketFlowBridge?.configureSocket()
+            processQueue.async {
+                wg_log(.error, message: "Start processing packets")
+                self.ssPacketFlowBridge?.processPackets()
+            }
+        } catch (let err) {
+            wg_log(.error, message: "ss failed creating sockets \(err.localizedDescription)")
+            ssPacketFlowBridge?.invalidateSocketsIfNeeded()
+        }
+    }
+    
+    private func checkServerConnectivity() {
+        guard connectivityCheck else {
+            startCompletion?(.noError)
+            return
+        }
+        
+        let str = String(decoding: config, as: UTF8.self)
+        wg_log(.info, message: "checkServerConnectivity -> config: \(str)")
+        guard let ssConfig = try? JSONSerialization.jsonObject(with: config, options: []) as? [String: Any],
+              let remoteHost = ssConfig["server"] as? String,
+              let remotePort = ssConfig["server_port"] as? Int32 else {
+            startCompletion?(.configureSystemProxyFailure)
+            return
+        }
+        
+        var isRemoteUdpForwardingEnabled = false
+        var serverCredentialsAreValid = false
+        var isServerReachable = false
+        
+        dispatchGroup.enter()
+        ssConnectivity?.isUdpForwardingEnabled { status in
+            isRemoteUdpForwardingEnabled = status
+            self.dispatchGroup.leave()
+        }
+        dispatchGroup.enter()
+        ssConnectivity?.isReachable(remoteHost, port: NSNumber(value: remotePort).uint16Value) { status in
+            isServerReachable = status
+            self.dispatchGroup.leave()
+        }
+        dispatchGroup.enter()
+        ssConnectivity?.checkServerCredentials{ status in
+            serverCredentialsAreValid = status
+            self.dispatchGroup.leave()
+        }
+        
+        dispatchGroup.notify(queue: dispatchQueue) {
+            if isRemoteUdpForwardingEnabled {
+                self.startCompletion?(.noError)
+            } else if serverCredentialsAreValid {
+                self.startCompletion?(.udpRelayNotEnabled)
+            } else if isServerReachable {
+                self.startCompletion?(.invalidServerCredentials)
+            } else {
+                self.startCompletion?(.serverUnreachable)
+            }
+        }
+    }
+}
diff --git a/client/platforms/ios/tun2sockswriter.swift b/client/platforms/ios/tun2sockswriter.swift
new file mode 100644
index 00000000..43793865
--- /dev/null
+++ b/client/platforms/ios/tun2sockswriter.swift
@@ -0,0 +1,21 @@
+import Foundation
+import NetworkExtension
+import Tun2socks
+
+class AmneziaTun2SocksWriter: NSObject, Tun2socksTunWriterProtocol {
+	var tunnelFlow: NEPacketTunnelFlow
+
+	init( withPacketFlow nepflow: NEPacketTunnelFlow) {
+		self.tunnelFlow = nepflow
+		super.init()
+	}
+
+	func write(_ p0: Data?, n: UnsafeMutablePointer<Int>?) throws {
+		if let packets = p0 {
+			tunnelFlow.writePackets([packets], withProtocols: [NSNumber(value: PF_INET)])
+		}
+	}
+
+	func close() throws {}
+}
+
diff --git a/client/platforms/ios/tun2ssprovider.swift b/client/platforms/ios/tun2ssprovider.swift
new file mode 100644
index 00000000..71018e8c
--- /dev/null
+++ b/client/platforms/ios/tun2ssprovider.swift
@@ -0,0 +1,192 @@
+import Foundation
+import Darwin
+
+enum TunnelError: Error, Equatable {
+    case noError
+    case notFound(String)
+    case undefinedError(String)
+    case invalidServerCredentials(String)
+    case serverUnreachable(String)
+    case tunnelStartFailure(String)
+    case illegalServerConfiguration(String)
+    case systemMisconfigured(String)
+    
+    var desc: String {
+        switch self {
+        case .noError: return "OK. No errors."
+        case .notFound(let msg): return msg
+        case .undefinedError(let msg): return msg
+        case .invalidServerCredentials(let msg): return msg
+        case .serverUnreachable(let msg): return msg
+        case .tunnelStartFailure(let msg): return msg
+        case .illegalServerConfiguration(let msg): return msg
+        case .systemMisconfigured(let msg): return msg
+        }
+    }
+}
+
+enum LeafProviderError: Int32 {
+    case ok = 0
+    case invalidConfigPath
+    case invalidConfig
+    case ioError
+    case configFileWatcherError
+    case asyncChannelSendError
+    case asyncChannelRecvError
+    case runtimeManagerError
+    case noConfigFound
+    
+    static func toValue(from errorCode: Int32) -> LeafProviderError {
+        switch errorCode {
+        case ERR_OK: return ok
+        case ERR_CONFIG_PATH: return invalidConfigPath
+        case ERR_CONFIG: return invalidConfig
+        case ERR_IO: return ioError
+        case ERR_WATCHER: return configFileWatcherError
+        case ERR_ASYNC_CHANNEL_SEND: return asyncChannelSendError
+        case ERR_SYNC_CHANNEL_RECV: return asyncChannelRecvError
+        case ERR_RUNTIME_MANAGER: return runtimeManagerError
+        case ERR_NO_CONFIG_FILE: return noConfigFound
+        default: return ok
+        }
+    }
+    
+    var desc: String {
+        switch self {
+        case .ok: return "Ok. No Errors."
+        case .invalidConfigPath: return "Config file path is invalid."
+        case .invalidConfig: return "Config parsing error."
+        case .ioError: return "IO error."
+        case .configFileWatcherError: return "Config file watcher error."
+        case .asyncChannelSendError: return "Async channel send error."
+        case .asyncChannelRecvError: return "Sync channel receive error."
+        case .runtimeManagerError: return "Runtime manager error."
+        case .noConfigFound: return "No associated config file."
+        }
+    }
+}
+
+class TunProvider: NSObject {
+    private var configPath: UnsafePointer<CChar>
+    private var tunId: UInt16
+    private var tunThreadId: pthread_t? = nil
+    private var dispatchQueue: DispatchQueue
+    
+    private var startCompletion: ((TunnelError?) -> Void)? = nil
+    private var stopCompletion: ((TunnelError?) -> Void)? = nil
+    
+    init(withConfig configPath: UnsafePointer<CChar>) {
+        self.configPath = configPath
+        self.tunId = NSNumber(value: arc4random_uniform(UInt32.max)).uint16Value
+        self.dispatchQueue = DispatchQueue(label: "org.amnezia.ss-tun-openvpn")
+        super.init()
+    }
+    
+    func startTunnel(completion: @escaping (TunnelError?) -> Void) {
+        self.startCompletion = completion
+        guard tunThreadId == nil else {
+            let errMsg = "Leaf tunnel detached thread has already been started with id \(tunThreadId!)"
+            wg_log(.error, message: errMsg)
+            startCompletion?(.tunnelStartFailure(errMsg))
+            return
+        }
+        wg_log(.info, message: "Starting tunnel thread...")
+        dispatchQueue.async {
+            self.startTunnelThread()
+        }
+        startCompletion?(.noError)
+    }
+    
+    private func startLeafTunnel() {
+        let err = leaf_run(tunId, configPath)
+        if (err != ERR_OK) {
+            let errMsg = LeafProviderError.toValue(from: err).desc
+            startCompletion?(.tunnelStartFailure(errMsg))
+        }
+    }
+    
+    private func startTunnelThread() {
+        var attr: pthread_attr_t = .init()
+        var err = pthread_attr_init(&attr)
+        wg_log(.debug, message: "pthread_attr_init returned \(err)")
+        if (err != 0) {
+            let errMsg = "pthread_attr_init failed with error \(err)"
+            wg_log(.debug, message: errMsg)
+            startCompletion?(.tunnelStartFailure(errMsg))
+            return
+        }
+        err = pthread_attr_setdetachstate(&attr, PTHREAD_CREATE_DETACHED)
+        wg_log(.debug, message: "pthread_attr_setdetachstate returned \(err)")
+        if (err != 0) {
+            let errMsg = "pthread_attr_setdetachstate failed with error \(err)"
+            wg_log(.debug, message: errMsg)
+            startCompletion?(.tunnelStartFailure(errMsg))
+            return
+        }
+        let observer = UnsafeMutableRawPointer(Unmanaged.passUnretained(self).toOpaque())
+        err = pthread_create(&tunThreadId, &attr, { obs in
+            let provider = Unmanaged<TunProvider>.fromOpaque(obs).takeUnretainedValue()
+            provider.startLeafTunnel()
+            return nil
+        }, observer)
+        wg_log(.debug, message: "pthread_create returned \(err)")
+        if (err != 0) {
+            let errMsg = "pthread_create failed with error \(err)"
+            wg_log(.debug, message: errMsg)
+            startCompletion?(.tunnelStartFailure(errMsg))
+            return
+        }
+        err = pthread_attr_destroy(&attr)
+        wg_log(.debug, message: "pthread_attr_destroy returned \(err)")
+        if (err != 0) {
+            let errMsg = "pthread_create failed with error \(err)"
+            wg_log(.debug, message: errMsg)
+            startCompletion?(.tunnelStartFailure(errMsg))
+            return
+        }
+    }
+    
+    func reloadTunnel(withId tunId: UInt16) {
+        let err = leaf_reload(tunId)
+        if (err != ERR_OK) {
+            let errMsg = LeafProviderError.toValue(from: err).desc
+            self.startCompletion?(.systemMisconfigured(errMsg))
+        }
+    }
+    
+    func stopTunnel(completion: @escaping (TunnelError?) -> Void) {
+        self.stopCompletion = completion
+        guard tunThreadId != nil else {
+            let errMsg = "Leaf tunnel is not initialized properly or not started/existed, tunnelId is missed"
+            wg_log(.error, message: errMsg)
+            stopCompletion?(.notFound(errMsg))
+            return
+        }
+        
+        dispatchQueue.async {
+            let success = leaf_shutdown(self.tunId)
+            if !success {
+                let errMsg = "Tunnel canot be stopped for some odd reason."
+                self.stopCompletion?(.undefinedError(errMsg))
+            }
+            pthread_kill(self.tunThreadId!, SIGUSR1)
+            self.stopCompletion?(.noError)
+            self.tunThreadId = nil
+            self.stopCompletion = nil
+        }
+    }
+    
+    func testConfig(onPath path: UnsafePointer<CChar>, completion: @escaping (TunnelError?) -> Void) {
+        self.startCompletion = completion
+        let err = leaf_test_config(configPath)
+        if (err != ERR_OK) {
+            let errMsg = LeafProviderError.toValue(from: err).desc
+            startCompletion?(.illegalServerConfiguration(errMsg))
+            return
+        }
+        startCompletion?(.noError)
+    }
+    
+    
+    
+}
diff --git a/client/platforms/linux/leakdetector.cpp b/client/platforms/linux/leakdetector.cpp
new file mode 100644
index 00000000..7a092a8a
--- /dev/null
+++ b/client/platforms/linux/leakdetector.cpp
@@ -0,0 +1,75 @@
+/* This Source Code Form is subject to the terms of the Mozilla Public
+ * License, v. 2.0. If a copy of the MPL was not distributed with this
+ * file, You can obtain one at http://mozilla.org/MPL/2.0/. */
+
+#include "leakdetector.h"
+
+#include <QHash>
+#include <QMutex>
+#include <QObject>
+#include <QTextStream>
+
+#ifdef MVPN_DEBUG
+static QMutex s_leakDetector;
+
+QHash<QString, QHash<void*, uint32_t>> s_leaks;
+#endif
+
+LeakDetector::LeakDetector() {
+#ifndef MVPN_DEBUG
+  qFatal("LeakDetector _must_ be created in debug builds only!");
+#endif
+}
+
+LeakDetector::~LeakDetector() {
+#ifdef MVPN_DEBUG
+  QTextStream out(stderr);
+
+  out << "== Mozilla VPN - Leak report ===================" << Qt::endl;
+
+  bool hasLeaks = false;
+  for (auto i = s_leaks.begin(); i != s_leaks.end(); ++i) {
+    QString className = i.key();
+
+    if (i->size() == 0) {
+      continue;
+    }
+
+    hasLeaks = true;
+    out << className << Qt::endl;
+
+    for (auto l = i->begin(); l != i->end(); ++l) {
+      out << "  - ptr: " << l.key() << " size:" << l.value() << Qt::endl;
+    }
+  }
+
+  if (!hasLeaks) {
+    out << "No leaks detected." << Qt::endl;
+  }
+#endif
+}
+
+#ifdef MVPN_DEBUG
+void LeakDetector::logCtor(void* ptr, const char* typeName, uint32_t size) {
+  QMutexLocker lock(&s_leakDetector);
+
+  QString type(typeName);
+  if (!s_leaks.contains(type)) {
+    s_leaks.insert(type, QHash<void*, uint32_t>());
+  }
+
+  s_leaks[type].insert(ptr, size);
+}
+
+void LeakDetector::logDtor(void* ptr, const char* typeName, uint32_t size) {
+  QMutexLocker lock(&s_leakDetector);
+
+  QString type(typeName);
+  Q_ASSERT(s_leaks.contains(type));
+
+  QHash<void*, uint32_t>& leak = s_leaks[type];
+  Q_ASSERT(leak.contains(ptr));
+  Q_ASSERT(leak[ptr] == size);
+  leak.remove(ptr);
+}
+#endif
diff --git a/client/platforms/linux/leakdetector.h b/client/platforms/linux/leakdetector.h
new file mode 100644
index 00000000..3016137c
--- /dev/null
+++ b/client/platforms/linux/leakdetector.h
@@ -0,0 +1,41 @@
+/* This Source Code Form is subject to the terms of the Mozilla Public
+ * License, v. 2.0. If a copy of the MPL was not distributed with this
+ * file, You can obtain one at http://mozilla.org/MPL/2.0/. */
+
+#ifndef LEAKDETECTOR_H
+#define LEAKDETECTOR_H
+
+#include <QObject>
+
+#ifdef MVPN_DEBUG
+#  define MVPN_COUNT_CTOR(_type)                                 \
+    do {                                                         \
+      static_assert(std::is_class<_type>(),                      \
+                    "Token '" #_type "' is not a class type.");  \
+      LeakDetector::logCtor((void*)this, #_type, sizeof(*this)); \
+    } while (0)
+
+#  define MVPN_COUNT_DTOR(_type)                                 \
+    do {                                                         \
+      static_assert(std::is_class<_type>(),                      \
+                    "Token '" #_type "' is not a class type.");  \
+      LeakDetector::logDtor((void*)this, #_type, sizeof(*this)); \
+    } while (0)
+
+#else
+#  define MVPN_COUNT_CTOR(_type)
+#  define MVPN_COUNT_DTOR(_type)
+#endif
+
+class LeakDetector {
+ public:
+  LeakDetector();
+  ~LeakDetector();
+
+#ifdef MVPN_DEBUG
+  static void logCtor(void* ptr, const char* typeName, uint32_t size);
+  static void logDtor(void* ptr, const char* typeName, uint32_t size);
+#endif
+};
+
+#endif  // LEAKDETECTOR_H
diff --git a/client/protocols/ios_vpnprotocol.h b/client/protocols/ios_vpnprotocol.h
index 4cebe424..2b2971f1 100644
--- a/client/protocols/ios_vpnprotocol.h
+++ b/client/protocols/ios_vpnprotocol.h
@@ -16,7 +16,7 @@ public:
     explicit IOSVpnProtocol(amnezia::Proto proto, const QJsonObject& configuration, QObject* parent = nullptr);
     static IOSVpnProtocol* instance();
     
-    virtual ~IOSVpnProtocol() = default;
+    virtual ~IOSVpnProtocol() override = default;
 
     bool initialize();
 
@@ -47,11 +47,17 @@ private:
     bool m_checkingStatus = false;
     std::function<void(const QString&)> m_logCallback;
     
+    bool m_isChangingState = false;
+    
     void setupWireguardProtocol(const QtJson::JsonObject& result);
     void setupOpenVPNProtocol(const QtJson::JsonObject& result);
+    void setupShadowSocksProtocol(const QtJson::JsonObject& result);
     
     void launchWireguardTunnel(const QtJson::JsonObject &result);
     void launchOpenVPNTunnel(const QtJson::JsonObject &result);
+    void launchShadowSocksTunnel(const QtJson::JsonObject &result);
+    
+    QString serializeSSConfig(const QtJson::JsonObject &ssConfig);
 };
 
 
diff --git a/client/protocols/ios_vpnprotocol.mm b/client/protocols/ios_vpnprotocol.mm
index 070dc245..8decd885 100644
--- a/client/protocols/ios_vpnprotocol.mm
+++ b/client/protocols/ios_vpnprotocol.mm
@@ -35,8 +35,8 @@ bool IOSVpnProtocol::initialize()
     qDebug() << "Initializing Swift Controller";
     
     
-//    qDebug() << "config =>";
-//    qDebug() << QJsonDocument(m_rawConfig).toJson();
+    qDebug() << "RECEIVED CONFIG FROM SERVER SIDE  =>";
+    qDebug() << QJsonDocument(m_rawConfig).toJson();
     
     if (!m_controller) {
         bool ok;
@@ -48,7 +48,7 @@ bool IOSVpnProtocol::initialize()
         }
         
         QString protoName = result["protocol"].toString();
-        qDebug() << "protocol: " << protoName;
+        qDebug() << "PROTOCOL: " << protoName;
 
         if (protoName == "wireguard") {
             setupWireguardProtocol(result);
@@ -56,6 +56,9 @@ bool IOSVpnProtocol::initialize()
         } else if (protoName == "openvpn") {
             setupOpenVPNProtocol(result);
             currentProto = amnezia::Proto::OpenVpn;
+        } else if (protoName == "shadowsocks") {
+            setupShadowSocksProtocol(result);
+            currentProto = amnezia::Proto::ShadowSocks;
         } else {
             return false;
         }
@@ -77,11 +80,17 @@ ErrorCode IOSVpnProtocol::start()
         return InternalError;
     }
     
+    if (m_isChangingState)
+        return NoError;
+    
     QString protocol = result["protocol"].toString();
     
+    if (!m_controller)
+        initialize();
+    
     switch (m_protocol) {
         case amnezia::Proto::OpenVpn:
-            if (currentProto == amnezia::Proto::WireGuard) {
+            if (currentProto != m_protocol) {
                 if (m_controller) {
                     stop();
                     initialize();
@@ -94,7 +103,7 @@ ErrorCode IOSVpnProtocol::start()
             launchOpenVPNTunnel(result);
             break;
         case amnezia::Proto::WireGuard:
-            if (currentProto == amnezia::Proto::OpenVpn) {
+            if (currentProto != m_protocol) {
                 if (m_controller) {
                     stop();
                     initialize();
@@ -106,6 +115,19 @@ ErrorCode IOSVpnProtocol::start()
             initialize();
             launchWireguardTunnel(result);
             break;
+        case amnezia::Proto::ShadowSocks:
+            if (currentProto != m_protocol) {
+                if (m_controller) {
+                    stop();
+                    initialize();
+                }
+                launchShadowSocksTunnel(result);
+                currentProto = amnezia::Proto::ShadowSocks;
+                return NoError;
+            }
+            initialize();
+            launchShadowSocksTunnel(result);
+            break;
         default:
             break;
     }
@@ -126,9 +148,8 @@ void IOSVpnProtocol::stop()
     }
     
     [m_controller disconnect];
-    dispatch_async(dispatch_get_main_queue(), ^{
-        emit connectionStateChanged(Disconnected);
-    });
+    
+    emit connectionStateChanged(Disconnected);
     
     [m_controller dealloc];
     m_controller = nullptr;
@@ -268,8 +289,6 @@ void IOSVpnProtocol::setupWireguardProtocol(const QtJson::JsonObject &result)
     qDebug() << "  - " << "psk_key: " << config["psk_key"].toString();
     qDebug() << "  - " << "server_pub_key: " << config["server_pub_key"].toString();
     
-    
-    
     m_controller = [[IOSVpnProtocolImpl alloc] initWithBundleID:@VPN_NE_BUNDLEID
                                                      privateKey:key.toNSData()
                                               deviceIpv4Address:addr.toNSString()
@@ -284,14 +303,16 @@ void IOSVpnProtocol::setupWireguardProtocol(const QtJson::JsonObject &result)
                 m_controller = nullptr;
                 dispatch_async(dispatch_get_main_queue(), ^{
                     emit connectionStateChanged(VpnConnectionState::Error);
+                    m_isChangingState = false;
                 });
                 return;
             }
             case ConnectionStateConnected: {
                 Q_ASSERT(date);
-                QDateTime qtDate(QDateTime::fromNSDate(date));
+//                QDateTime qtDate(QDateTime::fromNSDate(date));
                 dispatch_async(dispatch_get_main_queue(), ^{
                     emit connectionStateChanged(VpnConnectionState::Connected);
+                    m_isChangingState = false;
                 });
                 return;
             }
@@ -300,6 +321,7 @@ void IOSVpnProtocol::setupWireguardProtocol(const QtJson::JsonObject &result)
                 [m_controller disconnect];
                 dispatch_async(dispatch_get_main_queue(), ^{
                     emit connectionStateChanged(VpnConnectionState::Disconnected);
+                    m_isChangingState = false;
                 });
                 return;
         }
@@ -313,12 +335,14 @@ void IOSVpnProtocol::setupWireguardProtocol(const QtJson::JsonObject &result)
         if (a_connected) {
             dispatch_async(dispatch_get_main_queue(), ^{
                 emit connectionStateChanged(Connected);
+                m_isChangingState = false;
             });
             return;
         }
-//        dispatch_async(dispatch_get_main_queue(), ^{
-//            emit connectionStateChanged(Disconnected);
-//        });
+        dispatch_async(dispatch_get_main_queue(), ^{
+            emit connectionStateChanged(Disconnected);
+            m_isChangingState = false;
+        });
     }];
 }
 
@@ -345,14 +369,16 @@ void IOSVpnProtocol::setupOpenVPNProtocol(const QtJson::JsonObject &result)
                 m_controller = nullptr;
                 dispatch_async(dispatch_get_main_queue(), ^{
                     emit connectionStateChanged(VpnConnectionState::Error);
+                    m_isChangingState = false;
                 });
                 return;
             }
             case ConnectionStateConnected: {
                 Q_ASSERT(date);
-                QDateTime qtDate(QDateTime::fromNSDate(date));
+//                QDateTime qtDate(QDateTime::fromNSDate(date));
                 dispatch_async(dispatch_get_main_queue(), ^{
                     emit connectionStateChanged(VpnConnectionState::Connected);
+                    m_isChangingState = false;
                 });
                 return;
             }
@@ -361,6 +387,7 @@ void IOSVpnProtocol::setupOpenVPNProtocol(const QtJson::JsonObject &result)
 //                [m_controller disconnect];
                 dispatch_async(dispatch_get_main_queue(), ^{
                     emit connectionStateChanged(VpnConnectionState::Disconnected);
+                    m_isChangingState = false;
                 });
                 return;
         }
@@ -374,12 +401,82 @@ void IOSVpnProtocol::setupOpenVPNProtocol(const QtJson::JsonObject &result)
         if (a_connected) {
             dispatch_async(dispatch_get_main_queue(), ^{
                 emit connectionStateChanged(Connected);
+                m_isChangingState = false;
             });
             return;
         }
-//        dispatch_async(dispatch_get_main_queue(), ^{
-//            emit connectionStateChanged(Disconnected);
-//        });
+        dispatch_async(dispatch_get_main_queue(), ^{
+            emit connectionStateChanged(Disconnected);
+            m_isChangingState = false;
+        });
+    }];
+}
+
+void IOSVpnProtocol::setupShadowSocksProtocol(const QtJson::JsonObject &result)
+{
+    static bool creating = false;
+    // No nested creation!
+    Q_ASSERT(creating == false);
+    creating = true;
+    
+    QtJson::JsonObject ovpn = result["openvpn_config_data"].toMap();
+    QString ovpnConfig = ovpn["config"].toString();
+    qDebug() << "OpenVPN Config:\n" << ovpn;
+    QtJson::JsonObject ssConfig = result["shadowsocks_config_data"].toMap();
+    
+    m_controller = [[IOSVpnProtocolImpl alloc] initWithBundleID:@VPN_NE_BUNDLEID
+                                                   tunnelConfig:ovpnConfig.toNSString()
+                                                       ssConfig:serializeSSConfig(ssConfig).toNSString()
+    closure:^(ConnectionState state, NSDate* date) {
+        qDebug() << "ShadowSocks creation completed with connection state:" << state;
+        creating = false;
+        
+        switch (state) {
+            case ConnectionStateError: {
+                [m_controller dealloc];
+                m_controller = nullptr;
+                dispatch_async(dispatch_get_main_queue(), ^{
+                    emit connectionStateChanged(VpnConnectionState::Error);
+                    m_isChangingState = false;
+                });
+                return;
+            }
+            case ConnectionStateConnected: {
+                Q_ASSERT(date);
+    //                QDateTime qtDate(QDateTime::fromNSDate(date));
+                dispatch_async(dispatch_get_main_queue(), ^{
+                    emit connectionStateChanged(VpnConnectionState::Connected);
+                    m_isChangingState = false;
+                });
+                return;
+            }
+            case ConnectionStateDisconnected:
+                // Just in case we are connecting, let's call disconnect.
+    //                [m_controller disconnect];
+                dispatch_async(dispatch_get_main_queue(), ^{
+                    emit connectionStateChanged(VpnConnectionState::Disconnected);
+                    m_isChangingState = false;
+                });
+                return;
+        }
+    }
+    callback:^(BOOL a_connected) {
+        if (currentProto != m_protocol) {
+            qDebug() << "Protocols switched: " << a_connected;
+            return;
+        }
+        qDebug() << "SS State changed: " << a_connected;
+        if (a_connected) {
+            dispatch_async(dispatch_get_main_queue(), ^{
+                emit connectionStateChanged(Connected);
+                m_isChangingState = false;
+            });
+            return;
+        }
+            dispatch_async(dispatch_get_main_queue(), ^{
+                emit connectionStateChanged(Disconnected);
+                m_isChangingState = false;
+            });
     }];
 }
 
@@ -436,6 +533,7 @@ void IOSVpnProtocol::launchWireguardTunnel(const QtJson::JsonObject &result)
         qDebug() << "Wireguard Protocol - connection failed";
         dispatch_async(dispatch_get_main_queue(), ^{
             emit connectionStateChanged(Disconnected);
+            m_isChangingState = false;
         });
     }];
 }
@@ -447,9 +545,57 @@ void IOSVpnProtocol::launchOpenVPNTunnel(const QtJson::JsonObject &result)
     
     [m_controller connectWithOvpnConfig:ovpnConfig.toNSString()
                         failureCallback:^{
-        qDebug() << "IOSVPNProtocol - connection failed";
+        qDebug() << "IOSVPNProtocol (OpenVPN) - connection failed";
         dispatch_async(dispatch_get_main_queue(), ^{
             emit connectionStateChanged(Disconnected);
+            m_isChangingState = false;
         });
     }];
 }
+
+void IOSVpnProtocol::launchShadowSocksTunnel(const QtJson::JsonObject &result) {
+    QtJson::JsonObject ovpn = result["openvpn_config_data"].toMap();
+    QString ovpnConfig = ovpn["config"].toString();
+    QtJson::JsonObject ssConfig = result["shadowsocks_config_data"].toMap();
+    QString ss = serializeSSConfig(ssConfig);
+    
+    [m_controller connectWithSsConfig:ss.toNSString()
+                           ovpnConfig:ovpnConfig.toNSString()
+                      failureCallback:^{
+        qDebug() << "IOSVPNProtocol (ShadowSocks) - connection failed";
+        dispatch_async(dispatch_get_main_queue(), ^{
+            emit connectionStateChanged(Disconnected);
+            m_isChangingState = false;
+        });
+    }];
+}
+
+QString IOSVpnProtocol::serializeSSConfig(const QtJson::JsonObject &ssConfig) {
+    QString ssLocalPort = ssConfig["local_port"].toString();
+    QString ssMethod = ssConfig["method"].toString();
+    QString ssPassword = ssConfig["password"].toString();
+    QString ssServer = ssConfig["server"].toString();
+    QString ssPort = ssConfig["server_port"].toString();
+    QString ssTimeout = ssConfig["timeout"].toString();
+    qDebug() << "\n\nSS CONFIG:";
+    qDebug() << " local port -" << ssLocalPort;
+    qDebug() << " method     -" << ssMethod;
+    qDebug() << " password   -" << ssPassword;
+    qDebug() << " server     -" << ssServer;
+    qDebug() << " port       -" << ssPort;
+    qDebug() << " timeout    -" << ssTimeout;
+    
+    QJsonObject shadowSocksConfig = QJsonObject();
+    shadowSocksConfig.insert("local_addr", "127.0.0.1");
+    shadowSocksConfig.insert("local_port", ssConfig["local_port"].toInt());
+    shadowSocksConfig.insert("method", ssConfig["method"].toString());
+//    shadowSocksConfig.insert("method", "aes-256-gcm");
+    shadowSocksConfig.insert("password", ssConfig["password"].toString());
+    shadowSocksConfig.insert("server", ssConfig["server"].toString());
+    shadowSocksConfig.insert("server_port", ssConfig["server_port"].toInt());
+    shadowSocksConfig.insert("timeout", ssConfig["timeout"].toInt());
+    
+    QString ss = QString(QJsonDocument(shadowSocksConfig).toJson());
+    qDebug() << "SS Config JsonString:\n" << ss;
+    return ss;
+}
diff --git a/client/protocols/protocols_defs.cpp b/client/protocols/protocols_defs.cpp
index 93578d12..549c3774 100644
--- a/client/protocols/protocols_defs.cpp
+++ b/client/protocols/protocols_defs.cpp
@@ -76,7 +76,7 @@ QMap<amnezia::Proto, QString> ProtocolProps::protocolHumanNames()
         {Proto::Ikev2, "IKEv2"},
         {Proto::L2tp, "L2TP"},
 
-        {Proto::TorWebSite, "Web site in TOR network"},
+        {Proto::TorWebSite, "Web site in Tor network"},
         {Proto::Dns, "DNS Service"},
         {Proto::FileShare, "File Sharing Service"},
         {Proto::Sftp, QObject::tr("Sftp service")}
diff --git a/client/resources.qrc b/client/resources.qrc
index cb7877ff..a48a98f7 100644
--- a/client/resources.qrc
+++ b/client/resources.qrc
@@ -157,5 +157,7 @@
         <file>images/svg/control_point_black_24dp.svg</file>
         <file>images/svg/settings_suggest_black_24dp.svg</file>
         <file>ui/qml/Controls/SvgButtonType.qml</file>
+        <file>ui/qml/Pages/PageQrDecoderIos.qml</file>
+        <file>server_scripts/website_tor/Dockerfile</file>
     </qresource>
 </RCC>
diff --git a/client/scripts/ios_compile.sh b/client/scripts/apple_compile.sh
similarity index 61%
rename from client/scripts/ios_compile.sh
rename to client/scripts/apple_compile.sh
index 96609560..48b438bb 100755
--- a/client/scripts/ios_compile.sh
+++ b/client/scripts/apple_compile.sh
@@ -12,10 +12,11 @@ OS=
 NETWORKEXTENSION=
 ADJUST_SDK_TOKEN=
 ADJUST="CONFIG-=adjust"
+WORKINGDIR=`pwd`
 
 helpFunction() {
   print G "Usage:"
-  print N "\t$0 <ios> [-d|--debug] [-n|--networkextension] [-a|--adjusttoken <adjust_token>]"
+  print N "\t$0 <macos|ios|> [-d|--debug] [-n|--networkextension] [-a|--adjusttoken <adjust_token>]"
   print N ""
   print N "By default, the project is compiled in release mode. Use -d or --debug for a debug build."
   print N "Use -n or --networkextension to force the network-extension component for MacOS too."
@@ -75,7 +76,7 @@ fetch() {
     return
   fi
 
-  die "You must have 'wget' or 'curl' installed."
+  killProcess "You must have 'wget' or 'curl' installed."
 }
 
 sha256() {
@@ -89,7 +90,7 @@ sha256() {
     return 0
   fi
 
-  die "You must have 'sha256sum' or 'openssl' installed."
+  killProcess "You must have 'sha256sum' or 'openssl' installed."
 }
 
 if [[ "$OS" != "macos" ]] && [[ "$OS" != "ios" ]] && [[ "$OS" != "macostest" ]]; then
@@ -107,7 +108,7 @@ if [[ "$OS" == "ios" ]]; then
 fi
 
 if ! [ -d "ios" ] || ! [ -d "macos" ]; then
-  die "This script must be executed at the root of the repository."
+  killProcess "This script must be executed at the root of the repository."
 fi
 
 QMAKE=qmake
@@ -119,26 +120,30 @@ elif [ "$OS" = "ios" ] && ! [ "$QT_IOS_BIN" = "" ]; then
   QMAKE=$QT_IOS_BIN/qmake
 fi
 
-$QMAKE -v &>/dev/null || die "qmake doesn't exist or it fails"
+$QMAKE -v &>/dev/null || killProcess "qmake doesn't exist or it fails"
 
-printn Y "Retrieve the wireguard-go version... "
-(cd macos/gobridge && go list -m golang.zx2c4.com/wireguard | sed -n 's/.*v\([0-9.]*\).*/#define WIREGUARD_GO_VERSION "\1"/p') > macos/gobridge/wireguard-go-version.h
+print Y "Retrieve the wireguard-go version... "
+if [ "$OS" = "macos" ]; then
+  (cd macos/gobridge && go list -m golang.zx2c4.com/wireguard | sed -n 's/.*v\([0-9.]*\).*/#define WIREGUARD_GO_VERSION "\1"/p') > macos/gobridge/wireguard-go-version.h
+elif [ "$OS" = "ios" ]; then
+  if [ ! -f 3rd/wireguard-apple/Sources/WireGuardKitGo/wireguard-go-version.h ]; then
+    print Y "Creating wireguard-go-version.h file"
+    touch 3rd/wireguard-apple/Sources/WireGuardKitGo/wireguard-go-version.h
+    cat <<EOF >> $WORKINGDIR/3rd/wireguard-apple/Sources/WireGuardKitGo/wireguard-go-version.h 
+#define WIREGUARD_GO_VERSION "0.0.0"
+EOF
+  fi
+  (cd 3rd/wireguard-apple/Sources/WireGuardKitGo && go list -m golang.zx2c4.com/wireguard | sed -n 's/.*v\([0-9.]*\).*/#define WIREGUARD_GO_VERSION "\1"/p') > 3rd/wireguard-apple/Sources/WireGuardKitGo/wireguard-go-version.h
+fi
 print G "done."
 
 printn Y "Cleaning the existing project... "
-rm -rf AmneziaVPN.xcodeproj/ || die "Failed to remove things"
+rm -rf AmneziaVPN.xcodeproj/ || killProcess "Failed to remove things"
 print G "done."
 
-#print Y "Importing translation files..."
-#git submodule update --remote --depth 1 i18n || die "Failed to fetch newest translation files"
-#python scripts/importLanguages.py $([[ "$OS" = "macos" ]] && echo "-m" || echo "") || die "Failed to import languages"
-#
-#print Y "Generating glean samples..."
-#python scripts/generate_glean.py || die "Failed to generate glean samples"
-
 printn Y "Extract the project version... "
 SHORTVERSION=$(cat version.pri | grep VERSION | grep defined | cut -d= -f2 | tr -d \ )
-FULLVERSION=$(echo $SHORTVERSION | cut -d. -f1).$(date +"%Y%m%d%H%M")
+FULLVERSION=$(cat versionfull.pri | grep BUILDVERSION | grep defined | cut -d= -f2 | tr -d \ )
 print G "$SHORTVERSION - $FULLVERSION"
 
 MACOS_FLAGS="
@@ -184,7 +189,7 @@ elif [ "$OS" = "ios" ]; then
     ADJUST="CONFIG+=adjust"
   fi
 else
-  die "Why we are here?"
+  killProcess "Why are we here?"
 fi
 
 VPNMODE=
@@ -212,7 +217,36 @@ if [ "$OS" = "ios" ]; then
   compile_openvpn_adapter
 else
   print Y "No OpenVPNAdapter will be built"
+fi
 
+if [ "$OS" = "ios" ]; then
+  print Y "Prepare to build ShadowSocks..."
+  prepare_to_build_ss
+  print Y "Patching the ShadowSocks project..."
+  patch_ss
+  ruby ../../scripts/ss_project_patcher.rb "ShadowSocks.xcodeproj"
+  print G "done."
+  print Y "Building ShadowSocks Framework..."
+  compile_ss_frameworks
+else
+  print Y "No ShadowSocket Library will be built"
+fi
+
+if [ "$OS" = "ios" ]; then
+  print Y "Prepare to build CocoaAsyncSocket..."
+  prepare_to_build_cas
+  print Y "Building CocoaAsyncSocket Framework..."
+  compile_cocoa_async_socket
+else
+  print Y "No CocoaAsyncSocket will be built"
+fi
+
+if [ "$OS" = "ios" ]; then
+  print Y "Prepare to build Tun2Socks..."
+  print Y "Building Tun2Socks Framework..."
+  compile_tun2socks
+else
+  print Y "No Tun2Socks will be built"
 fi
 
 print Y "Creating the xcode project via qmake..."
@@ -225,12 +259,17 @@ $QMAKE \
   $WEMODE \
   $PLATFORM \
   $ADJUST \
-  ./client.pro || die "Compilation failed"
+  ./client.pro || killProcess "Compilation failed"
 
 print Y "Patching the xcode project..."
-ruby scripts/xcode_patcher.rb "AmneziaVPN.xcodeproj" "$SHORTVERSION" "$FULLVERSION" "$OSRUBY" "$NETWORKEXTENSION" "$ADJUST_SDK_TOKEN" || die "Failed to merge xcode with wireguard"
+ruby scripts/xcode_patcher.rb "AmneziaVPN.xcodeproj" "$SHORTVERSION" "$FULLVERSION" "$OSRUBY" "$NETWORKEXTENSION" "$ADJUST_SDK_TOKEN" || killProcess "Failed to merge xcode with wireguard"
 print G "done."
 
+  if command -v "sed" &>/dev/null; then
+    sed -i '' '/<key>BuildSystemType<\/key>/d' AmneziaVPN.xcodeproj/project.xcworkspace/xcshareddata/WorkspaceSettings.xcsettings
+    sed -i '' '/<string>Original<\/string>/d' AmneziaVPN.xcodeproj/project.xcworkspace/xcshareddata/WorkspaceSettings.xcsettings
+  fi
+
 print Y "Opening in XCode..."
 open AmneziaVPN.xcodeproj
 print G "All done!"
diff --git a/client/scripts/build_phase_run_script.sh b/client/scripts/build_phase_run_script.sh
new file mode 100644
index 00000000..510ec6a4
--- /dev/null
+++ b/client/scripts/build_phase_run_script.sh
@@ -0,0 +1,9 @@
+#!/bin/sh
+
+# add `@executable_path/../../Frameworks` to Runpath Search Paths in Build Settings of extension
+# put to run script phase in build phases for extension
+# Type a script or drag a script file from your workspace to insert its path.
+cd "${CONFIGURATION_BUILD_DIR}/${UNLOCALIZED_RESOURCES_FOLDER_PATH}/"
+if [[ -d "Frameworks" ]]; then 
+	rm -fr Frameworks
+fi
\ No newline at end of file
diff --git a/client/scripts/cas_ios.xcconfig b/client/scripts/cas_ios.xcconfig
new file mode 100644
index 00000000..80967035
--- /dev/null
+++ b/client/scripts/cas_ios.xcconfig
@@ -0,0 +1,18 @@
+SUPPORTED_PLATFORMS = iphoneos
+TARGETED_DEVICE_FAMILY = 1,2
+
+HEADER_SEARCH_PATHS = $(inherited) $(SRCROOT)/Source
+//CLANG_CXX_LANGUAGE_STANDARD = gnu++14
+//CLANG_CXX_LIBRARY = libc++
+
+////////////////////////////////////////////////////////////////////////////////
+//
+// iOS-specific settings
+//
+IPHONEOS_DEPLOYMENT_TARGET = 9.3
+
+SDKROOT[arch=arm64] = iphoneos
+SDKROOT[arch=armv7] = iphoneos
+SDKROOT[arch=armv7s] = iphoneos
+
+VALID_ARCHS[sdk=iphoneos*] = arm64
diff --git a/client/scripts/cl_ios.xcconfig b/client/scripts/cl_ios.xcconfig
new file mode 100644
index 00000000..24a13c9d
--- /dev/null
+++ b/client/scripts/cl_ios.xcconfig
@@ -0,0 +1,18 @@
+SUPPORTED_PLATFORMS = iphoneos
+TARGETED_DEVICE_FAMILY = 1,2
+
+HEADER_SEARCH_PATHS = $(inherited) $(SRCROOT)/Sources
+//CLANG_CXX_LANGUAGE_STANDARD = gnu++14
+//CLANG_CXX_LIBRARY = libc++
+
+////////////////////////////////////////////////////////////////////////////////
+//
+// iOS-specific settings
+//
+IPHONEOS_DEPLOYMENT_TARGET = 9.3
+
+SDKROOT[arch=arm64] = iphoneos
+SDKROOT[arch=armv7] = iphoneos
+SDKROOT[arch=armv7s] = iphoneos
+
+VALID_ARCHS[sdk=iphoneos*] = arm64
\ No newline at end of file
diff --git a/client/scripts/codesign_framework.sh b/client/scripts/codesign_framework.sh
new file mode 100644
index 00000000..9360b961
--- /dev/null
+++ b/client/scripts/codesign_framework.sh
@@ -0,0 +1,94 @@
+#!/bin/sh
+
+# WARNING: You may have to run Clean in Xcode after changing CODE_SIGN_IDENTITY! 
+
+# Verify that $CODE_SIGN_IDENTITY is set
+if [ -z "${CODE_SIGN_IDENTITY}" ] ; then
+    echo "CODE_SIGN_IDENTITY needs to be set for framework code-signing!"
+    
+    if [ "${CONFIGURATION}" = "Release" ] ; then
+        exit 1
+    else
+        # Code-signing is optional for non-release builds.
+        exit 0
+    fi
+fi
+
+if [ -z "${CODE_SIGN_ENTITLEMENTS}" ] ; then
+    echo "CODE_SIGN_ENTITLEMENTS needs to be set for framework code-signing!"
+    
+    if [ "${CONFIGURATION}" = "Release" ] ; then
+        exit 1
+    else
+        # Code-signing is optional for non-release builds.
+        exit 0
+    fi
+fi
+
+ITEMS=""
+
+FRAMEWORKS_DIR="${TARGET_BUILD_DIR}/${FRAMEWORKS_FOLDER_PATH}"
+if [ -d "$FRAMEWORKS_DIR" ] ; then
+    FRAMEWORKS=$(find "${FRAMEWORKS_DIR}" -depth -type d -name "*.framework" -or -name "*.dylib" -or -name "*.bundle" | sed -e "s/\(.*framework\)/\1\/Versions\/A\//")
+    RESULT=$?
+    if [[ $RESULT != 0 ]] ; then
+        exit 1
+    fi
+    
+    ITEMS="${FRAMEWORKS}"
+fi
+
+LOGINITEMS_DIR="${TARGET_BUILD_DIR}/${CONTENTS_FOLDER_PATH}/Library/LoginItems/"
+if [ -d "$LOGINITEMS_DIR" ] ; then
+    LOGINITEMS=$(find "${LOGINITEMS_DIR}" -depth -type d -name "*.app")
+    RESULT=$?
+    if [[ $RESULT != 0 ]] ; then
+        exit 1
+    fi
+    
+    ITEMS="${ITEMS}"$'\n'"${LOGINITEMS}"
+fi
+
+# Prefer the expanded name, if available.
+CODE_SIGN_IDENTITY_FOR_ITEMS="${EXPANDED_CODE_SIGN_IDENTITY_NAME}"
+if [ "${CODE_SIGN_IDENTITY_FOR_ITEMS}" = "" ] ; then
+    # Fall back to old behavior.
+    CODE_SIGN_IDENTITY_FOR_ITEMS="${CODE_SIGN_IDENTITY}"
+fi
+
+echo "Identity:"
+echo "${CODE_SIGN_IDENTITY_FOR_ITEMS}"
+
+echo "Entitlements:"
+echo "${CODE_SIGN_ENTITLEMENTS}"
+
+echo "Found:"
+echo "${ITEMS}"
+
+# Change the Internal Field Separator (IFS) so that spaces in paths will not cause problems below.
+SAVED_IFS=$IFS
+IFS=$(echo -en "\n\b")
+
+# Loop through all items.
+for ITEM in $ITEMS;
+do
+    echo "Signing '${ITEM}'"
+    codesign --force --verbose --sign "${CODE_SIGN_IDENTITY_FOR_ITEMS}" --entitlements "${CODE_SIGN_ENTITLEMENTS}" "${ITEM}"
+    RESULT=$?
+    if [[ $RESULT != 0 ]] ; then
+        echo "Failed to sign '${ITEM}'."
+        IFS=$SAVED_IFS
+        exit 1
+    fi
+done
+
+# Restore $IFS.
+IFS=$SAVED_IFS
+
+# Save it to a file in your project.
+# Mine is called codesign-frameworks.sh.
+# Add a “Run Script” build phase right after your “Copy Embedded Frameworks” build phase.
+# You can call it “Codesign Embedded Frameworks”.
+# Paste ./codesign-frameworks.sh (or whatever you called your script above) into the script editor text field.
+# Build your app. All bundled frameworks will be codesigned.
+# from http://stackoverflow.com/questions/7697508/how-do-you-codesign-framework-bundles-for-the-mac-app-store
\ No newline at end of file
diff --git a/client/scripts/commons.sh b/client/scripts/commons.sh
index 7abe5aa1..aebd37b2 100644
--- a/client/scripts/commons.sh
+++ b/client/scripts/commons.sh
@@ -41,25 +41,103 @@ error() {
 
 XCODEBUILD="/usr/bin/xcodebuild"
 WORKINGDIR=`pwd`
-
-compile_openvpn_adapter() {
-  cd 3rd/OpenVPNAdapter
-  
-  $XCODEBUILD -scheme OpenVPNAdapter -configuration Debug -xcconfig Configuration/amnezia.xcconfig -sdk iphoneos -destination 'generic/platform=iOS' -project OpenVPNAdapter.xcodeproj
-  
-  cd ../../
-}
+PATCH="/usr/bin/patch"
+export PATH=$GOPATH:$PATH
 
 prepare_to_build_vpn() {
   cat $WORKINGDIR/3rd/OpenVPNAdapter/Configuration/Project.xcconfig > $WORKINGDIR/3rd/OpenVPNAdapter/Configuration/amnezia.xcconfig 
   cat << EOF >> $WORKINGDIR/3rd/OpenVPNAdapter/Configuration/amnezia.xcconfig 
   PROJECT_TEMP_DIR = $WORKINGDIR/3rd/OpenVPNAdapter/build/OpenVPNAdapter.build
-  CONFIGURATION_BUILD_DIR = $WORKINGDIR/3rd/OpenVPNAdapter/build/Debug-iphoneos
-  BUILT_PRODUCTS_DIR = $WORKINGDIR/3rd/OpenVPNAdapter/build/Debug-iphoneos  
+  CONFIGURATION_BUILD_DIR = $WORKINGDIR/3rd/OpenVPNAdapter/build/Release-iphoneos
+  BUILT_PRODUCTS_DIR = $WORKINGDIR/3rd/OpenVPNAdapter/build/Release-iphoneos  
 EOF
 }
 
-die() {
+compile_openvpn_adapter() {
+  cd 3rd/OpenVPNAdapter
+  if $XCODEBUILD -scheme OpenVPNAdapter -configuration Release -xcconfig Configuration/amnezia.xcconfig -sdk iphoneos -destination 'generic/platform=iOS' -project OpenVPNAdapter.xcodeproj ; then
+    print Y "OpenVPNAdapter built successfully"
+  else
+    killProcess "OpenVPNAdapter build failed"
+  fi
+  cd ../../
+}
+
+prepare_to_build_ss() {
+  cat $WORKINGDIR/scripts/ss_ios.xcconfig > $WORKINGDIR/3rd/ShadowSocks/ss_ios.xcconfig
+  cat << EOF >> $WORKINGDIR/3rd/ShadowSocks/ss_ios.xcconfig 
+PROJECT_TEMP_DIR = $WORKINGDIR/3rd/ShadowSocks/build/ShadowSocks.build
+CONFIGURATION_BUILD_DIR = $WORKINGDIR/3rd/ShadowSocks/build/Release-iphoneos
+BUILT_PRODUCTS_DIR = $WORKINGDIR/3rd/ShadowSocks/build/Release-iphoneos  
+EOF
+}
+
+patch_ss() {
+  cd 3rd/ShadowSocks
+}
+
+compile_ss_frameworks() {
+  if $XCODEBUILD -scheme ShadowSocks -configuration Release -xcconfig ss_ios.xcconfig -sdk iphoneos -destination 'generic/platform=iOS' -project ShadowSocks.xcodeproj ; then
+    print Y "ShadowSocks built successfully"
+  else
+    killProcess "ShadowSocks build failed"
+  fi
+  cd ../../
+}
+
+prepare_to_build_cas() {
+  cat $WORKINGDIR/scripts/cas_ios.xcconfig > $WORKINGDIR/3rd/CocoaAsyncSocket/cas_ios.xcconfig
+  cat << EOF >> $WORKINGDIR/3rd/CocoaAsyncSocket/cas_ios.xcconfig
+PROJECT_TEMP_DIR = $WORKINGDIR/3rd/CocoaAsyncSocket/build/CocoaAsyncSocket.build
+CONFIGURATION_BUILD_DIR = $WORKINGDIR/3rd/CocoaAsyncSocket/build/Release-iphoneos
+BUILT_PRODUCTS_DIR = $WORKINGDIR/3rd/CocoaAsyncSocket/build/Release-iphoneos  
+EOF
+}
+
+compile_cocoa_async_socket() {
+  cd 3rd/CocoaAsyncSocket
+  if $XCODEBUILD -scheme 'iOS Framework' -configuration Release -xcconfig cas_ios.xcconfig -sdk iphoneos -destination 'generic/platform=iOS' -project CocoaAsyncSocket.xcodeproj ; then
+    print Y "CocoaAsyncSocket built successfully"
+  else
+    killProcess "CocoaAsyncSocket build failed"
+  fi
+  cd ../../
+}
+
+compile_tun2socks() {
+  cd 3rd/outline-go-tun2socks
+  go get -d ./...
+  go get -u golang.org/x/sys
+  if GOOS=ios GOARCH=arm64 GOFLAGS="-tags=ios" CC=iphoneos-clang CXX=iphoneos-clang++ CGO_CFLAGS="-isysroot iphoneos -miphoneos-version-min=12.0 -fembed-bitcode -arch arm64" CGO_CXXFLAGS="-isysroot iphoneos -miphoneos-version-min=12.0 -fembed-bitcode -arch arm64" CGO_LDFLAGS="-isysroot iphoneos -miphoneos-version-min=12.0 -fembed-bitcode -arch arm64" CGO_ENABLED=1 DARWIN_SDK=iphoneos gomobile bind -a -ldflags="-w -s" -bundleid org.amnezia.tun2socks -target=ios/arm64 -tags ios -o ./build/ios/Tun2Socks.xcframework github.com/Jigsaw-Code/outline-go-tun2socks/outline/apple github.com/Jigsaw-Code/outline-go-tun2socks/outline/shadowsocks ; then
+    print Y "Tun2Socks built successfully"
+  else
+    print "Please check that path to bin folder with gomobile is in your PATH"
+    print "Usually it's in GOPATH/bin, e.g. /usr/local/go/bin"
+    killProcess "Tun2Socks build failed"
+  fi
+  cd ../../
+}
+
+prepare_to_build_cl() {
+  cat $WORKINGDIR/scripts/cl_ios.xcconfig > $WORKINGDIR/3rd/CocoaLumberjack/cl_ios.xcconfig
+  cat << EOF >> $WORKINGDIR/3rd/CocoaLumberjack/cl_ios.xcconfig
+PROJECT_TEMP_DIR = $WORKINGDIR/3rd/CocoaLumberjack/build/CocoaLumberjack.build
+CONFIGURATION_BUILD_DIR = $WORKINGDIR/3rd/CocoaLumberjack/build/Release-iphoneos
+BUILT_PRODUCTS_DIR = $WORKINGDIR/3rd/CocoaLumberjack/build/Release-iphoneos  
+EOF
+}
+
+compile_cocoalamberjack() {
+  cd 3rd/CocoaLumberjack
+  if $XCODEBUILD -scheme 'CocoaLumberjack' -configuration Release -xcconfig cl_ios.xcconfig -sdk iphoneos -destination 'generic/platform=iOS' -project Lumberjack.xcodeproj ; then
+    print Y "CocoaLumberjack built successfully"
+  else
+    killProcess "CocoaLumberjack build failed"
+  fi
+  cd ../../
+}
+
+killProcess() {
   if [[ "$1" ]]; then
     error "$1"
   else
@@ -68,4 +146,3 @@ die() {
 
   exit 1
 }
-
diff --git a/client/scripts/pp_ios.xcconfig b/client/scripts/pp_ios.xcconfig
new file mode 100644
index 00000000..3dd0c4d7
--- /dev/null
+++ b/client/scripts/pp_ios.xcconfig
@@ -0,0 +1,18 @@
+SUPPORTED_PLATFORMS = iphoneos
+TARGETED_DEVICE_FAMILY = 1,2
+
+HEADER_SEARCH_PATHS = $(inherited) $(SRCROOT)/PacketProcessor
+//CLANG_CXX_LANGUAGE_STANDARD = gnu++14
+//CLANG_CXX_LIBRARY = libc++
+
+////////////////////////////////////////////////////////////////////////////////
+//
+// iOS-specific settings
+//
+IPHONEOS_DEPLOYMENT_TARGET = 9.3
+
+SDKROOT[arch=arm64] = iphoneos
+SDKROOT[arch=armv7] = iphoneos
+SDKROOT[arch=armv7s] = iphoneos
+
+VALID_ARCHS[sdk=iphoneos*] = arm64
diff --git a/client/scripts/ss_ios.xcconfig b/client/scripts/ss_ios.xcconfig
new file mode 100644
index 00000000..163b20cb
--- /dev/null
+++ b/client/scripts/ss_ios.xcconfig
@@ -0,0 +1,20 @@
+SUPPORTED_PLATFORMS = iphoneos
+TARGETED_DEVICE_FAMILY = 1,2
+
+HEADER_SEARCH_PATHS = $(inherited) $(SRCROOT)/ShadowSocks
+//HEADER_SEARCH_PATHS = $(inherited) $(SRCROOT)/ShadowSocks $(SRCROOT)/ShadowSocks/libcares/include $(SRCROOT)/ShadowSocks/libev/arm64/include $(SRCROOT)/ShadowSocks/libsodium/include $(SRCROOT)/ShadowSocks/mbedtls/include $(SRCROOT)/ShadowSocks/pcre/arm64/include $(SRCROOT)/ShadowSocks/shadowsocks-libev/include
+
+//CLANG_CXX_LANGUAGE_STANDARD = gnu++14
+//CLANG_CXX_LIBRARY = libc++
+
+////////////////////////////////////////////////////////////////////////////////
+//
+// iOS-specific settings
+//
+IPHONEOS_DEPLOYMENT_TARGET = 9.3
+
+SDKROOT[arch=arm64] = iphoneos
+SDKROOT[arch=armv7] = iphoneos
+SDKROOT[arch=armv7s] = iphoneos
+
+VALID_ARCHS[sdk=iphoneos*] = arm64
diff --git a/client/scripts/ss_patch.diff b/client/scripts/ss_patch.diff
new file mode 100644
index 00000000..de8135e4
--- /dev/null
+++ b/client/scripts/ss_patch.diff
@@ -0,0 +1,87 @@
+diff --git a/ShadowPath/Privoxy/pcre/pcreposix.c b/ShadowPath/Privoxy/pcre/pcreposix.c
+--- a/ShadowPath/Privoxy/pcre/pcreposix.c
++++ b/ShadowPath/Privoxy/pcre/pcreposix.c
+@@ -146,13 +146,13 @@ message = (errcode >= (int)(sizeof(pstring)/sizeof(char *)))?
+ length = strlen(message) + 1;
+ 
+ addmessage = " at offset ";
+-addlength = (preg != NULL && (int)preg->re_erroffset != -1)?
++addlength = (preg != NULL && (int)preg->re_nsub != -1)?
+   strlen(addmessage) + 6 : 0;
+ 
+ if (errbuf_size > 0)
+   {
+   if (addlength > 0 && errbuf_size >= length + addlength)
+-    sprintf(errbuf, "%s%s%-6d", message, addmessage, (int)preg->re_erroffset);
++    sprintf(errbuf, "%s%s%-6d", message, addmessage, (int)preg->re_nsub);
+   else
+     {
+     strncpy(errbuf, message, errbuf_size - 1);
+@@ -173,7 +173,7 @@ return length + addlength;
+ void
+ pcre_regfree(regex_t *preg)
+ {
+-(pcre_free)(preg->re_pcre);
++(pcre_free)(preg->re_g);
+ }
+ 
+ 
+@@ -203,12 +203,12 @@ int options = 0;
+ if ((cflags & REG_ICASE) != 0) options |= PCRE_CASELESS;
+ if ((cflags & REG_NEWLINE) != 0) options |= PCRE_MULTILINE;
+ 
+-preg->re_pcre = pcre_compile(pattern, options, &errorptr, &erroffset, NULL);
+-preg->re_erroffset = erroffset;
++preg->re_g = pcre_compile(pattern, options, &errorptr, &erroffset, NULL);
++preg->re_nsub = erroffset;
+ 
+-if (preg->re_pcre == NULL) return pcre_posix_error_code(errorptr);
++if (preg->re_g == NULL) return pcre_posix_error_code(errorptr);
+ 
+-preg->re_nsub = pcre_info(preg->re_pcre, NULL, NULL);
++preg->re_nsub = pcre_info(preg->re_g, NULL, NULL);
+ return 0;
+ }
+ 
+@@ -235,7 +235,7 @@ int *ovector = NULL;
+ if ((eflags & REG_NOTBOL) != 0) options |= PCRE_NOTBOL;
+ if ((eflags & REG_NOTEOL) != 0) options |= PCRE_NOTEOL;
+ 
+-preg->re_erroffset = (size_t)(-1);   /* Only has meaning after compile */
++preg->re_nsub = (size_t)(-1);   /* Only has meaning after compile */
+ 
+ if (nmatch > 0)
+   {
+@@ -243,7 +243,7 @@ if (nmatch > 0)
+   if (ovector == NULL) return REG_ESPACE;
+   }
+ 
+-rc = pcre_exec(preg->re_pcre, NULL, string, (int)strlen(string), 0, options,
++rc = pcre_exec(preg->re_g, NULL, string, (int)strlen(string), 0, options,
+   ovector, nmatch * 3);
+ 
+ if (rc == 0) rc = nmatch;    /* All captured slots were filled in */
+diff --git a/ShadowPath/shadowsocks-libev/src/http.h b/ShadowPath/shadowsocks-libev/src/http.h
+index 914815a..e312dd3 100644
+--- a/ShadowPath/shadowsocks-libev/src/http.h
++++ b/ShadowPath/shadowsocks-libev/src/http.h
+@@ -29,6 +29,6 @@
+ #include <stdio.h>
+ #include "protocol.h"
+ 
+-const protocol_t *const http_protocol;
++extern const protocol_t *const http_protocol;
+ 
+ #endif
+diff --git a/ShadowPath/shadowsocks-libev/src/tls.h b/ShadowPath/shadowsocks-libev/src/tls.h
+index 3998913..ddbee11 100644
+--- a/ShadowPath/shadowsocks-libev/src/tls.h
++++ b/ShadowPath/shadowsocks-libev/src/tls.h
+@@ -28,6 +28,6 @@
+ 
+ #include "protocol.h"
+ 
+-const protocol_t *const tls_protocol;
++extern const protocol_t *const tls_protocol;
+ 
+ #endif
diff --git a/client/scripts/ss_project_patcher.rb b/client/scripts/ss_project_patcher.rb
new file mode 100644
index 00000000..a0582b21
--- /dev/null
+++ b/client/scripts/ss_project_patcher.rb
@@ -0,0 +1,55 @@
+#!/usr/bin/ruby
+
+require 'xcodeproj'
+
+class SSPatcher
+	attr :project
+	attr :target_main
+	
+	def run(file)
+		open_project file
+		open_target_main
+		
+		patch_main_target
+		
+		@project.save
+	end
+	
+	def open_project(file)
+		@project = Xcodeproj::Project.open(file)
+		die 'Failed to open the project file: ' + file if @project.nil?
+	end
+	
+	def open_target_main
+		@target_main = @project.native_targets
+						.select { |target| target.name == 'ShadowSocks' }
+						.first
+		return @target_main if not @target_main.nil?
+		
+		die 'Unable to open ShadowSocks target'
+	end
+	
+	def patch_main_target
+	    @target_main.resources_build_phase.files.each do |f| 
+			puts f.display_name
+			if f.display_name === "LICENSE"
+				f.remove_from_project
+			end
+		end
+	end
+	
+	def die(msg)
+		print $msg
+		exit 1
+	end
+end
+
+if ARGV.length < 1
+	puts "Usage: <script> project_file"
+	exit 1
+end
+
+
+r = SSPatcher.new
+r.run ARGV[0]
+exit 0
diff --git a/client/scripts/xcode_patcher.rb b/client/scripts/xcode_patcher.rb
index 56277cb3..0a0550ca 100644
--- a/client/scripts/xcode_patcher.rb
+++ b/client/scripts/xcode_patcher.rb
@@ -11,8 +11,9 @@ class XCodeprojPatcher
 
   def run(file, shortVersion, fullVersion, platform, networkExtension, configHash, adjust_sdk_token)
     open_project file
+    setup_project
     open_target_main
-
+    
     die 'IOS requires networkExtension mode' if not networkExtension and platform == 'ios'
 
     group = @project.main_group.new_group('Configuration')
@@ -28,7 +29,7 @@ class XCodeprojPatcher
 
     if networkExtension
       setup_target_extension shortVersion, fullVersion, platform, configHash
-      setup_target_gobridge
+      setup_target_gobridge platform
     else
       setup_target_wireguardgo
       setup_target_wireguardtools
@@ -43,6 +44,12 @@ class XCodeprojPatcher
     @project = Xcodeproj::Project.open(file)
     die 'Failed to open the project file: ' + file if @project.nil?
   end
+  
+  def setup_project
+    @project.build_configurations.each do |config|
+      config.build_settings['SYMROOT'] = 'build'
+    end
+  end
 
   def open_target_main
     @target_main = @project.targets.find { |target| target.to_s == 'AmneziaVPN' }
@@ -50,6 +57,7 @@ class XCodeprojPatcher
 
     die 'Unable to open AmneziaVPN target'
   end
+  
 
   def setup_target_main(shortVersion, fullVersion, platform, networkExtension, configHash, adjust_sdk_token)
     @target_main.build_configurations.each do |config|
@@ -62,7 +70,12 @@ class XCodeprojPatcher
       config.build_settings['FRAMEWORK_SEARCH_PATHS'] ||= [
         "$(inherited)",
         "$(PROJECT_DIR)/3rd",
-        "$(PROJECT_DIR)/3rd/OpenVPNAdapter/build/Debug-iphoneos"
+        "$(PROJECT_DIR)/3rd/OpenVPNAdapter/build/Release-iphoneos",
+        "$(PROJECT_DIR)/3rd/ShadowSocks/build/Release-iphoneos",
+#       "$(PROJECT_DIR)/3rd/PacketProcessor/build/Release-iphoneos",
+        "$(PROJECT_DIR)/3rd/outline-go-tun2socks/build/ios",
+        "${PROJECT_DIR}/3rd/CocoaAsyncSocket/build/Release-iphoneos",
+#       "${PROJECT_DIR}/3rd/CocoaLumberjack/build/Release-iphoneos",
       ]
 
       # Versions and names
@@ -71,6 +84,8 @@ class XCodeprojPatcher
       config.build_settings['PRODUCT_BUNDLE_IDENTIFIER'] = configHash['APP_ID_MACOS'] if platform == 'macos'
       config.build_settings['PRODUCT_BUNDLE_IDENTIFIER'] = configHash['APP_ID_IOS'] if platform == 'ios'
       config.build_settings['PRODUCT_NAME'] = 'AmneziaVPN'
+      config.build_settings['SYMROOT'] = 'build'
+      config.build_settings['ASSETCATALOG_COMPILER_APPICON_NAME'] = 'AppIcon'
 
       # other config
       config.build_settings['INFOPLIST_FILE'] ||= platform + '/app/Info.plist'
@@ -89,6 +104,7 @@ class XCodeprojPatcher
       config.build_settings['ENABLE_BITCODE'] ||= 'NO' if platform == 'ios'
       config.build_settings['SDKROOT'] = 'iphoneos' if platform == 'ios'
       config.build_settings['SWIFT_PRECOMPILE_BRIDGING_HEADER'] = 'NO' if platform == 'ios'
+      config.build_settings['PATH'] = '${PATH}:/usr/local/go/bin:/usr/local/bin:/opt/homebrew/bin'
 
       groupId = "";
       if (platform == 'macos')
@@ -110,13 +126,22 @@ class XCodeprojPatcher
         config.build_settings['SWIFT_OPTIMIZATION_LEVEL'] ||= '-Onone'
       end
     end
+    
+    # add assets to main target
+    assets_group = @project.main_group.new_group('Assets')
+    
+    assets_path = 'ios/Media.xcassets'
+    assets_ref = assets_group.new_reference(assets_path, :group)
+    @target_main.add_resources([assets_ref])
 
     if networkExtension
       # WireGuard group
       group = @project.main_group.new_group('WireGuard')
 
+      version_file_path = platform == 'ios' ? '3rd/wireguard-apple/Sources/WireGuardKitGo/wireguard-go-version.h' : 'macos/gobridge/wireguard-go-version.h'
+
       [
-        'macos/gobridge/wireguard-go-version.h',
+        version_file_path,
         '3rd/wireguard-apple/Sources/Shared/Keychain.swift',
         '3rd/wireguard-apple/Sources/WireGuardKit/IPAddressRange.swift',
         '3rd/wireguard-apple/Sources/WireGuardKit/InterfaceConfiguration.swift',
@@ -246,17 +271,29 @@ class XCodeprojPatcher
     @target_extension.build_configurations.each do |config|
       config.base_configuration_reference = @configFile
 
-      config.build_settings['LD_RUNPATH_SEARCH_PATHS'] ||= '"$(inherited) @executable_path/../Frameworks"'
+      config.build_settings['LD_RUNPATH_SEARCH_PATHS'] ||= [
+        '$(inherited)',
+        '@executable_path/../Frameworks',
+        '@executable_path/../../Frameworks'
+      ]
       config.build_settings['SWIFT_VERSION'] ||= '5.0'
       config.build_settings['CLANG_ENABLE_MODULES'] ||= 'YES'
       config.build_settings['SWIFT_OBJC_BRIDGING_HEADER'] ||= 'macos/networkextension/WireGuardNetworkExtension-Bridging-Header.h'
       config.build_settings['SWIFT_PRECOMPILE_BRIDGING_HEADER'] = 'NO'
       config.build_settings['APPLICATION_EXTENSION_API_ONLY'] = 'YES'
+      config.build_settings['STRIP_BITCODE_FROM_COPIED_FILES'] = 'NO'
       config.build_settings['FRAMEWORK_SEARCH_PATHS'] ||= [
         "$(inherited)",
         "$(PROJECT_DIR)/3rd",
-        "$(PROJECT_DIR)/3rd/OpenVPNAdapter/build/Debug-iphoneos"
+        "$(PROJECT_DIR)/3rd/OpenVPNAdapter/build/Release-iphoneos",
+        "$(PROJECT_DIR)/3rd/libleaf/lib",
+        "$(PROJECT_DIR)/3rd/ShadowSocks/build/Release-iphoneos",
+#       "$(PROJECT_DIR)/3rd/PacketProcessor/build/Release-iphoneos",
+        "$(PROJECT_DIR)/3rd/outline-go-tun2socks/build/ios",
+        "${PROJECT_DIR}/3rd/CocoaAsyncSocket/build/Release-iphoneos",
+#       "${PROJECT_DIR}/3rd/CocoaLumberjack/build/Release-iphoneos",
       ]
+#     config.build_settings['LIBRARY_SEARCH_PATHS'] = [config.build_settings['LIBRARY_SEARCH_PATHS'], "$(PROJECT_DIR)/3rd/libleaf/lib"]
 
       # Versions and names
       config.build_settings['MARKETING_VERSION'] ||= shortVersion
@@ -288,6 +325,7 @@ class XCodeprojPatcher
           "-framework",
           "OpenGLES",
         ]
+        config.build_settings['PATH'] = '${PATH}:/usr/local/go/bin'
       end
 
       groupId = "";
@@ -339,8 +377,19 @@ class XCodeprojPatcher
 
     [
       'platforms/ios/iostunnel.swift',
-      'platforms/ios/iosglue.mm',
       'platforms/ios/ioslogger.swift',
+      'platforms/ios/iosinterface.swift',
+#     'platforms/ios/ssprovider.swift',
+      'platforms/ios/iosglue.mm',
+#     'platforms/ios/ssconnectivity.h',
+#     'platforms/ios/ssconnectivity.m',
+#     'platforms/ios/iosopenvpn2ssadapter.h',
+#     'platforms/ios/iosopenvpn2ssadapter.m',
+#     'platforms/ios/sspacket.h',
+#     'platforms/ios/sspacket.m',
+#     'platforms/ios/ssadapterpacketflow.h',
+#     'platforms/ios/tun2ssprovider.swift',
+#     'platforms/ios/tun2sockswriter.swift',
     ].each { |filename|
       file = group.new_file(filename)
       @target_extension.add_file_references([file])
@@ -353,21 +402,39 @@ class XCodeprojPatcher
 
     framework_ref = frameworks_group.new_file('libwg-go.a')
     frameworks_build_phase.add_file_reference(framework_ref)
+    
+#   framework_ref = frameworks_group.new_file('3rd/libleaf/lib/libleaf.a')
+#   frameworks_build_phase.add_file_reference(framework_ref)
 
     framework_ref = frameworks_group.new_file('NetworkExtension.framework')
     frameworks_build_phase.add_file_reference(framework_ref)
     
-    framework_ref = frameworks_group.new_file('3rd/OpenVPNAdapter/build/Debug-iphoneos/LZ4.framework')
+#   framework_ref = frameworks_group.new_file('3rd/OpenVPNAdapter/build/Release-iphoneos/LZ4.framework')
+#   frameworks_build_phase.add_file_reference(framework_ref)
+#   
+#   framework_ref = frameworks_group.new_file('3rd/OpenVPNAdapter/build/Release-iphoneos/mbedTLS.framework')
+#   frameworks_build_phase.add_file_reference(framework_ref)
+#   
+#   framework_ref = frameworks_group.new_file('3rd/OpenVPNAdapter/build/Release-iphoneos/OpenVPNClient.framework')
+#   frameworks_build_phase.add_file_reference(framework_ref)
+    
+    framework_ref = frameworks_group.new_file('3rd/OpenVPNAdapter/build/Release-iphoneos/OpenVPNAdapter.framework')
     frameworks_build_phase.add_file_reference(framework_ref)
     
-    framework_ref = frameworks_group.new_file('3rd/OpenVPNAdapter/build/Debug-iphoneos/mbedTLS.framework')
-    frameworks_build_phase.add_file_reference(framework_ref)
+#   framework_ref = frameworks_group.new_file('3rd/ShadowSocks/build/Release-iphoneos/ShadowSocks.framework')
+#   frameworks_build_phase.add_file_reference(framework_ref)
+#   
+#   framework_ref = frameworks_group.new_file('3rd/CocoaAsyncSocket/build/Release-iphoneos/CocoaAsyncSocket.framework')
+#   frameworks_build_phase.add_file_reference(framework_ref)
+#
+#   framework_ref = frameworks_group.new_file('3rd/outline-go-tun2socks/build/ios/Tun2socks.xcframework')
+#   frameworks_build_phase.add_file_reference(framework_ref)
+    
+#   framework_ref = frameworks_group.new_file('3rd/CocoaLumberjack/build/Release-iphoneos/CocoaLumberjack.framework')
+#   frameworks_build_phase.add_file_reference(framework_ref)
+    
     
-    framework_ref = frameworks_group.new_file('3rd/OpenVPNAdapter/build/Debug-iphoneos/OpenVPNClient.framework')
-    frameworks_build_phase.add_file_reference(framework_ref)
     
-    framework_ref = frameworks_group.new_file('3rd/OpenVPNAdapter/build/Debug-iphoneos/OpenVPNAdapter.framework')
-    frameworks_build_phase.add_file_reference(framework_ref)
 
     # This fails: @target_main.add_dependency @target_extension
     container_proxy = @project.new(Xcodeproj::Project::PBXContainerItemProxy)
@@ -391,15 +458,17 @@ class XCodeprojPatcher
     appex_file.settings = { "ATTRIBUTES" => ['RemoveHeadersOnCopy'] }
   end
 
-  def setup_target_gobridge
+  def setup_target_gobridge(platform)
     target_gobridge = legacy_target = @project.new(Xcodeproj::Project::PBXLegacyTarget)
 
-    target_gobridge.build_working_directory = 'macos/gobridge'
+    bridge_platofrm = platform == 'ios' ? 'iOS' : 'macOS'
+
+    target_gobridge.build_working_directory = platform == 'ios' ? '3rd/wireguard-apple/Sources/WireGuardKitGo' : 'macos/gobridge'
     target_gobridge.build_tool_path = 'make'
     target_gobridge.pass_build_settings_in_environment = '1'
     target_gobridge.build_arguments_string = '$(ACTION)'
-    target_gobridge.name = 'WireGuardGoBridge'
-    target_gobridge.product_name = 'WireGuardGoBridge'
+    target_gobridge.name = "WireGuardGoBridge<#{bridge_platofrm}>"
+    target_gobridge.product_name = "WireGuardGoBridge<#{bridge_platofrm}>"
 
     @project.targets << target_gobridge
     @target_extension.add_dependency target_gobridge
diff --git a/client/server_scripts/dns/run_container.sh b/client/server_scripts/dns/run_container.sh
index b3be2c22..f8ff0380 100644
--- a/client/server_scripts/dns/run_container.sh
+++ b/client/server_scripts/dns/run_container.sh
@@ -1,2 +1,7 @@
 # Run container
-sudo docker run -d --restart always --network amnezia-dns-net --ip=172.29.172.254 --name $CONTAINER_NAME $CONTAINER_NAME
+sudo docker run -d \
+--log-driver none \
+--restart always \
+--network amnezia-dns-net \
+--ip=172.29.172.254 \
+--name $CONTAINER_NAME $CONTAINER_NAME
diff --git a/client/server_scripts/ipsec/run_container.sh b/client/server_scripts/ipsec/run_container.sh
index adb02353..a2fbbd34 100644
--- a/client/server_scripts/ipsec/run_container.sh
+++ b/client/server_scripts/ipsec/run_container.sh
@@ -1,8 +1,9 @@
-sudo docker run \
-    --restart=always \
-    -p 500:500/udp \
-    -p 4500:4500/udp \
-    -d --privileged \
-    --name $CONTAINER_NAME $CONTAINER_NAME
+sudo docker run -d \
+--privileged \
+--log-driver none \
+--restart=always \
+-p 500:500/udp \
+-p 4500:4500/udp \
+--name $CONTAINER_NAME $CONTAINER_NAME
 
 sudo docker network connect amnezia-dns-net $CONTAINER_NAME
diff --git a/client/server_scripts/openvpn/Dockerfile b/client/server_scripts/openvpn/Dockerfile
index e438e6e5..be9fad70 100644
--- a/client/server_scripts/openvpn/Dockerfile
+++ b/client/server_scripts/openvpn/Dockerfile
@@ -1,4 +1,4 @@
-FROM alpine:latest
+FROM alpine:3.15
 
 LABEL maintainer="AmneziaVPN"
 
diff --git a/client/server_scripts/openvpn/run_container.sh b/client/server_scripts/openvpn/run_container.sh
index 9012a386..5649dd21 100644
--- a/client/server_scripts/openvpn/run_container.sh
+++ b/client/server_scripts/openvpn/run_container.sh
@@ -1,9 +1,10 @@
 # Run container
-sudo docker run \
-   -d --restart always \
-   --cap-add=NET_ADMIN \
-   -p $OPENVPN_PORT:$OPENVPN_PORT/$OPENVPN_TRANSPORT_PROTO \
-   --name $CONTAINER_NAME $CONTAINER_NAME
+sudo docker run -d \
+--log-driver none \
+--restart always \
+--cap-add=NET_ADMIN \
+-p $OPENVPN_PORT:$OPENVPN_PORT/$OPENVPN_TRANSPORT_PROTO \
+--name $CONTAINER_NAME $CONTAINER_NAME
 
 sudo docker network connect amnezia-dns-net $CONTAINER_NAME
 
diff --git a/client/server_scripts/openvpn_cloak/Dockerfile b/client/server_scripts/openvpn_cloak/Dockerfile
index b48c68c6..b3a6810d 100644
--- a/client/server_scripts/openvpn_cloak/Dockerfile
+++ b/client/server_scripts/openvpn_cloak/Dockerfile
@@ -1,4 +1,4 @@
-FROM alpine:latest
+FROM alpine:3.15
 
 LABEL maintainer="AmneziaVPN"
 
diff --git a/client/server_scripts/openvpn_cloak/run_container.sh b/client/server_scripts/openvpn_cloak/run_container.sh
index c3ee3a15..bec8e889 100644
--- a/client/server_scripts/openvpn_cloak/run_container.sh
+++ b/client/server_scripts/openvpn_cloak/run_container.sh
@@ -1,9 +1,10 @@
 # Run container
-sudo docker run \
-   -d --restart always \
-   --cap-add=NET_ADMIN \
-   -p $CLOAK_SERVER_PORT:443/tcp \
-   --name $CONTAINER_NAME $CONTAINER_NAME
+sudo docker run -d \
+--log-driver none \
+--restart always \
+--cap-add=NET_ADMIN \
+-p $CLOAK_SERVER_PORT:443/tcp \
+--name $CONTAINER_NAME $CONTAINER_NAME
 
 sudo docker network connect amnezia-dns-net $CONTAINER_NAME
 
diff --git a/client/server_scripts/openvpn_shadowsocks/Dockerfile b/client/server_scripts/openvpn_shadowsocks/Dockerfile
index bef68665..4b7093e3 100644
--- a/client/server_scripts/openvpn_shadowsocks/Dockerfile
+++ b/client/server_scripts/openvpn_shadowsocks/Dockerfile
@@ -1,4 +1,4 @@
-FROM alpine:latest
+FROM alpine:3.15
 LABEL maintainer="AmneziaVPN"
 
 ARG SS_RELEASE="v1.13.1"
diff --git a/client/server_scripts/openvpn_shadowsocks/run_container.sh b/client/server_scripts/openvpn_shadowsocks/run_container.sh
index 4d529b15..3714aa62 100644
--- a/client/server_scripts/openvpn_shadowsocks/run_container.sh
+++ b/client/server_scripts/openvpn_shadowsocks/run_container.sh
@@ -1,5 +1,6 @@
 # Run container
 sudo docker run \
+--log-driver none \
 -d --restart always \
 --cap-add=NET_ADMIN \
 -p $SHADOWSOCKS_SERVER_PORT:$SHADOWSOCKS_SERVER_PORT/tcp \
diff --git a/client/server_scripts/sftp/run_container.sh b/client/server_scripts/sftp/run_container.sh
index 7184d0be..03944eb8 100644
--- a/client/server_scripts/sftp/run_container.sh
+++ b/client/server_scripts/sftp/run_container.sh
@@ -1 +1,7 @@
-sudo docker run -d  --restart always -p $SFTP_PORT:22/tcp  --name $CONTAINER_NAME $CONTAINER_NAME $SFTP_USER:$SFTP_PASSWORD:::upload
+sudo docker run -d \
+--log-driver none \
+--restart always \
+-p $SFTP_PORT:22/tcp \
+--name $CONTAINER_NAME \
+$CONTAINER_NAME \
+$SFTP_USER:$SFTP_PASSWORD:::upload
diff --git a/client/server_scripts/website_tor/Dockerfile b/client/server_scripts/website_tor/Dockerfile
new file mode 100644
index 00000000..ba408716
--- /dev/null
+++ b/client/server_scripts/website_tor/Dockerfile
@@ -0,0 +1,3 @@
+FROM amneziavpn/torpress:latest
+
+LABEL maintainer="AmneziaVPN"
diff --git a/client/server_scripts/website_tor/configure_container.sh b/client/server_scripts/website_tor/configure_container.sh
index 31c9eb93..70fc8c37 100644
--- a/client/server_scripts/website_tor/configure_container.sh
+++ b/client/server_scripts/website_tor/configure_container.sh
@@ -1,3 +1,3 @@
 sleep 5
 # get onions list
-onions
+cat /var/lib/tor/hidden_service/hostname
diff --git a/client/server_scripts/website_tor/run_container.sh b/client/server_scripts/website_tor/run_container.sh
index e5dfce98..df62f865 100644
--- a/client/server_scripts/website_tor/run_container.sh
+++ b/client/server_scripts/website_tor/run_container.sh
@@ -1,6 +1,5 @@
-# Run container
-sudo docker stop amnezia-tor
-sudo docker rm amnezia-tor
-sudo docker run -d -p 80:80 --restart always --name $CONTAINER_NAME tutum/wordpress
-sudo docker run -d --link $CONTAINER_NAME --name amnezia-tor goldy/tor-hidden-service
-sudo docker exec -i amnezia-tor apk add bash
+sudo docker run -d \
+--log-driver none \
+--restart always \
+--name $CONTAINER_NAME \
+$CONTAINER_NAME
diff --git a/client/server_scripts/wireguard/Dockerfile b/client/server_scripts/wireguard/Dockerfile
index a9d3fae4..9578168b 100644
--- a/client/server_scripts/wireguard/Dockerfile
+++ b/client/server_scripts/wireguard/Dockerfile
@@ -1,4 +1,4 @@
-FROM alpine:latest
+FROM alpine:3.15
 
 LABEL maintainer="AmneziaVPN"
 
diff --git a/client/server_scripts/wireguard/run_container.sh b/client/server_scripts/wireguard/run_container.sh
index 0fdac541..2520525a 100644
--- a/client/server_scripts/wireguard/run_container.sh
+++ b/client/server_scripts/wireguard/run_container.sh
@@ -1,5 +1,6 @@
 # Run container
 sudo docker run -d \
+--log-driver none \
 --restart always \
 --privileged \
 --cap-add=NET_ADMIN \
diff --git a/client/ui/notificationhandler.cpp b/client/ui/notificationhandler.cpp
index 81f6430a..b70856ab 100644
--- a/client/ui/notificationhandler.cpp
+++ b/client/ui/notificationhandler.cpp
@@ -11,10 +11,6 @@
 #  include "platforms/android/android_notificationhandler.h"
 #else
 
-#  if defined(Q_OS_LINUX)
-#    include "platforms/linux/linuxsystemtraynotificationhandler.h"
-#  endif
-
 #  include "systemtray_notificationhandler.h"
 #endif
 
@@ -27,9 +23,9 @@ NotificationHandler* NotificationHandler::create(QObject* parent) {
 #else
 
 #  if defined(Q_OS_LINUX)
-    if (LinuxSystemTrayNotificationHandler::requiredCustomImpl()) {
-        return new LinuxSystemTrayNotificationHandler(parent);
-    }
+    //if (LinuxSystemTrayNotificationHandler::requiredCustomImpl()) {
+    //    return new LinuxSystemTrayNotificationHandler(parent);
+    //}
 #  endif
 
     return new SystemTrayNotificationHandler(parent);
diff --git a/client/ui/pages.h b/client/ui/pages.h
index b111679a..d74c64a6 100644
--- a/client/ui/pages.h
+++ b/client/ui/pages.h
@@ -24,7 +24,7 @@ enum class Page {Start = 0, NewServer, NewServerProtocols, Vpn,
            Wizard, WizardLow, WizardMedium, WizardHigh, WizardVpnMode, ServerConfiguringProgress,
            GeneralSettings, AppSettings, NetworkSettings, ServerSettings,
            ServerContainers, ServersList, ShareConnection,  Sites,
-           ProtocolSettings, ProtocolShare, QrDecoder, About};
+           ProtocolSettings, ProtocolShare, QrDecoder, QrDecoderIos, About};
 Q_ENUM_NS(Page)
 
 static void declareQmlPageEnum() {
diff --git a/client/ui/pages_logic/ShareConnectionLogic.cpp b/client/ui/pages_logic/ShareConnectionLogic.cpp
index a5a1610e..038b3891 100644
--- a/client/ui/pages_logic/ShareConnectionLogic.cpp
+++ b/client/ui/pages_logic/ShareConnectionLogic.cpp
@@ -25,6 +25,10 @@
 
 #include "../uilogic.h"
 
+#ifdef __linux__
+    #include <math.h>
+#endif
+
 ShareConnectionLogic::ShareConnectionLogic(UiLogic *logic, QObject *parent):
     PageLogicBase(logic, parent),
     m_textEditShareOpenVpnCodeText{},
diff --git a/client/ui/pages_logic/VpnLogic.cpp b/client/ui/pages_logic/VpnLogic.cpp
index ae39f905..5812441e 100644
--- a/client/ui/pages_logic/VpnLogic.cpp
+++ b/client/ui/pages_logic/VpnLogic.cpp
@@ -118,7 +118,10 @@ void VpnLogic::onBytesChanged(quint64 receivedData, quint64 sentData)
 void VpnLogic::onConnectionStateChanged(VpnProtocol::VpnConnectionState state)
 {
     qDebug() << "VpnLogic::onConnectionStateChanged" << VpnProtocol::textConnectionState(state);
-
+    if (uiLogic()->m_vpnConnection == NULL) {
+        qDebug() << "VpnLogic::onConnectionStateChanged" << VpnProtocol::textConnectionState(state) << "невозможно, соединение отсутствует (уничтожено ранее)";
+        return;
+    }
     bool pbConnectEnabled = false;
     bool pbConnectChecked = false;
 
diff --git a/client/ui/qml/Pages/PageQrDecoder.qml b/client/ui/qml/Pages/PageQrDecoder.qml
index 6506b7fa..f432b742 100644
--- a/client/ui/qml/Pages/PageQrDecoder.qml
+++ b/client/ui/qml/Pages/PageQrDecoder.qml
@@ -26,7 +26,7 @@ PageBase {
     }
 
     Connections {
-        target: QrDecoderLogic
+        target: Qt.platform.os != "ios" ? QrDecoderLogic : nil
         function onStartDecode() {
             console.debug("Starting QR decoder")
             loader.sourceComponent = component
@@ -51,6 +51,7 @@ PageBase {
 
         Item {
             anchors.fill: parent
+
             Camera
             {
                 id:camera
@@ -76,7 +77,7 @@ PageBase {
                 Rectangle {
                     color: "black"
                     opacity: 0.5
-                    width: videoOutput.contentRect.width *0.15
+                    width: videoOutput.contentRect.width * 0.15
                     height: videoOutput.contentRect.height
                     x: (videoOutput.width - videoOutput.contentRect.width)/2
                     anchors.verticalCenter: videoOutput.verticalCenter
@@ -85,28 +86,28 @@ PageBase {
                 Rectangle {
                     color: "black"
                     opacity: 0.5
-                    width: videoOutput.contentRect.width *0.15
+                    width: videoOutput.contentRect.width * 0.15
                     height: videoOutput.contentRect.height
-                    x: videoOutput.width/2 + videoOutput.contentRect.width/2 - videoOutput.contentRect.width *0.15
+                    x: videoOutput.width/2 + videoOutput.contentRect.width/2 - videoOutput.contentRect.width * 0.15
                     anchors.verticalCenter: videoOutput.verticalCenter
                 }
 
                 Rectangle {
                     color: "black"
                     opacity: 0.5
-                    width: videoOutput.contentRect.width *0.7
-                    height: videoOutput.contentRect.height *0.15
-                    x: (videoOutput.width - videoOutput.contentRect.width)/2 + videoOutput.contentRect.width *0.15
+                    width: videoOutput.contentRect.width * 0.7
+                    height: videoOutput.contentRect.height * 0.15
+                    x: (videoOutput.width - videoOutput.contentRect.width)/2 + videoOutput.contentRect.width * 0.15
                     y: (videoOutput.height - videoOutput.contentRect.height)/2
                 }
 
                 Rectangle {
                     color: "black"
                     opacity: 0.5
-                    width: videoOutput.contentRect.width *0.7
-                    height: videoOutput.contentRect.height *0.15
-                    x: (videoOutput.width - videoOutput.contentRect.width)/2 + videoOutput.contentRect.width *0.15
-                    y: videoOutput.height/2 + videoOutput.contentRect.height/2 - videoOutput.contentRect.height *0.15
+                    width: videoOutput.contentRect.width * 0.7
+                    height: videoOutput.contentRect.height * 0.15
+                    x: (videoOutput.width - videoOutput.contentRect.width)/2 + videoOutput.contentRect.width * 0.15
+                    y: videoOutput.height/2 + videoOutput.contentRect.height/2 - videoOutput.contentRect.height * 0.15
                 }
 
                 LabelType {
diff --git a/client/ui/qml/Pages/PageQrDecoderIos.qml b/client/ui/qml/Pages/PageQrDecoderIos.qml
new file mode 100644
index 00000000..7dd077dd
--- /dev/null
+++ b/client/ui/qml/Pages/PageQrDecoderIos.qml
@@ -0,0 +1,76 @@
+import QtQuick 2.12
+import QtQuick.Controls 2.12
+import PageEnum 1.0
+import QRCodeReader 1.0
+
+import "./"
+import "../Controls"
+import "../Config"
+
+PageBase {
+    id: root
+    page: PageEnum.QrDecoderIos
+    logic: QrDecoderLogic
+
+    onDeactivated: {
+        console.debug("Stopping QR decoder")
+        loader.sourceComponent = undefined
+    }
+
+    BackButton {
+    }
+    Caption {
+        id: caption
+        text: qsTr("Import configuration")
+    }
+
+    Connections {
+        target: Qt.platform.os == "ios" ? QrDecoderLogic : nil
+        function onStartDecode() {
+            console.debug("Starting QR decoder")
+            loader.sourceComponent = component
+        }
+        function onStopDecode() {
+            console.debug("Stopping QR decoder")
+            loader.sourceComponent = undefined
+        }
+    }
+
+    Loader {
+        id: loader
+
+        anchors.top: caption.bottom
+        anchors.bottom: parent.bottom
+        anchors.left: parent.left
+        anchors.right: parent.right
+    }
+
+    Component {
+        id: component
+
+        Item {
+            anchors.fill: parent
+
+            QRCodeReader {
+                id: qrCodeReader
+
+                onCodeReaded: {
+                    QrDecoderLogic.onDetectedQrCode(code)
+                }
+
+                Component.onCompleted: {
+                    qrCodeReader.setCameraSize(Qt.rect(loader.x,
+                                                       loader.y,
+                                                       loader.width,
+                                                       loader.height))
+                    qrCodeReader.startReading()
+                }
+                Component.onDestruction: qrCodeReader.stopReading()
+            }
+
+        }
+
+    }
+
+
+}
diff --git a/client/ui/qml/Pages/PageStart.qml b/client/ui/qml/Pages/PageStart.qml
index 26fc5e5f..3ff11a86 100644
--- a/client/ui/qml/Pages/PageStart.qml
+++ b/client/ui/qml/Pages/PageStart.qml
@@ -135,7 +135,11 @@ PageBase {
             text: qsTr("Scan QR code")
             visible: StartPageLogic.pushButtonConnectVisible
             onClicked: {
-                UiLogic.goToPage(PageEnum.QrDecoder)
+                if (Qt.platform.os == "ios") {
+                    UiLogic.goToPage(PageEnum.QrDecoderIos)
+                } else {
+                    UiLogic.goToPage(PageEnum.QrDecoder)
+                }
             }
             enabled: StartPageLogic.pushButtonConnectEnabled
         }
diff --git a/client/ui/qml/Pages/Protocols/PageProtoTorWebSite.qml b/client/ui/qml/Pages/Protocols/PageProtoTorWebSite.qml
index 9959e5fa..1285e8bb 100644
--- a/client/ui/qml/Pages/Protocols/PageProtoTorWebSite.qml
+++ b/client/ui/qml/Pages/Protocols/PageProtoTorWebSite.qml
@@ -1,5 +1,6 @@
 import QtQuick 2.12
 import QtQuick.Controls 2.12
+import QtQuick.Layouts 1.15
 import ProtocolEnum 1.0
 import "../"
 import "../../Controls"
@@ -16,43 +17,54 @@ PageProtocolBase {
 
     Caption {
         id: caption
-        text: qsTr("TOR Web site settings")
+        text: qsTr("Tor Web Site settings")
     }
 
-    Rectangle {
-        id: frame_settings
-        width: parent.width
+
+    ColumnLayout {
+        id: content
+        enabled: logic.pageEnabled
         anchors.top: caption.bottom
+        anchors.left: root.left
+        anchors.right: root.right
+        anchors.bottom: pb_save.top
+        anchors.margins: 20
         anchors.topMargin: 10
 
-        border.width: 1
-        border.color: "lightgray"
-        anchors.bottomMargin: 5
-        anchors.horizontalCenter: parent.horizontalCenter
-        radius: 2
-        Grid {
-            id: grid
-            anchors.fill: parent
-            columns: 2
-            horizontalItemAlignment: Grid.AlignHCenter
-            verticalItemAlignment: Grid.AlignVCenter
-            topPadding: 5
-            leftPadding: 30
-            rightPadding: 30
-            spacing: 5
 
 
+        RowLayout {
+            Layout.fillWidth: true
+
             LabelType {
-                width: 130
+                id: lbl_onion
+                Layout.preferredWidth: 0.3 * root.width - 10
                 text: qsTr("Web site onion address")
             }
             TextFieldType {
                 id: tf_site_address
-                width: parent.width - 130 - parent.spacing - parent.leftPadding * 2
+                Layout.fillWidth: true
                 text: logic.labelTorWebSiteAddressText
                 readOnly: true
             }
+        }
 
+        ShareConnectionButtonCopyType {
+            Layout.fillWidth: true
+            Layout.topMargin: 5
+            copyText: tf_site_address.text
+        }
+
+        RichLabelType {
+            Layout.fillWidth: true
+            Layout.topMargin: 15
+            text: qsTr("Notes:<ul>
+<li>Use <a href=\"https://www.torproject.org/download/\">Tor Browser</a> to open this url.</li>
+<li>After installation it takes several minutes while your onion site will become available in the Tor Network.</li>
+<li>When configuring WordPress set the domain as this onion address.</li>
+</ul>
+")
         }
     }
+
 }
diff --git a/client/ui/qml/Pages/Share/PageShareProtoTorWebSite.qml b/client/ui/qml/Pages/Share/PageShareProtoTorWebSite.qml
index 59a96345..35caf05b 100644
--- a/client/ui/qml/Pages/Share/PageShareProtoTorWebSite.qml
+++ b/client/ui/qml/Pages/Share/PageShareProtoTorWebSite.qml
@@ -15,6 +15,6 @@ PageShareProtocolBase {
 
     Caption {
         id: caption
-        text: qsTr("Share TOR Web site")
+        text: qsTr("Share Tor Web site")
     }
 }
diff --git a/client/ui/systemtray_notificationhandler.cpp b/client/ui/systemtray_notificationhandler.cpp
index 9b10f0de..21e24ac1 100644
--- a/client/ui/systemtray_notificationhandler.cpp
+++ b/client/ui/systemtray_notificationhandler.cpp
@@ -46,29 +46,6 @@ SystemTrayNotificationHandler::SystemTrayNotificationHandler(QObject* parent) :
 
     m_systemTrayIcon.setContextMenu(&m_menu);
     setTrayState(VpnProtocol::Disconnected);
-
-
-//  m_preferencesAction = m_menu.addAction("", vpn, &MozillaVPN::requestSettings);
-
-//  m_menu.addSeparator();
-
-//  m_quitAction = m_menu.addAction("", vpn->controller(), &Controller::quit);
-//  m_systemTrayIcon.setContextMenu(&m_menu);
-
-//  updateIcon(vpn->statusIcon()->iconString());
-
-//  connect(QmlEngineHolder::instance()->window(), &QWindow::visibleChanged, this,
-//          &SystemTrayNotificationHandler::updateContextMenu);
-
-//  connect(&m_systemTrayIcon, &QSystemTrayIcon::activated, this,
-//          &SystemTrayNotificationHandler::maybeActivated);
-
-//  connect(&m_systemTrayIcon, &QSystemTrayIcon::messageClicked, this,
-//          &SystemTrayNotificationHandler::messageClickHandle);
-
-//  retranslate();
-
-//  m_systemTrayIcon.show();
 }
 
 SystemTrayNotificationHandler::~SystemTrayNotificationHandler() {
diff --git a/client/ui/uilogic.cpp b/client/ui/uilogic.cpp
index 878facb7..fe2d541d 100644
--- a/client/ui/uilogic.cpp
+++ b/client/ui/uilogic.cpp
@@ -48,6 +48,8 @@
 #include "platforms/android/android_controller.h"
 #endif
 
+#include "platforms/ios/MobileUtils.h"
+
 #include "pages_logic/AppSettingsLogic.h"
 #include "pages_logic/GeneralSettingsLogic.h"
 #include "pages_logic/NetworkSettingsLogic.h"
@@ -612,21 +614,10 @@ PageEnumNS::Page UiLogic::currentPage()
 
 void UiLogic::saveTextFile(const QString& desc, const QString& suggestedName, QString ext, const QString& data)
 {
-//    ext.replace("*", "");
-//    QString fileName = QFileDialog::getSaveFileName(nullptr, desc,
-//        QStandardPaths::writableLocation(QStandardPaths::DocumentsLocation), "*" + ext);
-
-//    if (fileName.isEmpty()) return;
-//    if (!fileName.endsWith(ext)) fileName.append(ext);
-
-//    QFile save(fileName);
-//    save.open(QIODevice::WriteOnly);
-//    save.write(data.toUtf8());
-//    save.close();
-
-//    QFileInfo fi(fileName);
-//    QDesktopServices::openUrl(fi.absoluteDir().absolutePath());
-
+#ifdef Q_OS_IOS
+    shareTempFile(suggestedName, ext, data);
+    return;
+#endif
 
     ext.replace("*", "");
     QString docDir = QStandardPaths::writableLocation(QStandardPaths::DocumentsLocation);
@@ -681,3 +672,23 @@ void UiLogic::copyToClipboard(const QString &text)
 {
     qApp->clipboard()->setText(text);
 }
+
+void UiLogic::shareTempFile(const QString &suggestedName, QString ext, const QString& data) {
+    ext.replace("*", "");
+    QString fileName = QDir::tempPath() + "/" + suggestedName;
+
+    if (fileName.isEmpty()) return;
+    if (!fileName.endsWith(ext)) fileName.append(ext);
+
+    QFile::remove(fileName);
+    qDebug() << "UiLogic::shareTempFile" << fileName;
+
+    QFile save(fileName);
+    save.open(QIODevice::WriteOnly);
+    save.write(data.toUtf8());
+    save.close();
+
+    QStringList filesToSend;
+    filesToSend.append(fileName);
+    MobileUtils::shareText(filesToSend);
+}
diff --git a/client/ui/uilogic.h b/client/ui/uilogic.h
index ff7d7406..4e818bcc 100644
--- a/client/ui/uilogic.h
+++ b/client/ui/uilogic.h
@@ -104,6 +104,8 @@ public:
     Q_INVOKABLE void saveBinaryFile(const QString& desc, QString ext, const QString& data);
     Q_INVOKABLE void copyToClipboard(const QString& text);
 
+    void shareTempFile(const QString &suggestedName, QString ext, const QString& data);
+
     QString getDialogConnectErrorText() const;
     void setDialogConnectErrorText(const QString &dialogConnectErrorText);
 
diff --git a/client/version.pri b/client/version.pri
index 4611134d..8e60845c 100644
--- a/client/version.pri
+++ b/client/version.pri
@@ -1,5 +1,6 @@
 # This Source Code Form is subject to the terms of the Mozilla Public
 # License, v. 2.0. If a copy of the MPL was not distributed with this
 # file, You can obtain one at http://mozilla.org/MPL/2.0/.
+# current version 2.0.10
 
-!defined(VERSION, var):VERSION = 1
+!defined(VERSION, var):VERSION = 2.0.10
diff --git a/client/versionfull.pri b/client/versionfull.pri
new file mode 100644
index 00000000..5fc93c79
--- /dev/null
+++ b/client/versionfull.pri
@@ -0,0 +1,2 @@
+# current build 1
+!defined(BUILDVERSION, var):BUILDVERSION = 2
\ No newline at end of file
diff --git a/client/vpnconnection.cpp b/client/vpnconnection.cpp
index 8434da0e..d2461b07 100644
--- a/client/vpnconnection.cpp
+++ b/client/vpnconnection.cpp
@@ -37,8 +37,10 @@ VpnConnection::VpnConnection(QObject* parent) : QObject(parent),
 
 VpnConnection::~VpnConnection()
 {
-    m_vpnProtocol->deleteLater();
-    m_vpnProtocol.clear();
+    if (m_vpnProtocol != nullptr) {
+        m_vpnProtocol->deleteLater();
+        m_vpnProtocol.clear();
+    }
 }
 
 void VpnConnection::onBytesChanged(quint64 receivedBytes, quint64 sentBytes)
diff --git a/client/xcode.xconfig b/client/xcode.xconfig
index b93841e8..62778188 100644
--- a/client/xcode.xconfig
+++ b/client/xcode.xconfig
@@ -1,5 +1,5 @@
-DEVELOPMENT_TEAM = 7VAGZXD78P
+DEVELOPMENT_TEAM = X7UJ388FXK
 
-GROUP_ID_IOS = group.ru.kotit.AmneziaVPN.udev
-APP_ID_IOS = ru.kotit.AmneziaVPN
-NETEXT_ID_IOS = ru.kotit.AmneziaVPN.network-extension
+GROUP_ID_IOS = group.org.amnezia.AmneziaVPN
+APP_ID_IOS = org.amnezia.AmneziaVPN
+NETEXT_ID_IOS = org.amnezia.AmneziaVPN.network-extension
diff --git a/deploy/PrivacyTechWindowsCert.pfx b/deploy/PrivacyTechWindowsCert.pfx
index 0eb043c4..42c49a33 100644
Binary files a/deploy/PrivacyTechWindowsCert.pfx and b/deploy/PrivacyTechWindowsCert.pfx differ
diff --git a/deploy/data/linux/AmneziaVPN_build.desktop b/deploy/data/linux/AmneziaVPN_build.desktop
new file mode 100755
index 00000000..65b43491
--- /dev/null
+++ b/deploy/data/linux/AmneziaVPN_build.desktop
@@ -0,0 +1,8 @@
+#!/usr/bin/env xdg-open
+[Desktop Entry]
+Type=Application
+Name=AmneziaVPN client
+Comment=AmneziaVPN client
+Exec=AmneziaVPN
+Icon=AmneziaVPN_Logo.png
+Categories=VPN
diff --git a/deploy/data/linux/client/AmneziaVPN.desktop b/deploy/data/linux/client/AmneziaVPN.desktop
old mode 100644
new mode 100755
index a032dbce..65b43491
--- a/deploy/data/linux/client/AmneziaVPN.desktop
+++ b/deploy/data/linux/client/AmneziaVPN.desktop
@@ -3,6 +3,6 @@
 Type=Application
 Name=AmneziaVPN client
 Comment=AmneziaVPN client
-Exec=bash -c 'export LD_LIBRARY_PATH=/opt/AmneziaVPN/client/lib/ ; AmneziaVPN'
+Exec=AmneziaVPN
 Icon=AmneziaVPN_Logo.png
 Categories=VPN
diff --git a/deploy/data/linux/client/AmneziaVPN.sh b/deploy/data/linux/client/AmneziaVPN.sh
new file mode 100755
index 00000000..79f8a34b
--- /dev/null
+++ b/deploy/data/linux/client/AmneziaVPN.sh
@@ -0,0 +1,37 @@
+#!/bin/sh
+
+# This is default bat run script of The CQtDeployer project.
+# This file contains key word that will replaced after deploy project.
+#
+# ####################################################################
+#
+# All variables has the CQT_ prefix
+# BIN_PATH - are releative path to executable files of a deployed distribution.
+# LIB_PATH - are releative path to libraryes of a deployed distribution.
+# QML_PATH - are releative path to qml libraryes of a deployed distribution.
+# PLUGIN_PATH - are releative path to qt plugins of a deployed distribution.
+# BIN_PATH - are releative path to targets of a deployed distribution.
+
+# SYSTEM_LIB_PATH - are releative path to system libraryes of a deployed distribution.
+# BASE_NAME - are base name of the executable that will be launched after run this script.
+# CUSTOM_SCRIPT_BLOCK - This is code from the customScript option
+# RUN_COMMAND - This is command for run application. Requred BASE_DIR variable.
+#
+# ####################################################################
+
+BASE_DIR=$(dirname "$(readlink -f "$0")")
+export PATH="$BASE_DIR"/bin/:$PATH
+export LD_LIBRARY_PATH="$BASE_DIR"/lib/:"$BASE_DIR":$LD_LIBRARY_PATH
+export QML_IMPORT_PATH="$BASE_DIR"/qml/:$QML_IMPORT_PATH
+export QML2_IMPORT_PATH="$BASE_DIR"/qml/:$QML2_IMPORT_PATH
+export QT_PLUGIN_PATH="$BASE_DIR"/plugins/:$QT_PLUGIN_PATH
+export QTWEBENGINEPROCESS_PATH="$BASE_DIR"/bin//QtWebEngineProcess
+export QTDIR="$BASE_DIR"
+export CQT_PKG_ROOT="$BASE_DIR"
+export CQT_RUN_FILE="$BASE_DIR/AmneziaVPN.sh"
+
+export QT_QPA_PLATFORM_PLUGIN_PATH="$BASE_DIR"/plugins//platforms:$QT_QPA_PLATFORM_PLUGIN_PATH
+
+
+
+"$BASE_DIR/bin/AmneziaVPN" "$@" 
diff --git a/deploy/data/linux/client/bin/openssl-easyrsa.cnf b/deploy/data/linux/client/bin/openssl-easyrsa.cnf
new file mode 100755
index 00000000..5c4fc79e
--- /dev/null
+++ b/deploy/data/linux/client/bin/openssl-easyrsa.cnf
@@ -0,0 +1,138 @@
+# For use with Easy-RSA 3.0+ and OpenSSL or LibreSSL
+
+####################################################################
+[ ca ]
+default_ca	= CA_default		# The default ca section
+
+####################################################################
+[ CA_default ]
+
+dir		= $ENV::EASYRSA_PKI	# Where everything is kept
+certs		= $dir			# Where the issued certs are kept
+crl_dir		= $dir			# Where the issued crl are kept
+database	= $dir/index.txt	# database index file.
+new_certs_dir	= $dir/certs_by_serial	# default place for new certs.
+
+certificate	= $dir/ca.crt	 	# The CA certificate
+serial		= $dir/serial 		# The current serial number
+crl		= $dir/crl.pem 		# The current CRL
+private_key	= $dir/private/ca.key	# The private key
+RANDFILE	= $dir/.rand		# private random number file
+
+x509_extensions	= basic_exts		# The extensions to add to the cert
+
+# This allows a V2 CRL. Ancient browsers don't like it, but anything Easy-RSA
+# is designed for will. In return, we get the Issuer attached to CRLs.
+crl_extensions	= crl_ext
+
+default_days	= $ENV::EASYRSA_CERT_EXPIRE	# how long to certify for
+default_crl_days= $ENV::EASYRSA_CRL_DAYS	# how long before next CRL
+default_md	= $ENV::EASYRSA_DIGEST		# use public key default MD
+preserve	= no			# keep passed DN ordering
+
+# This allows to renew certificates which have not been revoked
+unique_subject	= no
+
+# A few different ways of specifying how similar the request should look
+# For type CA, the listed attributes must be the same, and the optional
+# and supplied fields are just that :-)
+policy		= policy_anything
+
+# For the 'anything' policy, which defines allowed DN fields
+[ policy_anything ]
+countryName		= optional
+stateOrProvinceName	= optional
+localityName		= optional
+organizationName	= optional
+organizationalUnitName	= optional
+commonName		= supplied
+name			= optional
+emailAddress		= optional
+
+####################################################################
+# Easy-RSA request handling
+# We key off $DN_MODE to determine how to format the DN
+[ req ]
+default_bits		= $ENV::EASYRSA_KEY_SIZE
+default_keyfile 	= privkey.pem
+default_md		= $ENV::EASYRSA_DIGEST
+distinguished_name	= $ENV::EASYRSA_DN
+x509_extensions		= easyrsa_ca	# The extensions to add to the self signed cert
+
+# A placeholder to handle the $EXTRA_EXTS feature:
+#%EXTRA_EXTS%	# Do NOT remove or change this line as $EXTRA_EXTS support requires it
+
+####################################################################
+# Easy-RSA DN (Subject) handling
+
+# Easy-RSA DN for cn_only support:
+[ cn_only ]
+commonName		= Common Name (eg: your user, host, or server name)
+commonName_max		= 64
+commonName_default	= $ENV::EASYRSA_REQ_CN
+
+# Easy-RSA DN for org support:
+[ org ]
+countryName			= Country Name (2 letter code)
+countryName_default		= $ENV::EASYRSA_REQ_COUNTRY
+countryName_min			= 2
+countryName_max			= 2
+
+stateOrProvinceName		= State or Province Name (full name)
+stateOrProvinceName_default	= $ENV::EASYRSA_REQ_PROVINCE
+
+localityName			= Locality Name (eg, city)
+localityName_default		= $ENV::EASYRSA_REQ_CITY
+
+0.organizationName		= Organization Name (eg, company)
+0.organizationName_default	= $ENV::EASYRSA_REQ_ORG
+
+organizationalUnitName		= Organizational Unit Name (eg, section)
+organizationalUnitName_default	= $ENV::EASYRSA_REQ_OU
+
+commonName			= Common Name (eg: your user, host, or server name)
+commonName_max			= 64
+commonName_default		= $ENV::EASYRSA_REQ_CN
+
+emailAddress			= Email Address
+emailAddress_default		= $ENV::EASYRSA_REQ_EMAIL
+emailAddress_max		= 64
+
+####################################################################
+# Easy-RSA cert extension handling
+
+# This section is effectively unused as the main script sets extensions
+# dynamically. This core section is left to support the odd usecase where
+# a user calls openssl directly.
+[ basic_exts ]
+basicConstraints	= CA:FALSE
+subjectKeyIdentifier	= hash
+authorityKeyIdentifier	= keyid,issuer:always
+
+# The Easy-RSA CA extensions
+[ easyrsa_ca ]
+
+# PKIX recommendations:
+
+subjectKeyIdentifier=hash
+authorityKeyIdentifier=keyid:always,issuer:always
+
+# This could be marked critical, but it's nice to support reading by any
+# broken clients who attempt to do so.
+basicConstraints = CA:true
+
+# Limit key usage to CA tasks. If you really want to use the generated pair as
+# a self-signed cert, comment this out.
+keyUsage = cRLSign, keyCertSign
+
+# nsCertType omitted by default. Let's try to let the deprecated stuff die.
+# nsCertType = sslCA
+
+# CRL extensions.
+[ crl_ext ]
+
+# Only issuerAltName and authorityKeyIdentifier make any sense in a CRL.
+
+# issuerAltName=issuer:copy
+authorityKeyIdentifier=keyid:always,issuer:always
+
diff --git a/deploy/data/linux/client/bin/qt.conf b/deploy/data/linux/client/bin/qt.conf
old mode 100644
new mode 100755
index b149771e..7fc8a3c5
--- a/deploy/data/linux/client/bin/qt.conf
+++ b/deploy/data/linux/client/bin/qt.conf
@@ -1,7 +1,7 @@
-# Generated by linuxdeployqt
-# https://github.com/probonopd/linuxdeployqt/
 [Paths]
-Prefix = ../
-Plugins = plugins
-Imports = qml
-Qml2Imports = qml
+Prefix= ./../
+Libraries= ./lib/
+Plugins= ./plugins/
+Imports= ./qml/
+Translations= ./translations/
+Qml2Imports= ./qml/
diff --git a/deploy/data/linux/client/bin/update-resolv-conf.sh b/deploy/data/linux/client/bin/update-resolv-conf.sh
old mode 100644
new mode 100755
diff --git a/deploy/data/linux/client/share/applications/AmneziaVPN_build.desktop b/deploy/data/linux/client/share/applications/AmneziaVPN_build.desktop
old mode 100644
new mode 100755
diff --git a/deploy/data/linux/client/share/icons/AmneziaVPN_Logo.png b/deploy/data/linux/client/share/icons/AmneziaVPN_Logo.png
old mode 100644
new mode 100755
diff --git a/deploy/data/linux/client/translations/qtbase_ar.qm b/deploy/data/linux/client/translations/qtbase_ar.qm
new file mode 100755
index 00000000..32861b81
Binary files /dev/null and b/deploy/data/linux/client/translations/qtbase_ar.qm differ
diff --git a/deploy/data/linux/client/translations/qtbase_bg.qm b/deploy/data/linux/client/translations/qtbase_bg.qm
new file mode 100755
index 00000000..faeb1676
Binary files /dev/null and b/deploy/data/linux/client/translations/qtbase_bg.qm differ
diff --git a/deploy/data/linux/client/translations/qtbase_ca.qm b/deploy/data/linux/client/translations/qtbase_ca.qm
new file mode 100755
index 00000000..20b751d4
Binary files /dev/null and b/deploy/data/linux/client/translations/qtbase_ca.qm differ
diff --git a/deploy/data/linux/client/translations/qtbase_cs.qm b/deploy/data/linux/client/translations/qtbase_cs.qm
new file mode 100755
index 00000000..459ef266
Binary files /dev/null and b/deploy/data/linux/client/translations/qtbase_cs.qm differ
diff --git a/deploy/data/linux/client/translations/qtbase_da.qm b/deploy/data/linux/client/translations/qtbase_da.qm
new file mode 100755
index 00000000..4ede24b4
Binary files /dev/null and b/deploy/data/linux/client/translations/qtbase_da.qm differ
diff --git a/deploy/data/linux/client/translations/qtbase_de.qm b/deploy/data/linux/client/translations/qtbase_de.qm
new file mode 100755
index 00000000..4a4c988e
Binary files /dev/null and b/deploy/data/linux/client/translations/qtbase_de.qm differ
diff --git a/deploy/data/linux/client/translations/qtbase_en.qm b/deploy/data/linux/client/translations/qtbase_en.qm
new file mode 100755
index 00000000..be651eed
--- /dev/null
+++ b/deploy/data/linux/client/translations/qtbase_en.qm
@@ -0,0 +1 @@
+<�d��!�`���
\ No newline at end of file
diff --git a/deploy/data/linux/client/translations/qtbase_es.qm b/deploy/data/linux/client/translations/qtbase_es.qm
new file mode 100755
index 00000000..1a131578
Binary files /dev/null and b/deploy/data/linux/client/translations/qtbase_es.qm differ
diff --git a/deploy/data/linux/client/translations/qtbase_fi.qm b/deploy/data/linux/client/translations/qtbase_fi.qm
new file mode 100755
index 00000000..934aecdd
Binary files /dev/null and b/deploy/data/linux/client/translations/qtbase_fi.qm differ
diff --git a/deploy/data/linux/client/translations/qtbase_fr.qm b/deploy/data/linux/client/translations/qtbase_fr.qm
new file mode 100755
index 00000000..009fb5a4
Binary files /dev/null and b/deploy/data/linux/client/translations/qtbase_fr.qm differ
diff --git a/deploy/data/linux/client/translations/qtbase_gd.qm b/deploy/data/linux/client/translations/qtbase_gd.qm
new file mode 100755
index 00000000..3fe3841c
Binary files /dev/null and b/deploy/data/linux/client/translations/qtbase_gd.qm differ
diff --git a/deploy/data/linux/client/translations/qtbase_he.qm b/deploy/data/linux/client/translations/qtbase_he.qm
new file mode 100755
index 00000000..95ed0c70
Binary files /dev/null and b/deploy/data/linux/client/translations/qtbase_he.qm differ
diff --git a/deploy/data/linux/client/translations/qtbase_hu.qm b/deploy/data/linux/client/translations/qtbase_hu.qm
new file mode 100755
index 00000000..e4920a63
Binary files /dev/null and b/deploy/data/linux/client/translations/qtbase_hu.qm differ
diff --git a/deploy/data/linux/client/translations/qtbase_it.qm b/deploy/data/linux/client/translations/qtbase_it.qm
new file mode 100755
index 00000000..a0205781
Binary files /dev/null and b/deploy/data/linux/client/translations/qtbase_it.qm differ
diff --git a/deploy/data/linux/client/translations/qtbase_ja.qm b/deploy/data/linux/client/translations/qtbase_ja.qm
new file mode 100755
index 00000000..9cf6069e
Binary files /dev/null and b/deploy/data/linux/client/translations/qtbase_ja.qm differ
diff --git a/deploy/data/linux/client/translations/qtbase_ko.qm b/deploy/data/linux/client/translations/qtbase_ko.qm
new file mode 100755
index 00000000..20e4661c
Binary files /dev/null and b/deploy/data/linux/client/translations/qtbase_ko.qm differ
diff --git a/deploy/data/linux/client/translations/qtbase_lv.qm b/deploy/data/linux/client/translations/qtbase_lv.qm
new file mode 100755
index 00000000..f88a761f
Binary files /dev/null and b/deploy/data/linux/client/translations/qtbase_lv.qm differ
diff --git a/deploy/data/linux/client/translations/qtbase_pl.qm b/deploy/data/linux/client/translations/qtbase_pl.qm
new file mode 100755
index 00000000..28d4d8fe
Binary files /dev/null and b/deploy/data/linux/client/translations/qtbase_pl.qm differ
diff --git a/deploy/data/linux/client/translations/qtbase_ru.qm b/deploy/data/linux/client/translations/qtbase_ru.qm
new file mode 100755
index 00000000..c1a22864
Binary files /dev/null and b/deploy/data/linux/client/translations/qtbase_ru.qm differ
diff --git a/deploy/data/linux/client/translations/qtbase_sk.qm b/deploy/data/linux/client/translations/qtbase_sk.qm
new file mode 100755
index 00000000..55a377e9
Binary files /dev/null and b/deploy/data/linux/client/translations/qtbase_sk.qm differ
diff --git a/deploy/data/linux/client/translations/qtbase_tr.qm b/deploy/data/linux/client/translations/qtbase_tr.qm
new file mode 100755
index 00000000..3d289bb4
Binary files /dev/null and b/deploy/data/linux/client/translations/qtbase_tr.qm differ
diff --git a/deploy/data/linux/client/translations/qtbase_uk.qm b/deploy/data/linux/client/translations/qtbase_uk.qm
new file mode 100755
index 00000000..21a30389
Binary files /dev/null and b/deploy/data/linux/client/translations/qtbase_uk.qm differ
diff --git a/deploy/data/linux/client/translations/qtbase_zh_TW.qm b/deploy/data/linux/client/translations/qtbase_zh_TW.qm
new file mode 100755
index 00000000..62052980
Binary files /dev/null and b/deploy/data/linux/client/translations/qtbase_zh_TW.qm differ
diff --git a/deploy/data/linux/client/translations/qtdeclarative_bg.qm b/deploy/data/linux/client/translations/qtdeclarative_bg.qm
new file mode 100755
index 00000000..7e49f829
Binary files /dev/null and b/deploy/data/linux/client/translations/qtdeclarative_bg.qm differ
diff --git a/deploy/data/linux/client/translations/qtdeclarative_da.qm b/deploy/data/linux/client/translations/qtdeclarative_da.qm
new file mode 100755
index 00000000..0dabc6b3
Binary files /dev/null and b/deploy/data/linux/client/translations/qtdeclarative_da.qm differ
diff --git a/deploy/data/linux/client/translations/qtdeclarative_de.qm b/deploy/data/linux/client/translations/qtdeclarative_de.qm
new file mode 100755
index 00000000..ed7bd249
Binary files /dev/null and b/deploy/data/linux/client/translations/qtdeclarative_de.qm differ
diff --git a/deploy/data/linux/client/translations/qtdeclarative_en.qm b/deploy/data/linux/client/translations/qtdeclarative_en.qm
new file mode 100755
index 00000000..be651eed
--- /dev/null
+++ b/deploy/data/linux/client/translations/qtdeclarative_en.qm
@@ -0,0 +1 @@
+<�d��!�`���
\ No newline at end of file
diff --git a/deploy/data/linux/client/translations/qtdeclarative_es.qm b/deploy/data/linux/client/translations/qtdeclarative_es.qm
new file mode 100755
index 00000000..da67b7f7
Binary files /dev/null and b/deploy/data/linux/client/translations/qtdeclarative_es.qm differ
diff --git a/deploy/data/linux/client/translations/qtdeclarative_fi.qm b/deploy/data/linux/client/translations/qtdeclarative_fi.qm
new file mode 100755
index 00000000..cdd21cd8
Binary files /dev/null and b/deploy/data/linux/client/translations/qtdeclarative_fi.qm differ
diff --git a/deploy/data/linux/client/translations/qtdeclarative_fr.qm b/deploy/data/linux/client/translations/qtdeclarative_fr.qm
new file mode 100755
index 00000000..22705a63
Binary files /dev/null and b/deploy/data/linux/client/translations/qtdeclarative_fr.qm differ
diff --git a/deploy/data/linux/client/translations/qtdeclarative_hu.qm b/deploy/data/linux/client/translations/qtdeclarative_hu.qm
new file mode 100755
index 00000000..c554a4fd
Binary files /dev/null and b/deploy/data/linux/client/translations/qtdeclarative_hu.qm differ
diff --git a/deploy/data/linux/client/translations/qtdeclarative_ja.qm b/deploy/data/linux/client/translations/qtdeclarative_ja.qm
new file mode 100755
index 00000000..ff73ef1c
Binary files /dev/null and b/deploy/data/linux/client/translations/qtdeclarative_ja.qm differ
diff --git a/deploy/data/linux/client/translations/qtdeclarative_ko.qm b/deploy/data/linux/client/translations/qtdeclarative_ko.qm
new file mode 100755
index 00000000..0b38a861
Binary files /dev/null and b/deploy/data/linux/client/translations/qtdeclarative_ko.qm differ
diff --git a/deploy/data/linux/client/translations/qtdeclarative_lv.qm b/deploy/data/linux/client/translations/qtdeclarative_lv.qm
new file mode 100755
index 00000000..7e88b0dc
Binary files /dev/null and b/deploy/data/linux/client/translations/qtdeclarative_lv.qm differ
diff --git a/deploy/data/linux/client/translations/qtdeclarative_pl.qm b/deploy/data/linux/client/translations/qtdeclarative_pl.qm
new file mode 100755
index 00000000..0fbf88f3
Binary files /dev/null and b/deploy/data/linux/client/translations/qtdeclarative_pl.qm differ
diff --git a/deploy/data/linux/client/translations/qtdeclarative_ru.qm b/deploy/data/linux/client/translations/qtdeclarative_ru.qm
new file mode 100755
index 00000000..57b513fc
Binary files /dev/null and b/deploy/data/linux/client/translations/qtdeclarative_ru.qm differ
diff --git a/deploy/data/linux/client/translations/qtdeclarative_sk.qm b/deploy/data/linux/client/translations/qtdeclarative_sk.qm
new file mode 100755
index 00000000..d6d21ad0
Binary files /dev/null and b/deploy/data/linux/client/translations/qtdeclarative_sk.qm differ
diff --git a/deploy/data/linux/client/translations/qtdeclarative_tr.qm b/deploy/data/linux/client/translations/qtdeclarative_tr.qm
new file mode 100755
index 00000000..57179ea7
Binary files /dev/null and b/deploy/data/linux/client/translations/qtdeclarative_tr.qm differ
diff --git a/deploy/data/linux/client/translations/qtdeclarative_uk.qm b/deploy/data/linux/client/translations/qtdeclarative_uk.qm
new file mode 100755
index 00000000..4730edd4
Binary files /dev/null and b/deploy/data/linux/client/translations/qtdeclarative_uk.qm differ
diff --git a/deploy/data/linux/client/translations/qtmultimedia_ar.qm b/deploy/data/linux/client/translations/qtmultimedia_ar.qm
new file mode 100755
index 00000000..8422ab3b
Binary files /dev/null and b/deploy/data/linux/client/translations/qtmultimedia_ar.qm differ
diff --git a/deploy/data/linux/client/translations/qtmultimedia_bg.qm b/deploy/data/linux/client/translations/qtmultimedia_bg.qm
new file mode 100755
index 00000000..d3bd8251
Binary files /dev/null and b/deploy/data/linux/client/translations/qtmultimedia_bg.qm differ
diff --git a/deploy/data/linux/client/translations/qtmultimedia_ca.qm b/deploy/data/linux/client/translations/qtmultimedia_ca.qm
new file mode 100755
index 00000000..145a5c64
Binary files /dev/null and b/deploy/data/linux/client/translations/qtmultimedia_ca.qm differ
diff --git a/deploy/data/linux/client/translations/qtmultimedia_cs.qm b/deploy/data/linux/client/translations/qtmultimedia_cs.qm
new file mode 100755
index 00000000..106a5e4d
Binary files /dev/null and b/deploy/data/linux/client/translations/qtmultimedia_cs.qm differ
diff --git a/deploy/data/linux/client/translations/qtmultimedia_da.qm b/deploy/data/linux/client/translations/qtmultimedia_da.qm
new file mode 100755
index 00000000..93247328
Binary files /dev/null and b/deploy/data/linux/client/translations/qtmultimedia_da.qm differ
diff --git a/deploy/data/linux/client/translations/qtmultimedia_de.qm b/deploy/data/linux/client/translations/qtmultimedia_de.qm
new file mode 100755
index 00000000..257aa5de
Binary files /dev/null and b/deploy/data/linux/client/translations/qtmultimedia_de.qm differ
diff --git a/deploy/data/linux/client/translations/qtmultimedia_en.qm b/deploy/data/linux/client/translations/qtmultimedia_en.qm
new file mode 100755
index 00000000..be651eed
--- /dev/null
+++ b/deploy/data/linux/client/translations/qtmultimedia_en.qm
@@ -0,0 +1 @@
+<�d��!�`���
\ No newline at end of file
diff --git a/deploy/data/linux/client/translations/qtmultimedia_es.qm b/deploy/data/linux/client/translations/qtmultimedia_es.qm
new file mode 100755
index 00000000..fe500a09
Binary files /dev/null and b/deploy/data/linux/client/translations/qtmultimedia_es.qm differ
diff --git a/deploy/data/linux/client/translations/qtmultimedia_fi.qm b/deploy/data/linux/client/translations/qtmultimedia_fi.qm
new file mode 100755
index 00000000..2a391971
Binary files /dev/null and b/deploy/data/linux/client/translations/qtmultimedia_fi.qm differ
diff --git a/deploy/data/linux/client/translations/qtmultimedia_fr.qm b/deploy/data/linux/client/translations/qtmultimedia_fr.qm
new file mode 100755
index 00000000..da412e89
Binary files /dev/null and b/deploy/data/linux/client/translations/qtmultimedia_fr.qm differ
diff --git a/deploy/data/linux/client/translations/qtmultimedia_hu.qm b/deploy/data/linux/client/translations/qtmultimedia_hu.qm
new file mode 100755
index 00000000..9437a8ad
Binary files /dev/null and b/deploy/data/linux/client/translations/qtmultimedia_hu.qm differ
diff --git a/deploy/data/linux/client/translations/qtmultimedia_it.qm b/deploy/data/linux/client/translations/qtmultimedia_it.qm
new file mode 100755
index 00000000..c1060bfb
Binary files /dev/null and b/deploy/data/linux/client/translations/qtmultimedia_it.qm differ
diff --git a/deploy/data/linux/client/translations/qtmultimedia_ja.qm b/deploy/data/linux/client/translations/qtmultimedia_ja.qm
new file mode 100755
index 00000000..87af0b9b
Binary files /dev/null and b/deploy/data/linux/client/translations/qtmultimedia_ja.qm differ
diff --git a/deploy/data/linux/client/translations/qtmultimedia_ko.qm b/deploy/data/linux/client/translations/qtmultimedia_ko.qm
new file mode 100755
index 00000000..a48156e4
Binary files /dev/null and b/deploy/data/linux/client/translations/qtmultimedia_ko.qm differ
diff --git a/deploy/data/linux/client/translations/qtmultimedia_pl.qm b/deploy/data/linux/client/translations/qtmultimedia_pl.qm
new file mode 100755
index 00000000..09f3a4af
Binary files /dev/null and b/deploy/data/linux/client/translations/qtmultimedia_pl.qm differ
diff --git a/deploy/data/linux/client/translations/qtmultimedia_ru.qm b/deploy/data/linux/client/translations/qtmultimedia_ru.qm
new file mode 100755
index 00000000..d6baa83b
Binary files /dev/null and b/deploy/data/linux/client/translations/qtmultimedia_ru.qm differ
diff --git a/deploy/data/linux/client/translations/qtmultimedia_sk.qm b/deploy/data/linux/client/translations/qtmultimedia_sk.qm
new file mode 100755
index 00000000..b9638b53
Binary files /dev/null and b/deploy/data/linux/client/translations/qtmultimedia_sk.qm differ
diff --git a/deploy/data/linux/client/translations/qtmultimedia_tr.qm b/deploy/data/linux/client/translations/qtmultimedia_tr.qm
new file mode 100755
index 00000000..5c2646f7
Binary files /dev/null and b/deploy/data/linux/client/translations/qtmultimedia_tr.qm differ
diff --git a/deploy/data/linux/client/translations/qtmultimedia_uk.qm b/deploy/data/linux/client/translations/qtmultimedia_uk.qm
new file mode 100755
index 00000000..501246e2
Binary files /dev/null and b/deploy/data/linux/client/translations/qtmultimedia_uk.qm differ
diff --git a/deploy/data/linux/client/translations/qtmultimedia_zh_TW.qm b/deploy/data/linux/client/translations/qtmultimedia_zh_TW.qm
new file mode 100755
index 00000000..fb4a9f82
Binary files /dev/null and b/deploy/data/linux/client/translations/qtmultimedia_zh_TW.qm differ
diff --git a/deploy/data/linux/post_install.sh b/deploy/data/linux/post_install.sh
old mode 100644
new mode 100755
index a2707a8e..12e7421a
--- a/deploy/data/linux/post_install.sh
+++ b/deploy/data/linux/post_install.sh
@@ -26,14 +26,14 @@ if sudo systemctl is-active --quiet $APP_NAME; then
 fi
 
 sudo chmod +x $APP_PATH/client/bin/easyrsa >> $LOG_FILE
+sudo chmod --- $APP_PATH/client/bin/update-resolv-conf.sh
+sudo chmod +rx $APP_PATH/client/bin/update-resolv-conf.sh
 
 sudo cp $APP_PATH/service/$APP_NAME.service /etc/systemd/system/ >> $LOG_FILE
 
-sudo ln -s $APP_PATH/client/lib/* /usr/lib/ >> $LOG_FILE
-
 sudo systemctl start $APP_NAME >> $LOG_FILE
 sudo systemctl enable $APP_NAME >> $LOG_FILE
-sudo ln -s $APP_PATH/client/bin/$APP_NAME /usr/sbin/ >> $LOG_FILE
+sudo ln -s $APP_PATH/client/$APP_NAME.sh /usr/sbin/$APP_NAME >> $LOG_FILE
 
 
 echo "user desktop creation loop started" >> $LOG_FILE
diff --git a/deploy/data/linux/post_uninstall.sh b/deploy/data/linux/post_uninstall.sh
old mode 100644
new mode 100755
index 34b77b69..acf09028
--- a/deploy/data/linux/post_uninstall.sh
+++ b/deploy/data/linux/post_uninstall.sh
@@ -41,6 +41,10 @@ if test -f /usr/sbin/$APP_NAME; then
         sudo rm -rf /usr/sbin/$APP_NAME >> $LOG_FILE
 fi
 
+if test -f /usr/sbin/$APP_NAME-service; then
+        sudo rm -rf /usr/sbin/$APP_NAME-service >> $LOG_FILE
+fi
+
 getent passwd {1000..6000} | while IFS=: read -r name password uid gid gecos home shell; do
 	if test -f /home/$name/Desktop/$APP_NAME\ client.desktop; then
 		sudo rm -rf /home/$name/Desktop/$APP_NAME\ client.desktop >> $LOG_FILE
diff --git a/deploy/data/linux/service/AmneziaVPN-service.sh b/deploy/data/linux/service/AmneziaVPN-service.sh
new file mode 100755
index 00000000..8d162263
--- /dev/null
+++ b/deploy/data/linux/service/AmneziaVPN-service.sh
@@ -0,0 +1,37 @@
+#!/bin/sh
+
+# This is default bat run script of The CQtDeployer project.
+# This file contains key word that will replaced after deploy project.
+#
+# ####################################################################
+#
+# All variables has the CQT_ prefix
+# BIN_PATH - are releative path to executable files of a deployed distribution.
+# LIB_PATH - are releative path to libraryes of a deployed distribution.
+# QML_PATH - are releative path to qml libraryes of a deployed distribution.
+# PLUGIN_PATH - are releative path to qt plugins of a deployed distribution.
+# BIN_PATH - are releative path to targets of a deployed distribution.
+
+# SYSTEM_LIB_PATH - are releative path to system libraryes of a deployed distribution.
+# BASE_NAME - are base name of the executable that will be launched after run this script.
+# CUSTOM_SCRIPT_BLOCK - This is code from the customScript option
+# RUN_COMMAND - This is command for run application. Requred BASE_DIR variable.
+#
+# ####################################################################
+
+BASE_DIR=$(dirname "$(readlink -f "$0")")
+export PATH="$BASE_DIR"/bin/:$PATH
+export LD_LIBRARY_PATH="$BASE_DIR"/lib/:"$BASE_DIR":$LD_LIBRARY_PATH
+export QML_IMPORT_PATH="$BASE_DIR"/qml/:$QML_IMPORT_PATH
+export QML2_IMPORT_PATH="$BASE_DIR"/qml/:$QML2_IMPORT_PATH
+export QT_PLUGIN_PATH="$BASE_DIR"/plugins/:$QT_PLUGIN_PATH
+export QTWEBENGINEPROCESS_PATH="$BASE_DIR"/bin//QtWebEngineProcess
+export QTDIR="$BASE_DIR"
+export CQT_PKG_ROOT="$BASE_DIR"
+export CQT_RUN_FILE="$BASE_DIR/AmneziaVPN-service.sh"
+
+export QT_QPA_PLATFORM_PLUGIN_PATH="$BASE_DIR"/plugins//platforms:$QT_QPA_PLATFORM_PLUGIN_PATH
+
+
+
+"$BASE_DIR/bin/AmneziaVPN-service" "$@" 
diff --git a/deploy/data/linux/service/AmneziaVPN.service b/deploy/data/linux/service/AmneziaVPN.service
old mode 100644
new mode 100755
index 5050694f..e20e1c1c
--- a/deploy/data/linux/service/AmneziaVPN.service
+++ b/deploy/data/linux/service/AmneziaVPN.service
@@ -8,6 +8,7 @@ Type=simple
 Restart=always
 RestartSec=1
 ExecStart=/opt/AmneziaVPN/service/bin/AmneziaVPN-service
+Environment="LD_LIBRARY_PATH=/opt/AmneziaVPN/client/lib/"
 
 [Install]
 WantedBy=multi-user.target
diff --git a/deploy/data/linux/service/bin/qt.conf b/deploy/data/linux/service/bin/qt.conf
new file mode 100755
index 00000000..7fc8a3c5
--- /dev/null
+++ b/deploy/data/linux/service/bin/qt.conf
@@ -0,0 +1,7 @@
+[Paths]
+Prefix= ./../
+Libraries= ./lib/
+Plugins= ./plugins/
+Imports= ./qml/
+Translations= ./translations/
+Qml2Imports= ./qml/
diff --git a/deploy/data/linux/service/share/applications/AmneziaVPN_build.desktop b/deploy/data/linux/service/share/applications/AmneziaVPN_build.desktop
old mode 100644
new mode 100755
diff --git a/deploy/data/linux/service/translations/qt_ar.qm b/deploy/data/linux/service/translations/qt_ar.qm
new file mode 100755
index 00000000..1e9227a1
Binary files /dev/null and b/deploy/data/linux/service/translations/qt_ar.qm differ
diff --git a/deploy/data/linux/service/translations/qt_bg.qm b/deploy/data/linux/service/translations/qt_bg.qm
new file mode 100755
index 00000000..dcec255a
Binary files /dev/null and b/deploy/data/linux/service/translations/qt_bg.qm differ
diff --git a/deploy/data/linux/service/translations/qt_ca.qm b/deploy/data/linux/service/translations/qt_ca.qm
new file mode 100755
index 00000000..0b798e5a
Binary files /dev/null and b/deploy/data/linux/service/translations/qt_ca.qm differ
diff --git a/deploy/data/linux/service/translations/qt_cs.qm b/deploy/data/linux/service/translations/qt_cs.qm
new file mode 100755
index 00000000..3ab5ca70
Binary files /dev/null and b/deploy/data/linux/service/translations/qt_cs.qm differ
diff --git a/deploy/data/linux/service/translations/qt_da.qm b/deploy/data/linux/service/translations/qt_da.qm
new file mode 100755
index 00000000..67564968
Binary files /dev/null and b/deploy/data/linux/service/translations/qt_da.qm differ
diff --git a/deploy/data/linux/service/translations/qt_de.qm b/deploy/data/linux/service/translations/qt_de.qm
new file mode 100755
index 00000000..9c8e9b49
Binary files /dev/null and b/deploy/data/linux/service/translations/qt_de.qm differ
diff --git a/deploy/data/linux/service/translations/qt_en.qm b/deploy/data/linux/service/translations/qt_en.qm
new file mode 100755
index 00000000..9dad8dff
Binary files /dev/null and b/deploy/data/linux/service/translations/qt_en.qm differ
diff --git a/deploy/data/linux/service/translations/qt_es.qm b/deploy/data/linux/service/translations/qt_es.qm
new file mode 100755
index 00000000..82012dac
Binary files /dev/null and b/deploy/data/linux/service/translations/qt_es.qm differ
diff --git a/deploy/data/linux/service/translations/qt_fi.qm b/deploy/data/linux/service/translations/qt_fi.qm
new file mode 100755
index 00000000..2548cca1
Binary files /dev/null and b/deploy/data/linux/service/translations/qt_fi.qm differ
diff --git a/deploy/data/linux/service/translations/qt_fr.qm b/deploy/data/linux/service/translations/qt_fr.qm
new file mode 100755
index 00000000..8353f0a9
Binary files /dev/null and b/deploy/data/linux/service/translations/qt_fr.qm differ
diff --git a/deploy/data/linux/service/translations/qt_gd.qm b/deploy/data/linux/service/translations/qt_gd.qm
new file mode 100755
index 00000000..fd7eecdb
Binary files /dev/null and b/deploy/data/linux/service/translations/qt_gd.qm differ
diff --git a/deploy/data/linux/service/translations/qt_he.qm b/deploy/data/linux/service/translations/qt_he.qm
new file mode 100755
index 00000000..e15d45e5
Binary files /dev/null and b/deploy/data/linux/service/translations/qt_he.qm differ
diff --git a/deploy/data/linux/service/translations/qt_hu.qm b/deploy/data/linux/service/translations/qt_hu.qm
new file mode 100755
index 00000000..b51bd1a3
Binary files /dev/null and b/deploy/data/linux/service/translations/qt_hu.qm differ
diff --git a/deploy/data/linux/service/translations/qt_it.qm b/deploy/data/linux/service/translations/qt_it.qm
new file mode 100755
index 00000000..0d9d17d3
Binary files /dev/null and b/deploy/data/linux/service/translations/qt_it.qm differ
diff --git a/deploy/data/linux/service/translations/qt_ja.qm b/deploy/data/linux/service/translations/qt_ja.qm
new file mode 100755
index 00000000..74409b1a
Binary files /dev/null and b/deploy/data/linux/service/translations/qt_ja.qm differ
diff --git a/deploy/data/linux/service/translations/qt_ko.qm b/deploy/data/linux/service/translations/qt_ko.qm
new file mode 100755
index 00000000..a46b8a0b
Binary files /dev/null and b/deploy/data/linux/service/translations/qt_ko.qm differ
diff --git a/deploy/data/linux/service/translations/qt_lv.qm b/deploy/data/linux/service/translations/qt_lv.qm
new file mode 100755
index 00000000..c1dbfbd2
Binary files /dev/null and b/deploy/data/linux/service/translations/qt_lv.qm differ
diff --git a/deploy/data/linux/service/translations/qt_pl.qm b/deploy/data/linux/service/translations/qt_pl.qm
new file mode 100755
index 00000000..0909204f
Binary files /dev/null and b/deploy/data/linux/service/translations/qt_pl.qm differ
diff --git a/deploy/data/linux/service/translations/qt_ru.qm b/deploy/data/linux/service/translations/qt_ru.qm
new file mode 100755
index 00000000..791bfc41
Binary files /dev/null and b/deploy/data/linux/service/translations/qt_ru.qm differ
diff --git a/deploy/data/linux/service/translations/qt_sk.qm b/deploy/data/linux/service/translations/qt_sk.qm
new file mode 100755
index 00000000..215d2340
Binary files /dev/null and b/deploy/data/linux/service/translations/qt_sk.qm differ
diff --git a/deploy/data/linux/service/translations/qt_uk.qm b/deploy/data/linux/service/translations/qt_uk.qm
new file mode 100755
index 00000000..88c43620
Binary files /dev/null and b/deploy/data/linux/service/translations/qt_uk.qm differ
diff --git a/deploy/data/linux/service/translations/qt_zh_TW.qm b/deploy/data/linux/service/translations/qt_zh_TW.qm
new file mode 100755
index 00000000..051b516a
Binary files /dev/null and b/deploy/data/linux/service/translations/qt_zh_TW.qm differ
diff --git a/deploy/data/linux/service/translations/qtbase_ar.qm b/deploy/data/linux/service/translations/qtbase_ar.qm
new file mode 100755
index 00000000..32861b81
Binary files /dev/null and b/deploy/data/linux/service/translations/qtbase_ar.qm differ
diff --git a/deploy/data/linux/service/translations/qtbase_bg.qm b/deploy/data/linux/service/translations/qtbase_bg.qm
new file mode 100755
index 00000000..faeb1676
Binary files /dev/null and b/deploy/data/linux/service/translations/qtbase_bg.qm differ
diff --git a/deploy/data/linux/service/translations/qtbase_ca.qm b/deploy/data/linux/service/translations/qtbase_ca.qm
new file mode 100755
index 00000000..20b751d4
Binary files /dev/null and b/deploy/data/linux/service/translations/qtbase_ca.qm differ
diff --git a/deploy/data/linux/service/translations/qtbase_cs.qm b/deploy/data/linux/service/translations/qtbase_cs.qm
new file mode 100755
index 00000000..459ef266
Binary files /dev/null and b/deploy/data/linux/service/translations/qtbase_cs.qm differ
diff --git a/deploy/data/linux/service/translations/qtbase_da.qm b/deploy/data/linux/service/translations/qtbase_da.qm
new file mode 100755
index 00000000..4ede24b4
Binary files /dev/null and b/deploy/data/linux/service/translations/qtbase_da.qm differ
diff --git a/deploy/data/linux/service/translations/qtbase_de.qm b/deploy/data/linux/service/translations/qtbase_de.qm
new file mode 100755
index 00000000..4a4c988e
Binary files /dev/null and b/deploy/data/linux/service/translations/qtbase_de.qm differ
diff --git a/deploy/data/linux/service/translations/qtbase_en.qm b/deploy/data/linux/service/translations/qtbase_en.qm
new file mode 100755
index 00000000..be651eed
--- /dev/null
+++ b/deploy/data/linux/service/translations/qtbase_en.qm
@@ -0,0 +1 @@
+<�d��!�`���
\ No newline at end of file
diff --git a/deploy/data/linux/service/translations/qtbase_es.qm b/deploy/data/linux/service/translations/qtbase_es.qm
new file mode 100755
index 00000000..1a131578
Binary files /dev/null and b/deploy/data/linux/service/translations/qtbase_es.qm differ
diff --git a/deploy/data/linux/service/translations/qtbase_fi.qm b/deploy/data/linux/service/translations/qtbase_fi.qm
new file mode 100755
index 00000000..934aecdd
Binary files /dev/null and b/deploy/data/linux/service/translations/qtbase_fi.qm differ
diff --git a/deploy/data/linux/service/translations/qtbase_fr.qm b/deploy/data/linux/service/translations/qtbase_fr.qm
new file mode 100755
index 00000000..009fb5a4
Binary files /dev/null and b/deploy/data/linux/service/translations/qtbase_fr.qm differ
diff --git a/deploy/data/linux/service/translations/qtbase_gd.qm b/deploy/data/linux/service/translations/qtbase_gd.qm
new file mode 100755
index 00000000..3fe3841c
Binary files /dev/null and b/deploy/data/linux/service/translations/qtbase_gd.qm differ
diff --git a/deploy/data/linux/service/translations/qtbase_he.qm b/deploy/data/linux/service/translations/qtbase_he.qm
new file mode 100755
index 00000000..95ed0c70
Binary files /dev/null and b/deploy/data/linux/service/translations/qtbase_he.qm differ
diff --git a/deploy/data/linux/service/translations/qtbase_hu.qm b/deploy/data/linux/service/translations/qtbase_hu.qm
new file mode 100755
index 00000000..e4920a63
Binary files /dev/null and b/deploy/data/linux/service/translations/qtbase_hu.qm differ
diff --git a/deploy/data/linux/service/translations/qtbase_it.qm b/deploy/data/linux/service/translations/qtbase_it.qm
new file mode 100755
index 00000000..a0205781
Binary files /dev/null and b/deploy/data/linux/service/translations/qtbase_it.qm differ
diff --git a/deploy/data/linux/service/translations/qtbase_ja.qm b/deploy/data/linux/service/translations/qtbase_ja.qm
new file mode 100755
index 00000000..9cf6069e
Binary files /dev/null and b/deploy/data/linux/service/translations/qtbase_ja.qm differ
diff --git a/deploy/data/linux/service/translations/qtbase_ko.qm b/deploy/data/linux/service/translations/qtbase_ko.qm
new file mode 100755
index 00000000..20e4661c
Binary files /dev/null and b/deploy/data/linux/service/translations/qtbase_ko.qm differ
diff --git a/deploy/data/linux/service/translations/qtbase_lv.qm b/deploy/data/linux/service/translations/qtbase_lv.qm
new file mode 100755
index 00000000..f88a761f
Binary files /dev/null and b/deploy/data/linux/service/translations/qtbase_lv.qm differ
diff --git a/deploy/data/linux/service/translations/qtbase_pl.qm b/deploy/data/linux/service/translations/qtbase_pl.qm
new file mode 100755
index 00000000..28d4d8fe
Binary files /dev/null and b/deploy/data/linux/service/translations/qtbase_pl.qm differ
diff --git a/deploy/data/linux/service/translations/qtbase_ru.qm b/deploy/data/linux/service/translations/qtbase_ru.qm
new file mode 100755
index 00000000..c1a22864
Binary files /dev/null and b/deploy/data/linux/service/translations/qtbase_ru.qm differ
diff --git a/deploy/data/linux/service/translations/qtbase_sk.qm b/deploy/data/linux/service/translations/qtbase_sk.qm
new file mode 100755
index 00000000..55a377e9
Binary files /dev/null and b/deploy/data/linux/service/translations/qtbase_sk.qm differ
diff --git a/deploy/data/linux/service/translations/qtbase_tr.qm b/deploy/data/linux/service/translations/qtbase_tr.qm
new file mode 100755
index 00000000..3d289bb4
Binary files /dev/null and b/deploy/data/linux/service/translations/qtbase_tr.qm differ
diff --git a/deploy/data/linux/service/translations/qtbase_uk.qm b/deploy/data/linux/service/translations/qtbase_uk.qm
new file mode 100755
index 00000000..21a30389
Binary files /dev/null and b/deploy/data/linux/service/translations/qtbase_uk.qm differ
diff --git a/deploy/data/linux/service/translations/qtbase_zh_TW.qm b/deploy/data/linux/service/translations/qtbase_zh_TW.qm
new file mode 100755
index 00000000..62052980
Binary files /dev/null and b/deploy/data/linux/service/translations/qtbase_zh_TW.qm differ